Skip to main content

Conformance checker for Nectar puppet-managed OpenStack cloud sites

Project description

nectar-conformance

A conformance checker for Nectar puppet-managed OpenStack cloud sites.

Nectar Core Services manage every site through a central puppet server. Sites drift from the published specification over time. This tool tells a site operator how their site conforms to a versioned Nectar conformance specification, what is wrong or missing, and how to fix it.

How it works

DataSource -> normalised Model -> Engine (versioned rules) -> Report -> human / JSON
  • A site is a puppet environment. The tool identifies a site by the node's environment in PuppetDB.
  • The PuppetDB data source (primary) reads the compiled catalog (resources and parameters, with hiera fully resolved) and facts for every node in the site's environment. The static repo data source reads pre-compiled catalog JSON, or compiles catalogs from a site repo, for pre-deployment and commissioning checks.
  • Checks are curated by Core Services as value-free definitions (the logic) plus per-version manifests (which checks apply and their expected values). Conformance is versioned; several conformance versions are active at once.

Usage

The check definitions and conformance changelog live in the separate nectar-conformance-checks repository, not in this tool. Every command that reads them needs a checks directory: pass --checks-dir <path>, set NECTAR_CONFORMANCE_CHECKS_DIR, or set checks_dir in the config file. The examples below omit it for brevity.

nectar-conformance check run --site ardctest --conformance-version 2025.1
nectar-conformance check run --site ardctest --conformance-version 2025.1 --format json
nectar-conformance check list --conformance-version 2025.1
nectar-conformance check show glance.api.image_tag
nectar-conformance version list
nectar-conformance version diff 2024.1 2025.1

Static source (no live PuppetDB), either pre-compiled catalogs or compile-from-repo:

# pre-compiled catalog JSON, one file per node
nectar-conformance check run --site ardctest --source static \
  --catalog-dir ./catalogs --facts-dir ./facts

# compile from the site repo (one node per facts file; compiler set via
# static.compile_command in config, defaults to octocatalog-diff)
nectar-conformance check run --site ardctest --source static \
  --site-repo /path/to/site-repo --facts-dir ./facts

Will a change fix conformance before it goes live?

A site is a puppet environment, and r10k deploys each branch of the control repo as its own environment, so you can check a proposed change pre-merge and compare it to the live site. Capture the live baseline, capture the proposed environment, and diff them:

# baseline: the live site
nectar-conformance check run --site ardctest --conformance-version 2025.1 \
  --format json > before.json

# the proposed change, deployed as a branch environment (--environment keeps the
# 'ardctest' label but queries that environment)
nectar-conformance check run --site ardctest --environment ardctest_fix_glance \
  --conformance-version 2025.1 --format json > after.json

# what does the change fix, and does it break anything? (exit 1 if it regresses)
nectar-conformance report diff before.json after.json

For a truly offline check (no deploy, no node runs), produce after.json with the static source by compiling the proposed branch (--source static --site-repo ...); that needs the environment's modules assembled, which is what octocatalog-diff / r10k do.

Exit codes: 0 conformant, 1 conformance failure at or above the severity threshold, 2 usage error, 3 operational error (PuppetDB unreachable, etc.). report diff exits 1 if the change introduces any new failure.

Development

tox            # run unit tests and lint
tox -e pep8    # lint only

Releases use reno for release notes. Contributions go through gerrit; use conventional commits and git commit -s.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

nectar_conformance-0.5.0.tar.gz (292.7 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

nectar_conformance-0.5.0-py3-none-any.whl (68.3 kB view details)

Uploaded Python 3

File details

Details for the file nectar_conformance-0.5.0.tar.gz.

File metadata

  • Download URL: nectar_conformance-0.5.0.tar.gz
  • Upload date:
  • Size: 292.7 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.12.3

File hashes

Hashes for nectar_conformance-0.5.0.tar.gz
Algorithm Hash digest
SHA256 97fccceb71271836a682e513123fc0372eee30b078d3f93467a1627a365711fe
MD5 62dbcec170af01e005e3eeec2964e37f
BLAKE2b-256 ac9afcde014757daf17dcd678b7ab14c53a06ea1524df992e3a599c33a666a08

See more details on using hashes here.

File details

Details for the file nectar_conformance-0.5.0-py3-none-any.whl.

File metadata

File hashes

Hashes for nectar_conformance-0.5.0-py3-none-any.whl
Algorithm Hash digest
SHA256 3d39d40b44599f9031a98e63290e98e11ee1c1077579e9e8cc887724247bcd86
MD5 db0c71170d4ac7514fd546a6354eaa7f
BLAKE2b-256 6f84946481454360057d1658cafb914937e06f6862a7550b39500aaa80647965

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page