Hello, (@Theo: sorry for sending this as a private reply first!) Am Donnerstag, 6. Oktober 2016, 14:28:56 CEST schrieb Theo Chatzimichos:
I created a jeos image [1] that can be used for the opensuse.org VMs.
Feel free to review/test/suggest. I plan to merge it and start using it on Monday if there will be no objections
42.1 is terribly old ;-) - what about using 42.2 for new VMs? I know 42.2 is still in beta, but that shouldn't stop us from using it already ;-) [1] I had a quick look at the image. Looks good, but it's indeed very minimal ;-) IIRC our guidelines say all services should be protected by an AppArmor profile, so it would probably make sense to install AppArmor by default. pattern-openSUSE-apparmor should drop in what we need. If kiwi ignores recommends, also add apparmor-utils (which is not really needed for running the server, but very helpful for translating audit.log events to profile changes). Speaking of audit.log - the audit daemon (package audit) would also be helpful. Or do you prefer to do this via salt? (Deploying and loading the service-specific AppArmor profiles would always be salt's job.) BTW: IIRC Lars said that there is a set of existing salt states [2] which is used by the existing openSUSE servers/VMs. Is this available to the public (where?), or do I need a special account somewhere? Regards, Christian Boltz [1] I already have some 42.2 beta servers running for a customer (since beta 1!) without "surprises", so I don't see a reason why openSUSE itsself shouldn't use it ;-) It might even be worth a news.o.o article (or at least a note in the RC1 announcement) saying "look how good 42.2 beta is, we are already using it on $service.o.o" ;-) [2] I'm new to salt and its terms, so I hope I grabbed the right name for the *.sls files ;-) -- Es kommt mir (auch wegen der zahlreichen PMs) so vor als ob ich der einzige bin der das noch nicht "gehört" hatte. Nächstes Mal wähle ich gleich als Subject "Sag mal schnell einer das Passwort für xyz". Besser als Brute-Force! [Rüdiger Meier in suse-linux] -- To unsubscribe, e-mail: heroes+unsubscribe@opensuse.org To contact the owner, e-mail: heroes+owner@opensuse.org