major overhaul to align with the template-formula #23
Conversation
|
@myii @noelmcloughlin Please review. |
|
@rbjorklin After our discussion on Slack, I wasn't expecting an overhaul to this extent! I'm a bit short of time right now but I've had a cursory look and it looks good. I've got a couple of very minor points that I'll raise inline. This will require some testing and I hope that others who are more familiar with this formula can provide that feedback. @dafyddj @myoung34 Since you have the largest contributions to this formula, would you mind having a look over this PR? |
|
@rbjorklin Could you review the CI logs in order to get the tests passing? |
vault/map.jinja
Outdated
| base='vault'), | ||
| base='vault'), | ||
| base='vault') | ||
| %} |
There was a problem hiding this comment.
This could be tidied up a little more with reference to https://github.com/saltstack-formulas/template-formula/blob/master/template/map.jinja.
There was a problem hiding this comment.
To be more helpful:
- Use
or {}. - Consider the comment below.
- Merging strategy and layout.
There was a problem hiding this comment.
Thanks for the updated comment but I still don't follow. If I remove the base part it doesn't merge correctly. Could you please clarify?
There was a problem hiding this comment.
@rbjorklin Use this instead:
# -*- coding: utf-8 -*-
# vim: ft=sls syntax=yaml softtabstop=2 tabstop=2 shiftwidth=2 expandtab autoindent
{% import_yaml "vault/yaml/defaults.yaml" or {} as default_settings %}
{% import_yaml "vault/yaml/osfamilymap.yaml" or {} as osfamilymap %}
{% import_yaml "vault/yaml/initfamilymap.yaml" or {} as initfamilymap %}
{%- set defaults = salt['grains.filter_by'](default_settings,
default='vault',
merge=salt['grains.filter_by'](osfamilymap, grain='os_family',
merge=salt['grains.filter_by'](initfamilymap, grain='init',
merge=salt['pillar.get']('vault:lookup', default={})
)
)
) %}
{#- Merge the vault pillar #}
{%- set vault = salt['pillar.get']('vault', default=defaults, merge=True) %}Please test the above since it's a direct conversion using the template-formula as a basis.
There was a problem hiding this comment.
@rbjorklin Since you've just reset the location of the .yaml files, then the paths need to be updated for the example above (vault/yaml/... => vault/...).
There was a problem hiding this comment.
What's the vault:lookup for?
There was a problem hiding this comment.
@rbjorklin The lookup is mentioned in the main documentation both here and here. For some discussions about this, refer to:
vm.overcommit_memoryis in incorrect block in pillar redis-formula#75 (comment)- The discussion starts with this comment.
- Fix
apache:lookupregression apache-formula#252 (comment)
While vault:lookup may not exist now, this structure allows for it to be adopted at a later stage.
There was a problem hiding this comment.
@rbjorklin Thanks for this. Just missing the or {}, which was raised on Slack, reported as an issue and was fixed by this PR. There was a subsequent conversation where the person was redirected to the fix.
So that would be:
{% import_yaml "vault/defaults.yaml" or {} as defaults %}
{% import_yaml "vault/osfamilymap.yaml" or {} as osfamilymap %}
{% import_yaml "vault/initfamilymap.yaml" or {} as initfamilymap %}
vault/service/init.sls
Outdated
| - watch: | ||
| - vault-package-install-archive-extracted | ||
| - vault-service-init-file-managed | ||
| - vault-config-init-file-serialize |
There was a problem hiding this comment.
Redundant use of both watch and watch_in. Easier to keep the watch, since vault-package-install-archive-extracted is missing the watch_in. If selecting the watch_in instead, then the missing watch_in needs to be added.
There was a problem hiding this comment.
If you look closely you can see that the watch_in refers to a non-existing id. I missed this while cleaning up.
There was a problem hiding this comment.
@rbjorklin Note, these are missing the state type (archive, file & file respectively). So should be:
- watch:
- archive: vault-package-install-archive-extracted
- file: vault-service-init-file-managed
- file: vault-config-config-file-serializeThere was a problem hiding this comment.
Not strictly necessary any more: https://docs.saltstack.com/en/latest/ref/states/requisites.html#omitting-state-module-in-requisites
There was a problem hiding this comment.
This is generally kept explicit across formulas.
There was a problem hiding this comment.
I don't have a strong opinion either way, I just kept it the way it was in this formula. I'll let @myoung34 have the final word here.
There was a problem hiding this comment.
Hi @rbjorklin Congrats on producing a good PR. It LG to me having reviewed syntax and context.
I have some minor suggestions-
- Merge
signature.slsintogpg.slssince both are concerned with gpg checking? - Include
vault.package.gpgandvault.package.gpg.cleanstates in formula. - include an
osmap.yamlfile to handleplatform: xxxxxvariable for MacOS.
thanks
Noel
|
Thanks for you feedback @myii and @noelmcloughlin! |
The |
|
Hi, while this is a great effort, I just wonder whether it couldn't be done in a more piecemeal fashion. |
Also you need to introduce a |
|
@dafyddj when you say upgrade logic do you mean the possibility of having multiple versions of Vault installed at the same time? (That's the only thing I can remember removing). I didn't know there was an actual use case for that and would happily put it back in there if there's a valid use case! @noelmcloughlin I actually created that but I seem to have missed |
|
Hi @aboe76 @myii @javierbertoli how about moving all yamls to Secondly how about renaming |
|
@noelmcloughlin Some basic responses to your questions.
I haven't given this much thought so far. One angle is that once we start modularising the formulas as we've started doing, then this will reduce the "tarbomb" effect.
This won't always work, especially where non-Jinja templates are required. This actually came up in the Slack/IRC/Matrix room yesterday, as a concern about TOFS being Jinja-centric. |
The use case is to upgrade from one version to the next. Admittedly, yes, it leaves the previous version on the system, but I never got around to cleaning that up. |
|
@dafyddj I had another look at the formula and also read through: https://www.vaultproject.io/docs/upgrading/index.html and from what I can tell I didn't change the way the state works and how it is now should be compatible with the upgrade guide from Hashicorp. Do you have an example of something that worked before this PR that is broken with it? |
It will work for jinja templates - the idea being that TECH-content is stored in TECH-directory. |
|
@noelmcloughlin Having another neutral name (i.e. not |
|
@rbjorklin For the current set of commits, they can be amended to something like the following: For more information, have a look at A recommendation I have here is to keep this as the "master" PR, which shows the overall changes being proposed. Then start using this to produce smaller, feature-based PRs that can be tested and merged with more confidence. This will also be the opportunity to improve the commit messages that will be used in the |
@noelmcloughlin One problem we're going to run into with this is the TOFS pattern relies on a single, standard directory name when looking for templates. By default, this is |
Due to the many changes introduced in this PR, I am also in favour of this approach. |
|
While I fully see your point about splitting this up it will create more work for me, time that is taken out of my spare time. This PR is not nearly as big as it might seem change wise due to the most line changes being renames or the addition of the clean state which isn't strictly necessary. There's really only two changes being made to how this formula works:
PS. For any future PR I may submit I will make sure to keep the size down and changes separated. EDIT: The two actual changes in this state are covered by the automatic & manual test suite which at least gives me confidence in this PR being correct at this point. |
|
@rbjorklin I appreciate your concerns. In terms of the commit messages, are you happy to rebase your branch to accommodate for those? In order that the release can be prepared automatically. One of the commit messages (preferably the one that changes state names) needs to have a |
* see: https://github.com/saltstack-formulas/template-formula * systemd unit file:https://learn.hashicorp.com/vault/operations/ops-vault-ha-consul#vault-server-systemd-unit-file * currently the self-signed certificate part has not been ported but that can be done upon request BREAKING CHANGE: This renames all states and the config file being generated.
* remove "backend file" from defaults as it was always added due to being a default
* don't try to stop non-existing service
rbjorklin
force-pushed
the
align-with-template-formula
branch
from
7a92039 to
8d74960
Compare
|
@dafyddj Thanks for making the time for reviewing this PR. @rbjorklin It's up to you: would you like to wait for the review from @myoung34 or shall we go ahead and merge this? |
|
Big thanks to everyone for reviewing my changes and providing feedback 😃 If everyone else is okay with merging this I am too. |
|
@rbjorklin @dafyddj Merged! That was a big one -- great effort all round. |
|
🎉 This PR is included in version 1.0.0 🎉 The release is available on GitHub release Your semantic-release bot 📦🚀 |
|
@rbjorklin In case you're wondering, the |
file:https://learn.hashicorp.com/vault/operations/ops-vault-ha-consul#vault-server-systemd-unit-file
that can be done upon request