Geek Answers Handbook

Lines Salt states without starting them

I use Saltstack in homelab, and I often find that I check slightly broken rules when testing them. I would like to be able to check them for validity and, otherwise, use them locally and on a Jenkins instance, but I cannot find documentation on how I can do this. Is something missing?

+7
salt stack
source share
4 answers

Syntax problems are multilayered in Solta (for example, Jinja → YAML → state function arguments), and there is no tool to cover them.

A quick answer based on this related issue should trigger a multi-level parsing:

salt-call state.show_highstate | tee highstate.output.yaml salt-call state.show_sls [state_id] | tee state_id.output.yaml

The show_* functions display status data when the minion sees this before execution.

Using a salt-call on the minion side (instead of salt on the main side) often provides better debugging options - this is basically a preference.

Problems can also occur in columns or grains (make sure that all necessary data is compiled and exists as expected):

 salt-call pillar.items | tee pillar.output.yaml salt-call grains.items | tee grains.output.yaml

As @ cyfur01 mentioned, the current states directly (with test mode or not) is the last step to troubleshooting:

 salt-call state.highstate test=True | tee highstate.output.yaml salt-call state.sls [state_id] test=True | tee state_id.output.yaml
+6
source share

Salt states support the test interface . For example:

 salt '*' state.highstate test=True

This should trigger states and tell you everything that they could do without changing anything - effectively this is a dry job. Despite the fact that he is not a tool for linting, he confirms that Salt is able to analyze and run everything.

+5
source share

The test option is heavy for dragging and dropping YAML configurations. Instead, try creating a preliminary script frame that includes something like this:

 salt-call state.highstate --file-root=$PWD --local --retcode-passthrough mocked=True
  • --file-root allows you to specify the location of your current control
  • --local indicates that the wizard should not take action
  • --retcode-passthrough forces this command to exit non-zero if it is not possible to build any rule
  • mock=True processes all rules, but does not initiate connections. This is a new feature in 2015.8.5 . An alternative method is to run state.show_highstate
+2
source share

I have been looking for some time to get a good way to achieve this quality QA in salt state, and my best answer so far:

  • Using jenkins to run jobs (via ssh) based on the dev git branch, which:

    • Providing lxc in our lab proxmox private cloud (just like we do in prod)

    • Using salt reactors, the container gets its configuration (as it would be on prod)

    • Using testinfra to run unit test in an embedded and configured container

    • Finally, if everything goes OK, destroy the container if you don't save it for the morning debugging session :)

  • We also perform tasks on jintkins:

     for state in $(sudo /usr/bin/salt-call cp.list_states | awk '{print $2}' | grep -v "^top$"); do sudo /usr/bin/salt-call --retcode-passthrough state.show_sls ${state} ; done

I still have a problem getting the correct return code for this last linting job (due to ssh, etc.).

This process as a whole provides:

  • Our preparation process is in order
  • Our code base (state + post) works as expected
  • We can combine dev with prod with great confidence

A good testing point is that it can use a salt connection backend that allows testinfra to connect to the container without having to deploy an ssh key or anything else (since we use the salt cloud for initial provisioning)

Read more about testinfra cell compound , testinfra salt module .

This is not perfect, but still it's a good job.

0
source share

More articles:


All Articles