Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2018-02-09

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:00 bowhunter joined #salt
00:19 wongster80 joined #salt
00:50 Sketch joined #salt
00:52 pipps joined #salt
00:56 pipps99 joined #salt
01:02 pipps joined #salt
01:07 spacefrog joined #salt
01:07 spacefrog hulo
01:07 spacefrog is there a way to change the default programs in windows?
01:08 spacefrog i'm searching for it, but I might be searching for the wrong thing
01:08 aviau joined #salt
01:11 jpsharp install linux.
01:11 jpsharp :)
01:11 spacefrog how about you eat shit?
01:11 spacefrog i'm running salt-master on linux
01:12 spacefrog Linux blows in an office environment
01:12 spacefrog unless it's a server
01:12 whytewolf whoa, calm down
01:12 spacefrog sorry
01:12 spacefrog I just can't stand useless comments like that
01:13 MTecknology seems pretty innocent to me..
01:13 jpsharp Sorry about that.  I wasn't in the channel I thought I was in.
01:13 jpsharp Too many windows.
01:13 MTecknology I'm not sure spacefrog was either. That doesn't sound like a salt question at all.
01:13 MTecknology unless it is?
01:14 spacefrog it is
01:14 spacefrog seeing how you can manipulate the registries, install programs, create users, etc, etc
01:14 spacefrog I was wondering if there's a way to control which programs are used by default
01:14 spacefrog like the default browser and whatnot
01:15 shiranaihito joined #salt
01:15 * MTecknology has no clue.. I haven't used windows in years.
01:15 MTecknology could look at the modules list, though.
01:15 jpsharp I think you'd be better off using something like a domain controller to publish group policies.
01:16 MTecknology samba4 can handle GPO! :)
01:16 spacefrog thanks
01:16 spacefrog it's not a deal breaker
01:16 spacefrog i'm really enjoying salt
01:17 spacefrog the very fact that you can install programs on an army of Windows machines without having to deal with paid software that is slow and sux ass is a huge plus
01:24 pocketprotector joined #salt
01:29 exarkun joined #salt
01:35 demize joined #salt
02:00 pipps joined #salt
02:08 Church- Ugh, my dev environment is still down. >_>
02:08 Church- What're ya'll up to?
02:27 Pomidora joined #salt
02:37 whytewolf just grabbed dinner
02:42 Guest73 joined #salt
02:56 ilbot3 joined #salt
02:56 Topic for #salt is now Welcome to #salt! <+> Latest Versions: 2016.11.9, 2017.7.3 <+> Support: https://www.saltstack.com/support/ <+> Logs: http://irclog.perlgeek.de/salt/ <+> Paste: https://gist.github.com/ <+> See also: #salt-devel, #salt-offtopic, and https://saltstackcommunity.herokuapp.com (for slack) <+> We are volunteers and may not have immediate answers
02:57 nomeed joined #salt
02:58 lkthomas whytewolf, did you put salt into dinner ?
02:59 systemexit exit
03:00 whytewolf it was kfc so it had chicken greese and Salt :P
03:04 lkthomas nice
03:13 pipps joined #salt
03:19 hemebond joined #salt
04:04 miruoy joined #salt
04:36 jsmith0012_ joined #salt
04:41 jsmith0012_ question on the tcp/ip level of salt stack.  is there a way to tell what minion is what tcp ip connection to the master?
04:45 jsmith0012_ was wondering because using netstat and lsof there is 2 to 6 tcp connections per minion.  using these stats seems faster to determine if a minion is up than doing test.ping
04:45 zerocool_ joined #salt
05:04 zerocool_ joined #salt
05:11 lkthomas I really don't understand why PHP could decrypt password just fine on Pillar but fail on state
05:11 shankark joined #salt
05:17 zerocool_ joined #salt
05:23 lkthomas well, I end up using content_pillar
05:44 pipps joined #salt
06:04 evle joined #salt
06:08 ymasson joined #salt
06:08 zulutango joined #salt
06:13 lkthomas [ERROR   ] State 'git.latest' was not found in SLS
06:13 lkthomas huh?! why ?!
06:14 lkthomas OH
06:14 lkthomas missing git package, sigh
06:31 pipps joined #salt
06:58 coredumb Is there any other way than PGP to encrypt datas in masterless mode? A bit like ansible-vault maybe?
07:01 monokrome joined #salt
07:17 LocaMocha joined #salt
07:20 LocaMocha joined #salt
07:26 Guest73 joined #salt
07:33 ahrs joined #salt
08:07 aldevar joined #salt
08:07 xet7 joined #salt
08:11 Tucky joined #salt
08:12 kwork joined #salt
08:16 Hybrid joined #salt
08:19 aviau joined #salt
08:24 Ricardo1000 joined #salt
08:28 salt-noob58 joined #salt
08:31 xet7 joined #salt
08:33 salt-noob58 am i understanding correctly that if i make a custom grain and can now get it from minion over salt-ssh, and then change the custom grain, i need to run salt-ssh -t ?
08:37 xet7 joined #salt
08:39 vb29 joined #salt
08:41 ct16k joined #salt
08:45 onslack <mts-salt> @coredumb: haven't tried it, but would sdb + vault work for masterless
08:45 coredumb onslack: sdb ?
08:46 coredumb well it would require to have vault installed as well
08:47 coredumb or mts-salt?
08:47 mbologna joined #salt
08:47 coredumb damn these bridges >_<
08:49 onslack <mts-salt> the latter works for me, but sure :)
08:49 onslack <mts-salt> https://docs.saltstack.com/en/latest/topics/sdb/
08:50 onslack <mts-salt> vault is just one provider, you may find another suits you better
08:51 onslack <mts-salt> @salt-noob58: looking at the commandline options, there should be a periodic refresh, but --refresh or -t should both work to sync the grain up to the master
08:55 coredumb mts-salt: sdb could be a solution but problem is still here, you have your sdb config in the clear
08:55 MTecknology You can write whatever module you want to pull it from somewhere you want to store things... but then you need to figure all that out
08:55 salt-noob58 previosuly available custom grains are now not available, while one new custom_grain is available from the first try, aaah!
08:55 coredumb I think I'll just pass my secrets through the command line
08:56 coredumb as pillars
08:56 onslack <mts-salt> that's an age-old problem. how to secure something so that someone who can access a given system is unable to have the level of access that the system itself has
08:57 onslack <mts-salt> i think user permissions is about all that works there. if someone has root or the ability to read your config then it's already game over
08:57 coredumb I think that ansible-vault makes quite a good job for that asking you for the passphrase at runtime
08:57 salt-noob58 asking a passphrase, or a pass_file that can be with more secure permissions than ansible or in this case salt itself
08:57 onslack <mts-salt> you could do something similar with gdb
08:57 onslack <mts-salt> *gpg
08:58 salt-noob58 you can have not everyone who can run salt be able to run vault and not need to input the passphrase every time, super convenient
08:59 coredumb well it wouldn't be as convenient and low maintenance/implementation than ansible-vault I fear
08:59 salt-noob58 gpg renderer works but isn't nearly as convenient and i think it's less secure, less ways to limit who can decode it. Good enough to store things in git without plaintext passwords though
08:59 salt-noob58 depends on what you want to do with it
08:59 coredumb in a masterless mode with gpg I don't see how you could make it ask for the password at runtime ? O_o
09:00 coredumb you have to preconfigure gpg for that
09:00 salt-noob58 i dont think i've had gpg ask for password ever, i think it just uses the private key in /etc/salt/pki and if you have permissions to read that then no password needed?
09:00 onslack <mts-salt> you'd also have to ensure that all operations are interactive that need to ask for a password
09:01 salt-noob58 not saying password is impossible
09:01 salt-noob58 i guess you could try to secure the key with permissions like a vault-file
09:02 schasi joined #salt
09:03 coredumb actually I'd be happy if I could pass the GPG passphrase as a pillar from command line
09:04 mikecmpbll joined #salt
09:04 salt-noob58 would that password be logged anywhere if you pass it as a pillar? dont know about pillars enough but be careful. Also I dont know how to have gpg ask for passphrase at all so can't help you with where to feed that pillar in
09:05 coredumb well it's not
09:05 coredumb asking I mean
09:05 lompik joined #salt
09:05 onslack <mts-salt> if you've created a key without a password then it won't ask for one, no. your key would need to be secured for that
09:06 coredumb salt-noob58: AFAICT pillars passed to salt-call are not loged
09:09 ikarpov joined #salt
09:17 pbandark joined #salt
09:18 ct16k joined #salt
09:19 schasi Is there a usable (FOSS) GUI for SaltStack?
09:21 msn joined #salt
09:21 msn join #debian
09:21 msn oops
09:32 vb29 joined #salt
09:37 garphy`aw left #salt
09:41 Hybrid joined #salt
09:43 mattfoxxx joined #salt
09:44 ikarpov does anybody know what happened to repo.saltstack.com?
09:46 onslack <ryan.walder> works for me
09:48 ikarpov hm… interesting
09:49 xet7_ joined #salt
09:50 ikarpov unreachable from germany for an hour at least
09:51 exarkun joined #salt
09:51 onslack <ryan.walder> can you get to the subdirs? https://repo.saltstack.com/apt/ubuntu/
09:51 ikarpov as well as from us-based host. are you sure?
09:51 onslack <ryan.walder> though i'd guess not as it's probably all the same box
09:52 onslack <ryan.walder> from the uk it seems ok
09:52 ikarpov I can’t reach the host
09:52 onslack <ryan.walder> https://pastebin.com/KpVCx3ZU
09:54 onslack <ryan.walder> interestingly i this says it's down http://downforeveryoneorjustme.com/repo.saltstack.com
09:55 ikarpov i’ve checked it from us, germany, sweden, ukraine. no luck
09:55 onslack <ryan.walder> https://www.uptrends.com/tools/uptime
09:55 onslack <mts-salt> doesn't work for me from the uk. are you sure it's not cached?
09:55 onslack <ryan.walder> seems it's up for the uk but down elsewhere
09:55 onslack <ryan.walder> well, parts of the uk then ;)
09:56 onslack <mts-salt> that site shows half working, half not. so international routing fault
09:57 ikarpov yep
09:57 onslack <ryan.walder> looks like it's hosted on rackspace
09:57 onslack <ryan.walder> so probably a rackpace issue
09:59 onslack <ryan.walder> or the dns is rackspace at least
09:59 onslack <ryan.walder> repo.saltstack.com has address 198.199.77.106 repo.saltstack.com has IPv6 address 2604:a880:400:d0::2:e001 can you hit them?
09:59 onslack <mts-salt> dns for repo.saltstack.com is having issues as well
10:00 schasi No connection to the ipv4 address as well
10:00 onslack <mts-salt> soa claims ns.rackspace.com but that's not in the ns list
10:01 onslack <mts-salt> but anyway, ipv4 address is not contactable for me either
10:04 onslack <ryan.walder> well, this just renforces why you host your own repo mirrors ;)
10:13 dodge-lint joined #salt
10:15 dodge-lint Hi. I'm trying to bootstrap salt on one of my systems but neither bootstrap.saltstack.com nor repo.saltstack.com are responding at the moment. Can anyone confirm this, or am I doing something wrong?
10:15 onslack <mts-salt> as above, it seems to be down for some people
10:16 glass-wire joined #salt
10:17 Grauwolf i can confirm
10:18 Grauwolf ipv6 seems to work
10:19 babilen No problem here (uk) and in our data centres in Germany
10:20 onslack <ryan.walder> see above, it looks like a routing issue somewhere
10:20 c4rc4s joined #salt
10:20 nku any news on repo.saltstack.com being down?
10:20 onslack <ryan.walder> ...
10:20 onslack <mts-salt> :facepalm:
10:20 babilen If only someone could set the /topic
10:20 nku eh..
10:21 babilen We could be all smug and go "see topic" all the time :)
10:21 nku useful topics are useful
10:22 babilen I totally agree and we use #debian-next's topic quite frequently for "things that are broken now" announcements
10:22 nku the problem here is really the old ci env.. for every test run it tries to pull upgrades ..
10:22 nku or maybe our proxy should just be reconfigured..
10:23 onslack <mts-salt> mirrors would perhaps help here :/
10:23 nku that too, yeah
10:25 dodge-lint sorry for asking a question that was already answered :-)
10:25 babilen I'll celebrate when I can finally replace debmirror with aptly, but that's probably not happening soon
10:26 Grauwolf babilen: aptly is SO much nicer
10:27 babilen I know .. I'm rather happy ever since I wrote a nice dput post-upload script that automatically creates snapshots and publishes the repo
10:27 onslack <mts-salt> seems to be working again now
10:28 onslack <mts-salt> ah, not completely
10:28 rjc joined #salt
10:29 rjc hola!
10:29 babilen o/
10:29 rjc http://downforeveryoneorjustme.com/repo.saltstack.com
10:29 babilen Guten Morgen
10:29 nku yes, it's down
10:29 rjc anyone from the project here?
10:30 babilen We're recommending configuring local mirrors
10:30 rjc nku: I know it is - just saying in case there's someone from the project who hadn't noticed it yet :)
10:30 babilen And no .. SaltStack are sleeping (or should be)
10:30 onslack <mts-salt> i think they're in a different timezone :)
10:30 nku nobody here has enterprise support? :)
10:30 babilen They are based in Utah
10:31 babilen I'm not paying that kind of crazy money
10:31 babilen I'd have loved the GUI, but it's just too expensive
10:31 rjc babilen: I think I might do just that.... straight after they're back
10:31 rjc :P
10:31 nku my company doesn't like subscriptions..
10:31 rjc babilen: what's a GUI?
10:31 rjc ;)
10:31 nku something that doesn't work in a terminal
10:32 onslack <mts-salt> if you can't use a terminal and vi, it's not a real thing
10:33 rjc I'm new to the whole thing - I've been at the Puppet camp for the past 5+ years
10:33 rjc :)
10:33 rjc still learning the ropes
10:33 onslack <mts-salt> aha. welcome to the dark side. we have cookies.
10:34 babilen rjc: Their Web UI, but you (obviously!) can't have that without also buying "enterprise support" and that's ££££
10:35 rjc babilen: no puppet dashboard (for those who don't know - open source webui), then?
10:36 onslack <ryan.walder> looks like it's back up now
10:36 babilen rjc: No really useful open source one unfortunately
10:36 babilen Haven't checked in a while, so you might want to look into that yourself if its important for you
10:37 onslack <mts-salt> i suspect the problem is that it would need to cover so many different variations. i briefly thought about the "simple case" and then immediately struggled to define "simple"
10:38 hemebond joined #salt
10:38 rjc babilen: not in the slightest - just inquiring
10:38 babilen You'd soon end up with something along the lines of SuSE's offerings and they manage, because they restrict the Salt environment
10:38 babilen Love to play with the enterprise UI though, but .. not really missing it much either
10:39 babilen People around me think I live in the matrix anyway as my screen is filled with emacs and terminals in molokai colours
10:39 onslack <mts-salt> maybe a log viewer, ability to trigger runners, option to edit local config. but it would pretty much be a gui over the cli anyway
10:39 xet7 joined #salt
10:39 onslack <ryan.walder> i get that, tiling wm + many things going on = matrix
10:40 onslack <mts-salt> i have 3 monitors, i know what that can be like, even in windows land :)
10:41 rjc OK, so can someone please explain to me - pkgrepo - what's the point of dist and comps? AFAICS, they're not being used/honoured
10:41 babilen rjc: How so?
10:41 rjc https://docs.saltstack.com/en/latest/ref/states/all/salt.states.pkgrepo.html
10:42 babilen rjc: I'm using https://github.com/saltstack-formulas/apt-formula - Maybe you want to look into that
10:42 babilen Well, dist is the "distribution" or "suite" (e.g. jessie, stretch, precise, ...) and comps are components (e.g. main, contrib, non-free)
10:43 rjc thanks - I'd like to stick to the official ones for now
10:43 rjc babilen: case in point: deb http://dl.google.com/linux/chrome/deb/ stable main
10:43 onslack <mts-salt> all of those are
10:43 babilen apt-formula is essentially just a collection of saltstates built around pkgrepo.managed + nice pillar driven configuration
10:44 babilen rjc: So, how is that not working?
10:44 rjc ok, let me rephrase - I'd like to keep it simple and use the state for now
10:44 babilen Sure
10:44 rjc deb http://dl.google.com/linux/chrome/deb/
10:44 rjc while usign comps and and dist doesn't
10:45 babilen rjc: Could you paste your state, a log of its state run (preferably with "salt-call -ldebug state.apply foo" on the minion) and the outcome to one of http://paste.debian.net, https://gist.github.com, http://sprunge.us, … ?
10:45 rjc architecture works fine
10:45 babilen The trick is to have "deb http://dl.google.com/linux/chrome/deb/ stable main" as name
10:46 babilen architecture is an ubuntuism and shouldn't be necessary with Debian's multi-arch repos, but then .. who knows what google are doing
10:48 rjc babilen: architecture isn't ubuntuism - it's coming all the way down from Debian
10:49 babilen Sure, it's just not needed with any Debian repos
10:49 babilen I'm not implying that its a feature that can't be used on Debian if that's how you understood it
10:50 rjc babilen: it is if you're doing multiarch, which has been in Debian for ages
10:51 rjc i.e. binary i386-only apps
10:51 babilen And why would you have to use that feature in your sources.list ?
10:52 onslack <mts-salt> at a guess, in case you want to limit to one particular arch
10:52 rjc so that apt doesn't chocke on the lack amd64 or i386 if using multi-arch and only one is available - chrome being an examply
10:52 rjc example
10:52 onslack <mts-salt> eg only x86 on a x64 host
10:53 rjc onslack: exactly
10:53 babilen rjc: Debian repositories don't lack those architectures
10:53 babilen (which is my entire point)
10:53 rjc babilen: the above example does lack it - Chrome is avaible for amd64-only
10:54 onslack <mts-salt> the repo has multiple, the sources.list has the option to pick
10:54 babilen Maybe the problem is that "Debian repository" is ambiguous and might refer to all repositories that offer .debs
10:54 rjc anyway, that's all beside the point
10:54 babilen I am specifically referring to Debian's repositories
10:54 babilen And I'd rather help with your actual issue
10:54 rjc all I'm after is cmps and  dist
10:54 onslack <mts-salt> heh. but debating at a tangent is what irc is best at! ;)
10:54 mikecmpbll joined #salt
10:55 rjc I should have stated at the beginning - I've been using Debian for 15+ years, hosted my own repos, built packages, etc. - if it was a Debian issue, I would not have asked :)
10:56 babilen Nobody is saying that it is ..
10:56 babilen Let's go back to "11:45:03  babilen> rjc: Could you paste your state, a log of its state run (preferably with "salt-call -ldebug state.apply foo" on the minion) and the outcome to one of http://paste.debian.net, https://gist.github.com, http://sprunge.us, … ?
10:57 pipps joined #salt
10:57 rjc babilen: seen that - working on it
10:57 babilen ta
11:02 rjc http://sprunge.us/AQFK
11:04 rjc sources list file looks like this: deb http://dl.google.com/linux/chrome/deb
11:04 rjc i.e. it's invalid
11:05 rjc when I append stable main to it - http://sprunge.us/WfiE
11:05 rjc it looks like this: deb [arch=amd64] http://dl.google.com/linux/chrome/deb stable main
11:05 rjc which is exactly what I want
11:06 fgimian joined #salt
11:07 rjc when I remove comps and dist lines, it looks exactly the same: http://sprunge.us/dWdh
11:07 rjc my question being, if stable main is required in repo URL, what's the point of comps and dist line if the don't work
11:07 rjc architecure does work
11:09 rjc if architesure adds a field to the URL, so should comps and dist, no?
11:09 rjc otherwise it is pointles
11:09 rjc I'm obviously missing something because someone added that functionality and tested it, right?
11:09 rjc :)
11:10 rjc I hope all of the above is clear - do ask questions if it isn't, though
11:16 babilen "The trick is to have "deb http://dl.google.com/linux/chrome/deb/ stable main" as name"
11:18 rjc babilen: I know that
11:19 rjc this is the only way I get a valid URI
11:19 babilen So .. it gets more interesting if you have more than one comp
11:19 babilen You'd use "main" in "name" and all of them in "comps"
11:19 babilen But you *have* to have one in - name: / ID
11:20 fgimian joined #salt
11:20 rjc babilen: that's my whole point - if you have three attributes: architecure, comps, dist; and specify them all - they should all be added to the URI
11:20 rjc now, only one is
11:20 rjc architecure
11:20 rjc I don't need to add it to the URI
11:20 rjc it's done for me
11:20 rjc great!
11:20 babilen You would use "deb http://dl.google.com/linux/chrome/deb/ stable main foo bar" in name
11:20 rjc I'd like the same for comps and dist
11:21 babilen But "deb http://dl.google.com/linux/chrome/deb/ stable main" and "- comps: main foo bar"
11:21 babilen Well, main,foo,bar .. but that's how it works
11:22 babilen Tricky / Buggy / Inconsistent things like that is why I strongly prefer using the apt-formula over definining states manually
11:22 babilen (apart from the whole "entirely pillar driven" design pattern)
11:22 rjc sure - what the dosc do *not* say is that these two only make sense with 2+ values
11:23 babilen Which shouldn't be the case
11:23 rjc exactly
11:23 babilen And .. to be honest .. I'm not 100% sure if the latest incarnation of salt behaves like that
11:23 babilen So test it .. but the way I detailed was how it worked
11:23 babilen (for better or worse)
11:24 rjc don't get me wrong, I like salt - especially that I can use a source with http:///path/to/file.deb
11:24 rjc but the documentation...
11:24 rjc ;)
11:25 babilen Well .. the documentation is actually pretty good, it's rather that the code might not work in the way it was intended all the time :)
11:25 rjc I'm stopping myself from going back to Puppet every other day
11:25 rjc :P
11:26 rjc but the source example - just saves so much fiddling with downloading, dpkg -i, etc.
11:26 rjc love it
11:27 rjc anyway, back to work - need to take this place to 21st century
11:33 babilen Have fun!
11:33 babilen Just make sure you have as much configuration/variable bits in pillars rather than hard code logic/configuration in states
11:46 pualj joined #salt
11:47 rjc babilen: when I started with puppet, hiera wasn't really "advertised" as much but when I looked at upgrading from 3 to 5, I did indeed look at using it
11:48 yidhra joined #salt
11:48 babilen Are you already using hiera?
11:48 rjc I see pillars as an equivalent - am I right?
11:48 rjc babilen: no - was meant to if I had migrated from puppet 3 to puppet 5
11:48 babilen Yeah .. in fact you can use hiera as pillar: https://docs.saltstack.com/en/latest/ref/pillar/all/index.html
11:49 echoe joined #salt
11:49 rjc that was all at the old workplaced - started a new job this year and taken Salt under consideration
11:49 rjc basically, I'm starting from scratch
11:49 babilen Not that it necessarily makes sense to adopt hiera for SaltStack now
11:50 rjc blank canvas if you like
11:51 rjc one thing which I did not figure out yet - again, just starting - what would be the equvalent of puppet agents checking up every $INTERVAL for updates?
11:52 kwmiebach joined #salt
11:53 babilen I have two tips for you now: 1. Ensure that you keep all/most logic/configuration/... in pillars and integrate other data sources via pillars if they hold the "ground truth" 2. Adopt a nice scheme such as http://paste.debian.net/1009475/
11:54 babilen rjc: You mean minions/clients checking every foo minutes if the states/pillars/... have changed and automatically applying those changes?
11:54 rjc yup
11:56 babilen You could easily schedule a highstate run every k minutes with https://docs.saltstack.com/en/latest/ref/states/all/salt.states.schedule.html
11:56 babilen (set the schedule in pillars)
11:57 rjc I'll look into it
11:57 babilen Oh .. one more tip: Don't abuse grains for information that isn't minion local
11:57 rjc such as?
11:57 babilen But I'd recommend the scheme above .. it'll save you headace
11:57 rjc babilen: is that your own?
11:57 babilen Roles come to mind
11:58 rjc well, I started using roles already
11:58 rjc bad idea?
11:58 rjc just following the guide
11:58 babilen I've adopted it in parts and combined it with role based states based on pillarstack
11:58 onslack <mts-salt> the debate rages on, but essential grains are controlled by the minion, whereas pillar is controlled by the master
11:58 babilen But I'm currently in the middle of changing many many top files
11:58 onslack <mts-salt> *essentially
11:58 babilen And something like the above features in my design
11:59 babilen Well, roles aren't a bad idea .. but I don't like to keep them in grains
11:59 babilen Because .. well .. you have to manage those also
11:59 babilen Which brings you back to square 1
11:59 onslack <mts-salt> btw, that paste doesn't include ignore_missing, should it? :)
11:59 babilen It most definitely should
12:00 babilen Was it yours?
12:00 onslack <mts-salt> i didn't create it, no. i recognise it from the discussion that brought ignore_missing to my attention in the first palce
12:00 babilen I am playing around a lot with pillarstack and a more organised scheme such as the above with ignore_missing: True
12:01 babilen Now that pillars are correctly merged and ignore_missing is working these things are working much better than before
12:01 rjc babilen: well, I did like writing my own facts - aren't grains a very simplified concept if it?
12:01 babilen I quite like the changes I'm seeing already, but I'm far from "This is my scheme"
12:01 bbhoss joined #salt
12:01 onslack <mts-salt> we've got our config in git, with the intention to use branches for env, but i think most of the things like pillarstack assume local files :/
12:02 babilen rjc: Grains are entirely under the control of the minion and therefore not trustworthy. IMHO the decision which role is to be applied on which host should be under central/master control (e.g. pillars)
12:02 onslack <mts-salt> one way we've done it is by cidr
12:02 babilen It's more that you don't want to have that decentralised and potentionally compromised
12:03 babilen onslack: Yeah, we have our configuration in git also
12:04 babilen I hope I find a week or two this year to design a nice role based and pillar driven configuration scheme that's as organised as the scheme I pasted + roles
12:04 salt-noob58 is salt-ssh not wiping it's temp dir with -w or -W flag a known issue?
12:05 onslack <mts-salt> it does rely on the minion id being fixed. but theoretically that shouldn't be a problem because someone must have accepted it first
12:06 babilen It is the one bit that's ensured to not change (unless you exchange new keys again)
12:07 onslack <mts-salt> i'm thinking more around a new minion rather than changing an existing one
12:07 onslack <mts-salt> one thing i haven't solved yet is how to provision a minion under windows and pre-auth its key
12:08 coredumb I must be blind, but can't see where my state is incorrect: https://pastebin.com/erFTVnVg any idea?
12:09 babilen (as its on pastebin.com → whitespace all messed up)
12:09 babilen ;)
12:09 onslack <mts-salt> @coredumb: what message are you seeing?
12:09 babilen What's the actual error?
12:10 coredumb babilen: well it's quite OK
12:10 coredumb failed: mapping values are not allowed here; line 33
12:10 onslack <mts-salt> missing : at the end of line 32
12:10 coredumb ok I know
12:10 coredumb yep forgot :
12:10 coredumb >_<
12:11 coredumb see told you I was blind
12:11 onslack <mts-salt> a yaml parser helps there. try yaml-online-parser.appspot.com
12:12 coredumb I should
12:13 coredumb ah looks like docker code doesn't know how to calculate subnets >_<
12:19 evle1 joined #salt
12:25 salt-noob58 basically salt-ssh -t doesn't work, -w doesn't work, -W creates new random dirs but doesn't wipe them.  Updating custom grains and probably doesn't work 90% of the time :(
12:26 onslack <mts-salt> does the user you're running as have permission to remove the data it's created?
12:27 onslack <mts-salt> in case you're not running as root, that is
12:27 salt-noob58 it is unprivileged, i couldn't find it getting denied rights to delete in -l all debug logs but that might just be my or the log's fault, and i would assume it has the rights to delete the files it creates, they have owner and group same as user running salt on minions
12:28 onslack <mts-salt> or in case you're using selinux
12:28 salt-noob58 and selinux is disabled
12:29 onslack <mts-salt> quick test then, can you login as/su to that same user and verify you can delete them interactively?
12:30 salt-noob58 sudo -u mysaltuser rm -rf /var/tmp/.tempdir works
12:31 salt-noob58 and a quirk, sometimes the grains do get upgraded, but unless making a completely new temp dir with -W it's super inconsistent and rare
12:33 * rgrundstrom ARGHHHHH.... Why does everything have to stop working on Fridays?
12:34 schasi rgrundstrom: So we know it's time to go home
12:34 salt-noob58 because you ignore it on mon-thu and push to friday, and on friday you think you might as well close up all the pending issues that were born during the week and refind all the broken things
12:35 simonmcc joined #salt
12:36 aviau joined #salt
12:36 rgrundstrom salt-noob58: I was just ventilating... Its not salt that broke in this case. But I have a rule not to touch anything salt related on Fridays for just that reason :)
12:37 salt-noob58 i've had a project manager tell a different ops to do a live deploy in the last hour of a friday
12:37 salt-noob58 when i was on call
12:37 salt-noob58 and of course it broke and needed rollback
12:38 coredumb since when ops listen to pm ?
12:38 coredumb O_o
12:38 salt-noob58 ventilating? dont like it, not a huge fan
12:38 salt-noob58 since 5pm on friday when they are too tired to tell pm to go love themselves
12:39 salt-noob58 but in that org (short for organization) pm ordered a deploy once devs made a package and the responsible ops if agreed did it at said time or rescheduled
12:40 salt-noob58 project manager was so happy, his reasoning of "lets deploy it on friday evening and if it breaks we'll find out by monday morning and devs can start fixing it first thing in the morning" worked
12:40 salt-noob58 sadly he was new ceo's schoolmate and we couldn't ruin his career over it
12:40 coredumb you're never too tired to tell a pm "Not gonna happen mate see ya on monday"
12:41 salt-noob58 you are if you're not on watch and if anything breaks not your problem
12:42 coredumb _especially_ if you're on watch you not gonna accept PM requests to change shit on prod a friday before leaving ...
12:44 salt-noob58 if you're on watch and someone else changes shit on prod and nobody tells you there's not much you can do except get a call and roll things back
12:44 onslack <mts-salt> depends if the next op on watch is going to kick your ass for doing it and leaving them with the mess to clean up
12:45 coredumb yeah if someone changes things in prod without op on watch knowing then something is certainly very wrong
12:45 salt-noob58 it's not as bad if you do it on friday, you dont see them for 2 days so the angry watch has time to cool down and not yell as much, and now there's two people to yell at so it gets further diluted
12:47 onslack <mts-salt> or they just leave something sticky on the culprit's seat for them to sit in on monday
12:47 onslack <mts-salt> or they just call you up and yell at you over the phone
12:48 onslack <mts-salt> it just doesn't end well
12:48 salt-noob58 of course it doesnt, but people still do it
12:48 coredumb not being on watch anymore certainly feels good
12:48 coredumb ^^
12:49 salt-noob58 you can see how upset i am about it from how i bring it up 5 years later. I'm probably more upset about a deploy on friday evening than i am about nothing in salt-ssh working as it should or as i want
12:49 salt-noob58 meh, being on watch for a weeks especially if nothing happens was a free +500 euro for no effort
12:50 coredumb yeah it's always about the money
12:50 salt-noob58 if it wasn't i would be at a job. Was unemployed for 5 months after a different bad company, was so awesome. Didnt need money but i thought i was supposed to have a job or something
12:51 salt-noob58 now i have to learn python and salt from scratch and do things that are abominations before choosing any applications to execute them
12:51 onslack <mts-salt> "didn't need money"... you sure you want to admit that? :)
12:51 linovia joined #salt
12:52 coredumb yesterday I did some ansible, and I've been impressed by how fsking slow this thing is :O
12:52 salt-noob58 i had savings to support a my current lifestyle for several years, no retirement or anything but long enough to become unhirable
12:52 salt-noob58 am i in danger of people asking for handouts?
12:52 salt-noob58 what about ansible was slow? play run time?
12:53 nahkiss joined #salt
12:53 onslack <mts-salt> more that your boss might take that into account in your next pay review :)
12:54 salt-noob58 people dont throw paycuts around in europe without lots of fear, they offered me more than i asked when hiring because their standard was bigger, and i dont really care if i dont get raises becasue i'm financially irresponsible like that
12:57 coredumb salt-noob58: https://github.com/olivier-mauras/ansible_vs_salt_speed_test
12:57 coredumb yep play run time
12:58 onslack <florian.benscheidt> Hey Guys, Ive got a quick question about running Salt with 'pure' python3. Release notes show me that Python3 support is in; but I can't find out how to tell salt to use python3 instead of python2.7
12:59 Grauwolf you probably need to change the destination of the /usr/bin/python symlink. but that might have other implications you might not want
12:59 salt-noob58 well the magic salt bus is supposed to be faster than ssh, i dont think salt-ssh retains the advantage. And i haven't had a nice enough salt formular to up+enter many times to compare. Ansible has been pretty much good enough without comparison
12:59 salt-noob58 unless yum is involved
12:59 salt-noob58 takes more than all the rest combined most of the time even theres nothing to update or install
13:00 salt-noob58 it's everything before pressint ENTER that's so much slower for me in salt
13:00 onslack <florian.benscheidt> Grauwolf, yeah i thought of that, but "is that it" ?  :P how hard will it break
13:00 coredumb salt-noob58: well this is local execution in both case
13:01 salt-noob58 in ansible you can do local differently, entirely possible to actually open ssh connection to localhost :)
13:01 Grauwolf florian.benscheidt: its more a question of what else depends on python2 on you system
13:01 onslack <gtmanfred> @florian.benscheidt you can pip install it, but oxygen will be the first release with distros packages
13:01 onslack <mts-salt> @gtmanfred i thought you were off until monday? :)
13:02 Grauwolf florian.benscheidt: also take what i say with a grain of salt *badum-tssssss* i'm not using salt with python3 yet
13:02 salt-noob58 is it possible to just install salt into a virtual env that only has python3?
13:02 salt-noob58 and not break system python that's relied on by kernel and os stuff?
13:02 onslack <gtmanfred> Yeah I shouldn't be on, just clearing messages before I mark everything as away
13:04 onslack <florian.benscheidt> Oxygen release date ?
13:06 onslack <florian.benscheidt> Grauwolf, it doesn't matter really, I just want to start a new master, on a new system, with running Salt (develop) with Python3.
13:06 onslack <florian.benscheidt> Thanks @gtmanfred ^^ ill make a pip install for my Vagrant archlinuxbox then ^^
13:06 salt-noob58 i recommend virtualenv, that's what it's for, running services/apps with a different default system python :)
13:07 onslack <florian.benscheidt> arch has python3  as default :]
13:09 salt-noob58 i've gotten (joke) suggestions to have salt-ssh spawn a subprocess that detaches itself so it lives on when salt-ssh exists, waits, and then deletes all the files that salt left behind
13:09 salt-noob58 to show how much friday it is im actually considering it
13:17 tcolvin joined #salt
13:21 Xaa_ joined #salt
13:24 Xaa_ left #salt
13:26 Cluepon joined #salt
13:27 Cluepon hi. is there some doc somewhere or someone who has a hint how to solve some interaction between salt2014 and salt2016? I run into an issue with pillar data using state.sls. And my initial testing told me I had to do saltmaster last
13:31 nku Cluepon: upgrade and run the same versions?
13:34 coredumb I guess you could go directly to 2017 now
13:34 Cluepon that's what I'm trying to do. but it's not a matter of just a few minutes, so I have to upgrade them piece by piece, and in the meantime people need to work on deploying new docker images, etc
13:35 Cluepon of course they should end up with the same version
13:35 nku how many machines do you need to upgrade?
13:35 Cluepon coredump: yeah, that should be easy, rewriting all kinds of docker stuff took a little, and the change to systemd, but after this upgrade things get easier
13:36 Cluepon I had some issues with upgrading the saltmaster machine first, but maybe I should start investigating that a little more to see if I can fix that
13:36 nku fwiw, i always try to perform upgardes with clusterssh. had it go wrong too often
13:39 Cluepon well, in this case, it's easier to upgrade with "delete VM, create VM"
13:44 Cluepon but I can't shutdown everything at once, as usual
13:45 edrocks joined #salt
13:47 exarkun anyone know of any efforts to build a kubernetes deployer/manager with saltstack?  I found https://github.com/jonlangemak/saltstackv3 but it seems half complete and maybe abandoned.
13:47 exarkun (also deploys k8s 1.5 so meh)
13:59 pualj joined #salt
14:00 babilen exarkun: k8s has abandoned theirs, look into kops, kubeadm, kubespray, ...
14:03 Hybrid joined #salt
14:04 onslack <tmacey> exarkun: I found this recently. I haven't tested it yet, but it appears promising https://k8s-salt.opsnotice.xyz/
14:05 onslack <mts-salt> we rolled our own salt-controlled kube
14:09 babilen open source! open source!
14:10 ebbex Can I have a list of something in a pillar, and install them with pkg.installed: - pkgs: [ item1, item2 ]?
14:11 babilen Sure
14:11 jsmith0012__ joined #salt
14:11 ebbex I'm trying to get something like this to work; https://pastebin.com/mXrKmqWw
14:11 babilen Your whitespace is all over the place there
14:12 ebbex I think it's just how pastebin picks the wrong font.
14:12 babilen I'd go with salt['pillar.get']('editors', [])|yaml
14:12 babilen Yeah .. pastebin.com is horrendous
14:13 onslack <mts-salt> apaste.info appears to be fairly clean in that regard
14:14 onslack <mts-salt> i like that i can expire it in a day
14:15 babilen I have http://paste.debian.net, https://gist.github.com, http://sprunge.us, … in my IRC abbrv -- might add apaste.info, doesn't look to bad
14:17 rjc ix.io?
14:19 onslack <tmacey> I tend to use http://dpaste.com/
14:29 onslack <florian.benscheidt> i personally prefer `pbpst`
14:37 tapoxi joined #salt
14:57 racooper joined #salt
15:10 cgiroua joined #salt
15:13 nixjdm joined #salt
15:19 DammitJim joined #salt
15:22 Jitu joined #salt
15:35 nixjdm joined #salt
15:39 sjorge joined #salt
16:10 vb29 joined #salt
16:13 aldevar1 joined #salt
16:17 miruoy joined #salt
16:25 BitBandit joined #salt
16:25 ecdhe joined #salt
16:44 Ricardo1000 joined #salt
16:50 oida joined #salt
16:52 xet7 joined #salt
17:00 nixjdm joined #salt
17:00 mavhq joined #salt
17:01 DammitJim guys, I know this might be overkill, but I just love using salt
17:01 DammitJim for a virtual environment with vbox
17:01 DammitJim do you guys normally have the host as the master or you have a vm that is the master?
17:02 DammitJim or do you run it masterless?
17:02 onslack <ryan.walder> i run a master in a seperate vm
17:02 onslack <ryan.walder> why give up all the fun of the messagebus?
17:03 jeffspeff joined #salt
17:05 aldevar1 left #salt
17:06 DammitJim who is ryan.walder ?
17:06 dlloyd thats a slack->irc bridge, he is the slack user
17:06 onslack <ryan.walder> that's a little philosophical...
17:06 onslack <ryan.walder> also thaty
17:08 onslack <mts-salt> there's a whole new world over here in slack... ;)
17:09 DammitJim oh gosh
17:11 onslack <mts-salt> the big thing is multiple channels and the richer content from slack like snippets and threads
17:11 onslack <mts-salt> saves having to use pastebin sites
17:13 onslack <mts-salt> https://m.xkcd.com/1782/
17:19 Lionel_Debroux_ joined #salt
17:20 ecdhe DammitJim: I run masterless for all my vbox vms.
17:20 DammitJim I guess I'll need to learn how to do that
17:20 DammitJim thanks
17:20 ecdhe DammitJim: it works pretty well, I think Lyft uses masterless even for their servers.
17:22 ecdhe For laptops and workstations that I own, I `git clone' my salt states into the home directory, then `mount --bind /home/user/salt  /srv/salt'
17:24 DammitJim ecdhe, so your /srv/salt is where you have git cloned your states?
17:24 ecdhe DammitJim: no, on *real* hardware, I clone the states into my home dir, then mount --bind  the repo at  /srv/salt
17:25 ecdhe That way I can update states from userland (salt-call still requires root)
17:25 onslack <mts-salt> does gitfs not work for masterless then?
17:26 ecdhe mts-salt: I've just not tried it.
17:26 ecdhe DammitJim: For VM with virtualbox, vagrant has *excellent* salt support.
17:26 onslack <ryan.walder> unless you have a minion preinstalled and want to use json to config
17:26 ecdhe It will bootstrap it and mount a local directory at /srv/salt and /srv/pillar
17:26 onslack <ryan.walder> had to submit a patch for that ;)
17:26 onslack <mts-salt> or you want a windows guest
17:27 onslack <ryan.walder> but who really **wants** a windows guest?
17:27 onslack <ryan.walder> ;)
17:27 onslack <mts-salt> well yes. but i'm forced to :)
17:29 DammitJim I still need to learn what vagrant can do for servers I run for years
17:31 ymasson joined #salt
17:31 onslack <ryan.walder> vagrant is supposed to be for short team dev machines...
17:31 onslack <ryan.walder> term*
17:32 DammitJim that's what I thought
17:32 ecdhe DammitJim: typically vagrant is a thin wrapper around vbox.
17:32 Lionel_Debroux_ joined #salt
17:32 onslack <ryan.walder> you'd need something like terraform for "prod" machines
17:33 DammitJim yikes
17:33 ecdhe Instead of `VBoxManage startvm ...', you type `vagrant up'.  But vagrant includes post-boot hooks that you can configure to install saltstack/chef/puppet, mount in config management files, and run the configuration management software.
17:34 ecdhe But for prototyping server configurations, there's nothing better!
17:34 onslack <ryan.walder> indeed
17:34 DammitJim yeah, that I've done
17:34 DammitJim but very basic
17:34 onslack <ryan.walder> which is why i spent far to long making my vagrant setup 100% yaml configured ;)
17:34 ecdhe ryan.walder: no Vagrantfile?
17:35 onslack <ryan.walder> yes, but it reads the config from yaml
17:35 onslack <ryan.walder> https://github.com/ryanwalder/saltstack-virtualbox-vagrant
17:35 onslack <ryan.walder> ignore the references to lxc
17:35 onslack <ryan.walder> I haven't updated the readme from my lxc version
17:35 ecdhe Neat!
17:37 onslack <ryan.walder> it's really goo with teams of people, you can just go. here is how you add a new machine, this is how it connects, this is how you run stuff. go forth and make things
17:37 onslack <ryan.walder> s/goo/good
17:38 ecdhe I never considered the possibility of DRY by loading pillar values into Vagrant.
17:38 onslack <ryan.walder> it also uses `file_roots` then `git_roots` so if you don't have the formula locally it'll grab it from salt
17:38 onslack <ryan.walder> but if you do have it locally it'll use that, perfect for local dev
17:40 onslack <ryan.walder> the only downside is if you change the minion/master config in the yaml you need to re-provison everything, but I tear it down at the end of each day so it's not too bad once you have your base
17:40 onslack <ryan.walder> anyhoo, off home for me. have a good one folks
17:56 edrocks joined #salt
18:01 cyteen joined #salt
18:03 pipps joined #salt
18:06 pipps joined #salt
18:11 _JZ_ joined #salt
18:23 tapoxi hey all, getting a rendering error with pillar
18:23 tapoxi thoughts on how to troubleshoot?
18:24 gabegundy joined #salt
18:25 dlloyd beyond checkingthe master log?
18:25 mikecmpbll joined #salt
18:28 tapoxi dlloyd: yeah
18:29 tapoxi dlloyd: I have the same configuration in two different blocks, they're formatted identically but only one is failing
18:30 gabegundy left #salt
18:31 salty-g joined #salt
18:32 salty-g left #salt
18:34 salty-g joined #salt
18:35 salty-g Hoping someone can point me in the right direction...  seein this message when running pillar.items for 2 of my dozen or so minions: Passed invalid arguments to pillar.items: can't serialize <built-in method read of file object at 0xb25b5e38>
18:36 salty-g I can run test.ping just fine.
18:37 salty-g salt '*' saltutil.sync_all
18:37 salty-g (haha, wrong window... been a long night/morning.)
18:38 zerocool_ joined #salt
18:40 DammitJim do you guys have a good tutorial for using saltgit?
18:40 DammitJim meaning... put your states in git
18:46 whytewolf ... git init; git add .; git commit -am 'init commit'; git add remote origin <url>; git push origin master
18:46 whytewolf you mean that?
18:47 whytewolf :P
18:48 pipps joined #salt
18:50 pipps99 joined #salt
18:51 pipps_ joined #salt
19:07 edrocks joined #salt
19:14 salty-g Just a bit more info on my "passed invalid args to pillar.items" problem. I do have a custom pillar that hits an API, but I just tested and it works for the minion in question.
19:15 salty-g I've cleared caches on both the master and the minion.
19:17 pipps joined #salt
19:27 Hybrid joined #salt
19:29 salty-g I'm trying to think, what's unique to that minion after clearing the cache? Also, the fact that I can run cmd.run and test.ping suggests the underlying keys/network/etc are working.
19:30 salty-g The pillar it the same for all minions except for a bit of custom pillar for each minion and that code is known to work when called by hand.
19:31 ct16k joined #salt
19:32 pualj joined #salt
19:32 DammitJim whytewolf, no, I meant more of an gitfs thing, I guess
19:33 pipps99 joined #salt
19:33 whytewolf so then https://docs.saltstack.com/en/latest/topics/tutorials/gitfs.html
19:42 Guest73 joined #salt
19:44 DammitJim thanks whytewolf
19:45 schasi What is the advantage of using gitfs?
19:45 ecdhe schasi: convenience
19:47 DammitJim it seems it will help if I'm running masterless
19:48 leev joined #salt
20:00 pipps joined #salt
20:02 pipps99 joined #salt
20:03 pipps_ joined #salt
20:09 pualj joined #salt
20:22 Edgan gitfs is good to avoid bad habits some people have of editing files directly on the the salt master. If get into salt environments it can be useful to tie branches to environments. You can only have one branch on disk at a time, but gitfs can read all the branches.
20:24 aldevar joined #salt
20:30 lordcirth_work Edgan, I don't think that's a bad habit in all cases.  It allows fast iteration
20:31 pipps99 joined #salt
20:43 pipps joined #salt
20:55 Edgan lordcirth_work: salt-ssh owns it for fast iteration.
20:56 Edgan lordcirth_work: You write and test your code with salt-ssh and then commit/push. Then you can mass deploy with master mode.
20:57 lordcirth_work I frequently have states that only apply to 1 system, so meh
20:57 Edgan lordcirth_work: Editing files on the salt master will often break the auto git pull cron job. It is ok at best for a one man show, but doesn't scale for a team.
20:57 lordcirth_work Well, at the moment I am mostly a one man team
20:58 Edgan It also makes it easy to forget to commit/push changes
20:58 Edgan lordcirth_work: You can get away with so many bad habits as a one man show. I know well having been one myself many times.
20:58 lordcirth_work Just using Salt is an order of magnitude improvement, so I am content
20:59 Edgan lordcirth_work: I will agree with you there.
21:08 pipps99 joined #salt
21:08 ct16k joined #salt
21:09 pipps_ joined #salt
21:10 pipps joined #salt
21:18 salty-g joined #salt
21:36 pipps99 joined #salt
21:40 oida joined #salt
21:40 salty-g If you happen to be following my issue, the strange thing is, Salt works great in every other way for all the other minions.
21:44 flexd joined #salt
21:44 pualj joined #salt
21:47 viq ryan.walder damn, that yaml vagrant is interesting
21:48 aldevar left #salt
22:04 SteamWells joined #salt
22:11 zulutango joined #salt
22:14 pipps joined #salt
22:17 Edgan ryan.walder: I have done that before. I prefer to use lxd for local development stuff. It is far lighter weight.
22:18 viq Edgan: how about vagrant-lxc? ;)
22:18 viq (and that's what ryan seems to be using)
22:19 pipps joined #salt
22:23 pipps joined #salt
22:25 pipps99 joined #salt
22:26 pipps99 joined #salt
22:26 Edgan joined #salt
22:27 pipps_ joined #salt
22:28 salty-g joined #salt
22:28 cgiroua joined #salt
22:29 pipps joined #salt
22:41 djural joined #salt
22:46 pualj joined #salt
22:46 yuhl joined #salt
22:47 irated joined #salt
22:48 viq joined #salt
22:51 nickadam joined #salt
22:52 futuredale joined #salt
22:53 Guest73 joined #salt
23:02 dragon788 joined #salt
23:05 irated joined #salt
23:06 K0HAX joined #salt
23:27 yidhra joined #salt
23:27 Guest73 joined #salt
23:34 Guest73 joined #salt
23:40 salty-g joined #salt
23:43 kiorky joined #salt
23:46 xet7_ joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary