浏览代码

feat(semantic-release): implement an automated changelog

tags/v0.3.0
Nicolas Rodriguez 5 年前
父节点
当前提交
f25b404114
共有 12 个文件被更改,包括 1102 次插入116 次删除
  1. +109
    -1
      .gitignore
  2. +43
    -7
      .travis.yml
  3. +9
    -0
      FORMULA
  4. +1
    -2
      LICENSE
  5. +0
    -106
      README.md
  6. +3
    -0
      commitlint.config.js
  7. +158
    -0
      docs/CONTRIBUTING.rst
  8. +182
    -0
      docs/README.rst
  9. +443
    -0
      docs/TOFS_pattern.rst
  10. +30
    -0
      pre-commit_semantic-release.sh
  11. +18
    -0
      release-rules.js
  12. +106
    -0
      release.config.js

+ 109
- 1
.gitignore 查看文件

@@ -1,2 +1,110 @@
.kitchen/
# Byte-compiled / optimized / DLL files
__pycache__/
*.py[cod]
*$py.class

# C extensions
*.so

# Distribution / packaging
.Python
env/
build/
develop-eggs/
dist/
downloads/
eggs/
.eggs/
lib/
lib64/
parts/
sdist/
var/
wheels/
*.egg-info/
.installed.cfg
*.egg

# PyInstaller
# Usually these files are written by a python script from a packager
# before PyInstaller builds the exe, so as to inject date/other infos into it.
*.manifest
*.spec

# Installer logs
pip-log.txt
pip-delete-this-directory.txt

# Unit test / coverage reports
htmlcov/
.tox/
.coverage
.coverage.*
.cache
nosetests.xml
coverage.xml
*.cover
.hypothesis/
.kitchen
.kitchen.local.yml
kitchen.local.yml

# Translations
*.mo
*.pot

# Django stuff:
*.log
local_settings.py

# Flask stuff:
instance/
.webassets-cache

# Scrapy stuff:
.scrapy

# Sphinx documentation
docs/_build/

# PyBuilder
target/

# Jupyter Notebook
.ipynb_checkpoints

# pyenv
.python-version

# celery beat schedule file
celerybeat-schedule

# SageMath parsed files
*.sage.py

# dotenv
.env

# virtualenv
.venv
venv/
ENV/

# Spyder project settings
.spyderproject
.spyproject

# Rope project settings
.ropeproject

# mkdocs documentation
/site

# mypy
.mypy_cache/

# Bundler
Gemfile.lock

# copied `.md` files used for conversion to `.rst` using `m2r`
docs/*.md

+ 43
- 7
.travis.yml 查看文件

@@ -1,18 +1,54 @@
language: ruby
stages:
- test
- commitlint
- name: release
if: branch = master AND type != pull_request

sudo: required
cache: bundler

rvm:
- 2.3.5
language: ruby

services:
- docker

script:
- bundle exec kitchen test

env:
matrix:
- DISTRIB=debian:stretch/9
- DISTRIB=ubuntu:xenial/16.04
- DISTRIB=ubuntu:bionic/18.04

script:
- bundle exec kitchen test

jobs:
include:
# Define the commitlint stage
- stage: commitlint
language: node_js
node_js: lts/*
before_install: skip
script:
- npm install @commitlint/config-conventional -D
- npm install @commitlint/travis-cli -D
- commitlint-travis
# Define the release stage that runs semantic-release
- stage: release
language: node_js
node_js: lts/*
before_install: skip
script:
# Update `AUTHORS.md`
- export MAINTAINER_TOKEN=${GH_TOKEN}
- go get github.com/myii/maintainer
- maintainer contributor

# Install all dependencies required for `semantic-release`
- npm install @semantic-release/changelog@3 -D
- npm install @semantic-release/exec@3 -D
- npm install @semantic-release/git@7 -D
deploy:
provider: script
skip_cleanup: true
script:
# Run `semantic-release`
- npx semantic-release@15

+ 9
- 0
FORMULA 查看文件

@@ -0,0 +1,9 @@
name: ufw
os: Debian, Ubuntu, Raspbian, RedHat, Fedora, CentOS, Suse, openSUSE, Gentoo, Funtoo, Arch, Manjaro, Alpine, FreeBSD, OpenBSD, Solaris, SmartOS, MacOS
os_family: Debian, RedHat, Suse, Gentoo, Arch, Alpine, FreeBSD, OpenBSD, Solaris, MacOS
version: 1.0
release: 1
minimum_version: 2016.11
summary: UFW formula
description: Formula to use to install and configure ufw
top_level_dir: ufw

+ 1
- 2
LICENSE 查看文件

@@ -1,4 +1,4 @@
Apache License
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/

@@ -199,4 +199,3 @@ Apache License
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.


+ 0
- 106
README.md 查看文件

@@ -1,106 +0,0 @@
# Ufw Salt Formula

[![Build Status](https://travis-ci.org/saltstack-formulas/ufw-formula.svg?branch=master)](https://travis-ci.org/saltstack-formulas/ufw-formula)

This module manages your firewall using ufw with pillar configured rules.

See the full [Salt Formulas installation and usage instructions](http://docs.saltstack.com/topics/development/conventions/formulas.html).

## Usage

All the configuration for the firewall is done via pillar (pillar.example).

Enable firewall, applying default configuration:
```javascript
ufw:
enabled: True
```

Allow 80/tcp (http) traffic from only two remote addresses:
```
ufw:
services:
http:
protocol: tcp
from_addr:
- 10.0.2.15
- 10.0.2.16
```

Allow 443/tcp (https) traffic from network 10.0.0.0/8 to an specific local ip:
```
ufw:
services:
https:
protocol: tcp
from_addr:
- 10.0.0.0/8
to_addr: 10.0.2.1
```

Allow from a service port:
```
ufw:
services:
smtp:
protocol: tcp
```

Allow from an specific port, by number:
```
ufw:
services:
139:
protocol: tcp
```

Allow from a range of ports, udp:
```
ufw:
services:
"10000:20000":
protocol: udp
```

Allow from a range of ports, tcp and udp
```
ufw:
services:
"10000:20000/tcp":
to_port: "10000:20000"
protocol: tcp
"10000:20000/udp":
to_port: "10000:20000"
protocol: udp
```

Allow from two specific ports, udp:
```
ufw:
services:
"30000,40000":
protocol: udp
```

Allow an application defined at /etc/ufw/applications.d/:
```
ufw:
applications:
- OpenSSH
```

## Run tests

This formula is tested with [Kitchen](https://kitchen.ci/) and [Inspec](https://www.inspec.io/) in a Docker container.

To run tests you need to

* install Ruby dependencies : `bundle install`
* run Kitchen : `kitchen test`

## Authors

Original state and module based on the work from [Yigal Duppen](https://github.com/publysher/infra-example-nginx/tree/develop).

Salt formula originally developed by Mario del Pozo.


+ 3
- 0
commitlint.config.js 查看文件

@@ -0,0 +1,3 @@
module.exports = {
extends: ['@commitlint/config-conventional'],
};

+ 158
- 0
docs/CONTRIBUTING.rst 查看文件

@@ -0,0 +1,158 @@
.. _contributing:

How to contribute
=================

This document will eventually outline all aspects of guidance to make your contributing experience a fruitful and enjoyable one.
What it already contains is information about *commit message formatting* and how that directly affects the numerous automated processes that are used for this repo.
It also covers how to contribute to this *formula's documentation*.

.. contents:: **Table of Contents**

Overview
--------

Submitting a pull request is more than just code!
To achieve a quality product, the *tests* and *documentation* need to be updated as well.
An excellent pull request will include these in the changes, wherever relevant.

Commit message formatting
-------------------------

Since every type of change requires making Git commits,
we will start by covering the importance of ensuring that all of your commit
messages are in the correct format.

Automation of multiple processes
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

This formula uses `semantic-release <https://github.com/semantic-release/semantic-release>`_ for automating numerous processes such as bumping the version number appropriately, creating new tags/releases and updating the changelog.
The entire process relies on the structure of commit messages to determine the version bump, which is then used for the rest of the automation.

Full details are available in the upstream docs regarding the `Angular Commit Message Conventions <https://github.com/angular/angular.js/blob/master/DEVELOPERS.md#-git-commit-guidelines>`_.
The key factor is that the first line of the commit message must follow this format:

.. code-block::

type(scope): subject


* E.g. ``docs(contributing): add commit message formatting instructions``.

Besides the version bump, the changelog and release notes are formatted accordingly.
So based on the example above:

..

.. raw:: html

<h3>Documentation</h3>

* **contributing:** add commit message formatting instructions


* The ``type`` translates into a ``Documentation`` sub-heading.
* The ``(scope):`` will be shown in bold text without the brackets.
* The ``subject`` follows the ``scope`` as standard text.

Linting commit messages in Travis CI
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

This formula uses `commitlint <https://github.com/conventional-changelog/commitlint>`_ for checking commit messages during CI testing.
This ensures that they are in accordance with the ``semantic-release`` settings.

For more details about the default settings, refer back to the ``commitlint`` `reference rules <https://conventional-changelog.github.io/commitlint/#/reference-rules>`_.

Relationship between commit type and version bump
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

This formula applies some customisations to the defaults, as outlined in the table below,
based upon the `type <https://github.com/angular/angular.js/blob/master/DEVELOPERS.md#type>`_ of the commit:

.. list-table::
:name: commit-type-vs-version-bump
:header-rows: 1
:stub-columns: 0
:widths: 1,2,3,1,1

* - Type
- Heading
- Description
- Bump (default)
- Bump (custom)
* - ``build``
- Build System
- Changes related to the build system
- –
-
* - ``chore``
- –
- Changes to the build process or auxiliary tools and libraries such as
documentation generation
- –
-
* - ``ci``
- Continuous Integration
- Changes to the continuous integration configuration
- –
-
* - ``docs``
- Documentation
- Documentation only changes
- –
- 0.0.1
* - ``feat``
- Features
- A new feature
- 0.1.0
-
* - ``fix``
- Bug Fixes
- A bug fix
- 0.0.1
-
* - ``perf``
- Performance Improvements
- A code change that improves performance
- 0.0.1
-
* - ``refactor``
- Code Refactoring
- A code change that neither fixes a bug nor adds a feature
- –
- 0.0.1
* - ``revert``
- Reverts
- A commit used to revert a previous commit
- –
- 0.0.1
* - ``style``
- Styles
- Changes that do not affect the meaning of the code (white-space,
formatting, missing semi-colons, etc.)
- –
- 0.0.1
* - ``test``
- Tests
- Adding missing or correcting existing tests
- –
- 0.0.1

Use ``BREAKING CHANGE`` to trigger a ``major`` version change
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Adding ``BREAKING CHANGE`` to the footer of the extended description of the commit message will **always** trigger a ``major`` version change, no matter which type has been used.
This will be appended to the changelog and release notes as well.
To preserve good formatting of these notes, the following format is prescribed:

* ``BREAKING CHANGE: <explanation in paragraph format>.``

An example of that:

.. code-block:: git

...

BREAKING CHANGE: With the removal of all of the `.sls` files under
`template package`, this formula no longer supports the installation of
packages.

+ 182
- 0
docs/README.rst 查看文件

@@ -0,0 +1,182 @@
.. _readme:

ufw-formula
===========

|img_travis| |img_sr|

.. |img_travis| image:: https://travis-ci.com/saltstack-formulas/ufw-formula.svg?branch=master
:alt: Travis CI Build Status
:scale: 100%
:target: https://travis-ci.com/saltstack-formulas/ufw-formula
.. |img_sr| image:: https://img.shields.io/badge/%20%20%F0%9F%93%A6%F0%9F%9A%80-semantic--release-e10079.svg
:alt: Semantic Release
:scale: 100%
:target: https://github.com/semantic-release/semantic-release

Formula to set up and configure ufw

.. contents:: **Table of Contents**

General notes
-------------

See the full `SaltStack Formulas installation and usage instructions
<https://docs.saltstack.com/en/latest/topics/development/conventions/formulas.html>`_.

If you are interested in writing or contributing to formulas, please pay attention to the `Writing Formula Section
<https://docs.saltstack.com/en/latest/topics/development/conventions/formulas.html#writing-formulas>`_.

If you want to use this formula, please pay attention to the ``FORMULA`` file and/or ``git tag``,
which contains the currently released version. This formula is versioned according to `Semantic Versioning <http://semver.org/>`_.

See `Formula Versioning Section <https://docs.saltstack.com/en/latest/topics/development/conventions/formulas.html#versioning>`_ for more details.

Contributing to this repo
-------------------------

**Commit message formatting is significant!!**

Please see :ref:`How to contribute <CONTRIBUTING>` for more details.

Available states
----------------

.. contents::
:local:

``ufw``
^^^^^^^
Installs and configures the ufw package.

``ufw.package``
^^^^^^^^^^^^^^^
Installs the ufw package.

``ufw.config``
^^^^^^^^^^^^^^
This state manages the file ``ufw.conf`` under ``/etc/ufw`` (template found in "ufw/files"). The configuration is populated by values in "ufw/map.jinja" based on the package's default values (and RedHat, Debian, Suse and Arch family distribution specific values), which can then be overridden by values of the same name in pillar.


Usage
-----

All the configuration for the firewall is done via pillar (pillar.example).

Enable firewall, applying default configuration:

.. code-block:: javascript

ufw:
enabled: True

Allow 80/tcp (http) traffic from only two remote addresses:

.. code-block::

ufw:
services:
http:
protocol: tcp
from_addr:
- 10.0.2.15
- 10.0.2.16

Allow 443/tcp (https) traffic from network 10.0.0.0/8 to an specific local ip:

.. code-block::

ufw:
services:
https:
protocol: tcp
from_addr:
- 10.0.0.0/8
to_addr: 10.0.2.1

Allow from a service port:

.. code-block::

ufw:
services:
smtp:
protocol: tcp

Allow from an specific port, by number:

.. code-block::

ufw:
services:
139:
protocol: tcp

Allow from a range of ports, udp:

.. code-block::

ufw:
services:
"10000:20000":
protocol: udp

Allow from a range of ports, tcp and udp

.. code-block::

ufw:
services:
"10000:20000/tcp":
to_port: "10000:20000"
protocol: tcp
"10000:20000/udp":
to_port: "10000:20000"
protocol: udp

Allow from two specific ports, udp:

.. code-block::

ufw:
services:
"30000,40000":
protocol: udp

Allow an application defined at /etc/ufw/applications.d/:

.. code-block::

ufw:
applications:
- OpenSSH

Testing
-------

Linux testing is done with ``kitchen-salt``.

``kitchen converge``
^^^^^^^^^^^^^^^^^^^^

Creates the docker instance and runs the ``template`` main state, ready for testing.

``kitchen verify``
^^^^^^^^^^^^^^^^^^

Runs the ``inspec`` tests on the actual instance.

``kitchen destroy``
^^^^^^^^^^^^^^^^^^^

Removes the docker instance.

``kitchen test``
^^^^^^^^^^^^^^^^

Runs all of the stages above in one go: i.e. ``destroy`` + ``converge`` + ``verify`` + ``destroy``.

``kitchen login``
^^^^^^^^^^^^^^^^^

Gives you SSH access to the instance for manual testing.

+ 443
- 0
docs/TOFS_pattern.rst 查看文件

@@ -0,0 +1,443 @@
.. _tofs_pattern:

TOFS: A pattern for using SaltStack
===================================

.. list-table::
:name: tofs-authors
:header-rows: 1
:stub-columns: 1
:widths: 2,2,3,2

* -
- Person
- Contact
- Date
* - Authored by
- Roberto Moreda
- moreda@allenta.com
- 29/12/2014
* - Modified by
- Daniel Dehennin
- daniel.dehennin@baby-gnu.org
- 07/02/2019
* - Modified by
- Imran Iqbal
- https://github.com/myii
- 23/02/2019

All that follows is a proposal based on my experience with `SaltStack <http://www.saltstack.com/>`_. The good thing of a piece of software like this is that you can "bend it" to suit your needs in many possible ways, and this is one of them. All the recommendations and thoughts are given "as it is" with no warranty of any type.

.. contents:: **Table of Contents**

Usage of values in pillar vs templates in ``file_roots``
--------------------------------------------------------

Among other functions, the *master* (or *salt-master*) serves files to the *minions* (or *salt-minions*). The `file_roots <http://docs.saltstack.com/en/latest/ref/file_server/file_roots.html>`_ is the list of directories used in sequence to find a file when a minion requires it: the first match is served to the minion. Those files could be `state files <http://docs.saltstack.com/en/latest/topics/tutorials/starting_states.html>`_ or configuration templates, among others.

Using SaltStack is a simple and effective way to implement configuration management, but even in a `non-multitenant <http://en.wikipedia.org/wiki/Multitenancy>`_ scenario, it is not a good idea to generally access some data (e.g. the database password in our `Zabbix <http://www.zabbix.com/>`_ server configuration file or the private key of our `Nginx <http://nginx.org/en/>`_ TLS certificate).

To avoid this situation we can use the `pillar mechanism <http://docs.saltstack.com/en/latest/topics/pillar/>`_, which is designed to provide controlled access to data from the minions based on some selection rules. As pillar data could be easily integrated in the `Jinja <http://docs.saltstack.com/en/latest/topics/tutorials/pillar.html>`_ templates, it is a good mechanism to store values to be used in the final rendering of state files and templates.

There are a variety of approaches on the usage of pillar and templates as seen in the `saltstack-formulas <https://github.com/saltstack-formulas>`_' repositories. `Some <https://github.com/saltstack-formulas/nginx-formula/pull/18>`_ `developments <https://github.com/saltstack-formulas/php-formula/pull/14>`_ stress the initial purpose of pillar data into a storage for most of the possible variables for a determined system configuration. This, in my opinion, is shifting too much load from the original template files approach. Adding up some `non-trivial Jinja <https://github.com/spsoit/nginx-formula/blob/81de880fe0276dd9488ffa15bc78944c0fc2b919/nginx/ng/files/nginx.conf>`_ code as essential part of composing the state file definitely makes SaltStack state files (hence formulas) more difficult to read. The extreme of this approach is that we could end up with a new render mechanism, implemented in Jinja, storing everything needed in pillar data to compose configurations. Additionally, we are establishing a strong dependency with the Jinja renderer.

In opposition to the *put the code in file_roots and the data in pillars* approach, there is the *pillar as a store for a set of key-values* approach. A full-blown configuration file abstracted in pillar and jinja is complicated to develop, understand and maintain. I think a better and simpler approach is to keep a configuration file templated using just a basic (non-extensive but extensible) set of pillar values.

On the reusability of SaltStack state files
-------------------------------------------

There is a brilliant initiative of the SaltStack community called `salt-formulas <https://github.com/saltstack-formulas>`_. Their goal is to provide state files, pillar examples and configuration templates ready to be used for provisioning. I am a contributor for two small ones: `zabbix-formula <https://github.com/saltstack-formulas/zabbix-formula>`_ and `varnish-formula <https://github.com/saltstack-formulas/varnish-formula>`_.

The `design guidelines <http://docs.saltstack.com/en/latest/topics/development/conventions/formulas.html>`_ for formulas are clear in many aspects and it is a recommended reading for anyone willing to write state files, even non-formulaic ones.

In the next section, I am going to describe my proposal to extend further the reusability of formulas, suggesting some patterns of usage.

The Template Override and Files Switch (TOFS) pattern
-----------------------------------------------------

I understand a formula as a **complete, independent set of SaltStack state and configuration template files sufficient to configure a system**. A system could be something as simple as an NTP server or some other much more complex service that requires many state and configuration template files.

The customization of a formula should be done mainly by providing pillar data used later to render either the state or the configuration template files.

Example: NTP before applying TOFS
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Let's work with the NTP example. A basic formula that follows the `design guidelines <http://docs.saltstack.com/en/latest/topics/development/conventions/formulas.html>`_ has the following files and directories tree:

.. code-block::

/srv/saltstack/salt-formulas/ntp-saltstack-formula/
ntp/
map.jinja
init.sls
conf.sls
files/
default/
etc/
ntp.conf.jinja

In order to use it, let's assume a `masterless configuration <http://docs.saltstack.com/en/latest/topics/tutorials/quickstart.html>`_ and this relevant section of ``/etc/salt/minion``:

.. code-block:: yaml

pillar_roots:
base:
- /srv/saltstack/pillar
file_client: local
file_roots:
base:
- /srv/saltstack/salt
- /srv/saltstack/salt-formulas/ntp-saltstack-formula

.. code-block:: jinja

{#- /srv/saltstack/salt-formulas/ntp-saltstack-formula/ntp/map.jinja #}
{%- set ntp = salt['grains.filter_by']({
'default': {
'pkg': 'ntp',
'service': 'ntp',
'config': '/etc/ntp.conf',
},
}, merge=salt['pillar.get']('ntp:lookup')) %}

In ``init.sls`` we have the minimal states required to have NTP configured. In many cases ``init.sls`` is almost equivalent to an ``apt-get install`` or a ``yum install`` of the package.

.. code-block:: sls

## /srv/saltstack/salt-formulas/ntp-saltstack-formula/ntp/init.sls
{%- from 'ntp/map.jinja' import ntp with context %}

Install NTP:
pkg.installed:
- name: {{ ntp.pkg }}

Enable and start NTP:
service.running:
- name: {{ ntp.service }}
- enabled: True
- require:
- pkg: Install NTP package

In ``conf.sls`` we have the configuration states. In most cases, that is just managing configuration file templates and making them to be watched by the service.

.. code-block:: sls

## /srv/saltstack/salt-formulas/ntp-saltstack-formula/ntp/conf.sls
include:
- ntp

{%- from 'ntp/map.jinja' import ntp with context %}

Configure NTP:
file.managed:
- name: {{ ntp.config }}
- template: jinja
- source: salt://ntp/files/default/etc/ntp.conf.jinja
- watch_in:
- service: Enable and start NTP service
- require:
- pkg: Install NTP package

Under ``files/default``, there is a structure that mimics the one in the minion in order to avoid clashes and confusion on where to put the needed templates. There you can find a mostly standard template for the configuration file.

.. code-block:: jinja

{#- /srv/saltstack/salt-formulas/ntp-saltstack-formula/ntp/files/default/etc/ntp.conf.jinja #}
{#- Managed by saltstack #}
{#- Edit pillars or override this template in saltstack if you need customization #}
{%- set settings = salt['pillar.get']('ntp', {}) %}
{%- set default_servers = ['0.ubuntu.pool.ntp.org',
'1.ubuntu.pool.ntp.org',
'2.ubuntu.pool.ntp.org',
'3.ubuntu.pool.ntp.org'] %}

driftfile /var/lib/ntp/ntp.drift
statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable

{%- for server in settings.get('servers', default_servers) %}
server {{ server }}
{%- endfor %}

restrict -4 default kod notrap nomodify nopeer noquery
restrict -6 default kod notrap nomodify nopeer noquery

restrict 127.0.0.1
restrict ::1

With all this, it is easy to install and configure a simple NTP server by just running ``salt-call state.sls ntp.conf``: the package will be installed, the service will be running and the configuration should be correct for most of cases, even without pillar data.

Alternatively, you can define a highstate in ``/srv/saltstack/salt/top.sls`` and run ``salt-call state.highstate``.

.. code-block:: sls

## /srv/saltstack/salt/top.sls
base:
'*':
- ntp.conf

**Customizing the formula just with pillar data**, we have the option to define the NTP servers.

.. code-block:: sls

## /srv/saltstack/pillar/top.sls
base:
'*':
- ntp

.. code-block:: sls

## /srv/saltstack/pillar/ntp.sls
ntp:
servers:
- 0.ch.pool.ntp.org
- 1.ch.pool.ntp.org
- 2.ch.pool.ntp.org
- 3.ch.pool.ntp.org

Template Override
^^^^^^^^^^^^^^^^^

If the customization based on pillar data is not enough, we can override the template by creating a new one in ``/srv/saltstack/salt/ntp/files/default/etc/ntp.conf.jinja``

.. code-block:: jinja

{#- /srv/saltstack/salt/ntp/files/default/etc/ntp.conf.jinja #}
{#- Managed by saltstack #}
{#- Edit pillars or override this template in saltstack if you need customization #}

{#- Some bizarre configurations here #}
{#- ... #}

{%- for server in settings.get('servers', default_servers) %}
server {{ server }}
{%- endfor %}

This way we are locally **overriding the template files** offered by the formula in order to make a more complex adaptation. Of course, this could be applied as well to any of the files, including the state files.

Files Switch
^^^^^^^^^^^^

To bring some order into the set of template files included in a formula, as we commented, we suggest having a similar structure to a normal final file system under ``files/default``.

We can make different templates coexist for different minions, classified by any `grain <http://docs.saltstack.com/en/latest/topics/targeting/grains.html>`_ value, by simply creating new directories under ``files``. This mechanism is based on **using values of some grains as a switch for the directories under** ``files/``.

If we decide that we want ``os_family`` as switch, then we could provide the formula template variants for both the ``RedHat`` and ``Debian`` families.

.. code-block::

/srv/saltstack/salt-formulas/ntp-saltstack-formula/ntp/files/
default/
etc/
ntp.conf.jinja
RedHat/
etc/
ntp.conf.jinja
Debian/
etc/
ntp.conf.jinja

To make this work we need a ``conf.sls`` state file that takes a list of possible files as the configuration template.

.. code-block:: sls

## /srv/saltstack/salt-formulas/ntp-saltstack-formula/ntp/conf.sls
include:
- ntp

{%- from 'ntp/map.jinja' import ntp with context %}

Configure NTP:
file.managed:
- name: {{ ntp.config }}
- template: jinja
- source:
- salt://ntp/files/{{ grains.get('os_family', 'default') }}/etc/ntp.conf.jinja
- salt://ntp/files/default/etc/ntp.conf.jinja
- watch_in:
- service: Enable and start NTP service
- require:
- pkg: Install NTP package

If we want to cover the possibility of a special template for a minion identified by ``node01`` then we could have a specific template in ``/srv/saltstack/salt/ntp/files/node01/etc/ntp.conf.jinja``.

.. code-block:: jinja

{#- /srv/saltstack/salt/ntp/files/node01/etc/ntp.conf.jinja #}
{#- Managed by saltstack #}
{#- Edit pillars or override this template in saltstack if you need customization #}

{#- Some crazy configurations here for node01 #}
{#- ... #}

To make this work we could write a specially crafted ``conf.sls``.

.. code-block:: sls

## /srv/saltstack/salt-formulas/ntp-saltstack-formula/ntp/conf.sls
include:
- ntp

{%- from 'ntp/map.jinja' import ntp with context %}

Configure NTP:
file.managed:
- name: {{ ntp.config }}
- template: jinja
- source:
- salt://ntp/files/{{ grains.get('id') }}/etc/ntp.conf.jinja
- salt://ntp/files/{{ grains.get('os_family') }}/etc/ntp.conf.jinja
- salt://ntp/files/default/etc/ntp.conf.jinja
- watch_in:
- service: Enable and start NTP service
- require:
- pkg: Install NTP package

Using the ``files_switch`` macro
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

We can simplify the ``conf.sls`` with the new ``files_switch`` macro to use in the ``source`` parameter for the ``file.managed`` state.

.. code-block:: sls

## /srv/saltstack/salt-formulas/ntp-saltstack-formula/ntp/conf.sls
include:
- ntp

{%- set tplroot = tpldir.split('/')[0] %}
{%- from 'ntp/map.jinja' import ntp with context %}
{%- from 'ntp/libtofs.jinja' import files_switch %}

Configure NTP:
file.managed:
- name: {{ ntp.config }}
- template: jinja
- source: {{ files_switch(['/etc/ntp.conf.jinja'],
lookup='Configure NTP'
)
}}
- watch_in:
- service: Enable and start NTP service
- require:
- pkg: Install NTP package


* This uses ``config.get``, searching for ``ntp:tofs:source_files:Configure NTP`` to determine the list of template files to use.
* If this does not yield any results, the default of ``['/etc/ntp.conf.jinja']`` will be used.

In ``libtofs.jinja``, we define this new macro ``files_switch``.

.. literalinclude:: ../template/libtofs.jinja
:caption: /srv/saltstack/salt-formulas/ntp-saltstack-formula/ntp/libtofs.jinja
:language: jinja

How to customise the ``source`` further
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

The examples below are based on an ``Ubuntu`` minion called ``theminion`` being configured via. pillar.

Using the default settings of the ``files_switch`` macro above,
the ``source`` will be:

.. code-block:: sls

- source:
- salt://ntp/files/theminion/etc/ntp.conf.jinja
- salt://ntp/files/Debian/etc/ntp.conf.jinja
- salt://ntp/files/default/etc/ntp.conf.jinja

Customise ``files``
~~~~~~~~~~~~~~~~~~~

The ``files`` portion can be customised:

.. code-block:: sls

ntp:
tofs:
dirs:
files: files_alt

Resulting in:

.. code-block:: sls

- source:
- salt://ntp/files_alt/theminion/etc/ntp.conf.jinja
- salt://ntp/files_alt/Debian/etc/ntp.conf.jinja
- salt://ntp/files_alt/default/etc/ntp.conf.jinja

Customise the use of grains
~~~~~~~~~~~~~~~~~~~~~~~~~~~

Grains can be customised and even arbitrary paths can be supplied:

.. code-block:: sls

ntp:
tofs:
files_switch:
- any/path/can/be/used/here
- id
- os
- os_family

Resulting in:

.. code-block:: sls

- source:
- salt://ntp/files/any/path/can/be/used/here/etc/ntp.conf.jinja
- salt://ntp/files/theminion/etc/ntp.conf.jinja
- salt://ntp/files/Ubuntu/etc/ntp.conf.jinja
- salt://ntp/files/Debian/etc/ntp.conf.jinja
- salt://ntp/files/default/etc/ntp.conf.jinja

Customise the ``default`` path
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The ``default`` portion of the path can be customised:

.. code-block:: sls

ntp:
tofs:
dirs:
default: default_alt

Resulting in:

.. code-block:: sls

- source:
...
- salt://ntp/files/default_alt/etc/ntp.conf.jinja

Customise the list of ``source_files``
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The list of ``source_files`` can be given:

.. code-block:: sls

ntp:
tofs:
source_files:
Configure NTP:
- '/etc/ntp.conf.jinja'
- '/etc/ntp.conf_alt.jinja'

Resulting in:

.. code-block:: sls

- source:
- salt://ntp/files/theminion/etc/ntp.conf.jinja
- salt://ntp/files/theminion/etc/ntp.conf_alt.jinja
- salt://ntp/files/Debian/etc/ntp.conf.jinja
- salt://ntp/files/Debian/etc/ntp.conf_alt.jinja
- salt://ntp/files/default/etc/ntp.conf.jinja
- salt://ntp/files/default/etc/ntp.conf_alt.jinja


+ 30
- 0
pre-commit_semantic-release.sh 查看文件

@@ -0,0 +1,30 @@
#!/bin/sh

###############################################################################
# (A) Update `FORMULA` with `${nextRelease.version}`
###############################################################################
sed -i -e "s_^\(version:\).*_\1 ${1}_" FORMULA


###############################################################################
# (B) Use `m2r` to convert automatically produced `.md` docs to `.rst`
###############################################################################

# Install `m2r`
sudo -H pip install m2r

# Copy and then convert the `.md` docs
cp *.md docs/
cd docs/
m2r --overwrite *.md

# Change excess `H1` headings to `H2` in converted `CHANGELOG.rst`
sed -i -e '/^=.*$/s/=/-/g' CHANGELOG.rst
sed -i -e '1,4s/-/=/g' CHANGELOG.rst

# Use for debugging output, when required
# cat AUTHORS.rst
# cat CHANGELOG.rst

# Return back to the main directory
cd ..

+ 18
- 0
release-rules.js 查看文件

@@ -0,0 +1,18 @@
// No release is triggered for the types commented out below.
// Commits using these types will be incorporated into the next release.
//
// NOTE: Any changes here must be reflected in `CONTRIBUTING.md`.
module.exports = [
{breaking: true, release: 'major'},
// {type: 'build', release: 'patch'},
// {type: 'chore', release: 'patch'},
// {type: 'ci', release: 'patch'},
{type: 'docs', release: 'patch'},
{type: 'feat', release: 'minor'},
{type: 'fix', release: 'patch'},
{type: 'perf', release: 'patch'},
{type: 'refactor', release: 'patch'},
{type: 'revert', release: 'patch'},
{type: 'style', release: 'patch'},
{type: 'test', release: 'patch'},
];

+ 106
- 0
release.config.js 查看文件

@@ -0,0 +1,106 @@
module.exports = {
branch: 'master',
plugins: [
['@semantic-release/commit-analyzer', {
preset: 'angular',
releaseRules: './release-rules.js',
}],
'@semantic-release/release-notes-generator',
['@semantic-release/changelog', {
changelogFile: 'CHANGELOG.md',
changelogTitle: '# Changelog',
}],
['@semantic-release/exec', {
prepareCmd: 'sh ./pre-commit_semantic-release.sh ${nextRelease.version}',
}],
['@semantic-release/git', {
assets: ['*.md', 'docs/*.rst', 'FORMULA'],
}],
'@semantic-release/github',
],
generateNotes: {
preset: 'angular',
writerOpts: {
// Required due to upstream bug preventing all types being displayed.
// Bug: https://github.com/conventional-changelog/conventional-changelog/issues/317
// Fix: https://github.com/conventional-changelog/conventional-changelog/pull/410
transform: (commit, context) => {
const issues = []

commit.notes.forEach(note => {
note.title = `BREAKING CHANGES`
})

// NOTE: Any changes here must be reflected in `CONTRIBUTING.md`.
if (commit.type === `feat`) {
commit.type = `Features`
} else if (commit.type === `fix`) {
commit.type = `Bug Fixes`
} else if (commit.type === `perf`) {
commit.type = `Performance Improvements`
} else if (commit.type === `revert`) {
commit.type = `Reverts`
} else if (commit.type === `docs`) {
commit.type = `Documentation`
} else if (commit.type === `style`) {
commit.type = `Styles`
} else if (commit.type === `refactor`) {
commit.type = `Code Refactoring`
} else if (commit.type === `test`) {
commit.type = `Tests`
} else if (commit.type === `build`) {
commit.type = `Build System`
// } else if (commit.type === `chore`) {
// commit.type = `Maintenance`
} else if (commit.type === `ci`) {
commit.type = `Continuous Integration`
} else {
return
}

if (commit.scope === `*`) {
commit.scope = ``
}

if (typeof commit.hash === `string`) {
commit.hash = commit.hash.substring(0, 7)
}

if (typeof commit.subject === `string`) {
let url = context.repository
? `${context.host}/${context.owner}/${context.repository}`
: context.repoUrl
if (url) {
url = `${url}/issues/`
// Issue URLs.
commit.subject = commit.subject.replace(/#([0-9]+)/g, (_, issue) => {
issues.push(issue)
return `[#${issue}](${url}${issue})`
})
}
if (context.host) {
// User URLs.
commit.subject = commit.subject.replace(/\B@([a-z0-9](?:-?[a-z0-9/]){0,38})/g, (_, username) => {
if (username.includes('/')) {
return `@${username}`
}

return `[@${username}](${context.host}/${username})`
})
}
}

// remove references that already appear in the subject
commit.references = commit.references.filter(reference => {
if (issues.indexOf(reference.issue) === -1) {
return true
}

return false
})

return commit
},
},
},
};

正在加载...
取消
保存