Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2016-11-21

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:17 voileux joined #salt
00:17 XenophonF sc250024: still around?
00:17 XenophonF nope :(
00:18 renoirb joined #salt
00:18 XenophonF well, if you scan through the log later, take a look at https://github.com/irtnog/openssh-formula or https://github.com/irtnog/shibboleth-formula
00:18 XenophonF those represent my most recent work
00:18 kshlm joined #salt
00:18 UForgotten joined #salt
00:19 XenophonF i'm trying to collect style guidance into one place for myself, https://github.com/irtnog/salt-states/blob/master/STYLE.md
00:20 XenophonF that's mostly for myself, now, but i intend to use it at work sometime in the future
00:20 leev joined #salt
00:21 scoates joined #salt
00:21 jas02 joined #salt
00:23 aidin joined #salt
00:24 _aeris_ joined #salt
00:29 _weiwae_ joined #salt
00:38 chmod666org joined #salt
00:38 darvon joined #salt
00:38 LostSoul joined #salt
00:41 fannet joined #salt
00:44 _weiwae joined #salt
00:51 johnkeates joined #salt
00:53 fannet joined #salt
01:08 guerby joined #salt
01:18 binocvlar joined #salt
01:22 jas02 joined #salt
01:23 orionx joined #salt
01:27 guerby joined #salt
01:29 DEger_ joined #salt
01:29 scoates joined #salt
01:33 hemebond XenophonF: # is usually referred to as a hash. Interesting style guide.
01:43 edrocks joined #salt
02:07 catpigger joined #salt
02:13 onlyanegg joined #salt
02:15 swa_work joined #salt
02:20 fannet joined #salt
02:23 netcho joined #salt
02:23 jas02 joined #salt
02:34 rem5 joined #salt
02:40 sebastian-w joined #salt
02:42 kingpower joined #salt
02:46 evle joined #salt
02:47 ilbot3 joined #salt
02:47 Topic for #salt is now Welcome to #salt! | Latest Versions: 2015.8.12, 2016.3.4 | Support: https://www.saltstack.com/support/ | Logs: http://irclog.perlgeek.de/salt/ | Paste: https://gist.github.com/ (please don't multiline paste into channel) | See also: #salt-devel, #salt-offtopic | Ask with patience as we are volunteers and may not have immediate answers
02:58 JoeJulian joined #salt
02:58 orionx joined #salt
03:00 Reverend joined #salt
03:05 aarontc joined #salt
03:08 tobiasBora Hello,
03:09 tobiasBora I would like to know if it's possible to use salt to configure the partitions : I would like to happened at the end of my HDD a swap partition of 1G. How could I implement using salt ? I found a way using salt functions, but not salt .sls states
03:11 Sarphram joined #salt
03:14 LostSoul joined #salt
03:14 yidhra joined #salt
03:15 honestly joined #salt
03:16 Cidan joined #salt
03:17 schinken joined #salt
03:21 Norrland joined #salt
03:22 the_lalelu joined #salt
03:27 akhter joined #salt
03:39 akhter joined #salt
03:44 _weiwae joined #salt
03:47 JPT joined #salt
03:49 mildred joined #salt
03:49 hemebond Wouldn't that be a little dangerous?
03:50 hemebond There is https://docs.saltstack.com/en/latest/ref/states/all/salt.states.blockdev.html
03:50 hemebond I wonder if the kwargs it accepts allows more.
03:52 _weiwae_ joined #salt
03:55 bastiand1 joined #salt
04:09 tobiasBora hemebond: Here the partition seems to exists, me I want to create it from scratch.
04:11 iggy module.run
04:11 iggy !salt states.module.run
04:11 saltstackbot https://docs.saltstack.com/en/latest/ref/states/all/salt.states.module.html#salt.states.module.run
04:12 mpanetta joined #salt
04:14 tobiasBora So I need to combine it with the parted module right ?
04:15 tobiasBora By the way I have a question : I noticed that when I run "systemctl start salt-minion.service", nothing happends when I run "salt '*' test.ping", while it does work when I run "salt-minion -l debug". Do you know why systemctl doesn't work ?
04:16 hemebond You would need to check the journal to find out.
04:16 hemebond journalctl -you salt-minion
04:16 hemebond er
04:16 hemebond journalctl -u salt-minion
04:17 aphor https://www.freedesktop.org/software/systemd/man/systemd.service.html <-- systemd is it's own kind of fun.
04:19 tobiasBora it doesn't give me anything : http://paste.debian.net/897159
04:20 hemebond You need to be root
04:20 hemebond or other super user.
04:20 hemebond To use journalctl
04:21 informant1 joined #salt
04:21 tobiasBora hemebond: Hum yes of course sorry.
04:21 tobiasBora I got very few things : http://paste.debian.net/897160
04:23 hemebond There you go. Does "salt" resolve to your master?
04:24 netcho joined #salt
04:24 Guest68936 joined #salt
04:25 jas02 joined #salt
04:26 tobiasBora hemebond: Well the errors occured before I configure the minion. Now I can run "salt '*' ..." without any problem (by the way I have only one computer with both the master and the minion)
04:26 tobiasBora (And I'm running a raspberry pi)
04:27 hemebond Put the minion into debug mode (edit the config) and then run it.
04:27 hemebond I mean, that journal makes it look like it's running.
04:32 tobiasBora I don't understand, now it works :\
04:32 tobiasBora Hum
04:32 tobiasBora It seems to work only in debug mode !
04:32 aphor my guess: slow start on slow cpu
04:32 nidr0x joined #salt
04:33 tobiasBora aphor: what do you mean ?
04:33 tobiasBora The cpu is slow yes, but why would it work when I use debug mode and not when I don't use it ???
04:34 aphor You can start a service, and sometimes it looks happy to a supervisor, but it doesn't do anything until it checks its own belly button for spare lint.
04:34 aphor If it knows you're looking, it won't lift its shirt.
04:34 UForgotten joined #salt
04:35 tobiasBora Looks strange.
04:35 tobiasBora So the only solution is to keep the debug mode on ?
04:35 aphor belly buttons? always.
04:36 aphor where'd you get the systemd service file? Is that SaltStack provided?
04:37 tobiasBora aphor: I think so, I just got it after apt-get installed...
04:37 aphor Is it trying to run the salt-master in foreground or is it trying to keep track of a forked-off daemon salt-master?
04:38 aphor pastebin up your /etc/systemd/system/salt-master.service or whatever  and I'll have a look.
04:39 tobiasBora There isn't any file that looks like salt-* in this folder...
04:40 tobiasBora http://paste.debian.net/897162
04:41 joe__ joined #salt
04:42 dwfreed joined #salt
04:59 tobiasBora And by the way is it normal if it's really long ? It take something like 50s to check if emacs is installed (which is) and if two users exists...
05:03 fannet joined #salt
05:04 aphor I don't see salt-master in the systemd service files.
05:04 aphor I think your salt-master is starting via the rc-local.service.d
05:05 aphor Anyhoo... you need to work your way through the system to figure out exactly how it's trying to start salt-master, and what it migth be doing silly/wrong.
05:06 tobiasBora On your system, how do start automatiquely salt ?
05:06 aphor If you can start it in the foreground and make it work.. then perhaps you might want to take a crack at writing a systemd service file for it and then disable the legacy init script.
05:06 aphor tobiasBora: I'm on a Mac, so I use a bastard missing-link precursor to systemd called launchd.
05:07 aphor both of those systems have something I call inittab envy.
05:08 aphor aphor$ man inittab
05:08 aphor No manual entry for inittab
05:08 aphor aphor$ man inittab
05:08 aphor No manual entry for inittab
05:08 aphor oops twitch
05:09 tobiasBora Hum... I may try to study this latter...
05:10 tobiasBora In this sls :
05:10 aphor gotta find a man page for inittab in the wayback machine to get a basic idea of how these want to work.
05:10 tobiasBora fail2ban:
05:10 tobiasBora pkg.installed: []
05:10 tobiasBora service.running:
05:10 tobiasBora - enable: True
05:10 tobiasBora - require:
05:10 tobiasBora - pkg: fail2ban
05:10 tobiasBora - watch:
05:10 tobiasBora - file: /etc/fail2ban/fail.local
05:10 tobiasBora if I remove the line enable: True, everything works perfectly, but if I add it I have an error :
05:10 tobiasBora Command 'systemctl is-enabled fail2ban.service' failed with return code: 1
05:10 tobiasBora Does anyone know why ?
05:11 aphor tobiasBora: your Linux has lots of service control stuff and salt thinks you only have systemd.
05:12 aphor your package probably installs fail2ban with a legacy init script and the salt systemd formula can't find the systemd service file <-- my guess
05:12 tobiasBora it's not transparent for him since systemctl do a kind a transparent binding above it ?
05:12 aphor That's a Steve Jobs attitude!
05:13 aphor If people did that, things would probably "just work."
05:14 aphor there's enough glue in there to fill the gap for the OS package maintainers of fail2ban, but not enough to facilitate salt to do the natural thing
05:14 aphor .. so likely you will need to supply your own glue.
05:15 tobiasBora Too bad...
05:15 tobiasBora Anyway, I'm too tired to think, so I'm gonna sleep. Thank you for your help !
05:16 aphor Are you on Debian or Ubuntu?
05:17 aphor Maybe tomorrow google some systemd planning for your OS and see whether you want your glue to fit salt to the legacy whatever startup scripts in your fail2ban package, or whether you want to add your own service definition to systemd.
05:17 aphor sleepytime for me too..
05:17 babilen Try running the commands salt calls manually
05:19 rdas joined #salt
05:25 jas02 joined #salt
05:36 swills joined #salt
05:40 cyteen_ joined #salt
05:41 debian112 joined #salt
05:42 netcho joined #salt
05:49 ivanjaros joined #salt
06:02 _weiwae_ joined #salt
06:03 _weiwae joined #salt
06:08 angel_dark joined #salt
06:13 mpanetta joined #salt
06:24 preludedrew joined #salt
06:26 jas02 joined #salt
06:32 _weiwae_ joined #salt
06:33 _weiwae__ joined #salt
06:43 samodid joined #salt
06:45 DEger joined #salt
06:46 Alagar joined #salt
06:48 whytewolf joined #salt
06:48 felskrone joined #salt
06:51 fannet joined #salt
06:52 jas02 joined #salt
06:57 DEger joined #salt
07:02 colttt joined #salt
07:05 canci joined #salt
07:05 sh123124213 joined #salt
07:07 teryx510 joined #salt
07:09 ivanjaros joined #salt
07:09 hlub joined #salt
07:11 ivanjaros3916 joined #salt
07:13 hemebond Is "settings" a reserved word in salt jinja?
07:13 hemebond Oh, nvm.
07:18 quantumsummers joined #salt
07:22 darioleidi joined #salt
07:26 samodid joined #salt
07:29 whatevsz joined #salt
07:29 yuhlw joined #salt
07:29 DEger joined #salt
07:30 swills joined #salt
07:32 justanotheruser joined #salt
07:42 LiamMon joined #salt
07:46 fannet joined #salt
07:51 fracklen joined #salt
07:52 auzty joined #salt
07:53 jas02 joined #salt
07:56 ernescz joined #salt
08:03 teclator joined #salt
08:07 sh123124213 joined #salt
08:08 Nightcinder joined #salt
08:08 Freek joined #salt
08:08 bbhoss joined #salt
08:09 keimlink joined #salt
08:10 dkrae joined #salt
08:14 ProT-0-TypE joined #salt
08:16 sh123124213 joined #salt
08:19 ernescz hello everyone! What is the preferred way of setting new, pemanent grain information for hosts? For example, a new grain is required on already running 'X' number of salt-cloud bootstraped minions?
08:20 babilen You can use https://docs.saltstack.com/en/latest/ref/states/all/salt.states.grains.html or define them in your cloud map file
08:23 o1e9 joined #salt
08:23 o1e9 left #salt
08:24 ernescz babilen: thanks, they are defined for new to-be bootstrapped hosts and working fine. But how to do it for already running ones? Just run once grains.setval module?
08:24 fracklen joined #salt
08:24 babilen ernescz: What are you trying to set?
08:25 samodid joined #salt
08:26 babilen There are so many ways to do this - What are you trying to achieve?
08:26 sh123124213 joined #salt
08:26 ernescz babilen: just some random grain like 'deployment_location: wherever'
08:26 babilen You could use the grains execution module for that
08:27 babilen Or run a state that sets it and make it part of your highstate
08:28 ernescz babilen: here's what's confusing - setting up a state that manages grains information (in /etc/salt/grains or wherever) and apply that to minions based on... grains?
08:29 babilen No, you obviously can't target that state based on grains
08:29 babilen At one point you have to define a minion_id <-> grain mapping
08:30 babilen grains are also insecure in that minions can spoof them
08:31 ernescz yes, that's exactly my point. Could they be setup using pillar data? Or I'm missing something here?
08:31 babilen Why not use pillars right away then?
08:31 babilen deployment_location: whereever could work as pillar also
08:32 babilen But you need the aforementioned minion id <-> data mapping at one point
08:32 ernescz yeah, that makes sense :)
08:33 babilen If you use pillars for that data you can still target *states* based on that (I@), but you cannot target pillars.
08:33 ernescz and that could be set initially (in map file), or later just added using 'grains' module, yes?
08:34 babilen If you set that in the cloud map file or manually you are not really managing that information
08:34 felskrone joined #salt
08:34 babilen It would require manual intervention whenever you want to change something
08:34 babilen (which might be perfectly fine)
08:35 ernescz yeah, but grains are mostly static not like mine data
08:35 PhilA joined #salt
08:35 ernescz so that could work fine. For me at least
08:35 babilen Sure, no problem
08:35 babilen Just keep in mind to not target anything sensitive based on grain data
08:36 ernescz last question - managing something within minion's /etc/salt/* directory with states? yes/no?
08:37 babilen Definite yes
08:37 babilen https://github.com/saltstack-formulas/salt-formula/
08:38 ernescz babilen: much obliged for your time and answers, thank you :)
08:39 babilen Enjoy :)
08:41 samodid joined #salt
08:43 ronnix joined #salt
08:44 nicksloan joined #salt
08:47 felskrone joined #salt
08:51 tehsu joined #salt
08:51 nineteen joined #salt
08:54 jas02 joined #salt
08:55 krymzon joined #salt
08:57 Mandorath joined #salt
08:59 sh123124213 joined #salt
09:00 fracklen joined #salt
09:09 hvn joined #salt
09:09 hvn joined #salt
09:10 akhter joined #salt
09:12 fannet joined #salt
09:21 sh123124213 joined #salt
09:25 ALLmightySPIFF joined #salt
09:27 fannet joined #salt
09:27 PhilA__ joined #salt
09:28 lompik joined #salt
09:29 UForgotten joined #salt
09:29 fannet joined #salt
09:30 PhilA joined #salt
09:32 netcho joined #salt
09:34 sh123124213 joined #salt
09:36 mikecmpbll joined #salt
09:36 jeddi joined #salt
09:38 s_kunk joined #salt
09:42 PhilA hi all
09:42 Rumbles joined #salt
09:44 PhilA I have a problem with pillar.get
09:44 PhilA In the doc I can see there is a  'saltenv' argument
09:45 hemebond PhilA: That is only for states.
09:46 PhilA I'm on the modules page https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.pillar.html#salt.modules.pillar.get
09:47 hemebond Oh, my bad. Had someone in not too long ago who got confused by it.
09:47 PhilA salt '*' pillar.get zabbix.agent.version saltenv=dev
09:48 hemebond 'zabbix:agent:version'
09:48 PhilA according to the doc this should work
09:48 hemebond Colons, not periods.
09:48 PhilA ERROR executing 'pillar.get': The following keyword arguments are not valid: saltenv=infra
09:49 hemebond What version of Salt are you using?
09:49 PhilA salt 2016.3.4 (Boron)
09:50 PhilA I have more than one env, tried other env but the error is really about 'saltenv'
09:52 hemebond Looks like it's been removed.
09:54 hemebond It's there in 2016.11
09:54 hemebond 2016.3
09:54 hemebond Gone in develop.
09:54 hemebond Missing in 2016.3.4
09:55 PhilA https://github.com/saltstack/salt/issues/36629
09:55 saltstackbot [#36629][OPEN] The pillar run module does not honor saltenv | Description of Issue/Question...
09:55 PhilA should have checked this before
09:56 hemebond Even thatch was unaware that saltenv had been added to pillar.get
09:56 jas02 joined #salt
09:58 hemebond What are you using it for, btw?
10:01 jhauser joined #salt
10:06 justanotheruser joined #salt
10:13 demize Hm.  I'm using the official nginx formula, specifically the nginx.ng version of it, but from my own state I would like to add a require_in to the service that nginx.ng defines, though I'm not sure how to do that, or if it's possible.
10:14 demize Getting "Cannot extend ID" for everything I've tried.
10:14 mpanetta joined #salt
10:14 hemebond demize: Pasted your code somewhere?
10:15 PhilA hemebond, I use it for debug
10:15 hemebond PhilA: Ah, thought you might/
10:15 hemebond Looks like it'll be back soon.
10:16 demize hemebond: https://ptpb.pw/FaCb
10:16 PhilA nice :)
10:16 demize (Is one of the alternatives I tried with.)
10:17 hemebond demize: You just want the state ID in the nginx formula. One sec.
10:17 hemebond require_in: - service: nginx_service
10:18 demize Ah, thought it needed to be fully qualified, thanks!
10:18 hemebond Did you want it to restart the nginx service if the file changes?
10:18 demize Primarily just need it to be there before it tries to start nginx.
10:19 hemebond Okay.
10:19 jwang joined #salt
10:20 demize Also, if a module/state's code says `versionadded: 2016.3`, shouldn't that be available in boron?
10:21 demize Or is it added as in available after .3?
10:25 demize Ah, comments in the closed PR for the acme module says it'll be in Carbon, so the sauce is a lie.
10:29 hemebond Hmm. As long as you're running the latest 2016.3 the feature should be in there.
10:33 demize Doesn't seem to actually have made the release though.
10:33 demize https://github.com/saltstack/salt/pull/31436#commitcomment-18489855 < team member said carbon
10:33 saltstackbot [#31436][MERGED] Addition of ACME / Let's Encrypt client module & state | Incidentally fixes #24818...
10:33 demize So Will have to wait until then!
10:34 demize Should probably be changed in the comment though.
10:35 babilen That's a *huge* PR
10:35 artemz joined #salt
10:35 demize Yeah, it was incorrectly rebased
10:36 demize https://github.com/saltstack/salt/pull/31483 was merged though
10:36 saltstackbot [#31483][MERGED] Recommit letsencrypt-auto mod/state in develop | Incidentally fixes #24818...
10:36 rdas joined #salt
10:36 babilen Ah, that looks much better
10:36 babilen You could just copy the module and state into _modules and _states respectively
10:37 babilen (somewhere in file_roots)
10:37 babilen Well .. top level
10:37 demize Good point, thanks.
10:39 tmrtn[m] joined #salt
10:44 jwang Hey guys -- I have a problem where I need to run a command on certain hosts when a specific salt minion's state is run. How can I do something like `salt-run state.orch ...` from my state sls files?
10:45 Norrland Yo people, is there any possobility to use doas with salt? For example on openbsd machines without sudo.
10:48 artemz joined #salt
10:49 hemebond jwang: Use a reactor and events
10:51 jwang hemebond: thanks, I'll look into that.
10:51 fannet joined #salt
10:53 demize babilen: Do I have to set something in the config to use a custom state module on the minion?
10:53 demize Because getting "Specified SLS acme in saltenv base is not available on the salt master or through a configured fileserver" after just copying it to _states under my fileroot.
10:54 babilen demize: No, just sync it
10:54 demize And it is synced to the minion's cache.
10:54 babilen Did you sync the module also?
10:54 demize Yeah, both are there.
10:54 babilen https://github.com/saltstack/salt/pull/31483/files
10:54 saltstackbot [#31483][MERGED] Recommit letsencrypt-auto mod/state in develop | Incidentally fixes #24818...
10:55 babilen letsencrypt-auto is installed?
10:55 demize https://ptpb.pw/pG_L
10:55 babilen (and the minion has been restarted afterwards?)
10:55 babilen Or you installed it with reload_modules: True ?
10:56 jcl[m] joined #salt
10:56 saintaquinas[m] joined #salt
10:56 freelock[m] joined #salt
10:56 M-MadsRC joined #salt
10:56 jerrykan[m] joined #salt
10:56 M-liberdiko joined #salt
10:56 Mads[m] joined #salt
10:56 enick_766 joined #salt
10:56 dnull[m] joined #salt
10:56 demize Oh, I think I just realized what's wrong
10:56 babilen Take a look at "LEA" in there and the __virtual__ functions
10:56 demize Might have copied the next-to-last commit, rather than the last one.
10:57 demize Ah, yeah, now it works.
10:57 jas02 joined #salt
10:57 demize Or hm.
10:59 jacekplacek joined #salt
11:01 demize No, it was synced but still same error. lessee.
11:03 demize Ah, I'm an idiot.
11:03 demize Apparently I had somehow added an -include:acme to another file ._.
11:04 demize Thanks for all the help though.
11:04 Trauma joined #salt
11:08 abednarik joined #salt
11:13 N-Mi joined #salt
11:13 N-Mi joined #salt
11:15 demize Also, is it possible to use eg acl.present multiple times in the same state?
11:18 cyteen_ joined #salt
11:19 babilen demize: What do you refer to by "state" ?
11:20 solmus joined #salt
11:22 demize So, I have <https://ptpb.pw/oOu2>, but want to set multiple acls for that one certificate
11:22 demize Though since I have multiple certs, I want to have the acls under the cert itself.
11:23 babilen You need a unique ID (theos.kyriasis.com) per state .. two identical state functions can't share an ID
11:23 solmus Hi all! Maybe anybody know how to add custom sls file to publisher_acl. Sls file is located in folde. For example /srv/salt/states/team1/test.sls. Thank you!
11:23 babilen demize: So you might want to consider using a different ID
11:23 demize Yeah.  Would be nice if there was an alternative, but it'll work for now.
11:24 demize Might see if I can change the acl module to be able to set multiple ACLs at the same time.
11:24 amcorreia joined #salt
11:26 lionel joined #salt
11:30 artemz joined #salt
11:30 abednarik joined #salt
11:35 abednarik joined #salt
11:36 krymzon joined #salt
11:40 JPT joined #salt
11:43 hlub has someone configured hg fileserver backend sucessfully? I'm considering to try that out. would like to use git instead but that decision isn't in my hands.
11:44 hlub the documentation and the master config talk a lot about git this and git that. I hope that extends to hg as well.
11:53 akhter joined #salt
11:57 netcho joined #salt
11:58 jas02 joined #salt
11:58 hvn joined #salt
12:03 catpig joined #salt
12:07 N-Mi joined #salt
12:09 jacekplacek joined #salt
12:19 aidin joined #salt
12:22 zer0def joined #salt
12:28 cyteen joined #salt
12:33 netcho joined #salt
12:35 lionel joined #salt
12:36 cyteen joined #salt
12:42 _weiwae__ What is the best way to set up the etc hosts with the ips of all the minions so that I can more easily ssh into them?
12:42 anotherzero joined #salt
12:43 manji _weiwae__, using mind and the host.present state
12:43 manji mine*
12:43 manji https://docs.saltstack.com/en/latest/ref/states/all/salt.states.host.html
12:43 manji use mine to get all minions and their IPs
12:44 _weiwae__ I saw salt.states.host but I didn't quite grasp how to loop through all minions and insert the proper ip dynamically
12:44 _weiwae__ ah
12:46 _weiwae__ should I be running the mine only on my saltmaster or should I put it into a state file and run it on each minion as well?
12:46 alexzel joined #salt
12:46 alexzel Hello, I'm having some troubles with the "onfail" option
12:47 alexzel I have some cmd.run states that might fail and will need to restart the service and try again, but when applying the state all i get is "State was not run because onfail req did not change"
12:48 haam3r alexzel: does your check work with /bin/sh
12:48 haam3r ?
12:48 alexzel https://gist.github.com/alex-zel/ad784cbaa749836126ba48c0fff6a393
12:49 alexzel what do you mean?
12:49 haam3r sry my bad...wrong thing
12:50 alexzel from what I understand that onfail will run the state if the current state fails, and then try again, but it just doesn't run at all
12:51 ronnix joined #salt
12:54 rdas joined #salt
12:54 haam3r yes...it will run the other state that you specify, but if I remember correctly then it will not rerun the original state unless you add it to the onfail statement
12:58 jas02 joined #salt
13:00 alexzel i'll try that
13:07 manji _weiwae__, just do whatever it says here
13:07 manji https://docs.saltstack.com/en/latest/topics/mine/
13:07 manji and you will be good to go
13:18 numkem joined #salt
13:19 ravenx joined #salt
13:25 ravenx could you someone help me out with my git_pillar?
13:25 ravenx i'm running the state.sls and i'm receiving an error
13:25 ravenx i have made a paste detailing my configs, my repository structure, the init.sls and top.sls:
13:25 ravenx https://paste.debian.net/897268/
13:26 ravenx essentially, i have an app called super-app.  super-app's salt state files live in /srv/salt/super-app, and it's pillar data is in super-app's git repository (in a folder named etc/)
13:26 ravenx when i run that salt command, i receive that error
13:29 ssplatt joined #salt
13:29 justanotheruser joined #salt
13:32 synical joined #salt
13:38 manji ravenx, you are absolutely sure that there are no syntax issues in your pillar?
13:39 manji or states
13:40 ravenx manji: in my pillar, nope because there are only those two lines.
13:40 ravenx it could be that there is in my state.
13:40 ravenx i will doubl echeck.
13:40 ravenx does the rest of my config that i posted look okay, and "Normal"?
13:41 ravenx i'm curious if i need a "- root: " part for my ext_pillar config
13:42 ravenx i mean, here is the state file if you're interseted::  https://paste.debian.net/897272/
13:44 snc joined #salt
13:45 manji where is it trying to find the "tasks-app" attribute?
13:46 ravenx h sorry
13:46 ravenx the one there is supposed to read "super-app"
13:46 netcho joined #salt
13:46 ravenx super-app and tasks-app is interchangable.  i just named it super-app on my vagrant testing box.
13:47 AndreasLutro your problem is in super-app.conf somewhere
13:47 ravenx but the configs are identical, just that one is called super and one is called tasks.  i copied the "wrong" config.
13:47 ravenx AndreasLutro: hmm...is it now.
13:47 ravenx that helps me narrow thigns down i guess.
13:48 ravenx i think the .conf is quite straight forward though: https://paste.debian.net/897274/
13:51 ravenx (is there a way to use a command line output to see if i can ever get the pillar data via git)
13:51 ravenx cuz then that will prove a lot to see if i can even connect and get pillar data from my repo.
13:51 AndreasLutro you said you changed tasks-app to super-app right?
13:51 ravenx when i run a salt '*' saltutil.refresh_pillar && salt '*' pillar.items it shows nothing.
13:52 ravenx AndreasLutro: that is correct!
13:52 fannet joined #salt
13:52 AndreasLutro judging by the stack trace you didn't, so double check that the states are up-to-date on the salt master
13:53 ravenx is there a way to "update states"?
13:54 AndreasLutro depends on how you store them
13:55 AndreasLutro `salt-run fileserver.update` if you're using gitfs
13:57 ravenx i am still getting the same error
13:58 ravenx perhaps i should delete the existing stuff on my minion.
13:58 ravenx in case it caches.
13:58 AndreasLutro can't hurt
13:58 ravenx though, i am wondering if there is a way to see raw pillar data?
13:58 AndreasLutro also did you commit and push your change?
13:58 ravenx absolutely lol
13:58 AndreasLutro pillar.items
13:58 ravenx however!!
13:58 ravenx the state for super-app, and the super-app/init.sls and super-app/super-app.conf
13:58 ravenx is in /srv/salt
13:58 ravenx so it is _not_ on git.  i wonder if that has anythign effect/impact.
13:59 ravenx so only pillar is in gitfs
13:59 AndreasLutro >_>
13:59 ravenx or rather, bitbucket.
13:59 ravenx :< please dont tell me that i need _both_
13:59 AndreasLutro well, if you don't use git for states (/srv/salt) then I don't think git pushing is going to make a difference
14:01 ravenx right
14:01 ravenx but, i did push the pillar stuff!
14:01 ravenx the pillars isn't in /srv/pillar.   but rather, it is in my project repository.
14:02 ravenx so i was hoping git_pillar can get the data from there, and then use it to populate the super-app's super-app.conf in my /srv/salt
14:05 fracklen joined #salt
14:06 ravenx is that something that's possible.....or....am i attempting the impossible?
14:09 alexzel hello, I'm getting this weird error "Recursive requisite found", I understand what it means, I've seen it before and fixed it, but now it just doesn't make sense, here is part of the state that causes the error https://gist.github.com/alex-zel/5cd4f50bb532f0f6563adbcf5077640f
14:13 fracklen joined #salt
14:14 fracklen joined #salt
14:15 mpanetta joined #salt
14:16 netcho joined #salt
14:21 akhter joined #salt
14:21 AndreasLutro alexzel: that looks fine, so it's probably elsewhere
14:22 akhter joined #salt
14:22 alexzel that's where salt point me to
14:22 AndreasLutro do you have the stacktrace?
14:22 alexzel one sec
14:23 abednarik joined #salt
14:25 pcdummy I'll have a presentation on the basics of Saltstack this Saturday anyone have Presentations online so i may can improve my own? :)
14:27 _JZ_ joined #salt
14:28 tkharju joined #salt
14:29 XenophonF yeah give me a sec i'll share the beginnings of one i'm planning
14:29 XenophonF ya cheater ;0
14:29 pcdummy :)
14:30 pcdummy Its on the Linux Day 2016 here in Austria/Vorarlberg :)
14:30 pcdummy Thanks
14:31 XenophonF Vorarlberg?  Sehr schoen!
14:32 XenophonF oh and let me dig out the visio source for the diagrams too, just a sec
14:33 XenophonF although there's a good chance i deleted it
14:34 XenophonF oh no here it is
14:34 ravenx hey guys, so i see taht my git pillar stuff is cloned
14:34 ravenx cuz i see the data in /var/cache/salt/master/git_pillar/<hash>
14:34 ravenx so i see my repo.
14:34 ravenx however, sudo salt '*' pillar.items shows emptiness.
14:34 ravenx any ideas where i should go from here?
14:34 XenophonF double-check matches in pillar's top.sls?
14:35 cscf joined #salt
14:35 ravenx matches?
14:35 XenophonF you know, like the states tree's top.sls
14:35 ravenx ah
14:36 ravenx i _am_ missing a env: base variable in my /etc/salt/master
14:36 ravenx maybe that's why.
14:36 ravenx oh god
14:36 ravenx it works
14:36 ravenx OOOOH GOD IT WORKS
14:37 XenophonF :-D
14:37 cscf ravenx, yeah, you have to have an env, even if it's only 1
14:37 ravenx ;_;
14:37 XenophonF pcdummy: hang on a sec longer, am putting a pretty bow on everything
14:37 ravenx i spent half of friday with XenophonF on this.
14:37 ravenx okay maybe that's an exaggeration.
14:37 ravenx but man oh man.
14:37 ravenx i am so happy
14:37 ravenx thanks y'all
14:38 alexzel ok this is just wrong, if I copy that part of the state the throws the recursive error to a seperate file everything works fine
14:38 alexzel I've checked and can't find any require loop that will cause that
14:40 cscf alexlist, perhaps they have an implicit ordering, like 2 states that modify the same file?
14:41 numkem joined #salt
14:41 alexzel unlikely
14:41 UForgotten joined #salt
14:43 alexzel starting from the bottom, the last state required the one before it, and so forth up to the first state, each of them are working on different files
14:43 nickabbey joined #salt
14:44 alexzel here is the complete state file https://gist.github.com/alex-zel/7ef3001bef7aebd8f411df044948e220
14:45 alexzel the issue is at line 90
14:47 viq What would be a good way to say "in this place use value from pillar if it exists, and if it doesn't use grains.get_or_set_hash" ?
14:47 Tanta joined #salt
14:48 cscf alexlist, so at line 105, that file is required.  Is it possible that 'rem in remove' requires line 98?
14:48 cscf viq, I think you can do val1, val2 as fallback
14:49 viq Yeah, but val2 is a function, and I'm not sure how to go about it
14:49 Tanta joined #salt
14:49 viq I guess a jinja block at the top, checking whether pillar is set, and if it isn't then setting the grain function
14:50 cscf viq, https://docs.saltstack.com/en/latest/topics/pillar/
14:50 alexzel no, this is remove ['/etc/elasticsearch/logging.yml', '/etc/elasticsearch/shield'] and this is old-plugins ['license', 'shield', 'watcher', 'elasticsearch-migration']    so no duplicates that can point to one another
14:50 cscf {{ salt['pillar.get']('foo:bar:baz', 'qux') }}
14:50 cscf ah, I see, the default is in the function call, not Jinja
14:50 cscf Yeah, a Jinja If is probably what you'll need
14:51 viq Thanks
14:51 alexzel unless "elasticsearch-migration" somehow masses it up, but again, if I move the section (for elasticsearch) to a seperate file it works fine
14:55 akhter joined #salt
14:55 dxiri joined #salt
14:57 alexzel well i change "elasticsearch" (line 75) to 'install elasticsearch' (also updated affected require)  and that fixed it, still don't know why
15:00 ekristen joined #salt
15:00 alexzel here is the working state https://gist.github.com/alex-zel/7ef3001bef7aebd8f411df044948e220 still have no idea how that fixed it, no other state had the "elasticsearch" id
15:00 Brew joined #salt
15:00 XenophonF pcdummy: feel free to crib from https://shared.irtnog.org/salt-20161121T145435Z.zip, attributed to the "International Centers for Excellence in Research program of the National Institute of Allergy and Infectious Diseases"
15:01 jas02 joined #salt
15:01 XenophonF er, Bethesda, MD, US, or something like that
15:02 XenophonF and if your presentation ends up being public, send me a link so I can share it with my manager and the CIO
15:03 XenophonF sorry that the whole thing is kind of a WIP, as I never found time to finish it
15:05 Tanta joined #salt
15:08 tapoxi joined #salt
15:13 ernescz hey guys! I wonder if https://docs.saltstack.com/en/latest/ref/states/all/salt.states.iptables.html has the ability to insert iptable's "limit" module to a rule? Like ".. -m limit --limit 50/minute.. "
15:13 DEger joined #salt
15:13 Deliant joined #salt
15:14 Tanta All other arguments are passed in with the same name as the long option that would normally be used for iptables, with one exception: --state is specified as connstate instead of state (not to be confused with ctstate).
15:14 Tanta https://docs.saltstack.com/en/latest/ref/states/all/salt.states.iptables.html#salt.states.iptables.insert
15:14 Tanta read the docs
15:14 sjorge joined #salt
15:14 sjorge joined #salt
15:16 ernescz Tanta: thank you, missed that one, sorry
15:16 Tanta np
15:20 fredrick joined #salt
15:21 fredrick any one storing java keystores in pillar?  Trying to figure out how to do this securely
15:21 dxiri joined #salt
15:21 Tanta dump the full keystore, encrypt with PGP, store in pillar?
15:22 nicksloan joined #salt
15:23 fredrick Yes but they are files.  How do you grab files from pillar
15:24 Tanta decrypt, serialize into yaml
15:26 Deliant joined #salt
15:26 fredrick Never did that, will look it up
15:26 ravenx how can i get this to be quiet: [WARNING ] Although 'virt-what' was found in path, the current user cannot execute it. Grains output might not be accurate.
15:30 akhter joined #salt
15:33 infrmnt joined #salt
15:35 sarcasticadmin joined #salt
15:35 cscf ravenx, is salt-minion running as root?
15:36 ravenx nah
15:36 ravenx non root user
15:36 cscf ravenx, ok, so give permission for the user to run virt-what, if you like
15:38 cscf I'm not sure there's a way to suppress only specific warnings
15:40 fannet joined #salt
15:43 pcdummy XenophonF: thank you.
15:43 pcdummy I'll share my results with you.
15:43 pcdummy But it'll be in german.
15:47 hvn joined #salt
15:48 XenophonF German is fine!
15:49 hasues joined #salt
15:50 XenophonF Lord knows I need to brush up on my Hauptschule deutsch
15:50 manji ja ja Hauptschule sehr gut ja ja
15:51 hasues left #salt
15:51 manji so, suddently for no apparent reason
15:51 manji this:
15:51 manji salt-call dockerng.dangling
15:52 manji started returning error
15:52 manji
15:52 manji Passed invalid arguments: argument of type 'NoneType' is not iterable.
15:52 manji Usage:
15:52 manji <snip>
15:52 manji apart from the fact that we added more docker images for this host
15:52 pcdummy XenophonF: hehe, ok :) I'll attribute it to your Institute.
15:52 manji notthin else changed
15:52 XenophonF pcdummy: Danke!
15:53 manji I think though that this is not a dockerng issue per se
15:53 pcdummy manji: might you guys wanna use LXD?
15:54 pcdummy manji: https://github.com/pcdummy/saltstack-lxd-formula
15:54 pcdummy Once i get the time i'll finaly create a PR for salt-devel ...
15:55 manji pcdummy, I was hoping of an answer for what I already have
15:55 manji not what I could have
15:55 manji but don't have
15:59 fracklen joined #salt
16:00 cyborg-one joined #salt
16:01 nicksloan joined #salt
16:03 _aeris_ joined #salt
16:04 Bryson joined #salt
16:05 fredrick Tanta: Do you have a example of how your doing serialize into yaml.  I am failing hard with java keystore since it uses odd characters.
16:07 DEger joined #salt
16:10 abednarik joined #salt
16:10 Tanta hmm, I am not familiar with the java keystore
16:11 LondonAppDev joined #salt
16:11 Tanta https://github.com/saltstack/salt/issues/10237
16:11 saltstackbot [#10237][OPEN] Feature Request - Manage Java keystore | We currently "manage" java keystores by simply pushing out a cacerts (or trustedcerts) we've created, but this is not really maintainable since we update once and sort of forget about it....
16:11 Tanta some ideas on this thread
16:13 DaveQB joined #salt
16:13 mpanetta joined #salt
16:14 fredrick Yes I found that as well, I really just need to add the cert to the machine but want to store it in pillar as it is a cert.  With most non-java I just stream it into a new file
16:14 orionx joined #salt
16:14 Karthik427 joined #salt
16:15 Karthik427 How to set roles for minions in pillars
16:15 Mixer joined #salt
16:15 Mixer left #salt
16:16 jeddi joined #salt
16:17 Sketch i just install the cert file in the system location, then do a cmd.wait with a watch on the cert file that runs keytool to add it to the java keystore
16:17 Sketch though, this is for the public key, not the private key
16:18 Tanta then store the plaintext contents using pillar: key: | (multiline string)
16:18 felskrone does anyone have an idea reagarding this issue https://github.com/saltstack/salt/issues/37807?
16:18 saltstackbot [#37807][OPEN] Relative import in custom modules | In earlier Versions of salt it was possible to do relative imports in custom modules:...
16:18 Tanta the file.managed, contents_pillar
16:19 Tanta I do the same thing for private keys, storing the base64 ciphertext in pillar or grains
16:19 Rolypoly joined #salt
16:19 fredrick Yes but https://gist.github.com/rchannel/6b20738439509e6d05d6345447ee27d3
16:20 pcdummy manji: sure :)
16:21 fredrick That is my issue I am not sure how to extract it correctly since it is what ever format that is.
16:21 Tanta that's why the standard format is base64 encoded
16:21 Tanta PEM
16:21 amontalban joined #salt
16:21 Tanta it sounds like you just don't know what you're doing or talking about
16:24 fredrick ^^ seriously, the base64 does not decode this file type or the decoder I use is failing.
16:24 Tanta https://docs.oracle.com/cd/E35976_01/server.740/es_admin/src/tadm_ssl_convert_pem_to_jks.html
16:24 Tanta some good info here
16:25 Tanta you might have to export -> base64 encode -> pillar -> base64 decode -> file
16:26 fredrick Thanks
16:30 ernescz Tanta: thanks for pointing out that iptables "long option" for iptables state. Was solved. Though the documentation is a bit lacking there, imho.
16:31 sh123124213 joined #salt
16:31 Tanta no argument here, they're hit or miss. I have just spent a lot of time with them
16:31 keimlink joined #salt
16:33 sh123124213 joined #salt
16:33 ernescz A small example there would have saved somebody some hours of troubleshooting. Again - thank you.
16:33 nickabbey joined #salt
16:38 tercenya joined #salt
16:40 aidin joined #salt
16:40 dxiri_ joined #salt
16:41 ProT-0-TypE joined #salt
16:41 numkem joined #salt
16:42 fredrick Tanta: I did not know they added a file.decode, Awesome I was doing it with a external script.
16:44 Tanta I have a particular configuration that is symmetrically ciphered at rest, so I generate a plaintext version of the JSON, pad it if necessary to work with the crypto tools, and then encrypt it. the encryption/decryption is a custom Python script that I had to create from scratch because of the wacky way Java uses base64 encoding on both the key and ciphertext
16:45 fredrick Yuck, sounds a lot like what I am attempting to do.
16:46 fredrick The padding of the JSON is what I am doing incorrect I think.  But with the fact that I can let Salt decode now one less step
16:46 dxiri joined #salt
16:47 bluenemo joined #salt
16:48 Tanta http://pastebin.com/raw/dk8tN0Ra here's my script
16:48 bluenemo hi guys. I just got this deprication warning for cmd.run with 2016.3.4 http://paste.debian.net/897347/ it tells me to use cmd.shell but in the doc there is no cmd.shell: https://docs.saltstack.com/en/latest/ref/states/all/salt.states.cmd.html
16:49 cscf Every time I change /etc/haproxy/haproxy.cfg and state.apply, Salt reports that haproxy.service failed to start, even though it didn't.  And then running state.apply again is all green
16:49 fredrick very nice, thank you for sharing.
16:50 fracklen joined #salt
16:50 cscf fredrick, may I ask which of us you are being passive-aggressive towards?
16:54 raspado joined #salt
16:54 abednarik joined #salt
16:54 samodid joined #salt
16:54 fredrick cscf: not sure what you mean.
16:55 cscf fredrick, apologies, text communication has limitations.  ignore me.
16:56 fredrick cscf oh god I do not want that to be how something is interpreted.  I love how great this group is for assistance and help
16:56 cscf Me too.
16:56 fredrick god = good
16:57 cscf On some channels, when posting irrelevant things, 'thank you for sharing' is the usual, rude, response
16:58 cscf Anyway, anyone know why Salt seems to think it couldn't start haproxy? I've had it with apache, as well
16:58 fredrick No Tanta shared a script, and by seeing it I was able to see the error in the script I was using.  So I was truly just saying thank you.
16:58 cscf fredrick, yes, I realized that, sorry
16:58 Tanta happy to help anyway I can
16:59 Tanta it took me 3 days to figure that solution out
16:59 cscf It is ambiguous when 3 people have spoken recently and someone replies without a highlight
16:59 cscf So, I suspect that Salt is timing out waiting for the service to start
16:59 cscf Is there a way to adjust that timeout?
17:02 jas02 joined #salt
17:14 keimlink joined #salt
17:19 bltmiller joined #salt
17:22 nickabbey joined #salt
17:23 sjorge joined #salt
17:23 sjorge joined #salt
17:23 Satyajit joined #salt
17:25 bluenemo joined #salt
17:27 woodtablet joined #salt
17:27 ivanjaros joined #salt
17:28 dxiri joined #salt
17:30 lilvim joined #salt
17:30 impi joined #salt
17:34 fredrick cscd can you use service.running?
17:34 Edgan joined #salt
17:39 fracklen_ joined #salt
17:40 LV-426 joined #salt
17:41 fracklen joined #salt
17:41 netcho joined #salt
17:45 sc250024 joined #salt
17:52 Trauma joined #salt
17:52 Trauma joined #salt
17:53 tercenya joined #salt
18:00 cscf fredrick, I am using service.running, with a watch to restart.  The problem is that whenever the watch gets triggered, service.running reports failure
18:00 cscf I suspect because the service takes too long
18:01 jas02 joined #salt
18:07 stupidnic using orchestration how do I do a compound grain match?
18:07 stupidnic is that jsut tgt: 'role:foo or role:bar'?
18:10 Lionel_Debroux joined #salt
18:11 kingpower joined #salt
18:16 o1e9 joined #salt
18:19 whytewolf - tgt: 'G@role:fee or G@role:bar' - tgt_type: compound
18:20 Kaji_ joined #salt
18:20 XenophonF I realize that I'm late to the Java keystore party, but I manage those as blobs.
18:21 XenophonF I configure the keystore locally the way I want, base64-encode it, and put it into YAML as the !!binary data type.
18:23 stupidnic whytewolf: thanks... again. It always seems that you have the answer I need :)
18:23 fannet joined #salt
18:23 XenophonF Alternatively, you could deploy keying material (i.e., file.managed) and re-generate the keystore whenever it changes (i.e., cmd.run + on_changes requisite).
18:23 XenophonF I use that technique to generate PKCS#12 files (when I don't treat them as blobs).
18:28 nicksloan joined #salt
18:28 Brew joined #salt
18:29 mikea- joined #salt
18:30 akhter joined #salt
18:30 mikea Any reason a wheel salt-api request would have the user: object in the event bus set to unknown instead of the extauth user that called the API?
18:31 felskrone joined #salt
18:37 jas02 joined #salt
18:37 Brew joined #salt
18:43 dxiri_ joined #salt
18:44 onlyanegg joined #salt
18:46 dxiri joined #salt
18:47 DEger joined #salt
18:47 s_kunk joined #salt
18:53 dxiri joined #salt
18:54 tercenya joined #salt
18:58 akhter joined #salt
19:01 sc250024 Does anyone have a good example of how map.jinja / settings files SHOULD be structured with heavily nested structure and logic?
19:05 fannet joined #salt
19:11 Edgan sc250024: https://storage.cygnusx-1.org/formula.txt
19:13 prg3_ joined #salt
19:14 sc250024 @Edgan: Thank you!
19:16 zer0def joined #salt
19:18 cyborg-one joined #salt
19:24 akhter joined #salt
19:26 ProT-0-TypE joined #salt
19:29 bltmiller joined #salt
19:29 akhter joined #salt
19:31 prg3 joined #salt
19:33 nicksloan joined #salt
19:34 whytewolf ugh, headhunters make my head hurt sometimes. just turned down the same offer twice from two different head hunters. took 2 weeks for the second one to even get i wouldn't take his call with out basic information.
19:35 Edgan whytewolf: They are chasing easy money, and they are ruthless about it.
19:36 whytewolf yeah. second one for the same position was also about 45K less the the first one
19:36 Edgan whytewolf: haha
19:36 whytewolf so they must be skimming that extra 45K
19:36 raspado joined #salt
19:36 whytewolf I feel sorry for sling
19:36 Edgan whytewolf: They can't do that forever
19:36 Edgan whytewolf: contract?
19:36 pipps joined #salt
19:36 whytewolf yeah
19:37 Edgan whytewolf: ah, yeah, they could on a contract
19:37 Edgan whytewolf: fixed term
19:37 whytewolf 6 month contact. which was one of the 2 big reasons i turned it down flat out
19:37 raspado_ joined #salt
19:37 whytewolf the other being no remote and it being based in utah
19:38 Edgan whytewolf: NSA?
19:39 whytewolf Sling
19:39 Edgan whytewolf: they are in Utah?
19:39 whytewolf apperently
19:39 iggy utah? who the hell would do that to themselves
19:39 Edgan iggy: saltstack? :)
19:39 whytewolf not i
19:40 iggy I... (only say nice things... only say nice things...) would prefer not to work for any company I know of in Utah
19:40 swa_work joined #salt
19:40 stupidnic Utah actually has really great customer service market
19:41 debian112 joined #salt
19:41 Edgan stupidnic: I am pretty sure iggy doesn't want to be in customer service
19:41 stupidnic I am saying that's why companies locate there
19:41 debian112 left #salt
19:41 keimlink joined #salt
19:41 * whytewolf isn't a people person
19:41 Edgan stupidnic: most companies run from customer service as hard as they can get away with.
19:41 stupidnic since the population is highly mormon you have a lot of people that do mission trips and become fluent in many languages
19:42 prg3_ joined #salt
19:42 stupidnic You can place an ad for Mandarain Chinese and get 10 applicants
19:42 bltmiller joined #salt
19:42 stupidnic a lot of large customer service providers are located there.
19:45 Edgan stupidnic: Utah isn't the only state. It is a common thing in the mid-west.
19:46 stupidnic Edgan: sure. I just had experience with Utah and the Salt Lake area specifically
19:46 stupidnic Actually American Fork, but close enough
19:46 whytewolf las vegas has a lot of diversity for that kind of thing. and I actually already live there :P
19:47 stupidnic whytewolf: I would opt for LV over certain parts of Utah... but that summer heat
19:48 whytewolf but it is a dry heat
19:48 whytewolf :P
19:48 stupidnic The last time I was in Las Vegas it actually rained and hailed.
19:49 Edgan I am more west coast. Which pretty much means LA, SF Bay Area, Portland, or Seattle. LA isn't for me. I am in the SF Bay Area. I looked at Portland, but not even close to enough tech jobs there. Seattle could work, but rain and many of the same problems as the bay area.
19:50 stupidnic Edgan: I loved Portland, but yeah seriously lacking tech
19:50 stupidnic but those craft brews
19:50 stupidnic :)
19:50 whytewolf it would take a large bump in income for me to move more west. but would love to get closer to the beaches.
19:50 chmod666org joined #salt
19:51 Edgan stupidnic: thanks for the confirmation
19:51 stupidnic I grew up in the Florida Keys. I can do without the beach.
19:51 whytewolf yeah but huricans are rare in california compared to florida :P
19:51 stupidnic Very true.
19:52 rai_ joined #salt
19:52 dxiri hi guys, quick question about salt-cloud and openstack, I see the examples instruct one to use v2.0 api, is there any other driver that uses a more recent version?
19:52 dxiri like v3?
19:52 dxiri talking about the identity_url variable inside the openstack provider config
19:53 dxiri maybe a beta driver or something?
19:56 whytewolf dxiri: look closer at https://docs.saltstack.com/en/latest/ref/clouds/all/salt.cloud.clouds.openstack.html there is a section about v3 urls
19:57 dxiri 1st time I see that page :) will try it out! thank you!
19:58 whytewolf also, make sure you are on 2016.3.4 at least
19:58 dxiri salt-cloud 2016.3.4 (Boron)
19:58 dxiri yep
19:59 dxiri driver: openstack
19:59 dxiri that should be "nova" right?
19:59 whytewolf no
19:59 whytewolf nova is a different driver
19:59 whytewolf there are 2 openstack drivers in saltstack
20:00 whytewolf openstack which is libcloud based. and nova which is currently eopnstack novaclient based
20:00 dxiri what's the difference? right now (using v2) If I set openstack to be the driver the provisioning fails, but with nova it works ok
20:00 dxiri ah you just answered the question before I asked it :P
20:02 whytewolf gtmanfred: is working on updating the mess that is the openstack cloud setup. but it is going to take time and will most likely happen in the next release following the next release
20:05 DammitJim joined #salt
20:06 sc250024 joined #salt
20:06 dxiri g: This driver has been deprecated and will be removed in the Carbon release of Salt. Please use the nova driver instead.
20:06 dxiri when using openstack driver
20:07 whytewolf yeah you can safly ignore that for now. it has said that for the last 10 releases at least
20:10 aidin joined #salt
20:10 fredrick joined #salt
20:12 dxiri lol
20:12 dxiri cool
20:12 renoirb joined #salt
20:13 ronnix joined #salt
20:14 jas02 joined #salt
20:14 whytewolf the reason is that the nova driver does not currently [although in the future this will change] support all the features that the openstack driver does so is not a full replacment for it. like up until the carbon[2016.11] release the nova driver did not support floating ip's on deployment
20:15 dxiri getting this: http://pastebin.com/raw/dgnWBFQC
20:16 dxiri and not even putting insecure: true is helping :(
20:17 whytewolf try verify_ssl: False
20:18 netcho joined #salt
20:19 dxiri same thing
20:19 sc250024 joined #salt
20:19 dxiri [DEBUG   ] Could not LazyLoad saltify.avail_images
20:20 dxiri seems like its unable to load anything
20:20 whytewolf thats normal.
20:21 mohae joined #salt
20:21 whytewolf that is all saltify stuff. which is a different cloud driver for salting live hosts
20:21 whytewolf you might need to post a bug report.
20:22 dxiri ah ok, so looks like I need to a)trust the self signed cert before hand or b) make it really ignore it
20:23 whytewolf that would be correct
20:28 mavhq joined #salt
20:28 bluenemo joined #salt
20:30 jcrowe215 joined #salt
20:32 jcrowe215 Good afternoon, anyone familiar with the salt.states.network states file? I am trying to get ipv6 added to system: network.system:  .. but does not come back with anything
20:32 jcrowe215 {% set host_gtwy = salt['cc_netmath.switch_addr']('obscure_vip') %} {% set host_gtwy6 = salt['cc_netmath.switch_addr6']('reading-rainbow_vip') %} {% set fqdn = salt['grains.get']('fqdn', None) %}   system:   network.system:     - enabled: True     - enable_ipv6: True     - hostname: {{ fqdn }}     - gateway: {{ host_gtwy }}     - ipv6gateway: {{ host_gtwy6 }}     - require_reboot: True
20:34 sc250024_ joined #salt
20:38 akhter joined #salt
20:43 sc250024 joined #salt
20:43 raspado_ if you were to give states and pillars one name as a reference, what would it be?
20:44 cscf raspado_, what do you mean?
20:44 raspado_ combining both into a single repo so trying to give it a good name instead of calling the repo states_pillars
20:45 cscf raspado_, oh, I am actually thinking about that right now, what to name the salt-master's repo
20:46 raspado_ i just named mine salt if that helps
20:46 Brew joined #salt
20:47 cscf I was thinking about that, but it does kinda collide with the usual /srv/salt naming
20:47 netcho joined #salt
20:47 cscf we want /srv/something/{states,pillar}
20:48 whytewolf personally i avoid putting states and pillars in the same repo
20:48 raspado_ ^ almost to that conclusion
20:49 cscf whytewolf, yeah, we are still thinking about that.
20:49 whytewolf I want to be able to release my states publicly. so if the same repo has pillar data i can't do that. as that would be a security risk
20:50 whytewolf also, it is just easier to maintain them seperatly
20:50 cscf My manager wants all salt-things to be under a single directory, which I agree with
20:50 cscf the /srv/{salt,pillar} etc naming makes me think someone didn't plan ahead
20:50 whytewolf so if you are not using gitfs that is fine. if you are. ... good luck
20:51 cscf We will use gitfs for a few formulas, probably not for anything else
20:52 hemebond /srv/salt/ is basically states. Not sure what the "planning ahead" means.
20:52 darthzen_ joined #salt
20:54 whytewolf don't have to follow with /srv/salt and /srv/pillar those are just defaults. that shows there is seperation between the two. you could put everything into /srv/salt/{states,pillar} and just tweek the master settings to reflect that
20:55 cscf whytewolf, I am planning on using /srv/saltstack/{states,pillar} so as to avoid confusion with default /srv/salt
20:55 whytewolf what ever turns your drive shaft
20:56 cscf hemebond, someone made /srv/salt for salt, and then now we need a pillar dir, and so on, so it's all just dumped in /srv.  Should all be a single dir for everything salt-related
20:56 cscf Not that it's terribly important
20:56 jcrowe215 Disregard my initial ask. Not a big issue.
20:56 hemebond cscf: Sure, I have /srv/salt/{states,pillar,etc}
20:56 hemebond But you can use Salt without pillars.
20:57 hemebond So the simple initial configuration seems fine to me.
20:57 cscf Here's a more interesting best-practices question - dev and prod environments
20:57 dxiri whytewolf: file bug report where?
20:57 cscf Is it better to use envs, or separate salt masters running different git branches, or what?
20:57 dxiri will do that
20:58 whytewolf dxiri: https://github.com/saltstack/salt/issues
20:58 raspado_ we use a single salt master to manage different environments
20:58 hemebond cscf: There are many people doing both I think.
20:58 raspado_ and have /srv/salt/states/{dev,qe,stage,prod} etc etc
20:59 raspado_ all this is deployed via ansible though
21:00 hemebond LOL
21:00 cscf raspado_, wat
21:00 raspado_ our states/pillars are version controlled and we use ansible to push configs out to the salt masters
21:01 whytewolf ....
21:01 whytewolf raspado_: di you work for the goverment?
21:02 cscf I was just thinking, for example, you might want to change a salt-master setting in dev to test it, but then with envs that changes everything
21:02 Edgan raspado_: ansible to push to salt masters?!? salt-ssh
21:03 raspado_ then you need to set up a roster
21:03 raspado_ need a dynamic inventory
21:03 whytewolf syndic and gitfs
21:03 Sketch yo dawg, i heard you like config management systems...
21:03 Edgan raspado_: and you should probably use gitfs instead of pushing formula/pillars with ansible
21:03 Edgan raspado_: I have been working on that
21:04 raspado_ yeah we use gitfs for versioning
21:04 Edgan raspado_: Are you only using ansible for salt masters?
21:04 raspado_ syndic? ill have to look into it
21:05 whytewolf syndic is basicly the MoM system for salt
21:05 xbglowx joined #salt
21:05 Edgan raspado_: Someone has previously working on a dynamic roster, but no one has looked at it in years. I found it in a broken state. I managed to get it kind of working with some hacking on the salt code.
21:05 whytewolf although you might be better off with anisable
21:06 Edgan whytewolf: I think making salt-ssh work for you is a far better choice if you are already using salt. There is some work to be done, but the benefits are big.
21:07 cscf What are the main problems/limitations with Salt envs?
21:07 whytewolf true, although personally i am not a fan of ssh based config manegment to begin with. it is typically slow
21:07 Edgan whytewolf: I agree
21:07 Edgan whytewolf: best avoided if possible
21:08 Edgan whytewolf: But I found it great for provisioning salt masters and testing of salt code pre-commit
21:08 whytewolf i can see the benifit there.
21:09 whytewolf cscf: salt envs. are a pita to setup right. and to maintain. there is no real seperations so you can end up pushing something to the wrong place on accident. or just not have anything work and be unsure why.
21:10 cscf whytewolf, so what would you recommend instead?
21:10 cscf we were thinking dev & prod salt-masters running dev/prod branches of the same repo
21:10 whytewolf seperate servers per enviroment
21:11 cscf whytewolf, but are git branches a good way to handle the differences?
21:11 viq joined #salt
21:12 anotherzero joined #salt
21:12 nickabbey joined #salt
21:12 whytewolf they should be.
21:13 Edgan cscf: One issue with gitfs plus envs is you have to explicitly whitelist the branches. If you don't it will auto merge all the top.sls files across all branches, including feature branches.
21:15 jas02 joined #salt
21:17 raspado joined #salt
21:19 LtLefse joined #salt
21:20 debian112 joined #salt
21:20 LtLefse left #salt
21:20 cscf Including a formula over gitfs, and getting No matching sls found for 'nextcloud' in env 'base' - any tips for debugging?
21:21 cscf I have - root and - mountpoint set
21:22 bluenemo joined #salt
21:23 bocaneri joined #salt
21:23 akhter joined #salt
21:23 DammitJim joined #salt
21:23 mavhq joined #salt
21:26 Edgan cscf: If you push, you have to wait 60 seconds
21:26 amontalb1n joined #salt
21:27 cscf Edgan, yeah, but these are old
21:27 cscf I made them yesterday
21:27 Edgan cscf: pygit2?
21:27 cscf gitpython
21:27 Edgan cscf: I recommend pygit2
21:28 Edgan cscf: When I setup gitfs, it was the obvious best choice.
21:28 Edgan cscf: distribution?
21:28 cscf Ubuntu 16.04
21:28 Edgan cscf: it has a native pygit2 package
21:29 cscf I do not remember why I chose gitpython back then
21:29 cscf Edgan, so I notice
21:29 tapoxi anyone run into a "mapping values are not allowed here" in their pillar data?
21:29 Edgan tapoxi: Generally it is you are missing a :
21:29 Edgan tapoxi: See it all the time when writing new code
21:30 Edgan tapoxi: https://paste.fedoraproject.org/488259/47976383/
21:37 cscf Ok, switched to pygit2
21:37 cscf Didn't help
21:38 Edgan cscf: How many branches do you have?
21:38 cscf Edgan, just master, here
21:38 Edgan cscf: gitlab? github? gitolite?
21:38 cscf Edgan, gitlab
21:38 Edgan cscf: Do you see the formula in gitlab?
21:38 cscf But it's not giving the error I had before when it couldn't download the git repo
21:38 dxiri whytewolf: https://github.com/saltstack/salt/issues/37824
21:38 saltstackbot [#37824][OPEN] SSLError Trying to use v3 API of Openstack Newton as provider. | Description of Issue/Question...
21:39 dxiri done
21:39 cscf Edgan, oh yes, it's definitely there
21:39 Edgan cscf: and it has a init.sls?
21:39 cscf Yes
21:40 Edgan cscf: is it working for any other formula?
21:40 cscf Edgan, well, it *was* working for our clone of the shorewall-formula
21:40 cscf But now that's showing errors too
21:40 Edgan cscf: what are the errors?
21:40 cscf same, python-pygit2
21:40 cscf No matching sls found for 'shorewall' in env 'base'
21:40 cscf wrong paste buffer
21:41 cscf Oh, perhaps moving the gitfs conf to master.d broke it
21:42 Edgan cscf: Here is an example, https://paste.fedoraproject.org/488265/97645331/
21:42 cscf Yeah, I forgot it had to .conf.  I bet that fixes it
21:43 Edgan cscf: other than the 60 second, once setup properly it has always just worked for me
21:43 tapoxi Edgan: http://pastebin.com/raw/bp1YkTDw
21:44 tapoxi Edgan: that's what its puking on, but I can't see any missing :
21:44 cscf Now auth errors.  That's a tomorrow problem.  Thanks, bye
21:44 Edgan tapoxi: set domain = 'bo.company.internal'  shoulnd't this be, {% set domain = 'bo.company.internal' %}
21:45 tapoxi oh stupid me
21:45 tapoxi thanks for being another pair of eyes
21:46 Edgan tapoxi: I use Atom with plugins for jinja and yaml. It catches so many stupid typos and such.
21:46 tapoxi Edgan: plugin suggestions?
21:47 nickabbey joined #salt
21:47 Edgan tapoxi: https://paste.fedoraproject.org/488271/79764867/
21:48 xet7 joined #salt
21:48 Edgan tapoxi: Probably more than you need. I copied my initial list from a friend.
21:49 nZac joined #salt
21:51 tapoxi Edgan: you have any performance issues loading all these?
21:51 tapoxi I'm on VS Code for a bit due to Atom's sluggishness
21:52 Edgan tapoxi: yes, especially with sync-settings, it can be slow on first startup
21:54 cyteen joined #salt
21:56 tapoxi can I reference pillar from pillar?
21:56 Edgan tapoxi: I also use panes over tabs. I found getting a 4k monitor helped.
21:56 Edgan tapoxi: ?
21:57 tapoxi so, long story short I need to have the hostname & fqdn set properly, so I'm setting the domain in pillar based off grains['id']
21:57 tapoxi then because I can't use grains['domain'] I need it to use pillar['network']['domain']
21:57 Edgan tapoxi: why wouldn't you just use grains for that and skip setting a pillar?
21:58 Edgan tapoxi: You can set your own grains
21:58 xbglowx_ joined #salt
21:58 tapoxi yeah its the more sane way, but I wanted to avoid needing that
21:59 tapoxi and have it do everything based on just the minion id
21:59 Edgan tapoxi: I use a custom grain to slice the fqdn into pieces and each piece becomes it's own grain
22:02 phx joined #salt
22:05 fracklen joined #salt
22:05 zo joined #salt
22:07 aharvey joined #salt
22:09 johnkeates joined #salt
22:10 Rumbles joined #salt
22:14 rubenb joined #salt
22:16 jas02 joined #salt
22:16 nZac joined #salt
22:16 Xopher joined #salt
22:17 nicksloan joined #salt
22:17 mavhq joined #salt
22:18 Xopher joined #salt
22:18 akhter joined #salt
22:19 eseyman joined #salt
22:33 nZac joined #salt
22:34 teclator_ joined #salt
22:39 ProT-0-TypE joined #salt
22:53 daemonkeeper joined #salt
22:53 tercenya joined #salt
22:54 raspado joined #salt
23:00 Klas joined #salt
23:02 ALLmightySPIFF joined #salt
23:04 nickabbey joined #salt
23:10 notnotpeter joined #salt
23:14 greyeax_ joined #salt
23:15 greyeax_ joined #salt
23:17 jas02 joined #salt
23:18 aphor_ joined #salt
23:29 ventris joined #salt
23:35 sh123124213 joined #salt
23:35 mavhq joined #salt
23:38 akhter joined #salt
23:40 dxiri joined #salt
23:50 jfelchner joined #salt
23:53 dxiri joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary