Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2016-04-20

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:01 _JZ_ joined #salt
00:10 catpigger joined #salt
00:11 ajw0100 joined #salt
00:25 hightekvagabond joined #salt
00:33 macheck_ joined #salt
00:37 pfallenop joined #salt
00:38 baweaver joined #salt
00:40 majikman joined #salt
00:42 majikman how can i use jinja to update a dict with a string? everytime i run this, {% do consul.config.update({'bind_addr': eth_adapter or []}) %}, it sets "bind_addr": ["192.168.1.214"] when what i want is "bind_addr": "192.168.1.214"
00:43 teatime is eth_adapter in-fact a list?  maybe you need eth_adapter[0] or something.
00:43 hal58th joined #salt
00:43 mapu joined #salt
00:43 majikman ah... damn that was simple. thanks timetime
00:43 majikman teatime
00:44 teatime ;)
00:46 hemebond FYI, " or []" will put an empty list in there too.
00:55 flowstate joined #salt
00:57 racooper joined #salt
01:00 SheetiS joined #salt
01:00 subsignal joined #salt
01:04 aharvey joined #salt
01:07 catpiggest joined #salt
01:08 akhter joined #salt
01:11 brotatochip joined #salt
01:22 cyborg-one joined #salt
01:24 mowntan joined #salt
01:27 linjan_ joined #salt
01:31 meekrab joined #salt
01:39 aharvey joined #salt
01:46 kevinquinnyo is there some key you can pass to a state that tells salt to do them synchronously?  I have a situation where i'm adding DNS records, and I need it to edit the zone file synchronously to avoid asynchronous file-clobbering headaches
01:46 kevinquinnyo i could have sworn there was, but i just can't find it now
01:46 hemebond kevinquinnyo: States are not applied in parallel as far as I know.
01:46 hemebond You might also want to think about what it means to apply a state to a file as opposed to running a list of commands.
01:46 hemebond Ideally your updates/changes should be...
01:46 hemebond I've forgotten the word again...
01:46 kevinquinnyo idempotent, please don't tell me it's idempotent
01:46 hemebond That's the one :-)
01:46 kevinquinnyo the thing is
01:48 kevinquinnyo i'm doing something like: imagaine an sls file, called add_all_cluster_records.sls and inside that, within a loop, like, (for example): for record in records:  states['Add record {0}'.format(record)] = { // my state that goes and adds the dns record}
01:48 hemebond Anyway, as long as you have your states in the order you want and/or have your requisites configured it should all run in the order you specify.
01:48 kevinquinnyo and it returns states
01:48 kevinquinnyo will those states execute asyncronously?
01:49 hemebond is that Jinja?
01:49 kevinquinnyo py renderer
01:49 kevinquinnyo i could provide an example gist if it would help
01:49 hemebond They won't be asynchronous, no.
01:49 hemebond Salt never runs multiple states at the same time.
01:49 kevinquinnyo ahh
01:49 hemebond (to the best of my knowledge)
01:50 kevinquinnyo well wait
01:50 kevinquinnyo if it doesn't then why the need for requisites?  just to order the dict?
01:50 kevinquinnyo since python has no sense of order in it's data structures by default?
01:50 hemebond Yes, to change/set the order.
01:51 hemebond States are stored in OrderdDicts
01:51 hemebond *OrderedDicts
01:51 kevinquinnyo ahhh
01:51 kevinquinnyo right
01:51 kevinquinnyo ok so that's actually great
01:51 kevinquinnyo that solves my problem completely (there was no problem)
01:51 hemebond :-)
01:54 kevinquinnyo you ever look at your code and have a terrible, deep understanding that you will have to refactor it in a later iteration
01:54 kevinquinnyo and it fills you with dread
01:54 hemebond Always :-)
01:54 hemebond Not usually dread, though.
01:54 hightekvagabond joined #salt
01:54 kevinquinnyo well
01:54 hemebond I quite like refactoring.
01:54 kevinquinnyo yeah i do too
01:54 hemebond "ooh, I could try this... ooh and then maybe this"
01:55 kevinquinnyo yeah..
01:55 kevinquinnyo "oh you know what i could do..."  I could abstract this away with a module, and add some magic
01:56 kevinquinnyo and then you realize you have deadlines and just need to ship code (that you know deep down) is fundamentally flawed
01:56 hemebond Thankfully not a coder by trade :-)
01:56 hemebond Unfortunately also not a Salt user by trade :-(
01:57 spuder joined #salt
01:57 aharvey joined #salt
01:58 kevinquinnyo me either
01:59 kevinquinnyo i'm a linux sysadmin really, but to build really cool things, i have to be a coder, and a salt hacker most days
01:59 kevinquinnyo switching between python and php is making me lose my mind
02:00 hemebond erk
02:00 kevinquinnyo anyway back to it -- thanks for the help/clarification
02:00 hemebond Good luck.
02:00 kevinquinnyo thanks
02:13 quasiben joined #salt
02:13 stooj joined #salt
02:21 brianfeister joined #salt
02:28 meekrab joined #salt
02:28 quasiben joined #salt
02:32 stooj joined #salt
02:33 flowstate joined #salt
02:34 hasues joined #salt
02:38 stooj joined #salt
02:39 SheetiS joined #salt
02:42 akhter joined #salt
02:43 cpowell joined #salt
02:51 hasues left #salt
02:53 iceyao joined #salt
02:57 jeffspeff joined #salt
03:10 aharvey joined #salt
03:10 onlyanegg joined #salt
03:10 cyborg-one joined #salt
03:11 aw110f joined #salt
03:13 mowntan joined #salt
03:14 aw110f_ joined #salt
03:16 ajw0100 joined #salt
03:22 aw110f joined #salt
03:28 iceyao_ joined #salt
03:30 hamsham joined #salt
03:33 flowstate joined #salt
03:36 edrocks joined #salt
03:39 ageorgop joined #salt
03:42 hal58th joined #salt
03:48 arif-ali joined #salt
03:49 cyborglone joined #salt
03:52 kevinquinnyo is there anything i should know about with using an external pillar (ext_pillar) and running state.highstate ?
03:53 ntropy is tornato transport considered stable?
03:53 kevinquinnyo it seems to be unaware of my pillar data, but individual states, ie: salt 'some_tgt' state.sls something.some_state
03:53 kevinquinnyo will pick up the ext_pillar correctly
03:56 ntropy kevinquinnyo: i ran into the same question a few days ago
03:56 ntropy i see the same - im unable to get data from external pillar with pillar.get data, but using that data in a state works fine
03:57 hemebond Done a sync?
03:57 teatime ntropy: where are you trying to pillar.get from ?
03:57 ntropy when i say 'pillar.get data' i mean running 'salt pillar.get data'
03:57 ntropy there's a minion id missing there ^
04:07 djgerm joined #salt
04:09 kevinquinnyo it makes me feel like i'm losing my mind because i will make changes to my ext_pillar source (the external thing that provides the pillar dict), and run state.highstate, and *assume* I must have made a mistake upstream in my ext_pillar source because *everything fails*
04:09 hemebond Done a sync?
04:09 kevinquinnyo but then single state runs don't fail
04:09 kevinquinnyo hm
04:09 kevinquinnyo it's an ext_pillar, it pulls every time ?
04:09 kevinquinnyo i can try a sync_all
04:09 hemebond To the minion I mean.
04:09 hemebond at least a pillar_refresh
04:10 kevinquinnyo i'll try
04:10 brianfeister joined #salt
04:10 dh joined #salt
04:10 kevinquinnyo doesn't help
04:11 evle joined #salt
04:12 kevinquinnyo i get errors in highstate, like:
04:12 kevinquinnyo db_name = data['database_setting']['name']
04:12 kevinquinnyo KeyError: 'database_setting'
04:12 kevinquinnyo but then i run a test.sls that pulls the same pillar data, and it knows about that key
04:13 kevinquinnyo i think state.highstate is not lazyloading my ext_pillar, but it's late and i'm frustrated, so i might be wrong
04:14 hemebond if you do a pillar_refresh and then a pillar.items does it not show up/
04:14 hemebond ?
04:14 kevinquinnyo it shows up in pillar.items
04:14 kevinquinnyo it works when i run salt some_tgt state.sls test.sls
04:14 kevinquinnyo it does not work when i run salt some_tgt state.highstate
04:15 hemebond And highstate is just test.sls?
04:15 kevinquinnyo ?
04:15 hemebond Does your highstate just include test.sls?
04:15 kevinquinnyo no
04:16 hemebond So it works when you run test.sls but not when you run different sls files?
04:16 hemebond Have you tried applying the problem sls directly?
04:17 kevinquinnyo as far as i know it fails to find pillar keys that i know exist when i run a state.highstate
04:17 aqua^c joined #salt
04:17 MindfulMonk joined #salt
04:17 hemebond Can you paste your test.sls and the sls that fails?
04:17 hemebond Is your test.sls referencing the same pillar value?
04:17 kevinquinnyo the "sls that fails" is not an sls at all, it's when i run state.highstate
04:17 catpiggest joined #salt
04:18 hemebond Sure, but highstate is just some sls files.
04:18 hemebond I'm trying to establish for certainty if it's highstate or the states being run with highstate.
04:20 kevinquinnyo hmm
04:20 tongpu joined #salt
04:20 ntropy kevinquinnyo: actually, do you see all your ext pillar data if you do "salt minion pillar.items"?  i do
04:20 ntropy just not when asking for a particular key out of ext_pillar, with pillar.get
04:20 kevinquinnyo so let me run through each state defined in the highstate then, with that insight
04:20 kevinquinnyo ntropy: yes
04:21 ntropy cool, sounds like we're hitting the same feature :)
04:21 hemebond ntropy: So you see the values with pillar.items but not pillar.get?
04:21 hemebond From the CLI?
04:21 ntropy correct
04:21 hemebond And you've done a pillar_refresh for the minion?
04:23 ntropy i haven't, no, but it helps
04:24 ntropy yeah that totally makes 'pillar.get key' work on the cli
04:25 ntropy i didn't expect that will be needed, since pillar.items worked
04:25 hemebond Yeah I'm not sure why there's a disconnect.
04:25 ntropy that probably means they both don't work in the same way
04:26 hemebond "pillar.items will return a freshly reloaded pillar and pillar.raw will return the current pillar without a refresh"
04:26 hemebond Doesn't say anything like that for pillar.get
04:27 tru_tru joined #salt
04:28 hemebond Oh, is it refresh_pillar?
04:28 hemebond it is. That's terrible, I've been saying the wrong method name this whole time.
04:29 ntropy im on 2015.8.7 and pillar_refresh worked :)
04:29 dyasny joined #salt
04:30 hemebond Does refresh_pillar work?
04:30 hemebond Ah https://github.com/saltstack/salt/issues/23613
04:30 saltstackbot [#23613]title: DOCUMENTATION(minor): pillar_refresh vs refresh_pillar | A minor issue that I noticed when doing a copy/paste from the docs:...
04:33 flowstate joined #salt
04:33 brianfeister joined #salt
04:40 josuebrunel joined #salt
04:41 msn joined #salt
04:43 cpowell joined #salt
04:45 kshlm joined #salt
04:46 zer0def joined #salt
04:49 aharvey joined #salt
04:50 josuebrunel joined #salt
04:57 josue joined #salt
04:59 jeffspeff joined #salt
05:02 ivanjaros joined #salt
05:16 kevinquinnyo hemebond: sorry we had a DDoS here, I didn't respond, testing now
05:19 justyns joined #salt
05:20 aharvey joined #salt
05:21 ninjada joined #salt
05:23 sauvin joined #salt
05:24 ninjada quick possibly dumb Q, if i have a state to setup iam and elb & asg on AWS eg. a bunch of boto_ options, like iam_role.preset elb.present, how do i execute it? do i just target an existing minion that has the necessary access credentials to perform those tasks?
05:27 lws joined #salt
05:27 lws Hello #salt!
05:30 lws joined #salt
05:33 flowstate joined #salt
05:35 justyns joined #salt
05:36 quasiben joined #salt
05:38 edrocks joined #salt
05:41 hemebond ninjada: You might want to look at salt-cloud.
05:41 hemebond But yes, if you already have a minion and you have some states, you would just apply them as usual.
05:50 ntropy kevinquinnyo: ddos sounds interesting, how big and what layer was it if you don't mind sharing
06:01 richhal joined #salt
06:01 rdas joined #salt
06:04 ninjada hemebond: im running salt cloud. but i need to provision a bunch of things like ELB/ASG's via a salt state. boto's the only option as far as i'm aware but i dont understand how you execute it
06:04 hemebond ninjada: Oooh, would salt-proxy help?
06:05 hemebond I think that's used as a fake minion to control things like routers and such.
06:06 ninjada hmm possibly. i think i need to pass AWS IAM credentials into my state somehow, or run it on an existing minion with the right IAM credentials. ideally i'd like the former, so i dont need a random node.
06:08 AndreasLutro boto should fetch the credentials automatically for you
06:08 AndreasLutro so you just have to assign the right IAM role to the minion running the boto states
06:08 ivanjaros joined #salt
06:23 ninjada does that include the master? my master has an IAM role that should cover things, but its not liking it
06:27 AndreasLutro ninjada: yeah, as long as your master is running a minion
06:28 rsys joined #salt
06:29 ninjada because i'd need to run the state locally, ie. salt-call ?
06:32 flowstate joined #salt
06:32 AndreasLutro no, you could do salt 'saltmaster01*' state.apply
06:32 AndreasLutro but states can only be applied to a minion
06:33 harkx joined #salt
06:36 dingonet joined #salt
06:36 dingonet helo
06:36 harkx joined #salt
06:46 stooj joined #salt
06:55 Zhen joined #salt
06:57 meekrab joined #salt
07:04 akhter joined #salt
07:06 richhal joined #salt
07:18 toastedpenguin joined #salt
07:19 fredvd joined #salt
07:19 ajw0100 joined #salt
07:20 KermitTheFragger joined #salt
07:21 toastedpenguin joined #salt
07:22 favadi joined #salt
07:23 ronnix joined #salt
07:24 kawa2014 joined #salt
07:24 c4rc4s joined #salt
07:25 CeBe joined #salt
07:25 hax404 joined #salt
07:26 voxxit joined #salt
07:26 toastedpenguin joined #salt
07:27 toastedpenguin joined #salt
07:28 Rumbles joined #salt
07:29 toastedpenguin joined #salt
07:30 anmol joined #salt
07:33 ninjada_ joined #salt
07:34 flowstate joined #salt
07:36 richhal joined #salt
07:37 msn2 joined #salt
07:39 msn joined #salt
07:40 Rkp joined #salt
07:41 edrocks joined #salt
07:46 dmaiocchi joined #salt
07:48 slav0nic joined #salt
07:48 mohae_ joined #salt
07:49 garphy joined #salt
07:52 ronnix joined #salt
07:54 Trauma joined #salt
07:56 maduro joined #salt
07:58 cyborg-one joined #salt
08:00 antpa joined #salt
08:01 lero joined #salt
08:04 ronnix joined #salt
08:09 Rumbles hi, I did a highstate on a server yesterday and one of my colleagues who had written a script which managed ownership of data on the server complained because it remove a load of users from some custom groups he had set up (causing the data to be inaccesssible)
08:09 hemebond That made me giggle :-)
08:09 Rumbles I have seen issue 13276 which states that if no group is specified at all then users shouldn't be removed
08:10 Rumbles but I'm unclear whether salt should remove users from a group they belong to that isn't mentioned in their manifest
08:10 AndreasLutro Rumbles: user.present states will do that by default - use remove_groups: false
08:10 AndreasLutro if you don't want that
08:11 Rumbles ah nice one!
08:11 AndreasLutro https://docs.saltstack.com/en/latest/ref/states/all/salt.states.user.html#salt.states.user.present
08:11 AndreasLutro for a lof of questions, simply looking up function arguments will find your answer
08:11 Rumbles fantastic, thanks AndreasLutro
08:11 AndreasLutro lot of*
08:25 auzty joined #salt
08:27 CeBe joined #salt
08:28 s_kunk joined #salt
08:30 ravenx joined #salt
08:31 ravenx something really strange is happening.  i am using a file.copy which copies a config from my repo to my /home/ravenx/ folder.   I have it so that once the repo is cloned, my next step is to copy that file into home.    The way it is right now is that, if i pass in (via command line pillar data), the branch to deploy, the config gets copied
08:31 ravenx but once i switch to a different branch, the config does NOT get overwritten, but instead, it gets deleted from my /home/ dir.
08:31 ravenx and i havfe ensured that file.copy state has the 'force: True'
08:31 flowstate joined #salt
08:33 akhter joined #salt
08:39 dariusjs joined #salt
08:45 Salty joined #salt
08:45 ravenx i am essentially havign this problem: https://github.com/saltstack/salt/issues/24295
08:45 saltstackbot [#24295]title: file.copy deletes the destination file if it already exists and force=True | There appears to be a **major** error in logic in the state `file.copy` when force is set to true....
08:45 cpowell joined #salt
08:45 ravenx does anyone know which version of salt-minion/salt-master this is fixed in?
08:46 AndreasLutro every 2015.8 version
08:46 Salty Hey, how can i install a package in two different folders using sls?
08:46 Salty i want to do something like this: http://paste.ubuntu.com/15943259/
08:47 hemebond Salty: The - name parameter
08:47 ravenx AndreasLutro:  but my salt master is:   2015.8.8.2 (Beryllium)
08:47 ravenx AndreasLutro: or, does my salt-minion need to be the same as well?
08:47 hemebond ravenx: Your minions?
08:47 hemebond Yes
08:47 Salty hemebond can you show me please? how would you write it?
08:47 hemebond Compilation is done on the minions.
08:47 Castor__ joined #salt
08:48 ravenx hemebond, AndreasLutro my salt minion is:   2015.5.3 (Lithium)
08:48 ravenx so that is why i haven't received the fix, correct?
08:48 hemebond Salty: https://docs.saltstack.com/en/latest/ref/states/all/salt.states.npm.html#salt.states.npm.installed
08:49 hemebond Salty: By default the state ID declaration (express in your case) is used as the name. You can override that by providing a name parameter and setting your ID declaration to something else.
08:49 Salty but i want to install the same package, how can i change the name?
08:49 hemebond Salty: The name parameter.
08:49 hemebond The name parameter is the name of the package you want to install.
08:49 Salty yes i know, but i want to install a package twice
08:49 Salty and the name cant be similar
08:49 hemebond Your ID declaration must be unique.
08:50 hemebond Not name.
08:50 hemebond If there is no name parameter in your state then Salt will use the ID declaration as the name.
08:51 Salty Whats ID declaration?
08:52 hemebond The first line in each of your states.
08:52 Salty http://paste.ubuntu.com/15943325/
08:52 hemebond "npm" "upath" "upath@2" are the ID declarations.
08:52 Salty hope i can do this. let me try
08:52 Salty thanks
08:53 hemebond Like the "- dir" parameter, add a "- name" parameter specifying the name of the package.
08:54 iceyao joined #salt
08:56 ronnix_ joined #salt
09:01 Salty how can i pull from two different gits to two different folders using git.latest?
09:02 ninjada joined #salt
09:05 EvaSDK Salty: have two states ?
09:07 Salty no, its one sls. but it doesn't matter
09:07 Salty i can seperate it if needed
09:07 Salty but it wouldn't let me use git.latest twice
09:08 hemebond Salty: Run through the tutorial again.
09:08 hemebond You haven't quite grasped how states are structured.
09:08 dgutu joined #salt
09:08 hemebond Took me a while too but it'll click.
09:11 lws joined #salt
09:11 EvaSDK Salty: is it the same url ?
09:12 colegatron joined #salt
09:12 GreatSnoopy joined #salt
09:15 Salty no its url/2 and url/1
09:16 iceyao joined #salt
09:17 keimlink joined #salt
09:34 garphy joined #salt
09:35 ronnix joined #salt
09:39 flowstate joined #salt
09:39 Cadmus joined #salt
09:40 Rumbles joined #salt
09:43 N-Mi joined #salt
09:44 dgutu joined #salt
09:44 edrocks joined #salt
09:48 richhal joined #salt
09:49 iceyao joined #salt
09:51 dgutu joined #salt
09:56 cyborg-one joined #salt
10:01 maduro joined #salt
10:02 slav0nic joined #salt
10:02 invalidexception joined #salt
10:03 hemebond Is there really no tutorial that runs through a basic master/minion setup?
10:04 Fiber^ joined #salt
10:10 elsmo joined #salt
10:12 lws joined #salt
10:14 |Fiber^| joined #salt
10:16 ronnix joined #salt
10:20 rdas joined #salt
10:23 akhter joined #salt
10:23 teatime Salty: state != sls... a .sls file can have lots of states in it.
10:25 teatime Salty: look at the second example here:  https://docs.saltstack.com/en/latest/ref/states/highstate.html#names-declaration
10:26 teatime there are 3 pkg.installed states, but with 3 different ID's (python-django, python-crypto, and python-yaml)
10:28 invalidexception joined #salt
10:30 teatime I am having difficulty finding more examples
10:31 hemebond https://docs.saltstack.com/en/latest/ref/states/highstate.html#name-declaration seems pretty good to me. Much clearer than what I linked to earlier.
10:31 flowstate joined #salt
10:32 hemebond Clearly shows the difference between the ID declaration and the actual name of the file or repo or whatever.
10:38 Cadmus Hello, this may be more of a jinja question than a salt one, but hopefully you can help me too. Inside one of my templates I'm trying to make a list which I append stuff to, so I want to have the empty list as a variable, if I do {% set readingpeople = [] -%} I get an error to the effect of 'list object has no attribute public'. Am I being really thick?
10:40 AndreasLutro you're trying to do readingpeople.public somewhere
10:40 AndreasLutro feel free to share the rest of your sls file if you can't find out where
10:40 Cadmus Well this is the dumb thing, I haven't written anything that uses that variable yet, literally that one line declaration
10:41 teatime it could be «anything».public or ['public']
10:41 AndreasLutro well, your error has to come from somewhere!
10:41 cswang joined #salt
10:42 AndreasLutro share your .sls and full error message
10:42 Cadmus Hang on, I think it might be a change somewhere else, thanks for the confirmation on stuff
10:44 antpa joined #salt
10:47 antpa joined #salt
10:49 baoboa joined #salt
10:52 invalidexception joined #salt
10:53 lero joined #salt
10:54 maduro joined #salt
11:01 west575 joined #salt
11:12 lws joined #salt
11:14 MadHatter42 joined #salt
11:19 clayman joined #salt
11:23 amcorreia joined #salt
11:25 elsmo joined #salt
11:26 richhal joined #salt
11:31 flowstate joined #salt
11:35 garphy joined #salt
11:43 evle joined #salt
11:44 Garyx joined #salt
11:44 iceyao joined #salt
11:47 edrocks joined #salt
11:50 RandyT joined #salt
11:51 richhal joined #salt
11:54 josuebrunel joined #salt
11:55 Vishvendra joined #salt
11:59 akhter joined #salt
12:09 edrocks joined #salt
12:13 lws joined #salt
12:14 Guest79 joined #salt
12:21 ivanjaros joined #salt
12:23 west575 joined #salt
12:25 mage_ joined #salt
12:25 mage_ hello
12:25 mage_ is there a way to get some progress/infos/... when running salt sometarget state.apply ?
12:28 hal58th joined #salt
12:34 babilen mage_: If you want that, you are best advised to call it locally on the minion with salt-call
12:36 TooLmaN joined #salt
12:43 gh34 joined #salt
12:44 squishypebble joined #salt
12:45 mage_ okay ..!
12:46 abednarik joined #salt
12:46 cpowell joined #salt
12:47 numkem joined #salt
12:47 garphy joined #salt
12:47 mage_ and any idea for this https://gist.github.com/silenius/2575e71c153bb86fb7ebc956f8be58b3 ?
12:48 mage_ it happens only with python 3
12:50 mage_ when venv_bin equals to: /usr/local/bin/pyvenv-3.4
12:58 garphy joined #salt
13:02 akhter joined #salt
13:09 Zuriel joined #salt
13:12 garphy joined #salt
13:14 lws joined #salt
13:14 subsignal joined #salt
13:15 DammitJim joined #salt
13:16 keimlink joined #salt
13:16 futuredale_ joined #salt
13:16 ggoZ joined #salt
13:16 edrocks_ joined #salt
13:17 quasiben1 joined #salt
13:17 quix_ joined #salt
13:17 subsigna_ joined #salt
13:17 ninkotech_ joined #salt
13:20 Zuriel Morning, can anyone provide some guidance on creating a Windows MSI for the salt-minion? I'm trying to figure out what the "distfiles" that are required are
13:23 west575 joined #salt
13:27 SheetiS joined #salt
13:29 kevinquinnyo joined #salt
13:30 SheetiS1 joined #salt
13:31 josuebrunel joined #salt
13:31 renaissancedev joined #salt
13:37 garphy joined #salt
13:45 cpowell joined #salt
13:46 mowntan joined #salt
13:47 protoz joined #salt
13:47 protoz joined #salt
13:48 mapu joined #salt
13:49 flowstate joined #salt
13:49 edrocks joined #salt
13:51 flowstat_ joined #salt
13:52 mowntan joined #salt
13:58 jerredbell joined #salt
14:01 ronnix joined #salt
14:01 racooper joined #salt
14:03 onlyanegg joined #salt
14:05 ravenx suppose i have, under a .sls file, the "git.latest" state and i specify the branch i want by:  - rev: {{ salt['pillar.get']('somevalue:git_branch') }}
14:05 ravenx and i call it on the command line on the master by:
14:05 quix joined #salt
14:05 ravenx salt 'two' state.sls somestate pillar='{'somevalue': {'git_branch': 'master'}}'
14:05 ravenx is it possible, in the .sls fiel which contains my rev, to set a "default" branch
14:06 ravenx if no one passes in the pillar={ part, it just defaults to, say, stable branch.
14:06 ravenx so the user has an option of `salt 'two' state.sls somestate`
14:08 west575 joined #salt
14:11 mschiff I have two long running states that belong together. I removed them from highstate and put them into a seperate schedule with a longer interval. I formed both states as the args list to the new schedule entry
14:12 mschiff but that does not seem to work
14:12 mschiff on the command line I use "state.sls state1.sls,state2.sls" which works. Do I have to use this same syntax with just one item in ags in schedule too?
14:13 mschiff (the schedule does not get executed...)
14:14 MadHatter42 joined #salt
14:16 seglo joined #salt
14:16 ninjada joined #salt
14:17 tharkun joined #salt
14:18 seglo i'm running vagrant-aws with salt and i'm trying to get minions to automatically register with the master.  by default aws is provisioning an internal hostname, so the resulting minion id is wrong.  i was about to go down the path of pre-emptively creating a /etc/salt/minion_id file with the right name, but i was wondering if anyone had any other suggestions?
14:20 dgutu joined #salt
14:21 Cadmus Hooray, I think I've found something I want to do that breaks saltstack \o/ . I've got a machine that's integrated with AD (with SSSD), and I want to chgrp a file to an AD users, if I do it from the command line it works, if I do it in saltstack it says it can't find the group, presumably it's looking at /etc/group
14:22 tru_tru joined #salt
14:22 Zuriel seglo: You could use cloud-init or a script that starts on boot to query the instance metadata and set the id to the instance id
14:23 seglo Zuriel: i've heard this before.. clould-init, but it's new to me.  can you direct me somewhere with more info about this?
14:24 Zuriel seglo: https://cloudinit.readthedocs.org/en/latest/
14:24 Zuriel it may not be available depending on your distro though
14:24 flowstate joined #salt
14:25 rrei joined #salt
14:26 AndreasLutro also see http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/user-data.html
14:26 hasues joined #salt
14:26 seglo when i reading about how to change the hostname on a centos ami it directed me to /etc/cloud/
14:26 seglo is that cloud-init?
14:27 AndreasLutro probably
14:27 seglo i had to add a line to the cloud.cfg to keep the hostname persistent after reboot
14:28 rrei hi all
14:28 spuder joined #salt
14:29 seglo ah, looks like Vagrant's salt provisioner can let me set the minion_id, i'll do that
14:29 hasues left #salt
14:29 onlyaneg1 joined #salt
14:30 seglo on a related question though.  setting the proper hostname on ec2 has a number of steps.  is anyone aware of a formula to do this?
14:30 seglo i'm using a pretty mainstream centos 7.1 AWS AMI
14:30 richhal joined #salt
14:31 Cadmus Mixed news everyone! I can set it to AD people if I use numeric ids, but that's not optimal if we're honest
14:33 garphy joined #salt
14:38 Tbarach joined #salt
14:38 hal58th joined #salt
14:39 Tbarach Hello guys, I'm facing an issue. I want to push multiple files from minions to my master. And the only way to do this was to push the entire directory which is way too long. Do you have any ideas ? (Sorry for my enligsh, not my native language )
14:40 XenophonF joined #salt
14:40 rrei can't you select what you want using something like a glob pattern?
14:41 rrei or maybe copy the files you wish to send to a temp directory and then send all of that
14:41 Tbarach I tried the glob patterns, but it still copied useless files :/
14:42 Tbarach The tmp idea is nice, I'm going to try this, thanks
14:44 protoz joined #salt
14:45 Tbarach That's perfect, thank you very much rrei :-)
14:46 rrei np
14:46 rrei I think I'm going to need help as well
14:46 rrei something odd is happening here
14:54 garphy joined #salt
14:58 kawa2014 joined #salt
14:58 daswathn joined #salt
14:58 daswathn hello
14:58 daswathn minion1: ----------           ID: set_lock     Function: pkg.add_lock         Name: kernel       Result: False      Comment: State 'pkg.add_lock' was not found in SLS 'Patching/Patch-SLES12sp1-test'               Reason: 'pkg.add_lock' is not available.      Started:     Duration:      Changes:  Summary for minion1 ------------ Succeeded: 0 Failed:    1 ------------ Total states run:     1 ERROR: Minions returned with non-zero exit c
14:59 daswathn trying to run pkg.add_lock from a sls file and salt throws error saying unable to find it .. any help ?
15:01 flowstate joined #salt
15:03 rrei seems like you're confusing execution and state functions, no?
15:04 rrei https://docs.saltstack.com/en/latest/ref/states/all/salt.states.pkg.html
15:04 rrei there's no add_lock function here
15:04 daswathn sorry for pasting multiline...
15:04 rrei perhaps you want to run the execution function, in which case you'd use
15:04 Brew joined #salt
15:04 djgerm left #salt
15:04 rrei module.run
15:05 daswathn @rrei will check that link you shared, thank you for the update
15:05 rrei - name: pkg.add_lock
15:05 rrei check out "salt.states.module.run" too
15:05 rrei I think that's what you're looking for perhaps
15:06 daswathn @rrei definitely will read that, thank you..
15:07 murrdoc joined #salt
15:09 Cadmus Can anyone confirm that stuff like file.directory and file.exists looks at /etc/passwd and /etc/group and as such would miss directory users?
15:14 AndreasLutro Cadmus: what's the error? user/group does not exist?
15:15 akhter joined #salt
15:15 Cadmus AndreasLutro: That's right, the machine (CentOS 7) has been joined to an MS AD using the 'realm' command. chgrp and chown work locally, but Salt claims the users do not exists.
15:15 flowstate joined #salt
15:16 AndreasLutro Cadmus: can you do import pwd; pwd.getpwnam('username') in a python shell and see what that returns?
15:16 AndreasLutro also.. file.exists doesn't take user/group args
15:17 Cadmus Sorry, I was getting muddled up, this is specifically a file.directory declaration
15:17 AndreasLutro right. try the pwd thing
15:18 Cadmus Hmm, that returns the user
15:18 AndreasLutro ok, what about pwd.getpwnam('username').pw_uid
15:18 Cadmus Yeah, we get a uid, let me just try something
15:19 AndreasLutro okay. test this as well: import grp; grp.getgrnam(group).gr_gid
15:20 AndreasLutro also what is the exact error message please?
15:21 Cadmus Aaand it's working. A change I made I made in my sssd config must have taken effect sometime afterwards. I added 'enumerate' which has probably made the ids more available. The exact error was "Comment: Group domain admins is not available"
15:21 Cadmus I'll try knocking out 'enumerate' and see if that makes it reproducible
15:22 AndreasLutro okay, well, if it's working now that's fine I guess
15:22 AndreasLutro my next guess would've been there being a space in the group name
15:22 protoz joined #salt
15:22 Cadmus Yeah, """"""" ahoy!
15:23 kawa2014 joined #salt
15:24 Cadmus It may be cached etc, this is just a dev box, so I'll make sure to try it both ways on the next one. Thanks for your help.
15:27 hightekvagabond joined #salt
15:28 cpowell joined #salt
15:30 cpowell_ joined #salt
15:32 quix_ joined #salt
15:38 brotatochip joined #salt
15:39 Frantic joined #salt
15:39 disbound joined #salt
15:39 armyriad joined #salt
15:41 Frantic Hey guys, I have a few colleagues who work on several Centos boxes. We want to find a way to share the same setup by having some RPMs at the same version and some Python PyPI packages. But we don't want to give full control of the machine to something like Salt. Is that possible? I don't really have experience with Salt or other such tools?
15:43 AndreasLutro Frantic: you might want a tool that allows configuration over ssh. salt does that through salt-ssh, but so do other tools like ansible and itamae
15:43 Frantic AndreasLutro: What would such tool be?
15:43 Frantic I've been thinking about writing a Python script over fabric
15:43 AndreasLutro didn't I just mention 3?
15:44 Frantic AndreasLutro: Oh, I thought you meant unlike those
15:44 AndreasLutro aha
15:44 Frantic AndreasLutro: Can I get salt to just keep a few RPMs at a specific version, without handling the full system?
15:44 garphy joined #salt
15:45 AndreasLutro sure, but then I'd recommend using one of the other 2 instead
15:45 Frantic AndreasLutro: Why is that?
15:45 AndreasLutro salt is too heavyweight for such a small task, and most of its unique features require the master/minion setup
15:46 Frantic That's the impression I got as well by looking at the docs. Thank you
15:48 whatever_sd_ joined #salt
15:51 toastedpenguin joined #salt
15:51 autofsckk joined #salt
15:51 akhter joined #salt
15:52 edrocks joined #salt
15:56 macheck_ joined #salt
16:06 dfinn joined #salt
16:08 mpanetta joined #salt
16:11 Tanta joined #salt
16:11 _JZ_ joined #salt
16:13 hal58th joined #salt
16:14 seglo i'm trying to setup a cluster in a VPC using vagrant-aws and salt.  i can provision one node easily enough (with a public elastic ip), but i'd like the rest of my nodes to only have an internal subnet ip.  unfortunately this means i can't ssh into those new machines since i don't have access to the subnet locally.  does anyone have any advice?
16:16 seglo i suppose arranging some kind of VPN to my VPC might be one option
16:18 ninjada joined #salt
16:20 Eugene You could setup a master inside the VPC, or do a VPC-VPN Connecttion
16:21 ronnix joined #salt
16:23 ajw0100 joined #salt
16:25 writtenoff joined #salt
16:26 seglo right, that's what i was thinking.  i got too wrapped up in a one command solution.  i can provision the master, then ssh in and do the rest.
16:26 Eugene syndic may be of interest
16:28 seglo yes, i may look into that.  thanks Eugene
16:29 LotR what's a VPC? or is that just another name for virtual machine?
16:31 Eugene VPC is AWS' fancy term for "a private network for you"
16:32 Cadmus LotR: Amazon love using odd names for things, this helped me a lot https://www.expeditedssl.com/aws-in-plain-english
16:32 forrest joined #salt
16:32 Eugene That's a good one
16:34 abednarik joined #salt
16:36 Edgan joined #salt
16:36 brotatochip joined #salt
16:36 lero joined #salt
16:38 benji joined #salt
16:40 Cadmus Has anyone had luck using the linux_acl thing? It says it's succeeding, but nothing appears when I run getfacl against the directory it should have altered
16:47 subsignal joined #salt
16:48 cwyse joined #salt
16:55 edrocks joined #salt
17:00 aw110f joined #salt
17:04 edrocks joined #salt
17:05 ageorgop joined #salt
17:05 jnials_ I'm trying to write an orchestration that uses salt.function.  I need to chain a bunch together.  What I've got isn't working.  What am I doing wrong?  https://gist.github.com/jnials/bb7089f124bc1b85e7392c1021b3b568
17:06 AndreasLutro jnials: isn't working how
17:06 AndreasLutro actually nevermind
17:06 AndreasLutro you're doing too much wrong for there to be a single error you can work with
17:07 AndreasLutro have a look at https://docs.saltstack.com/en/latest/topics/tutorials/states_pt5.html#function and compare your structure... specifically your use of -
17:08 jnials Yeah, I started there.  But in my actual code (not the stripped down version.  I've got a bunch of service.restarts for different daemons, and they have to happen in a particular order. I've been trying to figure out how to get around that.
17:10 AndreasLutro well you've got the right idea, you just put the - name: stuff at the wrong level
17:10 AndreasLutro similar to what you'd do in state .sls files
17:10 brotatochip joined #salt
17:12 jnials oh, ok.  That makes sense.  Back to my little coding hole, redo some things.
17:12 AndreasLutro the docs could use an example that uses this...
17:12 punkoivan joined #salt
17:12 jnials heh.  I'll see what I can do, once I get it figured out.
17:13 akhter joined #salt
17:13 jnials first priority is having this done for a release.
17:13 punkoivan left #salt
17:14 mapu joined #salt
17:14 akhter joined #salt
17:16 hasues joined #salt
17:16 hasues left #salt
17:18 Corey jfindlay: Be good to finally put a face to a name. :-)
17:19 hal58th joined #salt
17:20 jfindlay Corey: thanks
17:23 murrdoc jfindlay:  hows saltconf going
17:23 whatever_sd_ joined #salt
17:26 jnials Woot!  Thanks AndreasLutro.  I've got it working now.
17:27 mr_chris joined #salt
17:29 dmaiocchi joined #salt
17:29 cyborglone joined #salt
17:30 garphy joined #salt
17:31 flowstate joined #salt
17:32 druonysus joined #salt
17:34 jfindlay murrdoc: busy :)
17:35 murrdoc nice
17:35 jnials One last question:  Can you use jinja in an orchestration?  I want to set the tgt at the top of the orchestration.
17:36 cyborg-one joined #salt
17:36 robobot joined #salt
17:37 s_kunk joined #salt
17:37 robobot I took the saltstack cert exam yesterday, and there was one question I wasn't sure how to answer.  Not sure if it was meant to be a trick or if I don't actually know how pillars really work.  The question was something like "Pillar data is encrypted on a per-minion basis" true  or false.  I know that minions can't access other minions pillar data, but is it actually encrypted on a per minion basis?
17:38 AndreasLutro robobot: where are pillars rendered?
17:39 cyborglone joined #salt
17:39 robobot master
17:40 AndreasLutro I guess the answer lies in how the rendered data transferred to the minion
17:40 AndreasLutro +is
17:41 robobot Yeah, I thought it was kind of tricky.  I havn'et dealt with pillars much, since I only use saltstack in a really small environment, but from what I do know about them...I wouldt hink the answer would be false...
17:41 robobot anyways, thanks for your input.  It just confused me a little bit
17:42 AndreasLutro if you're pedantic like me you could make the argument that pillars get cached and that data isn't encrypted as far as I know
17:42 flowstate joined #salt
17:43 zer0def uh, quick question - do dictionaries in pillars merge or override each other?
17:43 robobot yeah, I answered false, because I assumed it was a trick.  It's not actually encrypted on a per minion basis.  I mean, it is per minion, but not encrypted for that reason
17:43 zer0def ls
17:43 zer0def whoops, sry
17:43 AndreasLutro zer0def: both, but override on duplicate keys
17:44 beardo joined #salt
17:44 zer0def AndreasLutro: just to double check - they override only on pythonically non-mutable values, correct?
17:44 diesis joined #salt
17:44 AndreasLutro erm, depends
17:45 AndreasLutro there are a couple of master configs to change the behaviour
17:45 druonysus joined #salt
17:45 AndreasLutro but by default, only dicts are merged, everything else is overwritten
17:45 zer0def yeah, thing is i have a nested dict
17:45 AndreasLutro nested dicts are merged recursively
17:46 AndreasLutro that's technically not correct either, if you have a dict inside a list that won't get merged :p
17:47 zer0def yeah, i know
17:47 zer0def that's not the case
17:48 zer0def actually, that IS the case
17:49 AndreasLutro do you have some example sls files? it might make it easier to dissect
17:49 zer0def nah, i just found out that i had a list interleave, so that's the thing causing a ruckus
17:49 AndreasLutro right
17:49 zer0def (think merging permissions for different rabbitmq vhosts for a rabbitmq user)
17:49 lws joined #salt
17:51 Netwizard joined #salt
17:54 envintus joined #salt
17:56 baweaver joined #salt
17:59 hasues joined #salt
18:03 hasues joined #salt
18:04 hasues left #salt
18:15 brotatochip joined #salt
18:19 spuder_ joined #salt
18:20 hasues joined #salt
18:20 hasues left #salt
18:27 bVector robobot: AndreasLutro: there is a special AES key that gets negotiated to transfer pillar data to minions
18:28 macheck_ joined #salt
18:28 bVector normal pub/sub communication is on the 'all minions' AES key, I think the question is trying to draw a distinction that pillar data is not pushed out using this 'all minions' key
18:28 bVector so I answered True
18:28 hasues joined #salt
18:29 bVector I passed with 83% so ymmv :P
18:30 bVector I think https://twitter.com/croldham would be able to answer definitively
18:30 AndreasLutro pretty sure there is no 'all minions' aes key - afaik the key negotiation takes place at the start of every zmq connection
18:31 bVector as I understand it, the authentication is done with public key encryption, and the minion gets a AES key thats shared with all and rotated every 24h by default
18:32 bVector otherwise the publish/subscribe model doesnt work as you'd have to repeat the message for every receiving minion as the keys would be different
18:33 AndreasLutro the minion does get the master public key at first, and it is optionally signed by the master signing key, but once it has that, it and the master does a key exchange since they now each have eachother's public keys
18:35 bVector I'm fairly sure that everything over the pub/sub port is encrypted with that rolling 24h AES key, the traffic going over the ret port may or may not be the same key depending on what is being transferred
18:39 AndreasLutro well, source code is too much to read so I guess we'll have to leave this discussion unsatisfied :(
18:45 richhal joined #salt
18:45 bVector crypted_transfer_decode_dictentry is the minion specific encryption
18:47 pfallenop joined #salt
18:47 MaCkeR_ joined #salt
18:50 subsignal joined #salt
18:50 sjmh joined #salt
18:51 quasiben joined #salt
18:52 ggoZ joined #salt
18:53 MaCkeR_ left #salt
18:54 rabbitfang joined #salt
18:57 edrocks_ joined #salt
18:58 hal58th joined #salt
18:58 dmaiocchi joined #salt
18:59 macheck joined #salt
19:00 macheck [mmi-mheck, Moto_CloudSRE] anyone know if there’s livecasts from saltconf?
19:03 Ahlee joined #salt
19:04 forrest macheck, There isn't
19:07 rabbitfang :(
19:11 ajw0100 joined #salt
19:18 law joined #salt
19:19 law hey all, I'm on salt 2015.8.8.2 and having problems with highstate not loading SLS files under '*' in top.sls
19:20 CeBe joined #salt
19:21 envintus Has anyone ran in to issues with trying to upgrade salt-minions using Saltstack and subsequently apt/salt-minion pkg install is left in a weird state, which never completes?
19:21 envintus You have to run dpkg --configure -a to fix it and then upgrade the agent manually.
19:22 envintus I'm trying to achieve what is described here: https://docs.saltstack.com/en/latest/faq.html#linux-unix
19:22 AndreasLutro envintus: yes, from 2015.8.3 specifically, it's fixed in later versions
19:22 envintus All of the systems managed under my Salt implementation being Debian Jessie
19:23 AndreasLutro mm that documentation advice is not exactly accurate
19:23 envintus Ok - so I was upgrading from 2015.8.3 (and later versions) to 2015.8.8. Is there a relevant Github issue for this? I'd like to social the finer details of it to my team.
19:23 AndreasLutro yeah let me find it
19:23 envintus Thanks!
19:24 AndreasLutro https://github.com/saltstack/salt/issues/30937
19:24 saltstackbot [#30937]title: Debian: upgrading from 2015.8.3 with pkg.install fails | ```...
19:24 envintus What about that documentation is not accurate? It seems reasonable at a glance.
19:24 AndreasLutro well, upgrading the package on debian would restart the service for you, the at stuff is pointless
19:24 AndreasLutro but on centos that's not the case, a package upgrade doesn't restart the service
19:24 truescot joined #salt
19:25 envintus Ah ok - is there anyway to not restart the service on Debian or this always going to be the case using apt as the package provider?
19:25 AndreasLutro I ended up writing a simple custom module to schedule a package upgrade with `at`
19:25 mpanetta joined #salt
19:25 AndreasLutro either you do that as well or just manually upgrade this particular version
19:25 AndreasLutro there's no way to not restart services when upgrading on debian as far as I know
19:26 envintus 10-4, thanks Andreas
19:28 baweaver joined #salt
19:31 law https://paste.fedoraproject.org/357934/14611807/
19:32 law I would at least expect '*' to pick up on the minion
19:32 AndreasLutro [ERROR   ] Unable to render top file: Jinja variable 'dict object' has no attribute 'site'
19:33 law I... don't know what that means, unfortunately
19:33 law this is a salt install I inherited, I'm still getting my feet wet with is
19:33 law *it
19:33 AndreasLutro you may want to check /var/cache/salt/minion/files/base/top.sls on the minion, it might not be the same as what's in your top.sl
19:33 AndreasLutro s
19:34 law the md5's match, fwiw
19:34 envintus Means that in your state file you're referencing an attribute from pillar data that does not exist.
19:34 AndreasLutro na.. it specifically says unable to render top file
19:35 AndreasLutro which means there's jinja templating the the top.sls
19:35 AndreasLutro which is failing
19:35 envintus Ah  ok
19:36 bcsoup joined #salt
19:36 irated joined #salt
19:36 AndreasLutro law: are you using gitfs? multiple environments?
19:36 irated hey guys... is there a way to make a state aware of other nodes?
19:36 AndreasLutro irated: to an extent, with mine data
19:36 irated for instance Im trying to have node x join 1 to build a cluster.
19:36 irated Mine data?
19:37 bcsoup Aloha - wondering if anyone has used a salt module to unzip a windows file
19:37 AndreasLutro look it up in the docs
19:38 bcsoup yeah  did didnt help
19:38 law definitely no gitfs, we do have multiple environments that are enforced through grains though
19:38 bcsoup cmd.run unzip -
19:38 bcsoup no ggod
19:38 AndreasLutro law: ok, well, if I were you I'd just go hunting for different versions of top.sls which have {{ something.site }} in them
19:38 AndreasLutro "something" can be anything of course
19:39 AndreasLutro but probably either "grains" or "pillar"
19:39 law here's what we've got in pillar: https://paste.fedoraproject.org/357938/46118114/
19:39 Tanta or so salt-call pillar.items, salt-call -g
19:40 Tanta that will show the pillars and grains on the minion
19:40 Tanta if you're not seeing pillars or grains you expect, check the matching logic in top.sls
19:40 GreatSnoopy joined #salt
19:41 kevinquinnyo joined #salt
19:42 kevinquinnyo i have a reactor that is just flat out not doing anything -- i have no idea how to troubleshoot this
19:42 kevinquinnyo i've commented everything out and have it calling the most basic local.state.sls file that works when called manually
19:42 kevinquinnyo salt-master just says "Gathering reactors"
19:43 irated AndreasLutro: Maybe you can lend some advice or even an example. We have a self service app that builds a docker swarm. In order to build the swarm we have all the information in the terraform file and its auto matically filled out using that. We would like to do the same thing with salt and remove the docker buildout from the terraform. Currently it joins on node 1 and node one could have any ip and name.
19:44 AndreasLutro so all you need is the name and IP of minions in the same cluster?
19:45 bVector kevinquinnyo: are you running salt-master with -ldebug or -ltrace?
19:45 bVector stop the service and run it in the foreground with those logging options if you can, it will spit out tons more info than default
19:45 kevinquinnyo -l debug
19:46 kevinquinnyo yes i am
19:46 bVector trace will give you lots more
19:46 kevinquinnyo i'll try trace
19:46 bVector you can do the same with the minion to see if that does anything
19:47 elsmo joined #salt
19:48 kevinquinnyo it receives the event, but then never seems to call the reactor that's configured to run when the remote api call comes in
19:49 orionx joined #salt
19:50 irated AndreasLutro: Correct
19:50 AndreasLutro irated: the official docs on mine data have an example you can almost copy/paste for that
19:50 lws joined #salt
19:51 brianfeister joined #salt
19:51 irated AndreasLutro: So then next question can I have dynamic pillars?
19:51 AndreasLutro sure
19:51 irated i.e. cluster-blah goes to pillar cluster-blah and all node information goes there?
19:52 orionx anybody doing anything with salt-minion on coreos?  i'm curious if it's possible to run salt-minion in a container and make changes to the underlying system and/or if ppl are simply using salt-ssh for coreos.
19:52 AndreasLutro pillar data is just a dictionary of data generated by code
19:52 AndreasLutro whatever your code does is up to you
19:53 kevinquinnyo sonofa... it was a typo, as usual in the reactor.conf -- missing a single quote.  I really wish that would have been more obvious in the log
19:53 kevinquinnyo in fact i dont think it was even in the log
19:54 baweaver joined #salt
19:59 edrocks_ joined #salt
20:09 djgerm joined #salt
20:11 djgerm what is the best way to store the contents of a managed file (a key) in pillar?
20:12 djgerm or rather… what does that pillar look like format wise
20:13 bVector djgerm: https://github.com/saltstack/salt/issues/5480
20:13 saltstackbot [#5480]title: Multiline strings tricky when used with ``file.managed`` ``contents`` param | This one is best articulated with an example. In short, if the ``contents`` param of ``file.managed`` is a function call that returns a multi-line string the template indentation is wrong....
20:13 djgerm mmmm
20:13 bVector similar to that
20:14 djgerm yup
20:14 irctc945 joined #salt
20:14 bVector yaml has those special string types made by pipe
20:14 bVector gotta be careful with indentation though
20:16 djgerm oh yeah i see…. need those "    " in front of every line of the key i suppose
20:17 djgerm thanks! I'll let you know how it works :)
20:17 wise0wl joined #salt
20:18 irctc945 q: do you guys know if the master needs to render all of the sls for the minions?
20:19 irctc945 so like, if I wanted to do a masterless set up - would I need to prerender the yaml for the minions? Or how does that work?
20:20 ninjada joined #salt
20:20 envintus joined #salt
20:22 brotatochip joined #salt
20:22 pipps joined #salt
20:28 orionx is there a way to specify an alternate python interpreter using salt-ssh? or a way to specify env variables in the shell that's used on the target?
20:29 orionx i.e. i'd like to tell salt-ssh to either use /foo/python as the python interpreter OR tell salt-ssh to add '/foo' to the $PATH
20:29 lws joined #salt
20:29 forrest irctc945, Did you already look at: https://docs.saltstack.com/en/latest/topics/tutorials/quickstart.html ? It's pretty much regular salt minus a few features when you run masterless.
20:30 forrest irctc945, https://github.com/gravyboat/hungryadmin-sls as an example runs on masterless.
20:33 tristianc joined #salt
20:33 irctc945 ah ok
20:33 irctc945 I'll check those out
20:33 irctc945 ty
20:33 forrest np
20:38 Fiber^ joined #salt
20:43 nZac joined #salt
20:46 hax404 joined #salt
20:48 druonysus joined #salt
20:48 Zuriel Anyone have any experience with the process of creating MSIs for salt-minion?
20:48 hax404 joined #salt
20:49 flowstate joined #salt
20:49 lws joined #salt
20:52 _JZ_ joined #salt
20:53 hasues left #salt
20:56 josuebrunel joined #salt
20:57 keimlink joined #salt
20:58 AnalogLifestyle joined #salt
20:59 pipps joined #salt
21:00 lws joined #salt
21:01 hasues joined #salt
21:01 cnk joined #salt
21:01 hasues left #salt
21:02 djgerm left #salt
21:03 cnk so any news about when the bootstrap-salt.sh script will work on Ubuntu 16.04? I am using Vagrant and it's provisioner wants to use that install script - which wants to get salt from https://repo.saltstack.com/apt/ubuntu/16.04/amd64/latest
21:03 cnk which... doesn't exist yet
21:03 brotatochip joined #salt
21:04 hemebond cnk: Could you not use git?
21:04 hemebond Or pip?
21:04 forrest cnk, https://github.com/gravyboat/demo-app-2/blob/master/Vagrantfile#L42
21:04 forrest do that.
21:04 salty_solution joined #salt
21:04 forrest Should use your distro's package manager.
21:04 forrest Other options also exist: https://www.vagrantup.com/docs/provisioning/salt.html#install_type
21:04 flowstate joined #salt
21:05 josuebrunel joined #salt
21:06 cnk I didn't specify install type. Is stable not the default?
21:07 ageorgop joined #salt
21:09 envintus joined #salt
21:10 forrest By default it uses the bash script.
21:10 cnk Errors at the same point - at least with vagrant provision
21:10 cnk trying again from scratch
21:10 forrest Is it saying it's still trying to pull from the bash script?
21:11 richhal joined #salt
21:12 cnk apparently
21:12 cnk WARN: Running the unstable version of bootstrap-salt.sh
21:13 bltmiller joined #salt
21:14 brianfeister joined #salt
21:19 forrest A warn shouldn't stop the script from running
21:19 bltmiller so I'm running my salt-master as non-root. are there a set of best practices to abide by for running salt as a non-privileged user? e.g. where to place things that typically go in /etc/salt and /var/cache?
21:19 bltmiller more info, I have write-access only to my home directory
21:20 forrest bltmiller, All that exists as far as I'm aware is: https://docs.saltstack.com/en/latest/ref/configuration/nonroot.html and https://docs.saltstack.com/en/latest/topics/tutorials/rooted.html
21:20 bltmiller forrest: yyyyyep lol very familiar with those docs. was hoping for some more guidance :/
21:20 forrest Nope, the number of people running salt as a non-root user is pretty minimal
21:21 forrest So I've never seen any docs even proposed for it.
21:21 bltmiller awesome
21:21 forrest Just put it wherever you feel it should go.
21:22 bltmiller I'll have to be sure to document my own experience and throw it up on my blog ^_^
21:22 cnk https://gist.github.com/cnk/5c322d34db573b4bacc3b816433bd09a
21:22 forrest bltmiller, Sounds good.
21:23 hal58th joined #salt
21:23 forrest cnk, What version of vagrant are you running?
21:23 cnk I can provide the ENTIRE output but that gist shows that even with install_type stable, this is still trying to use the bootstrap.sh
21:24 forrest Yeah for sure.
21:24 cnk this is actually the git version - for another Ubuntu 16.04 issue that isn't released yet
21:24 cnk so 1.8.2.dev
21:25 subsignal joined #salt
21:26 fxhp joined #salt
21:26 cnk I'll try again with Vagrant 1.8.1 but don't know that I will get as far as provisioning
21:26 cnk nope
21:26 wise0wl joined #salt
21:26 forrest cnk, Yeah I don't think that is the issue, I think this is the problem: https://github.com/saltstack/salt-bootstrap/issues/596 related to http://ppa.launchpad.net/saltstack/salt/ubuntu/dists/
21:26 saltstackbot [#596]title: ppa does not support 15.04 | Vivid (Ubuntu 15.04) is not supported by the saltstack ppa....
21:26 cnk the network stack stuff fails in the released Vagrant
21:27 forrest 16.04 (Xerus) isn't in the dist list
21:27 forrest but it should be using the salt repo, let's see if it's over there...
21:27 cnk what is ppa?
21:27 forrest the package index for ubuntu
21:28 kevinquinnyo1 joined #salt
21:29 PeterO joined #salt
21:30 forrest hmm, 16.04 isn't here: https://repo.saltstack.com/apt/ubuntu/
21:30 hemebond 16.04 gets released tomorrow.
21:30 hemebond (the actual OS that is)
21:30 forrest Good to know hemebond, was wondering why it wasn't in the current list yet if it's scheduled for tomorrow
21:31 forrest That means the bootstrap might be falling back from the apt installation because it can't find a package.
21:31 wise0wl We are using compound grain matching in our top.sls to apply states.  However, any minion can change it's "role" grain, and essentially hijack pillar data (once refreshed).  This is bad.  What is a secure pattern we can use for applying states to servers based on a common "role"?
21:31 forrest cnk, Can you use 14.04? Or do you have to use 16.04?
21:31 cnk The frustrating thing for me is that apt install salt-minion already works - so our AMIs are getitng salt just fine
21:31 cnk but I am trying to get our dev environments up to snuff
21:32 cnk no 14.04 was too old. We were using 15 but it is EOLed
21:32 forrest cnk, Gotcha, what if instead (it's super ghetto) you just used: https://www.vagrantup.com/docs/provisioning/salt.html#bootstrap_script
21:32 hemebond wise0wl: I always use pillars or top.sls to do that.
21:32 forrest The problem is salt no longer controls the vagrant provisioner
21:32 hemebond wise0wl: You could also use nodegroups.
21:32 jkleckner joined #salt
21:32 forrest so it's in limbo and doesn't get as many updates as it should :(
21:33 dayid joined #salt
21:33 forrest Past that I sadly don't have a suggestion other than to file a bug on the bootstrap script.
21:33 cnk well if the ppa or the directory the bootstrap script wants were fixed, I think the vagrant provisioner would be fine
21:33 forrest Either way a bug should be filed to confirm whether this is specific to 16.04 or not
21:33 forrest Very true.
21:33 jkleckner joined #salt
21:34 wise0wl hemebond: our servers come up with essentially UUID hostnames
21:34 cnk the very specific problem - no 16.04 directory - is specific to that release.
21:34 forrest Correct.
21:34 cnk But given that the 15.04 bugs in salt have not been closed makes me worry that this won't get any love either
21:34 hemebond wise0wl: Sure but you can give them a minion ID. Is this a cloud environment?
21:35 forrest cnk, Well, the problem is that the 16.04 folder doesn't exist on the repo server.
21:35 forrest cnk, So once someone packages it up, it should be fine, would you agree?
21:35 forrest I just assume no one did it yet because the release isn't out yet and it wasn't a priority.
21:35 forrest jfindlay, Are you around or busy with saltconf?
21:35 wise0wl hemebond: This is a cloud environment.  I suppose we can set the minion ID to include a "role"
21:35 cnk Whose repo server? the url says it's saltstack.com
21:36 forrest It is, that's what I linked before: http://repo.saltstack.com/apt/ubuntu/
21:36 cnk but thanks for pointing out the bootstrap_script option
21:36 hemebond wise0wl: Well that's up to you if the ID contains the role. That is, generally, what I do and it makes things easier.
21:36 cnk I think that might give me a workaround
21:36 forrest cnk, Yeah, I've done it before sadly, you might be able to strip most of the content.
21:36 Netwizard joined #salt
21:36 cnk but we are moving to salt because chef is so fragile. This isn't giving me the wam fuzzies
21:37 forrest Totally understandable. Most of that is due to the bootstrap script (it's very complicated).
21:37 Netwizard cnk, chef seems to create a lot of ¨technical debt¨ as i would call it
21:37 hemebond 16.04 hasn't even been released yet.
21:37 hemebond That's more than bleeding-edge; that's premature :-)
21:37 forrest hemebond, Yeah that's why I assume stable is failing.
21:38 forrest Because there's no dir to do the install on the salt repo box.
21:39 hemebond forrest: It was more a response to the "warm fuzzies" comment.
21:39 forrest hemebond, Gotcha. Stable should be handling things... a little more elegantly.
21:40 AnalogLifestyle joined #salt
21:40 cnk Yes confusing since my collegue has been doing apt install salt-minon on our AMI for 2 weeks now. Wonder where that is getting its packages
21:40 druonysus joined #salt
21:40 forrest You're running 16.04 in production?
21:40 hemebond Is your colleague using the Ubuntu repos or the Saltstack repos?
21:40 cnk no staging - we aren't live now
21:42 brotatochip joined #salt
21:44 justyns joined #salt
21:44 cnk hemebond: I'll have to log in and find out
21:49 iggy wise0wl: there are a couple ways people have worked with that situation, use pillar roles (but then your pillar top file is still horrendous unless you tie that in via an ext_pillar that looks up the info somewhere)
21:49 sjorge joined #salt
21:50 iggy another is to use something like reclass
21:50 pipps joined #salt
21:50 netcho joined #salt
21:52 west575 joined #salt
21:52 netcho hi all
21:52 netcho reading about ec2-reactor and it says This package includes a file in its reactor/ directory called ec2-autoscale.sls
21:53 netcho but there is only init.sls
21:53 netcho https://github.com/saltstack-formulas/ec2-autoscale-reactor
21:53 netcho is it the same one?
21:54 forrest Looks like it, you'll probably want to test it.
21:55 wise0wl @iggy: pillar roles...do you mean just adding compound matching to your pillar/top.sls?
21:56 wise0wl @iggy: because we do that already---but it doesn't help the fact that minions can set their own grains and therefore set their own roles, allowing them access to whatever info they want
21:57 lws joined #salt
21:59 hemebond wise0wl: They mean put/define your roles in your pillar instead of grains.
22:00 hemebond They mention ext_pillar to help match pillars (and the roles contained therein) to hosts.
22:00 pipps joined #salt
22:01 iggy wise0wl: ^ so instead of roles being a grain, you make roles a pillar value
22:02 djgerm joined #salt
22:02 baweaver joined #salt
22:03 djgerm you know, regarding my earlier question about multi line pillar.get, file.managed has the sweet contents_pillar thing which worked like a charm
22:06 wise0wl iggy: Alright.  So, right now, we are starting systems with salt cloud, and injecting a role grain on instantiation, which allows a highstate to be run, and our salt/top.sls compound matching applies all the proper states.
22:09 iggy wise0wl: injecting how?
22:09 hemebond iggy: You can define grains in the salt-cloud config for that instance/VM.
22:10 wise0wl ec2 profile for salt-cloud.  We set minion -> grain
22:10 hemebond And they will be added to the minion config.
22:10 wise0wl yeah
22:10 hemebond wise0wl: You will need to look at matching on the minion ID I think.
22:11 wise0wl hemebond: Yeah, I think you are right.
22:11 djgerm left #salt
22:13 iggy you can set metadata in ec2, find/write an ext_pillar that pulls that into pillar->roles
22:13 hemebond There is an ext_pillar that will pull out ec2 tags for you.
22:14 hemebond Actually I think that might pull them into grains though.
22:14 lws joined #salt
22:15 pipps joined #salt
22:17 flowstate joined #salt
22:17 iggy yeah, there's definitely one of those
22:17 akhter joined #salt
22:19 ninjada joined #salt
22:20 wise0wl hemebond: We are using ec2 tags, buttttt don't want to limit ourselves to a single cloud provider.  We also have enough problems with EC2 API rate limiting :P  So querying for potentially tens of thousands of instance id's would cause issues
22:21 hemebond wise0wl: The grains are sent by the minion to the master periodically (default is once an hour I think)
22:21 wise0wl Ah
22:34 cyborg-one joined #salt
22:36 bwd joined #salt
22:37 kevinmm joined #salt
22:38 bwd left #salt
22:38 zenlot joined #salt
22:44 ageorgop joined #salt
22:44 nZac joined #salt
22:48 UForgotten joined #salt
22:49 ninjada joined #salt
22:50 ninjada joined #salt
22:51 cnk forrest: The issue with vagrant salt's install_type = stable not installing the deb is because one needs to run apt update first.
22:52 forrest cnk, Ahh okay.
22:52 forrest Well that's good, and an easy fix.
22:52 cnk going to experiment with a custom bootstrap script that does the update and then install with apt
22:52 forrest can't you just pass the command through the vagrant file first?
22:52 pipps joined #salt
22:53 cnk Not sure. The minus of DSLs is it isn't clear what context code runs in
22:54 forrest cnk, https://github.com/gravyboat/demo-spm-2/blob/master/Vagrantfile#L33
22:55 lemur joined #salt
22:55 cnk I figured it would be easiest to customize the salt install and then let the salt provisioning bring everything up to date
22:55 cnk but I'll look into the config.vm.define block
22:56 cnk does that demo run hte provision and then the stuff in the define?
22:56 forrest The config.vm.provision line should be a 1 liner, then you're covered going forward as well and you avoid the extra bootstrap
22:56 forrest As far as I remember it runs everything in the order of the file.
22:56 forrest I had to do this as a workaround because salt was failing to install thanks to nss packages if I remember correctly.
22:57 cnk thanks I'll have a look
22:57 forrest NP.
22:57 CeBe joined #salt
22:58 CeBe joined #salt
22:59 CeBe joined #salt
22:59 CeBe joined #salt
23:01 CeBe joined #salt
23:02 CeBe joined #salt
23:06 flowstate joined #salt
23:07 keimlink_ joined #salt
23:07 MTecknology SPRINT!!!!!
23:07 MTecknology forrest: SPRINT!
23:07 forrest MTecknology, No thanks.
23:08 MTecknology oh :(
23:08 WKNiGHT joined #salt
23:08 forrest Need to prep for an interview, don't have time sorry.
23:08 forrest MTecknology, Also I'm not there, which makes it tough.
23:09 MTecknology I expected to recognize a lot more saltstack employees this year .. and the whole crew I remember form last year.. all gone. :(
23:09 forrest MTecknology, Employee crew or community crew?
23:09 MTecknology yes
23:09 * iggy guesses both
23:09 forrest I know a lot of the community 'die hards' didn't attend this year, myself and iggy included.
23:09 * MTecknology pouts because iggy isn't here
23:09 forrest Company wise, people move companies, not surprising
23:10 MTecknology NO! Nobody moves. They all just kinda go into a persistent state when I leave.
23:10 MTecknology :P
23:11 iggy a bunch of my coworkers are there
23:11 forrest Yeah but they're salt noobs right?
23:11 iggy no(t all of them)
23:13 MTecknology I imagine none of them are familiar to me
23:16 MTecknology It's fun sitting in the back and watching what people look up while talks happen. I just watched someone pull up an intro to jinja website.
23:16 * iggy closes his laptop
23:17 MTecknology I try to convince myself to keep it closed and just leave if I'm too bored, but I wanted to take notes on this one.
23:18 MTecknology I don't know how to run a laptop without IRC running on it. My hardware pretty much has it burned in. :(
23:22 brotatochip joined #salt
23:22 kevinmm I'm trying to understand how to bootstrap salt, in order to run the "salt-formula" formula, in order to configure my salt-master.  Do I use bootstrap to install salt-master and salt-minion, then run highstate?  Do I have to preseed the minion id?  I'm a little lost.
23:23 envintus joined #salt
23:25 forrest You should probably start here kevinmm: https://docs.saltstack.com/en/getstarted/
23:27 kevinmm I'm sorry if I sound that lost.  I do understand how to configure the salt-master, add a salt-minion, etc.  I'm just a little lost on what the setup is for the salt-formula.
23:28 forrest https://github.com/saltstack-formulas/salt-formula is simply a way for salt to manage itself.
23:28 kevinmm Say I have several master.d config files and a top.sls, and I want to version control them.  Then, use the salt-formula to configure my master.
23:28 forrest Once you have it installed.
23:28 pipps joined #salt
23:29 iggy you could always start by _not_ using formulas
23:29 antpa joined #salt
23:29 iggy it's a novel approach for sure, but you learn a lot
23:29 forrest yeah so you install the minion/master, pull your code over (in this case salt-formula) and then run it. As iggy said you might want to start by not using that formula as it's meant to get the box configured to your needs, which for first timers isn't really needed.
23:30 wenzel62 joined #salt
23:31 kevinmm yeah, I'm sorry if I sound like such a first timer.  I have written and run states, setup a master and separate minion (I guess I'm not used to them being on the same machine), etc.  I'm trying to automate the setup of our salt-master.
23:32 forrest Nah no worries, just sounded like you were trying to configure your master using the salt-formula as your first foray which is major overkill. You still have to get the content onto the server, whether that's handled through salt pulling it on, or a cron that pulls it onto the system.
23:32 flowstate joined #salt
23:33 forrest Most likely if this was a cloud based infra I would have my automation tooling spin the box, install salt master, use git to pull this salt-formula down, then run the specified states, or run a highstate depending on how you have things configured.
23:34 forrest Does that make more sense?
23:35 macheck_ joined #salt
23:36 brianfeister joined #salt
23:36 kevinmm Yes.  I guess I keep thinking that top.sls needs to include the salt-formula and the minion needs to be installed, locally, to run it.  Maybe I misunderstood that?  I guess I'm still fuzzy on the role of the master vs. the minion in this case.
23:37 forrest Your master would also need to be a minion for that state to be applied yes.
23:37 forrest otherwise the master can't manage itself.
23:37 forrest Any system you want to manage needs to be a minion, that includes the master.
23:37 N-Mi joined #salt
23:37 N-Mi joined #salt
23:41 kevinmm Ok.  At least I'm going down the right road.  Just need to automate it.  Thanks.  Are there any examples of preseeding the minion during bootstrap, so that I can immediately run highstate afterwards?
23:41 forrest Ryan_Lane has some docs on doing that masterlessly: http://ryandlane.com/blog/2014/08/26/saltstack-masterless-bootstrapping/ but I can't think of any examples for a setup with a master.
23:43 djgerm joined #salt
23:43 hemebond kevinmm: How are you building your minions?
23:43 hal58th joined #salt
23:43 djgerm left #salt
23:44 _JZ_ joined #salt
23:49 kevinmm We aren't really building minions, yet.  Just worked with pre-existing machines where I bootstrapped the minion install, accepted the key, ran highstate, etc.  Just trying to setup the salt infrastructure right now, e.g. a one-liner to setup the salt-master, which is using gitfs for the states and pillars.
23:49 djgerm joined #salt
23:51 kevinmm We'll then use this to configure local vagrant vm's.  And, eventually, configure aws, etc.  Nothing huge.
23:51 abednarik joined #salt
23:51 djgerm so… something crazy and I dont know what happened. but somebody did a pillar refresh, and now it seems all the pillar data is missing? (it's safe, in git) but doesn't seem to be… accessible anymore? The master log shows it doing the refresh without error.
23:51 djgerm Any thoughts?
23:53 irctc168 joined #salt
23:58 hasues joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary