367b4f
[![openSUSE Heroes](https://img.shields.io/badge/openSUSE-Heroes-brightgreen.svg?logo=data%3Aimage%2Fpng%3Bbase64%2CiVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAMAAAAoLQ9TAAAAk1BMVEUAAABmmQCR0AdmmQB7tAOR0Ad0qwKR0AdmmQB7tAOGwgWR0AeR0AdmmQB0qwKR0AdmmQBmmQBwpgF2rQJ7tAOR0AdvpQF5sQOR0AdyqQKIxQWR0Ad1rQKR0Ad0qwJ3rwKJxgWR0Ad5sgN9tgN%2BuASR0Ad%2FugSLyAaR0Ad7tAN%2BtwOAuwSGwgWIxQWLyQaOzAaR0Ac0QkqCAAAAKXRSTlMADw8fHx8vLz8%2FPz9PX19fb39%2Ff39%2Fj4%2BPn5%2Bfr6%2B%2Fv7%2B%2Fz8%2Ff3%2B%2Fv7%2FtiEuIAAACOSURBVBgZbcHbFkJAAAXQQ8kUJRXRGKHblKHz%2F19XLq3Vg70xSUaejX%2F8uknfRs%2BW%2FJEuAEdzYLL4Sh%2BQHLSLSK0uGuDo5PGp5gzAUbIkC4cK7LwbajfNhSTB3qZqdRKVpMGDHeWsz7UxdS5w4ED5lhCzoIBVcaTLUps9YMX3hj3zSgU6lgh32THcCkz5AIT0Glg8M2spAAAAAElFTkSuQmCC)](https://en.opensuse.org/openSUSE:Heroes) [![pipeline status](https://gitlab.infra.opensuse.org/infra/salt/badges/production/pipeline.svg)](https://gitlab.infra.opensuse.org/infra/salt/commits/production)
Theo Chatzimichos ee78de
c48f92
```
c48f92
   _____       ____  _____ __             __
c48f92
  / ___/____ _/ / /_/ ___// /_____ ______/ /__
c48f92
  \__ \/ __ `/ / __/\__ \/ __/ __ `/ ___/ //_/
c48f92
 ___/ / /_/ / / /_ ___/ / /_/ /_/ / /__/ ,<
c48f92
/____/\__,_/_/\__//____/\__/\__,_/\___/_/|_|
c48f92
```
c48f92
fe106c
Authoritative source of this repository is https://gitlab.infra.opensuse.org/infra/salt. Merge requests can be filed there, but access requires the openSUSE Heroes VPN.
93c121
fe106c
Read-only mirrors are available at https://code.opensuse.org/heroes/salt and https://github.com/openSUSE/heroes-salt.
fe106c
fe106c
Documentation can be found in the [openSUSE admin wiki](https://progress.opensuse.org/projects/opensuse-admin-wiki/wiki).
fe106c
c48f92
States can be applied from the master:
c48f92
c48f92
`salt <target> state.apply`
c48f92
fe106c
Debugging Salt on a client (i.e. a machine running the salt-minion) is possible using:
Theo Chatzimichos ee78de
Theo Chatzimichos ee78de
`salt-call state.apply -l debug test=True`
93c121
c48f92
Remember to have a lot of fun! :-)
93c121
c49111
Formulas
c49111
-------------------
c49111
c49111
In addition to the Salt states in this repository various reusable states ("formulas") are in use.
c49111
c49111
Our formulas (installed from packages):
c49111
- https://github.com/openSUSE/salt-formulas (authoritative) or https://code.opensuse.org/heroes/salt-formulas (mirror)
c49111
c49111
Upstream formulas and forks (installed from Git submodules):
c49111
- https://gitlab.infra.opensuse.org/infra/salt-formulas-git (authoritative) or https://code.opensuse.org/heroes/salt-formulas-git (mirror)
c49111
c48f92
Tests
c48f92
-------------------
Theo Chatzimichos d91a13
c48f92
Merge requests to the repository trigger a test suite:
c48f92
c48f92
- `lint`: Linting of .jinja, .py, .sh, .sls, .yaml files
c48f92
- `validate`:
c48f92
  - Schema validation of data in pillar/infra/
c48f92
  - File header and suffix check
c48f92
  - Empty files check
c48f92
  - PGP secrets check
c48f92
  - Roles check
c48f92
- `show_highstate`: Salt `state.show_highstate` for every country
c48f92
   with all roles enabled - finds basic pillar/state template errors
c48f92
- `test_haproxy`: Validates the HAProxy configuration for all
c48f92
  proxy clusters - finds pillar and HAProxy syntax errors
c48f92
- `test_nginx`: Validates the NGINX configuration for all roles
c48f92
  using NGINX - finds pillar and NGINX syntax errors
c48f92
- `test_highstate`: Salt `state.test` for every role - finds most
c48f92
  pillar/state errors
c48f92
c48f92
If the pipeline succeeds and the merge request gets merged, the new
c48f92
data will be copied to all Salt Masters.
fa4776
fa4776
Rules and workflows
fa4776
-------------------
fa4776
fe106c
The general workflow should be to create a branch (either directly in this repository or in a clone/fork), do your changes, commit and create a merge request for review. This gives other team members the possibility to notice and review your changes. It even sends out Emails, so other team members become aware of them.
fa4776
fa4776
On the other side, we do not want to block anyone from being productive. So here are the general rules:
fa4776
Lars Vogdt e90281
* **Always use merge requests.** 
Lars Vogdt e90281
* We allow to merge those requests on your own - but we want to make use of the benefits of merge requests (notifications, tests, visibility).
fa4776
fa4776
Lars Vogdt e90281
Merge requests that **require a review**:
367b4f
Lars Vogdt e90281
* changes that might affect a bigger amount of machines - especially, if this affects machines maintained by others
Lars Vogdt e90281
* potentially dangerous stuff that might break existing setups
Lars Vogdt e90281
Lars Vogdt d99f18
Merge requests that **could be self-merged**:
367b4f
fe106c
* emergency updates repairing something that is already broken (think about a new gateway IP address as an example)
Lars Vogdt e90281
* typo fixes (includes whitespace fixes)
fe106c
* changes which only affect machines maintained by the requester themselves
fe106c
* changes which nobody reviewed / which did not receive any input for more than one week