Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2016-09-23

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:03 spuder joined #salt
00:08 flowstate joined #salt
00:09 sagerdearia joined #salt
00:11 ajw0100 joined #salt
00:17 drawsmcgraw joined #salt
00:18 drawsmcgraw So.... salt-ssh
00:19 drawsmcgraw Salt runs are failing when I use file.managed() with the salt:// urn as the location
00:19 drawsmcgraw I get this -> Error parsing config: Error parsing "gpgkey = 'salt://yum/keys/NODESOURCE-GPG-SIGNING-KEY-EL'": URL must be http, ftp, file or https not "salt"
00:19 drawsmcgraw Is this a conscious decision and isn't supported? Or is it just something that hasn't been implemented yet?
00:21 hemebond Hmm, probably not supported because of the way it works.
00:21 hemebond I haven't found anything about it yet.
00:21 drawsmcgraw hemebond: Yeah. It would make sense that it's possible, since Salt is ssh'ing out to the remote machine. Surely, by that point you have the permissions necessary to (say) scp or sftp the files to the Minion?
00:22 hemebond Yes, but the minion normally fetches the files from the master, not the other way around.
00:22 hemebond So it would be a different process.
00:22 drawsmcgraw ah..... right :/
00:23 drawsmcgraw So it's an artifact of the way it's designed. Okay, I understand now.
00:23 hemebond Maybe. I'm still searching. I don't use salt-ssh myself.
00:23 drawsmcgraw Neither have I until recently.
00:23 hemebond I'm only going by your word that it doesn't work :-)
00:23 drawsmcgraw Yeah I see my exact question repeated a few times in the IRC chat logs so it's certainly not the first time it's happened.
00:24 hemebond It actually looks like it should work.
00:25 hemebond I see a PR from May last year about fixing an issue with it.
00:25 drawsmcgraw hemebond: What're you looking at?
00:25 hemebond https://github.com/saltstack/salt/pull/23530
00:25 saltstackbot [#23530][MERGED] salt-ssh state: fix including all salt:// references | Proposed patch to fix #23355. It needs review, of course, and testing. I think it should have some unit / integration tests too. It seems there is no test written for the SSH client yet, or I didn't find it, and I don't know enough to initialize one....
00:25 drawsmcgraw I'm looking through states/file.py right now
00:26 hemebond It looks like it should work.
00:27 hemebond People use salt-ssh to install salt-minion with references to salt:// files.
00:27 hemebond e.g., minion configs.
00:28 wangofett joined #salt
00:32 DEger joined #salt
00:33 woodtablet left #salt
00:33 debian112 joined #salt
00:34 drawsmcgraw hrm....
00:35 sagerdearia joined #salt
00:36 drawsmcgraw And, like you say, hemebond, they're using file.managed() to drop some RPMs on the minion (ostensibly over salt-ssh)
00:40 drawsmcgraw OOHHHH wait a sec. I'm using cmd.script() with the salt:// urn.  Dang...
00:40 hemebond Ah.
00:41 drawsmcgraw It's not a large one. I'll probably just in-line the text of the script with the Salt state
00:41 drawsmcgraw The alternative, I think, would be to file.manage(), then run it, then delete it
00:41 hemebond Can't use cmd.script?
00:42 drawsmcgraw Apparently you can't use cmd.script() with source: salt://
00:42 hemebond uh
00:42 hemebond The example in the docs uses it.
00:43 drawsmcgraw It's been a long day. Maybe I'm missing something
00:43 drawsmcgraw Right, but the docs aren't written for salt-ssh
00:43 drawsmcgraw Sorry. I meant specifically for salt-ssh
00:43 hemebond oh
00:44 hemebond Yeah I see at least one open issue about it.
00:44 drawsmcgraw bummer
00:44 drawsmcgraw It's only four lines. Not a deal-breaker in this case
00:45 hemebond Did you test it with the cmd.script state?
00:46 drawsmcgraw Did. That's how I got that error
00:46 hemebond Okay.
00:46 krazyj joined #salt
00:49 drawsmcgraw Wait a tick....
00:49 drawsmcgraw AWWW. The output from the Salt run was mangled a bit. I'm reading an error from a different state
00:49 drawsmcgraw To correct myself: You *can* use file.managed() with salt:// over salt-ssh.
00:50 drawsmcgraw What you *cannot* do, is pass a 'salt://' urn to the 'gpgkey' parameter of pkgrepo.managed()
00:50 drawsmcgraw hemebond: ^
00:50 drawsmcgraw I hang my head in shame
00:56 mosen joined #salt
00:57 DEger joined #salt
01:02 mosen hiya saltines
01:05 DEger joined #salt
01:06 amcorreia joined #salt
01:08 flowstate joined #salt
01:08 raspado is it possible to match grains as such   {% if grains['role'] == 'jenkins*' %} ? where it would match jenkins-master and jenkins-slave?
01:12 hemebond raspado: Yes, you can target on grains.
01:12 hemebond And reference grains in your Jinja templates.
01:13 DEger joined #salt
01:13 edrocks joined #salt
01:18 raspado i guess my match wont work because of the ==
01:18 hemebond Oh, I didn't notice your wildcard.
01:18 hemebond That's not supported.
01:18 hemebond But Jinja does support substrings/slices.
01:18 hemebond You can use that to match things.
01:19 raspado {% if grains.get('role').startswith('jenkins') %} ?
01:19 raspado i can try that
01:23 akunin joined #salt
01:28 akunin how can i get the following done with salt.state.file.replace: sed -e '/GRUB_CMDLINE_LINUX_DEFAULT=/ s/"$/ highres=on"/' /etc/default/grub
01:29 akunin basically, i just want to add one option to the GRUB_CMDLINE_LINUX_DEFAULT variable and not replace the whole line
01:30 catpigger joined #salt
01:30 DEger joined #salt
01:33 bowhunter joined #salt
01:35 DEger joined #salt
01:36 sagerdearia joined #salt
01:46 XenophonF akunin: hang on i think i have a file.replace state somewhere that i can show you
01:46 akunin XenophonF: awesome
01:46 akunin joined #salt
01:46 XenophonF akunin: https://github.com/irtnog/salt-states/blob/development/cron/init.sls#L9
01:46 akunin XenophonF: ah nice, didn't know we can use placeholders in repl! that'll do, thanks
01:47 XenophonF the trick is that ?! operator, which is a negative lookahead assertion
01:47 XenophonF basically, it only matches if that string _isn't_ there
01:47 akunin was just gonna ask! exactly what I need
01:48 XenophonF http://perldoc.perl.org/perlre.html#Extended-Patterns has the details (scroll down to "Lookaround Assertions" in that section)
01:48 XenophonF it's a PCRE-only kind of deal
01:48 XenophonF i don't think regular, er, regular expressions can do that
01:49 voxpop joined #salt
01:49 notnotpeter joined #salt
01:50 XenophonF raspado: i use startswith in my templates, e.g., https://github.com/irtnog/shibboleth-formula/blob/master/shibboleth/idp/files/conf/metadata-providers.xml#L74
01:50 XenophonF and if you want, you could alwasy write your own execution module that lets you call re.match or similar
01:51 XenophonF (assuming that's not available already via jinja)
01:53 akunin joined #salt
01:56 DEger joined #salt
02:00 akunin joined #salt
02:01 raspado awesome thx XenophonF
02:01 XenophonF should i consider the contents of /etc/ssh/moduli security sensitive and thus something i should encrypt using the gpg renderer?
02:06 marie1972 joined #salt
02:06 marie1972 left #salt
02:08 flowstate joined #salt
02:12 DEger joined #salt
02:13 spuder joined #salt
02:15 akunin joined #salt
02:18 fannet joined #salt
02:18 bastiand1 joined #salt
02:18 spuder_ joined #salt
02:19 netcho joined #salt
02:23 spuder joined #salt
02:24 DEger joined #salt
02:30 systo joined #salt
02:32 tbrb joined #salt
02:37 netcho joined #salt
02:39 ThomasJ joined #salt
02:42 riftman joined #salt
02:43 DEger joined #salt
02:45 akunin joined #salt
02:46 lilvim joined #salt
02:50 akunin joined #salt
02:57 akunin joined #salt
02:57 subsignal joined #salt
03:00 akunin joined #salt
03:07 flowstate joined #salt
03:10 akunin joined #salt
03:12 debian112 joined #salt
03:12 MTecknology I'm starting to think it's time to switch to salt-ssh for my pi
03:15 akunin joined #salt
03:15 edrocks joined #salt
03:17 MTecknology got it down to a 3 min highstate, but it still beats the crap out of the thing :(
03:21 XenophonF well, one emacs kbd macro later and i've encrypted all of my custom ssh dh-gex moduli
03:21 XenophonF that sucked
03:21 XenophonF wow a 3min highstate on an rpi!
03:22 MTecknology 60 states
03:23 XenophonF i should take another stab at getting mine optimized
03:23 hemebond Switch to salt-ssh from what?
03:24 MTecknology salt-minion
03:24 hemebond Why would salt-ssh be any better?
03:25 MTecknology no agent, can be forced into a single thread
03:25 MTecknology probably give me a ten minute highstate that doesn't beat up on the thing
03:27 ixs joined #salt
03:28 MTecknology wvdial isn't proving to be all that incredibly reliable and tinc doesn't seem to like recovering from issues too well so it looks like I get to write a script that babysits those suckers until I replace them. Woohoo!
03:32 MTecknology Frick this is fun, though. I have one absurd home network!
03:35 akunin joined #salt
03:35 XenophonF man i feel ya!
03:36 XenophonF now if only i could convince work to fund my testbed here in my basement...
03:37 DEger joined #salt
03:40 akunin joined #salt
03:45 bowhunter joined #salt
03:45 akunin joined #salt
03:45 justanotheruser joined #salt
03:48 debian112 joined #salt
03:52 _W_ joined #salt
03:55 akunin joined #salt
03:58 __number5__ MTecknology: maybe what you need is ansible #troll
03:59 MTecknology XenophonF: frick, that'd be nice!
04:01 k_sze[work] joined #salt
04:07 flowstate joined #salt
04:08 debian112 joined #salt
04:12 akunin joined #salt
04:15 akunin joined #salt
04:15 spuder joined #salt
04:17 onlyanegg joined #salt
04:20 akunin joined #salt
04:22 nidr0x joined #salt
04:25 akunin joined #salt
04:30 akunin joined #salt
04:37 akunin joined #salt
04:45 akunin joined #salt
04:55 hemebond What is the option to NOT bootstrap a minion with Salt Cloud? I keep going through the docs but can't find it.
04:55 akunin joined #salt
04:58 notnotpeter joined #salt
05:01 jimklo joined #salt
05:03 DarkKnightCZ joined #salt
05:03 hemebond Oh, finally found it in an example at the bottom of a page.
05:04 cyborg-one joined #salt
05:05 Criggie hemebond: good spotting.
05:08 flowstate joined #salt
05:09 hemebond Does Salt Cloud just not work at all if you can't connect directly to the minion?
05:09 hemebond For EC2 that is.
05:15 akunin joined #salt
05:15 debian112 joined #salt
05:17 edrocks joined #salt
05:25 akunin joined #salt
05:28 GordonTX joined #salt
05:28 impi joined #salt
05:32 akunin joined #salt
05:40 akunin joined #salt
05:45 akunin joined #salt
05:50 akunin joined #salt
05:57 akunin joined #salt
05:57 felskrone joined #salt
05:59 fannet joined #salt
06:00 rdas joined #salt
06:00 jxm_ joined #salt
06:02 akunin joined #salt
06:05 akunin joined #salt
06:06 infrmnt joined #salt
06:08 flowstate joined #salt
06:13 __newb joined #salt
06:17 akunin joined #salt
06:18 bocaneri joined #salt
06:19 haam3r joined #salt
06:29 netcho joined #salt
06:41 debian112 joined #salt
06:43 rdas joined #salt
06:53 sgo_ joined #salt
06:56 ronnix joined #salt
07:07 flowstate joined #salt
07:10 harkx joined #salt
07:13 dilkington joined #salt
07:16 jimklo joined #salt
07:17 jimklo joined #salt
07:19 edrocks joined #salt
07:24 infrmnt joined #salt
07:25 dariusjs joined #salt
07:28 netcho joined #salt
07:39 John_Kang joined #salt
07:45 DEger joined #salt
07:45 keimlink joined #salt
07:56 mariusv joined #salt
07:56 mariusv joined #salt
07:59 mikecmpbll joined #salt
08:00 ronnix joined #salt
08:00 Rumbles joined #salt
08:05 krymzon joined #salt
08:05 DEger joined #salt
08:06 geomacy joined #salt
08:07 ronnix joined #salt
08:08 flowstate joined #salt
08:09 nethershaw joined #salt
08:11 ravenx joined #salt
08:11 ravenx can someone help me with the saltstack returner:
08:12 ravenx i have this in my /etc/salt/master:  http://paste.debian.net/836287/
08:12 ravenx doesn't seem to work, i see none of my messages being posted.
08:12 colttt joined #salt
08:12 ravenx do i need any other settings enabled in my /etc/salt/master?
08:14 dariusjs joined #salt
08:14 ronnix joined #salt
08:17 ozux joined #salt
08:19 GordonTX joined #salt
08:22 DEger joined #salt
08:24 Couch joined #salt
08:29 blue joined #salt
08:30 impi joined #salt
08:34 notnotpeter joined #salt
08:35 dariusjs joined #salt
08:37 haam3r joined #salt
08:38 debian112 joined #salt
08:39 DEger joined #salt
08:45 sfxandy joined #salt
08:47 coredumb is there a way to use a pillar value for a cmd.run from cli ?
08:53 s_kunk joined #salt
08:57 KingOfFools Sup guys. Is there standard way for generating hostnames in salt states?
09:05 DEger joined #salt
09:12 debian112 joined #salt
09:20 dariusjs joined #salt
09:20 GordonTX joined #salt
09:20 ravenx coredumb: you mean to pass ing pillar data from the cli?
09:20 DEger joined #salt
09:21 coredumb ravenx: yes as an argument to cmd.run module for that matter
09:21 edrocks joined #salt
09:21 babilen coredumb: What have you tried so far?
09:22 ravenx coredumb: yup, let me show you
09:22 coredumb babilen: cmd.run "{{ pillar[xxxx] }}"
09:22 coredumb noob testing :)
09:22 coredumb ravenx: thx !
09:22 ravenx coredumb: https://www.reddit.com/r/saltstack/comments/4orx4d/how_to_pass_variables_to_state_files_from_command/
09:22 saltstackbot [REDDIT] How to pass variables to state files from command line (salt-ssh) (self.saltstack) | 1 points (60.0%) | 4 comments | Posted by hatbeardme | Created at 2016-06-19 - 04:30:49
09:22 babilen coredumb: That should be: salt .... cmd.run pillar="{'foo': 'bar'}"
09:23 ravenx coredumb: check the pastebin in there, it's useful
09:23 babilen Ah .. no .. you want to reference a variable already in the pillar?
09:23 AndreasLutro just add template=jinja to the end of the cli command
09:24 coredumb babilen: yes pillar already here want to use the value
09:24 ravenx ah nvm then coredumb
09:24 ravenx my example is for passing variables to it
09:24 ravenx to override the existing ones.
09:24 ravenx my bad
09:25 coredumb np
09:25 coredumb AndreasLutro: it spits me a nice fat error in the face
09:25 snevs1 joined #salt
09:25 coredumb TypeError: unsupported operand type(s) for -: 'AliasedLoader' and 'StrictUndefined'
09:25 ravenx i have never done that, but to point you to the right direction, i think there may be something like pillar.get you can use.
09:25 babilen coredumb: I can only think of a two-tiered approach right now (pillar.get + json output + jq to get the pillar value)
09:25 ravenx > jq
09:25 * ravenx vomits
09:26 AndreasLutro coredumb: probably doing something wrong with the jinja then
09:26 ravenx lol
09:27 coredumb salt host cmd.run '{{ pillar[salt-minion-restart] }}' template=jinja
09:27 coredumb you tell me :D
09:27 AndreasLutro pillar['salt-minion-restart']
09:27 coredumb oh
09:27 AndreasLutro just like in sls files
09:27 babilen (and then double quotes around it)
09:27 AndreasLutro ^
09:28 coredumb yeah works OK !
09:30 coredumb thx AndreasLutro
09:32 fizmat joined #salt
09:33 fizmat joined #salt
09:36 DEger joined #salt
09:46 DEger joined #salt
09:50 daxomati1 joined #salt
09:59 dariusjs joined #salt
09:59 ivanjaros joined #salt
10:05 Hybrid joined #salt
10:07 n1ck-2 joined #salt
10:08 debian112 joined #salt
10:10 akw joined #salt
10:11 ntropy joined #salt
10:14 netcho joined #salt
10:16 deus_ex joined #salt
10:19 impi joined #salt
10:22 sebastian-w joined #salt
10:22 notnotpeter joined #salt
10:23 dariusjs joined #salt
10:24 sebastian-w Hi all. I'd like to print something machine readable from a salt runner. The return value doesn't really help me, as it should be True or False. Also, salt.output.foo doesn't really work, because ist just raises exceptions. any ideas?
10:34 daxomati1 joined #salt
10:39 netcho joined #salt
10:50 honestly sebastian-w: just print things...?
11:00 hlub am I correct that it should be possible to query mine with jinja within pillar SLSs?
11:02 AndreasLutro no
11:02 AndreasLutro pillars are rendered on the master, not the minion, so the mine data wouldn't necessarily be the same
11:03 hlub I was thinking that mine provides the same data for all of the minions.
11:04 AndreasLutro I think the master process doesn't have the same access to mine data.. or something like that
11:05 AndreasLutro I remember struggling with it
11:05 RandyT joined #salt
11:08 hlub my idea was to query the addresses of www backend machines from mine and write apache's proxy members based on them.
11:08 viq joined #salt
11:09 KingOfFools does anyone using salt with some docker cluster systems?
11:09 hlub it seems that in apache 2.4 thos configs should be located in vhost configurations, which are managed with file.manage. So, I don't know any other way to add those configurations.
11:16 oznt joined #salt
11:19 numkem joined #salt
11:19 amcorreia joined #salt
11:20 oznt hi everyone I am trying to apply a state from the rabbitmq formula and I encounter a strange issue: http://pastebin.com/epV67sjF can someone maybe help resolve this issue?
11:23 edrocks joined #salt
11:26 fizmat joined #salt
11:29 XenophonF hlub: i plan everything ahead of time and then push those configs to front ends
11:29 XenophonF not as elegant as service discovery using mine or coordinated deployment using orchestration
11:35 lorengordon joined #salt
11:38 hlub Found a quite long discussion about mine within pillar: https://github.com/saltstack/salt/issues/11509
11:38 saltstackbot [#11509][MERGED] Exception when using Salt mine from pillar | ```...
11:40 hlub I also tested mine.get before asking about it. It did neither raise exceptions nor give any warnings. instead it just returned nothing.
11:41 babilen hlub: The process of doing this is detailed on https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.mine.html#salt.modules.mine.get → Retrieving Mine data from Pillar and Orchestrate
11:46 hlub oh, babilen, thanks a lot! :)
11:46 bluenemo joined #salt
11:47 bluenemo hi guys. I want to start writing tests for my states. I was thinking something like jenkins, where I execute formulas twice, see if the second time they still have to do anything, and after that for exmaple check if an apache vhost was actually created. what are you guys using for such things?
11:48 dendazen joined #salt
11:52 DEger joined #salt
11:55 AndreasLutro bluenemo: I use serverspec
11:56 bluenemo AndreasLutro, that does look nifty! but that doesnt catch if the formulas are executing wo error, does it?
11:57 AndreasLutro no but you can pick that up separately
11:57 AndreasLutro i.e. if salt-call exits with >1 just exit right away
11:59 xmj silly question
11:59 xmj has anyone performed how much faster salt is, compared to ansible?
12:00 xmj especially with smaller setups
12:00 bluenemo AndreasLutro, thanks for your input! :)
12:00 ronnix joined #salt
12:03 dariusjs joined #salt
12:04 debian112 joined #salt
12:06 felskrone how can i convert (python) list in to a string? i need to get from this ['minion1','minion2'] to this 'minion1,minion2'
12:06 AndreasLutro ','.join(my_list)
12:07 felskrone found it
12:07 felskrone ah, thx anywqay :-)
12:10 notnotpeter joined #salt
12:13 bluenemo AndreasLutro, how would you use serverspec to test the presence of an apache vhost /etc/apache2/sites-available/foobar.com, where you defined   apache:vhosts:foobar.com   in the pillars? Do you render the tests via Salt?
12:15 AndreasLutro I don't do any of that
12:15 AndreasLutro if foobar.com is a production site then I use a monitoring tool to check that it's up
12:15 AndreasLutro but in dev/test we've just got hard-coded test domains that we test against
12:15 AndreasLutro describe command('curl -D - localhost -H "host: example.com"') do its(:stdout) { should contain 'HTTP/1.1 200 OK' }
12:16 bluenemo hm. If I could test if the values in pillar.example are valid, thats cool for me
12:16 bluenemo (which I can hardcode in the tests as they are "hardcoded" into pillar.example)
12:17 AndreasLutro might be possible to write some ruby to import the pillar yaml file
12:17 AndreasLutro to reduce hard-coding/duplication
12:17 bluenemo hm.. not think thats a good idea
12:17 bluenemo ideally i'd like to use py as well here
12:17 bluenemo but just because I prefer py over rb
12:17 AndreasLutro me too, but serverspec was the most mature tool I could find
12:18 bluenemo i se
12:18 bluenemo e
12:19 jchern joined #salt
12:21 jchern question about salt-cloud boron if someone can help?
12:21 bluenemo jchern, shoot
12:22 bluenemo dont ask to ask - just ask :)
12:23 edrocks joined #salt
12:24 qm0937 joined #salt
12:24 jchern updated salt-cloud recently from 2015.5 deploying vms through a vcenter
12:25 jchern now when I try to deploy a vm I get an error about invalid login creds... but, I am able to query vms on said vcenter
12:28 bluenemo jchern, query?
12:29 bluenemo I think we will need a good bit of more information
12:31 jchern I can run salt-cloud -f list_nondes vcent and get a return of all the nodes on the vcenter, so I know the creds in the providers.conf file is correct
12:32 Jimlad joined #salt
12:33 jchern when I try to run salt-cloud -p Base test, I get an error, vim.fault.InvalidLogin error, "Cannon complete login due to an incorrect user name or password"
12:35 ravenx anyone know why i can only post to slack as "ext_job_cache" but once I comment it on minion-side
12:35 ravenx and on master, i set "master_job_cache: slack"
12:35 ravenx i get this error:  Could not deserialize msgpack message.This often happens when trying to read a file not in binary modeTo see message payload, enable debug logging and retry. Exception: unpack(b) received extra data.
12:36 ravenx that was the result of running:   salt 'server' test.ping --return slack
12:37 kbaikov joined #salt
12:45 mavhq joined #salt
12:46 drawsmcgraw left #salt
12:46 sagerdearia joined #salt
12:54 amcorreia joined #salt
12:58 kbaikov joined #salt
13:04 teryx510 joined #salt
13:09 om joined #salt
13:20 amcorreia_ joined #salt
13:28 edrocks joined #salt
13:31 jchern joined #salt
13:37 jchern can file.blockreplace replace text in file with test from another file?
13:37 subsignal joined #salt
13:39 ALLmightySPIFF joined #salt
13:39 geomacy joined #salt
13:45 Rumbles joined #salt
13:48 subsignal joined #salt
13:50 Rumbles hi, I've got a server in AWS I've added to my salt master, when I firrst added it it used it's elasticIP as it's hostname (like "ec2-X-X-X-X.eu-west-1.compute.amazonaws.com")
13:50 Rumbles I renamed the host in minion_id, so in salt-key it appears with the right name
13:50 Rumbles but one of my states looks at grains.fqdn
13:51 Rumbles I see that is taken from python socket, but does anyone know the best way to update that to a defined value?
13:51 Rumbles because that's clearly not a hostname we would use
13:51 Rumbles e.g: https://paste.fedoraproject.org/433476/38569147/
13:52 jchern you may be able to use grains.setval
13:53 ravenx does anyone use saltstack returners?  for example on slack
13:53 ravenx is it possible to preserve the highstate output format
13:53 ravenx righ tnow it just's a wall of unstructured text, making it hard to read
13:53 DEger joined #salt
13:53 ravenx i've tried:  --output=highstate and it only formats it on the CLI
13:56 dendazen joined #salt
13:57 debian112 joined #salt
13:59 notnotpeter joined #salt
13:59 GordonTX joined #salt
14:02 GordonTX joined #salt
14:03 mpanetta joined #salt
14:04 numkem joined #salt
14:04 dariusjs joined #salt
14:04 mpanetta joined #salt
14:12 subsigna_ joined #salt
14:16 akhter joined #salt
14:16 edrocks joined #salt
14:22 Brew joined #salt
14:23 akhter joined #salt
14:23 ravenx basically, this is my slack channel rgiht now:  https://i.imgur.com/n6uIttb.png
14:24 ravenx is it possible tomake this prettier?
14:24 beardedeagle joined #salt
14:24 Tuxick ?
14:25 ravenx i get my returners to post to slack using the returners
14:25 ravenx salt 'server' test.versions_report --return slack
14:26 ravenx the output does get posted, but the format is hard to read, so i was wondering if there was a way to pretty it up in slack
14:26 XenophonF here i am freaking out that my gitfs pillar isn't working, and it turns out that i didn't actually commit anything to the underlying git repo
14:26 XenophonF duh
14:27 DEger joined #salt
14:27 snevs1 joined #salt
14:27 raspado joined #salt
14:27 jimklo joined #salt
14:28 ivanjaros joined #salt
14:30 raspado joined #salt
14:31 racooper joined #salt
14:32 sjorge joined #salt
14:32 XenophonF hm
14:32 viq huh, seems 2016.3.3 does not start on debian 7 if python-psutil is installed
14:32 XenophonF with the gpg renderer, can i encrypt a key (as opposed to encrypting a value)?
14:33 viq XenophonF: I think you could be able to encrypt arbitrary yaml sub-data, but better verify before you take my guess for it
14:35 debian112 joined #salt
14:36 XenophonF i'm not sure how i'd escape the PGP message
14:37 XenophonF maybe i could do something like `unused_key: &enckey | <multiline pgp message here>`
14:37 XenophonF and then use *enckey: for the key naem?
14:37 XenophonF i dunno
14:37 hamlesh joined #salt
14:37 viq https://pbot.rmdir.de/QeJgka4tDEbQt1oWX4bc6Q
14:37 XenophonF i've got a reactor script where the event ID has a secret in it, but maybe that's poor design on my part
14:38 viq mhmm
14:38 XenophonF no - i want to encrypt the key, not the value
14:38 XenophonF so something like `<PGP message>: value` instead of the more customary `key: <PGP message>`
14:41 XenophonF i dunno - that webhook is broken anyway
14:41 DEger joined #salt
14:41 armonge_ joined #salt
14:42 barmaley joined #salt
14:42 barmaley joined #salt
14:43 XenophonF the reactor is supposed to check the github hook secret anyway, so maybe there's no need to have a special hook url for github to call
14:43 XenophonF i dunno - i wish i could protect the interface using oauth2
14:43 XenophonF like a proper rest api
14:44 cscf XenophonF, I agree, that sounds like poor design at first glance.
14:44 XenophonF well, it's perfectly understandable for a v0.1
14:44 cscf Sure
14:44 XenophonF they've gone through a couple of iterations of salt-api, too, whether cherrypy, tornado, etc.
14:45 XenophonF i think for now i'm just going to comment out the reactor config
14:45 XenophonF i'm trying to get all my sensitive pillars encrypted, and this is the last one
14:45 hasues joined #salt
14:46 viq Well, there goes issue #36533
14:47 heaje joined #salt
14:47 XenophonF that's an odd issue to have
14:48 viq I'm good at encountering those.
14:48 Trauma joined #salt
14:49 kusen joined #salt
14:49 hasues left #salt
14:50 eclaire joined #salt
14:51 irctc454 joined #salt
14:53 moos3 joined #salt
14:56 Tuxick speaking of keys, is there a proper way to have stuff like keys/certs in pillar now?
14:56 StolenToast can I make an archive state not fail if the folder I want it extracted to already exists?  Make it extract into the pre-existing dir?
14:56 Tuxick having to paste it into a file and indenting it is a bit of a pain
14:56 akhter joined #salt
14:58 StolenToast the only control the archive state seems to give me regarding this is setting a new, different folder to look for and if that folder exists it will fail
14:59 StolenToast I have one cmd state with a cwd that fails if the folder doesn't exist, and an archive that fails if it does exist, and I can't really figure out how to recitfy this
14:59 StolenToast the problem is this script that the cmd state runs is something by intel and HAS to be launched as "./INSTALL", so the cwd directive is necessary
15:00 StolenToast it will arbitrarily break if that's not how it's evoked
15:00 jrklein joined #salt
15:04 XenophonF StolenToast: can you post the states to gist.github.com or something? i'm having a tough time following you
15:04 XenophonF I have a formula that does something similar.
15:04 XenophonF https://github.com/irtnog/shibboleth-formula/blob/master/shibboleth/idp/init.sls
15:05 XenophonF it creates the destination dir that the installer will make, unzips the installer to a subdirectory of that, and runs the installer.
15:05 viq Tuxick: I think there is now something about having pillars from files
15:05 StolenToast yeah it's a pretty complex thing, installing a support stack and compiling clients and a kernel...
15:05 XenophonF understood
15:06 StolenToast http://hastebin.com/uyitopunec.rb
15:06 XenophonF i actually had to wrap the vendor's installer due to silliness on their part
15:07 StolenToast this installer is irksome because the process requires a reboot after compiling and installing the new kernel
15:07 XenophonF ugh a pastebin that i have to enable javascript for :(
15:07 XenophonF oh
15:07 StolenToast but then there is a subset of tasks to do right after booting with the NEW kernel but before the final client packages are installed
15:07 StolenToast I can rehost if you want
15:07 XenophonF well unfortunately in that case you are likely going to need two different states
15:07 XenophonF nah just giving you a hard time :)
15:07 StolenToast there's actually two or three already
15:08 XenophonF and maybe you'll need to look at orchestration, too
15:08 StolenToast I could post the other part but the problem is localized to this state
15:08 xnavy joined #salt
15:08 StolenToast this state works under certain conditions, like if you boot up cold
15:08 Tuxick viq: i saw some terrible hack a while ago
15:09 XenophonF StolenToast: i'm a little confused by the ordering of states and dependencies here
15:09 StolenToast no surprise...
15:09 viq Tuxick: https://garthwaite.org/virtually-secure-with-openvpn-pillars-and-salt.html ?
15:09 StolenToast I'll try to list them in order
15:09 XenophonF for sanity's sake, you might want to re-order them in the file
15:09 XenophonF just to make it easier to read
15:10 viq Tuxick: https://docs.saltstack.com/en/latest/ref/pillar/all/salt.pillar.file_tree.html
15:10 armonge joined #salt
15:10 StolenToast well conceptually speaking the archive is extracted first, the cmd is run second (reboot), the file and pkg states run in no particular order (reboot), some other minor configs
15:11 spuder joined #salt
15:11 Tuxick haha, using remote repo :)
15:11 XenophonF so if i understand this, you're installing something (i.e., the included pkg state), editing /etc/fstab, then untarring something, then running the installer, then installing some more packages
15:12 XenophonF no you have a dependency in the archive state on the /etc/fstab one
15:12 StolenToast untar, cmd, pkg and then everything else is basically irrelevant and can happen whenever
15:12 StolenToast the new kernel has to be in place before the pkg can install, or else it fails kernel dep
15:13 XenophonF in place as in running?
15:13 StolenToast that's why it requires the cmd
15:13 StolenToast yeah, installed and currently running
15:13 StolenToast which is why I have to reboot the first time
15:13 XenophonF move the pkg: lustre_client_phi state into a separate SLS to be called after reboot
15:13 StolenToast after the packages are installed and configuration is done it needs one more reboot to load all the modules
15:14 Tuxick viq: ok, will have another look at ext_pillar again
15:15 Tuxick after weekend :)
15:15 viq Tuxick: check the second link first, now it's an officially available way
15:16 Tuxick ye the other one is not what i had in mind :)
15:17 StolenToast XenophonF: I'll look into that, I need to make sure it gets installed before the second reboot
15:18 rem5_ joined #salt
15:20 sjorge joined #salt
15:20 nidr0x joined #salt
15:22 StolenToast the two things that are hindering me are that archive won't extract if the destination already exists and that '- cwd' will cause a state to fail if that dir doesn't exist EVEN IF the state is passed over because of an "unless" condition
15:22 StolenToast maybe i can try "cd"ing in that cmd string
15:23 _JZ_ joined #salt
15:23 teryx510 joined #salt
15:24 XenophonF iirc that's why i put the installer into a subdir of the destination
15:25 flowstate joined #salt
15:25 StolenToast amazingly it seems just "cd"ing worked
15:25 StolenToast but I'll need to do one more "wet" test to find out
15:27 patrek joined #salt
15:27 spuder joined #salt
15:32 XenophonF awesome - good luck!
15:32 sjorge joined #salt
15:32 akhter joined #salt
15:37 DEger joined #salt
15:37 raspado joined #salt
15:39 raspado hi all... just need a little bit of help, I need to call a python module on a minion running "salt-call temp_backup.run_backup" doing this, it calls the modules from /var/cache/salt/minion/extmods/modules/, is there a way I can do a salt-call to a diff directory like /tmp/temp_backup.py.backup ?
15:40 raspado The reason why I cant place the script in extmods/modules is because its managed by salt and it will clear the script on the next scheduled run
15:43 raspado actually... i have an idea nm
15:44 babilen raspado: augment the module search path, file.managed + reload_modules ?
15:45 DEger joined #salt
15:47 notnotpeter joined #salt
15:50 akhter joined #salt
15:54 tiwula joined #salt
15:57 dyasny joined #salt
15:59 beowuff joined #salt
16:02 bowhunter joined #salt
16:02 wangofett Random question - does anyone do code deploys with Salt? Or know of some blog posts/videos where people talk about how they have it setup? Or do people typically do their code deploys out-of-band, and just get the servers setup with salt?
16:03 XenophonF alright!  pillar values are all encrypted, and pillar data is uploaded to a private git repo!
16:03 XenophonF wangofett: i do
16:04 XenophonF i deploy code off github using release tags
16:05 XenophonF i'm afraid that i don't have an example i can share with you publicly
16:05 wangofett So you've got a state that pull the most recent release down?
16:05 XenophonF yeah, a git.latest state that clones from a tag
16:05 XenophonF so say there's a repo full of php code
16:06 XenophonF and it's got release tags like v1.0, v1.1, etc.
16:06 wangofett Do you have a release-only branch? (Trying to wrap my head around how that works in git+salt)
16:07 DEger joined #salt
16:07 wangofett or can you specify tags with salt?
16:07 XenophonF hm, there's a master branch
16:07 XenophonF and there are experimental branches, e.g., we have mobile UX work going on in its own branch
16:07 XenophonF yeah, you can specify tags with salt
16:08 XenophonF the development of this particular code base is pretty linear
16:08 wangofett So do you change your salt state when it's time to release? or is just just a `state.highstate` and then whatever is out there since the last time you ran gets fired off?
16:08 XenophonF i change a version pin in pillar
16:09 XenophonF i wrote the states like a formula, so there's a default version there, too
16:09 XenophonF 6 of one, half-dozen of the other
16:10 XenophonF the way i have that set up is that each version gets cloned into its own directory
16:10 XenophonF with a symlink to the live one
16:10 wangofett I was actually wondering about that part, too :)
16:10 XenophonF makes downgrading easier
16:11 wangofett I wasn't sure what kind of potential breakage is there if you have a repository that's cloned and someone accesses a page in the middle of cloning :P
16:11 XenophonF that's why i have the symlink
16:11 XenophonF the new version isn't live until the symlink gets updated
16:12 XenophonF alternatively, the new version doesn't go live until you push the updated webserver config with the new doc/app root
16:12 XenophonF again, lots of potentially good approaches here
16:12 wangofett I had been working with that approach at one point, but I wasn't really fond of how I had things setup...
16:12 XenophonF i like the symlink because i can claim to people who don't know better than there's never an outage
16:12 wangofett heh.
16:12 XenophonF as if restarting httpd or something is an outage but whatever
16:13 XenophonF again YMMV
16:13 wangofett I always wonder about that but I have no clue how you'd actually test that...
16:14 wangofett i.e. does anything drop when you're restarting a server with a different path or something
16:14 XenophonF we also have the luxury of being able to plan maintenance outages
16:14 XenophonF b/c even though we're 24x7, we don't have so many users where they're constantly hitting these services
16:14 XenophonF it does
16:14 XenophonF e.g., SSL sessions will get disconnected
16:15 XenophonF any ephemeral session state gets lost if it's only ever in-memory
16:15 XenophonF in our case there's a database backend holding that stuff
16:15 spuder_ joined #salt
16:15 XenophonF so front end restarts aren't a big deal
16:16 wangofett does the browser notify that SSL sessions are disconnected, or are they smart enough to recover that?
16:16 kusen joined #salt
16:16 XenophonF the user's won't notice
16:16 wangofett it just has to do a new handshake?
16:16 XenophonF maybe back in Ye Olden Tymes they would, back when ssl was slow enough for people to only turn it on when necessary and dinosaurs roamed the earth
16:17 XenophonF but now the handshakes happen so quickly that if you blink, you miss it
16:18 pipps joined #salt
16:20 bluenemo is sth like this possible in jinja?   {% set inet_ifaces = [iface for iface in networking['interfaces'] if iface['type'] == "inet" and not iface['enableipv6']] %}   it gives me   Jinja syntax error: expected token ',', got 'for'
16:20 XenophonF no
16:20 XenophonF you can't do that
16:20 bluenemo why not?
16:21 XenophonF jinja is a distinct programming language from python
16:21 babilen (and horribly restricted)
16:22 bluenemo ok. will resort to a py file
16:22 XenophonF yup
16:22 StolenToast well it's a templating language, so it can do whatever templating languages can
16:22 XenophonF exactly
16:22 StolenToast which isn't that much
16:22 XenophonF well, it's quite a bit better than the c preprocessor!
16:22 bluenemo you can write salt modules for further fancyness ;)
16:22 XenophonF :)
16:22 ageorgop joined #salt
16:23 XenophonF i personally wish i could so something like python's any in jinja
16:23 XenophonF alas
16:23 svs joined #salt
16:23 StolenToast sometimes jinja forces me to indent my states in a really weird way
16:24 svs left #salt
16:24 saltstackbot KeyError: Identifier('svs') (file "/srv/sopel/.virtualenvs/sopel/lib/python3.4/site-packages/sopel/tools/target.py", line 65, in clear_user)
16:25 notnotpeter joined #salt
16:25 bluenemo StolenToast, i know your troubles ;)
16:25 Mantas joined #salt
16:25 Mantas left #salt
16:26 wangofett bluenemo: you should be able to do something liek {% for iface in networking['interfaces'] %}... {% endfor %}
16:27 bluenemo yes, sure
16:28 wangofett XenophonF: you mean something like http://jinja.pocoo.org/docs/dev/templates/#reject ?
16:29 onlyanegg joined #salt
16:29 pipps joined #salt
16:31 bluenemo how do I write {% from 'foo/defaults.yaml' import foobar %}  in a state using the py renderer? in defaults.yaml I have a statement   {% load_yaml as foobar %}  foo: bar {% endload %}
16:31 pipps joined #salt
16:31 XenophonF no i want `any` so i can ask whether a list of keys (or values) lives in a given dict
16:31 XenophonF instead of having to write a nested loop in jinja
16:32 MTecknology bluenemo: what is foobar?
16:33 pipps joined #salt
16:35 MTecknology if it's a key, that'll work
16:35 mpanetta joined #salt
16:35 * MTecknology needs to read more betterer ... sorry
16:36 sagerdearia joined #salt
16:37 bluenemo MTecknology, http://paste.debian.net/836587/
16:37 XenophonF bluenemo: import yaml and call yaml.safe_load the same as the jinja renderer?
16:38 bluenemo XenophonF, in that case, defaults.yaml should not start with {% load_yaml as 'foobar' %}
16:38 bluenemo (if I just use py to load a yaml file)
16:38 sjorge joined #salt
16:38 bluenemo I would like to also use the salt way - the code that was used in jinja for   {% from 'foo/defaults.yaml' load foobar %}
16:39 bluenemo where / what is that :)
16:39 abonilla joined #salt
16:39 abonilla moin -
16:40 abonilla has anyone seen an error while running salt-run cloud create "'cloud-create' is not available." ?
16:41 __newb joined #salt
16:44 mikecmpbll joined #salt
16:44 MTecknology abonilla: sorry to ask the obvious, but is cloud-create available on the system?
16:45 Nick77 joined #salt
16:45 abonilla MTecknology: yes. 2015.8.12.7
16:46 abonilla arrg, .. 8.7
16:46 abonilla do I need .12 ?
16:46 jimklo joined #salt
16:46 Nick77 Anyone know the format of the config parameter of lxc.bootstrap? https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.lxc.html#salt.modules.lxc.bootstrap
16:49 ahammond How can I query salt-minion uptime (not the machine uptime, but how long the minion has been up and running)?
16:49 ahammond abonilla yeah, that usually means that you haven't defined the driver you're trying to use.
16:49 ahammond abonilla or you have a typo in the driver name.
16:49 wangofett ahammond: first guess would be ps... something
16:49 debian112 joined #salt
16:49 wangofett (just a guess, though)
16:52 Nick77 ahammond example ps -p PIDofSalt-minion -o etime=
16:53 keimlink joined #salt
16:54 hasues joined #salt
16:59 akhter joined #salt
17:03 frew anyone know where teh salt-api logs to?
17:03 frew well actually
17:03 frew I know it logs to the master log
17:03 frew but I'm not seeing an error or anything more fine grained for the reactor I'm working on
17:03 frew anyone have any tips on debugging?
17:03 pipps joined #salt
17:03 beardedeagle yeah
17:04 beardedeagle launch master in debug mode
17:04 beardedeagle salt-master -l debug
17:04 beardedeagle watch it as you fire off your reactor
17:04 frew beardedeagle: thanks, I'll try that.
17:09 __newb joined #salt
17:11 ahammond wangofett Nick77 thanks, got it.
17:12 subsignal joined #salt
17:12 spuder joined #salt
17:12 sgo_ joined #salt
17:12 onlyanegg joined #salt
17:15 ageorgop joined #salt
17:19 jimklo_ joined #salt
17:23 s329 joined #salt
17:24 __newb joined #salt
17:25 s329 left #salt
17:26 igloo_ joined #salt
17:26 Edgan joined #salt
17:28 igloo_ Hi everyone. Quick question. We just got our Master and Minion set up. I can SSH into the Master and send commands to the Minon. Is there a way to send commands to the Minion from my local machine i.e., without SSHing into Master?
17:29 bluenemo igloo_, use a vpn, install salt-master on your laptop ;)
17:30 bluenemo otherwise not as far as I know
17:30 bluenemo you can have a master of masters though
17:31 jimklo joined #salt
17:31 igloo_ All right, cool. Thanks for your answer.
17:34 wangofett igloo_: The preference is that you don't. That's the whole point of having a Master ;)
17:36 pipps joined #salt
17:36 igloo_ That makes sense.
17:37 cscf igloo_, also, if you find it too much trouble to ssh, install an ssh key.
17:40 igloo_ That's helpful.
17:40 Edgan igloo_: salt-api, I believe
17:40 cro joined #salt
17:41 __newb joined #salt
17:41 Edgan igloo_: I am pretty sure that is how the jenkins plugin does it
17:43 igloo_ Nice. Looks like that could work.
17:45 spuder joined #salt
17:46 cro joined #salt
17:47 DEger joined #salt
17:47 cmarzullo yeah salt ip.
17:48 cmarzullo You can setup rundeck or jenkins to send commands to it
17:48 jimklo joined #salt
17:53 nicksloan joined #salt
17:54 DEger joined #salt
17:55 beardedeagle @igloo_ : there is pepper
17:55 beardedeagle https://github.com/saltstack/pepper
17:56 beardedeagle no support for python3 though, I have a replacement I am about to release though that would fix that.
17:58 viq Also stackstorm has support for salt
17:58 viq And there's https://docs.saltstack.com/en/latest/ref/engines/all/salt.engines.slack.html
17:58 cro joined #salt
17:59 beardedeagle that is wide open though, better to build out your own err-bot bot with perms set imo
18:00 beardedeagle (in reference to the slack engine)
18:00 viq Though it has 'validusers' setting
18:00 viq erm, 'valid_users'
18:01 beardedeagle I like to get really granular with perms based on user and channel
18:01 cmarzullo viq: no I haven't used hubblestack. I'm interested in it though. atleast what it could bring to the table.
18:01 beardedeagle use err-bot over here to provision servers in openstack so I am probably partial
18:02 viq err-bot?
18:02 beardedeagle http://errbot.io/en/latest/
18:02 viq Ah, thanks
18:02 beardedeagle let's you build your own chat bot basically
18:03 beardedeagle which I tied into a library I wrote for consuming the salt-api
18:04 Sketch provision servers from irc?
18:04 mariusv joined #salt
18:04 beardedeagle yup
18:05 beardedeagle err, sorry, slack
18:05 beardedeagle but I am sure you could from irc as well with minimal tweaking
18:05 Sketch that's...interesting :)
18:05 jimklo joined #salt
18:06 oida joined #salt
18:08 cro joined #salt
18:09 viq Sketch: google chatops
18:10 jimklo joined #salt
18:11 viq hah, there are at least two salt integrations for err
18:12 cscf Chatops?  that's pretty interesting
18:13 MTecknology What are the rules on when you can use true/false in sls instead of True/False? What do the actually evaluate to otherwise?... I've seen crashes from this typo and I'm trying to clean it up in the repo, but I'm struggling because I want to fully understand the impact of these changes.
18:13 beardedeagle @viq: depending on what you are doing it is better to write your own integration
18:14 viq beardedeagle: depends how good programmer you are. Me, I'm _starting_ to learn python :P
18:14 cscf MTecknology, I am interested to know this too.  I assumed that "true" evaluated to the string "true", or maybe a non-existent keyword "true" and this was invalid.
18:15 hasues left #salt
18:15 MTecknology cscf: I would have assumed that as well, in all cases, true and false would both be strings that were True
18:15 alxchk joined #salt
18:16 cscf MTecknology, why, because a non-empty string is True?
18:16 MTecknology yup
18:17 Edgan MTecknology: on/off, true/false are turned into True/False
18:17 erlang789 joined #salt
18:17 Edgan MTecknology: Put single quotes around things you don't want changed
18:17 Edgan MTecknology: 'on' 'off' 'true' 'false'
18:17 jimklo joined #salt
18:17 cscf Edgan, then why have I had errors too, which were fixed by changing it to capitalized True?
18:17 erlang789 Hello. I cannot seem to find a way to checkout a git repo, make sure its at a certain branch, then compile it.  I want the compile step to depend/include the checkout.  Anyone can help?
18:18 erlang789 I can have it work sequentially, but I rather the comile step check and make sure the repo is there first, and its on the correct checkout hash
18:18 Edgan cscf: What is the context? I am speaking of jinja variables turning into values in a configuration file via a jinja template
18:19 cscf Edgan, oh sorry, I am talking about salt states, ' - thingy: true '
18:19 Edgan MTecknology: I originally thought it was jinja doing it, but after reading more about yaml, I think it is actual the yaml parser doing it.
18:20 __newb joined #salt
18:20 erlang789 I have something like this.  https://gist.github.com/anonymous/cd4af81b22c2556022ba3668a85e27a5  It works because it excutes sequentially.
18:20 Edgan MTecknology: Though I have actually confirmed which it is. I just work around it.
18:20 erlang789 But I rather the compilation step ensure the hash + repo is there
18:21 Edgan erlang789: your cmd.run makes me want to cry it is so ugly
18:22 Edgan erlang789: you can handle the package installing Way better
18:22 erlang789 Edgan: If I knew how to write multiline string in the sls I would break up the unless :P
18:22 viq erlang789: require: - git: https://github.com/erlang/otp
18:22 viq or even better, cmd.wait ant watch: - git
18:22 Edgan erlang789: pkg.install your dependencies, and use a map jinja to hold the lists
18:23 Edgan erlang789: and don't compile per machine, make a rpm/deb
18:23 viq fpm is great for making packages easily
18:23 Edgan erlang789: and git.latest, wtf
18:23 Edgan viq: yes
18:23 erlang789 viq, Edgan: Let me try all that, sec thanks for the help
18:23 Edgan erlang789: That whole thing is a disaster.
18:24 beardedeagle love fpm
18:24 abonilla joined #salt
18:24 Edgan erlang789: over time, if you build multiple machines with you will get slightly different versions of erlang, and if you run it repeatedly on the same machine you will be updating it every time there is a new commit to the repo
18:24 jimklo joined #salt
18:25 erlang789 Edgan:  Because I find myself often recompiling erlang as the minor releases are pretty quick, thats why I dont have rpm.   The release tags dont get pushes OTP-19.1 is a release tag, its final
18:26 Edgan erlang789: then why latest?
18:26 erlang789 Edgan:  no idea its what worked?
18:26 viq erlang789: still, if you have more than one machine, it'll probably make your life easiest to build a package
18:26 Edgan erlang789: You could use jenkins or something to build once, add it to the repo, and install that
18:26 Edgan erlang789: https://paste.fedoraproject.org/433624/65515914/
18:27 Edgan erlang789: example map.jinja that gives you a piece of how to deal with the Fedora vs Debian package lists
18:27 jimklo joined #salt
18:28 erlang789 viq: its debatable, sometimes one finds themselves patching erlang source code, with a package youl have to repackage constantly
18:28 Edgan erlang789: automation is your friend
18:29 Edgan erlang789: a jenkins job can poll or web hook watch a git repo and auto build your rpm and deb
18:29 viq erlang789: exactly. With automation and packages you'll have to do it only once for all your machines, instead of on each of them
18:29 erlang789 Edgan: Yea but now jenksins needs to be setup, the hooks ned to be setup, those can fail
18:29 erlang789 you now have to maintain an extra service
18:29 erlang789 etc
18:29 Edgan erlang789: anything can fail, and salt is 10x more likely to fail on a per machine basis than one jenkins
18:30 ajw0100 joined #salt
18:30 debian112 joined #salt
18:30 erlang789 Edgan: Really? I thought salt was pretty fault tolerant
18:30 Edgan erlang789: you are wasting minutes of run time per run of this thing
18:30 erlang789 it doesnt do anything if the unless succeeds
18:30 Edgan erlang789: your salt formula depends on many other things being just right
18:30 erlang789 Edgan: that why I came here for help
18:31 erlang789 Edgan: To make the formula work correctly, vs sequentially
18:31 abonilla Is there a doc that explains how to use salt-cloud against aws but with no vpc?
18:31 Edgan erlang789: also if you refuse to do it write, at least make the make stuff a shell script and excute that instead of spamming the salt code
18:32 Edgan I mean right
18:32 abonilla I get a AWS Response Status Code and Error: [400 400 Client Error: Bad Request] {'Errors': {'Error': {'Message': 'Network interfaces and an instance-level security groups may not be specified on the same request', 'Code': 'InvalidParameterCombination'}}
18:33 erlang789 Edgan: I am fixing it up.. o.o what do you mean refuse to do it right?
18:33 Edgan abonilla: IMHO, salt-cloud both sucks at what it does do, and doesn't do enough of what I think it should do
18:33 Edgan erlang789: build once, deploy many vs compile per machine
18:34 Edgan erlang789: an example of how things can go a little funny with per machine compiles
18:34 erlang789 Edgan:  If I add freebsd to the mix I have to maintain 3 diff packages, and build them all
18:34 erlang789 Edgan: THis salt recipe is to sanely setup a dev environment
18:34 erlang789 Edgan: This is not to deploy to 1000 servers
18:35 Edgan erlang789: You run this against a machine today and you have version 5.1 of the mysql library, and so it compiles against that. You do it months later on another machine and it gets 5.5 via updates. So it compiles against 5.5. Now you have two builds that are going to behave differently.
18:36 erlang789 Edgan:  Thats true in production, and I can se it happening around openssl librayr versions etc. But for me to vet all that
18:36 erlang789 Edgan: is not worth my time, il have a dedicated sys admin do that for the release version
18:36 MTecknology Edgan: My coworker pointed me at the documentation and apparently I've been doing it wrong. :(
18:37 cro joined #salt
18:37 erlang789 Edgan: its not my speciallity to setup working deployments and systems, im just a dev. I want to use saltstack for setting up dev enviro
18:37 Edgan erlang789: There is the term, throwing the pig over the wall. If you do it one way in dev and you leave it to the sysadmin to sort out in prod, you are throwing the pig over the wall.
18:38 Edgan erlang789: You want dev through prod environments to be as like as possible
18:38 jimklo joined #salt
18:38 Edgan erlang789: Work with the sysadmin to do it right the first time, save you both time and trouble. Which is doing it the devops way.
18:38 erlang789 Edgan: So you want me to push a change to erlang/otp, then compile a release, then redeploy?  Vs just checking out to the correct commit, recompiling, and testing?
18:38 erlang789 Why would I complicate things by generating a rpm each time
18:39 erlang789 When I am developing?
18:39 erlang789 I want salt to easily cehckout a certain commit hash, on diff systems and enviros
18:39 erlang789 Recompile
18:39 erlang789 Run
18:39 Edgan erlang789: the rpm can be as simple as fpm -s dir -t rpm -n erlang -v 1.2.3 .
18:39 dtsar_ joined #salt
18:39 Edgan erlang789: Are you only running this on your laptop?
18:40 erlang789 Edgan: Any development enviro
18:40 DenkBrettl joined #salt
18:40 erlang789 Edgan: Ex: deploy to 2 diff servers
18:40 erlang789 Edgan: Test, etc
18:40 erlang789 so a laptop can quality too
18:40 Edgan erlang789: if it is more than one machine, rpm is the right way. If it is just your laptop, write a shell script and be done with it
18:41 erlang789 Edgan: So saltstack does not support compiling things from source?
18:41 erlang789 Edgan: Is kind of what we are getting at
18:41 Edgan erlang789: it can, but it is abusing it, IMHO
18:41 cscf compiling from source is not normally a thing one does on servers
18:42 erlang789 Edgan, cscf:  Again I am just developer, really I do not see a problem with it. If I was deploying 100 or 1000 servers I do. If I am deploying 1-2?
18:42 erlang789 I dont see why I need to compliate things get fpm to work, etc
18:43 Edgan erlang789: I am an ex-sysadmin, and now devops. So I admit I have a certain perspective. I see salt as a tool for scaling past one machine. As soon as you do that, salt is good and there are best practices. On one machine, if you are going to do something repeatedly just write bash, python, or ruby scripts.
18:43 erlang789 Then I need to keep copies of that fpm around
18:43 erlang789 I cant just copy_paste the recipe
18:43 erlang789 its a hassle
18:43 erlang789 more is less
18:43 Edgan erlang789: fpm would be handled by jenkins on a jenkins slave
18:43 dtsar_ hi all, i'm reading the docs about state "promotion" between environments (i.e. dev, qa, prod) https://docs.saltstack.com/en/latest/topics/tutorials/states_pt4.html
18:44 erlang789 Edgan: Then i need to keep jenkins around, make sure its up, etc
18:44 Edgan erlang789: I think you mean less is more
18:44 Edgan erlang789: let the sysadmin help you with that
18:44 erlang789 Edgan: no more is less. Adding more can give you less
18:44 dtsar_ is it fair to say that using the gitfs backend accomplishes the same thing using branches and doesn't require maintaining the duplicate relative directory structures between the three envs?
18:44 Edgan erlang789: you don't unless the trouble it would save both you and him
18:45 Edgan dtsar_: yes, though be careful. Because you can stack environments, say a base and dev env, it reads the top.sls of all branches
18:45 dyasny joined #salt
18:46 dtsar_ so the advice to have a single repo with only the top.sls should be implemented?
18:46 Edgan dtsar_: I was left scratching my head of why when I started doign includes in my top.sls of other broken out sls files why I was suddenly getting top render errors
18:46 akhter joined #salt
18:46 dtsar_ seems like a pain to maintain, but still less painful that the merging of multiple top files, i guess?
18:47 edrocks joined #salt
18:47 Edgan dtsar_: I like gitfs for not having to do the git clone on fresh servers, more automation. Many people who have tried salt environments via gitfs have run away screaming and use the multiple git clone method
18:47 bowhunter joined #salt
18:47 dtsar_ oh, i love the gitfs from initially using it
18:48 Edgan dtsar_: my solution was to limit it to one branch instead of scanning them all, but that means no salt envs as branches
18:48 cscf I like the idea of gitfs, but I spent way too long fighting with it.
18:48 dtsar_ but haven't used the power of the environments yet
18:48 cscf I should probably try it again.
18:48 cro joined #salt
18:48 Edgan dtsar_: same here
18:48 babilen Edgan: Environments are rather painful anyway
18:48 Edgan dtsar_: I ended up making a production repo, and then making development a fork of production in github.com
18:49 Edgan dtsar_: then I pull request from development to production
18:49 dtsar_ i'm trying to explore it now to better manage developer local instances
18:49 sagerdearia joined #salt
18:50 esc\ joined #salt
18:51 Edgan dtsar_: native osx? vagrant?
18:54 Edgan I side step the need for more branches by using salt-ssh while writing/testing salt code
18:56 erlang789 Is there a way to chain login in a .sls
18:56 erlang789 logic*
18:56 cro joined #salt
18:57 Edgan erlang789: login?
18:57 erlang789 logic
18:57 erlang789 using ifs perhaps or cases
18:57 Edgan erlang789: example please
18:57 babilen There is: http://jinja.pocoo.org/docs/dev/templates/#if
18:57 babilen erlang789: ^
18:58 erlang789 if ./prog -v == "5.0" do this else do_that
18:58 babilen Or use one of the many other renderers: https://docs.saltstack.com/en/latest/ref/renderers/all/
18:58 erlang789 babilen: ty loking
18:58 Edgan erlang789: yes, you already know you can do if statements
18:59 erlang789 babilen: No this isnt what I ment
18:59 Edgan I looked at some of the alternatives to jinja, didn't find any better. Though not really a fan of jinja either.
18:59 erlang789 babilen: This does not allow you to chain calls this is just templating
18:59 Edgan erlang789: if you want to get Really fancy, you can write sls like stuff in python
19:00 babilen In which case I'm not entirely sure what you refer to by "chaining", but it sounds as if it is a little bit out of line with salt's "descriptive" approach
19:00 erlang789 Edgan: That would probably be simpler then using jinga lol
19:00 Edgan erlang789: but I feel like you are trying to shoe horn salt into don't something it isn't really meant to do
19:00 babilen You don't tell it how it's done, but what should be done
19:00 babilen And your "chaining" sounds as if you want to use salt in a way it wasn't designed for
19:01 erlang789 babilen: like I want it to check state1, state2, state3, if all pass do state4
19:01 erlang789 otherwise state4 will fail, it depends on state1 2 3
19:01 Edgan erlang789: that is built into the language if you turn on failhard: True
19:01 babilen You can express that with requisites
19:01 Edgan erlang789: it will fail on first error
19:01 sgo_ joined #salt
19:01 Edgan erlang789: which IMHO, should be the default
19:02 erlang789 Edgan: Ah yea I want it to completely stop. failhard: True would go at the very top of the main stae?
19:02 Edgan erlang789: in the /etc/salt/master if master mode
19:03 Edgan erlang789: don't know how universial it is, but also looks like you can say - failhard: True on a file.managed
19:03 Edgan https://docs.saltstack.com/en/latest/ref/states/failhard.html
19:04 Edgan I prefer the global method
19:04 babilen It can be defined per-state or globally
19:04 babilen Not sure how commonly it is used.
19:04 erlang789 Edgan: sweet, ty, so now I probably need a folder structure like so?   /srv/salt/erlang/init.sls,  /srv/salt/monitor/init.sls, /srcv/salt/kernel/init.sls, /srv/salt/main/init.sls   Then main will set the order of the states?
19:04 erlang789 kernel is alittle complex because it sets tings like ioctcpus and a reboot is required
19:05 Edgan erlang789: yeah, you can do that, or foo/erlang.sls foo/main.sls
19:05 akhter joined #salt
19:05 babilen erlang789: States are being run top-to-bottom and you can force a certain order with requisites
19:05 Edgan erlang789: I prefer to do it like erlang/init.sls, erlang/users.sls, erlang/files.sls, erlang/pkgs.sls, erlang.services.sls
19:05 babilen erlang789: And you can easily react to reboots: https://docs.saltstack.com/en/latest/ref/states/all/salt.states.saltmod.html#salt.states.saltmod.wait_for_event
19:05 erlang789 babilen: guessing its alphabetical order then of the filenames>
19:06 Edgan erlang789: you define the list
19:06 babilen erlang789: No, it is being run in the order you define in your top file
19:06 Edgan erlang789: top to formulas and order in init.sls files
19:06 Edgan erlang789: in an init.sls include:<newline>- foo.sls
19:06 babilen erlang789: Requisites are https://docs.saltstack.com/en/latest/ref/states/requisites.html
19:07 Edgan erlang789: users, files, pkgs, services helps keep things in the right order
19:07 Edgan erlang789: not a 100% solution, but a great 80% solution
19:07 babilen You should ask yourself if those states really depend on each other though
19:08 Edgan if not, they should be their own formula, but even then formulas can depend on each other
19:09 erlang789 babilen: I am not sure the ideal way to check if ioctlcpus is enabled or no_hz_full, best idea right now is to update the grub cmd line and reboot manually,  touching a file b4 initiating the reboot, then if that file exists it means we completed the kernel state correctly and rebooted
19:09 Edgan web app called foo needs rabbitmq, but they are separate formulas, because you might install them on different machines
19:09 erlang789 by manually I mean issuing the salt command (if file exists, ignore, else touch file and reboot)
19:09 babilen erlang789: Can you programmitcally check if those are enabled?
19:10 erlang789 babilen: do! you can
19:10 erlang789 babilen: you can check what the kernel booted with, completely forget ty
19:10 babilen erlang789: Great .. you can write a custom grain for that then. But it sounds as if you want to differentiate between two phases of the minion lifecycle: 1. Initial deployment/configuration and 2. Change deployment
19:11 babilen erlang789: I see no problem in, for example, kicking off a "setup the box" state (either per reactor or startup state) that could have effects like rebooting the box
19:11 babilen erlang789: While you then run "standard" highstates afterwards
19:12 sagerdearia joined #salt
19:12 babilen Alternatively you could target your "configure bootloaded" SLS based on the value of the aforementioned custom grains
19:12 cscf Can't you do something like: watch x,y and reboot?
19:12 erlang789 babilen: You think it would be better to run that first or last? I was thinking if we have "nothing to do" aka our state is up to date, BUT we need to reboot, we reboot.
19:12 babilen That would, however, carry the danger that your instances could randomly reboot if you run your highstate if the value of that grain changed for some reason
19:13 erlang789 babilen: Ah, so reboot + set kernel cmd line as the very first thing?
19:13 erlang789 *reverse the order of that lol
19:13 babilen erlang789: highstates are supposed to be idempotent .. nothing should happen if you run them again
19:13 Edgan erlang789: Which is why cmd.run without an unless are bad, because they will run every time
19:13 babilen I'm just saying that I wouldn't necessarily like a "reboot" state as part of my highstate as that could trigger problems.
19:14 erlang789 babilen: Yea I think rebooting should be done first now, I agree.
19:14 babilen When we first commission new hypervisors we target a "welcome to this earth" state first ..
19:14 erlang789 babilen: esp since I see the kernel cmd line changing to tweak args for best perf
19:14 Edgan erlang789: if you really need to do something every time, orchestration is more what you want
19:14 Edgan erlang789: and salt can help with that too
19:15 erlang789 Edgan: tbh I picked SaltStack because QubesOS chose it
19:15 erlang789 Edgan: And I think those gals and guys know wtf they are doing
19:15 erlang789 Edgan: So they picked the best tool for the job
19:15 erlang789 Edgan: there is just so many devops tools out there, to try them all can take a few years
19:16 Edgan erlang789: Saltstack is awesome, but it isn't without it's issues
19:16 Edgan erlang789: yeah, that is the new problem with software in general, too many choices
19:16 Edgan erlang789: and it just gets worse daily
19:17 babilen And as soon as you pick something it is outdated :)
19:18 erlang789 Edgan: Yea sometimes its good sometimes its noise. Like I ofudn some really cool new tools that were built 1-2 years ago all open source. Really quality
19:19 erlang789 Edgan:  If you have some luck and explore a little you culd find a hidden gem out there
19:19 erlang789 Edgan: But in reality youl waste your time lol debugging anothers code, submit some github issues which wont get answered or marked as wont fix
19:20 erlang789 Edgan: Then a year later that issues has 20 more comments, and the dev says oh wow this is really a problem. says thiel fix it, Another year go by, project dies.
19:22 Edgan erlang789: I found salt bugs all the time. I submitted a new one today.
19:22 Edgan erlang789: and the best way to get things fixed in salt is to write the patch yourself
19:23 Edgan erlang789: https://github.com/saltstack/salt/issues/36528
19:23 saltstackbot [#36528][OPEN] Salt master is accepting, denying, and unaccepting the same salt minion key | Description of Issue/Question...
19:24 cro joined #salt
19:24 erlang789 Edgan: random thoight, when using the AWS init script, is the key pasted as 1 line or multi lines? It could have linebreaks at the end of each line, thats why its getting denied
19:25 pipps joined #salt
19:26 dtsar_ Edgan: sorry, vagrant
19:26 Edgan erlang789: yes, but salt should handle it and there are three different possible states, not just two
19:27 Edgan dtsar_: for a dev environment of a project, salt-call. For developing salt code, I recommend salt-ssh. Running a salt-master in vagrant also works, but pain in the ass.
19:27 dtsar_ got it
19:27 erlang789 Edgan:  Ah I see
19:28 Edgan dtsar_: if you want high reliablity and use automation, make pre-baked vagrant boxes using salt-call
19:28 dtsar_ yeah, as of now i'm having the dev team clone the salt state/pillar repos to another location on their host, and then use vagrant's synced folders to mount those in the usual locations
19:28 erlang789 Yea this line -----END PUBLIC KEY----------BEGIN PUBLIC KEY-----  depending how salt is parsing the key, could break something
19:29 erlang789 Maybe it expects a new line
19:29 erlang789 who knows
19:29 Edgan erlang789: That is just cat of the three files together
19:29 dtsar_ for the local instance
19:30 dtsar_ and then the developers can checkout the various branches of the salt states to have that version present on their host machine
19:30 erlang789 Edgan: ah thought that was 1.
19:30 mike25de joined #salt
19:30 erlang789 Also last key has a # at the end
19:30 Edgan dtsar_: The problem with running salt in a fresh vagrant VM is that it can take 10 minutes to do everything, and connections from random laptops in random locations can make yum/apt repos and other things unreliable
19:30 erlang789 not sure if that can break parser, I just know ASN.1 is really fragile
19:30 dtsar_ and the local instance uses a masterless setup with local file roots
19:30 Edgan erlang789: that is cat translating a special character
19:30 dtsar_ aha, interesting
19:31 dtsar_ Edgan: do you use packer then or another tool for baking?
19:31 Edgan dtsar_: but pre-baked makes you want to change one byte and you have to rebuild
19:31 Edgan dtsar_: so automation of the rebuild is key
19:31 mike25de hi guys - is there a way to run salt commands from my flask/python app?  I want to run deployments but from within a web interface that I build in Flask. Any recommendations on this subject are MUCH appreciated. Thanks in advance
19:31 Edgan dtsar_: yes packer with bento
19:32 cscf mike25de, salt-api ?
19:32 mike25de cscf: never heard of it - I am new-ish to salt :) any tutorial you would recommend?
19:32 mike25de cscf:  thanks for responding !
19:33 Edgan mike25de: sadly google it, the documentation is bad and scattered
19:33 cscf mike25de, https://docs.saltstack.com/en/latest/ref/cli/index.html#salt-api
19:33 cscf This is the start, but yeah there might be other bits
19:33 cscf I don't use it myself
19:33 dtsar_ bento is just packer templates then?
19:33 Edgan I use it, and had to read mailing list posts to piece together how to actually use it
19:33 Edgan dtsar_: yes
19:34 dtsar_ i see. helpful
19:34 erlang789 Is there a way to speedup salt commands? Even a simple up/down check takes around a second to just execute
19:34 Edgan dtsar_: you may also want to look into how to build a packer box from a packer box. There is an official issue with a ton of +1s, but there are some ways to do it unofficially.
19:35 erlang789 (with 1 minion)
19:35 mike25de cscf: thanks man ... the doc page... doesn´ really help me :) as a newbie.  but thanks for showing me the start point
19:35 cscf erlang789, well, you should probably check on the minion to see what's taking time.  CPU?  Network?
19:36 dtsar_ Edgan: very meta
19:36 Edgan erlang789: not really, and I have often found there are corner cases where the caching bites you
19:36 dtsar_ thanks for the tips!
19:36 erlang789 time salt-run manage.down  1.6s to execute
19:36 Edgan erlang789: in general the slowest things tend to be yum/apt package management
19:37 erlang789 cscf: just running commands local to the master
19:37 cmarzullo viq: you using hubblestack?
19:37 Edgan erlang789: hey, does your erlang sls have an apt-get update in it, because you should have one. This is the kind of thing that pkg.install will handle for you.
19:37 erlang789 time salt-key 0.6s
19:39 erlang789 Edgan: none, does saltstack support it natively (updating)  because I would need apt-get update and dnf update (for debian + redhat)
19:39 Edgan erlang789: dnf doesn't need update, it auto pulls metadata
19:39 erlang789 maybe it was upgrade?
19:40 netcho joined #salt
19:40 erlang789 Like doing upgrade or update whichever puts the newer the kernel
19:40 Edgan erlang789: dnf update is for installing all updates, like apt-get dist-upgrade
19:40 Edgan apt-get update is metadata only
19:40 cscf erlang789, how many results are in salt-key's display?  0.6s sounds long
19:40 cscf Nvrm, mine takes 0.6s too.  Interesting.
19:41 erlang789 Edgan: oh yea, apt-get update would need to be done.
19:41 erlang789 cscf: 1 minion
19:41 cro joined #salt
19:41 cscf erlang789, real    0m0.634s with 5 minions here.  Interesting.
19:41 erlang789 Edgan: It would probably need to be done before any packages are fetched, at any point
19:42 erlang789 Edgan: there could perhaps be a parameter saltstacak exposes?
19:42 erlang789 *by fetched I mean installed
19:42 irctc130 joined #salt
19:42 Edgan erlang789: that is what pkg.installed is for
19:42 Edgan erlang789: you give it a list, and it handles the rest
19:42 erlang789 Edgan: let me google how to use it
19:43 stupidnic left #salt
19:43 keimlink joined #salt
19:43 mikecmpbll joined #salt
19:44 irctc130 I'm having trouble with an apache server segfaulting multiple times after provisioning with salt. doing a simple service apache2 restart fixes it completely but it's annoying to have to do that
19:44 stupidnic joined #salt
19:44 irctc130 I'm not certain that it's a salt problem, but given the server works fine after one restart I'm not sure it's apache either
19:44 erlang789 Edgan: ah so how would you pass it a list of packages? Right now I was using https://gist.github.com/anonymous/83b1683fba7b9f73c7db4964d031d3ba
19:44 erlang789 Edgan: would that automatically do a update when using apt?
19:44 cscf irctc130, how did you provision it?
19:44 abonilla I'll try again....
19:45 notnotpeter joined #salt
19:46 irctc130 cscf, it's in a vagrant machine, which I think just calls highstate
19:46 abonilla Is there a doc to run salt-cloud without a VPC? I get a AWS Response Status Code and Error: [400 400 Client Error: Bad Request] {'Errors': {'Error': {'Message': 'Network interfaces and an instance-level security groups may not be specified on the same request', 'Code': 'InvalidParameterCombination'}}
19:46 cscf irctc130, oh, it's vagrant with master-less salt?
19:46 bakins joined #salt
19:46 irctc130 cscf, correct
19:46 Edgan erlang789: yes, like that
19:47 cscf irctc130, who set up the vagrant box?  Did you?
19:47 irctc130 cscf, yes, I'm trying to make a development environment for our apache app
19:47 irctc130 cscf, basically from scratch
19:48 cscf irctc130, and is the salt output logged?
19:48 irctc130 cscf, vagrant prints it all to the terminal
19:49 irctc130 cscf, presumably all I suppose
19:49 cscf irctc130, and it's all good?  If so, start looking at Apache logs, try to figure out what's wrong.
19:50 cadamis joined #salt
19:50 cscf Most likely its how you setup apache.
19:50 irctc130 I have looked at the apache logs and all it says is that it's starting up and then "[notice] child pid XXXXX exit signal Segmentation fault (11)"
19:50 irctc130 does that about 3 times every 3 seconds until I restart it
19:51 irctc130 I can't seem to figure out how to get any more detailed information than that
19:51 cadamis I have a salt-cloud/vmware question. When I configure a new VM with two network interfaces (static IP), is there a way to tell salt-cloud which IP to connect to for the bootstrap deploy? Salt-cloud keeps picking the second NIC (eth1) and I need to try to talk to the first one (eth0).
19:52 ajw0100 joined #salt
19:53 edrocks joined #salt
19:56 upb joined #salt
19:56 Trauma joined #salt
19:57 dgorissen joined #salt
19:59 debian112 joined #salt
20:01 erlang789 How would you determine the order to execute your .sls in?
20:01 pipps joined #salt
20:02 bowhunter joined #salt
20:03 babilen erlang789: If one things has to run after another you'd execute that first. If not, order doesn't matter
20:03 erlang789 babilen: if i have like 4 different .sls, I want to execute kernel.sls first (as it can require a reboot)
20:03 babilen So, do that
20:04 erlang789 babilen: applying the state directly it seems to give me no control
20:04 babilen Yes, that is where top files and highstates enter the picture
20:04 babilen (or orchestration and startup_states or reactors)
20:04 DEger joined #salt
20:04 erlang789 babilen: but then I need to write 4 commands, I want it more automated. Like node joins salt-master, salt-master automatically tells node to get up-to-date
20:05 erlang789 babilen: aybe the auto part can be removed
20:05 babilen Define a startup state, run highstate on startup or define a reactor that handles the initial setup when you accept the key
20:05 babilen It doesn't have to be removed
20:05 erlang789 babilen: ty will read about that
20:05 erlang789 babilen: im not sure if its better to keep it automatic or to explicitily push/declare updates to state
20:06 babilen As said earlier: I would define a normal "highstate" in your top.sls that is your "bread and butter" and should be idempotent (so you could fire that every ten minutes without breaking something)
20:07 babilen And also an "initial setup" orchestration/state that is being fired from reactors (on minion_start or key accept) or as startup_state in which you do the "one off" setup stuff
20:07 babilen You could, naturally, combine the two
20:07 babilen It's just that I personally don't feel comfortable with having a "reboot" start in my highstate as we are provisioning hypervisors and I can't just reboot them for fun
20:08 babilen (if something goes wrong)
20:08 erlang789 babilen: ah let me look into, yea agree about the reboot
20:08 babilen https://docs.saltstack.com/en/latest/topics/reactor/
20:08 babilen Is the reactor system .. that would allow you to perform certain actions based on incoming events such as "new minion key has been accepted" or "minion has started" ...
20:11 erlang789 babilen: this is exactly what I am looking for https://docs.saltstack.com/en/latest/topics/tutorials/states_pt1.html
20:12 babilen Ah, yeah.. read the tutorials :)
20:13 babilen https://docs.saltstack.com/en/getstarted/ is quite nice too
20:13 XenophonF joined #salt
20:13 erlang789 wierd I am getting error git is not found, (using  require: pkg: git)  when git is on the system
20:13 babilen You require states not something one the system
20:13 erlang789 but when I had the package.install in the same file
20:13 erlang789 it worked. ah
20:13 cmarzullo erlang789: what is the name of the stateid where you install git?
20:13 babilen Requirements are strictly between states
20:13 erlang789 cmarzullo: its dev.sls
20:14 cmarzullo the stateid
20:14 babilen So you need a pkg.* state named "git" in your SLS
20:14 babilen (either ID or 'name:' attribute)
20:14 cmarzullo install_git: pkg.installed: -name: git
20:14 cmarzullo require: pkg: install_git
20:14 erlang789 cmarzullo: so that would be  dev.packges: ?
20:14 erlang789 (which is the first line in the dev.sls file, is that called a stateid?
20:14 cmarzullo depends on what's in your file.
20:15 erlang789 just that then pkg.installed
20:15 erlang789 then - pkgs:
20:15 babilen Could you paste an example to http://paste.debian.net, https://gist.github.com, http://sprunge.us, … ?
20:15 erlang789 babilen: sure sec
20:15 DEger joined #salt
20:15 cmarzullo yeah dev.package is probaly your state id. You might want to use underscores.
20:16 babilen But that would mean that your state ID is "dev.packges" (which I consider to be quite a suboptimal choice as . is used as seperator between states .. I wouldn't use it in state IDs necessarily)
20:16 babilen Well, SLS
20:17 erlang789 babilen: changes to _ but maybe it cant see the file, making a gist
20:17 s_kunk joined #salt
20:17 babilen (include your command and error)
20:19 erlang789 command is  salt '*' state.apply erlang    https://gist.github.com/anonymous/4dfca03d3dfc2dc7c189b0a884bc570e
20:19 babilen vim-formula comes to mind :)
20:20 babilen erlang789: You don't include dev in erlang so you can't reference states from there
20:21 erlang789 babilen: if the files are in the same folder will they include eachother, or how?
20:21 erlang789 i was thinking it was an include issue
20:21 erlang789 so the erlang.sls cant see dev.sls
20:21 babilen They won't, you need an explicit: include: - .dev
20:22 babilen or include: - some.path.to.dev
20:22 erlang789 can .dev be a folder?
20:22 DenkBrettl joined #salt
20:22 babilen It can, in which case .dev would refer to .dev/init.sls
20:22 notnotpeter joined #salt
20:22 subsignal joined #salt
20:22 erlang789 like if I have a few files in 1 folder, I dont want to explicitly include them all?
20:23 babilen No
20:23 babilen You'd do it explicitly in init
20:23 DenkBrettl joined #salt
20:23 DenkBrettl left #salt
20:23 mikecmpbll joined #salt
20:24 babilen One tip: Don't design too much around include .. include what is necessary and target states with https://docs.saltstack.com/en/latest/topics/targeting/
20:26 erlang789 babilen: im thinking it would be better to have duplicate pkg.installed
20:26 erlang789 depending what needs what
20:26 babilen I don't think so
20:26 erlang789 ah
20:27 babilen I'd use vim-formula and git-formula globally and just include "- vim" and "- git" whenever that is needed.
20:27 erlang789 i just saw the salt '*' state.show_sls  command,  but im not sure what to pass to have it use the   top.sls
20:27 babilen But that is probably a little too complex right now if you haven't even started using highstates :)
20:27 babilen You use "salt '*' state.apply" or "salt '*' state.highstate" to run a highstate on minions
20:27 debian112 joined #salt
20:27 babilen (which uses the top.sls)
20:28 erlang789 babilen: i just want to see what the order of everything will be
20:28 erlang789 babilen: without running anything on the minion
20:28 erlang789 if i pass top to show_sls it gives error
20:29 babilen show_highstate or just pass "test=True"
20:32 erlang789 babilen: nice k let me see what I can get going se
20:33 erlang789 oh is there a way to do a multiline string in the .sls?
20:33 DEger joined #salt
20:33 erlang789 like I have     - unless: if........long..bash..command...
20:33 erlang789 maybe its    - unless: |    ?
20:37 kojiro joined #salt
20:37 ronnix joined #salt
20:37 rem5 joined #salt
20:39 ronnix_ joined #salt
20:42 pipps joined #salt
20:47 rpb joined #salt
20:47 cmarzullo probably the wrong way to go if you are doing that.
20:47 DEger joined #salt
20:48 Edgan erlang789: make a script for anything multi-line
20:49 erlang789 Edgan: seems to be the cleanest way
20:56 geomacy joined #salt
20:57 edrocks joined #salt
21:00 erlang789 did unless change in saltstack recently or ..
21:00 erlang789 this salt forumla worked before for me
21:00 erlang789 sec
21:01 erlang789 - unless: if ! [ $(command -v erl) ]; then do_error; fi      if do_error trigged, the unless failed
21:01 CimmX joined #salt
21:02 ronnix joined #salt
21:02 erlang789 but now i get   Rendering SLS 'base:erlang' failed: could not found expected ':'; line 15
21:02 erlang789 doe.. nm
21:03 erlang789 left some extra uncommented debug lines i was referencing in the file
21:03 CimmX Hello all,   Is it possible to use Salt-Cloud with a map file and pass it some pillar data on the CLI?
21:03 jimklo joined #salt
21:04 erlang789 hum.. salt formula for  pkg.installed fails if using @development-tools like dnf expectes
21:04 drew__ joined #salt
21:04 erlang789 it cants parse the @ infront
21:06 MajObviousman hullo folks, can I have a require on a state which makes no change? I just want to know if there exists a certain line in a certain file that matches a given regex
21:10 drew__ Hello, does anyone know how to use decorators with salt? I want to put custom decorators so that an execution function from a module will only run if it contains a certain value from the grain.
21:13 notnotpeter joined #salt
21:32 Trauma_ joined #salt
21:33 erlang789 sweet got the recipe working decently so far!
21:33 erlang789 is there anything you can pass to salt-minion to have it only proc on CPU0?
21:34 erlang789 im not too familiar how to make a systemctl enabled service only work on assigned cores
21:34 erlang789 right now salt-minion is working on any core it pleases this would cause unneccesay context switches and microstudders
21:37 erlang789 hum isolcpu apparently does that, and it works for systemctl services, great. Maybe I just need to reboot
21:38 babilen Is this actually causing problems in your setup?
21:39 Sketch erlang789: isolcpus the kernel command line option will make it so nothing runs on that cpu unless specifically instructed to
21:39 GordonTX joined #salt
21:39 Sketch which is the opposite of what you are asking for
21:40 erlang789 Sketch: Yea that is what I am asking, isolcpus all except 0 would make salt-minion only run on cpu 0
21:40 Sketch right.  and everything else, by default.
21:41 erlang789 Sketch: yea thats fine, there is like.. nothing running on the box except erlang and epmd
21:41 Sketch you could use taskset or similar to run specific apps on other cores
21:41 Sketch i think systemd does have some hooks into cgroups, where you can limit what runs where.  but i've never used it.
21:43 erlang789 Sketch: I think isolcpus is the simplest but anything I start from bash runs whereever.
21:44 erlang789 and I need to explicitly set it using taskset
21:44 Sketch right
21:44 erlang789 Sketch: So does something need to be started as a service to respect isolcpus?
21:44 Sketch if you want to reserve a block of cpu's for specific tasks, that's the simplest way to do it
21:44 Sketch nope.  everything respects isolcpus by default.  the app has to request a specific cpu, or have one requested for it by taskset or the like.
21:45 erlang789 Sketch: strange.. i have isolcpus for everything except cpu 0 and its hyperthreaded core
21:46 erlang789 but i see threads getting scheudled all over the cpus
21:46 ZachLanich joined #salt
21:46 erlang789 system services though only use cpu0
21:46 erlang789 i have nohz_full also on all the cpus so the usage is not coming from kernel ticks
21:48 Sketch what threads are getting scheduled on other cpus?
21:49 Sketch maybe erlang is doing something where it decides what cores to use on it's own instead of letting the system scheduler do it.  i don't have much experience with it.
21:50 kusen joined #salt
21:50 erlang789 Sketch: oh damn iv overlooked something. I have 2 of the same boxes, this box im working with does not have isolcpus set x.x
21:50 erlang789 i was trying to get that set with SaltStack correctly vs doing it myself
21:51 erlang789 is there are way to set GRUB_CMDLINE_LINUX using salt stack without doing all the parsing yourself?
21:52 jenastar joined #salt
21:52 erlang789 the logic would have to split the value by " " then scan each split value for the individual key/value, if the key is not there, add it, if the key is there but value is different, edit it.
21:53 erlang789 there must perhaps be a simpler way to do this
21:55 Sketch not sure, you might be able to do something with states.file.line or .replace
21:55 erlang789 Sketch: I think the easiest way is to write python
21:55 Sketch possibly :)
21:55 erlang789 Sketch: I really dont wanna be using replace and regex for this, the regex exp will be.. insane
21:55 erlang789 k let me google how to use python with the .sls
21:56 Sketch time for me to go, good luck :)
21:56 * Sketch &
21:57 fxdgear joined #salt
21:58 fxdgear howdy all
21:59 fxdgear I'm trying to create a container using dockerng that bind mounts the docker socket. and i'm getting a Traceback that's indicating something is wrong with the dockerng.create module when trying to configure `host_config` during the create call
21:59 moos3 joined #salt
21:59 fxdgear https://thepb.in/p/KOh8Q9gkj77iJ
22:00 fxdgear looking at the dockerpy docs the bind mounts come from a dict created from `create_host_congig` http://docker-py.readthedocs.io/en/latest/volumes/
22:01 fxdgear but the create method in `dockerng.create` is only accepts a string in the form of `<path>:<path>:<mode>` which i don't think is getting translated to a host config dict
22:01 jimklo joined #salt
22:01 pipps joined #salt
22:03 erlang789 Sketch: thanks cheers
22:04 erlang789 Is there a way to change SELinux state? I am trying to disable it using this: but its not working   https://gist.github.com/anonymous/e60c8fe8f67e015d82bfb30fb5f2a0d2
22:04 erlang789 Comment: State 'selinux.mode' was not found in SLS 'kernel'   Reason: 'selinux' __virtual__ returned False
22:12 fannet_ joined #salt
22:15 cmarzullo probably need a python module for it to work erlang789
22:16 notnotpeter joined #salt
22:16 cmarzullo yeah docs say you need to have some packages installed.
22:16 cmarzullo https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.selinux.html
22:17 rem5 joined #salt
22:19 mike25de guys ... what is the best way to wait for a long running salt state? ... I deploy a state that runs for 20 min or so.... but I need to know the response (success...fail etc) Is there to run it in an async mode and get the results later?
22:24 erlang789 cmarzullo: but those packages are installed. if you look at the recipe
22:24 erlang789 cmarzullo: the recipe ensures the packages will be installed, and i double cheked they are there
22:26 erlang789 is there a replace/append? such as replace the line if its there or append it to file if its not?
22:26 erlang789 (line == regex match)
22:31 fxdgear link to issue created regarding dockerng unable to bind mount docker socket on create: https://github.com/saltstack/salt/issues/36544  does anyone know a workaround?
22:31 saltstackbot [#36544][OPEN] Dockerng does not properly generate host_config dict | Description of Issue/Question...
22:33 erlang789 cmarzullo: About the selinux saltstack only allows enabled or enforcing, it does not allow you to set it disabled
22:34 erlang789 i think that was my problem
22:34 TRManderson joined #salt
22:35 dendazen joined #salt
22:40 jimklo joined #salt
22:41 Kelsar do i understand it right, nspawn.bootstrap_container test dist=debian; nspawn.bootstrap_salt  test should lead to a new minion called test?
22:42 ponyofdeath hi, how can i set a var with other local sls vars? ie {% set blah = "test" %} {% set blah2 = "{{blah}} test2" %}
22:42 theblazehen joined #salt
22:47 jenastar1 joined #salt
22:48 myraft joined #salt
22:55 Kelsar hmm the installed debian jessie seems to miss "command"
22:56 edrocks joined #salt
22:57 Kelsar oh it is shell builtin...
22:59 Kelsar well, how is this supposed to work?
23:02 pppingme joined #salt
23:02 cmarzullo Who uses a lot of cmd.run with unless statements? Like only run a command if the output of another command == str
23:03 cmarzullo like bash would be [[ $(echo lol) == 'lol' ]]
23:05 dtsar_ joined #salt
23:06 sfxandy joined #salt
23:06 cmarzullo guess test is probably the one
23:07 cmarzullo yeah that does it.
23:15 spuder joined #salt
23:15 _JZ_ joined #salt
23:23 jenastar joined #salt
23:24 cro joined #salt
23:29 mike25de guys ... what is the best way to wait for a long running salt state? ... I deploy a state that runs for 20 min or so.... but I need to know the response (success...fail etc) Is there to run it in an async mode and get the results later?
23:32 sagerdearia joined #salt
23:34 jenastar screen
23:36 cro joined #salt
23:42 ZachLanich joined #salt
23:49 keimlink joined #salt
23:50 swa_work joined #salt
23:51 kusen joined #salt
23:54 jimklo joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary