_____ ____ _____ __ __
/ ___/____ _/ / /_/ ___// /_____ ______/ /__
\__ \/ __ `/ / __/\__ \/ __/ __ `/ ___/ //_/
___/ / /_/ / / /_ ___/ / /_/ /_/ / /__/ ,<
/____/\__,_/_/\__//____/\__/\__,_/\___/_/|_|
Authoritative source of this repository is https://gitlab.infra.opensuse.org/infra/salt. Merge requests can be filed there, but access requires the openSUSE Heroes VPN.
Read-only mirrors are available at: * https://github.com/openSUSE/heroes-salt * https://code.opensuse.org/heroes/salt * https://progress.opensuse.org/projects/opensuse-admin/repository
Documentation can be found in the openSUSE admin wiki.
States can be applied from the master:
salt <target> state.apply
Debugging Salt on a client (i.e. a machine running the salt-minion) is possible using:
salt-call state.apply -l debug test=True
Remember to have a lot of fun! :-)
In addition to the Salt states in this repository various reusable states ("formulas") are in use.
Our formulas (installed from packages): - https://github.com/openSUSE/salt-formulas (authoritative) or https://code.opensuse.org/heroes/salt-formulas (mirror)
Upstream formulas and forks (installed from Git submodules): - https://gitlab.infra.opensuse.org/infra/salt-formulas-git (authoritative) or https://code.opensuse.org/heroes/salt-formulas-git (mirror)
Merge requests to the repository trigger a test suite:
lint
: Linting of .jinja, .py, .sh, .sls, .yaml filesvalidate
:show_highstate
: Salt state.show_highstate
for every site
with all roles enabled - finds basic pillar/state template errorstest_haproxy
: Validates the HAProxy configuration for all
proxy clusters - finds pillar and HAProxy syntax errorstest_nginx
: Validates the NGINX configuration for all roles
using NGINX - finds pillar and NGINX syntax errorstest_highstate
: Salt state.test
for every role - finds most
pillar/state errorstest_nftables
: Lints and validates the nftables configuration
under salt/files/nftables/ - finds cosmetic and syntax issuestest_prometheus
: Validates the Prometheus and Alertmanager
configurations as well as the alerting rules under
salt/files/prometheus/ - finds monitoring pillar and configuration
issues including invalid rulesIf the pipeline succeeds and the merge request gets merged, the new data will be copied to all Salt Masters.
The general workflow should be to create a branch (either directly in this repository or in a clone/fork), do your changes, commit and create a merge request for review. This gives other team members the possibility to notice and review your changes. It even sends out Emails, so other team members become aware of them.
On the other side, we do not want to block anyone from being productive. So here are the general rules:
Merge requests that require a review:
Merge requests that could be self-merged: