Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2017-10-13

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:15 dxiri_ joined #salt
00:21 major okay.. someone remind me .. how do I grab the minions fqdn in the pillar.. feel like I am failing the salt mine
00:23 whytewolf grains['fqdn']
00:33 zerocool_ joined #salt
00:36 major joined #salt
00:52 aneeshusa joined #salt
00:56 sh123124213 joined #salt
01:04 _aeris_ joined #salt
01:15 dxiri joined #salt
01:17 dxiri joined #salt
01:33 major whytewolf, thought that in pillar data that would expand to the master's fqdn
01:41 whytewolf nope
01:54 whytewolf https://gist.github.com/whytewolf/f329269d59a92fb93a631fb740a2df15
01:55 ilbot3 joined #salt
01:55 Topic for #salt is now Welcome to #salt! <+> Latest Versions: 2016.11.8, 2017.7.2 <+> Support: https://www.saltstack.com/support/ <+> Logs: http://irclog.perlgeek.de/salt/ <+> Paste: https://gist.github.com/ <+> See also: #salt-devel, #salt-offtopic <+> We are volunteers and may not have immediate answers
02:15 zerocool_ joined #salt
02:16 zerocoolback joined #salt
02:17 k_sze[work] joined #salt
02:21 dankolbrs joined #salt
02:22 McNinja joined #salt
02:40 aharvey joined #salt
02:44 aharvey joined #salt
02:49 aharvey joined #salt
02:55 ahrs joined #salt
03:02 major joined #salt
03:10 cyborg-one joined #salt
03:17 Aikar joined #salt
03:28 sh123124213 joined #salt
03:32 evle2 joined #salt
04:27 onlyanegg joined #salt
04:27 summers major: you want to write that to a pillar and do
04:27 summers mygpgdvar: |
04:27 summers ---- GPG CIPHERTEXT ---
04:28 summers that is how you do multiline strings in a var
04:28 summers then you can pull that into your sls or whatever using the pillar.get, aye
04:29 summers {% set decryptedvar = salt['pillar.get']('mygpgdvar', 'default string I guess') %}
04:29 summers or just {{ salt['pillar.get']('mygpgdvar', 'default string I guess') }}
04:30 summers you will have to add the #!jinja|yaml|gpg to the top of the pillar file that has gpg-encrypted data so the render pipe thing works
04:30 summers I just put that in every pillar file when I create it
04:30 summers but then I gpg a bunch of junk in pillars
04:30 summers handy
04:31 summers watch out though, with gnupg >=2.1.18 the secmem pool is somewhat small so if you have to decrypt a bunch of stuff and you have high concurrency you can break GPG
04:31 summers I carry a patch for this problem, but it's not upstreamed
04:32 summers -   SECMEM_BUFFER_SIZE=65536
04:32 summers +   SECMEM_BUFFER_SIZE=1048576
04:32 summers in configure
04:32 summers rebuild that thing
04:37 Oida joined #salt
04:37 gnomethrower joined #salt
04:43 beardedeagle joined #salt
04:52 ChubYann joined #salt
05:01 zerocoolback joined #salt
05:15 zerocoolback joined #salt
05:18 Bock joined #salt
05:31 felskrone joined #salt
05:32 sh123124213 joined #salt
05:41 icebal joined #salt
05:47 onlyanegg joined #salt
06:01 A_Person__ joined #salt
06:07 schasi joined #salt
06:17 zerocoolback joined #salt
06:32 aldevar joined #salt
06:44 toofer joined #salt
06:58 nku joined #salt
07:05 obitech joined #salt
07:12 Hybrid joined #salt
07:13 Ricardo1000 joined #salt
07:14 Tucky joined #salt
07:24 netcho joined #salt
07:27 LaProvokatrice joined #salt
07:30 usernkey joined #salt
07:34 LaProvokatrice Hi, I am trying out salt-ssh. in /etc/salt/master I have roster_defaults, but the variables defined there are  not used. Can anybody tell me why?
07:34 schasi joined #salt
07:43 jhauser joined #salt
07:48 onlyanegg joined #salt
07:49 mike25de joined #salt
07:49 * mike25de hi all
07:50 mike25de do you guys now if is possible to pause or delay ... somehow the execution of a state until a tcp connectio is open on a minion ?
07:52 pbandark joined #salt
07:58 DanyC joined #salt
07:58 nku mike25de: in docker i use wait-for-it.sh for that
07:59 nku you could put it inside a cmd.run or somesuch, though i imagine a reactor could also be used
08:04 KennethWilke joined #salt
08:07 mike25de nku: thanks
08:08 Kira joined #salt
08:11 CrummyGummy joined #salt
08:15 obitech mike25de I usually use cmd.run with sleep
08:17 Rumbles joined #salt
08:26 _KaszpiR_ joined #salt
08:27 DanyC joined #salt
08:30 mike25de obitech: do you have an example...?
08:30 mike25de much appreciated
08:32 obitech mike25de https://gist.github.com/obitech/be2898b1103effb0f5b641dc185cd703
08:32 obitech if you want to apply it via cmd line you can do salt '*' cmd.run 'sleep 5'
08:33 mike25de obitech: aaah now i got what you mean :)
08:33 mike25de thanks
08:33 obitech no worries!
08:33 mavhq joined #salt
08:58 Trauma joined #salt
09:18 omie888777 joined #salt
09:29 CrummyGummy joined #salt
09:32 cyteen joined #salt
09:33 mavhq joined #salt
09:40 av_ joined #salt
09:48 colegatron joined #salt
09:49 onlyanegg joined #salt
09:54 zerocoolback joined #salt
10:19 miruoy joined #salt
10:35 netcho joined #salt
10:35 netcho joined #salt
10:49 salty joined #salt
10:51 salty left #salt
10:52 saltyies joined #salt
10:54 saltyies Hi, i want to call an event on the master! Everytime if a key is accepted, i want to create a pillar file on the master. but it failed! I google that issue and i found an tut, but nothing happend! i cant create a file .. only to copy one. Here is my code: https://pastebin.com/L9dg49DM  perhaps someone can help me
10:58 babilen https://pastebin.com/raw/L9dg49DM -- less eye cancer inducing than the horror that is pastebin.com
11:18 Naresh joined #salt
11:30 pbandark hi.. i have found one issue which i have fixed. in the same function, i have added new option. so should i push both in the same issue/PR. or should i crete different issues and PR ?
11:35 Neighbour babilen: Do you know how I can get the current running salt-master to do something? salt-run seems to start a new master instance
11:44 hammer065 joined #salt
11:49 onlyanegg joined #salt
11:52 WKNiGHT_ joined #salt
11:56 XenophonF pbandark: I'd create two separate PRs.
11:57 XenophonF Neighbour: doesn't salt-run interact with the running salt-master service?
11:57 XenophonF e.g., salt-run fileserver.update tells the daemon to refresh the file server (e.g., gitfs)
11:59 XenophonF major: I came up with this scheme for managing GPG-encrypted data in Pillars - https://www.reddit.com/r/saltstack/comments/6py6a0/emacs_epafile_import_text_gpg_renderer/
12:01 XenophonF summers: that might be of interest to you, too
12:02 pbandark XenophonF: ok
12:04 WKNiGHT_ joined #salt
12:05 Neighbour XenophonF: pillar.file_tree now also allows templated rendering (which includes yaml|jinja|gpg)
12:06 saltyies hey, i have another question: is it possible to create a task from one minion to another? example: i start an sls for minion A and if some conditions are true, then on minion B i will start another sls. Is it possible with events ?
12:06 WKNiGHT_ joined #salt
12:06 WKNiGHT_ joined #salt
12:07 mchlumsky joined #salt
12:07 Nahual joined #salt
12:10 marcux joined #salt
12:22 babilen saltyies: That would be possible with events, yes
12:23 babilen XenophonF: How do you deal with many secrets in that scheme? It'll get old pretty damn fast if you have to have a file per password
12:26 babilen And are you aware of https://www.gnu.org/software/emacs/manual/html_mono/epa.html#index-epa_002ddecrypt_002dregion-8 -- Maybe it's not too tricky to adapt that for decrypting/encrypting all regions :-/
12:27 saltyies babilen: yes it works .. but not all :) i try differents local.states. But there is an example. the first one works, but not the second one: https://pastebin.com/raw/Zwr2TcMe
12:27 saltyies perhaps you know why ?!
12:28 babilen What happens instead?
12:28 saltyies the 2nd one: file is created, but no content
12:28 babilen And shouldn't that be "contents" rather than "content" ?
12:29 saltyies nope :) i try it with contents. some result
12:30 edrocks joined #salt
12:31 babilen file.managed takes "contents" not "content"
12:31 saltyies sry, was my mistake. it use contents on write it into the file
12:31 babilen So it works with "contents" ?
12:31 saltyies yes
12:32 babilen Great
12:32 babilen As expected :)
12:33 saltyies thx :) my brain is lost in the nowhere :)
12:35 tom[] how to debug Minion did not return. [No response] ?
12:35 nku tom[]: check if it's still running
12:36 tom[] doh!
12:36 tom[] well, at least look in its journal
12:42 pbandark when i try to push the commit to the branch. it fails with an error "remote: Permission to saltstack/salt.git denied to <user>". the steps i followed are: 1. cloned the salt repo. 2. created branch( git checkout -b <branch namne> remotes/origin/2017.7)   3. made changes  4. added file 5. commit 6.  git push -u  origin <branch name>
12:42 XenophonF babilen: I have Pillars where I have maybe ~10 or so secrets.
12:42 tom[] odd. the minion was running. but it had logged for "Command '['lvdisplay', ..." stderr:   Failed to find logical volume. but lvs showed it was there. restart the minion and the problem clears
12:42 tom[] is that a caching issue?
12:42 XenophonF Encrypt/decrypt region works great except I can't get re-indentation to work right.
12:43 babilen XenophonF: Right ... I should get vault running :)
12:43 XenophonF I think having the secrets in variables makes the Pillar SLS files easier to read, too.
12:43 XenophonF Haha same here!
12:43 babilen XenophonF: No, sure, but I'm struggling either way and had hoped for a nice approach
12:44 babilen I like yours (combines well with emacs at least), but it just doesn't scale enough
12:44 XenophonF yeah
12:44 babilen And I feel that I've reached the limits
12:44 XenophonF my big problem is that I have to explain it to a bunch of people who don't know Unix
12:45 XenophonF Vault really is the better answer though.
12:45 babilen I know
12:45 babilen I think I should just do it .. I'll be happy afterwards and the world is a better place
12:47 gh34 joined #salt
12:48 _JZ_ joined #salt
12:49 XenophonF I want to wire Let's Encrypt up to Vault, too.
12:50 babilen So automatic commits into vault?
12:50 XenophonF And use event.fire to kick off keymat deployments.
12:50 XenophonF Yeah, using dns01 validation.
12:51 babilen Yeah, I need that too .. I have a setup where certs are distributed to other nodes behind a LB via lsyncd and the services reloaded via reactors
12:51 babilen I currently use a beacon to monitor the cert file and trigger on that .. could also have hooked up an event.fire in the hook script
12:51 babilen (use dehydrated)
12:52 XenophonF gotcha
12:52 XenophonF in my scenario I want to issue LE certs to non-internet facing stuff like database servers and domain controllers
12:52 saltyies i have a last question to my event with the creating file. I want to write information from Minion A as pillar the master. i cant write the file with data. but it filled with the data from the target server. Can i get more information if i have the data['id'] <-- like salt.get_grans_from_id(data['id'])
12:52 babilen It's working pretty nice and its wonderful that - at least in that setup - cert changes are not a problem anymore
12:52 XenophonF i want this year to be the last one in which i buy ssl certs
12:53 babilen XenophonF: Good call
12:53 babilen How do you deal with the DNS ?
12:54 XenophonF well certbot supports DNS validation and has support for a bunch of DNS hosts e.g., Route 53
12:55 XenophonF and my internal domains are all valid (registered) DNS domains
12:55 babilen https://github.com/lukas2511/dehydrated/wiki/Examples-for-DNS-01-hooks .. that's .. yay
12:55 XenophonF so in theory I can publish the validation records publicly
12:55 babilen Same position here ...
12:56 babilen Hmm, I like that
12:56 pbandark to push the bug fix, we should use main release branch right ? for ex. currently its "remotes/origin/2017.7"
12:57 XenophonF I think I have to write a deployment plugin (or whatever they're called) for certbot to store the keymat in Vault.
12:58 cyteen joined #salt
12:58 babilen XenophonF: One thing I don't like about letsencrypt is that it is quite tricky to test things locally though .. how do you approach that?
12:58 XenophonF my home network is set up like a SMB
12:58 babilen XenophonF: https://github.com/ttalle/dehydrated-vault-hook :)
12:59 babilen Sure something like that exists for certbot also
13:02 XenophonF neat
13:02 XenophonF certbot doesn't have a vault deployment plugin... yet :)
13:02 XenophonF actually I'm kind of stuck on the DNS validation bits
13:03 XenophonF my domains are currently hosted at Gandi
13:03 XenophonF so I wrote a dns validation plugin for their XML-RPC API
13:03 XenophonF and it works except I need to write the unit test still
13:03 XenophonF but now Gandi's released a new REST API called LiveDNS
13:04 XenophonF and it's like a million times better than the old one, but I'd have to rewrite my plugin
13:04 babilen Yeah, Gandi had many changes recently
13:04 XenophonF so I'm debating whether to finish the existing plugin, writing a new plugin, or migrating to a supported DNS host
13:04 babilen (their new UI, DNS, ....)
13:04 philpep joined #salt
13:04 XenophonF yeah
13:05 XenophonF I've already upgraded my account, so I could use LiveDNS
13:05 XenophonF I'm just not sure what's a better use of my time - a LiveDNS plugin for certbot or migrating to Route 53 or bind (hosted myself)
13:06 XenophonF once that's done I can continue working on my planned certbot/Salt Pillars integration
13:06 XenophonF and once that's done I can start playing with Vault
13:07 babilen We're hosting pdns ourselves ... route 53 costs money (obviously) which is not acceptable for us
13:07 XenophonF true but it's _really_ cheap
13:07 XenophonF so is Google Cloud DNS
13:07 philpep hi, is it possible to run a state within a state ? Eg. I want to run the equivalent of 'salt-call state.sls mystate pillar='{"foo": "bar"}' but within a sls file.
13:08 XenophonF philpep: you shouldn't do that
13:08 XenophonF that's hack city
13:08 XenophonF if you want one state to return data to another, maybe use Salt Mine?
13:09 XenophonF and the Salt Orchestrate runner
13:09 babilen XenophonF: I know, but it adds up ... colleague mentioned ~ £500 for some setups which is a bit much (haven't checked and don't really know)
13:09 XenophonF true
13:09 philpep I known this is weird, but it's quite équivalent to 'include:' but with custom pillar
13:10 noobiedubie joined #salt
13:11 XenophonF I used to run named (from like v4 to v8), so I'm leaning toward self-hosting again.
13:12 XenophonF bind-formula looks pretty good, actually!
13:13 XenophonF a lot's changed since v8.4 so i need to re-read the bind admin docs
13:15 skeezix-hf joined #salt
13:18 ouemt joined #salt
13:19 wavded joined #salt
13:19 wavded joined #salt
13:27 beardedeagle joined #salt
13:31 XenophonF I have *got* to get this SaltReqTimeoutError exceptions resolved.
13:33 XenophonF and no love from the mailing list
13:34 XenophonF anyone else here running a Salt Master in AWS?
13:35 Neighbour XenophonF: I do
13:35 XenophonF are your minions only in AWS or do you have some outside of AWS?
13:36 Neighbour minions are only in AWS
13:36 XenophonF hm
13:36 XenophonF I've got minions in African/Asian datacenters, and I can't send jobs to them from the master.
13:36 Neighbour philpep: there is no direct equivalent, but with salt.state (from orchestrations) you can specify the pillar
13:36 XenophonF but if i run salt-call on those minions locally, it works
13:37 XenophonF well, it works sometimes
13:37 Neighbour XenophonF: Check the firewall settings, see if the salt tcp ports are opened properly
13:37 XenophonF 4505 and 4506, right?
13:37 Neighbour (note, AWS requires you to explicitly allow incoming connections as well)
13:38 Neighbour yes
13:39 Neighbour connections are initiated on the minion, so you should have the salt-master accept incoming connections, and allow the minions outgoing connections
13:40 XenophonF the right ports are open
13:41 saltyies {% set info = salt['grains.get'](data['id'], 'fqdn') %} <-- is this possible to use this to get information about an other minion in my sls-file ?
13:43 Neighbour saltyies: No, use the salt mine for that
13:46 tom[] how can i control the changed status of a mysql_query.run state depending on the 'rows affected' in the output?
13:46 Neighbour XenophonF: Also on the receiving end? You will need to specify the CIDR-netmask for minions on the internet in the AWS security group that your salt master is in
13:50 onlyanegg joined #salt
13:52 saltyies Neighbour: i dont want to save data from the minion to the master. i want only request information about another minion with a special id.
13:56 skatz joined #salt
13:58 Brew joined #salt
13:58 edrocks joined #salt
14:05 sh123124213 joined #salt
14:06 racooper joined #salt
14:07 Neighbour saltyies: AFAIK it's not possible to, on minion A, get information directly from minion B. You will have to go through the master (with the salt mine)
14:09 saltyies okay, is that possible to add arguments on the event: salt/key ?!
14:11 babilen arguments?
14:12 babilen What are you trying to do?
14:13 saltyies if i call a custom event, i can add kwargs to this event. so i can send data from minion a to b. but i need some data, like ip-address, from minion a at minion b
14:14 babilen That's way to XY .. what are you trying to do at all?
14:15 saltyies https://pastebin.com/raw/NrmCWmYF <-- this is my sls if salt/key is called! all information with {{ grains... have to fill with data from the eventcreator
14:15 nixjdm joined #salt
14:17 babilen Write a state that gets this information from the salt mine, trigger a mine run on the new minion and then call the "manage_minion_pillars" state on the master (either with a specific ID in mind that you pass as inline pillar or refresh all pillars for all minions in the mine (quite slow and O(n))
14:17 babilen I'd go the inline_pillar (for minion id) and state SLS route
14:18 peters-tx joined #salt
14:18 babilen But why do you need that data in pillars at all?
14:18 babilen The mine is exactly for these situations and will already be kept up-to-date *and* is queryable by other minions also
14:19 babilen It feels a bit redundant
14:19 babilen (hence my question: what are you trying to do :)
14:19 saltyies i want initial if a new minion is accepted, to write some data as pillar in the master. And later i will change the pillars (example: change the hostname) and then my script will change the hostna,e
14:21 babilen So you have a cloud-init type post-provisioning script that sets the hostname to whatever you *really* want it to be?>
14:24 saltyies yes, but my script will check the information from the pillar and the grains. if they are different it change to hostname ... But thats not my problem. The main problem is so save grains(on minion) as pillar (at the master) if i accept a new client
14:24 numkem joined #salt
14:25 saltyies perhaps its the wrong decision to make it in that way ...
14:26 cgiroua joined #salt
14:27 babilen Can't you set the hostname correctly right away? Or not care about hostnames and add additional DNS records?
14:27 babilen (see above for pillar generation with reactors and salt-mine)
14:28 babilen You'd run orchestration from the reactor to update the mine with new information and then trigger the state run on the master
14:30 XenophonF Neighbour: my salt master is open to the world
14:30 Neighbour XenophonF: Ok, and are the minions allowed outgoing traffic on ports 4505 and 4506?
14:30 XenophonF tcpdump seems to think things are chatting back and forth
14:30 XenophonF yeah they're wide open
14:31 XenophonF salt-call on the minion works
14:31 Neighbour salt-call is local right, that even works on masterless minions
14:31 Neighbour I take it `salt minion test.ping` doesn't work?
14:31 XenophonF yeah
14:31 XenophonF oh wait
14:31 XenophonF no that works
14:31 XenophonF so does cmd.run
14:31 XenophonF and file.managed
14:31 Neighbour ok, so the connection between master and minions is working properly then
14:31 XenophonF and cp.list_master
14:31 XenophonF but not state.apply!
14:32 Neighbour have you tried state.single?
14:32 XenophonF yes - that works too!
14:32 XenophonF This is driving me nuts.
14:32 Neighbour Maybe the topfile needs some attention then...since single states work, but highstate doesn't
14:33 XenophonF maybe, except state.apply from a minion works
14:33 XenophonF like, a bare state.apply, where it uses the topfile
14:34 Neighbour hmmm
14:34 Neighbour but `salt minion state.apply some_state` doesn't?
14:34 XenophonF right
14:34 XenophonF so salt-call state.apply something works
14:34 XenophonF but salt minion state.apply something doesn't
14:35 XenophonF BUT salt minion state.single etc. DOES
14:35 XenophonF crazy-making
14:35 Neighbour have you tested this with "some_state" where that state is also present in the topfile (and would be applied in case of a highstate)
14:36 XenophonF yup
14:36 XenophonF I have a state that just installs xfsdump
14:36 XenophonF i can state.single pkg.installed it, but I can't state.apply it
14:36 Neighbour hmm, are you doing something funky with returners?
14:37 XenophonF no - don't have that configured
14:37 Neighbour ok, so that's not it then :)
14:37 XenophonF oh and get this - minions in AWS work just fine
14:37 saltyies babilen: i have a different idea: is it possible to cache the grains on the master? change grains on the master and sync them down ?
14:37 XenophonF the master is in eu-west-1 (Ireland), and I have minions in the U.S. that work just fine
14:38 babilen saltyies: You can't change grains on the master, no .. grains simply reflect that current state on the minion (and really shouldn't change much)
14:38 Neighbour XenophonF: and the minion configs are the same too?
14:38 XenophonF yeah
14:38 Neighbour very weird
14:38 XenophonF same version of CentOS, same version of Salt
14:38 XenophonF definitely
14:39 XenophonF hm, I wonder if it could be firewalld
14:39 Neighbour unless it's a firewall that does DPI, I wouldn't think so...because state.single works, and execution module calls work to
14:39 Neighbour too*
14:43 bildz how can I escape a ' in jinja.  trying to work with http://jinja.pocoo.org/docs/2.9/templates/#escaping  and need this '{{'}}Group with spaces{{'}}'
14:43 babilen Grrggl, Elasticsearch ... Why do you create packages that break on every update if you have plugins?
14:44 Neighbour XenophonF: How familiar are you with salt's codebase?
14:45 XenophonF moderately
14:46 XenophonF familiar enough to have started digging through the relevant .py in the backtrace
14:46 XenophonF here is the error I'm getting
14:46 XenophonF https://gist.github.com/xenophonf/0239c76e939e2cb9ed13a6c39db09b20
14:47 Neighbour I'm trying to tackle issue 570...I got a signal handler in place in the master daemon to reload the config upon sigHUP, but I need to propagate the changed opts to the other master processes...and I don't know how :)
14:47 lordcirth_work What's the nicest way to detect whether a package is installed?
14:47 lordcirth_work In jinja, that is
14:49 Neighbour lordcirth_work: pkgutil.version  I think
14:49 lordcirth_work pkg.version, apparently, pkgutil is solaris only, lol
14:50 lordcirth_work But thanks, that works
14:50 Neighbour pkg_resource.version then
14:50 Neighbour since you will want to use an execution module, not a state module
14:52 lordcirth_work pkg is also an exec module, though a virtual
14:52 tiwula joined #salt
14:54 saltyies babilen: thanks for your help. i will use the weekend to think about it :)
14:55 zerocoolback joined #salt
14:56 XenophonF I might try to run the master under pudb or something
14:56 XenophonF or pycharm
14:56 XenophonF hate to install X and crap on a server but I don't know what else to try
14:58 zerocool_ joined #salt
14:58 skatz_ joined #salt
14:58 lordcirth_work XenophonF, don't most debugging tools have remote debug ability?
14:59 XenophonF I'll have to figure that out.
14:59 XenophonF I'm pretty sure it isn't the minion b/c I have the same problem with minions as old as 2015.5
15:00 Neighbour XenophonF: Does the master console show anything odd? (even with `-l all` if you're really desperate)
15:03 cgiroua joined #salt
15:04 ECDHE_RSA_AES256 joined #salt
15:04 edrocks joined #salt
15:08 DanyC joined #salt
15:08 nielsk joined #salt
15:14 JawnAuz joined #salt
15:15 major XenophonF, thanks .. that actually confirms the approach I was heading towards
15:16 schasi joined #salt
15:16 major though I hadn't even thought about some of the extras you added .. good stuff
15:23 XenophonF so I'm seeing TCP retransmits and duplicate ACKs at the TCP layer
15:23 XenophonF I wonder if I have a path MTU problem.
15:23 XenophonF Neighbour: I'll try that next
15:25 lordcirth_work XenophonF, I've been bit by MTU before.  It can cause all sorts of things you'd swear were unrelated.
15:26 major it even burnt my coffee once..
15:27 major or was that excess BTU's
15:28 XenophonF yeah I've ended up experiencing path MTU detection issues on trans-national links multiple times.
15:28 XenophonF huge pain to get fixed
15:30 XenophonF But I have a sneaking suspicion that it's our Meraki firewalls causing this issue.
15:33 XenophonF I dunno.  I ran state.apply successfully once, but then subsequent attempts fail.
15:34 XenophonF these retransmits or tcp resets might not mean anything
15:35 XenophonF OK, PyCharm time
15:36 onlyanegg joined #salt
15:37 XenophonF Neighbour: I ran salt minion state.apply -l all, but all it's doing is _get_event() waited 0 seconds and received nothing
15:37 Neighbour hmmm
15:38 Neighbour are you hitting any SElinux issues on your master which might explain this? (`ausearch -i | audit2why`)
15:40 XenophonF nope
15:40 XenophonF SELinux is happy (and still in enforcing/targeted mode)
15:40 XenophonF hang on going to enable trace logging in the salt master process itself
15:41 XenophonF weird that the first state.apply after restarting salt-master works
15:41 XenophonF but subsequent calls fail
15:44 XenophonF hm, i should have run that under tee
15:48 choke joined #salt
15:52 DanyC joined #salt
15:55 DanyC joined #salt
15:55 aldevar left #salt
15:57 sh123124213 joined #salt
15:57 sjorge joined #salt
15:59 colegatron joined #salt
16:00 gmoro joined #salt
16:05 choke joined #salt
16:06 Greg_ joined #salt
16:13 dxiri joined #salt
16:13 DanyC_ joined #salt
16:15 nixjdm joined #salt
16:16 choke joined #salt
16:24 fatal_exception joined #salt
16:25 schasi joined #salt
16:30 sarcasticadmin joined #salt
16:50 sh123124213 joined #salt
16:50 major joined #salt
16:54 sh123124_ joined #salt
16:56 stanchan joined #salt
17:02 Bryson joined #salt
17:05 edrocks joined #salt
17:10 stanchan joined #salt
17:13 stanchan joined #salt
17:18 rlatimore joined #salt
17:20 jcristau joined #salt
17:28 fatal_exception joined #salt
17:31 major joined #salt
17:32 motherfsck joined #salt
17:33 motherfsck Does anyone know of a jinja vim plugin that doesn't get all buggy with commented blocks?
17:33 lordcirth_work motherfsck, no but let me know if you find a good one; I haven't bothered
17:33 major hah
17:34 lordcirth_work I just have a few lines to treat *.sls as YAML syntax and expandtab tabstop=2
17:35 sarcasticadmin joined #salt
17:35 lordcirth_work If anyone's interested: https://gist.github.com/lordcirth/ad441b0aaebc0e8a7d10533e8bf5e541
17:36 motherfsck I tried looking for one a while ago.  They all seemed ot bug out on comments until you cursored to comment's closing statement.
17:36 motherfsck Hmm. this appears to work at first glance
17:36 motherfsck https://github.com/Glench/Vim-Jinja2-Syntax
17:37 motherfsck I'll follow up if it winds up sucking.
17:37 sh123124213 joined #salt
17:42 lordcirth_work What I'd really like is a system where it could recognize both the underlying filetype and the jinja on top of it, like Jinja + YAML or Jinja + Apache conf
17:45 onlyanegg joined #salt
17:47 Cottser joined #salt
17:53 wavded joined #salt
17:59 sarlalian joined #salt
18:06 _KaszpiR_ joined #salt
18:07 druonysus joined #salt
18:10 beardedeagle joined #salt
18:19 flatnet joined #salt
18:20 khaije1 joined #salt
18:21 r0llerd3rby joined #salt
18:21 onlyanegg joined #salt
18:24 mavhq joined #salt
18:25 edrocks joined #salt
18:29 nixjdm joined #salt
18:31 nixjdm_ joined #salt
18:33 wavded joined #salt
18:35 wavded joined #salt
18:36 tongpu joined #salt
18:54 tduerr joined #salt
18:58 numkem joined #salt
18:59 ouemt joined #salt
19:02 Naresh joined #salt
19:10 ChubYann joined #salt
19:22 ouemt where does bootstrap-salt.sh get the minion-id?
19:24 XenophonF lordcirth_work: emacs had a salt-mode package like that, based on yaml-mode and mmm-mode, but it suuuuucked
19:24 XenophonF I just stick with YAML and indent the Jinja manually
19:25 XenophonF and nowadays I only indent within the {% %} blocks, not the blocks themselves
19:28 jojoreference joined #salt
19:28 omie888777 joined #salt
19:28 cyborg-one joined #salt
19:28 jojoreference hello
19:28 XenophonF greetings, fellow human!
19:29 jojoreference How are you today "XenophonF"
19:30 XenophonF My status indicators are all nominal, "jojoreference"!
19:30 jojoreference Is that a jojo reference?
19:30 XenophonF no but this is drink here is a joja reference!
19:31 XenophonF so what's up?
19:31 jojoreference Should I do linux from scratch?
19:31 XenophonF you wouldn't happen to know anything about SaltReqTimeoutError exceptions, woudl you?
19:32 stanchan joined #salt
19:32 XenophonF yes, you definitely should
19:32 XenophonF great learning experience
19:33 XenophonF while you're at it, compare/contrast with building one of the BSDs from source
19:37 XenophonF Neighbour: nothing that looks like the reason for the SaltReqTimeoutError messages in the salt-master trace log
19:37 lordcirth_work Also, compare and contrast with Gentoo :P
19:37 XenophonF oh yeah!
19:37 jojoreference I've already done gentoo
19:37 jojoreference it wasfun
19:37 jojoreference *fun
19:38 jojoreference My friend said it was a lot more work for LFS so I settled for gentoo before
19:39 Neighbour It gets weirder and weirder then
19:39 jojoreference Also, do you know what distro I should use if i decide to do LFS?
19:39 XenophonF Neighbour: in fact the SaltReqTimeoutError gets bassed back to the master from the minion over the event bus
19:39 XenophonF so I'm going to trace the minion next
19:40 stanchan joined #salt
19:40 jojoreference What do you want stanchan
19:40 jojoreference ?
19:42 XenophonF jojoreference: am looking over http://www.linuxfromscratch.org/lfs/view/stable/chapter02/hostreqs.html
19:43 XenophonF looks like any reasonably modern linux will work
19:43 demize ouemt: It doesn't get it, unless you specify one.
19:43 ouemt demize: I found the answer, it is autodetermined by one of the setup scripts first by calling python.getfqdn() then checking the hostname and hosts files
19:44 ouemt it was returning a misspelled hostname for one of my machines which looks like it came from a typo in a PTR record on the DNS server
19:44 demize salt-minion defaults to that when one is not configured, yes.  That's not what you asked though :p
19:45 ouemt fair enough
19:45 demize But yeah, it's a tad annoying that it uses getfqdn rather than the locally configured hostname by default, but such is life.
19:46 omie88877777 joined #salt
19:46 nixjdm_ joined #salt
19:47 rburkholder joined #salt
19:56 stanchan joined #salt
20:01 ibro joined #salt
20:06 GMAzrael joined #salt
20:07 stanchan joined #salt
20:07 __peke__ joined #salt
20:10 masber joined #salt
20:15 XenophonF Neighbour: here we go - the minion reports "Inserted key into loop_instance_map..." and then throws the SaltReqTimeoutError
20:16 XenophonF I'd better scan the recent change logs.
20:16 XenophonF I wonder if there's a transport or crypto-level thing that's changed since 2016.3
20:17 Neighbour Ah good that you found something :)
20:17 XenophonF maybe
20:17 XenophonF I at least know where the source of the error is.
20:17 XenophonF and thanks for bouncing ideas around earlier - really appreciate it!
20:17 Neighbour np :)
20:18 Neighbour Though this is one of the trickier errors I've seen or heard about :)
20:20 XenophonF it's just my luck
20:21 XenophonF I'm still not sure I understand why, but at least I'm closer to the source of the error.
20:24 aldevar joined #salt
20:24 schasi joined #salt
20:26 stanchan joined #salt
20:26 XenophonF odd that the error's coming from Tornado
20:26 wavded joined #salt
20:27 DammitJim joined #salt
20:28 XenophonF wait - this is even weirder - Salt's installed under /usr/lib/python2.7/site-packages
20:28 XenophonF but Tornado's installed under /usr/lib64/python2.7/site-packages
20:28 XenophonF CentOS Linux 7.4 btw, on both the master and minion
20:29 XenophonF nothing in ausearch -i | audit2why
20:31 XenophonF this backtrace is weird
20:32 XenophonF I think the actual error happens in salt/transport/zeromq.py
20:32 XenophonF in _crypted_transfer
20:34 rockey joined #salt
20:35 XenophonF i've tried setting ping_interval, random_startup_delay, and return_retry_timer_max each to 300, and I've set zmq_monitor to True
20:36 aldevar joined #salt
20:41 edrocks joined #salt
20:43 stanchan joined #salt
20:45 XenophonF but no ZeroMQ events get logged
20:46 nixjdm_ joined #salt
20:56 stanchan joined #salt
20:57 Sarph joined #salt
21:01 Sarphram joined #salt
21:02 Rumbles joined #salt
21:04 stewgoin joined #salt
21:05 edrocks joined #salt
21:15 Neighbour XenophonF: There are two calls in utils.async, just after filelist.client...I think you could spam some debugcode in there to see how things are going
21:27 jrklein joined #salt
21:31 jrklein joined #salt
21:36 zulutango joined #salt
22:18 major XenophonF, bah .. I lost that URL for the dealing with gpg secrets in the pillar
22:20 icebal joined #salt
22:34 icebal- joined #salt
22:39 Neighbour major: If you add #!yaml|gpg at the top of your pillar files, you can use encrypted gpg-blocks in your pillar values, and they'll be decrypted on the fly: https://docs.saltstack.com/en/latest/ref/renderers/all/salt.renderers.gpg.html
22:46 major Neighbour, yah, I know
22:46 major its the using the data as a variable that XenophonF had a good example of
22:46 icebal joined #salt
22:47 major including having some goodies I hadn't thought of
22:47 cgiroua joined #salt
22:51 Neighbour major: You mean https://www.reddit.com/r/saltstack/comments/6py6a0/emacs_epafile_import_text_gpg_renderer/ ?
22:52 * Neighbour has a really long backlog :0
22:52 major lol
22:52 major my backlog was reset earlier today :(
22:52 major thanks :)
22:53 Neighbour np
22:55 DEger joined #salt
22:56 major I was doing something more like:
22:56 major include:
22:56 major - .a-secret
22:56 major {% set a_secret = salt['pillar.get']('a-secret') -%}
22:59 major wondering if import_text lets you use the relative notation that include supports
23:00 major {% import_text ".a-secret.gpg" as a_secret -%}
23:02 snc joined #salt
23:09 icebal joined #salt
23:26 babilen joined #salt
23:27 stankmack joined #salt
23:28 icebal joined #salt
23:28 ntropy joined #salt
23:28 major joined #salt
23:29 major joined #salt
23:30 ujjain joined #salt
23:30 ujjain joined #salt
23:42 _aeris_ joined #salt
23:49 icebal joined #salt
23:53 Guest66150 joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary