| Time |
Nick |
Message |
| 00:00 |
|
saltslackbridge joined #salt |
| 00:01 |
|
alexlist joined #salt |
| 00:06 |
|
aCodinMa_ joined #salt |
| 00:08 |
|
aCodinMan joined #salt |
| 00:10 |
|
aCodinMa_ joined #salt |
| 00:13 |
|
cro joined #salt |
| 00:18 |
|
ponyofdeath joined #salt |
| 00:22 |
|
tracphil joined #salt |
| 00:22 |
|
pipps joined #salt |
| 00:28 |
|
ymasson joined #salt |
| 00:30 |
XenophonF |
I'm running the 0MQ and TCP transports simultaneously, and after about 24-36 hours of uptime, salt-master starts throwing this error: [salt.transport.ipc] [ERROR] Exception occurred while handling stream: 'int' object has no attribute '__getitem__' |
| 00:30 |
|
hoonetorg joined #salt |
| 00:32 |
XenophonF |
any ideas what might be causing this... or how to debug it? |
| 00:33 |
XenophonF |
I'm looking through this ATM: https://groups.google.com/forum/#!topic/salt-users/w4jw4X4fY90 |
| 00:33 |
XenophonF |
There's also this PR: https://github.com/saltstack/salt/issues/33524 |
| 00:37 |
|
stanchan joined #salt |
| 00:39 |
|
threwahway_ joined #salt |
| 00:42 |
|
tracphil joined #salt |
| 00:55 |
|
pipps joined #salt |
| 00:56 |
|
pipps joined #salt |
| 01:09 |
|
aCodinMan joined #salt |
| 01:13 |
|
aCodinMa_ joined #salt |
| 01:19 |
|
aCodinMan joined #salt |
| 01:21 |
|
hoonetorg joined #salt |
| 01:28 |
vexati0n |
is there a compelling reason to use the TCP transport? |
| 01:28 |
XenophonF |
I'm having problems with 0MQ. |
| 01:28 |
vexati0n |
like does it work better with large deployments? if so, at what size does it have an appreciable advantage? |
| 01:29 |
XenophonF |
babilen suggested it last week |
| 01:29 |
XenophonF |
I have a master in eu-west-1 that can't talk to minions in Mali, Uganda, and India. |
| 01:29 |
XenophonF |
I'm pretty sure it isn't the network. |
| 01:30 |
XenophonF |
not 100% |
| 01:30 |
vexati0n |
i used to run a deployment with ~1500 minions across the internet and it was... frustrating. |
| 01:31 |
XenophonF |
yeah |
| 01:31 |
XenophonF |
If I can't get the TCP transport stable, then I'm going to try syndic. |
| 01:31 |
XenophonF |
or multimaster |
| 01:31 |
XenophonF |
I'm not sure how they're different, to be perfectly honest. I need to read up on it. |
| 01:31 |
vexati0n |
yeah, those introduce their own frustrations, but it helps with large deployments |
| 01:32 |
XenophonF |
I probably need to do that anyway, since I want to be able to use salt-cloud in the African and Indian data centers. |
| 01:32 |
vexati0n |
i'm waiting for upstream to fix a bug before i can start using syndic |
| 01:33 |
XenophonF |
it's super frustrating b/c my data centers in Uganda and India have really good connectivity |
| 01:33 |
vexati0n |
you're sure it isn't a national firewall or something? |
| 01:33 |
XenophonF |
the one in Uganda is on Internet2 |
| 01:33 |
XenophonF |
and the one in India is on the NKN (India's Internet2) |
| 01:33 |
XenophonF |
no - it's wide open |
| 01:34 |
XenophonF |
from the packet captures I've done, everything from the TCP layer on down looks clean |
| 01:34 |
vexati0n |
that's similar to the issues i had. half of my minions just... never connected. |
| 01:35 |
vexati0n |
or they'd connect sporadically |
| 01:35 |
|
pipps joined #salt |
| 01:35 |
XenophonF |
what's really frustrating is that sometimes they work and sometimes I get SaltReqMessageTimeoutException errors |
| 01:35 |
XenophonF |
I can call cmd.run all day long and it works. |
| 01:35 |
XenophonF |
(from the master) |
| 01:35 |
|
Shirkdog joined #salt |
| 01:35 |
XenophonF |
but I can't call state.apply ever from the master |
| 01:35 |
vexati0n |
so only some functions fail to return? |
| 01:36 |
XenophonF |
and if I run it from the minion, I have to run it multiple times to get it to work |
| 01:36 |
XenophonF |
yeah |
| 01:36 |
vexati0n |
i get that on the local network, but i blame the solaris minions |
| 01:36 |
XenophonF |
solaris? you poor bastard |
| 01:36 |
vexati0n |
yeah :| |
| 01:36 |
|
ponyofdeath joined #salt |
| 01:37 |
vexati0n |
installing the minions was bad enough, but even with that done... it's still solaris, so nothing works. |
| 01:37 |
XenophonF |
I bet. |
| 01:37 |
vexati0n |
i mean i'm sure any 25-year-old neckbeard UNIX stuff works fine |
| 01:37 |
XenophonF |
I was playing with OpenIndiana a while back and ran into similar issues with Salt. |
| 01:38 |
XenophonF |
If I was more into Illumos hacking, I'd be down for porting Salt properly. |
| 01:38 |
XenophonF |
But FreeBSD kind of occupies that niche in my life right now. |
| 01:38 |
vexati0n |
luckily i don't really have to do too much with the solaris boxes other than make sure they're still alive |
| 01:39 |
vexati0n |
at least until they decide to make me port our entire release cycle to salt |
| 01:39 |
|
nethershaw joined #salt |
| 01:41 |
XenophonF |
so I think for now I'm going to switch TCP transport off |
| 01:41 |
|
aCodinMan joined #salt |
| 01:42 |
XenophonF |
it was a fun experiment but I'm not going to restart my master every day |
| 01:42 |
|
nethershaw left #salt |
| 01:42 |
XenophonF |
it feels like a memory leak so maybe I'll put it on my to-debug-later list |
| 01:42 |
XenophonF |
and in the meantime I'm going to start reading up on syndic/multimaster |
| 01:43 |
XenophonF |
and just limp on with the current setup |
| 02:02 |
|
xet7 joined #salt |
| 02:12 |
|
nomeed joined #salt |
| 02:14 |
|
aCodinMa_ joined #salt |
| 02:19 |
|
aCodinMan joined #salt |
| 02:20 |
|
aCodinM__ joined #salt |
| 02:23 |
|
aCodinMan joined #salt |
| 02:27 |
|
threwahway joined #salt |
| 02:32 |
|
threwahway_ joined #salt |
| 02:55 |
|
ilbot3 joined #salt |
| 02:55 |
|
Topic for #salt is now Welcome to #salt! <+> Latest Versions: 2016.11.8, 2017.7.2 <+> Support: https://www.saltstack.com/support/ <+> Logs: http://irclog.perlgeek.de/salt/ <+> Paste: https://gist.github.com/ <+> See also: #salt-devel, #salt-offtopic, and https://saltstackcommunity.herokuapp.com (for slack) <+> We are volunteers and may not have immediate answers |
| 02:56 |
AssPirate |
The minion that returns the interface is the same host as the master if that makes any difference. |
| 02:57 |
whytewolf |
kdoes that file exist on all the minions? |
| 02:58 |
AssPirate |
Oh. Lol. Ok. |
| 02:58 |
whytewolf |
slsutil.renderer only works on the local filesystem |
| 02:59 |
AssPirate |
Ah. Thanks. Is there a better way to test jinja templates on all minions? |
| 03:02 |
whytewolf |
actually slsutil.renderer is pretty good. just need to cp.get_file first to get the file in a place. normally something like salt '*' cp.get_file salt://test.sls /tmp/test.sls && salt '*' saltutil.renderer /tmp/test.sls jinja |
| 03:02 |
|
onlyanegg joined #salt |
| 03:03 |
|
Larri joined #salt |
| 03:03 |
whytewolf |
there is an old module i wrote that does a simalar thing. i want to update it to use saltutil.renderer but have been way to busy. https://github.com/whytewolf/salt-debug |
| 03:08 |
AssPirate |
Cool. Thanks whytewolf |
| 03:12 |
|
ahrs joined #salt |
| 03:13 |
lkthomas |
https://github.com/saltstack-formulas/nagios-formula/blob/master/nagios/server/dynamic.sls, line 58 define service, if I want to add additional contents such as "servicegorups", do I need to hack this file or I could define on pillar data ? |
| 03:21 |
|
bigjazzsound joined #salt |
| 03:23 |
lkthomas |
how do you guys use Salt? do you abstract out the actual application configuration by using formula or you stick with basic and just copy the configuration file to minion ? |
| 03:36 |
saltslackbridge |
<scub> You would want to add another conditional to the service stanza, much as its done here: https://github.com/saltstack-formulas/nagios-formula/blob/master/nagios/server/dynamic.sls#L63-L65 |
| 03:37 |
saltslackbridge |
<scub> Then you would can provide it through pillar |
| 03:38 |
|
aCodinMan joined #salt |
| 03:39 |
saltslackbridge |
<scub> People run the full spectrum, in some places it could very well make sense to do some both |
| 03:44 |
lkthomas |
scub, I see, well on Puppet people don't hard code those condition into module (formula), they will let user define whatever they want |
| 03:51 |
|
pipps joined #salt |
| 03:54 |
|
gnomethrower joined #salt |
| 03:59 |
|
zerocoolback joined #salt |
| 04:07 |
|
onlyanegg joined #salt |
| 04:08 |
lkthomas |
does pkg.installed will auto resolve dependency on yum ? |
| 04:10 |
MTecknology |
whytewolf: heh, neat. I've never run across slsutil before. Neat. :) |
| 04:14 |
MTecknology |
lkthomas: You might learn a lot more a lot faster if you try not using formulas... then you can learn what's going on and how things fit together, and it'll probably make things make much more sense. |
| 04:18 |
|
zerocoolback joined #salt |
| 04:21 |
MTecknology |
also- yes, you can safely assume dependencies are handled, but only because you can assume yum handles them correctly. |
| 04:34 |
|
LocaMocha joined #salt |
| 04:37 |
|
aCodinMan joined #salt |
| 04:44 |
|
threwahway joined #salt |
| 04:47 |
|
onlyanegg joined #salt |
| 04:50 |
|
threwahway_ joined #salt |
| 05:26 |
|
onlyanegg joined #salt |
| 05:31 |
lkthomas |
MTecknology, yes I agree |
| 05:31 |
lkthomas |
for yum, I still don't understand why it's failed on pkg.installed but working on manual yum install |
| 05:31 |
|
aviau joined #salt |
| 05:35 |
|
pipps joined #salt |
| 05:39 |
lkthomas |
https://gist.github.com/lkthomas/01c47f7a59e7a6862b294f5400e24f97 |
| 05:39 |
lkthomas |
anyone know why this pkg.installed break ? |
| 05:40 |
lkthomas |
if I do it manually it works |
| 05:44 |
|
indistylo joined #salt |
| 05:44 |
MTecknology |
use -l debug |
| 05:46 |
MTecknology |
My guess is you're not using just pkg.installed but rather a piece from a formula that does lots of extra magic. |
| 05:50 |
lkthomas |
hmm, in fact I removed all formulas crap |
| 05:50 |
lkthomas |
interesting, if I remove fromrepo: epel, it seems work fine |
| 05:50 |
lkthomas |
let me try again |
| 05:51 |
|
robin_ joined #salt |
| 05:53 |
|
robinonline joined #salt |
| 06:02 |
|
lompik joined #salt |
| 06:10 |
|
evle1 joined #salt |
| 06:18 |
mechleg |
lkthomas: looking at the source, when you use the fromrepo option it adds this to the yum commnad: ['--disablerepo=*', '--enablerepo=' + fromrepo] so your install of nagios fails to find the required dependencies in the epel repo as they come from base most likely |
| 06:21 |
|
indistylo joined #salt |
| 06:22 |
|
pipps joined #salt |
| 06:26 |
|
indistylo joined #salt |
| 06:41 |
|
Deliant joined #salt |
| 06:52 |
|
indistylo joined #salt |
| 06:55 |
|
indistylo joined #salt |
| 06:55 |
|
aCodinMan joined #salt |
| 07:05 |
|
threwahway joined #salt |
| 07:11 |
|
onlyanegg joined #salt |
| 07:11 |
|
threwahway_ joined #salt |
| 07:12 |
|
Ricardo1000 joined #salt |
| 07:28 |
|
hoonetorg joined #salt |
| 07:29 |
|
aruns joined #salt |
| 07:30 |
|
DanyC joined #salt |
| 07:30 |
|
aldevar joined #salt |
| 07:30 |
|
Elsmorian joined #salt |
| 07:31 |
AssPirate |
Does file.append and file.managed conflict with each other? |
| 07:31 |
|
Elsmoria_ joined #salt |
| 07:32 |
|
threwahway joined #salt |
| 07:32 |
|
yuhl joined #salt |
| 07:32 |
MTecknology |
kinda |
| 07:34 |
MTecknology |
I try to avoid states that manipulate portions of files. Either manage the file, or don't. |
| 07:34 |
|
indistylo joined #salt |
| 07:38 |
|
Elsmorian joined #salt |
| 07:38 |
|
CrummyGummy joined #salt |
| 07:39 |
AssPirate |
I've got a default set of rules for the firewall, and then I want to append rules as needed. |
| 07:40 |
AssPirate |
I just tested it. file.managed returned true even after file.append so that seems fine. |
| 07:40 |
|
pipps joined #salt |
| 07:40 |
MTecknology |
in that case, you should definitely just use file.managed |
| 07:41 |
AssPirate |
Why is that? |
| 07:42 |
MTecknology |
because you're inventing magic when you could just be explicit |
| 07:42 |
AssPirate |
I'm using shorewall, so the rules file itself just looks like : ACCEPT net $FW tcp 22 # SSH |
| 07:50 |
|
cyteen joined #salt |
| 07:50 |
|
threwahway_ joined #salt |
| 07:57 |
|
hammer065 joined #salt |
| 07:58 |
|
Elsmorian joined #salt |
| 08:17 |
|
Tucky joined #salt |
| 08:17 |
|
Hybrid joined #salt |
| 08:24 |
AssPirate |
Hm. Yeah that only works if it's in the same state file. Running firewall.sls again clobbers changes made from the others. |
| 08:27 |
lkthomas |
mechleg, thanks |
| 08:29 |
AssPirate |
Is there a way to have firewall.sls track changes from other state files? Or am I way just off on implementing it like this? |
| 08:29 |
MTecknology |
way off.. |
| 08:31 |
MTecknology |
AssPirate: stop trying to come up with your own magic and do your logic making in pillar. |
| 08:35 |
|
mbologna joined #salt |
| 08:40 |
MTecknology |
There's a hidden bonus when you learn how data structures get merged. :) |
| 08:41 |
|
datamaan joined #salt |
| 08:41 |
lkthomas |
MTecknology, that's called "headache" |
| 08:42 |
MTecknology |
learning? |
| 08:42 |
|
jrenner joined #salt |
| 08:42 |
|
dodge-lint joined #salt |
| 08:49 |
|
dodge-lint joined #salt |
| 08:50 |
|
DanyC joined #salt |
| 08:51 |
|
DanyC_ joined #salt |
| 08:52 |
|
ikarpov joined #salt |
| 08:53 |
|
DanyC_ joined #salt |
| 08:55 |
|
aCodinMan joined #salt |
| 08:56 |
|
pbandark joined #salt |
| 08:57 |
|
gnomethrower joined #salt |
| 08:57 |
|
saltslackbridge joined #salt |
| 09:00 |
|
jhauser joined #salt |
| 09:11 |
|
aCodinMa_ joined #salt |
| 09:12 |
|
mattfoxxx joined #salt |
| 09:17 |
|
pualj_ joined #salt |
| 09:19 |
|
darioleidi joined #salt |
| 09:29 |
|
stanchan joined #salt |
| 09:37 |
|
Deliant joined #salt |
| 09:42 |
|
Elsmorian joined #salt |
| 09:52 |
|
Mattch joined #salt |
| 10:02 |
|
yuhl joined #salt |
| 10:05 |
|
baffle joined #salt |
| 10:05 |
|
benner joined #salt |
| 10:12 |
|
msn joined #salt |
| 10:12 |
|
mpas joined #salt |
| 10:15 |
|
oida joined #salt |
| 10:18 |
|
nocturn joined #salt |
| 10:19 |
nocturn |
Is there a way to have salt trigger an action on another host? I recently wrote an ansible handler that restarts varnish on another group of servers when apache configs change, I'd like to do similar things in salt |
| 10:21 |
MTecknology |
you could have a minion send an event up to the master and then have a reactor on the master that fires an orchestration. |
| 10:22 |
|
hoonetorg joined #salt |
| 10:23 |
nocturn |
MTecknology: thanks, googleing it now... Doesn't seem so straightforward though... |
| 10:24 |
MTecknology |
I think you can do something where minions can interact with each other, but it's a security no-no |
| 10:26 |
|
pipps joined #salt |
| 10:27 |
saltslackbridge |
<mts-salt> i beieve using the event to trigger orchestration is the preferred method |
| 10:28 |
MTecknology |
yup.. |
| 10:28 |
babilen |
nocturn: It is quite straightforward .. you just have to fire a custom event and can react to that. You could even react to the service restart itself, rather than the state that triggers it. |
| 10:28 |
MTecknology |
you could do it without orch, but that leaves you doing things in a blocking system which is never a good thing |
| 10:29 |
|
ThomasJ|d joined #salt |
| 10:29 |
|
Mogget joined #salt |
| 10:31 |
nocturn |
babilen: Ok, maybe the articles I found are overly complex... |
| 10:33 |
MTecknology |
event.fire_master, /etc/salt/master/reactor.conf reactor: <tag>: - foo.sls, $ROOT/_{reactor,orchestrate}/foo.sls |
| 10:34 |
babilen |
Pretty much ^ |
| 10:35 |
MTecknology |
https://github.com/MTecknology/saltstack-demo/tree/master/states /_{reactor,orch}/... |
| 10:36 |
nocturn |
Thanks MTecknology, whill check that out |
| 10:36 |
MTecknology |
(among other relevant file paths in there..) |
| 10:37 |
babilen |
It's obviously a bit complex to learn about the event bus, reactors, thorium, orchestration and all that for the first time around |
| 10:37 |
babilen |
Which reminds me that I should really play a bit with Thorium .. so powerful :) |
| 10:37 |
MTecknology |
I've yet to touch it or even understand what it is |
| 10:38 |
MTecknology |
https://newatlas.com/thorium-salt-reactor-experiment/51051/ |
| 10:38 |
babilen |
It is essentially a reactor with a "cache" for last events and the ability to define constraints such as "If we saw foo-event in the last 10 minutes and we now see bar-event, run quux orchestration" |
| 10:39 |
|
cyteen joined #salt |
| 10:40 |
MTecknology |
oh, shiny... |
| 10:40 |
MTecknology |
I implemented that sort of logic using sdb. |
| 10:40 |
babilen |
So .. you could define actions to be taken if, say, more than one minion has gone offline in the last 5 minutes that also had errors in its logs (and whatnow) |
| 10:41 |
MTecknology |
that's really interesting and something I now want to take a look at. |
| 10:41 |
MTecknology |
not something I have a use for, but interesting. |
| 10:41 |
MTecknology |
04:40 already, eh? |
| 10:42 |
MTecknology |
two hours ago I was convincing myself to go to sleep instead of waiting until 04:30 to see if my internet would do it's routine crash-o-clock on me, but it seems we finally fixed the problem. :D |
| 10:43 |
saltslackbridge |
<mts-salt> that's devotion that is.... |
| 10:43 |
MTecknology |
obsession... really |
| 10:44 |
babilen |
MTecknology: It is always a bad sign when you are active here *after* I had my first coffee in the morning :) |
| 10:44 |
MTecknology |
lol |
| 10:44 |
* MTecknology |
will someday harpoon his white whale. |
| 10:48 |
MTecknology |
aight, g'night ya salty salts! don't blow up that reactor while yer workin' them mines. :D |
| 10:50 |
|
Pomidora joined #salt |
| 10:52 |
babilen |
MTecknology: g'night .. sleep well |
| 10:52 |
nocturn |
MTecknology: Good night and thanks for the pointers |
| 10:56 |
|
threwahway joined #salt |
| 10:58 |
|
major joined #salt |
| 10:58 |
|
indistylo joined #salt |
| 10:59 |
|
aarontc joined #salt |
| 11:00 |
|
Deliant joined #salt |
| 11:01 |
|
cyteen joined #salt |
| 11:01 |
|
aruns joined #salt |
| 11:03 |
XenophonF |
hey babilen I had to turn off TCP last night |
| 11:04 |
babilen |
Oh, pity .. what happened? |
| 11:04 |
XenophonF |
my salt-master kept crashing with salt.transport.ipc errors that seem an awful lot like a memory leak |
| 11:04 |
|
major joined #salt |
| 11:06 |
XenophonF |
so I'm going back to the original plan of setting up syndics or multimaster or whatever it is called, and putting master replicas at each of my African/Indian data centers |
| 11:07 |
|
DanyC joined #salt |
| 11:07 |
babilen |
Fair enough |
| 11:08 |
|
esai joined #salt |
| 11:10 |
|
DanyC joined #salt |
| 11:12 |
|
cyteen joined #salt |
| 11:13 |
esai |
Hi, I have a problem I don't know what to do with. The same commands work for every other minion, but this one seems to be special. https://gist.github.com/e-s-a-i/8f0aa8b2773abb82a870730e680ee532 |
| 11:13 |
esai |
Does any of you have any insight into this error? |
| 11:15 |
saltslackbridge |
<mts-salt> do you see any more helpful errors if if you run state.apply locally on the minion? |
| 11:15 |
|
zerocoolback joined #salt |
| 11:15 |
saltslackbridge |
<mts-salt> perhaps with '-l debug' ? |
| 11:16 |
esai |
No Top file or master_tops data matches found. |
| 11:16 |
esai |
Seems to run successfully |
| 11:17 |
saltslackbridge |
<mts-salt> so the minion doesn't apply? |
| 11:18 |
esai |
My wild guess is that master can't send the files to this minion. |
| 11:18 |
saltslackbridge |
<mts-salt> silly question, test.ping succeeds, right? |
| 11:18 |
saltslackbridge |
<mts-salt> in both diretions |
| 11:19 |
esai |
how do I ping from minion to master? |
| 11:19 |
esai |
I can ping from master and I can ping locally |
| 11:20 |
saltslackbridge |
<mts-salt> on the minion you can run: salt-call test.ping |
| 11:20 |
esai |
That returns local: True |
| 11:21 |
saltslackbridge |
<mts-salt> ok, so master can contact the running minion, and the minion can contact the master |
| 11:21 |
|
Creme joined #salt |
| 11:21 |
esai |
I have more than 10 minions configured and these exact commands work fine on others. |
| 11:22 |
saltslackbridge |
<mts-salt> how about: salt-call state.show_top |
| 11:24 |
esai |
same error on this minion, works on master and other minions. |
| 11:25 |
saltslackbridge |
<mts-salt> so the minion isn't downloading files. is the minion config valid and is it running as root? |
| 11:26 |
saltslackbridge |
<mts-salt> by valid i mean that the folders point to the right places. a quick comparison with another minion would be best |
| 11:26 |
esai |
only config change is the master address, and the salt-minion process is root. |
| 11:27 |
esai |
version difference seems minor, 2017.7.0+ds-1 on minion and 2017.7.2+ds-1 on the master |
| 11:28 |
saltslackbridge |
<mts-salt> what versions are the other minions running? |
| 11:29 |
esai |
2016.11.0, 2016.11.6, 2017.7.1, 2017.7.2 |
| 11:29 |
saltslackbridge |
<mts-salt> so this is the only one running 2017.7.0? |
| 11:30 |
esai |
yes, looks that way. |
| 11:30 |
saltslackbridge |
<mts-salt> might be worth upgrading it to 2017.7.2 and see if that resolve this |
| 11:30 |
esai |
I'll give it a go |
| 11:32 |
esai |
wow, that seems to have fixed the issue. |
| 11:32 |
esai |
Amazing, minor changes also break stuff. |
| 11:32 |
|
tpaul joined #salt |
| 11:32 |
esai |
Thank you very much! |
| 11:33 |
babilen |
fsvo "amazing" |
| 11:33 |
saltslackbridge |
<mts-salt> no problem, i wasn't expecting that to be the resolution but perhaps the upgrade fixed something for you |
| 11:33 |
|
tpaul left #salt |
| 11:33 |
|
dodge-lint joined #salt |
| 11:34 |
esai |
I upgraded only the salt-minion and salt-common packages. |
| 11:41 |
|
GrisKo joined #salt |
| 11:47 |
|
indistylo joined #salt |
| 11:57 |
|
gmoro joined #salt |
| 11:58 |
|
mbologna joined #salt |
| 12:08 |
|
Deliant joined #salt |
| 12:10 |
|
pualj joined #salt |
| 12:14 |
|
yidhra joined #salt |
| 12:15 |
|
GrisKo joined #salt |
| 12:36 |
|
GrisKo joined #salt |
| 12:37 |
|
aCodinMan joined #salt |
| 12:50 |
|
Deliant joined #salt |
| 12:54 |
|
oida joined #salt |
| 13:12 |
|
tapoxi joined #salt |
| 13:21 |
|
pipps joined #salt |
| 13:26 |
|
numkem joined #salt |
| 13:28 |
|
Nahual joined #salt |
| 13:31 |
|
aruns__ joined #salt |
| 13:31 |
mage_ |
what's the best manner to check if "a" is a set ? isinstance(a, set) ? |
| 13:47 |
saltslackbridge |
<ryan.walder> `{% if a %}` i believe |
| 13:52 |
XenophonF |
How do I tell my Salt Master to stop trying to download EC2 instance metadata because it isn't an EC2 instance? |
| 13:52 |
XenophonF |
My master log file is full of "Connection to 169.254.169.254 timed out" |
| 13:55 |
|
yujunz joined #salt |
| 13:57 |
|
bluenemo joined #salt |
| 13:58 |
babilen |
mage_: "... is defined" |
| 14:02 |
|
evle1 joined #salt |
| 14:03 |
saltslackbridge |
<mts-salt> that ip is the dhcp link local address, do you have an interface that's not properly configured? |
| 14:07 |
XenophonF |
LOLWUT? https://gist.github.com/xenophonf/96cf6095709f1a8f3fb0b1c0923c6a0b |
| 14:07 |
XenophonF |
Does salt-ssh not define the 'salt' convenience variable? |
| 14:07 |
|
pualj joined #salt |
| 14:08 |
XenophonF |
I'm definitely calling grains.get() right: https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.grains.html#salt.modules.grains.get |
| 14:09 |
|
tracphil joined #salt |
| 14:09 |
saltslackbridge |
<mts-salt> doesn't get take a default? |
| 14:09 |
|
evle2 joined #salt |
| 14:10 |
saltslackbridge |
<mts-salt> that's a state not a module |
| 14:10 |
|
gh34 joined #salt |
| 14:10 |
|
capnhex joined #salt |
| 14:12 |
saltslackbridge |
<mts-salt> given that the error says not enough arguments, i'd be tempted to try it with a default anyway |
| 14:14 |
|
evle1 joined #salt |
| 14:15 |
|
pualj_ joined #salt |
| 14:16 |
saltslackbridge |
<ryan.walder> `.get()` doesn't need a default, it's better with one of course but doesn't need one |
| 14:16 |
babilen |
XenophonF: salt.goo doesn't work with salt-ssh, you need salt['goo'] |
| 14:17 |
babilen |
(which is why we don't use salt.foo anywhere |
| 14:17 |
babilen |
) |
| 14:17 |
saltslackbridge |
<mts-salt> aha, missed that. d'oh! |
| 14:18 |
capnhex |
Hi - Is there any 'yum-shell' functionality within salt? I 'm running on RHEL may need to replace 'rsyslog' with 'rsyslog7' |
| 14:18 |
capnhex |
I would normally do 'yum shell' and then 'erase rsyslog' ,'install rsyslog7' ,'ts run' from the command line so that there's an 'atomic' transaction withing yum. Was wondering if there's a method to do this within salt? |
| 14:18 |
babilen |
Not sure if that's still an issue, but it definitely was in the past |
| 14:19 |
XenophonF |
god dammit I've been using salt.whatever for the last 6 months everywhere |
| 14:20 |
XenophonF |
time to refactor a bunch of code, just freaking fantastic |
| 14:21 |
babilen |
sry |
| 14:21 |
babilen |
Just salt-ssh things |
| 14:21 |
saltslackbridge |
<ryan.walder> salt-ssh, the redheaded stepchild |
| 14:21 |
babilen |
Should be a relatively easy "projectile-replace" in Emacs though ;) |
| 14:23 |
XenophonF |
I'm concocting an unholy amalgam of shell commands to do the work for me |
| 14:23 |
saltslackbridge |
<mts-salt> or a single (perhaps somewhat evil) regex replace... ? |
| 14:24 |
|
rh10 joined #salt |
| 14:26 |
XenophonF |
yeah find plus sed ftw |
| 14:26 |
babilen |
sed and backreferences ftw! |
| 14:26 |
saltslackbridge |
<mts-salt> untested but perhaps s/salt\.([^)]*)(/salt['\1'](/g |
| 14:26 |
babilen |
Looks about right |
| 14:26 |
babilen |
+ escaping hell |
| 14:26 |
saltslackbridge |
<mts-salt> indeed :slightly_smiling_face: |
| 14:27 |
XenophonF |
oh that will work nicely |
| 14:27 |
XenophonF |
thanks! |
| 14:29 |
XenophonF |
going to test this: find . -type f -name '*.sls' -exec echo sed -i '' -e "s/salt\.([^)]*)(/salt['\1'](/g" '{}' \; |
| 14:29 |
|
tiwula joined #salt |
| 14:29 |
saltslackbridge |
<mts-salt> no .jinja or .yaml or other extensions in your config then? :slightly_smiling_face: |
| 14:29 |
babilen |
Should that be ( in lieu of ) ? |
| 14:30 |
saltslackbridge |
<mts-salt> there's an escape missing in mine, *)(/salt should be *)\(/salt |
| 14:30 |
XenophonF |
find . -type f -name '*.sls' -exec sed -i '' -e "s/salt\.\([^)]*\)(/salt['\1'](/g" '{}' \; |
| 14:30 |
saltslackbridge |
<mts-salt> or that |
| 14:31 |
XenophonF |
oh yeah jinja files - thanks for the reminder mts-salt! |
| 14:31 |
saltslackbridge |
<mts-salt> :slightly_smiling_face: |
| 14:35 |
|
edrocks joined #salt |
| 14:37 |
|
acantha joined #salt |
| 14:37 |
|
cgiroua joined #salt |
| 14:38 |
|
nixjdm joined #salt |
| 14:39 |
XenophonF |
https://github.com/irtnog/salt-states/commit/97f461bb905b735e1bcfee1ae27283d17a819b1b |
| 14:39 |
XenophonF |
now to change my formulas |
| 14:43 |
|
racooper joined #salt |
| 14:49 |
|
aCodinMan joined #salt |
| 14:56 |
XenophonF |
that regex is a little too greedy |
| 14:57 |
XenophonF |
then again, windows environment variables with parens in them _are_ insane so... |
| 14:57 |
XenophonF |
https://github.com/irtnog/salt-states/commit/97f461bb905b735e1bcfee1ae27283d17a819b1b#diff-7acb2d87ed805753c172f8c5d20b11e0L29 |
| 14:57 |
saltslackbridge |
<mts-salt> well, yes. that's what diff is for :slightly_smiling_face: |
| 14:59 |
saltslackbridge |
<mts-salt> i don't see the reference in that diff |
| 15:03 |
XenophonF |
yeah I just realized it wasn't a problem there |
| 15:04 |
XenophonF |
it was here though - https://github.com/irtnog/salt-winrepo-private/blob/master/cheat-engine.sls#L13 |
| 15:04 |
XenophonF |
I caught it in the diff before committing it |
| 15:04 |
babilen |
That's an ugly envvar |
| 15:05 |
XenophonF |
Windows, man, not even once |
| 15:05 |
babilen |
Sometimes you have to wonder what Microsoft are thinking |
| 15:05 |
XenophonF |
I mean, I get it, I remember the mess various executable format and endianness and bit-length changes made to linkers/loaders over the years. |
| 15:06 |
XenophonF |
on windows that ended up with C:\Program Files (x86) and C:\WINDOWS\SysWOW64 |
| 15:07 |
XenophonF |
on Linux there's the insanity under /lib |
| 15:07 |
XenophonF |
etc. |
| 15:07 |
|
ouemt joined #salt |
| 15:07 |
XenophonF |
I wish Dave Cutler had brought VMS logicals to NT. |
| 15:08 |
XenophonF |
That would have hidden some (most?) of the mess. |
| 15:08 |
XenophonF |
anyway, I'm off topic |
| 15:08 |
XenophonF |
sorry |
| 15:11 |
XenophonF |
oh re: me whining earlier about salt/util/aws.py, I think I can set `location` in the master config to stop those lookups. |
| 15:14 |
|
ahrs joined #salt |
| 15:18 |
XenophonF |
Is there a FAQ for Salt SSH that documents gotchas list this? and the one I apparently just hit that involves GPG-encrypted Pillar data? |
| 15:19 |
XenophonF |
I'm pretty sure we've discussed some of these issues on IRC already. |
| 15:19 |
saltslackbridge |
<mts-salt> you could cheat and use salt-ssh to install a salt minion ;) |
| 15:27 |
|
anonlizard joined #salt |
| 15:28 |
XenophonF |
I'm using salt-ssh because my poor little Raspberry Pi doesn't have enough RAM to host salt-minion. :( |
| 15:29 |
saltslackbridge |
<mts-salt> ah, fair point |
| 15:37 |
|
stanchan joined #salt |
| 15:38 |
|
kiorky joined #salt |
| 15:41 |
nkuttler |
i thought salt-ssh bootstraps a minion on the fly? |
| 15:41 |
saltslackbridge |
<mts-salt> it's the ssh minion, a lightweight version |
| 15:42 |
nkuttler |
i see |
| 15:49 |
|
tapoxi joined #salt |
| 15:50 |
|
_JZ_ joined #salt |
| 15:53 |
|
yuhl left #salt |
| 15:54 |
|
yuhl joined #salt |
| 15:54 |
|
stanchan joined #salt |
| 15:59 |
|
pualj_ joined #salt |
| 15:59 |
|
aldevar left #salt |
| 16:05 |
|
pppingme joined #salt |
| 16:14 |
|
Creme joined #salt |
| 16:16 |
|
CmndrSp0ck joined #salt |
| 16:18 |
|
nixjdm joined #salt |
| 16:24 |
|
stanchan joined #salt |
| 16:32 |
|
CmndrSp0ck left #salt |
| 16:34 |
|
stanchan joined #salt |
| 16:38 |
|
DanyC joined #salt |
| 16:40 |
|
Heartsbane joined #salt |
| 16:44 |
|
dograt joined #salt |
| 16:46 |
XenophonF |
So running state.show_top via salt-ssh results in errors like this: gpg: keyblock resource '/var/tmp/.pi_c99d3f_salt/gpgkeys/pubring.kbx': No such file or directory |
| 16:46 |
XenophonF |
which means it renders Pillar data on the minion :( |
| 16:47 |
XenophonF |
I think that I'm going to give up at this point. |
| 16:47 |
XenophonF |
I'd have to completely restructure my Pillar data to facilitate that. |
| 16:49 |
saltslackbridge |
<mts-salt> what did you expect the source to be for that file? |
| 16:49 |
saltslackbridge |
<mts-salt> was it salt://gpgkeys/pubring.kbx ? |
| 16:51 |
XenophonF |
no? |
| 16:51 |
XenophonF |
I've encrypted some of my Pillar data using GPG. |
| 16:52 |
XenophonF |
salt-ssh appears to try decrypting it on the client side. |
| 16:52 |
XenophonF |
My security model for encrypted Pillar data doesn't trust the minion to do that. |
| 16:54 |
saltslackbridge |
<mts-salt> ah ok, that's not something i've encountered yet |
| 16:55 |
XenophonF |
It looks like minion_opts needs to include the GPG key directory. |
| 17:01 |
XenophonF |
It isn't clear how to get salt-ssh to copy the keyring over to the minion either. |
| 17:21 |
|
systemdave joined #salt |
| 17:21 |
|
jbailey joined #salt |
| 17:29 |
|
DammitJim joined #salt |
| 17:30 |
|
rawzone joined #salt |
| 17:32 |
|
stanchan joined #salt |
| 17:32 |
wwalker |
Can I set the SALT_CRON_IDENTIFIER to something other than the cron command to be run? |
| 17:33 |
|
pipps joined #salt |
| 17:33 |
wwalker |
I see it now. |
| 17:34 |
|
pipps joined #salt |
| 17:34 |
|
ecdhe joined #salt |
| 17:35 |
|
systemdave joined #salt |
| 17:44 |
|
ponyofdeath joined #salt |
| 17:47 |
|
mk-fg joined #salt |
| 17:47 |
|
mk-fg joined #salt |
| 18:03 |
|
CampusD joined #salt |
| 18:04 |
|
DanyC joined #salt |
| 18:05 |
|
mk-fg joined #salt |
| 18:05 |
|
mk-fg joined #salt |
| 18:05 |
|
DanyC_ joined #salt |
| 18:06 |
|
Trauma joined #salt |
| 18:09 |
|
xet7 joined #salt |
| 18:49 |
|
cro joined #salt |
| 19:02 |
|
stanchan joined #salt |
| 19:05 |
|
pipps joined #salt |
| 19:14 |
|
capnhex left #salt |
| 19:18 |
|
shiin left #salt |
| 19:21 |
|
aCodinMan joined #salt |
| 19:24 |
|
aldevar joined #salt |
| 19:26 |
|
Creme left #salt |
| 19:29 |
|
pipps joined #salt |
| 19:32 |
|
Aleks3Y joined #salt |
| 19:33 |
|
ymasson joined #salt |
| 19:33 |
|
alexlist joined #salt |
| 19:41 |
|
stanchan joined #salt |
| 19:46 |
|
evle1 joined #salt |
| 19:47 |
|
pipps joined #salt |
| 19:58 |
|
onovy joined #salt |
| 20:14 |
|
BitBandit joined #salt |
| 20:14 |
|
hoonetorg joined #salt |
| 20:16 |
|
xet7 joined #salt |
| 20:18 |
|
pipps joined #salt |
| 20:26 |
|
stanchan joined #salt |
| 20:31 |
|
Hybrid joined #salt |
| 20:34 |
|
evle1 joined #salt |
| 20:40 |
|
tracphil joined #salt |
| 20:42 |
|
inad922 joined #salt |
| 20:46 |
|
pualj_ joined #salt |
| 20:49 |
|
Hybrid joined #salt |
| 20:52 |
|
pipps joined #salt |
| 20:52 |
|
K0HAX joined #salt |
| 20:57 |
|
yuhl joined #salt |
| 21:06 |
|
pipps joined #salt |
| 21:10 |
|
wangofett joined #salt |
| 21:20 |
|
pipps joined #salt |
| 21:25 |
|
viq joined #salt |
| 21:34 |
|
pipps joined #salt |
| 21:38 |
|
cgiroua joined #salt |
| 21:40 |
|
yuhl joined #salt |
| 21:42 |
|
pipps joined #salt |
| 21:44 |
|
pipps joined #salt |
| 21:58 |
|
LocaMocha joined #salt |
| 21:59 |
|
pipps joined #salt |
| 22:02 |
Edgan |
Anyone know of a way to encrypt by sls file instead of pillar key? |
| 22:02 |
|
stanchan joined #salt |
| 22:08 |
saltslackbridge |
<gtmanfred> you could just encrypt the entire dictionary like is specified here, and then use gpg and json once it is decrytped? https://docs.saltstack.com/en/latest/ref/renderers/all/salt.renderers.gpg.html#encrypting-the-entire-cli-pillar-dictionary |
| 22:08 |
saltslackbridge |
<gtmanfred> that should work |
| 22:10 |
Edgan |
gtmanfred: thanks |
| 22:18 |
Edgan |
gtmanfred: why json and not yaml? |
| 22:21 |
saltslackbridge |
<gtmanfred> You could do either, technically json is syntactically correct yaml |
| 22:22 |
Edgan |
gtmanfred: I am thinking, https://paste.fedoraproject.org/paste/oiCnS~emckw3OBIVgiJayw |
| 22:22 |
saltslackbridge |
<gtmanfred> But if you put a dictionary in the gpg instead of yaml, the file will load faster using the json renderer |
| 22:22 |
saltslackbridge |
<gtmanfred> I think that will work, but json will be faster was why I said json |
| 22:23 |
saltslackbridge |
<gtmanfred> And since you aren't going for readability, why bother with yaml |
| 22:23 |
Edgan |
gtmanfred: I am going to try yaml, and if still slow, I will try json. We are currently using pkcs7 per key, it is decrypting everything, and it is killing the master. |
| 22:24 |
Edgan |
gtmanfred: More user friendly when writing the file to encrypt |
| 22:24 |
saltslackbridge |
<gtmanfred> Fair |
| 22:24 |
ingy |
:) |
| 22:25 |
saltslackbridge |
<gtmanfred> potentially though, you could just write it and then run it through a yaml renderer to turn to json |
| 22:40 |
|
stanchan joined #salt |
| 22:40 |
ingy |
I wrote this silly little jyj program https://www.npmjs.com/package/jyj that turns yaml into json or json into yaml |
| 22:41 |
ingy |
cat foo.yaml | jyj | jyj | jyj > foo.json |
| 22:54 |
|
pipps joined #salt |
| 22:57 |
|
pipps joined #salt |
| 22:57 |
|
wangofett joined #salt |
| 22:58 |
iggy |
yq is like jq for yaml |
| 23:10 |
|
hemebond joined #salt |
| 23:20 |
|
stanchan joined #salt |
| 23:22 |
|
RandyT joined #salt |
| 23:22 |
|
RandyT joined #salt |
| 23:44 |
|
aCodinMan joined #salt |
| 23:50 |
|
aCodinMan joined #salt |
