Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2015-12-04

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:01 foundatron Has anyone used AWS codecommit repos as git pillar before?
00:01 foundatron I've ben banging my head trying to get them to work
00:04 ziro` joined #salt
00:04 murrdoc joined #salt
00:04 otter768 joined #salt
00:12 ziro` joined #salt
00:16 jaybocc2 joined #salt
00:19 otter768 joined #salt
00:20 zmalone joined #salt
00:21 hightekvagabond joined #salt
00:24 sgargan joined #salt
00:28 wiqd joined #salt
00:28 wiqd joined #salt
00:29 ernetas Hey guys.
00:29 ernetas Is it possible to have a for loop inside jinja template?
00:29 ernetas And for xx in pillar[]?
00:31 whytewolf ernetas: yes.
00:32 pbx_ joined #salt
00:32 whytewolf ernetas: en example i pull from my own configs {% for database in salt.pillar.get('databases') %}
00:32 burp joined #salt
00:32 brianfeister joined #salt
00:33 protoz joined #salt
00:34 brianfei_ joined #salt
00:35 SheetiS joined #salt
00:36 Ryan_Lane forrest: had you seen this? https://pypi.python.org/pypi/flyingcloud/0.1
00:36 cmclaughlin joined #salt
00:37 forrest No but that seems cool
00:37 forrest Could definitely use some more docs though, damn
00:38 baweaver joined #salt
00:40 cmclaughlin Is it possible to lookup gpg encrypted values from pillar in a template?  I tried specifying “template: jinja | gpg” on my file.managed resource, but that didn’t work…  I haven’t found any docs that suggests the right way to do it.
00:41 cmclaughlin I suppose I could use contents_pillar, but I’d rather not store the entire file in pillar
00:42 Ryan_Lane forrest: yeah :(
00:42 Ryan_Lane I had to look through the code
00:42 Ryan_Lane it's interesting, but not fully what I want
00:43 Ryan_Lane I really want a docker plugin that volume mounts in salt and all its dependencies (including python) into some pretty random location in the filesystem, then does a series of run/commit to generate images with layers
00:43 baweaver joined #salt
00:44 forrest heh
00:44 Ryan_Lane even better would be a custom state that when rendered would be a "do a commit now" state, so that you can do something like a state.show_highstate, iterate over the returned data, split into chunks, separated by the custom states
00:44 colegatron joined #salt
00:44 Ryan_Lane then run those chunks, with commits occurring between them
00:45 forrest Just spend your free time writing it again ;)
00:45 Ryan_Lane who says it would be my free time :)
00:45 oeuftete joined #salt
00:45 Ryan_Lane it's possible we'll just write something like this
00:47 tpaul joined #salt
00:48 ssplatt joined #salt
00:48 drawsmcgraw Couldn't you have a Dockerfile that bootstraps a standalone minion, runs your states, then removes said minion?
00:48 drawsmcgraw Or am I simplifying things too much?
00:49 drawsmcgraw Granted, the salt run would be only one layer. Maybe I just don't care enough about layers though :/
00:49 TreborTech why would you want multiple layers? wouldn't a single layer be best
00:50 drawsmcgraw Docker builds would not necessarily be quick. Can't make use of the cache.
00:50 drawsmcgraw But again, that might not be an issue.
00:51 Ryan_Lane you don't want salt or its dependencies in the image
00:51 Ryan_Lane which is why you'd do the docker extension with volume mounting
00:52 drawsmcgraw That'd be the last few lines in the Dockerfile - removing Salt.
00:52 drawsmcgraw But that *is* a bit kludgy
00:52 Ryan_Lane The layers allow you to skip actions
00:52 TreborTech And what's wrong with having salt in the image?
00:52 Ryan_Lane drawsmcgraw: every line in a docker file is a layer
00:52 Ryan_Lane so removing salt doesn't make the image smaller if you do it at the end
00:52 Ryan_Lane unless you flatten the image
00:52 drawsmcgraw OOhhhhhhh, good point.
00:52 Ryan_Lane TreborTech: salt + python + all its dependencies are huge
00:52 __number5__ trying salt 2015.8 on osx, instantly failed with 'module' object has no attribute 'SPM_FORMULA_PATH'... (facepalm)
00:52 Ryan_Lane hundreds of MB
00:53 drawsmcgraw So it works, but it's clumsy. And results in way too big of an image.
00:53 drawsmcgraw I see now.
00:53 Ryan_Lane and if you aren't going to use it in the container when you run it, why include that stuff?
00:53 TreborTech what's a few hundred MB ? :)
00:53 * drawsmcgraw just died a little on the inside
00:53 Ryan_Lane when you're downloading stuff to hundreds of nodes? a lot :)
00:54 Ryan_Lane or when you're on a dev machine and you're downloading a bunch of images to run a service that depends on a bunch of other services?
00:54 Ryan_Lane could be many GBs in total
00:54 drawsmcgraw I'm with Ryan_Lane on this one. I hadn't fully thought out how layers work. Even removing Salt at the end, you still have salt in the intermediary layers.
00:54 oeuftete joined #salt
00:55 TreborTech I don't think it will be in the layer if you install minion, state.highstate, remove salt, save image
00:55 cmclaughlin I think I found my answer… lookup the variable in the sls file and pass it to the template with defaults :)
00:55 TreborTech If you are using dockerfile yes
00:55 TreborTech I have a way without dockerfile
00:56 RandyT joined #salt
00:58 hightekvagabond joined #salt
01:00 TreborTech I have a demo setup where I have a base ubuntu image and start the container. The entrypoint is a script I have on the local dockerhost. In this script I download the bootstrap script and install the version of salt set in my env var. The system is setup to be a masterless minion. once minion installed execute state.highstate. ID of minion is really the role I want installed. Once complete the script uninstalls the minion and
01:00 TreborTech shutsdown container. I build an image at that point.
01:01 shaggy_surfer joined #salt
01:04 Ryan_Lane TreborTech: yeah, that does work, but how are you installing all the dependencies? are you also removing them?
01:04 ssplatt joined #salt
01:04 Ryan_Lane what I want is a 1:1 replacement of dockerfiles, with layers, though :)
01:04 TreborTech Why do you want layers? Do you have a use case?
01:04 TreborTech I wanted to move away from layers
01:05 TreborTech Dockerfile is a step back in my opinion
01:05 Ryan_Lane the layers are useful if you're doing local dev
01:05 TreborTech why go back to using bash script to install your packages
01:05 Ryan_Lane they're also useful if you have a common base image that everything is based on
01:05 Ryan_Lane TreborTech: hence the want to use sls
01:06 spuder_ joined #salt
01:06 TreborTech Let me noodle that a bit
01:06 Ryan_Lane rather than a docker file, you'd have a sequentially ordered sls file, with commit statements where you want to generate layers
01:06 Ryan_Lane don't want layers? never call commit
01:06 TreborTech I'm working on putting a video together this weekend of my demo. Maybe during that I can build layers
01:07 __number5__ FYI salt 2015.8.3 is broken on OSX
01:07 Ryan_Lane one of the reasons for using layers is to avoid re-running portions of the dockerfile, if some things didn't change
01:08 Ryan_Lane saves times on re-builds
01:09 Ryan_Lane this is also a reason why you'd want to avoid installing and uninstalling salt.
01:09 TreborTech I see what you're saying
01:09 TreborTech why? time?
01:10 TreborTech hmm
01:10 Ryan_Lane yeah. takes a long time to install salt
01:10 Ryan_Lane especially if you do it like I do (in a venv, from git)
01:13 TreborTech The method I came up with was based on my need to install different versions of salt to test and demo. My method allows you to specify the version of salt evertime you build. I have the time to spend waiting for this.
01:13 TreborTech I do see what you are looking at
01:13 TreborTech I'm going to have to look again at my setup and see if I can't build that into it.
01:14 TreborTech Your method might also allow for a minion to run in a container and be managed by a saltmaster. could be a good case for beacon inside container
01:14 TreborTech Oh wait... You run masterless
01:15 TreborTech No beacon magic for you
01:16 RobertChen117 joined #salt
01:18 malinoff joined #salt
01:24 amcorreia joined #salt
01:27 aidalgol joined #salt
01:41 adongy joined #salt
01:41 colegatron joined #salt
01:46 akhter joined #salt
01:59 RobertChen117 joined #salt
02:07 RobertChen117 joined #salt
02:11 oida joined #salt
02:15 subsignal joined #salt
02:22 ageorgop joined #salt
02:26 ssplatt joined #salt
02:27 drawsmcgraw joined #salt
02:28 drawsmcgraw Question about repo.saltstack.com (for RHEL)
02:28 drawsmcgraw As new versions are released, will I still be able to install older versions out of that repo?
02:28 drawsmcgraw i.e., if I wanted to stay on 2015.8.3 for some period of time...
02:32 PeterO joined #salt
02:35 spuder joined #salt
02:37 hightekvagabond1 joined #salt
02:47 krabador joined #salt
02:48 evle joined #salt
02:50 racooper joined #salt
02:51 baweaver joined #salt
02:53 otter768 joined #salt
02:59 TyrfingMjolnir joined #salt
03:06 indrgun joined #salt
03:07 writtenoff joined #salt
03:09 brianfeister joined #salt
03:11 indrgun joined #salt
03:12 clintberry joined #salt
03:13 mapu joined #salt
03:18 krabador https://www.youtube.com/watch?v=CdPn1mCmqoE
03:18 akhter joined #salt
03:18 RobertChen117 joined #salt
03:21 XenophonF man i'm really unhappy with the quality of the postgresql states
03:21 XenophonF i'm giving serious thought to extending them
03:24 cyborg-one joined #salt
03:25 viq joined #salt
03:29 akhter joined #salt
03:31 XenophonF get this - postgres_user.present and postgres_group.present fail if the user or group already exists :(
03:42 spuder joined #salt
03:43 XenophonF left #salt
03:44 RobertChen117 joined #salt
03:46 silicon_id joined #salt
03:47 drawsmcgraw left #salt
03:55 favadi joined #salt
04:09 zmalone joined #salt
04:14 hightekvagabond joined #salt
04:20 scoates joined #salt
04:23 scoates joined #salt
04:25 TyrfingMjolnir joined #salt
04:25 nledez joined #salt
04:25 nledez joined #salt
04:25 ramteid joined #salt
04:28 jY joined #salt
04:28 rdas joined #salt
04:32 PeterO What does "Recursive requisite found" mean?
04:34 larsfronius joined #salt
04:39 hightekvagabond joined #salt
04:43 brianfeister joined #salt
04:43 zmalone joined #salt
04:47 cmclaughlin joined #salt
04:48 jasonrm joined #salt
04:49 nkuttler joined #salt
04:51 SubOracle joined #salt
04:54 otter768 joined #salt
04:55 RobertChen117 joined #salt
04:57 zmalone joined #salt
05:03 hasues joined #salt
05:05 cmclaughlin joined #salt
05:07 CaptainMagnus joined #salt
05:08 hasues left #salt
05:08 Diaoul joined #salt
05:10 CaptainMagnus joined #salt
05:10 spuder joined #salt
05:13 aqua^c joined #salt
05:17 jaybocc2 joined #salt
05:27 colegatron joined #salt
05:33 bhosmer joined #salt
05:34 jaybocc2_ joined #salt
05:37 kshlm joined #salt
05:38 beardedeagle joined #salt
05:38 beardedeagle ugh, finally got my puppet module written to install salt-*, and 2015.8.3 releases. fml.
05:41 baweaver joined #salt
05:41 Drachemann joined #salt
05:43 malinoff joined #salt
05:43 mkjgore1 joined #salt
05:44 Drachemann Hey all! How goes it? Got a quick question regarding nssm and SaltStack. Anyone using Salt to manage nssm services?
05:44 Drachemann Done a bit of searching around but haven't found much.. Was thinking of just using cmd.run etc..
05:44 malinoff_ joined #salt
05:46 fxhp joined #salt
05:46 zmalone joined #salt
05:48 aqua^c joined #salt
05:49 ageorgop joined #salt
05:56 malinoff_ joined #salt
05:56 hightekvagabond joined #salt
05:57 CaptainMagnus joined #salt
05:58 colegatron joined #salt
06:00 Drachemann All good, figured it out. Pretty straightforward. Cheers!
06:03 felskrone joined #salt
06:04 favadi joined #salt
06:11 akhter joined #salt
06:12 CaptainMagnus joined #salt
06:17 peters-tx joined #salt
06:17 catpig joined #salt
06:20 jeffspeff joined #salt
06:22 oida joined #salt
06:23 brianfeister joined #salt
06:36 linjan joined #salt
06:43 impi joined #salt
06:44 RobertChen117 joined #salt
06:49 indrgun joined #salt
06:53 linjan joined #salt
06:55 otter768 joined #salt
07:12 AndreasLutro joined #salt
07:17 oida joined #salt
07:24 multiscan joined #salt
07:27 AndreasLutro joined #salt
07:27 DanyC joined #salt
07:29 aqua^c joined #salt
07:30 anmolb joined #salt
07:34 bhosmer_ joined #salt
07:41 KermitTheFragger joined #salt
07:48 krymzon joined #salt
07:49 jaybocc2 joined #salt
07:50 DanyC Morning/ afternoon all..Can someone explain in more detail the flow of having the _states & _extensions in a salt master <> minion deployment? I get about the _grains - it gets deployed to minions and then used it as any other grains
07:51 favadi joined #salt
07:52 cberndt joined #salt
07:52 AndreasLutro DanyC: the flow is pretty much the same
07:53 DanyC AndreasLutro: excellent then ;) thx
07:57 InAnimaTe joined #salt
07:57 denys joined #salt
08:01 InAnimaTe joined #salt
08:04 AndreasLutro joined #salt
08:05 larsfronius joined #salt
08:08 larsfron_ joined #salt
08:11 indrgun joined #salt
08:16 elsmo joined #salt
08:25 zerthimon joined #salt
08:27 hojgaard joined #salt
08:27 stevej99 joined #salt
08:29 InAnimaTe joined #salt
08:30 Bryson joined #salt
08:33 bfoxwell joined #salt
08:38 jaybocc2 joined #salt
08:39 RobertChen117 joined #salt
08:41 GreatSnoopy joined #salt
08:44 slav0nic joined #salt
08:56 otter768 joined #salt
08:56 rotbeard joined #salt
09:02 mr-op5 joined #salt
09:03 jhauser joined #salt
09:03 brianfeister joined #salt
09:03 larsfronius joined #salt
09:07 baweaver joined #salt
09:11 Guest47941 joined #salt
09:11 losh joined #salt
09:12 chiui joined #salt
09:15 eseyman joined #salt
09:17 anubhaskar joined #salt
09:20 s_kunk joined #salt
09:22 thalleralexander joined #salt
09:23 eseyman joined #salt
09:27 devops joined #salt
09:27 devops hi
09:27 devops I am trying to use salt-formula "Eg: redis-formula"
09:28 keimlink joined #salt
09:29 devops I have configured master file to user gitfs and git url. But while calling salt-call I am getting the message "No matching sls found for 'redis' in env 'base'"
09:30 SheetiS joined #salt
09:30 devops could anyone please guide on to use salt-formula
09:33 multiscan joined #salt
09:34 bhosmer joined #salt
09:36 devops joined #salt
09:42 devops this is my master file
09:42 devops https://gist.github.com/shahid/fa1b65664ef3d32405f9
09:42 ziro` joined #salt
09:42 markm joined #salt
09:44 DanyC joined #salt
09:44 LondonAppDev joined #salt
09:45 devops Getting empty output while running this command "sudo salt-run fileserver.file_list backend=git"
09:46 DanyC joined #salt
09:49 DanyC joined #salt
09:52 InAnimaTe joined #salt
09:55 roock is there a similar function in salt to puppet's fqdn_rand function?
10:01 Andre-B joined #salt
10:08 dyasny joined #salt
10:09 mattiasr joined #salt
10:13 colegatron joined #salt
10:37 kbaikov joined #salt
10:39 InAnimaTe joined #salt
10:40 s_kunk joined #salt
10:40 s_kunk joined #salt
10:43 permalac joined #salt
10:45 bensons left #salt
10:46 rotbeard joined #salt
10:49 jaybocc2 joined #salt
10:51 seanie Are highstate statuses stored anywhere ?
10:51 CeBe joined #salt
10:52 Kelsar joined #salt
10:52 brianfeister joined #salt
10:53 malinoff joined #salt
10:55 RobertChen117 joined #salt
10:57 otter768 joined #salt
10:58 AndreasLutro joined #salt
10:59 ponpanderer joined #salt
11:01 bosyak_ joined #salt
11:02 bosyak_ Hi all. If I want configure my own box should I install salt-master and salt-ssh only?
11:03 fredvd joined #salt
11:05 jaybocc2 joined #salt
11:08 indrgun joined #salt
11:15 brianfeister joined #salt
11:17 AndreasLutro bosyak_: you don't need salt-master for that
11:17 bosyak_ AndreasLutro: only salt-minion?
11:18 AndreasLutro salt-ssh if you want to provision over ssh
11:18 AndreasLutro if you want to provision locally, salt-call
11:21 InAnimaTe joined #salt
11:23 baweaver joined #salt
11:26 bosyak_ AndreasLutro: salt-call is it package name?
11:29 giantlock joined #salt
11:31 favadi joined #salt
11:34 eliasp joined #salt
11:35 fredvd joined #salt
11:38 baweaver joined #salt
11:40 eliasp can anyone shed some light on the repo.saltstack.com situation? why are there only Ubuntu 12.04/14.04 packages, but none for any later releases? no intention to support them/only LTS releases? is there a bottleneck to get the builds for those distributions done?
11:45 shiriru joined #salt
11:47 Micromus joined #salt
11:48 zot joined #salt
11:49 cberndt joined #salt
11:59 InAnimaTe joined #salt
12:00 Grokzen joined #salt
12:02 LondonAppDev joined #salt
12:03 markm_ joined #salt
12:05 multiscan joined #salt
12:06 blueMerlin_ joined #salt
12:06 markm joined #salt
12:08 markm__ joined #salt
12:09 blueMerlin_ hi all, i have a problem with a pillar call
12:10 blueMerlin_ i want to set a jinja variable from command line with {% set clients = salt['pillar.get']('testTask', 't-0438') %}
12:10 blueMerlin_ and then call this variable in a for loop via {% for client in salt['pillar.get'](clients) -%}
12:11 blueMerlin_ now i get following error: Rendering exception occurred :Jinja error: 'list' object has no attribute 'split'
12:11 blueMerlin_ Is this possible to do?
12:13 multiscan joined #salt
12:14 Joren_ joined #salt
12:15 nexsja joined #salt
12:16 zerthimon joined #salt
12:16 Joren_ anyone have a solution for using parentheses in file states?
12:17 Joren_ i want to make changes to a file which has parentheses in it and Salt doesnt play nicely with them
12:20 Rkp depending on what it is you may or may not be able to get away with it with {% raw %}, not using the jinja templating mode or uh maybe escaping them {{ '{{' }} (see http://jinja.pocoo.org/docs/dev/templates/ )
12:20 zot joined #salt
12:22 DanyC_ joined #salt
12:23 chiui joined #salt
12:25 Joren_ ah, going to try the raw block
12:25 Joren_ thx
12:36 mnaser joined #salt
12:36 EvaSDK joined #salt
12:36 EvaSDK joined #salt
12:39 sgargan joined #salt
12:40 amcorreia joined #salt
12:57 keimlink joined #salt
12:58 otter768 joined #salt
13:00 Guest47941 joined #salt
13:04 brianfeister joined #salt
13:08 Rebus joined #salt
13:09 indrgun joined #salt
13:09 akhter joined #salt
13:12 morissette joined #salt
13:14 _JZ_ joined #salt
13:16 jaybocc2 joined #salt
13:19 ssplatt joined #salt
13:22 InAnimaTe joined #salt
13:37 DanyC joined #salt
13:37 zot joined #salt
13:45 subsignal joined #salt
13:49 AlberTUX joined #salt
13:51 JDiPierro joined #salt
13:55 crazyphil joined #salt
13:56 fernandoacorreia joined #salt
13:56 oravirt joined #salt
13:57 fernandoacorreia hi! is there a way to know if a formula failed in any minion? I'm running "salt '*' state.highstate" in a script and I'd like to have this script exit with an error code in case of failure
13:58 dyasny joined #salt
14:04 edrocks joined #salt
14:04 InAnimaTe joined #salt
14:05 hillna joined #salt
14:09 bhosmer joined #salt
14:13 cpowell joined #salt
14:13 dendazen joined #salt
14:15 mapu joined #salt
14:17 multiscan joined #salt
14:17 mpanetta joined #salt
14:18 sfxandy joined #salt
14:18 sfxandy hi all, i have a question that I've kind of stumbled across .....
14:18 sfxandy what is the difference between pillar.get('foo') and salt['pillar.get']('foo')
14:19 sfxandy i ask because one works and the other does not
14:19 sfxandy in my configuration
14:19 winsalt joined #salt
14:20 viq joined #salt
14:23 babilen sfxandy: pillar.get(..) uses Python's .get() method while salt['pillar.get']() uses the pillar.get salt execution module. It shouldn't make a difference for 'foo' as key though, as the difference is only important if you lookup nested values (i.e. foo:bar:baz)
14:23 sfxandy ah
14:23 sfxandy babilen!!!!!!!!!
14:23 ssplatt reason #1 why i love salt. every release breaks the bootstrap of the release before because they change teh frickin repo urls
14:23 sfxandy the latter part of your response hit the nail on the head
14:23 sfxandy i am indeed using nested values
14:23 sfxandy and the pillar.get() fails
14:24 sfxandy but the salt ['pillar.get()'] works
14:24 babilen sfxandy: You want salt['pillar.get'](...) in that case
14:24 * sfxandy nods and respects babilen's Salt guru-ness
14:26 jeffspeff I have a couple minions that keep returning with "The function "state.highstate" is running as PID 1744 and was started at 2015, Dec 03 08:04:44.422760 with jid 20151203080444422760" they won't run highsate if you reboot them and trying to manually run highstate or any state results in that error. i've tried rebooting the minions and rebooting the master. any suggestions?
14:28 Guest47941 joined #salt
14:28 thalleralexander joined #salt
14:28 bosyak joined #salt
14:31 dkrae joined #salt
14:32 catpig joined #salt
14:33 quasiben joined #salt
14:35 StolenToast I was literally just about to ask about that, though rebooting the minion always solves it
14:35 StolenToast (for me)
14:35 StolenToast Of course this is annoying that I have to use a third-party tool to revive the minions, so I'm interested in a better solution too
14:36 StolenToast I thought about a dumb keepalive script but I couldn't guarantee that the script won't restart the minion in the middle of a particularly long highstate
14:37 winsalt kill the python process at pid 1744?
14:37 protoz joined #salt
14:38 Ahlee jeffspeff: saltutil.running - is there a job return?
14:38 Ahlee sthen saltutil.kill_job <jid>
14:38 fredvd joined #salt
14:39 Ahlee sounds like you hve a long running state, though i've not seen them cross reboots before. Do you have a reactor set up to run highstate on minion connect?
14:39 Tanta joined #salt
14:41 akhter joined #salt
14:45 perfectsine joined #salt
14:46 zigurat joined #salt
14:47 morsik joined #salt
14:47 favadi joined #salt
14:48 spaceSub CommandExecutionError: sysctl net.bridge.bridge-nf-call-iptables does not exist
14:48 spaceSub Has anybody seen this error before, when using virt with salt.
14:49 spaceSub I'm on a fedora 23.
14:49 zigurat Hi. Is this channel related to SaltStack
14:49 spaceSub And I'm not even sure what net.bridge.bridge-nf-call-iptables is..
14:51 Joren__ joined #salt
14:51 Barbarossa This sysctl controls wether packets transfered over a linux brigge should show up in the FORWARD chain of iptables for IPv4
14:51 cyteen joined #salt
14:52 zmalone joined #salt
14:52 numkem joined #salt
14:53 spaceSub Oh, that makes sense. Where does it get created though, since I don't seem to have it.
14:54 cyteen_ joined #salt
14:55 babilen jeffspeff: job.kill
14:55 baweaver joined #salt
14:55 Barbarossa spaceSub: The sysctls pop up after the netfilter modules are loaded I think
14:56 spaceSub Barbarossa: Okay, thanks. I'll try to find it. Netfilter is loaded though.
14:56 Barbarossa I'm not quite sure which module is responsible for that
14:56 Barbarossa can be bridging, too
14:57 thalleralexander joined #salt
14:57 cyteen_ joined #salt
14:58 Barbarossa spaceSub: I just checked, the sysctls pop up right after the bridging module is loaded
14:59 otter768 joined #salt
14:59 cyteen joined #salt
14:59 spaceSub Okay, I'll check there then. Thanks again!
14:59 pfhorge joined #salt
15:01 amcorreia joined #salt
15:02 zot joined #salt
15:03 hasues joined #salt
15:04 hasues left #salt
15:07 andrew_v joined #salt
15:10 bhosmer joined #salt
15:10 mr-op5 joined #salt
15:11 perfectsine joined #salt
15:11 dkrae joined #salt
15:13 hightekvagabond joined #salt
15:14 beardedeagle joined #salt
15:19 NaPs joined #salt
15:20 perfectsine joined #salt
15:22 mpanetta I realize that the answer to this question is most likely no... But I have to ask... Does anyone know if you can use jinja templating on the command line when running something with cmd.run?
15:23 NaPs hi, is it possible to store proxymodules anywhere else than in the salt installation directory (in /usr)?
15:24 NaPs I tried using module_dirs but it doesn't seem to work
15:24 mpanetta Hrm, not familiar with proxy modules
15:24 ipmb joined #salt
15:28 InAnimaTe joined #salt
15:36 brianfeister joined #salt
15:39 thalleralexander joined #salt
15:39 chiui joined #salt
15:42 spuder joined #salt
15:42 permalac_ joined #salt
15:42 TyrfingMjolnir joined #salt
15:43 jaybocc2 joined #salt
15:45 zot joined #salt
15:45 mapu joined #salt
15:45 zot left #salt
15:46 mattiasr joined #salt
15:48 TreborTech_ joined #salt
15:49 silicon_id joined #salt
15:49 indispeq hi Everyone! Would you know if there is a feature in salt to set some items to a certain default within a state?
15:50 hightekvagabond joined #salt
15:50 indispeq for example: I am generating a bunch of files that are all slightly different, so I can't loop through them, but they should all be owned by the same user/group and same mode
15:50 indispeq and I do not want to kep rewriting 15 times the - user: xxxx -group: xxxx, etc...
15:50 perfectsine joined #salt
15:51 kawa2014 joined #salt
15:52 akhter Anyone ever get stuck using salt-cloud on "waiting for IP"?
15:54 WesleyTech_ joined #salt
15:54 winsalt akhter, I had that happen to me.  I had to open the right ports on the vm image.  You could run salt-cloud with "-l all"
15:55 akhter I'm running it with "-l trace"
15:55 akhter winsalt: I'll try with "-l all" but I'm not sure if I'll find anything new.
15:55 Joren__ joined #salt
15:56 edrocks joined #salt
15:57 akhter The issue is that boto, which is what salt-cloud is using I believe, does respond with the correct instance details but salt-cloud isn't reading the private IP.
15:57 winsalt it will tell you if its having trouble connecting on the right port
15:57 AlberTUX joined #salt
15:58 akhter I believe this is at the bootstrapping phase, which should be done via ssh (22), is that not correct?
15:58 clintberry joined #salt
15:58 albee joined #salt
15:59 akhter winsalt: Because right now, even though salt doesn't pick it up, I'm able to connect to that host with the same port, same user, and same key.
15:59 winsalt possibly, im not familiar with ec2.  For mine I had to specifiy a port in the cloud provider config (445)
15:59 jaybocc2 joined #salt
16:00 PeterO joined #salt
16:00 perfectsine joined #salt
16:00 keimlink joined #salt
16:00 oida joined #salt
16:00 akhter winsalt: Was that an ssh port?
16:00 winsalt these were windows vms so its using some random winexe binary
16:01 baweaver joined #salt
16:01 albee I am looking for clues what I might be doing wrong.  My setup is using vagrant loading a windows 2012r2 minion and an Ubuntu 14.04 as master.  I am able to write states, however no matter what I try I can't get the minion to retrieve any repo packages from the master.
16:01 akhter Ahh, mine states "[DEBUG   ] Waiting for VM IP. Giving up in 00:05:00" however the response code upon creating the instance has <privateIpAddress>10.5.5.166</privateIpAddress>
16:01 akhter I fear this may be an issue with libclodu :(
16:02 akhter libcloud*
16:02 albee I have tested with ping, and it communicates back and forth with debug
16:02 albee but no repos
16:02 albee anyone give me any hints?
16:02 winsalt albee, the win repo can be a pain.  Make sure the minion and master config are pointing to the right places
16:03 albee winsalt, any examples?
16:03 s_kunk joined #salt
16:03 s_kunk joined #salt
16:04 winsalt if you are on 2015.8, they changed the names of the parameters.  also there are two commands to generate the repo data and sync it with the minions
16:04 winsalt i made an alias for it "alias refreshwinrepo="salt-run winrepo.genrepo;salt -G 'os:Windows' pkg.refresh_db"
16:04 albee I have seen those, however, when ever I execute againts the winminion it is always empty
16:05 winsalt https://docs.saltstack.com/en/latest/topics/windows/windows-package-manager.html#config-options-for-minions-2015-8-0-and-later
16:06 albee @winsalt so when I have tried to list the availible packages for firefox after following that url, I get an empty list exception
16:06 albee Not sure if that is a symptom of the problem
16:07 winsalt https://gist.github.com/rmarcinik/86141692185ced8a90ee
16:07 winsalt here is an example of the config settings I have working
16:08 jprewitt joined #salt
16:08 sdm24 joined #salt
16:08 albee How exactly does winrepo.p get populated?
16:08 albee is it thorugh the genrepo command?
16:09 winsalt yeah
16:09 albee could it be a permissions issue that it isn't?
16:09 albee run the commands as sudo
16:09 winsalt i dont think its permissions
16:09 albee does the windows machine need to have a special user to run as minion
16:10 albee I have tired to run it as admin for debug perposes
16:10 winsalt nope, mine is the default system user
16:10 albee humm
16:11 albee winsalt, thank you, my laptop is running out of power, I will use your sample to test
16:11 Guest47229 joined #salt
16:12 thalleralexander joined #salt
16:15 InAnimaTe joined #salt
16:17 colegatron joined #salt
16:24 jprewitt joined #salt
16:28 baweaver joined #salt
16:29 jprewitt /msg NickServ VERIFY REGISTER jprewitt dbgjflyrxhht
16:30 geekatcmu that's a nice password you have there.  Sure would be a shame if something happened to it...
16:30 jprewitt ya... stupid space before msg
16:30 geekatcmu yep
16:30 jprewitt however, its just a verification code... not the password
16:31 shaggy_surfer joined #salt
16:31 wangofett +1 for msging nickserv from your server window ;)
16:31 pzipoy joined #salt
16:33 hasues joined #salt
16:33 hasues left #salt
16:35 Brendan_ joined #salt
16:35 wryfi joined #salt
16:36 wryfi what is the right way to add a line to a managed file, without creating a whole new template for the file?
16:37 wryfi if i extend file.managed with file.append, i get some warnings about 'group', 'user', and 'mode' being invalid arguments for file.append
16:37 wryfi i guess i should be using a require instead?
16:37 ekristen joined #salt
16:37 protoz joined #salt
16:37 wryfi but i can't really use a require, because then i have two conflicting states with the same name
16:38 xmj joined #salt
16:38 xmj joined #salt
16:38 winsalt use file.append without those arguments?
16:39 ssplatt joined #salt
16:39 wryfi winsalt: but i am extending a file.managed state, which needs those arguments
16:39 xmj joined #salt
16:39 xmj joined #salt
16:39 wryfi (i am not explicitly passing those arguments file.append)
16:39 wryfi (they are being inherited from the file.managed state)
16:39 winsalt yeah, then you are looking for require
16:40 wryfi but like i said, i can't use require, either, because then i will have to conflicting states with the same name (the name of the file)
16:40 wryfi *two
16:41 winsalt the conflict is in the state id I think.  To avoid that list the file path under a "- name: filepath" argument.  That way the state id can be whatever you want
16:41 * wryfi goes to try that
16:42 tpaul joined #salt
16:42 winsalt personally I always like to use the explicit  - name:  for any state
16:43 protoz joined #salt
16:44 wryfi winsalt: i end up with a "recursive requisite found" error
16:44 wryfi well screw it, this is too much work, i'll just create a new template
16:44 * wryfi irritated
16:44 kaptk2 joined #salt
16:44 tmclaugh[work] joined #salt
16:46 winsalt are you using a require and an extend
16:47 wryfi require
16:47 thalleralexander joined #salt
16:47 wryfi no
16:48 tmclaugh[work] joined #salt
16:49 indrgun joined #salt
16:52 edrocks joined #salt
16:54 nidr0x joined #salt
16:55 perfectsine joined #salt
16:56 thalleralexander joined #salt
16:57 indrgun_ joined #salt
16:57 InAnimaTe joined #salt
16:59 winsalt you must be doing something like "- name: blah - require: - file: blah"
16:59 otter768 joined #salt
17:01 ageorgop joined #salt
17:02 rideh joined #salt
17:02 aberdine joined #salt
17:02 snave joined #salt
17:09 s0undt3ch joined #salt
17:09 Bryson joined #salt
17:10 cpowell joined #salt
17:12 cmclaughlin joined #salt
17:13 writtenoff joined #salt
17:14 thalleralexander joined #salt
17:16 foundatron Does anyone here have experience using AWS CodeCommit repos with git_pillar? And the follow up question...have you gotten auth to work with IAM roles?
17:17 hightekvagabond joined #salt
17:19 anmolb joined #salt
17:24 andrew_v_ joined #salt
17:24 Brenden_ joined #salt
17:25 brianfeister joined #salt
17:26 Brenden_ Hey gang. I ran into an interesting issue and would like your thoughts. I've been using the ssh_auth.present state to populate a users ssh public key into the authorized_keys file.  The problem is that we will be changing this users key pair frequently.  When we changed it in the user.sls file, it didn't remove the old public key but rather appended the new one.
17:27 Brenden_ so would it just be better to salt the actual authorized_keys file itself? or is there a better way?
17:27 beardedeagle so this is for my own edification, why does salt-api and salt-cloud have a hard dependency on salt-master, but salt-syndic and salt-ssh do not? They require the master to work I am pretty sure.
17:27 justanotheruser joined #salt
17:28 rmnuvg joined #salt
17:31 simon2 joined #salt
17:31 simon2 is there any standard way to report errors to log in SLS files?
17:32 simon2 i got an issue with one jinja construction,  and one if doesn work as expected so i wanted to report a warning in salt's logfile when the flow goes to else branch...  how should i do it?
17:33 simon2 one 'if'*
17:39 InAnimaTe joined #salt
17:40 BogdanR Hello
17:40 spiette joined #salt
17:40 BogdanR I would like to debug a jinja template but I don't know to see what is actually renedered
17:40 BogdanR How can I see the renedered output of the jinja template?
17:46 cheus Is there a reliable way to track the success of a `state.orchestrate` call? Eg, if the saltmod states fail I wouldn't really call it an overall success but `result=True` in the output json.
17:48 brianfeister joined #salt
17:56 simon2 there is something like a dry run and - l debug option
17:56 simon2 additionally u can list context in jinja template in sls
17:58 perfectsine joined #salt
18:01 Fiber^ joined #salt
18:01 ninkotech joined #salt
18:02 bhosmer joined #salt
18:07 diegows joined #salt
18:13 justanotheruser joined #salt
18:14 DanyC joined #salt
18:14 carmony joined #salt
18:17 InAnimaTe joined #salt
18:17 btorch joined #salt
18:23 ALLmightySPIFF joined #salt
18:24 impi joined #salt
18:25 larsfronius joined #salt
18:26 bhosmer joined #salt
18:29 bhosmer_ joined #salt
18:30 beardede_ joined #salt
18:32 khaije1 I'm using UUID's as the ID value for all state stanzas, is there a way to add an optional for-humans description text annotation that will be displayed if present during state runs?
18:34 Ryan_Lane is it possible to completely turn off salt's on-disk cache for minions?
18:34 s_kunk joined #salt
18:34 s_kunk joined #salt
18:34 digitalhero joined #salt
18:34 Ryan_Lane since we use masterless without a minion and we deploy our salt code to the nodes, I don't think it makes sense to read the data from the disk, then write it to the disk, never to be read again :)
18:35 albee joined #salt
18:35 albee Just wanted to return and give a big thanks to winsalt for his/her assistance.  What was suggested worked perfectly!
18:36 sfxandy joined #salt
18:36 jaybocc2 joined #salt
18:36 timoguin joined #salt
18:39 alvinstarr has anybody had any experience with using parameters from foreman?
18:40 troyready joined #salt
18:41 timoguin joined #salt
18:42 nledez joined #salt
18:42 nledez joined #salt
18:43 Destreyf joined #salt
18:46 bfoxwell joined #salt
18:47 BradThurber joined #salt
18:54 indrgun joined #salt
18:54 Edgan alvinstarr: I have used foreman as an external node classifer with puppet. I have since moved to salt, and used salt with foreman. I have moved away from using foreman as an external node classifer, because then part of your configuration ends up in the foreman database, and not in a git repository. Having the history of the settings I feel is more important. You can also avoid putting a lot of settings into pillars by using the defaults
18:54 Edgan .yml/map.jinja style inside your states/formulas. Then leave pillars more for customizations, secrets, lists of users, etc.
18:55 protoz joined #salt
18:55 fyb3r joined #salt
18:56 drawsmcgraw joined #salt
18:56 saltstackbot [reddit-saltstack] salt yum repo config https://www.reddit.com/r/saltstack/comments/3vg4lk/salt_yum_repo_config/ - 2015-12-04 - 18:53:08
18:57 wangofett Has anyone had experience applying SElinux custom rules?
18:57 fyb3r Is there any reason that reactor's would slowly be increading the threads running on the master infinitely?
18:57 sjorge joined #salt
18:57 sjorge joined #salt
18:58 fyb3r seems that when running an execution module the socket that was used to connect to the minions stays open
18:58 drawsmcgraw Someone mentioned a Github project last night (Ryan_Lane) that aimed to use Salt states to build Dockerfiles. Anyone happen to have the backchat or a link to the chat archive...?
18:59 InAnimaTe joined #salt
18:59 perfectsine joined #salt
18:59 Ryan_Lane one sec
19:00 cpowell joined #salt
19:00 otter768 joined #salt
19:01 digitalhero joined #salt
19:02 fyb3r a side note on my issue. its with 2000 minions connecting to the master via 165 syndics
19:02 fyb3r all running a status.uptime on present event
19:02 alvinstarr Edgan: I have no problem with the foreman db and I am looking to extract the interface information so that I can configure the node interfaces
19:03 Edgan alvinstarr: One VM/instances interface information on another?
19:05 Ryan_Lane drawsmcgraw: https://pypi.python.org/pypi/flyingcloud/0.1
19:05 digitalhero joined #salt
19:05 alvinstarr Edgan: I have a number of interfaces that I would like to statically configure and since they are more or less best managed in foreman I want to use that information to build the interface configs.
19:05 drawsmcgraw Ryan_Lane: Thanks! That being said, would you go this route? Are you more inclined to use your own solution for this?
19:05 Ryan_Lane yw
19:06 Ryan_Lane I haven't looked at this code enough to know :)
19:06 Ryan_Lane not sure what we'll end up doing
19:06 Ryan_Lane right now we're doing really thin dockerfiles and some weird two-step builds
19:06 Ryan_Lane without salt
19:06 Edgan alvinstarr: give examples, it is unclear what you mean by interfaces
19:06 Ryan_Lane but I think we'd prefer salt to actually do the builds, rather than a bunch of bash
19:07 zmalone drawsmcgraw: you were asking last night about what repo to use if you wanted to pin yourself to a certain salt version
19:07 Ryan_Lane we're still at a point where none of our repos have docker files, but instead have a yaml manifest that tells our builder what to do
19:07 zmalone https://repo.saltstack.com/apt/ubuntu/ubuntu14/archive/2015.8.3/ seems to be what you would want, the archive folder contains single versions that shouldn't be removed.
19:07 Ryan_Lane so the ideal goal is to turn that into salt
19:07 dyasny joined #salt
19:07 drawsmcgraw zmalone: Ah! Thank you
19:10 alvinstarr Edgan: host x has 4 interfaces (eth0,eth1,eth2,eth3) All need static configurations and not via dhcp. They are set during the provisioning process with foreman. I would like to use the pillar information passed via parameters.
19:11 Edgan alvinstarr: Why static and not dhcp?
19:12 Edgan alvinstarr: Your foreman/pillar configuration is going to get crazy fast
19:15 wendall911 left #salt
19:18 drawsmcgraw Ryan_Lane: sounds like a lot of work :) I'm especially interested now because I just lost two weeks of time because I made a Dockerfile for a Java base image for our team (we already Salted the process for non-Docker things) and I forgot *two* files in the Dockerfile that caused an obscure security error in the application.
19:18 Ryan_Lane drawsmcgraw: yeah... that's the painful part of docker
19:18 Ryan_Lane drawsmcgraw: what we currently do is run fat containers
19:19 alvinstarr Edgan: Not all networks have dhcp. Some are special purpose.
19:19 Ryan_Lane and they run the exact same code and process as non-docker
19:19 Ryan_Lane salt and everything
19:19 Ryan_Lane using the phusion ubuntu image
19:19 drawsmcgraw Sounds like an interesting challenge
19:19 alvinstarr Edgan:  I was kind of hoping I could iterate over the foreman_interfaces data and use that to setup the networks.
19:20 protoz joined #salt
19:23 Edgan alvinstarr: How many systems?
19:24 clintberry joined #salt
19:25 alvinstarr Edgan: Not that many but they get rebuild a LOT. Also if I cannot do it for my test environment there is little point in rolling it out in large scale production.
19:26 TreborTech_ joined #salt
19:29 TreborTech__ joined #salt
19:29 digitalhero joined #salt
19:31 jartsu joined #salt
19:32 clintberry joined #salt
19:32 Edgan alvinstarr: Could you just loop over the configuration in a jinja, and not statically define the ips, but generate them instead?
19:33 clintberry joined #salt
19:33 dusel joined #salt
19:35 dusel hello, not sure if this is already being addressed, but just in case it has gone unoticed, I wanted to point out that http://bootstrap.saltstack.com/ is currently 404'ing
19:37 forrest joined #salt
19:38 jartsu Hi, I have a salt state, http-server/firewall-rules.sls, which appends an iptables firewall rule and hooks via a 'require_in' into a state defined in iptables/init.sls called 'default-firewall-rules'. It's not working though if the iptables state is not included in the top file. What I'm trying to do is to add firewall rules only on machines that are running
19:38 jartsu iptables. I was hoping I could define firewall rules for all my services and have them execute only on machines that I specifically include the iptables state in. Clearly I'm doing it wrong. What's the best way to do this?
19:39 jartsu Basically, I want to have an http-server state that does package installation and configuration, and only applies firewall rules if the host has iptables setup.
19:41 alvinstarr Edgan: I am trying to figure out if jinja can handle hierarchical  data like http://pastebin.centos.org/36801/. I am reasonably sure it can but the search-able examples tend to be lots of very simple foo,bar,baz examples.
19:41 InAnimaTe joined #salt
19:41 digitalhero joined #salt
19:42 forrest jartsu, Are you targeting states via grains or specifying which states are applied via your top file?
19:43 jartsu I'm just specifying which states are applied in the top file
19:43 Heartsbane joined #salt
19:43 Heartsbane joined #salt
19:44 forrest jartsu, As in all systems get the same states, or you have specific systems getting specific states?
19:44 cpowell_ joined #salt
19:47 subsignal joined #salt
19:47 perfectsine joined #salt
19:49 jartsu forrest, yeah, specific systems get specific states. Basically web servers get the iptables state, but other hosts don't.  Then I've setup states for various services, like httpd, ntpd, etc. In those states I'd like to be able to specify iptables rules that get added if the server is using the iptables state.
19:49 jartsu I'm trying to avoid adding all my rules into one giant iptables state, and instead have optional rules in each service's state that get executed only if the host is running iptables.
19:50 protoz joined #salt
19:50 crazyphil by default, where do .sls files go on a salt master on linux?
19:51 jgee joined #salt
19:52 zmalone /srv/salt?
19:52 forrest crazyphil, /srv/salt/thing/init.sls
19:52 forrest jartsu, I guess I'm confused, if you're targeting via hostname, your top has host:\n - iptables\n - http\n -http_iptables right?
19:53 brianfeister joined #salt
19:53 crazyphil ok, thanks
19:53 forrest zmalone, Shame on you for suggesting one dir LIKE A HEATHEN
19:53 forrest ;)
19:53 zmalone I added a wildcard at the end
19:53 forrest pssssh
19:53 zmalone Not a useful one, but a wildcard
19:54 zmalone I keep all my stuff in /srv/salt/q/
19:55 forrest gross
19:56 giantlock joined #salt
19:56 forrest All in one giant state file too?
19:56 forrest like 900 lines?
19:57 felskrone joined #salt
19:57 guanophobic looks like http://bootstrap.saltstack.com/ is 404:ing
19:57 jartsu forrest, you just gave me the answer. For some silly reason I was including the firewall rule via an include in each state's sls Thanks, it's obvious now that you mention how you thought I was doing it. :)
19:59 forrest jartsu, For sure! Glad that helped.
20:01 hightekvagabond joined #salt
20:03 WesleyTech_ joined #salt
20:04 jartsu how do you guys/girls name states that are for a service? Eg. for a web server, do you call your state httpd, http-server, apache, etc.? One of those or something else?
20:04 jartsu any convention that I should follow?
20:05 protoz joined #salt
20:05 linjan joined #salt
20:05 drawsmcgraw I'm as specific as possible (within reason)
20:05 jartsu does that mean as specific as naming after the package name or the protocol name though?
20:06 forrest jartsu, I always have a dir, so like nginx/install.sls, nginx/service.sls nginx/plugins.sls, or whatever.
20:06 forrest Depends on the env
20:06 drawsmcgraw Oh, are we talking individual states or state files?
20:06 drawsmcgraw My state files are similar to what forrest does
20:06 wangofett I just had that same question
20:06 jartsu state files
20:07 ssplatt joined #salt
20:07 wangofett Dirs are kind of nice
20:07 drawsmcgraw what forrest said in that case
20:07 wangofett I hadn't thought about that
20:07 drawsmcgraw dirs are where it's at. Namespaces
20:07 jartsu cool, thanks for the answers
20:07 tehsu how can I have file.replace only replace the pattern and not the entire line?     - repl: '{{ salt['pillar.get']('newdb') }}', would     - repl: '{{ salt['pillar.get']('newdb') }}'
20:07 forrest dirs for everything, stuff specified inside the dirs. Anyone who complains about 'having to type too much to include all the states' can suck it.
20:07 murrdoc joined #salt
20:07 drawsmcgraw +1
20:07 jartsu yeah, I've been using directories. I just wasn't sure if I should name it by protocol or vendor. eg. httpd vs apache
20:07 whytewolf jartsu: I typically go with a <statefilename>-<module>-<function> and normally use a nested directory method for larger projects like openstack.keystone.* is /srv/salt/states/openstack/keystone/*
20:07 cipher_ joined #salt
20:07 murrdoc joined #salt
20:08 drawsmcgraw my Openstack states directories look the same
20:08 jartsu and what's interesting about the httpd case is that for example the apache RPM in RHEL is named 'httpd'
20:08 cipher_ quick question: how can you apply one state that is not in the base environment to a minion?  not seeing this in documentation
20:08 jartsu so even RedHat doesn't call their package 'apache'
20:08 forrest jartsu, Well that's because Apache is terrible
20:09 drawsmcgraw aww... below the belt on that one :)
20:09 zmalone uh
20:09 jartsu I suppose. As most other packages seem to be named after the name of the project
20:09 zmalone httpd is the name of the product, apache is the foundation
20:09 forrest Sorry, flashbacks to a big apache shop. Would never go back.
20:09 zmalone at one point, apache and httpd were synonymous
20:09 forrest zmalone, I know
20:09 jartsu unfortunately we're running apache here still :(
20:09 whytewolf zmalone: it wasn't always like that. apache actualy used to be the name of the http server also
20:09 whytewolf [back in the 90's]
20:09 forrest Are you guys still using httpd over nginx?
20:10 jartsu We are. Hopefully for not much longer.
20:10 forrest I haven't seen any performance/ease of configuration metrics in at least 2 years that could make me pick to use it again
20:10 jartsu if I can have my way)a(
20:12 froztbyte how do people ship stuff like keys/certificates with salt?
20:13 froztbyte putting it in pillar data ends up making for a hell of a long/scrolly pillar (should you ever need to deal with a CLI inspection)
20:13 forrest stored in pillar/external pillars usually
20:13 froztbyte it'd be cool if pillar-for-files was a thing
20:13 whytewolf froztbyte: stored in pillar. and switching to pillar.get|item for cli inspection.
20:14 whytewolf coarse I'm also used to working with gig sized files in the cli
20:14 froztbyte whytewolf: I find that when I'm trying to check specifics for debugging (wrong pillar data level, for instance) I almost always need .items
20:14 DammitJim joined #salt
20:14 krymzon joined #salt
20:14 whytewolf | less
20:15 timoguin joined #salt
20:15 froztbyte yes yes, I know the obvious ways for handling that
20:15 froztbyte that doesn't make "press pgdn past 9 pages of cert" any less tedious or unwieldy :)
20:15 whytewolf while in less /pillar item you are looking for and stop scrolling
20:15 froztbyte which is why I was asking. I was wondering if someone has figured out a better thing.
20:16 keimlink joined #salt
20:16 forrest froztbyte, Have fewer certs? /troll
20:16 froztbyte forrest: frownyface.png
20:17 whytewolf pillar.obfuscate?
20:17 InAnimaTe joined #salt
20:18 whytewolf https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.pillar.html#salt.modules.pillar.obfuscate
20:18 froztbyte that might actually work for solving that specific debug pain
20:19 froztbyte now for the other side of this being painful: I don't have an external pillar setup at the moment, and dropping n-many certs into pillar is a tedious process
20:19 froztbyte external pillar probably makes that trivial to solve :/
20:19 whytewolf external pillar makes it a breeze
20:20 whytewolf https://docs.saltstack.com/en/latest/ref/pillar/all/salt.pillar.file_tree.html
20:21 scoates joined #salt
20:23 howardroark joined #salt
20:24 DammitJim anyone here use salt for production deployments of applications?
20:25 howardroark Hey! If I use the 'npm' state to install global modules as a non-root user... Is there anyway to tell that process to use 'sudo' ... a lot of modules need sudo to create the bin paths
20:25 pkimber joined #salt
20:25 jdubski joined #salt
20:26 akhter_1 joined #salt
20:26 forrest DammitJim, Have at every job that's ever used salt.
20:26 Ahlee just hit https://github.com/saltstack/salt/issues/27152 on a single master config
20:26 saltstackbot [#27152]title: 2015.8.0: salt-minion failover broken. Hangs forever when connecting to the second failover | Configure salt minion as:...
20:26 justanotheruser joined #salt
20:26 DammitJim forrest, if you don't mind me asking... is this a developer role?
20:27 forrest DammitJim, Is what a developer role?
20:27 forrest DammitJim, If you're asking if I'm a dev, then no: https://hungryadmin.com/pages/Resume.html ;)
20:27 DammitJim LOL
20:27 Ahlee our developers deploy their software with salt
20:28 DammitJim I guess I'm trying to determine if I as a systems administrator should be the one deploying the application to the production servers
20:28 Ahlee I wrote an app that talks to the salt-api that gets run from atlassian bamboo
20:28 forrest DammitJim, Yeah there's a reason Ahlee is mostly bald, and it's not due to male pattern baldness...
20:28 InAnimaTe joined #salt
20:28 DammitJim I can understand them deploying to dev and test, but for some reason we have drawn a line for production
20:28 Ahlee empower your users to do it
20:28 whytewolf we used to use salt when i worked at IGT. and no I'm not a dev either. I have a larger background in traditional ops
20:28 DammitJim this might not be the right topic for this channel
20:28 forrest DammitJim, It's a fine topic to discuss. Honestly why do they even have to do that instead of having automated deploys after everything passes in dev/test?
20:29 wangofett +1 to that
20:29 DammitJim Ahlee, well, actually, the developers want to start using Bamboo for deployments to production
20:29 DammitJim that's why I'm asking
20:29 forrest if it's good in dev, and it's good in test, what makes it unacceptable for prod? That's the problem you need to address.
20:29 forrest I say go for it dude
20:29 Ahlee i'm a firm believer of the 1k deploys/day
20:29 forrest Agreed
20:29 Ahlee if your deployments are hard, make them easier
20:29 Ahlee if there's any hangups to having yoru developrs push a button, eliminate the hangups
20:29 forrest DammitJim, Have you taken a look at: https://github.com/gravyboat/docka-docka-docka /shameless plug
20:30 forrest Yep, I want to do 0 work associated with deployments
20:30 forrest set it and forget it.
20:30 forrest If they fuck it up, empower them to do another deploy that fixes it
20:30 forrest Then post mortem that shit and address that failing
20:30 DammitJim yeah, I guess the problem I run into, but that could be configured... sometimes my team... the support team doesn't know about their changes
20:30 wangofett broadcast over RSS
20:30 DammitJim interesting point of view
20:31 forrest DammitJim, As in they don't tell you when they change stuff?
20:31 DammitJim right
20:31 DammitJim there is that fine line between... the server is broken with the application has issues
20:31 forrest DammitJim, If so, set up the reactor to deploy when they send in the hook or whatever, as well as sending out either an email or hooking into your chat tool to inform people
20:31 Ahlee manage it with salt, and pretty print a report off ret['changes']
20:31 DammitJim yeah, they can put some notifications through bamboo
20:31 forrest Yeah that's also a good one Ahlee
20:32 DammitJim Ahlee, that was my original plan
20:32 whytewolf typically the goal is to if you can't 100% automate it. at least get it to the point of pushing 1 button will do it. anything more means someone is over complicating the install. normally on purpase have "job security" cause they are the only one that knows how it works
20:32 DammitJim but now they want to do away with Bamboo
20:32 Ahlee I don't blame them.
20:32 forrest DammitJim, Well, what are they using outside of bamboo?
20:32 Ahlee Bamboo is an interesting beast.
20:32 forrest lol
20:32 forrest Ahlee, always so political
20:32 DammitJim LOL
20:32 Rebus joined #salt
20:32 DammitJim forrest, right now? they scp the files to the server
20:32 Ahlee forrest: heh, product of my environment
20:32 forrest DammitJim, That's unacceptable, why are they not using source control.
20:33 DammitJim then they call me to restart the instance of tomcat if it has problems
20:33 whytewolf lol. I tpyically like Attlassian products, but forget bamboo
20:33 DammitJim oh, they check out the stuff from source control, manually compile it and copy the file over
20:33 BradThurber joined #salt
20:33 ssplatt joined #salt
20:33 DammitJim whytewolf, we are just starting with Bamboo
20:33 Ahlee which is all bamboo would do :)
20:33 forrest DammitJim, Ugh, are they using git or svn or what? Internall hosted I assume?
20:33 froztbyte I guess the middle option for my minor predicament is to write a small thing that reads up files and pushes the data into pillar data (files)
20:33 DammitJim svn
20:33 DammitJim internal
20:33 froztbyte for certs/keys
20:33 * froztbyte will do that
20:34 TreborTech joined #salt
20:34 DammitJim so, I guess I shouldn't care if they do the deployments themselves
20:34 forrest DammitJim, How is the code tested?
20:34 forrest DammitJim, Well you should because right now they don't seem to inform anyone which is a bad deal.
20:34 DammitJim they check it out of the branch, compile it and copy it to the test servers
20:34 DammitJim forrest, oh yeah, that's already on the requirements for bamboo if we go that way
20:34 DammitJim what I had put in place was a staging server where they would drop the war files
20:35 DammitJim and I would use salt to deploy the war files from that location
20:35 digitalhero joined #salt
20:35 DammitJim very bare bones
20:35 forrest DammitJim, I see, I'd suggest trying to automate that away from them, so automate the deployment/build for test so everything can be run against it
20:35 DammitJim oh and the update would automatically back up the old war
20:35 wangofett Where can I find the next scheduled salt release date?
20:35 forrest Makes their job easier, and gets you more detailed deployment info which is always a good deal.
20:35 DammitJim what way, forrest?
20:35 tehsu is there an alternate to file.recuse that'll let me use local storage instead of using salt://
20:35 wangofett +1 for that suggestion. DammitJim Jenkins is pretty easy to setup
20:35 forrest wangofett, It's not really on a calendar, there was a release yesterday though
20:36 forrest DammitJim, In what way try to take that away from them?
20:36 DammitJim DammitJim, I see, I'd suggest trying to automate that away from them
20:36 * wangofett needs https://docs.saltstack.com/en/develop/ref/states/all/salt.states.selinux.html#salt.states.selinux.module
20:36 forrest Yeah, get some jenkins going (or even better travis CI if they'll spring for it and you can go external)
20:36 DammitJim you mean to automate the deployment/build for test with bamboo?
20:36 DammitJim no, nothing external here
20:37 wangofett Then Jenkins is a good choice
20:37 DammitJim yeah, they'll be doing the automatic deployment for dev and test
20:37 forrest But you said they push the war for the deployment
20:37 DammitJim the only question here was production
20:37 forrest or are you saying with bamboo
20:37 forrest I see
20:37 forrest Yeah automate prod too
20:37 DammitJim yeah, we currently do everything manual
20:37 DammitJim bamboo is going to start doing all these things
20:37 wangofett automate automate automate
20:37 whytewolf wangofett: you can run development modules on production. it typically is just a matter of putting the development module in _modules and sync_all
20:37 forrest if you have to deploy prod it doesn't matter how good your dev/test process is. It's still a fail if you can't go from dev -> test -> prod without admin intervention.
20:37 forrest In my eyes at least.
20:37 DammitJim but I didn't know if I needed to say something about automation with bamboo with production since currently that's one of my roles
20:38 whytewolf and state modules in _states
20:38 whytewolf _state
20:38 whytewolf something like that
20:38 forrest DammitJim, I can think of no higher priase than 'we had to fire forrest because he automated himself out of a job'
20:38 murrdoc :)
20:38 DammitJim LMAO
20:38 DammitJim stop it, that's mean
20:38 wangofett is _states in /etc/salt/ somewhere?
20:38 Ahlee sadly, it's always 'we had to fire forrest becuase he's forrest'
20:38 forrest wangofett, It just lives wherever your file roots is
20:39 forrest wangofett, https://docs.saltstack.com/en/latest/ref/states/writing.html#using-custom-state-modules
20:39 forrest DammitJim, I'd highly suggest to automate the prod deployments IF things are being tested thoroughly, it's empowering for your devs, and wastes less time for you.
20:39 DammitJim ok, I'll just let them automate the process.. then the support team/system admins don't have to worry about that
20:39 whytewolf wangofett: to be safe, you should include the exacution module if you include the state.
20:39 DammitJim if they break it or there is a problem with a deployment, then they'll just have to fix it themselves
20:39 whytewolf [incase the state module needs something on the updated exacution module
20:39 forrest Ahlee, I'm not good with office politics, what can I say (though I will note I've never been fired)
20:39 DammitJim yeah, I like that
20:40 BradThurber_ joined #salt
20:40 GreatSnoopy joined #salt
20:40 DammitJim as long as we get notified of an update
20:40 Ahlee forrest: <3 it was a jest in poor taste
20:40 forrest DammitJim, I mean you should be around to help fix shit, but the goal should be to find what caused the break, do a post mortem, and fix that issue, where your help may be needed.
20:40 forrest Ahlee, I know, so was my hair joke ;)
20:40 DammitJim then if a call comes in, we can look at the history and say, here... you updated this recently, go take a look at it
20:40 forrest DammitJim, Yeah exactly, data is always king
20:41 DammitJim what does that mean? data is always king?
20:41 murrdoc i am bored enough at work to start picking up side giggers
20:41 murrdoc Ahlee:  lets start a chicago salt consultancy
20:41 murrdoc earn some spare change
20:41 Ahlee murrdoc: 'k.
20:41 * murrdoc could use some guns
20:41 forrest DammitJim, 'Jim says the servers broke but he did not do anything!' "well I can see here that Jim pushed a change at 2:15 PM"
20:41 Ahlee pew pew
20:41 forrest DammitJim, Having the data means you can find the issue and fix it.
20:41 DammitJim does that mean that you guys give God access to the developers to the production servers?
20:41 whytewolf murrdoc: nice. I'm sick of red tape enough to look for another job
20:41 forrest DammitJim, lol no.
20:41 DammitJim oh, right
20:42 forrest DammitJim, They have less access than ever with a truly automated setup
20:42 Ahlee murrdoc: come up with a talk idea for salt meetup
20:42 DammitJim I guess I can just give them access to where they need to deploy the stuff
20:42 Ahlee hell i'll even do it
20:42 DammitJim things aren't always 1s and 0s
20:42 Ahlee i just do'nt know what to talk about any more
20:42 forrest murrdoc, Ahlee I haven't found many people looking for salt consultants sadly
20:42 Ahlee forrest: indeed. Telling :(
20:42 forrest DammitJim, Nah don't even give them access, your automated tool does the deployment, they don't need access.
20:42 murrdoc forrest:  i can do puppet
20:42 murrdoc or chef
20:42 * wangofett would love to not have access to any of the servers he needs to put things on
20:42 murrdoc infra side gigs
20:42 wangofett because automation <3
20:42 forrest murrdoc, And I can ram a hot poker into my eyes.
20:43 murrdoc hey
20:43 murrdoc spare cash is spare cash
20:43 ssplatt joined #salt
20:43 DammitJim I guess I need to learn how they would do an automated deployment if there are new jar files that need to be added to the server
20:43 murrdoc i aint gonna let my morals pick and choose puppet or chef or salt
20:43 whytewolf wangofett: my dream setup is cloud based systms that delete themselves, and rebuild if the user count goes to 1 or higher
20:43 DammitJim thanks guys
20:43 forrest DammitJim, Set up a hook that does the build if needed, then drops the jar in an accessible central location
20:43 DammitJim this is very helpful
20:43 forrest DammitJim, np
20:44 forrest murrdoc, It has nothing to do with morals
20:44 DammitJim set up a hook where?
20:44 DammitJim salt?
20:44 forrest DammitJim, Could be salt, could be in jenkins
20:44 forrest or whatever other systems you use
20:44 DammitJim I"m not using jenkins
20:44 DammitJim LOL
20:44 forrest or bamboo
20:44 forrest whatever.
20:44 murrdoc Ahlee:  totes srs
20:44 DammitJim ok
20:44 whytewolf DammitJim: when someone says jenkins mentally replace it with CI of your choice.
20:44 whytewolf :P
20:44 forrest murrdoc, I'm too burned on puppet to ever use it again. I MIGHT be able to do chef, but their naming is worse than salt's, googling their docs is shit.
20:45 whytewolf jenkins is just the goto example cause it rocks
20:45 forrest lol
20:45 forrest what
20:45 murrdoc rocks my world
20:45 forrest I think our experiences with jenkins are different
20:45 murrdoc whytewolf's salks
20:45 Ahlee murrdoc: find a client and i'll tlak to compliance
20:45 wangofett Jenkins is fantastically easy when you're dealing with Java
20:45 whytewolf compared to bamboo, Jenkins is the bees knees
20:45 forrest Only because you're already dealing with java /troll
20:45 forrest I still like Travis the best.
20:45 wangofett lol
20:46 DammitJim lol
20:46 BradThurber_ joined #salt
20:46 wangofett True story. I've tried setting up a Python job with Jenkins and it hasn't been *nearly* as nice
20:46 forrest Yep
20:47 murrdoc Ahlee:  i ll present next meetup
20:47 forrest murrdoc, I thought you were in CA with iggy
20:47 murrdoc end it with, hey if anyone needs salt advice, holla at yo BOI
20:47 murrdoc i live in chicago
20:47 whytewolf I used to use jenkins with phpunit. it wasn't that bad. I had cold chils cause it was php but yeah
20:47 forrest murrdoc, Ahh okay
20:47 murrdoc cos i am foreign
20:47 forrest what does that have to do with whether you can live in CA or Chicago?
20:49 murrdoc well
20:49 murrdoc wifey is foreign too
20:49 murrdoc and she needs to work at an under privileged are
20:49 murrdoc area*
20:49 murrdoc to work off her visa
20:49 murrdoc or soemthing
20:49 forrest Doesn't all of SF count for that?
20:50 forrest BOOM
20:50 whytewolf I wouldn't limit that to just SF
20:50 forrest I know, I'm just sour because I've been dealing with a lot of SF shops recently
20:50 forrest They want me to move there, I say no.
20:50 libertyy joined #salt
20:51 whytewolf I get a LOT of "contracts" for the SF area. they seem sad that I tell them they are not going to pay me enough to live there
20:51 whytewolf they want to pay me what i make in las vegas. to live in SF
20:51 forrest lol
20:51 foundatron How does one use a ssh config file with when setting up git pillars?
20:52 foundatron I haven't been able to find a good example
20:52 foundatron though i've seen references of people saying they use them
20:52 foundatron My attempts have failed, so I'd like to see an example of one that works
20:52 foundatron Anyone got one?
20:53 libertyy I'm using a orchestration file to invoke cmd.run, but, how do I set the path within a salt.function {name:cmd.run}  statement?
20:53 forrest foundatron, Did you already look at: https://docs.saltstack.com/en/latest/ref/pillar/all/salt.pillar.git_pillar.html and https://github.com/saltstack/salt/issues/16176#issuecomment-74952450
20:53 saltstackbot [#16176]title: Can't find a way to authenticate for pillars in a git over ssh with gitfs | Hi,...
20:54 libertyy that is, set the PATH env variable used by the cmd.run
20:55 Ahlee saltenv:PATH=/foo:/bar, right?
20:55 Ahlee er
20:55 Ahlee no, env=
20:55 darien joined #salt
20:56 whytewolf libertyy: - env="your path" remeber that $PATH will not expand
20:56 cyteen joined #salt
20:56 whytewolf libertyy: https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.cmdmod.html#salt.modules.cmdmod.run scroll down to the examples of env https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.cmdmod.html#salt.modules.cmdmod.run
20:56 Ahlee i'd just embed the PATH in your cmd.run script
20:56 darien quick question: I'm setting up a new salt config (replacing the old one wholesale), and I'm trying to figure out how to assign 'environments' to hosts, but all the examples seem like they would just match hosts in every env
20:56 whytewolf Ahlee: me too.
20:56 Ahlee file.managed /path/to/script.sh; cmd.run /path/to/script.sh with require: file.managed
20:57 darien I'm not sure how to make a host only be in one or another without specifying them manually or changing the minion config
20:57 digitalhero joined #salt
20:57 Ahlee darien: in minion config file, environment: myenv
20:57 whytewolf Ahlee: cmd.script source=salt://thescript.sh
20:58 Ahlee make sure that matches to a file_root: definition
20:58 darien Ahlee: without specifying them manually though
20:58 darien Ahlee: the docs say basically 'don't do that unless you have to, use the top file'
20:58 libertyy well, the binary could live in /usr/local/bin or /usr/bin, and I want to ensure that the PATH includes both directories. But, if i just do an 'echo $PATH', it shows the origional PATH, not the values I sent in the kwargs
20:59 libertyy that link is helpful, but i'm invoking cmd.run from state.orchestrate
20:59 bhosmer joined #salt
20:59 libertyy https://docs.saltstack.com/en/latest/topics/tutorials/states_pt5.html#orchestrate-runner
20:59 Ahlee darien: i'm not understanding waht you want, then. You want to have environments defined without defining them?
20:59 whytewolf libertyy: all orch does is run the module.
21:00 darien Ahlee: the docs say 'The top file is used to assign a minion to an environment unless overridden using the methods described below.', but all of their examples would put every host in every environment
21:00 tehsu Anyway to create directories and copy everything in one folder to the newly created directory on the same server and exclude one folder during the copy?
21:00 Ahlee tehsu: _module with your logic in it
21:00 Ahlee darien: ah.
21:00 fernandoacorreia hello guys!
21:00 fernandoacorreia Is it possible to detect if a state failed in one of the minions? I'd like to run "salt '*' state.highstate" or a similar command in a batch script and know if there was any failure in any of the minions.
21:01 darien Ahlee: anyway, I was going to use the method you suggested but the docs seemed to imply I shouldn't. If there's no reason not to, I'm going to do that.
21:01 darien Ahlee: (mostly I just want to run the 'bootstrap' environment only for some servers and only once, maybe environments are a bad way to do that)
21:01 Ahlee yeah i don't put too much weight on what hte docs say in regards to those things, as the docs are written by those who write the software, not those who use it
21:01 darien burn
21:02 darien Ahlee: thanks for your time!
21:02 otter768 joined #salt
21:02 sgargan joined #salt
21:03 crazyphil is the "common" state something that should exist by default somewhere?
21:04 diegows joined #salt
21:05 justanotheruser joined #salt
21:05 lumtnman joined #salt
21:05 cberndt joined #salt
21:06 foundatron thanks forrest...I guess I have ssh config set correctly...it's just not working...hmmmm
21:07 libertyy Okay, i solved my own issue. I misunderstood how to pass KWARGS to a salt.function.  This issue helped me figure it out:  https://github.com/saltstack/salt/issues/25317
21:07 saltstackbot [#25317]title: Unable to use kwarg in salt.function (modules.saltmod) | I am unable to find a way to feed kwargs through the salt-run state.orchestrate orchestration. ...
21:07 scoates joined #salt
21:08 jdubski joined #salt
21:08 lumtnman joined #salt
21:08 libertyy whytewolf: did you see that article floating around claiming it's cheaper to live in LV and fly to SF versus renting in SF ?
21:09 forrest lol
21:09 InAnimaTe joined #salt
21:09 whytewolf libertyy: I saw it yeah. and it is true
21:09 whytewolf but honestlly I don't want to comute that far
21:10 libertyy i don't blame ya.
21:10 tehsu is there anything that'll copy one folder to another or is that best done using a cmd.run
21:10 crazyphil ok, here's a question (first time salt user, stil learning), is it better to have salt start a service or init.d/systemd?
21:10 Ahlee crazyphil: salt just uses the OS's service management
21:11 forrest crazyphil, service.running will use the system stuff.
21:11 whytewolf esp. since i telecomute already and there is 0 reason for me to work in an office.
21:11 crazyphil ok
21:11 crazyphil makes sense
21:11 forrest whytewolf, Yeah I'm trying to find another remote gig
21:11 forrest People look at me like I'm crazy when I tell them commuting hundreds of hours a year isn't acceptable
21:11 forrest 'but our mediocre downtown seattle job!'
21:13 whytewolf most of the time it comes down to "we don't really know how to handle a a telecomuter, how do we hound them constently and intimidate them in person if they are not here"
21:13 forrest Plus I mean you can't drink the kool-aid if you aren't in an office, especially if you aren't in SF
21:14 whytewolf oh yeah the kool-aid. I already drink enough kool-aid I don't need another companies
21:14 crazyphil I've been remote for the past 10 years
21:14 crazyphil have not missed going anywhere
21:14 forrest Nice
21:15 BradThurber joined #salt
21:15 whytewolf very nice. this contract I am in now is my first 100% true remote gig. and I love the work from home. I just hate banks red tape.
21:15 forrest heh
21:18 whytewolf I seem to be going backwards. 3 jobs ago was really lax. could do almost anything i want. and we kept it running like a dream. [newspaper], job after that, one of the largest slot machine manufactures. still had to go in. more red tape. but still very lax. the red tape would get in the way of 100% efficiency. now I am at a bank. work from home but so much red tape it takes me 6 times long to do a single task then any time in my past and it drives me nuts
21:19 scoates joined #salt
21:22 tehsu so if I want a directory to be populated from another directory thats on the same machine(smb share) would any of the file. work, doesn't seem like any support copying from the same system except file.copy and that only supports a single file
21:24 crazyphil can salt "edit" a file and make specific changes?
21:24 tehsu like edit something inside of a file?
21:25 tehsu like one word
21:25 whytewolf crazyphil: file.replace?
21:25 tehsu ^
21:25 darien or file.patch
21:26 crazyphil yes, like edit one word
21:26 drawsmcgraw there's a file.patch?
21:26 crazyphil I went down the saltstack path because I was just put in charge of building a rather large environment, and need to install common programs across multiple machines, with slight differences in certain config files
21:26 digitalhero joined #salt
21:26 hasues joined #salt
21:27 wangofett Work from home is great
21:27 tehsu file.replace is the best bet
21:27 wangofett crazyphil: maybe the best way would be using jinja templates
21:27 whytewolf tehsu: for local to local you might want to look at https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.rsync.html#salt.modules.rsync.rsync
21:27 tehsu ty
21:28 DammitJim do any of you have source control for your states?
21:29 murrdoc nah
21:29 murrdoc i edit thm on salt master of master
21:29 murrdoc cp.file them to the master i need em on
21:29 murrdoc and then highsatete all servers
21:29 murrdoc and head out for harolds chickens
21:29 protoz joined #salt
21:29 opitka joined #salt
21:29 murrdoc (not true)
21:30 whytewolf I throw a bunch of magnets at the hard drive. in a pattern that should generate the files i want
21:30 DammitJim wait what? you have a master for the master?
21:30 wangofett DammitJim: yeah. At least at the moment
21:30 DammitJim how do you do that?
21:30 wangofett DammitJim: my master is its own master ;)
21:30 hightekvagabond joined #salt
21:30 whytewolf DammitJim: https://docs.saltstack.com/en/latest/faq.html#salting-the-salt-master
21:31 whytewolf it is common practice to salt the master
21:31 Ahlee i swear I'm never going to get to upgrade salt.
21:31 Ahlee We're going to stay on 0.17.x forever
21:32 DammitJim whoa
21:32 wangofett o.o
21:32 wangofett ouch :(
21:32 wangofett Ahlee you should sneak in the changes :D
21:32 CaptainMagnus joined #salt
21:33 wangofett gradually introduce portions of the codebase a file at a time
21:33 Ahlee I have until 12/31 to get this shit done
21:33 wangofett Ah. Well, never mind then :(
21:33 whytewolf Ahlee: rip it off like a bandaid.
21:33 Ahlee whytewolf: indeed.
21:33 Ahlee I'm nuke and paving
21:34 Ahlee scheduling bash/batch script that stops, uninstalls, deletes cache directories, reinstalls new version
21:34 whytewolf Ahlee: also once done. make sure you have a new job lined up and leave the problems of the upgrade to the next guy
21:34 Ahlee whytewolf: heh
21:34 Ahlee trying to stand up a new master and getting https://github.com/saltstack/salt/issues/29453
21:34 saltstackbot [#29453]title: 2015.8.3-1 minion hangs and never finishes connecting to salt-master | Spinning up a new salt environment on CentOS 6 and salt 2015.8.3-1. I also tried 2015-8.1-1 and had same experience. I believe this is directly related to (identical to?) https://github.com/saltstack/salt/issues/27152...
21:34 wangofett Not my circuis, not my monkeys
21:34 Ahlee so. damn. frustrating.
21:34 StolenToast whenever I talk to my coworkers about salt I pronounce "minion" like "mignon"
21:34 wangofett circus, too
21:34 wangofett lol
21:35 StolenToast talking about "salt-mignon" can make you hungry...
21:35 whytewolf oh fun, CentOS 6 :/
21:36 LotR StolenToast: because you're thinking about filet mignon?
21:36 StolenToast yeah but it's implied it's nice and salted too... mmm
21:36 whytewolf hehe
21:37 wangofett woohoo \o/ My SELinux thing worked. Sweet action
21:37 whytewolf yay for anytime an SELinux works
21:37 wangofett thanks forrest and whytewolf for the _states and _modules tip
21:37 whytewolf no problem
21:37 forrest wangofett, For sure!
21:38 Bryson joined #salt
21:38 colegatron joined #salt
21:39 DammitJim why do I want to salt the master?
21:39 whytewolf DammitJim: I do it so i can setup /etc/salt/cloud.*
21:39 whytewolf as well as things like highstate orchestration
21:39 DammitJim oh, I'm not there yet
21:40 DammitJim I've been having issues where my salt states defined in my top.sls aren't executing in order
21:40 whytewolf DammitJim: did you use order anywhere?
21:40 DammitJim and openjdk is being installed with tomcat instead of sun's jdk from another defined state :(
21:40 DammitJim no
21:40 DammitJim I just named the states in the top.sls for the server
21:41 protoz joined #salt
21:41 whytewolf hummm check salt '*' state.show_highstate as well as state.show_lowstate
21:41 DammitJim oh, what's that?
21:42 DammitJim sounds interesting
21:42 whytewolf basicly shows the datastructures of highstate and lowstate
21:42 StolenToast what is the lowstate?
21:42 whytewolf [as you can guess from the name :P]
21:42 StolenToast I inferred there was one
21:42 StolenToast but what does it do?  Is it the negative absence of the highstate?
21:42 whytewolf https://docs.saltstack.com/en/latest/ref/states/layers.html#low-state
21:43 DammitJim it doesn't execute anything on the minion, right?
21:43 DammitJim or do I need to run it with test=true?
21:43 whytewolf no it doens't run anything it is for debugging
21:43 whytewolf StolenToast: The Low State layer is the list of low chunks "evaluated" in order
21:44 DammitJim Detected conflicting IDs, SLS IDs need to be globally unique
21:44 DammitJim wow
21:44 pzipoy left #salt
21:46 whytewolf huh that page needs update. overstate has been pretty much renamed to orchestration. although i don't know if they call the layer overstate still
21:46 nledez joined #salt
21:46 nledez joined #salt
21:46 DammitJim oh, I have multiple places with the same ID :(
21:47 whytewolf well now you know how to find things like that.
21:47 whytewolf I thought that threw errors though
21:48 DammitJim well, those are old states that I don't use
21:48 DammitJim I wonder why it's calling them
21:48 wangofett whytewolf: I think overstate is still a thing - just depreciated
21:48 * wangofett started using orchestration and it's delightful
21:48 whytewolf DammitJim: are they included though includes in other sls files?
21:49 wangofett granted my neeeds are ridiculously simple right now - I just have my master minion and my test minion, but hey it's still awesome :D
21:49 DammitJim I need to find out
21:50 whytewolf lol wangofett I love Orch. it makes my openstack deployment 100% more smooth.
21:50 DammitJim wow
21:50 DammitJim that printed a lot of stuff!
21:51 InAnimaTe joined #salt
21:52 DammitJim ok, I cleaned it up
21:52 DammitJim I"m going to have to test a new server
21:52 DammitJim but is it supposed to execute the states in the order defined in the top file?
21:53 whytewolf DammitJim: yes, top to bottom
21:53 whytewolf unless something knocks it out of order
21:53 whytewolf like using order
21:53 whytewolf or having includes
21:53 Bryson joined #salt
21:55 crazyphil does salt perform it's actions as root?
21:55 cro joined #salt
21:55 darien whatever user the master runs as (root by default)
21:56 brianfeister joined #salt
21:56 boredatwork joined #salt
21:56 whytewolf crazyphil: tpyically* [small print: however it can be run as a different user. and some functions have a runas feature]
21:56 hasues left #salt
21:58 DammitJim no, no using order
21:59 DammitJim how about if one of the states requires it and it should have already been installed because of the top file?
21:59 crazyphil ok, just making sure, as some of the package install automation I'm going to do can't be done by pkg.installed
22:06 larsfronius joined #salt
22:08 jaybocc2 joined #salt
22:16 saltyMcSaltyPant joined #salt
22:16 saltyMcSaltyPant hello
22:17 saltyMcSaltyPant i couldn't find anything online so sorry if i missed it. Is there a best practice doc for infrastructure design? I'm trying to see if it is better to have a salt master per environment or a single salt master for all environments.
22:23 cyborg-one joined #salt
22:23 guanopho1ic joined #salt
22:25 yidhra joined #salt
22:26 * saltyMcSaltyPant slaps admgre around a bit with a large fishbot
22:34 InAnimaTe joined #salt
22:36 lumtnman joined #salt
22:39 howardroark Hey!  What is the simplest way to add an exsting user to a group?
22:40 symphorien left #salt
22:42 guanopho1ic group.present: -members: username ?
22:42 akhter joined #salt
22:45 indrgun joined #salt
22:45 howardroark any idea if that will work for an existing group... i like it
22:45 howardroark basically docekr makes it's own group on install
22:55 wryfi left #salt
22:56 justanotheruser joined #salt
22:59 racooper joined #salt
23:00 bhosmer joined #salt
23:00 tercenya joined #salt
23:02 otter768 joined #salt
23:07 wryfi joined #salt
23:07 wryfi i am getting this deprecation warning on my highstate runs ... DeprecationWarning: Starting in 2015.5, cmd.run uses python_shell=False by default, which doesn't support shellisms (pipes, env variables, etc). cmd.run is currently aliased to cmd.shell to prevent breakage. Please switch to cmd.shell or set python_shell=True to avoid breakage in the future, when this aliasing is removed.
23:07 wryfi but i don't see any documentation anywhere for cmd.shell
23:07 wryfi am i missing something?
23:15 wryfi and in fact, when i switch my states to cmd.shell, the fail.
23:15 wryfi so i find this deprecation warning quite misleading
23:16 ViciousLove wryfi, huh. There is no docs in docs.saltstack.com. You can run this command to get the doc. "sudo salt-call sys.doc cmd.shell"
23:17 ViciousLove wryfi, I ran into issues with cmd.shell as well. It was actually able to do stuff that cmd.run couldn't do. Also there is no documentation showing what it can and can't do... It's pretty frustrating
23:18 wryfi thanks ViciousLove, at least i know it's not just me ;)
23:18 ViciousLove Nope. I find cmd.anything to be frustrating experience
23:22 protoz joined #salt
23:29 Guest89 joined #salt
23:31 cberndt joined #salt
23:33 edrocks joined #salt
23:33 akhter joined #salt
23:34 jalbretsen joined #salt
23:35 snarfy joined #salt
23:35 snarfy hello again
23:35 snarfy I'm trying to tackle apt package downgrades via salt
23:36 snarfy all I really want is to be able to tell salt to tell apt --force-yes
23:36 snarfy otherwise apt will fail a downgrade with a warning.
23:37 snarfy do I need to fully purge a package before I can re-install it at an earlier version with salt?
23:37 digitalh_ joined #salt
23:39 Hazelesque joined #salt
23:43 wangofett snarfy: you can't just specify the version?
23:49 sfxandy joined #salt
23:52 ageorgop1 joined #salt
23:54 rideh joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary