Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2017-02-08

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:00 jas02 joined #salt
00:13 alaspooryorick joined #salt
00:13 alaspooryorick left #salt
00:17 jmickle hi can anyone answer a question for me that I can not seem to find in the docs?
00:17 djgerm Always worth a try!
00:18 jmickle what exactly is ret[‘retcode’] from the salt returners json
00:18 jmickle is that the exitcode of the minion? is it a count of failures?
00:20 whiteinge that is currently unfinished and undocumented but you can see some explanation in this file: https://github.com/saltstack/salt/blob/develop/salt/defaults/exitcodes.py
00:22 jmickle interesting, so is there a way that one can see the number of failed states in a highstate through a returner?
00:22 jmickle aside from recursively counting the results in a duration output
00:23 whiteinge no. that summary view in the CLI is baked into the highstate outputter only
00:24 whiteinge you could grab the data from your data store and toss it through the outputter but that's the only place it's currently available.
00:24 dendazen joined #salt
00:25 whiteinge https://github.com/saltstack/salt/blob/develop/salt/output/highstate.py
00:25 jmickle hmm
00:25 jmickle how would you pull it from the datastore
00:25 jmickle using the default data store
00:26 jmickle actually what is the default data store
00:33 whiteinge oh, i assumed you were calling a returner module to put that data into some data store. if you're just looking at the interface that doesn't quite apply :)
00:33 sh123124213 joined #salt
00:33 jmickle ah ok, no its not putting data into the data store. The returner is manipulating the data directly however do you know if that data is on the return object?
00:34 jmickle if the data is on an object that *would* be put into a datastore i can solve it directly there
00:35 whiteinge the distinction is the returner takes the raw data and shoves it into whatever data store that returner works with. the outputter modules take that raw data and format it for display at the CLI. but they're both working with the exact same return data.
00:36 whiteinge if you're using a returner and configure either the external_job_cache or master_job cache then the jobs runner module will know how to query that data store automatically and also uses the right outputter module to write that to the CLI.
00:36 whiteinge but if you want that summary somewhere other than the CLI you'll have to query the data store and summarize it yourself.
00:40 jmickle ok, i am working on a custom returner
00:40 jmickle so basically il have to do the parsing and counting in the returner then
00:40 jmickle so that i can write it to our data store (librato)
00:41 ponyofdeath anyone know why this is failing https://bpaste.net/show/1c4f0a3483d7
00:42 tapoxi joined #salt
00:42 whiteinge neat. a librato returner would be cool to see
00:43 Edgan Ryan_Lane: you sure listen works like watch for services? I am getting hints that it isn't restarting services when I expect them to.
00:43 jmickle whiteinge: there will be one soon :-)
00:44 abednarik joined #salt
00:44 whiteinge ponyofdeath: try 0.25
00:46 ivanjaros joined #salt
00:48 Edgan Ryan_Lane: https://paste.fedoraproject.org/550801/48651492/
00:51 jhauser joined #salt
00:53 Edgan Ryan_Lane: yeah, listen doesn't work :(
00:59 onlyanegg joined #salt
01:00 jas02 joined #salt
01:04 djgerm On rare, but regular-ish, occassions, I'll run some state against either * or some subset of minions, and onsies and twosies will not respond. But if I run the same thing again, they do… they're not under any load, they work fine before, they work fine immediately following… just.. no response from minion… and I don't understand WHY…. and we're talking about maybe a total of 60 minions. nothing crazy
01:06 gtmanfred Edgan: listen works here
01:07 gtmanfred Edgan: and yeah, it specifically uses mod_watch, it gets tacked on at the end of the state run, and only one of them does, unlike watch which is immediately after the watched state, and could restart the service multiple times
01:08 whytewolf iirc listen actually uses a different id for the restart then the normal state. because it still trys to make the start part work. and creates a new state that restarts
01:08 Edgan gtmanfred: doesn't work for me with 2016.11.1
01:08 gtmanfred yes
01:08 gtmanfred that is correct whytewolf
01:09 gtmanfred one second, lemme get a sample state test setup
01:09 Edgan gtmanfred: this is also salt-ssh
01:11 whytewolf Edgan: was there another state listed further down names listener_<stateid>
01:11 whytewolf ?
01:12 gtmanfred Edgan: should still work
01:12 gtmanfred Edgan: this works http://ix.io/1SMt
01:13 gtmanfred it runs the cmd.run twice, once in its place, and then onces at the very in
01:13 gtmanfred which would signify starting the service, and then restarting it at the end after the configs were updated
01:15 debian112 joined #salt
01:17 whytewolf Edgan: function on the second state created by listen is service.mod_watch
01:18 gtmanfred ^^
01:23 Edgan gtmanfred: try a pkg instead of a file, and try it with salt-ssh
01:31 eThaD joined #salt
01:34 DEger joined #salt
01:35 gtmanfred Edgan: i will in the morning.  Can you open an issue about it so I don't forget?
01:42 Edgan gtmanfred: yes
01:49 woodtablet left #salt
01:52 jhauser joined #salt
01:57 stooj joined #salt
01:57 ssplatt joined #salt
02:01 mpanetta_ joined #salt
02:02 jas02 joined #salt
02:08 catpigger joined #salt
02:12 sh123124213 joined #salt
02:15 onlyanegg joined #salt
02:25 debian112 joined #salt
02:26 k_sze[work] joined #salt
02:27 k_sze[work] joined #salt
02:31 scsinutz joined #salt
02:38 Poppabear joined #salt
02:38 Poppabear joined #salt
02:40 Poppabear ok, question when doing a `salt-key -y -a 'hostname'` rather it fails or succeeds the return code is always 0 ? is this by design ?
02:43 scoates joined #salt
02:51 swills joined #salt
02:52 jhauser joined #salt
02:53 keltim joined #salt
02:55 Nahual joined #salt
02:58 evle joined #salt
03:01 XenophonF joined #salt
03:02 jas02 joined #salt
03:13 aagbds joined #salt
03:19 kiorky joined #salt
03:23 orionx joined #salt
03:25 orionx_ joined #salt
03:30 eThaD joined #salt
03:46 amagawdd joined #salt
03:53 jhauser joined #salt
04:00 nixjdm_ joined #salt
04:00 k_sze[work] joined #salt
04:05 nixjdm_ joined #salt
04:10 beardedeagle joined #salt
04:11 nixjdm_ joined #salt
04:18 beardedeagle I have a custom grain module I wrote for generating grains based off of a hostname. Basically you can specify the regex to apply with mappings to what means what. Would anyone find that useful enough that I should pr it in?
04:18 beardedeagle this is all set in the salt config files
04:23 DEger joined #salt
04:25 mavhq joined #salt
04:28 k_sze[work] joined #salt
04:37 amagawdd joined #salt
04:39 jmickle joined #salt
04:54 jhauser joined #salt
05:08 ravi____ joined #salt
05:17 DEger joined #salt
05:21 rdas joined #salt
05:24 justan0theruser joined #salt
05:26 morissette joined #salt
05:34 viderbit joined #salt
05:51 jmickle joined #salt
06:04 impi joined #salt
06:07 colttt joined #salt
06:17 k_sze[work] joined #salt
06:17 ronnix joined #salt
06:17 bocaneri joined #salt
06:18 k_sze[work] joined #salt
06:25 orionx joined #salt
06:27 preludedrew joined #salt
06:29 toki joined #salt
06:29 toki hello
06:29 toki anyone available to assist with a (hopefully) simple question?
06:32 Vaelatern Rule (somehwere between 1 and 5) of IRC: Don't ask to ask.
06:34 gladia2r joined #salt
06:36 toki In that case, I'll just ask. I have two states, one to manage openvpn, the other to manage openvpn-otp. When openvpn-otp is installed, it drops a plugin into a directory. I want to re-call a state (to render the conf file from a jinja template) in the openvpn sls file from my openvpn-otp file when the plugin is installed. What is the best way of tackling that?
06:38 Vaelatern Probably just onchange with the name of the other state
06:39 toki thanks - giving that a try now
06:40 bocaneri joined #salt
06:43 HPUser_ joined #salt
06:46 bocaneri joined #salt
06:47 scsinutz joined #salt
06:48 morissette joined #salt
06:59 HPUser__ joined #salt
07:03 nidr0x joined #salt
07:08 djgerm Any thoughts on why this error is occurring when I run salt-run fileserver.update? http://paste.debian.net/913316/
07:10 whytewolf djgerm: https://github.com/saltstack/salt/issues/39100
07:10 saltstackbot [#39100][OPEN] salt-run fileserver.update Exception | Description of Issue/Question...
07:14 DEger joined #salt
07:15 DanyC joined #salt
07:20 djgerm oh hey look at that!
07:20 djgerm that's great! I was going nuts
07:20 eThaD joined #salt
07:22 mk-fg joined #salt
07:31 mk-fg joined #salt
07:48 cyborg-one joined #salt
07:49 gnomethrower what's the best way to generate a password hash for Salt to use that ISN'T based on md5?
07:49 gnomethrower https://docs.saltstack.com/en/latest/ref/states/all/salt.states.user.html
07:49 gnomethrower the docs suggest "openssl passwd -1" but that uses md5
07:50 honestly gnomethrower mkpasswd
07:50 honestly which is all over the place package-wise
07:50 gnomethrower honestly: I'm confused...
07:50 gnomethrower I have a password I want to turn into a hash, I don't need to generate a new password
07:51 gnomethrower sorry my wording might have been a little off
07:51 honestly see, that's exactly what I mean
07:52 honestly there is a mkpasswd command that is a frontend to crypt(3)
07:52 gnomethrower ah, interesting
07:52 gnomethrower will look into that, thanks
08:05 whytewolf yeah i hate suggesting mkpasswd since it is all over package wise. centos has it in expect. debian i forget where. and niether work the same way
08:06 whytewolf but it does do passwords beyound md5
08:17 gnomethrower debian has it in whois
08:17 gnomethrower which is a STUPID place!
08:17 gnomethrower :P
08:17 whytewolf well expect isn't much better
08:18 gnomethrower yeah... it really ought to be its own package
08:18 whytewolf it really ought to be a comprehensive system that is normalized and works the same across distros
08:18 * whytewolf sips his tea
08:18 whytewolf but that is none of my business
08:23 HPUser__ Hello
08:24 HPUser__ I'm trying to use salt-cloud with cloudstack driver and I want to know if I can specify the network that I create previously in the profile?
08:24 HPUser__ if yes what is the attribute name location ?
08:25 sybix joined #salt
08:25 MeltedLux joined #salt
08:26 matti joined #salt
08:26 matti joined #salt
08:26 eThaD joined #salt
08:27 descrepes joined #salt
08:28 nebuchadnezzar joined #salt
08:31 scristian joined #salt
08:38 JohnnyRun joined #salt
08:47 ronnix joined #salt
08:50 DanyC joined #salt
08:50 jas02 joined #salt
08:51 DanyC joined #salt
08:52 DanyC joined #salt
08:57 fredprod joined #salt
09:01 mikecmpbll joined #salt
09:08 jas02 joined #salt
09:20 teclator joined #salt
09:20 jeffspeff joined #salt
09:34 jas02 joined #salt
09:36 chowmein__ joined #salt
09:36 kbaikov joined #salt
09:36 juanito_ joined #salt
09:36 phx__ joined #salt
09:37 darthzen_ joined #salt
09:37 s_kunk joined #salt
09:37 s_kunk joined #salt
09:38 dragon788_ joined #salt
09:38 CheckYourSix_ joined #salt
09:39 kukacz_ joined #salt
09:39 mTeK joined #salt
09:40 davroman1ak joined #salt
09:40 canci_ joined #salt
09:40 kleszcz_ joined #salt
09:40 khorben_ joined #salt
09:40 the_lale1u joined #salt
09:40 sybix_ joined #salt
09:40 rmc3 joined #salt
09:41 j4son_ joined #salt
09:41 MTecknol1gy joined #salt
09:41 Elijah joined #salt
09:41 Elijah joined #salt
09:41 rofl_____ joined #salt
09:41 mpoole_ joined #salt
09:42 hlub_ joined #salt
09:43 evle joined #salt
09:43 TheBigRedButton joined #salt
09:44 gtmanfre- joined #salt
09:44 Nebraskka_ joined #salt
09:44 edgr- joined #salt
09:44 aberdine_ joined #salt
09:45 zz_Cidan joined #salt
09:45 Cidan joined #salt
09:46 xs- joined #salt
09:46 alekhya joined #salt
09:47 nihe joined #salt
09:47 alekhya Hi,Can any one suggest how to lint salt files
09:49 ssplatt joined #salt
09:49 jhauser joined #salt
09:51 muep_ joined #salt
09:51 dimeshake joined #salt
09:52 jas02_ joined #salt
09:52 rpb joined #salt
09:52 thenut joined #salt
09:52 hrumph joined #salt
09:52 jas02_ joined #salt
09:52 adelcast joined #salt
09:53 monokrome joined #salt
09:54 hoonetorg joined #salt
09:56 phx joined #salt
09:59 tom29739 joined #salt
10:00 sjorge joined #salt
10:00 sjorge joined #salt
10:05 toanju joined #salt
10:05 iggy alekhya: salt-call -l debug state.sls foo test=True <-- best I've come up with
10:06 iggy that and show_sls
10:14 teclator joined #salt
10:16 davromaniak joined #salt
10:23 gnomethrower hey guys
10:24 gnomethrower https://docs.saltstack.com/en/latest/ref/states/all/salt.states.service.html - how do I use this when the name of the service can change between RedHat/Debian (or CentOS/Ubuntu)?
10:24 gnomethrower for example, ssh is "ssh" service on Ubuntu, and "sshd" on CentOS
10:24 gnomethrower so doing ssh: \n service.running
10:24 gnomethrower doesn't seem possible
10:27 gnomethrower https://gist.github.com/Zorlin/d2c7f6b364f08f2a0a56be73787efcef
10:27 gnomethrower this is my first attempt at this...
10:32 babilen gnomethrower: You maintain a mapping of appropriate service names per os family as typically used in formulas: https://docs.saltstack.com/en/latest/topics/best_practices.html
10:33 gnomethrower babilen: perfect, thank you :)
10:33 babilen gnomethrower: https://github.com/saltstack-formulas/openssh-formula/blob/master/openssh/map.jinja would be the example for OpenSSH
10:35 ruxu joined #salt
10:50 amcorreia joined #salt
10:51 amcorreia joined #salt
10:52 amcorreia joined #salt
10:53 jhauser joined #salt
10:55 CrummyGummy joined #salt
10:55 abednarik joined #salt
11:07 ivanjaros joined #salt
11:13 thenut joined #salt
11:37 evle1 joined #salt
11:44 candyman88 joined #salt
11:48 dendazen joined #salt
11:54 jas02_ joined #salt
12:09 toanju joined #salt
12:11 sp0097 joined #salt
12:11 fredprod joined #salt
12:14 abednarik joined #salt
12:15 amcorreia joined #salt
12:18 const joined #salt
12:19 const Hi, when i execute state 'module.run' and executed module fails, salt still thinks - there is no error, how can I change this behaviour?
12:25 jeddi joined #salt
12:34 Reverend do reactors execute everything in order?
12:34 AndreasLutro no
12:34 Reverend poopy
12:35 AndreasLutro call orchestrators from the reactor
12:35 Reverend sorry what
12:37 Reverend okay, looks fairly straight forwards...
12:37 Reverend AndreasLutro: you miught know... if I'm running two highstates from a reactor, why is it not applying all the stuff the -second- highstate should be running? does it compile all the 'to-do' list -before- running anything? if so, that makes sense.
12:40 toanju joined #salt
12:41 AndreasLutro probably because the reactor tries running both highstates at once which salt won't allow
12:41 AndreasLutro dunno though check the logs
12:42 Reverend I am using the "queue=true" args... so ideally it should queue them up. That's how I stopped the error that moaned about currently running highsates.
12:42 Reverend i dunno :(
12:42 Reverend I'll figure it out. thanks though AndreasLutro. mcuh love.
12:42 AndreasLutro okay, never tried that myself
12:43 Reverend no problem :)
12:54 abednarik joined #salt
12:55 jas02 joined #salt
12:59 Stryker231 joined #salt
13:01 babilen Reverend: Another approach would be to fire a custom event from the "first" highstate that triggers execution of a (freshly compiled) "second" one
13:03 manji Reverend, do you have any minion restarts
13:03 manji in your states?
13:03 manji service restart I mean
13:15 ravenx joined #salt
13:16 ravenx how can i get the current salt command params and use them in my salt states
13:16 ravenx kinda like environment variables
13:16 ravenx for example:   salt 'server1' state.sls super-app
13:16 ravenx i would like to use "super-app" in my init.sls files
13:16 manji ravenx, you need maybe state modules
13:16 ravenx state modules.. o_O
13:16 manji custom ones
13:17 ravenx ah so i need to write them myself?
13:17 manji or a module
13:17 manji eg I have a module to unmonitor and stop some of our applications
13:17 manji so I wrote a simple module named application.py
13:17 manji and then I run
13:17 Maudite joined #salt
13:18 manji salt 'minion*' application.disable myapp
13:18 manji in the module I call eg the salt systemd module, salt monit modules
13:18 manji tec
13:18 manji etc*
13:18 ravenx ahh gotcha
13:18 ravenx thanks
13:18 ravenx darn was hoping for a baked in solution
13:19 ravenx not something i'd have to write
13:19 manji ravenx, it can be like less that 5 lines of python :p
13:19 manji also I think
13:19 manji you could pass pillar data in the command line
13:19 manji but the result is like:
13:20 AndreasLutro states aren't meant to be used like command-line tools where you pass in arguments and stuff
13:20 manji salt 'bla' state.sls thisstate pillar={'blabla': 'blabalbla'}
13:20 ravenx manji: i think that'll work, work the pillar data
13:20 manji ravenx, AndreasLutro has a point there
13:20 ravenx yeah, true.
13:20 ravenx but i'm writing re-usable states
13:20 ravenx with macros
13:20 ravenx so i was hoping i could.
13:21 Maudite Hello everyone.  I've only just started digging into salt yesterday.  I'm really thinking it is the tool for us to use.  We are a windows shop, and I need to do configuration management with it.  Can anyone point me to some good windows managment info, this seems to be hard to come by?
13:22 morissette joined #salt
13:25 manji has anyone used Reclass for node definition ?
13:25 abednarik joined #salt
13:26 dlloyd anyone know why 2016.11.2 is created /mnt/jenkins on all my nodes?
13:26 dlloyd er creating
13:26 keltim really?
13:27 babilen dlloyd: Without you running a corresponding state?
13:27 manji wot?
13:27 dlloyd we don't use it anywhere, and after i highstate i suddenly have /mnt/jenkins/workspace/agent-build-official-master/os/ubuntu1204/objdir/install/etc, which is empty
13:27 manji ??
13:27 manji this is weird
13:27 dlloyd only things that a locate jenkins turns up are salt modules
13:28 dlloyd and /mnt/ is a freshly wiped cryptmnt that salt itself configures
13:28 viq dlloyd: state.show_top  ?
13:28 viq and state.show_lowstate
13:28 dlloyd let me grab a sacrifical node
13:28 viq dlloyd: those only show, don't perform the changes
13:29 dlloyd ok
13:29 manji dlloyd, after package installation or after a highstate?
13:29 dlloyd neither of those show any references to jenkins
13:29 manji looks like a packaging leftover
13:29 dlloyd not sure on when, let me check
13:30 dlloyd nope, installing via deb, neither package knows about those paths
13:31 manji dlloyd, check post install steps in th package
13:31 dlloyd let me try nuking that partition and starting over
13:31 dlloyd will do
13:31 manji and check when the dir was created
13:31 dlloyd well, that mount isnt mounted until salt's first highstate
13:32 dlloyd jan 25th, on a system with 300d uptime, let me see if i upgraded any packages around then
13:32 manji yeah check your apt log
13:33 dlloyd well, the instnace i first noticed it on is ~1 hour old
13:33 manji have you built the instance image?
13:34 manji maybe it is not something related to salt
13:35 dlloyd no, this is stock ubuntu amis, for 12.04 and 14.04
13:36 dlloyd and the partition mounted on /mnt/ is reformated at launch
13:36 dlloyd let me do some further digging, will report back
13:43 toastedpenguin joined #salt
13:44 Jimlad joined #salt
13:47 dendazen joined #salt
13:52 abednarik joined #salt
13:53 dlloyd ah
13:53 dlloyd not salt, its threatstack
13:53 dlloyd just gets installed right after that mount point
13:53 dlloyd sorry for the noise.
13:54 numkem joined #salt
13:56 jas02 joined #salt
13:59 manji btw anyone knows if QA team tags an issue as "cannot replicate", goes back to try and replicate them when someone updates/provides more info on the issue?
14:00 Reverend babilen: that's a fucking fantastic idea.
14:00 Reverend manji: we have 5 layers of autoscaling servers that spin up and down as necessary, and they need to fetch 2 highstates every time they do srever-up.
14:01 babilen Reverend: Think of it as "handover"
14:02 Reverend yeah. that's a really tidy idea babilen. I'll have a crack after this meeting. Thanks again.
14:02 babilen Enjoy
14:02 jas02 joined #salt
14:03 tracphil joined #salt
14:04 fredprod joined #salt
14:07 theblazehen joined #salt
14:10 Cottser joined #salt
14:12 aagbds joined #salt
14:12 austin_ joined #salt
14:12 gladia2r joined #salt
14:14 Brew joined #salt
14:16 abednarik joined #salt
14:25 Jimlad joined #salt
14:26 austin_ in an active/active multimaster setup, how are people handling reactors ?
14:31 ssplatt joined #salt
14:37 ronnix joined #salt
14:38 AndreasLutro only setting it up on 1 master
14:44 edrocks joined #salt
14:48 mrud joined #salt
14:49 racooper joined #salt
14:50 scoates joined #salt
14:58 jas02_ joined #salt
15:03 abednarik joined #salt
15:07 PatrolDoom joined #salt
15:08 pppingme joined #salt
15:08 nickabbey joined #salt
15:10 drawsmcgraw joined #salt
15:12 Tanta joined #salt
15:18 sh123124213 joined #salt
15:21 Jimlad joined #salt
15:21 KaczuH joined #salt
15:22 feliks joined #salt
15:26 gtmanfred joined #salt
15:28 keltim_ joined #salt
15:29 gtmanfred so apparently there was a giant netsplit last night...
15:29 mpanetta joined #salt
15:37 debian112 joined #salt
15:40 _JZ_ joined #salt
15:46 Mo0O joined #salt
15:46 bakins joined #salt
15:47 Jimlad joined #salt
15:53 scoates joined #salt
15:56 Redlook joined #salt
15:56 ivanjaros joined #salt
15:58 xdanx1 joined #salt
15:59 jas02 joined #salt
15:59 tiwula joined #salt
16:00 Jimlad joined #salt
16:01 xdanx1 Hello. I've got a little problem with a custom grain (salt-2015.8.12) . If i execute the grain on the minion it return the grain value (salt-call grains.item mygrain > local: mygrain:1234) . If i call it from the master i get no value (i.e. mygrain:) . Anyone an idea what the cause can be ?
16:02 dyasny joined #salt
16:04 Reverend we should have a "order: last" and and "order: VERYlast". you can only have one instance of the latter though :)
16:05 daxroc Anyone encountered blockdev.formated silent error on 'lsblk -o fstype /dev/<disk>' failing to detect the FS ? I've seen it happen on three distinct nodes after provisioning four other disks on each of the nodes.
16:06 Cadmus joined #salt
16:08 Cadmus Hello, I'm having a spot of bother after a recent salt update (2016.11.1 to 2016.11.2), I'm using gitfs and I'm getting an error about "TypeError: argument of type 'bool' is not iterable" when I do a salt fileserver.update. Has anyone else seen this?
16:08 DammitJim joined #salt
16:09 njegra joined #salt
16:09 DammitJim is there a way to file.manage a tar.gz file and only decompress it and not untar it?
16:09 sarcasticadmin joined #salt
16:11 gableroux joined #salt
16:15 Reverend right lads and lassies. Storing ints in grains...
16:15 Reverend whats the word on the street
16:16 DammitJim are you doing some kinda math?
16:16 Reverend yeah :/
16:16 Reverend i can'
16:16 Reverend i canneh add them up.
16:16 ssplatt Reverend: i think youd have to convert it after the fact with a jinja filter
16:16 Reverend oh yeah -_-
16:16 Reverend ssplatt: heroic.
16:16 ssplatt i think you can test if somehtings an int too
16:18 xdanx1 No one an idea ?
16:18 ssplatt xdanx1: did you sync all?
16:18 ssplatt saltutil.
16:18 Jimlad joined #salt
16:18 ssplatt minion process is running on the master?
16:18 babilen xdanx1: What's the minion doing when you run the command from the master? Might want to try running the minion in debug mode
16:19 xdanx1 babilen : thanks for your reply.After restarting the salt-minion it works. The question is why saltutil.sync_grains is not enough.
16:19 Redlook left #salt
16:19 orionx joined #salt
16:20 scoates joined #salt
16:20 babilen Depends on your grain
16:20 ssplatt it needs to 1) update all pillar, 2) sync all grains, 3) sync all modules
16:20 ssplatt that’s my guess
16:20 Reverend or... sync_all :D
16:20 babilen xdanx1: Are you using modules that wouldn't be available?
16:21 babilen xdanx1: If so you might want to consider passing refresh=True during the sync
16:23 dyasny joined #salt
16:24 scoates joined #salt
16:28 Reverend okay so grains.remove has to be one of the most retarded commands ever
16:32 DammitJim so, is there a way to to gunzip something, but not untar it with file.managed or extracted?
16:32 DammitJim or is there a different state?
16:34 ecdhe joined #salt
16:34 ecdhe joined #salt
16:34 swa_work joined #salt
16:38 babilen Reverend: How so?
16:38 Reverend why does it need a value? surely I should be able to remove a grain without needing to know what it's set to >_<
16:38 babilen DammitJim: Might be able to get it to work by defining suitable options or unzip command .. not sure, never had to do that
16:39 DammitJim gunzip in this case
16:41 sp0097 joined #salt
16:42 beardedeagle joined #salt
16:43 teclator joined #salt
16:44 hackel joined #salt
16:46 MTecknology joined #salt
16:49 tom29739 joined #salt
16:49 jas02 joined #salt
16:52 ssplatt do cmd.run’s use a login shell? do they record history?
16:54 ssplatt if i have to run something that puts a var in plain text on the cli, do i have to make sure i then clear history to remove traces?
16:58 ssplatt i guess ic ould have a start write a temporary script, run the script, then remove the script
16:58 ssplatt s/start/script
16:58 ssplatt er
16:58 ssplatt s/start/state
16:59 jmickle joined #salt
17:00 jas02 joined #salt
17:00 jas02_ joined #salt
17:00 whytewolf ssplatt: cmd.run does not run an interactive shell. and no it doesn't log to history
17:01 ssplatt ok. good to know.
17:01 ssplatt thanks
17:02 babilen It might be logged to the minion's log though
17:05 Reverend babilen: IT WORKED!
17:06 Reverend i have an include on all states that require prereq tags called "firstrun", and uses a grain "run_count" and if it's less than 2, just runs the highstate over and over
17:06 Reverend works a fucking treat
17:06 Reverend you HERO. you fixed a 2 day problem. :D:D:D:D:D <3
17:07 jav joined #salt
17:08 candyman88 joined #salt
17:14 babilen Reverend: Hooray :)
17:14 jas02 joined #salt
17:15 Trauma joined #salt
17:18 Reverend babilen: i can impliment my autoscaling groups now. SUCH a legend. thank you so much.
17:18 Jimlad joined #salt
17:19 DanyC joined #salt
17:22 woodtablet joined #salt
17:28 abednarik joined #salt
17:30 Cadmus Mmm, autoscaling groups, I really want them
17:32 wendall911 joined #salt
17:32 Reverend yeah. works a treat :)
17:33 Reverend Cadmus: they actually work out a lot more cost effective too, as you can reduce your server count to 1 overnight, and then scale back up to 4 or 5 during the day
17:35 scsinutz joined #salt
17:36 AvengerMoJo salt -C "S@IP" seem to be not working correctly for me , I wonder it is known issue
17:36 Cadmus We're still on-prem, AWS is being considered for some future stuff and I do quite like it. I worry a little about lock-in
17:38 DanyC joined #salt
17:38 * whytewolf is a fan of most cloud systems. but then again that would be because i get to build cloud setups
17:38 vifon Hello. Are dots in the minion names supported? It seems they cause trouble when using L@minion1,minion.with.dots2.
17:44 nixjdm_ joined #salt
17:45 vifon Nevermind, it was a combination of two other problems.
17:48 sp0097 left #salt
17:48 jas02 joined #salt
17:48 DanyC joined #salt
17:50 kshlm joined #salt
17:52 Inveracity joined #salt
17:53 abednarik joined #salt
17:55 Jimlad joined #salt
18:01 nickabbey joined #salt
18:01 jas02 joined #salt
18:02 DammitJim joined #salt
18:05 jas02_ joined #salt
18:05 amagawdd_ joined #salt
18:14 s_kunk joined #salt
18:15 mavhq joined #salt
18:15 Neighbour joined #salt
18:18 edrocks joined #salt
18:18 debian1121 joined #salt
18:22 debian112 joined #salt
18:24 DammitJim joined #salt
18:28 Trauma joined #salt
18:39 Praematura joined #salt
18:41 woodtablet left #salt
18:41 tom29739 joined #salt
18:43 woodtablet joined #salt
18:43 netcho joined #salt
18:43 netcho joined #salt
18:46 ksoviero joined #salt
18:46 ksoviero Are there any Python modules for Salt that will allow me to access the Salt utilities like salt-key in a Pythonic way?
18:48 ksoviero I mean, in a pinch, I could always just parse the output of salt-key -L --out json, but that seems hackish as all hell.
18:49 Eugene ksoviero - https://docs.saltstack.com/en/latest/ref/clients/
18:50 Eugene ksoviero - a useful entry point is following the flow of the `salt` utility, particularly salt_main()
18:52 ksoviero Ah, thanks Eugene
18:55 jhauser joined #salt
18:55 scsinutz joined #salt
18:56 numkem joined #salt
18:56 ksoviero Eugene, I'm looking through all the functions, but I don't see a way to access the salt-keys. Do you know if there's a way?
18:57 Eugene Not off hand. Explore more
18:58 bluenemo joined #salt
19:03 DammitJim joined #salt
19:05 ChubYann joined #salt
19:06 Jimlad joined #salt
19:07 Inveracity joined #salt
19:08 onlyanegg joined #salt
19:10 amagawdd joined #salt
19:12 sarcasticadmin joined #salt
19:14 netcho hi all, is it possible to checkout specific branch (from ENV) in  git.latest state file?
19:15 netcho this works ... salt git.checkout /path/ origin/${branch} opts=" -b '${branch}'"
19:16 jas02 joined #salt
19:17 eprice joined #salt
19:21 wiqd joined #salt
19:21 johtso joined #salt
19:21 OliverMT joined #salt
19:23 brousch__ joined #salt
19:23 zifnab joined #salt
19:24 bbhoss joined #salt
19:26 hillna joined #salt
19:27 armguy joined #salt
19:27 simonmcc joined #salt
19:28 czchen_ joined #salt
19:30 lkannan joined #salt
19:30 abednarik joined #salt
19:32 XenophonF Cadmus: regarding lock-in, that's why i'm focused on config management. deploying an existing salt-managed service to new infrastructure is pretty straightforward.
19:33 linovia joined #salt
19:33 samkottler joined #salt
19:33 vegardx joined #salt
19:33 tercenya joined #salt
19:33 nahkiss joined #salt
19:34 daxroc joined #salt
19:36 phtes joined #salt
19:36 Jimlad joined #salt
19:36 XenophonF netcho: you want to use an environment variable to specify the branch?
19:36 marcinkuzminski joined #salt
19:37 netcho XenophonF: yes
19:37 XenophonF that'd work only if the environment variable was set in the execution context of the salt-minion process
19:37 MTecknology netcho: yes: https://docs.saltstack.com/en/latest/ref/states/all/salt.states.git.html#salt.states.git.latest
19:37 MTecknology -rev
19:37 cscf MTecknology, he's asking how to get it from bash env
19:37 MTecknology oooooooh
19:37 netcho yes
19:37 cscf Though I think the answer is "don't"
19:37 XenophonF you're better off storing the branch in the state or pillar data, and assigning that to the minion
19:37 cscf IMHO
19:38 MTecknology did I miss that in the netsplit?
19:38 netcho i can store it to pillar if branch is stable, but feature branches are created m,ultiple times a day
19:38 MTecknology netcho: sounds like a job for vagrant
19:38 netcho wooo
19:39 netcho that legacy stuff? :D
19:39 XenophonF what are you trying to do?
19:39 XenophonF salt isn't a silver bullet and cannot solve every problem ever
19:39 netcho yes it can :D
19:39 netcho it is the best!
19:40 XenophonF you might be better off using a CI tool
19:40 netcho trying to pull certain branch on one of the minions
19:40 smakar_ joined #salt
19:40 netcho this is combo jenkins/salt
19:40 MTecknology XenophonF: unfortunately, I feel like it's too often able to solve too many problems in ... ehm.. "creative" ways
19:40 cscf netcho, doesn't jenkins do this, though?
19:40 netcho i don't want jenkins to ssh on my minions
19:41 netcho jenkins triggers salt modules/states
19:41 netcho i just need to pull custom branch on my minion
19:41 drawsmcgraw Asked a while back but hopefully we have more people this time -> Anyone know anything about saltconf 17?
19:42 MTecknology drawsmcgraw: it's the one after 16!
19:42 netcho it works with git module
19:42 MTecknology drawsmcgraw: it'll have speakers, attendees, and staff
19:42 drawsmcgraw Thanks MTecknology :) I'll try to be more specific, then
19:42 MTecknology guaranteed!
19:43 edrocks joined #salt
19:43 drawsmcgraw I ask because it's usually early Spring, which is a few months away.
19:43 drawsmcgraw But I haven't heard a CFP or announcement or email or anything.
19:43 drawsmcgraw Am I just impatient?
19:43 MTecknology it's gonna be later this year, but I don't think they decided when
19:44 drawsmcgraw Turns out people don't care much for Utah unless it's solidly in the warm months? :)
19:44 tcolvin joined #salt
19:44 MTecknology I really loved the crap out of the weather for SC16
19:44 drawsmcgraw So long as it's still on, that's all I'm concerned with! I'll take MTecknology's answer to mean that it's still on, just TBD for exact times.
19:44 MTecknology found an incredible sushi place around there too!
19:44 drawsmcgraw I agree. It was perfect weather in my opinion
19:45 MTecknology afaik, ya, that
19:45 sh123124213 joined #salt
19:45 drawsmcgraw Huhn... I guess sushi's just not on my radar. Found a nice whiskey establishment though.
19:45 MTecknology I need to come up with a talk to submit after I've built up enough confidence I won't come across as a total douche presenting it
19:46 drawsmcgraw Oh you never pass that point. You just submit the talks and jump in.
19:46 MTecknology "Why you suck at salt." sounded kinda like fun
19:46 drawsmcgraw hah! I'd go to that talk
19:47 drawsmcgraw Honestly, more guidance and general "best practice" would go a long way, in my opinion
19:47 drawsmcgraw The wonderful, horrible thing about Salt is all the different ways you can solve a problem.
19:47 krobertson joined #salt
19:47 numkem joined #salt
19:47 MTecknology $client gives me lots of copy/paste examples, but I can't really use them in this context. :(
19:49 MTecknology drawsmcgraw: a pain point being, when you tell a bunch of IT people that they're wrong, you know exactly what happens... they went there in part because they wanted to disagree
19:50 cmarzullo I'm waiting for the call for papers also. I've got a couple I think I could put to gether.
19:50 Ryan_Lane joined #salt
19:51 drawsmcgraw MTecknology:  True. We all have egos that can get the better of us. It would be memorable, at least!
19:51 drawsmcgraw I've got at least one solid paper. Could likely put together a second.
19:51 MTecknology I wanted to do something on bridging the gap between IT and the rest of the company, but $client is making me unfit to present that (for less than obvious reasons)
19:52 drawsmcgraw $client is always the problem :P
19:54 MTecknology me: Hey! I removed all of this special logic! It removes edge cases and makes them the norm so this refactor becomes something declarative instead of something riddled with hard to follow logic.
19:55 MTecknology $client: that's not how we do things, it doesn't use all the overrides I made available
19:56 MTecknology me: why do you need overrides?   $client: because we might need them
19:56 kingscott joined #salt
19:56 kingscott Can i use grains and jinja in a pillar file? or is that frowned on?
19:57 cmarzullo kingscott: I do it alot.
19:57 MTecknology it's very common
19:57 MTecknology as is using pillar data
19:57 MTecknology or mine..
19:57 dyasny joined #salt
19:57 kingscott what exactly is pillar data? is that just what is found in the pillar?
19:57 MTecknology yup
19:58 kingscott cool. thanks.
19:58 SteamWells joined #salt
19:58 MTecknology one of my states uses pillar data for that particular system's port knock sequence (since every host that has that back door has a different sequence)
19:58 cmarzullo pillar = external information about a system
19:59 cmarzullo grains = information a system knows about itself.
19:59 MTecknology (and since you don't want that kinda thing in grains)
19:59 cmarzullo at least how I explain it.
19:59 kutenai joined #salt
19:59 bakins joined #salt
20:00 liviudm joined #salt
20:01 kingscott so i'm trying to add zabbix proxy's to each of my buildings. Basically what I need to do is use a pillar file to be able to tell a config file what the ip address should be depending on the agents ip address.
20:01 shawnbutts joined #salt
20:01 cscf MTecknology, what software setup do you use for port knocking?
20:01 DanyC joined #salt
20:02 MTecknology cscf: I use ferm to manage iptables rules and salt to template the creation of that ferm file
20:02 jas02 joined #salt
20:03 djgerm any thoughts on why my salt-cloid -P -m is failing? http://paste.debian.net/913466/
20:05 MTecknology cscf: If you're interested, I can dig up specifics (after lunch since I gotta pull my laptop out 'n such)
20:05 d3c4f joined #salt
20:05 cscf MTecknology, if it's not much trouble
20:05 DammitJim joined #salt
20:06 DammitJim is there a way to do gunzip for a file from a state?
20:06 cmarzullo archive.extracted?
20:08 DammitJim it seems that archive.extracted will untar my file :( I just want it gunzipped
20:08 cmarzullo cmd.run with a creates?
20:08 djural_ joined #salt
20:09 dyasny joined #salt
20:10 nickadam joined #salt
20:10 scsinutz joined #salt
20:10 futuredale[uf] joined #salt
20:12 Jimlad joined #salt
20:12 dragon788 joined #salt
20:13 igormarnat_ joined #salt
20:15 scsinutz joined #salt
20:16 cmarzullo I've gotten more complicated like this: https://gist.github.com/cmarzullo/07651ff32b7761b0fac16e922a5f57ca
20:16 cmarzullo to dowload and compile nagios plugins if they aren't in a directory.
20:17 MTecknology cscf: https://gist.github.com/MTecknology/33b9e5a56fd5503484b5c4e77ae358e5
20:17 kingscott anyone know how to use jinja to check if a minion is in a specific subnet?
20:17 cscf kingscott, use grains.ipv4 to get addresses, then substring match?  That will work for classy subnets
20:18 cmarzullo {% grains['ipv4'] in subnets %}
20:18 MTecknology cscf: I figure you can figure out the pillar bits from that example, but if it's confused, lemme know :)
20:18 cscf MTecknology, thanks!
20:18 whytewolf kingscott: {% if salt.network.in_subnet('10.0.0.0/16') %}
20:18 kingscott thanks guys. noob here. :)
20:21 MTecknology cscf: I also have 2FA required on those boxes (or anything I have that's publicly accessible which requires ssh key + password + 2FA key
20:22 MTecknology and Port Knocker is set up to launch ConnectBot when it finishes sending the sequence.
20:22 schemanic joined #salt
20:22 schemanic hello. I have a need to move files from one part of the minion to another part. I want to put a list of globs in my pillar file and iterate through them, then have salt go find objects corresponding to the globs and move them to a target directory.
20:22 schemanic should I do that with cmd.run or something else?
20:23 MTecknology you can do that with jinja around cmd.run, but that sounds like it might not really be a job for salt
20:23 schemanic It's part of an auditing process I'm working on that I want to control with pillars
20:23 whytewolf might be able to do it with salt, just wouldn't do it with a state tree.
20:24 schemanic whytewolf, what would I do it with? Execution modules? I have some complex logic I need to make work.
20:25 whytewolf well, exacution modules. or orchestration
20:25 schemanic I basically need to collect various configuration files and commit them to a git repository to show what's changing in my network over time
20:26 MTecknology or pillar data to a config file and push a script that does this fancy pantsy logic
20:26 MTecknology uhm...
20:26 cmarzullo aide?
20:26 schemanic what is aide?
20:26 MTecknology schemanic: there's like ... a million better ways to solve that problem
20:26 whytewolf tripewire
20:26 cmarzullo AIDE (Advanced Intrusion Detection Environment) is a file and directory integrity checker.
20:27 juntalis joined #salt
20:27 MTecknology I'd prefer etckeeper for what he's describing
20:27 cmarzullo etckeeper is nice too
20:27 schemanic So this is for my SOC audit
20:27 drawsmcgraw schemanic: you may be interested in either 1) the pure Python renderer for states or 2) just offloading the work into cmd.script() and writing a shell/Python script to do the work.
20:27 whytewolf though etckeeper only works in /etc
20:27 cmarzullo there was a good post on reddit about mean coworker who'd login to this guys systems and break stuff on him.
20:28 cmarzullo He was able to log in, roll back the change and see who the ass was.
20:28 schemanic Every year they give us a list of things that they want to see proof of
20:28 Sketch whytewolf: pretty sure you can configure it to use any dir you want it to
20:28 MTecknology whytewolf: I thought it could be configured to do more
20:28 schemanic and we give them config files for things like clamav or iptables etc
20:28 whytewolf could be. I've mostly used AIDE and tripwire so wouldn't know for sure
20:28 cmarzullo schemanic: I point to pillar and say. "That is our configuration"
20:29 schemanic That wont work
20:29 MTecknology schemanic: have you looked at etckeeper, yet?
20:29 cmarzullo well I'm a little more nuanced than that. And it does work with pretty high level infosec.
20:29 schemanic The way they do it is they need to see the proof FROM the environment it's in
20:29 cmarzullo I've seen things. . .
20:30 schemanic tripwire looks like a paid product
20:31 * MTecknology feels like a ghost and acts as such
20:31 schemanic Sorry MTecknology
20:32 whytewolf tripwire is. it used to be OS about 20 years ago
20:32 eprice joined #salt
20:32 juntalis joined #salt
20:32 juntalis joined #salt
20:32 cmarzullo damn oyu gene kim
20:33 XenophonF yup :(
20:33 sp0097 joined #salt
20:34 schemanic AIDE is interesting. It sounds conceptually similar to what I'm trying to do - give a bunch of paths and tell my systems to manage it
20:34 schemanic can AIDE manage multiple systems?
20:35 DanyC joined #salt
20:35 schemanic can AIDE actually gather the files for me thought?
20:35 cmarzullo it only runs on a single system. But salt can help with the coordination
20:35 schemanic though?
20:35 schemanic my issue is that auditors need to actually upload assets to their system for their proof
20:35 cmarzullo you run aide regularly the push the results into a SIEM
20:35 schemanic I'm sorry - SIEM?
20:36 whytewolf Security information and event management
20:36 cmarzullo Security Incident
20:36 cmarzullo thanks
20:36 schemanic hmm
20:36 schemanic We dont have anything like that
20:36 cmarzullo it's the thing you upload to.
20:37 whytewolf SEIM is a good thing to have in general.
20:37 cmarzullo you probably need to scope a little better. I mean if you are diffing files and uploading them to a site. What if those diffs have secrets in them.
20:37 whytewolf s/SEIM/SIEM
20:37 cmarzullo do the auditors just say 'trust us'
20:38 cmarzullo yeah right.
20:38 sp0097 joined #salt
20:38 mrueg joined #salt
20:38 nickabbey joined #salt
20:40 cmarzullo looks like aide can output to a url
20:40 whytewolf you know it's funny i work at a heavily regulated bank and auditors don't ask to see our files.
20:41 cmarzullo ^^
20:41 schemanic The auditors also ask to see things like screenshots of web based systems we are using
20:42 whytewolf by chance do you work in online casino style gaming?
20:42 cmarzullo yeah you have a scoping issue.
20:42 schemanic essentially what I'm trying to build is a way of mapping their requirements to actual assets, and then just pulling them when the auditors arrive
20:43 schemanic cmarzullo, could you elaborate on what you mean by a scoping issue?
20:43 whytewolf i do remeber the new jersey gaming board being this insane with regulations
20:43 schemanic Like, I know what the scope of the requirements that our SOC auditors ask for is.
20:43 cmarzullo Well like who are these auditors? Internal vs External. Where are these requirements from? PCI? CIS? STIIG? SOX?
20:44 cyborg-one joined #salt
20:44 schemanic They are from a 3rd party company
20:44 schemanic the audit is called SOC
20:44 cmarzullo Are these new found 'security researchers' ready to start money wheel?
20:44 schemanic cmarzullo, I'm afraid you don't know what you mean by that
20:44 whytewolf AICPA?
20:45 schemanic http://www.aicpa.org/interestareas/frc/assuranceadvisoryservices/pages/sorhome.aspx
20:45 schemanic yes this
20:45 schemanic SOC 1 specifically
20:45 cmarzullo sorry trigger warning. I've had some very very bad experiences with auditors walking in and trying to own the place when they couldn't tell their ass from their elbows.
20:46 whytewolf cmarzullo: me too. [aka the new jersey gaming board]
20:46 * cmarzullo shudder
20:46 whytewolf they actually wanted unfettered access into the system.
20:47 cmarzullo oh boy yeah they always ask for that shit.
20:47 schemanic yes that is true, and I really appreciate that sensation - the auditors aren't control freaks in my experience - rather, they don't know very much at all about the systems they're auditing. They moreso have a list of requirements that we negotiate with their audit team, then they say 'okay, you need to give me something that proves you meet the requirement, and explain how it does that.'
20:47 cmarzullo exactly
20:47 cmarzullo knowing the audit really helps.
20:48 schemanic so the way my predecessors have been doing that is by giving them our various config files
20:48 onlyanegg joined #salt
20:48 schemanic I just passed it for the first time this year
20:48 cmarzullo nice. gratz!
20:49 schemanic the parameters of passing the audit are this: there are N requirements, each with a number. The audit team determines a 'sample size' of machines/environments at random from the list of total available ones...
20:49 DammitJim joined #salt
20:50 schemanic once the sample size is determined, they ask for an asset proving completion of the requirement from each host in the sample
20:50 schemanic we deliver that asset, and the auditor uploads the asset to their company sharepoint site
20:50 cmarzullo was good till that last one.
20:51 schemanic assets = config files/screenshots/process documents
20:51 cmarzullo Maybe soc is different. But isn't that information proprietary?
20:51 cmarzullo I was getting audited once and they basically wanted to know how we made a movie.
20:51 whytewolf humm i remeber a tool that auto snapped screenshots of web pages. don't remeber what it was called though
20:52 cmarzullo Luckily my EVP was like, yeah we ain't going to tell you that.
20:52 schemanic Not really. It's stuff like what our antivirus settings are and what ports we're blocking in our iptables configs
20:52 whytewolf SOC is a goverment level audit. even if trade secret it is a regulatory board
20:52 schemanic like, to meet requirement 3301.05, I might supply /etc/clamav/clamd.conf for hosts x, y, z
20:53 whytewolf i see where he is coming from now. we get around it at the bank because we have hundreds of thousands of servers and the audits don't touch the ones i actually work on
20:54 schemanic They're asking for proof that our proprietary application implements the concept of admin users and permissions, but not how
20:54 schemanic and they're asking for technical proof about how the servers running that application are secure
20:54 schemanic and how our company workstations are secure
20:54 schemanic like, we never turn over source code or passwords
20:55 schemanic we turn over process docs that say 'our employees are required to change their passwords every quarter'
20:55 schemanic or ideally, we'd turn over the salt state that says 'rotate user passwords'
20:56 schemanic So yeah, from my vantage, what I need to do is have a way of, on a host by host way, have the files they want get sucked into one place and labeled as belonging to a SOC requirement number
20:56 schemanic which is why I was thinking salt states
20:57 nickabbey joined #salt
20:57 schemanic because then I can make pillars containing specific SOC IDs and what files they cover, then running cmd.run cp ... to a git working directory and have salt commit the changes for me.
20:57 schemanic am I making sense/am I crazy?
20:58 cmarzullo yeah. but states are possibly not the way to go.
20:58 cmarzullo I mean a state is 'ensure this file is like this'
20:58 cmarzullo you can be like 'ensure this file is copied here'
20:58 cmarzullo Cause it'll keep copying. every time.
20:58 schemanic That is what I was thinking along the lines of
20:58 schemanic If there's a way to do it by piping pillars to execution modules I like that
20:59 cmarzullo You are looking for more like an orchestrator. 'at this point in time, do these things on these hosts'
20:59 schemanic So does salt orchestration do that?
21:00 schemanic I've read a number of thigns saying that salt orchestration is difficult
21:01 whytewolf eh, once you get the mindset down orch is pretty easy
21:02 schemanic And one can pass pillars to /srv/salt/orc/*.sls files just like to states?
21:02 whytewolf thats where it gets complicated ;)
21:02 schemanic elaborate?
21:03 whytewolf you can pass pillars to orchestration. but they are master level pillars. not minion.
21:04 whytewolf if you want to look at the minion level pillars you have orchestration run a state and that state gets the minion level pillars
21:06 schemanic So like, if I want a pillar with some SOC items to run on Host X, and another with different SOC items on Host Y, is that the latter scenario? There's no top file to target minions for orchestrate?
21:06 whytewolf nope, orchestration kind of is the top file
21:06 schemanic So yeah I'm back to using states again
21:06 Jimlad joined #salt
21:07 whytewolf it is a more structured way of doing things. it can run states and exacution modules
21:07 schemanic yeah but states can also run execution modules
21:07 whytewolf yes, using module.run. i mean orchestration can run them directly as a new call
21:09 whytewolf kind of like this. which is just a simple orchestration that forces the master to update the gitfs fileserver and then updates the git_pillar then tells all the minions hey we are clean do updates https://github.com/whytewolf/salt-phase0-states/blob/master/orch/salt-core-update.sls
21:10 schemanic hmm.
21:11 schemanic How do I go about saying 'Do 1 on X servers, Do 2 on Y servers'
21:12 prg3 joined #salt
21:12 nZac joined #salt
21:12 MTecknology http://dpaste.com/27E8NAA
21:12 whytewolf thats what the tgt is for. you create orch states that have different targets. and instead of just saying salt '*' state.apply you salt-run state.orch orc.whatever
21:13 schemanic so the states pull in the pillars
21:14 schemanic and the orchestrations fire the states?
21:14 whytewolf yes, or the functions. or the runners. or waits for events
21:15 schemanic and just so we're clear, 'orchestrations' ARE states files that are either calling other regular states, or are calling state.function
21:16 whytewolf pretty much. it is built around the saltmod state function
21:16 whytewolf [and you can run orchestration through a standard state call on a master]
21:18 schemanic I'm still confused about how pillars get involved. I want the SAME orchestrations to run on different machines, and just take different pillar values
21:19 whytewolf okay. then maybe you don't need orch [which is only run on the master]
21:19 orionx_ joined #salt
21:20 whytewolf you could just setup top to use pillars and maybe have an ext_pillar that connects to a db
21:20 schemanic so like, would I do this: /etc/salt/pillar/soc_appservers.sls, /etc/salt/pillar/soc_dbservers.sls, and then assign them to different targets in /etc/pillar/top.sls and then the orchestrations would pick them up properly?
21:20 DammitJim joined #salt
21:21 whytewolf forget orchestration. when you call a salt.state in orchestration it is the same as calling state.apply <sls> on a minion
21:21 schemanic okay, so I should not try to do this with orchestration
21:22 Tanta joined #salt
21:22 whytewolf not if you are just going to do one state.sls
21:23 whytewolf orchestration is more for if you need to orchestration complex behavour between systems like say install a webserver that needs a db cluster
21:24 whytewolf i also tend to use it to get around a couple of jinja issues since each orch stanza is a seperate call i can use grains that i set in the same run
21:25 schemanic Okay
21:25 schemanic So I'm back to my existing design pattern
21:25 schemanic unless AIDE lets me actually grab files
21:25 schemanic I'm going to write states that call executions
21:26 ronnix joined #salt
21:29 quique joined #salt
21:29 jhauser joined #salt
21:32 sh123124213 joined #salt
21:32 hemebond joined #salt
21:32 schemanic Thanks very much for your help
21:34 MTecknology cscf: btw, that whole static allow-if-installed thing I did was an intentional design to help ensure unauthorized software doesn't start listening on systems. I've had a few times where someone thought installing filezilla-server was a good troubleshooting step only to be confused by the firewall.
21:34 MTecknology It's a sad situation, but... we live in a very very mad world
21:36 cscf MTecknology, seems like you could generalize some of it with a list of services, each with a pkg name and port/port list
21:36 quique trying to launch an instance in aws with salt-cloud with command "salt-cloud -p ec2_east_small_test tester1 -l debug" /etc/salt/cloud.providers.d/ec2-us-east-1.conf: https://paste.fedoraproject.org/551283/  /etc/salt/cloud.profiles.d/ec2_us_east-1.conf: https://paste.fedoraproject.org/551284/ getting this error: https://paste.fedoraproject.org/551286/
21:37 MTecknology cscf: I thought about trying to do the mapping with pillar or as an extra include or something, but then I already had that and called it good. :P
21:37 Edgan joined #salt
21:42 magicalbob joined #salt
21:45 Praematura joined #salt
21:46 teclator joined #salt
21:53 timfi joined #salt
21:55 hemebond quique: Are you using 2016.11?
21:55 quique hemebond: yes
21:56 hemebond 2016.11 broke salt-cloud for AWS.
21:56 quique hemebond: 2016.3.5?
21:56 quique should I use that?
21:56 hemebond 2016.3 should be fine. That's what I use.
21:56 quique ok thanks i'll give that a shot
21:57 Sketch hemebond: even in 11.2?
21:57 hemebond Yes
21:57 Sketch weird, wonder why they haven't fixed it yet
21:59 hemebond https://github.com/saltstack/salt/issues/33194
21:59 saltstackbot [#33194][OPEN] salt-cloud: EC2 userdata template error | Description of Issue/Question...
22:00 gableroux joined #salt
22:03 amagawdd how can i set a grain across a group of servers from the salt master?
22:03 hemebond amagawdd: Pillar?
22:03 amagawdd planning on using cmd.run
22:04 amagawdd well, the grains already exist, i just need to update them
22:04 amagawdd we set them on provision time
22:04 jas02 joined #salt
22:04 amagawdd using map files
22:05 Sketch if you want to update all of them, you could salt -G 'mygrain:oldvalue' grains.set mygrain newvalue
22:05 Sketch unless it's a list and you need grains.setvals ...
22:05 amagawdd got it thx
22:09 quique hemebond: I think I'm doing something wrong.  I'm getting this error using 2016.3: https://paste.fedoraproject.org/551294/
22:10 hemebond I think something changed in the profiles. Lemme check your files again.
22:12 nethershaw joined #salt
22:13 orionx joined #salt
22:14 quique hemebond: I gotta bounce I'll check back later and see if you notice any issues with my files, thanks
22:17 timfi joined #salt
22:18 hemebond quique: Looks like something is going wrong with your request to EC2.
22:19 timfi joined #salt
22:21 timfi joined #salt
22:23 timfi joined #salt
22:24 nickabbe_ joined #salt
22:25 tapoxi joined #salt
22:25 nixjdm_ joined #salt
22:26 timfi joined #salt
22:32 teclator_ joined #salt
22:49 amagawdd so if I do salt -G "operational_env:prod", that targets all hosts with that grain?
22:49 kingscott joined #salt
22:53 whytewolf it should yes
22:56 abednarik joined #salt
23:00 armguy joined #salt
23:05 jas02 joined #salt
23:09 foundatron joined #salt
23:10 foundatron Has anyone here gotten gitfs to work with AWS Codecommit?
23:11 sp0097 left #salt
23:12 scsinutz joined #salt
23:30 Edgan s0undt3ch: ping
23:33 Edgan gtmanfred: How well do you know the salt codebase?
23:35 numkem joined #salt
23:39 sarlalia1 [D
23:43 ivanjaros joined #salt
23:45 ssplatt joined #salt
23:46 DanyC joined #salt
23:52 CeBe is there a way for pkg.purge to only remove the package if no other packages get uninstalled by that call?
23:52 CeBe alternative: is there a way to make pkg.purge depend on a command, like it works with cmd.run and "unless"?
23:57 Zaunei joined #salt
23:58 Brew joined #salt
23:58 swills joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary