sandstorm

sandstorm copied to clipboard

So, we've long talked about being able to have a Sandstorm distro or box which can all be managed from one place, but as a project, we are probably a bit small to handle adding "create all the management tools for a Linux OS" to our repertoire. My Sandstorm box probably doesn't get as much attention as it should, because I'm not regularly able to SSH into it.

https://cockpit-project.org/

I was wondering how crazy an idea it would be to integrate Cockpit, ideally by like proxying it through Sandstorm, so it got our certificates, wouldn't be running on a separate port, and we could ensure the user was an admin in Sandstorm and such, and then making it reachable from inside the admin panel. Shockingly, the styles even match up a bit:

This would let the admin access the terminal, install OS updates, reboot the server, and monitor things like CPU, memory, and storage usage.

I am not sure we'd want to bypass it's authentication (which uses the OS credentials), but perhaps add Sandstorm authentication as a layer around it. And a big question would be whether to install it for people by default, install it on request, or integrate it if they installed it separately. It's available on most common distros already.

I am skeptical this will turn out to be a good fit; first of all, I think managing the rest of the box only makes sense in the "sandstorm distro" scenario, which kindof assumes the ability to pull off a big project to begin with. Second, In that scenario I think we might want to be pickier about what we actually expose & provide a more limited set of options.

My thought was it would probably not make sense for cloud-based Sandstorm hosters, but that anyone running it bare metal might find this useful. As I said, in my case I can't SSH into my box to run OS updates most of the time.

It also looks like it's intended to be straightforward enough to embed parts of it, so we might even be able to create a more opinionated selection of features.