Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2017-02-10

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:04 FreeSpencer joined #salt
00:04 FreeSpencer joined #salt
00:04 coldbrewedbrew joined #salt
00:04 coldbrewedbrew joined #salt
00:05 coldbrewedbrew_ joined #salt
00:09 eprice left #salt
00:10 nickabbey joined #salt
00:11 eprice joined #salt
00:11 Edgan Tanta: The annoying thing is all of AWS's new regions are two AZ not three.
00:20 abednarik joined #salt
00:22 sh123124213 joined #salt
00:25 DEger joined #salt
00:26 coldbrewedbrew joined #salt
00:26 coldbrewedbrew joined #salt
00:26 coldbrewedbrew_ joined #salt
00:26 oododa I'm using `pip.installed: [ list of things ]`, and for some reason salt seems to invoke 'pip --version' and 'pip freeze' for every package in [ list of things ]. This causes the salt state run to take substantially longer. Is there a way to get pip.installed to only run the freeze once?
00:27 mavhq joined #salt
00:27 FreeSpencer joined #salt
00:27 FreeSpencer joined #salt
00:28 djgerm can I add environment or saltenv to runner.state.orchestrate? https://docs.saltstack.com/en/latest/ref/runners/all/salt.runners.state.html#salt.runners.state.orchestrate
00:31 djgerm i've had a lot of issues with getting orchestration to honor environment
00:46 djgerm and can one put environment variable into minion/master configurations?
00:47 hemebond djgerm: Yes. That basically isolates the minion to that environment, regardless of the top.sls I think.
00:51 djgerm ok. i added - saltenv:Stage to my orch state, and it works!
00:51 djgerm i can likely pillarize that, so that's good…. but I'd love to be able to salt my masters, and not have to specify specific states… I guess just more pillars
00:52 Edgan djgerm: salt your masters, as in use salt to create masters?
00:53 djgerm yeah. I've done it before, but I've never variablized the config cause I'm an idiot :)
00:54 djgerm salt all the things, forever
00:54 djgerm I'd salt my blender if I could. (get workin on that SaltStack employees!)
00:54 Edgan djgerm: I have a salt formula to deal with minions and masters. I think use salt-ssh to provision masters with that same code.
00:54 Edgan djgerm: I mean I then use
00:55 Edgan djgerm: you should use map.jinjas instead of making too much in pillars
00:55 Edgan djgerm: https://storage.cygnusx-1.org/formula.txt
00:56 djgerm hmmm yeah that's an advanced technique, and I should!
00:57 Edgan djgerm: then pillars are secrets and overrides, not defaults that get repeated
00:59 pjs joined #salt
01:01 bfritz joined #salt
01:02 edrocks joined #salt
01:04 bbradley joined #salt
01:08 barmaley joined #salt
01:11 Edgan Ryan_Lane: I believe in masters not masterless. I don't like the ansible ssh model. It is slow, and doesn't centralize reporting without Tower, and Tower isn't open source(yes, I know it is coming). I don't like masterless for the same reason, not reporting, and no central control. I want to be able to do orchestration too. I do like masterless in vagrant for setting up vagrant boxes.
01:12 bbradley joined #salt
01:13 MajObviousman joined #salt
01:16 keldwud_ joined #salt
01:17 stupidnic joined #salt
01:19 Poppabear joined #salt
01:31 jimklo_ joined #salt
01:32 Ryan_Lane Edgan: who needs ssh?
01:32 Ryan_Lane if you have a logging system you have reporting
01:33 gableroux joined #salt
01:33 Edgan Ryan_Lane: That isn't nearly as nice as something like Foreman with graphs
01:33 Ryan_Lane I'm not sure what's really needed for reporting, though
01:33 Ryan_Lane I just need to know if the deploy ran successfully or not
01:33 Ryan_Lane and I use failhard: true
01:33 Ryan_Lane so if a state fails, the deploy fails
01:33 Ryan_Lane I don't care what changed
01:33 Edgan Ryan_Lane: Example. I formula is changed, it starts running out, and I want to see if we start throwing errors, and if so, what percentage of hosts
01:34 Edgan Ryan_Lane: yes, I use failhard: true too
01:34 Ryan_Lane a monitoring system will tell you what % of hosts failed
01:34 Ryan_Lane and a logging system will show you in which way
01:34 Edgan Ryan_Lane: I like to have a dashboard for that. What about orchestration?
01:34 Ryan_Lane what kind of orchestration?
01:35 Ryan_Lane we do lots of orchestration, but it's part of CI
01:35 Edgan Ryan_Lane: cmd.run 'cat /proc/version'   Yes, I could use a grain, but just giving an example.
01:35 Ryan_Lane done as deployments
01:35 Ryan_Lane you mean remote execution?
01:35 Edgan Ryan_Lane: yes
01:35 Ryan_Lane IMO it should only ever be used during an emergency
01:36 Ryan_Lane and for that you can use salt-ssh or fabric
01:36 Edgan Ryan_Lane: I want it for adhoc data collection like the example above. I don't want to have to write a grain every time.
01:36 Ryan_Lane that's what collectd/diamond/etc are for
01:36 Edgan Ryan_Lane: that isn't adhoc, that is planned data
01:36 Ryan_Lane what kind of adhoc data do you need?
01:37 Edgan Ryan_Lane: What if I want cmd.run 'cat /proc/1/*'
01:38 Ryan_Lane my workflow must be a lot different than yours, because I've rarely made calls to systems to collect data like this
01:38 Ryan_Lane I can ssh into one node in a cluster and poke around and know the rest are the samr
01:38 Edgan Ryan_Lane: I am thinking debugging. You want to collect data, and sometimes that is going to be data your hadn't already thought to collect.
01:38 Ryan_Lane same
01:39 Ryan_Lane in that case I'd add something to be collected and deploy the change out
01:39 Ryan_Lane and wait for it to show up in the graphs
01:39 Edgan Ryan_Lane: That is an assumption they will be the same, and sometimes the differences are exactly what you need to know. Again, made up example, uptime.
01:39 Ryan_Lane we collect that info, but even if we didn't, we don't let nodes live long enough for that to matter
01:40 Ryan_Lane kill early and kill often :)
01:40 Edgan Ryan_Lane: You early and often for databases?
01:40 Ryan_Lane if you don't manage state this is obviously a lot easier
01:40 Ryan_Lane and the number of nodes that do manage state are a small number in comparison most of the time
01:41 Ryan_Lane and then fabric is more than fast enough
01:41 Edgan Ryan_Lane: Most people would say use Docker/Kubenetes or something for non-stateful stuff, and use Salt for the stateful stuff. Then there are the people that say lets do it all in containers and push the bleeding edge.
01:41 Ryan_Lane I doubt most people would say to use docker
01:41 Edgan Ryan_Lane: I will take salt over fabric
01:41 Ryan_Lane I know very few people running docker in production
01:41 Ryan_Lane and almost none running k8s in prod
01:42 Edgan Ryan_Lane: You are at a different scale than a startup
01:42 Ryan_Lane I know lots of people at startups. I know exactly 2 people using k8s right now :)
01:42 Edgan Ryan_Lane: The startups don't even want to touch the complexity of Salt.
01:43 jas02 joined #salt
01:43 woodtablet left #salt
01:43 hemebond Complexity of Salt? Over Docker?
01:43 Ryan_Lane yeah, doing config management is way easier than doing containerization
01:43 Edgan hemebond: Developers will tell you Docker is 10x simpler than docker for development
01:44 DEger joined #salt
01:44 Ryan_Lane until you go to deploy that to production
01:44 Edgan Ryan_Lane: yes, I know that, but their are in ignorance is bliss mode and push docker into production
01:44 Ryan_Lane I know an absurd number of people using docker in dev/ci (including me :) )
01:45 Edgan Ryan_Lane: But devs want to use it in production, because they don't want to throw the pig over the wall. They want to go noops and manage production themselves.
01:45 Edgan Ryan_Lane: I have been fighting that mindset lately.
01:46 whytewolf devs tend to stop wanting to manage production when you put a phone in their hand and say they are on call
01:46 Edgan whytewolf: yes, and no, they are learning, but they don't learn the first time. Companies like Netflix make developers responsible in production.
01:48 Edgan whytewolf: in a lot of startups it is a numbers game. There are 5x the number of developers to devops/ops people, but the developers don't have production experience. So they vote for cowboying it, and then slowly learn why you don't want to do production, and don't do it the way they do in the beginning.
01:48 whytewolf I know. I've worked with a lot of people that came from netflix. although most of the comments i get are shit hole. thanks to devs being in charge of production.
01:48 mosen joined #salt
01:49 modulistic joined #salt
01:49 Edgan whytewolf: I know someone who is going threw an even worse experience where the company is shifting from a datacenter to AWS. Developers have taken over most of AWS ops, and unless the existing datacenter want to become devops, they are going away.
01:50 Edgan whytewolf: it is a major trend in the industry right now
01:52 whytewolf well that is kind of a duh statment.
01:54 Ryan_Lane whytewolf: our devs do their own on-call
01:54 Ryan_Lane the key is making all the tooling easy to use
01:55 Ryan_Lane they also do their own config management and orchestration
01:56 whytewolf basicly if they break it the own both pieces. which is how it should be
01:56 Ryan_Lane yep
01:56 Ryan_Lane I work on the team that manages most of the tooling, so they ask us if they run into something they cant figure out
01:57 Ryan_Lane and we work on making everything as simple as possible
01:57 Ryan_Lane and consistent across all teams
01:57 whytewolf i have worked in to many companies where the devs want to manage the infrastructure. but don't want the responsability of owning it
01:57 Ryan_Lane oh, yeah. that's unacceptable. if you want ownership, you get the on-call
01:57 Edgan whytewolf: What they really want is the power to design it all
01:58 Edgan whytewolf: and they younger ones are more likely to take the on-call to avoid having to teach other people about what they designed
01:58 Ryan_Lane heh. I don't find these things to be the case :)
01:59 whytewolf me either. i actually see more documentation out of the younger guys then the older ones
01:59 Ryan_Lane I've found if a team is responsible for their SLA, they really care
01:59 Edgan whytewolf: Do you work for a startup?
01:59 nickabbey joined #salt
02:00 whytewolf Edgan: not currently, but i have friends that do. and we talk about is all the time
02:00 Edgan Ryan_Lane: You don't work at a startup. Which attracts a different crowd.
02:00 whytewolf lyft isn't a startup?
02:00 whytewolf thats new
02:00 Edgan whytewolf: not even close
02:00 Edgan whytewolf: they are well beyond startup scale
02:00 Ryan_Lane if it isnt now, it definitely was when I started 3 years ago :D
02:01 Edgan Ryan_Lane: how many cities/countries does Lyft serve?
02:01 Ryan_Lane and the reason things work like they do is because we put effort into making things work this way
02:01 Ryan_Lane hm. I actually don't know anymore. most of the US
02:02 Edgan That isn't startup level.
02:02 Ryan_Lane when I started we were only in CA
02:02 Ryan_Lane so, _shrug_
02:02 Edgan Ryan_Lane: yeah, it has changed fast
02:04 modulistic joined #salt
02:12 Tanta I have recruiters fighting to spam me
02:12 Tanta lol
02:12 Tanta the market is really good right now for automation, salt, linux, etc
02:13 whytewolf lol, yeah i get about 4 different companies sending me the same ad. sometimes in the same office
02:13 Tanta I got spammed for my own job and a development job at my company :P
02:14 whytewolf I have had that happen also. not recently though
02:14 Tanta I printed it out and walked over to my boss's office and said, "I think I found a new job"
02:15 whytewolf the annoying ones are the ones that don't read my info. asking for php dev. apperently they didn't notice i havn't touched php in 10 years
02:15 whytewolf or the windows ones. since i have never been a windows admin
02:26 austin_ joined #salt
02:29 austin_ i'm having an issue with file.copy. it seems to not want to copy the dir from A to B. it gives me pretty much no ideas as to why its failing
02:33 whytewolf austin_: even with -l debug with salt-call?
02:33 whytewolf [for getting no ideas why]
02:34 evle joined #salt
02:37 austin_ let me see
02:37 austin_ i got pissed at it and used cmd.run.  haha
02:39 Tanta u can use cmd.run with rsync, works great
02:41 Tanta I do that after cloning from Git in a separate directory, it gets rsynced over to the web root with the sensitive bits excluded
02:41 Tanta like the '.git' directory
02:46 austin_ Tanta: yea i should prob use rsync. makes sense
02:48 ilbot3 joined #salt
02:48 Topic for #salt is now Welcome to #salt! <+> Latest Versions: 2016.3.5, 2016.11.2 <+> Support: https://www.saltstack.com/support/ <+> Logs: http://irclog.perlgeek.de/salt/ <+> Paste: https://gist.github.com/ (please don't multiline paste into channel) <+> See also: #salt-devel, #salt-offtopic <+> Ask with patience as we are volunteers and may not have immediate answers
03:10 skinkitten joined #salt
03:19 jas02 joined #salt
03:21 orionx joined #salt
03:25 DanyC joined #salt
03:28 nethershaw joined #salt
03:54 armguy joined #salt
04:04 edrocks joined #salt
04:11 orionx joined #salt
04:12 beardedeagle joined #salt
04:12 orionx_ joined #salt
04:39 netcho joined #salt
04:53 mpanetta_ joined #salt
05:03 cacasmacas joined #salt
05:05 cebreidian joined #salt
05:06 sp0097 joined #salt
05:08 rawzone^ joined #salt
05:08 scoates joined #salt
05:08 dh__ joined #salt
05:11 demize joined #salt
05:13 Xevian joined #salt
05:16 preludedrew joined #salt
05:23 rdas joined #salt
05:23 bbradley joined #salt
05:38 amagawdd joined #salt
05:41 amagawdd joined #salt
05:44 jas02 joined #salt
05:48 dh joined #salt
06:06 xet7 joined #salt
06:10 mk-fg joined #salt
06:22 cyborg-one joined #salt
06:23 bocaneri joined #salt
06:24 rdas joined #salt
06:27 mk-fg joined #salt
06:28 amagawdd joined #salt
06:53 onlyanegg joined #salt
06:57 PatrolDoom joined #salt
07:00 somesaltyuser joined #salt
07:01 amagawdd joined #salt
07:16 nebuchadnezzar joined #salt
07:28 somesaltyuser hello. i wonder if someone could shed some light on a problem i am facing. i have been using salt for some time now and am trying to implement a "concept" which does not seem to fit into salt. i have written a few formulas which are, some what generic. the specific data sits in pillars. my intention is to put "config files" into the pillar data. so if you can imagine, a nginx type formula with the actual nginx.conf sitting in th
07:32 somesaltyuser from all my research this does not seem possible. or is it? any information would be greatly appreciated.
07:41 jas02 joined #salt
07:43 jas02 joined #salt
07:45 Kelsar joined #salt
07:54 iggy your message was cut off
07:54 iggy but it isn't currently possible to store whole files in pillar... only data structures
07:54 iggy there are tickets open though
07:54 hemebond somesaltyuser: Allow a salt:// path to be specified via pillar and then the user can put the files into a custom state directory.
07:55 somesaltyuser i have read through the tickets... seems they all rejected
07:55 dariusjs joined #salt
07:56 somesaltyuser i guess my questions is "what do other people do when managing config files"?
07:57 hemebond I do what I suggested above.
07:57 hemebond Provide a default path and default config in the formula but allow the path to be overridden so I can put new config files into, e.g., salt://files/nginx.conf
07:57 somesaltyuser thanks hemebond. whats what i have done.
08:03 teclator joined #salt
08:07 JohnnyRun joined #salt
08:09 o1e9 joined #salt
08:10 JohnnyRun joined #salt
08:16 dariusjs joined #salt
08:19 CeBe joined #salt
08:27 diagnostuck joined #salt
08:33 Firewalll joined #salt
08:42 DanyC joined #salt
08:45 xet7 joined #salt
08:45 DanyC joined #salt
08:50 MTecknology iggy: I've done that with pillar_contents: and storing things using gpg
08:50 teclator joined #salt
08:51 MTecknology somesaltyuser: don't abuse salt and make it do more that what it is or it won't do
08:53 MTecknology s/salt/pillar/
08:54 onlyanegg joined #salt
08:56 MTecknology for files, I keep a separate repo that has the same file structure as the file system the files are going into
09:00 Tanta joined #salt
09:07 mikecmpbll joined #salt
09:07 Kelsar joined #salt
09:08 somesaltyuser MTecknology: i dont feel i am going beyond what salt is intended for. the fact that you can specify data in a sls file in a pillar is the same concept as putting it in a file that should be used by the formula. there are loads of people asking for this feature on github so i can safely say its not just me.
09:08 somesaltyuser i will however try your suggestion of pillar contents
09:13 babilen somesaltyuser: Or programmatically render the configuration from data you provide in the pillar
09:14 somesaltyuser that is another option i am exploring... to save time i tried to use a jinja include in the pillar
09:15 jas02 joined #salt
09:15 somesaltyuser a bit of a pain with yaml indentation.
09:16 onovy joined #salt
09:19 nfahldieck joined #salt
09:19 nfahldieck hello, I'm wondering how Grains get collected, where exactely does for example origin the grains "host" or "fqdn" from?
09:21 whytewolf nfahldieck: https://github.com/saltstack/salt/blob/develop/salt/grains/core.py#L1699-L1730
09:22 nfahldieck whytewolf: THANK YOU
09:23 hoonetorg hi i want to activate running salt highgstate every 30min via job, but i can't find it in the docs
09:23 whytewolf um... your .. welcome
09:23 hoonetorg can somebody here give me link/advise ?
09:24 hemebond hoonetorg: https://docs.saltstack.com/en/latest/ref/states/all/salt.states.schedule.html
09:24 jas02 joined #salt
09:24 whytewolf i normally point to https://docs.saltstack.com/en/latest/topics/jobs/#scheduling-jobs instead. let them decide if they want to go down config, pillar or states
09:25 hemebond Was the first Google link for "saltstack schedule" :-)
09:26 whytewolf :P i know.
09:26 hoonetorg hemebond whytewolf thx
09:26 Straphka joined #salt
09:26 hoonetorg hemebond: i used the wrong google search terms ;)
09:27 whytewolf ugh, it is 1:30am I should be in bed
09:28 hoonetorg whytewolf: 10:28am here still long way to go ...
09:32 colttt joined #salt
09:32 s_kunk joined #salt
09:32 s_kunk joined #salt
09:33 bdrung_work joined #salt
09:48 benner where I should put returner on master to make saltutil.sync_returners working?
09:49 hemebond states/_returners/
09:50 benner /srv/states/_returners/ ?
09:50 hemebond A _returners directory wherever you're storing your states.
09:55 jas02 joined #salt
09:56 netcho joined #salt
09:59 Reverend I love people clearing out IPtables because it makes their lives more difficult
09:59 * Reverend claps
09:59 Reverend MORNING chappos
10:02 dariusjs joined #salt
10:02 Lionel_Debroux joined #salt
10:06 edrocks joined #salt
10:08 gaghiel joined #salt
10:08 dariusjs joined #salt
10:09 manji Reverend, lol
10:16 diagnostuck joined #salt
10:24 jas02 joined #salt
10:25 netcho joined #salt
10:30 netcho_ joined #salt
10:45 amcorreia joined #salt
10:55 onlyanegg joined #salt
11:06 abednarik joined #salt
11:09 fredvd joined #salt
11:10 viccuad joined #salt
11:20 izibi joined #salt
11:24 abednarik joined #salt
11:36 diagnostuck joined #salt
11:47 dendazen joined #salt
11:48 dariusjs joined #salt
11:50 angel_dark joined #salt
11:57 evle1 joined #salt
12:08 gladia2r joined #salt
12:09 edrocks joined #salt
12:15 amcorreia joined #salt
12:22 sh123124213 joined #salt
12:33 cyborg-one joined #salt
12:36 ruxu joined #salt
12:37 diagnostuck joined #salt
12:46 ruxu joined #salt
12:48 AvengerMoJo joined #salt
12:55 onlyanegg joined #salt
12:56 fracklen joined #salt
13:25 catpig joined #salt
13:27 Kelsar joined #salt
13:29 diagnostuck joined #salt
13:30 WKNiGHT joined #salt
13:32 edrocks joined #salt
13:36 viccuad joined #salt
13:36 viccuad Hi folks. I wonder, is it possible to do `pkg.installed: python-foo-*` and have it work? thanks in advance
13:38 theanalyst is it possible to have a module in runners directory and not expose it in the namespace
13:38 Tanta do that with cmd.run('yum -y install python-foo-*')
13:39 Tanta or apt-get install -y python-foo-*
13:39 Tanta that glob is meant for bash, not salt
13:39 viccuad fair enough
13:39 viccuad but it would be nice to be able to pass something like that
13:39 Tanta try it
13:40 Tanta It might work
13:48 viccuad well, after waiting ages for states, it worked
13:50 dendazen joined #salt
13:57 lmbd joined #salt
13:58 dendazen joined #salt
14:00 sjoerd_ joined #salt
14:02 sjoerd_ Hi! I've been busy with salt for a while now and really like it. I'd like to even implement it to replace our existing ansible and cfengine installations. Of course the ansible crowd here isn't having much of it. What are the best arguments to go for salt instead of ansible?
14:04 sjoerd_ I've got some plusses already, like pillar giving better variable security, and the zeroMQ connection that allows agents to report back to a central place
14:06 toanju joined #salt
14:07 whytewolf sjoerd_: maybe this will help https://blog.ryandlane.com/2014/08/04/moving-away-from-puppet-saltstack-or-ansible/
14:09 manji sjoerd_, if your ansible and cfengine codebase is above a certain size
14:09 debian112 joined #salt
14:10 racooper joined #salt
14:10 manji it is naive to believe that moving to another cfg system is doable
14:10 manji you have to be very very careful :)
14:12 scoates joined #salt
14:12 puzzlingWeirdo joined #salt
14:14 _JZ_ joined #salt
14:14 sjoerd_ especially out cfengine needs replacing badly
14:15 sjoerd_ it's been grown organically for about 7 years now, it's not pretty :)
14:16 edrocks joined #salt
14:16 sjoerd_ the issue with many of the comparison articles out there is that they're all at least 2 years old, and I don't know very well what's happened in the meantime
14:16 AndreasLutro there's not much happening in config management tbh
14:21 sjoerd_ Oh another good plus (I think) is jinja in state files, playbooks only do a limited subset
14:22 whytewolf like the article says jinja in ansible is variables. while in salt it is logic. which could be both a plus and a minus
14:24 sjoerd_ wel ansible does do full jinja inside configs and templates
14:24 sjoerd_ but i think the full jinja inside states is a plus personally
14:25 AndreasLutro it has its disadvantages
14:25 sjoerd_ how so?
14:25 whytewolf jinja runs before states, so anything a state changes can't be used in the logic
14:25 AndreasLutro like say you want to check if a file exists before defining a state. if you do it with a jinja if  statement it will run before all states, not in the middle of the state run as you might intuively think
14:25 krymzon joined #salt
14:26 AndreasLutro which means you have to use onlyif/unless etc which is another layer of complexity and comes with its own limitations
14:27 sjoerd_ wouldn't you use salt to check for the file (maybe set a grain)
14:28 AndreasLutro personally I feel puppet/chef does it best, with a full programming language that is executed step by step
14:28 AndreasLutro but of course those come with their own limitations which can be annoying
14:28 jhauser joined #salt
14:29 whytewolf jinja checks for grain. then a state creates the grain. ... see the problem?
14:29 unixer joined #salt
14:29 sjoerd_ but it would be fine when it runs a second time (not ideal, but hey...)
14:29 jas02_ joined #salt
14:30 cmarzullo reasons I generally avoid grains.
14:30 AndreasLutro the whole point is to avoid having to run more than once
14:30 sjoerd_ hmm, I suppose. cfengine has this convergeance philosophy where ever time it runs, more things can happen until the desired state is reached
14:31 sjoerd_ it's got it's ups and downs I must admit...
14:31 AndreasLutro honestly I'm leaning towards that being the way to go. I've tried writing salt states as well as my own CM code that ensures that only 1 run is necessary and it's incredibly difficult
14:33 whytewolf I typically use orchestration to get around the limitation. I'm technically doing multiple runs [although with different files] but i still only run one command
14:33 bbradley joined #salt
14:34 ssplatt joined #salt
14:34 XenophonF AndreasLutro: why is getting things configured in a single run difficult for you?
14:35 sjoerd_ I've got cfengine at the moment running every 5 minutes. Fully configuring a machine from installation is about three runs, so it takes 15 mins to be up and running unless I run it more often manually. I think that's pretty reasonable seeing as installing machines isn't that frequent anyway
14:35 AndreasLutro XenophonF: most noteably, in salt, reloading services more than once in a single highstate isn't possible without using module.run hackery
14:36 XenophonF why would you need to reload a service more than once? that sounds more like an issue with inaccurate state dependencies to me
14:36 XenophonF (not trying to put you down, btw, and i realize this stuff is complex)
14:36 AndreasLutro 1. modify nginx vhost config to allow letsencrypt verification 2. reload nginx 3. issue certificates 4. reload nginx
14:36 XenophonF oh
14:36 XenophonF yeah
14:36 XenophonF let's encrypt
14:36 XenophonF :(
14:36 sjoerd_ heh
14:37 sjoerd_ generate certs on the master and push them as needed. Then restart once :)
14:37 AndreasLutro letsencrypt doesn't work that way, nor do we want to store private keys on the master unless necessary
14:37 whytewolf there is also mysql on redhat. first time startup requires configs that do not have any plugin configs. after that you need to make changes and then restart
14:37 XenophonF sjoerd_: that's certainly _possible_ but I haven't found the tooling that does it, yet
14:38 AndreasLutro of course the solution is allow letsencrypt verification for *all* vhosts but I certaainly feel like this is the type of thing you should be able to do
14:38 XenophonF yeah i have to agree
14:39 XenophonF i was really excited about it until i found out that (a) certbot doesn't work on windows and (b) it doesn't support DNS-based verification
14:39 AndreasLutro we just use acme_tiny
14:39 AndreasLutro http validation is fine with me
14:40 diagnostuck joined #salt
14:40 sjoerd_ what happens if under the same ID inside a state you first do the file with file.managed and then restart it with service.running...
14:40 unixer I wonder if lets encrypt is ever going to host their own APT/YUM repos for their official client.
14:40 sjoerd_ doing that multiple times would restartit multiple times, right?
14:40 AndreasLutro sjoerd_: service.running alone wouldn't restart anything
14:41 sjoerd_ also not with reload: true in it?
14:41 Sketch unixer: their own client is so much overkill
14:41 AndreasLutro no. only if a state it watches has changes
14:41 XenophonF so if i understand correctly, you can't have two different state IDs that are service.running states with the same name parameter?
14:41 sjoerd_ hum
14:41 whytewolf sjoerd_: you can't have multiple modules of the same type in the same state id.
14:41 XenophonF and with each state ID having its own watch/onchanges requisites?
14:42 AndreasLutro XenophonF: you *can* but that's the type of hackery I want to avoid, and it becomes really hard to get the order right
14:42 XenophonF gotcha
14:42 sjoerd_ XenophonF: yes, that's what i was thinking
14:42 AndreasLutro I think using module.run service.reload would be more appropriate if I really wanted to do it though
14:43 whytewolf there is always the orchestration route ;)
14:43 XenophonF true
14:44 abednarik joined #salt
14:44 XenophonF i've run into similar problems when writing a state formula for the Shibboleth IdP
14:45 XenophonF i have one state that always ends up making changes, which i have to undo in a subsequent state
14:46 lmbd I'm trying to debug salt but can't manage to get a prompt
14:47 bluenemo joined #salt
14:47 lmbd I added import "import pdb; pdb.set_trace()" to salt/utils/__init.py in line 2859
14:48 scoates joined #salt
14:48 toanju joined #salt
14:49 ssplatt joined #salt
14:49 lmbd Now salt stop to the error "salt.loaded.int.module.mac_system.__virtual__() is wrongly returning `None`." but I can't get a prompt to the debugger, why is that?
14:52 lmbd Looks like the "c" command from pdb works when salt stop, but I can't get the return of the debugger
14:56 onlyanegg joined #salt
15:00 nickabbey joined #salt
15:01 PatrolDoom joined #salt
15:01 debian1121 joined #salt
15:02 DEger joined #salt
15:02 PatrolDoom joined #salt
15:03 lmbd Does some one know how to debug salt properly?
15:08 whytewolf huh, this seems to give me a prompt python -m pdb /usr/local/bin/salt-master
15:09 whytewolf not sure why you are having problems
15:09 whytewolf [not even putting pdb in the script
15:09 brousch__ joined #salt
15:09 whytewolf personally i just make heavy use of -l debug
15:10 whytewolf i have also heard of this but never tried it https://docs.saltstack.com/en/latest/topics/troubleshooting/#live-python-debug-output
15:12 tapoxi joined #salt
15:12 puzzlingWeirdo joined #salt
15:14 tiwula joined #salt
15:16 ssplatt joined #salt
15:17 nickabbey joined #salt
15:18 ssplatt what do you mean by properly
15:20 puzzlingWeirdo joined #salt
15:26 dariusjs joined #salt
15:27 ssplatt joined #salt
15:31 lmbd ssplatt: The correct way to debug salt
15:31 ssplatt i think that depends on what you are looking for. and what you are trying to do
15:31 edrocks joined #salt
15:31 lmbd I'm using this software for several years but I always struggle to debug, and as I often stumble upon bug it's quite frustrating
15:32 JohnnyRun joined #salt
15:33 lmbd I know the line where there is a bug and I would like to inspect the state of the variable for this line and the following
15:35 orionx joined #salt
15:36 toanju joined #salt
15:40 bantone morning
15:41 Ch3LL lmbd: what line are you trying to inspect and what cmd are you trying to run?
15:45 keltim joined #salt
15:48 DanyC joined #salt
15:49 diagnostuck joined #salt
15:49 lmbd Ch3LL: I'm using salt-call and trying to inspect line 2889 of salt/utils/__init__.py
15:53 puzzlingWeirdo joined #salt
15:54 renaissancedev joined #salt
15:55 renaissancedev Is there any way to list the jobs that are scheduled to run on the master? There doesn't appear to be any runner that exposes this information.
15:58 lmbd whytewolf: I tried your way python -m pdb salt-call but I have the same issue, it stop after "lmbd is not in the sudoers file.  This incident will be reported" whitout any prompt but the commands of pdb are working (like "c")
15:58 orionx joined #salt
15:59 whytewolf try adding sudo to it
16:00 whytewolf also what version are you on cause a line number with out a version doesn't mean much. a lot could change and that line could be nothing but a comment
16:00 lmbd I can't use sudo I'm only a user on this computer
16:01 lmbd I'm using salt 2016.11.2 (Carbon)
16:01 abednarik joined #salt
16:01 whytewolf if sorted(os.getgroups()) != sorted(supgroups):
16:01 whytewolf thats the line you have issues with?
16:01 orionx_ joined #salt
16:03 jas02 joined #salt
16:03 lmbd whytewolf: Yes! I get the error "Failed to set supplemental groups to" and I would like to fix this
16:03 toanju joined #salt
16:05 whytewolf wait. it is blank after to?
16:05 brokensyntax joined #salt
16:05 lmbd What do you mean?
16:06 whytewolf that error.
16:06 whytewolf after the to but before . Error: is exactly what the value of supgroups is
16:06 teclator joined #salt
16:07 whytewolf 'Failed to set supplemental groups to {0}. Error: {1}'.format(supgroups,err)
16:08 whytewolf also if you are getting that error then. 2891 is the line throwing the error
16:09 lmbd The exact error I get is: Failed to check remote refs: Failed to set supplemental groups to [4234]. Error: [Errno 1] Operation not permitted
16:10 onlyanegg joined #salt
16:10 whytewolf okay, then supgroups is  a list with 1 item in it 4234 and the operating system is throwing the error. because you don't have permissions to setgroups
16:11 lmbd Okay
16:12 lmbd The user/group I'm trying to switch to is the current user/group,
16:13 whytewolf https://docs.python.org/2/library/os.html#os.setgroups
16:13 jas02 joined #salt
16:13 whytewolf os.setgroups isn't going to happen without root
16:14 lmbd Now I understand why it is appening, thanks (:
16:16 scoates joined #salt
16:19 catpig joined #salt
16:21 jimklo joined #salt
16:21 Mogget joined #salt
16:31 jas02 joined #salt
16:38 amagawdd joined #salt
16:43 sagerdearia joined #salt
16:44 viccuad joined #salt
16:47 scarcry joined #salt
16:48 hpc-rock joined #salt
16:53 hpc-rock Greetings.  Wondering if anyone can help me with an architecture.  If I have a salt master, and the minions are all ephemeral, such that whenever they go then come back, they are fresh but with the old host/minion name (no pre-populated key, no grains, etc., but they have the same minion id/hostname).  My question is how do I deal with this?  Is there best practice?  I'll need to not let old keys cause problems, accept the new keys
16:53 hpc-rock Add back any grains.
16:53 hpc-rock Is this a salt cloud thing (still researching)
16:53 hpc-rock ?
16:53 gtmanfred If you delete it with salt-cloud it delete the key
16:54 hpc-rock right- I should say I'd like it to all be automagic- no human intervention
16:54 hpc-rock (well, it has to be that way...)
16:54 gtmanfred otherwise, you could use something like salt-run manage.down remove_keys=True
16:54 gtmanfred and throw that in a scheduler
16:55 hpc-rock hmmm..
16:55 gtmanfred run it before your orchestration
16:55 hpc-rock I am using autosign_file, but it doesn't deal with the old key and grains.
16:56 hpc-rock Added wrinkle is that the master is actually a syndic, so there are upstream possible issues?
16:56 hpc-rock Is scheduler a salt term?
16:56 skinkitten joined #salt
16:57 hpc-rock You don't mean cron (etc)?
16:57 gtmanfred https://docs.saltstack.com/en/latest/topics/jobs/#scheduling-jobs
16:57 gtmanfred you can do it in cron if you want
16:57 gtmanfred or a systemd timer unit
16:57 gtmanfred or salt schedule
16:58 hpc-rock schedule is different than reactor, I take it?
16:58 gtmanfred yeah
16:58 hpc-rock k
16:58 gtmanfred check that link i provided
16:58 gtmanfred it talks about the schedule
16:58 hpc-rock Looking at it.
16:58 diagnostuck joined #salt
16:59 hpc-rock I'm not crazy about the polling architecture there... is this something I can do in reactor?
16:59 gtmanfred you could do it with reactor
16:59 hpc-rock (maybe I don't understand the scheduler yet)
17:00 gtmanfred what are you using to create the servers?
17:00 hpc-rock rocks, unfortunately
17:00 gtmanfred what
17:01 hpc-rock These are HPC clusters.  The head nodes in each cluster are syndic's.  http://www.rocksclusters.org/wordpress/
17:01 gtmanfred ahh ok
17:01 renaissancedev joined #salt
17:01 hpc-rock rocks is horrible for CM
17:02 gtmanfred can that post to a webhook api when it goes to create a new server?
17:02 hpc-rock Hmmm.... probably
17:02 gtmanfred if it can, have it post to salt-api, to /hook, and then use that event to run a wheel.key.delete
17:02 hpc-rock The installer on that IS http based
17:03 gtmanfred https://docs.saltstack.com/en/latest/ref/netapi/all/salt.netapi.rest_cherrypy.html#hook
17:03 hpc-rock so that same type of technique could add back the lost grains, I would imagine?
17:03 hpc-rock grains are to label/group node types
17:03 gtmanfred https://docs.saltstack.com/en/latest/ref/wheel/all/salt.wheel.key.html#salt.wheel.key.delete
17:03 hpc-rock so important
17:04 gtmanfred why not use pillars for that ? so you don't have to define them on the minion
17:04 scoates joined #salt
17:04 hpc-rock can I use pillars to target hosts in the same way I'm using grains now?
17:04 gtmanfred yes
17:04 hpc-rock There you go then, that makes sense
17:04 hpc-rock k
17:04 gtmanfred https://docs.saltstack.com/en/latest/topics/targeting/pillar.html
17:04 hpc-rock (somewhat new to salt)
17:05 hpc-rock I'm just wondering too, is salt cloud designed for exactly this kind of situation?  Ephemeral nodes that nonetheless have the same names?
17:05 hpc-rock (hostnames/minion ids)
17:06 gtmanfred yeah you can use it for that
17:06 gtmanfred it can only have one minion per name, so if you make a cloud map, it makes sure that all the minions in the map exist
17:06 gtmanfred https://docs.saltstack.com/en/latest/topics/cloud/map.html
17:06 renaissancedev joined #salt
17:07 hpc-rock Okay, well this gives me some ideas.
17:07 hpc-rock My research was starting to flail a bit.
17:07 gtmanfred :D
17:09 hpc-rock Thanks
17:12 iggy one thing you can't target with pillar data is pillars
17:12 hpc-rock left #salt
17:12 iggy just as an fyi
17:15 sh123124213 joined #salt
17:18 sh123124213 joined #salt
17:22 DanyC joined #salt
17:23 DanyC joined #salt
17:24 jas02 joined #salt
17:25 skinkitten joined #salt
17:25 _JZ_ joined #salt
17:28 eThaD joined #salt
17:32 Trauma joined #salt
17:32 jhujhiti joined #salt
17:33 fracklen joined #salt
17:34 impi joined #salt
17:39 mikecmpbll joined #salt
17:40 jhujhiti joined #salt
17:43 jhujhiti joined #salt
17:45 cyborg-one joined #salt
17:46 sh123124213 joined #salt
17:47 viccuad joined #salt
17:49 sh123124213 joined #salt
17:50 abednarik joined #salt
17:55 jas02_ joined #salt
17:58 diagnostuck joined #salt
17:59 sh123124213 joined #salt
18:02 scsinutz joined #salt
18:02 scsinutz Does salt support a reactor include directory like /etc/salt/reactors.d ?
18:03 gtmanfred it does not
18:03 gtmanfred you can put the config in master.d
18:03 gtmanfred and then when you put the reactors in /srv/salt or your file_root, you can reference the .sls using salt://reactor/something.sls
18:04 gtmanfred you can actually also configure the reactor on minions too
18:05 sh123124213 joined #salt
18:05 scsinutz can I put different reactor stanza's in /etc/salt/master.d ?
18:05 gtmanfred i believe that you can only have one stanza
18:05 scsinutz or do they all have to be in reactors.conf
18:06 scsinutz ok, got it
18:06 gtmanfred it can be in whatever file, but i believe you can only have one stanza, i don't believe the config updates by doing a dict update
18:12 Ahlee any saltstack staff on?
18:12 gtmanfred no >.>
18:14 sh123124213 joined #salt
18:17 scsinutz joined #salt
18:18 nickabbey joined #salt
18:19 debian112 joined #salt
18:19 DanyC joined #salt
18:20 beardedeagle joined #salt
18:21 beardedeagle I just recieved an email from `Rhett Glauser: SaltStack VP of marketing`? Is that a real person gtmanfred?
18:21 gtmanfred yes
18:21 beardedeagle weird, comes from a paolina@bodyworxvitality.com address
18:22 gtmanfred that isn't right
18:22 beardedeagle I am going to assume while he is real, this email is fake
18:22 austin_ joined #salt
18:22 gtmanfred yes
18:23 austin_ question - is there a way to remotely execute on 1 of N minions ? say you had a list of server1, server2 and server3. the target would be 1 of those 3. not all 3.
18:25 Edgan joined #salt
18:26 gtmanfred austin_: maybe? but you would have to do it in an orchestration,i do not believe there is a direct way to do it from salt cli
18:26 austin_ gtmanfred: right. the thought was to use the orch runner
18:27 austin_ was just curious if there was a way w/o much effort
18:27 planete joined #salt
18:27 austin_ i could potentially use zookeeper here
18:29 eThaD joined #salt
18:30 sh123124213 joined #salt
18:31 s_kunk joined #salt
18:31 s_kunk joined #salt
18:42 eThaD joined #salt
18:43 eThaD joined #salt
18:44 abednarik joined #salt
18:45 pcn beardedeagle: yeah, got that too
18:45 pcn the pdf is probably a  trap
18:46 beardedeagle blew it away before I could sandbox it and see
18:46 pcn Just strings'd it.  Nothing fun or jucy is obvious from the ascii
18:46 pcn or utf-8 or whatever I have my terminal set to
18:49 sp0097 joined #salt
18:50 cscf pcn, running 'strings' on hostile files isn't safe
18:52 cscf http://www.computerworld.com/article/2838988/flaw-in-widely-used-strings-utility-could-spell-trouble-for-malware-analysts.html
18:53 nickabbey joined #salt
18:54 netcho_ joined #salt
18:55 _beardedeagle joined #salt
18:56 beardedeagle joined #salt
18:57 skinkitten joined #salt
19:01 darthzen_ joined #salt
19:03 darthzen_ joined #salt
19:04 diagnostuck joined #salt
19:08 Mogget I have created a state file which must not be executed directly. You must run a state file which includes it and extends it. Does there exist a way to prevent that specific state file to be executed directly?
19:08 Neighbour add require directives to the items in the un-runnable state file
19:10 gtmanfred I see exclude, but i do not think this is specifically what you want https://docs.saltstack.com/en/latest/ref/states/include.html#exclude
19:10 gtmanfred other than that, i don't think that is possible
19:10 candyman88 joined #salt
19:16 edrocks joined #salt
19:16 Ahlee beardedeagle: yeah, i got the same.
19:16 Ahlee but i saw the headers didn't come from SS
19:18 edrocks joined #salt
19:22 cyborg-one joined #salt
19:24 iggy I guess the fake email got filtered, but I did get a follow up from Rhett saying not to open it
19:24 gtmanfred yeah, we have reset passwords
19:24 gtmanfred first thing i did when i got my ss email was to set up 2fa
19:26 Praematura joined #salt
19:30 debian112 joined #salt
19:48 skinkitten_ joined #salt
19:53 DEger joined #salt
19:53 krymzon joined #salt
19:57 Mogget Neighbour: Sorry for the very late answer; I suddenly had to explain to a 6 7 year old why its not cool to put playdough into someones nose when they are taking a dump.
19:57 Mogget Neighbour: Thanks for the suggestion. I'll take a look at require for unrunable state files.
19:59 DammitJim joined #salt
20:00 Mogget I just realized that specific solution would sove my issue if I only had one "child". I have many.
20:03 diagnostuck joined #salt
20:04 Ahlee another from rhett, this one specifically referencing saltstack agreement
20:04 Ahlee Rhett Glauser <rachel@bodyworxvitality.com>
20:05 Ahlee heh
20:07 KyleG joined #salt
20:07 KyleG joined #salt
20:07 KyleG Did anyone else just get spam from Rhett Glauser?
20:07 KyleG Like, his account got hacked kinda spam,
20:08 gtmanfred we know
20:08 KyleG Okay.
20:08 gtmanfred he has reset his password and enabled 2fa
20:08 gtmanfred unfortunately they got all the addresses in his contacts
20:08 gtmanfred so just mark them as spam
20:09 gableroux joined #salt
20:09 KyleG cool
20:10 Topic for #salt is now Welcome to #salt! <+> Latest Versions: 2016.3.5, 2016.11.2 <+> Support: https://www.saltstack.com/support/ <+> Logs: http://irclog.perlgeek.de/salt/ <+> Paste: https://gist.github.com/ (please don't multiline paste into channel) <+> See also: #salt-devel, #salt-offtopic <+> Ask with patience as we are volunteers and may not have immediate answers <+> Rhett has updated his password, pleas
20:10 gtmanfred grr
20:11 Topic for #salt is now Welcome to #salt! <+> Latest Versions: 2016.3.5, 2016.11.2 <+> Support: https://www.saltstack.com/support/ <+> Logs: http://irclog.perlgeek.de/salt/ <+> Paste: https://gist.github.com/ (please don't multiline paste into channel) <+> See also: #salt-devel, #salt-offtopic <+> Rhett has updated his password, please mark spam as spam. Thanks!
20:12 scsinutz joined #salt
20:12 beardedeagle another fake email from saltstack
20:12 beardedeagle *sigh*
20:13 beardedeagle different address this time though
20:14 whyzgeek joined #salt
20:15 whyzgeek hey guys I want to use salt master/minion structure to write a system of fetching metrics from remote devices metrics
20:15 gtmanfred check out beacons
20:15 whyzgeek I want to use minions to fetch metrics for themselves and some remote network devices
20:16 whyzgeek first is it good idea
20:16 whyzgeek ?
20:16 gtmanfred you could make the network devices minions using proxy minions
20:16 swills_ joined #salt
20:16 gtmanfred but sure, you can do that
20:17 whyzgeek the main thing is that each collection is not a seperate job
20:17 iggy do you need better than 1 minute timing? if so, Salt won't work
20:17 whyzgeek I don't want minions to stop collecting if they are disconnected from master
20:17 whyzgeek iggy: yes 5sec
20:17 gtmanfred ahh, then salt will probably not work for that
20:18 whyzgeek gtmanfred: why is that?
20:18 whyzgeek if minion is independant
20:18 gtmanfred so, you can use masterless minions
20:18 whyzgeek and just get collection schedule
20:18 gtmanfred the collection schedule can be only as little as 1 minute
20:18 whyzgeek ultimately send whatever its collected to the master
20:18 iggy salt's internal timer loop runs every minute... no faster
20:19 whyzgeek iggy: I see
20:20 whyzgeek iggy: what if I create my own customized minion because only collections should be 5sec updating and sending data back can take longer
20:20 iggy why do you want to use salt for this?
20:21 whyzgeek iggy: :) when looking at architecture its very similar to I wantto achive, I need zmq, masters, minions and proxies that provide HA
20:22 whyzgeek so I thought it might help
20:22 whyzgeek but if its too much of a hassle then probably I have to create something myself with zmq
20:22 KyleG left #salt
20:22 iggy I mean you can't just crank up the minion's internal timer... you'll have a lot of other problems
20:23 iggy an engine that does the collection may work
20:23 iggy I think they can have their own timer
20:23 gtmanfred they can
20:23 gtmanfred so can beacons possibly
20:23 whyzgeek iggy: yes I can have my own event loop
20:23 whyzgeek tap into salt bus
20:24 gtmanfred whyzgeek: beacons can monitor in 1 second intervals, and then whatever they return goes back to the master on the event bus
20:24 scoates joined #salt
20:24 gtmanfred the problem is, if the minion disconnects, it possibly won't return the data
20:24 gtmanfred https://docs.saltstack.com/en/latest/topics/beacons/
20:24 whyzgeek gtmanfred: thanks this seems inetersting!
20:25 gtmanfred you are going to need a beefy master, to keep up with processing all the data that is going to be coming in
20:25 whyzgeek gtmanfred: as far as it returns data after reconnection i am fine with it
20:25 gtmanfred it might, i have never tested that
20:25 whyzgeek gtmanfred: I probably won't use masters for it
20:25 whyzgeek syndics or proxies
20:25 gtmanfred syndics are masters
20:25 gtmanfred they have a master on them
20:26 whyzgeek ya but I can horizontally scale with them
20:26 whyzgeek master of masters
20:26 whyzgeek will be for just overall schelduing jobs
20:26 gtmanfred you could do it with masterless, the problem is that you wouldn't be able to disceminate commands down to the minions
20:26 whyzgeek and controlling what should be collected and wheer
20:26 gtmanfred but minions could put the data into storage
20:27 whyzgeek I need middle aggregation point
20:28 whyzgeek so for example each data center will have a bunch of these aggeregation points that will insert metrics into storage
20:28 whyzgeek I don't want minions directly do that
20:28 gtmanfred well then you will need masters
20:28 candyman88 joined #salt
20:28 whyzgeek that's what I thought
20:28 whyzgeek also master will send scheudles to minions
20:28 whyzgeek and also cancel them if neccessary
20:28 Inveracity joined #salt
20:29 whyzgeek for example if an interface is added or removed from a network device
20:29 gtmanfred you won't be able to use schedules, you will have to use beacons, schedules interval cannot be any less than 1 minute, and if you need to measure every 5 seconds, you will need beacons
20:30 whyzgeek gtmanfred: by schedule I meant the job that describes what should be collected at what interval on which minion
20:30 whyzgeek not the actually collection command
20:31 whyzgeek that can be 1min or even more
20:32 whyzgeek gtmanfred: I think the beacon is what I want probably needs a little modification
20:42 eThaD joined #salt
20:43 rocks-hpc joined #salt
20:44 rocks-hpc Does anyone know if saltify (a salt cloud provider) can work "through" a syndic?
20:46 gtmanfred it wouldn't matter
20:46 gtmanfred syndic shouldn't matter*
20:46 darthzen_ joined #salt
20:46 gtmanfred saltify is just a way to say, ssh to this machine and install salt minion to it
20:47 catpig joined #salt
20:48 rocks-hpc I'm not sure what to put in my map file.  The machine being ssh'd to is on the other side of the syndic, and I'm attempting to run salt-cloud -m /etc/mapfile from the mom master (not the syndic).
20:48 rocks-hpc Impossible?  It's like it needs to ssh "through" the syndic.
20:49 rocks-hpc I think I'm going down a wrong path... :-)
20:49 rocks-hpc Not sure how to "ssh to this machine", in other words.
20:49 rocks-hpc from the mom
20:50 abednarik joined #salt
20:51 iggy salt-cloud has zero tie-in to syndics
20:51 iggy salt-cloud runs directly from a single master
20:51 rocks-hpc Okay, that answers the question.
20:51 rocks-hpc :-)
20:53 rocks-hpc I presume though I could run it from the syndic, instead of on the other side of it, since the syndic is a master.  Seem correct?
20:57 iggy yeah, if you don't mind copying your configs all over the place
20:57 iggy (not that there's a better option...)
20:57 rocks-hpc right, that's what I'm thinking
20:57 rocks-hpc Okay, thanks all.
20:58 Inveracity there's no gitfs available for master configs right? (relating to rocks-hpc's question)
20:58 gtmanfred unfortunately
20:59 Inveracity an alternative could be webhooks that runs a state on syndics to pull master configs
20:59 Inveracity I'm just thinking out loud
21:00 Trauma joined #salt
21:00 gtmanfred i actually have an ida
21:01 gtmanfred you would still have to setup the fileserver, but i wonder if you could set include_dir: salt://master.d/*.conf
21:01 gtmanfred i bet not
21:01 gtmanfred but it would be neat
21:03 Inveracity yeah, hm
21:03 iggy I wonder if saltify uses the system ssh config... you could set proxycommand (to proxy ssh through the syndic) for the boxes on the other side of the syndic
21:03 gtmanfred it uses the ssh command on the commandline, so it should be able to use that proxycommand
21:04 gtmanfred One day I will have time to add the ability to use salt-ssh to bootstrap servers, probably right after i will have time to do openstack
21:04 rocks-hpc So this would be per invocation- not something that would proxy all ssh from the box through the syndic?
21:05 iggy right
21:06 jas02 joined #salt
21:07 rocks-hpc Not sure what set proxy command means here exactly though.  Is this something I can put in (say) a map file?
21:09 gtmanfred yeah i don't think there is anything in salt-cloud bootstrap function to specify extra ssh args for the ssh command
21:10 iggy it would go in /etc/ssh/ssh_config (or something)
21:12 DammitJim how do I enable a service?
21:12 DammitJim I have placed a file on /etc/init.d (ubuntu server)
21:12 DammitJim getting... The named service <service> is not available
21:12 DammitJim weird
21:12 gtmanfred is it executable?
21:13 iggy what version of Ubuntu?
21:13 DammitJim 16
21:13 gtmanfred that is systemd
21:13 DammitJim it is x
21:13 DammitJim DAMMIT
21:13 DammitJim what am I to do?
21:14 gtmanfred make it into a systemd unit, and put it in /etc/systemd/system/x.service
21:14 iggy write a systemd unit file for it instead of an init script?
21:14 DammitJim thanks!
21:14 DammitJim I write the systemd unit file
21:15 Sketch doesn't ubuntu have some init script backwards compatibility?
21:15 DammitJim with salt, I file.manage it and put it on the minion
21:15 DammitJim then what?
21:15 gtmanfred then service.running with enable: true
21:15 Zhirr joined #salt
21:15 DammitJim Sketch, that's what I thought, but I rather move forward with systemd since that's where they are going
21:15 DammitJim oh ok, it'll figure it out by itself?
21:15 gtmanfred yes
21:15 * Sketch wonders if you might need to trigger a systemctl daemon-reload after putting the file in place
21:16 gtmanfred you don't need to if you are just putting it in place
21:16 gtmanfred if you change it later, you would need to
21:16 Sketch ah, right
21:16 gtmanfred but if it doesn't exist beforehand,systemd will load it first, which is one of the reasons you might not be able to tab complete systemctl start <newservice>
21:16 gtmanfred because the tab completion uses the systemctl list-units, which only shows loaded units
21:17 gtmanfred for zsh at least (that is the one i wrote most of back in the day)
21:17 tmkerr joined #salt
21:17 gtmanfred pro tip, don't learn to do zsh completion, because everyone will start asking you to do it.
21:17 DammitJim I"m trying it
21:18 DammitJim but something tells me /etc/init.d should have worked
21:19 gtmanfred i don't see any mention online of ubuntu maintaining the init.d comptability layer
21:19 gtmanfred debian did, because they were using sysvinit on the last release
21:19 gtmanfred but ubuntu had pretty much moved over to upstart
21:19 gtmanfred so it makes since that they would just rewrite them all to systemd, and ignore init.d
21:21 iggy there is at least a way to get 16.04 to work with sysvinit scripts... not sure if it's enabled by default
21:21 iggy (I have some systems that are 16.04 and use sysvinit scripts
21:21 cacasmacas joined #salt
21:21 gtmanfred you might have to install sysvinit-utils
21:22 gtmanfred you will need whatever provides /usr/sbin/service
21:23 gtmanfred ¯\(°_o)/¯ idk i dislike ubuntu
21:24 mk-fg joined #salt
21:25 * gtmanfred is happy it is friday
21:29 Inverakitty joined #salt
21:29 onlyanegg joined #salt
21:29 netcho_ joined #salt
21:34 diagnostuck joined #salt
21:37 alvinstarr1 joined #salt
21:39 alvinstarr joined #salt
21:44 teclator joined #salt
21:48 relidy Am I just crazy, or does the acl.present state just roll over and die if there's already an ACL in place (that it applied on a previous run)? States, error messages, getfacl, and versions: https://gist.github.com/rhoths/36be2aba18f35b72fbd0f84ceb9d84b3
21:48 edrocks joined #salt
21:50 gtmanfred I think it has a problem with X
21:50 gtmanfred relidy: https://github.com/saltstack/salt/issues/39112
21:50 saltstackbot [#39112][OPEN] Feature Request:  linux_acl to handle "X" | Hello,...
21:51 relidy gtmanfred: I see. Thanks for pointing that out. At least I can stop banging my head against this for now.
21:52 gtmanfred :D
21:52 gtmanfred no problem
22:18 onlyanegg joined #salt
22:24 Guest45231 joined #salt
22:28 skinkitten joined #salt
22:30 skinkitten_ joined #salt
22:33 jas02 joined #salt
22:33 scsinutz joined #salt
22:41 amagawdd joined #salt
22:58 onlyanegg joined #salt
23:04 Edgan The systemctl reload thing, https://paste.fedoraproject.org/552759/67678511/
23:04 ssplatt joined #salt
23:08 jas02 joined #salt
23:12 nickabbey joined #salt
23:14 scoates joined #salt
23:22 eightyeight joined #salt
23:22 daxroc How can you call a mine.update from an orchestrate ?
23:24 whytewolf daxroc: like i do in the last stanza of this orchestration https://github.com/whytewolf/salt-phase0-states/blob/master/orch/salt-core-update.sls
23:28 daxroc whytewolf: thanks
23:29 whytewolf no problem
23:36 dendazen joined #salt
23:37 CeBe is there a way to see progress/output of state.sls runs or does one always have to wait for the full report when a run is finished?
23:37 teclator joined #salt
23:40 iggy you have to wait
23:41 iggy it's how Salt is designed... fire off a command to a minion, it does the work, then reports back
23:42 CeBe k, thanks!
23:46 teclator joined #salt
23:50 edrocks joined #salt
23:52 teclator joined #salt
23:58 teclator joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary