Open Hour 2023-JAN-5

January 5, 2023 - Alyssa Rock

Agenda

  • General updates and announcements
  • Salt Project user group meetups
  • New Salt Project website & e-store
  • Community forum updates
  • Demo: syndic
  • Salt LTS plan preview
  • Community help with RC testing
  • Q&A plus discussion

Open Hour YouTube playlist | Contact us! saltproject@vmware.com

General updates and announcements

Events

Salt Project user group meetups

  • Nicholas Hughes is working on a community-led effort to host some more in-person Salt events. These would be:
    • Single-day events.
    • Within a reasonable distance.
    • Speakers giving sessions that are possibly recorded so that people who can’t intend in person can still participate.
    • And of course: food and chances to do some social networking.
    • Go to spugm.com to join a mailing list for updates and let us know you are interested.

New Salt Project website and e-store

  • The new Salt Project website is live! Check it out: https://saltproject.io/
  • The new website includes:
    • Easier access to GitHub and the community calendar
    • Easier for new community members to get started.
    • Heaver focus on media for instruction and information.
  • And check out the new Salt Project store: https://www.saltprojectstore.io/Order/Index?category=SALT&categoryValue=SALT
  • The store includes:
    • Features all new merchandise for both Salt Project and Idem Project.
    • Includes prizes for amazing contributions and feats of skill!
    • Additional unique and amazing selections are on the way!

Community forums update

  • Today’s issue: preseeding master keys vs. the master fingerprint.
  • A community member was nervous about updating their Salt infrastructure past 3004.1 because that release included instructions to preseed the master. Those instructions were added because of security concerns around preventing man-in-the-middle attacks. This functionality helps the minion see that you have a different master key and that it’s not in the wild.
  • As a follow up question, another community member asked about the difference between preseeding the master key as opposed to using the master fingerprint. With the master fingerprint, there is the possibility of a collision of the fingerprint, whereas if you’re preseeding the key, it’s very unlikely that you’ll collide the keys. Also, calculating the master fingerprint uses a small microsecond of data, so it’s possible that you could see a hit to performance from using the master fingerprint method.

Demo: syndics

  • Wayne Werner demoed some of the work he’s been doing to improve syndics. Wayne’s been doing a lot to get the syndics back and functional again. This work is necessary because of a CVE related to syndics about a year ago. The team fixed the CVE, but in the process, it broke the publisher ACL for syndics. Wayne’s been working on restoring that functionality and has a PR open that will fix it: https://github.com/saltstack/salt/pull/63257
  • One side benefit of this fix is that previously if you were using publisher ACL, it didn’t know when all the syndics had returned. Now you should know which syndics should be able to return with a salt-call or test.ping.
  • Wayne has additional plans to improve syndics later this year to make it a first class citizen of Salt.

Salt LTS release plan

  • The Salt Project is moving to an LTS release strategy per this Salt Enhancement Proposal (SEP).
  • One of the goals here is to have more predictable releases.
  • Salt will have one LTS release per year and will have active support for a year, then critical fixes for an additional year. Then, every quarter we’ll have regular releases.
    • GA in February,
    • 3006.1 in April
    • 3006.2 in July
    • 3006.3 in October
  • Feel free to ask questions about this strategy on the community Slack workspace.

RC testing

  • We need your help to ensure the next LTS release is the highest quality it can possibly be. You can help us by doing some additional testing of the next RC release in your environment. We’ll do a lot of internal testing at VMware, but we’d love additional community testing if possible.

Q&A plus discussion

  • Q: Regarding the release schedule,when we first cut out to the 3000 release series, it looks like we’re heading toward 2 releases per year with a 6 month cadence between them. I’d like to see more releases in the year so that we can iterate faster on module development. Is there going to be a push to try to break some of those modules out into extensions in order to iterate faster?
    • A: The SEP for Salt extensions is still unresolved, but we do have plans to work on the Salt extensions project this year. We want to make sure when we move the modules into extensions, everything goes smoothly. We’ll start the Salt extensions project this year, but be aware it might take time to complete.
    • Re: having more releases, we’re optimizing for predictability over quantity.
  • Q: Are we in the freeze period for 3006 now?
    • A: No, not yet. We’re still merging PRs.
  • Q: Re: Spugm, we have had 18 people sign up. We’d love to get more input from folks about who is out there and who would like to join. Please sign up. This is not a spam or marketing thing. Nick promises you won’t get spam from him.
  • Q: This PR by Wayne solves the warning issue: https://github.com/saltstack/salt/pull/63315 . Can it be considered for inclusion before the freeze?
    • Any PR that has that label or milestone will get in for 3006.
  • Q: Is it too late for these PRs to make it in for 3006?
  • Q: Regarding the LTS release, it seems strange that the STS releases aren’t even supported up until the next STS release. That will deter people from using STS releases.
    • A: We’ll take that into consideration and update the policy and slides to share in the next Open Hour.
    • A: This discussion took a long time. See the video of open hour for the full discussion.
  • Q: Is this chart showing development, or is it also showing support?
    • A: It’s showing both development and support.