Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2017-05-30

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:00 cyteen_ joined #salt
00:02 fritz09__ joined #salt
00:18 aneeshusa joined #salt
00:34 Terminus left #salt
00:37 amcorreia joined #salt
01:00 fritz09_ joined #salt
01:00 nicksloan joined #salt
01:06 masber joined #salt
01:11 sh123124213 joined #salt
01:19 nicksloan joined #salt
01:34 sh123124213 joined #salt
01:39 nicksloan joined #salt
01:48 ilbot3 joined #salt
01:48 Topic for #salt is now Welcome to #salt! <+> Latest Versions: 2016.3.6, 2016.11.5 <+> Support: https://www.saltstack.com/support/ <+> 1st Salt Cloud Working Group meeting June 1st, 2017 https://goo.gl/o2OK49 <+> Logs: http://irclog.perlgeek.de/salt/ <+> Paste: https://gist.github.com/ <+> See also: #salt-devel, #salt-offtopic <+> We are volunteers and may not have immediate answers
01:49 nicksloan joined #salt
01:55 shred joined #salt
02:02 jas02 joined #salt
02:08 zerocoolback joined #salt
02:17 nicksloan joined #salt
02:19 Felgar joined #salt
03:06 Corey left #salt
03:23 J0hnSteel joined #salt
03:47 shred joined #salt
03:48 mpanetta joined #salt
03:55 fritz09 joined #salt
03:56 dxiri joined #salt
03:56 J0hnSteel joined #salt
03:57 colttt joined #salt
04:00 Ankita joined #salt
04:07 Ankita_ joined #salt
04:09 Gaurav_ joined #salt
04:11 Ankita joined #salt
04:16 edrocks joined #salt
04:27 evle joined #salt
04:32 shred joined #salt
04:53 Zachary_DuBois joined #salt
04:56 golodhrim|work joined #salt
05:09 MeltedLux joined #salt
05:24 mikea joined #salt
05:28 impi joined #salt
05:39 felskrone joined #salt
05:43 sh123124213 joined #salt
05:44 shred joined #salt
05:45 sh123124213 joined #salt
05:45 eseyman joined #salt
05:47 sh123124213 joined #salt
06:04 mavhq joined #salt
06:28 ahrs joined #salt
06:33 mikecmpbll joined #salt
06:42 preludedrew joined #salt
06:42 do3meli joined #salt
06:42 do3meli left #salt
06:54 zulutango joined #salt
06:55 rgrundstrom Good morning
06:56 sh123124213 joined #salt
06:58 colttt_ joined #salt
07:00 mpanetta joined #salt
07:00 Ricardo1000 joined #salt
07:02 jas02 joined #salt
07:03 teclator joined #salt
07:04 jas02 joined #salt
07:11 shred joined #salt
07:12 aldevar joined #salt
07:14 vlebo joined #salt
07:17 o1e9 joined #salt
07:20 dario joined #salt
07:21 ronnix joined #salt
07:26 fracklen joined #salt
07:28 fracklen joined #salt
07:29 nafg__ joined #salt
07:29 nafg joined #salt
07:30 Hybrid joined #salt
07:32 mikecmpbll joined #salt
07:41 justanotheruser joined #salt
07:41 sh123124213 joined #salt
07:49 vlebo joined #salt
07:58 colttt joined #salt
08:09 oida_ joined #salt
08:11 sh123124213 joined #salt
08:11 pbandark joined #salt
08:13 ronnix joined #salt
08:15 Rumbles joined #salt
08:24 dcpc007 hi a generic question on salt states (i'm very new :) ), i read that a state config could for exemple  configure a folder with a specific right. but if we change the folder right locally, what happens ?
08:24 dcpc007 the local config persist until we "push" the state again from the master ?
08:24 dcpc007 the state is automatically reapplied X second|minute after local change
08:25 dcpc007 state don't modify again becasue he detect a manual change ?
08:26 masber joined #salt
08:27 hemebond dcpc007: Nothing happens until you push the state out again.
08:27 dcpc007 is there a possibility to "maintain" the state automatically ?
08:28 dcpc007 like here i want specific rights on a folder, and some patch or install or user change them often ...
08:28 hemebond You can schedule the highstate in a number of ways, yes.
08:28 hemebond You can schedule it with Saltstack scheduler. With cron. Or even with beacons and reactors.
08:29 dcpc007 outch :)
08:29 Mattch joined #salt
08:29 dcpc007 i DL the doc, but 3500 pages ???
08:30 hemebond It's a management framework, not just some simple config management.
08:31 jhauser joined #salt
08:32 dcpc007 yes, but hard to start :)
08:32 dcpc007 is there an official starting doc, or tuto or brief examples ?
08:32 hemebond There are tutorials in the docs.
08:32 dcpc007 i must use my lunch time to try evaluate the product :)
08:32 Praematura joined #salt
08:33 dcpc007 can't really read thousands of pages like this
08:33 hemebond Install master. Install minion. Start sending commands :-)
08:34 hemebond Write state. Apply state.
08:38 upb hope they're not expecting a quality decision when evaluation and comparison time is limited to lunch :)
08:40 xet7 joined #salt
08:43 remyd1 joined #salt
08:47 remyd1 joined #salt
08:47 dcpc007 lol worse .... i want something to helpme manage more than 70 linux servers .. and they answer "no, don't loose time with useless things like your salt or puppet things ... work !!"
08:48 dcpc007 but they are ok to "go each month on each server one by one manually  to check the local user accounts and add/remove them if neccesarry ...."
08:50 dcpc007 ex here, i "need" to configure tomcatè application folder to a specific group (local fake user for the application, like an exploit acocunt), but all debian seucirty patch, reapply the default with chown/chmod -R on the root tomcat folder
08:50 dcpc007 then my dev can't manage the content .. and need to correct manually in urgence each time they can't work :-(
08:50 dcpc007 i think the state is the perfect answer globally
08:51 upb yeah you can use salt for that
08:55 dcpc007 need only to see how it works for the 'maintain state' (or avoid it for a specific local config)
09:03 dcpc007 or maybe another idea, have a process checking if the "real" state different than "client salt state", and send a warning like "state modified, you should push the state again"
09:03 hemebond dcpc007: That's what beacons can do.
09:03 hemebond Or just apply the state every 5 minutes using cron or Saltstack scheduler.
09:03 dcpc007 ha ok, i write it on my todo checklist :)
09:04 dcpc007 wow maybe heavy task :)
09:04 hemebond The state won't try to change anything if everything is already in the correct state.
09:04 SaltyVagrant joined #salt
09:04 hemebond Do you have something random changing permissions on your servers?
09:06 candyman88 joined #salt
09:13 impi joined #salt
09:13 tawm04 joined #salt
09:14 saintpablo joined #salt
09:14 sh123124213 joined #salt
09:16 ronnix joined #salt
09:32 J0hnSteel joined #salt
10:14 wangofett joined #salt
10:14 blathijs joined #salt
10:14 sjorge joined #salt
10:14 lubyou joined #salt
10:14 Karunamon joined #salt
10:14 shortdudey123 joined #salt
10:14 beardo joined #salt
10:14 kiltzman joined #salt
10:14 egilh joined #salt
10:14 dunz0r joined #salt
10:14 J0hnSteel joined #salt
10:14 gadams joined #salt
10:14 ntropy joined #salt
10:14 SamYaple joined #salt
10:14 beebeeep joined #salt
10:14 c4rc4s joined #salt
10:14 wwalker joined #salt
10:14 stupidnic joined #salt
10:14 tom29739 joined #salt
10:14 N-Mi joined #salt
10:14 nafg joined #salt
10:14 nafg__ joined #salt
10:14 whiteinge joined #salt
10:14 nledez joined #salt
10:14 t0m0 joined #salt
10:14 edgr joined #salt
10:14 armyriad joined #salt
10:14 cebreidian joined #salt
10:14 ronnix joined #salt
10:14 tawm04 joined #salt
10:14 impi joined #salt
10:14 candyman88 joined #salt
10:14 SaltyVagrant joined #salt
10:14 xet7 joined #salt
10:14 Praematura joined #salt
10:14 jhauser joined #salt
10:14 Mattch joined #salt
10:14 Rumbles joined #salt
10:14 pbandark joined #salt
10:14 oida_ joined #salt
10:14 colttt joined #salt
10:14 justanotheruser joined #salt
10:14 mikecmpbll joined #salt
10:14 Hybrid joined #salt
10:14 fracklen joined #salt
10:14 dario joined #salt
10:14 o1e9 joined #salt
10:14 aldevar joined #salt
10:14 jas02 joined #salt
10:14 teclator joined #salt
10:14 mpanetta joined #salt
10:14 zulutango joined #salt
10:14 preludedrew joined #salt
10:14 ahrs joined #salt
10:14 mavhq joined #salt
10:14 eseyman joined #salt
10:14 felskrone joined #salt
10:14 mikea joined #salt
10:14 golodhrim|work joined #salt
10:14 Zachary_DuBois joined #salt
10:14 cyteen_ joined #salt
10:14 Phanes joined #salt
10:14 relidy joined #salt
10:14 schemanic joined #salt
10:14 Bryson joined #salt
10:14 VR-Jack2-H joined #salt
10:14 aarontc joined #salt
10:14 dyasny joined #salt
10:14 k_sze[work] joined #salt
10:14 matt11_ joined #salt
10:14 cmichel joined #salt
10:14 patrek joined #salt
10:14 miruoy joined #salt
10:14 cro joined #salt
10:14 fxhp joined #salt
10:14 kbaikov joined #salt
10:14 gmoro joined #salt
10:14 Bock joined #salt
10:14 Sammichmaker joined #salt
10:14 bdrung_work joined #salt
10:14 Rubin joined #salt
10:14 q1x joined #salt
10:14 JohnnyRun joined #salt
10:14 nebuchadnezzar joined #salt
10:14 dcpc007 joined #salt
10:14 iggytest joined #salt
10:14 om2 joined #salt
10:14 rgrundstrom joined #salt
10:14 JPT joined #salt
10:14 chowmeined joined #salt
10:14 mquin joined #salt
10:14 hemebond joined #salt
10:14 Sarphram joined #salt
10:14 CrummyGummy joined #salt
10:14 Awesomecase joined #salt
10:14 KevinAn2757 joined #salt
10:14 wonko21 joined #salt
10:14 swa_work joined #salt
10:14 Antiarc joined #salt
10:14 Lionel_Debroux joined #salt
10:14 snarked joined #salt
10:14 rathier joined #salt
10:14 LostSoul joined #salt
10:14 lorengordon joined #salt
10:14 yidhra joined #salt
10:14 eichiro joined #salt
10:14 czchen joined #salt
10:14 theblazehen joined #salt
10:14 freelock joined #salt
10:14 fujexo[m] joined #salt
10:14 jor joined #salt
10:14 skrobul joined #salt
10:14 skeezix-hf joined #salt
10:14 ekkelett joined #salt
10:14 tbrb joined #salt
10:14 Ouzo_12 joined #salt
10:14 dankolbrs joined #salt
10:14 godlike joined #salt
10:14 linovia joined #salt
10:14 jcristau joined #salt
10:14 debian112 joined #salt
10:14 toofoo[m] joined #salt
10:14 feliks joined #salt
10:14 tellendil joined #salt
10:14 CeBe joined #salt
10:14 Laogeodritt joined #salt
10:14 mrueg joined #salt
10:14 pewpew joined #salt
10:14 hashwagon joined #salt
10:14 jmiven joined #salt
10:14 SaucyElf joined #salt
10:14 lordcirth_work joined #salt
10:14 promorphus joined #salt
10:14 eightyeight joined #salt
10:14 Heartsbane joined #salt
10:14 matt11 joined #salt
10:14 Circuitsoft joined #salt
10:14 Whissi joined #salt
10:14 Swant joined #salt
10:14 pfallenop joined #salt
10:14 Diaoul joined #salt
10:14 wych joined #salt
10:14 brd joined #salt
10:14 gtmanfred joined #salt
10:14 carmony joined #salt
10:14 euidzero joined #salt
10:14 watersoul joined #salt
10:14 jab416171 joined #salt
10:14 TomJepp joined #salt
10:14 utahcon joined #salt
10:14 v0rtex joined #salt
10:14 duckfez joined #salt
10:14 feld joined #salt
10:14 Yamazaki-kun joined #salt
10:14 ventris joined #salt
10:14 swills joined #salt
10:14 Reverend joined #salt
10:14 toastedpenguin joined #salt
10:14 gnord joined #salt
10:14 borgstrom joined #salt
10:14 nethershaw joined #salt
10:14 inire joined #salt
10:14 hrumph joined #salt
10:14 pcn joined #salt
10:14 darvon joined #salt
10:14 notCalle joined #salt
10:14 stewgoin joined #salt
10:14 dxtr joined #salt
10:14 GnuLxUsr joined #salt
10:14 manji joined #salt
10:14 KennethWilke joined #salt
10:14 poseur joined #salt
10:14 stotch joined #salt
10:14 majuscule joined #salt
10:14 Udkkna joined #salt
10:14 tobiasBora joined #salt
10:14 hoonetorg joined #salt
10:14 Hydrosine joined #salt
10:14 icebal joined #salt
10:14 pheonix991 joined #salt
10:14 Kelsar joined #salt
10:14 OliverMT joined #salt
10:14 McNinja joined #salt
10:14 sknebel joined #salt
10:14 Deliant joined #salt
10:14 upb joined #salt
10:14 Edgan joined #salt
10:14 canci joined #salt
10:14 dograt joined #salt
10:14 saltyotter joined #salt
10:14 major joined #salt
10:14 cb joined #salt
10:14 hackel joined #salt
10:14 ThomasJ|m joined #salt
10:14 Jon-Envisioneer[ joined #salt
10:14 saintaquinas[m] joined #salt
10:14 jerrykan[m] joined #salt
10:14 gomerus[m] joined #salt
10:14 benjiale[m] joined #salt
10:14 v3x joined #salt
10:14 Guest59562 joined #salt
10:14 Morrolan joined #salt
10:14 baffle joined #salt
10:14 Sketch joined #salt
10:14 benner joined #salt
10:14 cliluw joined #salt
10:14 jf_sebastian joined #salt
10:14 cwright joined #salt
10:14 pmcg joined #salt
10:14 tom[] joined #salt
10:14 goal joined #salt
10:14 riftman joined #salt
10:14 packeteer joined #salt
10:14 NightMonkey joined #salt
10:14 LordOfLA joined #salt
10:14 synical joined #salt
10:14 peters-tx joined #salt
10:14 tru_tru joined #salt
10:14 rwaweber joined #salt
10:14 heyimawesome joined #salt
10:14 davromaniak joined #salt
10:14 BlackBishop joined #salt
10:14 armguy joined #salt
10:14 guerby joined #salt
10:14 Yoda-BZH joined #salt
10:14 aerbax joined #salt
10:14 rubenb joined #salt
10:14 jessexoc joined #salt
10:14 gimpy936 joined #salt
10:14 Savemech joined #salt
10:14 WKNiGHT joined #salt
10:14 alexlist joined #salt
10:14 Ashald joined #salt
10:14 chadhs joined #salt
10:14 Shirkdog joined #salt
10:14 muep_ joined #salt
10:14 Ssquidly joined #salt
10:14 garphy joined #salt
10:14 kloeri joined #salt
10:14 drags1 joined #salt
10:14 TRManderson joined #salt
10:14 jhujhiti joined #salt
10:14 djinni` joined #salt
10:14 RS-232 joined #salt
10:14 cyraxjoe joined #salt
10:14 bigjazzsound joined #salt
10:14 zach joined #salt
10:14 permalac joined #salt
10:14 ashmckenzie joined #salt
10:14 Gabemo joined #salt
10:14 Dr_Jazz joined #salt
10:14 AvengerMoJo joined #salt
10:14 karlthane joined #salt
10:14 dnull joined #salt
10:14 shanth joined #salt
10:14 ujjain joined #salt
10:14 dlloyd joined #salt
10:14 kshlm joined #salt
10:14 coredumb joined #salt
10:14 filippos joined #salt
10:14 k4kvm joined #salt
10:14 smkelly joined #salt
10:14 akbarali joined #salt
10:14 __number5__ joined #salt
10:14 adelcast joined #salt
10:14 rawzone joined #salt
10:14 attente joined #salt
10:14 lionel joined #salt
10:14 kwork joined #salt
10:14 tapoxi joined #salt
10:14 mat_ joined #salt
10:14 PFault joined #salt
10:14 fleaz joined #salt
10:14 lunarlamp joined #salt
10:14 bwellsnc joined #salt
10:14 ponyofdeath joined #salt
10:14 FreeSpencer joined #salt
10:14 awpti joined #salt
10:14 legreffier joined #salt
10:14 descrepes joined #salt
10:14 bergei joined #salt
10:14 rewbycraft joined #salt
10:14 bryguy joined #salt
10:14 uncool joined #salt
10:14 hillna joined #salt
10:14 scarcry joined #salt
10:14 izibi joined #salt
10:14 robinsmidsrod joined #salt
10:14 devster31 joined #salt
10:14 gmacon joined #salt
10:14 arif-ali joined #salt
10:14 Qlawy joined #salt
10:14 chron0 joined #salt
10:14 simonmcc joined #salt
10:14 jagguli- joined #salt
10:14 doriftoshoes_ joined #salt
10:14 babilen joined #salt
10:14 klaas joined #salt
10:14 andi- joined #salt
10:14 capn-morgan joined #salt
10:14 monokrome joined #salt
10:14 hexa- joined #salt
10:14 Baycone joined #salt
10:14 nicotine joined #salt
10:14 nineteen joined #salt
10:14 LeProvokateur joined #salt
10:14 jrklein joined #salt
10:14 afics joined #salt
10:14 valkyr2e joined #salt
10:14 xmiao joined #salt
10:14 viq joined #salt
10:14 bd joined #salt
10:14 futuredale joined #salt
10:14 nickadam joined #salt
10:14 dragon788 joined #salt
10:14 alem0lars joined #salt
10:14 SteamWells joined #salt
10:14 kavakava joined #salt
10:14 djural joined #salt
10:14 frew joined #salt
10:14 irated joined #salt
10:14 rmc3 joined #salt
10:14 al joined #salt
10:14 vaelen joined #salt
10:14 sarlalian joined #salt
10:14 pppingme joined #salt
10:14 demize joined #salt
10:14 mirko joined #salt
10:14 Gareth joined #salt
10:14 Puckel_ joined #salt
10:14 scooby2 joined #salt
10:14 tcolvin joined #salt
10:14 bbhoss joined #salt
10:14 nahkiss joined #salt
10:14 ConnorCG joined #salt
10:14 Vye_ joined #salt
10:14 inetpro joined #salt
10:14 SneakyPhil joined #salt
10:14 Nightcinder joined #salt
10:14 rylnd joined #salt
10:14 hacks joined #salt
10:14 Artanicus joined #salt
10:14 supermike_ joined #salt
10:14 simmel joined #salt
10:14 CaptTofu__ joined #salt
10:14 spiette joined #salt
10:14 weylin joined #salt
10:14 phobosd joined #salt
10:14 mihait joined #salt
10:14 petems joined #salt
10:14 copelco joined #salt
10:14 carlwgeorge joined #salt
10:14 straya joined #salt
10:14 shalkie joined #salt
10:14 mr_kyd joined #salt
10:14 jerrcs joined #salt
10:14 dwfreed joined #salt
10:14 izrail_ joined #salt
10:14 leev joined #salt
10:14 Mogget_ joined #salt
10:14 dober joined #salt
10:14 APLU joined #salt
10:14 Shados joined #salt
10:14 psy0rz joined #salt
10:14 Eugene joined #salt
10:14 sybix joined #salt
10:14 KingJ joined #salt
10:14 daemonkeeper joined #salt
10:14 ToeSnacks joined #salt
10:14 lookcrabs joined #salt
10:14 mishanti1 joined #salt
10:14 ople joined #salt
10:14 m0nky joined #salt
10:14 moy joined #salt
10:14 munhitsu_ joined #salt
10:14 evidence joined #salt
10:14 Xevian joined #salt
10:14 shakalaka joined #salt
10:14 shadoxx joined #salt
10:14 pocketprotector joined #salt
10:14 Twiglet joined #salt
10:14 adongy joined #salt
10:14 theanalyst joined #salt
10:14 lastmikoi joined #salt
10:14 Dev0n joined #salt
10:14 jesusaur joined #salt
10:14 tongpu_ joined #salt
10:14 lazybear joined #salt
10:14 phtes joined #salt
10:14 bantone joined #salt
10:14 MajObviousman joined #salt
10:14 Nebraskka joined #salt
10:14 bob_twinkles joined #salt
10:14 coldbrewedbrew_ joined #salt
10:14 rodr1c joined #salt
10:14 jwon joined #salt
10:14 coldbrewedbrew joined #salt
10:14 onovy joined #salt
10:14 trent joined #salt
10:14 LotR joined #salt
10:14 mkillebrew joined #salt
10:14 dev_tea joined #salt
10:14 honestly joined #salt
10:14 nkuttler joined #salt
10:14 Guest79428 joined #salt
10:14 federico3 joined #salt
10:14 Ryan_Lane joined #salt
10:14 johtso joined #salt
10:14 systeem joined #salt
10:14 chutzpah joined #salt
10:14 robawt joined #salt
10:14 NeoXiD joined #salt
10:14 daxroc joined #salt
10:14 quarcu_ joined #salt
10:14 tvinson_ joined #salt
10:14 dh joined #salt
10:14 Ahlee joined #salt
10:14 lkannan joined #salt
10:14 berto- joined #salt
10:14 Vaelatern joined #salt
10:14 Joy joined #salt
10:14 hax404 joined #salt
10:14 bbradley joined #salt
10:14 rideh joined #salt
10:14 kuromagi joined #salt
10:14 averell joined #salt
10:14 s0undt3ch joined #salt
10:14 qman__ joined #salt
10:14 Rkp joined #salt
10:14 StolenToast joined #salt
10:14 spaceman_spiff joined #salt
10:14 mschiff joined #salt
10:14 rofl____ joined #salt
10:14 lstor joined #salt
10:14 Edur joined #salt
10:14 Arendtsen joined #salt
10:14 froztbyte joined #salt
10:14 v12aml joined #salt
10:14 teratoma joined #salt
10:14 toabi joined #salt
10:14 skullone joined #salt
10:14 Hipikat joined #salt
10:14 ThomasJ joined #salt
10:14 Ch3LL joined #salt
10:14 jeblair joined #salt
10:14 tyler-baker joined #salt
10:14 jshm joined #salt
10:14 HRH_H_Crab joined #salt
10:14 evilrob joined #salt
10:14 elektrix joined #salt
10:14 pezus joined #salt
10:14 the_lalelu joined #salt
10:14 oyvindmo joined #salt
10:14 mTeK joined #salt
10:14 xMopxShell joined #salt
10:14 mk-fg joined #salt
10:14 g3cko joined #salt
10:14 llua joined #salt
10:14 meca joined #salt
10:14 tehsu joined #salt
10:14 setkeh joined #salt
10:14 wybczu joined #salt
10:14 darix joined #salt
10:14 Annihitek joined #salt
10:14 whyzgeek joined #salt
10:14 kevc_ joined #salt
10:14 codehotter joined #salt
10:14 twiedenbein joined #salt
10:14 stankmack joined #salt
10:14 ub1quit33 joined #salt
10:14 ws2k3 joined #salt
10:14 rickflare joined #salt
10:14 brokensyntax joined #salt
10:14 jgelens joined #salt
10:14 MasterNayru joined #salt
10:14 Kruge joined #salt
10:14 TooLmaN joined #salt
10:14 alias joined #salt
10:14 GothAck joined #salt
10:14 rome_390 joined #salt
10:14 CheckYourSix joined #salt
10:14 saltsa joined #salt
10:14 oliv` joined #salt
10:14 tedski joined #salt
10:14 hoolio joined #salt
10:14 MTecknology joined #salt
10:14 Llmiseyhaa joined #salt
10:14 JPaul joined #salt
10:14 saltstackbot joined #salt
10:14 asoc joined #salt
10:14 chamunks joined #salt
10:14 mauli joined #salt
10:14 wryfi joined #salt
10:14 iggy joined #salt
10:14 dhoutz joined #salt
10:14 esharpmajor joined #salt
10:14 Sacro joined #salt
10:14 mrud joined #salt
10:14 Armadillo joined #salt
10:14 pjs joined #salt
10:14 ahammond joined #salt
10:14 ropes joined #salt
10:14 scc joined #salt
10:14 MikaT joined #salt
10:14 dustywusty joined #salt
10:14 blue joined #salt
10:14 graffic joined #salt
10:14 hemebond dcpc007: Yes.
10:14 Reverend hemebond seems legit
10:14 Reverend my bad. zombie reply. had my buffer scrolled up
10:14 hemebond blathijs: States are fairly straight-forward.
10:14 hemebond Reverend: LOL, no worries :-D
10:15 hemebond blathijs: Not sure what you mean by nested dicts.
10:18 mbologna joined #salt
10:19 nledez joined #salt
10:19 babilen blathijs: Could you give an example of a state file (SLS) that you struggle with? Might be easier to walk you through an actual example.
10:19 dcpc007 hemebond: thx ... think will be easier to make global change and add exceptions for filtered files (like chmod -R 664 <folder> && chmod 775 on a find <folder>/*.sh recursively
10:20 edrocks joined #salt
10:21 dcpc007 boring to have to take on my personal time to try salt and (maybe) convince head office to go with it
10:21 Reverend hey blathijs :) babilen is right. if you could give us a bit more info, we might be able to help. I'm not 100% sure if you mean the structure of the sls files themselves, or the structure of the states inside those files.
10:22 dcpc007 adn quickly it's not a "small" thing to configure and keep "logically" and easy to read ...
10:22 hemebond dcpc007: Looks like you're trying to script it. Think in "states" instead of imperative instructions.
10:22 hemebond "I want this to be like this. Salt, go do it."
10:22 hemebond or rather "Salt, make sure that's how it is"
10:22 babilen Yeah, salt is declarative
10:24 Reverend same as puppet. All salt does is say "make sure that this is in this certain state." i.e. if you want something to be writable, you don't do +w on it every time, salt just says "is this writable? yes okay. moving on"
10:24 Reverend dcpc007 ^
10:25 blathijs hemebond: babilen: Let me look for an example. Tbh, it's been a while ago that I worked through the docs, so I'll have to dig a bit to reproduce all of my confusion again, and in the last few minutes I think a few pieces dropped into place already. One of the things that seem confusing is that an sls file can contain multiple ids and each id can contain multiple states, which again contain a function (not sure
10:25 blathijs if that can be multiple functions too). And, the fact that the id is implicitely used as an argument to the states also makes things less easy to read (but I can see it helps write compact state files, of course)
10:26 tom29739 joined #salt
10:26 hemebond Yeah, the ID as "name" causes a fair bit of confusion. The docs should really introduce that at the end I reckon.
10:26 babilen blathijs: Sure -- fwiw, I don't typically subsume multiple states under the same ID unless it essentially boils down to the holy trifecta of foo: pkg.installed, file.managed (config), service.running :)
10:29 Reverend babilen: couldn't agree more. I can't remember the last time I boshed together multiple states into the same ID. We usually do something like "nginx-install:" "nginx-config:" "nginx-service:"
10:30 blathijs A different question then: Is my observation correct that the require/requisite stuff only introduces an order between states that were selected to be run already (e.g. because they are in the same sls or included or both referenced by the topfile)? So having state_a in the top file, and have state_a require state_b does not cause state_b to be run?
10:30 * Neighbour waves to blathijs
10:30 blathijs Neighbour: \o
10:30 hemebond blathijs: If A requires B, it actually requires B to succeed.
10:30 Reverend blathijs: requisites allow you to say "make sure this file is here before I restart this state" for instance. You can requisite from a different state, but you need to include it first.
10:30 Reverend AFAIK ^
10:31 Reverend s/state/service/
10:31 blathijs Yeah, that's how it appears to me, though the docs are really not explicit about this
10:31 hemebond There is no automatic including. You have to make sure to include/apply all the relevant/required states.
10:31 Reverend hemebond +1
10:33 babilen blathijs: Requisites define relationships between states (and states only!) in that you can define order and actions when state have changes or fail.
10:33 dcpc007 hemebond: ha yes, currently i see what i do manually (or via scripts) and try to see if it's possible (and not too complicated) to do with salt
10:33 babilen Which allows you to express the following, for example: "Make sure to run service *after* you successfully created the configuration file and restart the service if it has changes"
10:34 Reverend yarp
10:34 mage_ joined #salt
10:34 mage_ hello
10:34 Reverend babilen: tbh, services are a weird one, cus I've found putting order: last on them makes them much more reliable for when I forget to add requisites to them.
10:34 Reverend xD
10:34 blathijs So, let me ask some advice on how to structure this then. I have a hostname.sls that sets the network hostname, but since I run an older version of salt, I also have a patch.sls that applies a patch to salt so it doesn't break on domainless hostnames. I now added require_in: network: * to the patch.sls, hoping that would mean it would be included/run whenever a network state was used, but apparently that's not
10:34 blathijs the case. I think I could add an include: patch to all states using network, would you recommend that? Or is there some way to have an include_in kind of reverse include so the network states don't have to reference the patch explicitly?
10:34 mage_ any idea how can I override pillar keys ?
10:35 Reverend blathijs: what state have you added that requisite to? service.running?
10:35 hemebond mage_: Just put it in another file.
10:35 mage_ I have in a:b:FOO in a.sls and include: a in b.sls with a:b:BAR
10:35 babilen blathijs: You would include the patch.sls *and* define a "require" requisite in the actual states that, well, require the patch to be applied.
10:36 mage_ but it stays FOO instead of BAR
10:36 hemebond Hmm. The merge order might not be determinative.
10:37 babilen mage_: https://docs.saltstack.com/en/latest/ref/configuration/master.html#pillar-merging-options
10:38 blathijs Reverend: This is what I have now: https://gist.github.com/matthijskooijman/01c8e8218e59b3ef764f27e1266c67fd
10:38 mage_ babilen: thanks I'll take a look at it :)
10:38 blathijs babilen: I can see how that works, but I'd prefer a reverse approach, where the dependency is only declared in patch.sls, not in all states that need it.
10:38 Reverend blathijs what you're saying there is "file.patch" will run as long as hostname is okay. but file.patch will only run if it needs to.
10:39 mage_ but this is a global setting, right ?
10:39 Reverend but
10:39 Reverend blathijs: I see what you're aiming for, but you need to include network first.
10:39 Reverend hang on
10:39 mage_ it would be good if the merge strategy could be set per file
10:39 hemebond blathijs: Use the _in requisites.
10:39 Neighbour blathijs: require_in needs to be fed a list of 'module: ID'
10:39 Neighbour (all requisites require a format like that)
10:40 Reverend blathijs: https://docs.saltstack.com/en/latest/ref/states/requisites.html <-- do a find in that page for "php.sls"
10:40 Reverend that shows you how to requisite from another state.,
10:42 blathijs But there the primary state (that would be referenced in the topfile) is php.sls, while I would want to reference hostname.sls, not patch.sls
10:43 blathijs "file.patch" will run as long as hostname is okay <-- Doesn't require_in do the reverse? Make sure that network.* runs as long as file.patch is ok?
10:43 Reverend then do it the other way round. include it in your hostname.sls, and do a _in as hemebond says
10:44 Reverend blathijs: if A required_in on B, that's the same as saying B requires A.
10:45 blathijs Reverend: yeah, and have file.patch requires_in network.*, so I think you interpreted it in reverse then?
10:46 Reverend what do you mean by network.*?
10:46 Reverend sls: network?
10:48 Reverend i wonder, babilen if we include a state, and have a require on that sls, will the entire sls fail if that require fails? :o
10:49 blathijs Reverend: I mean any state that uses a function within network (terminology might be off, though)
10:50 Reverend yeah. for sure.
10:50 Reverend :P
10:51 hemebond Reverend: I think it creates a require for each state in the file so I think it would fail.
10:51 blathijs Reverend: But instead of network: * I could just use network: hostname, which I think should match the state in hostname.sls?
10:52 babilen blathijs: Even if you could use wildcards/globbing in requisite definitions, this would still require you to include every SLS in which you use a "network:  " state in "patch.sls"
10:52 babilen But .. bbl (lunch is such a nice thing)
10:52 blathijs Oh wait, network: hostname refers to an id "hostname", not the function "hostname"
10:53 Reverend babilen blathijs: AFAIK, the states in another sls can't have conflicting names, and it's basically taking the file contents and du,ping it right where you did the include.
10:53 Reverend correct me if I'm wrong someone.
10:53 Reverend so once you include something, youc an juse use the state's ID as you would normally.
10:53 hemebond Reverend: You mean with a Salt "include:"?
10:53 Reverend yarp
10:53 hemebond It doesn't copy the code over/
10:54 hemebond It gets included into the state tree/list once.
10:54 drawsmcgraw joined #salt
10:54 hemebond State tree/list being the list of every single state that will be applied.
10:54 Reverend i mean in terms of how it works, not how it -actuyally- works.
10:54 babilen blathijs: As mentioned earlier: requisites are strictly between states. The references are a tuple of <state execution module, (state id|state name argument)>
10:55 Neighbour hemebond: So if I include an sls, salt won't automatically execute all states in that included sls?
10:55 Reverend hemebond: I rarely care how salt puts the things together for rls... i'm more saying about how the user -sees- it working. :3 like I said, I may be 100% wrong :P
10:55 blathijs babilen: So, in summary expressing "run this state before running any other state that uses the network module" isn't really possible. Instead, I should just modify all states that use the network module to include and require patch.sls.
10:55 hemebond Neighbour: It will execute them, yes. They are being included in the state tree.
10:56 Neighbour hemebond: ok
10:56 Reverend blathijs: why don't you add it into the top where network is referenced?
10:56 hemebond Reverend: Even thinking about it from the users perspective you should think of it as being included into the state list rather than a particular file.
10:56 babilen blathijs: Requisites like that are tricky .. I also wouldn't necessarily want to maintain those requisites with every single state (that gets old fast). I would, probably, tackle it in such a way, that the salt *service* requires that patch.
10:57 johnkeates joined #salt
10:57 babilen It would be nice if we could say something like "require: foo: bar*-baz" but we can't IIRC (unless it has been addressed recently)
10:58 Reverend hemebond: eh. am I right in thinking that they can't have conflicting state names though?
10:58 Reverend ID's i mean
10:58 blathijs Reverend: If you add it to the top file (instead of including it from hostname.sls, right?) then you would still need a require between hostname and patch (and, since it seems wildcards are not supported, this means to keep a require_in list in patch.sls that mentions all states using network, which seems error-prone)
10:58 hemebond Conflicting where?
10:59 hemebond Also state tree/list == "High data" I think
10:59 hemebond Reverend: Oh, _can't_ have conflicting IDs, yes, correct.
11:00 hemebond Which is why it's better to think of Salt includes as being pulled into the high data rather than a particular SLS file.
11:00 hemebond It's similar to importing a Python module.
11:00 hemebond As opposed to including a CPP header file.
11:00 hemebond *C++
11:04 blathijs So if you have apache: pkg.installed in one sls file and apache: service.running in another, these cannot include eachother?
11:04 blathijs If so, that would seem like this use-id-as-name-param thing is actually quite fragile?
11:05 hemebond blathijs: I'm going to need to test that to be sure.
11:07 hemebond Yes, IDs conflict.
11:07 hemebond But it's a good idea to make your state IDs a little more descriptive.
11:07 hemebond Of course, I use file paths as IDs to make sure only one state is managing it.,
11:08 hemebond For everything else I try to use a descriptive state ID to help me find the state.
11:09 babilen blathijs: fwiw, you can use globs, but you still have to include all states that you want to reference
11:09 babilen So .. lunch
11:09 Neighbour hmm, so you can't include ID's from another sls, even though they all get stuffed into the same highdata (which is why they need to be unique)..
11:09 Neighbour that seems typical :)
11:09 Neighbour s/include/require/
11:12 hemebond Mmm? You can require states in other files.
11:12 Neighbour without including them explicitly?
11:12 hemebond No.
11:12 debian112 joined #salt
11:12 hemebond You have to put them into the high data.
11:13 Neighbour isn't that the case already if i get them included in the top.sls?
11:13 mavhq joined #salt
11:16 hemebond Yes, including them via top.sls puts them into the high data
11:17 Neighbour ok, so I can require states from a.sls in b.sls without explicitly including a.sls in b.sls if they are both added by the top.sls? Good
11:17 hemebond ????
11:18 hemebond The requisites and dependencies stuff is for assuring order between states.
11:18 hemebond ensuring?
11:23 amcorreia joined #salt
11:33 johnkeates left #salt
11:33 johnkeates joined #salt
11:33 johnkeates i need pepper
11:50 zerocoolback joined #salt
11:52 colttt joined #salt
11:59 blathijs So I now have this, which seems to work as expected: https://gist.github.com/matthijskooijman/01c8e8218e59b3ef764f27e1266c67fd (it's not perfect since hostname.sls needs to reference patch.sls, but it works well enough)
12:00 hemebond Why is that not perfect?
12:01 blathijs hemebond: If I now add another state that uses the network module, I have to remember that it also needs to reference the patch. Ideally, the patch state would be automatically included by any state that uses the network module.
12:01 hemebond What?
12:01 hemebond Oh.
12:01 Neighbour blathijs: Maybe you need to put them all in the top.sls
12:01 hemebond You mean if you need to use the network state module anywhere you need to patch the file?
12:01 hemebond What Neighbour said.
12:02 hemebond Why not just patch all your machines?
12:03 blathijs hemebond: In this case, that would probably be a practical solution, though it's not what I'd ideally like to express. But perhaps I should get used to how salt works a bit more, I might be looking from the wrong perspective :-)
12:04 blathijs Even when I patch all my machines, though, I would still need to add a require directive to ensure the patch is run before the network state
12:05 hemebond Yes, you would.
12:05 hemebond Or...
12:05 hemebond Just put "first" into that patch state.
12:05 blathijs and AFAICS require_in can be used, but still needs to list the ids (since * as I had before probably doesn't work)
12:05 hemebond or whatever the ordering thing is.
12:05 thinkt4nk joined #salt
12:06 hemebond https://docs.saltstack.com/en/latest/ref/states/ordering.html#the-order-option
12:06 blathijs Ah, practical approach :-)
12:07 blathijs Thanks for all the pointers and thoughts so far, let's see if I can actually add some useful states next :-)
12:07 blathijs Lunchtime first, though
12:08 hemebond If you're having to patch salt-minion to fix something maybe a custom package/build would be better.
12:08 hemebond Otherwise, order: 1 should suffice.
12:12 yoyyo joined #salt
12:12 hemebond (you can install salt-minion from a Git repo too I think)
12:13 blathijs hemebond: I'll probably upgrade to a newer Debian version at some point, but letting salt patch itself seemed like clever and quick fix to get me going at least :-)
12:13 hemebond What does your patch actually do?
12:14 hemebond Also, you might have to restart salt-minion for your patch to take effect. Have you tested it?
12:15 ronnix joined #salt
12:16 dev_tea joined #salt
12:16 Neighbour you only need to restart the minion if you patch files in salt/utils
12:16 Neighbour modules and states get auto(re)loaded
12:17 colttt joined #salt
12:17 hemebond Oh neat.
12:20 dev_tea joined #salt
12:25 _JZ_ joined #salt
12:26 bluenemo joined #salt
12:28 dev_tea joined #salt
12:31 dcpc007 bugs/problems are reported on the github project ?
12:31 teclator joined #salt
12:31 hemebond Correct.
12:31 johnkeates yes
12:32 dcpc007 i create here : https://github.com/saltstack/salt/issues/41482
12:32 hemebond Pretty sure I've seen an issue with that already.
12:35 hemebond Also, maybe put the output into proper formatting.
12:35 hemebond To make it easier to read.
12:35 xet7 joined #salt
12:40 colegatron joined #salt
12:41 cyborg-one joined #salt
12:42 numkem joined #salt
12:43 nicksloan joined #salt
12:47 ronnix joined #salt
12:49 blathijs hemebond: My patch does this: https://github.com/saltstack/salt/commit/db59591b113fbf0b77812016901b568eec615d58?diff=unified
12:50 hemebond Ah
12:50 StolenToast joined #salt
12:57 edrocks joined #salt
13:01 toastedpenguin joined #salt
13:04 ronnix joined #salt
13:04 edrocks joined #salt
13:07 brousch__ joined #salt
13:22 Brew joined #salt
13:23 Neighbour hemebond: If I include an sls-file, and then use the listen_in-requisite...will the entire sls-file only be executed at the very end if the requiring state finishes succesfully and with changes?
13:23 Neighbour i.e. does the 'require an entire sls file' work with all the differnet requisite types?
13:23 Neighbour different*
13:24 kedare joined #salt
13:25 kedare Hi all :)
13:25 kedare Small question, is there a way to use the rabbitmq modules without having rabbitmq directly installed ? In my case the RabbitMQ is running in a docker container
13:26 Neighbour kedare: Unfortunately, salt's rabbitmq-module requires rabbitmqctl to be present on the system the minion is running on
13:26 kedare I'm trying to do something like that but I have the __virtual__ returned false, I suppose this is related to that : https://gist.github.com/kedare/c3cd382ba57277010671e1c065225b18
13:26 kedare Hmm ok
13:27 kedare So installing RabbitMQ on the host could allow me to run the commands against the container ?
13:27 kedare Or I need to run everything directly on the host ?
13:27 Neighbour if you have a salt minion in the container, then you should be good
13:27 kedare In my case the minion runs on the host
13:28 PatrolDoom joined #salt
13:29 Neighbour salt's rabbitmq-module looks like a wrapper for issuing commands through rabbitmqctl...so if you can do what you want with rabbitmq installed on your host, then salt can do so as well (probably...)
13:29 ssplatt joined #salt
13:30 PatrolDoom joined #salt
13:31 kedare Hmm I'm gonna try that so :)
13:31 kedare Thanks
13:32 hemebond Neighbour: I would think so.
13:33 kedare Hmm looks like that would be more complicated than that, as rabbitmqctl use the erlang IPC I think, it detects it's running on another node and would not connect by default
13:33 hemebond e.g., service has listen pointing at an SLS file full of file.managed and stuff; if any changes are made in that SLS the service will be restarted.
13:34 alem0lars I'm trying to use dockerng states (that need docker-py package as dependency). However, when I try to apply the state I get: "An importable pip module is required but could not be found on your system. This usually means that the system's pip package is not installed properly."
13:34 hemebond alem0lars: Restarting salt-minion?
13:34 hemebond *restarted
13:34 alem0lars How can I solve that problem? (pip is already installed, I've also tried to install pip with easy install)
13:35 ronnix joined #salt
13:35 hemebond Is this Debian Jessie?
13:35 alem0lars hemebond: I can't restart salt-minion (it's production environment running ubuntu 14.04)
13:35 hemebond You can't restart salt-minion? Why is that?
13:36 alem0lars I am not allowed, because if somehow it doesn't restart correctly, I lose access to the minion (I have no ssh access)
13:36 alem0lars I've tried to use "reload_modules: True" but it doesn't work...
13:37 alem0lars hemebond: -^
13:37 hemebond Does the pip execution module work?
13:37 hemebond e.g., salt '*' pip.list
13:38 alem0lars I've tried with both: https://paste.pound-python.org/show/5h2HTNJqov1G5E1kKuVk/
13:38 alem0lars and: https://paste.pound-python.org/show/zGdbyVTeyIBAfoeS9WFN/
13:39 hemebond Hmm. Installing both pip and python-pip might cause a problem.
13:39 alem0lars I've also tried only with python-pip
13:39 hemebond Oh wait, you removed it.
13:39 alem0lars yeah, the first method tries to install pip with easy_install
13:39 hemebond By default states are executed in the order they're defined in the file.
13:39 hemebond So you don't necessarily need a require there; just as aside.
13:39 alem0lars the second method with python-pip (e.g. the package manager)
13:40 alem0lars kk thanks
13:40 hemebond salt minion saltutil.refresh_modules
13:40 hemebond Oh wait, different modules. NVM.
13:42 alem0lars here is the result of the execution of "salt probe_foobar pip.list": https://paste.pound-python.org/show/Y14ZMsqL2ULlUALyJ4cC/
13:43 hemebond What version of Python is installed?
13:44 alem0lars cmd.run "python --version" gives: "Python 2.7.6"
13:47 dxiri joined #salt
13:47 racooper joined #salt
13:47 hemebond I have https://paste.pound-python.org/show/sM7PhIq9lqrJipszqLUY/ in my states.
13:47 hemebond Not sure how different that is to yours.
13:48 hemebond https://paste.pound-python.org/show/yrUeAjxnaT1WltCaOxuB/
13:48 alem0lars I dont think that solves tho
13:49 hemebond Maybe not. But I did have problems with PIP and now I don't.
13:49 alem0lars oh
13:49 hemebond But I am using Debian Jessie.
13:49 alem0lars i'll try that in a sec
13:49 alem0lars and you have in files directory the get-pip.py script, right?
13:49 ssplatt joined #salt
13:49 hemebond I've been through several issues (probably the same you've already read) and can't see a clear resolution.
13:50 hemebond Oh, get-pip.py is just downloaded from PIP website or something.
13:50 hemebond Yes, in a "files" directory.
13:51 hemebond Ah, https://github.com/saltstack/salt/issues/38916#issuecomment-299913554
13:51 hemebond That's the error I was seeing originally.
13:51 hemebond About IncompleteRead.
13:51 hemebond That's what my PIP states fix.
13:52 SaucyElf joined #salt
14:02 evle1 joined #salt
14:03 aneeshusa joined #salt
14:05 coredumb Am I missing something or is it not possible to put pillars per minion in vault ?
14:05 babilen coredumb: You can put whatever you want in vault
14:06 coredumb babilen: yes but the pillar module can only fetch a single secret
14:06 coredumb or ?
14:06 babilen Are you referring to https://docs.saltstack.com/en/latest/ref/pillar/all/salt.pillar.vault.html ?
14:06 coredumb from my testing path value must point to a secret
14:06 coredumb babilen: yes
14:08 babilen Ah, I think what you are after are different tokens for your minions?
14:08 coredumb babilen: mmmmh
14:09 coredumb I'd prefer not having my minions connect directly to the vault but only the master
14:09 babilen Wouldn't that require the master to have a token <-> id mapping?
14:10 babilen I haven't used that external pillar before, but https://docs.saltstack.com/en/develop/ref/modules/all/salt.modules.vault.html
14:10 coredumb babilen: well ext_pillar function knows about minion_id
14:11 coredumb as long as the token as read access to the ressources
14:11 babilen Sure, but you essentially want different 'users' (i.e. one per minion), don't you?
14:11 coredumb no I don't
14:12 coredumb master token can read secret/salt/*
14:12 hemebond How else would you target it?
14:12 coredumb you write secret/salt/<minion_id>/xxxx
14:13 Praematura joined #salt
14:13 hemebond But... you've already pulled the whole thing into the pillar data.
14:13 coredumb why the whole thing ?
14:13 coredumb O_o
14:13 hemebond Isn't that what the external pillar does?
14:13 babilen Because that's the path you gave
14:14 hemebond Oh, you can use the module babilen linked to.
14:14 hemebond Provides exactly what you need.
14:14 babilen I haven't used that external pillar before, but it doesn't look as if it allows any form of targeting
14:14 hemebond No, but you can specify the secret read.
14:15 babilen You can pull data out of vault and make it available per pillar, but you can't specify different secrets (on the same path) for different minions
14:16 babilen At least that's what it looks like
14:16 coredumb babilen: sure you can target with external pillars
14:16 hemebond {{ salt['vault'].read_secret('secret/salt/' ~ salt['grains.get']('minion_id'), 'xxxxx') }}
14:16 coredumb ext_pillar function is aware of the minion_id
14:17 babilen coredumb: How would that work with the vault external pillar?
14:17 Neighbour Hmm, can I, from an orchestration state, check if a specific state is present in a certain minion's top?
14:17 coredumb babilen: by modifying it :D
14:17 babilen coredumb: Well, so .. you can't
14:17 coredumb agree
14:17 coredumb but took me 30s to make it minion id aware
14:17 babilen I mean .. sure "You can implement that yourself" would make *everything* available, wouldn't it? ;)
14:18 hemebond Wait... so you already made it minion ID aware?
14:18 hemebond What's the problem then?
14:18 coredumb hemebond: cause it's ugly
14:18 babilen coredumb: All I am saying is that the pillar module as it is in salt does not seem to support that
14:18 coredumb babilen: then I agree with you
14:18 coredumb and actually I can't understand why ...
14:19 coredumb guess I should just send a PR
14:20 hemebond Why not just pull it from the vault using that module?
14:20 babilen That would make sense .. how are you tackling the targeting?
14:21 coredumb babilen: as I said ext_pillar() is already aware of the minion_id ... just need to use it in the path
14:21 colegatron left #salt
14:21 babilen coredumb: I know that ext_pillar is being passed the minion_id .. so you hardcode minion ids in the vault path?
14:21 babilen So no globbing/regex/.. matches are possible?
14:22 coredumb hemebond: I guess that would be a solution as well... I'm just trying to have everything relevant to my setup inside a pillar ... maybe I'm wrong actually :)
14:22 hemebond Yeah, inside your pillar.
14:23 babilen *mind-blown*
14:23 coredumb babilen: the module uses the path as is anyway from what I can tell
14:24 coredumb else defaults to /
14:24 coredumb so this module doesn't support any glob/regex
14:24 babilen No, it doesn't
14:24 coredumb that would require vault list anyway
14:25 babilen Wouldn't it be nice if minions needed their own token and would be presented with all data in a given path?
14:25 babilen So that two minions could ask for secret/bar and get whatever is available there?
14:26 coredumb I guess but then it gets funny to managed tokens when you have 2k minions
14:26 coredumb as vault doesn't let you list tokens :(
14:26 alexlist joined #salt
14:26 PatrolDoom mmm Vault
14:28 babilen coredumb: True .. just thinking about nice ways to integrate this. I can't stand the file_tree pillar as it conflates data/namespacing and targeting which makes it inherently hard to use .. and just fear that a "minion_id in path" approach for vault would cause the same situation
14:28 LondonAppDev joined #salt
14:29 coredumb babilen: actually what you and hemebond pointed first - the vault module - would be one of the cleanest solution
14:30 coredumb but about the pillar module if modification would be made to it, it could be easy to implement %(minion_id) like in the consul pillar module
14:30 babilen I think so too, but it would be nice to have a really usable external pillar
14:31 mikecmpbll joined #salt
14:31 Neighbour you can already fetch a minion's pillar using `salt-run pillar.show_pillar minion=id`
14:31 coredumb so you could use it like it's working right now, or put something like path=secret/salt/%(minion_id)/minion_secret
14:31 babilen coredumb: Something along the line of the consul pillar module would be nice, yeah
14:32 coredumb that's the easy way
14:33 hemebond Not particularly flexible though.
14:33 coredumb still more flexible than what it is right now :P
14:34 hemebond Well, no, you can just use the module.
14:34 coredumb ... in term of pillar
14:34 coredumb :D
14:34 hemebond ?
14:34 coredumb I'm only talking about the pillar module
14:34 hemebond Oh
14:34 coredumb which is not flexible "enough"
14:35 coredumb indeed as I said the use of the module is a somewhat clean(er) solution
14:44 debian112 joined #salt
14:47 keldwud joined #salt
14:48 keldwud joined #salt
14:52 alexlist joined #salt
14:56 jas02 joined #salt
15:03 dfinn joined #salt
15:04 toanju joined #salt
15:05 snarked joined #salt
15:06 fracklen joined #salt
15:10 hemebond left #salt
15:15 mikecmpbll joined #salt
15:15 Rubin joined #salt
15:23 relidy joined #salt
15:26 filippos joined #salt
15:26 sarcasticadmin joined #salt
15:29 fracklen joined #salt
15:31 fracklen_ joined #salt
15:42 vlebo joined #salt
15:44 schemanic joined #salt
15:45 schemanic Hi. I'm seeing come callouts to port 8000 for salt-minion in the firewall formulas I'm using. Is there a reason for that? I thought salt-minion ran on ports 4505-4506?
15:48 mpanetta joined #salt
15:55 Praematura joined #salt
15:57 rmelero joined #salt
15:58 mpanetta joined #salt
16:03 aldevar left #salt
16:07 shred joined #salt
16:09 gimpy936 joined #salt
16:12 nicksloan joined #salt
16:14 justanotheruser joined #salt
16:15 KyleG1 joined #salt
16:17 matt11 schemanic: probably for REST services
16:18 this_is_tom joined #salt
16:18 schemanic matt11, what do you mean? What kindof REST stuff?
16:18 matt11 https://docs.saltstack.com/en/develop/topics/proxyminion/demo.html
16:19 iggy or salt-api
16:19 wendall911 joined #salt
16:20 matt11 schemanic: but for the agents, youre right, its just those 2 ports
16:20 woodtablet joined #salt
16:22 schemanic iggy, do minions have anything to do with salt-api?
16:22 schemanic I thought one communicates with the master over salt-api
16:22 iggy oh right, missed the minion part
16:23 iggy weren't you complaining about all the other oddities of that formula last night? Why continue using it? Formulas aren't a necessity... they are (sometimes) a good starting point
16:23 overyander joined #salt
16:29 sstodd7532 joined #salt
16:31 raspado joined #salt
16:33 edrocks joined #salt
16:33 matt11 Yeah, i feel like the formulas need a bit of an overhaul
16:34 matt11 Are there any good resources/examples of file structure for salt?
16:38 thinkt4n_ joined #salt
16:41 sstodd7532 left #salt
16:41 sstodd7532 joined #salt
16:44 Reverend matt11: formulas are mostly custom code, so there's nothing to be overhauled.
16:45 Reverend also, in terms of file structure, the docs give you a good enough structure :)
16:45 Reverend we use /srv/salt, /srv/pillar /srv/runner etc
16:45 matt11 thats what i've been using
16:45 matt11 but i see it different in other places
16:45 sstodd7532 joined #salt
16:45 matt11 depending on implementation
16:46 matt11 I realise it's custom code, but it seems like most of them could go by some kind of common structure
16:46 matt11 similar to say like a splunk add-on
16:50 amcorreia joined #salt
16:51 heaje joined #salt
17:03 Trauma_ joined #salt
17:04 rmelero joined #salt
17:07 impi joined #salt
17:21 mikecmpbll joined #salt
17:22 ChubYann joined #salt
17:23 PatrolDoom joined #salt
17:28 fracklen joined #salt
17:54 miruoy joined #salt
18:00 debian112 joined #salt
18:04 miruoy_ joined #salt
18:06 censorshipwreck joined #salt
18:22 felskrone joined #salt
18:31 nicksloan joined #salt
18:38 hasues joined #salt
18:46 bigjazzsound joined #salt
18:49 shred joined #salt
18:50 LondonAppDev joined #salt
18:50 debian112 joined #salt
18:54 jeffspeff joined #salt
18:56 nicksloan joined #salt
18:58 Vasya666 joined #salt
19:05 mikecmpb_ joined #salt
19:17 SaucyElf joined #salt
19:18 debian112 joined #salt
19:18 vlebo joined #salt
19:18 druonysus__ joined #salt
19:19 shanth anyone figure out a way to give a minion more than one id?
19:20 druonysus joined #salt
19:23 thinkt4nk I don't think that's what id's are for
19:24 SaucyElf joined #salt
19:26 iggy that question requires some context
19:31 druonysus joined #salt
19:37 nixjdm joined #salt
19:39 cyborg-one joined #salt
19:40 lordcirth_work shanth, XY problem. Why do you want multiple IDs?
19:48 shanth test envionment stuff lordcirth_work
19:48 shanth if i wanted to have multiple top files and have minions have dif ids in the top files
19:48 shanth if i could do minion1, 2 and 3, and also app1,app2,app3, etc etc etc
19:50 censorshipwreck joined #salt
19:50 lordcirth_work shanth, if you need a test environment, just make some VMs or something
19:51 shanth i have a test env with vm's lordcirth_work
19:51 shanth right now they only have one minion id
19:51 lordcirth_work shanth, so make more VMs for the other IDs
19:51 shanth limited ram
19:52 lordcirth_work How limited?
19:52 shanth :(
19:52 lordcirth_work 8GB? 16? 32?
19:52 shanth i can make more vm's on certain machines but not my laptop
19:53 shanth laptop is 2gb lol
19:54 lordcirth_work shanth, so only run 1 env set at a time
19:54 lordcirth_work Or use another computer.
19:54 coredumb babilen: https://github.com/saltstack/salt/pull/41505
20:04 rmelero_ joined #salt
20:05 nebuchadnezzar joined #salt
20:09 Tantagel joined #salt
20:16 _JZ__ joined #salt
20:20 debian112 joined #salt
20:53 fleaz joined #salt
20:54 pbandark joined #salt
20:54 nixjdm joined #salt
20:58 ronnix joined #salt
20:59 johnkeates joined #salt
20:59 hemebond joined #salt
21:06 aldevar joined #salt
21:07 major in a jinja template do you have access to the variables declared in the state sls file?
21:08 hemebond Variables declared in the state?
21:08 major yes
21:08 hemebond You'll need to be more specific about what you're doing.
21:11 major I have some jinja in an SLS file which itterates a list of managed files, each with a source entry.  When those source entries are templated do they have access to the jinja from the SLS which itterated them
21:12 aldevar joined #salt
21:12 aldevar left #salt
21:13 whytewolf major: i think what you want is context. look up context on the states.file page. https://docs.saltstack.com/en/latest/ref/states/all/salt.states.file.html
21:13 hashwagon joined #salt
21:14 major ...
21:14 major maybe... I doesn't feel right
21:14 whytewolf then you are not explaining what you want
21:14 whytewolf try gisting wha tyou are trying to do
21:15 joe joined #salt
21:16 major https://gist.github.com/anonymous/729244056606a48b0ee9161ace6beebb
21:17 whytewolf yeap that is context
21:18 major ahh
21:19 whytewolf or something like that top of my head i might have gotten spacing wrong :P
21:20 whytewolf but you get the idea of what i am sayng
21:20 major yah
21:20 major :q
21:20 major damnit UI .. know which window I ment
21:20 whytewolf lol
21:20 whytewolf do what i want not what i say :P
21:24 jhauser joined #salt
21:25 MajObviousman what requisite should I use if state B should always run after another state A, regardless of if state A succeeded or failed?
21:25 Trauma joined #salt
21:26 * MajObviousman tries adding both a require and an onfail condition to see what happens
21:27 kiltzman joined #salt
21:27 MajObviousman as expected, not functioning
21:28 hemebond MajObviousman: You could try just order
21:28 hemebond "order"
21:28 hemebond I'm still checking though.
21:28 MajObviousman I completely forgot about that
21:28 MajObviousman that'd be perfect
21:28 hemebond It's not really ideal for your situation.
21:29 MajObviousman right, because now I have to order every single state
21:29 hemebond You don't.
21:29 hemebond Other states will just execute in the order they would have, but after your ordered states.
21:29 MajObviousman "Any state declared without an order option will be executed after all states with order options are executed."
21:29 MajObviousman so there are other things that happen before state A
21:29 hemebond I wonder if that means they would ignore dependencies.
21:30 * MajObviousman tests
21:30 * MajObviousman tries order: last
21:30 hemebond I don't think there is a requisite to do what you want.
21:31 hemebond Thinking about it further it doesn't really make sense to use a requisite for this.
21:31 hemebond So order actually is more appropriate.
21:32 MajObviousman order: last is what I need
21:33 MajObviousman and if I have some multi-critical-step kinda thing, I'll just set them up into separate state files and include from a handler state file
21:33 MajObviousman thanks for the pointers, hemebond
21:34 hemebond ????
21:38 KennethWilke joined #salt
21:42 Rumbles joined #salt
21:45 ipmb_ joined #salt
21:52 hasues left #salt
21:56 lorengordon joined #salt
22:02 NicolinoCuralli joined #salt
22:05 joe joined #salt
22:06 xet7_ joined #salt
22:07 aldevar joined #salt
22:08 edrocks joined #salt
22:13 SalanderLives joined #salt
22:14 MajObviousman hemebond: just had a wrinkle
22:15 MajObviousman now I need state B and state C which both follow state A. So no more using order:last
22:15 keldwud joined #salt
22:15 sjorge joined #salt
22:17 MajObviousman if I don't care in which order B and C go, I can still use it, looks like
22:18 MajObviousman but if I need C to follow B, then I'm stuck adding an order number to every state
22:22 hemebond MajObviousman: Are these states in the same file?
22:22 MajObviousman they are currently
22:22 hemebond Then they will execute in the order you've defined them.
22:23 whytewolf top to bottom
22:23 hemebond It's a bit strange that your states have to be run after another state, but it doesn't matter if the states actually succeed or not.
22:23 hemebond It's almost as if your logic is a bit off.
22:26 vodik joined #salt
22:29 jab416171 I'm having an issue with the git.latest state
22:30 MajObviousman hemebond: https://gist.github.com/anonymous/977e3fcc221abccc9b8dc00beae80d27
22:30 jab416171 I removed a folder from the git repo, but that folder still exists on the minion, containing only files that exist in the .gitignore file.
22:31 MajObviousman hemebond: maybe my logic is off, but I don't think so
22:32 vodik joined #salt
22:32 MajObviousman I'm OK with those last two states firing in this order or reversed. But I'm looking at a change which will require one but not the other
22:33 Lawrence joined #salt
22:34 whytewolf this actually might be a good case for write a state
22:34 whytewolf module
22:34 hemebond MajObviousman: Can you give more details?
22:35 MajObviousman whytewolf: I am heading in that direction
22:35 hemebond Maybe you're trying to do this when a different approach is more appropriate.
22:36 MajObviousman hemebond: I have to download the keytab file so I can generate a kerberos ticket. Then I use that ticket to join this system to the domain. After this is done, I do not want to leave behind the keytab, and I don't want to leave the generated ticket in cache either
22:36 hemebond Okay. So where are the dependencies?
22:37 MajObviousman if the ticket isn't generated, or if the join to domain fails, I still need to delete the keytab and the generated ticket in cache
22:37 hemebond Okay.
22:37 MajObviousman if I use a require, then that only happens on success
22:37 MajObviousman if I use onfail, only on failure
22:37 MajObviousman it is in order in the state file, but I've had a problem or two in the past when using includes where that gets yanked out of order
22:38 hemebond Okay, so the last two only depend on the first state.
22:38 hemebond If the first state succeeds, then it needs to delete the file, yes?
22:39 MajObviousman if Download keytab success, then Remove keytab must run
22:39 MajObviousman if Generate new ticket from keytab, then Clear kerberos cache must also run
22:39 hemebond So far fairly explicit dependencies.
22:40 aldevar left #salt
22:41 MajObviousman hmm, I can shimmy that Remove keytab state up
22:41 MajObviousman and then I'm back to a single state to run at the very end
22:42 hemebond But, there are clear dependencies.
22:42 hemebond File order shouldn't matter.
22:43 MajObviousman you are right, it shouldn't. I am overthinking this
22:43 whytewolf or not worry about it at all and ditch the states and go full custom state module :P would be cleaner.
22:43 MajObviousman whytewolf: would be, but I'm 85% into this and I need a solution "soon"
22:44 MajObviousman will revisit in a week or so after the big need is completed
22:44 hemebond Isn't there already Kerberos stuff? Or is that just an execution module.
22:44 whytewolf i think that is only a module.
22:45 MajObviousman it's just a module
22:45 MajObviousman which I could wrap with module.run, but that's not much of an improvement
22:45 MajObviousman this really does deserve the custom state file treatment
22:46 whytewolf not sure if this covers any of it https://docs.saltstack.com/en/latest/ref/states/all/salt.states.win_system.html#salt.states.win_system.join_domain
22:46 hemebond Not sure about that.
22:46 hemebond Seems fairly straight-forward.
22:47 MajObviousman it's a linux system :/
22:47 whytewolf eww.
22:47 MajObviousman yeeaapp, the joys of a hetergeneous environment
22:48 MajObviousman run far, run fast from such a thing
22:52 whytewolf hetergeneous isn't bad when microsoft isn't the controlling factor
22:53 ipmb_ joined #salt
22:54 whytewolf mac and linux work happily together with out AD :P
22:56 dstensnes joined #salt
22:58 dstensnes left #salt
22:58 dstensnes joined #salt
22:58 Eugene MajObviousman - are you trying to join a Linux or a Windows machine in a state?
22:58 dstensnes i'm having a hard time trying to figure out what permissions i need to give for /minions to be available with salt-api
22:59 dstensnes anybody want to clue me in?
23:00 MajObviousman Eugene: trying to join a Linux machine to AD using sssd
23:01 Eugene MajObviousman - here's the (stupid) state I use for this. https://github.com/EugeneKay/srv-salt/blob/pepper/states/system/authentication/init.sls
23:01 Eugene The only gotcha is that you need to prep/set a one-time-password per system to be joined(instead of doing keytabs). https://github.com/EugeneKay/srv-salt/blob/pepper/pillar/example.sls#L54
23:01 fracklen joined #salt
23:02 MajObviousman that's not a bad way to go, but that OTP functions as a semaphore
23:02 Eugene For enrollment of the machine account only. Its useless after that
23:04 Eugene This is also a very stupid state that really only works in my environment, so buyer beware
23:04 MajObviousman true. Right now I can guarantee that I'm the only one rolling servers and thus I can guarantee that only one system will be coming through the automated build system at a time
23:04 dstensnes right now i'm testing with the sharedsecret auth thingy
23:05 MajObviousman the near-term goal is to have dev pushes button and out pops server after some seconds
23:05 MajObviousman the goal after that is dev can opt for multple servers in a salt-cloud map
23:05 Eugene I'm using a pillar value because, again, I'm a terrible person
23:05 MajObviousman that's not terrible IMO. That's what the pillar is designed for
23:05 gtmanfred dstensnes: looks like /minions uses a local call to grains.items, so probably at least that
23:05 dstensnes shouldn't that be matched with .*
23:05 dstensnes ?
23:06 gtmanfred ¯\(°_o)/¯
23:06 MajObviousman thank you for sharing your "stupid" state files with me Eugene
23:06 Eugene May your pants catch fiure
23:06 gtmanfred dstensnes: send an email to salt-users mailing list, and i am sure seth can answer that questino
23:07 gtmanfred dstensnes: https://groups.google.com/forum/#!forum/salt-users
23:07 MajObviousman may your beer urn never be large enough for the beer you want to drink
23:07 dstensnes gtmanfred: okay, thanks
23:17 raspado joined #salt
23:37 jas02 joined #salt
23:39 Deliant joined #salt
23:40 cliluw joined #salt
23:44 dstensnes gtmanfred: figured it out.... i had to have @grains apparently
23:44 invalidexception joined #salt
23:46 Praematura_ joined #salt
23:53 Rubin joined #salt
23:59 zerocoolback joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary