Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2018-04-06

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:00 onslack joined #salt
00:01 MTecknology aphor: use a pastebin service next time, ideally not pastebin.com
00:03 dezertol joined #salt
00:04 aphor sorry.
00:04 joshin joined #salt
00:04 joshin joined #salt
00:04 aphor I should know better, but we've switched to Slack at work, and I got amnesia.
00:12 deuscapturus joined #salt
00:21 deuscapturus joined #salt
00:41 deuscapturus joined #salt
00:43 zerocoolback joined #salt
00:51 aphor so I have tornado 5.0.1, which is not yet supported.
01:25 zerocoo__ joined #salt
01:56 edrocks joined #salt
01:58 ilbot3 joined #salt
01:58 Topic for #salt is now Welcome to #salt! <+> Latest Versions: 2017.7.5, 2018.3.0 <+> Support: https://www.saltstack.com/support/ <+> Logs: http://irclog.perlgeek.de/salt/ <+> Paste: https://gist.github.com/ <+> See also: #salt-devel, #salt-offtopic, and https://saltstackcommunity.herokuapp.com (for slack) <+> We are volunteers and may not have immediate answers
02:03 lastmikoi joined #salt
02:08 hooksie1 joined #salt
02:37 edrocks joined #salt
02:50 ponyofdeath joined #salt
03:14 evle1 joined #salt
04:36 indistylo joined #salt
04:55 Miuku Hmm, I wonder why salt insist on telling me that it's installing a new kernel package with pkg.upgrade if the system has multiple kernel versions installed (it doesn't actually install anything of course)
05:01 shoogz joined #salt
05:22 rodr1c joined #salt
05:22 rodr1c joined #salt
05:29 packeteer joined #salt
05:31 chutzpah joined #salt
05:42 aruns joined #salt
05:43 sauvin joined #salt
05:45 Psy0rz joined #salt
05:45 mage_ joined #salt
06:04 sjorge joined #salt
06:08 c4rc4s joined #salt
06:19 DanyC joined #salt
06:32 babilen Miuku: How is it telling you that?
06:40 georgemarshall joined #salt
06:40 Miuku babilen: Fixed the issue by, well, removing the old kernels but here's how it shows up with gpg-pubkey rpm's on a SLE12SP3 box; https://paste.opensuse.org/98632809
06:40 Miuku babilen: Oddly enough, on the next run it reports as the same package being new but naturally it doesn't install anything since the package is already installed.
06:42 babilen So, it's including the latest package version in the new list over and over again on subsequent state runs even though that version didn't change?
06:42 Miuku Yes.
06:43 hemebond Are you using a wildcard in the package name?
06:43 babilen Sounds like a bug .. Is that with the latest salt version?
06:43 Miuku 2018.3.0 and this is a system package so I can't really make any changes to the rpm. Just using salt '<system>' pkg.upgrade in this particular case.
06:44 Miuku So I should just report it as a bug on GitHub?
06:44 babilen So you end up with a list of packages for which "changes" are reported if they have multiple versions installed? Does that happen with *every* package for which you have multiple versions?
06:45 babilen Sounds like a test for equality is used when it should be a test for set membership
06:45 Miuku babilen: Yes, it also happens with kernel- package that can have multiversion and drivers packages. So I reckon every package that has multiversion capability.
06:45 babilen ( 2.0.1 = [2.0.1, 2.0.0, ....] )
06:46 frew joined #salt
06:46 babilen I bet its the way changes are computed in that they compare "new" vs. "old" version, but don't take multiple versions into account
06:46 Miuku Let me check quickly, I'll install a few packages there. Moment.
06:47 babilen So they end up with: 2.0.1 != [2.0.1, 2.0.0, ....]
06:51 briner joined #salt
06:54 DanyC joined #salt
06:58 DanyC joined #salt
06:59 Miuku babilen: Sorry took me a while, had to install various packages and I can confirm it happens with any multiversion package; https://paste.opensuse.org/85069940
06:59 Miuku I'll open a ticket with all info I can think of. It's prolly just a bug in zypper module.
07:00 babilen Ta! Sounds as if it shouldn't be too hard to fix
07:01 Miuku More of a cosmetic annoyance than anything else :-)
07:04 babilen https://github.com/saltstack/salt/blob/develop/salt/modules/zypper.py#L1332-L1335
07:05 babilen different code from https://github.com/saltstack/salt/blob/develop/salt/modules/zypper.py#L1215-L1220
07:05 DanyC joined #salt
07:07 babilen It's either the dictionary comparison that's not working as intended (unlikely) or that the data munging beforehand isn't quite right
07:07 cewood joined #salt
07:08 aldevar joined #salt
07:27 aanriot joined #salt
07:30 lompik joined #salt
07:33 Hybrid joined #salt
07:39 Hybrid joined #salt
07:41 jrenner joined #salt
07:49 Pjusur joined #salt
07:51 DanyC joined #salt
07:55 Hybrid joined #salt
08:06 CrummyGummy joined #salt
08:10 cyteen joined #salt
08:10 Hybrid joined #salt
08:13 tonthon joined #salt
08:13 tonthon Hi
08:13 tonthon I just upgraded my salt-master and when running salt-key -L no minions key appears
08:14 tonthon are there any recent changes on the key management ?
08:14 tonthon (I'd really like to be able to launch commands on my 80 lost minions :/)
08:21 babilen tonthon: How did you upgrade? What was the version before and what is it now? What was/is the content of /etc/salt/pki/master before and after the upgrade? What do you see in the minion logs? (and so on)
08:23 tonthon babilen: /etc/salt/pki/master/minions is void (I suppose it should contain the accepted keys
08:24 briner joined #salt
08:24 tonthon I upgrade from the 2016.11.2 to 2018.3.0
08:24 babilen That's quite a jump
08:24 babilen And yes, that should™ contain the keys
08:25 tonthon minion logs shows "The Salt Master has cached the public key for this node..."
08:25 tonthon another point, I had to manually fix the zfs grains to get the salt master starting
08:25 tonthon (edited /usr/lib/python2.7/dist-packages/salt/grains/zfs.py)
08:27 babilen Do you have backups of /etc/salt ?
08:27 tonthon babilen: unfortunately no, but I've a list of the minion ips, using ssh in a for loop I will be able to restart all salt-minion services
08:27 tonthon and get my minions back
08:28 babilen I'll be back shortly, but you could use salt-ssh and use the https://docs.saltstack.com/en/latest/ref/roster/all/salt.roster.cache.html#module-salt.roster.cache roster to find your minions
08:28 tonthon babilen: ok, thanks a lot for your help
08:28 babilen Could you restart a single minion and see if its key ends up in unaccepted keys?
08:29 babilen The minion might want you to remove the master's key ..
08:29 babilen This has never happened to me and it is a massive bug
08:29 babilen I wonder if its due to jumping one major version, but the packaging/code still shouldn't nuke /etc/salt/pki
08:31 tonthon babilen: restarting a minion makes the key appears under unaccepted keys
08:32 babilen Well, that's at least something
08:32 babilen How very annoying though
08:40 tonthon babilen: the master key also changed after upgrade (I had to delete all minion_master.pub
08:40 babilen yeah, that's what I referred to with "minion might want you to remove the master's key"
08:40 babilen Not sure the cache roster works at this point in time
08:41 tonthon babilen: I've got all my stuff working
08:44 babilen Good, but still ...
08:44 babilen I'm not brave enough to upgrade to 2018.3.0 right now
08:44 babilen Might wait for .1 :)
08:45 tonthon I think it's a good idea
08:45 Cadmus Some of my minions have slightly misconfigured yum repos, so I've got an inadvertent beta program going.
08:48 tonthon babilen: in any case, thanks a lot for your help, it was more than welcome I was wondering how I could land (https://t2.uc.ltmcdn.com/fr/images/2/0/0/img_4002_ins_20804_600.jpg) :)
08:50 babilen I am really looking forward to finally being able to easily define jinja filters though. So I'm very tempted to upgrade .. Such an urgently needed feature
08:51 babilen tonthon: yw, hope you don't run into too many other problems
08:52 onslack <msmith> i might be more tempted to build a new master to run 2018.3 for testing and transition rather than just upgrade in place, just in case there's something in our environment that doesn't like the upgrade
08:54 tonthon babilen: states (195) seems to run fine
08:54 tonthon I'd hoppen an issue for that zfs buggy grain
09:06 mikecmpbll joined #salt
09:11 permalac joined #salt
09:13 aldevar joined #salt
09:15 permalac joined #salt
09:33 Miuku I went and upgraded all production systems immediately. Hohoho! Best practices ;-)
09:33 babilen hehe
09:33 babilen "Let it burn .. I like fire fighting"
09:34 Miuku Nothing broke so I'm very happy :-)
09:43 jose1711 joined #salt
09:43 mbologna_ joined #salt
09:43 jose1711 hello, everytime i restart minion i need to manually remove /etc/salt/pki/minion/minion_master.pub. otherwise i get timeouts
09:44 jose1711 anyone has an idea?
09:44 georgemarshall joined #salt
09:48 jesusaur joined #salt
09:48 onslack <msmith> put the right master finger in the config?
09:49 onslack <msmith> bit difficult to know without any logs indicating what the problem might be
09:51 b joined #salt
09:54 _xor- joined #salt
09:55 xet7 joined #salt
09:56 c4rc4s joined #salt
09:56 alex-zel joined #salt
10:10 alex-zel do cloud profiles and provider get renders like map files?
10:10 alex-zel rendered
10:25 babilen tonthon: Cheers for #46921!
10:27 mbologna joined #salt
11:39 zerocoolback joined #salt
12:13 briner joined #salt
12:15 Waples_ joined #salt
12:16 Waples_ Hey guys! I was wondering if I can tell SaltStack to use Python3.* instead of python2.7, is that a variable I can set or is it taken over from the system?
12:21 Nahual joined #salt
12:23 babilen Waples_: You could install the py3 packages
12:23 onslack <florian.benscheidt> you mean via pip?
12:23 Waples_ babilen: you mean via pip ?
12:23 babilen No, if you install via pip your Python environment should be clear already
12:24 babilen (and would be either py2 or py3)
12:24 babilen I am referring to the packages on https://repo.saltstack.com/
12:24 babilen Which platform are you on, Waples_ and how did you install SaltStack?
12:25 Waples_ we deploy/provision via the default way (bootstrap script)
12:26 Waples_ centos7 btw, which has (still!) python2.7 as default
12:27 Waples_ hence my question how I can tell SaltStack to use python3.* by default
12:28 babilen On Debian you could install them from http://repo.saltstack.com/py3/debian/9/amd64/latest
12:28 babilen The question therefore is: How do you teach the bootstrap script to do what you wnat
12:28 babilen Are you using it to install from packages/pip/... ?
12:29 babilen We don't use that script at all and just configure repos from which we pull packages
12:29 babilen For us it would therefore simply be a change in repo URL to reflect that we now want the py3 packages
12:30 Waples_ lemme check
12:35 exarkun why does http://jorgar.tumblr.com/post/57483479020/creating-multiple-resources-with-salt-stack claim that `file.directory` can take a `names` argument when https://docs.saltstack.com/en/latest/ref/states/all/salt.states.file.html#salt.states.file.directory clearly shows that no such parameter exists
12:35 Waples_ while im look at our deploy, if I use `http://repo.saltstack.com/py3/redhat/7.4/x86_64/latest/` as the baseurl, is this the full repo or just the py3 packages?
12:36 babilen What's the difference between a "full repo" and "py3 packages" ?
12:36 Waples_ babilen: ie; is `https://repo.saltstack.com/yum/redhat/$releasever/$basearch/latest` the same as the above py3 url
12:37 Waples_ instead then in py3?
12:37 babilen One contains the py2 packages and the other the py3 ones, they are both "full"
12:40 Waples_ babilen: thanks, that indeed was my question :] seems we are using cloud.present and its mumbo jumbo to bootstrap our minions so I'll checkout how to change python versions
12:46 babilen Sure .. the bootstrap script is a bit tricky to navigate sometimes, but you might be able to express your with for "py3" somewhere
12:46 babilen *wish
12:46 Waples_ yeah think I found something.. bit large of a script xD
12:47 Waples_ first im gonna need a new master with the py3 version so gonna test that out first (we dont use bootstrap for that onek
12:49 exarkun https://github.com/saltstack/salt/issues/4508 would be a nice feature
13:05 onslack <msmith> exarkun: i think names is a global parameter, not a state-specific one
13:06 tiwula joined #salt
13:08 onslack <msmith> file.managed accepts names, on each you can put name-specific values
13:09 onslack <msmith> there's a comment in there showing an example
13:10 onslack <msmith> <https://github.com/saltstack/salt/issues/4508#issuecomment-183411996>
13:22 deuscapturus joined #salt
13:23 msmith joined #salt
13:23 onslack <msmith> .
13:29 exarkun msmith: Ah.  I saw that comment.  It wasn't clear to me that this described something possible, it looked like an example of how the feature could be implemented.
13:29 exarkun Is the global `names` parameter documented, then?
13:30 tiwula joined #salt
13:30 onslack <msmith> i'd like to say yes, but i'm not sure where
13:31 onslack <msmith> got it: <https://docs.saltstack.com/en/latest/ref/states/highstate.html#names-declaration>
13:31 deuscapturus joined #salt
13:33 mavhq joined #salt
13:34 exarkun thanks
13:34 onmeac joined #salt
13:40 briner_ joined #salt
13:43 KyleG joined #salt
13:43 KyleG joined #salt
13:43 edrocks joined #salt
13:43 mavhq joined #salt
13:51 akoumjian joined #salt
14:00 sjorge joined #salt
14:04 cgiroua joined #salt
14:09 adriano__ joined #salt
14:12 DanyC joined #salt
14:15 lompik joined #salt
14:23 briner_ joined #salt
14:40 cyp3d joined #salt
14:44 aphor joined #salt
14:55 bachler joined #salt
15:05 sjorge joined #salt
15:05 jw joined #salt
15:06 wj3333 joined #salt
15:07 ecdhe joined #salt
15:09 wj3333 joined #salt
15:12 sjorge joined #salt
15:23 DammitJim joined #salt
15:24 DammitJim I am using openssl passwd -1 to hash the password for a user
15:24 DammitJim is that the right way of doing this in salt?
15:26 aldevar left #salt
15:26 m33p joined #salt
15:29 dezertol joined #salt
15:31 deuscapturus joined #salt
15:35 DammitJim joined #salt
15:36 DammitJim sorry about that, got disconnected
15:36 DammitJim anyways, is: openssl passwd -1 a proper way to hash a user's password to put it in pillar?
15:36 aphor @DammitJim: there might be a pycryptodome function you can use.
15:37 DammitJim but openssl passwd is acceptable, right?
15:37 aphor DammitJim: does the hashed password work?
15:38 DammitJim it's been working for 3 years
15:38 DammitJim I just don't know if something "new" has come out
15:38 rivyn joined #salt
15:40 aphor I think crpyptodome calls libcrypto from openssl.
15:40 aphor If it ain't broke...
15:41 exarkun joined #salt
15:46 Heartsbane joined #salt
15:46 Heartsbane joined #salt
15:51 MTecknology DammitJim: that's a better solution that what I typically do...  (su -; passwd; grep root /etc/shadow; passwd)
15:57 rivyn How would I run a command in the context of assigning it's output to a jinja variable?  I tried this but it doesn't work as expected:
15:57 rivyn {%- set node_ip = salt.cmd.run('ip addr show dev ens160 | grep \'inet \' | head -n 1 | awk \'{print $2}\' | cut -d \'/\' -f 1') -%}
15:58 rivyn node_ip ends up equalling:  'Error: either "dev" is duplicate, or "|" is a garbage.'
15:58 rivyn but the command works fine when I run it manually
15:58 * MTecknology blinks
15:59 MTecknology rivyn: Are you sure you don't want to write everything in bash scripts and just use cmd.script?
15:59 rivyn I want to use the local IP address to put in configuration files with jinja
15:59 onslack <msmith> trivially you're mixing quotes. you can't escape a single quote
15:59 MTecknology k.. modules exist for that
16:00 rivyn onslack: I tried with double quotes on the outside and unescaped single quotes inside - same result
16:00 rivyn MTecknology: what is the module to use then?
16:00 MTecknology https://docs.saltstack.com/en/latest/ref/modules/
16:00 MTecknology wrong link..
16:00 MTecknology https://docs.saltstack.com/en/latest/salt-modindex.html
16:01 rivyn nonetheless, I'd like to know how to use cmd.run in this context as there are probably places where I'll need it where a module doesn't exist at some point
16:01 rivyn which module?
16:01 rivyn that's an index
16:01 MTecknology there is no place where you should ever be running something like that
16:01 rivyn why not?
16:02 onslack <msmith> put simply, because that's not how salt is intended to be used
16:02 MTecknology ^ that
16:02 alex-zel joined #salt
16:02 rivyn so offer solutions please
16:02 MTecknology We keep telling you other solutions..
16:02 MTecknology like find the appropriate module
16:02 onslack <msmith> sometimes there are edge cases where cmd.run is unavoidable, but they're rare
16:02 rivyn how is it intended to be used, when I need to get the local primary IP address and put that into a config file?
16:03 rivyn what solution have you offered?  Go look at a list of all modules with no clue which one should be used or how?
16:03 alex-zel where can i find what kind of argument cloud.map_run takes?
16:03 MTecknology use a minimum level of basic common sense and figure it out?
16:03 onslack <msmith> the easiest way to think about it, certainly when you're starting, is to look for how salt would expect a task to be done. it's an _extremely_ steep learning curve
16:03 MTecknology I'm not into hand-holding and spoon feeding answers
16:04 rivyn MTecknology: I'm sorry that my "minimum level of common sense" is apparently below yours, but I don't have a clue what to try at this point.
16:04 rivyn no, you're into being a jerk and putting others down.  I've noticed.
16:04 MTecknology rivyn: Look at the module list instead of being lazy and expecting someone to tell you the exact module you need for every task
16:04 rivyn I'm sincerely asking for help because I've exhausted my own knowledge/ability
16:04 onslack <msmith> there are network modules, there is a search function. even google. salt is an in-depth administration tool and you can't just take it lightly
16:04 rivyn do you really think I didn't look at the list of modules before asking?
16:05 MTecknology yes, I'm confident of that
16:05 rivyn you're wrong
16:05 MTecknology https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.network.html#module-salt.modules.network
16:05 MTecknology this... a network module, for networking?
16:05 MTecknology hard shit, eh?
16:06 rivyn I looked at the network module yesterday.  It didn't seem to offer much of use.
16:06 rivyn do you really get your rocks off sitting here being as unhelpful as possible?
16:06 MTecknology you seem to get your rocks off on other people doing all of your thinking for you
16:07 rivyn I learn when others help.  I don't learn when you act like this and don't offer anything to learn from
16:07 onslack <msmith> rivyn: different people have different ways to do things. salt is - by far - best learnt by experience, so rather than give the solution directly we tend to lead people to find it on their own
16:07 rivyn it's what IRC is for - helping one another
16:07 MTecknology helping != spoon feeding | hand holding
16:07 rivyn how am I supposed to "get experience" if everything I've tried doesn't work?
16:08 rivyn it's a simple question, probably with a simple answer, but one that I don't know
16:09 rivyn if you don't want to help then at least STFU, because you're just being an aggravation for no apparent reason other than it makes you feel smarter than me.
16:09 onslack <msmith> try `network.interface_ip` for a start. i haven't done this before either but it's not difficult to work out
16:09 Eugene #salt is free support. Don't like it? Go get a refund
16:09 Eugene This is basic IRC decency
16:11 Edgan rivyn: You are doing your node_ip the hardway. Do it in python with a grain. I do something very similar.
16:11 onslack <msmith> the plot usually goes like this: someone asks for something, we post a link and that's the response. if that's not enough then the best thing to do next is a simple comment along the lines of:  i've looked at that and i can't spot what i need, can anyone suggest something else i can look at?
16:12 onslack <msmith> i still submit that `network.interface_ip eth0` is the salt way
16:12 Edgan https://pastebin.com/ETKbXU79
16:12 Edgan Can't always trust it is eth0
16:13 onslack <msmith> very true, but if you know it is...
16:13 Edgan My solution in the url above deals with not knowing the interface name
16:13 MTecknology in their case, it's ens160
16:16 onslack <msmith> you could just use `network.ip_addrs` then. on a windows host the interface name is even worse
16:17 onslack <msmith> s/host/minion/
16:18 Edgan But ip_addrs implies multiple ips, and then you have to sort through them
16:19 onslack <msmith> very true. there can be multiple. and yes, you do
16:19 rivyn left #salt
16:19 onslack <msmith> although if you know the cidr you want then it has a filter
16:20 onslack <msmith> all of this i gleaned from a few minutes reading the docs
16:20 cewood joined #salt
16:20 rivyn joined #salt
16:26 rivyn left #salt
16:34 gh34 joined #salt
16:37 rivyn joined #salt
16:37 onslack <jennifer.wokaty> hi. I'm having trouble trying to grant privileges on an existing mysql db. I'm trying to update pillars and formulas that worked in carbon to work in oxygen. When I use mysql_grants.present to grant all privileges on test_db.*, it works fine; however, when I try to grant privileges for select, for example, it fails stating that "MySQL Error 1146: Table 'test_db.*' doesn't exist". It didn't look like mysql_grants changed from carbon to oxygen. An
16:38 MTecknology you cut off after ". Any", but I assume nothing of importance followed?
16:39 onslack <jennifer.wokaty> "Any suggestions?" That's it.
16:40 MTecknology What's your state look like?
16:43 onslack <jennifer.wokaty> mariadb_grant_privileges_on_test_db:  mysql_grants.present:    - grant: SELECT,INSERT,UPDATE,DELETE    - database: test_db.*    - host: localhost    - user: test-user    - connection_user: root    - connection_host: localhost    - connection_pass: password
16:47 MTecknology the mysql_grants state module hasn't changed in any significant way (only one commit about unicode handling. The mysql execution module it uses has definitely changed.
16:47 immune2iocane joined #salt
16:47 babilen Wasn't that one of the broken things in 2018.3.0 ?
16:48 onslack <jennifer.wokaty> where can i find the execution module?
16:49 onslack <jennifer.wokaty> i think my problem is related to backticks or quoting. at least i can reproduce the error message in mysql with something likeMariaDB [intranet_dev]>; GRANT SELECT, INSERT, UPDATE, DELETE ON `test_db`.`*` TO 'test-user'@'localhost';ERROR 1146 (42S02): Table 'test_db.*' doesn't exist
16:50 scivola i ran into that same problem
16:50 scivola -database: "test.*" is converted into `test`.`*` instead of `test`.*
16:50 scivola the former doesn't work in mysql
16:52 MTecknology this is the module- https://github.com/saltstack/salt/blob/develop/salt/modules/mysql.py  (I got distracted looking for an existing bug... I didn't find any)
16:53 scivola i didn't either, but i was too busy at the time to file one
16:53 MTecknology What happens if you use  - database: 'test_db.*'?
16:53 scivola same thing
16:53 scivola double, single, no quotes all put `*`
16:54 onslack <jennifer.wokaty> did you find a workaround?
16:54 MTecknology it sounds like a bug report is definitely needed
16:54 scivola uh, yea, i just used mysql_query :S
16:54 onslack <jennifer.wokaty> haha
16:55 onslack <jennifer.wokaty> i guess will write an issue. thank you both.
16:55 scivola it happens somewhere before https://github.com/saltstack/salt/blob/e974cf385d3ac0b86959a0eca88d96c9e3527ec3/salt/modules/mysql.py#L1709
16:55 scivola since that debug statement shows the quotes too
16:56 MTecknology It could probably be pretty easily traced with pudb to track down exactly where the things go awry
16:59 ecdhe MTecknology: do you use a salt incantation to install the latest atom editor on any of your machines?
17:00 * MTecknology uses vim..
17:01 * ecdhe uses nano
17:02 babilen MTecknology: I couldn't find one either .. I have been checking the bug lists often in the last days and seem to remember one mysql_grant one, but the last one that came up doesn't look related
17:02 * babilen uses emacs
17:03 MTecknology emacs requires too many magic key combos for my taste
17:09 ecdhe I like to use salt to install my IDEs, browser plugins, etc, but it's tricky.  For browser plugins, you have to pin a version of firefox and pin the addon version to make it work.  For atom, I'll need to pin their package URL.
17:09 ecdhe Signal is easy to install with salt; they run their own repo and you just install the latest.
17:10 ecdhe I wish more software was as easy to deploy.
17:10 ecdhe ...deploy and keep up to date.
17:13 MTecknology I stick with distro-maintained repos and use .d/ config dirs whenever possible- it helps a lot.
17:20 Edgan MTecknology: I disagree with .d in most cases. I find is far easier to have a monolithic config for most things. .d just spreads the pain. The exceptions are apache and nginx in cases where multiple apps have to co-exist. If it is solo apps, I still find a monolithic nginx.conf, easier.
17:21 MTecknology Edgan: aren't you a big docker user?
17:21 Edgan MTecknology: As for distro maintained packages, they are awesome till their not. Too old of a version, unpatched bugs, etc.
17:21 Edgan MTecknology: I am not.
17:24 whyzgeek joined #salt
17:25 MTecknology I prefer .d dirs partly because they make upgrades infinitely easier. Most of the time, when a primary config file, like etc/salt/{master,minion} or nginx.conf, change, they make non-breaking changes that are usually a good idea to adopt. One particular case that comes to mind is when we removed SSLv3 from nginx.conf.
17:25 MTecknology Anyone managing that file would have to deal with oldconf/newconf, anyone not managing it just stops supporting SSLv3 (with a NEWS entry presented)
17:27 pilatii joined #salt
17:33 MTecknology Edgan: When I had problems with package age where I didn't trust the upstream package repo (basically anything that isn't salt), I've always had excellent luck with pulling from debian testing.
17:34 pilatii_ joined #salt
17:43 briner joined #salt
17:44 rivyn left #salt
17:47 DanyC joined #salt
17:52 Edgan MTecknology: I would need a clearer example, but part of the problem with .d is the left hand doesn't know what the right hand is doing, and a conflicting change happens in another configuration file. Even worse when one silently overwrites the other, maybe makes app b work, but breaks a.
17:57 MTecknology true- that's always a potential problem, but not one I've ever actually run into
17:58 Edgan MTecknology: I think you are trying to say you can have two versions of the ssl configuration file by breaking out SSL from the main configuration file. But that is solvable with an if statement. Also having two versions of the SSL configuration file leads to duplication. You add say the HSTS age in one, and forget to do it in the other.
17:59 immune2iocane joined #salt
18:12 KyleG joined #salt
18:12 KyleG joined #salt
18:31 Hybrid joined #salt
18:42 Eugene My 2c: The .d/ pattern is good if you can depend upon the upstream packagers to NOT CHANGE DEFAULTS on you. At a previous job (Red Hat shop, with our own package mirrors) we did everything with PXE + RPM magic.
18:43 MTecknology rhell has a habit of pulling that kinda stunt
18:43 Eugene Meaning, each server would PXE-boot, grab its manifest of packages (including role- and server-specific ones), install, mount NFS targets, and be good to go
18:43 MTecknology that's a nice way to maintain systems
18:43 Eugene Indeed; that's why we had a totally-separate Prod environment. Packages were pulled from the RHEL upstream into Testing. Assuming nothing broke it would be copied to Prod at some point, and auto-installed during the next system reboot
18:44 Eugene If a node was ever misbehaving you just rebooted it - fresh / filesystem, same old NFS /data
18:45 Eugene The PXE server that did all of this, on the other hand, had an unmaintainable mass of perl scripts
18:45 Eugene But I don't work there anymore, so hahahaha to them
18:46 Eugene In my Salt environments I tend to just overwrite the package.conf file provided by the package.... but stuff for individual "customers" goes into .d/
18:47 Eugene Eg, my main webserver has its server config in nginx.conf, and then each website I host is /etc/nginx/conf.d/example.com.conf
18:50 Hybrid joined #salt
18:59 Edgan MTecknology: Any file maintained by configuration management that has a man page of comments it in, I like to strip out all the comments. So it is 100x clearer what the configuration is
19:01 Edgan MTecknology: So default configuration files aren't left. /etc/salt/minion is a good example of this
19:03 lkthomas_ joined #salt
19:04 MTecknology I'm sure I can picture your setup pretty clearly.
19:04 MTecknology This is one where we gotta agree to disagree because either approach has merit.
19:05 ymasson joined #salt
19:12 lkthomas__ joined #salt
19:12 Eugene In the cases where I rewrite distro-provided config files I add a boilerplate warning that "Salt will eat your changes"
19:12 Eugene Makes it clear to drunk-me wandering aroudn with `sudo vim` later
19:12 * MTecknology doesn't sudo vim
19:13 Eugene Sober me doesn't either
19:13 * MTecknology doesn't do changes.. salt do changes
19:13 MTecknology drunk me is too angry to make changes
19:14 gtmanfred always `sudo -e`
19:14 MTecknology (don't look at my git commit logs...)
19:15 MTecknology TIL: sudoedit
19:15 Eugene On most systems I touch sudoedit defaults to nano :-/
19:16 MTecknology sudo in my home environment isn't usable by users... it just sends me an immediate email about unauthorized accesss.
19:16 Eugene (I know you can change it, but its quicker to just type `sudo vim` to begin with)
19:17 MTecknology I have a personal policy that I absolutely do not hand-edit files on a server. Anything that changes should be at the hand of automation.
19:22 sjorge joined #salt
19:23 Trauma joined #salt
19:31 lkthomas__ joined #salt
19:31 sjorge joined #salt
19:32 zer0def joined #salt
19:33 DanyC_ joined #salt
19:34 Edgan gtmanfred: why -e?
19:34 Edgan nm
19:35 gtmanfred :)
19:35 gtmanfred it will run EDITOR with sudo in front of it
19:35 gtmanfred same as sudoedit iirc, you should just be able to do a symlink to /usr/bin/sudo named sudoedit, and it should actually run sudo -e /path/to/file
19:35 gtmanfred i don't know why it exists, but I use it from time to time when I remember it exists
19:36 Edgan MTecknology: If salt is always making the changes, and files always come after pkgs, my way works.
19:37 gtmanfred yup, works, it is great
19:44 MTecknology Edgan: I was just saying I never do 'sudo vim' or anything similar.
19:46 MTecknology well... not in my personal environment or $client-2.1. For $client-2.0, it's a regular requirement to make changes because salt highstates regularly break more than they fix
19:54 DanyC joined #salt
19:56 DanyC__ joined #salt
20:07 sjorge joined #salt
20:12 mchlumsky joined #salt
20:15 BarBQ joined #salt
20:18 socket- Hey all, when i upgradded my salt master, I noticed a new error. Any ideas whats goign on here, it looks like it's expecting a string when i passed a dict maybe?
20:18 socket- https://gist.github.com/danbryan/3feaa5dd0d4f05497dddad94a90e2553
20:20 immune2iocane joined #salt
20:21 whytewolf um, where did you get that example of gitfs_root?
20:21 edrocks joined #salt
20:21 socket- there have been many hands in this, i think it hasn't been modified in a while, is it out dated?
20:22 whytewolf it was never valid
20:22 socket- weird
20:22 whytewolf I'm surprised it ever worked
20:22 socket- yeah, my states get applied, i just have a warning now
20:22 socket- before they got applied with no warnings
20:23 whytewolf gitfs_root = the root setting inside of gitfs_remotes
20:23 scivola socket-: is your minion 2018.3 too?
20:23 whytewolf gitfs_root on it's own just sets a default for that value
20:23 scivola that happened to me because the minion was still 2017.7
20:24 scivola (not that specifically, but highstates failed)
20:25 socket- scivola: my master, and minion are now both 2018.3...
20:26 aphor what's the best way to expose a new custom execution module for the master to use via runners?
20:27 edrocks joined #salt
20:28 whytewolf aphor: put custom running in salt://_runners. sync to master with salt-run saltutil.sync_runners
20:29 aphor @whytewolf THX!
20:29 whytewolf socket-: commented on your gist.
20:30 whytewolf oh wait. you want that second item to be a dev env
20:38 joshin joined #salt
20:38 joshin joined #salt
20:43 cgiroua joined #salt
20:43 viq oh man, engines hate me
20:44 viq thorium claims it can't find it's top.sls, whereas slack one gives me https://pbot.rmdir.de/NuCkTtynd2saX3lcVIPFkg
20:55 sjorge joined #salt
21:03 onlyanegg joined #salt
21:12 tzero is there a direct correlation between salt.modules.* and salt.states.* ?
21:14 MTecknology state modules use execution modules to do things
21:14 tzero oh, hmm... states are implemented as a salt.modules., as if the "puppet/chef-like" state management is a side effect of having the whole messagebus thing
21:16 MTecknology viq: I'd have to see more to have anything better, but "local variable 'user_id' referenced before assignment" seems pretty straight forward, ya?
21:17 deuscapturus joined #salt
21:21 __number5__ joined #salt
21:24 aphor @tzero: modules are imperative eg. service.restart
21:24 aphor states are declarative eg. service.dead
21:25 Valfor joined #salt
21:25 Valfor joined #salt
21:28 eekrano joined #salt
21:34 tzero ah, that's a handy distinction
21:45 rivyn joined #salt
21:45 rivyn am I still muted?
21:47 edrocks joined #salt
22:26 aphor @rivyn: no
22:27 rivyn thanks
22:27 aphor NP
22:28 aphor So... orchestration states in parallel problematic, mysterious, or quotidian?
22:40 zulutango joined #salt
22:43 onlyanegg joined #salt
23:13 mikecmpbll joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary