parent
468a293f61
commit
1dc5fd759c
GPG key ID:
03906B4110AAD3B8
1 changed files with 9 additions and 9 deletions
|
|
@ -56,14 +56,15 @@ summary: "Enroll can now render Puppet and Salt manifests alongside Ansible, det
|
||||||
|
|
||||||
<h2 class="h4 fw-bold mt-4">New grouping behaviour in roles/modules</h2>
|
<h2 class="h4 fw-bold mt-4">New grouping behaviour in roles/modules</h2>
|
||||||
<p class="text-secondary">Did you find the number of manifested roles overwhelming?</p>
|
<p class="text-secondary">Did you find the number of manifested roles overwhelming?</p>
|
||||||
<p>Previously, Enroll created an Ansible role (or, now, a Puppet module or Salt role) for pretty much every 'package' it found. In some cases (especially on desktops) this could result in hundreds of roles. Technically fine, but overwhelming to look at! It also made the playbooks a bit slow to run. If you have fewer roles that 'loop' over packages to install and config files to manage, Ansible gets faster.</p>
|
<p>Previously, Enroll created an Ansible role (or, now, a Puppet module or Salt role) for pretty much every 'package' it found. In some cases this could result in hundreds of roles.</p>
|
||||||
|
<p>Technically fine, but overwhelming to look at! It also made the playbooks a bit slow to run. If you have fewer roles for the same harvest, Ansible gets faster.</p>
|
||||||
|
|
||||||
<p>As of 0.7.0, where Enroll can read that package metadata, it groups related package and service snapshots by the package manager's <code>Section</code> category (or comparable backend metadata), to make it less noisy. For example, network-related packages and config files might end up in a role called <code>net</code>. Meanwhile, vim, nano might both appear in <code>editors</code>, and mutt and Thunderbird may be in <code>mail</code>. It's easier on the eye, and it's quicker to run the playbook end to end!</p>
|
<p>As of 0.7.0, Enroll groups related package and service snapshots by the package manager's <code>Section</code> category (or comparable backend metadata).</p>
|
||||||
|
<p>For example, network-related packages and config files might end up in a role called <code>net</code>. Meanwhile, vim, nano might both appear in <code>editors</code>, and mutt and Thunderbird may be in <code>mail</code>. It's easier on the eye, and it's quicker to run!</p>
|
||||||
|
|
||||||
<p>Hello, opinions. If you're not a fan of this new layout, you can pass <code>--no-common-roles</code> to enforce the previous behaviour. Also, if you use <code>--fqdn</code> for host-specific data-driven output, the 'common' roles are disabled automatically, because it's then safer to avoid 'bleed in' of unnecessary package installation on other hosts from a role that otherwise 'assumes too much' for all hosts.</p>
|
<p>If you don't like this new layout, you can pass <code>--no-common-roles</code> to enforce the previous behaviour. Also, if you use <code>--fqdn</code> for host-specific data-driven output, 'common' roles are disabled automatically, to avoid 'bleed in' of unnecessary packages on other hosts that might share that role later.</p>
|
||||||
|
|
||||||
<h2 class="h4 fw-bold mt-4">Flatpak and Snap detection</h2>
|
<h2 class="h4 fw-bold mt-4">Flatpak and Snap detection</h2>
|
||||||
<p class="text-secondary">Because the state of package management in the 2020s is a circus...</p>
|
|
||||||
<p>Enroll now attempts to detect Flatpak and Snaps present on the system. For Flatpaks, this includes user-specific Flatpaks as well as system-wide ones. Manifesting in Ansible will attempt to use the <code>community.general</code> collection to create <a href="https://galaxy.ansible.com/ui/repo/published/community/general/content/module/flatpak/" target="_blank" rel="noopener noreferrer">Flatpak</a> and <a href="https://galaxy.ansible.com/ui/repo/published/community/general/content/module/snap/" target="_blank" rel="noopener noreferrer">Snap</a> tasks to enforce the presence of those packages.</p>
|
<p>Enroll now attempts to detect Flatpak and Snaps present on the system. For Flatpaks, this includes user-specific Flatpaks as well as system-wide ones. Manifesting in Ansible will attempt to use the <code>community.general</code> collection to create <a href="https://galaxy.ansible.com/ui/repo/published/community/general/content/module/flatpak/" target="_blank" rel="noopener noreferrer">Flatpak</a> and <a href="https://galaxy.ansible.com/ui/repo/published/community/general/content/module/snap/" target="_blank" rel="noopener noreferrer">Snap</a> tasks to enforce the presence of those packages.</p>
|
||||||
<p>Flatpak/Snap manifesting is also available for Puppet and Snap, but it's slightly cruder through the use of guarded cmd/exec statements - I found this keeps things simpler than having to add third party modules/extensions (and the state of extensions in Salt Stack right now, <a href="https://salt.tips/the-great-salt-module-migration/" target="_blank" rel="noopener noreferrer">is a bit of a mess</a>, IMO).</p>
|
<p>Flatpak/Snap manifesting is also available for Puppet and Snap, but it's slightly cruder through the use of guarded cmd/exec statements - I found this keeps things simpler than having to add third party modules/extensions (and the state of extensions in Salt Stack right now, <a href="https://salt.tips/the-great-salt-module-migration/" target="_blank" rel="noopener noreferrer">is a bit of a mess</a>, IMO).</p>
|
||||||
|
|
||||||
|
|
@ -87,7 +88,6 @@ ok: [localhost] => (item={'channel': 'latest/stable', 'classic': False, 'dangero
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<h2 class="h4 fw-bold mt-4">Docker/Podman image detection</h2>
|
<h2 class="h4 fw-bold mt-4">Docker/Podman image detection</h2>
|
||||||
<p class="text-secondary">Because it works on your machine....</p>
|
|
||||||
<p>The <code>harvest</code> now detects the presence of container images, if the user has permission to call Docker or Podman. In particular, it detects the SHA256 of the image instead of relying on floating tags.</p>
|
<p>The <code>harvest</code> now detects the presence of container images, if the user has permission to call Docker or Podman. In particular, it detects the SHA256 of the image instead of relying on floating tags.</p>
|
||||||
<p>All three renderers (Ansible, Salt and Puppet) will attempt to enforce the presence of those Docker images per their precise SHA256 hash, if they were present in the harvest but not on the machine upon applying a manifest.</p>
|
<p>All three renderers (Ansible, Salt and Puppet) will attempt to enforce the presence of those Docker images per their precise SHA256 hash, if they were present in the harvest but not on the machine upon applying a manifest.</p>
|
||||||
<p>For Ansible, you may need the <code>community.docker</code> collection, but on Debian 13 I found that it was already present by default in the official ansible Debian packages.</p>
|
<p>For Ansible, you may need the <code>community.docker</code> collection, but on Debian 13 I found that it was already present by default in the official ansible Debian packages.</p>
|
||||||
|
|
@ -133,11 +133,11 @@ localhost : ok=5 changed=0 unreachable=0 failed=0 s
|
||||||
<li>In case you missed it in version 0.6.0: Enroll now harvests runtime <code>iptables</code> and <code>ipset</code> rules!</li>
|
<li>In case you missed it in version 0.6.0: Enroll now harvests runtime <code>iptables</code> and <code>ipset</code> rules!</li>
|
||||||
</ul>
|
</ul>
|
||||||
|
|
||||||
<h2 class="h4 fw-bold mt-4">See you soon..</h2>
|
<h2 class="h4 fw-bold mt-4">More coverage</h2>
|
||||||
<p>I'm off to try and write more tests - we're at about 86% coverage in pytest, and run a big suite unit tests for Ansible, Puppet and Salt too now, <a href="https://git.mig5.net/mig5/enroll/actions/runs/592" target="_blank" rel="noopener noreferrer">in CI</a>. I'm always trying to catch any regressions given there are so many variations on how you can use this tool.</p>
|
<p>With these changes comes a lot of new 'variance' and argument input to the app. Pytest coverage is now at about 86%, and there is a big suite unit tests for Ansible, Puppet and Salt too, <a href="https://git.mig5.net/mig5/enroll/actions/runs/592" target="_blank" rel="noopener noreferrer">in CI</a>. I'm continuing to try and automate testing all the ways you can use this tool.</p>
|
||||||
<p>Thanks to everyone who has reached out with suggestions, constructive criticism, and bug reports! You're helping make Enroll better for everyone.</p>
|
|
||||||
</ul>
|
|
||||||
|
|
||||||
|
<hr>
|
||||||
|
<p>Thanks to everyone who has reached out with suggestions, constructive criticism, and bug reports! If you think you know someone who would like Enroll, please tell them about it!</p>
|
||||||
</article>
|
</article>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
|
|
||||||
Reference in a new issue