[Beowulf] anyone using SALT on your clusters?
lindahl at pbm.com
Tue Jul 2 16:18:53 PDT 2013
On Tue, Jul 02, 2013 at 10:54:14AM -0400, Joe Landman wrote:
> One argument which is easy to make for salt, which I didn't see anyone
> make is, it lets you lower your risk by removing the ssh daemon.
You mean raise your risk, because the ssh equivalent in the pub-sub
world is going to be less audited and more risky.
To quote the article:
| 0mq does not natively support encryption, so Salt includes its own AES
| implementation that it uses to protect its payloads. Recently, a flaw
| was discovered in this code along with several other remote
| vulnerabilities. Ansible is largely immune to such issues because its
| default configuration uses standard SSH
More information about the Beowulf