heroes / salt

Created 3 years ago
Maintained by Pharaoh_Atem
The basic salt data for the internal openSUSE infrastructure
Members 2

openSUSE Heroes pipeline status

   _____       ____  _____ __             __
  / ___/____ _/ / /_/ ___// /_____ ______/ /__
  \__ \/ __ `/ / __/\__ \/ __/ __ `/ ___/ //_/
 ___/ / /_/ / / /_ ___/ / /_/ /_/ / /__/ ,<
/____/\__,_/_/\__//____/\__/\__,_/\___/_/|_|

Authoritative source of this repository is https://gitlab.infra.opensuse.org/infra/salt. Merge requests can be filed there, but access requires the openSUSE Heroes VPN.

Read-only mirrors are available at https://code.opensuse.org/heroes/salt and https://github.com/openSUSE/heroes-salt.

Documentation can be found in the openSUSE admin wiki.

States can be applied from the master:

salt <target> state.apply

Debugging Salt on a client (i.e. a machine running the salt-minion) is possible using:

salt-call state.apply -l debug test=True

Remember to have a lot of fun! :-)

Tests

Merge requests to the repository trigger a test suite:

  • lint: Linting of .jinja, .py, .sh, .sls, .yaml files
  • validate:
  • Schema validation of data in pillar/infra/
  • File header and suffix check
  • Empty files check
  • PGP secrets check
  • Roles check
  • show_highstate: Salt state.show_highstate for every country with all roles enabled - finds basic pillar/state template errors
  • test_haproxy: Validates the HAProxy configuration for all proxy clusters - finds pillar and HAProxy syntax errors
  • test_nginx: Validates the NGINX configuration for all roles using NGINX - finds pillar and NGINX syntax errors
  • test_highstate: Salt state.test for every role - finds most pillar/state errors

If the pipeline succeeds and the merge request gets merged, the new data will be copied to all Salt Masters.

Rules and workflows

The general workflow should be to create a branch (either directly in this repository or in a clone/fork), do your changes, commit and create a merge request for review. This gives other team members the possibility to notice and review your changes. It even sends out Emails, so other team members become aware of them.

On the other side, we do not want to block anyone from being productive. So here are the general rules:

  • Always use merge requests.
  • We allow to merge those requests on your own - but we want to make use of the benefits of merge requests (notifications, tests, visibility).

Merge requests that require a review:

  • changes that might affect a bigger amount of machines - especially, if this affects machines maintained by others
  • potentially dangerous stuff that might break existing setups

Merge requests that could be self-merged:

  • emergency updates repairing something that is already broken (think about a new gateway IP address as an example)
  • typo fixes (includes whitespace fixes)
  • changes which only affect machines maintained by the requester themselves
  • changes which nobody reviewed / which did not receive any input for more than one week