Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2016-10-14

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:01 dendazen joined #salt
00:02 edrocks joined #salt
00:06 Rasathus joined #salt
00:08 nineteen joined #salt
00:08 amontalban joined #salt
00:14 q1x joined #salt
00:18 nineteen joined #salt
00:22 jenastar joined #salt
00:24 snc joined #salt
00:39 nineteen joined #salt
00:48 nineteen joined #salt
00:53 aidin1 joined #salt
00:53 vegasq joined #salt
00:58 flowstate joined #salt
01:01 DEger joined #salt
01:01 mavhq joined #salt
01:07 Kevin joined #salt
01:07 catpiggest joined #salt
01:08 nineteen joined #salt
01:13 DEger joined #salt
01:19 nineteen joined #salt
01:19 DEger joined #salt
01:29 nineteen joined #salt
01:29 netcho joined #salt
01:31 DEger joined #salt
01:38 nineteen joined #salt
01:38 DEger joined #salt
01:41 sebastian-w_ joined #salt
01:46 John_Kang joined #salt
01:48 ilbot3 joined #salt
01:48 Topic for #salt is now Welcome to #salt! | Latest Versions: 2015.8.12, 2016.3.3 | Support: https://www.saltstack.com/support/ | Logs: http://irclog.perlgeek.de/salt/ | Paste: https://gist.github.com/ (please don't multiline paste into channel) | See also: #salt-devel, #salt-offtopic | Ask with patience as we are volunteers and may not have immediate answers
01:50 nineteen joined #salt
01:50 TomJepp joined #salt
01:51 DEger joined #salt
01:51 Deliant joined #salt
01:54 DEger joined #salt
01:55 DammitJim joined #salt
01:55 DammitJim I'm performing pkg.update
01:56 DammitJim and it is returning false with code 100
01:56 hemebond ????
01:56 DammitJim where do I look up what that means?
01:56 DammitJim result, sorry
01:56 hemebond Which package system does the minion use?
01:56 DammitJim apt
01:57 hemebond " E: Sub-process /usr/bin/dpkg returned an error code (100) " ?
01:57 hemebond ls -lh /usr/bin/dpkg
01:57 DammitJim where do you see that?
01:57 hemebond Googling.
01:58 hemebond You should be able to look at the apt logs on the minion to find the full error.
01:58 DammitJim oh no, that's not the message that the master is printing
01:58 TomJepp joined #salt
01:58 gtmanfred DammitJim: run it with -l debug and it should show the full output of the apt-get command in the logs
01:58 DammitJim apt logs in minion. Got it!
01:59 DEger joined #salt
02:00 nineteen joined #salt
02:05 edrocks joined #salt
02:07 nineteen joined #salt
02:11 amontalban joined #salt
02:22 flowstate joined #salt
02:24 DammitJim is there an easy way for me to replace a string on a file with salt?
02:24 hemebond file.line
02:25 DammitJim even if it has " and ' and / in it?
02:26 DammitJim ugh, I'm on 2015.5.3
02:26 hemebond Yeah it can replace any line.
02:26 hemebond Editing lines is not the best way to manage file contents, but it's there.
02:26 whytewolf there is also file.replace
02:27 whytewolf and file.blockreplace if you need more then one line
02:27 DammitJim I messed up a script
02:27 DammitJim the script was updating some files
02:27 nineteen joined #salt
02:27 DammitJim now I need to remove an 's' and add an 's' somewhere else on that line
02:27 DammitJim dammit
02:28 DammitJim thanks
02:28 DammitJim I'll do it manually
02:28 DammitJim now that I have fixed my original script
02:29 evle joined #salt
02:34 DEger joined #salt
02:37 Kevin joined #salt
02:46 nineteen joined #salt
02:58 nineteen joined #salt
03:07 edrocks joined #salt
03:09 DEger_ joined #salt
03:19 nineteen joined #salt
03:21 vegasq_ joined #salt
03:22 flowstate joined #salt
03:27 nineteen joined #salt
03:29 knikolov joined #salt
03:30 netcho joined #salt
03:37 nineteen joined #salt
03:39 sp0097 joined #salt
03:47 sp0097 joined #salt
03:47 nineteen joined #salt
03:48 subsignal joined #salt
03:51 whitenoise joined #salt
03:57 nineteen joined #salt
04:10 bocaneri joined #salt
04:13 amontalban joined #salt
04:13 amontalban joined #salt
04:15 ekristen joined #salt
04:17 nineteen joined #salt
04:22 flowstate joined #salt
04:37 nineteen joined #salt
04:39 DEger joined #salt
04:44 sh123124213 joined #salt
04:48 nineteen joined #salt
04:57 nineteen joined #salt
05:07 nineteen joined #salt
05:11 edrocks joined #salt
05:11 DarkKnightCZ joined #salt
05:11 rdas joined #salt
05:18 nineteen joined #salt
05:21 flowstate joined #salt
05:21 PerilousApricot joined #salt
05:24 Perilous_ joined #salt
05:28 nineteen joined #salt
05:31 netcho joined #salt
05:34 impi joined #salt
05:37 nineteen joined #salt
05:50 nineteen joined #salt
05:56 felskrone joined #salt
05:58 nineteen joined #salt
06:03 ivanjaros joined #salt
06:05 nineteen joined #salt
06:15 amontalban joined #salt
06:15 amontalban joined #salt
06:18 nineteen joined #salt
06:18 rsys left #salt
06:20 flowstate joined #salt
06:22 nidr0x joined #salt
06:23 keimlink joined #salt
06:24 krymzon joined #salt
06:26 nineteen joined #salt
06:29 flowstate joined #salt
06:30 netcho joined #salt
06:37 nineteen joined #salt
06:48 nineteen joined #salt
06:50 sagerdearia joined #salt
06:51 sh123124213 joined #salt
06:52 jp47itc joined #salt
06:52 tuxx_ joined #salt
06:57 nineteen joined #salt
07:02 keimlink joined #salt
07:02 pppingme joined #salt
07:02 ProT-0-TypE joined #salt
07:04 Electron^- joined #salt
07:06 AirOnSkin joined #salt
07:07 nineteen joined #salt
07:13 edrocks joined #salt
07:15 sgo_ joined #salt
07:16 q1x joined #salt
07:17 Trauma joined #salt
07:17 nineteen joined #salt
07:18 ivanjaros3916 joined #salt
07:19 dariusjs joined #salt
07:23 DEger joined #salt
07:24 ronnix joined #salt
07:27 nineteen joined #salt
07:29 dariusjs joined #salt
07:34 bryang joined #salt
07:36 nineteen joined #salt
07:38 DEger joined #salt
07:46 nineteen joined #salt
07:47 BlackBishop can I list the modules ?
07:47 hemebond ?
07:48 hemebond More info required.
07:48 BlackBishop I do a sync_all and the modules seem to be synced .. but then I try to run a module, and it says it's not there ..
07:48 BlackBishop so I was wondering if I can list the modules on the minions
07:48 hemebond Is it there if you restart the minion?
07:49 BlackBishop nope
07:49 BlackBishop that's why I want to check ( list )
07:50 hemebond Does refresh_modules maybe return a list of what was synced?
07:51 hemebond I know sync_grains shows me what custom grains are synced.
07:51 hemebond Also if you do "salt myminion mycustommodule.<tab>" it will query the minion for available functions.
07:52 hemebond If it returns nothing then the module isn't there.
07:52 BlackBishop refresh_modules says True
07:52 BlackBishop :)
07:52 hemebond LOL
07:52 hemebond Drat.
07:52 hemebond Well, I guess that means everything it up to date and nothing was synced this time.
07:52 BlackBishop yep
07:52 hemebond What about using salt-call on the minion?
07:52 DEger joined #salt
07:53 sh123124213 joined #salt
07:53 hemebond ls -lh /var/cache/salt/minion/extmods/
07:53 hemebond That seems to be where custom modules end up on the minion.
07:53 BlackBishop nope .. and I don't see it in salt '*' sys.list_modules
07:54 hemebond So it isn't going over.
07:54 BlackBishop interesting /var/cache/salt/minion/extmods/modules is empty :)
07:54 hemebond Where is it on the master?
07:54 BlackBishop in git
07:54 BlackBishop using gitfs_roots...
07:55 hemebond But... under states/_modules ?
07:55 hemebond (or rather base/_modules)
07:56 BlackBishop I can see them in salt \* cp.list_master under /_modules/
07:56 krymzon joined #salt
07:57 nineteen joined #salt
07:58 DEger joined #salt
08:01 knikolov joined #salt
08:02 BlackBishop found out my problem, the module wasn't loading because of dependencies :)
08:03 mikecmpbll joined #salt
08:03 hemebond Ah, nice find.
08:05 Rumbles joined #salt
08:07 dingesX joined #salt
08:08 dingesX Hi all, i'm having a problem with external auth could someone please give me some insight what is going wrong here?
08:09 feld joined #salt
08:13 s_kunk joined #salt
08:13 impi joined #salt
08:14 feld_ joined #salt
08:16 lero joined #salt
08:16 nineteen joined #salt
08:16 lovecraftian joined #salt
08:17 amontalban joined #salt
08:17 amontalban joined #salt
08:19 babilen dingesX: Tricky to do so if you don't even tell us what went wrong or what you've tried
08:19 DEger joined #salt
08:20 flowstate joined #salt
08:20 NightMonkey joined #salt
08:26 nineteen joined #salt
08:30 DEger joined #salt
08:30 cppking joined #salt
08:32 cppking when I run  "salt '*' test.ping" on salt master which control a "salt-syndic" master,  I can't get the response of "salt-syndic" but minions under it's control, Is this situation normal  ?
08:37 nineteen joined #salt
08:37 tercenya_ joined #salt
08:38 ivanjaros joined #salt
08:41 geomacy joined #salt
08:41 tercenya joined #salt
08:44 jhauser joined #salt
08:44 DEger joined #salt
08:48 netcho joined #salt
08:48 nineteen joined #salt
08:49 dingesX joined #salt
08:54 netcho joined #salt
08:54 cyteen joined #salt
08:55 ccard_ If I add to /etc/salt/grains, does salt-minion need to be restarted to pick up the changes?
08:56 nineteen joined #salt
08:57 dariusjs joined #salt
08:58 babilen cppking: It is
08:58 SaltyVagrant joined #salt
08:59 cppking babilen: thx
09:00 dingesX Hi all, i'm having troubles with salt and external auth, im not sure what is going wrong and i'm pulling my hair out.... if someone would take a look at my master file i would really appreciate it
09:00 dingesX my masterfile: http://pastebin.com/h9dGRb88
09:01 dingesX versions reports for master and minion: http://pastebin.com/iCRbrVsf  and  http://pastebin.com/1Ntmwp24
09:04 Rasathus joined #salt
09:04 dingesX ps my OS is CentOS7.0
09:06 nineteen joined #salt
09:13 DEger joined #salt
09:15 filippos joined #salt
09:15 edrocks joined #salt
09:17 nineteen joined #salt
09:20 flowstate joined #salt
09:26 nineteen joined #salt
09:26 ronnix_ joined #salt
09:26 DarkKnightCZ is it possible to have execution module for local usage only? e.g. i want to have module on salt-master that will be used only by its minion and it shouldn't be synchronized elsewhere
09:27 hemebond dingesX: What is the problem you're having?
09:28 CeBe1 joined #salt
09:28 dingesX hemebond: i can't authenticate
09:29 hemebond dingesX: Oh, in my config pam isn't a list.
09:29 hemebond it's a dict with keys being the user names
09:29 hemebond and under the user name is a list of permissions.
09:29 hemebond But you have "- saltrunner:"
09:30 dingesX oh wow
09:30 dingesX i would hug you if i could :)
09:30 hemebond ????  ☺
09:30 DEger joined #salt
09:30 dingesX i was already messing in in the code.......aaargh..
09:30 hemebond Did that solve the problem?
09:30 dingesX yes
09:30 hemebond Excellent.
09:31 dingesX thank you so much!
09:31 hemebond You're welcome. Good luck ☺
09:31 hemebond DarkKnightCZ: Why does it matter if it's synced to other minions?
09:34 DarkKnightCZ hemebond: well, the problem is it shouldn't be synchronized to any minions, just to be on master
09:35 hemebond Would a runner be better?
09:37 DarkKnightCZ hemebond: yes, but it's not triggerable via API through syndic master of master
09:37 DarkKnightCZ i will probably create PR for this later
09:37 nineteen joined #salt
09:38 hemebond What if you put it in its own environment and targeted only your syndic minions?
09:38 ronnix joined #salt
09:38 CeBe1 joined #salt
09:38 hemebond (I'm not 100% sure that would work)
09:38 DEger joined #salt
09:39 DarkKnightCZ that could work, but there is no easy way to obtain registered minions for specific master (again, it's runner module)
09:40 hemebond I'm confused. I thought it was a module for minions.
09:42 DarkKnightCZ ah, i understood that wrongly
09:45 Ni3mm4nd joined #salt
09:46 peters-tx joined #salt
09:46 nineteen joined #salt
09:48 DEger joined #salt
09:49 CeBe1 joined #salt
09:49 dariusjs joined #salt
09:52 jas02 joined #salt
09:53 JohnnyRun joined #salt
09:54 sh123124213 joined #salt
09:56 jas02 joined #salt
09:56 nineteen joined #salt
09:57 jas02 joined #salt
09:59 Ni3mm4nd_ joined #salt
10:01 mpanetta joined #salt
10:01 Electron^- joined #salt
10:07 nineteen joined #salt
10:08 kbaikov joined #salt
10:08 feld joined #salt
10:09 keimlink joined #salt
10:09 zulutango joined #salt
10:10 jas02 joined #salt
10:11 DEger joined #salt
10:17 mpanetta joined #salt
10:17 nineteen joined #salt
10:18 amontalban joined #salt
10:18 amontalban joined #salt
10:19 Trauma joined #salt
10:20 flowstate joined #salt
10:24 cyteen joined #salt
10:25 yagnik joined #salt
10:25 nineteen joined #salt
10:33 sgo_ joined #salt
10:36 nineteen joined #salt
10:37 voileux_ joined #salt
10:44 yagnik left #salt
10:47 nineteen joined #salt
10:55 ronnix_ joined #salt
10:57 nineteen joined #salt
10:57 stack joined #salt
10:58 stack hello, is that possible to debug a generated jinja template?
10:58 hemebond stack: If you can get the context you can just render it manually with Jinja.
11:00 stack hemebond: ok I'll see how to get the context later, thanks
11:01 jas02 joined #salt
11:03 jas02_ joined #salt
11:03 hemebond Depending on what you're trying to debug, you might be able to see the problem/result by running the minion/master with debug logging.
11:05 DarkKnightCZ hmm, salt job lookup doesn't work with syndics?
11:06 nineteen joined #salt
11:09 ronnix joined #salt
11:10 hemebond Do syndics send their jobs back to the parent master?
11:16 DarkKnightCZ hemebond: probably not... salt-run jobs.lookup_jid 20161014110320546357 from master of maters returns empty data, from syndic master it returns valid data
11:17 edrocks joined #salt
11:17 DarkKnightCZ i've restarted salt-syndic, testing if that helps
11:17 nineteen joined #salt
11:19 DarkKnightCZ hmm
11:19 DarkKnightCZ apparently once syndic is restarted, the data are returned properly
11:19 DarkKnightCZ (for newly created jobs)
11:21 flowstate joined #salt
11:21 amontalban joined #salt
11:21 dendazen joined #salt
11:23 DarkKnightCZ found the issue... if salt-master is restarted, syndic is partially dead (i.e. doesn't forward job output)
11:23 DarkKnightCZ so if master is restarted, syndic must be restarted afterwards
11:24 amcorreia joined #salt
11:26 nineteen joined #salt
11:28 sgo_ joined #salt
11:28 jas02 joined #salt
11:30 jas02_ joined #salt
11:32 mike25de hi guys - I have a state that gets variables from a jinja file. Is it possible to have multiple jinja files... and to call the salt state with a parameter (pick data from X.jinja) ?  Any ideas?
11:33 babilen Keep it in pillars and reference it directly?
11:34 numkem joined #salt
11:36 nineteen joined #salt
11:38 mike25de babilen: can I do that? multiple pillar files for a host? and call an exact pillar file in the state via a param ?
11:41 DarkKnightCZ you can structure the pillars to distinct that by some key... also it should be possible to import variables from jinja files => {% from 'some.sls' import myvariable %}
11:42 babilen mike25de: What is that that decides which data you pass to a minion?
11:43 mike25de babilen: I want to call  state.sls mystate --with-a-param ... as DarkKnightCZ said .. I can have that param as the key in a pillar..
11:43 mike25de am I making any sense?
11:43 babilen Ah, so this is entirely a manual process?
11:44 mike25de the idea is that in jinja or pillar I store variables for some software deployments and this variables ... are different depending on some input I get from a web app...  so using salt-api I want to point the salt state to a specific set of variables (either jinja or pillar)
11:46 nineteen joined #salt
11:50 nicksloan joined #salt
11:50 babilen You can pass in pillar data and use that to decide which file to load
11:51 mike25de babilen: like this> salt '*' state.apply mystate pillar='{"foo": "bar"}'
11:51 mapu joined #salt
11:51 mike25de and then in the state I will do some logic based on the foo:bar - correct?
11:52 babilen That was one idea, yeah
11:52 babilen I rarely design things for the manual usecase though
11:52 nicksloan joined #salt
11:52 mike25de thanks babilen will try that
11:53 mike25de mine is not manual at all... all is automated... but each installation has sooo many different scenarios... that I need each scenario to save separately
11:54 mike25de so when salt state runs... it needs to know which variables from which scenario to load.. all the scenarios are jinja files now.
11:56 sh123124213 joined #salt
12:04 nineteen joined #salt
12:04 jeddi joined #salt
12:10 dariusjs joined #salt
12:16 nineteen joined #salt
12:18 jas02 joined #salt
12:18 voileux_ joined #salt
12:22 flowstate joined #salt
12:22 amontalban joined #salt
12:22 amontalban joined #salt
12:24 vegasq joined #salt
12:27 nineteen joined #salt
12:31 felskrone joined #salt
12:32 flowstate joined #salt
12:36 nineteen joined #salt
12:36 mk-fg joined #salt
12:36 mk-fg joined #salt
12:38 ronnix joined #salt
12:38 edrocks joined #salt
12:39 NV joined #salt
12:39 ronnix_ joined #salt
12:40 bryang joined #salt
12:40 m4rx joined #salt
12:40 Electron^- joined #salt
12:42 DammitJim joined #salt
12:48 shawnbutts how can i securely share a custom grain with other nodes that need it but not all nodes?
12:49 amontalban joined #salt
12:51 yidhra joined #salt
12:54 q1x hi all, I just installed katello 3.1 and am now trying to install the salt plugins as per https://theforeman.org/plugins/foreman_salt/7.0/index.html however, the foreman-installer doesn't recognize the salt install option: ERROR: Unrecognised option '--enable-foreman-plugin-salt'
12:54 q1x What am I missing, do I need to enable another repo?
12:55 DarkKnightCZ joined #salt
12:55 babilen q1x: Sounds more like a foreman problem tbh
12:58 nineteen joined #salt
12:59 q1x babilen: any idea where I could start?
12:59 q1x I'm a total Foreman n00b :)
13:01 babilen #theforeman comes to mind
13:02 q1x babilen: whoops
13:02 q1x actually, I meant to post this there
13:02 q1x wrong window :)
13:03 babilen heh
13:03 q1x thanks though :)
13:05 Tanta joined #salt
13:06 Brew joined #salt
13:07 nineteen joined #salt
13:07 voileux_ joined #salt
13:10 amontalban joined #salt
13:13 DarkKnightCZ joined #salt
13:13 aagbds joined #salt
13:14 ronnix joined #salt
13:14 John_Kang joined #salt
13:15 nineteen joined #salt
13:15 ivanjaros joined #salt
13:16 flughafen joined #salt
13:17 flughafen question about https://docs.saltstack.com/en/latest/ref/states/all/salt.states.network.html  <- does this still mean this wont work with suse?
13:18 voileux_ joined #salt
13:19 Nahual joined #salt
13:21 vegasq joined #salt
13:25 voileux__ joined #salt
13:26 nineteen joined #salt
13:27 dps would somebody be able to tell me the proper way to address multiple FileMatch directives in apache.configfile?  I am getting duplicate ID errors when implementing this syntax in a state file: https://gist.github.com/dsulli99/f1da25b0a5a9aa16a236519f03b23984
13:29 GordonTX joined #salt
13:36 nineteen joined #salt
13:37 bluenemo joined #salt
13:40 voileux_ joined #salt
13:41 babilen dps: Could you provide a bit more context to that snippet?
13:41 DarkKnightCZ joined #salt
13:41 babilen (i see no state)
13:41 dps babilen: sure gimme a sec
13:41 dps thank you for your help
13:41 dps (i need to scrub the data)
13:42 babilen Is that pillar data? You could turn (what I presume to be) the dict into a list with multiple FilesMatch entries
13:43 dps babilen: https://gist.github.com/dsulli99/eb93df4c02d971658d46f3a6a0ca2fa4#file-gistfile1-txt-L42-L49
13:44 farramat joined #salt
13:44 dps babilen no its not pillar data.  so you are suggesting to dict and iterate with jinja?
13:44 dps or something like that?
13:45 babilen dps: Curious that you don't pass it completely as from pillars, but the solution here is clear: Use something like: http://paste.debian.net/875782/ and then iterate over it?
13:45 nineteen joined #salt
13:45 farramat is there a way to do something like "salt -c 'G@group1 and G@group2' test.ping" and suppress the "ERROR: No return received" if that selection set ends up being empty?
13:46 farramat I'm doing some bash scripting and would prefer not to see the error if possible. nothing I've tried has worked so far
13:47 dps babilen: facepalm.  ok. that looks good.  i am not sure why you suggest passing it in as pillars and iterating over it, i feel like the example you provided would work without using pillar data
13:48 babilen It would, yeah
13:48 babilen It just keeps a lot of data in the SLS
13:48 babilen (and configuration)
13:49 babilen There is, however, no inherent problem with that
13:49 dps babilen: i dont need that level of abstraction, i appreciate you helping me though, this is exactly the information that i needed.
13:49 babilen You would have the same problem with other sections that you might want to repeat (e.g. "Location")
13:50 babilen https://github.com/saltstack-formulas/nginx-formula/blob/master/pillar.example#L98 that's how it's done in the nginx formula (which allows for repetitions)
13:51 babilen I think the apache formula on saltstack-formulas suffers from the same problem
13:52 jas02 joined #salt
13:52 keimlink joined #salt
13:52 dps babilen: yeah i think so too.  you gave me the information i needed. thank you so much, you are always really helpful.
13:54 babilen All the best
13:55 jas02_ joined #salt
13:57 shiriru joined #salt
13:57 nineteen joined #salt
13:57 sh123124213 joined #salt
14:00 marie1972 joined #salt
14:01 marie1972 left #salt
14:02 patrek joined #salt
14:05 racooper joined #salt
14:05 mapu joined #salt
14:10 nineteen joined #salt
14:11 shiriru left #salt
14:11 mpanetta joined #salt
14:13 colttt joined #salt
14:16 keltim joined #salt
14:16 nineteen joined #salt
14:20 dariusjs joined #salt
14:21 scoates_ joined #salt
14:21 John_Kang joined #salt
14:23 ronnix_ joined #salt
14:27 nineteen joined #salt
14:30 psy0rz_ is it posible to store arbitrary key/value data in the salt mine?
14:30 psy0rz_ and how
14:31 Sketch can't you store anything that's in a grain?
14:31 psy0rz_ what do you mean
14:31 Sketch i haven't actually used it, but i thought it stored grains
14:32 psy0rz_ hmm
14:32 Sketch so...if you put whatever data you want to store into grains, you can probably store arbitrary data there
14:32 psy0rz_ i want to be able to specify a list of excludes for our backup system. and i want to be able to do it in the pillar sls file of each server, and then let the backup server gather a list of all excludes
14:32 psy0rz_ ah k
14:34 shawnbutts joined #salt
14:34 czchen joined #salt
14:34 gtmanfred you could use pillars to do that, and you can query a minions pillars using the salt runner, instead of using the mine
14:35 gtmanfred unless you need it available to other minions, then you could just drop a mine function that reports the minions pillars to the mine
14:35 nineteen joined #salt
14:38 ronnix joined #salt
14:40 nidr0x joined #salt
14:41 psy0rz_ THE salt runner?
14:41 ronnix__ joined #salt
14:42 psy0rz_ how would a mine function that reports pillar data look?
14:43 psy0rz_ i've read  the mine-documentation a few times but i dont understand where those mine_functions come from
14:45 cscf left #salt
14:45 gtmanfred mine_functions are just execution modules
14:46 psy0rz_ ahh k
14:46 gtmanfred and then it saves the data output from the execution module
14:46 gtmanfred so just ... pillar.get 'thing'
14:46 gtmanfred mine_functions:
14:46 gtmanfred - pillar.get:
14:46 gtmanfred - arg:
14:46 gtmanfred - thing
14:46 gtmanfred something like that
14:46 psy0rz_ ohhhhhh
14:46 gtmanfred i forget the mine function stuff
14:46 psy0rz_ ah
14:46 nineteen joined #salt
14:46 gtmanfred so that one probably doesn't work, but you get the idea
14:46 psy0rz_ indeed
14:47 psy0rz_ i think i can manage from here :)
14:47 psy0rz_ thx so far
14:47 m4rk0 gtmanfred, I don't know if you saw it yesterday, but I tried "mysql" as returner on Salt Master and I get this message: [DEBUG   ] Could not LazyLoad mysql.get_load
14:47 gtmanfred alternatively, if you just need the pillars on the master, in order to get stuff, https://docs.saltstack.com/en/latest/ref/runners/all/salt.runners.pillar.html#salt.runners.pillar.show_pillar you could do a show pillar and then get the data you need from that dift
14:47 Reverend joined #salt
14:47 gtmanfred dict*
14:48 Reverend have i ever told anyone how much I hate windows
14:48 Reverend also - hi everyone
14:48 psy0rz_ gtmanfred i think the confusing part is that you can use execution modules, as well as arbitrary names
14:48 gtmanfred m4rk0: did you install the required mysql python module, and also setup the mysql returner?
14:48 * xmj invites Reverend into the bsd world
14:48 Reverend haha
14:48 xmj Reverend: we have cookies, and beastie.
14:48 psy0rz_ and in an arbitrary name you then need to specify mine_function: again
14:48 gtmanfred psy0rz_: the arbitrary names are just ways to reference them when you do mine.get
14:49 psy0rz_ no i mean in the documentation example
14:49 gtmanfred think of it just as aliasing a specific execution call
14:49 lompik joined #salt
14:49 Reverend i would... but work. I'd love to run something *nix, but I need stable remote desktop for windows servers that I manage :(
14:49 psy0rz_ ah right
14:49 Reverend and various other proprietary tools for windows >_<
14:49 Reverend thank the sweet gods for cygwin though
14:49 gtmanfred mine_functions:
14:49 gtmanfred internal_ip_addrs:
14:49 gtmanfred mine_function: network.ip_addrs
14:49 gtmanfred cidr: 192.168.0.0/16
14:50 gtmanfred that is calling salt \* network.ip_addrs cidr=192.168.0.0/16
14:50 psy0rz_ yeah so internal_ip_addrs is arbitray right?
14:50 gtmanfred but when you want it from the mine, you do mine.get internal_ip_addrs
14:50 psy0rz_ in the same example:
14:51 psy0rz_ mine_functions:
14:51 psy0rz_ network.ip_addrs: [eth0]
14:51 gtmanfred then salt-call mine.get <minion> network.ip_addrs eth0
14:51 psy0rz_ in that case network.ip_addrs is an execution module right?
14:51 gtmanfred yes
14:51 gtmanfred it is always execution modules
14:51 psy0rz_ yeah so when it has a . its an execution module?
14:51 gtmanfred you just can alias them
14:52 gtmanfred if it doesn't have a mine_function argument in it, then the name has to be the execution module
14:52 psy0rz_ yeah, things without dots are aliases?
14:52 gtmanfred you can put dots in the alias
14:52 psy0rz_ ah right
14:52 jas02 joined #salt
14:52 gtmanfred but an alias has to have a mine_function: key
14:52 psy0rz_ so mine_function is kindof a hack :P
14:53 psy0rz_ e.g. there can never be an execution module that has an argument called mine_function
14:53 gtmanfred not really, it makes complicated execution modules aliased to something shorter
14:53 m4rk0 gtmanfred, awesome it works now, after "yum install MySQL-python -y" :)
14:53 psy0rz_ thanks anyway :)
14:54 troker joined #salt
14:54 gtmanfred it makes it shorter and easier to reference later in {{ salt.mine.get('openstack_ips }}
14:54 psy0rz_ yeah i know that now
14:54 gtmanfred :)
14:54 psy0rz_ i just got confused by the notation/syntax
14:54 gtmanfred yar
14:55 psy0rz_ the whole "everything is an execution module, unless the first argument is 'mine_function', the its suddenly an alias"
14:55 troker Hey all - I'm 100% new to Salt and I'm looking to do automated deployments of our product for dev/qa to a vSphere environment. I've done some cursory googling, but I'm wondering if anyone can point me to a vmware specific resource/guide/getting started info.
14:57 gtmanfred troker: https://docs.saltstack.com/en/latest/topics/cloud/vsphere.html
14:57 gtmanfred actually, you should use this one https://docs.saltstack.com/en/latest/topics/cloud/vmware.html
14:57 gtmanfred the vsphere driver is getting deprecated
14:57 nineteen joined #salt
14:58 troker gtmanfred, yea It looks like it links here -- https://docs.saltstack.com/en/latest/topics/cloud/vmware.html
14:58 troker Thanks so much!
14:58 gtmanfred there is also this one https://docs.saltstack.com/en/latest/topics/tutorials/esxi_proxy_minion.html
14:58 gtmanfred and check out the proxy minion
14:58 gtmanfred you can use that to configure and manage vsphere directly too
14:58 troker Oh wow, thats like
14:58 troker perfect
14:58 troker Currently were using all vmware templates
14:58 troker and it is...
14:58 troker painful
14:59 Rasathus_ joined #salt
15:00 cwright joined #salt
15:01 fusionx86 joined #salt
15:03 cwright Hi, I want to reload a service on config file change, but onlyif the config file validates.
15:03 cwright This is what I want to do:  https://gist.github.com/corywright/361896ab45ce6748a74f4c1e6973457f
15:03 Rasathus joined #salt
15:04 cwright But it seems the onlyif is ignored for service states.
15:04 cwright I've searched the github issues and saw this: https://github.com/saltstack/salt/issues/33427
15:04 saltstackbot [#33427][MERGED] 2015.8.8.2 :: service.running falsely reports Clean | Description of Issue/Question...
15:04 cwright I can use a cmd.run but would rather use a requisite like onlyif to keep things cleaner.
15:05 __number5__ joined #salt
15:05 cwright Is this possible?  I'm currently running 2016.3.3
15:05 nineteen joined #salt
15:08 _JZ_ joined #salt
15:10 gtmanfred that should work ...
15:10 flowstate joined #salt
15:10 gtmanfred cwright: can you break the haproxy config, and then run haproxy -f /etc/haproxy/haproxy.cfg -c
15:10 gtmanfred and check `echo $?`
15:10 gtmanfred and make sure it returns a non zero exit code?
15:11 noraatepernos joined #salt
15:12 abednarik joined #salt
15:13 ferbla joined #salt
15:13 ferbla joined #salt
15:13 cwright gtmanfred: sure, i'll do it again now just to confirm once more
15:14 pipps joined #salt
15:14 godber joined #salt
15:15 flowstate joined #salt
15:16 nineteen joined #salt
15:18 zirpu joined #salt
15:18 netcho_ joined #salt
15:19 cwright gtmanfred: you are right, it works. I was expecting it to fail the state, but I understand now its just skipping it.
15:20 gtmanfred yeah, if the -c doesn't return a non zero return code, we don't skip
15:20 gtmanfred if it prints something out on a success, you could do a grep on that
15:20 ivanjaros joined #salt
15:20 gtmanfred haproxy -f /etc/haproxy/haproxy.cfg -c | grep -q success
15:20 gtmanfred or whatever :)
15:20 gtmanfred and that would work
15:21 cwright yea, that is an option. or using the cmd.run state and require that, as suggested in the github issue i linked
15:21 khaije1 is there a way to cause a whole sls file to abort evaluation? I'd like to cause a file to fail to execute under certain circumstances.
15:21 cwright thanks gtmanfred
15:21 gtmanfred no problem
15:22 gtmanfred khaije1: if you have a state that needs to pass, i think you could do
15:22 gtmanfred - require_in:
15:22 gtmanfred sls: thing
15:22 gtmanfred and it would be required in all states in that sls fil
15:22 gtmanfred file*
15:23 heaje joined #salt
15:23 dariusjs joined #salt
15:23 edrocks joined #salt
15:24 khaije1 gtmanfred: not sure I understand but I'll read up on it and check back with questions
15:24 ronnix joined #salt
15:24 gtmanfred have you used require: before?
15:25 gtmanfred normally you would say that 'a specific state requires that this other state completes successfully, or it doesn't run'
15:26 q1x joined #salt
15:26 gtmanfred require_in says, this state is required by these other states, and if you say sls: instead of like the usual pkg:, it means everything in that sls file requires this state, and to bail if it fails
15:26 gtmanfred you could alternatively just fail the entire state run if you use failhard: True or --failhard
15:28 Ni3mm4nd joined #salt
15:28 nineteen joined #salt
15:32 sp0097 joined #salt
15:35 nineteen joined #salt
15:40 m4rk0 gtmanfred, now I receive this with mysql returner on salt master: [DEBUG   ] LazyLoaded mysql.get_load, [DEBUG   ] Generating new MySQL connection pool, [WARNING ] jid does not exist, [WARNING ] Returner unavailable:
15:41 keltim what solutions are people using to encrypt their pillar data? The gpg renderer is very attractive, but as far as I can tell makes "salt-call --local" completely useless as it only works on the master.
15:41 keltim which makes it not even an option to me
15:43 onlyanegg joined #salt
15:43 keltim of course anything else would require the minion have the private key which isn't great but at least --local would work ...
15:44 netcho_ trying to setup ec2-autorecator formula
15:44 netcho_ having trouble gtetting confirmation email
15:45 netcho_ salt-api is running
15:46 mohae_ joined #salt
15:49 sknebel joined #salt
15:50 nineteen joined #salt
15:53 jas02 joined #salt
15:53 netcho_ ec2-autoscale-reactor
15:53 netcho_ :D
15:59 sh123124213 joined #salt
15:59 GordonTX joined #salt
16:00 tiwula joined #salt
16:01 Rasathus_ joined #salt
16:05 nineteen joined #salt
16:05 avekrivoy joined #salt
16:06 netcho_ when i go to https://mysalt.mydomain.com:8080 i get welcome message
16:06 netcho_ sherrypy is up
16:06 netcho_ c*
16:06 impi joined #salt
16:07 rherna joined #salt
16:09 sp0097 left #salt
16:14 edrocks joined #salt
16:15 avekrivoy Hi, guys! I'm writing salt state for user management and need to get list of users from remote server with their home directories. Just can't figure how to do this. The reason I need this is to make for loop with ssh_auth.absent in it and check whether there left users key somewhere.  I think, user.list_users, user.getent can help me, but I'm not sure.  How can can I get iterable object from their output? Or maybe there is some better sol
16:15 avekrivoy ution? Sorry for my english. Thank you!
16:17 eseyman avekrivoy: can you get the remote server's /etc/passwd ?
16:17 avekrivoy yeah, sure.
16:18 onlyanegg joined #salt
16:19 Tanta getent passwd | while IFS=: read -r name password uid gid gecos home shell; do echo "$name's home directory is $home"; done
16:20 pipps joined #salt
16:21 sgo_ joined #salt
16:22 avekrivoy Tanta: so the only way is to run remote bash commands?
16:24 fyb3r joined #salt
16:24 abednarik joined #salt
16:26 Tanta um, how can I enumerate all the ways to solve a problem
16:26 whytewolf avekrivoy: something like {% for user in salt.user.getent() %}
16:28 nineteen joined #salt
16:29 raspado joined #salt
16:30 pipps joined #salt
16:35 nineteen joined #salt
16:37 shawnbutts how can i use MasterPillarUtil from inside a #!py pillar?
16:37 UtahDave joined #salt
16:40 avekrivoy whytewolf: hm, is the syntax correct? I've used {% for user, user_delete in salt['pillar.get']('users_revoked', {}).iteritems() %} construction to retrieve data from pillar. Do i need to take 'salt' in square brackets? Or perhaps you could point me to docs where it is explained. I'm new to salt and python, so syntax sometimes inexplicit for me
16:41 whytewolf avekrivoy: salt.module.function is just a short cut for salt['module.function'] I personally find it easier to read. but it is up to you
16:43 avekrivoy <whytewolf>:  thank you! and what type of data it returns? Is it a dictionary?
16:43 whytewolf yes it is a dict
16:44 avekrivoy great! gotta dive deeper in docs)
16:44 abednarik joined #salt
16:44 whytewolf well user.getent actually returns a list of dict
16:45 whytewolf but user in that example will just be the dicts
16:45 nineteen joined #salt
16:46 onlyanegg joined #salt
16:48 avekrivoy whytewolf: can i somehow get data structure? i mean something like this: salt 'minion-id' user.getent --raw-data.
16:49 UtahDave avekrivoy: salt 'minion-id' user.getent --json
16:49 UtahDave sorry, that's wrong
16:49 _KaszpiR_ joined #salt
16:49 UtahDave salt 'minion-id' user.getent --out json
16:49 whytewolf ^
16:49 avekrivoy thanks, guys!
16:52 Edgan joined #salt
16:53 GordonTX joined #salt
16:54 coval3nce joined #salt
16:55 coval3nce any salt-cloud gurus in the house?
16:55 GordonTX_ joined #salt
16:55 nineteen joined #salt
16:57 troker coval3nce, don't ask to ask
16:57 UtahDave coval3nce: what's your question?
16:58 coval3nce Welp, been using salt-cloud for about 1.5 to 2 years now, just hit a weird issue where bootstrapping via salt-cloud is very SLOW when performing a “yum install” task on a node.  Funny thing is, if i “ctrl-c” and hop on box to run the deploy script salt plops down, its super fast.
16:58 coval3nce Almost as if there is an issue streaming output of the deploy runs back up to the salt-cloud master node.
16:59 coval3nce The slowness can be observed via gathering metadata from a yum command.
17:00 coval3nce I’ll write up a Github issue real quick here.
17:00 UtahDave coval3nce: did you notice this change when upgrading?
17:04 Edgan coval3nce: I bake in salt-minion to my AMI, and use cloud-init to set the key via userdata
17:04 Edgan coval3nce: cloud-init also tries to install salt-minion, but it is already there
17:04 coval3nce @UtahDave not really, honestly it just “showed up” one day.  However, i think i was on 2015 before and now i am on 2016.
17:05 coval3nce @Edgan that would be cool if i was on AWS  ;)
17:05 west575 joined #salt
17:05 nineteen joined #salt
17:05 Edgan coval3nce: What are you on?
17:05 coval3nce Bare metal boxes
17:06 Edgan coval3nce: Do you have an image based install, or letting it run through a distro installer?
17:06 UtahDave coval3nce: Yeah, if you could open an issue and provide specific instructions on how to reproduce the issue, that would be awesome.
17:06 coval3nce Its some boxes for which i dont have control over the base isntall process unfortunately
17:07 Edgan coval3nce: :(
17:07 coval3nce @UtahDave writing it up down, ill send you a link here in a second.  Im hoping what i’m experiencing isn’t salt related, but htats the only variable that seems to be the issue.
17:07 Rasathus joined #salt
17:07 UtahDave coval3nce: It's possible. If it's a salt bug, we'd definitely like to get it fixed.
17:08 UtahDave coval3nce: https://github.com/saltstack/salt/issues/new
17:08 Edgan coval3nce: could it be the resolv.conf is in a "working but slow" configuration that gets updated later?
17:08 coval3nce @Edgan nah, cause i can immediately `ctrl-c` salt-cloud, ssh to box, and run the deploy script it throws down in `/tmp/.salt-cloud-xxxx` and it runs fast as hell
17:09 Dishcan joined #salt
17:10 KingOfFools Sup guys. Im generating ton of file.managed states in state file with jinja for loop. Are there any simple way to remove previously generated files which was not regenerated this time?
17:11 KingOfFools I'm thinking about reading directory and comparing with config for current generating process, but not sure.
17:12 Edgan KingOfFools: You mean file.recurse?
17:12 ponyofdeath hi guys, what is the best way to get salt minion to run periodically with a splay interval?
17:13 Edgan ponyofdeath: cron job on the master with -b X to enable the max number of minions run at once, batch.
17:13 UtahDave ponyofdeath: also, Salt's scheduler can do that as well:  https://docs.saltstack.com/en/latest/ref/states/all/salt.states.schedule.html
17:13 KingOfFools Edgan: file.recurse is for existing directory right? I mean i have to have directory somewhere which i recursively copy to minion. I have one template file and I generate ton of states where I use that template and populate him with different data.
17:13 Edgan ponyofdeath: If you are using theforeman plugin, it is incompatible with the salt scheduler.
17:14 KingOfFools it*
17:14 Edgan KingOfFools: you could just symlink it in the files directory, but warning, I have learned gitfs doesn't do symlinks
17:15 KingOfFools Edgan: meh, yea I'm using gitfs :)
17:15 nineteen joined #salt
17:16 Edgan KingOfFools: You are probably already doing this, but I would make a list in the map.jinja and then loop over it with a for loop
17:16 ponyofdeath Edgan, UtahDave thanks
17:19 shawnbutts how can i securely share a custom grain with other nodes that need it but not all nodes?
17:19 Edgan shawnbutts: why grain and not pillar?
17:19 impi joined #salt
17:20 KingOfFools Edgan: well, I have data in mysql, so I gathering it in pillar, then I fetch it in state from pillar and generate file.managed states with for loop. I guess i will just read filenames from that directory afterwards, compare names with pillar config and remove unwanted ones.
17:20 Edgan KingOfFools: You are trying to hyper-optimize it? So you don't even check if it changed if you know it hasn't?
17:20 shawnbutts i'm trying to do it with a pillar.  it's grain on node1 that is needed on node2.  like an autogened cluster key.
17:23 jenastar joined #salt
17:23 KingOfFools Edgan: no. I have different config in pillar every time. Some files change, some new files come, some shouldn't be there anymore.
17:23 KingOfFools Edgan: some (most of them) are not changing for a long time
17:25 copelco joined #salt
17:26 Edgan KingOfFools: Can you write up a clearer description of what you are doing? I don't have a clear definition of the problem.
17:27 DammitJim you guys are probably going to think I'm the most disorganized person in the world
17:27 DammitJim but I am having  a hard time with pillar data
17:27 coval3nce @UtahDave https://github.com/saltstack/salt/issues/37013
17:27 saltstackbot The API says this is an invalid issue. Please report this if you know it's a correct link!
17:27 DammitJim you see, I am creating new servers and they are similar in structure to others that I have put in place
17:27 DammitJim but every time I salt the servers, it seems I am missing pillar information
17:27 Edgan shawnbutts: I think you might be fine with the salt mine. The minion reports the data to the master, and the sls has to be written to feed it to other minions. So it should be secure as long as you trust your sls writers.
17:28 DammitJim how do you guys go about knowing what pillar data you need to supply for a new machine to run highstate and be done?
17:28 coval3nce @UtahDave hopefully there is enough info there?
17:28 Edgan DammitJim: There is a bug in the latest version, but you can enforce it with test.pillar.
17:28 Edgan DammitJim: I was having the same problem, and started trying to use test.pillar everwhere
17:29 DammitJim oh really? Oh man, but I am ages behind in my version of salt :(
17:29 Edgan DammitJim: I am not sure when test.pillar was added, but I am saying even the latest version of it is bugged.
17:29 Edgan DammitJim: I am running a patched version of 2016.3.3
17:29 DammitJim so, I guess one just configures as much as one thinks one needs according to the states in the top file
17:30 DammitJim and it's a Hail Mary until one sees an error?
17:32 Edgan DammitJim: test.pillar plus test=true  might be what you want
17:32 edrocks joined #salt
17:32 DammitJim Edgan, test=True is always on my mind :D
17:33 DammitJim but even then it doesn't know if I'm missing pillar data sometimes
17:33 Edgan DammitJim: hence test.pillar
17:33 DammitJim right!
17:33 DammitJim thanks Edgan
17:33 DammitJim anyone else want to share how they deal with setting up new servers?
17:33 DammitJim Don't get me wrong. Salt has helped a ton, but this step is the one where I'd like to streamline things
17:34 Edgan DammitJim: let me find the test.pillar issue for you
17:34 DammitJim don't worry about it... I'm on 2015
17:35 nineteen joined #salt
17:35 Edgan DammitJim: But I am not sure how far back the bug goes
17:35 Edgan DammitJim: hence the warning
17:36 sh123124213 joined #salt
17:37 Edgan DammitJim: https://github.com/saltstack/salt/issues?q=is%3Aissue+check_pillar+is%3Aclosed
17:37 Edgan DammitJim: it is actually test.check_pillar
17:37 Edgan DammitJim: and let me give you a highly optimized setup for it
17:37 coval3nce OH one thing to note @Edgan and @UtahDave: I run salt-cloud from a different box than the salt-masters.
17:38 pipps joined #salt
17:39 sh123124_ joined #salt
17:39 MTecknology Does the salt fileserver use the same port used for pulling files to a minion? I'm seeing everything work fine except for pulling files from the master, that always produces a timeout.
17:40 abednarik joined #salt
17:40 MTecknology http://dpaste.com/1FACSZ2
17:41 MTecknology This /has/ worked in the past and we're dealing with high latency, but this is a *very* tiny file and things had been working fine. :S
17:41 Edgan DammitJim: https://paste.fedoraproject.org/450230/46687714/
17:42 Edgan MTecknology: ARe 4505 and 4506 open?
17:44 MTecknology They sure as crap should be; should be enough that I haven't bothered verifying. Will do that now.
17:44 MTecknology now ~= 5 minutes, after nmap is downloaded.
17:45 nineteen joined #salt
17:46 PerilousApricot joined #salt
17:47 Edgan MTecknology: 4505 is the publish port used to send out the commands to minions, 4506 is used by all bi-directional communication
17:47 MTecknology Edgan: yup, I can telnet to both ports and get the zmq symbol
17:48 Edgan MTecknology: My salt master works fine, and only has those two
17:48 MTecknology Edgan: right, a firewall likely isn't my issue
17:50 MTecknology Right now, I'm trying to purge cache, rm -rf cache/files/*, saltutil.syncall, and then will try a highstate with test=True
17:51 pipps joined #salt
17:51 mpanetta joined #salt
17:54 MTecknology salt-call saltutil.sync_all fails with the same message timeouts
17:55 Edgan MTecknology: version, and does it timeout on the salt master?
17:55 MTecknology 2016.3.3 on both; not understanding the second question
17:56 MTecknology (still early morning, no caffeine, and a very rough time waking up
17:56 MTecknology )
17:56 Aleks3Y joined #salt
17:56 Edgan MTecknology: salt `hostname -f` state.highstate
17:56 MTecknology OH!
17:57 MTecknology nah, it's only this one minion having issues
17:57 nineteen joined #salt
17:57 Edgan MTecknology: What distro is it?
17:57 MTecknology ubuntu 16.04 on the master and 14.04 on the minion
17:58 q1x joined #salt
17:59 MTecknology there's about 100 minions connected to this master; none have any issues except this one minion, and it's not the only high-latency box either.
17:59 Edgan MTecknology: dpkg -V salt-minion
17:59 Edgan MTecknology: dpkg -V salt-common
18:00 Kevin joined #salt
18:01 MTecknology What am I looking for?
18:02 MTecknology err, sorry
18:03 Edgan MTecknology: Any output other than /etc/salt/minion
18:03 MTecknology Edgan: ya, those check out. Only the config files are different (since I'm apparently the only person that demands using .d/)
18:04 coval3nce Is there a way to turn off streaming back of salt-cloud deploy script?
18:05 coval3nce tried turning `tty` to off but it never actually launches the scriipt if i do that
18:05 nineteen joined #salt
18:06 MTecknology salt-minion -l trace w/ 100 active hosts isn't gonna be fun.
18:06 MTecknology I'm just gonna leave this for a while while things settle down. :(
18:07 Edgan MTecknology: Compare the output of this on a Trusty machine that works and one that doesn't
18:07 Edgan MTecknology: dpkg -l | awk '{ print $2" "$3 }' | egrep 'bsdmainutils|dctrl-tools|debconf-utils|dmidecode|file-rc|init-system-helpers|^python |python:any|python-augeas|python-crypto|python-zmq|salt-common|sysv-rc'
18:07 s_kunk joined #salt
18:07 s_kunk joined #salt
18:07 Edgan MTecknology: These are the salt dependencies
18:08 Edgan MTecknology: probably also wouldn't hear to dpkg -V them too. If someone did a pip install to update one of the python modules, it could break salt
18:09 MTecknology Edgan: ya... I don't think that's what's going on
18:09 Edgan MTecknology: Or you could do it the new(dumb) way, just rebuild the box from scratch
18:10 * MTecknology blinks
18:10 Edgan MTecknology: Personally I like to know root causes
18:10 Edgan MTecknology: it is how you learn
18:12 MTecknology ya... so back to realistic attempts to resolve this.
18:13 Edgan MTecknology: What is the load on the salt master?
18:13 MTecknology 1.07
18:13 Edgan How many cores?
18:13 MTecknology no more rabbit trails!
18:13 MTecknology 16
18:14 MTecknology The master is fine
18:14 Edgan Are the salt minion and master on different continents?
18:14 Edgan MTecknology: any packet loss on the minion?
18:14 MTecknology nope, but some other high latency devices are on other continents
18:15 Edgan MTecknology: I operate in AWS, and I do a salt master per region
18:15 MTecknology mifi
18:15 Edgan MTecknology: I had jenkins master issues because the instance had high packet loss
18:15 Edgan MTecknology: This minion is on the other side of a mifi?
18:16 MTecknology yup
18:16 Edgan MTecknology: hahaha, well that falls under all bets are off
18:16 Rubin using the git ext_pillar .. how do i make it update from git? it seems that it isnt except when master restarts
18:16 MTecknology Edgan: no, it doesn't
18:16 rdas joined #salt
18:16 Edgan MTecknology: High latency, and who knows what port blocking, bandwidth shaping, etc they are doing
18:16 MTecknology as I said... this isn't the only device. There are many of them working fine in the same setup with worse latency
18:17 MTecknology Edgan: we know EXACTLY what they're doing.
18:17 MTecknology I honestly feel like I'm just being trolled right now and I'm gonna walk away for a bit.
18:18 Edgan MTecknology: Salt is designed to work across a LAN
18:18 Edgan MTecknology: That can include across VPN connections. You mix in mobile or WAN, and I would expect to find bugs.
18:24 onlyanegg joined #salt
18:25 Nebraskka joined #salt
18:25 sh123124213 joined #salt
18:25 vifon joined #salt
18:25 nineteen joined #salt
18:29 Rumbles joined #salt
18:30 Bryson joined #salt
18:33 abednarik joined #salt
18:40 ponyofdeath hi, is it possible to track a file change with the service in one state file for a file being changed in another state?
18:41 Trauma_ joined #salt
18:41 fer_bla joined #salt
18:41 hoonetorg joined #salt
18:42 onlyanegg joined #salt
18:42 whytewolf ponyofdeath: huh
18:42 ponyofdeath whytewolf: basically i want to enable and start a service from my state file but the config file is managed from another state file
18:43 abele_ joined #salt
18:43 ponyofdeath so i am using the openvpn formula which manages the configs but i want to make sure the services are enabled so i have my custom state file that does that
18:43 DarkKnightCZ joined #salt
18:43 writtenoff joined #salt
18:43 DarkKnightCZ joined #salt
18:43 imanc_ joined #salt
18:43 munhitsu__ joined #salt
18:44 kutenai_ joined #salt
18:44 whytewolf ohh, yes it is possable. but if the openvpn formula isn't handaling the state it sounds like a poor excuse for a formula
18:44 bbhoss_ joined #salt
18:44 keltim ponyofdeath, of course you could use "watch_in:"
18:44 whytewolf s/state/service
18:45 nineteen joined #salt
18:45 Antiarc_ joined #salt
18:45 MTecknology ponyofdeath: service.running w/ -watch state
18:45 sknebel_ joined #salt
18:45 simonmcc_ joined #salt
18:45 mohae joined #salt
18:45 djinni`_ joined #salt
18:45 leev_ joined #salt
18:45 ponyofdeath so i just put in teh openvpn formula and any time that changes it will restart
18:45 ToeSnacks_ joined #salt
18:45 d3c4f_ joined #salt
18:45 darix- joined #salt
18:45 mattl_ joined #salt
18:45 smakar_ joined #salt
18:45 binocvla1 joined #salt
18:45 mrud_ joined #salt
18:45 MTecknology I don't know what's in your "formula" a formula is just a collection of states
18:46 psy0rz joined #salt
18:46 MTecknology (and files)
18:46 chamunks- joined #salt
18:46 Heartsbane_ joined #salt
18:46 MTecknology (and logic)
18:46 ixxs joined #salt
18:46 lovecraftian_ joined #salt
18:46 lovecraftian_ joined #salt
18:46 ponyofdeath yes, sorry it would be openvpn.init
18:46 froztbyt1 joined #salt
18:46 sknebel_ joined #salt
18:46 hlub_ joined #salt
18:46 MTecknology ponyofdeath: again... I do not know what's in that
18:46 esharpmajor_ joined #salt
18:46 MTecknology !requisites
18:46 keltim MTecknology, I'm pretty sure he's reffering to the official saltstack/openvpn formula
18:46 whytewolf ponyofdeath: look in openvpn.config.sls for examples of watch_in
18:47 whytewolf btw. the openvpn module does look to do what you are trying to do already
18:47 ponyofdeath not with systemd
18:48 whytewolf strange... service works with systemd for me with systems that support it
18:48 copelco_ joined #salt
18:48 ponyofdeath with different configs?
18:48 ponyofdeath i have two configs
18:48 ponyofdeath so it needs to be openvpn@config-name.service
18:48 whytewolf you have 2 configs extra beyond the ones in the formula?
18:48 rdrake joined #salt
18:49 garthk_ joined #salt
18:50 AndreasLutro` joined #salt
18:50 CustosLim3n joined #salt
18:50 coldbrewedbrew joined #salt
18:50 coldbrewedbrew joined #salt
18:50 gnord_ joined #salt
18:50 jor_ joined #salt
18:51 toabi_ joined #salt
18:51 troker netsplit?
18:51 garphyx joined #salt
18:52 TomJepp joined #salt
18:52 whytewolf interesting so you have extra services.... that you want to start.... well. you can use watch with other states in other files.... can even watch an entire sls with watch: sls openvpn.config
18:52 Mate joined #salt
18:52 Mate joined #salt
18:52 AbyssOne joined #salt
18:52 stooj joined #salt
18:52 tbrb joined #salt
18:52 smcquay joined #salt
18:52 whytewolf watching states in other files requires you to include the state file that you want to watch
18:52 whytewolf troker: yes it was a netsplit
18:52 sknebel joined #salt
18:53 whitenoise joined #salt
18:54 manji joined #salt
18:54 DarkKnightCZ joined #salt
18:54 ALLmightySPIFF joined #salt
18:55 nineteen joined #salt
18:55 CampusD joined #salt
18:55 darix joined #salt
18:55 twodayslate joined #salt
18:56 Kevin joined #salt
18:56 knikolov joined #salt
18:56 jesusaur joined #salt
18:57 rherna joined #salt
18:57 shalkie joined #salt
18:57 mk-fg joined #salt
18:58 g3cko joined #salt
18:58 peters-tx joined #salt
18:59 futuredale joined #salt
18:59 ToeSnacks_ joined #salt
18:59 beakerman quick question what is the right way to do a{% set users_groups = salt['user.list_groups'](user) %} where user was set in the line above{% for user in adminusers %}
18:59 lkannan joined #salt
19:00 abednarik joined #salt
19:00 tmkerr joined #salt
19:01 beakerman keep getting  failed: Jinja error: 'bool' object has no attribute '__getitem__'
19:02 xenoxaos joined #salt
19:02 whytewolf so adminusers is passing either True or False into user instead of a username
19:03 Awesomecase joined #salt
19:03 mihait joined #salt
19:04 _dev joined #salt
19:05 nineteen joined #salt
19:10 Armadillo joined #salt
19:10 manji joined #salt
19:11 beakerman so adminuser is done with {%set adminusers = ['domain\user','domain\user2'] %}
19:12 beakerman essentially I'm adding a list of users to a group on windows
19:12 DammitJim whytewolf, did you hear about my challenges with pillar and new servers?
19:14 lilvim joined #salt
19:14 whytewolf DammitJim: not really. not sure i can be of help though
19:17 M-liberdiko joined #salt
19:18 nineteen joined #salt
19:19 noraatepernos joined #salt
19:21 pipps joined #salt
19:24 nineteen joined #salt
19:26 Edgan joined #salt
19:26 sgo_ joined #salt
19:28 joshin joined #salt
19:28 joshin joined #salt
19:29 beakerman It helps if I read the top of the document
19:29 beakerman it only works on local accounts not domain accounts :)
19:30 saltstackbot joined #salt
19:30 monrad_ joined #salt
19:30 wiqd joined #salt
19:30 skrobul joined #salt
19:30 McNinja joined #salt
19:30 imanc joined #salt
19:30 g3cko joined #salt
19:30 bmcorser joined #salt
19:30 pipps joined #salt
19:32 cyborg-one joined #salt
19:35 nineteen joined #salt
19:42 pipps joined #salt
19:45 nineteen joined #salt
19:45 Kevin joined #salt
19:45 mrud joined #salt
19:46 yidhra joined #salt
19:46 PerilousApricot joined #salt
19:48 _dev Does anyone know anything about this bug? https://github.com/saltstack/salt/issues/23576
19:48 saltstackbot [#23576][OPEN] Cannot use gitfs with salt-ssh | Related thread in salt user mailing list....
19:48 _dev I'm actually hitting it right now with salt-ssh, and Ive tried ubuntu and centos, and pygit2, dulwich, and gitpython
19:49 _dev it just doesnt seem to check out subdirectories of the formula's repository, just only the top-level .sls files
19:49 _dev the very last comment from simonclausen reflects exactly what im seeing
19:50 _dev and with basepi having left saltstack, and it being in his list, it looks like i might just be screwed.
19:50 Edgan _dev: My experience is gitfs and salt-ssh don't work together
19:50 Nahual They don't work well together.
19:50 sgo_ joined #salt
19:50 _dev lovely, is there any other way that i can pull down formulas from github then, other than just relying on git-submodule or git-tree?
19:50 Nahual That should be addressed in the next 2016.3.4 release though.
19:51 _dev oh really? :)
19:51 Nahual Well, I've been working on something similar with salt-ssh and gitfs and my two bugs are supposedly fixed in 2016.3.4.
19:51 Edgan I am looking forward to 2016.11.0, so many patches over 2016.3.x.
19:52 cmarzullo hmmmm ceph
19:52 Edgan I don't run into bugs of differences between gitfs for master mode and filesystem for salt-ssh
19:52 _dev hm, okay. i can probably try grabbing the v2016.11 tag then
19:52 _dev and see if it fixes it
19:53 Edgan Nahual: Any knowledge on pygit2, salt, and symlinks?
19:53 Nahual What knowledge are you looking for?
19:54 Edgan Nahual: with gitfs, symlinks don't seem to work
19:54 catpig joined #salt
19:55 Nahual Weird. I have a repository I pull from that drops files directly onto the F/S, our utility scripts essentially, those are all symlinks.
19:55 nineteen joined #salt
19:55 Edgan Nahual: I will try it again.
19:57 Nahual Looks something like scripts/script_dir/script.sh deploy/script.sh -> scripts/script_dir/script.sh and then that root is deploy.
19:57 tmclaugh[work] joined #salt
19:58 edrocks joined #salt
20:00 noraatepernos joined #salt
20:01 PerilousApricot joined #salt
20:01 Rumbles joined #salt
20:01 _JZ_ joined #salt
20:02 _dev yep, with 2016.11.0rc1, im still running into the issue where its not copying over sls files within subdirectories
20:02 Perilous_ joined #salt
20:03 Edgan _dev: there are known issues. hopefully rc2 is better and soon
20:06 nineteen joined #salt
20:07 Llmiseyhaa joined #salt
20:12 c4rc4s joined #salt
20:13 lero joined #salt
20:15 nineteen joined #salt
20:16 jhauser joined #salt
20:19 MTecknology The syndic process uses the same pub/sub ports, doesn't it?
20:25 nineteen joined #salt
20:26 MTecknology ya.. has to
20:26 noraatepernos joined #salt
20:26 mike25de yeah
20:27 MTecknology this is likely the weirdest salt issue I've ever seen.
20:30 noraatepernos joined #salt
20:31 mike25de MTecknology: can you reproduce it with another minion?
20:32 noraatepernos joined #salt
20:32 mike25de when shit hits the fan.. I usually redeploy stuff... from scratch.
20:34 nineteen joined #salt
20:37 MTecknology .... dangit
20:37 subsignal joined #salt
20:38 pipps joined #salt
20:40 Edgan mike25de: I suggested that earlier. Root causes are good to known though.
20:41 MTecknology there was a leftover/wedged salt-master process that had no parent and....
20:41 MTecknology .... dangit
20:41 Edgan haha
20:43 MTecknology man, that was peculiar
20:46 mike25de lol MTecknology ... that was weird :)
20:46 mike25de I had that with salt-minion background process....
20:47 nineteen joined #salt
20:48 PerilousApricot joined #salt
20:48 freelock[m] joined #salt
20:50 flowstate joined #salt
20:50 sh123124213 joined #salt
20:52 sh123124213 hi, what would I do if some of the minions are in a dmz where outgoing connections are not allowed but only incoming ? :)
20:56 Edgan sh123124213: outside the dmz, or outgoing period?
20:56 pjy joined #salt
20:56 sh123124213 outgoing outside the dmz
20:56 krymzon joined #salt
20:57 Edgan sh123124213: salt master in the dmz, and then syndic it to the outside salt master if it is just those few minions
20:57 noraatepernos joined #salt
20:59 sh123124213 the syndic would be outside the dmz ?
20:59 Edgan sh123124213: or don't use a salt master and switch to salt-ssh, then you don't need persistent outgoing connections
20:59 knikolov joined #salt
20:59 nineteen joined #salt
20:59 sh123124213 ssh I thought and would be the optimal solution but still not the perfect one
21:00 sh123124213 I haven't used proxy
21:00 Edgan sh123124213: syndic is a hierarchy of salt masters, so the outside one could be the parent of the inside the dmz one, if you wanted that. Or they could be separate.
21:00 sh123124213 or dunno if it can do something similar
21:01 sh123124213 but minions connect to the syndic as they do to the master. Dunno how that would solve anything
21:02 sh123124213 maybe I'm not understanding what do you mean
21:03 Edgan sh123124213: they connect to their master, but a parent master can direct them indirectly
21:03 Edgan master outside -> master inside -> minion inside
21:04 Edgan ssh or api to master outside and execute something on minion inside through master inside
21:05 sh123124213 why would you need an api to the master outside ? I was thinking maybe api to the inside master/syndic
21:06 sh123124213 and just do http calls to that api
21:06 Edgan sh123124213: I am just saying ways it could be done. The idea of a syndic is you have one master of masters and then sub-masters. Then you can control it all through one without thinking about which hostname to connect to
21:07 amontalb1n joined #salt
21:07 Edgan sh123124213: then you can salt '*' test.ping and it all minions on all masters
21:07 sh123124213 but I don't understand how the syndic(master) inside would connect to the outside master
21:07 sh123124213 since it requires outgoing connectivity
21:07 sh123124213 at least thats what I know
21:08 Edgan sh123124213: is the dmz rule all dmz hosts can't have outgoing connections, or is it just a few minions in the dmz?
21:08 sh123124213 all minions
21:08 sh123124213 nothing goes outside
21:09 Edgan sh123124213: technically a master isn't a minion, but I think you mean all boxes
21:09 Edgan sh123124213: I mentioned this caveat above
21:09 Edgan sh123124213: so you want a master in the dmz, and no syndic
21:10 Edgan sh123124213: and heavily lock down the dmz master
21:10 sh123124213 so that master cannot have another master on top
21:10 sh123124213 right ?
21:10 sh123124213 or it would be called a syndic
21:10 Edgan sh123124213: not under your rules of no outside connections from the dmz, if the master of masters is outside
21:11 sh123124213 it is
21:11 noraatepernos joined #salt
21:11 Edgan You could run multiple masters in the dmz and syndic them together
21:11 sh123124213 so the only solutions I have is api to the master inside or ssh from the outside master to the inside one
21:12 Edgan sh123124213: you can ssh from anywhere, doesn't have to be the outside master
21:13 Edgan sh123124213: and is your rule no persistent connections to outside the dmz? Otherwise how can you do anything to the dmz.
21:13 HarvesterofBeer joined #salt
21:13 noraatepernos joined #salt
21:14 HarvesterofBeer Hello. I need help debugging a salt minion issue. A host has the minion installed. The master hostname is properly set in the minion config file and DNS works. When I start the minion, I get this in the log:
21:14 nineteen joined #salt
21:15 HarvesterofBeer [DEBUG   ] Initializing new AsyncZeroMQReqChannel for ('/etc/salt/pki/minion', 'production-eu-central-1-ospf-1a', 'tcp://127.0.0.1:4506', 'clear')
21:15 HarvesterofBeer It seems like it is not using the master address for some reason and defaulting to 127.0.0.1
21:15 HarvesterofBeer any ideas?
21:15 sh123124213 grep -irn 127.0.0.1 /etc/salt
21:15 HarvesterofBeer I've tried removing the cache and pki directories
21:16 Edgan HarvesterofBeer: show us the /etc/salt/minion, and /etc/salt/minion.d/*. Also /etc/hosts entries?
21:18 Edgan HarvesterofBeer: also nslookup salt-master and ping salt-master may give different results. There is /etc/hosts, mdns, and other things that can get in the middle.
21:19 aarontc joined #salt
21:19 d3c4f joined #salt
21:20 HarvesterofBeer @Edgan thanks. The only things in the minion file which are different that that installed by the bootstrap script are the "master: 172.25.33.145" line and the hash_type: sha256 line
21:20 HarvesterofBeer minion.d is empty
21:21 HarvesterofBeer there shouldn't be any DNS lookup at this point, right?
21:21 sh123124213 right
21:21 Edgan HarvesterofBeer: yes
21:21 Edgan HarvesterofBeer: make sure when you stop the minion it fully stops, no processes, and then start it
21:21 HarvesterofBeer k
21:22 Edgan HarvesterofBeer: MTecknology was just having a extra salt master process problem
21:22 HarvesterofBeer ah. ps -ef shows no salt processes running
21:22 Joe630 left #salt
21:23 noraatepernos joined #salt
21:23 HarvesterofBeer anything I should delete aside from the /var/cache/salt and pki dirs to reset things?
21:23 Edgan HarvesterofBeer: you could also stop the salt-minion, and manually run it with salt-minion -l debug or  -l trace
21:23 Edgan HarvesterofBeer: doubt it is a cache problem
21:24 flowstate joined #salt
21:24 nineteen joined #salt
21:24 HarvesterofBeer yeah, that's how I found the 127.0.0.1 problem. I can post the output of the debug process. Would a gist be best?
21:25 Edgan HarvesterofBeer: still having the same issue?
21:25 HarvesterofBeer yep
21:25 Edgan HarvesterofBeer: Just random thought, nslookup salt says?
21:26 HarvesterofBeer 172.18.162.2
21:26 HarvesterofBeer different salt master
21:26 Edgan HarvesterofBeer: yeah, just making sure it isn't 127.0.0.1, since salt is the default when master: isn't set
21:27 HarvesterofBeer ayup
21:27 Edgan HarvesterofBeer: no interesting iptables rules on this machine that could be redirecting 172.25.33.145 to 127.0.0.1?
21:27 HarvesterofBeer master is set. I've tried both by explicit IP and FQDN (which does resolve properly via ping and nslookup and is not in /etc/hosts)
21:28 Edgan HarvesterofBeer: Does 172.25.33.145 4505 work?
21:28 HarvesterofBeer explicitly setting the port number in the master line of the minion config file?
21:29 Edgan HarvesterofBeer: I meant telnet 172.25.33.145 4505
21:29 Edgan HarvesterofBeer: from the minion
21:29 HarvesterofBeer yeah both 4505 and 4506 work from minion --> salt master
21:29 Edgan ok
21:30 HarvesterofBeer it seems for some reason the minion is not properly getting the master address from the config
21:30 Edgan HarvesterofBeer: or something is overriding it
21:30 Edgan HarvesterofBeer: maybe try  strace -f salt-minion 2>&1 | grep /   See what files it is reading
21:31 HarvesterofBeer https://gist.github.com/peterloron/e00ea5213ea60f71e60f12cbdda0b6ad
21:31 HarvesterofBeer ^ gist of the debug output
21:32 hemebond Have you accepted the key?
21:32 hemebond Have you tried deleting and recreating the key?
21:33 HarvesterofBeer @hemebond it never gets far enough to send the key to the master
21:33 Edgan hemebond: it is connecting to itself, not the master
21:33 hemebond Is it talking to itself?
21:33 Edgan HarvesterofBeer: I still want to see the /etc/salt/minion to make sure there is nothing weird. Also what version of salt is this?
21:34 Edgan HarvesterofBeer: directly confirm the version, salt-minion --versions-report
21:34 nineteen joined #salt
21:35 Edgan hemebond: yes, instead of connecting to the ip of the salt master it is trying to connect to 127.0.0.1:4506
21:35 hemebond Where's the gist of the minion config?
21:35 Edgan hemebond: he hasn't provided it, but said he is setting master: ip-of-salt-master-here
21:35 hemebond Also hosts file might have something.
21:36 Edgan hemebond: already brought that up, and it is by ip not name
21:37 Edgan HarvesterofBeer: I ask version, because every so often something goes wrong I and I end up with salt 0.17 from the distro repo
21:38 noraatepernos joined #salt
21:38 HarvesterofBeer Here is the /etc/salt/minion file
21:38 HarvesterofBeer https://gist.github.com/peterloron/209a1b6f79ee6a24f1e7f48cab09b287
21:39 HarvesterofBeer salt version is 216.3.2 (Boron)
21:39 HarvesterofBeer 2016.3.2
21:39 subsignal joined #salt
21:40 hemebond Minion config is bascially the default.
21:40 HarvesterofBeer @hemebond ayup
21:40 hemebond Do minions normally have file_roots defined?
21:41 Edgan HarvesterofBeer: file_client: local
21:41 Edgan HarvesterofBeer: that is weird
21:41 hemebond ah
21:41 hemebond I missed that.
21:42 hemebond That means masterkless, no?
21:42 HarvesterofBeer ???
21:42 hemebond "Setting a local file_client runs the minion in masterless mode"
21:42 HarvesterofBeer wow
21:42 hemebond Nice catch Edgan
21:42 HarvesterofBeer no idea how that got there!
21:42 HarvesterofBeer thanks!
21:43 HarvesterofBeer I would have sworn on anything that this was (other than the master and hash) a completely stock file
21:43 onlyanegg joined #salt
21:43 Edgan HarvesterofBeer: this is why I don't like comments in my config files managed by salt
21:43 Edgan HarvesterofBeer: egrep -v '^\#|^$' /etc/salt/minion
21:44 pipps joined #salt
21:44 Edgan HarvesterofBeer: especially super verbose default ones
21:44 * MTecknology doesn't manage /etc/salt/minion
21:44 nineteen joined #salt
21:44 Edgan MTecknology: how do you add salt mine stuff?
21:44 * MTecknology strongly demands the use of .d/ directories when they're available
21:45 Edgan MTecknology: .d is a pre-salt solution for packages, I think salt managed config files should actually avoid it whenever possible
21:45 MTecknology Edgan: heh?
21:46 MTecknology no
21:46 pipps joined #salt
21:47 Edgan MTecknology: The only exception I have run into is nginx where I needed multiple services running through nginx on the same instance
21:47 MTecknology Edgan: that's like saying you should use salt to manage /etc/nginx/nginx.conf; and that's a file that's best left to .... heh
21:47 MTecknology ya, I see no difference between nginx and anything else
21:47 lero joined #salt
21:47 HarvesterofBeer @Edgan @hemebond Thanks for your help. That local setting was the key.
21:47 Edgan MTecknology: Depends on how many formulas will touch the configuration. In the case of nginx.conf it could be multiple. In the case of salt minion, it should only be the salt minion formula
21:48 MTecknology and... we run down a rabbit trail where I disagree with everything you'll follow that up with.
21:48 MTecknology (including that statement itself)
21:49 Edgan MTecknology: But can you back up your disagreement, or just disagree?
21:49 MTecknology I can, but it's just not worth my time.
21:49 Edgan MTecknology: that is not how you win a debate, but whatever
21:49 MTecknology I did a salt talk once upon a time that touched on it, but it's a bad video and not worth watching
21:50 hemebond I use master.d but I'll be switching away from minion.d for configuration changes.
21:50 MTecknology Edgan: I'm not debating because I really don't care how you manage or mismanage salt.
21:50 Edgan MTecknology: there is more than just me, which is why you are even mentioning you disagree
21:51 Edgan hemebond: why master.d?
21:51 hemebond Separate files for different things.
21:51 hemebond Easier to manage.
21:51 hemebond Easier to test.
21:51 hemebond Easier to swap in and out.
21:52 MTecknology +1
21:52 bryang joined #salt
21:52 MTecknology and easier to have different states maintaining different things
21:52 MTecknology and no issues when you update
21:52 Edgan MTecknology: but why multiple states?
21:52 MTecknology well.. far fewer
21:52 hemebond Well my master is manually configured.
21:52 hemebond I don't really want a minion running on my master.
21:52 Edgan hemebond: I find one source of truth
21:52 MTecknology I have my salt master deployed via git
21:53 Edgan hemebond: better
21:53 hemebond Edgan: Each of my master.d files are named after the parameter they configure.
21:53 hemebond So it works exactly like the main master config, just different files.
21:54 hemebond (or grouped for many smaller settings)
21:54 Edgan hemebond: https://paste.fedoraproject.org/450298/47648207/  This is so simple I don't see a new for more than one file
21:54 nineteen joined #salt
21:55 hemebond Yeah, I have a little more configured.
21:55 MTecknology same here
21:56 Edgan hemebond: I also don't like the idea I might repeat myself in multiple files and might not get the setting I expect. say failhard: True in one and failhard: False in another
21:56 pipps joined #salt
21:56 MTecknology /etc/salt/master.d/ ->   main.conf  options.conf  reactor.conf  sdb.conf
21:56 hemebond While I could merge it all into one, it has been easier for me, up to this point, to create a new file to configure what I want.
21:56 hemebond Edgan: That's definitely a risk.
21:57 hemebond Especially when I create a config file to test something in particular that requires changing other settings.
21:57 Edgan hemebond: if you have a big devops team, I could easily see that happening
21:57 hemebond Oh definitely.
21:57 hemebond My master is only a test master and it's only me.
21:57 MTecknology but each file should have a purpose and the definition alone should prevent that
21:57 hemebond I don't (yet) use Salt in production,.
21:58 Edgan hemebond: for me I do have salt master manage itself, and I provision it with salt-ssh
21:58 MTecknology This is what my home environment looks like - http://imgur.com/gallery/fjdoE   There's a network overview at the bottom
21:58 _JZ_ joined #salt
21:58 netcho_ joined #salt
21:59 MTecknology I've now rebuilt every single box, including my salt master using salt-cloud.
21:59 hemebond Neat
21:59 noraatepernos joined #salt
21:59 hemebond Salt-Cloud? Which provider?
21:59 hemebond er, driver.
21:59 MTecknology look at the diagram
21:59 MTecknology salt-cloud -p <location> <fqdn> ... wait, done
21:59 Edgan hemebond: Even if you don't want to self-manage, hand setting up salt masters is craziness. You should provision with something like salt-ssh
22:00 MTecknology If it took more than that, I have work to do
22:00 hemebond What is Parens?
22:00 knikolov joined #salt
22:00 hemebond I don't know what driver that is.
22:00 MTecknology it's the name of my VM host
22:00 MTecknology running proxmox
22:00 hemebond Ah proxmox okay.
22:01 noraatepernos joined #salt
22:02 hemebond Edgan: Right now the master is only a test. Hopefully I will get to the point where I need to provision masters :-)
22:02 Edgan hemebond: I do one per region. :)
22:03 hemebond Yeah I'm not sure I'd ever need more than one to be honest.
22:03 hemebond Our deployments just aren't big enough.
22:03 MTecknology There's a company that wants to hire me in my local area that wants to migrate their entire environment to AWS. Sounds like they have a good AWS team to help keep costs down, but it sounds like they don't know what's going on in Linux-land
22:03 hemebond We currently have a Puppet master in each environment and I hate it.
22:03 racooper joined #salt
22:03 MTecknology and they're trying to rid themselves of Windows now that they're going to AWS
22:04 hemebond Oh nice
22:04 hemebond We're just starting to move to AWS.
22:04 noraatepernos joined #salt
22:04 hemebond In fact I'm the only one using it.
22:04 edrocks joined #salt
22:04 MTecknology not in the midwest, are ya? :P
22:04 hemebond Nope :-)
22:05 Edgan I have moved three companies to AWS. Rackspace -> AWS, Colo -> AWS, and Office -> AWS
22:06 * MTecknology strongly dislikes AWS
22:06 Edgan tech, cost, or both?
22:06 MTecknology yup
22:06 noraatepernos joined #salt
22:06 nineteen joined #salt
22:06 MTecknology I'm unimpressed by they way they handle things in the backend as well
22:07 hemebond I'm thinking of getting myself some Digital Ocean for personal testing. Heard good things (and they write good tutorials too)
22:07 Edgan I think AWS is great if you stick to EC2, ELB/ALB, and Route53. Stay away from secondary services like RDS, Redshift, EMR, Elastiache, Kinesis, etc.
22:07 MTecknology the tutorials are mostly okay, ya; the service has gotten *MUCH* better over the years
22:08 Rumbles joined #salt
22:08 MTecknology hemebond: If you want a referral code, you get $10 and then after you spend enough, I get stuff... :P   https://m.do.co/c/6186604441bb
22:08 hemebond Edgan: Oh really? I've just moved stuff over to RDS and ElastiCache.
22:09 hemebond MTecknology: ????
22:09 * MTecknology can't see that :(
22:09 MTecknology Edgan: my biggest issue with AWS is ELB which takes a frick ton of effort to make reasonably reliable
22:10 MTecknology If it weren't for ELB, I could probably tolerate the rest of their technical faults
22:10 sh123124213 joined #salt
22:10 bryang joined #salt
22:11 Edgan hemebond: RDS is easy, but you can't copy files, only dump to file. If you have a large amount of data, importing and exporting is craziness. They also don't let you do things like GRANT *.*.
22:11 hemebond Yikes. I use a lot of ELB too :-D
22:11 Edgan hemebond: It creates vendor lockin.
22:11 noraatepernos joined #salt
22:11 hemebond It does, but that's partly why I'm trying to make Salt work well with it so I can move easily.
22:12 Edgan hemebond: ELB isn't that bad most of the time. You have to be under extreme circumstances to see ELB problems.
22:12 * MTecknology has seen a lot of ELB issues in non-extreme circumstances
22:12 Edgan hemebond: like a slashdot/reddit of your site in a very short period of time
22:12 hemebond Hopefully that will never be the case :-D
22:12 hemebond Yeap, don't see that happening :-)
22:13 hemebond Thankfully.
22:13 Edgan MTecknology: I have created my own ELB replacement before, it is not an easy task. Even when I did do it, it wasn't as awesome as I wanted.
22:13 Edgan Also, ALB adds features if you only need HTTP
22:13 Edgan doesn't help with TCP though
22:14 nineteen joined #salt
22:14 Edgan hemebond: ELB is instances in auto scaling on the backend. So if it wants to go from two to three instances to handle instance load, it takes as long as it does to make a third instance and add it
22:15 Edgan hemebond: If you completely saturate the first two while waiting for the three, you get 503 errors
22:15 hemebond Ah
22:15 MTecknology lol...
22:16 MTecknology Why does my Nginx produce 503 ??
22:16 Edgan MTecknology: details?
22:17 MTecknology Should I have put that in quotes?
22:17 noraatepernos joined #salt
22:17 hemebond Miinecraft server!
22:18 west575 joined #salt
22:18 hemebond MTecknology: What is Syslog Host? Central log store?
22:19 hemebond LOL at a comment on your post "Yeah Hillary. Why do you need that server?"
22:20 MTecknology hemebond: yup, it's just running rsyslog and piping input into the correctly named directories
22:24 nineteen joined #salt
22:26 Bico_Fino joined #salt
22:27 Bico_Fino Hello, it’s possible to use a variable from grains.get inside pillar.get ? Example:
22:27 Bico_Fino {% set Hostname = salt['grains.get']('fqdn') %}
22:27 Bico_Fino {% set Env = salt['pillar.get']('{{ Hostname }}:env') %}
22:27 Edgan hemebond: what more advanced salt things are you doing when you don't even have salt in production yet?
22:28 Edgan Bico_Fino: yes, but I have found it inadvisable.
22:28 hemebond Edgan: What do you mean?
22:28 Edgan hemebond: our .d discussion above
22:28 hemebond Is this about my config setup?
22:29 Bico_Fino Edgan: Why is that? I’m getting a empty variable(Env), if I change {% set Env = salt['pillar.get']('{{ Hostname }}:env') %} to {% set Env = salt['pillar.get’](‘myhostname.domain:env') %} works.
22:29 sh123124213 joined #salt
22:29 hemebond Oh, well I have stuff in there for the custom transport, custom modules, environments, nodegroups, reactors, engines, and salt-api stuff.
22:29 cyteen joined #salt
22:30 noraatepernos joined #salt
22:30 iggy Bico_Fino: you shouldn't use pillar.get inside pillar files
22:30 Bico_Fino iggy: I’m using pillar.get inside a state.
22:30 iggy ahh
22:30 hemebond Bico_Fino: You have {{ }} inside your {% %}
22:31 hemebond If you want to concat strings in Jinja you do myvar ~ 'blah'
22:31 iggy well then do {% set Env = salt['pillar.get'](Hostname ~ ':env') %}
22:31 hemebond ^
22:32 Bico_Fino Let me try.
22:33 flowstate joined #salt
22:33 pipps joined #salt
22:34 Bico_Fino That did the trick!
22:34 Bico_Fino Thanks iggy and hemebond !
22:34 hemebond ????
22:34 MTecknology hemebond: what is that?
22:34 MTecknology I assume same as before?
22:35 Edgan Bico_Fino: One grain matching in pillars is dangerous. Technically it only matters for stuff like passwords that needs to be secure. grains are rewritable by the minions.
22:35 Edgan Bico_Fino: On top of that I have run into issues with errors when I use grains inside pillars
22:35 hemebond MTecknology: The character? You need to update your IRC bouncer server to support uncode :-)
22:35 nineteen joined #salt
22:36 MTecknology hemebond: I just don't have those fonts installed
22:36 Bico_Fino Edgan: I could get all fqdn’s inside a pillar I suppose.
22:36 * MTecknology works on a *VERY* minimalist laptop
22:36 hemebond I think it's just UTF-8.
22:36 hemebond Or something.
22:36 MTecknology any chance you could just tell me? please?
22:36 MTecknology :)
22:36 whytewolf it is U+1F44D
22:36 hemebond Oh, it's a thumbs up :-)
22:36 whytewolf a thumbs up
22:37 MTecknology ah, thanks! :)
22:37 hemebond I also have a smiley face ☺
22:37 MTecknology that one I can see
22:37 hemebond Oh, strange.
22:37 sh123124213 joined #salt
22:38 MTecknology hemebond: vim or emacs?
22:38 hemebond Pidgin :-)
22:38 MTecknology HAHAH!!!
22:38 whytewolf just trying to start wars MTecknology
22:38 whytewolf ?
22:39 MTecknology hemebond: vim vs. emacs ;; .d vs. not-.d ;; formula vs. not-formula ;; etc.
22:39 hemebond Oh I see :-D
22:39 hemebond Hahaha
22:39 hemebond I know someone who uses something like vim for IRC, so...
22:39 MTecknology :S
22:40 whytewolf ircII?
22:40 MTecknology I love vim, love IRC, but can't see using vim for irc :P
22:40 hemebond It's not actually vim but some similar "low-tech" IRC client that also doesn't show my unicode characters.
22:40 * MTecknology uses irssi
22:41 * whytewolf uses irssi also
22:41 whytewolf through a ZNC bouncer
22:41 MTecknology through a screen session
22:41 hemebond That looks familiar.
22:41 whytewolf tmux here
22:42 onlyanegg joined #salt
22:43 whytewolf well your char shows up fine for me hemebond even though it is passing through several layers
22:43 MTecknology I admitted I knew it's my problem, didn't I?
22:43 whytewolf yes you did
22:44 whytewolf :P
22:44 hemebond Oh so I guess it is a font thing.
22:44 pipps joined #salt
22:44 whytewolf yes. utf-8 still relys on fonts
22:44 whytewolf I can see it cause i use the powerline fonts for my terminal so that powerline shows up correctly
22:45 MTecknology powerline, eh?
22:45 whytewolf yeah
22:46 MTecknology should that need to be installed on the server irssi is running on or on my local system?
22:46 whytewolf looks nice when tmux/vim and my fish shell all have simalar designs. kind of whish it would actually look decent in irssi also
22:46 nineteen joined #salt
22:47 whytewolf no, it is just a side effect of the font. lets most of the unicode chars actually show up
22:47 MTecknology I was hoping that's what you meant...
22:48 MTecknology or would I have to manually select that font?
22:48 whytewolf your terminal program needs to use the font.
22:48 * MTecknology uses terminator
22:48 MTecknology terminator -> ssh -> screen -> irssi
22:49 whytewolf I'm useing iterm2 -> ssh -> tmux -> irssi -> znc
22:50 whytewolf iterm2 is where the font is installed
22:50 * MTecknology blinks
22:51 MTecknology I would have expected iterm2 -> irssi -> znc
22:51 MTecknology the ssh and tmux bits confuse me
22:51 whytewolf I got lazy.
22:51 MTecknology ah
22:51 whytewolf never setup the direct to tmux bits
22:52 whytewolf tmux is there cause i also use the server I ssh into as a bounce server into my personal servers I manage for my own stuff
22:54 nineteen joined #salt
22:54 MTecknology I have my workstation laptop that can connect w/ openvpn and then connect to my bastion host for stuff, or else I can use my phone (or secondary laptop + phone) to SSH into an OOB management server (one of two) that requires ssh key + password + 2fa key to log into, from there, you can use a different cert/user/2fa to log into one of my OOB devices.
22:55 whytewolf nice
22:56 tmkerr joined #salt
22:59 MTecknology thanks :)
22:59 MTecknology whytewolf: I shared pictures if you're curious!
23:00 whytewolf yeah :)
23:00 MTecknology http://imgur.com/gallery/fjdoE
23:01 fusionx8_ joined #salt
23:05 subsignal joined #salt
23:05 edrocks joined #salt
23:06 whytewolf here is an older picture. i have actually changed a lot since then. but this is kind of a teenage picture of my openstack cloud
23:06 whytewolf http://imgur.com/gallery/MZ0auch
23:08 pipps joined #salt
23:08 MTecknology interesting
23:14 nineteen joined #salt
23:16 DEger joined #salt
23:16 whytewolf here is the latest itteration. I do need to clean up the power wireing. http://imgur.com/gallery/HgSk1
23:19 whytewolf the 3 asus are the openstack controllers. the 2 2u boxes are rd450's which are my compute nodes. and the single dell 2950 is my salt/dns/database server
23:23 pipps joined #salt
23:25 nineteen joined #salt
23:31 iggy 2950... damn son
23:32 curio joined #salt
23:32 curio pointers for testing basics of salt pillars? even just syntax/lint would be good
23:33 MTecknology whytewolf: I haven't actually noticed an inclease in my electric bill, but I know I pay more than my neighbors.
23:33 iggy generally they are just going to be yaml (most of my pillars don't have any jinja in them... so a standard yaml parser/linter will do
23:33 nineteen joined #salt
23:33 MTecknology They literally gasped when I told them what I pay.
23:33 MTecknology I thought 110/mo in the summer (w/ AC running) was decent.
23:34 whytewolf MTecknology: oh i notice a difference, but it is mostly AC related. in the winter I don't have to run the heating so there is that
23:34 whytewolf but i also live in vegas so summers are murder
23:35 whytewolf I actually bought a "personal" ac unit for that room. cause i don't want the main one freezing over trying to keep the entire apartment clean
23:35 whytewolf s/clean/cool/
23:35 vegasq joined #salt
23:36 MTecknology I don't bother with cooling my setup; it runs plenty cool
23:36 MTecknology and it's in my basement next to concrete which is next to the ground
23:36 whytewolf oh my servers run cool. my apartment doesn't ;)
23:36 aarontc joined #salt
23:37 MTecknology I run cool, so my house does as well.
23:39 onlyanegg joined #salt
23:42 cyborg-one joined #salt
23:43 nethershaw joined #salt
23:43 nineteen joined #salt
23:45 mikecmpbll joined #salt
23:49 lero joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary