Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2016-03-17

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:02 akhter joined #salt
00:06 teryx510 joined #salt
00:07 Yorokobi joined #salt
00:08 berto- joined #salt
00:08 vaelen joined #salt
00:08 esharpmajor joined #salt
00:08 packeteer joined #salt
00:08 phx joined #salt
00:09 baweaver joined #salt
00:10 hightekvagabond joined #salt
00:19 akhter joined #salt
00:22 phila_ joined #salt
00:22 nZac joined #salt
00:23 brianfeister joined #salt
00:24 shaggy_surfer joined #salt
00:25 freeaks joined #salt
00:26 Gareth joined #salt
00:26 phila joined #salt
00:28 cswang joined #salt
00:34 fracklen joined #salt
00:35 Shirkdog joined #salt
00:37 baweaver joined #salt
00:37 freeaks joined #salt
00:40 ninjada joined #salt
00:46 brianfeister joined #salt
00:48 jeddi joined #salt
00:48 BogdanR joined #salt
00:55 kliquori joined #salt
00:58 iceyao joined #salt
01:01 mdasilva joined #salt
01:02 iceyao_ joined #salt
01:06 fracklen joined #salt
01:08 anmol joined #salt
01:08 iceyao joined #salt
01:16 dendazen joined #salt
01:17 Muchoz joined #salt
01:17 murrdoc joined #salt
01:18 mavhq joined #salt
01:18 RobertChen117 joined #salt
01:19 murrdoc joined #salt
01:22 quasiben joined #salt
01:24 euidzero joined #salt
01:24 RobertChen117 joined #salt
01:31 ninjada_ joined #salt
01:38 fracklen joined #salt
01:41 racooper joined #salt
01:43 joe_n joined #salt
01:45 aqua^c joined #salt
01:46 rem5 joined #salt
01:47 euidzero joined #salt
01:48 zmalone joined #salt
01:52 berserk joined #salt
01:56 kliquori joined #salt
01:57 aqua^c joined #salt
01:57 iceyao_ joined #salt
02:00 iceyao__ joined #salt
02:09 fracklen joined #salt
02:10 jeddi joined #salt
02:14 k_sze[work] joined #salt
02:14 tercenya joined #salt
02:23 quasiben joined #salt
02:25 racooper joined #salt
02:25 Shirkdog joined #salt
02:25 berto- joined #salt
02:25 eightyeight joined #salt
02:25 ALLmightySPIFF joined #salt
02:25 ageorgop joined #salt
02:25 GreatSnoopy joined #salt
02:25 notnotpeter joined #salt
02:25 kbyrne joined #salt
02:25 TyrfingMjolnir joined #salt
02:25 alvinstarr joined #salt
02:25 elektrix joined #salt
02:25 sfz- joined #salt
02:25 quarcu_ joined #salt
02:25 vpm joined #salt
02:25 sjorge joined #salt
02:25 nobrak joined #salt
02:25 czchen joined #salt
02:25 tyler-baker joined #salt
02:25 pgoetz joined #salt
02:25 Freek joined #salt
02:25 abele joined #salt
02:25 tcolvin joined #salt
02:25 simonmcc joined #salt
02:25 quarcu joined #salt
02:26 ninjada joined #salt
02:26 noraatepernos joined #salt
02:26 APLU joined #salt
02:26 Freek joined #salt
02:27 iceyao joined #salt
02:28 kbyrne joined #salt
02:29 Rebus joined #salt
02:30 ashirogl joined #salt
02:36 kliquori joined #salt
02:37 berserk joined #salt
02:38 teryx510 joined #salt
02:39 mavhq joined #salt
02:41 fracklen joined #salt
02:46 brianfeister joined #salt
02:46 catpigger joined #salt
02:46 ninjada joined #salt
02:49 evle joined #salt
02:49 digitalhero joined #salt
02:55 hightekvagabond joined #salt
02:58 krymzon_ joined #salt
03:04 mdasilva joined #salt
03:06 teryx510 joined #salt
03:11 euidzero joined #salt
03:13 fracklen joined #salt
03:14 shpoont joined #salt
03:14 tpaul joined #salt
03:18 iceyao joined #salt
03:22 RobertChen117 joined #salt
03:24 RobertChen117 joined #salt
03:24 Lionel_Debroux_ joined #salt
03:24 inire joined #salt
03:28 RobertChen117 joined #salt
03:33 aqua^c joined #salt
03:33 anmol joined #salt
03:36 mapu_ joined #salt
03:37 rem5 joined #salt
03:43 TyrfingMjolnir joined #salt
03:45 fracklen joined #salt
03:52 tercenya_ joined #salt
03:56 tercenya joined #salt
04:03 mdasilva joined #salt
04:04 SunPowered joined #salt
04:06 aqua^c joined #salt
04:08 bhosmer joined #salt
04:09 hasues joined #salt
04:09 hasues left #salt
04:17 fracklen joined #salt
04:29 stooj joined #salt
04:30 scoates joined #salt
04:32 RandyT joined #salt
04:35 RandyT joined #salt
04:38 kliquori joined #salt
04:40 brianfeister joined #salt
04:40 sjmh joined #salt
04:42 jeddi joined #salt
04:43 ajw0100 joined #salt
04:49 fracklen joined #salt
04:52 beardedeagle joined #salt
04:55 euidzero joined #salt
04:57 tercenya joined #salt
05:02 bhosmer_ joined #salt
05:04 anmol joined #salt
05:07 jeddi joined #salt
05:08 digitalhero joined #salt
05:14 mavhq joined #salt
05:16 berto- joined #salt
05:17 tvinson joined #salt
05:17 ablemann joined #salt
05:18 mavhq joined #salt
05:20 fracklen joined #salt
05:21 RobertChen117 joined #salt
05:21 Zhen joined #salt
05:22 teryx510 joined #salt
05:24 sauvin joined #salt
05:24 kliquori joined #salt
05:28 rdas joined #salt
05:34 graffic joined #salt
05:37 Zhen joined #salt
05:39 RobertChen117 joined #salt
05:39 roock joined #salt
05:44 sjmh joined #salt
05:52 beardedeagle Odd question, maybe, but say I am using salt-cloud and have 3 seperate zones that I want to select from at random. I assume that is possible?
05:52 fracklen joined #salt
05:55 antpa joined #salt
05:56 bhosmer joined #salt
06:04 aqua^c joined #salt
06:05 teryx510 joined #salt
06:07 hasues joined #salt
06:07 hasues left #salt
06:08 antpa joined #salt
06:10 joe_n joined #salt
06:18 euidzero joined #salt
06:23 antpa joined #salt
06:24 fracklen joined #salt
06:24 iggy I have 7 states under the same ID... I think that may be a new record fo laziness (conciseness?) for even me
06:25 RobertChen117 joined #salt
06:26 freeaks joined #salt
06:26 iggy beardedeagle: probably using the salt cloud states/modules... there's nothing built into salt-cloud maps to do that
06:26 beardedeagle I figured I would just use the runner and do it via jinja or something
06:26 iggy imo, salt-cloud's map functionality could use a huge overhaul... but I guess it's a moot point with the salt cloud states/modules
06:27 iggy you can't use jinja in the maps or salt cloud config
06:29 brianfeister joined #salt
06:29 rdas joined #salt
06:30 felskrone joined #salt
06:31 beardedeagle Right now though, I am trying to get runner.cloud.profile to work in a webhook reactor
06:31 beardedeagle not working so well lol
06:35 ninjada_ joined #salt
06:35 mdasilva joined #salt
06:41 joe_n joined #salt
06:41 teryx510 joined #salt
06:45 beardedeagle provision_server:
06:45 beardedeagle runners.cloud.profile:
06:45 beardedeagle - prof:  syndic-phx3-prd-zone-3-medium_cent7
06:45 beardedeagle - instances:
06:45 beardedeagle - '{{ postdata.host }}'
06:45 beardedeagle should work unless I am crazy
06:45 ninjada joined #salt
06:46 beardedeagle I see the data being passed in (watching salt-api's /ws actively)
06:52 RobertChen117 joined #salt
06:52 brianfeister joined #salt
06:59 atmosx joined #salt
07:02 beardedeagle Obviously it works when ran form command line as opposed to the reactor.
07:02 felskrone1 joined #salt
07:05 mavhq joined #salt
07:06 teryx510 joined #salt
07:07 SVQTQ joined #salt
07:11 ravenx joined #salt
07:12 ravenx hi guys, i was wondering if there was a salt autocomplete for the command line, where if i typed "salt '*' test.<tab>" it will list me a bunch commands
07:12 ravenx for zsh
07:12 ravenx and if something like that already exists how can i set it up
07:12 keimlink joined #salt
07:14 beardedeagle looks like they have something
07:14 beardedeagle https://github.com/saltstack/salt/blob/develop/pkg/zsh_completion.zsh
07:16 ravenx sweeeeet
07:16 ravenx hm...do you know what i do with a .zsh file? o_o
07:17 beardedeagle MOTHER #*$ER. I had runners.cloud.profile, it's runner.cloud.profile
07:17 beardedeagle gd am it
07:17 iggy ouch
07:18 beardedeagle yup, working now. just need to add in a state to modify the metadata on highstate to add users since I key auth as root
07:22 ajw0100 joined #salt
07:24 fredvd joined #salt
07:25 jacksontj joined #salt
07:25 beardedeagle I think you need to use it with something like oh-my-zsh
07:25 beardedeagle @ravenx
07:25 kliquori joined #salt
07:25 beardedeagle probably drop it in /custom
07:26 beardedeagle make sure you call it in your zshrc
07:26 beardedeagle via plugins
07:27 beardedeagle actually now I am insterested in getting it working
07:27 beardedeagle @ravenx: most of the instructions I just said can be found here: https://github.com/robbyrussell/oh-my-zsh
07:27 ashirogl joined #salt
07:33 RobertChen117 joined #salt
07:36 ALLmightySPIFF joined #salt
07:37 tweakism I am not an expert, but I am about 92% certain that you do not need to use Oh-My-Zsh to make use of that completions file.
07:37 beardedeagle you dont have to, that is correct
07:37 beardedeagle but if he is a novice, it will make things VASTLY easier
07:38 subsignal joined #salt
07:40 tweakism I threw together a .zshrc mostly for someone else today, and *man* it is *so* liberating to be able to actually use some useful features of your shell, like typeset -A or typeset -U or, well, so much stuff
07:40 tweakism usually if I write shell code I'm aiming for POSIX sh
07:40 tweakism and, it's a giant pita.
07:40 fracklen joined #salt
07:41 RandyT joined #salt
07:41 LostSoul_ Hi
07:41 LostSoul_ Is there way to extract unique values from arrays?
07:41 linjan joined #salt
07:42 cilkay Hello. I'm using masterless minions and I've created a simple Django application to generate the YAML file that contains the pillars for the VM. I have inotify watch that file and if it is modified, I salt-call --local state.highstate. Now, I'd like to display progress through the states, not necessarily every one. I read about reactors but they seem like they'd be more suitable when there is a master involved. How would I be able to get fee
07:42 cilkay dback from Salt?
07:42 dmaiocchi joined #salt
07:42 LostSoul_ I mean, I have in pillars filename and things to change in them and after that I want restart service based on changes on those changes in files
07:42 AirOnSkin joined #salt
07:42 LostSoul_ But if files appears 3-4 times salt is checking it 3-4 times
07:42 LostSoul_ Any tip?
07:42 teryx510 joined #salt
07:44 bhosmer joined #salt
07:45 fracklen joined #salt
07:46 fracklen joined #salt
07:48 beardedeagle @tweakism: for the longest time I was in bourne and in the last year switched to zsh. was missing out for so long
07:48 beardedeagle of course some people swear by fish
07:48 tweakism fish is too new and weird and different for me to be very interested
07:49 tweakism who knows, I may be missing the best shell evar.  but I kinda doubt it.
07:49 tweakism zsh is a solid improvement on bash, though, no doubt, and that still seems to be true today just like in years past.
07:49 beardedeagle someday someone will be crazy enough to write a oo shell
07:49 tweakism usually, if I mention to someone that zsh is nice and they might enjoy using it as their interactive shell, I attract bash-appologists and bash-defenders.
07:50 beardedeagle and I won't know whether to rejoice or cry
07:50 cilkay beardedeagle: Isn't that Powershell is supposed to be?
07:50 cilkay *what
07:50 beardedeagle basically
07:50 tweakism honestly, zsh would be worth switching to *just* for .zshenv and otherwise more-useful/convenient processing of startup files.
07:50 beardedeagle and I write a ton of powershell as well
07:50 beardedeagle objects in shell scripting _is_ nice
07:50 tweakism beardedeagle: I have mixed/interesting feelings about that.  I have thought about it before.
07:50 beardedeagle but man is powershell slow
07:51 cilkay ipython is pretty cool :)
07:51 tweakism I think unix is still around and suceeds so much where it does, because it's generally very pragmatic, and when the 'right' solution is so difficult to implement well, it just gives you a very very good implementation of the next-best possible system.
07:51 beardedeagle technically you can oo in bash now, or some really weird abstract, not really oo but is oo? type way
07:51 beardedeagle this dude did something kinda like it: http://hipersayanx.blogspot.com/2012/12/object-oriented-programming-in-bash.html
07:52 beardedeagle basically it is just sourcing a library script
07:52 tweakism and, it also seems like there's more room for tools to useful manipulation on text streams, than on arbitrary structured data... I'm sure there's plenty of cool transforms and stuff you can do, so maybe I'm wrong, but it just seems like text lends itself more to pipelines and filters
07:53 tweakism (ignoring the case where a filter etc. command is written with explicit knowledge of and expectation to be used with a particular other command that outputs a particular data structure.)
07:53 tweakism I probably just haven't though about it enough though.
07:53 beardedeagle bash/zsh is great, powershell is object oriented because it has to be, being dependent and so intertwined with the .net library
07:53 tweakism text still seems to be the handy winner from the pragmatic point-of-view, though.
07:55 tweakism There are cool things in the world like Plan9 and NixOS and stuff; there's certainly plenty of room to improve on unix... it's just, people underestimate how well the things in the unix ecosystem get along with each other, after these decades of smoothing out rough edges.
07:55 tweakism now I'm probably just saying nonsense, also.  /me wanders off.
07:56 iggy LostSoul_: use listen instead of watch... salt will schedule the changes to do their thing at the end of the run (and bundle them together if possible)
07:56 beardedeagle NixOs is pretty sweet. Arch dude myself. Though I play with a different distro every week. ReactOS recently got my attention.
07:57 impi joined #salt
07:58 slav0nic joined #salt
07:59 LostSoul_ iggy: Ou .. listen, nice, I must have missed that
07:59 LostSoul_ Thanks iggy ;)
07:59 tweakism beardedeagle: I have heard of it and like, read the wikipedia.  It has the same kind of smell as fish to me, sortof... it seems like the kind of idea that could easily end up being done poorly, esp. if done for the wrong reasons.  I don't really like change for the sake of change, or re-inventing ways of doing things if the new way isn't markedly better.
07:59 jhauser joined #salt
07:59 tweakism *however* it does seem like a good/natural idea, so if you have personal success (or annoyance) using reactos, I would love to hear about it.
08:00 LostSoul_ Is there good way to manage splunkforwarder in saltstack?
08:00 sab3r I wonder what RMS would say on reactOS saying its "free" and "open source"
08:00 sab3r where free only means its free to download
08:00 KermitTheFragger joined #salt
08:01 tweakism heh, I didn't realize it wasn't open-source.  well, that is one definition of free :)
08:01 tweakism RMS would probably object if i referred to my shirt as blue.  as much as I kindof respect him.
08:01 elsmo joined #salt
08:02 tweakism FSF won't endorse Debian because it isn't free enough for them, ffs.
08:02 tweakism they "make it too easy" to install non-free software
08:02 tweakism that particular stance seems rather self-defeating to me.
08:02 tweakism but ideals are worthwhile too, I guess.
08:03 tweakism also, OK, I had *completely* the wrong idea, like utterly where did I come up with what I thought it was, about what ReactOS is.
08:03 tweakism I thought it was just a very very very minimal runtime/userspace, for you to marry an app to the linux kernel and run it on a hypervisor or in a container.
08:04 beardedeagle if people want to follow that thinking they can use trisquel
08:04 beardedeagle and nope, it's a full blown...."thing" now
08:04 beardedeagle it kinda works?
08:04 beardedeagle in it's defense it is still alpha
08:04 tweakism also I have so little interest in windows, and it annoys me so much when I am forced to interact with it, that it seems I would have no interest in react.
08:04 beardedeagle but has been forever
08:04 sab3r :D Yeah, that debian thing is pretty much bollocks imo too.. but we always need to have extremeists on both sides to find a balance.. thats how I think
08:05 tweakism the only possible motive for me, would be if it offerred a partial escape from actual windows :)
08:05 sab3r Without FSF people would settle for less
08:05 fooma joined #salt
08:05 tweakism sab3r: yeah.
08:05 ALLmightySPIFF joined #salt
08:06 teryx510 joined #salt
08:06 beardedeagle eh, I run arch and gpu passthrough to a windows kvm
08:06 tweakism FSF's idea of free software probably works great for people who don't need, like, actual working computers for anything :)
08:06 tweakism beardedeagle: so wait, is windows your host or guest?
08:07 beardedeagle guest
08:07 tweakism is it for gaming?
08:07 beardedeagle yes
08:07 tweakism work swell for you?
08:07 beardedeagle pretty
08:08 tweakism I'm glad that config is something you can really practically do, now, rather than being kindof theoretical; I imagine there's still some hiccups still though?
08:08 beardedeagle course kernel 4.4.1? has magnitudes better support for gaming in vm's, so people who 'pay' for workstation could probably game a but too
08:08 beardedeagle bit*, even
08:08 remyd1 joined #salt
08:09 beardedeagle from time to time there is an issue, or depending on the game the guest can crash, but it's not to often
08:09 tweakism the last time I was interested in doing it, it was only possible on server hardware, and not really possible for GPUs.  I had to break an almost 15-year perfect trend of not owning a windows box (built one to play WildStar.)
08:09 tweakism I would try it out, I don't think I have any compatible hardware atm tho.
08:09 ronnix joined #salt
08:10 tweakism unless possibly that same windows box.
08:10 tweakism beardedeagle: what games
08:11 ninjada joined #salt
08:11 tweakism or genres, even
08:11 beardedeagle benchmarked with crysis 3
08:11 beardedeagle crashed
08:12 kliquori joined #salt
08:12 tweakism "ReactOS has the aim to build a Windows-compatible kernel as open-source software" hate to admit it but I love this idea just because M$ totally deserves someone to do this really really well and give it away to everyone for free.
08:12 babilen We need a #salt-offtopic :)
08:12 beardedeagle battlefield 4 struggled from time to time
08:12 LostSoul_ I see, so no splunkforwarder support :D
08:12 tweakism I hope they don't completely change revenue models before someone manages it.
08:12 beardedeagle sorry @https://github.com/tomas/skull
08:12 tweakism heh, sorry for being so off-topic.
08:13 beardedeagle damnit
08:13 beardedeagle sorry @babilen
08:13 beardedeagle wrong paste
08:13 babilen It's fine, but we might really consider moving to #salt-offtopic. It can't all be serious work and stuff :)
08:14 tweakism (at the risk of excessive honesty, I accidentally took my adhd meds twice today, and now it's 4am and most channels are dead and I am wide awake and rambling. :)
08:15 tweakism I made a ##salt-offtopic; if anyone is as bored as I, now or later, feel free to drop by  :)
08:19 babilen You and your double-pound ;)
08:20 SVQTQ joined #salt
08:20 tweakism heh, dang I barely missed you :)
08:20 tweakism I think ## is the freenode way.  not sure what the rule would be on a channel that's officially affiliated with an actual project.  but non-project channels or something are supposed to be ##
08:21 tweakism they made me move a couple, after holding out for a long time
08:21 potens joined #salt
08:21 euidzero joined #salt
08:27 joe_n joined #salt
08:33 josuebrunel joined #salt
08:33 cilkay Any ideas on how I'd get feedback from "salt-call --local highstate" in a masterless minion? I want to display a progress indicator on a web page.
08:37 josuebrunel joined #salt
08:37 ninjada joined #salt
08:37 mdasilva joined #salt
08:38 beardedeagle well you can -l debug so I have to imagine there is some sort of event data somewhere
08:43 Edgan_ joined #salt
08:43 krymzon joined #salt
08:43 babilen beardedeagle: Where would it send the events though?
08:44 capricorn_1 joined #salt
08:44 beardedeagle that's what I am trying to figure out, digging through the code. Never done a masterless setup myself lol.
08:45 flebel joined #salt
08:45 ajw0100 joined #salt
08:46 babilen To me this is the kind of feature you gain from running a master, but then there is obviously no inherent necessity for one just because one wants to send data to some place
08:46 cilkay This maybe? https://docs.saltstack.com/en/latest/topics/jobs/external_cache.html
08:47 beardedeagle no that is for storing any events in different backends
08:47 beardedeagle event data*
08:49 cilkay Ideally, I'd like to put my own strings in there like, "Aligning flux capacitors...", "Counting electrons in the universe...", etc.
08:49 cilkay ... and pick those up from my monitoring script.
08:49 pgoetz_ joined #salt
08:49 keimlink joined #salt
08:50 ashirogl joined #salt
08:50 beardedeagle ...reticulating splines...
08:53 beardedeagle maybe you can return in masterless
08:54 LostSoul_ iggy: You still here?
08:54 LostSoul_ I don't think this listen worked well
08:55 TyrfingMjolnir joined #salt
08:56 cilkay I suppose I could drop files into a directory monitored by inotify at various states and have inotify trigger a script that refreshes the frontend.
08:57 cilkay Maybe not the cleanest but it really decouples the monitoring application from Salt and I don't have to deal with the fact Django is running as a non-privileged user while Salt is running as root.
08:59 beardedeagle can masterless not run as non root?
09:01 babilen cilkay: You can do that with beacons
09:01 Alam joined #salt
09:01 cilkay Not to do the sort of things I'm doing, like adding users.
09:01 Alam HELP
09:01 Alam I am looking for automating couple of Repetitive Tasks in Linux
09:02 cilkay babilen: Thanks! I'll read up on that.
09:02 Alam Like: File system creation and extension, User Mgmt, pacthing, OS upgrades, server commissioning and decomissioning & VM reboots..
09:02 babilen cilkay: https://docs.saltstack.com/en/latest/topics/beacons/ + https://docs.saltstack.com/en/latest/topics/reactor/
09:02 Alam I am newbee to Automation.. thought of checking with user community before i try out Saltstack
09:03 babilen I still google for "salt reactor" sometimes and have an initial "Who cares about molten salt reactors?" moment :D
09:03 cilkay I'm reading beacon docs now.
09:03 cilkay I just use the in-site search. It works well.
09:03 cilkay I had looked at Reactors but thought they required a master.
09:04 beardedeagle saltstack can do all of those things @Alam
09:04 Alam Thank you..
09:08 beardedeagle do you know python @Alam
09:10 babilen cilkay: They do require a master
09:10 Alam I am sorry.. i am just getting started..long way to go
09:11 beardedeagle ah, was just going to say: if it is missing any functionality you explicitly require, it's fairly trivial to add in yourself
09:12 Alam Do saltstack have a GUI based Management ?
09:13 beardedeagle if you pay them yes
09:13 beardedeagle otherwise you could take a look at saltpad or molten
09:13 beardedeagle or you can set up a foreman server and install the saltstack plugin
09:13 yuhlw_ does someone do manage ips with salt. If so is there any *rules* or best practice.
09:13 mosu joined #salt
09:15 RandyT joined #salt
09:16 RobertChen117 joined #salt
09:16 tweakism yuhlw_: it's probably always worth thinking about what actions your states etc. take that might/will interrupt the network, whether that will disconnect the master/minion from each other, and what effect that will in turn have on the overall highstate or whatever you were running that did it
09:16 tweakism also applies to running shutdown -r now :)  I usually pipe that to 'at' to avoid that one.
09:17 mosu Hey. I'm writing a service execution module for a system similar to Debian. I've copied debian_system.py to my local salt repo under a new name (univention_system.py) and adjusted the __virtual__ function. However, the module is _only_ used for functions that are _not_ defined in service.py.
09:18 yuhlw_ tweakism: I'd love to see some code to better understand. Do you have any doc or code on the net ?
09:18 mosu For example: calling service.restart will use the generic service.py (see http://dpaste.com/12D19QB ). How can I debug this?
09:21 tweakism yuhlw_: hrm, no, not anything I can think of.
09:21 tweakism yuhlw_: if you just don't do your testing in production, I think most of what can bite you will be pretty apparent/obvious in testing.
09:21 mosu Functions that are _only_ defined in univention_service.py are properly loaded and executed; see http://dpaste.com/12D19QB – it's only functions that already exist in service.py which aren't
09:23 yuhlw_ tweakism: mmh, fact is that I don't have a seperate test and production settings. I do modify things on prod, do some highstate on some minions that are not sensitive to test my modification. And when I'm confortable, I do launch a highstate on '*'.
09:24 GreatSnoopy joined #salt
09:24 yuhlw_ tweakism: have you somehow, a mechanism that apply highstate on all minion periodically ?
09:25 Rumbles joined #salt
09:26 Jimlad joined #salt
09:27 tweakism I do too, but it's a pretty terrible practice for both of us, i think.
09:27 tweakism it's really easy to spin up a multi-box vagrant environment or something
09:27 yuhlw_ tweakism: I see :)
09:28 yuhlw_ tweakism: so you do not have a tools, that periodically enforce the highstate on every minion
09:28 yuhlw_ ?
09:28 tweakism (that was re: the untested changes on prod)
09:29 tweakism I'm not at that point yet, I am still wanting to supervise everything, but if there's not a salt feature for it already, it could just be a cron job?  or any kind of scheduled job.
09:29 kawa2014 joined #salt
09:29 yuhlw_ okay... we are, I thing at the same level.
09:30 yuhlw_ think
09:30 tweakism looks like this is probably the thing?  https://docs.saltstack.com/en/latest/topics/jobs/
09:30 lero joined #salt
09:32 babilen yuhlw_: You can use https://docs.saltstack.com/en/latest/topics/jobs/schedule.html to schedule jobs simply by defining suitable pillar data
09:33 bhosmer joined #salt
09:33 yuhlw_ tweakism: yeah, I've got your first link, and it seemed a good start.
09:34 ravenx i have two minions, named "one" and two".  but whenever i do:  salt 'one,two' test.ping it says No mionions matched the target
09:34 tweakism You need to do -L if you want to pass a list of minions
09:35 ravenx tweakism: thank you.
09:35 tweakism w/ no arg telling it what kind of match to use, it will use Python fnmatch globbing.
09:35 ravenx seems kinda silly though...you need to do that
09:35 ravenx it's like saying:  mv -L file1 file2 file3 destinationfolder/
09:35 ravenx -_-
09:35 tweakism well you could do salt '*o*' to get both of them, lol ;)
09:35 ravenx tweakism: lmao
09:36 yuhlw_ tweakism: thank you very much for your appreciated help
09:36 tweakism there are several different matching schemes available
09:36 ravenx also lolling at the fact that it looks like my face whenever i ahve to deal with salt docs
09:36 tweakism globs, lists, grains, regexes
09:36 tweakism yuhlw_: np
09:37 tweakism fnmatch lets you do * and ? globs and [] for character classes, but no {} for alternation.
09:38 bhosmer joined #salt
09:40 subsignal joined #salt
09:43 euidzero joined #salt
09:43 dmaiocchi joined #salt
09:46 OliverMT how do I specify +x for a file.managed ?
09:46 ravenx mode
09:46 ravenx mode: 755
09:46 LostSoul_ Hi
09:46 LostSoul_ http://paste.debian.net/hidden/c0e0a7a7/ - how can I play it so that changed in sale file would be checked just once
09:47 OliverMT thx
09:47 LostSoul_ Not twice or even more if I do more than 1 change in file?
09:52 babilen LostSoul_: Why don't you use a *single* service.running state and use watch_in on that in whatever state(s) you use to make the changes?
09:52 Mopilo joined #salt
09:52 babilen Or listen_in
09:53 LostSoul_ Hmm
09:53 LostSoul_ Thanks, mind linking me some example?
09:53 babilen https://github.com/saltstack-formulas/nagios-formula is known to you?
09:53 LostSoul_ babilen: Yeah, I just wanted to implement stuff my way
09:53 LostSoul_ As I have Nagios that have "few years" of strange config
09:53 LostSoul_ And I can't change it all in 1-2 days :)
09:54 LostSoul_ babilen: Is there way to implement some logic to salt? Like try to ping server 3-4 times and if it's not set env and due to that fact do this and that state?
09:54 ronnix joined #salt
09:54 babilen LostSoul_: "state_a: .... - listen: - foo: state_b" has the same effect as "state_a: .... state_b: .... - listen_in: - foo: state_a"
09:54 Mopilo hello to all, have a problem with salt-call is anyone willing to land an advice..minion hangs on "Re-using SAuth for ('/etc/salt/pki/minion',...."
09:54 VSpike At the moment, I have two saltmasters, both meant to be interchangeable .. one is a master only, and the other is a slave of the first. I'd like to use the states I created to rebuild the first master...
09:55 VSpike I can use the existing master as master for the new one while I build it, but after that they should both probably be slaves of themselves
09:55 VSpike If I was starting from scratch, how would I make the first master using the states I have? Is that where masterless salt comes in?
09:56 babilen LostSoul_: You generally describe what you want to achieve (e.g. "servive is up and running"). You can use requisites to executes states if other states fail (e.g. onfail comes to mind)
09:56 tweakism you can manage your master from salt; like, a master can manage itself.  I don't think there are too many headaches or gotcha's with it.
09:56 Mopilo @vspike Did you look into failover.master
09:56 babilen LostSoul_: https://docs.saltstack.com/en/latest/ref/states/requisites.html
09:56 tweakism VSpike: ah, bootstrapping is always the fun part, yeah?
09:56 VSpike tweakism: I'm wondering how you bootstrap from just a git repo with states and one with pillar data :)
09:56 babilen I have been managing my masters with salt for a long time (using salt-formula). Works perfectly.
09:57 ronnix joined #salt
09:57 VSpike babilen: yeah, that's how my second one was built. At the moment they are different, because the first one is still a pet
09:57 VSpike they tend to get out of step because I make changes on the first one, and then don't update the states right away to get the second one in sync
09:58 VSpike If it's just changes to states/pillar it's fine - git handles that. But my second one still doesn't have the new win-repo, for example
09:59 VSpike Mopilo: do you mean https://docs.saltstack.com/en/latest/topics/tutorials/multimaster_pki.html ?
10:01 tweakism crap I sent my message to the wrong channel
10:01 tweakism I haven't got it finished yet, but my current bootstrap process is pretty much, run a pre-seeded installer on the node, and then there's a (sigh) shell script to get the master up and running; it duplicates the logic for a lot of my states, however it also doesn't really have to do very much at all before salt is up and running and can start configuring the rest of the stuff that way
10:01 tweakism it's basically like, set hostname/passwords/enable firewall/install salt from official repo/set some options/start salt/run states
10:01 tweakism I'm probably forgetting steps
10:02 Mopilo @vspike correct, there are two ways to do it i tried but could not make it work on the one without master_sign.pub
10:02 tweakism I'm going to be trying to move as much of it as I can to some combination of salt-ssh/salt-call/salt-cloud eventually
10:02 remyd1 Hi; Is there a way to debug states.sls jinja files ? I am looking for a way to print variables, their types, like python print/repr/type
10:04 N-Mi joined #salt
10:04 N-Mi joined #salt
10:05 remyd1 I tried to add some print(repr(some var)) but I have nothing in the Summary when I run my state
10:05 tweakism there's no easy/obvious way
10:05 fracklen joined #salt
10:05 remyd1 Do I need to put this content in a preset variable ?
10:05 tweakism someone did make a little helper for it that they've linked here a couple of times, I forget who tho
10:06 fracklen_ joined #salt
10:07 remyd1 I think the state is looking for a predetermine var. It must be that... But I would like to avoid to read/understand all the core/state relative code
10:07 dgutu joined #salt
10:10 tweakism you can list all grains and pillars for a minion, with or without values, though
10:10 babilen remyd1: Maybe we can help you if you were to paste your state and the error you get?
10:11 VSpike If I want to use Windows repos, do I still need to have both, or can I get rid of the old one now?
10:12 remyd1 http://paste.debian.net/416278/
10:12 remyd1 I have no error but no output either
10:14 kliquori joined #salt
10:14 babilen - name: preset_servicenames[service] can't work .. you need {{ .... }} around that
10:15 babilen And you might want to look into map.jinja and default setting handling in https://github.com/saltstack-formulas/template-formula/tree/master/template
10:16 iceyao joined #salt
10:17 remyd1 babilen: Oh yes, well seen
10:20 remyd1 However, that still does not work. I think I will have to search deeply into states.py to look for debug preset var
10:20 iceyao_ joined #salt
10:22 iceyao joined #salt
10:23 yuhlw_ Hello, pillar are written to be easily read by human. I'd like to construct a pillar designed for the application that will use the pillar designed for the human. How can I do something like this ?
10:23 iceyao joined #salt
10:24 iceyao joined #salt
10:25 yuhlw_ To be more precise, I'd like to have pillar for the application contsructed from the pillar designed for the human.
10:25 dijit it's yaml, so you can just load yaml and start reading/writing
10:26 yuhlw_ dijit: you mean by doing so into a state ?
10:27 tweakism yuhlw_: it sounds like you're pretty much describing the existing system / what pillars do
10:27 dijit well, I'm not sure what you're trying to do exactly, I assumed you were writing a program that could output a pillar.
10:27 tweakism so maybe if you could clarify your meaning?
10:27 dijit yeah
10:27 babilen yuhlw_: You could write an external pillar or look into pillarstack
10:27 babilen bbl, lunch
10:28 tweakism yuhlw_: if you want to *write* pillar data from a program, every language has yaml libs and it's easy to work with, and/or as babilen says making an ext_pillar is very easy.  I do some of both currently in my setup.
10:29 ronnix joined #salt
10:32 bhosmer joined #salt
10:32 yuhlw_ The problem that I'm facing, is that I structure the data in pillar. For eg, I get a pillar with a list of user, then I get a pillar with a list of a group of user and I assign for type of host a list of user and list of user's group. And finally I set a host to belong to a type of host.
10:32 yuhlw_ It looks a bit complicated.
10:33 mavhq I'm trying to use the salt formula for bind, I have it installing bind, and pillar.items shows the config I want it to have, but it's not used that config when installing, not sure where to look to find out why
10:35 yuhlw_ and in many state, I'd like to find the list of user on a host and extract the corresponding list of emails.
10:36 LostSoul_ babilen: I will read in 5 min what you have written, thanks
10:36 LostSoul_ I wanted to do sort of HA of Nagios, 2 machines, so that when one is down other would start active check of tests and start other servies
10:36 LostSoul_ services *
10:37 tweakism hrm, I seem t remember nagios having that kind of capability as an in-built feature
10:37 yuhlw_ so, my states have some jinja that copies the jinja of others . And I found myself duplicating code in many state. Isn'it a way to push all this code in one place ?
10:37 tweakism checks running from multiple remotes, and then alerts/outages are based on the aggregate results
10:37 tweakism been years sinc I nagios'd though
10:38 mdasilva joined #salt
10:38 yuhlw_ tweakism: so you advise me to use ext_pillar ?
10:38 tweakism HA is not really usually trivial to implement well, unless salt has a bunch of mature HA features I'm unaware of, you may be better off using tools specifically intended for clustering and HA rather than rolling your own w/ salt?  unless your needs are truly modest.
10:39 tweakism yuhlw_: no, I don't understand the issues you face nearly well enough to give advice.
10:39 tweakism yuhlw_: it does sound like maybe your root issue is that your pillar data isn't structured in a way that's easy/natural to use in your states, though
10:40 yuhlw_ yeah
10:40 Adi1 joined #salt
10:40 tweakism yuhlw_: usually all the info about what, where, and how can be in pillar, and states are just dumb loops through conveiently-structured pillar data
10:41 Adi1 HI, If I am using state.apply <state file> , is salt invoke top.sls too?
10:42 tweakism not the top.sls from your states
10:42 tweakism but the one from your pillar_roots, if any, yes
10:44 Adi1 O.k thank you
10:44 yuhlw_ tweakism: I try to make a easy read on pastebin that shows how I structured the pillar, and how I'd like to access it.
10:44 tweakism yuhlw_: kk, I'll try to read it then ;)
10:44 Adi1 What is the command to reset windows minion? System.reboot does not work
10:44 tweakism and offer advice, if I can come up w/ any
10:46 scoates joined #salt
10:46 wych joined #salt
10:51 LostSoul_ babilen: Thanks it's all clear now
10:51 LostSoul_ Have anybody of you tried to do HA/BCP solution using salt?
10:52 VSpike "DO NOT PUT THE SAME master.pub ON ALL MASTERS FOR EASE OF USE" ... why not?
10:55 k_sze[work] joined #salt
10:55 dijit sneaky non-unique masters.
10:55 dijit doing sneaky things.
10:56 Adi1 Does anyone know?
10:56 LostSoul_ hemebond: Hi
10:57 VSpike Adi1: probably cmd.run with "shutdown /r now"
10:57 LostSoul_ Ok guys tell me, what's wrong in this: http://paste.debian.net/hidden/f83354d0/ that nagios doesn't restart when config changes
10:58 tweakism your requisite is backwards.
10:58 tweakism you want watch_in instead of require_in
10:59 LostSoul_ Aaa
10:59 LostSoul_ Thanks man!
10:59 kliquori joined #salt
11:00 Adi1 Thank you Vspike, but I think the command of salt system.reboot needs to suit to all op
11:00 Adi1 Why this compound does not work? salt -C 'G@ipv4:172.13.26.11 G@ipv4:172.13.26.12' cmd.run ls
11:01 tweakism Adi1: check for an open issue; if none, make one; maybe make a pull request too :)
11:01 Adi1 :)
11:01 Adi1 I decide to use salt and not puppet, for me salt win after a long research
11:02 VSpike Adi1: I just tested it with a windows box, and it worked for me
11:02 VSpike Adi1: The system.reboot, I mean
11:02 _Cyclone_ joined #salt
11:02 tweakism I used to use puppet; now I am starting with salt; puppet is very very good in a lot of ways (that are important to me), but I am beleiving salt is going to ultimately be better.
11:02 Adi1 I have a win 2012 r2
11:02 VSpike Adi1: me too
11:02 Adi1 Maybe it works on regular windows
11:02 Adi1 thank you guy for checking it
11:02 Adi1 guys
11:03 VSpike So, not sure why it's not working on yours
11:03 VSpike You could try on the system itself C:\salt\salt-call -l trace system.reboot
11:03 Adi1 you have win2012?
11:03 VSpike Adi1: yep
11:03 Hetman Can anyone help me howto proper iterate through dict like that: http://pastebin.com/xs5axxb9 I'm getting error and not sure why it's generating this code
11:03 Adi1 weird
11:03 amcorreia joined #salt
11:04 tweakism Adi1: re: your matcher expression:  perhaps you need an 'or' in between them?
11:05 Adi1 thank you very much
11:05 euidzero joined #salt
11:05 Adi1 it works
11:05 Adi1 but the logical says that I need and
11:05 Adi1 why or?
11:07 tweakism if you did and, it would only ever match a minion that had both of those grains
11:07 tweakism I'm assuming you mean for it to match two separate minions
11:07 tweakism i.e., this grain, or that grain, otherwise don't match
11:08 Adi1 :) ok I understand
11:08 Adi1 Thank you
11:11 tweakism is there really a sysctl named map_cunt?
11:12 sab3r :D
11:14 tweakism Hetman: you are attempting to define two entries in a dictionary that have the same key (sysctl.present)
11:15 Hetman tweakism: I want to iterate through every key in my dict and generate key sysctl.present based on values from this dict. Can you give me hint what will be correct syntax of this for loop ?
11:17 tweakism I'm trying to find the example in the doc that shows you how to fix it
11:17 tweakism would probably be faster to just type an explaination, heh
11:17 tweakism 1 moment
11:17 Hetman thank you
11:21 tweakism aaactually, you don't seem to be having the problem I thought/assumed you were
11:21 _JZ_ joined #salt
11:21 tweakism ahhh it's just missing a line-break
11:22 tweakism I think it's the '-' near the end of this line:  {%- for param in  sysctl_settings.get('params', {}).items() -%}
11:23 tweakism or if you prefer you can insert an explicit line break between lines 2 an 3 of your paste, I think.  not sure on that.
11:23 RobertChen117 joined #salt
11:25 euidzero joined #salt
11:25 Hetman tweakism: solved removed both - - from beggining and end and its working fine many thanks
11:34 harkx hi, to allow for some minion-specific settings we created a grain and include a file like this if that grain exists: {{ salt['grains.get']('id') }} (using minion.sls as state file in a specific dir)
11:34 harkx is there a better way to do this?
11:35 harkx (if the sls file does not exist but the grain does, it errors.. so I want to avoid that)
11:36 tweakism harkx: what is id, does it happen to be the same as the minion_id (or at least, would you be able to do the targeting you need to based on minion_id?)
11:37 harkx the id is indeed the minion_id and that is used to access this minion's specific SLS file
11:37 noway_ joined #salt
11:37 harkx well, if i would do it with targeting I would be creating a giant top.sls file, for each minion an entry to include that minion it's specific SLS file ?
11:39 west575 joined #salt
11:40 Nazca joined #salt
11:40 harkx something like.. if exists <minion_id>.sls -> include, if not, just skip it ..
11:41 tinyhippo joined #salt
11:43 subsignal joined #salt
11:48 Nazzy joined #salt
11:48 antpa joined #salt
11:50 dizzythinks joined #salt
11:51 tweakism well, I was going to suggest file_tree but then I realized it doesn't do what you want
11:51 tweakism even though it does make the mapping of minion_ids -> pillar data cleaner, it doesn't parse the individual files, it slurps them whole
11:52 tweakism however you should know, that it's not safe to trust that kind of info from a grain.
11:52 dizzythinks hola... I seem to be experiencing this issue: https://github.com/saltstack/salt/issues/26149 and I'm now banging my head against the wall :(
11:52 tweakism minion hosts control their own grains, so if one were to be compromised, it could pretend to be any other (and thus receive configuration data for any other)
11:53 tweakism targeting explicitly on the minion_id is safe.
11:58 tweakism harkx: I think I do remember reading/seeing where it was explained a way to do that, I specifically remember an explaination of why it didnt fail when the file doesn't exist
11:58 tweakism let me see if I can find it again
11:59 tweakism it may have been specific to pillars though not states, dunno
12:01 harkx tweakism, yeah, if it doesn't work by grains but by pillars, that's fine for me too, I'd like to avoid grains and avoid errors on non-existing sls files :)
12:02 harkx or maybe I keep a list somewhere in a pillar that lists the minions that 'need' a specific sls file? (that I could use in a state I suppose)
12:03 fredvd joined #salt
12:05 harkx if it's dynamic I could just create the sls file and know it will be used by that specific minion
12:10 tweakism perhaps you're only doing the grain, so that you can get at the minion_id from jinja?
12:10 tweakism if so, I think there's an 'id' variable in the jinja context already; not certain, but worth checking
12:10 harkx hm, i'll have to look into that to see if I can use grains for this
12:10 harkx not as simple as I thought it was :p
12:11 tweakism harkx: for keeping a list mapping minion_id's to roles, you probably want an external node classifier
12:12 tweakism there are multiple options, like reclass is one
12:12 cyborg-one joined #salt
12:12 tweakism I do not really know much details on their varying features/behavior
12:12 harkx hm, external node classifier, ok, will get some look into those
12:12 tweakism I think I am getting closer to finding the write-up I wantd to share, heh, still looking
12:13 harkx ok, thanks ;) i'll be around ;)
12:13 spiette joined #salt
12:14 ajw0100 joined #salt
12:16 mdasilva joined #salt
12:17 ggoZ joined #salt
12:19 ninjada joined #salt
12:21 bhosmer joined #salt
12:29 fracklen joined #salt
12:32 tweakism harkx: ok, probably won't actually help you, but I think I found the thing I was thinking of, and it's https://github.com/saltstack/salt/issues/14354 and http://grokbase.com/t/gg/salt-users/148m57601n/pillars-conditionally-add-pillar-file-in-top-sls
12:32 antpa joined #salt
12:33 akhter joined #salt
12:34 remyd1 I have better results: http://paste.debian.net/416306/ , but not for all hosts.
12:34 tweakism I beleive/think/hope you could use someting very much like this, to cause all minions to automatically get targetd for a a pillar file based on only their minion_id, so e.g. myhost.example.com would get auto-targeted to something like pillar_data/by_minion_id/myhost.example.com just based on the assumptions that 1) you can use jinja in a top.sls (which, you can), and 2) there's a jinja variable that tells you
12:34 tweakism the minion_id
12:34 harkx hmm, maybe not, but I'm gonna read them and see if I can find some logic that I can apply
12:34 tweakism however, doesn't help you for states I'm pretty sure; but I would really like to know *exactly* how you make work in either case; sadly, I don't.
12:35 _JZ_ joined #salt
12:35 VSpike What is wrong with my block literal here? https://bpaste.net/show/833061f0d8ab
12:35 harkx ok, some food for thought, appreciated! will look into this and feedback if i get somehwere :)
12:35 tweakism it appears (unless the info is out of date), they added a don't-fail-if-file-missing option for pillars, to allow this, but not to states
12:36 tweakism remyd1: was that for me and harkx?
12:37 remyd1 VSpike indent with two more spaces
12:37 harkx tweakism, thanks, gotta look into the fail if missing
12:37 remyd1 tweakism: no
12:37 tweakism ah k
12:38 remyd1 tweakism: I am trying to mix pillars, states and grains to check services on minions
12:38 VSpike remyd1: ah yeah! nice one. Thanks!
12:38 VSpike The error wasn't too helpful. "Rendering SLS 'base:linux.roles.salt' failed: could not found expected ':'; line 94"
12:39 VSpike So the first line of the block can have any indent as long as its greater than the parent?
12:39 tweakism yeah, that appears to be a yaml error message.
12:39 tweakism :)
12:39 tweakism they're grrrreat
12:39 remyd1 VSpike I made the same mistake yesterday ^^
12:40 metalseargolid joined #salt
12:42 VSpike Looks like initial blank lines in the block get swallowed too
12:42 akhter joined #salt
12:43 remyd1 VSpike perhaps you could try to put content into double quotes
12:43 babilen Why is there no salt module that simply does the needful and allows me to go home? ;)
12:43 VSpike babilen: while still receiving moneys
12:43 subsignal joined #salt
12:43 babilen exactly!
12:44 Mopilo hello all, I have a problem with salt-call is anyone willing to offer an advice..minion hangs on "Re-using SAuth for ('/etc/salt/pki/minion',...."
12:45 babilen Mopilo: What did you do to get it to hang there? Did it not do that before? If so: Before what?
12:47 euidzero joined #salt
12:49 edrocks joined #salt
12:49 bhosmer joined #salt
12:50 antpa joined #salt
12:52 numkem joined #salt
12:53 remyd1 In fact my "check_servces" formula worked. It was my pillars which were not transmitted on every minions -_-
12:53 remyd1 top.sls
12:54 gh34 joined #salt
12:57 keimlink joined #salt
12:59 Nazca__ joined #salt
12:59 Lutz_ joined #salt
13:01 kliquori joined #salt
13:01 josuebrunel joined #salt
13:03 quasiben joined #salt
13:05 LostSoul_ Ok
13:05 LostSoul_ http://paste.debian.net/416314/ - what's wrong in this regexp?
13:05 Lutz_ salt-cloud failed with "sudo: no tty present and no askpass program specified"
13:06 babilen LostSoul_: It is unreadable
13:06 Lutz_ # salt-cloud -p vsphere-ubuntu16 myminion -l debug --keep-tmp
13:06 Lutz_ ...
13:06 Lutz_ [DEBUG   ] Warning: Permanently added '10.206.9.45' (ECDSA) to the list of known hosts. salt@10.206.9.45's password: [DEBUG   ] salt@10.206.9.45's password: sudo: no tty present and no askpass program specified [DEBUG   ] sudo: no tty present and no askpass program specified
13:06 Lutz_ whats wrong?
13:07 remyd1 For information, to monitor services in salt
13:07 mpanetta joined #salt
13:07 remyd1 https://groups.google.com/forum/#!searchin/salt-users/mix/salt-users/aKbY6xnOW_w/VeiSH64XCgAJ
13:08 LostSoul_ babilen: Damn, how I suppose to catch line: m{^(!?)(?:(SSL(?:v2|v3|v23|v2/3))|(TLSv1[12]?))$}i
13:08 remyd1 Lutz_ that is relative to askpass. You sudoer user is trying to get access and you did not send the password
13:08 euidzero joined #salt
13:09 hojgaard joined #salt
13:09 remyd1 you can solve this by doing something like  "SUDO_ASKPASS=/home/foo/.ssh/askpass sudo -A aptitude update"
13:10 remyd1 I do not know exactly how to solve this in salt
13:10 remyd1 but generally you can solve this way
13:10 babilen Or configure sudo with NOPASSWD
13:10 remyd1 Yep
13:10 remyd1 check the access of your salt-minion user
13:11 remyd1 did you install salt from repository or from sources ?
13:11 iceyao joined #salt
13:11 babilen LostSoul_: Well, a regex should work, but I find yours to be unreadable. Maybe there's a more, well, explicit way to achieve whatever it is your are trying to achieve?
13:12 Lutz_ ubuntu 14.04, installed from repository.
13:12 Lutz_ Salt Version:            Salt: 2015.8.7
13:12 LostSoul_ Hm
13:12 mpanetta joined #salt
13:13 LostSoul_ babilen: Maybe it's good idea to copy paste plugin files
13:13 Lutz_ my cloud config:
13:13 Lutz_ vsphere-ubuntu16:   provider: vsphere-vc1   image: ubuntu1604   folder: saltstack   resourcepool: resgroup-411   template_user: salt   template_password: salt   sudo: True
13:13 LostSoul_ babilen: I tried to use regex validator and it catched it
13:13 LostSoul_ So I'm lost if I missed sth
13:14 Netwizard joined #salt
13:15 ronnix joined #salt
13:15 remyd1 https://forums.veeam.com/vmware-vsphere-f24/failed-to-run-command-with-sudo-t26973.html
13:15 remyd1 ?
13:15 Lutz_ so i think the problem is the ssh call from salt-cloud. This example is similar how salt-cloud calls ssh:
13:16 Lutz_ # /bin/sh -c "ssh  -oStrictHostKeyChecking=no -oUserKnownHostsFile=/dev/null -oControlPath=none -p 22 salt@10.206.9.45 'sudo sh -c "id" '" Warning: Permanently added '10.206.9.45' (ECDSA) to the list of known hosts. salt@10.206.9.45's password: sudo: no tty present and no askpass program specified
13:16 DammitJim joined #salt
13:16 Lutz_ ^^same error.
13:16 Lutz_ if i force to allocate a tty (option "-t") everything ist fine:
13:17 Lutz_ # /bin/sh -c "ssh -t -oStrictHostKeyChecking=no -oUserKnownHostsFile=/dev/null -oControlPath=none -p 22 salt@10.206.9.45 'sudo sh -c "id" '" Warning: Permanently added '10.206.9.45' (ECDSA) to the list of known hosts. salt@10.206.9.45's password: [sudo] password for salt: uid=0(root) gid=0(root) groups=0(root) Connection to 10.206.9.45 closed.
13:17 remyd1 visudo -> salt ALL=(root) NOPASSWD: /usr/bin/salt-minion
13:17 scoates joined #salt
13:18 Lutz_ nopasswd does not help.
13:18 Lutz_ salt@ubuntu:~$ sudo -l Matching Defaults entries for salt on ubuntu:     env_reset, mail_badpass, secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin  User salt may run the following commands on ubuntu:     (ALL : ALL) NOPASSWD: ALL     (ALL : ALL) ALL salt@ubuntu:~$
13:18 quix joined #salt
13:19 remyd1 Sorry. I do not know. The only thing I see is that it should be relative to vsphere, because otherwise, I think you won't have any error
13:20 babilen LostSoul_: What is that for?
13:20 Lutz_ thx
13:20 remyd1 If you create a template through vsphere, it depends how vsphere create vm
13:20 remyd1 because you defined a user directly in your template
13:21 ninjada joined #salt
13:21 LostSoul_ babilen: Little fix in plugin code
13:22 mdasilva joined #salt
13:25 remyd1 Did you try "Defaults !requiretty" in /etc/sudoers ?
13:25 yuhlw_ tweakism: I've publish on pastebin how I have structured my data and how I'd like to be presented to the state
13:26 yuhlw_ tweakism: the link is http://pastebin.com/ajAGdxDB. Hope that you can give a look.
13:27 rem5 joined #salt
13:29 evle joined #salt
13:29 * tweakism looks
13:30 tweakism yuhlw_: btw, is your pillar manually created, as in, by-hand ?
13:30 yuhlw_ tweakism: yes.
13:30 rhodgin joined #salt
13:30 yuhlw_ But i'm thinking to create a web page to let the user introduce some fields
13:31 impi joined #salt
13:31 yuhlw_ tweakism: I feel somehow that I should push this pillar into a db and make a pillar_ext
13:33 Lutz_ So i tried  "!requiretty" and NOPASSWD without sucess.
13:33 tweakism I am trying to divine the logic that maps what you want athe bottom, based on the info available at the top
13:33 tweakism it might be faster to just explain it to me
13:33 tweakism oh ok I see it now
13:33 babilen Lutz_: ssh -t ?
13:33 Lutz_ It is possible to force salt-cloud to allocate a tty?
13:34 Lutz_ yes, similar to ssh -t
13:34 babilen Use the source, Luke!
13:34 tweakism mail.example.com gets those two users, because they're emailserver users, and mail.example.com has a hosttype of emailserver
13:35 tweakism yuhlw_: hrm well I can think of a few potential solutions, let me mull it over for a moment.
13:35 Lutz_ via config option, not via source hacking...
13:35 tweakism Lutz_: btw that option does not sound bad.
13:35 babilen Lutz_: I don't really know. The problem is obviously that sudo wants to ask for a password. Why that happens even though you configured NOPASSWD is beyond me (might have to see details)
13:35 tweakism er, not Lutz_
13:35 tweakism yuhlw_: that options (DB and ext_pillar) does not sound bad
13:35 babilen Lutz_: I rather meant: Check where the ssh call is and if it would be easily extendable
13:36 babilen yuhlw_, tweakism: DB + ext pillar is often the right answer
13:36 tweakism yuhlw_: an alternative might be doing a one-time processing step on this pillar data, to transform it into a less human-friendly but more programming/state/machine-friendly structure (which, I think I get what you were getting at there originally)
13:36 anmol joined #salt
13:36 tweakism and that could be, I think, in a state, or even an ext_pillar that doesn't actually reference external data
13:36 tweakism but yeah
13:36 cpowell joined #salt
13:37 tweakism if you can go the ext_pillar route, it's really straight-forward to create one, and easy / no boilerplate
13:37 tweakism do that.
13:37 quasiben joined #salt
13:37 yuhlw_ tweakism: For some parts minion, I've been forced to use !py for state
13:38 campusd joined #salt
13:38 tweakism yuhlw_: if you have a DB and ext_pillar, you can represent your data however makes the most sense in the DB, and display it for editing however makes the most sense for the user, and then feed it into salt states however is easiest for them to process.
13:39 yuhlw_ tweakism: you have enlighted my day. Thank you very much
13:39 tweakism probably best to think of jinja as little more than a means of constructing loops.
13:39 RobertChen117 joined #salt
13:40 tweakism your DB can be any kind of store, too.  most of the ext_pillars that come with salt are short and simple and serve as good examples.
13:40 yuhlw_ tweakism: I got it. :)
13:41 campusd is there a way to include multiple state/pillar files from a set directory in one include line? Say I have 99 state files in a directory and want to include them all, do I need an include line per file?
13:42 LostSoul_ babilen: Ok I did it :)
13:42 LostSoul_ one escape (\) wasn't suppose to be there
13:42 Lutz_ grss. hard coded in /utils/cloud.py. But theres a config option "tty", arround line 2020, seems that what i need.
13:43 LostSoul_ Quick question, can I force salt to change line but based on lines before and after?
13:43 LostSoul_ As I have 2 lines that are 5 times in file but I want to change only 1 occurance
13:43 campusd something like   - includes.^[1-9][0-9]?$-state-file.sls for a files in an includes folder
13:44 babilen Lutz_: Yes!
13:44 mapu joined #salt
13:44 mdasilva_ joined #salt
13:44 babilen LostSoul_: My feeling is that you would be better off managing the entire file
13:44 tweakism ^^ that is almost invariably my advice, it is just so much more trustworth / less error-prone.
13:44 Songohan joined #salt
13:44 tweakism config mgmt should not be fragile.
13:46 domel joined #salt
13:46 LostSoul_ babilen: I don't like easy way :P
13:47 babilen LostSoul_: haha
13:47 domel Hi all... anyone got any pointers or docs on how to create a reactor state based on data return for service down such as httpd?
13:48 babilen LostSoul_: I worked ten hours to come up with a solution that break twice as often as the one I could have hacked together in two minutes! Look at my regular expression and my triple-quoted slash in there!
13:48 domel from beacon
13:49 babilen LostSoul_: I very rarely make direct replacements in files. As soon as I have to manage a file I start managing the entire file. If I start introducing more than 2 pillar lookups, I try to render the file completely from pillar data or write the template in Python and use a proper generator.
13:51 XenophonF i do that, too, because babilen gave me the same advice
13:51 XenophonF at first i was like, woah, this is a lot of work
13:52 babilen What did I do?
13:52 * babilen hides
13:52 XenophonF invariably, i need to circle back and make more edits to a file
13:52 XenophonF and at that point, if i'd just templated the whole thing, it would have been very easy to extend
13:52 babilen exactly
13:52 babilen Done that too often and learned my lesson
13:52 runnner7523 joined #salt
13:52 Lutz_ ok, please help me to find the right place for the config option "tty" (utils/cloud.py at line 2020). if i add this option to my profiles config nothing happend.
13:53 Lutz_ So my config looks like this:
13:53 fracklen joined #salt
13:53 Lutz_ vsphere-ubuntu16:   provider: vsphere-vc1   image: ubuntu1604   folder: saltstack   resourcepool: resgroup-411   template_user: salt   template_password: salt   sudo: True
13:53 XenophonF Lutz_: would you put that in gist or something?
13:54 kaptk2 joined #salt
13:54 hasues joined #salt
13:54 Lutz_ sry, yes.
13:55 XenophonF is ok just hard to tell from the whitespace how the data's structured
13:55 hasues left #salt
13:57 scoates joined #salt
13:57 SunPowered joined #salt
13:58 apanek joined #salt
14:01 akhter joined #salt
14:02 LostSoul_ babilen: I see
14:02 llua left #salt
14:02 LostSoul_ You might be right
14:02 llua joined #salt
14:02 zmalone joined #salt
14:02 LostSoul_ Maybe my next move would be to manage it
14:02 LostSoul_ It's good way to practice YAML and regex
14:03 Songohan hello
14:03 Songohan i have a problem with a minion
14:03 impi joined #salt
14:03 babilen What kind of problem?
14:03 Songohan salt 'myminion' pkg.install vim-common
14:03 Songohan myminion:
14:03 Songohan Module 'pkg' is not available.
14:04 babilen Songohan: Which distribution is running on the minion and how did you install it?
14:04 babilen (the minion, not the distribution)
14:05 Songohan Red Hat Enterprise Linux Server release 5.9 64bits
14:05 Songohan the minion was installed with rpm downloaded on epel repository
14:06 noraatepernos joined #salt
14:07 lemtargatwing left #salt
14:07 jerredbell joined #salt
14:08 babilen Songohan: python yum module is installed?
14:10 Songohan i don't understand what you mean
14:10 Songohan Python 2.6.6  is installed
14:11 LondonAppDev How do you update the salt master and minion service?
14:12 LondonAppDev Or will it update automatically?
14:12 babilen Songohan: What does "salt 'yourminion' grains.get os_family" give you? What about "salt 'yourminion' sys.list_modules" ?
14:12 babilen Songohan: I am referring to the "yum" python module.
14:14 krymzon LondonAppDev: I think the recommended way is to use your distribution's package manager's mechanism, pointed to the repo.saltstack.com repositories
14:14 Songohan i'm wrong the python version on myminion is 2.4.3
14:14 Songohan it was installed by yum
14:14 LondonAppDev Sweet, cheers krymzon
14:14 LondonAppDev so "sudo apt-get update && sudo apt-get upgrade" should do the trick on Debian/Ubuntu right?
14:15 krymzon yes, if you have added the correct repostiory to apt sources.list
14:15 Songohan os_family : #Red Hat Enterprise  Server
14:15 Songohan list_modules:
14:15 Songohan - acl     - aliases     - alternatives     - archive     - artifactory     - at     - blockdev     - btrfs     - buildout     - cloud     - cmd     - composer     - config     - container_resource     - cp     - cpan     - cron     - daemontools     - data     - defaults     - devmap     - dig     - disk     - django     - dnsmasq     - dnsutil     - drbd     - elasticsearch     - environ     - etcd     - event     - extfs     - fi
14:16 LondonAppDev Fantastic thanks krymzon.
14:16 babilen Songohan: You can use a pastebin such as http://refheap.com, http://paste.debian.net, https://gist.github.com, http://sprunge.us, …
14:17 krymzon Songohan: doesn't Salt require python 2.6? 2.4 is from 2004
14:17 babilen Songohan: You presumably need a vastly newer Python version. As you can see: 'pkg' (or anything after 'fil') is not available on the minion. Not sure why that is. You might not have pasted the entire list.
14:17 krymzon LondonAppDev: no worries :)
14:17 Songohan https://gist.github.com/anonymous/14aeee68c8bf756a328d
14:17 babilen Songohan: And os_family is "#Red Hat Enterprise  Server" not "redhat" ?
14:18 Songohan babilen: pkg module seems present. The outpu was truncated by IRC
14:18 krymzon LondonAppDev: also try to update your master before you update the minions, I think the backwards compatibility works that way
14:18 Rumbles joined #salt
14:18 Songohan os_family is really #Red Hat Enterprise  Server
14:19 babilen Songohan: I don't see "pkg" in that list. And if os_family is indeed "#Red Hat Enterprise  Server" (interesting double space there) the pkg module would also not be loaded.
14:20 LondonAppDev krymzon: OK great, thanks for the tip.
14:21 Songohan babilen: you're right, the pkg module is missing
14:21 Songohan how can i fix this ?
14:22 Lutz_ back from tests, still unsucessfull. (tty allocation) https://gist.github.com/anonymous/a78dfa8454fd4246b869
14:23 catpig joined #salt
14:24 khaije1 joined #salt
14:24 babilen Songohan: What's the content of /etc/os-release ?
14:24 dendazen joined #salt
14:25 andrew_v joined #salt
14:25 Tanta joined #salt
14:26 Songohan #Red Hat Enterprise Linux Server release 5.9 (Tikanga)
14:26 Songohan redhat-4
14:28 Songohan babilen: thank you
14:28 Songohan i've replaced the content of this file
14:29 Songohan removed the # in the first line and removed the second
14:29 Songohan resync the minion and now it works !
14:31 babilen Songohan: You might want to report that as a bug to either saltstack or RedHat :)
14:31 Songohan pkg module is now listed
14:31 babilen cool
14:31 babilen ugly hack though
14:31 babilen But then .. RedHat 5 is ancient, isn't it?
14:32 XenophonF god yes
14:32 Songohan yes it is
14:32 drawsmcgraw joined #salt
14:32 Songohan it's not a ugly hack. i think my file's content was wrong
14:33 Songohan #Red Hat Enterprise Linux Server release 5.9 (Tikanga)\n redhat-4
14:33 Songohan the first line was commented and the second is wrong
14:36 berserk joined #salt
14:36 ZiLi0n joined #salt
14:38 ZiLi0n Hello everyone. I am looking at Salt returners. One question I have... are the minions supposed to execute the returner or is all the data coming back to the master, and then the master executing the returner?
14:40 shpoont joined #salt
14:42 Lutz_ as a addition: if i add "-t" directly to the code everything is working fine. It seems something with my config file is wrong.
14:42 Lutz_ but i cant find an error:  https://gist.github.com/anonymous/a78dfa8454fd4246b869
14:44 Adi1 joined #salt
14:44 rem5 joined #salt
14:45 Muchoz joined #salt
14:45 subsignal joined #salt
14:45 Rumbles joined #salt
14:45 Mopilo babilen minion would wait for 15-20 sec and then continue it never worked faster. Connection to master is via GPRS with ping times 50ms - 800ms and trough IPSec tunnel. Have 3 minions that would timeout and never finish highstate
14:45 Adi1 Hi, Can I schedule salt to reboot the computer every day at 2am ?
14:46 Adi1 reboot all minions
14:46 Mopilo adi1 setup cronjob in a state
14:46 Adi1 without crontab
14:46 tweakism ^^^ that's what i would do
14:46 Adi1 https://docs.saltstack.com/en/latest/ref/states/all/salt.states.schedule.html
14:46 zmalone Adi1: https://docs.saltstack.com/en/latest/ref/states/all/salt.states.at.html
14:47 zmalone You asked that yesterday at this time too though
14:47 Adi1 yes
14:47 Adi1 but I find this document
14:47 Adi1 The problem I just know the basic
14:47 Ssquidly joined #salt
14:47 Adi1 And you are the expert
14:48 Mopilo minion=windows or linux
14:48 Adi1 yes
14:48 Mopilo one or the other ?
14:48 rem5 joined #salt
14:48 Adi1 each client called minion
14:49 Adi1 What are the different zmalone between the link you send and I
14:49 Mopilo what is the OS installed on a minion
14:49 Adi1 yesterday my computer hangup and I don't see this link. thank you
14:51 Adi1 In order to create the job, I need to create a new sls file, and copy and paste the example?
14:53 mavhq are you using linux or windows Adi1 ?
14:53 Adi1 my master in ubuntu
14:53 Adi1 and I have minions in windows and nix*
14:54 Mopilo adi1 for linux create cronjob, for windows i would need to read the manual
14:55 Adi1 Thank you, but can you please explain me
14:56 Adi1 Why not to use schedule which built in in salt, and use crontab?
14:56 babilen Adi1: To use schedule you simply define the schedule in pillars .. there is absolutely no need to use states for that: https://docs.saltstack.com/en/latest/topics/jobs/schedule.html -- much more flexible :)
14:57 Adi1 I don't understand what I need to do
14:58 Adi1 Do I need to create an empty file sls
14:58 Adi1 sls file
14:58 Adi1 and copy and paste the above?
14:59 Adi1 I can't understand from the manual what I need to do in order to check it
14:59 amcorreia joined #salt
14:59 Adi1 babilen?
15:00 Mopilo what i did i first went trough https://docs.saltstack.com/en/latest/topics/tutorials/index.html#basics (and then couple more times)
15:00 Adi1 i know what is pillar and grain and etc
15:01 Adi1 but i don"t understand from the manual what i need to do
15:01 Adi1 in the case of schedule
15:02 domel does anyone know if reactor can call a service on a minion to start a stopped one? or is it only limited to commands and states?
15:02 babilen Adi1: You simply add suitable data to your pillar and target it to your minion. That's all.
15:02 domel https://gist.github.com/anonymous/04bd82336f0d35f0dcf4
15:02 Adi1 i will wrote an example< and please tell me if it ok
15:03 runnner7523 Hello! Anyone here knowledgeable with managing windows with salt? I am having an issue joining a domain with a computer.
15:03 runnner7523 I realize I am probably one in a few that use it on windows
15:08 runnner7523 I needed to reinstall windows on the computer and I am trying to set it all up again with salt. I found in the windows module there is a system.join_domain but the command is not working for me. https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.win_system.html
15:09 teryx510 joined #salt
15:09 tweakism joined #salt
15:09 teryx510 joined #salt
15:10 noraatepernos joined #salt
15:11 keimlink joined #salt
15:11 runnner7523 This is the basic of the command that I am trying, but it returns False every time I try:
15:11 runnner7523 salt 'DESKTOP-07CQKNR.domain.com' system.join_domain domain='domain.com' username='user' password='password' account_exists=true, restart=true
15:12 evle1 joined #salt
15:12 Adi1 something like this? http://paste.debian.net/416346/
15:14 andrew_v joined #salt
15:14 Adi1 Can someone wrote me steps in order to perfome a regular scheduler? and if I need to run it as regular tast?
15:14 Adi1 http://paste.debian.net/416346/
15:15 Adi1 write me
15:15 SunPowered joined #salt
15:15 ZiLi0n When using SaltSSH the master initiates connections towards minions? or does it work the same way as with ZMQ (minions open connections to master, and then master does remote executions)?
15:16 honestly It's all one-way
15:17 honestly Which means a lot of things don't work the way you'd expect it from normal salt setup with master and minion
15:19 Adi1 ???
15:20 Nazzy joined #salt
15:20 Adi1 anyone?
15:20 honestly Adi1: Please don't behave like a help vampire
15:20 Adi1 :)
15:20 Adi1 sorry
15:21 runnner7523 as it says at the top " Ask with patience as we are volunteers and may not have immediate answers"
15:21 Adi1 I need in 10 min to go from my work
15:21 honestly You can just try this state and see if it works
15:21 honestly Then you'll know
15:21 Adi1 of course, but I don't know how it can be permananet
15:22 Adi1 I don't understand the commmand
15:22 ninjada joined #salt
15:23 honestly Then read the relevant docs
15:24 Adi1 The document doesn't clear to me
15:24 honestly And ask questions about specific things that are unclear on the docs
15:24 Adi1 https://docs.saltstack.com/en/latest/ref/states/all/salt.states.schedule.html
15:25 Adi1 See, the document does not describe what to do, if I need to create a sls file, or maybe something else
15:25 Adi1 The basic salt description in the salt site, are very good
15:25 Adi1 but in this case it doesn't
15:26 AndreasLutro that document doesn't say that you should install salt either
15:26 shpoont joined #salt
15:26 Adi1 Yes, you are right, but it isn't relevant
15:27 Adi1 Read active state perl documents and you will see the different
15:27 Adi1 difference
15:27 remyd1 I would like to export salt results (e.g. test.ping or specific designed states) to json. I saw the option --out=json. Now I want to put this results in a Web page. I thought about using a JS package like datables or highchart or D3 or basic jquery. My boss told me to use R which can read json from a specific package and export to html/js with another particular package. Any idea on the way to achieve that ? The things that I want to display are very basics.
15:27 remyd1 Simple control panel with green/red color are sufficients.
15:28 Tanta lol
15:29 XenophonF remyd1: why don't you query the salt api directly?
15:29 AndreasLutro Adi1: yeah right. anyway, you can easily tell that the page you linked is a state, and you can read about how to use states here: https://docs.saltstack.com/en/latest/topics/tutorials/starting_states.html and here: https://docs.saltstack.com/en/getstarted/config/functions.html
15:29 masterkorp Hello is there a state available for setting systctl parameters
15:30 remyd1 XenophonF: How ?
15:30 Adi1 Thank you
15:30 Adi1 good bye
15:31 XenophonF remyd1: https://docs.saltstack.com/en/latest/ref/netapi/all/salt.netapi.rest_tornado.html
15:31 XenophonF salt has a REST API that you can query to get job results
15:31 XenophonF it's how saltpad works, which also might do what you want without having to write code
15:32 TyrfingMjolnir joined #salt
15:32 mavhq joined #salt
15:32 mdasilva joined #salt
15:33 scoates joined #salt
15:33 remyd1 hum interesting
15:34 XenophonF i used to have it set up at home
15:34 remyd1 not in prod ?
15:35 XenophonF well my wife makes me go through change review so it's practically a production environment
15:35 XenophonF that's what i get for marrying a software engineer
15:35 runnner7523 Anyone have ideas on my issue from about 30 mins ago?
15:35 cpowell joined #salt
15:36 remyd1 XenophonF: lol^^
15:37 ZiLi0n honestly thanks a lot, so it is one way from the master to the minion, the master initiating the connection always. Is a new connection established for every command and then closed, or does it stay up?
15:37 cpowell_ joined #salt
15:38 babilen Adi1: Please note that I have pointed you to https://docs.saltstack.com/en/latest/topics/jobs/schedule.html rather than the state as this requires you to *only* set it in pillars.
15:40 tkharju joined #salt
15:40 hightekvagabond joined #salt
15:41 honestly ZiLi0n: It basically creates a whole "masterless minion" environment, puts it into a tarball, scp's it to the minion, and executes salt-call in that environment over ssh
15:41 ronnix joined #salt
15:42 peters-tx I'm having a really weird problem where if I call a state for \* then one of my minions fails; however if I call a state only one that minion, it works fine.
15:42 honestly It also does that repeatedly to figure out any additional resources needed from the master that it can't determine statically
15:42 honestly It's an, um, interesting design
15:43 peters-tx state.sls for \* VS state.sls for minion01 ---  https://gist.github.com/PeterS242/4941a1ecea1bfc045e76
15:44 ZiLi0n honestly I see, thanks a lot for the explanation.
15:45 catpig joined #salt
15:45 remyd1 XenophonF: How do you manage the access to saltpad ? With .htaccess .htpasswd or other controls ?
15:45 ronp_usa joined #salt
15:46 shpoont joined #salt
15:46 grumm_servire joined #salt
15:46 XenophonF remyd1: PAM, pam_krb5 specifically
15:46 XenophonF which has the advantage of not working for local accounts including root, since httpd is running non-root
15:46 remyd1 From apache or saltpad login ?
15:46 XenophonF salt external authentication
15:47 XenophonF https://github.com/irtnog/salt-pillar-example/blob/master/salt/example/com/init.sls
15:47 honestly ZiLi0n: I strongly recommend doing a search for "salt-ssh" on the salt issue tracker
15:47 XenophonF i filter out @runner and @wheel, just in case
15:48 XenophonF actually i think that's straight from the salt external auth documentation
15:49 LostSoul_ Anybody around?
15:49 LostSoul_ I've got this error that I never met: failed: mapping values are not allowed here;
15:49 XenophonF i'm actually running both salt-api and rest_cherrypy-via-mod_wsgi
15:50 peters-tx ....hmm, nevermind.  Somehow I'm having two different minions answering for the same name O_o
15:50 XenophonF the rest_cherrypy entry point's locked to specific IP addresses, e.g., GitHub, so that i can anonymously call webhooks
15:50 ZiLi0n honestly thank you. I will. I thought salt-ssh will work kind of same way as it does with ZMQ, potentially not publishing every job to every minion as with ZMQ, more like publishing job to the minions targeted from the roaster. So, basically minions create ssh connections to master.
15:50 XenophonF saltpad communicates with salt-api over loopback (still over https)
15:52 remyd1 ok.
15:52 peters-tx ....SSH'ed to the offending box and see the minion is configured with the same name; fixed that, restarted minion, now it works. 8/
15:52 remyd1 It's a little bit complex to start all this from scratch... I do not have any krb server. Only basic LDAP...
15:54 jhauser joined #salt
15:55 rodr1c joined #salt
15:55 Eugene joined #salt
15:56 onlyanegg joined #salt
15:57 XenophonF remyd1: salt-api will need to run as a user that can access pam_ldap's configuration files, assuming that's what you're using
15:57 XenophonF i am very specifically not running things as root due to rampant paranoia on my part
15:58 remyd1 XenophonF: your example is pretty amazing
15:58 * XenophonF blushes
15:59 XenophonF thanks
15:59 XenophonF no one posts real live example configs online, except for maybe small snippets of things or packaged formulas
16:00 XenophonF it made salt's learning curve a little steep for me
16:00 XenophonF i figured that i'd publish what i set up for home, which i use as a testbed for work
16:01 XenophonF i'm not entirely happy with how i have webooks set up, and i'm not sure they work properly yet
16:01 XenophonF or at least, i can see the webhook events on the salt 0mq bus, but my reactors don't fire
16:01 Nazca__ joined #salt
16:03 Muchoz joined #salt
16:04 remyd1 ok
16:04 remyd1 I have to go :) see you
16:04 XenophonF anyway, for webhooks, i rely on the fact that part of the webhook url is secret, so attackers can't just guess at possible webhook urls and cause events to fire
16:04 XenophonF cheers
16:06 runnner7523 @Xenophon were you telling me to filter something?
16:06 XenophonF oh, no, i wasn't
16:07 XenophonF i have '@runner' in my external auth config on my salt master
16:07 runnner7523 Ok, just confused when I saw that.
16:07 XenophonF sorry about that
16:07 Topic for #salt is now Welcome to #salt! | Latest Version: 2015.8.7 | SaltConf16: http://saltconf.com/register/ | Paid support available: https://www.saltstack.com/support/ | Logs: http://irclog.perlgeek.de/salt/ | Paste: https://gist.github.com/ (please don't multiline paste into channel) | See also: #salt-devel, #salt-offtopic | Ask with patience as we are volunteers and may not have immediate answers
16:07 runnner7523 I wondered if that was the case
16:07 runnner7523 no worries
16:07 runnner7523 Where I didnt see anything from wheel either. I thought there was something in the code you shared
16:07 brianfeister joined #salt
16:09 runnner7523 I will say again to see if I get a reply this time though, Anyone have experience with Salt and Windows? I am trying to manage the computers in my company with salt and having issues joining a domain.
16:11 LostSoul_ How does this salt.states.file.line before and after work?
16:11 LostSoul_ As I tried to give regex here and here and still catches all occurences in the file
16:12 mdasilva joined #salt
16:12 akhter_1 joined #salt
16:13 XenophonF runnner7523: I use Salt and Windows, although not for domain joins.  What are you trying, and what errors are you getting?
16:14 runner7532 joined #salt
16:15 runner7532 the computer was on the domain before, but I had to wipe and reinstall windows.
16:15 runner7532 I used the command: salt 'DESKTOP-07CQKNR.domain.com' system.join_domain domain='domain.com' username='user' password='password' account_exists=true, restart=true
16:16 runner7532 It just returns false each time I have tried to run it.
16:16 writtenoff joined #salt
16:16 XenophonF anything in the minion log? c:\salt\var\log\minion iirc
16:16 Brew joined #salt
16:18 quasiben joined #salt
16:19 XenophonF sorry that's c:\salt\var\log\salt\minion
16:19 runner7532 Just trying to install notepad++ quick
16:19 noraatepernos joined #salt
16:20 XenophonF i'm assuming you re-installed the salt minion on that desktop and that you also accepted the new minion key on the salt master, right?
16:20 runner7532 I dont like the regular notepad. Formats the logs weird
16:20 XenophonF (sorry just trying to reason through everything)
16:20 runner7532 Yes, salt is responding to the master
16:20 sjmh joined #salt
16:20 runner7532 I understand. Any questions are welcomed.
16:21 XenophonF as an aside i typically open files with Unix line endings in wordpad, when i don't have the patience for installing notepad++
16:21 XenophonF although, and this is moderately annoying, wordpad isn't in %PATH% by default but notepad is, go figure
16:21 runner7532 Just had to wait for salt to install it
16:22 XenophonF well we know salt's working then ;)
16:22 runner7532 Pointing to the log was a good idea. it says the domain does not exist or can not be contacted
16:23 disbound joined #salt
16:23 runner7532 Yes, it does. I have run other calls for info to make sure. I have installed other programs. just will not join the domain.
16:23 XenophonF interesting---i assume that dns is happy
16:24 runner7532 Yes
16:24 XenophonF hm
16:24 XenophonF would you mind posting the exact error message logged by the minion?
16:24 cpowell joined #salt
16:24 XenophonF make sure to strip out identifying or potentially sensitive information
16:24 runner7532 I am trying the command again just re-typing it out to make sure I didnt have anything spelled wrong.
16:24 XenophonF throw it up on gist or bpaste or something
16:25 runner7532 And yes, let em get the log on my computer and I will paste it up
16:25 cyborg-one joined #salt
16:26 misconfig joined #salt
16:27 runner7532 https://gist.github.com/runner7532/0dc871d86eb416ac3b2e
16:28 XenophonF it's a bit old, but have you seen this KB article? https://support.microsoft.com/en-us/kb/283133
16:29 XenophonF the user account---is it a domain admin or an account with the appropriate delgated rights to join stuff to the domain?
16:29 XenophonF iirc regular users can join domains, but there's a 8 computer limit or something like that
16:30 XenophonF like, i have a separate service account that can only join the domain
16:30 antpa joined #salt
16:30 runner7532 I just issued the command again and it returned true
16:30 XenophonF of course i didn't document this for myself---hang on, i'll reverse engineer it
16:30 XenophonF oh, so that's kind of good news
16:30 anthpa joined #salt
16:31 runner7532 Yeah, i am guessing that I did have something spelled wrong. I will have to look in the history and see what the other commands were that I used.
16:31 runner7532 See where the difference is at
16:33 mavhq joined #salt
16:33 XenophonF awesome! glad it worked
16:35 runner7532 Only difference that I can see is nothing. Only thing that happened with the computer between now and yesterday when I was working on this, was a restart of the computer.
16:35 runner7532 I guess something with the computer in the state it was didnt want to allow it to connect.
16:36 mavhq joined #salt
16:36 zmalone joined #salt
16:36 sirtaj joined #salt
16:37 runner7532 Thanks for the help!
16:37 shpoont joined #salt
16:40 Nazzy joined #salt
16:43 impi joined #salt
16:44 sirtaj joined #salt
16:44 mavhq joined #salt
16:44 fooma joined #salt
16:46 subsignal joined #salt
16:47 mavhq joined #salt
16:50 Nazzy joined #salt
16:52 cberndt joined #salt
16:53 beardedeagle dumb question: can you orchestrate runner commands?
16:54 iggy si
16:56 mavhq joined #salt
16:57 beardedeagle awesome. was running into an issue with webhooks where I needed a task to run AFTER the vm had been bootstrapped (ie, I need to add users to the metadata since I spin up as key authed root)
16:58 akhter joined #salt
16:58 beardedeagle and since I don't know how to pass post data to a webhook _and_ a event, gunna have to do it that way
17:00 mavhq joined #salt
17:00 beardedeagle also, salt '*' nova.show does not work like `nova show <vm>`
17:02 deus_ex joined #salt
17:03 UtahDave joined #salt
17:07 mavhq joined #salt
17:09 mavhq joined #salt
17:10 domel joined #salt
17:11 mavhq joined #salt
17:12 viq_ joined #salt
17:13 mavhq joined #salt
17:13 shpoont joined #salt
17:15 akhter joined #salt
17:15 mavhq joined #salt
17:17 kawa2014 joined #salt
17:23 lero joined #salt
17:24 mapu joined #salt
17:25 dyasny joined #salt
17:30 pwhack joined #salt
17:33 shpoont joined #salt
17:36 tracphil joined #salt
17:36 cberndt joined #salt
17:37 tracphil Hi all. Is there a way when using gitfs to map the master branch to your production code and base to another branch... say the base branch?
17:42 mavhq joined #salt
17:43 amcorreia joined #salt
17:47 wendall911 joined #salt
17:50 zmalone1 joined #salt
17:51 pwhack joined #salt
17:53 mavhq joined #salt
17:54 kawa2014 joined #salt
17:54 XenophonF i know you can change the branch mapped to the base environment
17:54 XenophonF https://docs.saltstack.com/en/latest/ref/configuration/master.html#std:conf_master-gitfs_base
17:55 pwhack joined #salt
17:56 XenophonF i just scanned through the gitfs tutorial but don't see a way to map a branch with one name to an environment with a different name
17:59 sc250024 joined #salt
18:02 mdasilva joined #salt
18:03 atmosx joined #salt
18:04 drawsmcgraw joined #salt
18:05 mavhq joined #salt
18:06 runner7532 left #salt
18:07 ronp_usa joined #salt
18:07 keisetsu joined #salt
18:10 brianfeister joined #salt
18:12 baweaver joined #salt
18:13 hightekvagabond joined #salt
18:14 keisetsu Can someone help me understand environments a bit better? I'm looking at the svnfs backend, where trunk is base and branches are other envs. I was thinking of having a base environment, for core files, then test for servers that will be used for testing, and live for production servers. I would think, then, that in order to spin up a test server, I would just run saltenv=test. But it seems like I would have to create a trunk and two branches in svnfs, and
18:14 keisetsu these branches would be permanent, and not versions of trunk, which is not what I'm used to in subversion. So is the idea that environments are just for testing salt states, not for creating test servers?
18:15 XenophonF keisetsu: environments are more generic than that
18:15 XenophonF i happen to use one environment for each DTAP phase
18:16 XenophonF so "development", "testing", "staging", and "production"
18:16 keisetsu XonephonF: So, is that for development of salt states, or for your workflow?
18:16 XenophonF following the github flow pattern, where the production branch always reflects what's currently in production, and staging holds proposed changes
18:16 XenophonF both?
18:17 keisetsu I don't think I'm getting it, then.
18:17 XenophonF like, i'm setting up a bunch of SAML 2.0 identity and access management infrastructure
18:17 XenophonF i have a development identity provider, a test IdP, and a production IdP
18:17 tracphil XenophonF: thanks
18:17 XenophonF so if i want to make a configuration change to production, i try it out in dev first, just to make sure it works
18:18 XenophonF if i am happy with it on my dev system (really just a VM on my laptop), i make the changes to the test server
18:18 keisetsu Ok, I think I'm getting it.
18:18 XenophonF in the context of salt: i merge the changes i made to the IdP-related states in the development branch to the testing branch, then run a highstate on the test server
18:18 mavhq joined #salt
18:19 keisetsu But what if there are things (test users, for example) that you never want on the production server?
18:19 XenophonF or maybe you have jenkins plus selenium or something to do automated dev-to-test merges?
18:19 keisetsu That is the plan, not there yet
18:19 harkx XenophonF, interesting examples, gonna check them out to see how you do it, like your role assignments via pillars strategy
18:19 ronp_usa joined #salt
18:20 XenophonF so then once testing completes successfully, we merge to the staging branch (again, perhaps automatically?) and go to CAB for production change approval, a change window, etc.
18:20 mavhq joined #salt
18:20 XenophonF again, in the context of salt, i would not merge staging->production once I have CAB's OK
18:21 XenophonF instead, i'd use state.sls + saltenv=staging to deploy my selected changes
18:21 pzipoy_ joined #salt
18:21 XenophonF do user acceptance testing (again, ideally automated using something like selenium?)
18:21 XenophonF if it breaks, run a highstate to return to the production config
18:22 XenophonF if it works, merge staging-to-production and mark the change as "completed successfully"
18:22 keisetsu So is this config on just one target?
18:22 XenophonF my production branch becomes my disaster recovery plan
18:22 dlam joined #salt
18:23 XenophonF it's for my home netowrk, but i used that to mock up how i wanted to deploy salt at work: https://github.com/irtnog/salt-states and https://github.com/irtnog/salt-pillar-example
18:23 XenophonF within an environment, i usually only have one top-level SLS per component
18:23 XenophonF per component service, i mean
18:24 XenophonF so for a mail relay, i'd have top-level SLSes for postfix, amavisd, and clamav
18:24 drawsmcgraw joined #salt
18:24 XenophonF except in a very few cases, each top-level SLS is wholly independent of one another
18:25 keisetsu Ok, I'm going to have to do a little studying, I'm sure I'll have questions
18:25 XenophonF but that's just how i organized things
18:25 beardedeagle Ok so what I am trying to do is not working so I will ask a design question: I have webhook for spinning up openstack vm's using runner.cloud.profile where they pass in the vm name and users to add via post data. I want to spin up the vm, then after the vm is created add the users. However I am having issues around making the user add run after the created event in the same webhook. Is this not possible or is there a better way of doi
18:25 beardedeagle ng it?
18:25 keisetsu But is this primarily system config, rather than, say software deployment?
18:25 XenophonF you could, for example, have one environment per operating system
18:25 XenophonF or one environment per service
18:26 XenophonF configuration states and software repos are separate
18:26 XenophonF so for example, we have a scientific data entry web app under development
18:27 XenophonF i don't deploy the dev version via salt because why bother---the devs can do that directly from visual studio
18:27 XenophonF salt would just get in the way
18:27 XenophonF although it takes care of the rest of the web server config
18:27 XenophonF but production pulls from tagged releases
18:27 ronp_usa joined #salt
18:27 keisetsu Ha, that's what I was looking for. So salt is not a good way to deploy software.
18:27 keisetsu (I'm a dev, not a devop)
18:27 XenophonF if they tag a new release, i update the version number embedded in the state, commit to the testing/staging branch, test and deploy and CAB stuff as mentioned
18:28 XenophonF and then we're in production
18:28 XenophonF the devs can't touch production
18:28 XenophonF if they break their dev server, they're just a highstate away from being back to the original config
18:28 XenophonF or worst case, re-install/re-image, highstate, back to work
18:28 baweaver joined #salt
18:29 XenophonF i use salt to deploy from github stuff all over the place
18:29 XenophonF e,g., we're using COmanage Registry as the middleware for our federated IAM services
18:30 XenophonF i have a fork of Internet2's GitHub repo for COmanage, and Salt deploys directly from that repo (using one of the release tags)
18:30 XenophonF well, that's not quite true
18:30 XenophonF i deploy from a fork of that repo under my control
18:31 XenophonF that way someone can't sneak an update into it without me at least noticing
18:31 mavhq joined #salt
18:32 XenophonF i do the same for all of the saltstack-formulas that i use at home and at work
18:32 XenophonF so just to re-iterate: salt environments have no intrinsic semantics (except for "base")
18:33 XenophonF so could have one environment per DTAP phase (what I do)
18:33 XenophonF one per MSP customer
18:33 XenophonF one per ITIL service
18:33 XenophonF one per OS
18:33 XenophonF etc.
18:33 XenophonF iggy with his 20K minions might organize things differently
18:33 XenophonF or somebody like Ryan Lane
18:33 XenophonF or whoever
18:34 XenophonF oh, keisetsu, you'd asked about having different accounts in different environments
18:34 XenophonF i handle that in pillar
18:34 keisetsu Ah
18:35 keisetsu With a user template in the states?
18:35 XenophonF yes
18:35 XenophonF users-formula is pretty nice
18:35 XenophonF sudoers-formula too
18:35 brianfeister joined #salt
18:36 keisetsu So if I want to make changes to a config file, say nginx, would it be best to have a template in base that uses pillar data?
18:36 XenophonF and the same pillar assignments that say "you are a development openstack compute node" can also say "in addition to creating the default emergency local admin account, create these accounts"
18:36 XenophonF i think so
18:37 mavhq joined #salt
18:38 keisetsu so you're getting pretty granular (pun intended) in your templates? Not just {{env}} or something like that
18:38 XenophonF e.g., i have a (private---sorry, can't show you) wordpress SLS that's pretty much fill in the blank
18:38 teryx510 joined #salt
18:39 XenophonF so when the boss said "deploy wordpress in azerbaijan", i very quickly spun up two wordpress instances (dev and prod) plus their associated databases
18:39 XenophonF those servers are managed in salt-cloud too, which made it even easier
18:40 keisetsu so, in this example, when dev or whoever wants to push something to production, is salt involved in that?
18:40 XenophonF yup
18:40 XenophonF so is the Change Advisory Board
18:40 keisetsu and the cab does the actual pushing? See, I'm pretty much every role here.
18:41 keisetsu dev, devop, project manager, etc
18:41 keisetsu (small shop, obviously)
18:41 XenophonF ah well the CAB is just beaurocracy...it's important
18:42 XenophonF a review step
18:42 keisetsu Right, no, I understand that.
18:42 XenophonF if you've got a boss who oks production changes before you make them, then he's your cab
18:42 keisetsu Nope
18:42 XenophonF but no, i as the sysadm would be doing the stuff in salt, not my boss/change manager
18:42 keisetsu Anyway, when the time comes, how do you push a change?
18:43 XenophonF well, the state changes are merged to the staging branch
18:43 XenophonF let's say i'm changing something in wordpress
18:43 keisetsu Mhmm
18:44 mavhq joined #salt
18:44 XenophonF so at the appointed time, i'll run something like `salt wordpress-prod-azerbaijan-\*.example.com state.sls wordpress saltenv=staging`
18:44 XenophonF which pushes my changes out
18:44 XenophonF we'll run some tests
18:44 keisetsu Ok, that's what I was thinking.
18:44 XenophonF if it's good, then we'll do a merge in git between the staging and production branches
18:45 iggy we don't use environments
18:45 XenophonF if it's bad, then to back out my changes i'll run something like `salt wordpress-prod-azerbaijan-\*.example.com state.highstate`
18:45 iggy if they'd said in the interview that they did, I probably would have turned down the job
18:45 XenophonF environments aren't the be-all and end-all
18:46 keisetsu How do you do it, iggy?
18:46 iggy separate masters
18:46 XenophonF that's about what i expected
18:47 iggy but we don't really have environments so much as sites
18:47 iggy so each site has it's own master
18:47 keisetsu Do you have stages, dev, test production?
18:48 iggy no
18:48 keisetsu Ah.
18:48 iggy I mean we do, but they are just other sites
18:48 subsignal joined #salt
18:49 Ryan_Lane I don't use salt environments
18:49 Ryan_Lane I find the implementation of environments in every config management system to be not what I ever need
18:50 mavhq joined #salt
18:50 sc250024 Easier to set environments via Pillar
18:51 qurkq joined #salt
18:52 keisetsu sc250024: I guess that's the main thing for me; how do I specify that I want to push a certain update to a certain server based on the dev stage?
18:53 sc250024 Personally we define a naming standard, so anything that's like '*-dev.company.com' will get assigned the 'environment: dev' pillar
18:53 hightekvagabond joined #salt
18:53 cpowell joined #salt
18:54 fracklen joined #salt
18:54 sc250024 I've debated within my company also potentially using a per-server pillar if you will, it's a lot of manual work, but it allows a lot of flexibility
18:54 sc250024 I'm sure there are better ways
18:54 keisetsu Ok. I guess that I can probably use a scheme like that
18:55 cpowell_ joined #salt
18:55 iggy for some stuff our "cmdb" has fields for dev/qa/staging/prod
18:55 ajw0100 joined #salt
18:56 Tanta I use the environment + cluster name to target pillars and states
18:56 Tanta which in this case is just an arbitrary identifier I choose for hostname and minion ID prefixes
18:56 baweaver joined #salt
18:57 keisetsu I've got a lot of thinking to do. I just assumed environment or grains were the only way to do it.
18:57 mavhq joined #salt
18:58 keisetsu Thanks the info, all
18:59 mavhq joined #salt
18:59 XenophonF i wouldn't use grains for making the prod/dev determination
19:00 XenophonF what if someone hacks a dev server? they could change the grain, run a refresh_pillar or whatever, and have access to your production configs
19:00 XenophonF i dunno
19:00 XenophonF maybe that's just my paranoia talking
19:00 sc250024 Paranoia is a good thing sometimes :)
19:00 Nazzy joined #salt
19:00 Tanta you use other security measures to enforce separation of access
19:01 Tanta firewalls, IAM instance profiles, secrets that come from another location, etc
19:01 XenophonF which is why i store environment assignments in pillar
19:01 mavhq joined #salt
19:01 XenophonF but you're correct, Tanta: there's more than one way
19:02 Tanta you know it's secure enough when even you can't get anything productive done
19:03 XenophonF :)
19:03 fracklen joined #salt
19:03 brianfeister joined #salt
19:04 sc250024 Has anyone messed around with the 'sudo' and running Salt as another user other than 'root' ?
19:04 sc250024 Out of curiosity
19:05 sc250024 sudo option*
19:05 XenophonF master or minion?
19:05 XenophonF i've toyed with running the master as non-root
19:05 XenophonF but the minion kind of has to be root
19:05 sc250024 Both/Either
19:05 honestly sc250024: Are you talking about salt-ssh?
19:06 XenophonF https://docs.saltstack.com/en/latest/ref/configuration/nonroot.html
19:07 Tanta on FreeBSD, you can run it as 'toor'
19:07 XenophonF i set things up at home such that salt-master and local salt-api instance (used by saltpad) and the rest_cherrpy instance (hosted by mod_wsgi in apache) all run as separate users
19:07 XenophonF haven't ported that config to work, yet
19:08 Rumbles joined #salt
19:09 XenophonF Tanta: the bourne-again superuser ;)
19:09 keisetsu XenophonF: I don't like the idea of using grains for separating stages either. I saw that as a suggestion somewhere.
19:10 teatime joined #salt
19:10 atmosx joined #salt
19:11 Fiber^ joined #salt
19:11 llua suse has a patch to allow the minion to run as the user `salt'
19:13 Lionel_Debroux joined #salt
19:16 llua ok, i remembered that wrong :P
19:17 mavhq joined #salt
19:18 GreatSnoopy joined #salt
19:18 LostSoul_ Hello
19:18 LostSoul_ How to use file.line with replace and after/before?
19:18 LostSoul_ I tried it but it doesn't seem to work
19:23 ninjada joined #salt
19:24 mavhq joined #salt
19:24 beardedeagle So...not sure what I am doing wrong here: https://gist.github.com/beardedeagle/437bffb5bf057292668a
19:26 baweaver joined #salt
19:27 iggy beardedeagle: I don't see any pillar data
19:27 beardedeagle I pass it via the reactor
19:29 iggy beardedeagle: try to put a dummy hostname in the pillar.get and see if it shows up
19:29 beardedeagle also I just realized I am missing `tgt:` from the cmd.run
19:31 pwhack speaking of gitfs and environments, we're currently storing states and pillars in git. during highstate, the master automatically pulls current copies from the appropriate branch. pillars have to be manually pulled on master for now. has anyone used gitfs like this THEN decided to move away to something else? for example, a CI server checking out the states from git and pushing to master? if so, why did you leave gitfs, what wasn't working for
19:31 pwhack you?
19:31 LostSoul_ Hello? :)
19:31 LostSoul_ Any tips? ideas? :)
19:33 AndreasLutro pwhack: gitfs failed hard for us. now we just set up a cronjob to do git pull and use regular filesystem states/pillars
19:34 quix joined #salt
19:34 fracklen joined #salt
19:35 pwhack @AndreasLutro: what particularly failed for you? it's proving rather cumbersome to maintain our branches right now. maybe a different branch strategy would alleviate that but i hear rumors of people leaving gitfs and i'm trying to find a best practice.
19:37 teryx510 joined #salt
19:38 AndreasLutro this was the main problem: https://github.com/saltstack/salt/issues/30500
19:39 beardedeagle @iggy: when I set a default in the pillar.get it is spinning up a vm no issue
19:39 beardedeagle but passing data from the reactor to the orch should work: https://docs.saltstack.com/en/develop/topics/reactor/index.html#passing-event-data-to-minions-or-orchestrate-as-pillar , event data but same concept
19:42 pwhack AndreasLutro: interesting bug report. we have problems with pillar data in gitfs not able to automatically check out. i wonder if it's related to your issue (based on logs later in your thread). we manually run 'git pull' on the master's pillar folder right now. there does seem to be a bug in the pillar gitfs portion. did you try using just states in gitfs? was it cumbersome from a state development workflow perspective?
19:42 teryx5101 joined #salt
19:42 baweaver joined #salt
19:43 iggy beardedeagle: did you see how the pillar was passed to the orch runner? You might try passing it like that instead of passing it like the state module
19:43 AndreasLutro pwhack: we didn't try that, no - I want them to be 100% in sync
19:44 beardedeagle I'll have to try that, then figure out how to make the cmd.run wait until the server is provisioned to add the user
19:44 AndreasLutro otherwise we might've had 2 different repos, 1 for pillars and 1 for states
19:46 pwhack AndreasLutro: our pillars and states are in separate repos right now. the thought was maybe leveraging the whole "infrastructure as code" and having a similar development lifecycle for states and pillars as our other application code. but then a CI server starts entering into the discussion. that's why i'm wondering if people deploy states and pillar files via CI to master or, if it worked correctly, just let the master pull directly via gitfs.
19:46 mavhq joined #salt
19:48 AndreasLutro if states are functions, pillars are the arguments - and I wouldn't ever want the function arguments and function definitions get out of sync
19:48 baweaver joined #salt
19:48 AndreasLutro but anyway, I think for a CI situation you'd want to avoid gitfs entirely
19:48 AndreasLutro simply because I don't think it's easy to enforce a single git commit hash
19:48 LostSoul_ So.. Have anybody of you tried before/after in file.line? :)
19:49 AndreasLutro and on the topic of CI... how are you gonna make that work with separate state/pillar repos? how do you know which commit in the state repo corresponds to which commit in the pillar repo?
19:50 mavhq joined #salt
19:51 fracklen joined #salt
19:52 mapu joined #salt
19:54 XenophonF that seems like the kind of use case the gitfs_mount option is best for
19:54 pwhack AndreasLutro: at the moment our states and pillars aren't tightly coupled. they might become so in the future as we learn more salt and leverage it more fully but yours is a good case for us to keep in mind as we go down that road.
19:55 Tanta running tests on the salt code?
19:55 beardedeagle @iggy: it is looking for `name:` which belongs to state.cloud not runner.cloud. curious.
19:56 sc250024 Easy question
19:56 beardedeagle maybe I need to specify the entire runner.cloud.profile instead of just cloud.profile
19:56 sc250024 If I'm setting up a PPA, setting 'refresh_db: False' will make sure there's not an `apt-get update` correct?
19:58 pwhack AndreasLutro: basically i'm inheriting a salt environment. the senior engineer who architected and implemented it chose gitfs. and then left the company. i'm now being asked to consider converting it to a CI-style deployment of states and pillars to master because my director thinks that's the way to embrace "infrastructure as code." hence the "what works, what doesn't work, etc" questions.
19:59 pwhack AndreasLutro: and in your case, you need the two tightly coupled.
19:59 subsignal joined #salt
20:00 AndreasLutro if it works for you, no reason to switch - but even with gitfs in production I'd favor not using it in CI
20:01 mavhq joined #salt
20:01 AndreasLutro also, switching back and forth between gitfs and a cronjob doing git pull was super easy so it's not a huge decision or anything
20:01 Tanta anyone who says 'infrastructure as code' and can't write a line of the damn code should be punched in the face and told not to dictate how to get it done
20:02 AndreasLutro pwhack: how do you know your states and pillars aren't tightly coupled? I'm pretty sure if you change a part of your pillar data from a dict to a list or vice-versa, some of your states will break
20:02 pwhack AndreasLutro: i lean toward no CI in this scenario too. and don't worry, he's definitely good in the code world. and ops world. hence why i need to research in order to have a technical argument with him.
20:02 AndreasLutro I like to say the states are the function definitions, pillars are the function arguments
20:03 Tanta pillars can be used for anything related to structured data; logic & flow control, templating, arguments to state functions, etc
20:03 onlyanegg joined #salt
20:04 Tanta for a CI environment, you'd have a set of 'test' data that are targeted at the CI server
20:04 AndreasLutro pwhack: oh I'm all for CI, was just saying if you set up a CI salt master, just configure it to not use gitfs
20:05 cilkay joined #salt
20:05 Muchoz joined #salt
20:05 Tanta Salt has robust validation tools though like unless:, if:, onlyif:, and other constructs that can be used for in-line validations though
20:06 LostSoul_ Ok I guess this before and after doesn't work
20:06 pwhack AndreasLutro: for example, i have a state that generates nfs export files for a linux nfs server. that state doesn't need to change often at all, but i occasionally need to add another export to the pillar or modify which servers have rights to the export (again via pillar). in that case i don't need to modify the state repo, just pillar repo. though there's nothing wrong with updating a repo that contained both pillars and states, it's just
20:06 pwhack unnecessary for smaller pillar changes.
20:07 pwhack sort of config versus implementation code
20:07 mdasilva joined #salt
20:08 AndreasLutro sure. for dynamic data like that we use external pillars so git isn't even involved
20:08 pwhack AndreasLutro: and that's an example of where i have lots to learn. :-)
20:08 fracklen joined #salt
20:08 AndreasLutro but still, if you need to change the structure of pillar data to make your states more flexible, it is tightly coupled
20:09 AndreasLutro there's not much to learn. an external pillar is just a python function. it can be a call to an api, a database, whatever
20:09 pwhack AndreasLutro: indeed. as a new feature or parsing of pillar data is implemented, both the states and pillar repos get updated. in that case they are definitely coupled.
20:10 pwhack AndreasLutro: learning "how" is one thing, learning "why" is another. again, trying to learn enough to make best practice decisions rather than clooging. ongoing process in all technologies.
20:11 pwhack luckily i get to go to saltconf this year. that'll be quite the injection.
20:11 AndreasLutro ah
20:12 drawsmcgraw joined #salt
20:12 josue1 joined #salt
20:13 mavhq joined #salt
20:15 linjan joined #salt
20:21 LostSoul_ babilen: Ok you won
20:21 LostSoul_ I'm going to just manage or copy file
20:22 LostSoul_ As this after/before regex is not working ..
20:22 LostSoul_ If I have the same 5 lines I can't pick one based on previous/next lines
20:22 fracklen joined #salt
20:23 cilkay joined #salt
20:24 mavhq joined #salt
20:24 babilen :D
20:25 babilen context sensitivity!
20:26 losh joined #salt
20:27 LostSoul_ You mind checkign it out babilen?
20:27 LostSoul_ This case? I mean if there is regex chance? I would let it go but I wasted few hours ..
20:30 rm_jorge joined #salt
20:30 LostSoul_ http://paste.debian.net/hidden/7ec5f1c1/ - any idea what and how to fix it? :)
20:30 pwhack AndreasLutro: thanks for your real world usage info
20:34 fracklen joined #salt
20:35 Tanta have you tried https://docs.saltstack.com/en/latest/ref/states/all/salt.states.file.html#salt.states.file.blockreplace LostSoul_ ?
20:35 babilen LostSoul_: I do love regular languages and crafting grammars, but that is a time-sink I will not honour .. sorry
20:35 LostSoul_ babilen: :D
20:37 mavhq joined #salt
20:39 mavhq joined #salt
20:46 tawm04 joined #salt
20:46 fracklen joined #salt
20:48 mavhq joined #salt
20:51 amcorreia joined #salt
20:52 DammitJim how do you guys deal with different samba configurations?
20:52 brianfeister joined #salt
20:52 DammitJim do you just use different templates?
20:52 buhman DammitJim: some people write silly config-generators, where they represent the config in yaml, then write a bunch of jinja loops to transform that into a native config
20:53 buhman some of the 'salt-formulas' do that if you want an example
20:53 cilkay joined #salt
20:54 babilen .. implying that the enlightened do ....
20:55 DammitJim I've never used a salt-formula
20:55 DammitJim I'm scared of them
20:55 buhman some of them aren't even that good, either
20:56 fracklen joined #salt
20:56 buhman https://github.com/saltstack-formulas/salt-formula/blob/master/salt/files/roster.jinja
20:56 buhman stuff like that
20:57 buhman that one is particularly funny, because the source pillar is yaml
20:57 fracklen joined #salt
20:57 buhman and that template is effectively an implementation of a one-off yaml dumper
20:57 AndreasLutro :D
20:57 DammitJim gosh
20:57 DammitJim I think I'm going to stick with just a separate template
20:57 buhman probably a reasonable idea
20:58 babilen buhman: Feel free to improve it :)
20:58 babilen I mean .. in the end it is about making things better
20:58 buhman I'm really not sure how to do that better though
20:59 AndreasLutro {{ pillar.salt_ssh_roster | yaml(indent=2) }}
20:59 buhman heh
21:02 AndreasLutro I'm surprised this formula hasn't adapted the spm FORMULA file
21:02 AndreasLutro you'd think all the formulas would be on top of that
21:02 mdasilva joined #salt
21:03 babilen Yeah, we should really do that
21:04 iggy that's mostly been pushed by the salt devs from what I've seen
21:05 babilen Absolutely. It hasn't really been adopted anywhere from what I could tell
21:06 ninjada joined #salt
21:06 AndreasLutro maybe for good reason... I can't see anything about locking down versions for spm
21:07 notnotpeter joined #salt
21:09 baweaver joined #salt
21:09 AndreasLutro tagged releases and version constraints to prevent unexpected breaking changes would be #1 on my wanted features list for something like spm
21:10 Rumbles joined #salt
21:11 bhosmer joined #salt
21:13 DammitJim it's too much
21:14 khaije1 In working with formulas recently I'm impressed by the ability to "safely" abstract many details, but am concerned about them becoming a newer better domain-specific-language
21:15 khaije1 My #1 wish would be the ability to have a higher degree of control over the design-side interface of each formula.
21:16 khaije1 to make their control more uniformly composable (for lack of a better term)
21:18 edrocks joined #salt
21:19 DammitJim any way to tell samba how to set the password for a samba user?
21:22 babilen btw, hang out in #salt-offtopic if you feel likeit
21:22 DammitJim khaije1, or I?
21:22 DammitJim I meant to be able to do this through salt :D
21:24 timoguin joined #salt
21:24 khaije1 fwiw I was talking about salt to
21:25 ninjada joined #salt
21:30 keimlink joined #salt
21:30 felskrone joined #salt
21:34 onlyanegg joined #salt
21:37 mavhq joined #salt
21:39 UtahDave left #salt
21:39 Muchoz joined #salt
21:42 mavhq joined #salt
21:44 sc250024 Do you guys know where in the Salt documentation is specifies how to define  block devices for a profile in `/etc/salt/cloud.profiles.d`
21:45 sc250024 I can't seem to find an example
21:45 Slayersue joined #salt
21:46 Nazca__ joined #salt
21:49 tduerr joined #salt
21:49 tduerr salt
21:50 onlyanegg joined #salt
21:58 mavhq joined #salt
21:59 ninjada joined #salt
22:01 edrocks joined #salt
22:01 ninjada joined #salt
22:02 Pinchiukas left #salt
22:04 RandyT joined #salt
22:06 hemebond joined #salt
22:09 rem5 joined #salt
22:09 dabb joined #salt
22:11 bhosmer joined #salt
22:15 mavhq joined #salt
22:15 baweaver joined #salt
22:17 teryx510 joined #salt
22:18 huddy joined #salt
22:18 amcorreia joined #salt
22:19 kliquori joined #salt
22:20 brianfeister joined #salt
22:20 mavhq joined #salt
22:21 dabb joined #salt
22:22 mdasilva joined #salt
22:22 alexlist joined #salt
22:24 ronrib joined #salt
22:25 mavhq joined #salt
22:27 mavhq joined #salt
22:29 mavhq joined #salt
22:30 mavhq joined #salt
22:31 ecdhe joined #salt
22:35 grumm_servire joined #salt
22:35 edrocks joined #salt
22:37 yjmbo joined #salt
22:40 mavhq joined #salt
22:40 yjmbo I'd like salt to manage a file on one of my machines, and the the file contents should basically be a list of the current salt minions (it'll end up feeding a nagios config, for example). Sounds like a job for templating, but can someone point me to a resource that'll show an example of this?
22:40 zenlot joined #salt
22:41 hemebond yjmbo: http://stackoverflow.com/questions/17158665/how-to-get-a-list-of-all-salt-minions-in-a-template
22:42 yjmbo hemebond: thanks, looks like that'll give me a decent start :-)
22:43 mavhq joined #salt
22:43 bbhoss joined #salt
22:46 andrew_v joined #salt
22:46 mavhq joined #salt
22:54 adelcast left #salt
22:55 mavhq joined #salt
23:06 edrocks_ joined #salt
23:08 adelcast1 joined #salt
23:08 andrew_v joined #salt
23:12 snc joined #salt
23:13 ninjada joined #salt
23:13 antonw joined #salt
23:16 mavhq joined #salt
23:18 mavhq joined #salt
23:20 mavhq joined #salt
23:20 M-liberdiko joined #salt
23:20 M-liberdiko Is it possible to something like {% if salt'file.file_exists' %} where misc.txt is in an jinja expression? I have tried {% if salt'file.file_exists' %} but it's not correct
23:21 onlyanegg joined #salt
23:23 mavhq joined #salt
23:23 M-liberdiko Oops, look like IRC doesn't like Jinja expression. Here they are: http://pastebin.com/raw/uErvM9E4
23:25 mavhq joined #salt
23:27 mavhq joined #salt
23:30 ajw0100 joined #salt
23:30 iggy pastebin.com doesn't like my use of adblock
23:31 iggy because they need all that ad money to host some plain text snippet
23:33 Kraln joined #salt
23:35 onlyanegg joined #salt
23:39 baweaver joined #salt
23:40 dendazen joined #salt
23:41 M-liberdiko @iggy They don't mind about me using it.
23:42 iggy so it's personal...
23:42 dunz0r joined #salt
23:43 M-liberdiko To be more specific, how can I put a variable in an argument with jinja?
23:43 M-liberdiko @iggy What do you recommend then?
23:44 iggy '/home/joe' ~ foo
23:45 hightekvagabond joined #salt
23:46 ecdhe joined #salt
23:48 M-liberdiko Thanks iggy! I didn't thought to look for how to concatenate :s

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary