Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2015-03-19

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:00 MindDrive Wait, so the Master can still ask for things that require root access from the minions without running as root itself?
00:00 MindDrive er, master... no need to capitalize
00:00 murrdoc yeah
00:00 murrdoc just make sure the user you make as sufficient file limit configured
00:01 murrdoc and can access the queue
00:01 MindDrive I did not know this.  Huh.  That still leaves the question open as to how to allow given clients to only be able to request certain types of commands/modules, of course, but good information to know.
00:03 MindDrive murrdoc: And I'm being dense, but what does the 'queue' refer to in this case?  (Sorry!)
00:03 iggy external auth might be worth looking at too
00:04 alainv joined #salt
00:05 * JordanTesting is still looking at Linuturk
00:06 pravka I have a question about __opts__['PILLAR_RAISE_ON_MISSING']
00:07 pravka where is that option expected to be configured?
00:07 pravka http://docs.saltstack.cn/en/latest/ref/modules/all/salt.modules.pillar.html
00:07 garthk aah, ok: hapi-auth-cookie returns the session as artifacts… might still be able to pull this off :)
00:07 pravka https://github.com/saltstack/salt/pull/19122
00:07 garthk MT
00:08 pravka anyone?
00:08 treborTech joined #salt
00:09 iggy config file
00:09 pravka which config file?
00:10 pravka http://docs.saltstack.com/en/latest/ref/configuration/minion.html
00:10 pravka it's not listed as a configuration option for the minion
00:10 pravka is it 'PILLAR_RAISE_ON_MISSING' or pillar_raise_on_missing
00:10 iggy lower case
00:11 pravka so in /etc/salt/minion or minion.d, right?
00:11 pravka lower case would seem to contradict __opts__['PILLAR_RAISE_ON_MISSING']
00:12 pravka (which is how it's actually referenced in the module
00:12 iggy it was changed before it was committed
00:12 dingo joined #salt
00:12 iggy you do realize that option isn't in any released version of salt right?
00:13 otter768 joined #salt
00:13 pravka actually
00:13 pravka I didn't :(
00:13 pravka my bad!
00:13 iggy it'll be in 2015.2
00:15 pravka we might need to fix the doc stream
00:15 pravka 'cause this: http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.pillar.html#salt.modules.pillar.get
00:15 iggy it's fixed in devel, but it's bad in 2015.2
00:15 pravka makes it sound like it's available now
00:16 pravka are all the docs for devel?
00:16 dingo ^ yes indeed, i thought it was available now
00:19 p0rkbelly joined #salt
00:23 iggy yeah, I get really tired of commenting on commits "this wasn't version annotated"
00:24 iggy it happens way too often
00:26 JoshuaX joined #salt
00:28 baweaver joined #salt
00:30 MindDrive Hmm... does 'peer' and 'client_acl' work in conjunction with each other?
00:30 dude051 joined #salt
00:31 MindDrive In my case, I want certain users to be able to run certain commands, but only from a given set of systems.
00:31 enarciso joined #salt
00:31 MindDrive (I already have 'peer' set up for this.)
00:36 MindDrive (I need to head out, but will check back tomorrow)
00:38 I3olle joined #salt
00:39 bluenemo_ joined #salt
00:39 mikaelhm joined #salt
00:40 JoshuaX joined #salt
00:44 joshfu joined #salt
00:44 cheus joined #salt
00:48 enarciso joined #salt
00:51 Nazca__ joined #salt
00:55 mapu joined #salt
01:03 primechuck joined #salt
01:07 neogenix_ joined #salt
01:08 aqua^mac joined #salt
01:11 Nazca joined #salt
01:11 pipps joined #salt
01:12 micko1 joined #salt
01:13 amcorreia joined #salt
01:18 neogenix_ joined #salt
01:23 jespada joined #salt
01:27 egil joined #salt
01:30 mohae joined #salt
01:33 NV joined #salt
01:34 itru joined #salt
01:34 itru can I somehow do this in CLI? pillar.get('buildbot', {}).get('builds', None)
01:34 itru now I managed only # salt-call pillar.get buildbot
01:35 itru but don’t know how to get “builds”
01:36 aparsons joined #salt
01:38 SheetiS itru: salt-call pillar.get 'buildbot:builds'
01:38 SheetiS btw you can do that in jina with salt['pillar.get'] as well
01:39 SheetiS *jinja
01:41 itru salt-call pillar.get 'buildbot:builds' doesn’t work for me
01:41 itru oh, it works, thanks
01:41 MatthewsFace joined #salt
01:45 SheetiS itru: no problem.
01:45 baweaver joined #salt
01:50 _JZ_ joined #salt
01:52 Nazca__ joined #salt
01:53 ekristen joined #salt
02:01 JoshuaX joined #salt
02:04 pravka joined #salt
02:05 __number5__ Is there a 'salty' way to check if certain pillar sls exists in python code?
02:05 pipps joined #salt
02:07 JoshuaX joined #salt
02:14 otter768 joined #salt
02:23 evle joined #salt
02:23 SheetiS1 joined #salt
02:24 donmichelangelo joined #salt
02:25 __number5__ to answer my question: seems salt.fileclient.LocalClient.get_state can do that
02:25 pravka joined #salt
02:26 preachermanx joined #salt
02:38 catpigger joined #salt
02:38 otter768 joined #salt
02:47 ilbot3 joined #salt
02:47 Topic for #salt is now Welcome to #salt | SaltConf 2015 is Mar 3-5! http://saltconf.com | 2014.7.2 is the latest | Please be patient when asking questions as we are volunteers and may not have immediate answers | Channel logs are available at http://irclog.perlgeek.de/salt/
02:48 everbird joined #salt
02:48 scbunn joined #salt
02:49 treborTech joined #salt
02:57 mwpher joined #salt
02:58 favadi joined #salt
02:59 mwpher How can I debug the Jinja rendering? Have a mystery error I'm trying to figure out
03:00 schristensen joined #salt
03:05 JoshuaX joined #salt
03:06 dude051 joined #salt
03:06 clintberry joined #salt
03:09 thayne joined #salt
03:13 jespada joined #salt
03:24 mwpher joined #salt
03:24 __number5__ mwpher: have you try salt state.show_sls with -l debug?
03:25 primechuck joined #salt
03:25 bhosmer_ joined #salt
03:25 mwpher Oh crap, thank you __number5__!
03:26 __number5__ no worries. Problem solved?
03:26 mwpher I'm wondering if the docs need work... I keep encountering problems which have been solved, but I can't find the do
03:26 mwpher *solution
03:26 mwpher Yeah, you got it
03:27 __number5__ mwpher: file an issue about the docs
03:28 mwpher Maybe
03:29 mwpher I'll write these down and submit them if I can
03:33 thayne joined #salt
03:34 JoshuaX joined #salt
03:38 mwpher joined #salt
03:39 mwpher One more thing... Im not able to render the sls because of a jinja error. How can i get more info from jinja?
03:40 Nazca joined #salt
03:47 JoshuaX joined #salt
03:51 spookah joined #salt
03:54 dude051 joined #salt
03:55 thayne joined #salt
04:01 hal58th joined #salt
04:19 kermit joined #salt
04:19 _JZ_ joined #salt
04:21 druonysus joined #salt
04:21 druonysus joined #salt
04:22 JoshuaX joined #salt
04:24 refnode_ joined #salt
04:32 mikaelhm joined #salt
04:35 twobitsprite joined #salt
04:43 jespada joined #salt
04:50 thayne joined #salt
04:59 forrest joined #salt
05:09 pipps joined #salt
05:14 otter768 joined #salt
05:17 pipps99 joined #salt
05:23 mikaelhm joined #salt
05:33 jespada joined #salt
05:39 pravka joined #salt
05:43 felskrone1 joined #salt
05:56 iggy salt-call -l debug
05:56 iggy it'll show the rendered yaml
06:05 malinoff joined #salt
06:08 enarciso joined #salt
06:29 cberndt joined #salt
06:34 jeddi joined #salt
06:38 krelo joined #salt
06:39 picker joined #salt
06:53 dopesong joined #salt
06:56 giantlock joined #salt
06:58 Nebraskka what is the best practice to upgrade salt-minion? i had two servers where it didn't come back online after pkg.upgrade, needed to service salt-minion restart by hand
07:02 mattiasr joined #salt
07:07 stej joined #salt
07:09 krelo joined #salt
07:11 MikaT joined #salt
07:13 picker http://docs.saltstack.com/en/latest/faq.html#what-is-the-best-way-to-restart-a-salt-daemon-using-salt this might help
07:15 otter768 joined #salt
07:15 Pixionus joined #salt
07:25 kawa2014 joined #salt
07:30 dopesong joined #salt
07:31 Pixionus joined #salt
07:32 AndreasLutro joined #salt
07:32 I3olle joined #salt
07:37 MikaT Hi. Does anyone have a good workaround for minions dying after saltutil.refresh_pillar, e.g. this: https://github.com/saltstack/salt/issues/18648
07:38 cberndt joined #salt
07:43 jhauser joined #salt
07:44 ShibMcNe Hi, is anyone with an in-depth knowledge of salt crypto there ? =]
07:45 ShibMcNe I'm looking at the sources, trying to figure if minions are checking the integrity of the messages sent over zeromq by the master, making sure that man in the middle attacks from another minion are not possible.
07:46 KermitTheFragger joined #salt
07:46 flyboy joined #salt
07:54 Terminus- joined #salt
07:54 favadi joined #salt
07:54 Terminus- hello. question, where is foo.has_key('bar') documented? i don't see it in either the jinja docs or the salt jinja renderer docs.
07:55 \ask joined #salt
07:58 trikke joined #salt
07:59 Auroch joined #salt
07:59 everbird joined #salt
08:00 everbird joined #salt
08:00 everbird joined #salt
08:03 sieve joined #salt
08:04 eseyman joined #salt
08:04 AndreasLutro Terminus-: it's a method on the python dictionary class in python 2.x, using `'bar' in foo` is preferred
08:05 lb1a joined #salt
08:06 Terminus- AndreasLutro: yeah but i thought you can't execute arbitrary python functions in jinja templates? or are class member functions executable?
08:09 dRiN joined #salt
08:12 dkrae joined #salt
08:16 eseyman joined #salt
08:18 mcescher joined #salt
08:20 AndreasLutro Terminus-: it's not a function though, it's a method available on any dictionary object, and you've passed a dictionary object to the jinja template
08:20 TyrfingMjolnir joined #salt
08:20 Terminus- AndreasLutro: ok, so methods work. at least for standard data types i guess.
08:21 AndreasLutro methods and properties should work on any type
08:21 oxae joined #salt
08:21 Terminus- AndreasLutro: gotcha.
08:26 fredvd joined #salt
08:32 clmsy joined #salt
08:37 wincyj joined #salt
08:40 \ask joined #salt
08:44 nocturn joined #salt
08:44 nocturn joined #salt
08:47 intr1nsic joined #salt
08:47 twobitsprite joined #salt
08:53 catpiggest joined #salt
09:09 ShibMcNe Am I right to assume that a rogue minion would be able to carry a MITM attack against both the master and other minions regarding everything that is encrypted with the "common" AES key ?
09:10 intellix joined #salt
09:12 Xevian joined #salt
09:14 ShibMcNe I have a hard time finding which messages are sent with the common AES key or with a specific AES key
09:15 otter768 joined #salt
09:16 kawa2014 joined #salt
09:17 I3olle joined #salt
09:18 flyboy joined #salt
09:20 N-Mi_ joined #salt
09:22 dopesong_ joined #salt
09:23 dopesong joined #salt
09:27 bhosmer joined #salt
09:28 nexsja^ joined #salt
09:33 Andre-B joined #salt
09:36 sieve joined #salt
09:37 MaliutaLap joined #salt
09:37 MaliutaLap left #salt
09:38 paulm- joined #salt
09:39 mattiasr joined #salt
09:40 nocturn_ joined #salt
09:48 thehaven joined #salt
09:57 N-Mi_ joined #salt
09:58 sieve joined #salt
10:04 peters-tx joined #salt
10:04 emirozer joined #salt
10:06 bluenemo joined #salt
10:06 bluenemo joined #salt
10:08 refnode joined #salt
10:09 Auroch joined #salt
10:10 enarciso joined #salt
10:10 donmichelangelo joined #salt
10:13 aquassaut joined #salt
10:19 dwfreed joined #salt
10:21 kawa2014 joined #salt
10:33 sieve joined #salt
10:36 stej Hi, what's the best way to trigger highstate on new minions?
10:36 stej I only want to do this on new minions.
10:36 stej So after the key is accepted, which I do automatically.
10:45 mdupont joined #salt
10:46 giantlock joined #salt
10:50 bhosmer joined #salt
10:52 flyboy joined #salt
10:56 SheetiS joined #salt
10:58 babilen joined #salt
11:00 CeBe joined #salt
11:01 jtang joined #salt
11:01 amcorreia joined #salt
11:05 XenophonF stej: i think reactor can do that
11:05 treborTech joined #salt
11:07 XenophonF stej: http://docs.saltstack.com/en/latest/topics/reactor/index.html has an example of what you're asking
11:07 XenophonF stej: look under section 6.6 (Understanding the Structure of Rector Formulas)
11:08 XenophonF stej: one of the examples given is about salt/key ("The following example uses Salt's Reactor to listen for the event that is fired when the key for a new minion is accepted on the master using salt-key.")
11:09 XenophonF stej: section 6.7 shows exactly what you want - highstate after accepting a key - http://docs.saltstack.com/en/latest/topics/reactor/index.html#a-complete-example
11:10 catpigger joined #salt
11:10 devweasel joined #salt
11:10 ptinkler joined #salt
11:16 otter768 joined #salt
11:20 evle1 joined #salt
11:28 colttt joined #salt
11:31 64MACDD5N joined #salt
11:33 kawa2014 joined #salt
11:50 scarcry joined #salt
12:01 jtang joined #salt
12:02 shorty_mu joined #salt
12:02 zwi joined #salt
12:06 hasues joined #salt
12:07 hasues left #salt
12:11 diegows_ joined #salt
12:11 renoirb joined #salt
12:12 shorty_mu Hi all, I'm using the Gitfs backend. For a devel-VM running the master I had to change "gitfs_base" and "gitfs_env_whitelist" to use a branch. When I start the master the first time it seems to run git-related stuff. But I end up with an empty cache. No problems in the Logifle. Any ideas? I'm using 2014.7.1.
12:12 sieve joined #salt
12:12 jespada joined #salt
12:15 Furao joined #salt
12:18 katyucha joined #salt
12:22 picker using pillars how to push some values in a file say a conf file as plain instead of json?
12:22 picker http://pastebin.com/kinR9uTv
12:26 picker no one?
12:32 johtso joined #salt
12:38 diegows joined #salt
12:39 wnkz joined #salt
12:41 wincyj joined #salt
12:43 emirozer joined #salt
12:44 clmsy joined #salt
12:45 cmcmacken joined #salt
12:45 rgarcia_ joined #salt
12:46 denys joined #salt
12:49 Ahlee anybody successfully put the saltapi netapi stuff behind apache or nginx?  Apache seems to be stripping my application/json and replacing it with application/x-www-form-urlencoded, which the get_json method throws up on as it requires application/json
12:50 Ahlee picker: salt['pillar.get']('resolv', {})
12:50 Ahlee picker: also, target a minion and run pillar.iget resolv, does it come back with a value or a list?
12:51 Ahlee shorty_mu: did you bump the log upt o debug at least? a lot of that logging goes on at debug or lower for gitfs
12:52 Ahlee shorty_mu: also, you're positive the user running your master has the the public/private key all straightened out, you can clone the repo without username/password from that user somewhere on disk to verify?
12:54 subsignal joined #salt
12:54 shorty_mu Ahlee: Yes, I dit. It is just saying that it is updatting fileserver. The credentials are the same as on out master. Thing is the repo is checked out into gitfs/<hash>/.git. But no files appear in files_lists. The directory doesn't even exist.
12:54 shorty_mu s/out/our
12:56 Ahlee when I used gitfs, it populated /var/cache/salt/master/<somehwere> with a shallow clone, and we had to specify an env=<branch>, else it defaulted to master
12:56 Ahlee are you using gitfs_provider of pygit2 or GitPython?
12:57 intellix joined #salt
12:58 JDiPierro joined #salt
12:59 shorty_mu Ahlee: The latter, GitPython. Correction: gitfs/<hash>/.git is populated but not gitfs/refs/<branch> where alle the files should be. Where did you specify env=... I changed the base with gitfs_base to a different branch than master.
12:59 Ahlee shorty_mu: On the command line.  salt <minion> state.sls state env=<branch>
13:00 Ahlee and in environment: <branch> in the minion's config
13:00 Ahlee Note, this was during 0.17.0 days
13:00 jeremyr joined #salt
13:02 shorty_mu Ahlee: Damn! Now it's working. I use env_whitelist and only added the branch I made to the base. But I have to explicitly add base to whitelist too. Sry, my bad. Using Helium here.
13:02 Ahlee excellent, glad you found it as I was out of suggestions :)
13:03 shorty_mu Ahlee: Cheers!
13:10 trikke joined #salt
13:11 N-Mi_ joined #salt
13:11 N-Mi_ joined #salt
13:17 wnkz joined #salt
13:17 otter768 joined #salt
13:19 debian112 joined #salt
13:20 Habsgoalie joined #salt
13:21 jdesilet joined #salt
13:25 bhosmer joined #salt
13:27 drawsmcgraw joined #salt
13:27 murrdoc joined #salt
13:27 dude051 joined #salt
13:29 paulm-- joined #salt
13:30 wincyj joined #salt
13:33 jespada joined #salt
13:37 cheus joined #salt
13:38 nitti joined #salt
13:40 clone1018_ joined #salt
13:40 jtang joined #salt
13:41 brick joined #salt
13:48 timoguin joined #salt
13:49 shorty_mu left #salt
13:49 sieve joined #salt
13:50 mapu joined #salt
13:50 clone1018_ joined #salt
13:50 druonysus joined #salt
13:50 druonysus joined #salt
13:51 JDiPierro joined #salt
13:51 StDiluted joined #salt
13:54 dyasny joined #salt
13:55 refnode joined #salt
13:57 andrew_v joined #salt
13:57 Furao joined #salt
14:00 clone1018_ joined #salt
14:00 picker Ahlee : The sntax that worked was "{{ salt['pillar.get']('nameserver:n1',{}) }}"
14:00 mr-op5 joined #salt
14:01 picker so we have to mentioned one level down for it
14:01 treborTech joined #salt
14:03 jerematic joined #salt
14:05 murrdoc <3 pillars
14:05 dyasny joined #salt
14:09 picker Ahlee: oops i was wrong. your suggestion did worked.
14:09 picker thanks
14:10 clone1018_ joined #salt
14:11 pass_by_value joined #salt
14:13 johnkeates joined #salt
14:15 jrb28 joined #salt
14:15 johnkeates why is the documentation for linux_acl so sparse>
14:16 brick left #salt
14:16 signull johnkeates: a lot of documentation is sparse sadly
14:16 * johnkeates is sad
14:17 johnkeates do you, or anyone else by chance have some information on salt.states.linux_acl ?
14:17 signull johnkeates: open up the state file or module file of linux_acl
14:17 johnkeates oh
14:17 signull look for for the functions
14:17 johnkeates we need to go back to the source!
14:17 Ahlee the documentation is written by developers, for developrs
14:17 signull underneath them there are some additional doc strings
14:17 Ahlee not for sysadmins
14:17 johnkeates yes, I totally forgot about that
14:17 johnkeates also, i'm not really a sysadmin, more like a SE or maybe architect
14:18 johnkeates i'll do some source digging
14:18 signull i have found tons of additional features that werent on the doc pages
14:18 johnkeates where can I commit documentation updates?
14:18 johnkeates I've been contributing to some salt-formulas on github
14:18 signull either edit the page on github
14:18 johnkeates okay
14:18 signull or
14:18 signull fork the repo
14:18 signull create a new branch
14:18 johnkeates yes, of course.
14:18 signull and then request to merge it back
14:18 Brew joined #salt
14:18 johnkeates I guess I had to much coffee today or to little
14:19 signull you can never have too much coffee
14:19 johnkeates of course, the sources, git PR's etc
14:19 johnkeates yes
14:19 johnkeates well
14:19 murrdoc code is documentation
14:19 johnkeates yes
14:19 johnkeates YES to all of it :-D
14:19 murrdoc :)
14:19 murrdoc you can read the code easy btw
14:19 signull murrdoc: i do not beleive code should be documentation
14:20 johnkeates it's been a kind of cereal in the fridge, milk in the cupboard kind of day..
14:20 murrdoc u are right signull
14:20 clone1018_ joined #salt
14:20 signull by that analogy its almost simpler to come up with your own configuration manager/orchestration tool
14:20 murrdoc but code is the ultimate doc
14:20 signull that is true
14:20 signull if code was Shakira's hips.... They don't lie
14:21 murrdoc also in salts case … the documentation is basically the doc-blocks in the code
14:21 johnkeates Shakira's hips are a bunch of liars
14:21 murrdoc so i have found it easier to read
14:21 johnkeates Don't trust hips. They manipulate
14:21 signull murrdoc: this is true but insanely upsettings
14:21 murrdoc https://github.com/saltstack/salt/blob/develop/salt/states/linux_acl.py and https://github.com/saltstack/salt/blob/develop/salt/modules/linux_acl.py
14:22 johnkeates yes, I'm already reading the py code
14:22 treborTech joined #salt
14:22 murrdoc :) help your saltstack devs, update the code doc blocks as you find stuff
14:22 johnkeates it's nice to see that the state simply passes to the module
14:22 signull murrdoc: I have even go so far to create an issue with salt to say they should create a lint to ensure there is documentation and version annotation. https://github.com/saltstack/salt/issues/21550
14:22 flyboy82 joined #salt
14:22 johnkeates which makes the whole structure rather slim and nice and tight yet loosely coupled
14:22 signull it has apparently sparked a rather large internal debate
14:23 murrdoc signull:  nice
14:23 murrdoc state functions are basically wrappers for modules
14:23 johnkeates <3 oh salt
14:23 murrdoc they run modules and return data as the json expected by the config
14:23 murrdoc sorry returner not config
14:24 * johnkeates drinks some water to compensate for the salty day
14:25 flyboy joined #salt
14:26 johnkeates whats the deal with that six all the time
14:26 signull johnkeates: the best way to think of it is that modules are used via the command line. and states are the wrappers that allow you to use that functionality in your sls files.
14:26 ek6 joined #salt
14:26 murrdoc six is a python compatibility lib between python 2 and 3
14:26 signull its pretty much exactly what murrdoc said but from a different angle
14:26 murrdoc 2*3=6
14:27 murrdoc yes pythonistas are a fun bunch
14:27 murrdoc why u ask
14:27 johnkeates hah, I knew I liked python the minute i saw it
14:27 johnkeates I thought it might be a clever thing
14:27 johnkeates and it is indeed
14:27 murrdoc perl is the one true language
14:28 johnkeates PHP is the one true not-a-language
14:28 murrdoc cfengine is the one true config manage ment system
14:28 * murrdoc strokes beard
14:28 _JZ_ joined #salt
14:28 murrdoc (totally kidding)
14:28 johnkeates JavaScript is the one true we-tried-everything-and-now-we-have-nothing
14:28 flyboy joined #salt
14:29 signull just stay far away from ruby developers.. they are nice people and some write good code. but the you can write the same thing 500 different ways. Python is a bit more limited which is a good thing. it makes it easier to read through. train of thought doesnt need to get all creative and abstract. "Chef" is a configuration management tool where sysadmins love to use it so they can eventually claim and insanity defense and go off killing people.
14:29 johnkeates Java is the one true if-we-just-make-it-explicit-enough-it-will-be-easier-but-then-it-wasn't
14:29 signull chef is written in ruby... dont do ruby.
14:29 johnkeates hah, same for puppet
14:29 murrdoc ram is free
14:29 johnkeates and it's stupid DSL
14:29 murrdoc java is life
14:30 Salt_ joined #salt
14:30 kaptk2 joined #salt
14:30 johnkeates I'd like to learn erlang at some point
14:30 clone1018_ joined #salt
14:30 timoguin Do all the languages.
14:30 signull puppet is actually pretty nice and it actually resembles salt a lot.
14:30 timoguin Don't be skeered.
14:30 johnkeates I used to use puppet but then I got salt.
14:30 murrdoc risk is the new hotness
14:30 Salt_ hey guys, I've got a quick question I was hopping to get answered.
14:30 murrdoc Go is so last trimester
14:30 * murrdoc shuts up
14:30 johnkeates what about D
14:30 scbunn joined #salt
14:30 Schmidt to old
14:30 johnkeates if you program in D
14:31 murrdoc go ahead Salt_
14:31 Karunamon As a ruby user: :(
14:31 johnkeates you can talk about being good with D
14:31 johnkeates "the D"
14:31 Salt_ Is there a way I get get a command to run only if a package has been installed?
14:31 johnkeates yes, use pkg.installed or something like that, as a requirement
14:31 timoguin Karunamon: Ruby is fiiine. Lots of great stuff written in it.
14:31 johnkeates depends on whether you want to install the package as well
14:32 johnkeates Salt_: does the package need to be installed, or should the command simply not run?
14:32 Salt_ that will run everytime if the package is installed, I have an initialize script that needs to run only when the package has been installed.
14:32 johnkeates ah
14:32 Salt_ bg: I'm using arch and I'm trying to install mysql (https://wiki.archlinux.org/index.php/MySQL)
14:32 murrdoc Salt_:  look up saltstack requisites, there is an onchanges flag which might help
14:32 Salt_ it says after it has been installed i need to initialize it, so i only want the script to run once, right after mysql has been installed
14:33 Salt_ I'll take a look at that, any other suggestions? I ran into this http://serverfault.com/questions/561159/saltstack-how-one-can-execute-a-state-only-once, not sure if it's a good idea
14:33 johnkeates Salt_: you could use the "unless" using a test to see if a file exists
14:34 johnkeates The first example here: http://docs.saltstack.com/en/latest/ref/states/requisites.html
14:34 johnkeates is for when a package exists
14:35 johnkeates then next you could add something like the Unless example on the same page at 1.26.15.2.1. Unless
14:35 Eureka_ joined #salt
14:35 Salt_ I'll look at 'unless' as well. johnkeates, the problem is that is then the script will run everytime the state is run if the package is installed; that's not what i want
14:35 Salt_ yeah, I'll give that a shot; thanks guys
14:35 johnkeates Salt_: then unless is what you need indeed
14:36 johnkeates Here is how I use unless in the ZendServer state: - unless: test -e /etc/zendserver/zs-admin.txt
14:36 johnkeates /etc/zendserver/zs-admin.txt is created after the bootstrap state is run
14:36 johnkeates so it can only run once
14:36 Eureka_ Sorry if this has been asked already. Ive not found much via google. Does anyone here have salt-cloud working with vmware vsphere 6.0? Im having some issues with it.
14:37 johnkeates well, it works, but only after removing vmware and installing xen, but I guess that's not what you want :-P
14:37 Eureka_ hahaha
14:37 murrdoc Eureka_:  u could try the mailing list too if the channel doesnt provide enough answers
14:37 Eureka_ Sadly I am not able to do that for this environment ;)
14:38 murrdoc https://groups.google.com/forum/#!searchin/salt-users/vmware
14:39 Eureka_ @murrdoc Ill hunt through it some more. Thanks.
14:40 clone1018_ joined #salt
14:41 CheKoLyN joined #salt
14:43 chrism_ joined #salt
14:43 chrism_ morning
14:44 johnkeates evening
14:44 chrism_ where can I get some information on "Best ways to implement the watchdog"
14:44 chrism_ :)
14:44 scbunn joined #salt
14:45 braqoon joined #salt
14:47 ltsampros joined #salt
14:47 ltsampros Hello
14:48 ltsampros I'm getting a weird error when running something like this: sudo salt-ssh --out raw 'test1' state.highstate
14:48 ipmb joined #salt
14:48 ltsampros The error is:  Unable to import msgpack or msgpack_pure python modules
14:48 ltsampros which seems to indicate that these need to be installed on the minion maybe
14:49 ltsampros how to investigate this further? should I open an issue?
14:49 ltsampros I'm running latest 2015.2 head.
14:49 iggy ltsampros: there's already an issue open for it
14:49 timbyr_ joined #salt
14:50 clone1018_ joined #salt
14:50 ltsampros iggy: :) https://github.com/saltstack/salt/issues/20276 this one ?
14:50 mikaelhm joined #salt
14:51 braqoon hi, i got small setup with master. Today i have noticed that when i want to setup new machine i'm getting [salt.crypt       ][WARNING ] SaltReqTimeoutError: Waited 60 seconds on minion, but nothing on master. Master is working fine. debug shows that minion is not getting a response. Checked my other mintions and some of them are not reachable from master and throwing same errors in the log. I'm running 0.17.5
14:51 iggy ltsampros: looks like it
14:51 braqoon any idea what's going on ? i have not touched master and some minions are responding just fine
14:52 iggy you're not going to get a lot of help on 0.17.5 unfortunately
14:52 braqoon iggy, which version should i run then ?
14:52 murrdoc 2014.7.2
14:53 braqoon murrdoc, thanks. Will see to it
14:55 murrdoc i mean u could try 2015.2 … but i d rather get to 2014.7.2 first
14:55 murrdoc imho
14:56 clintberry joined #salt
14:56 sander____ joined #salt
14:57 braqoon no worries, i used stock Ubuntu 14.04. Did not realised it is quite few versions behind.
14:57 braqoon will use official ppa from saltstack
14:57 murrdoc yup
14:58 johnkeates joined #salt
14:59 ltsampros murrdoc: to my surpise, it was too easy to setup a machine and use the 2015.2 head
15:00 favadi joined #salt
15:00 renoirb joined #salt
15:00 _two_ joined #salt
15:03 sander____ Is there a managed directory command in salt? Can I sync a directory the way I would have a managed file?
15:04 igorwidl_ joined #salt
15:04 rgarcia_ joined #salt
15:04 huddy joined #salt
15:04 egil http://docs.saltstack.com/en/latest/ref/states/all/salt.states.file.html#salt.states.file.directory
15:04 scbunn joined #salt
15:04 sander____ Nice thanks egil
15:04 ek6 Have they provided insight as to which day in feb we should be expecting 2015.2.0rc2?
15:05 sander____ ek6: as long as it's not the 100th I had bad luck on that day. :)
15:05 babilen .oO( Now, don't we love the versioning scheme that has no relation to reality whatsoever? )
15:06 murrdoc ltsampros:  cool
15:06 babilen iggy: I addressed some of the issues .. Really not too impressed with the "deep lookups"
15:06 murrdoc still better than semver
15:06 murrdoc i didnt want deep lookups babilen
15:06 murrdoc i want us to not pull in the settings variable in the templates
15:06 murrdoc pull it in once in the sls and pass it down to the template using content: key: value
15:07 beerguy2014 joined #salt
15:07 dyasny joined #salt
15:07 XenophonF joined #salt
15:07 murrdoc for eg babilen
15:07 murrdoc https://github.com/babilen/collectd-formula/blob/template-structure/collectd/files/df.conf#L1 shouldnt be there
15:08 murrdoc it should be passed in from the df.sls
15:08 beerguy2014 Does anyone know of the best way to have a specific state run before a highstate is rendered?
15:08 beerguy2014 I mean, i know how to do it manually, but id like to just boot my nodes up and run a highstate witgout this step firat
15:09 XenophonF beerguy2014: what are you trying to do?
15:09 beerguy2014 I need to set some custom grains based off of pillar data, and then use them later in my highstate
15:10 clone1018_ joined #salt
15:10 [7hunderbird] joined #salt
15:10 babilen murrdoc: Okay, then I both misunderstood you and don't agree with you on template design :)
15:10 JoshuaX joined #salt
15:10 murrdoc waa
15:10 murrdoc u think templates should fetch their own data ?
15:11 babilen I think that templates should be self contained in that everything they reference is in the template
15:11 murrdoc what about separation of purpose
15:11 babilen I dislike monkey-patching of dunder dicts in salt for the same reason
15:11 murrdoc not related
15:12 _ether_ joined #salt
15:12 pipps joined #salt
15:13 murrdoc imho, the sls file should handle all logic and templates should be dumb, therefore sls pulls in the collectd_settings variable and hands it off the template
15:13 drawsmcgraw beerguy2014: Can setting the custom grains be the first state you run in your highstate?
15:13 hebz0rl joined #salt
15:13 murrdoc if u dont want to make the change thats fine
15:13 murrdoc but from a programming standpoint  i dsiagree
15:13 babilen (sorry, discussing with other people)
15:13 beerguy2014 Draw, i have that at the top of my top.sls file
15:15 pipps99 joined #salt
15:18 otter768 joined #salt
15:19 XenophonF beerguy2014: i don't know if there's a way to set and use grains idempotently
15:19 XenophonF where a single highstate run will do the job
15:19 XenophonF in theory you could use reactor to set the grains and then call highstate
15:19 XenophonF (is "idempotently" a word? it should be!)
15:20 dvestal joined #salt
15:20 XenophonF babilen: speaking of idempotence, i think that formulas should be able to do their work in a single pass
15:20 beerguy2014 Thats not a bad idea to use the reactor, since i use it for some other pieces too.
15:20 XenophonF that can be a challenge when updating credentials used by the minion itself (e.g., changing a MySQL root password)
15:20 murrdoc easier would be to add a validator state at the top of highstate, and use failhard: True to kill
15:20 beerguy2014 Unfortunately without the custom grains, the highstate wont compile
15:21 murrdoc use a startup state to run the grains state whenever a minion boots
15:21 XenophonF yeah, it gets rendered by Jinja before it gets executed by Salt
15:21 babilen XenophonF: What do you mean by that?
15:22 XenophonF i mean that given a set of salt states, the first highstate run should do everything - any subsequent highstate runs should do nothing
15:22 XenophonF rather than re-running highstates to converge upon the desired config
15:23 XenophonF it isn't always possible, e.g., when using salt-formula to deploy formulas on the master (which requires restarting the master)
15:23 XenophonF or e.g., the mysql root password change i just mentioned
15:23 XenophonF i try to make my highstate runs work properly in a single pass
15:24 XenophonF so if i start with a newly installed minion, i have to run highstate only once
15:25 beerguy2014 Xenophonf, yeah, my boxes are mostly diskless, so i need things to work hopefully the first time
15:25 Ahlee cake: it's what's for breakfast
15:26 JoshuaX Ahlee: the cake is a lie.
15:26 beerguy2014 I can just have the custom grain state run before highstate ib my bootstrap process...
15:26 XenophonF JoshuaX: I'm partial to potatoes, myself.
15:26 JoshuaX hahaah
15:26 braqoon murrdoc, ha , found the problem. Not problem with salt, but with KVM networking for some reason. Never mind, problem sorted now.
15:27 murrdoc braqoon:  +!
15:27 murrdoc +1
15:27 murrdoc got too excited
15:27 braqoon :)
15:27 babilen XenophonF: I don't see how that applies to the collectd formula
15:28 XenophonF well, if i'm using formulas, i want them to work in a single pass - that's all i'm saying
15:28 braqoon tcpdump showed that request packets had wrong check sums on arrival on salt-master
15:28 johnkeates joined #salt
15:28 XenophonF prob not an issue with collectd-formula, but it's one i've run into with others
15:29 babilen ah, ack
15:29 Furao joined #salt
15:30 clone1018_ joined #salt
15:32 pipps joined #salt
15:33 johnkeates ugh, I want to do linux_acl.present twice but salt won't let me because it's a duplicate ID :(
15:35 murrdoc put it in a list and iterate it in the jinja
15:35 johnkeates but if I iterate in jinja, it still complains about duplicate ID's
15:35 rgarcia_ joined #salt
15:35 SheetiS joined #salt
15:36 murrdoc look the state name too
15:36 rojem joined #salt
15:36 johnkeates well, I can of course duplicate the path and make up some state name
15:36 johnkeates but currently the state name is the path which is kind of neat
15:36 johnkeates oh well, away with the neatness
15:37 Deevolution When I have a multi-master setup and I bring all the masters down,  how do I prevent the minions from shutting down/crashing while trying to reconnect to the master(s)?
15:38 Deevolution It throws an error twice and then the minion is down.
15:38 pravka joined #salt
15:39 timoguin Deevolution: the minions should just continue trying to connect...
15:40 timoguin johnkeates: use unique state ids with the -name argument
15:40 clone1018_ joined #salt
15:40 johnkeates yeah, that's what I'm goingg to do
15:40 Deevolution timoguin: They do not.  They either crash or shut down.
15:40 timoguin Odd, sounds like a bug
15:40 Deevolution They log this twice: Error while bringing up minion for multi-master. All configured masters [saltmaster] are not responding!!!
15:41 Deevolution I was hoping it was a configuration issue.
15:41 andygrunwald joined #salt
15:41 StDiluted joined #salt
15:41 refnode hi, I'd like to announce virtualdc https://github.com/virtualdc-io/virtualdc => https://github.com/refnode/virtualdc
15:42 refnode in the first step I implement some common things I used from puppet such as a "module generate" command
15:42 andygrunwald Hey, i added a custom returner and enabled the master job cache ( not the job cache of the minions!). I added my custom returner into the saltstack core and everything works well. If i move the returner to my file_root in _returners (like recommended by the docs) saltstack can`t load my returner and failed. Any ideas where to place my custom returner for the job masters cache? http://docs.saltstack.com/en/latest/ref/returners/#writing-a-returner
15:43 refnode I saw https://github.com/saltstack/salt/issues/12179 and I'm also interested in a stronger module spec for formulas
15:44 murrdoc did u run http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.saltutil.html#salt.modules.saltutil.sync_all
15:45 irctc604 joined #salt
15:48 JDiPierro joined #salt
15:48 neogenix_ joined #salt
15:48 Negher joined #salt
15:48 ek6 is it possible to have minion event trigger a state execution that runs ON the master...effectively event triggering salt-call --local state.sls foo on master  ?
15:49 andygrunwald murrdoc, this is not needed, because job master cache only runs on master and not on minions
15:49 murrdoc k, its linked on the page so i figured
15:50 andygrunwald thats the case for the normal job cache
15:50 andygrunwald and thats works ;)
15:50 andygrunwald But not for master job cache
15:52 jalbretsen joined #salt
15:53 timoguin ek6: yea, use a reactor that calls the runner client. i assume the caller client would work as well, but i haven't used that in a reactor
15:54 ek6 timoguin: well runner client wants a tgt...and in this case i want target to be the master itself
15:54 sieve joined #salt
15:56 teskew joined #salt
15:57 ek6 example...my minions that are purely salt-call based.. they send an event that i want executed on the master in this example the hipchat state or module.
15:57 timoguin ek6: I have my reactors call a runner module. Then the custom runner uses the caller client.
15:57 rojem joined #salt
15:57 timoguin No need to specify a target anywhere
15:59 dalexander joined #salt
16:00 timoguin ek6: something like this in the runner module is what i use: https://gist.github.com/timoguin/0c774dee2444a8ba44e6
16:00 ek6 timoguin: not as pretty as id like it but seeing no other option marvelously clears the mind....thanks
16:01 druonysus joined #salt
16:01 zwi joined #salt
16:03 neogenix joined #salt
16:06 baoboa joined #salt
16:08 eseyman joined #salt
16:10 scoates FWIW, if anyone's using SublimeText, I found this today: https://github.com/facelessuser/ApplySyntax + http://paste.roguecoders.com/p/24ce955ada6764223230053ddedcaf71.txt
16:10 jeddi joined #salt
16:12 ajw0100 joined #salt
16:16 andygrunwald joined #salt
16:17 beerguy2014 Since im on a tear today, is it possible to send events to the salt reactor system without any of the salt client utilities installed?
16:17 beerguy2014 Since my nodes are diskless, id like to keep them as lightweight as possible, and manage them via salt-ssh
16:18 beerguy2014 From the master, but on boot i need to run some salt states after their root filesystem ramdisk is transferred over, etc
16:18 iggy ek6: masterless can't send events to a master
16:19 iggy you'd have to use salt-api or something
16:19 murrdoc salt-api ?
16:19 khris beerguy2014: here's one such way: http://bencane.com/2014/07/17/integrating-saltstack-with-other-services-via-salt-api/
16:19 UtahDave joined #salt
16:19 ek6 iggy: i dont run masterless.  i run without ever running salt-minion
16:19 beerguy2014 Interesting, thank you both. I will take a look
16:20 iggy ek6: salt-call --local is masterless
16:21 ek6 the minions dont use --local    i want minion sent event to master to trigger a state thats run on the master  effectively having the event trigger the equiv of salt-call --local ON THE MASTER
16:22 aparsons joined #salt
16:22 iggy I guess I'm not following
16:22 murrdoc ek6:  has the salt reactor not looked good for this use case ?
16:23 murrdoc u can do salt-call event.fire hi master
16:23 andygrunwald murrdoc, http://docs.saltstack.com/en/latest/ref/configuration/master.html#extension-modules does the trick.
16:24 murrdoc oh good call andygrunwald
16:24 ek6 murrdoc: sure..ok i get event that i can react against on the master...but say i then want master to use the hipchat state to send a message.  i want that state to execute on the master, not to tgt the minion
16:24 iggy all those if's make my eyes bleed
16:24 iggy ek6: run a minion on the master and target that minion?
16:25 murrdoc ek6:  then u need a returner, with the state u run on the master
16:25 murrdoc state/code
16:25 cheus There isn't a state-equivalent requisite to 'unless' is there? I know there's on_fail but that still peppers the logs with failures and raise alarm bells.
16:25 ek6 iggy: be nice but its already running a minion pointed at higher tier master and i have zero experience running multiple minions on a host
16:26 stbenjam joined #salt
16:26 jtang joined #salt
16:26 stbenjam has anyone seen salt-run jobs.list_jobs be exceptionally slow?
16:27 stbenjam 10+ minutes and hasn't returned, maybe because there's a lot of jobs in the cache?
16:27 iggy yes if you have a lot of jobs in the job cache
16:28 stbenjam is there an easy way to clear old jobs from the cache?
16:28 stbenjam say, older than 7 days?
16:28 iggy salt by default clears out everything over 24 hours
16:28 UtahDave stbenjam: what job cache are you using?
16:29 stbenjam UtahDave: whatever is default, haven't changed anything
16:29 KyleG joined #salt
16:29 KyleG joined #salt
16:29 spookah joined #salt
16:29 UtahDave ok, then like iggy said, the salt master will only keep the last 24 hours worth of jobs.  You can modify that timeframe in the master config
16:30 stbenjam definitely more than 24 hours in /var/cache/salt/master/jobs
16:31 stbenjam there's thousands and thousands of jobs in there
16:31 iggy you sure you haven't generated that many (I had a custom module that went recursive one time and ran my salt-master out of inodes filling the job cache)
16:32 stbenjam yes, 6 hosts running every 30 minutes
16:32 stbenjam state.highstate every 30 minutes, anyway
16:32 stbenjam 85,358 jobs
16:33 stbenjam although they all seem to be from within the last 24 hours
16:33 UtahDave I just opened up this feature request   https://github.com/saltstack/salt/issues/21810
16:34 iggy I'd make sure you don't have anything doing recursive calls
16:34 UtahDave stbenjam: I'm curious, why are you running a highstate every 3o minutes?
16:34 dopesong_ joined #salt
16:34 stbenjam UtahDave: it's with foreman_salt, and that's typically what people do with foreman + puppet.  i could certainly change it
16:35 stbenjam but really i've got 6 hosts that have 1 state each that sets a motd
16:35 stbenjam it's very simple
16:35 bhosmer_ joined #salt
16:35 UtahDave Unless you have a compelling reason, I wouldn't run a highstate so often. I don't see the need for it.
16:36 lomeroe joined #salt
16:36 sieve joined #salt
16:37 stbenjam ooh saltutil stuff are jobs too
16:37 stbenjam e.g. saltutil.find_job
16:37 scbunn joined #salt
16:37 stbenjam UtahDave: can i just clear that directory ?
16:38 netzmonster joined #salt
16:38 stbenjam then can try to figure out what is generating so many jobs from one run
16:39 UtahDave stbenjam: yeah, you can just delete everything in the job cache
16:39 iggy stbenjam: it's fairly safe to delete the entire cache directory
16:39 prwilson joined #salt
16:41 stbenjam UtahDave: iggy cool, thanks.
16:42 stbenjam i wonder what made the number of jobs go bezirk.  state.highstate creates one, upload-salt-reports (foreman's tool to send the reports to foreman) creates another - 2 * 6 * 48 (2 per hour) is not 80,000 :-\
16:43 analogbyte joined #salt
16:44 timoguin joined #salt
16:48 Gareth UtahDave returns to #salt :)
16:49 iggy ssshhhh, you'll spook him
16:49 UtahDave lol.  Hey!
16:51 MatthewsFace joined #salt
16:52 mgw joined #salt
16:53 Conker joined #salt
16:53 clintberry joined #salt
16:54 mgw Is Claudiu Popescu in here?
16:54 dthorman joined #salt
16:54 Conker Hey all, I've looking to have a managed directory, (its flat, one level, no dirs in it), such that i dont need to specify file.managed for all the files inside it. Possible?
16:54 iggy file.recurse
16:56 Conker iggy: hmm, i tried that, but it didn't want to work with the - watch: - file: /bla/*
16:56 Conker glob
16:56 Ryan_Lane joined #salt
16:56 Conker i assumed because the file.recurse wasn't "managed"
16:56 iggy because the second part of requisites is supposed to be an id
16:57 iggy paste your state, it'll be easier to work with real stuff
16:57 Conker iggy: sounds good, moment
16:58 drawsmcgraw Does salt-cloud support user-data scripts? As in "Create this instance, don't salt-boostrap it, but do pass this script along to the cloud provider"
16:59 iggy drawsmcgraw: for some providers, yes
16:59 drawsmcgraw openstack?
16:59 iggy and that may only be in devel
17:00 iggy I don't know the specific ones
17:00 drawsmcgraw iggy: Fair enough. One more -> know if I can give salt-cloud a password instead of an SSH key?
17:00 bluenemo joined #salt
17:00 bluenemo joined #salt
17:00 iggy that I don't know, but if not, it'd probably be a good feature request
17:00 analogbyte joined #salt
17:00 drawsmcgraw I have an Openstack cluster that.... doesn't... inject keys. I don't know why that is (by design? by mistake?) but in the meanwhile, I'd like to try just giving salt-cloud a username/pass combo for bootstrapping
17:01 drawsmcgraw iggy: okay. I'll look into it some more
17:01 drawsmcgraw thanks!
17:01 andygrunwald joined #salt
17:01 UtahDave drawsmcgraw: yeah, you can specify your own alternative bootstrap script and that will work anywhere salt-cloud works
17:01 iggy the docs seem to indicate that password is an accepted option
17:02 Conker iggy: https://gist.github.com/anonymous/2677fe3b8abb8074c237
17:02 Conker that seems to work
17:02 iggy thank you for _not_ using pastebin.com
17:02 Conker welcome
17:02 badon_ joined #salt
17:02 Conker now that i removed the /*
17:02 drawsmcgraw Ah, good point. I'm trying to avoid the situation where the salt-master needlessly creates minion keys for the instances. But that might be a good start.
17:02 hal58th_ joined #salt
17:03 treborTech joined #salt
17:03 iggy Conker: so yeah, in "- file: /etc/nginx/sites-enabled" the /etc/nginx/sites-enabled should match the ID of another state (so an unindented line)
17:04 bash124512 joined #salt
17:04 Conker iggy: awesome
17:04 aparsons joined #salt
17:04 Conker now to just have it remove files that have been removed
17:04 iggy clean: True
17:05 analogbyte joined #salt
17:05 murrdoc Conker:  make your life easier and use ids
17:05 murrdoc instead of implicit names
17:05 murrdoc imho
17:05 iggy shush
17:05 iggy DRY
17:05 murrdoc totes not the same thing
17:05 murrdoc but aight
17:05 Conker I shall look into it, but i suppose everyone like doing things a certain way
17:05 * murrdoc goes back to tea
17:06 Conker iggy: Thanks a bunch :)
17:06 iggy that's what I'm here for
17:07 iggy (not really... I should really be doing work, but I don't wanna)
17:07 Conker lol
17:09 ajw0100 joined #salt
17:10 dalexander joined #salt
17:13 joshin I have a box with 3 NICs. What's the right way to 'grep' a particular IP address of the 3, and use that in a template?
17:14 joshin I'm sure I've made it more complex than it needs to be.
17:14 scbunn joined #salt
17:15 timoguin joshin: {{ grains.get('network.ip_addrs')['eth2'] }}
17:15 timoguin something like that
17:16 forrest joined #salt
17:18 iggy there's also network.* (some of which have a cidr match ability that might help)
17:18 joshin timoguin: let's assume I don't know what interface has a specific IP address
17:18 joshin Thanks!
17:19 timoguin Yep, and there are some you should be able to match N element in the list.
17:19 joshin I can get the ipv4 grains to get all the IP addresses. I'm just too dumb to know how to do a grep in Jinja. :)
17:19 otter768 joined #salt
17:19 iggy well, it depends what exactly you are trying
17:20 iggy {% if '192.168' in some_ip_addr %}
17:20 iggy is one way
17:20 germs_ joined #salt
17:21 iggy you can also use most (all?) of the normal python string functions
17:21 joshin Thanks Iggy.
17:21 iggy so {% if some_ip_addr.startswith('192.168') %}
17:21 iggy etc
17:26 brick__ joined #salt
17:26 Eureka_ All. I have salt-cloud sort of working with vsphere but I keep getting a "vsphere.status() is not available. Not actioning". error If I run other actions I dont get this error and the command seems to run properly. Any thoughts?
17:27 Gareth iggy: It's fine, so long as no one says his name three times fast.
17:29 preachermanx1 joined #salt
17:30 Habsgoalie joined #salt
17:31 hal58th_ drawsmcgraw, maybe the option "--set-password <PASSWORD> <CLUSTERNAME>". I'm just digging through code and see it might be deprecated or incomplete.
17:32 drawsmcgraw hal58th_: Ah, clever. Thanks, I'll dig around for that
17:36 I3olle joined #salt
17:36 iggy I hate when I don't know whether I should file an issue or if I'm just doing something wrong
17:36 kawa2014 joined #salt
17:36 johnkeates joined #salt
17:37 murrdoc :)
17:38 scbunn joined #salt
17:41 iggy anybody running 2015.2 or devel?
17:41 repl1cant joined #salt
17:45 mcescher joined #salt
17:45 hal58th_ drawsmcgraw, in the code, I am looking at /salt/utils/parsers.py
17:45 cpowell joined #salt
17:50 Conker :p
17:50 preachermanx joined #salt
17:53 Guest89 joined #salt
17:55 Guest89 joined #salt
17:56 renoirb joined #salt
17:56 dopesong joined #salt
17:59 hal58th joined #salt
18:00 Tecnico1931 joined #salt
18:01 baweaver joined #salt
18:01 katyucha joined #salt
18:02 druonysus joined #salt
18:03 druonysus joined #salt
18:04 hal58th joined #salt
18:04 ekristen joined #salt
18:06 BtbN joined #salt
18:07 numkem is there a way in the top file to include something only if the sls files exists?
18:07 murrdoc no man
18:08 * Ahrotahntee waves at murrdoc
18:08 murrdoc there have been requests
18:08 murrdoc Ahrotahntee:  o/
18:08 Ahrotahntee in theory couldn't you write a top file in #!py and only include the line if the file exists? :V
18:08 pipps joined #salt
18:08 murrdoc yeah
18:09 numkem I'm wondeing if I should go file base per minion or go with a database-backed external_pillar
18:09 johnkeates joined #salt
18:10 murrdoc Ahrotahntee is right tho, its doable
18:10 hal58th numkem, I just have another sls called in top.sls and then use an if statement in there with the "include:" beneath it.
18:10 murrdoc if u go file base, check out the new pillar hotness or reclass
18:10 numkem murrdoc: new pillar hotness?
18:11 numkem Well now that I think of it, I could probably do the top file normally than do a "host.sls" that would be written in the #!py way that Ahrotahntee talks about... that doesn't seemt too bad.
18:12 madduck numkem: … until you find yourself basically wanting to implement reclass, just you wait ;)…
18:13 numkem madduck: never heard of reclass
18:13 pipps99 joined #salt
18:13 madduck http://reclass.pantsfullofunix (I wrote it)
18:13 madduck http://reclass.pantsfullofunix.net (I wrote it)
18:14 denys joined #salt
18:14 murrdoc i am trying to find a link to the new pillar_source_merging flag
18:14 murrdoc and how it can be used with or without yamlex
18:15 murrdoc they coming after u madduck
18:15 madduck sounds good to me
18:16 numkem I think I have a rough idea of what it does. It's pretty impressive, opens a lot of possibilities
18:17 murrdoc totes kidding
18:17 alexbst joined #salt
18:17 murrdoc http://docs.saltstack.com/en/latest/ref/configuration/master.html#pillar-source-merging-strategy is the new hotness
18:18 numkem murrdoc: holy ***** thats what I wanted for quite a while!
18:19 numkem but wait, this already exists in the version that I'm running... Why didn't it work than...
18:19 murrdoc there is a setting to set
18:20 numkem the default doesn't apply by default than
18:20 repl1cant joined #salt
18:20 murrdoc i cant speak to that :)
18:20 murrdoc i am just pointing u at docs
18:21 numkem very appreciated, I will look into it
18:23 joshin iggy & timoguin: Thanks you two! I got it working -> https://gist.github.com/anonymous/27601ba148168d708e0e
18:24 iggy <3 nested jinja tags being indented properly
18:26 hbasir joined #salt
18:26 numkem madduck: this is really awesome, thank you. This solves my problem I think
18:26 nexsja^ joined #salt
18:28 baweaver joined #salt
18:29 matthew-parlette joined #salt
18:29 MindDrive Iggy: the other day you mentioned external auth, might you be able to expound on that?  (This was in relation to allowing non-root users to make requests to the Salt master from a restricted set of systems.)
18:32 joshfu joined #salt
18:33 numkem brings me to wonder, why isn't reclass built-in...
18:35 iggy because someone doesn't want to put in the work to upstream it...
18:36 iggy MindDrive: check the config file
18:37 cpowell joined #salt
18:38 johnkeates joined #salt
18:41 jngd joined #salt
18:42 MindDrive I also just realized: do the client_acl and client_acl_blacklist information only work when you're running Salt locally from the Salt masters?
18:43 Ahlee You can only run salt locally?  LocalClient is only valid on the same system as the master?
18:43 smcquay joined #salt
18:45 MindDrive If that was directed at me, Ahlee, I didn't understand what you were trying to glean from your questions.  (And this is a continuation from a conversation that started yesterday.)
18:45 dthorman joined #salt
18:45 Fiber^ joined #salt
18:49 iggy anybody running 2015.2 or devel? If so, can you run cmd.run 'ps -ef | grep foo'
18:50 madduck iggy: reclass also predates salt by almost a decade, but yes, it has not been upstreamed. I do wonder if the new pillar hotness uses my code or if it's NIH
18:50 madduck and i wonder when they will have parameter interpolation
18:50 iggy what is this "new pillar hotness" of which you speak?
18:51 madduck iggy: http://docs.saltstack.com/en/latest/ref/configuration/master.html#pillar-source-merging-strategy
18:53 murrdoc le hawt
18:54 iggy I guess
18:54 iggy the yamlex stuff seems interesting... except for the fact that I cba to write aggregate all over the damned place
18:54 hal58th_ joined #salt
18:56 aparsons joined #salt
18:57 hal58th joined #salt
18:57 treborTech joined #salt
19:00 giantlock joined #salt
19:00 repl1cant joined #salt
19:01 forrest iggy: This is actually a pretty awesome change. Now if it merges when you run the pillar change on the command line... Then it's truly the hotness.
19:02 forrest iggy: Depending on how it was coded it could fix the salt formula issue you just fixed :D
19:05 rgarcia_ joined #salt
19:06 dude051 joined #salt
19:06 pipeep joined #salt
19:09 baweaver joined #salt
19:13 timoguin Ahlee, LocalClient has to be ran from a master, yes. CallerClient can be ran from minions.
19:13 Andre-B joined #salt
19:17 repl1cant joined #salt
19:20 otter768 joined #salt
19:21 neogenix joined #salt
19:21 krelo joined #salt
19:21 igorwidl joined #salt
19:22 ajw0100 joined #salt
19:23 bmac2 anyone tried to figure out how to install a minion on a VMware esxi head?
19:25 jespada joined #salt
19:28 johnkeates joined #salt
19:29 Ahlee timoguin: CallerClient? What kind of black magic is this?!
19:29 timoguin Ahlee: it's the interface used by `salt-call`
19:30 Ahlee bmac2: probably not possible.  There's not a lot of libraries in the busybox
19:30 Ahlee bmac2: you can, however, interface with vsphere
19:30 Ahlee and wait for vmware to lose their court case in germany to see what becomes of their "No really, we're more than just kvm under the hood!" claims
19:31 bmac2 I got the instructions for the vsphere integration
19:31 bmac2 doing that now
19:32 Ahlee timoguin: interesting
19:35 oxae joined #salt
19:37 edrocks joined #salt
19:37 XenophonF aw mysql-formula doesn't work on centos 7 :(
19:38 thayne joined #salt
19:39 ckao joined #salt
19:39 jespada joined #salt
19:42 numkem is there a way to call a renderer directly so that I could debug it? Or how can I add logging to a python sls file. Tried using the import logging, log = logging.getLogger(__name__) route like in a module but it doesn't seem to work
19:42 pipps joined #salt
19:43 dwfreed joined #salt
19:43 JPaul I can't seem to find anything on this for some reason, but when you need to comment out code in a sls file, do you have to put a space between the # and the string being commented out? it seems if there isn't one it will parse it anyway
19:44 SheetiS JPaul: if you need to comment out Jinja, use {# #} otherwise, I don't belive it matters.  I use a space because I like how it looks.
19:44 bluenemo joined #salt
19:45 baweaver joined #salt
19:47 SheetiS numkem: once you import logging and setup logger, do you actually try to directly log anything (e.g. log.critical(message))?   One thing to keep in mind is that an execution module will be run on the minion, so that might change where you logging goes under that method.
19:47 numkem SheetiS: the "setup" is done before the run() method
19:48 numkem SheetiS: im using the same pattern for setting up logging like this: http://docs.saltstack.com/en/latest/ref/modules/#depends-decorator
19:49 wnkz joined #salt
19:50 ja-s joined #salt
19:51 SheetiS numkem: have a full example of what you are trying to do via a gist or bpaste or the like?  I don't know if that type of logging would work in a pyrendered state, but since it is just python, I have no reason to think it wouldn't work.
19:52 timoguin numkem: importing logger works fine for me in custom modules.
19:53 timoguin the logging will happen on the minion
19:53 rojem joined #salt
19:53 SheetiS timoguin: I figured that would be the case since that is where the execution module is actually.  Thanks for confirming.
19:54 SheetiS *is actually running
19:54 JPaul SheetiS: this wasn't jinja code I tried commenting out, it was just the regular sls syntax. I've seen it work fine with the comments and other times act like it wasn't commented out
19:55 rgarcia_ joined #salt
19:55 numkem timoguin: nothing in the logs for both master and minion
19:55 SheetiS {# #} will always be reliable regardless since the jinja happens before it is processed by the yaml renderer
19:55 timoguin A hash at the beggining of the line should comment it out, unless there is a jinja block in there.
19:55 timoguin numkem: I'd have to see a gist or something
19:56 SheetiS I also like {# #} for multi-line comments inside of a state (like commenting out a whole block of stuff while testing).
19:56 numkem timoguin, SheetiS: https://gist.github.com/numkem/a3fb9290b0cf74de2092
19:56 goodwill joined #salt
19:57 numkem its a proof of concept, be kind :)
19:57 goodwill what exactly do I use to check if a version of a specific package on a minion is higher then what I am specifying
19:57 JPaul this particular state file did have some jinja in it at the beginning, but the jinja code was ended (just a set of if/elseif/endif statements) before it hit the sls code I had commented out
19:57 JPaul I wonder if just having the jinja in there makes the difference, even if it's not part of that block
19:58 timoguin numkem: make sure your module is refreshed on the minion (salt 'minion' saltutil.refresh_modules). if it is maybe you need to tweak the log levels?
19:58 timoguin If you run the minion in the foreground with debug it will also print that stuff to the screen
19:58 JPaul I ended up removing the code since it wasn't going to be needed anyway, but it was slightly annoying to have it run when I reran the state after making some additions
19:58 wnkz_ joined #salt
19:58 SheetiS JPaul: {# #} will always work whether it is jinja or yaml you are commenting out fyi
19:59 Guest89 joined #salt
19:59 Ryan_Lane numkem: why do you need empty pillar files?
19:59 Ryan_Lane in 2015.2 you can tell pillars to ignore missing files
20:00 numkem I've updated it so that I don't repeat the try/except for nothing
20:00 bhosmer joined #salt
20:00 timoguin hey, Ryan_Lane
20:00 timoguin do you have your slides from SaltConf up anywhere?
20:00 Ryan_Lane https://github.com/saltstack/salt/pull/19429
20:00 Ryan_Lane i don't. I need to get less lazy about that
20:00 numkem Ryan_Lane: it's exactly because of this error, I want to make sure that it's "clean" as I'm not going to be the only one using salt, it has to be very simple and easy to understand in day-to-day to non-sysadmins
20:00 Ryan_Lane hm. I guess I should have added docs about that feature
20:01 Ryan_Lane numkem: yep. that's what I'm doing :)
20:01 Ryan_Lane our devs maintain our config management and orchestration
20:01 numkem timoguin: my sls works now but it's still a odd that the logging doesn't
20:01 markm joined #salt
20:02 JPaul thanks for the help SheetiS. Looking back at my output, and the fact that two files I added to the state didn't get put onto the minion indicate something else is going on, like it ran a cached version of the state instead of the new one
20:02 numkem Ryan_Lane: I'm both right now, small team
20:02 timoguin numkem: odd indeed. you refreshed? and messed with log levels?
20:02 Ryan_Lane numkem: are you mostly just wanting to include pillar files that may or may not exist?
20:02 Ryan_Lane that's what this was intended for: https://github.com/saltstack/salt/pull/19429#issuecomment-69067660
20:02 JPaul oh, nope. I ran the wrong state
20:02 * JPaul facepalms
20:03 numkem Ryan_Lane: pretty much, I want to make sure that once the minion is create, nobody has to wonder why the file isn't there. With this it will always be there since I run an highstate through reactor on minion connections
20:03 * Ryan_Lane nods
20:04 numkem timoguin: would a salt-call -l debug be enough? Or it it's in the minion itself that I would have to change the log level?
20:04 timoguin numkem: salt-minion -l debug to run it in the foreground
20:04 timoguin there's a config option for setting the log level, but can't remember what it is
20:04 numkem timoguin: I'm currious so I'll try so we don't all go home wondering :P
20:05 treborTech joined #salt
20:08 numkem and... it doesn't! Why...
20:09 numkem timoguin: my results are here http://pastebin.com/DEb6n3RK
20:09 numkem timoguin: was launched you said, salt-minion -l debug
20:11 losh joined #salt
20:12 bhosmer joined #salt
20:15 timoguin numkem: that's all that show up when you run the state?
20:16 timoguin errr module, or whatever
20:16 numkem timoguin: yup
20:16 timoguin And is it working?
20:16 numkem timoguin: not the logging but the sls is indeed
20:17 timoguin oh... this isn't a custom module.
20:17 numkem timoguin: indeed, it might be the reason why
20:17 timoguin I've done this in modules, not py-rendered SLS files
20:18 numkem timoguin: I do have a module that is called when running pillar.items and I don't see it's debug messages either
20:18 numkem timoguin: but thank you, I'll try to dig up more tomorrow.
20:18 MaliutaLap joined #salt
20:19 MaliutaLap left #salt
20:19 numkem have a good evening everyone
20:19 JDiPierro joined #salt
20:20 bmac2 has anyone installed a salt-minion on a pfsense firewall?
20:20 cheus bmac2, Tried once ran away quickly.
20:20 bmac2 lol
20:21 bmac2 that bad?
20:21 bmac2 it was pathetically easy on my nas4free here at work
20:21 bmac2 the freebsd minion seems solid as a rock
20:22 fusionx86 joined #salt
20:23 fusionx86 Hey guys, question about reactor that I can't find a clear answer on. The reactor system doesn't require salt-minion to be run on a scheduled job or anything correct? The way I understand it is that reactor will trigger execution actions based on events without salt-minion or salt-call needing to be run on minions. Is that right?
20:24 cpowell joined #salt
20:25 XenophonF SLS files in base override SLS files in other environments, right?
20:26 XenophonF so if I assign the non-existent foo sls in the production environment, but i have "foo.sls" in the base environment, the minion will apply foo.sls from base and merrily go on its way, right?
20:26 Conker joined #salt
20:26 iggy fusionx86: the reactors are run master side (but they generally run commands on minions), they do not require any kind of scheduling/etc... that would not really be event driven
20:26 Ryan_Lane XenophonF: I think it's the opposite
20:27 mikaelhm joined #salt
20:29 krelo I have these two pillars (https://gist.github.com/kitsemets/11cb5f9ca8af4c231365) where in one pillar I have encrypted credentials of a service provider and in the other pillar I want to use those credentials. But the result is an invalid yaml because of the missing indentation. How could I get it to render correctly? Or any other solutions how to have encrypted credentials only in one pillar and use them in several other pillars?
20:31 goodwill Ryan_Lane: hey hey hey
20:31 XenophonF left #salt
20:32 hal58th joined #salt
20:33 Ryan_Lane goodwill: sup
20:33 * signull wants a stable 2015.2 (or whatever new name for Lithium) to be released already :(
20:33 wincyj joined #salt
20:33 neogenix joined #salt
20:33 neogenix Hello Salt-ites
20:35 garthk Given #21783 breaking ssh_auth, is there any way to get the 2014.7.1 binaries for precise and trusty back in the APT repo so we can pin that version and downgrade our affected boxes?
20:35 garthk https://github.com/saltstack/salt/issues/21783
20:35 goodwill Ryan_Lane: have you tried nixos yet? (<--my way of associating this nick with person you met at saltconf)
20:35 Ryan_Lane goodwill: I did not :)
20:35 dewdrop joined #salt
20:36 goodwill *gasps in horror*
20:37 rocket joined #salt
20:37 Ryan_Lane haven't been doing a ton of salt work lately :)
20:37 Ryan_Lane working on credential management system
20:38 tkharju joined #salt
20:38 mikaelhm joined #salt
20:38 dude051 joined #salt
20:41 badon_ joined #salt
20:41 mcescher i dont quite get the sls syntax. why is this not possible: http://www.pastebin.ca/2961499
20:41 baweaver joined #salt
20:41 murrdoc thats not an sls issue
20:41 murrdoc thats a key value/dict issue
20:42 murrdoc you cant have host.present and host.absent in the same id
20:42 murrdoc because all sls file states end up being one giant dictionary and with each 'value' in the dict being a function call
20:43 murrdoc putting two function calls under one key of the same module is not supported
20:43 hal58th murrdoc, mcescher, to be specific, you can't have the same state in the same id. So no two service.something, pkg.something, etc.
20:43 hal58th yeap, just said it
20:43 mcescher hm ok, that means i just have to introduce another id
20:43 murrdoc or what hal58th said
20:43 murrdoc si por fa vor
20:43 mcescher thanks!
20:43 hal58th de nada
20:43 murrdoc bring empanadas
20:45 hal58th california burrito for me
20:46 iggy I've officially run out of keybinds to get me to my all my irssi windows
20:46 bmac2 lol, iggy that is SAD
20:48 tomh- joined #salt
20:49 aparsons joined #salt
20:52 bluenemo joined #salt
20:54 neogenix_ joined #salt
20:55 Vynce joined #salt
20:56 Vynce i feel like i'm close to being able to understand state files. still need to find a comprehensible and explicit syntax guide, though.
20:56 Ryan_Lane Vynce: there's a few books out
20:57 Ryan_Lane but... I've found that how people write their states is pretty open to personal taste :)
20:57 Vynce sure.  i'm really still tryign to get the basics.
20:58 hal58th Vynce, I look at salt formulas from time to time. But it is personal taste as well
20:58 Vynce i don't have more than ~ 500bytes of simple jinja state fiels so far.
20:58 Ryan_Lane Vynce: the salt tutorial is pretty good for learning the basics
20:58 hal58th Vynce https://github.com/saltstack-formulas/apache-formula/tree/master/apache
20:58 Vynce (i haven't even found a definition of  "formula")
20:58 murrdoc formula == module
20:59 murrdoc think of a bunch of states that can be configured with pillars
20:59 Ryan_Lane Vynce: http://docs.saltstack.com/en/latest/topics/tutorials/starting_states.html
20:59 murrdoc so its a recipe or a cookbook or
20:59 hal58th ehh, pre-written states.
20:59 Vynce Ryan: "the"? either you have a different one in mind than i do, or i disagree.  it completely failed to explain what anything actually means.
20:59 murrdoc everyone here from chicago have signed up on meetup.com yes ?
20:59 Ryan_Lane heh. pointing someone new at formulas is a recipe for disaster. they're so complex
20:59 Vynce yeah, i'm not up to pillars. you guys are way above my definition of "basic" here.
21:00 murrdoc too complex
21:00 murrdoc follow what ryan recommeneded
21:00 [7hunderbird] joined #salt
21:00 treborTech joined #salt
21:00 Ryan_Lane Vynce: the tutorial wasn't very good? that sucks
21:00 Ryan_Lane I wish I could release my internal docs
21:00 murrdoc tease
21:02 Vynce like i said, maybe you mean a diffferent tutorial.  everything i found was, like, "as you can see, in order for this to work…" with no explanation of what it would mean to "work".
21:02 Ryan_Lane I don't get why the tutorial doesn't cover the syntax until this point: http://docs.saltstack.com/en/latest/topics/tutorials/states_pt2.html#require-other-states
21:02 Ryan_Lane a state is a 'declaration' of the state of a resource on your system
21:02 KyleG joined #salt
21:02 KyleG joined #salt
21:02 mgw joined #salt
21:02 Ryan_Lane "this file should have this content, this ownership, and these permissions"
21:02 joshfu joined #salt
21:03 Ryan_Lane it's idempotent, so no matter how many times you run the state, it should have the same effect
21:03 Vynce yes, that sort of syntax is exactly what i want, except i didn't read this becaus ei have no need for requirements.  thanks, i'll see if this covers what i want
21:03 Ryan_Lane cool
21:03 hal58th The new documentation at Salt is going to make some new tutorials. I saw some previews at the conference
21:03 neogenix_ so, if I want to pass a dictionary from pillar into a template (jinja) how do I do that. I can't seem to find anything in the docs that describe it fully
21:03 hal58th new documentation guy*
21:03 mgw1 joined #salt
21:04 Ryan_Lane neogenix_: just use the pillar directly in the template
21:04 aparsons joined #salt
21:04 neogenix_ Ryan_Lane: quick examples you can ship me to?
21:04 Ryan_Lane {{ pillar.mypillarvariable }}
21:04 Vynce (atm i'm trying to figure out a nested conditional — like, i have a foobar.sls that only happens if G@foo:bar … but i want, inside that, to have a file.managed that is skipped unless G@baz:quux.  i'm sure this is easy, i just can't find a simple thing that explains how to do that sort of thing.)
21:05 markm_ joined #salt
21:05 neogenix_ Ryan_Lane: woohoo. Thank you!
21:05 Ryan_Lane yw
21:06 Rob___ joined #salt
21:07 Rob___ As anyone know of an easy way to ignore subversion .svn directories from file.recurse?
21:07 Rob___ Sorry...should have said "Does anyone..."
21:07 hal58th Rob___ one sec
21:07 LtLefse - exclude_pat: ".svn"
21:07 hal58th yeah, what he said
21:08 Rob___ thank you. I tried *.svn without quotes and it had trouble with it...I will try.
21:09 hal58th Since the directory is always called ".svn", you won't need a asterisk (glob).
21:11 rocket joined #salt
21:12 baweaver joined #salt
21:12 treborTech_ joined #salt
21:13 Vynce hm.  no, i still don't have a grasp on it.
21:14 ciandro joined #salt
21:14 ciandro hi y'all
21:14 ciandro i have a question regarding grains
21:14 murrdoc dont use em
21:14 murrdoc next question
21:15 ciandro why?
21:15 murrdoc (totally kidding, what teh question)
21:15 ciandro hahaha
21:15 ciandro :)
21:15 Auroch joined #salt
21:15 ciandro so i have been noodling around this process to stand up servers by themselves
21:15 ciandro as automated as possible
21:16 ciandro so far what i do is i create an AMI with packer, I bootstrap salt and i run a JDK module i made, tomcat, apache, etc
21:16 ciandro but at first run i want to keep them sort of generalized
21:16 ciandro not running, etc
21:17 ciandro in puppet (i know) i used to write these modules where an if statement based on a fact determined if dropping a file, starting a service, etc
21:17 [7hunderbird] joined #salt
21:17 ciandro but in salt, if the grains are not predefined, it errors
21:19 ciandro so i have to make the grain in advance before i bootstrap salt
21:19 ciandro whats the best way to do it?
21:20 hal58th ahhh, in your sls file, you can write "{% if salt['grains.get']('yourgrain') is defined %} ciandro
21:20 hal58th then you won't error out when grain is not definied
21:20 ciandro aH!
21:20 ciandro that's cool
21:21 otter768 joined #salt
21:21 ciandro and then i can use a the grain value to chooe a file or another?
21:21 _prime_ joined #salt
21:21 murrdoc sure
21:22 murrdoc depends on the source of the grains
21:22 murrdoc grains are on the server so not consider 'secure'
21:22 murrdoc pillars are on the master server
21:22 ciandro no it's more like
21:22 ciandro i dont want to define what version of cacert to use on the base image
21:23 murrdoc got it
21:23 murrdoc aws ?
21:23 ciandro but i want support on the module so then when i create an instance from that template, i injcet the vertsion number in a grain at cloud-init and based on that it'll go and grab it
21:23 Andre-B_ joined #salt
21:23 murrdoc or gce
21:23 ciandro gce?
21:23 murrdoc google compute
21:23 ciandro yeah
21:24 murrdoc https://github.com/saltstack/salt-contrib/blob/master/grains/gce.py
21:24 murrdoc so u can read in grain data from gce metadata store
21:25 murrdoc and work with what hal58th recommended
21:25 ciandro i was thinking i could say if grains is defined
21:25 ciandro lookup the pillar?
21:25 baweaver joined #salt
21:26 murrdoc "{% if salt['grains.get']('yourgrain') is defined %}
21:27 mikaelhm joined #salt
21:29 ciandro thanks guys! This is the first time i used the IRC channel it's pretty awesome
21:29 ciandro more questions to come :)
21:30 rap424 joined #salt
21:32 pipps joined #salt
21:32 iggy don't use that grain, it's rubbish
21:33 iggy the author is a doodoo face
21:34 murrdoc that brain johnson
21:34 murrdoc no brain johnson, amirite
21:34 iggy heyo
21:34 ciandro actually it seems to run anyways
21:34 ciandro if i put a statement such as
21:34 iggy (btw, you would not believe how often people call me brain)
21:35 murrdoc i will
21:35 ciandro {% if salt['grains.get']('ciandro') is defined %} test if statement:   file.managed:     - name: /opt/cacerts     - source: salt://base-java/files/cacerts {% endif %}
21:35 murrdoc i have a foreign name and live in america
21:35 murrdoc name.status()==butchered
21:35 ciandro but there is no such grain on the server
21:35 Eureka_ So I have salt-cloud deploying a system on vsphere but when the minion comes up finally its using the IP address as the minion id rather than the name specified when creating the system. I am using the default bootstrap script. Any thoughts?
21:36 iggy grains.get ciandro None
21:36 iggy put None for the default otherwise the default return is an empty string or KeyError or something
21:36 ciandro {% if salt['grains.get']('ciandro' None) is defined %}?
21:36 iggy both of which are "defined"
21:37 iggy {% if salt['grains.get']('ciandro', None) is defined %}?
21:37 ciandro ahh ok
21:37 ciandro let me try
21:37 ciandro it's still writing the file
21:38 Singularo joined #salt
21:38 ciandro {% if salt['grains.get']('ciandro', None) is defined %}
21:39 timoguin joined #salt
21:40 perfectsine joined #salt
21:41 iggy and that is definitely not in the minions grains?
21:42 ciandro yup
21:42 ciandro # cat /etc/salt/grains {}
21:42 murrdoc salt-call grains.ls
21:43 ciandro biosreleasedate     - biosversion     - cpu_flags     - cpu_model     - cpuarch     - domain     - fqdn
21:43 murrdoc {% if salt['grains.get']('ciandro', '')  %}
21:43 murrdoc do that
21:44 ciandro yeah i found that here now http://docs.saltstack.com/en/latest/topics/targeting/grains.html
21:44 ciandro same thing
21:44 ciandro it still writes the file
21:45 iggy I've never used is defined fwiw
21:45 hal58th not sure what the problem is ciandro.
21:46 hal58th Are you deleting the file and then running the highstate?
21:46 baweaver joined #salt
21:46 kermit joined #salt
21:47 ciandro i was running salt 'nodename' state.sls state-name
21:47 mpanetta joined #salt
21:47 ciandro and yeah, i deleted the file and it gets recreated
21:47 hal58th the whole state shouldn't even be listed if this is working correctly.
21:47 hal58th try making a random grain name.
21:48 hal58th for the if statement
21:48 ciandro Changes:               ----------               diff:                   New file
21:48 ciandro {% if salt['grains.get']('hal58th', '') is defined %}
21:49 mpanetta joined #salt
21:50 ciandro it still did it
21:50 hal58th hmmmm, one sec
21:50 murrdoc can u paste the whole state up in here
21:50 murrdoc not int he channel
21:50 murrdoc but use like a service
21:50 murrdoc gist ?
21:51 mdupont joined #salt
21:51 iggy I would expect that to be true fwiw ('' is defined... as an empty string)
21:51 murrdoc no need for the is defined
21:51 iggy ^
21:52 murrdoc {% if salt['grains.get']('hal58th', '') %} will work
21:52 hal58th ah yes. that's why I originially did not put a default into my stuff
21:52 ciandro {% if salt['grains.get']('hal58th', '') %}
21:52 ciandro like this?
21:52 pipps joined #salt
21:53 hal58th yes
21:53 ciandro maybe i am actually thinking the logic of all this wrong
21:53 ajw0100 joined #salt
21:53 neogenix_ Ryan_Lane: I think I'm still perplexed on this one. :\
21:53 iggy gist.github.com
21:53 ciandro basically i hjust want to have the file.managed available as soon as the grain will be injected
21:53 iggy it's easier to talk about real life code than abstract/imaginary stuff
21:54 ciandro i have 2 phases
21:54 ciandro first i want to populate my base AMI with Salt
21:54 ciandro then it gets packaged in a template by Packer
21:54 [7hunderbird] joined #salt
21:54 ciandro and as i create servers from that image, i inject grains that will activate starting services, or dropping files, etc
21:55 ciandro so maybe i am just engineerting this wrong...
21:55 iggy normally you see grains['roles'] as a list
21:56 iggy then {% if 'webserver' in grains.get('roles', []) %}
21:56 ciandro i even thought to divide my modules in two
21:56 Ryan_Lane neogenix_: on what?
21:56 jespada joined #salt
21:56 [7hunderbird] joined #salt
21:56 ciandro first one when the template is made, the second set of formulas when the instance is created from template
21:57 ciandro but it seems redundant
21:57 Ryan_Lane in templates, pillar is a dictionary, so all of the pillars are just keys inside of it
21:57 Ryan_Lane {{ pillar }} <-- all of your pillars
21:57 Ryan_Lane {{ grains }} <-- all of your grains
21:58 tbird joined #salt
21:58 murrdoc {{ singleladies }} <— self explanatory
21:58 ciandro hahaha
21:59 ciandro i guess i am trying to 'puppetize' it :(
21:59 neogenix_ Ryan_Lane: the dict/etc.. stuff from earlier. Here's a gist of what I'm trying to do : https://gist.github.com/neogenix/04922c0c3f30be7dcaf8
22:00 joshfu joined #salt
22:00 ciandro in puppet i would have just written: https://gist.github.com/ciandro/ddd6dac6419ba6d7495d
22:00 iggy ugh... all those sets
22:00 johnkeates joined #salt
22:00 losh I've got this in a top.sls file ... '* and not filer-2*': ... is that actually a valid for excluding hosts filer-20 filer-22 etc?
22:00 iggy makes my eyes bleed... someone's been reading the zookeeper-formula too much
22:01 hal58th maybe some python variable programming would help you ciandro
22:01 Ryan_Lane neogenix_: what's not working?
22:01 iggy losh: should work fine
22:01 hal58th losh, if you specify that this is a compound match, then yes
22:02 ciandro in what sense?
22:02 losh iggy, hal58th; yes, it is specified as a compound match.
22:02 Ryan_Lane neogenix_: one thing I notice is that consumers is a dict of dicts
22:02 Ryan_Lane so your consumer loop isn't going to work
22:03 Ryan_Lane you probably want for consumer, val in consumers.items()
22:03 p0rkbelly joined #salt
22:04 neogenix_ Ryan_Lane: oh, that part actually works, but I'd be down with changing it.
22:04 Ryan_Lane maybe it works because it's just getting the keys
22:04 neogenix_ Ryan_Lane: right now, I just can't seem to get the items of each of the consumers part of the dict actually into the jinja. bah!
22:04 aparsons joined #salt
22:04 Ryan_Lane oh, yeah, items, then
22:04 neogenix_ Ryan_Lane: that's probably it, in retrospect.
22:04 nickdew joined #salt
22:04 Ryan_Lane items will give you the split key/val
22:05 iggy 2 space indents and file.managed
22:05 Ryan_Lane it works pretty similarly to python
22:05 iggy or flying spaghetti monster starts killing kittens
22:05 neogenix_ iggy: heh. pep8 yoh!
22:06 iggy it's yaml, not python
22:06 murrdoc yet another my language
22:08 loz-- joined #salt
22:09 * neogenix_ will rework it this evening, post trip to vendor-ganistan.
22:10 mosen joined #salt
22:11 Habsgoalie left #salt
22:11 losh I must misunderstand how matching or salt-ssh or pillar/state files work becuase I can't exclude the host in the roster file to save my life.
22:12 aquassaut joined #salt
22:13 markm joined #salt
22:14 iggy I don't know salt-ssh, but that match definintely works on the command line
22:15 preachermanx joined #salt
22:22 hal58th might be a problem with targeting and salt-ssh. possible but unlikely
22:22 germs_ joined #salt
22:24 enarciso joined #salt
22:25 Whissi joined #salt
22:32 baweaver joined #salt
22:35 markm joined #salt
22:36 subsignal joined #salt
22:38 JEff___ joined #salt
22:42 aparsons joined #salt
22:43 nickdew joined #salt
22:44 lucidd joined #salt
22:44 baweaver joined #salt
22:44 dooshtuRabbit joined #salt
22:45 dooshtuRabbit joined #salt
22:47 aparsons joined #salt
22:48 nickdew left #salt
22:48 nickdew joined #salt
22:53 yomilk joined #salt
22:53 nickdew left #salt
22:54 nickdew joined #salt
22:57 beerguy2015 joined #salt
23:02 mikaelhm joined #salt
23:05 zwi joined #salt
23:05 bfoxwell joined #salt
23:07 pipps joined #salt
23:07 zwi joined #salt
23:08 mapu joined #salt
23:09 joshfu joined #salt
23:13 viq joined #salt
23:22 otter768 joined #salt
23:29 baweaver joined #salt
23:32 micko joined #salt
23:34 ajw0100 joined #salt
23:36 viq joined #salt
23:36 nickdew exit
23:38 seblu joined #salt
23:39 ajw0100 joined #salt
23:40 iggy NOOOOOOOOOO!!!!1!!1!1!
23:44 koomi joined #salt
23:45 garthk Ok, time to try to automate gathering public SSH keys from build agents and dump them into another file elsewhere. Suggestions on which Salt machinery to use for that?
23:46 hal58th salt mine?
23:46 garthk Strikes me Reactor works if and only if I catch some event the first time, e.g. minion added, state applied for first time.
23:46 garthk hal58th: looks useful; ta
23:47 hal58th never had to use it, but have recommened it many times
23:48 jhauser joined #salt
23:49 iggy garthk: public or private keys?
23:49 garthk iggy: public
23:50 mschiff joined #salt
23:50 iggy okay, then mine might work
23:50 iggy there's also wheel modules
23:51 APLU joined #salt
23:58 garthk iggy: fascinating, but docs are a bit thin on the ground: what does it do? what's the main use case?
23:59 iggy your minions can write out files on the master (at least that's what some of them are for)

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary