[nycbug-talk] SaltStack and Ansible experience?

Bob Ippolito bob at redivi.com
Fri Jul 26 11:51:23 EDT 2013 

On Friday, July 26, 2013, Charles Sprickman wrote:

> On Jul 25, 2013, at 7:03 PM, Bob Ippolito wrote:
>
> I started playing around with Ansible yesterday. I like it so far
> (compared to prior experience with Puppet). Haven't tried to do BSD-centric
> things with it, but seems easy enough to extend if you need to. I looked at
> SaltStack as well, but the fact that they decided to build a broken
> cryptosystem themselves worries me. I have heard good things about it
> otherwise.
>
>
> Can you elaborate on that last part?
>
> Is it this issue?
>
> https://github.com/saltstack/salt/issues/2239
>
> In my use case, that's not a likely threat, but for those using it to
> manage multiple locations over a public network or to manage things in "the
> cloud" I imagine it's more problematic.
>
> Charles
>

It's an example of bad decision making to try and build your own crypto
system without the right expertise. Even with the right expertise, it's
probably still a poor decision.

You're right that it's not a "likely threat" to get attacked even if
there's no transport security at all, but that's not a good excuse these
days.


>
>
>
> On Thu, Jul 25, 2013 at 3:55 PM, Bill Totman <billtotman at billtotman.com<javascript:_e({}, 'cvml', 'billtotman at billtotman.com');>
> > wrote:
>
>> On 7/25/13 6:49 PM, "Pete Wright" <pete at nomadlogic.org<javascript:_e({}, 'cvml', 'pete at nomadlogic.org');>>
>> wrote:
>>
>>
>> >On 07/25/13 15:43, Charles Sprickman wrote:
>> >> While looking through the wikipedia list of configuration management
>> >>software[1], I noticed a few new entrants that appear to have some
>> >>momentum, Ansible[2] and SaltStack[3].  Both appear to have a fair
>> >>amount of support for the *BSDs.  Both are python based.
>> >>
>> >> For example, looking at SaltStack's list of modules[4], I see support
>> >>for lots of FreeBSD features: using pkgng (like full support - upgrading
>> >>a package, fetching current package options, making a backup of an
>> >>installed package), poudriere (trigger a bulk build, list/create jails
>> >>and ports trees), and jails.
>> >>
>> >> Anyone here use either of these?  Ideally I'd like something a bit
>> >>lighter, but SaltStack is intriguing so far.  I also need to see what
>> >>Puppet currently looks like, but the few BSD-centric reviews I've seen
>> >>of SaltStack and Ansible both note that support for at least FreeBSD is
>> >>better than in Puppet-land and that both projects are happy to take
>> >>patches.
>> >>
>> >
>> >I am a pretty big fan of Ansible - and the primary dev behind it was
>> >also they guy responsible for cobbler and func (and worked at puppetlabs
>> >in a key position for a while as well).
>> >
>> >i've been a long time user of cobbler and func in small and *very* large
>> >environments and have been quite happy with the quality of code and its
>> >extensibility.  ansible seems to have the same DNA and community that
>> >was built around cobbler, so i strongly suggest giving it a serious look.
>> >
>> >-p
>> >
>> >
>> >--
>> >Pete Wright
>> >pete at nomadlogic.org <javascript:_e({}, 'cvml', 'pete at nomadlogic.org');>
>> >twitter => @nomadlogicLA
>> >
>> >_______________________________________________
>> >talk mailing list
>> >talk at lists.nycbug.org <javascript:_e({}, 'cvml',
>> 'talk at lists.nycbug.org');>
>> >http://lists.nycbug.org/mailman/listinfo/talk
>>
>>
>> The May NYC*BUG was about Ansible (it was very good by way):
>>
>> http://www.nycbug.org/?action=home&id=10335
>>
>>
>>
>> -bt
>>
>>
>> _______________________________________________
>> talk mailing list
>> talk at lists.nycbug.org <javascript:_e({}, 'cvml',
>> 'talk at lists.nycbug.org');>
>> http://lists.nycbug.org/mailman/listinfo/talk
>>
>
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org <javascript:_e({}, 'cvml',
> 'talk at lists.nycbug.org');>
> http://lists.nycbug.org/mailman/listinfo/talk
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nycbug.org/pipermail/talk/attachments/20130726/78d3b37d/attachment.html>

More information about the talk mailing list