Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2016-08-26

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:01 Perilous_ joined #salt
00:02 akhter joined #salt
00:04 PerilousApricot joined #salt
00:05 brotatochip joined #salt
00:09 Perilous_ joined #salt
00:12 majuscule is it possible to npm.bootstrap globally?
00:18 Taz generally globals arnt good, so you import vars where you need them
00:19 Taz someone else who knows more can chime in
00:20 majuscule i don't want globals exactly. i want them in the scope of the formula
00:21 majuscule and imported formulas to share that scope
00:21 majuscule unless you were referring to my bootstrap comment, in which case i'm talking about package installation
00:21 majuscule and i think global package installation is a reasonable desire
00:23 Taz i usually follow this: https://github.com/saltstack-formulas/template-formula/tree/master/template
00:23 Taz in which case formula vars after being munged with pillar you import in all sls's using: {% from "template/map.jinja" import template with context %}
00:24 Taz thwn whereever youd need project_root youd do {{ myformula.project_root }}
00:24 Taz sorry im not sure i understand your question
00:25 majuscule i'm not sure which question you are referring to :-)
00:26 Taz im pretty sure you need to import everywhere youd need to use it, or make it accessible through pillar
00:26 Taz so you could have global_package in pillar
00:26 Taz and just call that where you need it
00:27 Taz for your question [19:49] <majuscule> is it possible for jinja variables set in a formula to be accessible by included recipes?
00:30 majuscule yeah that all makes sense, thanks for the explanation
00:30 majuscule it's not exactly what i was hoping for but i suppose it makes sense
00:31 stephanlooney joined #salt
00:34 west575_ joined #salt
00:36 DEger joined #salt
00:37 woodtablet left #salt
00:40 Taz yea, coming from puppet that was weird for me
00:40 Taz puppet its hard to nail down the scope of variables
00:40 Taz sorry to bring up the p word xD
00:41 stephanlooney joined #salt
00:41 edrocks joined #salt
00:43 majuscule no worries, chef is where my heart's at anyway but learning this now w/ a new team
00:44 majuscule it seems insane that salt.states.npm.bootstrap  doesn't allow global installation https://docs.saltstack.com/en/latest/ref/states/all/salt.states.npm.html
00:44 majuscule or some other way to read npm modules from a file for installation
00:45 DEger joined #salt
00:45 orionx joined #salt
00:46 Taz i dont understand why you cant just put them in pillar?
00:46 majuscule because they're part of a third-party project
00:46 majuscule and i don't want to have to update pillar everytime the project bumps a dependency
00:46 Taz ahh, you can read in variables from a yml file
00:47 orionx_ joined #salt
00:47 Taz {% import_yaml 'template/defaults.yaml' as default_settings %}
00:47 majuscule yeah but it's not a yml file
00:47 majuscule it's a requirements.txt file
00:47 majuscule erm
00:47 majuscule rather
00:47 majuscule a package.json file
00:47 Taz i think that may still work
00:48 Taz {% import_json "defaults.json" as defaults %}
00:49 Taz im no nodejs expert, but ive always just dont npm install and it does that for you assuming your packages.json is in the same directory
00:50 Taz done not dont
00:50 Taz i also think they encourage you to use the local nodejs packages instead of installing things globally
00:53 justanotheruser joined #salt
00:59 DEger joined #salt
00:59 brotatochip joined #salt
01:03 evan-nexus5x joined #salt
01:04 McNinja joined #salt
01:04 evan-nexus5x Hi
01:04 stephanlooney joined #salt
01:04 akhter joined #salt
01:04 McNinja Oh haii
01:05 evan-nexus5x Does anyone know of a program where i can link mutiple text files and it will tell me when a key phrase is present
01:10 Taz grep? :P
01:11 DEger joined #salt
01:11 McNinja ^ +1
01:25 stephanlooney joined #salt
01:25 evidence joined #salt
01:32 armonge joined #salt
01:33 Nahual joined #salt
01:41 DEger joined #salt
01:50 catpigger joined #salt
01:51 DEger joined #salt
01:52 _JZ_ joined #salt
01:57 John_Kang joined #salt
02:01 fannet joined #salt
02:04 ssplatt joined #salt
02:04 onlyanegg joined #salt
02:07 DEger joined #salt
02:10 badon joined #salt
02:15 DEger joined #salt
02:19 jaybocc2 joined #salt
02:20 ninjada joined #salt
02:24 DEger joined #salt
02:25 stephanl_ joined #salt
02:27 Brijesh1 joined #salt
02:27 bastiand1 joined #salt
02:31 Brijesh1 joined #salt
02:31 nicksloan joined #salt
02:34 Brijesh1 joined #salt
02:34 stephanlooney joined #salt
02:38 MTecknology What was that system where you hold values in short-term memory on the master?
02:38 MTecknology sdb??
02:38 MTecknology there it is! :D
02:42 Brijesh2 joined #salt
02:43 K3v joined #salt
02:46 stephanlooney joined #salt
02:46 brotatochip joined #salt
02:49 esharpmajor joined #salt
02:49 packeteer joined #salt
02:50 vaelen joined #salt
02:50 DEger joined #salt
02:50 evle joined #salt
02:52 rem5 joined #salt
02:54 MTecknology So.. if anyone happens to be bored, I'm up for some ideas... when I do a git push, I want a reactor that does "salt -b 2 '*' state.highstate" but is delayed by 5 min in case I push to another repo (ideally reset the countdown) and runs at most 1x/hr.
02:55 wryfi_ joined #salt
02:55 briansteffens joined #salt
02:56 agentnoel joined #salt
02:56 agentnoel joined #salt
02:56 ablemann joined #salt
02:57 komputes joined #salt
02:57 feld joined #salt
02:58 badon joined #salt
02:58 orionx joined #salt
03:00 yesimon joined #salt
03:00 aarontc joined #salt
03:01 aarontc joined #salt
03:02 ninjada joined #salt
03:02 pjs joined #salt
03:04 steveoliver joined #salt
03:05 DEger joined #salt
03:06 jessexoc joined #salt
03:06 stephanlooney joined #salt
03:08 KingOfFools joined #salt
03:09 voxxit joined #salt
03:10 chamunks joined #salt
03:10 DEger joined #salt
03:11 justanotheruser joined #salt
03:20 spuder joined #salt
03:21 DEger joined #salt
03:24 MTecknology Maybe a schedule that runs every minutes that 1) if timer A > 0, timer-- ; then 2) if timer B > 0, timer--; if timer A > 0 then pass else; if timer A == 0 then set timer A = 60 and run fileserver.update and then highstate
03:26 stephanlooney joined #salt
03:32 DEger joined #salt
03:32 raspado joined #salt
03:35 orionx joined #salt
03:35 stephanlooney joined #salt
03:42 DEger joined #salt
03:53 phx joined #salt
03:55 nsidhu joined #salt
03:56 hasues joined #salt
03:57 DEger joined #salt
03:57 MTecknology soooo quiet :(
03:58 MTecknology it's eerie
03:59 MTecknology Also, I've never really understand the reason to user the scheduler over cron.present.
04:01 |aaron joined #salt
04:01 |aaron hmm two dhcpd formulas.. is the saltstack-formulas one decent?
04:05 bltmiller joined #salt
04:05 hasues left #salt
04:06 mpanetta joined #salt
04:11 whitenoise hey guys, question
04:12 whitenoise i am trying to do: {% if any(hostname in fqdn for hostname in host_data[amqp_clients] %} <set a yaml block> {% endif %}
04:12 whitenoise and it's complaining about that line of code saying "Jinja syntax error: expected token ',', got 'for';"
04:12 whitenoise but it's a valid python line
04:13 DEger joined #salt
04:15 sagerdearia joined #salt
04:18 ponyofdeath joined #salt
04:24 stephanlooney joined #salt
04:25 DEger joined #salt
04:34 sp0097 joined #salt
04:37 kshlm joined #salt
04:44 DEger joined #salt
04:45 edrocks joined #salt
04:46 nidr0x joined #salt
04:49 spuder_ joined #salt
04:49 onlyanegg joined #salt
04:51 jab416171 joined #salt
04:52 DEger joined #salt
05:00 nsidhu <whitenoise> you are missing a (
05:00 nsidhu I think it should be  : {% if any(hostname in fqdn for hostname in host_data[amqp_clients]) %} <set a yaml block> {% endif %}
05:01 jimklo joined #salt
05:04 DEger joined #salt
05:04 jenastar joined #salt
05:05 phx if an external pillar gets lazy loaded, after when I'm assigning it from the pillar tops, why do I get an error saying Pillar render error: Specified SLS 'hostinfo' in environment 'base' is not available on the salt master?
05:05 stephanlooney joined #salt
05:11 DEger joined #salt
05:14 jenastar joined #salt
05:20 DEger joined #salt
05:25 stephanlooney joined #salt
05:30 nocta450637 joined #salt
05:32 DEger joined #salt
05:34 whitenoise i was missing a ), but that wasn't it. I think I was only missing that in my IRC versino
05:34 stephanl_ joined #salt
05:39 nocta450637 left #salt
05:41 bltmiller joined #salt
05:43 DEger joined #salt
05:46 stephanlooney joined #salt
05:49 jenastar joined #salt
05:53 jimklo joined #salt
05:55 DEger joined #salt
05:58 Miouge joined #salt
06:01 DEger joined #salt
06:03 fannet joined #salt
06:06 stephanlooney joined #salt
06:07 impi joined #salt
06:09 Karthik427 joined #salt
06:11 fusionx8_ joined #salt
06:12 DEger joined #salt
06:12 iggy MTecknology: scheduler doesn't require another daemon (yes, cron is installed everywhere, but...  there's a reason)
06:13 iggy MTecknology: I don't think you can get that without some outside daemon
06:13 iggy maybe an engine
06:14 jenastar joined #salt
06:16 iggy whitenoise: jinja doesn't support comprehensions
06:16 whitenoise iggy: I see. I gathered as much. That's too bad :(
06:17 iggy you can always use normal loops and logic
06:17 ravenx joined #salt
06:18 ravenx hi guys, question: let's say i'm doing a remote execution and the third state has failed, is it possible to treat it like a database and have a ROLLBACK on the 1st and 2nd state?
06:18 ravenx if my 1st state is "
06:18 iggy phx: you don't assign ext_pillar's in top.sls
06:19 ravenx "stop the service", 2nd state is "git pull the latest" and 3rd state is "build".  the "build" just failed, is it possible to automatically revert to my old commit and start the service
06:19 iggy ravenx: there's a ticket open about that I think
06:19 iggy not possible now though
06:20 saltsa joined #salt
06:21 ravenx iggy:  awww :(
06:21 iggy https://github.com/saltstack/salt/pull/35400
06:21 saltstackbot [#35400][MERGED] Introduce rollback to Salt States | What does this PR do?...
06:22 DEger joined #salt
06:22 babilen That's the snapper thing, isn't it?
06:22 iggy si
06:22 shawnbutts joined #salt
06:23 ravenx whoa.
06:23 ravenx iggy: it has been merged? :o
06:23 iggy in develop... which means it won't be out until the first release of 2017
06:23 ravenx ah...
06:24 ravenx but hey, this is only for snapper packages?
06:24 ajolo joined #salt
06:24 iggy the next release is already tagged, so anything merged to devleop since then isn't going to make a release until 2017
06:25 ravenx i see
06:25 ravenx thanks for showing me!
06:26 iggy I don't think that's snapper packages
06:26 iggy it's filesystem snapshots
06:26 stephanlooney joined #salt
06:28 iggy snapper.io according to the snapper module
06:29 ZachLanich joined #salt
06:31 ravenx ah..
06:31 ravenx all thsi time i thought i needed snapper packages.
06:34 stephanl_ joined #salt
06:35 phx iggy, so i just use them? and the access control is done by the ext_pillar itself?
06:36 iggy it matches based on the minion name
06:37 phx i've lost you there. if i don't assign them, how do they match? all they've got is the minion id as the first arg
06:38 iggy right... your ext_pillar should key off that
06:38 DEger joined #salt
06:41 phx and is it possible to make an extpillar that provides multiple pillars? if it's possible i've got some kind of a "proxy" in mind, there are a couple of rest endpoints, i would like to provide as pillar data
06:44 stephanlooney joined #salt
06:46 babilen phx: In the end it is one dictionary that's being handed to the minion
06:51 phx so basically i just have to manipulate the ext_pillar()'s return struct?
06:51 babilen *nod*
06:52 phx that's too simple
06:52 phx and so far i don't have any other pillars than these exts, in this case i only need an empty pillar top.sls, or not even that?
06:53 DEger joined #salt
06:54 babilen You wouldn't need that
06:54 manji joined #salt
06:55 phx thanks, this explains lots of things
06:55 phx and out of curiousity, how does the git pillar provide the environments as well, if it's just the return value?
06:57 phx and also, in git's case, the top's assignment is being handled by the git extpillar module internally?
07:00 babilen phx: The git pillar hooks into the "normal" pillar IIRC
07:00 babilen (and simply maps that to git)
07:02 amy_ joined #salt
07:05 phx got it
07:06 stephanlooney joined #salt
07:06 ninjada joined #salt
07:07 DEger joined #salt
07:08 Miouge joined #salt
07:09 jenastar joined #salt
07:11 phx now i understand the git pillar's source more, thanks for the help babilen and iggy
07:13 Miouge joined #salt
07:14 fracklen joined #salt
07:17 nonades_ joined #salt
07:19 jxm_ joined #salt
07:20 DEger joined #salt
07:26 stephanlooney joined #salt
07:28 Miouge joined #salt
07:33 DEger joined #salt
07:34 stephanlooney joined #salt
07:43 DEger joined #salt
07:45 stephanlooney joined #salt
07:47 JohnnyRun joined #salt
07:50 DEger joined #salt
07:59 fannet joined #salt
07:59 stanchan joined #salt
08:04 s_kunk joined #salt
08:06 DEger joined #salt
08:06 stephanlooney joined #salt
08:07 keimlink joined #salt
08:10 ronnix joined #salt
08:11 Electron^- joined #salt
08:13 DEger joined #salt
08:19 mikecmpbll joined #salt
08:22 DEger joined #salt
08:26 stephanlooney joined #salt
08:29 Mattch joined #salt
08:35 DEger joined #salt
08:35 jaybocc2 joined #salt
08:36 stephanlooney joined #salt
08:39 inad922 joined #salt
08:41 Brijesh1 joined #salt
08:41 jhauser joined #salt
08:43 edrocks joined #salt
08:51 DEger joined #salt
08:56 jaybocc2 joined #salt
09:03 DEger joined #salt
09:06 stephanlooney joined #salt
09:11 DEger joined #salt
09:11 kshlm joined #salt
09:12 agend joined #salt
09:23 DEger joined #salt
09:24 include joined #salt
09:30 DEger joined #salt
09:32 Miouge joined #salt
09:32 jaybocc2 joined #salt
09:41 DEger joined #salt
09:41 stephanlooney joined #salt
09:53 DEger joined #salt
10:00 DEger joined #salt
10:02 stephanlooney joined #salt
10:03 JohnnyRun joined #salt
10:06 stephanlooney joined #salt
10:13 DEger joined #salt
10:15 Electron^- joined #salt
10:23 DEger joined #salt
10:23 LondonAppDev joined #salt
10:23 s_kunk joined #salt
10:24 LondonAppDev joined #salt
10:27 jamesp9 joined #salt
10:30 DEger joined #salt
10:35 jaybocc2 joined #salt
10:45 DEger joined #salt
10:49 mikecmpb_ joined #salt
10:56 DEger joined #salt
10:59 stephanlooney joined #salt
11:00 Jimlad joined #salt
11:02 DEger joined #salt
11:05 stephanlooney joined #salt
11:08 bluenemo joined #salt
11:09 keimlink joined #salt
11:09 bluenemo hi guys. I'm getting the feeling that {% do resolve.update(resolve_pillar) %} seems to just overwrite resolve with resolve_pillar and not merge it like the python update would. Is that true?
11:10 bluenemo If so whats the function of choice to merge dictionaries? I found grains.filter_by with merge argument and also pillar.get with merge, but I'm looking for a way to only merge two dicts without anything around
11:11 Sammichmaker joined #salt
11:12 DEger joined #salt
11:13 AndreasLutro bluenemo: no it's not true, .update will merge the two dictionaries shallowly
11:18 west575 joined #salt
11:18 amcorreia joined #salt
11:20 rdas joined #salt
11:21 bluenemo AndreasLutro, thats not true - jinjas .update() function will overwrite at the first level, see: https://github.com/saltstack/salt/issues/28606
11:21 saltstackbot [#28606][OPEN] How to override nested parameters in map.jinja | If I have a defaults.yaml structure that looks like this (nested):...
11:21 babilen Saltstack really needs something like Ansible Galaxy
11:23 DEger joined #salt
11:23 AndreasLutro bluenemo: there is no jinja .update(), it's python's dict.update()
11:24 AndreasLutro and yes, python's dict.update() only updates at the top level (shallowly)
11:39 DEger joined #salt
11:41 Garo_ joined #salt
11:45 stephanlooney joined #salt
11:47 antpa joined #salt
11:51 _pg joined #salt
11:51 _pg Hi
11:52 _pg I use git.latest with "rev" pointing to a branch, the branch gets deployed OK, but if there're new commits in the branch
11:53 _pg it does not get updated due to err: fatal: Not a valid commit name 9d163f6....
11:53 _pg I use Boron on master and client
11:53 _pg (tried force_fetch and force_checkout without success)
11:54 DEger joined #salt
11:54 _pg Any suggestions how to use git.latest with branches?
11:59 AndreasLutro use the "branch" arg instead of "rev"
12:00 DEger joined #salt
12:02 Brijesh1 joined #salt
12:03 nicksloan joined #salt
12:06 Miouge joined #salt
12:12 DEger joined #salt
12:15 antpa joined #salt
12:16 antpa joined #salt
12:17 ronnix joined #salt
12:20 Miouge joined #salt
12:20 DEger joined #salt
12:20 west575 joined #salt
12:23 TyrfingMjolnir joined #salt
12:25 bluenemo AndreasLutro, is there a module explicitly used for merging dictionaries? grains.filter_by seems to do more than that
12:26 edrocks joined #salt
12:26 stephanlooney joined #salt
12:27 AndreasLutro not that I know of
12:27 bluenemo AndreasLutro, https://github.com/saltstack/salt/blob/develop/salt/modules/grains.py#L576
12:27 numkem joined #salt
12:30 bluenemo why isnt there a module for this?
12:30 bluenemo it would take around 3 lines of code
12:31 DEger joined #salt
12:34 babilen https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.defaults.html#salt.modules.defaults.merge
12:34 babilen (well hidden)
12:35 jaybocc2 joined #salt
12:36 bluenemo babilen, bechtoldts formhelper also seems to use this
12:38 Miouge joined #salt
12:38 _JZ_ joined #salt
12:38 bluenemo ah i see, this is really quite well hidden (also i've never seen it anywhere, everybody uses grains_filter_by)
12:39 bluenemo which covers 99% of cases imho. Still its confusing that the actual merging function is so well hidden :) Thank you a lot for the hint babilen
12:40 DEger joined #salt
12:41 bluenemo babilen, how do I use this in jinja? {% set foo = salt['defaults.merge'](dict1, dict2) %} doesnt seem to be it
12:41 babilen The actual function is https://github.com/saltstack/salt/blob/develop/salt/utils/dictupdate.py
12:41 babilen It doesn't?
12:42 babilen I've only ever used the utils version in #py
12:42 babilen It was added specifically for this usecase
12:42 babilen (or was meant at least)
12:43 babilen https://github.com/saltstack/salt/issues/28606
12:43 saltstackbot [#28606][OPEN] How to override nested parameters in map.jinja | If I have a defaults.yaml structure that looks like this (nested):...
12:43 gh34 joined #salt
12:43 ssplatt joined #salt
12:43 babilen That's the discussion in question
12:46 nicksloan joined #salt
12:47 tiwula joined #salt
12:50 DEger joined #salt
12:52 esharpmajor joined #salt
12:54 liskl joined #salt
12:57 xenoxaos joined #salt
13:03 DEger joined #salt
13:03 misconfig joined #salt
13:04 catpig joined #salt
13:05 esharpmajor joined #salt
13:08 stephanlooney joined #salt
13:09 bluenemo babilen, yes, we are studying this function atm
13:11 esharpmajor joined #salt
13:13 KingOfFools joined #salt
13:19 DEger joined #salt
13:24 JPT Hello :-) I think i have stumbled across an issue regarding the salt-api using tornado on /events: Every websoccet connection is run within its own tornado.gen.coroutine which leads to a race condition when multiple connections are made.
13:25 JPT This results in new events not getting delivered to all open websocket connections, but to the "fastest" one to fetch the event only.
13:26 edrocks joined #salt
13:32 XenophonF sounds like the beginnings of a good bug report, JPT
13:32 JPT *nods* :)
13:33 DEger joined #salt
13:33 JPT At first i was trying to find an easy way to fix it, but that is way harder than pointing out why the current state is not working as intended.
13:33 JPT Also, someone misspelled "disbatch" a lot. :/
13:37 mapu joined #salt
13:39 Miouge joined #salt
13:39 racooper joined #salt
13:39 babilen JPT: I think that was intentional
13:43 akhter joined #salt
13:44 teryx510 joined #salt
13:45 DEger joined #salt
13:46 combinare left #salt
13:47 JPT Okay, maybe it is. I was just looking at the word wondering why it is spelled that way. :)
13:49 stephanlooney joined #salt
13:49 babilen I raised that before .. couldn't find it anywhere nor do I really know what they mean by it
13:49 babilen dispatch a batch?
13:53 Phoenix_null joined #salt
13:54 DEger joined #salt
13:55 JPT There it is: https://github.com/saltstack/salt/issues/35798
13:55 saltstackbot [#35798][OPEN] Race condition: Inconsistent output when having multiple websocket clients on /events endpoint | Description of Issue/Question...
13:55 jerredbell joined #salt
13:56 bltmiller joined #salt
13:56 dariusjs joined #salt
14:00 DEger joined #salt
14:04 Rumbles joined #salt
14:07 mpanetta joined #salt
14:11 XenophonF oh i guess bluenemo is offline
14:11 jellyfrog left #salt
14:11 DEger joined #salt
14:11 ferbla joined #salt
14:11 XenophonF if you're searching the logs for an answer later, here's how i solved the dictupdate thing: https://github.com/irtnog/salt-states/blob/development/_modules/irtnog.py
14:11 XenophonF it's stupid but it works
14:12 XenophonF i use it in my apache sls: https://github.com/irtnog/salt-states/blob/development/apache/map.jinja#L65
14:13 babilen We discussed that back in the day, didn't we?
14:13 cyborg-one joined #salt
14:13 antpa joined #salt
14:15 Brew joined #salt
14:15 keimlink joined #salt
14:16 Deliant joined #salt
14:16 antpa joined #salt
14:19 squishypebble joined #salt
14:20 akhter joined #salt
14:20 akhter_1 joined #salt
14:21 akhter joined #salt
14:22 DEger joined #salt
14:22 akhter_1 joined #salt
14:25 nicksloan joined #salt
14:26 win_salt I have a truly strange problem with an ext_job_cache, has anyone upgraded to 2016.3.0 and had problems with returners? https://bpaste.net/show/a660abb0d43b
14:29 ozux joined #salt
14:31 DEger joined #salt
14:33 someone_ joined #salt
14:33 stephanlooney joined #salt
14:35 someone4286 joined #salt
14:36 jaybocc2 joined #salt
14:37 esharpmajor joined #salt
14:40 DEger joined #salt
14:41 armonge joined #salt
14:43 raspado joined #salt
14:50 spuder joined #salt
14:51 akhter joined #salt
14:51 armonge_ joined #salt
14:53 DEger joined #salt
14:56 deus_ex joined #salt
14:57 RobertLaptop joined #salt
14:59 akhter joined #salt
15:00 DEger joined #salt
15:00 ljpget joined #salt
15:02 xMopxShell joined #salt
15:04 jenastar joined #salt
15:04 jaybocc2 joined #salt
15:08 stanchan joined #salt
15:09 djinni` joined #salt
15:10 teryx510 joined #salt
15:11 akhter joined #salt
15:12 hasues joined #salt
15:13 _JZ_ joined #salt
15:14 jenastar joined #salt
15:14 DEger joined #salt
15:18 hasues left #salt
15:20 DEger joined #salt
15:26 jimklo joined #salt
15:30 Tanta joined #salt
15:32 DEger joined #salt
15:32 mikecmpbll joined #salt
15:33 orionx_ joined #salt
15:36 armonge joined #salt
15:38 akhter joined #salt
15:39 onlyanegg joined #salt
15:40 DEger joined #salt
15:40 misconfig joined #salt
15:40 someone4286 Why does the file.patch state require a hash? Why doesn't it use the underlying patch implementation's method of checking for previously applied patches?
15:42 akhter joined #salt
15:46 armonge joined #salt
15:48 amcorreia joined #salt
15:50 onlyanegg Does anyone use salt for monitoring?
15:50 armonge joined #salt
15:52 onlyanegg like for checking ports or making http calls to minions? and reacting?
15:53 amy_ joined #salt
15:55 armonge_ joined #salt
15:56 jenastar joined #salt
15:59 toastedpenguin joined #salt
16:00 pipps joined #salt
16:01 orionx joined #salt
16:02 DEger joined #salt
16:02 pipps joined #salt
16:02 orionx__ joined #salt
16:06 inad923 joined #salt
16:08 SpX joined #salt
16:09 armonge_ joined #salt
16:10 akhter joined #salt
16:11 LondonAppDev__ joined #salt
16:15 onlyanegg joined #salt
16:17 KingOfFools joined #salt
16:17 bilal80 joined #salt
16:21 KingOfFools left #salt
16:24 akhter joined #salt
16:28 pipps joined #salt
16:32 UtahDave onlyanegg: Yeah, there are people who use Salt for monitoring.
16:33 CampusD joined #salt
16:34 stephanlooney joined #salt
16:35 rem5_ joined #salt
16:38 bltmiller joined #salt
16:38 CampusD Hi All, had a quick question about salt.client https://docs.saltstack.com/en/2015.8/ref/clients/index.html
16:39 CampusD import salt.client caller = salt.client.Caller() ping_response = caller.cmd('test.ping') print ping_response
16:39 CampusD I get True/False on that one
16:39 brotatochip joined #salt
16:39 CampusD import salt.client caller = salt.client.Caller() grains_list = caller.cmd('grains.items') print grains_list
16:39 CampusD I seem to get an empty dict on that one
16:39 CampusD what am I doing wrong?
16:40 CampusD if I run salt-call grains.items I get what I am expecting
16:45 UtahDave CampusD: I'm getting the same behavior.  Let me poke around
16:46 armyriad joined #salt
16:47 CampusD thanks @UtahDave
16:50 CampusD if I do something like this, it seems to work for single items
16:50 CampusD import salt.client caller = salt.client.Caller() grains_list = caller.cmd('grains.item', 'os') print grains_list
16:50 CampusD {'os': 'CentOS'}
16:51 Miouge joined #salt
16:54 orionx joined #salt
16:56 pipps joined #salt
16:56 woodtablet joined #salt
16:57 austinpapp joined #salt
16:58 edrocks joined #salt
16:58 austinpapp i understand that pillar data is static. however, is there a way to pass in arguments to say the orch runner which would ultimately be used in a state ?
16:58 UtahDave CampusD: I'm really not sure why that's happening and the one engineer who I thought would know of the top of his head is stumped, too.  Would you mind opening an issue on github for that?
16:59 UtahDave austinpapp: yeah,  add   pillar='{"mykey": "myval"}'     to the command on the command line
17:00 marie1972 joined #salt
17:00 austinpapp Utahdave: ah ok. cool
17:01 UtahDave austinpapp: be aware that your shell will keep that in it's history, so unencrypted passwords might be logged.
17:03 honestly put it in an envvar
17:03 honestly and configure your shell not to log variable assignments
17:03 honestly or just prepend a space to the command line, that tells your shell not to log it
17:04 honestly it's probably also important to note that all targetted minions will see this pillar value of course
17:04 UtahDave actually, all minions will see the pillar value
17:05 honestly which can catch you off-guard if you use the fact that pillar data is "secure" a lot
17:05 honestly oh right
17:05 honestly I use salt-ssh, so :D
17:05 honestly why is that though?
17:06 stephanlooney joined #salt
17:07 UtahDave All minions are watching the commands that are published to the pub port.
17:07 UtahDave Then the minion decides if it matches the target or not
17:09 austinpapp i'm not concerned if all minions see
17:10 austinpapp actually... now that i think about it. my target should be good enough here because i can derive what i need from that
17:10 austinpapp #legacyProblems
17:11 stephanlooney joined #salt
17:12 akhter joined #salt
17:15 whitenoise joined #salt
17:17 kevinquinnyo Is there a way to issue a salt-api request to run a command and force it to immediately respond with a 201 Created or 202 Accepted, and a jid, so I can check the status via the /jobs api after that?
17:17 babilen I don't think it gives you back the jid
17:18 babilen (that would, however, be good API design)
17:18 kevinquinnyo for a stupid example, if i issue a salt-api request to client=local fun=cmd.run and arg="sleep 30 && echo OK" the http request hangs until the 30 seconds is up
17:18 sp0097 joined #salt
17:20 DEger joined #salt
17:23 DEger joined #salt
17:26 UtahDave kevinquinnyo: yeah, there's an async command that does that. just returns the jid for the new job
17:26 jaybocc2 joined #salt
17:28 kevinquinnyo UtahDave: Ah, nice!
17:30 kevinquinnyo Cool, so all I had to do is change client=local to client=local_async
17:30 kevinquinnyo awesome
17:30 UtahDave perfect!
17:31 edrocks joined #salt
17:31 stephanlooney joined #salt
17:35 SpX joined #salt
17:35 win_salt UtahDave, do you have any ideas why ext_job_cache would cause any jobs being run on the master to throw a bunch of exceptions?
17:36 kevinquinnyo hey UtahDave this is probably not very important, but at first glance it kind of seems like the more appropriate HTTP status should be  201 Created for local_async, since it responds with a jid which is technically a resource of the /jobs/ api
17:36 UtahDave win_salt: what do you mean jobs run on the master?
17:36 kevinquinnyo it doesnt affect me one way or the other, but just thought i'd point that out
17:37 UtahDave kevinquinnyo: fair point.  Would you mind opening an issue for that on github?
17:37 kevinquinnyo sure
17:37 win_salt https://bpaste.net/show/a660abb0d43b I had an ext_job_cache configured, and doing any command like "salt minions state.apply" would throw exceptions, but using --returner with no ext_job_cache would work fine
17:40 johnkeates joined #salt
17:44 CampusD Hey UtahDave, issue is submitted #35813
17:44 CampusD found a work around with
17:44 CampusD import salt.client caller = salt.client.Caller() keys = caller.cmd('grains.ls') grains_dict = {} for grain in keys: grains_dict[grain] = caller.cmd('grains.item', grain) print grains_dict
17:44 stanchan joined #salt
17:45 UtahDave Oh, win_salt.  You can't use the elastic search as an external job cache. Only has a returner
17:47 win_salt how would you implement a default returner?  I have already added the functions listed in https://docs.saltstack.com/en/latest/ref/returners/#external-job-cache-support
17:48 onlyanegg joined #salt
17:48 heaje joined #salt
17:50 bltmiller joined #salt
17:51 stephanlooney joined #salt
17:51 xbglowx_ iggy, about my problem with top file and environments: https://github.com/saltstack/salt/issues/35045
17:51 saltstackbot [#35045][OPEN] "top_file_merging_strategy: same" is functionally identical to specifying an environment | [Please see also [#34975](https://github.com/saltstack/salt/issues/34975). You'll need to set `top_file_merging_strategy: same` on the master to see this effect, as this option currently has no effect on a minion.]...
17:51 sjmh joined #salt
17:57 stanchan joined #salt
18:04 woodtablet left #salt
18:07 Brew joined #salt
18:11 stephanlooney joined #salt
18:15 fusionx86 joined #salt
18:20 nidr0x joined #salt
18:22 nidr0x joined #salt
18:25 nidr0x joined #salt
18:26 scoates joined #salt
18:29 stephanlooney joined #salt
18:29 pipps joined #salt
18:32 pipps99 joined #salt
18:34 khaije1 Is there a state to assert that a branch, (or other config), exists on a repo at ssh://gitolite3@example.org:demo.git ?
18:35 stephanlooney joined #salt
18:35 khaije1 It looks like the current git state is focused on applying remote repos to local dirs more so than acting on the remote repos themselves.
18:35 Brew joined #salt
18:39 stanchan joined #salt
18:39 jschoolcraft joined #salt
18:43 UtahDave I think you're correct
18:46 austinpapp i didn't see any good answers to this but what is the pattern people are using to continue an orch run after a system reboot ?
18:46 austinpapp in my orch file, i have to reboot midway. however, i need to continue after that.
18:46 UtahDave There's a command to wait for a minion "start" event
18:48 UtahDave https://docs.saltstack.com/en/latest/ref/runners/all/salt.runners.state.html#salt.runners.state.event
18:49 austinpapp UtahDave: ok cool.
18:49 austinpapp i tend to get a little confused on how to call this in the orch file
18:50 austinpapp is its salt.runner:
18:50 stanchan joined #salt
18:53 austinpapp i think the fluidity or flexibility in the ID and name: is what is strange to me
18:54 jweede joined #salt
18:59 schemanic_ joined #salt
18:59 schemanic_ Hi
19:00 DEger joined #salt
19:00 schemanic_ I'm trying to use cp.push to move a file from the minion to my master and my minions are returning False. what gives
19:00 gtmanfred do you have the option turned on to allow that?
19:01 gtmanfred `file_recv: True` in the master config
19:01 gtmanfred and then i believe you need to restart the master
19:01 raspado hi all, does salt have a way to accomplish what I am trying to do? I always have to type the hostname twice, once in the node name and the second in hostname: , is there a variable I can call to do the following ? http://pastebin.com/K3348Ukd
19:02 raspado so line 15 where I have hostname: {{node_name}}, id like to some how get the node name from salt on line 3 (coolhdfs)
19:03 raspado this is a salt map btw, when I build ec2 instances
19:03 Tanta {% set hostname = 'coolhdfs' %}
19:03 Tanta then use {{ hostname }}
19:04 raspado Tanta: i may have like 20 of these definitions in 1 salt map file to build an entire cluster though
19:04 raspado so i may have coolhdfs1, cooldhdfs2 etc
19:04 raspado does like 3 coolhdfs have a salt variable I can call?
19:04 Tanta then put then in a list and do a {% for hostname in salt['pillar.get']('hosts_list', []) %}
19:05 stephanlooney joined #salt
19:05 Tanta if you parameterize the entire set of options for each host, and store the hosts/metadata in a dictionary, you can iterate over the whole thing in one go and only have 1 block of "declaration" code in your state
19:05 edrocks joined #salt
19:06 raspado valid point
19:06 Tanta but you cannot reference another line in a state file with any weird Jinja hacks that I know of
19:06 raspado heh ok thx Tanta
19:06 telx joined #salt
19:07 Tanta this is very similar to how I deploy users - each one gets a name, long name, a list of ssh keys, GID, UID, etc
19:08 manji joined #salt
19:08 * hacks looks around
19:13 Brijesh1 joined #salt
19:13 pipps joined #salt
19:14 hackel joined #salt
19:16 hackel What's the best way to require a package from more than one state file?  Should I just copy the pkg.installed state with a different name?  This seems redundant.  Just wonering what the best practice is.
19:16 stephanlooney joined #salt
19:18 huddy joined #salt
19:19 austinpapp i'm missing something to bridge how to execute various things in an orch file. i get he salt.function to call things like pkg or cmd. if i wanted to execute a salt runner in an orch file, what does that look like?
19:19 west575 joined #salt
19:20 DEger joined #salt
19:20 schemanic_ gtmanfred, Thanks for the check - I did attempt to turn file_recv, but I just uncommented the line in the stock master file without noticing it was set to false
19:22 DEger joined #salt
19:23 DEger joined #salt
19:25 DEger joined #salt
19:26 gtmanfred yar, that would do it
19:26 DEger joined #salt
19:27 DEger joined #salt
19:27 west575 joined #salt
19:28 DEger joined #salt
19:29 edrocks joined #salt
19:32 west575_ joined #salt
19:35 stephanlooney joined #salt
19:37 akhter joined #salt
19:38 jimklo joined #salt
19:41 schemanic_ hey, when using cp.push and cp.push_dir, is there a way to get it to dump the files without the tree they came from on the minion?
19:45 BattleChicken joined #salt
19:45 BattleChicken Oh goodness.. 2 salt rooms evidently.
19:45 edrocks joined #salt
19:45 BattleChicken this one appears to have people in it
19:46 misconfig joined #salt
19:46 BattleChicken I'm very new to saltstack.  To be honest, i don't think it'll work considering the security requirements I have,  but i wondered if someone well versed in salt could confirm or deny some impressions I have of it
19:46 ajw0100 joined #salt
19:46 BattleChicken first,  it seems like a lot of what saltstack offers depends on minions having internet access - is that accurate?
19:47 misconfig ^ no - you can host all of your resources (package repos, source repositories, etc) within your isolated network.
19:47 BattleChicken I've still had some issues finding a good tutorial for creating my own resource.
19:48 Tanta screw salt cloud - go masterless
19:48 Tanta that will fit into any hardened setup
19:49 honestly salt-ssh, hardendst
19:49 BattleChicken I should also specify that it will be in a predominantly windows environment
19:49 schemanic_ +1 to misconfig, I use salt to do things with a home network of raspberry pis
19:49 BattleChicken since that often matters for FOSS
19:50 schemanic_ BattleChicken, you can do Salt minions on windows
19:50 BattleChicken Oh definitely, my POC is a master on centos with a few windows minions
19:50 schemanic_ BattleChicken, your master should be a *nix machine
19:50 BattleChicken so i've done SOME things so far
19:50 schemanic_ good
19:51 BattleChicken it seems like i've got thousands of commands to learn to administer this stuff.. the goal i'm being asked to accomplish is to convert our entire build process for new machines into salt states
19:51 schemanic_ I would look into chocolatey package management - it makes it really easy to get software out there
19:51 BattleChicken from Altiris configuration
19:51 schemanic_ hmmm
19:51 schemanic_ I would not say Salt is a build tool
19:51 schemanic_ I mean, you could do that I think
19:51 honestly BattleChicken you may want to have SCCM instead
19:52 schemanic_ But there are applications meant to be build servers
19:52 BattleChicken that's on the radar too.  I believe dev wants to do this to build things in the cloud
19:52 schemanic_ Salt is better for deploy or orchestration after the build has finished
19:52 jenastar joined #salt
19:52 BattleChicken ... because that solves every problem right...
19:52 schemanic_ BattleChicken, you can still put your build server in the cloud
19:52 BattleChicken *cough*  I absolutely will defer to your expertise in this matter
19:53 schemanic_ I'm kindof in your boat I think
19:53 honestly "build things in the cloud" sounds like someone just picked some buzzwords out of the air
19:53 schemanic_ I'm new to DevOps, and I'm learning salt too
19:53 stotch joined #salt
19:53 honestly it's not exactly what you'd like to have as a mission statement
19:53 BattleChicken "There is no cloud, there is only someone else's computer"
19:53 honestly you also said you have security requirements :P
19:54 schemanic_ I've been in this about 7 months, anf from what I gather, you want to use canned solutions as much as possible while you're getting off and running
19:54 BattleChicken a friend of mine had a good definition of the cloud I really like... the cloud is an abstraction in the same way a virtual machine is an abstraction of hardware.
19:54 schemanic_ Use something like TeamCity or Jenkins for your build, then use Salt to deploy
19:54 BattleChicken you manage things with an API as opposed to directly.. anyway tangent 2 or 3.
19:55 stephanlooney joined #salt
19:55 BattleChicken honestly:  yes.  the security... to be way too simpole, we have 80+ domains.  all of them are segmented off from each other heavily
19:55 BattleChicken very few trusts
19:55 BattleChicken nothing has internet access.
19:56 honestly the cloud is in the internet though
19:56 honestly how you going to get things in and out of the cloud without internet access
19:56 pipps99 joined #salt
19:56 BattleChicken That's kind of a second issue, there's an in-cloud POC where they're just sandboxing, using everything default, everything has internet
19:56 BattleChicken which, I think, is why dev likes it so much "you just say pkg.install "firefox" and it's on there!
19:57 BattleChicken but the reality for our ACTUAL usage inside the security model would require creating all our own packages, which increases the complexity quite a lot
19:57 schemanic_ BattleChicken - regarding firefox and other windows packages, you are probably better off using Salt's callout to chocolatey
19:57 honestly yeah, firefox kinda lives on the internet too
19:57 honestly but I guess you can run your own chocolatey mirror maybe?
19:57 schemanic_ Do you know about chocolatey?
19:57 schemanic_ you can
19:57 schemanic_ thats what I'm trying to get set up
19:58 honestly I don't know if windows has caught up to the idea of repository mirrors that isn't WSUS
19:58 BattleChicken i am familar with chocolatey, as a security focused engineer i'm not a big fan of internet chocolatey.  i'd want to set up an in-house repo
19:58 schemanic_ Well do that then
19:58 stanchan joined #salt
19:58 honestly salt should definitely be able to install software from your own chocolatey repo
19:58 schemanic_ I'm trying to do that for our in-house signed antivirus installers and proprietary software
19:58 honestly assuming somebody thought to code that into pkg.installed
19:59 schemanic_ going through chocolatey will be less of a hassle than maintaining your windows software repository through salt
19:59 misconfig BattleChicken, I'm currently using salt to manage nsm across the world. Its working really well for us. Salt will fit in virtually every architecture, but yes it does take some elbow grease to implement.
19:59 brotatochip joined #salt
19:59 pipps99 joined #salt
19:59 misconfig @brotatochip, I love the handle.
20:00 BattleChicken I suspect i'm looking at months of decidated work to convert our build process to saltstack states
20:00 schemanic_ BattleChicken, thats why I think you shouldnt
20:00 BattleChicken I think that's work that is insane to do. i sort of get it, but start with an image that's 90% of the way there and tweak with your config management platform.
20:00 misconfig BattleChicken. I've done it twice in my career in a devops role, both times it took about a year to get everything automated.
20:01 Tanta the proper way to automate Windows stuff is to convert it to Linux stuff
20:01 misconfig it helps to have a dev mindset and adopt some code review / flow principals.
20:01 schemanic_ I'm telling you BattleChicken, go with a tool that's been designed to do your build
20:01 BattleChicken misconfig:  I would also imagine it ended up with a spaghetti config that made things really hard to manage long-term?
20:01 Tanta except... SQL server and AD
20:01 misconfig ^ Tanta, you said it.
20:01 armonge_ joined #salt
20:01 BattleChicken schemanic_:  Oh, i am 100% on board.  I'm tasked iwth looking into saltstack, though, blindly with no training. just a goal
20:02 misconfig @BattleChicken - it did not. In fact processes are repeatable and jr-level admins now can do complex tasks.
20:02 BattleChicken which is what sent me here, to get feedback from people who actually use it.  Also, Windows is fine.  It's different than linux. it's not bad.
20:02 honestly it's different the same way a dump truck is different from a sports car
20:02 misconfig As I said, with proper discipline of the salt repos (with git flows and unit/integration tests) things run really smoothly.
20:02 honestly and sure, you can transport goods in a sports car
20:02 honestly but it's not very good at it
20:03 schemanic_ I'm using it right now to help rebuild our security audit process
20:03 misconfig @schemanic, are you guys using HubbleStack?
20:03 schemanic_ misconfig, no I've never heard of that. What is it?
20:03 misconfig https://hubblestack.io/
20:04 schemanic_ whoa
20:04 schemanic_ what is this?
20:04 misconfig Its a security compliance framework built on top of salt
20:04 misconfig some devs from this channel and adobe have been working on it.
20:04 misconfig Sounds like its focused on what you were set out to solve.
20:05 schemanic_ Oh my god
20:05 schemanic_ Oh my god
20:05 schemanic_ do you know what we've been doing?
20:06 misconfig I implemented it in to my env a few weeks ago, not using it as much as I'd like yet due to time constraints but I plan to implement it for an internal VMP auditing process.
20:06 schemanic_ We've been writing bash scripts to ssh into things and download files, then we diff them, then we run text cleanup on the diff so we can read it, and THEN we can tell whats happened, but only if the scripts dont break on our laptops
20:06 bltmiller joined #salt
20:06 schemanic_ misconfig, do you guys do soc?
20:06 misconfig yeah
20:06 schemanic_ is this how you're passing soc?
20:06 schemanic_ or are you doing more?
20:07 viq hubblestack is interesting, but I'm a bit... disappointed I guess, that they use openscap only to get CVEs for packages, and that it depends quite a bit (well, parts of it) on osquery, which is packages only for centos and ubuntu
20:07 BattleChicken If i can continue with newbie questions.  So, when i said "image" i meant deploy all the hardening, software, configuration, etc... onto a generic OS build
20:07 telx joined #salt
20:08 misconfig We are doing more, much more. We are a Sec consulting firm. But I want to have this in our toolbox, too.
20:08 misconfig @BattleChicken - that's known as the 'golden image' model.
20:08 viq But it's early days, and I certainly want to play more with hubblestack (and osquery)
20:08 BattleChicken yeah. We already have that in Altiris, i'm being asked to move a large chunk of that into salt.
20:08 misconfig golden images are tough to maintain, however there are some utils out to help with that - http://packer.io is one of them. Which also has salt plugins to help configure the GI.
20:09 viq BattleChicken: that's what Configuration Management was designed to do. SaltStack is one of those.
20:10 BattleChicken I guess the question is where to stop in the image and where to start with salt.
20:11 misconfig You can marry the image creation process with salt. You can deploy a base image and build everything on top of it with 'roles'.
20:11 misconfig There are many ways to tackle it.
20:11 misconfig But from every angle, I personally see salt as the largest part of that process.
20:11 BattleChicken speaking of roles.  based on my investigation so far,  the security model is... somewhat limited? is that fair to say?
20:12 misconfig I don't think I'd say that - But I feel someone who is closer to the project should answer that. From what I've found, salt devs take security seriously.
20:13 stanchan joined #salt
20:13 viq BattleChicken: define "security model". What are you looking for?
20:13 misconfig The security community leans more towards salt than any other CM too, imo. I've used several through my career.
20:14 Miouge joined #salt
20:14 BattleChicken i think the safest way to say it is prevent a developer from administering the entire machine
20:14 BattleChicken i imagine this involves whitelisting commands.
20:14 viq misconfig: does it? I'v eonly seen securityonion and qubes
20:14 BattleChicken or blacklisting commands..
20:14 BattleChicken so far it seems like it's done per user also, not per group. I'm still reading through this: https://docs.saltstack.com/en/latest/topics/eauth/access_control.html
20:15 misconfig @viq, SO is a huge product suite that's tough to maintain, especially when you have to scale sensors in a multi-tenant env.
20:15 BattleChicken auth.ldap.minion_stripdomains: would need to be used.. I wonder how it'll behave with 100 domains in it...
20:15 misconfig We replaced SO for a custom-baked salt solution.
20:16 viq misconfig: I mean those are the only places where I've seen salt in security space so far
20:16 misconfig @viq - hubblestack.io is a great project too. I'm sure it'll adopt even more security folks.
20:16 jav joined #salt
20:17 misconfig @viq => https://github.com/TOoSmOotH/onionsalt
20:18 BattleChicken misconfig: How many lines of salt config would you say you have in place for the configuration of a single one of your machines
20:18 misconfig Well, that depends really. Some of our roles are very complex utilizing salt-mine, salt-cloud et al.
20:18 BattleChicken that's a loaded/weird question, i'm aware.. I'm just trying to get a handle on how much work i'd be looking at.  I suspect we're making a thousand changes
20:19 misconfig We have a 'baseline' config that hardens the box, adds admins and configures basic admin-type utils. Then the roles are 'stacked' on top of that config.
20:19 BattleChicken MAJOR guess on my part. some scripts do 50 changes, some make changes to local policy, etc.. unsure how that owuld translate to salt config
20:19 misconfig So at the bare min, a box that doesn't have a custom role type gets the baseline config at a minimum.
20:19 BattleChicken Ok - so your baseline is built into your ACTUAL image file, whatever form that takes. vmdk, image... whatever.
20:19 Taz we use salt for all our stig/security requirements its great
20:20 Taz no we keep all our baseline in salt states
20:20 BattleChicken Taz:  I saw that today.. it seems like there are some methods to convert a stig into configuration
20:20 Taz so we can translate that to live machines or make images
20:20 misconfig Nope, the only thing we have in our vmware template is a user we can boostrap from salt-cloud with and the vmware tools package.
20:20 misconfig That's it.. Salt does everything else
20:20 Taz i do find images useful for speeding things up, the longest parts of salt runs is package install
20:20 misconfig Adding // configuring additional disks, setting IPs choosing networks.. Applying the machines 'role type'.
20:20 BattleChicken OK - if i may ask, how 'big' is your baseline?
20:21 BattleChicken and how long does it take to go from blank machine to configured state? your implementation sounds like what i'll need to do.
20:21 Taz its pretty big, security changes are like 150 or so states
20:21 misconfig last I checked - 78 steps for debian - a little less for RHEL systems
20:21 misconfig depends on how deep into the CIS standards document you want to get
20:22 misconfig We use reactor too, which is awesome
20:22 BattleChicken i think the long-term security goal is to take a stig
20:22 BattleChicken and apply that
20:22 misconfig salt-cloud - boot the box, configure it, set custom role-type grain, add it to the master, reactor runs highstate
20:23 misconfig I'd say 10 mins per host, from start to finish. Its really predictable too. Literally run your launch command and go get coffee
20:23 BattleChicken on *nix hosts right?
20:23 misconfig Yep
20:23 Taz we make images to speed that up
20:23 Taz its a minute or so
20:23 BattleChicken any experience doing it to Windows boxes?
20:23 Taz after you make images with things pre installed
20:23 Taz config is very quick
20:24 misconfig ^ Taz, that's fast!
20:24 BattleChicken Taz:  specifically speaking about ACTUAL software packages right? you use salt for just config, not for application deployment? am i hearing you right?
20:24 misconfig downloading from remote repos is really slow
20:24 Taz yea thats like 200 states too
20:24 Taz BattleChicken: no we use it for that too
20:24 misconfig BattleChicken, we use it for app config // deployment yes
20:24 Taz our security configs are in formulas, and our deployments are just stand alone states generally
20:24 Taz thats a great thing about salt :)
20:25 Taz i mean you are in the salt channel so we are going to be biast
20:25 BattleChicken misconfig:  do you build all your own packages or use a lot of the prebuilt/easy ones for software (IE, my firefox example)
20:25 misconfig True Taz. I'm an ansible convert.
20:25 stanchan joined #salt
20:25 Taz i used ansible also, i just felt limited
20:25 misconfig Used it for 3 years - I'm completely sold on salt now
20:25 misconfig @BattleChicken - we roll our own packages
20:26 Taz yea we do a mix of both
20:26 viq joined #salt
20:26 misconfig FPM is your friend => https://github.com/jordansissel/fpm/wiki
20:26 fusionx86 joined #salt
20:27 BattleChicken looks interesting, but also looks *nix specific
20:27 edrocks joined #salt
20:27 BattleChicken there are similar tools for chocolatey though.  I'll probably lean that direction since my targets are all windows.
20:27 austinpapp in an orch file, how to you specify a list of machines?
20:28 austinpapp i'm nto sure if i had to include tgt_type which i'd want to be a list but again, not sure what that option is
20:28 austinpapp is it just list ?
20:28 austinpapp tgt_type: list
20:28 austinpapp ?
20:29 BattleChicken misconfig, Taz: thanks both of you for answering my qeuestions so far. i really appreciate your expertise.  So... hardening in salt formulas.  States for machine configuration/applications
20:29 Taz formulas are just a collection of states
20:29 BattleChicken that sounds right? it gives me a good place to start. I didn't even know OF formulas, but I have https://docs.saltstack.com/en/latest/topics/development/conventions/formulas.html up now to learn about it
20:29 verb0se1 joined #salt
20:29 misconfig @BattleChicken - good luck!
20:29 Taz forumlas are just a convention for grouping similar states
20:29 Taz np
20:29 BattleChicken and a state is any change.
20:30 BattleChicken I'm not leaving yet, just making sure to than kyou
20:30 Taz austinpapp: yea you need tgt_type
20:30 Taz follows the same rules as targetting minions generally
20:30 misconfig A state is a definition of what you expect the machine to have in its final form
20:31 Taz they updated the salt docs pretty well after saltconf this year so thats were id start
20:31 austinpapp right. cli runner would be -L so its tgt_type: -L  ?
20:31 austinpapp or tgt_type: list ?
20:31 Taz i think list, but tbh ive not tried list
20:32 Taz i usually group them via grains or pillar
20:32 Taz like all my web nodes or all my masters etc
20:32 Taz i hate memorizing groups of nodes
20:33 aljosa joined #salt
20:33 wiqd joined #salt
20:33 misconfig ^^ I always had to look at my inventory file and look at the group_name of what I'm targeting with -l
20:33 OliverMT joined #salt
20:33 BattleChicken one more question... does anyone use salt to actually do their OS patching?
20:33 misconfig one thing that was difficult about salt was the lack of the 'inventory' concept. But I much prefer salts model now.
20:33 viq salt \* pkg.upgrade   FTW ;)
20:33 johnkeates joined #salt
20:33 BattleChicken that's something development talked about "We can get rid of altiris and use that to patch!"
20:34 huddy joined #salt
20:34 Taz misconfig: which model are you referring to?
20:34 armonge_ joined #salt
20:34 BattleChicken for linux patches are usually less of a deal than Microsoft, i mean... anyone who's not using it for MS wouldn't really be relevant to what we'd be doing/.
20:35 misconfig not having a static 'inventory'
20:35 Taz BattleChicken: yea main thing is we dont use pkg.updated we use pkg.installed for our states so we don't have any suprise mass updates
20:35 Taz misconfig: ahh, yea i try to group everything via grains since my machines are virtual
20:35 Taz so i do like run this state on all my prod nodes of this project etc
20:35 Taz compound matchers
20:35 Taz not sure if thats the best but seems to work
20:36 misconfig yep I use compounds a lot, too
20:36 bbhoss joined #salt
20:36 Taz yea very useful
20:36 BattleChicken Taz:  I've got a list of all of the main commands bookmarked. I'll need to dig in and learn them.  In your opinion,  what would you think a good first task for a newbie getting into the platform would be?
20:36 misconfig even load custom 'role types' and use that as an additional matcher
20:36 misconfig -G "roles:elasticsearch" cmd.run <blah>
20:36 BattleChicken I figure changing an OS config setting might be decent? that or creating my own package for deployment.
20:36 Taz misconfig: oh neat, i just use a role grain xD
20:37 ishiz joined #salt
20:37 Taz BattleChicken: yea, just install a master and client and start tweeking the client using salt is how i started
20:37 Taz misconfig: yea i do that too!
20:37 ishiz What's the most common causes of "Malformed topfile"? I can't seem to find any problems in my states, especially not top.sls
20:37 BattleChicken i'm sort of there already?  i've installed software and changed a few settings directly via command line. i think i need to start learning making my own states
20:38 Taz ishiz: post a gist and we can look over the syntax
20:38 Taz BattleChicken: yea then look at formulas, seperate your states into logical formulas
20:39 ishiz Taz: https://github.com/derekmaciel/salt-states
20:39 BattleChicken can you give me a sorting example? i think i've got it but want to make sure.  Like a formula for "TCPIP settings changes?
20:39 simonmcc joined #salt
20:40 Taz ishiz: i think its line 10, you are missing some yaml there i think
20:40 misconfig salt managing your couchpotato box, nice.
20:40 gazarsgo joined #salt
20:40 Taz ive never tried and not there
20:40 ishiz Taz: that's copied basically verbatim from the docs and I can confirm that works on my work machines
20:41 viq Taz: also, '* and not toriel' I believe is a complex matcher, and you need to specify that explicitly
20:41 Taz BattleChicken: usually the apps you use, like spark, cassandra, mysql, httpd etc are common formulas
20:42 Taz ishiz: you can always brute force it and comment in and out things until you find the line it doesnt like
20:42 ishiz Taz: When you get "malformed topfile" is it always an issue with top.sls or is it possible it's an issue with the compiled highstate
20:42 brotatochip joined #salt
20:42 ishiz With a topfile this small, yeah I'll just brute force it
20:43 Taz ishiz: not sure sorry
20:43 BattleChicken ok.. so part of the formula is deployment of the app, then the rest is config/other related to the thing
20:43 BattleChicken makes sense.
20:43 linovia joined #salt
20:43 samkottler joined #salt
20:44 nahkiss joined #salt
20:44 misconfig @ishiz on line 11 add "- match: compound"
20:44 ishiz viq: What you said makes sense but here you don't need to match: compound and I'm not sure why. I found my issue
20:44 ishiz The issue is that I commented out the only state for that match
20:45 viq oh, hah
20:45 ishiz Uncommenting 11 fixes it
20:45 ishiz So why do you not need match: compound?
20:45 misconfig that makes sense
20:45 trave_ joined #salt
20:46 ishiz BattleChicken: I like to start at the very beginning: what is needed for this machine if I were to reinstall right now?
20:46 ishiz So I make states for installing ssh, some users, etc
20:47 BattleChicken that makes a lot of sense.  jumping into all the documentation blind is pretty rough.
20:47 BattleChicken because you can get infinitely complex with any of these, but there's definitely stepping stones to learning the platform well.  everyone's helped me to get some good near-term goals to get comfortable
20:47 ishiz This is very helpful at work where we use cobbler to reinstall machines and install salt-minion. Someone could reinstall the machine at any time, but salt always gets it up and ready
20:48 BattleChicken i think i'll start with an IIS installation and configuration formula - i did it with DSC earlier in the week, seems lik a decent option
20:48 BattleChicken ishiz:  how does the machine know what it's state should be?
20:48 BattleChicken or is that part of the push from cobbler (which i don't know)
20:48 ishiz Cobbler sets up the minion with a predefined minion name
20:48 ishiz Salt installs states onto minions based on the top file
20:51 stephanlooney joined #salt
20:53 ishiz Minions use the top file to see which states it should install. It then takes all of these and puts them together into a giant state called the highstate
20:53 tcolvin joined #salt
20:58 justyns joined #salt
20:59 stanchan joined #salt
21:01 fer_bla joined #salt
21:04 teryx510 joined #salt
21:05 DEger joined #salt
21:09 BattleChicken one more question related to states.. how do they layer?
21:09 BattleChicken so lets say I deploy a state representing everything the STIG says should be hardened on the box. then apply another state that has a conflicting configuration value
21:09 BattleChicken is it a last-applied kind of thing, or is there a hierarchy/parsing deal it does.
21:10 misconfig joined #salt
21:10 BattleChicken or does it explode
21:10 bltmiller joined #salt
21:11 fer_bla joined #salt
21:11 stephanlooney joined #salt
21:13 mohae_ joined #salt
21:13 fer_bla joined #salt
21:14 brotatochip joined #salt
21:17 tmkerr joined #salt
21:17 stephanlooney joined #salt
21:18 UtahDave it will apply each state in order, BattleChicken
21:19 BattleChicken ok great. so the last applied state takes precidence
21:20 UtahDave yeah
21:21 teryx510 joined #salt
21:22 BattleChicken thanks UtahDave
21:22 UtahDave you're welcome
21:23 s_kunk joined #salt
21:30 sjorge joined #salt
21:32 DEger joined #salt
21:38 sagerdearia joined #salt
21:39 cyborg-one joined #salt
21:39 raspado hi all... getting an error that yum install java7 failed, I'm defining it as such, will this work? http://pastebin.com/iRtEbm2G
21:40 stanchan joined #salt
21:44 pipps joined #salt
21:44 eykd joined #salt
21:45 gableroux joined #salt
21:55 BattleChicken geebus. you guys weren't kidding
21:56 BattleChicken SO much "BUT M$" bullshit in this.
21:56 johnkeates in what
21:56 BattleChicken https://github.com/PowerShell/PowerShell/pull/1901
21:56 saltstackbot [#1901][MERGED] initialsession: remove curl and wget aliases | They block use of the commonly used command line tools without providing...
21:56 BattleChicken bah! wrong chat. my appologies
21:59 johnkeates it was a fun read anyway
21:59 johnkeates after 5 posts it just because a "MS screwed up but they think thats find" rage
22:00 bltmiller joined #salt
22:00 asharpe joined #salt
22:00 asharpe i know it's Friday and my chances are slim - but with 2016.3.2 it seems like my salt commands never time out and if any minions don't return it just hangs
22:00 asharpe and its driving me nuts because i dont know why minions it is
22:00 asharpe er, which
22:02 johnkeates try hooking into the bus
22:02 pipps joined #salt
22:02 johnkeates you can also exit out of salt and the commands will stay running and on the bus anyway
22:02 johnkeates you can look them up with their JID
22:03 asharpe do you know why it stopped timing out the command on its own and showing me a list of minions that didn't return or aren't connected?
22:03 asharpe i've got 500 minions, it's a little hard to sort through a list of returned minions and compare it to a list of all minions
22:03 asharpe its not impossible - i just liked it when I received a clue about who was misbehaving
22:03 johnkeates do a devise-and-conquer
22:04 asharpe que?
22:04 johnkeates run on 250 minions
22:04 johnkeates if they run fine, the bad apple is in the other 250
22:04 johnkeates it would only take about 6 or  7 runs
22:05 asharpe yeah - occasional issues arise often enough to make this a not very workable scenario though
22:07 armonge joined #salt
22:07 raspado anyone avail to help me out with a pkg.install question?
22:08 jaybocc2 joined #salt
22:12 armonge joined #salt
22:14 BattleChicken yeah.  out of context my statement seems kind of inflamatory, kind of embarassed about that. sorry johnkeates
22:15 johnkeates but when reading the stuff it's clear
22:17 BattleChicken yeah.  I'm a Windows systems engineer, heavy powershell.. i'm pretty into the space
22:18 BattleChicken but i have NEVER understood anyone saying "Meh, linux is bad" becuase it's just not accurate.  it's different. it doesn't make it bad.  The inverse of that irritates me too usually.
22:18 BattleChicken all platforms have merits. anyway!
22:19 jaybocc2 joined #salt
22:28 brotatochip joined #salt
22:34 asharpe raspado, might be able to help
22:37 oida joined #salt
22:38 raspado asharpe: i think i got it, had to read the fine lines in the docs
22:38 raspado thx though!
22:39 pipps joined #salt
22:49 asharpe good work ;)
22:49 ishiz joined #salt
22:50 chrichip com
22:50 chrichip com
22:50 chrichip com
22:51 ishiz How can I shutdown a service /before/ file.managed applies changes to a file?
22:52 BattleChicken left #salt
22:52 BattleChicken joined #salt
22:52 chrichip put a require statement in
22:52 asharpe make service.shutdown a watch/requirement of file.managed
22:52 asharpe yeh ^
22:52 ishiz Oh good idea, I didn't think about that
22:53 ishiz I was trying to see how it could possibly be done with onchanges
22:57 asharpe well that works too
22:57 stephanlooney joined #salt
22:57 asharpe or mebbe not
22:57 asharpe time to knock off
22:57 asharpe left #salt
22:57 jaybocc2 joined #salt
22:59 ishiz no, it can't. onchanges runs a state after changes have applied and the state returns True. That would be too late for me, the service needs to be restarted before
23:00 ishiz thanks everyone
23:00 ajw0100 joined #salt
23:09 pipps joined #salt
23:15 OliverMT joined #salt
23:16 amcorreia joined #salt
23:18 stephanlooney joined #salt
23:18 bluenemo joined #salt
23:19 aljosa joined #salt
23:21 brotatochip joined #salt
23:24 raspado what is a good way to templatize map files?
23:25 raspado i have 10x hosts that all have the same configs, my map files are becoming extra long
23:25 raspado cant find any cool examples :\
23:25 huddy joined #salt
23:25 johnkeates write a python module :)
23:26 bluenemo babilen, why on earth isnt your comment on https://github.com/saltstack/salt/issues/28606 where defaults.merge doesnt merge lists by default not implemented yet. that makes no sense not to have that there m(
23:26 saltstackbot [#28606][OPEN] How to override nested parameters in map.jinja | If I have a defaults.yaml structure that looks like this (nested):...
23:29 BattleChicken left #salt
23:32 west575 joined #salt
23:32 ecdhe joined #salt
23:32 tcolvin joined #salt
23:34 mikeymike joined #salt
23:34 smakar_ joined #salt
23:34 liviudm_ joined #salt
23:37 linovia joined #salt
23:37 west575 joined #salt
23:37 trave_ joined #salt
23:39 stephanlooney joined #salt
23:39 Ian__ joined #salt
23:39 stanchan joined #salt
23:40 samkottler joined #salt
23:41 wiqd joined #salt
23:41 simonmcc joined #salt
23:42 bbhoss joined #salt
23:49 bluenemo sorry, https://github.com/saltstack/salt/issues/28606#issuecomment-221480790 to be exact. So when using grains filter_by, lists are also not merged:
23:49 saltstackbot [#28606][OPEN] How to override nested parameters in map.jinja | If I have a defaults.yaml structure that looks like this (nested):...
23:49 bluenemo https://github.com/saltstack/salt/blob/develop/salt/modules/grains.py#L576
23:50 bluenemo interesting. why on earth would that be off by default? When the pillar files are merged together to one dict, are lists also overwritten or are they merged?
23:55 freelock[m] joined #salt
23:58 stephanlooney joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary