Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2017-08-09

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:01 Ni3mm4nd joined #salt
00:05 Twiglet joined #salt
00:06 systeem joined #salt
00:15 k1412 joined #salt
00:21 k1412 joined #salt
00:26 chris__ joined #salt
00:39 johnkeates joined #salt
00:40 N-Mi joined #salt
00:40 N-Mi joined #salt
00:48 kwork joined #salt
00:58 cgiroua joined #salt
00:58 Sarph joined #salt
00:59 KevinAn2757 joined #salt
00:59 DoomPatrol joined #salt
00:59 beebeeep joined #salt
00:59 leonkatz joined #salt
01:00 upb joined #salt
01:15 noraatepernos joined #salt
01:29 cyteen joined #salt
01:33 xet7 joined #salt
01:51 ilbot3 joined #salt
01:51 Topic for #salt is now Welcome to #salt! <+> Latest Versions: 2016.11.6, 2017.7.0 <+> Support: https://www.saltstack.com/support/ <+> Logs: http://irclog.perlgeek.de/salt/ <+> Paste: https://gist.github.com/ <+> See also: #salt-devel, #salt-offtopic <+> We are volunteers and may not have immediate answers <+> The call for speakers for SaltConf17 is now open: http://tinyurl.com/SaltConf17
01:59 systeem joined #salt
02:01 Twiglet joined #salt
02:02 honestly can and use salt to change it after the fact.
02:03 honestly ...wut
02:03 honestly oops.
02:03 honestly does anybody here have ubuntu 16.04 (with python 2.7.12) *and* 17.04 (with python 2.7.13) around to help me test a bug repro? I think I found a bug that only happen on minions running python 2.7.12, just want someone to double-check that for me
02:03 Ni3mm4nd joined #salt
02:21 zerocool_ joined #salt
02:21 zerocool_ joined #salt
02:32 vexati0n does anyone use salt-cloud with proxmox? I keep getting 'connection refused'
02:38 vexati0n ...and nevermind, i figured it out ... helps to use the right IP.
02:44 vexati0n ugh i wish these salt-cloud modules were more thoroughly documented.
02:47 Ni3mm4nd joined #salt
02:55 gnomethrower joined #salt
02:58 czchen joined #salt
03:01 evle joined #salt
03:14 donmichelangelo joined #salt
03:15 vexati0n like... if i'm cloning a machine, why is it necessary to specify the image
03:15 vexati0n makes no sense. obviously you get the 'image' from the machine that's being cloned, right?
04:01 jrklein joined #salt
04:28 jfindlay joined #salt
04:30 jfindlay left #salt
04:30 jfindlay joined #salt
04:31 jfindlay left #salt
04:32 Guest73 joined #salt
04:43 fritz09 joined #salt
04:49 Guest73 joined #salt
04:55 lkolstad joined #salt
04:57 mbuf joined #salt
05:00 pualj joined #salt
05:02 LeProvokateur joined #salt
05:05 justan0theruser joined #salt
05:06 justan0theruser joined #salt
05:20 Bock joined #salt
05:26 sh123124213 joined #salt
05:39 lkolstad joined #salt
05:44 felskrone joined #salt
05:53 oida_ joined #salt
06:00 cyborg-one joined #salt
06:06 do3meli joined #salt
06:07 do3meli left #salt
06:07 hoonetorg joined #salt
06:15 darioleidi joined #salt
06:28 LeProvokateur joined #salt
06:32 Ricardo1000 joined #salt
06:41 rgrundstrom Good morning everyone :)
06:41 beardedeagle joined #salt
06:47 frdm joined #salt
06:48 Guest73 joined #salt
06:52 rgrundstrom I was hoping to get something like this working: {%-if cmd.run: '/usr/sbin/getenforce' = 'Enforcing'%} Anyone that can help me out?
06:56 ccha rgrundstrom, there is a state/module for that
06:57 ccha https://docs.saltstack.com/en/latest/ref/states/all/salt.states.selinux.html#salt.states.selinux.mode
06:58 ccha https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.selinux.html#salt.modules.selinux.setenforce
07:00 rgrundstrom ccha: You are thinking selinux module... Yes i know... Reason i want to do this is that our servers cant reboot. So I want to check the status and then do "setenforce 0" if neccesary.
07:00 rgrundstrom Im using selinux mode in this code as well
07:01 ccha what you know is the return of getenforce ?
07:02 chowmeined joined #salt
07:03 cyteen joined #salt
07:05 jhauser joined #salt
07:05 rgrundstrom Yes.
07:06 ccha {% if salt['selinux.getenforce'] == 'Enforcing' %} something like that
07:06 Hybrid joined #salt
07:06 usernkey joined #salt
07:07 ccha but the module or state do the check
07:08 rgrundstrom How?
07:15 XenophonF joined #salt
07:16 _KaszpiR_ joined #salt
07:17 high_fiver joined #salt
07:21 zulutango joined #salt
07:24 rgrundstrom Nevermind.
07:24 rgrundstrom Its solved.
07:27 N-Mi joined #salt
07:27 N-Mi joined #salt
07:35 _KaszpiR_ joined #salt
07:43 N-Mi_ joined #salt
08:03 mike25de joined #salt
08:03 * mike25de mornin' all
08:07 jhauser joined #salt
08:09 vtolstov joined #salt
08:10 vtolstov hi! i'm newbie with salt. i'm configure master for ext_pillar: - stack
08:11 vtolstov and provide 3 environments
08:11 vtolstov via pillar:environment
08:11 aboe[m] vtolstov: yes
08:11 vtolstov how can i set environment ?
08:11 vtolstov becuase as i see simple packages array not merged
08:12 vtolstov my state file contains pkg.installed: {{ salt['pillar.get']('packages', []) }}
08:13 vtolstov and in /srv/salt/sdstack/config.cfg i'm specify common/*.yml
08:13 vtolstov in common/packages.yml i have packages: [ vim, mc ]
08:15 aboe[m] vtolstov: what does salt-call pillar.item package result in?
08:17 vtolstov nothing , package is empty
08:17 vtolstov does i need ext_pillar on master or on minion config ?
08:18 aboe[m] vtolstov: only in master config did you restart the master after the change
08:18 vtolstov aboe[m]: yes i'm restart master
08:19 vtolstov in master debug logs nothing interestings. may be only: Could not LazyLoad config.merge: 'config.merge' is not available.
08:22 simonuk1 joined #salt
08:24 pbandark joined #salt
08:26 vtolstov salt-call pillar.items nothing returns =(
08:26 vtolstov i think that it need to return pillar items...
08:26 aboe[m] if you run salt-master -l debug (foreground) it should show you someting like pillar stack data AML: basedir=/srv/stack, path=/
08:26 babilen vtolstov: Which version of salt are you using? (salt --versions-report)
08:27 vtolstov Salt: 2016.11.3
08:27 pbandark joined #salt
08:29 Mattch joined #salt
08:30 vtolstov aboe[m]: i don't see this lines
08:30 aboe[m] so salt master doesn't load the pillar stack ?
08:31 babilen vtolstov: Could you paste your config?
08:31 vtolstov LazyLoaded stack.ext_pillar
08:31 vtolstov so i think that it loads it?
08:32 aboe[m] and the next line: Config: /srv/salt/stack/stack.cfg
08:33 vtolstov no next line LazyLoaded localfs.store
08:34 vtolstov does path /srv/salt/stack/stack.cfg hardcoded? in my case i have https://gist.github.com/vtolstov/14738fabd1adc306c3e849eda644e984
08:36 aboe[m] vtolstov: ok so do you have pillarenv variable set in the minion? see https://docs.saltstack.com/en/latest/topics/pillar/#how-pillar-environments-are-handled
08:39 mbuf left #salt
08:41 vtolstov i don't see any differences
08:41 vtolstov also in master log i see : 545 [salt.template    ][ERROR   ][11389] Template does not exist:
08:43 aboe[m] with your config each minion should have a pillar:environment set, in order to trigger the stack config file to load.
08:46 aboe[m] vtolstov: so pillarenv: sdstack didn't work in the minion config
08:48 N-Mi_ joined #salt
08:48 vtolstov joined #salt
08:48 vtolstov sorry =(
08:48 vtolstov 545 [salt.template    ][ERROR   ][11389] Template does not exist:
08:48 vtolstov last message that i sended and nothing recieved =(
08:49 vtolstov also i'm pass saltenv and pillarenv to salt command and thinks that the env overrided
08:50 aboe[m] you could test with salt-call pillar.items pillarenv=sdstack to see what the master compiles
08:52 kshlm joined #salt
08:52 nledez joined #salt
08:59 vtolstov joined #salt
09:00 vtolstov And reconnecting again
09:00 vtolstov Sorry
09:00 vtolstov How can I get history?
09:04 aboe[m] vtolstov: you could test with salt-call pillar.items pillarenv=sdstack to see what the master compiles
09:06 mike25de guys... can i run a state depending on a value of a pillar variable (or jinja) ?
09:06 mike25de or can i get the Result of a state in a jinja variable?
09:07 vtolstov I'm try it already.nothing changed
09:10 aboe[m] vtolstov: can you show me the file layout ? $ tree /path/to/stack/
09:11 vtolstov ls /srv/salt/
09:11 vtolstov clodo  extmods  infra  sdstack  simple
09:12 vtolstov ls /srv/salt/sdstack/
09:12 vtolstov common  config.cfg  nodes  roles  states
09:12 vtolstov [root@sdstack ~]#
09:12 vtolstov Sorry I don't have tree command
09:12 hammer065 joined #salt
09:13 aboe[m] I see the issue copy the common dir into  /srv/salt/sdstack/common/
09:13 hammer065 Hello, is there a way to conditionally execute a function on a minion?
09:13 aboe[m] the dir's in config.cfg should be relative to the file
09:14 hammer065 Like "salt '*' if system.foo then system.bar"
09:14 vtolstov cat /srv/salt/sdstack/config.cfg . common/*.yml
09:14 vtolstov nodes/{{ minion_id.replace('.','_') }}.yml
09:15 vtolstov So I have dirs relative to config.cfg
09:17 aboe[m] vtolstov: yes, so it should have /srv/salt/sdstack/common/*.yml
09:18 Naresh joined #salt
09:19 aboe[m] vtolstov: if that doesn't work something with the pillar environment isn't right. you could test it without that? make it simpler...
09:19 vtolstov Hm I need full path?
09:19 aboe[m] not in the config.cfg
09:22 hammer065 Or is there no way to do this?
09:22 k1412 Hello everyone, I try to grab the interface of a salt minion so I try with grains.get('ip_interfaces')[0] but it look it not work like I want
09:22 aboe[m] vtolstov: https://gist.github.com/aboe76/142c9ec05b26e3e4b78b7748c5180f69#file-config-cfg
09:23 vtolstov I'm already have such contents
09:26 _KaszpiR_ joined #salt
09:30 babilen haYoud would normally serve that with targeting
09:31 iggy joined #salt
09:31 Sacro joined #salt
09:31 jrklein joined #salt
09:31 hoolio joined #salt
09:31 egilh joined #salt
09:31 gareth_ joined #salt
09:31 izrail joined #salt
09:31 skidder joined #salt
09:31 mage_ joined #salt
09:31 the_lalelu joined #salt
09:31 meca joined #salt
09:31 Ahlee joined #salt
09:31 dober joined #salt
09:31 dober joined #salt
09:31 aboe[m] ok so the only issue, is pillar:environment stuff in ext_pillar then..
09:31 rawzone joined #salt
09:31 basepi joined #salt
09:31 gnord joined #salt
09:31 hoonetorg joined #salt
09:31 xer0x joined #salt
09:31 Puckel_ joined #salt
09:31 robawt joined #salt
09:31 stankmack joined #salt
09:31 pcn joined #salt
09:31 Nazca joined #salt
09:32 ahammond joined #salt
09:32 mk-fg joined #salt
09:32 mk-fg joined #salt
09:33 babilen hammer065: ^ -- which attribute are you basing your conditional on?
09:33 justan0theruser joined #salt
09:33 evle joined #salt
09:33 inire joined #salt
09:36 tyler-baker joined #salt
09:37 skidder joined #salt
09:39 vtolstov If I need to merge some attributes based on env and I don't want to have different minion configs. What can I use for this?
09:41 Rowern joined #salt
09:46 hojgaard joined #salt
10:00 kiorky joined #salt
10:05 pbandark1 joined #salt
10:06 hammer065 babilen What do you mean?
10:08 babilen hammer065: Are you basing your decision on the value of a grain, pillar or something else?
10:09 hammer065 On the return (code) of the previous module
10:09 babilen Previous module?
10:09 hammer065 So I have several machines
10:09 mike25de babilen: hi mate. Is there a way to get the output/result/changes of a state into a jinja variable?  like for example the file.exists result into a {% set myFileExists = ...?  %}
10:09 babilen no
10:09 mike25de thanks :P
10:09 hammer065 And if system.foo returns true, I want that machine to also execute system.bar
10:10 babilen You can run execution functions and save the return value of those
10:10 babilen hammer065: What is system.foo ?
10:10 mike25de babilen: i didn't know about that... let me ... google it a bit.
10:10 hammer065 system.foo is an example, take it as a wildcard for any module
10:11 babilen mike25de: You can run https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.file.html#salt.modules.file.file_exists and save that in a variable
10:12 babilen hammer065: So you are referring to calling an execution module function?
10:12 hammer065 Yeah
10:13 mike25de babilen: smth like {%  set fileExists = salt['file.file_exists', '/etc/passwd'] %}  ?
10:13 babilen hammer065: I see two basic approaches: 1. "Export" the return value of that execution module function call as a custom grain and target based on that grain or 2. Write a SLS that calls the function and executes another one based on the return value
10:13 babilen mike25de: Not sure about the exact semantics (check what you get back), but that's the general idea. What are you trying to do?
10:13 hammer065 babilen How do I "export" this?
10:13 sarlalia1 joined #salt
10:13 babilen hammer065: By writing a custom grain
10:14 babilen hammer065: What exactly are you trying to achieve?
10:14 hammer065 Many things with this problem
10:14 hammer065 But for example
10:15 mike25de thanks babilen - awesome as always
10:15 hammer065 if system.get_pending_domain_join returns True
10:15 hammer065 I want to execute system.reboot 0
10:16 babilen hammer065: Okay, in that case I'd personally write a "actions.reboot_pending_domain_joins" (or somesuch) state that tests *iff* it is pending and then executes the reboot action
10:18 babilen The idea with the custom grain would essentially call system.get_pending_domain_join and would allow you to run "salt "G@pending_domain_join:True" system.reboot"
10:19 babilen The difference is essentially that the first would run on all minions, whereas the latter would only run on those that do require a reboot. Obviously you could combine those approaches.
10:19 babilen Are all other attributes you need also from win_system ?
10:20 babilen so win_system.get_* ?
10:20 mike25de babilen: it works ! thanks buddy
10:20 babilen \o/
10:21 hammer065 babilen From what I have planned yeah, but colleagues might have ideas for other module packs
10:21 Mogget joined #salt
10:25 babilen hammer065: Okay - A decent idea would be to write a "win_system" custom grain in which you call all those win_system.get_* execution functions and return their value. That allows for easy access via G@/P@ in targeting or via salt.grains.get in SLSs
10:26 babilen See https://docs.saltstack.com/en/latest/topics/grains/#writing-grains and https://docs.saltstack.com/en/latest/topics/targeting/compound.html for information
10:26 babilen Rinse and repeat for colleagues
10:29 babilen If they change often, ensure that they are up to date by invalidating caches (https://docs.saltstack.com/en/latest/ref/runners/all/salt.runners.cache.html) / Updating grains https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.saltutil.html#salt.modules.saltutil.refresh_grains
10:32 o1e9 joined #salt
10:35 smartalek joined #salt
10:45 kiorky joined #salt
10:55 carlpett joined #salt
10:55 balcha joined #salt
10:56 alexlist joined #salt
10:58 mikecmpbll joined #salt
11:01 kukacz joined #salt
11:01 hammer065 Well for some example my grains are not being displayed
11:02 alexlist joined #salt
11:03 kiorky joined #salt
11:03 alexlist joined #salt
11:03 carlpett Hi, I have a question about building a distributable virtualenv. According to the docs (https://docs.saltstack.com/en/latest/topics/development/hacking.html#additional-options), I should run "MIMIC_SALT_INSTALL=1 pip install --global-option='--salt-root-dir=/salt/' -e /salt-repo/"
11:04 carlpett However, the virtualenv does not contain the salt files after this
11:04 carlpett I also (sometimes?) get errors about --salt-root-dir not being recognized
11:04 carlpett The docs on this do seem to be pretty old, though, around 2yrs
11:13 carlpett My goal is to be able to take this virtualenv and run it outside the machine where it was built
11:13 carlpett So symlinks are not good enough
11:17 XenophonF hammer065: if you need an example of a custom grain for windows, I wrote this a while back to detect Server Core installs of Windows - https://github.com/irtnog/active-directory-formula/blob/master/_grains/windows_installation_type.py
11:21 babilen hammer065: That sounds as if more detailed information is necessary
11:21 hammer065 babilen Never mind, starting the minion showed that I messed up the python ^
11:21 hammer065 *^^
11:29 honestly am I blind, or is there no way to run a state only if another state had *no* changes?
11:33 ahrs joined #salt
11:38 hammer065 Aaaaand I broke salt stack ¯\_(?)_/¯
11:39 zerocool_ joined #salt
11:42 hammer065 Which makes sense
11:43 hammer065 If I am trying to call a function I should call it instead of just passing the function itself as a grain
11:46 hammer065 Is there a way to get __salt__ in the grains context?
11:54 _KaszpiR_ joined #salt
11:56 Inveracity joined #salt
12:14 jhauser joined #salt
12:23 numkem joined #salt
12:25 mavhq joined #salt
12:28 DanyC joined #salt
12:34 vtolstov joined #salt
12:37 babilen hammer065: You'd have to port the code
12:38 babilen __grains__ are available to execution modules, so modules come *after* grains
12:38 hammer065 Yeah noticed that
12:39 babilen https://docs.saltstack.com/en/latest/topics/development/dunder_dictionaries.html
12:39 hammer065 Since one module depended on __salt__ I ended up creating an __salt__ object in the __builtin__ variable
12:40 babilen __salt__ and other dunder dicts are monkey patched, so you can typically initialise them to None in the module scope if you like
12:41 hammer065 Yeah but the problem is that python has no concept of "superglobals"
12:41 hammer065 Means anything I'm initializing in my file wont affect the win_system module
12:41 hammer065 for ex
12:43 babilen Yeah, you'd have to port the code from win_system
12:45 ssplatt joined #salt
12:45 babilen Ah, it's a rather complicated module
12:59 smartalek joined #salt
13:11 tiwula joined #salt
13:14 cablekevin joined #salt
13:15 systeem joined #salt
13:15 Twiglet joined #salt
13:16 hammer065 Well now Globbing doesnt work
13:16 hammer065 *grains
13:17 hammer065 For ex: When I call grains.items, win_system:pending_domain_join is True
13:18 hammer065 But when I run salt -G "win_system:pending_domain_join:True" test.true no minion returns
13:19 hammer065 However if I run salt -G "win_system:pending_domain_join:False" test.true, then the minions respond
13:23 babilen Could you paste the output for a minion that returns True and also responds to the second command?
13:23 hammer065 salt -G "win_system:pending_domain_join:False" grains.get win_system
13:23 hammer065 pc-abcxyz:
13:23 hammer065 ----------
13:23 hammer065 pending_domain_join:
13:23 hammer065 True
13:23 hammer065 babilen Was about to do that
13:25 _aeris_ joined #salt
13:26 babilen You sure you can nest grains like that?
13:27 babilen But I'm afk for the time being, I don't see what's wrong right away
13:28 hammer065 babilen of course you can
13:28 racooper joined #salt
13:29 hammer065 Additionally, globs can be used in grain matches, and grains that are nested in a dictionary can be matched by adding a colon for each level that is traversed. For example, the following will match hosts that have a grain called ec2_tags, which itself is a dict with a key named environment, which has a value that contains the word production:
13:29 hammer065 salt -G 'ec2_tags:environment:*production*'
13:29 hammer065 From the man page
13:30 _aeris_ joined #salt
13:32 patrek_ joined #salt
13:41 babilen I can't reproduce that
13:42 vtolstov joined #salt
13:42 vtolstov hi again, i'm debug ext_pillar stack and found root case
13:42 vtolstov salt does not pass to ext_pillar function pillar arg
13:43 vtolstov in my case it always empy
13:43 beardedeagle joined #salt
13:49 cgiroua joined #salt
13:54 _KaszpiR_ joined #salt
13:55 hammer065 babilen Do you have windows clients?
13:56 babilen Hell no
13:57 winsalt joined #salt
13:58 hammer065 Ok
13:58 mavhq joined #salt
13:58 hammer065 But my file looks correct, does it?
13:59 babilen Which file?
13:59 hammer065 https://hammer065.de/win_system.py
13:59 hammer065 This one
14:00 babilen Hard to tell without looking closely :)
14:00 babilen Ah, do you turn "True" into strings?
14:01 hammer065 Actually, no
14:01 hammer065 I''ll try that
14:01 hammer065 wait...
14:01 babilen Ah, spotted that in the log call
14:02 babilen Not sure, but the output you pasted above doesn't make sense and I can't reproduce it with any of the truthy custom grains we have
14:02 hammer065 Yeah, that was it
14:02 hammer065 babilen It didnt make sense to me either
14:02 GMAzrael Question all: Trying to use file.line to ensure SSH Protocol Version lists as 2. It's telling me it needs a before or after. Any thoughts on that?
14:03 babilen Wait, what did you change (if anything) and what's the behaviour now?
14:03 hammer065 But apparently the string "False" matches to boolean "True" and string "True" doesnt
14:03 hammer065 Wait...
14:03 babilen GMAzrael: .oO( Don't use file.line )
14:03 GMAzrael babilen: suggested alternative?
14:03 hammer065 The current behaviour is as expected
14:03 hammer065 True matches to True and False matches to False
14:04 ssplatt GMAzrael: you need to specify WHERE in teh doc it should be. so the line before and the line after the line you want to ensure
14:04 ssplatt or, do file.managed.
14:04 babilen hammer065: So you changed nothing and it behaves as you expect in that "True" ones are targeted by :True and "False" ones by :False ?
14:04 ssplatt and manage the whole file.
14:04 hammer065 babilen Of course I changed something
14:04 babilen GMAzrael: file.replace, file.manage (whole file) or file.append
14:04 mikecmpb_ joined #salt
14:04 babilen hammer065: Right, what did you change?
14:05 hammer065 Now I am converting everything to a string
14:05 babilen And that solves this?
14:06 noobiedubie joined #salt
14:06 babilen I wonder why, we have truthy custom grains and they work without being stringified ..
14:12 patrek joined #salt
14:13 hammer065 ¯\_(?)_/¯
14:22 XenophonF GMAzrael: manage the entire config file
14:23 XenophonF I wrote a better formula for openssh - https://github.com/irtnog/openssh-formula
14:23 XenophonF it implements "Secure Secure Shell" by default if that's what you're going for
14:24 zerocool_ joined #salt
14:25 babilen XenophonF: How is it better and why did you not integrate those changes into https://github.com/saltstack-formulas/openssh-formula ?
14:28 mikecmpbll joined #salt
14:36 mike25de guys where can i find some more documentation about the jinja map files ( os_family_map = salt['grains.filter_by'] ) and maybe where this is also explained:  {% do default_settings.openssh.update(os_family_map) %}  thanks
14:37 babilen That's just the normal .update() from Python
14:37 mike25de ah ok, so i have to look at the py stuff - newbie with py :P
14:37 mike25de are there salt confs in Europe?! or only in USA? ... is a bit hard to get to usa for a salt conf...
14:38 babilen And you might want to read https://docs.saltstack.com/en/latest/topics/development/conventions/formulas.html
14:39 babilen mike25de: I think they only have conferences in Utah at the moment ..
14:39 babilen Pity though
14:39 babilen Salzburg would be a good place ;)
14:39 sarcasticadmin joined #salt
14:39 mike25de babilen: thanks again buddy.. good tutorial!
14:40 mike25de babilen: are you there? in Salzburg?
14:40 babilen No, I'm based in Scotland at the moment
14:40 darioleidi joined #salt
14:41 mike25de :) it would have been funny... i was just thinking last days to take a visit to Salzburg :P
14:41 mike25de i could have offered you those 20 beers for helping out :)
14:42 XenophonF babilen: my formula is written in a completely different style
14:42 XenophonF compared to saltstack-formulas/openssh-formula, it is much more narrowly scoped
14:42 XenophonF it just configures sshd and the ssh client defaults
14:42 XenophonF i wrote it assuming that if one wanted to managed individual account settings, they'd be using users-formula
14:43 XenophonF things aren't broken out the same way, either - mine's simpler IMO
14:46 XenophonF I've noticed that a lot of the saltstack-formulas like to decompose things into lots of little SLSes
14:46 * XenophonF shrugs
14:51 XenophonF compare for example https://github.com/saltstack-formulas/openssh-formula/blob/master/openssh/files/ssh_config to https://github.com/irtnog/openssh-formula/blob/master/ssh/files/ssh_config
14:52 cyteen joined #salt
14:54 pualj joined #salt
14:57 preludedrew joined #salt
14:57 XenophonF I don't like mixing defaults with templates, which is part of the reason why my file templates are shorter.
14:58 XenophonF my defaults.yaml files are a lot larger
14:58 mike25de XenophonF: i saw that the default file is waaaay bigger :)
14:58 XenophonF it's a separation-of-concerns thing
14:58 DammitJim joined #salt
14:59 mike25de i see your point and i understand it totally :)
14:59 mike25de to tell you the truth i am a bit confused about the recommended salt formulas... but i haven't used them.. so i can not really have an opinion on it... but still yours seems a bit easier to visually inspect
15:05 lordcirth_work mike25de, IMHO a lot of the "official" formulas are overcomplicated due to covering all possible use cases, and thereby they automate nothing
15:06 darioleidi joined #salt
15:06 mike25de lordcirth_work: LOOL that seems to be what i see as well. True.. they cover all Os-es etc, but in a normal world... 1-2 os are used (we try to use only 1)
15:07 evle1 joined #salt
15:07 lordcirth_work mike25de, we are still moving to Salt, so I've made a rule of only adding Ubuntu 16.04 as minions, it's great.  By the time 18.04 is out we'll be better settled and ready for it.
15:08 mike25de not bad! we use rhel but keeping one OS is a huge win.... less headaches with inconsistencies
15:09 mike25de lordcirth_work: use the LTS version ... i presume you do that :P
15:09 EvaSDK formulas help a lot when you have no choice but to have multiple OSes :)
15:10 mike25de EvaSDK: indeed i see the huge advantage with that ... and an official way of writing your states.
15:10 EvaSDK well, it does not make everything practical
15:10 EvaSDK so much data to put into pillars
15:11 mike25de yeah or jinja maps
15:11 XenophonF I like putting data in to Pillar.
15:11 EvaSDK but it does help to some extent :)
15:11 XenophonF And I like covering as many different operating systems as possible.
15:11 mike25de for one project i used mysql pillars and it was quite  good - easier to maintain... even with an XLS file - reimported into mysql
15:12 XenophonF I think many of the official formulas were written a while ago and need refactoring to take advantage of modern practice.
15:12 mike25de pillar are one of the best things in salt
15:12 XenophonF a lot of them still reference "lookup" pillar keys, for example.
15:12 mike25de XenophonF: now my questrion is... what is the new ... practice?
15:12 mike25de YEAH exactly .. i get confused with the lookup
15:13 XenophonF has it been codified? i tend to follow the defaults.yaml/map.jinja pattern
15:13 mike25de should we not use it anymore?! :)
15:13 XenophonF which i picked up from other people
15:13 mike25de XenophonF: thanks for the tips
15:13 XenophonF you'll find newer formulas written in that style, and older formulas being slowly modified to adopt it
15:13 mike25de i will dig into your ssh state.. to understand it better tomorrow
15:13 XenophonF i'll also note that lots of people use the official formulas, so they're constrained a little by backwards compatibility
15:14 mike25de XenophonF: great - thanks for enlightening me
15:14 XenophonF i'm pretty sure i'd scream bloody murder if someone broke backcompat in salt-formula or users-formula!!
15:14 mike25de ah right ... i have all the stuff locally anyway...
15:14 mike25de so they can brake it :P i have my own copy/implementation... trimmed etc
15:15 mike25de but you are right
15:15 mike25de maybe a v2 has to be realeased for formulas..
15:15 XenophonF sure but unless you code-review every commit before pulling/merging...
15:15 mike25de yep
15:15 XenophonF what i've seen are '.ng' SLS IDs, e.g., ntp.ng in ntp-formula
15:16 mike25de that's new to me... .ng
15:16 XenophonF think star trek: the Next Generation ;)
15:16 darioleidi joined #salt
15:17 babilen Some of the .ng formulas are horrible
15:17 XenophonF true that
15:17 babilen Others not so much
15:17 cyborg-one joined #salt
15:17 babilen In the end it would be nice if we had something along the lines of ansible galaxy
15:17 XenophonF YES!
15:18 babilen But that might also cause the same splintering of "this is my formula" "and this is mine" "and here's another, that changes one value"
15:18 XenophonF also true
15:18 ECDHE_RSA_AES256 joined #salt
15:18 * mike25de face-palm
15:19 onlyanegg joined #salt
15:25 mike25de XenophonF: the ntp-ng ... doesn't look too bad
15:25 mike25de i still have some missing knowledge about map.get and lookup joining etc, but seems usable :)
15:26 Ahlee joined #salt
15:26 babilen mike25de: The worst bit about .update() is that, much like Python's .update(), you can't recursively join/merge datastructures as in other programming languages
15:27 mike25de ah right, good to know
15:27 babilen Which essentially renders that approach unusable for anything complicated and we end up with horrors such as https://github.com/saltstack-formulas/salt-formula/blob/master/salt/map.jinja#L4-L32
15:28 mike25de so ... we should use update? or lookup... ?
15:28 babilen I believe that https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.defaults.html#salt.modules.defaults.merge is not used there for reasons of backwards compatibility
15:28 mike25de holy crap... that was a big... macro :) lost me completely
15:29 babilen mike25de: Ah, "lookup" is nothing special in and of itself. It is/should be used in formulas to override elements in the os_family map which contains settings that are specific to certain platforms (e.g. package names, configuration file locations)
15:29 mike25de right ... that's what i managed to understand. :)
15:30 mike25de the os_family merging...
15:30 _JZ_ joined #salt
15:30 babilen So you have 1. defaults.yml (contains the default settings for everything) 2. os_family map (settings that are different from the defaults on certain platforms, overridable with foo:lookup:bar) 3. User defined pillar (for settings users would genuinely want to set normally)
15:31 mike25de but 2 is overwriting 3?
15:31 mike25de or 3 is the last one in the chain?
15:31 babilen And then in state SLS you simply reference a single datastructure (foo_settings or so) that is the result of merging the three together
15:31 babilen Where 2. overrides 1. and 3. overrides 2.
15:32 babilen (and 1.)
15:32 mike25de so 3>2>1 cool
15:32 mike25de that was confusing for me
15:32 mike25de i had the impression that map overrides also the user defined pillar data
15:32 mike25de great :P
15:33 babilen That's the basic idea .. if Python had a proper merge/update function for nested datastructure like https://clojuredocs.org/clojure.core/merge-with
15:33 babilen it wouldn't need that horror
15:33 babilen In the end we should probably implement the .update() with defaults.merge in new code
15:34 mike25de maybe it makes sense :)
15:34 babilen Please note that this is the ideal, what users actually implement might differ from that .. there is a bunch of code around where user conflate the foo:lookup bits (for settings in os_family_map) with user pillars
15:35 mike25de i think ... i did the same...
15:35 mike25de :D
15:35 Brew joined #salt
15:35 mike25de i have to take a better look at a decent formula... to see how i should do it :)
15:35 babilen The underlying theory is to have a single place for default values (defaults.yml, for everything), a single place for platform specific settings (os_family map) and a single place and a single place for user settings (pillar)
15:36 mike25de right - i tried to have that.
15:36 mike25de more or less i think i have it
15:36 babilen All of which are merged into the same k/v datastructure that is importable into SLSs
15:36 honestly that theory is certainly a lot better than ansible's >_>
15:36 mike25de :) i used ansible only  a bit
15:37 mike25de just like a ... better bash scripting tool :D
15:37 babilen The bit that is missing in most formulas is 1. Proper recursive merging (defaults.merge is pretty recent and not well known) and 2. Consistency
15:37 mike25de i prefer salt
15:37 mike25de yeah consistency i agree :)
15:37 mike25de having that would be easier ... to understand everything
15:39 pdayton joined #salt
15:39 babilen I'd love to have a proper "core formula" team that actually works on this .. we could do amazing shit by allowing inter-formula dependencies and for formulas to also include settings for monitoring, graphing, testinfra, ...
15:40 mike25de interesting... one of the things i am looking at is to create ... a formula for monitoring... deploying sensu checks etc.
15:40 beardedeagle joined #salt
15:40 babilen "I configured a webserver and would like to inform you that you also have a graphana dashboard on foo-minion for this service, foo checks on bar-minion and ..."
15:40 mike25de next would be grafana ..  :) and influxDB
15:40 babilen Do you use much influxdb?
15:41 babilen I gave up on it as they still haven't implemented histogram() and I can't live without it .. am mostly using prometheus now and am quite happy
15:41 mike25de i am still testing it... one of my friedns... told me also to move away from iut
15:41 mike25de it
15:41 babilen Also the 0.8 ? 0.9 and following "change" was a bit much
15:45 mike25de right - good to know :)
15:45 ahrs joined #salt
15:45 mike25de so you are happy with prometheus ? :) ... next version is alien covenant :P
15:46 babilen I am, what have you been eyeing/recommended as alternative?
15:47 babilen InfluxDB is also a bit too corporatey "open-core" for my liking
15:47 mike25de one sec.. let me .. think :)
15:48 beardedeagle statsd|telegraf -> prometheus -> grafana
15:48 tru_tru joined #salt
15:48 beardedeagle much goodness
15:49 bildz you guys must be using your own hosted infrastructure
15:49 beardedeagle but we recently landed a ELK EC on premise so we are transitioning to straight beats -> LS -> ES -> kibana
15:49 mike25de i think it was KairosDB babilen
15:50 _KaszpiR_ joined #salt
15:50 mike25de bildz: aws and DigitalOcean - what i use
15:50 babilen Meow
15:50 bildz mike25de: datadog + sumo
15:50 bildz mike25de: in aws
15:50 mike25de bildz: i have to take a look  :) thanks
15:50 babilen So, end of work .. see you guys later :)
15:50 mike25de all the best!
15:51 bildz this is my first "all cloud" position
15:51 bildz i do NOT miss supporting hardware
15:54 bildz yes
15:54 rikmen joined #salt
15:54 rikmen left #salt
15:55 mike25de :) bildz probably noone misses the HW failures and waking up at 3am due to an sms :)
15:55 bildz or maintenances to upgrade firmware
15:55 mike25de one more reason... for AWS to be ... huge
15:55 mike25de ah yeah firmware... pff... a pain
15:56 bildz i want to start messing around with google cloud
15:56 * whytewolf looks at the hardware he maintains. so that others can build things in a cloud. ...
15:56 mike25de bildz: i wanted to start with azure :P
15:56 bildz whytewolf: openstack?
15:56 whytewolf bildz: yes
15:56 mike25de whytewolf: well.. my hat is off to you
15:57 bildz yeah i came from a place where we built a massive openstack cloud using juju on Ubuntu 16.04
15:57 whytewolf eww
15:57 bildz and iscsi, which isnt even supported
15:57 whytewolf JuJu
15:57 mike25de haha :)
15:57 bildz whytewolf: let me guess, redhat?
15:57 whytewolf actually I have built openstack on both ubuntu and redhat
15:57 whytewolf both using salt :P
15:58 bildz nice!
15:58 bildz with salt-cloud?
15:58 whytewolf well, that was what i used once it was built ...
15:58 bildz yeah...
15:58 whytewolf but to build it still needed to use the main part of salt
15:59 bildz whytewolf: i could see you holding all the configs and using jinja for env
15:59 bildz i never liked having to burn a blade for the undercloud
16:01 * mike25de enough for today... see you guys ... next time :) Have a great day/evening etc
16:02 astronouth7303 ... why is archive.extracted ignoring hashes???
16:02 bildz mike25de: good night
16:02 leonkatz joined #salt
16:07 Guest73 joined #salt
16:09 lhansbury joined #salt
16:09 preludedrew joined #salt
16:09 lhansbury left #salt
16:09 lhansbury joined #salt
16:10 lhansbury left #salt
16:13 nixjdm joined #salt
16:17 astronouth7303 ... why did I set source_hash_update to false???
16:19 azrdev joined #salt
16:20 XenophonF :-D
16:22 azrdev hi! how can I tell the pip state to install into ~/.local/, like `pip install --user $package`?
16:23 mbuf joined #salt
16:24 babilen whytewolf: Is your Saltstack for OpenStack available?
16:25 whytewolf azrdev: you will need both a user, and an install option for that
16:25 whytewolf babilen: unforchantly no. I plan to make one that is but keep getting distracted
16:26 whytewolf azrdev: both are described here https://docs.saltstack.com/en/latest/ref/states/all/salt.states.pip_state.html#salt.states.pip_state.installed
16:27 DoomPatrol babilen: there was a "official" openstack saltstack thing
16:27 azrdev whytewolf: ah, I overlooked install_options. thx!
16:27 DoomPatrol babilen: but the docs are all janked up now and i was looking at using parts of this, https://github.com/CSSCorp/openstack-automation
16:28 DoomPatrol but fml i do wish there was something simplier and readily available out there
16:28 whytewolf the problem with making openstack simple is that .... at any level it isn't simple.
16:28 whytewolf there are a ton of things to choose
16:29 DoomPatrol yeah
16:30 DoomPatrol i erm used to work at a particular cloud provider and uh lets say nothing is simple
16:30 DoomPatrol even we didn't have it all down/understood initially...
16:30 DoomPatrol s:even::
16:30 azrdev left #salt
16:32 whytewolf designing a good openstack setup is almost a work of art that takes a lot of planning. you have to know what you want your end result to be. what hypervisor you are going to use. and depending on hypervisor it's limitations on what that does to your other choices.
16:32 DoomPatrol yep
16:32 DoomPatrol same goes for storage backends for cinder, (e.g. block, iscsi, nfs, etc)
16:32 DoomPatrol so it's a huge complex issue
16:32 babilen It would still be useful to have well maintained states/formulas for typical OpenStack services
16:33 babilen I'm not necessarily thinking of a "one click" solution, but there are bits most people will need or use
16:33 DoomPatrol babilen: thats the thing, what is "typical" for a OS env?
16:33 babilen DoomPatrol: Many people will use Nova, Cinder, Horizon, ...
16:34 DoomPatrol horizon not as much
16:34 babilen But you are right in that there are many many moving parts and alternative approaches
16:34 DoomPatrol wish more ppl thought about keystone
16:35 whytewolf about the only piece that might be the simplest to work with is keystone
16:35 DoomPatrol can't have a env w/o auth
16:35 DoomPatrol whytewolf: :) great minds
16:35 DoomPatrol yeah if you ahve keystone, everyting else will "fall" in place per se
16:37 whytewolf the worst openstack modules to work with are the ones that require images, sahara, trove, ect.
16:38 whytewolf they typically have the worst documentation. esp on what needs to be included in the images.
16:39 DoomPatrol tell me about it
16:54 XenophonF are there any FLOSS alternatives to openstack?
16:55 whytewolf um, openstack is FLOSS. unless you are looking for other FLOSS alternatives
16:55 XenophonF I know
16:56 XenophonF I'm just wondering if there's something other than openstack that's equivalent to it, or vsphere, or scvmm
16:56 whytewolf there is cloudstack. but last time i tried working with it was a nightmare.
16:57 XenophonF i've never heard of it
16:57 whytewolf it is apache
16:57 XenophonF oh
16:57 whytewolf [was originally created by citrix, and there is a comercial version that citrix still licenses]
16:58 lordcirth_work openstack is kinda open core, in that you can totally set one up without a vendor product, but no one bothers to make that easy
16:58 XenophonF gotcha
16:58 XenophonF ugh i hate open core stuff
16:58 lordcirth_work It's all just vendors trying to sell their frontends
16:58 XenophonF the web site makes it sound awesome
16:58 lordcirth_work OpenNebula is easy to set up but it feels like a collection of hacky bash scripts under the hood
16:59 babilen And really doesn't scale
16:59 lordcirth_work I dunno, I've heard some people got it to scale, but it takes work.
16:59 XenophonF "CloudStack" is the apotheosis of devops product names ;)
16:59 lordcirth_work Last time I tried it, putting a space in VM names broke it
16:59 lordcirth_work XenophonF, yeah it really is XD
17:02 XenophonF i started writing an openstack formula but i'm going to trash it
17:03 XenophonF it's garbage
17:03 whytewolf i wouldn't consider openstack open core. yes there are vendors that build it. but even with what they do it is all open source products. thats kind of like calling linux open core.
17:03 XenophonF my next approach is just going to be managing the configs for each individual daemon
17:03 whytewolf XenophonF: https://docs.saltstack.com/en/latest/ref/states/all/salt.states.ini_manage.html
17:05 XenophonF YES
17:06 darioleidi joined #salt
17:06 XenophonF where was this all my life??
17:06 whytewolf right there. thats been there a long time.
17:06 pipps joined #salt
17:06 XenophonF man I need to re-read the docs again
17:07 pipps joined #salt
17:09 Deliant joined #salt
17:22 willprice joined #salt
17:25 vexati0n has anyone managed to get salt-cloud/proxmox working with proxmox v5 ?
17:26 vexati0n I get nothing but "profile error" and absolutely no helpful information. it "creates" qemu VMs, but they are powered off, salt crashes, and it never gets close to deploying a minion
17:30 noraatepernos joined #salt
17:30 nixjdm joined #salt
17:31 shanth_ joined #salt
17:33 mikecmpbll joined #salt
17:35 iggy there's ganeti, but we did a pretty thorough review of options at work a while back and openstack was the least crappy option
17:35 iggy XenophonF: ^
17:36 shanth_ on a freebsd minion, im trying to use service.running on a rc.d script that i wrote. it starts the service but the state is marked as failed. is there something specifically that salt is expecting from the script to mark the state as successful? such as a pid file or ?
17:40 pppingme joined #salt
17:41 pipps joined #salt
17:45 dendazen joined #salt
17:51 pipps joined #salt
17:55 Inveracity joined #salt
18:00 XenophonF shanth_: I see the same problem sometimes.
18:00 XenophonF I think there's a bug in the freebsd_service module but haven't had time to debug it.
18:01 shanth_ good to know XenophonF
18:16 ouemt joined #salt
18:18 Joe_Hill joined #salt
18:21 noobiedubie joined #salt
18:23 shanth__ joined #salt
18:25 darioleidi joined #salt
18:29 nixjdm joined #salt
18:32 Coffey joined #salt
18:33 Coffey08080888 joined #salt
18:44 LeProvokateur joined #salt
18:51 _KaszpiR_ joined #salt
18:52 cyborg-one joined #salt
18:53 doubletwist Ok, having issues with the iptables-formula - getting it to use iptables.service and the ability to extend the service defined as per https://github.com/marty30/iptables-formula
18:53 doubletwist here's what my config looks like but it's not pulling in the additional service definition [not allowing http port] http://paste.lopsa.org/193
18:54 test joined #salt
18:58 shanth__ joined #salt
18:58 wedgie_ joined #salt
18:59 shanth_ joined #salt
19:00 ChubYann joined #salt
19:04 doubletwist Or alternately, is there a better way to handle different subsets of systems getting different iptables rules? [ie only 'web*' gets http/https rules]
19:05 doubletwist while still getting a default set of rules as well [ie all systems allow ssh from our admin boxes]
19:05 jdipierro joined #salt
19:06 mavhq joined #salt
19:07 high_fiver joined #salt
19:14 mchlumsky joined #salt
19:15 hasues joined #salt
19:15 XenophonF doubletwist: Pillar will merge dictionaries for you automatically.
19:16 Deliant joined #salt
19:16 XenophonF so you can have /srv/pillar/default.sls that has firewall:services and a firewall:services_ipv6 keys with some minimal set of settings you want all minions to have
19:16 XenophonF like, allow SSH, DHCP, ping, etc.
19:17 hasues Is there some logic in salt that allows me to "include" a state if it hasn't been included, so I don't have to worry about duplicate sls being found because two state files want to include it?
19:18 XenophonF and you can add to that /srv/pillar/webapp.sls that also has a firewall:services key with some more stuff added to it
19:18 XenophonF maybe a key for mysql or something
19:19 XenophonF hasues: you should not use include except in extremely rare cases
19:19 pipps joined #salt
19:19 hasues XenophonF: So I was reviewing https://docs.saltstack.com/en/getstarted/config/include.html and the verbiage doesn't read to me that way.
19:20 hasues Furthermore, if I want to write state files that want to bring in different components with a require or such, an include will be necessary to make that happen
19:20 whytewolf hasues: only if you are do a require on the sls.
19:20 XenophonF requisites should not span multiple SLS files except in extremely rare cases
19:21 hasues What I'm seeing, however, is that it becomes horribly difficult to do this in salt as it causes collisions as it doesn't have any logic to determine "oh it was already included, no problem" but instead it sees it as "there are duplicates, fail"
19:21 XenophonF Right.
19:21 XenophonF Don't use includes like that.
19:21 XenophonF You're treating them like C header files or something.
19:22 hasues I guess I can't see how I can make this useful.
19:22 XenophonF You should only ever use include in extremely restricted cases.  I call them "glue" SLSes because they bring together two unrelated SLSes or formulas.
19:22 XenophonF For example, I have two formulas: https://github.com/irtnog/shibboleth-formula and https://github.com/irtnog/tomcat-formula.
19:22 XenophonF The shibboleth.idp SLS is written generically.
19:22 whytewolf honestly, I don't think I have ever used include.
19:23 XenophonF You can host it using Jetty or Tomcat.
19:23 XenophonF The tomcat SLS is written generically.  It just configures the container.
19:23 XenophonF But there are a few specific dependencies and cases where you want changes signalled by states in shibboleth.idp to trigger a service restart in tomcat.
19:24 XenophonF Hence, I have written a glue SLS, tomcat.shibboleth-idp, that includes the shibboleth.idp and tomcat SLSes and extends (mutates) the necessary states.
19:24 XenophonF https://github.com/irtnog/tomcat-formula/blob/master/tomcat/shibboleth-idp.sls
19:25 XenophonF That allows system operators to apply shibboleth.idp and tomcat independent of one another, or they can apply tomcat.shibboleth-idp and it will DTRT
19:26 colabeer joined #salt
19:26 XenophonF that specific case, gluing SLSes together, is the only time I'd recommend using include.
19:26 XenophonF Sure, it's possible to treat it like a proxy for top.sls
19:26 whytewolf ugh,
19:26 XenophonF where you can have one top-level SLS ID include a bunch of lower level ones
19:26 XenophonF but I don't normally recommend that either
19:26 whytewolf i hate when people use init.sls for a bunch of includes
19:27 XenophonF same
19:27 iggy I used to... I've come to terms with it
19:27 iggy it's prevalent in the formulas and where I work now :(
19:28 * XenophonF shrugs.
19:28 XenophonF There's more than one way to do it.
19:28 hasues I guess I see me writing formulas and such and wanting to make those pieces have dependencies, but not this sort of removes the idea of making that sort of thing modular.
19:28 coredumb I quite like to do it for some use cases :)
19:28 nixjdm joined #salt
19:29 XenophonF well, on the topic of formulas, compare https://github.com/saltstack-formulas/openssh-formula to https://github.com/irtnog/openssh-formulas
19:29 * MTecknology is still old and grumpy and doesn't like formulas
19:29 hasues But to be clear, it obviously has to do with my lack of understanding of Salt, so that's a given
19:29 XenophonF I said earlier that I don't like how the official openssh-formula works.
19:29 XenophonF Partly that's because it goes too far with breaking states out into separate SLS files.
19:29 hasues 404 on your second link
19:30 XenophonF omg sorry https://github.com/irtnog/openssh-formula
19:30 iggy hasues: can you paste some example of what you are trying to do? We include things multiple times all over the place without issue
19:31 hasues iggy: I think it would be much easier if I would just go drinking or something instead at this point.
19:31 * MTecknology should finally get his states on the githubz
19:31 iggy fair enough
19:31 swills joined #salt
19:31 swills joined #salt
19:32 hasues iggy: I would take you up on your offer, but I would need to gather up what I was trying to do in some rational way of explaining it.
19:33 MTecknology hasues: if it wasn't provided - https://docs.saltstack.com/en/latest/ref/states/requisites.html
19:33 MTecknology also- https://docs.saltstack.com/en/latest/topics/tutorials/states_pt2.html
19:33 hasues MTecknology: I've read through that.
19:33 whytewolf okay, phrases like that are kind of a pet peeve of mine. if you can't explain it. how do you plan to impliment it?
19:34 hasues whytewolf: Oh I could explain it, I'm just sifting through this documentation and at this point, I'm not interesting in flooding the channel with all of it.
19:35 pipps joined #salt
19:35 hasues I'll need to sift and make some postbin's etc
19:35 ecdhe joined #salt
19:35 hasues pastebins rather
19:35 doubletwist XenophonF: Then I guess I'm confused as to why that formula doc says salt "can't merge pillars" :)
19:35 doubletwist Is that just something that's relatively new?
19:35 whytewolf use gist instead of pastebin. [gist allows multiple files and editing.]
19:37 XenophonF doubletwist: https://docs.saltstack.com/en/latest/ref/configuration/master.html#pillar-source-merging-strategy
19:38 XenophonF the formula doc might be outdated
19:38 whytewolf if i recall about the iptables formula it uses a dict not a list... in which case recurse might be the best merge strat.
19:39 whytewolf smart always missed the mark for me
19:43 edrocks joined #salt
19:43 sjorge joined #salt
19:44 fredrick joined #salt
19:45 noraatepernos joined #salt
19:46 fredrick joined #salt
19:47 fredrick joined #salt
19:49 fredrick Is there a way to have a salt -b --batch-wait (test) 1 'server' cmd.run 'something'
19:49 fredrick so have it test for a curl code 200?
19:50 whytewolf batch-wait is a time
19:51 fredrick Yes I understand I am wondering if anyone has found a way to test for the state of the command before moving on.
19:53 whytewolf that would be part of cmd.run. to not return until it is done.
19:54 fredrick Fair enough.
19:54 whytewolf batch-wait is the wait inbetween one batch and the next
19:54 fredrick Yup like I said I understand that, was just hoping there was a easy way to have it do a different test/function for the wait.
19:58 whytewolf yeah that part has nothing to do with batch
19:59 qman__ joined #salt
20:03 englishm_work joined #salt
20:05 mpanetta joined #salt
20:06 englishm_work I'm running into an issue using the `|json` jinja filter - I have a dictionary in Jinja that I'd like to render as a JSON object, but the output of the `|json` filter appears to be a Python literal OrderedDict instead
20:07 englishm_work I've used `file.serialize` to successfully render JSON and YAML before, but here I'd like to use the `|json` filter so I can feed it to `file.append` for some structured logging
20:09 englishm_work Has anyone else run into issues serializing dictionaries with Jinja filters like this?
20:10 pipps joined #salt
20:16 englishm_work essentially... https://gist.github.com/englishm-llnw/8e6adb3641bb149713c626fdce2b0431
20:20 wendall911 joined #salt
20:21 englishm_work This is with 2016.11.1 (Carbon), for what it's worth
20:22 gmoro_ joined #salt
20:24 englishm_work Looks like some similar issues were encountered when the feature was first developed: https://github.com/saltstack/salt/pull/6039
20:25 secrgb joined #salt
20:26 LeProvokateur joined #salt
20:29 nixjdm joined #salt
20:30 pipps joined #salt
20:32 darioleidi_ joined #salt
20:32 astronouth7303 yesterday/today: I pointed gitlab at the salt event bus and used that to build a dashboard
20:33 astronouth7303 just disable authentication on hooks and then add a permissionless user to the auto eauth
20:36 johnkeates joined #salt
20:38 englishm_work D'oh! think I figured out what's happening with the `|json` thing - it's getting parsed as YAML
20:45 swills joined #salt
20:54 hemebond joined #salt
20:58 hasues whytewolf: I think my problem was that I was trying to do too many things in my top.sls
20:59 whytewolf sounds like you are not doing enough in top.sls if you are using includes.
21:00 hasues heh, maybe?
21:01 hasues I look through these examples, and in the case of software being installed, things are put in place via package managers, but I guess I look at each entity that I would put in place via top.sls as something that would be a separate entity.  I'm just trying to get a grasp of the right procedure for putting things in place.
21:07 JPT joined #salt
21:14 pipps joined #salt
21:25 vtolstov joined #salt
21:26 vtolstov hi again! i'm continue to learn salt. and now i don't understand why salt master does not sync to minion my extmods?
21:26 hasues joined #salt
21:26 whytewolf vtolstov: hae you told the minion to pull them?
21:27 whytewolf salt '*' saltutil.sync_all
21:27 vtolstov if i don't put on minion config path to my extmods (that contains modules and states) i'm always have error
21:27 whytewolf extmods?
21:27 whytewolf there are betters ways then that
21:27 whytewolf like using _modules ect
21:27 vtolstov i'm try to  salt '*' saltutil.sync_all
21:28 whytewolf okay, how about gisting up what you have. lets see where the confusion lies.
21:28 whytewolf you shouldn't need to touch extmods or any other config option
21:28 vtolstov this is my salt master https://gist.github.com/vtolstov/530ce63b6349ebd955206993ddd189ce
21:29 whytewolf okay, you don't need module_dirs
21:29 vtolstov why ?
21:29 whytewolf becuase the dynamic module syncing puts it where the master/minion needs it to be
21:30 nixjdm joined #salt
21:30 whytewolf you only need to have salt://_modules in place and run these two commands "salt '*' saltutil.sync_all"  & "salt-run saltutil.sync_all"
21:31 vtolstov but if i dont want to run any commands and want to use modules automatic in states?
21:31 vtolstov in my case i'm write state module and corresponding python module that used by state module =)
21:32 whytewolf sigh. because a. ext_mods like that don't sync.
21:32 whytewolf and b. because you can automate the dynamic modules
21:33 vtolstov ok b =)
21:33 whytewolf in your case it would be _states and _modules
21:33 vtolstov where i need to put it ?
21:33 vtolstov in /srv/salt ?
21:34 whytewolf well since you have a fileroots of /srv/salt/states it would be /srv/salt/states/_modules and /srv/salt/states/_states
21:34 whytewolf https://docs.saltstack.com/en/latest/ref/modules/#modules-are-easy-to-write
21:36 whytewolf https://docs.saltstack.com/en/latest/ref/file_server/dynamic-modules.html
21:37 vtolstov thanks!
21:37 vtolstov now all works =)
21:38 vtolstov now next - where to put secret data like passwords ? does pillar is secure or i need to use something special?
21:39 whytewolf in pillar. because with how you select hwich minion the password goes to. also you might want to look into the gpg render
21:39 whytewolf s/because/be careful
21:39 vtolstov yes i remember about minion_id
21:40 whytewolf https://docs.saltstack.com/en/latest/ref/renderers/all/salt.renderers.gpg.html
21:40 vtolstov also i'm experiment with changing id in minion config and see that master now auth it without accepting new key
21:40 vtolstov i don't like targetting by ip...
21:42 whytewolf there are lots of ways to target. i just caution against some that can be problematic in security settings
21:43 whytewolf for states it is okay to do the targetting by grain. because the minions render that data and have access to all of the states already.
21:43 whytewolf just in pillar it isn't advised.
21:44 vtolstov yes, but i'm interesting does it possible to change minion id on minion and successful auth to master ?
21:44 whytewolf it shouldn't be no.
21:44 vtolstov so targetting by minion_id can be secure ?
21:44 whytewolf yes
21:44 vtolstov =) that fine =)
21:45 whytewolf [and is the default way to target]
21:45 whytewolf well, it is possable to have minions auth to a badly configured master automaticcly but that kind of setup is generally frowned on
21:48 om2 joined #salt
21:53 neveragny joined #salt
21:55 vtolstov whytewolf: i'm read about gpg, does it possible to combine in one file encrypted and non encrypted data?
21:55 debian112 joined #salt
21:55 whytewolf yes
21:56 om2 joined #salt
21:56 omergerd2017 joined #salt
21:57 whytewolf i blink and someone sends me a private message and logs off before i can respond ...
22:01 vtolstov whytewolf: how much spaces i need for pgp message?
22:01 vtolstov i'm indent to 4 spaces becasue i have nested dict
22:01 vtolstov and catch error:     Rendering SLS 'base:drone' failed: could not found expected ':'; line 16
22:01 vtolstov SeQmbWl2Szq3VDuQFr5/CS+fOlG68G7jBNWb5xPcpocJK7V136r+9o33+eI8uTte    <======================
22:02 whytewolf i don't know
22:02 whytewolf I've never used it personally.
22:02 vtolstov =)
22:03 whytewolf generally it should be valid yaml.
22:03 whytewolf also the rendered gpg goes in pillar not a state
22:03 whytewolf i think
22:18 vtolstov https://github.com/saltstack/salt/issues/34475
22:19 vtolstov so this is ext_pillar stack issue
22:19 noraatepernos joined #salt
22:21 keldwud joined #salt
22:21 keldwud joined #salt
22:23 whytewolf ahh, fun. i don't use the stack ext_pillar so even i used gpg wouldn't have run into this. good to know
22:23 vtolstov so i don't understand how to fix this in my case =)
22:23 whytewolf not use stack?
22:25 whytewolf or use the development version of slack that looks like it is coming in a fureture version [ext_pillars are another dynamic module of _pillar]
22:27 stevednd whytewolf: what does a runner need to return inside of an orchestration to be considered failed?
22:28 stevednd does it need to raise an error, or are there specific return values salt looks for?
22:29 whytewolf i think it has the same requirments as a exacution module on return values. I believe
22:30 nixjdm joined #salt
22:32 vtolstov joined #salt
22:33 vtolstov i need to apply dc specific stuff and role specific stuff based on minion_id
22:33 vtolstov in stack pillar this is easy
22:35 * whytewolf shrugs. never used stack. i don't see why it is difficult outside of it.
22:36 stevednd whytewolf: I don't even know what salt uses for module calls come to think of it
22:37 whytewolf trying to remeber myself. been an age.
22:37 vtolstov how can i avoid stack pillar https://gist.github.com/vtolstov/c426fc5e8f8688ac58334c7a4cc81c63
22:37 vtolstov ?
22:37 whytewolf ..
22:37 vtolstov does it possible to do something like this ? as i understand file_tree can have simular functions but i need nodegroups ...
22:37 vtolstov and can't use roles...
22:39 benner left #salt
22:40 whytewolf ew... now i know why i don't use stack. if config files look like that. although i can see why people do use it when they want to do things like having a seperate config file per minion
22:41 omergerd2017 joined #salt
22:41 vtolstov =)
22:42 vtolstov where i need to put custom pillar ?
22:42 vtolstov in /srv/salt/_pillars ?
22:42 whytewolf ...
22:43 vtolstov sorry custom ext_pillar =)
22:43 omergerd2017 joined #salt
22:43 whytewolf why would _pillar be different then _modules or _states. it goes in /srv/salt/states/_pillar
22:44 om joined #salt
22:44 whytewolf all dynamic modules go in <fileroots>/_<moduletype>
22:46 om left #salt
22:46 stevednd whytewolf: short of raising an exception I could not get the runner to report failure. I tried returning None, False, and {'result':False}
22:47 whytewolf really, i would think {'result': False} would have worked
22:47 gtmanfred that is going to be fixed in oxygen
22:47 gtmanfred https://github.com/saltstack/salt/issues/18510
22:47 whytewolf ahhh well there you go
22:48 stevednd {'result':False} did make salt think there were changes, but still success
22:48 stevednd thanks gtmanfred
22:48 om joined #salt
22:49 stevednd gtmanfred: will returning a dict from a runner with result, changes, etc... be fully recognized by orchestration in terms of run, changed, failed?
22:49 om joined #salt
22:49 pipps joined #salt
22:52 vtolstov whytewolf: strange... Aug 10 01:51:40 cc.dc1.sdstack.com salt-master[15941]: 2017-08-10 01:51:40,914 [salt.pillar      ][CRITICAL][15941] Specified ext_pillar interface sdstack is unavailable
22:52 vtolstov i'm modify stack.py and put it to /srv/salt/states/_pillar/sdstack.py
22:53 gtmanfred does sdstack.py have a __virtualname__ definition in it?
22:53 vtolstov no
22:53 whytewolf pretty sure it should. also make sure you sync that to the master. since it is a ext_pillar
22:54 gtmanfred did you run `salt-run saltutil.sync_all` ?
22:54 vtolstov ups
22:54 om I am having a strange issue after upgrading to 2017.7
22:54 vtolstov after sync_all all works fine
22:54 vtolstov so ext_pillar needs to be synced by hand ?
22:55 om https://pastebin.com/My7uvq8R
22:55 whytewolf it needs to be synced to the master.
22:56 whytewolf om: what does the actual state look like?
22:57 om strange part is it was working but then I added some more jinja to another file..
22:57 om I just found the issue... gosh, was just a double }} instead of one
22:57 om the error was misleading
22:57 gtmanfred om: the reason you could not talk is that you are not identified with nickserv, you may have registered, but you did not identify afterwards
22:57 gtmanfred https://freenode.net/kb/answer/registration
23:03 cgiroua joined #salt
23:03 omie888777 joined #salt
23:06 omie888777 joined #salt
23:06 omie888777 joined #salt
23:07 Topic for #salt is now Welcome to #salt! <+> Latest Versions: 2016.11.6, 2017.7.0 <+> Support: https://www.saltstack.com/support/ <+> Logs: http://irclog.perlgeek.de/salt/ <+> Paste: https://gist.github.com/ <+> See also: #salt-devel, #salt-offtopic <+> We are volunteers and may not have immediate answers <+> Please make sure you're properly identified to speak in the channel.
23:07 gtmanfred :+1:
23:07 gtmanfred yeah i meant to add that back once the CFP was closed.
23:08 omie888777 joined #salt
23:09 gtmanfred omie888777: if you are trying to talk in the channel, you need to identify with nickserv. https://freenode.net/kb/answer/registration
23:09 gtmanfred well, that didn't work
23:09 omie888777 joined #salt
23:09 gtmanfred omie888777: if you are trying to talk in the channel, you need to identify with nickserv. https://freenode.net/kb/answer/registration
23:23 pipps joined #salt
23:24 gttest joined #salt
23:38 hasues left #salt
23:41 dendazen joined #salt
23:52 pipps joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary