Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2017-01-15

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:25 cyteen joined #salt
00:34 pipps joined #salt
00:36 voldz1tic3n joined #salt
00:37 amontalban joined #salt
00:37 amontalban joined #salt
00:42 ashmckenzie joined #salt
01:19 spuder joined #salt
01:19 pipps joined #salt
01:46 rml joined #salt
02:00 pipps joined #salt
02:01 ninjada joined #salt
02:04 ninjada joined #salt
02:04 necronian joined #salt
02:10 eprice joined #salt
02:11 pipps joined #salt
02:12 ninjada joined #salt
02:40 sebastian-w joined #salt
02:46 amontalban joined #salt
02:48 ilbot3 joined #salt
02:48 Topic for #salt is now Welcome to #salt! <+> Latest Versions: 2016.3.4, 2016.11.1 <+> Support: https://www.saltstack.com/support/ <+> Logs: http://irclog.perlgeek.de/salt/ <+> Paste: https://gist.github.com/ (please don't multiline paste into channel) <+> See also: #salt-devel, #salt-offtopic <+> Ask with patience as we are volunteers and may not have immediate answers
02:48 pipps joined #salt
02:52 catpigger joined #salt
02:56 spuder joined #salt
02:58 rml joined #salt
03:05 aarontc joined #salt
03:16 amontalban joined #salt
03:16 amontalban joined #salt
03:21 filippos joined #salt
03:25 netcho joined #salt
03:48 KevinAn27 joined #salt
03:51 spuder joined #salt
04:10 lorengordon joined #salt
05:06 om2 joined #salt
05:11 om2 joined #salt
05:13 eprice joined #salt
05:16 barmaley joined #salt
05:23 amontalban joined #salt
05:23 amontalban joined #salt
05:25 pipps joined #salt
05:26 netcho joined #salt
05:30 om2 joined #salt
05:31 ruxu joined #salt
05:43 om2 joined #salt
05:44 mTeK joined #salt
06:07 mikecmpbll joined #salt
06:24 ninjada joined #salt
07:06 pipps joined #salt
07:14 eprice joined #salt
07:24 amontalban joined #salt
07:25 amontalban joined #salt
07:27 netcho joined #salt
07:31 cyberscout joined #salt
08:24 apofis joined #salt
08:35 theblazehen joined #salt
08:42 ivanjaros joined #salt
08:52 pipps joined #salt
09:10 Trauma joined #salt
09:15 Lionel_Debroux joined #salt
09:28 netcho joined #salt
09:33 moeyebus joined #salt
09:36 Klas joined #salt
09:37 keimlink joined #salt
09:42 keimlink joined #salt
09:51 candyman88 joined #salt
10:05 apofis joined #salt
10:17 eprice joined #salt
10:21 rem5 joined #salt
10:26 netcho joined #salt
10:27 amontalban joined #salt
10:30 mlvd joined #salt
10:42 sjorge joined #salt
10:54 pipps joined #salt
11:14 barmaley joined #salt
11:45 Trauma joined #salt
11:46 mikecmpbll joined #salt
12:05 averell joined #salt
12:10 mikecmpbll joined #salt
12:13 jeddi joined #salt
12:35 jhauser_ joined #salt
12:40 mikecmpbll joined #salt
12:49 amontalban joined #salt
12:49 amontalban joined #salt
12:56 pipps joined #salt
12:58 scoates joined #salt
13:04 alvinstarr joined #salt
13:08 arif-ali joined #salt
13:10 mikecmpbll joined #salt
13:20 Tanta joined #salt
13:57 rem5 joined #salt
14:01 apofis joined #salt
14:04 nidr0x joined #salt
14:06 subu joined #salt
14:07 subu_ joined #salt
14:08 subu_ If communication between master and minion is TLS/SSL, then can minion blindly accept master public  key (i.e. no need for signature key).
14:08 subu_ If communication between master and minion is TLS/SSL, then can master blindly accept minion public  key (autoaccept).
14:34 Guest65193 joined #salt
14:36 upb joined #salt
14:44 cyborg-one joined #salt
14:46 mikecmpbll joined #salt
14:54 Cottser joined #salt
14:54 amontalban joined #salt
14:54 viccuad joined #salt
14:55 viccuad Hi folks. Silly question, when I do `salt '*' pkg.install vim`, where does salt know if it needs to use yum or apt, in the Master, or the Minion? thanks in advance
14:56 viccuad (taking a normal master +  many minions pattern, and executing that command in the master)
14:57 pipps joined #salt
15:15 mikecmpbll joined #salt
15:15 scoates joined #salt
15:28 bbradley joined #salt
15:35 viccuad rephrasing, salt states will call the correct execution module specific for the minion. Where does this "translation" happen? in the minion?
15:52 scoates joined #salt
16:00 viq viccuad: minions know which package manager to use
16:01 viq subu_: this would potentially allow untrusted minions to connect to your master, and thus send arbitrary events on the event bus and access all files in file_roots
16:02 viccuad viq: so, a Master does the minimum amount of work, and *all* logic happens in the minion?
16:02 ivanjaros joined #salt
16:02 viq viccuad: correct. Only pillars are rendered on master, all states are sent as-is to minions, and they figure out what to do with them
16:03 viccuad viq: many thanks
16:06 XenophonF viccuad: take a look at the code for the various *pkg execution modules
16:06 XenophonF e.g., salt/modules/aptpkg.py or salt/modules/win_pkg.py
16:06 XenophonF there's a bit of code at the top of those files that detects which package manager is in use
16:07 XenophonF that code will register the module's functions using the exec module name "pkg"
16:08 XenophonF so calling salt['pkg.install']() works the same no matter what O/S or package manager
16:08 XenophonF think of it like an interface
16:09 XenophonF that pattern gets used a lot throughout the SaltStack code base
16:17 apofis joined #salt
16:20 viccuad XenophonF: thanks :)
16:31 athaller joined #salt
16:32 pipps joined #salt
16:33 netcho joined #salt
17:20 keimlink joined #salt
17:23 eprice joined #salt
17:41 Trauma joined #salt
17:51 AvengerMoJo joined #salt
17:52 pipps joined #salt
18:06 nethershaw joined #salt
18:11 pipps joined #salt
18:11 mmptt joined #salt
18:12 mmptt how do you apply a state multiple times? ie; say there is a redis formula, and I want to run 2 different redis instances on a minion
18:13 mmptt joined #salt
18:13 mmptt replace redis with anything else (mysql, internalApp etc)
18:18 XenophonF mmptt: are you writing your own states or using someone else's formula?
18:19 Tanta define the redis details as a list or dict, and iterate over them
18:19 XenophonF if the former, just create a loop using one of the templating languages, structuring your pillar data accordingly
18:19 Tanta if there's only 1 element, just create 1 instance
18:20 mmptt XenophonF: both
18:21 mmptt hmm.. I guess with pillar merging it could work. say appX has appX.sls that defines redis: {}, and appY.sls defines a redis: {}
18:21 mmptt I want/need to seamlessly do the right thing
18:22 mmptt by redis: {} i mean pillar config
18:25 pipps joined #salt
18:27 viccuad ok, so there's 2 "communication channels" in a Master + many minions, with normal salt command client,
18:27 viccuad A) 1 shared bus, encrypted and shared between all the minions and master, where the master sends jobs bindly to minions (salt commands and salt states) and Minions send back grains
18:27 mmptt XenophonF: https://github.com/saltstack-formulas/mysql-formula
18:27 viccuad B) a private channel master<->minion, for minion return info and sending pillars from the master to the minion
18:27 mmptt if i want to leverage an official formula for example, is there anything I can do?
18:28 viccuad are those A) and B) correct? thanks in advance :)
18:31 teclator joined #salt
18:32 keimlink joined #salt
18:35 XenophonF for mysql i have never run multiple instances of mysqld on the same server
18:36 XenophonF if you need to do that, then mysql-formula will probably not meet your needs
18:37 mmptt XenophonF: essentially ill need to modify any given formula to iterate instead of assume a single pillar object per instance if I want what Im talking about?
18:37 mmptt just want to make sure i fully understand
18:37 XenophonF yup, or write your own
18:37 XenophonF which might be simpler
18:38 mmptt ok, cool. thanks
18:38 amontalban joined #salt
18:38 amontalban joined #salt
18:38 XenophonF e.g., drop in your own rc scripts/unit files/smf objects/whatever you kids call these things nowadays
18:40 mmptt ok. thankjs
18:54 teclator joined #salt
18:54 canci joined #salt
18:58 Lionel_Debroux joined #salt
18:59 teclator joined #salt
19:17 pipps joined #salt
19:26 eprice joined #salt
19:29 keimlink joined #salt
19:29 pipps joined #salt
19:33 mmptt joined #salt
19:33 mmptt what is the purpose of pillar environments?
19:33 mmptt they do not map 1:1 to salt environment?
19:35 justanotheruser joined #salt
19:37 moeyebus joined #salt
20:02 brousch__ joined #salt
20:16 nerdsvil1e joined #salt
20:16 nerdsvil1e Hey all, is there an easy way to manage IP addresses of vm's launched with salt-virt
20:18 nerdsvil1e Currently when I launch a KVM virtual machine, I have to manually set static IP's
20:23 mmptt does anyone actually use multienvironment git_pillar?
20:38 pipps joined #salt
20:41 kjsaihs joined #salt
20:41 om2 joined #salt
20:43 viccuad ok, so there's 2 "communication channels" in a Master + many minions, with normal salt command client,
20:43 viccuad A) 1 shared bus, encrypted and shared between all the minions and master, where the master sends jobs bindly to minions (salt commands and salt states) and Minions send back grains
20:43 viccuad B) a private channel master<->minion, for minion return info and sending pillars from the master to the minion
20:43 viccuad are those A) and B) correct? thanks in advance :)
20:44 hemebond viccuad: Not sure that's entirely correct.
20:45 viccuad hemebond: why not? (I'm trying to picture the behaviour, not the implementation)
20:45 hemebond My understanding is the master never reaches out. Ever.
20:45 viccuad ok, that makes sense
20:46 viccuad well, then, in a way, a minion reaches out, and the master serves him the pillars, etc
20:46 AndreasLutro viccuad: afaik, there is only 1 channel, the zmq messaging queue. the only difference is in whether the message is encrypted with the minion's private key (which means only that minion and the master can read it) or not
20:46 hemebond Yes. The master is like an HTTP server; just returns files when requested.
20:47 AndreasLutro pillars for example get encrypted by some sort of key-exchange, in a way that encrypts it so only the minion in question can read it
20:51 viccuad mmh, my explanation was quite out then
20:53 nerdsvil1e Wait so I am actually new to salt, are the minions supposed to pull the states or is the master supposed to send it
20:56 viccuad you run `salt \* state.highstate` on master, that notifies all minions that match the regex, the minions ask for the files from the master, obtain them, parse them, execute the python modules functions and voilá, state applied?
20:56 nerdsvil1e Ohhhh I got it! that makes sense
20:57 nerdsvil1e Thank that is really helpful
20:57 nerdsvil1e What is the difference between a high and low state
20:57 viccuad nerdsvil1e: let others confirm it, I'm not 100% sure
20:57 nerdsvil1e ok
21:00 hemebond You should use "state.apply" instead of state.highstate now.
21:00 hemebond Works the same way but is the new name for it.
21:01 nerdsvil1e Ok, what is the difference between a highstate and lowstate, I mainly ask because I plan to use reactors
21:01 nerdsvil1e I am still planning out all the salt stuff, I come from chef
21:01 hemebond Uh, not entirely sure. I thought low state was the application of individual states.
21:01 hemebond And highstate was applying all matching states.
21:01 hemebond i.e., highstate uses lowstate to apply all applicable states.
21:02 hemebond That's my understanding but I haven't bothered to read into it.
21:02 nerdsvil1e ok
21:02 hemebond Are you using lowstate to apply a particular state?
21:02 nerdsvil1e I was told that it is better to, I don't know the difference
21:02 hemebond Okay well you apply specific states using state.apply now.
21:03 hemebond salt \* state.apply mystate
21:03 hemebond Will apply just that one state.
21:03 hemebond salt \* state.apply
21:03 hemebond Will run highstate for all minions.
21:04 wryfi joined #salt
21:04 nerdsvil1e got it, and I just put that on a cron?
21:04 nerdsvil1e This seems backwards from chef, with chef you have a chef-client which pulls from the chef server
21:06 hemebond That's how salt-minion works.
21:06 hemebond Yes, you can put that into a cron job.
21:07 nerdsvil1e ok, and would you recommend doing that server side or client side
21:08 nerdsvil1e s/server/master && s/client/minion
21:09 gtmanfred you can put it in a cronjob or in the salt scheduler
21:09 gtmanfred and do it whichever way makes most sense for you
21:09 gtmanfred https://docs.saltstack.com/en/latest/topics/jobs/#scheduling-jobs
21:10 hemebond "salt \* state.apply" would need to go on the master.
21:10 nerdsvil1e of course, and then on the minion you just run salt-minion right?
21:10 hemebond "salt-call .,..." something something I don't use salt-call much something.... would go on the minion.
21:10 nerdsvil1e ah ok
21:10 gtmanfred salt-call
21:10 gtmanfred salt-call state.apply on the minion
21:10 gtmanfred it is basically the same format as from the master, just remove the targeting
21:11 nerdsvil1e Perfect! :) my only other question at this time, is there a good way to manage formulas from gitfs? Should I make the salt master a minion of itself?
21:12 nerdsvil1e and then manage the master config
21:12 gtmanfred that is what i would do.
21:12 nerdsvil1e alright
21:12 gtmanfred and you can use the salt-formula to manage the master
21:12 gtmanfred https://github.com/saltstack-formulas/salt-formula
21:13 gtmanfred https://github.com/saltstack-formulas/salt-formula#salt-formulas
21:14 nerdsvil1e Sweet! thanks :)
21:42 om2 joined #salt
21:43 nerdsvil1e Hmm when I try to install python-pygit2 I get a 404 on installing http-parser in centos 7, which I validated, the version the package depends on doesn't seem to exist, has anyone seen this?
21:43 nerdsvil1e Was trying to install that so I can use gitfs
21:43 gtmanfred it should be in epel
21:44 nerdsvil1e ok will try installing epel-release
21:44 gtmanfred but it is an old version, and will give you a deprication warning
21:44 gtmanfred if you are on centos 7, yum install -y epel-release
21:44 nerdsvil1e yeah it looks really old
21:44 nerdsvil1e yeah
21:44 nerdsvil1e ok interesting, I have epel
21:45 nerdsvil1e http://mirror.cs.pitt.edu/epel/7/x86_64/h/http-parser-2.0-5.20121128gitcd01361.el7.x86_64.rpm: [Errno 14] HTTP Error 404 - Not Found
21:45 gtmanfred i use gitpython and git@github.com:gtmanfred/repo, and use .ssh/config to specify ssh keys... because i don't want to deal with installing pygit2
21:45 gtmanfred so idk
21:45 nerdsvil1e I will try that out :)
21:46 nerdsvil1e A package that relies on such an old http-parser, not sure I want to use
21:47 gtmanfred that is one of the problems with rhel/centos
21:47 gtmanfred but... /shrug
21:48 gtmanfred you could try pip installing it, but you will get a deprecation warning unless you compile the newer libgit2 iirc
21:49 ivanjaros joined #salt
21:49 kjsaihs is it possible to saltify a machine without editing sats config files?
21:51 MTecknology I feel like we need to have saltstack hosting a STUN server and then we need to write states so we can then toss a grain value into mine that represents a server's public ip address.
21:52 gtmanfred kjsaihs: you could use salt-ssh and the cloud roster or cache roster to find the ip address of the server, and then use the salt-formula to bootstrap the server?
21:52 gtmanfred otherwise, no you have to edit the file
21:53 gtmanfred though in the future, i am working on allowing salt-ssh to be used to bootstrap servers made with salt-cloud, so you could potentially do that in the future with saltify
21:54 kjsaihs gtmanfred: that would be convenient, thank you!
21:58 MTecknology gtmanfred: Hey! How's your year looking?! :D
21:59 gtmanfred expensive
21:59 gtmanfred i put down deposits on the wedding and reception venues this week
22:09 MTecknology ah, congrats on your engagement!
22:17 pipps joined #salt
22:18 MTecknology WOOHOO!!!! I finally finished writing my out-of-band states! (mostly just openvpn states and a state that creates a static route)
22:22 MTecknology openvpn states are not fun at all :(
22:28 eprice joined #salt
22:30 cyborg-one joined #salt
22:33 anotherzero joined #salt
22:38 nerdsvil1e How can I make gitfs downloads verbose
22:45 MTecknology seems to be that I like and the route bit isn't working.. bummer :(
22:51 mosen joined #salt
23:00 nerdsvil1e left #salt
23:00 nerdsville joined #salt
23:01 nerdsville Is there an easy way to manage formula dependencies?
23:04 XenophonF nerdsville: what do you mean?
23:05 XenophonF i try to never write states where there are dependencies outside the .sls file
23:06 XenophonF on the rare occasion that i want to explicitly glue things together, I write glue states like the following
23:06 XenophonF https://github.com/irtnog/tomcat-formula/blob/master/tomcat/shibboleth-idp.sls
23:06 hemebond Nice.
23:06 XenophonF note that i can still call the tomcat or shibboleth.idp SLSes individually
23:06 nerdsville Like this one: https://github.com/saltstack-formulas/openstack-standalone-formula
23:07 nerdsville it is telling me that it is missing apache, memcached, avahi, mysql, epel, and qpid
23:07 nerdsville when I try to use it
23:08 nerdsville So I just got done forking all those repositories and put them in the config
23:09 nerdsville I am a super noob to salt, I hope I am doing this right
23:10 hemebond Yes, you manually fetch the formulas required.
23:10 PatrolDoom joined #salt
23:10 XenophonF nerdsville: frankly, I use salt to manage my salt-master's config
23:10 XenophonF cf. salt-formula
23:10 nerdsville Yeah I am going to end up doing that as well
23:11 nerdsville Mainly just trying to get my kvm box with openstack rn
23:11 XenophonF one of the SLSes in there is called salt.formulas, and it manages the active formulas on your master
23:11 XenophonF it might be simpler just to add the git repos of those formulas to your gitfs_remotes
23:11 nerdsville I plan to automate most of this, for now it is manual just to get the hang of it :P
23:12 XenophonF and then salt-master will automatically clone them into your base environment
23:12 XenophonF that's fair
23:12 nerdsville Yeah, I will do that for now :)
23:12 nerdsville thanks!
23:13 nerdsville I am excited to try out the salt-formula though, I was told by one of my friends that the salt master should be managed by the reactor but I feel that is an overuse, thoughts?
23:13 nerdsville He says events should be sent to manage the config
23:14 nerdsville I am still piecing it all together so trying to view it from all angles
23:15 jeddi joined #salt
23:16 nerdsville argh, the openstack formula doesn't seem to work
23:18 pipps joined #salt
23:28 PatrolDoom joined #salt
23:32 MTecknology WOO! It actually is working now! :D
23:33 MTecknology Last task on my to-do list for this sucker is to make sure my raspi always updates network time when it boots

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary