|
 |
367b4f |
[](https://en.opensuse.org/openSUSE:Heroes) [](https://gitlab.infra.opensuse.org/infra/salt/commits/production)
|
|
Theo Chatzimichos |
ee78de |
|
|
 |
c48f92 |
```
|
|
 |
c48f92 |
_____ ____ _____ __ __
|
|
 |
c48f92 |
/ ___/____ _/ / /_/ ___// /_____ ______/ /__
|
|
 |
c48f92 |
\__ \/ __ `/ / __/\__ \/ __/ __ `/ ___/ //_/
|
|
 |
c48f92 |
___/ / /_/ / / /_ ___/ / /_/ /_/ / /__/ ,<
|
|
 |
c48f92 |
/____/\__,_/_/\__//____/\__/\__,_/\___/_/|_|
|
|
 |
c48f92 |
```
|
|
 |
c48f92 |
|
|
 |
fe106c |
Authoritative source of this repository is https://gitlab.infra.opensuse.org/infra/salt. Merge requests can be filed there, but access requires the openSUSE Heroes VPN.
|
|
 |
93c121 |
|
|
 |
d84a91 |
Read-only mirrors are available at:
|
|
 |
d84a91 |
* https://github.com/openSUSE/heroes-salt
|
|
 |
609375 |
* https://code.opensuse.org/heroes/salt
|
|
 |
d84a91 |
* https://progress.opensuse.org/projects/opensuse-admin/repository
|
|
 |
fe106c |
|
|
 |
fe106c |
Documentation can be found in the [openSUSE admin wiki](https://progress.opensuse.org/projects/opensuse-admin-wiki/wiki).
|
|
 |
fe106c |
|
|
 |
c48f92 |
States can be applied from the master:
|
|
 |
c48f92 |
|
|
 |
c48f92 |
`salt <target> state.apply`
|
|
 |
c48f92 |
|
|
 |
fe106c |
Debugging Salt on a client (i.e. a machine running the salt-minion) is possible using:
|
|
Theo Chatzimichos |
ee78de |
|
|
Theo Chatzimichos |
ee78de |
`salt-call state.apply -l debug test=True`
|
|
 |
93c121 |
|
|
 |
c48f92 |
Remember to have a lot of fun! :-)
|
|
 |
93c121 |
|
|
 |
c49111 |
Formulas
|
|
 |
c49111 |
-------------------
|
|
 |
c49111 |
|
|
 |
c49111 |
In addition to the Salt states in this repository various reusable states ("formulas") are in use.
|
|
 |
c49111 |
|
|
 |
c49111 |
Our formulas (installed from packages):
|
|
 |
c49111 |
- https://github.com/openSUSE/salt-formulas (authoritative) or https://code.opensuse.org/heroes/salt-formulas (mirror)
|
|
 |
c49111 |
|
|
 |
c49111 |
Upstream formulas and forks (installed from Git submodules):
|
|
 |
c49111 |
- https://gitlab.infra.opensuse.org/infra/salt-formulas-git (authoritative) or https://code.opensuse.org/heroes/salt-formulas-git (mirror)
|
|
 |
c49111 |
|
|
 |
c48f92 |
Tests
|
|
 |
c48f92 |
-------------------
|
|
Theo Chatzimichos |
d91a13 |
|
|
 |
c48f92 |
Merge requests to the repository trigger a test suite:
|
|
 |
c48f92 |
|
|
 |
c48f92 |
- `lint`: Linting of .jinja, .py, .sh, .sls, .yaml files
|
|
 |
c48f92 |
- `validate`:
|
|
 |
c48f92 |
- Schema validation of data in pillar/infra/
|
|
 |
c48f92 |
- File header and suffix check
|
|
 |
c48f92 |
- Empty files check
|
|
 |
c48f92 |
- PGP secrets check
|
|
 |
559875 |
- Profiles check
|
|
 |
c48f92 |
- Roles check
|
|
 |
c35860 |
- `show_highstate`: Salt `state.show_highstate` for every site
|
|
 |
c48f92 |
with all roles enabled - finds basic pillar/state template errors
|
|
 |
c48f92 |
- `test_haproxy`: Validates the HAProxy configuration for all
|
|
 |
c48f92 |
proxy clusters - finds pillar and HAProxy syntax errors
|
|
 |
c48f92 |
- `test_nginx`: Validates the NGINX configuration for all roles
|
|
 |
c48f92 |
using NGINX - finds pillar and NGINX syntax errors
|
|
 |
c48f92 |
- `test_highstate`: Salt `state.test` for every role - finds most
|
|
 |
c48f92 |
pillar/state errors
|
|
 |
242c4b |
- `test_nftables`: Lints and validates the nftables configuration
|
|
 |
242c4b |
under salt/files/nftables/ - finds cosmetic and syntax issues
|
|
 |
242c4b |
- `test_prometheus`: Validates the Prometheus and Alertmanager
|
|
 |
242c4b |
configurations as well as the alerting rules under
|
|
 |
242c4b |
salt/files/prometheus/ - finds monitoring pillar and configuration
|
|
 |
242c4b |
issues including invalid rules
|
|
 |
c48f92 |
|
|
 |
c48f92 |
If the pipeline succeeds and the merge request gets merged, the new
|
|
 |
c48f92 |
data will be copied to all Salt Masters.
|
|
 |
fa4776 |
|
|
 |
fa4776 |
Rules and workflows
|
|
 |
fa4776 |
-------------------
|
|
 |
fa4776 |
|
|
 |
fe106c |
The general workflow should be to create a branch (either directly in this repository or in a clone/fork), do your changes, commit and create a merge request for review. This gives other team members the possibility to notice and review your changes. It even sends out Emails, so other team members become aware of them.
|
|
 |
fa4776 |
|
|
 |
fa4776 |
On the other side, we do not want to block anyone from being productive. So here are the general rules:
|
|
 |
fa4776 |
|
|
 |
1a3a0f |
* **Always use merge requests.**
|
|
Lars Vogdt |
e90281 |
* We allow to merge those requests on your own - but we want to make use of the benefits of merge requests (notifications, tests, visibility).
|
|
 |
fa4776 |
|
|
 |
fa4776 |
|
|
Lars Vogdt |
e90281 |
Merge requests that **require a review**:
|
|
 |
367b4f |
|
|
Lars Vogdt |
e90281 |
* changes that might affect a bigger amount of machines - especially, if this affects machines maintained by others
|
|
Lars Vogdt |
e90281 |
* potentially dangerous stuff that might break existing setups
|
|
Lars Vogdt |
e90281 |
|
|
Lars Vogdt |
d99f18 |
Merge requests that **could be self-merged**:
|
|
 |
367b4f |
|
|
 |
fe106c |
* emergency updates repairing something that is already broken (think about a new gateway IP address as an example)
|
|
Lars Vogdt |
e90281 |
* typo fixes (includes whitespace fixes)
|
|
 |
fe106c |
* changes which only affect machines maintained by the requester themselves
|
|
 |
fe106c |
* changes which nobody reviewed / which did not receive any input for more than one week
|