| Time |
Nick |
Message |
| 00:00 |
|
SpX joined #salt |
| 00:01 |
|
scoates joined #salt |
| 00:06 |
|
otter768 joined #salt |
| 00:32 |
|
scoates joined #salt |
| 00:44 |
|
clintberry joined #salt |
| 00:47 |
|
furball365 joined #salt |
| 00:55 |
|
supersheep joined #salt |
| 00:56 |
|
peters-tx joined #salt |
| 00:57 |
|
Darkalia joined #salt |
| 01:01 |
|
mpanetta joined #salt |
| 01:01 |
|
murrdoc joined #salt |
| 01:02 |
|
mpanetta joined #salt |
| 01:06 |
|
murrdoc joined #salt |
| 01:10 |
|
benegget_ joined #salt |
| 01:27 |
|
beauby joined #salt |
| 01:32 |
|
william joined #salt |
| 01:34 |
Guest25152 |
hey guys, im totally new to saltstack and just trying to get it running on osx with brew. i keep getting this error ➜ ~ sudo salt-master --log-level=all [DEBUG ] Missing configuration file: /etc/salt/master [TRACE ] 'ip' could not be found in the following search path: ['/Users/William/.nvm/versions/io.js/v2.3.0/bin', '/usr/local/bin', '/usr/bin', '/bin', '/usr/sbin', '/sbin'] |
| 01:36 |
|
david_an111 joined #salt |
| 01:57 |
|
Singularo joined #salt |
| 01:58 |
|
beauby joined #salt |
| 02:07 |
|
catpiggest joined #salt |
| 02:09 |
|
beauby joined #salt |
| 02:24 |
|
g3cko joined #salt |
| 02:27 |
|
TyrfingMjolnir joined #salt |
| 02:29 |
|
beauby joined #salt |
| 02:40 |
|
aparsons joined #salt |
| 02:40 |
hrumph |
http://paste.fedoraproject.org/235250/40808143 |
| 02:40 |
hrumph |
can anyone look at my fpaste? |
| 02:40 |
hrumph |
i can't set a kwarg when i combine multiple commands with the python client |
| 02:42 |
hrumph |
the fpaste is very short and to the point |
| 02:44 |
|
aparsons joined #salt |
| 02:44 |
|
julez joined #salt |
| 02:46 |
|
Aidin joined #salt |
| 02:50 |
|
amcorreia joined #salt |
| 02:51 |
|
michelangelo joined #salt |
| 02:53 |
|
aparsons joined #salt |
| 03:04 |
|
beauby joined #salt |
| 03:05 |
|
otter768 joined #salt |
| 03:11 |
|
cberndt joined #salt |
| 03:17 |
|
g3cko joined #salt |
| 03:20 |
|
favadi joined #salt |
| 03:22 |
|
zz_cro joined #salt |
| 03:26 |
|
aparsons joined #salt |
| 03:33 |
|
Kelsar joined #salt |
| 03:34 |
|
onorua joined #salt |
| 03:35 |
|
lumerian joined #salt |
| 03:35 |
|
lumerian left #salt |
| 03:37 |
|
aparsons joined #salt |
| 03:38 |
|
subsignal joined #salt |
| 03:42 |
|
aparsons joined #salt |
| 03:43 |
|
ajw0100 joined #salt |
| 03:56 |
|
Darkalia joined #salt |
| 04:04 |
|
favadi joined #salt |
| 04:04 |
|
totte joined #salt |
| 04:09 |
hrumph |
http://paste.fedoraproject.org/235250/40808143 |
| 04:09 |
hrumph |
i can't set a kwarg when i combine multiple commands with the python client |
| 04:09 |
hrumph |
the fpaste is very short and to the point |
| 04:10 |
|
g3cko joined #salt |
| 04:16 |
__number5__ |
hrumph: I don't think localclient.cmd with list of functions support kwargs |
| 04:16 |
hrumph |
__number5__, what kind of workaround might you suggest? |
| 04:17 |
__number5__ |
use a loop, execute cmd one by one, only provides kwargs when you need one |
| 04:18 |
|
prathee joined #salt |
| 04:19 |
hrumph |
ok |
| 04:21 |
hrumph |
..or make a powershell script that does both functions on the minion |
| 04:22 |
hrumph |
(i was planning on running two scripts) |
| 04:22 |
|
aparsons joined #salt |
| 04:22 |
|
icosa joined #salt |
| 04:23 |
|
joeto joined #salt |
| 04:26 |
hrumph |
__number__ i can call powershell direct to...as in Powershell.... |
| 04:28 |
|
prathee joined #salt |
| 04:28 |
|
beneggett joined #salt |
| 04:29 |
|
Prathee_MondayMo joined #salt |
| 04:29 |
hrumph |
or i could make a special powershell module based on the cmd.run module |
| 04:29 |
hrumph |
call it powershell.run |
| 04:31 |
|
MonMornBlues joined #salt |
| 04:32 |
__number5__ |
hrumph: make all commands into one script or one module sounds good |
| 04:32 |
MonMornBlues |
hey all! :-) can somebody tell me how to automate the key acceptance process??? like..as and when virtual machines come up..the master has to automatically accept the keys?? Thanks in advance! :) |
| 04:33 |
|
Kelsar joined #salt |
| 04:34 |
__number5__ |
MonMornBlues: if your env is felt like secure enough, use auto_accept: True in master |
| 04:35 |
MonMornBlues |
oh okie... thanks a ton! :) |
| 04:36 |
__number5__ |
or use reactor if you want to validate minions before accepting https://github.com/saltstack-formulas/salt-cloud-reactor |
| 04:37 |
MonMornBlues |
now that sounds better! will look into that right away! :) |
| 04:38 |
|
g3cko joined #salt |
| 04:43 |
|
lala joined #salt |
| 04:43 |
|
kusams joined #salt |
| 04:48 |
|
g3cko joined #salt |
| 04:50 |
|
ramteid joined #salt |
| 04:51 |
|
evle joined #salt |
| 04:54 |
|
Kelsar joined #salt |
| 04:54 |
|
stoogenmeyer joined #salt |
| 04:59 |
|
Kelsar joined #salt |
| 05:01 |
|
Mitar joined #salt |
| 05:06 |
|
onorua joined #salt |
| 05:06 |
|
otter768 joined #salt |
| 05:07 |
|
kusams joined #salt |
| 05:08 |
hrumph |
__number5__ thing is is that powershell 5 is what i really need to make json objects and that's still in preview stage |
| 05:09 |
|
catpigger joined #salt |
| 05:13 |
|
ndrei joined #salt |
| 05:15 |
|
joeto1 joined #salt |
| 05:18 |
|
aparsons joined #salt |
| 05:23 |
|
g3cko joined #salt |
| 05:25 |
|
ITChap joined #salt |
| 05:29 |
__number5__ |
hrumph: use python instead, more powerful than powershell :) |
| 05:32 |
|
rdas joined #salt |
| 05:34 |
|
notnotpeter joined #salt |
| 05:38 |
|
MatthewsFace joined #salt |
| 05:40 |
|
subsignal joined #salt |
| 05:41 |
|
lazyfanatic joined #salt |
| 05:51 |
|
Darkalia joined #salt |
| 05:52 |
|
g3cko joined #salt |
| 05:53 |
|
Furao joined #salt |
| 05:53 |
|
NightMonkey joined #salt |
| 06:03 |
|
aqua^c joined #salt |
| 06:03 |
|
Furao joined #salt |
| 06:06 |
|
AndreasLutro joined #salt |
| 06:07 |
|
colttt joined #salt |
| 06:08 |
|
malinoff joined #salt |
| 06:09 |
|
stoogenmeyer joined #salt |
| 06:12 |
|
ekkelett joined #salt |
| 06:13 |
|
ALLmightySPIFF joined #salt |
| 06:18 |
|
keimlink joined #salt |
| 06:19 |
|
viq joined #salt |
| 06:19 |
|
KermitTheFragger joined #salt |
| 06:22 |
|
julez joined #salt |
| 06:22 |
|
epcim joined #salt |
| 06:26 |
|
flyboy joined #salt |
| 06:26 |
|
ndrei joined #salt |
| 06:31 |
|
badon joined #salt |
| 06:33 |
|
sieve joined #salt |
| 06:35 |
|
dgk joined #salt |
| 06:35 |
|
aqua^c joined #salt |
| 06:36 |
|
scarcry joined #salt |
| 06:37 |
|
epcim joined #salt |
| 06:38 |
|
Furao joined #salt |
| 06:38 |
|
ndrei joined #salt |
| 06:39 |
|
Furao joined #salt |
| 06:39 |
hrumph |
__number5__, are you sure that it is as suited to geting registry info and stuff like that? |
| 06:40 |
|
aqua^c joined #salt |
| 06:42 |
|
oravirt joined #salt |
| 06:47 |
__number5__ |
hrumph: windows registry? |
| 06:50 |
hrumph |
__number5__, ok i found out that salt minion doesn't install pythonas a depedency so i may not even have python installed on each minion |
| 06:51 |
hrumph |
my plan is to incrementally introduce salt so its not a good idea just to say i'm going to install python on every machine |
| 06:52 |
hrumph |
i don't really understand how the salt modules work though, since they are in python... |
| 06:52 |
hrumph |
i'm baffled now that i say this |
| 06:52 |
babilen |
Which distribution doesn't come with Python as a default? (and it really should define that dependency) |
| 06:52 |
hrumph |
babilen, i installed salt on my virtual machine |
| 06:52 |
hrumph |
salt minion |
| 06:52 |
hrumph |
don't see python in the package list |
| 06:52 |
babilen |
It doesn't really matter if it is a virtual machine or not, but it should still run an operating system |
| 06:53 |
malinoff |
babilen, windows |
| 06:53 |
babilen |
AAAAH |
| 06:53 |
babilen |
nvm |
| 06:53 |
hrumph |
windows of course |
| 06:53 |
malinoff |
:) |
| 06:53 |
|
badon_ joined #salt |
| 06:53 |
babilen |
Of course |
| 06:53 |
hrumph |
i said powershell.. |
| 06:53 |
malinoff |
hrumph, i'd suggest to use tools appropriate for windows |
| 06:53 |
malinoff |
hrumph, like AD |
| 06:54 |
babilen |
hrumph: Sorry, I did not read the entire scrollback. |
| 06:55 |
hrumph |
malinoff, what's wrong with using salt? that way i can do it from a linux box and i don't have to have any depdency on ad at all |
| 06:55 |
hrumph |
i can call powershell no problem and it's guaranteed available although i may have to upgrade everything to v4 |
| 06:56 |
malinoff |
hrumph, from my experience, windows automation via console sucks so much |
| 06:56 |
malinoff |
hrumph, you'll have dependency on salt |
| 06:56 |
hrumph |
malinoff, salt seems pretty good and i can interoperate it with postgresql and stuff i want to do |
| 06:57 |
malinoff |
hrumph, i believe you just don't know AD |
| 06:57 |
hrumph |
malinoff, ok i don't.... |
| 06:57 |
__number5__ |
I'm wondering how you can run salt without python... |
| 06:58 |
hrumph |
__number5__, i'm wondering the same thing. i don't see how the modules work |
| 06:58 |
babilen |
I gues that the Windows install bundles it |
| 06:58 |
hrumph |
__number5__, they do work however....i think salt minion on windows must have its own internal python or something |
| 06:58 |
__number5__ |
yep python for windows do have a msi installer and can bundle other libs too |
| 06:58 |
malinoff |
hrumph, so you have two choices: #1. Try to use and learn appropriate tools like AD. #2. Try to use salt on windows and gather tons of issues, memory leaks, something that impossible to install via cli |
| 06:59 |
|
g3cko joined #salt |
| 06:59 |
hrumph |
malinoff, you think salt will memory leak? |
| 06:59 |
malinoff |
hrumph, it can, yes |
| 07:01 |
|
badon_ joined #salt |
| 07:01 |
|
martoss joined #salt |
| 07:07 |
|
thalleralexander joined #salt |
| 07:07 |
|
otter768 joined #salt |
| 07:12 |
|
g3cko joined #salt |
| 07:13 |
|
lempa joined #salt |
| 07:13 |
hrumph |
malinoff, ok with ad if i want to pull registry info form a bunch of machines can i do that easily with a script? |
| 07:13 |
|
aqua^c joined #salt |
| 07:14 |
malinoff |
hrumph, https://technet.microsoft.com/en-us/scriptcenter/dd793613.aspx |
| 07:16 |
hrumph |
what if i want to do my management in an os that i like better, such as linux? |
| 07:19 |
|
eseyman joined #salt |
| 07:20 |
malinoff |
hrumph, stop thinking about linux and windows like two different distros based on one base distro |
| 07:20 |
malinoff |
hrumph, they're completely different |
| 07:21 |
|
linjan joined #salt |
| 07:23 |
|
kawa2014 joined #salt |
| 07:23 |
|
aqua^c joined #salt |
| 07:29 |
|
tavist0_ joined #salt |
| 07:30 |
|
tavist0__ joined #salt |
| 07:33 |
|
Mitar left #salt |
| 07:34 |
|
julez joined #salt |
| 07:34 |
|
epcim joined #salt |
| 07:36 |
|
aqua^c joined #salt |
| 07:36 |
|
leszq joined #salt |
| 07:37 |
|
g3cko joined #salt |
| 07:39 |
hrumph |
how do i see the os of a minion? |
| 07:41 |
hrumph |
(apart from running python or powershell) |
| 07:41 |
hrumph |
status.version doesn't seem to work on windoes |
| 07:41 |
|
prathee joined #salt |
| 07:42 |
|
sajeesh_sre joined #salt |
| 07:42 |
sajeesh_sre |
logger url |
| 07:47 |
|
aqua^c joined #salt |
| 07:52 |
|
aqua^c joined #salt |
| 07:56 |
|
g3cko joined #salt |
| 07:57 |
|
ingslovak joined #salt |
| 07:59 |
|
aqua^c joined #salt |
| 08:03 |
|
Romlok joined #salt |
| 08:04 |
|
FRANK_I joined #salt |
| 08:04 |
|
al joined #salt |
| 08:06 |
|
ndrei joined #salt |
| 08:08 |
|
illern joined #salt |
| 08:08 |
|
julez joined #salt |
| 08:12 |
|
aqua^c joined #salt |
| 08:12 |
|
chiui joined #salt |
| 08:12 |
|
cliluw joined #salt |
| 08:13 |
|
favadi joined #salt |
| 08:13 |
|
Antiarc joined #salt |
| 08:15 |
|
g3cko joined #salt |
| 08:16 |
sajeesh_sre |
epcim: /nick lunch |
| 08:16 |
|
chamunks joined #salt |
| 08:16 |
|
borgstrom joined #salt |
| 08:16 |
|
stoogenmeyer joined #salt |
| 08:17 |
|
lb1a joined #salt |
| 08:18 |
epcim |
sajeesh_sre: I guess I am not the one you wanna lunch with ;-) |
| 08:18 |
|
Xevian joined #salt |
| 08:20 |
|
leszq joined #salt |
| 08:22 |
hrumph |
is everyone in agreement with malinoff that i shouldn't be contemplating the use of salt to manage some windows workstations? |
| 08:23 |
hrumph |
i don't really have the perspective to argue...just thought it would be neat |
| 08:29 |
|
badon joined #salt |
| 08:30 |
|
cberndt joined #salt |
| 08:32 |
|
sirtaj joined #salt |
| 08:33 |
|
sieve joined #salt |
| 08:33 |
|
impi joined #salt |
| 08:34 |
sieve |
hrumph: I was thinking of doing the same thing. |
| 08:35 |
hrumph |
i'll lay it on the line and say i know next to nothing about windows and whenever i think about it it gives me a headache |
| 08:35 |
sieve |
Windows makes me want to self harm. |
| 08:35 |
sieve |
But there is gold in those operating systems |
| 08:35 |
sieve |
especially if you can automate their deployment |
| 08:36 |
hrumph |
i found a really awesome tool to automate imaging (check out cruciblewds and i''ll be running that on linux for sure) |
| 08:37 |
hrumph |
sieve i don't need 100 automation, for diddlt odbc connectors and things i think we'll just manuall install and configure |
| 08:37 |
|
leszq joined #salt |
| 08:37 |
hrumph |
fiddly stuff we may leave manual for a while at least |
| 08:38 |
hrumph |
they're sort of spot deployed anyway |
| 08:39 |
hrumph |
sieve well i'll try to use salt....if my boss let's me i'll report back to this chan and tell people how it went |
| 08:39 |
hrumph |
i mean i'll use it if my boss will allow it |
| 08:39 |
hrumph |
i may not be able to make a particularly strong case |
| 08:40 |
hrumph |
can't find anything online about advantages of it over windowsy stuff for a pure windows world |
| 08:41 |
hrumph |
i'll just have to hide the fact that people who probably know better than me told me not to :) |
| 08:43 |
|
subsignal joined #salt |
| 08:45 |
|
markm joined #salt |
| 08:49 |
|
g3cko joined #salt |
| 08:49 |
|
supersheep joined #salt |
| 08:51 |
|
stoogenmeyer joined #salt |
| 08:52 |
|
s_kunk joined #salt |
| 08:54 |
|
onorua joined #salt |
| 08:55 |
|
ndrei joined #salt |
| 08:56 |
|
linjan joined #salt |
| 08:57 |
|
badon_ joined #salt |
| 09:04 |
|
Grokzen joined #salt |
| 09:06 |
|
s_kunk joined #salt |
| 09:07 |
|
supersheep joined #salt |
| 09:08 |
|
otter768 joined #salt |
| 09:10 |
|
g3cko joined #salt |
| 09:11 |
|
s_kunk joined #salt |
| 09:11 |
|
s_kunk joined #salt |
| 09:16 |
|
jeddi joined #salt |
| 09:19 |
|
g3cko joined #salt |
| 09:29 |
|
g3cko joined #salt |
| 09:41 |
|
ndrei joined #salt |
| 09:41 |
|
denys joined #salt |
| 09:43 |
|
g3cko joined #salt |
| 09:46 |
|
jhauser joined #salt |
| 09:50 |
|
supersheep joined #salt |
| 09:50 |
ksj |
to anyone who controls sudoers via salt, how do you verify the configuration is correct before installing the file? |
| 09:50 |
|
devops joined #salt |
| 09:51 |
ksj |
actually, I suppose it's not that big a deal. if you break it, you just edit the file and run highstate again...I'm being overly paranoid I guess, and forgot the minion is running as real root, not via sudo |
| 09:52 |
AndreasLutro |
ksj: if you don't have direct root access, an invalid sudoers file means you potentially lock yourself out of the ability to fix it |
| 09:52 |
AndreasLutro |
let me paste my state, sec |
| 09:53 |
devops |
while enabling gitfs. I am getting the message "No Top file or external nodes data matches found" in comment |
| 09:53 |
devops |
http://pastebin.com/J9MEY6NW |
| 09:53 |
AndreasLutro |
ksj: https://bpaste.net/show/1dfefc99f2a2 |
| 09:53 |
ksj |
AndreasLutro: sure, but the salt minion is running as root, so I could just edit the sudoers template and run the highstate again |
| 09:53 |
ksj |
AndreasLutro: ahh, nice |
| 09:54 |
ksj |
I like it |
| 09:54 |
AndreasLutro |
oh there's a mistake on line 15 |
| 09:54 |
AndreasLutro |
should be sudoers.tmp |
| 09:55 |
AndreasLutro |
and it should be cp, not mv... I should stop live-editing pastes |
| 09:56 |
ksj |
AndreasLutro: heh, yeah. I was going to rewrite it anyway, not just copy paste, but the idea is simple and effective |
| 09:56 |
|
ndrei joined #salt |
| 09:57 |
ksj |
I guess I could also do the same for other configs such as a PF ruleset check before installing....why didn't I think of doing it that way before? |
| 10:03 |
ntropy |
ksj: yeah cmd.run is really powerful but prone to abuse :) |
| 10:03 |
ntropy |
ideally there would be a module for sudo and pf etc |
| 10:04 |
AndreasLutro |
a validate_cmd arg for file.managed would be cool |
| 10:04 |
AndreasLutro |
if that command failed, automatically roll back the change |
| 10:05 |
ntropy |
interesting idea, but i'd say don't even commit the change if validate_cmd fails, instead of rolling back |
| 10:06 |
AndreasLutro |
if possible, yeah |
| 10:09 |
AndreasLutro |
ooh, there is a check_cmd arg already that might do what I'm suggesting already |
| 10:09 |
AndreasLutro |
The specified command will be run with the managed file as an argument. If the command exits with a nonzero exit code, the command will not be run. |
| 10:11 |
AndreasLutro |
yeah it works fine! https://bpaste.net/show/3e9a2cf9487a |
| 10:12 |
|
ndrei joined #salt |
| 10:12 |
|
supersheep joined #salt |
| 10:13 |
ksj |
AndreasLutro: cool! much nicer and more "salty" |
| 10:16 |
|
linjan joined #salt |
| 10:17 |
|
ndrei joined #salt |
| 10:17 |
|
leszq joined #salt |
| 10:23 |
|
ndrei joined #salt |
| 10:23 |
|
supersheep joined #salt |
| 10:32 |
ksj |
how do you guys deal with removing users after they leave the company? I have all my users in pillar, and I'd rather not have to have a separate "expired users" pillar and a separate "remove users" state, but I can't think of any other way to do it. It would be much nicer if I could define the users that should be there - like the file.recurse: clean option |
| 10:33 |
ksj |
then any other users should get removed |
| 10:34 |
AndreasLutro |
ksj: make sure each user is a dict, add a enable: true to each one, then switch it to false when they are to be removed |
| 10:34 |
AndreasLutro |
change your states accordingl |
| 10:34 |
AndreasLutro |
y |
| 10:35 |
|
napsterX joined #salt |
| 10:38 |
ksj |
AndreasLutro: yeah, that'll work. makes sense I guess, if not particularly elegant. I can't help but feel salt (and other config management tools) aren't really "idempotent". I don't want to have lots of "undo" states as it will get messy. The only real solution I've seen to that is the NixOS system, but that comes with its own set of issues |
| 10:40 |
AndreasLutro |
ksj: I dunno, I think it's less messy than it would be if salt tried to be more stateful - i.e. remember all the users/ssh keys that it installed and uninstall them when no longer present |
| 10:40 |
ksj |
but still, for stuff like users, packages etc. I'm sure it would be possible to have a "clean" option. e.g. I define a set of users, and I can be assured that ONLY those users will ever be on the system. Equally, a set of packages (and optionally their dependencies). I could list a set of daemons and know that only those daemons would ever be running |
| 10:41 |
AndreasLutro |
considering how many users come pre-installed with most linux distros + packages adding users I highly doubt that would be a viable option |
| 10:41 |
ksj |
AndreasLutro: why is it less messy? you mean from the salt code side?? that I don't know, but I know from the perspective of writing sls files, it would be a lot nicer if I didn't have to write separate states to undo previous things |
| 10:42 |
AndreasLutro |
yes, I think if salt attempted to do what you want, it would be a more unreliable piece of software |
| 10:43 |
|
bytemask joined #salt |
| 10:43 |
|
al joined #salt |
| 10:43 |
|
crashmag joined #salt |
| 10:43 |
|
Voziv joined #salt |
| 10:43 |
|
ampex joined #salt |
| 10:43 |
|
dustywusty joined #salt |
| 10:43 |
|
Whissi joined #salt |
| 10:43 |
|
freelock joined #salt |
| 10:43 |
|
nk joined #salt |
| 10:43 |
|
aarontc joined #salt |
| 10:43 |
|
izibi joined #salt |
| 10:43 |
|
anotherZero joined #salt |
| 10:43 |
|
gchao joined #salt |
| 10:43 |
|
whytewolf joined #salt |
| 10:43 |
|
chutzpah joined #salt |
| 10:43 |
|
[vaelen] joined #salt |
| 10:43 |
|
ThomasJ joined #salt |
| 10:44 |
|
programmerq joined #salt |
| 10:44 |
|
keimlink joined #salt |
| 10:44 |
|
kaiyou joined #salt |
| 10:44 |
|
esharpmajor joined #salt |
| 10:44 |
|
balltongu joined #salt |
| 10:44 |
|
edulix joined #salt |
| 10:44 |
|
Ymage joined #salt |
| 10:44 |
|
Antiarc joined #salt |
| 10:46 |
|
xenoxaos joined #salt |
| 10:46 |
ksj |
fair enough. that's a good enough reason not to do it. |
| 10:46 |
|
adelcast joined #salt |
| 10:47 |
|
jchadwick joined #salt |
| 10:47 |
|
denys joined #salt |
| 10:48 |
|
jcristau joined #salt |
| 10:49 |
|
leszq joined #salt |
| 10:56 |
|
ndrei joined #salt |
| 10:57 |
|
giantlock joined #salt |
| 10:58 |
|
CeBe joined #salt |
| 11:00 |
|
c10 joined #salt |
| 11:01 |
|
leszq joined #salt |
| 11:03 |
|
CeBe1 joined #salt |
| 11:05 |
|
Furao joined #salt |
| 11:07 |
|
giounaz joined #salt |
| 11:07 |
|
ndrei_ joined #salt |
| 11:08 |
|
linjan joined #salt |
| 11:08 |
giounaz |
Good day everyone |
| 11:08 |
giounaz |
i ma trying to add a gpg key using import_gpg_key inside a state |
| 11:09 |
giounaz |
for that i use module.run inside the state |
| 11:09 |
giounaz |
http://jpst.it/zHfV |
| 11:09 |
|
c10 joined #salt |
| 11:09 |
giounaz |
but i get the following error: Module function gpg.import_key threw an exception. Exception: list indices must be integers, not str |
| 11:09 |
giounaz |
any ideas? |
| 11:09 |
|
otter768 joined #salt |
| 11:10 |
|
supersheep joined #salt |
| 11:14 |
ksj |
wow. a pastebin that doesn't use a monospace font. that's...new. |
| 11:15 |
giounaz |
@ksj lol |
| 11:15 |
AndreasLutro |
giounaz: can get the full stack trace? |
| 11:15 |
giounaz |
@AndreasLutro errm......how do i do that? :-S |
| 11:16 |
AndreasLutro |
check your master log, or try running the same command with `-l debug` |
| 11:17 |
|
badon joined #salt |
| 11:21 |
giounaz |
i run the command with '-l debugg' biut didnt returned much extra info apart from the below' |
| 11:21 |
giounaz |
http://justpaste.it/lwi4 |
| 11:27 |
AndreasLutro |
ah... |
| 11:27 |
ksj |
Defaults editor=/bin/ed |
| 11:27 |
ksj |
??? |
| 11:27 |
ksj |
sorry, no idea how that got pasted |
| 11:28 |
|
julez joined #salt |
| 11:28 |
AndreasLutro |
giounaz: try running the module from the command line instead - salt my-minion gpg.import_key filename=/root/mygpg.key |
| 11:32 |
|
leszq joined #salt |
| 11:36 |
|
devops joined #salt |
| 11:38 |
|
kusams joined #salt |
| 11:38 |
|
c10 joined #salt |
| 11:42 |
giounaz |
@AndreasLutro ok..this is weird...i go to the minion and list the gpg keys..which is empty. I then exeute the command and get the same error HOWEVER the key indeed is imported in minion |
| 11:43 |
|
evle joined #salt |
| 11:44 |
|
TyrfingMjolnir joined #salt |
| 11:44 |
AndreasLutro |
giounaz: do you get a stack trace this time? |
| 11:46 |
|
c10 joined #salt |
| 11:47 |
giounaz |
AndreasLutro: same info as i pasted before. |
| 11:47 |
giounaz |
*passed |
| 11:48 |
AndreasLutro |
well that sucks, can't go bughunting without a stack trace |
| 11:50 |
VSpike |
It's strange. A couple of specific SLS files make my vim slow right down when using salt-vim. If I do :set ft=yaml then it's fine |
| 11:53 |
|
rdas joined #salt |
| 11:55 |
|
TyrfingMjolnir joined #salt |
| 11:56 |
|
julez joined #salt |
| 11:56 |
|
julez joined #salt |
| 11:59 |
giounaz |
AndreasLutro: I found a bit more info on the master log |
| 11:59 |
giounaz |
AndreasLutro: http://justpaste.it/lwj7 |
| 12:00 |
AndreasLutro |
giounaz: not what we need... maybe the stack trace is in the minion's log |
| 12:00 |
giounaz |
ok ill go have a look now |
| 12:03 |
|
kiorky joined #salt |
| 12:04 |
|
amcorreia joined #salt |
| 12:04 |
giounaz |
AndreasLutro: i think you are right, let me paste the log from minion |
| 12:06 |
|
bfoxwell joined #salt |
| 12:07 |
|
c10 joined #salt |
| 12:16 |
|
ndrei joined #salt |
| 12:19 |
|
linjan joined #salt |
| 12:20 |
giounaz |
AndreasLutro: http://justpaste.it/lwju |
| 12:20 |
giounaz |
AndreasLutro: is this what "we" looking for? |
| 12:21 |
|
adelcast joined #salt |
| 12:25 |
AndreasLutro |
giounaz: yeah. you should probably report an issue on github, include this part of the log https://bpaste.net/show/0f17ddfcf26f |
| 12:27 |
giounaz |
AndreasLutro: thanks for your efforts buddy :-D |
| 12:34 |
|
julez joined #salt |
| 12:34 |
|
leszq joined #salt |
| 12:35 |
|
supersheep joined #salt |
| 12:38 |
|
dendazen joined #salt |
| 12:41 |
|
kawa2014 joined #salt |
| 12:43 |
|
kawa2014 joined #salt |
| 12:44 |
|
_JZ_ joined #salt |
| 12:46 |
|
subsignal joined #salt |
| 12:48 |
|
numkem joined #salt |
| 12:59 |
|
otter768 joined #salt |
| 13:00 |
|
giantlock joined #salt |
| 13:01 |
|
kulty joined #salt |
| 13:05 |
ksj |
ugh, jinja question. I'm trying to do the following: {% for user in pillar['users']['sysadmins'] and pillar['users']['slasysadmins'] and pillar['users']['dba'] %} but for some reason it only takes the last pillar (users.dba) in this example. How do you concatenate lists like this in jinja? |
| 13:09 |
|
ferbla joined #salt |
| 13:09 |
|
XenophonF joined #salt |
| 13:10 |
|
c10 joined #salt |
| 13:10 |
|
murrdoc joined #salt |
| 13:11 |
|
subsignal joined #salt |
| 13:12 |
AndreasLutro |
ksj: pretty sure that's not possible |
| 13:12 |
AndreasLutro |
why do you need them in separate lists? |
| 13:13 |
|
jdesilet joined #salt |
| 13:13 |
ksj |
AndreasLutro: groups |
| 13:13 |
|
racooper joined #salt |
| 13:14 |
ksj |
tbh I didn't think it was going to work. I added the "and" assuming it would break, but it didn't. It just didn't work correctly. Jinja is weird as hell |
| 13:15 |
ksj |
I should be able to merge pillars with pillar.get though...but I can't seem to get it to work |
| 13:15 |
AndreasLutro |
you could create a macro and then have 3 for loops |
| 13:18 |
|
leszq joined #salt |
| 13:18 |
|
kawa2014 joined #salt |
| 13:19 |
|
perfectsine joined #salt |
| 13:25 |
|
drawsmcgraw joined #salt |
| 13:27 |
|
jespada joined #salt |
| 13:32 |
|
primechuck joined #salt |
| 13:32 |
|
GabLeRoux joined #salt |
| 13:33 |
ksj |
damn, it's so frustrating. all I want to do is to merge a few lists into one. The solution I've now got is http://dpaste.com/3BA03D1 which, of course, creates multiple conflicting IDs. Why is it that in Salt the simplest things like concatenating a list are so much harder than the stuff that should be hard, which is easy? I can apply a sudoers policy to a hundred servers at once, but can't merge two lists |
| 13:33 |
ksj |
without some awful jinja hackiness.....ugh. rant over. carry on |
| 13:36 |
|
linjan_ joined #salt |
| 13:36 |
|
timoguin joined #salt |
| 13:36 |
AndreasLutro |
ksj: why is that "of course"? |
| 13:36 |
AndreasLutro |
do you have users in both sysadmins and dba that have the same username? |
| 13:37 |
|
c10 joined #salt |
| 13:37 |
AndreasLutro |
also, I suspect you meant {% for group in pillar['groups'] if group in ['slasysadmins', 'sysadmins', 'dba'] %} |
| 13:39 |
ksj |
AndreasLutro: the "or" method actually works fine. more jinja weirdness. your way is much neater, obviously. |
| 13:39 |
ksj |
yeah, those are groups, so you can be a member of both |
| 13:39 |
ksj |
hence you get ID collisions |
| 13:39 |
AndreasLutro |
ksj: it works, but not like you think |
| 13:39 |
|
mpanetta joined #salt |
| 13:40 |
AndreasLutro |
ksj: this will always return true, so even if you have pillar['groups']['asdf'] it will iterate through it - if ('slasysadmins' or 'sysadmins' or 'dba') |
| 13:40 |
AndreasLutro |
ksj: well, again I wonder why you don't have a root-level list of "users" and just put a group key on each one |
| 13:41 |
ksj |
AndreasLutro: I'm open to doing it either way. Maybe that's the best way of doing it. |
| 13:42 |
|
napsterX joined #salt |
| 13:43 |
AndreasLutro |
https://bpaste.net/show/c00b61a4e73f this is how I'd recommend doing it |
| 13:43 |
drawsmcgraw |
AndreasLutro: ksj, I've struggled with that a bit myself. I have enough users that I don't want a 'groups' key under each one. I've gone the route of just a huge list of users, then a 'groups' key in Pillar like groups:ro-users or groups:myteam |
| 13:43 |
AndreasLutro |
using dicts instead of lists means you can add users from multiple pillar sls files |
| 13:43 |
AndreasLutro |
drawsmcgraw: well you can use user_dict.get('groups', []) |
| 13:44 |
AndreasLutro |
that'll return an empty list if the "group" key is not present |
| 13:44 |
AndreasLutro |
actually why don't I just paste my whole user state... |
| 13:44 |
drawsmcgraw |
AndreasLutro: True. And your users Pillar file is similar to mine (ssh_key entry over here, too). |
| 13:45 |
|
timoguin joined #salt |
| 13:45 |
AndreasLutro |
https://bpaste.net/show/44128666881d my actual user and ssh key states |
| 13:45 |
|
spark joined #salt |
| 13:45 |
drawsmcgraw |
Also -> I was unaware of the dot-notation for keying into Pillar like that. I would have done pillar['users'].iteritems(). Your is way cleaner. |
| 13:45 |
ksj |
drawsmcgraw: exactly. I have enough users that a groups dict under each one just seems messy. I'm thinking maybe it would be better to have a csv file and process it into yaml using awk or something |
| 13:46 |
AndreasLutro |
drawsmcgraw: it only works in jinja, mind you |
| 13:46 |
AndreasLutro |
jinja has this magic where it converts dot notation to [] notation through reflection and other magic |
| 13:46 |
drawsmcgraw |
AndreasLutro: Of course :) Will that fail hard if the Pillar value doesn't exist? |
| 13:46 |
drawsmcgraw |
OOOhhhhhh, okay. Worth knowing. |
| 13:46 |
drawsmcgraw |
Sounds like it will, since it just converts it to the 'ugly' way of keying into Pillar. |
| 13:46 |
AndreasLutro |
drawsmcgraw: no, pillar.get('users', {}) will return {} if the "users" key doesn't exist in the pillar |
| 13:47 |
|
MatthewsFace joined #salt |
| 13:47 |
drawsmcgraw |
AndreasLutro: But this -> {% for username, user in pillar.users.iteritems() %} |
| 13:47 |
drawsmcgraw |
*will* fail hard, right? |
| 13:47 |
AndreasLutro |
ah yes, that will |
| 13:47 |
drawsmcgraw |
okay, good to know |
| 13:47 |
drawsmcgraw |
I try to have all my Pillar calls fail hard. I'd rather a big nasty Salt error than some silent error down the line from a None value |
| 13:48 |
AndreasLutro |
as long as you're thinking about it it's fine. I often want default values to reduce verbosity in pillars |
| 13:49 |
drawsmcgraw |
Fair enough |
| 13:49 |
ksj |
AndreasLutro: thanks. I'm just going through your pastes. it's always really helpful to see real world working examples. |
| 13:49 |
|
Tecnico1931 joined #salt |
| 13:55 |
|
leszq joined #salt |
| 13:55 |
|
mou joined #salt |
| 13:59 |
|
dyasny joined #salt |
| 14:00 |
|
kusams joined #salt |
| 14:00 |
|
debian112 joined #salt |
| 14:00 |
|
tavist0_ joined #salt |
| 14:05 |
|
andrew_v joined #salt |
| 14:06 |
|
sacrelege joined #salt |
| 14:06 |
|
leszq joined #salt |
| 14:06 |
|
favadi joined #salt |
| 14:07 |
|
SheetiS joined #salt |
| 14:08 |
|
ekristen joined #salt |
| 14:11 |
|
emaninpa joined #salt |
| 14:12 |
ksj |
AndreasLutro: sorry to be a real nuisance, but can you paste the basic structure of your pillar file, there's a few things I'm unsure of |
| 14:14 |
|
bmac2 joined #salt |
| 14:16 |
|
scoates joined #salt |
| 14:16 |
|
CeBe1 joined #salt |
| 14:17 |
|
leszq joined #salt |
| 14:17 |
|
SheetiS joined #salt |
| 14:19 |
|
fyb3r joined #salt |
| 14:22 |
|
SheetiS1 joined #salt |
| 14:23 |
|
Smoked_Duck joined #salt |
| 14:24 |
|
asaladin joined #salt |
| 14:27 |
|
markm joined #salt |
| 14:32 |
cheine_ |
Is it possible to have a sleep period between two depending states? Because apparently, if docker.running starts a container it doesn't wait until the container is really running. |
| 14:34 |
cheine_ |
In the other state I use a template, which calls 'docker inspect' and the template is filled with "Error: No such image or container:" on the first run of state.highstate. |
| 14:35 |
cheine_ |
Could that be a bug? |
| 14:37 |
|
jespada joined #salt |
| 14:37 |
asoc_ |
cheine_: you could always use a cmd.run with a ping -n # to wait for # seconds |
| 14:39 |
cheine_ |
So the template state depends on a cmd.run('sleep 5') which depends on the docker.running state. Yeah that is a solution, but maybe not the nicest ;) But thanks for suggesting. |
| 14:40 |
cheine_ |
so the cmd.run state waits for a command to be completed, but docker.running does not? Strange... |
| 14:41 |
sacrelege |
hi all, I never used saltstack and I try to understand the top file. I saw there is a good intro how to handle several environment and a base base conf. on top of that. Is it possible to extend this further by introducing the customer dimension? |
| 14:42 |
sacrelege |
So every customer has its own qa, int and prod? |
| 14:42 |
cheine_ |
asoc_: Oh and I think you meant cmd.wait right? |
| 14:43 |
cheine_ |
sacrelege: Don't know what you mean by customer. |
| 14:45 |
|
ndrei joined #salt |
| 14:46 |
|
Heartsbane joined #salt |
| 14:46 |
sacrelege |
cheine_, lets say we develop software and deploy them on servers. For each customer we have a complete set of staging environment up to production. |
| 14:46 |
XenophonF |
sacrelege: what you want to do is possible |
| 14:46 |
cheine_ |
sacrelege: You could just name your environments "[customer]-[environment]" (e.g. customer1-qa)? |
| 14:47 |
sacrelege |
XenophonF, cheine_ please be aware, that my needs would also be to set configuration parameters which should apply to all-QA or all-Integration system (no matter what customer). |
| 14:48 |
XenophonF |
sacrelege: i'd make the different assignments using pillar |
| 14:48 |
sacrelege |
XenophonF, cheine_ and also other configuration variables, which are valid for a certain customer, no matter what environment (qa, int, prod) |
| 14:48 |
cheine_ |
sacrelege: I would try to do this via pillar or grain matching |
| 14:49 |
sacrelege |
hmm since I don't know what pillar or grain means, I think I will just go a head and read more about saltstack in general. |
| 14:49 |
XenophonF |
sacrelege: if you want to see an example of top.sls targeting using pillar, you can look at my git repos - https://github.com/irtnog/salt-states and https://github.com/irtnog/salt-pillar-example |
| 14:50 |
|
Slimmons joined #salt |
| 14:50 |
sacrelege |
cool thx ! |
| 14:50 |
XenophonF |
sacrelege: you could extend my example by adding another pillar key named 'customer' |
| 14:50 |
|
sgargan joined #salt |
| 14:51 |
|
kiorky joined #salt |
| 14:51 |
XenophonF |
sacrelege: in top.sls, you could have additional customer-specific environments, or you could have customer-specific compound pillar matches in existing dev/test/stage/prod environments |
| 14:51 |
XenophonF |
whatever is clearest to your admins - although i'd probably recommend separating customers into separate environments |
| 14:52 |
XenophonF |
or if you use git, into separate repositories, even |
| 14:52 |
|
Micromus joined #salt |
| 14:52 |
XenophonF |
i do all targeting from top.sls in the base environment |
| 14:52 |
sacrelege |
XenophonF, ok |
| 14:52 |
XenophonF |
that way, it's all in one file |
| 14:52 |
XenophonF |
and i don't use environments in pillar |
| 14:52 |
sacrelege |
XenophonF, I think I have read a bit more first, to understand what you are saiyng and your files.. |
| 14:53 |
XenophonF |
of course, you should do whatever makes the most sense to you |
| 14:53 |
sacrelege |
XenophonF, but thanks a lot s far. |
| 14:53 |
hrumph |
anyone have experience with salt and windows workstations? |
| 14:53 |
XenophonF |
sacrelege: there are many, many other ways to handle targeting |
| 14:53 |
XenophonF |
hrumph: i do |
| 14:53 |
|
clintberry joined #salt |
| 14:54 |
|
JackOnneill joined #salt |
| 14:54 |
|
julez joined #salt |
| 14:54 |
|
linjan_ joined #salt |
| 14:54 |
hrumph |
XenophonF, someone here was telling me that in a mostly windows environment i should just use AD and stuff...i was hoping to use salt. could there be any benefits to using salt apart from the fact I can run it from a linux box and can have more than just windows minions? |
| 14:55 |
|
lothiraldan joined #salt |
| 14:55 |
|
JackOnneill left #salt |
| 14:56 |
hrumph |
XenophonF, i mean as a linux guy is there any way i could justify using salt in a primarily windows world? |
| 14:56 |
|
c10 joined #salt |
| 14:56 |
hrumph |
other than i'm familiar with linux |
| 14:56 |
XenophonF |
hrumph: what do you mean by "AD and stuff"? do you mean just native tools like GPO and startup/shutdown/login/logout scripts? |
| 14:57 |
hrumph |
XenophonF, at first i'm going to use salt just to gather info from PC's then i'll start using it to manage them |
| 14:57 |
|
Dev0n joined #salt |
| 14:57 |
XenophonF |
that's a good start - the salt mine stuff looks really interesting (though i haven't used it yet myself) |
| 14:57 |
hrumph |
XenophonF, someone was saying that you can use active directory to do it and active directory will be more suited to it |
| 14:58 |
hrumph |
XenophonF, yes i mean salt as opposed to the native tools |
| 14:58 |
|
conan_the_destro joined #salt |
| 14:58 |
XenophonF |
so given just native tools - AD, GPO, WMI, PowerShell - how do they compare to Salt? |
| 14:58 |
hrumph |
XenophonF, so can i make any argument for use of salt other than "i don't really enjoy windows"? |
| 14:58 |
XenophonF |
LOL |
| 14:58 |
XenophonF |
yes you can |
| 14:58 |
XenophonF |
take software deployment |
| 14:58 |
|
leszq joined #salt |
| 14:59 |
hrumph |
XenophonF, awesome. let's hear it because i want to be able to tell my boss |
| 14:59 |
XenophonF |
you can use GPOs and login scripts to deploy software |
| 14:59 |
XenophonF |
but GPOs are limited to MSI packages only, computer startup scripts only run at boot time, and login scripts require some way of embedding admin credentials |
| 15:00 |
XenophonF |
plus without a bit of coding, you don't necessarily get any feedback as to whether deployments are successful |
| 15:00 |
XenophonF |
compare with Salt's pkg.installed or pkg.latest states |
| 15:00 |
hrumph |
these are some awesome talking points |
| 15:00 |
hrumph |
thanks |
| 15:00 |
hrumph |
i'm feeling a lot less depressed now |
| 15:00 |
XenophonF |
you can deploy MSI or scripted EXE installers from a Windows package repo |
| 15:01 |
XenophonF |
Salt will track the deployment and return success/fail data back to the master |
| 15:01 |
XenophonF |
the only limit there is whether your installer can be scripted (and i've done my fair share of repackaging, which sucks, but that's the same problem whether you're using Salt, GPO, or something else) |
| 15:02 |
XenophonF |
you could also use WMI or PowerShell's remote execution feature to gather data about installed software |
| 15:02 |
XenophonF |
i mean, PowerShell is how Salt gets the info |
| 15:02 |
XenophonF |
but you'd have to make your own database, where as Salt Mine comes with Salt |
| 15:02 |
XenophonF |
just to pick one example |
| 15:03 |
hrumph |
wow |
| 15:03 |
XenophonF |
consider too feature/role deployments |
| 15:03 |
hrumph |
why aren't these points made on the web? anyway keep going |
| 15:03 |
XenophonF |
let's say you want to turn on the Hyper-V feature across your developer workstations |
| 15:04 |
XenophonF |
i don't think you can control which features get installed via GPO, but don't quote me on that |
| 15:04 |
XenophonF |
GPO is very powerful! |
| 15:04 |
|
sdm24 joined #salt |
| 15:04 |
drawsmcgraw |
Salt needs a "Why Salt?" brochure. Badly. |
| 15:04 |
drawsmcgraw |
I nominate XenophonF for the first draft :D |
| 15:04 |
XenophonF |
but that's very easy to do via Salt - the win_servermanager states |
| 15:05 |
XenophonF |
hah well i'm selling this to the rest of my team :) |
| 15:05 |
drawsmcgraw |
I know the feeling. I was on the defensive for a *long* time myself |
| 15:05 |
XenophonF |
again, as with software deployments, Salt tracks the progress of the feature install and returns success/failure results to the master |
| 15:05 |
|
theologian joined #salt |
| 15:06 |
XenophonF |
whereas you don't easily get feedback when using GPO - you'd have to go trawling through the event logs of the targeted workstations |
| 15:06 |
XenophonF |
hrumph: are you operating a multi-forest AD environment? |
| 15:06 |
XenophonF |
I am |
| 15:07 |
hrumph |
XenophonF, it's in a non-forrest AD environmnet |
| 15:07 |
XenophonF |
i'm managing five separate production forests in three continents |
| 15:07 |
XenophonF |
and only two pairs of forests have trust relationships |
| 15:07 |
hrumph |
XenophonF, i don't have much control over the AD side because we operate in a subunit of a larger organsation (this is reason for *me* to want salt but not necessarily a reason for other people to) |
| 15:08 |
XenophonF |
so i often want to be able to run commands across servers in different forests, some of which can't talk to one another, from a vantage point outside all three of my primary data centers |
| 15:08 |
XenophonF |
we're running Salt in AWS, and everything globally can talk to it |
| 15:08 |
|
lothiraldan joined #salt |
| 15:08 |
XenophonF |
so i can run one command from my salt master that reaches out to computers in all five forests |
| 15:09 |
XenophonF |
whereas in PowerShell, I could accomplish the same kind of remote exec tasks but with a little more complexity |
| 15:10 |
XenophonF |
i still use GPOs and tools like WSUS (well, nowadays Panorama9, but you get the idea) |
| 15:10 |
XenophonF |
but i'm slowly converting the GPOs into Salt states |
| 15:10 |
XenophonF |
think, too, about orchestration |
| 15:11 |
XenophonF |
I have Salt integrated with my hypervisors. |
| 15:11 |
XenophonF |
so Salt manages my VM configs, builds VMs on demand, and pushes configs down to them |
| 15:12 |
|
felixhummel joined #salt |
| 15:12 |
XenophonF |
i don't have a public example yet, but one set of salt-cloud configs and salt state formulas deploys a AD DS replica domain controller |
| 15:12 |
XenophonF |
including DNS and WINS |
| 15:12 |
hrumph |
wow |
| 15:12 |
XenophonF |
all the configs of which are in Git |
| 15:13 |
hrumph |
you're making salt sound like a no-brainer |
| 15:13 |
XenophonF |
right now, our Salt master can spin up VMs in AWS EC2, but I'm looking at vSphere and OpenStack next |
| 15:13 |
XenophonF |
actually the Salt develop branch has a completely revised VMware driver that i'm very excited to try out |
| 15:13 |
|
julez joined #salt |
| 15:14 |
|
leszq joined #salt |
| 15:15 |
XenophonF |
now in some cases it's salt running powershell cmdlets, right? so i'm using win_servermanager.installed states to add the "AD-Domain-Services" (etc.) features |
| 15:15 |
drawsmcgraw |
XenophonF: Have you done a talk on Salt on Windows? I'm sure you're aware that you're in the minority, running Windows systems with Salt |
| 15:16 |
XenophonF |
and i'm using cmd.run (with shell set to "powershell") to run "Install-ADDSDomainController" |
| 15:16 |
XenophonF |
drawsmcgraw: no i haven't done any salt talks |
| 15:16 |
XenophonF |
hrumph: honestly, the best part about all of this is that i have all my configs and states and whatnot in Git |
| 15:17 |
drawsmcgraw |
XenophonF: Well you're sitting on a gold mine, in my opinion. |
| 15:17 |
XenophonF |
sometimes it feels like i'm the only one who documents things around here |
| 15:17 |
XenophonF |
i wanted a way to turn my change logs and screen captures and build docs into executable programs |
| 15:17 |
XenophonF |
because inevitably someone (including myself!) would misspell something or leave out a step or whatever |
| 15:18 |
XenophonF |
it's a lot harder to get change control on VMware guest profiles or Group Policy Objects out of the box, just to pick two examples |
| 15:18 |
|
arthurlutz joined #salt |
| 15:19 |
|
tavist0_ joined #salt |
| 15:19 |
|
tfield joined #salt |
| 15:19 |
arthurlutz |
hi all, is there an issue or a discussion somewhere about sending back the status of each low_state to the master as we go, instead of sending back the highstate result at the "end" of the run ? |
| 15:19 |
XenophonF |
GPOs and login scripts and whatnot definitely still have their place |
| 15:20 |
XenophonF |
drawsmcgraw: i'd like to get some concrete examples together, first |
| 15:20 |
drawsmcgraw |
Of course |
| 15:21 |
XenophonF |
a lot of what i'm doing is AWS-centric at the moment |
| 15:21 |
XenophonF |
i want to do more with vSphere soon, though |
| 15:24 |
asoc |
cheine_: I think cmd.run should work. But I haven't tried it. http://docs.saltstack.com/en/latest/ref/states/all/salt.states.cmd.html#should-i-use-cmd-run-or-cmd-wait |
| 15:24 |
drawsmcgraw |
I'm interested to see what happens with the vSphere development as well. Most of what I've seen for "private cloud" means VMWare. |
| 15:24 |
drawsmcgraw |
arthurlutz: I vaguely remember something like that but I don't know if/where that issue is.... |
| 15:25 |
iggy |
arthurlutz: doubtful... that's just really not the way Salt is built (and I don't think it's something anyone is motivated enough to try to solve) |
| 15:25 |
asoc |
cheine_: I have seen it where some processes return but are just a wrapper for a different process that keeps running in the background. So that might be what is going oin with the docker.running |
| 15:25 |
|
tfield joined #salt |
| 15:25 |
drawsmcgraw |
Just in case someone else wants to brush up on their writing skills, I've started a (very pitiful) 'why salt?' repo: https://github.com/drawsmcgraw/why-salt |
| 15:25 |
drawsmcgraw |
I'm happy to put my energy somewhere else if there's another place for this type of thing. |
| 15:26 |
asoc |
cheine_: I am not very familiar with docker so it is just a guess. |
| 15:32 |
cheine_ |
asoc: Thanks, I will take a look at it. |
| 15:33 |
XenophonF |
drawsmcgraw: i'll take a look |
| 15:33 |
XenophonF |
the domestic IT team here uses Puppet, so a lot of the flack i got was along the lines of why international IT did something different |
| 15:34 |
XenophonF |
i would have been happy to use puppet, but there's no way they're going to allow the international networks talk to the domestic ones, so that settled that |
| 15:35 |
|
adelcast left #salt |
| 15:35 |
|
writtenoff joined #salt |
| 15:36 |
|
spiette joined #salt |
| 15:36 |
|
Brew joined #salt |
| 15:36 |
drawsmcgraw |
XenophonF: Thanks! And well-played with using the organization against itself for a case for Saltstack |
| 15:36 |
|
MatthewsFace joined #salt |
| 15:37 |
arthurlutz |
drawsmcgraw: iggy: thanks for your answer, someone using ansible said it was a feature they liked in ansible. |
| 15:37 |
XenophonF |
hah well it wasn't really a play - i'd much rather not take on a lot of extra technical support w/r/t config management infrastructure |
| 15:37 |
XenophonF |
they've got puppet, github enterprise, and all sorts of other goodies |
| 15:37 |
XenophonF |
but i can't use any of them |
| 15:37 |
iggy |
arthurlutz: if your highstates are taking so long to run that you feel like you need progress bars, you've probably got bigger problems |
| 15:38 |
XenophonF |
now that i've learned it, i like salt a lot, and i'm glad i got to do my own thing |
| 15:38 |
XenophonF |
but that also means i have no one beside you fine folks on IRC to turn to for help |
| 15:38 |
iggy |
I try to keep my highstates fairly minimal and use the reactor/scheduler for bigger stuff |
| 15:38 |
arthurlutz |
iggy: careful with that kind of approach, salt is supposed to be agile around your infrastructure, not tell you that you're doing it wrong |
| 15:38 |
XenophonF |
and teaching this stuff to my team is challenging |
| 15:38 |
fyb3r |
can you not batch the ammount of minions returning their data? |
| 15:39 |
iggy |
salt isn't, I am ;) |
| 15:39 |
|
jalbretsen joined #salt |
| 15:39 |
fyb3r |
either way :D |
| 15:39 |
arthurlutz |
iggy: but I find your reactor/scheduler approach can be interresting |
| 15:39 |
|
otter768 joined #salt |
| 15:40 |
iggy |
fyb3r: batching just slows the amount of jobs sent out at once, they all return when they are done (whether using batching or not) |
| 15:40 |
arthurlutz |
now that I think of it, couldn't a simple running break a highstate into low states and run them sequentially ? |
| 15:40 |
iggy |
it's possible (with code changes) |
| 15:40 |
|
leszq_ joined #salt |
| 15:41 |
iggy |
but like I said... I've not heard anyone jumping in to do that coding |
| 15:41 |
iggy |
every once in a while, someone pops up and thinks it's a great idea |
| 15:41 |
iggy |
then they start looking at the work involved :) |
| 15:44 |
|
ranomore joined #salt |
| 15:44 |
|
slav0nic joined #salt |
| 15:52 |
drawsmcgraw |
XenophonF: I understand. I had the same situation. Organization was huge, so I was free to do what I wanted. That didn't stop the regular influx of "Why not Puppet?" questions, though |
| 15:52 |
|
Grokzen joined #salt |
| 15:53 |
drawsmcgraw |
arthurlutz: Sure thing. To be honest, I wouldn't hold my breath for it. But, when I'm writing/testing my states, I have a dev VM and I run 'salt-call' to get 'live' feedback. |
| 15:53 |
|
onorua joined #salt |
| 15:54 |
arthurlutz |
drawsmcgraw: yep, I often do the same |
| 15:54 |
|
druonysus joined #salt |
| 15:54 |
XenophonF |
drawsmcgraw: i'm _much_ more comfortable with python, yaml, and jinja, having tinkered a lot with the zope and django web app frameworks, plus the yaml->funcall nature of salt feeds the part of my brain that loves lisp :) |
| 15:54 |
|
Whissi joined #salt |
| 15:54 |
|
ndrei joined #salt |
| 15:55 |
drawsmcgraw |
XenophonF: Ah, itches a lot of things, huh? |
| 15:55 |
drawsmcgraw |
One of these days I'll set aside some time to get into flow-based programming.... |
| 15:55 |
|
adelcast joined #salt |
| 15:56 |
|
cluther left #salt |
| 15:56 |
XenophonF |
drawsmcgraw: you bet |
| 15:57 |
XenophonF |
i've long had this idea of "object oriented system administration" |
| 15:57 |
XenophonF |
the way i have roles and environments arranged in my salt deployment lets me implement it |
| 15:58 |
XenophonF |
where there's a base class - common configs every computer gets - and sub-classes - server roles getting configs specific to them |
| 15:58 |
XenophonF |
servers become instances |
| 15:58 |
XenophonF |
i can use additional targeting rules to implement things like mixins (CLOS!) |
| 15:58 |
XenophonF |
and so on |
| 15:58 |
Mate |
XenophonF: your infrastructure (code base :) and working method is really impressive |
| 15:58 |
drawsmcgraw |
Really drives home the notion that your data center is a software project, huh? |
| 15:59 |
Mate |
thanks for sharing |
| 15:59 |
XenophonF |
drawsmcgraw: yes! i don't know who said it first, but i saw it on salt's wikipedia entry - infrastructure-as-code |
| 15:59 |
XenophonF |
Mate: you're welcome! |
| 16:00 |
Mate |
i see we are in the right direction, but far from it :( |
| 16:00 |
|
c10 joined #salt |
| 16:02 |
XenophonF |
i won't claim i'm doing it right |
| 16:02 |
XenophonF |
lots of other people on here have different ways to accomplish similar config mgmt tasks |
| 16:03 |
|
wendall911 joined #salt |
| 16:05 |
|
coderMe joined #salt |
| 16:07 |
|
coderMe joined #salt |
| 16:08 |
Mate |
but i havent seen such a positive overview here in the last few weeks |
| 16:08 |
|
gladiatr joined #salt |
| 16:08 |
|
coderMe joined #salt |
| 16:09 |
XenophonF |
at work my goal is to be able to release our configuration formulas for use in developing countries |
| 16:09 |
XenophonF |
Salt's integration with Git is really interesting as a result |
| 16:09 |
|
beneggett joined #salt |
| 16:10 |
|
kawa2014 joined #salt |
| 16:10 |
|
coderMe joined #salt |
| 16:10 |
|
thedodd joined #salt |
| 16:10 |
|
stoogenmeyer joined #salt |
| 16:10 |
drawsmcgraw |
XenophonF: Found a use case for the "mnt_point" options for GitFS? |
| 16:11 |
|
nate_c joined #salt |
| 16:11 |
|
coderMe joined #salt |
| 16:12 |
XenophonF |
drawsmcgraw: is this what you mean? http://docs.saltstack.com/en/latest/ref/configuration/master.html#std:conf_master-gitfs_mountpoint |
| 16:12 |
XenophonF |
i haven't used that |
| 16:12 |
XenophonF |
at least, not yet |
| 16:12 |
drawsmcgraw |
XenophonF: yeah, that. Sorry, was going off of memory |
| 16:12 |
XenophonF |
is all good |
| 16:12 |
Slimmons |
Hey guys, I have a problem I haven't been able to resolve. I'm trying to use git.latest, and I've tried lots of different configurations, and my errors don't seem to tell me anything useful (or i'm reading it incorrectly). if you look in my "masterenvironment.init", and look at the errors reported from salt 'master' state.highstate -l debug, that is where I've gotten so far. https://gist.github.com/johnsimmons/6d8fded189bca4e85a59 |
| 16:12 |
drawsmcgraw |
I've seen people use that option for managing *a lot* of different git repos in their deployments. |
| 16:13 |
pcn |
I'm having a lot of trouble understanding why a pillar won't render. The suggestion from the salt command to look at the master log doesn't seem to provide any insight. |
| 16:13 |
pcn |
I've got a highstate that intalls cassandra. |
| 16:13 |
Slimmons |
bleh, and i have to go afk for abit. |
| 16:13 |
drawsmcgraw |
pcn: Try a pillar.items() | less. Then inspect the top of the output for any possible rendering errors. |
| 16:13 |
iggy |
Slimmons: that can't be all the debug output |
| 16:14 |
XenophonF |
Slimmons: maybe enable trace logging, too? |
| 16:14 |
pcn |
drawsmcgraw: I was getting to that - pillar.items does work |
| 16:14 |
|
husanu1 joined #salt |
| 16:14 |
|
desposo joined #salt |
| 16:14 |
drawsmcgraw |
pcn: ah :/ |
| 16:14 |
pcn |
So my goal is to install a system, then run a separate couple of states that configure the cassandra system with pillar data that's based on the other nodes in the cluster. |
| 16:15 |
pcn |
Doing e.g.: sudo salt cassandradatanode1 state.sls cassandra.config_files 'pillar={"seed_list": "10.159.115.164,10.233.132.40,10.37.177.70"}' |
| 16:15 |
pcn |
fails rendering the pillar |
| 16:16 |
iggy |
pillar='...' |
| 16:16 |
|
husanu joined #salt |
| 16:16 |
iggy |
and is that really supposed to be a comma separate list? or an actual python/jinja list? |
| 16:17 |
drawsmcgraw |
what iggy said |
| 16:17 |
pcn |
It's cassandra :( they want a single string, comma-separated |
| 16:17 |
iggy |
okay, I don't know cassandra, just asking since it looked odd |
| 16:18 |
pcn |
Fair question |
| 16:21 |
drawsmcgraw |
pcn: Does wrapping the pillar args in quotes work? |
| 16:22 |
pcn |
I'm not sure I understand what you're asking. |
| 16:22 |
iggy |
sudo salt '*mqdb*' state.sls postgres pillar='{"postgres": {"pg_hba.conf": "salt://postgres/pg_hba.conf", "acls": [["host","mqdb","mqdb","172.16.0.0/16","md5"]]}}' |
| 16:23 |
iggy |
that's the last command I ran with a pillar on the command line |
| 16:23 |
|
aparsons joined #salt |
| 16:23 |
pcn |
Let me add to the strange: if I restart the salt master and minion I'm targeting, then it works |
| 16:23 |
* iggy |
backs away slowly |
| 16:23 |
pcn |
Minions that i haven't restarted fail |
| 16:24 |
|
venu0336 joined #salt |
| 16:24 |
|
bbhoss joined #salt |
| 16:25 |
|
ghoti joined #salt |
| 16:28 |
|
GabLeRoux joined #salt |
| 16:30 |
|
spookah joined #salt |
| 16:30 |
XenophonF |
i wish the selinux state module let you do more selinux things, which is another way to say changing it is hard and i want someone else to do it because i'm lazy :) |
| 16:31 |
pcn |
Oh, I wonder... |
| 16:32 |
pcn |
These minions are vagrant ec2 nodes. I wonder if the minion just needs to be restarted because it has some weird start at the outsent |
| 16:32 |
pcn |
So let me try that before running any states and see if it works out for the better |
| 16:33 |
|
aparsons_ joined #salt |
| 16:33 |
|
giantlock joined #salt |
| 16:34 |
sporkd21 |
is there any way to have salt show me which credentials salt-cloud is using? |
| 16:34 |
sporkd21 |
debug / trace do not show it |
| 16:34 |
iggy |
do you have some reason to believe it's not using the credentials you told it to use? |
| 16:35 |
|
ingslovak1 joined #salt |
| 16:36 |
|
husanu joined #salt |
| 16:37 |
sporkd21 |
iggy: I'm trying to do salt-cloud --list-images <provider> |
| 16:37 |
sporkd21 |
on my saltmaster I get a 401 cred error, if I bring up a vagrant salt-master and run same command I get the images listed |
| 16:38 |
sporkd21 |
same salt versions, but I'm wondering if my "real" saltmaster is getting creds from somewhere else |
| 16:38 |
sporkd21 |
neither are running in AWS so it's not metadata |
| 16:41 |
pcn |
Yeppers. The node can run the highstate but not the other states unless I restart it once because reasons. |
| 16:41 |
pcn |
Ignore me. |
| 16:41 |
|
amcorreia joined #salt |
| 16:42 |
|
napsterX joined #salt |
| 16:42 |
|
catpig joined #salt |
| 16:44 |
|
ksalman joined #salt |
| 16:47 |
|
catpig joined #salt |
| 16:50 |
|
kaptk2 joined #salt |
| 16:57 |
|
keimlink joined #salt |
| 16:57 |
sporkd21 |
iggy: if anyone ever says that, my time was off |
| 16:59 |
sporkd21 |
someone can close this https://github.com/saltstack/salt/issues/22498#issuecomment-106929797 |
| 17:00 |
|
keimlink joined #salt |
| 17:03 |
|
GabLeRoux joined #salt |
| 17:04 |
|
cliluw joined #salt |
| 17:08 |
|
forrest joined #salt |
| 17:08 |
|
nk joined #salt |
| 17:08 |
|
borgstrom joined #salt |
| 17:09 |
|
pliniker joined #salt |
| 17:10 |
|
pliniker left #salt |
| 17:10 |
|
scoates_ joined #salt |
| 17:11 |
|
pliniker joined #salt |
| 17:13 |
|
baweaver joined #salt |
| 17:14 |
|
theologian joined #salt |
| 17:15 |
|
DammitJim joined #salt |
| 17:20 |
iggy |
sporkd21: thanks for updating us on the outcome, it helps more than most people realize |
| 17:22 |
|
linjan joined #salt |
| 17:23 |
|
conan_the_destro joined #salt |
| 17:24 |
|
ajw0100 joined #salt |
| 17:27 |
Slimmons |
iggy: sorry I was afk. That's all the debug output I get. |
| 17:27 |
|
napsterX joined #salt |
| 17:28 |
iggy |
Slimmons: then try what someone else said and use -l trace |
| 17:28 |
|
hal58th joined #salt |
| 17:29 |
|
hal58th_1 joined #salt |
| 17:34 |
|
baweaver joined #salt |
| 17:34 |
|
nate_c joined #salt |
| 17:35 |
Slimmons |
I commented on the -l trace output, and it doesn't seem to be much more useful. https://gist.github.com/johnsimmons/6d8fded189bca4e85a59 |
| 17:35 |
|
leszq joined #salt |
| 17:36 |
Slimmons |
I thought maybe I had messed up something in the master file, but if it couldn't find the root directory, it would throw errors. |
| 17:40 |
|
otter768 joined #salt |
| 17:41 |
iggy |
your top file says masterminion and your command line says master |
| 17:41 |
|
JordanTesting joined #salt |
| 17:41 |
|
JordanTesting joined #salt |
| 17:42 |
iggy |
oh wait |
| 17:42 |
iggy |
use salt-call -l debug from the minion you are targeting |
| 17:42 |
iggy |
salt 'foo' -l debug isn't generally all that useful |
| 17:43 |
|
nitenq joined #salt |
| 17:44 |
|
aparsons joined #salt |
| 17:45 |
Slimmons |
Yeah, i manually typed the command incorrectly. Should have been masterminion |
| 17:45 |
Slimmons |
I'll use the salt-call -l debug |
| 17:46 |
|
Fiber^ joined #salt |
| 17:47 |
|
twork_ joined #salt |
| 17:48 |
|
cruatta joined #salt |
| 17:49 |
|
aw110f joined #salt |
| 17:51 |
|
desposo1 joined #salt |
| 17:52 |
|
cruatta joined #salt |
| 17:53 |
|
leszq joined #salt |
| 17:56 |
|
[7hunderbird] joined #salt |
| 17:56 |
|
venu0336 joined #salt |
| 17:56 |
|
ageorgop joined #salt |
| 17:58 |
|
TyrfingMjolnir joined #salt |
| 17:59 |
|
chiui joined #salt |
| 18:02 |
Slimmons |
I uploaded the error. It's giving a KeyError. Looking into that now. |
| 18:03 |
twork_ |
hey all. i'm on run number... three or four trying to get my head around salt. i keep getting interrupted, which doesn't help. right now my mission to myself is: just make it distribute two versions of a damn file. |
| 18:03 |
twork_ |
the docs are great for the structural stuff but right now i just want a hint to make it go. |
| 18:03 |
forrest |
twork_: Okay, what issue are you encountering with multiple versions of files, and in what way are you trying to say 'this machine should get this file'. |
| 18:04 |
twork_ |
that's my first problem... |
| 18:04 |
|
leszq joined #salt |
| 18:05 |
twork_ |
baby steps. |
| 18:05 |
twork_ |
just make it do a thing. any thing. the docs are telling me how to lay out my archive, which is great, but i want to set that aside for now, and just play with the tools. |
| 18:05 |
forrest |
Do you already have salt deploying a basic version of the file? |
| 18:06 |
twork_ |
no. |
| 18:06 |
iggy |
Slimmons: look at the rendered top file... master:\n '': |
| 18:06 |
iggy |
Slimmons: also, put ``` around the pastes in the comments so github doesn't try to read it as markdown |
| 18:06 |
|
morsik left #salt |
| 18:07 |
forrest |
twork_: Okay, so right now you just have the masterless minion installed and are playing with that? |
| 18:07 |
twork_ |
i have a master and a minion. i have the minion registered wth the master, and the master can query for state. |
| 18:07 |
forrest |
okay, have you run commands against the minion from the master? |
| 18:08 |
twork_ |
minion can 'salt-call -i debug pillar.items', for instance. |
| 18:08 |
twork_ |
yeah |
| 18:08 |
forrest |
okay |
| 18:08 |
forrest |
seems like you are about here then: http://docs.saltstack.com/en/latest/topics/tutorials/walkthrough.html#the-first-sls-formula |
| 18:08 |
forrest |
they're doing that work on the master, and you can get some pretty quick results if you start there. |
| 18:09 |
Slimmons |
iggy: I have no idea why it would be rendering with the master:\n '': blank. I've definitely got a name in there. |
| 18:09 |
twork_ |
thanks. embarrassed to say i have started there at least twice, got into the weeds, got interrupted, and came back lost. |
| 18:09 |
Slimmons |
maybe it doesn't like the minion name |
| 18:09 |
twork_ |
thanks forrest. |
| 18:10 |
forrest |
twork_: No problem. If you're confused about something feel free to ask, starting there is going to be the best way to learn though :) |
| 18:11 |
|
baweaver joined #salt |
| 18:11 |
Slimmons |
iggy: The minion id: x definitely matches what's in the master:\n 'x': |
| 18:13 |
|
leszq joined #salt |
| 18:14 |
|
lexter joined #salt |
| 18:17 |
|
denys joined #salt |
| 18:17 |
|
Laogeodritt joined #salt |
| 18:17 |
iggy |
are you obfuscating things? |
| 18:19 |
iggy |
and why do you have your environments named master and server? |
| 18:19 |
Slimmons |
lol, not intentionally |
| 18:19 |
Slimmons |
I don't actually, I just named them that on the gist in order to make what I was trying to do more clear. They actually have different names |
| 18:20 |
Slimmons |
I should probably just change the gist to match exactly what is there. |
| 18:20 |
iggy |
I give up |
| 18:20 |
Slimmons |
lol |
| 18:21 |
|
twork_ joined #salt |
| 18:27 |
|
nate_c joined #salt |
| 18:28 |
|
murrdoc joined #salt |
| 18:30 |
|
tomh- joined #salt |
| 18:32 |
Slimmons |
I'll let you know once ti's fixed. I'm sure it's something small that I don't have set up right. |
| 18:32 |
|
OnTheRock joined #salt |
| 18:35 |
|
baweaver joined #salt |
| 18:37 |
|
bhosmer_ joined #salt |
| 18:39 |
|
s_kunk joined #salt |
| 18:39 |
|
[7hunderbird] joined #salt |
| 18:39 |
|
s_kunk joined #salt |
| 18:45 |
|
XenophonF joined #salt |
| 18:45 |
|
c10 joined #salt |
| 18:50 |
|
c10 joined #salt |
| 18:51 |
twork_ |
okay, following along at: http://docs.saltstack.com/en/latest/topics/tutorials/walkthrough.html#the-first-sls-formula |
| 18:51 |
twork_ |
i'm missing something basic. my brief tale of woe: |
| 18:51 |
twork_ |
https://gist.github.com/mjinks/a931e4ac4acfc3eb2a0c |
| 18:52 |
Ahrotahntee |
I am just beyond stupid here. What is the python equivalent of a cli call "salt '*' network.ip_addrs eth0" ? |
| 18:52 |
twork_ |
i thought that "- something" under 'base:' would refer to a state file rooted at the same directory. it looks that way in the example. |
| 18:53 |
twork_ |
but i guess not...? |
| 18:53 |
|
bitwise__ joined #salt |
| 18:54 |
Ahrotahntee |
twork_: how is file_roots defined on the master? |
| 18:55 |
Ahrotahntee |
twork_: I'm guessing /srv/file_root/ ? in which case you need motd.sls in there too. |
| 18:55 |
Ahrotahntee |
because that is where it is looking for your state file |
| 18:55 |
Ahrotahntee |
and if you're targeting a minion with state.sls and not highstate you don't even use top.sls in this exercise |
| 18:56 |
Ahrotahntee |
sneaky LocalClient HIDING IN THE CRISPS AGAIN |
| 18:56 |
twork_ |
Ahrotahntee: just tacked that to the end of my gist. link again: https://gist.github.com/mjinks/a931e4ac4acfc3eb2a0c |
| 18:56 |
Ahrotahntee |
twork_: yeah, so you've defined /srv/file_root as where base belongs |
| 18:56 |
Ahrotahntee |
twork_: that means you need your .sls files in there too |
| 18:57 |
Ahrotahntee |
twork_: salt:// sources pull from the same place as the states |
| 18:57 |
ntropy |
twork_: yup, you want your motd.sls in /srv/file_root |
| 18:57 |
dingo_ |
good morning folks |
| 18:57 |
dingo_ |
hows salt treatin y'all :) |
| 18:57 |
Ahrotahntee |
14:56:17 < Ahrotahntee> sneaky LocalClient HIDING IN THE CRISPS AGAIN |
| 18:57 |
Ahrotahntee |
^ sums up my day |
| 18:57 |
dingo_ |
hah ha ha |
| 18:58 |
twork_ |
hm... okay, i've run into this confusion before. |
| 18:58 |
Ahrotahntee |
twork_: here, let me show you my directory structure |
| 18:58 |
twork_ |
if .sls files go in the file tree, what's left to go in the main salt tree? |
| 18:58 |
|
murrdoc joined #salt |
| 18:58 |
Ahrotahntee |
twork_: https://gist.github.com/Ahrotahntee/cc9fa7dcdaf22943bf88 |
| 18:59 |
ntropy |
twork_: what is 'main salt tree'? |
| 18:59 |
iggy |
by default, file_roots is /srv/salt, if you change that setting, you need to change the other stuff too |
| 18:59 |
dingo_ |
anyone ever make graphics of salt requisite structure? I made some code and produced a series of graphviz charts if anybody is interested in seeing the output or the code |
| 18:59 |
Ahrotahntee |
twork_: as you can see file_roots is the main salt root |
| 18:59 |
Ahrotahntee |
s/root/tree/ |
| 19:00 |
Ahrotahntee |
I like the tree command |
| 19:00 |
Ahrotahntee |
I don't get to use it nearly often enough |
| 19:00 |
|
leszq joined #salt |
| 19:00 |
|
ageorgop joined #salt |
| 19:01 |
dingo_ |
output graphics: https://teamcity-master.pexpect.org/tmp/ code: https://gist.github.com/jquast/9cfe1b729daee843657a |
| 19:01 |
dingo_ |
please node the code is... draft weekend stuff, not really for consumption |
| 19:01 |
dingo_ |
note |
| 19:01 |
Ahrotahntee |
dingo_: neat |
| 19:01 |
twork_ |
okay, this has tripped me up before. i'm looking back now trying to find the specific spot where the docs confused me. i coulda sworn there was a distinct "structure layout" and "file system content" |
| 19:02 |
twork_ |
e.g. '/srv/salt' and '/srv/salt/file_roots' for instance |
| 19:03 |
twork_ |
that's why i took my file_roots out into their own tree under '/srv', because it didn't make sense to have them mixed. now i see i was wrong. |
| 19:03 |
ntropy |
twork_: there are only two paths you should be concerned with for the basic setup at least: file_roots and pillar_roots |
| 19:03 |
Ahrotahntee |
twork_: instinctively you want to split the sls files off from the templates you're using to populate the minions |
| 19:03 |
Ahrotahntee |
twork_: but that's not the case here |
| 19:03 |
Ahrotahntee |
twork_: the templates and the state files belong together |
| 19:03 |
twork_ |
thanks. |
| 19:03 |
Ahrotahntee |
twork_: I use a sub-folder 'files' for the templates |
| 19:05 |
|
scoates joined #salt |
| 19:05 |
twork_ |
incidentally Ahrotahntee, how did you generate that tree structure you posted? looks handy. |
| 19:05 |
* MTecknology |
whacks rhel in the nuts with a rusty anvil |
| 19:06 |
Ahrotahntee |
twork_: 'tree' (from the apt package 'tree') |
| 19:06 |
forrest |
twork_: Take a look at http://docs.saltstack.com/en/latest/topics/best_practices.html for some basic directory structure stuff. |
| 19:06 |
twork_ |
thanks. one more thing i've read at least three times, and then, time did pass... |
| 19:09 |
MTecknology |
I'm having a heck of a painful time trying to write an init script for ferm on centos that salt can properly use. :( |
| 19:14 |
|
gladiatr joined #salt |
| 19:15 |
Ahrotahntee |
zero-configuration tinc formula does not appear to be feasible |
| 19:15 |
Ahrotahntee |
at least not without creating some kind of weird psudo dhcp service |
| 19:16 |
Ahrotahntee |
pseudo* |
| 19:21 |
|
ajw0100 joined #salt |
| 19:22 |
|
husanu joined #salt |
| 19:28 |
|
leszq joined #salt |
| 19:29 |
|
venu0336 joined #salt |
| 19:29 |
|
dynamicudpate joined #salt |
| 19:30 |
|
aw110f joined #salt |
| 19:31 |
XenophonF |
will file.blockreplace create a file if it's missing, assuming prepend or append_if_not_found is set to true? |
| 19:31 |
XenophonF |
it isn't clear from the documentation |
| 19:32 |
|
scoates joined #salt |
| 19:33 |
|
desposo joined #salt |
| 19:36 |
XenophonF |
just read the source, and file.blockreplace will raise an error if the file isn't found |
| 19:37 |
dingo_ |
cool |
| 19:39 |
|
TodPunk joined #salt |
| 19:41 |
|
otter768 joined #salt |
| 19:42 |
|
baweaver joined #salt |
| 19:45 |
|
nate_c joined #salt |
| 19:46 |
|
meete0rite joined #salt |
| 19:46 |
|
leszq joined #salt |
| 19:47 |
meete0rite |
Hello, we are experiencing an issue where the only thing that seems to work is key acceptance on the master, and after that nothing happens. No logs in the master, no logs in the minion, nothing |
| 19:47 |
meete0rite |
Not sure what to look for or how to debug? |
| 19:51 |
|
Brew joined #salt |
| 19:52 |
twork_ |
okay... in the state tree, if there's a simple sls file, we'll use that. but for more complex stuff we move to 'foo/init.sls', and put other stuff in that same directory... right? no? |
| 19:52 |
Ahrotahntee |
twork_: tends to be how it goes |
| 19:52 |
Ahrotahntee |
for example I have tinc/install.sls, tinc/files/tinc.conf, etc |
| 19:52 |
Ahrotahntee |
and my paths reference salt://tinc/files/tinc.conf |
| 19:52 |
Ahrotahntee |
etc. |
| 19:53 |
twork_ |
ok, here's my latest swing at my basic file: https://gist.github.com/mjinks/a931e4ac4acfc3eb2a0c |
| 19:53 |
Ahrotahntee |
that way I can distribute my tinc formula as a .tar if I need to |
| 19:53 |
Ahrotahntee |
twork_: salt '*' state.sls motd.init |
| 19:53 |
twork_ |
...same error as before, salt says there's no sls found for ' - motd' |
| 19:53 |
Ahrotahntee |
twork_: you have named your file init.sls |
| 19:53 |
Ahrotahntee |
in motd |
| 19:54 |
|
tmclaugh[work] joined #salt |
| 19:54 |
Ahrotahntee |
seperated (by salt) with a . |
| 19:54 |
Ahrotahntee |
so motd/init.sls -> motd.init |
| 19:54 |
Ahrotahntee |
salt '*' state.sls motd.init |
| 19:54 |
Ahrotahntee |
dots are special with salt |
| 19:54 |
|
edrocks joined #salt |
| 19:54 |
Ahrotahntee |
also gists let you define more than one file (at the bottom) so you don't need to manually type out the seperators |
| 19:55 |
twork_ |
ah, o |
| 19:55 |
twork_ |
k |
| 19:56 |
twork_ |
so... i'm confused again. why the bit about putting an "init.sls" like a makefile of sorts? reading at: http://docs.saltstack.com/en/latest/topics/tutorials/states_pt1.html |
| 19:56 |
twork_ |
...about 3/4 down |
| 19:56 |
|
supersheep joined #salt |
| 19:56 |
Ahrotahntee |
huh |
| 19:56 |
Ahrotahntee |
interesting |
| 19:56 |
Ahrotahntee |
let me see if that works for me here |
| 19:57 |
Ahrotahntee |
yep that worked for me |
| 19:57 |
twork_ |
(sorry, being called away, back soon i hope, apologies) |
| 19:57 |
Ahrotahntee |
twork_: when you get back: did you restart salt-master after configuration changes? |
| 19:58 |
Ahrotahntee |
I also need to leave in a moment, my shift is us |
| 19:58 |
Ahrotahntee |
up* |
| 20:00 |
|
leszq joined #salt |
| 20:01 |
twork_ |
freudian slip? |
| 20:01 |
|
XenophonF left #salt |
| 20:02 |
twork_ |
back... and, aha. no, after i moved the path in salt/master i did not restart. gotten used to going all willy-nilly in the tree. |
| 20:02 |
twork_ |
...and, all worky-worky now. |
| 20:03 |
twork_ |
much thanks. |
| 20:04 |
|
ocdmw joined #salt |
| 20:05 |
iggy |
meete0rite: try cranking up the logging level on the master and using salt-call -l debug on the minion |
| 20:05 |
iggy |
meete0rite: what exactly do you mean nothing happens after key acceptance? What are you trying? What's the output? etc... |
| 20:06 |
|
leszq joined #salt |
| 20:12 |
ntropy |
Ahrotahntee: what is the .slsc file in the tinc state you pasted earlier? compiled state? |
| 20:12 |
meete0rite |
iggy: I enabled debugging and the salt master is literally outputting nothing when run using an init.d script. When I run it as salt-master -l debug I get a ton of output |
| 20:13 |
|
s_kunk_ joined #salt |
| 20:14 |
meete0rite |
Ah, now I see there is a log level for both the command line and file |
| 20:14 |
|
s_kunk joined #salt |
| 20:14 |
|
aparsons_ joined #salt |
| 20:18 |
|
losh joined #salt |
| 20:27 |
|
c10 joined #salt |
| 20:27 |
|
rocket joined #salt |
| 20:28 |
|
benegget_ joined #salt |
| 20:31 |
|
hal58th_ joined #salt |
| 20:36 |
|
baweaver joined #salt |
| 20:37 |
|
toofer joined #salt |
| 20:38 |
toofer |
anyone know what library Salt is using for colored output? |
| 20:41 |
toofer |
Ah, I think I just found it in the "textformat.py" file. Sorry to jump in and out like this. |
| 20:42 |
|
hal58th__ joined #salt |
| 20:43 |
|
sgargan joined #salt |
| 20:45 |
Ahrotahntee |
ntropy: it's a compiled state file |
| 20:45 |
Ahrotahntee |
ntropy: I write my sls files in python, at some point it compiles them |
| 20:47 |
|
nitenq joined #salt |
| 20:47 |
|
hal58th joined #salt |
| 20:48 |
|
ablemann joined #salt |
| 20:48 |
Ahrotahntee |
haven't quite figured that one out yet |
| 20:49 |
ntropy |
nice, i wrote my first state in python just last week |
| 20:50 |
ntropy |
i recommend doing that to anyone not too familiar with yaml |
| 20:50 |
Ahlee_ |
wait, what compiles down your python to yaml states? |
| 20:50 |
ntropy |
having to write dicts and lists and tuples directly means i now make fewer yaml formatting mistakes |
| 20:50 |
Ahrotahntee |
I hate yaml |
| 20:51 |
Ahrotahntee |
I also hate python, but I hate python less |
| 20:53 |
ahammond |
I see a 2015.5.2 tag in github. And 2015.5.2 packages in epel. Can someone please update the channel topic? |
| 20:53 |
ahammond |
basepi: ^ |
| 20:54 |
|
ekristen joined #salt |
| 20:57 |
murrdoc |
basepi: i figured out what i needed for local cmd … thanks for the assist |
| 21:00 |
|
Bryanstein joined #salt |
| 21:01 |
Ahrotahntee |
that's weird, minions are not returning from this state. maybe my timeout is too low |
| 21:02 |
|
cberndt joined #salt |
| 21:02 |
|
hal58th joined #salt |
| 21:06 |
|
leszq joined #salt |
| 21:07 |
|
moos3 joined #salt |
| 21:08 |
|
sgargan joined #salt |
| 21:08 |
Ahrotahntee |
yep that is fiercely timing out |
| 21:09 |
primechuck |
In salt, is there a concept or a way to have a disposible, or temporary minion without going through the entire key exchange? Like a group of minions that you don't trust but still want to manage for awhile? |
| 21:09 |
LtLefse_ |
Ahrotahntee: where do you see 2015.5.2 in epel? |
| 21:09 |
Ahrotahntee |
LtLefse_: did you mean to address that to ahammond? |
| 21:09 |
LtLefse_ |
oops, yes |
| 21:09 |
Ahrotahntee |
it's not a common letter combination |
| 21:10 |
LtLefse_ |
ahammond: I only see 2015.5.0 |
| 21:13 |
Ahrotahntee |
of fucking course it works once I'm in debugm ode |
| 21:13 |
Ahrotahntee |
mode* |
| 21:19 |
ahammond |
LtLefse you're right, I was looking at epel-testing. However the tag is out there on git, which to me means a heck of a lot more than packaging stuff |
| 21:20 |
ahammond |
primechuck consider using salt-ssh? |
| 21:21 |
dustywusty |
is it normal behavior to need to restart salt-minions after restarting salt-master? i'm noticing my reactor events are not firing after restarting my master until i roll each minion |
| 21:25 |
|
beneggett joined #salt |
| 21:28 |
|
leszq joined #salt |
| 21:33 |
|
gladiatr joined #salt |
| 21:36 |
ahammond |
or... not? https://github.com/saltstack/salt/releases strange to have a tag out there but not have it released. |
| 21:37 |
ahammond |
dustywusty you should not need to do this, however that's an interesting observation. take a look at https://github.com/saltstack/salt/issues/24198 |
| 21:37 |
|
edrocks_ joined #salt |
| 21:38 |
|
keimlink joined #salt |
| 21:39 |
primechuck |
That might work, was trying to think of salt for a cheap auto discovery for execution. Minion starts, points at a master, master says do some stuff, then minion goes away to come back as a real machine to manager. |
| 21:40 |
|
cliluw joined #salt |
| 21:41 |
|
giantlock joined #salt |
| 21:42 |
|
clintberry joined #salt |
| 21:42 |
|
otter768 joined #salt |
| 21:44 |
|
bfoxwell joined #salt |
| 21:44 |
|
hax404 joined #salt |
| 21:44 |
iggy |
primechuck: there's autosign |
| 21:45 |
iggy |
dustywusty: the reactor never fires? (i.e. how long between the master restart and the minion?) |
| 21:45 |
iggy |
ahammond: salt always has a bit of lag between when something is tagged and when something is announced... something about giving packagers time to update... but they never do |
| 21:46 |
|
perfectsine joined #salt |
| 21:48 |
|
Topic for #salt is now Welcome to #salt | 2015.5.2 is the latest | Please use https://gist.github.com for code, don't paste directly into the channel | Please be patient when asking questions as we are volunteers and may not have immediate answers | Channel logs are available at http://irclog.perlgeek.de/salt/ |
| 21:48 |
basepi |
thanks ahammond, forgot this time. =) |
| 21:50 |
iggy |
basepi: you could just " bit.ly/something is the latest " |
| 21:50 |
basepi |
Valid. Still have to remember to update that, though. ;) |
| 21:51 |
forrest |
basepi: Have you guys considered using if this then that? |
| 21:51 |
iggy |
or a checklist of what to do on a release |
| 21:51 |
* iggy |
runs |
| 21:55 |
|
penguinpowernz joined #salt |
| 21:56 |
murrdoc |
hahah |
| 21:56 |
|
qybl joined #salt |
| 21:57 |
dustywusty |
iggy: it seems like after restarting my master .. my reactor event will never fire on a minion until i restart that minion, after any amount of time |
| 21:57 |
dustywusty |
iggy: on the master I'll see a lot of "Failed to authenticate message" |
| 21:57 |
iggy |
dustywusty: what version of salt? |
| 21:58 |
|
borgstrom joined #salt |
| 21:59 |
dustywusty |
iggy: Salt: 2015.5.0 |
| 22:00 |
iggy |
do you have the ability to upgrade to the latest? |
| 22:00 |
iggy |
raet might help too |
| 22:01 |
iggy |
you're probably seeing a bug, I just don't know if it's fixed already or how widespread it is |
| 22:01 |
dustywusty |
iggy: i could give that a shot |
| 22:02 |
Gareth |
forrest: they would use that FABULOUS new ifttt salt module :) |
| 22:03 |
Gareth |
s/would/could/ |
| 22:05 |
murrdoc |
what is the if titty module ? |
| 22:06 |
|
trevorj joined #salt |
| 22:06 |
|
alexhayes joined #salt |
| 22:06 |
murrdoc |
salt needs a PR guy |
| 22:06 |
murrdoc |
some one to hype up the awesome new shit they keep writing |
| 22:08 |
|
Alan_S_ joined #salt |
| 22:08 |
forrest |
Gareth: Hah |
| 22:08 |
Gareth |
murrdoc: I added one to the develop branch last week. there is a PR with a state module waiting on a merge. |
| 22:09 |
murrdoc |
where is the blog linked from a tweet, posted on <cool site where people post cool shit for discussion> man |
| 22:10 |
Gareth |
murrdoc: Poke someone at SaltStack about having a Salt Planet blog :) |
| 22:11 |
|
leszq joined #salt |
| 22:11 |
* Gareth |
subtly gestures at basepi |
| 22:12 |
murrdoc |
basepi: Gareth says you are awesome and blogging |
| 22:12 |
murrdoc |
and twittering |
| 22:12 |
murrdoc |
and hacker newsing |
| 22:15 |
|
napsterX joined #salt |
| 22:16 |
|
Rockj\ joined #salt |
| 22:17 |
|
trevorjay joined #salt |
| 22:19 |
|
dh___ joined #salt |
| 22:24 |
basepi |
iggy: hehehe, I'm way too cool for checklists. I like to keep things chaotic |
| 22:24 |
|
cberndt joined #salt |
| 22:25 |
basepi |
forrest: someday maybe I'll have time to play with that. xD |
| 22:25 |
basepi |
It's one of those classic xkcd "how much time will this take to automate vs how much time it takes now" |
| 22:25 |
basepi |
And it just doesnt' take much time now |
| 22:26 |
basepi |
(Assuming I remember) |
| 22:26 |
|
leszq joined #salt |
| 22:26 |
iggy |
reproducability |
| 22:26 |
forrest |
basepi: Fair enough |
| 22:26 |
forrest |
he's trolling you iggy... |
| 22:26 |
basepi |
iggy: that is a factor, for sure. eventually we want most of it to be automatic |
| 22:26 |
forrest |
COME ON MAN |
| 22:27 |
|
c10 joined #salt |
| 22:31 |
|
monkey66 joined #salt |
| 22:35 |
|
baweaver joined #salt |
| 22:39 |
|
husanu joined #salt |
| 22:42 |
|
cruatta joined #salt |
| 22:43 |
|
cruatta_ joined #salt |
| 22:44 |
Slimmons |
I have a master, that also is a minion. I tried removing the key, and adding it back (for testing on some problems), and now it won't show up on salt-key -L anymore when I restart the minion. Am I missing a step? |
| 22:46 |
Slimmons |
salt-key -d minion -> /etc/init.d/salt-minion restart -> salt-key -L |
| 22:46 |
Heartsbane |
I hate docker... that is all |
| 22:46 |
Slimmons |
also tried to completely remove salt-minion, and reinstall it, and no luck getting it to send a key again |
| 22:47 |
Ahrotahntee |
man, this script is taking way too long to execute |
| 22:47 |
Ahrotahntee |
Duration: 26636.211 ms |
| 22:47 |
Ahrotahntee |
aha it's an out of memory error |
| 22:47 |
|
leszq joined #salt |
| 22:47 |
iggy |
Slimmons: make sure the minion isn't listed elsewhere in /salt/pki |
| 22:48 |
iggy |
i.e. /etc/salt/pki/master/minions_{denied,rejected} |
| 22:48 |
|
baweaver joined #salt |
| 22:49 |
Ahrotahntee |
how am I loading more than 512MB of pillar data? |
| 22:49 |
Ahrotahntee |
that doesn't make any sense |
| 22:49 |
|
scoates joined #salt |
| 22:50 |
iggy |
recursive include/lookup/etc |
| 22:50 |
iggy |
? |
| 22:51 |
|
GabLeRoux joined #salt |
| 22:51 |
Ahrotahntee |
hmm |
| 22:51 |
|
hal58th_ joined #salt |
| 22:51 |
|
hal58th_1 joined #salt |
| 22:51 |
Ahrotahntee |
I can't even tell which line is blocking/pushing it out of memory |
| 22:52 |
Ahrotahntee |
wait a minute, it looks like the salt-minion is consuming the memory |
| 22:52 |
iggy |
git bisect |
| 22:52 |
Ahrotahntee |
Kill 4725 (salt-minion) or sacrifice child |
| 22:53 |
iggy |
yeah, salt-minion reads pillars |
| 22:53 |
Ahrotahntee |
so it takes the child (my python script) |
| 22:54 |
|
leszq joined #salt |
| 22:54 |
forrest |
Heartsbane: Juse use LXC instead |
| 22:54 |
forrest |
Heartsbane: It's like docker, but pretty stable and easily manageable. Not as flashy though |
| 22:54 |
Heartsbane |
forrest: ya I know, but the Software Architect doesn't see it my way |
| 22:55 |
iggy |
or abstract away all vestages of docker (i.e. kubernetes+openshift) |
| 22:55 |
forrest |
Heartsbane: Well, show him a demo of LXC using salt that does what docker does |
| 22:55 |
forrest |
Heartsbane: All you get with docker is pre-built images, which you can do with lxc anyways. |
| 22:55 |
|
darkhuy joined #salt |
| 22:55 |
|
spookah joined #salt |
| 22:56 |
iggy |
rocket! |
| 22:56 |
Heartsbane |
forrest: working on it... Docker just gave me a case of the Mondays |
| 22:58 |
darkhuy |
Hey guys, I'm trying to run a saltstate via salt.client.ssh.client.SSHClient().cmd but i'm running into some errors when copying files to the target machines |
| 22:58 |
darkhuy |
https://gist.github.com/anonymous/1e9b636cefb435b6f0a4 |
| 22:58 |
darkhuy |
it works fine when I run it via CLI with salt-ssh '*' state.sls fio |
| 22:59 |
darkhuy |
but that same command with SSHClient().cmd throws up errors that it can't find it |
| 23:02 |
Ahrotahntee |
OK so apparently fetching all the grains for all the minions at once is pushing it out of memory |
| 23:03 |
honestly |
Ahrotahntee detected |
| 23:03 |
Ahrotahntee |
hello honestly |
| 23:03 |
Ahrotahntee |
how are you |
| 23:03 |
honestly |
o/ |
| 23:03 |
|
synical joined #salt |
| 23:03 |
|
synical joined #salt |
| 23:07 |
|
mosen joined #salt |
| 23:10 |
|
keimlink_ joined #salt |
| 23:11 |
murrdoc |
its been a good day honestly |
| 23:11 |
murrdoc |
if i might say so myself |
| 23:13 |
darkhuy |
hmm also, if i look in /var/cache/salt/files ...the files are all there, but it still says it can't find it and doesn't copy it to the target system....any ideas? |
| 23:15 |
Ahrotahntee |
can someone look over the syntax of https://gist.github.com/Ahrotahntee/f4a007644c12666581a6 (salt mine); the two function aliases I create (tinc.private_ip, tinc.public_key) don't return anything. |
| 23:15 |
Ahrotahntee |
and I'm getting "function is not available" on the salt-minion in debug mode |
| 23:15 |
Ahrotahntee |
[ERROR ] Function tinc.private_ip in mine_functions not available |
| 23:16 |
|
napsterX joined #salt |
| 23:16 |
iggy |
Ahrotahntee: what version of salt? |
| 23:17 |
Ahrotahntee |
salt 2015.5.0 (Lithium) |
| 23:19 |
Ahrotahntee |
I also can't get the example in the docs to work |
| 23:19 |
iggy |
mine_functions |
| 23:19 |
Ahrotahntee |
oh wait that one worked |
| 23:20 |
iggy |
s on the end in private_ip |
| 23:20 |
Ahrotahntee |
son of a |
| 23:20 |
Ahrotahntee |
thank you iggy |
| 23:20 |
iggy |
hate those ;) |
| 23:20 |
Ahrotahntee |
yep, now fully working |
| 23:21 |
Ahrotahntee |
this is one of the reasons I want laser eye surgery |
| 23:28 |
|
c10 joined #salt |
| 23:31 |
|
jamesog joined #salt |
| 23:33 |
|
subsignal joined #salt |
| 23:33 |
|
gladiatr joined #salt |
| 23:41 |
|
baweaver joined #salt |
| 23:43 |
|
otter768 joined #salt |
| 23:45 |
|
dendazen joined #salt |
| 23:49 |
murrdoc |
basepi: whoever is responsibe for docs, http://docs.saltstack.com/en/2014.7/ref/states/all/salt.states.file.html has lost its anchor links |
| 23:49 |
murrdoc |
so i cant link to a function like file.managed |
| 23:49 |
murrdoc |
never mind |
| 23:49 |
murrdoc |
pebkac |
| 23:50 |
Ahrotahntee |
I love salt cloud so much |
| 23:56 |
|
husanu joined #salt |
| 23:58 |
ahammond |
I'd like to write a state that detects if a user is present but should not be, and rather than calling user.absent, it removes ssh authorized_keys and locks their password. What is the salty way to detect if a user is present? |
