Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2016-09-08

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:02 ninjada joined #salt
00:03 ajw0100 joined #salt
00:09 Sammichmaker joined #salt
00:09 Sammichmaker joined #salt
00:11 jdipierro joined #salt
00:12 woodtablet left #salt
00:14 systo joined #salt
00:27 mattp_ I have a state.sls orch of two nodes. node 1 runs script.py
00:27 mattp_ script.py produces /output.txt
00:27 mattp_ /output.txt contains ['foo']
00:28 mattp_ i need to rm /data/foo on node 2
00:28 mattp_ how do I achieve this?
00:29 mattp_ I know how to do the pieces on each minion. what I cant figure out is what the right way to pass the contents of output.txt from minion back to the master, so the master can then instruct minion 2
00:29 esc\ joined #salt
00:33 systo joined #salt
00:36 mattp_ essentially, what mechanism should be used for data flow from minion back to master?
00:37 mattp_ its obviously straightforward from master to minion
00:47 John_Kang joined #salt
00:48 ageorgop joined #salt
00:50 raspado joined #salt
00:51 raspado hi all, how can i remove pillar persistent data from a minion?
00:52 ageorgop joined #salt
00:53 CeBe1 joined #salt
00:53 brotatochip joined #salt
00:54 jimklo joined #salt
00:58 raspado hi all
00:58 raspado is there a way to see all the pillar data from a minion
01:01 binocvlar raspado: if you've happy to run the command on the master, you can use "salt 'minion-id' pillar.items
01:01 binocvlar "
01:01 binocvlar ;)
01:02 om joined #salt
01:03 raspado binocvlar: thx, is there a way to see all the minions?
01:03 binocvlar raspado: Sure - "salt '*' pillar.items"
01:06 edrocks joined #salt
01:06 raspado binocvlar: one more, is there a way to check what state is calling pillar data?
01:06 raspado :D
01:07 etangle I am managing sshd.conf with salt, but want salt to ignore a directive, is it possible
01:09 raspado binocvlar: just trying to track down where the pillar items came from
01:09 etangle perhaps need to use marker_start and marker_end
01:10 binocvlar Hmmm, good question. Remember that the pillar data is just a dictionary (sometimes a very large dictionary) compiled from a one or more files. Personally, I'd use 'grep' to look through your pillar data for the key you're interested in
01:10 binocvlar I.e. don't use salt's tools to solve this problem - use the standard *nix toolset
01:11 binocvlar etangle: Is it possible to just include another file from sshd.conf, and make that included file unmanaged by salt?
01:11 raspado will do thx
01:13 raspado binocvlar: a dependency was removed from the top file which calls a pillar but somehow that pillar is still being called, is this somehow cached somewhere
01:14 amcorreia joined #salt
01:16 binocvlar raspado: That's possible. I think there's a function that you can call to refresh the pillar data - just search for it in the salt docs
01:16 jimklo joined #salt
01:16 raspado kk thx binocvlar!
01:17 binocvlar salt '*' saltutil.refresh_pillar
01:17 binocvlar that's it ;)
01:22 raspado yep, thx binocvlar
01:29 barmaley joined #salt
01:42 flowstate joined #salt
01:46 raspado is there a way to set a salt schedule on a minion to debug output?
01:46 catpigger joined #salt
01:46 systo joined #salt
01:48 ilbot3 joined #salt
01:48 Topic for #salt is now Welcome to #salt! | Latest Versions: 2015.8.12, 2016.3.3 | Support: https://www.saltstack.com/support/ | Logs: http://irclog.perlgeek.de/salt/ | Paste: https://gist.github.com/ (please don't multiline paste into channel) | See also: #salt-devel, #salt-offtopic | Ask with patience as we are volunteers and may not have immediate answers
01:57 mpanetta joined #salt
02:04 om joined #salt
02:07 justanotheruser joined #salt
02:08 bastiand1 joined #salt
02:14 ageorgop joined #salt
02:18 ninjada joined #salt
02:28 ninjada joined #salt
02:31 all joined #salt
02:32 systo joined #salt
02:33 mswart joined #salt
02:36 ajw0100 joined #salt
02:52 mattp_ how do I pass parsed data from the minion back to the master?
02:52 mattp_ do I need to write a runner?
02:56 djgerm left #salt
03:00 fixit26 joined #salt
03:01 jimklo_ joined #salt
03:08 edrocks joined #salt
03:19 Computator joined #salt
03:21 _JZ_ joined #salt
03:21 mattp_ why can i not get an answer for this seemingly simple question lol
03:23 Computator Hey, so I am using pkg.installed to install some packages, and when I run a highstate, it is saying "The following packages would be installed/updated" (as if it was run in test mode) without actually installing the packages. Any suggestions?
03:24 Computator oh and it only does this the first time I run a highstate, if I run another one it will then install the packages
03:24 ajw0100 joined #salt
03:29 sp0097 joined #salt
03:34 sp0097 joined #salt
03:36 justan0theruser joined #salt
03:40 hasues joined #salt
03:40 hasues left #salt
03:41 flowstate joined #salt
03:43 nicksloan joined #salt
03:47 XenophonF mattp_: salt mine?
03:47 mattp_ XenophonF: how though?
03:48 XenophonF mattp_: https://docs.saltstack.com/en/latest/topics/mine/
03:49 mattp_ XenophonF: i dont think this is quite the same
03:49 raspado joined #salt
03:49 mattp_ I dont want to collect data all of the time
03:49 dwfreed joined #salt
03:49 mattp_ just when I run a state
03:52 fleaz joined #salt
03:56 DEger joined #salt
04:00 sp0097 joined #salt
04:04 fleaz joined #salt
04:06 sp0097 joined #salt
04:17 CeBe joined #salt
04:22 amy_ joined #salt
04:25 systo joined #salt
04:33 ninjada joined #salt
04:57 om joined #salt
05:06 DEger joined #salt
05:11 jrose1030 joined #salt
05:11 edrocks joined #salt
05:24 onlyanegg joined #salt
05:28 justyns joined #salt
05:30 krymzon joined #salt
05:38 Laogeodritt joined #salt
05:50 bocaneri joined #salt
05:53 impi joined #salt
05:53 jay_ joined #salt
06:00 sjmh joined #salt
06:07 rsys joined #salt
06:08 PerilousApricot joined #salt
06:11 DEger joined #salt
06:12 ALLmightySPIFF joined #salt
06:17 amy_ joined #salt
06:20 DEger joined #salt
06:20 systo joined #salt
06:23 DEger joined #salt
06:27 jxm_ joined #salt
06:27 ttrumm_ joined #salt
06:32 amy_ joined #salt
06:37 mavhq joined #salt
06:38 lompik joined #salt
06:40 ronnix joined #salt
06:42 flowstate joined #salt
06:43 iggy publish
06:55 toanju joined #salt
06:57 kshlm joined #salt
07:07 saintpablo joined #salt
07:08 silver310 joined #salt
07:08 silver310 hello, is there some way to forbid a state from being run on specific minions?
07:09 ttrumm joined #salt
07:09 iggy there is a blacklist, yes
07:09 silver310 by hostname?
07:09 silver310 or can i target grains also?
07:09 iggy it's set on the minion
07:10 ttrumm_ joined #salt
07:10 silver310 oh black list states from the minion?
07:10 iggy if you are trying to keep a minion from seeing something in the salt:// file tree, no
07:11 silver310 no i just have some states that i don't want anyone to run on some servers
07:11 silver310 as they are for clients and can mess things up in the server
07:11 iggy then yes, but it's a minion config file settings
07:11 silver310 ok i'll check it out thanks
07:11 iggy just keep in mind the minion could easily change it
07:12 whitenoise sounds like maybe you should invest in grains that specify role and use a top.sls or something
07:12 silver310 yes i am doing that also
07:12 silver310 i just want to be extra careful
07:14 jimklo joined #salt
07:14 edrocks joined #salt
07:19 akunin joined #salt
07:22 Romlok joined #salt
07:30 dariusjs joined #salt
07:31 babilen silver310: Sounds as if you want to manage minion's configs with salt-formula and roll out the necessary changes to applicable minions. Easy to do by assigning minions a 'role' in pillars, grains (insecure), nodegroups or by explouting a suitable minion naming scheme and globbing.
07:31 babilen *exploiting even
07:32 ttrumm joined #salt
07:32 silver310 why are grains insecure?
07:33 babilen You could define a "default" minion config that you target to all of them and then rely on smart pillar merging to 'extend' that with more specific settings (cf. https://docs.saltstack.com/en/latest/ref/configuration/master.html#pillar-merging-options)
07:34 babilen silver310: Grains are insecure as minions can change them to whatever value they want to change them to. This is in contrast to pillars which are rendered on the master and not under the control of the minions themselves
07:34 LiamMon joined #salt
07:35 silver310 oh ok good to know
07:35 babilen Furthermore you are often faced with the problem of managing those grains as well. The question "where to set grain role 'foo'" is essentially the same as "which minions have role 'foo'" in the first place and you might want to solve the latter right away.
07:35 Reverend I've actually been thinking the same
07:36 Reverend for instance, if I set up a ssh keys module, I'm meant to put the PK's in a pillar... but whyyyyy
07:36 ninjada joined #salt
07:36 babilen Setting roles in pillars allows for easy updates to that structure as it is managed centrally. One problem with that is that you cannot easily target pillars based on that.
07:36 babilen Reverend: Because all minions would have access to the private key otherwise
07:36 ivanjaros3916 joined #salt
07:37 babilen https://github.com/saltstack/salt/issues/23910 has some pointers around the "Where to store roles and how to manage them?" question
07:37 saltstackbot [#23910][OPEN] Please implement static pillars | Hi,...
07:38 babilen There isn't a clear answer to that, but you *have* to keep in mind that grains are insecure and ask yourself how you plan to manage those grains.
07:38 Reverend babilen - sweet. everyone loves sharing their private keys, right? right guys?
07:38 Reverend ohhhhhhh no. that's not a good then babilen - that means that my ec2 tags, which could potentially push the SSL'
07:39 Reverend are basically insecure, as the grain for ['ec2-tags']['role']['sslterm'] could be added to just any box in the net.
07:39 babilen Reverend: Pillars are essentially a Python dictionary that is being rendered for each minion individually.
07:40 Reverend babilen. I take that back. I ended up using subnets to define nodegroups anyway. i forgot. kek.
07:40 babilen Reverend: Yes, that is why EC2 tags should have been implemented as external pillar as well
07:40 babilen Nodegroups are secure (they are master-side)
07:40 Reverend yeah.
07:41 Reverend tbh, the website code itself isn't pushed with salt, so I don't think the ec2 tags will be an issue, as they only define specific configs for each client (nginx, etc).
07:41 flowstate joined #salt
07:41 Reverend I guess it might be a good idea to futureproof anyway and put it into a pillar, incase there is a time when we need secure things in there.
07:42 Reverend babilen is the fountain of salt knowledge. <3
07:42 babilen Might be a good idea unless you end up needing it after having used a different architecture for a year
07:42 Reverend babilen - yeah. I am just a little dubious as to how I'm gonna get ec2 info in a pillar. but we'll figure it out. Thanks again.
07:43 babilen I don't think the "roles in pillars" is the perfect solution either as you can't target pillars themselves based on it. You arrive at pillarstack or the, not yet implemented, static pillars soon.
07:44 babilen Reverend: Take a look at the way external pillars are implemented and then copy the ec2_tags.py code to pull the data in question. You essentially implement a function that takes the minion id and returns a dictionary with the data you want to hand over to that minion.
07:44 babilen I don't think that it would be too hard to port the ec2_*.py code from grains to pillars actually
07:45 Reverend right. so when you match on a pillar, you're still asking the minion for that data still? I take it minions can't change pillar data then?
07:45 Reverend data?*
07:46 babilen Minions are simply handed their pillar data
07:46 babilen (they can then do whatever they want with it, but they can't tell the master which data they want)
07:46 impi joined #salt
07:48 babilen Keep in mind that it all essentially boils down to the minion_id being secure (key exchange between master and minion) which means that data that is being targeted based on the minion_id to be securely targeted also.
07:49 Reverend roger that.
07:49 babilen If your targeting essentially relies on the minion_id you are okay, while other targeting methods might not be.
07:50 babilen If that's a problem or not is another question
07:50 babilen :)
07:50 Reverend haha
07:51 ttrumm joined #salt
07:52 Rumbles joined #salt
07:55 cyborg-one joined #salt
07:55 krymzon joined #salt
08:02 ttrumm joined #salt
08:03 ttrumm_ joined #salt
08:04 impi joined #salt
08:04 keimlink joined #salt
08:06 syndicut joined #salt
08:06 saintpablo joined #salt
08:11 PerilousApricot joined #salt
08:13 jenastar joined #salt
08:20 ttrumm joined #salt
08:27 PerilousApricot joined #salt
08:28 Taters_ joined #salt
08:28 Kakwa joined #salt
08:29 BlackBishop joined #salt
08:29 BlackBishop is there a nice way to do https://github.com/saltstack/salt/issues/16705 ?
08:29 saltstackbot [#16705][OPEN] Support for .repofiles and multiple repositories in pkg.mod_repo function and pkgrepo.managed state | With `zypper` you can add repository by using simple command:...
08:29 BlackBishop ( multiple repos in 1 .repo file )
08:30 Perilous_ joined #salt
08:32 Kakwa hello
08:32 Kakwa I'm trying to use the   boto_ec2.instance_present:
08:32 Kakwa state
08:32 Kakwa I've one issue about user_data
08:33 Kakwa I'm trying to feed user_data with a cloud-init yaml file
08:33 Kakwa but putting a yaml content inside a yaml file seems a bit tricky
08:33 Kakwa code example: http://pastebin.com/Yidi6FqW
08:34 Kakwa in the debug logs, I get:
08:34 Kakwa OrderedDict([('user_data', ''), ('salt_minion', OrderedDict([('conf', OrderedDict([('master', 'salt.example.com')])), ('public_key', '\n-----BEGIN PUBLIC KEY-----\n [...]
08:35 Kakwa instead of something la OrderedDict([('user_data', 'salt_minion:     \n conf:')
08:36 Kakwa salt seems to interprete the cloud-init yaml blob instead of just treating it as a string
08:37 Kakwa what would be the proper way to do it?
08:41 leolee joined #salt
08:41 flowstate joined #salt
08:42 leolee I'm newbee of salt. and try to use netscaler module for making loadbalancer resources.
08:42 leolee https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.netscaler.html#salt.modules.netscaler.server_add
08:43 leolee I installed nsnitro on my master, but I don't know what to do next.
08:43 Taters_ joined #salt
08:44 dariusjs joined #salt
08:44 leolee I couldn't understand how to connection master and citrix netscaler devices. I'm using appliance netscaler.
08:44 Rumbles morning, I'm hitting an error on all of my hosts, I've run the master and the minion in debug mode, but they're not giving me much to go on, can anyone advise what could cause this error? https://paste.fedoraproject.org/423771/
08:48 Rumbles I wouldn't think you need nsnitro on your master, you would just use your mater to manage the hosts you have which have nsnitro installed leolee.... sorry, can't be sure as I've never used that maodule
08:51 leolee thanks for reply~ I tested for almost whole day, but I gave up...
08:53 kbaikov joined #salt
08:56 BlackBishop There should be a way to specify the file and the id separately
08:58 silver310 is there any way to ask a user for username and password and then pass in to a bash script while calling a state?
09:01 jimklo joined #salt
09:11 dgorissen joined #salt
09:13 Sypher|IT joined #salt
09:13 dgorissen Hi all
09:14 dgorissen I remember using a command to dump all the states that would apply to a minion. Exactly like calling grains.items and pillar.items. But failing to find it on google again :/
09:14 dariusjs joined #salt
09:14 dgorissen I know you can run with test=True and with -l debug but there was a much more lightweight, easy way
09:17 edrocks joined #salt
09:17 Sypher|IT guys, what would happen if i have a raspberry with a salt minion installed (key not accepted on master); i clone the SD and i now have 2 minions that are technically the same.
09:18 Sypher|IT How do i randomize? how do i distinguish between the two? Is there a correct way to handle this?
09:18 hlub_ dgorissen: doyou mean something like state.show_highstate?
09:18 Sypher|IT Because i've got a base system installed and i need to deploy to hundreds of rasps; SD card will always start from the same base image (with already installed salt minion)
09:19 hlub_ Sypher|IT: delete the minion keys somewhere under etc
09:20 dgorissen @hlub_, ah yes, that was it, thanks :)
09:22 hlub_ dgorissen: np, I googled it for you with search query: salt list states
09:22 dgorissen thanks *facepalm*
09:22 dgorissen left #salt
09:34 dariusjs joined #salt
09:36 akunin joined #salt
09:37 lero joined #salt
09:41 ivanjaros joined #salt
09:41 geomacy joined #salt
09:42 fredvd joined #salt
09:42 VSpike I'm getting a render error but it's not very helpful. Is there way I can find out if it's the jinja that's failing or the yaml parsing? If it's the yaml, how can I see the result of the Jinja stage?
09:42 kows joined #salt
09:45 VSpike Here's the pillar file https://bpaste.net/show/092390f723eb and here's the render error https://bpaste.net/show/94e47021da10 in case anyone has any ideas
09:50 perfectsine joined #salt
09:54 perfectsine_ joined #salt
10:00 amy_ joined #salt
10:03 kows joined #salt
10:18 kows joined #salt
10:20 mrBen2k2k2k joined #salt
10:28 kows joined #salt
10:30 VSpike Picked the wrong time of day to ask a question :/
10:34 Reverend yeah.
10:34 Reverend :P
10:34 Reverend only UK'ers on atm. and us lurklers
10:34 Reverend and babilen if you're lucky :)
10:34 akunin joined #salt
10:39 kuromagi joined #salt
10:40 VSpike Note to self... only have issues after lunch if possible :)
10:41 flowstate joined #salt
10:41 VSpike It's something I keep wishing for now I use gitfs for pillar and states .. some kind of lint tool, or flake8 equivalent for yaml + jinja
10:43 VSpike My commit history is super messy since the only way to spot a typo or indentation error or syntax error is to commit, push, fileserver.update / saltutil.refresh_pillar, try to do something, check errors, repeat
10:43 kows joined #salt
10:43 VSpike Would be hard to do since it would need stubs for various things
10:45 johnkeates joined #salt
10:47 XenophonF hang on vspike let me take a look
10:49 jhauser joined #salt
10:49 XenophonF VSpike: hm, that macro
10:50 XenophonF i wonder if that's not causing your error
10:50 XenophonF what happens if you manually replay that bit instead of using the macro?
10:51 XenophonF er, replay==copy-and-paste the macro contents into the respective positions elsewhere in the file
10:51 XenophonF it could be something funny about the indentation
10:52 XenophonF you could try changing `{% macro ...` to `{%- macro ...` and `{% endmacro %}` to `{%- endmacro %}`
10:53 XenophonF or you could take out the leading space in the lines where you do `{{ common_user_block }}`
10:53 XenophonF that's my guess
10:53 XenophonF debugging renderers in salt sucks
10:54 XenophonF it's too difficult to get intermediate results
10:54 johnkeates debugging pepper sucks too, especially if you touch tour eye
10:56 dariusjs joined #salt
10:57 akunin joined #salt
10:58 kows joined #salt
11:03 VSpike XenophonF: Hm. I wonder if what it shows in the error ( <Macro 'common_user_block'> ) is actually the text that is hitting the yaml parser
11:04 XenophonF quite possibly
11:04 raspado joined #salt
11:04 VSpike Wonder why it's not expanding the macro?
11:04 XenophonF oh
11:04 XenophonF because it isn't a macro call
11:04 XenophonF hang on
11:04 XenophonF gotta rtfm
11:04 VSpike ohh
11:04 XenophonF i bet that's the literal macro object right there
11:05 VSpike Yeah I need () on it
11:05 VSpike Doh
11:05 XenophonF http://jinja.pocoo.org/docs/dev/templates/#macros
11:05 XenophonF was just about to say that
11:05 XenophonF hah i thought you snipped out the macro results b/c they had something sensitive in them
11:07 ninjada joined #salt
11:08 amcorreia joined #salt
11:09 VSpike beautiful.. works like a dream
11:10 VSpike I thought it was some sort of placeholder in the output .. didn't realise it was literal :)
11:10 XenophonF awesomed
11:11 bluenemo joined #salt
11:14 bluenemo hi guys. Is it ok to symlink /srv/salt/ from sth like /srv/formulas? or does salt dislike that?
11:20 edrocks joined #salt
11:23 bluenemo works
11:24 VSpike Ah, that users.user_files kind of only works with non gitfs files
11:25 VSpike If you don't explicitly specify a path for the files, it will try to match against a list fetched by alt['cp.list_master_dirs'](prefix='users/files/user/')
11:25 VSpike That only lists dirs actually present on the master AFAICT
11:29 MadHatter42 joined #salt
11:35 cprior joined #salt
11:42 mage_ I guess that if I use an event.send in a state file it's asynchronous ?
11:43 mage_ so I can't do later - require: - event: my/custom/event in the sense "wait until the reaction has been made" ?
11:50 babilen mage_: https://docs.saltstack.com/en/latest/ref/states/all/salt.states.saltmod.html#salt.states.saltmod.wait_for_event ?
11:50 babilen (and you can require that state)
11:54 ninjada joined #salt
11:57 mage_ ah, great!
12:01 mage_ I'd like to do the following: on machine A if somepillardata=='foo' it should create a folder on machine B and only when this folder is created it should run other stuff on machine A
12:01 mage_ so I'm firing an event in my state one machine A, react to this by creating a folder on machine B
12:01 N-Mi joined #salt
12:01 N-Mi joined #salt
12:02 mage_ but I wonder if I should use wait_for_event or orchestration
12:11 flowstate joined #salt
12:13 ninjada joined #salt
12:16 mage_ babilen: https://gist.github.com/silenius/5e0e931d0d39e4fbb585b4c8879f3156 does it looks OK to you ?
12:16 mage_ (lines 14-38 are the one)
12:23 oida joined #salt
12:25 synical joined #salt
12:26 impi joined #salt
12:27 edrocks joined #salt
12:27 ronnix joined #salt
12:30 flowstate joined #salt
12:30 fannet joined #salt
12:32 flowstat_ joined #salt
12:33 flowstate joined #salt
12:33 silver310 hello, is there a reason why external authenticatoin isn't working?
12:34 silver310 i have configured my ACL for my user with permitions '.*', but i cannot run anything, all i get is "Failed to authenticate!"
12:36 mage_ babilen: I'm getting timeouts
12:37 mage_ https://gist.github.com/silenius/ccf2dd54a51d9a7dfac289409c7cc3b1
12:47 mavhq joined #salt
12:48 flowstate joined #salt
12:50 nicksloan joined #salt
12:52 babilen mage_: Well .. you can raise the timeout value.
12:53 mage_ mmh it's not the cause
12:53 mage_ I alreay tried
12:54 babilen You fire the event before waiting for it, don't you?
12:54 mage_ yes
12:54 babilen Well, that can't work now, can it?
12:54 babilen I mean .. Linux is great, but we still haven't officially released the timetravel kernel module
12:55 XenophonF yeah, for that you have to be running NetBSD
12:55 mage_ babilen: I'm confused ... I have this ATM https://gist.github.com/silenius/0b4ad163417d96197b5227db950fe248
12:56 mage_ and https://gist.github.com/silenius/9e6188b7932e01cd202de2907d78b569 in the logs
12:56 babilen mage_: You have to separate those .. the wait_for_event state is being evaluated *after* the events that trigger it
12:57 babilen Have one SLS that "picks up" after another, once the other fired that event
12:57 babilen I mean .. why even wait for the event there?
12:57 mage_ because the mkdir happens on another machine
12:58 babilen You typically use wait_for_event to synchronise things that you have no direct control over in that particular SLS
12:58 mage_ and I would avoid the case where salt tries to symlink before the dir is created
12:59 babilen Well, the you need orchestrate .. but then you can just trigger a reactor that listens to your custom even and then fires off the other SLS
12:59 babilen Let me draw a picture
12:59 mage_ I'm confused .. what's the difference between an orchestrate runner and a wait_for_event in this case ?
13:00 babilen Just to clarify: You want to run some stuff on a different minion (minion2) before continuing/running a state on minion1 ?
13:00 mage_ I just want to do: on machineA if somevar == 'production' create a dir on machine2 and then symlink on machine1 to that dir (NFS mounted)
13:01 mage_ should I use an orchestrate runner in this case ?
13:02 babilen "and then" ? Why is that necessary? Can't you just create all necessary directories first on machine2 before running the highstate on machine1 (with the directories in place)
13:02 west575 joined #salt
13:02 babilen ?
13:02 babilen I mean .. why does that have to happen intertwined?
13:02 babilen (which is possible to do, just more complicated)
13:03 mage_ I coudl, it's for the exercise :)
13:03 babilen Ah!
13:03 mage_ I'd like to understand orchestration a little bit
13:07 babilen You can use inter minion requisites in orchestration
13:07 mage_ maybe I shoudl fire an event and in reaction to that event execute an orchestrate runner
13:07 babilen Or you fire events at the "end" of each SLS that completed a thing and then react to it by kicking of the next one
13:08 amcorreia joined #salt
13:09 ferbla joined #salt
13:10 mage_ babilen: I still don't understand why the following doesn't work: https://gist.github.com/silenius/5d38fde631bcf5976cef51fb2db239fe
13:11 mage_ event.send is executed, then salt.wait_for_event blocks, then the file.symlink runs, no ?
13:12 racooper joined #salt
13:12 babilen mage_: Because the event is being sent *before* you run wait_shared_dir_created
13:12 babilen The requisite event: webapps/harmonia/shared_dir ensures that webapps/harmonia/shared_dir runs before wait_shared_dir_created
13:12 mage_ babilen: even with the -require: - event: webapps/harmonia/shared_dir in the salt.wait_for_event ?
13:13 babilen In particular with that
13:13 babilen But you just can't use event.send and wait_for_event (on the same event) in the same SLS
13:13 babilen One will always run before the other
13:13 babilen Salt runs one state at a time
13:13 toastedpenguin joined #salt
13:14 mage_ ok.. I'm still confused but I'll check the docs
13:15 teryx510 joined #salt
13:15 toastedpenguin1 joined #salt
13:15 babilen I'll be afk for a while
13:16 mage_ thanks for the infos :)
13:17 gh34 joined #salt
13:19 krymzon Hi, I want to set up PKI with Salt. Initially for openvpn, with CA on the Salt Master, but room for future expansion. Should I use module .x509, or .tls? Or something else?
13:20 west575__ joined #salt
13:24 aphor joined #salt
13:36 flowstate joined #salt
13:36 ivanjaros3916 joined #salt
13:37 subsignal joined #salt
13:38 ttrumm joined #salt
13:38 west575 joined #salt
13:43 edrocks joined #salt
13:46 Tanta joined #salt
13:47 POJO joined #salt
13:49 subsignal joined #salt
13:50 sjmh joined #salt
13:51 drawsmcgraw1 joined #salt
13:51 west575__ joined #salt
13:52 perfectsine joined #salt
13:54 kbaikov joined #salt
13:54 mohae joined #salt
13:55 ekristen joined #salt
13:56 ssplatt joined #salt
13:57 ssplatt i suppose x509.certificate_managed doesn’t do user: group: mode: perms right in that state. so i’ll need a file.managed after the fact to set those
14:02 catpig joined #salt
14:02 akunin joined #salt
14:05 ninjada joined #salt
14:05 tvinson is using multiple file.replace/file.managed states on a single file safe or would i need to add some sort of ordering?
14:07 mpanetta joined #salt
14:09 LostSoul Hi
14:09 LostSoul So what's his problem?: http://paste.debian.net/hidden/a727f335/   - I had this error in salt 2015 - I upgraded to 2016 and it was solved, question is what was wrong? As I don't get it
14:09 LostSoul #URL is url that I can't share
14:10 XenophonF joined #salt
14:13 toanju joined #salt
14:19 akunin joined #salt
14:19 tvinson for reference here's an excerpt of the state i'm having trouble with (it only seems like it's just caused a problem on rhel6 with minion 2016.3.2) https://gist.github.com/anonymous/1cadf67b1667330b9bfb24a43e274246
14:23 bilal80 joined #salt
14:28 ivanjaros joined #salt
14:28 nicksloan joined #salt
14:29 tvinson LostSoul: i think you would use - pkg: 'Bacula - pkgs' or similar. using spaces and hyphens like that in the state names probably isn't a great idea (not that i could say it's definitely causing a problem).
14:29 DammitJim joined #salt
14:34 bluenemo joined #salt
14:38 riftman joined #salt
14:40 jdipierro joined #salt
14:40 heaje joined #salt
14:41 systo joined #salt
14:45 Mate joined #salt
14:46 POJO joined #salt
14:47 fredrick joined #salt
14:49 iggy LostSoul: what tvinson said... they didn't add the ability to leave off the module until 2016.3
15:01 murrdoc joined #salt
15:06 vieira joined #salt
15:07 whitenoise joined #salt
15:07 bluenemo joined #salt
15:07 Shirkdog joined #salt
15:07 Shirkdog joined #salt
15:08 jimklo joined #salt
15:10 vieira Hello, I have multiple states managing files and each has a watch_in: -cmd: configtest
15:11 vieira I thought cmd would only run after all the states that have watch_in
15:11 numkem joined #salt
15:12 vieira but looks like although most of the time it works like I expected, sometimes the command runs before some of the states that have watch_in...
15:13 vieira I was reading http://ryandlane.com/blog/2014/07/14/truly-ordered-execution-using-saltstack/ and https://github.com/saltstack/salt/issues/13657
15:13 saltstackbot [#13657][MERGED] Sequential operation relatively impossible currently | Due to the requisites system modifying the order of states, it's currently impossible to ensure sequential ordering of states unless you can live without watch/watch_in....
15:14 _JZ_ joined #salt
15:14 vieira but I am not sure if listen is required to have the behaviour I want. Most of the formulas I have seen online use watch/watch_in. I also have used watch/watch_in for a long time and this is the first time I have seen something like this
15:15 vieira so I guess my question is this known behaviour? is it expected?
15:16 babilen vieira: Don't you want a "require:" there or what do you expect watch to do for the cmd ?
15:17 vieira the cmd is a cmd.wait: -name: apachectl configtest and also has a -watch_in: - service: apache-server
15:18 raspado joined #salt
15:18 vieira the other states are config files, etc that each has a watch_in: - cmd: apache-configtest
15:19 DEger joined #salt
15:19 sjmh joined #salt
15:21 tarkin76 joined #salt
15:21 babilen Hmm .. what do you want to achieve by that? I'd make one a prereq of the other. (so that if the configuration file state has changes the config check is run and a successful run is a requirement for the state to complete)
15:21 vieira babilen: Do you get what I am doing? It does not fail everytime btw, most of time it works
15:21 gladiatr joined #salt
15:22 vieira babilen: I am trying to restart apache if any of the files that are managed change
15:22 vieira but only if configtest passes
15:22 tarkin76 left #salt
15:22 vieira so when a file changes, configtest runs if it returns 0 (ok) then apache service is restarted
15:23 BattleChicken joined #salt
15:23 babilen Yes .. so you would have a watch_in from the configuration file state to the apache service.running state (or a listen_in -- that will ensure that the server is being restarted if there are changes)
15:24 babilen Furthermore you would then define the configuration check states and define a prereq_in for those on the configuration file state (if they change, you want to run them *before* the configuration file state and make a successful run a requirement for state completion)
15:25 babilen https://docs.saltstack.com/en/latest/ref/states/requisites.html#prereq
15:27 hasues joined #salt
15:28 hasues left #salt
15:28 Tanta or use a cmd.run with onlyif: { test config } and watch: - file: config1, etc
15:28 west575 joined #salt
15:28 om joined #salt
15:28 DEger joined #salt
15:31 vieira babilen: do you know why my approach would most of the time work but sometimes fail?
15:31 vieira babilen: https://gist.github.com/vieira/c4d2d49451bdc3a9e5f8baae445fb55d
15:31 vieira it is not the full sls but gets the spirit of it
15:32 vieira what is killing me is that looks like most of the time it works but sometimes fails, like there was some racing condition or something
15:32 vieira and in these cases the configtest runs before the modules are enable (and fails)
15:32 nonades joined #salt
15:34 west575__ joined #salt
15:36 Reverend just checking, is the best way to check if a package is installed: {% if salt['pkg.version']('packagename')
15:36 Reverend ?
15:36 Reverend it's a bloody npm -i
15:36 sp0097 joined #salt
15:36 Reverend rpm*
15:37 kows joined #salt
15:39 onlyanegg joined #salt
15:40 tapoxi joined #salt
15:40 babilen vieira: Your requisites are simply off .. cmd doesn't implement a watch function, does it?
15:41 babilen So the states are being reordered in ways that you don't want (as you don't use the right requisites)
15:41 sparticl joined #salt
15:42 Reverend before anyone answers - i found a different way of doing it using pkg.install.sources
15:42 Reverend im gravy.
15:42 Reverend <3
15:42 vieira babilen: hmm cmd.wait? https://docs.saltstack.com/en/latest/ref/states/all/salt.states.cmd.html#salt.states.cmd.wait
15:42 DEger joined #salt
15:42 sparticl how do I issue a command to a service, but have it use a specific user
15:42 ozux joined #salt
15:42 tapoxi any limitations of salt-ssh I should know about?
15:42 Reverend anndnddd alll the questions.
15:43 Reverend babilen - i think you need a one at a time rule :P haha
15:43 sparticl sudo salt 'd2[0-2].xx.xxx.com' cmd.run '/opt/sp4/splunk/bin/splunk restart'
15:43 babilen Well .. I'm off now anyway :)
15:43 sparticl I need that run as “splunk”
15:44 Reverend toodlepip babilen - sleep well or whatever you're doiung :)
15:44 babilen Reverend: Not quite bedtime yet in good ol Europe. :)
15:44 tapoxi sparticl sudo -u splunk ?
15:44 babilen I decided to enjoy the sunshine
15:44 babilen Anyway .. have fun and good luck!
15:45 ageorgop joined #salt
15:45 sparticl the sudo is for the salt master though
15:45 sparticl I cant send a sudo in the command itself
15:47 teryx510 joined #salt
15:47 sparticl Sorry, user spuser is not allowed to execute '/bin/salt d2[0-2]
15:47 DEger joined #salt
15:47 sparticl its spuser, not splunk
15:48 tvinson sparticl: you should be able to pass the runas argument to cmd.run
15:51 sparticl can I send runas from comand line?
15:51 tvinson you can send any of the keyword arguments from the command line
15:53 tvinson https://docs.saltstack.com/en/2015.8/ref/cli/index.html#calling-the-function
15:54 Rumbles joined #salt
15:57 sjmh joined #salt
16:01 nicksloan joined #salt
16:02 DEger joined #salt
16:03 debian112 joined #salt
16:05 west575 joined #salt
16:07 murrdoc joined #salt
16:09 perfectsine_ joined #salt
16:13 cyborg-one joined #salt
16:14 KyleG joined #salt
16:14 KyleG joined #salt
16:16 ssplatt joined #salt
16:19 west575__ joined #salt
16:23 ivanjaros joined #salt
16:24 west575 joined #salt
16:25 ivanjaros3916 joined #salt
16:26 MajObviousman what's the default outputter, does anyone know?
16:27 edrocks joined #salt
16:29 * MajObviousman stumbles onto --force-color
16:30 west575__ joined #salt
16:32 DEger joined #salt
16:32 murrdoc joined #salt
16:35 DEger_ joined #salt
16:35 west575 joined #salt
16:36 fredrick doing a salt-cloud map file and would like to add a random 8 digits to the end of my server name.  Any suggestions?
16:38 fredrick sparticl you can do the sudo salt 'd2[0-2].xx.xxx.com' cmd.run '/opt/sp4/splunk/bin/splunk restart' runas=splunk
16:39 Mate 414
16:39 sean joined #salt
16:40 alinuxninja joined #salt
16:43 fredrick sparticl: you can do the sudo salt 'd2[0-2].xx.xxx.com' cmd.run '/opt/sp4/splunk/bin/splunk restart' runas=splunk
16:43 perfectsine joined #salt
16:44 fredrick doh repost sorry
16:44 DEger joined #salt
16:46 guest_____ joined #salt
16:47 Guest13662 when it comes to orchestration, how do you get a handle on the return data from a function or state to be used throughout the rest of the orchestration workflow?
16:48 Guest13662 e.g. i want to create a support ticket, which returns the ticket number, then perform some action and then update the ticket with the result
16:49 jdipierro joined #salt
16:49 guest_____ Has anyone successfully deployed the salt-minion to windows via GPO (After converting the exe to an 'msi' package).?
16:54 nlf_ joined #salt
16:55 jdipierro joined #salt
16:57 Reverend can file.recurse preserve permissions
16:57 Reverend ?
16:58 Lionel_Debroux joined #salt
16:59 DEger joined #salt
17:02 ninjada joined #salt
17:02 Reverend I have to bail - but if anyone has any ideas, drop me a PM :) I'll leave IRC on for the night. Have a good one chaps! much love as ever.
17:02 Reverend <3
17:02 Reverend peace..
17:12 sparticl joined #salt
17:14 DEger joined #salt
17:16 pipps joined #salt
17:17 KyleG How is everyone securing SSH keys/SSL keys?
17:17 ssplatt gpg
17:17 KyleG I've got a git repo where I store all my states and whatnot, but the devs also have access to it to submit pull requests
17:17 Tanta I keep them in a separate secret store
17:18 Tanta in my case, S3
17:18 KyleG ssplatt: Any examples?
17:19 ssplatt KyleG: https://docs.saltstack.com/en/latest/ref/renderers/all/salt.renderers.gpg.html
17:20 KyleG yeah I'm looking at that page
17:21 kus joined #salt
17:21 KyleG still not too clear, sorry
17:21 ssplatt are you familiar with gpg?
17:22 KyleG I haven't used it in ages to be honest
17:22 KyleG so no
17:22 ssplatt those steps are pretty dead on. i don’t remember them missing anything
17:22 KyleG Okay I'll go through it line by line, sorry
17:23 edrocks joined #salt
17:23 ssplatt the first few steps are on the master
17:24 ssplatt which should already have teh packages installed.
17:24 ssplatt when you get to “import the pub key” you can do that on any client machine, like your laptop
17:24 ssplatt or workstation
17:24 bluenemo joined #salt
17:25 ssplatt we ensure haveged is installed on all of our linux servers to give them proper entropy
17:25 ssplatt rng-tools is mentioned in the doc there to do the same thing
17:26 ssplatt the main thing that i get snagged on is forgetting to put #!yaml|gpg at the top of my pillar files.
17:26 ssplatt and if you also have jinja in your pillar file, then you need to do something like #!jinja|yaml|gpg
17:26 KyleG and I can feed GPG an entire SSL key/SSH key? These examples seem to be for password-like stuff
17:27 ssplatt yeah you can do a full multiline block
17:27 ssplatt $ echo -n "supersecret" | gpg --armor --batch --trust-model always --encrypt -r <KEY-name>
17:27 ssplatt supersecret can be anything
17:27 KyleG so it could be like
17:27 ssplatt just open the “   then paste   then close “ | stuff
17:27 KyleG cat kyle.key | gpg --armor --batch --trust-model always --encrypt -r <KEY-name>
17:27 KyleG something like that
17:27 ALLmightySPIFF joined #salt
17:28 DEger joined #salt
17:28 ssplatt yeah.
17:28 KyleG sweet thanks ssplatt I think this gets me in the direction I need to go in. Appreciate your patience
17:28 ssplatt sometimes you can get caught with an extra new line at the end of the block.  which is why they echo -n in the doc there
17:29 ssplatt you can encode against multiple gpg keys too, so like if you have a testing cluster and a prod cluster. you can use the same pillar files on each
17:30 KyleG sweet
17:39 ageorgop joined #salt
17:41 impi joined #salt
17:44 nlf84075 joined #salt
17:48 sjmh joined #salt
17:51 nlf84075 Does salt-minion offer an msi that support installation to windows via GPO?
17:53 ahammond joined #salt
17:58 BattleChicken that seems like a simple enough thing to try.
18:02 west575__ joined #salt
18:03 GreatSnoopy joined #salt
18:04 sjmh joined #salt
18:08 ajw0100 joined #salt
18:11 perfectsine joined #salt
18:18 debian112 joined #salt
18:22 sparticl joined #salt
18:22 impi joined #salt
18:23 MTecknology heh, so minion_start matches some events that don't have a minion id, hm
18:23 systo joined #salt
18:24 LostSoul tvinson, iggy: Thanks!
18:24 sjmh joined #salt
18:25 lero joined #salt
18:26 cyrus_mc left #salt
18:29 ub1quit33 joined #salt
18:33 ub1quit33 joined #salt
18:40 Rumbles joined #salt
18:41 jdipierro joined #salt
18:43 flowstate joined #salt
18:43 flowstate does anyone know of a way to cache a specific grain from all minions to the master on a timer?
18:44 flowstate I need to remove dead minions after death based on a grain, so I need to be able to cache it on the master for retrieval after the minion is dead
18:44 west575 joined #salt
18:45 pipps joined #salt
18:49 raspado joined #salt
18:49 west575__ joined #salt
18:50 edrocks joined #salt
18:52 mTeK joined #salt
18:52 DEger joined #salt
18:53 flowstate joined #salt
18:53 flowstate joined #salt
18:55 beardedeagle joined #salt
18:57 lumtnman joined #salt
18:58 lumtnman joined #salt
18:59 badon joined #salt
19:02 Sypher|IT joined #salt
19:06 DEger joined #salt
19:06 nidr0x joined #salt
19:06 ThomasJ joined #salt
19:07 cyborg-one joined #salt
19:07 krymzon joined #salt
19:07 keimlink joined #salt
19:07 lero joined #salt
19:08 jimklo joined #salt
19:13 aphor flowstate: you want to mine the grain data if you need it when the minion is no longer answering
19:13 ajw0100 joined #salt
19:13 flowstate as the master?
19:14 flowstate I know the master caches grain data, but I'm fuzzy on how to be certain I refresh the cache on an interval
19:14 aphor https://docs.saltstack.com/en/latest/topics/mine/
19:14 flowstate so I should look into mine instead?
19:14 flowstate beeeautiful!
19:14 flowstate ty aphor
19:15 aphor YW.
19:16 flowstate hmm, but all the docs show is running a method on it? mine_functions? I just need to make sure the grains are synced
19:16 flowstate or... I guess, make sure they're mined
19:17 aphor you can use grains.get under mine_functions in a pillar
19:17 flowstate huh. interesting
19:17 keimlink_ joined #salt
19:18 flowstate so I'd have something like mine_functions: grains.get: [] in the pillar, have it go to all minions, and then I can access that via 'mine.get'
19:20 aphor basically, yeah
19:21 aphor assuming you already know/have a grain you can use to decide to kill off the VMs or keys or whatever
19:28 sjmh_ joined #salt
19:31 ALLmightySPIFF joined #salt
19:36 pipps joined #salt
19:37 fxhp joined #salt
19:38 debian112 left #salt
19:39 debian112 joined #salt
19:42 Curious_Dev joined #salt
19:43 Curious_Dev Hello - Question: is there a way to make a file immutable? ( chattr +i ) w/o running cmd.run
19:48 Cottser joined #salt
19:48 iggy write a custom module ;)
19:48 nlf84075 joined #salt
19:50 Curious_Dev yeah - thought about that. There is an issue from 2015 that never got updated. https://github.com/saltstack/salt/issues/27094 I just didn't know if it had been worked on and the issue not closed
19:50 saltstackbot [#27094][OPEN] Please add chattr function to file module | chattr provides some useful file attributes on Linux, namely immutable and apend-only which are widely used for security.
19:54 fredrick how to install a pip3 package?
19:54 ALLmightySPIFF joined #salt
19:55 gtmanfred specify the pip_bin
19:55 gtmanfred or
19:55 fredrick How so?
19:55 gtmanfred bin_env*
19:56 gtmanfred https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.pip.html#salt.modules.pip.install
19:56 sjmh joined #salt
19:56 gtmanfred just pass bin_env=/path/to/pip3
19:56 gtmanfred or pass it through the pip state
19:56 gtmanfred and it will use that binary
19:57 mswart left #salt
19:57 fredrick Cool
19:58 jimklo joined #salt
19:59 edrocks joined #salt
19:59 sp0097 joined #salt
20:03 subsignal joined #salt
20:03 justyns joined #salt
20:07 kojiro joined #salt
20:09 jimklo joined #salt
20:10 nicksloan joined #salt
20:10 sjmh joined #salt
20:12 akunin joined #salt
20:12 PerilousApricot joined #salt
20:15 sparticl joined #salt
20:16 west575 joined #salt
20:17 Cottser joined #salt
20:20 adrien_ joined #salt
20:20 flowstate so the RunnerClient docs are... completely incorrect
20:21 Cottser joined #salt
20:21 flowstate they state that RunnerClient#cmd takes a print_event arg. This is not true, and causes an error
20:21 flowstate is there any way to not have RunnerClient#cmd print to the screen when called from python? It's bloating my logs
20:21 flowstate #cmd is actually defined in client/mixins.py , but makes no mention of printing anything, so I'm not sure where they got that from
20:24 Guest71072 left #salt
20:28 beowuff joined #salt
20:28 murrdoc joined #salt
20:30 Brew joined #salt
20:33 murrdoc joined #salt
20:35 fredrick anyone have idea of how I can build with salt-cloud and have a random string or better yet the last two octects of the machines ip be the name?
20:38 vincent_vdk left #salt
20:43 ajw0100 joined #salt
20:45 sjmh joined #salt
20:47 onlyanegg joined #salt
20:48 ssplatt joined #salt
20:52 schemanic_ joined #salt
20:52 schemanic_ Hi
20:53 schemanic_ Can I get some pointers on how to set up my salt repos?
20:53 sjmh joined #salt
20:53 cyborg-one joined #salt
20:55 idontbyte joined #salt
20:55 BattleChicken tropico is a competent city building game. definitely worth free.
20:56 BattleChicken err. wrong window. sorry.
20:57 lero joined #salt
20:57 bowhunter joined #salt
20:58 colegatron_origi joined #salt
20:58 schemanic_ anyone?
20:58 schemanic_ I'm trying to figure out what repositories I should set up to maintain my salt code
20:59 fredrick I have a salt-repo for my state files and salt-pillar for all my sensitive info
20:59 schemanic_ fredrick, does that state repo cover formulas too?
20:59 fredrick yes
20:59 fredrick basicly it is everything other than pillar data
20:59 schemanic_ are you testing with kitchen-salt?
21:00 fredrick I plan to be sometime next week.
21:00 schemanic_ also, where are you commiting things like the master configuration files?
21:00 edrocks joined #salt
21:00 fredrick I run it all from a git repo.  I use a webhook that fires a highstate on my masters if it see changes to the repo
21:01 fredrick for the master config that is.
21:02 schemanic_ So your master is a minion of itself? Are you using git.latest on /etc/salt/ or something like that?
21:03 fredrick No on the git server I have a hook that looks for changes to salt-master, salt-cloud, and salt-api.  If it sees any changes it fires a highstate via the api to the salt-master
21:03 fredrick so yes it is a minion to itself.
21:04 Morrolan joined #salt
21:04 ninjada joined #salt
21:05 fredrick I do not have a schedule for the minions to run a highstate so unless something changes and is triggered by us running a highstate it will not look at the state file
21:05 barmaley joined #salt
21:06 schemanic_ so you have states covering the config of the master
21:07 fredrick Yes that way in a dr I can just rebuild a new saltmaster and copy the master file down and restart, and it will pull the rest down.
21:08 fredrick disater not dr
21:08 schemanic_ the master file is what gets it started? how does it connect to git and know to pull things down?
21:08 schemanic_ Thanks for answering this stuff - I'm in charge of getting this off the ground at my company so I'm trying to learn how it's typically done
21:09 fredrick Well I have to install a few things like salt-master, salt-minion, pygit2 ... then when it restarts it will know what all it needs pillar and repo wise so I just run a salt-call state.highstate on itself
21:09 schemanic_ mmm
21:09 fredrick Might want to look at the best practices.
21:10 schemanic_ I'm looking into ways to use salt-cloud to spin up new masters if necessary, but you're right that if I lose the whole thing I need to be able to whip up a master from scratch
21:11 fredrick it is nice now we all just update our local git repo and push for any thing that salt manages including itself.
21:11 schemanic_ so the components are: 1) install system dependencies (salt, salt-master, salt-cloud, salt-api, etc), 2) transfer only /etc/salt/master to the master, then service salt-master restart?
21:11 fredrick I would love to know how others are doing it.  I did multimaster along time ago and it broke whenever I upgraded.
21:13 fredrick Well in my master build I have it install the salt-cloud and api. So in a disaster recovery I just install salt-master/minion.  Then the needed git tools, I use pygit, and yes copy the master file over.
21:13 fredrick oh and change the minion to point to localhost
21:14 fredrick then just restart master and do a salt-call state.highstate.  It will install cloud/api and config everything restarting services as needed
21:14 whytewolf joined #salt
21:14 schemanic_ I'm just trying to understand what about /etc/salt/master tells the master to 'go out to my git repo, get the states I need, etc'
21:16 schemanic_ Are you using gitfs_remotes for that?
21:16 fredrick in the master file I have https://gist.github.com/rchannel/0fc3b9b998f71b0dc520deb3fc0e2327
21:16 schemanic_ yes
21:16 schemanic_ thats it
21:16 fredrick That configure the file backend.
21:17 fredrick also this:
21:17 fredrick fileserver_backend:   - git   - roots
21:17 schemanic_ Right, now I get it. Having a gitfs remote allows you to tell the master, without anything else local to it to go to the repo, get your master state files, and run them on itself
21:18 netcho joined #salt
21:18 fredrick yes
21:18 schemanic_ Thanks fredrick, this really helps
21:18 schemanic_ one more thing
21:18 schemanic_ does salt allow this with mercurial?
21:19 fredrick https://docs.saltstack.com/en/latest/ref/states/all/salt.states.hg.html
21:19 fredrick I would assume
21:19 schemanic_ I see that, but for the master file part
21:19 flowstate joined #salt
21:20 schemanic_ Woot ok yeah I fund it
21:20 fredrick https://docs.saltstack.com/en/latest/ref/file_server/all/index.html#all-salt-fileserver
21:20 fredrick Awesome.
21:20 fredrick enjoy salting
21:21 fredrick Ask lots of questions. This group has been great.
21:21 schemanic_ I've found it to be thus
21:22 flowstate joined #salt
21:24 murrdoc does anyone have a state for dist-upgrade that works
21:26 beowuff joined #salt
21:28 murrdoc joined #salt
21:28 murrdoc ?
21:41 Matthew_ left #salt
21:45 jimklo_ joined #salt
21:46 systo joined #salt
21:49 PerilousApricot joined #salt
21:49 fredrick I wish, actually fighting the same murrdoc:
21:56 amcorreia joined #salt
21:56 raeven joined #salt
21:58 murrdoc salt-call --retcode-passthrough pkg.upgrade dist_upgrade=True force_yes=True skip_verify=True foce_conf_new=False refresh=True
21:58 murrdoc thats what i have fredrick
21:58 fredrick Did it work?
21:58 murrdoc kinda bummed pkg.uptodate doesnt actually action
21:58 murrdoc yeah it works
21:58 fredrick That is awesome.
21:59 murrdoc no man its ugly as fark
21:59 fredrick I agree but it just worked for me to
22:00 fredrick and I have been fighting it for a couple hours.
22:01 sjmh joined #salt
22:01 lero joined #salt
22:06 hax404 joined #salt
22:13 ze- joined #salt
22:13 Yoda-BZH joined #salt
22:13 giany joined #salt
22:14 Yoda-BZH joined #salt
22:23 sjmh joined #salt
22:24 pipps joined #salt
22:24 stanchan joined #salt
22:26 sjmh_ joined #salt
22:28 ninjada joined #salt
22:29 ninjada joined #salt
22:36 onlyanegg I'm having trouble getting salt to run a state when contents inside a directory change
22:37 ageorgop joined #salt
22:39 onlyanegg https://gist.github.com/onlyanegg/3ee448bf774d7322e9e7bb7d0d72ba3f
22:39 onlyanegg Can anyone take a look?
22:42 flowstate joined #salt
22:49 ssplatt joined #salt
22:54 sparticl joined #salt
22:54 ninjada joined #salt
23:00 sjmh joined #salt
23:03 edrocks joined #salt
23:04 lero joined #salt
23:06 ninjada joined #salt
23:06 ninjada joined #salt
23:07 sparticl joined #salt
23:10 flowstate joined #salt
23:17 sparticl joined #salt
23:20 teryx510 joined #salt
23:39 tawm04 joined #salt
23:42 sjmh joined #salt
23:46 aphor onlyanegg: "The onchanges requisite makes a state only apply if the required states generate changes"
23:46 aphor https://docs.saltstack.com/en/latest/ref/states/requisites.html#onchanges
23:47 aphor the way you have it specified, onchanges will look for a file state named '/etc/systemd/system/*'
23:48 aphor Instead you should have onchanges: refer to file: install_ame_systemd_service_file
23:49 aphor also "install_ame_systemd_service_file" is imperative language used to name a declarative state.
23:52 aphor Better to call it "ame_systemd_service_file_installed" or "ame_systemd_service_installed" and then have it specify onchanges_in: cmd: reload_systemd
23:53 BattleChicken left #salt
23:53 aphor and 'reload_systemd' should be named 'systemd_reloaded'
23:55 pipps joined #salt
23:59 PerilousApricot joined #salt
23:59 pipps joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary