Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2017-06-22

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:01 alexlist joined #salt
00:16 Felgar joined #salt
00:20 edrocks joined #salt
00:28 onlyanegg joined #salt
00:32 Felgar joined #salt
00:40 timoguin joined #salt
00:42 flowstategames joined #salt
00:45 asyncsec joined #salt
00:55 edrocks joined #salt
00:59 timoguin joined #salt
01:02 MeltedLux_ left #salt
01:04 flowstategames joined #salt
01:24 flowstategames joined #salt
01:31 timoguin joined #salt
01:33 onlyanegg joined #salt
01:35 timoguin_ joined #salt
01:37 SaucyElf_ joined #salt
01:48 ilbot3 joined #salt
01:48 Topic for #salt is now Welcome to #salt! <+> Latest Versions: 2016.3.6, 2016.11.5 <+> Support: https://www.saltstack.com/support/ <+> Logs: http://irclog.perlgeek.de/salt/ <+> Paste: https://gist.github.com/ <+> See also: #salt-devel, #salt-offtopic <+> We are volunteers and may not have immediate answers <+> The call for speakers for SaltConf17 is now open: http://tinyurl.com/SaltConf17
01:48 timoguin joined #salt
01:49 tobstone joined #salt
01:53 mosen joined #salt
01:59 cro joined #salt
02:09 noobiedubie joined #salt
02:23 timoguin joined #salt
02:31 Felgar joined #salt
02:53 zerocoolback joined #salt
03:24 asyncsec joined #salt
03:26 donmichelangelo joined #salt
03:44 justan0theruser joined #salt
03:45 justan0theruser joined #salt
03:46 Roh joined #salt
03:57 k_sze[work] joined #salt
04:13 tobston__ joined #salt
04:17 qwertyco joined #salt
04:19 Razva left #salt
04:30 XenophonF joined #salt
04:33 dxiri joined #salt
04:36 xet7 joined #salt
04:40 buu joined #salt
04:41 edrocks joined #salt
04:50 fracklen joined #salt
04:54 SaucyElf_ joined #salt
05:00 onlyanegg joined #salt
05:03 impi joined #salt
05:04 hemebond left #salt
05:04 hemebond joined #salt
05:19 impi joined #salt
05:24 jholtom joined #salt
05:25 Bock joined #salt
05:28 Xenophon1 joined #salt
05:36 buhm joined #salt
05:38 rgrundstrom joined #salt
05:44 Pulp joined #salt
05:52 Praematura joined #salt
05:57 evle1 joined #salt
05:57 ntropy_ left #salt
05:57 ntropy joined #salt
06:15 do3meli joined #salt
06:15 do3meli left #salt
06:20 Elsmorian joined #salt
06:26 mt5225 joined #salt
06:30 Pulp joined #salt
06:34 mavhq joined #salt
06:41 onlyanegg joined #salt
06:43 infrmnt joined #salt
07:02 darioleidi joined #salt
07:05 darioleidi joined #salt
07:10 rory joined #salt
07:13 darioleidi joined #salt
07:14 onlyanegg joined #salt
07:16 colegatron_origi joined #salt
07:17 aldevar joined #salt
07:19 sh123124213 joined #salt
07:22 nku hm, how do i get the minion id in custom grain code?
07:22 rory left #salt
07:23 nku i'm using the hostname right now, which should be identical to the id, but think the id would be more secure as it can't just be changed
07:24 coredumb nku: doesn't your code have access to the __grains__ dict ?
07:24 nku let me check
07:24 coredumb honest question I don't know what's available in cutom grain function
07:27 fracklen joined #salt
07:28 colegatron joined #salt
07:30 nku doesn't look like it. kinda makes sense because the custom grain would populate __grains__
07:31 nku yeah, it's empty
07:31 babilen nku,coredumb: https://docs.saltstack.com/en/latest/topics/development/dunder_dictionaries.html -- You should have access to __opts__ and you might be able to use config.get as normal
07:31 coredumb ah right __opts__
07:32 nku babilen: ty, that looks good
07:32 babilen yw
07:34 buu left #salt
07:35 darioleidi joined #salt
07:36 mt5225 joined #salt
07:38 heyimawesome joined #salt
07:58 ccha hello, is there any state for sysconfig ?
08:00 babilen There is, yes
08:03 ccha file.replace ?
08:05 mikecmpbll joined #salt
08:07 puzzlingWeirdo joined #salt
08:10 saintpablo joined #salt
08:12 impi joined #salt
08:15 pbandark joined #salt
08:15 onlyanegg joined #salt
08:15 Elsmorian joined #salt
08:17 pbandark joined #salt
08:21 faceman joined #salt
08:25 mt5225 joined #salt
08:26 Elsmorian joined #salt
08:27 Mattch joined #salt
08:31 puzzlingWeirdo joined #salt
08:37 Antiarc joined #salt
08:38 fracklen joined #salt
08:43 Naresh joined #salt
08:46 babilen ccha: https://docs.saltstack.com/en/latest/ref/states/all/salt.states.sysctl.html + https://github.com/saltstack-formulas/sysctl-formula
08:51 sh123124213 joined #salt
08:52 mbologna joined #salt
08:59 darioleidi joined #salt
09:02 freel joined #salt
09:09 felskrone joined #salt
09:10 darioleidi joined #salt
09:20 felskrone1 joined #salt
09:23 ccha babilen: sysconfig.d/ is same thing than systcl ?
09:25 aldevar joined #salt
09:25 aldevar left #salt
09:26 mt5225 joined #salt
09:26 fracklen joined #salt
09:26 fracklen joined #salt
09:27 fracklen joined #salt
09:30 ccha systcl state managed only /etc/sysctl.conf and /etc/sysctl.d/* only ? or /etc/sysconfig.d/* too ?
09:35 babilen ccha: What exactly do you want to set?
09:35 babilen sysconfig is a bit of a bag of things
09:35 mikea joined #salt
09:37 Praematura joined #salt
09:41 froztbyte joined #salt
09:44 dxiri joined #salt
09:47 zulutango joined #salt
09:48 ccha value in /etc/sysconfig/elasticsearch
09:49 babilen ccha: For that you might want to use the elasticsearch formula or manage your own template with file.managed
09:50 hemebond joined #salt
09:57 ujjain joined #salt
09:57 ujjain joined #salt
09:57 absolutejam_ morning
09:57 Ricardo1000 joined #salt
09:57 absolutejam_ guys and gals, I'm trying to see how close I can get to the Ansible playbook style with Salt
09:58 absolutejam_ So, I can emulate most of it with the orchestrate runner
09:58 absolutejam_ and some 'creative' jinja
09:58 absolutejam_ anyone else had any joy with something similar? Like, Ansible can prompt for input from users, etc.
09:59 absolutejam_ It's not for any real reason besides my own curiosity. I still ove and use Ansible for the 'playbook' paradigm
09:59 absolutejam_ And Salt for more CM-style management
09:59 dnull You might be able to modify this: https://github.com/Rudd-O/ansible-qubes
10:00 dnull Qubes uses salt, but he wrote ansible playbooks for it
10:05 claviola joined #salt
10:05 claviola is there an easy way within salt itself to filter out empty output from minions when using cmd.run?
10:06 impi joined #salt
10:11 babilen absolutejam_: Salt sort of expects you to provide that data beforehand and I'm not aware of a way to interactively prompt users during orchestration (and would consider that an incredibly dangerous thing to do anyway)
10:16 onlyanegg joined #salt
10:19 EthPyth joined #salt
10:30 coredumb am I the only one noticing that pkgrepo.managed on yum system doesn't update the baseurl on change?
10:32 coredumb yeah ok forget about it :D
10:32 fracklen joined #salt
10:33 gmoro joined #salt
10:33 mt5225 joined #salt
10:34 Tucky joined #salt
10:35 cyborg-one joined #salt
10:40 jerrcs joined #salt
10:43 fgimian joined #salt
10:47 edrocks joined #salt
10:55 dxiri joined #salt
11:06 absolutejam_ Yeah, I figured as much
11:06 absolutejam_ I don't _need_ it, I'm just making some parallels
11:10 EthPyth joined #salt
11:15 Reverend IMHO salt master should have been called "shaker"
11:15 Reverend or "grinder"
11:22 JohnnyRun joined #salt
11:29 absolutejam_ I do miss ansible's `debug`
11:29 absolutejam_ in playbooks
11:29 dxiri joined #salt
11:30 EthPyth joined #salt
11:30 absolutejam_ I know states are really meant to be async and behind the scenes, but it'd be nice
11:30 fracklen joined #salt
11:34 arif-ali joined #salt
11:35 dunz0r absolutejam_: You can do salt -l debug :)
11:35 absolutejam_ Ansible's `debug` is a step in a playbook
11:35 absolutejam_ that simple writes information
11:35 absolutejam_ I know the two solutions differ wildly in their approach
11:36 fracklen joined #salt
11:36 fracklen joined #salt
11:36 absolutejam_ simply*
11:37 babilen absolutejam_: In the end you will not be happy if you want to work with salt in exactly the same way as you would work with Ansible. They are quite different tools and you should just use the one that does what you want your tool to do.
11:37 babilen Where does it write that information?
11:37 absolutejam_ Yeah, that's fine, I understand that
11:37 absolutejam_ just stdout
11:37 babilen Who's stdout?
11:38 coredumb isn't it like test=True ?
11:38 babilen Ah, when you run it interactively?
11:38 absolutejam_ Yeah
11:38 babilen And when you don't?
11:38 absolutejam_ Well it floats off into the ether
11:38 absolutejam_ or wherever you log your playbook output
11:39 absolutejam_ I've moved a lot of my config management over to Salt because it simply wins at the desired state side
11:39 babilen The closest on Salt is probably running "salt-call -ldebug state.apply" on the minion
11:39 absolutejam_ Whereas Ansible's approach is more like an abstracted script or set of scripts
11:39 colegatron_origi joined #salt
11:40 absolutejam_ it's not a major thing, because the whole 'debug' thing has less effect unless, well, debugging really
11:40 absolutejam_ but I'd like to think I'd know what my states are doing or they will be documented/commented anyway
11:41 babilen What were the major points where Salt is better "at the desired state side" ?
11:41 babilen Just curious .. I don't really use Ansible for anything large and more of a "SSH on speed" tool
11:42 mt5225 joined #salt
11:42 sh123124213 joined #salt
11:42 coredumb absolutejam_: arent' you looking for returners ?
11:44 pbandark1 joined #salt
11:44 absolutejam_ Yeah, me too now prett much babilen
11:44 absolutejam_ I mean, Salt's infrastructure wins out on this side for a start
11:44 mrueg joined #salt
11:45 absolutejam_ I can manage my minions behind NAT, I can use beacons & reactors
11:46 absolutejam_ My biggest issue was that with Ansible, I had to basically keep 'manually' triggering a playbook on my hosts to keep them compliant, which is pretty slow when there's a lot of steps
11:46 absolutejam_ But I don't want it to look like I'm bashing Ansible; that's just part of being agentless
11:47 babilen Sure, I was just curious which aspects you found to be bad
11:47 babilen (or rather: lacking)
11:49 absolutejam_ It's not really Ansible it self
11:49 absolutejam_ Ansible is rock solid and does the job just fine
11:49 absolutejam_ Another thing was Windows updates; that was impossible
11:49 absolutejam_ But yeah, right tool for the right job
11:49 rburkholder joined #salt
11:55 zerocoolback joined #salt
11:57 babilen absolutejam_: Obviously Ansible lacks proper support for what is in Salt called "reactors" or "beacons" among other things. It's not surprising that it does, but simply things like that
11:59 mbologna joined #salt
12:02 onlyanegg joined #salt
12:05 xiaobao joined #salt
12:13 ccha is it possible to call only 1 state which is into a states file with few states? state.apply statesfile.sls call all states in the file.
12:14 absolutejam_ you can use the `include:`
12:14 absolutejam_ to include other states
12:15 thinkt4nk joined #salt
12:25 monjwf joined #salt
12:25 aldevar joined #salt
12:26 dxiri joined #salt
12:29 JohnnyRun joined #salt
12:31 fracklen joined #salt
12:34 fracklen joined #salt
12:42 edrocks joined #salt
12:46 JohnnyRun joined #salt
12:49 mt5225 joined #salt
13:13 fracklen joined #salt
13:14 asyncsec joined #salt
13:15 cgiroua joined #salt
13:18 pfallenop joined #salt
13:18 pfallenop joined #salt
13:20 Shirkdog joined #salt
13:26 asyncsec joined #salt
13:27 flowstategames joined #salt
13:29 XenophonF don't do that
13:29 XenophonF don't use include
13:30 XenophonF ccha: if you want to run just one state, e.g., for test purposes, use state.single
13:30 XenophonF if you just want one state in an SLS file, put just the one state into an SLS file
13:30 racooper joined #salt
13:33 toastedpenguin joined #salt
13:37 amcorreia joined #salt
13:38 absolutejam_ ohhhh, sorry
13:38 absolutejam_ I misread what ccha said
13:38 absolutejam_ yeah, I'm bad
13:40 noobiedubie joined #salt
13:41 XenophonF i'm of the opinion that include/extend should only be used in very special cases
13:41 XenophonF most people should avoid using either
13:41 ccha XenophonF: state.single 'id of the state' ?
13:42 flowstategames XenophonF, why not use include?
13:42 XenophonF ccha: no - https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.state.html#salt.modules.state.single
13:43 XenophonF ccha: you mock up the state in its entirety from the command line using state.single
13:43 XenophonF flowstategames: because it violates POLA
13:43 flowstategames for common/shared dependencies like Java, Supervisord, etc
13:43 XenophonF especially not then
13:43 XenophonF that _really_ violates POLA
13:43 flowstategames erm, what is POLA?
13:43 XenophonF principle of least astonishment
13:44 sh123124213 joined #salt
13:44 flowstategames side effects, in other words?
13:44 flowstategames ah, I see what you mean. Actually, I was thinking about making my big highstates just a composition of smaller states
13:44 XenophonF yeah, and a bowl of spaghetti's worth of dependencies
13:44 flowstategames that way you can get a high-level understanding of each box from the topfile
13:45 XenophonF oh you can still do that
13:45 ccha for ansible there is a tag. to use call only match tags
13:45 flowstategames yeah, I definitely see what you mean. Wow, lightbulb moment. TYVM XenophonF
13:45 XenophonF flowstategames: https://github.com/irtnog/salt-pillar-example/blob/master/top.sls
13:45 XenophonF flowstategames: https://github.com/irtnog/salt-states/blob/master/top.sls
13:46 XenophonF i tag server's with a role pillar that defines their high level purpose
13:46 XenophonF s/server's/servers/
13:46 ecdhe joined #salt
13:46 ecdhe joined #salt
13:46 XenophonF but I try to keep top-level SLSes very narrowly scoped
13:47 numkem joined #salt
13:48 XenophonF ideally, you can run any individual SLS on one of my minions
13:48 XenophonF only in very special cases do i use include/extend to glue several top-level SLSes together
13:48 absolutejam_ Can you add requisites to include?
13:48 XenophonF but even in those cases, I work hard to make it possible to run them individually
13:49 absolutejam_ if so, I could see that being a reason
13:49 XenophonF for example: https://github.com/irtnog/tomcat-formula/blob/master/tomcat/shibboleth-idp.sls
13:49 XenophonF that's a special case of running the Shibboleth IdP in Tomcat
13:50 XenophonF but normally you can run the shibboleth.idp and tomcat SLSes separately without any trouble
13:50 XenophonF absolutejam_: that's what extend is for
13:51 absolutejam_ In what way?
13:51 absolutejam_ not disputing, I'd just like to figure out why. I've only used a few prereqs so far
13:51 XenophonF absolutejam_: https://docs.saltstack.com/en/latest/ref/states/extend.html
13:52 XenophonF you can use the _in form of a requisite, but again, I strongly urge people to not do that across SLS files
13:52 XenophonF again, violates POLA
13:52 XenophonF makes it so you can run just that SLS
13:52 XenophonF s/can/can't/
13:53 XenophonF i use _in requisites all the time, but only within a given SLS, and only because I'm using a template to generate state declarations that need to add themselves to other states' requisites
13:57 mt5225 joined #salt
14:00 timoguin joined #salt
14:01 thinkt4nk joined #salt
14:03 onlyanegg joined #salt
14:07 mpanetta_ joined #salt
14:17 jdipierro joined #salt
14:22 cwandrews joined #salt
14:35 dxiri joined #salt
14:35 man_of_wax joined #salt
14:37 man_of_wax hi, I'm trying to call a salt module inside my module using __salt__['cmd.run']('echo "test"') and it's working but i need  to cal __salt_-['file.managed'] and i don't know how to define the additional parameters like source: or name:
14:37 man_of_wax is this possible?
14:44 ayecee joined #salt
14:45 ecdhe joined #salt
14:55 Roh joined #salt
14:56 jdipierro @man_of_wax I believe you'd pass those as kwargs, so __salt__['file.managed']('/path/to/file', source="salt://path/to/file")
14:58 sh123124213 joined #salt
15:00 zerocoolback joined #salt
15:02 zerocoolback joined #salt
15:03 onlyanegg joined #salt
15:04 asyncsec joined #salt
15:05 man_of_wax jdipierro: ok, first time I tried it seems it didn't worked, i'm retesting it now! THanks
15:05 fracklen joined #salt
15:06 wonko21 joined #salt
15:07 mt5225 joined #salt
15:12 Kegeruneku joined #salt
15:12 Kegeruneku Hello folks
15:13 Kegeruneku I guess the question has been asked before, but is there a plan to add stretch in the salt repos ?
15:13 jauz joined #salt
15:16 mpanetta_ joined #salt
15:19 _KaszpiR_ joined #salt
15:19 jauz So is there a built-in way for me to have Salt clone a repo directory to store locally on the Master? I'm looking to use a private bitbucket repo as my source and just sync it directly to the Master. GitFS hasn't been working for me so far. =/
15:22 jdipierro @jauz That's what GitFS is for, I'd suggest continuing trying to get that to work. Other than that I've seen a setup where the salt_master role uses git.latest to manage /srv/salt. The downside there is the extra step of highstating the master to roll out changes.
15:22 jdipierro I think I've had better luck using GitPython to setup gitfs than the default pygit2
15:23 jauz Yeah, tried running GitPython SSH to my private bitbucket repo, but stuck in a loop of "Could not read from remote repository". Seem to be following the docs, tried recreating from scratch and didn't get any further.
15:24 jauz Right now I'm looking at manually running a git clone until I can find an easier way. Maybe even using Jenkins to stand in the middle and push to the Master for me. :P
15:29 evle1 joined #salt
15:31 MTecknology don't do git.latest for that..
15:33 MTecknology and that last option just makes me shudder and need a shower.
15:34 flowstategames that's what we have because of similar inability to get GitFS to play nicely
15:34 woodtablet joined #salt
15:34 flowstategames Jenkins may be dirty, but it works
15:35 jauz Yeah, definitely at a crossroads at the moment...
15:38 MTecknology between taking the time to figure it out and toss together some clunky hack?
15:38 * MTecknology was already in a discussion elsewhere about the cost of taking the cheapest option... good timing. :P
15:39 jauz That depends on how well the "clunky hack" works while I figure out why the preferred method isn't working.
15:41 KaczuH joined #salt
15:45 debian112 joined #salt
15:50 Praematura joined #salt
15:50 Renich joined #salt
15:51 colegatron joined #salt
15:51 rmelero joined #salt
15:56 swills joined #salt
15:57 flowstategames I mean, if you consider running a battle-tested vessel for bash scripts a "clunky hack"
15:57 flowstategames making stuff work has its own value, not to be underestimated
15:58 losh joined #salt
15:59 shanth jauz: i dont think bitbucket works with salt, wont work for me either
16:00 mt5225 joined #salt
16:00 jauz That's what I'm starting to wonder but haven't found much evidence either way. Following bitbucket's SSH guide and seeing if I can shoe-horn that into what GitPython is attempting to do. Not sure why it would be any different from SSH into Github with a read-access key.
16:03 cwandrews joined #salt
16:04 jdipierro Did you see the note about GitPython not supporting the auth parameters that pygit does? Make sure you've got an SSH key at /root/.ssh/id_rsa that has access to the repo
16:05 cwandrews joined #salt
16:05 jdipierro You'll also need to add bitbucket to /root/.ssh/known_hosts
16:05 jauz Yeah, should be there. Recreating keys and adding to Bitbucket as we speak.
16:06 jauz And yeah, it's currently in known_hosts.
16:09 fracklen joined #salt
16:09 brianthelion when merging configuration variables as in "salt --local state.sls foo localconfig=...." is it possible to reference global configuration variables in the localconfig?
16:16 onlyanegg joined #salt
16:18 Heartsbane joined #salt
16:18 Heartsbane joined #salt
16:18 censorshipwreck joined #salt
16:19 asyncsec joined #salt
16:19 aldevar left #salt
16:20 LeProvokateur joined #salt
16:23 bluenemo joined #salt
16:30 Trauma joined #salt
16:33 fritz09 joined #salt
16:46 dxiri joined #salt
16:48 mt5225 joined #salt
16:52 jauz Finally some headway on GitFS!
16:52 jdipierro WoooT! Glad to hear it
16:52 jauz My ssh_config file had a bad line in it. :D Still coming up nill on fileserver.file_list but it's progress...
16:53 impi joined #salt
16:57 cwandrews joined #salt
16:58 Edgan joined #salt
17:01 sjorge joined #salt
17:05 XenophonF Kegeruneku: you might want to ask on the salt-users mailing list
17:07 XenophonF jauz: if you need a working example, see https://github.com/irtnog/salt-pillar-example/blob/master/salt/example/com/init.sls
17:07 XenophonF note that I use users-formula and salt-formula to manage my Salt Master
17:08 XenophonF at the git/ssh level I'd expect bitbucket and github to work the same
17:08 jauz Thank you! I will look it over.
17:08 sh123124213 joined #salt
17:08 vegasq joined #salt
17:09 jauz I'm getting stuff in my file_list command, now. :)
17:09 vegasq joined #salt
17:13 armguy joined #salt
17:13 XenophonF brianthelion: it doesn't look like that's possible
17:14 XenophonF well, the options in the file specified by localconfig get merged with the options in the minion's configuration file(s)
17:14 XenophonF so i guess it depends on what you mean by "reference"
17:15 brianthelion XenophonF: Thanks for taking a look. Here's what I'm trying to do....
17:16 brianthelion I'm trying to create a unprivileged minion "sandbox" that I can use with "salt-call --local"
17:16 fritz09 joined #salt
17:16 brianthelion salt-call --local will let you do MOST of what you need from the CLI *except* set the states_dir and the cache_dir
17:17 brianthelion so now I'm trying to work around that by using localconfig=
17:17 XenophonF that sounds like it might work
17:17 XenophonF have you tried it?
17:18 brianthelion yeah getting close
17:18 brianthelion i also need relative paths in that localconfig, so that's what I'm working on now
17:18 brianthelion basically, i'm trying to build a mechanism that works like --system-site-packages in python venv
17:19 brianthelion so you can define some stuff locally but still get at the global modules and formulas
17:25 Xenophon1 joined #salt
17:29 PatrolDoom joined #salt
17:30 colttt joined #salt
17:46 Guest73 joined #salt
17:55 nixjdm joined #salt
17:56 wendall911 joined #salt
18:04 cwandrews joined #salt
18:06 zerocoolback joined #salt
18:12 zerocoolback joined #salt
18:13 aldevar joined #salt
18:21 mbologna joined #salt
18:23 censorshipwreck joined #salt
18:24 druonysus joined #salt
18:24 druonysus joined #salt
18:25 flowstategames joined #salt
18:26 MasterNayru joined #salt
18:26 MajObviousman does anyone here use the vsphere module much? I'm wanting to change the DVS that a VM is attached to
18:26 cswang joined #salt
18:26 fracklen joined #salt
18:32 flowstategames joined #salt
18:35 ChubYann joined #salt
18:38 cliluw joined #salt
18:39 Hipikat joined #salt
18:39 chadhs joined #salt
18:44 PatrolDoom joined #salt
18:44 unux_cracker joined #salt
18:46 bpaiuca joined #salt
18:49 Inveracity joined #salt
18:51 onlyanegg joined #salt
18:52 stewgone joined #salt
18:54 Guest73 joined #salt
18:56 censorshipwreck joined #salt
19:03 colttt joined #salt
19:04 brianthelion XenophonF: It worked. I had to do some out-of-band Jinja nonsense to write the config file, but I was able to "redirect" the cachedir, states_dir, pullar_dir, and file_roots to a local sandbox directory while still maintaining access to the globally-installed formauls
19:04 brianthelion do you happen to know if config variables are available in states?
19:05 brianthelion nm, i should RTFM
19:06 Trauma joined #salt
19:07 Praematura_ joined #salt
19:09 cyborg-one joined #salt
19:11 nixjdm joined #salt
19:19 noobiedubie joined #salt
19:23 nicksloan joined #salt
19:23 ecdhe joined #salt
19:24 oida joined #salt
19:27 flowstategames joined #salt
19:35 justanotheruser joined #salt
19:38 fritz09 joined #salt
19:42 justanotheruser joined #salt
19:52 absolutejam_ Is there an equivalent to `require` that is basically 'if the state is in the desired state' (changed or already in that state)?
19:53 absolutejam_ require basically runs if the required state runs
19:53 absolutejam_ onchanges only fires if... a state changes
19:54 whytewolf absolutejam_: require is if it changes or is succsesful. and won't if it fails
19:54 absolutejam_ oh right, that makes sense
19:55 jauz Idempotency ftw.
19:56 cwandrews joined #salt
19:58 cwandrews joined #salt
20:01 mavhq joined #salt
20:03 mrueg joined #salt
20:06 ksk joined #salt
20:06 ksk hola
20:09 Guest73 joined #salt
20:11 nixjdm joined #salt
20:22 shanth what's the best approach when multiple states are going to be adding config to a file. this seems to throw using file.managed out of the window. is using file.append the best way to go?
20:26 whytewolf shanth: the best approch to having multiple states adding config to a file is "DONT"
20:26 dxiri joined #salt
20:26 jdipierro Yeah I'd suggest looking into if what you're configuring supports loading all config files from a directory, then file.manage multiple config files.
20:27 NN_77 joined #salt
20:28 whytewolf or you might also look at things like https://docs.saltstack.com/en/latest/ref/states/all/salt.states.file.html#salt.states.file.accumulated
20:29 sh123124213 joined #salt
20:31 jdipierro If the config file has keys with no value, ie "some_key=", you could use multiple file.replace or file.line calls
20:33 Pyro_ joined #salt
20:35 mchlumsky joined #salt
20:37 ddoback joined #salt
20:41 ddoback joined #salt
20:41 shanth gotcha
20:42 shanth thanks
20:42 ddoback Can anyone help me understand why my python list elements are getting converted to unicode and how I can prevent that?
20:42 ddoback {% set a = "hmm" ~ " I don't understand" %} {% set test = [a] %} {{test}}
20:42 ayecee seems like something a python channel would have more insight on
20:43 ayecee doh
20:43 ayecee mischan.
20:43 ddoback returns [u"hmm I don't understand"]
20:43 shanth going to use the Include config.d/home approach
20:43 mikecmpbll joined #salt
20:45 Aleks3Y joined #salt
20:49 major when was ~/.salt/Saltfile supported?
21:00 whytewolf major: well it is in the 2016.11 documentation but not the 2016.3
21:01 major guess thats why my 2015 CLI isn't using it..
21:01 Trauma joined #salt
21:01 * major sighs.
21:02 mt5225 joined #salt
21:05 onlyanegg joined #salt
21:06 Guest73 joined #salt
21:08 major it also looks like the roster_file entry in Saltfile doesn't support glob expansion in this version
21:08 major if its not prefixed with '/' it wants it to be relative >.<
21:08 major soo .. ~ is out
21:08 major rude
21:11 nixjdm joined #salt
21:12 dxiri joined #salt
21:13 shanth looks like the freebsd built in version of ssh doesnt have support for the Include option. back to square one
21:18 absolutejam_ I have a random mine job appearing on a minion
21:18 absolutejam_ is that normal?
21:20 whytewolf no, that is not normal
21:21 whytewolf you mean a random mine function just shows up?
21:21 iggy shanth: for future reference, if you are using something that consumes ini conf files, there's a state that handles that well enough from multiple locations
21:21 absolutejam_ I just started salt-minion with -l debug because I'm testing something
21:22 sjorge joined #salt
21:22 absolutejam_ and it's hanging on ' Running scheduled job: __mine_interval   '
21:22 absolutejam_ And this appears: https://hastebin.com/repatitupu.vbs
21:22 absolutejam_ under minion.d
21:23 iggy that's normal
21:23 iggy that's probably not where it's hanging... it's probably hanging on the next thing
21:23 whytewolf ok yes that is normal
21:23 whytewolf i thought you meant you had a random mine_function that shows up.
21:24 absolutejam_ Okay. Wonder why it's getting stuck on on it then
21:24 whytewolf see iggy's comment about it isn't. it would be the thing after it
21:25 whytewolf jump to -l all instead of -l debug
21:26 whytewolf you might get a little more info
21:29 sh123124213 joined #salt
21:32 jdipierro joined #salt
21:36 jdipierro joined #salt
21:38 absolutejam_ [DEBUG   ] schedule.handle_func: Removing c:\salt\var\cache\salt\minion\proc\20170622223223314000
21:38 absolutejam_ Is my last line
21:38 absolutejam_ stuck on that even after a reinstall of the minion
21:39 iggy are you sending the minion any commands?
21:39 flowstategames joined #salt
21:39 iggy I mean it generally just sits there doing nothing until you tell it to
21:45 absolutejam_ oh yeah, my original test commands are working now
21:45 absolutejam_ dunno what happened there *shrug*
21:48 jdipierro joined #salt
21:54 jdipierro joined #salt
21:55 asyncsec joined #salt
21:56 cwandrews joined #salt
21:57 nicksloan joined #salt
22:00 vegasq joined #salt
22:05 vegasq_ joined #salt
22:06 onlyanegg joined #salt
22:09 ecdhe joined #salt
22:09 ecdhe joined #salt
22:15 aldevar left #salt
22:24 shanth iggy: which state is that?
22:24 iggy ini_manage
22:24 shanth my biggest challenge is rc.conf which is a monolithic config file for services and network on freebsd. im pretty much going to have to just manage one rc.conf for each server
22:25 shanth or a complicated system of sysrc.managed states
22:26 mt5225 joined #salt
22:38 fracklen joined #salt
22:38 flowstategames I'm having a lot of trouble accessing data from an imported jinja map, anyone have success using those?
22:38 hemebond flowstategames: I'm using Jinja "maps".
22:39 iggy all of the formulas pretty much
22:39 flowstategames right, and I'm trying to replicate that behavior, and having no luck
22:39 flowstategames I also appear to have hallucinated a "default()" filter, as I can't find it referenced anywhere
22:39 hemebond Are you using the template formula? Because that map file is broken.
22:40 XenophonF flowstategames: https://github.com/irtnog/openssh-formula is probably the best looking sample formula I have
22:41 whytewolf flowstategames: |default exists http://jinja.pocoo.org/docs/2.9/templates/#default
22:41 flowstategames I'm not, I'm using the docs from the cert course
22:41 flowstategames hoping that will wokr
22:41 flowstategames work*
22:41 flowstategames haha, ty whytewolf, I honestly thought I'd made it up
22:41 XenophonF if you want to see examples of the |default filter, see https://github.com/irtnog/shibboleth-formula
22:42 flowstategames https://hastebin.com/enocemuqim.cs
22:42 XenophonF i use it all over the place in the shibboleth idp xml templaets
22:42 flowstategames and that's what's killing me, I've implemented it before
22:42 flowstategames I don't know how to debug the problem
22:42 flowstategames and there are so many pieces
22:42 flowstategames I've looked at the high data, and it's obvious that none of my jinja is coming through
22:43 flowstategames but I don't know why
22:43 flowstategames and the pillar is correct, I can confirm that part
22:43 XenophonF hm
22:43 flowstategames so in the highstate, that file.directory state ID comes out as
22:44 flowstategames "make    directory"
22:44 XenophonF i don't understand
22:44 XenophonF why not have the defaults in a single dictionary in defaults.yaml
22:44 flowstategames why it doesn't work? or my code, haha
22:45 XenophonF then merge them with a similarly named pillar key via the update() method?
22:45 XenophonF hang on let me show you what i mean
22:45 flowstategames yeah, sorry for being slow
22:45 flowstategames :D
22:46 XenophonF no it's OK
22:46 XenophonF OK so here's my default config for sshd - https://github.com/irtnog/openssh-formula/blob/master/sshd/defaults.yaml
22:46 XenophonF based on Secure Secure Shell if you've read that before
22:46 leev_ left #salt
22:46 leev joined #salt
22:47 XenophonF then those defaults get merged with O/S-specific settings + whatever the deployer put in pillar like this - https://github.com/irtnog/openssh-formula/blob/master/sshd/map.jinja
22:47 XenophonF specifically line 90 - https://github.com/irtnog/openssh-formula/blob/master/sshd/map.jinja#L90
22:48 flowstategames what does "{%- do default_settings.sshd.update(distro_map) %}" do?
22:48 XenophonF that merges the O/S-specific settings with the defaults
22:49 flowstategames wow, there's a lot to unpack here
22:49 flowstategames how do you test this kind of thing during development?
22:49 XenophonF so here's the pattern
22:49 XenophonF defaults.yaml
22:49 XenophonF distro_map
22:49 XenophonF pillar.get
22:49 XenophonF and in the end, you have a variable named whatever_settings that is fully populated
22:50 XenophonF I test it iteratively.
22:50 XenophonF I usually write init.sls first.
22:50 XenophonF that almost always follows the same pattern: a pkg.installed state, a file.recurse state, a service.running state
22:51 flowstategames out of curiosity, do you see anything glaringly-incorrect in what I pasted?
22:52 flowstategames if I can get that working, then I can refactor against this pattern
22:52 XenophonF not glaringly incorrect
22:52 XenophonF just hard to follow
22:52 XenophonF that's how it always is when you read someone else's code ;)
22:52 flowstategames fair enough, I'm barely wrapping my mind around yours
22:53 XenophonF :-D
22:54 flowstategames I just don't understand why I can't get even the 'es_config' values to come through correctly. sigh
22:54 XenophonF there's no load_yaml in the code you posted
22:54 whytewolf doesn't have to be
22:54 XenophonF oh b/c that's pillar data
22:55 whytewolf no, because he is filling in variables directly. which is all load_yaml does
22:55 flowstategames yep, the only way I've used yaml to now is either in state files or pillars
22:55 whytewolf flowstategames: are you getting any errors or just blank data?
22:56 flowstategames blank data
22:56 XenophonF OK so on the command line of a minion, what does `salt-call pillar.get default` return?
22:56 whytewolf salt '*' saltutil.pillar_refresh
22:57 flowstategames https://hastebin.com/jiyuhizola.cs
22:57 flowstategames output at the bottom
22:58 XenophonF why don't you just let pillar do the merging?
22:59 XenophonF call the pillar key elasticsearch
22:59 flowstategames I can go read up on that
22:59 whytewolf so.... this is going to sound weird but put {{es_config}} at the top after you import it. and get a rendered copy of it
22:59 flowstategames anything that I can do to simplify
22:59 XenophonF have a .../pillar/elasticsearch/defaults.sls and an .../pillar/elasticsearch/es1-prod-main.sls
23:00 XenophonF both have a elasticsearch dict at the top level but es1-prod-main.sls only has the specific overrides of defaults.sls
23:00 flowstategames ahh, and then in my pillar topfile, I assign both
23:01 whytewolf [not sure why you have an es_config and a defaults dict anyway. as you can just pillar.get()
23:01 whytewolf salt.pillar.get('value',default)
23:01 XenophonF right!
23:02 flowstategames I had that, but it was taking the second part (ie: 'default:some_thing') as a string literal
23:02 flowstategames instead of using the value of it
23:02 vegasq joined #salt
23:03 whytewolf salt.pillar.get('config_name+':log_path'),salt.pillar.get('default:log_path'))
23:03 whytewolf [since you have to have your defaults in pillar for some strange reason]
23:03 flowstategames oh, haha duh
23:04 flowstategames I would like to kill any strange reason
23:04 flowstategames I don't know the prescribed patterns, so any advice in that direction is appreciated
23:04 flowstategames (apart from studying the hell out of that open-ssh formula)
23:05 whytewolf what is your reasoning for putting defaults in pillar? are you planing on changing them?
23:05 flowstategames I'm not sure, we're currently moving a lot of hardwired logic and jinja from monolithic statefiles out to pillars
23:05 flowstategames (we meaning two devops guys serving roughly 30 engineers)
23:06 whytewolf other wise you could jsut dknock that down to salt.pillar.get('config_name+':log_path'','/es/logs')
23:06 XenophonF yup
23:06 whytewolf i think i have an extra ' in there
23:06 flowstategames yeah, I'm thinking my way through that
23:06 XenophonF i like having a default pillar that can get overridden
23:06 XenophonF i might have an example of that somewhere
23:06 asyncsec joined #salt
23:07 whytewolf well technically i posted an example of that earlyer :P
23:07 flowstategames honestly, XenophonF, I was trying to follow POLA, after your brilliant advice this morning
23:07 XenophonF OK so for example, here are my default firewall settings - https://github.com/irtnog/salt-pillar-example/blob/master/defaults/firewall.sls
23:07 flowstategames whytewolf, I grabbed those links, I'm going to study everything I can get my hands on
23:07 XenophonF and here's where I modify them - https://github.com/irtnog/salt-pillar-example/blob/master/login/example/com/init.sls#L3
23:08 XenophonF putting the default settings right into the call to salt.pillar.get() is a good idea
23:09 flowstategames So the reason I didn't is that it's not as obvious as having something called default there so you can see what you're overriding
23:09 flowstategames bearing in mind that the devs should have been editing this more than us
23:09 whytewolf flowstategames: anyway. what i think is happening to you. your es_config isn't blank. it is a dict with a bunch of blank variables. so your default isn't getting used
23:10 XenophonF ooooooh
23:10 flowstategames wait.. how is it blank?
23:10 flowstategames that sounds like exactly what's happening
23:10 flowstategames ohhhh
23:10 flowstategames because the default default is ' '
23:10 flowstategames ?
23:11 flowstategames I guess it creates a property in the dict that equals None
23:11 flowstategames or something falsey
23:11 whytewolf default=<type 'exceptions.KeyError'>
23:11 whytewolf strange doc there :P
23:11 flowstategames haha
23:12 flowstategames well, I'm going to be pragmatic and set the defaults directly in the map.jinja. It will make the pillar structure a little less obvious
23:12 flowstategames but they'll have to deal with that, because it makes my life a ton simpler
23:13 flowstategames and then I'll go and read all these links. Thanks so much, both of you
23:13 whytewolf defaults isn't something that should be changing all the time anyway
23:13 flowstategames agreed
23:15 whytewolf in the mean while. I am contimplating a stupid thing for stupids sake.
23:15 flowstategames but is it also fun
23:17 whytewolf this isn't fun. it is to see just how insane someone can make a state.
23:18 whytewolf abusing and abusing - names
23:22 flowstategames curiosity: piqued
23:30 whytewolf read this and ponder it ... https://docs.saltstack.com/en/latest/ref/states/highstate.html#names-declaration ponder the horror that can happen if mishandled
23:32 whytewolf this is a doc that not many acually browse. they either skip it when learning salt. or never go back to it after understand oh i can have - names to do a lot of pkg.installeds that are related
23:39 goal joined #salt
23:40 vegasq joined #salt
23:41 flowstategames wooooah
23:41 flowstategames um
23:41 flowstategames that could get interesting
23:42 whytewolf interesting is defintly a word i would use for it
23:42 whytewolf Muahahaha
23:42 whytewolf <evil laugh>
23:42 setkeh joined #salt
23:42 setkeh joined #salt
23:43 whyzgeek joined #salt
23:43 _aeris_ joined #salt
23:43 absolutejam joined #salt
23:43 nkuttler joined #salt
23:43 marcinkuzminski joined #salt
23:44 Yoda-BZH joined #salt
23:45 Yoda-BZH joined #salt
23:48 whytewolf https://gist.github.com/whytewolf/0c9b0c8dafb9fb7e23621486a31b6a89 a small sample of the possabile insanity
23:52 whytewolf humm. maybe i should delete that gist. in case someone sees it and thinks it is a proper way to do things
23:52 asyncsec joined #salt
23:56 fracklen joined #salt
23:59 vegasq joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary