Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2017-09-14

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:02 hemebond wryfi: Do you have an example of an event?
00:02 hemebond Chances are it's the return code from another executable.
00:03 wryfi i don't currently have the raw output from one, no.
00:12 justanotheruser joined #salt
00:28 zerocool_ joined #salt
00:30 noraatepernos joined #salt
00:31 schemanic joined #salt
00:32 jas02 joined #salt
00:38 schemanic Heya
00:38 schemanic Whats the best way to have a state download files and check their MD5?
00:39 whytewolf file.managed checks file hash
00:39 tiwula joined #salt
00:41 schemanic whytewolf, is it proper to use archive.extracted with an https source?
00:42 renaissancedev joined #salt
00:43 whytewolf well source does have a source_hash function which is normally used with non salt:// sources
00:43 whytewolf so it should be fine
00:44 gadams joined #salt
00:46 johnj_ joined #salt
00:52 dxiri joined #salt
01:03 schemanic thanks whytewolf
01:04 schemanic can I use regex in jinja?
01:08 schemanic I have a version number for apache that's in a string but I need to install an apache module based on the apache version.
01:16 justanotheruser joined #salt
01:20 shoemonkey joined #salt
01:25 schemanic anyone here?
01:33 k_sze joined #salt
01:40 schemanic Can I access nested dicts in dot notation?
01:41 hemebond In Jinja? Yes.
01:52 hemebond And no, there's no built-in Regex test in Jinja as far as I know.
01:54 ilbot3 joined #salt
01:54 Topic for #salt is now Welcome to #salt! <+> Latest Versions: 2016.11.7, 2017.7.1 <+> Support: https://www.saltstack.com/support/ <+> Logs: http://irclog.perlgeek.de/salt/ <+> Paste: https://gist.github.com/ <+> See also: #salt-devel, #salt-offtopic <+> We are volunteers and may not have immediate answers
02:15 dxiri joined #salt
02:16 zerocool_ joined #salt
02:18 schemanic hemebond, thanks. I ended up splitting the version string and referencing the major and minor version indices
02:19 schemanic then testing > or < vs the int cast of that value
02:22 whytewolf schemanic: I think that most pkg modules have a version_cmp used for comparing version numbers
02:22 whytewolf such as https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.yumpkg.html#salt.modules.yumpkg.version_cmp
02:22 schemanic whytewolf, I don't think this applies.
02:23 schemanic I'm downloading an apache module DSO file
02:23 schemanic the one that you download needs to match the version of apache you have installed
02:23 justan0theruser joined #salt
02:23 whytewolf ... it works off of inputted version numbers.
02:23 schemanic because the DSO is compiled vs different versions of apache
02:23 whytewolf not off of installed version numbers
02:23 justan0theruser joined #salt
02:24 whytewolf salt '*' pkg.version_cmp '0.2-001' '0.2.0.1-002'
02:24 whytewolf it will return -1 0 or 2
02:25 schemanic but I'm not comparing installed packages? I might not be understanding what's being compared here
02:25 whytewolf err -1,0 or 1
02:25 whytewolf inputted version numbers
02:25 schemanic Oh, I see
02:25 schemanic I think
02:25 schemanic so this isn't doing something like looking at the installed package and extracting version data from it
02:26 schemanic it's literally looking a strings representing version numbers
02:26 whytewolf right
02:26 schemanic and it's smart enough to understand how versions work
02:26 whytewolf most verion schemes. there are of coarse odd balls that might through it off. but i don't think apache is one
02:27 whytewolf although if you only are worrying about the magor version and not the minor you might be fine with how you are doing it already
02:28 schemanic I'm not testing the major. Just the minor
02:28 schemanic they're both 2.x
02:28 schemanic but 2.0 gets one dso and 2.2+ gets another
02:28 schemanic can I call this from a state?
02:28 whytewolf it is an exacution module. so you can call it from jinja just like any other exacution module
02:29 schemanic I need to pass it a pillar value
02:29 schemanic k
02:30 schemanic yeah but whytewolf, I'm not seeing how I can use this inside an if block
02:30 schemanic You basically have to write a state that calls the module
02:31 whytewolf um, no
02:31 schemanic https://docs.saltstack.com/en/latest/ref/states/all/salt.states.module.html#module-salt.states.module <--?
02:31 whytewolf if salt.pkg.version_cmp('2.04',pillar_version) == 0
02:31 schemanic what am I missing
02:32 schemanic where is THAT documented because I'm definitely looking for that
02:33 whytewolf https://docs.saltstack.com/en/getstarted/config/jinja.html
02:34 schemanic I see that but the thing I linked is what googles. Is there anything more elaborate that explains how to pass arguments to it?
02:34 schemanic I've seen your example and appreciate it, I just haven't learned why that works
02:35 whytewolf https://docs.saltstack.com/en/latest/topics/tutorials/states_pt3.html#calling-salt-modules-from-templates
02:35 keltim joined #salt
02:37 whytewolf in jinja the salt dict is a dict that holds all of the loaded salt exacution modules
02:37 schemanic ah. That makes a lot more sense. Thanks whytewolf
02:48 johnj_ joined #salt
02:56 debian112 joined #salt
03:12 onlyanegg joined #salt
03:33 michelangelo joined #salt
03:33 frygor_ joined #salt
03:34 dxiri joined #salt
03:44 evle2 joined #salt
03:47 Bock joined #salt
03:49 johnj_ joined #salt
03:52 pentabular left #salt
03:55 johnj_ joined #salt
03:58 Deliant joined #salt
04:08 dxiri joined #salt
04:14 shoemonkey joined #salt
04:21 ikarpov_ joined #salt
04:24 zerocool_ joined #salt
04:26 csmule joined #salt
04:26 csmule Where do I put my common base requirments sls files when I am using multiple env? I thought if I did base '*' requirements that would be applied first to any minion.
04:27 schemanic After importing 'xdict' from a map.jinja file, I'm trying to set ydict = xdict.get('zvalue', {}) and I'm not getting anything. halp?
04:28 schemanic https://gist.github.com/anonymous/f893b97e1ea0805b2fe68c332d95caa5
04:29 whytewolf schemanic: can we see the map.jinja also?
04:29 whytewolf csmule: it depends on if you are setting enviroment in the minion or not. if you are. base: '*' won't apply to that minion because it won't see that enviroment
04:31 csmule Not setting env on the minion. I didn't even know you could do that!  I was using grains env:dev, env:prod to separate the minions.
04:31 csmule whytewolf:
04:32 whytewolf ... a grain of env:* alone won't do anything for enviroment.
04:32 jas02 joined #salt
04:32 schemanic whytewolf, here you go, with pillar: https://gist.github.com/anonymous/8e3b5bcf8055743da87c0f65d239928a
04:32 csmule whytewolf: So there is a method to tell a minion what environment it is in?  I assume in the minion file?
04:33 whytewolf csmule: top file
04:34 csmule whytewolf: in my top file I have base:, dev:, and prod: and I use this as the selector as an example for dev 'G@env:dev'
04:34 whytewolf schemanic: yikes. that is a hell of a map
04:35 schemanic it's... whats in the public apache repo
04:35 schemanic I don't have time to learn how to do it my way
04:35 whytewolf csmule: okay. so you ARE using top file matching. humm. base: '*' should work then. least IIRC I personally avoid enviroments like the plague
04:35 csmule whytewolf: What do you do? Separate masters?
04:36 whytewolf csmule: yes
04:36 csmule Hmm, well coming from you I def will consider that approach. Thank you sir.
04:37 whytewolf schemanic: okay. the issue. mod_jk isn't getting pulled into the apache map.jinja because only ting that is merged with it is apache:lookup. which is on the same level as apache:mod_jk in your config
04:38 whytewolf schemanic: shift mod_jk and everything below it two spaces to the right and you should be good
04:40 schemanic does that make it accessible as apache.mod_jk?
04:40 whytewolf schemanic: in the final product, yes
04:40 schemanic what I don't understand is that this formula's pillar.example has a bunch of other mod_whatever dicts at the same indentation
04:41 whytewolf where is the original formula {I don't use formulas so i have to actually look through the code}
04:41 schemanic sure. one moment
04:41 schemanic my mod_jk stuff is custom and not part of the formula. I'm extending it
04:42 schemanic but the principle should carry
04:42 whytewolf most likely they are calling the pillar directly instead of using the lookup
04:42 schemanic https://github.com/saltstack-formulas/apache-formula
04:42 whytewolf or they messed up their docs
04:42 schemanic I dunno. Most everything in this pillar lives UNDER apache
04:43 whytewolf ahh that is because they have a ton of state files for each module
04:43 whytewolf apache.mod_cgi state goes with apache:mod_cgi pillar
04:43 whytewolf and so forth
04:45 whytewolf get a lot of things like this {% if 'apache' in pillar and 'php-ini' in pillar['apache'] %}
04:46 schemanic I dont get it. Am I wrong that two spaces under apache renders apache.mod_jk?
04:46 schemanic like, how is that different than apache:mod_jk?
04:47 whytewolf apache:mod_jk is a pillar
04:47 whytewolf apache.mod_jk is a dict that is passed through a lot of filter_by's and merging of apache:lookup
04:47 schemanic I am so lost. the mod_cgi.sls file you just referenced makes no ask of any pillar data
04:48 whytewolf it doesn't use any config
04:49 schemanic you just made the assertion that an 'apache:mod_cgi' pillar existed
04:49 schemanic or was that a hypothetical example using components which do not adhere to the example?
04:49 whytewolf i said as a hypathetical i hadn't gotten that deep into the code yet
04:49 fl3sh joined #salt
04:49 schemanic I see. I follow you now
04:50 schemanic okay so X:Y is a pillar, but X.Y is a dict that gets passed around
04:50 schemanic pillars are dicts though?
04:50 schemanic are they not the same things but with different notations?
04:50 whytewolf pillar can be dicts or lists.
04:50 schemanic mm
04:51 whytewolf x:Y is just common ways of describing pillar name structure
04:51 whytewolf x.y can be anything
04:51 schemanic I still don't understand. Why does apache.get('mod_jk', {}) not give me what I want? my pillar places it at that right location
04:52 whytewolf because apache is NOT your pillar
04:52 schemanic but, 'apache' is the first key of the file...?
04:52 schemanic are you saying that the dict that map.jinja produces is not called 'apache'?
04:52 whytewolf apache is a dict that has gone through 2 different levels of filtering
04:53 whytewolf I'm saying that the dict that map.jinja produces is not in any way shape or form dirived from your pillar you call apache
04:54 schemanic That cant be true, because states respond when I set apache.lookup.version
04:54 onlyanegg joined #salt
04:55 schemanic I though the point of map.jinja files was 'to take the exact dict specified in pillar sls files, then substitute default values over them if they are not specified in the user pillar or the default pillar.'
04:55 whytewolf merge=salt['pillar.get']('apache:lookup')
04:56 schemanic so you're saying that when I set apache.lookup.version, map.jinja makes something called apache.version
04:56 schemanic because I see states that say {{ apache.version }} all over the place
04:56 whytewolf yes
04:56 schemanic and version isn't being set anywhere else
04:57 schemanic but you're also saying that anything NOT under apache.lookup doesn't become accessible under apache.whatever
04:57 whytewolf yes.
04:57 schemanic because the mapfile only seems to care about that lookup subkey
04:57 schemanic and that all the other states are accessing the data in the user set pillar through a different sort of notation
04:57 whytewolf it does update and add modsecurity under mod_security
04:57 whytewolf but other wise yes
04:58 schemanic okay
04:58 schemanic I follow sort of. States deriving from this pillar need to get thier pillar data not from the apache object
04:59 schemanic you told me to unindent 'mod_jk', which would put it at the top level of the file
04:59 whytewolf I said indent it more
04:59 whytewolf so it was under lookup
04:59 schemanic oh
04:59 schemanic no
04:59 schemanic I don't want that
04:59 schemanic I want it 'the way all the other ones are doing it'
04:59 schemanic so the example pillar talks about other modules config
04:59 schemanic and thier pillar data is at the same level as lookup
05:00 schemanic so somehow they're getting data, but you're saying that they're not getting it as apache.whatever.data
05:00 whytewolf yeah I've been looking into that. the only one that actually seems to even touch anything close to that is mod_php5
05:00 whytewolf which calls pillar['apache']['mod_php']
05:01 schemanic I see, so the map dict only cares about apache.lookup, but the pillar dict actually DOES contain apache.whatever
05:01 whytewolf exactly
05:03 schemanic so I can get my data by... salt['pillar.get']('apache', {}), then set mod_jk = apache.get('mod_jk', {})
05:04 whytewolf might not want to overright the apache dict if you need it for something else ... but in essence yes
05:04 whytewolf {% set mod_jk = salt.pillar.get('apache:mod_jk',{}) %}
05:04 schemanic wait I'd be overwriting the apache(map) dict?
05:04 nullwit1 joined #salt
05:05 schemanic I see, just go straight for mod_jk. got it
05:05 whytewolf yeap
05:05 schemanic so whats different between salt.pillar.get and salt['pillar.get']
05:05 whytewolf save a couple of cycles and some headache
05:06 whytewolf if you are not useing salt-ssh, nothing.
05:06 qman joined #salt
05:06 schemanic i see
05:06 whytewolf salt.module.function is just a shortcut that i find easier to read
05:06 schemanic I do like dot notation better myself
05:06 johnj_ joined #salt
05:08 schemanic So
05:08 schemanic Thank you very very much
05:08 whytewolf no problem.
05:08 schemanic But, why in the everloving fuck do we have these publicly available formulas if all I hear the salt gurus say is 'don't use formulas'
05:09 hemebond I use lots of formulas.
05:09 whytewolf because in principal they do save time.
05:09 hemebond But I do fork and update them usually.
05:09 schemanic Is there a way to impose more strict dependencies and formatting?
05:09 whytewolf I don't use them because they are a bit bloated and tend to not do things i am wanting to do
05:10 Vye joined #salt
05:10 schemanic I've seen in chef how they can set whole 'formulas' as dependencies of others
05:10 whytewolf in formulas? not really. there is no real governing body for them
05:10 schemanic well ugh I know
05:10 schemanic Everyone thinks thier way makes sense.
05:11 hemebond That would be annoying. Similar to Puppet module dependencies. Ugh, that was hell.
05:11 schemanic hmm
05:11 schemanic I find myself adrift so often when trying to understand what's happening from formula to formula
05:11 schemanic Like working with perl
05:12 schemanic It's way late so I'm probably not very productive in this commentary
05:12 schemanic Salt prints green, and the borg are green, and the borg are right, so salt should be like the borg
05:12 whytewolf it is 10pm here and i just got off work. so I'm not the best judge of productive right now
05:12 schemanic Word
05:13 whytewolf 1 more week till my last day
05:13 * whytewolf sighs happilly
05:26 whytewolf and a hush filled the room?
05:26 hemebond I am quite curious. But felt it rude to ask :-)
05:28 whytewolf got a new job. put in my 2 weeks last week. and have 2 more weeks before i start.
05:28 hemebond Nice.
05:28 hemebond Looking forward to the new job I take it?
05:28 hemebond Any Saltstack at the new place?
05:28 whytewolf ... lots of it.
05:28 diegows joined #salt
05:28 hemebond ?
05:28 shakalaka joined #salt
05:29 bildz joined #salt
05:30 felskrone joined #salt
05:33 rgrundstrom joined #salt
05:39 jas02 joined #salt
05:49 rgrundstrom Good morning everyone!
06:03 hoonetorg joined #salt
06:05 do3meli joined #salt
06:07 high_fiver joined #salt
06:07 do3meli left #salt
06:07 johnj joined #salt
06:10 onlyanegg joined #salt
06:17 schemanic joined #salt
06:21 dxiri joined #salt
06:27 shoemonkey joined #salt
06:28 onlyanegg joined #salt
06:40 Ricardo1000 joined #salt
06:42 dxiri joined #salt
06:44 Bock joined #salt
06:52 ikarpov_ joined #salt
06:57 dxiri joined #salt
07:08 johnj joined #salt
07:09 dxiri joined #salt
07:16 aldevar joined #salt
07:18 Hybrid joined #salt
07:21 toanju joined #salt
07:21 cico joined #salt
07:32 dxiri joined #salt
07:33 jas02 joined #salt
07:36 robman joined #salt
07:39 coldbrewedbrew joined #salt
07:39 coldbrewedbrew joined #salt
07:49 DanyC joined #salt
07:55 jas02 joined #salt
07:59 rgrundstrom I have a small bit of code to change sshd option: https://gist.github.com/Robert-Grundstrom/66cc49c6e39ecec1ef7bfa96bf2b4849#file-gistfile1-txt
08:00 dxiri joined #salt
08:00 _KaszpiR_ joined #salt
08:01 rgrundstrom When i testrun this i notice that in some cases there are manual changes and that results in multible lines with the correct setting but its still 2 rows with the same setting e.g. "PermitRootLogin no" anyone know if i can add something to remove multible lines that are the same?
08:07 hemebond rgrundstrom: Would it not be better to just write the config?
08:09 johnj joined #salt
08:09 rgrundstrom hemebond: Cant do that due to loads of diffrent distros and versions.
08:10 rgrundstrom Its on my todo list to write a generic one but right now. No time
08:12 jas02 joined #salt
08:19 jas02 joined #salt
08:21 schasi joined #salt
08:23 babilen rgrundstrom: We happily use the openssh formula
08:23 haam3r_ rgrundstorm: first replace to replace with empty line and then a second one with the added parameter of append_if_not_found?
08:24 haam3r_ although yeah, I have to second babilen, the openssh formula is pretty good :)
08:25 jas02 joined #salt
08:25 babilen haam3r_: Wouldn't that result in changes over and over again?
08:26 babilen Well, depends on how specific the first regex is, I guess
08:28 haam3r_ babilen: yeah could...that was just the first idea off the top of my head
08:28 Mattch joined #salt
08:28 shoemonkey joined #salt
08:28 babilen Fair enough, It's just that you probably end up enumerating all options but the one you want to keep as a .* would match the option you are adding later
08:29 jas02 joined #salt
08:30 haam3r_ hmm...so maybe a file.replace to remove all occurences and then a file.line to add it. Then on the next run the file.replace would not find anything to do and file.line would see that everything is already there?
08:31 babilen Wouldn't the file.replace match the Option you introduced with file.line ?
08:32 babilen You definitely need to match everything but the option you you are setting later
08:32 haam3r_ yes...well this seems to indicate more coffee is needed :P
08:33 babilen Wiser words have never been spoken
08:33 babilen I shall acquire some myself
08:34 jas02 joined #salt
08:35 ChubYann joined #salt
08:36 schasi "A programmer is something that converts coffee into code"
08:36 * schasi starts converting
08:43 max_2042 joined #salt
08:47 cofeineSunshine hi
08:47 cofeineSunshine https://docs.saltstack.com/en/latest/ref/states/all/salt.states.ini_manage.html#manage-ini-files
08:47 cofeineSunshine does anybody has experience with this state?
08:49 babilen What would you ask this hypothetical person?
08:49 pbandark joined #salt
08:53 Naresh joined #salt
08:58 jas02 joined #salt
08:59 k_sze joined #salt
09:03 cofeineSunshine babilen: i would ask, does it work? I get mixed feelings after several examples from documentation
09:03 cofeineSunshine 'PHP' is an invalid keyword argument for 'ini.options_present'.
09:04 hammer065 joined #salt
09:06 babilen Could you paste your state?
09:09 cofeineSunshine babilen: https://p.defau.lt/?qEAGBjDaScUh3Fa4zU9JAg
09:10 johnj joined #salt
09:11 babilen You are missing two spaces of indentation
09:11 maestropandy joined #salt
09:11 maestropandy left #salt
09:12 babilen http://paste.debian.net/986004/ that's what you want. Compare the datastructure on http://yaml-online-parser.appspot.com/
09:18 cofeineSunshine babilen: thank you, that worked
09:19 maestropandy1 joined #salt
09:23 babilen yw
09:27 mosen joined #salt
09:31 quaie joined #salt
09:31 jas02 joined #salt
09:38 jas02 joined #salt
09:41 jas02_ joined #salt
09:43 dstensnes cofeineSunshine: i have used it recently
09:43 dstensnes but it keeps adding spaces around the "=" which kind of break my program
09:44 dstensnes so i have to use a line.replace afterwards to fix that bit
09:44 dstensnes except for that, it works ok
09:46 pualj joined #salt
09:49 dxiri joined #salt
09:53 babilen That's a bit stupid
09:53 babilen (the adding of spaces, that is)
09:54 dstensnes babilen: affermative
09:55 dstensnes https://github.com/saltstack/salt/blob/develop/salt/modules/ini_manage.py#L329
09:57 hemebond left #salt
09:57 babilen You have to wonder why that module doesn't use configparser
09:57 babilen But this bug should be easy to fix
09:57 dstensnes seems that bit could have been writter cleaner, without the .format inside a .format
09:57 dstensnes yes, i want to make a pull request, but i have to do some other stuff first
09:58 babilen You can say that about a lot of that code
09:58 dstensnes probably true
09:58 dstensnes it also seem to rewrite the file every time too, if i remember correctly
09:58 dstensnes even if no change
09:59 dstensnes i have worked around this by running a file.replace with ' = ' -> '=' for my part
10:00 dstensnes but it seems the ini_manage thingy rewrites the file even if no change is needed, so the replace always trigger too
10:00 onlyanegg joined #salt
10:00 babilen *shudder*
10:00 babilen I don't like that module .. and the more I look at it the worse it gets
10:00 maestropandy1 left #salt
10:00 dstensnes take this with a grain of salt though, because i haven't verified it properly
10:01 babilen https://github.com/saltstack/salt/blob/develop/salt/modules/ini_manage.py#L13-L16 really set the stage
10:01 dstensnes (phun intended)
10:01 dstensnes :)
10:01 pualj joined #salt
10:01 dstensnes well
10:01 dstensnes ...
10:02 dstensnes i haven't done much development on salt, but how does the configparser thingy work?
10:04 dstensnes can you point me to a module that uses it well?
10:06 babilen https://docs.python.org/2/library/configparser.html
10:06 dstensnes thanks
10:07 cofeineSunshine dstensnes: https://p.defau.lt/?9CW0_KJN0PwZDsvYouStpQ
10:07 cofeineSunshine i just commited salt states to GIT
10:07 dstensnes cofeineSunshine: can you show me the state your are running?
10:07 cofeineSunshine and in salt master set fileserver backends to GIT
10:07 cofeineSunshine the very same
10:07 cofeineSunshine i just put into GIT
10:08 cofeineSunshine and made salt master to take it from git
10:08 cofeineSunshine https://p.defau.lt/?3QZ_K9dewe46KNVg9pYRLw
10:08 dstensnes hmm
10:10 dstensnes cofeineSunshine: well, i cannot see any obvious errors
10:10 dstensnes but it works somewhat for me
10:11 johnj joined #salt
10:12 dstensnes cofeineSunshine: i use it like this: https://gist.github.com/anonymous/8e1e4c9fb9b96233e250557d368d158e
10:12 dstensnes you might however not need the final bit
10:13 dstensnes well, lunch time here
10:13 dstensnes back in a bit
10:14 dstensnes in a lunch really
10:17 cofeineSunshine dstensnes: have good lunch
10:17 dxiri joined #salt
10:27 maestropandy joined #salt
10:27 maestropandy left #salt
10:29 shoemonkey joined #salt
10:31 dxiri joined #salt
10:36 cofeineSunshine dstensnes: https://github.com/saltstack/salt/issues/43388
10:36 cofeineSunshine if you run second time the same state
10:36 cofeineSunshine it fails
10:40 cb joined #salt
10:46 dxiri joined #salt
11:01 ritz_ joined #salt
11:04 dxiri joined #salt
11:04 rgrundstrom joined #salt
11:06 dstensnes cofeineSunshine: aha. that's not good
11:06 dstensnes maybe it works for me because of my ' = ' -> '=' replacer then maybe
11:11 johnj joined #salt
11:12 babilen I guess I won't use or advocate that state
11:14 cofeineSunshine looks like it is fixed in develop branch
11:14 cofeineSunshine i've copy/pasted code
11:14 cofeineSunshine and it worked
11:15 cofeineSunshine indicated in comment: https://github.com/saltstack/salt/issues/43388
11:19 dxiri joined #salt
11:20 bluenemo joined #salt
11:31 toanju joined #salt
11:33 dxiri joined #salt
11:38 mavhq joined #salt
11:47 dxiri joined #salt
11:49 quaie joined #salt
11:52 pualj joined #salt
11:57 dxiri joined #salt
11:57 shoemonkey joined #salt
11:58 Ricardo1000 joined #salt
11:58 dxiri joined #salt
12:07 _aeris_ joined #salt
12:08 quaie joined #salt
12:08 shoemonkey joined #salt
12:10 p42 joined #salt
12:11 Nahual joined #salt
12:12 johnj joined #salt
12:17 Cumulo741 joined #salt
12:20 maestropandy joined #salt
12:26 oida joined #salt
12:27 pualj joined #salt
12:42 * rgrundstrom I write this cause i dont want to time out :)
12:46 renaissancedev joined #salt
12:47 cruscio joined #salt
12:54 randomnesia joined #salt
12:59 noituloveand joined #salt
13:09 Cumulo741 joined #salt
13:13 johnj joined #salt
13:20 racooper joined #salt
13:25 ssplatt joined #salt
13:29 Grauwolf joined #salt
13:30 ztychr joined #salt
13:30 ztychr joined #salt
13:36 dxiri joined #salt
13:37 tapoxi joined #salt
13:39 maestropandy left #salt
13:40 noituloveand joined #salt
13:41 maestropandy1 joined #salt
13:41 maestropandy1 left #salt
13:41 noituloveand curious what people are using for a gui these days. lots of (unmaintained) options and foreman seems like way overkill for my environment.
13:48 rgrundstrom noituloveand: If you are not gaming on it then Linux, I find the desktop versions is suitible for workstations. When you need to browse http and http stuff.... But other then that. Id use a console.
13:53 dxiri_ joined #salt
13:54 noituloveand rgundstrom: sorry, guess that was confusing. was wondering about guis for salt, not in general.
13:54 rgrundstrom noituloveand: Ahh, well no. Dont use that.
13:59 maestropandy joined #salt
14:00 maestropandy left #salt
14:00 swills joined #salt
14:00 swills joined #salt
14:01 swills joined #salt
14:01 swills joined #salt
14:03 mchlumsky joined #salt
14:07 manwe178 joined #salt
14:07 numkem joined #salt
14:07 manwe178 Hi all - probably more a Python question than Salt, but I'll try anyway - if you write an external module and want to unit test it, where would you put those tests?
14:08 ritz joined #salt
14:08 ztychr joined #salt
14:09 manwe178 e.g. I might put my module in <project_root>/srv/salt/_modules/my_module.py, and my tests in <project_root>/test/_modules/test_my_module.py - but I can't seem to get the unit test to import the module being tested
14:10 manwe178 I imagine maybe I need to put the custom module in some other structure (e.g. not within a _modules directory) and then use a state to put the module in place, I was just hoping I could avoid another state - I currently use Git to get the Salt configs onto the Salt master
14:13 dxiri joined #salt
14:13 toanju joined #salt
14:14 johnj joined #salt
14:14 sarcasticadmin joined #salt
14:17 cgiroua joined #salt
14:18 _aeris_ joined #salt
14:19 zerocool_ joined #salt
14:23 tiwula joined #salt
14:29 jas02 joined #salt
14:34 bushelofsilicon joined #salt
14:35 jas02 joined #salt
14:35 ztychr joined #salt
14:36 Rubin joined #salt
14:36 ztychr joined #salt
14:36 ztychr joined #salt
14:37 ztychr joined #salt
14:38 ztychr joined #salt
14:38 ritz_ joined #salt
14:40 bushelofsilicon hey all, is cmd.run a good way to run a python script, or should I be figuring out how to write a custom module?
14:42 XenophonF joined #salt
14:45 yujunz joined #salt
14:47 eseyman merki
14:47 randomnesia joined #salt
14:48 vexati0n bushelofsilicon: if it's just a script, I use cmd.script
14:56 bushelofsilicon vexati0n: thanks, cmd.script would be what I would want to use rather than run
14:57 mxork joined #salt
14:58 bushelofsilicon hmm, but if I wanted to use it to define a variable in jinga, would a module be better? Right now the script create a file with the data, but then I would have to read the file
14:59 vexati0n if you're interacting with a longer running salt process, then a module would probably make more sense
14:59 vexati0n or you could build the script with jinja using file.managed and then run it
15:00 yujunz joined #salt
15:02 Shirkdog joined #salt
15:03 bushelofsilicon hmm, I don't think file.managed would really give any benefit over cmd.script
15:03 MTecknology modules are easy to write and it sounds like you have a good excuse to learn :)
15:04 MTecknology cmd.script !~= file.managed
15:06 bushelofsilicon right, but file.managed and cmd.run vs cmd.script. But it would be just two different ways of passing in variables. But cmd.script would mean less yaml
15:07 vexati0n file.managed doesn't run the script... you can use it to write the script if you need to incorporate things you could get from jinja statements, that's all iw as saying ...
15:08 bushelofsilicon but I think the module is probably the way to go, since I can run the module and set the variable I need right in jinja, right?
15:09 bushelofsilicon Or is there a better way to do this? My end goal is to send the data to the event reactor
15:10 lordcirth_work vexati0n, you can use jinja in cmd.script too, though
15:11 ritz joined #salt
15:11 vexati0n sure but it's awkward if you have whole sections of the script that should change based on jinja statements, and not just variables or arguments here and there
15:11 lordcirth_work but that's the same with managing a script with file.managed
15:11 vexati0n i was forgetting the template= parameter
15:12 vexati0n it's still monday in my timezone :|
15:13 MTecknology bushelofsilicon: what type of data?
15:14 snc joined #salt
15:15 johnj joined #salt
15:15 MTecknology If you tell us what it is you're actually trying to do, we can give much better advice. There's a lot available in salt and what you might be after could be custom grains... but we can't know that without more details.
15:16 bushelofsilicon MTecknology: The script calculates an id based off of a certificate. However this is all done within a for loop that is going over a grain that contains a list of all the user accounts. So that data that needs to go down to the event reactor is the ID and the username
15:17 MTecknology that sounds more like mine data to me
15:18 MTecknology except for feeding persistent data to reactor, that bit doesn't sound right
15:18 DanyC joined #salt
15:19 drawsmcgraw joined #salt
15:20 dxiri joined #salt
15:20 bushelofsilicon I thought maybe I should look into the data mine, but I feel pretty reluctant to be sending the data separately from this operation
15:20 MTecknology You can use a module to generate data, mine to make it available on the master, and let the reactor access mine data; but the generation of persistent static data shouldn't become an event unless the module is able to determine if new values were rendered (which is gonna be needless complication)
15:22 MTecknology I actually /might/ have an example of doing that exact thing
15:23 kamellion joined #salt
15:23 MTecknology bushelofsilicon: err... I'm using custom grains and feeding /that/ into mine
15:25 bushelofsilicon the more I think about it the more it makes sense to be separating some of my operations out of the initial state
15:26 MTecknology https://github.com/MTecknology/saltstack-demo/blob/master/states/_grains/public_ip.py
15:28 MTecknology https://github.com/MTecknology/saltstack-demo/blob/95b9aebffa269879a814b37dcfe30605d1cf5c0c/states/sys/pkgs/openvpn.sls#L43
15:31 bushelofsilicon So what I'm trying to do is install and configure Syncthing per user on the computer. The configuration is generated and put in place for each user. Then when the user logs on, Syncthing runs for that user for the first time and generates a key and certificate. The Python script generates a device ID based on that certificate and then that ID gets sent up to the event reactor so that the config file on the server running the
15:32 bushelofsilicon and syncing can begin. I was reluctant to use grains for this since the only place that cares about the device id is the master config file, but I do only want to do this once per device id.
15:32 vexati0n yeah i'd really love it if Salt figured out a way to determine who usually uses the endpoint.
15:32 Brew joined #salt
15:33 MTecknology vexati0n: hm?
15:34 vexati0n MTecknology: nothing really. i have a few cases it would be cool if, for example, cmd.run had an option to run as the user currently logged in.
15:34 vexati0n instead of having to know ahead of time who that might be
15:34 MTecknology there are typically many users currently logged into a system
15:34 vexati0n yeah not for us, we're using salt for endpoint management
15:35 MTecknology you want salt to query the system to figure out if exactly one person is logged into an X11 (or other) session, grab the username, and arbitrarily run commands as them?
15:36 bushelofsilicon vexati0n: Doing something 'as someone else' is a touchy subject
15:36 MTecknology ^ +1
15:36 lordcirth_work vexati0n, what would this script do?  Curious
15:36 MTecknology send an email to the CEO about needing more coffee
15:36 bushelofsilicon vexati0n: what OS are your endpoints?
15:37 vexati0n but that's what system administrators are for. for example on Mac OS I'd like to have a state that installs Homebrew. But Homebrew isn't supposed to install as root, so I have to know which of the many user accounts present is the real user.
15:37 * MTecknology uses salt for managing servers as well as endpoints at home; also have a salt master managing an endpoint salt master
15:39 MTecknology bushelofsilicon: You cut off between "the server running the S" and "and syncing can begin."
15:39 vexati0n for now, I've edited salt-bootstrap.sh to work on Mac OS and set a grain with the output of $(whoami) so that later states can pick that up. But it would be cool if there was a cleaner way.
15:39 MTecknology there's probably a much cleaner way
15:40 vexati0n also i don't f with python so
15:40 vexati0n lol
15:41 MTecknology You're scared of python?
15:41 bushelofsilicon MTecknology: * the server running the Syncthing master can add the device id and syncing can begin
15:42 onlyanegg joined #salt
15:42 lordcirth_work vexati0n, on my Ubuntu workstation, "who | grep ':0' " seems effective
15:42 dxiri joined #salt
15:43 lordcirth_work Or maybe 'last' would be better, in case they're not on atm
15:44 vexati0n ":0" means nothing on macos
15:45 vexati0n but yeah i could do that but it amounts to the same thing
15:45 lordcirth_work vexati0n, surely there is some equivalent?
15:47 fritz09 joined #salt
15:48 numkem joined #salt
15:49 bushelofsilicon I think adding default grains that report information on users would be a great start to making Salt more endpoint management friendly
15:50 MTecknology bushelofsilicon: How well would Syncthing scale to thousands of devices connected over a T1 with wandering users?
15:53 aldevar left #salt
15:54 MTecknology vexati0n: What you said you want isn't something I think salt should ever consider having any logic for. If you care about what user is typically using an asset, then you should be using a directory service that integrates in some way with an asset management system and handle it strictly by assignments. When it comes to enterprise, there's a billion different tools available and infinitely more ways to
15:54 MTecknology bring them together. Systems are no longer designed to be single user and you need to deal with that logic if you want it to exist.
15:54 vexati0n MTecknology: but Salt already has the "runas" parameter, so your logic is basically silly.
15:54 bushelofsilicon MTecknology: I'm not sure, I have 60 users, 5 remote users and I'm just trying to get a replacement for Windows redirected folders and offline files. However Syncthing isn't really designed to specifically have a 'Syncthing Master' so there might be some way it could be done
15:55 lordcirth_work vexati0n, there is a vast difference between having 'runas' and trying to autodetect the active user
15:55 MTecknology vexati0n: that indicates you didn't understand what I said
15:56 MTecknology vexati0n: You're doing some weird hacking so that you can figure out what goes into -runas. I didn't say -runas is bad.
15:56 MTecknology I may have accidentally implied it earlier, but that wasn't intended.
15:56 vexati0n No, I get what you're saying. I just think your opinion is your own.
15:57 MTecknology I don't think you do get it, nor is that important, I guess.
15:57 bushelofsilicon MTecknology: The talk of the town is that it might be possible to do away with separate directory services and just use configuration management for user management
15:58 vexati0n There are other ways to manage endpoints, but I'm not using those, I'm using this one. I don't see any value in running an entire directory service just to automate boilerplate and templated actions for user environment setup.
16:00 vexati0n We do have a directory service but that's for access control and auditing. I don't need it in configuration management except where it provides attributes that are helpful in setting up user access & environments
16:00 vexati0n but anyway. it would be neat. :P
16:00 MTecknology bushelofsilicon: In every environment I've ever worked in, that sounds like a pretty horrible idea. I have a client that's done that and it's nothing but a horrible mess. A buddy has a client that is an ideal candidate for something like that.
16:02 XenophonF bushelofsilicon: don't do it
16:02 MTecknology vexati0n: right, so you entirely didn't understand what I said and seem to have no interest in actually finding a good solution so this seems moot, ya?
16:02 XenophonF i've done it in my aws environment, and it sucks so bad
16:02 XenophonF i have no way to sync passwords
16:03 XenophonF required for sudo
16:03 XenophonF so i have to capture the hashes from an existing system and copy that into pillar, then push those back out to everything else
16:03 MTecknology XenophonF: aws is the only way I could see it making sense, and only if most of your servers exist for a very short period of time.
16:04 XenophonF that's exactly what i'm doing, and it sucks
16:04 XenophonF i guess i could not require passwords for sudo
16:04 MTecknology bushelofsilicon: lemme rephrase
16:04 MTecknology bushelofsilicon: that sounds like a pretty horrible idea. **
16:05 XenophonF but tbh i'm going to rip this apart real soon now and put in a proper federated directory service.  with blackjack.  and firetrucks.
16:05 MTecknology gonna blog about it for me? :)
16:05 XenophonF yes
16:05 MTecknology Could you pretty please ping me with a link? :D
16:05 XenophonF actually i'll write it up for the next Internet2 Global Summit or Technology Exchange
16:06 XenophonF plan is to deploy Proconsul and use temp credentials for all remote admin access
16:06 XenophonF Linux and Windows
16:06 XenophonF fully integrated with our federated collaboration management system
16:06 XenophonF and then i'm taking people's admin accounts away from them bwahahahahaha
16:07 bushelofsilicon MTecknology: Yeah idk, I'm still using Active Directory. In my mind, user creation should be done by HR anyways so one would have to create some serious abstractions
16:08 MTecknology I have a pillar list of users w/ uid, gid, ssh pubkey, home dir, 2fa pubkey, and pw hash that I use for managing local admin users.
16:09 XenophonF use salt to configure sssd :-D
16:09 MTecknology At $old_job, I did exactly that for admin users, and then sssd-ad for everything else.
16:09 XenophonF MTecknology: what are you using for MFA?  I was thinking about using TOTP for sudo
16:10 MTecknology sssd is sexy bizness whenever you finally get it working
16:10 XenophonF but the PAM module from Google looks like crap.
16:10 MTecknology gauth
16:10 XenophonF thx
16:10 MTecknology I used that for sudo as well
16:10 MTecknology gimme a sec
16:12 debian112 joined #salt
16:13 MTecknology https://github.com/MTecknology/saltstack-demo/blob/master/states/sys/users/init.sls#L78 & #L18 && https://github.com/MTecknology/saltstack-demo/blob/master/data/etc/pam.d/su#L9
16:14 DanyC joined #salt
16:14 MTecknology You can do things like require "<pass><space><2fa>" as the password field or require them as two separate entries, you can require them in either order whether combined or separate.
16:16 johnj joined #salt
16:18 choke joined #salt
16:19 omie888777 joined #salt
16:20 doubletwist ok so I have separate private git repos for our /srv/pillar and /srv/salt data [and likely /srv/reactor eventually] - but what's the best way to handle a mix of self-written and 3rd party formulas?
16:21 doubletwist I"ve been just downloading the zip and unzipping them in /srv/salt and letting them be part of that one big git repo that had everything but pillar
16:21 MTecknology My personal opinion: don't use 3rd party formulas; problem solved
16:22 MTecknology usually 3rd party modules are available as git repos
16:22 DanyC joined #salt
16:22 pbandark is it possible to specify user:group for the directory which gets created using `temp.dir` execution function ?
16:22 MTecknology s/modules/forumlas/*
16:22 doubletwist yes, but if I do a git clone within my git repo it screws things up [I'm a total git noob]
16:23 MTecknology you probably have duplicate file names showing up at the same level and they'r probably being merged in weird ways
16:23 rgrundstrom_home joined #salt
16:24 rgrundstrom_home Good afternoon everyone.
16:24 doubletwist plus, sometimes I have to make changes to the 3rd party formula, I'd like that to be tracked in our git repos.
16:24 MTecknology submodules
16:24 doubletwist And I get the impression that many folks recommend maintaining a separate git repo for each formula - which I'm down with but I'm not clear on how that would work procedurally
16:24 rgrundstrom_home Im trying to do: {{salt['pillar.get']('server:settings:network:{}:set_ipaddress')}} where {} should be any... Does not seem to work how ever. Suggestions?
16:25 MTecknology rgrundstrom_home: What does "where {} should be any..." mean?
16:26 rgrundstrom_home {} is equal 'ens3' in my case. I use it to set network settings.
16:26 MTecknology Are you wanting to do a loop over the keys in server:settings:network?
16:26 MTecknology oh.. just string formatting?
16:26 MTecknology You can use {{salt['pillar.get']('server:settings:network:' ~ foo ~ ':set_ipaddress')}}
16:27 rgrundstrom_home Well since interface name is random accross diffrent dist and version I dont want it to be a factor here.
16:28 rgrundstrom_home So {{salt['pillar.get']('server:settings:network:{}:set_ipaddress')}} instead of
16:28 rgrundstrom_home {{salt['pillar.get']('server:settings:network:ens3:set_ipaddress')}}
16:28 rgrundstrom_home Were {} is *
16:29 rgrundstrom_home MTecknology: MAke any sense? :p
16:29 MTecknology you know there's a module for network stuff, ya?
16:30 MTecknology (like listing interfaces)
16:30 rgrundstrom_home MTecknology: I know... But i like doing stuff on my own :)
16:31 Processus42 joined #salt
16:31 MTecknology I have something on my blog about that - tl;dr- "Don't Repeat Yourself"
16:32 MTecknology Why re-invent the wheel in a strange and confusing way when you already have the tools you need written by people that have spent time running into the things that make it break and have fixed it?
16:32 rgrundstrom_home MTecknology: Doing the misstakes yourself is called learning.
16:33 MTecknology as long as you don't put it in production..
16:34 rgrundstrom_home MTecknology: No, anything i put into production goes thru heavy testing before I use it :)
16:34 deftjack joined #salt
16:35 deftjack https://paste.fedoraproject.org/paste/tv1xlCBWGicao1fIWUOWSw   Not sure what I could be doing wrong. The user.present state associated with it is working fine. Is this maybe a bug in the ssh_auth.present?  Ive tried numerous changes to the config but they all result in this error.
16:36 bushelofsilicon MTecknology: What about creating a beacon for when a cert is generated for each user? Would I be able to generate my device ID and send it up in that event? Or would that event trigger my module to generated the device id, which send up another event with the device id for the syncthing master?
16:38 MTecknology bushelofsilicon: If you only need the data to reach the master once for the reactor to do something with, then you could have your custom script just run salt-event and push the data the reactor needs across the event bus and be done.
16:38 MTecknology deftjack: that's a javascript-only pbin site; doesn't render for me
16:40 deftjack https://gist.github.com/anonymous/026964c5dd8fa4051f18bb6bdb7d4916    This better?
16:41 deftjack side note: Im 1 week new to salt so sorry if Im missing something basic.
16:41 MTecknology what version of salt are you using?
16:42 deftjack salt 2016.11.2 (Carbon)
16:42 Lionel_Debroux joined #salt
16:42 deftjack Im at the mercy of the admins for the version atm.
16:42 lordcirth_work deftjack, are you sure that master and minion versions match?
16:43 motherfsck joined #salt
16:43 deftjack Yes  salt-minion --version   salt-minion 2016.11.2 (Carbon)
16:43 iggy can you paste any more than that?
16:43 lordcirth_work I haven't seen the /%h/ notation before, is that $HOME?
16:43 deftjack Yes its home: https://docs.saltstack.com/en/2016.11/ref/states/all/salt.states.ssh_auth.html
16:44 deftjack iggy: More of the yaml?
16:44 iggy yes
16:44 lordcirth_work Interesting
16:44 MTecknology deftjack: I'd wrap that in quotes, but probably not the problem
16:44 deftjack Its jsut a user state above it which btw works fine but moment....
16:45 lordcirth_work Yeah, quote all the strings and try again, just to be safe
16:45 deftjack never used this paste not sure atm how to update...
16:45 MTecknology oh...
16:45 MTecknology file.managed can handle source as a list, but I don't see that logic for ssh_auth.present
16:45 lordcirth_work deftjack, you can only edit gist if you do it as a user, I think
16:45 iggy source shouldn't be a list
16:46 bushelofsilicon MTecknology: I hadn't though of that before, but I think it does make more sense to separate the device id calculation from the state since the cert will only be created after the user logs on
16:46 deftjack lordcirth_work: ah!
16:46 MTecknology bushelofsilicon: sounds like a logon script to me!
16:46 deftjack iggy: I tried dropping that down to just one. I was attempting to do an override. It still failed but let me double check.
16:46 iggy deftjack: - source: salt://.... (instead of how you have it on 2 lines)
16:47 onlyanegg joined #salt
16:47 deftjack Yah I was doing two salt: references so I could pick up a custom file if present. Let me put it back to just the one.
16:47 schemanic joined #salt
16:48 iggy following the code path, that's the only thing I can see able to throw that error
16:48 iggy (it goes through the ssh -> cp modules)
16:49 deftjack So I do the source: as a list in other areas so I can pick up custom configurations to "override" the default. I just assumed it would work here too.
16:49 deftjack but...
16:49 choke Hy everyone - I have a master, which works on 2017.7.1, however the moment I install awscli via apt-get, pip or through salt I get a bunch of boto_elbv2 issues.   Anyone else experiencing this same issue or any known fixes?
16:49 iggy deftjack: not a bad feature request (if for no other reason than to make it match)
16:49 deftjack Yep that was it. Well damn. So I have to come up with another way to do this. I use this method for custom sshd_configs no problem.
16:50 deftjack Thanks for the debugging. =)
16:53 iggy if you really wnt that support, it probably wouldn't be hard to add, then just put that custom module in <file_roots>/_states
16:53 bushelofsilicon MTecknology: If I have it run at each logon then the script would need to determine if it has been run before so it wouldn't be firing off useless events all the time. Hmm, well I guess I could add it to the RunOnce key
16:54 MTecknology I imagine you could just look at what's in file.managed and almost copy/paste it :)
16:56 deftjack Ill take a look in that. Thanks again.
16:56 morissette joined #salt
17:09 numkem joined #salt
17:15 csmule joined #salt
17:16 pbandark what is recommeded way to set ulimit configuration for any user? i am creating file "/etc/security/limits.d/30-oracle.conf" followed by execution of oracle installer. but, it fails with an error about ulimit configuration. so it seems the configuration from "30-oracle.conf" is not effective while execution of state file.
17:17 johnj_ joined #salt
17:17 numkem joined #salt
17:17 iggy make sure whatever you are doing is running as the oracle user
17:18 iggy you can always su to the oracle user to check ulimits are actually getting set
17:19 ritz joined #salt
17:21 pbandark iggy: from oracle user it seems its reflected:
17:22 pbandark https://paste.fedoraproject.org/paste/JxgH-bFk9~3asW82dLRNMQ
17:24 high_fiver joined #salt
17:29 bushelofsilicon MTecknology: is a beacon the wrong tool for this because I only need an event once per user?
17:29 sjorge joined #salt
17:29 iggy that doesn't seem like a reason to discount a beacon
17:30 pbandark the approach which I have taken to set ulimit for the user is correct ?
17:30 iggy I guess it depends how many users vs amount of effort to write it
17:30 iggy pbandark: sorry, was talking to bushelofsilicon
17:31 iggy pbandark: not sure why your stuff isn't working
17:32 pbandark ok. it works if i manually execute the stage1 command from oracle user
17:32 debian1121 joined #salt
17:33 bushelofsilicon iggy: so MTecknology was just suggesting running the script at logon because in case it was a easier/simpler solution?
17:35 numkem joined #salt
17:37 deftjack left #salt
17:38 DanyC_ joined #salt
17:42 iggy pbandark: I'd probably try playing with the shell setting (to make it look more like cmd.shell)
17:43 astronouth7303 HEY SALT. WHY CAN"T YOU PROPERLY ENCODE COMPLEX DATA?
17:43 pbandark ok
17:44 numkem joined #salt
17:45 iggy bushelofsilicon: I didn't read the whole scrollback, just replying to the last of your messages
17:45 iggy astronouth7303: ask python
17:45 astronouth7303 pyyaml is perfectly capable of handling dicts, lists, and strings
17:45 astronouth7303 |yaml_encode, however, refuses to handle this case
17:46 schemanic Hey, not strictly salt, but does anyone here work with apache and maybe apache-formula from the salt formula repo?
17:46 iggy schemanic: in the sense of avoiding it...
17:46 _aeris_ joined #salt
17:47 schemanic I ran a state that installs mod_ssl, and that generated an ssl.conf file in /etc/httpd/conf.d/ssl.conf
17:47 schemanic but the state doesn't call anything in salt that renders that file
17:47 iggy the package installs that file or the formula does?
17:48 iggy because that seems like somethign the package would do (as it's a pretty specific path)
17:49 schemanic iggy, well thats what I'm trying to understand. There are no states that I can find that relate to deploying ssl.conf. However, the formula DOES include ssl.conf, so I don't know if the file came stock with the package, or if it was rendered by the formula.
17:50 astronouth7303 if nothing anywhere mentions "ssl.conf", then it can't be installed by salt. Salt doesn't do magic like that.
17:50 whytewolf schemanic: centos/redhat by chance?
17:50 schemanic whytewolf, yeah Amazon Linux, close cousin
17:51 whytewolf it came with the mod_ssl package
17:51 schemanic astronouth7303, whytewolf, iggy, yeah thats what I thought.
17:51 schemanic ugh, this formula, they include an ssl.conf under salt://apache/files/RedHat even
17:51 schemanic but they don't do anything with it
17:53 whytewolf most people i know never touch the one that is included with mod_ssl they create another that more directly controlls what they are trying to edit
17:54 whytewolf which the apache.mod_ssl module looks like it has an option for
17:54 kamellion joined #salt
17:55 fullstop is there any way to figure out the "default" user on an ubuntu or debian system?
17:55 fullstop That is, the one with uid 1000 ?
17:57 schemanic whytewolf, our deploy code (currently running outside of salt) writes it's own virtualhost file with the SSL directives in it.
17:58 iggy fullstop: walk over the output of `user.getent`?
17:58 whytewolf schemanic: that is normal the ssl.conf that is created should not interfear with that
17:58 kamellion joined #salt
17:59 schemanic right, the more specific directive 'wins' right? kindof like CSS
17:59 whytewolf well, local before global. but yes
18:01 fullstop iggy: sounds painful
18:01 iggy sounds like something most people wouldn't normally need/want to do
18:02 fullstop I suppose that I could create the user so that I know what it is..
18:03 _KaszpiR_ joined #salt
18:06 MTecknology bushelofsilicon: it might be possible to use a beacon, but it sounds like it'll probably be extra effort for no gain; you're already running a script that does something and just including a call to salt-event. With a beacon, you'll need to figure out how to make the beacon aware of the change.  It's possible, and probably not too hard, but I'd argue that there's no point.
18:08 wedgie having trouble with selinux.fcontext_policy_present. State config and error output here. https://gist.github.com/anonymous/c93bceab8e11185fc3cf2474adfef078 Salv v 2017.7.1. Any suggestions? I've tried setting filetype explicitly, but no change.
18:14 schemanic hey, is there a word that collectively describes all of the files required for SSL?
18:15 whytewolf wedgie: file a bug report. that is a bug. [there is no filetype_id_to_string function in selinux module. there is a _filetype_id_to_string function which means it is meant to be private]
18:16 wedgie doh! Ok, will do.
18:17 johnj_ joined #salt
18:18 onlyanegg joined #salt
18:20 _JZ_ joined #salt
18:24 XenophonF oh happy day - salt 2017.7.1 is available for FreeBSD!!!
18:27 sjorge joined #salt
18:32 wedgie whytewolf: looks like it may have already been reported https://github.com/saltstack/salt/issues/42505   Applying the patch there seems to have resolved it, though I might open a bug anyway because on the first run through it produces some error messages that seem like they aren't errors... specifically that the call to egrep (looking to see if the rule already exists) exits with status 1... which it should
18:32 wedgie since the rule doesn't exist yet.
18:35 cyborg-one joined #salt
18:39 kamellion joined #salt
18:43 kamellion joined #salt
18:52 oida_ joined #salt
18:52 swa_work joined #salt
18:55 systemexit joined #salt
18:58 DammitJim joined #salt
19:00 systemexit joined #salt
19:00 onlyanegg joined #salt
19:02 notiuloveand joined #salt
19:02 nixjdm joined #salt
19:09 kamellion joined #salt
19:13 onlyanegg joined #salt
19:13 kamellion joined #salt
19:18 johnj_ joined #salt
19:28 numkem joined #salt
19:28 jbailey joined #salt
19:34 toanju joined #salt
19:43 newglasses joined #salt
19:44 impi joined #salt
19:46 newglasses Hello.  I'm trying to do includes from my init.sls file and no matter what I try, I get:  Specified SLS <path or filename depending on what I try> in saltenv dev is not available on the salt master or through a configured fileserver
19:46 newglasses If I list files, my target is there.
19:47 newglasses gitfs, which works great normally
19:47 newglasses Anyone encountered this before?  Any clues?  Debugging hints?
19:47 nixjdm joined #salt
19:48 astronouth7303 newglasses: what's your gitfs configuration?
19:49 astronouth7303 you sometimes have to be really explicit about git branches mapping to saltenvs
19:51 newglasses Astronouth, thanks.  Well part of the point of using gitfs is it's automatic in mapping things to saltenvs, and that has worked.  But here it is:
19:52 newglasses well actually, nothing, just server and provider (pygit2), key paths
19:52 baffle joined #salt
19:52 newglasses Most basic config, and it works great
19:54 drawsmcgraw joined #salt
19:57 noraatepernos joined #salt
19:58 debian112 joined #salt
20:01 newglasses Not sure what I need to be explicit about in mappings.
20:05 izibi joined #salt
20:08 schemanic Style question: When I need to do something like parameterize a URL via a pillar value, should I put the URL being parameterized in the corresponding state, or should I build up that URL out of pillar values?
20:09 schemanic also, is it possible to parameterize pillar with jinja and should one do so?
20:09 schemanic chef does it like this, where it's 'pillars' seem to be able to reference themselves
20:10 schemanic "http://softlayer-dal.dl.sourceforge.net/project/liquibase/Liquibase%20Core/liquibase-#{node[:liquibase][:version]}-bin.tar.gz"
20:11 sjorge joined #salt
20:19 johnj_ joined #salt
20:22 frygor_ joined #salt
20:27 oida joined #salt
20:36 bushelofsilicon anyone know if it is possible to use cmd.script to run a python script (using's salt's python) on windows? without having to edit the registry. I've tried doing something things with environment variables within cmd.script but no luck
20:40 heaje bushelofsilicon: I'd imagine you'd just do something like "cmd.script <path_to_salts_install_of_python>\bin\python.exe <path_to_python_script>"
20:41 heaje bushelofsilicon: Note that I do not run salt on windows
20:41 heaje so I'm just guessing here
20:47 nixjdm joined #salt
20:48 bushelofsilicon heaje: hmm, I'll try it on the id. You can't do that on the name because it drops the first part
20:48 heaje bushelofsilicon: I just realized that although you wrote cmd.script, I was thinking cmd.run.
20:48 heaje You could probably take what I wrote and toss it out the window entirely
20:49 bushelofsilicon ah, yeah to me it seems like only the salt:// path would be expected for the id, but I'll try it
20:56 bushelofsilicon yep, no luck. Looks like I'm going to have to send the script down and do cmd.run
20:57 astronouth7303 wait, you wanted to execute a `salt://` file?
20:58 astronouth7303 ah, ok, i see
20:58 astronouth7303 bushelofsilicon: try setting `shell`?
21:11 bushelofsilicon astronouth7303: no go, I'm highly suspicious that doesn't do anything on windows
21:12 astronouth7303 i'm not
21:12 astronouth7303 i mean, i'm not surprised
21:13 astronouth7303 maybe file an issue?
21:14 jas02 joined #salt
21:16 jas02_ joined #salt
21:16 astronouth7303 especially python, that can be a problem
21:19 justan0theruser joined #salt
21:20 jas02 joined #salt
21:22 kamellion joined #salt
21:22 jas02_ joined #salt
21:23 bushelofsilicon I got it to work, at least on one computer, I don't know if it will work on computers with only the salt python installed
21:24 bushelofsilicon adding a shebang with the right path to python worked, but I also have python3 installed on this computer
21:27 jas02_ joined #salt
21:30 jas02__ joined #salt
21:30 whytewolf - template:jinja and in the shabang line the windows version of #!{{salt.cmd.run('which python')}}
21:31 jas02 joined #salt
21:34 noraatepernos joined #salt
21:34 fl3sh joined #salt
21:35 jas02_ joined #salt
21:35 mayk joined #salt
21:41 astronouth7303 ugggg i need a version of `file.managed` that can cycle windows services so it doesn't bump into the windows binary locks
21:43 jas02 joined #salt
21:43 whytewolf astronouth7303: service.dead as a prereq with a service.require as a watch?
21:43 astronouth7303 is that how you order it?
21:43 astronouth7303 i've just been using yaml branches
21:43 whytewolf https://docs.saltstack.com/en/latest/ref/states/requisites.html#prereq
21:43 astronouth7303 which has been a giant hack
21:44 whytewolf prereq is like onchanges but happens before the state
21:44 jas02 joined #salt
21:44 astronouth7303 oh ok
21:44 astronouth7303 handy
21:45 astronouth7303 conditional definition of states is Not Fun
21:45 jas02 joined #salt
21:47 jas02_ joined #salt
21:47 nixjdm joined #salt
21:48 kamellion joined #salt
21:53 whytewolf huh, that is a feature i missed in 2017.7
21:53 whytewolf that could actually be kinda cool
21:54 whytewolf https://docs.saltstack.com/en/latest/ref/states/requisites.html#retrying-states
21:55 astronouth7303 handy
21:55 astronouth7303 hm, of course, watch_in fails if the state doesn't exist
21:56 whytewolf well, yeah
21:56 jas02 joined #salt
21:56 astronouth7303 i need to install and configure software on several boxes, but only a subset of those actually run it
21:56 astronouth7303 and all of them run windows
21:58 jas02 joined #salt
21:58 astronouth7303 (a live/warm spare configuration)
21:59 whytewolf so you have the service.running in a test to see if it is the one that is running this other wise the service.running is rendered out right?
21:59 DanyC joined #salt
22:00 whytewolf sounds like the service.running needs the watch instead of the thing it is watching having watch_in
22:00 astronouth7303 yeah, that's what i'm doing
22:00 astronouth7303 and i'm doing it by grain, so the enabled/disabled configuration is in a pair of sls files (live and spare)
22:07 astronouth7303 thanks for the prereq pointer, though, it's cleaned up a _lot_
22:11 whytewolf np
22:12 cyborg-one joined #salt
22:14 jas02 joined #salt
22:15 kamellion joined #salt
22:17 drawsmcgraw joined #salt
22:21 johnj_ joined #salt
22:24 pbandark for me ulimit confiured using state file with "/etc/security/limits.d/30-oracle.conf" is not reflecting and hence, subsequent salt state fails. after little search(https://github.com/saltstack/salt/issues/9436) it seems to be its required to restart salt-minion in order to have new ulimits. is it true?   what is recommended way to set ulimit using salt?
22:31 absolutejam Evening
22:32 absolutejam Quicky - Is there any way to make salt execution modules 'stateful' in Orchestrate runs?
22:46 yujunz joined #salt
22:47 nixjdm joined #salt
22:50 yujunz joined #salt
22:57 yujunz joined #salt
22:59 ssplatt joined #salt
23:02 noraatepernos joined #salt
23:03 yujunz joined #salt
23:10 zerocool_ joined #salt
23:22 johnj_ joined #salt
23:26 hoonetorg joined #salt
23:29 noraatepernos joined #salt
23:33 felskrone joined #salt
23:34 shoemonkey joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary