Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2016-08-09

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:00 ssplatt joined #salt
00:00 Edgan scsinutz: I have had to take that approach. I can't wait weeks/months for updated versions that include all patches.
00:01 scsinutz Edgan, which approach did you take?
00:01 Edgan scsinutz: latest version, 2016.3.2, plus patches
00:01 Edgan scsinutz: so my own packages
00:02 Edgan scsinutz: I had six patches for 2016.3.1, and now two for 2016.3.2.
00:02 ZachLanich joined #salt
00:03 ageorgop joined #salt
00:03 scsinutz so you package up the entire salt code base PLUS the patches?
00:03 Edgan scsinutz: I take their src packages, add patches, and rebuild
00:03 Edgan scsinutz: then put it in my private package repos
00:04 Edgan scsinutz: I have also customized for different distro versions. Trusty is one set of patches, and xenial is another set.
00:04 Edgan scsinutz: I also have a packaging fix that I added for xenial
00:05 Edgan scsinutz: The different between trusty and xenial is that xenial uses systemd, so it needs a patch for systemd. Since trusty doesn't use systemd, it doesn't need that patch.
00:06 Edgan scsinutz: Then the packaging difference is they include init.d files, upstart config, and systemd files
00:06 Edgan scsinutz: Which on Ubuntu confuses the init system. So I take out the init.d files from the xenial package.
00:08 alexhayes joined #salt
00:08 kiorky joined #salt
00:09 pipps joined #salt
00:10 schemanic joined #salt
00:11 om joined #salt
00:19 mapu joined #salt
00:30 justanotheruser joined #salt
00:33 mavhq joined #salt
00:44 rylnd ubuntu/debian and salt always feels like a pain
00:44 rylnd unfortunately that is my distribution of choice
00:44 rylnd at work we use centos 6 and 7
00:45 Edgan rylnd: yeah, they can be, but here is a nice fix for a problem I have seen a few times. https://major.io/2016/05/05/preventing-ubuntu-16-04-starting-daemons-package-installed/
00:45 Edgan rylnd: I prefer CentOS/Fedora, but work uses Ubuntu.
00:47 scsinutz joined #salt
00:47 timoguin joined #salt
00:49 rylnd oh that guy who wrote the blog post works a rackspace. a buddy of mine recently went there
00:49 flowstate joined #salt
00:50 scsinutz Edgan: do you test the patched code before packaging it up?
00:52 infrmnt1 joined #salt
00:55 edrocks joined #salt
00:56 mavhq joined #salt
01:01 evidence hmm.. is there no file.absent equiv where you can pass globs and times?  something like tidy in cfengine or a find -name -mtime
01:03 hasues joined #salt
01:03 hasues left #salt
01:03 timoguin joined #salt
01:05 evidence ah file.directory covers half of it with clean and exclude_pat
01:09 Edgan evidence: file.recurse also has clean
01:10 om joined #salt
01:12 evidence Edgan: same issue.. you have exclude_pat, but no args for time
01:12 catpiggest joined #salt
01:12 evidence /var/crash age=30 recurse=0 ignore=bounds,minfree in other CM syntax.. so i can cover the ignore and recurse.. but no age opts
01:21 scsinutz joined #salt
01:29 sagerdearia joined #salt
01:31 cliluw joined #salt
01:46 racooper joined #salt
01:47 ilbot3 joined #salt
01:47 Topic for #salt is now Welcome to #salt! | Latest Versions: 2015.5.11, 2015.8.11, 2016.3.2 | Support: https://www.saltstack.com/support/ | Logs: http://irclog.perlgeek.de/salt/ | Paste: https://gist.github.com/ (please don't multiline paste into channel) | See also: #salt-devel, #salt-offtopic | Ask with patience as we are volunteers and may not have immediate answers
01:49 ssplatt joined #salt
01:49 flowstate joined #salt
01:54 flowstate joined #salt
01:58 mavhq joined #salt
02:06 mpanetta_ joined #salt
02:11 mavhq joined #salt
02:31 scsinutz joined #salt
02:33 bastiandg joined #salt
02:35 mavhq joined #salt
02:49 flowstate joined #salt
02:57 UForgotten joined #salt
02:58 edrocks joined #salt
03:02 stooj joined #salt
03:12 jhauser_ joined #salt
03:15 scsinutz joined #salt
03:16 scsinutz joined #salt
03:26 mavhq joined #salt
03:26 evle joined #salt
03:29 mavhq joined #salt
03:31 guerby joined #salt
03:32 chamunks joined #salt
03:35 mavhq joined #salt
03:36 APLU joined #salt
03:40 fannet joined #salt
03:49 rdas joined #salt
03:50 flowstate joined #salt
03:52 mavhq joined #salt
03:56 cyborg-one joined #salt
03:59 mavhq joined #salt
04:01 fgimian joined #salt
04:02 mavhq joined #salt
04:10 ZachLanich joined #salt
04:11 ZachLanich iggy & hemebond So I've read both the Learning Saltstack v2 & Mastering Salt books, and browsed some others and I've been working hard to come up with a setup that makes more sense and includes some abstractions to allow for future expansion. I'm pretty happy with everything I have written down so far :)
04:18 ZachLanich iggy If you're around, I have a question regarding minion IDs, grains and security, etc.
04:18 ZachLanich Or anyone for that matter
04:19 mavhq joined #salt
04:23 bltmiller joined #salt
04:27 scsinutz joined #salt
04:27 mavhq joined #salt
04:35 chrichip joined #salt
04:37 timoguin joined #salt
04:38 mosen joined #salt
04:43 mavhq joined #salt
04:48 flowstate joined #salt
04:50 mavhq joined #salt
04:52 onlyanegg joined #salt
04:53 stooj joined #salt
04:56 bltmiller joined #salt
04:57 ageorgop joined #salt
05:00 badon_ joined #salt
05:01 edrocks joined #salt
05:01 kshlm joined #salt
05:01 mavhq joined #salt
05:02 ronrib joined #salt
05:04 ivanjaros joined #salt
05:08 beardedeagle joined #salt
05:09 bltmiller joined #salt
05:11 mavhq joined #salt
05:14 happydevel joined #salt
05:15 happydevel #salt-devel
05:19 mavhq joined #salt
05:20 alexhayes joined #salt
05:20 badon_ joined #salt
05:22 POJO joined #salt
05:27 brent_ joined #salt
05:28 badon joined #salt
05:39 zer0def joined #salt
05:40 _rovar_ joined #salt
05:41 fannet joined #salt
05:48 flowstate joined #salt
05:48 bocaneri joined #salt
05:51 felskrone joined #salt
06:00 mavhq joined #salt
06:06 _JZ_ joined #salt
06:07 alexhayes joined #salt
06:10 mavhq joined #salt
06:19 k_sze[work] joined #salt
06:24 antpa joined #salt
06:25 Miouge joined #salt
06:26 etw joined #salt
06:28 pcdummy joined #salt
06:28 cro joined #salt
06:28 rome_390 joined #salt
06:34 mavhq joined #salt
06:42 ivanjaros joined #salt
06:42 mavhq joined #salt
06:48 flowstate joined #salt
06:49 fracklen joined #salt
06:51 fracklen joined #salt
06:51 mavhq joined #salt
06:54 Electron^- joined #salt
06:56 mavhq joined #salt
06:57 west575 joined #salt
07:00 evilRails joined #salt
07:01 mavhq joined #salt
07:04 edrocks joined #salt
07:11 upb joined #salt
07:11 antpa joined #salt
07:11 sagerdearia joined #salt
07:12 Sylvain31 joined #salt
07:15 mavhq joined #salt
07:18 _rovar_ joined #salt
07:21 JohnnyRun joined #salt
07:35 mavhq joined #salt
07:38 Electron^- hello guys... is it possible to add more than 1 role in a top.sls?
07:40 babilen How do you add that one role in top.sls ?
07:40 Elsmo joined #salt
07:40 babilen (roles are not built into salt and whatever you do to implement them is specific to your setup)
07:42 fannet joined #salt
07:43 antpa joined #salt
07:46 iggy !paste
07:46 saltstackbot To paste snippets of code/sls/etc, please use a code paste site, such as: https://gist.github.com or http://refheap.com
07:49 flowstate joined #salt
07:49 Electron^- babilen, I add it including an sls that setup the role... so if I add more role in top.sls the lastsone overwrites the other roles
07:51 Electron^- ok, I found out... the merge is done only with dictionary and not with lists
07:53 antpa joined #salt
07:55 mikecmpbll joined #salt
07:59 fannet joined #salt
08:02 egil joined #salt
08:09 mibr0 joined #salt
08:13 kshlm joined #salt
08:16 Miouge_ joined #salt
08:32 mavhq joined #salt
08:34 jcalero joined #salt
08:35 keimlink joined #salt
08:36 Satyajit joined #salt
08:36 GreatSnoopy joined #salt
08:41 s_kunk joined #salt
08:41 s_kunk joined #salt
08:42 babilen Electron^-: You can merge lists, but I still have no idea how you implement roles
08:49 flowstate joined #salt
08:57 mavhq joined #salt
09:02 Electron^- babilen, with something like that https://gist.github.com/mprenditore/1f9a443e198ed657eaddb59349d9b9ca
09:05 pfc joined #salt
09:06 edrocks joined #salt
09:20 mavhq joined #salt
09:47 flowstate joined #salt
09:48 Sylvain31 hi, I'm generating some 'pillar for formula' from toplevel pillar. I noticed that I should have a syntax verification about the pillar fields I defined and check dependancies. Doing it jinja is painfull, as it is clearly not the template language roles. How could I structure my pillar evaluation to "raise" error before entering in file.mananged template? any suggestion?
09:54 krymzon joined #salt
09:57 sagerdearia joined #salt
09:58 Sylvain31 could be achieved with cmd.call maybe and a basic parser + the requisite between states…?
10:07 sjohnsen joined #salt
10:07 douardda joined #salt
10:07 davromaniak joined #salt
10:08 jessexoc joined #salt
10:08 sw_ joined #salt
10:09 babilen Electron^-: Ist that your pillar?
10:09 N-Mi joined #salt
10:14 lero joined #salt
10:14 rylnd joined #salt
10:26 jcalero joined #salt
10:39 KingOfFools Guys, when Im running salt commands from command line with -l debug I'm able to get python errors and understand what happening. But when I'm running state files i don't see python errors. Anyway I can see em?
10:49 flowstate joined #salt
10:51 mavhq joined #salt
10:57 RandyT joined #salt
11:03 mavhq joined #salt
11:06 flowstate joined #salt
11:06 eichiro joined #salt
11:07 tongpu joined #salt
11:08 amcorreia joined #salt
11:09 rylnd all, i created my own fork of saltstack 2016.3.2. when i install it via salt-bootstrap.sh, everything is fine and a 'salt --version' version reports to 2016.3.2. but when i use salt-pack to package the same version into deb packages, and then try to get the version via 'salt --version' i get 'salt 2016.3.0 (Boron)'. has anyone an idea how salt comes up with the 'wrong' version and where to look first? thanks!
11:09 edrocks joined #salt
11:12 ashmckenzie joined #salt
11:17 Sammichmaker joined #salt
11:18 KingOfFools rylnd: maybe it should apply some patches?
11:20 smcquay joined #salt
11:20 rylnd KingOfFools not really. the version on git is 2016.3.2. it's just packaging
11:25 scavara joined #salt
11:27 scavara anyone has experince in setting up salt-minion on debian lenny?
11:30 Sylvain31 some example how to use state.cmd.call? where to put the python, and how it must be formed?
11:38 Sylvain31 scavara: did you look at https://github.com/saltstack/salt-bootstrap ?
11:42 johnkeates joined #salt
11:44 scavara Sylvain31: yes I did, but this is sort of a last resort option. I have number of small remote location, and some of them are running on lenny and squeeze. I did some tests, and installing minion on squeeze using deb http://backports.debian.org/debian-backports squeeze-backports main
11:44 scavara + squeeze backports from archive.debian.org were successfull
11:45 scavara but if I use the same repos on lenny (+ archive.debian.org/debian squeeze)
11:46 scavara Sylvain31: ...installation goes fine...and comparing salt-call --versions-report are the same
11:46 Sylvain31 so?
11:47 scavara Sylvain31: on both test machines (lenny/squeeze), but one is working and one is not...running salt-minion -l debug shows nothing that would indicate any problems. it looks like it never sends any auth requests to the master
11:48 flowstate joined #salt
11:48 Sylvain31 scavara: I didn't goes deep into salt-bootstrap, but it seems all the code is here, pip or git install are also here…
11:48 Sylvain31 ho…
11:48 Sylvain31 did you check firewall and connectivity to the master?
11:49 Sylvain31 nc -v -z salt.master.ip 4505
11:49 Sylvain31 stuff like that…
11:50 scavara Sylvain31: yup...telneting from minion on master on ports 4505/4506 is OK. listening on master on those ports using tcpdump shows no traffic between minion@lenny and master whatsoever
11:52 scavara Sylvain31: and...in the end, if I do a coplete dist-ugprade to squeeze, after reboot minion starts to communicate with master without any problem
11:53 babilen scavara: Sound as if one of the libraries is outdated (and lenny *really* isn't supported anymore)
11:53 babilen In fact you should burn those boxes with fire
11:54 babilen (or upgrade them to wheezy/jessie)
11:54 babilen "salt --versions-report" might provide some clues
11:55 scavara babilen: output of salt-call --versions-report on the one that is working and on the lenny box are identical
11:56 Sylvain31 scavara: or mixup configuration manangement tools? salt + ansible, or even ssh, or virtualize thoses boxes and drive them from an higher level os, of the hypervisor…
11:56 mavhq joined #salt
11:59 scavara babilen: yes, I agree...should burn them, unfortunately my hands are tied...(i can be more elaborate on this, but it's waste of your time...but you gotta trust me... ;))
12:00 Sylvain31 scavara: what must be automated with salt on those old boxes?
12:00 rylnd ok, i think i found the reason why my packages show the wrong version. there is a file called /usr/lib/python2.7/dist-packages/salt/_version.py that has the wrong version. can someone tell me how this file is generated?
12:00 scavara Sylvain31: no ansible on them
12:01 Sylvain31 I dont know ansible yet, but it have no remote agent
12:02 scavara Sylvain31: they were setup up/provisoned using puppet. Right now I'm experimenting with salt and I like it a lot
12:02 scavara Sylvain31: the last option is to leave them be
12:03 Sylvain31 is there not an agentless version with salt-ssh ?
12:03 johnkeates there is
12:03 johnkeates but it's slow
12:03 johnkeates use a master
12:03 scavara Sylvain31: and to salt only up-to-date machines
12:03 johnkeates don't be THAT guy
12:04 davisj_ joined #salt
12:04 scavara Sylvain31: i'm aware of salt-ssh but I was trying to see if it's possible to run a minion
12:05 Sylvain31 scavara: git version + pip version on the minion may be?
12:05 scavara Sylvain31: will probably try bootstraping
12:05 freelock joined #salt
12:05 Sylvain31 you should look into the code, it seems very complete…
12:06 scavara Sylvain31: OK
12:13 scavara Sylvain31: ...and thank you, of course!
12:14 Sylvain31 if it works… you're welcome.
12:16 TooLmaN joined #salt
12:16 fredrick joined #salt
12:18 DammitJim joined #salt
12:18 fredrick Anyone using salt to manage salt-master with git as the backend?
12:19 babilen I am
12:19 babilen And I'm sure that there are other people also, so: Yes
12:19 fredrick How do you get it to update files?  git hook to state.apply?
12:19 babilen "update files" ?
12:20 babilen I am not using any git hooks .. what are you trying to achieve?
12:20 fredrick so i have a state file for master.d/ and the files under it.  If i make changes to say reactors.sls how to get it to the salt-master
12:20 babilen You run a highstate on the master
12:21 babilen (well on the minion that runs on the master)
12:21 johnkeates you can use salt-call too
12:21 johnkeates on the minion
12:21 babilen Or that
12:21 babilen Doesn't make a difference
12:21 DammitJim I want to
12:21 babilen DammitJim: You have to resist your urges
12:21 fredrick but I want to automate it so I do not have to do anything other than commit to git
12:21 DammitJim why? it's so much better, right?
12:22 Rumbles joined #salt
12:22 johnkeates fredrick: don't do that
12:22 johnkeates git will crash if you have an error
12:22 johnkeates and if you do something destructive you won't know
12:23 babilen fredrick: You could schedule a highstate run ever k minutes
12:23 babilen *every
12:23 Rumbles in one of my state files, I have a for loop, I added an include in that loop, but now I've tested on a server which has multiple runs through the for loop I realise my stupid mistake as the includes conflict, is it possible to call an include something else, so it doesn't conflict, (similar to the way you can call name on most methods to avoid conflicts)
12:24 fredrick Good deal, I was kind of hoping that there was a way in the master config you could tell it pathing.  Thanks.
12:24 mschiff joined #salt
12:25 johnkeates in practise, you shouldn't have to high state all day long, only on changes, and those usually happen on package changes, or product changes
12:25 dendazen joined #salt
12:25 johnkeates if you have a lot of changes, you may want to namespace your cfgmgmt
12:25 fredrick johnkeastes that is why I was thinking of a git hook.
12:26 Sylvain31 how to call a python function with cmd.call?
12:26 einsiedlerkrebs_ joined #salt
12:26 XenophonF that reminds me, i need to take another look at my github webhook/salt reactor setup
12:27 einsiedlerkrebs joined #salt
12:28 einsiedlerkrebs hi there, i have a question about states.iptables.
12:28 ssplatt joined #salt
12:29 XenophonF fredrick: this is what i was working on, https://github.com/irtnog/salt-states/blob/development/salt/files/reactors/github.sls
12:29 fredrick XwnophonF thanks
12:29 XenophonF fredrick: unfortunately, it doesn't work
12:30 XenophonF fredrick: it's been a while since i hacked on it, so i don't remember what wasn't working
12:30 XenophonF maybe it was a salt-api permissions thing
12:30 XenophonF somewhere in my notes here i have something that says to convert the salt master to unprivileged operation
12:30 einsiedlerkrebs i am using 'iptables.insert' and a name (human readable) and i observe, that the state is not applied since it not responding. my question is: Do i have to make sure that a certain rule hast to come first?
12:30 XenophonF and i've stubbed out users and groups for use with apache and salt-api
12:30 Sylvain31 trying to call a function with state.cmd.call I get "TypeError: 'str' object is not callable" may be I'm not defining the function correctly. I put it into a _modules/ folder and try to call it with func: file.funcname
12:30 g3kk0 joined #salt
12:31 Electron^- joined #salt
12:31 XenophonF Sylvain31: wouldn't you use module.run in that situation?
12:31 g3kk0 does anyone know how to get just the value of a grain (without the local:) using salt-call?
12:31 numkem joined #salt
12:32 Sylvain31 XenophonF: may be, what's the difference?
12:33 XenophonF i dunno, i've just never used cmd.call before
12:33 XenophonF whenever i want to make an execution module funcall from a state, i use the module.run state
12:33 Sylvain31 g3kk0: salt-call grains.get id  --out=newline_values_only
12:34 XenophonF of course, if you want to call the execution module directly, you can, e.g., given _modules/irtnog.py containing "def foobar(): pass", run "salt-call irtnog.foobar"
12:34 g3kk0 perfect!
12:34 g3kk0 thank you!
12:34 Sylvain31 XenophonF: of course.
12:35 silviud joined #salt
12:35 Sylvain31 g3kk0: from my own zim-wiki page ;) you're welcome. keep sharing. :)
12:36 g3kk0 will do :)
12:37 silviud hi - i use saltstack to control windows firewall but i'm missing the capability to block only specifics hosts via remoteip (the module https://github.com/saltstack/salt/blob/develop/salt/modules/win_firewall.py) is missing it
12:37 silviud is anybody working on such thing or can I go ahead and send a pull request ?
12:37 Sylvain31 silviud: fix it ?;)
12:39 silviud remoteip was added a bit later far as I know ... I'm guessing why wasn't included into the module
12:40 edrocks joined #salt
12:44 jcalero joined #salt
12:47 Sylvain31 XenophonF: do you need to override name with __virtual__ or what, it complains with missing m_name an undocumented parameter…
12:47 Tanta joined #salt
12:47 rylnd is there anywhere documented what is done to the source on github when a release is created? the contents of the downloadable release differ somewhat from the source under the tag on github.
12:54 ivanjaros joined #salt
12:55 west575 joined #salt
12:55 babilen rylnd: It's a manual process
12:55 babilen https://help.github.com/articles/creating-releases/
12:55 babilen Some people essentially use "git archive" based on tags, but others have a different release process .. In the end you essentially upload a tarball
12:56 rylnd babilen ah ok. thanks. i am trying to understand when the salt/_version.py is generated that is in the release
12:56 babilen rylnd: I don't actually know how Saltstack are creating their releases exactly
12:56 rylnd babilen it's not there when tagged as v2016.3.2 but its in the release tarball
12:58 rylnd babilen a comment says its auto-generated by salt's setup. but i would be interested in understanding how setup is run for a release
12:58 schemanic joined #salt
12:59 64MAAOIBA joined #salt
13:00 babilen https://github.com/saltstack/salt/blob/develop/setup.py has code
13:00 babilen https://github.com/saltstack/salt/blob/develop/setup.py#L178 in particular
13:01 Sylvain31 what the different purpose between module.run and cmd.call?
13:06 rylnd babilen i saw that thanks. but that does not really help me as i have a hard time fully understanding the file. but if that is the only way, then i will have to spend more time working through and understanding the setup.py
13:18 babilen rylnd: What are you trying to achieve eventually?
13:18 babilen IOW: Why do you care?
13:18 permalac joined #salt
13:19 racooper joined #salt
13:20 ronnix joined #salt
13:20 rylnd babilen so i have a fork of the code tagged 2016.3.2. let's assume i want to maintain this fork as an internal fork and over time, there will be patches i need, additional grains, additional modules etc. in the end i want to have an internal code base for us. i want to create DEB packages from this fork. i was successful in creating deb packages via salt-pack from my fork, but my build debs show version 2016.3.0 instead of 2016.3.2
13:22 rylnd babilen so naturally i try to understand, what when wrong and why my version is wrongly identified as 2016.3.0. the only thing so far that differs, is the .tar.gz. the "real" release of 2016.3.2 has a _version.py file and is cleaned up etc. so i am trying to understand the process saltstack uses to come from "code on github tagged as $release" to "relase tarball"
13:22 rylnd babilen as i think there is my issue somewhere
13:22 ferbla joined #salt
13:24 babilen Are you creating the sdist with setup.py ?
13:24 schemanic hi
13:25 Sylvain31 is it possible to return a value to module.run that it see at "nochange" made?
13:26 rylnd babilen i did not initially. i tried that 15 minutes ago, as you gave me the clue to look further into setup.py. thanks again for that :-) all i get after sdist is finished, is a dist/salt-2016.3.0-n directory with a a-7974430.tar.gz file in it
13:27 babilen Okay, and that doesn't contain _version.py ?
13:27 babilen rylnd: Compared to other projects salt's setup.py is rather complex and I am not sure how they use it .. but it seems to contain the code that does what you are after
13:28 XenophonF Sylvain31: you need to define the virtual function, for an example please refer to https://github.com/irtnog/salt-states/blob/development/_modules/irtnog.py
13:29 XenophonF Sylvain31: if you want a different example, take a look at https://github.com/irtnog/active-directory-formula/blob/master/_modules/identityserver_sts.py
13:29 XenophonF i'm rather proud of that last one
13:29 XenophonF self modifying code FTW!
13:29 babilen *applause*
13:29 rylnd babilen yes, i think that as well. the question is, why i get such a weird versioning on the tarball, that is why i hoped someone who knew the process from tagged release to release tarball was online and could give me a hint of where i am going wrong
13:30 Sylvain31 XenophonF: and for the return code? any clue?
13:30 babilen rylnd: Could very well be that git SHA in short form
13:31 XenophonF Sylvain31: the return code is simply the name of the module
13:31 rylnd babilen git SHA in short form?
13:31 XenophonF you can have _modules/foobar.py return "foo", in which case you'd access the functions via foo.whatever
13:32 XenophonF that's how the various *pkg*.py modules do it
13:32 XenophonF they all implement the same interface
13:32 XenophonF it's kind of object oriented
13:32 Sylvain31 XenophonF: no, that ok, my question above for module.run to see it as nochange
13:35 XenophonF Sylvain31: here's another example, only for a state module as opposed to an execution module: https://github.com/irtnog/active-directory-formula/blob/master/_states/identityserver_sts.py
13:36 XenophonF Sylvain31: a fourth example, a custom grain: https://github.com/irtnog/active-directory-formula/blob/master/_grains/windows_installation_type.py
13:36 XenophonF custom grains don't use the __virtual__ function
13:37 zmalone joined #salt
13:37 mohae_ joined #salt
13:37 rylnd babilen i see what you mean. sorry i am somewhat slow today. if i remove the .git directory from my code, it identifies it as 2016.3.0, still not 2016.3.2
13:38 rylnd babilen do you know by any chance if there is a mailing list or something that i could ask this kind of question?
13:39 ronnix joined #salt
13:39 Sylvain31 XenophonF: thansk but do you know if module.run can see an nochange result and display it in green…
13:39 Sylvain31 ?
13:40 XenophonF i don't remember
13:41 XenophonF you can test it yourself by making a trivial exec module function that always reports changes or never reports changes
13:41 mapu joined #salt
13:42 Sylvain31 for now it doesn't work, I may not return the expected dict
13:43 tpaul joined #salt
13:44 toastedpenguin joined #salt
13:45 aagbds joined #salt
13:45 toastedpenguin joined #salt
13:46 silviud joined #salt
13:46 bearonis joined #salt
13:48 babilen rylnd: There are mailing lists, yes. You might want to ask on https://groups.google.com/forum/#!forum/salt-users
13:52 flowstate joined #salt
13:53 perfectsine joined #salt
13:53 rylnd babilen thanks!
13:53 babilen np
13:53 babilen Good luck
13:58 bowhunter joined #salt
14:03 gableroux joined #salt
14:07 Sylvain31 XenophonF: rewriting my code as an _states/ do the trick. I'm not sure module.run can handle green state, nochange… ?
14:07 XenophonF oh good, glad you got it working!
14:07 Sylvain31 with pain… ;) thanks for your code sharing.
14:10 XenophonF you're welcome
14:10 Brew joined #salt
14:11 tapoxi joined #salt
14:11 drawsmcgraw joined #salt
14:11 Sylvain31 XenophonF: do yo have a state usage of your code? the _modules is used by the state, but where is the state used?
14:13 XenophonF my AD FS stuff is a work in progress, so it might be better if i show you the stuff i wrote for Windows servicing (DISM) instead
14:13 XenophonF here's the state module - https://github.com/irtnog/active-directory-formula/blob/master/_states/windows_feature.py
14:14 XenophonF it calls this execution module - https://github.com/irtnog/active-directory-formula/blob/master/_modules/windows_servicing.py
14:14 johnkeates wouldn't it make sense to make it work together with that powershell desired state thingy?
14:14 XenophonF here's an example of how the state gets used - https://github.com/irtnog/active-directory-formula/blob/master/ad/ds/template.sls#L9
14:15 mpanetta joined #salt
14:16 XenophonF johnkeates: the stuff i wrote for windows servicing does not use powershell on purpose, because it's intended for use on windows editions that do not include powershell (or the servermanager snap-in) by default
14:16 johnkeates but then how would AD work? I thought it depended on some of that stuff
14:16 johnkeates or maybe not in 2008 and lower versions
14:17 johnkeates (i started administrating AD only after 2008 came out)
14:17 johnkeates before that i did netlogon
14:17 johnkeates so i missed the gap in between :P
14:17 johnkeates but if that's all non-ps non-servermanager, i suppose it makes sense
14:17 XenophonF there are two supported interfaces for domain controller deployment in Windows
14:17 johnkeates what's the original one?
14:18 XenophonF prior to Windows Server 2008, you'd use DCPROMO to deploy and configure domain controllers
14:18 johnkeates the thing that uses the older cmd tools?
14:18 johnkeates yeah
14:18 johnkeates that i remember
14:18 XenophonF that actually goes back to Windows NT
14:18 johnkeates and there are the dcdiag etc tools as well
14:18 johnkeates all based around the more old school C/C++ based interfaces
14:18 XenophonF starting with Windows Server 2008, you'd use various cmdlets in PowerShell
14:18 johnkeates yeah
14:18 johnkeates i guess that's the gap
14:18 johnkeates anyway, neat that it works anyway
14:18 XenophonF the Salt state formula I wrote switches between both
14:18 johnkeates whats MS doing in 2016?
14:18 XenophonF it's still powershell
14:19 johnkeates is it removing one or the other?
14:19 Sylvain31 XenophonF: and here's my current draft: http://paste.debian.net/787637/
14:19 johnkeates better yet, if they are both interfaces for the same thing, is that 'thing' one of MS's blackbox things?
14:19 XenophonF in short i wrote a macro that detects the O/S version and generates a promotion command suited to the target operating system
14:19 johnkeates because if that's the case, writing a closer version to the 'real' DC stuff might be nice
14:20 johnkeates Salt'd get more grip, MS gets a 3rd interface for free
14:20 XenophonF https://github.com/irtnog/active-directory-formula/blob/master/ad/ds/options.jinja#L46
14:21 XenophonF i'm perhaps being a little too clever with the formula in that various SLSes, e.g., ad.ds.forest, are all symlinks to that template.sls
14:21 XenophonF which also decides which operation to perform depending on how it was called
14:22 XenophonF https://github.com/irtnog/active-directory-formula/blob/master/ad/ds/template.sls#L4
14:22 XenophonF so let's say you're deploying a new domain using salt
14:23 XenophonF the computer that'd be the first DC in the new forest should be assigned the ad.ds.forest SLS
14:24 XenophonF to add writable DCs, you'd have salt apply the ad.ds.dc SLS to them
14:24 XenophonF to make a child domain, apply ad.ds.child
14:24 johnkeates that's nice
14:24 XenophonF to make a new tree, apply ad.ds.tree
14:27 XenophonF https://github.com/irtnog/active-directory-formula/blob/master/README.md
14:28 XenophonF https://github.com/irtnog/active-directory-formula/blob/master/pillar.example#L42
14:28 Sylvain31 XenophonF: if you find a module.run which handle well the result = True as no change let me know, as _modules can also be call directly from command line which is cool!
14:28 XenophonF at some point i want to convert all of that jinja code into a proper python module
14:30 jenastar joined #salt
14:31 perfectsine joined #salt
14:34 KingOfFools Guys, how do you think. If i want to add servers with specific role in ldap, should i run jobs on minions or on master? Or maybe on ldap server minion.
14:35 Sylvain31 KingOfFools: it depends how you're handling your server, where is the ultimate source
14:35 Sylvain31 ?
14:36 KingOfFools Sylvain31: what do you mean?
14:37 kaptk2 joined #salt
14:38 bearonis joined #salt
14:39 bearonis left #salt
14:40 alexhayes joined #salt
14:40 Sylvain31 if your server source is the ldap go for it, and fetchit for the saltmaster
14:41 Sylvain31 if your saltmaster decide, add it to a pillar, and publish it to ldap
14:41 Sylvain31 both seems valid approach to me.
14:49 numkem joined #salt
14:49 flowstate joined #salt
14:49 KingOfFools Sylvain31: can't really understand what you suggesting :/
14:49 numkem joined #salt
14:51 Sylvain31 Was your question about where you should define a new server to control with salt, as it also needs to be in your ldap?
14:52 timoguin joined #salt
14:54 KingOfFools Sylvain31: not exactly. I have some service. There are few servers in that service with specific role. I want add them to ldap also, they are already in salt. And want add/delete users to that servers in ldap. So Im wondering if i should run that tasks with ldap on each minion, master or on one minion where ldap is installed (for security or something, i dont know).
14:55 mikecmpb_ joined #salt
14:55 timoguin joined #salt
14:56 aea joined #salt
14:58 _JZ_ joined #salt
15:01 Sylvain31 why should it be run on each minion not hosting the ldap service (I'm not really aware of ldap limitation, nor vocabulary) ?
15:02 ronnix joined #salt
15:04 KingOfFools Sylvain31: i don't know, performance wise maybe, since there can be some queue on that minion for example. That's why I'm asking
15:07 Sylvain31 currently you have some kind of replication (cache maybe) of the ldab on each minion?
15:09 KingOfFools Sylvain31: no. But I'm planning to add one more ldap server for replication and failover (master - master i think, not sure yet)
15:10 Sylvain31 OK, I'm not ldap involved to answer, is it activedirectory stuff?
15:11 KingOfFools Sylvain31: no' im using 389 directory server from RedHat.
15:11 mikecmpbll joined #salt
15:12 oida joined #salt
15:12 armonge_ joined #salt
15:13 bearonis joined #salt
15:15 KingOfFools Sylvain31: but if i store login/password for admin to ldap (to edit things) in pillar is it kinda safe to run this jobs  minions since it possible to see login/password with salt-call pillar.items?
15:15 KingOfFools *on minions
15:17 Sylvain31 it depends how you trust the admin operating on the minion. I got to go, nice question in fact. I opened this ticket for mysql root password which maybe different : https://github.com/saltstack-formulas/mysql-formula/issues/120
15:17 saltstackbot [#120][OPEN] produce managed file with mysql root acces from salt module related to pillar root_password | When you install this formula you may expect that the defined password for mysql's `root` on the managed server will be available on the salt master for [mysql.module](https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.mysql.html) call:...
15:18 johnkeates #121
15:18 johnkeates https://github.com/saltstack-formulas/mysql-formula/issues/121
15:18 saltstackbot [#121][MERGED] fix archlinux package | A small fix in server.sls with archlinux not using the right required package name.
15:18 johnkeates hue hue it works
15:18 johnkeates https://github.com/saltstack-formulas/haproxy-formula/issues/57
15:18 saltstackbot [#57][OPEN] Converting inline defaults to defaults.yaml | This is more of a notification than a bug; I'm converting some of the stuff that's gotten to be inline defaults to the slightly more standard (and definitely more flexible) defaults.yaml + map.jinja combination. This came out of my need to install different haproxy versions, i.e. 1.6 via backports and 1.5 on LTS versions of operating systems. I'm also adding initial provisions for an OS
15:18 johnkeates that is mine!
15:24 juanito joined #salt
15:25 oida joined #salt
15:25 ALLmightySPIFF joined #salt
15:26 oida joined #salt
15:26 hasues joined #salt
15:27 hasues left #salt
15:28 sfxandy joined #salt
15:29 sfxandy hi folks
15:29 oida joined #salt
15:32 oida joined #salt
15:33 scsinutz joined #salt
15:35 scsinutz joined #salt
15:35 ronp_usa1 joined #salt
15:35 onlyanegg joined #salt
15:36 west575_ joined #salt
15:43 oida joined #salt
15:45 beardedeagle joined #salt
15:54 johnkeates left #salt
15:56 pcdummy hi sfxandy
15:57 scsinutz1 joined #salt
15:57 pcdummy #123
15:57 scsinutz joined #salt
15:57 timoguin joined #salt
15:58 om joined #salt
15:58 mohae joined #salt
16:02 bltmiller joined #salt
16:04 bash1235123 joined #salt
16:05 bash1235123 what would you suggest if two teams want to manage the same server and want to use saltstack to do so but have different states etc ?
16:08 Sketch i would suggest running as far away as possible
16:08 bantone ha agreed
16:10 bash1235123 :D
16:17 scsinutz1 joined #salt
16:20 ivanjaros joined #salt
16:25 Elsmorian joined #salt
16:26 DammitJim joined #salt
16:32 flowstate joined #salt
16:33 twork_ does salt keep records, diff-like, of the work it does to minions?  my hunch is no, but i gotta ask.
16:34 Fiber^ joined #salt
16:35 twork_ oh, silly twork, of course it does if you ask it to.
16:44 mikecmpbll joined #salt
16:49 edrocks joined #salt
16:53 ZachLanich joined #salt
16:55 Herugrim joined #salt
17:10 beardedeagle joined #salt
17:11 scsinutz joined #salt
17:11 mikecmpbll joined #salt
17:13 subsignal joined #salt
17:15 cyborg-one joined #salt
17:21 pipps joined #salt
17:35 bltmiller joined #salt
17:38 bowhunter joined #salt
17:42 tuxx joined #salt
17:42 fracklen joined #salt
17:49 fracklen joined #salt
17:50 stephas joined #salt
17:55 writtenoff joined #salt
17:59 rothsa joined #salt
18:01 bltmille_ joined #salt
18:02 nonades joined #salt
18:03 xbglowx joined #salt
18:09 west575 joined #salt
18:11 bearonis joined #salt
18:12 pipps joined #salt
18:16 schemanic joined #salt
18:28 GreatSnoopy joined #salt
18:28 tapoxi joined #salt
18:32 pipps99 joined #salt
18:35 pjs joined #salt
18:36 heaje joined #salt
18:38 edrocks joined #salt
18:45 mikecmpbll joined #salt
18:47 om joined #salt
18:48 xbglowx hi, anyone around to help with some questions about salt-pack?
18:55 Elsmorian joined #salt
18:56 nonades left #salt
19:02 ishiz joined #salt
19:05 POJO joined #salt
19:07 babilen xbglowx: Just ask
19:10 joshin joined #salt
19:11 Electron^- joined #salt
19:12 scsinutz joined #salt
19:13 nonades joined #salt
19:14 xbglowx so, I am trying to get salt-pack working to build all the packages off of my own branch, but can't seem to get it working. All I get is a long list of `The following packages were not built` with no reason that I can see in the output. I installed salt using https://docs.saltstack.com/en/latest/topics/development/hacking.html#running-a-self-contained-development-version and I am running salt master and minion in trace mode.
19:15 whitenoise_ joined #salt
19:18 ishiz My salt minion config file is file.manage'd. I also want to append to this file from another state, but it has no effect. What is the correct way to do this?
19:18 ishiz I want minions that are installing my mysql state (which pulls a root password from pillar) to add its mysql info to the salt minion config
19:20 Elsmo joined #salt
19:21 raiden joined #salt
19:22 Guest83185 I have some file that I am dynamically generating on the master using reactor while the states are being applied..then in one of the states I need to use that file.
19:22 Guest83185 but that file is not synced to the minion and the states fail
19:23 Guest83185 what do I do make sure file gets synced after it is generated
19:27 sagerdearia joined #salt
19:33 iggy cp.cache_file ?
19:33 iggy you really shouldn't do that though
19:36 Guest83185 what is a better way?
19:36 Guest83185 If I need to dynamically generate a file on master
19:36 Guest83185 and then send to some minions
19:38 s_kunk joined #salt
19:40 tapoxi joined #salt
19:41 om joined #salt
19:43 svg joined #salt
19:47 scsinutz joined #salt
19:49 ralish joined #salt
19:49 win_salt joined #salt
19:49 blueelvis joined #salt
19:52 Tanta use another form of shared storage
19:52 Tanta FTP, SCP, S3, ... TFTP
19:54 pipps joined #salt
19:57 jenastar joined #salt
19:59 jenastar1 joined #salt
20:02 bltmiller joined #salt
20:03 armguy joined #salt
20:03 DammitJim can I grab other pillar data in my pillar?
20:13 teryx510 joined #salt
20:14 keimlink joined #salt
20:15 pipps joined #salt
20:16 ssplatt DammitJim: i wouldn’t rely on that. either remap something in a state file, or map.jinja.  or push the pillar value to the mine or as a grain.  or external pillar.
20:16 pipps99 joined #salt
20:23 timoguin_ joined #salt
20:24 west575 joined #salt
20:27 Ryan_Lane hey... it looks like cmd.wait is being deprecated in favor of onchanges?
20:28 Ryan_Lane an issue with onchanges is that it seems it isn't compatible with listen/listen_in?
20:28 Ryan_Lane and it acts like a watch/watch_in
20:28 Ryan_Lane which reorder states
20:32 Rumbles joined #salt
20:33 jaybocc2 joined #salt
20:34 jaybocc2 Hello fellas, been a while.  Was wondering if anyone is doing anything cool with salt and terraform
20:40 win_salt does anyone have a good method for excluding sls from pillar top.sls
20:45 Edgan win_salt: explain your usage case better
20:46 wendall911 joined #salt
20:47 smcquay Is there some convention I can lean on to install a package (say nginx) and not have systemd files loaded till I'm done configuring? It seems like all the packages in ubuntu also do service registration :\
20:47 Edgan smcquay: Oh, you hit that too. :)
20:48 Edgan smcquay: https://major.io/2016/05/05/preventing-ubuntu-16-04-starting-daemons-package-installed/
20:48 win_salt most servers want the same pillar info, but a few want different info.  Putting them in the pillar top seems to merge them together, since the more general ones are based on the os grain
20:49 Edgan win_salt: you have to have grains to tell them part, and then you have to have different pillar sets for different grain values. I do this with passwords.
20:50 Edgan win_salt: To avoid repeating yourself as much you use map.jinja to set defaults and merge pillars into the map.jinja defaults
20:50 Edgan win_salt: I have hostnames with lots of metadata. I think use custom grains(python code) to turn that metadata into grains. I think match on those grains.
20:50 smcquay Edgan: I also found the nginx-common package that puts files in place but doesn't actually call start ...
20:51 Edgan smcquay: It is a standard debian/ubuntu thing to start a service on install of a package
20:51 Edgan smcquay: It is in my opinion a bad idea, and doubly so when using configuration management.
20:52 mikecmpbll joined #salt
20:52 smcquay Edgan: hmm. I was misreading what was going on. journalctl says "failed to start"
20:52 Electron^- joined #salt
20:52 Edgan smcquay: I have run into cases where I install redis via a deb. The packages starts the service, I change the config file, try to restart the service, and the service hangs.
20:52 smcquay Edgan: I agree with that separation of concerns.
20:53 smcquay meh I'll roll my own nginx-bin package :\
20:53 Edgan smcquay: So I used that blog's universal method to disable the auto start
20:53 Edgan smcquay: Way better than remaking packages every time you run into this problem
20:53 Edgan smcquay: He also gives you a per service method
20:53 jenastar joined #salt
20:54 smcquay ah indeed.
20:55 mibr0 joined #salt
20:56 smcquay /dev/null it is then :)
20:56 smcquay Edgan: thanks for the pointer and solution :)
20:57 Edgan smcquay: It made my day when I found that. :)
20:57 smcquay so now I just need the state chain that makes the file, removes it on successful config, and enables a service.
20:57 smcquay sound about right?
20:57 nidr0x joined #salt
20:58 Edgan smcquay: I think he implies that enabling it will overwrite your symlink
20:59 smcquay even simpler then.
20:59 jenastar left #salt
20:59 subsignal joined #salt
20:59 smcquay Edgan: didn't work for me.
21:00 smcquay Failed to execute operation: Unit file is masked
21:00 flowstate joined #salt
21:00 Edgan smcquay: ok, so I would do it like this
21:01 Edgan smcquay: I order my formulas like pkgs, files, services. So you need symlink, pkgs, files, services. Then remove the symlink at the end of files.
21:02 smcquay exactly. thanks!
21:19 tkharju joined #salt
21:26 west575_ joined #salt
21:27 iggy Ryan_Lane: is there a ticket open for that? (I need to follow it if so)
21:28 flowstate joined #salt
21:34 scsinutz joined #salt
21:36 scsinutz1 joined #salt
21:37 raiden joined #salt
21:38 ZachLanich joined #salt
21:49 pipps joined #salt
21:50 pipps joined #salt
21:51 chmod666org joined #salt
22:03 pipps joined #salt
22:04 pipps joined #salt
22:06 pipps joined #salt
22:13 pipps joined #salt
22:13 Guest94374 can file.recurse have source outside of salt file root
22:14 Guest94374 something like /srv/folder1/new.txt
22:17 pipps joined #salt
22:18 west575 joined #salt
22:19 Ryan_Lane iggy: didn't open a ticket. I guess I can
22:19 woodtablet joined #salt
22:21 Ryan_Lane @iggy https://github.com/saltstack/salt/issues/35321
22:21 saltstackbot [#35321][OPEN] cmd.wait deprecated, but alternative doesn't work for ordered state execution | Description of Issue/Question...
22:24 west575 joined #salt
22:28 scsinutz joined #salt
22:28 fracklen joined #salt
22:30 subsignal joined #salt
22:30 ZachLanich Hey SaltPeeps, I'm trying to decide on a Pillar Module. I need to write create pillars that are specific to a given server (or cluster) that provide a list of "Sites" that are on that server, along with nested pillar data under each of those sites. This Pillar data has to be created/updated from an external system using a REST API.
22:30 ZachLanich I'm toying with using the MySQL backend, MongoDB backend, etc and was thinking Mongo might be appropriate because of it's inherently "Document Oriented" nature. If you can imagine, you might see infrastructure & pillars looking like so: https://gist.github.com/zlanich/136a6e12100918eb25b69880884b4bbc - Can you give me some insight on what might be a good choice?
22:35 scsinutz1 joined #salt
22:39 alinuxninja joined #salt
22:43 pipps99 joined #salt
22:49 ZachLanich The main disappointment I seem to be seeing is that it doesn't seem you use Globs to match minionID names when using Mongo. If I wanted to send the same pillar data to 2 web nodes in the same cluster, I'd have to insert the pillar data 2 times like so: https://gist.github.com/zlanich/f0640d0d940d905d9e94d994fbd3f8c8 - :(
22:50 ZachLanich I'd be hugely appreciative of anyone's advice. It's hard to figure out what the norm is for some of these external components.
22:54 blue0ctober joined #salt
22:55 Sokel joined #salt
22:59 teryx5101 joined #salt
23:00 squishypebble joined #salt
23:02 om joined #salt
23:04 alexhayes joined #salt
23:06 Guest94374 can anyone tell me what the state "salt.runners.state.event" is meant for
23:06 Guest94374 and how to use it
23:06 west575 joined #salt
23:12 sp0097 joined #salt
23:13 pipps joined #salt
23:27 seblu joined #salt
23:31 subsignal joined #salt
23:31 khaije1 joined #salt
23:32 ws2k3 joined #salt
23:33 khaije1 whats the best way to get a report of available package updates for all installed packages on a set of CentOS 5, 6, and 7 machines?
23:34 west575_ joined #salt
23:35 * khaije1 is going commute/afk but will check the chan once at home
23:36 scsinutz joined #salt
23:42 jamesp9 joined #salt
23:47 Sokel khaije1: salt 'foo' pkg.list_upgrades -- the documentation explains this. https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.yumpkg.html#salt.modules.yumpkg.list_upgrades
23:47 west575 joined #salt
23:47 flowstate joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary