Aquilon documentation improvements #244
Conversation
jouvin
force-pushed
the
aquilon_doc
branch
4 times, most recently
from
e01ae35
to
6564688
Compare
jouvin
force-pushed
the
aquilon_doc
branch
2 times, most recently
from
b285056
to
a80c7c6
Compare
_aquilon/configuration.md
Outdated
|
|
||
| ### Enabling the Template Library | ||
|
|
||
| A template library version is enabled in the context of an archetype, using `archetype/loadpath.pan` |
There was a problem hiding this comment.
This doesn't currently work in any released version of aq code. I think it would be better to document one of the workarounds I describe, e.g. creating a plenary/pan/units.pan or template-king/pan/units.pan that does include archetype/loadpath rather than documenting something that cannot work without applying a patch we are not keen on merging.
There was a problem hiding this comment.
@ned21 I discussed this issue with @urbonegi. There is no workaround possible without hacking things... The easiest is to merge the PR solving this properly (quattor/aquilon#87 (comment)). This PR is currently under review and I really hope that MS will agree the last version as it doesn't change anything for MS... The idea is that this doc will be announced once all the pending PRs are merged... In the meantime it is not worst than what existed before (and was basically unusable without the help of experts!).
There was a problem hiding this comment.
You could describe using pan/units.pan from either template-king or plenary as a hack but it's a simple and straight-forward one that's easy to follow and can be explained with a one line comment. So I think it's a workaround rather than a hack. The complexity of the broker changes you propose is much much higher and will carry a considerable code maintenance cost.
There was a problem hiding this comment.
@ned21 honnestly, I cannot buy that. This is not more complex that what MS implemented with the include_pan option as an attempt to solve the template library problem. Just a few additional lines and one option that could be used for everything specific needed by the template library. I don't want to describe a hack, I want the broker to do as many things as possible for me!
There was a problem hiding this comment.
I think we managed to converge... see quattor/aquilon#86
_aquilon/configuration.md
Outdated
|
|
||
| ### Defining the site global variables | ||
|
|
||
| It is a good practice to declare the main site variables in one template so that it is easy |
There was a problem hiding this comment.
Why not put these directly into archetype/base.pan rather than a separate file? That gives archetype/base more purpose.
There was a problem hiding this comment.
Because these variable are typically things that you want to share between archetypes! I think this is explained, I'll check.
There was a problem hiding this comment.
oh, I see - site is a top level directory. That makes sense, thanks for clarifying.
_aquilon/configuration.md
Outdated
| (the example is for the a repository called `el7x_x86_64`: | ||
|
|
||
| ```pan | ||
| structure template site/repository/snapshot/el7x_x86_64; |
There was a problem hiding this comment.
FYI, we keep these inside os/$osname/$osversion rather than using a site/ directory as it keeps them with the other OS config. Not sure if its helpful for us to try and converge practices or not?
There was a problem hiding this comment.
In the template library, we tend to use a separate namespace for all the repositories, OS or not... At some point, this is a detail, just need to be consistent. I think this way is more inline with the template library/SCDB way and may be more familiar....
_aquilon/configuration.md
Outdated
| include 'config/core/base'; | ||
| ``` | ||
|
|
||
| This template is calling a template independant of the particular OS name and version to |
jouvin
force-pushed
the
aquilon_doc
branch
2 times, most recently
from
c72ba1d
to
623abd6
Compare
jouvin
changed the title
|
I think I'm done with this PR and that it is ready for review. I tried to address most of the spellchecker remarks but there are a few ones where I don't know if I need to add the word or if the word I use is inappropriate... And please, review my additions to the dictionary! |
jouvin
force-pushed
the
aquilon_doc
branch
6 times, most recently
from
035d8a6
to
4eeb7ad
Compare
|
Now really fully tested 😄 |
- Rework the hardware-related sections of the configuration doc to rely on the template library as much as possible - Add a section on configuring the base OS - Fix spelling mistakes in previous mods
- Based on a real execution!
- Include a dictionary update
- Makes easier to copy/paste suggested contents
_aquilon/configuration.md
Outdated
| * Create the `/var/quattor/cfg/plenary/web_servers/archetype/loadpath.pan` template with the following content: | ||
|
|
||
| ```pan | ||
| # It is VERY IMPORTANT not to use this template for anything else than the initial |
There was a problem hiding this comment.
I think it would be good to say why here so people actually understand the consequences of breaking the directive. e.g. I wrote in the example arch:
# First template loaded by an object, before / is populated. This must be a
# declaration template because any change to / will be removed by a subsequent
# line in the object template.
_aquilon/configuration.md
Outdated
| they can be reviewed by others and then deploy them into a domain. | ||
|
|
||
| To publish the changes so that it is possible to deploy them later: | ||
|
|
||
| ```bash | ||
| aq publish --sandbox site-init | ||
| aq publish --sandbox tutorial |
There was a problem hiding this comment.
This goes against what you said at line 506. It's better to s/--sandbox/--branch/ to minimise confusion.
There was a problem hiding this comment.
@ned21 in fact, reading the help, I was wondering what is the difference between --sandbox and --branch. I had the feeling there was none... in which case you are right that it would be more consistent to use --sandbox when the value is of the form user/sandbox. Did I understand properly your point? Do you confirm that --sandbox and --branch are synonym for aq publish as the sandbox branch is not prefixed by the user (something I found surprising as I see a risk of conflict)?
- Installation: remove mention of PR now merged - Advanced configuration: remove mention about features bound to archetypes (implementation not really tested, use discouraged)
- Document stage 'previous'
|
As for me, this PR is ready for merging once quattor/aquilon#87 is merged (should happen soon!). I still have plenty of ideas for useful additions but probably better to do in future PRs as this one is already quite big and good enough to allow somebody to start playing with Aquilon in a useful way... |
|
@ned21 please, could you update your review which is currently blocking the PR but based on an earlier version.... |
|
Sorry very busy until Thursday, will look then. |
_aquilon/configuration.md
Outdated
| Aquilon requires for each archetype, in addition to its `base.pan` template created when the template library | ||
| was imported, a `final.pan` template which will be the very last executed in the host profile. It will be | ||
| created empty at this stage, in the `archetype` directory like `base.pan`: | ||
| Aquilon requires 2 templates for each archetype, located in the `archetype` |
There was a problem hiding this comment.
Actually we need 3 now we have added declarations.pan so this should be:
"In addition to the declarations.pan template described above, each archetype requires 2 further templates located in a directory called <<name-of-archetype>>/archetype"
_aquilon/configuration.md
Outdated
| The `pakiti` feature is easily added to the Aquilon database with: | ||
|
|
||
| ```bash | ||
| aq add feature --feature pakiti --type host --actation dispatch --deactivation reboot --grn test |
There was a problem hiding this comment.
actation => activation. You might want to consider adding a --comments "This feature deploys the pakiti software" to show how you can annotate your features with a helpful description
_aquilon/configuration.md
Outdated
| Once added it must be bound to the `web-servers` personality: | ||
|
|
||
| ```bash | ||
| aq bind_feature --feature pakity --personality test --archetype web_servers |
| This feature requires one variable to be added to our site configuration to define the name of the | ||
| Pakiti server. Based on whether the current host is the pakiti server or not, the server or the client will | ||
| be configured. Presently, we will configure the Pakiti client as part of the `test` personality. To achieve | ||
| this, add the following variable definition to `site/config/global_variables.pan`: |
There was a problem hiding this comment.
Why wouldn't you define this server in the feature template itself? Otherwise you have two files managing a feature which is harder to use.
[Optional/future improvement] You could also use this as an example of how to use service bindings. Instead of binding a feature to a personality, you could define a service called pakiti and then use aq bind_server to set the desired PAKITI_SERVER.
There was a problem hiding this comment.
@ned21 thanks for the advice. I have not played with services yet but I will and add a section on them in a future revision. The server cannot be defined in the template because this feature is coming from the template library so is site-agnostic...
There was a problem hiding this comment.
ah, OK sorry I missed that bit. But it's still not really the right way to do it: you should have a file called features/pakiti/confg.pan that does:
variable PAKITI_SERVER = 'pakiti.dailyplanet.com';
include "template-library-standard/features/pakiti/config";
so the config is self-contained and not dependent on a single huge file where it's easy to get merge conflicts.
There was a problem hiding this comment.
Looking a bit deeper, I see the way the standard library is included means you can't do this. There can be only one file called features/pakiti/config and that's in the TL; if you define another one in template-king it will take precedence and you won't be able to include the TL one.
You can do this with a service template though:
template service/pakiti/client/config;
# included automatically by broker when a client is bound to a service
variable PAKITI_SERVER = value("/system/services/pakiti/servers/0");
# load feature config from template-library-standard
include "features/pakiti/config";
_aquilon/configuration.md
Outdated
| The new host configuration can now be compiled, published an deployed with the usual commands: | ||
|
|
||
| ```bash | ||
| aq promote --personality test --archetype web_servers |
There was a problem hiding this comment.
The change was already promoted at line 934
There was a problem hiding this comment.
Good catch! In fact I was not seeing it a couple of days ago thus I added in line 934!
| use the following command: | ||
|
|
||
| ```bash | ||
| aq promote --personality test --archetype web_servers |
There was a problem hiding this comment.
Do an aq show_diff --archetype web_servers --personality test --personality_stage current --other_stage next first to demonstrate how to see what changes are about to be promoted?
There was a problem hiding this comment.
I have still a lot to learn about Aquilon advanced features! Adding it!
_aquilon/configuration.md
Outdated
|
|
||
| A template library version is enabled in the context of an archetype, using `archetype/declarations.pan` | ||
| This template is typically placed in the archetype directory for which you want to enable this version | ||
| of the template library. Currently, we'll add it to the plenary templates area, under |
There was a problem hiding this comment.
s/Currently/Temporarily, for the purposes of this tutorial,/
_aquilon/configuration.md
Outdated
|
|
||
| In our example, we will add the feature `pakiti` to the personality `test` used with the host | ||
| `testsrv.dailyplanet.com`. [Pakiti](https://github.com/CESNET/pakiti-server) is a service to collect and | ||
| display the patch status of hosts against known CVEs. Its configuration is part of the template library, |
There was a problem hiding this comment.
Can we link to the right bit of the template library here? i.e. https://github.com/quattor/template-library-standard/tree/master/features/pakiti
| This feature requires one variable to be added to our site configuration to define the name of the | ||
| Pakiti server. Based on whether the current host is the pakiti server or not, the server or the client will | ||
| be configured. Presently, we will configure the Pakiti client as part of the `test` personality. To achieve | ||
| this, add the following variable definition to `site/config/global_variables.pan`: |
There was a problem hiding this comment.
ah, OK sorry I missed that bit. But it's still not really the right way to do it: you should have a file called features/pakiti/confg.pan that does:
variable PAKITI_SERVER = 'pakiti.dailyplanet.com';
include "template-library-standard/features/pakiti/config";
so the config is self-contained and not dependent on a single huge file where it's easy to get merge conflicts.
| This feature requires one variable to be added to our site configuration to define the name of the | ||
| Pakiti server. Based on whether the current host is the pakiti server or not, the server or the client will | ||
| be configured. Presently, we will configure the Pakiti client as part of the `test` personality. To achieve | ||
| this, add the following variable definition to `site/config/global_variables.pan`: |
There was a problem hiding this comment.
Looking a bit deeper, I see the way the standard library is included means you can't do this. There can be only one file called features/pakiti/config and that's in the TL; if you define another one in template-king it will take precedence and you won't be able to include the TL one.
You can do this with a service template though:
template service/pakiti/client/config;
# included automatically by broker when a client is bound to a service
variable PAKITI_SERVER = value("/system/services/pakiti/servers/0");
# load feature config from template-library-standard
include "features/pakiti/config";
|
Test failure is not relevant - shall we merge this? |
|
As for me this is ok! Once I progress with the configuration of real production nodes, I'll improve it but will probably not happen before mid-June... |
Final content must be adjusted after #87 has been finalized