Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2018-03-13

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:13 swa_work joined #salt
00:30 zerocoolback joined #salt
00:30 mikecmpbll joined #salt
00:36 scooby2 joined #salt
00:42 hemebond Who runs the Slack gateway/bridge thing for #saltstack?
01:01 zerocoolback joined #salt
01:15 MTecknology nobody does!
01:15 * MTecknology protects gtmanfred
01:15 hemebond Is it still working?
01:16 MTecknology The slack change won't impact the bridge.
01:16 hemebond I thought that might be the case.
01:16 hemebond I don't see the Slack user in here though. Is it still connected/running?
01:16 MTecknology I see it
01:18 MTecknology I won't open slack to test it..
01:42 lkthomas folks, if I want to test a subsection in init.sls file on a state, is it possible just call a specific ID/name instead of run the whole state ?
01:44 MTecknology yup
01:44 MTecknology I wish this were chef so I could troll and say it's called chef solo
01:44 lkthomas hmm ?
01:45 lkthomas sorry I never use CHEF before
01:45 MTecknology state.single, I think
01:45 MTecknology chef solo is similar in scope to masterless salt
01:46 lkthomas if you use CHEF, it's kind of show your age, LOL
01:48 lkthomas I will dig it up, thanks
01:52 MTecknology does it?
01:52 MTecknology I've used cobol and jcl.
02:05 lkthomas heh
02:05 lkthomas I just tested sls_id, it complain error
02:05 lkthomas No matching sls found for 'NetworkManager-dispatcher-arp-config' in env 'base'
02:05 lkthomas salt-call state.sls_id core.networking.abc01 NetworkManager-dispatcher-arp-config
02:11 MTecknology did you happen to look at the documentation?
02:16 lkthomas I did, state.single only utilize built-in function
02:17 lkthomas what I am trying to call is the ID within init.sls
02:17 MTecknology re-read the documentation
02:17 MTecknology https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.state.html#salt.modules.state.sls_id
02:18 sjorge joined #salt
02:19 lkthomas MTecknology, the command I executed is correct
02:19 MTecknology no, it's not
02:19 lkthomas so I have state called core.networking.abc01, within that state, I have ID named NetworkManager-dispatcher-arp-config
02:20 lkthomas sorry, I am failed to see where is the problem
02:20 MTecknology Then read, but pay attention to what you're reading...
02:26 shiranaihito joined #salt
02:29 lkthomas MTecknology, sorry, still have no clue, can you give me little hint please ?
02:30 hemebond lkthomas: id module ---- not module id
02:41 lkthomas hemebond, thanks, it seems work, but CLI example seems showing the other way around, or am I confusing myself ?
02:54 MTecknology 1) yes, you're confusing yourself with a slightly-confusing example 2) the function tells you right there what order things come in, without ambiquity.
02:54 lkthomas MTecknology, okay, stupid me (again)
02:54 MTecknology don't worry- you're learning better than a new co-worker of mine
02:54 MTecknology :)
02:54 lkthomas huh? don't you do it alone ?
02:56 ilbot3 joined #salt
02:56 Topic for #salt is now Welcome to #salt! <+> Latest Versions: 2016.11.9, 2017.7.4 <+> RC for 2018.3.0 is out, please test it! <+> Support: https://www.saltstack.com/support/ <+> Logs: http://irclog.perlgeek.de/salt/ <+> Paste: https://gist.github.com/ <+> See also: #salt-devel, #salt-offtopic, and https://saltstackcommunity.herokuapp.com (for slack) <+> We are volunteers and may not have immediate answers
02:58 lkthomas but those company wouldn't find you unless they have a super messy salt
02:58 lkthomas that makes my eyes hurt if I see that
03:07 MTecknology A consultant for the company I work for now was hanging out in here when I had a not-so-little rant about $previous_employer canceling my trip to the first saltconf. He asked if I wanted a change and I jumped on it.
03:08 justanotheruser joined #salt
03:10 justanotheruser joined #salt
03:13 MTecknology hm... does mine data not sync across syndics?
03:28 dmaphy joined #salt
03:35 MTecknology https://github.com/saltstack/salt/issues/21913  :(
03:35 MTecknology basepi: Why do you hate me? I shared DB is not all that realistic in this setup. :(
03:37 lkthomas that ticket is like 2 years ago
03:42 MTecknology I have a salt syndic in a few DC's that connect to a MoM in AWS, and I want all minions getting mine data for all nodes, but adding a DB backend is not a trivial task.
03:45 MTecknology It might be okay... it might be fine to only get data for that datacenter.
03:50 hemebond Is grain data synced?
03:52 MTecknology nope
03:53 MTecknology not across syndics
03:56 MTecknology I suppose redis wouldn't be a terribly difficult firewall to whitelist.
03:59 hemebond If you're using AWS then a Redis instance is pretty easy to use.
03:59 hemebond Or is it just the MoM (master of masters?) in AWS?
03:59 MTecknology yup
03:59 threwahway joined #salt
04:00 MTecknology might be just as easy to include redis on the master
04:03 dmaphy joined #salt
04:09 robawt joined #salt
04:17 theloceh1liosan joined #salt
05:40 thelocehiliosan joined #salt
05:49 mannefu joined #salt
06:05 Hybrid joined #salt
06:14 tuxawy joined #salt
06:14 sauvin_ joined #salt
06:17 tuxawy joined #salt
06:24 zulutango joined #salt
06:24 wongster80 joined #salt
06:38 aldevar joined #salt
06:41 masber joined #salt
06:45 jhauser joined #salt
06:52 threwahway joined #salt
06:59 inad922 joined #salt
07:19 aviau joined #salt
07:23 yuhl joined #salt
07:25 Tucky joined #salt
07:26 zerocoolback joined #salt
07:57 darioleidi joined #salt
08:00 nixjdm_ joined #salt
08:15 Hybrid joined #salt
08:16 cewood joined #salt
08:18 tuxawy joined #salt
08:29 Pjusur joined #salt
08:41 jrenner joined #salt
08:46 Ricardo1000 joined #salt
08:56 Deliant joined #salt
09:01 mikecmpbll joined #salt
09:03 ghimiryu joined #salt
09:04 ozux joined #salt
09:14 Naresh joined #salt
09:20 ingslovak joined #salt
09:24 aldevar joined #salt
09:24 Ricardo1000 joined #salt
09:31 Mattch joined #salt
09:31 tys101010 joined #salt
09:43 zerocoolback joined #salt
09:52 ghimiryu joined #salt
09:59 tuxawy joined #salt
10:02 inad922 joined #salt
10:09 hemebond left #salt
10:16 pbandark joined #salt
10:50 __lukecarrier__ joined #salt
10:56 inad922 joined #salt
10:58 cro joined #salt
10:59 CrummyGummy Hi
10:59 CrummyGummy I'm still having timing problems with the mysql formula
11:00 CrummyGummy I'm now trying to restart the service before applying the users
11:00 CrummyGummy How do I do this?
11:00 CrummyGummy I tried service.dead followed by service.running and it complained
11:02 CrummyGummy It looks a bit like this atm : https://gist.github.com/waynegemmell/f7fda05b54e81b463234a1ba704a4633
11:03 CrummyGummy Any idea how else I can make sure that mysql has restarted completely before accessing it?
11:06 Score_Under I think salt states are meant to be idempotent, so having one asking for the service to be dead and one asking for it to be running feels a bit wrong to me
11:06 Score_Under it feels like imperative code being shoehorned into a declarative language
11:07 babilen That's correct
11:07 Score_Under though, regarding timing, I don't think there's a reliable way to wait for it to start unfortunately
11:07 CrummyGummy state has init_delay , which is helpful but not bullet proof
11:07 babilen CrummyGummy: What's the actual issue you are trying to address?
11:08 babilen We're using mysql-formula with some changes for stretch/mariadb and the user states are working fine
11:08 babilen (relies on socker authentication in stretch and sets a password in earlier releases)
11:08 babilen *socket
11:09 CrummyGummy babilen: When I run that top file I posted I get access denied exceptions when creating the user on the first run. When I run it a second time it executes successfully
11:09 CrummyGummy If I run it in a container it works first time.
11:10 CrummyGummy It looks like mysql hasn't started up before the users are added. Not sure though
11:10 aldevar joined #salt
11:10 CrummyGummy It's just driving me nuts that it works in testing but not live.
11:12 babilen Which distribution is that? And where do those states come from. I don't think that there's a "mysql.rootuser" nor a "mysql.*slave" state in the mysql-formula
11:19 CrummyGummy 1 sec, let me update the gist
11:19 CrummyGummy it isn't complete
11:22 CrummyGummy babilen: I've added the rootuser. The *slave stuff isn't that relevant because mysql.user doesn't complete
11:22 copec joined #salt
11:23 CrummyGummy It's a bit of a mess because I've battled so much to get this to work.
11:24 CrummyGummy I even had a 30s sleep in there somewhere but I don't know if that executed.
11:24 hammer065 joined #salt
11:27 xet7 joined #salt
11:32 RF_ joined #salt
11:32 babilen CrummyGummy: The formula sets the root user password
11:33 babilen And newer releases rely on unix socket authentication
11:33 babilen So you don't have to deal with root user passwords at all
11:33 babilen One thing the formula can not do is change the root user password
11:35 CrummyGummy It's running on ubuntu
11:36 CrummyGummy babilen: I have the root password defined. It's the same for all instances of the root user.
11:36 CrummyGummy and if I run this a second time it works perfectly
11:36 babilen Which Ubuntu release?
11:37 CrummyGummy Xenial
11:37 CrummyGummy This is the error
11:37 CrummyGummy InternalError: (1130, u"Host '127.0.0.1' is not allowed to connect to this MySQL server")
11:37 CrummyGummy that doesn't even seem like an auth error
11:37 babilen What happens if you just use the mysql-formula without your changes?
11:37 CrummyGummy that's why I figured the server wasn't up.
11:38 babilen It could also very well be the case that Xenial is using unix socket authentication also
11:38 CrummyGummy OK, I'll try use it with no changes at all
11:39 Hybrid joined #salt
11:41 Heartsbane joined #salt
11:41 Heartsbane joined #salt
11:43 babilen I have the following for stretch: http://paste.debian.net/1014473/ -- Please note line 66 to 78
11:45 babilen (That obviously needs tests for oscodename also if you plan to use it with Ubuntu et al)
11:46 CrummyGummy babilen: Tested without my changes. Same issue.
11:48 babilen Could you check if Xenial uses unix socket authentication and if the above change makes a difference? Please note that you *do not* want to use/set a root password in this case.
11:48 CrummyGummy babilen: will do
11:48 FL1SK joined #salt
11:49 babilen The problem here is that you have to work around having a method to authenticate that's valid before and after you change exactly that method
11:49 babilen So you define a root password that is being used to authenticate to set itself
11:50 babilen unix socket authentication just allows users that have local access to speak to the mysql server
11:51 babilen That way you don't have to manage a root password with Salt at all as the locally running salt-minion can always authenticate
11:51 stankmack joined #salt
11:51 babilen The formula (and the Debian packages) work around this by setting up a root account based on information in debconf
11:51 babilen That works *once* during the installation
11:51 dp_ left #salt
11:52 _dp joined #salt
11:52 babilen That's all assuming that Ubuntu haven't done something crazy and that your issue is indeed related to socket authentication
11:55 CrummyGummy I found this comment
11:56 CrummyGummy If you install 5.7 and don’t provide a password to the root user, it will use the auth_socket plugin. That plugin doesn’t care and doesn’t need a password. It just checks if the user is connecting using a UNIX socket and then compares the username.
11:56 CrummyGummy If you install 5.7 and don’t provide a password to the root user, it will use the auth_socket plugin. That plugin doesn’t care and doesn’t need a password. It just checks if the user is connecting using a UNIX socket and then compares the username.
11:56 CrummyGummy If you install 5.7 and don’t provide a password to the root user, it will use the auth_socket plugin. That plugin doesn’t care and doesn’t need a password. It just checks if the user is connecting using a UNIX socket and then compares the username.
11:56 CrummyGummy If you install 5.7 and don’t provide a password to the root user, it will use the auth_socket plugin. That plugin doesn’t care and doesn’t need a password. It just checks if the user is connecting using a UNIX socket and then compares the username.
11:56 CrummyGummy oooh
11:56 CrummyGummy sorry
11:58 babilen Yeah, that's exactly it
11:58 babilen Where did you find this comment?
12:00 CrummyGummy https://askubuntu.com/questions/766334/cant-login-as-mysql-user-root-from-normal-user-account-in-ubuntu-16-04
12:02 RF__ joined #salt
12:05 babilen So, just comment/remove/conditionally apply the debconf state and don't set a password and you should be good
12:05 thelocehiliosan joined #salt
12:07 CrummyGummy babilen: Thanks, will check it out.
12:14 Nahual joined #salt
12:49 toastedpenguin joined #salt
12:51 thelocehiliosan joined #salt
13:06 yuhl joined #salt
13:11 zerocool_ joined #salt
13:11 edrocks joined #salt
13:21 aldevar joined #salt
13:21 thelocehiliosan joined #salt
13:23 aldevar left #salt
13:26 Kelsar joined #salt
13:26 aldevar joined #salt
13:55 racooper joined #salt
13:56 babilen CrummyGummy: Did that work?
14:11 DammitJim joined #salt
14:13 cgiroua joined #salt
14:14 Guest73 joined #salt
14:38 edrocks joined #salt
14:42 MajObviousman joined #salt
14:43 aldevar left #salt
14:48 CrummyGummy babilen: I got called off to sort something else out. I'll check it out in a bit
14:48 elektrix joined #salt
14:52 jxss joined #salt
14:52 lordcirth_work Anyone got good guides for small-team Salt workflows?
14:54 lordcirth_work testing, change-management, etc?
14:57 elektrix joined #salt
14:59 jxs1 hey, I just tried salt2018 and 'importlib' seems to behave different from 'imp' when importing modules within modules.. Are there new limitations?
15:00 jxs1 or could someone point me to proper examples/docs on how to do that the right way
15:00 jxs1 ?
15:07 lordcirth_work Also, what's the correct way to set Salt to automatically run state.apply?
15:14 yuhl joined #salt
15:19 elektrix joined #salt
15:22 XenophonF cron
15:23 jxs1 or a reactor
15:23 XenophonF the Salt scheduler
15:23 XenophonF webhook sending an event triggering a reactor
15:24 XenophonF it really depends on your needs
15:25 XenophonF which reminds me - I need to get salt-api working again so I can get GitHub webhooks working again
15:31 tiwula joined #salt
15:31 MTecknology I have my own api server sitting in DO that receives github hooks and then uses a wrapper to the event module that sends an event up to the master.
15:31 lordcirth_work I'm totally fine with doing it in cron, just wanted to make sure that I wasn't hacking around a perfectly good Salt feature
15:32 MTecknology I like that because it lets me keep my master locked away in a private network, but it has obvious flaws.
15:32 lordcirth_work So, I'm considering automatically running state.apply test=True for few weeks and see how that goes, whether it would have broken something, etc
15:32 lordcirth_work Maybe I should do some hackery with json + jq to process results
15:33 mikecmpb_ joined #salt
15:34 evle2 joined #salt
15:34 RF__ I have finally solved my issue from yesterday with a custom state. I misundood what msmisth and others said. I thought everyone was asking me to use #py which didn't really help since it's generated at the parsing time. So I had to go back to re-read everyone's comments and realized I needed a custom state in _state which would make total sense since it's the only way to gurantee I could get the most
15:34 RF__ up-to-date metadata at the runtime.
15:34 RF__ I wanted to thank everyone who helped me yesterday.
15:36 schemanic joined #salt
15:45 ksa joined #salt
15:46 masuberu joined #salt
15:51 exarkun joined #salt
15:55 XenophonF MTecknology: salt-api has its own flaws so that wrapper sounds pretty sensible to me :-/
15:56 XenophonF the biggest being the lack of support for external auth
15:59 XenophonF not eauth i mean REMOTE_USER or better yet a configurable environment variable/permissions grant mapping
16:06 thelocehiliosan joined #salt
16:15 mikecmpbll joined #salt
16:17 pf_moore joined #salt
16:23 MTecknology lordcirth_work: wouldn't that be a good job for a returner? to file results for later review.
16:28 Guest73 joined #salt
16:32 sayyid9000 joined #salt
16:42 lordcirth_work MTecknology, probably, just never used them before
16:53 jpsharp /win 3
16:56 dkehn joined #salt
16:56 denstark joined #salt
17:06 bd joined #salt
17:12 evle3 joined #salt
17:13 aldevar joined #salt
17:16 uve joined #salt
17:20 druonysus joined #salt
17:20 druonysus joined #salt
17:22 uve left #salt
17:23 edrocks joined #salt
17:24 tuxawy joined #salt
17:28 DammitJim joined #salt
17:31 exarkun joined #salt
17:47 dezertol joined #salt
17:48 mikecmpbll joined #salt
17:54 BitBandit joined #salt
17:54 ddg joined #salt
18:05 ecdhe joined #salt
18:05 evle4 joined #salt
18:10 Guest73 joined #salt
18:15 cewood joined #salt
18:31 sarlalian joined #salt
18:51 ckonstanski joined #salt
18:56 ckonstanski I have an issue with trying to run several salt builds in parallel on a jenkins slave. Each build is in a different directory. Until now I have been running builds one at a time. I change the /srv/salt, /srv/pillar and /srv/bootstrap symlinks to point to the new build directories. The problem is that I cannot run two or more builds in parallel because the symlinks can only be valid for one build at a time. (In jenkins each job gets its
18:56 ckonstanski own workspace under /var/lib/jenkins/workspaces/)
18:56 ckonstanski Is there an alternate way to tell salt where these three directories are to be found that can be configured at runtime?
18:57 ckonstanski So that several concurrent salt runs can each have their own directories?
18:57 dezertol salt master.. but it requires restarting it
18:57 dezertol config
18:57 ckonstanski That's not runtime.
18:58 zer0def joined #salt
18:58 dezertol have you tried using diffent file roots and pillar roots for each one?
18:58 ckonstanski Can I have multiple salt master configs and have each salt run use a different config file? Is there a way to run salt master without it being a daemon?
18:59 ckonstanski I don't understand your question...
18:59 ckonstanski Each of my jenkins jobs has its own file and pillar roots. My qestion is how to get salt to understand this.
19:00 dezertol so in the master config file you can do
19:00 dezertol file_roots:
19:00 dezertol and do base: and dev: and qa: etc..
19:01 dezertol you can have one for each env or project or whatever
19:01 dezertol same for pillar_roots
19:01 dezertol then you just build with the env=dev
19:01 ckonstanski OK that's good. I can work with that. Let me explore this.
19:01 dezertol on the line and it will use that root
19:01 ckonstanski Thanks!
19:01 dezertol good luck
19:05 MTecknology ckonstanski: Every salt master has completely unique data that doesn't overlap and you want your salt masters to not run as daemons so that no minions can connect?
19:06 jholtom joined #salt
19:07 ckonstanski If the above suggestion re: envs in the pillar and files config doesn't work. But I think it will.
19:31 Guest73 joined #salt
19:35 yuhl joined #salt
19:35 wongster80 joined #salt
19:38 yuhl_ joined #salt
19:44 whytewolf ckonstanski: honestly it sounds like what you want is to take the master out of the picture and just use masterless
19:46 ckonstanski As I get into the weeds of this problem I find myself agreeing. Jenkins does lame things which complicate the issue. For instance if it's running a 2nd or 3rd concurrent job it tacks a "@2" or "@3" onto the workspace director name. I guess I could make envs for all of these but it's getting kinda ridiculous.
19:51 MTecknology whytewolf: that's what I was wondering, but I couldn't figure out what their end-goal actually was.
19:53 whytewolf yeah. honestly as long as you are not testing complicated orchestration or using mine. then a masterless route would be the quickest way
20:05 Guest73 joined #salt
20:12 keldwud joined #salt
20:12 keldwud joined #salt
20:13 Miuku Cool. LE Wildcards are live. I'm gonna salt them so hard it hurts.
20:22 Edgan Miuku: yeah, FINALLY
20:25 Trauma joined #salt
20:26 edrocks joined #salt
20:27 inad922 joined #salt
20:29 inad922 joined #salt
20:31 keldwud left #salt
20:32 yuhl joined #salt
20:34 pbandark joined #salt
20:47 inad922 joined #salt
21:04 hemebond joined #salt
21:14 MTecknology omg... I was just reading the mine docs hoping to find something about mine function aliases and it's right there, and trivial. This was a good day! :D
21:23 basepi joined #salt
21:27 druonysus joined #salt
21:34 thelocehiliosan joined #salt
21:38 mikecmpbll joined #salt
21:46 aldevar left #salt
22:01 theloceh1liosan joined #salt
22:27 Guest73 joined #salt
22:31 Guest73 joined #salt
22:31 exarkun joined #salt
22:41 Guest73 joined #salt
22:52 Guest73 joined #salt
22:54 masber joined #salt
22:59 ymasson joined #salt
23:01 Guest73 joined #salt
23:18 mavhq joined #salt
23:20 thelocehiliosan joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary