On Mon, Oct 10, 2016 at 12:48:25AM +0200, Christian Boltz wrote:
42.1 is terribly old ;-) - what about using 42.2 for
I know 42.2 is still in beta, but that shouldn't stop us from using it
already ;-) 
There was a reason I created 42.1: I wanted to make sure that the packages from
the update channel are preferred. Now that I made sure that this behaviour is
working fine, I can create the 42.2 beta as well for sure.
I had a quick look at the image. Looks good, but
it's indeed very
Thanks for the review! Once again, we really need the image as minimal as
possible (just to be able to set its network up as a first step). It will not
be used only for production machines managed via salt, but also for workers,
runners, containers, testing cloud instances etc. We need just to be able to
set its network as a first step.
IIRC our guidelines say all services should be
protected by an AppArmor
profile, so it would probably make sense to install AppArmor by default.
pattern-openSUSE-apparmor should drop in what we need. If kiwi ignores
recommends, also add apparmor-utils (which is not really needed for
running the server, but very helpful for translating audit.log events to
profile changes). Speaking of audit.log - the audit daemon (package
audit) would also be helpful.
Or do you prefer to do this via salt?
That has to be done via salt afterwards
(Deploying and loading the service-specific AppArmor
profiles would always
be salt's job.)
BTW: IIRC Lars said that there is a set of existing salt states 
which is used by the existing openSUSE servers/VMs. Is this available to
the public (where?), or do I need a special account somewhere?
I explained the situation in a past mail, see
Meanwhile I started
writing some salt code for opensuse, but it is in very early stages and not
deployed yet. I'll keep you posted
 I already have some 42.2 beta servers running for a customer (since
beta 1!) without "surprises", so I don't see a reason why openSUSE
itsself shouldn't use it ;-)
It might even be worth a news.o.o article (or at least a note in the
RC1 announcement) saying "look how good 42.2 beta is, we are already
using it on $service.o.o" ;-)
 I'm new to salt and its terms, so I hope I grabbed the right name
for the *.sls files ;-)
Theo Chatzimichos <tampakrap(a)opensuse.org> <tchatzimichos(a)suse.com>
SUSE Operations and Services Team