We currently have a server with 30 jails, each running a single application. For those who are unfamiliar with FreeBSD, jails are lightweight containers which contain an entire userland environment isolated from the host, but running on the same host kernel. IP addresses can be shared or different from the host. In many ways it is similar to the recent Docker fashion.
Right now we implemented this setup with 31 minions, one for each jail and one for the host itself. But this is causing some difficulty because the host needs to know about all the minions in order to properly set up the jail in the first place and to maintain certain shared resources. But minion-to-minion communication is troublesome and slow in salt (even though it is possible). So this concept of a minion "owning" and controlling a bunch of other minions doesn't seem to sit right with salt.
On the other hand, if I discard the jail minions and keep only the host minion, many of my states become complex. Instead of using standard pkg upgrade commands, I need to build custom states which are aware of the jails. Rather than being able to share standard system configuration states, all changes needs to be iterated over 30 times and wrapped in "jexec" commands to ensure the updates are propagated properly to all the jails.
This has all come to a head because we now want to configure a duplicate server, with a copy of every jail. So either we need to generate another 31 minions, or re-organise everything into just a single minion per master host.
How are other people handling the situation of multiple lightweight jails with salt?
Cheers
Ari