Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2017-10-09

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:03 swa_work joined #salt
00:11 tiwula joined #salt
00:15 sh123124213 joined #salt
00:26 johnj_ joined #salt
00:37 stanchan joined #salt
01:07 igors joined #salt
01:18 zerocool_ joined #salt
01:26 johnj_ joined #salt
01:37 stanchan joined #salt
01:55 ilbot3 joined #salt
01:55 Topic for #salt is now Welcome to #salt! <+> Latest Versions: 2016.11.7, 2017.7.1 <+> Support: https://www.saltstack.com/support/ <+> Logs: http://irclog.perlgeek.de/salt/ <+> Paste: https://gist.github.com/ <+> See also: #salt-devel, #salt-offtopic <+> We are volunteers and may not have immediate answers
02:28 johnj_ joined #salt
02:33 oida joined #salt
02:41 sh123124213 joined #salt
02:52 JPT joined #salt
02:53 ahrs joined #salt
03:05 sh123124213 joined #salt
03:15 ramteid joined #salt
03:29 johnj_ joined #salt
03:48 nixjdm joined #salt
03:57 gnomethrower joined #salt
04:24 evle2 joined #salt
04:30 johnj_ joined #salt
04:31 stanchan joined #salt
04:37 k_sze[work] joined #salt
04:52 pepperbreath joined #salt
04:56 sh123124213 joined #salt
05:26 pepperbreath Hi, did someone setup his own customtop (master_tops)? How am I able to call the id of a client minion, which I would like to pass to a function inside the script?
05:31 johnj_ joined #salt
05:52 * MTecknology doesn't understand the question
06:01 do3meli joined #salt
06:01 do3meli left #salt
06:02 darioleidi joined #salt
06:04 armyriad joined #salt
06:15 felskrone joined #salt
06:23 asyncsec joined #salt
06:32 johnj joined #salt
06:47 pepperbreath i have a customtop script (python) and I would like depending on the ID of the minion to return the classes and/or grains it should have.
07:04 pualj joined #salt
07:05 colttt joined #salt
07:08 DanyC joined #salt
07:09 aldevar joined #salt
07:12 hojgaard joined #salt
07:14 DanyC joined #salt
07:18 kwork joined #salt
07:20 kwork joined #salt
07:24 Ricardo1000 joined #salt
07:25 Hybrid joined #salt
07:30 usernkey joined #salt
07:33 johnj joined #salt
07:34 jhauser joined #salt
07:41 m4rk0 484 people in channel, community dead af
07:46 hoonetorg joined #salt
07:52 aldevar joined #salt
07:58 usernkey1 joined #salt
08:00 usernkey joined #salt
08:04 SamYaple m4rk0: what are you on about?
08:05 _KaszpiR_ joined #salt
08:05 pbandark joined #salt
08:15 bdrung_work joined #salt
08:23 rdale_ joined #salt
08:27 Mattch joined #salt
08:28 W4RL0RD joined #salt
08:29 rdale_ joined #salt
08:33 ivanjaros joined #salt
08:33 rdale_ joined #salt
08:35 johnj joined #salt
08:36 absolutejam Morning all
08:36 absolutejam Is it possible to get pillar data in the pillar top file?
08:37 absolutejam I'm trying to automatically create a pillar entry for each nodegroup
08:38 rdale___ joined #salt
08:39 MTecknology morning? I should get to sleep
08:39 absolutejam https://pastebin.com/B7wcExsc
08:39 MTecknology absolutejam: ext_pillar and switch their load order
08:40 MTecknology for some reason, the word nodegroup makes me angry
08:40 MTecknology OH! $client, I remember
08:41 absolutejam I have nodegroups working, if that's what you mean?
08:41 MTecknology I assumed you had both working
08:42 absolutejam I currently have per-minion pillar working (eg. /srv/pillar/minion/<name of minion>.sls) by using the same methog with grains
08:42 MTecknology You can use one in the other, but not the other way around, and there's a toggle for which is which
08:42 absolutejam But I'm not sure if you can access pillar from pillar top.sls?
08:42 MTecknology you can't get pillar from pillar, no
08:42 absolutejam Because you can't access another pillar value from pillar in general
08:43 absolutejam bleh, that sucks.
08:43 rdale___ joined #salt
08:44 MTecknology what's the actual thing you're trying to do?
08:44 rdale__ joined #salt
08:44 absolutejam https://pastebin.com/B7wcExsc
08:44 absolutejam Basically just have a pillar entry per nodegroup automagically
08:44 absolutejam Like I do for minions
08:44 absolutejam For shared configs
08:45 MTecknology what does that mean? that's the question I'm asking
08:45 absolutejam Well, instead of adding an entry in my /srv/pillar/top.sls for each nodegroup
08:46 MTecknology what's a nodegroup?
08:46 absolutejam https://pastebin.com/6ciwct7m
08:46 MTecknology gotcha
08:46 m4rk0 SamYaple, I'm asking third time in 5 days...
08:46 m4rk0 I'm trying to send json via cmd.run curl from reactor, but I'm getting this error: SaltRenderError: mapping values are not allowed here
08:46 absolutejam The ext_pillar nodegroup. Allows the grouping of different minions via. different attributes
08:47 m4rk0 https://gist.github.com/mdzidic/9e9854f0701e624f63cce4e4278acb05
08:47 rdale__ anyone working win_wua having some erratic results from using categories, running ... salt -C 'G@os:Windows and *' win_wua.list_updates categories="Forefront Endpoint Protection 2010" install=true gives a whole bunch of other updates when run from cron
08:47 absolutejam eg. I have an mssql one that targets all hosts with 'sql' in the name and that are Windows hosts
08:47 m4rk0 When i remove --data part curl execute as it should....
08:47 MTecknology Why don't you have another nodegroup for win-sql?
08:48 MTecknology or whatever it is you want to group
08:48 absolutejam m4rk0: Have you tried sticking the whole arg in quotes?
08:48 absolutejam It looks like it's failing at the colon
08:48 absolutejam Or use the http module
08:49 m4rk0 absolutejam, i'll try that, thanks for tips
08:51 sh123124213 joined #salt
08:54 oida joined #salt
08:57 m4rk0 absolutejam, how to pass json data with http.query? :/
09:02 omie888777 joined #salt
09:05 gladiatr joined #salt
09:07 absolutejam https://github.com/saltstack/salt/blob/develop/salt/utils/http.py
09:07 absolutejam The http module just wraps utils.http
09:07 absolutejam so just pass data="" with your json in there
09:07 absolutejam I think you might even be able to render it from yaml if you so wished
09:11 m4rk0 Alright, tnx
09:23 m4rk0 I have new question... How to run reactor state from master salt on minion?
09:24 babilen m4rk0: Could you paraphrase that?
09:25 absolutejam You'd have to use the orchestrate runner
09:25 absolutejam if you want to run a state on a minion from a reactor run
09:25 absolutejam afaik
09:26 m4rk0 I have reactor 'salt/minion/*/start' and I want to get minion ip something like grains['ip4_interfaces']['eth0'][0] ... and I get IP from salt master eth0 :)
09:26 m4rk0 absolutejam, okay i'll check that :)
09:26 absolutejam youd need to use salt mine
09:27 absolutejam to make the grains information from other hosts available
09:27 m4rk0 awesome!
09:28 rdale__ joined #salt
09:35 smead joined #salt
09:36 johnj joined #salt
10:01 Trauma joined #salt
10:07 Naresh joined #salt
10:37 johnj joined #salt
10:45 nick123 joined #salt
11:01 pepperbreath joined #salt
11:02 pualj joined #salt
11:13 ramteid joined #salt
11:13 torontoy1s joined #salt
11:30 usernkey joined #salt
11:38 johnj joined #salt
11:59 asdfasd_ joined #salt
12:01 pbandark hello everyone.. with salt-cloud is it possible to create egress firewall rule in google cloud? i was going through "gce.py" and I dont find any specific code to specify ingress/egress.
12:03 darioleidi joined #salt
12:06 smead joined #salt
12:06 gladia2r joined #salt
12:08 Nahual joined #salt
12:10 Trauma joined #salt
12:17 Tucky joined #salt
12:17 Trauma joined #salt
12:22 asyncsec joined #salt
12:28 fl3sh hi, how can I use private repo as winrepo?
12:31 squishypebble joined #salt
12:38 GMAzrael joined #salt
12:38 johnj joined #salt
12:43 hoonetorg joined #salt
12:47 gh34 joined #salt
12:49 guedressel joined #salt
12:51 DammitJim joined #salt
12:52 DammitJim joined #salt
12:52 m4rk0 absolutejam, I can't get values from mine.get I just get empty response "local: ----------", do I need to enable salt.mine somewhere on minion?
12:52 XenophonF fl3sh: you set up winrepos the same was as file server or external pillars
12:53 XenophonF e.g., install GitPython and make sure the right SSH key is installed for the root user
12:54 XenophonF here's how I have it set up using salt-formula: https://github.com/irtnog/salt-pillar-example/blob/master/salt/example/com/init.sls#L258
12:54 XenophonF hm, let me double check that against my actual config
12:54 XenophonF i vaguely remember touching this one or two major revs ago
12:55 fl3sh what about keys?
12:55 XenophonF nope, that's it
12:55 XenophonF well, I'm using GitPython, so it uses the SSH config of the user under which the salt-master account runs
12:56 XenophonF e.g., root
12:56 fl3sh winrepo authentication options is currently apply to the pygit2
12:56 XenophonF or salt
12:56 XenophonF so in my case i'm running salt-master as non-root
12:56 XenophonF and i use, er, users-formula to set everything up: https://github.com/irtnog/salt-pillar-example/blob/master/salt/example/com/init.sls#L18
12:56 XenophonF https://github.com/irtnog/salt-pillar-example/blob/master/salt/example/com/init.sls#L47
12:57 XenophonF I don't use pygit2, so I can't show you an example config.
12:58 XenophonF I'm sure it works the same as gitfs or the git ext_pillar, though you should RTFM to make certain.
12:59 fl3sh ok, thx
13:00 XenophonF I suppose that I should switch to per-repo deploy keys at some point, but for now my Salt master has its own GitHub/CodeCommit account.
13:01 XenophonF I'm only really using GitPython b/c on FreeBSD pygit2 didn't support longer RSA2 keys or Ed25519.
13:02 DammitJim joined #salt
13:02 fl3sh ... requires authentication, but no authentication configured
13:02 XenophonF That was like three years ago so I should probably look into it again.
13:02 XenophonF How are you accessing your Git repos---SSH or HTTPS?
13:03 XenophonF fl3sh: https://docs.saltstack.com/en/latest/topics/windows/windows-package-manager.html#pygit2-gitpython-support-for-maintaining-git-repos
13:04 m4rk0 I have reactor 'salt/minion/*/start' and I want to get minion ip on connect, something like grains['ip4_interfaces']['eth0'][0] ... and all I get is IP from salt master eth0 :) Is it possible without salt.mine?
13:04 XenophonF there are pygit2 example configs there
13:04 fl3sh how did you find it?
13:05 XenophonF fl3sh: https://duckduckgo.com/?q=saltstack+pygit2+winrepo
13:05 fl3sh ...
13:05 fl3sh thx ;)
13:05 XenophonF clicked the first link, then searched for pygit2 on that page
13:05 XenophonF ;)
13:05 colegatron joined #salt
13:05 XenophonF i can never get search to work on docs.saltstack.com
13:06 XenophonF probably my ultra paranoid browser setup
13:06 fl3sh ;D
13:06 XenophonF but site searches work well, e.g., https://duckduckgo.com/?q=site%3Adocs.saltstack.com+pygit2+winrepo
13:07 XenophonF google supports the same kind of site search syntax
13:24 racooper joined #salt
13:24 cgiroua joined #salt
13:26 XenophonF does anyone have any advice on how to troubleshoot SaltReqTimeoutError exceptions?
13:27 XenophonF prior to 2016.11 I had no problems running state.apply on minions located in Africa and Asia from my master in W. Europe
13:27 XenophonF this is driving me the crazy
13:29 wavded joined #salt
13:29 XenophonF if i restart salt-master, i can sometimes get a single call to state.apply to work
13:29 XenophonF i don't see any obvious problems at the IP or TCP layers
13:30 XenophonF the master lives in AWS EC2 region eu-west-1 (Dublin, Ireland), and other EC2 instances in the same region or N. America don't exhibit this problem
13:31 XenophonF just realized I haven't looked at my data centers' firewall logs in a while, so i'm going to double check those real quick
13:32 Trauma joined #salt
13:36 beardedeagle joined #salt
13:37 m4rk0 How to get minion grains from salt master reactor except with salt.mine?
13:39 johnj joined #salt
13:41 babilen m4rk0: That's what the mine is for .. What are you trying to do?
13:42 babilen In fact you might not want to use grains information in the reactor at all
13:42 babilen (if you access it directly you'd get the master's grains, but why do you need them to begin with?)
13:43 m4rk0 babilen, I have reactor 'salt/minion/*/start' and I want to post to my http api minion id and ip address, I've data['id'], but can't get address...
13:44 babilen So you want the output of network.ip_addrs in the reactor run a http query?
13:44 babilen *to
13:44 m4rk0 As I can see after installing salt-minion I have to execute "salt-call mine.send network.ip_addrs" from minion to get mine.get working
13:44 m4rk0 yes
13:49 LostSoul joined #salt
13:49 wavded joined #salt
13:56 JawnAuz joined #salt
13:57 Hybrid joined #salt
13:58 ouemt joined #salt
13:59 beardedeagle joined #salt
14:03 babilen m4rk0: Ah, just read your earlier message .. wouldn't use grains for that at all! (why hardcode the interface?), but send mine function aliases to the mine: http://paste.debian.net/989828/ for example)
14:20 gh34 joined #salt
14:23 wavded joined #salt
14:32 Brew joined #salt
14:41 johnj joined #salt
14:41 colegatron joined #salt
14:45 wavded joined #salt
14:52 cyborg-one joined #salt
14:57 fatal_exception joined #salt
15:02 XenophonF I wish it were possible to buy support for the FLOSS version of SaltStack.
15:03 XenophonF I don't want to run Enterprise, and it's too expensive anyway.
15:03 XenophonF dunno - maybe the team tier would work for us
15:03 sarcasticadmin joined #salt
15:07 nielsk joined #salt
15:12 babilen I wish it would be possible to pay a reasonable amount of money for a Web UI without having to buy extremely expensive support on top
15:12 babilen (or get a nice one as open source)
15:13 babilen But then .. FLOSS isn't what it used to be
15:18 tiwula joined #salt
15:21 noobiedubie joined #salt
15:21 oida joined #salt
15:24 XenophonF yeah
15:25 noobiedubie Hi all, I'm trying to find the best way to handle volumes (both root and additional volumes) in cloud.profiles been using block device mapping until now but I was hoping to switch to the just using volumes:, problem is I cannot seem to set the size of the root drive as salt thinks it's an additional drive and tries to mount it after instance launch which of course fails because ec2 has already assigned and mounted one. This does however work when using
15:29 XenophonF well, i just sent an RFQ to saltstack-actual
15:29 XenophonF we'll see what they have to say
15:29 XenophonF but if experience is any guide, they probably can't handle fedgov customers
15:30 XenophonF esp. support-only peeps like me
15:33 XenophonF in the meantime I've emailed the salt-users mailing list about my problems with SaltReqTimeoutError exceptions
15:33 * XenophonF crosses his figners.
15:34 XenophonF noobiedubie: your message got cut off at the end, but i've only ever used block device mappings with salt-cloud and EC2
15:35 XenophonF in fact to alter the root volume config you _must_ use block device mappings
15:35 lionel joined #salt
15:36 XenophonF the reason being that you cannot alter it after the instance launches except to stop the instance, detach the volume, etc.
15:37 Hybrid joined #salt
15:41 noobiedubie Xenophon: o ok thanks guess I'll have to stick to block device mapping. Can you set volume tags using this method?
15:42 johnj joined #salt
15:42 abrcdbr joined #salt
15:47 XenophonF dunno - I haven't tried.  I'd like to do that, now that you mention it, so clue me in if you figure it out ;)
15:47 zerocool_ joined #salt
15:47 XenophonF if you can do it via the RunInstances REST API, then the answer is yes
15:48 XenophonF that data structure gets passed to the API verbatium if I understand it correctly
15:48 XenophonF LOL verbatium
15:48 XenophonF new element
15:49 sh123124213 joined #salt
15:49 XenophonF this seems to indicate that it isn't possible - https://stackoverflow.com/questions/33622558/how-to-automate-root-device-volumes-tagging-using-cloudformation
15:51 overyander joined #salt
15:52 XenophonF I wonder if you could use something like Reactor to accomplish this---at a minion up event, look for a grain that says it's an EC2 instance, find its instance ID and associated tags, and enumerate attached volumes adding tags as you go
15:52 XenophonF I might actually set that up for work.
15:52 XenophonF It'd be niced to tag attached volumes and network interfaces.
15:54 stanchan joined #salt
15:58 _JZ_ joined #salt
16:00 noobiedubie yea i agree especially since you already can already tag any non root volume using the volumes method
16:01 noobiedubie seems (to me as least) like this should be handled in the profile itself, at least make it possible
16:11 m4rk0 babilen, It's not hardcoding, I just want to POST minion id and ip after start to my http api (register it to my database)
16:11 aldevar left #salt
16:17 m4rk0 babilen, this is my state for start reactor https://gist.github.com/mdzidic/8e725d3e29f9e0a7d6c35eb862ab6baf
16:23 zerocoolback joined #salt
16:24 zerocoolback joined #salt
16:25 stanchan joined #salt
16:29 nixjdm joined #salt
16:33 cswang joined #salt
16:39 impi joined #salt
16:40 babilen m4rk0: I meant that you'd hardcode the interface name if you use grains['ip4_interfaces'] in lieu of network.ip_addrs
16:42 m4rk0 babilen, I understand, as this is standard "hardcoded" server deploy I can use same interface :) And do You have any idea how to get grains from minion on master reactor?
16:43 johnj joined #salt
16:44 stanchan joined #salt
17:04 onlyanegg joined #salt
17:05 Topic for #salt is now Welcome to #salt! <+> Latest Versions: 2016.11.8, 2017.7.2 <+> Support: https://www.saltstack.com/support/ <+> Logs: http://irclog.perlgeek.de/salt/ <+> Paste: https://gist.github.com/ <+> See also: #salt-devel, #salt-offtopic <+> We are volunteers and may not have immediate answers
17:06 pcn w00t
17:06 whytewolf w00t indeed
17:08 pipps joined #salt
17:16 NV joined #salt
17:21 pipps joined #salt
17:23 _KaszpiR_ joined #salt
17:28 babilen m4rk0: You sure? → https://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames/
17:31 babilen Well, you should be able to get them from the mine .. but I'd use network.ip_addrs for that
17:31 babilen You can pass "type=private" if that's all you care about
17:31 babilen (or specify CIDR ranges)
17:33 nixjdm joined #salt
17:44 johnj_ joined #salt
17:45 CrummyGummy joined #salt
17:54 brianthelion joined #salt
17:55 brianthelion what's the accepted method for forking a master process from within a Python script?
17:56 dxiri joined #salt
17:56 stanchan joined #salt
17:57 XenophonF you're probably better off asking in #python
17:58 brianthelion I am looking at an entire stack of weird calls to core salt modules that seem utterly superfluous
17:58 XenophonF oh
17:58 XenophonF yeah, the code base seems stuck in the "more magic" position
17:59 XenophonF there's a lot of indirection
17:59 brianthelion for example, salt.cli.daemons.Master() apparently can't be passed options
18:00 brianthelion and looking at salt.utils.parsers.Master just gets worse
18:01 brianthelion i just want to prop up a Master in a separate multiprocessing.Process but it's not at all obvious how to do that
18:03 tiwula joined #salt
18:11 JawnAuz joined #salt
18:11 ipmb joined #salt
18:18 stanchan joined #salt
18:21 iggy that might be a question better posed to the mailing list (or a github issue)
18:21 iggy but my guess is "you can't"
18:24 brianthelion iggy: thanks, I was just starting to cook up a Github issue
18:26 colegatron joined #salt
18:29 Hybrid joined #salt
18:33 nixjdm joined #salt
18:34 ry joined #salt
18:34 pipps joined #salt
18:40 rgrundstrom joined #salt
18:43 nielsk joined #salt
18:45 johnj_ joined #salt
18:45 nielsk joined #salt
18:45 nielsk joined #salt
18:48 threwahway joined #salt
18:51 grendelson joined #salt
18:53 jdipierro joined #salt
18:57 pipps joined #salt
18:58 grendelson How do I exclude a few machines from EVER getting a single formula (I have a grain I can exclude on ) but if someone accidentally runs a highstate against all machines then the openssh.config will go to default and break my SFTP servers....
18:58 stanchan joined #salt
18:59 XenophonF push the correct SSH/SFTP command to the minions in question?
18:59 grendelson basically I wish the openssh.config formula left alone options I set ( for sftp ) and only changed those I added to the pillar.
18:59 grendelson but since it can't can I mke sure that openssh.config NEVER runs against thes sftp machines?
19:01 grendelson XenophonF: I'm at cross-purposes I know - I want a more Standard sshd_config file with variables standard across servers ( no root logine etc) but the sftp server have a lot of custom edits to allow SFTP CHROOT to work - I don't want to break those...
19:02 grendelson For now I'm using "and not G@role:ftp" to ignore those machines - but a type or leaving that out and running '*' state.apply will cause all these machines to get default settings...
19:02 XenophonF either manage all of the configs or none of them
19:02 XenophonF otherwise you're in kludge city
19:02 grendelson I'm hoping there is a way to add a "ignore openssh.config" to the minion file or the like?
19:03 XenophonF what kind of edits do you need to make to the config that the official openssh-formula can't accomodate?
19:03 grendelson XenophonF: Yeah that's what I was thinking - I'll have to have an pillar file with the WHOLE sshd_config file JUST for these 3 servers I guess.
19:04 XenophonF well, yeah, you sometimes have to override your default config
19:04 grendelson XenophonF: i Have chroot changes and custom home dir etc.  It might be able to accomodate these changes but it would have to be specific to each machine
19:05 grendelson OK I'll try to extrapolate the "unique" bits and add them to the pillar file for those hostnames only.  I wold have prefered that the client just KNOWS to ignore any attempt to run openssh.config on it....
19:12 major joined #salt
19:15 pipps joined #salt
19:30 jdipierro joined #salt
19:31 gruvglide joined #salt
19:33 pipps joined #salt
19:33 nixjdm joined #salt
19:34 Brew joined #salt
19:36 stanchan joined #salt
19:37 ahrs joined #salt
19:45 johnj_ joined #salt
19:54 pcdummy joined #salt
19:54 pcdummy joined #salt
19:59 fatal_exception joined #salt
20:02 ChubYann joined #salt
20:25 cyborg-one joined #salt
20:28 jessebye joined #salt
20:28 drags joined #salt
20:33 nixjdm joined #salt
20:35 pipps joined #salt
20:45 pipps joined #salt
20:47 johnj_ joined #salt
20:54 pipps joined #salt
21:01 oida joined #salt
21:03 onlyanegg joined #salt
21:06 hatifnatt left #salt
21:06 hatifnatt joined #salt
21:08 hatifnatt joined #salt
21:09 stanchan joined #salt
21:10 mechleg anyone have advanced knowledge of running pkgrepo.managed for YUM repositories?  specifically I am attempting to have salt remove a line in the existing repo, according to this documentation it should be as easy as defining a blank key: https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.yumpkg.html  but I am finding that it instead makes the value of the key equal to "None"
21:10 mechleg want to see if i am missing something before filing a bug
21:11 jdipierro joined #salt
21:14 hatifnatt Hello, it looks like file.recurse doesn't honor 'mode: keep' while executed via salt-ssh?
21:14 hatifnatt I can't find any related bug report on github, but I hardly believe that nobody doesn't experienced that problem.
21:15 eseyman joined #salt
21:15 ipmb joined #salt
21:16 omie888777 joined #salt
21:33 nixjdm joined #salt
21:39 pipps joined #salt
21:43 iggy it wouldn't surprise me tbh
21:44 iggy and unless salt-ssh has gotten better about knowing what files to send across, I'm surprised file.recurse does much of anything at all
21:46 Edgan iggy: never had an issue with file.recurse
21:46 sh123124213 joined #salt
21:48 johnj_ joined #salt
21:48 major anyone have any experience using the lxd formula and module?
21:52 nielsk joined #salt
21:57 stanchan joined #salt
22:05 Edgan hatifnatt: The docs explicitly mention this.
22:05 Edgan hatifnatt: keep does not work with salt-ssh.
22:05 Edgan As a consequence of how the files are transferred to the minion, and the inability to connect back to the master with salt-ssh, salt is unable to stat the file as it exists on the fileserver and thus cannot mirror the mode on the salt-ssh minion
22:06 Edgan hatifnatt: I am working on a alternative form of salt-ssh which will start up a salt-master locally, ship over the salt-minion code, setup ssh tunnels for the minion to talk about to the master. Then most of the salt-ssh-isms will go away.
22:07 hatifnatt Edgan: thanks, did not pay attention to this remark
22:09 onlyanegg joined #salt
22:11 nielsk joined #salt
22:13 nielsk joined #salt
22:14 mavhq joined #salt
22:33 nixjdm joined #salt
22:33 onlyanegg joined #salt
22:35 stanchan joined #salt
22:36 oida joined #salt
22:49 johnj_ joined #salt
22:50 Oida joined #salt
22:51 torontoy1s joined #salt
23:14 RandyT joined #salt
23:17 stanchan joined #salt
23:31 johnj_ joined #salt
23:41 RandyT Heyo, anybody home?
23:42 RandyT Curious if anyone has any thoughts about Terraform and masterless salt provisioning?
23:43 RandyT Been using salt for a few years now and am starting a new project. Looking to see where everyone is leaning for AWS provisioning. Appreciate any feedback
23:44 Edgan RandyT: I don't like terraform, but it is very feature complete when it comes to AWS services.
23:44 Edgan RandyT: Salt is working on rewriting salt-cloud to be closer to terraform
23:45 Edgan RandyT: Personally I wrote my own command with boto3 to read yaml files and do all the right things.
23:46 RandyT Edgan: I've played a bit with Terraform and I must say it is a bit of a black box to me right now..
23:46 whytewolf in the meantime. there is the boto_* salt modules and states that a lot of people use for aws provisioning.
23:46 RandyT maybe the light just hasn't come on
23:46 Edgan RandyT: It has a I want to completely rule your AWS account and I don't like it when someone does something manually mindset
23:46 RandyT Greetings whytewolf ...
23:46 whytewolf greetings
23:47 RandyT Edgan: it is nice and consistent though..
23:47 RandyT but I get that it is kind of either or...
23:47 Edgan RandyT: It also breaks compatibility randomly. It also has weird language quirks where you would say obviously I should be able to loop this list of subnets instead of statically defining them. It is like nope, no loop for you.
23:48 whytewolf https://blog.ryandlane.com/2014/08/26/saltstack-masterless-bootstrapping/ here is a blog post that Ryan_Lane wrote about the very thing you are talking about.
23:48 RandyT yes, I've noticed the breaking back features in just the little bit of time I have spent trying to learn it
23:49 RandyT whytewolf: yes, have studied Ryan_Lane 's work in the past and looked longingly at going that route...
23:49 RandyT trying to figure out the provisioning piece of that puzzle...
23:49 Edgan I look forward to the end result of the salt-cloud rewrite, but I found the boto modules and states meh as is
23:50 iggy if you are only targetting AWS, why not use cloudformation (or just skip that and go to containers managed by AWS)
23:51 Edgan iggy: cloudformation, Barf!
23:51 RandyT iggy: trying not to drink the whole pitcher of koolaid...
23:52 RandyT would be nice to have flexibility to move to other cloud provider if needed/able
23:52 Edgan iggy: it has a clunky mindset. You say make me three instances, number two doesn't come up right, and it kills all three or hangs.
23:55 RandyT thanks for the feedback.. will reread Ryan_Lane 's post and figure out where to go next
23:58 torontoy1s joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary