Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2017-09-26

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:17 smead joined #salt
00:18 morissette joined #salt
00:22 wavded joined #salt
00:30 prg3 joined #salt
00:30 johnj_ joined #salt
00:30 mikecmpbll joined #salt
01:31 johnj_ joined #salt
01:55 ilbot3 joined #salt
01:55 Topic for #salt is now Welcome to #salt! <+> Latest Versions: 2016.11.7, 2017.7.1 <+> Support: https://www.saltstack.com/support/ <+> Logs: http://irclog.perlgeek.de/salt/ <+> Paste: https://gist.github.com/ <+> See also: #salt-devel, #salt-offtopic <+> We are volunteers and may not have immediate answers
02:01 brent_ joined #salt
02:05 onlyanegg joined #salt
02:07 zerocool_ joined #salt
02:10 zerocoolback joined #salt
02:11 zerocoolback joined #salt
02:13 zerocoolback joined #salt
02:14 zerocoolback joined #salt
02:32 johnj_ joined #salt
02:33 jas02 joined #salt
02:40 sh123124213 joined #salt
03:02 tiwula joined #salt
03:05 evle joined #salt
03:11 squishypebble joined #salt
03:28 pipps joined #salt
03:30 onlyanegg joined #salt
03:33 johnj_ joined #salt
03:36 zerocool_ joined #salt
03:44 onlyanegg joined #salt
03:48 jlaffaye joined #salt
04:34 johnj_ joined #salt
04:47 pipps joined #salt
04:49 Guest95 joined #salt
05:01 justanotheruser joined #salt
05:14 Ricardo1000 joined #salt
05:22 Bock joined #salt
05:25 nocaberi joined #salt
05:35 johnj_ joined #salt
05:44 zerocool_ joined #salt
05:45 zerocoolback joined #salt
06:15 aldevar joined #salt
06:17 aldevar left #salt
06:28 jocsch joined #salt
06:36 ecdhe joined #salt
06:36 johnj joined #salt
06:37 jocsch Hello. I have a short question. Is there any possibility within a salt state to accept different return / exit codes? For a specific use case i need to run a program which returns different success / error codes then 0 or 1. Thanks...
06:41 jas02 joined #salt
06:43 do3meli joined #salt
06:44 do3meli left #salt
06:48 nku jocsch: everything but 0 should be an error
06:51 schasi joined #salt
06:56 pipps joined #salt
07:01 Guest13618 left #salt
07:01 jlaffaye joined #salt
07:03 Yoda-BZH joined #salt
07:03 Yoda-BZH joined #salt
07:05 babilen joined #salt
07:13 zerocoolback joined #salt
07:13 aldevar joined #salt
07:19 Muir joined #salt
07:22 maestropandy joined #salt
07:22 zerocoolback joined #salt
07:23 Dereckson joined #salt
07:24 jas02 joined #salt
07:26 jas02 joined #salt
07:27 maestropandy left #salt
07:29 lubyou joined #salt
07:30 robman joined #salt
07:33 Dereckson joined #salt
07:34 Hybrid joined #salt
07:37 johnj joined #salt
07:51 schasi joined #salt
07:55 jocsch And this can't be changed?
07:56 mikecmpbll joined #salt
07:58 rgrundstrom Good morning everyone.
08:02 usernkey joined #salt
08:04 Naresh joined #salt
08:05 ikarpov joined #salt
08:06 sh123124213 joined #salt
08:20 usernkey joined #salt
08:20 oida joined #salt
08:36 Mattch joined #salt
08:38 bbradley joined #salt
08:39 johnj joined #salt
08:42 _KaszpiR_ joined #salt
08:44 Ricardo1000 joined #salt
08:50 Rumbles joined #salt
09:00 felskrone joined #salt
09:01 maestropandy1 joined #salt
09:01 maestropandy1 left #salt
09:02 CEH joined #salt
09:02 gmoro joined #salt
09:02 losh joined #salt
09:05 froztbyte joined #salt
09:05 pbandark joined #salt
09:20 cyborg-one joined #salt
09:23 absolutejam There are ways around that jocsch, but you'd have to be creative
09:23 absolutejam You can do cmd.run with 'stateful: True and add your own return info
09:24 absolutejam Eg: - name: mybinary -
09:24 absolutejam Hit enter too soon. Stupid phone
09:26 smead joined #salt
09:30 yuhl joined #salt
09:35 Muir joined #salt
09:38 zerocoolback joined #salt
09:40 johnj joined #salt
09:43 mk-fg joined #salt
09:43 mk-fg joined #salt
09:49 remyd1 joined #salt
09:50 remyd1 Hi
09:50 remyd1 I am looking at the cron salt states
09:51 remyd1 I would like to execute a script every day by moving it in cron.daily
09:51 remyd1 Is keyword '@daily' is the appropriate way to do it ?
09:51 remyd1 within cron state
09:51 remyd1 ?
09:53 remyd1 Ref : https://docs.saltstack.com/en/latest/ref/states/all/salt.states.cron.html
09:54 remyd1 "The script will be executed every reboot if cron daemon support this option."... Obviously, I do not want to reboot every day.
09:56 whytewolf remyd1: the example for that is bad. @reboot is the speciel for do this on reboot. not @hourly [which is what the text you are pointing out is about]
09:57 whytewolf @daily runs at midnight
09:58 whytewolf it is a nonstandard cron macro
09:58 remyd1 whytewolf, Ok. So it would be like something like this : https://paste.debian.net/987802/
09:58 remyd1 But it won't be located in /etc/cron.daily
09:58 remyd1 ?
09:59 whytewolf no it won't
09:59 whytewolf the cron state controlls the crontab function.
10:00 remyd1 Ok, I see. So the good way to use /etc/cron.daily is to use file.managed + service.running to restart cron ?
10:00 whytewolf you don't need to restart cron if you add anything to and of the /etc/cron.* directories
10:00 whytewolf they will just get picked up next time cron runs
10:00 remyd1 Otherwise everything will go in /var/spool/cron ?
10:01 remyd1 Ok
10:02 whytewolf for most cron systems. the /etc/cron.* directories are just a cron script that runs from /etc/crontab anyway
10:02 whytewolf or some other system crontab file
10:03 remyd1 whytewolf, thanks
10:03 niluje joined #salt
10:03 whytewolf no problem
10:04 whytewolf now the real mystery. why am i still awake at 3am
10:06 niluje left #salt
10:06 remyd1 lol
10:39 jlaffaye joined #salt
10:41 johnj joined #salt
10:50 esharpmajor joined #salt
10:56 sh123124213 joined #salt
10:59 chowmeined joined #salt
11:04 evle joined #salt
11:13 kinganmi joined #salt
11:22 CeBe hi, what would be the best way to specify two different states for the same file, e.g. https://gist.github.com/cebe/1c3d1e4df62e10642d8401d3e706b622 salt is complaining about "ID ... contains multiple state declarations of the same type"
11:23 CeBe its clear that I can name them file_1 and file_2 and give the filename in "name:" but is there a way that allows me to keep the onchanges to refer to the real file name?
11:24 ecdhe joined #salt
11:24 whytewolf CeBe: requisites work on either state id or name. so yes you can still look for the name.
11:25 CeBe whytewolf: oh nice, thought that was not possible, will try that
11:26 whytewolf https://docs.saltstack.com/en/latest/ref/states/requisites.html#requisite-matching
11:29 CeBe cool, thanks! :)
11:31 whytewolf personally i typically try and avoid more then one state touching the same file.
11:40 obitech joined #salt
11:42 johnj joined #salt
12:04 mikecmpb_ joined #salt
12:13 pbandark hello all..  how to specify "service_account" from salt cloud profile for google compute? i tried specifying "ex_service_accounts" but, still instance is deployed with default value. https://paste.fedoraproject.org/paste/nBHlLHbjlLZpc2N2ehGJBg
12:15 Nahual joined #salt
12:15 impi joined #salt
12:23 zerocoolback joined #salt
12:23 m4rk0 joined #salt
12:24 m4rk0 Hello
12:25 m4rk0 Since CentOS 7.4 I'm getting this error on salt-call https://gist.github.com/anonymous/483908b24a369a31b3d2d5ddcb77fc56
12:26 m4rk0 How to find what/who is trying to run cmd?
12:27 Guest95_ joined #salt
12:29 smead joined #salt
12:34 coredumb Hey folks
12:35 coredumb how do you manage the automatic acceptation of your new minions on your master on non salt-cloud deployments?
12:36 m4rk0 coredumb, /etc/salt/autosign.conf ?
12:39 jmb13562 joined #salt
12:39 m4rk0 It seems like root can't have /bin/false shell since CentOS 7.4 to execute highstate :/
12:42 wavded joined #salt
12:43 johnj joined #salt
12:43 morissette joined #salt
12:45 coredumb m4rk0: oh yeah that's actually workable I guess
12:45 coredumb mmmh wait not really
12:47 edrocks joined #salt
12:48 dwfreed joined #salt
12:48 marwel joined #salt
12:48 Felgar joined #salt
12:52 Rumbles joined #salt
12:53 corezero joined #salt
12:54 m4rk0 coredumb, are You sure? https://docs.saltstack.com/en/latest/ref/configuration/master.html#autosign-file
12:55 m4rk0 bonus: https://www.reddit.com/r/saltstack/comments/3jeggp/automating_key_acceptance/
12:55 m4rk0 :D
12:56 coredumb m4rk0: actually I meant in my setup :) I think using the API may make more sense
12:58 promorphus joined #salt
13:00 justanotheruser joined #salt
13:03 numkem joined #salt
13:05 absolutejam How reliable are long running minions processes (modules) with salt?
13:05 absolutejam If I say wanted to run a command, wait 10 minutes then run another, could I experience some issues?
13:05 absolutejam Thinking Windows hosts mostly
13:09 justanotheruser joined #salt
13:09 JawnAuz In my experience running exclusively Winions, long-running commands sometimes need some assistance or compensating return management to confirm the job completed, and it can sometimes be best to start everything off with a test.ping-style of "wake-up" command first.
13:10 kuromagi joined #salt
13:16 racooper joined #salt
13:16 XenophonF absolutejam: I haven't had problems kicking off long-running jobs on Windows minions.
13:17 XenophonF You probably want to run them with --async and then monitor progress with the jobs runner.
13:17 XenophonF But that's the same as on Linux/Unix.
13:22 mchlumsky joined #salt
13:28 jmb13562 joined #salt
13:31 heyimawesome joined #salt
13:32 XenophonF I've also successfully called long-running jobs via the minion's scheduler, e.g., to run an AD FS metadata synchronization process (which can take upwards of 30 minutes).
13:33 JawnAuz Yeah, I prefer to use the minion scheduler when I can. Though I'm still in super learning-mode. :) Works great so far, though.
13:33 XenophonF YMMV
13:34 XenophonF I used the minion scheduler b/c it was easier than scheduling something in the Windows Task Scheduler.
13:34 JawnAuz I've definitely gotten more done with Salt than I've been stuck on, though.
13:34 JawnAuz For sure.
13:35 coreteam joined #salt
13:35 JawnAuz What I can't do/figure out, I sometimes just setup logic to kick off PowerShell to do for me.
13:37 XenophonF I get a lot of mileage out of abusing file.managed and cmd.script, that's for sure.
13:38 XenophonF But it's nicer when there's native support for stuff.
13:42 saltnoob hey guys how do you create a dictionary in a state ive tried set name = "key":"value" but it does not seem to like it
13:43 saltnoob it complains about the :
13:43 obitech saltnoob what do you mean by that? Do you want to save it in a jinja variable? might be good to post your state in a gist
13:43 babilen saltnoob: foo = {'k': v}
13:44 johnj joined #salt
13:45 saltnoob oh no quotes around the value ?
13:45 saltnoob I currently have this
13:45 saltnoob https://gist.github.com/
13:45 saltnoob woops
13:45 saltnoob https://gist.github.com/DrunkenAngel/372be664d44e38906fa9219e9451dba6
13:45 obitech try putting {} around
13:46 obitech set userfriendly = { .... } %}
13:46 babilen You have to declare a dictionary ^^^^
13:46 babilen I'd also use a space after :, but that's not necessary
13:48 tapoxi joined #salt
13:49 saltnoob awesome thanks :D new to dictionarys
13:52 onlyanegg joined #salt
13:53 morissette joined #salt
13:53 JawnAuz Speaking of cmd.script... if I kick off a PowerShell script that normally takes about 2-4 minutes to run, is there a example of how to follow that job after the initial command timeout? I know there's the job log, but not sure how to reference it in a state as being completed.
13:55 msn joined #salt
13:55 mdpolaris joined #salt
13:56 jmb13562 joined #salt
13:57 mdpolaris Good morning everyone. I have hit an issue with enabling IPTables that causes the minion to hang, and in turn breaks the orchestration run. There is an old case that describes this behavior: https://github.com/saltstack/salt/issues/17278
13:58 mdpolaris I tried a few of the workarounds suggested however it seems once iptables is loaded for the first time the minion/ZMQ hangs until the network timeout
13:58 mdpolaris Any ideas on how to resolve this?
13:59 xet7 joined #salt
14:03 pbandark1 joined #salt
14:04 cgiroua joined #salt
14:06 cyteen joined #salt
14:09 squishypebble joined #salt
14:09 csmule joined #salt
14:11 jmb13562 joined #salt
14:11 exegesis joined #salt
14:21 DammitJim joined #salt
14:22 DammitJim joined #salt
14:23 sarcasticadmin joined #salt
14:27 Brew joined #salt
14:28 bushelofsilicon joined #salt
14:33 mikecmpbll joined #salt
14:33 obitech joined #salt
14:34 haam3r_ mdpolaris: Maybe restarting the minion during state run..there is this hackish workaround for doing that: https://gist.github.com/haam3r/85e7a813df1613e19dbe15547436b983
14:35 wavded joined #salt
14:36 bushelofsilicon anyone have experience with augeas?
14:39 Rumbles joined #salt
14:40 Rumbles joined #salt
14:45 johnj joined #salt
14:47 jmb13562 joined #salt
14:56 XenophonF JawnAuz: you want the jobs runner - https://docs.saltstack.com/en/latest/ref/runners/all/salt.runners.jobs.html
14:57 XenophonF also you can start the job from the Salt master using the --async flag
14:57 JawnAuz I'll have to experiment with that; thanks!
14:57 XenophonF e.g., salt winminion cmd.script salt://path/to/script.ps1 shell=powershell --async
14:57 XenophonF it will return a jid that you can pass to the jobs.print_job runner
14:58 XenophonF e.g., salt-run jobs.print_job 234123412341234
14:58 XenophonF jobs.active should list it too
14:58 XenophonF which reminds me that I should move my jobs cache to MySQL
14:59 JawnAuz :D
15:04 onlyanegg bushelofsilicon: barely...
15:05 JawnAuz Is there somewhere Salt returns the stdout/stderr of the script?
15:06 lordcirth_work JawnAuz, for detecting if it's done, there's - creates or - onlyif.
15:06 bushelofsilicon onlyanegg: I'm having a hard time trying to figure out the proper syntax for working with xml files when adding multiple attributes to an element
15:07 mdpolaris haam3r_: Thanks for the suggestion. I will definitely keep that stored away for emergency uses. I think i did get this solved by instakking and starting iptables using userdata from salt cloud. Once it is running adding new rules does not cause the hang.
15:10 promorphus joined #salt
15:16 JawnAuz XenophonF, that worked! My script doesn't play nice the scope being run that way, but I can fix that. Otherwise did exactly what I wanted. :)
15:19 jmb13562 joined #salt
15:21 bushelofsilicon onlyanegg: I might have it working now
15:31 Guest95_ joined #salt
15:36 onlyanegg that's good
15:39 promorphus joined #salt
15:40 edrocks joined #salt
15:46 johnj joined #salt
15:47 mikecmpbll joined #salt
15:47 exegesis joined #salt
15:48 bowhunter joined #salt
15:52 Rumbles joined #salt
15:53 usernkey joined #salt
15:54 _JZ_ joined #salt
15:55 bildz Anyone supporting a windows environment used salt.modules.win_task.create_task_from_xml(name, location='\\', xml_text=None, xml_path=None, user_name='System', password=None) yet?  I have a state setup, but it's giving me this error:  https://pastebin.com/FwEGkB0A   I'm running on Salt version 2016.3.2.  We haven't upgraded just yet.
16:02 Yoda-BZH joined #salt
16:02 Yoda-BZH joined #salt
16:04 edrocks joined #salt
16:04 usernkey joined #salt
16:05 tiwula joined #salt
16:08 pbandark hello all..  how to specify "service_account" from salt cloud profile for google compute? i tried specifying "ex_service_accounts" but, still instance is deployed with default value.
16:08 pbandark https://paste.fedoraproject.org/paste/FrzYuGQcRJ3Ry2jWJn3QPQ
16:09 pbandark i am referring https://docs.saltstack.com/en/latest/topics/cloud/gce.html
16:12 Rumbles joined #salt
16:12 ciao joined #salt
16:15 XenophonF JawnAuz: normally cmd.* returns the raw text output of the command, but cmd.powershell will pass the output through |ConvertTo-JSON on the PowerShell side and json.loads on the Python side (https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.cmdmod.html#salt.modules.cmdmod.powershell)
16:17 JawnAuz Hmm! Interesting. Thanks.
16:17 XenophonF for cmd states, you can use JSON output plus the stateful argument to pass information from your script back to Salt
16:18 XenophonF https://docs.saltstack.com/en/latest/ref/states/all/salt.states.cmd.html#using-the-stateful-argument
16:19 nixjdm joined #salt
16:20 bpaiuca joined #salt
16:20 i90rr joined #salt
16:20 JawnAuz So I could use PowerShell objects and if they translate correctly with ConvertTo-JSON they can provide stateful feedback, if I'm reading that right?
16:20 XenophonF for stateful feedback it'd be more like you explicitly constructing the expected return value
16:21 JawnAuz Ah.
16:21 XenophonF but you could return objects that serialize to JSON
16:22 i90rr Hi, I'm just starting with Salt and I'm having a hard time trying to understand how pillars work. I'm trying to deploy a PostgreSQL install on a minion and I believe the only sane way to do that is by using the postgres-formula (which allows to customize database name, users, etc.). However, so far, and having read the tutorials on Salt's site (ReadTheDocs) and stuff scattered all over the web, I'm nowhere near the starting line :'(  I will really
16:22 i90rr appreciate any head-up on which direction to look!
16:22 JawnAuz (Before this) I was thinking I was going to write log that just contained a hash-table and have Salt file.search for strings that = x, y, etc... and go off that. :) This could be a little cleaner.
16:24 XenophonF i90rr: have you gone through any of the getting started tutorials?
16:24 XenophonF https://docs.saltstack.com/en/getstarted/config/pillar.html
16:24 XenophonF if you're new to Salt, jumping straight to a fairly complex formula is going to be a little confusing
16:25 i90rr Hi XenophonF - yes I did but somehow can't grap how to implement the formulas and how they relate to pillars
16:25 XenophonF formulas are just neatly arranged collections of states
16:25 i90rr XenophonF I need to get that PostgreSQL installed :)
16:26 XenophonF OK so let me take a quick look at postgres-formula - just a sec
16:26 i90rr "formulas are just neatly arranged collections of states" <-- I understand so, I just finished watching an old albeit nice talk about "the future of Salt" from SaltConf 2014 I think
16:26 bpaiuca joined #salt
16:27 XenophonF gotcha
16:27 XenophonF OK so let's start with the easy one first
16:27 i90rr !!
16:27 XenophonF postgres.python
16:27 i90rr I'm all eyes
16:28 XenophonF so if you are logged into the database server, run `salt-call state.apply postgres.python`
16:28 XenophonF (I'm assuming you already added the formula to your salt-master configuration.)
16:28 i90rr One sec
16:29 XenophonF Your minion's going to run this Salt State file: https://github.com/saltstack-formulas/postgres-formula/blob/master/postgres/python.sls
16:30 XenophonF So let's work backward: {{ postgres.python }} is a reference to a dictionary imported at line 1
16:30 XenophonF That dictionary gets defined in this Jinja file: https://github.com/saltstack-formulas/postgres-formula/blob/master/postgres/map.jinja
16:30 i90rr I 'added' the formula by cloning postgres-formula into /srv/formulas/ <-- is that the correct way, right?
16:30 XenophonF sure that will work
16:31 i90rr cool, let me try the command
16:31 XenophonF You'll need to add `/srv/formulas/postgres-formula` to the list of file_roots in /etc/salt/master
16:31 i90rr ahh! totally missed that
16:31 i90rr okay, let me start with that then
16:33 i90rr XenophonF to keep things tidy (modularized, manageable), can I add a `file_roots` file into /etc/salt/master.d/ to override default settings?
16:34 XenophonF map.jinja creates the `postgres` variable on line 5 by combining (in order): the entire dictionary in defaults.yaml, the operating system-specific values from osmap.yaml, the operating system version-specific values from codenamemap.yaml, and the `postgres` dictionary in Pillar (if specified)
16:34 XenophonF i90rr: yes you can
16:34 XenophonF in fact that's the recommended way to do things
16:34 i90rr perfect, please give me a moment
16:34 XenophonF OK
16:34 JawnAuz For what it's worth, that's what I do. I leave my master config alone and put all my "custom" settings in master.d/thing-im-changing.conf files.
16:34 XenophonF Note that I keep my salt-master configs in Pillar and use salt-formula to configure it. :)
16:35 JawnAuz So your local Master-Minion just pushes out the changes for you and restarts the salt-master service?
16:36 XenophonF yup
16:36 XenophonF Salt configures Salt
16:36 JawnAuz I've seen it referenced but didn't dive into that, yet. Sounds nifty as heck.
16:36 i90rr one step at a time!
16:36 XenophonF You have to set up a few things manually to bootstrap it.
16:36 XenophonF :-D
16:36 i90rr btw I haven't read the channel rules (sorry), can I paste 4 lines in-a-row?
16:37 JawnAuz Gist-time!
16:37 XenophonF use gist please
16:37 XenophonF i90rr: to keep things simple, let's assume you're running CentOS (i.e., the os_family grain == `RedHat`)
16:38 i90rr ok, I added /srv/formulas and restarted the master, no allow me salt-call from the minion
16:41 i90rr "Function state.apply is not available"  -- maybe a dumb question (don't remember reading anything about it): do I have to also configure file_roots in the minion and clone the wanted formula?
16:41 XenophonF so map.jinja merges defaults.yaml + the RedHat entry in osmap.yaml to come up with the following in-memory data structure: https://gist.github.com/anonymous/be04b79671236a0f0cc5ea8fd2c471d6
16:41 XenophonF i90rr: you're using an old version of Salt
16:41 i90rr crap!
16:41 XenophonF so use `salt-call state.sls postgres.python` instead
16:42 usernkey joined #salt
16:44 usernkey1 joined #salt
16:44 i90rr XenophonF ohhh, I just saw the gist <3
16:44 XenophonF so that data structure is, at the top level, a dictionary or mapping, with a single key, `postgres`, whose value is another dictionary
16:44 XenophonF and in that dictionary is a key named `python` with a string value of `python-psycopg2`
16:45 XenophonF so back in the postgres/python.sls, this bit of code: `{{ postgres.python }}` is doing the same lookup you just did with your eyes ;)
16:46 i90rr that will definitely help. With that urgency out of the way, I would like take a few more moments from you  if it's possible? I'd like to understands what's happening here:
16:46 btux joined #salt
16:46 XenophonF now, for the sake of argument, let's say you want to install a different PostgreSQL client library
16:46 i90rr XenophonF https://gist.github.com/i90rr/b29f4d38f12fcb94c947733383bca6d7
16:46 dieggo joined #salt
16:46 i90rr (reading all the backlog)
16:46 armyriad joined #salt
16:47 dieggo hey folks
16:47 johnj joined #salt
16:47 aneeshusa joined #salt
16:48 btux left #salt
16:48 XenophonF hm, i90rr, what does `salt-call --version` return?
16:48 btux joined #salt
16:48 XenophonF and what O/S + version are you using?
16:48 dieggo I need a little help here
16:48 XenophonF dieggo: NEVER!!!
16:48 XenophonF j/k
16:49 XenophonF i90rr: I suspect you're running a really, really old version of Salt.
16:49 XenophonF anyway, back to the supposition that you want to install a different PostgreSQL client library for Python
16:50 XenophonF Let's call it python-totallynormalpg2
16:51 dieggo I dont know why yet my salt-minion is causing daemon restarts and returnig this error
16:51 XenophonF To change the value of postgres.python, you could edit the files in postgres-formula, but the right way to do that is to set postgres:python in Pillar
16:51 dieggo [ERROR   ] 'str' object has no attribute 'keys'
16:52 KennethWilke joined #salt
16:52 jrgochan Heyo. I upgraded my infrastructure to 2017.7.1 and am now getting this error when I try to do a "x509.provate_key_managed", and m2crypto is installed. Any thoughts?
16:52 jrgochan Reason: 'x509' __virtual__ returned False: Could not load x509 state: m2crypto unavailable
16:53 XenophonF To do that you'd create a file named /srv/pillar/postgres-overrides.sls with this as the contents: https://gist.github.com/anonymous/37880ae674ad99f2c65d595d60704e3d
16:53 i90rr XenophonF 1) Hydrogen on Debian Jessie (started with the wrong foot!), 2) I'm saving your explanation for future reference and also because I'm a little bit lost but trying to follow you
16:54 XenophonF but that's not enough - just like with Salt States, you have to configure salt-master to assign the contents of /srv/pillar/postgres-overrides.sls to your minion
16:55 XenophonF and just like with Salt States, you'd use a top file, named /srv/pillar/top.sls with contents similar to the following: https://gist.github.com/anonymous/115033d1e57de3869735f2919e73f60a
16:57 XenophonF so backtracking a little, now when you run `salt-call state.apply postgres.python`, map.jinja will merge defaults.yaml, osmap.jinja, AND the Pillar data into an in-memory data structure that looks like this: https://gist.github.com/anonymous/27898a604c7f5802d0e975db5b649adf
16:58 XenophonF note line 9
16:58 i90rr hmmm
16:58 XenophonF the previous (default) value of postgres.python was overridden by Pillar data
16:58 XenophonF the code in map.jinja handled merging it for you
16:59 i90rr slowly everything starts to make sense now
16:59 i90rr I'm starting to see how the different pieces fit together
16:59 XenophonF more complex examples are documented in the pillar.example file
16:59 XenophonF https://github.com/saltstack-formulas/postgres-formula/blob/master/pillar.example
16:59 i90rr awesome explanation, really
16:59 XenophonF most (all?) of the official Salt formulas include such a file
16:59 XenophonF note that it isn't an exhaustive list of possibilities
17:00 XenophonF sometimes you have to RTFS to figure stuff out :-/
17:00 XenophonF but I like to think that I'm getting some mileage out of my pricey computer science degree! :)
17:01 XenophonF for Debian Jessie, follow the instructions here for switching to the official Saltstack package repo - http://repo.saltstack.com/#debian
17:02 XenophonF assuming you're running a supported hardware platform
17:02 i90rr XenophonF right now I'm working on a homebrew lab using VirtualBox VMs
17:03 tapoxi joined #salt
17:03 XenophonF you should be good then assuming everything's amd64
17:03 i90rr ok, well, I owe you a beer if we ever met, no doubt about
17:03 XenophonF I'm stuck building my own packages for Raspbian.  :-/
17:04 XenophonF nah this is a toy example that pretty much follows that tutorial exactly
17:04 XenophonF I didn't do anything except change vim to postgres.
17:04 i90rr now I'm gonna dump this chat to read it over and over again until everything makes perfect sense (seems it will take a time :)
17:04 XenophonF haha well come back when you have more questions
17:05 XenophonF ok dieggo let's take a look at your issue
17:05 i90rr sincerely, thanks a lot, you gave a great hand
17:05 JawnAuz CentOS 7 over here, 2016.11.6; carefully considering upgrading to the 2017 release... Not sure how I want to upgrade all my Winions, yet. :)
17:05 XenophonF hm, i have no idea what's going on with you there
17:06 i90rr I'll try to get some sleep now, thanks XenophonF , JawnAuz for your feedback
17:06 i90rr bye
17:06 XenophonF cheers i90rr
17:07 XenophonF dieggo: I have no idea what might be causing your problem.
17:08 XenophonF What are you doing when that error happens?
17:18 tvm joined #salt
17:18 pipps joined #salt
17:19 pipps joined #salt
17:20 impi joined #salt
17:21 tvm well, simple question - can be salt reasonably used to manage say 10k remote devices (simple firmware/configuration/software updates) ?
17:22 pbandark1 joined #salt
17:25 ekristen joined #salt
17:25 vexati0n Sure, you could manage that many.
17:26 vexati0n quick question -- but make sure the answer is yes before replying: is there a salt function / module that queries the *configuration* of salt-cloud? As in, I don't need to see what sizes/images are available on the provider, I need to see what maps and profiles have been configured on the master
17:28 KennethWilke joined #salt
17:28 schemanic joined #salt
17:34 rgrundstrom_home joined #salt
17:34 dieggo XenophonF: nothing special, just doing a salt-call state.apply
17:34 rgrundstrom_home left #salt
17:34 rgrundstrom_home joined #salt
17:35 dieggo XenophonF: both, master and minion are the latest versions
17:35 rgrundstrom_home Hey everyone :)
17:35 dieggo hy rgrundstrom_home
17:35 dieggo *hey
17:35 nixjdm joined #salt
17:36 pbandark joined #salt
17:42 rgrundstrom_home ok so I know that there is syntax error on my {% for loop.... Help please
17:42 rgrundstrom_home https://gist.github.com/Robert-Grundstrom/a03e4d307f622f0f8320e735f07742c6#file-gistfile1-txt
17:42 choke joined #salt
17:43 beardo joined #salt
17:48 johnj joined #salt
17:50 edrocks joined #salt
17:51 iggy .items()
17:51 iggy it's a function call of a python data type
17:52 iggy also... use whitespace... everyone will hate you slightly less
17:52 iggy and there's also not a filter called split
17:53 iggy that should be a function call too (but I'm not sure if you can chain them on a single line)
17:54 iggy salt['pillar.get']('server:settings:firewall:rules',) <-- that's weird too
17:54 iggy leave out the comma or put an actual default value in there
17:54 * iggy wonders where you learned this style of jinja from...
17:56 DammitJim joined #salt
17:56 KennethWilke joined #salt
17:57 rgrundstrom_home iggy: self thougt by trail and error
17:58 iggy I would go peruse some of the formulas and other examples out there... they may not all be great, but stylistically they should be pretty close
18:02 rgrundstrom_home iggy: I know that there is a lot of stuff to use. I choose to do it myself so I can learn from the mistakes I make instead of using something that other people write.
18:04 iggy I just mean style wise
18:04 pipps joined #salt
18:05 iggy like the stuff you write doesn't look like anything you'd see anybody else write
18:05 iggy generally I'm all about whatever works best for you, but if I had to come in behind you, I'd hate life
18:06 pipps joined #salt
18:07 sjorge joined #salt
18:07 smead I've found that I have my own process that I need in order to learn.  After that, I usually re-write it using established style-guides.  It helps my understand even more
18:07 smead *me
18:07 socket- Hey all, is there a way to target multiple minions based on IP.  Like salt -L 'S@10.0.0.0/8,S@172.16.0.0/16' test.ping
18:07 JawnAuz I force myself to re-write even from examples I could copy-paste, just to build the type-memory of writing certain functions/dicts/etc...
18:08 mikecmpbll joined #salt
18:08 rgrundstrom_home I have re-wrote my code loads of times.
18:10 iggy socket-: -C 'S@... or S@...'
18:12 pipps99 joined #salt
18:14 pipps_ joined #salt
18:14 felskrone joined #salt
18:14 wavded joined #salt
18:14 socket- iggy: I just tried salt -C 'S@10.0.0.1,S@10.0.0.2' test.ping but it said no minions matched traget, but if i target them individually, "salt -S 10.0.0.1 test.ping" it works.
18:18 iggy that's not what I said
18:18 DammitJim1 joined #salt
18:19 pipps joined #salt
18:19 socket- gotcha, I understand you now.  Thanks
18:21 pipps99 joined #salt
18:22 iggy sorry, not trying to be so terse, just bouncing between multiple things
18:24 JawnAuz Does Salt recognize a machine's current WAN as targetable data? I guess that could get outta hand,but if I know 3 machines were behind a particular WAN, can I target all 3 using that IP?
18:24 pipps joined #salt
18:24 JawnAuz I suppose I could check and store the current WAN and target that way, but probably better off assigning node-groups at that point.
18:25 iggy a "publicIP" grain maybe
18:25 pipps_ joined #salt
18:25 morissette joined #salt
18:27 socket- iggy: np, i just didnt notice the word "or".. thanks
18:28 iggy yeah, compound matches are pretty powerful with `and` and `or` operators
18:30 bowhunter joined #salt
18:31 inetpro joined #salt
18:35 pipps joined #salt
18:36 nixjdm joined #salt
18:39 edrocks joined #salt
18:47 inetpro joined #salt
18:49 khaije1 joined #salt
18:49 johnj joined #salt
18:51 mrbobbytables joined #salt
19:05 icebal joined #salt
19:07 schlitzer joined #salt
19:07 khaije1 to set a SLS stanza as test only, can I add a " - test: True" clause?
19:07 schlitzer left #salt
19:08 khaije1 and then perhaps later variablize it?
19:08 schlitzer joined #salt
19:09 ChubYann joined #salt
19:12 dieggo joined #salt
19:18 schlitzer hey, is the authentication between agents and the master done vie openssl certificates? if yes, would it be possible to use a external CA to issue those certificates, instead of having the salt components issuing there own?
19:20 pipps joined #salt
19:27 pipps joined #salt
19:30 ipmb joined #salt
19:31 rgrundstrom_home babilen: You here?
19:36 nixjdm joined #salt
19:36 pipps joined #salt
19:39 wavded joined #salt
19:44 monokrome joined #salt
19:50 johnj joined #salt
19:54 lordcirth_work How many people use LUKS or other full-disk encryption on minions?
19:56 pipps joined #salt
20:01 pipps joined #salt
20:01 Guest95_ joined #salt
20:04 dieggo joined #salt
20:05 iggy schlitzer: I'm pretty sure the answer is no
20:09 usernkey joined #salt
20:12 yuhl______ joined #salt
20:15 usernkey1 joined #salt
20:18 sh123124213 joined #salt
20:19 lordcirth_work Apparently no one?
20:20 morissette joined #salt
20:24 Dereckson joined #salt
20:25 Mattch joined #salt
20:25 numkem joined #salt
20:33 XenophonF I do.
20:33 XenophonF LUKS on Ubuntu, GELI on FreeBSD, BitLocker on Windows
20:34 XenophonF physical disks only
20:36 nixjdm joined #salt
20:36 XenophonF it's part of the O/S install process, which I've only partially automated
20:37 wavded joined #salt
20:39 tapoxi joined #salt
20:42 mayk joined #salt
20:46 _KaszpiR_ joined #salt
20:52 johnj joined #salt
20:56 XenophonF joined #salt
21:00 zulutango joined #salt
21:04 smead joined #salt
21:22 racooper joined #salt
21:24 cgiroua joined #salt
21:40 dxiri joined #salt
21:40 dxiri hello everyone! quick question, how do you guys manage the minion config files? I was thinkging about the possibility of managing that with salt itself, is that possible?
21:41 iggy yes
21:41 dxiri right now the way I have it setup is to use a managed file, but not sure if a salt-minion restart is needed when I change the config file?
21:41 iggy I suspect that's what most people do
21:42 iggy yes, you have to restart the minion on config file changes
21:42 iggy there's a trick in the docs for how to do that and still get your minion to return to the master
21:42 dxiri that's what I need :) can you share the link?
21:43 iggy not offhand
21:43 dxiri right now If I run the state, it works but I get "minion did not return", if I run it a second time, it works, but this sucks since I don't know what happened with the other states I have
21:43 iggy https://docs.saltstack.com/en/latest/faq.html#what-is-the-best-way-to-restart-a-salt-minion-daemon-using-salt-after-upgrade
21:44 rgrundstrom_home iggy: Problem solved :) Took a lot of time but its solved.
21:47 dxiri iggy: sweet! thanks!
21:48 evle joined #salt
21:53 johnj joined #salt
21:54 beardedeagle joined #salt
21:56 pipps joined #salt
22:01 pualj joined #salt
22:03 wavded joined #salt
22:04 oida_ joined #salt
22:04 pipps joined #salt
22:05 morissette joined #salt
22:05 wavded joined #salt
22:12 andi- joined #salt
22:16 onlyanegg joined #salt
22:22 pipps joined #salt
22:25 teratoma joined #salt
22:26 ibro joined #salt
22:26 m4rk0 Hi again
22:26 m4rk0 Since CentOS 7.4 I'm getting this error on salt-call https://gist.github.com/anonymous/483908b24a369a31b3d2d5ddcb77fc56
22:27 m4rk0 It seems like root can't have /bin/false shell since CentOS 7.4 to execute highstate :/
22:27 spiette joined #salt
22:29 __number5__ joined #salt
22:30 pipps joined #salt
22:33 mrbobbytables this is somewhat random, but is there any good doc that happens to cover the phases of calling state.apply or state.highstate? thinking something similar to this: https://docs.chef.io/chef_client_overview.html but for salt
22:53 johnj joined #salt
23:08 andi_ joined #salt
23:08 pipps joined #salt
23:16 al31n joined #salt
23:28 al31n left #salt
23:28 zerocoolback joined #salt
23:29 iggy I don't know of anything
23:31 iggy maybe something in here: https://docs.saltstack.com/en/getstarted/
23:51 wavded joined #salt
23:52 pipps joined #salt
23:54 johnj joined #salt
23:56 mrbobbytables thanks, I somehow missed the picture on the plugins page
23:56 mrbobbytables https://docs.saltstack.com/en/getstarted/images/salt-subsystems-workflow.png

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary