Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/wikioasis/salt/llms.txt

Use this file to discover all available pages before exploring further.

WikiOasis Salt is the production configuration management system for the WikiOasis wiki farm — a multi-tenant MediaWiki hosting platform serving dozens of wikis across dedicated server roles. Built on SaltStack, it declaratively manages every layer of the infrastructure: web servers, load balancers, databases, caches, search nodes, monitoring, and the bare-metal hypervisors that host them all. The repository is licensed under the GNU General Public License v3 and draws lineage from Telepedia’s configuration, which itself was adapted from Miraheze’s Puppet install and ultimately from the Wikimedia Foundation’s infrastructure work — attributions appear in individual modules where applicable.

Repository layout

The repository contains two top-level directories that mirror Salt’s own conventions. 
salt/
├── salt/       # State files (.sls) and Jinja templates
│   ├── top.sls
│   ├── base/
│   ├── haproxy/
│   ├── mariadb/
│   ├── mediawiki/
│   ├── metal/
│   ├── monitoring/
│   ├── nginx/
│   ├── opensearch/
│   ├── php/
│   ├── redis/
│   ├── sentry_relay/
│   └── users/
└── pillar/     # Pillar data files (configuration values & secrets)
    ├── top.sls
    ├── base/
    ├── haproxy/
    ├── mariadb/
    ├── mediawiki/
    ├── metal/
    ├── monitoring/
    ├── nginx/
    ├── opensearch/
    ├── php/
    ├── private/   ← gitignored, secrets live here
    ├── redis/
    └── users/
The salt/ tree contains the state files — the instructions Salt follows to converge each minion to the desired configuration. The pillar/ tree contains pillar data — structured YAML that parameterises those states with environment-specific values (IP addresses, package versions, credentials, etc.). Secrets such as database passwords and API keys live exclusively in pillar/private/, which is gitignored and must be created on the Salt master by hand.

Server roles

WikiOasis runs distinct minion roles, each identified by a naming pattern. The Salt master uses these glob patterns in top.sls to target the right states at the right servers.
RoleMinion patternPurpose
MediaWiki applicationmw*Serve wiki HTTP requests behind HAProxy
Stagingstaging*Canary / pre-production MediaWiki server
Task / job runnertask*Background job queue processing
Load balancerproxy*HAProxy front-ends that route traffic to backends
Databasedb*MariaDB servers per wiki cluster
Redis cacheredis*In-memory caching and session storage
Searchopensearch*OpenSearch cluster for full-text wiki search
Monitoringmonitoring*Icinga 2, Grafana, Prometheus, and StatsD
Bare-metal hypervisormetal*Proxmox hosts that run the VM fleet
Applicationsapps*General-purpose application server (Phorge, Zep, etc.)
Salt mastersalt*The Salt master itself (receives only monitoring states)
All virtual machines communicate over the internal ovvin.wonet DNS domain. For example, the first MediaWiki server in the US-East-01 rack is mw-us-east-011.ovvin.wonet.
The repository should work out of the box once the private pillar data is added. See the Private Pillar guide for the required secrets.

Where to go next

Quickstart

Clone the repo, configure salt-master, and apply your first state in minutes.

Architecture

Deep-dive into server roles, network topology, and how targeting works.

Configuration

Understand pillar data, top files, and how to manage secrets.

Build docs developers (and LLMs) love

Get started for freeTalk to us