Juju Lint

Merge ~gabrielcocenza/juju-lint:subordinate-docs into juju-lint:master

  1. Git
  2. lp:~gabrielcocenza/juju-lint
  3. subordinate-docs
  4. Merge into master
Proposed by Gabriel Cocenza
Status: Work in progress
Proposed branch: ~gabrielcocenza/juju-lint:subordinate-docs
Merge into: juju-lint:master
Prerequisite: ~gabrielcocenza/juju-lint:bug/1965762
Diff against target: 301 lines (+212/-37)
3 files modified
README.md (+18/-37)
docs/space-checks.md (+31/-0)
docs/subordinates.md (+163/-0)
Reviewer Review Type Date Requested Status
Juju Lint maintainers Pending
Review via email: mp+423708@code.launchpad.net

Commit message

Update documentation

Co-authored-by: Arif Ali <email address hidden>

To post a comment you must log in.
Revision history for this message
🤖 Canonical IS Merge Bot (canonical-is-mergebot) wrote :

This merge proposal is being monitored by mergebot. Change the status to Approved to merge.

Reply

Unmerged commits

305a860... by Gabriel Cocenza

Update documentation

Co-authored-by: Arif Ali <email address hidden>

8419d92... by Gabriel Cocenza

check if subordinate units are related with other apps in the bundle.

- added new rules (check-relations and enforce-juju-info) into the
  subordinate rules file.
- added nrpe in the conftest to test subordinate relation rules.
- added description for tests that were missing and failing lint.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/README.md b/README.md
index a99f87c..8a0ba50 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,11 @@
1= Juju Lint =1# Juju Lint
22
3== Introduction ==3## Install
4```shell
5sudo snap install juju-lint --classic
6```
7
8## Introduction
49
5This is intended to be run against a yaml or json dump of Juju status, a YAML10This is intended to be run against a yaml or json dump of Juju status, a YAML
6dump of a juju bundle, or a remote cloud or clouds via SSH.11dump of a juju bundle, or a remote cloud or clouds via SSH.
@@ -39,7 +44,7 @@ To use a different rules file:
3944
40For all other options, consult `juju-lint --help`45For all other options, consult `juju-lint --help`
4146
42== Example ==47## Example
4348
44A typical use case is linting an openstack cloud:49A typical use case is linting an openstack cloud:
4550
@@ -49,56 +54,32 @@ A typical use case is linting an openstack cloud:
49 -t openstack juju-status.json54 -t openstack juju-status.json
50 juju-lint -c /snap/juju-lint/current/contrib/openstack-focal-ovn.yaml \55 juju-lint -c /snap/juju-lint/current/contrib/openstack-focal-ovn.yaml \
51 -t openstack bundle.yaml56 -t openstack bundle.yaml
5257## Rules File
53== Rules File ==
5458
55For an example of a rules file, see `example-lint-rules.yaml`.59For an example of a rules file, see `example-lint-rules.yaml`.
5660
57Supported top-level options for your rules file:61Supported top-level options for your rules file:
5862
59 1. `subordinates` - required subordinates.63 1. [subordinates](docs/subordinates.md) - required subordinates.
60 2. `known charms` - all primary charms should be in this list.64 2. `known charms` - all primary charms should be in this list.
61 3. `operations [mandatory|optional|subordinate]`65 3. `operations [mandatory|optional|subordinate]`
62 4. `openstack [mandatory|optional|subordinate]`66 4. `openstack [mandatory|optional|subordinate]`
63 5. `config` - application configuration auditing67 5. `config` - application configuration auditing
64 6. `[openstack|kubernetes] config` - config auditing for specific cloud types.68 6. `[openstack|kubernetes] config` - config auditing for specific cloud types.
65 7. `space checks` - enforce/ignore checks for relation binding space69 7. [space checks](docs/space-checks.md) - enforce/ignore checks for relation binding space
66 mismatches.70 mismatches.
67 8. `!include <relative path>` - Extension to yaml to include files.71 8. `!include <relative path>` - Extension to yaml to include files.
6872
69=== Space checks ===73There are some rules files that are ready to be used and they can be found at:
70
71All relations defined within a bundle, except for cross-model relationships,
72will be checked for mismatches of their space bindings.
73
74By default, mismatches are logged as warnings as they are not necessarily
75critical problems. If applications can route to each other despite the
76mismatch, there may be no real issue here, and it may be appropriate to ignore
77certain issues. On the other hand, these mismatches may cause problems ranging
78from impaired throughput due to using suboptimal interfaces to breakages due to
79not being able to route between the related units.
80
81The following options are available to either log such mismatches as errors or
82to ignore them entirely:
83
84 1. `enforce endpoints` - A list of <charm>:<endpoint> strings. If a mismatch
85 matches one of these endpoints, it will be flagged as an error.
86 2. `enforce relations` - A list of two-item <charm>:<endpoint> string lists,
87 representing the two linked endpoints of a relation. If a mismatch
88 matches one of these relations, it will be flagged as an error.
89 1. `ignore endpoints` - A list of <charm>:<endpoint> strings. If a mismatch
90 matches one of these endpoints, it will be ignored.
91 1. `ignore relations` - A list of two-item <charm>:<endpoint> string lists,
92 representing the two linked endpoints of a relation. If a mismatch
93 matches one of these relations, it will be ignored.
9474
95In the case of a mismatch matching both enforce and ignore rules, the enforce75```
96rule will "win" and it will be flagged as an error.76/snap/juju-lint/current/contrib/
77```
9778
98Note that all the above checks use charm names rather than application names79## Documentation
99in their endpoint strings.80Documentation is available at the [docs](docs) folder.
10081
101== License ==82## License
10283
103Copyright 2020 Canonical Limited.84Copyright 2020 Canonical Limited.
104License granted by Canonical Limited.85License granted by Canonical Limited.
diff --git a/docs/space-checks.md b/docs/space-checks.md
105new file mode 10064486new file mode 100644
index 0000000..3afdc92
--- /dev/null
+++ b/docs/space-checks.md
@@ -0,0 +1,31 @@
1# Space checks
2
3All relations defined within a bundle, except for cross-model relationships,
4will be checked for mismatches of their space bindings.
5
6By default, mismatches are logged as warnings as they are not necessarily
7critical problems. If applications can route to each other despite the
8mismatch, there may be no real issue here, and it may be appropriate to ignore
9certain issues. On the other hand, these mismatches may cause problems ranging
10from impaired throughput due to using suboptimal interfaces to breakages due to
11not being able to route between the related units.
12
13The following options are available to either log such mismatches as errors or
14to ignore them entirely:
15
16 1. `enforce endpoints` - A list of <charm>:<endpoint> strings. If a mismatch
17 matches one of these endpoints, it will be flagged as an error.
18 2. `enforce relations` - A list of two-item <charm>:<endpoint> string lists,
19 representing the two linked endpoints of a relation. If a mismatch
20 matches one of these relations, it will be flagged as an error.
21 1. `ignore endpoints` - A list of <charm>:<endpoint> strings. If a mismatch
22 matches one of these endpoints, it will be ignored.
23 1. `ignore relations` - A list of two-item <charm>:<endpoint> string lists,
24 representing the two linked endpoints of a relation. If a mismatch
25 matches one of these relations, it will be ignored.
26
27In the case of a mismatch matching both enforce and ignore rules, the enforce
28rule will "win" and it will be flagged as an error.
29
30Note that all the above checks use charm names rather than application names
31in their endpoint strings.
0\ No newline at end of file32\ No newline at end of file
diff --git a/docs/subordinates.md b/docs/subordinates.md
1new file mode 10064433new file mode 100644
index 0000000..1f0aa4a
--- /dev/null
+++ b/docs/subordinates.md
@@ -0,0 +1,163 @@
1# Subordinates
2
3The purpose of the subordinates section is to check which subordinates are available on each of the deployed applications.
4
5Below is an example of what the subordinates attribute can look like
6
7```yaml
8subordinates:
9 telegraf:
10 where: all except prometheus
11 landscape-client:
12 where: all except landscape-server
13 filebeat:
14 where: all except graylog
15 canonical-livepatch:
16 where: host only
17 nrpe:
18 where: container aware
19 host-suffixes: [host, physical, guest]
20 container-suffixes: [lxd, container]
21 exceptions: [nagios]
22 check-relations: [
23 ["*:nrpe-external-master", "nrpe:nrpe-external-master"],
24 ["nagios:monitors", "nrpe:monitors"],
25 ]
26 enforce-juju-info : true
27 ntp:
28 where: host only
29 thruk-agent:
30 where: on nagios
31 hw-health:
32 where: metal only
33 local-users:
34 where: all or nothing
35```
36
37## where
38
39In the `where` option we specify generally where to find the subordinates.
40
41In the above example we have 9 subordinates that we are looking at. Below we'll go through each of them, and explain all the options
42
43### all except \<app\>
44
453 applications have tha same option, i.e. `telegraf`, `landscape-client` and `filebeat`, and these use the `where: all except ...` option. Below is the one from `telegraf`
46
47```yaml
48telegraf:
49 where: all except prometheus
50```
51
52This option is suggesting that we should find the `telagraf` subordinate charm under all the applications except for the `prometheus` applications
53
54### host only
55
56We have one subordinate charm, that is using this option, namely `ntp` as shown below
57
58```yaml
59ntp:
60 where: host only
61```
62
63In this instance the option will check that the `ntp` charm is available on all the hosts that are not containers.
64
65This is useful in this scenario, as running `ntp` on a container does not make sense, as the time for a container is directly taken from the underlying hypervisor. Also in this scenario, the ntp charm will not be able to change the time so wouldn't make sense.
66
67### metal only
68We have one subordinate charm, that is using this option, namely `hw-health` as shown below
69
70```yaml
71hw-health:
72 where: metal only
73```
74
75In this instance the option will check that the `hw-health` charm is available on all the machines that are running on bare-metal.
76
77This is useful in this scenario, as running `hw-health` on a container or on a vm does not make sense because the charm only work for
78bare-metal installations on specific hardware.
79
80
81### on \<app\>
82
83We have one subordinate charm, that is using this option, namely `thruk-agent` as shown below
84
85```yaml
86thruk-agent:
87 where: on nagios
88```
89
90This option checks that this particular subordinate charm is on a specific application. So in this scenario, the tool will chck that the `thruk-agent` is only on the `nagios` application
91
92### container aware
93
94We have one subordinate charm in our example that is using this option, namely `nrpe` as shown below
95
96```yaml
97 nrpe:
98 where: container aware
99 host-suffixes: [host, physical, guest]
100 container-suffixes: [lxd, container]
101 exceptions: [nagios]
102 check-relations: [
103 ["*:nrpe-external-master", "nrpe:nrpe-external-master"],
104 ["nagios:monitors", "nrpe:monitors"],
105 ]
106 enforce-juju-info : true
107```
108
109As can be seen, this specific option has many other variables that we need to look at. The purpose of this option is to check the name of the subordinate charm that is linked, and that `nrpe` is in the name of the subordinate
110
111The `host-suffixes` and `container-suffixes` options are designed to look for the name of the subordinate with the relevant fixes, whether is a physical server, vm or a container. `host-suffixes` currently caters for physical and kvms, and `container-suffixes` for lxc containers. If however if neither of these options are found then the longer option of searching through is used, so could take longer
112
113Another option is `exceptions`, this is where the relevant subordinate will not be present. In the above scenario, we don't run nrpe on the nagios server, as that has the capability of monitoring itself and therefore is not required
114
115### all
116
117This option will suggest that all the applications will have this particular subordinate
118
119### all or nothing
120
121We have one subordinate charm in our example that is using this option, namely `local-users` as shown below:
122
123```yaml
124local-users:
125 where: all or nothing
126```
127
128This option will check whether if all the applications will have this particular subordinate or none will have it.
129
130## check-relations and enforce-juju-info
131
132Those options are used to check if subordinate units are related with other applications in the bundle. We have one subordinate charm in our example that is using this option, namely `nrpe` as shown below:
133
134```yaml
135 nrpe:
136 where: container aware
137 host-suffixes: [host, physical, guest]
138 container-suffixes: [lxd, container]
139 exceptions: [nagios]
140 check-relations: [
141 ["*:nrpe-external-master", "nrpe:nrpe-external-master"],
142 ["nagios:monitors", "nrpe:monitors"],
143 ]
144 enforce-juju-info : true
145```
146
147`check-relations` should be passed as a List of Lists. Each element should have this pattern:
148
149```
150[<CHARM>:<INTERFACE>, <SUBORDINATE_CHARM>:<SUBORDINATE_INTERFACE>]
151```
152
153If you want to add a rule that is the same for several charms, you can use `*` instead of making an exhaustive list.
154
155In the example above, the first element is using `*` meaning that it will check for `nrpe-external-master` endpoint on all applications in the bundle. If this endpoint exists in the charm, it will check if it's related to the subordinate.
156
157The second element in the example will check if the app `nagios` is related with `nrpe` using the `monitors` interface.
158
159Nrpe should relate preferably using the `nrpe-external-master` interface in this example, but in some cases that is not possible (e.g: ubuntu with nrpe). If you want to guarantee that a relation is happening you can set `enforce-juju-info` to `true`. This will check if the app is related using the less specific interface `juju-info`.
160
161If `enforce-juju-info` is set to `false` the only relations that will be checked are the ones inside `check-relations`.
162
163**Note:** In case that a charm has a more specific endpoint to relate with the subordinate and it's using `juju-info` an alert will happen.

Subscribers

People subscribed via source and target branches