Conformance checker for Nectar puppet-managed OpenStack cloud sites
Project description
nectar-conformance
A conformance checker for Nectar puppet-managed OpenStack cloud sites.
Nectar Core Services manage every site through a central puppet server. Sites drift from the published specification over time. This tool tells a site operator how their site conforms to a versioned Nectar conformance specification, what is wrong or missing, and how to fix it.
How it works
DataSource -> normalised Model -> Engine (versioned rules) -> Report -> human / JSON
- A site is a puppet environment. The tool identifies a site by the node's
environmentin PuppetDB. - The PuppetDB data source (primary) reads the compiled catalog (resources and parameters, with hiera fully resolved) and facts for every node in the site's environment. The static repo data source reads pre-compiled catalog JSON, or compiles catalogs from a site repo, for pre-deployment and commissioning checks.
- Checks are curated by Core Services as value-free definitions (the logic) plus per-version manifests (which checks apply and their expected values). Conformance is versioned; several conformance versions are active at once.
Usage
The check definitions and conformance changelog live in the separate
nectar-conformance-checks repository, not in this
tool. Every command that reads them needs a checks directory: pass --checks-dir <path>,
set NECTAR_CONFORMANCE_CHECKS_DIR, or set checks_dir in the config file. The examples
below omit it for brevity.
nectar-conformance check run --site ardctest --conformance-version 2025.1
nectar-conformance check run --site ardctest --conformance-version 2025.1 --format json
nectar-conformance check list --conformance-version 2025.1
nectar-conformance check show glance.api.image_tag
nectar-conformance version list
nectar-conformance version diff 2024.1 2025.1
Static source (no live PuppetDB), either pre-compiled catalogs or compile-from-repo:
# pre-compiled catalog JSON, one file per node
nectar-conformance check run --site ardctest --source static \
--catalog-dir ./catalogs --facts-dir ./facts
# compile from the site repo (one node per facts file; compiler set via
# static.compile_command in config, defaults to octocatalog-diff)
nectar-conformance check run --site ardctest --source static \
--site-repo /path/to/site-repo --facts-dir ./facts
Will a change fix conformance before it goes live?
A site is a puppet environment, and r10k deploys each branch of the control repo as its own environment, so you can check a proposed change pre-merge and compare it to the live site. Capture the live baseline, capture the proposed environment, and diff them:
# baseline: the live site
nectar-conformance check run --site ardctest --conformance-version 2025.1 \
--format json > before.json
# the proposed change, deployed as a branch environment (--environment keeps the
# 'ardctest' label but queries that environment)
nectar-conformance check run --site ardctest --environment ardctest_fix_glance \
--conformance-version 2025.1 --format json > after.json
# what does the change fix, and does it break anything? (exit 1 if it regresses)
nectar-conformance report diff before.json after.json
For a truly offline check (no deploy, no node runs), produce after.json with the
static source by compiling the proposed branch (--source static --site-repo ...); that
needs the environment's modules assembled, which is what octocatalog-diff / r10k do.
Exit codes: 0 conformant, 1 conformance failure at or above the severity
threshold, 2 usage error, 3 operational error (PuppetDB unreachable, etc.).
report diff exits 1 if the change introduces any new failure.
Development
tox # run unit tests and lint
tox -e pep8 # lint only
Releases use reno for release notes. Contributions
go through gerrit; use conventional commits and git commit -s.
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file nectar_conformance-0.1.0.tar.gz.
File metadata
- Download URL: nectar_conformance-0.1.0.tar.gz
- Upload date:
- Size: 68.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
c305c6c6c246e3e39a5d485d3a8e2e41e22ef4371ea94c760ac8a646c9f54a1b
|
|
| MD5 |
6dee2639bb5cf61d39c43ebace939bd0
|
|
| BLAKE2b-256 |
de69568ff7a1009ad0ea166216529f9fb8f63a4be2cc6f7b4658d7aaaddc8f9e
|
File details
Details for the file nectar_conformance-0.1.0-py3-none-any.whl.
File metadata
- Download URL: nectar_conformance-0.1.0-py3-none-any.whl
- Upload date:
- Size: 66.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
d954f50741c12601f9d378bb5c692acc04bc30beb3d9edcad230e2ff72b98136
|
|
| MD5 |
be48e8933e416139b0f5391ea8b8b4c5
|
|
| BLAKE2b-256 |
589abd7c24a0b121317cfce44f1d1e4ad8bbf9d6f15bbf2d5467655e3d832a9b
|