Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2016-07-12

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:03 MTecknology iggy: How ya been?
00:03 murrdoc he does that in prod code too
00:04 MTecknology HAHA!
00:05 MTecknology murrdoc: Been a while since I've seen you! a bit over two years..
00:05 murrdoc yeh man
00:05 murrdoc once i recruited hickey
00:05 murrdoc i ddidnt need this chatroom anymore
00:05 murrdoc sorry
00:05 murrdoc iggy
00:05 murrdoc not hickey
00:07 MTecknology How ya been?
00:09 iggy keeping all the voices in your head getting harder and harder puneet?
00:09 murrdoc OBAMA IS TRUMP
00:09 murrdoc G NIGHT
00:11 madur0 joined #salt
00:12 bboo joined #salt
00:14 bboo Hi i have an issue i've been trying to track down and wondered if anyone could lend a hand
00:16 bboo the issues is this basically the apt-get package installer seems to be installing "more" then just the requested apt package in pkg.installed .. it's like it's fishing through other sls files and cherry piking other repos to install. this causes some downstream issues
00:16 bboo is there a way to "force" the pkg.installed to just install the one package in the current state definition?
00:17 babilen No, it will install dependencies also as you won't be able to use the software in the package without it.
00:17 babilen What's the actual issue you are trying to solve?
00:18 bboo basically i want to just install "postfix" for example, but later SLSs contain other packages (say rsyslog) the logs do
00:18 bboo ```Executing state pkg.installed for postfix```
00:19 bboo but the actual "act" is this
00:19 bboo ```[INFO    ] Executing command ['apt-cache', '-q', 'policy', 'libnss3-1d'] in directory '/root' [INFO    ] Executing command ['apt-cache', '-q', 'policy', 'sssd'] in directory '/root' [INFO    ] Executing command ['apt-cache', '-q', 'policy', 'libpam-sss'] in directory '/root' [INFO    ] Executing command ['apt-cache', '-q', 'policy', 'nagios-plugins-extra'] in directory '/root' [INFO    ] Executing command ['apt-cache', '-q', 'policy', '
00:19 babilen Okay, could you paste the SLS in question to one of http://refheap.com, http://paste.debian.net, https://gist.github.com, http://sprunge.us, … ?
00:20 iggy bboo: also look at aggregates
00:20 bboo https://gist.github.com/wyndhblb/ed3fcee013b80be6fd1b4464c6bc5b90
00:21 babilen bboo: Is that the entire content?
00:21 bboo that's just the postfix on .. there are zillions of other "includes" in the top (of which "nagios" is one, another is sssd)  but nothing is "requireing" postfix
00:22 babilen bboo: Well, those includes will be run also. That's one effect of including other SLSs.
00:22 bboo (you'll notice "postfix" is not even in that apt-cache grab
00:23 babilen Which command did you execute?
00:23 emaninpa joined #salt
00:23 nyx joined #salt
00:25 bboo o just state.highstate
00:26 babilen And you targeted the SLS with postfix and the "bazillion other includes" to your minion?
00:26 bboo yes
00:26 babilen Why exactly does it surprise you that the included SLSs are evaluated?
00:28 babilen For a moment I thought that you might be looking for https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.state.html#salt.modules.state.sls_id, but if you run a highstate it shouldn't be too surprising that it runs everything that has been targeted to the minion
00:29 bboo first off the lack of the package 'postfix' itself in that grab, second it sometimes adds packages that have a "repo" required, but that repo does not even get installed first
00:29 babilen I wouldn't be surprised if salt installed postfix later. Are you sure that it is not being tested for nor installed at all during the highstate run?
00:30 ajw0100 joined #salt
00:30 babilen How do you require a repository? Could you paste a complete example of the repository state, the pkg.installed state that requires it and some output that exemplifies the behaviour?
00:31 bboo sure i put one such in https://gist.github.com/wyndhblb/ed3fcee013b80be6fd1b4464c6bc5b90
00:31 bboo (seriosly the state dump is over 200000 lines long)
00:33 babilen Looks like a problem with the combination of extend and require_in
00:33 babilen But the result is that mfp-rsyslog-repo runs after upgrade-system-rsyslog ?
00:34 bboo correct
00:34 babilen Does the same happen if you add the require_in directly to the upgrade-system-rsyslog state?
00:34 babilen err .. s/require_in/require naturally
00:35 bboo it happens to a few other repos as well, but the dependent apt-packages sometimes get stuck in the `apt-cache` blob
00:35 bboo yes it does
00:35 bboo i've tried all sorts of things to get rid of it
00:35 bboo ordering includes, requires_in, require some "cmd.run", etc, etc
00:36 iggy don't use extend?
00:37 bboo (salt version 2016.8.10)
00:37 bboo 2015.8.10
00:37 bboo yes i tried the "lack" of extend as well
00:37 babilen Just to confirm: You use https://www.refheap.com/121410 and then run "salt 'foominion' state.sls rsyslog" and the upgrade-system-rsyslog state runs before the mfp-rsyslog-repo one?
00:37 sagerdearia joined #salt
00:38 babilen Could you run that command and show us the output?
00:38 bboo no only in highstate (or another state.sls that includes a few other things)
00:38 bboo i.e. include: -rsyslog, -postfix, -stuff, -morestuff
00:39 MTecknology NOOOO!!!!
00:39 MTecknology My SaltConf notebook broke! :'(
00:39 MTecknology the little elasticy thingy fell out of the hole thingy
00:39 babilen So the rsyslog SLS works as expected, but you are using a design that goes super crazy on includes, require: sls: ... and extends and that messes up the state order?
00:41 babilen bboo: Can you add additional things to rsyslog.sls so that it exhibits the problematic behaviour? What did you have to add in order for it to behave that way?
00:41 bboo if i reorder the things in the 'include' it behaves differently, picks differe apt-caches to choose from, all before installing the repos nessesary for them to be used
00:41 babilen I was also always cautious with sls: requisites
00:42 babilen Well .. a "- require: - pkgrepo: foo" statement should ensure that that state runs *after* the requires pkgrepo state.
00:42 bboo in a prior version of salt i seemed to recall that if one used -names vs -pkgs in pkg.installed it would attempt to do them "one by one" or "all in the list" but this behavior is new
00:43 babilen It is not surprising that reordering includes changes state execution order
00:43 iggy and it's not aggregation?
00:43 bboo yea that does make sence to me as well, the merging of various "pkg.installed" sub-states is the weird part
00:43 hemebond It's a master setting.
00:44 iggy also, I think the pkgrepo docs say to use require_in on the pkgrepo state vs require on the other side
00:44 babilen https://docs.saltstack.com/en/latest/ref/configuration/master.html#state-aggregate
00:44 iggy it can also be triggered if any of the pkg.installed say to aggregate
00:45 bboo ahha!
00:45 babilen The pkgrepo.managed documents on require_in mentions "Set this to a list of pkg.installed or pkg.latest to trigger the running of apt-get update prior to attempting to install these packages. Setting a require in the pkg will not work for this."
00:46 babilen But the pkgrepo.managed state should still be executed before the pkg.installed one
00:46 babilen "Setting a require in the pkg will not work for this." is just one of those "why on earth is that the case" idiosyncrasies of salt?!
00:46 bboo thus the "extend" and/or "require_in" where tried
00:47 babilen I am still advocating coming up with a minimal example that exemplifies the problem
00:48 bboo turning off state_aggregate did the trick
00:48 babilen So far I havent't seen any "aggregate" mentions either
00:48 babilen Did you have that master setting?
00:48 bboo yea apparently it was added a bit ago .. "yea git logs"
00:48 hemebond state_aggregate:
00:48 hemebond - pkg
00:49 bboo it was just set to `state_aggregate: True`
00:49 hemebond I don't know what that would do.
00:49 hemebond I guess that aggregates all states.
00:50 hemebond I just have it set to aggregate the pkg states so it installs everything in one command.
00:51 bboo yea i think that was the "idea" but it seems to not obey the extend/require_in sometimes
00:52 bboo i'll try to find a "small" example that i can reproduce and submit a report
00:52 iggy I'm glad it wasn't like the first thing I suggested
00:53 bboo iggy: was not sure what you meant by "aggregates"
00:54 iggy it's cool, I'm just taking the piss
00:54 Nahual joined #salt
00:56 bboo didn't even know there was that setting .. a former person no longer w/ us set it .. things have chnaged much since the 0.14 days
00:57 manji joined #salt
01:01 iceyao joined #salt
01:05 flowstate joined #salt
01:07 rem5 joined #salt
01:09 ninjada joined #salt
01:25 catpigger joined #salt
01:28 rem5 joined #salt
01:33 teryx510 joined #salt
01:41 coldbrewedbrew_ joined #salt
01:46 coldbrew- joined #salt
01:47 mohae joined #salt
01:56 zero_shane joined #salt
02:02 nethershaw joined #salt
02:04 JPT joined #salt
02:05 flowstate joined #salt
02:06 west575 joined #salt
02:17 aberdine joined #salt
02:22 DEger joined #salt
02:26 c4t3l joined #salt
02:30 c4t3l joined #salt
02:33 evle joined #salt
02:35 pocketprotector joined #salt
02:51 squishypebble joined #salt
02:51 orionx joined #salt
02:52 racooper joined #salt
02:53 c4t3l hello everyone.  has anyone here been able to get the gpg pillar renderer to work with an external pillar?  I'm using etcd as ext_pillar and I can't seem to get it working.  The states that call the pillar never render the gpg.
02:54 c4t3l is gpg pillar only intended to work with file-based pillar?
02:55 justanotheruser joined #salt
02:59 rem5 joined #salt
03:02 badon joined #salt
03:05 flowstate joined #salt
03:07 ekristen joined #salt
03:08 teryx510 joined #salt
03:08 c4t3l it should be noted that my tests do work from a local file-based pillar
03:11 mohae_ joined #salt
03:13 nethershaw joined #salt
03:18 g3cko joined #salt
03:18 treaki_ joined #salt
03:20 ekristen_ joined #salt
03:26 emaninpa joined #salt
03:26 sjmh joined #salt
03:52 sjmh joined #salt
03:53 fannet joined #salt
03:55 colegatron_origi joined #salt
04:03 ageorgop joined #salt
04:04 flowstate joined #salt
04:07 bilal80 joined #salt
04:16 hasues joined #salt
04:19 hasues left #salt
04:20 auzty joined #salt
04:25 orionx joined #salt
04:36 orionx_ joined #salt
04:39 kshlm joined #salt
04:47 ajw0100 joined #salt
04:50 whitenoise joined #salt
05:03 flowstate joined #salt
05:06 onlyanegg joined #salt
05:07 mohae joined #salt
05:14 pcdummy joined #salt
05:14 evle1 joined #salt
05:15 pcdummy joined #salt
05:22 TomJepp joined #salt
05:23 onlyanegg joined #salt
05:35 keimlink joined #salt
05:35 kawa2014 joined #salt
05:39 felskrone joined #salt
05:42 evle joined #salt
05:48 cyborg-one joined #salt
05:53 rdas joined #salt
05:53 iggy c4t3l: they would only work with file/gitfs/etc based afaik... because you have to have the slsshebang there
05:55 jhauser joined #salt
05:59 chbiel joined #salt
05:59 onlyanegg joined #salt
06:01 chbiel hi, i am struggling with a problem and cannot find a solution. maybe someone has a hint on how to solve this: we currently try to build a galera cluster with salt. one step in the installation process is, that you have to execute a command to create password hashes to let maxscale access the database. this generated password needs to be written into a config file. the problem is: how do I get the return value of "cmd.run" in my state f
06:02 evle joined #salt
06:03 iggy {% var galpass = salt['cmd.run']('somecommand') %}
06:03 flowstate joined #salt
06:05 POJO joined #salt
06:08 colttt joined #salt
06:08 chbiel @iggy: thanks. do you also have an idea how I can build up the dependencies in that case? before i can execute the command i have to ensure the package is installed. as i understood the {% ... %} parts are executed before any state is applied. right?
06:10 manji joined #salt
06:12 colttt joined #salt
06:15 POJO joined #salt
06:16 kshlm joined #salt
06:17 POJO joined #salt
06:21 iggy true
06:23 iggy have to multiple highstates it is I guess
06:23 manji joined #salt
06:25 hemebond chitown: You have to install packages before generating the password?
06:25 chbiel @iggy: sounds dirty :D I thought it have to be impossible that we are the first ones how have such a problem. there are many tools out which need such configuration steps :(
06:27 emaninpa joined #salt
06:35 colegatron_origi joined #salt
06:35 DEger joined #salt
06:39 chbiel @hemebond: yes, "maxscale" needs to be installed.
06:45 infrmnt joined #salt
06:47 hemebond Required across multiple servers?
06:51 DEger joined #salt
06:52 chbiel @hememond: every server needs to execute the command to generate the hashes and on every of that servers maxscale needs to be installed. if you meen that.
06:53 hemebond The same password?
06:53 hemebond Or is it separate generation for each minion?
06:54 chbiel the same password in used for each minion but the resulting hash differs between the minion
06:54 hemebond That seems fairly straight-forward.
06:54 hemebond You choose the password, yeah?
06:54 chbiel yes
06:55 hemebond So you generate the hash into a file.
06:55 hemebond Either use that file directly (like in a conf.d directory) or a later state can build the config by also reading that file.
06:56 chbiel *.d-is not possible in that case.  we tried the "write to file approach" but we did not find a way to read the content within the same highstate run
06:57 hemebond Oh? What did you try for reading the file?
06:59 chbiel {% File.read %} but in that case the file gets read in templating phase but not when the command got executed
06:59 chbiel is there a state to read the file that i miss?
06:59 hemebond Right. What about a cmd.run?
07:00 hemebond Or... wait... is cmd.run a state module?
07:00 hemebond One sec
07:00 chbiel cmd.run does not offer the return values from the run command
07:01 hemebond No, but could you not just append it to the config file?
07:01 sfxandy joined #salt
07:01 hemebond Or, my first thought was a custom grain.
07:01 hemebond Write a grain that reads the file and returns it.
07:02 hemebond Then again it won't have refreshed by then.
07:02 chbiel the is the current appoach we use. but this seem messy. we call a bash script that executes the maxscale command and sets the grain
07:03 hemebond Can you not have the config file.managed require the pkg for maxscale?
07:04 flowstate joined #salt
07:05 guedressel_ joined #salt
07:07 chbiel that would be possible. beside the required pkg we also need to create a directory before executing the command.
07:08 hemebond At which point you can use the command iggy shared.
07:08 chbiel but in general salt is missing something there i think
07:08 hemebond Hmm, I'm not so sure.
07:09 hemebond You could also write a custom module to run the command.
07:09 chbiel i have these steps: 1. create directory 2. install the package 3. run the command 4. use the command and write the return from 3 in a file
07:09 hemebond Wait, no you can't use iggy's command.
07:10 chbiel yes because it gets executed too early
07:10 hemebond Those steps you write seem straight-forward.
07:10 hemebond I see three states.
07:10 hemebond Explicit dependencies.
07:10 chbiel and my missing part is a state module that offers me a way to reuse the stdout from 3) in 4)
07:11 hemebond But you don't really need it.
07:11 chbiel yes
07:11 hemebond It might be nice I suppose if you could cat a file into another... Yeah, I'm not sure what you'd create for it.
07:11 fracklen joined #salt
07:12 chbiel yes.
07:12 KingJ joined #salt
07:12 chbiel big thanks for discussion. i have a meeting now.
07:12 hemebond Good luck :-)
07:14 chbiel thanks. i think the best/easiest solution would be the possibility to add sources in file.managed the the varibale content that will be inserted gets read from a file before (or something similar)
07:14 fracklen joined #salt
07:14 chbiel have a nice day!
07:16 ronnix joined #salt
07:18 manji joined #salt
07:19 deniszh joined #salt
07:22 UForgotten joined #salt
07:23 DEger joined #salt
07:26 UForgotten joined #salt
07:27 ninjada_ joined #salt
07:27 ralish joined #salt
07:28 ralish A quick question someone here might have some insight on. Is there an elegant way to run pkg.latest if a state has changes, but pkg.installed otherwise?
07:29 ralish The specific use case for me is I want to run pkg.latest if a pkgrepo state has changes (repo added or removed) as this would imply any package already installed is probably the wrong version
07:29 felskrone joined #salt
07:29 ralish On the other hand, if a repo didn't change, the installed version is probably fine. I'm not sure if there's a good way to do this without "duplicate states" (essentially, a pkg.latest with an onchanges and a pkg.installed)
07:30 hemebond ralish: Probably better to use explicit versions or latest.
07:30 hemebond Either you want the package updated or you don't.
07:30 hemebond That's how it seems to me at least.
07:30 ralish hemebond: Risky in prod though with all the potential package churn that could imply
07:31 hemebond What do you mean?
07:32 ralish Well, if it's pkg.latest, anytime an update is released and the salt states are run the update will be installed. That could result in database servers/web servers/etc... being rebooted, which isn't necessarily desirable and potentially disruptive
07:32 hemebond Sure, that's why I always specify a version.
07:33 ralish Yeah, the issue is the states I've got make the pkgrepo optional based on pillar data, so we could specify the version, but it adds a bit of complexity I'm hoping to sidestep (the version would differ based on circumstances)
07:33 ralish Sounds like a really elegant solution doesn't exist, but it'd be nice as a future addition for some sort of handling, though I'd have to have a think as to how to implement it in a sane way before opening a feature request
07:34 ralish Or rolling up sleeves and trying to implement myself :>
07:34 babilen ralish: You can probably model this with (pre-)requisites and duplicate states
07:35 ralish babilen: Yeah, that's what I'm thinking, have a pkg.latest w/ an onchanges linked to pkgrepo state, and a pkg.installed otherwise
07:35 babilen What decides if a pkgrepo is added or removed?
07:35 Sylvain31 joined #salt
07:35 ralish babilen: Technically or our use case? Technically Jinja template checks if a boolean exists in pillar and only includes the state if so
07:35 babilen You might be able to use that information explicitly and just execute different branches based on that data
07:35 ralish Yeah, good idea
07:36 babilen That feels a lot more explicit and less prone to break/exhibit unwanted behaviour
07:36 ralish Hmm, I'll see if i can hack something equivalent together based on templating with the two pkg states, sounds like that's the best option right now
07:36 ralish Yep, thanks babilen / hemebond
07:37 babilen {% if salt['pillar.get']('update:the:thing') %} for pkg in PKG_LIST pkg.latest {% else %} for pkg in PKG_LIST pkg.installed {% endif %}
07:38 ralish yep
07:38 ralish I'll gist the end result if anyone's curious
07:38 babilen sure :)
07:39 babilen Are state module functions first class ?
07:39 Kurisutian joined #salt
07:40 babilen Not sure where you'd find them though
07:40 ralish I'm not sure I understand the question?
07:41 babilen I was thinking of {% set the_pkg_state = __salt_state_dictionary__['pkg.latest'] %} ..... foo_state: {{ the_pkg_state }}: ...
07:42 babilen Obviously doesn't work like that, but handing around state modules functions would be nice in this case
07:44 ralish mmm, yeah, that's an interesting approach, I'll investigate that further if I can't get a requisite approach to work sanely
07:45 babilen Well, it doesn't work and I somewhat doubt that it ever will with the current renderers ..
07:45 Kurisutian Hi! Another day another salt-ssh challenge: I currently look for a way to define the options when running sudo. Is there a way to set them in salt? I need to run 'sudo -iu' to switch users. Does salt-ssh have a setting or respects that?
07:45 babilen Kurisutian: Just install a master! ;)
07:46 Kurisutian babilen: I wish I could do that... :)
07:46 babilen I know .. well aware of your situation :)
07:48 Kurisutian babilen: They won't even install python-profiler to the squeeze systems since they will just support replacing them. What happens in the time between they don't care... so I just focus on the working ones which require "sudo -iu" to switch users... ;)
07:48 babilen Because $POLICY I guess?
07:49 hemebond I wonder if they're being unreasonable or if they've been burned before.
07:50 Kurisutian Exactly... I really want to establish salt here as a framework, rather than just Ansible as a local tool... but I have to approach this from the same direction like Ansible... ssh and privilege escalation... :D
07:50 hemebond s/unreasonable/uncooperative
07:51 babilen Kurisutian: Could you try handing that over as environmental value or would your SSH server not allow that?
07:52 TyrfingMjolnir joined #salt
07:52 babilen Kurisutian: It's a bit unfair as you are essentially restricting salt to a way of working that is tailored for Ansible, while you are not requiring Ansible to support the same set of features
07:52 Kurisutian I think it's a combination of all things... mainly they seem to have built their puppet code in such a bad way that limits their actions. I'm only responsible for non-live systems but obviously they have a limitation separating them from the live settings... which I presume is a puppet code issue they want to cover to not get more workload...
07:53 hemebond Ugh, Puppet.
07:54 hemebond So you're not just managing non-prod machines, you're doing the setup and stuff that would go into prod somehow?
07:54 Kurisutian babilen: What do you mean as an environmental value? Well, I want to restrict salt to get it into the game first... right now everybody uses Ansible due to the lack of support they get from the operators...
07:55 babilen Kurisutian: env var -- SUDO='sudo -iu'
07:55 babilen I'm not exactly sure if salt would honour it even if your SSH server lets you pass it.
07:57 babilen It is such a shame that "department A doesn't want us to use GREAT_TOOL" plays in favour or Ansible as it makes it easier for people to just "sneak it in"
07:57 Kurisutian hemebond: we are having some pre-live systems and some acceptence stages here mainly with jboss, tomcat and springboot which we maintain starting from the application level. The OS and packages are provisioned by the operators as well as the restrictions. The systems should be the last step before going into production... it was already a tough call getting them to tolerate rundeck as one of our tools and only because we use the
07:57 Kurisutian JAR Version of it...
07:57 babilen Thereby not necessarily finding good technical solutions, but those that cement existing and arbitrary structures and procedures
07:59 quaie joined #salt
07:59 DEger joined #salt
08:00 babilen Kurisutian: Salt seems to run something like "exec $SUDO "$py_cmd_path" which is why I was thinking of the env var appraoch
08:01 babilen Hmm, this might not be too hard to implement
08:03 quaie hallo everybody; i am trying to connect a 2015.8.8.2 master with a 2016.3.1-1 minion; the key exchange works ok, but somehow the zeromq connection doesn't function properly. the minion breaks at [DEBUG   ] Initializing new AsyncZeroMQReqChannel for ('/etc/salt/pki/minion', 'minion1', 'tcp://x.x.x.x:4506', 'clear') with *** stack smashing detected ***: /usr/bin/python2.6 terminated ; is there a bug preventing different versions to work
08:03 babilen Kurisutian: https://github.com/saltstack/salt/blob/develop/salt/client/ssh/__init__.py#L1010
08:04 flowstate joined #salt
08:04 hemebond quaie: The master should always be the same or a newer version.
08:05 sfxandy quick question, whats the correct format for creating a mine function alias for the function network.ipaddrs[eth0]?
08:05 babilen sfxandy: Do you really have a hardcode the interface?
08:05 Kurisutian babilen: so the best way to handle this would be a feature request for the Salt-Devs, I presume?
08:05 hemebond sfxandy: Ugh
08:05 hemebond One sec, I'll look through my notes from last night to see if I succeeded in a mine alias.
08:06 sfxandy no i dont have to hardcode the interface
08:06 ninjada joined #salt
08:06 babilen sfxandy: https://www.refheap.com/121413
08:07 babilen sfxandy: But I'd rather use the CIDR like: https://www.refheap.com/121414
08:07 babilen (adapt to your own networks)
08:08 babilen Kurisutian: I guess -- I am currently checking if one exists alrady
08:08 sfxandy i presume you prefer that because you're not referencing a specific interface... or not relying on a specific interface always being present
08:09 babilen sfxandy: Exactly, you normally don't care about interfaces (let the network people deal with that), but addresses in specific networks.
08:10 sfxandy understood, never thought of adopting that approach.  i know on the VMs i deal with (some ESXi, some OpenStack/Bright) the interfaces can be eth, bond or en
08:10 babilen And just imagine all the changes you'd have to make to your codebase if your infrastructure starts to use SystemD's predictable network interface names -- https://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames/
08:11 babilen I have enp5s0 and enp0s31f6 on my workstation now
08:12 sfxandy lovely
08:12 hemebond My Salt mine alias still isn't sending anything back. yay :-(
08:12 babilen It will probably take a while before that hits your production boxes, but we had a customer that was burned badly as they suddenly couldn't rely on the fact that the interface with the public address was named "eth0" anymore
08:12 sfxandy babilen, so the VM I am currently on has an interface of eno16777984
08:12 babilen \o/
08:13 sfxandy indeed
08:13 Kurisutian babilen: request opened -> https://github.com/saltstack/salt/issues/34598
08:13 saltstackbot [#34598][OPEN] [request] please make salt-ssh sudo flags/options configurable | As it is required for me to run salt through salt-ssh I have some servers which I need to connect personalized first and once connected I have to escalate privileges to another local user by running 'sudo -iu <localtooluser>'. ...
08:13 sfxandy i do like your CIDR approach
08:13 babilen Kurisutian: Thank you .. it will probably take a while before that hits a salt version you can use
08:14 sfxandy ok thanks babilen, one of these days I'll repay the several dozen times you;ve helped me out !
08:14 Kurisutian babilen: well maybe I need to cover these affected servers (not all of them) with Ansible in the meantime then, but I will at some time in the future be able to migrate... thanks.. ;)
08:14 babilen Kurisutian: There was some (administrative) progress on https://github.com/saltstack/salt/issues/31074#issuecomment-231711635
08:14 saltstackbot [#31074][OPEN] salt-ssh sudo_user execution not running as sudo_user | Hi,...
08:15 babilen Kurisutian: You know that means that you'd just use Ansible, don't you?
08:15 babilen Arguably it might be the better tool given your requirements
08:17 babilen Kurisutian: Can't you use Ansible to install salt minions?
08:18 Kurisutian babilen: Is it possible to do that without admin rights?
08:19 babilen Kurisutian: The minion would essentially need root to function (be that because it is running as root or because it can use sudo is irrelevant)
08:19 babilen I don't think it really is an option for you :(
08:20 Kurisutian babilen: Can't they run as unpriveleged users? Ultimately they would need to run in the tooluser context anyway....
08:21 babilen Kurisutian: Sure, you could just configure them with the same minion options we tried to use with salt-ssh
08:21 lero joined #salt
08:21 Kurisutian babilen: I currently am negotiating this with the operators to run the minions in the tooluser context so they cannot perform root actions. But negotiations got stuck which is why I looked at salt-ssh
08:22 babilen But you need to be able to still run specific commands as specific users, don't you?
08:22 Kurisutian babilen: Is there some minion tarball I can push to the servers along with the configuration and have the minion started there? This would do the trick... and I would use Ansible for that to ensure the minion keeps running... :D
08:23 babilen You could easily install/bootstrap salt-minion in a Python virtualenv
08:24 babilen I mean even if you get salt to run as "tooluser" you have the requirement to run CMD_1 as USER_A and CMD_2 as USER_B, don't you?
08:24 Kurisutian babilen: The idea is to run multiple minions in the required user context if needed. Most of the time there is just one tooluser with the needed privileges so it only needs to run as this user... somtimes there are two, so I have to run two minions and target different hostnames to access the correct one...
08:24 babilen (even if that essentially amounts to the same thing, namely "tool runs 'CMD_1' and 'CMD_2' with sufficient privileges"
08:25 Kurisutian babilen: No, only as the tooluser... which I could do by running the minion as that user
08:26 babilen My actual advice would be: Either you sort out the "can't install minions" problem or use Ansible
08:26 babilen Your requirements are not covered by salt-ssh at the moment and you don't want to fight this for the rest of the time
08:27 Kurisutian babilen: and maybe have a second minon with a hostname scheme like <tolluser>-<machinename> so I can target the host based on the user action performed... ;)
08:27 s_kunk joined #salt
08:27 Kurisutian babilen: OK, thanks for your recommendation on that :)
08:29 om joined #salt
08:30 babilen Kurisutian: How many hosts do you have btw?
08:31 Kurisutian babilen: Currently about 120 but it keeps growing as we take over more systems day by day
08:31 DEger joined #salt
08:32 fannet joined #salt
08:32 babilen Okay, salt scales really well, but I don't think it really makes a difference at your size
08:32 babilen I take it that Ansible runs are not scheduled, but performed manually on a few selected boxes?
08:34 babilen In the end this is a hard decision and you guys just need to figure out what you *really* need and where you want to go. If features such as reactors, salt mine, schedules, beacons, ... are important for your environment then Salt might be an excellent choice.
08:34 Kurisutian Exactly... I might use rundeck for the scheduling then... don't really want to pay for ansible tower ;)
08:34 babilen If the most important thing is "Can't change anything, people have to sneak in better tools through the backdoor without anybody noticing" then, well, that's a requirement that would favour Ansible at this point.
08:35 Kurisutian This is why I wanted to establish salt as it offers a lot more than Ansible which might come in handy soon for complete automation tasks of deployments and such... ;-)
08:35 babilen Salt shines if you want to do powerful things with many many minions ... roll out changes over tens of thousands of boxes ...
08:36 watersoul joined #salt
08:36 babilen Unfortunately salt-ssh isn't nearly on-par with Ansible (which is not surprising really)
08:36 om joined #salt
08:36 GreatSnoopy joined #salt
08:36 babilen (but then .. does Ansible have a minion at all?)
08:37 hemebond Ansible does not have a minion or agent.
08:39 rdas joined #salt
08:39 Kurisutian the way I see it is that salt would offer way more options in the future and offer more freedom and flexibility of what can be accomplished... which is why I wanted to establish it here... ;)
08:41 hemebond That's why I'm setting up another test environment using Salt; so I can show that it's easier than the current Puppet setup.
08:42 ninjada joined #salt
08:43 keimlink joined #salt
08:43 Xenophon1 joined #salt
08:43 CeBe joined #salt
08:49 Kurisutian hemebond: Well, if it would be that easy. The company just is to big to have them switch at that point. They sould do or at least do some code cleanup and refactoring but they won't...
08:53 tucco joined #salt
08:53 tucco hi
08:56 s_kunk joined #salt
09:00 ninjada joined #salt
09:03 flowstate joined #salt
09:07 KermitTheFragger joined #salt
09:08 mackripeum joined #salt
09:12 ralish babilen / hemebond: https://gist.github.com/ralish/370b8ae380804a1a20a5bbf61d3c7b97
09:13 ralish My quick testing suggests this works (see lines 7-18), it definitely handles upgrading packages on pkgrepo changes, in theory it should also handle downgrades on removal, but APT seems to be clever enough to not downgrade an installed pakcage
09:13 Sylvain31 hi, can unless or only if be a salt.module call instead of shell command? in cmd.run or cmd.script ?
09:13 ralish Although, in an indirect sense, it won't downgrade it, because the installed version is newer than the repo version, and it won't reinstall it, because it seems to preserve the package URL of installed packages, yet considers the URL not available
09:14 ralish Doesn't bother me, handling downgrades on repo removal is a very edge case, upgrading packages on a new repo upstream is not
09:14 babilen ralish: Very nice :)
09:14 ralish (Ended up not using onchanges, the above seems to work well in that it dynamically sets the module function based on Jinja logic to determine if the repo already is installed)
09:14 ralish Cheers :)
09:15 babilen I find it a lot clearer than a concoction of arcane requisites
09:15 ralish Yeah, ditto, it's less code than I expected, and avoiding "duplicate" states except by the state function feels desirable
09:15 ralish Less code is generally better I think
09:15 babilen Absolutely
09:16 ralish So yeah, mission accomplished I think
09:16 ralish FYI: The exact reason behind this is developers using some Salt states to provision one of several apps, some of which require newer package versions than in distro repos, so we install the upstream repos (e.g. nodejs)
09:16 babilen One thing I dislike is that you use two different apporaches for "pkgrepo.managed" / "pkgrepo.absent" and "pkg.installed" / "pkg.latest"
09:16 ralish But if they already have nodejs installed, it won't upgrade the package, which can then cause problems, this fixes that
09:17 DEger joined #salt
09:18 ralish It'd be more code to use the same method? We'd have to set a boolean variable which then can be used to switch between the functions
09:18 babilen I'd unify the handling of that (either by defining "pkgrepo_function" or something or by moving the pkg.latest logic into the state)
09:18 ralish Although, admittedly, not much more code, hmmm
09:18 ralish yeah, it'd probably be cleaner
09:19 babilen It's just that all "state function selection logic" happens in one place and is not all over the place. You'll appreciate that in the future, I'm sure
09:19 babilen (in particular if you add additional states as you will sure do)
09:21 ralish Better? https://gist.github.com/ralish/370b8ae380804a1a20a5bbf61d3c7b97
09:21 babilen brb
09:21 ralish bonus: gets rid of needing to initialise the variable to a default near the top via default Jinja filter
09:21 ralish np!
09:21 babilen Hmm .. Personally I would have preferred to move everything into the "header" and to just reference those values later on (so exactly the other way round)
09:22 ralish When you say move everything I'm a bit unclear? As the actual upgrade logic is specific to the PPA state, so only runs on Ubuntu
09:23 ralish (Which admittedly is all it targets right now, but that could change, so I can't move it outside of that Ubuntu specific if block for the nodejs_install_nodesource_repo state
09:23 ralish If you have to go though don't let me keep you, I'm about to head home anyway, getting late where I am ;)
09:23 babilen I meant to *not* have {% if .... %} ... {% else %} in the states (line 22, 24, 26, ..) but to simply reference "pkgrepo_function" as before ..
09:24 babilen Not actually sure if that is easier to read, but that way everything happens in the "header"
09:24 babilen All the best and have a good night! :)
09:24 ralish ah, I see
09:24 ralish Cheers!
09:26 babilen joined #salt
09:29 armyriad joined #salt
09:34 Sylvain31 "Access denied for user 'root'@'localhost' (using password: NO)" in a state cmd.run (so shell client) if I run on the master "salt 'mta0*' state.apply mta.postfix_mysql_table" but works with salt-call on the minion, of course there's a  .my.cnf and it is declared in /etc/salt/minion.d/ but should not be used for that… so what?
09:35 hemebond Sylvain31: You're running Salt minion as root, yeah?
09:35 * babilen runs Sylvain31 with --verbose --paste
09:36 Sylvain31 I always supposed it was running as root, yes, how do I check?
09:38 Qlawy Anyone using winrepo?
09:38 Qlawy I have hmm strange problem
09:39 Qlawy I set winrepo gitlink for my local git
09:39 Qlawy changed it later to other link
09:39 Qlawy and... it still tries to use old one oO
09:44 Sylvain31 http://paste.debian.net/780550/
09:46 hemebond Sylvain31: Does running any of that require environment variables?
09:46 hemebond To make it work successfully?
09:46 Sylvain31 hemebond: "salt-call config.get user" : root
09:47 hemebond Salt does not use or inherit environment variables so if you're depending on those for commands to find configs, etc, then it will likely fail.
09:48 arnaud hello
09:49 arnaud is that possible to target nodes that belong to a group AND with a certain grain value?
09:49 DEger joined #salt
09:49 Sylvain31 hemebond: I see, so may be $USER, or $HOME is missing…
09:50 hemebond Correct.
09:50 hemebond Try setting the environment variables in the state to see if it helps.
09:51 H2Ov4 joined #salt
09:51 Sylvain31 or runas?
09:51 H2Ov4 Morning
09:52 hemebond Sylvain31: No, in the state that's failing see if the state module supports setting environment variables.
09:52 H2Ov4 So I've got a salt master with a single state. What I want to do is the following: whenever a salt minion gets added (salt-key -a minionid) then automagically tell the salt minion (or master) to update the state of the salt minion
09:52 H2Ov4 I've been looking at the reactor module but couldn't really figure out what to do
09:53 hemebond H2Ov4: That's some advanced stuff.
09:53 hemebond But basically you listen for an event (minion started or accepted) and then run a state file.
09:53 H2Ov4 seriously? I've been searching for a while now but couldn't find a straight answer...
09:54 AndreasLutro the reactor docs should have you covered
09:54 Qlawy H2Ov4: run this on salt master: salt-run state.event pretty=True
09:54 Qlawy then connect new minion
09:54 Qlawy and you will know how event looks
09:55 babilen Sylvain31: https://docs.saltstack.com/en/latest/ref/states/all/salt.states.mysql_query.html#salt.states.mysql_query.run accepts normal query connection parameters in OPTS are as arguments
09:56 H2Ov4 I'm using a java backend to manage some other stuff. I used some java library to add a salt minion to the salt master with saltapi. So my other option was to send a command via java to salt api to execute highstate...
09:56 babilen s/are/and
09:56 manji joined #salt
09:57 Qlawy btw, is is possible to use archive.extracted to multipart tar/zip/rar archive?
09:59 manji joined #salt
10:01 H2Ov4 @Qlawy thanks for the tip!
10:01 H2Ov4 that said, weird name :P
10:02 H2Ov4 Thanks all for the tips and guiding me in the right direction
10:03 flowstate joined #salt
10:03 Sylvain31 babilen: it's command line tools for my question, the ENV diff mentioned by hemebond is probably the trick here, I'm not using the state.mysql_query here, I could be possible, also using mysql-formula, but it becomes tricky as it install ricular dependency between pillar, state, databases to be create, schemata to be generated, and more, I was doing quick script, and my question was about why diff between salt
10:03 Sylvain31 and salt-call on command line config, I already fixed query connection parameter for salt. ;)
10:05 DEger joined #salt
10:15 ronnix joined #salt
10:18 CeBe joined #salt
10:22 krymzon joined #salt
10:28 Sylvain31 hemebond: thanks for your suggestion, was runas: missing. So long to diagnoze :~( working solution http://paste.debian.net/780570/
10:28 hemebond Sylvain31: Oh, well done :-)
10:29 emaninpa joined #salt
10:31 Kurisutian left #salt
10:34 arnaud is that possible to target nodes that belong to a group AND with a certain grain value?
10:35 iceyao joined #salt
10:37 DEger joined #salt
10:37 whaity joined #salt
10:38 kshlm joined #salt
10:39 yomateo joined #salt
10:40 yomateo joined #salt
10:41 smera joined #salt
10:42 manji joined #salt
10:42 smera hi all, i am using nginx formula
10:42 smera when i apply state i can curl localhost localy but cannot access site from outside
10:42 smera no fw rule and all ports are open
10:50 arif-ali joined #salt
10:51 teryx510 joined #salt
10:52 teryx5101 joined #salt
10:52 POJO joined #salt
10:54 fannet joined #salt
10:55 smera joined #salt
10:57 garphy joined #salt
10:58 kaushal_ joined #salt
10:59 smera joined #salt
11:04 flowstate joined #salt
11:06 N-Mi joined #salt
11:08 DEger joined #salt
11:13 amcorreia joined #salt
11:19 H2Ov4 left #salt
11:23 ninjada joined #salt
11:24 fracklen Does anyone have an ETA on 2016.3.2 ?
11:24 DEger joined #salt
11:31 watersoul_ joined #salt
11:46 pcdummy https://rene.jochums.at/having-fun-with-saltstack-and-ext_pillar-mongo
11:46 pcdummy smera... not there..
11:47 pcdummy arnaud: you mean via the salt command, yes.
11:47 pcdummy arnaud: https://docs.saltstack.com/en/latest/topics/targeting/
11:48 babilen fracklen: AFAIK it was scheduled for tagging soon with a release in about 2 weeks
11:48 hemebond arnaud: A quick look suggests it is not possible but maybe just create a new node group.
11:48 numkem joined #salt
11:48 pcdummy ups then
11:48 arnaud yep I suspect that
11:48 arnaud thx hemebond pcdummy
11:49 arnaud will have to create other group
11:49 Sylvain31 https://docs.saltstack.com/en/latest/ref/states/all/salt.states.file.html#salt.states.file.copy seems not to be recursive, how to recursively copy a local dir?
11:49 pcdummy Sylvain31: "cp -pfr /from /to: cmd.run:" ?
11:50 pcdummy works only on Unix though.
11:50 Sylvain31 of course, no salt buildin, I mean.
11:50 Qlawy Sylvain31: doing file.managed without trail / should work
11:50 Sylvain31 Qlawy: but the source will be on the master right?
11:51 Sylvain31 it's minion to itself
11:51 Qlawy oh
11:52 hemebond Hmm, it doesn't seem possible at all to target on multiple conditions.
11:53 hemebond Or perhaps I'm just reading the docs incorrectly.
11:54 hemebond arnaud: Sorry, I think I read the docs wrong.
11:54 hemebond I think it is possible.
11:54 hemebond As pcdummy suggested.
11:54 arnaud by using -C ?
11:54 arnaud G@ for grains
11:54 hemebond Yeah
11:54 arnaud but what for group ?
11:54 hemebond Oh, my bad. I forgot about that part.
11:54 hemebond Yeah, new group.
11:54 arnaud there is not 'selector' for group
11:55 hemebond Yeah, groups are like an alias for a target.
11:55 arnaud yeah, i just have to take my group definition and add someting like "and G@....."
11:55 arnaud I got it!
11:55 pcdummy :)
11:56 DEger joined #salt
11:58 hlub it seems that requiring a SLS works but the corresponding require_in does not.
11:58 pcdummy hlub: you got an example?
12:00 hlub e.g. writing management of samba shares into samba.shares SLS and then using 'require_in: sls: samba.shares' elsewhere in the state that installs samba.
12:03 teryx510 joined #salt
12:05 flowstate joined #salt
12:06 teryx5101 joined #salt
12:12 kawa2014 joined #salt
12:15 iceyao joined #salt
12:23 catpig joined #salt
12:25 Qlawy http://wklej.org/hash/0d9166e78fa/
12:25 Qlawy any ideas why salt does not see winrepo packages?
12:26 Qlawy I have minion 2016.3.1 (or sth) so I suppose it shoudl use winrepo-salt-ng
12:27 Qlawy pkg.refresh_db return nothing oO
12:27 DEger joined #salt
12:29 colegatron_origi joined #salt
12:30 hemebond Does winrepo use pkg now?
12:34 Qlawy https://docs.saltstack.com/en/latest/topics/windows/windows-package-manager.html
12:34 Qlawy as of this: yes
12:34 west575 joined #salt
12:37 fredvd joined #salt
12:41 gh34 joined #salt
12:42 Sylvain31 how are gid uid number collision handled (or not) by salt for creating new user:group?
12:44 Qlawy perhaps you will get "uid/gid" already exists
12:45 dumol joined #salt
12:45 Sylvain31 ok, so the idea it to set the value, let it fail if it happen, then change itk
12:46 colegatron_origi joined #salt
12:47 dumol hi everyone! i'm running into an unexpected problem, i get the error "Specified SLS 'services.ca' in environment 'base' is not available on the salt master" on a base env that used to work, we use a git repo for it and now even master or previous instances of master return this error
12:48 dumol at some point i have deleted the pillar/services/ca.sls in one branch, but have since checked it out again, still no luck with the branch or master
12:48 dumol any ideas to try?
12:48 Sylvain31 dumol: salt '*' saltutil.sync_all ?
12:51 dumol wow, it worked! gotta check out what it does, in three years of working with salt have never run into this problem afair
12:51 dumol Sylvain31: big thank you!
12:52 ninjada joined #salt
12:53 DEger joined #salt
12:57 babilen Sylvain31: Why do you assign a UID/GID at all if it is not standardised?
12:57 teryx5101 joined #salt
12:57 ronnix joined #salt
12:58 Sylvain31 babilen: I didn't assign it, I let it the OS decide… just to know…
13:00 Sylvain31 dumol: you're welcome. "salt 'minion' state.highstate" do some magic sync for you, I don't know exactly what, pillar I'm sure, but not state.apply somestate
13:01 emaninpa joined #salt
13:01 fracklen Sylvain31: If you're using NFS to share data between minions, it might be "practical" that uids/gids are consistent
13:03 teryx510 joined #salt
13:03 Sylvain31 fracklen: sure, but my question was: "how are gid uid number collision handled (or not)"
13:03 fracklen ahh - sorry
13:08 DammitJim joined #salt
13:09 DammitJim do any of you do ubuntu updates through salt
13:09 babilen What would you ask this hypothetical person?
13:10 DammitJim because I don't know if this is something I should be looking at
13:10 DammitJim I have a bunch of servers that need to be updated and salt could make it easier
13:10 DammitJim yet, there are some pecularities for performing updates
13:11 babilen I run updates with salt all the time (on Debian though)
13:11 DammitJim oh ok
13:11 DammitJim cool
13:11 DammitJim what do you do when apt would normally ask you if you want to replace a file like smb.conf?
13:15 babilen Noting, salt simply assumes that you want to keep the old one (and given that changes are only introduced through salt you'd manage those files anyway)
13:15 babilen *Nothing
13:15 babilen It runs in non-interactive mode
13:15 DammitJim oh ok
13:15 squishypebble1 joined #salt
13:15 DammitJim got it
13:15 DammitJim so, in my case, if I wanted to get the maintainer's version, I should add those to salt (even though in the past I wasn't managing them)
13:15 dumol Sylvain31: i'll keep that in mind, perhaps highstate on a minion with few states would have solved this… running highstate on the main server is something i rarely do, as it takes alot of time and usually something breaks :-]
13:16 DammitJim is there a way for salt to perform the update and take the maintainer's version?
13:16 DammitJim then I can run highstate (there are some packages I want the system to upgrade from the maintainer, but there are some I want to keep managing)
13:17 babilen DammitJim: You'd get the maintainer version if the file has not been changed by you. Changes are being done by salt so you'd manage those files .. you just have to stop editing files manually on the minion
13:18 DammitJim so, if I haven't made changes to /etc/pam.d/common-auth
13:18 DammitJim an update would take in the maintainer's version of that file?
13:19 racooper joined #salt
13:19 sfxandy joined #salt
13:20 babilen It would, yes
13:21 DammitJim but /etc/samba/smb.conf wouldn't be updated since I am managing it through salt?
13:21 babilen You'd get the newest version of the file unless you made changes to the file in that past
13:21 dyasny joined #salt
13:21 DammitJim weird
13:22 babilen Why is that weird?
13:22 sfxandy hi everyone.
13:22 DammitJim babilen, let me do a test... I thought it still kept /etc/pam.d/common-account instead of getting it from the maintainer
13:22 sfxandy ok so I know I can call an execution function from within a state i.e. salt['network.ip_addrs'] .....
13:22 DammitJim I know I'm not managing that specific file, but I am installing the package through salt indirectly (it's needed for something else)
13:23 sfxandy but how do I pass a parameter to it?  cant seem to get the syntax quite right
13:23 babilen DammitJim: It has to be completely untouched by anything
13:24 DEger joined #salt
13:25 DammitJim so, it could be something other than file.managed?
13:26 adulteratedjedi joined #salt
13:26 cyborg-one joined #salt
13:29 Sylvain31 sfxandy: {% set dest = salt['file.basename'](d) %} for https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.file.html#salt.modules.file.basename
13:31 rem5 joined #salt
13:31 babilen DammitJim: If you login to your box and edit the file it won't be replaced either
13:32 DammitJim yeah, I haven't manually edited these guys that I can remember... I don't even know what these files do
13:32 M-liberdiko joined #salt
13:33 sfxandy Sylvain31, ok i've tried that.  so the function in particular I'm interested in is network.ip_addrs ... which can take in some parameters (interace, include_loopback, cidr or type).  so how would I specify - for example - cidr?
13:34 babilen Salt really doesn't factor into it .. if Debian would normally ask salt would default to "keep the old version" while you'll get newer versions as normal
13:34 DammitJim alright
13:34 DammitJim I'll dig through this and see what I can find
13:34 babilen sfxandy: You'd pass it as keyword argument -- salt['foo.bar'](cidr='foooo')
13:34 DammitJim I might end up just doing manual updates this time around
13:35 sfxandy ok, babilen, swear I've tried that approach.... let me re-test quickly
13:35 babilen sfxandy: But then, I'd use the salt-mine anyway
13:36 jken joined #salt
13:36 jken Hello, for some reason today non of my salt-minions are returning? test.ping does not even work. Does anyone know what might cause this to start happening?
13:36 sfxandy yeah i know babilen
13:37 jken I accidentally installed salt-minion on the salt master yesterday, but I didn't accept its key, could that have something to do with it?
13:37 babilen jken: It is quite common to install a salt-minion on the master
13:37 bluenemo joined #salt
13:38 jken babilen, huh, any other reason all of my salt minions would stop returning anything then?
13:39 flowstate joined #salt
13:39 goudale joined #salt
13:39 goudale hi all
13:39 goudale how can I run multiple execution modules in a single salt call ?
13:40 goudale ie, i'm looking for something like `salt 'minion*' file.remove /path/to/file, state.apply`
13:40 babilen jken: I have no idea, anything in their logs or in the master logs? Does the master see them ? Can you communicate by other means between master and minions?
13:40 babilen jken: (and so on .. but I'll be afk for a short time)
13:40 babilen goudale: You could use a state!
13:40 DEger joined #salt
13:41 goudale babilen: ofc, but it's a one-shoot, so writing a state seems a bit overkill
13:43 Xenophon1 goudale: a shell script
13:43 goudale ( =
13:43 Xenophon1 seriously
13:43 goudale let's say I want to batch the job on a single minion one at a time; `salt -b 1 'minion*' file.remove /path/to/file, state.apply`
13:44 Xenophon1 what are you trying to accomplish?
13:44 goudale I need to `state.apply` the same host I just `file.remove`
13:44 Xenophon1 i don't remember what state.apply is, so hold on while i rtfm
13:45 goudale state.apply is state.highstate
13:45 Xenophon1 oh that's neat
13:45 goudale My goal is; Removing a file, then highstate, one host at a time.
13:45 Xenophon1 ok so why don't you do file remove on all of your minions first
13:45 Xenophon1 then do the highstates?
13:45 Xenophon1 what's stopping you from doing it in that order?
13:45 tapoxi joined #salt
13:46 goudale remove the file implies a downtime
13:46 goudale removing*
13:46 goudale however, my minions are load balanced, so I'm can do delete then highstate one minion at a time without impacting the uptime
13:47 c4t3l goudale: chaining the commands together on the cli is no good?  ie salt 'hosts' cmd1 && salt 'hosts' cmd2
13:47 Xenophon1 goudale: this is what i'd do
13:47 sfxandy babilen, take your point about using salt mine but I want to return more than one value from my salt mine call.  the idea is I want to create a pillar structure with the info I need, then return that via the salt mine.  so far I have this (and yes I am using PillarStack)
13:47 Xenophon1 i'd add a new SLS called "temp_remove_file.sls"
13:47 sfxandy https://www.refheap.com/121424
13:47 Xenophon1 and modify top.sls so that it runs before everything else
13:48 Xenophon1 and then just do state.apply on your minions one at a time, salt -b 1 'minion*' state.apply
13:48 goudale c4t3l: that would delete the file on all host (implying downtime), then highstate on all
13:48 c4t3l ah.  I missed that bit
13:49 * Xenophon1 wonders why his irc nic is screwed up
13:49 goudale Xenophon1: yes I have this solution, but that's a lot of overhead imo
13:50 XenophonF i don't know what to tell you
13:50 c4t3l goudale: why not just old school forloop it?  ie for server in $(cat serverlist) ; do salt $server cmd1 ; salt $server cmd2 ; done
13:51 XenophonF if you want to remove a file before all the other states run, that's how you do it
13:51 c4t3l that would do the remove then highstate
13:51 XenophonF add a state to remove the file
13:51 XenophonF make sure it runs first (order matters in top.sls)
13:51 XenophonF run a higstate
13:52 XenophonF there is an alternative
13:52 edrocks joined #salt
13:52 goudale c4t3l: that would indeed do the tricks, but having $serverlist might be a pain for complex matches
13:52 XenophonF it's even uglier than everything else we've talked about
13:52 XenophonF salt -b 1 'minion*' cmd.run 'rm -f /pathname && salt-call state.highstate'
13:52 goudale my ideal solution would be ``salt -b 1 'globbing*' file.remove /path/to/file, state.apply``
13:53 c4t3l XenophonF: that looks like the one!
13:53 goudale we can event ``salt -b 1 'minion*' cmd.run 'salt-call file.remove /pathname && salt-call state.highstate'``
13:53 perfectsine joined #salt
13:53 goudale even* please don't mind all the typos
13:53 XenophonF you can do a lot/really abuse things with cmd.run
13:54 DammitJim babilen, this is probably the most stupid question you'll hear today
13:54 DammitJim do you keep track of all the things you are updating on your servers?
13:55 babilen DammitJim: I send logs to my personal scribes every day who keep the papyrus record up-to-date, yes
13:55 Rumbles joined #salt
13:56 DammitJim oh... I Need me a personal scribe
13:56 tapoxi way better than SSDs
13:56 DammitJim it's strange... my master logs aren't working :(
13:56 babilen DammitJim: But as an actual answer: We are not collecting that information externally, but rely on /var/log/apt/history.log* for this
13:57 babilen Which is something that should probably get addressed
13:57 DammitJim thanks man... I really appreciate this info
13:58 c4t3l does anyone know if gpg pillar works with ext_pillar (ie etcd).  I've been trying for days to get things working, but it only seems to work with file-based pillars
13:59 M-cpt joined #salt
13:59 M-MadsRC joined #salt
14:00 msn joined #salt
14:00 msn if i delete the master's keys would they be regenerated on the next master restart?
14:02 danielcb joined #salt
14:02 goudale msn: you mean; the same key ?
14:02 AndreasLutro c4t3l: I think you'd have to code in the gpg decryption in the external pillar code
14:02 msn goudale: not the same key but a new key i hope
14:03 goudale msn: you would have to reaccept all the minions I think
14:03 msn cool that's awesome
14:03 goudale msn: do not take it for words
14:04 c4t3l AndreasLutro: I can take a peek at the codebase... I'm no programmer, but I would love to see this work without having to set up a file pillar or git pillar
14:04 AndreasLutro c4t3l: I wouldn't count on it working out of the box
14:04 msn I want to create a salt "VM Image" which has new master keys when instantiated
14:04 AndreasLutro unless the etcd pillar documentation tells you how to use gpg encryption, I'd assume it's not available
14:04 AndreasLutro but I could be wrong!
14:05 tapoxi msn: for development or production
14:05 barmaley joined #salt
14:05 msn prod
14:07 c4t3l AndreasLutro: understood.  it currently does not exist.  I'll see what I can dig up.  I guess most ppl are using file based pillars for this purpose?
14:07 tapoxi sorry I thought you were talking about pre-seeding keys for a minute msn
14:07 tapoxi yeah master should regen keys
14:07 msn that would be perfect
14:08 tapoxi someone mentioned pillarstack, is that an ext_pillar that has better merging options essentially?
14:08 msn this is going to sound odd but I am starting to think gitfs is easier then file base
14:11 stack joined #salt
14:11 msn so here is another key question
14:12 DEger joined #salt
14:12 msn lets say i want to salt the salt master to pull the file_roots when it comes up and for that I configure th salt-minion keys , then remove the salt master keys, when the master comes back up again will the minion still be accepted?
14:12 ralish_ joined #salt
14:14 ajw0100_ joined #salt
14:15 TheBall joined #salt
14:16 akitada joined #salt
14:16 msn nvm realised something
14:16 msn thanks for the help
14:19 nyx joined #salt
14:19 flowstate joined #salt
14:20 nlb joined #salt
14:28 ajv joined #salt
14:28 fannet joined #salt
14:28 whitenoise joined #salt
14:28 DEger joined #salt
14:29 p3rror joined #salt
14:29 babilen Does somebody know what replaced doc/index.rst as "landing page" in the Salt Documentation
14:33 west575_ joined #salt
14:37 bowhunter joined #salt
14:39 jken I accidentally installed salt-minion on my salt master and now all of my other minions show offline. Does anyone know whats up?
14:40 impi joined #salt
14:41 khaije1 jken: there's something else going on there. Installing the minion on the master alone wont cause other minions to appear offline.
14:41 jken khaije1, any idea what would cause all of my minions to go offline then?
14:42 c4t3l jken: offline minions could be caused by key change on master.   What do your minion logs say?  Better yet, you could run salt-minion -l debug and check the output there
14:43 jken Run that on a minion or on the master c4rc4s ?
14:43 jken c4t3l, *
14:43 khaije1 jken: I agree w/ c4t3l's response
14:43 c4t3l run that command on one of the minions
14:43 manji joined #salt
14:44 khaije1 FWIW, I've noticed that when I'm running a multi-vm test of salt over wifi, some AP's using "isolation" which causes them to be unable to communicate w/ each other.
14:44 jken c4t3l, this is all it gives me http://pastebin.com/Tqc9Pkkn
14:44 zmalone joined #salt
14:44 jken c4t3l, then times out after 60 seconds
14:45 DEger joined #salt
14:45 c4t3l jken:  I would check any firewall rules and routing at this point
14:47 babilen jfindlay: Do you, by chance, happen to know what might have replaced doc/index.rst as landing page in the documentation (cf. a424c38f5dcd07363d4bcd8bd33206a133a39b86) or where I could find sphinx code for https://docs.saltstack.com/en/getstarted/ ?
14:48 babilen jfindlay: I might have to ship https://docs.saltstack.com/en/latest/contents.html as landing page otherwise, but would like a "friendlier" landing page
14:49 tapoxi joined #salt
14:50 tapoxi anyone know a text editor for salt? I've been using atom, but the yaml syntax highlighter gets confused when I start adding jinja
14:51 mariusv joined #salt
14:53 shorty_mu joined #salt
14:54 khaije1 tapoxi: I
14:54 shorty_mu Hello everybody. Is there a "Salt"-way to unique a Jinja list? The only other  way would be AFAIK to use a dict instead.
14:54 tapoxi khaije1 wha
14:54 khaije1 I'm happily using Emacs, just added a snippet to have *.sls recognized as YAML
14:55 zmalone_ joined #salt
14:55 goudale same here
14:55 tapoxi yeah I'll probably jump to vim
14:56 tapoxi I've never used emacs so the thought sounds daunting
14:56 khaije1 also, I'm able to use org-babel to write and test CLI states
14:56 khaije1 well, write and execute
14:57 khaije1 tapoxi: it's important to know how to get around comfortably in both. If you dont already have that knowledge, it makes sense to give both a try
15:00 DEger joined #salt
15:06 orionx joined #salt
15:10 sfxandy joined #salt
15:14 zlittle joined #salt
15:16 sfxandy is there anyway to return more than one function via the salt mine and be able to reference them perhaps in dictionary form?
15:17 sfxandy i.e. I would like to return several bits of information via salt mine but done want to have to have separate function aliases for each item of information.
15:20 nyx joined #salt
15:22 corichar joined #salt
15:23 mohae joined #salt
15:24 beardedeagle joined #salt
15:27 scooby2 joined #salt
15:29 edrocks joined #salt
15:32 DEger joined #salt
15:32 RedundancyD joined #salt
15:36 ewd84 joined #salt
15:42 Slimmons joined #salt
15:42 Slimmons Having a hard time opening visual programs on a windows minion, details here https://groups.google.com/forum/#!topic/salt-users/jF2TuKOK-Wo
15:46 krymzon joined #salt
15:50 krymzon joined #salt
15:50 roock joined #salt
15:51 Cottser joined #salt
15:51 shorty_mu left #salt
15:55 Sandlayth joined #salt
15:56 feld left #salt
16:03 DEger joined #salt
16:05 krymzon joined #salt
16:06 evilrob joined #salt
16:09 GnuLxUsr joined #salt
16:09 mephx joined #salt
16:11 jfindlay babilen: https://github.com/saltstack/salt-get-started
16:18 felskrone joined #salt
16:20 DEger joined #salt
16:23 mavhq joined #salt
16:24 goudale joined #salt
16:25 tapoxi joined #salt
16:27 onlyanegg joined #salt
16:29 jorian joined #salt
16:33 ageorgop joined #salt
16:36 DEger joined #salt
16:37 amcorreia joined #salt
16:39 woodtablet joined #salt
16:40 iggy tapoxi: there's a plugin for atom to do yaml+jinja... it's not perfect, but it's pretty good
16:40 tapoxi iggy awesome, know what its called?
16:42 deus_ex1 joined #salt
16:44 west575 joined #salt
16:46 impi joined #salt
16:48 corichar joined #salt
16:50 west575_ joined #salt
16:51 DEger joined #salt
16:59 mohae_ joined #salt
17:03 flowstate joined #salt
17:05 edrocks joined #salt
17:06 totte joined #salt
17:06 totte joined #salt
17:10 totte joined #salt
17:12 Guest33195 left #salt
17:17 pfallenop joined #salt
17:18 ronnix joined #salt
17:18 nyx joined #salt
17:20 west575 joined #salt
17:23 DEger joined #salt
17:25 cabach joined #salt
17:25 Edgan joined #salt
17:26 toastedpenguin joined #salt
17:29 toastedpenguin anyone used salt on windows hosts to download & unzip an archive and execute a batch file?
17:30 toastedpenguin that was in the archive
17:34 Rumbles joined #salt
17:34 totte joined #salt
17:39 DEger joined #salt
17:40 alvinstarr joined #salt
17:44 ajw0100 joined #salt
17:55 DEger joined #salt
17:56 bowhunter joined #salt
17:57 ryan8403 joined #salt
18:00 aharvey joined #salt
18:01 tapoxi joined #salt
18:01 tapoxi any salt greybeards have thoughts on state & pillar organization?
18:02 ageorgop joined #salt
18:04 tapoxi right now each env gets its own directory, and pillar data exists in there. I have 20-ish pillars and corresponding states for different machine roles, and a 'base.sls' for each. using jinja in each pillar to set things like different ips for a specific datacenter etc
18:04 tapoxi curious about other approaches
18:05 liskl_ joined #salt
18:05 ajw0100_ joined #salt
18:06 c4t3l tapoxi:  that sounds very complex
18:06 GreatSnoopy joined #salt
18:07 MindDrive joined #salt
18:09 deus_ex joined #salt
18:09 c4t3l i use etcd key/value store for pillar.  There is no need to worry about top.sls as the pillar is matched agasint minion_id.  etcd is fed from our asset management system which contains role data, IPs and the like
18:09 cabach hi, does someone know how to properly include templates into pillar sls files without including context? I did {% include "filename" %} which works does properly include the template and substitutes variables with the current context. The problem is that I don't know how to properly indent the inclusion without getting a key collision. Here is the template https://gist.github.com/anonymous/1db1ed4f453002b2224f73d0660b4c1e
18:10 dps left #salt
18:11 cabach @ tapoxi use gitfs and name branches after your envs to separate them
18:11 ryan8403 joined #salt
18:11 aphor joined #salt
18:15 stack is there something like salt that also handles the inverse state? by deleting configurations and such
18:15 aharvey joined #salt
18:18 cabach here is the file with the context where I try to include the template to substitute the variables, https://gist.github.com/anonymous/8c51223aca39a3d134bee5ed0acdb737
18:19 cabach @stack, yes you can use state execution modules or write your own to check for absent configurations and possibly remove them
18:20 dumol joined #salt
18:22 Netwizard joined #salt
18:23 cabach for example user.absent ensures that the named user is absent
18:23 aphor I have a problem, and I'm not sure which way to go: I'm trying to call salt.cloud.clouds.ec2 to create additional EBS volume(s) for existing VMs against a cloud provider that only partly implements the AWS REST API (sadly not create_attach_volumes).
18:24 stack cabach: not really what I intended
18:24 stack doing changes from one state to another let me forces to write partial changes to the previous state to let the world be consistent
18:25 stack or maybe I should use something like docker and rebuild everything for scratch every time, this is not really suitable
18:26 aphor stack: file.blockreplace can make incremental changes to a file.
18:27 DEger joined #salt
18:27 aphor stack: you can even do one state to check if the configuration is already working, and only execute the file.blockreplace if necessary, via requisites.
18:27 aphor stack: which would allow you to leave a fugly but working config untouched.
18:29 CeBe joined #salt
18:31 goudale joined #salt
18:32 cabach @stack, yes you should probably look into using snapshots with vms
18:33 kennyd joined #salt
18:36 Cottser joined #salt
18:37 corichar joined #salt
18:41 jfindlay toastedpenguin: should be possible with two states
18:42 edrocks joined #salt
18:43 hasues joined #salt
18:43 DEger joined #salt
18:45 dyasny joined #salt
18:46 jfindlay cabach: I'm no expert on all the ways jinja and yaml files can import/include, but what I usually do is `{%- import 'file.jinja' as data %}` and then use it as `home: "/usr/local/home/{{ data.usr }}"`
18:47 west575_ joined #salt
18:48 aphor joined #salt
18:50 onlyanegg joined #salt
18:53 racooper joined #salt
18:53 racooper joined #salt
18:55 orion joined #salt
18:56 orion Hi. I use Let's Encrypt for my load balancers. I have many load balancers, but the key/cert should be the same across all of them. Therefore, it seems logical that I run the Let's Encrypt client, certbot, on the salt master.
18:56 Rumbles joined #salt
18:56 orion What salt features can I take advantage of to help automate the certificate renewal process?
18:56 cabach @jfindlay : yes, but I am trying to substitute a variable in the pillar template with the context of the file where the template will be used. Is this possible with a jinja template?
18:57 orion After certbot renews the cert, I want salt to automatically push it to the load balancers.
18:57 iggy I never figured out a good way to do that...
18:57 orion Is there a feature for this?
18:57 lero joined #salt
18:57 POJO joined #salt
18:58 orion Events? Reactor?
18:59 jfindlay cabach: I'm not sure as I've never tried that before
19:00 iggy orion: what kind of authenticator are you using?
19:01 orion iggy: Great question! I am writing my own. :)
19:01 * iggy backs away slowly
19:02 iggy so my problem was I was using the webroot authenticator and you can't really do that from the master
19:02 orion Indeed.
19:02 iggy if you can figure that part out though... easy enough to write the cert into pillars and then run a state on the LBs to install the cert from there
19:03 orion The other problem is that you don't have control over which load balancer the ACME server hits.
19:03 aphor You could put cert file paths in grains, and then mine the expiration dates or beacon expiration warnings...
19:03 iggy certbot has hooks iirc
19:03 ajw0100 joined #salt
19:03 orion For the sake of this conversation, let's not consider the authenticator.
19:04 orion Let's assume that the certificate has been placed in /etc/letsencrypt/live/... . Can the Event system help me here?
19:05 hasues left #salt
19:06 orion Maybe the cron job can run certbot and `salt 'lb*' event.fire ...` ?
19:06 aphor orion: how does a cert file generate events? Beacons!
19:06 orion I've never used Beacons before. Hmm...
19:07 aphor orion: then reactor picks up the Beacons which have approaching expiry dates, and kicks off an orchestration run to generate and push the new cert.
19:07 aphor .. per expiring cert.
19:07 c4t3l beacons can be configured to watch a file or directory using python-inotify
19:07 cabach orion : did you look at the lets-encrypt formula on github?
19:08 cabach https://github.com/saltstack-formulas/letsencrypt-formula
19:08 orion cabach: I see, but it seems that this merely runs LE on the minion.
19:09 orion This is not acceptable because there are multiple load balancers in my infrastructure. The fresh cert would need to be communicated somehow back to the master and then to the other LBs.
19:09 orion As a result, I find it easier to just run LE on the salt master.
19:10 aphor orion: orchestration runners will make things run on the master.
19:11 cabach I dont know if I understood your problem correctly but should it not be possible to only run this formula on the master and orchestrate, distribute the certs to your load balancers?
19:12 racooper joined #salt
19:12 bowhunter joined #salt
19:13 aphor What if you wrote an external pillar that cached certs, and called out to something like LE to generate certs on cache misses?
19:14 aphor The external pillar's cache expiration policy could be cert expiration minus 7 days or something.
19:15 DEger joined #salt
19:17 orion That's an interesting way of doing it.
19:18 aphor external pillar could even just proxy REST calls to an external cert store service...
19:19 orion aphor: What would cause the pillar to be consulted?
19:19 aphor https://docs.saltstack.com/en/latest/topics/development/external_pillars.html
19:20 orion No, I mean, would a cronjob run highstate every night at midnight or something?
19:20 s_kunk joined #salt
19:20 aphor external pillars that are called when a minion refreshes its pillars
19:20 aphor orion: highstate refreshes pillars.
19:21 orion Right, so what you're telling me is that some automated process (such as cron) needs to refresh the pillars.
19:21 aphor if the box is idle..
19:21 aphor https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.saltutil.html#salt.modules.saltutil.refresh_pillar
19:21 aphor this can also do it without a highstate
19:22 iggy There's not a built-in "check my let's encrypt certs and automatically renew them on one box and then distribute them to another set of boxes" salt feature
19:22 iggy you're going to have to build it yourself
19:22 iggy there are literally 1000s of ways you can do that
19:22 orion iggy: "renew them on one box" <-- that one box is the salt-master to keep things simple.
19:23 iggy doesn't matter... my point remains
19:23 aphor orion: it's pretty simple, but not everyone wants to do exactly what you want.
19:24 orion I think an inotify beacon and reactor setup would be easiest.
19:24 ajw0100 joined #salt
19:25 aphor orion: if you did the external pillar method, all expiring certs would get updated on the master when you do a "salt '*' saltutil.refresh_pillar"
19:25 aphor or you could do both...
19:26 aphor minions decide when their certs are too old, and the master decides which minions get what in which certs (external pillar).
19:28 KingJ joined #salt
19:28 aphor I'm not sure I'd want my salt master to be a certificate store for a lot of stuff though. I'd want a clear path to migrate that data off my master even if I didn't start that way.
19:29 ageorgop joined #salt
19:31 DEger joined #salt
19:31 Rumbles joined #salt
19:36 tapoxi joined #salt
19:40 blu_ joined #salt
19:45 MTecknology I forgot... does .split() work inside {% %}?
19:46 MTecknology I struggle remembering what jinja does and does not let me do. :(
19:47 ronnix joined #salt
19:48 iggy that's not jinja, and it depends
19:50 ruxu joined #salt
19:50 MTecknology I don't even know which parts are jinja!
19:50 MTecknology apparently.. I thought anything inside {. .} was jinja
19:51 nyx joined #salt
19:53 lero joined #salt
19:53 iggy that's python string functions (when what you're messing with in {% %} is a string
19:53 iggy which is why I said it depends
19:54 iggy MTecknology: basically... need more context to effectively answer that, but try it and see?
19:54 Rumbles joined #salt
19:54 MTecknology ah
19:55 MTecknology that makes sense and answers my question, actually.. :P
19:56 MTecknology iggy: thanks!
19:59 iggy anytime :)
19:59 aw110f joined #salt
20:01 rem5 joined #salt
20:02 TOoSmOotH joined #salt
20:02 DEger joined #salt
20:07 pid1 joined #salt
20:08 tmkerr joined #salt
20:10 jhauser joined #salt
20:11 toastedpenguin1 joined #salt
20:13 catpig joined #salt
20:14 lero joined #salt
20:19 DEger joined #salt
20:25 toastedpenguin joined #salt
20:25 aharvey joined #salt
20:28 bowhunter joined #salt
20:28 KajiMaster joined #salt
20:41 patarr joined #salt
20:42 TOoSmOotH joined #salt
20:46 valmach joined #salt
20:47 valmach Hey.. Im searching for a trusty Ubuntu Image of Salt.. Anyone
20:48 jfindlay valmach: https://repo.saltstack.com/#ubuntu (click on "Trusty")
20:51 ageorgop joined #salt
20:51 DEger joined #salt
20:57 valmach Cheers,
20:58 quup left #salt
20:58 valmach but these commands don't work
20:59 Slimmons any idea why, on a windows 7 salt-minion, if I run salt '*' cmd.run 'echo %username%' it would return the hostname?  I was just trying to see who salt-minion was running as.  I'm sure there's an easier way, but I found that odd
21:00 valmach just want a VB image..
21:01 TOoSmOotH joined #salt
21:02 jfindlay valmach: I don't know of any images available, but if ubuntu 14.04  is what you want, starting with a vanilla image and running through those steps will get you the same thing
21:02 viq valmach: "image of salt" ?
21:02 flowstate joined #salt
21:02 deniszh joined #salt
21:03 jfindlay Slimmons: is your username the same as your hostname? :)
21:03 Slimmons lol, that's the first thing I thought.
21:03 Slimmons nope
21:03 viq valmach: also check out https://github.com/UtahDave/salt-vagrant-demo
21:03 Slimmons i don't have a user that has the same name
21:03 Slimmons jfindlay: it returns "myhostname$"
21:03 Slimmons the dollar sign at the end was also confusing
21:03 Slimmons i thought, maybe it's trying to return the hostname with the username attached, but salt is only returning the hostname?
21:03 Slimmons not sure
21:03 Slimmons kinda weird
21:03 jfindlay yeah
21:04 Slimmons but, when I go to the actual machine, and run the same command, it doesn't return the hostname first, just the actual username
21:04 Slimmons "aliens"
21:05 jfindlay I wonder if something strange is going on with the env
21:05 jfindlay can you locate the actual command run in the minion debug log?
21:05 jfindlay or even try `salt-call.exe --local cmd.run 'echo %username%'`
21:05 jfindlay see if that gets the same thing
21:06 saltymcsalterson joined #salt
21:06 Slimmons actually, your first hunch was right
21:06 Slimmons something weird with env
21:06 Slimmons i echo'd all env variables
21:06 Slimmons and sure enough, somehow username=hostname
21:06 Slimmons this is a fresh image btw, nobody has touched it
21:06 Slimmons "aliens"
21:07 saltymcsalterson hey, can anyone point me at an example of using file.move?  The docs are rather skimpy on it, so I'm not certain what the params are when putting together my state.
21:07 nZac joined #salt
21:08 Slimmons first of all, awesome name
21:08 saltymcsalterson I know, right?
21:09 Slimmons isn't it just salt '*' file.move src dest?
21:09 saltymcsalterson I came across file.move, but hunting down the params for it in a state is either just straight-up simple or just not documented.
21:09 Slimmons not sure it exists in state
21:09 Slimmons i only see it for module
21:09 Slimmons will file.managed work?
21:09 saltymcsalterson hmm.
21:09 saltymcsalterson maybe/
21:09 Slimmons appears to be the same thing
21:09 saltymcsalterson s/\/?/
21:09 Slimmons but file.managed can do a lot more
21:09 saltymcsalterson mayhaps
21:09 Slimmons keep in mind, I'm pretty new to salt
21:09 saltymcsalterson me too
21:10 Slimmons but I use file.managed to move stuff around
21:10 saltymcsalterson I'm more of a chef guy, but new company is using salt.  So, I'm having to get salty.
21:10 Slimmons https://docs.saltstack.com/en/latest/ref/states/all/salt.states.file.html
21:10 Slimmons that first example
21:10 Slimmons on the page
21:11 Slimmons is pretty good.  If you just leave out everything under --mode: it's a really basic example, just like file.move
21:12 LotR a chef would be pretty lost without salt ;)
21:12 Slimmons soooo deep
21:12 Sandlayth left #salt
21:12 jfindlay Slimmons: nice
21:12 saltymcsalterson Ahh, I see.  Can the source be on the minion instead of a file root?  I'm moving things around on the minion in preparation for managing the deployments.
21:12 saltymcsalterson +1
21:13 jfindlay I meant about aliens, but the salt thing is good too :-)
21:22 DEger joined #salt
21:29 Rumbles joined #salt
21:30 rem5 joined #salt
21:30 valmach @viq.. Cheers,
21:32 Llmiseyhaa saltymcsalterson: By the by, execution modules (stuff called from the 'salt' cmdline) tend to be named with an imperative -- ie, 'cmd.run' or 'file.move' while state modules (things that work in state files) tend to be named with declarative formats (ie, 'file.managed' or 'service.running')
21:32 Llmiseyhaa So if something sounds like you're giving an order, it's an execution module.  If something sounds like you're declaring how it should be, it's a state module. (=
21:36 tapoxi joined #salt
21:37 Slimmons saltymcsalterson: If I had a file on the minion, and wanted to move it somewhere else on the minion, I would just use cmd.run probably, but there may be a way to do it with file.managed
21:37 Slimmons but I've never done that.
21:37 jfindlay Llmiseyhaa: that's a great way to describe it
21:38 Llmiseyhaa Look up MinionFS
21:38 Llmiseyhaa That's how you can grab files from a minion
21:38 DEger joined #salt
21:39 Llmiseyhaa https://docs.saltstack.com/en/latest/topics/tutorials/minionfs.html
21:39 jfindlay Slimmons: file.copy will move a file will copy a file already located on the same minion
21:39 jfindlay not move, copy, duh
21:40 Slimmons there we go
21:45 Slimmons I have a cmd.script, that when I don't specify a username/pw, it runs fine as the user running salt-minion, but when I specify a username password, it errors with only retcode: -1073741502.  The logs, nor salt debug show anything other than the retcode
21:45 Slimmons works fine when I don't specify username/pw, but when I use the username/pw (of the same user it's already running as) fail.
21:47 MTecknology init.sls loads a .jinja file with a macro which calls two other jinja files, each with their own macro, builds a list of stuff, and doesn't work correctly
21:48 rem5 joined #salt
21:50 flowstate joined #salt
21:50 felskrone1 joined #salt
21:51 saltymcsalterson So, what about doing the move contextually, based on the type of file.  Case in point, /path/to/file is either a real file (which needs to be moved), or a symlink (new way of keeping the file on disk, so it doesn't need to be moved.)
21:51 jhauser joined #salt
21:51 saltymcsalterson #managingslowflakes
21:53 saltymcsalterson Does file.managed have the ability to do something only if the file meets a certain criteria?
21:53 Slimmons jinja
21:53 Slimmons you're going ot need some jina
21:53 Slimmons jinja*
21:53 Slimmons conditionals in your state
21:54 saltymcsalterson So, jinja interpretation happens on the master or minion?
21:54 Llmiseyhaa master
21:54 Slimmons https://docs.saltstack.com/en/latest/topics/tutorials/states_pt3.html
21:54 Slimmons there's a good templating tutorial for states
21:54 saltymcsalterson which means I don't have contextual information about the box at the time of the jinja render.
21:55 Slimmons you could get the data first
21:55 Slimmons like
21:55 Slimmons idk
21:55 DEger joined #salt
21:55 Slimmons maybe set in pillar?
21:55 Slimmons someone above me will have to answer this one
21:55 Slimmons on a recommended way to do that
21:55 Llmiseyhaa well, if you use the file.symlink state module
21:56 saltymcsalterson Yea, it's really more of a recommended way I'm looking to do.  Since I'm new to salt, I really don't want to hack together some states and set bad practice.
21:56 Llmiseyhaa it can be set to move the file to a backup location if it already exists
21:56 Llmiseyhaa so that's how I'd do it, use file.symlink
21:56 saltymcsalterson wow!
21:56 saltymcsalterson That's _so_ much better.
21:57 Slimmons yeah, as someone who is pretty new, I can tell you that this place is pretty helpful.  I'm surprised they haven't kicked me out yet.
21:57 saltymcsalterson backupname.  What a good idea.
21:57 Llmiseyhaa It's a bit hackish to use its 'backup' feature to move the file aside
21:57 Llmiseyhaa so comment the heck out of it
21:57 Llmiseyhaa because otherwise you'll look at it and go 'why am I backing this up?!' six months down the road
21:57 Slimmons ^fact
21:57 feld joined #salt
21:57 saltymcsalterson Nah, Slimmons , you have to get your hands dirty to get it done right, eh?
21:58 saltymcsalterson Alright, I'm going to give that a spin.
21:58 Llmiseyhaa One of the key concepts of salt is you're not describing the steps to take
21:58 Llmiseyhaa you're describing the end result and it's supposed to, within its ability, figure out the steps
21:59 saltymcsalterson Very true, but you have to know the lingo so you know the proper incantation to describe the state you want to have.  :-)
21:59 Llmiseyhaa the closer you can steer to that the better your results will be.  If you have specific actions that need to be taken depending on the current state and it's significantly enough different then you may well want to use cmd.run and a script to get everything in line
21:59 Llmiseyhaa the good news with file.symlink here is that it only backs it up if it's a real file/directory, an existing symlink just gets changed rather than backed up from what the docco said
21:59 saltymcsalterson ...which is exactly what I was looking to do.
22:00 Llmiseyhaa yup, that's why I thought of it (=  As I said, the good news here
22:00 Llmiseyhaa (Do double check in the docco for yourself; I openly admit I could be misremembering. =)
22:00 saltymcsalterson Looking at it now.
22:00 saltymcsalterson Thanks, everyone.
22:00 Llmiseyhaa Notta problem
22:02 nyx joined #salt
22:02 Slimmons np, good luck
22:06 nZac joined #salt
22:06 manji joined #salt
22:08 manji joined #salt
22:10 DEger joined #salt
22:16 manji joined #salt
22:17 orion For inotify beacons, the docs say I need to install python-inotify, but no such package exists on Ubuntu.
22:17 iggy be creative
22:17 iggy or pip install it
22:17 orion There is python-inotify and python-inotify however. Are either of those the same thing?
22:18 manji joined #salt
22:20 iggy those are both the exact same thing
22:21 aharvey joined #salt
22:22 MTecknology iggy: Can I do anything like  salt['node_cfg.get']('use_ldap', default=False)  in a custom_grain?
22:23 MTecknology dunno why I added the extra character
22:25 iggy MTecknology: __salt__
22:25 iggy https://docs.saltstack.com/en/latest/topics/development/dunder_dictionaries.html
22:26 MTecknology whew, that's sexy
22:27 orion Does salt 2016.3.1 run on python or python3?
22:28 DEger joined #salt
22:32 Rumbles joined #salt
22:32 nZac joined #salt
22:38 bbradley joined #salt
22:39 KajiMaster joined #salt
22:39 bbradley joined #salt
22:40 keimlink joined #salt
22:40 XenophonF hi are there any committers for saltstack-formulas/salt-formula around?
22:40 XenophonF i'd like to see about getting https://github.com/saltstack-formulas/salt-formula/pull/242 merged
22:40 saltstackbot [#242][OPEN] Add support for s3fs | These changes add support for the S3 file server back end as described in https://docs.saltstack.com/en/latest/ref/file_server/all/salt.fileserver.s3fs.html.
22:40 hemebond orion: Python 2
22:42 iggy XenophonF: I don't guess adding you to the org would help (because we'd all jump you in a dark alley if you merged your own PRs)
22:43 goudale joined #salt
22:43 iggy and I'm not logged in on this computer
22:44 babilen jfindlay: Okay, we'll ship the ToC as landing page then. Thank you!
22:44 XenophonF heh
22:45 XenophonF don't let me near apache-formula
22:46 XenophonF i've long planned a series of PRs intended to gut the thing
22:49 CTaylor joined #salt
22:52 manji joined #salt
22:59 ajw0100 joined #salt
23:00 flowstate joined #salt
23:01 aharvey joined #salt
23:01 MTecknology iggy: I guess I don't get __salt__ in that context. Just like the docs say.. :(
23:01 teryx510 joined #salt
23:02 MTecknology maybe it needs to be ext_pillar...
23:03 nZac joined #salt
23:03 edrocks joined #salt
23:03 MTecknology gonna have a chicken/egg problem there too ... :S
23:04 ninjada joined #salt
23:05 ninjada joined #salt
23:07 jfelchner joined #salt
23:11 manji joined #salt
23:25 MTecknology heh...
23:25 MTecknology I always thought pillar data was rendered and pushed down the the minion before anything else. Now that I think about it, that doesn't make sense.
23:25 manji joined #salt
23:26 MTecknology Is there any flow chart that describes the order that states, pillar, ext_pillar, grains, custom_grains, etc. execute?
23:26 west575 joined #salt
23:33 aharvey joined #salt
23:36 XenophonF grains data is available from pillar, right?
23:38 teryx510 joined #salt
23:39 jalaziz joined #salt
23:40 jalaziz joined #salt
23:40 _JZ_ joined #salt
23:41 MTecknology XenophonF: it is, ya, which is why I realized it was silly to think pillar was first, but ext_pillar is after grains
23:42 MTecknology wait...
23:42 MTecknology grains+custom_grains -> pillar+ext_pillar -> states
23:53 mosen joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary