[](https://en.opensuse.org/openSUSE:Heroes) [](https://gitlab.infra.opensuse.org/infra/salt/commits/production)
```
_____ ____ _____ __ __
/ ___/____ _/ / /_/ ___// /_____ ______/ /__
\__ \/ __ `/ / __/\__ \/ __/ __ `/ ___/ //_/
___/ / /_/ / / /_ ___/ / /_/ /_/ / /__/ ,<
/____/\__,_/_/\__//____/\__/\__,_/\___/_/|_|
```
Authoritative source of this repository is https://gitlab.infra.opensuse.org/infra/salt. Merge requests can be filed there, but access requires the openSUSE Heroes VPN.
Read-only mirrors are available at https://code.opensuse.org/heroes/salt and https://github.com/openSUSE/heroes-salt.
Documentation can be found in the [openSUSE admin wiki](https://progress.opensuse.org/projects/opensuse-admin-wiki/wiki).
States can be applied from the master:
`salt <target> state.apply`
Debugging Salt on a client (i.e. a machine running the salt-minion) is possible using:
`salt-call state.apply -l debug test=True`
Remember to have a lot of fun! :-)
Formulas
-------------------
In addition to the Salt states in this repository various reusable states ("formulas") are in use.
Our formulas (installed from packages):
- https://github.com/openSUSE/salt-formulas (authoritative) or https://code.opensuse.org/heroes/salt-formulas (mirror)
Upstream formulas and forks (installed from Git submodules):
- https://gitlab.infra.opensuse.org/infra/salt-formulas-git (authoritative) or https://code.opensuse.org/heroes/salt-formulas-git (mirror)
Tests
-------------------
Merge requests to the repository trigger a test suite:
- `lint`: Linting of .jinja, .py, .sh, .sls, .yaml files
- `validate`:
- Schema validation of data in pillar/infra/
- File header and suffix check
- Empty files check
- PGP secrets check
- Roles check
- `show_highstate`: Salt `state.show_highstate` for every country
with all roles enabled - finds basic pillar/state template errors
- `test_haproxy`: Validates the HAProxy configuration for all
proxy clusters - finds pillar and HAProxy syntax errors
- `test_nginx`: Validates the NGINX configuration for all roles
using NGINX - finds pillar and NGINX syntax errors
- `test_highstate`: Salt `state.test` for every role - finds most
pillar/state errors
If the pipeline succeeds and the merge request gets merged, the new
data will be copied to all Salt Masters.
Rules and workflows
-------------------
The general workflow should be to create a branch (either directly in this repository or in a clone/fork), do your changes, commit and create a merge request for review. This gives other team members the possibility to notice and review your changes. It even sends out Emails, so other team members become aware of them.
On the other side, we do not want to block anyone from being productive. So here are the general rules:
* **Always use merge requests.**
* We allow to merge those requests on your own - but we want to make use of the benefits of merge requests (notifications, tests, visibility).
Merge requests that **require a review**:
* changes that might affect a bigger amount of machines - especially, if this affects machines maintained by others
* potentially dangerous stuff that might break existing setups
Merge requests that **could be self-merged**:
* emergency updates repairing something that is already broken (think about a new gateway IP address as an example)
* typo fixes (includes whitespace fixes)
* changes which only affect machines maintained by the requester themselves
* changes which nobody reviewed / which did not receive any input for more than one week