|
|
367b4f |
[![openSUSE Heroes](https://img.shields.io/badge/openSUSE-Heroes-brightgreen.svg?logo=data%3Aimage%2Fpng%3Bbase64%2CiVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAMAAAAoLQ9TAAAAk1BMVEUAAABmmQCR0AdmmQB7tAOR0Ad0qwKR0AdmmQB7tAOGwgWR0AeR0AdmmQB0qwKR0AdmmQBmmQBwpgF2rQJ7tAOR0AdvpQF5sQOR0AdyqQKIxQWR0Ad1rQKR0Ad0qwJ3rwKJxgWR0Ad5sgN9tgN%2BuASR0Ad%2FugSLyAaR0Ad7tAN%2BtwOAuwSGwgWIxQWLyQaOzAaR0Ac0QkqCAAAAKXRSTlMADw8fHx8vLz8%2FPz9PX19fb39%2Ff39%2Fj4%2BPn5%2Bfr6%2B%2Fv7%2B%2Fz8%2Ff3%2B%2Fv7%2FtiEuIAAACOSURBVBgZbcHbFkJAAAXQQ8kUJRXRGKHblKHz%2F19XLq3Vg70xSUaejX%2F8uknfRs%2BW%2FJEuAEdzYLL4Sh%2BQHLSLSK0uGuDo5PGp5gzAUbIkC4cK7LwbajfNhSTB3qZqdRKVpMGDHeWsz7UxdS5w4ED5lhCzoIBVcaTLUps9YMX3hj3zSgU6lgh32THcCkz5AIT0Glg8M2spAAAAAElFTkSuQmCC)](https://en.opensuse.org/openSUSE:Heroes) [![pipeline status](https://gitlab.infra.opensuse.org/infra/salt/badges/production/pipeline.svg)](https://gitlab.infra.opensuse.org/infra/salt/commits/production)
|
|
Theo Chatzimichos |
ee78de |
|
|
|
c48f92 |
```
|
|
|
c48f92 |
_____ ____ _____ __ __
|
|
|
c48f92 |
/ ___/____ _/ / /_/ ___// /_____ ______/ /__
|
|
|
c48f92 |
\__ \/ __ `/ / __/\__ \/ __/ __ `/ ___/ //_/
|
|
|
c48f92 |
___/ / /_/ / / /_ ___/ / /_/ /_/ / /__/ ,<
|
|
|
c48f92 |
/____/\__,_/_/\__//____/\__/\__,_/\___/_/|_|
|
|
|
c48f92 |
```
|
|
|
c48f92 |
|
|
|
fe106c |
Authoritative source of this repository is https://gitlab.infra.opensuse.org/infra/salt. Merge requests can be filed there, but access requires the openSUSE Heroes VPN.
|
|
|
93c121 |
|
|
|
fe106c |
Read-only mirrors are available at https://code.opensuse.org/heroes/salt and https://github.com/openSUSE/heroes-salt.
|
|
|
fe106c |
|
|
|
fe106c |
Documentation can be found in the [openSUSE admin wiki](https://progress.opensuse.org/projects/opensuse-admin-wiki/wiki).
|
|
|
fe106c |
|
|
|
c48f92 |
States can be applied from the master:
|
|
|
c48f92 |
|
|
|
c48f92 |
`salt <target> state.apply`
|
|
|
c48f92 |
|
|
|
fe106c |
Debugging Salt on a client (i.e. a machine running the salt-minion) is possible using:
|
|
Theo Chatzimichos |
ee78de |
|
|
Theo Chatzimichos |
ee78de |
`salt-call state.apply -l debug test=True`
|
|
|
93c121 |
|
|
|
c48f92 |
Remember to have a lot of fun! :-)
|
|
|
93c121 |
|
|
|
c49111 |
Formulas
|
|
|
c49111 |
-------------------
|
|
|
c49111 |
|
|
|
c49111 |
In addition to the Salt states in this repository various reusable states ("formulas") are in use.
|
|
|
c49111 |
|
|
|
c49111 |
Our formulas (installed from packages):
|
|
|
c49111 |
- https://github.com/openSUSE/salt-formulas (authoritative) or https://code.opensuse.org/heroes/salt-formulas (mirror)
|
|
|
c49111 |
|
|
|
c49111 |
Upstream formulas and forks (installed from Git submodules):
|
|
|
c49111 |
- https://gitlab.infra.opensuse.org/infra/salt-formulas-git (authoritative) or https://code.opensuse.org/heroes/salt-formulas-git (mirror)
|
|
|
c49111 |
|
|
|
c48f92 |
Tests
|
|
|
c48f92 |
-------------------
|
|
Theo Chatzimichos |
d91a13 |
|
|
|
c48f92 |
Merge requests to the repository trigger a test suite:
|
|
|
c48f92 |
|
|
|
c48f92 |
- `lint`: Linting of .jinja, .py, .sh, .sls, .yaml files
|
|
|
c48f92 |
- `validate`:
|
|
|
c48f92 |
- Schema validation of data in pillar/infra/
|
|
|
c48f92 |
- File header and suffix check
|
|
|
c48f92 |
- Empty files check
|
|
|
c48f92 |
- PGP secrets check
|
|
|
c48f92 |
- Roles check
|
|
|
c48f92 |
- `show_highstate`: Salt `state.show_highstate` for every country
|
|
|
c48f92 |
with all roles enabled - finds basic pillar/state template errors
|
|
|
c48f92 |
- `test_haproxy`: Validates the HAProxy configuration for all
|
|
|
c48f92 |
proxy clusters - finds pillar and HAProxy syntax errors
|
|
|
c48f92 |
- `test_nginx`: Validates the NGINX configuration for all roles
|
|
|
c48f92 |
using NGINX - finds pillar and NGINX syntax errors
|
|
|
c48f92 |
- `test_highstate`: Salt `state.test` for every role - finds most
|
|
|
c48f92 |
pillar/state errors
|
|
|
c48f92 |
|
|
|
c48f92 |
If the pipeline succeeds and the merge request gets merged, the new
|
|
|
c48f92 |
data will be copied to all Salt Masters.
|
|
|
fa4776 |
|
|
|
fa4776 |
Rules and workflows
|
|
|
fa4776 |
-------------------
|
|
|
fa4776 |
|
|
|
fe106c |
The general workflow should be to create a branch (either directly in this repository or in a clone/fork), do your changes, commit and create a merge request for review. This gives other team members the possibility to notice and review your changes. It even sends out Emails, so other team members become aware of them.
|
|
|
fa4776 |
|
|
|
fa4776 |
On the other side, we do not want to block anyone from being productive. So here are the general rules:
|
|
|
fa4776 |
|
|
Lars Vogdt |
e90281 |
* **Always use merge requests.**
|
|
Lars Vogdt |
e90281 |
* We allow to merge those requests on your own - but we want to make use of the benefits of merge requests (notifications, tests, visibility).
|
|
|
fa4776 |
|
|
|
fa4776 |
|
|
Lars Vogdt |
e90281 |
Merge requests that **require a review**:
|
|
|
367b4f |
|
|
Lars Vogdt |
e90281 |
* changes that might affect a bigger amount of machines - especially, if this affects machines maintained by others
|
|
Lars Vogdt |
e90281 |
* potentially dangerous stuff that might break existing setups
|
|
Lars Vogdt |
e90281 |
|
|
Lars Vogdt |
d99f18 |
Merge requests that **could be self-merged**:
|
|
|
367b4f |
|
|
|
fe106c |
* emergency updates repairing something that is already broken (think about a new gateway IP address as an example)
|
|
Lars Vogdt |
e90281 |
* typo fixes (includes whitespace fixes)
|
|
|
fe106c |
* changes which only affect machines maintained by the requester themselves
|
|
|
fe106c |
* changes which nobody reviewed / which did not receive any input for more than one week
|