Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2017-01-13

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:01 alexlist joined #salt
00:18 Sammichmaker joined #salt
00:18 Sammichmaker joined #salt
00:26 Klas joined #salt
00:29 sarcasticadmin joined #salt
00:33 dkrae joined #salt
00:36 abednarik joined #salt
00:42 rpb joined #salt
00:43 snarfy^ pretty awesome. i downgraded to make the cache.grains bit work, and ran into https://github.com/saltstack/salt/issues/34581   instead
00:43 saltstackbot [#34581][OPEN] Mine.send does not work for alias functions | Description of Issue/Question...
00:44 hemebond That's odd.
00:44 hemebond I had miniongrains as an alias for grains.items and it worked.
00:45 hemebond Maybe that's not an alias though.
00:45 hemebond Oh that's just mine.send.
00:45 bowhunter joined #salt
00:46 snarfy^ i have manager_ip: - mine_function: network.ip_addrs - ens160 (eth0)
00:47 voldz1tic3n joined #salt
00:50 brokensyntax joined #salt
00:51 hemebond Why are you encountering the bug?
00:51 Illusioneer joined #salt
00:58 ivanjaros joined #salt
01:00 snarfy^ hemebond, because the mine functions aren't working
01:00 om2 joined #salt
01:01 snarfy^ "Function manager_token in mine_functions failed to execute"
01:01 snarfy^ oh... oh...
01:01 hemebond So 'salt-run mine.get '*' manager_ip' fails?
01:01 snarfy^ this might be on me
01:02 pipps joined #salt
01:13 pipps joined #salt
01:15 woodtablet left #salt
01:21 voldz1tic3n joined #salt
01:30 mikecmpbll joined #salt
01:32 feld joined #salt
01:32 rml__ joined #salt
01:34 amontalban joined #salt
01:37 dkrae joined #salt
01:43 abednarik joined #salt
01:44 falstaff_ Is there a standard devops word for "making VMs"?
01:44 falstaff_ For example vagrant makes a VM with up, and then provisions it if it isn't already
01:44 hemebond Provisioning I think.
01:45 netcho_ joined #salt
01:45 falstaff_ salt-cloud has a similar divide where machines are made with map files, and then provisioned with states
01:45 falstaff_ I'm trying to figure out how to teach this to the rest of my team
01:45 hemebond Provisioned with states?
01:46 hemebond I don't use states to provision VMs in AWS.
01:46 hemebond Not even sure where I'd apply those states.
01:46 falstaff_ Provisioning in the "vagrant" sense
01:46 hemebond Ooooh, the configuring part.
01:47 falstaff_ I don't know what any of these words mean anymore
01:47 falstaff_ Hehehe
01:47 hemebond The configuring the kinda part of the provisioning.
01:47 hemebond *is kinda
01:47 falstaff_ Sure, but I can make VMs using all kinds of systems, but not have them be set up to do a job yet
01:48 falstaff_ I think it's good that they're separate steps
01:48 falstaff_ What is it called when a minion is brought to highstate?
01:48 om2 joined #salt
01:49 hemebond Okay so you provision a VM and then highstate the VM.
01:49 hemebond I don't know of other terms I'm afraid.
01:49 falstaff_ That sounds good enough
01:50 lws joined #salt
02:26 ninjada joined #salt
02:26 johnkeates joined #salt
02:26 mattp is it possible to have a git_pillar branch map to multiple environments?
02:30 pipps joined #salt
02:30 eprice joined #salt
02:36 nethershaw joined #salt
02:40 sebastian-w_ joined #salt
02:46 amontalban joined #salt
02:46 amontalban joined #salt
02:48 ilbot3 joined #salt
02:48 Topic for #salt is now Welcome to #salt! <+> Latest Versions: 2016.3.4, 2016.11.1 <+> Support: https://www.saltstack.com/support/ <+> Logs: http://irclog.perlgeek.de/salt/ <+> Paste: https://gist.github.com/ (please don't multiline paste into channel) <+> See also: #salt-devel, #salt-offtopic <+> Ask with patience as we are volunteers and may not have immediate answers
02:49 jaybocc2 joined #salt
02:56 catpiggest joined #salt
02:58 saintromuald joined #salt
03:15 djgerm joined #salt
03:17 DEger joined #salt
03:17 evle joined #salt
03:18 N-Mi joined #salt
03:31 om2 joined #salt
03:37 PatrolDoom joined #salt
03:45 keldwud joined #salt
03:48 netcho_ joined #salt
03:49 jaybocc2 joined #salt
03:51 lws joined #salt
03:59 hemebond mattp: Have you tried to do it in your ext_pillar config?
03:59 mattp hemebond: i did yes
03:59 mattp i tried providing an array to - env: key per remote, seems to not have liked that though
04:00 hemebond What about just duplicating the entries?
04:00 mattp ya, could do that
04:00 mattp would be nice to avoid
04:00 LostSoul joined #salt
04:01 hasues left #salt
04:15 akunin joined #salt
04:15 ninjada joined #salt
04:18 akunin i got a list of tags for each host in a mongodb pillar. how can i match with jinja if the host contains ONE specific tag in the list?
04:19 hemebond akunin: If it must be in Jinja, {% if 'tag' in tags %}
04:20 akunin hemebond: cool! as simple as that? let me try
04:22 akunin joined #salt
04:27 akunin joined #salt
04:29 ninjada joined #salt
04:31 akunin joined #salt
04:31 akunin left #salt
04:39 sh123124213 joined #salt
04:42 sh123124213 joined #salt
04:43 XenophonF /quit
04:49 lws joined #salt
04:53 XenophonF joined #salt
04:55 raspado joined #salt
04:57 masber joined #salt
05:03 djgerm1 joined #salt
05:18 beardedeagle joined #salt
05:19 justan0theruser joined #salt
05:29 lasseknudsen2 joined #salt
05:30 spuder joined #salt
05:39 NV joined #salt
05:39 hasues joined #salt
05:40 hasues Anyone know how to configure a salt state for gentoo with portage_config to specify a flag to emerge?
05:44 ashmckenzie joined #salt
05:48 amontalban joined #salt
05:48 amontalban joined #salt
05:48 ninjada joined #salt
05:48 LostSoul joined #salt
05:48 netcho_ joined #salt
05:57 DEger joined #salt
06:25 keimlink joined #salt
06:32 bocaneri joined #salt
06:33 eprice joined #salt
06:34 qzhillc joined #salt
06:35 mikecmpbll joined #salt
06:36 lasseknudsen joined #salt
06:39 om2 joined #salt
06:48 amontalban joined #salt
06:49 ninjada joined #salt
06:53 orianbsilva_ joined #salt
06:57 catpigger joined #salt
07:00 ninjada joined #salt
07:01 colttt joined #salt
07:06 netcho_ joined #salt
07:13 sh123124213 joined #salt
07:15 CEH joined #salt
07:16 Edgan joined #salt
07:23 hasues left #salt
07:26 nidr0x joined #salt
07:28 mauli_ joined #salt
07:28 Xevian joined #salt
07:30 rubenb joined #salt
07:30 kuromagi joined #salt
07:31 qman__ joined #salt
07:31 cyraxjoe joined #salt
07:31 Laogeodritt joined #salt
07:31 jcristau joined #salt
07:31 ub1quit33 joined #salt
07:31 zifnab joined #salt
07:31 Hazelesque joined #salt
07:31 mrud joined #salt
07:31 mrud joined #salt
07:32 Freek joined #salt
07:32 djural_ joined #salt
07:32 johtso joined #salt
07:32 JamieH joined #salt
07:32 CaptTofu joined #salt
07:32 glenn joined #salt
07:32 lkannan joined #salt
07:33 wiqd joined #salt
07:33 nahkiss joined #salt
07:34 OliverMT joined #salt
07:34 tcolvin joined #salt
07:35 hexa- joined #salt
07:35 nethope joined #salt
07:36 evilrob joined #salt
07:36 AndreasLutro joined #salt
07:36 dlloyd joined #salt
07:36 hillna joined #salt
07:36 igormarnat_ joined #salt
07:37 doriftoshoes joined #salt
07:37 tom29739 joined #salt
07:39 scoates joined #salt
07:45 jaybocc2 joined #salt
07:57 jaybocc2 joined #salt
08:01 ninjada joined #salt
08:01 Trauma joined #salt
08:04 evilrob joined #salt
08:05 nethope joined #salt
08:12 ninjada joined #salt
08:17 invalidexception joined #salt
08:17 sebastian-w joined #salt
08:18 ponyofdeath joined #salt
08:23 toanju joined #salt
08:33 max__ joined #salt
08:33 max__ hi all
08:37 Guest16995 I have that day struggling with the problem of automating change id of  minion (/etc/salt/minion_id) when changing the hostname. Who faced with the same problem? how to automate the change id of  minion (/etc/salt/minion_id) when changing the hostname on the host
08:38 moeyebus9__ joined #salt
08:39 LostSoul joined #salt
08:41 hemebond Hmm. I don't think I've really had a problem with that. I don't generally rename servers.
08:41 impi joined #salt
08:42 hemebond Though my AWS provisioning script sets the hostname and the minion_id at the same time.
08:42 hemebond s/script/setup
08:43 Guest16995 i create image for openstack and minion start before i change default hostname
08:43 dariusjs joined #salt
08:43 hemebond Oh you don't install salt-minion yourself?
08:43 ivanjaros joined #salt
08:43 Guest16995 yes
08:44 hemebond You do?
08:44 hemebond So it's not already in the image?
08:44 Guest16995 он устанавливаеться в момент создания образа
08:44 hemebond ?
08:44 Guest16995 it is set at the time of image creation
08:44 Guest16995 sorry
08:44 hemebond What is set?
08:45 Guest16995 yes its not already in image
08:45 Guest16995 minion instaled on image when i create image on packer.io programm
08:45 hemebond Okay so all you have to do is create minion_id before installing salt-minion.
08:45 moeyebus9_ joined #salt
08:46 hemebond Then it is already in the image (when you come to provision a VM)
08:47 Guest16995 I can not create the id of minion advance since this image will be used for a variety of hosts with different names
08:48 Guest16995 I tried to delete the file after installation but it did not help
08:49 hemebond Can you not install salt-minion during provisioning?
08:50 Guest16995 yet I see only one way is to write a script that will check whether the hostname has changed in comparison to id of minion
08:50 amontalban joined #salt
08:51 Guest16995 i cant not install minion because it is main programm in image =)
08:52 Guest16995 i wanna image of centos with minion
08:53 AndreasLutro just make sure the salt-minion service is disabled in your base image, then write minion_id and enable the service with your startup script or whatever
08:54 rodr1c joined #salt
08:54 rodr1c joined #salt
08:54 cyteen joined #salt
08:55 Guest16995 There is another option of replacing the ID is to use start SLS, but I yet did not understand how to point it to a local SLS
08:55 prg3 joined #salt
08:55 hemebond To change the minion ID you have to stop the service, update the file, delete any existing keys on the VM and the master, then start the service.
08:56 Guest16995 AndreasLutro i already try it but openstack create image and after that it start centos for create image and minion start automatically
08:57 Guest16995 hemebond i know it but its not help me
08:57 Guest16995 because openstack create image and after that it start centos for create image and minion start automatically
08:57 hemebond Guest16995: Yeah, that's why I don't put things into images.
08:58 hemebond Hated doing it on Windows domains, hate doing it on Linux cloud environments.
08:58 hemebond OpenStack should allow you to install salt minion when provisioning.
08:58 hemebond In fact does it not support cloud-init?
08:58 hemebond That's what Debian on AWS uses during provisioning.
08:59 Guest16995 it is very uncomfortable since the image you plan to use is not going into it to further customize and simply take the key on the master Salt and attach to it the SLS that it will set up
09:00 Flusher joined #salt
09:01 hemebond I don't understand.
09:03 Guest16995 I plan to make an image with minion in order to have a unified image that I could customize using SLS
09:03 Guest16995 states
09:04 hemebond But that's what I have.
09:04 hemebond Even without putting salt-minion in the image.
09:05 Guest16995 but if i dont install salt minion in image i have only installed centos in my image that is not good
09:05 ronnix joined #salt
09:06 hemebond Okay.
09:07 netcho_ joined #salt
09:09 Guest16995 Thanks for trying to help  =)
09:13 ninjada joined #salt
09:13 secrgb joined #salt
09:14 mikecmpbll joined #salt
09:14 Guest16995 This is an issue when building machine images with a tool such as http://packer.io. All virtual machines derived from the image have the same hostname on first boot (i.e. packer-57029253-df7d-b062-a581-9bda7675708c) and do not adopt their true hostname (i.e. consul-master-1) which is derived at instance creation time.
09:17 hemebond How does the hostname get set?
09:19 secrgb q: can a formula have multiple mutually exclusive requisites?
09:19 hemebond A formula is just a collection of states.
09:20 onmeac joined #salt
09:21 secrgb okay
09:21 Guest16995 hostname sets when i create instance
09:22 hemebond Can you make that process create a file?
09:22 Guest16995 openstack set it automaticcaly
09:22 Guest16995 no
09:24 Guest16995 I'm looking for a way to automatically change id when hostname was changed
09:24 Guest16995 i think i can push hostname to /etc/salt/minion conf file
09:24 ninjada joined #salt
09:25 CrummyGummy joined #salt
09:25 Guest16995 in "id:" section
09:25 onmeac ./etc/salt/minion_id
09:26 secrgb okay, i have a stupid issue and i really dont know how to solve this. Lets take Wordpress, It can run on nginx and apache (depending on something not related). I dont want to write 2 formuas for installing and setup. Any ideas on how to solve this?
09:27 hemebond secrgb: What's the problem?
09:27 lasseknudsen joined #salt
09:28 Guest16995 i dont undestend too
09:28 Guest16995 write it in one sls
09:29 moy joined #salt
09:29 Guest16995 like this /opt/jdk8:   file.symlink:     - user: teamcity     - group: teamcity     - force: True     - mode: 755     - target: /opt/jdk1.8.0_102     - require:       - file: /opt/jdk1.8.0_102  /opt/jdk1.8.0_102:   file.recurse:     - user: teamcity     - group: teamcity     - source: salt://java/files/jdk1.8.0_102  /opt/jdk1.8.0_102/jre/bin:   file.directory:     - mode: 755     - recurse:       - mode  /opt/jdk1.8.0_102/bin:   f
09:29 Guest16995 fck
09:29 Guest16995 in vertical position =)
09:30 afics joined #salt
09:31 secrgb well, when i write that wordpress requisites are nginx and apache, then it will install both
09:31 hemebond Don't use requisites for that.
09:32 hemebond have like wordpress.nginx and wordpress.apache
09:32 Guest16995 use jinja
09:32 hemebond Then the person using the formula can decide which one to use.
09:32 Guest16995 {% if grains['os_family'] == 'RedHat' and grains['osmajorrelease'] == '6' %}
09:32 secrgb hmm
09:32 Guest16995 like this
09:33 N-Mi_ joined #salt
09:33 Guest16995 you can use it in sls file
09:33 _KaszpiR_ joined #salt
09:33 Guest16995 and test system for know what you need install on this system
09:35 secrgb Guest16995: i dont think webserver is listed in grains (i accept that i might be wrong)
09:36 hemebond It's not. It should be up to the formula user to choose.
09:36 hemebond That's how I do it.
09:37 secrgb also, is there a way to pass variables like passwords to minions, i have a ssl cert with a password and every webserver restart needs it
09:37 secrgb not something i want to store on server
09:38 hemebond That doesn't sound useful.
09:38 hemebond Normally you remove the password from the cert when using it for a web server.
09:40 secrgb yes, but someone (read:bofh) got a *.domain.tld cert
09:40 hemebond And?
09:40 secrgb policy states that removing that password is a no go
09:42 CrummyGummy Morning, is it possible to increase the frequency of the master's git pulls? I'm working via git and it's really slow going. Not for production obviously.
09:43 hemebond CrummyGummy: Doesn't it check every 60 seconds?
09:43 hemebond secrgb: well then someone is going to have to logon to the machine and restart it.
09:43 hemebond Or run the command via the master.
09:44 hemebond Otherwise you'll be storing the password somewhere.
09:44 secrgb cool
09:44 CrummyGummy I think so. It's not too bad but atm I make a small change and wait for pull, apply, check and so on. The wait can be a bit painful sometimes.
09:47 Trauma joined #salt
09:48 alrayyes joined #salt
09:51 amontalban joined #salt
09:52 netcho_ joined #salt
10:00 tuxx joined #salt
10:00 tuxx hey guys.. is it possible to configure salt-master so that it accepts any minion key?
10:01 tuxx we would like to setup an infrastructure where a user can click together a VM with an arbitrary configuration and it will be brought up using salt
10:01 tuxx it should happen entirely dynamically upon user request.. in a segregated DMZ... the VMs are disposable after a short while...
10:02 tuxx so we dont really have great concerns regarding the key exchange
10:02 yuhl___ joined #salt
10:02 babilen tuxx: That is possible, look into auto accept in the master configuration
10:04 tuxx babilen: awesome thanks
10:10 yuhl___ joined #salt
10:13 daxroc When is a pillar evaluated ? If I have an grain lookup within the pillar for network.interface_ip eth0 will it return the master or the minion IP?
10:14 Reverend that's a good question - but if you want to test it and let me know...that'd be fanttastic
10:14 Reverend I have the funniest idea that it'll be the master ip
10:14 yuhl___ joined #salt
10:14 Reverend but that's just a guess
10:15 Reverend daxroc ^
10:17 JohnnyRun joined #salt
10:25 ninjada joined #salt
10:27 EvaSDK Reverend, daxroc: I think it's written somewhere in the doc, the pillar data is rendered on the master before being sent to the minion
10:28 EvaSDK so while grains are collected from the minions and that would work to determine pillar data specific to a minion, it does not work when using data from another direct salt function call
10:28 EvaSDK as this would be master's data
10:28 Reverend that was what I thought
10:30 ntars joined #salt
10:31 netcho_ joined #salt
10:32 babilen daxroc: I would really quite appreciate it if you would answer my questions :)
10:33 daxroc Sorry what question?
10:34 babilen daxroc: I asked if you *really* need the address on eth0 (as opposed to the address in a specific network or even just 'public' / 'private' ones) and if you also have the need to access addresses of other minions
10:35 babilen As you seem to come back to this every morning, I thought we might sort it out once and for all :D
10:35 netcho joined #salt
10:35 daxroc No, I'm asking different questions at least I thought I was but hey .. that wouldn't be new right
10:36 babilen The general question you are asking is "How do you get SOME_IP from my minion", isn't it?
10:36 ninjada joined #salt
10:38 daxroc *Trying to wrap my head around salt master minion interaction and state and the tempting - not comparable to other frameworks I've used and how I've become accustomed if thats good or bad I don't know yet. But I'm really strugleing with basic things when it comes to runtime/deploy time configuration
10:39 babilen Sure, so .. I guess that you want to configure $SOMESERVICE via pillars and that you need to configure some IP addresses for it.
10:39 babilen Hence my questions
10:42 babilen So: What are you trying to do?
10:43 daxroc I've several servers I need to retrieve some data from.  At execution, These can be targeted with Grains "ec2_tags"  all will export a "custom" grain for a UUID I'll need for later configuration requests.
10:43 daxroc My take so far would be to stagger the desired state with orchestrate so that the UUID model gets executed first in a distinct 'stage' then perform the installation and provisioning of the rest of the platform.
10:44 babilen I was specifically referring to your perceived need to get the address on eth0
10:45 daxroc The parts I keep struggling with is how to query for the grain data in the pillar - one happens to be eth0 for one particular instance. the other 99 address the uuid is sufficient
10:46 daxroc *well the real pain is a decent non-me-being-the-machine development environment :D
10:48 babilen I ask because it might not be a good idea to hardcode eth0
10:48 EvaSDK the uuid not being sufficiently unique ?
10:48 EvaSDK or being too unique ?
10:48 babilen We had a customer who struggled *massively* when they had to change all their provisioning to cope with systemd's predictable interface naming scheme
10:48 daxroc It would be the private address
10:49 babilen In a specific network (by cidr) or just "private" ?
10:49 babilen That customer had hardcoded eth0 / eth1 and .. well .. it was work
10:50 daxroc it would be a limited cidr but it would be unnecessary?
10:50 daxroc Hardcoding eth0 in a pillar I could live with
10:50 babilen Which is why I recommend to use network.ip_addrs which allows you to specify cidr or "type" (private / public) rather than hardcoding interfaces
10:51 jhauser joined #salt
10:51 babilen To share this information you might want to configure the salt mine and use the mine.get runner method to retrieve it in the pillar (cf. mine.get execution module documentation)
10:51 LeProvokateur joined #salt
10:52 babilen Alternatively access information by grain in the pillar and perform the filtering manually
10:52 babilen Sadly salt lacks many useful jinja filters that are available in ansible (for now)
10:53 babilen Sadly we won't even be able to incorporate them due to incompatible licensing
10:53 daxroc I've seen the mine.get docs but it doesn't offer any real world examples on how it could / can be used, I'm new and looking for best practice but these examples provided are far to basic to be very useful to a novice
10:53 babilen Yes, which is why I asked two questions: 1. Do you really care if it is eth0 and 2. Do you also need the address of other minions?
10:53 babilen The answer to the first seems to be "no", the second one is still unclear
10:53 netcho joined #salt
10:54 daxroc First, no . Addresses probably not but other data that would be custom grains / ec2_tags etc yes
10:56 ruxu joined #salt
10:57 EvaSDK babilen: stumbled upon these jinja filtering limitations
10:57 EvaSDK was kinda sad :)
10:57 babilen Okay, in that case you will want to use the mine. I target the following at *every* minion: http://paste.debian.net/908580/ which allows me to query all of them for addresses in the ipv4 private network range
10:57 babilen These are combined with mine functions for more specific networks that are mostly subsets of the address ranges above, but have a more semantic meaning
11:00 babilen EvaSDK: Well, apparently we are now in a position in which we can extend filters ourselves. Unfortunately we can't just copy Ansible's filters as the licenses aren't compatible
11:00 daxroc babilen: appreciate your patience.
11:00 netcho joined #salt
11:00 babilen EvaSDK: See https://github.com/saltstack/salt/issues/28236 and https://github.com/saltstack/salt/issues/38355
11:00 saltstackbot [#38355][OPEN] Allow the definition of custom filters in Jinja | Lifted from #12761: https://github.com/whiteinge/salt/commit/aaddbdf would allow salt to collect functions like the following from custom execution modules and present them as custom jinja filters:...
11:01 babilen daxroc: So, in the same manner you can sync other data to the mine. In fact you can sync the *output* of *any* execution module call to the mine.
11:02 babilen daxroc: This does, sometimes, cause problems in that you would have to sync the mine before you can access that data, so it might be advantageous to consider accessing grains (they are available right away), but that necessitates some rather ugly data munging in jinja in the case of IP address filtering
11:11 daxroc https://www.irccloud.com/pastebin/5Mtw3dnK/
11:12 daxroc How would you do the lookup on a custom grain / grains.item
11:13 daxroc ^babilen
11:13 JohnnyRun joined #salt
11:14 babilen daxroc: For some reason I can't copy and paste on that website ..
11:15 daxroc yeah you can use kb shortcuts - didn't realise that
11:16 babilen daxroc: What's the name of the grain itself?
11:16 daxroc ntapp
11:17 daxroc ? the method for the grain ?
11:17 babilen So if you run "salt 'someminion' grains.get ntapp" you'd get the desired output?
11:17 CrummyGummy So cmd.run: -name " systemd restart ..." is the way to restart daemons?
11:17 daxroc yes
11:17 CrummyGummy just checking, thanks
11:17 daxroc CrummyGummy: not directed at you
11:17 candyman88 joined #salt
11:18 CrummyGummy lol, ok
11:18 babilen CrummyGummy: I'd use service.restart FOO
11:18 babilen https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.service.html#salt.modules.service.restart
11:18 babilen daxroc: http://paste.debian.net/908583/
11:18 CrummyGummy Thanks, I thought modules can't be run in the top file.
11:18 babilen grains.get
11:19 babilen CrummyGummy: You only target states to minions in the top file
11:20 babilen And you really don't want a "restart" state in your provisioning
11:20 CrummyGummy I should've added context. Sorry. I include a custom php module. Then need to restart php-fpm.
11:20 babilen You don't want the server to be in a "restarting" state .. you want it to be running (or to not be running)
11:20 babilen You might *react* to changes in a configuration file by restarting a service, but that is done with a watch/listen requisites
11:21 babilen States describe what you want to achieve .. not how you achieve it :)
11:21 sh123124213 joined #salt
11:22 CrummyGummy hmmm, I want to achieve php with a custom included module.
11:22 babilen daxroc: Actually I'm using grains.get in mine_functions
11:22 babilen CrummyGummy: Yes, so you'd use listen/listen_in on the php-fpm process and the configuration file state
11:23 CrummyGummy ok, thanks
11:23 babilen s/php-fpm process/php-fpm service state
11:23 babilen Whenever there are changes in the configuration file the service will be restarted/reloaded
11:23 babilen You "watch" configuration files for changes and react to that by restarting the service
11:24 jhauser joined #salt
11:24 raspado joined #salt
11:26 cyborg-one joined #salt
11:27 evle1 joined #salt
11:28 dariusjs joined #salt
11:31 abednarik joined #salt
11:35 hweemiin joined #salt
11:37 eprice joined #salt
11:37 ninjada joined #salt
11:41 ronnix joined #salt
11:48 dariusjs joined #salt
11:48 ninjada joined #salt
11:51 netcho joined #salt
11:53 amontalban joined #salt
11:53 amontalban joined #salt
11:55 blgria joined #salt
11:56 golodhrim|Work joined #salt
12:00 golodhrim|Work Hi guys, I have the following question: I want to deploy a network configuration with saltstack. In that statefile I put: eth1: network.managed and ipv6addrs: - ::A/128 -
12:00 golodhrim|Work - ::B/128
12:01 daxroc babilen how do you ensure that the grains are updated for future converges ?
12:02 jaybocc2 joined #salt
12:02 golodhrim|Work if I now run the statefile it results in no ipv6 configuration at all, if I use ipv6addr: ::A/128 it is in. Is there a Problem with 2016.3.2 and that? Did this ever work? Will there be a change when upgrading to 2016.11.1?
12:03 jhauser joined #salt
12:06 sh123124213 joined #salt
12:08 cyteen joined #salt
12:09 Reverend can one do an 'or' on a rquires?
12:09 Reverend like, "sls: php54 OR sls: php7"
12:10 golodhrim|work|2 joined #salt
12:11 golodhrim|work joined #salt
12:19 raspado joined #salt
12:19 daxroc babilen: Just seems like an anti-pattern to call a grain update from the state ?
12:19 daxroc after my state runs - I need to call saltutil.sync_grains
12:21 sjorge joined #salt
12:21 sjorge joined #salt
12:22 modulistic joined #salt
12:23 Trauma joined #salt
12:31 teclator joined #salt
12:36 EvaSDK Reverend: afaik you can't or, you can do if/else jinja structures if there is something you can check via a grain or something
12:36 Reverend that;'s a good idea
12:36 Reverend i do have a php version grain
12:36 Reverend so i can use that. thanks EvaSDK
12:37 AndreasLutro do you really need different slses for php5 and php7?
12:38 Reverend yeah. we're currently migrating our old infrastructure to aws, and we're setting it up in AWS exactly as it is with our currently company for now. as soon as we're on aws, we're moving to php7.
12:39 Reverend =once we've moved, I can just remove the old sls and be done with it.
12:39 Reverend we've designed the php7 setup completely differently, so it just made sense to do it that way instead of writing the sls around it being able to do multiple versions
12:40 AndreasLutro fair enough
12:45 Trauma joined #salt
12:46 amontalban joined #salt
12:46 amontalban joined #salt
12:46 prymek joined #salt
12:49 ninjada joined #salt
12:50 brousch__ joined #salt
12:51 jaybocc2 joined #salt
12:52 numkem joined #salt
12:53 prymek Hello, why is renderer run on the client and not on the master? I really like mako but i must install it on all clients :(
12:53 prymek ...or is there any way I can tell salt-ssh to bundle mako with the rest of salt? It works with jinja...
12:54 ReV013 joined #salt
12:58 AaronF joined #salt
12:59 abednarik joined #salt
13:00 AaronF For SDB, where in the Master/Minion Configuration do I put the profiles? Do they go under some sub-key?
13:00 ninjada joined #salt
13:06 jhauser joined #salt
13:12 Kelsar joined #salt
13:15 rburkholder joined #salt
13:18 AaronF joined #salt
13:23 babilen daxroc: What kind of grains are you updating?
13:24 tobiasBora joined #salt
13:24 amcorreia joined #salt
13:28 ronnix joined #salt
13:30 K1412 joined #salt
13:32 LostSoul joined #salt
13:36 ssplatt joined #salt
13:37 abednarik joined #salt
13:39 eprice joined #salt
13:41 jhauser joined #salt
13:45 legreffier joined #salt
13:46 edrocks joined #salt
13:50 K1412 Hello everyone, I have some items in my top.sls that work but I don't find it really easy to read so I want try to write it in another sls so it will be more clear but I have a little error. I post a link with all elements (file_roots, top.sls and my new sls). https://zerobin.net/?7dc69d2731f2c565#u4cMEULO2J8SzOsb3b60VoHPMpNT9I0FLTB5JSan2J4= (maybe there is a better method to do that ?)
13:51 austin_ joined #salt
13:51 babilen K1412: You want to remove the "apache-stuff" line along with the empty line and the duplicate "- apache" entry
13:52 babilen Personally I try to not make use of too many includes as it makes it hard to figure out where a particular state was targeted.
13:52 babilen Prefer to have them all in top.sls
13:52 babilen (but that's entirely subjective and there is no clear rule)
13:53 daxroc babilen: nm, makes sense to update directly after the agent is installed - if I understand the mine/grains would only update on the next converge/scheduled run ?
13:53 babilen daxroc: Grains rarely change .. what kind of update are you referring to?
13:54 babilen Your UUID one along with the ec2* custom grains?
13:54 daxroc So the data the grain is based on won't exist until after the initial converge
13:54 babilen Right
13:54 daxroc Yes. It's the uuid - only generated on installl of the agent
13:55 daxroc Grains require a forced sync to update ?
13:55 babilen Well, your custom grain should be able to handle the "no data yet" situation and you can easily orchestrate different steps in the installation process
13:55 babilen Grains are synced on highstate, but you can also trigger that explicitly
13:57 daxroc So after the initial highstate it should be set for following converges?
13:57 numkem joined #salt
13:57 daxroc That's not what I see, The grain is empty until I issue "salt '*' saltutil.sync_grains"
13:58 K1412 babilen: thanks, there are some situation we may not use top.sls directly ? I try to take the best practice directly if it's possible ^^
13:59 babilen K1412: It's fine to include other SLS files in your SLS, but I found that it makes it tricky to figure out where particular states are targeted in some cases
13:59 Neighbour Is there a method to convert an unicode-string to an ascii-string (or vice-versa) in jinja? I'm stumbling upon the weird issue (2016.11) that boto_secgroup.absent doesn't recognize a security-group name which is a concatenation of an unicode-string and an ascii-string.
13:59 babilen K1412: I don't see the merit in a "apache-stuff" state
13:59 babilen daxroc: Your custom grain is not synced during the highstate?
14:00 K1412 babilen: it's because I want do a file.replace late and I thought it was weird to add it directly in top.sls
14:00 babilen K1412: You can't have file.replace in top.sls -- What are you planning to replace?
14:01 ninjada joined #salt
14:01 abednarik joined #salt
14:01 K1412 babilen: ServerTokens OS in ServerTokens Prod because the formula don't replace the existing value it only add it at the end of the file
14:01 babilen K1412: top.sls is solely meant for targeting SLS to minions. The actual states (file.replace, pkg.installed, ...) are in the SLS files you target.
14:02 babilen K1412: Well, that's quite a complicated topic as there is no clear rule and, much like in software engineering, finding the right abstraction is hard and depends on your system
14:02 babilen In some cases I have a foo.example.com SLS
14:02 babilen (that would include other SLS)
14:04 K1412 babilen: ok, I will try so and come back if I have other quetions ^^, thanks again for your time
14:10 Ahlee joined #salt
14:11 beardedeagle joined #salt
14:11 LostSoul joined #salt
14:12 racooper joined #salt
14:12 ninjada joined #salt
14:17 djgerm joined #salt
14:21 amontalban joined #salt
14:22 dariusjs joined #salt
14:24 ronnix joined #salt
14:26 abednarik joined #salt
14:34 Brew joined #salt
14:35 dyasny joined #salt
14:39 ronnix joined #salt
14:42 jaybocc2 joined #salt
14:45 mavhq joined #salt
14:46 daxroc babilen: should the grain handle this internally or is it an automatic sync ?
14:46 ssplatt joined #salt
14:52 XenophonF well this is an interesting bug in file.directory
14:52 XenophonF oh man I hate how Python treats integer 0 and False as being equivalent
14:53 haam3r joined #salt
14:54 s0undt3ch joined #salt
14:56 XenophonF https://github.com/saltstack/salt/blob/develop/salt/states/file.py#L2593
14:56 XenophonF sloppy
14:57 AndreasLutro heh
14:57 ALLmightySPIFF joined #salt
14:57 AndreasLutro a hack to get past that would be to use '0' instead of 0 in the sls
14:57 jaybocc2 joined #salt
14:58 XenophonF That's a good idea.
14:58 LostSoul joined #salt
15:01 XenophonF looks like that should work - grp.getgrgid does the right thing with '0' as the string arg
15:02 ReV013 left #salt
15:05 XenophonF nope
15:05 XenophonF that doesn't work either
15:06 ninjada joined #salt
15:06 XenophonF salt.states.file._check_user() claims that group 0 is not available
15:07 XenophonF there are about a million places in the code base where someone does `if var:`
15:09 XenophonF I can't fix this.  I'll have to add a templating command or something to detect BSD and switch to 'wheel'.
15:09 XenophonF Why the heck Guido decided that conflating numbers and booleans was a good idea, I'll never know.
15:10 XenophonF /rant
15:10 cscf Well, C works like that too, so he's hardly the first
15:10 dariusjs joined #salt
15:10 cscf at least for ints.  No idea how floats work
15:11 AndreasLutro you can't add/subtract/multiply ints/floats and bools in python so I don't think it's that bad
15:11 AndreasLutro the "is var:" shorthand is meant as a convenience but clearly isn't appropriate here
15:12 XenophonF it's syntactic sugar, i agree, but for system-level code, that kind of stuff is the source of weird bugs
15:12 jhauser_ joined #salt
15:13 sh123124213 joined #salt
15:14 Xopher joined #salt
15:14 AndreasLutro it's also why === exists. people just have to know when to use it
15:14 AndreasLutro === and "is"
15:15 daxroc babilen: Im trying to fetch 'private_ips' from the mine using "salt-run mine.get 'ec2_tags:Role:batman' private_ips tgt_type=grain" no data is returned.
15:15 haam3r left #salt
15:18 daxroc while "salt '*' mine.get '*' private_ips" does return one minion
15:18 Illusioneer joined #salt
15:20 ninjada joined #salt
15:21 amontalb1n joined #salt
15:25 cscf I've been learning Haskell - you can't even add an Int and a Float without converting one of them.
15:26 bowhunter joined #salt
15:29 abednarik joined #salt
15:30 ALLmightySPIFF joined #salt
15:30 mschiff whats wrong about "salt -C 'vm* and mail*' ?
15:31 mschiff glob matching should be default, right?
15:33 mschiff or!! ;) sorry for the noise ;)
15:33 DEger joined #salt
15:34 XenophonF :)
15:34 XenophonF if it's any consolation, i didn't see that either
15:36 truches joined #salt
15:36 truches how can add a value like i = i + 1 for each minion
15:40 voldz1tic3n joined #salt
15:41 keltim joined #salt
15:45 cscf truches, please explain
15:45 beardedeagle Has anyone ever ran into an issue with salt-cloud where it copy's over the pem, pub and minion file but fails to copy over the bootstrap script? salt-cloud is reporting successful builds but salt is not installed because of this
15:47 ronnix joined #salt
15:49 Horgix joined #salt
15:50 spuder joined #salt
15:53 sarcasticadmin joined #salt
15:59 Trauma joined #salt
16:01 nickabbey joined #salt
16:01 mpanetta joined #salt
16:03 teclator joined #salt
16:07 beardedeagle nevermind, I figured it out
16:07 beardedeagle someone renamed the boostrap script from bootstrap_salt.sh to bootstrap-salt.sh and that was causing it to fail
16:08 ninjada joined #salt
16:09 PatrolDoom joined #salt
16:09 ruxu joined #salt
16:10 ronnix joined #salt
16:10 PatrolDoom joined #salt
16:10 spuder joined #salt
16:13 austin_ i have hierarchy of syndic master setup for my topology. so, i have a top layer of MoMs and 2 layers of syndics. hopefully that is easy to mentally draw in your head
16:13 austin_ the problem im having is that sometimes the MoMs do not get all of the return data
16:14 austin_ yet i can see every downstream syndic executing the cmd
16:14 austin_ is this a job cache problem?
16:14 austin_ other ideas?
16:14 austin_ its really the return data that sometimes makes it back
16:14 austin_ sometimes it doesnt
16:15 nickabbey I have a coworker who is telling me that a masterless minion can't have pillars. This seems wrong to me. I thought the pillar data was stored locally with a masterless minion. can someone clarify please?
16:16 beardedeagle @nickabbey: that is wrong
16:17 beardedeagle pillars can be used in masterless
16:17 beardedeagle https://docs.saltstack.com/en/latest/topics/tutorials/standalone_minion.html
16:17 tkojames joined #salt
16:17 nickabbey @beardedeagle and they live on the local machine, right? so I can, for example, manage my EC2 instances by bootstrapping them in a way that puts the pillars on the local machine
16:18 beardedeagle yes
16:19 nickabbey cool, thanks. thought that my suggestion was viable but didn't want to spend a lot of tie defending that position if it was wrong. gues sI'm off to read that link. Gracias
16:19 beardedeagle No problem. I do the same thing with Openstack
16:20 legreffier joined #salt
16:27 cyteen joined #salt
16:28 heaje joined #salt
16:29 abednarik joined #salt
16:31 tiwula joined #salt
16:36 tkojames So I am trying to set up a local repo for salt for my team. I was able to download the redhat stuff with rsync command. But I just want the Centos 7 stuff is there any easy way for me to do that? So I do not get all the older version. Command I ran was  -avz  rsync://repo.saltstack.com/saltstack_pkgrepo_rhel/redhat
16:37 surge_ joined #salt
16:37 tkojames Thanks!
16:38 surge_ I recently upgraded to 2016.11.1, but now my consul archive.extracted state constantly fails.
16:38 surge_ Comment: Failed to cache https://releases.hashicorp.com/consul/0.6.3/consul_0.6.3_linux_amd64.zip: [Errno 8] _ssl.c:493: EOF occurred in violation of protocol
16:38 sjorge joined #salt
16:40 surge_ I have not made changes to the state in quite some time. It just fails. Looks like this might be related to salt not using TLSv1?
16:40 ruxu joined #salt
16:41 sjorge joined #salt
16:41 morissette joined #salt
16:42 orianbsilva joined #salt
16:43 prymek left #salt
16:43 chowmeined joined #salt
16:44 orianbsilva_ joined #salt
16:46 ruxu joined #salt
16:47 mpanetta joined #salt
16:48 raspado joined #salt
16:48 moeyebus joined #salt
16:53 nZac joined #salt
16:56 nidr0x joined #salt
16:57 Tanta joined #salt
16:57 ferringb joined #salt
16:57 lws joined #salt
16:58 abednarik joined #salt
16:59 ferringb if I was looking to do arbitrary renders of pillar data against a set of grains/host settings, how best would I go about this?
17:00 ferringb I'm looking to test a larger scale change to how our pillar data is integrated, and want to render out the pillar.items results and inspect them- however, I'm trying to do this without having to deploy the actual change to salt master
17:00 ferringb anyone know of a way to do this?
17:02 edrocks joined #salt
17:02 Tanta yes, local states or a dev box
17:03 Reverend hemebond: this was the error I mentioned yesterday:
17:03 Reverend https://hastebin.com/egawobuxeg.nginx
17:04 Reverend could not found?
17:04 Reverend what
17:05 pipps joined #salt
17:05 ferringb @tanta: regarding dev box, I'm aware I can basically mock the node to look like the target, and iterate that way- I'm just looking for a way to do this that involves way less overhead
17:05 nidr0x joined #salt
17:06 ferringb @tanta: I suspect I'm missing what you mean for local states for this testing- can you point me at some docs?
17:06 Tanta https://docs.saltstack.com/en/latest/topics/tutorials/standalone_minion.html
17:07 ferringb ah, masterless.  yeah, that's my backup option
17:08 Tanta you said you want to test without changing your master, that's silly
17:08 Tanta and that's why the answers are weird
17:09 jaybocc2 joined #salt
17:09 ferringb eh, you're a step further than I am- I'm actually trying to analyze the pillar data across a couple hundred targets, verifying that the change affects it in a specific way
17:10 Tanta then local, dev, or --dry-run might be your best bet
17:10 ferringb actual testing will be done via masterless, I'm just trying to examine pillar data while I'm reorganizing content
17:10 Tanta you can render pillar data with salt-call pillar.items and see the effects that would happen with  a dry run
17:10 * ferringb nods, which requires mocking up the content on disk
17:11 ferringb poking through the api, it looks like salt.loader- with grains override- can get me into the rough range I'm after for htis
17:11 stooj joined #salt
17:13 spuder joined #salt
17:14 onlyanegg joined #salt
17:18 surge_ left #salt
17:19 netcho joined #salt
17:23 debian112 joined #salt
17:23 tkojames ls
17:24 tkojames wrong window sorry ignore
17:25 jaybocc2 joined #salt
17:27 nidr0x joined #salt
17:27 _JZ_ joined #salt
17:28 lws joined #salt
17:32 colttt joined #salt
17:37 stooj joined #salt
17:37 anotherzero joined #salt
17:41 XenophonF tkojames: Volume in drive IRC has no label.
17:41 XenophonF tkojames: Volume Serial Number is 0U812
17:41 XenophonF tkojames:
17:41 XenophonF tkojames: Directory of IRC:\hidden\evidence\to-delete
17:41 XenophonF tkojames:
17:42 StarHeart joined #salt
17:42 XenophonF eh it was funnier in my head sorry
17:42 * XenophonF is waiting for GitHub to come back up.
17:43 stooj joined #salt
17:43 eprice joined #salt
17:46 roksteady joined #salt
17:46 roksteady left #salt
17:46 Vaelatern Their status page is green, XenophonF
17:48 snarfy^ joined #salt
17:48 lws joined #salt
17:50 snarfy^ hey y'all i'm tryina iterate over a nodegroup, but there's a but that prevents cache.grains from working. can anyone help me with an alternative to what i'm trying to do with: {% for manager in salt['saltutil.runner']('cache.grains', tgt='managers', expr_form='nodegroup') %}
17:50 snarfy^ s/but/bug
17:52 XenophonF yay thanks Vaelatern
17:54 DEger joined #salt
17:54 pipps joined #salt
17:54 whytewolf saltutil.runner won't be of use on anything but the master. snarfy^ what are you trying to do?
17:56 ruxu joined #salt
18:03 tru_tru joined #salt
18:03 pipps joined #salt
18:07 snarfy^ whytewolf, orchestrate a docker swarm a la http://btmiller.com/2016/11/27/docker-swarm-1.12-cluster-orchestration-with-saltstack.html#
18:07 snarfy^ it seemed simple enough, but I've run into a problem. basically it's trying to iterate thru the nodegroups and do the needful swarm things to them using mine data
18:08 tkojames Has anybody ever set up a local salt repo before? We have need to create a local repo and I am struggling with it. I was able to get the salt repo downloaded but now have problems with clients picking it up. This is on centos. I know it might be a longshot but an suggestions would be great. Using createrepo commands  it is working for base system and other stuff but not for salt. Maybe an issue with yum.repos.d salt file/ Thanks!
18:10 stooj joined #salt
18:12 whytewolf snarfy^: what is the actual problem happening?
18:12 orianbsilva joined #salt
18:13 Sketch cd /var/www/repos ; reposync -r saltstack-repo && createrepo saltstack-repo
18:13 Sketch there's not much to mirroring...
18:13 snarfy^ whytewolf, seems like https://github.com/saltstack/salt/issues/38216 is happening
18:13 saltstackbot [#38216][OPEN] salt-run: can't get cache.grains | ```...
18:13 mirceaulinic joined #salt
18:14 Sketch if it's a client problem where you have the webserver path wrong, then you should get 404 errors
18:14 Nahual joined #salt
18:16 beardedeagle TIL: salt.roster.ansible
18:17 whytewolf snarfy^: that could be, on your master what do you get if you run salt-run -l debug cache.grains tgt=managers expr_form=nodegroup
18:17 stooj joined #salt
18:24 snarfy^ whytewolf, an error saying nonetype is not iterable ;) though it does match correctly [DEBUG   ] Matching minions for tgt="manager" and expr_form="nodegroup": ['redacted']
18:24 stooj joined #salt
18:24 lws joined #salt
18:25 ssplatt joined #salt
18:26 snarfy^ my master is 2016.11.1 on ubuntu 14.04
18:26 whytewolf snarfy^: that doesn't sound like it matches. the useer in the ticket is getting a trace. which is why i am asking you to run the cli version not trying to actually run the orchestration
18:26 iggy try with just a minion id
18:26 whytewolf none type could be anything includeding a typo
18:27 snarfy^ okay. I did run it from the CLI on the master
18:27 whytewolf okay so you did get the trace. just gave the last line of it.
18:28 whytewolf so yes that does sound like the bug
18:28 om2 joined #salt
18:28 snarfy^ yeah - tho mine is matching and his isn't
18:28 snarfy^ and yeah sorry I was lazy and didn't post the whole trace
18:29 whytewolf can you target a test.ping with the nodegroup?
18:29 snarfy^ with just -N? believe so..
18:30 snarfy^ yup
18:30 s_kunk joined #salt
18:30 whytewolf okay. and is anything returned on salt-run manage.down?
18:31 whytewolf esp anything that might be in that nodegroup?
18:31 snarfy^ nah they're all up and connected. im sure we have some unconnected minions. i have hundreds
18:32 whytewolf okay, you might need to update the ticket. with your new info.
18:33 whytewolf as the bug seems wider then originally posted
18:34 snarfy^ K.
18:34 pipps joined #salt
18:35 creativefinch joined #salt
18:35 snarfy^ tho does it seem like they already fixed it? https://github.com/saltstack/salt/pull/38659/files
18:35 saltstackbot [#38659][OPEN] Turn None into an empty string (for minion matching) | What does this PR do?...
18:36 whytewolf maybe you could try applying that patch to your master and seeing if it works.
18:36 whytewolf if it does defintly rerport that in the pr and on the ticket
18:41 moooooo joined #salt
18:42 Kelsar joined #salt
18:42 snarfy^ i guess that fix is for minions.py
18:45 smcquay joined #salt
18:47 ruxu joined #salt
18:47 creativefinch Hi. How can I get the IP associated with an unaccepted key?
18:49 jaybocc2 joined #salt
18:50 hardyfresh joined #salt
18:52 XenophonF woah salt-minion is running at 100% cpu
18:52 XenophonF it ought to be idle
18:53 XenophonF 2016..4
18:53 XenophonF 2016.3.4 i mean
18:53 XenophonF nothing in the logs
18:54 hardyfresh I'm seeing a requisite failure that I wouldn't expect. I'm marking a state as requiring a particular package but it fails even though the package is definitely being installed: https://gist.github.com/douglasmiller/f6f05df0941934e4d0b1fd09a27bdba4
18:54 ravi____ joined #salt
18:57 bowhunter joined #salt
18:57 snarfy^ hardyfresh: ubuntu 14.04? :)
18:57 hardyfre_ joined #salt
18:59 snarfy^ hardyfre_:  if so, their default pip doesn't work well with salt. it's mad old. and it won't upgrade itself if installed via package. try and easy_install of pip to get a newer version and re-running the state
18:59 snarfy^ i've had to do some workaround for pip before
18:59 hardyfre_ what's odd is if I add the state: python-pip:\n pkg.installed
18:59 hardyfre_ then it works fine
19:00 ivanjaros joined #salt
19:02 hardyfre_ https://gist.github.com/douglasmiller/25f782cfefcc68e02761d2208dc6e7d6
19:02 hardyfre_ snarfy^: it just doesn't make sense to me
19:02 druonysus joined #salt
19:02 moooooo_ joined #salt
19:03 cellofellow joined #salt
19:04 snarfy^ hardyfre_, oh that is weird. what if you use the state id in the require statement e.g. require: [pkg: required-packages]
19:05 snarfy^ should work either way tho, afaict
19:05 jaybocc2 joined #salt
19:12 hardyfre_ I'll give it a shot
19:12 whytewolf hardyfre_: require is based off of name or state id. in your example it should be failing. because neither the name or state id is python-pip
19:12 whytewolf require doesn't actually check the system it checks that the state ran
19:13 hardyfre_ That did it!
19:13 hardyfre_ thanks y'all
19:13 hardyfre_ that makes sense whytewolf
19:13 hardyfre_ explains why the single pkg.installed passed
19:15 voldz1tic3n joined #salt
19:17 austin_ is anyone using multiple layers of syndics here?
19:20 snarfy^ whytewolf, man. I sort of got it working, but now it doesn't seem to restrict the return to the nodegroup. I get grain data from every minion. I'm not good enough at python to continue down this rabbithole. thanks for your help. I think I'm going for a hacky workaround
19:20 falstaff_ joined #salt
19:23 falstaff_ I'm looking at the docs, but where is top.sls supposed to be placed in the master?
19:23 gtmanfred for pillars or states?
19:23 stooj joined #salt
19:23 gtmanfred for states /srv/salt/top.sls, for pillars, /srv/pillar/top.sls
19:23 gtmanfred or in root of your file_root
19:25 falstaff_ Oh good. It just goes at the "top" of whatever category it applies to.
19:25 gtmanfred basically yeah >.<
19:38 stooj joined #salt
19:39 spuder_ joined #salt
19:40 cytren joined #salt
19:43 cytren hey all, sorry if your answer is rtfd, but is there a salt-cloud-like utility to bootstrap an existing machine into a cluster? i.e. do everything but salt-cloud does but boot?
19:44 jholtom you mean like pxe?
19:44 jholtom pxe boot to automated installer, salt it and go from there?
19:44 pipps joined #salt
19:44 stooj joined #salt
19:45 whytewolf cytren: saltify?
19:46 whytewolf cytren: https://docs.saltstack.com/en/latest/topics/cloud/saltify.html
19:51 XenophonF cytren: are you looking to deploy salt-minion onto a bunch of computers?
19:52 voldz1tic3n joined #salt
19:55 vodik is there a way to force the salt-minions to, when trying to reconnect, check dns again?
19:55 cytren yes! saltify looks to be what I want. jholtom XenophonF: we use salt-cloud for virtual instances but are adding some bare metal nodes as well and are looking to make it as unexceptional as possible
19:55 vodik this might be insane, but my salt-master lives on my router, and my isp won't give me a static ip
19:56 Sketch hmm https://github.com/komljen/cobbler-salt
19:57 spuder joined #salt
19:57 stooj joined #salt
19:59 rem5 joined #salt
20:00 coldbrewedbrew joined #salt
20:00 coldbrewedbrew joined #salt
20:05 pipps joined #salt
20:06 cytren whytewolf: thanks! o/
20:06 whytewolf np
20:06 rem5_ joined #salt
20:07 druonysus joined #salt
20:10 beardedeagle joined #salt
20:12 beardedeagle I hope more comes with this in the future: ssf-docker-images, because as it sits I have no idea why it was put into saltstack-formulas
20:12 iggy vodik: maybe use the `master: module.function` style and write a module that does that?
20:13 vodik iggy: didn't know i could do that - but i guess that has a follow up question - is that run once at start up? or whenever it attempts to connect?
20:14 vodik i'll look into that though, thanks
20:15 vodik its just annoying since i do dynamic dns and just doing a getaddrinfo again would work
20:16 netcho joined #salt
20:16 ninjada joined #salt
20:20 jaybocc2 joined #salt
20:22 gtmanfred i think it only does it on startup unfortunately ( though I am not positive)
20:23 falstaff_ @gtmanfred: Weird, there's a top in /etc/salt/master in https://docs.saltstack.com/en/latest/ref/states/top.html#top-file-compilation-examples
20:24 ninjada joined #salt
20:29 iggy vodik: that is a good question (that I don't know the answer to)
20:29 vodik gtmanfred, iggy: thanks
20:30 vodik i'll dig into it over the weekend - its annoying when my isp rotates my public ip i lose all my minions
20:31 iggy you have minions on the internet talking to your master at home?
20:32 spuder joined #salt
20:32 moooooo joined #salt
20:37 beardedeagle buy a domain and dynamically update the dns with your public ip. I did a hackathon project on this actually.
20:37 iggy sounds like that's what's going on already
20:37 iggy the problem is the minion only checks DNS on startup
20:38 stooj joined #salt
20:38 beardedeagle ah, I must not have been in channel for the first half of the convo
20:40 lws joined #salt
20:42 vodik iggy: i do
20:42 vodik beardedeagle: yeah, i do ddns with digitalocean's api
20:43 vodik i use the same salt-master to manage stuff on digtialocean and inside my home
20:44 vodik and i don't really want to pay for another instance just to setup a salt-syndic somewhere else
20:45 eprice joined #salt
20:45 pipps joined #salt
20:45 mavhq joined #salt
20:46 toanju joined #salt
20:49 Trauma joined #salt
20:49 beardedeagle vodik: how many instances in digitalocean?
20:49 candyman88 joined #salt
20:50 Edgan joined #salt
20:50 bluenemo joined #salt
20:51 Edgan Keeping binary files secret? uuencode them and through them in pillars?
20:51 vodik beardedeagle: 3, so its not too painful to restart the salt-minions - but i want to start playing with salt-beacons and for that i need reliablitiy
20:51 coldbrewedbrew joined #salt
20:51 coldbrewedbrew joined #salt
20:51 coldbrewedbrew_ joined #salt
20:51 vodik Edgan: yaml supports base64 encoded blocks natively, actually
20:52 vodik Edgan: binary_file: !!binary |
20:53 beardedeagle vodik: ah, well that throws out salt-ssh
20:53 Edgan vodik: ok, so no manual decode
20:53 lws joined #salt
20:53 vodik beardedeagle: oh yeah, that too
20:53 vodik Edgan: no, shouldn't have to
20:53 vodik Edgan: https://learnxinyminutes.com/docs/yaml/ <- search for base64
20:53 Edgan vodik: yeah, I was agreeing with you
20:54 vodik ah, yeah, sorry
20:54 stooj joined #salt
21:02 lws joined #salt
21:06 rem5 joined #salt
21:07 mikecmpbll joined #salt
21:09 lws joined #salt
21:16 beardedeagle I haven't tried this yet, but have no reason to believe that it wouldn't work: custom grains work in standalone mode right?
21:16 beardedeagle custom grain modules I should say
21:20 lws joined #salt
21:22 Corey lws: Hello.
21:23 voldz1tic3n joined #salt
21:23 SaucyElf joined #salt
21:27 SaucyElf Hmmm. Weird reactor behavior if anyone has a spare set of eyes. Reactor sls is invoked on a custom event just fine, however does not trigger from a standard salt/miniion/*/start
21:27 SaucyElf reactor:
21:27 SaucyElf - salt/minion/*/start:
21:27 SaucyElf - /srv/reactor/restart_engine.sls
21:27 SaucyElf - /engine/reboot:
21:27 SaucyElf - /srv/reactor/restart_engine.sls
21:27 jaybocc2 joined #salt
21:28 lws joined #salt
21:28 SaucyElf fires fine in event.send '/engine/reboot' but the event salt/minion/sglXXdb1/start gets ignored
21:30 moooooo joined #salt
21:31 tru_tru joined #salt
21:32 SaucyElf I do see the start event go through the event queue, the reactor just doesn't trigger and call the restart_engine.sls
21:34 XenophonF it looks like it ought to work, based on https://docs.saltstack.com/en/latest/topics/reactor/index.html
21:35 XenophonF the example given on that page wraps the tag in single quotes
21:35 ronnix joined #salt
21:35 lws joined #salt
21:35 XenophonF it's minor and shouldn't matter, but maybe it does?
21:35 XenophonF s/the tag/the event tag/
21:37 cyraxjoe joined #salt
21:38 SaucyElf I'll try it and see, thanks
21:41 SaucyElf Weird... restarted salt-master and it now seems to be responding. I wonder if when it says '[DEBUG   ] Including configuration from '/root/salt-env/etc/salt/master.d/reactor.conf'
21:41 SaucyElf [DEBUG   ] Reading configuration from /root/salt-env/etc/salt/master.d/reactor.conf' in the log file, it's not pulling the new file or some such
21:42 lws joined #salt
21:45 _KaszpiR_ joined #salt
21:46 teclator joined #salt
21:48 spuder joined #salt
21:51 abednarik joined #salt
21:57 Kelsar joined #salt
21:59 raspado joined #salt
22:04 pipps99 joined #salt
22:04 abednarik joined #salt
22:05 heaje joined #salt
22:18 djgerm1 joined #salt
22:26 jeffspeff joined #salt
22:30 sarlalian joined #salt
22:39 bwellsnc joined #salt
22:39 DanyC joined #salt
22:40 anotherzero joined #salt
22:40 bwellsnc Hey guys, I am looking to setup schedules for highstates, I am an extreme noob with salt so I was wondering if it runs a highstate it doesn't change the confs unless something has changed on the master correct?  Thanks!
22:42 whytewolf bwellsnc: depends on how your states are written. they should be setup so that yes if you run highstate over and over again they don't change
22:43 sarlalian joined #salt
22:43 nethershaw joined #salt
22:46 ronnix joined #salt
22:47 DanyC left #salt
22:51 anotherzero joined #salt
22:58 bwellsnc As I stated, I am a newbie... this is my init I created just to do basic config management:  http://pastebin.com/79uyL3xj
22:59 hemebond bwellsnc: Your state will make sure the files match the master.
22:59 hemebond If the files are identical then no change will be made.
23:00 bwellsnc Cool, thanks, trying to move my spacewalk setup to katello/foreman and I am going to salt vs puppet...  was just doing basic config management in spacewalk, so I am just wanting to use salt for the same at least at the beginning
23:04 sarlalian joined #salt
23:07 amontalban joined #salt
23:09 pipps joined #salt
23:15 bwellsnc Another newbie question, is there documentation on storing passwords that are in my config files so I don't have them out in the open
23:16 jaybocc2 joined #salt
23:17 whytewolf bwellsnc: https://docs.saltstack.com/en/latest/topics/best_practices.html#storing-secure-data
23:19 rml joined #salt
23:22 ninjada joined #salt
23:24 bwellsnc whytewolf:  thanks!
23:24 spuder joined #salt
23:32 voldz1tic3n joined #salt
23:46 spuder joined #salt
23:47 eprice joined #salt
23:53 joshin joined #salt
23:53 joshin joined #salt
23:54 PatrolDoom joined #salt
23:59 sarcasticadmin joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary