[Beowulf] anyone using SALT on your clusters?

Greg Lindahl lindahl at pbm.com
Tue Jul 2 16:18:53 PDT 2013


On Tue, Jul 02, 2013 at 10:54:14AM -0400, Joe Landman wrote:

> One argument which is easy to make for salt, which I didn't see anyone 
> make is, it lets you lower your risk by removing the ssh daemon.

You mean raise your risk, because the ssh equivalent in the pub-sub
world is going to be less audited and more risky. 

To quote the article:

| 0mq does not natively support encryption, so Salt includes its own AES
| implementation that it uses to protect its payloads. Recently, a flaw
| was discovered in this code along with several other remote
| vulnerabilities. Ansible is largely immune to such issues because its
| default configuration uses standard SSH

-- greg





More information about the Beowulf mailing list