Juju Lint

Merge ~gabrielcocenza/juju-lint:subordinate-docs into juju-lint:master

  1. Git
  2. lp:~gabrielcocenza/juju-lint
  3. subordinate-docs
  4. Merge into master
Proposed by Gabriel Cocenza
Status: Work in progress
Proposed branch: ~gabrielcocenza/juju-lint:subordinate-docs
Merge into: juju-lint:master
Prerequisite: ~gabrielcocenza/juju-lint:bug/1965762
Diff against target: 301 lines (+212/-37)
3 files modified
README.md (+18/-37)
docs/space-checks.md (+31/-0)
docs/subordinates.md (+163/-0)
Reviewer Review Type Date Requested Status
Juju Lint maintainers Pending
Review via email: mp+423708@code.launchpad.net

Commit message

Update documentation

Co-authored-by: Arif Ali <email address hidden>

To post a comment you must log in.
Revision history for this message
🤖 Canonical IS Merge Bot (canonical-is-mergebot) wrote :

This merge proposal is being monitored by mergebot. Change the status to Approved to merge.

Reply

Unmerged commits

305a860... by Gabriel Cocenza

Update documentation

Co-authored-by: Arif Ali <email address hidden>

8419d92... by Gabriel Cocenza

check if subordinate units are related with other apps in the bundle.

- added new rules (check-relations and enforce-juju-info) into the
  subordinate rules file.
- added nrpe in the conftest to test subordinate relation rules.
- added description for tests that were missing and failing lint.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/README.md b/README.md
2index a99f87c..8a0ba50 100644
3--- a/README.md
4+++ b/README.md
5@@ -1,6 +1,11 @@
6-= Juju Lint =
7+# Juju Lint
8
9-== Introduction ==
10+## Install
11+```shell
12+sudo snap install juju-lint --classic
13+```
14+
15+## Introduction
16
17 This is intended to be run against a yaml or json dump of Juju status, a YAML
18 dump of a juju bundle, or a remote cloud or clouds via SSH.
19@@ -39,7 +44,7 @@ To use a different rules file:
20
21 For all other options, consult `juju-lint --help`
22
23-== Example ==
24+## Example
25
26 A typical use case is linting an openstack cloud:
27
28@@ -49,56 +54,32 @@ A typical use case is linting an openstack cloud:
29 -t openstack juju-status.json
30 juju-lint -c /snap/juju-lint/current/contrib/openstack-focal-ovn.yaml \
31 -t openstack bundle.yaml
32-
33-== Rules File ==
34+## Rules File
35
36 For an example of a rules file, see `example-lint-rules.yaml`.
37
38 Supported top-level options for your rules file:
39
40- 1. `subordinates` - required subordinates.
41+ 1. [subordinates](docs/subordinates.md) - required subordinates.
42 2. `known charms` - all primary charms should be in this list.
43 3. `operations [mandatory|optional|subordinate]`
44 4. `openstack [mandatory|optional|subordinate]`
45 5. `config` - application configuration auditing
46 6. `[openstack|kubernetes] config` - config auditing for specific cloud types.
47- 7. `space checks` - enforce/ignore checks for relation binding space
48+ 7. [space checks](docs/space-checks.md) - enforce/ignore checks for relation binding space
49 mismatches.
50 8. `!include <relative path>` - Extension to yaml to include files.
51
52-=== Space checks ===
53-
54-All relations defined within a bundle, except for cross-model relationships,
55-will be checked for mismatches of their space bindings.
56-
57-By default, mismatches are logged as warnings as they are not necessarily
58-critical problems. If applications can route to each other despite the
59-mismatch, there may be no real issue here, and it may be appropriate to ignore
60-certain issues. On the other hand, these mismatches may cause problems ranging
61-from impaired throughput due to using suboptimal interfaces to breakages due to
62-not being able to route between the related units.
63-
64-The following options are available to either log such mismatches as errors or
65-to ignore them entirely:
66-
67- 1. `enforce endpoints` - A list of <charm>:<endpoint> strings. If a mismatch
68- matches one of these endpoints, it will be flagged as an error.
69- 2. `enforce relations` - A list of two-item <charm>:<endpoint> string lists,
70- representing the two linked endpoints of a relation. If a mismatch
71- matches one of these relations, it will be flagged as an error.
72- 1. `ignore endpoints` - A list of <charm>:<endpoint> strings. If a mismatch
73- matches one of these endpoints, it will be ignored.
74- 1. `ignore relations` - A list of two-item <charm>:<endpoint> string lists,
75- representing the two linked endpoints of a relation. If a mismatch
76- matches one of these relations, it will be ignored.
77+There are some rules files that are ready to be used and they can be found at:
78
79-In the case of a mismatch matching both enforce and ignore rules, the enforce
80-rule will "win" and it will be flagged as an error.
81+```
82+/snap/juju-lint/current/contrib/
83+```
84
85-Note that all the above checks use charm names rather than application names
86-in their endpoint strings.
87+## Documentation
88+Documentation is available at the [docs](docs) folder.
89
90-== License ==
91+## License
92
93 Copyright 2020 Canonical Limited.
94 License granted by Canonical Limited.
95diff --git a/docs/space-checks.md b/docs/space-checks.md
96new file mode 100644
97index 0000000..3afdc92
98--- /dev/null
99+++ b/docs/space-checks.md
100@@ -0,0 +1,31 @@
101+# Space checks
102+
103+All relations defined within a bundle, except for cross-model relationships,
104+will be checked for mismatches of their space bindings.
105+
106+By default, mismatches are logged as warnings as they are not necessarily
107+critical problems. If applications can route to each other despite the
108+mismatch, there may be no real issue here, and it may be appropriate to ignore
109+certain issues. On the other hand, these mismatches may cause problems ranging
110+from impaired throughput due to using suboptimal interfaces to breakages due to
111+not being able to route between the related units.
112+
113+The following options are available to either log such mismatches as errors or
114+to ignore them entirely:
115+
116+ 1. `enforce endpoints` - A list of <charm>:<endpoint> strings. If a mismatch
117+ matches one of these endpoints, it will be flagged as an error.
118+ 2. `enforce relations` - A list of two-item <charm>:<endpoint> string lists,
119+ representing the two linked endpoints of a relation. If a mismatch
120+ matches one of these relations, it will be flagged as an error.
121+ 1. `ignore endpoints` - A list of <charm>:<endpoint> strings. If a mismatch
122+ matches one of these endpoints, it will be ignored.
123+ 1. `ignore relations` - A list of two-item <charm>:<endpoint> string lists,
124+ representing the two linked endpoints of a relation. If a mismatch
125+ matches one of these relations, it will be ignored.
126+
127+In the case of a mismatch matching both enforce and ignore rules, the enforce
128+rule will "win" and it will be flagged as an error.
129+
130+Note that all the above checks use charm names rather than application names
131+in their endpoint strings.
132\ No newline at end of file
133diff --git a/docs/subordinates.md b/docs/subordinates.md
134new file mode 100644
135index 0000000..1f0aa4a
136--- /dev/null
137+++ b/docs/subordinates.md
138@@ -0,0 +1,163 @@
139+# Subordinates
140+
141+The purpose of the subordinates section is to check which subordinates are available on each of the deployed applications.
142+
143+Below is an example of what the subordinates attribute can look like
144+
145+```yaml
146+subordinates:
147+ telegraf:
148+ where: all except prometheus
149+ landscape-client:
150+ where: all except landscape-server
151+ filebeat:
152+ where: all except graylog
153+ canonical-livepatch:
154+ where: host only
155+ nrpe:
156+ where: container aware
157+ host-suffixes: [host, physical, guest]
158+ container-suffixes: [lxd, container]
159+ exceptions: [nagios]
160+ check-relations: [
161+ ["*:nrpe-external-master", "nrpe:nrpe-external-master"],
162+ ["nagios:monitors", "nrpe:monitors"],
163+ ]
164+ enforce-juju-info : true
165+ ntp:
166+ where: host only
167+ thruk-agent:
168+ where: on nagios
169+ hw-health:
170+ where: metal only
171+ local-users:
172+ where: all or nothing
173+```
174+
175+## where
176+
177+In the `where` option we specify generally where to find the subordinates.
178+
179+In the above example we have 9 subordinates that we are looking at. Below we'll go through each of them, and explain all the options
180+
181+### all except \<app\>
182+
183+3 applications have tha same option, i.e. `telegraf`, `landscape-client` and `filebeat`, and these use the `where: all except ...` option. Below is the one from `telegraf`
184+
185+```yaml
186+telegraf:
187+ where: all except prometheus
188+```
189+
190+This option is suggesting that we should find the `telagraf` subordinate charm under all the applications except for the `prometheus` applications
191+
192+### host only
193+
194+We have one subordinate charm, that is using this option, namely `ntp` as shown below
195+
196+```yaml
197+ntp:
198+ where: host only
199+```
200+
201+In this instance the option will check that the `ntp` charm is available on all the hosts that are not containers.
202+
203+This is useful in this scenario, as running `ntp` on a container does not make sense, as the time for a container is directly taken from the underlying hypervisor. Also in this scenario, the ntp charm will not be able to change the time so wouldn't make sense.
204+
205+### metal only
206+We have one subordinate charm, that is using this option, namely `hw-health` as shown below
207+
208+```yaml
209+hw-health:
210+ where: metal only
211+```
212+
213+In this instance the option will check that the `hw-health` charm is available on all the machines that are running on bare-metal.
214+
215+This is useful in this scenario, as running `hw-health` on a container or on a vm does not make sense because the charm only work for
216+bare-metal installations on specific hardware.
217+
218+
219+### on \<app\>
220+
221+We have one subordinate charm, that is using this option, namely `thruk-agent` as shown below
222+
223+```yaml
224+thruk-agent:
225+ where: on nagios
226+```
227+
228+This option checks that this particular subordinate charm is on a specific application. So in this scenario, the tool will chck that the `thruk-agent` is only on the `nagios` application
229+
230+### container aware
231+
232+We have one subordinate charm in our example that is using this option, namely `nrpe` as shown below
233+
234+```yaml
235+ nrpe:
236+ where: container aware
237+ host-suffixes: [host, physical, guest]
238+ container-suffixes: [lxd, container]
239+ exceptions: [nagios]
240+ check-relations: [
241+ ["*:nrpe-external-master", "nrpe:nrpe-external-master"],
242+ ["nagios:monitors", "nrpe:monitors"],
243+ ]
244+ enforce-juju-info : true
245+```
246+
247+As can be seen, this specific option has many other variables that we need to look at. The purpose of this option is to check the name of the subordinate charm that is linked, and that `nrpe` is in the name of the subordinate
248+
249+The `host-suffixes` and `container-suffixes` options are designed to look for the name of the subordinate with the relevant fixes, whether is a physical server, vm or a container. `host-suffixes` currently caters for physical and kvms, and `container-suffixes` for lxc containers. If however if neither of these options are found then the longer option of searching through is used, so could take longer
250+
251+Another option is `exceptions`, this is where the relevant subordinate will not be present. In the above scenario, we don't run nrpe on the nagios server, as that has the capability of monitoring itself and therefore is not required
252+
253+### all
254+
255+This option will suggest that all the applications will have this particular subordinate
256+
257+### all or nothing
258+
259+We have one subordinate charm in our example that is using this option, namely `local-users` as shown below:
260+
261+```yaml
262+local-users:
263+ where: all or nothing
264+```
265+
266+This option will check whether if all the applications will have this particular subordinate or none will have it.
267+
268+## check-relations and enforce-juju-info
269+
270+Those options are used to check if subordinate units are related with other applications in the bundle. We have one subordinate charm in our example that is using this option, namely `nrpe` as shown below:
271+
272+```yaml
273+ nrpe:
274+ where: container aware
275+ host-suffixes: [host, physical, guest]
276+ container-suffixes: [lxd, container]
277+ exceptions: [nagios]
278+ check-relations: [
279+ ["*:nrpe-external-master", "nrpe:nrpe-external-master"],
280+ ["nagios:monitors", "nrpe:monitors"],
281+ ]
282+ enforce-juju-info : true
283+```
284+
285+`check-relations` should be passed as a List of Lists. Each element should have this pattern:
286+
287+```
288+[<CHARM>:<INTERFACE>, <SUBORDINATE_CHARM>:<SUBORDINATE_INTERFACE>]
289+```
290+
291+If you want to add a rule that is the same for several charms, you can use `*` instead of making an exhaustive list.
292+
293+In the example above, the first element is using `*` meaning that it will check for `nrpe-external-master` endpoint on all applications in the bundle. If this endpoint exists in the charm, it will check if it's related to the subordinate.
294+
295+The second element in the example will check if the app `nagios` is related with `nrpe` using the `monitors` interface.
296+
297+Nrpe should relate preferably using the `nrpe-external-master` interface in this example, but in some cases that is not possible (e.g: ubuntu with nrpe). If you want to guarantee that a relation is happening you can set `enforce-juju-info` to `true`. This will check if the app is related using the less specific interface `juju-info`.
298+
299+If `enforce-juju-info` is set to `false` the only relations that will be checked are the ones inside `check-relations`.
300+
301+**Note:** In case that a charm has a more specific endpoint to relate with the subordinate and it's using `juju-info` an alert will happen.

Subscribers

People subscribed via source and target branches