Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2017-07-05

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:10 mpanetta joined #salt
00:16 benjiale omg, never mind me. Just found my problem. :-|
00:24 jas02 joined #salt
00:39 fritz09 joined #salt
00:44 Trauma joined #salt
01:03 donmichelangelo joined #salt
01:10 renoirb joined #salt
01:16 jeddi joined #salt
01:18 edrocks joined #salt
01:33 khaije1 joined #salt
01:33 khaije1 Is it possible to add ext_pillar modules similarly to the salt://_modules method?
01:48 ilbot3 joined #salt
01:48 Topic for #salt is now Welcome to #salt! <+> Latest Versions: 2016.3.6, 2016.11.6 <+> Support: https://www.saltstack.com/support/ <+> Logs: http://irclog.perlgeek.de/salt/ <+> Paste: https://gist.github.com/ <+> See also: #salt-devel, #salt-offtopic <+> We are volunteers and may not have immediate answers <+> The call for speakers for SaltConf17 is now open: http://tinyurl.com/SaltConf17
01:49 Slimmons joined #salt
01:59 Slimmons Happy 4th.  (I kind of wish we were still british)
02:07 saltyguy joined #salt
02:11 mpanetta joined #salt
02:14 amercer joined #salt
02:19 ChubYann joined #salt
02:23 nona joined #salt
02:24 hemebond Slimmons: They're not much better off :-)
02:42 hasues joined #salt
02:42 hasues left #salt
02:43 hasues joined #salt
03:06 donmichelangelo joined #salt
03:14 beardedeagle joined #salt
03:14 morissette joined #salt
03:21 hasues if I am creating a pkg.installed call, it is my understanding that I can put a require statement in that block and call other state Ids.  What does it mean when it says they are not found?
03:22 bantone joined #salt
03:26 Slimmons If i'm using salt-api, is there a way to send post data along with my curl request.  I know I've seen it done using webhooks, but I haven't gotten it to work without .  For example, trying to run this state, using the following cur\l command, how do I get the postdata.fileName to the state?
03:26 Slimmons https://gist.github.com/Slimmons/6d96fd3bdf55e96e493f61b37a48b561
03:58 jeffspeff joined #salt
04:03 justan0theruser joined #salt
04:03 evle joined #salt
04:08 whytewolf hasues: it means that salt does not know about the state that you have added to the require statement with in the current high data.
04:09 Slimmons I hope it's not considered bad form to post a question here, and to the google group.....cuz I just did that.
04:09 Slimmons if it is considered impolite, then I withdraw my question from the IRC.
04:09 whytewolf it isn't impolite they operate pretty much indapendently.
04:10 whytewolf it is fine to ask both places.
04:10 Slimmons cool
04:10 Slimmons I wasn't sure if it was the same pool of people or not
04:11 whytewolf there are those that haunt both. and some that haunt one or the other.
04:11 armguy joined #salt
04:12 rideh joined #salt
04:13 notakai_ joined #salt
04:14 theblazehen joined #salt
04:15 whytewolf well... I was just about to answer his question
04:16 whytewolf in short. you don't send post data to the command as the command is not run by the salt-api it only puts it on the stack like any other command. if you want to have a setting put into the stack you need to include a pillar. as you would on the command line
04:17 whytewolf https://docs.saltstack.com/en/develop/topics/tutorials/pillar.html#setting-pillar-data-on-the-command-line
04:18 notakai joined #salt
04:20 notakai Hi, is there a way for the salt-master to authenticate to salt-minions?
04:20 whytewolf huh
04:20 notakai (Say, if you're on an untrusted network)
04:20 whytewolf the master doesn't communicate with the minions
04:20 whytewolf the minions connect to the master
04:20 whytewolf using pki keys both ways
04:21 notakai I was looking at this stackexchange answer: https://security.stackexchange.com/questions/64669/what-attack-vectors-are-there-for-a-stand-alone-saltstack-minion
04:22 notakai Not sure if it's still relevant.
04:22 notakai Like, is that only an issue for clients that haven't been set up yet?
04:23 whytewolf don't start the minion software and it isn't a problem. it isn't needed for masterless minions
04:23 whytewolf [needs to be installed just not started]
04:24 justanotheruser joined #salt
04:24 notakai Hmm, what if I do want a master?
04:25 whytewolf that post you listed was only about masterless minions
04:25 whytewolf master minions still need to connect to the master.
04:26 whytewolf the master doesn't connect back to them.
04:30 notakai Yup, I get that.
04:31 notakai I think the 'MASTER_FINGER' config setting is what I'm asking for.
04:31 MTecknology MASTER FINGER!!!!
04:32 notakai But, I don't have salt set up yet so I'm probably jumping the gun.
04:32 whytewolf yes. that might be. that is only for minions that have not connected yet. to let them know they are at least connecting to the right master.
04:32 onlyanegg joined #salt
04:32 notakai Rad, thanks for the info whytewolf!
04:33 MTecknology whytewolf: I pray to god that $client never hears of this feature.
04:34 whytewolf MTecknology: there are a lot of things i pray your $client never hears about in salt
04:35 whytewolf notakai: you might also want to look at master_sign_key_name:
04:36 notakai > The default behaviour of a salt-minion is to connect to a master and accept the masters public key. With each publication, the master sends his public-key for the minion to check and if this public-key ever changes, the minion complains and exits.
04:36 notakai Good enough for me!
04:37 notakai My concern was mostly that I could connect to an untrusted network (after salt-minion) had been set up and automagically connect to a malicious master.
04:38 whytewolf yeah that is unlikely.
04:42 notakai joined #salt
05:01 toadster joined #salt
05:06 nona joined #salt
05:24 jholtom joined #salt
05:36 nona joined #salt
06:07 aldevar joined #salt
06:12 mpanetta joined #salt
06:31 hasues whytewolf: Well, if I put pkg.installed and add in a require statement listing the states I want to require, it does not work, but if I make an include with those states, they are executed.
06:32 hasues So I don't understand how it works in one clause but not another.
06:34 Felgar joined #salt
06:34 hasues whytewolf: http://dpaste.com/3J8M0J4  Consider that.
06:35 hasues ugh, I should have included the errors.
06:35 hasues http://dpaste.com/3V6TN76
06:35 hasues That displays the error.
06:35 whytewolf hasues: https://docs.saltstack.com/en/latest/ref/states/requisites.html#require-an-entire-sls-file read that carefully
06:36 hasues Yeah, I had that page open the entire time.  I'll read it again and see what I'm missing
06:36 whytewolf "Do this first by including the sls file and then setting a state to require the included sls file"
06:37 whytewolf the include is required to do whole sls requires
06:37 hasues Well, I have the include commented out.
06:37 hasues Oh?
06:37 hasues If I comment out the require and put in the include, I thought it executed the include regardless (at least that is what I thought I observed)
06:38 hasues And then I thought that simply is just executing the states without a dependency.
06:38 whytewolf yes. what did you think require is for?
06:38 hasues I thought require meant "before your state executes, these must be executed"
06:39 whytewolf yes.
06:39 hasues Okay, I have commented out the require statements, and I'm going to uncomment the include statements and see if the includes execute regardless.
06:39 whytewolf [although it really means the required state runs and is true or change]
06:40 hasues Oh, right.
06:40 whytewolf if a required state fails it won't run the state requiring it
06:40 hasues I did observe that.
06:41 do3meli joined #salt
06:41 do3meli left #salt
06:41 hasues Okay, without the require statements, the include statements are executing those states.
06:42 whytewolf right. although the include doesn't gerentee that the states will run before the states in the file that includes the. that is what the require is for
06:42 whytewolf [or one of the reasons for the require]
06:43 hasues But why would I need an include?  If I say "require sls" and give it the state, why can't it find it?  It shouldn't be pathing.
06:44 hasues In the page that you gave me, I don't see them mentioning that you have to have includes?
06:44 hasues oh wait.  yes it does
06:44 whytewolf yes it does
06:46 hasues Okay, well, I guess that's fine.  I wish the debug were a bit more verbose on saying "hey this is required so we are going to force an execution first"
06:46 hasues Maybe it said it but in such a way that I couldn't recognize it.
06:46 hasues Anyway, I wanted to touch upon our previous conversation.
06:46 hasues So it seems that the issue was portage.config actually builds the config files.
06:47 hasues I'm just letting you know in an FYI.
06:47 hasues So I was under the impression what that module does is just call emerge with USE flags on the command line, not build config files.
06:47 hasues So when salt was doing that and I was also modifying the files, that was what caused the problem.
06:48 whytewolf interesting
06:49 whytewolf i think i am going to head to bed. it is getting late here. and i have work in the morning
06:49 hasues Yeah, same.  thanks again for your help
06:51 hasues left #salt
06:54 toanju joined #salt
06:57 saintpablo joined #salt
07:10 jeddi joined #salt
07:26 _KaszpiR_ joined #salt
07:28 Ricardo1000 joined #salt
07:36 gmoro_ joined #salt
07:40 ProT-0-TypE joined #salt
07:49 Rumbles joined #salt
07:53 mikecmpbll joined #salt
08:01 mxcarron joined #salt
08:01 noraatepernos joined #salt
08:02 mxcarron Hello Guys,
08:02 mxcarron like "noob" question, is it possible to query state from cli
08:02 mxcarron for example salt "*" firewall.check www.google.com port=80
08:03 hemebond mxcarron: Yes, you call execution modules like that.
08:05 alexlist joined #salt
08:08 pbandark joined #salt
08:21 sh123124213 joined #salt
08:22 N-Mi joined #salt
08:35 colegatron joined #salt
08:37 Mattch joined #salt
08:40 yuhl joined #salt
08:42 _KaszpiR_ joined #salt
08:44 Naresh joined #salt
08:59 fracklen joined #salt
09:04 cpc joined #salt
09:06 cpc left #salt
09:07 c4rl3x joined #salt
09:22 pratapagoutham joined #salt
09:24 pratapagoutham hi
09:25 donmichelangelo joined #salt
09:25 pratapagoutham hi all i have been using this git link https://github.com/Mirantis/reclass-system-salt-model where can we find state files in this repo ?
09:30 nku mh.. i include a gpg encrypted python dict with secrets in a state file to append to a config file, but that apparently makes the yaml invalid.. any suggestions?
09:30 nku that's how i've done it for all other secrets, but they played nicely with yaml
09:32 nku what kind of error is "failed: could not found expected ':'".. that doesn't sound right
09:32 jas02 joined #salt
09:34 jas02 joined #salt
09:35 c06 joined #salt
09:36 c06 hi all
09:36 c06 is there any option to insert multiline content in file.line @insert mode
09:37 nku c06: foo: |
09:37 c06 nku: ooops i will check that one..
09:37 c06 nku: ty dude
09:38 nku yw
09:39 nku mh. is there no way to pass a gpg encrypted file to file.managed source and have it decrypted on the minion?
09:43 nku oh wait, i can access pillar data from a template, right
09:46 pbandark joined #salt
09:49 zer0def question about salt-cloud: can i provide my own deploy script in opposition to those provided by the default distribution?
09:50 mikecmpb_ joined #salt
09:54 zer0def ok, follow-up question - can i override the CLOUD_DIR syspath?
09:54 hemebond First question: yes
09:54 hemebond Second: no idea
09:55 hemebond I don't even know what that directory/variable is.
09:55 zer0def hemebond: ok, how would i provide the script for salt-cloud?
09:56 hemebond https://docs.saltstack.com/en/latest/topics/cloud/deploy.html set script attribute/property
09:56 Praematura joined #salt
09:56 hemebond Put the script into /etc/salt/cloud.deploy.d/
09:56 zer0def is /etc/salt/cloud.deploy.d actually respected?
09:57 zer0def only asking, because i have no such dir on 2016.11.4
09:57 zer0def ok, nevermind, if the manual specifies so, it must be so
09:57 hemebond Ah
09:58 hemebond https://docs.saltstack.com/en/latest/topics/cloud/deploy.html#updating-salt-bootstrap
09:58 hemebond salt-cloud -u
09:58 hemebond That will fetch the default script and create that directory.
09:58 zer0def i'm not interested in salt-bootstrap
09:59 zer0def that's why i'm asking for the ability to provide my own
09:59 zer0def that deploy.d reference seems to be the thing i'm looking for, thank you, hemebond
09:59 hemebond Sure, but that just fetches the script and makes the directory.
10:00 hemebond You don't _have_ to use the script it fetches.
10:00 hemebond It just puts it there in case you do.
10:04 zer0def eh, as mentioned above - if i wanted to use bootstrap-salt, i would've have raised the question at all :)
10:14 mpanetta joined #salt
10:14 c06 i need to assign(pass) the certificate path to state(formulas). Is the best way through pillar? or anyother
10:14 fracklen joined #salt
10:15 Trauma joined #salt
10:18 permalac joined #salt
10:21 hemebond c06: Usually done through pillar.
10:21 hemebond But it depends on the formula.
10:21 hemebond You might have to create your own state to extend the formula state to change it.
10:28 aldevar left #salt
10:34 c06 hemebond: ty  for passing shell scripts also same or anyother way.?
10:34 c06 ** custom shell scripts paths
10:34 hemebond c06: It depends entirely on the state/formula.
10:35 c06 hemebond: you have any reference or github code for reference
10:35 hemebond Well, what are you trying to do?
10:35 hemebond There are many ways to pass strings around.
10:36 c06 i need to pass my custom shell scripts path to my state.
10:37 hemebond to your own state?
10:38 c06 yes
10:38 c06 i wrote some sls files
10:40 hemebond Okay. Then you can change your state to get the value from pillar, e.g., {{ salt.pillar.get('my:nested:value') }}
10:40 hemebond Have you done the tutorials in the documentation?
10:40 c06 i am directly calling with cmd.run command "sh /path/script.sh", but i think its exposes to outer so i need it somewhere
10:40 hemebond There are some introductory articles on pillar data.
10:42 c06 hemebond: i have a glance on pillar i will read more ty dude
10:42 hemebond Good luck ????
10:42 mikecmpbll joined #salt
10:43 c06 hemebond: ty .. :)
10:44 Rumbles joined #salt
11:13 fracklen joined #salt
11:25 kedare joined #salt
12:01 Ricardo1000 joined #salt
12:02 Ricardo1000 joined #salt
12:10 xet7 joined #salt
12:13 mxcarron hemebond: firewall isn't an execution module, it's a state module
12:14 mxcarron so salt"*" firewall.check .... fails, saying "'firewall.check' is not available."
12:14 hemebond mxcarron: What does it do? Is there not an execution module that goes with it? What is it you're trying to do?
12:15 mxcarron I'm trying to send an order to all minions to test if they can reach (establish a tcp conn) www.google.com:80
12:17 hemebond Like https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.network.html#salt.modules.network.connect ?
12:22 mxcarron haaaaaa !!!! looks good. thx :-)
12:22 mxcarron let me test it
12:30 mxcarron hemebond: thx!! this is what I was looking for
12:31 numkem joined #salt
12:31 hemebond ????
12:32 alexlist joined #salt
12:34 alexlist joined #salt
12:35 alexlist joined #salt
12:37 yuhl joined #salt
12:37 fracklen joined #salt
12:48 alexlist joined #salt
12:54 thinkt4nk joined #salt
12:58 nicksloan joined #salt
13:00 cgiroua joined #salt
13:09 aldevar joined #salt
13:14 smartalek joined #salt
13:17 evle joined #salt
13:20 ssplatt joined #salt
13:21 toadster joined #salt
13:22 toadster left #salt
13:24 shanesveller joined #salt
13:29 palsveningson joined #salt
13:30 OliverUK joined #salt
13:30 OliverUK Hiya
13:31 OliverUK I cannot find a way of telling a minion to reboot if a file changes
13:32 OliverUK I currently have this: https://pastebin.com/9a9m3B28 but the minion is rebooting any time there is a state.apply run, is this even possible to achieve?
13:32 palsveningson left #salt
13:32 palsveningson joined #salt
13:33 hemebond OliverUK: You can't just point at file paths. You have to point requisites (like `watch`) at _states_.
13:33 OliverUK hemebond: Ah OK, I will look into this
13:34 hemebond e.g., - file: state_id_of_managed_file
13:34 Slimmons joined #salt
13:35 palsveningson hi
13:35 Slimmons hi
13:35 palsveningson I need some help with getting saltstack formulas to work.
13:35 OliverUK hemebond: OK you have lost me, sorry, is there a manual page I can look further into this?
13:36 palsveningson I have downloaded the salt-formula: https://github.com/saltstack-formulas/salt-formula, added the following in my master-conf:
13:36 palsveningson file_roots:   base:     - /srv/salt     - /srv/formulas/salt-formula
13:36 palsveningson and in my top.sls i have added base:
13:37 palsveningson - salt
13:37 palsveningson when running i get:     No matching sls found for 'salt' in env 'base'
13:38 OliverUK hemebond: There are file.managed states that exist for the files I want to reboot on if they change
13:38 OliverUK hemebond: Salt is updating those files fine but I only want the reboot if they have been changed
13:40 Slimmons palsveningson: silly question, but did you restart salt-master after making the changes?
13:40 palsveningson Slimmons: Yes, it has been restarted
13:41 hemebond OliverUK: https://paste.debian.net/hidden/1129c5f9/ maybe
13:41 hemebond Untested :-)
13:42 hemebond palsveningson: Restarted the master?
13:42 Slimmons yeah, that's what i asked :)
13:42 hemebond Oops :-D
13:43 OliverUK hemebond: Yeah OK I see, thanks for that
13:43 Slimmons palsveningson: can you show us your full top.sls file?  also, maybe use gist.github.com
13:43 palsveningson sure
13:44 palsveningson Slimmons: https://gist.github.com/palsveningson/d050ffdd4f8733614aa409b440b18356
13:44 Slimmons palsveningson: so, I'm assuming that you have a sls file under salt?
13:44 Slimmons what's the name of the state you are trying to run?
13:45 Slimmons the top file should be a list of your sls files that you want to run on your base '*'
13:45 Slimmons also, please keep in mind, i'm kind of a salt noob too, so my answers are not scripture
13:46 Slimmons if someone comes through and contradicts me, you should believe them.
13:46 OliverUK hemebond: Ah, the only problem I have now is that there are like 5 odd files that all get updated at the same time, this is going to do a reboot after each file gets changed, it would be much better to reboot after all of the files have been updated.  Is this possible do you think?
13:46 hemebond You're right. The salt-formula formula doesn't have a root init.sls
13:46 gmoro_ joined #salt
13:46 hemebond So you _have_ to specify the state you want from the formula.
13:46 hemebond Slimmons and palsveningson ^
13:46 hemebond e.g., you need salt.minion
13:46 palsveningson I thought I could just include it in the topfile as here: https://docs.saltstack.com/en/latest/topics/development/conventions/formulas.html#including-a-formula-from-a-top-file
13:47 hemebond palsveningson: Usually, yes. But it depends on how the formula works.
13:47 hemebond In this case there is no default installation. You _must_ choose a state underneath.
13:47 hemebond e.g., salt.minion, salt.master
13:48 hemebond OliverUK: I think if you change onchanges(_in) to listen(_in) and give `order: last` to your system.reboot, it will run that reboot at the very end of everything.
13:49 palsveningson Isee, that soled the problem but got my a huge Traeback with python-error instrad.
13:49 noobiedubie joined #salt
13:53 racooper joined #salt
13:55 palsveningson Anyway, that was one step in the right direction. Will be back tomorrow :)
13:56 OliverUK hemebond: I think that would have worked but 'Referenced state module: system.reboot does not exist'
13:57 Inveracity joined #salt
13:59 beardedeagle joined #salt
13:59 hemebond OliverUK: Maybe try giving it a unique ID and moving system.reboot into the name: parameter.
13:59 hemebond I need to head to bed.
13:59 hemebond gnight
14:00 OliverUK hemebond: Thanks for your help
14:00 hemebond left #salt
14:02 saintpablos joined #salt
14:04 saintpabloss joined #salt
14:06 xet7 joined #salt
14:06 saintpablo joined #salt
14:07 jdipierro joined #salt
14:10 pbandark1 joined #salt
14:15 mpanetta joined #salt
14:27 fracklen joined #salt
14:30 GnuLxUsr joined #salt
14:40 deuscapturus joined #salt
14:47 deuscapturus Good morning.  I would like to get https://github.com/saltstack/salt/pull/41067 into the next release of saltstack.  What do I need to do?
14:57 jdipierro deuscapturus It was merged already so it should be in the next release.
15:04 kedare joined #salt
15:06 onlyanegg joined #salt
15:07 exegesis joined #salt
15:14 cyborg-one joined #salt
15:16 evle joined #salt
15:20 PatrolDoom joined #salt
15:25 PatrolDoom joined #salt
15:34 nicksloan joined #salt
15:34 astronouth7303 does pillar handle large, bulk data? Or should I look into something else?
15:34 GMAzrael joined #salt
15:37 astronouth7303 i'm looking at deploying statics using tarballs from CI, and I'm already using pillar data for environment-specific data. My Saltfs is currently exclusively git, which I don't want automation commiting to
15:46 sarcasticadmin joined #salt
15:52 fatal_exception joined #salt
15:52 JohnnRun joined #salt
15:52 cyteen joined #salt
15:54 Eugene joined #salt
16:03 GMAzrael joined #salt
16:13 nicksloan joined #salt
16:16 mpanetta joined #salt
16:19 woodtablet joined #salt
16:23 SalanderLives joined #salt
16:25 evle2 joined #salt
16:36 khaije1 joined #salt
16:40 preludedrew joined #salt
16:42 thinkt4nk joined #salt
16:43 sjorge joined #salt
16:44 thinkt4n_ joined #salt
16:49 khaije1 I noticed that the development branch docs reference release 2017.7, does that mean that there is a new release expected soon?
16:51 fannet joined #salt
16:53 armyriad joined #salt
16:54 whytewolf it is coming. they finally released an rc not that long ago
16:58 deuscapturus jdipierro the PR commits are not in the 2017.7 branch.  This was a also a bug fix.  It should have been released with the 2016.11.x releases, but was not.
16:58 deuscapturus jdipierro: ^
16:59 khaije1 hey whytewolf, thats good news!
17:02 whytewolf deuscapturus: if you wanted it in 2016.11 you should have developed against 2011.6 and submitted the pull request against 2016.6. you have to ask to have it back ported at this point. to both 2016.6 and 2017.7
17:02 whytewolf s/2011.16/2016.6
17:03 Trauma joined #salt
17:04 whytewolf it can still make the 2017.7 release. as that just had it's first rc pushed. and should make it into the next 2016.11 release.
17:05 whytewolf see https://docs.saltstack.com/en/latest/topics/development/contributing.html#which-salt-branch about which branch to develop against
17:05 Bock joined #salt
17:09 jf_sebastian Hello, is anybody here usiing the junos_syslog engine module?  I see it is loading correctly if I start the master in debug mode, and I'm getting syslog delivered to the port I have configured it in but nothing is making it to the Salt event bus
17:09 Edgan joined #salt
17:22 Cottser joined #salt
17:24 gareth__ joined #salt
17:26 nicksloan joined #salt
17:29 socket-_ joined #salt
17:34 thinkt4n_ joined #salt
17:39 morissette joined #salt
17:39 ecdhe joined #salt
17:39 ecdhe joined #salt
17:40 ChubYann joined #salt
17:47 noraatepernos joined #salt
17:55 deuscapturus whytewolf: thanks.  I'll work on the backport process.
17:59 thorie joined #salt
17:59 thorie hi, does highstate apply only once if a rule happens to change what should happen in another one?
18:01 nixjdm joined #salt
18:04 Brew joined #salt
18:04 astronouth7303 thorie: explain? You're asking what happens if two different states conflict?
18:08 whytewolf thorie: each state checks the current status. if the status of the info is not what the state is expecting it will make a change. if it is it will say that it is true but no change was needed.
18:13 noraatepernos joined #salt
18:17 mpanetta joined #salt
18:17 cliluw joined #salt
18:18 drawsmcgraw joined #salt
18:18 cliluw joined #salt
18:19 Praematura joined #salt
18:22 censorshipwreck joined #salt
18:23 druonysus joined #salt
18:23 druonysus joined #salt
18:25 thorie more details: https://stackoverflow.com/a/26935429 -- the file rolegrain.sls makes sure that the `application_server` grain is present, but what if in my top.sls I also have something that says: 'roles:application_server':\n - match: grain\n - some.other.states ?
18:26 thorie is the highstate applied such that i'm guaranteed it will be available? or, if due to ordering/precedence, is it possible that the check to ensure the grain value is present happens AFTER the rule that assigns some.other.states, therefore, some.other.states gets missed?
18:26 SalanderLives joined #salt
18:27 astronouth7303 others will know better, but I _think_ that the set of states is computed, and then they're applied. That is, you'll have to highstate it twice.
18:28 * astronouth7303 has only been working with salt for a few weeks
18:28 whytewolf targetting, and jinja is run before the states run. so if you have a state creating a grain it won't exist until the next highstate
18:29 thorie got it, so basically, don't do it :)
18:30 fracklen joined #salt
18:30 astronouth7303 i can see such a state being useful, but I don't think I would use it from highstate
18:30 whytewolf you can do it, as long as you know it isn't going to be there the first time. there are other works arounds. such as using orchestration which seperates each stanza into a seperate run.
18:30 it_dude joined #salt
18:34 evanderv joined #salt
18:37 fracklen joined #salt
18:54 noobiedubie joined #salt
18:59 nicksloan joined #salt
19:04 cyraxjoe joined #salt
19:06 it_dude joined #salt
19:07 flowstategames joined #salt
19:17 nixjdm joined #salt
19:18 whytewolf so quiet.
19:20 astronouth7303 sorry, busy trying to figure out how to get a tarball from CI to salt while maintaining environment selection and auditability
19:21 whytewolf put the file in a secure place and use rsync,http or ftp?
19:22 astronouth7303 all of the environment-specific data is currently in pillar, but I think sticking it in saltfs is a better idea? So i created an lfs root.
19:23 astronouth7303 i'm concerned that the state wouldn't check HTTP files for changes? and i don't have easy infrastructure in the right shape for that.
19:23 whytewolf depends on size. saltfs doesn't really handle large files well either. and defintly pillar isn't a place for large data models. [keep in mind pillar is synced often. so you would transfer that large dataset everytime]
19:24 astronouth7303 :/ it's currently running at 20MB
19:24 whytewolf 20mb isn't bad for saltfs
19:24 whytewolf i wouldn't put that in pillar though
19:24 astronouth7303 yeah, no
19:25 whytewolf when you said large i was thinking 1gb or more
19:25 astronouth7303 well, it's large compared to what i was doing (passing around a commit hash)
19:26 whytewolf anyway as for a state. file.managed can determine if a http file is new. if it has a source_hash to work with.
19:27 astronouth7303 oh, do i need that for salt:// too?
19:27 whytewolf no, salt:// does all that automagically.
19:40 spuc left #salt
19:40 noraatepernos joined #salt
19:43 edrocks joined #salt
19:54 nicksloan joined #salt
19:57 astronouth7303 ok, that's weird. I have `lfs` in `/srv/salt/stack` on my master. The master has `/srv/salt/stack` listed in `file_roots`. The minion is reporting the files (cp.list_master) as `stack/lfs/...` instead of `lfs/...`
19:58 lordcirth_work astronouth7303, did you recently change file_roots?
19:58 lordcirth_work ie, have you restarted since?
19:58 whytewolf that is odd. did you restart master after updating
19:59 astronouth7303 yeah, i did
19:59 astronouth7303 (I didn't have any file_roots before)
19:59 flowstategames joined #salt
19:59 whytewolf well /srv/salt/ is the default. so without a file_roots setting it is what is used.
20:00 whytewolf care to post what you put in file_roots?
20:00 astronouth7303 https://www.irccloud.com/pastebin/U6juFhWH/
20:00 whytewolf you forgot base:
20:01 lordcirth_work Ah, that would do it.  So it's defaulting to /srv/salt ?
20:01 whytewolf yeap
20:01 astronouth7303 ... i need to read the docs more carefully. I thought the environment was optional.
20:01 lordcirth_work I use /srv/saltstack/{states,pillar}
20:02 lordcirth_work "optional" in the sense that you can tack "base" on to things and mostly ignore it
20:02 whytewolf not optional. base is just the default enviroment.
20:02 astronouth7303 that's kind of the opposite of optional
20:03 astronouth7303 ok, yeah, that's better
20:03 noraatepernos Still can’t get boto installed under pip.installed https://gist.github.com/anonymous/52bb37be2ba9f53b76ee1e89b2d382dc can anyone help?  Day 3 of this problem.
20:08 noraatepernos https://github.com/saltstack/salt/issues/33163 ahh this is unresolved.
20:09 whytewolf noraatepernos: was just about to say that looks like a bug
20:10 noraatepernos @whytewolf Yeah I’m just going to work this into my cloud-config yaml for now “So is the idea that on ubuntu one needs to first install the python-pip apt package and then reinstall pip with pip?”
20:10 whytewolf the fix for that bug was added in may of last year.
20:10 whytewolf are you using an old version?
20:11 lordcirth_work A minion is spamming: Error while bringing up minion for multi-master. Is master at salt.example.com responding?
20:11 PerilousApricot joined #salt
20:11 lordcirth_work I can nmap the salt-master's 4505 and 4506.  I don't see what's wrong?  Also I'm not using multi-master.
20:11 whytewolf salt.example.com? does it really say that domain?
20:11 noraatepernos 2015.8.8
20:12 whytewolf noraatepernos: that would be a yes.
20:12 astronouth7303 ok, just to double check I understand this: If I have a directory /srv/static and a tarball salt://static.tar.xz, and i want the contents of the tarball to end up in the directory. I've set up CI so that the tarball will contain the contents of the directory (eg, index.html, js/site.js, etc at the top-level). I'm using archive.extracted. If I set enforce_toplevel, it'll extract into the directory, right? or is it expecting
20:12 astronouth7303 directory in the tarball that "matches" the named fs directory?
20:13 noraatepernos whytewolf: I’m just using what’s in ppa:saltstack/salt <— should I not be using that?
20:13 noraatepernos Someone mentioned that the other day.  Like I’m using an outdated ppa url?
20:13 whytewolf noraatepernos: https://repo.saltstack.com/
20:13 lordcirth_work The PPA was out of date when I checked ages ago
20:13 whytewolf the ppa was an old unofficial repo
20:14 whytewolf noraatepernos: latest released version is 2016.11.6
20:14 N-Mi joined #salt
20:14 N-Mi joined #salt
20:15 astronouth7303 (did that make sense?)
20:15 noraatepernos whytewolf: Ok I need to redo my cloud-config…sorry.
20:15 whytewolf noraatepernos: no problem :)
20:17 thinkt4nk joined #salt
20:17 nixjdm joined #salt
20:17 astronouth7303 or, i guess i should ask the more open-ended question:
20:18 astronouth7303 I have `/srv/static: archive.extracted: ...`. How does it expect the tarball to be?
20:18 mpanetta joined #salt
20:19 * whytewolf has never used archive.extracted. so can only guess. but i believe enforce_toplevel is for it striping the named directory that tarballs normally have
20:20 astronouth7303 ok, based on the warning, it occurred to me that it might extract alongside the named directory?
20:22 whytewolf no, it will extract into a tmp directory and then it moves it to the directory.
20:22 astronouth7303 ok, yeah
20:22 whytewolf [much of salt works like that doing something in tmp then moving the result to the place it needs to be]
20:22 astronouth7303 it does The Right Thing
20:22 astronouth7303 good to know
20:23 lorengordon joined #salt
20:28 flowstategames joined #salt
20:29 it_dude joined #salt
20:30 lordcirth_work whytewolf, no, example.com is my censor, sorry
20:32 astronouth7303 lordcirth_work: you nmap'd from the minion?
20:32 lordcirth_work astronouth7303, yes
20:35 whytewolf ok, just making sure. not sure why it is trying to run in multimaster are you using list format with the master: setting?
20:36 noraatepernos joined #salt
20:36 it_dude joined #salt
20:38 lordcirth_work whytewolf, nope, just setting master: and hash_type: it's straight from PXE preseed
20:38 lordcirth_work 2-line /etc/salt/minion
20:38 astronouth7303 would multimaster fail with a single master that is working?
20:38 whytewolf shouldn't
20:40 lordcirth_work Hmm, I wonder if return packets are being blocked
20:40 lordcirth_work Before this spam, there's a bit of: Unable to send mine data to master
20:41 lordcirth_work Attempting ssh: ssh_exchange_identification: read: Connection reset by peer
20:41 lordcirth_work I bet that's it
20:44 sp0097 joined #salt
20:45 sjorge joined #salt
20:46 Trauma joined #salt
21:00 hemebond joined #salt
21:01 astronouth7303 hm. initial highstate is... taxing, and I seem to have locked up the minion?
21:02 astronouth7303 oh, no. It's just timing out because the master timed it out
21:03 Rumbles joined #salt
21:04 Praematura_ joined #salt
21:06 astronouth7303 maybe? it seems to be running pretty slow.
21:07 hemebond astronouth7303: Are you doing `salt blah state.apply`?
21:07 jdipierro joined #salt
21:08 astronouth7303 basically, yeah
21:08 hemebond If so, yes, that command-line tool (salt) only waits for a certain amount of time. You can change that with an argument.
21:08 whytewolf or, just put it in async mode and watch the job cache
21:08 hemebond All it does is sit there polling the job queue to see if the minion has sent something back.
21:08 astronouth7303 yeah, i did that the second time. It didn't outright reject it, though
21:09 astronouth7303 i should redo my tool to have an async mode
21:10 astronouth7303 i haven't configured an external job cache yet, either
21:10 astronouth7303 (maybe i should...)
21:11 astronouth7303 ok, it is running, /var/log/salt/minion is just buffered and not real-time
21:12 hemebond Really?
21:12 astronouth7303 it pauses, and then `tail -f` spews a bunch of stuff
21:13 hemebond What if you do `salt-call state.apply -l debug` ?
21:13 whytewolf astronouth7303: it isn't really buffered. more that it is working during those pauses and taking time at the current task.
21:14 astronouth7303 oh, figured it out.
21:14 astronouth7303 something DOWN'd the network interface again.
21:14 astronouth7303 at least _that's_ consistent
21:15 nixjdm joined #salt
21:16 fireflux joined #salt
21:20 astronouth7303 And I'm pretty sure this state is doing it. https://www.irccloud.com/pastebin/jp6yTPZ9/
21:21 astronouth7303 (i have it because i'm on a private cloud where i clone a VM image instead of spinning it up fresh from pxe or w/e)
21:21 cyborg-one joined #salt
21:23 whytewolf well, a private virtualization. a private cloud typically takes care of that hostname bit using cloud-init.
21:23 fireflux I seem to have the same issue as https://github.com/saltstack/salt/issues/40320 with a minion becoming inacessible after running saltutil.regen_keys due to the minion.pem having a Read-Only flag set after a default minion install
21:24 astronouth7303 whatever you want to call it.
21:24 astronouth7303 i'm pretty sure that disabling the network directly conflicts with `enabled: True`, though
21:25 astronouth7303 i guess that I should file a github issue?
21:25 whytewolf yes
21:27 tapoxi astronouth7303: I had such a pain with setting hostnames
21:27 ecdhe joined #salt
21:27 ecdhe joined #salt
21:27 tapoxi astronouth7303: I had to end up calling the network module as part of my state
21:27 astronouth7303 i figure the workaround is to set a file and call `hostname`
21:28 tapoxi astronouth7303: https://pastebin.com/f8Qcr7T2
21:30 Trauma joined #salt
21:34 astronouth7303 That works, too
21:34 Trauma joined #salt
21:34 astronouth7303 https://github.com/saltstack/salt/issues/42145 is there anything else I should mention?
21:37 onlyanegg joined #salt
21:37 astronouth7303 straw poll: How do people actually invoke salt commands? pepper? ssh+sudo? customized tools?
21:38 raspado joined #salt
21:38 whytewolf typically i ssh into the master and use cli
21:38 whytewolf although I plan to move towards salt-api later
21:41 onlyanegg astronouth7303: I usually ssh as well, and I'm working on getting salt-api with cherrypy up
21:41 astronouth7303 i'm using pepper+salt-api myself
21:42 astronouth7303 i've actually made it a habit to avoid executing commands by ssh
21:42 onlyanegg I've never looked into pepper...
21:43 whytewolf not a fan of pepper. but it has been a few years since i last tried it.
21:43 astronouth7303 i assumed anyone using salt-api would be using pepper as their client (at least for humans)
21:43 whytewolf anyway i don't recomend seperating from the cli commands until you actually understand what everything does.
21:44 astronouth7303 oh?
21:44 astronouth7303 i've been doing pretty well (except for forgetting to set a timeout
21:44 whytewolf it removes you from a level of debug.
21:45 fogus joined #salt
21:45 onlyanegg astronouth7303: my use case for salt-api is for dev / qa to deploy to instances, so it's pretty limited. Still do everything else via ssh.
21:46 astronouth7303 i guess? I don't think I've had any issues that would have been more obvious if i was executing by ssh. Or i've just learned what output means.
21:46 whytewolf mine was going to be git post-commit webhooks with curl scripts for known orchestrations.
21:47 MajObviousman add me to the list of "ssh in to salt master and run commands on cli"
21:48 astronouth7303 i figured that if I get the rest of the company interacting with salt, i shouldn't be encouraging everyone to regularly execute commands as root on one of the major servers. (Even though they all have permissions.)
21:48 whytewolf who says you have to run commands as root?
21:48 whytewolf you can setup the salt cli commands to reconize users
21:49 astronouth7303 i missed that doc
21:49 wlfyit joined #salt
21:49 astronouth7303 i did see the thing to run the master as not-root (which I should really, really do)
21:49 fogus Running salt minion on Raspberry Pi and Salt Master on CentOS 7 VM in home lab. Minion behaves for a while (>24 hours) then stops responding (~48 hours?).  Minion restart fixes it.  Minion logs: https://pastebin.com/aVJ2TPau .  Error when sending command to minion is `Minion did not return. [No response]` .  After restarting minion, I get 'True' responses for test ping stuff.  Any ideas on how to keep minion working "forever"?
21:50 whytewolf fogus: https://github.com/saltstack/salt/issues/12540
21:51 whytewolf astronouth7303: well i wasn't talking about running the master as non root as that actually strips the ability i was talking about [as it can't auth anymore]
21:52 astronouth7303 *facepalm*
21:52 whytewolf https://docs.saltstack.com/en/latest/topics/eauth/index.html
21:53 astronouth7303 that UX is ... marginal at best
21:55 astronouth7303 is there a runner module to return what execution, runner, etc modules are loaded, and their commands?
21:56 whytewolf i think https://docs.saltstack.com/en/latest/ref/runners/all/salt.runners.doc.html#salt.runners.doc.runner is the closest
21:57 whytewolf astronouth7303: https://docs.saltstack.com/en/latest/topics/tutorials/rooted.html <=- is that better
21:58 astronouth7303 somewhat
21:58 KyleG joined #salt
21:58 KyleG joined #salt
21:58 astronouth7303 i'm not actually convinced it's better than just setting a `.pepperrc`
21:58 astronouth7303 and yes, it is
21:58 astronouth7303 which is also pretty nice
21:59 astronouth7303 i might have to redo my salt tool to be useful
21:59 whytewolf if pepper is good for you, great. personally I had issues with it when i tried it years ago. it wouldn't work remotly. and didn't work with all commands. but that was years ago
21:59 astronouth7303 because just spitting a 500 when i typo a command is not nice
21:59 astronouth7303 i haven't had a problem with it
22:00 astronouth7303 but i'm also using it via API, not CLI (because reasons)
22:00 whytewolf there is also salt-pad. or if you own a copy of salt enterprise there is the enterprise gui.
22:01 whytewolf pepper is by no mens the only or even the most used interface into salt-api
22:02 whytewolf wait saltpad doesn't have a -
22:02 drewbert joined #salt
22:02 astronouth7303 is there a most used interface?
22:03 whytewolf not really. a lot of people just use curl directly in their own api.
22:03 astronouth7303 ...
22:04 astronouth7303 to be fair, the first thing I did was make an API wrapper around pepper that hides most of that detail
22:04 fogus whytewolf: thanks.
22:04 whytewolf fogus: np
22:06 whytewolf astronouth7303: eh, to each their own. if that makes you happy. enjoy
22:06 astronouth7303 it really does... {{long ramble on their other project}}
22:09 fogus whytewolf: so, I read the thread, by and large.  this looks horrible.  maybe i'm misinterpreting something, but it looks like the protocol is fundamentally broken?
22:10 whytewolf fogus: it is kind of broken. which is why the tcp transport was started.
22:10 whytewolf [read to the end of the thread]
22:11 whytewolf it is a work in progress, but already is a lot further along and more stable then reit ever got
22:11 fogus but, like, this is the default setting, and I'm on a highly reliable network.  the minion and the master are on the same switch.  how can this be the case?  I must have something misconfigured or the whole community would be freaking out, right?
22:12 whytewolf humm. in that case yes you must either have something misconfigured or your pi isn't able to keep up with the networking
22:12 whytewolf I have a lot more systems on a semi stable line and don't have those problems
22:13 fogus should a log show something somewhere?
22:13 fogus oh, and if I drop out of the convo, it is because three toddlers attacked at the same time and got the better of me.
22:13 fogus apologies in advance.
22:14 fogus I set the logs to "INFO" level - maybe DEBUG is required to see this on the minion?
22:14 whytewolf I would go to debug.
22:14 fogus Wouldn't the minion know if he wasn't able to see the message bus?
22:14 whytewolf or all
22:14 fogus k
22:15 whytewolf fogus: it should. you could run a test.ping directly from the minion
22:15 whytewolf salt-call test.ping
22:16 fogus ah, ok, i'll do that next time it dies.  what is "ALL" log level?  is that "garbage"?
22:16 fogus I see these options: "One of 'garbage', 'trace', 'debug', info', 'warning', 'error', 'critical'."
22:17 fogus I switched to debug and restarted.
22:17 whytewolf pretty much yeah. it is basicly anything and everything that calls log.*
22:17 fogus I wonder if it is some power saving on the minion or some garbage rasperian thing
22:17 fogus sure enough, after a minion restart, I get my control back
22:18 mpanetta joined #salt
22:20 fogus Hmm, no power saving on Ras  https://raspberrypi.stackexchange.com/a/6960
22:21 fogus It's ethernet connected, so not a wifi issue.
22:24 fogus I'm going to leave it again for a few days.  I'll probably switch to TCP transport on your recommendation.  Same firewall ports for master, whytewolf ?  Minion behind NAT isn't a problem?
22:25 whytewolf should be yeah
22:43 nicksloan joined #salt
22:53 noraatepernos joined #salt
23:01 rpb joined #salt
23:11 deuscapturus joined #salt
23:30 flowstategames joined #salt
23:31 PerilousApricot joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary