From 1dc5fd759ca5405c2e632d5c25e743727b2764fd Mon Sep 17 00:00:00 2001 From: Miguel Jacq Date: Sun, 21 Jun 2026 15:32:17 +1000 Subject: [PATCH] Wording change --- src/content/news/0-7-0.html | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/src/content/news/0-7-0.html b/src/content/news/0-7-0.html index 71a37d2..713899c 100644 --- a/src/content/news/0-7-0.html +++ b/src/content/news/0-7-0.html @@ -56,14 +56,15 @@ summary: "Enroll can now render Puppet and Salt manifests alongside Ansible, det

New grouping behaviour in roles/modules

Did you find the number of manifested roles overwhelming?

-

Previously, Enroll created an Ansible role (or, now, a Puppet module or Salt role) for pretty much every 'package' it found. In some cases (especially on desktops) this could result in hundreds of roles. Technically fine, but overwhelming to look at! It also made the playbooks a bit slow to run. If you have fewer roles that 'loop' over packages to install and config files to manage, Ansible gets faster.

+

Previously, Enroll created an Ansible role (or, now, a Puppet module or Salt role) for pretty much every 'package' it found. In some cases this could result in hundreds of roles.

+

Technically fine, but overwhelming to look at! It also made the playbooks a bit slow to run. If you have fewer roles for the same harvest, Ansible gets faster.

-

As of 0.7.0, where Enroll can read that package metadata, it groups related package and service snapshots by the package manager's Section category (or comparable backend metadata), to make it less noisy. For example, network-related packages and config files might end up in a role called net. Meanwhile, vim, nano might both appear in editors, and mutt and Thunderbird may be in mail. It's easier on the eye, and it's quicker to run the playbook end to end!

+

As of 0.7.0, Enroll groups related package and service snapshots by the package manager's Section category (or comparable backend metadata).

+

For example, network-related packages and config files might end up in a role called net. Meanwhile, vim, nano might both appear in editors, and mutt and Thunderbird may be in mail. It's easier on the eye, and it's quicker to run!

-

Hello, opinions. If you're not a fan of this new layout, you can pass --no-common-roles to enforce the previous behaviour. Also, if you use --fqdn for host-specific data-driven output, the 'common' roles are disabled automatically, because it's then safer to avoid 'bleed in' of unnecessary package installation on other hosts from a role that otherwise 'assumes too much' for all hosts.

+

If you don't like this new layout, you can pass --no-common-roles to enforce the previous behaviour. Also, if you use --fqdn for host-specific data-driven output, 'common' roles are disabled automatically, to avoid 'bleed in' of unnecessary packages on other hosts that might share that role later.

Flatpak and Snap detection

-

Because the state of package management in the 2020s is a circus...

Enroll now attempts to detect Flatpak and Snaps present on the system. For Flatpaks, this includes user-specific Flatpaks as well as system-wide ones. Manifesting in Ansible will attempt to use the community.general collection to create Flatpak and Snap tasks to enforce the presence of those packages.

Flatpak/Snap manifesting is also available for Puppet and Snap, but it's slightly cruder through the use of guarded cmd/exec statements - I found this keeps things simpler than having to add third party modules/extensions (and the state of extensions in Salt Stack right now, is a bit of a mess, IMO).

@@ -87,7 +88,6 @@ ok: [localhost] => (item={'channel': 'latest/stable', 'classic': False, 'dangero

Docker/Podman image detection

-

Because it works on your machine....

The harvest now detects the presence of container images, if the user has permission to call Docker or Podman. In particular, it detects the SHA256 of the image instead of relying on floating tags.

All three renderers (Ansible, Salt and Puppet) will attempt to enforce the presence of those Docker images per their precise SHA256 hash, if they were present in the harvest but not on the machine upon applying a manifest.

For Ansible, you may need the community.docker collection, but on Debian 13 I found that it was already present by default in the official ansible Debian packages.

@@ -133,11 +133,11 @@ localhost : ok=5 changed=0 unreachable=0 failed=0 s
  • In case you missed it in version 0.6.0: Enroll now harvests runtime iptables and ipset rules!
    • -

    See you soon..

    -

    I'm off to try and write more tests - we're at about 86% coverage in pytest, and run a big suite unit tests for Ansible, Puppet and Salt too now, in CI. I'm always trying to catch any regressions given there are so many variations on how you can use this tool.

    -

    Thanks to everyone who has reached out with suggestions, constructive criticism, and bug reports! You're helping make Enroll better for everyone.

    - +

    More coverage

    +

    With these changes comes a lot of new 'variance' and argument input to the app. Pytest coverage is now at about 86%, and there is a big suite unit tests for Ansible, Puppet and Salt too, in CI. I'm continuing to try and automate testing all the ways you can use this tool.

    +
    +

    Thanks to everyone who has reached out with suggestions, constructive criticism, and bug reports! If you think you know someone who would like Enroll, please tell them about it!