Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2017-05-08

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:11 shoemonkey joined #salt
00:38 DEger joined #salt
00:41 justan0theruser joined #salt
00:45 sp0097 joined #salt
00:52 asyncsec joined #salt
01:02 shoemonkey joined #salt
01:13 MTecknology I thought I had salt-cloud listing all vm hosts, but then I didn't, and now I don't, and that's a bummer. :(
01:14 antpa joined #salt
01:17 MTecknology ah... pass vs. password
01:23 MTecknology Woohoo!!!
01:24 jas02 joined #salt
01:26 nikdatrix joined #salt
01:29 antpa joined #salt
01:32 asyncsec joined #salt
01:36 nikdatrix joined #salt
01:48 ilbot3 joined #salt
01:48 Topic for #salt is now Welcome to #salt! <+> Latest Versions: 2016.3.6, 2016.11.4 <+> Support: https://www.saltstack.com/support/ <+> SaltStack Webinar on Carbon, Nitrogen, and Enterprise 5.1 on May 18, 2017 https://goo.gl/PvsOvQ <+> Logs: http://irclog.perlgeek.de/salt/ <+> Paste: https://gist.github.com/ <+> See also: #salt-devel, #salt-offtopic <+> We are volunteers and may not have immediate answers
01:51 k_sze[work] joined #salt
01:54 jdipierro joined #salt
02:05 prg3 joined #salt
02:13 zerocoolback joined #salt
02:14 zerocoolback joined #salt
02:31 om2_ joined #salt
02:47 JPT joined #salt
02:48 DEger joined #salt
03:14 k_sze[work] joined #salt
03:17 antpa joined #salt
03:30 miruoy joined #salt
03:38 nikdatrix joined #salt
03:42 antpa joined #salt
03:48 ivanjaros joined #salt
03:55 edrocks joined #salt
04:15 Xenophon1 joined #salt
04:22 prg3 joined #salt
04:31 masber joined #salt
04:40 gnomethrower joined #salt
04:44 jholtom joined #salt
04:45 MTecknology I can't figure out how to specify storage..
04:45 MTecknology I disable "local" storage on proxmox
04:49 londo_ joined #salt
04:55 harkx joined #salt
04:57 treaki_ joined #salt
05:01 prg3 joined #salt
05:05 ivanjaros joined #salt
05:11 golodhrim|work joined #salt
05:14 Ricardo1000 joined #salt
05:22 jarvis_ joined #salt
05:24 Diaoul joined #salt
05:24 jas02 joined #salt
05:26 antpa joined #salt
05:26 filippos joined #salt
05:27 jarvis__ joined #salt
05:36 jarvis_ joined #salt
05:40 antpa joined #salt
05:41 nikdatrix joined #salt
05:44 rdas joined #salt
05:47 preludedrew joined #salt
05:47 DEger joined #salt
05:59 do3meli joined #salt
05:59 do3meli left #salt
06:01 colttt joined #salt
06:09 LeProvokateur joined #salt
06:13 fracklen joined #salt
06:14 om2_ joined #salt
06:19 drags1 joined #salt
06:19 XenophonF joined #salt
06:19 antpa joined #salt
06:19 swills joined #salt
06:19 om2_ joined #salt
06:19 packeteer joined #salt
06:19 Puckel_ joined #salt
06:19 fracklen joined #salt
06:20 carlwgeorge joined #salt
06:20 antpa joined #salt
06:21 antpa joined #salt
06:21 antpa joined #salt
06:22 justan0theruser joined #salt
06:22 supermike_ joined #salt
06:22 antpa joined #salt
06:23 antpa joined #salt
06:24 antpa joined #salt
06:25 antpa joined #salt
06:26 antpa joined #salt
06:26 dnull joined #salt
06:26 antpa joined #salt
06:27 antpa joined #salt
06:28 tom29739 joined #salt
06:28 antpa joined #salt
06:29 antpa joined #salt
06:46 fracklen joined #salt
06:53 fracklen joined #salt
06:55 fracklen joined #salt
06:59 masber joined #salt
07:03 ravenx joined #salt
07:03 ravenx hey guys, with this:  https://repo.saltstack.com/#ubuntu
07:04 ravenx is it possible to install a previous version of salt-minion, namely:  2016.11.1
07:04 ravenx it only offers the 11.4 version
07:04 ravenx i was looking at the browse repo button and found it here:
07:04 ravenx https://repo.saltstack.com/apt/ubuntu/16.04/amd64/archive/2016.11.1/
07:04 ravenx but how can i use it via the apt method?
07:05 hemebond ravenx: https://askubuntu.com/a/92021
07:05 rgrundstrom joined #salt
07:05 ravenx i see
07:05 ravenx however, which of the repo do i have to enable:
07:06 ravenx the latest release, minor release, or major release
07:07 hemebond Minor release if you want to stick to 2016.11.1
07:07 ravenx hemebond: on top of that, i would need to see the version being available via:  `apt-cache policy salt-minion`.  when i do that, i only see "2016.11.4+ds-1" and "2015.8.8+ds-1 500"
07:08 hemebond If the minor release repo (and you specify 2016.11.1) is the only repo in your configuration you will only see 2016.11.1.
07:08 ravenx by config you mean:   /etc/apt/source.list.d/saltstack.conf right?
07:08 hemebond Yes
07:08 hemebond In there, the URL has the version in it.
07:08 ravenx so all i gotta do is add a .1?
07:08 hemebond You can specify 2016.11.1
07:09 hemebond The example on the page has 2016.11.4, just change it.
07:09 ravenx aaaah
07:09 ravenx Err:6 http://repo.saltstack.com/apt/ubuntu/16.04/amd64/2016.11.1 xenial Release
07:09 ravenx 404  Not Found
07:09 ravenx :(
07:09 ravenx oops, i am missing the 'archive' word
07:09 ravenx much better :D
07:10 hemebond ????
07:10 ravenx thank you hemebond
07:11 ravenx gah
07:11 ravenx it won't start because of a traceback,
07:11 ravenx (ive never seen this before when i ran salt within a venv)
07:12 ravenx https://paste.debian.net/931396/
07:12 ravenx a google search yielded nothin
07:16 hemebond Is this a fresh install?
07:16 hemebond No previous installs?
07:17 ravenx there was one previous install.
07:17 ravenx last year, as a 2015.x.x version (forgot the exact one)
07:17 hemebond Try purging everything.
07:17 ravenx there was a previous one, but it was completely isolated in a venv.
07:17 ravenx by purge do you mean:  apt-get purge salt-*
07:17 hemebond Yeah, and python packages and stuff.
07:18 hemebond And also any pip installed stuff.
07:18 ravenx uh oh
07:18 ravenx that may land me in hot water lol
07:18 hemebond Why are you installing .1 instead of .4?
07:18 ravenx it was the one i tested thoroughly on
07:19 ravenx also, i have tried to install the .4 one as well
07:19 ravenx and i have met the same error
07:19 ravenx the exact same one.
07:19 hemebond Is this Centos?
07:19 ravenx ubuntu 16.04
07:19 hemebond Oh of course.
07:19 JohnnyRun joined #salt
07:19 hemebond Mmm. Don't know. You've got something installed somewhere causing a conflict.
07:19 hemebond Sure there is no open issue for this error?
07:19 pbandark joined #salt
07:20 ravenx i will google that line again.
07:21 ravenx i'm guessing it's an old version of tornado..
07:21 ravenx do you know where i can quickly check the dependencies.
07:21 ravenx for saltstack
07:22 hemebond Mmm, nope. You could check using APT
07:26 hemebond Or install via PIP into a venv and look at what it pulls in with it.
07:26 ravenx i'm checking the dependencies of that venv
07:26 ravenx and i think it is tornado
07:26 ravenx i did a pip list and it shows tornado of 4.4.1
07:26 ravenx and a sudo pip list shows tornado==2.4.1
07:27 ravenx (i didn't do the sudo pip install tornado==2.4.1
07:27 ravenx so i will need to murder whoever did that.
07:34 prg3 joined #salt
07:41 rgrundstrom Good morning
07:43 nikdatrix joined #salt
07:43 felskrone joined #salt
07:45 zulutango joined #salt
07:54 fredvd joined #salt
07:54 gmoro_ joined #salt
07:56 jdipierro joined #salt
07:57 oida_ joined #salt
07:57 theblazehen Anybody had an issue with ftplib.py on Centos 6.8? Was failing on a `from ftplib import *`
07:57 prg3 joined #salt
07:57 dnull joined #salt
07:58 theblazehen Guy at work patched ftplib and it worked again, justcurious if anyone else experienced that
07:59 cyteen joined #salt
08:01 kbaikov joined #salt
08:11 citaret ping 192.110.16.243
08:12 irated joined #salt
08:14 geomacy joined #salt
08:15 zerocoolback joined #salt
08:15 Rumbles joined #salt
08:16 theblazehen citaret:  ENOTTY
08:22 DEger joined #salt
08:23 candyman88 joined #salt
08:32 Mattch joined #salt
08:33 Praematura joined #salt
08:38 _KaszpiR_ joined #salt
08:50 impi joined #salt
08:54 gnomethrower joined #salt
08:55 nikdatrix joined #salt
09:02 bdrung_work joined #salt
09:17 dRiN joined #salt
09:18 DEger_ joined #salt
09:27 DEger joined #salt
09:30 candyman89 joined #salt
09:33 antpa joined #salt
09:35 DEger joined #salt
09:42 copelco joined #salt
09:44 zerocoolback joined #salt
09:45 zerocoolback joined #salt
09:48 Xenophon1 joined #salt
09:52 petems joined #salt
09:53 dnull joined #salt
09:54 mihait joined #salt
09:59 edrocks joined #salt
10:02 phobosd joined #salt
10:14 colttt hello,
10:14 colttt is it possible to combine file_tree and gitfs?
10:15 hemebond Yes
10:15 ikarpov joined #salt
10:15 hemebond Oh wait...
10:15 hemebond I don't know :-)
10:15 babilen It is
10:16 babilen colttt: You would have to configure that though
10:16 colttt becaue, i would save the ssl-certificates in pillar (per serverhost), and i dont know how to use it without file_tree
10:16 colttt babilen: how/where?
10:17 babilen https://docs.saltstack.com/en/latest/ref/configuration/master.html#fileserver-backend
10:17 babilen Make sure you have both "roots" and "git" in there
10:18 babilen colttt: For pillars and SSL certs I'd actually use a different approach
10:18 kiltzman joined #salt
10:20 babilen Look into load_text  and use that in pillars. An example of that approach can be seen in https://docs.saltstack.com/en/latest/topics/development/conventions/formulas.html#gather-external-data
10:20 babilen (that shows it for state files, but you can use load_text in pillars also)
10:21 babilen import_text that is, sorry
10:28 GnuLxUsr joined #salt
10:29 colttt babilen: puuhh.. I am a saltstack beginner.. can you please post an example for an ssl-certificate stored in a pillar and can be used as per host({{ grains['fqdn']|lower }})?
10:29 GnuLxUsr joined #salt
10:30 babilen colttt: Have you used pillars before?
10:35 colttt babilen: only to define roles (https://groups.google.com/forum/#!topic/salt-users/7zKlyoqsls8)
10:37 babilen Good, that should suffice. You might want to read through https://docs.saltstack.com/en/getstarted/config/pillar.html and/or https://docs.saltstack.com/en/latest/topics/tutorials/pillar.html
10:38 babilen The basic idea would then be to put your SSL certificates somewhere in pillar roots on the master and load the file with import_text withing a pillar SLS that you target to the minion(s) in question
10:38 Ricardo1000 Hello, when I'm trying to use beacons for file modification via inotify, salt-minion send double event, what is wrong ?
10:38 babilen Ricardo1000: When does it do that?
10:38 Ricardo1000 babilen: What do you mean ?
10:39 babilen Ricardo1000: Does it *always* send two events or does this only happen in specific situations (e.g. a state run)
10:39 Ricardo1000 babilen: I have modify file, save it. On the other terminal listen bus even queue
10:39 impi joined #salt
10:39 tobiasBora joined #salt
10:39 Ricardo1000 babilen: and seen same events in two messages
10:40 Ricardo1000 babilen: with different stampes
10:40 babilen Ricardo1000: I'm off for lunch now, but I'll try to reproduce that once I'm back (~1½h) and will let you know
10:40 babilen Would be good to see your exact beacon configuration and the exent bus log on one of http://paste.debian.net, https://gist.github.com, http://sprunge.us, …
10:40 babilen *event bus
10:44 colttt babilen: thanks i will try it
10:59 kbaikov joined #salt
11:00 toanju joined #salt
11:07 jarvis_ joined #salt
11:09 Arijit joined #salt
11:10 vlebo joined #salt
11:12 vlebo hi all
11:13 vlebo havin some isses with salt Carbon
11:15 vlebo my states work in Boron just fine (boto modules) but whern i run them in Carbon i get
11:15 vlebo https://hastebin.com/azipexomiz.sql
11:16 vlebo same state, same profile sls in pillar
11:16 vlebo also salt-cloud in Carbon does not change minion hostname to minion_id on AWS
11:19 vlebo here is my state https://hastebin.com/iluliwirok.bash
11:19 thijn__ question.. what is the best place to lookup/readup on the mechanics of changing elements in a service configuration (say vsftpd) to be minion specific.. say i want anonymous_enable: 'YES' for minion1 on and anonymous_enable: 'NO'for minion2 while using the same source in the config.sls for the service vsftp?
11:20 vlebo and i get that error for all boto modules
11:37 amcorreia joined #salt
11:38 Praematura joined #salt
11:41 saintpablo joined #salt
11:41 nikdatrix joined #salt
11:41 mbologna joined #salt
11:47 colttt babilen: short question, import text is that path relativ from /srv/pillar/ ?
11:48 haam3r Hi! Anybody have any good examples on generating a self-signed certificate on the minion?
11:49 o1e9 joined #salt
11:50 Reverend joined #salt
11:52 DEger joined #salt
11:53 DEger_ joined #salt
11:55 antpa joined #salt
11:58 jdipierro joined #salt
11:59 Trauma joined #salt
12:13 armyriad joined #salt
12:14 babilen colttt: It should be relative to pillar_roots
12:17 shoemonkey joined #salt
12:19 numkem joined #salt
12:19 shoemonkey joined #salt
12:23 shoemonkey joined #salt
12:24 Ricardo1000 babilen: Are you back ?
12:24 noobiedubie joined #salt
12:26 thinkt4nk joined #salt
12:27 babilen Ricardo1000: I am, yes
12:29 _KaszpiR_ joined #salt
12:30 shoemonkey joined #salt
12:30 yuhl______ joined #salt
12:33 candyman88 joined #salt
12:33 cyborg-one joined #salt
12:34 TomJepp joined #salt
12:38 edrocks joined #salt
12:39 edrocks joined #salt
12:48 flughafen_ joined #salt
12:50 flughafen_ is there anyway to have like a reboot and then salt sleeps for x amount of time or wait for the machine to come back up
12:52 babilen flughafen_: There is ..
12:52 noobiedubie joined #salt
12:52 babilen https://docs.saltstack.com/en/latest/ref/states/all/salt.states.event.html
12:54 flughafen_ babilen: thanks.  iwill look into that
13:00 babilen flughafen_: https://docs.saltstack.com/en/latest/ref/states/all/salt.states.saltmod.html#salt.states.saltmod.wait_for_event also
13:02 wonko21 joined #salt
13:10 flughafen_ babilen: ok i'll try that. thanks.
13:13 babilen flughafen_: Please note that you'd use that with the orchestrate runner
13:15 GMAzrael joined #salt
13:17 Trauma joined #salt
13:18 ravenx cna i get some hlep with an issue:  i'm trying to use pillar data (on the command line, as a json format) to pass data into my salt state
13:18 ravenx the saltstate is a cron.present
13:18 flughafen_ babilen: ah crap. ok.
13:18 ravenx and here is my pillar:  pillar='{"cron": {"restart": "True", "minute": "56", "hour": "2", "dayofmonth": "*", "month": "'*'", "dayofweek": "'*'"}}'
13:19 ravenx and i keep getting this:  https://paste.debian.net/931424/
13:19 ravenx it seems that it doesn't really like wild cards.  though the numbers like 56 and 2 are okay.
13:19 ravenx am i doing something obviously wrong?
13:19 ravenx as you can see, i even tried to put single quotes around it as well
13:20 Reverend ravenx: I did mine slightly different and just did "cron_expr": "* * * * *"
13:20 Reverend which works fine
13:20 Reverend I'd probabyl remove your doouble quotes and just do '*'
13:20 ravenx Reverend: you mean you can pass in pillar data doing "cron_expr"
13:21 ravenx o_O could you tell me more details
13:21 Reverend surew
13:21 Reverend let me drag it out for you.
13:21 ravenx is there a documentation on it or something
13:21 ravenx Reverend: here it is with single quotes:  https://paste.debian.net/931425/
13:21 ravenx even a funkier error
13:24 babilen ravenx: It should (IMHO) work if you quote asterisks in the pillar YAML
13:24 babilen What does it not like about your approach?
13:25 cyteen joined #salt
13:25 ravenx well, salt was error-ing out early
13:25 ravenx in those paste.debians that i posted.
13:26 ravenx babilen: that's actually a smart move.
13:26 ravenx putting the quotes in the init.sls's yaml.
13:26 ravenx you sir, save the day once again.
13:26 Reverend https://hastebin.com/ojulamuyez.txt
13:27 Reverend thats what we have for cron here.
13:27 Reverend the cluster being the cluster of servers, and the user that's going to run it. it populates the /etc/crontab file.
13:27 racooper joined #salt
13:28 ravenx Reverend: sweet, thanks for that i will take a look.
13:30 Trauma_ joined #salt
13:35 babilen ravenx: :D
13:37 alvinstarr joined #salt
13:38 rem5_ joined #salt
13:39 Cottser joined #salt
13:40 jmcknight joined #salt
13:41 Cottser joined #salt
13:41 Trauma joined #salt
13:43 Cottser_ joined #salt
13:44 PatrolDoom joined #salt
13:44 candyman88 joined #salt
13:44 PatrolDoom joined #salt
13:46 Trauma_ joined #salt
13:48 candyman88 joined #salt
13:53 candyman88 joined #salt
13:56 Trauma_ joined #salt
13:58 cgiroua joined #salt
13:59 Trauma_ joined #salt
13:59 antpa joined #salt
14:00 candyman88 joined #salt
14:03 jdipierro joined #salt
14:04 prg3 joined #salt
14:05 candyman88 joined #salt
14:06 antpa joined #salt
14:09 Inveracity joined #salt
14:09 brousch__ joined #salt
14:09 jvelasquez joined #salt
14:12 antonw joined #salt
14:13 weylin joined #salt
14:14 cyborg-one joined #salt
14:22 Trauma_ joined #salt
14:25 candyman89 joined #salt
14:26 _JZ_ joined #salt
14:26 Trauma_ joined #salt
14:30 bvcelari joined #salt
14:30 bvcelari Hi guys!!!
14:30 bvcelari I am using salt-cloud to provision some minions,
14:31 bvcelari and I need to add some mine_functions to the minions config, any recomendation of how to do it?
14:31 doriftoshoes_ joined #salt
14:31 Trauma__ joined #salt
14:31 prg3 joined #salt
14:32 bvcelari doing  something has horrible as:
14:32 bvcelari salt '*' cmd.run  'echo "mine_functions:
14:32 bvcelari test.ping: []
14:32 bvcelari network.ip_addrs:
14:32 bvcelari interface: eth0" >> /etc/salt/minion'
14:32 bvcelari salt '*' cmd.run  '/etc/init.d/salt-minion restart'
14:32 babilen bvcelari: I typically specify mine_functions in the pillar .. much easier to update/manage
14:34 bvcelari ok, that is not working, so probably I am using the wrong pillar
14:35 Trauma___ joined #salt
14:37 dyasny joined #salt
14:40 bvcelari @babilen: any specific state from pillar? or any that is applied to that server should be fine?
14:41 fracklen joined #salt
14:42 babilen bvcelari: I don't quite follow .. I just specify the mine functions in the pillar and the minion uses them. See http://paste.debian.net/931439/ for an example
14:42 bvcelari yes.. that is not working, not sure why
14:45 babilen What exactly isn't working? Are your minions sitting around drinking Gin & Tonic? ;)
14:47 bvcelari LOL
14:48 bvcelari mb...
14:48 bvcelari and the did not invite
14:48 bvcelari MTF !
14:48 bvcelari (the minions)
14:49 bvcelari I have my 2 pillars,one with secrets, and one common values
14:49 bvcelari I create a similar sls file
14:50 bvcelari and... added to tthe top.sls where I apply it to this set of servers
14:50 bvcelari and... mine.get is empty
14:52 Garo_ joined #salt
14:52 jmcknight can you verify on the minion that `salt-call pillar.get mine_functions` has the functions desired?
14:52 bvcelari my top.sls looks like:
14:52 bvcelari 'G@ec2_tags:Roles:aws':
14:52 bvcelari - match: compound
14:52 bvcelari - mine.network.10_network_addrs
14:52 spiette joined #salt
14:52 bvcelari and much more states that are applied right in the minions
14:52 babilen bvcelari: Could you paste the output of "salt 'theminion' pillar.get mine_functions'", "salt 'theminion' mine.update'" and that of the mine.get call to one of http://paste.debian.net, https://gist.github.com, http://sprunge.us, … ?
14:53 it_dude joined #salt
14:55 sarcasticadmin joined #salt
14:56 babilen In this particular case it would also be interesting to see the output of "salt 'theminion' grains.get ipv4" also
14:59 bvcelari @babilen
14:59 bvcelari https://gist.github.com/bvcelari/730a9b3b9c27c072c2af034dd66bb7e2
15:05 CaptTofu__ joined #salt
15:05 bvcelari the grains works  @babilen,
15:05 bvcelari update the gist
15:05 aneeshusa joined #salt
15:06 fracklen joined #salt
15:08 babilen bvcelari: You didn't run "salt 'theminion' pillar.get mine_functions'", but decided to show "salt 'theminion' pillar.get network.ip_addrs" instead ..
15:09 babilen I should probably have made the $EDIT_PLEASE parts of the command more obvious .. I had only meant for you to replace the minion id with whatever would be applicable to your setup
15:10 zerocoolback joined #salt
15:13 babilen You are also missing the mine.get command that you use to test the setup
15:13 bvcelari my mistake :/ added the pillar.get mine_funcionts, that works too
15:14 jessexoc joined #salt
15:15 simmel_ joined #salt
15:17 babilen bvcelari: Ah, please run "salt '*' mine.update" as initially instructed
15:18 babilen And "salt '*' mine.get 10_network_addrs"
15:19 bvcelari ok.. now works only for one minion...
15:19 bvcelari that may have I know why
15:19 bvcelari I will start over.. from scratch,
15:19 babilen You shouldn't have to .. you got the wrong mine.get call
15:21 ThomasJ|m joined #salt
15:23 Kelsar joined #salt
15:25 raspado joined #salt
15:25 Garo_ left #salt
15:26 babilen bvcelari: Did that do the trick?
15:26 bvcelari looks like yes
15:26 bvcelari but something went south with one of the minions...
15:27 bvcelari so, I need some more time, but I think that I is gonna work
15:27 bvcelari thx a lot
15:28 imanc joined #salt
15:28 noobiedubie joined #salt
15:28 zerocool_ joined #salt
15:29 cgiroua Hi guys, is there any way to debug dockerng registry auth being used, or maybe some simple step I missed to 'hook-up' a new minion with the proper registry auth?
15:29 cgiroua I'm seeing a docker pull (dockerng.img_present) failing in syslog on a new minion with 'no basic auth credentials', but it's succeeding on several other minions which were setup in the past
15:30 cgiroua state.show_top, and pillar.items --with the 'docker-registries' auth-- are identical for successful/failing minions ... so I'm not sure what's missing
15:31 rmelero joined #salt
15:31 noobiedubie can the reactor systems react to service state changes on minions?
15:32 sp0097 joined #salt
15:35 greyeax joined #salt
15:40 candyman88 joined #salt
15:40 babilen noobiedubie: This is SaltStack, so .. sure ;)
15:40 babilen https://docs.saltstack.com/en/develop/ref/beacons/all/salt.beacons.service.html#module-salt.beacons.service
15:42 supermike_ joined #salt
15:42 nikdatrix joined #salt
15:43 cgiroua ^^ Figured out the docker issue, new hosts have a newer salt-minion package (apparently not compatible with the slightly older salt master version I'm running) ... downgrading the minion worked
15:44 jessexoc joined #salt
15:46 dezertol joined #salt
15:46 babilen cgiroua: Your master should be at least as new as your newest minion and there shouldn't be too much variation in versions you use
15:47 noobiedubie thanks babilen
15:47 freelock joined #salt
15:54 mikecmpbll joined #salt
15:55 censorshipwreck joined #salt
15:58 cgiroua thanks babilen ... hero of the day for the salt channel :)
15:59 antpa joined #salt
16:01 benjiale[m] joined #salt
16:01 saintaquinas[m] joined #salt
16:01 jerrykan[m] joined #salt
16:01 theblazehen joined #salt
16:01 gomerus[m] joined #salt
16:01 Jon-Envisioneer[ joined #salt
16:01 ThomasJ|m joined #salt
16:01 fujexo[m] joined #salt
16:02 quay joined #salt
16:04 tiwula joined #salt
16:04 pcn Is sysdoc.runner_doc supposed to work for custom runners?  For some reason I'm getting nothing back.
16:04 Artanicus joined #salt
16:04 antpa joined #salt
16:05 candyman89 joined #salt
16:07 Praematura joined #salt
16:07 mpanetta_ joined #salt
16:09 rem5 joined #salt
16:10 mpanetta_ joined #salt
16:12 misconfig joined #salt
16:13 misconfig Is there a way to have a minion request a command to be run from the master?
16:13 aneeshusa joined #salt
16:13 misconfig For instance, I want the salt master to execute an api call to create a kafka topic when a minion runs a state
16:16 heaje joined #salt
16:19 greyeax joined #salt
16:20 pcn misconfig I think you can do that with beacons and reactors
16:20 misconfig thanks pcn, I'll continue down that path
16:20 pcn Actually, to react to a minion running a state, you don't need to use a beacon, just a reactor
16:20 greyeax joined #salt
16:21 censorshipwreck joined #salt
16:21 pcn The beacon is only needed it if is a response to a non-salt event on the minion
16:21 MTecknology You can send an event for the reactor
16:21 misconfig This is great, thanks
16:22 misconfig I had read about reactors but haven't implemented in my environment yet.
16:22 misconfig *opens mastering saltstack*
16:24 MTecknology I have a script that my git user is allowed to execute that is just a wrapper around salt-call event.send. The master reacts to the event by either triggering fileserver.update && 'foo*' state.highstate or by setting a value in sdb that the scheduler uses to kick off global highstates
16:24 bvcelari @babilene... sadly tried again from scratch and after mine.update get None answers :(
16:25 bvcelari I guess I am still missing smoething that did before manually (sadly) I will try again tomorrow, thx again for your help
16:25 misconfig looking over my stuff, I do have a reactor, it calls fileserver.update when someone pushes to master (git hook)
16:25 cyteen joined #salt
16:25 woodtablet joined #salt
16:25 misconfig nice process MTecknology
16:26 rem5_ joined #salt
16:26 Elsmorian joined #salt
16:27 pipps joined #salt
16:28 Elsmorian Hi all. My docker config was working fine in 2016.11.3, but has broken in 2016.11.4 - I see now that you have to run the docker login function manually, which I have done and get a "Status: Login Succeeded" message, but when applying my salt states, they all fail complaining authentication is required
16:30 pipps joined #salt
16:30 zerocoolback joined #salt
16:31 aneeshusa joined #salt
16:31 MTecknology misconfig: make sure you get out of the reactor system as quickly as possible; use it to hand things off to orchestration or something.
16:33 censorshipwreck joined #salt
16:35 woodtablet joined #salt
16:35 edrocks joined #salt
16:35 woodtablet i am here to pound salt, and i am all out of salt
16:35 woodtablet =D
16:35 DammitJim joined #salt
16:36 whytewolf o/
16:37 englishm_llnw joined #salt
16:40 censorshipwreck joined #salt
16:44 Elsmorian Looking into it further, it looks like this .docker/config.json is not being created - it is not produced either in my base users home dir, or roots (as I am using sudo to run salt-call docker.login)
16:50 xet7 joined #salt
16:54 pbandark Hi..
16:54 pbandark I have defined tomcat version in pillar "version: 8.5". But, how I can update this value run time? for ex. from web application if someone selects tomcat version 9 then value in pillar data should get updated "9".
16:56 WKNiGHT joined #salt
16:57 whytewolf pbandark: might need some testing. but most of the modules let you specifiy pillar. which will get merged in with the current pillars. however merging can overright all of the pillar. so your application might need to download the pillar. adjust it then include the updated pillar. all of that really isn't included here.
16:59 pbandark ok
17:01 hacks joined #salt
17:01 impi joined #salt
17:03 candyman89 joined #salt
17:05 overyander joined #salt
17:05 pipps joined #salt
17:11 sjorge joined #salt
17:15 mikea- joined #salt
17:19 dyasny joined #salt
17:23 rylnd joined #salt
17:27 cgiroua joined #salt
17:28 sarlalian joined #salt
17:28 cg__ left #salt
17:29 gmoro joined #salt
17:29 shoemonkey joined #salt
17:32 cyteen joined #salt
17:38 gtmanfred whytewolf: i finally got devstack working, so i have the shade driver started :)
17:38 wendall911 joined #salt
17:43 rewbycraft Devstack... That's finnicky.
17:43 nikdatrix joined #salt
17:47 whytewolf o/ay on shade. and agreed on devstack being finnicky. almost all of the deployment systems i have seen for openstack are finnicky. only exception was when i built my own
17:48 whytewolf but custom built methods always seem to "just work"
17:48 whytewolf until you need to support it
17:48 rewbycraft Same for me
17:48 rewbycraft I've been working on deploying openstack with salt
17:48 rewbycraft Only spend maybe 30 minutes a week on it, so it's slow going
17:48 rewbycraft But it's going
17:48 whytewolf salt [from liberty to mitaka]
17:49 whytewolf grrr.
17:49 rewbycraft To be fair, I always dislike the pre-existing deploy stuff
17:49 whytewolf I have done it twice. and done an upgrade of openstack with salt [from liberty to mitaka]
17:49 rewbycraft Ah cool
17:49 rewbycraft I tend to like to do my own deploy scripts
17:49 rewbycraft Nothing against the work others put in
17:50 rewbycraft But I tend to have a "this is how I want it to be setup" and that's often unique to me
17:50 rewbycraft And I enjoy knowing my deploys in-and-out
17:50 whytewolf agreed. hell i learned some of the basics of openstack using mirantis. but i also learned to hate mirantis because of limitations that it has that i know openstack doesn't
17:50 rewbycraft Yup
17:51 rewbycraft I tried their ansible scripts
17:51 rewbycraft But, as with any such system, it makes assumptions
17:51 rewbycraft Many of which are not applicable to me.
17:51 whytewolf yeap
17:51 rewbycraft And for things like openstack, custom's the way of life for many things
17:52 rewbycraft Talking about custom, I've been working on opensourcing my formulas
17:52 rewbycraft So that others don't need to custom some things
17:53 whytewolf likewise. although right now. i don't have much that is opensourcable doing a compleate rewrite so that i can give it with out some thing i hard coded don't get defined. and well. it is "slow" i maybe spend and hour a month on it.
17:53 rewbycraft hour a week here, but same story
17:54 rewbycraft My salt-master died (motherboard failed and it's not worth replacing)
17:54 rewbycraft So I'm taking this as the oppertunity to restructure my internal repos
17:54 rewbycraft And slowly rewrite parts of it, push them out and then replace the existing part with it
17:54 raspado anyone familiar with cloudinit? need to disable /dev/vdb automount on /etc/fstab, i see theres a way to do it in cloud-init but we provision systems via salt using the openstack driver
17:56 whytewolf raspado: if it is something you can pass in through cloudinit from openstack it mist likely needs to go through userdata_file. other wise you need to build a custom image
17:56 rewbycraft Actually, if anyone would be willing to look at and give some feedback on one of the (as of yet untested) formulas I've already published, that would be nice.
17:57 raspado thanks whytewolf
17:58 whytewolf raspado: Packer is a friend if you need to build a custom image.
17:59 raspado yeah we use packer to build the image, ansible provisions the instance so ill just do a lineinfile to remove /dev/vdb automount
17:59 raspado thx again whytewolf!
17:59 gtmanfred hrm, i should probably try to use packer to build my testing alpine image.
18:01 whytewolf gtmanfred: yes you should. :P
18:01 gtmanfred yeah, i have just been building them in vmware fusion, exporting the ova, and converting the vdisk using qemu-img
18:01 jdipierro joined #salt
18:01 whytewolf rewbycraft: post a link. I'm sure someone here can take a look
18:01 whytewolf gtmanfred: ouch way to much work
18:02 rewbycraft whytewolf: https://git.roelf.org/projects/INFRA/repos/wireguard-formula/browse
18:02 gtmanfred all i have to do is install alpine, switch to the edge repositories, install sudo, cloud-init, bash, and then add the alpine user... so it isn't that difficult
18:02 rewbycraft I would like to re-iterate that I haven't actually put that formula to the test
18:02 whytewolf gtmanfred: with packer you just need to setup salt to do all that and tell packer to build your image :P
18:03 rewbycraft Plan is to switch split out the networkd-formula too and then rip/replace that level of L2/L3 interconnect
18:03 rewbycraft * in my salt states
18:06 MTecknology I'm planning on using "salt-cloud -H -y -m cloud.map" in a cron and then having a second invokation whenever I make any commits that change the pillar file that produces cloud.map.
18:08 whytewolf rewbycraft: in wireguard_device_{{device_name}} context: the 2 items under that should have 2 more spaces. right now they are in the same dict as context when they should be a dict under context.
18:08 Praematura joined #salt
18:08 rewbycraft whytewolf: Ah whoops. I've been trying to learn to use vim, haven't quite figured it out. Thanks for pointing that out
18:09 MTecknology I didn't realize how powerful salt-cloud was and how much neat logic it already had built in. This is exciting. :)
18:10 MTecknology rewbycraft: http://yaml-online-parser.appspot.com/
18:10 rewbycraft MTecknology: There's a fair bit of jinja in there.
18:11 rewbycraft For context, the file whytewolf was referring to: https://git.roelf.org/projects/INFRA/repos/wireguard-formula/browse/wireguard/config.sls
18:12 whytewolf rewbycraft: https://github.com/whytewolf/salt-debug helpful tool for rendering.
18:12 rewbycraft That's actually very helpful!
18:12 whytewolf I'm thinking of adding a yaml lint to it. but keep getting to lazy
18:13 rewbycraft Fair
18:13 jdipierro joined #salt
18:13 rewbycraft Also, in your opinion, is that formula too jinja-heavy?
18:13 rewbycraft I've been trying not to over-use/abuse it
18:13 rewbycraft But it felt like the nicest way of doing this
18:14 whytewolf actually it is a lot cleaner then most i have seen.
18:14 whytewolf the worst being those nasty ng formulas
18:14 MTecknology whytewolf: pillar["wireguard"].get("devices").items() <-- can probably be done better
18:14 MTecknology err.. rewbycraft *
18:15 rewbycraft Any suggestions on how I could do that better?
18:15 rewbycraft My logic when figuring out the pillar format was that device names are unique
18:15 rewbycraft So they'd make for a good key to group the device's settings under
18:15 MTecknology salt['pillar.get']('wireguard:devices', {}).items()
18:15 foo_user joined #salt
18:16 MTecknology I wonder if that's better or not, though
18:16 pipps joined #salt
18:16 rewbycraft I doubt it
18:16 whytewolf little more readable.
18:16 rewbycraft There's no point in even running this formula if you have no devices specified
18:16 rewbycraft But yeah, I need to figure out the salt['pillar.get'] syntax as I've always just used pillar.get
18:16 MTecknology at least include the default to .get()
18:17 rewbycraft Is there any real difference between the two?
18:17 rewbycraft I guess
18:17 Reverend is this a fucking joke...
18:17 MTecknology one is operating on a dictionary and the other is using a module to perform the lookup
18:17 Reverend changing a grain takes 28,899ms
18:17 Reverend what
18:17 Reverend WHAT
18:17 whytewolf pillar.get accesses the pillar dict directly. while salt['pillar.get'] calls the module pillar.get
18:17 rewbycraft Ah
18:18 MTecknology I'm bad at explaining things...
18:18 Reverend https://hastebin.com/neyujadupu.sql boys and girls.... this right here is quite literally the biggest fucking joke I've ever seen.
18:18 whytewolf that can't be right.
18:19 MTecknology Reverend: If you keep swearing and ranting, you can pretty safely expect to wind up on people's /ignore lists
18:19 Reverend MTecknology: oh for sure. dont doubt it.
18:19 Joy is salt-ssh supposed to be working with the gpg renderer?
18:20 Joy it seems to be running remotely or something, because i get gpg: keyblock resource `/.salt-ssh-thin-dir/gpgkeys/secring.gpg': file open error
18:20 impi joined #salt
18:21 Reverend whytewolf, that's what I was thinking... except it literally takes like 4-5 mnutes to reply to the master.
18:21 Reverend whytewolf no idea why. just looking at it now.
18:21 * whytewolf shrugs. i don't mind a little swearing. but i am also the son of a VA nurse, who became an english teach and a truck driver. and a VA electrical engineer that was also a navy reserve chief. so. take my opinion on swearing with a bucket of salt.
18:21 MTecknology rewbycraft: the option that calls the module will be include more processing, but it'll also catch most edge cases and unexpected oddities... and it'll cleanly handle if pillar['wireguard'] doesn't exist. In my opinion, it's the substantially more robust option.
18:22 rewbycraft That's what I gathered from the docs as well
18:22 rewbycraft Was already changing it over somewhat
18:22 Reverend whytewolf, that was a perfect time to crack a salt joke... you missed a fine oportunity there sir,.
18:22 rewbycraft Although for some things, I do expect it to throw an error
18:22 rewbycraft For example, if you're missing the private_key field
18:23 Reverend Apparently CPU load goes up to 60% during a highstate time too... O_O
18:23 rewbycraft It will cause a runtime error, so I'd rather it fail when rendering the states than things not working
18:24 whytewolf Reverend: that is strange. do you have a ton of grains in /etc/salt/grains?
18:25 whytewolf that would be the only reason i would think it would take that log. reading in the current grains. filtering through to make sure if this one is already set. the outputting again.
18:25 Reverend whytewolf: nope. I have a server that's -not- in an autoscaling group...and that seems to return just fine... the other two however, they have a tendancy to just splode. I'm just gonna run one with verbose on and see what happens.
18:25 Reverend weirdly, they're all the exact same EC2 type... no credit issues... so im not sure .
18:25 Reverend might just need restarting ;)
18:26 Reverend 22464 root      20   0  784148 133936   2800 R 100.0  3.7   2:18.43 salt-minion
18:26 Reverend ^ 100% CPU usage
18:26 Reverend GG
18:26 Reverend :D
18:27 rewbycraft MTecknology, whytewolf: I made some changes to address your comments so far. (namely using salt['pillar.get'] instead of pillar directly) Thank you very much for spending the time. *gives a digital cookie*
18:27 whytewolf so gtmanfred, question about the shade driver you are developing. are you just doing the salt-cloud driver or are you also going to build module/states?
18:29 rewbycraft One thing that amuses me is that neither of you commented on the use of a custom patched systemd
18:29 PowerSprayer joined #salt
18:30 jas02 joined #salt
18:30 noobiedubie joined #salt
18:31 dyasny joined #salt
18:31 rewbycraft (Before a retroactive question arises w/r the patched systemd: I needed to do a custom patched one anyway to backport a PR that fixes a bug. Figured I might as well include the wireguard patches and give those some testing as I know the dev of the patches)
18:31 MTecknology rewbycraft: the jinja you have there seems perfectly fine. It's not hard to follow and doesn't create complicated logic. The only thing I'd change aside from pillar.get is whitespace which is a personal preference.
18:31 rewbycraft I whitespace them in a way that keeps it straight in my head
18:31 rewbycraft But yeah, that's just personal preference
18:32 rewbycraft I tried to keep the jinja simple. Avoid programming, but not engineer overly complicated solutions
18:32 rewbycraft The closest thing to jinja abuse is probably the clean_old stuff in config.sls
18:33 MTecknology that's the only file I actually looked at
18:33 Reverend whytewolf - seems like most states that need to read from the drive are taking like 6 seconds... not sure why most of them are okay, but I'd say 1 in 5 are like "yep im just gonna hang around here for a minute" :D
18:34 edrocks joined #salt
18:34 whytewolf Reverend: if you look at top on the system what is your si and wa at?
18:34 rewbycraft Hoenstly, I just want it to delete tunnels it created but were removed from the pillars.
18:34 raspado joined #salt
18:34 rewbycraft I don't use firewall formulas atm because although they'd be simpler
18:35 rewbycraft They don't close ports they previously opened
18:35 Reverend that's a good idea whytewolf. gimma sec
18:35 Morrolan joined #salt
18:35 rewbycraft * if that port was removed from the pillar
18:35 MTecknology rewbycraft: https://git.roelf.org/projects/INFRA/repos/wireguard-formula/browse/wireguard/map.jinja  what's a marge?
18:35 rewbycraft *merge
18:35 rewbycraft That's a typo
18:36 Reverend I -may- turn one of these servers off and on again and see what borks.
18:36 MTecknology Reverend: I know.. figured I'd point it out. :)
18:36 whytewolf hehe tab complete mistake? MTecknology
18:36 rewbycraft I presume so
18:36 Reverend whytewolf 0.0 wa,  0.0 hi,  0.0 si, ..... -_-
18:36 Reverend i think this is gonna be an AWS thing.
18:37 Reverend maybe drive credits or something
18:37 MTecknology Did I do a tab complete fail?
18:37 whytewolf MTecknology: you flagged Reverend for rewbycraft
18:37 whytewolf :P
18:38 whytewolf Reverend: yeah this is sounding more and more like AWS messing with you
18:38 MTecknology ah
18:38 Reverend whytewolf: yeah... still... confusing AF :D
18:38 juntalis joined #salt
18:39 GnuLxUsr joined #salt
18:40 MTecknology I'm not used to needing more than two letters for tab complete to always be right
18:40 rewbycraft I do that entirely too often
18:40 MTecknology I'm not even sure I mentally process anything after the first 2-3 characters of a nick anymore.
18:41 whytewolf i only noticed cause of the capitalsation so, and really just messing with ya it is an honest easy thing to do. i know i probley do it all the time
18:42 pipps joined #salt
18:43 monokrome joined #salt
18:47 MTecknology I need to figure out how to correctly set up salt-cloud to deploy a vm on my proxmox cluster...
18:48 GnuLxUsr joined #salt
18:49 fracklen joined #salt
18:50 Nightcinder joined #salt
18:51 toanju joined #salt
19:06 Elsmorian joined #salt
19:07 gtmanfred whytewolf: what I am doing now is building the cloud driver first, then I am going to be moving all the keystone,neutron,heat,glance modules and states over to shade.
19:08 MTecknology hg graft -r 5580fcc76cad
19:08 MTecknology s/.*//
19:11 bmcorser joined #salt
19:12 Reverend MTecknology wrong window ? ;D
19:21 kiltzman joined #salt
19:23 whytewolf gtmanfred: kewlies
19:23 kiltzman joined #salt
19:25 Reverend whytewolf found some consistency...
19:25 Reverend it's the file.managed's that are taking 6 seconds - every - single - time
19:25 Reverend :o
19:29 aldevar joined #salt
19:30 cyborg-one joined #salt
19:33 pipps joined #salt
19:33 cscf Reverend, precisely 6 seconds?
19:33 Trauma joined #salt
19:34 aldevar1 joined #salt
19:36 XenophonF joined #salt
19:36 whytewolf Gah github giving me unlimited free private repos has been a pain. so many random projects started that i now have to clean up
19:39 nkuttler just throw away your credentials..
19:40 whytewolf or, i just clean up my repos.
19:44 nikdatrix joined #salt
19:46 Joy can someone help me with salt-ssh and gpg rendering? i really don't get the logic, why is there any attempt to read gpgkeys/secring.gpg from the thin dir on the minion?
19:47 onlyanegg joined #salt
19:49 gtmanfred i do not believe that the gpg renderer can be used with salt-ssh because of that reason
19:50 gtmanfred or that you do have to setup the gpg key on the minion
19:51 jmiven joined #salt
19:52 haam3r Hi! Has somebody gotten gzip to work in archive.extracted? GeoLite db downloads are still giving me headaches with archive.extracted
19:52 gtmanfred actaully, that might not be true
19:52 gtmanfred hrm
19:53 gtmanfred gzip is not an archive, it is compression
19:54 gtmanfred haam3r: what you are requesting is here https://github.com/saltstack/salt/issues/23588
19:54 saltstackbot [#23588][OPEN] states.archive doesn't support gzip, whereas modules.archive does | Found this: https://github.com/saltstack/salt/blob/develop/salt/states/archive.py#L209...
19:55 Joy gtmanfred: i examined some older issues and it looks like it's supposed to work, and i can get it to run, sprinkling some extra debug indicates it runs twice, once on the minion, another time on the master
19:55 haam3r gtmanfred: thanks
19:56 Joy gtmanfred: i'm only using it in a static pillar on the master, so it looks like it should be rendered on master, no?
19:56 gtmanfred so
19:56 gtmanfred the problem with pillars on salt-ssh
19:56 gtmanfred is that the way that regular minions get it is passed down from the transport layer
19:56 gtmanfred well, salt-ssh doesn't have the transport layer back to the master, instead it uses wrappers to run some of these commands
19:58 gtmanfred and i don't know if the master loads it and sends it down or the minion refreshes it
19:58 gtmanfred or both, and the minion just fails
19:58 gtmanfred i think the minion fails and we catch it and inject the pillar.d data
20:00 jdipierro joined #salt
20:05 feelinsalty joined #salt
20:07 feelinsalty Hey everyone, hopefully quick question. I have a bunch of minions that are showing on the master as down (via salt-run manage.down) because of a firewall issue to these minions. The firewall issue has been resolved and I can issue test.ping to all nodes listed as down, but how do I get the salt master to see them as up via salt-run manage.up?
20:08 feelinsalty and alternatively to not get listed as down using manage.down
20:13 feelinsalty Argh ... they are now showing as up *hand-to-forehead* ... busy day.
20:15 whytewolf i think i blinked.
20:18 PowerSprayer i thought salt was the official lol and dota irc... i'm disappointed
20:22 Terminus joined #salt
20:25 asyncsec joined #salt
20:26 dps joined #salt
20:27 MTecknology you're disappointed that salt isn't the official lol?
20:27 dps Hi.  I have a dumb question.  Let's say I have /tmp mounted as noexec. Is there a way to override the temp directory for a minion so that I can use git.latest, for example?
20:28 MTecknology does git.latest need /tmp?
20:29 PowerSprayer left #salt
20:29 PowerSprayer joined #salt
20:30 dps yes
20:30 dps sec
20:31 dps https://gist.github.com/dsulli99/b1d4bd0891c3947008d0beee6b3eeeaa
20:31 pipps joined #salt
20:32 Terminus dps: why not just allow exec for /tmp for just that minion?
20:32 MTecknology noexec on /tmp is pretty typical
20:33 dps Terminus: I'd like to implement this elsewhere, we run in a secure environment
20:33 MTecknology lots of times, you can get around it by using /var/tmp
20:33 dps and I agree with MTecknology that it's typical
20:33 gtmanfred dps: i do not believe so
20:33 dps @gtmanfred ok yeah, I don't see it in the docs.  I was thinking there might be a hacky way to do it like set it in the minion config or set and ENV variable or something
20:34 dps I'm surprised nobody else has experienced this issue before
20:34 MTecknology You can usually muck with the TMPDIR environment variable if you need to not use /tmp
20:34 gtmanfred dps: https://github.com/saltstack/salt/blob/develop/salt/modules/git.py#L230
20:35 dps yeah, I've done that with cmd.run MTecknology but never with a state like this
20:35 MTecknology I don't really know either...
20:35 PowerSprayer left #salt
20:35 gtmanfred dps: yup, it does not look like you can change that
20:36 dps @gtmanfred, ok thank you.  and thank you MTecknology for answering as well.
20:36 aneeshusa joined #salt
20:36 MTecknology I know it's standard practice to put noexec on /tmp, but I've thought of it as effective enough to be worth the extra headaches.
20:37 gtmanfred yeah, it doesn't actually do anything, you can always still exec those files by running them with the #!/bin/bash
20:38 gtmanfred even if it is a c file, i can still be run by the loader /bin/ld
20:38 gtmanfred even if it is on a noexec filesystem
20:38 MTecknology and /var/tmp is almost always excluded from that noexec practice and just as easily used if you ever find an exploit that can use it.
20:39 dps I think it's mostly to prevent malicious users from dropping files there that other users might inadvertently execute
20:39 MajObviousman is there any way to set up an ad-hoc node group? For instance I do a cmd.run which does some complicated something and returns either yes or no
20:39 MajObviousman for every minion which responded yes, I want to then do a second job
20:39 dps putting a malious world executable file in /tmp is like laying a land mine
20:40 gtmanfred there used to be an executor matcher, but it was deamed unsafe, because it allowed for executing commands on the minion during the matching process
20:40 gtmanfred MajObviousman: not really
20:40 aldevar1 left #salt
20:40 dps MaJObviousman: have you thought about having some job set a custom grain value at some interval, and then selecting o that?
20:41 dps does it have to be conditional in the same invocation of salt?
20:41 MTecknology dps: The more you manage things with salt, the less you'll have admins logged into systems (ideally, never), and if an admin of yours is able to accidentally execute a malicious file dropped into /tmp, you should probably accidentally terminate them.
20:42 gtmanfred lol
20:42 dps MTecknology im not disagreeing, but we really try to apply security consistently across our systems, we have some multiuser systems that we use salt for
20:42 dps i work in an academic research computing unit
20:42 dps we have multiuser systems
20:42 MTecknology ouch
20:42 gtmanfred dps:what init system are you using?
20:42 dps right now we use systemd and init.d
20:42 dps we are split on RHEL6/7
20:42 gtmanfred ok, check out tmpfiles.d
20:43 gtmanfred ahh lame
20:43 gtmanfred tmpfiles.d solves some of your problems
20:43 gtmanfred well part of the problem
20:43 MTecknology s/init.d/sysV/ .. probably
20:43 gtmanfred you can have it delete files that have not been accessed in a certain amount
20:43 gtmanfred MTecknology: actually, upstart turns out
20:43 MTecknology people still use upstart?!
20:43 gtmanfred MTecknology: rhel 6 is upstart
20:44 MTecknology I didn't realize we were talking about rhel 6
20:44 gtmanfred ╰ » we are split on RHEL6/7
20:44 MTecknology ah, there.. I didn't read it
20:44 gtmanfred :)
20:44 Joy gtmanfred: this is the issue that led me to believe salt-ssh should be working with gpg renderer: https://github.com/saltstack/salt/issues/19114
20:44 saltstackbot [#19114][MERGED] salt-ssh and gpg pillar renderer | Pillar data that is gpg encrypted does not decrypt with salt-ssh. Any idea why?...
20:44 dps @gtmanfred tmpfiles.d kind of solves the problem but not really
20:44 Joy does it matter that i didn't set a
20:44 MTecknology so redhat has a history of picking crappy init systems, eh?
20:44 Joy renderer: jinja | yaml | gpg
20:44 Joy in the global master config?
20:45 gtmanfred i do not know
20:45 onlyanegg joined #salt
20:46 gtmanfred MTecknology: sysvinit in rhel 5, upstart in rhel6 because back then that seemed like the next init system, then ubuntu was unwilling to work with them on the CLA agreement, and so they started using systemd, which i think is great
20:46 gtmanfred certainly as a developer, and a former packager for ArchLinux, it made maintaining and testing init services easier
20:47 MTecknology I personally hate the crap out of sysD for lots of reasons. I'll be keeping it out of my home network as much as possible until at least debian 10.
20:48 MTecknology it looks like it might be an okay init system if they ever start improving the init bits, but the sysD OS is quite frustrating to deal with.
20:49 * gtmanfred is an op in #systemd too >.>
20:50 Joy maybe i'm seeing some variant of https://github.com/saltstack/salt/issues/29341
20:50 saltstackbot [#29341][OPEN] salt-ssh-2015.8.3 gpg renderer doesn't work for the roster | Changes between 2015.8.2 and 2015.8.3 have broken salt-ssh badly. It is currently unusable. It appears to be related to the refactor of the gpg renderer as related to the removal of the python-gnupg dependency. This is similar in nature to the error seen in issue #19114, related to some differences between **salt** behavior in salt-ssh versus salt itself. Further, it's is interesti
20:50 nixjdm joined #salt
20:51 Joy but i didn't try to use gpg in the roster file itself
20:52 sjorge joined #salt
20:59 MajObviousman dps: I have thought of that, but that would require editing the minion config and then restarting the minion, right?
21:00 gtmanfred MajObviousman: it would not, just put it in salt://_grains, and then saltutil.sync_grains
21:00 MajObviousman oh hmmm
21:00 gtmanfred https://docs.saltstack.com/en/latest/topics/grains/#writing-grains
21:00 MajObviousman right I was just looking at that
21:00 gtmanfred https://docs.saltstack.com/en/latest/ref/file_server/dynamic-modules.html
21:03 pipps joined #salt
21:05 MajObviousman so then job runs and each monion returns "yes" or "no". Custom returner to add/modify a custom grain, then trigger a saltutil.refresh_grains
21:05 MajObviousman knowing what the returner will set, I can then select on that custom grain for the next job. And probably I want that next job to delete the custom grain too
21:06 gtmanfred oh, umm yeah that is going to be more difficult
21:07 MajObviousman it seems very round-about
21:07 MajObviousman but this is an idiom I've needed a bunch of times in the past few weeks
21:07 gtmanfred so, IMO what you actually want to use is states
21:07 gtmanfred so that you can just run it a bunch of times on the same minion, but it only makes the change once
21:08 gtmanfred because of idemopotance
21:09 MajObviousman you're right. I'm playing twister to avoid doing that. Any state file changes have to go through git and a review
21:09 nixjdm joined #salt
21:09 MajObviousman that's just our company being silly though
21:09 gtmanfred :)
21:10 MajObviousman unrelated question: I recall there being a way to manage a minion's config using wheel modules, but I'm not seeing it now. Was that functionality moved somewhere else, taken out, or perhaps I am mis-remembering?
21:11 gtmanfred uhh, i do not know, one minute
21:11 gtmanfred I was only aware of the one for the master config https://docs.saltstack.com/en/latest/ref/wheel/all/salt.wheel.config.html#module-salt.wheel.config
21:11 whytewolf wheel generally has to do with the master. not a minion
21:12 antonw left #salt
21:12 MajObviousman so then I'm misremembering
21:12 MajObviousman is what I thought, thanks for confirmation
21:13 swills joined #salt
21:13 whytewolf not really sure of a module that changes the minion config. there is the config module but that is more for using the config.
21:13 c_g joined #salt
21:13 bvcelari joined #salt
21:14 gtmanfred yeah, i was looking for one the other day as well actualy, and couldn't find one
21:14 whytewolf file.managed?
21:14 whytewolf :P
21:14 MajObviousman I put together a file.sed and then a watch: service.reload. Let's see how it does
21:14 gtmanfred salt-minion can't be reloaded
21:14 MajObviousman oh? Well that's going to be a problem
21:14 gtmanfred it has to be restarted, and a state call will probably not return correctly
21:14 gtmanfred yeah
21:15 gtmanfred there is a feature request to sighup minions and master
21:15 gtmanfred but... it is difficult problem to solve
21:15 MajObviousman it is indeed. Almost has to be architected from the beginning
21:15 gtmanfred https://github.com/saltstack/salt/issues/570
21:15 saltstackbot [#570][OPEN] master/minion should accept a SIGHUP and reload config |
21:15 * MajObviousman adds to "when I have time, do some dev on this" list
21:15 swills joined #salt
21:15 MajObviousman pah hahaha, when I have time ... in 2028
21:15 gtmanfred heh
21:16 gtmanfred i have a list like that too
21:16 whytewolf there is this for now though to get people byy https://docs.saltstack.com/en/latest/faq.html#what-is-the-best-way-to-restart-a-salt-minion-daemon-using-salt-after-upgrade
21:17 gtmanfred if you are using systemd, you can actually do `service.restart` on salt-minion from the commandline
21:17 gtmanfred just not in the middle of a state run
21:18 whytewolf yeah. kind of wish thee was a way to run something like watch does mod_watch. but instead of the mod_watch function it runs what ever you give it
21:18 whytewolf that was listen could use it
21:19 MajObviousman someone else pointed out I could do systemd-run --on-active=5 restart salt-minion
21:19 MajObviousman on systemd systems only, ofc
21:19 MajObviousman or at
21:19 pipps joined #salt
21:20 MajObviousman the 10% thorny issues we spend 75% of our time ...
21:20 whytewolf 10%?
21:21 MajObviousman shhh
21:21 * whytewolf looks at his pdns ip netns needs and wish it was only a 10% issue
21:22 jhauser joined #salt
21:22 gtmanfred i really need to figure out how network namespaces work, i can troubleshoot them, but i have no idea why they work
21:22 gtmanfred magic
21:23 whytewolf it basiclly is just container code in the kernel
21:23 gtmanfred yeah, super magic
21:23 jhauser joined #salt
21:23 whytewolf yeap
21:23 whytewolf black magic
21:24 jhauser joined #salt
21:24 keltim joined #salt
21:24 rewbycraft I like them
21:24 jhauser joined #salt
21:25 rewbycraft But I really need to do a good deep dive into their internals
21:25 gtmanfred they are useful
21:25 gtmanfred same
21:25 rewbycraft Oh yeah. Very useful
21:25 jhauser joined #salt
21:25 rewbycraft I like using them to create low-overhead "routers" on VM systems
21:26 rewbycraft Or to do anycasted DNS resolvers across my network
21:26 jhauser joined #salt
21:27 whytewolf they are also good for load balancers
21:27 rewbycraft I like using exabgp in them on some routers for anycasted shared services
21:27 rewbycraft My network spans quite a geographical area and has a number of routers
21:27 Eugene But does it vend
21:28 rewbycraft So it's quite nice to be able to have a common service like DNS available from one IP
21:28 rewbycraft But have it served by the closest core router
21:28 Brew joined #salt
21:28 rewbycraft Yet still have failover should something go wrong
21:28 Eugene fe80::1 is great for tricks like that without multicast
21:28 rewbycraft multicast?
21:28 rewbycraft Well
21:28 rewbycraft I know what multicast is
21:28 rewbycraft But why is it applicable here?
21:28 Eugene anycast, multicast, $FOOCAST
21:29 Eugene Things other than unicast go in my "black magic" bin ;-)
21:29 rewbycraft anycast means that there's >1 device answering to one ip address
21:29 rewbycraft And the routers decide which device answers to you
21:29 MajObviousman I had an "understanding" of them when I was only looking at them from 50k foot viewpoint
21:30 MajObviousman when I zoomed in ... might as well be a mandelbrot
21:30 rewbycraft Networking is fun and confusing
21:31 rewbycraft I do way too much of it
21:31 Eugene And try explaining it to your family at a dinner party
21:31 rewbycraft So I sometimes forget that half of the things I do are considered black magic
21:31 MajObviousman rewbycraft: we have what you're describing for DNS using anycast here
21:31 Eugene "So you can help me with this Windows thing then?" --> "Sure, my base rate is $200/hr"
21:31 whytewolf what is fun is debugging mirantis use of network namesspaces with openvswitch and corosync to find out why it bombs out on a vmware vswitch... that was a very tiring 3 days
21:32 rewbycraft ... I do not feel like explaining how the internet works to my parents. Seriously. They can't even keep "server" vs "the internet" straight
21:32 MajObviousman I don't think we're using netns for it though
21:32 rewbycraft MajObviousman: It's a relatively common concept. But since this is my hobby, I can't afford dedicated machines.
21:32 MajObviousman oh nevermind, I didn't follow the context switch there
21:33 rewbycraft It's basically what google does for 8.8.8.8
21:33 MajObviousman right
21:33 rewbycraft Except I do it in my own network
21:33 rewbycraft Instead of the internet
21:33 MajObviousman I was trying to figure out how setting up namespaces helped you accomplish anycast and it didn't compute
21:33 rewbycraft I use it as a separate network env to run the DNS in
21:34 rewbycraft One each box, the DNS just sees interface lo and veth1 with my "dns ip" bound to veth1
21:34 rewbycraft Each of the DNS-enabled routers tell the rest of the network "I have <dns ip>"
21:35 rewbycraft And whichever one is "closest" (in the network sense) gets sent the packets for "<dns ip>"
21:35 rewbycraft And that router then forwards those packets out to it's veth0 interface and thus to the DNS network namespace
21:35 rewbycraft It's mostly an exercise in keeping my firewall sane
21:35 MajObviousman I was going to use a different word than sane
21:36 whytewolf can a firewall ever be truely sane?
21:36 MajObviousman sure
21:36 rewbycraft If you avoid stateful stuff, yes
21:36 rewbycraft A simple stateless firewall is fairly easy to understand
21:37 MajObviousman I've heard Linux's network stack isn't terribly efficient, such that if you're going to roll your own routers, it's better to use a BSD. Have you observed anything like this?
21:37 rewbycraft Yes and no
21:37 rewbycraft I've seen it be the case on older hardware and for very very high throughput
21:37 MajObviousman we've strayed far from salt talk, so we should maybe move to an offtopic room
21:38 * gtmanfred advertises #salt-offtopic
21:38 gtmanfred :)
21:38 pipps joined #salt
21:38 rewbycraft ... I need to stop messing my buffer order up. This ended up in the place of, what usually is, an -offtopic
21:38 MajObviousman hah
21:38 rewbycraft Sorry gtmanfred
21:38 rewbycraft (and everyone else)
21:38 gtmanfred no worries :)
21:39 * rewbycraft puts pinning buffer numbers on his todo list
21:40 antpa joined #salt
21:41 antpa joined #salt
21:42 onlyanegg joined #salt
21:45 nikdatrix joined #salt
21:46 dps joined #salt
21:46 Eugene I am of the opinion that idle chatter in an otherwise full-but-dead channel is perfectly normal
21:47 Eugene Or put another way: shut up when something serious starts being discussed
21:48 gtmanfred right
21:48 gtmanfred but we are having a nice discussion about nftables over in #salt-offtopic now
21:48 pipps joined #salt
21:56 canci joined #salt
22:00 DEger joined #salt
22:00 MajObviousman Eugene: counter-point: something else serious isn't being discussed because there is already a discussion ongoing and the party what wants to start a new discussion doesn't wish to interrupt
22:00 Eugene IRC is a write-only protocol: does not hurt anything to speak up
22:00 MajObviousman absolutely
22:02 dps joined #salt
22:02 MajObviousman I'm in agreement with you, but I like to DA just in case
22:05 edrocks joined #salt
22:06 jauz joined #salt
22:15 onlyanegg joined #salt
22:16 aneeshusa joined #salt
22:28 DEger joined #salt
22:29 SneakyPhil joined #salt
22:29 SneakyPhil Hi there. Is it possible to have salt print the formula name?
22:30 SneakyPhil With "{{ sls }}" I can print the formula.sls_file name, but that's a little too much more information than I need.
22:31 MTecknology Eugene: In practice, OT chatter rarely stops when people start asking questions.
22:33 gtmanfred SneakyPhil: {{sls.split('.')[0]}} ?
22:35 inetpro joined #salt
22:35 SneakyPhil gtmanfred: always my hero
22:36 gtmanfred <3
22:36 SneakyPhil it works for everything except required_in:
22:36 SneakyPhil when it's in required_in: it will complain about not being in the highstate
22:36 gtmanfred yes, required_in i do not believe supports sls:
22:36 gtmanfred p sure there is an open issue
22:36 SneakyPhil tl;dr I'm putting in BATS tests for my companies formulas
22:37 SneakyPhil so that we can validate that the salt stuff is doing what we want after upgrading/downgrading salt and passing the code between teammates
22:38 gtmanfred https://github.com/saltstack/salt/issues/40771
22:38 saltstackbot [#40771][OPEN] `require_in` does not add require to all states in a stateid | Description of Issue/Question...
22:39 SneakyPhil ahhh
22:39 SneakyPhil ty!
22:40 gtmanfred no problem
22:40 pipps joined #salt
22:44 mikecmpbll joined #salt
22:54 DEger_ joined #salt
22:59 dendazen joined #salt
23:02 druonysus joined #salt
23:02 cryptcub3 joined #salt
23:03 DEger joined #salt
23:04 cryptcub3 left #salt
23:12 Praematura joined #salt
23:24 DEger joined #salt
23:26 fracklen joined #salt
23:39 masber joined #salt
23:41 bbbryson joined #salt
23:43 asyncsec joined #salt
23:46 nikdatrix joined #salt
23:48 asyncsec joined #salt
23:50 mosen joined #salt
23:50 druonysus joined #salt
23:56 thinkt4nk joined #salt
23:57 Rumbles joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary