Re: [Userops] How Sandstorm enables userops (rather than "dev"eleoper ops) (part 1)

[Asheesh Laroia]

Hi Christophe -- thanks for trying Sandstorm! Some thoughts inline.

On Sun, Apr 5, 2015 at 8:33 AM, Christophe Siraut <address@hidden> wrote:

Hi Asheesh,

Asheesh Laroia wrote:
> Please reply saying what you think!

The speed applications get deployed in Sandstorm is amazing. I am a
little suspicious about the amount of resources needed for isolating
every application instance processes, but I understand it's a good way
to go for preserving security while allowing to run about anything.

I like to say: It's not Sandstorm that's fast, it's your machine that's fast!

As for overhead of isolation -- I like to use the mental model of "isolated process" rather than "containers". The resource use is pretty low; part of that is that Sandstorm app packages are just the minimum required to run the app, rather than a "full operating system install" within the isolated environment. You can get a sense of that by doing "spk unpack" on some SPK files from the app list.

Another nice thing in terms of resource use is the fact that Sandstorm stops apps that aren't accessed recently. Since with apps on Sandstorm, anonymous guests can't spin them up, Sandstorm should IMHO cause a decrease in average resource use.

 

I installed the service in a VM but I do not own accounts at the
required companies for authentication. Could Sandstorm talk to my users
database or let me add shared keys? Found ticket #220;)

Yeah -- we're working on that. (-:

There are two avenues we're pushing forward on here. One is email address based login, which you can self-host and which you can use without relying on any particular third party. The other is GPG-based login, which we haven't spec'd out fully yet.

 

Would Sandstorm fit in a shared server environment[1]? How could
Sandstorm applications be reached using users' domain names? (using
reverse proxy?) I see Sandstorm create isolated Etherpad documents and
Gitlab repositories, can we enable pads creation for unauthenticated
users? and Gitlab cross-projects features? I suppose the answer is
positive but needs development efforts in abstracting user management
everywhere.

For what it's worth, I spend a lot of my life nowadays on alpha.sandstorm.io, where I have an account, and which is a shared hosting environment in some sense.

For domain names, see https://github.com/sandstorm-io/sandstorm/wiki/Publishing-to-the-user%27s-domain . Totally possible in a shared hosting-type environment.

For enabling e,g. pad creation by unauthenticated users: that's an interesting concept. I think so far, we lean toward "no"; I think that's in part because we don't think the sandbox is as secure as we want it to be yet. I wonder, though; perhaps Kenton has some thoughts on that.

For enabling GitLab cross-project features: https://blog.sandstorm.io/news/2015-01-21-gitweb-and-gitlab.html talks about our vision there; a summary is, we'd love if the gitlab inter-project features relied on an API that other apps can implement. Having said that, there's no particular reason to think that the GitLab authors will be excited about that, so it might not happen for that particular codebase. It doesn't need "user management' help so much as someone to write a Cap'n Proto API for pull requests, and then add support to some apps for that API.

 

One more before I go: what about applications updates, how
do they get applied? and content migrated?

For application updates, right now, the answer is that you have to visit the app list and "Install" the app, which if it's a new version, will cause an upgrade. Sandstorm will then ask you if you want to update your existing app instances to the new app version, and you should probably say yes. Once you do that, it's up to the app to know how to migrate its own data.

Let me know if you have any other questions!