Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2016-11-15

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:01 iggy xbglowx_: yes... salt doesn't automatically realize that's a git repo and check all the branches
00:01 xbglowx_ iggy makes sense
00:02 iggy I mean not to say that isn't technically possible, but that's just not how salt works
00:03 xbglowx_ iggy, I just have to rework how I am bootstrapping my saltmaster per environment.
00:04 xbglowx_ iggy salt-call and minion config have no concept of gifts, correct?
00:05 xbglowx_ that is just on the master side?
00:05 iggy minion/masterless config can have gitfs options set
00:06 iggy but I can only think of a way to put it in the config file... not set on the command line
00:06 rpb joined #salt
00:07 xbglowx_ iggy, ah https://docs.saltstack.com/en/latest/ref/configuration/minion.html doesn't mention any options for gitfs for the minion.
00:07 iggy I think it's fairly new support... maybe they just didn't update the docs
00:13 mavhq joined #salt
00:14 Derailed Hey all. If I'm using salt formulae that, for example, install pip packages, do I have any mechanism at all to ensure that they're using a web proxy I specify?
00:15 iggy nein
00:16 Derailed iggy: is that an answer to my question?
00:16 NV joined #salt
00:16 xbglowx_ iggy do you know of any best practices doc for using gitfs and multi environments to bootstrap masters?
00:16 amontalban joined #salt
00:17 XenophonF xbglowx_: what do you have in mind?
00:17 XenophonF i wrote a bootstrapping script for my master a while back
00:17 XenophonF let me see if i can dig it up
00:19 subsignal joined #salt
00:19 xbglowx_ XenophonF I have the two git repos for both state files and top, and want to leverage them for provisioning salt masters per environment. Currently, I am doing a git checkout of both on each master and running salt-call with --local.
00:19 XenophonF https://gist.github.com/xenophonf/d8da7f47ea29d9ad46e7
00:19 XenophonF brb gotta look at the supermoon! ;)
00:20 nini left #salt
00:23 XenophonF damn the moon is bright
00:23 XenophonF anywayk back to bootstrapping
00:24 XenophonF i bootstrapped our master by temporarily cloning the necessary states/pillars locally
00:25 XenophonF then used state.apply
00:25 iggy xbglowx_: don't use environments?
00:27 jas02 joined #salt
00:28 xbglowx_ iggy what do you recommend instead for testing changes between different environments?
00:29 xbglowx_ XenophonF thanks for the gist. Looking it over.
00:29 iggy I generally go with different masters
00:30 pdayton joined #salt
00:33 xbglowx_ iggy I am trying to go with different masters, one per environment. Do you use git.latest to have each master checkout and update their respective branches?
00:34 amontalban joined #salt
00:34 amontalban joined #salt
00:35 mikecmpbll joined #salt
00:39 pipps joined #salt
00:39 pipps joined #salt
00:47 xbglowx_ iggy and XenophonF thank you both for your help. I think I know what I need to do to fix my bootstrapping problems.
00:49 pdayton joined #salt
00:53 pdayton joined #salt
00:56 awiss joined #salt
00:57 XenophonF xbglowx_: iirc you can tell gitfs to map the base environment to a particular branch
00:59 xbglowx_ XenophonF yes with gitfs_base.
01:01 nethershaw joined #salt
01:02 edrocks joined #salt
01:06 pipps joined #salt
01:07 akhter joined #salt
01:09 pipps joined #salt
01:14 jeddi joined #salt
01:16 jeddi joined #salt
01:17 swa_work joined #salt
01:17 johnkeates joined #salt
01:20 pipps joined #salt
01:26 systo joined #salt
01:30 woodtablet left #salt
01:47 guerby joined #salt
01:53 ashmckenzie joined #salt
02:01 jas02 joined #salt
02:08 scoates joined #salt
02:13 catpigger joined #salt
02:14 DammitJim joined #salt
02:15 akhter joined #salt
02:18 AvengerMoJo joined #salt
02:18 netcho joined #salt
02:18 evle joined #salt
02:23 watersoul_ joined #salt
02:32 iggy anybody ever seen "Attempt to authenticate with the salt master failed with timeout error" when connectivity works on 4505/4506 (checked with nc)
02:35 hasues joined #salt
02:35 hasues left #salt
02:37 hemebond iggy: Key issue?
02:37 orionx joined #salt
02:37 iggy nah, that throws a different error
02:37 hemebond Incorrect routing table?
02:39 iggy it's some sort of network problem (this minion was talking to this master just fine before they replaced a core router), but our network team can't seem to track down the issue, so I'm stuck figuring it out
02:39 hemebond Oh.
02:40 netcho joined #salt
02:40 sebastian-w joined #salt
02:42 awiss joined #salt
02:46 iggy I see traffic in tcpdumps (but it like shoots a few lines at the beginning of a salt-call... waits like 5 minutes and then dumps a bunch more as the timeout error shows up)
02:48 ilbot3 joined #salt
02:48 Topic for #salt is now Welcome to #salt! | Latest Versions: 2015.8.12, 2016.3.4 | Support: https://www.saltstack.com/support/ | Logs: http://irclog.perlgeek.de/salt/ | Paste: https://gist.github.com/ (please don't multiline paste into channel) | See also: #salt-devel, #salt-offtopic | Ask with patience as we are volunteers and may not have immediate answers
02:53 lilvim joined #salt
02:55 Satyajit joined #salt
03:02 jas02 joined #salt
03:03 orionx_ joined #salt
03:03 bastiand1 joined #salt
03:05 edrocks joined #salt
03:07 sp0097 joined #salt
03:13 raspado joined #salt
03:16 hemebond If the only change is the router I'd look at the router.
03:16 hemebond Maybe it's checking the traffic somehow.
03:17 mavhq joined #salt
03:17 hemebond Might also be a routing issue. Did the router IP change? Did the routing tables on the master or minion change?
03:30 g3cko joined #salt
03:32 sp0097 joined #salt
03:38 guerby joined #salt
03:39 onlyanegg joined #salt
03:42 mjimeneznet joined #salt
03:43 informant joined #salt
03:57 systo joined #salt
04:03 jas02 joined #salt
04:28 informant1 joined #salt
04:31 akhter joined #salt
04:37 hasues joined #salt
04:37 hasues left #salt
04:40 hasues joined #salt
04:40 hasues left #salt
04:41 netcho joined #salt
04:43 raspado anyone awake for some help?
04:43 donmichelangelo joined #salt
05:01 Salander27 joined #salt
05:03 pipps joined #salt
05:03 jas02 joined #salt
05:03 impi joined #salt
05:10 hemebond raspado: Usually best to just ask the question so if someone is around, and can help, they'll pipe up :-)
05:11 mpanetta joined #salt
05:16 DEger joined #salt
05:16 DEger joined #salt
05:42 zer0def joined #salt
05:44 mk-fg joined #salt
05:56 rdas joined #salt
06:01 sh123124213 joined #salt
06:04 jas02 joined #salt
06:07 edrocks joined #salt
06:24 ashmckenzie joined #salt
06:27 awiss joined #salt
06:27 raspado is there any issues symlinking the states directory?
06:34 teclator joined #salt
06:41 netcho joined #salt
06:52 hemebond Hmm. Not that I know of.
06:52 hemebond I use symlinks for formulas.
06:53 hemebond Instead of installing them properly.
06:59 an_ joined #salt
07:03 netcho joined #salt
07:05 jas02 joined #salt
07:07 colttt joined #salt
07:09 Miouge joined #salt
07:12 felskrone joined #salt
07:20 haam3r joined #salt
07:29 nidr0x joined #salt
07:30 yuhlw______ joined #salt
07:33 raspado yeah seems to work ok so far
07:33 raspado thx hemebond
07:34 awiss_ joined #salt
07:37 irated joined #salt
07:44 awiss joined #salt
07:46 impi joined #salt
07:48 KingOfFools joined #salt
07:54 ronnix joined #salt
08:04 raspado joined #salt
08:06 jas02 joined #salt
08:09 edrocks joined #salt
08:16 fracklen joined #salt
08:18 rdas joined #salt
08:19 fracklen joined #salt
08:20 sh123124213 joined #salt
08:21 debian112 joined #salt
08:25 fredvd joined #salt
08:27 KingOfFools joined #salt
08:27 DEger joined #salt
08:28 samodid joined #salt
08:35 KingOfFools joined #salt
08:38 onlyanegg joined #salt
08:42 KingOfFools joined #salt
08:45 losh joined #salt
08:48 impi joined #salt
08:50 debian112 joined #salt
08:56 krymzon joined #salt
08:57 sh123124213 joined #salt
09:04 netcho joined #salt
09:04 Rumbles joined #salt
09:04 haam3r1 joined #salt
09:04 mikecmpbll joined #salt
09:05 Rumbles joined #salt
09:07 jas02 joined #salt
09:08 haam3r1 left #salt
09:09 haam3r1 joined #salt
09:13 keimlink joined #salt
09:13 s_kunk joined #salt
09:14 s_kunk_ joined #salt
09:15 haam3r1 left #salt
09:15 haam3r1 joined #salt
09:16 haam3r1 left #salt
09:17 s_kunk__ joined #salt
09:17 haam3r1 joined #salt
09:19 s_kunk joined #salt
09:24 sad_salt joined #salt
09:31 orionx joined #salt
09:32 akhter joined #salt
09:32 orionx_ joined #salt
09:48 keimlink joined #salt
09:57 akhter joined #salt
10:06 sh123124213 joined #salt
10:07 ivanjaros joined #salt
10:08 jas02 joined #salt
10:11 LordOfLA joined #salt
10:13 toanju joined #salt
10:17 netcho joined #salt
10:19 florianb joined #salt
10:21 florianb hey — o/ how to catch local `event.fire`? `state.event` seems not tracking any events. Thanks a lot in advance!
10:22 sh123124213 what does fileserver update do in main event loop ( changeable from loop_interval ) ?
10:22 hemebond florianb: state.event doesn't track events.
10:24 florianb hemebond: ahh.. then i misunderstood "quickest way to watch the event bus is by calling the https://docs.saltstack.com/en/latest/ref/runners/all/salt.runners.state.html#salt.runners.state.event" wrong. How to catch them else?
10:24 hemebond Oh that.
10:25 hemebond That should work fine. salt-run state.event pretty=True
10:25 hemebond Works for me.
10:25 hemebond Do you not see any events even if you restart a minion?
10:25 haam3r_ joined #salt
10:25 florianb Probably its worth mentioning that i'm trying to repl in a vagrant box.. :-I
10:26 hemebond repl?
10:26 haam3r1 left #salt
10:26 florianb In fact i'm using salt-call to fire the event.
10:27 hemebond What line are you running?
10:28 hemebond You have a master, yeah>
10:28 hemebond ?
10:28 florianb salt-call event.fire '{data: "somedata"}' 'my_event'
10:28 florianb And for watching: salt-call state.event pretty=True
10:29 hemebond Oh.
10:29 hemebond Is that how you use runners on a minion?
10:29 hemebond Runners are, usually, a master thing.
10:29 gmoro joined #salt
10:30 hemebond I didn't even know the minions had an event bus that it watched.
10:30 florianb I am in my test-environment inside a Vagrant-box. I usually develop my salt-states on a single box before rolling it out into a bigger environment (containing a master).
10:32 florianb Hmm.. i thought this might be possible, since i am able to fire in the local bus exclusively. But probably you're right there is possibly no event-bus processing via salt-call..
10:32 hemebond Well, firing just means the minion firing the event.
10:32 hemebond But it just sends it to the master.
10:32 samodid joined #salt
10:32 hemebond That was my understanding.
10:33 hemebond Oh, state.event is there.
10:33 hemebond New in 2016.3.0
10:33 hemebond salt-call --local state.event pretty=True
10:34 florianb Wooohoooo… :-O \o/
10:34 hemebond https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.state.html#salt.modules.state.event
10:35 florianb Great finding — thank you very much!
10:35 hemebond 👍
10:36 florianb left #salt
10:37 florianb joined #salt
10:39 onlyanegg joined #salt
10:43 Reverend is there any way to say 'if $xx sls is on this minion do $yy, if $zz package is on this minion do $xy"
10:44 hemebond Reverend: Possibly, in some roundabout way. Would be better to make your states and configuration ... what's the word...
10:44 Reverend consolidated?
10:44 Reverend isolated?
10:45 hemebond deterministic is one word
10:45 Reverend the problem is that we have php54 installed with both apache -and- nginx... so we need to pick and choose between nginx -and- apache user for php-fpm process group.
10:46 hemebond Why don't you know which minion has which?
10:46 Reverend we do... but I want to make it more streamline, incase we ever switch to nginx from apache
10:47 Reverend i.e. if we sack off apache and install nginx in it';s place, for php-fpm to just use nginx group instead.
10:47 hemebond I would probably have a state for each configuration.
10:47 hemebond That also removes any conflicting libraries.
10:47 Reverend :/
10:47 Flying_Panda joined #salt
10:48 Reverend I guess I could make nginx / apache run as the same group... like wwwdata or something
10:48 Reverend but blerp
10:48 Reverend that's a bit shitty.
10:48 hemebond Well, couldn't you just use the pillar data to specify the user?
10:48 florianb I'd suggest a pillar, too.
10:48 Reverend i guess.
10:49 hemebond I'm still trying to picture the scenario, so...
10:49 florianb You can iterate through the pilllar adjusting the states matching to your requirements.
10:49 hemebond idempotent is the other word I was looking for.
10:49 Reverend surely salt knows what states it's going to run though... I'd like to think that you can check that and run things based on it :/
10:49 Reverend nevermind... I guess Ima take a look at adding another pillar then. thanks chaps. <3
10:51 hemebond Or a two parent states that include the other states and specifies the user.
10:51 Reverend true.
10:51 florianb Or a unless/if-clause testing for the current state.
10:51 hemebond Jinja is a templating engine so you can also include or import other state files and get their context.
10:53 Reverend yeah
10:53 Reverend i mean, if I can match on nodegroups in the sls for like, file.managed... that'd work
10:53 Reverend fuck it. I'll wait until I write hte apache one, and figure it out then
10:53 Reverend thanks though guys.,. appreciate the input :)
10:54 hemebond Good luck 👍
10:54 Reverend <3
10:56 Reverend even better example though: if newrelic is going to install, and if php54 is going to install, install newrelic agent too.
10:56 Reverend lemme give you the top.
10:56 hemebond I would just include newrelic agent state in the php54 state.
10:57 haam3r2 joined #salt
10:57 Reverend sec
10:57 Reverend http://pastebin.centos.org/57616/
10:57 hemebond (actually I'd specify it explicitly, while I see value in "automated" coupling, I find it nicer to see the states listed explicitly in the top file)
10:58 haam3r joined #salt
10:59 hemebond I would either create a new state that includes php54, newrelic-server and newrelic-agent, or explicitly list it in the top file (my preference)
10:59 Reverend hmmm
10:59 Reverend mmkay
11:02 sh123124213 joined #salt
11:03 amcorreia joined #salt
11:09 jas02 joined #salt
11:11 edrocks joined #salt
11:26 dunz0r If I want to distribute a directory containing some files to a minion, what's the smartest way to do so?
11:27 dunz0r Not just files, but subdirectories as well.
11:27 dunz0r I can't figure out if I can use source: with a file.directory-statement
11:30 florianb dunz0r: did you try https://docs.saltstack.com/en/latest/ref/file_server/file_roots.html
11:30 florianb ?
11:30 netcho hemebond: trying your autoscaling setup... havin some issues.. looks like reactor is not running for me
11:31 dunz0r florianb: I did not. It doesn't seem to do what I want though, but thanks anyway :)
11:31 florianb ahh - what exactly do you want to do? :)
11:33 dunz0r What I'm doing is setting up a local http-repo with some packages, the packages are ordered like <osname>/<osmajorversion>/<package>, so that I can install the correct version on the correct minion by using source://http://saltmaster:<osname>/<osmajorversion>
11:33 dunz0r Might be a much better way to do what I'm doing though, of course.
11:34 netcho i get notification and correct tag but reactor does not reeact for some reason
11:38 ashokrajar joined #salt
11:40 florianb dunz0r: i guess delivering foreign files via http/s is pretty common. If you want' get rid of setting up any additional host-application serving files you already have on the master. the file_server is a good choice. I suppose it heavily depends on your overall architecture how you might optimize file delivering between the hosts.
11:41 florianb s/master. the/master, the/
11:42 dunz0r florianb: Thing is, I'm pushing it to the master, so it can publish it via https and keep ideally have the packages in my git-repo, so I can rebuild them easily and publish them to the master.
11:43 dunz0r Since https will work for all package managers.
11:43 dunz0r It's just the part about adding them to the state without specifying a bunch of folders/files by hand that I'm trying to avoid :)
11:44 mede joined #salt
11:44 * mede hi all
11:47 florianb dunz0r: You might consider adding gitfs (https://docs.saltstack.com/en/latest/topics/tutorials/gitfs.html) to give your minions easier access to that repo. But you won't get rid of the folder-structure i guess. The only option i can think aside of this is to wrap the package-access into a custom state.
11:49 sad_salt joined #salt
11:52 dunz0r Huh. that was not expected :O
11:52 * dunz0r managed to get a traceback
11:53 dunz0r I suspect it's because file.directory doesn't have a source-statement :(
11:54 AndreasLutro file.recurse
11:54 Reverend file.directory just manages directories
11:54 N-Mi joined #salt
11:54 N-Mi joined #salt
11:54 Reverend file.recu.... god dammit AndreasLutro
11:54 Reverend I WANTED TO BE CLEVER FOR ONCE!
11:54 Reverend >3
11:54 Reverend :3 *
11:54 AndreasLutro that'll learn ya
11:54 Reverend haha
11:54 dunz0r AndreasLutro: I looked at it as well, but it only seems to handle permissions, or am I misinterpreting the documentation?
11:54 AndreasLutro dunz0r: pretty sure you are
11:55 florianb :'D
11:55 dunz0r Lets find out! \:D/
11:55 dunz0r Bah.
11:56 dunz0r Why didn't I try this the first thing I did...
11:56 dunz0r AndreasLutro: Here's an irc-rose for you: @->-
11:56 Reverend cute.,\
11:56 dunz0r Might be a tulip. I'm not a gardener
11:56 dunz0r ¯\(º_o)/¯
11:58 dunz0r Wait. states.pkgbuild o_O
11:58 dunz0r Might stop me from having to manually build the packages even.
11:58 * dunz0r is distributing pam-ssh-agent-auth to his debian 7/8 machines
11:59 dunz0r Since it's only available in Sid
12:00 akhter joined #salt
12:05 dunz0r Never mind. Still need to build a different for Debian 7.
12:05 florianb Is it doing anything different than libpam-ssh?
12:07 dunz0r florianb: Yeah. pam-ssh-agent works as an auth method that grants the user access if the user has authed with an ssh-key and has a working agent-socket
12:08 dunz0r pam_ssh allows you to login using your passphrase, and then use ssh-agent to not have to type the password.
12:09 dunz0r pam-ssh-agent is an auth method, so if I've logged in with an ssh-key, I can deem that "sufficient" to use sudo(apart from sudo-rights of course)
12:09 Roelt And now i've got tulips from amterdam stuck in my head..
12:10 jas02 joined #salt
12:12 aarontc joined #salt
12:13 xet7 joined #salt
12:13 netcho hemebond:  u around? :)
12:23 krymzon I have an Accepted and a Denied key for the same minion. I want to delete the former, accept the latter. What is the correct way of doing it? -d minion_id deletes both.
12:24 AndreasLutro krymzon: you have to remove it on the filesystem, sadly
12:25 krymzon AndreasLutro: thank you. I guess in this case I'll stick to deleting both and restarting the minion...
12:26 Hetman joined #salt
12:26 florianb left #salt
12:26 AndreasLutro https://github.com/saltstack/salt/issues/33928
12:26 saltstackbot [#33928][OPEN] Make salt-key work with key fingerprints in addition to/instead of minion ID globs | In the case where you have 2 salt keys for the same minion ID - maybe it was re-provisioned with a different minion key and you forgot to delete the old one - you're going to end up with this `salt-key -F` output:...
12:27 Hetman Hello what is default syntax to provide default in jinja/yaml ? example : - password: {{ my_password | if_not_exists use 'password' }} saw example someweher but forgot where. Can anyone point me in good direction please ?
12:27 krymzon thank you:)
12:28 AndreasLutro {{ my_password | default('password') }}
12:28 XenophonF Hetman: use the |defaults filter
12:28 XenophonF er, yeah, default
12:28 XenophonF Hetman: you really want to get cozy with the Jinja documentation at http://jinja.pocoo.org/
12:29 Hetman XenophonF: thanks so its {{ my_value | default('something') }}
12:31 oida joined #salt
12:32 XenophonF correct
12:33 XenophonF I use it all over the place.  See here for some examples: https://github.com/irtnog/shibboleth-formula/blob/master/shibboleth/idp/files/conf/metadata-providers.xml#L71
12:34 XenophonF iirc there's something different in the sematics of dict.key|default(...) and dict['key']|default(...)
12:34 XenophonF don't remember why but i was converting everything to the latter in cases where the key may not be in the dictionary
12:38 sjoerd_ joined #salt
12:39 onlyanegg joined #salt
12:47 darioleidi joined #salt
12:49 sh123124213 joined #salt
12:51 nicksloan joined #salt
12:54 AndreasLutro .key uses getattr before __getitem__, ['key'] does the other way around. both return an undefined object if the key doesn't exist
12:55 AndreasLutro but for dicts you may as well use the dict.get method
12:55 XenophonF yeah, i think jinja's |default operator doesn't catch the key-not-found error in one case but works in the other
12:56 XenophonF don't quote me on that
12:56 XenophonF i vaguely recall running into a problem where switching to dict['key'] made things work, but now I can't remember why :-/
13:01 akhter joined #salt
13:02 akhter joined #salt
13:09 florianb joined #salt
13:13 edrocks joined #salt
13:16 mede_ joined #salt
13:18 sjoerd_ Hi all, is there a way to merge a list form a pillar with a list from a forumula/defaults.yaml? Because all I'm capable of is resetting the whole list...
13:21 edrocks joined #salt
13:26 ronnix joined #salt
13:31 davidone joined #salt
13:31 davidone good morning/afternoon
13:32 davidone I am having issues when using two syndic nodes configured (both) as masters on a minion
13:32 davidone is there any known issue?
13:38 * mede crying ... anyone can help me with (in theory) a simple question regarding file.manage + pillar ?   https://gist.github.com/anonymous/9ff6c0808af1fd5fc0210fa1fd164d58
13:40 XenophonF sjoerd_: simplest way is to write your own exec module with a function that does just that
13:42 sjoerd_ XenophonF: yes I thought so, or maybe a macro in jinja should also be possible
13:42 ekristen joined #salt
13:43 Sketch mede: i don't see any references to any jinja variables in your state, so i'd guess your problem is in TOKEN.properties.j2, not in the state
13:44 mede Sketch: sorry ... the pillar reference is in the j2 file - i forgot to add it to the gist. The issue is ... i get the error the first time, if i run it again - it works
13:44 Sketch that seems strange
13:44 mede Sketch: so .. somehow... the require maybe is not met correctly... or the pillar data is not pusshed to the j2 file... although the second time it works perfectly.
13:45 RandyT mede: your require: also needs to be for - archive: extract_eip
13:46 Sketch also, thanks, i didn't know about archive.extracted...i was looking for exactly that just the other day :)
13:46 mede RandyT: i thought... that the new salt.. .doesn't need the archive: or file: or whatever... should be enough only the description text... am i wrong?
13:46 RandyT mede: ok, perhaps an old habit of mine then
13:46 RandyT not related to the error you are reporting, so must be grokable
13:46 mede :(
13:48 mede so ... any ideas .. am I an idiot?
13:51 RandyT appears to me that this may be issue in your jinja template
13:51 RandyT I see no other reference to 'tibco' in your gist
13:52 RandyT ah, in command line pillar
13:52 mede RandyT: in the cli i push the pillar data.. and in the j2 i have: {{ pillar['tibco']['db_endpoint'] }}
13:53 mede it should work... it works for different states... but i think the dependency between the j2 file and the archive ... is not working properly ... just a feeling
13:54 RandyT try pillar='{tibco: {db_user: "bbb", ...
13:54 RandyT when using pillar from command line, I dont usually quote those vars
13:54 mede RandyT: the second run of the state works perfectly
13:55 mede and for other states... pushing the pillar with quotes works... i think is the link between the archive and the j2 file... i think i am missing something
13:56 RandyT I think your file.managed is not running if your archive is extracted...
13:56 RandyT if_missing
13:57 mede that is correct ..
13:57 mede ah no .. it does run
13:57 netcho joined #salt
13:57 mede the archive is not extracted if the if_missing folder exists.
13:58 mede but the file.manage j2 still runs.
13:58 Hetman anyone familiar with mysql module here ? I can pass connection_user and connection_pass what is name of variable if I'm passing password as hash not plain text ?
13:58 mede the second run.. it actually replace the j2 pillar data... the first run... it fails... not founding jinja
13:58 RandyT not sure about the implications of the require as it may require the extract to run, thereby only running if extract happens?
14:04 mede RandyT: that is the question :)
14:07 RandyT I'd try removing the require...
14:07 KingOfFools joined #salt
14:08 mede RandyT: then .. how i can make sure that the j2 file.managed is run AFTER the archive? The point is that the archive untars a file.. that the j2 will overwrite.
14:10 onlyanegg joined #salt
14:11 jas02 joined #salt
14:14 IgorK__ joined #salt
14:15 IgorK__ Hello, can anybody help me with saltstack environments?
14:15 sjoerd_ Maybe, but you'll have to be more specific :)
14:16 RandyT mede: as a means of debugging, I would try without. There may be another approach to assure order rather than the one you are using.
14:16 IgorK__ ok, I want to set environments. I want to run next commands smth like:
14:16 IgorK__ salt 'minion1' state.apply services.backend saltenv=qa
14:16 IgorK__ salt 'minion1' state.apply services.backend saltenv=dev
14:17 mede RandyT: i did try it of course without the require
14:17 XenophonF sjoerd_: also take a look at salt.utils.dictupdate
14:17 IgorK__ and I'm getting next error: Pillar failed to render with the following messages:', "Rendering SLS 'qa.backend' failed. Please see master log for details.
14:17 mede same output... first run... the j2 can not find the pillar... second run it works ... bloody hell :)
14:17 XenophonF sjoerd_: you could write a macro in jinja to merge two lists, but it would probably be more tedius than doing the same in python
14:17 sjoerd_ XenophonF: I was looking at salt.pillar.stack atm
14:17 IgorK__ mb anybody will can check my repo https://github.com/mymtwcom/salt-vagrant-demo
14:19 XenophonF that's a nice repo you got there, IgorK__. shame if anything "happened" to it
14:19 Inver joined #salt
14:20 IgorK__ sorry?
14:20 nicksloan joined #salt
14:20 davidone sorry, didn't clarify
14:20 IgorK__ I just gave my repo to be more detailed
14:20 XenophonF crap - I'm gonna need to fix a joke there
14:20 sjoerd_ :)
14:21 davidone I mean: using two syndic nodes as master/master I see double published events from minions
14:21 sjoerd_ Igork__: Lost in translation joke, never mind
14:22 IgorK__ I think I will not can understand foreign humour, we are another have here
14:22 XenophonF my bad, IgorK__
14:22 XenophonF so, vagrant - nice
14:22 amontalban joined #salt
14:22 amontalban joined #salt
14:22 sjoerd_ IgorK__: Is there anything useful in your master log
14:23 IgorK__ "Rendering SLS 'qa.backend' failed. Please see master log for details."
14:23 XenophonF most likely a syntax error
14:23 IgorK__ mb I simply didn't found where salt stores log file
14:23 XenophonF yup, syntax error
14:23 sjoerd_ IgorK__: on your master box, have a look in /var/log/salt/master
14:23 XenophonF https://github.com/mymtwcom/salt-vagrant-demo/blob/master/saltstack/pillar/qa/backend.sls#L8
14:23 IgorK__ 1 sec
14:24 XenophonF you need to indent those encrypted blobs two spaces
14:24 IgorK__ No in /var/log/salt/master there the same
14:24 XenophonF the yaml renderer runs before the gpg renderer
14:24 IgorK__ XenophonF really?
14:24 XenophonF yes, really
14:24 IgorK__ 1 sec
14:25 IgorK__ shit)
14:25 XenophonF :)
14:25 XenophonF go ahead and ask me how I learned this ;)
14:25 subsignal joined #salt
14:26 sjoerd_ By carefully reading the docs?
14:26 XenophonF LOL no
14:26 sjoerd_ By checking how the code works?
14:26 DammitJim joined #salt
14:26 XenophonF that reminds me, i need patch the hole in my office wall this weekend
14:26 vickistan joined #salt
14:26 IgorK__ no,no I too knew about 2 spaces in sls
14:26 IgorK__ cuz in dev.backend.sls was 2 spaces
14:27 IgorK__ but not in qa.sls )
14:27 XenophonF I didn't :-/
14:28 IgorK__ hm... just run "salt 'minion1' saltutil.sync_pillar"
14:28 IgorK__ ERROR: Pillar modules can only be synced to masterless minions
14:28 IgorK__ strange
14:28 AndreasLutro you probably want refresh_pillar
14:29 IgorK__ yes
14:29 IgorK__ oh. worked
14:31 davidone I found this: https://github.com/saltstack/salt/issues/25700
14:31 saltstackbot [#25700][OPEN] Formalize/Cleanup Salt's HA/Multi-Master  | Background...
14:31 davidone Hasn't been updated in more than 1year
14:31 davidone anyone working on that?
14:33 _JZ_ joined #salt
14:33 IgorK__ New problem pillar data not changes depending from environment
14:34 IgorK__ data for salt 'minion1' pillar.items saltenv=qa
14:34 IgorK__ and salt 'minion1' pillar.items saltenv=dev
14:34 IgorK__ are the same
14:34 IgorK__ https://github.com/mymtwcom/salt-vagrant-demo
14:35 IgorK__ for qa environment, data the same as in dev env
14:36 Tanta joined #salt
14:38 sjoerd_ All: Why aren't any formula's using salt.pillar.stack but still using a map.jinja. Is it because stack is not maintained by the salt people?
14:38 sjoerd_ Like a best practise or something
14:38 XenophonF i'm a little unclear what salt.pillar.stack is?
14:39 sjoerd_ custom external pillar
14:39 sjoerd_ https://docs.saltstack.com/en/develop/ref/pillar/all/salt.pillar.stack.html
14:39 sjoerd_ mash up cariables etc with ease
14:39 sjoerd_ vars*
14:40 XenophonF oh is that the thing where you can reference pillar keys from other pillar SLS files?
14:40 sjoerd_ yes
14:40 sjoerd_ I think
14:41 XenophonF i'm not sure i understand how that would replace defaults.yaml/map.jinja in a formula
14:43 raspado joined #salt
14:44 scoates joined #salt
14:49 toastedpenguin joined #salt
14:50 dcpc007 joined #salt
14:51 IgorK__ think trouble in pillar_source_merging_strategy
14:51 IgorK__ but not sure
14:55 keltim joined #salt
14:55 keltim_ joined #salt
14:55 netcho joined #salt
14:55 netcho joined #salt
14:59 IgorK__ can I update salt master config without reloading vagrant?
15:03 Brew joined #salt
15:06 netcho hi all, how should autosign.conf look loke? having trouble finding it
15:06 netcho regex?
15:06 orionx joined #salt
15:06 netcho empty?
15:11 LiamMon joined #salt
15:13 cmarzullo Matches will be searched for first by string comparison, then by globbing, then by full-string regex matching.
15:13 cmarzullo one line each
15:16 ronnix joined #salt
15:18 orionx joined #salt
15:19 netcho so i can leave it empty cmarzullo ?
15:20 cmarzullo if it's empty then no minions will be autosigned.
15:20 netcho oh ok
15:20 netcho so i can put then my_minions*
15:20 cmarzullo yep.
15:20 KingOfFools joined #salt
15:20 netcho sweet, thanks
15:21 cmarzullo but do be careful. if your master is open then anyone can join your message bus if their minion_id matches.
15:21 cmarzullo admittedly not a problem for most envs
15:22 orionx_ joined #salt
15:28 impi joined #salt
15:31 Flying_Panda Anyone else playing with susemanger salt ?
15:32 sarcasticadmin joined #salt
15:33 gtmanfred I am not, but i can say it looked really cool at saltconf
15:33 xmj what's susemanger?
15:33 catpig joined #salt
15:34 Flying_Panda hi gt fixed that unicode erorr btw
15:34 gtmanfred xmj: do you know what spacewalk is?
15:34 gtmanfred Flying_Panda: nice
15:34 xmj heard the name, yes
15:34 Flying_Panda needed cidrs not cidr
15:34 gtmanfred xmj: susemanager 2 used space walk to manage suse systems, but was an enterprise product and supported by suse
15:35 gtmanfred susemanager 3 drops spacewalk, and uses salt
15:35 gtmanfred redhats rhn 5 also used spacewalk 5, but rhn 6 is something completely diffeent
15:35 Flying_Panda but does not seem to like our top.sls file in /srv/pillar :p
15:35 gtmanfred ahh, that would have done it
15:35 gtmanfred yeah, don't know about the top file
15:35 Reverend anyone here know about SSL purchases? :(
15:36 Flying_Panda you mean buying a a cert ?
15:36 gtmanfred Reverend: any reason you can't use letsencrypt?
15:36 Reverend yarp. Got a weird request from a client.
15:36 IgorK__ how to update salt from master 2016.3.3 to salt 2016.3.4 ?
15:36 gtmanfred ¯\(°_o)/¯ shouldn't be difficult
15:36 AndreasLutro I know my credit card number
15:36 xmj gtmanfred: oh, shiny
15:36 gtmanfred IgorK__:just update it with your package manager?
15:36 Reverend they've given us a CSR... and im unsure if my supplier will then give me a private key, or if the client requesting it will have it. I can't seem to find the PK ANYWHEREERERE in my reseller account...
15:37 IgorK__ sudo apt-get update?
15:37 gtmanfred apt-get upgrade
15:37 Flying_Panda have a word with supplier
15:37 gtmanfred but yeah, do an update first
15:37 xmj Reverend: yell at them and charge for your time wasted on waiting on them
15:37 IgorK__ thank you
15:37 Reverend Flying_Panda - probably a good shout.
15:37 Reverend xmj: not sure that'll help :P but thanks for the input xD
15:37 XenophonF anyone out there use salt to install vmware tools on windows?
15:38 AndreasLutro Reverend: if you have a CSR, you can send it to the supplier and get a certificate back
15:38 xmj anytime Reverend
15:38 ronnix joined #salt
15:38 Reverend AndreasLutro: so the DC will have the private key, or will my reseller generate one from the CSR?
15:38 Reverend I ahve the certs/intermediates/root, but not the private key... which is pretty important xD
15:39 AndreasLutro your client generated a CSR from their PK. the ssl provider will sign the CSR with their private key, which will produce a certificate
15:39 megamaced joined #salt
15:39 tapoxi joined #salt
15:40 Reverend oh. so I -shouldn't- get one... is that the overall deal here? if so... winrar. now i feel like less of a pleb for not being able to navigate their site. if not... gosh darn
15:40 Reverend also - thanks muchly. <3
15:43 mikecmpbll joined #salt
15:44 IgorK__ hmm.. after updating salt, my pillar data  disappeared
15:44 IgorK__ minion1:     ----------
15:44 racooper joined #salt
15:45 IgorK__ mb reload vagrant needed?
15:46 jeddi joined #salt
15:50 felskrone joined #salt
15:50 raspado whats the best way to migrate minions to another salt master?
15:52 XenophonF you should be able to copy their keys to the second master
15:53 XenophonF and then copy the second master's keys to the minions
15:53 XenophonF and then update the minion config
15:53 XenophonF maybe
15:54 XenophonF a quick ddg search didn't turn anything obvious up
15:56 onlyanegg joined #salt
15:57 swills joined #salt
16:03 netcho is there anything else to think of when moving master to different ip? or just changing minion configs is enough?
16:03 sp0097 joined #salt
16:05 IgorK__ why after updating salt to 2016.3.4 pillar data disappeared ( "salt '*' pillar.items" )
16:05 IgorK__ also tryed "salt '*' pillar.items pillarenv=dev"
16:05 IgorK__ not helps
16:13 mpanetta joined #salt
16:13 keimlink_ joined #salt
16:14 pdayton joined #salt
16:14 jas02 joined #salt
16:20 mikecmpbll joined #salt
16:23 raspado XenophonF: ah k thx
16:25 onlyanegg joined #salt
16:26 DammitJim joined #salt
16:30 fracklen joined #salt
16:30 Rumbles joined #salt
16:31 TyrfingMjolnir joined #salt
16:33 fracklen joined #salt
16:38 sp0097 joined #salt
16:39 pipps joined #salt
16:39 Trauma joined #salt
16:40 beowuff joined #salt
16:40 hlub_ IgorK__: try restarting the updated minions?
16:41 Rumbles joined #salt
16:42 IgorK__ hlub_: I think it will not help, I already restarted vagrant, and it was not helped
16:42 IgorK__ currently upgrading vagrant box
16:43 raspado IgorK__: try "salt '*' saltutil.refresh_pillar"
16:43 IgorK__ raspado: I tryed
16:43 IgorK__ already
16:43 IgorK__ didn't help
16:44 raspado salt-run cache.pillar
16:44 toastedpenguin anyone used salt-cloud and/or boto to query AWS to get a list of instances with instance types?
16:44 pipps joined #salt
16:44 N-Mi joined #salt
16:45 IgorK__ I'll try, after vagrant box upgrade will finish. 5 mins
16:45 raspado IgorK__: or you could try "salt-run cache.clear_all"
16:46 raspado i think theres a way to get the pillar data too like "salt-run cache.pillar tgt=hostname"
16:50 raspado QQ...  i want to target a machine that does not have a salt-minion but be able to deploy a state
16:51 raspado is this possible?
16:51 raspado its a one time thing, id hate to have to manually deploy all this stuff or create an ansible script
16:52 Rumbles joined #salt
16:53 raspado maybe salt-ssh is up my alley but not sure how to deploy a salt state to it
16:54 pipps joined #salt
16:56 foundatron joined #salt
16:59 tiwula joined #salt
16:59 impi joined #salt
17:01 gtmanfred salt-run pillar.show_pillar <hostname>
17:02 gtmanfred raspado: ^^
17:02 raspado ahhh :D
17:02 gtmanfred raspado: and yes, you can do that, but you need to use salt-ssh
17:02 gtmanfred once your roster is setup, you use it just like the salt command
17:02 gtmanfred salt-ssh \* test.ping
17:03 gtmanfred salt-ssh \* state.apply
17:03 gtmanfred you can also use something like the cloud roster to do lookups in your cloud providers to find vms instead of writing them all in /etc/salt/roster
17:04 samodid joined #salt
17:05 raspado we use environments to target the state files, if the environment is not defined for my target box, is there a way I can force prod/top.sls <state_file>?
17:06 gtmanfred the default_top?
17:07 gtmanfred raspado: https://docs.saltstack.com/en/latest/ref/configuration/minion.html#std:conf_minion-default_top
17:07 IgorK__ +gtmanfred: can you help whith salt pillar data? they not shows after upgrading salt
17:07 raspado ah k thx gtmanfred
17:07 gtmanfred i have no idea why that wouldn't be showing, have you tried a saltutil.pillar_refresh?
17:07 gtmanfred ahh yes, yeah idk
17:08 IgorK__ yes
17:08 IgorK__ not helped
17:08 IgorK__ )
17:08 IgorK__ maybe I'm set smth wrong when tried to install environments
17:09 IgorK__ https://github.com/mymtwcom/salt-vagrant-demo
17:09 ivanjaros joined #salt
17:10 IgorK__ I just wanted deploy different environments like salt '*' pillar.items pillarenv=qa or salt '*' pillar.items pillarenv=dev
17:13 yuhlw______ Is there a way, to have a sls which a list of state are *available* if systemd is installed
17:14 yuhlw______ Oups, sorry. How can I do to have some state that executes only if systemd is present ?
17:15 jas02 joined #salt
17:16 edrocks joined #salt
17:19 pipps joined #salt
17:19 XenophonF IgorK__: i had a problem with missing Pillar data after upgrading to 2016.3.4
17:19 IgorK__ XenophonF: oh, how did you fix that?
17:19 XenophonF in my case there was some kind of error, perhaps a bug in s3
17:20 IgorK__ I too upgraded to 2016.3.4
17:20 XenophonF i downgraded back to 2015.5.10
17:20 IgorK__ XD
17:20 systo joined #salt
17:20 XenophonF later, last week, i upgraded to whatever the latest point release in 2015.8 is
17:20 RandyT XenophonF: fwiw, I ran into the s3 issue in 2016.3.4 as well. Downgrade to 2016.3.3 fixes it.
17:20 XenophonF yeah
17:20 XenophonF there's a bug
17:20 XenophonF i can't replicate it on freebsd though, which is weird
17:21 XenophonF i'm wondering if i have a buggy install of boto somewhere or something
17:21 XenophonF but then the pillar s3 stuff doesn't use boto
17:21 XenophonF i haven't had time to troubleshoot it
17:21 RandyT there is a change with handling of __util__, it is fixed, but not in 3.4
17:22 IgorK__ I upgraded especially for using this "pillar_source_merging_strategy: none"
17:22 IgorK__ in 2016.3.3 it's not implemented
17:23 pipps joined #salt
17:24 RandyT XenophonF: IgorK__ https://github.com/saltstack/salt/pull/37629
17:24 saltstackbot [#37629][MERGED] fix __opts__ and provider being None in salt.utils.aws:get_location | What does this PR do?...
17:24 IgorK__ RandyT: what is it?
17:25 nicksloan joined #salt
17:25 RandyT I believe that will fix the issue you are seeing in 2016.3.4
17:25 IgorK__ I'm not on aws currently. I'm using vagrant with virtualbox for tests
17:26 IgorK__ it's not related with me maybe
17:26 RandyT XenophonF: since you are a Fbsd guy, any thoughts on this? https://github.com/saltstack/salt/issues/37450
17:26 saltstackbot [#37450][OPEN] FreeBSD EC2 deployment fails ssh login | Description of Issue/Question...
17:26 XenophonF RandyT: that could be the difference - my CentOS 7 master is running AWS, but my FreeBSD 10 master isn't.
17:27 IgorK__ Think it's need to open issue in github
17:29 XenophonF RandyT: I haven't seen that issue before.
17:29 XenophonF when you test SSH connections to the EC2 instance, are you testing from where you're running salt-cloud/salt-bootstrap?
17:30 RandyT XenophonF: yes, ssh from master works, but the master is unable to connect via ssh during the deploy
17:30 XenophonF what if you try deploying a bog-standard FreeBSD-EC2 AMI?
17:30 RandyT makes no sense.... but ty for taking a look at it
17:30 RandyT that is my next step. have not gotten back to that challenge yet
17:31 XenophonF like, maybe it's something specific to the pfsense image
17:31 bowhunter joined #salt
17:31 woodtablet joined #salt
17:32 RandyT that is my hunch but have not gotten to that step to prove it. small step but too many distractions. :-)
17:33 XenophonF man, I know it
17:35 XenophonF tbh i stopped using salt-cloud
17:35 RandyT I've seen that comment a few times. what did you go to?
17:35 XenophonF our aws infrastructure is small enough and changes infrequently enough and salt's support for a lot of the provisioning tasks we need to do misses too many things we need that i just don't bother
17:36 XenophonF i've got the vpcs set up manually, the way i want (n-tierd arch)
17:36 XenophonF and i've got a script that runs post-RunInstance to handle minion setup
17:36 XenophonF and a reactor that runs state.highstate upon key acceptance
17:36 XenophonF it's not very agile
17:37 XenophonF but we haven't needed better and i need to devote more time to salting our windows stuff
17:37 XenophonF sharepoint
17:37 RandyT fair enough. I've anticipated some growth in my environment, but still small enough that a few things are still static.
17:37 XenophonF i want to salt sharepoint
17:37 XenophonF sharepoint and adfs
17:37 XenophonF well, sharepoint and adfs and adds
17:37 XenophonF i'm close to what i want on the adds side
17:37 RandyT I think the windows work has been the biggest time drain for me.
17:38 XenophonF i have ended up coding around stuff salt provides
17:38 RandyT starting to make some moves to move some of those hosts to .net core environments.
17:38 XenophonF but i don't know how to get them to take a look at my work
17:38 XenophonF e.g., win_servermanager states don't work on windows 7/8/10
17:38 XenophonF so i wrote my own windows_servicing state/module
17:39 XenophonF which takes a lot of time i don't have
17:39 RandyT there are many gaps in the windows stuff. much of it I have worked around with PS
17:39 XenophonF i hate shelling out all the time but yeah, same here
17:39 theblazehen_ joined #salt
17:39 XenophonF my AD DS states amount to a bunch of calls to cmd.script with Jinja handling the options processing
17:39 RandyT but would think that someone would like to see your changes.
17:39 RandyT it has come a long way in a year.
17:40 RandyT yep, looking at some of that code now... or should be. ;P
17:40 XenophonF my AD FS exec module uses PS to get a list of all the *ADFS* cmdlets and then crafts a very, very thing wrapper around them
17:41 XenophonF https://github.com/irtnog/active-directory-formula
17:42 XenophonF what i really, really want to do is incorporate Salt into our collaboration management platform
17:42 mpanetta joined #salt
17:42 RandyT XenophonF: some amazing work being done here in case you are interested https://github.com/plus3it/ash-windows-formula
17:42 RandyT by lorengordon
17:43 XenophonF so when a principal investigator creates a new collaboration, it automatically provisions sharepoint sites and stuff like that
17:43 XenophonF i'll check that out
17:43 lorengordon you rang?
17:43 RandyT howdy lorengordon
17:43 lorengordon hola
17:43 RandyT just talking up some of your work
17:43 XenophonF oh man
17:43 lorengordon :blushes:
17:43 XenophonF i need this
17:43 XenophonF i need to run this on all of my windows minions
17:43 sarasfox joined #salt
17:44 Sketch XenophonF: no samba DC formula? ;)
17:44 RandyT prepare yourself...
17:44 sarasfox is their good examlp using hashing in beacon
17:44 RandyT attempting to get to compliance, I've reconsidered which is easiest... port to .Net core or compliance. :-)
17:44 XenophonF Sketch: funny you mention that, my boss was asking about switching server infrastructure to FLOSS just the other day
17:44 lorengordon i need to look at updating it to utilize the new lgpo module that was merged to develop
17:44 XenophonF my day job is for NIAID, so lorengordon's formula is right up my alley
17:45 lorengordon there is also an ash-linux-formula for centos/rhel
17:45 XenophonF is there one for debian/ubuntu, too?
17:45 XenophonF our bioinformatics people love ubuntu for some reason
17:45 lorengordon hahahahaha nope
17:45 RandyT XenophonF: if you are not aware of this... https://hubblestack.io/
17:45 XenophonF sucks
17:46 lorengordon our customers are purely centos/rhel
17:46 XenophonF no but i'll check it out
17:46 XenophonF lorengordon: forking in 3... 2... 1...
17:46 lorengordon the linux side is still el6, we're working on el7 but the DISA STIG is immature
17:47 khaije1 joined #salt
17:47 khaije1 I'm looking for an example of a relative map.jinja import. This is possible right?
17:48 lorengordon gotta step away for a couple hours, but let me know if you have any questions
17:48 XenophonF will do - thanks all
17:48 RandyT cheers
17:51 nicksloan joined #salt
17:54 mikecmpbll joined #salt
17:57 sarasfox salt.beacons.sh does this work in windows
17:59 impi joined #salt
18:00 RandyT sarasfox: seems to depend on strace, so the answer is no.
18:00 RandyT https://github.com/saltstack/salt/blob/develop/salt/beacons/sh.py#L24
18:02 subsignal joined #salt
18:02 sarasfox hum is their a list of beacons that work on windows
18:02 wendall911 joined #salt
18:02 sarasfox thanks RandyT
18:02 babilen Hmm .. how would I get a minion to refresh its pillar in the middle of a SLS run?
18:05 aarontc joined #salt
18:06 RandyT sarasfox: I think that info is in the doc, but pretty easy to navigate the source code and check for depedencies in __virtual__
18:10 babilen Ah .. reload_pillar works
18:12 nidr0x joined #salt
18:12 sarasfox by the docs every thing other then inofty should work
18:16 florianb joined #salt
18:16 florianb left #salt
18:17 florianb joined #salt
18:17 jas02 joined #salt
18:21 onlyanegg joined #salt
18:26 Bryson joined #salt
18:27 N-Mi joined #salt
18:27 xbglowx_ joined #salt
18:30 tercenya joined #salt
18:31 hasues joined #salt
18:34 rashford joined #salt
18:34 rashford joined #salt
18:36 hasues left #salt
18:37 pipps joined #salt
18:48 iggy requrest doc updates for things you find missing please
18:52 jimklo joined #salt
18:52 s_kunk joined #salt
18:54 sh123124213 joined #salt
18:58 mavhq joined #salt
18:59 pipps joined #salt
19:01 raspado_ joined #salt
19:04 fannet joined #salt
19:05 Miouge joined #salt
19:08 edrocks joined #salt
19:10 pipps joined #salt
19:17 jas02 joined #salt
19:20 SaucyElf joined #salt
19:21 SaucyElf joined #salt
19:24 Edgan joined #salt
19:25 sjoerd_ joined #salt
19:27 sjoerd_ Evening
19:28 toanju joined #salt
19:31 nrezinorn we are seeing some issues where our salt master is timing out (in the master logs), i suspect it is due to pkg.upgrade or similar timing out in yum (for some reason)  is there a way to determine the root cause?  or a way to have the master report more verbose errors for what happened?  (without enabling debug logs all the time)
19:33 cyteen joined #salt
19:36 fortitude joined #salt
19:38 pipps joined #salt
19:38 fortitude where should I look to see why cp.list_master isn't showing any files from a gitfs remote?
19:39 Miouge joined #salt
19:39 fortitude using -l debug shows that the remote is being fetched (and it shows up in the cache), but none of the files seem to be accessible
19:41 IgorK__ how to downgrade salt version from 2016.3.4 to 2016.3.3 ?
19:43 wendall911 left #salt
19:50 toanju joined #salt
19:52 fracklen joined #salt
19:58 edrocks joined #salt
19:59 wendall911 joined #salt
20:00 RandyT IgorK__: go to http://repo.saltstack.com/
20:00 RandyT you'll see option on the OS tab to "pin to minor release"
20:00 danlsgiga joined #salt
20:02 IgorK__ I run curl -L https://bootstrap.saltstack.com -o install_salt.sh
20:02 IgorK__ and sudo sh install_salt.sh -P -M
20:02 IgorK__ not helped
20:03 IgorK__ ahh
20:05 RandyT IgorK__: if you use bootstrap to install salt, you can specify the git tag to install from...
20:07 fortitude never mind, turns out it was stale gitfs files in the minion cache; deleting the various gitfs folder fixed it
20:07 Salander27 joined #salt
20:08 Miouge joined #salt
20:09 fracklen joined #salt
20:11 sebastian-w joined #salt
20:18 jas02 joined #salt
20:19 akhter joined #salt
20:19 pdayton joined #salt
20:19 LV-426 joined #salt
20:21 LV-426 hit by 'undefined symbol: OPENSSL_no_config', unable to restart salt-master, any word on this? see http://bugs.debian.org/843871
20:22 fracklen_ joined #salt
20:22 gtmanfred LV-426: i would ask in #openstack-salt
20:22 gtmanfred they manage those formulas
20:25 LV-426 suspect it to be broader in scope, hit by it despite not having any salt-formula-* package installed...
20:26 gtmanfred hrm, maybe, i haven't seen that at all though
20:26 pdayton joined #salt
20:41 sh123124213 joined #salt
20:42 schemanic_ joined #salt
20:42 schemanic_ Hey all
20:42 schemanic_ What sort of things should be on every server, regardless of function?
20:43 cscf schemanic_, I usually install htop, tmux, iotop, nethogs, nmap, etc.
20:43 cscf If I'm ever going to be using it's command line for debugging
20:43 schemanic_ cscf, thanks! so tools. I'm also thinking about bases to cover like AV, monitoring, etc?
20:44 cscf schemanic_, AV is not normally used on Linux.  Monitoring is a good idea.  syslog to a logging server, for example.
20:45 schemanic_ we use clamav here. We are required to in order to pass data security audits
20:45 iggy bash-completion ntp git apg python-software-properties rsync tmux apt-transport-https
20:45 iggy that's my common packages
20:45 schemanic_ thanks iggy!
20:45 schemanic_ what is apg?
20:45 iggy a password generator
20:45 orionx joined #salt
20:46 fracklen joined #salt
20:47 cscf iggy, you use https apt?  Do you have local repos for caching?
20:48 iggy no
20:48 cscf How many servers?
20:48 iggy I mean... yes, no
20:48 orionx_ joined #salt
20:49 iggy but it could easily be yes, yes
20:49 iggy for the setup that list came from, there's like 10 servers max (usually more like 4)
20:50 cscf Oh ok.
20:51 akhter joined #salt
20:52 iggy at work, we do use https mirrors
20:53 iggy so... same situation
20:53 Miouge joined #salt
20:54 gtmanfred ssl is just the worst
20:54 gtmanfred I wish the govt would just make it all plain text already
20:54 sh123124213 gtmanfred : hi, why does the salt filesystem needs refresh ? :)
20:54 sh123124213 I'm talking about roots
20:54 gtmanfred because changes are made to it from time to time, and they need to be cached in /var/cache/salt/master
20:55 sh123124213 and why cache changes ?
20:55 sh123124213 or files that are in the filesystem for that matter
20:55 gtmanfred because they aren't always on the filesystem
20:55 al_ joined #salt
20:55 irctc219 joined #salt
20:55 sh123124213 not sure I understand, what do you mean ?
20:55 gtmanfred and it is simpler to just cache everything, instead of building in logic to not cache some fileserver backends
20:56 gtmanfred not all fileservers are on the master...
20:56 sh123124213 ahm, so this is mostly for other fileserver other then roots
20:56 gtmanfred sure, but then you would have to build in logic to not cache file_roots, for some random reason when there isn't really any reason to not "cache" it
20:57 iggy I certainly wouldn't want all my minions constantly copying the same giant files across the network constantly
20:57 gtmanfred also that ^^
20:57 gtmanfred iggy: but the master cache?
20:57 gtmanfred sh123124213: also, the master cache stores hash sums of all of the files
20:57 iggy I can only assume there was some part of the conversation that I missed
20:57 gtmanfred so if we don't cache it, we don't store the hash, and we don't have the logic to know if the main fileroot has been changed
20:57 irctc219 Saltstack Devops Engineer position  atSalt Lake City, UT if available please drop a mail at krishna_golla@aesinc.us.com
20:58 gtmanfred it is just logically simpler to use a cache instead
20:58 iggy but that was more helpful than what I was originally going to say
20:58 gtmanfred :)
20:58 irctc219 Saltstack Devops Engineer position  atSalt Lake City, UT if available please drop a mail at krishna_golla@aesinc.us.com
20:58 XenophonF joined #salt
20:58 irctc219 was kicked by gtmanfred: gt...fo. ♥, gtmf
20:58 irctc219 joined #salt
20:58 sh123124213 gtmanfred : but I also see that mtime is stored in the cache folders
20:58 irctc219 Saltstack Devops Engineer position  atSalt Lake City, UT if available please drop a mail at krishna_golla@aesinc.us.com
20:59 sh123124213 which is kind of useless too
20:59 sh123124213 that one I wasn't able to remove from being saved unless I change code
20:59 * iggy signs that email up for bdsm newsletters
20:59 irctc219 was kicked by gtmanfred: don't spam
21:00 gtmanfred sh123124213: other than the things I have told you, i don't know... ask on the salt-users mailing list
21:00 sh123124213 heh, ye dude, just discussing
21:00 gtmanfred iggy: i am signing it up for cougar life
21:00 edrocks joined #salt
21:00 gtmanfred sh123124213: just saying, there are more devs that look at that than besides just me :)
21:00 gtmanfred cause i really don't know the full answer
21:01 sh123124213 don't worry, you are helpful with the ones you give :)
21:01 gtmanfred cool
21:01 sh123124213 thnx
21:01 gtmanfred no problem
21:02 wwalker joined #salt
21:03 wwalker in a file template, what function would I use to get a list of the minion-ids of all minions (not just the minion we are delivering to)?
21:04 drew__ joined #salt
21:04 gtmanfred you would need to allow for peering, and then do a publish.publish to the salt master, and have it run the saltutil.runner module with manage.status
21:04 gtmanfred or you could just check the salt mine for some variable, and use that list
21:05 gtmanfred of the keys in the dictionary that return
21:05 pipps joined #salt
21:06 drew__ Hi I am trying to get syndic nodes working. I followed exactly what the Salt docs mentioned ("order_masters: True" on the master node, "syndic_master: <MASTER_HOSTNAME>" on syndic master node)
21:06 drew__ but my master doesn't seem to connect to the syndic node (iow, salt-key doesn't pick up my syndic node)
21:07 jas02 joined #salt
21:07 drew__ I"m using 2016.3.0 on all nodes
21:07 pipps joined #salt
21:09 gtmanfred i really need to play around with the syndic
21:10 Miouge joined #salt
21:11 Bryson joined #salt
21:11 wwalker gtmanfred: thank you
21:13 DammitJim joined #salt
21:17 johnkeates joined #salt
21:20 orionx joined #salt
21:22 IgorK__ joined #salt
21:22 _two_ joined #salt
21:23 drew__ hmmm hold on could be firewall related :S
21:24 gtmanfred i have recently discovered the firewalld state, and it has changed my opinion on firewalld... i still don't want to manage it from the commandline, but managing it from a state is suprisingly easy
21:24 amontalban joined #salt
21:24 amontalban joined #salt
21:28 schemanic joined #salt
21:30 schemanic Hi
21:30 schemanic Has anyone had any experience with the saltstack formula for managing saltstack itself?
21:31 gtmanfred XenophonF: you're up ^^
21:31 gtmanfred and iggy :P
21:32 schemanic I'm trying to get my head wrapped around how I should be managing the saltstack installation itself, or if I even should beyond just keeping a repo for master files.
21:32 babilen schemanic: Many people
21:32 CampusD joined #salt
21:33 babilen schemanic: We deploy a basic config via salt-ssh and then run the formula (fed by pillars)
21:33 babilen The salt-ssh bit also uses the formula and its job is essentially the "initial wiring"
21:34 schemanic babilen, is this for masters or is it for minions? I've been able to get salt-cloud to do this for me on minions
21:34 babilen You could also do that directly in salt-cloud or other means that kick in at the end of your instance creation
21:34 babilen minions and masters
21:34 ProT-0-TypE joined #salt
21:34 babilen But then .. I don't tend to install many masters
21:35 pipps joined #salt
21:35 schemanic Right. That part seems to be working for me. What I'm trying to understand is how the saltstack formula will work to set up a new master from scratch
21:36 schemanic Before I get to work on the majority of the configuration work, I want to be able to destroy a master and then easily create one from a target system
21:36 schemanic for instance, in a disaster scenario
21:39 Edgan schemanic: I use my own formula to manage salt-minions and masters. I then use salt-ssh to make new masters.
21:40 sh123124213 joined #salt
21:41 schemanic mmm
21:41 schemanic Okay, I have a different question
21:42 schemanic What is the best way to acquire salt formulas being hosted on github or other places?
21:42 schemanic I've been manually downloading them and committing them to my own repo
21:43 gtmanfred that is probably the best thing to do
21:43 gtmanfred that or you can use spm
21:43 gtmanfred https://docs.saltstack.com/en/latest/topics/spm/
21:43 babilen yeah, don't use the github formulas directly
21:43 Edgan schemanic: IMHO you are best off to right your own. There are no standards on how people write their formulas. So they are a complete mishmash of styles.
21:43 Edgan schemanic: I mean write your own.
21:43 Edgan schemanic: One formula will support CentOS, one Ubuntu, one Debian, and one CentOS and Ubuntu
21:43 schemanic mmm. cmarzullo pointed me to salt-scaffold a while ago
21:44 gtmanfred nice, has a FORMULA file already in it
21:44 gtmanfred neat
21:44 schemanic gtmanfred, what has this file?
21:44 Edgan schemanic: good idea, decent implementation. I put defaults.yml instead the map.jinja.
21:44 schemanic oh the page
21:45 schemanic Yeah, it's been a bit difficult to settle on a method for some formulas
21:45 gtmanfred schemanic: it is used to build the spm package https://docs.saltstack.com/en/latest/topics/spm/
21:45 schemanic Some of the things I'm trying to do cross the domain of two or three different formulas being hosted on the salt github
21:45 Edgan schemanic: https://storage.cygnusx-1.org/formula.txt   This is the base of my style. It is fairly advanced.
21:46 tapoxi joined #salt
21:47 Edgan schemanic: You could probably rewrite scaffold with your own style.
21:47 schemanic Well this tells me that I'm more or less doing it the way I should be.
21:48 schemanic Is there a best practice for how to share pillar values between formulas?
21:48 Edgan schemanic: I use map.jinja for defaults, and override in pillars
21:48 Edgan schemanic: Without defaults you have super long pillar variable names
21:49 Edgan schemanic: One of the more advanced tricks in my style is use of macros.
21:49 schemanic for example, if I want to logically separate jailing sftp users, so I put that functionality in formula "sftp", but I want to set a value on users that tells sftp to jail a user, but "users" is it's own formula
21:49 schemanic what is a macro Edgan?
21:49 Edgan schemanic: My style is based on don't repeat yourself. Don't maintain the same piece of information in multiple places.
21:50 schemanic That concept makes sense to me, but how to you achieve it
21:50 Edgan schemanic: Take a state, and not just turn it into a formula, but a function that can be reused across formulas
21:50 Edgan schemanic: https://storage.cygnusx-1.org/formula.txt  has examples
21:50 schemanic I see, macros are like functions for jinja?
21:51 Edgan yes
21:52 Edgan schemanic: I use it for pillar checks(validating that pillars are set), system account creation(users), and pkgs(standardized way of installing a list of packages).
21:53 Edgan schemanic: Another principle is my sls files try to be 100% "code' and I put all the "config" in map.jinja(defaults) and pillars.
21:53 Tgrv joined #salt
21:54 schemanic I understand that concept and agree with it.
21:55 schemanic I see, so you've defined a macro called 'create_system_user' that takes params. Instead of having a users.sls file that loops through the pillar directly and keys logic off of the pillar, you pipe the pillar data into the macro?
21:55 Edgan schemanic: Reasons to move defaults.yaml into map.jinja are one when using salt-ssh, it is better to have one file instead of two, because of file_extraref. The other reason is map.jinja is going to be pretty empty the majority of the time, but defaults.yaml should always have a long. So merge them.
21:55 Edgan schemanic: yes, through map.jinja
21:56 Edgan schemanic: You define defaults and then merge in pillars on top, overriding defaults.
21:56 CampusD Hi all, how would I require another state within a state that is higher in file state structure? if I show sls for both the top and lower states they display fine, when I try to run the lower state I get requisites not found
21:56 CampusD do I need to put the full path in the require?
21:57 Edgan CampusD: pastebin an example
21:57 CampusD https://gist.github.com/UtahCampusD/3fcecb57600f65c634fbecde27dec38d
21:57 Edgan CampusD: it is pkg: not sls:
21:58 schemanic I see, so defaults.yml are like... mini pillars for when no pillar data is given
21:58 Edgan CampusD: for files and directories it is file
21:58 Edgan schemanic: yes
21:58 schemanic and you're saying move that info into map.jinja
21:58 Edgan schemanic: yes
21:58 Edgan schemanic: my example url above has an example of the merged style
21:58 schemanic That is helpful to understand.
21:59 gtmanfred CampusD: if you wanted to reference the higher state using sls, you would do sls: base.hq.pckg1
21:59 gtmanfred for the full path from the file_root
22:00 schemanic I see, so you store macros in their own files and call them from there
22:00 Edgan schemanic: I break pillars, users, pkgs, files, and services into different sls files so I can include them in order. 95%+ of the time that is the order you want.
22:00 gtmanfred CampusD: if you just want to require the one state, then it would be pkg: pckg1 to reference the pkg.installed state
22:00 CampusD I see, let me try that, my example here was poor because the higher state is not just a package but a whole formula
22:00 schemanic I see, do you don't orient formulas around specific functions?
22:01 schemanic or rather
22:01 Edgan schemanic: I use them in two ways
22:01 schemanic when you do a pkgs formula, you're doing one big formula for all packages you want?
22:01 gtmanfred CampusD: yeah, then you would want to have the full path that you would call salt state.sls base.hq.pckg1 assuming it is at /srv/salt/base/hq/pckg1.sls and /srv/salt is the directory in file_roots
22:01 schemanic- joined #salt
22:02 Edgan schemanic: I do things like nginx, mongodb, mysql, etc. Which are full formulas that do everything. I also have some "formulas" that are just map.jinjas holding certain config settings. Like say what is the cron, log, or system pathes.
22:02 Edgan schemanic: all packages for one thing, say an application
22:02 Edgan schemanic: or a database like say mysql
22:03 pipps99 joined #salt
22:03 Edgan schemanic: I also have formulas that are just installing a certain package/dependecy, like say nodejs.
22:03 schemanic Hey Edgan I have to flip over to another os for a moment. Can you hold that thought? I really appreciate you explaining your methods. I'll return in just a minute.
22:03 Edgan schemanic: It isn't a service, but a package that is needed across services
22:03 Edgan schemanic: no problem
22:04 XenophonF joined #salt
22:07 schemanic_ joined #salt
22:07 schemanic_ hey Edgan I'm back
22:08 jas02 joined #salt
22:08 schemanic_ You were talking about how you lay out different configurations in formulas?
22:09 CampusD gtmanfred, would i use / or . for the directories paths?
22:10 Edgan schemanic: There are three different types of "formula". The salt terminology is very loose.
22:10 gtmanfred periods
22:10 Edgan schemanic: systemd/map.jinja  is one style, where it is only a map.jinja consumed by bigger formulas
22:10 CampusD so sls: base.hq.pckg1.sls
22:10 gtmanfred no .sls
22:11 gtmanfred reference it the same way you would in top.sls
22:11 Edgan schemanic: nodejs/init.sls, nodejs/pkgs.sls  is the second style where is is just packages that are used by multiple bigger formulas
22:11 CampusD if pckg1 was a directory then base.hq.pckg1.init ?
22:11 Edgan schemanic: Then there is application/init.sls, application/pillars.sls, application/users.sls, etc that is a full on formula
22:11 gtmanfred no init
22:12 aphor joined #salt
22:12 Edgan schemanic: all three styles of a map.jinja
22:12 gtmanfred if it is a directory, init is automatically used
22:12 CampusD ok, thanks I'll try that
22:13 Edgan schemanic: breaking things out include sls files and just having init.sls for includes also lets you easily put if statements around whole sls files for readability.
22:14 Edgan schemanic: oh, there is a forth style
22:14 Edgan schemanic: saltstack/map.jinja, saltstack/master/init.sls, saltstack/minion/init.sls
22:15 Edgan schemanic: what I call subformulas, which share a map.jinja, generally because they share packages
22:17 Edgan schemanic: saltstack(master/minion/api), jenkins(master/slave), openssh(client/server), mongodb(mongod/mongos), java(openjdk/oracle)
22:18 saintromuald__ joined #salt
22:18 schemanic_ I see, so you can tell one formula that it depends on another formula by saying if (users/init.sls) then sftp
22:19 promorphus joined #salt
22:20 Edgan schemanic: not sure quite what you mean
22:20 Edgan schemanic: I see a "formula" as one top level directory like nodejs, or saltstack
22:22 schemanic_ Im trying to understand what you mean by things being consumed by bigger formulas
22:23 schemanic_ like, does one formula say 'hey go look for the init sls for the other formula'
22:23 schemanic_ or does that formula look for the presence of things the first formula installs on the system?
22:23 Edgan schemanic: Not what I mean
22:24 schemanic_ How does it work then?
22:24 Edgan schemanic_: In the case of systemd/map.jinja there is no init.sls
22:24 Edgan schemanic: it is just a defaults.yaml embedded in a map.jinja that another formula uses
22:25 Edgan schemanic: https://paste.fedoraproject.org/482767/79248712/
22:25 jcl_ joined #salt
22:25 Edgan schemanic: https://paste.fedoraproject.org/482769/14792487/
22:26 schemanic_ right so this is saying 'I assume the presence of a formula called mongodb. Get the values in map.jinja for it and pull it in to use.'
22:26 Edgan schemanic_: yes
22:26 promorphus Hey guys, I have a status file that I'd like salt to manage / add to on state runs. Basically, I have text that I'd like to keep in the file, and consistently add to on every run. I'm a little confused on how I can do that with file.accumulated + file.blockreplace, assuming I'd like to keep the old text, and not just flat out replace it. Anyone mind helping me out, or pointing me in the right direction online?
22:27 Edgan promorphus: https://docs.saltstack.com/en/latest/ref/states/all/salt.states.file.html  file.append?
22:27 schemanic_ so writing cross-formula functions is a matter of knowing what else is in your configuration repo and calling upon it.
22:27 Edgan schemanic_: yes
22:27 promorphus Errr, the issue isn't to append to the file as a whole, but to each section that's managed by file.blockreplace
22:27 Edgan schemanic_: I currently only use macros for very common low level stuff
22:28 SaucyElf joined #salt
22:28 promorphus I'm thinking I need to read what's in blockreplace first, accumulate what data needs to be in there, and then write all of it at once
22:28 Edgan promorphus: Is this a hard requirement of some existing software, or is it you just wanting to do it that way?
22:28 Edgan promorphus: I think you want a jinja template to define the chunks
22:29 promorphus im just wanting to do it that way, it's a way to keep track of what's happened on the system
22:29 schemanic_ right. It seems like for the most part things in the saltstack repos are written with no assumption of what else is going on on your system
22:29 schemanic_ so you dont see things like the first paste you sent me
22:29 promorphus Im using a jinja template to define the sections, but I'm not sure how to pull information out of them in a useful fashion
22:29 promorphus I'm also open to other suggestions.
22:30 Edgan schemanic_: We install our whole software stack on one instance for dev, and we have microservices that need to know about each other. On top of the usual database, redis, rabbitmq, etc.
22:30 Edgan promorphus: Provide a reasonable example
22:31 danlsgiga left #salt
22:31 Edgan promorphus: Rabbitmq has a username and password, and say three applications need to know that user/pass.
22:31 schemanic_ What does that mean insofar as salt is concerned? You mean to say that the microsevices formulas are inter-dependant?
22:31 Edgan Last thing I said meant for schemanic_
22:31 Edgan schemanic_: yes
22:32 schemanic_ Edgan keep going with your example
22:32 Edgan schemanic_: We could define the user/pass in the pillars for each service, but instead we define it once and feed it through the rabbitmq map.jinja
22:32 Edgan schemanic_: and import that map.jinja into each application formula that needs it
22:33 schemanic_ so you create one pillar with all the user information that could be used by any of the things that need it?
22:33 Edgan schemanic_: We also do this for data services(mongodb, rabbitmq) where we need to construct a url, and multiple applications need to know that url. We could reconstruct per application, but we instead use an imported map.jinja
22:34 schemanic_ I recognize what's important about that, but I'm still not picking up the workflow
22:34 Edgan schemanic_: We set defaults in the map.jinja, and then override per component(application), cluster(grouping), or environment. We mostly override passwords and hostnames
22:35 Edgan schemanic_: real passwords shouldn't be in the map.jinja, so they are always overridden in pillars
22:35 Edgan schemanic_: and we use a pillar check to make sure they are defined
22:36 Edgan schemanic_: We end up having three sizes of a full stack cluster. Single instance(small), multiple instance(medium), and full multiple instance(large).
22:36 Edgan schemanic_: In the case of small the map.jinja will generally have grains['fqdn'] for the hostname say for rabbitmq
22:36 schemanic_ right but you said that you're making the same user/pass combo for three different things, redis, rabbitmq, and postgres for example
22:36 schemanic_ are you saying that you have one pillar for all three?
22:37 Edgan schemanic_: Not each has it's own
22:38 Edgan schemanic_: one rabbitmq pillar, one redis pillar, and one postgres pillar
22:38 schemanic_ then how do you avoid having three files with the same user/pass combo
22:38 bluenemo joined #salt
22:38 Edgan schemanic_: one sec
22:39 schemanic_ Sorry that I'm having trouble visualizing this
22:39 bluenemo hi guys. I'm wondering why rsync.synchronized runs even when there are no files to copy or delete: http://paste.debian.net/896030/ this was run with --state-output=changes. Imho the state should return an empty dict for changes: {}, so its green when run with --state-output=changes. What do you think?
22:40 bluenemo imho the changes output should be in comment, then everything would be ok. I think its worth an issue on github?
22:42 Edgan schemanic_: https://paste.fedoraproject.org/482774/92497091/
22:42 Edgan schemanic_: toplevel will be the default redis password
22:42 gtmanfred bluenemo: agreed
22:42 Edgan schemanic_: the dev10 password is an override just for that region_cluster_env
22:42 gtmanfred bluenemo: awaiting a pull request :)
22:43 bluenemo hm I'm tired, no more work today - I'm filing an issue ;)
22:43 Edgan schemanic_: and the map.jinja merges them in with the yaml(embedded defaults.yaml) into one variable object, redis
22:43 Edgan schemanic_: which you then import into the jinja template for say redis.conf, or application/config.json and pull out the variables for user/pass
22:45 Edgan schemanic_: https://paste.fedoraproject.org/482776/14792498/
22:45 schemanic_ Okay, that makes *some* sense - in this example you are overriding scopes for one application
22:45 schemanic_ but the example you gave before was for sharing data for wildly different applications
22:46 schemanic_ you said that what you were doing was taking three different applications and giving them the same configuration data
22:46 bluenemo gtmanfred, https://github.com/saltstack/salt/issues/37714
22:46 saltstackbot [#37714][OPEN] rsync.synchronized returns a changes dictionary when no changes are done | Description of Issue/Question...
22:46 Edgan schemanic_: https://paste.fedoraproject.org/482777/92500001/
22:46 schemanic_ in the example you just gave me, you took one application (redis) and made it so you had a password that everything with redis would get except for dev10
22:47 Edgan schemanic_: yes
22:47 gtmanfred bluenemo: tagged :P
22:47 Edgan schemanic_: another example is
22:49 schemanic_ hmm
22:50 schemanic_ I still don't understand how separate applications share information here. From what I'm seeing, all of these files are contained under one formula: 'redis'
22:52 schemanic_ I'll read over this transcript to see if I understand it a bit better later. Thanks very much Edgan.
22:52 pipps joined #salt
22:52 hemebond I share data via pillars.
22:53 pipps joined #salt
22:53 hemebond The formulas read their particular pillars, and I populate those pillars via a Jinja file of "shared" or "global" information.
22:53 Edgan schemanic_: https://paste.fedoraproject.org/482780/25040914/
22:54 Edgan schemanic_: That is two "our code" applications sharing data in one direction. Just like the redis example.
22:54 schemanic_ hmm. Okay I'll look over this
22:55 Edgan schemanic_: Note, you can't do bi-directional. You will end up with both map.jinjas trying to import the other, and you have a loop
22:55 Edgan schemanic_: which is where  things like systemd/map.jinja are useful, to break out things that both can share
22:56 Edgan schemanic_: one example would a SaaS you use as an api, and both applications need to know api keys
22:56 Edgan schemanic_: So you make a saas/map.jiinja, and they both import it
22:58 schemanic_ Okay. Thats starting to gel a bit more
22:59 schemanic_ Truly, thank you for your advice and patience. I usually have to see things happen to understand them well so I apologize if it's been tedious to explain.
23:00 Edgan schemanic_: no, I completely understand
23:00 Edgan schemanic_: I recently taught some co-workers Salt, and I reviewed all the books I could find.
23:00 Edgan schemanic_: None of of them even reference the idea of a map.jinja
23:00 schemanic_ I'm basically in charge of building DevOps at my company and I'm in the process of self-educating.
23:02 schemanic_ In honesty I'm still learning what makes the jinja code work so I appreciate understanding what I should be learning here.
23:02 schemanic_ I'm going to head out for now. Thanks again!
23:03 Edgan schemanic-: You are welcome
23:03 aphor Edgan: map.jinja is a pattern documented in some SaltStack best practices pages.
23:03 Edgan aphor: yes, but not in any of the books
23:03 Edgan aphor: and you could probably write a whole book about advanced forms
23:03 aphor Edgan: there's money on the table for the bok you would write then...
23:03 aphor book
23:03 Edgan aphor: It has crossed my mind
23:03 aphor bork3d keybored
23:04 promorphus Edgan: not attempting to be rude, do you happen to respond to PM's? or is that off limits?
23:04 Edgan promorphus: I hadn't noticed your's. Let me look
23:04 promorphus no worries, just didn't want to bother you if that was inappropriate
23:05 justanotheruser joined #salt
23:05 fannet joined #salt
23:06 pipps joined #salt
23:07 schemanic joined #salt
23:16 VR-Jack-H joined #salt
23:16 pipps joined #salt
23:19 tercenya joined #salt
23:21 SaucyElf joined #salt
23:26 subsignal joined #salt
23:35 eseyman joined #salt
23:44 KajiMaster joined #salt
23:50 tkharju joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary