But I'm also thinking "config needs to be versioned" which means git, not DB.
--
viq
But I'm also thinking "config needs to be versioned" which means git, not DB.
Hi Thomas,
Am 10. Februar 2016 21:33:43 MEZ, schrieb "Thomas Güttler" <guet...@thomas-guettler.de>:
> Hi Florian,
>
> I guess you are too fast here.
Oops, sorry. I got this topic in the back of my head for 2 or 3
years now so I have a lot of thoughts on the topic ^^"
> My topic is about the great fixed schema definition
> which you get when you use a relational database.
See a few comments below.
> Storing JSON in postgres is in my eyes the same
> fuzzy-data-soup like YAML in a file system.
>
> Or I have not understood what you mean with
> "PostgreSQL's JSON features".
PostgreSQL can store JSON, evaluate attributes
and index them. I think also validate the structure.
*But the important part here is:*
You can make an query and ask to get JSON back.
You can have a nice relational schema and let PostgreSQL
handle the data manipulation to fit whatever structure salt
expects.
Thus the mentioned view.
> What do you mean with "database's schema surely
> won't be simple"?
>
> AFAIK there is no common schema definition for pillar data.
> Our custom pillar data schema is up to now very simple.
> I guess we would need 5 tables. But that are our
> custom tables. AFAIK everybody is on his own in this context.
> At least up to now.
When you're using salt to manage users, salt itself, ssh,
monitoring tools, on workstations tools for the devs, on
servers databases & backup clients & webservers & all
the little infrastructure bits and utilize half a dozen
formulas your pillar starts to get complicated.
Defining the schema you then have to map into a YAML/
JSON treelike structure won't be too simple.
One could see the format of the pillar data like formulas
expect it to be as a common schema. But of course that's
the resulting JSON.
Based on that there may be some SQL schemas showing up
but the default will stay YAML+Jinja.
> What do you mean with "topfile" table? I read the top of this:
> https://docs.saltstack.com/en/latest/ref/states/top.html
> I think topfile is not part of pillar. It is part of the
> salt-directory.
A way of grouping the minions based on different attributes
still allowing to target single hosts.
Everyone matching 'web*' gets the webserver stuff, 'xsql*'
gets the database stuff, here you get our defaults for RedHat systems, …
A kind of metatable like `top.sls` provides for `file_roots`
and `pillar_roots`.
>
> But maybe you are right. If it groups the infrastructure it
> could be good candiate for belonging into a database.
>
> My background:
>
> - Code needs to live in version control (I use git)
> - Data belongs into the database (I use postgres and
> django-ORM)
>
You're halfway there. Use Django-CRM to model your
DB-schemas and then add a view returning JSON.
> Up to now nothing new.
>
> - Config is data, and belongs into the database. I came
> across this during the last years. This thinking is unfortunately
> not wide spread.
>
> With salt I am unsure. What is code and what is config? Up
> to now I am unsure.
States are code, pillar consists of specific config values
thus data. Its structure might be code-ish but it's just
defining what goes where.
> Pillars look like config, like something that belongs into a
> database.
And it's way easier to have input validation on those than
on a bunch of plain text files! A missing '.' (or ':') in an IP?
PostgreSQL will be like "dude, that's no `inet`!" :D
Anyone had to restructure half their YAML files to fit a new
pillar structure? Like when you dump a custom state to use
a more feature-rich formula?
Not fun. Even with the more cumbersome structures
wrapped in macros.
And yes, you can add commit hooks checking you've written
proper YAML. But checking for IPs proper for a certain
subnet or validating usernames defined somewhere else?
I'd rather write the schema for a relational DB I can later
build a frontend for. Even if it's just curses providing some
checkboxes.
And for versioning the actual data: Just look at all the wikis
with a RDBMS backend.
Am 4. März 2016 07:30:57 MEZ, schrieb "Thomas Güttler" <guet...@thomas-guettler.de>:
> Am 02.03.2016 um 23:41 schrieb Florian Ermisch:
> >
> > Welcome back, Thomas!
> >
> > Just related stuff:
> >
> > I'll have to set up a PostgreSQL job-cache soonish so I'll have
> > PostgreSQL hooked up to one of my masters anyway.
> > This will also give a load of JSON to play with, even when I'm
> > chopping up JSON to fill its values into proper tables instead
> > of taking data from tables to generate JSON ;)
>
> I am interested. You take the "fuzzy" json and store it in a
> solid db schema. Nice.
>
> BTW "Job Cache". Does this wording match to the use case (in general)
>
> I have never worked with it. But in my eyes it is a "Result Store".
>
> What do you think?
>
Yes, it is a result store, but right now I need to collect some
data from/about our minions. So I'll use PostgreSQL as job-
cache to gather returned data which I can have PostgreSQL
transform for me (taking certain attributes to create rows
in my tables).
>
>
> > For those who want their database's content versioned check
> > out https://github.com/jasonk/postgresql-versioning.
> >
> > For versioning the schema I'll look at Pyrseas [0] or maybe
> > SQLAlchemy Migrate [1]. The first one seems a good fit as
> > it stores the schema descriptions as YAML or JSON.
>
> Ah, SQLAlchemy has a migration tool like django, too. Nice.
>
Yeah, I would rather stay closer to the DB and not use an full
ORM like Django's. Then I would have to run Python code to
load the objects and dump their data as JSON instead of having
PostgreSQL turning the data into JSON to pass to salt directly.
>
>
> > Maybe I can post something to build tables with data scraped
> > from the job-cache. A trigger on the job-cache table would
> > to nicely to update more specific tables.
>
> What kind of updates do you want?
Like having associated service tags and MAC addresses
updated when you move a salted installation to new hardware.
Or taking a highstate's returns and track failed states.
Might need a procedural language [0] because of its conditional
behavior. PL/Python [1] seems to be only as "untrusted"
language so executed code would always run as administrator
like a setuid(0) binary in unixoids.
[0]: http://www.postgresql.org/docs/9.4/static/xplang.html
[1]: http://www.postgresql.org/docs/9.4/static/plpython.html