Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2016-11-18

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:04 aidin joined #salt
00:05 ssplatt joined #salt
00:14 SaucyElf joined #salt
00:15 hemebond joined #salt
00:18 Rumbles joined #salt
00:23 bltmiller joined #salt
00:25 Klas joined #salt
00:29 pipps joined #salt
00:30 rml joined #salt
00:34 akhter joined #salt
00:34 jas02 joined #salt
00:36 ssplatt joined #salt
00:46 woodtablet left #salt
00:57 teclator joined #salt
00:57 IgorK__ joined #salt
00:58 IgorK__ Hi, Is there anyone alive?
00:58 hemebond ya
00:59 XenophonF Are we alive?
00:59 XenophonF Is this just a dream?
00:59 XenophonF Worse, is it someone else's dream?
01:00 XenophonF That's a pretty heavy question for a normally technical IRC channel, IgorK__.
01:01 IgorK__ :D
01:01 teclator joined #salt
01:02 IgorK__ maybe anybody can help with restarting nginx after removing his "default" file?
01:02 IgorK__ I have this code https://gist.github.com/mymtwcom/49cfd342594e1ea47f9a0a3a6a12b25a
01:05 XenophonF just add a dependency on the file: remove nginx default config file state
01:05 XenophonF gtg hth
01:06 IgorK__ dependency?
01:06 gtmanfred another thing inthe watch: for the second file
01:06 gtmanfred add - file: /etc/nginx/sites-available/default to the watch
01:07 gtmanfred https://docs.saltstack.com/en/latest/ref/states/requisites.html
01:08 IgorK__ as I understood watch needed in service.running block?
01:12 IgorK__ hm.. looks like watch helped. thank you.
01:35 jas02 joined #salt
01:36 scoates joined #salt
01:41 amontalban joined #salt
01:45 rashford joined #salt
01:46 nickabbey joined #salt
01:53 akhter joined #salt
01:58 amontalb1n joined #salt
02:03 subsignal joined #salt
02:10 catpigger joined #salt
02:21 ssplatt joined #salt
02:21 evle joined #salt
02:35 jmpret joined #salt
02:36 jas02 joined #salt
02:38 jmpret hi, all. Which module i can use to list all disks information, including vendor, model, bus id, etc.
02:40 amontalban joined #salt
02:41 sebastian-w joined #salt
02:46 nicksloan joined #salt
02:48 ilbot3 joined #salt
02:48 Topic for #salt is now Welcome to #salt! | Latest Versions: 2015.8.12, 2016.3.4 | Support: https://www.saltstack.com/support/ | Logs: http://irclog.perlgeek.de/salt/ | Paste: https://gist.github.com/ (please don't multiline paste into channel) | See also: #salt-devel, #salt-offtopic | Ask with patience as we are volunteers and may not have immediate answers
02:58 jmpq joined #salt
02:59 orionx joined #salt
03:00 jmpq hi which module can i use to list disks information including disk vendor model etc, thanks a lot
03:02 onlyanegg joined #salt
03:03 XenophonF jmpret: there's a `disk` module listed at https://docs.saltstack.com/en/latest/ref/modules/all/
03:04 XenophonF there's also a `disks` grain
03:04 jmpq joined #salt
03:04 rashford joined #salt
03:07 dxiri joined #salt
03:08 jmpq thank you, I have looked thru the disk module but could not find the function I need
03:09 jmpq and salt host grains.items does not return the disks
03:17 mpanetta joined #salt
03:43 aidin joined #salt
03:44 dxiri joined #salt
03:58 bastiand1 joined #salt
03:59 llua how can one quote a string in pillar to prevent it from being treated as jinja?
04:01 evle joined #salt
04:06 renoirb joined #salt
04:09 onlyanegg joined #salt
04:14 llua nevermind
04:24 informant joined #salt
04:26 aidin joined #salt
04:26 mk-fg joined #salt
04:32 rdas joined #salt
04:38 jas02 joined #salt
04:50 mpanetta_ joined #salt
05:16 samodid joined #salt
05:39 jas02 joined #salt
05:57 impi joined #salt
06:09 bastiandg joined #salt
06:10 AbyssOne joined #salt
06:18 KingOfFools joined #salt
06:18 basepi joined #salt
06:18 aidin joined #salt
06:20 kuromagi joined #salt
06:20 smkelly joined #salt
06:21 McNinja joined #salt
06:22 samodid joined #salt
06:29 writtenoff joined #salt
06:36 |aaron what is the oldest supported release right now? 2016.3.4? 2015.8.12? as in, if im submitting a pull request to fix a bug, which version should it be against
06:39 jas02 joined #salt
06:50 samodid joined #salt
06:50 awiss joined #salt
06:51 mortis |aaron: guess you find what you need here https://docs.saltstack.com/en/latest/topics/development/contributing.html
06:52 fannet joined #salt
06:54 fracklen joined #salt
06:56 teclator joined #salt
07:11 Klas joined #salt
07:12 Klas joined #salt
07:20 Miouge joined #salt
07:35 felskrone joined #salt
07:40 jas02 joined #salt
07:44 aidin joined #salt
07:47 sgo_ joined #salt
07:55 whatevsz @+gtmanfred: thank you, didn't find that stuff in the docs
07:56 Electron^- joined #salt
08:02 fannet joined #salt
08:09 rylnd joined #salt
08:12 aidin joined #salt
08:13 samodid joined #salt
08:17 fracklen joined #salt
08:17 o1e9 joined #salt
08:22 goudale joined #salt
08:22 JohnnyRun joined #salt
08:23 bocaneri joined #salt
08:30 irctc574 joined #salt
08:30 irctc574 hi
08:30 irctc574 i have a problem with some salt-minions on some hosts
08:31 irctc574 some hosts start the salt-daemon with "KeepAlive MinionProcessManager" while others don't
08:31 irctc574 the config is identical on all the machines
08:31 irctc574 what is triggering these additional options?
08:37 ronnix joined #salt
08:37 remyd1 joined #salt
08:38 remyd1 Hi. Back again
08:40 remyd1 is it possible de define reactor with git backend like git_pillar for pillars or a gitfs_remote like we can do for states
08:40 remyd1 ?
08:41 babilen remyd1: I don't quite follow .. you configure reactors in the master config
08:41 jas02 joined #salt
08:41 xet7 joined #salt
08:43 evle1 joined #salt
08:45 Derailed joined #salt
08:46 awiss joined #salt
08:46 concernedcitizen joined #salt
08:46 concernedcitizen joined #salt
08:49 babilen remyd1: https://docs.saltstack.com/en/latest/topics/reactor/#mapping-events-to-reactor-sls-files
08:49 babilen "Reactor SLS files and event tags are associated in the master config file. By default this is /etc/salt/master, or /etc/salt/master.d/reactor.conf."
08:49 babilen Also note the bit about salt:// in there
08:51 NV joined #salt
08:56 remyd1 hehe that is what I need ;)
08:56 remyd1 thx babilen
08:56 fannet joined #salt
09:00 remyd1 (salt://)
09:03 mikecmpbll joined #salt
09:04 JohnnyRun joined #salt
09:05 rylnd joined #salt
09:10 Electron^- joined #salt
09:12 s_kunk joined #salt
09:13 Rumbles joined #salt
09:16 JohnnyRun joined #salt
09:18 xet7 joined #salt
09:36 remyd1 Does anyone use mongodb on a multi-master configuration to manage pillars ?
09:40 remyd1 I am thinking about switching all my pillars to mongodb and then, extend my mongodb to scale horizontally on salt servers
09:41 remyd1 I already have some pillars in mongodb
09:41 remyd1 but it is not as easy to manage than git_pillar or with simple files
09:41 remyd1 specially for updates operations
09:42 keimlink joined #salt
09:43 jas02 joined #salt
09:45 irctc574 so, after having further looks at what is causing problems is that the hosts where we have problems with the salt-minion say under /proc/$pid/status that the name is "/usr/bin/python" and the "good" hosts say that name is "salt-minion"
09:45 irctc574 this is also preventing that the salt-minion can be stopped via init-script
09:46 irctc574 anyone ever ran into that problem?
09:46 irctc574 os is debian wheezy in all cases
09:47 irctc574 salt is installed from the official saltstack repository
09:51 fannet joined #salt
09:51 ivanjaros joined #salt
10:00 netcho joined #salt
10:08 ozux joined #salt
10:10 remyd1 it seems I have a problem to load my git pillars although these pillars are in /var/cache/salt/master/git_pillar/
10:13 amcorreia joined #salt
10:16 remyd1 I tried with these two different config : http://paste.debian.net/896533/
10:17 remyd1 I could see the pillars in the salt cache (/var/cache/salt/master...)
10:17 remyd1 But the result is: Specified SLS 'tests.users' in environment 'base' is not available on the salt master
10:17 remyd1 it workd with a pillar file backend
10:18 remyd1 s/workd/works
10:21 remyd1 i am using salt boron
10:24 remyd1 Actually, with the first config, pillars are stored in /var/cache/salt/master/pillar_gitfs/
10:25 remyd1 Do you think salt does not find the top.sls because it is in salt_pillar subdirectory ? Or salt does not find base environment ?
10:41 onlyanegg joined #salt
10:43 jas02 joined #salt
10:47 remyd1 Nevermind. I understood -__-
10:47 florianb joined #salt
10:48 remyd1 the file was not in my repository...
10:48 remyd1 -> Need a coffee
10:50 jas02 joined #salt
11:04 florianb hi, is there a way to sync reactor-/beacon-configuration f.e. through gitfs?
11:05 babilen florianb: What exactly do you refer to by "configuration" ? The bits in the master conf or the reactor SLSs ?
11:07 florianb babilen: i'd like to configure the reactor and the beacons through our central repository, without touching the salt-masters configurtion by hand. to pick your question up i guess i can't distribute the configuration (master.conf) via gitfs, nor the master.d/reactor.conf, don't i?
11:08 babilen You can use https://github.com/saltstack-formulas/salt-formula/ to salt your salt
11:11 fannet joined #salt
11:12 florianb :-O -- i have to dig into this.. thanks babilen! http://gph.is/1SIOBzA
11:13 cyborg-one joined #salt
11:19 viq cmarzullo: reading your conversation from yesterday with Edgan, you may be also interested in https://github.com/saltstack/salt/search?utf8=%E2%9C%93&q=testinfra
11:21 viq florianb: on the other hand, reactors themselves can be in gitfs
11:22 florianb viq: how that? the docs state the ractors-config has to reside in the master/reactor.conf?
11:23 viq florianb: reactor _config_, yes. reactor _code_ can be in gitfs
11:23 fredvd joined #salt
11:24 florianb viq: okay, but in order to add reactors i'd have to touch the config
11:24 viq correct
11:24 florianb aye - that
11:24 florianb 's what i wanted to avoid.
11:24 netcho joined #salt
11:26 viq But as babilen pointed out, that part could be generated with salt-formula - but that would still require for you to restart master
11:29 florianb right - i guess i can effort this. :-/
11:45 sgo_ joined #salt
11:47 akhter joined #salt
11:53 jas02 joined #salt
11:55 alias_ joined #salt
12:02 jas02 joined #salt
12:03 jschoolcraft joined #salt
12:09 Qlawy joined #salt
12:15 florianb is it heretic to use jinja's include to merge partial sls-files in?
12:19 aidin joined #salt
12:24 numkem joined #salt
12:28 CeBe_ joined #salt
12:31 florianb vagrant ssh showcase
12:34 aidin joined #salt
12:34 ronnix joined #salt
12:35 fredvd joined #salt
12:38 martoss joined #salt
12:42 grosjean joined #salt
12:42 onlyanegg joined #salt
12:48 armguy joined #salt
12:56 sgo_ joined #salt
13:00 jas02 joined #salt
13:02 stupidnic joined #salt
13:08 felskrone anyone know how or by what package/config/binary the grains->productname gets added/filled?
13:11 jas02 joined #salt
13:16 DammitJim joined #salt
13:17 florianb felskrone: f.e. salt.grains.core: https://github.com/saltstack/salt/search?utf8=%E2%9C%93&q=productname
13:17 ssplatt joined #salt
13:24 jas02 joined #salt
13:28 grosjean left #salt
13:39 rashford joined #salt
13:45 bluenemo joined #salt
13:48 aidin joined #salt
13:52 baffle joined #salt
14:00 akhter joined #salt
14:00 krymzon joined #salt
14:06 cmarzullo thanks viq. I have a friend ssplatt who's done a bunch of work with testinfra.
14:06 cmarzullo We'd like to swtich away from serverspec. But meh. it's working for now.
14:07 cmarzullo viq: https://github.com/ssplatt/saltstack-infratest-module
14:07 AndreasLutro why would you like to switch away?
14:07 cmarzullo Personally I don't care. But some folks like to be all one language.
14:08 cmarzullo the whole ruby vs python war.
14:09 ssplatt serverspec works great for testing the formulas, but i don’t think we want to install ruby on all of our infra to be able to test their state
14:09 AndreasLutro ah yes, that one
14:09 AndreasLutro serverspec works over ssh, you just install it on the machine you want to run the tests
14:09 bluenemo joined #salt
14:09 AndreasLutro run the tests from
14:09 AndreasLutro like your build/CI/CD server or whatever
14:09 ssplatt testinfra has salt hooks in it already too
14:09 ssplatt without the extra module
14:11 krymzon Hi, x509 signing policy question: I want to require the CN to be of the form "somenet_{{minion_id}}". Is there a way of using minion_id as a variable in the signing policy, or do I need to use a jinja loop generating hundreds of signing policies, one per minion?
14:11 ssplatt i made the module so we could run it easily as a part of higstate, kind of like “kitchen test"
14:11 ssplatt grains[‘id’]
14:11 ssplatt krymzon:
14:11 ernescz joined #salt
14:11 ssplatt ^
14:12 hehnope joined #salt
14:12 krymzon ssplatt: thank you, you mean this will work in the signing_policies.conf? which lives on the signing server? that's great
14:12 hehnope How do I properly use this https://docs.saltstack.com/en/2015.8/ref/output/all/salt.output.txt.html#module-salt.output.txt to output a message in a state file? I cant seem to get it right
14:13 ssplatt krymzon: do you mean as a part of the salt x509 module?
14:13 krymzon ssplatt: I mean I am familiar with grains['id'], but I thought it only applied to the minion executing the particular state. Yes, salt x509
14:14 AndreasLutro krymzon: use the salt mine if you need to get minion IDs of other minions
14:15 hehnope i've tried the follow methods and keep getting errors about "txt.output" not found: http://pastebin.com/L1Q97BiP
14:16 krymzon Hmm but what is the syntax for a variable inside the signing_policies.conf? It's just a file in /etc/salt/minion.d/ of the signing server
14:16 AndreasLutro salt config files are yaml
14:16 AndreasLutro if that's what you're asking
14:17 ssplatt krymzon: https://gist.github.com/ssplatt/c29dc5550905a364a37a91b17c95b3cc
14:17 ssplatt thats how i’m doing it in my formula
14:19 hehnope or, maybe i'm asking wrong question. How do I print to stdout in state file?
14:19 XenophonF write a custom exec module that calls the salt logger
14:19 krymzon thank you. I am aware it is yaml, I am trying to figure out if it is possible to use the id of the requesting minion inside the signing policy. I'll have a close look at the way ssplatt is doing it, perhaps I am approaching the problem from a wrong angle
14:19 XenophonF or at least that was the epiphany i had yesterday
14:19 hasues joined #salt
14:20 hasues left #salt
14:20 babilen hehnope: Is there a txt state? I thought that's an outputter
14:20 hehnope i cant get it to output; gives me missing sls
14:20 krymzon as in splatt's example signing_policy.conf is neither templated nor seems to have a variable
14:20 babilen hehnope: Could you provide the link to the state documentation?
14:21 babilen hehnope: AFAIK there is not "txt.output" state
14:21 hehnope https://docs.saltstack.com/en/latest/ref/output/all/salt.output.txt.html and what I tried http://pastebin.com/L1Q97BiP
14:21 babilen hehnope: That's an outputter, not a state.
14:21 hehnope yea? lol
14:22 hehnope so are you saying I only have access to https://docs.saltstack.com/en/latest/ref/states/all/index.html in state files?
14:23 XenophonF hehnope: in Jinja code you only have access to https://docs.saltstack.com/en/latest/ref/modules/all/index.html
14:24 XenophonF hehnope: ever program in Lisp?
14:24 hehnope XenophonF: Scala; and I about killed myself
14:25 XenophonF hehnope: the dictionaries you create in YAML-formatted SLS files are in reality function calls, to the state functions listed at the URL you posted.
14:25 jas02 joined #salt
14:25 ssplatt krymzon: the signing_policies.conf i populate from a saltstack-formula
14:25 XenophonF the reason I mention Lisp is because Salt kind of does the same data-is-code/code-is-data thing
14:26 hehnope my background is in python/go/c world, i just want to output to stdout when applying a state
14:26 XenophonF and you can't
14:26 ssplatt krymzon: but it’s read as a part of the actual master config so I am pretty sure once it’s on the FS it needs to be ‘static’
14:26 XenophonF b/c "stdout" could be the stdout of the salt-call process
14:26 XenophonF or it could be the stdout of the salt-minion daemon
14:26 XenophonF or something else
14:26 hehnope i see
14:26 XenophonF if you need to log something, you'll need to call Salt's logger function
14:26 XenophonF hang on - i'll show you an example in python
14:27 XenophonF so this is an execution module
14:27 XenophonF https://github.com/irtnog/active-directory-formula/blob/master/_modules/windows_servicing.py#L44
14:27 XenophonF and you can see there a call to Salt's logger
14:28 hehnope ah, so its just a func call literally
14:28 XenophonF yes
14:28 XenophonF now, the logger lives (internally to salt) in salt.log
14:28 XenophonF i don't know how logging and salt.log interact
14:28 XenophonF i suppose you could RTFS to figure it out
14:29 XenophonF simplest thing to do is to write your own execution module, call it hehnope.py and put it into /srv/states/_modules, and in that module have a function that logs what you want logged, call it mylog()
14:29 ALLmightySPIFF joined #salt
14:29 XenophonF let's say it just takes a string arg
14:30 XenophonF at the next highstate or sync_all or sync_whateveritisican'tremember, the minion will load your custom exec module
14:30 XenophonF then in the Jinja code for a Salt state, you can call salt['hehnope.mylog']()
14:31 XenophonF make sure you follow the same template as other exec modules
14:31 XenophonF so you have to have a __virtual__ function that returns the name of the module
14:31 XenophonF etc.
14:33 XenophonF i haven't looked over the list of stock exec modules recently, so maybe there's something canned that will do this for you already
14:33 ravenx joined #salt
14:34 ravenx for git ext_pillar:  https://docs.saltstack.com/en/latest/ref/configuration/master.html#std:conf_master-git_pillar_base
14:34 stooj joined #salt
14:34 ravenx is it possible to have a different repository per different state.sls file.
14:34 ravenx from what the documentions say, it seems like it is just one repository
14:34 ravenx the only thing are different environments only.
14:35 XenophonF ravenx: iirc you can have multiple git repos, and SLS lookups happen in the order listed, with the last match winning
14:35 ravenx what exactly does it match?
14:35 ravenx like the app name?
14:35 gtmanfred the sls file name
14:35 XenophonF for pillar and states, the sls file name
14:36 XenophonF same rules as on the file system
14:36 ravenx let's say i have an app called "super-app" and it is deployed via:   `salt 'server' state.sls super-app`
14:36 ravenx but where would my top.sls file be?
14:36 XenophonF that's up to you
14:36 gtmanfred you don't need a top.sls for useing state.sls
14:36 gtmanfred unless you want pillar data*
14:36 XenophonF you could put it in the any of the branches
14:37 XenophonF note that the master branch is usually the same as the base environment (unless you changed it)
14:37 XenophonF and are we talking about pillar or states?
14:37 XenophonF i think you're confusing the two
14:37 ravenx pillars and states
14:37 ravenx cuz my states files depend on pillar data which populate them.
14:37 krymzon ssplatt: I think I understand most of your example, but what is preventing a compromised minion from requesting a certificate with another minion's id as its CN?
14:37 XenophonF right but top.sls in the states tree(s) doesn't control pillar targetting
14:38 Reverend does anyone have the locatoin of the saltmine documentation? I can't find very much on extracting file contents :/
14:38 XenophonF you have to have a top.sls in the pillar tree(s), too
14:38 setkeh joined #salt
14:38 ravenx ah okay
14:38 ravenx i think the best way for me to find out is to actually test this
14:38 XenophonF ravenx: take a look at https://github.com/irtnog/salt-states and https://github.com/salt-pillar-example for, er, examples
14:39 XenophonF the only difference is that i don't use environments with pillar, so everything in the pillar git repo is in the master branch
14:39 ravenx for these, do i _have_ to use environments?
14:40 XenophonF you don't have to use environments period
14:40 ravenx i see
14:40 XenophonF doesn't matter what file server back end you're using
14:40 XenophonF again, with git, the default is that the master branch == the base environment
14:41 ravenx https://docs.saltstack.com/en/latest/ref/configuration/master.html#git-pillar-base
14:41 XenophonF for salt states i have one environment (and git branch in the salt-states repo) per DTAP phase, and i only use the base environment (again, master branch in Git) for targeting
14:41 ravenx for this then, i simply need to remove the foo and the bar part
14:41 ravenx ?
14:41 setkeh Hi guys im having an issue with the firewalld.present plugin salt is telling me that is applying the config but when i ask firewalld its the default config https://gist.github.com/setkeh/e16c13b94c5de7a83a878101b0c9a148 Any advice would be much appreciated :)
14:42 ssplatt krymzon: i’d say if someone is on your host you have bigger problems
14:43 amontalban joined #salt
14:43 amontalban joined #salt
14:43 onlyanegg joined #salt
14:43 XenophonF ravenx: unless you want to change which branch Salt uses for the base environment in the git ext_pillar, you don't need to set git_pillar_base
14:43 gtmanfred setkeh: did you restart firewalld after running those commands? I have recently run into that problem, because we only run the command with --permanent, so it is just saving the configs
14:43 dxiri joined #salt
14:44 ravenx XenophonF: i see
14:44 ravenx thanks
14:44 XenophonF setkeh: have you taken a look at firewalld-formula? i use it and it DTRT w/r/t reloading firewalld and stuff
14:44 setkeh gtmanfred: i dident try that ill give that a whirl
14:44 krymzon ssplatt: in my case people are going to have physical access to some of the minions. The idea is to prevent them from affecting the whole network, e.g. by impersonating another minion on the VPN. And I suppose this is where the 'minions' key of the signing policy is supposed to help...
14:45 setkeh XenophonF: i have given it a quick glance but its far more complicated than i requre at the moment but im now going to look at it again in some more detail :)
14:46 stooj joined #salt
14:46 XenophonF setkeh: it's actually really simple - just put the desired firewall config into pillar, and off you go
14:46 XenophonF shoot - i don't have a public example of it
14:46 XenophonF hang on let me show you waht i mean, i'll post a gist
14:46 setkeh gtmanfred: Your absolutely on the money thanks for that bud ill fix my statefile to compensate for that :D
14:46 gtmanfred cool
14:47 setkeh XenophonF: thanks will help me learn more about how salt works :D
14:47 XenophonF https://gist.github.com/xenophonf/84f4504f42abd4bc789fccc7b844055d
14:48 gtmanfred XenophonF: i like that, gonna have to play with that formula at some point
14:49 XenophonF if you stick that into a pillar sls file, e.g., /srv/pillar/firewalld.sls, and then assign that to your minions via the pillar top.sls, the firewalld formula's firewalld/init.sls will handle everything for you
14:49 ravenx how can i debug why salt isn't reading the pillar data from my git repo?
14:49 XenophonF you can see here that i use jinja to selectively disable firewalld on EC2 instances
14:50 ravenx i wanna see why, like, is it the ssh key error, or wat
14:50 gtmanfred ravenx: set the master log_level to debug, and check the master logs
14:50 XenophonF ravenx: check the salt-master log file
14:50 ravenx thanks
14:50 XenophonF typically /var/log/salt/master
14:50 ravenx if i want to switch branch, then all i have to do is add the branch name infront of the git url right?
14:52 setkeh XenophonF: that makes a lot of sense when i actually build this ill have to implement that for sure
14:52 XenophonF ravenx: that will change which branch Salt thinks of as representing the base environment
14:53 XenophonF setkeh: formulas are your friend, even if you don't end up using them
14:53 XenophonF i learned a lot from iggy, murrdoc, and friends by reading through them
14:54 XenophonF my salt states are almost entirely parameterized, with configs driven by pillar data similar to formulas
14:56 setkeh i have learned quire a bit as well reading through the salt and nginx formulas but i have been literally using salt for 8 hours lol trying to learn as much as possible :D
14:56 tapoxi joined #salt
14:56 stooj joined #salt
14:56 XenophonF oh man!
14:56 XenophonF well, welcome!
14:58 nolte234 joined #salt
14:59 XenophonF i think i spent my first 8 hours trying to get /etc/issue and /etc/motd onto my freebsd dev box
14:59 XenophonF LOL
14:59 setkeh Thanks :D i'm really loving it so far so much more powerful in comparison to how im used to doing these things :D
14:59 ravenx lol
14:59 ravenx tehre goes a work shift.
14:59 setkeh lol
15:00 setkeh if your interested this is where im at :D https://github.com/setkeh/SaltStack
15:01 lompik joined #salt
15:01 ravenx XenophonF: https://paste.debian.net/896586/
15:01 ravenx coudl you take a look,. perhaps i'm doing something wrong that's obvious.
15:01 nickabbey joined #salt
15:01 ravenx but essentially, i have that in my config, and in my repo, i have a folder which contains an init.sls called etcetc/
15:02 XenophonF ravenx: are those Salt state definitions, or are they Pillar data?
15:02 ravenx however, when i do salt '*' saltutil.refresh_pillar && salt '*' pillar.items -ldebug, i get sweet nothing.
15:02 ravenx the etcetc/init.sls is pillar data.
15:02 ravenx the salt state definitions are in:  /srv/salt/super-app/init.sls
15:02 ravenx i can show you the state defs:
15:03 remyd1 My multiline repl string in file.replace is not working because of the additionnal indent. Any idea ? http://paste.debian.net/896587/
15:03 XenophonF ravenx: I think you're confusing the two.
15:03 ravenx https://paste.debian.net/896588/
15:03 XenophonF here's basically how I have my master configured:
15:03 ravenx crap, am i?
15:03 Brew joined #salt
15:03 XenophonF https://github.com/irtnog/salt-pillar-example/blob/master/salt/example/com/init.sls
15:04 XenophonF I'm using GitPython
15:04 XenophonF and I have both States and Pillar data in two separate Git repositories, for clarity's sake
15:04 XenophonF the Salt States config starts here:
15:04 XenophonF https://github.com/irtnog/salt-pillar-example/blob/master/salt/example/com/init.sls#L242
15:04 XenophonF where I set fileserver_backend
15:04 XenophonF and then later here:
15:04 XenophonF https://github.com/irtnog/salt-pillar-example/blob/master/salt/example/com/init.sls#L254
15:05 XenophonF where I define the gitfs remote for my Salt States repository
15:05 XenophonF the Pillar config is separate
15:05 ravenx that's a lot of configuration that i haven't done..
15:05 XenophonF and, again, for clarity's sake I have Pillar data in a completely separate repository.
15:05 ravenx so you're saying that i need all that?
15:05 aarontc joined #salt
15:05 ravenx but same as you, i have my pillar data separate too.  it is in that repo
15:05 XenophonF the git ext_pillar config is here:
15:05 XenophonF https://github.com/irtnog/salt-pillar-example/blob/master/salt/example/com/init.sls#L256
15:06 XenophonF where I set ext_pillar
15:06 XenophonF from your descriptions it sounds like super-app.git contains both pillar data and state data
15:07 XenophonF did I misunderstand?
15:07 ravenx ah, nope it does not.
15:07 ravenx the state data is actually in /srv
15:07 XenophonF OK, that's good
15:07 ravenx /srv/salt/super-app/init.sls
15:07 ravenx super-app.git contains nothing but pillar data sitting in an init.sls
15:07 ravenx so one is local, (state) and the pillar is on a git.
15:07 XenophonF 'pillar-test' means that Salt is going to look for a pillar-test branch in that git repo
15:08 ravenx the thing is is, i'm not sure what else i am missing.  like, do i neeed to declare a fileserver_back_end,
15:08 ravenx correct, and such a branch does exist :)
15:08 XenophonF and i think that 'root: etcetc' means it's going to look in that subdirectory for stuff
15:08 XenophonF like, you need to have etcetc/top.sls
15:08 ravenx exactly, i do have a etcetc/  in my super-app folder.
15:08 ravenx ooh, taht's wrong.  my top.sls is in the super-app/ folder.
15:08 ravenx OUTSIDE of the etcetc/
15:08 XenophonF right
15:08 ravenx so i will fix that.
15:09 XenophonF if there's anything else outside of etcetc/, you need to move it in there, too
15:09 XenophonF e.g., if top.sls assigns projectfolder to a minion, you need to move projectfolder/init.sls to etcetc/projectfolder/init.sls
15:09 ivanjaros3916 joined #salt
15:10 ravenx woudln't it be:  projectfolder/etc/etc/init.sls?
15:10 XenophonF no b/c etcetc is the root
15:10 XenophonF so salt-master will start looking for things there
15:10 ravenx i thought my super-app/ folder is the root
15:10 ravenx what the heck.
15:11 XenophonF no - you set "root: etcetc" in the config for that repo
15:11 ravenx aaah
15:12 ravenx my structure is liek this though, in my project repo i have:   super-app/etcetc/init.sls
15:12 ravenx does that mean my root:  will have to change?
15:12 XenophonF remove that setting
15:12 XenophonF remove it, and salt-master will look at the root of the git repo for top.sls
15:12 XenophonF and it will start searching for sls files from there
15:12 ravenx sweet, let me try.
15:13 XenophonF so in top.sls, you'd assign an SLS ID of etcetc to a minion, which will make it load the keys/values in etcetc/init.sls
15:14 ravenx okay so i will remove the root:  setting, and my project structure is:  super-app/etcetc/init.sls
15:14 ravenx gotcha.
15:14 remyd1 Up ! no idea for my indent problem in replacement string ? http://paste.debian.net/896587/
15:14 XenophonF (Pillar SLS IDs work the same as Salt State SLS IDs: an ID of `foo` gets resolved to <root>/foo.sls or <root>/foo/init.sls.)
15:14 ravenx still no luck.
15:14 ravenx is it that my top.sls is in the wrong place?  Those two files are here:
15:15 ravenx super-app/etcetc/init.sls and super-app/etcetc/top.sls
15:15 PhilA joined #salt
15:15 XenophonF you're correct, top.sls is in the wrong place now
15:15 ravenx and top.sls:   base file reads like this:  https://paste.debian.net/896589/
15:15 XenophonF move it to super-app/top.sls
15:15 ravenx lol let me take that out.
15:15 ravenx :)
15:16 PhilA Hi all
15:16 XenophonF the contents of top.sls look good to me
15:16 XenophonF remyd1: just a moment
15:16 ravenx XenophonF: thank you!  let me try this
15:16 manji anyone has any idea how can I use this minion option:
15:16 manji mysql.default_file: '/etc/mysql/debian.cnf'
15:16 manji in salt-ssh ?
15:16 PhilA I can't get pillar.get to work with saltenv=env
15:17 remyd1 XenophonF, it is ok; it works :)
15:17 PhilA The following keyword arguments are not valid: saltenv=env
15:17 remyd1 there were an additionnal dash before file.replace...
15:17 XenophonF ah fantastic! glad you got it working
15:17 theblazehen joined #salt
15:17 ravenx XenophonF: :(  no luck.  so now that i am confident that my project structure with the top.sls and etcetc/init.sls is correct.... i'm beginning to think it is a master configuration issue.
15:18 ravenx looking at yours, yours is much more verbose with file backends and what not
15:18 ravenx could it be that?
15:18 PhilA Am I missing something before saltenv=
15:18 XenophonF PhilA: https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.pillar.html#salt.modules.pillar.get
15:19 XenophonF PhilA: what's the complete command or function call you're using
15:19 XenophonF ravenx: for ext_pillar, you just need the one thing
15:19 ravenx right, that is the -git:   the <branch-name>  <git url>
15:19 XenophonF ravenx: which git backend are you using? i use GitPython, but maybe you're using pygit2?
15:19 krymzon ssplatt, AndreasLutro: Thanks a lot for your help. It looks like I must stick to the original, awkward idea, like here: https://gist.github.com/krymzonn/236a7f264ffbed844ed440c4f796485f
15:20 ravenx XenophonF: i didnt' select one lol
15:20 ravenx XenophonF: that git backend is still commented out.
15:20 XenophonF ravenx: that's OK, it's the default
15:20 PhilA Ok my bad it's not the same syntax
15:20 racooper joined #salt
15:20 ravenx do i need to install that gitpython package, or pygit2?
15:20 ravenx cuz i dont have them lol
15:20 XenophonF ravenx: can you post the output of `salt --versions` on yur master?
15:20 ravenx i sure can
15:20 XenophonF ah
15:21 XenophonF that's actually the question I was going to ask you!
15:21 ravenx lol
15:21 ravenx i am sure you are interested in thsi:
15:21 XenophonF so you don't need to post it
15:21 ravenx pygit2: Not Installed
15:21 ravenx LO
15:21 ravenx :P
15:21 XenophonF there you go
15:21 XenophonF install that
15:21 XenophonF :)
15:21 anotherzero joined #salt
15:21 XenophonF the good news is that you'd still have had the other issues, and we figured those out!
15:22 ravenx interestingly enough, gitpython _IS_ installed.
15:22 ravenx is taht not the default?
15:22 XenophonF gitpython is the default
15:22 XenophonF but it looks like you're using pygit2 config args
15:22 ravenx gah, now this is confusing me.  if it's the default && installed. then what on earth is it doing.
15:22 ravenx alrgiht, let me declare it.
15:22 XenophonF so with GitPython, you just need to set up the git client for the root user
15:22 ravenx ah, so if it runs as root, it needs its own root keys?
15:23 XenophonF i.e., make sure ~root/.ssh/config is right
15:23 XenophonF that's the way i did it
15:23 ravenx i am running it as root, and using my own user's keys as the path.
15:23 darthzen joined #salt
15:23 XenophonF i actually manage my salt-master config using salt
15:23 XenophonF https://github.com/irtnog/salt-pillar-example/blob/master/salt/example/com/init.sls#L19
15:24 XenophonF so users-formula picks up this key and sets up the accounts and writes the SSH keys for me
15:24 ravenx aah i see
15:24 ravenx hey i didn't knwo you can run salt as non root
15:24 XenophonF if you can interact with that repo using git from the command line as root, then you're done
15:24 ravenx i had troubles with publish_acl as non root
15:24 Tanta joined #salt
15:24 XenophonF you can run the master as non-root but you have to fiddle with the default permissions
15:24 ravenx i see.
15:24 ravenx gah.  salt '*' saltutil.refresh_pillar && salt '*' pillar.items
15:24 ravenx still is empty :(
15:25 ravenx running it with -ldebug doesn't tell me much either.
15:25 manji fiddle, lovely choice of words
15:26 jas02 joined #salt
15:27 akhter joined #salt
15:28 sagerdearia joined #salt
15:28 akhter joined #salt
15:28 ravenx wtf!  my salt-master restart hasn't been restarting at all
15:30 tiwula joined #salt
15:34 stooj joined #salt
15:34 Vaelatern joined #salt
15:36 raspado joined #salt
15:40 XenophonF ravenx: alles gut?
15:40 akhter joined #salt
15:41 ravenx XenophonF: now i have an even bigger problem lol
15:41 XenophonF oh no!
15:41 ravenx despite `sudo service salt-master restart` being run, it doesn't actually do it
15:41 XenophonF really?
15:41 XenophonF which OS?
15:41 ravenx ps aux shows that it has been running since 8:11am, that's when i got in the office
15:41 ravenx debian lol
15:41 ravenx debian testing*
15:41 ravenx systemd reports it as running.
15:41 ravenx and ps aux | grep salt-master shows nothing
15:41 edrocks joined #salt
15:42 ravenx this is gonna be fun lol
15:42 XenophonF what does `sudo systemctl status salt-master -l` show?
15:42 ravenx loaded and active
15:42 ravenx :(
15:42 ravenx since *recently*  so my restart did work.  but i have no idea why it isn't in my process table.
15:42 ravenx that's worrying.
15:42 XenophonF what does `ps -ef | fgrep python` show?
15:42 zo joined #salt
15:42 ravenx it shows grep -F python itself
15:42 ravenx and a printer config
15:42 XenophonF weird
15:42 ravenx XD
15:42 ravenx T__T
15:43 XenophonF there's only one solution, really
15:43 ravenx but at least it's friday, rigth?
15:43 ravenx i can worry about this monday :)
15:43 XenophonF LOL
15:43 XenophonF clearly it's time to start drinking heavily
15:43 ravenx hahaha
15:43 ravenx funnily enough, my coworkers are setting up their beer table right now
15:43 ravenx 15 minutes to go.
15:43 XenophonF LOL
15:43 ravenx fuck you, salt :(
15:44 ravenx go to hell, salt.
15:44 XenophonF oh let's blame this one on systemd!
15:44 ravenx then watch me crawling back to it, on monday.
15:44 XenophonF LOL
15:44 ravenx oh fuck, dont get me started on systemd lol
15:44 XenophonF you'll figure it out
15:44 ravenx eventually.
15:44 XenophonF well bonne chance
15:44 fracklen joined #salt
15:45 XenophonF have a good weekend :)
15:45 XenophonF hm, or is it bon chance
15:46 ravenx it's bonquisha
15:46 ravenx https://pbs.twimg.com/profile_images/3528354447/b0e78894f24e8be6d09f079828b943f4_400x400.jpeg
15:46 ravenx have a good weekend adn thanks for all your help!
15:46 XenophonF will do! ttyl
15:50 DEger_ joined #salt
15:52 stooj joined #salt
15:55 ALLmightySPIFF joined #salt
15:59 onlyanegg joined #salt
16:00 remyd1 is there a way to specify a particular gitfs_remote when using salt://
16:00 remyd1 I have many gitfs_remote, and I would like to use file.recurse in a salt state on a specific repository
16:01 remyd1 I gave a name to this repository in my salt-master but now...?
16:01 ksr joined #salt
16:02 remyd1 I would like to avoid a file.recurse on all the root directories of my repositories
16:02 remyd1 just in the root of a particular repository
16:06 PhilA salt '*' pillar.get zabbix.agent.version saltenv=dev
16:06 PhilA As I read the doc it should work
16:07 PhilA The following keyword arguments are not valid: saltenv=infra
16:07 PhilA The following keyword arguments are not valid: saltenv=dev
16:07 GnuLxUsr joined #salt
16:09 sarcasticadmin joined #salt
16:10 fannet joined #salt
16:11 remyd1 Problem solved. I had to create a subdirectory to identify it over other repositories...
16:13 debian112 joined #salt
16:14 nicksloan joined #salt
16:14 stooj joined #salt
16:14 mohae_ joined #salt
16:14 nicksloan if I have a yaml error in a state, what is the best way to see the raw yaml post jinja compilation?
16:15 amcorreia joined #salt
16:19 pipps joined #salt
16:22 nkuttler nicksloan: run the minion with debug loglevel
16:25 anotherzero joined #salt
16:25 djgerm joined #salt
16:27 jas02 joined #salt
16:27 dxiri joined #salt
16:28 djgerm hello. I am running a state that outputs to a file on the minion, and I see that being generated properly on the minion, and in the same state later on I have a {% set servid = salt['cmd.shell']('cat /tmp/server-id.txt') %} but the state comes back with file not found
16:29 djgerm i am guessing my order of operations is jacked up?
16:29 Ch3LL jinja is rendered before the state is run. so if you are trying to cat a file with jinja it will do that first before the state is run
16:30 dxiri_ joined #salt
16:30 djgerm that makes perfect sense
16:31 djgerm so…. heh dang. how do I do what I want then :)
16:32 Ch3LL well what are you exactly trying to accomplish? there might a state for it
16:32 djgerm I am getting the output of a cmd.run earlier in the state and putting it in a file on the server.
16:33 Tanta like this: http://pastebin.com/raw/0aZxjJQF
16:33 djgerm looking.
16:33 Tanta you have to make the cat happen after the run is complete
16:33 Tanta you can do that with module.wait: and queue: True
16:34 Tanta I would put all the commands in a separate sls file and reference it like I did in my example
16:34 nicksloan nkuttler: thanks
16:34 nicksloan for some reason I was focused on finding an execution module for that. Didn't even think to just up the log level.
16:34 Reverend Any advice on extracting the contents of a file from a minion to a pillar, to be then distributed to other minions? :S
16:34 dxiri joined #salt
16:36 samodid joined #salt
16:37 djgerm Salt mine?
16:37 florianb Reverend: https://docs.saltstack.com/en/latest/topics/mine/
16:38 djgerm I need to start using mines
16:39 jrklein joined #salt
16:41 fannet joined #salt
16:43 KajiMaster joined #salt
16:43 pipps joined #salt
16:45 stooj joined #salt
16:47 pipps joined #salt
16:55 akhter joined #salt
16:55 hehnope joined #salt
16:56 hehnope I'm running into a weird bug with defaults.yaml; setting a value to "no" results into it being converted to False on template creation. How do I stop that?
16:56 mohae joined #salt
16:58 gtmanfred yes
16:58 gtmanfred you have to quote it
16:58 babilen hehnope: https://docs.saltstack.com/en/latest/topics/troubleshooting/yaml_idiosyncrasies.html#true-false-yes-no-on-off
16:58 hehnope i am quoting
16:58 hehnope in the text file it's:
16:58 hehnope rootlogin: "no"
16:58 gtmanfred set it to '"no"' if it is pillars
16:58 alvinstarr joined #salt
16:58 babilen hehnope: It is detailed in the documentation
16:59 gtmanfred it is actually worth doing twice in defaults.yaml cause that might be rendered twice
16:59 * babilen recommends reading
17:00 gtmanfred yes
17:00 hehnope that worked, thanks
17:02 Miouge joined #salt
17:03 nicksloan joined #salt
17:03 raspado joined #salt
17:03 raspado regarding salt-cloud and provisioning hosts, is pillar data accesible during provisioning?
17:04 gtmanfred no
17:05 gtmanfred not until the minion is started
17:05 raspado is there a good way to pull variables
17:05 raspado to provision hosts?
17:05 gtmanfred what are you trying to do?
17:06 gtmanfred http://mywiki.wooledge.org/XyProblem
17:06 XenophonF nicksloan: another way to do what you want is to render the SLS file as a template, e.g., using file.managed
17:07 XenophonF something like `salt minion file.managed name=/tmp/out.yml source=salt://foo/bar/init.sls template=jinja`
17:07 dxiri guys, is there any reason why when I am deploying a couple VMs from a map, one of the VMs gets 2 IPs on the same network? this is so weird
17:07 raspado im definitely x g gtmanfred
17:07 armguy joined #salt
17:07 dxiri using nova driver trying to provision a couple openstack VMs
17:08 MajObviousman I seem to remember this but can't find where: versioning going forward is abandoning the year.minor.point style into something more semver?
17:08 MajObviousman or am I thinking of a different project?
17:08 gtmanfred nova driver shouldn't be doing that, that might be some constraint on the provider side?
17:08 XenophonF er sorry prefix "file.managed" with "state.single "
17:08 gtmanfred MajObviousman: different project, we have discussed it, but haven't commited to changing
17:08 raspado gtmanfred: trying to build a map file
17:08 raspado dynamically based on region
17:08 MajObviousman nuts
17:08 MajObviousman ok, thanks
17:09 MajObviousman your suggestion yesterday to use your official repo is gaining some traction
17:09 gtmanfred :)
17:09 dxiri gtmanfred: "nova driver shouldn't be doing that, that might be some constraint on the provider side?" was that for me?
17:09 gtmanfred yes
17:10 dxiri I am not aware of any kind of constraints, and the other VM gets only a single IP without a problem
17:10 gtmanfred that is odd, are you specifying net-ids in the profile/provider?
17:11 XenophonF nicksloan: so for example you could use the command `sudo salt-call state.single file.managed name=/tmp/out.txt source=salt://top.sls template=jinja` to render your top.sls file
17:11 MajObviousman is there a FAQ for module questions?
17:12 MajObviousman e.g. my question is "What's the distinction between refresh_pillar and sync_pillar?"
17:12 gtmanfred sync_pillar syncs the files to the minion, refresh_pillar just refreshse the pillar cache, should be in the module doc
17:12 fannet joined #salt
17:13 MajObviousman I guess I don't know enough to understand the distinction
17:13 gtmanfred https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.saltutil.html#salt.modules.saltutil.refresh_pillar
17:13 gtmanfred MajObviousman: custom pillars are synced via sync_pillar
17:13 MajObviousman ooohhhhhhhh
17:13 MajObviousman that's what I was missing
17:13 MajObviousman thank you
17:13 gtmanfred https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.saltutil.html#salt.modules.saltutil.sync_pillar
17:13 gtmanfred it explains it in that doc ^^
17:14 MajObviousman I didn't read carefully enough. Thank you
17:15 Chris___ joined #salt
17:15 Chris___ Can you integrate SaltStack with CA Release Automation?
17:15 Miouge joined #salt
17:15 gtmanfred probably
17:15 XenophonF does anyone have good comment style guidelines for Jinja code?
17:16 Vaelatern And refresh_pillar does not bring custom pillars?
17:16 gtmanfred Chris___: i am not aware of something already written, but it should be fairly simple...
17:17 Chris___ +gtmanfred: Thanks. I'll have to do a bit of digging
17:17 nidr0x joined #salt
17:18 sgo_ joined #salt
17:18 RandyT Howdy
17:19 Vaelatern Is it normal to need to increase the timeout for all commands except, like, test.ping ?
17:19 RandyT I'm running a cmd.script passing Powershell to a windows box.
17:19 RandyT the state is succeeding, even though the shell is failing.
17:19 RandyT How do I capture exit failure to properly show that the state has failed?
17:20 LV-426 joined #salt
17:21 raspado regarding map files, does nova have the ability to tap into the metadata? id like to add tag
17:21 gtmanfred you can add metadata to the server yes
17:22 dxiri gtmanfred: "are you specifying net-ids in the profile/provider?" no I'm not, don't know how to :)
17:22 dxiri but I have only a single network
17:22 gtmanfred dxiri: then it is on the cloud provider side that is adding extra ip addresses to the network interface, salt cloud shouldn't be touching that
17:22 dxiri maybe if I set it explicitly it works, can you point me on how to do that?
17:22 gtmanfred raspado: anything you pass to the 'nova boot' command on the commandline, should be able to be passed in the cloud config'
17:23 gtmanfred dxiri: look for 'networks' on this page https://docs.saltstack.com/en/latest/ref/clouds/all/salt.cloud.clouds.nova.html
17:23 gtmanfred so
17:23 gtmanfred raspado:
17:23 gtmanfred meta:
17:23 gtmanfred whatever: something
17:24 gtmanfred in the profile, you should also be able to add it under the minion in the map file
17:24 onlyanegg joined #salt
17:25 RandyT chance this is a bug? Not catching proper error codes for Windows?
17:25 RandyT https://github.com/saltstack/salt/blob/develop/salt/states/cmd.py#L1117
17:25 raspado dxiri: heres what i got in my config, http://pastebin.com/UPLjeqsJ
17:25 RandyT lorengordon: you around to look at this for me?
17:26 raspado gtmanfred: thx!
17:28 jas02 joined #salt
17:29 pipps joined #salt
17:31 dxiri gtmanfred: raspado, thanks! will try that out
17:33 nickabbey joined #salt
17:36 bluenemo joined #salt
17:36 fannet joined #salt
17:37 tkharju joined #salt
17:41 nicksloan joined #salt
17:41 tkharju joined #salt
17:45 Edgan joined #salt
17:49 s_kunk joined #salt
17:52 LV-426 joined #salt
18:00 nickabbey joined #salt
18:02 mikecmpbll joined #salt
18:05 nicksloan joined #salt
18:10 Miouge joined #salt
18:10 nicksloan joined #salt
18:11 djgerm joined #salt
18:12 djgerm is there a way to compare the value of one pillar to the value of a nother pillar within in if/for loop in a jinja tempalte?
18:16 Miouge joined #salt
18:17 _aeris_ joined #salt
18:18 Sketch http://jinja.pocoo.org/docs/dev/templates/#comparisons
18:27 ponyofdeath joined #salt
18:29 jas02 joined #salt
18:29 netcho joined #salt
18:32 sjorge joined #salt
18:32 sjorge joined #salt
18:33 raspado is it possible to define the image name in the map file?
18:33 raspado instead of the cloud profile
18:37 orionx joined #salt
18:37 dxiri joined #salt
18:38 ronnix joined #salt
18:38 o1e9 joined #salt
18:41 sarasfox joined #salt
18:42 sarasfox salt-master on windows where is the docs for this
18:44 whytewolf not sure there are docs for that. never heard of anyone doing it
18:44 ayecee joined #salt
18:45 swa_work joined #salt
18:45 pipps joined #salt
18:46 ipmb joined #salt
18:46 whytewolf ahh here we go they even say salt master is not supported on windows
18:46 whytewolf https://docs.saltstack.com/en/2015.8/topics/installation/windows.html#windows
18:47 armguy joined #salt
18:47 whytewolf and there are no plans to support it on windows
18:48 edrocks joined #salt
18:48 Aleks3Y joined #salt
18:49 ayecee hi. i'm new to salt. I'd like to remove some servers we no longer have from "salt-run manage.status" output. Is this just a matter of removing the key for it, salt-key -d minion ?
18:49 ipmb what am I doing wring here (pillar include sytnax)? https://gist.github.com/ipmb/5509b07fac811b60cc4ae999fe46c1ca
18:49 whytewolf ayecee: yeap
18:49 ayecee thanks
18:50 ipmb [CRITICAL] Pillar render error: Failed to load ext_pillar git: 'NoneType' object has no attribute 'get'
18:52 sarasfox whytewolf : flip thouh the verison that goes away on newer verisons
18:52 whytewolf sarasfox: what?
18:53 whytewolf oh you are right, however they do include mawter install instructions so what exactly was your original question?
18:55 sarasfox one salt guys said their is support for run salt master on windows now
18:56 whytewolf most likely need to do a pip install or build your own installer
18:56 babilen You could run it on a Linux VM virtualised on Windows ;)
18:57 cscf why would you want a Windows salt-master?
18:57 whytewolf as there is no simple windows install for master yet. and from what i am seeing carbon will be the first officially support windows master
18:57 whytewolf cscf: I stopped asking questions like that long ago because I hate the answers
18:57 edrocks joined #salt
18:58 whytewolf i just hand people there guns and the hats with little targets on them
18:58 whytewolf s/there/their
18:58 whytewolf to early
18:58 nicksloan joined #salt
19:00 gtmanfred raspado: you can overwrite anything in the profile, inside your map file on a vm by vm basis
19:01 raspado hmm, is there an example? not sure how that would look like
19:01 gtmanfred <profile>
19:01 gtmanfred - vmname:
19:01 gtmanfred image: newimage
19:01 raspado oh yeah ^ i do that now
19:01 Miouge joined #salt
19:01 raspado but is there a way to remove the image name from the profile and have it built as part of the map file?
19:02 gtmanfred it should overwrite the imagename in the vm_ object
19:02 orionx_ joined #salt
19:02 gtmanfred not unless you include the image name on every vm in the map
19:02 raspado it would be
19:02 gtmanfred maybe? try it
19:02 raspado kk let me check
19:02 raspado thx gtmanfred
19:02 raspado if so, that would be badass
19:03 whytewolf try it, that should be the default answer to anything that starts with "can i"
19:03 gtmanfred in theory it should work
19:03 fannet joined #salt
19:04 gtmanfred ok, my blog now has an A+ on ssllabs... and supports http2
19:04 sarasfox how do you add stuff to the salt docs?
19:04 gtmanfred sarasfox: make a pull request?
19:04 sarasfox where are the doc files
19:04 gtmanfred docs/
19:04 gtmanfred and then all the docstrings on modules and functions
19:05 gtmanfred sarasfox: https://docs.saltstack.com/en/latest/topics/development/conventions/documentation.html
19:09 nickabbey joined #salt
19:09 Miouge joined #salt
19:10 ivanjaros joined #salt
19:14 sarasfox so their should be pull request now
19:14 babilen *there
19:15 pipps joined #salt
19:15 gtmanfred not sure if we will get to it before next week... depends if cached out works tonight or not
19:15 armguy joined #salt
19:16 gtmanfred sarasfox: the minion shouldn't need those ports open
19:16 gtmanfred the minion doesn't have salt listening on any ports, that document is specifically for minions only
19:16 sarasfox trust me it does
19:16 gtmanfred no it doesn't it listens to remote ports
19:16 gtmanfred on the master
19:17 sarasfox ok i will test it
19:17 gtmanfred i have spun up minions without those lines and it works
19:22 Miouge joined #salt
19:25 netcho joined #salt
19:26 ayecee some commands i'm trying are failing against windows minions. how might I list the salt modules that a minion has?
19:26 anotherzero joined #salt
19:27 nickabbey joined #salt
19:29 gtmanfred ayecee: salt \* sys.doc
19:29 ayecee in particular, salt minion disk.percent fails with "disk.percent not available"
19:29 jas02 joined #salt
19:30 gtmanfred ayecee: salt \* sys.doc disk
19:30 ayecee wow, there it is, thanks
19:30 gtmanfred windows minions use the win_disk module that gets loaded to be called as `disk` and doesnt' have a percent
19:30 ayecee i see this one expects disk.usage
19:30 gtmanfred looks like it only has disk.usage
19:34 fracklen joined #salt
19:35 sarasfox ok you right
19:38 Miouge joined #salt
19:38 sarcasticadmin joined #salt
19:40 zer0def joined #salt
19:44 akhter joined #salt
19:47 Miouge joined #salt
19:48 sh123124213 joined #salt
19:49 keimlink joined #salt
19:51 martoss joined #salt
19:53 ThomasJ joined #salt
19:54 ayecee i'm considering adding a disk free space check in nagios that pulls values massaged from salt. Does this seem like a reasonable approach, or would most salt users go with nagios/snmp, or use something instead of nagios to monitor salt minions?
19:55 Eugene I wrote a Salt state to install+configure NRPE
19:56 Eugene The Nagios server reaches out to the NRPE daemon on each minion for service checks
19:56 Eugene (Salt and Nagios happen to exist on the same host)
19:56 ayecee oh, nice
19:57 Eugene I wouldn't abuse the Salt messaging bus for nagios service checks - it might not scale how you expect it, and this is a problem that Nagios/NRPE have already solved
19:57 ayecee i'll look into that, thanks
19:57 Eugene The other pattern is having nagios(on each minion) reach out to the Nagios Server, aka Passive Checks. I dislike that because you have to make a tradeoff on service timeouts
19:57 fannet joined #salt
19:58 ayecee and also have nagios on each minion
19:58 ayecee i guess that would be true for NRPE too
19:58 Eugene Indeed, but NRPE is a much smaller package - basically just a command wrapper
19:59 Eugene SSH works too, but then you need to deal with keys or have a shared password - both ugly
19:59 ayecee i wonder how it would work against windows hosts
19:59 Eugene NRPE has a whitelist
19:59 Eugene nsclient++ works good, once you fiddle with the SSL options
19:59 Eugene It provides a NRPE interface
20:00 ayecee what i'm hearing is that salt itself is not typically used for monitoring
20:00 Eugene I've certainly never seen it, but its probably possible.
20:00 armguy joined #salt
20:00 Eugene I don't think that monitoring is salt's job - Nagios does that
20:00 ayecee can use a screwdriver to put in a nail, but it doesn't make it a good idea :)
20:00 Eugene Indeed
20:00 nickabbey joined #salt
20:01 honestly *cough* icinga
20:01 honestly it takes a while to get used to but it's so much less held together by sheer defiance than nagios
20:01 honestly especially icinga2
20:01 Eugene I do have(and recommend) a nagios service check for each minion's highstate status, eg https://gist.github.com/djs52/e0f753e0d54f8e1890c9
20:02 ayecee i'd kind of like to stick to products that a future admin will have heard of.
20:02 Eugene icinga is probably standard enough, but its not my bag.
20:03 honestly well... I still maintain our legacy nagios server while migrating to icinga... it's just such a tire fire
20:03 ayecee heh
20:03 nickabbey joined #salt
20:03 Eugene That can be said of any sufficiently complex system.
20:03 ayecee i'm not sure if you're running into the same problems, but i often find that since it's so easy to write an adhoc nagios module, people often do.. and they're horrible.
20:04 honestly it's not the modules
20:04 cscf honestly, how are you liking  icinga?
20:04 Eugene I've (re)written a few myself... sticking to a standard library for arg parsing & output handling helps
20:04 honestly it took some getting used to
20:04 ayecee err, plugins.
20:04 Eugene But a lot of it is just cobbled bash
20:04 honestly but it's great
20:04 Eugene Relevant: https://xkcd.com/927/
20:04 honestly it has a configuration language that isn't terrible
20:05 honestly nagios' configuration language is bizarre
20:05 honestly icinga2's merely has some weird corners
20:06 Eugene I won't dispute oddness, or "complexity" ;-)
20:06 akhter joined #salt
20:06 honestly it's *way* more performant
20:06 Eugene If all of my systems ran themselves I wouldn't have very much to do
20:06 honestly as a sysadmin you want to get paid to be there just in the *unlikely* case that a fire breaks out
20:06 honestly if you're extinguishing fires all day you're not doing a very good job imo :P
20:07 honestly (of course most people have external constraints)
20:07 Sketch why write nagios configs, use something like check_mk which does it for you (and gives you a lot more features in the process)
20:07 Eugene $DAYJOB usually doesn't have at-fault fires.... just stupid ones like "fiber cut"
20:07 Tanta nagios is easy to manage
20:08 Tanta it looks at exit codes
20:08 Tanta a module can be a simple shell script
20:08 Eugene Which is also a bad thing
20:08 Tanta the configuration is a little arcane
20:08 Tanta flexibility is a gift, not a curse
20:08 Eugene POV
20:09 honestly Tanta icinga2's configuration language is way more flexible
20:09 heaje joined #salt
20:09 Tanta I've been using Nagios for over 10 years myself
20:09 honestly it's actually a language, and not something cobbled together ad-hoc
20:09 Sketch Tanta: me too, and after 4 years of using check_mk, i'd never use straight nagios again.
20:09 Eugene Bikeshedding stack choices takes a lot more time than actually installing things
20:09 * honestly waves to zer0def
20:10 Tanta it's resource efficient too
20:10 honestly it really isn't :)
20:10 Tanta I had 3000 servers to monitor from a single dual core box with 4 GB RAM
20:11 honestly active or passive?
20:11 Tanta passive
20:11 honestly well duh :P
20:11 Tanta I've also had the displeasure of using the "good" replacements, like consul
20:11 Tanta don't even get me started on how horrible consul is
20:11 Eugene I tend to throw insufficient-resource problems back with "sure, we can make it work. That'll be $BIGNUM"
20:12 Tanta people still use sendmail for god's sake
20:14 swa_work joined #salt
20:14 orionx joined #salt
20:17 dxiri joined #salt
20:18 rickflare joined #salt
20:18 armguy joined #salt
20:26 armguy joined #salt
20:30 jas02 joined #salt
20:33 Miouge joined #salt
20:34 rem5 joined #salt
20:34 renoirb joined #salt
20:39 nixjdm joined #salt
20:42 pipps joined #salt
20:46 nidr0x joined #salt
20:56 DEger joined #salt
20:57 pipps joined #salt
20:57 plup joined #salt
20:58 plup Hi guys !
20:59 plup I'm concerned about organization of my salt deployments
20:59 rem5 joined #salt
21:00 tapoxi ruh roh what happened
21:00 plup I have a state file with all my gitlab states to apply and I source app parameters through pillar
21:00 tapoxi also anyone know if I can set multiple values for a given grain and then reference that in my topfile?
21:01 SaucyElf joined #salt
21:02 plup So if I want to deploy 2 gitlab (for different clients) on the same server (in containers) I have to set a loop on in my state file for all my gitlab apps.
21:02 SaucyElf_ joined #salt
21:02 plup It works but I'm not able to deploy one app at a time.
21:03 plup I have to do `salt '*' state.apply gitlab` and it will loop on pillar and deploy all my gitlab apps
21:04 plup How can I trigger one app ? Some something like `salt '*' state.apply gitlab <mygitlab>`
21:04 plup Maybe the way I built everything is not the salty way to do it. But I can't see a good solution for that.
21:04 plup Any ideas ?
21:04 nickabbey joined #salt
21:05 Eugene Later definitions would overwrite the grain; you can instead set the grain to a type with multiple values(eg, a dict)
21:05 Eugene And then iterate that in your state
21:08 tapoxi Eugene: if I set it to a dict, how do I match that in top.sls?
21:09 Eugene Something like: if foo in grain
21:09 tapoxi ok thanks
21:11 nickabbey joined #salt
21:14 krymzon joined #salt
21:16 DEger joined #salt
21:19 pipps joined #salt
21:23 Miouge joined #salt
21:24 woodtablet joined #salt
21:27 fracklen_ joined #salt
21:28 DEger joined #salt
21:35 jas02 joined #salt
21:39 pipps joined #salt
21:54 pipps joined #salt
21:56 jas02 joined #salt
22:02 pipps99 joined #salt
22:05 pipps_ joined #salt
22:05 Trauma joined #salt
22:18 anotherzero joined #salt
22:21 MTecknology Let's say, not-so-hypothetically, we have a big binary blob of stuff and that needs to be gpg encrypted in pillar and stuck onto disk. I can encrypt the value and stick it in pillar but as it's rendered, it'll blow up on non-ascii garbage.
22:23 MTecknology I could base64 encode it and stick that into pillar, file.managed: -pillar_contents:foo, and cmd.wait: -name:bas64decode file >binfile && chown -watch:file.foo ... but that seems hacky
22:23 nickabbey joined #salt
22:24 MTecknology file.decode!!
22:24 slav0nic joined #salt
22:25 iggy file.managed has an encoding param
22:26 iggy or I dreamed thatup
22:27 iggy oh, yeah, file.decode it is
22:30 Rolypoly joined #salt
22:32 MTecknology iggy: I'm not seeing an encoding param in the docs.. kwargs?
22:33 iggy nah, I was thinking of file.decode
22:33 iggy file.decode takes contents_pillar though
22:34 iggy (which is what my addled brain was thinking of)
22:35 MTecknology ah +1 :)
22:35 Bryson joined #salt
22:43 fannet joined #salt
22:56 RandyT anyone have an aws cloud profile example for a NAT proxy?
22:56 RandyT I'm struggling to get the network_interfaces: section correct
23:03 fannet joined #salt
23:08 keimlink joined #salt
23:09 cliluw joined #salt
23:15 armguy joined #salt
23:25 tercenya joined #salt
23:25 jas02 joined #salt
23:28 orionx_ joined #salt
23:28 Sammichmaker joined #salt
23:30 writteno1 joined #salt
23:46 Edgan RandyT: Just use the NAT service. It just works. I don't normally recommend secondary AWS services, but I have had good luck with it.
23:47 RandyT Edgan: NAT service does not provide me with a number of required services.
23:47 Edgan RandyT: ?
23:48 RandyT I'm also running in HIPAA environment which does not allow me to use many of the other AWS services.
23:48 Edgan RandyT: Ah, yuck
23:48 RandyT IPS/IDS PF
23:48 Edgan RandyT: yeah, even worse
23:49 RandyT so I have my reasons for deploying it. But can't sort out the required profile to make this work.
23:49 RandyT I can deploy a one off, but would like to have the config "documented" so that I can easily deploy to other regions
23:50 Edgan RandyT: Do you mean OpenBSD PF?
23:50 RandyT affirmative
23:50 RandyT pfsense
23:52 DEger joined #salt
23:53 Edgan RandyT: https://docs.saltstack.com/en/latest/topics/cloud/aws.html  The last section mentions NAT. It would seem something like that last section, plus your own salt formulas/states would give you a NAT instance.
23:55 RandyT thanks Edgan
23:55 RandyT yes, doing all of that in current environment. Was looking to specify the network interfaces as the pfsense environment is a bit more picky about how you connect
23:56 Edgan RandyT: It expects two interfaces?
23:56 RandyT there is a concept of device index in the network section of the profile, but not documented clear enough for me to sort out...
23:57 RandyT I am able to pass parameters through userdata to set specific management network, but not able to specify the interface that would be configured for the network I need to use vs the internet gateway
23:59 Edgan RandyT: I found salt cloud to be very incomplete. I found terraform to be crap. I found Cloudformation to be too much work, but it has gotten much better in the latest version. I am still writing my own boto scripts to do instance and ALB creation.

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary