Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2017-10-05

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:49 johnj_ joined #salt
00:51 sh123124213 joined #salt
00:55 JAuz joined #salt
00:55 tiwula joined #salt
00:56 JawnAuz__ joined #salt
01:10 omie888777 joined #salt
01:54 ilbot3 joined #salt
01:54 Topic for #salt is now Welcome to #salt! <+> Latest Versions: 2016.11.7, 2017.7.1 <+> Support: https://www.saltstack.com/support/ <+> Logs: http://irclog.perlgeek.de/salt/ <+> Paste: https://gist.github.com/ <+> See also: #salt-devel, #salt-offtopic <+> We are volunteers and may not have immediate answers
02:00 dwfreed_ joined #salt
02:01 JawnAuz Where I'm using name and m_name, could I instead use "function" in the first name without issue, to alleviate the need for the m_ prefix without ill affects?
02:01 ntropy joined #salt
02:02 Vye joined #salt
02:02 onlyanegg joined #salt
02:03 elektrix joined #salt
02:03 hoonetorg joined #salt
02:15 XenophonF joined #salt
02:19 sh123124213 joined #salt
02:20 pipps joined #salt
02:21 nixjdm joined #salt
02:26 stanchan joined #salt
02:32 pipps joined #salt
02:33 pipps joined #salt
02:41 cyborg-one joined #salt
02:43 sh123124213 joined #salt
02:50 evle joined #salt
02:51 johnj_ joined #salt
03:00 zerocool_ joined #salt
03:04 dxiri joined #salt
03:08 sh123124213 joined #salt
03:08 johnj_ joined #salt
03:08 dxiri_ joined #salt
03:19 Felgar joined #salt
03:25 schasi joined #salt
03:32 sh123124213 joined #salt
03:40 onlyanegg joined #salt
03:57 sh123124213 joined #salt
04:06 onlyanegg joined #salt
04:11 seeg joined #salt
04:15 shanth joined #salt
04:22 sh123124213 joined #salt
04:31 motherfsck joined #salt
04:47 sh123124213 joined #salt
04:59 sh123124213 joined #salt
05:08 Bock joined #salt
05:11 felskrone joined #salt
05:14 pipps joined #salt
05:16 pipps joined #salt
05:23 sh123124213 joined #salt
05:39 onlyanegg joined #salt
05:48 sh123124213 joined #salt
06:01 dxiri joined #salt
06:07 do3meli joined #salt
06:07 do3meli left #salt
06:13 sh123124213 joined #salt
06:37 sh123124213 joined #salt
06:39 DanyC joined #salt
06:39 seeg bushelofsilicon, yes, in fact I am creating a custom state module. i configure bunch of docker stuff with one simple to add module -- as we have lots and lots of similar deployments and for me it's just a change of couple of parameters with that module. but i do keep around 7 config files which need to be adjusted dynamically based on state's parameters so i render them using jinja. but the template definition itself -- i'd like to kee
06:39 seeg p that in some separate file it's just i don't know how to open it from the salt module file? will salt stack send over the data files along with state definition to the target machine?
06:40 Ricardo1000 joined #salt
06:47 correct joined #salt
06:47 correct canI use the cmd.run command for windows hosts?
06:50 iggy seeg: use __salt__['cp.cache_file'](...) to get files from the master in a module/state
06:54 stanchan joined #salt
06:58 ekristen joined #salt
07:00 arif-ali joined #salt
07:03 correct If I have the credentials of my windows hosts do they need to be minions for me to run a robocopy command?
07:10 aldevar joined #salt
07:10 johnj joined #salt
07:10 aldevar left #salt
07:12 schasi joined #salt
07:12 aldevar joined #salt
07:24 dxiri joined #salt
07:24 Hybrid joined #salt
07:33 pualj joined #salt
07:36 sh123124213 joined #salt
07:38 felskrone joined #salt
07:40 onlyanegg joined #salt
07:50 DanyC joined #salt
07:50 DanyC joined #salt
07:53 _KaszpiR_ joined #salt
07:57 Rumbles joined #salt
07:59 darioleidi joined #salt
08:01 revellion Hi, anyone here had the scenario of handling sudoers with SaltStack in a scalable manner?
08:02 _KaszpiR_ joined #salt
08:02 revellion Me and a collegue are looking at having pillar values define sudoers policy. Either as multiple files for each pillar for a group-role or one monolithic sudoers.d file with file.managed
08:04 babilen revellion: https://github.com/saltstack-formulas/sudoers-formula/blob/master/pillar.example might be one approach, or use the users-formula
08:04 rgrundstrom_home joined #salt
08:06 arif-ali joined #salt
08:10 pbandark joined #salt
08:11 johnj joined #salt
08:12 stanchan joined #salt
08:13 mikecmpbll joined #salt
08:13 pbandark joined #salt
08:24 darioleidi joined #salt
08:25 sh123124213 joined #salt
08:28 pbandark is it possible to capture output of `cmd.run` state module which can be reuse later?
08:28 Mattch joined #salt
08:29 babilen pbandark: That's normally a strong code smell
08:31 rgrundstrom_home Hey everyone.
08:31 pbandark babilen: the reason i am trying to capture is, i am running `salt-cloud` commands with `cmd.run` state module, as i dont find a way to execute `salt-cloud` command from state file. and i want to reuse theoutput of one `salt-cloud` command in other as input parameter.
08:31 revellion babilen: aah, takes the approuch of fully managing the raw /etc/sudoers
08:31 revellion though could likely be adapter to managing sudoers.d drop-ins aswell
08:32 pbandark babilen: is there any way to execute `salt-cloud` command from state file ?
08:32 pbandark ` salt-cloud -f create_network gcp name=test-net1 mode=custom description="Network for test-env"` <== is the command i am using in `cmd.run` state module
08:37 babilen revellion: I'd prefer the sudoers.d approach, tbh
08:37 babilen pbandark: Not sure, would have to look into this in detail :-/
08:39 pbandark babilen: ok. let me check how i can capture output of cmd.run till then
08:43 pbandark babilen: from http://grokbase.com/t/gg/salt-users/158kzan57z/possible-to-capture-output-in-state-files/oldest#responses_tab_top it seems to be its not possible bydefault. its only possible with custom modules. can you confirm? or there any trick which i can use for the same?
09:01 DanyC joined #salt
09:10 johnj joined #salt
09:14 impi joined #salt
09:27 sh123124213 joined #salt
09:35 babilen pbandark: That is in line with my expectations, but I'd never rule anything out :)
09:36 pbandark ok
09:36 babilen Is https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.cloud.html#salt.modules.cloud.network_create what you are looking for?
09:36 pbandark checking
09:38 babilen Because that would be quite easy to run as part of a SLS
09:38 pbandark babilen: i tried it but its not working it returns false.  https://paste.fedoraproject.org/paste/GBbZmXdIe6Kl6CTYYcEjcg
09:39 girishb joined #salt
09:39 babilen gcp -- shouldn't that be gce ?
09:39 pbandark is that driver name?
09:39 pbandark i thought its provider name
09:39 babilen It's the provider name
09:39 babilen Pity :)
09:40 babilen names should be a list though
09:40 babilen salt 'salt-master.novalocal'  cloud.network_create  gcp names=['test'] cidr='192.168.100.0/24'
09:40 pbandark same result
09:41 onlyanegg joined #salt
09:41 babilen What happens behind the scenes? Could you try starting the minion in debug mode if you don't have info in the minon's log already?
09:41 pbandark let me check
09:43 babilen Also try names=['salt']
09:47 pbandark https://paste.fedoraproject.org/paste/kVIweKNvJ3oU1ZZrNytHQQ
09:47 pbandark babilen:
09:49 babilen 'return': False - 'success': True :)
09:49 pbandark yeah
09:49 babilen So, did that do something?
09:50 babilen I'm not sure, but that function looks like what you are after
09:50 ccha hello, I don't find any documentation about .saltrc file
09:50 pbandark nope. i dont see network created
09:50 ccha someone use .saltrc ?
09:50 pbandark seems its buggy :(
09:51 babilen pbandark: I'd write to the mailing list, others might have figured something out
09:51 pbandark ok
09:51 pbandark i will do
09:51 pbandark thanks for having look babilen++
09:52 babilen Did you also try gce in lieu of gcp ?
09:52 babilen Just for shit and giggles
09:52 babilen Not that it should™ work
09:54 pbandark yeah.. i tried gce / names =['salt']|['test']
09:54 babilen aye
09:55 jmiven joined #salt
09:57 babilen pbandark: salt-master.novalocal sounds like a minion on OpenStack -- Would the above command work on a GCE instance?
09:58 mechleg ccha:  from the looks of this issue, i am thinking it may not be documented atm?  https://github.com/saltstack/salt/issues/33811
09:58 pbandark babilen: yes its openstack instance. but as with "salt-cloud" i am able to create network/subnet etc. i dont think its the issue with platform where the instance is running
09:59 babilen pbandark: It shouldn't be (that would be horrible to use), but it's something that came to mind
09:59 babilen In the end you wouldn't really want to run the create_network function on a minion at all (should be independent)
09:59 taaperotassu joined #salt
10:01 pbandark yup. even i am wondering with the command "salt minionname cloud.network_create my-nova names=['salt'] cidr='192.168.100.0/24'". network/cloud  related operations should be running from salt-master itself independently. it should not go to minion and execute the command.
10:02 babilen indeed
10:02 babilen States *are* run on minions though .. maybe you'd like to approach the problem from an orchestration perspective
10:02 pbandark ok
10:03 tatrman joined #salt
10:04 i4o joined #salt
10:04 babilen https://docs.saltstack.com/en/latest/topics/orchestrate/orchestrate_runner.html#runner
10:04 pbandark babilen: i will give a try. i have not yet worked on salt-runner
10:11 johnj joined #salt
10:14 honestly any salt-ssh wizards in the house? I want salt-ssh output to go to a file in a machine-readable format (e.g. json) but also want to have the normal output in the terminal
10:14 Naresh joined #salt
10:14 honestly is that possible, maybe with some small hacks?
10:17 pualj joined #salt
10:18 mechleg honestly: just off the top of my head, maybe using --out=json and then pipe to tee.  have not tried it, but with my limited experience with salt-ssh i do not see why it wouldn't work
10:19 honestly problem is that I get json-output then
10:19 honestly I'm doing this right now
10:19 honestly salt-ssh -i --refresh --user $(whoami) --out=json --static $@ | jq -c "{__ret_tm : \"$(date --rfc-3339=ns)\" , __user: \"$(whoami)\", __test: $is_test, __run: .}" | tee -a /srv/saltstack/var/out.json | jq .
10:19 honestly it ain't pretty
10:20 honestly the "jq ." at the end means I get pretty-printed json, but that's still not nice (e.g. for diffs)
10:21 honestly it would be great if I could write a formatter as an ext module...
10:23 honestly hmm... who says that isn't possible?
10:26 W4RL0RD joined #salt
10:28 taaperotassu joined #salt
10:31 sh123124213 joined #salt
10:31 honestly aha! https://docs.saltstack.com/en/latest/ref/configuration/master.html#outputter-dirs
10:35 honestly also aha! https://docs.saltstack.com/en/latest/ref/configuration/master.html#extension-modules
10:37 honestly now how do I call into the original output modules from an ext module
10:47 honestly if I try to just import them (from salt.output import nested, json_out) it throws because those outputters want to look at __out__ which doesn't exist in the ext module apparently
10:47 honestly err, __opts__
10:51 honestly babilen: why don't I get __opts__ in ext-modules? :)
10:51 babilen To spite you
10:52 honestly :(
10:54 Neighbour because __opts__ contains master or minion-specific configuration settings. extension-modules should be able to do their thing independently of those
10:54 Neighbour (that's the only excuse i could come up with)
10:57 honestly how do I fake it?
10:57 taaperotassu joined #salt
10:57 babilen __opts__ = None -- but that doesn't help if they genuinely need information from there
10:58 alexlist joined #salt
10:58 honestly yeah ofc
10:59 honestly just putting __opts__ = {} before I import the output modules doesn't help
10:59 honestly I need to put them into some global context somehow I guess?
11:03 honestly ah, gotta think simple
11:03 honestly can just do nested.__opts__ = {}
11:07 rgrundstrom_home babilen: Do you have some time to chat privatly?
11:12 johnj joined #salt
11:17 evle joined #salt
11:18 usernkey1 joined #salt
11:25 honestly ugh... what I need is the highstate outputter, but if I load and run that, it tries to call back into the nested outputter, which then invokes all the machinery that isn't initialized...
11:32 smead joined #salt
11:34 honestly I am unsatisfied with this general state of affairs
11:39 LeProvokateur joined #salt
11:40 taaperotassu joined #salt
11:41 onlyanegg joined #salt
11:44 sh123124213 joined #salt
11:47 lkolstad joined #salt
11:47 absolutejam Is there any way to pass jinja between states when using include?
11:47 absolutejam I'm trying to create a generic 'alert.fail.slack' state that will send a slack message
11:47 absolutejam And in another state include that
11:48 absolutejam And hopefully I could pass the state name into the included state
11:48 absolutejam I'm probably going about this all wrong
11:48 absolutejam Actually I need to only include it with an onfail:
11:48 absolutejam Deep
11:48 absolutejam Derp
11:48 absolutejam Alright, scrap that idea
11:49 absolutejam Guess I'll just add the Slack state into my sls file directly
11:50 absolutejam Hm, there's the Slack returner
11:50 m4rk0 joined #salt
11:50 m4rk0 Hello
11:51 absolutejam Do the returner values have to be in the minion config file?
11:51 absolutejam Seems a bit odd
11:51 absolutejam Howdy
11:53 absolutejam Isn't this something m pillar should be leveraged for?
11:54 m4rk0 Where can I find list of data[] objects which can be used by reactor?
11:55 honestly babilen: you lied to me!
11:56 honestly babilen: __out__ is totally available in an ext-module outputter, you just need to pull it out of a function
11:57 honestly or from... somewhere
11:57 honestly I dunno
11:57 honestly this is all black magic
11:57 sh123124213 joined #salt
12:01 WKNiGHT joined #salt
12:06 girishb joined #salt
12:09 m4rk0 joined #salt
12:10 msn joined #salt
12:10 taaperotassu joined #salt
12:11 girishb1 joined #salt
12:13 johnj joined #salt
12:14 babilen honestly: Pull it out of a function?
12:14 babilen https://docs.saltstack.com/en/latest/topics/development/dunder_dictionaries.html might be of interest
12:17 girishb1 I'm launching a amazon ec2 VM's through salt with custom deploy script.  The problem is I'm getting 2 keys  for same minion, one will be accepted and other is under unaccepted keys and this is the reason salt-minion won't start at all. please may I know Is there any work around for it ?
12:19 golodhrim|work joined #salt
12:27 sh123124213 joined #salt
12:28 zerocool_ joined #salt
12:28 XenophonF girishb1: why the custom deploy script?
12:29 zerocool_ joined #salt
12:29 XenophonF we need something in the channel motd that encourages people to be patient when asking questions
12:30 babilen That's pretty much a generic rule on IRC
12:32 ikarpov joined #salt
12:33 seeg joined #salt
12:38 abrcdbr joined #salt
12:39 defsdoor joined #salt
12:40 defsdoor Hi - I have a pillar that lists a variable number of settings that I am trying to pass to a file.managed template so I can iterate them and render
12:41 defsdoor not sure how to do it
12:45 jbkc85 joined #salt
12:52 sh123124213 joined #salt
12:52 numkem joined #salt
12:55 wavded joined #salt
12:57 XenophonF defsdoor: helps to post an example
12:57 XenophonF here's a moderately complicated example from one of my formulas: https://github.com/irtnog/shibboleth-formula/blob/master/shibboleth/idp/files/conf/metadata-providers.xml
12:58 XenophonF when writing formulas i tend to merge pillar data with defaults (the defaults.yaml/map.jinja pattern)
12:58 XenophonF then in all templates I import that merged data structure, as you can see in that file
12:59 XenophonF from there it's a matter of iterating (or not) over the relevant keys
12:59 defsdoor https://gist.github.com/defsdoor/d8b28e7e29c9675a579e51c8d06687c9
12:59 defsdoor thats my code snippets
13:00 girishb joined #salt
13:00 defsdoor I dont know how to get at the pillar valid pool_options and iterate it in the template references in the file.managed
13:01 defsdoor feck me that was some bad typing
13:01 defsdoor value pool_options*
13:01 defsdoor passing it as a default/context passes it as a string of [{key,value}, ... ]
13:02 defsdoor I've seen some suggestions about |json, |load_json but I get unicode errors
13:04 smead I'd like to use the salt.client.ssh.client.cmd function to execute a custom state (fun='state.apply').  I can't quite figure out how to pass the custom state name however
13:10 defsdoor hmm - this seems to work - {% for a,b in pool_options.items() %} {{a}} = {{b}} {% endfor %}
13:14 taaperotassu joined #salt
13:14 johnj joined #salt
13:17 sh123124213 joined #salt
13:17 XenophonF defsdoor: the |yaml and |yaml_encode filters are your friends, but frankly, I recommend against using file.managed's defaults/context kwargs
13:17 defsdoor it seems to work just passing a dict
13:18 XenophonF I personally think they violate POLA, which is why I prefer explicitly loading stuff in the template
13:19 smead Okay, figured it out.  For the sake of posterity: print client.cmd(tgt='*', fun='state.apply', arg=('prereqs',), roster_file=args.roster )
13:19 XenophonF if you pass a dictionary via defaults or context, make sure to do something like {{ dictvar|yaml }}
13:20 defsdoor yeah I'm passing explicit atm
13:20 defsdoor https://gist.github.com/defsdoor/3edc5b66ab3616cb93375caabfd8fc90
13:21 defsdoor no idea if that is a good/safe way to do it mind
13:22 defsdoor I noticed that in a dictionary though on/off equate with True/False so i had to explicitly quote them
13:23 XenophonF gods no, don't do that
13:23 XenophonF use {{ pool_options|yaml }}
13:23 defsdoor I tried that
13:24 XenophonF better yet, put those first three lines of Jinja into your template
13:24 defsdoor and pass settings ?
13:25 XenophonF no i mean look up those Pillar keys directly in the template
13:25 defsdoor settings comes from - {%- for website, settings in pillar.get('websites', {}).items() %}
13:26 XenophonF gotcha
13:26 defsdoor XenophonF, it doesnt know the context in the template - there are multiple sites
13:26 XenophonF that makes sense
13:26 XenophonF I didn't know you could pass random kwargs to file.managed like that
13:29 XenophonF shouldn't you be using the defaults or context kwarg instead?
13:29 defsdoor tbh I'm not sure what the benfits of one over the other is
13:30 defsdoor most of this I got from examples :)
13:33 evle joined #salt
13:36 squishypebble joined #salt
13:40 motherfsck joined #salt
13:41 sh123124213 joined #salt
13:42 onlyanegg joined #salt
13:46 XenophonF defsdoor: https://github.com/irtnog/shibboleth-formula/blob/master/shibboleth/idp/init.sls#L137
13:46 XenophonF not quite the same as what you're doing, but similar
13:46 XenophonF note the use of |yaml_encode
13:46 zerocool_ joined #salt
13:47 defsdoor ok
13:47 XenophonF the variable mp ends up containing a multiline XML blob
13:48 XenophonF that uses `contents` to avoid needing a source template
13:48 XenophonF like I said, not quite the same thing
13:56 cgiroua joined #salt
13:56 taaperotassu joined #salt
13:58 bob97 joined #salt
14:00 _JZ_ joined #salt
14:02 onlyanegg joined #salt
14:02 JawnAuz Anyone here recommend a way to monitor the master event bus? Currently working on getting an ELK stack working with it, but curious about other choices.
14:04 beardedeagle joined #salt
14:10 bob97 joined #salt
14:11 toanju joined #salt
14:13 sh123124213 joined #salt
14:15 johnj joined #salt
14:18 csmule joined #salt
14:20 seeg joined #salt
14:23 beardedeagle joined #salt
14:28 Brew joined #salt
14:38 bob97 left #salt
14:38 bob97 joined #salt
14:38 correct joined #salt
14:45 XenophonF yes!
14:45 XenophonF hang on I just wrote this down somewhere
14:45 XenophonF https://docs.saltstack.com/en/latest/topics/event/events.html#from-the-cli
14:45 XenophonF salt-run state.event pretty=True
14:46 XenophonF there are other options there
14:46 ECDHE_RSA_AES256 joined #salt
14:51 taaperotassu joined #salt
14:55 ntropy whats the best pattern for managing a configuration file thats in yaml format?
14:55 XenophonF that's a great question
14:56 DammitJim joined #salt
14:56 ntropy i thought i can just put the config in pillar, which is yaml, and then just put the pillar in the config template, {{ my_pillar }}, but that doesn't come out as yaml in the rendered config
14:56 XenophonF I'm running several apps that use YAML configs, including SpigotMC (Bukkit-based Minecraft server).
14:56 XenophonF oh
14:56 XenophonF well that's because you need to serialize it as yaml
14:56 XenophonF {{ my_pillar|yaml }}
14:57 XenophonF I feel like a broken record today.
14:57 ntropy right, i thought that is what i need, but didn't get the expected result either
14:57 squishypebble joined #salt
14:58 ntropy ok, dang, sorry about that, should use the log search :)
14:58 XenophonF LOL no it's just that I've ranted about using |yaml and |yaml_encode a lot lately
14:58 XenophonF OK so this is how I did it for SpigotMC: https://github.com/irtnog/spigotmc-formula/blob/master/spigotmc/files/bukkit.yml
14:59 XenophonF mostly so that the output YAML is pretty
15:01 XenophonF i probably could get away with {{ spigotmc_settings.bukkit|yaml }}
15:01 XenophonF but I am trying to replicate the bukkit file format precisely, so that the associated file.managed state executes idempotently
15:03 ntropy hmm, is there really no way to just dump the entire pillar contents into the config file directly?
15:03 ntropy i mean, im trying to avoid referencing each variable in the config file
15:04 omie888777 joined #salt
15:04 DanyC joined #salt
15:07 ntropy maybe file.serialize does what i need, instead of file.managed and passing pillar as the context
15:07 ntropy will try that right after i get some sleep
15:08 ntropy thanks for the pointers XenophonF
15:14 wavded joined #salt
15:16 johnj joined #salt
15:18 smead Does salt-ssh run against remote nodes in parallel ?
15:26 numkem joined #salt
15:26 ecdhe joined #salt
15:28 sh123124213 joined #salt
15:33 racooper joined #salt
15:34 noobiedubie joined #salt
15:44 sh123124213 joined #salt
15:49 sjorge joined #salt
15:55 pipps joined #salt
15:56 pipps joined #salt
15:58 tiwula joined #salt
15:59 saltuser joined #salt
16:02 saltuser Hi, if i call salt '*' state.sls test.sls that i run into this sls a cmd run for the master ? or another sls file ? i dont figure it out or find hints to this topic
16:06 aldevar left #salt
16:08 saltuser Hi, if i call salt '*' state.sls test.sls that i run into this sls a cmd run for the master ? or another sls file ? i dont figure it out or find hints to this topic
16:09 nixjdm joined #salt
16:14 rgrundstrom_home saltuser: I would start by doing the tutorial: https://docs.saltstack.com/en/getstarted/fundamentals/remotex.html I found it very good when i started using Salt
16:15 XenophonF I second the tutorial.
16:15 XenophonF Go through the whole thing in order.
16:17 rgrundstrom_home Im off... Have good evening everyone
16:17 johnj joined #salt
16:17 XenophonF cheers
16:18 skatz joined #salt
16:22 skatz I'm wondering what the best way to assign a particular minion multiple roles and then target based on those roles in top.sls. I was thinking of having a pillar array called "roles" with a value (pardon the formatting) of e.g.: "- master, - webserver". Then in top.sls I'd have something like "'roles:master': - match: pillar, - salt-master, - supersecuressh" but I don't think that works if the value of the "roles" pillar is an array. Is there a way to target
16:22 skatz based on a value being present in an array? Or is there a better way of doing this?
16:22 stanchan joined #salt
16:23 XenophonF my approach is to only assign one role to one minion
16:23 nitinkr joined #salt
16:24 XenophonF my salt master, for example, runs sub-services as diverse as salt-master, httpd, and poudriere
16:24 saltuser rgrundstrom_home: but its not my problem! with this commands you run cmd on the minions. But i need to call on the master or to call another sls
16:25 XenophonF skatz: https://github.com/irtnog/salt-states/blob/master/top.sls
16:25 skatz XenophonF: awesome, appreciate the example. I'll take a look
16:27 XenophonF for my stuff I have this idea of the standard operating environment
16:27 XenophonF that's necessarily operating system-specific
16:28 XenophonF e.g., all my CentOS servers get the same sshd configuration
16:28 skatz right that's exactly what i'm looking for
16:28 XenophonF but in my mind a multi-role server has a role: "all-those-roles-combined" :)
16:29 skatz yep exactly
16:29 skatz i like the compound matches you're doing too
16:29 XenophonF here's the example pillar repo to go with the states repo - https://github.com/irtnog/salt-pillar-example
16:30 XenophonF i do targeting based off minion naming conventions, so maybe that doesn't scale beyond 100s of servers
16:31 XenophonF i keep meaning to ask guys like iggy how they handle targeting at that level
16:33 skatz right
16:33 skatz i think my goal is to only target based on pillar/grain data and not use names at all
16:33 XenophonF for security-sensitive targets, use Pillar
16:34 XenophonF some people target roles based on Grains, but if someone hacks the minion, they could change the grains data in order to manipulate the master into revealing secrets
16:34 jbkc85_ joined #salt
16:34 skatz joined #salt
16:38 skatz yikes my wifi keeps dropping on this flight :( anyway thank you for the pointers XenophonF, very very helpful. I'll come back if I have more qs.
16:40 skatz_ joined #salt
16:42 pbandark hi.. i am executing state file with `state.orchestrate` runner. but it fails with "Too many functions declared in state 'file' in SLS". https://paste.fedoraproject.org/paste/OJLm5mwXmbODAYvchddBhg     can anyone help me to pointout an error from sls file. there are just 3/4 lines in sls file
16:47 XenophonF bon voyage, skatz
16:49 XenophonF pbandark: the bug is in provisioning/create_instance_profiles.sls
16:49 XenophonF my guess is you have two different file states with the same state ID
16:50 pbandark checking
16:52 pbandark XenophonF: https://paste.fedoraproject.org/paste/NoK4F4EOi3tSq~qDdpi~og
16:52 pbandark state id is different
16:53 XenophonF Actually XenophonF has been known to make mistakes... from time to time... Oh dear...
16:55 pbandark XenophonF: did i make any mistake in calling the runner? i am very new to salt-runner :)
16:56 XenophonF pbandark: syntax error at line 7 in the second paste
16:56 pbandark checking
16:56 XenophonF should probably read: source: salt://...
16:56 pbandark grrr
16:56 pbandark :)
16:56 XenophonF :-D
16:56 pbandark let me update
16:57 XenophonF if you're using salt to configure the salt-master, why not use salt-formula?
16:57 XenophonF nvm i see you're doing special stuff with the gcp pillar
16:59 pbandark XenophonF: but yes i am performing operation on the salt-master itself. i am creating google profile config files which i can use later
16:59 pbandark is there any other easy way for the same ?
17:00 pipps joined #salt
17:01 mikecmpbll joined #salt
17:07 XenophonF I push those files out using salt-formula's salt.cloud SLS
17:07 XenophonF and they're templated like other config files
17:07 iggy XenophonF: we don't really do targetting, most of our servers just have a schedule to highstate and we just accept that at any given time servers may or may not be updated with the latest highstate
17:07 XenophonF but I can't show you my work configs
17:08 iggy of course, our devs can manually highstate if they have something specific they are looking for from a salt config release
17:08 XenophonF gotcha
17:08 iggy and we have a home-built system for doing canaries/rollback/etc that can tie into a server running a highstate
17:10 iggy we do have metrics to tell when a server last highstated, so a dev team can setup alerts if their systems go out of date
17:10 Lionel_Debroux joined #salt
17:10 iggy realistically, we don't do a lot of changes to a system after it's provisioned (systems wise anyways... apps wise that is handled by other systems)
17:12 Edgan iggy: Do you treat redis, cassandra, rabbitmq, mysql, zookeeper, nginx, and salt masters as part of system stuff or as application deploys?
17:13 pbandark XenophonF: ok
17:15 onlyanegg joined #salt
17:16 stanchan joined #salt
17:17 iggy Edgan: apps (which the devs are responsible for)... this is the first place I've worked at that's like this... I'm not sure I'd emulate it somewhere else
17:17 XenophonF yow
17:17 XenophonF no way
17:18 iggy it leads to a proliferation of NIH and one off setups that is barely maintainable
17:18 Edgan iggy: Where are you now?
17:18 iggy I'm not sure they'd like me saying after that scathing review, lol
17:18 johnj joined #salt
17:18 Edgan iggy: haha
17:19 iggy I prefer Netflix's way of having foundational services that any team can use that is actually maintained (not just installed and forgotten about)
17:21 Edgan iggy: yeah, I really don't care for the fire and forget for foundational services
17:24 _KaszpiR_ joined #salt
17:25 nixjdm joined #salt
17:28 squishypebble joined #salt
17:30 saltuser hey, is it possible to start annother local sls-file an my local first-sls file(no remote excecution) ?!
17:32 brasticstack joined #salt
17:34 brasticstack Hi all, I'm having immense difficulty with pkg.installed from an already downloaded .rpm file. I could be running afoul of https://github.com/saltstack/salt/issues/27400, or I could just be using the wrong version string in my state. How can I tell the difference?
17:40 Edgan brasticstack: give us an example, or if bigger text give us with a pastebin like service
17:41 schemanic joined #salt
17:41 brasticstack holycrap, I just got it. Been banging my head on the desk for two hours. The - sources dict needs the name of the package I'm installing, not a version number.
17:41 Edgan brasticstack: you are installing from a local rpm not a yum repo?
17:41 schemanic Hello everyone
17:41 brasticstack I swear I read the docs, but the ones in salt.states.pkg are less clear than the ones in salt.modules.yumpkg.
17:42 Edgan brasticstack: when you said already downloaded, I think you mean yum had already cached it
17:42 Edgan brasticstack: are you doing salt-ssh or masterless?
17:43 brasticstack Edgan: No, I download the .rpm as a separate step in my state. Then I'm using pkg.installed with the 'sources' parameter to reference it.\
17:44 * Heartsbane waves @ brasticstack.
17:44 schemanic Do jinja lists accept the same methods that python lists do? I'd like to take a list defined in pillar and extend it with a list value defined in a mapfile
17:44 brasticstack heya
17:44 Edgan brasticstack: why not use a yum repo?
17:44 Edgan schemanic: yes
17:44 Edgan schemanic: welcome to the not so obvious powerful fact :)
17:44 brasticstack Edgan: That's not how this particular install works.
17:45 Edgan brasticstack: application?
17:45 schemanic Edgan: Does it work to import formula mapfiles in pillar sls?
17:45 brasticstack Edgan: RabbitMQ
17:45 Edgan schemanic: Why would you need to do that?
17:46 Edgan brasticstack: seems perfectly doable with yum
17:46 * Heartsbane remembers a whole conversation with cedwards about 3 party binaries and repos.
17:46 Heartsbane *3rd
17:46 Edgan brasticstack: if it was your in house written application that you deployed all the time, direct installing can make sense. Rabbitmq doesn't change that often, so yum seems natural.
17:47 brasticstack Edgan: I could be missing something. I was following RabbitMQ's install directions for a newer version than EPEL provides in centos.
17:47 schemanic Edgan, I'm working with tomcat and another application that runs as an agent inside the JVM
17:47 beardedeagle joined #salt
17:47 Edgan brasticstack: Don't just blindly follow their instructions. Let me tell you how I manage yum/apt repos.
17:48 schemanic Edgan, one formula defines tomcat JAVA_OPTS, and the other formula sets up the agent program. I want the agent program's formula to ensure that the adjustment of the JAVA_OPTS variable happens rather than just remembering to pass it in the tomcat pillar
17:48 schemanic rather than *me* remembering to pass it in the tomcat pillar
17:49 Edgan brasticstack: I use Artifactory, a commerical product. It can do yum, apt, and many other things. It can also mirror third party repositories through a reverse proxy for local caching. Any one off rpms like your rabbitmq can either be made a yum repo, or added to a common one, your choice.
17:49 schemanic So I was thinking pass pillar to agent formula, futz with it in the mapfile, bring the mapfile into tomcat's pillar, then extend the JAVA_OPTS list with the agent mapfile's list value
17:49 Edgan schemanic: I think you want something like
17:49 schemanic I'm trying as best I can NOT to alter the formulas for either program
17:50 Edgan schemanic: https://storage.cygnusx-1.org/formula.txt
17:50 brasticstack Thanks Edgan. Perhaps a bit complicated for my needs, I'm mostly working on a PoC.
17:50 Edgan schemanic: This is how you use map.jinjas and pillars to target different levels of categorization of servers.
17:50 schemanic Let me see if I can understand what you've got here Edgan
17:51 Edgan schemanic: Are you using third party formulas?
17:51 schemanic Edgan: yes.
17:51 Edgan schemanic: Is that why you are trying to not modify them?
17:52 colabeer joined #salt
17:52 Edgan brasticstack: Are you writing the name of the rpm into your state file or are you pulling it from pillars?
17:53 schemanic Edgan, Yes and no. I'm still leveling up on SaltStack, and I haven't yet seen a way to reasonably manage formula dependencies. When I need to do things like this, the solutions I hear often involve me weaving formulas together in 'whatever way works' instead of a codified, salt-approved way, which frustrates me a bit.
17:53 schemanic Kindof like the difference between soldering wires together yourself and using a patch bay
17:54 Edgan schemanic: I would say forget not rewriting(maybe even using) third party formulas. In my experience they are always limited and/or crap.
17:54 schemanic Edgan, yeah but that means everything I do is custoim
17:54 schemanic custom*
17:54 schemanic That seems really fragile
17:55 Edgan schemanic: Can you give an example of whatever works vs salt approved?
17:55 schemanic Well you know how SaltStack publishes guidelines about how to structure formulas?
17:55 Edgan schemanic: they have some best practices
17:56 Edgan schemanic: The link I sent you is a working formula model that I have used in production.
17:56 schemanic I just don't like the idea that I'm writing something that only works for my specific setup, rather than something that is designed to accomodate my setup among any other
17:56 smead So, I'm new to salt, coming from ansible.  Does salt-ssh have a mode that does 'step-by-step' output like ansible does ?
17:57 Edgan schemanic: I know, but in reality the problem is too complex, and it is unnecessary work to write your formula for every distribution and release out there.
17:57 girishb joined #salt
17:57 Edgan smead: I am a heavy salt-ssh user, and not that I know of.
17:58 smead Thanks Edgan
17:58 Edgan smead: A way you could get closer would be to state.sls foo.pkgs for foo/pkgs.sls instead of just state.highstate or state.sls foo
17:59 schemanic Edgan, what part of this file were you meaning me to look at specifically?
17:59 smead Thanks Edgan, that's simple and works well
17:59 Edgan schemanic: The whole thing. It all fits together like jigsaw pieces
17:59 schemanic I think I'm understanding the value of your macros
17:59 schemanic Are they meant to be used in pillar?
18:00 Edgan schemanic: The pkgs macro reads a pkg list from map.jinja and install those packages. It is also so generic I can copy paste pkgs.sls between formulas and just search replace the formula name
18:00 schemanic Edgan, sorry, I'm just seeing a big wall of information and not understanding how it connects to what I'm trying to do
18:00 Edgan schemanic: ok, the model works like this
18:01 schemanic So this is meant to be something like boilerplate code
18:01 Edgan schemanic: First you need a way to categorize different servers into groups. There are many ways to do that.
18:02 Edgan schemanic: But I put the elements in the hostname of the system and then turn them into grains via a custom grain.
18:02 pipps joined #salt
18:02 Edgan schemanic: Now I can tell web servers from mysql servers from postgresql servers
18:02 schemanic Right
18:02 schemanic I use a similar convention, but I don't go as far
18:02 schemanic my servers (will be) named things like OTAPVM0000
18:02 Edgan schemanic: Then in my top I say web gets the web formula and mysql gets the mysql formula
18:03 schemanic yeah sure
18:03 schemanic I understand that
18:03 schemanic I did what the salt docs did and set up my targeting with grains, then everyone told me not to do that
18:03 schemanic so I know I need to undo that
18:03 Edgan schemanic: then in the mysql formula I break things out into the base elements
18:03 Edgan init(table of contents), users, pkgs, files, and services
18:04 Edgan schemanic: I break them out that way, because you almost always want to do them in the same order across all formulas
18:04 schemanic yeah okay
18:04 Edgan users before pkgs, pkgs before files, and services last
18:04 schemanic but how to you affect one formula with another
18:04 schemanic because sometimes you want just tomcat
18:04 Edgan Then all the real meat that I can manage goes intot he map.jinja
18:05 schemanic and sometimes you need something else to change tomcat
18:05 Edgan files tends to be a little messy
18:05 Edgan I will come back to that
18:05 Edgan and ask you some questions
18:05 Edgan So the map.jinja is the defaults for that formula
18:05 schemanic okay, so right now you're laying out your formula design philosophy
18:05 Edgan But you need overrides
18:06 Edgan yes
18:06 schemanic right
18:06 Edgan Pillars becomes your overrides and secret store
18:06 Edgan passwords have placeholders
18:06 schemanic okay, so you're saying no defaults yml
18:06 schemanic yep im with you there
18:06 Edgan defaults.yml is just yaml at the top of the map.jinja
18:06 Edgan Doesn't really matter where it lives
18:07 Edgan map.jinjas wouldn't have much in them if they didn't have the defaults
18:07 Edgan and by putting them in the map.jinja, you can use jinja power
18:07 Edgan Where as in the yml file, you don't have that option
18:07 schemanic so you're saying 'skip putting defaults in defaults.yml, put them in the mapfile.'
18:08 Edgan yes
18:08 Edgan because then I can do
18:08 schemanic Okay
18:08 Edgan {% if foo %}
18:08 Edgan pkg: foo
18:08 Edgan {% else %}
18:08 Edgan pkg: bar
18:08 Edgan {% endif %}
18:08 Edgan in map.jinja and not in defaults.yml
18:09 schemanic so you're saying control the package install by setting a pillar for the actual package
18:09 Edgan schemanic: I am saying set the default in the map.jinja and override when needed with pillars
18:10 schemanic but that already happens in most cases
18:10 Edgan schemanic: yes, but
18:10 schasi joined #salt
18:11 Edgan schemanic: The normal way to do that is you have to say things like pillar[grain]:['foo']
18:11 Edgan schemanic: and your pillar variable names are going to get really long
18:11 schemanic okay
18:11 Edgan With this:
18:11 Edgan {% set toplevel = salt['pillar.get'](defaults.state.name, default=defaults, merge=True) %}
18:11 Edgan {% set region_env_cluster = salt['pillar.get'](defaults.state.name ~ ':' ~ grain.region ~ ':' ~ grain.env ~ ':' ~ grain.cluster, default=toplevel, merge=True) %}
18:12 schemanic I can't follow that at the moment
18:12 Edgan You directly suck in just the pillar data you need for a certain group and merge it over the defaults
18:12 Edgan schemanic: and it can even be layers
18:13 schemanic I mean, I can understand, But we're in the 'wax on wax off' part, not the 'crane kick the fuck out of that cobra kai asshole' part
18:13 Edgan defaults overridden by toplevel pillars overridden by certain set of pillars for servers in a certain region, environment, and cluster
18:13 Edgan schemanic: Think of the defaults in the map.jinja like an object
18:13 schemanic YEs
18:13 schemanic yes
18:14 Edgan schemanic: and then we repeatedly pull in pieces of pillar data and overwrite parts of the object
18:14 schemanic yes
18:14 schemanic 100% with you there
18:14 schemanic Are you telling me I need to import the map or pillar for my agent formula into tomcat's mapfile?
18:14 Edgan So we can have a default password, a real toplevel password, and a password per region/env/cluster
18:15 Edgan schemanic: yes, see my link, I import map.jinjas into map.jinjas
18:15 schemanic yes but you would just make separate pillar.sls files
18:15 schemanic for each of those subdivisions
18:15 Edgan schemanic: yes
18:15 schemanic then apply them properly in the topfile
18:15 Edgan yes
18:15 schemanic yeah I'm already there
18:15 Edgan schemanic: There is one limitation
18:16 Edgan schemanic: map.jinjas can't import each other in a circle. So you have to make sure it never goes circular.
18:16 schemanic Well thats my problem
18:16 schemanic I'm telling you I have a tomcat mapfile
18:16 schemanic and an agent mapfile
18:16 Edgan schemanic: So the solution to that problem is to make a third that they share
18:16 DanyC joined #salt
18:17 schemanic Tomcat formula needs to use a value in the agent mapfile
18:17 cliluw joined #salt
18:17 schemanic yeah no that doesn't work
18:17 Edgan sure it can
18:17 schemanic because I'm using a published formula
18:17 schemanic The formula I've got is what does all the work
18:17 Edgan yeah, that is why I say formulas can't be immutable
18:17 schemanic I don't want to pull all of that out into a third formula just to get what I want. I don't have the time to reinvent the wheel
18:18 Edgan schemanic: doesn't have to be a third
18:18 ecdhe joined #salt
18:18 Edgan schemanic: but that is often the best way, depending
18:18 Edgan schemanic: another thing you can do is just have more than one map.jinja per formula
18:19 Edgan schemanic: Put the things they need to share with each other in a second one
18:19 Edgan and then import those across
18:19 Edgan a little more complicated, but solves your problem
18:19 schemanic Is there something simple I can do like import the mapfile from agent into the pillar file for tomcat?
18:19 johnj_ joined #salt
18:20 Edgan Doing anything too advanced with pillars tends to lead to answers of it only works sometimes or it doesn't work at all
18:20 schemanic I'm just asking if it works
18:20 schemanic like, is it outright not done because it's not designed to work that way, or is it a valid use of the files
18:21 schemanic I don't mean to dis your ideas because they make sense, but right now I'm not in the place where I can invent my own ways of doing things, I need the fastest borrowed pathway to my solutions
18:21 Edgan schemanic: You can import map.jinjas into pillars
18:21 Edgan schemanic: I looked through my code and there is one place I did that
18:22 schemanic Okay. I thought of doing it like that because pillars are *supposed* to be the place where you do wacky things to pass data into formulas
18:22 pipps joined #salt
18:22 Edgan schemanic: I turn my custom grains into jinja variables in a map.jinja, and then I did a {{ grain.env }} in a pillar sls
18:22 schemanic mmm
18:23 schemanic After I get what I'm trying to do working, my company will see the value in all the effort I've been spending on Salt, and they hopefully will give me the time and energy and resources to figure out a formula style that works for us
18:23 Edgan schemanic: But I personally would stick to making formulas work with formulas instead of going through pillars as a detour.
18:24 schemanic Edgan, you're saying if I'm going to import Agent's mapfile, do it in the tomcat formula and work there, being willing to alter tomcat's formula a bit
18:25 stanchan joined #salt
18:25 Edgan schemanic: always be willing to change formulas to meet new needs
18:25 nixjdm joined #salt
18:26 Edgan schemanic: You will never be doing with your formulas. Even if you don't change things, third parties will.
18:26 Edgan I mean be done
18:26 schemanic That's fair
18:26 schemanic What I'm mostly frustrated with is that there doesn't seem to be a standardized way of handling formulas sharing.
18:27 xMopxShell Is there a tool that can print out job results in a nice table? Like ID/Function/Changes/Comment columns would be nice
18:27 Edgan schemanic: They can be brought up to a level of coverage to allow serious sharing, but it is so much work that your boss would likely not approve it. It would literally be 10x+ as much work.
18:28 Edgan schemanic: and you don't know what you will face tomorrow that will make that incomplete too. It is the nature of the beast.
18:28 shadoxx joined #salt
18:28 Edgan xMopxShell: What comes to mind is foreman can take in jobs results and give you a nice web gui to look at them with
18:30 Edgan schemanic: If there was one linux distribution and a rolling release of that distribution, and it guaranteed backward compatibility forever, you would have a good start.
18:31 Edgan schemanic: You could do a further level of abstraction and not put any defaults in map.jinjas and all in pillars. Then when the default package name changed from rabbitmq to rabbitmq-server, you would just change the pillars
18:32 Edgan schemanic: But the downside of that is your formulas wouldn't make any sense without example pillar data
18:32 Edgan schemanic: Which is somewhat of a problem with existing public formulas
18:33 DanyC joined #salt
18:33 Edgan schemanic: Then you still have when new config files are added, especially in a new directory. You could abstract that away with pillars too.
18:33 Edgan schemanic: and I have seen people take it that far
18:33 Edgan schemanic: But then your pillars start looking like salt code not just yaml data
18:34 schemanic yeah
18:34 Edgan schemanic: At which point what have you really gained. You have just kicked the can from code to pillars.
18:35 schemanic I still would like for there to be a well thought out way of saying:
18:37 schemanic "Here's a formula for a program like tomcat. You can use it on it's own, or you can use it as part of a stack where it's functionality serves a larger application. The formula for tomcat is written to accept config data from it's own channel, but there is a standardized way of receiving config data from another channel above it: The Stack. In this way, The Stack can pass data down to publicly shared formulas for tomcat, httpd,
18:37 schemanic memcached, and many others, and it is easy to see where to place The Stack's data"
18:38 Edgan schemanic: ok, I have a formula that I do something like that
18:38 Edgan schemanic: nginx
18:38 DanyC_ joined #salt
18:39 Edgan schemanic: nginx the formula handles the package, and has a map.jinja of defaults, but I actually write the nginx.conf not in the nginx formula, but in the application formula that uses it
18:39 Edgan schemanic: because I could make a mega nginx formula that understands the billion nginx formulas, or I could just create a nginx.conf template per application
18:40 ChubYann joined #salt
18:40 Edgan schemanic: chef takes the former strategy
18:41 schemanic Yeah chef seems to use the idea of hard-line dependencies
18:41 schemanic I like that idea a lot, but I don't like chef
18:42 Edgan schemanic: The things that need this stuff like nginx and apache are glue applications, and they tend to have way too many options. I don't want to write a formula that complex, and would also have to support multiple versions of all that complexity over time. The formula would just keep getting bigger and more complex.
18:43 schemanic You're trying to sell me on writing purpose-built config
18:43 schemanic and I see your point
18:44 Edgan schemanic: only for the super complex things
18:44 schemanic mmm
18:44 Edgan schemanic: I don't have this problem with databases or data stores.
18:45 Edgan schemanic: they are complex, but they don't interface to other things in the same way
18:45 squishypebble joined #salt
18:48 Edgan schemanic: One of the things I didn't like about Chef's mega nginx recipe was that you couldn't predict the option name. The config file might call it ssl_file, but Chef might call it SSL_cert_file
18:48 Edgan schemanic: Then it becomes a game of mapping chef nginx option names to actual nginx option names
18:49 Edgan schemanic: Any mapping of A to B by humans over time is going to make it only work by reading the documentation(often incomplete or inaccurate) or guess work
18:51 aldevar joined #salt
18:51 Edgan schemanic: I prefer to only have to read the nginx documentation, not both.
18:52 Edgan schemanic: You will also one day run into the day where you need to extend the configuration management code, because you need a option they don't cover yet.
18:52 kmkramer71 joined #salt
18:54 rnicksic joined #salt
18:57 five04tluv joined #salt
18:57 schemanic Edgan, I really appreciate the time you've taken to advise me. I'm placing our talk into a big book of transcripts I'm saving for the future
19:00 aldevar joined #salt
19:02 toanju joined #salt
19:03 Guest94_ joined #salt
19:04 Guest94_ left #salt
19:09 DanyC joined #salt
19:11 stanchan joined #salt
19:11 cyborg-one joined #salt
19:12 Brew joined #salt
19:13 rnicksic joined #salt
19:17 rnicksic left #salt
19:17 bluenemo joined #salt
19:19 omie888777 joined #salt
19:20 johnj_ joined #salt
19:22 jbkc85__ joined #salt
19:24 rnicksic joined #salt
19:25 blu_ joined #salt
19:25 nixjdm joined #salt
19:27 rmelero joined #salt
19:28 rnicksic left #salt
19:29 jbkc85__ left #salt
19:32 pipps joined #salt
19:34 smartalek joined #salt
19:35 rnicksic joined #salt
19:35 rnicksic I upgraded to 2017.7.1 yesterday from Ubuntu 16.04 package
19:36 rnicksic now apache_module.enable doesn’t work for me
19:36 stanchan joined #salt
19:36 rnicksic Reason: 'apache_module.enable' is not available.
19:36 schasi joined #salt
19:36 rnicksic I have ensured that apache is installed and that a2enmod is available
19:38 pbandark joined #salt
19:51 pipps joined #salt
19:58 ibro joined #salt
20:01 bushelofsilicon joined #salt
20:03 grendelson joined #salt
20:03 grendelson I'm in RHEL 6.9 , python 2.6/7 heck
20:03 grendelson I finally hacked manuallun libgit2 0.26 in and successfully ran pip2.7 install pygit2
20:04 grendelson seemed to install just fine - but salt --versions-report still shows both as Not Installed
20:04 grendelson This is an attempt to move a 2016.11 salt master to 2017.17 after doiing all yum upgrades and gitfs failing
20:04 onlyanegg joined #salt
20:04 grendelson any way to get salt to SEE the new pygit2
20:05 grendelson pygit2 (0.26.0)  ( from pip2.7 list
20:06 bushelofsilicon hey all, my git pillar won't update, it says there is a lockfile, but there's no lockfile where it says it should be, suggestions?
20:07 aldevar left #salt
20:07 iggy rnicksic: it's .enabled
20:07 iggy declarative and all that
20:10 grendelson -- /usr/lib64/python2.7/site-packages/pygit2
20:10 grendelson Is there a file or salt command I nee to run to get the new 2017.7 install to "see" the pygit2 install in 2.7?
20:11 iggy is 2017.7 running via python 2 or 3?
20:11 iggy if 3, you can't
20:11 grendelson iggy: 2.7
20:11 rnicksic strange, it used to work with .enable
20:11 grendelson this is a rhel 6.9 master with 2.6 installed and 2.7 installed
20:11 rnicksic thanks for pointing that out
20:12 iggy rnicksic: .enable has been deprecated for over a year (you should have been seeing deprecation notices unless you upgraded from 2015.x to 2017.7)
20:12 grendelson Upgraded via pkg mgt to 2017.7.1 , then installed all requirements to get newest libgit and pip27 and gcc etc.
20:12 JawnAuz bushelofsilicon, have you run 'salt-run cache.clear_git_lock gitfs type=update' ? Fixed it for me, ran into the same thing recently.
20:12 iggy grendelson: you shouldn't have to do anything specific then
20:13 grendelson Then I finally got a clean pip2.7 pygit2 installation
20:13 rnicksic I upgraded from the Ubuntu 16.04 packaged version, which is 2015.x
20:13 iggy ahh, yeah, that would do it
20:14 iggy I'd probably peruse the release notes for all the versions inbetween
20:14 rnicksic ok, thanks
20:14 grendelson salt --versions-report Salt Version:            Salt: 2017.7.1     pygit2: Not Installed          Python: 2.7.13 (default, Jul 12 2017, 17:32:34)
20:14 iggy I've never even managed a single minor version update without requiring changes of some kind
20:16 bushelofsilicon JawnAuz: yep, it just says it didn't clear any lock files
20:16 pipps joined #salt
20:16 JawnAuz Did you change any remote gitfs paths/env recently? I had a similar issue with a leftover : at the end of a repo url without a env: under it.
20:16 nick123 joined #salt
20:17 rnicksic left #salt
20:17 wavded joined #salt
20:18 JawnAuz I also think the way the GitPython ext_pillar reads from a repo that is also a sls repo might cause lock issues.
20:18 pipps joined #salt
20:18 JawnAuz So best practice is to have a separate repo for pillar, I guess. (Private repos, ftw.)
20:18 bushelofsilicon JawnAuz: nope, no gitfs changes. and I'm using pygit2
20:18 grendelson iggy: I did a complete UNINSTALL via Yum and then an install and it started this time!
20:19 grendelson so it must have looked for the requisite packages on install :(
20:19 bushelofsilicon JawnAuz: yep, seperate repo for pillar, GitLab ftw
20:21 iggy grendelson: wonder if a master restart would have helped... maybe the salt gitfs module tried to load before the python gitfs module was installed and the loader doesn't generally try to reload unless it's specifically told to
20:21 bushelofsilicon JawnAuz: I think it has something to do with cleanup not being done right if I try to kill the salt master. I can't kill it and go into debug mode normally, I have to reboot then kill it right away
20:21 bushelofsilicon so I think that might have caused issues
20:21 grendelson iggy: Maybe - I had not started the service - I've been runnig it "salt-master -l debug" from cmd line to see output...
20:22 iggy meh, in any case, it's working now \o/
20:22 johnj_ joined #salt
20:22 grendelson iggy: Yep ;) Still might scrap it and just do a RHEL 7 ( or ubuntu16 ) install with python3.....
20:23 grendelson but working now at least let's me test check_cmd which is what broke 2016.11 for me since I couldn't change files from salt!
20:24 nixjdm joined #salt
20:26 xet7 joined #salt
20:34 bushelofsilicon JawnAuz: I rebooted and started up debug mode and it updated, salt-run git_pillar.update still returns false though
20:37 cw__ joined #salt
20:39 grendelson iggy: HAH  Figured out why it worked when I reinstalll the pkg mgt yum moved the master file to master.rpmsave and installed a default master file.   SO my master could still see the minions ( test.ping works) but no states or pillars :(
20:39 grendelson so back to debugging...
20:40 brodudeman joined #salt
20:40 grendelson Still when I try to load gitfs using pygit2 I get nothing found...
20:41 grendelson guess I never rebooted msater or reran ldconfig - I'll try a reboot first :(
20:44 pipps joined #salt
20:49 bildz if I try this  salt 'sm01' cmd.run 'echo "this is a test"'   I get minion did not return
20:51 JawnAuz bushelofsilicon, is it possible there's just no new data? Mine returns false as well, as per the docs: https://docs.saltstack.com/en/latest/ref/runners/all/salt.runners.git_pillar.html
20:51 JawnAuz Are you looking for a specific pillar that isn't coming across?
20:53 bushelofsilicon JawnAuz: yeah, was looking for new entry. when I run git pillar update with debug, it says it's update to date with the repo
20:53 bushelofsilicon JawnAuz: but it's not, it is only updating when I reboot the master
20:53 JawnAuz Wonder if it's a pillarenv/merging thing... Not sure.
20:55 pipps joined #salt
20:57 bushelofsilicon JawnAuz: I guess I'll see if I can replicate the issue in test kitchen and submit an issue
21:01 bushelofsilicon JawnAuz: I'm pretty sure it used to work though
21:02 grendelson By swapping gitpython and removing the pygit keys I was able to start master with 2.7 Python and 2017.7
21:02 pipps joined #salt
21:02 grendelson seems to be working as I can see my gitfs enabled states now
21:02 Sarphram joined #salt
21:10 pipps joined #salt
21:14 onlyanegg joined #salt
21:19 grendelson How in the world is anyone using file mgt in salt?  I tried under 2016.11 check_cmd broken - upgraded to 2017.7 master - new check_cmd errors - upgraded client to 2017.7 same error : line 23: Bad yes/no argument: sandbox
21:19 grendelson check_cmd execution failed /tmp/__salt.tmp.uYtW7n line 23: Bad yes/no argument: sandbox
21:20 grendelson this is trying to use openssh-formula in github to update openssh config file with 2 params.   test works fine
21:20 grendelson but code fails every tim eon check_cmd
21:20 schasi joined #salt
21:21 correct joined #salt
21:22 grendelson UsePrivilegeSeparation sandbox  - this is the only line I can figure might have something to do with it?
21:22 grendelson but I'm not trying to set that
21:23 johnj_ joined #salt
21:23 oida joined #salt
21:30 onlyanegg joined #salt
21:31 omie88877777 joined #salt
21:38 cgiroua joined #salt
21:42 grendelson Got it working - bug noted here ! https://github.com/saltstack-formulas/openssh-formula/issues/102
21:54 grendelson Had to manually set the UsePrivilegeSeparation: yes in my pillar so it owuldn't get overwritten and incorretly set to sandbox.
22:06 tkite joined #salt
22:08 tkite left #salt
22:13 stanchan joined #salt
22:23 pipps joined #salt
22:24 johnj_ joined #salt
22:44 xMopxShell How can I check what module is loaded for the `service` state? I'm not able to use a service.restart state on my upstart-based system...
22:50 xMopxShell Uhh nevermind, ill use service.running with a watch instead
23:09 pipps joined #salt
23:12 stanchan joined #salt
23:25 johnj_ joined #salt
23:41 ouemt joined #salt
23:53 ip-0 joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary