Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2016-04-21

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:00 cpowell joined #salt
00:02 iggy refresh again? maybe the git server was down
00:03 djgerm i've refreshed like a dozen times :( no love
00:03 wise0wl joined #salt
00:03 amcorreia joined #salt
00:04 wenzel62 hi !
00:04 edrocks joined #salt
00:04 wenzel62 is there a way to call salt-call as user ?
00:05 wenzel62 i always get an error : Permission denied: '/var/cache/salt'
00:05 wenzel62 i thought i could use the --config-dir parameter to specify a directory to store /etc and /var, but it doesn't work
00:05 wenzel62 any help on this ?
00:09 subsignal joined #salt
00:13 wenzel62 ok, it works , thx !
00:13 djgerm woo alright!
00:21 brotatochip joined #salt
00:23 wenzel62_ joined #salt
00:23 brotatochip joined #salt
00:24 baweaver joined #salt
00:33 flowstate joined #salt
00:35 brotatochip joined #salt
00:35 hasues left #salt
00:37 Cadmus1 joined #salt
00:38 twork_ joined #salt
00:39 iamtew_ joined #salt
00:40 armyriad joined #salt
00:40 patrek joined #salt
00:40 TyrfingMjolnir joined #salt
00:40 MikaT joined #salt
00:40 oeuftete joined #salt
00:40 jkleckner joined #salt
00:40 voileux joined #salt
00:41 qman__ joined #salt
00:41 tkeith joined #salt
00:41 ajw0100 joined #salt
00:41 kows joined #salt
00:41 duckfez joined #salt
00:44 euidzero joined #salt
00:44 rome_390 joined #salt
00:44 xMopxShell joined #salt
00:44 garphy joined #salt
00:45 MindfulMonk joined #salt
00:46 ageorgop joined #salt
00:46 Garyx joined #salt
00:50 nZac joined #salt
00:50 brotatochip hey guys, i’m configuring filebeat using saltstack, but apparently the command to start or restart the service is hanging
00:50 brotatochip any idea how to debug this?
00:51 subsignal joined #salt
00:51 brotatochip i’m running filebeat 1.2.1 on Amazon linux 2015.09
00:51 brotatochip so it’s upstart, not systemd
00:52 hemebond brotatochip: Is it a state you wrote yourself?
00:52 brotatochip yes
00:52 hemebond You can specify the service provider in your state.
00:52 brotatochip however it even hangs on cmd.run
00:52 hemebond Oh.
00:52 brotatochip cmd.run ‘service filebeat start’ hangs
00:52 jesusaur joined #salt
00:52 hemebond And when you do it on the minion itself?
00:52 brotatochip no problems when I run the command myself locally
00:53 hemebond And you're running the minion as root?
00:53 brotatochip yup
00:53 brotatochip i installed the precompiled binaries using the yum repo
00:54 hemebond https://github.com/saltstack/salt/issues/30845
00:54 saltstackbot [#30845]title: topbeat/*beat services hang Salt | Not sure if this is more of a Salt issue or a Elastic/Beats issue, but I had to pick someplace to start. I'm trying to set up Elastic's [topbeat](https://github.com/elastic/beats) log aggregation program, but seem to have a problem starting it using Salt's `service` module and/or state. When I do `salt-call --local service.start topbeat`, salt-call never returns. Or if I run it on the master, t
00:55 brotatochip thanks hemebond
00:56 hemebond :thumbsup:
00:57 wise0wl joined #salt
00:59 iceyao joined #salt
01:00 iceyao_ joined #salt
01:01 numkem joined #salt
01:02 akhter joined #salt
01:02 iceyao_ joined #salt
01:02 wise0wl joined #salt
01:04 sjmh joined #salt
01:05 racooper joined #salt
01:05 numkem joined #salt
01:06 catpigger joined #salt
01:14 ninjada trying to test a state with boto_secgroup.present from the docs https://docs.saltstack.com/en/latest/ref/states/all/salt.states.boto_secgroup.html
01:15 ninjada Comment: State 'boto_secgroup.present' was not found in SLS -
01:15 ninjada Reason: Module 'boto_secgroup' is not available.
01:15 ninjada but when i run it against my minion, which has both an iam profile with full axs as well as a credential file configured, i get a fail with the above error
01:16 ninjada boto is installed on the minion, seems to work manually fine
01:19 pipps99 joined #salt
01:24 ixeous joined #salt
01:24 hrumph joined #salt
01:24 hrumph yo
01:25 hrumph i have an idea for winrepo
01:25 hrumph it would be nice if for things like firefox
01:26 hrumph where there displayname is something like Mozilla firefox 50.1.3
01:26 djgerm left #salt
01:26 hrumph would be nice if that was changed in the windows registry to just "firefox"
01:27 hrumph so maybe in winrepo there could be a "postInstallDisplayName" and it will convert "Mozilla firefox 50.1.3" to the postIntstallDisplayName (probably firefox)
01:28 hrumph ormaybe Mozilla firefox 50.1.3 should be designated the "originalDisplayName"
01:29 hrumph so when the install process is completed it looks for the originaldisplayname then changes it
01:29 hrumph what do you think?
01:31 flowstate joined #salt
01:31 cmclaughlin joined #salt
01:31 Garyx joined #salt
01:32 brianfeister joined #salt
01:33 envintus joined #salt
01:34 nZac joined #salt
01:35 feld joined #salt
01:35 feld joined #salt
01:35 Gabemo joined #salt
01:36 chrismoos joined #salt
01:36 cliffstah joined #salt
01:37 pmcnabb joined #salt
01:37 liskl joined #salt
01:38 nkuttler joined #salt
01:46 iceyao joined #salt
01:46 iceyao_ joined #salt
01:47 iceyao joined #salt
01:48 aharvey joined #salt
01:49 spuder joined #salt
01:51 hrumph https://github.com/saltstack/salt/issues/32740
01:51 saltstackbot [#32740]title: half-baked idea for winrepo | ### Description of Issue/Question...
01:52 wise0wl joined #salt
01:53 XenophonF no thanks
01:54 PeterO joined #salt
01:54 XenophonF don't screw with the windows installer database
01:54 hrumph XenophonF, ok but I don't know what breakages actually occur
01:55 XenophonF POLA is enough, in my mind
01:55 XenophonF i speak as a longtime windows admin
01:55 XenophonF that would seriously mess with my colleagues' heads
01:55 XenophonF and i don't think it would make the list of installed apps any easier to read/comprehend
01:56 XenophonF "if it ain't broke" etc.
01:56 hrumph XenophonF, i think it would help with salt. because if you do allow_updates for firefox I don't think that salt can even recognise an update
01:56 djgerm joined #salt
01:57 hrumph there probably has to be at least a match on the display name
01:57 XenophonF "don't think"? objection your honor: calls for speculation
01:57 envintus joined #salt
01:58 hrumph well i never tested that but i guess i can tommorrow when i'm at work
01:58 XenophonF if you look at the salt-winrepo.get repo, specifically firefox.sls, you'll notice that it maintains a somewhat longish list of firefox package names
01:58 hrumph yes
01:58 hrumph but if you update to something not in the list
01:58 hrumph the displayname will not be matched
01:59 hrumph it will with chrome and adobe reader DC but not with firefox because the displaynames are non-canonical and contain version codes
01:59 hrumph i'll have another look in case i missed something
02:00 XenophonF if you only use winrepo to do updates, then the displayname will only ever match
02:01 hrumph XenophonF, yes but if a user has autoupdates you should be able to use allow updates with that but you can't
02:01 XenophonF true
02:01 hrumph not with firefox (AFAICS but i haven't tested it)
02:01 cpowell joined #salt
02:02 hrumph i'll point this out in the issue because this was actually the motivation
02:03 iceyao joined #salt
02:04 XenophonF salt/modules/win_pkg.py, look at the definition of the function latest_version()
02:04 hrumph ok sure i'll look
02:04 hrumph as i said i might be wrong about everything
02:04 iceyao joined #salt
02:05 XenophonF i think you're right, but i still don't think editing the windows installer db
02:05 XenophonF is a good idea
02:06 iceyao joined #salt
02:06 XenophonF i dunno
02:07 edrocks joined #salt
02:08 iceyao_ joined #salt
02:10 Garyx joined #salt
02:10 djgerm left #salt
02:10 eliasp joined #salt
02:11 iceyao joined #salt
02:13 iceyao joined #salt
02:13 Garyx joined #salt
02:14 iceyao joined #salt
02:16 hrumph maybe it's not the greatest idea if for the only reason if something is installed outside of salt it'll will have a different name than if it were
02:17 akhter joined #salt
02:17 Garyx joined #salt
02:28 iceyao joined #salt
02:33 flowstate joined #salt
02:33 sjmh joined #salt
02:34 Garyx joined #salt
02:34 meekrab joined #salt
02:37 evidence joined #salt
02:37 Garyx joined #salt
02:42 irctc707 joined #salt
02:42 Garyx joined #salt
02:42 irctc707 If anyone else is at #saltconf, we just set up a minecraft server with one of linodes trials.  SaltConf.devopslibrary.com!
02:43 aharvey joined #salt
02:45 ntropy no streams from saltconf?  that would be super cool
02:45 writtenoff joined #salt
02:45 Garyx joined #salt
02:46 wise0wl joined #salt
02:49 Garyx joined #salt
02:50 hemebond Wasn't there a way to register for remote viewing?
02:51 eliasp joined #salt
02:52 wise0wl joined #salt
02:54 evle joined #salt
02:55 spuder_ joined #salt
03:00 ntropy can't see anything like that on the website
03:00 ntropy i guess ill just have to wait for videos to appear on youtube
03:01 druonysus joined #salt
03:02 Garyx joined #salt
03:03 hemebond You and me both,
03:03 CeBe joined #salt
03:04 CeBe joined #salt
03:04 CeBe joined #salt
03:05 CeBe1 joined #salt
03:06 CeBe joined #salt
03:06 CeBe joined #salt
03:07 CeBe joined #salt
03:11 ramteid joined #salt
03:11 Garyx joined #salt
03:11 s_kunk joined #salt
03:13 spuder joined #salt
03:18 jfelchner joined #salt
03:18 pipps joined #salt
03:20 Garyx joined #salt
03:21 brianfeister joined #salt
03:25 pipps joined #salt
03:27 salt-bantone woop saltstack certified
03:28 hemebond Already?
03:28 salt-bantone well i took the test last year
03:28 hemebond Ah :-)
03:28 salt-bantone only took me three tries including last ;)
03:28 hemebond Congrats.
03:28 spuder_ joined #salt
03:32 flowstate joined #salt
03:32 Garyx joined #salt
03:35 Garyx joined #salt
03:36 hrumph when you do certification can you read docs?
03:39 lws joined #salt
03:42 Garyx joined #salt
03:44 brianfeister joined #salt
03:46 sjmh joined #salt
03:49 Garyx joined #salt
03:51 salt-bantone yea hrumph
03:57 Garyx joined #salt
04:02 Garyx joined #salt
04:02 cpowell joined #salt
04:05 favadi joined #salt
04:05 Garyx joined #salt
04:10 Garyx joined #salt
04:10 ggoZ joined #salt
04:10 edrocks joined #salt
04:13 Garyx joined #salt
04:17 Garyx joined #salt
04:27 capricorn_1 joined #salt
04:27 ggoZ joined #salt
04:28 jfelchner_ joined #salt
04:30 Garyx joined #salt
04:32 flowstate joined #salt
04:33 Garyx joined #salt
04:37 Garyx joined #salt
04:38 aharvey joined #salt
04:40 ToeSnacks_ joined #salt
04:42 Garyx joined #salt
04:42 moy_ joined #salt
04:43 bVector joined #salt
04:43 Garo_ joined #salt
04:44 akoumjian joined #salt
04:44 bstaz joined #salt
04:45 Garyx joined #salt
04:46 mattl_ joined #salt
04:46 justyns how much does the test cost?
04:50 Garyx joined #salt
04:51 josuebrunel joined #salt
04:53 Garyx joined #salt
04:57 Garyx joined #salt
05:00 madpenguin joined #salt
05:02 Garyx joined #salt
05:05 Garyx joined #salt
05:07 josuebrunel joined #salt
05:09 sauvin joined #salt
05:09 Garyx joined #salt
05:14 Garyx joined #salt
05:17 Garyx joined #salt
05:30 Garyx joined #salt
05:31 flowstate joined #salt
05:34 Garyx joined #salt
05:37 djgerm joined #salt
05:39 djgerm when I provision with salt-cloud to ec2, how do I set the "domain" grain on instantiation? (it "Just works" with vsphere, e.g. putting domain: domain.com in the cloud profile)
05:39 Garyx joined #salt
05:40 hemebond djgerm: Isn't the domain grain taken from the fqdn?
05:40 hemebond hostname -f ?
05:41 salt-bantone yea
05:44 Garyx joined #salt
05:45 djgerm hmm....
05:45 djgerm i see…
05:46 djgerm how do I set fqdn properly on instantiation in ec2 then :)
05:47 Garyx joined #salt
05:53 kshlm joined #salt
05:54 salt-bantone https://docs.saltstack.com/en/latest/topics/targeting/grains.html#writing-grains
05:55 Garyx joined #salt
05:56 akhter joined #salt
05:57 lws joined #salt
05:58 djgerm I was hoping for a more elegant version of this https://blog.jixee.me/saltstack-how-to-deploy-ec2-instances-with-salt-cloud/
06:00 Garyx joined #salt
06:05 Garyx joined #salt
06:09 Garyx joined #salt
06:12 ivanjaros3916 joined #salt
06:12 dyasny joined #salt
06:13 flowstate joined #salt
06:13 edrocks joined #salt
06:16 Garyx joined #salt
06:16 hemebond Not sure you'll find a more elegant version. That seems pretty straight-forward.
06:19 Garyx joined #salt
06:21 AndreasLutro djgerm: you could set the hostname in a shell script or cloud-config using user data
06:21 AndreasLutro would still require a reboot though I think
06:21 fxhp joined #salt
06:25 Garyx joined #salt
06:26 djgerm hrmmm
06:28 slav0nic joined #salt
06:30 Garyx joined #salt
06:30 impi joined #salt
06:31 flowstate joined #salt
06:34 MTecknology justyns: the SSCE test?
06:34 yuhlw joined #salt
06:35 MTecknology justyns: I would venture a guess that 80% of people, me included, took it through pre-conference registration and have no clue the actual cost. :P
06:35 impi joined #salt
06:35 Garyx joined #salt
06:40 Garyx joined #salt
06:43 meekrab joined #salt
06:43 Garyx joined #salt
06:43 armyriad joined #salt
06:43 jhauser joined #salt
06:44 sjorge joined #salt
06:44 KermitTheFragger joined #salt
06:47 Garyx joined #salt
06:48 lero joined #salt
06:57 evle joined #salt
06:58 richhal joined #salt
06:59 stooj joined #salt
06:59 lws joined #salt
07:00 Garyx joined #salt
07:03 Garyx joined #salt
07:05 josuebrunel joined #salt
07:05 dmaiocchi joined #salt
07:06 josuebrunel joined #salt
07:10 honestly is there a way to resolve a host name from salt?
07:10 honestly I want to put host names into pillar files but they need to be resolved to IPs to be put into config files on the target
07:11 honestly I guess a custom module should do it...
07:12 iggy you can write sls files in straight python
07:12 Garyx joined #salt
07:12 honestly no I can't
07:12 honestly because those don't work in salt-ssh
07:12 iggy then you have access to all the normal python functions...
07:12 iggy oh, I really should remember your name to ignore from now on ;)
07:12 honestly ¯\_(ツ)_/¯
07:13 honestly sorry I'm using salt in ways nobody ever expected :P
07:13 admgre joined #salt
07:14 iggy I wish I could help :/
07:15 honestly here is a cleanly reproducable failure: https://github.com/saltstack/salt/issues/31236#issuecomment-189246474
07:15 saltstackbot [#31236]title: States using the cp module don't work when Py renderer is used | This reproduces on develop branch and with every salt release that can be installed on my target system (Ubuntu 14.04 LTS). Most functions in the cp module, e.g. `cp.get_file_str` or `cp.cache_file` do not work....
07:15 honestly you can help by fixing the bug ;)
07:15 ninjada_ joined #salt
07:15 druonysus joined #salt
07:15 iggy but yeah, there is a lot of functionality in salt.modules.network and you could add your own and call them like normal in jinja
07:16 CeBe joined #salt
07:17 iggy I don't even like fixing bugs in functionality I use... much less stuff I don't use
07:17 quasiben joined #salt
07:19 hemebond honestly: Sounds like a job for Salt Mine
07:19 hemebond No?
07:20 honestly hemebond: do you think *that* works with salt-ssh?
07:20 hemebond Oh, missed that line.
07:20 hemebond Good luck :-)
07:21 hemebond (sounds like something to be done outside of Salt to me)
07:21 honestly network dig is kinda... shameful.
07:21 honestly there's no way to pass arguments to dig :|
07:22 honestly but I guess cmd.run will do
07:26 dmaiocchi joined #salt
07:32 CeBe joined #salt
07:32 flowstate joined #salt
07:33 CeBe joined #salt
07:33 ninjada joined #salt
07:34 CeBe joined #salt
07:35 CeBe joined #salt
07:36 CeBe joined #salt
07:42 Rumbles joined #salt
07:44 richhal joined #salt
07:46 dgutu joined #salt
07:52 CeBe joined #salt
07:52 CeBe1 joined #salt
07:53 CeBe joined #salt
07:59 lws joined #salt
08:03 manji joined #salt
08:04 cpowell joined #salt
08:04 lero joined #salt
08:06 ronnix joined #salt
08:14 rdas joined #salt
08:16 edrocks joined #salt
08:20 akhter joined #salt
08:26 lero__ joined #salt
08:27 linjan_ joined #salt
08:30 GreatSnoopy joined #salt
08:31 s_kunk joined #salt
08:32 flowstate joined #salt
08:33 MadHatter42 joined #salt
08:37 sk_0 joined #salt
08:37 akhter joined #salt
08:39 ronnix joined #salt
08:41 Skwirelz joined #salt
08:43 rmnuvg joined #salt
08:49 slav0nic 2016.3.0rc2 not available in deb?
08:53 honestly What repo are you using?
08:53 honestly Make sure you're not using the deprecated one
08:53 rmnuvg joined #salt
08:55 babilen 2015.8.8+ds-2 is the currently packaged version
08:56 babilen You can find it in Debian (2015.8.8+ds-1 which comes with the same code) for stretch and unstable and on repo.saltstack.com
08:56 babilen (for jessie)
09:00 lws joined #salt
09:02 N-Mi joined #salt
09:02 N-Mi joined #salt
09:05 meekrab joined #salt
09:09 Diesis joined #salt
09:09 richhal joined #salt
09:10 Diesis Hello, I've read some docs, but I haven't figured out how a minion automatically connects to the master and updates its configuration.
09:11 AndreasLutro Diesis: you configure the address of the salt master in the minion config, it connects to the master, and all configuration is updated when the next highstate is ran
09:15 keimlink joined #salt
09:16 Diesis AndreasLutro: So I have to run manually on the master manually "salt '*' state.apply" ?
09:16 manji Diesis, you can use a reactor
09:16 AndreasLutro Diesis: unless you set up the minion to run a highstate on start or use a reactor, yes
09:17 manji to run highstate on master accepting its key
09:17 fredvd joined #salt
09:21 Diesis manji: AndreasLutro Ah, ok, I missed this component: the reactor. I came from puppet, so I need to know how to mimic its behaviour. I'll read the doc about the reactor. Thnak you !
09:21 manji :)
09:25 babilen Diesis: See https://docs.saltstack.com/en/latest/ref/states/startup.html and https://docs.saltstack.com/en/latest/topics/reactor/ for details
09:27 lero joined #salt
09:27 kawa2014 joined #salt
09:30 Diesis babilen: Thnak you. So it seems that if I want that my minions are "self healing", ie continuosly monitor the master for getting changes, I have to use a reactor ? Or simply restart salt-minion on the minion itself (It seems a bad idea ... what happens If I restart the salt-minion daemon when it's applying changes ?) I'm looking for the simplest way to get my minions always updated with the master ...
09:31 AndreasLutro easiest would be to run highstate on a cronjob
09:31 AndreasLutro more complex ideas would be using beacons and reactors to monitor changes and run highstates depending on what happens
09:31 manji Diesis, minions send a mine update every 5 mins
09:31 AndreasLutro you'll have to figure out what works best for you
09:31 flowstate joined #salt
09:31 manji you can use that message to run highstate
09:31 manji in which case you have another issue
09:32 manji that this update might clash with you running invidual staets manually
09:32 manji message queueing will figure it out, but still
09:33 manji what  AndreasLutro said
09:33 manji whatever works for your setup
09:34 sagerdearia joined #salt
09:34 babilen Diesis: You can easily schedule highstate runs with https://docs.saltstack.com/en/latest/topics/jobs/schedule.html -- Just define suitable pillar data and they'll run a highstate in the specified way
09:36 teatime AndreasLutro: query:  yamelex renderer's additional/advanced merging capability only applies within the specific yamlex-rendered file, and can't be used to e.g. do additional/advanced merging with data that gets created elsewhere in jinja/yaml/whatever-non-yamlex renderers, correct?
09:37 teatime AndreasLutro: oh sorry; was scrolled up, and from the convo around 2pm EDT, it seemed the perfect moment to drop that question ;)
09:52 antpa joined #salt
09:56 teatime hrm... are there any mildly-amusing words for 'people who use or develop Salt'
09:56 teatime like Python has pythonistas, etc.
09:56 hemebond seasoning?
09:56 teatime people are seasoning?
09:56 hemebond Hmmm. Chefs?
09:56 teatime heh, that sounds like it'd apply more to Chef.
09:57 teatime lol... 'salt shakers'.
09:57 teatime that's dumb.  but I've been awake way too long so it made me chuckle.
10:04 kiwy joined #salt
10:05 kiwy Hello everyone, i'm new to salt and I try to create a job to upgrade VM, this job should upgrade packages list the packages reboot and then run a highstate
10:07 kiwy i'm uploading files now so you can see what I've done so far
10:08 renaissancedev joined #salt
10:10 bdrung_work joined #salt
10:11 kiwy state schedule http://textuploader.com/5ygie  orchestrator file: https://jpst.it/HMJZ
10:16 av_ joined #salt
10:16 TyrfingMjolnir joined #salt
10:18 DaveQB joined #salt
10:19 edrocks joined #salt
10:19 garphy joined #salt
10:22 armyriad joined #salt
10:22 dubois_lery joined #salt
10:23 dubois_lery hello fellow saltstackers
10:24 dubois_lery I'm experimenting with the sqs_events engine, but keep getting `Could not LazyLoad sqs_events.start` error on the salt master running ver 2015.8.8.2
10:24 dubois_lery any tips?
10:24 dubois_lery I've updated the master config as per the example here https://github.com/saltstack/salt/blob/develop/salt/engines/sqs_events.py
10:25 AndreasLutro dubois_lery: if you open a python shell and type "import boto.sqs" does that succeed?
10:25 dubois_lery I've tested that the ec2 instance can successfully read messages from the queue via IAM roles
10:25 dubois_lery AndreasLutro: yes, boto present
10:26 AndreasLutro are you sure boto is installed in the same python version as salt?
10:26 dubois_lery AndreasLutro: ah, I have python 2.6 and 2.7 installed. How could I check which one does salt use?
10:26 AndreasLutro no idea, I don't deal with systems like that :p
10:27 dubois_lery great tip, gracias AndreasLutro
10:30 flowstate joined #salt
10:33 dubois_lery left #salt
10:34 kshlm joined #salt
10:34 EvaSDK DaveQB: $ salt-minion --versions-report
10:34 EvaSDK damn
10:34 EvaSDK that was for dubois
10:36 teatime argh... this comment I'm writing on this guy's bug report has gone way off the rails... it's more like a blog post now :(
10:40 Rumbles is it possible to select a different pip to use when using the pip_states method? I don't see anything in the docs that would allow me to pick a binary to use...
10:40 Rumbles for example I have /usr/local/bin/pip for python2.7 and /usr/local/bin/pip3 for python3.5
10:41 Rumbles I see bin_env but the docs say that assumes a virtual env has been created...
10:43 Rumbles I'm going to assume that's it... :/
10:45 AndreasLutro Rumbles: https://docs.saltstack.com/en/latest/ref/states/all/salt.states.pip_state.html#salt.states.pip_state.installed
10:45 hemebond djgerm: Did you see this? http://ternarylabs.com/2010/09/15/automatically-configure-hostname-for-new-ec2-instances/
10:45 AndreasLutro one of the first arguments in the list is pip_bin
10:45 Rumbles AndreasLutro,     Deprecated, use bin_env
10:46 AndreasLutro aha?
10:46 Rumbles can I just put the full path in there?
10:46 AndreasLutro seems like it
10:46 AndreasLutro Absolute path to a virtual environment directory or absolute path to a pip executable.
10:46 Rumbles wasn't sure about the "setting up a virtual environemtn bit"
10:46 Rumbles kk thanks :)
10:47 amcorreia joined #salt
10:48 Narendra__ joined #salt
10:49 Narendra__ Hi
10:49 Rumbles hello :)
10:50 Narendra__ I am interesting to know saltstack
10:51 Narendra__ The problem is I understand how to deploy innstances in aws using salt
10:51 Narendra__ I want to know how to deploy my application using salt-master .
10:51 Rumbles as far as I know you can only do that with salt cloud which in the dev branch Narendra__
10:52 Rumbles I have written scripts to do this with python & boto3
10:52 Narendra__ What is the best practice methods foor that ?
10:52 Rumbles not sure, it'sin the dev branch, so probably not production ready yet
10:52 Narendra__ Okay
10:52 Rumbles https://docs.saltstack.com/en/latest/topics/cloud/
10:53 Narendra__ My questions is how to deploy nginx , nodejs and mysql in minions using salt master
10:53 Rumbles oh right, that's easier :)
10:54 Narendra__ and how grains are working and what is the purpose of grains ?
10:54 Rumbles you would create a manifest that would install the compoents you want and then add those manifests to the top file against the machines you want those services installing
10:54 Rumbles grains contain information about your server
10:54 Rumbles eg grains["fqdn"] contains the fully qualified domain name for your host
10:55 Rumbles so you can do something like:
10:55 Narendra__ Okay
10:55 Rumbles {% if "word" in grains["fqdn"] %}
10:55 Rumbles do something
10:55 Rumbles {% endif %}
10:55 Rumbles in a jinja template
10:55 Narendra__ in top.sls have the script for installation process like version , users ?
10:56 Narendra__ jinja is part of salt ?
10:56 Rumbles jinja is a template format
10:56 Narendra__ OH
10:57 damona joined #salt
10:58 Narendra__ If u don't mine please help me for implement the process . I am creating new environmet using salt .
10:58 punkoivan joined #salt
10:58 Narendra__ I am full confused on salt
10:58 damona Hi everyone, does def setUp(self) work in Unit tests?  (yes/no)
10:58 punkoivan left #salt
10:58 Castor__ joined #salt
10:59 Rumbles sorry Narendra__  I'm just another user, I'm happy to answer questions if I know the answer, but I'm not doing your work for you
10:59 iceyao joined #salt
11:00 envintus joined #salt
11:01 iceyao joined #salt
11:02 armguy_ joined #salt
11:02 lws joined #salt
11:02 iceyao joined #salt
11:02 iceyao_ joined #salt
11:03 Garo__ joined #salt
11:03 mohae joined #salt
11:05 iceyao_ joined #salt
11:06 teatime hrm... I suppose there's no way to include emphasis (bold or italic print) in a code block in github markdown..
11:06 iceyao_ joined #salt
11:06 whatevsz_ joined #salt
11:06 iceyao joined #salt
11:08 iceyao joined #salt
11:09 iceyao__ joined #salt
11:11 jav joined #salt
11:11 teatime hrm, also Narendra left... but it sounds like he should give the tutorials etc. a stab first anyway.
11:16 keimlink joined #salt
11:20 xMopxShell joined #salt
11:21 zenlot joined #salt
11:24 DammitJim joined #salt
11:28 abednarik joined #salt
11:31 Rumbles I think he was just fishing for someone to do his work for him ^_^
11:32 AndreasLutro I'll never understand people like that
11:32 AndreasLutro it's not like I'd be able to explain all of salt over irc anyway
11:32 envintus Ha, but you could try :)
11:33 envintus I used Puppet at my last job and we Salt at the current one. We're barely scratching the surface on what we COULD be doing with it.
11:33 envintus Right now it's just single environment config management and there's so much more we could and probably should be doing.
11:41 sjorge joined #salt
11:42 elsmo joined #salt
11:45 teatime salt seems to be easy to ease into... start off small, and you can slowly do more and more with it, and take advantage of more and more of its parts over time.
11:45 teatime incremental gains.
11:47 teatime indeed, jumping into too much too fast seems like a mistake; it's so flexible etc. that I imagine it really helps to have some hands-on experience etc. before deciding how to setup more complicated stuff.
11:48 teatime I used to be a really big Puppet advocate.  and puppet is nice.  there are some pros/cons for each.
11:48 teatime so far though it seems like Salt is a lot more agile  (kindof but not quite in the 'agile programming' sense of the word)
11:49 mowntan joined #salt
11:49 mowntan joined #salt
11:49 mowntan joined #salt
11:50 mowntan joined #salt
11:50 AndreasLutro it sure is agile in that it gets lots of breaking changes and bugs ;)
11:50 mowntan joined #salt
11:51 damona Labs Puppet stop listening to the community.  I think they are starting to realise they have issues. e.g. ruby being slow.  Starting to look at rewrite puppet in a different language.
11:53 AndreasLutro the first solid configuration manager that gets written in go or rust will have me immediately interested
11:53 envintus joined #salt
11:53 damona In Australia its Ansible (10%),  Puppet (80%), Chef(10%).  I am waiting for salt to take off.
11:56 damona Python is the best language for Unix, as most of the controlling tools are written in python e.g. yum,  Oracle  Config programs etc...
11:56 teatime AndreasLutro: heh... yeah... that's currently my biggest (perhaps only?) issue in the 'con' category for salt.
11:57 damona Salt needs to be written in PowerShell on Windows for more direct access to a growing API.
11:57 hemebond damona: you wo
11:58 hemebond PowerShell is the devil.
11:58 teatime AndreasLutro: I've been told that the recent-history of releases has been uncharactaristically bad in terms of regressions etc., so I'm hoping I just joined up at an awkward moment, and will see fewer WTFs going foward w/ Salt.
11:58 teatime if not... at least they'll take my PR's ;)
11:59 teatime the key to config mgmt, at least want out of it, and the thing that made me advocate puppet so much in the past, is:  idempotency.
12:00 teatime salt has an interesting but effective approach... you can do things either way, statefully or imperatively (or whatever you would call non-statefully), and that really works really well I think...
12:00 AndreasLutro idempotency is not worth the effort if you ask me. I'm fine with running a highstate twice as opposed to adding complexity to make it right the first time
12:01 edrocks joined #salt
12:01 teatime and the stateful part is not an after-thought.
12:01 teatime AndreasLutro: eh, I don't have so much a problem w/ that either...
12:01 teatime AndreasLutro: but the key is being able to re-apply your highstate as much / as often as you want
12:01 Rumbles is it possible to have a wilcard in a jinja if? I was hoping to use something like this: {% if 'ds*.dev' in grains["fqdn"] %} which could match hostnames like ds1.dev.something.something.com
12:01 AndreasLutro right
12:02 AndreasLutro Rumbles: no, you'd have to find a salt module function to call
12:02 teatime instead of writing things like configure/deploy scripts, that run once, but then immediately your environment begins falling out of sync w/ the specification
12:02 teatime Rumbles: there are some jinja operators, like you can if 'bar' in "foobarbaz"
12:02 AndreasLutro yeah sure
12:03 teatime ("foobarbaz" can also be a function that returns a string)
12:03 teatime but it's pretty weak on logic; luckily, salt isn't.
12:03 lws joined #salt
12:03 sjorge joined #salt
12:03 Rumbles hmmm, okay, I'll ust put an or nthere for now
12:03 teatime Rumbles: also, if you have, e.g. a string object in jinja, you can call any Python string method on it.  same for lists, dicts, whatever.
12:03 Rumbles it's only 2 servers that should be affected,,,,
12:04 Rumbles yep I can see you can run string operations on it
12:04 Rumbles but to be honest
12:04 Rumbles I'm ot sure what I would use to achieve what I am after :)
12:04 Rumbles s/ot/not/
12:05 AndreasLutro https://docs.saltstack.com/en/latest/ref/modules/all/ ctrl+F "match"
12:05 cpowell joined #salt
12:06 Rumbles okay, thanks (I tink) I'll read that when i get back from my walk :)
12:07 flowstate joined #salt
12:11 antpa joined #salt
12:17 radhac joined #salt
12:17 west575 joined #salt
12:18 antpa joined #salt
12:18 radhac Hey all, is there a way to wrap an "if" statement around the return of a grep statement in salt?  If X is returned via grep, execute this portion of the state? etc.
12:19 AndreasLutro radhac: unless/onlyif may be what you're looking for
12:19 radhac Roger, I'll look into it.  Thanks @AndreasLutro
12:26 XenophonF damona: i think there needs to be better interfaces between Salt and .NET/COM
12:26 XenophonF or at least it would be nice if cmd.run/cmd.powershell did a better job of handling exceptions
12:27 XenophonF both are on my personal to-do list
12:30 envintus joined #salt
12:32 traph joined #salt
12:32 traph joined #salt
12:34 XenophonF Rumbles: i vaguely recall doing matches in sls files
12:35 XenophonF Rumbles: let me see if i can find you an example
12:37 hvn joined #salt
12:37 hvn joined #salt
12:38 antpa joined #salt
12:39 XenophonF Rumbles: you can use the .find method on strings
12:40 ravenx joined #salt
12:40 ravenx can someone help me with my returners on salt-minion?
12:41 XenophonF Rumbles: in my states i am looking for keywords, so I use .split plus an array index with the in operator, a la https://github.com/irtnog/salt-states/blob/development/ssh/files/ssh_config#L27
12:41 envintus teatime, I couldn't agree with you more regarding easing in to Salt and then building out a more complex implementation.
12:41 TyrfingMjolnir joined #salt
12:41 ravenx i have this:
12:42 envintus teatime, I did like Puppet a lot when I first started with it. It was great when I had to manage hardware, but now I'm in a role where all of our infrastructure is in GCP.
12:42 ravenx https://i.imgur.com/WekSTt2.png
12:42 ravenx and i have been running this on my salt-master:    salt 'two' test.ping --return smtp
12:42 ravenx and i get no email
12:42 envintus s/hardware/bare metal and network appliances (F5)
12:42 ravenx i have tested the smtp send abilities of my server with a simple mailx command and that worked flawlessly.
12:43 envintus But Salt has such a low barrier of entry as opposed to Puppet, which can be pretty dam nebulous at times.
12:43 richhal joined #salt
12:44 ravenx anyone?
12:46 flowstate joined #salt
12:48 wangofett joined #salt
12:50 numkem joined #salt
12:50 AndreasLutro I found this lightweight CM called itamae recently, which is like a super lightweight version of chef that only does configuration over SSH. I'd recommend that above anything else to beginners
12:52 AndreasLutro salt's jinja+yaml makes it a little bit too easy to make mistakes if you ask me
12:53 TyrfingMjolnir joined #salt
12:53 gh34 joined #salt
12:57 akhter joined #salt
12:59 XenophonF and how
12:59 deus_ex joined #salt
13:00 edrocks joined #salt
13:00 mage_ any idea for this: https://dpaste.de/UNLv/raw ?
13:02 mage_ this is with https://dpaste.de/uiJi/raw
13:02 ronnix joined #salt
13:03 lws joined #salt
13:04 renaissancedev joined #salt
13:05 squishypebble joined #salt
13:06 subsignal joined #salt
13:06 subsigna_ joined #salt
13:07 racooper joined #salt
13:08 TooLmaN joined #salt
13:09 mapu joined #salt
13:12 Shane joined #salt
13:12 dunz0r Can I check if a user is already present on the system in a state?
13:12 dunz0r Right now salt tries to add users despite the user already existing, but with the wrong gid...
13:13 dunz0r Since users are handled centrally
13:13 Rumbles Thanks XenophonF I will have a look :)
13:15 antpa joined #salt
13:16 teatime envintus: orchestration was always the 'well, wouldn't it be nice if...' thing for puppet, assuming you didn't buy the commercial version.
13:16 AndreasLutro dunz0r: the state should do that for you, if it isn't something is wrong
13:17 teatime envintus: it had the idempotent/stateful management of stuff down pat, but that part (although my personal favorite) gets less relevant w/ each passing year... now that servers are provisioned from hour to hour as-needed...
13:17 dunz0r AndreasLutro: Using user.present, but it tries to add it anyway.
13:17 dunz0r With an id... I think it's the ID that's causing it
13:17 AndreasLutro then you need to debug why. which version of salt are you using
13:18 teatime salt literally has it all... if I can just figure out how to use all of it well ;)    although the folks that try to build nagios/cacti/whatever out of salt legos still make me kinda wtf.
13:19 hasues joined #salt
13:20 teatime I feel like salt is whispering to me now, "(*warranty disclaimer: while it is true that salt has it all, you accept all liability if you should choose to employ some part of 'all' that no one else has used since That One Guy submitted it as a PR and then disappeared forever.)"
13:20 Tanta joined #salt
13:20 hasues left #salt
13:21 teatime (j/k.. perhaps that's a bit meaner than I intended it.)
13:21 dunz0r AndreasLutro: A very old one it seems. Huh. Even though I'm using the salt-repo for debian
13:21 dunz0r It's 2014.7.1... wtf
13:21 AndreasLutro maybe check your apt preferences
13:25 dunz0r Well this explains it... I'm using debians salt-master version, for some reason
13:25 AndreasLutro maybe... though the state modules etc are running on the minion
13:26 AndreasLutro but I'd recommend upgrading to make sure that's not the issue
13:26 dunz0r Yup. The minion uses 2015.5 at least
13:26 envintus teatime, couldn't agree with you more
13:26 dunz0r Which is really old
13:36 Tanta left #salt
13:39 jkleckner joined #salt
13:40 protoz joined #salt
13:41 iceyao joined #salt
13:42 ivanjaros joined #salt
13:43 antpa joined #salt
13:47 edrocks joined #salt
13:50 spuder joined #salt
13:52 ronnix joined #salt
13:52 dunz0r I know precisely why it happens... it tries to create a user with a gid... hmm
13:53 pprkut joined #salt
13:54 teatime LOL, I should give myself a raise for thinking to enable gmail's "undo send mail" thingy so many years ago
13:54 teatime probably a default feature now, I suppose
13:55 edrocks joined #salt
13:57 sk1pper_ joined #salt
13:58 jerredbell joined #salt
14:03 antpa joined #salt
14:04 lws joined #salt
14:10 envintus joined #salt
14:13 Brew joined #salt
14:14 kawa2014 joined #salt
14:15 ronnix joined #salt
14:16 cpowell joined #salt
14:16 tharkun joined #salt
14:16 quix joined #salt
14:22 scoates joined #salt
14:22 Rumbles has anyone here use the salt.states.quota ? I set up a server with user quotas the other day manually, but I would quite like to manage it in salt.... I think I see how to enable quotas on a partition, but how would you set a users quota?
14:23 wise0wl joined #salt
14:27 linjan joined #salt
14:27 wise0wl left #salt
14:29 ronnix joined #salt
14:36 antpa joined #salt
14:39 jerredbell joined #salt
14:44 flowstate joined #salt
14:49 renaissancedev joined #salt
14:52 andrew-l` joined #salt
14:55 rabbitfang joined #salt
15:02 antpa joined #salt
15:03 antpa joined #salt
15:05 lws joined #salt
15:05 druonysus joined #salt
15:08 futuredale joined #salt
15:12 PeterO joined #salt
15:14 keldwud joined #salt
15:18 djgerm does anybody know how the fqdn grain is populated? (I ask because I am hitting a snag where my fqdn isn't being populated in ec2, but works in vsphere), and I am not sure why. Generally I use the host and domain grains to add new minions to DNS, but without fqdn being populated, domain isn't being set. (In other words: it'd be slick for salt-cloud to know that when I specify a minion_id, I want that as at least the hostname)
15:19 tristianc joined #salt
15:19 tristianc_ joined #salt
15:21 AndreasLutro djgerm: you'll find the code in salt/grains/core.py
15:21 djgerm thanks!
15:22 djgerm heh     grains['fqdn'] = salt.utils.network.get_fqhostname()
15:23 AndreasLutro do you know where to look from there?
15:23 djgerm i think salt/utils/network.py
15:23 AndreasLutro yep
15:24 sjorge joined #salt
15:25 djgerm my python is not good enough to interpret that. but looks like some python module "socket.gethostname"
15:26 toabi that's in the stdlib
15:26 kawa2014 joined #salt
15:27 Rumbles has anyone here use the salt.states.quota ? I set up a server with user quotas the other day manually, but I would quite like to manage it in salt.... I think I see how to enable quotas on a partition, but how would you set a users quota?
15:27 AndreasLutro you could ssh into your machines and run that from an interactive python shell and see what it returns
15:27 toabi the docs actually say that it doesn't always work and socket.getfqdn should then be tried…
15:28 djgerm there is this line l.append(socket.getfqdn()) in that section….
15:28 AndreasLutro wouldn't be surprised :P
15:28 Rumbles I use grains['fqdn'] often on aws ubuntu14.04 machines without issue....
15:28 djgerm yeah, Rumbles, me too. in my private cloud, that gets popoulated because salt-cloud "does the right thing" when spinning up vsphere instances
15:29 AndreasLutro djgerm: python -c 'import socket; print socket.getfqdn()'
15:29 djgerm but with ec2, the behavior is different, and not desirable at all.
15:29 AndreasLutro what linux distro?
15:30 djgerm ubuntu
15:30 AndreasLutro could be something funky with the AMI you're using. compare /etc/hosts and /etc/hostname
15:31 AndreasLutro at least debian uses /etc/hosts' 127.0.1.1 entry to determine fqdn
15:32 djgerm hmm yeah interesting… my vsphere minions get a line added to the /etc/hosts: $IP $fqdn $hostname
15:32 djgerm I am guessing that's part of the vsphere clone from template magic.
15:34 djgerm i guess i could do a file.append or something...
15:35 djgerm it's the barest of ubuntu installs for the AMI
15:35 shiriru joined #salt
15:35 wangofett joined #salt
15:35 lws joined #salt
15:36 dendazen joined #salt
15:36 ajw0100 joined #salt
15:37 antpa joined #salt
15:39 lero joined #salt
15:39 dendazen hey guys, i have a tar.gz file to distirbute via salt when i create a state can file.managed source be outside the salt:// somwhere else on the file system of OS or that file is required to reside in salt root?
15:39 dendazen and use salt:// uri
15:39 sjorge joined #salt
15:40 djgerm you can source from http
15:40 djgerm and https
15:40 AndreasLutro dendazen: you could add more root directories to the salt state tree
15:40 djgerm oh yeah that too
15:40 AndreasLutro salt:// isn't necessarily just 1 directory
15:41 djgerm it's all the directories under file_roots in master config, right?
15:41 dendazen ok so if i have that tar.gz in /opt/my_archive/ i would just add that dir to root directories list?
15:42 Garyx joined #salt
15:42 dendazen The problem with this tar.gz it gets updated everytime someone pushes changes to the git repo, and for salt i use git as well
15:43 dendazen i do not want to update salt via git everytime the git hook got that tar.gz is triggered.
15:43 flowstate joined #salt
15:43 djgerm you can have both gitfs and filesystem file_roots at the same time
15:45 dendazen oh ok, so i can add that particular dir to file_roots in salt master config file
15:45 antpa joined #salt
15:45 dendazen and have that tar.gz pulled from there.
15:46 dendazen ok i will try that, thanks. otherwise i am left with the option of web server, whihch is not the best case for me.
15:46 Garyx joined #salt
15:46 rrei joined #salt
15:46 rrei hi all!
15:47 armyriad joined #salt
15:47 rrei does anyone know of a nice way to print an error message during a state run and have that state fail also?
15:48 rrei my question has to do with verification of a raw password obtained from pillar which cannot be all digits
15:48 honestly test.fail
15:48 rrei because shadow.gen_password does not deal with integers, and apparently salt-ssh is serializing the arguments incorrectly when it calls an execution function during a state run
15:49 rrei that's exactly it!
15:49 rrei thanks! ;)
15:49 pdayton joined #salt
15:49 AndreasLutro rrei: that should be fixed now
15:49 irated is this correct? echo "{{ salt['network.ip_addrs']('eth0')[0] }}" "{{ salt['fqdn'] }} {{ salt['host']}}"| tee -a /etc/hosts
15:50 irated and will it work inside a script?
15:50 rrei Andreas: i'll have to verify that. maybe that's only in the dev version, no?
15:50 rrei I think I'm using the stable
15:50 irated I see alot of stuff saying use variables, but I'm not sure its ned for this?
15:50 irated needed*
15:51 AndreasLutro rrei: fixed in 2015.8 HEAD.. if all you're using is salt-ssh, installing in a virtualenv from source is really easy
15:51 rrei (actually I'm installing salt through Vagrant)
15:51 AndreasLutro https://github.com/saltstack/salt/pull/32588
15:51 saltstackbot [#32588]title: Fix salt-ssh module function call argument type juggling by JSON encoding them | This fixes problems where you could pass a string to a module function, which thanks to the yaml decoder which is used when parsing command line arguments could change its type entirely. For example:...
15:52 impi joined #salt
15:52 rrei AndreasLutro: great! and who best to know that other than the author himself? :)
15:52 rrei well in that case I won't need to failing state anymore. gotta modify my Vagrant file to use the dev version
15:53 AndreasLutro why are you using salt-ssh from inside vagrant?
15:53 rrei well, maybe because I'm just starting out with both salt and vagrant and I don't know any better :)
15:53 rrei I have a vm running salt-ssh
15:54 Shirkdog joined #salt
15:54 rrei and another one which is managed by salt
15:54 pdayton joined #salt
15:54 rrei but through ssh only, no agent installed
15:54 AndreasLutro I too use VMs for master/minion setups, but for salt-ssh you might as well run it from your host machine. you can use a virtualenv to avoid installing system packages
15:54 rrei no particularly strong reason to run salt-ssh in a vm, I guess I could as well run it from my host machine, yeah exactly
15:55 sjorge joined #salt
15:55 rrei that's another great advice
15:55 rrei I like you man! :D
15:55 Cadmus Hmm, I'm trying to use the acl.present statement for linux ACLs, and it's not doing anything, is it not ready for primetime yet? I'm on 2015.8.8 for the minion and 2015.8.8.2 for the master.
15:56 quasiben joined #salt
15:56 ronnix_ joined #salt
15:56 Cadmus It doesn't fail, it just says "Permissions will be applied" and nothing happens, I can add the permissions manually using setfacl on the minion
15:57 RedundancyD joined #salt
15:57 AndreasLutro Cadmus: run the state with `salt-call -l debug` on the minion and see if the debug log has any clues to what's happening/going wrong
16:01 sjmh is there a way to watch a minion's event bus?
16:03 svjness joined #salt
16:04 quasiben joined #salt
16:04 antpa joined #salt
16:04 RedundancyD quick question. If using salt.states.file.line should it follow a file.managed to make sure the file is there first. file.line doensn’t seem to have the options regarding file
16:06 AndreasLutro RedundancyD: if the file doesn't exist file.line would just do nothing
16:06 Cadmus AndreasLutro: Thanks, I see what the problem is now, escaping and quoting. And thanks for showing me the debug, that's going to come in super-useful
16:06 AndreasLutro Cadmus: great!
16:06 mpanetta joined #salt
16:09 Cadmus I'm liking salt a lot, but I am a bit overwhelmed by learning salt, yaml, and jinja all at once. Is there a module that just says "Do what I mean, not what I say"? :)
16:09 antpa joined #salt
16:10 AndreasLutro you can use another renderer than yaml+jinja https://docs.saltstack.com/en/latest/ref/renderers/
16:10 teatime yeah, py or pydsl or pyobjects renderers... not sure which exactly, perhaps all 3 or your preference among them.
16:10 teatime ^^ that's the URL ;)
16:11 Cadmus I don't know any of the others either, I might as well just get stuck in
16:11 sjorge joined #salt
16:12 AndreasLutro even python/ if you don't know basic python you're going to have a bad time using salt
16:12 teatime Jinja and YAML and salt play surprisingly nice together, really, at least compared to how well I would have assumed they would if someone had just suggested that combo/design to me randomly, pre-salt.
16:13 _JZ_ joined #salt
16:13 dschatzberg joined #salt
16:13 AndreasLutro I would've prefered mako
16:13 teatime there are gotchas, but *shrug* I guess that's just part of the learning curve.  it's not very steep.
16:13 LotR AndreasLutro: I haven't run into problems yet, not knowing python
16:14 Cadmus I know enough python to glue things together, though I'm not a dev by any stretch of the imagination.
16:14 teatime AndreasLutro: I haven't ever seen mako, actually.  I'm not too huge a fan of jinja.  I watched beardedeagle struggle w/ the mako renderer for a few days though, so I'm content w/ jinja until I hear someone actually cares enough about mako to keep it purring in salt.
16:14 dschatzberg hey all, I'm trying to specialize some states based on which network interface is on a particular subnet - is the right way to do this by defining a custom grain to figure out the interface?
16:15 AndreasLutro teatime: the only reason the mako renderer works poorly is salt doesn't really support it as much as jinja - as a templating language it would have been more suitable for salt's needs
16:15 Eugene I would loop through each interface and check if its on the subnet I want, rather than the other-way-round
16:15 AndreasLutro LotR: you won't run into problems I guess... but knowing the things you can do in python in terms of string, array and dict manipulation helps a ton when writing states/templates with logic in them
16:15 bltmiller joined #salt
16:15 dschatzberg Eugene: but should I then stuff that interface into a custom grain?
16:16 Eugene I would keep all the logic in the state, not in a custom grain
16:16 dschatzberg ok, why is that?
16:16 teatime AndreasLutro: right, that's what I'd gathered / assumed.
16:16 dschatzberg I need this for a few states
16:16 Eugene Custom grains need to be maintained; a state just looks at the existing grains
16:17 Eugene If you'll need it a bunch you could make it a pillar entry that depends upon the grains
16:17 damona You should be able to pull it in to with an include ???
16:17 teatime ... don't you have something to maintain either way ?
16:17 teatime either the logic in the grain, or the logic in the state.
16:17 dschatzberg teatime: that's what I figured, and since I use it in a couple states, I rather the logic sit in one custom grain
16:17 Eugene I don't need to fiddle with the state when I de/reprovision a minion
16:18 antpa joined #salt
16:18 damona You should be able to pull in a state file, which sets a variable for anyone to use ....
16:18 dschatzberg oh?
16:19 dschatzberg any example of that anywhere?
16:19 teatime if the data is easily discoverable by the minion itself, about itself, that seems like where you'd consider grains.  although for your actual stated task, I'd generally do what Eugene said.  but if you need it a bunch of places, I would say a grain is as fair a place as any to stick it.
16:19 damona Worst case you need to include it every time you want it
16:19 Eugene TMTOWTDI ;-)
16:19 teatime for data the minion can discover about itself, but that you want to make available to other minions/masters, you want salt mine
16:20 feld joined #salt
16:20 dschatzberg I don't need it available to others, so I think a grain is appropriate
16:20 teatime and sensitive data always goes into pillars, never grains.
16:20 dschatzberg where should I actually define the subnet? a pillar?
16:20 spuder joined #salt
16:20 eseyman dschatzberg: I would use a grain
16:20 teatime like, define as in, specify that 4.23.5.4/24 is your NetworkA ?
16:21 dschatzberg teatime: yes
16:21 teatime for site/org-wide data, usually pillar yeah
16:21 dschatzberg and how do I access that from inside my custom grain?
16:21 onlyanegg joined #salt
16:22 teatime you should have access to the salt hash that has grains.get, just like in jinja templates etc., the only thing I'm not sure on is the syntax... should be examples in the how-to-make-a-custom-grain docs, tho
16:22 teatime er, pillar.get too
16:22 damona Just had a thought..  Raise a quest to have it added as a standard grain...
16:23 writtenoff joined #salt
16:23 teatime I have a custom grain that grabs info about the VM from the cloud provider's metadata service, for example... since it's only available from the specific VM you want to data about, and I only really need/want to use it for configuring stuff on that minion.
16:24 dschatzberg yeah, so it seems like I'm on the right track, I just don't see any examples of accessing pillars from within a custom grain definition
16:27 teatime oh, reading the docs I am reminded, grains are cached... I don't know the exact details, but in general they don't run/re-evaluate regularly, so not a good choice for dynamic data.
16:27 teatime you can manually refresh them, though
16:27 sjorge joined #salt
16:28 dschatzberg well it's not dynamic, just the subnet is site-specific
16:29 mapu joined #salt
16:30 ronnix joined #salt
16:30 PeterO joined #salt
16:30 teatime also, salt protip:  when the docs are unclear or things don't see to be doing what the docs say they should, it's never a bad idea to go look at the actual code...  I think you could get some ideas from salt/grains/*.py (in the codebase/repo)
16:31 teatime esxi.py, fx2.py, and opts.py seem to access pillar data..
16:31 dschatzberg thanks, looking now
16:32 antpa joined #salt
16:32 teatime from opts.py, it seems like there's a decent change your custom grain will have a __pillar__ global when it's executed.
16:34 AndreasLutro it'll be empty
16:34 teatime all three of those files are accessing __pillar__ actually
16:35 teatime AndreasLutro: can you elaborate?
16:36 AndreasLutro not much... grains are evaluated before pillars
16:36 dschatzberg ah
16:38 dschatzberg seems to have worked for me, though I'm not sure if that's because I've been manually syncing grains
16:39 Lionel_Debroux joined #salt
16:41 dendazen fileserver_backend can be both -roots and -git
16:41 dendazen i see this line
16:41 sjorge joined #salt
16:41 dendazen To use multiple backends list them in the order they are searched.
16:42 flowstate joined #salt
16:45 hal58th joined #salt
16:47 antpa joined #salt
16:48 teatime AndreasLutro: so then, why are some of the stock grains looking at pillar data?
16:48 grumm_servire joined #salt
16:48 teatime or do you mean it'll be empty on the initial run / until everything is sync'd etc.
16:48 envintus joined #salt
16:49 flowstate joined #salt
16:49 AndreasLutro hm, good question
16:50 edrocks joined #salt
16:50 _JZ_ joined #salt
16:50 AndreasLutro I would honestly expect that code to not work at all
16:50 twork_ we have a minion profile with a LOT of user accounts, and when it goes to high state, everything seems to look fine, but the command ends with a (green) error message, sorry i don't have the text right now
16:51 AndreasLutro it looks like most of them work on the "proxy" pillar which might be something special for proxy minions
16:51 twork_ is there... i dunno, a setting i can increase, or a likely source of error, or...?
16:52 twork_ (obviously i'm fishing for a "commonly known situation" here)
16:52 nate_c joined #salt
16:52 twork_ (if not, i'll go away and come back with better info)
16:53 AndreasLutro no, there is no special well known green error message :p
16:54 nZac joined #salt
16:54 envintus joined #salt
16:58 teatime AndreasLutro: well that blows.
16:58 twork_ ...and no well known condition where the number of items in a state overflows a return?
16:58 west575_ joined #salt
16:58 teatime dschatzberg: sorry for stating something as a fact that was just wrong, if that's what I did earlier.
16:58 twork_ :p?
16:59 SheetiS joined #salt
17:00 dschatzberg teatime: well it worked for me, I'm trying to investigate this further
17:00 hacfi joined #salt
17:01 flowstate joined #salt
17:02 dustywusty joined #salt
17:02 bdrung_work_ joined #salt
17:02 alexlist joined #salt
17:02 tawm04 joined #salt
17:02 deus_ex joined #salt
17:02 wangofet1 joined #salt
17:03 renoirb joined #salt
17:03 dayid_ joined #salt
17:03 dayid_ joined #salt
17:03 tkeith_ joined #salt
17:03 mrueg joined #salt
17:03 teatime dschatzberg: sometimes I have been told that X or Y doesn't work, I try it, and it works... and then later (usually after investing in / relying on it) I come to understand that it was only working because I was in some niche/corner case, and it truly doesn't work generally.
17:04 teatime like, accessing earlier pillar roots from later pillar roots was one of those... le soupir.
17:04 whatever_sd_ joined #salt
17:04 cyborg-one joined #salt
17:04 dschatzberg yeah I just rebooted a machine, and after a sync_grains the custom grain worked, thanks. I will look into it
17:05 teatime trust but verify, I guess, is all I'm saying ;)
17:05 dschatzberg absolutely =)
17:05 elsmo joined #salt
17:05 serverascode joined #salt
17:05 keekz joined #salt
17:06 TooLmaN joined #salt
17:06 quasiben joined #salt
17:06 protoz joined #salt
17:06 ToeSnacks joined #salt
17:07 PeterO joined #salt
17:07 arif-ali joined #salt
17:08 smkelly joined #salt
17:08 tharkun joined #salt
17:08 Edgan joined #salt
17:08 hemebond joined #salt
17:08 xenoxaos- joined #salt
17:08 Nazca joined #salt
17:08 bdrung_work_ joined #salt
17:09 LotR joined #salt
17:09 quasiben joined #salt
17:09 WKNiGHT joined #salt
17:09 shiriru joined #salt
17:10 tvinson joined #salt
17:10 toddnni_ joined #salt
17:10 tawm04 joined #salt
17:10 eliasp joined #salt
17:10 mohae_ joined #salt
17:11 squishypebble1 joined #salt
17:11 ixeous1 joined #salt
17:13 PeterO_ joined #salt
17:13 flowstate joined #salt
17:13 whatevsz joined #salt
17:13 nahkiss_ joined #salt
17:13 `chris joined #salt
17:14 ]V[_ joined #salt
17:14 nlb joined #salt
17:14 dean|away joined #salt
17:14 pprkut_ joined #salt
17:14 ronnix joined #salt
17:15 zhen1 joined #salt
17:15 onlyaneg1 joined #salt
17:15 Vivek joined #salt
17:16 rnts__ joined #salt
17:16 atmosx_alt joined #salt
17:16 Frantic_ joined #salt
17:17 basepi_ joined #salt
17:17 wiqd_ joined #salt
17:17 zenlot6 joined #salt
17:18 dendazen What is the command to list all the files available for salt master dir_list
17:18 dendazen shell command
17:18 envintus_ joined #salt
17:19 djgerm i was looking for that yesterday or the day before. I would have thought it'd be under saltutil
17:19 Vye joined #salt
17:19 pipps joined #salt
17:20 jcastle joined #salt
17:20 thehaven joined #salt
17:20 eightyeight joined #salt
17:20 sauvin joined #salt
17:20 pfallenop joined #salt
17:20 pid1 joined #salt
17:20 dober joined #salt
17:20 dober joined #salt
17:20 smcquay joined #salt
17:21 armguy_ joined #salt
17:21 Fiber^ joined #salt
17:21 akhter joined #salt
17:21 mackripeum joined #salt
17:22 ajw0100 joined #salt
17:22 kbaikov joined #salt
17:23 akoumjian joined #salt
17:24 bstaz joined #salt
17:24 amcorreia joined #salt
17:24 jasondotstar joined #salt
17:24 alexlist joined #salt
17:25 mattl joined #salt
17:26 wendall911 joined #salt
17:26 goki joined #salt
17:27 CaptTofu joined #salt
17:27 ageorgop joined #salt
17:27 bVector joined #salt
17:27 johtso joined #salt
17:29 josuebrunel joined #salt
17:29 antonw joined #salt
17:31 renaissancedev joined #salt
17:34 _JZ_ joined #salt
17:34 quasiben joined #salt
17:35 cyborg-one joined #salt
17:37 antpa joined #salt
17:38 akhter joined #salt
17:38 pipps joined #salt
17:39 aw110f joined #salt
17:40 edrocks how would you disable transparent huge page using salt? using file.append or is there a sysctl.present option?
17:40 josuebrunel joined #salt
17:40 teatime hrm, I don't know what transparent huge page is :)
17:41 teatime there is a sysctl state tho, pretty sure.
17:41 teatime state module I mean
17:41 edrocks I found that. think I need to read up on general thp config
17:41 akhter joined #salt
17:41 teatime thp?
17:41 teatime oh, the thing.
17:41 edrocks transparent huge pages
17:42 pdayton joined #salt
17:42 teatime is it some feature of the linux vmm or something?
17:42 * teatime googles.
17:42 edrocks something with managing memory that is bad for databases
17:43 edrocks teatime: is there a nicer way to write this state sls file? http://pastebin.com/XXA6Bdba
17:43 edrocks wondering if I could avoid 3 lines for every item
17:44 hal58th joined #salt
17:45 pdayton joined #salt
17:46 majikman is there a way to list all the values stored in the salt mine?
17:48 druonysus joined #salt
17:48 pdayton joined #salt
17:48 teatime yeah, should be... something like salt '*' mine.items  ?
17:50 teatime edrocks: are you using the sysctl formula, per-chance?  if not, you might look at it... although it has terrible syntax for its pillar data IMO, so you might want to ask babilen if he ended up streamlining it... I know he was looking into it at least a couple of weeks ago
17:50 majikman i think it's mine.get. maybe i'm just doing it wrong
17:50 edrocks teatime: I just want cluster wide config for my sysctl stuff. they all run the same stuff right now
17:51 edrocks I found something using jinja templates and pillars. I think that might be a good way
17:51 murrdoc joined #salt
17:52 teatime edrocks: and, I think you could use either a names: declaration or a jinja loop to avoid repeating the same 3 lines over and over
17:53 macheck_ joined #salt
17:53 lero joined #salt
17:54 teatime edrocks: the formula would run (mostly) everywhere, and pull it's data from pillar, so when you wanted certain sysctl settings on certain hosts you'd put it into its pillar data.. you really should check to see if babilen ended up making a change to it, if so, it might be legitimate work using / cleaner/easier syntax.
17:54 akhter joined #salt
17:54 edrocks babilen: are you here?
17:54 teatime if not though, I wouldn't bother w/ it; doesn't get you much over what you're doing already and it made some questionable pillar layout decisions :)
17:55 teatime he's around frequently, so I'm sure you'll run into him eventually
17:55 rhymenocerous joined #salt
17:56 * teatime does not see any recent commits or PRs or anything on the one in saltstack-formulas
17:56 hoonetorg joined #salt
17:57 rhymenocerous I have a couple of questions, one, is there a good reference for passing objects into minions via cli, or is that even possible.  Like if I wanted to do a pkg.install and then list the pkgs, is that possible from the cli?
17:57 lero joined #salt
17:57 teatime it is.  it's not always the easiest thing in teh world, depending on what you're doign
17:57 CeBe1 joined #salt
17:58 CeBe joined #salt
17:58 rhymenocerous question 2, I'm not sure I understand how to determine where something is rendered, whether it's the master or the minion.  Any time I do a search to figure that out, all the links are to renderers.  Is there a simple way to know?  For example, if I have a file.managed, it exists on the master, and it gets pushed to the minion, but how do I tell where it is technically rendered?
17:58 baweaver joined #salt
17:58 teatime I don't know exactly but it seems like you can (shell quoted, of course) pass arbitrary Python literals as command line arguments to execution modules.
17:59 rhymenocerous thanks teatime.  I can find it from there.  Just making sure it was possible since I hadn't seen much on it.
17:59 AndreasLutro rhymenocerous: command line arguments are yaml-decoded, so you can pass lists and dicts
17:59 CeBe joined #salt
17:59 AndreasLutro anything other than pillars are rendered on the minion
18:00 teatime AndreasLutro: oh it's yaml, not python?
18:00 CeBe1 joined #salt
18:00 rhymenocerous awesome, so I could do something like salt '*' pkg.install pkgs=[apache, openssh-client]
18:00 rhymenocerous obviously, that's probably not correct syntax
18:00 AndreasLutro yeah. {foo: [bar,baz]} works for example
18:00 rhymenocerous but am i on the right path?
18:00 teatime hrm, I guess they're similar enough to have confused me up to ow :)
18:00 rhymenocerous awesome
18:00 teatime people seem to always e.g. quote dict keys in command-line examples
18:00 AndreasLutro yeah rhymenocerous. if that doesn't work it's only because your arguments don't match the signature of the install function
18:00 teatime which made me think python over YAML
18:00 rhymenocerous thanks, any advice on my question2?  The rendering question has puzzled me for a bit, but hasn't stopped my advancement
18:00 CeBe joined #salt
18:01 AndreasLutro like I said
18:01 AndreasLutro anything other than pillars are rendered on the minion
18:01 murrdoc prince is dead
18:01 rhymenocerous oh, sry, didn't see that
18:01 rhymenocerous thanks
18:01 teatime my name is also Prince and I am kinda sad/weird about it.
18:01 rhymenocerous that makes sense.
18:02 autofsckk joined #salt
18:02 teatime rhymenocerous: you can totally do that, and sometimes it makes sense, but if you're working that way a lot it may be a red-flag that you're kindof fundamentally doing it wrong™ and could save yourself a lot of effort etc. by automating more, making states and stuff
18:02 teatime you can make a .sls that installs some packages or whatever, and then only ever call for it manually from the command line, for example
18:02 rhymenocerous thanks teatime.  Very helpful
18:02 CeBe joined #salt
18:03 cpowell joined #salt
18:03 s_kunk joined #salt
18:07 manji joined #salt
18:08 cpowell_ joined #salt
18:12 _JZ_ joined #salt
18:12 flowstate joined #salt
18:17 Garyx joined #salt
18:18 murrdoc has anyone worked with saltapi
18:18 murrdoc its the least documented feature from salt
18:18 murrdoc pretty annoying
18:19 teatime that sounds like a challenge... I bet I could find something less documented  XD
18:20 ajw0100 joined #salt
18:20 bltmiller joined #salt
18:20 murrdoc like i cant find a 'setup salt api like so' document anywhere
18:21 murrdoc pam auth failures get almost no logs
18:21 murrdoc the salt-api package should require libcffi-dev and libssl-dev
18:22 AndreasLutro I have set it up at least
18:23 AndreasLutro didn't bother testing it much
18:23 murrdoc i am trying to stackstorm it
18:24 murrdoc salt really needs to figure out how to support good thing
18:24 murrdoc things*
18:24 murrdoc imho
18:24 rhymenocerous joined #salt
18:24 disbound joined #salt
18:25 murrdoc anyone played with stackstorm yet ?
18:25 rhymenocerous forgot my last question.  when I hit ctrl+c on my master, after starting a state on a minion, is the expected behavior that it will kill the execution?  That hasn't been my experience, but when looking for that I found people saying both.  That it's supposed to, but it rarely does.
18:26 rhymenocerous I haven't played with stackstorm yet, but it looks pretty cool
18:26 ninjada joined #salt
18:26 flowstate joined #salt
18:26 disbound left #salt
18:26 murrdoc it doesnt work out the box
18:26 murrdoc but its cool
18:26 murrdoc few limitations
18:26 murrdoc need to hard code the password to the api on the stackstorm server
18:26 murrdoc from the looks of it can talk to one master only
18:27 edrocks joined #salt
18:27 cyborg-one joined #salt
18:27 DammitJim joined #salt
18:27 disbound joined #salt
18:27 murrdoc eauth docs and logs both suck
18:27 * murrdoc is sipping haterade
18:27 rhymenocerous lol
18:28 ry joined #salt
18:28 cyborglone joined #salt
18:31 CeBe joined #salt
18:32 elsmo joined #salt
18:43 scoates joined #salt
18:43 ZiLi0n joined #salt
18:46 ZiLi0n hello everyone. how from a states can I access the value of a grain that is a dictionary? I would like to check if selinux is enabled or not, so I am doing {% if salt['grains.get']('selinux:enabled') == 'True' %} but it does not seem to work. I though I got it to work yesterday, but it doesn't look like so :)
18:47 AndreasLutro true shouldn't be in quotes and you shouldn't capitalize it in jinja
18:47 AndreasLutro and you don't really need the == true bit
18:47 teatime yea, you probably just meant:  {% if salt['grains.get']('selinux:enabled') %}
18:48 envintus_ I have a minion that has the correct master configured, can resolve it, but constantly gives me the following error: time
18:48 envintus_ [WARNING ] SaltReqTimeoutError: Waited 60 seconds
18:48 linjan joined #salt
18:49 envintus_ DNS resovles fine for the salt master hostname. Is there some kind of cache that may be prevent the minion from issuing a key request to the master?
18:49 envintus_ FWIW, the master wasn't originally resolvable, but it is now.
18:50 ZiLi0n AndreasLutro thanks! yes! the quotes was making all fail. thank you. I have also removed the True as well
18:53 envintus_ Ah - nevermind. Master could not resolve the minion; fixed that and it works.
18:58 spuder joined #salt
18:58 nZac joined #salt
19:01 feld joined #salt
19:02 flowstate joined #salt
19:03 anthpa joined #salt
19:04 PeterO joined #salt
19:05 ZiLi0n hello, is there any module or states to create a ssh key pair for an user in salt? I am running the command with cmd.run but I would am getting errors when the key already exists as the rc=1
19:06 teatime yay, I think I just succcessfully identified a NOTABUG that could have generated a lot of discussion and perhaps even code/changes... thus saving all of you a lot of time :)
19:07 disbound are there any troubleshooting steps for missing mine_fuctions on some minions? I have mine_fuctions configured in pillar.
19:08 perfectsine joined #salt
19:08 AirOnSkin joined #salt
19:09 teatime disbound: I beleive there may be an existing issue that requires a saltutil.refresh_pillar (specifically, not any of the other various things which should also refresh the pillar) followed by a mine.update, if you want to trigger an instant mine collection after adding functions to the pillar
19:09 GreatSnoopy joined #salt
19:09 teatime otherwise, they will definitely start happening after the next 1) mine_interval time elapses or 2) minion restart
19:10 spaceSub Can I require another formular or are the formulars from the top.sls executed one after the other anyway?
19:11 teatime ZiLi0n: https://docs.saltstack.com/en/latest/  <-- the little search box on the right-hand side actually works really well.. it has def. become my portal to salt docs.
19:12 ZiLi0n thanks teatime, I have been checking the doc, ssh module and ssh_auth modules, but as far as I can see these won't help to what I am looking for. I am going to check again, thanks
19:13 disbound teamtime: thanks! I forgot to do a pillar refresh before saltutil.sync_all
19:13 teatime ZiLi0n: but, I don't see one... I thought there was one, but it appears not.
19:14 ZiLi0n teatime, yeah, not to create ssh keys unfortunately
19:14 teatime ZiLi0n: I don't understand what rc=1 is, though...  it should be really easy to have your state only run ssh-keygen if the keypair doesn't already exist.. if you are using e.g. cmd.run, you could use the unless: parameter
19:15 feld joined #salt
19:15 lookcrabs joined #salt
19:15 teatime maybe something like:  unless: '[ -e /path/to/usr/home/.ssh/id_rsa ]'
19:16 ZiLi0n teatime, yeah, thanks! I forgot anbout that one :), thank you!
19:17 AirOnSkin joined #salt
19:18 * teatime notes that you're almost certainly using passphrase-less/plaintext keys, since you're automating ssh-keygen...  and then suggests that you seriously consider whether that is a wise policy.
19:18 murrdoc joined #salt
19:19 irated Any issues with this?
19:19 irated https://gist.github.com/anonymous/111fee80c98c34a096d52f4e4423c5f4
19:20 ageorgop joined #salt
19:20 ZiLi0n teatime, that is absolutely true, for the moment it is a passphrase key. I will have to change the process in the future
19:22 teatime also, make sure you're always being extra cautious in protecting your master... since it can grant access all the rest of your infrastructure :)
19:22 teatime but I stop fillin in for capt. obvious now.
19:23 ZiLi0n teatime, yeah, protect the master is tough I think. I guess only the required ports should be opened and noting else
19:24 teatime it's definitely one of the your highest-priority targets :)
19:24 pipps joined #salt
19:25 ajw0100 joined #salt
19:27 pipps joined #salt
19:27 AirOnSkin joined #salt
19:29 baweaver joined #salt
19:29 Netwizard joined #salt
19:32 babilen edrocks, teatime: I'll work on the sysctl formula very soon and will change the pillar syntax to be nicer and easier to use. I guess I'll have it in the next 10-14 days.
19:32 envintus_ AndreasLutro, is there any reason why apt-get upgrade salt-minion would cause the salt-minion daemon to be in a "dead" state?
19:32 teatime babilen: no worries / no rush or anything.. I just suspected you were probably already done, and that he might like it.
19:32 edrocks babilen: no rush. It's easy if you just use a decent text editor with multiple cursors
19:35 teatime babilen: /msg'd you, something to consider anywya.
19:35 AndreasLutro envintus_: dunno, check the logs!
19:35 envintus_ Nothing in the logs
19:36 envintus_ I'm using cmd.run to pipe the upgrade to at per our conversation yesterday, so that I can use Salt to upgrade its agents on Debian systems.
19:36 envintus_ the agents are upgraded, but the daemon enters a failed (dead) state after the upgrade.
19:37 AndreasLutro check the logs harder - journalctl, try starting the minion in the foreground
19:37 envintus_ will do, thanks
19:37 AndreasLutro not much else one can do
19:38 manji joined #salt
19:40 AirOnSkin joined #salt
19:44 baweaver joined #salt
19:44 lws joined #salt
19:45 akhter joined #salt
19:46 AirOnSkin joined #salt
19:52 PeterO_ joined #salt
19:56 ajw0100 joined #salt
19:59 bltmiller joined #salt
20:03 bantone has anyone done any sort of docker orchastration with salt
20:03 bantone like setting up docker images on a server and orchastrating events
20:03 MindDrive joined #salt
20:03 SpX joined #salt
20:04 _JZ_ joined #salt
20:07 ajw0100 joined #salt
20:08 perfectsine joined #salt
20:08 antpa joined #salt
20:08 murrdoc nope
20:09 murrdoc i like docker-compose for that
20:09 bantone oh..
20:09 bantone will have to do some reading
20:10 murrdoc said no one ever
20:10 murrdoc :)
20:10 murrdoc there is a docker compose formula
20:10 murrdoc that will help
20:11 bantone haha
20:11 aarontc joined #salt
20:12 pipps joined #salt
20:12 anthpa joined #salt
20:13 pipps99 joined #salt
20:15 ageorgop1 joined #salt
20:16 zeroxoneb joined #salt
20:22 west575 joined #salt
20:27 pdayton joined #salt
20:28 ninjada joined #salt
20:30 onlyanegg joined #salt
20:32 belak joined #salt
20:32 belak Is there anything like roles in ansible? I'd like to be able to apply multiple roles to specific hosts, rather than being required to name them in specific ways
20:36 lws joined #salt
20:36 AndreasLutro belak: nodegroups
20:37 mapu joined #salt
20:37 belak Ah, awesome
20:38 _JZ_ joined #salt
20:38 green__ joined #salt
20:40 pipps joined #salt
20:42 skeezix-hf joined #salt
20:45 pdayton joined #salt
20:45 subsignal joined #salt
20:48 * teatime WTB nodegroups that can be modified w/o restarting salt-master
20:49 brianfeister joined #salt
20:49 perfectsine joined #salt
20:50 AndreasLutro second that
20:51 teatime heh, I only use a single 'all' → '*' nodegroup (for file_tree's benefit) currently.
20:52 blarghmatey joined #salt
20:52 AndreasLutro I can actually think of some ways to hack in dynamic nodegroups in top.sls...
20:53 teatime there are definitely solutions.
20:53 teatime well, that aren't technically nodegroups.
20:53 teatime if you mean literally change the value of nodegroups, I would liek to hear those ideas just for curiosity value.
20:54 teatime Naturally, the easiest and most straight-forward means of assigning/tracking roles is also the worst possible choice (role grain)
20:55 rocketnova joined #salt
20:55 AndreasLutro it'd obviously only work with top.sls, you couldn't use it for targetting exec modules.. but {% set group1 = ['host1', 'host2'] %} and then just {{ group1 | join(',') }} to greate a list match
20:56 * teatime will be back tomorrowish.
20:56 DammitJim any of you guys using rabbitmq with salt?
20:57 DammitJim where or how do you guys generate ssl certificates that you then manage through salt?
20:59 bluenemo joined #salt
20:59 aharvey joined #salt
21:02 wendall911 joined #salt
21:02 notnotpe_ dammitjim: commercial CA signed certs or self-signed certs?
21:04 DammitJim self signed
21:04 DammitJim the commercial ones, I have in my "files" folder in the master
21:04 DammitJim but generating self signed and so on for a new server
21:04 DammitJim or creating new certs for clients
21:04 DammitJim that's not something one does with salt, right?
21:05 AndreasLutro there are x509 states/modules
21:05 AndreasLutro but I have no idea how well they work
21:05 DammitJim hhmmmmm
21:05 notnotpeter I don't. I usually generate certs and target them via pillars.
21:06 DammitJim it's so confusing 'cause I don't even know what I would have to do if I needed to add a new client cert for a server cert I created last year... stuff like that
21:06 pdayton joined #salt
21:06 DammitJim yeah, makes sense notnotpeter
21:07 notnotpeter I've scripted the process for generating the certs, but them just target them via pillars. So when I need to rotate I just update the pillars and highstate
21:10 hal58th joined #salt
21:11 MrsWr0ng joined #salt
21:16 ajw0100 joined #salt
21:19 Trauma joined #salt
21:20 lws joined #salt
21:21 aw110f joined #salt
21:27 hal58th joined #salt
21:28 cliffstah how do you guys go about managing your salt master?  do you use salt to manage itself, or something else?
21:28 pdayton joined #salt
21:28 johnkeates joined #salt
21:30 mindsurfer joined #salt
21:31 ajw0100 joined #salt
21:33 ajw0100_ joined #salt
21:34 _JZ_ joined #salt
21:36 Rumbles joined #salt
21:38 djgerm what's the best way to succinctly manage multiple directories?
21:38 pipps joined #salt
21:38 punkoivan joined #salt
21:38 west575 joined #salt
21:38 djgerm you can't have like multi line name: with file.directory right?
21:39 hal58th joined #salt
21:39 hemebond djgerm: Are they all the same except the path?
21:39 djgerm yah
21:39 djgerm and all under a single parent too.
21:39 hemebond Jinja list?
21:39 punkoivan left #salt
21:39 aharvey joined #salt
21:39 hemebond file.directory might take multiple names too, not sure.
21:41 lws joined #salt
21:41 ageorgop joined #salt
21:42 djgerm doesn't seem to…
21:42 djgerm jinja list it is! thanks
21:43 onlyanegg joined #salt
21:43 envintus joined #salt
21:44 Garyx joined #salt
21:45 bbendy joined #salt
21:46 bbendy Hi, is there a way to store output of cmd.run into a variable? im not seeing anything in the docs on how I would go about doing that, if it can be done
21:51 ZiLi0n hello, does anyone know where I can find information about the encryption used by salt on the wire? I am looking around the docs but can't find anything. I swear I read one webpage long ago...
21:53 pipps joined #salt
21:56 pdayton joined #salt
21:57 lws joined #salt
21:58 whatever_sd_ joined #salt
21:58 flowstate joined #salt
22:04 zmalone joined #salt
22:05 CeBe joined #salt
22:08 CeBe joined #salt
22:08 CeBe joined #salt
22:09 CeBe joined #salt
22:10 pdayton joined #salt
22:10 justyns MTecknology: haha thanks, I kind of forgot the SSCE thing was a thing.  I missed saltconf this year, but maybe next time!
22:10 pipps joined #salt
22:11 CeBe joined #salt
22:12 CeBe1 joined #salt
22:12 MindfulMonk joined #salt
22:14 djgerm If I wanted to apply a different string in a jinja template based on whether a word was in the minionid, how would I go about doing that?
22:18 edrocks joined #salt
22:22 sjmh joined #salt
22:24 keldwud joined #salt
22:24 keldwud joined #salt
22:29 keldwud failed the test three times :(
22:29 quasiben joined #salt
22:29 belak How common is it to manage services that just run in docker using salt?
22:29 belak Are there better ways of managing containers?
22:30 belak It seems like then you'd need to do deployments of specific container tags using salt as well, which doesn't seem right
22:31 flowstate joined #salt
22:32 ninjada joined #salt
22:38 baweaver joined #salt
22:38 zenlot joined #salt
22:40 _JZ_ joined #salt
22:41 law joined #salt
22:42 pdayton joined #salt
22:43 jgelens joined #salt
22:43 nZac joined #salt
22:45 fgimian joined #salt
22:47 pipps joined #salt
22:47 lws joined #salt
22:48 quasiben joined #salt
22:51 murrdoc joined #salt
22:53 quasiben joined #salt
22:55 envintus joined #salt
22:59 quasiben joined #salt
23:00 pdayton joined #salt
23:02 onlyanegg joined #salt
23:03 ninjada joined #salt
23:07 perfectsine joined #salt
23:10 perfectsine joined #salt
23:16 onlyanegg joined #salt
23:19 lero joined #salt
23:19 stooj joined #salt
23:20 edrocks joined #salt
23:21 perfectsine joined #salt
23:29 west575 joined #salt
23:32 flowstate joined #salt
23:44 djgerm left #salt
23:44 baweaver joined #salt
23:44 _JZ_ joined #salt
23:45 lws joined #salt
23:46 belak What's the best way to deploy something like an ssl cert to a minion? It seems like it's really inconvenient to store files in pillar
23:51 schinken joined #salt
23:51 quasiben joined #salt
23:59 amcorreia joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary