Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2017-02-15

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:10 onlyanegg joined #salt
00:27 jmedinar joined #salt
00:27 jmedinar Hello
00:28 jmedinar On Jinja how can I concatenate a variable with text to dynamically generate a path?
00:28 hemebond jmedinar: ~
00:29 jmedinar {% set db = ["/sysadm/logs/metrics/{{id}}_storage.csv"] %}
00:29 hemebond {%- set db = ["/sysadm/logs/metrics/" ~ id ~ "_storage.csv"] %}
00:30 jmedinar trying... thanks hemebond
00:30 jmedinar do you have any reference to where is that documented?
00:31 nomadlogic joined #salt
00:31 hemebond http://jinja.pocoo.org/docs/2.9/templates/#other-operators
00:33 Awesomecase joined #salt
00:33 jas02 joined #salt
00:42 spuder joined #salt
00:49 jmedinar Question... why the following is always "False" meaning the code is always being executed
00:50 jmedinar {% if not salt['file.directory_exists'](db) %}
00:50 jmedinar where db is a path to a file that exist
00:52 hemebond Apparently should work. Are you sure "db" has the correct value?
00:52 hemebond Wait... are you pointing at a directory or a file?
00:52 jmedinar yup cuz the first execution is supposed to create the file also using that variable and it does
00:52 hemebond directory_exists checks for a directory, not a file.
00:52 jmedinar to a file
00:52 hemebond Then you want file_exists
00:54 rimk joined #salt
00:58 dendazen joined #salt
01:00 rimk joined #salt
01:00 DoomPatrol joined #salt
01:01 jmedinar thanks again... even when there is quite a lot of documentation is sometimes hard to find things in order I guess
01:02 sh123124213 joined #salt
01:04 cliluw joined #salt
01:06 PatrolDoom joined #salt
01:20 debian112 joined #salt
01:22 gnomethrower joined #salt
01:22 gnomethrower Hey guys
01:22 gnomethrower this line in my pillars/haproxy-certs/init.sls file is throwing errors:   certnames: {{ config.haproxy-certs.certnames }}
01:23 hemebond gnomethrower: Could it be the hyphen?
01:23 gnomethrower when it's present, I get Rendering SLS 'haproxy-certs' failed, render error: Jinja variable 'certs' is undefined
01:23 gnomethrower hemebond: that's my thought
01:23 hemebond Try config['haproxy-certs']['certnames']
01:23 gnomethrower hemebond:   certnames: config['haproxy-certs']['certnames']
01:23 gnomethrower like that>?
01:24 gnomethrower or do I need {{ }} around it
01:24 hemebond Need the {{ }}
01:24 gnomethrower different error now
01:24 gnomethrower - Rendering SLS 'haproxy-certs' failed, render error: Jinja variable 'dict object' has no attribute 'haproxy-certs'
01:33 spuder joined #salt
01:34 gnomethrower Aha! Yes, that might have done it
01:35 gnomethrower had to uncomment the bit I was referencing as I'd disabled it while trying to drill down to this issue
01:35 jas02 joined #salt
01:39 gnomethrower thanks hemebond :)
01:39 hemebond 👍
01:48 rimk joined #salt
02:05 edrocks joined #salt
02:07 fracklen joined #salt
02:22 thebinary joined #salt
02:22 Nahual joined #salt
02:23 mpanetta joined #salt
02:25 jas02 joined #salt
02:31 PatrolDoom joined #salt
02:32 icebal joined #salt
02:37 thebinary joined #salt
02:40 evle joined #salt
02:47 vodik joined #salt
02:48 ilbot3 joined #salt
02:48 Topic for #salt is now Welcome to #salt! <+> Latest Versions: 2016.3.5, 2016.11.2 <+> Support: https://www.saltstack.com/support/ <+> Logs: http://irclog.perlgeek.de/salt/ <+> Paste: https://gist.github.com/ (please don't multiline paste into channel) <+> See also: #salt-devel, #salt-offtopic <+> Ask with patience as we are volunteers and may not have immediate answers
02:48 thebinary joined #salt
02:51 diagnostuck joined #salt
02:51 shoemonkey joined #salt
02:54 DammitJim joined #salt
02:56 prg3 joined #salt
02:58 thebinary joined #salt
02:59 catpigger joined #salt
02:59 saintromuald joined #salt
03:03 mage__ joined #salt
03:03 rawzone^ joined #salt
03:03 d3c4f_ joined #salt
03:04 daxroc_ joined #salt
03:04 WKNiGHT_ joined #salt
03:04 dragon788_ joined #salt
03:04 JamieH_ joined #salt
03:04 nickadam_ joined #salt
03:04 CaptTofu_ joined #salt
03:04 doriftoshoes_ joined #salt
03:04 igormarnat__ joined #salt
03:05 dem joined #salt
03:05 patrek_ joined #salt
03:05 tmkerr_ joined #salt
03:06 whiteinge_ joined #salt
03:06 OliverMT_ joined #salt
03:06 cro joined #salt
03:06 n1x0n joined #salt
03:06 Vye_ joined #salt
03:06 rideh- joined #salt
03:06 izrail_ joined #salt
03:06 rmc3_ joined #salt
03:07 skullone_ joined #salt
03:07 Hipikat joined #salt
03:07 arif-ali_ joined #salt
03:07 Rubin joined #salt
03:07 kleszcz joined #salt
03:07 elektrix joined #salt
03:07 chron0 joined #salt
03:07 Salander27 joined #salt
03:07 elektrix joined #salt
03:07 chron0 joined #salt
03:07 jab416171_ joined #salt
03:07 CeBe joined #salt
03:07 Salander27 joined #salt
03:07 Yamazaki-kun joined #salt
03:08 Qwazerty joined #salt
03:08 mrueg joined #salt
03:08 NeoXiD joined #salt
03:08 ecdhe joined #salt
03:08 ecdhe joined #salt
03:08 sjohnsen joined #salt
03:08 dustywusty joined #salt
03:08 verdurin joined #salt
03:08 mavhq joined #salt
03:08 devtea joined #salt
03:08 egilh joined #salt
03:08 guerby joined #salt
03:09 saintaquinas[m] joined #salt
03:12 liviudm joined #salt
03:18 gableroux joined #salt
03:25 Armageddon joined #salt
03:25 Armageddon joined #salt
03:25 Guest95781 joined #salt
03:25 Guest95781 joined #salt
03:25 bocaneri joined #salt
03:26 jas02 joined #salt
03:28 tom29739 joined #salt
03:30 Armageddon joined #salt
03:30 Armageddon joined #salt
03:34 Tanta joined #salt
03:34 bocaneri joined #salt
03:38 mpanetta joined #salt
03:58 orionx joined #salt
04:00 ivanjaros joined #salt
04:04 rimk joined #salt
04:07 edrocks joined #salt
04:08 spuder joined #salt
04:15 PatrolDoom joined #salt
04:25 bwellsnc Hello, I am trying to find a good doc or some pointers on configuring salt's job cache.... I was wondering if running the cache on tmpfs is a good idea or separating the cache into it's own dedicated partition
04:30 tharkun joined #salt
04:31 jas02 joined #salt
04:41 whytewolf i doubt that would have much effect on anything.
04:54 jimklo joined #salt
04:55 scsinutz joined #salt
05:01 copelco joined #salt
05:10 raspado joined #salt
05:15 ruxu joined #salt
05:34 jab416171 joined #salt
05:36 hemebond It's usually file node and space issues people have with the job cache.
05:37 hemebond If you don't care about the history then just reduce the number of jobs kept.
05:37 hemebond If you want to keep them send them to Elasticache or something.
05:52 jas02 joined #salt
06:05 rimk joined #salt
06:05 inad922 joined #salt
06:08 xet7 joined #salt
06:21 Hadi joined #salt
06:25 scsinutz joined #salt
07:02 felskrone joined #salt
07:04 rimk joined #salt
07:06 saintpablos joined #salt
07:11 fracklen joined #salt
07:16 kore joined #salt
07:17 orionx joined #salt
07:18 jas02 joined #salt
07:31 whytewolf ugh, is it too much to ask for a HA, high resilient RDBS, that is fast and stable? and perferably open source.
07:33 fracklen joined #salt
07:39 iggy obviously
07:47 honestly I have a conundrum
07:48 honestly So I rund user.present to make some users, then afterwards I file.managed some dotfiles into their homedir. I determine the homedir using {% set home = salt['user.info'](username).home %}. This doesn't work if the user didn't already exist.
07:48 honestly Is there a way around that?
07:50 honestly I mean I *could* just assume that if salt['user.info'](username) is None, the home must be /home/username
07:51 whytewolf nah, that would be sensable
07:52 whytewolf if you wanted to get creative you could setup a set of variables used to generate a range of possable homedirs based on operating system
07:59 Inveracity joined #salt
08:01 honestly which is exactly why I use salt, to do things like that by hand :P
08:02 juntalis_ joined #salt
08:10 edrocks joined #salt
08:18 honestly {% set userinfo = salt['user.info'](username)|default({'home': '/home/'+username}) %}
08:18 honestly it'll have to do
08:19 honestly now I just need to find an old VM that doesn't have our newest colleague on it yet *and* is running an OS that salt will work on :P
08:27 joshin joined #salt
08:30 scristian joined #salt
08:35 jimklo joined #salt
08:41 o1e9 joined #salt
08:46 teclator joined #salt
08:47 kalu26 joined #salt
08:47 kalu26 hello
08:47 kalu26 salt khatam a dedo thoda
08:47 kalu26 sabzi banani si
08:51 nkuttler kalu26: try english
08:52 kalu26 I have no salt
08:52 kalu26 please send salt
08:52 kalu26 i have to make dinner fast
08:52 gnomethrower kalu26: trolling? :P
08:52 rimk joined #salt
08:53 whytewolf or braindamaged
08:53 kalu26 No seriously channel reminds of salt in my kitchen which is empty
08:53 whytewolf it has nothing to do with the spice salt
08:53 kalu26 what type of salt it is noob
08:53 kalu26 ?
08:54 Reverend errrrr
08:54 * whytewolf puts his troll feed away
08:54 Reverend what the fuck is going on whytewolf ?
08:54 whytewolf looks like we have a troll Reverend
08:55 Reverend oh yay. my favorite part of the day
08:55 kalu26 food is tasteless without food agree?
08:55 kalu26 salt*
08:55 jas02 joined #salt
08:55 Reverend yes... I love enjoying food with my food.
08:55 Reverend not like those people that have no food with their food
08:55 * whytewolf can't imagine those people that have no food with their food
08:56 kalu26 yeah food and food with a lot of salt
08:56 Reverend I know whytewolf. How boring would that be?
08:56 Reverend kalu26: yeah! food and food and salt! that's what we need!
08:57 mavhq joined #salt
08:57 kalu26 we can get salt from sea in state of emergency
08:58 whytewolf hell, we do that because why the fuck not
08:58 Reverend that's a fantastic idea. no need to extract any more salt from teh ground! we'll just take it from teh sea. i mean it's got enough anyway right?
08:58 Reverend kalu26: we should start an activism group
08:58 kalu26 yes obviously you can start digging some salt
08:58 kalu26 for free salt giveaway
08:59 Reverend I'll do the digging, you get the sandwich board.
08:59 Reverend we'll get megaphones... everything... we'll go balls to the wall
08:59 kalu26 sandwich like ##sandwich?
08:59 Reverend yeah.
09:00 kalu26 ok you get the salt i get sandwich from them
09:00 Reverend do it. I'll hand in my notice at work and get right to it.
09:00 Reverend I'll meet you at the salt mine at 6?
09:01 kalu26 6 is bit early
09:01 Reverend when's good for you?
09:01 whytewolf 6:10 then?
09:01 kalu26 i need to make whole sandwich
09:01 kalu26 need time
09:01 Reverend true. make it 9?
09:01 Reverend i know these things take time...
09:01 kalu26 you know sandwich > salt
09:01 kalu26 ofc 9
09:01 Reverend 9 is good. sweet. I'll cya then
09:02 kalu26 cya
09:02 kalu26 whytewolf you better stay out away from mah salt
09:02 kalu26 :D
09:02 * whytewolf dives bombs into the salt
09:03 Rumbles joined #salt
09:03 Reverend whytewolf: I think this guy needs to try harder with the trolling. This is quite possibly the worst attempt I've ever seen to get people riled up. haha. might stand a better chance in #feminism.
09:03 whytewolf i think it is the lang barrier.
09:03 Reverend I wwas actually quite enjoying story time
09:03 Reverend xD
09:03 Reverend haha
09:04 kalu26 yeah language is the biggest barrier
09:04 inad922 joined #salt
09:04 whytewolf hard to rile people up when subtle context doesn't align along a paradigm
09:05 kalu26 brain to understand is must
09:05 babilen .oO( Can I have that on a t-shirt? )
09:05 whytewolf lol.
09:06 Reverend babilen: hahahaha
09:07 whytewolf shirt that up and make a fortune
09:07 Reverend hahaha
09:07 Reverend "brain to understand is must" ~ Kalu26 - 2017.
09:07 babilen I'd love it .. you could passive aggressively point in the general direction of your shirt when someone is annoying :)
09:07 Reverend hahahahaa
09:07 kalu26 From africa add that
09:07 babilen Africa isn't a country
09:07 kalu26 :}
09:08 kalu26 South bitch
09:08 babilen ...
09:08 whytewolf south bitch isn't a country either
09:08 dariusjs joined #salt
09:08 kalu26 brain donors these days
09:08 kalu26 *facepalm
09:08 jas02 joined #salt
09:08 kalu26 left #salt
09:09 * whytewolf jackson pollocks
09:10 Reverend lol.
09:11 Reverend what a joke. His mother would be disappointed if she saw him trolling so badly.
09:11 Reverend that was funny AF.
09:12 babilen I should just go back to bed and call it a good day :)
09:12 Reverend haha. yeah. I'm gonna get a new hoodie with that on babilen and send you a pic
09:12 whytewolf i should go to bed and try to avoid the thought of work tomorrow
09:13 Reverend lol
09:13 whytewolf man i wish i worked someplace i actually believe in the product
09:13 mikecmpbll joined #salt
09:14 Reverend whytewolf: what country you in?
09:14 Reverend usa i reckon?
09:14 whytewolf yeap, USA
09:14 Reverend darnit
09:14 Reverend also - get a new job you shit. if you don't enjoy it, get out before it eats your soul alive
09:15 whytewolf I enjoy the work. it is the soul sucking red tape and regulation i have to deal with that makes it suck.
09:15 Reverend I made that mistake at my last job, and I ended being asked to leave whilst fireballing antidepressants every night just so I would sleep.
09:15 saintpablo joined #salt
09:17 wendall911 joined #salt
09:19 s_kunk joined #salt
09:22 moeyebus9 joined #salt
09:28 IRC-Source_34517 joined #salt
09:29 IRC-Source_34517 left #salt
09:32 ProT-0-TypE joined #salt
09:37 honestly both my direct supervisor and my division manager believe strongly in shielding their worker bees from red tape and regulation
09:37 honestly it's so good
09:41 gmoro joined #salt
09:41 babilen We are small enough to have complete freedom to do whatever has the most technical merit (in our opinion)
09:41 babilen But then .. sometimes I'd wish for a (much) larger team (10+ people)
09:43 Rumbles joined #salt
09:43 ruxu joined #salt
09:43 honestly my team is 4 people
09:44 honestly having more *competent* team members would be very nice but those are hard to come by
09:44 babilen If you have a direct supervisor and a division manager you are working in a much larger context ..
09:49 Firewalll joined #salt
09:55 zulutango joined #salt
09:55 Reverend babilen: yeah. I work with a really tight team here, and it's quite nice being so agile around changing tech... but sometimes I want more people... because it means that we would have more time to do stuff :/
09:57 ivanjaros3916 joined #salt
10:00 achedeuzot joined #salt
10:04 manji what do you guys/gals mean by "red tape" ?
10:05 nickabbey joined #salt
10:09 thebinary joined #salt
10:13 edrocks joined #salt
10:14 mikecmpbll joined #salt
10:17 thebinary joined #salt
10:22 yuhl_____ joined #salt
10:24 yuhl______ joined #salt
10:25 honestly babilen: oh yeah, we serve approx. 5000 people
10:26 babilen Sounds interesting
10:27 honestly babilen: IT for two university departments (plus sporadic stuff for some other departments who managed to worm their way into getting resources/support for something from us)
10:27 honestly my team does backend infrastructure only
10:27 honestly (and things none of the other teams can be trusted with)
10:27 babilen haha
10:28 babilen Yeah, I worked in the backend IT team during my studies. It was a nice work environment and allowed us younglings to learn a bunch of stuff.
10:42 juntalis joined #salt
10:45 amcorreia joined #salt
10:47 Rumbles joined #salt
10:48 juntalis_ joined #salt
11:00 abednarik joined #salt
11:10 _Cyclone_ joined #salt
11:11 puzzlingWeirdo joined #salt
11:12 puzzlingWeirdo joined #salt
11:13 raspado joined #salt
11:15 cuxtud joined #salt
11:22 evle joined #salt
11:22 dariusjs joined #salt
11:26 krymzon joined #salt
11:28 _Cyclone_ joined #salt
11:33 mrueg joined #salt
11:44 wnkz joined #salt
11:46 moeyebus9 joined #salt
11:49 jhauser joined #salt
12:04 toanju joined #salt
12:07 Trauma joined #salt
12:22 PFault joined #salt
12:36 moeyebus9 joined #salt
12:55 johnkeates joined #salt
12:59 krymzon joined #salt
12:59 jas02 joined #salt
13:00 dendazen joined #salt
13:03 jas02 joined #salt
13:04 jas02 joined #salt
13:14 edrocks joined #salt
13:15 jas02 joined #salt
13:16 Brew joined #salt
13:18 toanju joined #salt
13:23 numkem joined #salt
13:27 DanyC joined #salt
13:29 edrocks joined #salt
13:29 viderbit joined #salt
13:30 edrocks joined #salt
13:32 jas02 joined #salt
13:38 stooj joined #salt
13:41 gladia2r joined #salt
13:42 justanotheruser joined #salt
13:43 beardedeagle joined #salt
13:45 modulistic joined #salt
13:47 fracklen joined #salt
13:52 shoemonkey joined #salt
13:53 rylnd joined #salt
13:56 stooj joined #salt
14:02 CrummyGummy joined #salt
14:06 _JZ_ joined #salt
14:06 AvengerMoJo joined #salt
14:10 prg3 joined #salt
14:10 viderbit joined #salt
14:18 jas02_ joined #salt
14:18 ruxu joined #salt
14:21 gmacon Is anyone aware of a salt formula providing a state that can be used to install spm packages?
14:26 jas02 joined #salt
14:26 beardedeagle joined #salt
14:31 PatrolDoom joined #salt
14:34 btorch_ joined #salt
14:40 tapoxi joined #salt
14:43 DammitJim joined #salt
14:44 brousch__ joined #salt
14:48 pissoff joined #salt
14:55 saintpablo joined #salt
15:00 racooper joined #salt
15:00 johnkeates no
15:01 johnkeates but salt-formula should have this
15:01 johnkeates feel free to add it :p
15:04 wangofett joined #salt
15:05 dendazen joined #salt
15:06 abednarik joined #salt
15:08 orionx joined #salt
15:09 orionx joined #salt
15:10 PeterO joined #salt
15:11 gableroux joined #salt
15:12 ProT-0-TypE joined #salt
15:14 raspado joined #salt
15:15 tiwula joined #salt
15:16 DammitJim how do you guys backup your git repositories?
15:17 scoates joined #salt
15:18 orionx joined #salt
15:18 AndreasLutro set up some server to automatically git clone new repos and automatically git pull periodically
15:31 tapoxi hi everyone, getting a stack trace when trying to get salt-cloud to deploy a map: https://hastebin.com/salirodoku.sql
15:32 tapoxi thoughts?
15:32 DammitJim AndreasLutro, so you basically just have another git server and clone the repo to there periodically with a cron job?
15:33 AndreasLutro yeah. unless your main git server has some easier way to backup everything
15:34 DammitJim I don't know... just trying to understand
15:34 DammitJim I'm used to backing up mysql with mysqldump or subversion stuff
15:34 DammitJim but didn't know if git has a "proper" way to backup the repo
15:35 ProT-0-TypE joined #salt
15:35 AndreasLutro nah, just git pull. you can set up bare repos for backups to save some disk space
15:35 AndreasLutro the tricky part is adding all your repos + allowing the git clone in the first place
15:35 AndreasLutro bitbucket/github/whatever has APIs that let you facilitate it though
15:35 DammitJim oh ok
15:36 DammitJim but I do have to configure git-core or something like that on the server I'm backing up to
15:36 DammitJim thanks
15:41 puzzlingWeirdo joined #salt
15:42 Tanta joined #salt
15:50 spuder joined #salt
15:55 jas02 joined #salt
15:59 onlyanegg joined #salt
16:01 toanju joined #salt
16:01 toanju joined #salt
16:03 bwellsnc joined #salt
16:05 spiette joined #salt
16:12 tapoxi fyi it was a bad cloud.profiles.d, I wrapped the profiles in an additional yaml block and it threw off the dict lookup
16:13 gtmanfred :D
16:14 wonko21 joined #salt
16:18 pmcg joined #salt
16:20 heaje joined #salt
16:21 jas02 joined #salt
16:22 Rumbles joined #salt
16:23 spuder joined #salt
16:24 jimklo joined #salt
16:24 sarcasticadmin joined #salt
16:28 ivanjaros joined #salt
16:31 abednarik joined #salt
16:33 raspado joined #salt
16:33 jas02 joined #salt
16:37 mpanetta joined #salt
16:40 impi joined #salt
16:49 gableroux joined #salt
16:49 beardedeagle love it when my requisite suddenly are not honored
16:50 orionx joined #salt
16:52 abednarik joined #salt
16:59 scsinutz joined #salt
17:02 DammitJim off-topic, but how do I get an invite for #sysadmin ?
17:05 gtmanfred no idea
17:05 gtmanfred you could try knocking?
17:05 DammitJim lol
17:05 DammitJim you guys are awesome!
17:05 gtmanfred /quote knock #sysadmin
17:06 gtmanfred knock is a real irc command... fyi :P
17:06 gtmanfred https://en.wikipedia.org/wiki/List_of_Internet_Relay_Chat_commands#KNOCK
17:06 saltstackbot [WIKIPEDIA] List of Internet Relay Chat commands#KNOCK | "This is a list of all Internet Relay Chat commands from RFC 1459, RFC 2812, and extensions added to major IRC daemons. Most IRC clients require commands to be preceded by a slash ("/"). Angle brackets ("<" and ">") denote what's placed in the encapsulated field, not a literal part of the command. Arguments..."
17:08 bantone whoa a salt bot
17:08 gtmanfred .help
17:08 gtmanfred !help
17:08 saltstackbot Hang on, I'm creating a list.
17:08 wm-bot4 I'm a documentation bot. To control me, please use #salt-bot to avoid channel spam. See this URL for my commands: http://meta.wikimedia.org/wiki/WM-Bot
17:08 saltstackbot I've posted a list of my commands at https://gist.github.com/ef373b47465c0f566666c387743ce752 - You can see more info about any of these commands by doing .help <command> (e.g. .help time)
17:09 whytewolf wait, I knew about saltstackbot but what is wm-bot4
17:09 gtmanfred ¯\(°_o)/¯
17:10 wm-bot4 was kicked by gtmanfred: wm-bot4
17:10 gtmanfred how do you use saltbot to look up states and modules?
17:10 whytewolf I think it is just !module.function
17:10 gtmanfred !module.config.get
17:10 whytewolf iggy: would know he put it here :P
17:10 gtmanfred yar
17:10 whytewolf !test.ping
17:10 gtmanfred i remember it being documented
17:10 gtmanfred !salt test.ping
17:11 gtmanfred !module test.ping
17:11 gtmanfred !salt modules.network.ip_addrs
17:11 saltstackbot https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.network.html#salt.modules.network.ip_addrs
17:11 gtmanfred bam
17:12 babilen Intuitive :)
17:12 scsinutz joined #salt
17:12 whytewolf !salt states.file.recursive
17:12 saltstackbot https://docs.saltstack.com/en/latest/ref/states/all/salt.states.file.html#salt.states.file.recursive
17:36 beardedeagle Can anyone tell me if I am missing something obvious here: https://gist.github.com/beardedeagle/420422839a8ceb4ce211e5425d90bbe2. It appears to "work" properly but sensu-client is not being restarted.
17:37 bmace joined #salt
17:37 WesleyTech joined #salt
17:37 WesleyTech \join #logstash
17:39 gtmanfred beardedeagle: that should just work ™
17:39 beardedeagle yeah that is what I was thinking too
17:39 edrocks joined #salt
17:39 beardedeagle hrm. may have to dig into the sensu rpm being installed then to see if something is going on in there
17:40 gtmanfred but it should also run after each one of those states has changed
17:40 gtmanfred so that is weird
17:43 beardedeagle yeah the logs for sensu-client show the service.running kicking off but no restart so it just goes "service is already runing" and the configs are never loaded into the service
17:45 gtmanfred if you change watch to listen, does it work? (random shot in the dark)
17:45 beardedeagle let me try
17:47 hasues joined #salt
17:52 beardedeagle hrm. it's just sitting.
17:52 beardedeagle odd
17:57 beardedeagle wait, that is me. consul has stopped responding to requests. let me fix that real fast
17:58 tapoxi anyone know how to set the root volume size of an ec2 instance with salt-cloud?
18:00 tapoxi nm, I was doing it the wrong way
18:01 beardedeagle gtmanfred: that worked. I wonder if the issue was consul the whole time. let me change it back and test.
18:05 mikecmpbll joined #salt
18:12 tapoxi hmm, now getting index out of range exception on "request_instance if ex_blockdevicemappings and 'Ebs.VolumeType' not in ex_blockdevicemappings[dev_index]:"
18:13 abednarik joined #salt
18:14 ponyofdeath anyone know if salt has support for tcp wrappers
18:16 gtmanfred ponyofdeath: i don't believe so
18:16 Eugene Do you mean hosts.allow like sshd? No, not that I've ever seen.
18:16 Eugene Use something sane and modern, like iptables ;-)
18:16 gtmanfred tapoxi: blockdevice mappings is a pit of dispair
18:16 ponyofdeath Eugene: iptables formula sucks
18:16 gtmanfred use firewalld :trollface:
18:17 Eugene Suck is relative. My Roomba does a great job of sucking
18:17 cyborg-one joined #salt
18:17 gtmanfred but seriously, firewalld is actually pretty good
18:18 Eugene I've seen enough firewall daemons come & go to know that I'm sticking with iptables for a long time
18:18 tapoxi gtmanfred: https://hastebin.com/tugocahito.makefile
18:18 tapoxi gtmanfred: I have that in my cloud map, also tried in profile. does it expect it somewhere else?
18:18 beardedeagle gtmanfred: turns out it wasn't consul. watch is just failing to capture this. listen appears to work fine.
18:20 darioleidi joined #salt
18:21 tapoxi better yet here's its entry in the map: https://hastebin.com/ucumetemef.vbs
18:29 gtmanfred tapoxi: you should be able to put it in the cloud map, or in the profile
18:30 gtmanfred and that looks right according to the docs
18:30 gtmanfred ¯\(°_o)/¯
18:31 tapoxi gtmanfred: found it, it's https://github.com/saltstack/salt/issues/39257
18:31 saltstackbot [#39257][OPEN] Using del_root_vol_on_destroy option in salt-cloud gives IndexError | Description of Issue/Question...
18:32 gtmanfred interesting
18:33 alvinstarr joined #salt
18:34 Praematura joined #salt
18:39 thebinary joined #salt
18:43 fracklen joined #salt
18:48 sh123124213 joined #salt
18:50 spuder_ joined #salt
18:51 tapoxi salt-cloud have the ability to call bootstrap's -U?
18:53 gtmanfred salt-cloud -u
18:53 gtmanfred ?
18:53 gtmanfred oh
18:53 gtmanfred yeah, pass -U to script_args in salt-cloud profile or provider or /etc/salt/cloud
18:53 gtmanfred https://docs.saltstack.com/en/latest/topics/clo
18:54 gtmanfred https://docs.saltstack.com/en/latest/topics/cloud/misc.html#deploy-script-arguments
18:54 dyasny_ joined #salt
18:55 irated joined #salt
18:56 jas02 joined #salt
18:59 nixjdm joined #salt
19:06 teclator joined #salt
19:07 sh123124213 joined #salt
19:10 jkerr joined #salt
19:11 tapoxi gtmanfred: thanks!
19:16 LeProvokateur joined #salt
19:17 abednarik joined #salt
19:21 sh123124213 joined #salt
19:35 gableroux joined #salt
19:43 perm joined #salt
19:44 jas02 joined #salt
19:51 jas02 joined #salt
20:08 dyasny__ joined #salt
20:09 dyasny joined #salt
20:11 MTecknology I just had someone argue with me that windows is easy management and I just have no idea what I'm doing. I asked him how to install x, y and z. I got three different answers. I asked him if that's as easy as pkg.installed: foo and he assured me it was just as easy.
20:11 hemebond Depends on how you're managing Windows.
20:12 Sketch sounds like his definition of easy is point and click
20:12 gtmanfred well, if you use DSC it is pretty easy... but i doubt he is doing that :P
20:13 gtmanfred also, but salt uses dsc, so :D
20:13 hemebond Or Group Policy.
20:13 gtmanfred yeah, i like the group policy stuff
20:13 gtmanfred and AD
20:14 gtmanfred AD is significantly better than ldap...
20:14 hemebond Yip. If you go the full Windows Enterprise'y stuff it can be really easy to manage.
20:14 gtmanfred I didn't realize that ldap wasn't originally intended to do authentication, it was just tacked on later
20:16 ChubYann joined #salt
20:17 Edgan joined #salt
20:22 whytewolf personally i can't stand AD. but that is mostly cause i manage linux boxes and AD is a pita in that regard
20:22 hemebond Yeah, you don't try to manage non-Windows in a Windows domain.
20:22 gtmanfred yeah, if you do it from non windows, it is a nightmare
20:23 gtmanfred When I was at rackspace, we mirrored AD onto ldap servers in each datacenter for the vsphere setups/logins
20:24 pcn Quick question about writing a formula.
20:24 bantone ugh
20:25 hemebond pcn: ?
20:26 pcn If I have a formula and I'm creating a map.jinja for it, does the the jinja variable that I create via importing the map.jinja exist in a way that other states can test for it?
20:27 hemebond pcn: No, the variable is only available where you import it.
20:27 hemebond And not really available to states, only to Jinja.
20:28 pcn OK, so in my e.g. collectd role I should test to see if I'm role_zookeeper or whatever, and I can't test to see {% if zookeeper %}
20:30 pcn thank
20:30 pcn Thanks
20:30 hemebond Well if you import the variable into the state you can test the zookeeper variable.
20:32 SaucyElf joined #salt
20:38 PatrolDoom joined #salt
20:41 pcn Yeah, but if I import it, I'll create the map that I am testing for, so I think it'd make more sense for me to construct the role to do it outside of the formula
20:43 Heartsbane joined #salt
20:46 scsinutz joined #salt
20:48 SaucyElf joined #salt
21:01 whytewolf pcn, are you writeing a zookeeper formula?
21:04 XenophonF did the cron.present state change in 2016.11? it's not including the identifier in the comments before/after the managed crontab entry
21:04 XenophonF (salt 2016.11.2 on centos 7 if that matters)
21:05 pcn whytewolf: I'm doing one that's internal, yeah
21:06 bmace left #salt
21:13 fredrick joined #salt
21:14 fredrick Anyone have a formula for chaosmonkey?
21:15 cscf Anyone got a setup that can take every minion's ssh host key, pull them back to the salt-master, and push a compiled /etc/ssh/known-hosts to all?
21:16 gtmanfred you could write up an ext_pillar that looks up all the minions ssh host keys and provdies them to all minions
21:18 cscf gtmanfred, how hard would that be?
21:18 joshin joined #salt
21:19 gtmanfred pretty easy
21:21 cscf Ok, I'll look into it.  Thanks!
21:21 cscf Actually sounds like a good tutorial/test case for ext_pillars
21:21 gtmanfred you could also use the salt mine to push the key to the mine, and pull it from there for all minions
21:22 cscf What are the pros/cons?
21:22 gtmanfred you don't have to write anything custom
21:22 gtmanfred con: you don't get to write an ext_pillar
21:22 cscf heh
21:22 gtmanfred the mine is probably the correct way to do that
21:23 cscf Well, I think I will use both mine and ext_pillar in future, so probably I should do mine if it's directly better
21:23 gtmanfred i would say that the mine is probably the best, because the ssh host key is going to stay the same, so the mine wouldn't ask the minion every time you run a highstate
21:23 gtmanfred where if you do it with ext_pillar, every time you run a highstate, the master will ask all minions for their keys, and it will do it once for every minion
21:23 gtmanfred it is definitely better
21:24 cscf gtmanfred, so with mine & unchanging key, is it a push system, or does the master poll?
21:25 cscf docs say polling on mine-interval
21:25 tercenya joined #salt
21:26 cscf Now, if I want a list of known_hosts, is it easy to merge mine and pillar?  I guess just a jinja file that does forall pillar; forall mine?
21:29 gtmanfred i mean {{salt['mine.get']('ssh_keys')|join('\n')}}
21:29 gtmanfred and then put cmd.run cat /etc/ssh/host_key and use the ssh_keys alias
21:30 gtmanfred {{salt['mine.get']('*', 'ssh_keys')|join('\n')}}
21:31 cscf ah, join with \n.  that makes sense
21:32 cscf gtmanfred, I don't think I need to cmd.run cat, ssh.host_keys seems to be what I want
21:32 gtmanfred yeah, that would work :)
21:32 cscf not sure about the structure of the returned data, though
21:33 cscf salt '*' ssh.host_keys private=False returns a dict, I think?
21:33 gtmanfred maybe? idk
21:33 cscf dsa.pub: <stuff> \n rsa.pub: <Stuff> etc
21:33 cscf that's a dict, right?
21:33 gtmanfred yes
21:33 gtmanfred add --output=json
21:34 cscf Can I join a dict the same way?
21:34 gtmanfred you can't join it in the same way
21:35 gtmanfred {%- for ret in salt['mine.get']('*', 'ssh.host_keys') %}
21:35 gtmanfred {{ret['dsa.pub']}}
21:35 gtmanfred {%- endfor %}
21:45 wendall911 joined #salt
21:48 raspado hmmm so we use a script in _modules/. I want to disable the minion agent and manually modify the backup module in _modules (perhaps in the minions cache?) to manually override the backup script to perform a manual data migration
21:48 raspado that way I dont modify the script on the salt master, is this possible to do?
21:49 jhauser joined #salt
21:51 teclator_ joined #salt
21:53 raspado can modules be modified? This specific module runs a cron-like job using salt's cron manager
21:55 jhauser_ joined #salt
21:56 whytewolf raspado: yes, just download the source to the module and include it in salt://_modules/<module>.py or salt://_states/<module>.py depending, then sync it useing salt -'*' saltutil.sync_all
21:56 Cottser joined #salt
21:57 gmoro joined #salt
22:00 raspado whytewolf: not sure if I follow, so currently the backup.py script is running across all the minions. This script has hostnames of backups servers. I want to do a rolling-deployment per-se by hand modifying the backup.py script on the minion instead of the salt master
22:00 hemebond Why?
22:00 raspado but i need to ensure the minion does not download the latest module (we have a schedule every 15 minutes to sync to the salt master)
22:00 gtmanfred you can't do that right now.
22:01 raspado ah so theres no way to modify the backup.py module from the salt minion's cache?
22:01 gtmanfred there is, but it will be changed when you do your sync in 15 minutes
22:01 edrocks joined #salt
22:02 raspado hmm yeah, crap i guess i do need the salt minion turned on or else i cant even run the backup script
22:04 gtmanfred right now in develop there is some code where you can blacklist modules that are being synced, so if you turn off clean_dynamic_modules and blacklist the module that you want to have not get reupdated, you could do this... but yeah you can't do it at all in a currently released version
22:05 gtmanfred https://github.com/saltstack/salt/pull/39367
22:05 saltstackbot [#39367][OPEN] add extmod_blacklist to make it easier to remove modules | What does this PR do?...
22:05 raspado hmmmm oh wait...
22:08 raspado could I perhaps do this, ? remove the schedule (line 8-11) in http://pastebin.com/Nm5VzjFW, modify the _module/backup.py script in the minions cache and bounce the salt-minion on the host?
22:09 gtmanfred sure
22:09 raspado sweet
22:10 gtmanfred just modify the backup script in /var/cache/salt/minion/extmods/module/backup.py
22:10 scsinutz joined #salt
22:10 raspado sweet, thx hemebond gtmanfred!
22:15 abednarik joined #salt
22:19 rimk joined #salt
22:23 cscf gtmanfred, makes sense, but when I try, I get "Jinja variable 'str object' has no attribute 'ecdsa.pub'"
22:23 DEger joined #salt
22:24 onlyanegg joined #salt
22:25 raspado gtmanfred: wait so question... if i disable the schedule within the salt minion, will that affect the cron schedule through the salt schuduler?
22:25 cscf gtmanfred, even though salt '*' mine.get '*' ssh.host_keys --output=json shows an ecdsa.pub
22:27 cscf If I just use {{ ret }} the file contains the fqdn
22:27 gtmanfred raspado: that is the cron schedule in the salt scheduler isn't it?
22:27 rubenb joined #salt
22:27 gtmanfred cscf: oh yeah, sorry, you should do a .items on the mine.get()
22:28 gtmanfred cscf: {%- for minion_id, keys in salt['mine.get']('*', 'ssh.host_keys').items() %}
22:28 raspado gtmanfred: yeah
22:28 gtmanfred then do keys['ecdsa.pub']
22:28 gtmanfred raspado: then yes, it will stop the schedule in the salt scheduler...
22:29 cscf gtmanfred, that worked! Thanks!
22:29 gtmanfred raspado: if the schedule is defined in pillars, you will also need to remove it from the pillars
22:32 raspado ahhh kk, is there a way where i can manually execute the scheduled job through the salt minion in this case?
22:32 gtmanfred just run whatever was scheduled?
22:32 gtmanfred there is no way to trigger the schedule
22:32 raspado hmm let me see if i can pull the job
22:36 raspado gtmanfred: http://pastebin.com/rsGL6RKM heres the schedule list, in my case, i would want to disable the highstate schedule which runs every 15 minutes (so it doesnt overwrite my temp change on the minion) and manually execute backup.run_backup
22:37 gtmanfred remove them from the minion config and from wherever they are configured, and then run salt-call backup.run_backup
22:38 raspado got it thx!
22:41 DEger joined #salt
22:42 Grok joined #salt
22:43 Grok_ joined #salt
22:45 mikea joined #salt
22:46 mikea can someone link me to an example of test.check_pillar being required in a state?
22:47 gtmanfred what do you mean by required?
22:49 mikea so in another state I can
22:49 mikea require: - pkg: squid
22:49 gtmanfred require:
22:49 gtmanfred - test: name
22:49 mikea so like
22:49 mikea - test: check_pillar?
22:50 gtmanfred no, name would be the state id or name passed to the state
22:50 mikea or would name be the id of that state
22:50 mikea okay
22:50 mikea thanks
22:51 gtmanfred mikea: http://ix.io/1Tux
22:51 gtmanfred it could be either one of those requires
22:51 gtmanfred name isn't actually used by test.check_pillar, so it probably isnt' defined in the state, meaning it defaults to the state id... but you could still set it if you wanted to
22:52 mikea I set the id to ensure_pillar_exists already
22:52 mikea so I'll just require: - test: ensure_pillar_exists
22:53 gtmanfred yes
22:53 mikea is there a documentation page that explains how that all works?
22:53 gtmanfred https://docs.saltstack.com/en/latest/ref/states/requisites.html
22:53 mikea I mean to me having the ID should be enough, having to pass the file/test/etc keyword makes it difficult because I never know what the keyword should bew
22:54 gtmanfred you can always pass the stateid, but sometimes it makes sense to pass the name: instead
22:55 gtmanfred like if you use names: each state that is generated from names: has the same stateid, but different name
22:55 mikea thanks for the help
22:56 gtmanfred np
23:00 icebal joined #salt
23:01 jhauser joined #salt
23:02 preludedrew joined #salt
23:02 Grok_ Hi. Do anyone know that whenever the master parses this event "salt/event/new_client" it auths all minions with a "salt/auth" event and it clogs up the salt master if we have alot of minions to a single salt-master.
23:03 hemebond Grok_: Are you saying it re-authenticates existing minions when a new ... is that a custom event?
23:04 Grok_ nope, a new minion is accepted on the master
23:04 hemebond Odd. I don't think I've seen new_client event before.
23:04 hemebond So it re-authenticates all existing minions?
23:04 Grok_ ye
23:05 hemebond Could it be checking the new key against existing minions?
23:05 Grok_ it clogs up a 8vcpu core server with 16 worker threads for about 10 seconds with 100% cpu
23:05 hemebond To make sure the key isn't being reused?
23:05 Grok_ and cause all other operations to the master to fail out during that 10 seconds
23:05 Grok_ with around 1500 minions attached
23:06 Grok_ i was thinking that the mine was doing something, but not sure
23:06 Grok_ and it is even worse in out 2500 minion installation :P
23:07 chjohnst joined #salt
23:08 whytewolf Grok_: i don't see a salt/event/new_client. i see salt/auth which is the closest item
23:09 Grok_ maybe that event is something from a older version that is not in the 16.11 code base?
23:09 hemebond I'm on 2016.3.5 and I've never seen new_client
23:10 sh123124213 joined #salt
23:10 Grok_ mkay :P
23:10 whytewolf is it possable it is a custom event hook that was written to auto auth?
23:11 Grok_ well besides that, what could cause all minions to spit out these kinds of auth events
23:12 Grok_ https://gist.github.com/Grokzen/3f1f50fef6f187802de34758548bea6d
23:12 Grok_ nope
23:12 Grok_ nothing like that
23:12 Grok_ we only use the regular built-in stuff like salt-key -a *
23:12 hemebond Where is the new_client event?
23:12 Grok_ on the master
23:12 hemebond And you have no reactors?
23:12 Grok_ nope
23:14 whytewolf salt-cloud?
23:14 Grok_ nope
23:15 Grok_ nothing fancy :P
23:15 Grok_ plain old master minions with a few simple states for users and ssh keys
23:17 tom[] joined #salt
23:19 sh123124213 joined #salt
23:21 whytewolf humm, strange i am not getting a single new client event
23:21 whytewolf i just tried adding a new client into my stack
23:22 gtmanfred i see new_client in 2015.5
23:22 gtmanfred what version is your minion?
23:22 Grok_ 2015.5.6
23:22 gtmanfred that is why we can't find it
23:22 Grok_ so possible something that was taken out
23:22 Grok_ ye
23:23 Grok_ besides that, is there something that would cause the master to try to talk to all minions at once?
23:23 Grok_ any subsystem
23:23 gtmanfred it was taken out, we don't fire an event from SaltEvent every time a Salt Event is initiated
23:25 gtmanfred only thing I can think of is when the AES key is rotated on the master
23:25 gtmanfred when a minion key is deleted
23:25 Grok_ ye that do not happen here :D
23:25 Grok_ deleted?
23:25 Grok_ why in that case?
23:26 gtmanfred it was added in 2015.8,
23:27 gtmanfred and because just beacuse you delete the key, doesn't mean that the minion is deleted
23:27 gtmanfred if you have a compromised minion, and you delete its key, the master key is still stored on that minion, so it could reconnect ish, rotate the master key, and your data is protected again
23:28 gtmanfred https://docs.saltstack.com/en/latest/ref/configuration/master.html#rotate-aes-key
23:28 Grok_ but if that feature got into 15.8 i do not have that in my 15.5 installations
23:28 Grok_ or was that even earlier?
23:28 gtmanfred other than that, i can't think of a reason that the master would be reaching out to the minions to do anything, unless you specifically told it to
23:28 gtmanfred what version is your salt master?
23:29 Grok_ 2015.5.6
23:29 Grok_ on both client and master
23:29 gtmanfred then no, you don't have that
23:29 Grok_ it would explain alot tho :p to bad
23:29 gtmanfred also, you should upgrade because there are some public cves fixes that were not backported for 2015.5, because it is out of support
23:29 Grok_ ye i know
23:30 Grok_ big enterprise system, slow moving forward -_-
23:30 gtmanfred though, if you are using redhat packages, they were talking about backporting them
23:30 Grok_ before we got to 15.5 6 months ago we wore on 2014.1.1 so :D
23:30 gtmanfred lol
23:30 gtmanfred gross
23:30 Grok_ ye
23:31 Grok_ but, takes time to upgrade 17k units in prod so
23:31 Grok_ alot of planning and resources
23:32 gtmanfred yeah
23:43 jas02 joined #salt
23:48 whytewolf salt 'masters*' pkg.install salt-master && salt 'masters*' cmd.run 'echo service salt-master restart | at now + 1 minute' && sleep 100 && salt '*' pkg.install salt-minion && salt '*' cmd.run 'echo service salt-minion restart | at now + 1 minute' && sleep 300 && salt '*' smtp.send_msg 'boss@company' 'I quit' profile='me'
23:49 whytewolf ;P
23:50 hemebond LOL
23:54 onlyanegg joined #salt
23:55 bigjazzsound joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary