Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2018-04-03

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:02 rollniak__ joined #salt
00:24 hooksie1 joined #salt
00:37 dobby1 joined #salt
00:59 zerocoolback joined #salt
01:54 shiranaihito joined #salt
01:55 ilbot3 joined #salt
01:55 Topic for #salt is now Welcome to #salt! <+> Latest Versions: 2016.11.9, 2017.7.4 <+> RC for 2018.3.0 is out, please test it! <+> Support: https://www.saltstack.com/support/ <+> Logs: http://irclog.perlgeek.de/salt/ <+> Paste: https://gist.github.com/ <+> See also: #salt-devel, #salt-offtopic, and https://saltstackcommunity.herokuapp.com (for slack) <+> We are volunteers and may not have immediate answers
02:11 noobiedubie joined #salt
03:51 evle joined #salt
04:10 schemanic joined #salt
04:11 schemanic Hi. I got a render error when I tried to import a dict with a hyphen in it. is that really not allowed?
04:23 evle joined #salt
04:27 rburkholder joined #salt
04:29 tiwula joined #salt
04:56 dograt joined #salt
05:00 hemebond schemanic: Where was the hyphen? The key or the value?
05:00 hemebond Have you pasted a sample somewhere?
05:25 sauvin joined #salt
05:29 sauvin joined #salt
05:32 xet7 joined #salt
05:40 dynamicudpate joined #salt
06:01 colttt joined #salt
06:09 tyx joined #salt
06:19 LeProvokateur joined #salt
06:21 tyx joined #salt
06:26 jrenner joined #salt
06:29 oida joined #salt
06:30 aviau joined #salt
06:55 eekrano joined #salt
06:58 cewood joined #salt
06:59 Pjusur joined #salt
07:00 LeProvokateur joined #salt
07:04 aldevar joined #salt
07:19 Ricardo1000 joined #salt
07:19 aviau joined #salt
07:26 darioleidi joined #salt
07:27 av_ joined #salt
07:29 Hybrid joined #salt
07:35 Tucky joined #salt
07:44 dobby2 joined #salt
07:46 indistylo joined #salt
08:05 sauvin joined #salt
08:15 uncool joined #salt
08:17 sauvin joined #salt
08:22 cewood joined #salt
08:23 Cadmus joined #salt
08:31 DanyC joined #salt
08:40 dobby2 joined #salt
08:48 Sergey joined #salt
09:06 Felgar joined #salt
09:08 sjorge joined #salt
09:20 nielsk joined #salt
09:22 dao joined #salt
09:56 zulutango joined #salt
10:04 pf_moore joined #salt
10:06 zulutango joined #salt
10:07 Ricardo1000 joined #salt
10:07 aruns__ joined #salt
10:17 tys101010 joined #salt
10:32 FL1SK joined #salt
10:37 dobby2 joined #salt
10:42 Ricardo1000 joined #salt
10:50 indistylo joined #salt
10:56 darioleidi joined #salt
11:00 dobby2 joined #salt
11:04 indistylo joined #salt
11:36 evle joined #salt
11:37 xet7 joined #salt
11:42 xet7_ joined #salt
11:43 thelocehiliosan joined #salt
11:57 aruns joined #salt
12:14 thelocehiliosan joined #salt
12:18 CrummyGummy joined #salt
12:29 aruns joined #salt
12:35 Kelsar joined #salt
12:39 mchlumsky joined #salt
12:46 aruns joined #salt
12:47 schemanic joined #salt
12:52 mchlumsky joined #salt
12:59 schemanic joined #salt
13:04 indistylo joined #salt
13:06 gh34 joined #salt
13:17 racooper joined #salt
13:26 dkehn joined #salt
13:28 thelocehiliosan joined #salt
13:36 tom[] joined #salt
13:43 exarkun What's this error from pkgrepo.managed trying to tell me?  Comment: Failed to configure repo 'deb [arch=amd64] https://download.docker.com/linux/debian stretch stable': [Errno 2] No such file or directory: '/etc/apt/source.list.d/docker.list'
13:44 exarkun I know the file doesn't exist.  Isn't pkgrepo.managed supposed to create it?
13:44 dobby2 joined #salt
13:44 dlloyd isn't it generally /etc/sources.list.d/ ? plural sources
13:45 dlloyd er /etc/apt/sources.list.d/
13:45 exarkun bleh yes
13:45 exarkun thanks
13:47 oida joined #salt
14:00 cgiroua joined #salt
14:02 theloceh1liosan joined #salt
14:02 schemanic hey hemebond, It was in the key itself. I changed it to underscore and it seemed to work
14:11 Durkee Good morning.  Has anyone found a good resource (besides saltstack docs) that explains how to use states, pillars, grains, etc?  I'm having trouble understanding this.  Thanks for any advise.
14:11 babilen Our brains
14:12 babilen Do you have any particular questions?
14:12 noobiedubie joined #salt
14:13 schemanic Good morning. having trouble with my state. I can't get the config to run after the installation, and my require statement in the config seems to break salt. It just hangs and goes nowhere.
14:13 schemanic https://ghostbin.com/paste/thgvk
14:15 noobiedubie seems like you don't need the require_in directive
14:15 schemanic noobiedubie, I want tomcat to restart if there's a change in the config file
14:15 noobiedubie since you already have the watch_in
14:16 exarkun If there is any https repo source list configured and apt-transport-https is installed, it seems that pkg.installed cannot be resolved successfully - including to install apt-transport-https.  What do people think about this?
14:16 noobiedubie yeah watch_in will take care of that for you as well
14:17 noobiedubie seems like the require_in watch_in combo might be causing a endless loop of sorts just my guess
14:17 schemanic noobiedubie, but last night while I was working on this it was the addition of the require: - archive statement that caused it to hang
14:18 noobiedubie can you try running just that sls id netuitive_zorka_installed in your file and see if it runs or fails?
14:18 noobiedubie you can do
14:19 noobiedubie salt 'yourminion' state.sls_id netuitive_zorka_installed nameoftheslsfile
14:19 schemanic sure just a moment
14:20 Durkee @babilen...Too early in the morning for snarky comments, so feel free to GFY.  I'm sure you woke up one morning knowing all things Salt.
14:22 noobiedubie schemanic: if it fails or hangs kill it and run it again with the -l debug which should be more verbose about the underlying issue
14:23 babilen Durkee: All I meant was: This channel is an incredible resource, but its hard to give an overview of "everything"
14:23 DanyC joined #salt
14:23 babilen Durkee: There are some books, but for me the thing that helped me "grok" everything was the best practices and formula documentation
14:24 DanyC joined #salt
14:24 msmith joined #salt
14:24 babilen So, if you happen to have more specific questions feel free. Are you mostly looking for links? Books? Someone to provide an overview of how it fits together?
14:25 msmith fyi i'm not the only person who thinks formulas are the figurative deep-end for salt
14:26 msmith the walkthrough is what i usually recommend as a beginner's starting point, followed by actually trying things and asking specific questions
14:27 noobiedubie so about those specific questions
14:27 noobiedubie anyone have a good way of grabbing an up to date list of KB's for windows update since the old win_wua module with categories has been deprecated?
14:28 babilen msmith: Can you think of better patterns to support the same state on multiple distributions and their versions? I find the whole data organisation in pillars, defaults.yaml + other .yaml maps and merging in map.jinja to be quite nice
14:28 schemanic noobiedubie, how do I kill it?
14:28 schemanic with salt '*' saltutil.kill_job?
14:29 noobiedubie depends how you ran it you can just ctrl c
14:29 msmith oh i'm not saying never to use formulas, just that it's quite a steep learning curve for a beginner, and can perhaps narrow the options available. for an experienced salter formulas have a definite place
14:29 noobiedubie if you set it as a background job you can kill it with the jid
14:31 schemanic do I have to call out init.sls when doing what you've asked?
14:31 msmith Durkee: the docs really are the best starting point. have you read https://docs.saltstack.com/en/latest/topics/tutorials/walkthrough.html ?
14:32 schemanic because the command isn't running
14:32 schemanic oh
14:32 schemanic because I'm calling state.apply
14:33 schemanic joined #salt
14:33 schemanic sorry. got bounced
14:34 schemanic so noobiedubie that state ran just fine
14:36 noobiedubie schemanic: then that's not where it's hanging
14:37 noobiedubie schemanic: try running your state without the require_in
14:39 schemanic yeah. I've removed that.
14:42 deuscapturus joined #salt
14:46 schemanic noobiedubie, check out my update. These states arent running in order at all
14:46 schemanic https://ghostbin.com/paste/thgvk
14:48 aruns joined #salt
14:48 kuromagi joined #salt
14:48 Rubin joined #salt
14:48 demize joined #salt
14:48 bigjazzsound joined #salt
14:49 nixjdm joined #salt
14:50 linovia_ left #salt
14:50 schemanic anyone?
15:15 frew joined #salt
15:19 tiwula joined #salt
15:25 DanyC joined #salt
15:25 KyleG joined #salt
15:25 KyleG joined #salt
15:29 noobiedubie joined #salt
15:30 noobiedubie you simply don't have the parent directory
15:30 noobiedubie just add makedirs: True to your netuitive_zorka_config file.managed state
15:31 noobiedubie everything should be fine after that state wise
15:31 noobiedubie let me know
15:32 Edgan @gtmanfred I see 2018.3.0 on github, but not tagged as the latest release. Is it out, not out, or a grey in between?
15:34 Edgan Durkee: There are books, but even the books suck. Have you used any other configuration management tool before?
15:47 dezertol joined #salt
15:54 shoogz- joined #salt
15:59 onslack joined #salt
16:15 Durkee Edgan: I've used Red Hat Satellite, but it was costly and still relies on Puppet.  With Salt, I've used cmd.run and some modules w/o issue, but I want to understand the structure/logic of states. It says the first line, called the ID declaration, is an arbitrary identifier...but then go on to say "In this case it defines the name of the package to be installed."  Seems contradictory.
16:15 Edgan Durkee: Do you understand puppet?
16:17 gtmanfred Edgan: literally releasing now
16:17 Topic for #salt is now Welcome to #salt! <+> Latest Versions: 2017.7.5, 2018.3.0 <+> Support: https://www.saltstack.com/support/ <+> Logs: http://irclog.perlgeek.de/salt/ <+> Paste: https://gist.github.com/ <+> See also: #salt-devel, #salt-offtopic, and https://saltstackcommunity.herokuapp.com (for slack) <+> We are volunteers and may not have immediate answers
16:18 Miuku New Salt you say. Time to package!
16:18 msmith Durkee: strangely, it's both. mostly we recommend against using id for a parameter to avoid precisely this confusion
16:21 Edgan gtmanfred: :)
16:21 Cadmus Today seemed like a good day for a "salt '*' pkg.upgrade", sadly this means all the technical debt in my statements has come home to roost at once :'(
16:21 Edgan msmith: ?
16:25 Edgan msmith: nm
16:26 Edgan Durkee: https://pastebin.com/ykkuxJ4C   The id is the label for the "state" you are defining in an sls file, "state". Yes, the terms are overloaded.
16:26 Edgan Durkee: They have to be unique, because they are used for dependecy management
16:26 Edgan Durkee: You can have the name be whatever it needs to be, but the id needs to be unique.
16:27 mpanetta joined #salt
16:28 Durkee Edgan: I don't know Puppet, as we did away with Satellite shortly after implementing.
16:29 babilen Durkee: I tend to give ids that are fairly clear (nginx_pkg, nginx_conf, ...) and then use the - name: attribute to specify the name of the package/file name/...
16:29 Miuku Satellite is fun. I spent 2 weeks fixing one installation that was so completely fubar that it completely prevented all patch installations and was pretty much horror show.
16:30 babilen Found that relying on ID == name == ID tends to be unclear and might even cause problems
16:30 Edgan Durkee: https://pastebin.com/01dnTvGt
16:32 Edgan The reason you don't want names to equal ids is that occasionally you will need to different states/formulas to operate on the same file, but they can't if the ids aren't different in both places.
16:32 Edgan For even more fun, the output gives you names not ids :\
16:33 Edgan Say if you were appending to a file
16:34 Edgan The first formula adds one line, and another adds another line, but both want to modify the same filename
16:34 Edgan Not that I advocate for appending or not having one thing be authorative over one file, but some times you have no choice.
16:36 Durkee msmith: In the tuturial (https://docs.saltstack.com/en/latest/topics/tutorials/states_pt1.html), they specify apache in the ID declaration as the package to install.  If it's not best practice to specify the package name there, where does one do that?
16:36 Edgan Durkee: Here are 1.0 version of the terms. Pillars are cofiguration variables. States/Formulas are code to do things. Grains are facts like ip, mac address, and number of cores.
16:37 Edgan Durkee: See my pastebin above, I give you three examples
16:37 babilen You are typically after the "- name" attribute
16:38 Edgan Durkee: My examples are files, but same is true for pkgs.
16:39 Edgan Durkee: Package are so straight forward that I have a macro that I reuse everywhere, and then keep a list of the packages for that state/formula in the map.jinja
16:40 Durkee Edgan: Ok, thanks for clarifying the same is true for pkgs...makes sense.
16:42 Edgan Durkee: https://pastebin.com/238FUiTv
16:44 Edgan Durkee: Here is a list of all the base states, like file or pkg, https://docs.saltstack.com/en/latest/ref/states/all/
16:45 Edgan Durkee: In most cases you use user(optional), pkg, file, and service. In that order.
16:46 Edgan Durkee: I like to have salt create the user instead of the pkg, even if the pkg will do it, for consistentcy. You can make sure that say apache is always the same uid:gid on all systems. Which can then make things like NFS happy, later.
16:46 elektrix joined #salt
16:47 Edgan Durkee: Modules are like States, but just do stuff. Unlike States that check to see if it is already correct, and then do nothing if it is
16:47 Edgan Durkee: Generally like named States are based directly on the like named Modules.
16:48 Edgan Durkee: The state is just a wrapper with checking the state.
16:48 onslack <msmith> we were wrong, someone IS going to go into every single detail ;)
16:49 Edgan msmith: I have been told I should write a book.
16:49 onslack <msmith> or a blog, which you can update as salt does
16:49 dezertol joined #salt
16:50 Edgan No, for this type of just getting started a book would be better. Though a book could just be some web pages like the docs.
16:50 Edgan Even better would be a class. The learning curve is steep, and people need encouragement.
16:55 dh joined #salt
16:55 RF_ joined #salt
16:58 deuscapturus joined #salt
16:58 Durkee Thanks for that info.  I'll keep playing around with this and hopefully it'll start making more sense :)
16:58 deuscapturus joined #salt
16:58 Edgan Durkee: Here is a template for an advanced formula that tries to be more best practice, https://cygnusx-1.org/formula.txt
17:00 RF_ Could someone kindly let me know how I should handle the multi line value in pillar? This doesn't look right: https://pastebin.com/t96LK0JS
17:00 deuscapturus joined #salt
17:00 RF_ The result is not what I expected. It somehow merged all of the lines together intead of keeping the original format
17:02 Edgan RF_: https://pastebin.com/02Z0f29P
17:02 Edgan RF_: I think you want contents_pillar
17:02 onslack <msmith> try `contents_pillar` instead
17:02 onslack <msmith> the problem is in the jinja render, not the pillar declaraton
17:03 RF_ Edgan: thank you! I will try that.
17:03 RF_ msmith: thank you!
17:04 Durkee left #salt
17:10 RF_ contents_pillar worked. Thank you again!
17:18 noobiedubie joined #salt
17:19 redkrieg joined #salt
17:20 redkrieg Hi all, I've just upgraded my master and minions to 2018.3.0 and I'm getting this error: State 'pkgrepo.managed' was not found in SLS 'nodestate.repos'
17:20 redkrieg everything worked fine before
17:21 redkrieg Reason: 'pkgrepo' __virtual__ returned False
17:21 redkrieg does anyone have any tips on where to look first?
17:22 Edgan redkrieg: Give us a literal pastebin copy of nodestate.repos
17:23 redkrieg Edgan: https://pastebin.com/90Zd5thZ
17:23 redkrieg thanks for taking a look
17:24 Edgan redkrieg: https://irclog.perlgeek.de/salt/2015-11-14/text Look at the end, like problem from 2015
17:24 Edgan redkrieg: so this is yum instead of apt, but do you have the right python module installed for pkgrepo to work?
17:26 redkrieg it worked fine in 2017.7.5 last week on my boxes
17:26 redkrieg no changes to my states
17:26 redkrieg so...  I used to
17:27 redkrieg there are no additions to the release notes that I can see related to new requirements: https://docs.saltstack.com/en/latest/topics/releases/2018.3.0.html
17:27 ponyofdeath joined #salt
17:27 redkrieg and the docs for pkgrepo only mention ubuntu/debian having specific requirements (python-software-properties)
17:27 Edgan redkrieg: But maybe the salt dependecy changes
17:28 redkrieg I appreciate that that can happen, but there is not documentation of any change
17:28 Edgan redkrieg: yeah, but it is what we need to figure out
17:34 Edgan redkrieg: You doing anything funny like virtualenving salt?
17:34 Edgan redkrieg: if not, pip list | grep -i yum
17:34 redkrieg no, it's installed from the salt repo directly and is system wide
17:34 redkrieg no pip
17:36 Edgan redkrieg: ok, python  and then try import yum
17:37 redkrieg was there a change to the packaging that installs a custom python2.7 with 2018?  Looks like the 2.6 installation in place is fine but the 2.7 installation does not include the yum module
17:37 Edgan Looking, but that would explain it
17:38 redkrieg From repo   : salt-latest
17:38 redkrieg yep, that's it
17:39 Edgan redkrieg: yeah, looks like they explicitly expect python27 now
17:39 redkrieg there is not a python27-yum package in salt-latest but it should be required
17:39 redkrieg so pkg is completely broken with 2018 on rhel6
17:40 Edgan redkrieg: File an issue on github
17:40 redkrieg doing so.  going to try installing their python27-pip package and seeing if I can get yum that way
17:40 Edgan redkrieg: This isn't the first time I have seen CentOS issues. 2017.7 had conflicts between the salt repo and the official repos
17:41 redkrieg yeah I had to play with some excludes for that one too (you can see them in the pastebin)
17:43 Edgan redkrieg: on el7 the python module is in the yum package
17:43 Edgan redkrieg: The probably probably is that el6 yum has 2.6 not 2.7
17:43 redkrieg that is correct
17:44 redkrieg unfortunately I still need to manage el6 hosts
17:46 noobiedubie joined #salt
17:47 redkrieg can't find any pip candidate that provides yum.  going to try symlinking in the module from the 2.6 folder
17:47 Edgan redkrieg: I recommend making a python27-yum rpm with fpm
17:47 Edgan redkrieg: Though because it lives in the yum package, it may not be in pypy. :(
17:48 redkrieg I'm probably just going to symlink if this works and open a github issue for a properly packaged version in the salt-latest repo
17:50 noobiedubie anyone have a good way to manage windows updates with the wua.installed state
17:51 Edgan redkrieg: Please report if the symlink works
17:51 redkrieg will do
17:54 nixjdm joined #salt
17:54 carlwgeorge 1. don't replace the stock yum package with a python27-yum package (if it exists)
17:54 carlwgeorge 2. don't create a python27-yum package
17:55 carlwgeorge 3. don't use fpm
17:55 carlwgeorge 4. don't symlink stuff between py2.6 and py2.7 site-packages
17:55 noobiedubie ^^^^^
17:56 Edgan carlwgeorge: What is your recommendation? You are giving nots, not dos.
17:56 redkrieg I agree strongly on 1 and 3
17:56 carlwgeorge i don't have an answer, but all the bad advice was literally making me twitch
17:56 Edgan 2 and 3 can be the same, 1 is obvious, 4 is a hack for the moment
17:57 redkrieg the hack's not going to work, there are compiled modules required (_sqlitecache)
17:57 noobiedubie came in late to the convo what are you trying to do exactly don't have the message history to scroll up too
17:57 deuscapturus joined #salt
17:57 Edgan carlwgeorge: fpm assumed it was in pypy, and could be auto made
17:57 Edgan redkrieg: fun
17:57 carlwgeorge you mean pypi
17:57 carlwgeorge not the same thing as pypy
17:57 Edgan carlwgeorge: But it could still be used with the module from a 2.7 module with the directory method
17:58 redkrieg noobiedubie: salt 2018.3.0 from salt's repos can't use pkg on rhel6 because yum is not available in their python2.7 packages
17:58 Edgan carlwgeorge: I agree a proper package is better, but fpm, if done right doesn't really make any difference
17:59 Edgan carlwgeorge: Being that it is a one off for salt, it won't break anything
17:59 redkrieg writing out a spec file and using rpmbuild is only slightly more complex than "fpm done right".
17:59 cewood joined #salt
17:59 Edgan redkrieg: There are macros to make that easier, but I agree
17:59 carlwgeorge by all means use fpm all you want on systems you own (and are responsible for cleaning up later), but don't propagate that bad advice
18:00 Edgan carlwgeorge: Give a concrete example of how fpm is bad, if done right.
18:01 carlwgeorge the real answer here is use a config management solution that is compatible with python2.6 if you still have to manage systems with default python2.6
18:01 Edgan carlwgeorge: It knows how to manage declare dependecies, and can even do it auto for things in pypi
18:01 carlwgeorge Edgan: https://github.com/jordansissel/fpm/issues
18:01 noobiedubie ok define done right?
18:02 Edgan noobiedubie: Name it properly, and define the dependecies the right version numbers.
18:02 Edgan noobiedubie: The only real limitation of fpm is it can't do per file owner/group/perms.
18:02 carlwgeorge whether that is salt less than a certain version, or something else entirely
18:03 Edgan noobiedubie: Which in most cases it's an issue
18:03 noobiedubie i can imagine
18:03 Edgan I meant isn't an issue
18:04 deuscapturus joined #salt
18:04 Edgan redkrieg: You could probably take the yum.spec, and strip it down to the python module part, and then tweak it for 2.7
18:04 justanotheruser joined #salt
18:05 noobiedubie there's not going to be a pretty answer to this 2.6 dependencies are deep in centos 6
18:05 Edgan redkrieg: Then you could add it to your ticket, and it might get done that must faster
18:05 noobiedubie or rhel6 i mean
18:06 redkrieg Edgan: that's not going to work, yum-3.2.29-81.el6.centos.noarch is what provides /usr/lib/python2.6/site-packages/yum/__init__.py which means it would have to replace system yum
18:06 Edgan noobiedubie: I doubt it is that bad. The key is tweak for 2.7. Ultimately if you want to do it right, you need all the dependecies of the yum module as rpms too
18:06 noobiedubie i tried this once for another library trust me not worth it
18:06 noobiedubie but have fun
18:06 redkrieg this is days worth of work I can't afford to spend right now.
18:06 Edgan redkrieg: You are misunderstanding me
18:06 carlwgeorge el6 (rhel/centos 6) is in the last phase of it's lifecycle, and is only getting critical security fixes at this point, which stops 2020-11-30.  if you haven't migrated off of it to el7 yet, you better start.
18:07 noobiedubie ^ is the correct answer
18:07 redkrieg carlwgeorge: I appreciate the advice, we have a migration plan well underway
18:07 Edgan redkrieg: The package would be call python27-yum, but would be based on yum.spec 2.6
18:07 RF_ I for one wish Salt supports Python2.6 on CentOS 6.x. Two weeks ago, I had to go great length to get python-augeas for python2.7 to work, while there is existing rpm for python2.6. There are also other places I had to tweak so things work with python2.7.
18:07 Edgan redkrieg: So you would no mess with yum
18:08 Edgan and python27-yum would contain, /usr/lib/python2.7/site-packages/yum/__init__.py
18:08 redkrieg Edgan: there is no rpm just for the python modules, everything remotely related to yum is in one massive rpm that affects all of yum system wide.  I'd have to strip out 95% of the spec file and cross my fingers
18:08 noobiedubie RF_ not really salt's fault that centos and RH in general move at a glacial pace and even for version 7 use ancient version of libraries and make hard system depends all other the place
18:09 redkrieg I'm also up to 6 different modules I'm going to need to build rpms for
18:09 Edgan redkrieg: I have experience with such things. It is not a big deal for me.
18:09 noobiedubie with no almost no updates to them during lifecylce
18:09 Edgan redkrieg: Welcome to what Saltstack will have to do
18:10 redkrieg I get it, I just don't think doing the work is worth it for me right now.  I might have to find a way to get 2017.7.5 from salt's repos
18:10 carlwgeorge noobiedubie: thankfully fedora has grasped that problem is working on a thing called "platform python" to ship a separate python stack for system tools
18:10 carlwgeorge hopefully they finish it in time for el8
18:11 Edgan redkrieg: This is why many people have switched to virtualenv salt
18:11 whytewolf ... 2017.75 just dropped in release
18:11 whytewolf so did oxygen
18:11 noobiedubie hope so too but then getting people to stop using RH or CentOS is another issues altogether
18:11 redkrieg Edgan: I don't know how virtualenv salt can magically get yum
18:11 nixjdm joined #salt
18:12 noobiedubie ^
18:12 carlwgeorge redkrieg: https://repo.saltstack.com/yum/redhat/salt-repo-2017.7-1.el6.noarch.rpm will pin you to 2017.7
18:12 Edgan redkrieg: You could pip install . in the right directory to suck in yum
18:12 Edgan redkrieg: pip through virtualenv could resolve any other dependecies
18:12 carlwgeorge Edgan: and what directory is that?
18:12 redkrieg Edgan: it's a series of dependencies that are needed, none of which are in pypi and some of which are precompiled for python2.6, this is not the easy problem you think it is
18:13 Edgan redkrieg: I could do it, and with the right script you could automate it
18:13 Edgan redkrieg: how many el6 systems do you have?
18:13 redkrieg great, thanks for that.  now on to helpful advice
18:13 noobiedubie we believe in you Edgan try it out
18:14 Edgan haha
18:14 Edgan I don't think you want virtualenv anyway. I am just pointing out there are options.
18:14 carlwgeorge like i said, the real answer here is use a config management solution that is compatible with python2.6 (salt less than a certain version) if you still have to manage systems with default python2.6
18:14 Edgan redkrieg: If the number of el6 systems is low, I would focus my effort on getting them to el7
18:14 carlwgeorge Edgan: what is the magic directory you can run pip in to make it see yum?
18:15 noobiedubie yeah probably is the best answer other then chucking the POS operating system into the anals of time
18:15 Edgan carlwgeorge: Give me a sec, and I will look if I am right
18:15 redkrieg carlwgeorge: thanks I'm working on fixing the salt version using your package advice now.  I appreciate your help.
18:16 carlwgeorge sure thing.  i did the same thing, i plan to just leave my el6 boxen on 2017.7 until i decom them.
18:16 redkrieg trust me, if I hadn't inheritied this mess I would not be dealing with anything redhat related
18:16 carlwgeorge i take that back, my el6 boxes are still on 206.11
18:17 carlwgeorge 2016.11
18:17 noobiedubie do you have seperate master for those?
18:18 carlwgeorge that whole environment is el6, and will be replaced with a totally different el7 environment later
18:18 carlwgeorge so effectively yes, each environment has it's own master
18:19 noobiedubie gotcha
18:19 Edgan carlwgeorge: Looks like you would have to write a setup.py for the yum module. Surprised RedHat has been so sloppy.
18:20 noobiedubie lol are we though
18:20 Edgan carlwgeorge: Normally Canonical is the sloppy one
18:20 carlwgeorge so instead of admitting you were wrong, just blame red hat.  got it.
18:20 Edgan carlwgeorge: I admitted I was wrong.
18:21 noobiedubie this whole thing is wrong
18:21 Edgan carlwgeorge: I would in general agree with you that CM that works with 2.6 would be good, but everything else sucks, and Salt needs constant updates
18:22 Edgan carlwgeorge: I would not stick to an old version of Salt. Though I said above, if it was me, I would focus on replacing el6
18:22 Edgan carlwgeorge: If it was 1000 hosts of el6, unless it was a large team, I would just get a new job
18:24 MTecknology $client finally authorized me to start deploying a new environment. I spun up some ubuntu 18.04 masters and I'm deploying new "basic services" 18.04 boxes that will eventually replace their counterparts. I'm also renaming just about everything and not bringing any host into the new cluster without doing a clean rebuild on 18.04.
18:25 Edgan MTecknology: Fun, but 18.04 isn't even officially out yet. I was just looking at the release date, April 26.
18:25 carlwgeorge https://fedoraproject.org/wiki/Changes/Platform_Python_Stack regarding that fedora platform python thing i mentioned.  looks like they didn't finish it in time for f28 unfortunately.
18:27 sjorge joined #salt
18:28 redkrieg carlwgeorge: I also had to go back to 2016.11 as 2017.7 is now using python27 as well (not sure why that big a change was introduced in a minor release?), things seem to be functional.
18:29 MTecknology Edgan: I'm trying to gear up for the release date... when it's released, I want to be able to start replacing servers like a rabbit donkey on crack. :)
18:30 noobiedubie best way to replace servers
18:30 Edgan MTecknology: That is great until you run into the bug in 18.04 that even the official release doesn't fix
18:31 MTecknology I'm used to bugs in ubuntu :)
18:31 Edgan MTecknology: Which Canonical is known for doing, because they have the hard 6 month schedule
18:31 wwalker I'm trying to upgrade an ubuntu 14.04 machine.  There is clearly 2017.7.5 in the repo, but I get an error that it can't find 2017.7.4 :-(  Anyone else had trouble with the http://repo.saltstack.com/apt/ubuntu/14.04/amd64 repo?
18:32 Edgan Are you using latest?
18:32 Edgan The directory can matter
18:32 MTecknology apt-cache policy salt-minion
18:33 Edgan carlwgeorge: noobiedubie: What are you titles? I am curious.
18:33 wwalker Edgan: I'm using this:   deb http://repo.saltstack.com/apt/ubuntu/14.04/amd64/2017.7 trusty main
18:33 ymasson joined #salt
18:34 Edgan wwalker: Your problem is 2017.7.4 isn't in http://repo.saltstack.com/apt/ubuntu/14.04/amd64/2017.7/dists/trusty/main/binary-amd64/Packages
18:34 Edgan wwalker: This is a very common thing companies do with their apt repos
18:34 Edgan wwalker: They put everything in the directory, but only include latest in the Packages
18:34 Edgan wwalker: nodejs loves to do this
18:36 Edgan wwalker: Personally I make my own Salt packages, with my patches, and then give them a higher priority. So even when a newer version comes out, my packages when. Then I update them on my own schedule.
18:37 Edgan packages win
18:38 wwalker Tempting
18:38 wwalker Thanks Edgan
18:39 leev_ joined #salt
18:40 kuromagi^ joined #salt
18:40 dobby2 joined #salt
18:41 SMuZZ_ joined #salt
18:42 simmel_ joined #salt
18:42 tru_tru_ joined #salt
18:43 upb_ joined #salt
18:43 upb_ joined #salt
18:46 Rubin_ joined #salt
18:46 Armadill0 joined #salt
18:46 Yoda-BZH` joined #salt
18:46 bofhit joined #salt
18:46 NightMonkey_ joined #salt
18:51 sjorge joined #salt
18:51 shakalaka joined #salt
18:52 Savemech joined #salt
18:52 Tyrant joined #salt
18:53 nledez joined #salt
18:54 BiW joined #salt
18:54 feliks joined #salt
18:54 Trauma joined #salt
18:54 peters-tx joined #salt
18:55 adongy joined #salt
18:59 peters-tx Just upgraded another RHEL7 box
18:59 peters-tx Minion won't start there either
19:03 peters-tx Ok, well, where is the best place to see if this has already been reported?  Just github issues list?
19:04 MTecknology Edgan: If I were doing that, I'd also make sure to include epoch in the modified version number.
19:04 MTecknology peters-tx: "minion won't start" is about like "car won't start" ... it doesn't really convey anything useful.
19:06 peters-tx MTecknology, ok?  So it is running fine with the 2017* version, and when I update to 2018* version it does not start but rather gives errors.  Not sure what you mean.
19:06 MTecknology that's already more information, but you still haven't said /what/ error
19:06 peters-tx I put it all in a Gist above
19:06 vook joined #salt
19:06 peters-tx <peters-tx> Full error displayed is here -- https://gist.github.com/PeterS242/ce326ac7068e3edaecf3f1371dbc1b97
19:07 MTecknology according to "/lastlog peters-tx", this is the first time you've mentioned it.
19:07 exarkun my salt-master insists none of `docker`, `dockerng`, nor `docker_container` are things.  anyone using salt with docker and know how to get this to work?
19:08 peters-tx MTecknology, perhaps my freenode server was disconnected?  Not long after I sent the info I got disco'ed and then reconnected
19:08 peters-tx Anyways, I try to get the info out there
19:09 MTecknology "Unable to run command 'REDACTED' [...] reason: command not found"
19:10 peters-tx MTecknology, wow, you're right.  Big disconnect from 18:38 to 18:59, which is when I started asking questions / posting info, according to https://irclog.perlgeek.de/salt/2018-04-03
19:11 peters-tx MTecknology, Yes, that error.  Never seen anything like it before.  Any ideas?
19:11 MTecknology aside from the obvious?
19:12 peters-tx What is obvious?
19:12 vook I'm trying to get salt to highstate a FreePBX system, which identifies the OS as 'sangoma', not 'centos' as it should.  pkg.installed is failing as a result (I think) because it doesn't recognize 'sangoma' as a yum distribution.  How can I go about informing salt that pkgs should be installed on 'sangoma' with yum?
19:12 MTecknology the command it was trying to run isn't available
19:13 peters-tx Yet it doesn't tell me; the 2017* version didn't do this, and if I manually run /usr/bin/salt-minion I get no problems.
19:13 peters-tx I guess I'll just keep digging
19:14 JawnAuz joined #salt
19:16 peters-tx Also strange is I'm seeing a lot of "u"s inserted before Salt output text blocks or words
19:20 peters-tx Here's a full log from the startup https://gist.github.com/PeterS242/8ffd26dc4bee6bb9445dd551115d995c
19:22 tiwula joined #salt
19:23 peters-tx Hmm, there's actually more output to SYSLOG than in the Salt Minion log..
19:24 jasperla joined #salt
19:24 cgiroua joined #salt
19:26 peters-tx Added the extras in a comment to the Gist
19:27 MTecknology peters-tx: look at osarch = __salt__['cmd.run']('rpm --eval %{_host_cpu}').strip()
19:28 peters-tx MTecknology, Ok, will check
19:28 MTecknology If I were you, I'd use pdb and attach at that point and trace the boom.
19:29 MTecknology actually, I'd use pudb, but that's a bit maschistic within multiprocessing, since you're letting the daemon run when you attempt to debug
19:30 peters-tx MTecknology, Ok, thanks, I'll see what I can do; haven't used pdb before but will try.... ok, or pudb.
19:31 peters-tx Hmmmmm
19:31 MTecknology pudb is sexy as crap. It introduced me to a whole new series of bugs in my old programs: "what happens when you re-run from the beginning, without a clean environment?"  Oh... you thought /that/ was a good way to set thing in a class? oh.. u silly.
19:32 peters-tx So, I remarked where it just sets the output in the log as "REDACTED", so that I would actually see what it is attempting to run....and it apparently is now running
19:33 peters-tx Although it has a repeating error now, it IS actually  up and responds to the Master
19:33 peters-tx This is just too weird
19:34 peters-tx The error is here and repeats ever second or so https://gist.github.com/PeterS242/bf9bd2af214fe3ed391d510c29f3756a
19:34 peters-tx Every rather
19:35 edrocks joined #salt
19:39 peters-tx Just added my diff to the comment
19:39 peters-tx It's like they added code to do a "REDACT"-ion of the command being run but perhaps instead that actually becomes the file/cmd to run?
19:39 peters-tx 8/
19:42 infinity_ can brew and salt (installed via mac .pkg) co-exist okay on the same machine?
19:42 mianosm yes
19:42 JawnAuz joined #salt
19:42 mianosm In fact with salt, you can leverage brew to install packages.
19:43 infinity_ mianosm: thanks. Yes, I saw in the pkg module.
19:43 infinity_ mianosm: I just had some weird issues with salt+macOS i haven't been able to track down so I'm just checking :)
19:44 mianosm Ah, I've been researching/looking at doing it. I know theoretically they work for some, I've not implemented it yet myself.
19:44 infinity_ I'm just geting starte with salt. I'm considering using it to manage user macs.
19:45 mianosm Sounds better than jamf to me.
19:45 justanotheruser joined #salt
19:45 infinity_ heh
19:45 infinity_ Yea. We have a limited deployment of that. I haven't used it myself yet.
19:48 RF_ joined #salt
19:49 RF_ Is there anything wrong with this #py state? https://pastebin.com/KwBQDUwv
19:50 sjorge joined #salt
19:50 RF_ I am getting "      TypeError: list indices must be integers, not str"
19:53 MTecknology That doesn't look like any state I'm familiar with.
19:53 RF_ nevermind. I just answered my own question. config['test_state']['cron.present'] is a list, but I was treating it as a dict.
19:55 eekrano_ joined #salt
19:57 DammitJim joined #salt
19:58 edrocks joined #salt
20:02 edrocks joined #salt
20:11 tyx joined #salt
20:13 sjorge joined #salt
20:13 Edgan MTecknology: Are you using 2018.3 with 18.04 to be on the bleeding edge?
20:14 eekrano joined #salt
20:16 MTecknology nah, I try to stick to distro-maintained packages
20:26 Edgan MTecknology: For salt, that sounds fun
20:28 MTecknology I almost always find a reason to start using upstream salt
20:30 cyteen joined #salt
20:31 Trauma joined #salt
20:33 Edgan MTecknology: I find reasons to go patched upstream all the time
20:33 MTecknology ya... but I've seen your states, that doesn't surprise me in the least. :P
20:35 Edgan MTecknology: One recent one, make pillars ordered dicts, so you can "paste" the results directly without having to transform them
20:38 eekrano_ joined #salt
20:41 saltsa joined #salt
20:43 this_is_tom joined #salt
20:44 this_is_tom Hope all is well. Looking to see if anyone is familiar with the CherryPy REST api. I'm having trouble trying to execute a Pillar via the API. Not sure if it's how I have the Pillar set up or if It's how I'm querying. Glad to provide more technical details if someone is familiar.
20:45 Edgan this_is_tom: You mean return a pillar via the api?
20:46 this_is_tom I think so. We run "salt 'minion_name' pillar.get the-path" via the command line
20:46 this_is_tom It returns a file path
20:47 hrumph joined #salt
20:47 this_is_tom Can't seem to wrap my head around how to get it going via the API
20:47 Edgan this_is_tom: ok, I have worked with the api before, but it has been a while. Based on what I see on the docs for an example I could see how you could adapt it to return pillars. How are you doing it?
20:49 this_is_tom Edgan: I've been trying a few different ways. Creating a Gist right now
20:50 Edgan this_is_tom: Have you gotten anything else working to prove you are logging in properly?
20:51 Edgan this_is_tom: Most of the problems I had with the api were just getting authentication setup properly.
20:51 this_is_tom Edgan: Yeah, I have state.apply and cmd.run commands working well.
20:51 Edgan this_is_tom: Cool
20:52 onmeac joined #salt
20:54 sjorge joined #salt
20:54 this_is_tom https://gist.github.com/Tom-Gorup/b2e3e751ea06adf835879c5940cba2ca
20:55 this_is_tom Edgan: there's a gist of a few different tries
20:55 this_is_tom I'm sure I've tried some others, just didn't keep them around
20:55 this_is_tom Edgan: I've been seeing varying ways of running the commands like: "{\'pkg\': {\'apache\': \'httpd\'}}"
20:56 this_is_tom however we don't have the layers with ours, pkg > apache > httpd
20:57 this_is_tom Edgan: I'm betting I'm not reading the documentation correctly, but it says to use "wheel" for pillars but then the example in the docs use state.sls :sigh:
20:57 this_is_tom https://docs.saltstack.com/en/latest/ref/netapi/all/salt.netapi.rest_cherrypy.html#usage
20:58 whytewolf this_is_tom: are you trying to SET a pillar or GGET a pillar?
20:59 whytewolf wheel is for manageing master side stuff. like  SETTING pillars or accepting keys
20:59 Edgan this_is_tom: 1 and 2 are way wrong. Three is probably close.
20:59 this_is_tom whytewolf: I'm betting "getting". The pillar, when ran from command line, returns a file path, e.g. /path/to/folder
21:00 this_is_tom Edgan: lol, thanks. That's what I was thinking and when I run it I get a 500 Server Error
21:00 this_is_tom requests.exceptions.HTTPError: 500 Server Error: Internal Server Error for url: https://x.x.x.x:8000/run
21:01 this_is_tom ok
21:01 this_is_tom well, looks like I'm hitting another issue
21:02 this_is_tom Not sure if I just took down the CherryPy server but I'm getting 500 on other queries as well :failed"
21:05 this_is_tom From one issue to the other
21:06 Edgan this_is_tom: What does the api log say when you get the 500 from the third method?
21:06 this_is_tom Edgan:  I'm getting the 500 error on all my commands now. Checking in on the CherrPy server to see if it's hanging for some reason
21:07 Edgan this_is_tom: try dropping the /run in your url
21:08 this_is_tom Edgan: Had a weird issue yesterday where it didn't take my state.apply arguments and just ran the whole top file.
21:08 Edgan this_is_tom:  "You can bypass the session handling via the Run URL." Which implies you probably don't want to use /run while trying to create and use a session
21:10 deuscapturus joined #salt
21:11 c4rc4s joined #salt
21:11 xet7 joined #salt
21:11 deuscapturus joined #salt
21:13 this_is_tom Edgan: I create the session with /login and pass the session token on to the module.
21:13 this_is_tom https://docs.saltstack.com/en/latest/ref/netapi/all/salt.netapi.rest_cherrypy.html#run
21:13 Edgan this_is_tom: yes, but then it should be :8000 not :8000/run  is my point, and your error above ends in /run
21:13 this_is_tom I guess I don't need to pass the session along, just the token OR the session
21:14 this_is_tom hm... it was working before... I'll get 'er a go without it
21:14 Edgan this_is_tom: I would be curious what the error is
21:14 this_is_tom Edgan: het a 401 Unauthorized
21:14 this_is_tom *get
21:15 this_is_tom That's pleasant... :sigh:
21:16 Edgan this_is_tom: I looked at my old api code. I didn't use run. I used /login to login, and then used /
21:17 maharg101 joined #salt
21:17 Edgan this_is_tom: But sounds like you have something that mostly works. The key would be to no the real error behind the internal error
21:18 jab416171 joined #salt
21:19 Edgan this_is_tom: You may also have to turn up the log level to get a real answer
21:20 c4rc4s joined #salt
21:20 nixjdm joined #salt
21:22 maharg101 With release of Salt 2018.3.0 the salt-cloud provider format has changed quite a bit. Also it seems that it is necessary to install shade yourself, if you previously just used the bootstrap -L option. Have I understood that correctly ?
21:23 this_is_tom getting:  "2018-04-03 17:22:55,909 [salt.master      :2023][WARNING ][22414] Authentication failure of type "token" occurred."
21:24 maharg101 I mean the salt-cloud openstack provider format has changed quite a bit.
21:24 this_is_tom interesting...
21:24 Edgan this_is_tom: with the 500?
21:26 whytewolf maharg101: openstack driver was on decomm list before 2018.3.0 nova driver was default then. with 2018.3.0 openstack has been compleatly rewrite to use shade instead of libcloud [and yes you need to install shade yourself as -L installs libcloud and salt-cloud, and hasn't been updated for the other things outside of libcloud]. and Nova is now deprecieated.
21:26 whytewolf that made a lot more sense in my head
21:27 this_is_tom Edgan: So, when I run with the /run I get a 500 error and master logs say "[WARNING ][22399] Authentication failure of type "token" occurred."
21:28 Edgan this_is_tom: ok, that would suggest that you need to sort out auth, even if it sometimes works
21:28 this_is_tom Edgan: when I run without the /run I get a 401 and no WARNING in master logs
21:28 maharg101 thanks @whytewolf. Makes perfect sense here. I just wanted to validate my thinking as I had just got things working on the previous release and then BANG it all stopped working. I've just spent a happy couple of hours reaching that conclusion.
21:31 justanotheruser joined #salt
21:33 this_is_tom Edgan: I enabled debug on the api and I'm not seeing anything...
21:34 jab416171 joined #salt
21:34 Edgan this_is_tom: Try going with the login method, and drop the token. See what happens.
21:37 thelocehiliosan joined #salt
21:37 this_is_tom Edgan: well, now I'm seeing an eauth failure instead of a token failure
21:38 _xor joined #salt
21:38 Edgan this_is_tom: Are you setup for login on the api side? Mine looked like https://pastebin.com/7yb50Wd5
21:39 Edgan this_is_tom: and in my python code, login_payload = {'client': 'local', 'username': "#{salt_api_username}", 'password': "#{salt_api_password}", 'eauth': 'pam'}
21:40 this_is_tom yeah, I have .* for testing under the username under pam
21:40 this_is_tom and debug: True
21:40 this_is_tom Edgan: this is annoying... This was working perfectly for the last 2-3 weeks... No clue what's happened
21:41 Edgan this_is_tom: Worked in a limited use case for 2-3 weeks, and then you tried to do more?
21:42 this_is_tom Edgan: Tried doing pillars and my world fell apart, apparently
21:42 this_is_tom lol
21:42 Edgan this_is_tom: what does your api config look like?
21:43 Edgan this_is_tom: part of it is an acl of what the api will allow users to do
21:44 Edgan this_is_tom: So you could be getting an auth error, as in your auth token isn't allowed to do what you asked the api to do
21:44 maharg101 @whytewolf bootstrap -L installs salt scripts in system site-packages but best practice with shade et al (and generally) would be a venv. I could --system-site-packages of course... feels a bit messy. Am I missing something ?
21:46 this_is_tom Edgan: WOW
21:46 tiwula joined #salt
21:46 wryfi has anyone had any issues with the scheduler in 2017.7? we just upgraded, and one of our environments inexplicably seems to miss runs. e.g. we have an orchestration scheduled to run every 15 minutes, and it will go for an hour without running.
21:47 wryfi i
21:47 wryfi i've looked through master logs and found no explanation
21:47 Edgan this_is_tom: ?
21:47 whytewolf maharg101: I just normally install shade into the system packages. basicly the same place salt is.
21:48 peters-tx wryfi, Well I'm getting errors with 2018.3* ... like "[TRACE   ] ==== evaluating schedule now None =====" and "[ERROR   ] Exception 'Schedule' object has no attribute 'loop_interval' occurred in scheduled job", but I don't really schedule anything so I  can't say
21:48 maharg101 @whytewolf perhaps I'm over thinking it. Thanks.
21:48 this_is_tom Edgan: So, it looks like the config file contained "username_here" in the config
21:48 this_is_tom lol
21:48 this_is_tom No clue how that occured...
21:49 whytewolf maharg101: you could install the whole of salt-cloud into a venv. and put shade there. no shame in that either.
21:50 Edgan this_is_tom: missing - template: jinja?
21:51 this_is_tom Edgan: We haven't used Jinja for the config file
21:51 Edgan this_is_tom: git blame  and look at the line with username_here :)
21:51 this_is_tom lol, right!
21:52 this_is_tom Unfortunately I have to go now... I'll probably be back at it this evening or tomorrow
21:52 this_is_tom Thanks for the assist @Edgan!!
21:52 Edgan this_is_tom: ok, you are welcome
21:52 this_is_tom appreciate it... Hopefully I'll get a chance to work on what I really set out to do
21:56 maharg101 @whytewolf yeah I was thinking that. Is there a good comprehensive reference for the new provider yml format ?
21:59 maharg101 I found https://docs.openstack.org/os-client-config/latest/user/network-config.html which helps
22:00 swa_work joined #salt
22:05 ProT-0-TypE joined #salt
22:07 rollniak__ joined #salt
22:08 MTecknology hm.. what would be a jinja way of converting something like foo = ['bar', 'fuz', 'buz'] to "'bar' 'fuz' 'buz'"?
22:09 Eugene join ?
22:10 MTecknology ah... then I just include the opening closing quotes and assume there's at least one item
22:11 Edgan MTecknology: You could probably if list not empty
22:17 aldevar joined #salt
22:18 DanyC joined #salt
22:20 jose1711 joined #salt
22:21 jose1711 hello, please is this the correct way to create an email sending reactor? https://pastebin.com/PzhaxsZM
22:22 jose1711 it sure works but i am wondering if the syntax could be improved
22:23 Edgan jose1711: You in AWS? Datacenter?
22:23 jose1711 just home testing
22:25 Trauma joined #salt
22:25 Edgan jose1711: Curious of the intended use. In general I would expect a program on a system to handle sending out of messages. The reactor seems more like a minion came online, a minion started failing runs, etc.
22:27 jose1711 use case is not yet decided but having an option for email notifications would be nice
22:27 jose1711 i was thinking of linking reactor to runner module but there's none for email sending
22:27 Edgan jose1711: it it works, seems decent enough
22:28 Edgan jose1711: One general problem with the reactor is it is a single point of failure, but in a home setting that isn't a big deal
22:29 Edgan jose1711: You could say the same thing of salt masters, since most people don't setup multiple salt masters
22:33 jose1711 if there are two masters both would send an email?
22:33 jose1711 just curious
22:34 Edgan jose1711: No sure how reactors deal with multiples. Probably depends on the reactor use case. If is is a minion coming online, that would be fine. Because it would only connect to one at a time.
22:35 this_is_tom joined #salt
22:35 this_is_tom Edgan: https://gist.github.com/Tom-Gorup/c027487e5b6add37f2de35a6eceaf467
22:36 this_is_tom error I'm getting with the pillar.get in fun
22:36 whytewolf depends also on the type of multimaster setup. active/active has the chance of fireing for each master. but active/failover does not until the minion gets dissconnected
22:36 Edgan this_is_tom: so my your current code
22:37 this_is_tom Edgan: https://gist.github.com/Tom-Gorup/849ce7a5f72890c17489f09595caef7d
22:38 this_is_tom Edgan: Feels like we're running our Pillar differently than others. It doens't have layers like pkg > apache > http
22:39 eekrano_ joined #salt
22:41 hrumph joined #salt
22:42 Edgan this_is_tom: one sec, digging
22:42 this_is_tom Edgan: np, thanks!
22:43 hatifnatt Hello! Does 'watch' requisite implement 'require' i.e. it's enough to specify 'watch' or I need both 'watch' and 'require' if I want specific order of execution?
22:44 Edgan this_is_tom: I think you want, something like https://pastebin.com/AVeLcb6L
22:44 Edgan hatifnatt: yes, a watch is a require
22:45 hatifnatt Edgan: thanks!
22:46 this_is_tom Edgan: same error
22:46 this_is_tom Edgan: That's what I was wondering about kwargs, what key needed to be there...
22:46 this_is_tom Edgan: not entirely clear in docs
22:46 this_is_tom Edgan: take that back, I made kwarg plural :derp:
22:47 Edgan this_is_tom: look at the first comment, https://github.com/saltstack/salt/issues/39471   The docs have a like reference
22:47 this_is_tom ERROR executing 'pillar.get': The following keyword arguments are not valid: mods=path-here
22:48 schemanic Hello. I have many pillar files which represent connections to many different database hosts. I'd like to programmatically assign them to hosts in the top file.  Is there a good way to do this?
22:48 schemanic for example 'minion_XXXX should get pillar db_XXXX'
22:49 hatifnatt schemanic: what is "XXXX"?
22:49 Edgan this_is_tom: sounds closer
22:49 Edgan this_is_tom: try replace mods with path-here and don't give a value
22:50 this_is_tom Edgan: ERROR executing 'pillar.get': The following keyword arguments are not valid: the-path="
22:54 schemanic hatifnatt, it's a placeholder I'm using to signify that they go together
22:54 whytewolf mods should be keys.
22:54 whytewolf this_is_tom: Edgan ^
22:55 schemanic My network uses a naming convention to identify 'stacks', so the ec2 instance belonging to the 0001 stack should also get the pillars belonging to the 0001 stack for software configs
22:55 this_is_tom whytewolf: not sure how I should build the json
22:56 whytewolf like Edgan showed in https://pastebin.com/AVeLcb6L but mods should be keys
22:57 this_is_tom whytewolf: aaa, the word "keys"?
22:57 whytewolf https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.pillar.html#salt.modules.pillar.get
22:57 whytewolf sorry key not keys
22:57 whytewolf you have to actually know the values that the module is expecting
22:58 Edgan whytewolf: yeah, that is barf
22:59 whytewolf well, if you know the order you can just use arg
22:59 this_is_tom got it!
23:00 this_is_tom "arg": "the-path",
23:00 Edgan so no list, interesting
23:00 whytewolf what version?
23:00 this_is_tom whytewolf: yeah
23:00 Edgan surprised a list made it think no arg
23:00 whytewolf me too.
23:01 this_is_tom lol
23:02 this_is_tom well, here we are
23:02 this_is_tom victory is ours
23:02 this_is_tom thank you both!!
23:02 cliluw joined #salt
23:03 this_is_tom whytewolf: salt-master 2018.3.0 (Oxygen)
23:03 whytewolf humm, interesting
23:03 * whytewolf goes back to head down working
23:04 this_is_tom lol
23:05 this_is_tom thanks again! Have a great rest of your day
23:05 schemanic does anyone have any suggestions for how to programmatically state in the topfile that certain pillars should be attached to certain hosts based on a common key in the minion id and the pillar filename?
23:07 LeProvokateur joined #salt
23:09 whytewolf schemanic: get creative with this https://gist.github.com/whytewolf/455d97a6de4991fc930543045b2e1714
23:09 hatifnatt schemanic: you can use grains in top file
23:09 schemanic whytewolf, but I understand that I shouldn't use grains to target
23:09 schemanic I've been told here that that is quite insecure
23:10 MTecknology what was the exception you were told about?
23:10 whytewolf while it is true that you shouldn't Normally use grains to target, grains['id'] in pillar is locked to the minion_id
23:11 hatifnatt I was too slow :)
23:11 schemanic MTecknology, are you asking me to remember something specific, or are you saying I mentioned an exception and are asking me what I meant?
23:11 whytewolf pretty sure he was asking me about the exception :P
23:11 whytewolf which i already posted about
23:11 MTecknology nah, I know schemanic was told about the exception a few times
23:12 whytewolf ahh
23:12 thelocehiliosan joined #salt
23:12 schemanic Is the exception what whytewolf just said? about that specific grain?
23:13 schemanic Im very sorry but I don't remember binding the information you're referencing to this specific identifying concept
23:13 * MTecknology blinks
23:13 schemanic You're saying I was taught something in the past. I'm sure I was, but I'm not recalling what it is that I was taught
23:14 schemanic like knowing you know a 'Jonas' but not remembering what his face looks like
23:15 relidy joined #salt
23:15 schemanic Anyway, what is the exception to the rule that one should not target with grains?
23:15 whytewolf grains['id']
23:15 whytewolf well that and the rule only applies to pillar
23:16 schemanic right. Don't target pillars with grains. EXCEPT with grains['id'']. I'll try to encode that a little better this time
23:17 iggy I mean you can... if security isn't your primary concern
23:17 schemanic well yes I understand that. But it is
23:17 schemanic I moved back to targeting based on complex naming convention in the minion id
23:18 schemanic my ids look like OTPDAPVM0019
23:18 schemanic where each block is a fixed size and carries specific meaning
23:18 Edgan schemanic: if it is aabbccddeeff0019, then you could slice it in jinja into jinja variables
23:19 schemanic Edgan, I was thinking that yes. Create stack pillars and then assign them to the hosts based on the stack id
23:19 Edgan schemanic: even abbccc, etc, as long as it is predictable
23:19 whytewolf I plan to go back after i get my enviroments setup and rename all of my servers. I'm thinking villians
23:20 schemanic just not DC
23:20 schemanic DC is pathologically averse to continuity of universe
23:20 whytewolf ... why not? DC villians are the only good thing about it
23:21 schemanic I can't stand how they wont make one big world that has a consistent story. There's no reason to love any characters because they'll just make a new show that changes them somehow
23:21 Edgan schemanic: like, https://pastebin.com/uxdTLNgL
23:21 Edgan whytewolf: pet names are cluster names in my scheme, everything else is predictable
23:21 schemanic Edgan, thats quite close to what I'd like
23:22 Edgan schemanic: Then you need to do something like
23:22 whytewolf Edgan: it is a "small" home enviroment
23:22 Edgan schemanic: https://pastebin.com/pBCkKc6p
23:22 Edgan whytewolf: No virtualization?
23:23 whytewolf does openstack count?
23:23 whytewolf :P
23:23 MTecknology Edgan: "moderately predictable".. I have a module that slaps a regex pattern against a hostname and either finds a match and returns the components in a dict, or returns None.
23:23 schemanic Edgan, isn't your example the insecure way of doing things?
23:23 Edgan whytewolf: yes, and overkill :)
23:23 Edgan schemanic: How?
23:23 schemanic aren't you using grains?
23:23 schemanic to assign pillars to hosts?
23:24 Edgan schemanic: no, they are variable names that include grain
23:24 Edgan schemanic: because I am using them like grains
23:24 Edgan schemanic: note, grain not grains
23:24 Edgan schemanic: they are jinja variables
23:24 schemanic Oh, I see. The first paste is related to the second
23:24 Edgan schemanic: you could call it whatevery you want
23:24 Edgan schemanic: yes
23:24 Edgan schemanic: and the first is a map.jinja with jinja code, not a grain
23:25 Edgan schemanic: it is jinja not python
23:25 Edgan schemanic: I converted the map.jinja from a custom python grain
23:25 Edgan schemanic: and called the variable grain instead of something like naming
23:25 Edgan schemanic: I understand it is confusing
23:25 schemanic I see. You use grains functions in the mapfile to render values, and then you import that mapfile into your topfile to get ahold of those conformed values without compromising your security
23:26 Edgan schemanic: :)
23:26 whytewolf Edgan: my "small" home lab https://imgur.com/a/IwAlw that i am in the process of rebuilding
23:26 * MTecknology {% set node = salt.st_util.parse_id() %}
23:27 Edgan MTecknology: good idea, but I was shooting for code that was more visible to the end user
23:27 schemanic That is Edgan, I'm curious where this runs though. where does the first file get set up?
23:27 Edgan whytewolf: I switched to cables like this, and it does make a real difference, https://www.amazon.com/gp/product/B07959BSTP/ref=oh_aui_detailpage_o02_s00?ie=UTF8&amp;psc=1
23:27 Edgan schemanic: pillars are rendered in the master
23:28 Edgan whytewolf: right?
23:28 schemanic right but where would I tell the _grains/map.jinja file to... run?
23:28 whytewolf lol, yes pillars are rendered on the master
23:28 schemanic it seems to be asking for minion ids in that file
23:28 Edgan schemanic: it goes like this, and I am going to point out a weird quirk
23:29 Edgan schemanic: master sets the id grain, so that starts secure
23:29 Edgan schemanic: master starts rendering the top.sls for pillars
23:29 schemanic the id grain of what
23:29 Edgan schemanic: of the minion being processed
23:29 Edgan schemanic: the salt key name
23:29 Edgan schemanic: which is /etc/salt/minion_id on the minion
23:29 MTecknology Edgan: We keep states and modules in the same place, so that's not much of an issue.   The module is   if not id: id = grains.id  r = re.match(...), if not r: return None return r.group
23:30 Edgan schemanic: and when it starts rendering the top.sls, it processes the jinja, which sucks in all the map.jinja stuff
23:30 Edgan schemanic: which gives you a flat render of the top.sls for that minion based on the id
23:30 schemanic and causes the map to render itself 'against' the minion?
23:31 Edgan schemanic: in the context of the pillar rendering there is only one id
23:31 Edgan schemanic: and so it is a 1:1 with minions
23:32 schemanic Oh... I think I see that now. So this revolves around the idea that you don't break out your targeting expressions
23:32 Edgan schemanic: and ultimately means you can't be auto_accept: True
23:32 Edgan schemanic: The quirk is
23:32 schemanic what does auto_accept: True mean?
23:33 whytewolf schemanic: https://docs.saltstack.com/en/latest/ref/configuration/master.html#auto-accept
23:33 Edgan schemanic: If using gitfs for pillars, you have to include _grains/map.jinja in the pillar git repo with another copy of the map.jinja, if pillars and states are different repos
23:33 whytewolf a bad bad bad config option that has to exist
23:33 Edgan whytewolf: 80% of people use it
23:33 whytewolf i know
23:34 Edgan whytewolf: The docs aren't good enough to teach everyone how to do it well
23:34 MTecknology $coworker asked today if we could enable that
23:34 schemanic Ahh, thats what allows salt-cloud to startup
23:34 Edgan whytewolf: and then you have things like auto-scaling
23:34 Edgan haha
23:34 MTecknology I wasn't very friendly when I said no.
23:35 schemanic Edgan, how does that look from a file tree perspective?
23:35 whytewolf schemanic: actually salt-cloud doesn't use that option. salt-cloud will create a key on the master and push that key to the minion
23:35 schemanic ahh okay
23:35 * MTecknology will *NEVER* let that option be enabled, ever when my goal is to auto-accept keys. I offload that to a script that verifies some expectations about the minion before accepting the key.
23:36 schemanic Edgan, so if I've got my gitfs pillar, where does the mapfile go?
23:36 Edgan schemanic: If locally my states are salt-formulas, and my pillars is salt-pillars, then salt-formulas/_grains/map.jinja and salt-pillars/_grains/map.jinja
23:36 Edgan schemanic: In both git repos, and you have to duplicate it
23:37 Edgan schemanic: If it is one git repo, you still have to double maintain it, when using gitfs, because gitfs doesn't understand symlinks
23:37 Edgan schemanic: I should probably file an issue and get it fixed for gitfs
23:38 schemanic Oh I see. so if my gitfs pillar tree looks like /salt-pillar, /salt-pillar/apache, /salt-pillar/tomcat, I need to have /salt-pillar/_grains/map.jinja
23:38 Edgan schemanic: The salt code could probably be smart enough to read the formulas git repo for the pillar rendering
23:38 Edgan schemanic: yes, depending on how it merges
23:38 schemanic Okay, here's a curve
23:39 schemanic I bring in each formula through it's own gitfs connection
23:39 Edgan schemanic: I don't know how it will react
23:39 Edgan schemanic: Gitfs does have the concept of "mounting"
23:39 Edgan schemanic: Which may solve it
23:40 Edgan schemanic: Pretty sure it is there for formulas, but not sure about pillars
23:40 Edgan schemanic: the gitfs style of each is different
23:40 whytewolf https://docs.saltstack.com/en/latest/ref/pillar/all/salt.pillar.git_pillar.html#mountpoints
23:40 schemanic Well, like, you're just saying that this mapfile needs to be in both the whole statetree AND the pillar tree yes?
23:40 schemanic SOMEWHERE
23:40 schemanic or is it more specific?
23:40 Edgan schemanic: Looks like mounts exist in pillars
23:41 Edgan schemanic: So technically you could make the map.jinja it's own repo and mount it in both
23:41 Edgan schemanic: then no dup
23:41 DanyC joined #salt
23:41 Edgan schemanic: But I still think salt should be fixed
23:41 schemanic Okay. Let me collect this conversation and the files you gave me. I've been searching for a way to consolidate the concept of 'stack' and represent it well
23:42 Edgan whytewolf: Thanks for filling the gaps :)
23:42 whytewolf np.
23:43 whytewolf saved me having to do the main typing ... and let me work
23:47 schemanic so, to recap Edgan: The main concept is this: I can create a mapfile which makes references to the minion in a separate mapfile. This mapfile's job is to create some identifying traits for the minion based on it's grains and minion id in a secure fashion. This mapfile gets evaluated when the topfile runs on the minion, creating distinct traits for each minion and allowing me to conditionally apply states to minions with
23:47 schemanic the proper traits. To apply this concept, I need to place this mapfile into a git repo and make it available to the salt filesystem, then when I define my ext_pillar for it I need to set up a mountpoint for it inside the salt-master's local file_roots tree.
23:49 relidy I'm hoping someone has a quick hint. Just upgraded my master (CentOS7) to 2018.3.0 and now I'm getting an exception in the master log "RSAError: no start line". It sounds like it's complaining about the keys, but ... why? https://gist.github.com/rhoths/e17c4c9126aa130b149d7744ccd0c7b0
23:50 schemanic Does it seem like I understand Edgan?
23:53 schemanic :(
23:57 schemanic joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary