Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2017-02-23

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:00 teclator joined #salt
00:01 alexlist joined #salt
00:25 DanyC joined #salt
00:27 dps joined #salt
00:40 Dan_ joined #salt
00:41 Dan_45 Salt is kicking my but today with escape issues.
00:41 Dan_45 Trying to set a variable to the output of a curl command: {% set token=salt['cmd.shell']('curl -s -H "Content-Type: application/json" --data-ascii '{"user": "myID", "password": "myPW"}' my_web_svr:8888/my/url') %}
00:42 hemebond Your salt escaped?
00:42 Dan_45 Some days I wish my salt would escape
00:42 hemebond You're doing that in a state?
00:42 Dan_45 That curl command works perfect from a bash shell.
00:42 Dan_45 Yeah
00:43 hemebond And when you run it via salt-call or salt minion?
00:44 Dan_45 Similar errors.  I think the issue is that I have '' surounding the cmd and I also need '' surrounding the userid/pw data
00:45 Dan_45 Passed invalid arguments: shell() got multiple values for keyword argument 'cmd'.
00:45 Dan_45 Actually that is want I get when I run: salt-call cmd.shell cmd=
00:45 Dan_45 then the curl command with 'curl.....'
00:52 amcorreia joined #salt
00:57 nickabbey joined #salt
00:59 Dan_45 I was hoping that I just missed something simple.  Guess nobody else has any idea's either.
01:01 N-Mi joined #salt
01:02 shoemonkey joined #salt
01:02 whyzgeek joined #salt
01:08 CeBe Dan_45: did you try to escape the inner quotes '' ?
01:08 CeBe repalce ' with \'
01:09 sarcasticadmin joined #salt
01:09 Dan_45 If your refering to the \'{"user"....}\' I tried that with no luck
01:09 CeBe yes
01:10 CeBe that is at least what I would expect from jinja to work
01:13 Dan_45 That was my first thought too.  I'm starting to think it might actually be something else causing the issues.
01:13 hemebond What about ^'
01:13 Dan_45 The userid and password are  both variables so they are actually encloded in {{ user_id }} and {{ password }} and I'm thinking that might be contributing to the problem.
01:14 Dan_45 I just tried setting a variable to that quoated string and it looks like that is working but my cmd.shell (in debug mode) looks like it is not substituting {{ string }} with the value of the variable.
01:15 hemebond We would need to see your state to debug that much.
01:16 Dan_45 {% set userid=salt['pillar.get']('gui:user', 'my_id') %}
01:16 Dan_45 It's basically that, then another one for the password.  Confirmed they are both working.
01:16 hemebond Show your command as it actually is.
01:18 Dan_45 Then the final one looks like this: {% set token=salt['cmd.shell']('curl -s -H "Content-Type: application/json" --data-ascii '{"user": "{{ my_id }}", "password": "{{ my_password}}"}' my_web:8888/api/login') %}
01:18 hemebond There we go.
01:18 hemebond Don't use {{ }} when you're already inside {% %}
01:18 Dan_45 Had to sanitize it
01:19 hemebond And try ^' to escape the single quotes inside the command.
01:20 Dan_45 Ok, let me try it
01:22 Dan_45 {# set token=salt['cmd.shell']('curl -s -H "Content-Type: application/json" --data-ascii \'{"user": "'my_id'", "password": "'my_password'"}\' my_web:8888/api/login') #}
01:23 Dan_45 This did not work.  Hoping maybe I just missed a quote or something.
01:23 hemebond What is #} for?
01:23 hemebond That comments it out.
01:23 Dan_45 Sorry the {# is actually a {% in the code
01:23 hemebond Tried ^' ?
01:24 pppingme joined #salt
01:24 Dan_45 Sorry, not following
01:24 hemebond ^' instead of \'
01:25 Dan_45 Oh, actual "^" symbol?
01:25 hemebond Yes
01:25 Dan_45 Let me try that
01:25 DanyC joined #salt
01:26 Dan_45 failed: Jinja syntax error: expected token ',', got '{';
01:26 Dan_45 This is what I'm getting now.
01:26 hemebond Show me the code.
01:26 hemebond "sanitised" as little as possible.
01:27 Dan_45 {% set token=salt['cmd.shell']('curl -s -H "Content-Type: application/json" --data-ascii ^'{"user": "'my_id'", "password": "'my_password'"}^' my_web:8888/api/login') %}
01:28 hemebond Can you see in the minion log (might require debug) what it's actually seeing?
01:28 hemebond What it's trying to run?
01:29 ninjada_ joined #salt
01:30 Dan_45 Ok, made some changes to remove the use of any real names.  Here is the actual code.
01:30 Dan_45 {% set auth_token=salt['cmd.shell']('http_proxy= curl -s -H "Content-Type: application/json" --data-ascii ^'{"user": "'gui_user'", "password": "'gui_password'" }^' 'web_host':'web_port'/api/login | grep api_token ') %}
01:31 Dan_45 failed: Jinja syntax error: expected token ',', got '{'; line 11
01:31 hemebond What is that `web_port` thing?
01:31 Dan_45 {% set auth_token=salt['cmd.shell']('http_proxy= curl -s -H "Content-Type: application/json" --data-ascii ^'{"user": "'gui_user'", "password": "'gui_password'" }^' 'web_host':'web_port'/api/login | grep api_token ') %}    <======================
01:31 hemebond That's not how you concatenate strings in Jinja.
01:32 Dan_45 web_host and web_port are both variables.
01:32 hemebond Jinja variables?
01:32 Dan_45 {% set web_port=salt['pillar.get']('web:port', '5001') %}
01:32 Dan_45 In the same state file.
01:33 hemebond To concatenate strings in Jinja you have to use ~
01:33 hemebond 'this is stuff ' ~ myvar ~ ' and the rest'
01:33 Dan_45 Ok, let me try that.
01:35 Dan_45 Same syntax error as before.
01:35 Dan_45 {% set auth_token=salt['cmd.shell']('http_proxy= curl -s -H "Content-Type: application/json" --data-ascii ^'{"user": "' ~ gui_user ~ '", "password": "' ~ gui_password ~ '" }^' ' ~ web_host ~ ':' ~ web_port ~ '/api/login | grep api_token ') %}
01:35 whytewolf I don't think ^ is a valid escape
01:35 Dan_45 Ok, let me try changing that part back to \'
01:35 whytewolf \\\
01:36 whytewolf also you have unescaped '
01:36 Dan_45 Getting closer
01:36 whytewolf oh those are variables
01:36 Dan_45 Other errors due to changeing variable nomes
01:37 Dan_45 I think that did it.
01:38 Dan_45 I need to add some grep/sed foo to my curl command to get the 1 line I need but I'm getting the curl output I expected.
01:38 hemebond I can't help but feel like http.query would be a better idea.
01:39 * whytewolf agrees with hemebond
01:40 Dan_45 haha
01:40 Dan_45 Well, either way that worked.  Thank you so much.
01:40 hemebond ????
01:40 Dan_45 I've been working with salt for 6+ years now and I honestly never used the ~ myvar ~ syntax
01:41 hemebond lol
01:41 hemebond That's pretty amazing.
01:41 Dan_45 I would have beat my head for days and not found that.
01:41 Dan_45 I'm wondering how many other things I've bastardized because I didn't know about that syntax.
01:42 whytewolf lol hemebond actually i have used it maybe 6 times total. in different kinds of templates.
01:44 Dan_45 I'm looking at http.querry now.  Would I use that in place of salt['cmd.shell']?  salt['http.querry']('http://' ~ web_host ~ ':' ~ web_port ~ ' etc ')?
01:46 Dan_45 I've got to run.  Thank you again so much for the help.  This really saved me.
01:46 guest87654 joined #salt
01:47 guest87654 joined #salt
02:03 hemebond How can I configure my `pkg.installed` so that it can install and upgrade salt-minion and salt-common and not allow updates outside of Salt? I'm getting errors about the packages being held.
02:04 hemebond Error when trying to update that is.
02:22 onlyanegg joined #salt
02:24 CheckYourSix joined #salt
02:31 Nahual joined #salt
02:49 nafg joined #salt
02:49 nafg hi
02:49 nafg Is there another chat, like Gitter or Slack?
02:49 brd I sure hope not
02:49 nafg :D
02:49 brd those are terrible for open source projects
02:50 catpiggest joined #salt
02:50 nafg not my experience but whatever :)
02:50 nafg why do you say that?
02:50 brd https://drewdevault.com/2015/11/01/Please-stop-using-slack.html
02:51 brd I also use slack every day for work and like it for that..
02:51 ninjada joined #salt
02:52 nafg yeah but gitter is good for OSS stuff
02:53 nafg Anyway... I want to start using Salt but I'm not sure what the ideal workflow would look like
02:53 nafg I already set up a salt master
02:53 nafg with SaltPad
02:53 nafg In order to do so, I created a GCE instance, and entered a bunch of commands and edited a bunch of files
02:54 nafg in the hopes that Salt will save me from having to do that on any other server
02:54 nafg But now the master is a SPOF. What happens if it goes down or gets hacked?
02:54 nafg (single point of failure)
02:54 nafg (for so far zero minions)
02:55 hemebond Bring up another.
02:55 nafg How?
02:55 hemebond Have your files in a Git repo.
02:55 nafg Right! So that's what I want to do
02:55 nafg But that raises a bunch of its own questions
02:55 nafg Like, how to keep the git repo in sync with the machine's files?
02:56 brd use the gitfs backend ?
02:56 hemebond Depends entirely on your setup. Right now I just edit the files on the master directly.
02:56 nafg I don't have a setup yet :)
02:56 nafg I just created a master to experiment
02:57 nafg GitFS doesn't help for /etc/salt/master etc.
02:57 whytewolf it does if your salt master is also a minion and you have those files in salt
02:57 brd whytewolf: ha, I was just going to suggest that
02:57 nafg Also when does salt read gitfs from git, and when does it update the minions?
02:58 nafg Does it require executing a command?
02:58 nafg Ideally someone would just clone the repo, edit config, and git push, and voila...
02:59 nafg whytewolf: true
03:00 whytewolf gitfs backend is updated about every 60 seconds. highstates happen when ever you want. i know people that don't have any kind of scheduled push. and then there are people that have reactive push. [salt-api setup and a git hook that triggers off of it]
03:01 nafg wdym
03:01 nafg do you have a link to how to implement a "reactive push"?
03:02 nafg_ joined #salt
03:02 whytewolf no. I don't do it myself. honestly start with the documentation. and read it. then read it again. read the tutorial. learn how to use the most basic steps before you dive into the deep end
03:02 nafg I've read a lot already
03:03 whytewolf apperently not
03:03 whytewolf https://docs.saltstack.com/en/latest/topics/tutorials/states_pt1.html
03:03 nafg In the past I used salt-ssh for a project
03:03 nafg Which part of that page are you accusing me of not having read? ;)
03:03 whytewolf who said that was a single page?
03:04 whytewolf [aka all of it if you didn't know it has more then one page]
03:04 nafg_ Honestly I find the nav very confusing :)
03:05 nafg_ whytewolf: anyway which part of that section?
03:05 whytewolf nafg_: that is the start. read the whole bloody thing to the end.
03:06 whytewolf actually follow along with it
03:07 justan0theruser joined #salt
03:07 whytewolf if you are not to the point of being able to build states. reactors beacons and orchestration will be useless
03:07 nafg_ ok that's not helpful. I've used salt a lot. I've read lots of the documentation. I may have missed or skipped or misunderstood or forgotten parts.
03:07 nafg_ In the past I only used salt-ssh
03:08 whytewolf it isn't much different. except you have a minion
03:08 nafg_ I "get" states
03:08 nafg_ what isn't?
03:08 whytewolf salt-ssh to salt-minion
03:08 brd not to be rude, but how are we to know which parts you missed or skipped or misunderstood or forgotten...
03:09 nafg_ brd: you're not. If I ask a question you're not supposed to answer with "just read the manual"
03:09 brd and I say that as someone that has done all of those :)
03:09 whytewolf RTFM
03:09 hemebond nafg_: I would start off setting up setting up a master and a minion and just playing with remote execution and applying states.
03:09 brd nafg_: right, a specific section would be good
03:10 nafg_ My question was how to set up Salt to update the minions in response to config being updated, without having to run anything on the command line
03:10 whytewolf it doesn't help us if all you say is yeah i need help with 'waveing hand' and then say all of it
03:10 hemebond nafg_: You will need to read up on reactors and events.
03:10 hemebond But before that, you need a master and a minion and be comfortable with them.
03:11 hemebond Once you understand how the master and minion work together then you can automate things.
03:11 nafg_ I think that I do
03:11 nafg_ hemebond: are you suggesting to use the inotify beacon to watch the config files?
03:12 hemebond Nope. I assumed you meant the state/pillar config on the master.
03:12 whytewolf nafg_: you can do anything you want. ibeacon to watch the configs. set a schedule job. hell even just use a cron. some of this is basic IT
03:12 nafg_ Yeah, as I said, I don't want a scheduled job
03:12 whytewolf you didn't say that.
03:13 whytewolf you just waved and asked. i do i minion
03:13 nafg_ > [22:01] <nafg> do you have a link to how to implement a "reactive push"?
03:13 whytewolf and i said i don't
03:14 nafg_ right, and then you continued by saying "read the documentation." And I said which part. etc. etc.
03:14 whytewolf but a quick google search https://github.com/sivir/saltstack-git-hook
03:14 whytewolf https://gist.github.com/renoirb/a379d721a6f54d9ea83b
03:15 nafg_ whytewolf: thanks, that's helpful
03:16 whytewolf also your idea about inotify beacon triggering a reconfig is not a bad one
03:16 whytewolf will force those files to stay in a state you want them too
03:17 whytewolf there are millions of different ways to design your infrastructure. none of them are correct or incorrect [except the ones that don't work]
03:18 nafg_ However if the salt master goes down and I need to spin up a new one, I'm still not clear how that can be automated
03:18 nafg_ Maybe if I take volume snapshots I should just not worry about that
03:19 whytewolf honestly it isn't that big of deal. there is multimaster but there are some things broken about that that it would be better to just use a single master
03:19 nafg_ Don't clouds like GCE have that risk?
03:19 nafg_ or EC2
03:19 hemebond As long as your master config and salt config are in a git repo, it should be easy to bring up a new master.
03:19 nafg_ maybe I'm wrong
03:20 hemebond Risk of what?
03:20 nafg_ of it going down
03:20 hemebond I've been using EC2 for about two years now and most of my servers have never gone down.
03:20 nafg_ "most" =D
03:20 whytewolf clouds tend to shift minions around to avoid downtime
03:20 hemebond Yeah, I've had a few stop responding for some reason so I had to reboot them.
03:21 whytewolf s/minions/instances
03:21 nafg_ anyway :)
03:21 hemebond If my master goes down it wouldn't really matter.
03:22 nafg_ Ideally *everything* would be managed in one place, so I want to use salt-cloud to create the instances in the first place
03:22 whytewolf yeah a master going down is not the end of the world. the minion will just use cached data until it connects to a new master. in thoery. never tested it
03:22 hemebond The worst that could happen is a new EC2 instance is created by AWS without my master to see it and build it.
03:22 ponyofdeath joined #salt
03:22 nafg_ I guess I should make sure the minions us a static IP for the master so it can be reassigned if need be
03:22 whytewolf minions connect to the master, not the other way around
03:22 hemebond Why wouldn't you use a DNS entry?
03:23 nafg_ Ok DNS too
03:23 nafg_ as opposed to ephemeral ip
03:23 hemebond Yeah, having the master on a static IP is best.
03:23 nafg_ whytewolf: right, that's why if the master is recreated they have to still connect
03:23 whytewolf which is why dns is better ;)
03:24 nafg_ ok
03:24 whytewolf also. I want to appologize. i was rude earlyer. just have a short fuse while I'm in deploys at $work [no we don't use salt there]
03:25 nafg_ no problem
03:25 nafg_ I want to use salt-cloud, so that if need be I can delete some the minion for some app from GCE and let salt recreate and provision it
03:25 whytewolf salt-cloud is good although can be dalting to get right
03:25 nafg_ someone I know uses terraform. Am I losing anything major by using salt-cloud instead?
03:26 nafg_ (and lots of people I don't know :) )
03:26 whytewolf I don't know terraform enough to say
03:26 whytewolf salt-cloud actualy does install the salt-minion for you. and can be used to build masters
03:26 nafg_ yeah
03:27 DanyC joined #salt
03:27 nafg_ I mean there are lots of thing terraform does that salt-cloud doesn't, but probably salt states cover a lot
03:28 whytewolf most likely. like i said i don't know enough about terraform. but honestly. salt can connect to most of the hashicorp tools so wouldn't be surprised if they can be used together
03:29 nafg_ yeah I'm sure they could. But my goal is to use the fewest tools
03:29 nafg_ Most of my apps are in docker-compose, so I might also be able to get by with terraform and no Salt
03:30 nafg_ No
03:30 nafg_ it can
03:30 nafg_ can't update a file on an existing machine in my understanding (TF)
03:30 nafg_ brd: btw I'm using irccloud now so thanks for the pointer :)
03:31 whytewolf ahh, saltify basicly lets you put salt on any existing minion you can ssh into and works off of salt-cloud based commands.
03:32 nafg the map file looks suspiciously like the salt-cloud map file
03:32 nafg nm missed the second half of what you said :)
03:35 nafg Ok how about this scenario
03:35 nafg Suppose I used salt cloud and states to spin up a machine containing App and Database. Then later I want to run them on separate machines
03:35 nafg How would salt help me transition?
03:36 hemebond Transition?
03:36 nafg In particular the "service discovery" aspect so to speak
03:36 hemebond Many ways to handle "service discovery"
03:36 hemebond Personally I put things into Pillars or use load-balancers to handle that.
03:37 nafg how does LB help here?
03:37 hemebond It doesn't matter where the service is, things connect to the load-balancer.
03:37 hemebond *via the
03:37 nafg and where is the LB located?
03:38 hemebond In the environment.
03:38 nafg again, the question is how much of this process salt can cover
03:38 hemebond All of it.
03:38 nafg you mean environment variables?
03:38 hemebond Environment variables?
03:38 nafg wdym "in the environment"
03:39 hemebond The network. The VPC.
03:39 nafg Ok salt-cloud can't control any of that can it?
03:39 hemebond Salt can control all of it.
03:39 whytewolf well, salt can. for openstack, and aws
03:39 whytewolf i don't know about gce
03:40 nafg ok, so how would that look, is that a state? and where is the state applied to?
03:40 hemebond nafg: You need to be more specific.
03:40 hemebond Salt is a framework with a lot of pieces.
03:40 whytewolf typically i tend to put that kind of state against my master. but you can apply it to any minion
03:41 whytewolf just need to make sure the minion that does it has the libraries to connect
03:42 whytewolf like for aws loadbalancer you would use something like https://docs.saltstack.com/en/latest/ref/states/all/salt.states.boto_elb.html#module-salt.states.boto_elb
03:42 nafg ok salt-cloud actually can manage that stuff, it looks like
03:42 hemebond Salt can.
03:43 hemebond salt-cloud is one component of Salt.
03:53 puzzlingWeirdo joined #salt
03:56 nafg I know that. It looks like that specific component can.
03:57 nafg which seems more elegant than applying states to the master
03:59 iannnn joined #salt
03:59 iannnn hihihihihhi
04:00 hemebond nafg: What whytewolf linked to was a state module. So it has to be used via a minion.
04:00 dxiri joined #salt
04:00 nafg correct, but it seems like an analogue exists in salt-cloud
04:00 johnkeates joined #salt
04:00 nafg https://docs.saltstack.com/en/latest/topics/cloud/gce.html#load-balancer
04:01 ivanjaros joined #salt
04:01 hemebond It depends on the provider, yes.
04:02 hemebond I don't think the EC2 provider can manage load-balancers.
04:02 hemebond (maybe it can and I just haven't found it)
04:02 whytewolf also i would argue that states could be better because you can use jinja and beacons/reactors to fire them off. so a person does have to type something on the cli
04:03 onlyanegg joined #salt
04:03 whytewolf although with gce you might be stuck with salt-cloud
04:04 puzzlingWeirdo joined #salt
04:05 whytewolf best case might be a little bit of a and a little bit of b. states that fire off salt-cloud [unforchantly those are limited to running maps and starting instances]
04:07 whytewolf https://docs.saltstack.com/en/latest/ref/states/all/salt.states.cloud.html#module-salt.states.cloud
04:08 whytewolf apperently i am wrong about maps, thought it had that abaility
04:10 DanyC joined #salt
04:11 shoemonkey joined #salt
04:20 DanyC joined #salt
04:28 WesleyTech_ joined #salt
04:30 scsinutz joined #salt
04:31 sriman_ joined #salt
04:32 sriman_ Hi , service.restart is not working
04:33 sriman_ and here is the error, can anyone help me.... http://paste.openstack.org/show/600164/
04:33 hemebond Are you trying to use it in a state>
04:34 sriman_ hemebond: yes
04:34 hemebond Well that is not a state module+function.
04:34 hemebond It's an execution module+function
04:34 dxiri joined #salt
04:35 whytewolf https://docs.saltstack.com/en/latest/ref/states/all/salt.states.service.html#salt.states.service.running
04:35 sriman_ hemebond: then, how to use it in a state , for restrting service
04:35 sriman_ salt '*' service.restart <service name> , it is working
04:35 hemebond There are other ways of restarting a service in a state.
04:36 hemebond https://docs.saltstack.com/en/latest/ref/states/all/salt.states.service.html#starting-or-restarting-of-services-and-daemons
04:39 sriman_ hemebond: tried that... but it is not restating the srvice,
04:39 sriman_ displaying as service is already running
04:39 hemebond Then you're doing something wrong.
04:39 hemebond You will need to paste your states somewhere so they can be checked.
04:45 sriman_ hemebond: http://paste.openstack.org/show/600166/
04:45 sriman_ can u please go through this
04:45 hemebond That state is wrong.
04:45 hemebond service.running is not a state module function
04:45 hemebond er
04:45 hemebond Sorry, wait.
04:46 hemebond I saw that restart below and got confused.
04:46 hemebond Where is the `watch` in your state?
04:55 sriman_ hemebond: http://paste.openstack.org/show/600168/
04:56 hemebond Okay, so you need a state that installs apache2; otherwise you can't watch it.
05:01 sriman_ http://paste.openstack.org/show/600171/
05:01 hemebond Yip. Looks pretty good.
05:01 sriman_ hemebond: why this watch is required, i dont know. my goal is to restart the service which is already installed and running
05:02 hemebond sriman_: For what reason?
05:02 hemebond What is it that triggers the restart?
05:02 whytewolf sriman_: the watch is a trigger. if thing that is watch changes it triggers the service to restart
05:03 sriman_ for something, the conf file changes, then? will it automatically restarted?
05:03 whytewolf if you have a state that is controlling the config file. and service is set to watch the file.managed
05:05 DanyC joined #salt
05:06 onlyanegg joined #salt
05:11 tehsu joined #salt
05:14 sriman_ hemebond: for a reason, i changed the apache2.conf file and what to restart/reload the service to effect these chnages,
05:14 sriman_ then ??
05:15 whytewolf sriman_: if you are changing the file manually. don't use states
05:16 sriman_ whytewolf: changed through states
05:16 st8less_ joined #salt
05:16 whytewolf then you have a watch on your service.running watching the state
05:17 hemebond sriman_: https://docs.saltstack.com/en/latest/topics/tutorials/states_pt2.html
05:17 hemebond Actually, while that has an example it doesn't explain it.
05:18 hemebond https://docs.saltstack.com/en/latest/ref/states/requisites.html#watch
05:18 rdas joined #salt
05:18 hemebond Example at the bottom of that section.
05:24 rdas_ joined #salt
05:27 Xenophon1 joined #salt
05:33 sriman_ okay, how to check the syntax of the state?
05:34 sriman_ only syntax check of a perticular state, without running that state
05:35 whytewolf https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.state.html#salt.modules.state.show_sls
05:39 bocaneri joined #salt
05:55 jagguli joined #salt
05:59 nafg Do I understand correctly that salt-api provides a means for adding custom webhooks?
06:00 whytewolf yes
06:01 tercenya_ joined #salt
06:02 nafg Where is that documented?
06:03 whytewolf https://docs.saltstack.com/en/latest/ref/netapi/all/index.html kind of all through out here
06:05 whytewolf i do believe you said you had saltpad. which uses the salt-api
06:06 onlyanegg joined #salt
06:10 sriman_ <hemebond>
06:12 ninjada_ joined #salt
06:12 onlyanegg joined #salt
06:12 lakshman joined #salt
06:13 rdas__ joined #salt
06:13 lakshman sriman:
06:14 honestly lakshman
06:17 lakshman <sriman>:Hi
06:20 lakshman sriman_:
06:21 sriman_ lakshman_: Hi
06:21 sriman_ lakshman: any doubt?
06:22 shoemonkey joined #salt
06:24 lakshman left #salt
06:25 ninjada joined #salt
06:28 mpanetta joined #salt
06:33 sriman_ hi, how to connect to windows minions from linux master?
06:33 hemebond sriman_: Minions connect to the master, not the other way around.
06:33 sriman_ is  there any software like winRM, or else any other?
06:34 sriman_ hemebond:linux to windows
06:34 hemebond What?
06:35 sriman_ same process we need to follow to establish connection b/w linux master to windows minion?
06:35 sriman_ ssh-copy-id?? willnot work no.
06:36 hemebond Minions do not connect to the master.
06:36 hemebond er
06:36 hemebond The master does not connect to the minions ☺
06:36 candyman88 joined #salt
06:36 hemebond Install salt-minion on the Windows machine and point it to your master.
06:37 sriman_ hemebond: https://docs.saltstack.com/en/latest/topics/installation/windows.html#installation-from-the-official-saltstack-repository
06:37 sriman_ alright.
06:39 nafg Any reason to choose tornado vs. cherrypy?
06:39 nafg And what is saltnado?
06:40 rdas joined #salt
06:44 jagguli Hi all I have a wierd issue with pillar stack .. one of my minion dont seem to be getting the pillar updated
06:44 jagguli did saltutil.refresh_pillar
06:44 jagguli still the saem
06:45 jagguli pillars are stored in master i understand, is ther any way to debug this
06:47 jagguli wierd thing is pilla.items gets the right data .. pillar.get does not
06:47 jagguli this is the schedule pillar
06:53 samodid joined #salt
06:59 jagguli **** found it **** _schedule.conf on the minion, not sure how/why that gets written
07:02 jas02 joined #salt
07:04 Inveracity joined #salt
07:04 jas02 joined #salt
07:06 jas02 joined #salt
07:13 evle joined #salt
07:16 jas02 joined #salt
07:19 jhauser joined #salt
07:24 bbradley joined #salt
07:24 evidence joined #salt
07:29 scristian joined #salt
07:37 Rumbles joined #salt
07:38 gmoro joined #salt
07:41 jas02 joined #salt
07:44 losh joined #salt
07:49 ThomasJ joined #salt
07:58 fracklen joined #salt
08:03 madboxs_ joined #salt
08:05 jas02 joined #salt
08:10 hemebond jagguli: That gets written when the pillars are updated.
08:14 zulutango joined #salt
08:16 netcho joined #salt
08:23 shoemonkey joined #salt
08:25 jas02 joined #salt
08:26 jagguli nope
08:26 hemebond Oh, okay.
08:26 jagguli its not the pillars
08:27 jagguli wait maybe .. because i disabled persist
08:27 jagguli tht might be it
08:27 jagguli cuz when i turned off persist it did not remove the entries
08:27 hemebond I don't know what persist is.
08:27 jagguli is that a bug ?
08:28 hemebond No idea. Is that a scheduler thing?
08:28 jagguli there is a persist option
08:28 jagguli yes
08:28 hemebond Ah. I've never used it.
08:34 samodid joined #salt
08:37 zer0def joined #salt
08:40 teclator joined #salt
08:44 losh joined #salt
08:47 mikecmpbll joined #salt
08:48 pratik joined #salt
09:05 madboxs joined #salt
09:06 Rumbles joined #salt
09:13 jas02 joined #salt
09:13 s_kunk joined #salt
09:15 madboxs joined #salt
09:15 jas02 joined #salt
09:15 Morrolan joined #salt
09:22 MasterNayru joined #salt
09:29 achedeuzot joined #salt
09:30 jagguli left #salt
09:30 jagguli joined #salt
09:38 mrueg joined #salt
09:42 jhauser joined #salt
09:42 ivanjaros joined #salt
09:44 netcho joined #salt
09:47 MasterNayru I've got an issue using Salt with "file_client: local" set in minion config and then trying to source files with the s3:// protocol. I've found an issue with what looks to be the same error and can see visually a potential fix for the issue. Is it best for me to put a PR in with what I think should be the fix? Just wary of having a fix put in without having some sort of tests run to ensure it breaks something else
09:49 candyman88 joined #salt
09:58 blueyed joined #salt
10:01 Zaunei joined #salt
10:01 jhauser joined #salt
10:01 MasterNayru https://github.com/saltstack/salt/issues/38836 is the issue I'm referring to
10:01 saltstackbot [#38836][OPEN] file.managed with S3 Source errors out with obscure message | Description of Issue/Question...
10:02 cro joined #salt
10:03 babilen joined #salt
10:04 disaster123 joined #salt
10:05 disaster123 is there a way to get the current pillar root dir inside a pillar sls file?
10:05 DanyC joined #salt
10:06 AndreasLutro MasterNayru: the salt team is very open to PRs (maybe a bit too open!) so I'd say go for it
10:06 felskrone joined #salt
10:08 MasterNayru I'll put one in and see what happens
10:11 valkyr2e joined #salt
10:20 disaster123 is there a way to get the current pillar root dir inside a pillar sls file?
10:22 netcho joined #salt
10:24 shoemonkey joined #salt
10:27 N-Mi joined #salt
10:27 N-Mi joined #salt
10:32 N-Mi_ joined #salt
10:35 muxdaemon joined #salt
10:36 Norrland joined #salt
10:44 masuberu joined #salt
10:50 N-Mi_ joined #salt
11:10 Reverend joined #salt
11:13 XenophonF joined #salt
11:17 mage__ joined #salt
11:21 DanyC_ joined #salt
11:29 madboxs joined #salt
11:32 babilen disaster123: config.get might help
11:35 flawi_ joined #salt
11:38 dps joined #salt
11:39 abednarik joined #salt
11:41 flawii joined #salt
11:45 dps_ joined #salt
11:46 disaster123 babilen: config.get will look into it
11:46 HighRuleKastle joined #salt
11:48 HighRuleKastle joined #salt
11:50 DanyC joined #salt
11:53 netcho joined #salt
11:54 babilen disaster123: This should allow you to retrieve "pillar_roots" which is a list of paths that, in their entirety, comprise the  .. well .. pillar roots :)
11:57 cryptolukas joined #salt
12:07 fracklen joined #salt
12:18 brousch__ joined #salt
12:23 michelsen joined #salt
12:25 shoemonkey joined #salt
12:26 manji anyone has any ideas how can I load a function in a custom module
12:26 manji in another custom module?
12:27 AndreasLutro __salt__['myothermodule.func']
12:28 manji I tried that, my problem is that although it executes it
12:28 manji it returns None
12:29 manji I want something like
12:29 manji from mymodule import lala
12:29 AndreasLutro then your function probably doesn't return anything?
12:29 manji no it does, I have monkey patched a salt module :
12:29 manji :p
12:30 AndreasLutro mkay, have you ran sync_modules?
12:31 manji yep
12:31 DanyC_ joined #salt
12:31 manji https://gist.github.com/manjiki/95c2315775b8ad1058717f3d580a1b78
12:31 manji I returned None
12:31 manji but in the minion log I saw it executed it
12:31 manji unless I have done something else wrong
12:32 AndreasLutro how do you know it returns None?
12:32 manji I run the whole custom module
12:32 AndreasLutro for all I know that if statement isn't ran, or ret['changes'] gets overwritten later on
12:32 AndreasLutro maybe just try running salt-call artifactory.get_latest_snapshot ...
12:32 manji it has run
12:33 manji hmm
12:33 AndreasLutro that way I don't have to debug your custom state or whatever *and* your custom module
12:33 manji it is a custom module not a custom state
12:33 manji I use ret like in states, indeed
12:33 AndreasLutro well whatever, I don't want to have to help you debug 2 modules at once
12:33 AndreasLutro isolate the problem
12:33 manji the monkey patched module works well for sure, as I have used it in states
12:34 manji I am afraid that if I do
12:34 manji from salt.modules import artifactory
12:34 manji it will import the default one
12:34 manji (which does not work btw)
12:34 AndreasLutro that won't work at all
12:34 AndreasLutro salt.modules can't be directly imported
12:35 AndreasLutro from the code you've shown you're doing it correctly
12:37 manji hmm
12:38 disaster123 babilen: but i need than the current pillarenv value
12:42 madboxs joined #salt
12:44 manji AndreasLutro, it appears that I can import modules straight up
12:44 manji wait
12:45 AndreasLutro you're going to run into issues like __salt__ or __opts__ being undefined, guaranteed
12:47 manji lol yes indeed
12:47 manji damn
12:47 manji ti shouldn't be that hard
12:48 AndreasLutro it isn't. you just do __salt__['mymodule.myfunc']
12:48 manji btw, I had forgoten `return ret` in the end
12:48 manji thus I got None
12:48 AndreasLutro 13:29 <AndreasLutro> then your function probably doesn't return anything?
12:48 AndreasLutro 13:29 <manji> no it does, I have monkey patched a salt module :
12:48 AndreasLutro liar
12:48 manji hahhaa
12:48 DanyC joined #salt
12:48 AndreasLutro never dismiss the obvious answer
12:48 manji AndreasLutro, I thought you meant the patched module function
12:49 AndreasLutro it's always that, or dns
12:52 shoemonkey joined #salt
13:12 numkem joined #salt
13:13 aldevar joined #salt
13:14 jas02 Hello, what are the functional limitations of salt-ssh compared to salt (master) or local salt-call? What I am not able to do/what is missing?
13:16 sikander joined #salt
13:19 shoemonkey joined #salt
13:19 sikander hi. does anyone here want to help me with a noob issue? im trying to set up iptables with this: https://github.com/mohae/salt-iptables, but i get "Rendering SLS 'base:iptables' failed: Jinja variable 'dict object' has no attribute 'ssh'" when i run state.apply test=True. so i checked out the grains and it looks like there is no grains.ssh. does anyone have way to solve this or another good way to do it? thanks
13:22 Rumbles joined #salt
13:23 aldevar sikander: why don"t you use states.iptables from salt ?
13:23 aldevar https://docs.saltstack.com/en/latest/ref/states/all/salt.states.iptables.html
13:24 aldevar There is also a module if you want to run from command line : https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.iptables.html
13:24 stewgoin joined #salt
13:27 sikander aldevar: i'm not too comfortable with iptables, so i was thinking that i could get a basic setup with that repo that i could build upon. but if that's the best way to do it, i guess i should go learn iptables once and for all
13:29 aldevar Iptables seems difficult to learn, but once you understand how it works it's pretty straight forward
13:29 XenophonF sikander: which Linux distribution are you using?
13:29 sikander ubuntu
13:30 XenophonF https://github.com/saltstack-formulas/ufw-formula is your friend
13:30 XenophonF there's also firewalld-formula for rhel/centos
13:30 sikander hmm. i get 404
13:31 XenophonF huh it isn't in the saltstack-formulas org any more
13:31 XenophonF https://github.com/mariodpros/ufw-formula
13:31 XenophonF or maybe it never was
13:32 XenophonF sorry
13:32 XenophonF anyway, use that
13:32 XenophonF it rocks
13:33 sikander okay. thank you. that should make it a lot easier for me, as i understand ufw better! ^^
13:35 XenophonF plus it plays nicely with the defaults
13:37 sikander yeah. and that saltstack-formulas list was great! i didnt know that existed. looking through it now to add formulas for other apps im using! :D
13:40 aldevar I'm trying to execute a state with customized pillar on the command line.
13:40 aldevar I can do pillar='{"Foo": "bar"}', but if I do pillar='{"Foo1": "bar1", "Foo2" : "bar2"}' that doesn't work
13:40 aldevar How can I provide multiple variable in the command line?
13:41 aldevar must I use a python list {"Foo": ["bar1", "bar2"]} then parse the list in the state ?
13:44 madboxs joined #salt
13:46 XenophonF sikander: i don't always use saltstack-formulas. sometimes, i write my own: https://github.com/irtnog/
13:47 XenophonF there are others out there, too
13:47 XenophonF aldevar: the first form you gave should work
13:47 sriman_ Hi , how to remove the minion node keys from the accepted key
13:48 sriman_ i have a dead minion and the key is in accepted keys
13:48 XenophonF sriman_: salt-key
13:48 XenophonF man salt-key
13:48 sriman_ and i want to delete it.
13:48 sikander xenophonf: yeah. and i should write more of them myself. but for now it's great to have a place to find good formulas i can work off
13:48 ekkelett $ salt-key --delete my-name-wahey
13:49 sriman_ ekkelett: thanks
13:50 XenophonF ekkelett: teach a man to fish...
13:51 XenophonF aldevar: odd the docs only show a single top-level key-value pair in all of the examples - https://docs.saltstack.com/en/latest/topics/tutorials/pillar.html#setting-pillar-data-on-the-command-line
13:51 shoemonkey joined #salt
13:51 ekkelett XenophonF: give a man a fire, and he'll be warm for a day. Set the man on fire, and he'll be warm for the rest of his life.
13:51 XenophonF :-D
13:52 ekkelett Maybe that's a motivation to recommend $ salt-key -D instead then, ehehe.
13:52 XenophonF aldevar: i tried running `salt-call pillar.get Foo2 pillar='{"Foo1": "bar1", "Foo2": "bar2"}'`
13:52 XenophonF that returned the following error `The following keyword arguments are not valid: pillar={'Foo1': 'bar1', 'Foo2': 'bar2'}`
13:53 XenophonF i'm going to rtfs - just a sec
13:53 aldevar Xenophon, actually, here is what i'm trying to do : http://pastebin.com/tr2H1rNn
13:53 ravenx joined #salt
13:53 ravenx hey guys, regarding this:
13:53 ravenx https://docs.saltstack.com/en/latest/ref/states/all/salt.states.pkg.html
13:54 ravenx i've read that it works across yum, apt, 'n stuff
13:54 ravenx but i'm really curious about how it manages package names
13:54 XenophonF ravenx: that's correct
13:54 XenophonF it doesn't?
13:54 ravenx suppose that apache2 is known simply as "apache2" in apt
13:54 XenophonF it just passes them verbatim to the underlying package manager
13:54 ravenx but the same package is named "apache2-http-server" in yum
13:54 ravenx cuz i know that there are naming differences between package managers.
13:55 XenophonF hence the defaults.yaml/map.jinja pattern used in many, many formulas
13:55 ravenx what is the defaults.yaml/map.jinja?
13:55 XenophonF see for example https://github.com/irtnog/apache-formula
13:55 XenophonF specifically, https://github.com/irtnog/apache-formula/blob/master/apache/map.jinja
13:56 ravenx wait so things like this isn't baked into salt-stack
13:56 XenophonF i wrote it to support Apache httpd 2.2 and 2.4 on Debian, FreeBSD, and RedHat-family operating systems
13:56 XenophonF ever hear the joke about sufficiently smart compilers?
13:56 ravenx it is something a user made, because he/she manages a heterogenous cluster
13:56 ravenx nope, i haven't.
13:56 XenophonF well you're asking for sufficiently smart configuration management systems
13:58 XenophonF i guess until config management systems become sentient, you're going to have to account for variations among your servers by yourself ;)
13:58 XenophonF aldevar: the error message gets generated by salt/utils/__init__.py
13:59 ravenx XenophonF: fair enough.  all is clear now! :)
14:01 XenophonF aldevar: actually, i'm getting that error no matter what i use for pillar=
14:01 abednarik joined #salt
14:01 aldevar XenophonF: thie command runs well for me : salt server1 state.apply prod.ftp24 pillar='{"client": "clientnname"}'
14:02 oaken_chris joined #salt
14:02 ravenx btw is there a point in using salt for one server lol
14:02 XenophonF can you post the both the sls you're trying to run as well as the pillar data you're trying to use?
14:03 XenophonF like on gist.github.com or something?
14:03 aldevar Ok
14:03 XenophonF i was just playing around trying to use pillar= with pillar.get, but pillar isn't a valid kwarg for pillar.get, hence my error
14:04 aldevar You have to use pillar['Foo']
14:05 aldevar https://gist.github.com/aldevar/f1109833411ef9783ec27f59b06c4286
14:06 AndreasLutro does anyone know of a way to run returners or a similar feature on SLS rendering errors?
14:07 aldevar XenophonF: I updated the gist with del.sls
14:22 jas02 joined #salt
14:23 rdas joined #salt
14:26 dxiri joined #salt
14:27 shoemonkey joined #salt
14:36 racooper joined #salt
14:46 tiwula joined #salt
14:48 madboxs joined #salt
14:50 alem0lars joined #salt
14:50 alem0lars is it possible to access the minion's environment (e.g. 'base' or 'dev') inside a SLS template?
14:51 alem0lars I've tried  {{ config.get('environment') }} but I get a error saying that 'config' is undefined
14:52 Rumbles joined #salt
14:53 nickabbey joined #salt
14:55 fracklen joined #salt
14:56 cryptolukas joined #salt
14:59 abednarik joined #salt
15:00 aldevar left #salt
15:03 g3cko joined #salt
15:14 ravi_ left #salt
15:20 debian112 joined #salt
15:22 Tanta joined #salt
15:24 WesleyTech_ joined #salt
15:26 pmcg joined #salt
15:32 Rumbles joined #salt
15:36 debian112 joined #salt
15:44 bd joined #salt
15:44 xet7 joined #salt
15:48 tapoxi joined #salt
15:49 madboxs joined #salt
15:51 Flying_Panda joined #salt
15:51 Drunken_Panda joined #salt
15:53 Drunken_Panda so stupid question of the day whats the best way of managing /etc/default/grub I need to ensure  transparent_hugepage=never exists at the end of GRUB_CMDLINE_LINUX_DEFAULT but i dont want to touch the rest of the file
15:53 Drunken_Panda I can sed it but id rather do the salt way
15:53 llua you could use augeas
15:54 Drunken_Panda wow never knew about that one
15:54 Drunken_Panda Cheers <3
15:57 cwright joined #salt
15:58 debian112 joined #salt
15:58 onlyanegg joined #salt
16:02 eykd joined #salt
16:03 debian1121 joined #salt
16:08 jas02 joined #salt
16:09 mpanetta joined #salt
16:11 fracklen joined #salt
16:15 nickabbey joined #salt
16:20 nafg joined #salt
16:21 Hybrid joined #salt
16:27 debian112 joined #salt
16:29 djgerm joined #salt
16:33 sarcasticadmin joined #salt
16:38 shoemonkey joined #salt
16:48 Deliant joined #salt
16:49 cyborg-one joined #salt
16:56 daxroc Evening all
16:56 daxroc With salt reactor
16:56 daxroc Is there a default event that can be subscribed to?
16:59 debian112 joined #salt
17:02 abednarik joined #salt
17:02 jas02 joined #salt
17:02 Flusher joined #salt
17:08 samodid joined #salt
17:15 ivanjaros joined #salt
17:18 juntalis joined #salt
17:19 nickabbey joined #salt
17:23 dxiri joined #salt
17:23 wendall911 joined #salt
17:24 scsinutz joined #salt
17:26 tkojames joined #salt
17:28 DEger joined #salt
17:28 Aleks3Y joined #salt
17:28 DanyC joined #salt
17:30 dxiri joined #salt
17:33 Lionel_Debroux_ joined #salt
17:35 nickabbey joined #salt
17:43 djinni` joined #salt
17:44 scsinutz joined #salt
17:45 tkojames For grains.get command can you pass mutiple grains at once? I was hoping to run something like grains.get numcpu , memtotal etc. So we can get basic specs on our minions. We only want some grain items not all of them. Is there another way I sould be doing it?
17:51 DanyC joined #salt
17:52 Ch3LL tkojames: you want grains.item: `salt-call --local grains.item os osfullname`
17:57 tkojames Ch3LL: Thanks! I am not sure how I missed that in the docs.
17:58 DanyC joined #salt
18:01 DammitJim joined #salt
18:01 Ch3LL no problem :)
18:06 DanyC joined #salt
18:11 icebal_ joined #salt
18:14 _JZ_ joined #salt
18:23 nZac joined #salt
18:25 Heartsbane joined #salt
18:25 Heartsbane joined #salt
18:26 Edgan joined #salt
18:27 jhauser joined #salt
18:31 nahkiss joined #salt
18:31 gableroux joined #salt
18:37 gmoro joined #salt
18:38 gmoro joined #salt
18:38 ChubYann joined #salt
18:39 shoemonkey joined #salt
18:43 samodid joined #salt
18:47 prg3 joined #salt
18:47 nidr0x joined #salt
18:48 DanyC joined #salt
18:51 jas02 joined #salt
18:52 s_kunk joined #salt
18:52 spicyJalapeno joined #salt
18:52 singlegarden joined #salt
18:52 tkojames left #salt
18:53 mikecmpbll joined #salt
18:56 tkojames joined #salt
18:58 netcho joined #salt
19:01 fracklen joined #salt
19:04 tkojames left #salt
19:04 tkojames joined #salt
19:11 DanyC joined #salt
19:12 DanyC joined #salt
19:13 jas02 joined #salt
19:16 nickabbey joined #salt
19:20 nickabbey joined #salt
19:23 DammitJim joined #salt
19:29 kojiro joined #salt
19:39 candyman88 joined #salt
19:46 dyasny joined #salt
19:46 djgerm if I have a pillar key that is a list, how do I set a var to join them all with a space between them
19:49 kojiro djgerm: A key is a string. How can it be a list?
19:51 djgerm a pillar key can have multiple values
19:53 djgerm {% set var = salt['pillar.get'](pillar).join(' ') %}
19:53 djgerm ?
19:53 tom[] joined #salt
19:53 madboxs joined #salt
19:54 cyborg-one joined #salt
19:59 Neighbour djgerm: Try {% set var = salt['pillar.get'](thingy) | join(' ') %}
20:00 djgerm ok. trying.
20:01 djgerm it worked! Thanks @Neighbour
20:01 ronnix joined #salt
20:02 fhh joined #salt
20:02 Neighbour np :)
20:06 babilen djgerm: Might want to make that {% set var = salt['pillar.get'](thingy, []) | join(' ') %} so that it copes if 'thingy' isn't defined (or another, sensible, default)
20:07 Neighbour good point
20:07 djgerm is , [] just an empty default?
20:07 Neighbour the 2nd argument to pillar.get is the default in case the key doesn't exist
20:07 Neighbour in this case, an empty list
20:09 babilen Which would result in an empty string for var
20:12 spicyJalapeno are there any tools that allow a minion to tell a master to execute a script located on the master and return the output from the script to the minion? for example, if I write a pillar using the python renderer, I can have that pillar execute something local to the master and the data is returned. is there a way to do that without using a pillar since I don’t want/need this to be pillar data?
20:13 Neighbour spicyJalapeno: I think you'll have to use the reactor for something like this
20:14 jas02 joined #salt
20:14 spicyJalapeno i haven't used reactors before, is that capable of returning data?
20:15 Neighbour Sort of, you can use the minion to send a signal to the master, which you configure the reactor to start a state/orchestration/whatnot
20:16 dyasny joined #salt
20:16 Neighbour I'm not sure how to send data back to the minion this way though (except through pillar or grains)
20:17 dh__ joined #salt
20:17 Dereckson joined #salt
20:17 Dereckson Hello.
20:17 dh__ Can someone look at my pillar top.sls and let me know if I am doing something wrong? We randomly get issues where minions are not matching the expression in top.sls
20:18 dh__ such as 'env1*' pcre matches servers named env2server1
20:18 dh__ http://pastebin.com/vMQuFYau
20:18 edrocks joined #salt
20:18 Neighbour dh__: You know that * in pcre means "0 or more of whatever came before"
20:18 spicyJalapeno i have a multimaster setup with 2 minionmasters and a master of masters. i am trying to get the mom to act as a CA and generate keys for the minions, that passes that key down to the minion as a pillar. i currently have it working with the minion masters acting as a CA, but i want to move that function up to the mom.  i guess i am struggling with how to get a master of masters to generate and return pillar data to a minion maste
20:19 Neighbour in this case "environment1*" matches "environment", "environment1", "environment11", "environment111" etc
20:19 dh__ Thanks, that helps a bit
20:19 Neighbour but "environment2*" also matches "environment" (and "environment2", "environment22", etc)
20:20 dh__ I am still not sure how that would work in this expression though, shouldnt 'env*' be the same as 'env.*' then?
20:20 dh__ oh
20:20 netcho joined #salt
20:20 dh__ so it's against the '2' specifically
20:21 Neighbour the last character (or, if you're making things more complex, the last set of characters [], the last group (abc), etc)
20:21 dh__ awesome
20:22 dh__ thank you a million
20:22 Neighbour np
20:22 DammitJim joined #salt
20:22 Neighbour I think you meant to use "environment1.*", "environment2.*" etc
20:22 Neighbour with . being "any character"
20:23 dh__ this explains a lot of issues i've had
20:23 dh__ :)
20:23 dh__ very neighbourly
20:23 Neighbour :)
20:24 Dereckson I've a Salt repo used to deploy to FreeBSD and Debian, with if/else to use /usr/lib/tcl8.6/tclConfig.sh /usr/local/lib/tcl8.6/tclConfig.sh -or- /etc/nginx.conf /usr/local/etc/nginx.conf. What would be the cleanest way to do that? I imagine to write a custom module to document canonical OS information with a osinfo.dirs, so we could do salt['os.dirs']('etc') and get /etc on Linux, /usr/local/etc on FreeBSD
20:24 Dereckson perhaps?
20:25 ronnix joined #salt
20:26 Neighbour Can you use the grains to determine which OS you're in, and configure the path-to-etc in the pillar?
20:26 Neighbour (and use grains to control which pillar file with the os-matching-path(s) are loaded)
20:28 Neighbour spicyJalapeno: I have no experience with mom-setups, but are you running minions (of the MoM) on all the "minion-master"s?
20:32 toastedpenguin joined #salt
20:35 toastedpenguin left #salt
20:39 shoemonkey joined #salt
20:41 jas02 joined #salt
20:54 madboxs joined #salt
20:59 spicyJalapeno Neighbour: yes both of my minion masters are minions to the mom
21:01 jas02_ joined #salt
21:01 spicyJalapeno right now the minions get that pillar data from the minion master running easy-rsa to generate the keys and pass it down to the minions via the pillar. I am trying to move easy-rsa up to the mom and have it generate the pillar data and pass it down to the minions
21:02 spicyJalapeno but since the minions connect to the minion master instead of the mom, i feel like the pillar for the minion needs to make the mom execute easy-rsa and pass the data down
21:04 XenophonF Dereckson: I use the defaults.yaml/map.jinja pattern to handle those kinds of per-OS customizations within a state formula
21:05 Dereckson Thanks Neighbour for the pillar simple idea, yes, that works and that's clean (a pillar dirs.sls with if clauses by OS, so we can see the list at one place)
21:06 jas02 joined #salt
21:07 XenophonF I mean, you could write a custom grain or something that encoded all of those variations, but just about every formula i've ever seen makes use of map.jinja or the combo of defaults.yaml/map.jinja
21:09 XenophonF IMO a custom grain or execution module would violate POLA
21:10 XenophonF here's a concrete example of the pattern that I use: https://github.com/irtnog/openssh-formula/tree/master/sshd
21:10 XenophonF (note that's my openssh-formula, different than the one found in the saltstack-formulas org)
21:10 dxiri hello everyone, trying to use salt virt to spin up some vms and have a question, how can I set the IP address at provisioning time?
21:12 * Dereckson nods
21:12 XenophonF the path to the config directory is in defaults.yaml, so if you're installing openssh from ports on your FreeBSD system, you can set sshd:config_directory in pillar for that minion
21:12 XenophonF override it to /usr/local/etc/ssh
21:12 jas02_ joined #salt
21:13 XenophonF there are a bunch of per-OS settings in map.jinja that override the corresponding places in defaults.yaml
21:15 XenophonF the code in map.jinja loads the YAML data structure from defaults.yaml and merges the per-OS settings in, then exports that via the sshd_settings variable
21:15 XenophonF pretty much every formula written since about the beginning of last year follows that pattern
21:16 XenophonF older formulas do the Pillar lookups and defaults and combining in the .sls files or the jinja templates, and with it spread out all over the place, it makes figuring that stuff out very challenging
21:17 XenophonF for example, https://github.com/saltstack-formulas/mysql-formula/blob/master/mysql/server.sls
21:17 jas02 joined #salt
21:18 XenophonF (not to pick on mysql-formula - I use it all the time and love it, but it follows an older style)
21:18 fracklen joined #salt
21:21 DammitJim XenophonF, what is the new style?
21:21 DammitJim I don't know why this has been mysql salt week for me
21:21 DammitJim LOL
21:23 MConceicao joined #salt
21:28 nZac joined #salt
21:31 ninjada joined #salt
21:35 fracklen joined #salt
21:36 daxroc How do folks manage salt installation in production - do you use virtual-env to contain salt + dependencies. Any best practices published to the wild ?
21:37 Sketch we use the rpm packages from salt's repo
21:38 sarcasticadmin I use a virtualenv with salt installed that inclues all necessary pip pkgs then a deb pkg to deploy it
21:40 MTecknology daxroc: I use pkg.installed w/ debian repos
21:42 jas02 joined #salt
21:42 daxroc I'm leaning towards a virtualenv as it will allow us to isolate salt (python + dependencies) from the system python.
21:42 daxroc both master and minion
21:43 cmarzullo I use the debian packages from salt's offical repos
21:43 sarcasticadmin @daxroc thats exactly why i do it as well
21:44 daxroc Could make RPMs but thats stepping into double package management I guess
21:45 daxroc sarcasticadmin: are the pip states flexible enough for you in this setup?
21:46 Sketch daxroc: what's wrong with using the system python for salt?
21:46 gableroux joined #salt
21:47 daxroc Nothing - Have a few use cases where other tooling can cause conflicts with package versions etc.
21:50 ahammond when I do salt-call pillar.get foo:bar:baz, I get a result that looks like local: <what I actually want>. How do I get only the data without the "local:" prefix?
21:50 daxroc Upgrading a tool a,b,c shouldn't break my master or minion. When you use the System python this maybe out of your control. Mixing and matching pip + rpm python-<pkg> installations is a horrible experience. While I understand this other engineers don't so moving to a virtualenv seems like a sane way to manage, isolate and version the complete tool-chain
21:50 daxroc dependency.
21:51 ahammond Sketch so long as system python is never used by anything else (except as a base for venvs)
21:51 XenophonF DammitJim: the new style isn't really new
21:51 XenophonF it's the defaults.yaml/map.jinja pattern used in a lot of formulas
21:52 DammitJim oh LOL
21:52 XenophonF it's "new" compared to how lots of formulas written before about mid-2015 were done ;)
21:52 ahammond daxroc I went through the fun of getting salt-minion into a venv. Works, but is incredibly awkward to bootstrap.
21:54 DammitJim man, time flies!
21:54 XenophonF daxroc: i only use packages from the O/S default repositories (e.g., FreeBSD Ports) or, when those aren't available, from repo.saltstack.com.
21:54 keltim joined #salt
21:55 XenophonF in several cases the system repos use packages that are unacceptably outdated (Red Hat, Debian, Ubuntu - I'm looking at you)
21:55 XenophonF in those cases I also use repo.saltstack.com and only use the system repos for manual bootstrapping
21:55 madboxs joined #salt
21:55 daxroc ahammond: hym I guess it would be. Maybe OS salt-minion for bootstrap and apply salt-minion-venv state to switch
21:56 ahammond daxroc this is one of the things which has moved us away from salt.
21:56 Sketch redhat/centos tools rely pretty heavily on python, i wouldn't go upgrading the system python on an EL box
21:56 Sketch (including yum)
21:56 ahammond Sketch yup. You'll break the hell out of yum if you touch python much. DNF is much better, but...
21:56 daxroc ahammond: moved to ?
21:57 Sketch so i think it's pretty safe to use.  it's what the saltstack repos are built against anyway.
21:57 XenophonF newer versions of python (and other packages found in base) are available via SCL
21:57 ahammond daxroc hmm, docker + k8s is a big part of the answer
21:58 XenophonF but yeah - salt-minion is built against the base python
21:58 Sketch venv's are nice for deploying applications, but i think of salt-minions as more of a system service
21:58 ahammond daxroc for less modern stuff, packer images (we use ansible as our primary provisioner for these images) and consul + confd
21:59 ahammond daxroc k8s is clearly a large part of our future though.
21:59 ahammond daxroc replacing salt pillars with vault has been a huge win, too.
22:01 daxroc Can echo pillars - more so the no dynamic render-once a real limitation with salt - salt-jinja been a big pain point for me. I do have some content in vault but more as secret as a service.
22:04 jas02 joined #salt
22:05 sarcasticadmin daxroc: our virtualenv thats built for salt and pip dependencies is essentially locked and the virtualenv can only updated by building another deb pkg with a new virtualenv
22:05 ahammond daxroc jinja is not intended to be used for anything beyond the most basic stuff. If you want more than that, write a module. It's absurdly easy to do and probably the best feature of salt.
22:06 daxroc ahammond: figured that a while back :D
22:06 scsinutz joined #salt
22:06 ahammond daxroc but none of that really solves the problem that a centralized secrets management system is just a design that's showing it's age. :)
22:07 scsinutz joined #salt
22:09 daxroc ahammond: in the vault for secrets only ? even getting there is a goal .. we all can't play with shiny stuff :D
22:12 ninjada joined #salt
22:13 wonko21 joined #salt
22:14 nafg Is there a way to keep OS security packages up to date, but not upgrade something like docker since it will restart everything that's running
22:16 hemebond Probably not a Salt-specific method.
22:16 oaken_chris joined #salt
22:17 scsinutz joined #salt
22:18 ahammond So... anyone with an idea for toolifying salt-call pillar.get? I want to get just the actual data stored in the pillar. :(
22:18 hemebond ?
22:23 ahammond salt-call --out=json --skip-grains pillar.get rsync:lookup:ssh_keys:hss_fetcher:private_key | python -c 'import sys,json; print json.load(sys.stdin)["local"]'
22:23 ahammond because apparently nobody has ever wanted just the output of the salt command, without formatting...
22:24 bezaban joined #salt
22:25 scsinutz1 joined #salt
22:25 hemebond Uh.
22:25 scsinutz joined #salt
22:25 hemebond Why not use JSON output and pipe it to jq?
22:25 hemebond I don't really understand what you want.
22:27 wonko21 joined #salt
22:32 Rumbles joined #salt
22:33 scsinutz1 joined #salt
22:40 shoemonkey joined #salt
22:41 scsinutz joined #salt
22:41 uncool joined #salt
22:41 scsinutz1 joined #salt
22:47 tapoxi there a way to make state.apply less verbose?
22:47 tapoxi I just want to see changes
22:48 hemebond tapoxi: In the master config
22:48 sarcasticadmin joined #salt
22:48 tapoxi ooh. know what the name is?
22:48 hemebond Looking it up.
22:49 hemebond https://docs.saltstack.com/en/latest/ref/configuration/master.html#state-output
22:56 madboxs joined #salt
23:05 SaucyElf joined #salt
23:11 masber joined #salt
23:20 scsinutz joined #salt
23:39 seanz joined #salt
23:39 carlwu66 joined #salt
23:40 carlwu66 salt-minion lost  connection to saltmaster frequently
23:40 carlwu66 salt-minion --versions-report Salt Version:            Salt: 2016.11.2   Dependency Versions:            cffi: Not Installed        cherrypy: Not Installed        dateutil: 2.4.2           gitdb: Not Installed       gitpython: Not Installed           ioflo: Not Installed          Jinja2: 2.8         libgit2: Not Installed         libnacl: Not Installed        M2Crypto: Not Installed            Mako: 1.0.3    msgpack-pure: Not Instal
23:41 carlwu66 There are firewall between minion and master
23:42 carlwu66 I tried the following : set the ping_interval to master to 1 minite, this does not work
23:42 carlwu66 set the keep alive to true, this does not either
23:42 gableroux joined #salt
23:43 carlwu66 anyway, try restart minion always work.
23:44 djgerm joined #salt
23:45 scsinutz joined #salt
23:46 ronnix joined #salt
23:49 s_kunk joined #salt
23:55 cacasmacas joined #salt
23:57 madboxs joined #salt
23:58 nafg partially asking, partially thinking out loud...
23:58 nafg So I want to keep all my salt config in git
23:58 nafg that includes the exact state of the salt master, as well as each minion
23:59 nafg I need to figure out how to organize that into git repos (how many to split it across etc.)
23:59 nafg Also I'm not sure where it will be mounted
23:59 toastedpenguin joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary