Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2017-03-29

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:01 alexlist joined #salt
00:02 peragwin Hi! I've got a question. Can states be dynamically generated on the Master?
00:03 peragwin For example, say I have a database which tracks whether or not a state should be active.
00:03 peragwin And I can't use a Pillar to gather this data because the minions do not have network access to this database. Is there another way to do this?
00:04 whytewolf first, pillar is rendered on the master. so yes doing it in pillar would be possable
00:04 whytewolf second states, grains and the state top file are rendered on the minion. so doing it there wouldn't be possable
00:05 whytewolf you might want to look into a ext_pillar
00:05 whytewolf either using an existing one or writting one
00:06 peragwin I see, thanks! I will try with the ext_pillar -- for whatever reason, I got the impression from the documentation that pillars are rendered on the minions as well
00:06 whytewolf you might also want to look at
00:06 whytewolf master_tops
00:06 whytewolf https://docs.saltstack.com/en/latest/topics/master_tops/
00:07 whytewolf not sure if those are master or minion though
00:08 peragwin oh cool, that looks like it could work as well
00:19 woodtablet left #salt
00:25 leonkatz joined #salt
00:27 gableroux Oh I really like the salt-api used with python, that's amazing :)
00:31 avalarion joined #salt
00:32 ninjada joined #salt
00:33 Tanta joined #salt
00:37 jas02 joined #salt
00:37 gableroux Quick question, is-there a better way to gather multiple values in the pillars and grains in a single run on multiple servers? I'm currently using a command line to generate a csv file based on a cmd.run template=jinja. I'm about to rewrite this in python using the salt-api.
00:37 gableroux the shell script looks something like this: https://gist.github.com/anonymous/d5ccebcdefd0c3cb398813310fe06bdb
00:39 whytewolf write a runner
00:39 whytewolf ?
00:40 gableroux hmm, looks like the right solution, I'm glad I asked, thanks
00:45 hoonetorg joined #salt
00:57 jrklein joined #salt
00:57 cyborg-one joined #salt
01:03 shoemonkey joined #salt
01:07 dxiri joined #salt
01:08 jimklo_ joined #salt
01:17 pipps joined #salt
01:30 lorengordon joined #salt
01:32 johnkeates left #salt
01:33 lorengordon anyone know if there is a module that can return a file list from the salt:// filesystem, based on a pattern?
01:33 lorengordon basically, file.find, but that works with salt:// sources
01:42 pipps joined #salt
01:48 ilbot3 joined #salt
01:48 Topic for #salt is now Welcome to #salt! <+> Latest Versions: 2016.3.6, 2016.11.3 <+> Support: https://www.saltstack.com/support/ <+> Logs: http://irclog.perlgeek.de/salt/ <+> Paste: https://gist.github.com/ (please don't multiline paste into channel) <+> See also: #salt-devel, #salt-offtopic <+> Ask with patience as we are volunteers and may not have immediate answers
01:48 DammitJim joined #salt
01:50 jas02 joined #salt
01:53 hemebond lorengordon: salt-run fileserver.file_list ?
01:54 hoonetorg joined #salt
01:57 catpigger joined #salt
02:06 mpanetta joined #salt
02:11 ninjada joined #salt
02:23 Pyro_ joined #salt
02:27 blu_ joined #salt
02:28 jdipierro joined #salt
02:29 jimklo joined #salt
02:30 vegasq joined #salt
02:30 leonkatz joined #salt
02:32 evle joined #salt
02:33 vegasq_ joined #salt
02:38 gadams joined #salt
02:39 SaucyElf joined #salt
02:40 sp0097 joined #salt
02:43 SaucyElf_ joined #salt
02:45 vegasq joined #salt
02:57 Zachary_DuBois joined #salt
03:06 jas02 joined #salt
03:09 Pyro_ joined #salt
03:16 cyborg-one joined #salt
03:25 jeblair joined #salt
03:29 Praematura joined #salt
03:29 DEger joined #salt
03:44 onlyanegg joined #salt
03:45 gmacon joined #salt
03:53 Praematura joined #salt
03:53 writtenoff joined #salt
03:56 dxiri joined #salt
03:57 netcho joined #salt
03:59 onlyanegg joined #salt
04:05 gableroux joined #salt
04:09 onlyanegg joined #salt
04:10 setkeh joined #salt
04:11 dxiri joined #salt
04:13 dxiri_ joined #salt
04:14 dxiri_ joined #salt
04:14 jas02 joined #salt
04:17 dxiri joined #salt
04:19 dxiri_ joined #salt
04:20 dxiri__ joined #salt
04:24 dxiri joined #salt
04:28 Klaus_Dieter joined #salt
04:32 TooLmaN joined #salt
04:33 stevesmename joined #salt
04:34 onlyanegg joined #salt
04:53 armyriad joined #salt
05:01 aaditya joined #salt
05:06 garphyx joined #salt
05:06 nkuttler_ joined #salt
05:07 legreffi1r joined #salt
05:07 froztbyt1 joined #salt
05:19 rdas joined #salt
05:27 jas02 joined #salt
05:29 jimklo joined #salt
05:34 raspado joined #salt
05:37 DarkKnightCZ joined #salt
05:54 oliv` joined #salt
05:55 MasterNayru joined #salt
05:55 davromaniak joined #salt
05:56 xMopxShell joined #salt
05:59 gableroux joined #salt
06:01 catpig joined #salt
06:02 DarkKnightCZ joined #salt
06:05 onlyanegg joined #salt
06:21 jas02 joined #salt
06:29 felskrone joined #salt
06:34 duncanmv joined #salt
06:39 ReV013 joined #salt
06:50 inetpro joined #salt
06:52 golodhrim|work joined #salt
06:57 Ricardo1000 joined #salt
06:57 aldevar joined #salt
06:58 muxdaemon joined #salt
06:58 ivanjaros joined #salt
06:59 ReV0131 joined #salt
06:59 gableroux joined #salt
07:01 Inveracity joined #salt
07:06 onlyanegg joined #salt
07:11 tharkun joined #salt
07:14 rem5_ joined #salt
07:20 kiorky joined #salt
07:25 jas02 joined #salt
07:28 dariusjs joined #salt
07:30 impi joined #salt
07:32 jrklein joined #salt
07:33 dariusjs joined #salt
07:36 ronnix joined #salt
07:39 Trauma joined #salt
07:39 JohnnyRun joined #salt
07:43 jhauser joined #salt
07:55 toanju joined #salt
07:56 Reverend joined #salt
08:02 Klaus_Dieter joined #salt
08:12 mikecmpbll joined #salt
08:12 ReV013 joined #salt
08:15 samodid joined #salt
08:18 armyriad joined #salt
08:20 snow__ joined #salt
08:20 candyman88 joined #salt
08:21 question joined #salt
08:23 inad922 joined #salt
08:24 question I'm considering buying Saltstack Enterprise, but the guys from saltstack.com are excruciatingly slow in answering emails. I asked for a demo, I got one reply then, after 3 weeks, still no demo. If this is an indicator for their level of support, it does not look good. What's your experience with SaltStack Enterprise?
08:26 candyman88 joined #salt
08:30 muxdaemon joined #salt
08:30 gableroux joined #salt
08:30 candyman88 joined #salt
08:32 N-Mi joined #salt
08:32 N-Mi joined #salt
08:33 dariusjs joined #salt
08:35 candyman88 joined #salt
08:38 toanju joined #salt
08:38 candyman88 joined #salt
08:43 candyman88 joined #salt
08:45 dyasny joined #salt
08:46 pipps joined #salt
08:47 candyman88 joined #salt
08:51 candyman88 joined #salt
08:54 Praematura joined #salt
08:54 ravenx joined #salt
08:54 ravenx is there a way to cat a file by providing a path
08:54 ravenx i was thinking of cmd.run 'cat file'
08:55 ravenx however, i dont want to enable that cmd.run module at all
08:56 stevesmename joined #salt
08:57 cyborg-one joined #salt
08:58 Mattch joined #salt
08:59 candyman88 joined #salt
09:03 dyasny joined #salt
09:03 candyman88 joined #salt
09:05 inad922 joined #salt
09:06 mike25de joined #salt
09:07 onlyanegg joined #salt
09:07 candyman88 joined #salt
09:11 candyman88 joined #salt
09:17 candyman88 joined #salt
09:17 DanniZqo joined #salt
09:18 kjsaihs joined #salt
09:34 jhauser joined #salt
09:36 raspado joined #salt
09:38 jas02_ joined #salt
09:41 gmoro_ joined #salt
09:47 rpb joined #salt
09:49 muxdaemon joined #salt
09:50 cowyn joined #salt
09:52 dariusjs joined #salt
09:56 lorengordon hemebond: i don't use a salt master, so no salt-run :(
09:56 hemebond lorengordon: Oh.
09:56 lorengordon but i did find the cp module, which looks promising
10:05 theblazehen Is there a way to use named volumes with dockerng?
10:07 theblazehen From what I can tell, you can either use a data container and volumes_from, use a bind, or just use a volume which gets destroyed when you edit a container, so :(
10:08 theblazehen Ah. https://github.com/saltstack/salt/issues/37029 Can use named volume in a bind :D
10:08 saltstackbot [#37029][OPEN] [Dockerng] Warning : Host path in bind is not absolute, assuming it is a docker volume | Description of Issue/Question...
10:10 netcho joined #salt
10:10 netcho joined #salt
10:20 toanju joined #salt
10:22 APLU joined #salt
10:34 dariusjs joined #salt
10:37 onlyanegg joined #salt
10:43 mike25de joined #salt
10:44 ReV0131 joined #salt
10:45 mike25de_ joined #salt
10:51 do3meli joined #salt
10:52 DanniZqo joined #salt
11:00 gableroux joined #salt
11:01 jhauser_ joined #salt
11:02 jrklein joined #salt
11:03 jas02 joined #salt
11:07 jas02 joined #salt
11:11 ReV013 joined #salt
11:14 rabit joined #salt
11:15 rabit How can I activate autocomplete support in salt stack
11:16 Ricardo1000 rabit: What do you mean ?
11:16 rabit http://stackoverflow.com/questions/43071230/how-to-use-autocomplete-in-saltstack
11:16 rabit I asked the question in detail there
11:17 jas02_ joined #salt
11:19 haam3r rabit: Drop the salt.bash script into /etc/bash_completion.d or your local user profile config
11:19 haam3r and your bashrc should load it
11:20 dariusjs joined #salt
11:21 rabit Thank you. Let me try please
11:23 Pyro_ joined #salt
11:31 ReV013 joined #salt
11:36 muxdaemon joined #salt
11:42 netcho joined #salt
11:48 amcorreia joined #salt
11:50 hemebond left #salt
11:52 Ricardo1000 joined #salt
11:56 podstava joined #salt
11:58 ReV013 joined #salt
11:59 dendazen joined #salt
12:03 numkem joined #salt
12:05 golodhrim|work joined #salt
12:07 gableroux joined #salt
12:07 jas02 joined #salt
12:08 Psy0rz joined #salt
12:09 Psy0rz is it possible to store the name of a template in the template itself? e.g. i have a jinja template nginx_server.conf, and i want the header to be something like #Generated by Salt from template nginx_server.conf
12:10 o1e9 joined #salt
12:10 Psy0rz is there some jinja thing i can do to automaticly add that "nginx_server.conf" string
12:13 jhauser joined #salt
12:15 snow__ joined #salt
12:16 snow__ Hello, I can't resolve my error with " sudo salt-run winrepo.update_git_repos ", here a copy of my console with error ( https://hastebin.com/hezojideni.sql ) and my master file ( https://hastebin.com/pehacizezi.coffeescript )
12:17 Inveracity joined #salt
12:21 gableroux joined #salt
12:22 swills joined #salt
12:22 gableroux joined #salt
12:26 gablerou_ joined #salt
12:28 JohnnyRun joined #salt
12:30 jas02 joined #salt
12:33 gableroux joined #salt
12:34 MattP_ joined #salt
12:36 Electron^- joined #salt
12:36 MattP_ Hello everybody, I have a strange situation: When I try to execute commands through a syndic from a master, I can't access the minions with a non-privileged account (jenkins in my case) but I can from the root account. I'm running 2016.11.3 everywhere (master, syndic, minion). Does it ring a bell to anyone?
12:37 MattP_ I have checked /var/cache/salt/master and it belongs to 'jenkins'
12:38 onlyanegg joined #salt
12:39 jas02 joined #salt
12:39 ssplatt joined #salt
12:49 jas02 joined #salt
12:55 jrklein joined #salt
12:58 netcho joined #salt
13:02 edrocks joined #salt
13:06 dariusjs joined #salt
13:08 aaditya joined #salt
13:11 Brew joined #salt
13:12 aaditya hi
13:13 aaditya can changes to the documentation be suggested?
13:13 aaditya specifically this page https://docs.saltstack.com/en/getstarted/ssh/connect.html
13:16 ronnix joined #salt
13:18 prg3 joined #salt
13:20 megamaced joined #salt
13:24 jas02 joined #salt
13:26 Neighbour aaditya: the docs are part of the repository, so you can submit pull requests for the docs just as you would for code
13:28 shoemonkey joined #salt
13:28 aaditya Neighbour: thanks
13:29 aaditya now the task is to find where the page is located in the doc repo
13:31 Brew joined #salt
13:33 mpanetta joined #salt
13:35 jas02 joined #salt
13:35 darebwoi joined #salt
13:37 raspado joined #salt
13:38 brousch__ joined #salt
13:40 gaghiel joined #salt
13:40 gaghiel quick one: isn't the __salt__ dictionary available to in custom _grains ?
13:41 racooper joined #salt
13:45 darebwoi joined #salt
13:47 Tanta joined #salt
13:52 XenophonF i don't think so
13:52 XenophonF iirc at that point it hasn't been created yet
13:52 XenophonF if you want to call different modules or whatever, you have to import them
13:53 XenophonF for example: https://github.com/irtnog/active-directory-formula/blob/master/_grains/windows_installation_type.py
13:56 jdipierro joined #salt
13:58 dendazen joined #salt
13:59 shoemonkey joined #salt
14:10 johnkeates joined #salt
14:10 xet7 joined #salt
14:14 candyman88 joined #salt
14:14 gaghiel XenophonF: thanks :)
14:15 leonkatz joined #salt
14:24 tapoxi joined #salt
14:30 jdipierro joined #salt
14:31 concerti after standing up a VM with salt-cloud what would be the best way to one time set the IP of the new server. With a salt state or something else?
14:31 vegasq joined #salt
14:31 cmarzullo does it come up with dhcp?
14:32 concerti no dhcp we are going to set the IP static on an ubuntu server
14:32 concerti this is for 7 dev sandboxes that all need to be setup the same except on different IPs with different hostnames
14:33 edrocks joined #salt
14:34 vegasq joined #salt
14:38 Karunamon silly syntax question - how do I require another salt.function state when using the orchestrate runner?
14:39 Karunamon say i've got a start_myapp which is a salt.function, but I want another orchestrate state to require that
14:39 evle1 joined #salt
14:40 PatrolDoom joined #salt
14:45 sjorge joined #salt
14:45 sjorge joined #salt
14:46 DammitJim joined #salt
14:48 leonkatz joined #salt
14:50 tiwula joined #salt
14:56 sarcasticadmin joined #salt
15:00 Ricardo1000 I have enabled peer publish on master, but when I have execute runner manage.status from minion and when run same runner on master host I got different results.
15:00 Ricardo1000 Minion shows some hosts are down, but master shows that all hosts are alive
15:01 Ricardo1000 Also when I try execute cmd.run on down host, it execute normally
15:01 Ricardo1000 What is wrong ?
15:02 vegasq_ joined #salt
15:02 s0undt3ch joined #salt
15:03 st8less joined #salt
15:07 abednarik joined #salt
15:08 inad922 joined #salt
15:21 Pyro_ joined #salt
15:21 onlyanegg joined #salt
15:22 Electron^- joined #salt
15:23 abednarik joined #salt
15:28 sp0097 joined #salt
15:33 Praematura joined #salt
15:33 Fabbe_ joined #salt
15:41 Karunamon having a very hard time figuring out how to get state.orchestrate to kick off other orchestrate states with -require.. example here: https://gist.github.com/Karunamon/addce5a65daec1c489c476c2b4ce317d
15:42 ssplatt https://docs.saltstack.com/en/latest/topics/orchestrate/orchestrate_runner.html
15:43 ssplatt https://docs.saltstack.com/en/latest/topics/reactor/#advanced-state-system-capabilities
15:43 ssplatt https://docs.saltstack.com/en/latest/ref/states/all/salt.states.saltmod.html#salt.states.saltmod.state
15:43 raspado joined #salt
15:44 Karunamon dumping 3 pages of docs I already have open for what proably amounts to a syntax error is pretty unhelpful.
15:44 ssplatt state.sls is probably what you are looking for
15:44 ssplatt er salt.state
15:44 ssplatt instead of salt.function
15:45 whytewolf require is not a state
15:45 raspado_ joined #salt
15:45 whytewolf errr irchestrate
15:45 PatrolDoom joined #salt
15:45 whytewolf you can't require an sls from with in orchestrate
15:46 whytewolf if you require the orchestrate to run. call it useing salt.runner and require the salt.runner
15:48 Karunamon so wait, I can require other states, but only if they're defined in the same file?
15:48 Karunamon (looking at https://docs.saltstack.com/en/latest/topics/orchestrate/orchestrate_runner.html#more-complex-orchestration)
15:49 whytewolf you might be able to get away with include. but require on an sls: is straight out
15:50 whytewolf orchestration is NOT your typical state run
15:58 Xenophon1 joined #salt
15:59 rem5 joined #salt
16:01 leonkatz joined #salt
16:02 Karunamon so state.orchestrate is a runner - is there not an apidoc for the function or am I missing something
16:03 Pyro_ joined #salt
16:04 armyriad joined #salt
16:04 Pyro_ joined #salt
16:07 toastedpenguin joined #salt
16:11 catpig joined #salt
16:11 dariusjs joined #salt
16:13 DammitJim how do I check that a pillar exists on a template?
16:14 DammitJim rather... I have a template... how do I code it so that it can check for a value in pillar and if it is not defined, to use a default?
16:16 whytewolf DammitJim: {% set value salt.pillar.get('some pillar that might or might not exist', <default value if it doesn't>)%}
16:16 whytewolf opps forgot the =
16:16 DammitJim oh ok
16:16 DammitJim we got options ;)
16:17 whytewolf lots of them
16:18 aldevar left #salt
16:19 woodtablet joined #salt
16:19 DammitJim OMG, the spacing and the new lines are driving me nuts in this template!!
16:21 woodtablet you are a doctor, not a software engineer
16:24 astephanh joined #salt
16:26 astephanh hi. i like to create a list of packages to install with pip. but my for loop returns a dict instead of key value. what am i doing wrong? https://pastebin.com/P7EErx7s
16:27 astephanh can't i use a list like this
16:29 whytewolf astephanh: you don't just have a list, you have a list of dicts. [{"docker":"2.1.0"},{"docker-compose":"1.11.2"}] so pkg is getting set to the value of each list item... which is a dict
16:30 astephanh and can i access the dict somehow?
16:30 astephanh or would a other format ot the pillar be better
16:32 CrummyGummy joined #salt
16:32 saltsa joined #salt
16:33 whytewolf in the line under the for try {% for pkg,version in pkg %} - name: {{pkg}} {%endfor%}
16:34 whytewolf [not tested]
16:34 raspado_ can anyone give me a pointer as to why I cant load vars from a hash? heres my task/vars file https://pastebin.com/NdFpHYM7, basically Im using with_dict to call the var inside the file but I get an error that job has no attribute
16:35 astephanh https://pastebin.com/cCEV4CS2
16:39 whytewolf astephanh: humm, one thing in python i have never been ab;e to get to work the way i thought it worked was the damn unpacking of dicts. was pretty sure that was right. but maybe the for is unpacking it befor hand. try the key,value on your prev for
16:39 Karunamon whytewolf: You pointed me in the right direction, but it looks like I'm running smack into https://github.com/saltstack/salt/issues/33390 - thanks anyways :)
16:39 saltstackbot [#33390][OPEN] Allow orchestrate to call orchestration files | Description of Issue/Question...
16:39 astephanh ohz! typo. it works
16:40 Karunamon the orchestrate calling the orchestrate doesn't see the True returns, so top level orchestrate returns false/failed
16:40 astephanh https://pastebin.com/D60Gg63m
16:41 astephanh looks messy but better than changing the pillar
16:41 whytewolf Karunamon: that sucks :( stringing orchestrats together really does need a ton of work.
16:42 ChubYann joined #salt
16:49 N-Mi joined #salt
16:49 N-Mi joined #salt
16:49 jas02 joined #salt
16:49 astephanh Thx
16:55 pipps joined #salt
16:59 q1x Does anyone know if https://github.com/jirikotlin hangs out in this channel?
17:00 Brew joined #salt
17:02 zer0def joined #salt
17:04 Brew joined #salt
17:07 Trauma joined #salt
17:11 abednarik joined #salt
17:12 shadoxx q1x: they're not registered in Nickserv on Freenode. i don't know if there's another handle they go by
17:13 mpanetta joined #salt
17:14 zer0def joined #salt
17:16 sdio joined #salt
17:16 mavhq joined #salt
17:28 Pyro__ joined #salt
17:28 zer0def joined #salt
17:34 raspado_ if i have a hash in my vars, do i call the items by "{{ item.name }}" ?
17:35 raspado_ i cant seem to get the values from my hash, ive tried with_items and with_dict
17:35 raspado_ oops wrong chan :)
17:38 Pyro_ joined #salt
17:40 zer0def joined #salt
17:43 Praematura joined #salt
17:43 censorshipwreck joined #salt
17:48 wendall911 joined #salt
17:59 KyleG joined #salt
17:59 KyleG joined #salt
18:00 aldevar joined #salt
18:01 SaucyElf joined #salt
18:02 mikecmpbll joined #salt
18:03 SaucyElf joined #salt
18:03 Edgan gtmanfred: figured it out, https://github.com/saltstack/salt/issues/36313
18:03 saltstackbot [#36313][OPEN] salt-ssh: grains set in the roster not working in all contexts | Description of Issue/Question...
18:03 ssplatt joined #salt
18:03 XenophonF joined #salt
18:07 desposo joined #salt
18:14 gtmanfred Edgan: dope
18:18 teratoma joined #salt
18:21 lclemens joined #salt
18:24 SaucyElf joined #salt
18:24 dyasny joined #salt
18:25 seanz joined #salt
18:26 dyasny joined #salt
18:29 Brew joined #salt
18:29 scooby2 Does Salt for Windows work on 2012r2 or 2016?
18:29 gtmanfred it works on both
18:30 scooby2 gtmanfred: thank you
18:31 gtmanfred scooby2: this is a little out of date, but we support windows 7, 8, 10, 2008, 2012, and 2016 http://saltstack.com/wp-content/uploads/2016/08/SaltStack-Supported-Operating-Systems.pdf
18:32 Edgan gtmanfred: Any idea why json was chosen for salt-ssh instead of yaml for transport?
18:32 gtmanfred Edgan: no idea
18:33 Edgan gtmanfred: Seems like it would be easy to just convert all the json read and writes to yaml as a PR.
18:44 sh123124213 joined #salt
18:52 inad922 joined #salt
18:54 IRCFrEAK joined #salt
18:55 IRCFrEAK left #salt
18:55 tapoxi joined #salt
18:59 newbiefromla joined #salt
19:01 newbiefromla hello - i am trying to use this formula https://github.com/saltstack-formulas/mysql-formula
19:01 newbiefromla but after getting it up, I can't seem to get any of these states working https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.mysql.html
19:01 newbiefromla Almost seems like minion does not know about it. Return nothing in master
19:02 whytewolf those are not states
19:02 wendall911 joined #salt
19:02 whytewolf those are exacution modules. which are meant to be run from the cli
19:03 nixjdm joined #salt
19:07 pipps joined #salt
19:08 IRCFrEAK joined #salt
19:10 IRCFrEAK left #salt
19:10 legreffier joined #salt
19:13 juntalis joined #salt
19:15 newbiefromla I tried running the execution modules in CLI also but not getting any results. Should it work?
19:16 newbiefromla I ran salt '*' mysql.db_list
19:16 newbiefromla but returns nothing
19:16 XenophonF newbiefromla: have you installed the python-mysql module or whatever your version of Unix/Linux calls it?
19:16 newbiefromla even though there is a db in the mysql database
19:17 XenophonF using that formula, running 'salt minion state.apply mysql.client' should install the right bits and pieces for you
19:17 XenophonF then assuming that you have the minion configured correctly to talk to the database (i.e., the root account is configured or whatever), you can run 'salt minion mysql.db_list'
19:18 newbiefromla OK
19:18 newbiefromla https://gist.github.com/obicho/202f748cf369426019f682d5a1ea76c9
19:18 newbiefromla this is my top file
19:19 XenophonF newbiefromla: note the text at the top of https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.mysql.html
19:19 newbiefromla I see.
19:19 newbiefromla Good to know
19:20 newbiefromla will try it
19:20 XenophonF again, assuming that you have the right stuff specified in pillar, calling the 'mysql' SLS should work
19:20 leonkatz joined #salt
19:20 XenophonF note that if you've manually installed mysql and the python-mysql interface, you'll also need to manually restart the salt-minion
19:20 newbiefromla got it
19:21 XenophonF that way it will detect the presense of the mysql client libs and load them
19:21 XenophonF (the pkg.install exec function / the pkg.installed state function does this for you, btw)
19:21 duncanmv joined #salt
19:22 jimklo joined #salt
19:23 newbiefromla ok thank you
19:23 DoomPatrol joined #salt
19:24 newbiefromla Another question - I have a private git repo on BitBucket which contains all my custom wordpress code. Is it possible to write a state file to automatically get the latest from the repo and copy it to a specific direct in the minion
19:24 XenophonF yes
19:25 XenophonF you can use the git.latest state
19:25 XenophonF I use per-repo deploy-only keys to handle that sort of thing.
19:25 gtmanfred you could also run saltutil.refresh_modules
19:26 gtmanfred don't need to restart the minion
19:26 GOLDPANK joined #salt
19:26 newbiefromla oh nice
19:26 XenophonF git.latest state docs: https://docs.saltstack.com/en/latest/ref/states/all/salt.states.git.html#salt.states.git.latest
19:26 newbiefromla Yeah looking at that
19:27 XenophonF I think that Atlassian calls deploy keys "access keys".
19:27 XenophonF I don't use BitBucket so I'm not 100% on that one
19:27 XenophonF GitHub calls them deploy keys.
19:27 XenophonF https://confluence.atlassian.com/bitbucket/use-deployment-keys-294486051.html
19:27 GOLDPANK left #salt
19:28 Trauma joined #salt
19:28 XenophonF so I use users-formula + Pillar to put the deploy key (ssh private key) on the minion in question, then i use a git.latest state referencing that private key
19:29 newbiefromla how about this scenario: I have a DEV mysql DB (not a minion) and I want to import a DB from there to a STAGE mysql DB (a minion). What's the best way to go about it?
19:30 XenophonF depends - is this a one-time thing?
19:31 whytewolf newbiefromla: what concerns me is that everything that should thrown an error on your setup doesn't. instead it just doesn't return.
19:31 newbiefromla xenophon: No - it will be on going.
19:32 XenophonF I wouldn't use Salt for that.
19:32 XenophonF I would use a MySQL-native replication/synchronization mechanism (which I'd deploy using Salt).
19:32 Pyro_ joined #salt
19:33 leonkatz joined #salt
19:34 newbiefromla whytewolf: Is there a verbose mode for errors? I wish I see more errors other than just a one liner _____________________ from my minion
19:35 newbiefromla xenophon: it gets tricky - wordpress stores the domain name in the DB. DB and STAGE have different domain names. So I'd need to clean the values too. A simply sync is not going to work.
19:35 Edgan newbiefromla: Salt is a form of abstraction, and automation. If you are just doing this on one machine, Salt isn't a good tool for you. If you are doing this on multiple machines and/or want to automate the process, it may be the right tool.
19:37 whytewolf newbiefromla: well, there are several things. there is a -l debug. but that should be run from the minion with salt-call there is also changing the loglevel in both the minion and the master.
19:37 Edgan newbiefromla: With automation you tend to care less about the errors, and more if there are errors. You expect it to just work most of the time. So you dig deeper into the abstraction, and debug the cause when it doesn't.
19:37 newbiefromla Edgan - makes sense. Will take it into consideration.
19:37 Edgan whytewolf: -l debug is very verbose, but I find if I am resorting to -l debug, I almost always actually need -l trace
19:39 whytewolf I tend to get away with just -l debug. but i hardly ever need the trace level. but then I tend to use -l debug when i am writting my own modules and i add heavy log.debug messages
19:40 Edgan whytewolf: for me it is what are the exact commands and arguments it used for something, like apt, yum, or salt-call. -l debug doesn't always show them.
19:40 whytewolf ahh yeah -l trace is better when you need that.
19:41 whytewolf -l debug is good when you need the input into states, -l trace when you need to know what the acual commands being run are
19:41 Edgan whytewolf: I am often tracking down salt bugs. I tend to used mixed for developmenting salt code.
19:41 _I_R_C_F_R_E_A_K joined #salt
19:42 leonkatz joined #salt
19:42 Edgan whytewolf: I recently found salt and pycharm make a good combo. You can freeze salt on a certain line of code and see all the internal variable state.
19:42 whytewolf i have noticed you do tend to run into a lot of the salt bug. my guess is the use of salt-ssh. which personally i think needs a rewrite from the ground up
19:43 whytewolf yeah i have used pycharm with salt. it is great to walk the salt code
19:43 XenophonF omg tell me how
19:43 XenophonF please please please
19:43 Edgan whytewolf: I would say about half my bugs are salt-ssh, and more lately.
19:43 XenophonF i've been beating my head against salt-cloud and salt-formula for the last two hours and desperately need better error debugging than the crappy stack traces salt gives me
19:44 XenophonF oh
19:44 XenophonF it's an IDE
19:44 XenophonF :(
19:44 whytewolf yeah. a pretty good IDE
19:44 Edgan XenophonF: yes, but is the IDE you need for salt
19:44 Edgan XenophonF: It is super powerful
19:45 whytewolf honestly I use it a lot for non salt python projects also. it really is one of the best python IDE's out there
19:45 Praematura joined #salt
19:46 gtmanfred agreed, +1 to pycharm, but I have been using atom recently
19:46 XenophonF I'm debating on whether to install this on my Salt master.
19:46 XenophonF which is currently headless by design
19:46 gtmanfred x11 forwarding ftw
19:46 Edgan I prefer Atom with many modules for general code, including salt code. But debugging python, pycharm for the win.
19:47 gtmanfred yeah
19:47 whytewolf humm, i might have to try atom at some point. i generally have always been a heavy vim guy before
19:48 Edgan whytewolf: same here, but the level of the lint checking and all I can get in Atom blows away vim
19:48 gtmanfred I recently threw away my vim configuration, i have a couple things in atom that syncs my code to the remote server, so it syncs to /root/src/salt, which is an editable pip install, then I can make all my changes locally, and they get pushed up when I save
19:48 gtmanfred it is super nice
19:49 gtmanfred i did pylint with vim for a bit
19:49 Edgan whytewolf: Here is my atom packages configuration that is backed up to github.
19:49 Edgan https://gist.github.com/edgan/bffb45205f1c8b7feb80f86658abc872
19:49 gtmanfred it is significantly easier to do it in atom
19:50 Edgan Two people I have pointed at, linter-js-yaml, have said it is a game changer for them and salt code development.
19:50 _I_R_C_F_R_E_A_K left #salt
19:51 Edgan XenophonF: https://imgur.com/a/wxXK7  Here is an example Run configuration for pycharm
19:52 XenophonF there's something wrong with how salt-formula handles merges in map.jinja :(
19:52 XenophonF salt:gitfs:gitpython from defaults.yaml gets erased by map.jinja
19:53 Edgan XenophonF: Under the Run menu, Toggle Line Breakpoint, and then select Debug 'salt-ssh' under the Run menu, then a console will pop up and show you all the internal variables
19:55 Edgan XenophonF: Salt has so many layers of abstraction that this is 10x or more easier than other methods I have tried.
19:55 Edgan XenophonF: salt-formula as in the git repo?
19:55 XenophonF that's exactly what I need
19:55 XenophonF yeah, the git repo
19:55 Edgan XenophonF: I use map.jinja merging HEAVILY
19:55 sh123124213 is it a known bug or something that tornado salt-api does not work? I tried it and failed. I switched to cherrypy and everything works like a charm
19:55 Edgan XenophonF: What version?
19:55 XenophonF same here but they somehow managed to donk it up
19:55 XenophonF I just cloned HEAD.
19:56 whytewolf sh123124213: iirc not everything from netapi has been implimented in tornado salt api yeet
19:56 gtmanfred sh123124213: the tornado api works fine here,it does not have feature parity with cherrypy
19:56 XenophonF I don't have time to track this down.
19:56 Edgan XenophonF: Give me a reproducible test case and I bet I can find the bug
19:56 XenophonF run state.apply salt.gitfs.gitpython
19:56 gtmanfred sh123124213: https://github.com/saltstack/salt/issues/26505
19:56 saltstackbot [#26505][OPEN] Bring Saltnado up to feature parity with rest_cherrypy | [As has been discussed](https://github.com/saltstack/salt/issues/13698#issuecomment-94056727) now that Tornado is a dep for Salt core it makes sense to move development effort on a REST API to Saltnado. We do not yet have a timeline for this work but we cannot deprecate `rest_cherrypy` until Saltnado has feature parity and identical interfaces so this issue will serve as a place to tra
19:57 XenophonF on my CentOS 7 master it throws an error about gitpython not being in the gitfs dict
19:57 Edgan XenophonF: Why gitpython and not pygit2?
19:57 XenophonF i temporarily replaced that with a {{ salt_settings.gitfs|yaml(False) }} and rendered it using file.managed
19:58 sh123124213 thnx
19:58 XenophonF last time i tried it, pygit2 relied on a libssh version that didn't support ed25519 keys
19:58 gtmanfred if you don't need ssh or http authentication, i don't see the point in pygit2, especially with the extra error messages it is spewing right now in centos 7
19:58 XenophonF gitpython works very reliably for me
19:58 gtmanfred me too
19:58 whytewolf those errors go away if you build libgitfs and install pygit2 from pip :P
19:59 gtmanfred i know, but it isn't worth it for me
19:59 whytewolf err libgit2 i mean
19:59 gtmanfred when i don't use any of the pygit2 features
19:59 XenophonF i try to avoid building stuff from source on production systems
19:59 whytewolf this is true
19:59 XenophonF it makes keeping them up to date impossible
19:59 XenophonF otherwise i'd just run gentoo everywhere
20:00 whytewolf i do also, generally i create a source package and have redhat build that and then distribute that
20:00 Edgan Don't use pip install, use fpm -s python
20:00 XenophonF what's that do?
20:00 gtmanfred https://github.com/jordansissel/fpm
20:00 Edgan fpm -s python will make you a rpm or deb easily and will even resolve dependecies
20:00 XenophonF whytewolf: a private build repo was my approach for freebsd
20:00 XenophonF poudriere makes that pretty easy to do
20:01 XenophonF i haven't gotten around to setting up spacewalk, no time
20:01 Edgan Technically if there is an upstream deb/rpm, that method is better, but this is easier than making your own deb/rpm
20:01 XenophonF thanks for the reference to fpm, i'll check it out
20:02 abednarik joined #salt
20:02 Edgan XenophonF: I also use it to make debs for deploys. fpm -s dir -t deb -n foo .
20:03 pipps99 joined #salt
20:03 Edgan whytewolf: I agree salt-ssh could use a rewrite, but I am not quite that ambitious. I also prefer to live with it and have roughly one tool than switch to ansible and have to port code back and forth.
20:04 pipps_ joined #salt
20:05 whytewolf yeah. I don't have the time or python knowledge to attempt that
20:05 XenophonF thanks for the clues, everyone
20:05 XenophonF you all rock
20:06 Edgan gtmanfred: I use github, so ssh is the way, and from all I have read pygit2 seems to be the most popular, and hence the most tested.
20:06 duncanmv joined #salt
20:07 whytewolf well gitpython was heavilly used before pygit2 came into saltstack so gitpython is just as tested. just doens't have as many features
20:07 Edgan XenophonF: I tend to do '{{ salt_settings.gitfs }}' instead of {{ salt_settings.gitfs|yaml(False) }}
20:08 inad922 joined #salt
20:08 hemebond joined #salt
20:08 XenophonF now why on earth is salt-cloud throwing KeyError: 'provider'?
20:08 vexati0n has anyone managed to figure out how to use the AzureARM cloud driver? it's useless for me since it waits forever for a public IP address to be assigned, but Azure doesn't do that automatically and can't do it manually until the VM is finished - which Salt-Cloud never gets it to
20:08 XenophonF ok now i'm going to give pycharm a try
20:08 XenophonF this stack trace sucks
20:09 whytewolf XenophonF: if it is in the provider file i believe provider was changed to driver to avoid confusion
20:11 gtmanfred that is correct
20:11 beardedeagle joined #salt
20:15 XenophonF I changed that a while ago
20:15 XenophonF it says whatever: { driver: ec2, ...}
20:15 whytewolf vexati0n: I don't know about azurearm, but in openstack there generally are options for saltcloud to add a public ip to the created instance
20:16 whytewolf unforchantly i don't work with Azura ... so have no experence with it
20:16 dendazen joined #salt
20:17 hemebond vexati0n: Most of the providers work that way with Salt-Cloud.
20:17 hemebond For AWS I wrote a custom runner that installed salt-minion using the cloud-init.
20:20 bakins joined #salt
20:21 hemebond (actually you can do it without the custom runner, you'll just have to accept the key when the minion connects)
20:23 vexati0n yeah, AWS is simple
20:24 hemebond ?
20:24 hemebond Wouldn't work for Azure?
20:24 vexati0n i do AWS all day long, but azurearm is unusable...the docs don't mention any option to add a public ip
20:24 vexati0n and on AWS you don't need to , because AWS does it automatically
20:25 demize Not necessarily. ;p
20:25 hemebond ^
20:25 hemebond None of my VMs get a public IP.
20:25 hemebond I have to specify that it should get one.
20:26 vexati0n never had that issue on aws. there is a config option telling salt to run on a public IP
20:26 vexati0n maybe that does it on AWS, but the same option doesn't do that on Azure
20:26 hemebond My point was that I don't use public IPs and it's still fairly easy to get salt-minion installed.
20:27 hemebond Without the public IP the default process with salt-cloud doesn't work.
20:27 hemebond Even on AWS.
20:27 vexati0n right
20:27 vexati0n but i don't care, because aws has the "auto-assign public ip" option
20:28 hemebond I see.
20:28 vexati0n our salt master lives on AWS, not Azure
20:28 vexati0n so I have to have public IPs there
20:29 vexati0n i could install salt-minion the hard way and get it to connect, but that defeats the purpose of building an automated provisioning system with a 'one-click' deployment
20:30 Edgan hemebond: I just bake the salt-minion into a custom AMI. I don't want the install process failing for one of twenty reasons.
20:30 hemebond Edgan: I have an aversion to baking things into images.
20:31 hemebond It will probably fail on me had an unfortunate time.
20:31 Edgan hemebond: In this case, it is the sane choice IMHO. I also use custom salt packages, not official ones.
20:31 hemebond Oh. Why custom packages?
20:31 Edgan hemebond: patches for my PRs and others PRs before the official release comes out
20:32 hemebond Ah right.
20:32 Edgan I do use cloud-init to feed the minion it's pre-generated salt key
20:34 Edgan hemebond: I currently have three patches. One for a cassandra auth caching bug, and two more related to grains and salt-ssh.
20:34 XenophonF Edgan: beyond the screencap you posted, do i need to do anything special to run something like salt-cloud under PyCharm?
20:35 seanz joined #salt
20:36 Edgan XenophonF: You might need to set the working directory, but other than that no. You have to set a breakpoint and you have to use Debug, not Run
20:36 seanz1 joined #salt
20:36 Edgan XenophonF: You also have to make sure you set a breakpoint actually in the code path salt-cloud takes. With salt-ssh I would sometimes set a breakpoint in things that are salt-call run on the remote machine, not salt-ssh locally.
20:37 * hemebond is shocked that it never occurred to him to use PyCharm to debug salt.
20:37 hemebond I've always just thrown some prints or gdb's
20:38 hemebond Also I've never managed to get PyCharm to work well.
20:38 Edgan hemebond: yeah, I have seen other people use it. I should have thought of it long ago.
20:38 XenophonF I'm going to start with a breakpoint at apply_vm_profiles_config
20:39 XenophonF that's throwing the KeyError on line 2450
20:39 XenophonF (salt-2016.11.3-1.el7.noarch)
20:39 seanz2 joined #salt
20:39 Edgan hemebond: Though I have a good friend who is a heavy Python developer, and he doesn't use it. I think the big thing is are you writing your own code, then something like Atom is generally good enough. But if you are debugging third party code that you have little understanding of, Pycharm is a godsend.
20:40 hemebond Edgan: Yeah I've always gone back to Sublime Text after trying to get PyCharm to behave itself.
20:40 Edgan hemebond: seems to work fine for me, and I don't care for it as a general editor
20:40 hemebond Closing windows I didn't close. Generally slow and cumbersome.
20:41 hemebond It seemed good. Lots of mentions all over the Python-sphere.
20:41 hemebond I just haven't managed to figure out how to use it properly I guess.
20:41 hemebond Probably nicer for debugging than Eclipse at least :-)
20:42 Edgan hemebond: I figured out the main breakpoint/debug method by googling the documentation and playing with it. I don't do anything fancy like step ahead, multi-break points, etc.
20:42 hemebond So literally just using it as a debugger?
20:43 XenophonF this is awfully slow
20:43 whytewolf imho shooting ones self in the foot with a rusty bullet in a black powerder gun is better then doing anythingin Eclipse
20:43 XenophonF can't i just run salt-cloud under pdb or something from the command line
20:43 XenophonF X over SSH from the mid-west US to Ireland is not fast
20:44 hemebond whytewolf: It definitely made the job more unpleasant than it already was.
20:52 rylnd had anyone of you ever have the issue of extracting a zipfile with archive.extracted and it gave you an error about path having an incorrect type, even thought the zipfile doesnt have a file/dir with an incorrect type?
20:53 Edgan hemebond: when debugging, I also use it as an editor
20:54 Edgan XenophonF: The gui showing you all variables is full of awesome. It is like web developer tools in Chrome.
20:55 Edgan XenophonF: It will also show you the stack when you stopped and then you can click into the code base
20:56 vexati0n i give up on Azure, it's the most useless, needlessly complicated thing ever. if i needed this in my life i'd start writing FORTRAN.
20:56 XenophonF it is so slow, though
20:56 Edgan XenophonF: that is debugging, ever tried strace?
20:57 XenophonF oh sure lots of times
20:57 seanz joined #salt
20:59 seanz1 joined #salt
20:59 nkuttler joined #salt
20:59 mvensky joined #salt
21:00 XenophonF in the salt-cloud profile, when i reference a provider, do i have to include the driver now?
21:00 marcinkuzminski joined #salt
21:00 XenophonF like `provider: xenophonf:ec2`?
21:00 vexati0n it's usually "driver" instead of "provider"
21:01 vexati0n usually=basically always.
21:01 vexati0n i can't think of a case where 'provider' is used like that at all. it was ambiguous because 'provider' is how you reference a configured cloud provider from a map or a profile
21:01 vexati0n not how  you reference a cloud driver
21:02 pipps joined #salt
21:02 XenophonF oh i think i understand my mistake
21:03 vexati0n also i've found the cloud providers documentation doesn't quite get the format correct.
21:03 XenophonF i'm extending an existing profile, but the original profile does not set the provider
21:03 XenophonF that's why it's throwing a KeyError
21:03 vexati0n probably yes
21:04 XenophonF that's definitely it, line 2450 of salt/config/__init__.py, in apply_vm_profiles_config()
21:06 jas02 joined #salt
21:08 pipps joined #salt
21:08 mvensky joined #salt
21:08 leonkatz joined #salt
21:10 abednarik joined #salt
21:10 XenophonF again, thanks all for the debugging help
21:12 jhauser joined #salt
21:19 mvensky joined #salt
21:24 ekkelett joined #salt
21:26 lorengordon joined #salt
21:26 Sarphram joined #salt
21:26 gmoro_ joined #salt
21:31 pipps joined #salt
21:32 codehotter joined #salt
21:33 codehotter I know I've asked this before but I keep forgetting how to do it
21:33 codehotter highstate or state.apply applies everything then gives a summary at the end, but some tasks are quite long
21:33 codehotter can I get a summary 1 by 1 as each task finishes?
21:34 whytewolf no, each minion only returns to the master once it compleates.
21:34 codehotter oh, that's boring!
21:34 codehotter can I fix that? maybe have each task completing generate an event that I listen for and output on the master?
21:35 whytewolf well yeah you could put a fire_event in every state and watch the even bus
21:35 whytewolf event bus even
21:35 codehotter good stuff. Then why don't we make that the default? O:)
21:35 hemebond "fix" it? That's not a bug.
21:35 whytewolf agreed it isn't a bug to be "fixed"
21:36 codehotter Didn't mean to imply it's a bug
21:36 hemebond If you wanted a running commentary you could use a bash loop that SSH's onto the boxes, in parallel and uses salt-call. Then you'll get all the output from all the boxes at the same time :-)
21:36 whytewolf also the method I'm talking about is compleatly outside of the return method of salt.
21:37 hemebond That's what I used to do with Puppet and why I prefer Salt :-)
21:37 codehotter hemebond: *horrified* that sounds really slow
21:37 hemebond codehotter: It runs in parallel.
21:37 hemebond So it does all the boxes at once.
21:38 hemebond And then they all start spewing their output back to me. Interspersed together.
21:38 hemebond It doesn't work well.
21:38 whytewolf orchestration becomes a pain when everything is in parallel :P
21:38 hemebond That's likely why Salt returns everything at the end.
21:38 codehotter well yea but I run two different loops, one is the development loop on a single machine, one is the deployment loop. During development, I really want to see things happen as they happen because I get feedback much faster and every second counts (makes it easier to focus)
21:38 codehotter but when I'm deploying to production to multiple machines what I've already tested I really just want only a summary
21:38 hemebond codehotter: Then just use salt-call
21:39 hemebond On the local box.
21:39 codehotter oh, OK, salt-call gives output 1 by 1?
21:39 hemebond That return-as-you-go doesn't work beyond a single machine.
21:39 codehotter right, I only need it for a single machine
21:39 hemebond Uh, if you run it with logging maybe.
21:39 whytewolf yes salt-call returns local so doesn't need to wait till the end
21:39 hemebond I only use salt-call when I want to debug something.
21:40 whytewolf iirc
21:40 codehotter well I'm using salt-call right now and it gives a summary at the end just like salt, but maybe I'm using it wrong
21:40 codehotter I'm using salt-call state.apply
21:40 hemebond use -l debug
21:40 whytewolf add -l debug. if your doing testing more info is better anyway
21:40 codehotter it's really not, I just want the normal output faster, but OK, I can filter that out
21:40 rpb joined #salt
21:41 hemebond Why do you need to see it as it goes?
21:41 codehotter so I can stay focused instead of going on reddit and slowing my productivity
21:41 hemebond LOL
21:41 whytewolf lol
21:41 hemebond But... that's why I use Salt ;-D
21:42 hemebond "Why am I not at my desk? Compiling... er, highstating"
21:42 whytewolf me too. I use salt so i can spend my time in here
21:43 whytewolf oh i just saying, oh not at my desk? oh yeah deploying.
21:43 whytewolf good donuts
21:43 whytewolf :P
21:54 raspado joined #salt
21:54 raspado is there a way to only target minions that are alive
21:54 raspado when i run comments, it goes through minions turned off and slows down cmd executions
21:54 raspado comments=commands
21:57 Kelsar raspado: you realize it is not the master sending out jobs to minions, but minions pull jobs from the master? commands are not slower executed.
21:58 hemebond Kelsar: Well the command line will wait for applicable minions to respond.
21:58 Kelsar hemebond: yeah, there is an option for that ;)
21:58 hemebond Kelsar: async?
21:58 hemebond timeout?
21:58 Kelsar timeout
21:58 Kelsar job will still keep running
21:58 hemebond Yeah, but then you have to know how long the highstate might take.
21:59 hemebond Unless you want to go into the jobs cache to check results.
21:59 hemebond In which case you might as well use async.
22:00 Kelsar hemebond: sure
22:05 raspado could i somehow use test.ping = True
22:05 hemebond I suppose you could use a separate process or something that shows job results as they come in and then use async every time. That'd be neat. Maybe a web interface.
22:05 raspado as part of a salt command?
22:05 hemebond raspado: I was just looking at a way to possibly use manage.up
22:06 Kelsar that is all the same
22:06 raspado ah
22:06 hemebond If you can wrangle that output AND filter it according to what you want, you could do it.
22:06 hemebond Kelsar: Well the idea is for the CLI to return immediately.
22:06 hemebond Unless I misunderstood raspado
22:06 Kelsar raspado: what is your goal? sound like a xy question
22:08 Kelsar i smell he wants to do something after a minion did his thing
22:08 hemebond If you run a task while another is in progress does it queue the new task?
22:09 hemebond e.g., when running a highstate while a highstate is in progress it tells you. But will it run the second highstate when it finishes the first?
22:09 raspado I need to restart a service in two regions, somehing like "salt -C 'G@role:postgres and G@hostname:*us*' cmd.run "systemctl restart postgresql"
22:09 raspado but when i do that, theres several hundred dead or down minions
22:09 hemebond service.restart postgresql
22:10 hemebond Just use timeout then. Like 5 seconds or something.
22:10 Kelsar raspado: sound like a job for events and reactor
22:10 hemebond Assuming your alive minions return that quickly.
22:10 raspado mmm kk
22:10 raspado thx Kelsar hemebond!
22:10 Sarphram joined #salt
22:12 raspado maybe im doing this wrong...
22:13 raspado is there a way to target the hostname that includes "us", im doing salt -C 'G@role:postgres and G@hostname:*us*'
22:13 raspado but im pretty sure some of these mentions do not have the role postgres
22:13 raspado im trying to get all hosts with role postgres with us in the grains hostname
22:14 hemebond Do wildcards work with the regular grains targeting?
22:14 hemebond You don't have to use the Grains PCRE?
22:15 Kelsar raspado: did you try salt -G 'role:postgres and hostname:*us*' ?
22:17 toastedpenguin joined #salt
22:19 pipps joined #salt
22:20 abednarik joined #salt
22:21 toastedpenguin joined #salt
22:25 st8less joined #salt
22:28 raspado Kelsar: yeah, i get no minions matches the target
22:28 newbiefromla joined #salt
22:29 raspado oh salt -G
22:29 raspado let me try
22:29 dendazen joined #salt
22:29 raspado nah didnt work
22:30 raspado thought -C does compound matching ?
22:30 hemebond it does
22:30 newbiefromla If I want to change the security group of my minions on AWS - what is the best way to do this?
22:30 Kelsar raspado: does only the hostname part match?
22:30 Tanta joined #salt
22:30 hemebond raspado: Tried Grains PCRE
22:30 Kelsar raspado: what i mean is, do the single parts match anthing
22:30 raspado yeah they do
22:31 Kelsar on the same hosts? ^^ if yes, the and seems not to work correctly
22:38 st8less joined #salt
22:38 lgogolin joined #salt
22:53 Heartsbane joined #salt
22:53 Heartsbane joined #salt
22:56 nikdatrix joined #salt
23:02 pipps99 joined #salt
23:02 pipps_ joined #salt
23:05 newbiefromla joined #salt
23:10 newbiefromla If I want to change the security group of my minions on AWS - what is the best way to do this?
23:11 swa_work joined #salt
23:11 hemebond Probably one of the boto modules.
23:11 hemebond https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.boto_secgroup.html
23:14 raspado oh so no matter what target you pass
23:15 raspado it will always show the downed hosts just because it cant determine what the grains are for them?
23:15 hemebond It will know what the grains are.
23:15 hemebond The master caches grains.
23:15 raspado ahhh where this cache for each minion so i can see if the grain im targeting is in the cache
23:16 hemebond /var/cache/salt/ I think.
23:16 SaucyElf_ joined #salt
23:16 raspado kk thx
23:18 hemebond I suspect you might have misunderstood something.
23:18 hemebond Or maybe I don't understand the master>minion system.
23:19 newbiefromla oh i think it might be salt.modules.boto_ec2.set_attribute
23:19 dendazen joined #salt
23:20 hemebond newbiefromla: I would find that odd.
23:20 hemebond I would have expected the security group itself to have the VM list.
23:21 hemebond Nope, looks like I was wrong.
23:22 newbiefromla yeah secgroup is for managing sec groups but what i really need is modify ec2 instance
23:22 hemebond Oh I see.
23:24 newbiefromla Hey I am trying to share my master set up with my team on a git repo - I am not sure how I should go about it because I am afraid I might commit something that might have security implications.
23:25 newbiefromla Should I git init /srv/ and /etc/salt/ ?
23:25 hemebond What are you trying to share?
23:25 newbiefromla are there directories to exclude? master config and cloud profiles
23:26 newbiefromla i am trying to share master config and cloud profiles and provider profiles
23:26 newbiefromla but without any secrets or keys
23:27 hemebond Why do they need to provider profiles?
23:27 hemebond er, configs.
23:27 swa_work joined #salt
23:27 Tox7 joined #salt
23:28 Tox7 left #salt
23:30 stanchan joined #salt
23:33 newbiefromla So are you saying we should just set up a master and everyone just share it?
23:33 hemebond I dunno. I'm not really sure what your goal is by sharing.
23:33 hemebond Especially sharing without credentials.
23:35 newbiefromla if i happen to get hit by a bus, someone else can recreate master and do all the things I am doing now. That's the goal I guess.
23:36 whytewolf the master should be a controll server that exists. it shouldn't be your personal laptop
23:37 hemebond You could just keep the config in a secure repo, no?
23:37 hemebond Accessible only to those who should have that info.
23:42 newbiefromla joined #salt
23:43 newbiefromla got it about control server
23:43 hasues joined #salt
23:43 newbiefromla is there a reason for multiple master servers to exist?
23:43 hasues Can you use grains in the top.sls for pillar?
23:43 hemebond hasues: Yes
23:43 hasues hemebond: thank you.
23:44 hemebond newbiefromla: Load balancing or distribution.
23:44 hemebond High availability.
23:44 whytewolf hasues: yes, but it can be fround on if you are using any kind of pillar meant for security
23:45 hasues whytewolf: I'm not savvy to know that as I'm still trying to learn it.  I was using pillar to associate hardware profile values so I could use those values in regular salt states.
23:46 hasues whytewolf: So pillar should not be used with security practices?
23:46 whytewolf no pillar is meant for security
23:46 hasues Oh okay.
23:46 whytewolf but grains to target pillars is not
23:46 whytewolf because grains can be changed from a master
23:46 whytewolf errr minion
23:46 hemebond "no, pillar _is_ meant for security"
23:48 whytewolf basicly if you have an RSA key stored in pillar that is only supposed to go to a select few minions. and you have someone that has access to minions that you don't trust. if you used grains to target that pillar. the user could in fact change the grains on the minions he has access to to gain access to that rsa key
23:48 Tanta unless you go masterless
23:48 Tanta then the grain are fort knox
23:48 Tanta in /etc/salt/grains I mean
23:48 hasues I'm currently using masterless.
23:48 Tanta yeah if nothing can access the machine as root but you, you can store the grains locally and have them be as secure as any other file owned by root
23:48 whytewolf eh, they you don't have any systems tied together so grains and pillars really have almost no difference
23:49 hasues Still not sure how that would improve things if the minion has access to the complete salt formula and such from git.
23:49 hasues Tanta: Oh I see.
23:50 hasues Well, I was using the culmination of specific grains in pillar to set certain variables that I wanted to use later in salt states with templates to build config files.
23:52 hasues Is it normal for pillar.items not to work masterless?
23:52 whytewolf pillar.items should work fine in masterless
23:52 hasues I guess I need to read on it more.  "insufficient arguments"
23:53 whytewolf that sounds like you have not told the minion about where to get it's pillar data
23:53 hasues I would not be surprised.
23:55 hasues Should it be a subdirectory under the file_roots?
23:56 hasues Or is that a bad idea?
23:56 whytewolf https://docs.saltstack.com/en/latest/ref/configuration/minion.html#pillar-roots
23:57 whytewolf in masterless it would be fine. but generally in a master config you don't put it in the same place as states
23:57 hasues whytewolf: thanks.  I want to learn the best approach, so I'll make changes.

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary