I have an architectural question…
I am building simple appliance. The appliance can be connected to a LAN and will forward any IP traffic to it over a VPN tunnel to a VPN server/Firewall/Router (currently pfSense). This enables a wide variety of remote monitoring and security use cases.
I have all the functionality working today on heavily customised Raspbian, using a combination of shell scripts and Python.
To make the appliance easier to support and deploy I intend moving to Ubuntu Core and use a snap app to provide the forwarding and management functions.
Is it better to build all the functions (configuration management, firewall, vpn tunnelling, management channel…) into a single app (probably in Python) or to have multiple snap apps one for each function?
What you propose overall sounds like a good approach (and is not dissimilar to what I’ve been working on for the past couple of years). In terms of how to package it up, keep in mind that a single snap can contain multiple “apps” / services. So for a start, it sounds like the best approach would be to just package everything up together - or at least there is no fundamental reason not to do that. This approach also comes with the advantage that if you make are any changes, all services are guaranteed to be upgraded in sync - i.e. you don’t need to worry about maintaining backward compatibility among the different apps.
That said, you can of course also package things up as multiple snaps, which potentially even share files via the content interface. Off the top of my head, here are some cases where it may make sense to have multiple snaps:
- Where your suite contains core services/libraries that rarely change, as well as peripheral functionality (or provisioning configurations) that change more frequently. This way you can avoid re-downloading the core every time the peripheral functionality needs to be upgraded. There’s some discussion of this here: Breaking up snap into inter-dependent parts
- If different appliances will have different (modular) sets of functionality that you don’t want to always bundle together
By the way - just for fun (or inspiration) - here’s quite an impressive snapcraft.yaml that incorporates a dozen or so microservices in a single snap: https://github.com/edgexfoundry/edgex-go/blob/master/snap/snapcraft.yaml