Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2016-01-20

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:02 MindDrive joined #salt
00:03 MindDrive joined #salt
00:07 digitalhero joined #salt
00:09 wangofett Hey, if I know the job id, can I see the jinja that produced that job?
00:09 wangofett er, yaml
00:10 wangofett not jinja, I am tired
00:10 drawsmcgraw left #salt
00:11 dimeshake joined #salt
00:13 thejrose1984 joined #salt
00:18 fas3r can I create my pillars dynamically ?
00:19 aurynn fas3r, you'd probably be looking at the ext_pillar interface for that
00:21 zmalone joined #salt
00:24 keimlink_ joined #salt
00:25 brianfeister joined #salt
00:27 hasues joined #salt
00:28 hasues left #salt
00:33 ageorgop joined #salt
00:37 snarfy moogyver, i could use some more verification but it seems like w/ 2015.5.0 adding environment: foo to the minion config, then doing a salt-call state.sls blah would result in state foo not available in environment 'base'
00:38 snarfy 2015.8.3 and now it finds the state in environment 'foo'
00:38 snarfy which means I think i need to include environment as minion config in addition to a grain
00:38 snarfy because i'm keying off role grains in top
00:39 moogyver snarfy - there were some recent issues with the environment pinning in the minion config not working.  they had been working on separating out the fileserver environment vs environments for pillar
00:39 snarfy yeah - i'm going a bit extreme with gitfs and environments/branches
00:40 snarfy there's some trial and error with the details.
00:41 fas3r aurynn: and with salt['pillar.get']('key' : 'value'), can I store temporarely values during the process of my states ?
00:42 aurynn fas3r, I'd need to know more about what you're trying to do
00:42 lompik joined #salt
00:44 M-MadsRC joined #salt
00:46 amcorreia joined #salt
00:48 fas3r aurynn: I would like to keep some data retrieve during the execution of some states to be able to reuse them in a different state.
00:49 snarfy running away now
00:51 soma joined #salt
00:57 TyrfingMjolnir joined #salt
00:59 Diaoul joined #salt
01:00 M-liberdiko joined #salt
01:03 Bryson joined #salt
01:07 jmarathe_ joined #salt
01:09 calculon joined #salt
01:13 nyx_ joined #salt
01:14 hasues joined #salt
01:19 digitalhero joined #salt
01:22 Twiglet joined #salt
01:23 rihannon joined #salt
01:23 malinoff joined #salt
01:24 justanotheruser joined #salt
01:25 ALLmightySPIFF joined #salt
01:28 tmclaugh[work] joined #salt
01:35 digitalhero joined #salt
01:36 ALLmightySPIFF joined #salt
01:37 hasues left #salt
01:41 tedski joined #salt
01:42 perfectsine joined #salt
01:45 Ch3KoLyN joined #salt
01:46 otter768 joined #salt
01:49 perfectsine_ joined #salt
01:49 digitalhero joined #salt
01:51 jinkyu joined #salt
01:58 evle joined #salt
02:03 hasues joined #salt
02:04 keimlink joined #salt
02:07 nyx_ joined #salt
02:09 digitalh_ joined #salt
02:12 brianfeister joined #salt
02:12 bhosmer__ joined #salt
02:15 michelangelo joined #salt
02:16 Heartsbane joined #salt
02:16 Heartsbane joined #salt
02:16 baweaver joined #salt
02:18 quasiben joined #salt
02:25 keimlink joined #salt
02:32 zmalone joined #salt
02:34 hasues joined #salt
02:42 hasues left #salt
02:46 hal58th joined #salt
02:48 ilbot3 joined #salt
02:48 Topic for #salt is now Welcome to #salt! | Latest Version: 2015.8.3 | Paid support available for open source Salt! www.saltstack.com/support | Logs: http://irclog.perlgeek.de/salt/ | Paste: https://gist.github.com/ (please don't multiline paste into channel) | Ask with patience as we are volunteers and may not have immediate answers
02:48 strangecolor joined #salt
03:05 anotherZero joined #salt
03:06 bhosmer_ joined #salt
03:07 zmalone left #salt
03:12 ashmckenzie joined #salt
03:12 nyx_ joined #salt
03:26 berserk joined #salt
03:30 mapu joined #salt
03:31 quasiben joined #salt
03:34 moogyver joined #salt
03:38 bstanish joined #salt
03:39 racooper joined #salt
03:50 berserk joined #salt
03:53 digitalhero joined #salt
03:57 favadi joined #salt
03:57 colegatron joined #salt
04:02 berserk_ joined #salt
04:02 dyasny joined #salt
04:05 _JZ_ joined #salt
04:06 neogenix joined #salt
04:13 MeltedLux joined #salt
04:23 Bryson joined #salt
04:29 anmol joined #salt
04:29 brianfeister joined #salt
04:32 ageorgop joined #salt
04:40 malinoff joined #salt
04:45 cybacolt fas3r: this is achievable in different ways
04:46 fas3r cybacolt: can you give me one :) ?
04:47 cybacolt fas3r: look into mine.get for getting data from other minions, and using 'watch' and 'watch_in' as requisites to get states cooperating
04:48 fas3r cybacolt: yes I check that.
04:48 cybacolt fas3r: while you cant use mine.get in pillars directly (yet), you can use salt['saltutil.runner']('mine.get', ... from inside a pillar as a work around
04:49 cybacolt fas3r: i've got my pillars relatively dynamic using that, but you may eventually run into timeout issues on minions that require alot of mine data
04:49 cybacolt fas3r: but you can get around that too :)
04:50 fas3r cybacolt: would you might to share few examples on pastebin.
04:53 cybacolt fas3r: yeah, hang on, i'll put something on gist
04:53 fas3r cybacolt: that's really appreciate.
04:53 fas3r thanks.
05:08 cybacolt fas3r: https://gist.github.com/cybacolt/b1bd98534c155ee582a8
05:08 fas3r cybacolt: thanks you :)
05:11 cybacolt nw :)
05:11 fas3r cybacolt: is it a bad pratice to pass value directly with    :       salt '*' ......   pillar='{"key":"value"} ?
05:16 tristianc joined #salt
05:49 bhosmer joined #salt
05:58 favadi joined #salt
06:01 calvinh joined #salt
06:04 overyander joined #salt
06:06 overyander joined #salt
06:09 dgarstang joined #salt
06:11 otter768 joined #salt
06:18 brianfeister joined #salt
06:31 rem5 joined #salt
06:34 rominf joined #salt
06:38 impi joined #salt
06:41 brianfeister joined #salt
06:49 mephx joined #salt
06:54 chesty joined #salt
07:02 k_sze[work] joined #salt
07:03 k_sze[work] Just me or something is wrong with with jobs.lookup_jid?
07:03 k_sze[work] If I pipe the output of jobs.lookup_jid to a pager (e.g. less), I get the output for only one of the minions associated with the job ID.
07:11 DanyC joined #salt
07:12 DanyC joined #salt
07:18 tristianc joined #salt
07:26 DanyC_ joined #salt
07:34 impi joined #salt
07:35 robbbb Anyone using the salt state dockerng?
07:35 robbbb I can't seem to get dockerng.running to pull images
07:36 robbbb from hub.docker.com
07:38 bhosmer_ joined #salt
07:39 ajw0100 joined #salt
07:41 av_ joined #salt
07:42 AlberTUX1 joined #salt
07:47 dgarstang joined #salt
07:48 rdas joined #salt
07:56 dkrae joined #salt
07:58 federicob joined #salt
08:00 otter768 joined #salt
08:00 BlackFX joined #salt
08:01 BlackFX Heya guys, has anyone seen anything like this before : https://gist.github.com/geraint-jones-nz/948e7cfa203ab3103451
08:02 elsmo joined #salt
08:02 otter768_ joined #salt
08:03 voidspacexyz joined #salt
08:04 otter768 joined #salt
08:04 sectionme joined #salt
08:04 slav0nic joined #salt
08:06 otter768 joined #salt
08:07 rotbeard joined #salt
08:07 otter768_ joined #salt
08:09 otter76__ joined #salt
08:10 dariusjs joined #salt
08:10 Ixan joined #salt
08:12 ramteid joined #salt
08:22 dgutu joined #salt
08:32 bhosmer_ joined #salt
08:37 Grokzen joined #salt
08:37 larsfronius joined #salt
08:37 sectionme joined #salt
08:40 KermitTheFragger joined #salt
08:42 larsfron_ joined #salt
08:42 pi3r joined #salt
08:46 netcho joined #salt
08:46 pi3r I need to do a simple orchestration task: remove the cert file on a target minion + remove the associated certs from master. What's the better approach ? A script calling salt for each actions , orchestrations or reactor ?
08:47 pi3r Orchestration looks like a logical answer but is there a way to pass the target minion for the first task ?
08:49 kawa2014 joined #salt
08:52 atmosx joined #salt
08:54 blckbit10 joined #salt
08:59 favadi joined #salt
09:03 ITChap joined #salt
09:05 pwalsh joined #salt
09:06 GreatSnoopy joined #salt
09:09 Rumbles joined #salt
09:14 losh joined #salt
09:15 voidspacexyz joined #salt
09:21 Xevian joined #salt
09:26 bhosmer_ joined #salt
09:27 dariusjs joined #salt
09:35 s_kunk joined #salt
09:35 s_kunk joined #salt
09:37 sectionme joined #salt
09:48 chiui joined #salt
09:52 elsmo joined #salt
09:58 colegatron joined #salt
10:05 rodio_ua joined #salt
10:05 rodio_ua left #salt
10:07 voidspacexyz joined #salt
10:08 linjan joined #salt
10:10 linjan joined #salt
10:10 cyborg-one joined #salt
10:14 voidspacexyz joined #salt
10:16 oida joined #salt
10:26 sectionme joined #salt
10:28 jcristau joined #salt
10:34 giantlock joined #salt
10:35 denys joined #salt
10:40 Alexxannar joined #salt
10:41 jhauser joined #salt
10:57 CeBe joined #salt
11:03 keimlink joined #salt
11:06 Garo_ is it possible to run a runner directly when a reactor event is received? Now I have a really simple .sls file for a reactor which starts the runner and this feels silly as it's just 1:1 mapping
11:06 babilen That's exactly how you do it
11:07 babilen reactors react to events (regardless of the complexity of that reaction)
11:08 Garo_ yeah. that's what I have and it works fine (straight from https://docs.saltstack.com/en/develop/topics/reactor/index.html): I have an .sls which has runner... command
11:08 Garo_ but because I do everything in the runner the only reason I have the reactor .sls file is to start the runner
11:08 Garo_ so I'm wondering if there would be a way to declare in the master.conf that a reactor event starts one runner right away
11:09 anmol joined #salt
11:14 bhosmer joined #salt
11:15 viq joined #salt
11:15 viq joined #salt
11:15 abednarik joined #salt
11:16 viq joined #salt
11:24 babilen Garo_: The way to do that is to configure the reactor in way you did. The reactor is the mechanism in which you declare what should be done when a specific event is being received.
11:24 babilen (they are typically rather simple)
11:25 babilen ((in the sense of: "fire of action A, check data B, ..))
11:25 Garo_ babilen: yeah. I think I'll post an email to dev mailing list at some point to suggest if the reactor .sls could be removed from the middle
11:25 Garo_ there are of course use cases where having a reactor .sls makes perfect sense, but in my use case it makes perfect sense not to have it in the middle ;)
11:26 colegatron joined #salt
11:27 Garo_ I'm having the following setup: state.sls in minion requires a _state/mystate.py in minion, which calls _module/mymodule.py which calls __salt__['event.send']('myevent') which reactor system triggers (as defined in master.conf) which starts a reactor .sls file which starts a runner which does all the magic
11:28 Garo_ that's quite many files to pass events and data around and I'm hoping that I could simplify it a bit =)
11:31 Micromus joined #salt
11:31 oida joined #salt
11:31 Garo_ but thanks babilen for your input =)
11:33 babilen There *might* be a way, but it sounds as if you did what needs to be done at this point. The point is that "starts a reactor file" is a somewhat skewed way to think about it.
11:34 babilen The reactor is *exactly* the datastructure and way in which you tell salt what to do when a certain event is being received. How would you change that? One has to encode the "if event 'foo' is received fo X" (where X means "execute a runner" in your case)
11:35 babilen What would you like to see in lieu of that?
11:37 babilen Your problem seems to be that a SLS file needs to be referenced in the "targeting"/"matching" bit of the reactor and that that creates the necessity to maintain an extra SLS file just to point to something else?
11:38 babilen In a way you encounter the same problem when you target states in top.sls (i.e. "Why can't I directly include file.managed in the top.sls .. I don't need the extra layer!")
11:38 babilen Am I right in my understanding that you'd like to say something like "reactor: - 'salt/minion/*/start': - SOMERUNNERSOMETHING" ?
11:42 zer0def joined #salt
11:43 atmosx joined #salt
11:50 Garo_ babilen: yeah, something like that
11:51 Garo_ babilen: now when you mentioned that reactor is-the datastructure which defines what to do it makes much more sense that it works now as it does
11:51 Garo_ so in effect like you said I'm looking for a way to define that data structure in-line in the salt-master .conf file :)
11:52 dariusjs joined #salt
11:53 babilen Garo_: Yeah, I see how it could be seen as cumbersome ... But then, you might just not care about this, but simply write a state that generates the file(s) in question from pillar data and configures the reactor via https://github.com/saltstack-formulas/salt-formula/blob/master/pillar.example#L109
11:56 Garo_ babilen: yeah. that's always a possibility. I currently have two reactor files which are just these simple 1:1 mapping files for runners. I'll cross that bridge later when I start have too many of those
11:59 Garo_ what I'm doing is an automated way to setup EBS volumes for virtual machines by defining the volume requirements in per-vm pillar files, to snapshot those and to restore those from snapshots
11:59 N-Mi joined #salt
12:00 Garo_ so I'm pretty far away from the simple yaml+jinja stuff what salt is usually used with :)
12:01 ericof joined #salt
12:01 babilen "Any sufficiently advanced technology is indistinguishable from magic." -- you are a wizard! ;)
12:03 Garo_ thanks :p
12:04 Garo_ I'll try to open source this after it's done and I've refactored it a bit to look pretty and easy to understand =)
12:05 oida joined #salt
12:09 bhosmer_ joined #salt
12:15 abednarik joined #salt
12:23 oida joined #salt
12:25 giantlock joined #salt
12:26 evle2 joined #salt
12:27 quasiben joined #salt
12:31 otter768 joined #salt
12:34 simoo joined #salt
12:40 simoo how can I choose salt environment using a cmd? I defined two envs (prod, test) in pillar_root in master's config and I got /srv/pillar/prod and /src/pillar/test and I want to have in each location a file secret.sls in which I'll have multiple properties
12:40 simoo mostly the same but sometimes I want to have something in one env but not in another...
12:42 simoo should it work like this "salt '*' state.highstate saltenv=prod"? should it instruct master to expose only pillars from /srv/pillar/prod/secret.sls and completely ignore key-values defined in /srv/pillar/test or is it going to merge both files but prefer values from /srv/pillar/prod
12:42 simoo ?
12:45 anmol joined #salt
12:50 lothiraldan joined #salt
12:52 s_kunk joined #salt
12:55 dariusjs joined #salt
12:56 cliluw joined #salt
12:57 favadi joined #salt
12:59 Edgan joined #salt
13:03 oida joined #salt
13:03 bhosmer joined #salt
13:03 XenophonF simoo, i'm not 100% certain, but i think setting saltenv affects everything that uses environments
13:03 XenophonF it's easy enough to test
13:07 atmosx comments on sls files are: # <comment> ?
13:09 atmosx yes
13:09 XenophonF yes
13:09 atmosx I'm new to salt, if I want to use a salt-formula (ssh) as a 'state'
13:10 atmosx I just copy the pilar.example to ~/pilar and the openssh dir and "files/" to ~/salt ?
13:10 atmosx is that it?
13:11 XenophonF not quite
13:11 XenophonF https://docs.saltstack.com/en/latest/topics/development/conventions/formulas.html
13:11 voidspacexyz joined #salt
13:12 XenophonF i recommend using gitfs
13:13 TooLmaN joined #salt
13:17 XenophonF i kind of like how salt-formula does it, though
13:17 XenophonF it checks the repos out using a git.latest state and then adds each folder to file_roots
13:18 XenophonF that lets you use formulas in different environments, which fits into my workflow better
13:18 XenophonF YMMV
13:18 XenophonF the gitfs way is better for people new to salt
13:21 XenophonF the pillar.example files are just extra documentation for you
13:24 bhosmer joined #salt
13:30 KennethWilke joined #salt
13:30 lothiraldan joined #salt
13:41 tmclaugh[work] joined #salt
13:42 hasues joined #salt
13:42 hasues left #salt
13:43 amcorreia joined #salt
13:46 dynamicudpate joined #salt
13:47 opdude_ joined #salt
13:47 phx__ joined #salt
13:47 gh34 joined #salt
13:47 Shirkdog_ joined #salt
13:48 Arendtse1 joined #salt
13:48 robawt1 joined #salt
13:48 oida joined #salt
13:49 phx joined #salt
13:49 toddnni_ joined #salt
13:49 malinoff_ joined #salt
13:49 digitalhero joined #salt
13:49 the_ktosiek joined #salt
13:50 atmosx XenophonF: I don't think I can use a repo
13:50 malinoff_ joined #salt
13:50 patrek_ joined #salt
13:50 colttt_ joined #salt
13:50 atmosx I need to emulate the behavior
13:50 gadams_ joined #salt
13:50 demonkeeper joined #salt
13:51 tuxx_ joined #salt
13:51 EO__ joined #salt
13:51 wangofet1 joined #salt
13:51 muep joined #salt
13:51 baffle__ joined #salt
13:51 jcastle_ joined #salt
13:51 rubenb_ joined #salt
13:51 rogst_ joined #salt
13:51 giany_ joined #salt
13:51 __alex_ joined #salt
13:51 Pie_Mage_ joined #salt
13:51 murkey_ joined #salt
13:51 [dee]_ joined #salt
13:51 trevorjay joined #salt
13:51 saltsa_ joined #salt
13:51 Ahlee_ joined #salt
13:51 godzirra_ joined #salt
13:51 ajw0100_ joined #salt
13:51 gerhardq1x joined #salt
13:51 cswang__ joined #salt
13:51 kevinqui3nyo joined #salt
13:51 Qlawy_ joined #salt
13:51 Buzer_ joined #salt
13:51 cswang___ joined #salt
13:51 ventris joined #salt
13:51 LostSoul_ joined #salt
13:51 Rkp joined #salt
13:51 arnoldB_ joined #salt
13:51 setient_ joined #salt
13:52 shnguyen_ joined #salt
13:52 Knuta_ joined #salt
13:52 rmnuvg_ joined #salt
13:52 abednarik joined #salt
13:52 marwood_ joined #salt
13:53 Ahlee_ joined #salt
13:54 bharper_ joined #salt
13:54 etw_ joined #salt
13:54 nikogonz1 joined #salt
13:55 keekz_ joined #salt
13:55 JoeJulian_ joined #salt
13:55 _sifusam_ joined #salt
13:55 rm_jorge joined #salt
13:56 grep_away joined #salt
13:56 chesty joined #salt
13:56 Bucciarati joined #salt
13:56 bonzibuddy joined #salt
13:57 sjohnsen joined #salt
13:57 emid joined #salt
13:57 ropes joined #salt
13:57 tooth joined #salt
13:58 dean joined #salt
13:59 bastion1704 joined #salt
13:59 aurynn joined #salt
13:59 bhosmer joined #salt
13:59 subsignal joined #salt
14:01 fullstop joined #salt
14:02 schinken joined #salt
14:02 codehotter joined #salt
14:02 PsionTheory joined #salt
14:02 kawa2014 joined #salt
14:02 TjackNoire joined #salt
14:02 GreatSnoopy joined #salt
14:02 N-Mi__ joined #salt
14:02 tinyhippo joined #salt
14:02 w1gz joined #salt
14:02 davisj_ joined #salt
14:03 memford joined #salt
14:03 digitalhero joined #salt
14:03 CeBe joined #salt
14:03 mdupont joined #salt
14:03 stevednd joined #salt
14:03 chitown joined #salt
14:03 nexsja joined #salt
14:03 sqwishy joined #salt
14:03 ronrib joined #salt
14:03 eightyeight joined #salt
14:03 stopbyte joined #salt
14:04 rhand joined #salt
14:04 sarlalian joined #salt
14:04 Ch3KoLyN joined #salt
14:04 wm-bot4 joined #salt
14:04 subsigna_ joined #salt
14:04 jfindlay joined #salt
14:05 KennethWilke joined #salt
14:05 pcn joined #salt
14:05 NaPs joined #salt
14:05 melbogia joined #salt
14:11 cpowell joined #salt
14:12 impi joined #salt
14:12 yawniek joined #salt
14:15 tmclaugh[work]_ joined #salt
14:15 spaceSub Hey how can I add multiple ip addresses to an interface using salt.states.network
14:17 DammitJim joined #salt
14:18 strangecolor joined #salt
14:20 oida joined #salt
14:25 Pie_Mage_ spaceSub: multiple calls perhaps?
14:26 numkem joined #salt
14:26 spaceSub Pie_Mage_: I'm talking about salt state files. Not sure how multiple calls apply there?
14:28 pwalsh joined #salt
14:29 mapu joined #salt
14:30 spaceSub :q
14:30 spaceSub Whups
14:32 otter768 joined #salt
14:35 Pie_Mage_ just give them different ids
14:36 Qlawy joined #salt
14:38 Pie_Mage_ I see what you mean!
14:38 Pie_Mage_ it isn't quite as straightforward
14:38 federicob joined #salt
14:38 Pie_Mage_ (as some of the other state function docs)
14:40 Pie_Mage spaceSub: if you're on linux (and I assume OSX) you'd specify as eth0, eth0:0, eth0:1, eth0:2
14:41 Pie_Mage for the gatewaydev I think?
14:41 glyf joined #salt
14:45 ALLmightySPIFF joined #salt
14:47 bhosmer joined #salt
14:47 morissette joined #salt
14:48 XenophonF atmosx: there are instructions for manually installing a formula at the web page i gave you
14:49 XenophonF atmosx: you just manually check out the repo and add the folder to file_roots
14:52 Niamkik joined #salt
14:52 spaceSub Pie_Mage: Looks weird, but works as advertised! :) Thanks.
14:53 ajw0100 joined #salt
14:53 racooper joined #salt
14:55 zmalone joined #salt
14:56 perfectsine joined #salt
14:58 spaceSub joined #salt
14:58 kaptk2 joined #salt
14:59 Pie_Mage :D
14:59 DammitJim what would you guys recommend a development team who is starting to use a continuous integration server to do production deployments
14:59 DammitJim they are asking me what user they should use for such a task
15:02 oida joined #salt
15:03 andrew_v joined #salt
15:04 byronschaller joined #salt
15:08 ntropy joined #salt
15:08 kalessin joined #salt
15:08 nledez joined #salt
15:08 nledez joined #salt
15:09 Tyrm joined #salt
15:09 tpaul joined #salt
15:14 neogenix joined #salt
15:15 DammitJim joined #salt
15:24 DammitJim is there an easy way to add ssh keys to different minions for different users?
15:28 abednarik joined #salt
15:30 Maciek_ joined #salt
15:30 rem5 joined #salt
15:31 Guest22519 hi
15:31 oida joined #salt
15:31 Guest22519 Can anyone have a look at : https://github.com/saltstack/salt/issues/30474 and tell me if my YAML structure is ok? trying to determine the reason for the crash
15:31 saltstackbot [#30474]title: salt-run salt.orchestrate crashes due to an exception | Part of my work on the event reactor includes an orchestration step...
15:32 abednarik joined #salt
15:36 blckbit10 joined #salt
15:36 pi3r joined #salt
15:37 keimlink joined #salt
15:38 perfectsine joined #salt
15:38 klocek joined #salt
15:41 berserk joined #salt
15:42 bhosmer joined #salt
15:42 abednarik joined #salt
15:42 nyx_ joined #salt
15:43 berserk joined #salt
15:44 pkimber joined #salt
15:46 sahilsinha joined #salt
15:47 digitalhero joined #salt
15:48 racooper joined #salt
15:56 winsalt joined #salt
15:57 SVQTQ joined #salt
15:59 drawsmcgraw joined #salt
16:01 kawa2014 joined #salt
16:03 digitalhero joined #salt
16:04 tehsu joined #salt
16:05 chamunks joined #salt
16:05 NV joined #salt
16:06 SirLagz joined #salt
16:06 zsoftich1 joined #salt
16:09 dgarstang joined #salt
16:12 spiette joined #salt
16:12 bhosmer joined #salt
16:12 rihannon joined #salt
16:15 nyx_ joined #salt
16:16 geomacy joined #salt
16:17 geomacy hi all can I ask a question about managing processes that I can't figure out from the Salt documentation?
16:18 geoffo joined #salt
16:18 geoffo left #salt
16:19 gekitsuu joined #salt
16:20 jimklo joined #salt
16:22 drawsmcgraw geomacy: I don't think we can promise anything but ask away
16:22 mohae joined #salt
16:22 geomacy thanks - I know how to define a state that installs apache, say, and then "state.highstate" will start it
16:22 geomacy but how do I bring apache down again if I want to temporarily stop it?
16:23 geomacy I can't find a command like "state.shutdown" or equivalent
16:24 geomacy is there such a thing or does Salt not work that way?
16:27 winsalt you have to make a state that shuts down apache, and call it with state.apply shutdown_apache
16:28 geomacy ah
16:29 geomacy so that would have to include an execution module call something like service.stop apache
16:29 CheKoLyN joined #salt
16:30 winsalt yeah, i think there is a state for making sure services are stopped too
16:31 geomacy there's salt.states.service.dead
16:31 geomacy which makes sure the named service is dead
16:31 winsalt yep
16:31 geomacy so I can put that into a state and apply it?
16:32 winsalt exactly, plus whatever things you want to do to turn off apache
16:32 geomacy I understand now, that's great, thanks for the advice!
16:33 otter768 joined #salt
16:35 numkem joined #salt
16:36 drawsmcgraw Why? Why does apt-get install salt-minion *automatically* start the service???
16:38 muep that is the usual thing to happen with services packaged for debian
16:39 hunmaat it is also common to have a disabled = 1 default setting in /etc/default
16:39 XenophonF DammitJim: i handle service account management (similar to what you describe) with users-formula
16:40 Guest22519 hi guys
16:40 muep I think those things that have such a service specific disable option under /etc/default are less common
16:40 drawsmcgraw muep: That's my understanding. It's just surprising to see...
16:40 Guest22519 can someone have a look at https://github.com/saltstack/salt/issues/30474 and tell me if my YAML is ok?
16:40 saltstackbot [#30474]title: salt-run salt.orchestrate crashes due to an exception | Part of my work on the event reactor includes an orchestration step...
16:40 DammitJim oh ok, thanks XenophonF
16:41 muep at least the most well known services like apache2 or ssh would just automatically start if you install them
16:41 muep also IIRC slapd does
16:41 XenophonF DammitJim: i'm a little unclear on the rules for merging pillar data, so i try to avoid that
16:41 muep I do not think that is a particularly good default, but that is the convention on debian and its derivatives
16:42 L2SHO I have a situation where I need to push a config file out to 15 minions, but I need to put a different IP address in each one based on a regex match against the ID.  What would be the best way to accomplish that?
16:42 DammitJim merging pillar? whoa
16:42 DammitJim so, you use some kind of jinja template?
16:42 XenophonF DammitJim: precisely
16:42 DammitJim that's fine
16:42 drawsmcgraw L2SHO: Would it happen to be the IP of the particular minion?
16:42 drawsmcgraw That is - is there anything in Grains that would help?
16:42 L2SHO drawsmcgraw, no, it's an ip of a router it needs to peer to
16:42 XenophonF that way i can manage things in one place
16:43 XenophonF the |yaml filter is my friend :)
16:43 AndreasLutro why not?
16:43 AndreasLutro that's the standard for all debian package
16:43 AndreasLutro s
16:43 XenophonF 11:42 < L2SHO> I have a situation where I need to push a config file out to 15 minions, but I need to put a different IP address in each one based on a regex match against the ID.  What would
16:43 XenophonF dammit
16:43 XenophonF sorry
16:43 drawsmcgraw L2SHO: I'd consider a macro or some other way of just running Python code that returns the IP you need.
16:43 drawsmcgraw Either that or put static information into Pillar and just look it up from there.
16:44 drawsmcgraw But that's not as futureproof as computing it on-the-fly'
16:44 perfectsine joined #salt
16:45 XenophonF L2SHO: http://jinja.pocoo.org/docs/dev/templates/#replace
16:45 XenophonF short version is, pipe the minion id to the replace filter
16:45 L2SHO ya, pillar is what I was thinking, but is there a way to get a regex match out of a minion ID?  For example, my minion ID is something like "server-tyo1.domain.org" and I want to match the "tyo1"
16:45 zer0def joined #salt
16:46 L2SHO XenophonF, ok, that looks like it might work
16:47 XenophonF something like {{ salt['grains.get']('id')|replace('.*\([0-9]+\).*', '4.3.2.\1') }}
16:48 XenophonF http://stackoverflow.com/questions/12791216/how-do-i-use-regular-expressions-in-jinja2
16:48 winsalt wouldnt you want to do this in the top file.  Match the specific IPs in a pillar against the server name?
16:49 XenophonF L2SHO, alternatively, you could have a lookup table keyed off whatever part of the hostname you're using, and use |replace to strip everything else out of the minion ID
16:52 tongpu joined #salt
16:52 hal58th joined #salt
16:52 LondonAppDev joined #salt
16:53 L2SHO XenophonF, ya, thats what I was thinking, just some kind of table in pillar
16:56 L2SHO I guess I can just key it right off the minion ID, I don't need to filter down to the location code at all
16:59 DammitJim do you guys worry about application dependencies or do you let a CI take care of that?
16:59 DammitJim so, if a developer is deploying a brand new application, but it has dependencies of folders and files that need to be on the server
16:59 DammitJim do you guys normally do that with salt or do you let it go on the server directly?
17:00 DammitJim by the CI?
17:01 drawsmcgraw We may be a bit backwards but we have the CI run Salt calls
17:01 drawsmcgraw And Salt takes care of those things.
17:01 morissette joined #salt
17:01 Bryson joined #salt
17:01 anmol joined #salt
17:05 impi joined #salt
17:05 mpanetta joined #salt
17:05 oida joined #salt
17:06 andrew_v_ joined #salt
17:06 berserk joined #salt
17:07 murrdoc joined #salt
17:08 alemeno22 joined #salt
17:09 Tyrm joined #salt
17:09 berserk joined #salt
17:13 norii DammitJim: imo application dependencies is not the job of confmgmt and you should have an rpm or deb of your application that call in deps
17:13 anotherZero joined #salt
17:13 DammitJim norii, I'm talking like a war file that needs a folder with javascript stuff to work
17:13 norii but not everyone (almost no one) has their app packaged that way
17:14 DammitJim I would put that on the CI or developer, right?
17:15 HardWall joined #salt
17:15 XenophonF don't WARs come with everything they need compiled/zipped in?
17:15 stupidnic What is an "unless" looking at? Is it looking at the returned data of the command or is it looking at the exit status of the command?
17:15 XenophonF stupidnic: exit status
17:16 DammitJim XenophonF, they don't package those in the war files here
17:16 stupidnic hmmm okay... echo $? shows the command I am running exits with 0 but the state is still run
17:16 DammitJim I guess those javascript libraries are shared amongst war files
17:16 stupidnic just to confirm it is looking for 0 and 1 right?
17:16 XenophonF DammitJim: I'd expect that your dev/test/stage/prod environments would get built by Salt, so that'd include your JRE/JDK + container
17:17 DammitJim XenophonF, I do that
17:17 XenophonF typically, the WAR would get built to include the app's JARs plus everything it was built against
17:17 ageorgop joined #salt
17:17 DammitJim but that application level stuff is a grey area
17:17 XenophonF and then the CI tool would deploy just the WAR
17:18 XenophonF i mean, as long as your devs have a set list of dependencies, by all means deploy them using salt
17:18 DammitJim yeah, the stuff I am trying to accomodate is that we have so many applications that they are not including the jars in them because they are shared by different applications
17:18 onlyaneg1 joined #salt
17:19 DammitJim so, I'm thinking they need to have those dependencies defined in the CI tool and not salt
17:19 DammitJim but maybe I need to worry about those
17:19 DammitJim just trying to figure out a good balance
17:19 XenophonF if they aren't including those JARs in their build artifacts, then I would treat those JARs as part of the server environment and deploy them into the classpath like I would anything else on the servers
17:20 XenophonF a file.managed state or whatever
17:20 XenophonF man
17:20 DammitJim I have that already configured
17:20 kevinqui1nyo left #salt
17:20 XenophonF i hate j2ee stuff
17:20 DammitJim we are just starting to use a CI... hence the conversation
17:20 DammitJim LOL
17:20 XenophonF hate hate hate
17:20 XenophonF hey, speaking of
17:20 murrdoc what CI are u using
17:20 * murrdoc loves me some travis.ci
17:20 XenophonF 12:20 < DammitJim> LOLyou wouldn't happen to have a nice way
17:21 DammitJim Bamboo
17:21 XenophonF dammit
17:21 DammitJim a nice way of what?
17:21 murrdoc whats bamboo looking ?
17:21 XenophonF DammitJim: you wouldn't happen to have a nice way to manage XML config files from Salt, would you?
17:21 DammitJim good, but I don't know how stable it is
17:21 DammitJim XenophonF, I do, why?
17:21 DammitJim I mean, they are very simple
17:22 DammitJim XenophonF, nothing too complex (I hate the spacing in jinja template delivery)
17:22 murrdoc left #salt
17:22 murrdoc joined #salt
17:23 XenophonF i want to be able to serialize directly into XML like I can with YAML and JSON
17:23 XenophonF the salt documentation refers to an xml formatter for file.serialize
17:23 DammitJim oh, I don't have anything as fancy as that
17:23 XenophonF but it doesn't exist in the code
17:23 DammitJim I just have an xml template
17:24 DammitJim and I only fill in the blanks from pillar
17:24 DammitJim not sure what the difference is
17:24 XenophonF gotcha
17:24 XenophonF i want more than fill-in-the-blanks
17:25 nyx_ joined #salt
17:25 DammitJim oh
17:25 XenophonF i'm going to try to hack xml_badgerfish support into file.serialize
17:25 DammitJim fancy!
17:26 XenophonF there's an xml_badgerfish example in the salt docs!
17:26 XenophonF it'd make managing tomcat or jetty configs so much easier
17:27 XenophonF god, i hate j2ee
17:36 joe1234 joined #salt
17:38 joe1234 gooday, anyone ever done a direct command call from master to remote execute a command like i have to create a user on a qnap from my salt master, but i do not have a minion on the qnap so i just need to ssh user@qnapserver "useradd ...aso" ??
17:39 ageorgop joined #salt
17:39 edrocks joined #salt
17:39 zmalone sudo salt "minionid" cmd.run "…"
17:39 zmalone where … is your command
17:39 zmalone I'd probably not use it for adding a user, https://docs.saltstack.com/en/latest/ref/states/all/salt.states.user.html
17:40 zmalone and that kind of action is in general bad in cf management, if you need to build a new version of that host, you won't have that user's addition codified anywhere
17:40 joe1234 this works all nice in minions but i do not have a minion isntalled on the qnap server
17:40 abednarik joined #salt
17:40 zmalone Ah, got it.
17:41 joe1234 i really would love to do it via salt but it seems nobody made a minon work till today on qnap
17:41 writtenoff joined #salt
17:42 larsfronius joined #salt
17:44 DammitJim joined #salt
17:46 joe1234 the question is how can i execute a shell command directly on the saltmaster to use für example "ssh commands...." even this is uggly uggly
17:47 joe1234 i red about runners .... which can call a python script but isnt this also already inside the process of needing a minion or any id of  ahost  ?
17:48 drawsmcgraw joe1234: I'm having trouble following. You have a remote machine that you need to execute a command on. Is that correct?
17:48 larsfronius joined #salt
17:50 joe1234 i need to run from my saltmaster this command ... "ssh user@qnapserver "useradd -u 10000 testuser;"" but on the qnapserver there is no minion so therefor i need to execute this command from the master inside a state so that when it comes to create the backupdir on this "not salt managed" qnapserver everything is prepared
17:51 joe1234 thanks for try to understanding
17:51 drawsmcgraw joe1234: Makes sense. I think you want to use state.module()
17:51 drawsmcgraw in your state
17:51 drawsmcgraw And have your Salt master run that state
17:51 drawsmcgraw Lets you run modules inside a state
17:51 drawsmcgraw wait....
17:52 drawsmcgraw You don't even need that. You can just use cmd.run() in the state.
17:52 drawsmcgraw And have your salt master run that
17:53 DammitJim how do you run a state against the master?
17:53 joe1234 hmmm but i thought cmd.run() needs to have a minion where it executes the command
17:53 drawsmcgraw Ah.... huhn. yes
17:53 DammitJim salt 'master' cmd.run ?
17:53 drawsmcgraw joe1234: *can* you have a minino on the master?
17:53 drawsmcgraw and yes, DammitJim, I'm assuming there's a minion on the master.
17:53 DammitJim si
17:53 joe1234 that would be the last chance and we would not like to have minion on the master itself
17:54 drawsmcgraw joe1234: I see
17:54 drawsmcgraw Curious -> why do you not want a minion on the master?
17:55 joe1234 just to prevent stuff done by itself ... but this maybe just comes from beeing new to salt
17:55 drawsmcgraw "security" :)
17:55 joe1234 yep :-)
17:55 joe1234 or paranoya
17:56 drawsmcgraw I don't know what the general consensus is (though I'm curious) but I *think* it's fairly common to run a minion on the master.
17:56 wangofett that's what we're doing
17:56 drawsmcgraw If your master is compromised, the minion on there is your least concern.
17:56 wangofett It's actually kind of nice to be able to setup salt with salt ;)
17:56 joe1234 i htought that too but my collegue dont wants it
17:56 wangofett +1(million)
17:56 drawsmcgraw And because of the key exchange and 0mq message bus, it's unlikely that the minion on your master is much of an attack vector.
17:56 drawsmcgraw joe1234: Ah, I see now
17:57 Pie_Mage ooh
17:57 drawsmcgraw If they're open to reason, they may like that explanation (encrypted 0mq, key exhange, etc...)
17:57 Pie_Mage because it's kinda topical: what's considered best-practices for updating the salt package with salt?
17:57 wangofett yeah, social engineering and getting one of you to divulge a secret is is probably the weakest attack vector
17:57 drawsmcgraw In short - the minion on the master (in my opinion) is little risk.
17:57 wangofett or would that be strongest?
17:58 drawsmcgraw Pie_Mage: I *know* there's a best-practice way.. I'm ashamed to say I don't know it off-hand (other than a pkg.latest())
17:58 mattiasr joined #salt
17:59 joe1234 i will consider that "drawsmcgraw" but without the minion installed on the master there is no way to execute a shell command right  ?
17:59 wangofett drawsmcgraw / joe1234 - you could always ask about it on the security stack exchange (how much of an increase in attack surface a minion on the master is)
17:59 wangofett joe1234: besides ssh?
17:59 wangofett lol
17:59 drawsmcgraw joe1234: As you saw already, there *may* be an option through Runners but otherwise, no. Not that I know of.
18:00 wangofett joe1234: you mean for the master to execute a shell command itself?
18:00 Pie_Mage don't you generally run salt commands by ssh-ing into the master?
18:00 Pie_Mage there is no GUI as far as I am aware
18:01 wangofett Yeah. I have a sneaking suspicion that joe1234's colleague either doesn't understand how salt works, or information security ;)
18:02 joe1234 yes wangofett, i need to mound a folder from a qnap device which has no minion installed to manage it, so i just want to call an "ssh .... commmand" to this server for creating the backup user for special directory
18:03 Pie_Mage why not just use a command= in an authorized_keys file?
18:03 Grokzen joined #salt
18:03 joe1234 i will try installing a "minion" on master create a state which does a cmd.run and call my ssh commands, if this works i will recommend this way of doing it
18:05 joe1234 thanks for your time people
18:13 RealityVoid joined #salt
18:13 UtahDave joined #salt
18:13 lothiraldan_ joined #salt
18:13 teryx5101 joined #salt
18:14 robawt2 joined #salt
18:14 brucewang joined #salt
18:14 jgelens_ joined #salt
18:14 nomad_fr joined #salt
18:14 leev_ joined #salt
18:14 trave_ joined #salt
18:15 flebel_ joined #salt
18:15 evle3 joined #salt
18:16 realcliluw joined #salt
18:16 pmcg_ joined #salt
18:17 jcristau_ joined #salt
18:17 erjohnso_ joined #salt
18:17 ablemann_ joined #salt
18:17 cswang joined #salt
18:17 davroman1ak joined #salt
18:17 pprkut_ joined #salt
18:17 dstokes_ joined #salt
18:17 cpowell_ joined #salt
18:17 marwood joined #salt
18:17 rogst joined #salt
18:18 rbjorkli1 joined #salt
18:18 Taytay joined #salt
18:19 KingJ_ joined #salt
18:20 amcorreia_ joined #salt
18:20 synical_ joined #salt
18:21 Ph-x joined #salt
18:21 jY- joined #salt
18:21 Karunamon|2 joined #salt
18:21 marcinkuzminski_ joined #salt
18:21 kidneb_ joined #salt
18:21 InAnimaTe|whosto joined #salt
18:21 intr1nsic_ joined #salt
18:22 [BNC]aboe joined #salt
18:22 sjohnsen joined #salt
18:22 quarcu joined #salt
18:22 Niamkik_ joined #salt
18:23 armyriad joined #salt
18:23 arif-ali joined #salt
18:23 Ch3LL joined #salt
18:24 renoirb joined #salt
18:24 Jarus_ joined #salt
18:24 GothAck joined #salt
18:24 m0nky joined #salt
18:24 av_ joined #salt
18:24 artemz joined #salt
18:24 giantlock joined #salt
18:24 paolo joined #salt
18:24 dkrae joined #salt
18:27 armguy joined #salt
18:28 pezus joined #salt
18:28 VSpike joined #salt
18:28 N-Mi__ joined #salt
18:29 peters-tx joined #salt
18:29 ctrlrsf joined #salt
18:30 tzero joined #salt
18:32 tiadobatima joined #salt
18:32 _JZ_ joined #salt
18:34 perfectsine joined #salt
18:34 otter768 joined #salt
18:37 GothAck joined #salt
18:37 m0nky joined #salt
18:37 av_ joined #salt
18:37 artemz joined #salt
18:37 giantlock joined #salt
18:37 paolo joined #salt
18:37 dkrae joined #salt
18:39 elsmo joined #salt
18:39 digitalhero joined #salt
18:42 abednarik joined #salt
18:43 v12aml joined #salt
18:44 IPA` joined #salt
18:45 chiui joined #salt
18:48 GothAck joined #salt
18:48 m0nky joined #salt
18:48 av_ joined #salt
18:48 artemz joined #salt
18:48 giantlock joined #salt
18:48 paolo joined #salt
18:48 dkrae joined #salt
18:51 blckbit10 joined #salt
18:51 salem__ joined #salt
18:51 salem__ Hey all, Is there anyone currently using saltstack and git?
18:53 UtahDave salem__: in what context?  What are you trying to do?
18:54 salem__ I am trying to do a clone from git repo. I tried git.latest and received the same error as just trying it along the command line with salt 'xxx" git.clone /path/ repoName.
18:55 salem__ AttributeError: 'module' object has no attribute 'add_http_basic_auth'
18:55 salem__ That is the error
18:55 salem__ and I have the keys with no passphrase and can do a git clone on the box.
18:55 lothiraldan joined #salt
18:56 calculon <ksimmons> thinking something maybe like ?  {{ set GrainName = module.name:something }}
18:57 salem__ There shouldn't be any basic auth needed. In my state file I specify the name wiht ssh:// not HTTPS. So I shouldn't need https_user etc
18:58 winsalt joined #salt
18:58 geomacy joined #salt
18:58 joe1234 joined #salt
18:58 robawt joined #salt
18:58 trave joined #salt
18:59 erjohnso_ joined #salt
18:59 [BNC]aboe joined #salt
18:59 RandyT salem__: is there access control on the git repo?
18:59 salem__ joined #salt
19:00 salem__ Yeah
19:00 salem__ We use stash to manage our git repos
19:02 RandyT can't help you then. I've seen some strange behavior which in cases where it was a public repo without access control, you needed to use https:// to get it to work.
19:04 calculon <ksimmons> ID: check_ldap2_us-west-1_qe     Function: module.run         Name: boto_ec2.find_instances       Result: True      Comment: Module function boto_ec2.find_instances executed      Started: 10:47:35.557449     Duration: 115.801 ms      Changes:               ----------               ret:                   - i-9a2f2628
19:04 calculon <ksimmons> im wanting to store that "ret:” value to like a variable/grain
19:05 RandyT calculon: you might want to take a look at the ec2_info state in salt-contrib
19:05 RandyT does all of that for you.
19:06 calculon <ksimmons> k thanks
19:08 salem__ Yeah, it would appear that the git handling urls with ssh like  ssh://xx@xxx/repo.git
19:09 salem__ doesn't appear to work, the add_http_basci auth makes me thing it's using http/s despite it saying ssh in front.
19:10 rem5 joined #salt
19:10 RandyT salem__: not sure if you are pointing at a github repo but you might also try the git@ style uri as well if that is the case..
19:10 salem__ Tried that
19:11 blckbit10 joined #salt
19:11 ajw0100 joined #salt
19:14 onlyaneg1 joined #salt
19:21 baweaver joined #salt
19:22 mpanetta joined #salt
19:22 alemeno22 joined #salt
19:27 salem__ I found it, the minion is owned by root, so anytime I was trying to use any user other than root, it was still using roots .ssh/id_rsa
19:27 salem__ and so I defined the identity file as the user I wanted, and it works in the command line. But it doesn't from a state. At least not yet
19:28 GreatSnoopy joined #salt
19:30 berserk_ joined #salt
19:31 denys joined #salt
19:31 berserk joined #salt
19:34 MindDrive joined #salt
19:38 salem__ It is interesting that when I do a salt-call from the minion git works fine. I take that same command and run it with salt 'minionID' args and it fails with attribute error. Classic
19:42 wryfi_ so, i'm using s3 to store some managed files
19:42 wryfi_ and despite putting my s3 creds in the minion config
19:42 wryfi_ my highstate runs all still try to call out to 169.254.169.254 (some magic aws address)
19:43 wryfi_ and then prints a warning and a trace when it fails
19:43 wryfi_ the files are downloaded from s3 properly
19:43 wryfi_ but the warnings and traces are confusing and scary to some people
19:43 wryfi_ is there any way to suppress this behavior?
19:43 DammitJim how do I set the group sticky bit on a folder?
19:45 nZac joined #salt
19:46 blckbit10 joined #salt
19:46 whytewolf DammitJim: group sticky bit? I only know of one sticky bit which is set by adding it to the begining of the chmod like so 1755
19:47 DammitJim I guess that' it
19:47 DammitJim I am so confused... not thinking straight
19:47 qman__ there are also switches to set it witout modifying other perms
19:47 onlyaneg1 joined #salt
19:47 whytewolf well this is going into a state most likely so will need to work off of mode
19:48 DammitJim I just need this one folder to have anything copied to it inherit the group owner
19:48 DammitJim yup, mode
19:48 DammitJim oh no, 1775 changed it to drwxrwxr-t
19:48 DammitJim instead of drwxrsr-x
19:49 DammitJim I might need to do a cmd.run!
19:49 whytewolf the t is the sticky bit
19:50 codyaray joined #salt
19:50 codyaray left #salt
19:50 DammitJim I guess 2775 will be for g+s
19:50 qman__ that's setgid
19:50 DammitJim sorry
19:51 DammitJim setgid is what I was looking for
19:51 abednarik joined #salt
19:51 DammitJim it's weird 'cause online there was nothing for salt setgid
19:51 DammitJim then sticky bit came up and I started searching... that's where I got confused
19:51 DammitJim I'm good now, though
19:51 DammitJim now I need to ensure different users are part of a group
19:52 federicob joined #salt
19:57 DammitJim is there a way to inherit permissions in such a way that any new file is group readable?
19:58 DammitJim sorry, group writable
20:00 intel joined #salt
20:00 geekatcmu that's a function of umask
20:01 whytewolf ^
20:01 DammitJim ugh
20:01 DammitJim umask is the only want that can do that, right? not ACLs?
20:01 geekatcmu "welcome to Unix"
20:01 grumm_servire joined #salt
20:01 geekatcmu Oh, if you have ACLs then something else may well be possible.
20:01 geekatcmu ACLs ... vary in their capabilities.
20:02 whytewolf I would rather bite off my own leg then trump down the ACL route
20:02 geekatcmu ACLs are *incredibly* filesystem-specific.
20:02 DammitJim whytewolf, the problem with umask is that I'll have to set that for each user, right?
20:02 geekatcmu Well, it can generally be set globally...
20:02 geekatcmu Though users can always override that
20:02 zmalone DammitJim: you can use /etc/profile etc., but no one's shell is under any compulsion to obey it.
20:03 DammitJim right, that's why I was thinking ACLs but maybe ACLs can't even do that
20:03 whytewolf it is about 50/50 on if the filesystem acls can handle it
20:03 DammitJim it's ubuntu
20:04 geekatcmu On OpenAFS, they work exactly that way.  On, say, ext2 ... there are no ACLs.
20:04 geekatcmu Ubuntu is not a filesystem
20:04 DammitJim sorry, you did say file system
20:04 whytewolf ext2 had acl's in it's last iteraction. but they were omg wtf are you thinking bad
20:04 geekatcmu ext{2,3,4}, xfs, reiserfs,openafs, ...
20:05 geekatcmu Oh, they added them?  It's not surprising they're problematic.
20:05 DammitJim ext4
20:05 * geekatcmu points to the ext4 docs
20:05 geekatcmu "Go forth and READ, my son!"
20:05 DammitJim I will
20:05 DammitJim thanks
20:05 DammitJim then finally one day do it in salt
20:08 baweaver joined #salt
20:09 Bryson joined #salt
20:11 rem5 joined #salt
20:11 onlyaneg1 joined #salt
20:12 _JZ_ joined #salt
20:12 alemeno22 joined #salt
20:14 abednarik joined #salt
20:14 DammitJim if I use ACLs I don't have to use the setgid, right?
20:18 jhauser joined #salt
20:18 GothAck joined #salt
20:18 m0nky joined #salt
20:18 artemz joined #salt
20:18 giantlock joined #salt
20:18 paolo joined #salt
20:18 dkrae joined #salt
20:18 m0nky joined #salt
20:19 whytewolf well, you still need the setgid read this http://brunogirin.blogspot.com/2010/03/shared-folders-in-ubuntu-with-setgid.html
20:19 whytewolf filemode is still taken into account
20:19 DammitJim thanks whytewolf
20:19 DammitJim I'm learning a lot today
20:22 simonmcc joined #salt
20:24 murrdoc joined #salt
20:29 baweaver joined #salt
20:29 DammitJim OK, so I basically only overcame the problem with umask by using ACLs
20:29 DammitJim the setgid still applies
20:30 whytewolf yes
20:30 DammitJim because ACLs don't inherit the default group for new files created
20:31 DammitJim kind of confusing.. maybe I'm reading too much into it, but I guess I was thinking that setfacl -d -m g:teamgroup:rwx teamfolder would do the same as setgid
20:31 DammitJim alrihgt, brb
20:33 amr_ joined #salt
20:34 Score_Under joined #salt
20:35 otter768 joined #salt
20:36 deniszh joined #salt
20:42 jhauser joined #salt
20:42 GothAck joined #salt
20:42 m0nky joined #salt
20:42 artemz joined #salt
20:42 paolo joined #salt
20:42 dkrae joined #salt
20:42 m0nky joined #salt
20:55 onlyaneg1 joined #salt
20:55 andrew_v joined #salt
20:56 digitalhero joined #salt
21:01 digitalh_ joined #salt
21:03 nyx_ joined #salt
21:05 racooper howdy. has anyone backported salt.states.firewalld to 2015.5.8?
21:08 numkem joined #salt
21:09 learningBee joined #salt
21:12 perfectsine joined #salt
21:12 babilen racooper: Can't you just copy it over?
21:13 racooper wasn't sure if it would work as expected; docs say new for 2015.8.0
21:13 whytewolf racooper: it is not in 2015.5.9 however you could just download the state file from github and put it in _states [might want to grab the module also just so you know you are using the right version]
21:13 SmokeBeast joined #salt
21:14 SmokeBeast79 joined #salt
21:15 SmokeBeast79 left #salt
21:15 SmokeBeast79 joined #salt
21:15 SmokeBeast79 Hi all.  I have created a file_roots file in /etc/salt.  In the file_roots file I have specified a base of /salt/states/base.  Does this mean that the server will be looking for the top.sls in that directory???
21:17 whytewolf SmokeBeast79: depends. what do you mean by file_roots file?
21:18 babilen racooper: TIAS! It might just work.
21:18 babilen (if not we can tackle that)
21:19 amcorreia joined #salt
21:19 SmokeBeast79 This is where I am getting the file_roots file idea from...
21:19 SmokeBeast79 https://docs.saltstack.com/en/latest/ref/configuration/master.html#roots-master-s-local-file-server
21:19 babilen I often "backport" newer states and modules simply by placing the current version in _states or _modules respectively
21:20 wendall911 joined #salt
21:20 whytewolf SmokeBeast79: but what do you mean by file_root file? a seperate file {which is never meantioned} or a setting in master or in master.d/*.conf
21:21 rem5 joined #salt
21:22 alemeno22 joined #salt
21:25 totzky joined #salt
21:27 totzky Hi guys, is there a way to get a state's output from within a state file?  So that this output can be used for the next states.
21:31 brianfeister joined #salt
21:31 Tyrm joined #salt
21:33 alemeno22 joined #salt
21:34 norii totzky: i think thats what salt-mine is for?
21:35 wendall911 joined #salt
21:37 whytewolf ... salt mine is for gathering data from another minion. it also happens during the render phase of salt states not during the actual state run.
21:37 totzky @norii i haven't really get my head around salt mine yet, but i want it to be as much as possible happen in the same place like in a state file
21:38 jfindlay this is a good description of mine vs grains: https://docs.saltstack.com/en/latest/topics/mine/#mine-vs-grains
21:38 surge_ joined #salt
21:39 norii whytewolf: is reactor more what totzky wants? sry i am pmuch just saying salt words now :P
21:39 perfectsine_ joined #salt
21:40 norii totzky: can you be more specific?
21:40 totzky i see thanks @whytewolf...so the scenario is like this --- 1. get user access keys, 2. save the keys in a file, and 3. deploy the file ... so in #2 i need #1
21:40 alemeno22 joined #salt
21:40 totzky sorry so in #2 i need #1's result
21:40 totzky thanks guys
21:41 norii hmm for keyfiles you might be better off keeping those in pillar anyway? it sounds like you are maybe putting existing hosts under salt mgmt totzky?
21:42 norii pub file mgmt, correct?
21:43 whytewolf how is #1 being done.
21:43 totzky @norii, to be very specific, #1, #2, #3 is done in the salt master
21:44 whytewolf #2 and #3 should be the same thing.
21:45 totzky @whytewolf i have a superminon which is a minion that runs in the master, the reason for having this is to perform admin tasks that can't be done in the minions
21:45 whytewolf eh, a salted master.
21:45 whytewolf thats normal
21:46 totzky i see good to hear that :), i was reading about orchestrate and thought that would be a good use for this use case but i dont have time to make changes yet
21:46 whytewolf but you didn't really answer the question.
21:46 totzky however again, in #2, i need to get #1's output
21:46 whytewolf what process are you using to generate the keys?
21:47 whytewolf the process you are describing as you are describing it is not possable
21:47 artemz joined #salt
21:47 winsalt add the keys to a pillar and then reload the pillar? like this http://ryandlane.com/blog/2014/12/10/reloading-grains-and-pillars-during-a-saltstack-run/
21:47 totzky actually these are aws access keys, so im using the boto_iam* states
21:48 dkrae joined #salt
21:49 m0nky joined #salt
21:49 totzky @winsalt i've been thinking about updating the pillar so that the minions with lesser privileges will have the keys at the right time
21:49 totzky @winsalt but i'm not sure if this a normal case or even possible
21:50 whytewolf pillar would be the way i would go.
21:50 totzky reading...
21:50 winsalt they added the ability to reload_pillar so I assume it is a normal case
21:51 norii totzky: offtopic but if you are not using salt-cloud with aws yet its swell
21:53 Tyrm joined #salt
21:53 totzky @norii salt-cloud in my understanding is cli'ish, i want to be able to use states because they ensure things
21:53 chiui joined #salt
21:53 whytewolf totzky: you can do salt-cloud through states
21:53 whytewolf or runners
21:53 wendall911 joined #salt
21:53 norii totzky: its just for deploying new hosts and salt-straping them to your states
21:53 norii you can even set custom grains on amazon tags to do more work for you
21:54 whytewolf but this is getting off topic
21:54 norii sry
21:54 whytewolf trying to look something up. one second
21:54 jfindlay (there's a cloud state)
21:56 totzky no worries @norii, we've been using salt-cloud as well to bootstrap stuff in aws, though i have not enough idea in this part of our code base...unfortunately i'm working on some legacy stuff that currently refactored to use some salt magic
21:57 totzky that's why it would be enough to use states for this task only if possible of course
21:57 wendall911 joined #salt
21:57 jambulance joined #salt
21:57 totzky @winsalt thanks for the link
21:58 jhauser joined #salt
21:59 whytewolf okay, I have no idea how you are going to get the secret key, maybe use the salt.modules version to create the keys in jinja and then fill out context portion of a file.managed for creating the pillar data
21:59 whytewolf but as for state to state, not possable
22:00 RandyT boto and kms would be a great way to store the secret
22:00 RandyT or checkout confidant project for something a bit more robust for secret management
22:01 larsfronius joined #salt
22:01 GothAck joined #salt
22:01 paolo joined #salt
22:01 whytewolf RandyT: yeah, but the secret key is only displayed once and only during creation and he wants to use a state for that creation. and programically use that info during the same run.
22:01 totzky @whytewolf just to clarify, i've already retrieved the key using boto_iam.* states and yes somehow passing the output/values to the next state is a problem
22:02 totzky thinking out loud, do you think my use case is unusual for config. mgmt., sorry come from a dev background
22:03 totzky my mindset is always, states=logic, pillar=static state/data
22:03 whytewolf totzky: do you need the secret or just the key?
22:03 RandyT whytewolf: seems storing the key encrypted on KMS and retreiving it via #py state?
22:04 totzky @whytewolf - both
22:04 RandyT I've not done it yet, but that is on my todo for some database encrypted table provisioning...
22:04 whytewolf RandyT: basicly same thing. either way using the boto_iam state isn't the right direction as you can't programicaly retrieve that info during the run [remeber render is before state run]
22:05 totzky @whytewolf, sorry what is KMS and #py state ?
22:05 ashmckenzie joined #salt
22:06 whytewolf totzky: KMS is aws key management. and #py state is using python for rendering in salt
22:06 RandyT totzky: that was my slang, but basically ability to render state file in python is #py and KMS is AWS Key Management Service. There is boto_kms to interact there...
22:06 RandyT ^^^
22:07 subsignal joined #salt
22:07 totzky i see thanks people!
22:08 whytewolf either way i would defintly recomend moving away from the boto_iam state and moving to the boto_iam module for generating the keys so that you can using it during the render stage giving you access to those keys programically
22:08 totzky i'll have to try the reload pillar and see if that can work
22:08 totzky @whytewolf, sorry i didn't get the difference wrt rendering between boto states and module
22:08 netcho_ joined #salt
22:09 totzky what is the advantage for boto module over states wrt rendering?
22:09 giantlock joined #salt
22:09 whytewolf rendering happens before the state run
22:10 whytewolf states are kind of locked in their logic and can be relativly braindead when it comes to changes
22:11 geomacy joined #salt
22:11 mapu joined #salt
22:11 totzky i see, so how to do rendering and retrieve data for states use?
22:11 ashmckenzie joined #salt
22:11 larsfronius joined #salt
22:11 GothAck joined #salt
22:11 paolo joined #salt
22:12 whytewolf by using jinja
22:12 moogyver it's not possible to assign pillar based on previous pillar, right?  Unless that pillar data is from an external pillar.
22:12 whytewolf or #py
22:12 InsaneGeek joined #salt
22:12 Rumbles joined #salt
22:12 moogyver and you have the external pillar first option set.
22:12 whytewolf totzky: https://docs.saltstack.com/en/latest/ref/renderers/
22:13 whytewolf moogyver: that is correct. although I have been looking at a new way of handaling that on the state side. but it is messy so far
22:13 totzky ah i see what you mean cheers...
22:13 slav0nic moogyver, https://github.com/saltstack/salt/issues/6955
22:13 saltstackbot [#6955]title: Ability for pillar to read other pillar values | Hi, I have a number of states that could be greatly simplified if pillar could read other pillar values.  One use case example is I have a "walt_warning" pillar value which i populate in all managed files.  I have several pillar values that declare the entire contents of files which are referenced by jinja templates, and instead of having to populate each instances of this with the
22:14 moogyver thank slav0nic and whytewolf - yeah, I'm looking at putting in something for ours where I can enforce a target-matcher on pillar-envs, so that I can then allow other organizations on the salt-master to modify their own top.sls and I don't have to worry about them clobbering pillar data on other minions or accidentally leaking their data.
22:14 moogyver could do it on grains, but that's the whole 'insecure' issue
22:15 totzky @whytewolf, so that leaves me with retrieving keys in the renderer and use those on states
22:16 whytewolf totzky: correct which would be done with something like https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.boto_iam.html [and will take a lot more work then the state does as you have to account for everything the state does.]
22:16 moogyver although I guess our use case is solved by an external pillar and finding an external system that would do what we want.
22:17 RandyT moogyver: fwiw, I've moved entirely to S3 for ext_pillar
22:17 totzky @whytewolf, agree :(
22:17 moogyver RandyT - yeah, not an option for us.  unfortunately, we're trying to use salt in a very multi-tenant way and it's really not designed for that - unless you do it via syndics.
22:18 RandyT moogyver: yes, I have advantage of having very single tenant environment.
22:18 whytewolf moogyver: my approch has been to use lookup tables to having a cascade of salt.pillar.get in the states. it is messy but works well
22:18 Norrland_ joined #salt
22:18 totzky @whytewolf, so if a module is run in a renderer, the output can be retrieved?
22:19 whytewolf totzky: if you run it as a module like salt.module.function() in the jinja
22:19 moogyver whytewolf - gotcha.  reading over that issue slav0nic posted.  would be a nice to have.
22:20 moogyver unfortunately i think we'll fall back to using grains for most of it, even if it's somewhat insecure.
22:21 whytewolf moogyver: agreed. salt should introduce a 2 pass system for all of it's rendering :P
22:21 Norrland_ left #salt
22:22 totzky @whytewolf, cheers... i always hope there's a way to just simply update the pillar dynamically and still maintaining the privacy in pillars
22:22 norii whytewolf: lol
22:22 totzky state=logic, while pillar=state data ... life would be simpler
22:23 whytewolf totzky: careful you'll sound like me in a while trying to get something like the way heat orchestration works.
22:23 nyx_ joined #salt
22:23 totzky anyways cheers guys for throwing your great answers and sparing your precious time
22:24 whytewolf no problem
22:24 whytewolf have fun storming the castle!
22:24 totzky ;)
22:30 geomacy joined #salt
22:33 RandyT whytewolf: totzky fyi, this this seems quite relevant to the conversation. https://github.com/saltstack/salt/blob/develop/salt/modules/boto_kms.py
22:34 totzky cheers @RandyT I'll have a look
22:35 keimlink joined #salt
22:37 totzky By the way an FYI for anyone who's using boto_iam* in 2015.8.3, someone accidentally used 'boto_cfn' as virtualname for boto_iam state module...so using boto_iam.blah will not work...i had to do an ugly jinja if just to make this to work
22:37 oida joined #salt
22:37 totzky the docs for this version BTW is surprisingly overupdated and that it is using 'boto_iam' which only works on the develop branches
22:38 whytewolf it should be fixed for 2015.8.4 which hopefully will be dropping soon
22:38 totzky cool
22:39 RandyT last time I looked I did not find the boto_kms doc
22:39 RandyT https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.boto_kms.html
22:40 RandyT and sorry to keep beating on this. I did not hear the full requirements, but seems that what you want to do may be doable with kms and that module... I will stand down now. :-)
22:41 totzky no worries :)
22:43 zenlot1 joined #salt
22:51 digitalhero joined #salt
23:01 SmokeBeast joined #salt
23:02 rem5_ joined #salt
23:03 bmccormick joined #salt
23:04 pmcg joined #salt
23:04 Garo_ joined #salt
23:04 cswang joined #salt
23:05 saltsa joined #salt
23:05 mdupont joined #salt
23:05 Corey joined #salt
23:05 sixninetynine joined #salt
23:05 brianfeister joined #salt
23:05 buhman joined #salt
23:09 SmokeBeast How does one perform a yum update using salt (other than cmd.run "yum update -y)
23:09 aurynn pkg.up_to_date I think
23:09 M-liberdiko joined #salt
23:09 akitada joined #salt
23:10 baweaver joined #salt
23:10 SmokeBeast pkg.up_to_date did not work
23:12 aurynn https://docs.saltstack.com/en/latest/ref/states/all/salt.states.pkg.html#salt.states.pkg.uptodate
23:14 SmokeBeast pkg.upgrade
23:14 SmokeBeast That was the ticket
23:15 aurynn Great :)
23:16 SmokeBeast Now... How would I translate that from a command (salt '*' pkg.upgrade to YAML (for SLS file usage)
23:17 aurynn oh
23:17 aurynn pkg.upgrade is the execution module
23:17 aurynn the state modules are what are used in the sls
23:17 aurynn and that's going to be on the page I linked
23:18 babilen I would think twice before upgrading packages in a highstate run
23:19 aurynn also that
23:19 babilen You typically want them idempotent
23:19 aurynn I'd feel okay with the equivalent of apt-get upgrade, but not dist-upgrade
23:21 SmokeBeast I am not going to be upgrading modules in high state... for sure.
23:22 SmokeBeast I am looking for the equivelant to yum update
23:22 SmokeBeast Not a full distro upgrade.... Yikes
23:22 babilen https://docs.saltstack.com/en/latest/ref/states/all/salt.states.pkg.html#salt.states.pkg.uptodate
23:23 aurynn oh, dist-upgrade in debian-land means it's okay to upgrade version numbers, whereas upgrade just means patches to the current version
23:23 aurynn not full distribution upgrades
23:23 qman__ well, on straight debian, it's also used for distribution upgrades
23:23 aurynn orly
23:23 aurynn hrm
23:23 qman__ the process for that is changing your sources to the updated source, then do dist-upgrade
23:23 aurynn I have some states to edit.
23:23 babilen Not quite, "upgrade" in debian means "install upgrades" while "dist-upgrade" also allows for package installations and removals
23:23 qman__ right
23:24 qman__ dist-upgrade will add/remove, upgrade will only upgrade installed packages
23:24 aurynn thanks :)
23:24 qman__ dist-upgrade is safe as long as your sources weren't changed to a newer version
23:24 babilen Which upgrades are installed essentially boils down to their priority and their version number. If you don't mix sources, you just get security updates. If you do, also an "apt upgrade" would install packages from the next release.
23:24 qman__ but that can't really be verified by apt
23:25 babilen apt (as opposed to apt-get) passes "--with-new-pkgs" by default and therefore allows package instlalations on upgrades (but not removals)
23:28 aurynn the more you know!
23:29 moloney joined #salt
23:30 moloney Is there a way to configure the SMTP returner on a minion with restarting the salt-minion service?
23:30 jfindlay there's also full-upgrade vs safe-upgrade, but those might be aptitude only
23:31 babilen They essentially correspond to upgrade/dist-upgrade in aptitude land, yeah
23:33 SmokeBeast What about YUM land?
23:33 Cpelon joined #salt
23:34 Cpelon How do I install the develop release of salt master?
23:34 Cpelon I am running salt-master 2012.8.3 now
23:35 dlam joined #salt
23:40 ashmckenzie joined #salt
23:40 VR-Jack joined #salt
23:42 larsfronius joined #salt
23:43 zmalone joined #salt
23:47 moloney Or, can I configure the smtp returner through pillar values?
23:54 chewrocca joined #salt
23:56 SmokeBeast left #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary