[openstack-dev] Unified Guest Agent proposal

Robert Collins robertc at robertcollins.net
Sun Dec 8 05:36:44 UTC 2013

On 8 December 2013 17:23, Monty Taylor <mordred at inaugust.com> wrote:

> I suggested salt because we could very easily make trove and savana into
> salt masters (if we wanted to) just by having them import salt library
> and run an api call. When they spin up nodes using heat, we could easily
> have that to the cert exchange - and the admins of the site need not
> know _anything_ about salt, puppet or chef - only about trove or savana.

Are salt masters multi-master / HA safe?

E.g. if I've deployed 5 savanna API servers to handle load, and they
all do this 'just import', does that work?

If not, and we have to have one special one, what happens when it
fails / is redeployed?

Can salt minions affect each other? Could one pretend to be a master,
or snoop requests/responses to another minion?

Is salt limited: is it possible to assert that we *cannot* run
arbitrary code over salt?


Robert Collins <rbtcollins at hp.com>
Distinguished Technologist
HP Converged Cloud

More information about the OpenStack-dev mailing list