Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2017-05-17

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:04 cyborg-one joined #salt
00:18 woodtablet left #salt
00:21 stack_korora joined #salt
00:29 stack_korora I am setting up salt for the first time. The easy examples are working, but now that I am trying to add a formula I am running into issues. Can someone help out please? https://pastebin.com/dxjgCJV8
00:39 Cottser joined #salt
00:40 dnull joined #salt
00:42 hemebond stack_korora: Is `/erv/` just a typo?
00:42 stack_korora Sorry. Yes it is
00:43 stack_korora My test system is just command line so I am on another computer for IRC/Web :-)
00:46 stack_korora I just tried a super simple version where I just create the file /etc/blah.conf and that works. So maybe it isn't my configuration but rather my misunderstanding of how that formula works. Maybe?
00:46 hemebond Oh, you can't just apply `- apt`
00:46 hemebond You have to use a particular state. Did you read the README for that formula?
00:47 stack_korora I did. But I thought I could just use/adapt the pillar.example.
00:49 stack_korora It gives a link to the salt documentation and I thought I was adapting it properly. The documentation just calls 'apache' so I thought it would just be 'apt'.
00:49 stack_korora Did I misunderstand that?
00:51 iggy you have to specifically assign the states inside that formula (i.e. apt.repositories , apt.ppa, etc)
00:52 iggy some formulas (if they have an init.sls that includes everything) can be used by just including the top level, but not that one
00:54 stack_korora Oh! That just clicked! I had tried the apt.repositories before but it failed (I now know why) so I was just trying to modify apt.sls.
00:54 stack_korora I now see the connection.
00:54 stack_korora And it "works" with my bad values. Not to put in correct values.
00:54 stack_korora Thanks hemebond and iggy for the pointers!
00:54 hemebond ūüĎć
00:56 iggy oh noes... babi-len is catching up to me... http://iggy.ninja/salt.html
00:56 exegesis joined #salt
00:57 sp0097 joined #salt
00:57 iggy (irc stats... nothing terribly off-topic)
01:02 Tantagel BOO
01:03 stack_korora I edited /srv/salt/apt.sls to just include my changes to the repositories. However, it looks like it is not using those. Instead it is taking the default values. Thoughts on where I may have gone wrong?
01:03 iggy stack_korora: you mean /srv/pillar/apt.sls?
01:04 stack_korora Oh. My location is wrong. Let me move it. Thanks!
01:05 stack_korora hrm. Nope. Even in that location it still pulls the defaults.
01:05 stack_korora Let me post my apt.sls. Maybe I did something wrong.
01:06 iggy the minion sees the correct pillar data? (salt-call pillar.get apt)
01:06 prg3 joined #salt
01:08 stack_korora Heres my apt.sls: https://pastebin.com/gaxZ46RW
01:10 stack_korora Hrm. The salt-call seems to have timed out. I might have another problem.
01:11 iggy did you run that on the minion?
01:11 stack_korora Oh. It runs on the minion, just not the master. That makes sense. :-)
01:11 iggy from the master, you can also run: salt '<minionid>' pillar.get apt
01:11 iggy same difference
01:12 stack_korora That just returns blank.
01:12 iggy that's a problem ;)
01:14 stack_korora Hrm. Yeah it just returns the hostname of the minion. Nothing else.
01:14 stack_korora But the defaults are pushing out so it's obviously communicating..
01:15 iggy do you have a top file in /srv/pillar ?
01:15 exegesis joined #salt
01:16 thinkt4nk joined #salt
01:16 stack_korora I have /srv/pillar/apt.sls , /srv/salt/top.sls, and /srv/formulas/apt-formula (which is the git repo)
01:16 stack_korora I first had the apt.sls in /srv/salt but had the same result in salt as I do in pillar
01:17 brousch__ joined #salt
01:19 iggy so you need a top file for pillars too
01:19 stack_korora I saw that in the documentation, but was confused. I thought it was the same thing. What should the difference be?
01:21 stack_korora Oh, doesn't look like base is include in the pillar.
01:22 stack_korora Nope. Reading the doc tutorial on pillar for salt now.
01:24 stack_korora OK. So it does look like it is basically the same file. Except that doesn't work. I get "Specified SLS 'apt.repositories' in environment 'base' is not available on the salt master."
01:25 iggy it's not the same file (it's formatted the same way, but it has to match the names in your pillar dir)
01:25 iggy so for the pillar top, you probably want just: - apt
01:25 iggy since your file is /srv/pillar/apt.sls
01:26 stack_korora Ah! Ok. Another thing that clicked. That was part of the confusion I had earlier. So the apt matches in the pillar, but I need to match the state in the /srv/salt/top.sls.
01:27 iggy well, you're matching to files effectively
01:27 iggy in /srv/salt, you don't have a file called apt.sls (or apt/init.sls)
01:27 iggy in /srv/pillar, you do
01:28 stack_korora Thanks. That makes sense.
01:28 stack_korora Well, the good news: no errors. The bad news: still using defaults. :-/
01:28 iggy check pillar.get now
01:29 stack_korora Still just the minion hostname. So I have something else still wrong somewhere.
01:30 AvengerMoJo joined #salt
01:30 iggy gist files again?
01:31 stack_korora Do you want all of them?
01:31 iggy the more the merrier
01:32 stack_korora OK. The apt.sls file is still the same: https://pastebin.com/gaxZ46RW
01:34 stack_korora And the other two files that I've edited: https://pastebin.com/z62FShvd
01:34 iggy you forgot match: grain in the pillar top file
01:36 stack_korora Thanks! Didn't change the pillar.get BUT it did run when I did highstate! WhooHoo!
01:36 stack_korora :-)
01:36 iggy check pillar.get after the highstate?
01:37 iggy you probably needed a saltutil.refresh_pillar in there
01:38 stack_korora Even after I run a successful update, still nothing with pillar.get.
01:38 stack_korora I don't know the reference to saltutil.refresh_pillar.
01:39 stack_korora found the documentation for it :-)
01:39 stack_korora That did it! :-)
01:47 stack_korora Awesome! Thank you very much iggy! I appreciate your help!
01:47 stack_korora Now to explore, learn, and break more things in salt. :-D
01:47 _JZ_ joined #salt
01:48 ilbot3 joined #salt
01:48 Topic for #salt is now Welcome to #salt! <+> Latest Versions: 2016.3.6, 2016.11.4 <+> Support: https://www.saltstack.com/support/ <+> SaltStack Webinar on Carbon, Nitrogen, and Enterprise 5.1 on May 18, 2017 https://goo.gl/PvsOvQ <+> Logs: http://irclog.perlgeek.de/salt/ <+> Paste: https://gist.github.com/ <+> See also: #salt-devel, #salt-offtopic <+> We are volunteers and may not have immediate answers
01:53 justanotheruser joined #salt
01:59 jalaziz joined #salt
02:06 zerocoolback joined #salt
02:07 zerocoolback joined #salt
02:11 Zachary_DuBois joined #salt
02:13 raspado joined #salt
02:23 onlyanegg joined #salt
02:23 stack_korora left #salt
02:28 myoung34 joined #salt
02:28 myoung34 i build AMIs using salt masterless, but the output is very truncated in Jenkins, is there a way to try to get around that?
02:29 myoung34 towards the end of my run: https://paste.fedoraproject.org/paste/qhorAYM9EJrnby~oj7zd7V5M1UNdIGYhyRLivL9gydE=
02:30 myoung34 at some point in the output (differing times depending on run) it just stops and packer starts outputing, it doesnt give me the f inal run statistics
02:30 myoung34 this is my  packer section for salt apply: https://paste.fedoraproject.org/paste/3gIOm17TOxSGjgIth0bApF5M1UNdIGYhyRLivL9gydE=
02:36 MTecknology iggy: Could you tell me if you like old or new better?  https://gist.github.com/MTecknology/33b9e5a56fd5503484b5c4e77ae358e5
02:37 cyborg-one joined #salt
02:38 iggy MTecknology: I'm not sure which is old and which is new
02:39 MTecknology old.{jinja,sls} is old and new.{jinja,sls} is new
02:39 nicksloan joined #salt
02:39 MTecknology the both suck...
02:40 * MTecknology is angry
02:40 iggy I think I'm looking at something different than you
02:40 MTecknology yup...
02:40 iggy I don't see the words old or new on that page anywhere
02:41 iggy (except for "new gist")
02:41 MTecknology https://gist.github.com/anonymous/1fc5b90c91b74af3155fd3cf74fd267f
02:41 MTecknology sorry, I copied the wrong url
02:42 gnomethrower_ joined #salt
02:43 iggy new is easier to read to me (especially the .sls)
02:45 MTecknology $client is in love with the old style and keeps making me introduce old style into what I write for them
02:45 asyncsec joined #salt
02:45 iggy lol
02:45 iggy tell them you forgot how to
02:49 MTecknology I just decided it's not worth my time to stress over. I rewrite things once to make them work, and then twist them back into shape so $client is happy. Sure, it might take 4x as long, but that's what they want me doing so...
02:51 MTecknology iggy: how ya been?!
02:52 prg3 joined #salt
02:52 evle1 joined #salt
02:53 iggy good, living the good life... you know
02:53 iggy you?
02:54 MTecknology I started taking dance class to learn how to dance, hit a rave last friday, and kind of sorta danced... they toop a picture! (lemme find it)
02:55 MTecknology took*   http://imgur.com/E2PfwDG
02:55 iggy nice
02:58 holyzhou joined #salt
02:59 Terminus joined #salt
03:02 karlthane joined #salt
03:15 justanotheruser joined #salt
03:31 J0hnSteel joined #salt
03:32 miruoy joined #salt
03:49 sp0097 joined #salt
04:00 dezertol joined #salt
04:03 Tantagel joined #salt
04:10 AvengerMoJo joined #salt
04:17 jalaziz joined #salt
04:54 jeddi joined #salt
04:55 fracklen joined #salt
05:03 Praematura joined #salt
05:04 prg3 joined #salt
05:19 Bock joined #salt
05:21 dyasny joined #salt
05:22 Bock joined #salt
05:28 felskrone joined #salt
05:38 prg3 joined #salt
05:39 J0hnSteel joined #salt
05:44 inad922 joined #salt
05:45 prg3 joined #salt
05:51 impi joined #salt
05:54 prg3 joined #salt
06:03 preludedrew joined #salt
06:04 golodhrim|work joined #salt
06:07 rdas joined #salt
06:17 do3meli joined #salt
06:18 aldevar joined #salt
06:23 tester882311 joined #salt
06:38 Dr_Jazz joined #salt
06:58 fracklen joined #salt
07:00 geomacy joined #salt
07:05 JohnnyRun joined #salt
07:07 Ricardo1000 joined #salt
07:20 fredvd joined #salt
07:25 fracklen joined #salt
07:30 jas02 joined #salt
07:36 aboe joined #salt
07:36 mikecmpbll joined #salt
07:41 zulutango joined #salt
07:42 nutcase_ joined #salt
07:42 rgrundstrom-home Good morning
07:43 pbandark joined #salt
07:45 lasseknudsen joined #salt
07:47 impi joined #salt
07:53 geomacy joined #salt
07:58 mikecmpbll joined #salt
08:02 oida joined #salt
08:02 fracklen joined #salt
08:06 fracklen joined #salt
08:10 fracklen joined #salt
08:14 Elsmorian joined #salt
08:15 holyzhou joined #salt
08:19 zhouzhengyuan_ joined #salt
08:19 Rumbles joined #salt
08:23 coredumb Morning
08:24 coredumb How do I watch on a directory recursively when the directory is filed with file.recurse?
08:24 coredumb Tried watch file: directory/* but indeed it doesn't match any ID when it's directory that exists
08:26 _KaszpiR_ joined #salt
08:27 babilen coredumb: Wouldn't you just watch the file.recurse state (by either ID or name argument) ?
08:27 babilen Requisites are between states
08:28 coredumb babilen: makes sense
08:30 Mattch joined #salt
08:33 lasseknudsen joined #salt
08:46 jhauser joined #salt
08:47 coredumb babilen: and actually works fine
08:47 coredumb :D
08:47 N-Mi joined #salt
08:47 N-Mi joined #salt
09:02 Tantagel joined #salt
09:03 ronnix joined #salt
09:04 LondonAppDev joined #salt
09:10 rgrundstrom-home Anyone that can help me out here https://justpaste.it/16rp7
09:13 coredumb can I use arbitrary state modules from a reactor ? like state.git.latest or the likes ?
09:15 nico__ joined #salt
09:20 virus joined #salt
09:20 virus hello
09:20 virus AttributeError: 'module' object has no attribute 'x509v3_lhash' while using M2Crypto==0.26.0
09:21 virus any one has encountered the same issue ?
09:21 asyncsec joined #salt
09:25 _KaszpiR_ joined #salt
09:49 Gabemo joined #salt
09:50 babilen coredumb: You can call runners and execution functions. The latter would allow you to run state functions in a SLS or functions from https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.git.html
10:05 Cadmus Hello, I'm on a Centos7 box, but I have a legacy service that uses a script in init.d, is there any way to tell salt to use sysv commands for just tis one service in a service.running statement?
10:14 babilen Cadmus: Do you actually run into problems with that service?
10:15 Cadmus babilen: Yes, it says the service can't be found, that said it's a dead simple service it looks like, so I'll just rewrite it as a systemd unit
10:16 rgrundstrom-home babilen: Think you can check tis and give me an idea on how to solve it? https://justpaste.it/16rp7
10:18 Tantagel joined #salt
10:22 hemebond left #salt
10:32 inad922 joined #salt
10:36 thinkt4nk joined #salt
10:37 babilen rgrundstrom-home: |join(' ') -- http://jinja.pocoo.org/docs/dev/templates/
10:39 ronnix joined #salt
10:40 fracklen joined #salt
10:48 toanju joined #salt
10:50 krymzon joined #salt
10:51 ruxu joined #salt
11:07 LostSoul joined #salt
11:08 tiwula joined #salt
11:09 raspado joined #salt
11:13 fracklen joined #salt
11:15 LostSoul joined #salt
11:19 fracklen joined #salt
11:20 lorengordon joined #salt
11:21 ProT-0-TypE joined #salt
11:26 kbaikov joined #salt
11:30 sjorge joined #salt
11:32 LostSoul joined #salt
11:33 Rumbles joined #salt
11:35 capnhex joined #salt
11:41 nicksloan joined #salt
11:42 ashmckenzie joined #salt
11:43 hex20dec joined #salt
11:48 Praematura joined #salt
11:58 geomacy joined #salt
11:59 ronnix joined #salt
12:06 geomacy joined #salt
12:09 overyander joined #salt
12:16 ssplatt joined #salt
12:18 jas02 joined #salt
12:20 geomacy joined #salt
12:21 jas02 joined #salt
12:25 numkem joined #salt
12:28 ronnix joined #salt
12:32 wavded joined #salt
12:33 numkem joined #salt
12:33 Miouge joined #salt
12:34 Tantagel joined #salt
12:34 jas02 joined #salt
12:34 Ts3po joined #salt
12:34 numkem joined #salt
12:38 evle1 joined #salt
12:38 numkem joined #salt
12:38 Ts3po hi there, I am new to saltstack and was wondering is there a way I can get all hosts with a certain pillar on file e.g return all host with a nginx pillar on a file ?
12:43 myoung34 joined #salt
12:46 wavded_ joined #salt
12:47 lorengordon joined #salt
12:52 wavded joined #salt
12:57 ruxu joined #salt
12:57 wavded_ joined #salt
13:00 ProT-0-TypE joined #salt
13:00 gmoro_ joined #salt
13:03 wavded joined #salt
13:05 ssplatt joined #salt
13:07 Sketch Ts3po: https://docs.saltstack.com/en/latest/topics/targeting/pillar.html
13:12 fracklen joined #salt
13:16 jas02 joined #salt
13:21 candyman88 joined #salt
13:32 Ts3po Sketch: thank you for replying I have tried it on the terminal works fine, but returns data for 1 host when I do {% for x, y in pillar.get(’nginx’, {}).items() %}
13:34 fracklen joined #salt
13:35 Sketch i've never tried it myself, we usually set grains for specific services and use those for targeting
13:35 Sketch salt -G 'role:nginx' ...
13:37 permalac joined #salt
13:39 dyasny joined #salt
13:41 GMAzrael anyone know of good public repos for organizing salt states/pillars?
13:41 GMAzrael for reference?
13:42 permalac joined #salt
13:42 c_g joined #salt
13:43 permalac joined #salt
13:44 permalac joined #salt
13:45 dendazen joined #salt
13:46 Ch3LL GMAzrael: if you just want some states to look at for inspiration there is the saltstack formulas
13:46 Ch3LL https://github.com/saltstack-formulas
13:46 Ch3LL note these are community run
13:46 GMAzrael Ch3ll, more about organizing everythng
13:47 ruxu joined #salt
13:49 edrocks joined #salt
13:50 Ch3LL not sure if follow. But I think you want to just see how others have organized their states. If you just do a search in github you hsould be able to find something
13:50 Ch3LL https://github.com/search?utf8=‚úď&q=salt+states&type=
13:51 Ts3po_ joined #salt
13:52 jas02 joined #salt
13:54 thinkt4nk joined #salt
13:58 zerocoolback joined #salt
14:01 GMAzrael Ch3ll: some people have pillar folders in their repository, but in the saltstack documentation, it is said to not place it in the state folder. Would it be wiser to have a /srv/salt/states folder and update the base repo directive in the master configuration?
14:08 LondonAppDev joined #salt
14:08 cyteen joined #salt
14:18 Ch3LL GMAzrael: yeah its probably smart to keep them seperate. The default location for pillar is /srv/pillar and states is /srv/salt if you want to use those defaults. You are also welcome to use /srv/salt/states as you stated you would just need to update the file_roots
14:20 inad922 joined #salt
14:20 GMAzrael Ch3LL: my thoughts were to do that /srv/salt/states folder so that I could just git init /srv/salt and have pillar and states in git
14:23 Ch3LL GMAzrael that works too :)
14:23 Inveracity joined #salt
14:23 Ch3LL keep in mind there is also gitfs
14:24 GMAzrael gotta get the files in git first
14:24 * Ch3LL nods
14:25 ProT-0-TypE joined #salt
14:27 ecdhe joined #salt
14:29 babilen GMAzrael: I'd keep states, top files and pillars in separate repositories, but you don't have to do that at all
14:31 noobiedubie joined #salt
14:31 GMAzrael babilen: top files?
14:35 babilen top.sls -- https://docs.saltstack.com/en/latest/ref/states/top.html
14:35 onlyanegg joined #salt
14:36 GMAzrael babilen: no I mean, why top files in a seperate repository? wouldnt they stay in the state/pillar repositories respectively?
14:38 c_g joined #salt
14:48 sh123124213 joined #salt
14:49 babilen GMAzrael: Because you might want to use your states in a different context or environments and I see targeting as separate. It also makes it more obvious when changes to targeting has been made and allows for some control as to who is allowed to work on what.
14:53 candyman88 joined #salt
14:59 kap joined #salt
15:01 cscf GMAzrael, We use /srv/saltstack/states and /srv/saltstack/pillar
15:02 puzzlingWeirdo joined #salt
15:04 sarcasticadmin joined #salt
15:05 MajObviousman babilen: so then are you using master_tops to keep the separation, or just repathing where state_top points to?
15:07 thinkt4nk joined #salt
15:08 kap Hey folks, I'm getting an error 'failed to compile' for an {% if salt['file.search'].. because the file it's trying to look for won't exist until a previous state is run.  What's the best way to resolve this without just creating an empty file prior to running the highstate?
15:09 MajObviousman kap: make the state require the previous state
15:09 MajObviousman https://docs.saltstack.com/en/latest/ref/states/requisites.html
15:10 kap so even if it's further down in the base: entry than the state that will create file, it still needs a "require?"
15:10 kap I was under the impression, it was executed top-to-bottom?
15:11 hightower joined #salt
15:12 hightower Hello. With salt-cloud, can I override parameters in a profile? For example, I have a profile that configures a vSphere VM with 16GB of ram, but I want to spin it up with 8GB instead. Is there a way to override with 'salt-cloud' command, or must I update the profile?
15:13 MajObviousman kap: your impression is incorrect
15:13 MajObviousman the order states will go is non-deterministic, as you've run into
15:13 GMAzrael kap: if you put a require in the state, it will wait to execute that portion until the condition is met
15:14 kap so include: statename and a requiring the sls will be sufficient?
15:14 MajObviousman one of the major differences between salt and ansible playbooks
15:15 kap I'm coming from puppet, so this has already been much easier to grasp, this just threw me a bit off.
15:15 GMAzrael kap: state: require: file: $file.directive
15:16 GMAzrael or require: sls: $slsname
15:16 benner joined #salt
15:16 GMAzrael * with proper state formatting.
15:17 kap thanks
15:17 MajObviousman does salt-ssh have any support for agent forwarding?
15:20 fracklen joined #salt
15:22 keltim joined #salt
15:27 PatrolDoom joined #salt
15:35 hashwagon joined #salt
15:38 zach joined #salt
15:41 greyeax joined #salt
15:44 Brew joined #salt
15:48 coredumb Hey there
15:48 coredumb I've set my default gitfs_saltenv to prod
15:48 coredumb at least I think I did...
15:49 coredumb https://pastebin.com/HPfJjYv4 Like this
15:50 coredumb but when I run a show_highstate I end up with this:
15:50 coredumb - No matching salt environment for environment 'prod' found
15:50 coredumb Am I missing something ?
15:52 davromaniak joined #salt
15:52 davromaniak joined #salt
15:55 whytewolf coredumb: read this again https://docs.saltstack.com/en/latest/topics/tutorials/gitfs.html#per-saltenv-configuration-parameters
15:57 Praematura joined #salt
15:57 whytewolf remove the saltenv: that was covered by gitfs_saltenv:
15:57 coredumb whytewolf: yep did multiple times :D
15:58 coredumb oh
15:58 coredumb crap
16:01 noobiedubie i am trying to apply acl permissions for a user to /var/log recursively and have recurse: True in my state but when ran it only recurses one level below parent is this normal?
16:02 noobiedubie and if so is there a way to recurse deeper through the acl state?
16:04 whytewolf noobiedubie: that sounds like a bug. please post it to the issue tracker.
16:05 noobiedubie or is there a way to specify wildcard in the state name like /var/log/*/*?
16:05 noobiedubie o ok will do
16:08 coredumb whytewolf: thx btw :)
16:08 whytewolf coredumb: np :)
16:09 yojota joined #salt
16:09 LondonAppDev joined #salt
16:10 prg3 joined #salt
16:12 aldevar left #salt
16:13 noobiedubie in the meantime while waiting for the bug to be fixed is there a way to pass wildcard in filename in salt?
16:14 whytewolf no
16:15 whytewolf okay, that was the short answer.
16:16 whytewolf the long answer is you could use jinja with file.find to list all the directories, and use a loop on that info to build a bunch of states
16:16 whytewolf https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.file.html#salt.modules.file.find
16:17 racooper joined #salt
16:18 edrocks joined #salt
16:25 mbologna joined #salt
16:26 nicksloan joined #salt
16:28 onlyanegg joined #salt
16:28 LondonAppDev joined #salt
16:32 woodtablet joined #salt
16:34 zach joined #salt
16:41 nixjdm joined #salt
16:46 jas02 joined #salt
16:54 MajObviousman hmm, seeking opinions on ways to organize my pillar
16:54 MajObviousman https://gist.github.com/anonymous/75c258f73105ee0d40ec725af6a6284d
16:54 jas02 joined #salt
16:57 whytewolf MajObviousman: to me the federating out multiple makes the most sense and is the easiest to work with programmatically.
16:57 MajObviousman that's what I'm leaning towards. The regularity of it is appealing
16:58 onlyanegg joined #salt
17:01 MajObviousman https://gist.github.com/anonymous/5ee04934fe8ad10d0a7fccb1c770bf01 I think I like this better
17:01 MajObviousman only some roles have sub roles
17:02 PatrolDoom joined #salt
17:03 noobiedubie so i'm trying to set file.find /var/log type='d' as a list jinja variable
17:04 major joined #salt
17:04 whytewolf MajObviousman: so, how are you going to check that?
17:04 MajObviousman presence or absense of role:sub
17:04 whytewolf not the sub
17:05 noobiedubie right now i have {% set directories = salt['file.find']('/var/log type="d"') %}
17:05 MajObviousman what is it I'm meant to check, then?
17:05 * MajObviousman doesn't understand your question, sorry
17:05 whytewolf well what is the purpase of short if you are not checking it?
17:05 whytewolf or looking it up
17:06 whytewolf MajObviousman: also is there multiple roles?
17:06 MajObviousman if I want to refer to all elasticsearch servers, regardless of their subrole, I look for role:short
17:06 MajObviousman yes, one sec I'll gist the mockup I'm settling on
17:08 whytewolf noobiedubie: {% set directories = salt['file.find']('/var/log', type="d") %}
17:09 thinkt4nk joined #salt
17:10 Tantagel joined #salt
17:10 impi joined #salt
17:11 noobiedubie whytewolf: Your the man! Thank you
17:14 MajObviousman whytewolf: something like this https://gist.github.com/anonymous/34c56e705da3972fc36191205fd83668
17:16 whytewolf okay, in your setup with this you are not going to let els-kibana and els-data exist on the same server. [or roles that have nothing to do with els]
17:17 MajObviousman correct
17:17 MajObviousman but pretend I was. What changes would I need to make?
17:18 whytewolf well thats one of the reasons i like the other way of mutlple federation. so that the role was named.
17:19 MajObviousman hmm
17:19 MajObviousman I'll have to think on that
17:20 MajObviousman I see the merit in it and the potential limitations of my most recent gist
17:21 MajObviousman thanks for your input whytewolf
17:22 whytewolf coarse i am also coming from an openstack background where servers have multiple roles. so i need to have that kind of flexiability in roles
17:22 MajObviousman so I just remembered that we have multi-role systems in dev and in qa
17:23 MajObviousman scratch the latest plan, backing up to the multiple federation format
17:26 whytewolf :)
17:30 kap GMAzrael, I think I must still be missing something. I'm still receiving the same error even with require.
17:31 kap https://drive.google.com/file/d/0B1xVup5a4JEVSk9uaC1OeFFncWc/view?usp=sharing
17:31 _KaszpiR_ joined #salt
17:32 kap Even if I add a statement before the if that requires sls: packages (where postfix gets installed) it throws the same error
17:34 cyteen joined #salt
17:34 GMAzrael @kap, change your require to require: - pkg: postfix
17:34 prg3 joined #salt
17:34 GMAzrael kap: ^
17:36 kap Ok, i'll give that a shot, I figured since packages handles a list of packages, that i'd have to reference the sls and not the individual pkg
17:37 amcorreia joined #salt
17:40 kap I get the same with require: - pkg: postfix
17:41 whytewolf kap: is the state you are including really packages? or is in something.packages?
17:42 kap packages.sls > base packages: pkg.installed: - pkgs: - list - of -packages
17:43 whytewolf that doesn't answer the question
17:44 whytewolf or are you saying that you have a packages.sls in the root of your filesystem
17:44 prg3 joined #salt
17:45 wendall911 joined #salt
17:45 kap packages.sls includes a few different stanzas, one of which is "base packages" which has pkg.installed - pkgs: -vim -git -foo -bar -postfix
17:45 whytewolf kap, I'm not asking what is in packages.sls
17:45 whytewolf I'm asking where it is in the filesystem
17:46 kap same directory as everything else /srv/salt
17:46 kap no other nested directory structure for now
17:47 whytewolf ok, what version of salt are you using?
17:47 ChubYann joined #salt
17:47 kap 2016.11.4
17:47 kap standalone minion
17:48 whytewolf ok
17:49 whytewolf - sls: packages should work. altho should also work- pkg: base pacakges
17:49 kap I'll try pkg: base packages
17:50 whytewolf coarse that is if your include is working
17:50 kap right
17:52 Elsmorian joined #salt
17:56 fracklen joined #salt
17:56 bigjazzsound joined #salt
17:58 nixjdm joined #salt
17:59 kap I get the same with pkg: base packages as the require, so my guess is the import isn't working
17:59 kap *include
18:02 shanth i just saw this code example on a blog post - {% if smallfiles or grains['arbiter'] | default (None) == True %} - the part with the | default (None) - what is this called and is this in the docs anywhere?
18:02 shanth i dont get what is happening after the pipe
18:02 onlyaneg1 joined #salt
18:02 whytewolf shanth: https://docs.saltstack.com/en/latest/topics/jinja/index.html#filters
18:03 shanth thanks whytewolf
18:03 shanth wow jinja has a lot of filters
18:03 whytewolf http://jinja.pocoo.org/docs/2.9/templates/#filters a shorter version
18:04 whytewolf and yes it does
18:04 whytewolf and salt adds a few more
18:04 shanth when i see a post with advanced salt usage it makes my head hurt, how did they learn all of this :(
18:05 whytewolf spider decoder rings mostly.
18:05 whytewolf [basiclly using it a ton and toying with different ways it can be used. and reading the docs a lot]
18:05 shanth even more confusing when that post was from 2014 lol
18:05 cyborg-one joined #salt
18:06 whytewolf a lot of us also have backgrounds with jinja already so came in with knowledge of the different ways it works. and just tied that into salt
18:06 fracklen joined #salt
18:06 shanth yeah basically being programmers already? what other projects use jinja im curious?
18:07 nicksloan joined #salt
18:08 whytewolf ansiable uses jinja in a slightly different way. but flask is the main project that uses jinja. but i think pyramid also uses it. ect.
18:09 shanth learning flask would be good for cross training?
18:09 kap so even if I add postfix: pkg.installed [] and then require: pkg postfix in the file.replace blocks of the code snippet, it still fails to compile with the same error
18:10 kap all in the same state file
18:10 whytewolf not really. flask is a web api library.
18:11 whytewolf kap. just to refresh my memory, what is the error
18:12 kap data failed to compile: problem running salt function in jinja template: file not found /etc/postfix/main.cf
18:12 shanth whytewolf: i guess just reading the jinja docs then?
18:12 kap which makes sense, because postfix isn't installed yet, because it won't run the state file to install postfix
18:12 whytewolf shanth: that is always a great place to start. also don't be afraid to try things.
18:13 whytewolf ...
18:13 whytewolf kap. i think i know what your problem is
18:13 whytewolf order of operations
18:13 whytewolf jinja. runs before states
18:13 shanth just crazy to see the leap from the stuff in the docs, to peoples super advanced formulas
18:14 kap ok, is there a way to cheat oop to get it it to compile without just touching a blank file?
18:15 kap or should I just have provisioning touch a blank file and deal with it
18:15 whytewolf kap. yes. orchestration. basicly have an orch run th first state file. then run the second. because of the way orchestration works it counts as too different runs. so one will install the files. which will be there for the second
18:16 whytewolf shanth: you will get there. once you get the basics down. you will find new ways of doing things
18:19 whytewolf shanth: after a while you end up with wtf things like this https://github.com/whytewolf/dyn_salt_top/blob/master/top.sls a top file without any actual top items
18:22 whytewolf kap: https://docs.saltstack.com/en/latest/topics/orchestrate/orchestrate_runner.html#orchestrate-runner
18:22 kap yeah, i'm checking that right now
18:23 whytewolf kap, what i am discribing isn't really covered by the docs because it is a sideeffect of the way orchestrate works.
18:30 aldevar joined #salt
18:31 wendall911 joined #salt
18:33 kap so how would I work this into top so that there's essentially like a prereqs state that runs first if all of this is supposed to be part of base?
18:33 whytewolf orchestration doesn't go from top
18:34 whytewolf it is completly seperate
18:34 whytewolf it takes over for what top does
18:35 DammitJim joined #salt
18:36 censorshipwreck joined #salt
18:41 jas02 joined #salt
18:41 shanth oh man what whytewolf that top file lol
18:42 losh joined #salt
18:42 SaucyElf joined #salt
18:42 whytewolf hehe. that is what happens when i get bored
18:43 whytewolf it accually works better then i thought it would
18:44 whytewolf also I sometimes am tempted to make it smaller. but it will start to get less readbale like that
18:49 sjorge joined #salt
18:51 candyman88 joined #salt
18:54 geomacy joined #salt
18:57 nixjdm joined #salt
18:59 nicksloan joined #salt
19:02 mikecmpbll joined #salt
19:05 Trauma joined #salt
19:09 lorengordon joined #salt
19:12 onlyanegg joined #salt
19:23 englishm_work joined #salt
19:24 shanth i personally find all the salt formulas complicated and hard to read
19:25 MTecknology +1
19:25 MTecknology I absolutely hate formulas for anything other than playing around with.
19:25 shanth glad it's not just me lol
19:25 shanth i was starting to feel a bit stupid
19:25 SneakyPhil MTecknology and shanth, how do you know what's on a box then?
19:26 whytewolf personally i hate formulas
19:26 MTecknology uhm....
19:26 SneakyPhil or if a box goes down, how do you rebuild it to be just like it was prior to dying
19:26 MTecknology based on the states applied to it...
19:26 whytewolf SneakyPhil: that isn't what formulas are
19:26 SneakyPhil what's the closest representation of an ansible role to salt world?
19:27 SneakyPhil would that be a "state" ?
19:27 * whytewolf shrugs i have never used anisable
19:28 MTecknology SneakyPhil: This is an example of my top.sls -- http://dpaste.com/3BE8B4H
19:28 SneakyPhil MTecknology: ah, ok, that makes sense
19:28 SneakyPhil disregard me
19:28 whytewolf SneakyPhil: from what i am reading. formulas ar emore like ansiable galaxy
19:28 Splix76 joined #salt
19:29 SneakyPhil whytewolf: I've been calling each of our collections of state files for like vim/ntp/dhcp/etc... "fornulas"
19:29 SneakyPhil guess I am wrong
19:29 jas02 joined #salt
19:30 MTecknology SneakyPhil: https://github.com/saltstack-formulas/apache-formula/
19:30 MTecknology and: https://docs.saltstack.com/en/latest/topics/development/conventions/formulas.html
19:30 SneakyPhil ah, the fact that it's pre-written I guess?
19:30 shanth yeah mine looks like yours MTecknology
19:31 whytewolf pre-written and open-ended
19:31 MTecknology It's a large pile of magic where you just grab a copy of the sample pillar and toggle to your hearts content
19:31 whytewolf although a lot of the "formulas" miss the open ended bit
19:31 shanth i err on the side of readability rather than a bunch of loops and jinja lol
19:32 whytewolf shanth: my dynamic top is because i use a different workflow. my top is only for maint. installation is handeled through orchestration
19:32 lorengordon i use formulas exclusively, mostly as a way to package together custom states and execution modules with a set of sls files
19:33 lorengordon i package all my sls files into groups of formulas, and re-use them across many salt implementations
19:33 lorengordon if you only have a single salt implementation to worry about, it would be less useful
19:34 MTecknology most of the time when I hear statements like that, I assume someone /should/ be making better use of environments
19:35 whytewolf i just assume they are contracters that handle multiple customers
19:35 lorengordon +1
19:35 lorengordon separation of the salt implementations is mandatory
19:36 MTecknology The last time I saw it, four separate masters had four separate copies of the same data, pushed by rsync, where the master of maters was horribly underequipped to be a master, (small ec2 instance w/ 40 worker threads)
19:37 whytewolf ouch that would be sucky
19:38 zach anyone ever have an issue where you have multiple AZ's...but salt-master only gets a request from machines in the same AZ?
19:38 drawsmcgraw joined #salt
19:38 zach Amazon of course
19:39 SneakyPhil could be wrong IAM permissions on the box to list out ec2 instances
19:39 whytewolf zach: if your master is in the cloud, make sure the security groups on it allow incoming on 4505 and 4506 from the other AZ's
19:40 zach the SG is allowing the entire subnet of the VPC -- is that incorrect?
19:41 whytewolf you know. it has been years since i touch aws.. I'm not sure
19:43 MTecknology whytewolf: the worst of it is that nobody ever checks to see if their changes will break things, they just check that it fixes the one thing they're working on. I've found that a highstate is more likely to break a system than it is to fix it and almost no box completes a highstate without failures.
19:43 * MTecknology wants a drink...
19:44 drawsmcgraw Anyone find a good way to catalog/document their State Trees? I'm getting moderate success with mkdocs and Sphinx but feel like I'm missing something...
19:44 KingOfFools1 Can I create empty ipset  set with saltstack?
19:45 KingOfFools1 set_present and present requires entries specified. Which is stupid, in my opinion.
19:46 drawsmcgraw KingOfFools1: What happens if you just pass {} as a value?
19:46 KingOfFools1 hm
19:47 drawsmcgraw I imagine it rejects it because it has some minimum expectations regarding parameters like "set_name" but it's worth a try...
19:47 major joined #salt
19:49 KingOfFools1 nah, not working
19:49 MTecknology perhaps a patch is in order?
19:53 keltim does anyone here know the iptables state module well? the examples aren't very complete and I'm trying to figure out how to create a rule that allows an icmp type that is rate limited ... for example how would this rule look in the sls? -A INPUT -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT
19:55 MTecknology honestly, I prefer something like ferm to manage iptables rules
19:56 MTecknology I use salt to template the ferm config
19:56 keltim what's ferm? I do not like salt for managing iptables, I just don't know of anything better
19:56 MTecknology https://gist.github.com/MTecknology/33b9e5a56fd5503484b5c4e77ae358e5  (ignore the messy port knocking stuff)
19:56 keltim oh damn this looks like exactly what I need, thanks MTecknology
19:57 KingOfFools1 drawsmcgraw: damn, i was specifiying wrong set_type u_u
19:58 nixjdm joined #salt
20:03 drawsmcgraw KingOfFools1: well it works now, I imagine :)
20:04 PatrolDoom keltim: the ferm formula is "ok" however i have a fork im working on
20:04 PatrolDoom to make it simpler & more dynamic to genertate rulesets
20:04 KingOfFools1 drawsmcgraw: yeap ^^
20:05 MTecknology I got banned once from #ferm because I said I wasn't using systemd and wasn't willing to accept a systemd answer because I don't use systemd and will not ever be using it.
20:05 major blasphemy?
20:05 MTecknology not a friendly or helpful channel..
20:08 KingOfFools1 MTecknology: dont all linux distros moving towards systemd?
20:08 PatrolDoom only like 2-3 that dont use it
20:08 PatrolDoom furthermore the #ferm channel is helpful
20:08 MTecknology In Debian it's just been made the default, other init systems still support choices
20:08 * PatrolDoom shakes head...
20:09 MTecknology PatrolDoom: I entirely disagree
20:09 PatrolDoom indeed however how you speak now appears to demonstrate why they may have banned you ;)
20:09 PatrolDoom very all or nothing perspective imo
20:09 MTecknology and how you speak now also seems to indicate you mimic their behavior
20:10 MTecknology so... we may as well drop that one
20:10 * PatrolDoom shrugs and has no issue helping or getting help
20:10 MTecknology if you say so..
20:10 tester882311 joined #salt
20:12 keltim I like systemd but many of the unit files, even in debian, are fucked up (squid comes to mind)
20:12 MTecknology we may as well avoid discussing systemd in here
20:12 shanth how long did it take you guys to get _good_ at salt?
20:12 keltim many of them report a service running when it isn't
20:13 MTecknology shanth: I was born good.
20:13 shanth such a jinja
20:13 MTecknology shanth: I trained my replacement in about nine months.
20:14 MTecknology He was also learning linux admin (and still is)
20:14 whytewolf yeah not knowing admin of the system you are managing is a bigger issue then learning salt
20:15 shanth yeah
20:15 MTecknology The trick to salt is building something that's crisp, clean, easy to follow, and scalable. Think ahead to how all your applications will interact with each other and figure out the best way to deliver changes... then make it happen in salt. The first part will be the hard part.
20:15 MTecknology Learning salt just happens as you learn what you need to do on systems.
20:17 shanth learning salt is straight forward, learning the advanced salt with all the extra jinja and programming stuff is hard
20:17 PatrolDoom new != hard
20:17 MTecknology Is there anything in particular that's confusing?
20:18 MTecknology {% python %} {{ var }} {# comment #}
20:18 shanth anything beyond referencing a simple grain, pillar or simple jinja
20:18 shanth for me anyways
20:18 whytewolf shanth: what is your background in tech? ops, development, other?
20:18 shanth jr level unix admin whytewolf
20:18 MTecknology You should spin up a lab!!!@
20:18 PatrolDoom unix? as in solaris, fbsd?
20:18 shanth fbsd
20:19 shanth i have a lab :) ihave 5 fbsd vm's with vagrant and 1 as a salt master
20:19 whytewolf agreed. a lab is the most useful way to learn
20:19 shanth i'm going a little at a time
20:19 PatrolDoom yeah just read the salt docs as you would the fbsd handbook
20:19 * whytewolf has salt build his openstack lab
20:19 PatrolDoom whytewolf: one day ... ill have it correctly build prod env..
20:19 shanth yeah im getting there
20:19 MTecknology shanth: https://michael.lustfield.net/misc/ground-up-infrastructure
20:19 * PatrolDoom sighs deeply
20:19 Sketch if you're not an experienced python programmer it can sometimes be tricky to determine when you need to use something.0.1 or something[0][1] or something[0](1) or some_function('something')('0')('1') or some other permutation ;)
20:19 shanth glad i found this place
20:20 PatrolDoom Sketch: yeah that throws me off
20:20 Sketch i think part of the problem is just TMTOWTDI
20:20 Sketch so you come across examples using different styles
20:20 shanth what's this MTecknology :)
20:21 shanth my salt states work but i know in my heart they are sub optimal or im missing more advanced stuff that i could have been doing
20:21 PatrolDoom KISS - don't worry about "advanced" if you dont actually need it
20:21 whytewolf shanth: sometimes the more advanced stuff. just isn't worth the effort.
20:21 PatrolDoom ^
20:21 shanth good points
20:21 drawsmcgraw +1
20:22 PatrolDoom take simplest approach & add complexity if/as needed
20:22 MTecknology shanth: You should build out home infrastructure, ground up. You have the vm host, now use your salt-master to deploy a git server (from scratch), then re-deploy your salt-master but only give it enough configuration to read from the git server and make it configure itself the rest of the way, then start making salt deploy everything else.
20:23 shanth true MTecknology
20:23 MTecknology I say should ... but what I really mean is, holy crap it's fun and educational
20:23 shanth i have it managing some stuff at home
20:23 whytewolf ahh the saltstack bootstrap paradox
20:23 PatrolDoom yeah i ended up w/ a bash script
20:24 shanth i had to make an sh script to configure each fbsd script as a salt minion, not sure if there's a better way
20:24 PatrolDoom salt-ssh i guess
20:24 PatrolDoom but that has its limitations from what i've been reading
20:24 PatrolDoom in bug reports that is ...
20:24 shanth ah
20:24 * whytewolf uses saltify
20:24 MTecknology now that I have a second VM host, both have been re-deployed from salt so every system I have was deployed by and maintained by salt and only salt.
20:24 PatrolDoom what about multi-dc?
20:25 PatrolDoom e.g. i don't think i could have a env w/ one salt master
20:25 MTecknology I have three DC's involved in my home setup
20:25 MTecknology sorta...
20:25 shanth anyone using salt to make freebsd jails?
20:25 PatrolDoom salt-cloud if it supports it
20:25 whytewolf sorry, my enviroment is all linux
20:25 PatrolDoom idk about "native" salt doing so
20:25 shanth i fear that i might have to write some sort of custom python salt thing
20:25 MTecknology you might have to write a module for it, but then you should contribute it!
20:26 PatrolDoom ^
20:26 shanth i think i'll be a decent coder in a year from working on salt
20:26 shanth or dead
20:26 whytewolf https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.freebsdjail.html
20:26 MTecknology salt is where I learned python
20:26 whytewolf there is at least an exacution module to work with
20:26 shanth doesn't make the jails though whytewolf :(
20:26 shanth to be fair it's only 1 command to make a jail hehe
20:27 MTecknology shanth: so you just need to add a create and destroy function!
20:27 shanth ayeeee
20:27 shanth salt committer here i come
20:27 whytewolf or, better yet a create, a destroy and a list and/or exists function
20:28 shanth <Sketch> if you're not an experienced python programmer it can sometimes be tricky to determine when you need to use something.0.1 or something[0][1] or something[0](1) or some_function('something')('0')('1') or some other permutation ;)
20:28 shanth YES
20:28 MTecknology https://github.com/saltstack/salt/blob/develop/salt/modules/freebsdjail.py
20:28 whytewolf https://docs.saltstack.com/en/latest/topics/development/contributing.html
20:28 shanth that's cool, and readable. i like open source
20:28 shanth neat to see what the functions are actually doing
20:29 whytewolf yeah, a lot of the time for some of the questions around here i end up digging into code. just cause the doc needs a spidey decoder ring
20:33 sh123124213 joined #salt
20:35 aldevar left #salt
20:35 it_dude joined #salt
20:36 PatrolDoom ^
20:36 PatrolDoom had to actually have the docs updated a few times cause it was incorrect/typoed
20:36 * PatrolDoom blames whytewolf
20:37 whytewolf moi?
20:37 whytewolf :P
20:37 whytewolf I don't work for salt. so I can hardly to be blamed for their docs
20:38 PatrolDoom "community" effort :P
20:38 whytewolf hehe
20:39 tester882311 left #salt
20:41 jas02 joined #salt
20:43 raspado joined #salt
20:43 shanth i heard the docs were auto generated
20:44 MTecknology some of it is
20:44 MTecknology https://github.com/saltstack/salt/tree/develop/doc
20:44 shanth im mostly using my lab to write actual formulas for the stuff im doing at work
20:45 MTecknology my home environment is where I stick my best ideas, then hope to bring them to work
20:45 MTecknology my home lab - http://imgur.com/a/fjdoE
20:46 whytewolf my home lab is where i do everything cause $job doesn't use salt and won't in the forseeable future
20:46 lorengordon joined #salt
20:46 danielfallon joined #salt
20:47 PatrolDoom MTecknology: nice!
20:47 PatrolDoom wish i had somewhere to setup :\
20:47 PatrolDoom atm im using linode & std hosting
20:47 whytewolf get buddy buddy with your companies ewaste handalers
20:48 whytewolf also troll ebay, and amazon for cheap hardware
20:48 whytewolf when you get a budget you can get some more quility hardware
20:48 PatrolDoom oh believe me i can get hardware thats not the problem
20:48 PatrolDoom it's a matter of space lol
20:49 PatrolDoom i just got rid of some ibm servers, cisco routers/switches
20:49 whytewolf lol, I live in a small apartment. and have a 38u rack
20:49 PatrolDoom my "tiny" house can barely power my AC window unit ;'(
20:50 danielfallon hey guys, I've been looking through the SPM documentation as a way for us to deploy reusable, version-able formulas for our infrastructure (we have highly custom baremetal deployments). From having programmed in python for around 10 years, the SPM package format and file structure feels like a bit of an anti-pattern when compared to reusable modules in other python projects (see django and sphinx modules)
20:50 shanth what sorta git server you running MTecknology?
20:51 danielfallon I'm sure there are reasons for the differences but I just wanted to see if anyone knew why whl's were avoided as a deployment mechanism for salt packages
20:51 MTecknology I'm using gitea
20:51 MTecknology I've also been trying to get gitea packaged up for debian
20:51 shanth i'll try it for freebsd
20:52 whytewolf danielfallon: because they are formulas not python code? other wise you would need to ask someone that actually works for salt about the reasoning behind their logic
20:52 PatrolDoom MTecknology: why not gitolite?
20:52 PatrolDoom i mean why gitea?
20:52 * PatrolDoom reads up on it
20:53 PatrolDoom OH it's like normal gitlab
20:53 PatrolDoom but not all heavy
20:53 PatrolDoom cool cool ty for sharing
20:53 PatrolDoom heh this may save us @ work
20:54 * whytewolf thanks his stars for his free unlimited private repos that github gave him
20:54 * MajObviousman will reask a question from earlier while things are more active: does salt-ssh have any support for agent forwarding?
20:54 danielfallon whytewolf I only bring this up because they often can include python code as well, and django apps don't necessarily need much in the way of python code. (templates, html, css, javascript)
20:54 MTecknology Right now, I'm kinda stuck on debian 9's freeze. It's too difficult to make progress when gitea has so many dang dependencies... https://qa.debian.org/developer.php?gpg_key=765AD085  <-- this isn't even all of them.
20:55 PatrolDoom danielfallon: heh kinda weird to compare automation w/ a dev framework imo
20:55 whytewolf ^
20:55 danielfallon whytewolf: I'll go ahead and toss something in github instead
20:55 PatrolDoom MTecknology: oic ... dang
20:56 MTecknology I was already committed before I realized I totally want out, so ... still going for it.
20:56 * PatrolDoom nods with empathy
20:57 PatrolDoom we're stuck on a dated version of gitlab & need to migrate ... however yeah we're up the creek w/o a paddle
20:57 MTecknology It'll be worth it!  Step 1. Install Debian.  Step 2. apt-get install gitea  Step 3. log into the web UI
20:58 nixjdm joined #salt
20:59 danielfallon and yea PatrolDoom I get that it could be a bit weird, but for more complex formulas, the amount of jinja templating makes them basically code. The pattern I would propose: pypi for complex reusable formulas (that require versioning and dependencies which spm is not good at currently), gitfs for personalized simple, states
20:59 drawsmcgraw left #salt
20:59 PatrolDoom uh idk, imo the formula format is fine
20:59 PatrolDoom and then pulling from git
21:00 danielfallon ^this lines up with chef or puppet which use git for simple configuration, and npm packages for more complex reusable
21:00 PatrolDoom while they are resuable understand that everyones env is a snowflake
21:00 PatrolDoom idk, i dislike the whole "devops" thing and continue in a "techops" method.
21:01 PatrolDoom so i use automation for automation and code for w/e problem i'm solving at that time that automation can't/won't/shouldn't
21:01 PatrolDoom weird i know
21:01 whytewolf danielfallon: https://github.com/saltstack/salt/issues/12179
21:01 saltstackbot [#12179][MERGED] Formula dependency management | I think there should be a standard way to manage formula dependencies. It is very natural for a state to be composed of other states but when using third party formula there is no easy way to manage the dependencies, versions, etc,....
21:03 danielfallon whytewolf: I've seen that, dependencies don't include versioning
21:03 MajObviousman MTecknology: what's your up/down allocation on that home network connection
21:05 onlyanegg joined #salt
21:05 MTecknology up/down?
21:06 MTecknology my bandwidth? .. 60ish down and 6 up, or something like that
21:06 danielfallon whytewolf PatrolDoom: I'm fairly new to infrastructure and I have a Developer/Software architecture background, so my perspective is likely to be very different than typical
21:07 danielfallon That's why I asked for your perspectives
21:07 PatrolDoom danielfallon: i have a book for you
21:07 PatrolDoom one moment
21:08 PatrolDoom well shit i can't find it nor remmeber the actual name
21:08 PatrolDoom anyways, one thing i hope you learn is that, despite how great and wonderful technology is
21:08 PatrolDoom you'll eventually have to do it as per w/e tech your messing w/ wants to do it
21:09 PatrolDoom e.g. i used to dislike puppet cause i was trying to do it "my" way vs "puppets" way
21:09 PatrolDoom once i learned to just accept that w/ w/e i was using, life got a lot simpler
21:09 PatrolDoom imo anyways
21:10 MajObviousman MTecknology: with only 6 up, do you find your system VPN slugging at all?
21:10 MTecknology nah, I barely touch it.
21:10 danielfallon I'm happy to just accept it as is once I understand the reasoning. I expect that there's a reason and I just don't have enough experience to recognize it
21:10 MajObviousman do the DO nodes feed syslog across that VPN?
21:10 MTecknology MajObviousman: I can tell you my actual consumption, but I'll have to grab my laptop and power it up and run through encription stuff... gimme a minute for that
21:11 MTecknology yup, sure do
21:11 MTecknology but that's part of the 60 down
21:11 MajObviousman sure
21:11 MajObviousman I've been wanting to do similarly but haven't gotten to it
21:11 danielfallon PatrolDoom: in the case of salt, it seems like packaging is not fully developed (docs are still under review, and there are lots of bugs), so it seemed worthwhile to ask about a possible alternative especially if I have the time/budget/team to develop it.
21:12 MTecknology puppet
21:12 MajObviousman ansible's getting pretty built out these days
21:12 PatrolDoom yeah
21:13 MajObviousman but it's still very linear compared to salt/puppet's more stateful methods
21:13 PatrolDoom danielfallon: heh *any* product you use that's opensource will fall into exactly what you entioned
21:13 MajObviousman if you are more of a always-cattle-never-pets company, ansible will do you just fine
21:13 MTecknology I actually felt like ansible was better suited to pets
21:14 MajObviousman interesting
21:14 danielfallon PatrolDoom: There are plenty of parts of salt that I wouldn't bother trying to change and which are well documented, SPM and fileserver backends are not among them lol
21:14 cscf I found ansible to be organized oddly
21:14 inad922 joined #salt
21:14 MajObviousman in fairness, I haven't ansibled in a few years
21:15 MTecknology to me, ansible just feels like finding a tool to wedge in all the crap you used to do without actually changing anything
21:15 danielfallon servers as cattle vs pets, as in you don't name your cattle?
21:15 MajObviousman I wrote a lot of bash and that's quick to convert to ansible
21:16 MajObviousman danielfallon: yes, and more importantly when one gets sick for any reason, you slaughter it and replace it
21:17 danielfallon yea, I'm in slaughter and replace camp at work, pet camp at home
21:17 MTecknology and when you kill a pet, it's a big deal and needs replacement
21:17 MajObviousman you might not be able to kill a pet. Odds are high that something is irreplacable
21:17 MTecknology kill a cow?.. you only notice because you inventory them
21:18 pbandark joined #salt
21:18 danielfallon well for me it's kill a cow, I'll only notice because the team who was using it want's something similar back up in the next 15 mins, but I'm definitely not going in there and debugging production architecture
21:19 whytewolf databases tend to be pets because they don't do as well with a kill and replace mentality
21:20 whytewolf which makes me sad on many levels
21:20 MTecknology I could almost do it at my old gig!
21:20 danielfallon we can actually rebuild our database by replaying our message queue, but the time required there is unfortunately non-trivial
21:21 MTecknology I could pull the plug on any two DB servers and nobody would notice anything.
21:21 danielfallon nice MTecknology
21:21 MTecknology And! deployed with salt.
21:21 MajObviousman danielfallon: cattle doesn't mean you're not debugging prod
21:22 MajObviousman some things only show up in prod
21:22 MTecknology cattle: clustered systems behind a load balancer   pets: a single important system that can't go down
21:22 MajObviousman lotta cattle operations have balancers, cluster, depth kinda architectures, so you can A/B some operations to a special debug instance and check it out from there
21:23 kap ^^
21:23 danielfallon MajObviousman: sorry, let me be clear, debug fine, fix live in prod, no.
21:23 MajObviousman oh, yes
21:23 danielfallon ^^ what MajObviousman  said
21:23 MajObviousman 100% with you there
21:23 MajObviousman whytewolf: if you're on MySQL, gtid + multithreaded replication is demolishing many of those impediments
21:24 danielfallon ^yea that stuff is sexy
21:24 MajObviousman if you're on vanilla MySQL ... stop and go install Percona
21:24 MajObviousman you will not regret it
21:24 MTecknology mariadb-galera is nice
21:25 * whytewolf hates galera
21:25 MajObviousman haven't tried it  yet
21:25 danielfallon MajObviousman: I thought multi-thread replication was now in MySQL 8 vanilla
21:25 MajObviousman don't like the mandatory 3 nodes. I tend to build master-master pairs
21:25 whytewolf your databases runs as fast as the slowest node
21:25 MTecknology in pairs?..
21:25 MTecknology that just seems like a terrible idea..
21:26 danielfallon I dunno byzantine agreement says its okay if its in a three-way (thanks JT)
21:26 MajObviousman one gets set read-only, and I star topology off of whichever is primary
21:26 MajObviousman err secondary
21:26 MajObviousman I've gotten way more traction going to the devs and asking for changes to reduce the writes workload
21:27 MajObviousman ... actually, this is the first job where that's worked
21:27 MajObviousman but then, they were constantly generating and storing ephemeral nonces in MySQL instead of, oh I don't know, any freaking key-value store they wanted
21:28 MajObviousman they're ephemeral! Who cares if the instance storing them goes down, just restart it and make more
21:29 MajObviousman anywho, we're far afield from where I started
21:29 MajObviousman MTecknology: I'm interested in why you say pairs seem like a terrible idea
21:30 MTecknology you just described how you make it work and how you made it work is the reason I don't like it. :P
21:30 MajObviousman so no master-master + star, no galera, what DO you use?
21:30 whytewolf MTecknology: like galera
21:30 whytewolf I was the one that didn't like galera
21:31 MajObviousman oh, whups, sorry
21:31 MajObviousman so galera then
21:31 MajObviousman quorum style
21:31 sh123124213 joined #salt
21:31 MajObviousman do you loadbalance among them, e.g. any is writeable?
21:32 whytewolf most galera setups i have seen are load balanced
21:32 MTecknology yup, all five (two in one DC and three in the other) were behind a pair of BigIP F5 LBs
21:32 MajObviousman yes, but writes are what I'm interested in specifically
21:32 whytewolf i meant writes
21:32 MTecknology all writes
21:32 * MajObviousman sweats nervously
21:32 MajObviousman what's your tolerance for latency?
21:32 jmiven joined #salt
21:33 MTecknology I can't remember, but the load balancer was doing write/read on each and kicking them out if they were too slow
21:34 MajObviousman fair enough
21:34 MajObviousman I will put galera on the list of things to explore in the near future. I think we've different tolerances to worry about
21:39 MTecknology I worked at good-sam.com as *the* Linux admin for ~500 servers which were mostly all unique snowflakes... as well as other duties as assigned
21:40 PatrolDoom joined #salt
21:41 Elsmorian joined #salt
21:42 asyncsec joined #salt
21:42 MTecknology When I started, there were a pile of undocumented scripts scattered across many systems deciding how things were deployed. To deploy a replacement server at a facility, I had a list of about 15 scripts I needed to run, after finding the special preseed on the network that only half work... part of it was upacking tarball update on top of tarball update.
21:45 MajObviousman <one-up-ism> Damn, you're lucky. You had undocumented scripts. I was desperately digging through bash history </one-up-ism>
21:46 MTecknology undocumented... meaning no documentation that they existed. I had to hear that something broke and start running find and grep in an ssh loop to try to track down what was supposed to do the thing that apparently wasn't happening.
21:47 Elsmorian joined #salt
21:47 Eugene I love a good server dumpster-fire
21:48 shanth "is something going on with the servers today? my mouse isn't working"
21:49 MajObviousman damn, he one-upped me!
21:49 MajObviousman shanth: "My email is slow today"
21:49 shanth haha
21:49 MTecknology MajObviousman: lol... my traffic at the moment is ~20kbit/sec max
21:50 whytewolf "I am writting you this email to inform you that the email server is not working."
21:51 MTecknology MajObviousman: That place was hell. I was *THE* guy for 14 projects ranging from replacing the XIV, beehive->exchange, winXP->win7,  replacing web filtering infrastructure, implementing ssl hijacking for malware-detection and adding DLP, and .... it's a big list. It's actually the reason I have the job I do now.
21:52 MajObviousman bookmark this http://pages.cs.wisc.edu/%7Eballard/bofh/bofhserver.pl
21:52 Eugene We get that about once a week at $DAYJOB. Usually its a wifi problem, but instead of doing any troubleshooting the user just assumes its all broken, takes a 2-hour break, and blames us
21:52 djgerm joined #salt
21:54 MTecknology MajObviousman: I thought that seemed odd... I was reading the wrong graph. Each minion connected consumes about 7kbit/sec up and down. That's more what I expected.
21:54 MajObviousman that sounds more reasonable
21:55 MajObviousman when someone starts bruting ssh, that probably goes way up
21:55 MTecknology why would they try to connect to a port that doesn't respond
21:56 MajObviousman fwknop all the things?
21:56 MTecknology You can try to connect to my public systems, but outside of special IP ranges, you need to first port knock to make an attempt.
21:57 MTecknology Also, on public and important systems, SSH requires ssh key + user/pass + 2fa
21:57 Shirkdog MTecknology: fwknop/spa?
21:57 MTecknology I don't know what those are
21:57 MTecknology ooooh...
21:57 Shirkdog single packet authentication
21:57 MTecknology port knocking was easier
21:57 Shirkdog port knock+plus special packet...then the rest :)
21:58 MTecknology There's also a different port knock sequence for every host (thanks pillar!)
21:58 nixjdm joined #salt
21:59 MajObviousman sounds reasonable ... and a pain to track when you're in the field
21:59 MajObviousman hope you have that somewhere accessible
21:59 MTecknology it's in pillar
21:59 MTecknology and my password vault
21:59 MajObviousman which hopefully is not accessible easily from the field
21:59 MajObviousman ah, there it is
21:59 shanth i just found the first salt formula i wrote
22:00 shanth it's just a  giant blob file called server.sls lol
22:00 MajObviousman following the ugly 2013-style best practices?
22:01 MTecknology MajObviousman: I introduced a password vault into my life and redid *ALL* passwords I ever had to something cryptographically random... and then heartbleed was announced.
22:01 * MajObviousman has been doing that slowly over the past 18 months as he logs into things
22:01 shanth lastpass?
22:01 MTecknology the best part about doing something horribly painful once is doing it a second time
22:02 MajObviousman still keep some key accounts separated
22:02 MTecknology no, I don't trust lastpass
22:02 * MajObviousman snickers
22:02 MajObviousman yubikey?
22:02 shanth sometimes i dont want to manage more IT stuff at home, using lastpass instead of keepass lately
22:02 MTecknology I use a yubikey as part of the process to unlock the luks volume my password vault sits in
22:02 shanth /lazy
22:02 MTecknology I also don't trust keepass
22:02 MajObviousman yeah, that's about where I am too
22:03 MTecknology keepassx, though..
22:03 shanth what are you using then, just a file on an encrypted mount?
22:03 MTecknology https://michael.lustfield.net/linux/secure-password-vault-using-yubikey
22:03 PatrolDoom MTecknology: "pass"
22:03 MajObviousman I spend 9 hours a day burning brain on other people's IT stuff. When I get home, just want to veg
22:03 PatrolDoom i've been using tools that basically just wrap pgp/gpg+git
22:03 PatrolDoom MajObviousman: same :|
22:03 PatrolDoom i've grown weary of tech these past 10 years
22:03 PatrolDoom quicker than most i assume
22:03 MajObviousman same
22:04 J0hnSteel joined #salt
22:04 shanth truth MajObviousman
22:04 MajObviousman it takes a lot of work to stay on the leading edge of the treadmill ... which is speeding up
22:04 PatrolDoom e.g. "devops"
22:04 MajObviousman I've been looking around for a good place to step off the treadmill completely
22:04 shanth do my 8 and hit the gate
22:04 PatrolDoom oh you want me to code AND maintain the env? ok ....
22:04 MajObviousman it's not been my experience that the devs listen to devops
22:05 PatrolDoom i dont think anyone listens to ops sadly
22:05 PatrolDoom we're like that weird shim
22:05 MajObviousman certainly not the CIO
22:05 PatrolDoom as sooon as we're not there then ppl are like
22:05 PatrolDoom why's this damn table shaking
22:05 hashwagon joined #salt
22:06 MajObviousman I'm not keen to lionize devops professionals, but ... when you need a good one, you REALLY need it
22:06 PatrolDoom heh i'm using that in a talk (if i ever get off my ass to do one)
22:06 MajObviousman got a home conference?
22:06 PatrolDoom yeah there are tons round here i think just need to do it
22:07 PatrolDoom havne't been motivated or seen anything in tech that makes me go "OH SHINEY LETS DISCUSS"
22:07 MTecknology To me, devops is just a buzz word used to refer to an admin that actually gives a crap enough to learn how things work so they can fix them.
22:07 * MajObviousman guess either left coast or somewhere between PA and NC
22:07 PatrolDoom nowadays i'm like, "OH MORE SHIT, RUN"
22:07 PatrolDoom MTecknology: +100
22:07 MTecknology I've been doing sys admin for years and I've been doing dev for yours. I am not devops. I am an admin that has a clue.
22:07 MajObviousman I was super annoyed at the term when it first started showing up
22:07 MajObviousman it arrived, and then fucking docker shortly after
22:07 * PatrolDoom nods in agreement
22:07 MajObviousman and it's all anyone would talk about
22:08 PatrolDoom still all they talk about
22:08 MajObviousman docker thankfully has receeded
22:08 PatrolDoom and still i see no real definitely decent use cases
22:08 MTecknology I suppose... we're wildly off topic and getting worse
22:08 PatrolDoom heh indeed
22:08 whytewolf Grrrr. ... beep beep bepp bepp bepp bepp bepp docker beep bepp bepp ebepp
22:08 MajObviousman mmm, that we are
22:08 MajObviousman which is why we have this wonderful channel over there called #salt-offtopic
22:08 onlyanegg joined #salt
22:09 MajObviousman shanth: one of us one of us one of us
22:10 J0hnSteel joined #salt
22:10 shanth nice
22:21 jalaziz joined #salt
22:23 danielfallon whytewolf Patroldoom: I found other people discussing/working on the same problem that I was (although the issue is stale) https://github.com/saltstack/salt/issues/32253
22:23 saltstackbot [#32253][OPEN] Create a central repository for SPM | Create a central repository for SPM to make it actually useful....
22:23 PatrolDoom danielfallon: ah indeed, cool ty
22:25 danielfallon well adios all, apparently something in my office is on fire
22:31 thinkt4nk joined #salt
22:34 onlyanegg joined #salt
22:36 nbuchanan joined #salt
22:39 onlyaneg1 joined #salt
22:41 censorshipwreck joined #salt
22:45 cliluw joined #salt
22:53 nicksloan joined #salt
22:53 woodtablet left #salt
22:57 jas02 joined #salt
22:58 nixjdm joined #salt
23:02 asyncsec joined #salt
23:10 cyraxjoe joined #salt
23:22 sarcasticadmin joined #salt
23:23 gimpy936 joined #salt
23:25 gimpy936 states.pkg.installed won't install a package named "mlnx-ofed-all-3.10.0-327.36.3.el7.x86_64" because it keeps chopping off the arch (which is part of the *name* not the arch of the package); how can I get it to stop doing that?
23:26 whytewolf tell mellanox to properly name their packages?
23:28 gimpy936 whytewolf: I have complained about their packaging multiple times, does nothing
23:28 whytewolf you could also rebuild the rpm yourself
23:29 gimpy936 no clue how ... it and 100+ others are amde through Mellanox's build scripts
23:31 whytewolf what i am getting at is salt doesn't have a way of ignoreing that part of the name. it thinks that is part of the standard packaging because it is part of the standard packaing. supporting a non standrd package name just isn't in the cards. you could try wrapping it in quotes but i doubt that will work.
23:32 whytewolf they really put the arch in the name? so when you do a yum list it lists the arch?
23:37 gimpy936 whytewolf: The RPM was named mlnx-ofed-all; then you run their script to create RPMs with support for your kernel; it gets named mlnx-ofed-all-$(uname -r) but the arch of the RPM itself is actually noarch
23:38 whytewolf shouldn't matter what the name of the rpm is. it is what it shows up as in the rpm database that matters to salt
23:40 gimpy936 whytewolf: Does this help?   https://gist.github.com/anonymous/a0779e3d7892922e49bdbb29a69a57ee
23:40 whytewolf yes
23:42 whytewolf the guys at mellanox have no idea how to write a proper rpm
23:43 whytewolf the put what should be the rpm file name in the Name: section of the rpm spec file
23:44 whytewolf 3.10.0 should be in Version:
23:44 whytewolf and 327.36.3.el7 should be in release:
23:45 RS-232 joined #salt
23:45 whytewolf basiccly they are double versioning their packages.
23:46 gimpy936 yes, I know, I can't change that, it's just the way it is
23:46 * whytewolf hands gimpy936 a cmd.run
23:46 gimpy936 yea ... I have to use that all the time when Salt just doesn't work
23:47 gimpy936 yum handles this just fine .... rpm handles it just fine .... salt shits itself
23:47 whytewolf this isn't salt's fault that you are handed bad packages
23:47 whytewolf it is a bad name
23:47 gimpy936 salt should be able to handle it ... I gave it the name of a package, just go install it and don't try to mangle the name I gave it
23:48 woodtablet joined #salt
23:49 whytewolf that isn't how automation works. it needs to manage it to know if it is installed. and it has to do best guess based on standard naming practices
23:49 whytewolf if a package isn't using standard naming practices then it is broken
23:50 thinkt4nk joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary