Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2017-06-23

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:08 raspado joined #salt
00:08 raspado if a grain changes on the minion, how can I get that to trigger a state from the salt master?
00:10 iggy whatever is changing the grain could send a custom event
00:10 Trauma joined #salt
00:11 raspado k
00:24 mpanetta_ joined #salt
00:49 yidhra joined #salt
00:51 mt5225 joined #salt
00:58 drewbert joined #salt
00:59 drewbert Need clarification: Is jinja required even if I don't use it as a renderer?
01:01 iggy yes
01:02 drewbert Thank you for the answer. I find that pretty surprising though.
01:03 iggy could it technically be disentangled enough to not be a hard requirement? sure
01:03 iggy has it? nope
01:04 Guest73 joined #salt
01:08 hemebond It's used in so many places I'd be very surprised if you managed to not use it at all.
01:15 drewbert I'm beginning to rethink the use of salt for embedded systems.  The dependency list is large.  *sigh* I guess one more package won't hurt.
01:17 drewbert Thank you all for the speedy answers though.
01:20 sh123124213 joined #salt
01:22 iggy I definitely wouldn't use salt for embedded systems
01:22 iggy maybe salt-ssh
01:22 iggy but a running minion isn't exactly memory friendly
01:26 druonysus joined #salt
01:34 flowstategames joined #salt
01:36 flowstategames welp, just tried to combine XenophonF's advice with whytewolf's, and now nothing compiles
01:36 flowstategames this is why people do the "wrong things"
01:36 flowstategames because they work
01:36 flowstategames and are actually testable
01:36 whytewolf you can test jinja
01:37 whytewolf cp.get_template for local rendering on the minion.
01:38 whytewolf or i wrote a module that returns to the master. https://github.com/whytewolf/salt-debug
01:38 whytewolf flowstategames: let me see what you have. also are you doing this through salt-ssh?
01:38 flowstategames nope, standard salt-master to minion stuff
01:39 flowstategames okay, I'll make another pastebin, one sec
01:40 flowstategames https://hastebin.com/uhobigonim.js
01:41 flowstategames crap, forgot the error
01:41 whytewolf yeah the error would be helpful :P
01:41 flowstategames https://hastebin.com/uqitovixac.cs
01:41 flowstategames at the bottom
01:42 hemebond You're trying to import a YAML file.
01:46 hemebond You need import_yaml
01:46 whytewolf import_yaml
01:46 flowstategames le sigh
01:46 whytewolf import without import_yaml is just importing jinja but you don't have jinja in there
01:46 flowstategames does the other stuff look actually correct?
01:46 whytewolf does to me.
01:46 whytewolf I can run it through my debug render in a moment if you want
01:46 flowstategames oh wait apparently I've got a syntax error
01:46 flowstategames it's barking about the "do" line
01:46 whytewolf that should be set
01:46 whytewolf not sure why you used do there
01:46 flowstategames I thought I had to. Can I use a set statement to set a property on a dict?
01:47 whytewolf yes
01:47 flowstategames you know what's jacked up? In our support contract we got both the cert courses
01:47 flowstategames this wasn't covered.
01:48 whytewolf although you might have meant to use .update with the do statment
01:48 flowstategames I did, but then I thought that I would remove yet another function that I'd never used before
01:48 flowstategames just to reduce the pieces that I'm unsure of
01:48 whytewolf basicly if you are using = in a jinja statment use set. if you are not use do
01:48 flowstategames ah
01:50 flowstategames and another error on the same line
01:50 flowstategames new pastebin inbound (tyvm for the help, this is driving me nuts)
01:51 flowstategames https://hastebin.com/osahesurod.php
01:52 zerocoolback joined #salt
01:52 whytewolf that also should be a set
01:52 whytewolf :P
01:52 hemebond })
01:52 iggy this isn't exactly what I would call standard salt (i.e. why it's not in any courses or on the test)
01:52 hoonetorg joined #salt
01:52 flowstategames it is a set
01:52 flowstategames there's only sets
01:53 hemebond {% do
01:53 whytewolf {% do es_settings['data_drive'] = salt['cmd.run_stdout'](cmd="lsblk | awk 'NR > 3 {print $1}'", python_shell=True) }) %}
01:53 hemebond and a stray })
01:53 flowstategames sigh, okay that's just delay in the test/push between staging and master
01:54 whytewolf are you using gitfs?
01:54 flowstategames nope, jenkins watches staging branch, sends to staging master, it verifies I didn't break the world, pushes to master
01:54 whytewolf ahh
01:55 edrocks joined #salt
01:55 flowstategames spent days trying to get it to work, so I went with the practical solution
01:56 flowstategames if I can't figure out this setup, I'm going to have to do the same here
01:57 whytewolf anyway that line should read: {% set es_settings['data_drive'] = salt['cmd.run_stdout'](cmd="lsblk | awk 'NR > 3 {print $1}'", python_shell=True) %}
01:57 whytewolf you want to nix the }) before the %}
01:57 flowstategames ah
02:00 MTecknology do?
02:00 whytewolf MTecknology: yes it is jinja for run this function. but don't output it. useful for updating dicts. or other functions that change the data but don't actually output or test anything
02:01 MTecknology {% do salt['cmd.run']('sysctl foo=1') %} ... that might actually be incredibly helpful for me
02:01 whytewolf ...
02:01 MTecknology nope, I lied.. I keep forgetting that the issues is on reboot
02:02 flowstategames literally copied what you wrote, whytewolf, still getting the "expected token '=', got '['" error
02:02 flowstategames like it's complaining that I'm trying to set a property on a dict
02:02 flowstategames seeing the open-bracket instead of an equals sign
02:02 major joined #salt
02:02 whytewolf flowstategames: does the rendering still show do?
02:02 MTecknology is es_settings a dict?
02:02 flowstategames nope
02:02 flowstategames "{% set es_settings['data_drive'] = salt['cmd.run_stdout'](cmd="lsblk | awk 'NR > 3 {print $1}'", python_shell=True) %}    <======================"
02:02 hemebond set es_settings['data_drive']
02:02 hemebond You are trying to set the property of a dict.
02:03 flowstategames nope was at whytewolf, not you, bad timing
02:03 whytewolf setting the property of a dict should work with set
02:03 hemebond I didn't think you could update a dict like that at all in Jinja.
02:03 hemebond Which is why you see `do blah.update()` used.
02:04 flowstategames I'll try the do/update method
02:05 MTecknology I've never tried.. this actually looks like it should be a custom grain
02:05 hemebond Apparently you can use `do` to update a dict directly.
02:05 hemebond To add a new property at least.
02:06 whytewolf huh you are correct and my memory is failing me. you can not do what i was trying to say
02:06 whytewolf [just tested it]
02:06 flowstategames how do you test something like that quickly?
02:07 whytewolf I have a module that lets me run jinja renderings directly on a minion and report back
02:07 flowstategames oh yeah, you mentioned that
02:07 whytewolf i posted it earlyer
02:07 flowstategames awesome, I'll scroll up and steal that happily
02:08 whytewolf so it's just a matter of typeing up som rubbish jinja and running it through the render engine. it actually uses the built in salt render engine so that it can do pretty much any render engine salt uses.
02:08 flowstategames nice! Do you find use for anything but jinja?
02:09 whytewolf i havn't. but i can defintly see a usecase for python rendering.
02:09 flowstategames yeah, I'm slavering over that a bit
02:09 flowstategames we've carved out time to refactor our salt implementation
02:10 flowstategames it's a bit overwhelming trying to figure out where to start
02:10 flowstategames for instance, we have a ton of VertX microservices. Instead of a statefile for each, I'm making a generic one and trying to pillarize the differences betweent hem
02:11 flowstategames but I'm not sure how this new way of doing things will change that.
02:12 whytewolf i think my mistake with my logic is i have been trying to get more python under my belt and havn't actually touched salt as much lately.
02:13 flowstategames haha, I've got the exact opposite
02:13 whytewolf and in python that is valid [just not pretty]
02:13 tellendil joined #salt
02:13 flowstategames opposite problem*
02:13 flowstategames we're also trying to get away from salt for provisioning
02:14 flowstategames salt-cloud is lacking for AWS, and we've been using boto_* stuff, but it feels a bit shoehorned
02:14 whytewolf I'm sure Ryan_Lane would love PR's that fix anything you think is missing or buggy about boto_*
02:16 flowstategames there's absolutely nothing wrong with the code, apart from some annoyances with boto itself (and not Ryan's salt)
02:16 whytewolf perfect typo  :P
02:17 flowstategames hahahah
02:17 flowstategames what happens in our environment (because of the disparity between ops and dev staffing) is that what's real in AWS drifts from its representation in salt
02:18 flowstategames such that we only really run the provisioning code a few times in the life of the stack
02:18 flowstategames and people end up making changes directly in AWS
02:19 whytewolf ... oh ... so it isn't a provisioning problem it is a workflow / intergration / corperate culture problem
02:19 flowstategames yep, I meant that it's been shoehorned into our salt implementation, not that the code itself was shoehorned into salt
02:21 flowstategames (culturally, I love my startup, but we've ended up with 2 ops guys looking after 30 devs, so it gets frantic)
02:21 flowstategames anyways, this is all completely off-topic. Thanks again for the help
02:21 whytewolf no problem :)
02:28 drewbert_ joined #salt
02:30 flowstategames that worked splendidly.
02:31 Praematura joined #salt
02:35 flowstategames in a hypothetical scenario in which you have multiple clusters of the same technology, differing only in their pillar data
02:35 flowstategames do you prefer to assign each their own pillar file, or use a dict for each stack in a single, shared pillar file?
02:36 flowstategames I had been doing the former, but the pattern I just implemented implies the latter
02:36 mpanetta_ joined #salt
02:38 whytewolf i tend to mix and match personally. i put shared info together and push that out to them all then have little cutom bits go to each one by it's self.
02:39 whytewolf i try and avoid that as much as possable by finding what i can calcuate based on the server minimizeing what i have to push to them
02:45 noobiedubie joined #salt
02:46 flowstategames ah, okay. Do you utilize tags or minion ids in your topfiles? I'm on ec2, so all the minions end up with beautiful ids like 'ip-10-0-1-58'
02:47 whytewolf I use minion id's in my pillar top file. my state top file is a pure jinja setup
02:48 whytewolf [it works with my workflow]
02:48 flowstategames woah, topfile with jinja? That sounds kinda cool. It never clicked till just now that it's an sls
02:48 flowstategames I just always thought about it as the topfile
02:48 whytewolf well, it doens't just have jinja. mine is ALL jinja
02:49 whytewolf https://github.com/whytewolf/dyn_salt_top/blob/master/top.sls
02:50 flowstategames wow, I just learned like 3 new things from that
02:50 flowstategames what a clever system
02:51 whytewolf it was just a thought experiment i took to building
02:52 flowstategames so this refactor only has one theme: make it easier for us to maintain, and reuse as much state code as possible
02:52 flowstategames we'd thought that the devs would maintain their stuff if it was obvious
02:52 flowstategames but...yeah. So we've got a ton of states to maintain
02:52 flowstategames and we need to reduce that
02:53 flowstategames I'm coming to realize that means using a lot more jinja
03:01 MTecknology whytewolf: re: https://github.com/whytewolf/dyn_salt_top/blob/master/top.sls  --  Why do you output to yaml? Why not just use a python renderer?
03:02 MTecknology "return output" :)
03:04 whytewolf return yaml cause salt is just expecting yaml. and it is in jinja cause i had 90% written before i even thought about this would have been easier in python
03:05 whytewolf it isn't exactly a difficult setup :P
03:25 donmichelangelo joined #salt
03:26 MTecknology whytewolf: I just meant, isn't the conversion as simple as almost this?  http://dpaste.com/1ZYW6QH
03:27 whytewolf not sure saltenv is a default variable in python.
03:28 whytewolf but in essence it is
03:29 MTecknology I was just wondering that's converting the data twice, and only thinking about it because that could get large
03:30 whytewolf if it is large then i need to consolidate states :P
03:32 felskrone joined #salt
03:35 Guest73 joined #salt
03:51 mt5225 joined #salt
03:57 tobston__ joined #salt
04:07 mquin joined #salt
04:08 Vaelatern joined #salt
04:10 flowstategames joined #salt
04:23 onlyanegg joined #salt
04:30 qwertyco joined #salt
04:33 dxiri joined #salt
04:36 fritz09 joined #salt
04:41 flowstategames joined #salt
04:42 mt5225 joined #salt
05:11 dxiri joined #salt
05:16 keldwud joined #salt
05:16 keldwud joined #salt
05:18 qwertyco joined #salt
05:21 jholtom joined #salt
05:21 Inveracity joined #salt
05:30 Praematura joined #salt
05:41 flowstategames joined #salt
05:45 onlyanegg joined #salt
05:47 qwertyco joined #salt
05:52 felskrone joined #salt
05:53 impi joined #salt
06:01 evle joined #salt
06:02 sh123124213 joined #salt
06:05 gordon_freeman joined #salt
06:06 gordon_freeman left #salt
06:06 xet7 joined #salt
06:08 this_guy_fricks joined #salt
06:09 sh123124213 joined #salt
06:15 colttt joined #salt
06:18 preludedrew joined #salt
06:21 do3meli joined #salt
06:21 do3meli left #salt
06:21 do3meli joined #salt
06:21 do3meli left #salt
06:22 do3meli joined #salt
06:22 do3meli left #salt
06:22 qwertyco joined #salt
06:28 zerocool_ joined #salt
06:38 MTecknology Totally random thought, but... I was just thinking of something that sounds like fun. For every dollar I spend on an addiction, I give two dollars to a charity. Not as a self punishment, but just for fun. I buy a $100 bottle of tequila, and I drop $200 in the santa bucket..
06:40 coredumb MTecknology: that'd be awesome
06:40 MTecknology totally rambled that in the wrong channel as well, but.. :)
06:40 coredumb still it's interesting
06:41 coredumb I'm sure if I'd do that I'd sepend way less on that kind of stuff ^^
06:42 MTecknology that was partly why I thought of it. It doesn't mean you need to punish yourself for enjoying those things, but it means moderation would be a very good idea
06:43 flowstategames joined #salt
06:45 MTecknology g'night!
06:45 gnomethrower joined #salt
06:56 aldevar joined #salt
07:14 timoguin joined #salt
07:30 onlyanegg joined #salt
07:38 wangofett joined #salt
07:38 dxiri joined #salt
07:43 mquin joined #salt
07:43 flowstategames joined #salt
07:56 zulutango joined #salt
07:59 CEH joined #salt
08:03 pbandark joined #salt
08:12 CEH joined #salt
08:16 sh123124213 joined #salt
08:20 impi joined #salt
08:20 [CEH] joined #salt
08:32 mikecmpbll joined #salt
08:35 jhauser joined #salt
08:40 dxiri joined #salt
08:44 flowstategames joined #salt
08:45 onlyanegg joined #salt
08:55 mt5225 joined #salt
08:59 ProT-0-TypE joined #salt
09:01 FuzzyVeg joined #salt
09:01 FuzzyVeg left #salt
09:02 forty8bits joined #salt
09:41 Baycone hi all
09:42 Baycone i'd like to ask you about one thing connected with passwords and sensitive data
09:42 Baycone how do you store them securely? is there something more than this GPG trick in Pillar?
09:46 flowstategames joined #salt
09:48 peters-tx joined #salt
10:00 mt5225 joined #salt
10:04 babilen Baycone: You can store them in vault, for example
10:05 Naresh joined #salt
10:14 asyncsec joined #salt
10:27 Baycone mhm
10:33 Praematura joined #salt
10:42 dxiri joined #salt
10:46 onlyanegg joined #salt
10:46 flowstategames joined #salt
10:47 swa joined #salt
10:48 swa when upgrading salt-minion on RHEL, minion is restarted through a postscript. What is the best way to upgrade minions without losing connection? FAQ talks about Debian but not Redhat.
10:48 Baycone babilen: and besides GPG and Vault? is there any option left? :)
10:48 babilen Baycone: What kind of option are you looking for?
10:49 babilen swa: Is that on systemd?
10:49 Baycone babilen: just to secure all the passwords somewhere else before sending recipes to git
10:49 babilen The usual approach is to either encrypt the data with GPG or to use vault
10:50 Baycone mhm
10:51 fracklen joined #salt
10:52 LondonAppDev joined #salt
10:52 babilen Baycone: Are those approaches in any way problematic?
10:52 Baycone babilen: at some point yes
10:52 Baycone my saltmaster is too old for vault
10:52 Baycone gpg approach is quite...
10:52 babilen ... yes?
10:53 Baycone not so handy, let's say
10:53 swa babilen: yes, RHEL7
10:53 mt5225 joined #salt
10:56 babilen swa: The restart is handled correctly by systemd
10:56 babilen (in more recent versions)
10:57 babilen Baycone: Sounds as if you'd like to upgrade your master
10:57 swa babilen: hmm, i'm upgrade from 2016.11.x to 2016.11.5 and still lose connection
10:58 babilen How do you upgrade?
10:58 swa yum upgrade
10:58 swa i checked the spec file and it does a simple systemctl restart salt-minion
10:59 babilen You upgrade that through salt?
11:00 swa through Rundeck (remote execution)
11:00 swa but I would like to manage version upgrades through a state
11:04 babilen swa: Well, I don't know what rundeck is doing. Does it disconnect if you upgrade the minion manually on the box? Does it also disconnect if you upgrade it through salt with pkg.upgrade ?
11:04 saintpablo joined #salt
11:05 coredumb swa: there's some workaround for that
11:06 swa babilen: run just does a "yum upgrade salt-minion"
11:06 swa there's a post-script doing a restart of the service
11:06 swa so whenever i upgrade, i lost connection to the minion, preventing me from writing a state taking care of upgrades
11:06 coredumb oh that's hardcoded in the package
11:06 coredumb that's bad
11:07 coredumb for my Alpine minions I use this command
11:07 coredumb salt-minion-restart: exec 0>&-; exec 1>&-; exec 2>&-; nohup /bin/sh -c 'sleep 5 && salt-call --local service.restart salt-minion' &
11:07 swa yeah, and i don't see myself doing upgrades with rpm --noscript
11:07 coredumb that's a bit convoluted but works
11:07 coredumb swa: yep
11:07 coredumb my guess is that you should try doing the update over salt-ssh
11:07 swa coredumb: this thing works on rhel/centos?
11:08 babilen swa: Yes, but the minion should connect to the salt master right away?
11:08 coredumb the command? well it would, but the issue is from the package so you'll lose returns as soon as it will hit the post-upgrade script
11:09 coredumb babilen: it is but you then lost the current connection
11:09 babilen I mean the minion has to restart for the upgrade to complete and the new process would connect to the master again
11:09 babilen coredumb: Well, the process performing the upgrade is not killed
11:09 babilen It'll finish
11:10 babilen We addressed that problem some time ago
11:11 coredumb mmmmh from what I've seen running something as "cmd.run 'service salt-minion restart'" makes the minion disconnect almost instantly
11:11 babilen The way this is handled has changed (salt-minion is using Type=notify now) and system is notified directly by the minion itself
11:11 coredumb and job doesn't return
11:11 coredumb maybe depends on the init system?
11:11 swa it clearly doesn't finish, the connection gets killed
11:11 babilen It depends on the init system, yes
11:12 babilen I am referring to SystemD
11:12 swa i started writing a state taking care of the upgrade, only to realize that the minion restarts and then i get a "minion did not return"
11:12 babilen https://github.com/saltstack/salt/issues/33665
11:12 babilen For some background
11:13 babilen (but the systemd unit file has changed and it is using Type=notify now)
11:13 swa thx
11:13 babilen If Saltstack broke the upgrade *again* we have to address that, but for that we really have to know what's going on and "cmd.run "service salt-minion restart"" is not a great way to test this
11:14 kjsaihs joined #salt
11:15 babilen https://github.com/saltstack/salt/pull/36806 + https://github.com/saltstack/salt/issues/33516 + https://github.com/saltstack/salt/issues/30937
11:16 babilen I haven't followed every single change in that domain, but Saltstack should™ be able to upgrade itself without issues
11:17 swa in my first upgrade state i was using pkg.installed
11:17 swa pkg.installed:
11:17 swa pkgs:
11:18 swa salt-minion: $version
11:18 inad922 joined #salt
11:18 swa i was losing the connection
11:18 swa let me read those links and try again
11:24 lorengordon joined #salt
11:27 swa babilen: pkg upgraded at 1:25pm.. service restarted at the same time... highstate not returning
11:27 joop joined #salt
11:27 babilen swa: Yeah, I believe you .. but we fixed this and I am not entirely sure what the issue is now.
11:28 babilen I linked the relevant issues and changes .. maybe it's something trivial
11:28 mbuf joined #salt
11:28 swa all links are somewhat debian related
11:29 swa and there might be a regression in RHEL when they moved to 7.3.. not impossible
11:30 cyborg-one joined #salt
11:40 saintpablos joined #salt
11:49 Arendtse1 left #salt
11:49 Arendtsen joined #salt
11:51 pbandark Hi, with "pkgs" from pkg.installed, can we specify exact version of package we need to install? as I am trying to install specific version using "pkgs", packages are getting installed but, salt report the operation failed: https://paste.fedoraproject.org/paste/WP19-I0b2GujIzRyNUwJkQ
11:53 XenophonF i vaguely recall an issue where you can tell the package manager, via salt, to install one thing, and it successfully installs another
11:54 XenophonF yet salt doesn't see the original package name in the output and so considers the operation failed
11:54 XenophonF istr it happening with php-openssl (which is an alias for php-common on RHEL/CentOS)
11:54 XenophonF that might be happening to you
11:55 mt5225 joined #salt
11:55 XenophonF the docs say that you can use versions with the pkgs kwarg
11:55 pbandark XenophonF: how to fix the issue ?  i tried specifying various combination of <package><version>
11:56 XenophonF well you're specifying the versions wrong, is why
11:56 XenophonF well, not wrong but in a way that salt can't understand what's going on
11:57 XenophonF https://docs.saltstack.com/en/latest/ref/states/all/salt.states.pkg.html#salt.states.pkg.installed
11:58 XenophonF scroll down to the pkgs parameter
11:58 pbandark checking
11:58 XenophonF you can specify package versions, but you have to use a dictionary of the form `pkgname: versionspec`
11:58 pbandark ok. let me give a try
11:58 XenophonF Salt isn't an AI Mind.
11:59 XenophonF There's no way for it to know that a package named R-3.3.3-1.el7 (what you told Salt) is the same as a package named R with a version number of 3.3.3-1.el7 (what yum/dnf told Salt)
12:00 XenophonF well, one could recapitulate yum's package name parser/lexer/etc. in Salt but that'd be a lot of brittle, duplicate code
12:02 onlyanegg joined #salt
12:03 XenophonF man what the heck happened to the docs? the formatting on salt.states.pkg.html suuuuuuucks
12:03 pbandark XenophonF: you are right. its working now. thanks a lot
12:03 XenophonF awesome
12:10 flowstategames joined #salt
12:30 darioleidi joined #salt
12:32 joop Hi, I'm writing a custom runner, which is using the LocalClient api to initiate a run of a execution module on the minion. This execution module might raise an exception, but this is returned as a string in the runner. Does anyone have an idea what the best practice is how to handle these kind of exceptions? How should I catch this exception?
12:34 nicksloan joined #salt
12:44 dxiri joined #salt
12:56 asyncsec joined #salt
12:57 jdipierro joined #salt
12:58 qwertyco joined #salt
13:02 evle1 joined #salt
13:03 mt5225 joined #salt
13:20 jdipierro joined #salt
13:26 major joined #salt
13:29 vegasq joined #salt
13:31 racooper joined #salt
13:35 flowstategames I'm trying to copy the contents of a directory located on the minion to another location on the minion. file.copy only seems to work on a single files
13:35 qwertyco joined #salt
13:35 flowstategames file*. And file.recurse expects a source from the master
13:36 flowstategames is there something I'm missing about file.copy? I've practiced some google-fu and turned up nothing
13:38 dev_tea I don't know for sure, but looking at the file.copy module, have you tried including `- recurse: True` to your state? (I'm assuming you're working with a state)
13:38 flowstategames yep, unfortunately that's only to recurse perms
13:38 flowstategames to the subdirs of the specified directory
13:38 dev_tea hrm
13:39 flowstategames wait, actually, it may be a case of including a trailing slash on the target dir name. I'll report back
13:40 flowstategames I had one state work, and not another. I figured it was because the former had multiple files in it. It may have just been user error
13:42 XenophonF flowstategames: don't file:/// URLs work as source arguments?
13:42 flowstategames yep, confirmed. you can use file.copy. Just make sure that you not have a trailing slash on the targetn name
13:42 XenophonF ah
13:42 flowstategames target* directory name
13:42 flowstategames I made a false correlation, PEBCAK
13:43 qwertyco joined #salt
13:43 flowstategames btw, XenophonF, with (a lot of) whytewolf's help, I implemented your pattern from the sshd formula
13:43 flowstategames thanks again for the help, I learned a ton last night
13:45 dxiri joined #salt
13:50 XenophonF oh awesome!
13:50 XenophonF whytewolf's brilliant
13:50 XenophonF lots of smart people here, lots of different approaches
13:51 flowstategames yeah, I'm learning that
14:03 mbuf joined #salt
14:03 onlyanegg joined #salt
14:03 cwandrews joined #salt
14:03 mbuf The event reactor component of Salt can be used to trigger operations based on values detected in log files?
14:07 nicksloan joined #salt
14:08 keltim joined #salt
14:10 dxiri joined #salt
14:12 mt5225 joined #salt
14:12 thinkt4nk joined #salt
14:13 cgiroua joined #salt
14:13 cyteen joined #salt
14:26 Roh joined #salt
14:26 dyasny joined #salt
14:29 mikecmpbll joined #salt
14:39 felskrone joined #salt
14:41 PatrolDoom joined #salt
14:41 mpanetta_ joined #salt
14:42 vegasq_ joined #salt
14:43 tyler-baker joined #salt
14:45 newglasses joined #salt
14:45 Praematura joined #salt
14:51 Shirkdog joined #salt
14:54 newglasses I am wondering:  with the addition of merge_all for top files (added 2016.11.0 which is not that long ago), does that mean a lot of old documentation I'm seeing is not applicable because out of date?  Specifically, I wonder if what is now merge_all used to be the default behavior, but now it's merge, which gives many of us what is desired behavior.
14:55 newglasses Thus, when it says in gitfs doc "Branching and tagging can result in a lot of potentially-conflicting top files, for this reason it may be useful to set top_file_merging_strategy to same in the minions' config files if the top files are being managed in a GitFS repo."    This seems to be no longer true.
14:56 newglasses Likewise, other doc says:  "top.sls files from different branches will be merged into one at runtime. Since this can lead to overly complex configurations, the recommended setup is to have a separate repository, containing only the top.sls file with just one single master branch."  This also seems no longer true.
14:57 newglasses (i.e. not true by default, rather, that sounds like merge_all)
15:01 noobiedubie joined #salt
15:02 flowstategames joined #salt
15:02 newglasses BTW, happy Friday everyone!
15:03 onlyanegg joined #salt
15:04 newglasses A relevant link is: https://docs.saltstack.com/en/latest/ref/configuration/minion.html#top-file-merging-strategy
15:04 flowstategames joined #salt
15:04 ahrs joined #salt
15:09 cyborg-one joined #salt
15:09 k_sze[work] joined #salt
15:15 mikea beacons can be long running, right?
15:16 mikea I can have a beacon that starts with the minion and sits and reads messages from rabbitmq?
15:23 edrocks joined #salt
15:24 mt5225 joined #salt
15:26 flowstategames joined #salt
15:28 inetpro joined #salt
15:29 LeProvokateur joined #salt
15:33 major joined #salt
15:35 inetpro joined #salt
15:37 nicksloan joined #salt
15:39 CrummyGummy joined #salt
15:41 jacekplacek joined #salt
15:45 jacekplacek joined #salt
15:48 KyleG joined #salt
15:48 KyleG joined #salt
15:49 Guest73 joined #salt
15:50 lorengordon joined #salt
15:52 newglasses crickets today.  :-)
15:52 jauz I also am curious as to the answer on top file merging but don't know the answer!
15:53 jauz I'm confused as to how best to setup my top.sls with multiple branch environments in GitFS.
15:54 jauz Trial and error I suspect will be the process.
15:55 whytewolf i don't know the answer to the question. i just always seperated out my top into it's own repo. and will continue to do so
15:56 aldevar left #salt
15:56 newglasses whytewolf, how do you do that?  Doesn't the top file have to sit atop the state tree(s)?  In that case, I get confused thinking about how that can be in a separate repo.  I'm not getting something.
15:57 whytewolf just running multiple top files seems needlessly complex no matter how they are merged
15:57 whytewolf https://github.com/whytewolf/dyn_salt_top
15:58 mt5225 joined #salt
15:58 jauz Hmmm! The top file thickens.
15:59 whytewolf and my state tree https://github.com/whytewolf/salt-phase0-states
15:59 debian112 joined #salt
16:00 whytewolf my module tree https://github.com/whytewolf/salt-phase0-modules
16:00 whytewolf my orchestration tree https://github.com/whytewolf/salt-phase0-orch
16:01 whytewolf my files tree https://github.com/whytewolf/salt-phase0-files
16:01 whytewolf my pillar tree is private :P
16:01 sh123124213 joined #salt
16:01 jauz mind=blown
16:03 Andrew_Shay joined #salt
16:03 newglasses whytewolf so what does the relevant config in your /etc/salt/master look like?
16:03 XenophonF newglasses: I only have one top file in the master branch of my git repos, which you can see at https://github.com/irtnog/salt-states and https://github.com/irtnog/salt-pillar-example
16:04 XenophonF that way top file merging isn't necessary because there's just one
16:04 andrew_shay_fe joined #salt
16:04 Guest73 joined #salt
16:05 newglasses XenophonF I did think of that.   So then people will have to remove the top file every time they branch, but not on merge?  I guess.
16:06 XenophonF no
16:06 XenophonF b/c you shouldn't use the master branch (== base environment) for anything other than targeting data
16:06 XenophonF if you look at my salt-states repo, you'll see that there are separate development/testing/staging/production branches
16:07 andrew_shay_01 joined #salt
16:08 newglasses XenophonF so your master branch just has the top file.
16:10 mpanetta_ joined #salt
16:11 newglasses I think I get it.
16:13 andrew_shay_01 joined #salt
16:13 andrew_shay_01 Hello
16:13 andrew_shay_01 Via the Python API, is it possible to send files from the master to the minion, but give an arbitrary master source file location (eg a path not in salt://)?
16:15 nixjdm joined #salt
16:17 whytewolf newglasses: you asked about my master config. this is all of it. https://gist.github.com/whytewolf/859951bfbd95909086631921d65b63c2
16:18 newglasses whytewolf thans
16:18 newglasses thanks
16:18 whytewolf {i havn't added the modules tree to it yet]
16:20 whytewolf andrew_shay_01: not directly. you need some mechinisim to send them still. which is all that salt:// is. a file tree mechinisim. you could use rsync or a web server.
16:21 cwandrews_ joined #salt
16:21 andrew_shay_01 cool. thanks whytewolf
16:22 cwandrews_ joined #salt
16:37 Edgan joined #salt
16:40 onlyanegg joined #salt
16:42 Lionel_Debroux_ joined #salt
16:45 dxiri joined #salt
16:54 Xenophon1 joined #salt
16:56 Xenophon1 newglasses: i specifically created the development branch detached from head - https://gist.github.com/xenophonf/95357d87b6e0b5e2b0e6
16:59 Guest73 joined #salt
17:04 cwandrews joined #salt
17:04 _KaszpiR_ joined #salt
17:05 Ryan_Lane whiteinge: howdy. is this salt domain code for salt usable in pshinx outside of salt's docs?
17:05 Ryan_Lane *sphinx
17:06 raspado joined #salt
17:09 raspado whats a good one liner to say if grains['something'] exists, then do blah
17:13 v0rtex @raspado you could do something simple like: {% if 'something' in grains %} ... {% endif %}
17:13 Ryan_Lane {% if grains.get('something') %}
17:13 v0rtex ^^^ works as well
17:14 raspado ahh ok, thx!
17:14 Ryan_Lane mine only works if your value isn't truthu
17:14 Ryan_Lane *truthy
17:14 Ryan_Lane if something in grains is probably safer
17:14 v0rtex yeah, using 'in' is pretty explicit for that purpose
17:15 raspado i seem to recall about 6 months ago seeing an if statement was breaking salt minion because the grain didnt exist but there was a way so the statement wasnt intrusive but didnt recall that method
17:16 raspado not breaking salt minion but rather the minion erroring out during highstate
17:16 Ryan_Lane well, it should always do the latter
17:16 raspado ill try both and see which one works
17:16 Ryan_Lane not sure how that would cause the minion to break
17:16 Ryan_Lane if you access a grain and it doesn't exist, it should just result in a jinja error
17:17 raspado ahhh k
17:20 Trauma joined #salt
17:23 dxiri joined #salt
17:27 ChubYann joined #salt
17:29 drewbert joined #salt
17:30 drewbert Has anybody here seen a running minion with internet connectivity fail to respond to a cmd.run?
17:30 drewbert I killed the salt-minion, started it again, and re-ran the command and then it did run it successfully.
17:31 drewbert I'm wondering if the salt-minion entered some bad state, and how likely that is in general.
17:32 cyteen joined #salt
17:38 lordcirth_work drewbert, I think I had that happen once, when I did a large package upgrade including python libraries without restarting salt-minion
17:48 Praematura joined #salt
17:48 wendall911 joined #salt
17:50 druonysus joined #salt
17:50 druonysus joined #salt
17:57 MajObviousman is there a canonical or accepted idiom for reporting errors while running orchestration?
17:58 cyborg-one joined #salt
17:58 * MajObviousman tried using wheel's error.error without success. Likewise to running test.exception
17:58 MajObviousman the message doesn't get back
17:59 MajObviousman wait, nevermind, I had my conditions flipped. test.exception works
17:59 MajObviousman not sure what others do, but that'll work for me
18:04 Edgan joined #salt
18:05 jdipierro joined #salt
18:11 cyteen joined #salt
18:12 newglasses joined #salt
18:17 cwandrews joined #salt
18:18 cwandrews joined #salt
18:22 edrocks joined #salt
18:23 heyimawesome joined #salt
18:32 amcorreia joined #salt
18:35 ecdhe joined #salt
18:37 dxiri joined #salt
18:39 xMopxShell can custom grains be made environment-specific? I have a "_grains" dir in one of my environments and minions in that env don't seem to be getting them.
18:40 aldevar joined #salt
18:40 xMopxShell e.g. the master config has file_roots.dev["/srv/salt/dev/states"] and the path /srv/salt/dev/states/_grains/ on the master has a few python files
18:41 whytewolf iirc only base is synced automaticly.
18:41 whytewolf although the sync_* functions do have saltenv as a variable
18:42 whytewolf ahh.
18:42 whytewolf If not passed, then all environments configured in the top files will be checked for grains modules to sync. If no top files are found, then the base environment will be synced.
18:45 xMopxShell Ah yeah i noticed the contents of dev/_grains made it to the minion, in /var/cache/salt/minion/files/dev/_grains
18:47 khaije1 joined #salt
18:48 khaije1 Can Salt install to a priviledged docker container to manage a system?
18:49 edrocks joined #salt
18:53 astronouth7303 joined #salt
18:54 astronouth7303 "Unable to find IPv6 record for "REDACTED" causing a 10 second timeout when rendering grains. Set the dns or /etc/hosts for IPv6 to clear this." We don't have IPv6 on our LAN yet, is there a good way to clear this, or do I just need to set an entry in hosts?
18:55 whytewolf set an entree in hosts. honestly the only change made to the grain that warrning comes from is the adding of the warning.
18:55 whytewolf it is annoying.
18:55 edrocks joined #salt
18:56 astronouth7303 ok, as long as it won't try to actually use the data to connect to anything
18:56 xMopxShell d'oh, i was looking for the wrong name in grains.ls. It worked the first time :)
18:57 whytewolf astronouth7303: nope it is just a grain. it is trying to fill in the ipv6 part of the network grain
18:58 bluenemo joined #salt
19:01 edrocks joined #salt
19:01 hax404 joined #salt
19:16 jdipierro joined #salt
19:24 xet7 joined #salt
19:24 CEH joined #salt
19:25 oida_ joined #salt
19:28 CEH joined #salt
19:29 wwalker_ for some parts of the state I get "The file /etc/update-motd.d/11-balancer-status is set to be changed" other times it gives me the actual diff.  How do I get the diff all the time?
19:30 ronnix joined #salt
19:32 wwalker this is running with test=True, and both files are jinja templates using file.managed
19:35 ruxu joined #salt
19:38 dxiri joined #salt
19:39 lorengordon joined #salt
19:44 ksk joined #salt
19:45 TheFlyingCorpse left #salt
19:50 astronouth7303 hm, it looks like gitfs is caching my states, is there a way to forcibly reload those?
19:51 whytewolf salt-run fileserver.update
19:51 jauz fileserver.update
19:51 jauz ^
19:51 mt5225 joined #salt
19:52 whytewolf i use this orchestration to accomplish a lot of the hey i changed something update the caches. https://github.com/whytewolf/salt-phase0-orch/blob/master/orch/sys/salt/update.sls
19:53 timoguin joined #salt
19:53 jauz Also: salt-run fileserver.clear_cache and then update again to reset and fileserver.file_list to see if the data changed the way you wanted.
19:54 jauz Nice catch-all file. :)
19:55 astronouth7303 now i have to look up orchestration, and hook it up to gitlab
19:55 whytewolf orchestrations are just in the state tree normally so you don't have to go far with that
19:56 whytewolf https://docs.saltstack.com/en/latest/topics/orchestrate/orchestrate_runner.html
19:56 astronouth7303 thanks
19:56 whytewolf mine are seperate because i sometimes have ocd
19:58 astronouth7303 hm, remote users can't normally use runner states? the CherryPy RPC or Pepper library is being weird.
19:59 whytewolf they might have different permissions that need to be applied.
19:59 ronnix joined #salt
19:59 whytewolf @runner
19:59 cwandrews joined #salt
20:02 rory joined #salt
20:02 timoguin joined #salt
20:03 flowstategames joined #salt
20:04 astronouth7303 oh, i just applied `.*`
20:04 astronouth7303 sorry for newbing all over the place
20:05 whytewolf no problem, how else are you going to learn?
20:06 astronouth7303 and yup, that totally worked
20:09 whytewolf well, now that you have that configured you can add a post-hook to your gitlab that hits a webhook in salt-api that triggers a reactor that runs the orchestration. so your enviroment is always upto date with your current changes ;)
20:10 whytewolf [which is why that orchestration was written in the first place for when i get it live to add]
20:11 astronouth7303 i was already considering piping all of gitlab's hooks into salt
20:12 lorengordon joined #salt
20:12 * whytewolf thumbs up
20:13 dxiri joined #salt
20:19 Trauma joined #salt
20:22 cyteen joined #salt
20:30 swa_work joined #salt
20:32 guest left #salt
20:36 afics joined #salt
20:37 mt5225 joined #salt
20:41 vegasq joined #salt
20:47 PatrolDoom joined #salt
20:53 flowstategames joined #salt
21:03 aldevar left #salt
21:30 zulutango joined #salt
21:34 flowstategames the config for one of my clusters depends on grabbing the ips of another cluster (which can change over time)
21:35 flowstategames my only idea is to run 'grains.item ipv4 | grep "10\.0"'
21:35 flowstategames that feels really clunky, does anyone have experience with a better idea?
21:35 flowstategames s/idea/method
21:35 whytewolf https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.network.html#salt.modules.network.ip_addrs
21:36 druonysus joined #salt
21:36 druonysus joined #salt
21:36 whytewolf and of coarse mines
21:36 flowstategames okay, awesome. Would you just do a salt.network.ip_addrs in the map.jinja to grab that?
21:36 flowstategames oh yeah, mines
21:36 flowstategames I hadn't thought of a usecase for those
21:37 flowstategames don't have mines, beacons, or engines
21:37 whytewolf well you did say from one system to another. which is kind of the purpase of mines :P
21:37 flowstategames yeah, this is a perfect reason to learn how they work
21:39 ProT-0-TypE joined #salt
21:39 whytewolf quick gist of what i tend to do with them https://gist.github.com/whytewolf/eff4a15f0eaa8d5354a3
21:41 flowstategames that's awesome. So I can selectively apply the mine_functions
21:41 whytewolf yeap
21:42 flowstategames well, I know my next project
21:42 flowstategames first though, make this work the dirty way
21:55 pbandark1 joined #salt
21:58 marius joined #salt
21:59 Marius_stanca joined #salt
22:04 seanz joined #salt
22:07 cwandrews joined #salt
22:15 ecdhe joined #salt
22:15 ecdhe joined #salt
22:20 yidhra joined #salt
22:22 cgiroua joined #salt
22:30 timoguin joined #salt
22:32 vegasq joined #salt
22:46 ronnix joined #salt
22:49 druonysus joined #salt
22:49 druonysus joined #salt
22:52 ronnix joined #salt
22:52 nicksloan joined #salt
23:05 jmiven joined #salt
23:10 druonysuse joined #salt
23:10 druonysuse joined #salt
23:12 drewber__ joined #salt
23:13 asyncsec joined #salt
23:15 drewber__ left #salt
23:15 drewbert joined #salt
23:15 drewbert Anybody have issues with minions that are marked as connected not responding?
23:16 shanth see if the service is running on the minion drewbert
23:16 drewbert shanth: it is.
23:16 shanth run salt debug -l
23:16 shanth on minion
23:17 shanth salt-minion -l debug drewbert
23:17 drewbert Going to try that, 1 sec. Thank you for the quick reply.
23:21 shanth it'll tell you a lot of what's going on
23:22 onlyanegg joined #salt
23:23 drewbert It says salt minion is already running.  Do you mean to run it in minion mode to see why it's failing?
23:23 drewbert that is, are you recommending I kill the other minions first?
23:25 whytewolf drewbert: yes. basicly you are starting the minion in debug mode. so you should shutdown the other copy of the software
23:29 drewbert Thank you for the reply. It's now running in debug mode. The first command I ran succeeded (my guess is some sort of socket timeout, does that seem possible?).  I'll respond with a debug log if I cannot diagnose the failure.  Given that it the master says the minion is not responding, though the process is running on the minion-device, and the master thinks the minion is connected, I don't know how helpful this will be.  Hopefully the mi
23:29 drewbert nion device IS receiving the message and it's just some sort of configuration error.
23:34 raspado how can I remove the new line between cloud and role in the yml file through the template I have in https://pastebin.com/w55CH3N6
23:35 raspado or rather, in line 21
23:35 whytewolf {% endif -%}
23:36 raspado ooo
23:36 whytewolf also, for the sake of sanity. please don't use pastebin
23:36 raspado gist?
23:37 whytewolf gist is much better. and my personally fav
23:37 raspado ok thx for the assist whytewolf
23:37 whytewolf np
23:38 astronouth7303 left #salt
23:38 raspado whytewolf: should I keep the - in the other ifs as well?
23:38 whytewolf yes
23:38 raspado k
23:39 whytewolf http://jinja.pocoo.org/docs/2.9/templates/#whitespace-control
23:45 vegasq joined #salt
23:53 druonysuse joined #salt
23:53 druonysuse joined #salt
23:55 raspado joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary