Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2017-07-11

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:00 edrocks joined #salt
00:00 keldwud joined #salt
00:01 keldwud joined #salt
00:03 masber joined #salt
00:05 kerrick joined #salt
00:09 dxiri_ joined #salt
00:18 nicksloan joined #salt
00:26 StolenToast joined #salt
00:30 druonysus joined #salt
00:30 druonysus joined #salt
00:31 druonysus_ joined #salt
00:36 nicksloan joined #salt
00:48 nicksloan joined #salt
00:52 zerocoolback joined #salt
00:58 jeddi joined #salt
01:00 kerrick joined #salt
01:17 rpb joined #salt
01:18 dxiri joined #salt
01:19 dxiri joined #salt
01:19 dxiri joined #salt
01:25 kerrick joined #salt
01:26 dxiri joined #salt
01:38 toastedpenguin joined #salt
01:48 ilbot3 joined #salt
01:48 Topic for #salt is now Welcome to #salt! <+> Latest Versions: 2016.3.6, 2016.11.6 <+> Support: https://www.saltstack.com/support/ <+> Logs: http://irclog.perlgeek.de/salt/ <+> Paste: https://gist.github.com/ <+> See also: #salt-devel, #salt-offtopic <+> We are volunteers and may not have immediate answers <+> The call for speakers for SaltConf17 is now open: http://tinyurl.com/SaltConf17
01:49 bigjazzsound_ joined #salt
01:56 bigjazzsound joined #salt
02:01 bigjazzsound joined #salt
02:01 edrocks joined #salt
02:02 major joined #salt
02:03 bigjazzsound joined #salt
02:12 bigjazzsound left #salt
02:13 bigjazzsound joined #salt
02:15 kerrick joined #salt
02:26 kerrick joined #salt
02:43 druonysuse joined #salt
02:43 druonysuse joined #salt
02:56 icebal joined #salt
03:13 Guest73 joined #salt
03:18 fatal_exception joined #salt
03:27 joe_n joined #salt
03:27 fatal_exception joined #salt
03:34 gnomethrower joined #salt
03:34 gnomethrower joined #salt
03:46 donmichelangelo joined #salt
04:02 cyborg-one joined #salt
04:03 edrocks joined #salt
04:06 sp0097 joined #salt
04:13 onlyanegg joined #salt
04:16 beardedeagle joined #salt
04:17 evle2 joined #salt
04:19 dxiri joined #salt
04:19 dxiri joined #salt
04:20 beardedeagle joined #salt
04:38 joe_n joined #salt
04:38 joe_n joined #salt
04:39 joe_n joined #salt
04:40 joe_n joined #salt
04:41 joe_n joined #salt
04:41 sp0097 joined #salt
04:42 joe_n joined #salt
04:42 joe_n joined #salt
04:43 joe_n joined #salt
04:47 jeddi joined #salt
04:59 flebel joined #salt
05:20 Bock joined #salt
05:24 nku um.. how can i avoid a recursive dependency when i have file.managed a file and want to file.replace after putting it there..
05:34 joe_n joined #salt
05:40 kerrick joined #salt
05:42 felskrone joined #salt
05:49 nku looks like #5667
05:49 kerrick joined #salt
05:58 armyriad joined #salt
05:58 kerrick joined #salt
06:00 joe_n joined #salt
06:05 edrocks joined #salt
06:05 hemebond nku: Just don't make a state require a state that requires it.
06:07 nku it's a bug
06:07 nku and truisms are true
06:08 hemebond Ah I see.
06:09 do3meli joined #salt
06:09 do3meli left #salt
06:09 hemebond I wonder if this is because of the change that allowed dependencies to use the name instead of the state ID.
06:10 hemebond Oh that's a 2013 bug.
06:27 impi joined #salt
06:32 c06 joined #salt
06:51 ikarpov joined #salt
06:53 Ricardo1000 joined #salt
06:59 absolutejam anyone know if it's possible to get more output from an orchestrate run
06:59 absolutejam I'm running some sls files in the orchestrate and I'd like more output
06:59 absolutejam or does it only show errors by default?
07:01 aldevar joined #salt
07:03 onlyanegg joined #salt
07:04 JohnnyRun joined #salt
07:12 Ricardo1000 joined #salt
07:15 aldevar left #salt
07:18 jas02 joined #salt
07:32 Rumbles joined #salt
07:32 dyasny joined #salt
07:46 fracklen joined #salt
07:48 aldevar joined #salt
07:53 impi joined #salt
07:54 pbandark joined #salt
07:57 aldevar1 joined #salt
07:59 aldevar joined #salt
08:02 ProT-0-TypE joined #salt
08:02 mikecmpbll joined #salt
08:04 onlyanegg joined #salt
08:10 dyasny joined #salt
08:15 absolutejam Alright, number 2
08:15 absolutejam Can I still all of my jinja variables in a file and include that file?
08:15 babilen You accidentally a verb?
08:15 absolutejam I have a load of Jinja variable definitions ( {% set blah = pillar.get('abc:def:', False) %} ) that are re-used between states
08:16 absolutejam accidentally a whole verb, aye
08:16 absolutejam Maybe I meant store instead of still
08:17 babilen I think you can
08:19 babilen http://jinja.pocoo.org/docs/2.9/templates/#import-visibility
08:30 Mattch joined #salt
08:38 fracklen joined #salt
08:45 absolutejam hm, will that me do a python style import * ?
08:45 absolutejam I'll try include first
08:49 Ricardo1000 joined #salt
08:53 aaronson joined #salt
08:58 froztbyte joined #salt
08:58 froztbyte joined #salt
08:58 lexi_ joined #salt
08:59 preludedrew joined #salt
09:07 edrocks joined #salt
09:10 joe_n joined #salt
09:18 Jan__ joined #salt
09:18 bluenemo joined #salt
09:20 Jan__ I am getting this message on some minions, those minions are in the salt-key list: No minions matched the target. No command was sent, no jid was assigned. Any idea what might be going on?
09:23 hemebond Jan__: It means whatever targeting you used didn't match any minions.
09:25 Jan__ How can that happen, I am using the exact name as in the keylist?
09:26 hemebond Can you paste the target text you're using?
09:26 hemebond Or the exact command
09:29 Jan__ It seems the user cannot be pinged from the salt server, it can be pinged from my own machine
09:29 sjorge joined #salt
09:35 toanju joined #salt
09:36 hemebond User?
09:49 N-Mi joined #salt
09:49 N-Mi joined #salt
09:52 hemebond Jan__: Keep in mind that the minions connect to the master, not the other way around.
09:59 Jan__ But if the master cant ping the minion its also not able to send commands?
10:01 hemebond Jan__: The master just puts the command onto the stack and the minions collect it.
10:05 onlyanegg joined #salt
10:07 noraatepernos joined #salt
10:19 jas02 joined #salt
10:25 jas02 joined #salt
10:29 c06 Anyone tried salt inside the docker containers
10:30 jas02 joined #salt
10:33 jas02 joined #salt
10:37 hemebond The minion inside a docker (*spit*) container? How would that work?
10:39 coredumb In the idea of immutability, is that even worth it?
10:39 c06 hemebond: i have docker container inside can i install salt-minion and do orchestration.?
10:40 coredumb c06: sure you do
10:40 hemebond c06: Orchestration of what? The stuff inside the docker (*spit*) container?
10:40 coredumb c06: you wanna treat your docker container as another full OS ?
10:40 c06 hemebond: coredumb: ty yes same like VM or physical.?
10:41 coredumb sure you can do it
10:41 c06 yes coredumb
10:41 c06 ty and let me try that one..
10:42 coredumb but that shouldn't be how you use docker
10:42 babilen c06: Lyft are doing quite a bit with that
10:42 joe__n joined #salt
10:42 coredumb wouldn't the docker module more appropriate?
10:43 coredumb never used it though, just saying
10:43 joe__n joined #salt
10:43 c06 coredumb: sorry i am unable to understand
10:44 c06 babilen: .????
10:44 babilen c06: I means that Lyft is using salt to bootstrap docker containers quite a bit
10:45 * babilen installs his English grammaer module
10:45 c06 babilen: oooh lyft is a company.. i though some module.. hhehe
10:45 c06 **thought
10:46 babilen https://github.com/cookbrite/flyingcloud
10:47 babilen Is what they use IIRC
10:47 babilen Yeah, sorry .. I thought Lyft is a well known entity :)
10:47 c06 babilen: i am not from US so only.. anyway thanks for your info..
10:48 mbuf joined #salt
10:48 babilen c06: Yeah, I realise that I mostly know them due to Ryan's talk on masterless salt at SaltConf
10:50 babilen They use the phusion docker base image, run saltstack and commit the result as image that is then being pushed into the registry
10:50 c06 babilen: oh nice dude.. recently only i started with salt.. i think these will be very useful info
10:54 babilen c06: https://youtu.be/7ffHKH9H5_Q?t=2379
10:57 c06 ty dude i will watch in the evening.. thanks for sharing dude
11:02 stewgoin joined #salt
11:05 Ricardo1000 joined #salt
11:06 sjorge joined #salt
11:09 edrocks joined #salt
11:15 ahrs joined #salt
11:17 jas02 joined #salt
11:22 sjorge joined #salt
11:23 jas02 joined #salt
11:29 jas02 joined #salt
11:33 xet7 joined #salt
11:33 Ricardo1000 joined #salt
11:42 jas02_ joined #salt
11:44 Cottser joined #salt
11:47 cablekev1n joined #salt
11:51 jas02 joined #salt
11:57 thinkt4nk joined #salt
12:05 onlyanegg joined #salt
12:07 cgiroua joined #salt
12:13 smartalek joined #salt
12:20 ssplatt joined #salt
12:26 coredumb I note that cmd.script executes the script in /tmp
12:27 coredumb Indeed it's problematic for /tmp mounted with noexec
12:27 coredumb Is there a way to set a new temp directory?
12:28 jas02 joined #salt
12:30 hemebond left #salt
12:31 coredumb ah! seems cwd option does the trick
12:33 jas02 joined #salt
12:42 c06 left #salt
12:44 tehsu joined #salt
12:48 eichiro joined #salt
12:49 ikarpov joined #salt
12:52 jdipierro joined #salt
12:56 noobiedubie joined #salt
13:00 LeProvokateur joined #salt
13:10 nicksloan joined #salt
13:11 jdipierro joined #salt
13:11 toastedpenguin joined #salt
13:12 Deliant joined #salt
13:16 aldevar joined #salt
13:19 sh123124213 joined #salt
13:33 xet7 joined #salt
13:36 onlyanegg joined #salt
13:38 zerocoolback joined #salt
13:41 edrocks joined #salt
13:42 dxiri joined #salt
13:43 toastedpenguin joined #salt
13:44 aldevar left #salt
13:51 jeddi joined #salt
13:54 nicksloan joined #salt
13:57 DammitJim joined #salt
13:58 DammitJim left #salt
13:58 DammitJim joined #salt
13:59 DammitJim hi
13:59 DammitJim I started a state by mistake on a minion from the master
13:59 DammitJim what is the recommended way to stop it?
13:59 DammitJim or where do I see what was changed? (I Ctrl + C on the master in freak out mode)
14:02 coredumb DammitJim: get the job ID and kill
14:02 coredumb it
14:02 babilen And then check the job cache (lookup_jid)
14:02 DammitJim on the minion, obviously, right?
14:02 DammitJim oh, an opportunity to learn
14:02 DammitJim how do I check the job cache?
14:03 coredumb you can do it on the server directly
14:03 coredumb salt-run jobs.list_jobs
14:03 DammitJim on the master or minion?
14:03 DammitJim seems the master
14:03 coredumb s/server/master/
14:04 coredumb salt-run jobs.lookup_jid <your_jid>
14:04 coredumb etc
14:04 coredumb salt-call -d jobs for help
14:04 DammitJim awesome
14:04 DammitJim reading it now
14:05 coredumb ah no jobs not in there my bad :D
14:06 coredumb salt-run -d jobs
14:06 coredumb better :)
14:07 DammitJim thank you
14:10 GMAzrael_ joined #salt
14:10 onlyanegg joined #salt
14:10 tongpu joined #salt
14:11 nicksloan joined #salt
14:15 nicksloan joined #salt
14:24 ccha inside a state file, 'include' always run at 1st even if you put 'include' into middle of the file, right ?
14:25 racooper joined #salt
14:27 acsir no, the order is casual except if you don't force a depencency with the 'order' option
14:28 nicksloan joined #salt
14:31 cablekev1n joined #salt
14:32 dxiri joined #salt
14:33 mikecmpb_ joined #salt
14:33 jeddi joined #salt
14:38 zerocoolback joined #salt
14:43 toastedpenguin trying to install the latest salt packages on centos 6.9, installed python 2.7 side by side with 2.6 to prevent issues but the attempt to update salt throws dependency errors for python 2.7
14:46 demize How did you install python2.7? hmm.
14:48 eichiro joined #salt
14:51 mpanetta joined #salt
14:51 CrummyGummy Hi, how can I set a custom grain while running state.apply?
14:51 babilen CrummyGummy: grains.present/grains.append in the SLS you call
14:53 CrummyGummy is that in the command line argument?
14:53 CrummyGummy To be clear, I have a database I want to initialise only on the first call
14:54 CrummyGummy maybe a lock file is a better option.
14:54 PatrolDoom joined #salt
14:54 dfinn joined #salt
14:57 coredumb https://docs.saltstack.com/en/latest/ref/states/all/salt.states.selinux.html#salt.states.selinux.module I used selinux.module with source and install
14:57 sarcasticadmin joined #salt
14:58 coredumb application of state gives me: Warnings: 'source' and 'install' are invalid keyword arguments for module selinux.module
14:58 coredumb any idea?
14:59 coredumb I'm on 2016.11.4 so it should be supported as per documentation...
14:59 ssplatt link to your code?
14:59 ssplatt gist or pastebin or somethign?
15:00 CrummyGummy joined #salt
15:01 coredumb ssplatt: https://pastebin.com/K83dPFb0
15:02 nicksloan joined #salt
15:02 mikecmpbll joined #salt
15:04 coredumb yeah clearly the state module clearly doesn't support that >_<
15:04 heaje joined #salt
15:05 ssplatt are other selinux states working? without install and source?
15:05 coredumb ssplatt: dunno only tried this one
15:06 coredumb just checked the code anyway
15:06 coredumb documentation is incorrect
15:06 ssplatt looks like a bug to me. or the docs aren’t up to date which i’ve run into before too.  i was just wondering if the selinux module was loading properly
15:07 ssplatt seems you’d want to use module_install first,
15:07 jacekplacek joined #salt
15:08 coredumb ssplatt: yep but have to upgrade salt first as I'm in 11.4
15:09 ssplatt oh, right.
15:09 coredumb oh guess what
15:09 coredumb now the module works
15:09 coredumb :)
15:10 coredumb my guess is that 2016.3.0 didn't contain install module part until 11.6
15:10 ssplatt ah.
15:11 _KaszpiR_ joined #salt
15:12 jdipierro joined #salt
15:13 dstensnes how do i call saltutil.sync_engines from a state?
15:13 dstensnes if i want an engine to be available before i drop a config file in minion.d
15:14 dstensnes with file.managed
15:14 ssplatt module.run? probably won’t be available until the next highstate/state.apply tho
15:14 ssplatt possibly.
15:19 nicksloan joined #salt
15:20 dstensnes thanks :)
15:20 dstensnes ssplatt: :)
15:21 ssplatt np.
15:21 nicksloan joined #salt
15:23 tiwula joined #salt
15:26 coredumb ssplatt: even worse it installs the module at each run >_<
15:27 ssplatt - onlyif ?
15:27 ssplatt - unless ?
15:27 coredumb yeah gonna have to workaround that ...
15:27 ssplatt idempotent or bust
15:27 coredumb can't waste 20s just on that :(
15:28 toastedpenguin demize: https://danieleriksson.net/2017/02/08/how-to-install-latest-python-on-centos/
15:28 Brew joined #salt
15:28 toastedpenguin is how I installed python 2.7 on centos 6.9
15:29 coredumb ssplatt: unless: semodule -l | grep zabbix_proxy wastes 2s ...
15:30 ssplatt find the file on the filesystem and ‘test -f /usr/share… ‘?
15:30 ssplatt the semodule -l is probably the better way tho
15:31 ssplatt more declaritive that selinux knows about it and is using it
15:32 noadmin joined #salt
15:32 ssplatt i had a similar issue with elasticsearch where upgrading requires teh modules to be reinstalled. and it wasn’t cleaning up the old modules properly. so grepping the module list was the best way to ensure i needed to install teh module or not
15:34 coredumb ssplatt: guess I'll waste 2s on that
15:36 sarcasticadmin joined #salt
15:36 _JZ_ joined #salt
15:38 jas02 joined #salt
15:39 astronouth7303 hm. Can I have an orchestrate file raise an error? I think I have to call salt.runner with name=error.error, but I have to set name for error.error to work.
15:44 astronouth7303 https://www.irccloud.com/pastebin/8csVRfWc/orch.sls
15:45 astronouth7303 (which i believe will cause salt.runner to try to run missing-env instead of error.error)
15:45 hatifnatt joined #salt
15:46 LeProvokateur joined #salt
15:48 rojem joined #salt
15:48 ssplatt astronouth7303: there is a test.fail state
15:49 ssplatt https://docs.saltstack.com/en/latest/ref/states/all/salt.states.test.html  fail_with_changes, test.fail_without_changes
15:53 astronouth7303 thank you
16:00 fritz09 joined #salt
16:02 adminxor joined #salt
16:05 hatifnatt Hello I have a problem with execution module network.get_hostname when using it in Jinja https://gist.github.com/hatifnatt/fb9afa4f5c79441e0616d03147b18a03
16:07 whytewolf hatifnatt: try salt['network.get_hostname']()
16:07 dstensnes hatifnatt: you probably need "()" after the function call
16:08 dstensnes hatifnatt: what you have will give a reference to the function, not execute it
16:08 dstensnes hatifnatt: try adding "()" like whytewolf said
16:09 SleepyC601999 joined #salt
16:09 hatifnatt whytewolf, dstensnes sure I need '()' my bad.
16:10 * hatifnatt need more python practice =\
16:10 whytewolf np, it is actually one of the reasons i perfer the shortcut over the function dict lookup
16:10 dstensnes whytewolf: example, or it didn't happen! :P
16:11 whytewolf salt.network.get_hostname()
16:11 dstensnes ah, yes, much better
16:11 dstensnes i have used the dict lookup thingy all the time
16:11 dstensnes that looks much cleaner
16:11 MTecknology one isn't better than the other except to the reader
16:11 dstensnes is there somewhere that doesn't work, or can i use that all over?
16:12 adminxor left #salt
16:12 whytewolf it actually has problems in salt-ssh, other wise it works everywhere
16:12 * dstensnes is making notes
16:12 dstensnes thanks :)
16:12 MTecknology whytewolf: you working on a patch to fix that?
16:12 astronouth7303 i didn't even know the shortcut existed, all the docs use dict lookup
16:12 whytewolf https://docs.saltstack.com/en/latest/topics/jinja/index.html#calling-salt-functions
16:13 whytewolf hell no i don't use salt-ssh :P
16:13 MTecknology I don't either
16:13 adminxor joined #salt
16:13 MTecknology I want to eventually start controlling my cisco switch w/ salt, though.
16:13 whytewolf as far as i know it works in salt proxy. so should be fine their
16:13 whytewolf there
16:14 kjsaihs joined #salt
16:14 onlyanegg joined #salt
16:14 hatifnatt Actually I'm using shortcuts like 'salt.network.get_hostname()' all the time, I just forgot about '()' because of no arguments in this certain case and lack of practice.
16:15 dstensnes hatifnatt: it's always nice when it's something simple though :)
16:17 hatifnatt Glad this channel exist I have solved a lot of problems here! Most of them have 'noob' level :)
16:18 noadmin joined #salt
16:19 astronouth7303 hatifnatt: me too
16:19 astronouth7303 i often feel like "I swear i read through this!"
16:19 dstensnes i think that happens to all of us
16:20 major daily..
16:21 adminxor_ joined #salt
16:23 adminxor left #salt
16:25 adminxor_ hello is it possible to re-use a salt state file in another salt state file? e.g I have anycast.sls which installs and configures bgp daemon, I would like to re-use this with dns.sls
16:25 ronnix joined #salt
16:25 adminxor_ is that possible?
16:26 adminxor_ or do I have to write an anycast.py state module instead
16:26 whytewolf what do you mean reuse?
16:27 astronouth7303 adminxor_: you mean like require/depend on it? That would be include *scurries for link*
16:27 astronouth7303 https://docs.saltstack.com/en/latest/ref/states/include.html
16:27 adminxor_ I would like to do the same stuff as anycast.sls but from within dns.sls
16:28 coredumb yep include it is
16:28 astronouth7303 that would be like "Yeah, the stuff in dns depends on the stuff in bgp having already happened"
16:29 astronouth7303 i use include when configuring services that require my application source
16:29 astronouth7303 ie, appserver.sls includes source.sls
16:29 adminxor_ astronouth7303: thanks
16:30 Lionel_Debroux_ joined #salt
16:30 whytewolf I honestly have never used include... i see the need for it. i understand it. i just build things in a way where i never need it :/
16:32 adminxor would include handle things like argument, for an example, I would like to pass specific details like IP, version of bgp daemon etc.
16:32 major whytewolf, I am totally waiting for notes on that ...
16:32 astronouth7303 so i'm trying to generate pillar data. I have an orchestrate file `/srv/salt/pillar/gen/commit.sls` and `/srv/salt/pillar` is configured as a pillar_root, and `gen.commit` is listed in the pillar top.sls, and the minion sees it in the top file, but can't find `gen.commit`
16:32 whytewolf adminxor: no
16:33 astronouth7303 *i have orchestrate generate a file
16:35 cro joined #salt
16:36 ChubYann joined #salt
16:37 jdipierro joined #salt
16:37 astronouth7303 do i have to configure something to use both git and directories as pillar sources? I'm not seeing a pillar version of fileserver_backend
16:39 whytewolf astronouth7303: no, pillar just adds ext_pillars [which is what git_pillar is. so you can just use both.]
16:40 astronouth7303 unless there's a better way to get a commit hash from my CI to my salt minions?
16:40 major ext_pillar
16:40 astronouth7303 yeah, the pillar data in git is working perfectly fine
16:43 GMAzrael joined #salt
16:47 impi joined #salt
16:47 astronouth7303 problem is, the minion isn't getting the pillar data from the fs
16:49 tobstone joined #salt
16:49 tobstone howto do salt -G roles:prod system.reboot only on minions where /var/run/reboot-required is present? any ideas?
16:51 hatifnatt tobstone: https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.file.html#salt.modules.file.file_exists
16:51 hatifnatt or you want only use CLI?
16:52 tobstone state ist fine
16:53 tobstone tried onlyif in cmd.run with no succes, but file.exists as requirement shouldt work, thx
16:54 hatifnatt tobstone: create simple state and check file exist in Jinja, and if it exist render cmd.run 'reboot'
16:55 hatifnatt tobstone: note that file.file_exist is execution mudule not state module
16:56 astronouth7303 yeah, that's something that's really critical when working with salt: Keeping track of what's a state, an executor, or a runner
17:01 mpanetta joined #salt
17:03 nicksloan joined #salt
17:05 nixjdm joined #salt
17:08 waynr joined #salt
17:09 overyander joined #salt
17:14 adminxor left #salt
17:14 darioleidi joined #salt
17:15 dxiri joined #salt
17:15 astronouth7303 i don't have to include the pillarenv in the pillar_root, do i?
17:16 astronouth7303 considering i used pillar_roots.write to create the file, I would i have thought it'd just do The Right Thing
17:17 Guest73 joined #salt
17:17 johnkeates joined #salt
17:20 onlyanegg is there like a directory.empty state that I'm not finding?
17:23 felskrone joined #salt
17:26 hatifnatt Somebody used pcs state module to manage pacemaker?
17:26 tobstone hatifnatt: ah ok, thats a bit diffrent as i thought, how to put this in jinja?
17:29 Trauma joined #salt
17:30 nixjdm joined #salt
17:31 hatifnatt tobstone: like this https://gist.github.com/hatifnatt/20bd14b2d9c6622b4553ae22893f552d not tested
17:31 chrysanthemum joined #salt
17:32 MTecknology that... looks scary.
17:32 hatifnatt Back to pcs module, I can't find way to create clone resource in docs https://docs.saltstack.com/en/latest/ref/states/all/salt.states.pcs.html#salt.states.pcs.constraint_present
17:33 MTecknology hatifnatt: You don't need that middleman variable. {% if foo.true() %}  What happens if a kernel update makes *ALL* production machines reboot at the same time?
17:34 MTecknology If you decide it's worth the risk, I'd consider modifying that to actually log /why/ it's rebooting.
17:37 hatifnatt MTecknology: I agree that additional variable is useless, but tobstone just want an example.
17:37 MTecknology hatifnatt: ah, I probably meant to use their nick instead. I didn't actually read context.
17:38 MTecknology tobstone: ^^
17:40 kerrick joined #salt
17:43 osg joined #salt
17:49 whytewolf onlyanegg: file.directory with clean:true?
17:51 MTecknology - source: salt://empty_dir/
17:52 whytewolf file.directory doens't need a source.
17:52 whytewolf that would be file.recurse
17:52 MTecknology oh..
17:54 lordcirth_work PSA: molly-guard is a lifesaver, and I've written a quick state to configure it better if anyone's interested
17:54 noraatepernos joined #salt
17:55 MTecknology I actually dislike molly-guard
18:00 osg joined #salt
18:01 lordcirth_work MTecknology, why is that? dependence?
18:02 kerrick joined #salt
18:04 kerrick joined #salt
18:06 MTecknology lordcirth_work: personal preference; I don't like "are you sure?" prompts. Yes, I'm sure. I've shot myself in the foot enough times to have made certain I pressed enter when I wanted enter to be pressed.
18:07 lordcirth_work lol
18:07 MTecknology sharp edges means careful decisions
18:07 lordcirth_work But mollyguard isn't about "are you sure you want to reboot?" It's about "are you sure you wanted to reboot *this* machine?"
18:08 Edgan Yes are you sure prompts are also anti-automation, unless there is a command line override
18:08 lordcirth_work I only put it on container hosts or other systems where there are hard dependencies
18:08 MTecknology You still started with "are you sure"
18:08 lordcirth_work Edgan, salt totally bypasses molly-guard, it uses the python interfaces to the system, presumably
18:08 MTecknology --no-preserve-root also bugs me
18:09 Edgan lordcirth_work: I know you can, but I have never rebooted a system with salt
18:09 lordcirth_work MTecknology, that really shouldn't - there is no reason, ever, that someone would want to rm /.
18:09 MTecknology from your perspective, that may be true
18:09 lordcirth_work And if there is, well, there's a flag.
18:09 MTecknology the flag that I just mentioned?..
18:10 lordcirth_work yes
18:10 onlyanegg whytewolf: yeah, I think I could do that if I specified another empty directory - maybe that's the way to go
18:10 lordcirth_work Safety measures are only bad when they keep you from doing useful things
18:10 onlyanegg Right now I'm deleting and recreating
18:10 lordcirth_work Which is why, for example, dd being really dangerous is fine.  It's a powerful tool.
18:10 MTecknology lordcirth_work: You're arguing against what I identified as my personal preference.
18:10 * MTecknology stops now
18:10 lordcirth_work lol ok
18:18 onlyanegg oh, ok, lemme try that
18:18 sjorge joined #salt
18:19 onlyanegg cool, thx whytewolf
18:21 astronouth7303 i can't seem to figure out why the pillar system refuses to load data from a pillar_root
18:21 astronouth7303 and i'm going to feel like an idiot when i do
18:23 jimklo joined #salt
18:23 jschoolcraft joined #salt
18:25 darioleidi joined #salt
18:28 astronouth7303 ... does configuring the git ext_pillar disable pillar_roots?
18:29 edrocks joined #salt
18:30 nixjdm joined #salt
18:30 astronouth7303 i just removed my git/pillar stuff, and it suddenly started reading from my pillar root
18:30 astronouth7303 wtf?
18:31 jas02 joined #salt
18:32 DammitJim joined #salt
18:32 cyteen joined #salt
18:33 kerrick joined #salt
18:44 Shirkdog joined #salt
18:45 zmalone joined #salt
18:46 zmalone left #salt
18:47 TheBigRedButton joined #salt
18:47 TheBigRedButton joined #salt
18:49 al_ joined #salt
18:49 Twiglet joined #salt
18:49 doglike joined #salt
18:49 doglike joined #salt
18:49 rideh joined #salt
18:50 censorshipwreck joined #salt
18:53 druonysus joined #salt
18:54 druonysus_ joined #salt
18:55 iggy astronouth7303: do you have different top files in each?
18:55 astronouth7303 no, i only put a topfile in the git root. I added one to the filesystem root just so there would be one when i disabled the git root
18:56 astronouth7303 ie, i only have /srv/salt/pillar/top.sls when I disabled the git root
18:57 beardedeagle joined #salt
18:59 astronouth7303 the topfile seems to be working? the minion tries to load the data in the topfile
18:59 astronouth7303 or the master tries to render the file listed in the topfile?
19:00 astronouth7303 point is, it's trying
19:00 astronouth7303 but it either can't find the file or is refusing the file it found
19:01 xMopxShell I'm looking at parameterization of salt states/formulas: https://docs.saltstack.com/en/latest/topics/development/conventions/formulas.html#parameterization
19:01 xDamox joined #salt
19:01 xMopxShell One of the examples is passing params to states from pillar. But what if I want to use the state twice, with different params, on the same minion?
19:05 osg joined #salt
19:05 johnkeates left #salt
19:09 astronouth7303 xMopxShell: that's going to be a problem with all of them
19:09 astronouth7303 hm. Maybe I should back up and ask "I want to load pillar data from git and the file system. How do I do that?"
19:10 astronouth7303 because I thought i had to configured correctly, but I clearly don't
19:13 hashwagon joined #salt
19:14 noobiedubie joined #salt
19:14 hashwagon Hello, if a Salt minion's IP changes does the salt-minion service need to be restarted for it to connect to the master?
19:27 lordcirth_work hashwagon, good question.  Try it and see?
19:28 hashwagon I've had to restart the salt-minion service so far this morning. I wasn't sure if there was a timeout period where it would restart on it's own.
19:28 lordcirth_work hashwagon, probably not then.
19:28 lordcirth_work if it didn't retry in a few minutes it probably won't.
19:29 astronouth7303 (it might be useful to set a mine function before trying this? IDK if minions maintain TCP connections when idle)
19:29 nixjdm joined #salt
19:32 lordcirth_work Pretty sure they do, that's how the master can push to them?
19:33 astronouth7303 :shrug: i'm still trying to figure everything out.
19:34 smartalek1 joined #salt
19:34 astronouth7303 especially since i can't seem to get multiple pillar sources to cooperate -_-
19:34 oida joined #salt
19:37 dxiri joined #salt
19:38 whytewolf astronouth7303: not sure what the problem you are having is. I just tested and did not have any issues with having pillars through git_pillar and from /sr/pillar/
19:38 astronouth7303 those are my favorite kinds of errors -_-
19:39 astronouth7303 reading through the master debug log (with pillar unsafe dumping turned on)
19:40 whytewolf you have a top in  you file system pillar right? [the file system pillar isn't a part of ext_pillar so has to have a top that tells it what pillars to load per minion]
19:42 whytewolf also if you are not using /srv/pillar do you have a section in your pillar_roots: for your enviroment that has the location right?
19:43 astronouth7303 no, the topfile is (nominally) part of the ext pillar
19:43 whytewolf ...
19:43 whytewolf no
19:44 astronouth7303 and yes, i have set pillar_roots in master.d/gitfs.conf
19:44 whytewolf you need a top file for your pillar_roots
19:45 whytewolf ext_pillars are 100% seperate
19:45 whytewolf well 99%
19:45 astronouth7303 oh, they can't cross?
19:45 whytewolf yes. they don't cross
19:45 astronouth7303 ahhhhh
19:46 astronouth7303 so my git topfile refers to git pillar data, and the fs topfile refers to fs pillar data
19:47 whytewolf yes
19:47 osg left #salt
19:50 jimklo joined #salt
19:58 euidzero joined #salt
20:02 Guest73 joined #salt
20:02 snarked_ joined #salt
20:03 jimklo joined #salt
20:04 DammitJim joined #salt
20:09 ekid joined #salt
20:12 ekid just wondering, has anyone been successful using beacons/reactors on AIX?
20:12 astronouth7303 ekid: do you have reason to suspect it won't? AIX minion or master?
20:13 ekid minion
20:14 astronouth7303 i would imagine it runs just fine, since beacons are all python (possibly with helper commands), and i believe all the reactor stuff runs on the master
20:15 ekid I have been going through docs and followed, its the inotify package that I can't install using pkg.install that I think is the problem
20:15 whytewolf inotify is a linux kernel module. i doubt that one will work on aix
20:16 woodtablet joined #salt
20:17 astronouth7303 BSDs have kqueue, and there's also something called the File Alteration Monitor
20:17 * astronouth7303 doesn't know AIX other than "it's a unix, and might not have shared lineage with anything"
20:19 ekid well thank you guys for the confirmation to my fears, I will continue to work :)
20:19 whytewolf AIX has an internal event structure. a beacon or engine could be written for it
20:20 snarked joined #salt
20:21 darioleidi joined #salt
20:21 astronouth7303 so, the beacon system will work, but any beacons written for linux services won't :P
20:21 whytewolf exactly
20:21 astronouth7303 (oddly)
20:22 Noc_sv joined #salt
20:22 ekid I'm at a little bit of a disconnect because the limits of my beacon knowledge is from the salt docs
20:22 astronouth7303 ok, so you know how salt is super-modular about everything?
20:22 ekid oh yea
20:23 astronouth7303 so there's the beacon system, which is the framework that shuffles data from beacon modules running on minions to the master to be thrown on the event bus
20:24 astronouth7303 it doesn't care what the data is or how it's used
20:24 astronouth7303 and then there's specific beacon modules that actual provide the data that the beacon system shuffles around
20:26 astronouth7303 there's beacons like load and status that have pretty basic requirements, and ones like haproxy that depend on specific services, and then inotify that depends on a linux-specific subsystem
20:28 nixjdm joined #salt
20:30 mikecmpbll joined #salt
20:30 ekid That just got everything right in my head.. found the python beacon scripts
20:30 noc_sv joined #salt
20:30 astronouth7303 yeah
20:30 Guest73 joined #salt
20:30 ekid thank you astronouth7303
20:30 astronouth7303 i try!
20:30 astronouth7303 i'm learning, too
20:32 whytewolf hell, I have been using salt for years and i am still learning.
20:35 astronouth7303 at some point, i'm going to have to look into monitoring and autoscaling
20:35 astronouth7303 might involve beacons & reactors? dunno
20:36 astronouth7303 i could also run logs through beacons >.>
20:36 astronouth7303 i don't think i should run that kind of load through the salt event bus, though
20:37 lorengordon joined #salt
20:38 ekid working on monitoring and autoscaling right now actually
20:38 astronouth7303 oh? What are you doing?
20:38 astronouth7303 on a high level
20:39 toanju joined #salt
20:41 astronouth7303 (i haven't seen a lot of salt best practices or solution templates, especially in this realm, so I'm legitimately curious)
20:41 ekid security monitoring on all our systems so dumbasses won't hurt our security audits anymore. Autoscaling is a few weeks out, but working on a application that will gather info from existing lpars and replicate new lpars
20:42 astronouth7303 ah, hence the inotify beacons?
20:42 euidzero anyone here work much with the gpg renderer for protecting sensitive pillar data?
20:42 astronouth7303 you might be able to abuse the mine if aix doesn't have an equivalant to inotify
20:42 astronouth7303 euidzero: just ask
20:43 ekid the mine?
20:43 euidzero I was just wondering if people find it cumbersome to use, would especially be interested if anyone could make compare/contrast to puppet hiera-eyaml capability.
20:43 astronouth7303 https://docs.saltstack.com/en/latest/topics/mine/
20:44 astronouth7303 basically, execute a runner on a schedule and send the results to the master
20:44 astronouth7303 s/runner/execution module/
20:45 astronouth7303 the problem being that the mine is available to all minions, so it's not really secure
20:45 astronouth7303 oh, and the master caches the mine
20:45 ekid oh my, thanks for pointing that out. Will keep that in mine mind :)
20:46 ekid well thanks again for the help >.<
20:46 astronouth7303 i've asked questions much stupider than that here
20:46 astronouth7303 recently, even
20:49 astronouth7303 euidzero: i've looked at it some, and my concern has been key distribution & management (as is usually the case with gpg), but I've never used it
20:52 Guest73 joined #salt
20:55 euidzero astronouth7303 : thank you
21:06 fatal_exception joined #salt
21:13 PatrolDoom joined #salt
21:15 druonysus__ joined #salt
21:16 druonysuse joined #salt
21:16 druonysus joined #salt
21:20 druonysus joined #salt
21:20 druonysus_ joined #salt
21:23 Guest73 joined #salt
21:28 zackhsi joined #salt
21:29 zackhsi joined #salt
21:29 Brew joined #salt
21:29 nixjdm joined #salt
21:31 hemebond joined #salt
21:32 hemebond Does anyone know if you can import a file, in Jinja, from a different saltenv like you can with salt:// URLs?
21:33 astronouth7303 hemebond: for what purpose?
21:35 astronouth7303 oh, from an entirely different environment? probably not
21:36 jas02 joined #salt
21:48 cyteen joined #salt
21:53 frdy joined #salt
22:00 hemebond Yeah. I've had to work around it for now :-(
22:02 adelcast joined #salt
22:03 kerrick joined #salt
22:08 astronouth7303 there might be a way to sync it between environments, but that depends on what fileserver backends you're using
22:10 kerrick joined #salt
22:11 astronouth7303 or, you can have a separate source for the shared stuff
22:12 hojgaard joined #salt
22:14 Guest73 joined #salt
22:16 hemebond Well the shared stuff is in base, the formulas. What I'm trying to re-use are, e.g., the map.jinja files in some glue states.
22:16 hemebond Currently I have base environment added to the file_roots for the other environment.
22:16 hemebond Seems to be the only way.
22:17 gmoro joined #salt
22:18 hemebond It's not a terrible compromise.
22:21 astronouth7303 i haven't really gotten into having separate formulas for stuff yet
22:21 druonysus joined #salt
22:22 edrocks joined #salt
22:23 kerrick joined #salt
22:28 nixjdm joined #salt
22:35 jdshewey joined #salt
22:37 jdshewey Is anyone able to answer this question: https://devops.stackexchange.com/questions/1523/salt-stack-reporting-executing-commands-based-on-environment
22:38 whytewolf jdshewey: simple. you can't. the answer is the enviroments don't seperate the minions. it seperates the states. this is one of my biggest pet peeves about salt enviroments
22:38 hemebond jdshewey: Is the environment listed in the grains for the minions?
22:40 jdshewey @whytewolf: Except for pillarenv, which separates the pillars. Still, it works for pillar.get (see here: https://github.com/saltstack/salt/issues/36629) it would handy to be able to execute commands (or not) on the basis of the environment (or pillarenv)
22:40 v3x yeah... why would you use environments in such a case anyway?
22:41 hemebond ^
22:41 v3x just set a grain on the appropriate minions and use salt -G grain:value cmd.run 'command'
22:41 jdshewey @hemebond: No. I suppose I could make a custom grain, but that's not real secure since it could be tweaked by the minion.
22:41 hemebond jdshewey: But it could already be tweaked just by editing the minion config, no?
22:41 v3x surely you manage who has administrative access to your machines
22:41 whytewolf jdshewey: technically. they can tweek the enviroment setting on the minion also
22:41 hemebond Or are you specifying the environment some other way?
22:42 jdshewey No - just on the minion config. I suppose that is easy enough to turn into a grain...
22:42 v3x tbh i have never found environments to be all that useful anyway
22:42 hemebond Is there really no grain for the environment? That seems like an oversight.
22:43 v3x maybe i'm a noob or something but it's always been more straightforward to use a combination of grains and pillar
22:43 hemebond v3x: How do you handle different environments/deployments?
22:43 * whytewolf uses a seperate master per enviroment
22:43 whytewolf easier to config. more robust. and i don't have the potential of cross talk
22:43 v3x it depends on the kind of environment. if it's a dev/qa/prod thing, everything is in gitfs with branches equating to "environments" so the same state pulls and executes different data
22:44 hemebond whytewolf: How do you manage your configuration between similar environments?
22:44 jdshewey The use case here is I am installing freeipa client on my minions. Some of them don't sudo up right because of the PAM configuration, but some of them do. These same minions needed authconfig run, but I didn't really want to run them on prod straight out the gate without running them through test first.
22:44 whytewolf hemebond: I don't have similar enviroments.
22:44 jdshewey Any new minions built going forward don't really need that as part of the state steps because it will be part of the base OS image deployed.
22:45 hemebond whytewolf: Ah.
22:45 v3x you could always be super lazy and just write a bash script :P
22:45 jdshewey We do have dev on a separate master, but test and prod share infrastructure (not my idea) and so are sharing a salt master too.
22:46 whytewolf but in the case of dev/qa/prod i would still use a seperate master. and use the settings in git(fs|_pillar) to seperate out the enviroments[branches] to still be base
22:47 jdshewey ^ This is my preferred configuration. Then I load the salt states, pillar data, etc into git.
22:47 v3x yeah, we just use a lot of grains and jinja in the sls files to sort out which branches to pull from etc.
22:47 jdshewey Then promoting up is as easy as a git checkout on the master.
22:48 whytewolf jdshewey: not even a git checkout. beautiy of gitfs and git_pillar. the master does that for me i just tell it hey refresh
22:49 jdshewey I haven't been able to get that fancy yet, but I'm working that direction as I learn more about git ;)
22:49 jdshewey I think I might make it to SaltConf, so perhaps the'll be a good talk on it.
22:49 v3x i've only been using gitfs for like 6 months but once it clicked for me i went a little crazy with it since it makes everything so easy
22:50 whytewolf v3x: here is an orchestration you might enjoy https://github.com/whytewolf/salt-phase0-orch/blob/master/orch/sys/salt/update.sls
22:50 v3x still a few areas where it's annoying, like how it'll merge top files for pillar but not for states
22:51 jdshewey I'm still trying to cajole Katello/Foreman into working the way that I want.
22:51 jdshewey I've been working on a salt module for it, but haven't gotten to a formula for it yet. I'll share a link to the git for it once I get some more done with it.
22:51 N-Mi joined #salt
22:52 coredumb question: If one would be to contribute a new ext_pillar/master_tops module, where's the acceptable place to store the redundant functions? I've seen some placing stuff un salt/utils ...
22:52 whytewolf v3x: I tend to seperate my top file into it's own repo. but i also turned my state top file into a dynamic top
22:52 whytewolf coredumb: utils would be the place
22:53 coredumb whytewolf: cool
22:53 Guest73 joined #salt
22:53 v3x yeah it's just that i can't necessarily trust everyone who's working on states, which we keep in gitfs but need access to top.sls for them to auto-deploy. centralizing the top file is what we do too but it means a lot of work for someone who has to manually keep it under control.
22:53 v3x lots of people like to say "make every single minion do my very important thing"
22:54 eseyman joined #salt
22:54 v3x i am not aware of what a 'dynamic top' is
22:54 whytewolf https://github.com/whytewolf/dyn_salt_top/blob/master/top.sls
22:55 whytewolf it is a top file that is 100% dynamicly generated
22:55 whytewolf based on ppillars and grains
22:55 v3x ooh.
22:56 v3x yip that's some next level sh*t. looks like a job for weekend me
22:56 whytewolf my work flow is also a little different then most peoples. instead of doing my installs with highstate. i use orchestrate to install that install adds a grain that lets my top know hey you have things to take care of now
22:57 v3x i force myself to do my deploys/installs with highstate because it keeps things from going haywire
22:58 xDamox joined #salt
22:58 v3x i can't imagine a universe where i can't trust every machine, whether it's new or established, regardless of environment or rank, to do a highstate at any random moment
22:58 whytewolf oh i know that every highstate will run
22:59 whytewolf mainly because i can say, what systems have i installed on this system simplely by looking at a grain.
22:59 v3x yeah i'm sure yours is fine. i'm just saying for me, if i move installs out of the highstate i'll end up with a massive clusterF of impenetrable complexity because i am the least organized person i know
22:59 coredumb :D
23:00 whytewolf lol. okay. that would be reason to be concerned.
23:00 whytewolf :P
23:00 whytewolf i went with this route because it kind of gives me a catalog of software.
23:01 jdshewey This seems advantageous in that it is more event-driven than high-states.
23:03 whytewolf yeap.
23:04 darioleidi joined #salt
23:04 whytewolf i still use highstate. but it is for maintaince tasks on installed services.
23:06 coredumb I use a mix of highstate and event driven minion notification on formula change from git hooks
23:08 jeddi joined #salt
23:14 jeddi joined #salt
23:14 darioleidi joined #salt
23:17 armguy joined #salt
23:18 Edgan coredumb: what git server?
23:19 coredumb own one running on gitea
23:36 druonysus joined #salt
23:36 druonysus_ joined #salt
23:40 Laserwhit joined #salt
23:47 MTecknology For the most part, any events just handle what servers will re-highstate sooner than otherwise scheduled.
23:57 Laserwhit Hello, I'm having a strange issue with beacons.
23:57 hatifnatt Is there any way to specify dependencies between included sls? Or placing them in desired order under include is a single option?
23:58 whytewolf include has nothing to do with order.
23:58 hemebond hatifnatt: extend
23:58 Laserwhit When I run: salt <minion name> beacons.list  --  I get Module 'beacons' is not available.  I'm running version 2015.5.10.
23:59 whytewolf Laserwhit: New in version 2015.8.0.
23:59 whytewolf https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.beacons.html#module-salt.modules.beacons

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary