Salt and openSUSE

If you haven’t been living under a rock, you’ve certainly noticed that Salt is one of the hot topics within openSUSE and SUSE. It is used in many of the major openSUSE projects like DeepSea for managing and automating Ceph deployments, in Kubic to provision Kubernetes cluster or the newly announced Spacewalk fork Uyuni project to manage your whole IT infrastructure. Therefore I think it’s time to take a closer look at how Salt itself is being packaged and shipped and how you might collaborate.


Let’s talk about the RPM packages itself for a moment. Usually when you install Salt (zypper in salt), you don’t have to care from which repository the packages are coming. They are either in the Leap or Tumbleweed repos. But before they end up there, they are first in saltstack:testing/salt (which is for testing the new changes) and then in saltstack/salt. After the patches are accepted to saltstack/salt, the state is pushed to openSUSE:Factory/salt. This is only true for now, because we’ve got the rare condition where Leap 42.3, Leap 15, Tumbleweed and SLE15 are shipping Salt 2018.3.0. But this will change in the future, because Tumbleweed will move on. Leap 15 and SLE 15 will both stick to the same version, which is 2018.3.0. I know that this was different in the past. But this caused confusion and there is no good reason for having a different version in Leap and SLE.

But don’t let the version numbers fool you. We are still pulling in bugfixes and even backport important features if we need them.

How to get changes in?

This is the easy part. Just do it upstream, and wait for the changes to be approved and merged. Then create a pull request in the openSUSE/salt GitHub repository by cherry picking your changes from upstream, and squashing them into a single commit.

You can also do this for upstream changes you think should be in the openSUSE package. I can’t guarantee that everything will be accepted. But just try it!

What is already in?

Previously I’ve mentioned that even though we are shipping version 2018.3.0 of Salt, we don’t just stick to the dot-release. The Salt dot-release is just the base the openSUSE Salt package is build on. That’s why there are already 25 patches coming with that package. In the spec file you can even find the links to the upstream pull requests. This is an easy way to keep track of what got fixed and what you might want to cherry pick from upstream. ;)

Currently the patch list looks like this:

Patch1:        run-salt-master-as-dedicated-salt-user.patch
Patch2:        run-salt-api-as-user-salt-bsc-1064520.patch
Patch3:        activate-all-beacons-sources-config-pillar-grains.patch
Patch4:        avoid-excessive-syslogging-by-watchdog-cronjob-58.patch
Patch5:        feat-add-grain-for-all-fqdns.patch
Patch6:        fix-bsc-1065792.patch
Patch7:        remove-obsolete-unicode-handling-in-pkg.info_install.patch
Patch8:        fix-openscap-push.patch
Patch9:        move-log_file-option-to-changeable-defaults.patch
Patch10:       fix-cp.push-empty-file.patch
Patch11:       fix-decrease-loglevel-when-unable-to-resolve-addr.patch
Patch12:       make-it-possible-to-use-login-pull-and-push-from-mod.patch
Patch14:       add-saltssh-multi-version-support-across-python-inte.patch
Patch15:       fix-for-errno-0-resolver-error-0-no-error-bsc-108758.patch
Patch16:       fall-back-to-pymysql.patch
Patch17:       strip-trailing-commas-on-linux-user-gecos-fields.patch
Patch18:       provide-kwargs-to-pkg_resource.parse_targets-require.patch
Patch19:       initialize-__context__-retcode-for-functions-handled.patch
Patch20:       fixed-usage-of-ipaddress.patch
Patch21:       extra-filerefs-include-files-even-if-no-refs-in-stat.patch
Patch22:       option-to-merge-current-pillar-with-opts-pillar-duri.patch
Patch23:       do-not-override-jid-on-returners-only-sending-back-t.patch
# PATCH-FIX_OPENSUSE bsc#1091371
Patch24:       enable-passing-a-unix_socket-for-mysql-returners-bsc.patch
Patch25:       fix-for-ec2-rate-limit-failures.patch

I hope you enjoyed this little overview. Just ping me on freenode#suse if you’ve got questions or suggestions. My nick is brejoc and brejoc[m].

Have fun and happy hacking!

1. DeepSea is not an openSUSE project. It is driven by SUSE.
2. Some rephrasing.
3. Added Matrix/IRC nick.
4. Fixed Salt package name.