Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2017-04-07

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:01 alexlist joined #salt
00:09 DEger joined #salt
00:12 tobiasBora Hum...
00:12 tobiasBora I've some problems with gitfs
00:12 tobiasBora Here is my configuration:
00:12 tobiasBora http://paste.debian.net/926368
00:13 tobiasBora Well all my configuration is here: http://paste.debian.net/926368
00:14 tobiasBora And the folder /srv/formulas/salt-formula is never updated with the git stuff
00:14 whytewolf it wouldn't be
00:14 whytewolf that isn't what gitfs_root is for
00:14 whytewolf gitfs stores it's files in a headless git repo in the cache
00:16 whytewolf gitfs_root Relative path to a subdirectory within the repository from which Salt should begin to serve files.
00:16 tobiasBora whytewolf: Then what am I supposed to do to get rid of the erro http://paste.debian.net/926368
00:16 hemebond tobiasBora: You're just posting the same link over and over again.
00:16 tobiasBora oh sorry
00:17 tobiasBora It's because I'm copying from an emacs though ssh...
00:17 tobiasBora So here is my error No matching sls found for 'postgres' in env 'base'
00:17 tobiasBora From a minion
00:18 tobiasBora And here is the good link of my whole server config: http://paste.debian.net/926370
00:19 hemebond that file_roots looks wrong
00:19 tobiasBora I tried to put "gitfs_root: salt", no I've Minion did no return
00:20 * hemebond goes to have a read up on this GitFS that seems to cause so many problems for new users
00:20 hemebond fileserver_backend is fine.
00:21 tobiasBora The file_roots is indeed strange, I did a mess up between automatic gitfs and manual download https://docs.saltstack.com/en/latest/topics/development/conventions/formulas.html
00:21 hemebond Get rid of your gitfs_root
00:21 tobiasBora hemebond: Same error
00:21 hemebond Change file_roots to just the first entry
00:21 hemebond You've installed pygit2 on the master?
00:22 whytewolf https://gist.github.com/whytewolf/7ba157b64e26d4170f1e6bffd5a34301
00:22 hemebond ^ whytewolf to the rescue
00:22 whytewolf also yes make sure pygit2 and libgit2 are installed [with compatible versions]
00:22 tobiasBora Oh I forgot to restart the master
00:23 tobiasBora Now it does not complain about postgresql, but:
00:23 tobiasBora https://docs.saltstack.com/en/latest/topics/development/conventions/formulas.html
00:23 tobiasBora grrr
00:23 tobiasBora No matching sls found for 'redhat' in env 'base'
00:23 tobiasBora Is "redhat" supposed to be a depends of No matching sls found for 'redhat' in env 'base'
00:23 tobiasBora grrr
00:23 tobiasBora Is "readhat" supposed to be a depends of "github.com/saltstack-formulas/postgres-formula " ?
00:24 * tobiasBora appologize for all the bad copy paste
00:24 hemebond I doubt it. Pretty sure I'm using that formula.
00:24 whytewolf ohhh, WHY are you using https://github.com/SS-archive/salt-states
00:25 whytewolf it is for demo not for use
00:26 whytewolf basicly it is not made for consumption as is. you are supposed to clone it. then change it to fit your enviroment
00:26 whytewolf it has a top file that is calling redhat
00:27 tobiasBora whytewolf: Ok I removed salt-states
00:27 tobiasBora Hum that's why...
00:27 tobiasBora Let's try it now
00:27 whytewolf don't forget to restart ;)
00:27 tobiasBora Hum... Maybe it will work...
00:28 tobiasBora Is it possible to increase the time before an error "Minion did not return" appears?
00:28 tobiasBora YEAAAAA
00:29 tobiasBora WEEEE ARE THE CHAAMMMPION YOUUUUUUU ARE THE CHAMPIONS !!!
00:29 tobiasBora Thank you :D
00:29 whytewolf hehe always happy to help :)
00:30 tobiasBora That's great, because I've another question :P
00:30 tobiasBora Why can I include states, but not pillar?
00:30 tobiasBora I have replaced my file by:
00:31 avalarion joined #salt
00:31 whytewolf because states is a more inclusive system that actually has programing but pillar is more a keystore style setup
00:31 tobiasBora So I cannot do inclusion at all?
00:32 whytewolf you can do jinja based includes. basicly import yaml from another pillar then code it to work with your current pillar.
00:32 rem5 joined #salt
00:33 toastedpenguin1 joined #salt
00:33 toastedpenguin1 left #salt
00:33 tobiasBora Somethink like {% import 'myfile' %} ?
00:34 hlub joined #salt
00:35 austin_ joined #salt
00:35 austin_ has anyone worked on an engine that queries a database? mysql or whatever
00:35 whytewolf kind of. that will import jinja in myfile into the jinja in your current file
00:35 whytewolf https://docs.saltstack.com/en/latest/ref/renderers/all/salt.renderers.jinja.html
00:36 whytewolf austin_: nope. i have not
00:36 austin_ just curious if anyone has started to look into that yet
00:36 hemebond austin_: No, but what would it do?
00:37 austin_ highly nuanced for my needs
00:37 whytewolf yeah not sure what an engine would do with a database
00:37 whytewolf sdb i can see. and/or pillar
00:37 austin_ but in a way, a more robust scheduler
00:37 hemebond ?
00:37 whytewolf robust?? like cron?
00:39 austin_ the goal is to handle thousands of schedules
00:39 austin_ they need to run from master
00:39 hemebond So.... an external pillar?
00:39 hemebond The actual command needs to run from the master?
00:39 austin_ orch run
00:40 austin_ just thinking through some ideas now
00:40 whytewolf this sounds ... insane.
00:40 hemebond I don't understand what you actually need to do.
00:40 tobiasBora whytewolf: Ok thank you
00:40 whytewolf thousands of commands that run at different timings all from the master?
00:40 austin_ so, i have a need where i have to schedule to run an orchestration state on a group of machines during certain times say M-F 9PM
00:41 hemebond So, cron?
00:42 whytewolf honestly cron does sound like the easier solution.
00:42 whytewolf unless you have a need to work with the event bus
00:42 austin_ hmmm...
00:43 hemebond And engine is basically a long-lived poller.
00:43 austin_ right
00:43 austin_ i've poked aroudn the scheduler
00:43 austin_ but restarting the master service for updates isn't ideal
00:44 hemebond Install a minion on the master and just use pillar to schedule?
00:44 hemebond Or use the minion to directly manage cron jobs.
00:45 whytewolf yeah. minion base scheduler is a lot easyer to manage. but so is cron. scheduler in the master is a pain.
00:46 austin_ the minion scheduler has to kick off an orch run
00:47 whytewolf it can
00:47 whytewolf saltutil.runner https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.saltutil.html#salt.modules.saltutil.runner
00:48 austin_ ah. ok so because its on the master
00:48 austin_ we can leverage that
00:49 whytewolf exactly
00:49 austin_ what might get interesting is that i'd have to kick off the say 10 runners Monday at 10PM
00:50 whytewolf that really could get interesting ... hope you have a decent master
00:50 armyriad joined #salt
00:51 austin_ yup. and HA brings in another issue
00:55 tobiasBora One more question,
00:55 tobiasBora I'd like to install a program that needs to use an install script: https://www.virtualmin.com/download.html
00:56 tobiasBora What is the good way to proceed to avoid that the program get's reinstall everytime?
00:56 tobiasBora Should I upload the file somewhere?
00:58 tobiasBora I though I could use
00:58 whytewolf ewww. hate programs like that. would need a cmd.run to run it. if it has an unless, onlyif or creates in the cmd.run state it will only run the command if unless command is false, onlyif command is true or file that it creates doesn't exist
00:58 tobiasBora file.manager;
00:58 tobiasBora http://software.virtualmin.com/gpl/scripts/install.sh
00:58 whytewolf that would put the file on the system, but won't run it
00:58 tobiasBora yes
00:59 whytewolf https://docs.saltstack.com/en/latest/ref/states/requisites.html#altering-states
01:01 whytewolf if that script actually asks for info and doesn't have an easy way of bypassing that. you might need to use expect
01:01 tobiasBora What do you mean by "you might need to use expect"?
01:02 whytewolf https://linux.die.net/man/1/expect
01:03 whytewolf salt doesn't do interactive
01:05 tobiasBora Let us suppose that the script do not do interactive stuff
01:09 whytewolf then you would have something maybe like this https://gist.github.com/whytewolf/d39257147ec4e57042d56571dfeb5375
01:10 whytewolf not that exactly as I'm not sure what the script needs. but something lke that
01:11 whytewolf if the file listed in creates isn't there. it will run the script
01:12 XenophonF tobiasBora: I sometimes set a flag on the file system.
01:14 tobiasBora Hum...
01:14 XenophonF something like `{state_id: {cmd.run: [{name: 'installer && touch /.file'}, {creates: '/.file'}]}}'
01:14 tobiasBora Interesting, I will try it, thank you!
01:14 XenophonF other times I use an onchanges requisite
01:15 XenophonF and still other times i re-run the installer every time because that's actually how it works, which is insane but there you go
01:15 XenophonF (shibboleth idp, i'm looking at you, bub)
01:15 XenophonF actually, that has an installer.sh and a build.sh, and i only trigger the cmd.run state that runs installer based on a watch requisite
01:16 tobiasBora whytewolf: "crestes" is supposed to create the file also or not?
01:16 XenophonF anyway you can look for a file created by the installer as your flag, or you can set one yourself
01:16 XenophonF it's a kludge but that's why cmd.run and friends have a "creates" argument
01:17 tobiasBora ok thank you!
01:17 XenophonF oh wait no i used an onchanges state
01:17 XenophonF good job, past me!
01:17 XenophonF https://github.com/irtnog/shibboleth-formula/blob/master/shibboleth/idp/init.sls#L29
01:20 tobiasBora XenophonF: What is archive?
01:21 tobiasBora By the way I can't find how to display the minion output...
01:21 XenophonF https://docs.saltstack.com/en/latest/ref/states/all/salt.states.archive.html
01:21 XenophonF what do you mean, display the minion output?
01:22 XenophonF cmd.run will return the script output iirc
01:22 tobiasBora XenophonF: I mean, when I run : "https://docs.saltstack.com/en/latest/ref/states/all/salt.states.archive.html
01:22 tobiasBora grr
01:23 tobiasBora When I run sudo salt '*' state.apply
01:23 tobiasBora is it possible to display what the script outputs for example when a script outputs something
01:23 tobiasBora because else it's pretty hard to know what happened...
01:23 XenophonF oh to see the command output you have to either change the cmd state's output_loglevel or pass --log-level=debug to the salt command
01:23 XenophonF i recommend the latter
01:23 XenophonF since you don't need the command's output all the time
01:24 tobiasBora ok great thank you!
01:24 XenophonF there's also the use_vt argument to the cmd states
01:24 XenophonF https://docs.saltstack.com/en/latest/ref/states/all/salt.states.cmd.html#salt.states.cmd.run
01:24 XenophonF i've never used that so YMMV
01:24 XenophonF no warranties expressed or implied
01:32 tobiasBora Ok thank you!
01:34 tobiasBora By the way, I can't say "I need that the state "hostname" is executed befre"
01:34 tobiasBora I tried:
01:34 tobiasBora - require:
01:34 tobiasBora - hostname
01:35 tobiasBora but it does not work
01:42 k_sze[work] joined #salt
01:46 tobiasBora I also tried:
01:46 tobiasBora - sls: hostname
01:46 tobiasBora (with the include: -hostname)
01:48 ilbot3 joined #salt
01:48 Topic for #salt is now Welcome to #salt! <+> Latest Versions: 2016.3.6, 2016.11.3 <+> Support: https://www.saltstack.com/support/ <+> Logs: http://irclog.perlgeek.de/salt/ <+> Paste: https://gist.github.com/ (please don't multiline paste into channel) <+> See also: #salt-devel, #salt-offtopic <+> Ask with patience as we are volunteers and may not have immediate answers
01:49 catpiggest joined #salt
01:49 Praematura joined #salt
01:56 nikdatrix joined #salt
02:08 CeBe joined #salt
02:11 tercenya joined #salt
02:31 onlyanegg joined #salt
02:31 evle joined #salt
02:31 XenophonF tobiasBora: re-read https://docs.saltstack.com/en/latest/ref/states/requisites.html
02:31 XenophonF also i recommend against sls requisites
02:32 XenophonF except in very special cases, you should probably only reference states in the same .sls file
02:40 hemebond XenophonF: Same formula?
02:46 onlyanegg joined #salt
02:47 Klaus_D1eter_ joined #salt
02:48 XenophonF no, same SLS files
02:48 hemebond Oh.
02:49 XenophonF referencing a state found in another SLS file will cause confusion
02:49 justan0theruser joined #salt
02:49 XenophonF i only do it in very rare cases
02:53 prg3 joined #salt
03:00 Klaus_Dieter joined #salt
03:01 prg3 joined #salt
03:06 Klaus_Dieter joined #salt
03:15 prg3 joined #salt
03:21 onlyanegg joined #salt
03:23 prg3 joined #salt
03:41 onlyanegg joined #salt
03:42 om2_ joined #salt
03:44 sh123124213 joined #salt
03:44 ckonstanski joined #salt
03:45 preludedrew joined #salt
03:46 onlyanegg joined #salt
03:47 ckonstanski joined #salt
03:51 Praematura joined #salt
03:56 prg3 joined #salt
04:05 ninjada joined #salt
04:06 ckonstanski joined #salt
04:07 ninjada heyas, how can i wildcard match with grains? eg. {% if grains['id'] == staging-web-01 %} i wanna just match *web*
04:07 hemebond grains_pcre
04:07 hemebond https://docs.saltstack.com/en/latest/topics/targeting/compound.html
04:09 ninjada within a state?
04:10 hemebond https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.match.html
04:10 hemebond Specifically https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.match.html#salt.modules.match.grain_pcre
04:11 hemebond Or if your hosts all have hyphens separating the parts you could just use string comparisons within Jinja.
04:12 ckonstanski How about the textbook python approach: {% if web in grains['id'] %}
04:13 hemebond That would also work.
04:14 ninjada sweet, thanks guys
04:16 rem5 joined #salt
04:28 NickWoo joined #salt
04:31 NickWoo I'm using salt-cloud -f list_nodes_full to get the detail of my vmware, but there's no custom attribute.  And I want to display the custom attribute for each vm, how can I get that?  Thanks.
04:42 golodhrim|work|3 joined #salt
04:55 LeProvokateur joined #salt
05:10 ninjada joined #salt
05:15 Bock joined #salt
05:16 netcho joined #salt
05:23 pipps joined #salt
05:23 ninjada joined #salt
05:27 rdas joined #salt
05:35 felskrone joined #salt
05:38 ReV013 joined #salt
05:42 Pulp joined #salt
05:51 Ricardo1000 joined #salt
05:57 nikdatrix joined #salt
05:59 candyman88 joined #salt
06:01 DarkKnightCZ joined #salt
06:02 Inveracity joined #salt
06:04 ninjada joined #salt
06:13 ulrich joined #salt
06:15 jdipierro joined #salt
06:20 Praematura joined #salt
06:22 evle joined #salt
06:36 Miouge joined #salt
06:37 jas02 joined #salt
06:39 do3meli joined #salt
06:39 jas02 joined #salt
06:40 yuhl______ joined #salt
06:40 do3meli left #salt
06:43 LeProvokateur joined #salt
06:56 o1e9 joined #salt
07:01 Trauma joined #salt
07:05 ronnix joined #salt
07:07 aldevar joined #salt
07:08 ninjada joined #salt
07:09 dyasny joined #salt
07:18 cachedout joined #salt
07:18 JohnnyRun joined #salt
07:18 calvinh joined #salt
07:29 dariusjs joined #salt
07:30 masber joined #salt
07:33 dariusjs joined #salt
07:37 ninjada joined #salt
07:54 pbandark joined #salt
07:58 nikdatrix joined #salt
07:59 Guest34436 joined #salt
08:06 ronnix joined #salt
08:07 ninjada joined #salt
08:10 ivanjaros joined #salt
08:13 nikdatrix joined #salt
08:18 mavhq_ joined #salt
08:27 s_kunk joined #salt
08:27 s_kunk joined #salt
08:43 nikdatrix joined #salt
08:56 ninjada joined #salt
08:58 Ricardo1000 joined #salt
09:18 Rumbles joined #salt
09:20 pbandark1 joined #salt
09:56 mikecmpbll joined #salt
10:03 tobiasBora XenophonF: So how would you do for example this scheme
10:03 tobiasBora 1) I have a sls file that setup the hostname
10:04 tobiasBora 2) Several others sls files need to have the hostname configured
10:05 tobiasBora 3) I do not want to duplicate code by copy/pasting in all the others sls files that would need it, because it's ugly, and redunctancy leads to errors
10:17 jdipierro joined #salt
10:19 Trauma joined #salt
10:29 dariusjs joined #salt
10:30 jas02_ joined #salt
10:41 dendazen joined #salt
10:44 jas02 joined #salt
10:47 IRCFrEAK joined #salt
10:47 IRCFrEAK left #salt
10:56 ninjada joined #salt
11:07 netcho tobiasBora:  you can include that state in another state
11:08 netcho https://docs.saltstack.com/en/latest/ref/states/include.html
11:09 tobiasBora netcho: XenophonF told me yesterday that I shouldn't do that
11:11 netcho did he say why?
11:11 bvcelari joined #salt
11:12 bvcelari hello guys
11:12 bvcelari I have small doubts about salt-cloud  and how to apply salt states
11:13 bvcelari I am looking for a way to apply salt states based on salt-cloud tags
11:14 bvcelari This could give me flexibility to provision the configuration based on tags not on minion_ids
11:14 bvcelari does anyone done something similar? any clue about how to accomplish this?
11:14 netcho not sure if you can target minion by aws tags
11:15 candyman88 joined #salt
11:15 hemebond You have to use custom grains to get the ec2 info to come through, then you can target them.
11:15 Praematura joined #salt
11:15 netcho place tags into ustom grains and target by them
11:16 hemebond https://github.com/saltstack/salt-contrib/tree/master/grains
11:16 hemebond There are a few in there.
11:17 hemebond I seem to have ec2_info and ec2_tags deployed.
11:17 bvcelari Nice!
11:17 bvcelari I can add grains to my minions based on tags,
11:17 hemebond uh
11:17 viccuad joined #salt
11:17 hemebond If you want to. Or you could just read the tags via the grains.
11:19 viccuad Hi all. Is it possible to set up grains by using pillars while on masterless? I'm using the id grain to set up a role grain, but I can't get it to stick
11:20 bvcelari @emebond No.. has to be the other way around, I am not using salt to create the instances.
11:20 viccuad my top.sls, https://github.com/viccuad/salt-configs/blob/master/pillar/top.sls , and my pillar/id sls: https://github.com/viccuad/salt-configs/blob/master/pillar/id/server.sls
11:20 viccuad thanks in advance
11:20 hemebond bvcelari: But why add grains based on the tags when the tags will already be grains?
11:22 bvcelari_ joined #salt
11:22 bvcelari_ lost connection :/ ... Maybe I missunderstood the tags
11:22 hemebond (2017-04-07 23:20:52) hemebond: bvcelari: But why add grains based on the tags when the tags will already be grains?
11:23 bvcelari_ I have the ec2 instances already runnning, I saltify them with salt-cloud.. but there are no grains at all.
11:23 hemebond There should be _some_ grains.
11:24 bvcelari_ not really.. or nothing I can identify:
11:24 bvcelari_ grains_cache: false grains_cache_expiration: 300 grains_dirs: [] grains_refresh_every: 0
11:25 bvcelari joined #salt
11:25 toanju joined #salt
11:26 hemebond bvcelari: So when you do `salt mysaltyminion grains.items` you get almost nothing?
11:26 netcho i kinda doubt that
11:26 hemebond Even if you do `salt mysaltyminion saltutil.sync_grains` ?
11:28 bvcelari let me check..
11:29 netcho hemebond:  is there a way to import ENV var in state?
11:29 bvcelari of course... there are many grains
11:30 netcho for example orchestartor runs 2 states, i want to import something in those states $app_name for example
11:30 hemebond netcho: Import an existing state? Hmm, I don't think so. salt-minion, I think, wipes the environment variables.
11:30 hemebond netcho: But some states allow you to provide your own environment variables.
11:31 hemebond bvcelari: There you go :-)
11:31 netcho i know i can import with passing pillar from cmd
11:31 netcho but it cannot use ENV
11:32 hemebond Remind me what ENV is.
11:32 netcho s o ineed to generate orch file every time
11:32 bvcelari hemebond: yep, but in the grain.item is missing the "set_tags" that I provided by salt-cloud
11:32 amcorreia joined #salt
11:32 netcho env var
11:32 hemebond bvcelari: That's what the ec2_* files in https://github.com/saltstack/salt-contrib/tree/master/grains are for. They will expose the EC2 instance data, like tags, as grains.
11:33 bvcelari hemebond: understood, and then, I should be able to apply based on roles in top.sls. I will give it a try. Thank you very much for your support
11:34 hemebond Good luck ????
11:36 netcho hemebond:  example ... app_name="my_app" ... now i want to use it in state as a parameter ... {{ app_name }}: file.managed
11:37 netcho so it creates file named app_name value
11:37 netcho my_app
11:37 hemebond How are you trying/wanting to specify "app_name"?
11:37 netcho as environmental variavle
11:37 netcho exaple parameterized jenkins job
11:38 hemebond Ah I see.
11:39 hemebond netcho: Not possible as far as I know, but I've never tried, so....
11:39 netcho so i choose app name from lets say drop down list and jenskins runs 'salt myminion state.apply mystate
11:39 netcho via ssh or API
11:40 netcho i tried ti passi n pillar with $app_name value but it does not work
11:40 hemebond I was just about to suggest that.
11:40 hemebond What happened when you tried?
11:40 netcho it just passes the string
11:41 netcho #app_name
11:41 netcho $
11:41 netcho cannot import VAR as SJON payload
11:41 netcho JSON
11:41 netcho so idea is to try to generate state 'on the fly' maybe
11:41 netcho temp state
11:41 netcho and apply it
11:42 hemebond Can you show me the full string you tried to use when passing as a pillar?
11:42 hemebond Can you not customise the Jenkins command?
11:42 jas02 joined #salt
11:42 hemebond I mean, you could also just have Jenkins send an event to the master and use a reactor to kick of the orch
11:42 netcho for now jenkins runs a command on sal-master via ssh
11:43 hemebond Show me the line you used (for pillar)
11:44 netcho sec need to find it, i was doing it the other day
11:45 netcho darn i deleted the branch :/
11:46 sh123124213 joined #salt
11:46 netcho ican write something quickly
11:46 hemebond k
11:52 sh123124_ joined #salt
11:54 Reverend anyone know about git.latest?
11:54 Reverend im getting it moan about not having an origin remote
11:55 netcho_ joined #salt
11:57 netcho_ hemebond: hah i did it
11:57 netcho_ salt salt-master state.apply filetest pillar='{"file":{"name":"'$file'"}}' test=True
11:58 hemebond Does that work or not?
11:58 netcho_ yes it does
11:58 hemebond Cool, well done ☺
11:58 netcho_ i obviously missed single quotes last time
11:58 numkem joined #salt
12:04 netcho oh my, this is gonna make it soooo easy for me :D
12:06 jas02 joined #salt
12:09 sh123124213 joined #salt
12:12 ronnix joined #salt
12:15 oyvindmo joined #salt
12:16 raspado joined #salt
12:16 jas02 joined #salt
12:22 jas02 joined #salt
12:22 viccuad_ joined #salt
12:31 netcho hemebond: is it gonna mess up other pillar data if state takes more stuff from pillar? i might just test it
12:32 hemebond It all gets merged together, yes.
12:32 hemebond The pillar passed on the CLI will override any others.
12:32 netcho so it iwill put that vallue in all places
12:33 netcho i might then have states with only one or the same value
12:33 netcho can multiple values be passed?
12:33 hemebond The pillar data you pass on the command like is a dict just like regular pillar data.
12:34 netcho gotcha, so i can pass more tha one
12:34 hemebond Correct.
12:34 hemebond Well...
12:34 hemebond You can pass one dict.
12:34 netcho do i need to sync refresh after that?
12:34 hemebond Refresh what?
12:35 netcho pillar
12:35 netcho or it;s used only once
12:35 hemebond The pillar you're passing on the command line isn't permanent. It's not stored.
12:35 netcho ok, thanks
12:36 netcho so if i run pillar.items on that machine i would get everything from pillar.top file (not on my pc atm)
12:36 netcho after running it from cli
12:36 hemebond Correct.
12:36 hemebond What?
12:36 netcho thanks
12:36 netcho i cannot try it atm
12:36 netcho LD
12:51 DarkKnightCZ joined #salt
12:54 tobiasBora Hello,
12:54 tobiasBora I'm trying to configure a service:
12:54 tobiasBora http://paste.debian.net/926427
12:55 tobiasBora However I always get errors if I try to put the service running with the pkg.installed
12:55 tobiasBora Rendering SLS 'base:proftpd.init_proftpd' failed: mapping values are not allowed here; line 3
12:56 netcho remove : from 3rd line
12:56 netcho should be service.running
12:57 netcho not service.running:
12:57 ninjada joined #salt
12:57 hemebond They're trying to merge two modules into the one state.
12:57 netcho no my bad
12:57 hemebond You have to use pkg.installed: []
12:58 netcho yes
12:58 netcho i would suggest separating okg from service
12:58 netcho pkg
12:58 tobiasBora hemebond: If I do so I've "Recursive requisite found
12:59 hemebond tobiasBora: That's because your service depends on the file and the file depends on the (state containing the) service
13:00 tobiasBora hemebond: Hum of course
13:00 hemebond Instead of just "- proftpd"
13:00 hemebond Be explicit
13:00 hemebond "- file: proftpd"
13:01 brousch__ joined #salt
13:02 cyborg-one joined #salt
13:05 teryx510 joined #salt
13:05 racooper joined #salt
13:07 ssplatt joined #salt
13:16 ninjada joined #salt
13:21 ssplatt joined #salt
13:22 dariusjs joined #salt
13:22 _JZ_ joined #salt
13:22 bakins joined #salt
13:24 XenophonF tobiasBora: I always follow this pattern when installing/configuring/starting services
13:24 XenophonF https://github.com/irtnog/openssh-formula/blob/master/sshd/init.sls#L34
13:24 XenophonF I suggest you do the same.
13:25 XenophonF let file.recurse work for you
13:26 XenophonF don't be afraid to recapitulate minion directory structure in your states tree
13:27 XenophonF I also recommend against mutating existing config files.
13:27 XenophonF maybe it's the Lisper in me, but it's better when operations are free of side effects
13:27 rem5 joined #salt
13:28 XenophonF file.prepend/replace/blockreplace make for great hacks, but it's better if Salt manages the entire config file
13:28 XenophonF that way your Salt states repo is the sole "source of truth" regarding the configuration of your minions
13:29 XenophonF you don't have to start with fully templated config files, either
13:31 XenophonF also, the reason why you have to tack `: []` to the end of line 2 of your paste is because the YAML parser will otherwise concatenate lines two and three into a single string, since they're both indented the same and line 2 lacks the `:` token
13:31 XenophonF but then it sees the `:` on line 3 and gets confused
13:33 sh123124213 joined #salt
13:35 gk_1wm_su joined #salt
13:38 Reverend i love it when documentation is wrong
13:38 Reverend makes me moist
13:40 speedlight joined #salt
13:41 Sketch https://docs.saltstack.com/en/latest/ref/states/all/salt.states.pip_state.html
13:41 * Sketch wonders if this documentation needs updating
13:41 Sketch salt.states.pip_state.installed(name, pkgs=None, pip...
13:41 Sketch but the examples are all
13:41 Sketch pip.installed:
13:42 Sketch is that normal?
13:42 Sketch or is it jut that the state is named pip_state even though it's functions are all just named pip
13:42 Reverend gtmanfred - you here?
13:42 Sketch seems confusing ;)
13:42 Sketch or at last inconsistent
13:43 DarkKnightCZ joined #salt
13:43 tapoxi joined #salt
13:45 sarcasticadmin joined #salt
13:51 ninjada joined #salt
13:53 numkem joined #salt
13:57 jdipierro joined #salt
13:57 Tanta joined #salt
13:58 Tanta left #salt
14:00 bvcelari joined #salt
14:02 DarkKnightCZ joined #salt
14:11 q1x I want to write a module that can use local and/or an url (like salt://) as an input for some operations. Does anyone know of a module I could use as an example?
14:12 q1x s/local/local file/
14:13 cachedout joined #salt
14:17 bvcelari_ joined #salt
14:18 bvcelari_ hello again guys! I am trying to make work a python from salt-contrib
14:18 bvcelari_ https://github.com/saltstack/salt-contrib/tree/master/grains
14:19 bvcelari_ I ued the instructions, like, add to the _grains folder, and install the libraries, but... I am not able to execute it succesfulle
14:19 bvcelari_ answer is empty, I tried to debug inline the python script but I cannot see any output either in salt logs
14:19 bvcelari_ Anyone has idea about how to debug this grain scripts?
14:20 bvcelari_ ec2_tag_roles.py for instance
14:25 netcho_ joined #salt
14:26 Trauma joined #salt
14:26 austin_ joined #salt
14:27 bvcelari_ sad thing, is the python scripts works, in the minion, but I do not know how to copy them
14:27 bvcelari_ salt '*' saltutil.sync_grains
14:27 bvcelari_ is not working
14:27 bvcelari_ any idea?
14:28 bvcelari_ salt-minion and salt-master 2016.11.3 (Carbon)
14:30 _0xm68 joined #salt
14:31 Brew joined #salt
14:31 austin_ was there any thought in the ability to sync only a specific grain instead of all grains?
14:35 evle1 joined #salt
14:40 RabidCicada joined #salt
14:42 PatrolDoom joined #salt
14:43 numkem joined #salt
14:43 austin_ something i dont understand. ipmi is a state module. so if i wanted to powercycle via ipmi, i'm running ipmi **on** that target instance?
14:43 GnuLxUsr joined #salt
14:44 Tanta joined #salt
14:45 onlyanegg joined #salt
14:46 dezertol joined #salt
14:48 misconfig Hey everyone - curious if anyone in here has to manage UFW rules? I cannot find an official state for UFW management.
14:50 cachedout joined #salt
14:54 jdipierro joined #salt
14:55 cachedou1 joined #salt
14:56 PatrolDoom joined #salt
15:07 alvinstarr joined #salt
15:10 tiwula joined #salt
15:10 jdipierro joined #salt
15:11 sp0097 joined #salt
15:13 Bock joined #salt
15:15 dendazen joined #salt
15:17 Ovrelf joined #salt
15:17 XenophonF misconfig: https://github.com/saltstack-formulas/ufw-formula
15:18 misconfig that URL is throwing a 404
15:18 XenophonF that formula wrote execution and state modules for UFW
15:18 XenophonF whoops hold on
15:18 XenophonF https://github.com/mariodpros/ufw-formula
15:18 Bock joined #salt
15:19 XenophonF sorry i forgot that it wasn't in saltstack-formulas
15:19 Ovrelf is it possible to access any of the roster details in a salt-ssh raw command? e.g. salt-ssh host -r "echo $host"
15:19 misconfig Thanks. I did find this earlier - was looking for an official state module for UFW.
15:19 netcho_ joined #salt
15:20 XenophonF dunno of anything official - sorry
15:25 teryx510 joined #salt
15:25 spicyJalepeno does anyone know how to configure gitfs to work with a proxy? i have my proxy set in /etc/gitconfig. git pulls to work from a local repo, but when starting salt-master it says gitfs connection timed out
15:29 jdipierro joined #salt
15:31 bvcelari_ joined #salt
15:36 jas02 joined #salt
15:39 viccuad_ joined #salt
15:43 smartalek joined #salt
15:44 aldevar left #salt
15:51 Praematura joined #salt
15:53 ronnix joined #salt
15:59 pipps joined #salt
16:01 pipps joined #salt
16:08 jdipierro joined #salt
16:10 woodtablet joined #salt
16:10 keltim joined #salt
16:11 ChubYann joined #salt
16:29 voxxit left #salt
16:30 ronnix joined #salt
16:32 leonkatz joined #salt
16:35 onlyanegg joined #salt
16:40 kiltzman joined #salt
16:41 kiltzman joined #salt
16:42 kiltzman joined #salt
16:43 pipps joined #salt
16:44 kiltzman joined #salt
16:44 strohi joined #salt
16:44 kiltzman joined #salt
16:45 XenophonF spicyJalepeno: which gitfs backend are you using?
16:45 kiltzman joined #salt
16:45 kiltzman joined #salt
16:54 spicyJalepeno XenophonF: pygit2
16:55 strohi heyho
16:55 wendall911 joined #salt
16:57 strohi i defined a mine_function in pillar, but it does not work on the minions. only when i put it in minion.d/# .. from my understading it should work also defined in pillar?
16:58 Nahual joined #salt
17:01 whytewolf strohi: yes it should work in pillars also. I generally use mines setup in pillars.
17:02 TheoSLC joined #salt
17:02 strohi hm, in pillar/top.sls i say base: '*' - defaults and in defaults.sls there is the mine_function:
17:02 strohi when i try salt \* mine.get '*'  the.function, only the minion with the local conf responds
17:03 whytewolf when you pillar.get mine_function on the minion with the pillar does it show up? also what version are your minions running?
17:03 TheoSLC Greetings.  Could somebody quickly tell me if the issue posted here is expected behaviour? https://github.com/saltstack/salt/issues/40586
17:03 saltstackbot [#40586][OPEN] cmd.run is available to the pillar renderer - a potential security vulnerability | Description of Issue/Question...
17:04 strohi with salt-call?
17:04 whytewolf strohi: salt-call or salt
17:04 strohi i upgraded all to 2016.11.1+ds-1~bpo8+1
17:07 censorshipwreck joined #salt
17:08 strohi on s01 salt-call  pillar.get mine_functions puts something out, yes
17:08 brakkisath joined #salt
17:09 whytewolf strohi: is it anything like a mine should look?
17:09 whytewolf also here is a reference i use
17:09 whytewolf https://gist.github.com/whytewolf/eff4a15f0eaa8d5354a3
17:10 ninjada joined #salt
17:10 netcho_ hi all, is there a way to use instance_name instead of instance_id in boto_elb.register_instances:
17:10 woodtablet joined #salt
17:10 netcho_ in old versions that was possible
17:11 spicyJalepeno joined #salt
17:11 netcho_ in  boto_elb.present:
17:11 onlyanegg joined #salt
17:11 strohi whytewolf: looks fine for me, yes
17:11 whytewolf TheoSLC: that is intended design. not a security flaw. pillar authors are expected to already have the keys to pretty much every castle.
17:12 TheoSLC whytewolf: that is not how we designed our pillars to be used.
17:13 Trauma joined #salt
17:13 strohi whytewolf: ok, it's working now, thx
17:14 TheoSLC whytewolf: I'm interested in placing limitations around pillar rendering with settings.
17:14 XenophonF spicyJalepeno: does pygit2 read /etc/gitconfig?
17:14 XenophonF i'm guessing not
17:15 XenophonF i use gitpython so i wouldn't know
17:15 Ryan_Lane netcho_: in boto_elb?
17:15 netcho_ yes
17:15 Ryan_Lane hm. looking
17:15 Ryan_Lane my guess would be probably not
17:16 netcho_ it has... instance_names: list of instance names. The state will ensure that these, and ONLY these, instances are registered with the ELB. This is additive with instance_ids.
17:16 whytewolf TheoSLC: choices are limited. you could switch to a ext_pillar that doesn't use rendering. such as one of the database driven ones.
17:16 toastedpenguin having a h3ll of a time getting a state to target specific minions, all the minions I want have a name like unicorn-web01.domain.local however a group recently started deploying test web servers with names like this: unicorn-t-web01.domain.local where "t' indicates test web server
17:17 netcho_ Ryan_Lane: https://hastebin.com/oxelonecef.pas
17:17 toastedpenguin when we deploy web servers they can be deployed into different environment, i.e. unicorn, gecko, tiger, the state file in question deals well with the environments using jinja and pillar data, but because of this "t" servers we don't want included as the output of this state file are included due to using *web* to target
17:17 Ryan_Lane @netcho_ code looks like instance ids, if it's the execution module you're looking at
17:17 whytewolf TheoSLC: or switch to masterless minions so that pillars are rendered on the minions
17:17 toastedpenguin not sure what my options are to target everything but these "unicorn-t-web01.domain.local servers
17:18 netcho_ Ryan_Lane: botom of the page https://docs.saltstack.com/en/latest/ref/states/all/salt.states.boto_elb.html
17:18 netcho_ old version used to have that
17:18 Ryan_Lane the state also looks like it requires instance ids
17:18 netcho_ :/
17:19 netcho_ why would one remove such a nice feature
17:19 whytewolf toastedpenguin: -C '*web* and not *-t-web*'?
17:19 Ryan_Lane @netcho_ I don't see anything that implies it supported instance names
17:20 Ryan_Lane "A list of EC2 instance IDs that..."
17:20 Ryan_Lane netcho_: this would be a nice feature to be added
17:20 Ryan_Lane I think it would require the vpc_name to be included as well, though
17:20 netcho_ https://hastebin.com/bojubefuxe.py
17:20 Ryan_Lane also... instance names aren't necessarily unique
17:21 Ryan_Lane netcho_: don't see what this paste is showing?
17:21 netcho_ instance_names: list of instance names. The state will ensure that these, and ONLY these, instances are registered with the ELB.   │ antonw
17:21 Ryan_Lane says instance_ids
17:21 netcho_ │                        | This is additive with instance_ids.y
17:21 netcho_ y
17:21 netcho_ sorry for paste like this
17:22 Ryan_Lane oohhhhh. boto_elb.present
17:22 Ryan_Lane I was looking at the wrong state
17:22 netcho_ yes
17:22 Ryan_Lane aha. yeah. it looks like this is implemented
17:22 Ryan_Lane is it not working?
17:22 netcho_ no
17:22 Ryan_Lane it filters to running instances:         running_states = ('pending', 'rebooting', 'running', 'stopping', 'stopped')
17:23 TheoSLC whytewolf: I'm going to look into adding a setting that will just turn off all modules except `grains.item` from the pillar renderer.
17:23 Ryan_Lane so it'll filter instances in those states
17:23 netcho_ Ryan_Lane: i get this warning https://hastebin.com/alocevomop.pas
17:23 netcho_ i am gonna try again with refreshing aws console
17:25 toastedpenguin whytewolf: not sure if that will work for where this is defined, creating a grain for the web servers in order to set and then collect all the IP addresses of these minions: https://pastebin.com/4YR7bvV3
17:25 Ryan_Lane netcho_: my guess is this was recently added
17:25 Ryan_Lane it's in the develop branch, but not in 2016.11.3
17:26 Ryan_Lane someone really should have marked that with "new in x"
17:26 whytewolf TheoSLC: if you do find a way to make a setting like that. make it a setting of acceptable module.functions. instead of limiting to just grains.blah
17:26 netcho_ i am on 2016.3.4 (Boron)
17:26 Ryan_Lane it's not in that release either. it's in the develop branch
17:26 Ryan_Lane so it's unreleased
17:27 netcho_ :/
17:27 netcho_ ok, thanks
17:27 Ryan_Lane good news, though, is that you could probably just take the boto_elb state and execution module and add them to your custom moduels
17:27 Ryan_Lane they're usually fully backwards compat with salt releases
17:27 sh123124213 joined #salt
17:27 Ryan_Lane (this is how we run a majority of our boto_* modules)
17:28 Renich joined #salt
17:29 whytewolf toastedpenguin: {% set mine_network_ipaddrs = salt['mine.get'](server_environment + '*web* and not ' + server_enviroment + '*-t-web*' , 'network.ipaddrs', expr_form='compound') %}
17:29 whytewolf or something like that
17:29 Ryan_Lane netcho_: so if you need this now, it should be usable :)
17:29 whytewolf i would have used ~ instead of + personally
17:30 bakins joined #salt
17:30 netcho_ yea but havent started writing custom modules yet
17:30 Ryan_Lane netcho_: you don't need to write any
17:30 Ryan_Lane just take these from the develop branch and drop them into your module directory
17:31 Ryan_Lane are you using master/minion, or masterless? if master/minion you'll need to sync the modules
17:31 netcho_ master/minion yes
17:31 Ryan_Lane but, you don't need to write any code for this
17:31 Ryan_Lane your modules directory will override what's in core
17:32 Ryan_Lane in fact, I have a blog post about this: https://blog.ryandlane.com/2015/06/03/using-development-branch-saltstack-python-modules-in-the-stable-release/
17:32 netcho_ never done that ... i might try tomorrow :) but thanks for the tip :)
17:32 Ryan_Lane yw
17:32 Ryan_Lane this post is written from the perspective of masterless, so it may be slightly different for master/minion
17:33 netcho_ i will figure it out eventually :)
17:35 netcho_ thanks again, i already found bunch of stuff on your blog earlier ... part with autoscaling groups for masterless
17:35 netcho_ last year
17:35 Ryan_Lane ah, cool :)
17:35 netcho_ helped me alot
17:35 Ryan_Lane have you tried any of the _from_pillars arguments yet?
17:36 Ryan_Lane lets you do really fun things, like default scaling policies for all autoscale groups
17:36 s_kunk joined #salt
17:36 netcho_ nope
17:36 Ryan_Lane (we setup default autoscale policies for every autoscale group, if the min != max size and desired_size isn't set)
17:37 Ryan_Lane and it's put into the centralized pillars, so if anyone makes an autoscale group it automatically applies
17:37 Ryan_Lane lots of the states have _from_pillars arguments that can be used for things like this
17:38 Ryan_Lane I should really write some blog posts about how we do patterns like this :D
17:38 netcho_ sounds nice, looking forward to it ... but i am still learning so ...
17:38 netcho_ this time next year haha
17:39 netcho_ i already have bunch of aws resources created by salt ... and i just can't stop using it
17:40 Ryan_Lane oh, we have a new fun thing for asg coming in the develop branch soon :)
17:40 Ryan_Lane tags_as_env_vars_file, and tags_as_env_vars_file_from_pillar
17:40 ah__ joined #salt
17:40 Ryan_Lane where you can have boto_asg auto-inject the asg tags as environment variables into your launch config's cloud init
17:41 netcho_ nice
17:41 Ryan_Lane so you can use the tag values in your cloud init without having to query the tags from the API (which is flaky at best)
17:41 nixjdm joined #salt
17:42 netcho_ sweet, i use API for now and it works pretty well :)
17:42 Ryan_Lane we used to use the API, but very frequently the tags don't show up until cloud-init is finished
17:42 Ryan_Lane which is obviously problematic :)
17:43 Ryan_Lane so, we added this capability, but didn't want to update every ASG in our sls, so tags_as_env_vars_file_from_pillar lets us enable this globally
17:43 toastedpenguin whytewolf: thanks for the suggestion, trying it now
17:43 Ryan_Lane we often add the _from_pillar stuff to avoid yak shaving
17:43 ah__ anyone have any experience with supporting various environments and having pillar data correctly overwrite the default values stored in the base environment?
17:44 toastedpenguin whytewolf: hmm, not picking up any server now
17:46 netcho_ makes sense :)
17:47 whytewolf toastedpenguin: what you might do, is play around with versions of targetting with compound till you find one that works.
17:47 whytewolf use salt -C to test
17:47 netcho_ thanks once again
17:48 toastedpenguin ok I'll give it a try
17:49 ah__ can you merge pillar values across environments?
17:49 Ryan_Lane my guess would be probably not
17:49 Ryan_Lane though I don't use environments, so I can't be sure
17:51 whytewolf in thoery [and this is only a thory.] you could use a combo of pillar.get and grains.filter_by to merge pillars from  different enviroments. it would be a cludge.
17:59 prg3 joined #salt
18:04 tercenya joined #salt
18:07 toastedpenguin whytewolf:  this works as expect executed on the CLI salt -C '*web* and not *-t-web*' test.ping
18:07 toastedpenguin dont get the "t"
18:07 toastedpenguin but doesnt in the state file
18:09 whytewolf odd. okay time to try the next level of testing. calling mine.get directly. salt 'a minion that gets the state' mine.get '*web* and not *-t-web*' 'network.ipaddrs' compound
18:10 wendall911 joined #salt
18:11 ninjada joined #salt
18:13 Edgan gtmanfred: I am running, python tests/runtests.py --ssh-tests, and it still seems to be running all the tests.
18:19 cyborg-one joined #salt
18:35 theblazehen joined #salt
18:40 Tanta joined #salt
18:52 NEOhidra joined #salt
18:57 toastedpenguin any window chocolatey users?
18:59 Salt_n00b joined #salt
19:00 toastedpenguin I am using it in state files but noticed that it salt executes the chocolatey install for packages that are already installed, is there a way to test for installed packages and not run chocolatey if the package is already installed?
19:01 toastedpenguin err is there an equivalent to pkg.installed when using the chocolately module to install packages
19:04 prg3 joined #salt
19:07 saintromuald joined #salt
19:08 toastedpenguin some google searching and I found "chocolatey.installed" which functions similar to pkg.installed....go figure
19:08 tobiasBora XenophonF: Ok thank you!
19:08 tobiasBora By the way I've a strange problem
19:08 tobiasBora Here is my salt file: http://paste.debian.net/926487
19:08 tobiasBora When I run it, no problem
19:09 tobiasBora However, nothing happened...
19:09 tobiasBora http://paste.debian.net/926490
19:09 tobiasBora Well, the salt state is applied, I've a message "public' is already in the desired state."
19:10 tobiasBora But then the ports 4505 are not present...
19:10 greyeax joined #salt
19:12 greyeax hi i was wondering if there's sort of an accepted way of using salt to ensure compliance for files?
19:12 greyeax ie: if i need to make sure a specific folder must have specific files in it, and if not they get copied there
19:12 Tanta yeah you can do that
19:12 Tanta and you can use checksums too
19:12 Tanta see file.managed source_hash and source
19:15 leonkatz joined #salt
19:15 greyeax yesss
19:15 greyeax thanks Tanta
19:15 greyeax trying to use saltstack for font compliance
19:16 greyeax if i can fix it using saltstack im p sure i can convince em to go full enterprise
19:16 greyeax >:D
19:17 Tanta well
19:17 Tanta you can enforce a system state (in terms of files and file contents) with Salt
19:17 Tanta it takes more controls than that to ensure continuous integrity (tripwire, aide), but it can be done
19:17 Tanta greyeax,
19:18 jdipierro joined #salt
19:19 greyeax i was under the impression that salt could do that with the system states?
19:19 greyeax and basically have the equivalent of like, a cron job running occasionally to make sure the system state added up?
19:20 whytewolf well for font directory you could just use file.recurse clean: true. and setup an inotify beacon to trigger if a file changes.
19:21 whytewolf but yeah for "complience" checking tripwire and aide are btter tools. unless you are talking about state and not complience.
19:22 greyeax is there a semantic difference here that i've missed?
19:22 whytewolf maybe hubble. not sure if it is in a state for that way
19:22 whytewolf state = how the operating system is setup. complience is a set of standards that are used for security checking
19:22 greyeax okay so probably state
19:22 greyeax its not a sec thing
19:23 greyeax basically its just like, X needs to have the fonts, if they're missing, add them, if there are ones that are not supposed to be there, get rid of them
19:23 greyeax and then just like, enforcing it with periodic checks
19:24 Tanta oh then just do file.managed
19:25 Tanta it will do nothing (noop) if it's correct already
19:25 Tanta you can run highstates all day if you want to, and your code is written idempotently
19:25 greyeax noice
19:25 whytewolf i would say file.recurse. sicne they want to have the ability to remove ones they are not managing
19:26 pbandark joined #salt
19:27 whytewolf how big is your font pack?
19:27 greyeax not *that* big?
19:27 greyeax i'm not sure specifically but it can't be more than like... 50 fonts maybe?
19:27 pipps joined #salt
19:28 whytewolf oh that isn't bad. maybe 100 or 200megs.
19:29 greyeax yeah
19:29 greyeax like, ostensibly its a very simple thing to deal with
19:29 greyeax but practically, it's a pain in the ass
19:29 greyeax because we have people using the "same" fonts but not really
19:30 greyeax we have no idea if they're getting them from our google drive folder or just randomly downloading them from different places
19:30 greyeax meaning people are trying to work with keynotes that have fonts called "futura demi" instead of "futura"
19:31 whytewolf lol, having worked at a paper. was scared. cause we used to have a font pack that was a couple of gigs thousands of fonts
19:31 mikecmpbll joined #salt
19:33 whytewolf https://docs.saltstack.com/en/latest/ref/states/all/salt.states.file.html#salt.states.file.recurse
19:33 whytewolf https://gist.github.com/whytewolf/55058c0299b99497dcfb0930662b4eef something like that
19:38 whytewolf i wouldn't put the clean in till you are sure it is right first though. it will clean.... anything not managed by salt in that directory goes poof
19:39 spicyJalepeno XenophonF: do you use gitpython for ssh or https connection
19:40 pbandark joined #salt
19:41 tercenya joined #salt
19:43 r3z joined #salt
19:43 r3z Hey. I am trying to use timezone.set_hwclock localtime and it says True once I run the command but hwclock is still set to UTC.
19:43 r3z Any ideas why it would be failing?
19:45 whytewolf what does timezone.get_zone return?
19:46 r3z out of four machines three of them are UTC and one America/New_York
19:46 r3z I have also tried to set tz to America/New_York
19:46 r3z I want localtime and America/New_York
19:46 whytewolf okay, get_zone is about what /etc/localtime is set to
19:47 whytewolf so on those three machines it thinks localtime is utc
19:47 r3z Ok. so I ran set_zone and it set one of them to America/New_York but the other three are still UTC.
19:47 tercenya joined #salt
19:47 r3z Ran set_zone "America/New_York" then get_zone and returns 1 correctly and 3 UTC.
19:48 Sketch pretty sure hardware clocks don't have a timezone
19:48 whytewolf humm. that you might need to use salt-call -l debug with that command on the three
19:48 greyeax joined #salt
19:48 whytewolf Sketch: they don't. however setting to "localtime" means that it is in sync with the local timezone. while UTC means it is in sync with the UTC timezone
19:49 Sketch i see
19:50 whytewolf generally it is normal on unix to run the hw clock on utc and use localtime zone to compensate. or even run the hwclock on utc and localtime in utc and use variables to translate the time
19:51 whytewolf makes syncing servers between timezones a lot easier if the underling timezone is the same
19:51 r3z It looks fine. I dont see any errors in the debug.
19:51 r3z At least that I can tell..
19:52 whytewolf humm. one second.
19:53 whytewolf r3z: is there anything different about those three vs the one it kind of worked on?
19:53 r3z Nope. All built from same image.
19:54 r3z All same version of suse.
19:54 whytewolf humm
19:55 whytewolf cat /etc/sysconfig/clock
19:55 r3z Salt was deployed identically from a script I wrote and all at the same time.
19:56 aerbax I'd like to bring our network devices into Salt management.  Do I need to have a salt-proxy daemon running for every remote host?  The docs seem to indicate that I do.
19:56 whytewolf aerbax: yes. each proxy = 1 device
19:57 aerbax whytewolf, Perfect.  Thank you.
19:57 r3z whytewolf: the working one is set timezone=america/New_York and the others are set UTC
19:58 whytewolf lowercase timezone?
19:59 r3z All uppercase
19:59 r3z TIMEZONE="America/New_York" or TIMEZONE="UTC"
20:00 whytewolf humm, ok.
20:00 austin_ question for the community. >> is it possible to use multiple top files in the same env from 2 different file_roots ?
20:01 DarkKnightCZ joined #salt
20:02 greyeax joined #salt
20:02 whytewolf on one of the three that are TIMEZONE="UTC" try salt-call -l debug file.sed /etc/sysconfig/clock '^TIMEZONE=.*' 'TIMEZONE="America/New_York"'
20:03 whytewolf [this is the command that saltstack is running to update the timezone]
20:04 r3z Standby
20:04 whytewolf austin_: i think they get merged together. but i am not 100% sure
20:05 greyeax whytewolf: aw hell yeah, thanks man
20:05 r3z The following keyword arguments are note valid: TIMEZONE=America/New_York
20:06 whytewolf humm, interesting
20:07 pipps joined #salt
20:07 lasseknudsen joined #salt
20:07 austin_ whytewolf: ok. i'll poke around that
20:08 whytewolf r3z: you might need to submit a bug. ... that third option to the file.sed is supposed to be the after part. although the fact timezone is still using a deprecated opention could also said to be a bug.
20:09 whytewolf file.sed and file.psed have been deprecated since 0.17.5
20:09 r3z Dang.. I have a ton of machines to do.. :-p This was just my first batch of test machines.
20:10 whytewolf well. since all that file does is edit that line for set_zone. you could just file.replace the timezone part of that file
20:11 r3z lemme find an example of how to do that.
20:12 whytewolf i do find it odd that is all it does. thought changing the timezone in SuSE and redhat took another command AFTER you changed that line
20:12 ninjada joined #salt
20:13 r3z It should have a symlink getting created to the /etc/localtime
20:13 whytewolf oh interesting that is what set_hwclock does.
20:14 r3z That is what set_Zone does
20:14 whytewolf before it of coarse calls hwcock
20:14 sh123124213 joined #salt
20:14 whytewolf timezone.set_zone does not redo the symlink
20:14 r3z https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.win_timezone.html
20:14 r3z According to that doc it does.
20:14 whytewolf this is windows?
20:15 r3z err no.
20:15 whytewolf https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.timezone.html#salt.modules.timezone.set_zone
20:15 r3z https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.timezone.html
20:16 whytewolf and i know what the docs SAY it does. but I'm looking at the code
20:16 r3z :-p
20:16 whytewolf oh, doh it does actually do the symlink
20:17 whytewolf missed it up higher in the code
20:17 whytewolf os.symlink(zonepath, '/etc/localtime')
20:17 DammitJim joined #salt
20:18 whytewolf coarse ... since it uses the /etc/sysconfig/clock setting during the set_hwclock command to redo the symlink again. ... it will undo it
20:18 DammitJim what command can I run on the master to see what states the minion will run?
20:19 whytewolf DammitJim: salt 'minion' state.show_highstate
20:20 DammitJim thanks
20:20 DammitJim master
20:22 dps joined #salt
20:23 MTecknology Fellers, I need to bitch about something.
20:24 * whytewolf hands MTecknology a soap box
20:25 * MTecknology grabs box and begins loading it up
20:27 r3z whytewolf: any idea on a workaround since the symlink has to be completed and the files updated?
20:27 MTecknology I can't convince $xyz that $practice is very bad. They're convinced it's fine because it works and gives them what they want. At what expense, though? A single pillar .sls file is 364 KB. How many lines is that? It's ~16,000 lines. How much of that file does each minion get? heheh... all of it. Really? Yup, all 350 KB is pushed to every minion on every pillar refresh, but don't be silly and think
20:27 MTecknology that's the only source of pillar data.
20:27 r3z Should I just use cmd.run?
20:28 whytewolf r3z: once you change the command do the hwclock_set like normal. it also does the symlink
20:28 MTecknology *THEN* We go ahead and task me with figuring out why it takes so long for highstates to run and why the load gets absurd on masters.
20:28 MTecknology </rant>
20:29 r3z so use file.replace and then hwclock_set
20:29 greyeax wait wut
20:29 whytewolf a single pillar file? ~16000 lines??? omg .... I ... i don't even know where to begin on that madness
20:29 r3z That should do it?
20:29 greyeax why is it so big?
20:29 whytewolf r3z: yeap
20:29 greyeax i dont even
20:30 dendazen joined #salt
20:30 whytewolf greyeax: my guess is that ever config for ever minion is in there. and it is jinja'd todeath
20:30 greyeax what the hell
20:30 whytewolf some people learn bad practice
20:31 jdipierro joined #salt
20:31 MTecknology heheh...
20:32 MTecknology whytewolf: All I can say to that is... golly, wouldn't that just be a security nightmare?
20:32 whytewolf so they hired you to gorden ramsey their shit, and then act like the bad chef
20:32 MTecknology especially if 100% of the file is given to *every* minion
20:32 whytewolf security? what security
20:33 MTecknology HAHAHA!!!! I *LOVE* that reference!
20:33 spicyJalepeno where we are going, we dont need security
20:33 MTecknology Yes, they wanted ramsey, but they only wanted him to bring them to the next level
20:34 whytewolf so ... they are the amys baking company of the world
20:35 whytewolf and i have been watching to much kitchen nightmares recently
20:35 mavhq joined #salt
20:35 MTecknology not that bad, closer to hmmm.....
20:35 MTecknology I can picture the place but can't think of the episode
20:35 r3z That appears to have done it whytewolf
20:36 r3z Actually all hardware clocks set to UTC..
20:36 whytewolf :/
20:36 MTecknology whytewolf: If I remember Chappy's correctly, that's a good analogy. :)
20:36 woodtablet joined #salt
20:37 r3z Meh shouldnt be a problem. With the TZ set to America/New_York it should be fine and adjust for DST...
20:37 woodtablet left #salt
20:37 MTecknology The only real TZ is UTC!
20:37 whytewolf ohhh chappys was an alright episode. blamed all the customers for his bad cooking.
20:38 pipps joined #salt
20:39 jdipierro joined #salt
20:39 r3z Ill just run with it UTC and America/New_York
20:39 r3z Should be fine if they use DST and are all the same. ;)
20:40 whytewolf sounds good r3z, most people don't know that a hwclock is running UTC or localtime anyway.
20:40 whytewolf i get annoyed that windows has to have hwclock run on localtime
20:40 MTecknology does it?
20:40 * Sketch looks forward to the day when we can get rid of timezones
20:40 r3z Ya its fine. PITA but whatever.. UTC works for me.
20:41 whytewolf MTecknology: yeah. I flipped a lid at a windows dev for an hour the day i found that out
20:42 MTecknology yikes (for two reasons)
20:43 MTecknology Sketch: We need time zones. What we don't need is timezones in hardware.  (my opinion)
20:43 Sketch i don't think we really need timezones
20:43 Sketch but what we need even less than timezones is DST.
20:43 Sketch i'd be happy just to get rid of that ;)
20:43 whytewolf DST can die in a fire
20:44 MTecknology whytewolf: YES!
20:45 MTecknology Sketch: Time zones are excellent when you work with people across the globe. They give you an idea when somebody does something (like sleep or work) in relation to when you do it. You can tell me you're +5 GMT and I know when I can expect you to be available.
20:46 whytewolf exactly. follow the sun would break down with out timezones.
20:46 Sketch that much is true, but it's not always a good indicator of when it's light or dark
20:46 MTecknology so?
20:47 MTecknology some parts of the globe are dark half the year and light the other half
20:47 Sketch yeah
20:47 Sketch also, we have too many timezones
20:47 Sketch by we i mean the US
20:47 MTecknology I'd be happy with 24 time zones
20:48 Sketch timezones on the other side of the world make some amount of sense
20:48 kiltzman joined #salt
20:48 Sketch but within the same country, they are more trouble than they are worth
20:48 whytewolf i would be happy with timezones that didn't lay on state/internation borders and just were slices of earth
20:48 MTecknology I really don't actually care how you refer to your timezone.
20:48 * MTecknology lives GMT-5 and works GMT-7
20:49 juntalis joined #salt
20:49 Sketch MTecknology: that must be annoying
20:49 whytewolf that is not the worst i have seen
20:49 toastedpenguin1 joined #salt
20:49 toastedpenguin1 left #salt
20:49 whytewolf have a friend that works for an company that is out of spain. he is in vegas.
20:50 MTecknology whytewolf: I'm currently traveling 50% (two weeks home, two weeks gone). Before that it was 12 days gone, 2 days home
20:50 whytewolf ouch that travel kills
20:51 whytewolf i have been lucky and avoided most travel in the work place for at least the last 10 years. even though every company i have worked at is heavy travel based.
20:52 MTecknology I'd land about midnight on friday, sort mail, toss junk, turn my house back on, take a cold shower, go to sleep, sleep half of saturday, take care of bills, take care of house stuff, then sunday would be my day home, and monday morning about 4 AM I got up to head back out to LA
20:54 whytewolf that would be why i want to avoid consulting. i love travel, i don't love travel for work
20:55 MTecknology I'd totally quit if they didn't pay me so well...
20:56 greyeax MTecknology tbh after a while the money just isnt good enough
20:56 greyeax trust me on that one
20:56 whytewolf i say the same thing about $bank all the time
20:57 Sketch i used to love traveling for work, because it gave me time to see stuff on my own without having to pay for it
20:57 MTecknology This isn't really the typical consulting gig. I'm actually a FT employee of a consulting firm that has a vested interest in keeping me happy. It's still high demand and high stress, but I'm pulling down over 2x what I need to live comfortably.
20:57 Sketch i probably would have left that job sooner if it wasn't for all the travel ;)
20:58 MTecknology It sounds like my next client will allow me to work my choice in hours from home 100% of the time.
20:58 whytewolf i guess my problem with travel is the same reason I'm not happy working for $bank the Red tape
21:00 whytewolf nice! I love working from home. that is one of the best things about my current position
21:00 MTecknology heheh... #salt has the logs of when I became aware of this company and the possibility of working for them was mentioned.
21:00 MTecknology saltconf #1 ... quite the tantrum I threw back then
21:01 whytewolf hehe
21:02 whytewolf hopefully I will be able to attend the upcomign saltconf .... still have not been to one yet :/
21:03 raqua joined #salt
21:03 whytewolf yay! my new DT 880's arrived
21:06 raqua Hi all
21:07 whytewolf Greetings
21:07 raqua I have an issue -> probably after upgrade to new salt version my scripts that worked before seems not ho be able to do file.recurse
21:07 raqua please see here: https://pastebin.com/Xu1SXywR
21:08 jdipierro joined #salt
21:09 raqua I use 2016.11.3
21:10 whytewolf raqua: run your state through salt-call with -l debug see if you can get more info about why it is failing... seems odd that it can't find salt://test when it can find salt://test/shorewall.conf
21:11 raqua yes, that is what baffles me too
21:12 raqua any reason why I need to use salt-call instead highstate with debug ?
21:12 whytewolf salt-call on the minion gets you a minion side view
21:13 raqua is that different from running debug mode on minion ?
21:13 Kelsar joined #salt
21:14 whytewolf no, just lets you do it one time instead of having to parse out everything
21:20 raqua I run it in debug mode (easier for me atm) and here is the minion debug log: https://pastebin.com/qDCEuFY2
21:20 raqua I do not see anything helpfull there
21:20 raqua but there are errors on master side
21:22 raqua give me sec to get that ..
21:27 whytewolf ok
21:27 raqua error on master: https://pastebin.com/8ScQHiH9
21:28 whytewolf humm. unicode
21:29 raqua yes, unicode issue, but can't tell where
21:30 whytewolf on the master try salt-run -l debug fileserver.dir_list
21:31 raqua just a note - when I comment out file.recurse part and just run file.managed that works fine, I still get those unicode errors
21:32 whytewolf yeah, it is possable a file with in salt://test/ has a unicode error just not the file that your file.manage is touching
21:33 raqua that is easy to test, because there are only two files .. will do
21:33 raqua result of the command you suggested: https://pastebin.com/0QmbPXEY
21:34 whytewolf so even a dir_list is throughing the error
21:35 whytewolf which might explain why file.recurse is having the issue and file.manage isn't file.manage goes directly to the file file.recurse has to make sure the directory is there.
21:36 raqua I see. It also works for the second file.
21:36 whytewolf this might not even be in your test directory ANY directory with a unicode char could be causing this
21:36 whytewolf dir list only lists directories though not files
21:36 netcho joined #salt
21:37 raqua just to understand, any directory in my project or let's say, in salt sources?
21:37 whytewolf in salt sources
21:38 raqua So I should report this as a salt bug then, right ?
21:38 whytewolf unforhcantly no. unicode is one of those python things that is going to be a pain till every python program can use 3.x or higher
21:39 whytewolf this is more of a python issue then a salt issue.
21:40 whytewolf luckly python 3 handles unicode a lot better. unforchantly salt doesn't do python 3 till at least the next version [nitrogen] . they just tagged it and look to be most likely releasing late 2017.5 [if things don't go really wrong]
21:41 raqua So what are my options? This starts to be a serious hindrance. How would that unicode folder get there? If that is in salt sources, then it must have come from salt (or my distro packager).
21:41 whytewolf oh, no not the salt sourcecode.
21:42 raqua one of those should get bug report
21:42 whytewolf sorry i mean anything in salt://*
21:42 raqua aha, ok
21:42 raqua so I should be able to find it in my scripts then
21:42 whytewolf yes
21:42 whytewolf and it would be a directory
21:44 raqua hm .. I wonder how I could detect this, I do not see anything suspitious there
21:45 sh123124213 joined #salt
21:45 whytewolf raqua: maybe look at https://www.j3e.de/linux/convmv/man/
21:46 mdpolaris joined #salt
21:46 raqua ok, thanks
21:46 raqua I will first start to remove the dirs until salt-run -l debug fileserver.dir_list stops failing. That way I should identify, which dir has the problem.
21:47 whytewolf you might try clearing the fileserver cache first.
21:47 raqua How do I do that ?
21:48 whytewolf not sure if the standard /srv/salt has a cache but if it does. salt-run fileserver.clear_cache
21:51 SaucyElf joined #salt
21:54 raqua Thank you for your help, I deleted half of the dirs and error is gone, so now it is just a matter of bisection to find the dir. I really appreciate your help.
21:58 raqua I have found the issue, but it is not directory, it is a html file
21:59 raqua called like this: Configuring Linux 4.x or higher – HiFiBerry.html
22:00 whytewolf ahh. humm. thought dir_list only showed dirs. but i guess it does have to parse everything file named to be able to test if it is a file or directory
22:01 SamYaple joined #salt
22:06 SamYaple joined #salt
22:07 greyeax salt states for linux go in /srv/salt/ yeah?
22:07 greyeax like the .sls files?
22:07 whytewolf greyeax: by default yes
22:10 greyeax i'm getting an issue trying to do the font thing, i setup a quick test to run, but i'm getting a data failed to compile error
22:10 jdipierro joined #salt
22:10 greyeax im assuming it has something to do with my .sls syntax?
22:10 whytewolf most likely if data is failing to compile
22:12 greyeax https://hastebin.com/efijufixom.pas
22:12 DarkKnightCZ joined #salt
22:13 greyeax right now it looks like that... i used spaces not tabs because i vaguely remember that being a thing
22:13 greyeax i cant see anything obviously wrong with it
22:13 whytewolf yes that is a thing ... you missed a : on source
22:13 whytewolf - source: salt://fonts
22:16 greyeax ohhhhhh
22:16 greyeax tytyt man
22:19 greyeax hrm still compile error
22:19 greyeax i used two spaces per indent
22:20 greyeax syntax seems correct
22:20 whytewolf well some things that might be throwing it off. - in state id. might need to quote name and source.
22:23 whytewolf humm, it compiles fine for me if i make the : change
22:23 whytewolf what command are you using to run it?
22:24 prg3 joined #salt
22:26 Tanta I find it curious how people can navigate IRC clients but not Saltstack basics
22:27 Tanta IRC is way harder to configure and run
22:28 greyeax lol
22:28 greyeax whytewolf i'm using https://hastebin.com/unuriroquh.vbs
22:28 greyeax that's the command im running and the error message
22:29 greyeax interestingly i checked the directory and it's totally copying them over
22:29 greyeax i changed the sls file to look like this too: https://hastebin.com/yotutukivo.pas
22:34 dendazen joined #salt
22:45 greyeax eyy i thinki i figured it out
22:45 greyeax i think i might accidentally somehow have two minions on the same machine
22:46 greyeax yup
22:46 greyeax that was it
22:53 greyeax whytewolf: it works! thanks man you have helped me solve a problem that's been screwing this whole company for like weeks now lol
22:53 greyeax viva la saltstack
22:53 whytewolf hehe no problem
22:59 pipps joined #salt
23:00 leonkatz joined #salt
23:01 MTecknology whytewolf: mind a pm?
23:12 Praematura joined #salt
23:14 leonkatz Is there anyway to merge top files from two gitfs repos in the same env?
23:15 whytewolf in thoery they should merge already
23:16 onlyanegg joined #salt
23:17 whytewolf ahh merge_all for top_file_merging_strategy
23:17 whytewolf https://docs.saltstack.com/en/latest/ref/configuration/minion.html#top-file-merging-strategy
23:18 pipps joined #salt
23:18 leonkatz that only works with no env specified, and it only merges them for the env.
23:19 leonkatz doesn't see to care about multiple top files, only reads the first one
23:19 leonkatz from gitfs
23:20 Renich___ joined #salt
23:21 whytewolf humm. only thing that even mentions anything about top file merge has enviroments in it
23:21 leonkatz it did seem to work a while ago
23:22 leonkatz wonder if this new merge changes in this version broke that
23:24 MTecknology OMG!!!
23:25 MTecknology top_file_merging_strategy!!!!
23:25 MTecknology That would have been infinitely incredible to have available about four years ago. :P
23:28 jas02 joined #salt
23:29 hemebond I've not used that yet.
23:29 hemebond I'm only now experimenting with cross-environment states and scoping.
23:31 whytewolf humm leonkatz humm. file a bug report cause merge strat is the only thing that deal with how the top file merges. and it should merge all top files in a single enviroment together by default
23:31 leonkatz will do
23:31 tobiasBora Hi! I don't know why but my salt file http://paste.debian.net/926487 is exectued without error ("public' is already in the desired state."), but the firewalld do not update it's rules http://paste.debian.net/926490
23:31 tobiasBora Does anyone knows why?
23:32 hemebond Both those pastes are the same.
23:36 tobiasBora hum sorry
23:40 tobiasBora hemebond: This one is the good one for the output: http://paste.debian.net/926505
23:56 tobiasBora Ok I solved my problem
23:57 whytewolf what was it?

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary