On 03/21/2017 03:40 AM, [email protected] wrote:
Sorry to piggyback on the thread, but I've been meaning to ask this. Have there been any notable usecases of end users using salt to coordinate Qubes VM lifecycles with salt, and orchestra/publish them into services? I imagine something like Joanna/Marek's <https://github.com/QubesOS/qubes-app-linux-pdf-converter>qubes-app-linux-pdf-converter <https://github.com/QubesOS/qubes-app-linux-pdf-converter> which coordinates multiple VMs to produce a stronger security guarantee than a single VM could produce.
I haven't seen any expressed on the lists.
I am unfamiliar with the structure of salt formulas and pillars, or whether the end goal of a salt configuration can be to publish some service endpoint (though I'd imagine the answer is yes), nor am I certain the exact use salt has seen in qubes so far (it has been my impression that salt helps compose qubes VMs in a way not fully encouraged for end user, but looking at the documentation that might have simply been my impression given my level of understanding at the time - it certainly seemed intimidating.) What I'm more familiar with is Docker, where most configuration management is done via Docker file, and coordination is done through Docker-Compose declarations.
Let me be the first to admit that salt appears difficult to understand at first. Their documentation drives me up the wall. It strikes me as the kind of project that gained followers early when it was still easy to grasp, then built up an obscurantist mindset.
Ansible is much easier to understand, IMHO.
Maybe I can show you guys such a file and see if Salt can do similar tasks? This <https://github.com/haugene/docker-transmission-openvpn/blob/master/docker-compose.yml>
...
Anyways, this is all kind of all over the place, and might need to be posed elsewhere, but I'm just wondering whether salt as deployed on qubes can covers these kinds of usecases in a fairly light weight way.
Salt probably does cover them. But I suspect Qubists have looked at the salt concepts and syntax and decided its not yet worth the effort.
-- Chris Laprise, [email protected] https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/baed1035-b11d-07be-504c-8ad960dbb152%40openmailbox.org. For more options, visit https://groups.google.com/d/optout.
