Parcourir la source

Merge pull request #12 from n-rodriguez/wip/sr

feat(semantic-release): implement an automated changelog
tags/v0.2.1
Imran Iqbal il y a 5 ans
Parent
révision
3c485ec07c
Aucun compte lié à l'adresse e-mail de l'auteur
18 fichiers modifiés avec 1305 ajouts et 111 suppressions
  1. +109
    -1
      .gitignore
  2. +0
    -56
      .kitchen.yml
  3. +51
    -9
      .travis.yml
  4. +9
    -0
      FORMULA
  5. +3
    -6
      Gemfile
  6. +198
    -10
      LICENSE
  7. +0
    -19
      README.md
  8. +3
    -0
      commitlint.config.js
  9. +158
    -0
      docs/CONTRIBUTING.rst
  10. +88
    -0
      docs/README.rst
  11. +443
    -0
      docs/TOFS_pattern.rst
  12. +77
    -0
      kitchen.yml
  13. +30
    -0
      pre-commit_semantic-release.sh
  14. +18
    -0
      release-rules.js
  15. +106
    -0
      release.config.js
  16. +0
    -0
      test/integration/default/controls/syslog_ng.rb
  17. +12
    -0
      test/integration/default/inspec.yml
  18. +0
    -10
      test/integration/syslog_ng/inspec.yml

+ 109
- 1
.gitignore Voir le fichier

@@ -1,2 +1,110 @@
.kitchen/
# Byte-compiled / optimized / DLL files
__pycache__/
*.py[cod]
*$py.class

# C extensions
*.so

# Distribution / packaging
.Python
env/
build/
develop-eggs/
dist/
downloads/
eggs/
.eggs/
lib/
lib64/
parts/
sdist/
var/
wheels/
*.egg-info/
.installed.cfg
*.egg

# PyInstaller
# Usually these files are written by a python script from a packager
# before PyInstaller builds the exe, so as to inject date/other infos into it.
*.manifest
*.spec

# Installer logs
pip-log.txt
pip-delete-this-directory.txt

# Unit test / coverage reports
htmlcov/
.tox/
.coverage
.coverage.*
.cache
nosetests.xml
coverage.xml
*.cover
.hypothesis/
.kitchen
.kitchen.local.yml
kitchen.local.yml

# Translations
*.mo
*.pot

# Django stuff:
*.log
local_settings.py

# Flask stuff:
instance/
.webassets-cache

# Scrapy stuff:
.scrapy

# Sphinx documentation
docs/_build/

# PyBuilder
target/

# Jupyter Notebook
.ipynb_checkpoints

# pyenv
.python-version

# celery beat schedule file
celerybeat-schedule

# SageMath parsed files
*.sage.py

# dotenv
.env

# virtualenv
.venv
venv/
ENV/

# Spyder project settings
.spyderproject
.spyproject

# Rope project settings
.ropeproject

# mkdocs documentation
/site

# mypy
.mypy_cache/

# Bundler
Gemfile.lock

# copied `.md` files used for conversion to `.rst` using `m2r`
docs/*.md

+ 0
- 56
.kitchen.yml Voir le fichier

@@ -1,56 +0,0 @@
<%
distrib, infos = ENV.fetch('DISTRIB', 'debian:stretch/9').split(':')
codename, version = infos.split('/')
%>
---
driver:
name: docker
use_sudo: false

provisioner:
name: salt_solo
formula: syslog_ng

# Install Salt from official repositories
salt_install: apt
salt_version: latest
salt_apt_repo: http://repo.saltstack.com/apt/<%= distrib %>/<%= version %>/amd64
salt_apt_repo_key: http://repo.saltstack.com/apt/<%= distrib %>/<%= version %>/amd64/latest/SALTSTACK-GPG-KEY.pub

# Don't install Chef
require_chef: false

# Configure Salt
state_top:
base:
'*':
- syslog_ng.config

<% if %w[wheezy jessie xenial].include?(codename) %>
pillars:
top.sls:
base:
'*':
- syslog_ng
syslog_ng.sls:
syslog_ng:
source:
- s_src:
- unix-stream:
- /dev/log
- internal: null
<% end %>

platforms:
- name: <%= distrib %>-<%= codename %>
driver_config:
image: "<%= distrib %>:<%= codename %>"
platform: <%= distrib %>

verifier:
name: inspec
reporter:
- progress

suites:
- name: syslog_ng

+ 51
- 9
.travis.yml Voir le fichier

@@ -1,15 +1,57 @@
language: ruby
stages:
- test
- commitlint
- name: release
if: branch = master AND type != pull_request

sudo: required
cache: bundler
rvm:
- 2.3.5
language: ruby
services:
- docker
script:
- bundle exec kitchen test

# Make sure the instances listed below match up with
# the `platforms` defined in `kitchen.yml`
env:
matrix:
- DISTRIB=debian:wheezy/7
- DISTRIB=debian:jessie/8
- DISTRIB=debian:stretch/9
- DISTRIB=ubuntu:xenial/16.04
- INSTANCE: debian-9
- INSTANCE: debian-8
- INSTANCE: ubuntu-1804
- INSTANCE: ubuntu-1604

script:
- bundle exec kitchen verify ${INSTANCE}

jobs:
include:
# Define the commitlint stage
- stage: commitlint
language: node_js
node_js: lts/*
before_install: skip
script:
- npm install @commitlint/config-conventional -D
- npm install @commitlint/travis-cli -D
- commitlint-travis
# Define the release stage that runs semantic-release
- stage: release
language: node_js
node_js: lts/*
before_install: skip
script:
# Update `AUTHORS.md`
- export MAINTAINER_TOKEN=${GH_TOKEN}
- go get github.com/myii/maintainer
- maintainer contributor

# Install all dependencies required for `semantic-release`
- npm install @semantic-release/changelog@3 -D
- npm install @semantic-release/exec@3 -D
- npm install @semantic-release/git@7 -D
deploy:
provider: script
skip_cleanup: true
script:
# Run `semantic-release`
- npx semantic-release@15

+ 9
- 0
FORMULA Voir le fichier

@@ -0,0 +1,9 @@
name: syslog_ng
os: Debian, Ubuntu, RedHat, Fedora, CentOS, Suse, openSUSE
os_family: Debian, RedHat, Suse
version: 1.0
release: 1
minimum_version: 2017.7
summary: Syslog-NG formula
description: Formula to use to install and configure syslog_ng
top_level_dir: syslog_ng

+ 3
- 6
Gemfile Voir le fichier

@@ -1,8 +1,5 @@
source 'https://rubygems.org'
ruby '2.3.5'

gem 'test-kitchen'
gem 'kitchen-docker'
gem 'kitchen-salt'
gem 'kitchen-inspec'
gem 'rake'
gem 'kitchen-docker', '>= 2.9'
gem 'kitchen-salt', '>= 0.6.0'
gem 'kitchen-inspec', '>= 1.1'

+ 198
- 10
LICENSE Voir le fichier

@@ -1,13 +1,201 @@
Copyright (c) 2013-2017 Salt Stack Formulas
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION

http://www.apache.org/licenses/LICENSE-2.0
1. Definitions.

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.

"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.

"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.

"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.

"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.

"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.

"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).

"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.

"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."

"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.

2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.

3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.

4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:

(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and

(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and

(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and

(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.

You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.

5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.

6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.

7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.

8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.

9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.

END OF TERMS AND CONDITIONS

APPENDIX: How to apply the Apache License to your work.

To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "{}"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.

Copyright {yyyy} {name of copyright owner}

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

+ 0
- 19
README.md Voir le fichier

@@ -1,19 +0,0 @@
# SyslogNG Salt Formula

[![Build Status](https://travis-ci.org/saltstack-formulas/syslog-ng-formula.svg?branch=master)](https://travis-ci.org/saltstack-formulas/syslog-ng-formula)

Install and configure the syslog-ng service.

Note: See the full [Salt Formulas installation and usage instructions](http://docs.saltstack.com/en/latest/topics/development/conventions/formulas.html).

## Available states

* `syslog_ng` : Installs the `syslog-ng` package
* `syslog_ng.config` : Installs and configures the `syslog-ng` package
* `syslog_ng.packages` : Install optional packages which may provide additional functionalities

## Available pillars

You can take a loot at [`pillar.example`](https://github.com/saltstack-formulas/syslog-ng-formula/blob/master/pillar.example) to configure SyslogNG with pillars.

**Note:** if the first character of a string is '=' the string is treated as a literal (not ecapsulated in quotes)

+ 3
- 0
commitlint.config.js Voir le fichier

@@ -0,0 +1,3 @@
module.exports = {
extends: ['@commitlint/config-conventional'],
};

+ 158
- 0
docs/CONTRIBUTING.rst Voir le fichier

@@ -0,0 +1,158 @@
.. _contributing:

How to contribute
=================

This document will eventually outline all aspects of guidance to make your contributing experience a fruitful and enjoyable one.
What it already contains is information about *commit message formatting* and how that directly affects the numerous automated processes that are used for this repo.
It also covers how to contribute to this *formula's documentation*.

.. contents:: **Table of Contents**

Overview
--------

Submitting a pull request is more than just code!
To achieve a quality product, the *tests* and *documentation* need to be updated as well.
An excellent pull request will include these in the changes, wherever relevant.

Commit message formatting
-------------------------

Since every type of change requires making Git commits,
we will start by covering the importance of ensuring that all of your commit
messages are in the correct format.

Automation of multiple processes
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

This formula uses `semantic-release <https://github.com/semantic-release/semantic-release>`_ for automating numerous processes such as bumping the version number appropriately, creating new tags/releases and updating the changelog.
The entire process relies on the structure of commit messages to determine the version bump, which is then used for the rest of the automation.

Full details are available in the upstream docs regarding the `Angular Commit Message Conventions <https://github.com/angular/angular.js/blob/master/DEVELOPERS.md#-git-commit-guidelines>`_.
The key factor is that the first line of the commit message must follow this format:

.. code-block::

type(scope): subject


* E.g. ``docs(contributing): add commit message formatting instructions``.

Besides the version bump, the changelog and release notes are formatted accordingly.
So based on the example above:

..

.. raw:: html

<h3>Documentation</h3>

* **contributing:** add commit message formatting instructions


* The ``type`` translates into a ``Documentation`` sub-heading.
* The ``(scope):`` will be shown in bold text without the brackets.
* The ``subject`` follows the ``scope`` as standard text.

Linting commit messages in Travis CI
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

This formula uses `commitlint <https://github.com/conventional-changelog/commitlint>`_ for checking commit messages during CI testing.
This ensures that they are in accordance with the ``semantic-release`` settings.

For more details about the default settings, refer back to the ``commitlint`` `reference rules <https://conventional-changelog.github.io/commitlint/#/reference-rules>`_.

Relationship between commit type and version bump
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

This formula applies some customisations to the defaults, as outlined in the table below,
based upon the `type <https://github.com/angular/angular.js/blob/master/DEVELOPERS.md#type>`_ of the commit:

.. list-table::
:name: commit-type-vs-version-bump
:header-rows: 1
:stub-columns: 0
:widths: 1,2,3,1,1

* - Type
- Heading
- Description
- Bump (default)
- Bump (custom)
* - ``build``
- Build System
- Changes related to the build system
- –
-
* - ``chore``
- –
- Changes to the build process or auxiliary tools and libraries such as
documentation generation
- –
-
* - ``ci``
- Continuous Integration
- Changes to the continuous integration configuration
- –
-
* - ``docs``
- Documentation
- Documentation only changes
- –
- 0.0.1
* - ``feat``
- Features
- A new feature
- 0.1.0
-
* - ``fix``
- Bug Fixes
- A bug fix
- 0.0.1
-
* - ``perf``
- Performance Improvements
- A code change that improves performance
- 0.0.1
-
* - ``refactor``
- Code Refactoring
- A code change that neither fixes a bug nor adds a feature
- –
- 0.0.1
* - ``revert``
- Reverts
- A commit used to revert a previous commit
- –
- 0.0.1
* - ``style``
- Styles
- Changes that do not affect the meaning of the code (white-space,
formatting, missing semi-colons, etc.)
- –
- 0.0.1
* - ``test``
- Tests
- Adding missing or correcting existing tests
- –
- 0.0.1

Use ``BREAKING CHANGE`` to trigger a ``major`` version change
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Adding ``BREAKING CHANGE`` to the footer of the extended description of the commit message will **always** trigger a ``major`` version change, no matter which type has been used.
This will be appended to the changelog and release notes as well.
To preserve good formatting of these notes, the following format is prescribed:

* ``BREAKING CHANGE: <explanation in paragraph format>.``

An example of that:

.. code-block:: git

...

BREAKING CHANGE: With the removal of all of the `.sls` files under
`template package`, this formula no longer supports the installation of
packages.

+ 88
- 0
docs/README.rst Voir le fichier

@@ -0,0 +1,88 @@
.. _readme:

syslog-ng-formula
=================

|img_travis| |img_sr|

.. |img_travis| image:: https://travis-ci.com/saltstack-formulas/syslog-ng-formula.svg?branch=master
:alt: Travis CI Build Status
:scale: 100%
:target: https://travis-ci.com/saltstack-formulas/syslog-ng-formula
.. |img_sr| image:: https://img.shields.io/badge/%20%20%F0%9F%93%A6%F0%9F%9A%80-semantic--release-e10079.svg
:alt: Semantic Release
:scale: 100%
:target: https://github.com/semantic-release/semantic-release

Formula to set up and configure syslog_ng

.. contents:: **Table of Contents**

General notes
-------------

See the full `SaltStack Formulas installation and usage instructions
<https://docs.saltstack.com/en/latest/topics/development/conventions/formulas.html>`_.

If you are interested in writing or contributing to formulas, please pay attention to the `Writing Formula Section
<https://docs.saltstack.com/en/latest/topics/development/conventions/formulas.html#writing-formulas>`_.

If you want to use this formula, please pay attention to the ``FORMULA`` file and/or ``git tag``,
which contains the currently released version. This formula is versioned according to `Semantic Versioning <http://semver.org/>`_.

See `Formula Versioning Section <https://docs.saltstack.com/en/latest/topics/development/conventions/formulas.html#versioning>`_ for more details.

Contributing to this repo
-------------------------

**Commit message formatting is significant!!**

Please see :ref:`How to contribute <CONTRIBUTING>` for more details.

Available states
----------------

.. contents::
:local:

``syslog_ng``
^^^^^^^^^^^^^
Installs and configures the syslog_ng package.

``syslog_ng.packages``
^^^^^^^^^^^^^^^^^^^^^^
Installs the syslog_ng package and optional packages which may provide additional functionalities.

``syslog_ng.config``
^^^^^^^^^^^^^^^^^^^^
This state manages the file ``syslog_ng.conf`` under ``/etc/syslog-ng`` (template found in "syslog_ng/files"). The configuration is populated by values in "syslog_ng/map.jinja" based on the package's default values (and RedHat, Debian, Suse and Arch family distribution specific values), which can then be overridden by values of the same name in pillar.

Testing
-------

Linux testing is done with ``kitchen-salt``.

``kitchen converge``
^^^^^^^^^^^^^^^^^^^^

Creates the docker instance and runs the ``template`` main state, ready for testing.

``kitchen verify``
^^^^^^^^^^^^^^^^^^

Runs the ``inspec`` tests on the actual instance.

``kitchen destroy``
^^^^^^^^^^^^^^^^^^^

Removes the docker instance.

``kitchen test``
^^^^^^^^^^^^^^^^

Runs all of the stages above in one go: i.e. ``destroy`` + ``converge`` + ``verify`` + ``destroy``.

``kitchen login``
^^^^^^^^^^^^^^^^^

Gives you SSH access to the instance for manual testing.

+ 443
- 0
docs/TOFS_pattern.rst Voir le fichier

@@ -0,0 +1,443 @@
.. _tofs_pattern:

TOFS: A pattern for using SaltStack
===================================

.. list-table::
:name: tofs-authors
:header-rows: 1
:stub-columns: 1
:widths: 2,2,3,2

* -
- Person
- Contact
- Date
* - Authored by
- Roberto Moreda
- moreda@allenta.com
- 29/12/2014
* - Modified by
- Daniel Dehennin
- daniel.dehennin@baby-gnu.org
- 07/02/2019
* - Modified by
- Imran Iqbal
- https://github.com/myii
- 23/02/2019

All that follows is a proposal based on my experience with `SaltStack <http://www.saltstack.com/>`_. The good thing of a piece of software like this is that you can "bend it" to suit your needs in many possible ways, and this is one of them. All the recommendations and thoughts are given "as it is" with no warranty of any type.

.. contents:: **Table of Contents**

Usage of values in pillar vs templates in ``file_roots``
--------------------------------------------------------

Among other functions, the *master* (or *salt-master*) serves files to the *minions* (or *salt-minions*). The `file_roots <http://docs.saltstack.com/en/latest/ref/file_server/file_roots.html>`_ is the list of directories used in sequence to find a file when a minion requires it: the first match is served to the minion. Those files could be `state files <http://docs.saltstack.com/en/latest/topics/tutorials/starting_states.html>`_ or configuration templates, among others.

Using SaltStack is a simple and effective way to implement configuration management, but even in a `non-multitenant <http://en.wikipedia.org/wiki/Multitenancy>`_ scenario, it is not a good idea to generally access some data (e.g. the database password in our `Zabbix <http://www.zabbix.com/>`_ server configuration file or the private key of our `Nginx <http://nginx.org/en/>`_ TLS certificate).

To avoid this situation we can use the `pillar mechanism <http://docs.saltstack.com/en/latest/topics/pillar/>`_, which is designed to provide controlled access to data from the minions based on some selection rules. As pillar data could be easily integrated in the `Jinja <http://docs.saltstack.com/en/latest/topics/tutorials/pillar.html>`_ templates, it is a good mechanism to store values to be used in the final rendering of state files and templates.

There are a variety of approaches on the usage of pillar and templates as seen in the `saltstack-formulas <https://github.com/saltstack-formulas>`_' repositories. `Some <https://github.com/saltstack-formulas/nginx-formula/pull/18>`_ `developments <https://github.com/saltstack-formulas/php-formula/pull/14>`_ stress the initial purpose of pillar data into a storage for most of the possible variables for a determined system configuration. This, in my opinion, is shifting too much load from the original template files approach. Adding up some `non-trivial Jinja <https://github.com/spsoit/nginx-formula/blob/81de880fe0276dd9488ffa15bc78944c0fc2b919/nginx/ng/files/nginx.conf>`_ code as essential part of composing the state file definitely makes SaltStack state files (hence formulas) more difficult to read. The extreme of this approach is that we could end up with a new render mechanism, implemented in Jinja, storing everything needed in pillar data to compose configurations. Additionally, we are establishing a strong dependency with the Jinja renderer.

In opposition to the *put the code in file_roots and the data in pillars* approach, there is the *pillar as a store for a set of key-values* approach. A full-blown configuration file abstracted in pillar and jinja is complicated to develop, understand and maintain. I think a better and simpler approach is to keep a configuration file templated using just a basic (non-extensive but extensible) set of pillar values.

On the reusability of SaltStack state files
-------------------------------------------

There is a brilliant initiative of the SaltStack community called `salt-formulas <https://github.com/saltstack-formulas>`_. Their goal is to provide state files, pillar examples and configuration templates ready to be used for provisioning. I am a contributor for two small ones: `zabbix-formula <https://github.com/saltstack-formulas/zabbix-formula>`_ and `varnish-formula <https://github.com/saltstack-formulas/varnish-formula>`_.

The `design guidelines <http://docs.saltstack.com/en/latest/topics/development/conventions/formulas.html>`_ for formulas are clear in many aspects and it is a recommended reading for anyone willing to write state files, even non-formulaic ones.

In the next section, I am going to describe my proposal to extend further the reusability of formulas, suggesting some patterns of usage.

The Template Override and Files Switch (TOFS) pattern
-----------------------------------------------------

I understand a formula as a **complete, independent set of SaltStack state and configuration template files sufficient to configure a system**. A system could be something as simple as an NTP server or some other much more complex service that requires many state and configuration template files.

The customization of a formula should be done mainly by providing pillar data used later to render either the state or the configuration template files.

Example: NTP before applying TOFS
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Let's work with the NTP example. A basic formula that follows the `design guidelines <http://docs.saltstack.com/en/latest/topics/development/conventions/formulas.html>`_ has the following files and directories tree:

.. code-block::

/srv/saltstack/salt-formulas/ntp-saltstack-formula/
ntp/
map.jinja
init.sls
conf.sls
files/
default/
etc/
ntp.conf.jinja

In order to use it, let's assume a `masterless configuration <http://docs.saltstack.com/en/latest/topics/tutorials/quickstart.html>`_ and this relevant section of ``/etc/salt/minion``:

.. code-block:: yaml

pillar_roots:
base:
- /srv/saltstack/pillar
file_client: local
file_roots:
base:
- /srv/saltstack/salt
- /srv/saltstack/salt-formulas/ntp-saltstack-formula

.. code-block:: jinja

{#- /srv/saltstack/salt-formulas/ntp-saltstack-formula/ntp/map.jinja #}
{%- set ntp = salt['grains.filter_by']({
'default': {
'pkg': 'ntp',
'service': 'ntp',
'config': '/etc/ntp.conf',
},
}, merge=salt['pillar.get']('ntp:lookup')) %}

In ``init.sls`` we have the minimal states required to have NTP configured. In many cases ``init.sls`` is almost equivalent to an ``apt-get install`` or a ``yum install`` of the package.

.. code-block:: sls

## /srv/saltstack/salt-formulas/ntp-saltstack-formula/ntp/init.sls
{%- from 'ntp/map.jinja' import ntp with context %}

Install NTP:
pkg.installed:
- name: {{ ntp.pkg }}

Enable and start NTP:
service.running:
- name: {{ ntp.service }}
- enabled: True
- require:
- pkg: Install NTP package

In ``conf.sls`` we have the configuration states. In most cases, that is just managing configuration file templates and making them to be watched by the service.

.. code-block:: sls

## /srv/saltstack/salt-formulas/ntp-saltstack-formula/ntp/conf.sls
include:
- ntp

{%- from 'ntp/map.jinja' import ntp with context %}

Configure NTP:
file.managed:
- name: {{ ntp.config }}
- template: jinja
- source: salt://ntp/files/default/etc/ntp.conf.jinja
- watch_in:
- service: Enable and start NTP service
- require:
- pkg: Install NTP package

Under ``files/default``, there is a structure that mimics the one in the minion in order to avoid clashes and confusion on where to put the needed templates. There you can find a mostly standard template for the configuration file.

.. code-block:: jinja

{#- /srv/saltstack/salt-formulas/ntp-saltstack-formula/ntp/files/default/etc/ntp.conf.jinja #}
{#- Managed by saltstack #}
{#- Edit pillars or override this template in saltstack if you need customization #}
{%- set settings = salt['pillar.get']('ntp', {}) %}
{%- set default_servers = ['0.ubuntu.pool.ntp.org',
'1.ubuntu.pool.ntp.org',
'2.ubuntu.pool.ntp.org',
'3.ubuntu.pool.ntp.org'] %}

driftfile /var/lib/ntp/ntp.drift
statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable

{%- for server in settings.get('servers', default_servers) %}
server {{ server }}
{%- endfor %}

restrict -4 default kod notrap nomodify nopeer noquery
restrict -6 default kod notrap nomodify nopeer noquery

restrict 127.0.0.1
restrict ::1

With all this, it is easy to install and configure a simple NTP server by just running ``salt-call state.sls ntp.conf``: the package will be installed, the service will be running and the configuration should be correct for most of cases, even without pillar data.

Alternatively, you can define a highstate in ``/srv/saltstack/salt/top.sls`` and run ``salt-call state.highstate``.

.. code-block:: sls

## /srv/saltstack/salt/top.sls
base:
'*':
- ntp.conf

**Customizing the formula just with pillar data**, we have the option to define the NTP servers.

.. code-block:: sls

## /srv/saltstack/pillar/top.sls
base:
'*':
- ntp

.. code-block:: sls

## /srv/saltstack/pillar/ntp.sls
ntp:
servers:
- 0.ch.pool.ntp.org
- 1.ch.pool.ntp.org
- 2.ch.pool.ntp.org
- 3.ch.pool.ntp.org

Template Override
^^^^^^^^^^^^^^^^^

If the customization based on pillar data is not enough, we can override the template by creating a new one in ``/srv/saltstack/salt/ntp/files/default/etc/ntp.conf.jinja``

.. code-block:: jinja

{#- /srv/saltstack/salt/ntp/files/default/etc/ntp.conf.jinja #}
{#- Managed by saltstack #}
{#- Edit pillars or override this template in saltstack if you need customization #}

{#- Some bizarre configurations here #}
{#- ... #}

{%- for server in settings.get('servers', default_servers) %}
server {{ server }}
{%- endfor %}

This way we are locally **overriding the template files** offered by the formula in order to make a more complex adaptation. Of course, this could be applied as well to any of the files, including the state files.

Files Switch
^^^^^^^^^^^^

To bring some order into the set of template files included in a formula, as we commented, we suggest having a similar structure to a normal final file system under ``files/default``.

We can make different templates coexist for different minions, classified by any `grain <http://docs.saltstack.com/en/latest/topics/targeting/grains.html>`_ value, by simply creating new directories under ``files``. This mechanism is based on **using values of some grains as a switch for the directories under** ``files/``.

If we decide that we want ``os_family`` as switch, then we could provide the formula template variants for both the ``RedHat`` and ``Debian`` families.

.. code-block::

/srv/saltstack/salt-formulas/ntp-saltstack-formula/ntp/files/
default/
etc/
ntp.conf.jinja
RedHat/
etc/
ntp.conf.jinja
Debian/
etc/
ntp.conf.jinja

To make this work we need a ``conf.sls`` state file that takes a list of possible files as the configuration template.

.. code-block:: sls

## /srv/saltstack/salt-formulas/ntp-saltstack-formula/ntp/conf.sls
include:
- ntp

{%- from 'ntp/map.jinja' import ntp with context %}

Configure NTP:
file.managed:
- name: {{ ntp.config }}
- template: jinja
- source:
- salt://ntp/files/{{ grains.get('os_family', 'default') }}/etc/ntp.conf.jinja
- salt://ntp/files/default/etc/ntp.conf.jinja
- watch_in:
- service: Enable and start NTP service
- require:
- pkg: Install NTP package

If we want to cover the possibility of a special template for a minion identified by ``node01`` then we could have a specific template in ``/srv/saltstack/salt/ntp/files/node01/etc/ntp.conf.jinja``.

.. code-block:: jinja

{#- /srv/saltstack/salt/ntp/files/node01/etc/ntp.conf.jinja #}
{#- Managed by saltstack #}
{#- Edit pillars or override this template in saltstack if you need customization #}

{#- Some crazy configurations here for node01 #}
{#- ... #}

To make this work we could write a specially crafted ``conf.sls``.

.. code-block:: sls

## /srv/saltstack/salt-formulas/ntp-saltstack-formula/ntp/conf.sls
include:
- ntp

{%- from 'ntp/map.jinja' import ntp with context %}

Configure NTP:
file.managed:
- name: {{ ntp.config }}
- template: jinja
- source:
- salt://ntp/files/{{ grains.get('id') }}/etc/ntp.conf.jinja
- salt://ntp/files/{{ grains.get('os_family') }}/etc/ntp.conf.jinja
- salt://ntp/files/default/etc/ntp.conf.jinja
- watch_in:
- service: Enable and start NTP service
- require:
- pkg: Install NTP package

Using the ``files_switch`` macro
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

We can simplify the ``conf.sls`` with the new ``files_switch`` macro to use in the ``source`` parameter for the ``file.managed`` state.

.. code-block:: sls

## /srv/saltstack/salt-formulas/ntp-saltstack-formula/ntp/conf.sls
include:
- ntp

{%- set tplroot = tpldir.split('/')[0] %}
{%- from 'ntp/map.jinja' import ntp with context %}
{%- from 'ntp/libtofs.jinja' import files_switch %}

Configure NTP:
file.managed:
- name: {{ ntp.config }}
- template: jinja
- source: {{ files_switch(['/etc/ntp.conf.jinja'],
lookup='Configure NTP'
)
}}
- watch_in:
- service: Enable and start NTP service
- require:
- pkg: Install NTP package


* This uses ``config.get``, searching for ``ntp:tofs:source_files:Configure NTP`` to determine the list of template files to use.
* If this does not yield any results, the default of ``['/etc/ntp.conf.jinja']`` will be used.

In ``libtofs.jinja``, we define this new macro ``files_switch``.

.. literalinclude:: ../template/libtofs.jinja
:caption: /srv/saltstack/salt-formulas/ntp-saltstack-formula/ntp/libtofs.jinja
:language: jinja

How to customise the ``source`` further
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

The examples below are based on an ``Ubuntu`` minion called ``theminion`` being configured via. pillar.

Using the default settings of the ``files_switch`` macro above,
the ``source`` will be:

.. code-block:: sls

- source:
- salt://ntp/files/theminion/etc/ntp.conf.jinja
- salt://ntp/files/Debian/etc/ntp.conf.jinja
- salt://ntp/files/default/etc/ntp.conf.jinja

Customise ``files``
~~~~~~~~~~~~~~~~~~~

The ``files`` portion can be customised:

.. code-block:: sls

ntp:
tofs:
dirs:
files: files_alt

Resulting in:

.. code-block:: sls

- source:
- salt://ntp/files_alt/theminion/etc/ntp.conf.jinja
- salt://ntp/files_alt/Debian/etc/ntp.conf.jinja
- salt://ntp/files_alt/default/etc/ntp.conf.jinja

Customise the use of grains
~~~~~~~~~~~~~~~~~~~~~~~~~~~

Grains can be customised and even arbitrary paths can be supplied:

.. code-block:: sls

ntp:
tofs:
files_switch:
- any/path/can/be/used/here
- id
- os
- os_family

Resulting in:

.. code-block:: sls

- source:
- salt://ntp/files/any/path/can/be/used/here/etc/ntp.conf.jinja
- salt://ntp/files/theminion/etc/ntp.conf.jinja
- salt://ntp/files/Ubuntu/etc/ntp.conf.jinja
- salt://ntp/files/Debian/etc/ntp.conf.jinja
- salt://ntp/files/default/etc/ntp.conf.jinja

Customise the ``default`` path
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The ``default`` portion of the path can be customised:

.. code-block:: sls

ntp:
tofs:
dirs:
default: default_alt

Resulting in:

.. code-block:: sls

- source:
...
- salt://ntp/files/default_alt/etc/ntp.conf.jinja

Customise the list of ``source_files``
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The list of ``source_files`` can be given:

.. code-block:: sls

ntp:
tofs:
source_files:
Configure NTP:
- '/etc/ntp.conf.jinja'
- '/etc/ntp.conf_alt.jinja'

Resulting in:

.. code-block:: sls

- source:
- salt://ntp/files/theminion/etc/ntp.conf.jinja
- salt://ntp/files/theminion/etc/ntp.conf_alt.jinja
- salt://ntp/files/Debian/etc/ntp.conf.jinja
- salt://ntp/files/Debian/etc/ntp.conf_alt.jinja
- salt://ntp/files/default/etc/ntp.conf.jinja
- salt://ntp/files/default/etc/ntp.conf_alt.jinja


+ 77
- 0
kitchen.yml Voir le fichier

@@ -0,0 +1,77 @@
# -*- coding: utf-8 -*-
# vim: ft=yaml
---
# For help on this file's format, see https://kitchen.ci/
driver:
name: docker
use_sudo: false
privileged: true
run_command: /lib/systemd/systemd

# Make sure the platforms listed below match up with
# the `env.matrix` instances defined in `.travis.yml`
platforms:
- name: debian-9
driver_config:
image: debian:9
provision_command:
- apt-get update && apt-get install -y udev locales
- echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen
- locale-gen en_US.UTF-8
platform: debian

- name: debian-8
driver_config:
image: debian:8
provision_command:
- apt-get update && apt-get install -y udev locales
- echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen
- locale-gen en_US.UTF-8
platform: debian

- name: ubuntu-18.04
driver_config:
image: ubuntu:18.04
provision_command:
- apt-get update && apt-get install -y udev locales && rm -rf /var/lib/apt/lists/*
- localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8
- echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen
- locale-gen en_US.UTF-8
platform: ubuntu

- name: ubuntu-16.04
driver_config:
image: ubuntu:16.04
provision_command:
- apt-get update && apt-get install -y udev locales && rm -rf /var/lib/apt/lists/*
- localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8
- echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen
- locale-gen en_US.UTF-8
platform: ubuntu

provisioner:
name: salt_solo
log_level: info
salt_version: latest
require_chef: false
formula: syslog_ng
salt_copy_filter:
- .kitchen
- .git
state_top:
base:
'*':
- syslog_ng.config

verifier:
# https://www.inspec.io/
name: inspec
sudo: true
# cli, documentation, html, progress, json, json-min, json-rspec, junit
reporter:
- cli
inspec_tests:
- path: test/integration/default

suites:
- name: default

+ 30
- 0
pre-commit_semantic-release.sh Voir le fichier

@@ -0,0 +1,30 @@
#!/bin/sh

###############################################################################
# (A) Update `FORMULA` with `${nextRelease.version}`
###############################################################################
sed -i -e "s_^\(version:\).*_\1 ${1}_" FORMULA


###############################################################################
# (B) Use `m2r` to convert automatically produced `.md` docs to `.rst`
###############################################################################

# Install `m2r`
sudo -H pip install m2r

# Copy and then convert the `.md` docs
cp *.md docs/
cd docs/
m2r --overwrite *.md

# Change excess `H1` headings to `H2` in converted `CHANGELOG.rst`
sed -i -e '/^=.*$/s/=/-/g' CHANGELOG.rst
sed -i -e '1,4s/-/=/g' CHANGELOG.rst

# Use for debugging output, when required
# cat AUTHORS.rst
# cat CHANGELOG.rst

# Return back to the main directory
cd ..

+ 18
- 0
release-rules.js Voir le fichier

@@ -0,0 +1,18 @@
// No release is triggered for the types commented out below.
// Commits using these types will be incorporated into the next release.
//
// NOTE: Any changes here must be reflected in `CONTRIBUTING.md`.
module.exports = [
{breaking: true, release: 'major'},
// {type: 'build', release: 'patch'},
// {type: 'chore', release: 'patch'},
// {type: 'ci', release: 'patch'},
{type: 'docs', release: 'patch'},
{type: 'feat', release: 'minor'},
{type: 'fix', release: 'patch'},
{type: 'perf', release: 'patch'},
{type: 'refactor', release: 'patch'},
{type: 'revert', release: 'patch'},
{type: 'style', release: 'patch'},
{type: 'test', release: 'patch'},
];

+ 106
- 0
release.config.js Voir le fichier

@@ -0,0 +1,106 @@
module.exports = {
branch: 'master',
plugins: [
['@semantic-release/commit-analyzer', {
preset: 'angular',
releaseRules: './release-rules.js',
}],
'@semantic-release/release-notes-generator',
['@semantic-release/changelog', {
changelogFile: 'CHANGELOG.md',
changelogTitle: '# Changelog',
}],
['@semantic-release/exec', {
prepareCmd: 'sh ./pre-commit_semantic-release.sh ${nextRelease.version}',
}],
['@semantic-release/git', {
assets: ['*.md', 'docs/*.rst', 'FORMULA'],
}],
'@semantic-release/github',
],
generateNotes: {
preset: 'angular',
writerOpts: {
// Required due to upstream bug preventing all types being displayed.
// Bug: https://github.com/conventional-changelog/conventional-changelog/issues/317
// Fix: https://github.com/conventional-changelog/conventional-changelog/pull/410
transform: (commit, context) => {
const issues = []

commit.notes.forEach(note => {
note.title = `BREAKING CHANGES`
})

// NOTE: Any changes here must be reflected in `CONTRIBUTING.md`.
if (commit.type === `feat`) {
commit.type = `Features`
} else if (commit.type === `fix`) {
commit.type = `Bug Fixes`
} else if (commit.type === `perf`) {
commit.type = `Performance Improvements`
} else if (commit.type === `revert`) {
commit.type = `Reverts`
} else if (commit.type === `docs`) {
commit.type = `Documentation`
} else if (commit.type === `style`) {
commit.type = `Styles`
} else if (commit.type === `refactor`) {
commit.type = `Code Refactoring`
} else if (commit.type === `test`) {
commit.type = `Tests`
} else if (commit.type === `build`) {
commit.type = `Build System`
// } else if (commit.type === `chore`) {
// commit.type = `Maintenance`
} else if (commit.type === `ci`) {
commit.type = `Continuous Integration`
} else {
return
}

if (commit.scope === `*`) {
commit.scope = ``
}

if (typeof commit.hash === `string`) {
commit.hash = commit.hash.substring(0, 7)
}

if (typeof commit.subject === `string`) {
let url = context.repository
? `${context.host}/${context.owner}/${context.repository}`
: context.repoUrl
if (url) {
url = `${url}/issues/`
// Issue URLs.
commit.subject = commit.subject.replace(/#([0-9]+)/g, (_, issue) => {
issues.push(issue)
return `[#${issue}](${url}${issue})`
})
}
if (context.host) {
// User URLs.
commit.subject = commit.subject.replace(/\B@([a-z0-9](?:-?[a-z0-9/]){0,38})/g, (_, username) => {
if (username.includes('/')) {
return `@${username}`
}

return `[@${username}](${context.host}/${username})`
})
}
}

// remove references that already appear in the subject
commit.references = commit.references.filter(reference => {
if (issues.indexOf(reference.issue) === -1) {
return true
}

return false
})

return commit
},
},
},
};

test/integration/syslog_ng/controls/syslog_ng.rb → test/integration/default/controls/syslog_ng.rb Voir le fichier


+ 12
- 0
test/integration/default/inspec.yml Voir le fichier

@@ -0,0 +1,12 @@
name: syslog_ng
title: SyslogNG Formula
maintainer: Nicolas Rodriguez
license: Apache-2.0
summary: Verify that the syslog_ng formula is setup and configured correctly
supports:
- os-name: debian
- os-name: ubuntu
- os-name: centos
- os-name: fedora
- os-name: opensuse
- os-name: suse

+ 0
- 10
test/integration/syslog_ng/inspec.yml Voir le fichier

@@ -1,10 +0,0 @@
name: syslog_ng
title: SyslogNG Profile
maintainer: Nicolas Rodriguez
copyright: Nicolas Rodriguez
copyright_email: nicoladmin@free.fr
license: MIT
summary: SyslogNG Compliance Profile
version: 0.1.0
supports:
- os-family: linux

Chargement…
Annuler
Enregistrer