Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2017-03-24

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:02 swills_ joined #salt
00:03 ninjada joined #salt
00:04 ninjada joined #salt
00:07 testerbeta joined #salt
00:11 vegasq joined #salt
00:16 patrek joined #salt
00:16 vegasq_ joined #salt
00:23 justanotheruser joined #salt
00:30 om2_ joined #salt
00:32 om3 joined #salt
00:39 jas02 joined #salt
00:41 andi- joined #salt
00:42 raspado joined #salt
00:53 cachedout joined #salt
00:54 scsinutz joined #salt
01:03 ahrs joined #salt
01:08 rem5 joined #salt
01:08 scsinutz joined #salt
01:09 catpig joined #salt
01:14 mavhq joined #salt
01:17 genq joined #salt
01:33 cro joined #salt
01:40 Nahual joined #salt
01:40 Nahual joined #salt
01:42 netcho joined #salt
01:49 catpig joined #salt
01:57 Praematura joined #salt
02:07 elektrix joined #salt
02:07 catpigger joined #salt
02:09 xet7 joined #salt
02:16 mpanetta joined #salt
02:29 catpig joined #salt
02:35 NightMonkey joined #salt
02:36 stooj joined #salt
02:46 vegasq joined #salt
02:48 ilbot3 joined #salt
02:48 Topic for #salt is now Welcome to #salt! <+> Latest Versions: 2016.3.5, 2016.11.3 <+> Support: https://www.saltstack.com/support/ <+> Logs: http://irclog.perlgeek.de/salt/ <+> Paste: https://gist.github.com/ (please don't multiline paste into channel) <+> See also: #salt-devel, #salt-offtopic <+> Ask with patience as we are volunteers and may not have immediate answers
02:49 asoc joined #salt
02:50 Zachary_DuBois joined #salt
02:51 Tanta joined #salt
02:51 Ch3LL joined #salt
02:51 stooj joined #salt
02:53 fracklen joined #salt
02:58 jas02 joined #salt
02:58 shoemonkey joined #salt
03:01 IRCFrEAK joined #salt
03:04 shoemonkey joined #salt
03:05 DEger joined #salt
03:05 stewgone joined #salt
03:07 evle joined #salt
03:08 IRCFrEAK joined #salt
03:10 nikdatrix joined #salt
03:13 justan0theruser joined #salt
03:17 ninjada_ joined #salt
03:18 IRCFrEAK joined #salt
03:19 gtmanfred joined #salt
03:19 robawt joined #salt
03:22 IRCFrEAK left #salt
03:24 raspado joined #salt
03:32 blu__ joined #salt
03:33 ninjada joined #salt
03:39 Allonphone joined #salt
03:40 IRCFrEAK joined #salt
03:41 IRCFrEAK left #salt
03:43 dxiri joined #salt
03:47 rome_390 joined #salt
03:54 bocaneri joined #salt
03:57 bocaneri joined #salt
03:58 IRCFrEAK joined #salt
03:59 Praematura joined #salt
04:00 IRCFrEAK left #salt
04:01 ninjada joined #salt
04:06 PatrolDoom joined #salt
04:06 Klaus_Dieter joined #salt
04:16 Klaus_D1eter_ joined #salt
04:20 scsinutz joined #salt
04:21 cyborg-one joined #salt
04:22 NightMonkey joined #salt
04:26 IRCFrEAK joined #salt
04:27 Praematura joined #salt
04:30 IRCFrEAK left #salt
04:30 saltstackbot joined #salt
04:32 CheckYourSix_ joined #salt
04:33 emid joined #salt
04:34 JPaul joined #salt
04:41 catpig joined #salt
04:44 preludedrew joined #salt
04:58 wendall9111 joined #salt
05:11 nikdatrix joined #salt
05:11 jas02 joined #salt
05:12 catpig joined #salt
05:14 DEger joined #salt
05:17 IRCFrEAK joined #salt
05:19 PatrolDoom joined #salt
05:19 leonkatz joined #salt
05:20 Vaelatern joined #salt
05:20 garionphx joined #salt
05:28 Klaus_Dieter joined #salt
05:38 Llmiseyhaa joined #salt
05:38 onlyanegg joined #salt
05:56 DarkKnightCZ joined #salt
05:57 DEger joined #salt
06:12 leonkatz joined #salt
06:14 DanyC joined #salt
06:21 ninjada_ joined #salt
06:25 jas02 joined #salt
06:25 dknight87 joined #salt
06:28 calvinh joined #salt
06:31 ninjada joined #salt
06:37 ahrs joined #salt
06:39 DarkKnightCZ joined #salt
06:54 JohnnyRun joined #salt
06:55 DanyC joined #salt
06:58 scsinutz joined #salt
07:03 DarkKnightCZ joined #salt
07:03 DEger joined #salt
07:05 Praematura joined #salt
07:07 stewgoin joined #salt
07:11 golodhrim|work joined #salt
07:12 nikdatrix joined #salt
07:15 fracklen joined #salt
07:18 fracklen joined #salt
07:18 onlyanegg joined #salt
07:19 Ricardo1000 joined #salt
07:26 mooreguy joined #salt
07:27 mavhq joined #salt
07:28 mooreguy left #salt
07:29 mooreguy joined #salt
07:34 dps joined #salt
07:34 mooreguy I'm having trouble pulling a git repo from github with a salt state on freebsd. When I use salt-call -l all state.apply the fatal line is normally cannot access /usr/local/etc/gitconfig, even when that file is 777 and exists
07:43 ronnix joined #salt
07:43 mikecmpbll joined #salt
07:48 Ricardo1000 Hello
07:48 Ricardo1000 Can I send some shell command to minion,
07:49 Ricardo1000 which it would execute in backgroud without blocking work other states and commands ?
07:49 fracklen joined #salt
07:49 Ricardo1000 As I can see minion execute all states Consistently, not in parallel
07:50 hemebond Ricardo1000: https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.cmdmod.html#salt.modules.cmdmod.run_bg
07:51 podstava joined #salt
07:53 Ricardo1000 hemebond:Can minion execute states in parallel ?
07:53 hemebond I think so but you have to explicitly configure the states.
07:55 Ricardo1000 hemebond: What do you mean, may you show an example ?
07:55 ReV013 joined #salt
07:56 Ricardo1000 hemebond: Also can minion work like master in multiprocess mode ?
07:56 hemebond Work like a master?
07:56 Ricardo1000 hemebond: No,
07:56 Ricardo1000 hemebond: I mean does minion support multiprocessing ?
07:57 hemebond https://docs.saltstack.com/en/develop/ref/states/parallel.html
07:57 hemebond I don't know what multiprocessing is.
07:58 aldevar joined #salt
07:58 hemebond Yes it does https://docs.saltstack.com/en/latest/ref/configuration/minion.html#thread-settings
07:58 hemebond btw, I'm just Googling all this.
07:58 hemebond It's all right there in the docs.
07:58 fracklen joined #salt
08:04 Ricardo1000 hemebond: :))
08:05 Ricardo1000 hemebond: It's always nice to communicate with a person than with google :))
08:06 toanju joined #salt
08:07 jas02 joined #salt
08:11 hemebond joined #salt
08:14 jas02 joined #salt
08:18 jas02 joined #salt
08:19 toanju joined #salt
08:23 Pulp joined #salt
08:28 it_dude joined #salt
08:29 it_dude joined #salt
08:29 JohnnyRun joined #salt
08:32 onlyanegg joined #salt
08:41 o1e9 joined #salt
08:42 candyman88 joined #salt
08:42 netcho joined #salt
08:43 fracklen joined #salt
08:49 nikdatrix joined #salt
08:51 muxdaemon joined #salt
08:54 sgo_ joined #salt
08:54 atmoz joined #salt
09:12 mikecmpbll joined #salt
09:24 cowyn joined #salt
09:28 s_kunk joined #salt
09:28 s_kunk joined #salt
09:43 LondonAppDev joined #salt
09:45 amcorreia joined #salt
09:51 s_kunk joined #salt
09:52 ronnix joined #salt
09:58 Hybrid joined #salt
09:59 snow24 joined #salt
10:01 Ricardo1000 Is there simple way to do syntax check in sls file ?
10:01 Ricardo1000 on the master
10:13 netcho joined #salt
10:18 it_dude joined #salt
10:23 JohnnRun joined #salt
10:25 rburkholder joined #salt
10:33 nikdatrix joined #salt
10:33 onlyanegg joined #salt
10:36 dknight87 joined #salt
10:38 gmoro joined #salt
11:05 Dr_Jazz Any of you guys use salt masters on aws and keeping keys and run time data on AWS EFS in order to run salt in a halfway decent HA setup?
11:09 snowtree1 joined #salt
11:11 Ricardo1000 joined #salt
11:14 ivanjaros joined #salt
11:19 Reverend what the fuck kinda question is that Dr_Jazz haha
11:19 Reverend we use EFS, and sal
11:19 Reverend t
11:19 Reverend but I have no idea what you asked :P
11:20 Reverend ohhhhhhhhhhhh, you mean storing salt-keys on EFS.... and then having 2 salt servers?
11:23 raspado joined #salt
11:25 gigix joined #salt
11:27 sgo_ joined #salt
11:29 XenophonF that's a pretty interesting idea, Dr_Jazz
11:31 hemebond Can EFS be mounted on multiple servers at once?
11:32 hemebond nvm, it can.
11:34 kbaikov joined #salt
11:39 XenophonF it presents as NFS
11:40 Pyro_ joined #salt
11:41 XenophonF Ricardo1000: regarding your syntax check question, you can lint your states by using the test=True option, e.g., `salt-call state.apply test=True`
11:42 XenophonF alternatively, you can use state.single to invoke a single state function, e.g., `salt \* state.single cmd.run name='echo hello'`
11:43 inad922 joined #salt
11:51 ReV013 joined #salt
11:54 numkem joined #salt
11:57 shoemonkey joined #salt
11:58 evle1 joined #salt
11:59 ksk hola
11:59 ksk Inside an sls, what kind of stuff can I do? Full python magic?
12:00 ksk Like right now I have a list of IPs I need to put in a config, but in that list is the IP of the executing Server and that needs to be removed.
12:00 ksk In Python I could just remove the item from the list - how do I do that in a salt-formula/state?
12:09 babilen ksk: If you are using the jinja renderer you can do all the things documented in http://jinja.pocoo.org/docs/dev/templates/
12:10 babilen You can, however, pick any renderer (or combination thereof) you like: https://docs.saltstack.com/en/latest/ref/renderers/
12:14 Pyro_ I'm pretty new to Salt, and migrated from Puppet.  My question is, whats seams to be commonly used for defining custom grains?  I'm used to Hiera and/or a CMDB, but where I work now we have neither.  I'm currently defining custom grains using ec2_tags, but that doesn't scale, and doesn't allow grouping (e.g. defining name/values for a cluster of hosts).  Any suggestions?
12:21 Pyro_ The one way I'm contemplating is to set the default in the state, and set a custom ec2_tag (e.g. role=appserver), then in the pillar group and apply things.  So in the pillar do something like psudo code: "if ec2_tag:role=appserver apply override to default".  Is this the correct way?
12:22 hemebond Pyro_: Just use pillars.
12:22 hemebond Hiera == pillars
12:22 hemebond Use the pillar top.sls to apply your "roles"
12:23 Pyro_ Ahh, ok that makes sense.
12:23 ksk okay, thanks babilen. helpful as always :)
12:24 ReV013 joined #salt
12:24 Pyro_ I saw the ext_pillar of hiera, but that felt like it was for more of a puppet -> salt conversion interim solution.
12:24 hemebond Well hiera is really a separate thing and apparently some people use it standalone.
12:25 hemebond Though I'm not sure why you'd use Hiera in Salt unless you really had to.
12:26 Pyro_ Thanks @hemebond, simple answer, but gave me that last bit of glue to the problem that I was missing.
12:26 hemebond ????
12:26 ronnix joined #salt
12:26 hemebond I'm also trying to swap from Puppet to Salt.
12:29 Pyro_ Yeah, it is certainly a shift in thinking.  Puppet->Salt.   ... but the thinking seams more natural to me.  And troubleshooting issues seams to be much easier.
12:32 nembery joined #salt
12:32 nembery hello everyone, got a quick question about orchestration and fail_functions
12:33 ssplatt joined #salt
12:33 hubbe5 joined #salt
12:34 onlyanegg joined #salt
12:35 ninjada joined #salt
12:37 impi joined #salt
12:44 jas02_ joined #salt
12:53 jas02 joined #salt
12:57 sgo_ joined #salt
13:00 ksk nembery: feel free to ask your question, dont ask to ask.
13:03 nembery good point ksk, it appears that a module can get synced to a minion and available for direct calls via the salt cli, but still not available to an orchestrate run
13:03 ksk mhm, whats an orchestrate run? Guess I never used that.
13:04 nembery so calling "salt minion1 custom.test somedata' works ok
13:04 nembery but using that same function as a 'fail_function' in the orchestrate runner fails
13:05 nembery from here: https://docs.saltstack.com/en/latest/topics/orchestrate/orchestrate_runner.html#orchestrate-runner
13:05 nembery it seems intuitively that if you can call the module from the cli, it should also be available to the orchestrate runner as well.
13:05 nembery the actual result is a keyError for 'custom.test' on __salt__
13:06 sh123124213 joined #salt
13:07 nembery I actually just found the answer, but it isn't intuitive at all, the modules will get synced if they are in the default _modules directory
13:08 nembery but still aren't available in the orchestrate runner unless you explicitly define _modules as an extensions_dir
13:08 ninjada_ joined #salt
13:08 nikdatrix joined #salt
13:13 Pyro_ I found something similar.  To get custom grains, I had to use _grains.  For my sake can someone clarify "_<directories>"?  Are these used to indicate soemthing that gets pushed to minions for local runs?
13:14 toanju joined #salt
13:15 mrueg joined #salt
13:20 inad922 joined #salt
13:21 nembery for the most part, I think that's about the right way to think about it, but you can do more than that even. You can do custom modules, states, grains, pillars etc
13:25 brousch__ joined #salt
13:26 sevag joined #salt
13:28 sevag hello. i want to use either `file.managed` or `archive.extracted` on some artifacts that i download from my instance of Artifactory. however, I need to pass a custom HTTP header "X-Jfrog-Art-Api: <api-key" for authorization. I wrote a custom state module which uses urllib2 to download the artifact, but I'm wondering if there's a way to pass auth/custom headers in the existing states file.managed
13:30 atmoz joined #salt
13:36 racooper joined #salt
13:39 Pyro_ joined #salt
13:42 Brew joined #salt
13:46 netcho joined #salt
13:47 ReV013 joined #salt
13:50 jdipierro joined #salt
13:56 Pyro_ joined #salt
14:03 ReV013 joined #salt
14:07 toanju joined #salt
14:09 cachedout joined #salt
14:12 mpanetta joined #salt
14:14 vegasq joined #salt
14:14 PatrolDoom joined #salt
14:16 ny1 joined #salt
14:16 ny1 hi
14:16 pipps joined #salt
14:16 ny1 is it possible to get all grains from a target minion and add them to pillar?
14:16 sarcasticadmin joined #salt
14:17 ny1 can this be done from a sls file so that I can then access that pillar within other sls files
14:17 fracklen joined #salt
14:24 fracklen joined #salt
14:25 dxiri joined #salt
14:26 cmarzullo ny1: you looking for external pillar.
14:34 fracklen joined #salt
14:35 onlyanegg joined #salt
14:37 DarkKnightCZ joined #salt
14:43 Sarph joined #salt
14:46 dxiri joined #salt
14:51 jas02 joined #salt
14:57 sgo_ joined #salt
14:57 _JZ_ joined #salt
14:59 vegasq_ joined #salt
14:59 ReV013 joined #salt
15:01 babilen ny1: Just curious: What would you use that for?
15:03 sh123124213 joined #salt
15:04 Neighbour ny1: Yes, that is possible, use the file_tree external pillar for that
15:04 ReV013 left #salt
15:08 drawsmcgraw joined #salt
15:09 pipps joined #salt
15:10 PatrolDoom joined #salt
15:15 muxdaemon joined #salt
15:20 Praematura joined #salt
15:24 cachedou1 joined #salt
15:38 PatrolDoom joined #salt
15:40 leonkatz joined #salt
15:53 onlyanegg joined #salt
15:54 scsinutz joined #salt
15:54 bigw8 joined #salt
15:56 Tanta joined #salt
16:01 _dev joined #salt
16:04 _dev So I'm trying to learn salt, and use https://github.com/saltstack-formulas/postgres-formula to install postgresql
16:04 _dev When I try to `state.apply`, I'm getting the following: https://gist.github.com/dmizelle/3767216ebf97701973ddc237fa650742
16:04 _dev I don't really quite get why the pkgrepo is putting the title of the pkgrepo into the file, and not the repo data.
16:04 Tanta_G joined #salt
16:05 tercenya joined #salt
16:06 robawt joined #salt
16:07 michiel left #salt
16:08 tiwula joined #salt
16:14 Nahual joined #salt
16:15 whytewolf _dev it shouldn't. unless you built pkg_repo into your pillar.
16:16 whytewolf or you are on an unsupported os family
16:20 whytewolf unforchantly i don't have the mental foritude today to piece together the spaghetti that makes up most formulas
16:20 rhavenn joined #salt
16:20 _dev I'm on debian/ubuntu
16:20 _dev ill try and add it to my pillar and see what happens
16:27 atmoz joined #salt
16:27 scsinutz joined #salt
16:29 dxiri joined #salt
16:30 Praematura joined #salt
16:31 _dev yeah, so then it puts 'postgres-repodeb https://.. blah blah' in the pgdg.repo
16:31 candyman88 joined #salt
16:31 _dev almost like its prepending the resource's name to the front of it?
16:32 Pyro_ Is there a way to do a simple "system.out" with salt to print a variable to see what it is when running a state?
16:33 _dev like im kind of getting the feeling that all saltstack formulas kind of... suck?
16:34 drawsmcgraw _dev: My impression of the Saltstack Formulas is that they're very customizable and are 'free like a puppy'.
16:34 _dev yeah, but this one can't even set up an apt repo properly.
16:34 drawsmcgraw They do a lot. For better or worse, it takes a significant time investment to get them to do exactly what you want
16:34 _dev which /kind/ of seems like basic functionality.
16:34 drawsmcgraw ah
16:35 _dev and its for postgres
16:35 drawsmcgraw Well in that case I don't have much to say :/
16:35 raspado joined #salt
16:35 _dev so I'd kind of give the state of a formula a pass if it was installing something a little more crazy, like lets say a bamboo remote agent
16:35 Whissi Mh. "restart: True" is ignored in "service.running" when I also set "onchanges". Just getting "The service is already running" but no restart happens :(
16:35 _dev or something like hadoop
16:36 * whytewolf doesn't use the formulas. I build everything myself. so i have no say in the state of their suckage
16:36 jas02 joined #salt
16:36 _dev so its the same thing that the ansible community says
16:37 _dev 'dont use the drop-in helpers we tell you you should use, they are trash'
16:37 _dev so whats even the point?
16:37 _dev sorry, im a little salty (no pun intended)
16:37 _dev i think i just need more time to get used to salt.
16:38 whytewolf final a bug with the formula
16:38 whytewolf file even
16:38 impi joined #salt
16:38 raspado_ joined #salt
16:39 swills_ joined #salt
16:42 whytewolf last change was 8 days ago so they are activly developing the formula
16:46 tercenya joined #salt
16:48 jas02 joined #salt
16:50 jas02 joined #salt
16:58 sp0097 joined #salt
16:59 keltim joined #salt
17:02 aldevar left #salt
17:03 scsinutz joined #salt
17:04 tapoxi joined #salt
17:06 catpig joined #salt
17:13 juntalis joined #salt
17:15 jgarr is there another way to debug pam eauth besides watching salt-master logs? I see pam load and then Trying pysss.getgrouplist for 'user' and get a group list but then all I see is Authentication failure of type "eauth" occurred.
17:17 jgarr I still can't figure out why pam auth on my production server is broken but my test server works fine
17:30 sp0097 left #salt
17:38 rem5_ joined #salt
17:50 tkojames joined #salt
17:58 Trauma joined #salt
18:04 justan0theruser joined #salt
18:10 devster31 joined #salt
18:16 pipps joined #salt
18:17 Tanta joined #salt
18:18 Inveracity joined #salt
18:19 ivanjaros joined #salt
18:20 tercenya joined #salt
18:29 tkojames Anybody scripting out there offboarding process? We have been manage our devs ssh keys with salt. Currently we make sls file for each user and when they leave we move the dev sls file to a disabled folder and add them to purge user sls file. Was wondering if anybody does something different. It works well but we have to manually move files and appened an sls.
18:41 nikdatrix joined #salt
18:43 rem5 joined #salt
18:44 fracklen joined #salt
18:45 DanyC joined #salt
18:47 concerti hey all I've ensured my salt master is set to use the jinja rendering tool however when applying j2 files it does not appear salt is loading the variable from the configured pillar. Any tips where to start debugging this?
18:51 sp0097 joined #salt
18:52 atmoz joined #salt
18:54 sh123124213 joined #salt
18:56 The-Loeki joined #salt
19:02 rodr1c joined #salt
19:03 johnkeates joined #salt
19:07 it_dude joined #salt
19:17 Edgan concerti: pastebin the salt code/pillar to give us context
19:17 gtmanfred but don't use pastebin.com
19:17 gtmanfred use gist
19:19 Pyro_ joined #salt
19:19 atmoz I want to automate building of machine images (for aws ami etc.) and create a "immutable infrastructure". Therefore I do not need a master, and I want to use Packer to build the images. Are Saltstack still good for my use case?
19:20 atmoz or is it overkill?
19:20 jas02 joined #salt
19:24 mikecmpbll joined #salt
19:26 ssplatt joined #salt
19:26 cscf atmoz, if you are already familiar with Salt, it would work fine
19:27 concerti Edgan: ty for the assist. turns out I had to declare the variable in the jinja2 file using something like {%- set devname = pillar.get('devname') %}
19:27 concerti does that look acceptable/ best practice ?
19:30 atmoz cscf: I'm not :-/ I'm trying to consider the opitons for how to build my images in Packer. I could just use good ol' bash, but then I'm binding myself down to distro and whatnot (maybe that doesn't matter when all I want is to use containers)
19:30 toanju joined #salt
19:33 whytewolf atmoz: i have used Packer with the salt provisioner. worked pretty well. but then i am familure with salt. use the provisioner you are comfortable with
19:35 atmoz I'm reading the agentless salt tutorial to see how complex that becomes
19:36 whytewolf packaer has masterless salt provisioner built in.
19:36 whytewolf https://www.packer.io/docs/provisioners/salt-masterless.html
19:37 whytewolf all you need to do is supply it states
19:37 it_dude_ joined #salt
19:38 atmoz that sounds comportable :-)
19:38 atmoz comfortable*
19:40 cscf whytewolf, I've been thinking of making an LXC template that is essentially ubuntu 16.04 with all my states matching '*' applied.  Is Packer a good way to do that easily?
19:40 whytewolf cscf: that i don't know. I don't twiddle in the container world
19:41 whytewolf i don't see a LXC builder though
19:41 raspado_ hi All, does salt provide a way to regex/replace a line in a file?
19:41 cscf hmm.  Every time I make a new container, I have to let Salt install the Salt repo and update salt-minion, wait for it to come back, etc
19:41 cscf raspado_, https://docs.saltstack.com/en/latest/ref/states/all/salt.states.file.html#salt.states.file.replace
19:41 coval3nce joined #salt
19:42 cscf Also file.line
19:42 coval3nce Does salt.runners.git_pillar.update not work when ext_pillar is configured with “__env__”?
19:42 raspado_ nice, thanks!
19:43 coval3nce Keep getting False in the return of that runner with no additional args.
19:45 Pyro_ joined #salt
19:45 wybczu joined #salt
19:46 coval3nce Oh..interesting, “False” is also returned if no new commits were fetched in addition to if any errros were found.
19:49 pcn I have a further question about the salt slack engine
19:50 pcn I'm interested in using it as a way to invoke salt (the "command=true" config).
19:50 pcn I'm curious about the mode that drops everything onto the salt event bus, though.
19:50 pcn Does anyone have info or anecdotes about people using that feature?  And how?
19:52 whytewolf humm.. I would like an IRC engine.... but i am to lazy to write one
19:53 gtmanfred whytewolf: i already wrote one
19:53 whytewolf oh it is in devel
19:53 gtmanfred whytewolf: https://github.com/saltstack/salt/blob/develop/salt/engines/ircbot.py
19:53 gtmanfred yar
19:53 whytewolf yay!
19:54 petems joined #salt
19:54 gtmanfred it only does events right now
19:55 whytewolf ahhh. well step in the right direction
19:55 pipps joined #salt
19:55 gtmanfred it shouldn't be too difficult to add the rest, i just haven't done it yet
19:55 gtmanfred other things on the list :/
19:56 whytewolf yeah i would rather the openstack stuff come before the ircbot ;)
19:58 pcn Is it common to put slack/irc/whatever messages to the event bus?
19:58 gtmanfred all it does is let you trigger orchestration stuff through the reactor
19:59 gtmanfred so, irc/slack/api/other things, yeah, the reactor/event stream is what makes salt so useful
20:01 jas02 joined #salt
20:04 DanyC joined #salt
20:04 rem5 joined #salt
20:07 beardedeagle joined #salt
20:08 s_kunk joined #salt
20:08 pcn It is interesting, though, and seems risky.  It e.g. doesn't put any permissions in front of injecting the messages, does it?
20:09 gtmanfred i believe that both injection methods have authenticatino built in
20:09 gtmanfred i know that ircbot does
20:09 gtmanfred by default the api/webhook does, but can be turned off
20:09 gtmanfred also, if you are only triggering a highstate off of the data, then i don't know that it is a huge concern, also you can verify inputs
20:10 whytewolf the slack engine lets you say what users are valid and what commands are valid
20:10 gtmanfred pcn: with the webhook, there is a github and travis.ci signature verification https://github.com/gtmanfred/blog-sls/blob/master/salt/reactor/blog.gtmanfred.com.sls#L1
20:10 gtmanfred that is an example of using the github one
20:11 pcn whytewolf: yeah, but the groups functionality makes that flat
20:11 pcn But that's something else, I just wanted to mention it.
20:12 pcn So you're filtering the messages that are on the event bus in your reactore; sure, but any user can put a message on the bus and it has to be filtered on the receiving side in that case, right?
20:13 aldevar joined #salt
20:13 aldevar left #salt
20:13 gtmanfred in the case i linked, they have to know the specific password that i gave github to sign messages with.
20:14 gtmanfred there is also this example for travisci https://github.com/saltstack/salt/blob/develop/salt/modules/travisci.py#L39
20:15 whytewolf pcn: you still need to have set up what commands are valid in the slack module. you don't get to just go in willy nilly and send anything you want
20:16 whytewolf you have a predefined set of commands.
20:16 whytewolf https://docs.saltstack.com/en/latest/ref/engines/all/salt.engines.slack.html
20:17 whytewolf it even defaults to not letting you send any commands
20:18 pipps joined #salt
20:19 DEger joined #salt
20:21 pcn whytewolf: I fixed that up in a branch on my clone, but the problem is that any command specified for any user or group is available to all users or groups when it does this: https://github.com/saltstack/salt/blob/develop/salt/engines/slack.py#L171-L183
20:22 rpb joined #salt
20:23 pcn https://github.com/pcn/salt/blob/slack-client-features/salt/engines/slack.py#L111 fixes that, but it would change the config to always using groups.  It seems better IMO
20:25 pcn It would also change things to limit access to the event bus, so that it only gets messages when command=false.  In the current version other things fall through to the bus.
20:25 pcn That doesn't seem to be documented as the intent, so I'm not sure why that fallback would be there.
20:27 DEger joined #salt
20:27 J0hnSteel joined #salt
20:30 whytewolf pcn: sorry i was looking at the actually released version which has none of the group stuff.
20:34 pcn Ah
20:35 pcn Yeah, without groups it's simpler
20:35 DanyC joined #salt
20:36 pcn Is garethgreenaway around?  I'd like to see about merging the branch I have with the work he's been maintaining
20:37 gtmanfred Gareth: ^^
20:37 Gareth Hi
20:37 djgerm Heya, if I have a pillar key with a nested set of keys (e.g. parentkey:childkeyX), is there a pillar.something to get the lost of childkeys, but not their keys and values underneath?
20:38 pipps joined #salt
20:38 gtmanfred pillar.parentkey.keys()
20:40 rhavenn joined #salt
20:42 djgerm so like {%set hosts = salt['pillar.parentkey.hosts.keys()'],{})%}
20:42 gtmanfred no
20:42 gtmanfred just {% set hosts = pillar.parentkey.keys() %}
20:43 djgerm ah ok. and if I want grandparentkey:parentkey:childkey ?
20:43 gtmanfred do you want the list of childkeys?
20:43 gtmanfred pillar.gpkey.pkey.keys()
20:43 djgerm yes
20:43 djgerm thank!
20:43 djgerm is there a way to simulate that on the command line?
20:44 gtmanfred not really
20:44 gtmanfred because the .keys() is a function on the dictionary that is pillar.gpkey.pkey
20:45 gtmanfred pillar is just a dictionary of your pillars, so treat it like a dictionary in jinja
20:46 gtmanfred http://jinja.pocoo.org/docs/2.9/templates/#variables
20:48 whytewolf well, technically you could do salt 'minion' cmd.run 'echo {{pillar.gpkey.pkey.keys()}}' template=jinja
20:48 gtmanfred ahh yeah, that would work
20:48 gtmanfred forgot about template on cmd.run
20:49 pietdv joined #salt
20:50 mooreguy joined #salt
20:50 shadoxx joined #salt
20:50 lorengordon is there a way when using cmd.run to tell salt to ignore certain exit codes as errors?
20:50 onlyanegg oooh, that's cool. I never knew that.
20:51 leonkatz joined #salt
20:52 whytewolf onlyanegg: I used to use it all the time at my last job to deminstrate how to jinja since they were very... cmd.run in a bash script kind of people. so as in interm towards working them towards states. I showed them cmd.run jinja
20:53 gtmanfred lorengordon: there is not, we have an open bug for it though
20:53 sarcasticadmin joined #salt
20:53 gtmanfred whytewolf: can you do cmd.script with jinja/
20:53 lorengordon bother
20:53 pipps joined #salt
20:54 lorengordon @gtmanfred i believe that is possible, re: cmd.script with jinja
20:54 lorengordon i think i actually added that, iirc
20:54 gtmanfred heh
20:54 onlyanegg whytewolf: I've never found a good way to debug jinja. Generally I just put it as a comment in what ever file I'm templating, but I like this echo method better
20:54 whytewolf onlyanegg: https://github.com/whytewolf/salt-debug
20:55 whytewolf which is just cp.get_template but returned to you directly instead of on the minion
20:55 gtmanfred whytewolf: have you seen the slsutil.renderer module?
20:55 whytewolf i have not
20:55 gtmanfred i just found out about it today
20:56 whytewolf odd, I looked for this forever back when i wrote debug
20:56 gtmanfred I am thinking about adding stuff for my blog-sls stuff to test the states with that renderer
20:57 gtmanfred there is a bug in it though, it doesn't pull down the files if they don't already exist
20:57 gtmanfred so right now you have to do a show_sls, then can do slsutil.renderer
20:58 whytewolf interesting. that should be easy to fix
20:58 gtmanfred yeah, just do a cp.cache_file if it doesn't exist
20:58 whytewolf I like this. this will defintly help in crossing the painful to many ways to render issue
21:01 onlyanegg cool
21:01 whytewolf i can finally write my map.jinja fils in python :P where it doesn't look like someone vomited all over the place
21:02 gtmanfred heh
21:04 Klaus_Dieter joined #salt
21:04 whytewolf well right up till i compleatly forget about this function
21:06 jas02 joined #salt
21:08 shoemonkey joined #salt
21:09 niombi joined #salt
21:09 whytewolf humm, looks like it was first being added in 2016.3 the docs are nothing more then a hey this module exists ... not going to tell you what it does in that version
21:10 niombi If my "file_roots: /srv/salt" I should be able to make a state file in /srv/salt and use apply that state with salt 'test' state.apply test3.sls right?
21:10 djgerm is there a way to user a variable that you set earlier in a jinja template file to inform which pillar to get? seems like double {{ inside a pillar.get statement go sideways pretty quickly
21:11 whytewolf niombi: almost salt 'test' state.apply test3
21:11 whytewolf niombi: you leave of the .sls
21:12 gtmanfred djgerm: you do not need to use {{}} inside a pillar.get
21:12 gtmanfred {{% set key = 'something' %}
21:12 gtmanfred {{ pillar.get(key) }}
21:13 ChubYann joined #salt
21:13 whytewolf djgerm: {% set blah = pillar.get('pillar1',{}) %} {% set blah2 = pillar.get(blah) %}
21:13 niombi oh right. For some reason it kept throwing     Data failed to compile: ----------     No matching sls found for 'nettools' in env 'base'  and only worked till I put the state file into a folder called base.
21:14 whytewolf or {{salt.pillar.get(salt.pillar.get('lookuptable','defaultpillar'),false)}}
21:14 niombi Well actually it was "file_roots:   base:     - /srv/salt/" if that makes a difference
21:15 whytewolf niombi: well the other way wouldn't have worked so i kind of figured it was that way
21:17 whytewolf humm. your file_roots is the same as default
21:18 whytewolf needing a base directory would imply that your file_roots is NOT /srv/salt
21:21 niombi Yea that's what I found weird. I triple checked that it was /srv/salt but it would still not work for some reason. So I just came here to verify that I am not crazy
21:21 cyborg-one joined #salt
21:22 whytewolf niombi: you put this config in your master config and restarted it right?
21:22 niombi Yup
21:22 djgerm I don't think i explained myself too good. http://paste.debian.net/924197/
21:23 gtmanfred well
21:23 whytewolf {%- set hostgroups = pillar.get('objects:hosts:'~hostnames~':hostgroups', [])| join(',') -%}
21:23 gtmanfred or this
21:24 gtmanfred {%- set hostgroups = pillar.get('objects:hosts:%s:hostgroups'|format(hostnames), [])|join(',') -%}
21:24 niombi @whytewolf Thanks for the help. I think I am just going to call it a layer 8 issue and remake the salt server
21:25 whytewolf niombi: alright
21:27 GMAzrael joined #salt
21:28 nikdatrix joined #salt
21:34 ninjada joined #salt
21:38 yidhra joined #salt
21:47 ninjada_ joined #salt
21:50 cads joined #salt
21:50 cads hey guys, anyone here familiar with docker's dockerfiles and docker-compose configuration files?
21:52 cads I would like to find out if salt lets us define the configuration of individual VMs (like docker files), as well compose more complex system out of these VMs (like we can do with docker-compose)
21:56 DEger joined #salt
22:02 gtmanfred cads: it can do that yes
22:02 gtmanfred https://blog.gtmanfred.com/docker-and-salt.html
22:03 gtmanfred also
22:03 Pyro_ joined #salt
22:03 gtmanfred there are some huge things coming in Nitrogen
22:03 gtmanfred https://github.com/saltstack/salt/pull/39996
22:03 saltstackbot [#39996][MERGED] Overhaul Docker support | This PR does the following:...
22:06 matt-jones joined #salt
22:06 pipps joined #salt
22:07 cads well, I suppose a little background would be helpful - I'm equiring for the purpose of adding docker-like capabilities to Qubes-OS. Qubes has as of last major release adopted Salt as a configuration management platform for defining and building individual VMs in its multi-VM operating system. The currently a facility doesn't provide any salt modules for easily composing multi-vm systems
22:08 cads so it's more a question of whether salt can do configuration and orchestration of multi-vm systems
22:08 cads in a way that's similar to docker/docker-compose, but does not depend on them
22:09 cads does that make sense?
22:09 gtmanfred salt virt is a thing? https://docs.saltstack.com/en/latest/topics/virt/
22:09 gtmanfred also, salt-cloud stuff
22:10 gtmanfred and lxc stuff
22:10 gtmanfred it depends on what exactly you are trying to do, but it can manage cloud servers and containers in multiple formats
22:10 gtmanfred it also supports freebsd jails
22:12 jdipierro joined #salt
22:12 fracklen joined #salt
22:15 cads gtmanfred, I see that in your docker-and-salt article you translate a dockerfile into an equivalent (and much cleaner!) salt state. That's very promising, even in my daily use of docker.
22:15 matt-jones I have a Runners question- Can I call an orch state to call runner to cmd.run on the master?  I've used `salt-run salt.cmd cmd-run` on the command line, but now I'm trying to run the same thing from an orchestration state: https://gist.github.com/DrMerlin/3d8fc511f66c7b56405522199a8433b4
22:15 gtmanfred :)
22:16 matt-jones Due to the issue here: https://github.com/saltstack/salt/issues/38977 I can't use salt-runner: salt.cmd.
22:16 saltstackbot [#38977][OPEN] saltutil.runner cannot pass required non-kwargs | Description of Issue/Question...
22:17 matt-jones Which I realized is passing from State to Module, and breaks.  If I could run the State version of cmd.run, I think I would be fine.  But I don't see how to kick off a state- only an execution module with salt.cmd.
22:17 gtmanfred matt-jones: yeah, it is unfortunate, if you wanted to take a shot at fixing it, we would appreciate it, but we have other bugs to work on.
22:18 matt-jones I'm taking a shot!
22:18 gtmanfred it shouldn't be that hard, just accept args from the saltutil.runner module
22:19 matt-jones I was going down the route of making modules.saltutil.runner better... until I realized that I didn't really want to get into execution module territory at all.
22:19 cads gtmanfred, I think in that article it would be good to explicitly show how that salt state should be folded back in to the dockerfile. Kind of "completing the loop" as it were, it would show the reader how to transform a hard to read docker file into a simple dockerfile stub + an elegant salt state that the stub imports. I think this "Building Docker containers using Salt" article could be useful: https://www.logilab.org/blogentry/290489
22:19 matt-jones Since the state version of cmd.run doesn't take any args- just kwargs.
22:19 jdipierro joined #salt
22:20 jdipierro joined #salt
22:20 matt-jones Also- @gtmanfred- thanks for the quick response in the issue comments.
22:22 cads gtmanfred, I think that for a basic setup, it makes sense to include the salt minion dependency in the docker file, and make the salt file accessible to the docker build context. So the build will install salt, copy the salt state tree into the machine, and then run the salt minion in a masterless capacity against the local state tree
22:24 gtmanfred that is what the docker.sls_build does
22:24 emerson joined #salt
22:24 gtmanfred it just uses the salt-thin tarball that is used for salt-ssh
22:24 gtmanfred so we tar up salt and all the dependencies, and use that to run the commands, then at the end, delete it
22:25 gtmanfred https://docs.saltstack.com/en/latest/ref/runners/all/salt.runners.thin.html#salt.runners.thin.generate
22:26 catpig joined #salt
22:27 mdpolaris joined #salt
22:28 mdpolaris joined #salt
22:28 ahrs joined #salt
22:33 cads gtmanfred, so this solution uses salt's dockerng to create the docker container, and completely omits the dockerfile altogether
22:34 cads that makes sense
22:37 mdpolaris I am working on a Salt deploy in AWS that has 1 master and then a Syndic in each region that we have a presence in. We are planning to use Salt Cloud to deploy our instances. I was planning to configure salt cloud on the top master, however that would require that master to ssh into every instance in all regions. How do you recommend doing this?
22:39 cads gtmanfred, so doing something similar for qubes would be a matter of writing a salt runner for the qubes environment, which would abstract the qubes VM lifecycle. I have to review the qubes salt implementation to see if they take this approach already.
22:41 pipps joined #salt
22:43 gtmanfred you would need to check how the dockerng module does it, i think it uses the runner, but it might use the thin generating code directly
22:43 gtmanfred but basically, it generates the code, puts it in the container, runs /var/tmp/.root_*_salt/salt-call or something around there, and then calls a masterless minion
22:44 gtmanfred it also uses the state.pkg stuff to run using a packaged up state.tgz like salt-ssh does
22:44 gtmanfred cads: if you need some help, hit me up on github where you are doing the work and we can see if we can help
22:45 gtmanfred cads: this is where the magic happens https://github.com/saltstack/salt/blob/develop/salt/modules/docker.py#L5261
22:46 cads Thanks gtmanfred, I don't know how soon it will be, but I definitely want to get up to speed with a configuration managment system, and I definitely want to help qubes be more easy to use and 'docker-like'. Qubes already has salt in the mix to handle its configuration, so that seems like a good direction.
22:46 gtmanfred :+1:
22:51 zer0def joined #salt
22:51 DEger joined #salt
22:52 hemebond "A reasonably secure operating system" lol
22:59 mdpolaris Does anyone run Salt-cloud with syndic nodes?
23:02 shoemonkey joined #salt
23:02 gtmanfred mdpolaris: what are you trying to do?
23:03 cads hemebond, it's useful if, for example, you'd like to keep your encryption keys in an entirely different xen VM than you use for your web browsing.
23:03 mdpolaris We are deployed in multiple regions and i want to have a single master of masters, and then syndics in each region. all minions in a region report to the syndic, which is the only link back up to the master
23:04 gtmanfred ok
23:04 cads hemebond, then if some driveby attack on the web compromises your browser's userspace, that's certainly not very good, but unless that driveby also has a Xen VM-escape 0-day, the rest of your system is safe.
23:04 gtmanfred mdpolaris: i have looked at doing that
23:05 mdpolaris we want to use salt-cloud to deploy our intances, and i was originally planning to have just the master setup with salt-cloud, however in order to fully bootstrap i would need to allow the master to ssh to any node it was provisioning correct?
23:05 gtmanfred correct
23:05 gtmanfred you could use the minion on each syndic master to do the bootstraps, using the cloud module
23:06 gtmanfred and then you could configure the cloud provider/profiles via pillars on the syndic minions
23:07 mdpolaris we are also using the REST API to kick off provisioning and i was hoping to have just a single entry point for the master…ok, so if i follow you, don’t have salt-cloud run the bootstrap, but maybe use an event captured by the local syndic to trigger the bootstrap?
23:07 gtmanfred no have salt-cloud run the bootstrap, just use salt cloud on the syndics
23:08 gtmanfred and not on the master of masters
23:08 mdpolaris ah, ok, so the reactor in the master calls out to the minion on the syndic to execute salt-cloud on each syndic…gotcha
23:08 gtmanfred right
23:08 gtmanfred https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.cloud.html#salt.modules.cloud.profile
23:12 mdpolaris ok, that makes sense. I actually use the cloud runner to provision from that original REST call, (REST -> Reactor -> Orch: provisions with cloud and then a bunch of other states after that) I just didn’t think about using the minion as the trigger to the syndic. Thanks!
23:12 gtmanfred no problem
23:13 djgerm is there a way to pass a var in a state to a jinja templated file?
23:14 gtmanfred can you be more specific about `a var in a state`?
23:14 mdpolaris a similar workflow to my current should work, just need that minion to start the orch on the syndic instead of the master…looks like i have some experimenting to do.
23:15 gtmanfred djgerm: defaults/context here ? https://docs.saltstack.com/en/latest/ref/states/all/salt.states.file.html#salt.states.file.managed
23:17 djgerm gtmanfred: I shall explain. I am setting a variable in a state with a set pillar.pkey.key.keys(). I then use that variable (which is a list of keys at this point) for my for loop. Now I have N number of states, which a different variable set. However I want to pass that variable to the jinja templated file that the state is sourcing and setting.
23:17 djgerm reading that doc now
23:18 gtmanfred yeah, do it in file.managed with context or defaults
23:18 gtmanfred context is probably the correct one
23:18 djgerm ok reading that. thanks!
23:18 PatrolDoom joined #salt
23:18 gtmanfred and then you can set some defaults, for if you don't want to set all the settings on all of the entries
23:22 mdpolaris do events fired on the Master get published to the syndics?
23:23 gtmanfred no
23:23 gtmanfred it is one way
23:23 gtmanfred if they are fired on the syndics, they get mirrored on the master of masters
23:26 jas02 joined #salt
23:28 mdpolaris ok, so if i wanted to start an orch on the syndic, i would need to fire an event using the syndic minion, and have a reactor on that syndic listen for it…or call the orch state directly from the minon on that syndic if that is even possible
23:29 gtmanfred just call it directly using saltutil.runner module
23:29 nikdatrix joined #salt
23:30 mdpolaris ah, ok, thanks again
23:30 gtmanfred salt syndic saltutil.runner state.orch mods=statefile
23:31 justanotheruser joined #salt
23:34 tercenya joined #salt
23:42 ahrs joined #salt
23:44 fracklen joined #salt
23:45 snowtree joined #salt
23:48 Tanta joined #salt
23:51 mdpolaris ok cool, sorry for the barrage of followups. Since my MoM is making this call originally from an Event (REST), my reactor should just call “local.saltutil.runner with -tgt: “syndic-minion”
23:51 mdpolaris would it be -name: state.orch.  ?
23:53 Tanta joined #salt
23:56 djgerm gtmanfred: context did the trick! thanks so much

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary