Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2016-09-29

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:09 systo_ joined #salt
00:09 woodtablet left #salt
00:25 brotatochip joined #salt
00:29 systo joined #salt
00:31 sjmh joined #salt
00:31 oida_ joined #salt
00:34 pdayton joined #salt
00:34 daxomati1 joined #salt
00:47 Nahual joined #salt
00:47 jas02 joined #salt
00:51 jenastar joined #salt
00:55 brotatochip joined #salt
01:00 pdayton joined #salt
01:05 coredumb whytewolf: was actually pkg.latest_version that wasn't outputting correct stuff :)
01:07 sandro__ joined #salt
01:11 edrocks joined #salt
01:13 subsignal joined #salt
01:13 nsidhu joined #salt
01:18 pdayton joined #salt
01:21 canci joined #salt
01:27 systo joined #salt
01:29 daxomati1 joined #salt
01:37 pdayton joined #salt
01:38 auzty joined #salt
01:41 sebastian-w joined #salt
01:46 pdayton joined #salt
01:46 om joined #salt
01:46 lorengordon joined #salt
01:48 ilbot3 joined #salt
01:48 Topic for #salt is now Welcome to #salt! | Latest Versions: 2015.8.12, 2016.3.3 | Support: https://www.saltstack.com/support/ | Logs: http://irclog.perlgeek.de/salt/ | Paste: https://gist.github.com/ (please don't multiline paste into channel) | See also: #salt-devel, #salt-offtopic | Ask with patience as we are volunteers and may not have immediate answers
01:48 jas02 joined #salt
01:55 promorphus joined #salt
01:57 etangle joined #salt
01:57 etangle How can I use pkg.info_installed in search
02:05 aagbds joined #salt
02:06 om joined #salt
02:11 mosen joined #salt
02:15 evle joined #salt
02:20 pdayton joined #salt
02:22 mosen joined #salt
02:25 k_sze[work] joined #salt
02:30 mosen_ joined #salt
02:32 mosen__ joined #salt
02:38 Bryson joined #salt
02:39 sjmh joined #salt
02:40 hasues joined #salt
02:41 hasues left #salt
02:42 MTecknology Does cachedout still show up in here?
02:42 MTecknology I haven't seen him in a while
02:43 mosen__ joined #salt
02:46 jaybocc2 joined #salt
02:46 pdayton joined #salt
02:49 jas02 joined #salt
02:49 gazarsgo left #salt
02:54 hemebond joined #salt
02:55 systo joined #salt
02:56 jaybocc2 joined #salt
02:59 om joined #salt
03:03 mohae joined #salt
03:06 jaybocc2 joined #salt
03:08 pdayton joined #salt
03:13 jaybocc2 joined #salt
03:14 edrocks joined #salt
03:16 flebel joined #salt
03:17 daxomati1 joined #salt
03:18 om joined #salt
03:21 pdayton joined #salt
03:28 voxpop joined #salt
03:29 amontalban joined #salt
03:29 amontalban joined #salt
03:34 sebastian-w joined #salt
03:45 watersoul_ joined #salt
03:45 barajasfab joined #salt
03:47 kaak joined #salt
03:48 SubOracle joined #salt
03:50 jas02 joined #salt
03:50 sarlalian joined #salt
03:51 Awesomecase joined #salt
03:52 pdayton joined #salt
03:53 hoonetorg joined #salt
03:54 darvon_ joined #salt
03:55 keekz joined #salt
03:56 saltstackbot joined #salt
03:57 om joined #salt
03:57 _JZ_ joined #salt
03:59 cebreidian joined #salt
03:59 pfallenop joined #salt
04:01 pcn joined #salt
04:02 pdayton joined #salt
04:11 daxomati1 joined #salt
04:11 inire joined #salt
04:12 PalTale joined #salt
04:18 pdayton joined #salt
04:19 eightyeight joined #salt
04:24 pdayton joined #salt
04:26 lilvim joined #salt
04:29 netcho joined #salt
04:31 amontalban joined #salt
04:31 amontalban joined #salt
04:32 ivanjaros joined #salt
04:48 sagerdearia joined #salt
04:48 barmaley joined #salt
04:51 jas02 joined #salt
04:52 pdayton joined #salt
04:55 bocaneri joined #salt
05:02 pdayton joined #salt
05:03 DarkKnightCZ joined #salt
05:09 zulutango joined #salt
05:09 pdayton joined #salt
05:15 edrocks joined #salt
05:18 pdayton joined #salt
05:23 nidr0x joined #salt
05:29 pdayton joined #salt
05:41 netcho joined #salt
05:41 pdayton joined #salt
05:49 jas02 joined #salt
05:51 jas02_ joined #salt
05:53 promorphus joined #salt
05:56 impi joined #salt
05:59 daxomati1 joined #salt
06:01 cyborg-one joined #salt
06:05 ivanjaros joined #salt
06:06 ivanjaros3916 joined #salt
06:12 Ashald joined #salt
06:16 sgo_ joined #salt
06:20 promorphus joined #salt
06:32 amontalban joined #salt
06:40 k_sze[work] joined #salt
06:42 daxomati1 joined #salt
06:52 jas02 joined #salt
06:56 sgo_ joined #salt
06:58 DK2 joined #salt
07:03 rdas joined #salt
07:03 Sammichmaker joined #salt
07:14 dariusjs joined #salt
07:17 DEger joined #salt
07:17 edrocks joined #salt
07:17 impi joined #salt
07:21 felskrone joined #salt
07:21 mackripeum joined #salt
07:24 dariusjs joined #salt
07:25 ntropy do i understand it correctly that pillar is cached on both master & minion?
07:30 teryx510 joined #salt
07:31 keimlink joined #salt
07:38 infrmnt joined #salt
07:44 krymzon joined #salt
07:45 hemebond ntropy: Definitely cached on the minion.
07:45 hemebond Looks like the compiled data is also cached on the master.
07:52 krymzon joined #salt
07:53 jas02 joined #salt
07:57 pdayton joined #salt
07:59 haam3r joined #salt
08:00 jaybocc2 joined #salt
08:03 Rumbles joined #salt
08:07 jhauser joined #salt
08:11 mikecmpbll joined #salt
08:15 sgo_ joined #salt
08:18 dariusjs joined #salt
08:22 jaybocc2 joined #salt
08:24 s_kunk joined #salt
08:25 cyteen joined #salt
08:29 lero joined #salt
08:30 Mattch joined #salt
08:30 lero joined #salt
08:31 ozux joined #salt
08:32 ozux joined #salt
08:34 amontalban joined #salt
08:37 alexlist joined #salt
08:42 ronnix joined #salt
08:45 cmek has the default output format changed in the latest (2016.3.3) salt-ssh?
08:46 Manuel joined #salt
08:46 Manuel Hey, how can i write a state file for my own module?
08:47 cmek and --output=compact throws an exception now :/
08:47 cmek Manuel: have a look at the documentation first, there's really quite a lot of good examples there
08:48 Manuel yes thanks, but i couldn't find a hint there
08:49 jas02 joined #salt
08:49 cmek Manuel: what is exactly that you want to write?
08:50 Manuel i have  module called ap and a function in it called foo. I can use the module on the cmdline like: salt '*' ap.foo
08:50 Manuel works! but i need a state file for that
08:51 Manuel how does the state file looks like?
08:52 cmek oh, I see
08:53 cmek Manuel: maybe have a look at some of the official states: https://github.com/saltstack/salt/blob/develop/salt/states/
08:54 jas02_ joined #salt
08:54 Erik___ joined #salt
08:55 cmek Manuel: and there's a doc about writing them too: https://docs.saltstack.com/en/latest/ref/states/writing.html
08:57 Erik___ Guys i need help with salt returner to elasticsearch. i have a problem with "." in the json
09:00 Manuel okay thank you, I'll try it
09:00 leev_ joined #salt
09:02 impi joined #salt
09:04 jamesog joined #salt
09:04 dariusjs joined #salt
09:10 Manuel I don't get it :(
09:11 Manuel salt '*' ap.list_client works
09:11 Manuel statefile:
09:11 Manuel deploy-trunc:   ap:     - list_clients
09:11 Manuel (with line feeds :D)
09:12 watersoul joined #salt
09:13 Manuel salt '*' state.appy custom_state
09:13 Manuel result:
09:13 Manuel ID: deploy-trunc     Function: ap.list_clients       Result: False      Comment: State 'ap.list_clients' was not found in SLS 'custom_state'               Reason: 'ap.list_clients' is not available.      Started:      Duration:       Changes:
09:13 AndreasLutro it is what it says. you've made a custom execution module. you can't use an execution module as a state, you have to write a custom state module if you want to do that
09:14 AndreasLutro https://docs.saltstack.com/en/latest/ref/states/writing.html
09:14 Manuel okay thx
09:14 Manuel I'll try
09:19 edrocks joined #salt
09:22 Manuel Cool, it doesn't work but now it answers :D
09:22 Manuel thx
09:23 Kakwa_ joined #salt
09:24 Manuel Just to get things right: I placed the code in _modules and then i place a custom statefile.py in _states directory, which can call the modules function and wraps the output etc?
09:24 AndreasLutro yes
09:24 Manuel all right, thx a lot!
09:28 Kakwa_ I'm trying to setup saltstack in HA, I'm trying to do the following: 2 x masters <-> (2 x syndics) x n <-> minions
09:29 Kakwa_ (each minion is connected to 2 syndics)
09:30 Kakwa_ but the HA part on the syndics is kind of messy
09:32 Kakwa_ sometime I've every minion, sometime some minions appears down, sometime some minions are duplicated, sometime some minions are not showed (using test.ping on '*')
09:32 Kakwa_ what would be the proper HA setup for a syndic?
09:34 Kakwa_ or in fact two (:p)
09:37 CeBe1 joined #salt
09:41 pdayton joined #salt
09:45 neilf__ joined #salt
09:46 lovecraftian joined #salt
09:48 hnk joined #salt
09:53 zulutango joined #salt
09:54 netcho joined #salt
09:54 jas02 joined #salt
09:57 DEger joined #salt
09:58 infrmnt joined #salt
10:03 Rumbles joined #salt
10:06 Ashald joined #salt
10:08 daemonkeeper So, I've been trying to write a salt proxy. So I put some stub code to _proxy, and I try to start salt-proxy: # salt-proxy --proxyid=cr1-dev -l debug. Results in: [DEBUG   ] Could not LazyLoad junos_manager.init. [ERROR   ] Proxymodule junos_manager is missing an init() or a shutdown() or both. Check your proxymodule.  Salt-proxy aborted. HOWEVER: In [1]: import junos_manager In [4]: filter(lambda x: x.startswith("init") or x.startswith("shut"),
10:08 daemonkeeper dir(junos_manager)) returns Out[4]: ['init', 'initialized', 'shutdown']. Any hint for me?
10:13 infrmnt joined #salt
10:19 promorphus joined #salt
10:20 Kumar joined #salt
10:21 Kumar Hi
10:21 Kumar Is there a way to pass FTP credential (userid and password) to download a file from ftp location , with file.managed state formula
10:24 amontalban joined #salt
10:24 amontalban joined #salt
10:26 jas02 joined #salt
10:28 leev joined #salt
10:32 promorphus joined #salt
10:34 jaybocc2 joined #salt
10:37 jas02 joined #salt
10:37 jas02 joined #salt
10:45 teryx510 joined #salt
10:51 silver310 joined #salt
10:52 silver310 Hello, it is possible to get a random element from a list when using pillars?
10:52 silver310 If I have a list like "pillar['auth_servers']" with X items, and I just want a random one
10:53 dariusjs joined #salt
10:55 jas02 joined #salt
11:02 infrmnt joined #salt
11:02 lorengordon joined #salt
11:03 teryx510 joined #salt
11:05 viq Kumar: encode in URL?
11:05 viq ftp://user:pass@host/file/path  ?
11:05 amcorreia joined #salt
11:10 pdayton joined #salt
11:18 oida joined #salt
11:21 edrocks joined #salt
11:23 jaybocc2 joined #salt
11:25 impi joined #salt
11:29 haam3r joined #salt
11:29 jas02 joined #salt
11:34 numkem joined #salt
11:35 Kumar @viq : i have @ and special characters in password and those cauing issue to encode this in URL
11:36 Rasathus joined #salt
11:37 Rasathus Hi, I was wondering if any one had any examples showing the use of pillar data in custom grains.  I was also hoping to get access to the 'nodename' grain too, but at a push I can probably just use the hostname.
11:37 viq Kumar: sorry, no idea
11:37 viq Rasathus: why not just 'id' ?
11:38 ronnix joined #salt
11:38 Rasathus Mostly because thats what the current jinja template is using, but I can investigate the use of id instead of nodename.  Is that easier to get in a custom grain ?
11:39 Kumar @Rasathus: you can use id to get the minion id
11:39 viq Rasathus: just more reliable - minions can lie about grains, but not really about ID
11:40 Rasathus @viq @kumar Ill use that then, thanks.  Any thoughts about accessing pillar data in the custom grain ?
11:41 Rasathus Can I import salt.modules.pillar.get ? I'm a bit confused by the salt codebase structure and where it gets its context from.
11:43 J0hnSteel Using this pillar file in top.sls http://pastebin.com/hNxXC6ie when runnig the state file I get Jinja variable 'salt.utils.context.NamespacedDictWrapper object' has no attribute 'db_host'"
11:43 * viq is too programming illiterate to know an answer to that
11:43 J0hnSteel Am I missing something obvious because whe I define the same variable static everything is ok
11:43 viq J0hnSteel: how about a place that doesn't require a captcha to open? ;)
11:45 J0hnSteel @viq I don't know how you're opening it but it works with firefox :)
11:45 viq J0hnSteel: tor browser :P
11:45 viq pastebin.com is a crap site
11:46 J0hnSteel will change in the future
11:48 viq J0hnSteel: why .iteritems() ?
11:48 impi joined #salt
11:49 J0hnSteel because its a dictionary value and I don't want to hard code or memorize the name
11:53 viq I have something like that: https://pbot.rmdir.de/Q9nVXTub3t9R08CT1h544w
11:54 viq And no, I don't really know what I'm doing as far as python is concerned :P
11:56 jas02_ joined #salt
11:57 doda joined #salt
11:58 J0hnSteel @viq is this working for you ?
11:59 viq J0hnSteel: yes
11:59 gmoro joined #salt
12:00 viq J0hnSteel: https://pbot.rmdir.de/87P0y32ZdAgq7KF-ZSJScw  is my mine config
12:00 J0hnSteel ok
12:05 AndreasLutro J0hnSteel: you need "for key, value in ..." when iterating over dictionary items/iteritems
12:07 salter joined #salt
12:08 salter Is it possible to capture output from curl command and use that in the salt state? the output is in json form
12:08 darix can i ask salt for a list of all machines that have a certain state applied to them?
12:08 darix salter: why not use python to download it?
12:09 salter darix: what do you mean?
12:09 darix you can have states which are completely in python
12:09 AndreasLutro darix: you can use state.show_top or state.show_highstate to show which state (files) are part of each minion's top.sls, that's about it
12:10 darix AndreasLutro: that seems a bit weird to e.g. put all hosts which got the class webserver into the load balancer config
12:10 darix in doubt i will have to set a grain/pillar item for that
12:11 viq darix: better to go the other way - set pillar first, and apply states based on that. But yeah, want to keep track - set a grain as part of state.
12:11 AndreasLutro you definitely should set a pillar for that
12:12 AndreasLutro https://www.lutro.me/posts/dangers-of-targetting-grains-in-salt
12:13 darix viq: salt mine is what i probably want
12:13 viq darix: depends, mine is a "cache", is that what you really want?
12:13 viq Or - what is it that you want to do?
12:14 darix viq: i want to collect the IP addresses of each webserver to build my haproxy config from that data
12:14 AndreasLutro you'll still need something to query the mine for.. like a pillar
12:14 AndreasLutro I do that exact thing with pillars
12:15 darix sure
12:15 viq AndreasLutro: well, he could have data pushed to mine as part of state, but it could get stale quite easily
12:15 darix viq: i would push the mine part of the minion config of course :p
12:16 darix time to play around with it and try to break it too
12:16 viq darix: remember that mine data remains if you remove a minion without clearing it's data beforehand, and IIRC there isn't a very good way to remove it.
12:18 AndreasLutro I do `salt-run cache.clear_mine $hostname` through a reactor
12:18 AndreasLutro seems to work fine
12:18 viq ah, ok
12:18 west575 joined #salt
12:19 viq Even for dead minions?
12:19 AndreasLutro think so, this reactor runs after the minion shuts down
12:24 amontalban joined #salt
12:26 sjoerd_ joined #salt
12:27 sjoerd_ Hello!
12:31 snc joined #salt
12:31 sjoerd_ Does anyone here mayeb have a link to an up to date article comparing salt and ansible? Everything I've seen so far seems to ignore basic facts like salt being able to use ssh :|
12:34 babilen Use Ansible if you have a small number of boxes (< 1000(0?)) and Salt if you want to scale or want to design a more reactive infrastructure
12:35 babilen I'm not aware of a current comparison between Ansible 2.* and Saltstack 2016.*
12:35 viq AFAIK ansible is easier to start with, but becomes painful much sooner if you're trying to move beyond very basic stuff
12:36 babilen I also found that many people struggle a lot more with the underlying concepts/lingo of Salt compared to Ansible
12:36 sjoerd_ Those are exactly the feeling I've gotten as well. I'm looking to manage around 1k boxes though they all very wildly.
12:36 sjoerd_ vary*
12:37 sjoerd_ salt seems to do everything ansible does, but then goes beyond
12:37 sjoerd_ which seems to have increased the learning curve, which is scaring my colleagues
12:38 babilen You don't want to scare them
12:38 sjoerd_ Well one they can all agree to is how scared they are of cfengine that I'm currently maintaining :)
12:38 viq :D
12:39 babilen But that is my experience also .. Saltstack seems to require a slightly more abstract approach to things and doesn't feel as a natural addition to the old "log in via SSH, do things, fine" approach
12:39 viq Of course I'd recommend salt ;) And probably would recommend for you to get at least somewhat acquainted with it, and then grab them for a workshop, explain how things work.
12:40 babilen In particular my more network afine colleagues tend to prefer Ansible over Saltstack
12:42 sjoerd_ Personally I'm leaning toward salt at the moment but perhaps that's because the master/client just feels better then deploying code over ssh and running it.
12:43 sjoerd_ It's just a shame I can't seem to find a well written article comparing the two (given this channel of course salt would win in that comparison ;) )
12:43 viq Also having agent allows you to make sure the state is applied periodically - ansible's way seems a hack
12:43 AndreasLutro sjoerd_: http://ryandlane.com/blog/2014/08/04/moving-away-from-puppet-saltstack-or-ansible/ is the best comparison I can think of
12:43 viq http://valdhaus.co/books/taste-test-puppet-chef-salt-stack-ansible.html  ?
12:45 sjoerd_ A cool viq, I hadn't seen that one yet. I'll have a read through it
12:45 sjoerd_ The one from ryan d lane seems to be one of the top hits you come across on google
12:46 viq sjoerd_: also I very much like the idea of communications channel salt provides, it allows for interesting things, even though I hardly use that right now
12:48 mamalos joined #salt
12:48 edrocks joined #salt
12:48 mamalos Hi everybody!
12:49 mamalos I am new to salt and I want to use it for managing FreeBSD servers and jails
12:49 aagbds joined #salt
12:49 mamalos I've seen the freebsd* modules of salt which are cool
12:51 mamalos But jail configuration can be much more customised and managing minions within jails is not always easy (for example all my jails are mounted with most filesystems readonly -except /tmp, some /var's subdirs)
12:51 mamalos if I wanted to manage these jails with salt, I'd have to write run commands on each host running the jails, etc
12:52 mamalos On the other hand, this is not a non-common scenario and after reading the source code of freebsd* modules I saw that it wouldn't be difficult to contribute some code that would make some of freebsd* modules jail and/or chroot aware
12:52 viq mamalos: maybe you could template it out with something like iocage?
12:53 viq And if you can improve then I believe patches are always welcome ;)
12:53 mamalos before issuing it on github, I said to give a try here for alternatives
12:53 mamalos viq: sorry, I'm new to salt, and I haven't played with iocage yet
12:54 viq mamalos: iocage is a freebsd things, not a salt thing
12:54 sjoerd_ About reviews: This blog seems to have some interesting articles about assorted CM tools. https://www.amon.cx/blog/saltstack-review/
12:54 mamalos viq: sorry for that
12:55 mamalos viq: if iocage is a jail manager (like ezjail), then I am not sure how this would help making administration of jails within salt any easier?
12:56 viq mamalos: what do you want to do with jails?
12:56 mamalos viq: moreover, the features I am talking about are generic, and for example FreeBSD's pkg supports chroot and jail parameters
12:56 viq mamalos: and yes, it is
12:57 jas02 joined #salt
12:57 mamalos viq: as I stated before, I want to be able to manage jails with saltstack as though as if they were servers
12:57 viq Give some examples ;)
12:57 jas02_ joined #salt
12:57 viq Because if you want to manage them exactly like servers, there's nothing stopping you from installing salt in jails
12:58 mamalos viq: because my jails are mounted read only
12:58 RandyT_ joined #salt
12:58 viq ...then how are you planning to manage them "like servers"?
12:59 viq I don't believe even pkg will work in that mode
12:59 mamalos viq: and until now I was managing them using a loopback filesystem on the host (where the jails are mounted read-write) and I'm using pkg's and freebsdupdate's appropriate to use these chroots and update my jails
12:59 mamalos viq: pkg does it
12:59 mamalos pkg -c allows you to use a chroot
12:59 viq So you have the jail mounted twice?
13:00 mamalos yep
13:00 mamalos once for the jail service and once for management (this setup was in FreeBSD's handbook for many years)
13:00 viq Well, I guess if you're doing custom things you may need to use custom things ;)
13:01 * viq goes to have a look
13:01 mamalos viq: it was part of the chapter "application of jails"
13:01 mamalos viq: I think they've removed at some moment
13:02 mamalos viq: but it's a perfectly normal setup, quite secure and works like a charm :)
13:02 viq https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/jails-application.html  ?
13:03 mamalos the thing is that salt's freebsdpkg and freebsdservice modules are not aware of jail or chroot (not that FreeBSD's service is...) and as I said, by looking at the code I realised that it wouldn't be too difficult adding it to the existing code
13:03 mamalos which I could contribute, of course
13:03 viq Patches are always welcome ;)
13:04 viq I don't have enough experience to give you any advice
13:04 mamalos viq: yep, the link shows the chapter I'm talking about
13:05 viq time to go eat ;)
13:08 mamalos OK, I just wanted to check if the feature I'm asking is not something that can already be achieved using something I'm not aware about
13:09 StolenToast if you have a file.managed state with a file_mode directive, and that file was previously installed in-place with what is now "wrong" permissions then it seems like the state won't update the file permissions
13:09 StolenToast has anyone else encountered this?
13:10 AndreasLutro I don't think file.managed has a file_mode argument
13:10 AndreasLutro it's just "mode"
13:11 StolenToast ah I think you're right
13:11 StolenToast I wonder why it wouldn't fail to compile
13:12 ecdhe joined #salt
13:13 AndreasLutro because a lot of state functions take **kwargs
13:13 AndreasLutro which means invalid args can get silently ignored
13:13 StolenToast ok thanks
13:14 AirOnSkin joined #salt
13:14 StolenToast I need to buy a rubber duck lol
13:14 StolenToast talk to it more often
13:14 Taxz joined #salt
13:17 AirOnSkin Hello people. I'm trying to apply a state for all minions except the ones that have a certain keyword in a pillar list. I've tried with the following, but it doesn't work: http://hastebin.com/webazogobu.php
13:17 AirOnSkin Do I need to put " in salt['pillar.get']('roles', []) " after every keyword?
13:19 AndreasLutro AirOnSkin: you'd have to do `if not 'a' in roles and not 'b' in roles and not 'c' in roles ...`
13:20 AirOnSkin Ah, I see. That actually makes sense... Thanks!
13:23 viluk joined #salt
13:24 Brew joined #salt
13:27 viluk HI there! Maybe anybody knows how to get URL status code, using jinja template and salt http.query function? Somethink like this {% set status_code = salt['http.query']('http://myurl.com status=True').result(status) %}
13:28 viluk .result(status) is wrong argument
13:34 catpig joined #salt
13:34 jaybocc2 joined #salt
13:37 sgo_ joined #salt
13:37 ssplatt joined #salt
13:40 Tanta joined #salt
13:41 aagbds joined #salt
13:45 promorphus joined #salt
13:47 AndreasLutro salt['http.query']('http://myurl.com', status=True)['status']
13:49 impi joined #salt
13:50 jaybocc2 joined #salt
13:51 tapoxi joined #salt
13:53 jartsu joined #salt
13:53 jartsu left #salt
13:57 jas02 joined #salt
13:57 NicolasH joined #salt
13:58 amontalb1n joined #salt
14:03 NicolasH Hello, I'm using salt to install a distributed storage system. I have a proxy node and several storage nodes. Upon installation, I need to wait for all the storage nodes to be installed before starting the proxy. Can I do that with salt?
14:03 mpanetta joined #salt
14:04 AndreasLutro NicolasH: look up orchestration, it might
14:05 NicolasH thanks to the heads up!
14:06 mpanetta joined #salt
14:06 mpanetta_ joined #salt
14:08 mpanetta_ joined #salt
14:08 tapoxi joined #salt
14:21 armonge joined #salt
14:27 rem5_ joined #salt
14:29 DEger joined #salt
14:30 tiwula joined #salt
14:30 subsignal joined #salt
14:30 rem5 joined #salt
14:30 DEger joined #salt
14:34 nicksloan joined #salt
14:35 rem5 joined #salt
14:36 daemonkeeper So, I have the gut feeling Salt proxies are entirely broken when you try to use them in an environment not named "base"
14:36 daemonkeeper I at least can't seem to get them running at all.
14:37 daemonkeeper Has anybody any clue about this LazyLoader logic?
14:37 rem5 joined #salt
14:40 promorphus joined #salt
14:40 subsignal joined #salt
14:41 sgo_ joined #salt
14:44 Taxz_ joined #salt
14:49 saras joined #salt
14:49 subsignal joined #salt
14:49 saras how can download image form docker salt builds it
14:51 hasues joined #salt
14:51 DarkKnightCZ joined #salt
14:52 saras salt.states.dockerng.image_present does this return return info need to download the image
14:53 deus_ex joined #salt
14:54 bmccormick anyone know the setting in a salt-cloud profile to manually set the mac address of a vm so I can deploy it with the same mac address so the ip reservation in dhcp works?
14:54 bmccormick tried mac_address:  *************
14:54 bmccormick no love
14:58 jas02 joined #salt
15:01 ivanjaros joined #salt
15:12 alwaysatthenoc joined #salt
15:15 NV joined #salt
15:15 jimklo joined #salt
15:17 rem5 joined #salt
15:19 Trauma joined #salt
15:22 Aleks3Y joined #salt
15:22 coredumb Hi folks
15:23 coredumb I need help understanding how the pkg state pkg.latest can work when from the code the only thing it's doing is call pkg.install even on updates ?
15:24 coredumb I must miss something and reading aptpkg any yumpkg modules I don't where the install function is switching in update mode when the package is already installed ?
15:24 BattleChicken joined #salt
15:25 Guest13888 joined #salt
15:27 Edgan coredumb: pkg.installed normally just makes sure a package is installed. If you want a certain version you can do say nginx: 1.2.3   instead of just nginx for the package name
15:27 coredumb oh nice this is the default behaviour of apt
15:27 coredumb >_<
15:27 Edgan coredumb: pkg.latest is an option what will always update a package, but it is dangerous
15:27 coredumb Edgan: I don't want a certain version I want the latest available ;)
15:27 Edgan coredumb: Good for things like bash
15:27 coredumb yes it's fine by me
15:28 Edgan coredumb: bad for things like mysql, postresql, mongodb, cassandra
15:28 coredumb yeah indeed
15:28 west575_ joined #salt
15:29 Edgan coredumb: At one employer, the guy before me got fired after accidentally using the equivalent of pkg.latest in Puppet on mysql servers.
15:29 coredumb ok so pkg.latest makes the assumption that pkg.install will update in case the package is already installed :/
15:30 MConceicao joined #salt
15:30 coredumb means I need to update my apk module to support update in install() :(
15:30 Edgan coredumb: If 1.2.3 of nginx is already installed pkg.latest will give you a newer 1.2.4. pkg.installed will do nothing unless you specified 1.2.4 as the version.
15:31 coredumb Edgan: my problem is not the concept behind the state it's how it actually works under the hood
15:31 coredumb :)
15:32 Edgan coredumb: yeah, apt-get install will always update, where as yum install won't
15:32 Edgan coredumb: but salt should protect you from that
15:32 coredumb edgan so pkg.latest would not work on yum system
15:32 coredumb that's quite bad
15:33 Edgan coredumb: no it does
15:33 whytewolf coredumb: no, yumpkg setups up pkg.install to update if the package is already installed
15:33 onlyanegg joined #salt
15:33 Edgan coredumb: yum update nginx works
15:33 aawerner joined #salt
15:33 west575 joined #salt
15:33 coredumb whytewolf: I failed to see that
15:34 coredumb so I stand true, I have to support update from install() from my pkg module
15:35 Edgan coredumb: you talking about a module or a state?
15:35 Edgan coredumb: I am talking about states
15:35 whytewolf Edgan: he is building a module for a package manager for alpine
15:35 emaninpa joined #salt
15:36 whytewolf so he needs the pkg state to use all of the features of the pkg module
15:37 coredumb Edgan: what he said :)
15:37 bluethundr joined #salt
15:37 coredumb whytewolf: so yeah basically I fixed only half of the problem in the patch I sent last night
15:38 west575_ joined #salt
15:39 pdayton joined #salt
15:40 awerner_ joined #salt
15:42 whytewolf coredumb: yumpkg looks like it uses reinstall instead of update.
15:44 bluethundr hey guys... when I launch amazon ec2 instances using this cloud profile in salt cloud
15:44 bluethundr https://gist.github.com/bluethundr/10beff89f47134bf7779d33f2a5b042f
15:44 bluethundr they get launched using the wrong security group
15:44 bluethundr it uses a 'default' SG instead of the one I specify
15:44 bluethundr what am I doing wrong?
15:45 coredumb whytewolf: yeah that's what I missed.... That's uggly!
15:47 DarkKnightCZ joined #salt
15:47 whytewolf bluethundr: are you using the aws or the ec2 driver?
15:48 bluethundr let me check
15:48 bluethundr whytewolf: I'm using the ec2 driver
15:49 bluethundr this is what I have in my provider config
15:49 bluethundr driver: ec2
15:49 coredumb whytewolf: ok works as expected now !
15:49 whytewolf then it is just securitygroup SecurityGroupID is used with the network drivers and should be indented to that level
15:49 wendall911 joined #salt
15:50 bmccormick how do I set in a profile using the salt-cloud to tell it to install vmware tools?
15:50 bluethundr hmm ok
15:50 bluethundr and btw
15:51 whytewolf actually that looks like the issue. SubnetID SecurityGroupID and PrivateIpAddress are all network_interface options that should be indented so they are directly under DeviceIndex
15:51 bluethundr oh ok
15:51 bluethundr I'll give that a shot
15:51 irctc771 joined #salt
15:52 wendall911 joined #salt
15:52 chupetito joined #salt
15:52 whytewolf bmccormick: that would be a job for salt once the vm is spun up. have the new instance trigger a reactor that installs vmtools
15:54 stooj joined #salt
15:54 chupetito hi everyone. Wondering if anyone on the community is working with saltstack vro plugin (for vmware). I am running into an issue where I can't install the saltstack plug-in in vmware. No errors provided it just simply does not install. I have the Java stack trace and can paste somewhere if anyone is willing to help me. thanks in advance.
15:54 bluethundr think something like this will work?
15:55 bluethundr https://gist.github.com/bluethundr/0c19ad95b26230c46ced045b48dad9d8
15:56 whytewolf bluethundr: still need the - on DeviceIndex ... basicly you are creating a list of dicts
15:56 netcho joined #salt
15:56 bluethundr ok
15:57 bluethundr like this?
15:57 bluethundr https://gist.github.com/bluethundr/be1553ee151553f8935cb62aaed1caab
15:57 whytewolf yes, although you might need more indenting on - Primary: True
15:57 bluethundr or do I need - next  SubnetId and  SecurityGroupId ?
15:57 bluethundr ok
15:59 jas02 joined #salt
15:59 whytewolf it is kind of like what you have for block_device_mappings. each - repersents a new device. with the options for each under it
15:59 bluethundr ok
15:59 bluethundr that makes sense
16:00 bluethundr I'm indenting - Primary: True under PrivateIpAddresses, but it's not making any difference in the output
16:00 bluethundr so I'm not sure how much to indent by
16:00 whytewolf 2 spaces
16:01 bluethundr kewl thanks
16:01 jaybocc2 joined #salt
16:02 cyborg-one joined #salt
16:02 whytewolf bluethundr: they have a pretty good example of the layout here https://docs.saltstack.com/en/latest/topics/cloud/aws.html#cloud-profiles look under base_ec2_vpc for the network_interfaces example
16:03 bluethundr whytewolf: nice, thanks
16:03 teryx510 joined #salt
16:03 bluethundr I'll take a look
16:03 promorphus Does anyone know of a way to let the salt-master restart itself during a job and keep going? I've got a 'listen-in' that restarts the master, and after running it with 'salt saltmaster state.sls dothisthing', the job hangs waiting to talk to the salt master
16:04 doda joined #salt
16:05 whytewolf promorphus: I tend to use something like this instead of a service restart. that way the job finishes and then a min later salt restarts [you can replace salt-minion with salt-master https://docs.saltstack.com/en/latest/faq.html#what-is-the-best-way-to-restart-a-salt-daemon-using-salt
16:12 promorphus That looks like pretty decent, but im wondering how that interacts with 1) reactors and 2) how can it be guaranteed that it happens at the END of a run?
16:12 promorphus Ah, never mind, the order: last, got it
16:13 jenastar joined #salt
16:13 stooj joined #salt
16:14 whytewolf reactors would act like they do when salt-master restarts.
16:17 jaybocc2 joined #salt
16:19 Lionel_Debroux joined #salt
16:23 rem5_ joined #salt
16:26 racooper joined #salt
16:34 beowuff joined #salt
16:42 Ryan___ joined #salt
16:45 KingOfFools joined #salt
16:49 brotatochip joined #salt
16:52 woodtablet joined #salt
16:54 lorengordon joined #salt
16:57 woodtablet joined #salt
16:59 Joe630 left #salt
17:00 jas02 joined #salt
17:04 pipps joined #salt
17:05 impi joined #salt
17:06 edrocks joined #salt
17:08 alexlist joined #salt
17:13 edrocks joined #salt
17:18 brotatochip joined #salt
17:19 stomith joined #salt
17:32 frew1 when we have accepted a server (let's say the minion name is `a`) and another server tries to connect, also with minion id `a`, how can I tell the new one to reject?
17:32 frew1 similarly, if we had an old server `b` and a new server `b` comes online and I want to remove the old `b` and accept the new one, how can I do that?  It seems like the only option is delete all `b`s and accept the new one when it retries
17:33 Tanta serverIDs should be unique
17:33 Tanta you must purge the old A's and B's before the new ones come online
17:34 frew1 well this is in a security context
17:34 Tanta if salt-call test.ping <server_id>; then : ; else salt-key -d <server_id>; done
17:35 pipps joined #salt
17:35 frew1 I am assuming a "Bad guy" can choose names
17:35 ALLmightySPIFF joined #salt
17:35 cscf frew1, minions and masters use PKI to auth each other.
17:35 frew1 I don't really see how that's true in practice
17:35 frew1 to authenticate a minion
17:35 frew1 you simply auth by name
17:36 Tanta you can't have ID collisions
17:36 cscf frew1, or you can auth by comparing fingerprints, if you care.
17:36 frew1 cscf: I do care, how do I do that?
17:36 frew1 Tanta: you can, we do, just try it.
17:36 cscf As with all PKI, the weak point is the user, not the system.
17:37 Tanta when I was using a master setup, with autoscaling nodes, I purposely purged the old keys
17:37 edrocks joined #salt
17:37 frew1 well a system that goes by name that the untrusted parts choose is flawed
17:37 Tanta now I run masterless which is way more secure
17:37 frew1 so I feel like we MUST go with fingerprint
17:37 frew1 I don't see a way with the wheel that we have access to a fingerprint though
17:37 Tanta I would say that a system that doesn't work as intended is flawed, or one that creates unnecessary confusion with non-unique identifiers is flawed
17:38 cscf frew1, salt-key -F
17:38 frew1 awesome
17:38 mikecmpbll joined #salt
17:38 frew1 cscf: can this functionality be accessed by wheel.key?
17:38 frew1 I'm trying to bake most of this into a reactor
17:39 frew1 I see that I can get the fingerprints, but not how I can accept via fingerprint
17:39 cscf frew1, I have never used wheel, but a quick look at the docs shows salt.wheel.key.finger
17:39 beowuff joined #salt
17:40 rem5 joined #salt
17:40 frew1 it seems like there are race conditions here
17:40 frew1 like, I check the fingerprint with finger
17:40 frew1 accept minion a
17:41 frew1 and in the meantime an adversary controlled minion with name a connects and also gets accepted
17:41 frew1 even deleting all `a`s if there are duplicates has the same race
17:41 frew1 right?
17:41 whytewolf instead of trying to worry about accepting the keys after words. presign a key for a and transfer it to a
17:41 Trauma joined #salt
17:41 frew1 whytewolf: I love that idea, and actually want to do exactly that
17:42 frew1 whytewolf: but I didn't see how
17:42 whytewolf https://docs.saltstack.com/en/latest/topics/tutorials/preseed_key.html
17:42 frew1 whytewolf: I'll read this, thanks so much
17:42 Tanta or do what we did at my old job and whip up a fancy little python web interface on the salt master to approve and list keys
17:43 west575 joined #salt
17:43 Tanta that wouldn't help with automation though
17:43 tapoxi joined #salt
17:43 whytewolf frew1: you might also want to look into saltify which automates the process
17:43 tapoxi I keep seeing "/usr/lib/python2.7/site-packages/salt/grains/core.py:1493: DeprecationWarning: The "osmajorrelease" will be a type of an integer."
17:43 tapoxi what does it mean?
17:43 frew1 Tanta: fwiw my initial step was to use salt-api to automate this
17:43 Tanta I don't think we ever found a smooth way to entirely automate key provisioning
17:43 frew1 Tanta: though I still think there are serious security problems with everything (Except preseeding) I've seen suggested.
17:44 frew1 whytewolf: yeah, automation is critical; will do
17:44 Tanta you could also do something on the salt master via cron with expect
17:44 Tanta that's a really old school way to automate it however
17:45 whytewolf I have flash backs to nightmares everytime i hear expect
17:45 frew1 I'm not sure why that would be any better than using a reactor.
17:45 Tanta https://www.reddit.com/r/saltstack/comments/3jeggp/automating_key_acceptance/
17:45 saltstackbot [REDDIT] Automating key acceptance (self.saltstack) | 3 points (81.0%) | 19 comments | Posted by MrBooks | Created at 2015-09-02 - 20:15:16
17:45 frew1 just slower
17:45 Tanta this might be useful
17:45 onlyanegg joined #salt
17:45 frew1 yeah I think I read that
17:45 frew1 it doesn't do anything at all to validate the servers it's accepting
17:46 Tanta you would need a second secret for that
17:46 frew1 well what I'm attempting
17:46 frew1 which is not perfect but probably sufficient
17:47 frew1 is to use AWS' API as a form of attestation
17:47 Tanta you could put together a small little web endpoint that takes the server ID and a separate authentication key
17:47 tapoxi anyone else getting that deprecationwarning?
17:47 cscf tapoxi, yes I do
17:47 Tanta have it arrive to the web endpoint, validate the key, and forward the ID to be signed
17:47 frew1 minion connect over api, we verify that the minion id matched the hostname, and that the IP it connected from is the IP that AWS says that host should be using
17:47 Tanta that way a malicious actor whom deploys rogue servers cannot automatically join your salt master
17:49 Tanta yep, that is the same thing except using the IP as the auth key
17:49 frew1 right
17:49 frew1 it's sorta lame but it's simple and should be reliable
17:49 hax404 joined #salt
17:49 Tanta simple and lame is better than complex and lame when it breaks :)
17:49 whytewolf Tanta: have not seen it. but my guess is that in an upcoming release osmajorrelease will only be a number. in cases where currently it might be a string?
17:49 frew1 hear hear
17:49 whytewolf err not Tanta
17:49 whytewolf tapoxi: that was meant for you
17:50 whytewolf stupid tab compleate and not paying attention gets me again
17:50 tapoxi whytewolf ok thanks, guess I have some formula or something checking it
17:50 bluethundr hey whytewolf, your suggestion to line up the security group under networking worked perfectly
17:51 bluethundr thank you
17:51 bowhunter joined #salt
17:51 whytewolf tapoxi: or you have a distro where it is a str currently
17:51 frew1 whytewolf: so putting keys in /etc/salt/pki/master/minions/ is sufficient to accept them?
17:51 frew1 whytewolf: there's no problem with salt needing to be told I did that?
17:51 edrocks does dockerng.running not try and pull the latest image if your tag is latest? ie if you already have an image tagged "latest" but it has been updated, how do you get dockerng.running to pull the new version?
17:52 whytewolf frew1: nope. no problem with it. since it is technically all salt-key does when you accept a key anyway
17:52 frew1 ok I assumed it did some in memory stuff too
17:52 frew1 great
17:53 frew1 then what I'll do is include the key via the web interface and place the key there with the reactor
17:55 hax404 joined #salt
17:58 frew1 whytewolf, Tanta: Thanks, I think this will be a very solid solution.
17:58 frew1 Assuming my boss is down I'll document it, as it seems like a solid way to do it in AWS
18:00 jas02 joined #salt
18:01 armonge_ joined #salt
18:02 Rumbles joined #salt
18:05 west575 joined #salt
18:08 asay joined #salt
18:08 jaybocc2 joined #salt
18:09 cyteen joined #salt
18:10 Tanta anytime
18:11 edrocks joined #salt
18:13 stomith salt-cloud doesn't seem to be able to provision a vm a second time after I've deleted the first time for a trial?
18:13 stomith rather, it provisions, but won't install salt. ssh times out.
18:14 cscf stomith, probably you have to delete the minion key from the master
18:15 whytewolf ssh timing out shouldn't be affected by salt key. also if it was deleted with salt-cloud the key will already be deleted
18:15 stomith cscf, salt-key -L doesn't return the minion. maybe I need to look elsewhere on the file system?
18:16 whytewolf stomith: run with -l debug and see if the ips it is getting and thinks it should use are the ips of the vm that got started
18:16 stomith I'll try that! thanks.
18:16 infrmnt joined #salt
18:18 Bryson joined #salt
18:20 DarkKnightCZ joined #salt
18:26 stomith huh. esx is not connecting the interface. that's a start to look in the right direction
18:33 renaissancedev joined #salt
18:34 renaissancedev What is the standard recommendation for referencing the same pillar value in different files? For instance, I need to pass the Mongo admin password to a backup script, as well as needing it for application deployments.
18:35 cscf renaissancedev, you mean referencing the same value from different states, or from other pillar files?
18:36 renaissancedev cscf: From other pillar files
18:36 losh joined #salt
18:37 renaissancedev For the most part I've been handling different environments via pillar merging strategies. What I haven't yet settled on is a satisfactory solution for using the same value at different keypaths in different files.
18:38 cscf I have wondered about that too, but haven't looked into it yet.
18:38 renaissancedev My initial approach was to place those values in pure Jinja files which I could then import and reference the values, but the whitespace requirements for GPG quickly became an issue.
18:38 renaissancedev That's why I'm currently looking into writing a saltpack renderer module which would solve the whitespace problem.
18:40 infrmnt joined #salt
18:42 renaissancedev On another note, does anyone know if it's possible/how you would configure pillarstack along with git_pillar? All of my pillar data is hosted in a private git repo on a private server and I don't relish the thought of having to handle syncing that to the master.
18:42 mikecmpbll joined #salt
18:46 sjmh renaissancedev i'm not sure you can, since git pillar doesn't really put the files on the filesystem where pillarstack would be looking to read them..
18:46 renaissancedev Yeah, that's what I was afraid of. That's what keeps me from using any of the other external pillars.
18:46 sjmh probably the easiest way would be to go away from git pillar and just sync the repos down to specific directories via cron or something, and then you could use the other ext pillars
18:48 renaissancedev Agreed, I just haven't hit a point where doing that was less painful than getting creative with how I structured my pillar data.
18:49 renaissancedev I'm sure it will happen, I'm just not there yet.
18:51 nixjdm joined #salt
18:52 AndrewL joined #salt
18:52 sjmh yea we haven't gotten to that point either of needing something to organize the pillar data within the git repos
18:52 sjmh so git pillar has been working ok so far
18:53 shadoxx git pillar?
18:53 sjmh shadoxx : lets you store your pillar files up in git repos
18:57 haam3r joined #salt
18:59 renaissancedev Same idea as gitfs, just for pillar data.
19:00 sjmh renaissancedev - do you guys have different salt master setups and if so, do you keep a separate repo for each setup or do you branches w/in the same repo to sync to the different masters?
19:00 sjmh right now we're doing the latter - not sure i like it
19:00 Tanta I use different branches of Salt for different environments, all managed w/Git
19:01 Tanta NOT using gitfs, but just having a simple wrapper that makes sure the system is on the appropriate branch - qa/test/stage/master
19:01 jas02 joined #salt
19:01 sjmh Tanta - for different environments, like for completely different masters? ie - you have a development master with it's own minions and it just reads from the 'test' branch or whatever?
19:01 sjmh or for different 'saltenvs'
19:02 renaissancedev sjmh: I just have one master and I handle targeting of different environments by having separate pillar files and using compound targeting.
19:03 pipps joined #salt
19:03 BattleChicken1 joined #salt
19:05 Tanta no masters
19:05 Tanta Git is acting as a de-facto salt master for each environment
19:05 Tanta I have a little cron job which inspects the remote origin of Git and does pull/highstate if there are new commits
19:07 Tanta you lose a) orchestration and b) easy mass updates, but it's worth thinking about if you're not too deep into the multiple masters territory
19:07 Tanta it came down to managing 5 different masters, or having an environment that self-adapts the first time it boots up
19:09 renaissancedev On a different subject, does anyone know if it's possible to import data from a pyobjects file into a yaml file, similar to using the `{% from "foo.yml" import bar with context %}` syntax for Jinja?
19:09 renaissancedev On a different subject, does anyone know if it's possible to import data from a pyobjects file into a yaml file, similar to using the `{% from "foo.jinja" import bar with context %}` syntax for Jinja?
19:11 BattleChicken1 left #salt
19:14 pipps joined #salt
19:14 rem5_ joined #salt
19:17 edrocks joined #salt
19:24 theblazehen_ joined #salt
19:31 DEger joined #salt
19:34 johnkeates joined #salt
19:34 pipps joined #salt
19:39 Sarph joined #salt
19:40 ajw0100 joined #salt
19:41 nidr0x joined #salt
19:41 demize- joined #salt
19:42 CheckYourSix_ joined #salt
19:42 rideh- joined #salt
19:42 Criggie_ joined #salt
19:42 jor joined #salt
19:42 concernedcitizen joined #salt
19:42 concernedcitizen joined #salt
19:44 pmcg joined #salt
19:45 MarcioConceicao joined #salt
19:46 fxdgear joined #salt
19:47 Xevian_ joined #salt
19:47 fxdgear after running `sudo salt '*' mine.flush` from my salt-master...
19:48 fxdgear and then running `sudo salt '*' mine.get 'role:ucp_controller' network.ip_addrs grain` I have some network ip addrs that are "lingering" and won't delete.. /clear
19:48 fxdgear how can I clear that data..
19:49 TomJepp_ joined #salt
19:50 aarontc joined #salt
19:50 munhitsu_ joined #salt
19:51 Sketch joined #salt
19:51 ssplatt joined #salt
19:56 IdoKaplan joined #salt
19:57 Criggie joined #salt
19:57 nicksloan joined #salt
19:58 IdoKaplan Hi Guys, Is there anyone here that using elasticsearch as ext_job_cache? I need working templates :)
19:58 cmarzullo side returner or master returner?
19:59 IdoKaplan Both
19:59 leev joined #salt
19:59 cmarzullo doesn't work: https://github.com/saltstack/salt/issues/23125
19:59 saltstackbot [#23125][OPEN] Elasticsearch as master_job_cache throws critical | Hi all,...
20:02 jas02 joined #salt
20:04 IdoKaplan ohh, bad news.
20:04 cmarzullo yeah whish I had the skill to fix that.
20:04 cmarzullo I very much want to visualize my job runs.
20:05 cmarzullo splunk has good support but $$
20:05 bowhunter joined #salt
20:05 cscf My state.apply is hung.  Any tips for diagnosing the problem?
20:06 IdoKaplan Do you know if there are plans to fix it?
20:07 mikea joined #salt
20:07 Xevian joined #salt
20:07 cmarzullo I brought it up at salt conf. But didn't have feel goods about it.
20:07 cmarzullo I fear that getting that working would compete with their enterprise product.
20:08 cmarzullo Also was suggested I buy support then they could fix it.
20:08 armonge_ joined #salt
20:08 cmarzullo It's got all the right tags. bug/core/High Sev/P1
20:09 edrocks cmarzullo: there are 59 pages of high sev bugs :( https://github.com/Reactive-Extensions/RxJS/blob/master/doc/api/core/operators/topromise.md
20:09 tapoxi joined #salt
20:09 cmarzullo yeah. I know they busy. I ain't faulting them. I wish I had the skills to fix it. :(
20:10 edrocks woops wrong link https://github.com/saltstack/salt/labels/High%20Severity
20:10 edrocks I'm not faulting them either. I just meant that labels don't mean all that much. We do not really know what they are prioritizing atm
20:10 edrocks tends to be an issue with larger projects
20:11 cmarzullo I was trying to bribe my coworker to see if he could fix it. . .
20:11 edrocks lol
20:11 cmarzullo "I bet you aren't good enough to solve this"
20:12 cmarzullo sometimes that works.
20:12 IdoKaplan cmarzullo: I really want to send salt logs to elk and I didnt find something that is working. salt runner is not good also because the output is one line json and I didn't manage the split the output to events.
20:12 cmarzullo I am very much in the same boat.
20:12 IdoKaplan Maybe you heard someone that managed to do it.
20:12 IdoKaplan Ohh, I see
20:15 Eugene joined #salt
20:16 west575 joined #salt
20:17 cscf I'm trying to make a List in Pillar, and it's not showing up.  This is correct right? "  nc_app_list: \n    - documents   "
20:17 jas02 joined #salt
20:17 |aaron i have a value in a minion's pillar that i need to make available to other minions... can i use salt mine for that? ive tried defining a mine alias that uses pillar.get as a mine function but it doesnt seem to work? is this possible?
20:18 cmarzullo cscf: you have a gist?
20:18 cmarzullo |aaron: not really.
20:19 cscf cmarzullo, https://gist.github.com/anonymous/191aa9bf420c24cfa07cefe7d74de995
20:20 cmarzullo yeah that looks right.
20:20 |aaron cmarzullo: hm. so what i was trying to do was store a minions physical location in its pillar data, so i can use that for creating cnames and stuff elsewhere. is using grains the only approach? i liked  the idea of having everything defined on the master
20:20 |aaron or i guess i could store *every* minions location in *every* minions pillar but that seems clunky too
20:21 armonge joined #salt
20:21 cmarzullo can you tell which location a minion is in by any other grain? Like I've seen it where there's lists of ip networks and you can be like if you in this list you in london, that list you in nyc
20:21 cmarzullo Then in your pillar you can write the jinja to do that.
20:23 |aaron hmm yeah maybe that could work
20:23 om joined #salt
20:24 cscf cmarzullo, does pillar.items cache things/ not update immediately?
20:25 sandro_ joined #salt
20:25 q1x joined #salt
20:26 cmarzullo For me, generally, but I've heard sometiems it doesn't. Do a salt <minion_id> pillar.items()
20:26 cmarzullo or the salt-call version of the same.
20:26 cmarzullo sorry don't use ()
20:27 cmarzullo and compare it to pillar.raw for the minion
20:31 scoates joined #salt
20:31 lero joined #salt
20:31 sgo_ joined #salt
20:31 Trauma joined #salt
20:32 infrmnt joined #salt
20:35 dimeshake_ can salt package manager be used with masterless minions?
20:36 manfred joined #salt
20:37 cscf cmarzullo, oops, figured it out.  Mismatched variable names was all.
20:37 netzvieh_ joined #salt
20:37 Rumbles joined #salt
20:37 cmarzullo cscf: woot!
20:39 bakins joined #salt
20:40 onlyanegg joined #salt
20:42 Trauma_ joined #salt
20:42 cscf_ joined #salt
20:42 tiaz joined #salt
20:47 brotatochip joined #salt
20:54 jesusaur joined #salt
20:59 infrmnt joined #salt
21:00 chamunks joined #salt
21:04 snaggleb_ joined #salt
21:06 pipps joined #salt
21:10 GreatSnoopy joined #salt
21:10 nidr0x joined #salt
21:11 fxdgear is there a grain in salt for getting the public ip?
21:12 hemebond fxdgear: There is a way, I believe, of filtering the IPs for that, yes. Lemme search.
21:12 fxdgear @hemebond cool. everything I'm looking at is returning internal IP's :(
21:12 subsignal joined #salt
21:12 fxdgear which is cool for most the things but I need an external for a few things.
21:12 hemebond Oh, the public IP is not an interface on the minion?
21:13 fxdgear hemebond it's an AWS thing
21:13 hemebond I don't understand.
21:13 fxdgear on the aws dash board i can see `public ip` and `private ip`
21:13 cscf fxdgear, then you should get it from the AWS API
21:13 hemebond Sure, but it should still be a network interface on the minion.
21:13 cscf hemebond, might be NAT'd?
21:14 fxdgear @cscf :( the minion doesn't have a way to look it up itself?
21:14 hemebond cscf: Right, so not a public interface but an external IP.
21:14 cyteen_ joined #salt
21:14 cscf fxdgear, if you run 'ip ad' on the virtual machine, do you get both IPs or just the private?
21:15 dbouchard joined #salt
21:15 hemebond My ec2 minion only shows private adaptors/IPs.
21:15 cscf fxdgear, you can't directly look up your NAT'd ip, though there are sites which will reply with it when asked.
21:16 fxdgear ok thanks I was hoping there was something I was missing about how salt-cloud creates ec2 instances such that it created a grain that would show it's public ip
21:17 hemebond fxdgear: salt 'myminion' cmd.run 'curl http://169.254.169.254/latest/meta-data/public-ipv4'
21:18 hemebond You can chuck that into a custom grain like you would to get ec2 tags.
21:19 hemebond By "chuck that" I mean, "adapt and use it".
21:19 hemebond Basically the info is there and accessible to the minion (assuming you've given it the role policies to read the data).
21:19 hemebond You'll just need to use a custom grain to fetch it.
21:20 jamesog joined #salt
21:20 hemebond Or don't.
21:20 hemebond Also there's https://github.com/saltstack/salt-contrib/tree/master/grains
21:21 brotatochip joined #salt
21:23 Rolypoly joined #salt
21:23 fxdgear joined #salt
21:23 hemebond fxdgear: Welcome back. https://github.com/saltstack/salt-contrib/tree/master/grains
21:27 fxdgear thanks chrome crashed on me :/
21:27 hemebond Ah
21:30 Sarphram joined #salt
21:32 jas02 joined #salt
21:33 hoonetorg hi
21:33 fxdgear @hemebond that worked perfect! :D
21:33 hoonetorg when i run salt-run something
21:34 hoonetorg grains['id'] in a pillar is the name of a arbitrary minion on the salt-master
21:35 hoonetorg why?
21:35 hemebond fxdgear: 👍
21:35 fxdgear ..
21:35 hemebond hoonetorg: salt-run is for running things on the master.
21:35 johnkeates is there any reclass-type function to deal with minions  in salt yet? I currently control hostnames and generated id's but incase i don't (i.e. cloud deployments), i'd like to have a plan in place (but one that is not reclass )
21:36 johnkeates grains are a no-go since they are easy to mod on the minion
21:36 hemebond fxdgear: Does it now show a thumbs-up icon for you?
21:36 fxdgear no :D
21:36 fxdgear I'm using kiwi IRC web app...
21:36 fxdgear pretty limited
21:36 hemebond johnkeates: You can use reclass with Salt.
21:36 johnkeates but i don't want to :D
21:36 hemebond fxdgear: Ah. It's a unicode symbol.
21:37 hemebond johnkeates: Then I don't really understand what you're asking :-D
21:37 johnkeates ☔️
21:37 johnkeates well, i want reclass without reclass :p
21:37 stopbyte joined #salt
21:37 hemebond oh, that's a neat one.
21:37 hemebond What is it in reclass that you want?
21:37 dimeshake fxdgear: there is an ec2_info grain you should add
21:38 dimeshake it can give you all sorts of useful ec2 info for your minions on aws
21:38 hoonetorg hemebond i know
21:38 johnkeates currently i control hostnames/id's, so when they connect, i can accept and since i use wildcards in my top file the hosts get configured with a single highstate
21:38 dimeshake https://github.com/saltstack/salt-contrib/blob/master/grains/ec2_info.py
21:38 dimeshake this wraps up what hemebond suggested, basically
21:38 hemebond hoonetorg: So what should grains['id'] return?
21:38 johnkeates so phpapp-*-prod will capture any instance that's gonna run a php app
21:39 johnkeates in the prod env too
21:39 hoonetorg hemebond: the minion_id of the salt master
21:39 johnkeates so that's nice
21:39 hemebond hoonetorg: But there is no minion on the master :-)
21:39 hemebond So there is no id.
21:39 hoonetorg master is also minion
21:40 hemebond You've installed salt-minion on your master?
21:40 hoonetorg (salt-formula)
21:40 hoonetorg yes for salt-formula (salt can manage itself with salt)
21:40 hoonetorg (their slogan)
21:40 hemebond Well, even if you have, the grains are only available when working with the minion.
21:41 hemebond salt-run does not run via the minion process.
21:41 hemebond Well, salt-formula is just for installing and managing minions.
21:41 hoonetorg but it does return something
21:41 hoonetorg why not an error
21:41 hemebond Doesn't mean you need a minion installed on the master.
21:42 hemebond Because you're using the master, not the minion running on the same host as the master.
21:42 hemebond They're separate.
21:42 hemebond You have salt-master running, which is where salt-run does its stuff.
21:42 hemebond And salt-minion which is where the minion-level stuff is done.
21:42 hemebond Both can run on the same server but are separate.
21:42 hoonetorg yes but shouldn't then grains be empty?
21:42 hoonetorg when doing salt-run???
21:43 hemebond I would have excepted it to be.
21:43 hoonetorg why do i get a grain of one fo my minions
21:43 hemebond But maybe there's some thread-unsafe stuff happening.
21:43 hoonetorg so this behaviour is unexpected???
21:43 keimlink joined #salt
21:43 hemebond Not sure, never done anything to encounter it myself.
21:43 hemebond I'm guessing here.
21:44 hoonetorg ok thx
21:45 hemebond dimeshake: So you want to use something like reclass to... use user-controlled minion names?
21:49 pipps joined #salt
21:52 hoonetorg hemebond: interestingly grains['id'] is wrong when doing "salt-run pillar.show_top" but when doing "salt-run state.orchestrate smthg" grains['id'] becomes <id_of_master>+"_master"
21:52 hoonetorg hmm
21:53 hoonetorg i believe this is also some grey area where i am tapping around
21:53 hemebond It sounds like it.
21:56 hasues left #salt
21:56 jhauser joined #salt
21:59 Leunamme joined #salt
21:59 Leunamme left #salt
22:02 pipps99 joined #salt
22:08 Rumbles joined #salt
22:13 JohnnyRun joined #salt
22:16 hemebond I've spent a fair bit of time trying to work around salt-cloud using EC2 :-(
22:17 heewa joined #salt
22:20 drawsmcgraw left #salt
22:22 pipps joined #salt
22:22 MTecknology HAHA!
22:23 MTecknology I was writing a script. It turned into a big script with modules, then it became a framework, and now I'm working on building out this framework.
22:23 MTecknology I just finally realized where "fun" comes from in salt.
22:23 pipps99 joined #salt
22:23 MTecknology I used to think of it as that word, "fun" .. not function :P
22:34 sjmh the grains dict probably isn't thread safe on the master in the context of a runner
22:34 sjmh hemebond
22:35 sjmh or at least, it's not thread-local
22:35 hemebond hoonetorg: ^
22:35 sjmh even __jid__ in a runner isn't thread local
22:35 hemebond Oh really...
22:35 sjmh yeah
22:35 sjmh ( found that out the hard way )
22:36 sjmh nor is __context__ ( which I find weird )
22:37 sjmh according to salt, it's thread safe, but it's not thread local.
22:37 hemebond What is __context__? The jinja template context?
22:37 sjmh https://docs.saltstack.com/en/latest/topics/development/dunder_dictionaries.html#context
22:37 hemebond lol, dunder
22:37 hemebond Oh I see.
22:38 hemebond I think I've seen people use that as a variable store before.
22:45 fxdgear thanks @dimeshake
22:46 Bryson joined #salt
22:46 Edgan joined #salt
22:48 jas02 joined #salt
22:50 jimklo_ joined #salt
22:57 bowhunter joined #salt
22:59 heewa joined #salt
23:01 riftman joined #salt
23:05 promorphus joined #salt
23:06 edrocks joined #salt
23:07 Edgan Salt lesson of the day: pygit2 used for gitfs doesn't follow symlinks. So if you have a symlink in your salt formulas git repository, it won't work.
23:10 keimlink_ joined #salt
23:31 verdverm joined #salt
23:31 verdverm hello, new to salt, trying to get past a bump along the learning way
23:31 verdverm using salt-cloud to create hosts
23:32 verdverm but "salt" command cannot find any of the minions...
23:32 verdverm I think it is likely a misconfiguration or something is in the wrong place
23:32 hemebond verdverm: Are the VMs created?
23:32 verdverm yup. logged in
23:32 hemebond does salt-key --list-all show the minions?
23:32 verdverm is it better to put all my salt files in one place or use the default dirs
23:33 hemebond What do you mean?
23:33 hemebond Oh, the states and stuff?
23:33 hemebond I use different directories.
23:33 verdverm well there is /etc/salt/... but that is not a great working directory, so I have been using a Saltfile
23:33 verdverm and having everything referenced from the working dir
23:33 hemebond /srv/salt/{formulas|pillars|reactors|states}
23:34 verdverm workdir/
23:34 hemebond Uh, I don't know what a saltfile is, sorry.
23:34 verdverm /salt/{...}
23:34 verdverm /cloud.*.d/...
23:34 teryx510 joined #salt
23:35 verdverm docs aren't great here
23:35 hemebond What do you mean?
23:35 verdverm I mean the docs aren't great
23:35 hemebond For what, though?
23:35 verdverm getting started lacks order
23:35 hemebond I don't think I've had any problems with this part of the configuration.
23:36 hemebond Mmm. I think I know of a part where the docs get too deep too quickly.
23:36 verdverm how to go from salt-cloud to actually setting up machines is mia
23:36 hemebond But the default setup works okay.
23:36 verdverm what is the default, I see at least three variations
23:36 hemebond it can be difficult but it usually depends on the cloud provider you're using.
23:36 pfallenop joined #salt
23:36 pfallenop joined #salt
23:37 hemebond Well, see, I don't really know what you're referring to. First you mentioned /srv/salt/ then you mentioned /cloud.*.d/
23:37 hemebond But those are different things.
23:38 verdverm yes, salt-cloud
23:38 verdverm that comes first to turn on the machines
23:38 verdverm then they need things installed on them
23:38 hemebond Right, so, the provider config goes into /etc/salt/cloud.providers.d/blah.conf
23:38 verdverm but the "salt" command does not find any of the minions
23:38 hemebond The you create profiles for various types of machines in /etc/salt/cloud.profiles.d/blah.conf
23:38 verdverm yup
23:39 verdverm done that
23:39 verdverm want to use them
23:39 hemebond That's because your minion hasn't been installed and configured.
23:39 verdverm yes it has
23:39 verdverm i have logged in and verified
23:39 hemebond So something went wrong with your provisioning.
23:39 hemebond (2016-09-30 12:32:53) hemebond: does salt-key --list-all show the minions?
23:39 verdverm no, nothing
23:39 hemebond Then the minion hasn't contacted your master.
23:40 hemebond Which means the bootstrapping failed for some reason.
23:40 verdverm yea, now that I remember the salt-key command
23:40 hemebond So if salt-minion is installed, have a look in the minion config: /etc/salt/minion
23:40 verdverm starting to look that way
23:40 hemebond Is the master defined in there?
23:40 verdverm I know what the issue is, I have an unreachable master
23:40 hemebond Can you telnet from the VM to the master on 4506?
23:41 hemebond Ah.
23:41 verdverm I need to bootstrap a master into the cluster
23:41 verdverm then point all the minions at that, tes
23:41 verdverm *yes
23:41 hemebond Can your VMs not talk to the outside world?
23:41 hemebond Or your existing master?
23:42 verdverm I'm running in a container on my laptop, booting a cluster in AWS
23:42 verdverm lolz
23:42 verdverm I want to get this way to work
23:42 hemebond Putting a master in AWS is the easiest way.
23:42 verdverm There is some way to make one of the VMs a salt-master
23:42 hemebond But I use a master on my local workstation for testing while provisioning EC2 instances.
23:43 verdverm putting it in AWS doesn't work, multiple accounts on mutliple cloud providers
23:43 verdverm https://docs.saltstack.com/en/latest/topics/cloud/map.html#setting-up-new-salt-masters
23:43 verdverm on a per cluster / VPN basis I think
23:43 hemebond As long as it's accessible it doesn't really matter where the master is.
23:44 iggy salt-ssh maybe?
23:44 verdverm yeah, all different VPNs, going to have 100s
23:44 verdverm of clusters
23:44 verdverm need some sort of salt-master hierarchy
23:44 hemebond syndics.
23:44 iggy not syndics
23:44 hemebond Is that not what syndics are for?
23:45 iggy theory vs reality
23:45 hemebond LOL
23:45 iggy sorry, if syndics (with all of their shortcomings) works for you, that would be a good fit for this kind of job
23:47 verdverm I need total isolation in the cluster, probably want a salt-master in each. Just wanting to make a GIANT cluster stamp machine.
23:48 Klas joined #salt
23:48 jas02 joined #salt
23:50 verdverm I think I did a roster file + salt-ssh to get the first master last time
23:52 swa_work joined #salt
23:54 pfallenop joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary