diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..39752a7 --- /dev/null +++ b/.gitignore @@ -0,0 +1,134 @@ +# Byte-compiled / optimized / DLL files +__pycache__/ +*.py[cod] +*$py.class + +# C extensions +*.so + +# Distribution / packaging +.Python +env/ +build/ +develop-eggs/ +dist/ +downloads/ +eggs/ +.eggs/ +lib/ +lib64/ +parts/ +sdist/ +var/ +wheels/ +*.egg-info/ +.installed.cfg +*.egg + +# PyInstaller +# Usually these files are written by a python script from a packager +# before PyInstaller builds the exe, so as to inject date/other infos into it. +*.manifest +*.spec + +# Installer logs +pip-log.txt +pip-delete-this-directory.txt + +# Unit test / coverage reports +htmlcov/ +.tox/ +.coverage +.coverage.* +.cache +nosetests.xml +coverage.xml +*.cover +.hypothesis/ +.kitchen +.kitchen.local.yml +kitchen.local.yml +junit-*.xml + +# Translations +*.mo +*.pot + +# Django stuff: +*.log +local_settings.py + +# Flask stuff: +instance/ +.webassets-cache + +# Scrapy stuff: +.scrapy + +# Sphinx documentation +docs/_build/ + +# PyBuilder +target/ + +# Jupyter Notebook +.ipynb_checkpoints + +# pyenv +.python-version + +# celery beat schedule file +celerybeat-schedule + +# SageMath parsed files +*.sage.py + +# dotenv +.env + +# virtualenv +.venv +venv/ +ENV/ + +# visual studio +.vs/ + +# Spyder project settings +.spyderproject +.spyproject + +# Rope project settings +.ropeproject + +# mkdocs documentation +/site + +# mypy +.mypy_cache/ + +# Bundler +.bundle/ + +# copied `.md` files used for conversion to `.rst` using `m2r` +docs/*.md + +# Vim +*.sw? + +## Collected when centralising formulas (check and sort) +# `collectd-formula` +.pytest_cache/ +/.idea/ +Dockerfile.*_* +ignore/ +tmp/ + +# `salt-formula` -- Vagrant Specific files +.vagrant +top.sls +!test/salt/pillar/top.sls + +# `suricata-formula` -- Platform binaries +*.rpm +*.deb diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml new file mode 100644 index 0000000..0fc702f --- /dev/null +++ b/.gitlab-ci.yml @@ -0,0 +1,213 @@ +# -*- coding: utf-8 -*- +# vim: ft=yaml +--- +############################################################################### +# Define all YAML node anchors +############################################################################### +.node_anchors: + # `only` (also used for `except` where applicable) + only_branch_master_parent_repo: &only_branch_master_parent_repo + - 'master@saltstack-formulas/moosefs-formula' + # `stage` + stage_lint: &stage_lint 'lint' + stage_release: &stage_release 'release' + stage_test: &stage_test 'test' + # `image` + image_commitlint: &image_commitlint 'myii/ssf-commitlint:11' + image_dindruby: &image_dindruby 'myii/ssf-dind-ruby:2.7.1-r3' + image_dindrubybionic: &image_dindrubybionic 'myii/ssf-dind-ruby-bionic:2.7.5-1bbox1' + image_precommit: &image_precommit + name: 'myii/ssf-pre-commit:2.9.2' + entrypoint: ['/bin/bash', '-c'] + image_rubocop: &image_rubocop 'pipelinecomponents/rubocop:latest' + image_semantic-release: &image_semanticrelease 'myii/ssf-semantic-release:15.14' + # `services` + services_docker_dind: &services_docker_dind + - 'docker:dind' + # `variables` + # https://forum.gitlab.com/t/gitlab-com-ci-caching-rubygems/5627/3 + # https://bundler.io/v1.16/bundle_config.html + variables_bundler: &variables_bundler + BUNDLE_CACHE_PATH: '${CI_PROJECT_DIR}/.cache/bundler' + BUNDLE_WITHOUT: 'production' + # `cache` + cache_bundler: &cache_bundler + key: '${CI_JOB_STAGE}' + paths: + - '${BUNDLE_CACHE_PATH}' + +############################################################################### +# Define stages and global variables +############################################################################### +stages: + - *stage_lint + - *stage_test + - *stage_release +variables: + DOCKER_DRIVER: 'overlay2' + +############################################################################### +# `lint` stage: `commitlint`, `pre-commit` & `rubocop` (latest, failure allowed) +############################################################################### +commitlint: + stage: *stage_lint + image: *image_commitlint + script: + # Add `upstream` remote to get access to `upstream/master` + - 'git remote add upstream + https://gitlab.com/saltstack-formulas/moosefs-formula.git' + - 'git fetch --all' + # Set default commit hashes for `--from` and `--to` + - 'export COMMITLINT_FROM="$(git merge-base upstream/master HEAD)"' + - 'export COMMITLINT_TO="${CI_COMMIT_SHA}"' + # `coqbot` adds a merge commit to test PRs on top of the latest commit in + # the repo; amend this merge commit message to avoid failure + - | + if [ "${GITLAB_USER_LOGIN}" = "coqbot" ] \ + && [ "${CI_COMMIT_BRANCH}" != "master" ]; then + git commit --amend -m \ + 'chore: reword coqbot merge commit message for commitlint' + export COMMITLINT_TO=HEAD + fi + # Run `commitlint` + - 'commitlint --from "${COMMITLINT_FROM}" + --to "${COMMITLINT_TO}" + --verbose' + +pre-commit: + stage: *stage_lint + image: *image_precommit + # https://pre-commit.com/#gitlab-ci-example + variables: + PRE_COMMIT_HOME: '${CI_PROJECT_DIR}/.cache/pre-commit' + cache: + key: '${CI_JOB_NAME}' + paths: + - '${PRE_COMMIT_HOME}' + script: + - 'pre-commit run --all-files --color always --verbose' + +# Use a separate job for `rubocop` other than the one potentially run by `pre-commit` +# - The `pre-commit` check will only be available for formulas that pass the default +# `rubocop` check -- and must continue to do so +# - This job is allowed to fail, so can be used for all formulas +# - Furthermore, this job uses all of the latest `rubocop` features & cops, +# which will help when upgrading the `rubocop` linter used in `pre-commit` +rubocop: + allow_failure: true + stage: *stage_lint + image: *image_rubocop + script: + - 'rubocop -d -P -S --enable-pending-cops' + +############################################################################### +# Define `test` template +############################################################################### +.test_instance: &test_instance + stage: *stage_test + image: *image_dindruby + services: *services_docker_dind + variables: *variables_bundler + cache: *cache_bundler + before_script: + # TODO: This should work from the env vars above automatically + - 'bundle config set path "${BUNDLE_CACHE_PATH}"' + - 'bundle config set without "${BUNDLE_WITHOUT}"' + - 'bundle install' + script: + # Alternative value to consider: `${CI_JOB_NAME}` + - 'bin/kitchen verify "${DOCKER_ENV_CI_JOB_NAME}"' + +############################################################################### +# Define `test` template (`allow_failure: true`) +############################################################################### +.test_instance_failure_permitted: + <<: *test_instance + allow_failure: true + +############################################################################### +# `test` stage: each instance below uses the `test` template above +############################################################################### +## Define the rest of the matrix based on Kitchen testing +# Make sure the instances listed below match up with +# the `platforms` defined in `kitchen.yml` +# yamllint disable rule:line-length +# default-debian-11-tiamat-py3: {extends: '.test_instance'} +# default-debian-10-tiamat-py3: {extends: '.test_instance'} +# default-debian-9-tiamat-py3: {extends: '.test_instance'} +# default-ubuntu-2204-tiamat-py3: {extends: '.test_instance_failure_permitted'} +# default-ubuntu-2004-tiamat-py3: {extends: '.test_instance'} +# default-ubuntu-1804-tiamat-py3: {extends: '.test_instance'} +# default-centos-stream8-tiamat-py3: {extends: '.test_instance_failure_permitted'} +# default-centos-7-tiamat-py3: {extends: '.test_instance'} +# default-amazonlinux-2-tiamat-py3: {extends: '.test_instance'} +# default-oraclelinux-8-tiamat-py3: {extends: '.test_instance'} +# default-oraclelinux-7-tiamat-py3: {extends: '.test_instance'} +# default-almalinux-8-tiamat-py3: {extends: '.test_instance'} +# default-rockylinux-8-tiamat-py3: {extends: '.test_instance'} +default-debian-11-master-py3: {extends: '.test_instance'} +# default-debian-10-master-py3: {extends: '.test_instance'} +# default-debian-9-master-py3: {extends: '.test_instance'} +default-ubuntu-2204-master-py3: {extends: '.test_instance'} +# default-ubuntu-2004-master-py3: {extends: '.test_instance'} +# default-ubuntu-1804-master-py3: {extends: '.test_instance'} +# default-centos-stream8-master-py3: {extends: '.test_instance_failure_permitted'} +# default-centos-7-master-py3: {extends: '.test_instance'} +# default-fedora-36-master-py3: {extends: '.test_instance_failure_permitted'} +# default-fedora-35-master-py3: {extends: '.test_instance'} +# default-opensuse-leap-153-master-py3: {extends: '.test_instance'} +# default-opensuse-tmbl-latest-master-py3: {extends: '.test_instance_failure_permitted'} +# default-amazonlinux-2-master-py3: {extends: '.test_instance'} +# default-oraclelinux-8-master-py3: {extends: '.test_instance'} +# default-oraclelinux-7-master-py3: {extends: '.test_instance'} +# default-arch-base-latest-master-py3: {extends: '.test_instance'} +# default-gentoo-stage3-latest-master-py3: {extends: '.test_instance'} +# default-gentoo-stage3-systemd-master-py3: {extends: '.test_instance'} +# default-almalinux-8-master-py3: {extends: '.test_instance'} +# default-rockylinux-8-master-py3: {extends: '.test_instance'} +default-debian-11-3004-1-py3: {extends: '.test_instance'} +# default-debian-10-3004-1-py3: {extends: '.test_instance'} +# default-debian-9-3004-1-py3: {extends: '.test_instance'} +default-ubuntu-2204-3004-1-py3: {extends: '.test_instance'} +# default-ubuntu-2004-3004-1-py3: {extends: '.test_instance'} +# default-ubuntu-1804-3004-1-py3: {extends: '.test_instance'} +# default-centos-stream8-3004-1-py3: {extends: '.test_instance_failure_permitted'} +# default-centos-7-3004-1-py3: {extends: '.test_instance'} +# default-fedora-36-3004-1-py3: {extends: '.test_instance_failure_permitted'} +# default-fedora-35-3004-1-py3: {extends: '.test_instance'} +# default-amazonlinux-2-3004-1-py3: {extends: '.test_instance'} +# default-oraclelinux-8-3004-1-py3: {extends: '.test_instance'} +# default-oraclelinux-7-3004-1-py3: {extends: '.test_instance'} +# default-arch-base-latest-3004-1-py3: {extends: '.test_instance'} +# default-gentoo-stage3-latest-3004-1-py3: {extends: '.test_instance'} +# default-gentoo-stage3-systemd-3004-1-py3: {extends: '.test_instance'} +# default-almalinux-8-3004-1-py3: {extends: '.test_instance'} +# default-rockylinux-8-3004-1-py3: {extends: '.test_instance'} +# default-opensuse-leap-153-3004-0-py3: {extends: '.test_instance'} +# default-opensuse-tmbl-latest-3004-0-py3: {extends: '.test_instance_failure_permitted'} +# default-debian-10-3003-4-py3: {extends: '.test_instance'} +# default-debian-9-3003-4-py3: {extends: '.test_instance'} +# default-ubuntu-2004-3003-4-py3: {extends: '.test_instance'} +# default-ubuntu-1804-3003-4-py3: {extends: '.test_instance'} +# default-centos-stream8-3003-4-py3: {extends: '.test_instance_failure_permitted'} +# default-centos-7-3003-4-py3: {extends: '.test_instance'} +# default-amazonlinux-2-3003-4-py3: {extends: '.test_instance'} +# default-oraclelinux-8-3003-4-py3: {extends: '.test_instance'} +# default-oraclelinux-7-3003-4-py3: {extends: '.test_instance'} +# default-almalinux-8-3003-4-py3: {extends: '.test_instance'} +# yamllint enable rule:line-length + +############################################################################### +# `release` stage: `semantic-release` +############################################################################### +semantic-release: + only: *only_branch_master_parent_repo + stage: *stage_release + image: *image_semanticrelease + variables: + MAINTAINER_TOKEN: '${GH_TOKEN}' + script: + # Update `AUTHORS.md` + - '${HOME}/go/bin/maintainer contributor' + # Run `semantic-release` + - 'semantic-release' diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml new file mode 100644 index 0000000..068fa29 --- /dev/null +++ b/.pre-commit-config.yaml @@ -0,0 +1,79 @@ +# -*- coding: utf-8 -*- +# vim: ft=yaml +--- +# See https://pre-commit.com for more information +# See https://pre-commit.com/hooks.html for more hooks +ci: + autofix_commit_msg: | + ci(pre-commit.ci): apply auto fixes from pre-commit.com hooks + + For more information, see https://pre-commit.ci + autofix_prs: true + autoupdate_branch: '' + autoupdate_commit_msg: | + ci(pre-commit.ci): perform `pre-commit` autoupdate + autoupdate_schedule: quarterly + skip: [] + submodules: false +default_stages: [commit] +repos: + - repo: https://github.com/dafyddj/commitlint-pre-commit-hook + rev: v2.3.0 + hooks: + - id: commitlint + name: Check commit message using commitlint + description: Lint commit message against @commitlint/config-conventional rules + stages: [commit-msg] + additional_dependencies: ['@commitlint/config-conventional@8.3.4'] + - id: commitlint-travis + stages: [manual] + additional_dependencies: ['@commitlint/config-conventional@8.3.4'] + always_run: true + - repo: https://github.com/rubocop-hq/rubocop + rev: v1.30.1 + hooks: + - id: rubocop + name: Check Ruby files with rubocop + args: [--debug] + always_run: true + pass_filenames: false + - repo: https://github.com/shellcheck-py/shellcheck-py + rev: v0.8.0.4 + hooks: + - id: shellcheck + name: Check shell scripts with shellcheck + files: ^.*\.(sh|bash|ksh)$ + types: [] + - repo: https://github.com/adrienverge/yamllint + rev: v1.26.3 + hooks: + - id: yamllint + name: Check YAML syntax with yamllint + args: [--strict, '.'] + always_run: true + pass_filenames: false + - repo: https://github.com/warpnet/salt-lint + rev: v0.8.0 + hooks: + - id: salt-lint + name: Check Salt files using salt-lint + files: ^.*\.(sls|jinja|j2|tmpl|tst)$ + - repo: https://github.com/myint/rstcheck + rev: 3f929574 + hooks: + - id: rstcheck + name: Check reST files using rstcheck + exclude: 'docs/CHANGELOG.rst' + - repo: https://github.com/saltstack-formulas/mirrors-rst-lint + rev: v1.3.2 + hooks: + - id: rst-lint + name: Check reST files using rst-lint + exclude: | + (?x)^( + docs/CHANGELOG.rst| + docs/TOFS_pattern.rst| + docs/CONTRIBUTING_DOCS.rst| + docs/index.rst| + )$ + additional_dependencies: [pygments==2.9.0] diff --git a/.rstcheck.cfg b/.rstcheck.cfg new file mode 100644 index 0000000..5383623 --- /dev/null +++ b/.rstcheck.cfg @@ -0,0 +1,4 @@ +[rstcheck] +report=info +ignore_language=rst +ignore_messages=(Duplicate (ex|im)plicit target.*|Hyperlink target ".*" is not referenced\.$) diff --git a/.rubocop.yml b/.rubocop.yml new file mode 100644 index 0000000..bf4d107 --- /dev/null +++ b/.rubocop.yml @@ -0,0 +1,23 @@ +# -*- coding: utf-8 -*- +# vim: ft=yaml +--- +# General overrides used across formulas in the org +Layout/LineLength: + # Increase from default of `80` + # Based on https://github.com/PyCQA/flake8-bugbear#opinionated-warnings (`B950`) + Max: 88 +Metrics/BlockLength: + IgnoredMethods: + - control + - describe + # Increase from default of `25` + Max: 30 +Security/YAMLLoad: + Exclude: + - test/integration/**/_mapdata.rb + +# General settings across all cops in this formula +AllCops: + NewCops: enable + +# Any offenses that should be fixed, e.g. collected via. `rubocop --auto-gen-config` diff --git a/.salt-lint b/.salt-lint new file mode 100644 index 0000000..3715677 --- /dev/null +++ b/.salt-lint @@ -0,0 +1,14 @@ +# -*- coding: utf-8 -*- +# vim: ft=yaml +--- +exclude_paths: [] +rules: {} +skip_list: + # Using `salt-lint` for linting other files as well, such as Jinja macros/templates + - 205 # Use ".sls" as a Salt State file extension + # Skipping `207` and `208` because `210` is sufficient, at least for the time-being + # I.e. Allows 3-digit unquoted codes to still be used, such as `644` and `755` + - 207 # File modes should always be encapsulated in quotation marks + - 208 # File modes should always contain a leading zero +tags: [] +verbosity: 1 diff --git a/.yamllint b/.yamllint new file mode 100644 index 0000000..716baaf --- /dev/null +++ b/.yamllint @@ -0,0 +1,44 @@ +# -*- coding: utf-8 -*- +# vim: ft=yaml +--- +# Extend the `default` configuration provided by `yamllint` +extends: 'default' + +# Files to ignore completely +# 1. All YAML files under directory `.bundle/`, introduced if gems are installed locally +# 2. All YAML files under directory `.cache/`, introduced during the CI run +# 3. All YAML files under directory `.git/` +# 4. All YAML files under directory `node_modules/`, introduced during the CI run +# 5. Any SLS files under directory `test/`, which are actually state files +# 6. Any YAML files under directory `.kitchen/`, introduced during local testing +# 7. `kitchen.vagrant.yml`, which contains Embedded Ruby (ERB) template syntax +ignore: | + .bundle/ + .cache/ + .git/ + node_modules/ + test/**/states/**/*.sls + .kitchen/ + kitchen.vagrant.yml + +yaml-files: + # Default settings + - '*.yaml' + - '*.yml' + - .salt-lint + - .yamllint + # SaltStack Formulas additional settings + - '*.example' + - test/**/*.sls + +rules: + empty-values: + forbid-in-block-mappings: true + forbid-in-flow-mappings: true + line-length: + # Increase from default of `80` + # Based on https://github.com/PyCQA/flake8-bugbear#opinionated-warnings (`B950`) + max: 88 + octal-values: + forbid-implicit-octal: true + forbid-explicit-octal: true diff --git a/CODEOWNERS b/CODEOWNERS new file mode 100644 index 0000000..d14bb9b --- /dev/null +++ b/CODEOWNERS @@ -0,0 +1,53 @@ +# https://help.github.com/en/github/creating-cloning-and-archiving-repositories/about-code-owners + +# SECTION: Owner(s) for everything in the repo, unless a later match takes precedence +# FILE PATTERN OWNER(S) +* @saltstack-formulas/wg + +# SECTION: Owner(s) for specific directories +# FILE PATTERN OWNER(S) + +# SECTION: Owner(s) for files/directories related to `semantic-release` +# FILE PATTERN OWNER(S) +/.github/workflows/ @saltstack-formulas/ssf +/bin/install-hooks @saltstack-formulas/ssf +/bin/kitchen @saltstack-formulas/ssf +/docs/AUTHORS.rst @saltstack-formulas/ssf +/docs/CHANGELOG.rst @saltstack-formulas/ssf +/docs/TOFS_pattern.rst @saltstack-formulas/ssf +/*/_mapdata/ @saltstack-formulas/ssf +/*/libmapstack.jinja @saltstack-formulas/ssf +/*/libmatchers.jinja @saltstack-formulas/ssf +/*/libsaltcli.jinja @saltstack-formulas/ssf +/*/libtofs.jinja @saltstack-formulas/ssf +/*/map.jinja @saltstack-formulas/ssf +/test/integration/**/_mapdata.rb @saltstack-formulas/ssf +/test/integration/**/libraries/system.rb @saltstack-formulas/ssf +/test/integration/**/inspec.yml @saltstack-formulas/ssf +/test/integration/**/README.md @saltstack-formulas/ssf +/test/salt/pillar/top.sls @saltstack-formulas/ssf +/.gitignore @saltstack-formulas/ssf +/.cirrus.yml @saltstack-formulas/ssf +/.gitlab-ci.yml @saltstack-formulas/ssf +/.pre-commit-config.yaml @saltstack-formulas/ssf +/.rstcheck.cfg @saltstack-formulas/ssf +/.rubocop.yml @saltstack-formulas/ssf +/.salt-lint @saltstack-formulas/ssf +/.travis.yml @saltstack-formulas/ssf +/.yamllint @saltstack-formulas/ssf +/AUTHORS.md @saltstack-formulas/ssf +/CHANGELOG.md @saltstack-formulas/ssf +/CODEOWNERS @saltstack-formulas/ssf +/commitlint.config.js @saltstack-formulas/ssf +/FORMULA @saltstack-formulas/ssf +/Gemfile @saltstack-formulas/ssf +/Gemfile.lock @saltstack-formulas/ssf +/kitchen.yml @saltstack-formulas/ssf +/kitchen.vagrant.yml @saltstack-formulas/ssf +/kitchen.windows.yml @saltstack-formulas/ssf +/pre-commit_semantic-release.sh @saltstack-formulas/ssf +/release-rules.js @saltstack-formulas/ssf +/release.config.js @saltstack-formulas/ssf + +# SECTION: Owner(s) for specific files +# FILE PATTERN OWNER(S) diff --git a/FORMULA b/FORMULA new file mode 100644 index 0000000..eab0fbf --- /dev/null +++ b/FORMULA @@ -0,0 +1,9 @@ +name: moosefs +os: Debian, Ubuntu, Raspbian, Arch, FreeBSD +os_family: Debian, Arch, FreeBSD +version: 1 +release: 1 +minimum_version: 2019.2 +summary: MooseFS formula +description: Formula to setup and configure MooseFS +top_level_dir: moosefs diff --git a/Gemfile b/Gemfile new file mode 100644 index 0000000..12d9b1d --- /dev/null +++ b/Gemfile @@ -0,0 +1,19 @@ +# frozen_string_literal: true + +source ENV.fetch('PROXY_RUBYGEMSORG', 'https://rubygems.org') + +# Install the `inspec` gem using `git` because versions after `4.22.22` +# suppress diff output; this version fixes this for our uses. +# rubocop:disable Layout/LineLength +gem 'inspec', git: 'https://gitlab.com/saltstack-formulas/infrastructure/inspec', branch: 'ssf' +# rubocop:enable Layout/LineLength + +# Install the `kitchen-docker` gem using `git` in order to gain a performance +# improvement: avoid package installations which are already covered by the +# `salt-image-builder` (i.e. the pre-salted images that we're using) +# rubocop:disable Layout/LineLength +gem 'kitchen-docker', git: 'https://gitlab.com/saltstack-formulas/infrastructure/kitchen-docker', branch: 'ssf' +# rubocop:enable Layout/LineLength + +gem 'kitchen-inspec', '>= 2.5.0' +gem 'kitchen-salt', '>= 0.7.2' diff --git a/Gemfile.lock b/Gemfile.lock new file mode 100644 index 0000000..471bb68 --- /dev/null +++ b/Gemfile.lock @@ -0,0 +1,675 @@ +GIT + remote: https://gitlab.com/saltstack-formulas/infrastructure/inspec + revision: aaef842906a5666f0fc0b4f186b4dd3498f5b28c + branch: ssf + specs: + inspec (5.18.15) + cookstyle + faraday_middleware (>= 0.12.2, < 1.1) + inspec-core (= 5.18.15) + mongo (= 2.13.2) + progress_bar (~> 1.3.3) + rake + train (~> 3.10) + train-aws (~> 0.2) + train-habitat (~> 0.1) + train-winrm (~> 0.2) + inspec-core (5.18.15) + addressable (~> 2.4) + chef-telemetry (~> 1.0, >= 1.0.8) + faraday (>= 0.9.0, < 1.5) + faraday_middleware (~> 1.0) + hashie (>= 3.4, < 5.0) + license-acceptance (>= 0.2.13, < 3.0) + method_source (>= 0.8, < 2.0) + mixlib-log (~> 3.0) + multipart-post (~> 2.0) + parallel (~> 1.9) + parslet (>= 1.5, < 2.0) + pry (~> 0.13) + rspec (>= 3.9, <= 3.11) + rspec-its (~> 1.2) + rubyzip (>= 1.2.2, < 3.0) + semverse (~> 3.0) + sslshake (~> 1.2) + thor (>= 0.20, < 2.0) + tomlrb (>= 1.2, < 2.1) + train-core (~> 3.10) + tty-prompt (~> 0.17) + tty-table (~> 0.10) + +GIT + remote: https://gitlab.com/saltstack-formulas/infrastructure/kitchen-docker + revision: 9a09bc1e571e25f3ccabf4725ca2048d970fff82 + branch: ssf + specs: + kitchen-docker (2.12.0) + test-kitchen (>= 1.0.0) + +GEM + remote: https://rubygems.org/ + specs: + activesupport (7.0.3.1) + concurrent-ruby (~> 1.0, >= 1.0.2) + i18n (>= 1.6, < 2) + minitest (>= 5.1) + tzinfo (~> 2.0) + addressable (2.8.0) + public_suffix (>= 2.0.2, < 5.0) + ast (2.4.2) + aws-eventstream (1.2.0) + aws-partitions (1.607.0) + aws-sdk-alexaforbusiness (1.56.0) + aws-sdk-core (~> 3, >= 3.127.0) + aws-sigv4 (~> 1.1) + aws-sdk-amplify (1.32.0) + aws-sdk-core (~> 3, >= 3.120.0) + aws-sigv4 (~> 1.1) + aws-sdk-apigateway (1.78.0) + aws-sdk-core (~> 3, >= 3.127.0) + aws-sigv4 (~> 1.1) + aws-sdk-apigatewayv2 (1.42.0) + aws-sdk-core (~> 3, >= 3.127.0) + aws-sigv4 (~> 1.1) + aws-sdk-applicationautoscaling (1.51.0) + aws-sdk-core (~> 3, >= 3.112.0) + aws-sigv4 (~> 1.1) + aws-sdk-athena (1.55.0) + aws-sdk-core (~> 3, >= 3.127.0) + aws-sigv4 (~> 1.1) + aws-sdk-autoscaling (1.63.0) + aws-sdk-core (~> 3, >= 3.112.0) + aws-sigv4 (~> 1.1) + aws-sdk-batch (1.47.0) + aws-sdk-core (~> 3, >= 3.112.0) + aws-sigv4 (~> 1.1) + aws-sdk-budgets (1.50.0) + aws-sdk-core (~> 3, >= 3.127.0) + aws-sigv4 (~> 1.1) + aws-sdk-cloudformation (1.70.0) + aws-sdk-core (~> 3, >= 3.127.0) + aws-sigv4 (~> 1.1) + aws-sdk-cloudfront (1.65.0) + aws-sdk-core (~> 3, >= 3.127.0) + aws-sigv4 (~> 1.1) + aws-sdk-cloudhsm (1.39.0) + aws-sdk-core (~> 3, >= 3.127.0) + aws-sigv4 (~> 1.1) + aws-sdk-cloudhsmv2 (1.42.0) + aws-sdk-core (~> 3, >= 3.127.0) + aws-sigv4 (~> 1.1) + aws-sdk-cloudtrail (1.49.0) + aws-sdk-core (~> 3, >= 3.127.0) + aws-sigv4 (~> 1.1) + aws-sdk-cloudwatch (1.64.0) + aws-sdk-core (~> 3, >= 3.127.0) + aws-sigv4 (~> 1.1) + aws-sdk-cloudwatchevents (1.46.0) + aws-sdk-core (~> 3, >= 3.112.0) + aws-sigv4 (~> 1.1) + aws-sdk-cloudwatchlogs (1.53.0) + aws-sdk-core (~> 3, >= 3.127.0) + aws-sigv4 (~> 1.1) + aws-sdk-codecommit (1.51.0) + aws-sdk-core (~> 3, >= 3.127.0) + aws-sigv4 (~> 1.1) + aws-sdk-codedeploy (1.49.0) + aws-sdk-core (~> 3, >= 3.127.0) + aws-sigv4 (~> 1.1) + aws-sdk-codepipeline (1.53.0) + aws-sdk-core (~> 3, >= 3.127.0) + aws-sigv4 (~> 1.1) + aws-sdk-cognitoidentity (1.31.0) + aws-sdk-core (~> 3, >= 3.112.0) + aws-sigv4 (~> 1.1) + aws-sdk-cognitoidentityprovider (1.53.0) + aws-sdk-core (~> 3, >= 3.112.0) + aws-sigv4 (~> 1.1) + aws-sdk-configservice (1.79.0) + aws-sdk-core (~> 3, >= 3.127.0) + aws-sigv4 (~> 1.1) + aws-sdk-core (3.131.2) + aws-eventstream (~> 1, >= 1.0.2) + aws-partitions (~> 1, >= 1.525.0) + aws-sigv4 (~> 1.1) + jmespath (~> 1, >= 1.6.1) + aws-sdk-costandusagereportservice (1.40.0) + aws-sdk-core (~> 3, >= 3.127.0) + aws-sigv4 (~> 1.1) + aws-sdk-databasemigrationservice (1.53.0) + aws-sdk-core (~> 3, >= 3.112.0) + aws-sigv4 (~> 1.1) + aws-sdk-dynamodb (1.75.0) + aws-sdk-core (~> 3, >= 3.127.0) + aws-sigv4 (~> 1.1) + aws-sdk-ec2 (1.322.0) + aws-sdk-core (~> 3, >= 3.127.0) + aws-sigv4 (~> 1.1) + aws-sdk-ecr (1.56.0) + aws-sdk-core (~> 3, >= 3.127.0) + aws-sigv4 (~> 1.1) + aws-sdk-ecrpublic (1.12.0) + aws-sdk-core (~> 3, >= 3.127.0) + aws-sigv4 (~> 1.1) + aws-sdk-ecs (1.100.0) + aws-sdk-core (~> 3, >= 3.127.0) + aws-sigv4 (~> 1.1) + aws-sdk-efs (1.54.0) + aws-sdk-core (~> 3, >= 3.127.0) + aws-sigv4 (~> 1.1) + aws-sdk-eks (1.75.0) + aws-sdk-core (~> 3, >= 3.127.0) + aws-sigv4 (~> 1.1) + aws-sdk-elasticache (1.78.0) + aws-sdk-core (~> 3, >= 3.127.0) + aws-sigv4 (~> 1.1) + aws-sdk-elasticbeanstalk (1.51.0) + aws-sdk-core (~> 3, >= 3.127.0) + aws-sigv4 (~> 1.1) + aws-sdk-elasticloadbalancing (1.40.0) + aws-sdk-core (~> 3, >= 3.127.0) + aws-sigv4 (~> 1.1) + aws-sdk-elasticloadbalancingv2 (1.78.0) + aws-sdk-core (~> 3, >= 3.127.0) + aws-sigv4 (~> 1.1) + aws-sdk-elasticsearchservice (1.65.0) + aws-sdk-core (~> 3, >= 3.127.0) + aws-sigv4 (~> 1.1) + aws-sdk-emr (1.53.0) + aws-sdk-core (~> 3, >= 3.121.2) + aws-sigv4 (~> 1.1) + aws-sdk-eventbridge (1.24.0) + aws-sdk-core (~> 3, >= 3.112.0) + aws-sigv4 (~> 1.1) + aws-sdk-firehose (1.48.0) + aws-sdk-core (~> 3, >= 3.127.0) + aws-sigv4 (~> 1.1) + aws-sdk-glue (1.88.0) + aws-sdk-core (~> 3, >= 3.112.0) + aws-sigv4 (~> 1.1) + aws-sdk-guardduty (1.58.0) + aws-sdk-core (~> 3, >= 3.127.0) + aws-sigv4 (~> 1.1) + aws-sdk-iam (1.69.0) + aws-sdk-core (~> 3, >= 3.127.0) + aws-sigv4 (~> 1.1) + aws-sdk-kafka (1.50.0) + aws-sdk-core (~> 3, >= 3.127.0) + aws-sigv4 (~> 1.1) + aws-sdk-kinesis (1.41.0) + aws-sdk-core (~> 3, >= 3.127.0) + aws-sigv4 (~> 1.1) + aws-sdk-kms (1.57.0) + aws-sdk-core (~> 3, >= 3.127.0) + aws-sigv4 (~> 1.1) + aws-sdk-lambda (1.84.0) + aws-sdk-core (~> 3, >= 3.127.0) + aws-sigv4 (~> 1.1) + aws-sdk-mq (1.40.0) + aws-sdk-core (~> 3, >= 3.120.0) + aws-sigv4 (~> 1.1) + aws-sdk-networkfirewall (1.17.0) + aws-sdk-core (~> 3, >= 3.127.0) + aws-sigv4 (~> 1.1) + aws-sdk-networkmanager (1.24.0) + aws-sdk-core (~> 3, >= 3.127.0) + aws-sigv4 (~> 1.1) + aws-sdk-organizations (1.59.0) + aws-sdk-core (~> 3, >= 3.112.0) + aws-sigv4 (~> 1.1) + aws-sdk-ram (1.26.0) + aws-sdk-core (~> 3, >= 3.112.0) + aws-sigv4 (~> 1.1) + aws-sdk-rds (1.148.0) + aws-sdk-core (~> 3, >= 3.127.0) + aws-sigv4 (~> 1.1) + aws-sdk-redshift (1.84.0) + aws-sdk-core (~> 3, >= 3.127.0) + aws-sigv4 (~> 1.1) + aws-sdk-route53 (1.63.0) + aws-sdk-core (~> 3, >= 3.127.0) + aws-sigv4 (~> 1.1) + aws-sdk-route53domains (1.40.0) + aws-sdk-core (~> 3, >= 3.127.0) + aws-sigv4 (~> 1.1) + aws-sdk-route53resolver (1.37.0) + aws-sdk-core (~> 3, >= 3.127.0) + aws-sigv4 (~> 1.1) + aws-sdk-s3 (1.114.0) + aws-sdk-core (~> 3, >= 3.127.0) + aws-sdk-kms (~> 1) + aws-sigv4 (~> 1.4) + aws-sdk-s3control (1.43.0) + aws-sdk-core (~> 3, >= 3.122.0) + aws-sigv4 (~> 1.1) + aws-sdk-secretsmanager (1.46.0) + aws-sdk-core (~> 3, >= 3.112.0) + aws-sigv4 (~> 1.1) + aws-sdk-securityhub (1.67.0) + aws-sdk-core (~> 3, >= 3.127.0) + aws-sigv4 (~> 1.1) + aws-sdk-servicecatalog (1.60.0) + aws-sdk-core (~> 3, >= 3.112.0) + aws-sigv4 (~> 1.1) + aws-sdk-ses (1.41.0) + aws-sdk-core (~> 3, >= 3.120.0) + aws-sigv4 (~> 1.1) + aws-sdk-shield (1.48.0) + aws-sdk-core (~> 3, >= 3.127.0) + aws-sigv4 (~> 1.1) + aws-sdk-signer (1.32.0) + aws-sdk-core (~> 3, >= 3.120.0) + aws-sigv4 (~> 1.1) + aws-sdk-simpledb (1.29.0) + aws-sdk-core (~> 3, >= 3.120.0) + aws-sigv2 (~> 1.0) + aws-sdk-sms (1.40.0) + aws-sdk-core (~> 3, >= 3.127.0) + aws-sigv4 (~> 1.1) + aws-sdk-sns (1.53.0) + aws-sdk-core (~> 3, >= 3.127.0) + aws-sigv4 (~> 1.1) + aws-sdk-sqs (1.51.1) + aws-sdk-core (~> 3, >= 3.127.0) + aws-sigv4 (~> 1.1) + aws-sdk-ssm (1.137.0) + aws-sdk-core (~> 3, >= 3.127.0) + aws-sigv4 (~> 1.1) + aws-sdk-states (1.39.0) + aws-sdk-core (~> 3, >= 3.112.0) + aws-sigv4 (~> 1.1) + aws-sdk-synthetics (1.19.0) + aws-sdk-core (~> 3, >= 3.121.2) + aws-sigv4 (~> 1.1) + aws-sdk-transfer (1.34.0) + aws-sdk-core (~> 3, >= 3.112.0) + aws-sigv4 (~> 1.1) + aws-sdk-waf (1.43.0) + aws-sdk-core (~> 3, >= 3.122.0) + aws-sigv4 (~> 1.1) + aws-sigv2 (1.1.0) + aws-sigv4 (1.5.0) + aws-eventstream (~> 1, >= 1.0.2) + azure_graph_rbac (0.17.2) + ms_rest_azure (~> 0.12.0) + azure_mgmt_key_vault (0.17.7) + ms_rest_azure (~> 0.12.0) + azure_mgmt_resources (0.18.2) + ms_rest_azure (~> 0.12.0) + azure_mgmt_security (0.19.0) + ms_rest_azure (~> 0.12.0) + azure_mgmt_storage (0.23.0) + ms_rest_azure (~> 0.12.0) + bcrypt_pbkdf (1.1.0) + bson (4.15.0) + builder (3.2.4) + chef-config (17.10.0) + addressable + chef-utils (= 17.10.0) + fuzzyurl + mixlib-config (>= 2.2.12, < 4.0) + mixlib-shellout (>= 2.0, < 4.0) + tomlrb (~> 1.2) + chef-telemetry (1.1.1) + chef-config + concurrent-ruby (~> 1.0) + chef-utils (17.10.0) + concurrent-ruby + coderay (1.1.3) + concurrent-ruby (1.1.10) + cookstyle (7.32.1) + rubocop (= 1.25.1) + declarative (0.0.20) + diff-lcs (1.5.0) + docker-api (2.2.0) + excon (>= 0.47.0) + multi_json + domain_name (0.5.20190701) + unf (>= 0.0.5, < 1.0.0) + ed25519 (1.3.0) + erubi (1.10.0) + excon (0.92.3) + faraday (1.4.3) + faraday-em_http (~> 1.0) + faraday-em_synchrony (~> 1.0) + faraday-excon (~> 1.1) + faraday-net_http (~> 1.0) + faraday-net_http_persistent (~> 1.1) + multipart-post (>= 1.2, < 3) + ruby2_keywords (>= 0.0.4) + faraday-cookie_jar (0.0.7) + faraday (>= 0.8.0) + http-cookie (~> 1.0.0) + faraday-em_http (1.0.0) + faraday-em_synchrony (1.0.0) + faraday-excon (1.1.0) + faraday-net_http (1.0.1) + faraday-net_http_persistent (1.2.0) + faraday_middleware (1.0.0) + faraday (~> 1.0) + ffi (1.15.5) + fuzzyurl (0.9.0) + google-api-client (0.52.0) + addressable (~> 2.5, >= 2.5.1) + googleauth (~> 0.9) + httpclient (>= 2.8.1, < 3.0) + mini_mime (~> 1.0) + representable (~> 3.0) + retriable (>= 2.0, < 4.0) + rexml + signet (~> 0.12) + googleauth (0.14.0) + faraday (>= 0.17.3, < 2.0) + jwt (>= 1.4, < 3.0) + memoist (~> 0.16) + multi_json (~> 1.11) + os (>= 0.9, < 2.0) + signet (~> 0.14) + gssapi (1.3.1) + ffi (>= 1.0.1) + gyoku (1.4.0) + builder (>= 2.1.2) + rexml (~> 3.0) + hashie (4.1.0) + highline (2.0.3) + http-cookie (1.0.5) + domain_name (~> 0.5) + httpclient (2.8.3) + i18n (1.12.0) + concurrent-ruby (~> 1.0) + inifile (3.0.0) + jmespath (1.6.1) + json (2.6.2) + jwt (2.4.1) + kitchen-inspec (2.6.1) + hashie (>= 3.4, <= 5.0) + inspec (>= 2.2.64, < 7.0) + test-kitchen (>= 2.7, < 4) + kitchen-salt (0.7.2) + hashie (>= 3.5) + test-kitchen (>= 1.4) + license-acceptance (2.1.13) + pastel (~> 0.7) + tomlrb (>= 1.2, < 3.0) + tty-box (~> 0.6) + tty-prompt (~> 0.20) + little-plugger (1.1.4) + logging (2.3.1) + little-plugger (~> 1.1) + multi_json (~> 1.14) + memoist (0.16.2) + method_source (1.0.0) + mini_mime (1.1.2) + minitest (5.16.2) + mixlib-config (3.0.27) + tomlrb + mixlib-install (3.12.19) + mixlib-shellout + mixlib-versioning + thor + mixlib-log (3.0.9) + mixlib-shellout (3.2.7) + chef-utils + mixlib-versioning (1.2.12) + mongo (2.13.2) + bson (>= 4.8.2, < 5.0.0) + ms_rest (0.7.6) + concurrent-ruby (~> 1.0) + faraday (>= 0.9, < 2.0.0) + timeliness (~> 0.3.10) + ms_rest_azure (0.12.0) + concurrent-ruby (~> 1.0) + faraday (>= 0.9, < 2.0.0) + faraday-cookie_jar (~> 0.0.6) + ms_rest (~> 0.7.6) + multi_json (1.15.0) + multipart-post (2.2.3) + net-scp (3.0.0) + net-ssh (>= 2.6.5, < 7.0.0) + net-ssh (6.1.0) + net-ssh-gateway (2.0.0) + net-ssh (>= 4.0.0) + nori (2.6.0) + options (2.3.2) + os (1.1.4) + parallel (1.22.1) + parser (3.1.2.0) + ast (~> 2.4.1) + parslet (1.8.2) + pastel (0.8.0) + tty-color (~> 0.5) + progress_bar (1.3.3) + highline (>= 1.6, < 3) + options (~> 2.3.0) + pry (0.14.1) + coderay (~> 1.1) + method_source (~> 1.0) + public_suffix (4.0.7) + rainbow (3.1.1) + rake (13.0.6) + regexp_parser (2.5.0) + representable (3.2.0) + declarative (< 0.1.0) + trailblazer-option (>= 0.1.1, < 0.2.0) + uber (< 0.2.0) + retriable (3.1.2) + rexml (3.2.5) + rspec (3.11.0) + rspec-core (~> 3.11.0) + rspec-expectations (~> 3.11.0) + rspec-mocks (~> 3.11.0) + rspec-core (3.11.0) + rspec-support (~> 3.11.0) + rspec-expectations (3.11.0) + diff-lcs (>= 1.2.0, < 2.0) + rspec-support (~> 3.11.0) + rspec-its (1.3.0) + rspec-core (>= 3.0.0) + rspec-expectations (>= 3.0.0) + rspec-mocks (3.11.1) + diff-lcs (>= 1.2.0, < 2.0) + rspec-support (~> 3.11.0) + rspec-support (3.11.0) + rubocop (1.25.1) + parallel (~> 1.10) + parser (>= 3.1.0.0) + rainbow (>= 2.2.2, < 4.0) + regexp_parser (>= 1.8, < 3.0) + rexml + rubocop-ast (>= 1.15.1, < 2.0) + ruby-progressbar (~> 1.7) + unicode-display_width (>= 1.4.0, < 3.0) + rubocop-ast (1.19.1) + parser (>= 3.1.1.0) + ruby-progressbar (1.11.0) + ruby2_keywords (0.0.5) + rubyntlm (0.6.3) + rubyzip (2.3.2) + semverse (3.0.2) + signet (0.17.0) + addressable (~> 2.8) + faraday (>= 0.17.5, < 3.a) + jwt (>= 1.5, < 3.0) + multi_json (~> 1.10) + sslshake (1.3.1) + strings (0.2.1) + strings-ansi (~> 0.2) + unicode-display_width (>= 1.5, < 3.0) + unicode_utils (~> 1.4) + strings-ansi (0.2.0) + test-kitchen (3.3.1) + bcrypt_pbkdf (~> 1.0) + chef-utils (>= 16.4.35) + ed25519 (~> 1.2) + license-acceptance (>= 1.0.11, < 3.0) + mixlib-install (~> 3.6) + mixlib-shellout (>= 1.2, < 4.0) + net-scp (>= 1.1, < 4.0) + net-ssh (>= 2.9, < 7.0) + net-ssh-gateway (>= 1.2, < 3.0) + thor (>= 0.19, < 2.0) + winrm (~> 2.0) + winrm-elevated (~> 1.0) + winrm-fs (~> 1.1) + thor (1.2.1) + timeliness (0.3.10) + tomlrb (1.3.0) + trailblazer-option (0.1.2) + train (3.10.1) + activesupport (>= 6.0.3.1) + azure_graph_rbac (~> 0.16) + azure_mgmt_key_vault (~> 0.17) + azure_mgmt_resources (~> 0.15) + azure_mgmt_security (~> 0.18) + azure_mgmt_storage (~> 0.18) + docker-api (>= 1.26, < 3.0) + google-api-client (>= 0.23.9, <= 0.52.0) + googleauth (>= 0.6.6, <= 0.14.0) + inifile (~> 3.0) + train-core (= 3.10.1) + train-winrm (~> 0.2) + train-aws (0.2.24) + aws-sdk-alexaforbusiness (~> 1.0) + aws-sdk-amplify (~> 1.32.0) + aws-sdk-apigateway (~> 1.0) + aws-sdk-apigatewayv2 (~> 1.0) + aws-sdk-applicationautoscaling (>= 1.46, < 1.52) + aws-sdk-athena (~> 1.0) + aws-sdk-autoscaling (>= 1.22, < 1.64) + aws-sdk-batch (>= 1.36, < 1.48) + aws-sdk-budgets (~> 1.0) + aws-sdk-cloudformation (~> 1.0) + aws-sdk-cloudfront (~> 1.0) + aws-sdk-cloudhsm (~> 1.0) + aws-sdk-cloudhsmv2 (~> 1.0) + aws-sdk-cloudtrail (~> 1.8) + aws-sdk-cloudwatch (~> 1.13) + aws-sdk-cloudwatchevents (>= 1.36, < 1.47) + aws-sdk-cloudwatchlogs (~> 1.13) + aws-sdk-codecommit (~> 1.0) + aws-sdk-codedeploy (~> 1.0) + aws-sdk-codepipeline (~> 1.0) + aws-sdk-cognitoidentity (>= 1.26, < 1.32) + aws-sdk-cognitoidentityprovider (>= 1.46, < 1.54) + aws-sdk-configservice (~> 1.21) + aws-sdk-core (~> 3.0) + aws-sdk-costandusagereportservice (~> 1.6) + aws-sdk-databasemigrationservice (>= 1.42, < 1.54) + aws-sdk-dynamodb (~> 1.31) + aws-sdk-ec2 (~> 1.70) + aws-sdk-ecr (~> 1.18) + aws-sdk-ecrpublic (~> 1.3) + aws-sdk-ecs (~> 1.30) + aws-sdk-efs (~> 1.0) + aws-sdk-eks (~> 1.9) + aws-sdk-elasticache (~> 1.0) + aws-sdk-elasticbeanstalk (~> 1.0) + aws-sdk-elasticloadbalancing (~> 1.8) + aws-sdk-elasticloadbalancingv2 (~> 1.0) + aws-sdk-elasticsearchservice (~> 1.0) + aws-sdk-emr (~> 1.53.0) + aws-sdk-eventbridge (~> 1.24.0) + aws-sdk-firehose (~> 1.0) + aws-sdk-glue (>= 1.71, < 1.89) + aws-sdk-guardduty (~> 1.31) + aws-sdk-iam (~> 1.13) + aws-sdk-kafka (~> 1.0) + aws-sdk-kinesis (~> 1.0) + aws-sdk-kms (~> 1.13) + aws-sdk-lambda (~> 1.0) + aws-sdk-mq (~> 1.40.0) + aws-sdk-networkfirewall (>= 1.6.0) + aws-sdk-networkmanager (>= 1.13.0) + aws-sdk-organizations (>= 1.17, < 1.60) + aws-sdk-ram (>= 1.21, < 1.27) + aws-sdk-rds (~> 1.43) + aws-sdk-redshift (~> 1.0) + aws-sdk-route53 (~> 1.0) + aws-sdk-route53domains (~> 1.0) + aws-sdk-route53resolver (~> 1.0) + aws-sdk-s3 (~> 1.30) + aws-sdk-s3control (~> 1.43.0) + aws-sdk-secretsmanager (>= 1.42, < 1.47) + aws-sdk-securityhub (~> 1.0) + aws-sdk-servicecatalog (>= 1.48, < 1.61) + aws-sdk-ses (~> 1.41.0) + aws-sdk-shield (~> 1.30) + aws-sdk-signer (~> 1.32.0) + aws-sdk-simpledb (~> 1.29.0) + aws-sdk-sms (~> 1.0) + aws-sdk-sns (~> 1.9) + aws-sdk-sqs (~> 1.10) + aws-sdk-ssm (~> 1.0) + aws-sdk-states (>= 1.35, < 1.40) + aws-sdk-synthetics (~> 1.19.0) + aws-sdk-transfer (>= 1.26, < 1.35) + aws-sdk-waf (~> 1.43.0) + train-core (3.10.1) + addressable (~> 2.5) + ffi (!= 1.13.0) + json (>= 1.8, < 3.0) + mixlib-shellout (>= 2.0, < 4.0) + net-scp (>= 1.2, < 4.0) + net-ssh (>= 2.9, < 7.0) + train-habitat (0.2.22) + train-winrm (0.2.13) + winrm (>= 2.3.6, < 3.0) + winrm-elevated (~> 1.2.2) + winrm-fs (~> 1.0) + tty-box (0.7.0) + pastel (~> 0.8) + strings (~> 0.2.0) + tty-cursor (~> 0.7) + tty-color (0.6.0) + tty-cursor (0.7.1) + tty-prompt (0.23.1) + pastel (~> 0.8) + tty-reader (~> 0.8) + tty-reader (0.9.0) + tty-cursor (~> 0.7) + tty-screen (~> 0.8) + wisper (~> 2.0) + tty-screen (0.8.1) + tty-table (0.12.0) + pastel (~> 0.8) + strings (~> 0.2.0) + tty-screen (~> 0.8) + tzinfo (2.0.4) + concurrent-ruby (~> 1.0) + uber (0.1.0) + unf (0.1.4) + unf_ext + unf_ext (0.0.8.2) + unicode-display_width (2.2.0) + unicode_utils (1.4.0) + winrm (2.3.6) + builder (>= 2.1.2) + erubi (~> 1.8) + gssapi (~> 1.2) + gyoku (~> 1.0) + httpclient (~> 2.2, >= 2.2.0.2) + logging (>= 1.6.1, < 3.0) + nori (~> 2.0) + rubyntlm (~> 0.6.0, >= 0.6.3) + winrm-elevated (1.2.3) + erubi (~> 1.8) + winrm (~> 2.0) + winrm-fs (~> 1.0) + winrm-fs (1.3.5) + erubi (~> 1.8) + logging (>= 1.6.1, < 3.0) + rubyzip (~> 2.0) + winrm (~> 2.0) + wisper (2.0.1) + +PLATFORMS + ruby + +DEPENDENCIES + inspec! + kitchen-docker! + kitchen-inspec (>= 2.5.0) + kitchen-salt (>= 0.7.2) + +BUNDLED WITH + 2.1.2 diff --git a/README.rst b/README.rst deleted file mode 100644 index 1b1ba39..0000000 --- a/README.rst +++ /dev/null @@ -1,126 +0,0 @@ -moosefs -========= - -Formula to set up moosefs. - -.. note:: - - See the full `Salt Formulas installation and usage instructions - `_. - -Available states -================ - -.. contents:: - :local: - -``moosefs.master`` -------- - -Install mfsmaster and mfsmetalogger and configure - -.. code:: yaml - - mfsmaster_config: - MATOML_LISTEN_HOST: "*" - MATOML_LISTEN_PORT: 9419 - MATOML_LOG_PRESERVE_SECONDS: 600 - MATOCS_LISTEN_HOST: "*" - MATOCS_LISTEN_PORT: 9420 - MATOCL_LISTEN_HOST: "*" - MATOCL_LISTEN_PORT: 9421 - WORKING_USER: "mfs" - WORKING_GROUP: "mfs" - SYSLOG_IDENT: "mfsmaster" - DATA_PATH: "/var/lib/mfs" - mfsmetalogger_config: - MASTER_HOST: "mfsmaster" - MASTER_PORT: 9419 - MASTER_TIMEOUT: 60 - WORKING_USER: "mfs" - WORKING_GROUP: "mfs" - SYSLOG_IDENT: "mfsmetalogger" - mfstopology_config: | - 192.168.1.0/24 1 - mfsexports_config: | - * / rw,alldirs,maproot=0 - * . rw - - -``moosefs.metalogger`` -------- - -Install mfsmetalogger and config. - -.. code:: yaml - - mfsmetalogger_config: - MASTER_HOST: "mfsmaster" - MASTER_PORT: 9419 - MASTER_TIMEOUT: 60 - WORKING_USER: "mfs" - WORKING_GROUP: "mfs" - SYSLOG_IDENT: "mfsmetalogger" - LOCK_MEMORY: 0 - NICE_LEVEL: -19 - DATA_PATH: "/var/lib/mfs" - BACK_LOGS: 50 - BACK_META_KEEP_PREVIOUS: 3 - META_DOWNLOAD_FREQ: 24 - MASTER_RECONNECTION_DELAY: 5 - - -``moosefs.chunk`` -------- - -Install mfschunkserver and config. - -.. code:: yaml - - mfschunkserver_config: - MASTER_HOST: "mfsmaster" - MASTER_PORT: 9420 - MASTER_TIMEOUT: 60 - HDD_CONF_FILENAME: "/etc/moosefs/mfs/mfshdd.cfg" - WORKING_USER: "mfs" - WORKING_GROUP: "mfs" - BIND_HOST: "*" - DATA_PATH: "/var/lib/mfs" - mfshdd_config: - - '/mnt/mfschunks1' - - '/mnt/mfschunks2' - -``moosefs.client`` -------- - -Install mfsmount and config - -mfssugidclearmode have the following option ( "NEVER" , "ALWAYS" , "OSX" , "BSD" , "EXT" , "XFS" ) - -mfscachemode have the following option ( True / "YES" / "ALWAYS" , False / "NO" / "NONE" / "NEVER" , "AUTO" ) - -.. code:: yaml - - mfsmount_config: - mfsmaster: "HOST" - mfsport: 9420 - mfsbind: "*" - mfssubfolder: "/some/folder" - mfspassword: "" - mfsmd5pass: "MD5" - mfsdelayedinit: True - mfsdebug: True - mfsmeta: True - mfsdonotrememberpassword: True - mfsmkdircopysgid: 1 - mfssugidclearmode: "ALWAYS" - mfscachemode: True - mfsattrcacheto: 300 - mfsentrycacheto: 300 - mfsdirentrycacheto: 300 - mfsrlimitnofile: 1 - mfsnice: -19 - mfswritecachesize: 1 - mfsioretries: 2 - mount_point: [ '/mnt/moose' , '/media/test' ] - diff --git a/bin/install-hooks b/bin/install-hooks new file mode 100755 index 0000000..840bb6c --- /dev/null +++ b/bin/install-hooks @@ -0,0 +1,16 @@ +#!/usr/bin/env sh +set -o nounset # Treat unset variables as an error and immediately exit +set -o errexit # If a command fails exit the whole script + +if [ "${DEBUG:-false}" = "true" ]; then + set -x # Run the entire script in debug mode +fi + +if ! command -v pre-commit >/dev/null 2>&1; then + echo "pre-commit not found: please install or check your PATH" >&2 + echo "See https://pre-commit.com/#installation" >&2 + exit 1 +fi + +pre-commit install --install-hooks +pre-commit install --hook-type commit-msg --install-hooks diff --git a/bin/kitchen b/bin/kitchen new file mode 100755 index 0000000..5d5663e --- /dev/null +++ b/bin/kitchen @@ -0,0 +1,32 @@ +#!/usr/bin/env ruby +# frozen_string_literal: true + +# +# This file was generated by Bundler. +# +# The application 'kitchen' is installed as part of a gem, and +# this file is here to facilitate running it. +# + +require 'pathname' +ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile', + Pathname.new(__FILE__).realpath) + +bundle_binstub = File.expand_path('bundle', __dir__) + +if File.file?(bundle_binstub) + if File.read(bundle_binstub, 300) =~ /This file was generated by Bundler/ + load(bundle_binstub) + else + abort( + 'Your `bin/bundle` was not generated by Bundler, ' \ + 'so this binstub cannot run. Replace `bin/bundle` by running ' \ + '`bundle binstubs bundler --force`, then run this command again.' + ) + end +end + +require 'rubygems' +require 'bundler/setup' + +load Gem.bin_path('test-kitchen', 'kitchen') diff --git a/commitlint.config.js b/commitlint.config.js new file mode 100644 index 0000000..4eb37f4 --- /dev/null +++ b/commitlint.config.js @@ -0,0 +1,8 @@ +module.exports = { + extends: ['@commitlint/config-conventional'], + rules: { + 'body-max-line-length': [2, 'always', 120], + 'footer-max-line-length': [2, 'always', 120], + 'header-max-length': [2, 'always', 72], + }, +}; diff --git a/docs/README.rst b/docs/README.rst new file mode 100644 index 0000000..3acc204 --- /dev/null +++ b/docs/README.rst @@ -0,0 +1,643 @@ +.. _readme: + +moosefs-formula +=============== + +|img_travis| |img_sr| |img_pc| + +.. |img_travis| image:: https://travis-ci.com/saltstack-formulas/moosefs-formula.svg?branch=master + :alt: Travis CI Build Status + :scale: 100% + :target: https://travis-ci.com/saltstack-formulas/moosefs-formula +.. |img_sr| image:: https://img.shields.io/badge/%20%20%F0%9F%93%A6%F0%9F%9A%80-semantic--release-e10079.svg + :alt: Semantic Release + :scale: 100% + :target: https://github.com/semantic-release/semantic-release +.. |img_pc| image:: https://img.shields.io/badge/pre--commit-enabled-brightgreen?logo=pre-commit&logoColor=white + :alt: pre-commit + :scale: 100% + :target: https://github.com/pre-commit/pre-commit + +Formula to set up MooseFS. + +.. contents:: **Table of Contents** + :depth: 1 + +General notes +------------- + +See the full `SaltStack Formulas installation and usage instructions +`_. + +If you are interested in writing or contributing to formulas, please pay attention to the `Writing Formula Section +`_. + +If you want to use this formula, please pay attention to the ``FORMULA`` file and/or ``git tag``, +which contains the currently released version. This formula is versioned according to `Semantic Versioning `_. + +See `Formula Versioning Section `_ for more details. + +If you need (non-default) configuration, please refer to: + +- `how to configure the formula with map.jinja `_ +- the ``pillar.example`` file +- the `Special notes`_ section + +Contributing to this repo +------------------------- + +**Commit message formatting is significant!!** + +Please see `How to contribute `_ for more details. + +Commit messages +^^^^^^^^^^^^^^^ + +**Commit message formatting is significant!!** + +Please see `How to contribute `_ for more details. + +pre-commit +^^^^^^^^^^ + +`pre-commit `_ is configured for this formula, which you may optionally use to ease the steps involved in submitting your changes. +First install the ``pre-commit`` package manager using the appropriate `method `_, then run ``bin/install-hooks`` and +now ``pre-commit`` will run automatically on each ``git commit``. :: + + $ bin/install-hooks + pre-commit installed at .git/hooks/pre-commit + pre-commit installed at .git/hooks/commit-msg + +Special notes +------------- + +The default values of configuration files are defined under the +``default`` key of each component in `moosefs/parameters/defaults.yaml +`_. + +Available states +---------------- + +.. contents:: + :local: + +``moosefs`` +^^^^^^^^^^^ + +*Meta-state (This is a state that includes other states)*. + +This apply all subcomponent states based on configuration data: + +- `moosefs.master`_ is applied if ``master:enabled`` is ``true`` +- `moosefs.metalogger`_ is applied if ``metalogger:enabled`` is + ``true`` +- `moosefs.chunkserver`_ is applied if ``chunkserver:enabled`` is + ``true`` +- `moosefs.cgi`_ is applied if ``cgi:enabled`` is ``true`` +- `moosefs.cgiserv`_ is applied if ``cgiserv:enabled`` is ``true`` +- `moosefs.client`_ is applied if ``client:enabled`` is ``true`` +- `moosefs.cli`_ is applied if ``cli:enabled`` is ``true`` +- `moosefs.netdump`_ is applied if ``netdump:enabled`` is ``true`` + +By default, all components are disabled but can be applied +individually by running their states directly. + +``moosefs.cleaned`` +^^^^^^^^^^^^^^^^^^^ + +*Meta-state (This is a state that includes other states)*. + +Remove all components of MooseFS: + +- stop and disable the services +- remove the configuration files +- uninstall packages + +The running data are preserved. + +``moosefs.master`` +^^^^^^^^^^^^^^^^^^ + +*Meta-state (This is a state that includes other states)*. + +Install the MooseFS metadata server ``mfsmaster``: + +- install the packages with `moosefs.master.package`_ +- configure the service with `moosefs.master.config`_ +- enable and start the service with `moosefs.master.service`_ if + ``master:service:enabled`` is ``true``, default to ``false`` + +``moosefs.master.cleaned`` +^^^^^^^^^^^^^^^^^^^^^^^^^^ + +*Meta-state (This is a state that includes other states)*. + +Remove the MooseFS metadata server ``mfsmaster``: + +- stop and disable the service with `moosefs.master.service.cleaned`_ +- remove the configuration of the service with + `moosefs.master.config.cleaned`_ +- uninstall the packages with `moosefs.master.package.cleaned`_ + +``moosefs.master.package`` +^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Install the MooseFS metadata server package only. + +``moosefs.master.package.cleaned`` +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Uninstall the MooseFS metadata server package only, it depends on +`moosefs.master.config.cleaned`_. + +``moosefs.master.config`` +^^^^^^^^^^^^^^^^^^^^^^^^^ + +*Meta-state (This is a state that includes other states)*. + +Configure the MooseFS metadata server. + +``moosefs.master.config.cleaned`` +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Remove the MooseFS metadata server configuration files. + +``moosefs.master.config.data-path`` +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Enforce presence and perms on the configured ``DATA_PATH``. + +``moosefs.master.config.mfsmaster`` +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Generate the MooseFS metadata server configuration file +``mfsmaster.cfg``. + +``moosefs.master.config.mfsexports`` +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Generate the MooseFS metadata server configuration file +``mfsexports.cfg``. + +``moosefs.master.config.mfstopology`` +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Generate the MooseFS metadata server configuration file +``mfstopology.cfg``. + +``moosefs.master.config.metadata`` +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Initialize the MooseFS metadata server database with the empty +``/var/lib/mfs/metadata.mfs.empty`` file if required. + +``moosefs.master.service`` +^^^^^^^^^^^^^^^^^^^^^^^^^^ + +*Meta-state (This is a state that includes other states)*. + +Enable and start the MooseFS metadata server service with +`moosefs.master.service.running`_ if ``master:service:enabled`` is +``true``. + +Stop and disable the MooseFS metadata server service with +`moosefs.master.service.cleaned`_ if ``master:service:enabled`` is +``false``, the default. + +``moosefs.master.service.cleaned`` +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Stop and disable the MooseFS metadata server service. + +``moosefs.master.service.running`` +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Enable and start the MooseFS metadata server service. + +``moosefs.metalogger`` +^^^^^^^^^^^^^^^^^^^^^^ + +*Meta-state (This is a state that includes other states)*. + +Install the MooseFS metadata replication (backup) server +``mfsmetalogger``: + +- install the package with `moosefs.metalogger.package`_ +- configure the service with `moosefs.metalogger.config`_ +- enable and start the service with `moosefs.metalogger.service`_ if + ``metalogger:service:enabled`` is ``true``, default to ``false`` + +``moosefs.metalogger.cleaned`` +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +*Meta-state (This is a state that includes other states)*. + +Remove the MooseFS metadata replication (backup) server +``mfsmetalogger``: + +- stop and disable the service with + `moosefs.metalogger.service.cleaned`_ +- remove the configuration of the service with + `moosefs.metalogger.config.cleaned`_ +- uninstall the packages with `moosefs.metalogger.package.cleaned`_ + +``moosefs.metalogger.package`` +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Install the MooseFS metadata replication (backup) server package only. + +``moosefs.metalogger.package.cleaned`` +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Uninstall the MooseFS metadata replication (backup) server package +only, it depends on `moosefs.metalogger.config.cleaned`_. + +``moosefs.metalogger.config`` +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +*Meta-state (This is a state that includes other states)*. + +Configure the MooseFS metadata replication (backup) server. + +``moosefs.metalogger.config.cleaned`` +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Remove the MooseFS metadata replication (backup) server configuration +files. + +``moosefs.metalogger.config.data-path`` +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Enforce presence and perms on the configured ``DATA_PATH``. + +``moosefs.metalogger.config.mfsmetalogger`` +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Generate the MooseFS metadata replication (backup) server +configuration file ``mfsmetalogger.cfg``. + +``moosefs.metalogger.service`` +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +*Meta-state (This is a state that includes other states)*. + +Enable and start the MooseFS metadata replication (backup) server +service with `moosefs.metalogger.service.running`_ if +``metalogger:service:enabled`` is ``true``. + +Stop and disable the MooseFS metadata replication (backup) server +service with `moosefs.metalogger.service.cleaned`_ if +``metalogger:service:enabled`` is ``false``, the default. + +``moosefs.metalogger.service.cleaned`` +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Stop and disable the MooseFS metadata replication (backup) server +service. + +``moosefs.metalogger.service.running`` +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Enable and start the MooseFS metadata replication (backup) server +service. + +``moosefs.chunkserver`` +^^^^^^^^^^^^^^^^^^^^^^^ + +*Meta-state (This is a state that includes other states)*. + +Install the MooseFS data server ``mfschunkserver``: + +- install the package with `moosefs.chunkserver.package`_ +- configure the service with `moosefs.chunkserver.config`_ +- enable and start the service with `moosefs.chunkserver.service`_ if + ``chunkserver:service:enabled`` is ``true``, default to ``false`` + +``moosefs.chunkserver.cleaned`` +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +*Meta-state (This is a state that includes other states)*. + +Remove the MooseFS data server ``mfschunkserver``: + +- stop and disable the service with + `moosefs.chunkserver.service.cleaned`_ +- remove the configuration of the service with + `moosefs.chunkserver.config.cleaned`_ +- uninstall the packages with `moosefs.chunkserver.package.cleaned`_ + +``moosefs.chunkserver.package`` +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Install the MooseFS data server package only. + +``moosefs.chunkserver.package.cleaned`` +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Uninstall the MooseFS data server package only, it depends on +`moosefs.chunkserver.config.cleaned`_. + +``moosefs.chunkserver.config`` +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +*Meta-state (This is a state that includes other states)*. + +Configure the MooseFS data server. + +``moosefs.chunkserver.config.cleaned`` +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Remove the MooseFS data server configuration files. + +``moosefs.chunkserver.config.data-path`` +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Enforce presence and perms on the configured ``DATA_PATH``. + +``moosefs.chunkserver.config.mfschunkserver`` +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Generate the MooseFS data server configuration file +``mfschunkserver.cfg``. + +``moosefs.chunkserver.config.mfshdd`` +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Generate the MooseFS data server configuration file +``mfshdd.cfg``. + +``moosefs.chunkserver.service`` +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +*Meta-state (This is a state that includes other states)*. + +Enable and start the MooseFS data server service with +`moosefs.chunkserver.service.running`_ if +``chunkserver:service:enabled`` is ``true``. + +Stop and disable the MooseFS data server service with +`moosefs.chunkserver.service.cleaned`_ if +``chunkserver:service:enabled`` is ``false``, the default. + +``moosefs.chunkserver.service.cleaned`` +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Stop and disable the MooseFS data server service. + +``moosefs.chunkserver.service.running`` +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Enable and start the MooseFS data server service. + +``moosefs.client`` +^^^^^^^^^^^^^^^^^^ + +*Meta-state (This is a state that includes other states)*. + +Install the MooseFS mount and client tools: + +- install the packages with `moosefs.client.package`_ +- configure the mount points with `moosefs.client.config`_ + +``moosefs.client.cleaned`` +^^^^^^^^^^^^^^^^^^^^^^^^^^ + +*Meta-state (This is a state that includes other states)*. + +Remove the MooseFS mount and client tools: + +- remove the mount points `moosefs.client.config.cleaned`_ +- uninstall the packages with `moosefs.client.package.cleaned`_ + +``moosefs.client.package`` +^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Install the MooseFS mount and client tools packages only. + +``moosefs.client.package.cleaned`` +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Uninstall the MooseFS mount and client tools packages only, it depends +on `moosefs.client.config.cleaned`_. + +``moosefs.client.config`` +^^^^^^^^^^^^^^^^^^^^^^^^^ + +*Meta-state (This is a state that includes other states)*. + +- configure the mount points with `moosefs.client.config.mounts`_ +- configure the default MooseFS mount options with + `moosefs.client.config.mfsmount`_ + +``moosefs.client.config.cleaned`` +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Remove the mount configurations. + +``moosefs.client.config.mounts`` +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Configure the mount points defined in ``client:config:mounts`` +dictionary. + +``moosefs.client.config.mfsmount`` +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Configure the default options for ``mfsmount`` defined in +``client:config:default_options`` list. + +``moosefs.cgiserv`` +^^^^^^^^^^^^^^^^^^^ + +*Meta-state (This is a state that includes other states)*. + +Install the simple CGI-capable HTTP server to run MooseFS CGI monitor: + +- install the packages with `moosefs.cgiserv.package`_ +- configure the service with `moosefs.cgiserv.config`_ +- enable and start the service with `moosefs.cgiserv.service`_ if + ``chunkserver:cgiserv:enabled`` is ``true``, default to ``false`` + +``moosefs.cgiserv.cleaned`` +^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +*Meta-state (This is a state that includes other states)*. + +Remove the simple CGI-capable HTTP server to run MooseFS CGI monitor: + +- stop and disable the service with + `moosefs.cgiserv.service.cleaned`_ +- remove the configuration of the service with + `moosefs.cgiserv.config.cleaned`_ +- uninstall the packages with `moosefs.cgiserv.package.cleaned`_ + +``moosefs.cgiserv.package`` +^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Install the simple CGI-capable HTTP server to run MooseFS CGI monitor +package only. + +It depends on `moosefs.cgi.package`_. + +``moosefs.cgiserv.package.cleaned`` +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Uninstall the simple CGI-capable HTTP server to run MooseFS CGI monitor +package only, it depends on `moosefs.cgiserv.config.cleaned`_. + +``moosefs.cgiserv.config`` +^^^^^^^^^^^^^^^^^^^^^^^^^^ + +*Meta-state (This is a state that includes other states)*. + +Configure the simple CGI-capable HTTP server to run MooseFS CGI monitor. + +``moosefs.cgiserv.config.cleaned`` +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Remove the simple CGI-capable HTTP server to run MooseFS CGI monitor +configuration file. + +``moosefs.cgiserv.service`` +^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +*Meta-state (This is a state that includes other states)*. + +Enable and start the simple CGI-capable HTTP server to run MooseFS CGI +monitor service with `moosefs.cgiserv.service.running`_ if +``cgiserv:service:enabled`` is ``true``. + +Stop and disable the simple CGI-capable HTTP server to run MooseFS CGI +monitor service with `moosefs.cgiserv.service.cleaned`_ if +``cgiserv:service:enabled`` is ``false``, the default. + +``moosefs.cgiserv.service.cleaned`` +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Stop and disable the simple CGI-capable HTTP server to run MooseFS CGI +monitor service. + +``moosefs.cgiserv.service.running`` +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Enable and start the simple CGI-capable HTTP server to run MooseFS CGI +monitor service. + +``moosefs.cgi`` +^^^^^^^^^^^^^^^ + +*Meta-state (This is a state that includes other states)*. + +Install the CGI application to monitor MooseFS through master/metadata +server. + +``moosefs.cgi.cleaned`` +^^^^^^^^^^^^^^^^^^^^^^^ + +*Meta-state (This is a state that includes other states)*. + +Remove the CGI application to monitor MooseFS through master/metadata +server. + +``moosefs.cgi.package`` +^^^^^^^^^^^^^^^^^^^^^^^ + +Install the CGI application to monitor MooseFS through master/metadata +server package only. + +``moosefs.cgi.package.cleaned`` +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Uninstall the CGI application to monitor MooseFS through +master/metadata server package only. + +``moosefs.cli`` +^^^^^^^^^^^^^^^ + +*Meta-state (This is a state that includes other states)*. + +Install the MooseFS monitoring utility ``mfscli``. + +``moosefs.cli.cleaned`` +^^^^^^^^^^^^^^^^^^^^^^^ + +*Meta-state (This is a state that includes other states)*. + +Remove the MooseFS monitoring utility ``mfscli``. + +``moosefs.cli.package`` +^^^^^^^^^^^^^^^^^^^^^^^ + +Install the MooseFS monitoring utility package only. + +``moosefs.cli.package.cleaned`` +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Uninstall the MooseFS monitoring utility package only. + +``moosefs.netdump`` +^^^^^^^^^^^^^^^^^^^ + +Install the MooseFS monitoring tool ``mfsnetdump`` utility. + +``moosefs.netdump.cleaned`` +^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Remove the MooseFS monitoring tool ``mfsnetdump`` utility. + +``moosefs.netdump.package`` +^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Install the MooseFS monitoring tool ``mfsnetdump`` utility package +only. + +``moosefs.netdump.package.cleaned`` +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Uninstall the MooseFS monitoring tool ``mfsnetdump`` utility package +only. + +Testing +------- + +Linux testing is done with ``kitchen-salt``. + +Requirements +^^^^^^^^^^^^ + +* Ruby +* Docker + +.. code-block:: bash + + $ gem install bundler + $ bundle install + $ bin/kitchen test [platform] + +Where ``[platform]`` is the platform name defined in ``kitchen.yml``, +e.g. ``debian-9-2019-2-py3``. + +``bin/kitchen converge`` +^^^^^^^^^^^^^^^^^^^^^^^^ + +Creates the docker instance and runs the ``moosefs`` main state, ready for testing. + +``bin/kitchen verify`` +^^^^^^^^^^^^^^^^^^^^^^ + +Runs the ``inspec`` tests on the actual instance. + +``bin/kitchen destroy`` +^^^^^^^^^^^^^^^^^^^^^^^ + +Removes the docker instance. + +``bin/kitchen test`` +^^^^^^^^^^^^^^^^^^^^ + +Runs all of the stages above in one go: i.e. ``destroy`` + ``converge`` + ``verify`` + ``destroy``. + +``bin/kitchen login`` +^^^^^^^^^^^^^^^^^^^^^ + +Gives you SSH access to the instance for manual testing. diff --git a/docs/TOFS_pattern.rst b/docs/TOFS_pattern.rst new file mode 100644 index 0000000..dd2c17e --- /dev/null +++ b/docs/TOFS_pattern.rst @@ -0,0 +1,518 @@ +.. _tofs_pattern: + +TOFS: A pattern for using SaltStack +=================================== + +.. list-table:: + :name: tofs-authors + :header-rows: 1 + :stub-columns: 1 + :widths: 2,2,3,2 + + * - + - Person + - Contact + - Date + * - Authored by + - Roberto Moreda + - moreda@allenta.com + - 29/12/2014 + * - Modified by + - Daniel Dehennin + - daniel.dehennin@baby-gnu.org + - 07/02/2019 + * - Modified by + - Imran Iqbal + - https://github.com/myii + - 23/02/2019 + +All that follows is a proposal based on my experience with `SaltStack `_. The good thing of a piece of software like this is that you can "bend it" to suit your needs in many possible ways, and this is one of them. All the recommendations and thoughts are given "as it is" with no warranty of any type. + +.. contents:: **Table of Contents** + +Usage of values in pillar vs templates in ``file_roots`` +-------------------------------------------------------- + +Among other functions, the *master* (or *salt-master*) serves files to the *minions* (or *salt-minions*). The `file_roots `_ is the list of directories used in sequence to find a file when a minion requires it: the first match is served to the minion. Those files could be `state files `_ or configuration templates, among others. + +Using SaltStack is a simple and effective way to implement configuration management, but even in a `non-multitenant `_ scenario, it is not a good idea to generally access some data (e.g. the database password in our `Zabbix `_ server configuration file or the private key of our `Nginx `_ TLS certificate). + +To avoid this situation we can use the `pillar mechanism `_, which is designed to provide controlled access to data from the minions based on some selection rules. As pillar data could be easily integrated in the `Jinja `_ templates, it is a good mechanism to store values to be used in the final rendering of state files and templates. + +There are a variety of approaches on the usage of pillar and templates as seen in the `saltstack-formulas `_' repositories. `Some `_ `developments `_ stress the initial purpose of pillar data into a storage for most of the possible variables for a determined system configuration. This, in my opinion, is shifting too much load from the original template files approach. Adding up some `non-trivial Jinja `_ code as essential part of composing the state file definitely makes SaltStack state files (hence formulas) more difficult to read. The extreme of this approach is that we could end up with a new render mechanism, implemented in Jinja, storing everything needed in pillar data to compose configurations. Additionally, we are establishing a strong dependency with the Jinja renderer. + +In opposition to the *put the code in file_roots and the data in pillars* approach, there is the *pillar as a store for a set of key-values* approach. A full-blown configuration file abstracted in pillar and jinja is complicated to develop, understand and maintain. I think a better and simpler approach is to keep a configuration file templated using just a basic (non-extensive but extensible) set of pillar values. + +On the reusability of SaltStack state files +------------------------------------------- + +There is a brilliant initiative of the SaltStack community called `salt-formulas `_. Their goal is to provide state files, pillar examples and configuration templates ready to be used for provisioning. I am a contributor for two small ones: `zabbix-formula `_ and `varnish-formula `_. + +The `design guidelines `_ for formulas are clear in many aspects and it is a recommended reading for anyone willing to write state files, even non-formulaic ones. + +In the next section, I am going to describe my proposal to extend further the reusability of formulas, suggesting some patterns of usage. + +The Template Override and Files Switch (TOFS) pattern +----------------------------------------------------- + +I understand a formula as a **complete, independent set of SaltStack state and configuration template files sufficient to configure a system**. A system could be something as simple as an NTP server or some other much more complex service that requires many state and configuration template files. + +The customization of a formula should be done mainly by providing pillar data used later to render either the state or the configuration template files. + +Example: NTP before applying TOFS +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Let's work with the NTP example. A basic formula that follows the `design guidelines `_ has the following files and directories tree: + +.. code-block:: console + + /srv/saltstack/salt-formulas/ntp-saltstack-formula/ + ntp/ + map.jinja + init.sls + conf.sls + files/ + default/ + etc/ + ntp.conf.jinja + +In order to use it, let's assume a `masterless configuration `_ and this relevant section of ``/etc/salt/minion``: + +.. code-block:: yaml + + pillar_roots: + base: + - /srv/saltstack/pillar + file_client: local + file_roots: + base: + - /srv/saltstack/salt + - /srv/saltstack/salt-formulas/ntp-saltstack-formula + +.. code-block:: jinja + + {#- /srv/saltstack/salt-formulas/ntp-saltstack-formula/ntp/map.jinja #} + {%- set ntp = salt['grains.filter_by']({ + 'default': { + 'pkg': 'ntp', + 'service': 'ntp', + 'config': '/etc/ntp.conf', + }, + }, merge=salt['pillar.get']('ntp:lookup')) %} + +In ``init.sls`` we have the minimal states required to have NTP configured. In many cases ``init.sls`` is almost equivalent to an ``apt-get install`` or a ``yum install`` of the package. + +.. code-block:: sls + + ## /srv/saltstack/salt-formulas/ntp-saltstack-formula/ntp/init.sls + {%- from 'ntp/map.jinja' import ntp with context %} + + Install NTP: + pkg.installed: + - name: {{ ntp.pkg }} + + Enable and start NTP: + service.running: + - name: {{ ntp.service }} + - enabled: True + - require: + - pkg: Install NTP package + +In ``conf.sls`` we have the configuration states. In most cases, that is just managing configuration file templates and making them to be watched by the service. + +.. code-block:: sls + + ## /srv/saltstack/salt-formulas/ntp-saltstack-formula/ntp/conf.sls + include: + - ntp + + {%- from 'ntp/map.jinja' import ntp with context %} + + Configure NTP: + file.managed: + - name: {{ ntp.config }} + - template: jinja + - source: salt://ntp/files/default/etc/ntp.conf.jinja + - watch_in: + - service: Enable and start NTP service + - require: + - pkg: Install NTP package + +Under ``files/default``, there is a structure that mimics the one in the minion in order to avoid clashes and confusion on where to put the needed templates. There you can find a mostly standard template for the configuration file. + +.. code-block:: jinja + + {#- /srv/saltstack/salt-formulas/ntp-saltstack-formula/ntp/files/default/etc/ntp.conf.jinja #} + {#- Managed by saltstack #} + {#- Edit pillars or override this template in saltstack if you need customization #} + {%- set settings = salt['pillar.get']('ntp', {}) %} + {%- set default_servers = ['0.ubuntu.pool.ntp.org', + '1.ubuntu.pool.ntp.org', + '2.ubuntu.pool.ntp.org', + '3.ubuntu.pool.ntp.org'] %} + + driftfile /var/lib/ntp/ntp.drift + statistics loopstats peerstats clockstats + filegen loopstats file loopstats type day enable + filegen peerstats file peerstats type day enable + filegen clockstats file clockstats type day enable + + {%- for server in settings.get('servers', default_servers) %} + server {{ server }} + {%- endfor %} + + restrict -4 default kod notrap nomodify nopeer noquery + restrict -6 default kod notrap nomodify nopeer noquery + + restrict 127.0.0.1 + restrict ::1 + +With all this, it is easy to install and configure a simple NTP server by just running ``salt-call state.sls ntp.conf``: the package will be installed, the service will be running and the configuration should be correct for most of cases, even without pillar data. + +Alternatively, you can define a highstate in ``/srv/saltstack/salt/top.sls`` and run ``salt-call state.highstate``. + +.. code-block:: sls + + ## /srv/saltstack/salt/top.sls + base: + '*': + - ntp.conf + +**Customizing the formula just with pillar data**, we have the option to define the NTP servers. + +.. code-block:: sls + + ## /srv/saltstack/pillar/top.sls + base: + '*': + - ntp + +.. code-block:: sls + + ## /srv/saltstack/pillar/ntp.sls + ntp: + servers: + - 0.ch.pool.ntp.org + - 1.ch.pool.ntp.org + - 2.ch.pool.ntp.org + - 3.ch.pool.ntp.org + +Template Override +^^^^^^^^^^^^^^^^^ + +If the customization based on pillar data is not enough, we can override the template by creating a new one in ``/srv/saltstack/salt/ntp/files/default/etc/ntp.conf.jinja`` + +.. code-block:: jinja + + {#- /srv/saltstack/salt/ntp/files/default/etc/ntp.conf.jinja #} + {#- Managed by saltstack #} + {#- Edit pillars or override this template in saltstack if you need customization #} + + {#- Some bizarre configurations here #} + {#- ... #} + + {%- for server in settings.get('servers', default_servers) %} + server {{ server }} + {%- endfor %} + +This way we are locally **overriding the template files** offered by the formula in order to make a more complex adaptation. Of course, this could be applied as well to any of the files, including the state files. + +Files Switch +^^^^^^^^^^^^ + +To bring some order into the set of template files included in a formula, as we commented, we suggest having a similar structure to a normal final file system under ``files/default``. + +We can make different templates coexist for different minions, classified by any `grain `_ value, by simply creating new directories under ``files``. This mechanism is based on **using values of some grains as a switch for the directories under** ``files/``. + +If we decide that we want ``os_family`` as switch, then we could provide the formula template variants for both the ``RedHat`` and ``Debian`` families. + +.. code-block:: console + + /srv/saltstack/salt-formulas/ntp-saltstack-formula/ntp/files/ + default/ + etc/ + ntp.conf.jinja + RedHat/ + etc/ + ntp.conf.jinja + Debian/ + etc/ + ntp.conf.jinja + +To make this work we need a ``conf.sls`` state file that takes a list of possible files as the configuration template. + +.. code-block:: sls + + ## /srv/saltstack/salt-formulas/ntp-saltstack-formula/ntp/conf.sls + include: + - ntp + + {%- from 'ntp/map.jinja' import ntp with context %} + + Configure NTP: + file.managed: + - name: {{ ntp.config }} + - template: jinja + - source: + - salt://ntp/files/{{ grains.get('os_family', 'default') }}/etc/ntp.conf.jinja + - salt://ntp/files/default/etc/ntp.conf.jinja + - watch_in: + - service: Enable and start NTP service + - require: + - pkg: Install NTP package + +If we want to cover the possibility of a special template for a minion identified by ``node01`` then we could have a specific template in ``/srv/saltstack/salt/ntp/files/node01/etc/ntp.conf.jinja``. + +.. code-block:: jinja + + {#- /srv/saltstack/salt/ntp/files/node01/etc/ntp.conf.jinja #} + {#- Managed by saltstack #} + {#- Edit pillars or override this template in saltstack if you need customization #} + + {#- Some crazy configurations here for node01 #} + {#- ... #} + +To make this work we could write a specially crafted ``conf.sls``. + +.. code-block:: sls + + ## /srv/saltstack/salt-formulas/ntp-saltstack-formula/ntp/conf.sls + include: + - ntp + + {%- from 'ntp/map.jinja' import ntp with context %} + + Configure NTP: + file.managed: + - name: {{ ntp.config }} + - template: jinja + - source: + - salt://ntp/files/{{ grains.get('id') }}/etc/ntp.conf.jinja + - salt://ntp/files/{{ grains.get('os_family') }}/etc/ntp.conf.jinja + - salt://ntp/files/default/etc/ntp.conf.jinja + - watch_in: + - service: Enable and start NTP service + - require: + - pkg: Install NTP package + +Using the ``files_switch`` macro +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +We can simplify the ``conf.sls`` with the new ``files_switch`` macro to use in the ``source`` parameter for the ``file.managed`` state. + +.. code-block:: sls + + ## /srv/saltstack/salt-formulas/ntp-saltstack-formula/ntp/conf.sls + include: + - ntp + + {%- set tplroot = tpldir.split('/')[0] %} + {%- from 'ntp/map.jinja' import ntp with context %} + {%- from 'ntp/libtofs.jinja' import files_switch %} + + Configure NTP: + file.managed: + - name: {{ ntp.config }} + - template: jinja + - source: {{ files_switch(['/etc/ntp.conf.jinja'], + lookup='Configure NTP' + ) + }} + - watch_in: + - service: Enable and start NTP service + - require: + - pkg: Install NTP package + + +* This uses ``config.get``, searching for ``ntp:tofs:source_files:Configure NTP`` to determine the list of template files to use. +* If this returns a result, the default of ``['/etc/ntp.conf.jinja']`` will be appended to it. +* If this does not yield any results, the default of ``['/etc/ntp.conf.jinja']`` will be used. + +In ``libtofs.jinja``, we define this new macro ``files_switch``. + +.. literalinclude:: ../template/libtofs.jinja + :caption: /srv/saltstack/salt-formulas/ntp-saltstack-formula/ntp/libtofs.jinja + :language: jinja + +How to customise the ``source`` further +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +The examples below are based on an ``Ubuntu`` minion called ``theminion`` being configured via. pillar. + +Using the default settings of the ``files_switch`` macro above, +the ``source`` will be: + +.. code-block:: sls + + - source: + - salt://ntp/files/theminion/etc/ntp.conf.jinja + - salt://ntp/files/Debian/etc/ntp.conf.jinja + - salt://ntp/files/default/etc/ntp.conf.jinja + +Customise ``files`` +~~~~~~~~~~~~~~~~~~~ + +The ``files`` portion can be customised: + +.. code-block:: sls + + ntp: + tofs: + dirs: + files: files_alt + +Resulting in: + +.. code-block:: sls + + - source: + - salt://ntp/files_alt/theminion/etc/ntp.conf.jinja + - salt://ntp/files_alt/Debian/etc/ntp.conf.jinja + - salt://ntp/files_alt/default/etc/ntp.conf.jinja + +Customise the use of grains +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Grains can be customised and even arbitrary paths can be supplied: + +.. code-block:: sls + + ntp: + tofs: + files_switch: + - any/path/can/be/used/here + - id + - os + - os_family + +Resulting in: + +.. code-block:: sls + + - source: + - salt://ntp/files/any/path/can/be/used/here/etc/ntp.conf.jinja + - salt://ntp/files/theminion/etc/ntp.conf.jinja + - salt://ntp/files/Ubuntu/etc/ntp.conf.jinja + - salt://ntp/files/Debian/etc/ntp.conf.jinja + - salt://ntp/files/default/etc/ntp.conf.jinja + +Customise the ``default`` path +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +The ``default`` portion of the path can be customised: + +.. code-block:: sls + + ntp: + tofs: + dirs: + default: default_alt + +Resulting in: + +.. code-block:: sls + + - source: + ... + - salt://ntp/files/default_alt/etc/ntp.conf.jinja + +Customise the list of ``source_files`` +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +The list of ``source_files`` can be given: + +.. code-block:: sls + + ntp: + tofs: + source_files: + Configure NTP: + - '/etc/ntp.conf_alt.jinja' + +Resulting in: + +.. code-block:: sls + + - source: + - salt://ntp/files/theminion/etc/ntp.conf_alt.jinja + - salt://ntp/files/theminion/etc/ntp.conf.jinja + - salt://ntp/files/Debian/etc/ntp.conf_alt.jinja + - salt://ntp/files/Debian/etc/ntp.conf.jinja + - salt://ntp/files/default/etc/ntp.conf_alt.jinja + - salt://ntp/files/default/etc/ntp.conf.jinja + +Note: This does *not* override the default value. +Rather, the value from the pillar/config is prepended to the default. + +Using sub-directories for ``components`` +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +If your formula is composed of several components, you may prefer to provides files under sub-directories, like in the `systemd-formula `_. + +.. code-block:: console + + /srv/saltstack/systemd-formula/ + systemd/ + init.sls + libtofs.jinja + map.jinja + networkd/ + init.sls + files/ + default/ + network/ + 99-default.link + resolved/ + init.sls + files/ + default/ + resolved.conf + timesyncd/ + init.sls + files/ + Arch/ + resolved.conf + Debian/ + resolved.conf + default/ + resolved.conf + Ubuntu/ + resolved.conf + +For example, the following ``formula.component.config`` SLS: + +.. code-block:: sls + + {%- from "formula/libtofs.jinja" import files_switch with context %} + + formula configuration file: + file.managed: + - name: /etc/formula.conf + - user: root + - group: root + - mode: 644 + - template: jinja + - source: {{ files_switch(['formula.conf'], + lookup='formula', + use_subpath=True + ) + }} + +will be rendered on a ``Debian`` minion named ``salt-formula.ci.local`` as: + +.. code-block:: sls + + formula configuration file: + file.managed: + - name: /etc/formula.conf + - user: root + - group: root + - mode: 644 + - template: jinja + - source: + - salt://formula/component/files/salt-formula.ci.local/formula.conf + - salt://formula/component/files/Debian/formula.conf + - salt://formula/component/files/default/formula.conf + - salt://formula/files/salt-formula.ci.local/formula.conf + - salt://formula/files/Debian/formula.conf + - salt://formula/files/default/formula.conf diff --git a/docs/map.jinja.rst b/docs/map.jinja.rst new file mode 100644 index 0000000..2bdaab2 --- /dev/null +++ b/docs/map.jinja.rst @@ -0,0 +1,542 @@ +.. _map.jinja: + +``map.jinja``: gather formula configuration values +================================================== + +The `documentation`_ explains the use of a ``map.jinja`` to gather parameters values for a formula. + +As `pillars`_ are rendered on the Salt master for every minion, this increases the load on the master as the pillar values and the number of minions grows. + +As a good practice, you should: + +- store non-secret data in YAML files distributed by the `fileserver`_ +- store secret data in: + + - `pillars`_ (and look for the use of something like `pillar.vault`_) + - `SDB`_ (and look for the use of something like `sdb.vault`_) + +Current best practice is to let ``map.jinja`` handle parameters from all sources, to minimise the use of pillars, grains or configuration from ``sls`` files and templates directly. + + +.. contents:: **Table of Contents** + + +For formula users +----------------- + + +Quick start: configure per role and per DNS domain name values +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +We will see a quick setup to configure the ``TEMPLATE`` formula for different DNS domain names and several roles. + +For this example, I'll define 2 kinds of `fileserver`_ sources: + +1. formulas git repositories with hard-coded version reference to avoid breaking my setup randomly at upstream update. they are the last sources where files are looked up +2. parameters of the formulas in the file backend `roots`_ + + +Configure the fileserver backends +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +I configure the `fileserver`_ backends to serve: + +1. files from `roots`_ first +2. `gitfs`_ repositories last + +Create the file ``/etc/salt/master.d/fileserver.conf`` and restart the ``master``: + +.. code-block:: yaml + + --- + ## + ## file server + ## + fileserver_backend: + # parameters values and override + - roots + # formulas + - gitfs + + # The files in this directory will take precedence over git repositories + file_roots: + base: + - /srv/salt + + # List of formulas I'm using + gitfs_remotes: + - https://github.com/saltstack-formulas/template-formula.git: + - base: v4.1.1 + - https://github.com/saltstack-formulas/openssh-formula.git: + - base: v2.0.1 + ... + + +Create per DNS configuration for ``TEMPLATE`` formula +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Now, we can provides the per DNS domain name configuration files for the ``TEMPLATE`` formulas under ``/srv/salt/TEMPLATE/parameters/``. + +We create the directory for ``dns:domain`` grain and we add a symlink for the ``domain`` grain which is extracted from the minion ``id``: + +.. code-block:: console + + mkdir -p /srv/salt/TEMPLATE/parameters/dns:domain/ + ln -s dns:domain /srv/salt/TEMPLATE/parameters/domain + +We create a configuration for the DNS domain ``example.net`` in ``/srv/salt/TEMPLATE/parameters/dns:domain/example.net.yaml``: + +.. code-block:: yaml + + --- + values: + config: /etc/template-formula-example-net.conf + ... + +We create another configuration for the DNS domain ``example.com`` in the Jinja YAML template ``/srv/salt/TEMPLATE/parameters/dns:domain/example.com.yaml.jinja``: + +.. code-block:: yaml + + --- + values: + config: /etc/template-formula-{{ grains['os_family'] }}.conf + ... + + +Create per role configuration for ``TEMPLATE`` formula +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Now, we can provides the per role configuration files for the ``TEMPLATE`` formulas under ``/srv/salt/TEMPLATE/parameters/``. + +We create the directory for roles: + +.. code-block:: console + + mkdir -p /srv/salt/TEMPLATE/parameters/roles + +We will define 2 roles: + +- ``TEMPLATE/server`` +- ``TEMPLATE/client`` + +We create a configuration for the role ``TEMPLATE/server`` in ``/srv/salt/TEMPLATE/parameters/roles/TEMPLATE/server.yaml``: + +.. code-block:: yaml + + --- + values: + config: /etc/template-formula-server.conf + ... + +We create another configuration for the role ``TEMPLATE/client`` in ``/srv/salt/TEMPLATE/parameters/roles/TEMPLATE/client.yaml``: + +.. code-block:: yaml + + --- + values: + config: /etc/template-formula-client.conf + ... + + +Enable roles and the ``dns:domain`` and ``domain`` grains for ``map.jinja`` +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +We need to redefine the sources for ``map.jinja`` to load values from our new configuration files, we provide a global configuration for all our minions. + +We create the global parameters file ``/srv/salt/parameters/map_jinja.yaml``: + +.. code-block:: yaml + + --- + values: + sources: + # default values + - "Y:G@osarch" + - "Y:G@os_family" + - "Y:G@os" + - "Y:G@osfinger" + - "C@{{ tplroot ~ ':lookup' }}" + - "C@{{ tplroot }}" + + # Roles activate/deactivate things + # then thing are configured depending on environment + # So roles comes before `dns:domain`, `domain` and `id` + - "Y:C@roles" + + # DNS domain configured (DHCP or resolv.conf) + - "Y:G@dns:domain" + + # Based on minion ID + - "Y:G@domain" + + # default values + - "Y:G@id" + ... + +The syntax is explained later at `Sources of configuration values`_. + + +Bind roles to minions +~~~~~~~~~~~~~~~~~~~~~ + +We associate roles `grains`_ to minion using `grains.append`_. + +For the servers: + +.. code-block:: console + + salt 'server-*' grains.append roles TEMPLATE/server + +For the clients: + +.. code-block:: console + + salt 'client-*' grains.append roles TEMPLATE/client + +.. note:: + + Since we used ``Y:C@roles``, ``map.jinja`` will do a ``salt['config.get']('roles')`` to retrieve the roles so you could use any other method to bind roles to minions (`pillars`_ or `SDB`_) but `grains`_ seems to be the preferred method. + +Note for Microsoft Windows systems +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +If you have a minion running under windows, you can't use colon ``:`` as a delimiter for grain path query (see `bug 58726`_) in which case you should use an alternate delimiter: + +Modify ``/srv/salt/parameters/map_jinja.yaml`` to change the query for ``dns:domain`` to define the `alternate delimiter`_: + +.. code-block:: yaml + + --- + values: + sources: + # default values + - "Y:G@osarch" + - "Y:G@os_family" + - "Y:G@os" + - "Y:G@osfinger" + - "C@{{ tplroot ~ ':lookup' }}" + - "C@{{ tplroot }}" + + # Roles activate/deactivate things + # then thing are configured depending on environment + # So roles comes before `dns:domain`, `domain` and `id` + - "Y:C@roles" + + # DNS domain configured (DHCP or resolv.conf) + - "Y:G:!@dns!domain" + + # Based on minion ID + - "Y:G@domain" + + # default values + - "Y:G@id" + ... + +And then, rename the directory: + +.. code-block:: console + + mv /srv/salt/TEMPLATE/parameters/dns:domain/ '/srv/salt/TEMPLATE/parameters/dns!domain/' + + +Format of configuration YAML files +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +When you write a new YAML file, note that it must conform to the following layout: + +- a mandatory ``values`` key to store the configuration values +- two optional keys to configure the use of `salt.slsutil.merge`_ + + - an optional ``strategy`` key to configure the merging strategy, for example ``strategy: 'recurse'``, the default is ``smart`` + - an optional ``merge_lists`` key to configure if lists should be merged or overridden for the ``recurse`` and ``overwrite`` strategy, for example ``merge_lists: 'true'`` + +Here is a valid example: + +.. code-block:: yaml + + --- + strategy: 'recurse' + merge_lists: 'false' + values: + pkg: + name: 'some-package' + config: '/path/to/a/configuration/file' + ... + + +Using Jinja2 YAML template +~~~~~~~~~~~~~~~~~~~~~~~~~~ + +You can provide a Jinja2 YAML template file with a name suffixed with ``.yaml.jinja``, it must produce a YAML file conform to the `Format of configuration YAML files`_, for example: + +.. code-block:: jinja + + --- + strategy: 'overwrite' + merge_lists: 'true' + values: + {%- if grains["os"] == "Debian" %} + output_dir: /tmp/{{ grains["id"] }} + {%- endif %} + ... + + +Sources of configuration values +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +The ``map.jinja`` file aggregates configuration values from several sources: + +- YAML files stored in the `fileserver`_ +- `pillars`_ +- `grains`_ +- configuration gathered with `salt['config.get']`_ + +For the values loaded from YAML files, ``map.jinja`` will automatically try to load a Jinja2 template with the same name as the YAML file with the addition of the ``.jinja`` extension, for example ``foo/bar/quux.yaml.jinja``. + +After loading values from all sources, it will try to include the ``salt://{{ tplroot }}/libs/post-map.jinja`` Jinja file if it exists which can post-process the ``mapdata`` variable. + +Configuring ``map.jinja`` sources +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +The ``map.jinja`` file uses several sources where to lookup parameter values. The list of sources can be configured in two places: + +1. globally + + 1. with a plain YAML file ``salt://parameters/map_jinja.yaml`` + 2. with a Jinja2 YAML template file ``salt://parameters/map_jinja.yaml.jinja`` + +2. per formula + + 1. with a plain YAML file ``salt://{{ tplroot }}/parameters/map_jinja.yaml`` + 2. with a Jinja2 YAML template file ``salt://{{ tplroot }}/parameters/map_jinja.yaml.jinja`` + +.. note:: + + The ``map.jinja`` configuration files must conform to the `format of configuration YAML files`_. + +Each source definition has the form ``[[: