Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2015-06-26

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:00 UtahDave like this   {% set my_files = salt['cmd.run']('ls -lh /tmp/') %}
00:00 UtahDave then you can loop over my_files or whatever
00:02 codehotter awesome
00:02 codehotter can all minions access all my states?
00:02 codehotter how do I make a minion able to access only the state that are intended for it
00:04 Katyucha joined #salt
00:09 ALLmightySPIFF joined #salt
00:12 heewa joined #salt
00:16 otter768 joined #salt
00:18 ajw0100 joined #salt
00:22 vaspiros joined #salt
00:33 bja joined #salt
00:33 jimklo_ joined #salt
00:36 heewa I’m getting a code error (missing dict key) when trying to install an apt package on ubuntu, inside the “hold” thingie? It happens on both v2015.5.1 and latest from the develop branch. I don’t mind diving into the code, but I don’t really understand the “hold” stuff. Anyone know what that is? Or better yet, what this problem might be?
00:37 GabLeRoux joined #salt
00:37 amcorreia joined #salt
00:38 cruatta joined #salt
00:42 cruatta__ joined #salt
00:45 cruatta joined #salt
00:48 GabLeRoux joined #salt
00:50 MatthewsFace joined #salt
00:52 baweaver joined #salt
00:53 cruatta joined #salt
01:02 husanu joined #salt
01:02 GabLeRoux joined #salt
01:03 ITChap joined #salt
01:08 UForgotten joined #salt
01:09 forrest joined #salt
01:11 pravka joined #salt
01:17 joehoyle joined #salt
01:17 bones050_ joined #salt
01:18 DammitJim joined #salt
01:26 beauby joined #salt
01:28 meanieotter joined #salt
01:29 DammitJim does the /srv directory and sub directories have to be owned by the group root?
01:30 david_an111 joined #salt
01:30 ALLmightySPIFF joined #salt
01:34 DammitJim I have been creating state files so far (very static) to install packages and copy files
01:34 DammitJim how do I make "decisions" on those state files?
01:34 DammitJim I am now running into what you might consider a very simple problem
01:35 DammitJim some servers will have java 7 installed vs java 8
01:35 DammitJim but when installing tomcat, I have to make sure that java is installed and I don't want the minion to automatically go out and get openjdk
01:36 DammitJim how do I make salt let me know or ask me what version of Java I would like to install?
01:36 DammitJim (if it isn't installed already?
01:36 DammitJim or do I have to just create a specific configuration per server that says: java8, tomcat7, etc...
01:37 DammitJim and the tomcat7.sls that I have for this server has to require java8?
01:37 DammitJim then for another server, I have to create a separate tomcat7.sls but that requires java7?
01:38 desposo joined #salt
01:42 GrueMaster joined #salt
01:45 cztanu codehotter: you would need to separate your states into different environments. Minions have access to the entire state tree where they are matched in the top file.
01:52 ITChap joined #salt
01:59 husanu joined #salt
02:02 furball365 joined #salt
02:02 Furao joined #salt
02:09 beauby joined #salt
02:09 mapu joined #salt
02:10 julez joined #salt
02:13 amcorreia joined #salt
02:18 heewa @DammitJim While that would work, there are more elegant ways of solving it. One way is to have your tomcat sls depend on (“require”) a java sls (state), without worrying about version, and then include a different java sls for different servers. A yet-more-elegant way woud be to template a single java sls to choose the java version based on some factor, like a pillar variable, which you can assign to different servers based on roles or OS
02:18 heewa versions or whatever.
02:22 giantlock joined #salt
02:23 gmoro joined #salt
02:23 thehaven joined #salt
02:25 beauby joined #salt
02:26 quasiben joined #salt
02:31 ALLmightySPIFF joined #salt
02:36 kusams joined #salt
02:36 writtenoff joined #salt
02:41 DammitJim joined #salt
02:44 theologian joined #salt
02:47 mikezuff joined #salt
02:53 favadi joined #salt
02:59 otter768 joined #salt
03:00 kusams joined #salt
03:02 thomas54 joined #salt
03:02 thomas54 howd
03:02 thomas54 y
03:02 ndrei joined #salt
03:03 thomas54 I have a question, can anyone point me to the script that salt uses in the backend to execute salt states agains a minion
03:09 Ahlee There is no single script
03:10 beauby joined #salt
03:11 Ahlee you can start here: https://github.com/saltstack/salt/blob/develop/salt/minion.py#L531
03:16 bastiandg joined #salt
03:25 darknight87 joined #salt
03:27 darknight87 hi guys, I have stored an encrypted password in amysql db using python's mysqldb and cryptography module. How can I use salt to retrieve this encrypted cipher and create a linux user and set this password on a remote host?
03:28 darknight87 i read up on ext_pillars, but couldn't find anything relevant
03:32 ALLmightySPIFF joined #salt
03:39 hrumph joined #salt
03:39 hrumph hi
03:40 hrumph how safe is it to have a salt master that's not behind a firewall? (although it would have its own firewall of course listening  only for salt connections on the local network)
03:44 bastiandg joined #salt
03:47 darknight87 joined #salt
04:03 baweaver_ joined #salt
04:08 darknight87 joined #salt
04:08 darknight87 hi guys, I have stored an encrypted password in amysql db using python's mysqldb and cryptography module. How can I use salt to retrieve this encrypted cipher and create a linux user and set this password on a remote host?
04:08 darknight87 i read up on ext_pillars, but couldn't find anything relevant
04:14 geekatcmu Correct me if I'm wrong, but if I have mine_functions actually *working*, then there should be some mine.p files on the master with size > 1, right?
04:25 hrumph how safe is the salt master if from its own firewall (it only allows connections on the salt ports from the lan), but it's in situated in a non-firewalled lan
04:25 hrumph should i be contmplating usage of a vpn for salt traffic?
04:26 favadi joined #salt
04:27 hrumph doesn't make much sense really i think
04:28 pelzi_ if you don't have untrusted devices / lack of physical security on the link you do not generally need a vpn.
04:29 hrumph yeah a vpn won't help i don't see how it would unless it were for use from people outside the lan
04:30 hrumph security wise i wouldn't get anything more than not allowing connections from outside the lan (on the salt-master's firewall)
04:30 pelzi_ a vpn is a way to permit traffic to flow when some security person does not want it to flow normally
04:30 malinoff joined #salt
04:30 pelzi_ this can be useful, especially host-to-host ipsec prevents middle men from meddling and breaking the traffic with their "deep inspection" shit
04:30 pelzi_ but unless you have to, don't do it
04:31 hrumph pelzi_, to my mind the normal usage of a vpn is so people from the outside can effectively join on a local lan with a server (or other computers they wish to communicate with)
04:31 aea joined #salt
04:31 hrumph a vpn woul be important if people from outside the lan wanted to talk to the salt master. in that case i would have to set up a vpn
04:32 pelzi_ well, yes, usually a vpn is used because stuff is numbered with private addresses, and that results in tunnels, nat and pain
04:32 pelzi_ and the encryption part is not interesting to almost anyone, just the tunneling
04:32 ALLmightySPIFF joined #salt
04:33 pelzi_ and yes, from there you can conclude that you don't generally need a tunnel if you can just forward the packets normally.
04:34 sahilsinha joined #salt
04:35 hrumph pelzi_, consider the case of someone on a lap top and their lap top cannot be identified over the interent because it could be any random starbucks dhcp address....for them if they wnted to talk to the salt master i'd want them to join a vpn
04:35 pelzi_ in case of salt, it already has crypto, so the main fear is a remote root or other type of exploit in the master. a vpn does not help with that, although it may allow you to reduce attack surface if you have minions situated across an un-trustworthy network from the master
04:36 pelzi_ well, you're replacing salt as the most-exposed surface with a vpn box, not solving the problem, but moving it elsewhere; it's up to you to decide if salt or your vpn box is more trustworthy
04:36 malinoff hrumph, this is probably not the best idea, to connect to important services from random locations
04:37 hrumph malinoff ok i'm not going to allow it at all then under any circumstances
04:37 hrumph pelzi_, i am considering what you are saying
04:37 pelzi_ I am generally disgusted with the idea of a firewall seeing all traffic, being the gatekeeper of everything, running a gazillion app proxies, vpn services or whatever; this is an awful idea but when some vendor puts it in a flashy box it is suddenly great and secure
04:37 sahilsinha pelzi_: pfsense?
04:38 sahilsinha firewall/router is a useful thing for a network
04:39 pelzi_ and the real high security networks like banks quite often just drop everything at L3 with ACLs, and have very traditional app proxies to access the outside world
04:39 pravka joined #salt
04:39 pelzi_ the box with L3 ACLs is pretty trustworthy, unlike most firewalls which make my skin crawl whenever you look at what is actually inside
04:40 pelzi_ now that it is actually fashionable to man-in-the-middle all SSL traffic in firewalls, the disaster is ready
04:40 pelzi_ you have a box that is certainly exploitable, it has a cert to man-in-the-middle everything...
04:41 sahilsinha meaning youre running a CA which you're certainly not qualified to do?
04:41 sahilsinha what alternative architecture is there?
04:41 pelzi_ this feature relies on pushing a fake CA to all clients, which enterprise people happily do.
04:42 hrumph ot but the only reason why my employer has no firewall is because they think it costs millions of dollars to set up or something...i keep jokin pay me $50 and i'll do it...
04:42 pelzi_ firewalls were useful when they just dropped traffic unless an acl permits it, and if they did not drop it, no disaster. once it changed to them meddling with everything at L7 it became a farce
04:42 hrumph (i work at a major canadian university that never seems to get around to firewalling anything)
04:43 horus_plex firewall, smirewall
04:43 hrumph horus_plex, at any rate its a speed bump...
04:43 hrumph bypassing a firewall is  a cost in time and effort to hackers just like climbing a fence is to a would be tresspasser
04:44 pelzi_ and of course there have always been those people who have their networks full of boxes with "admin/password" because it is firewalled
04:44 pelzi_ that kind of people just cannot be helped
04:45 pelzi_ generally, if your salt master is running salt and nothing else, adding a firewall in front does not help much; it may if you filter outgoing traffic but people never do that because oh, it's hard
04:45 pelzi_ but proper acl's on the box itself are a good idea in all cases, with a firewall or not
04:46 hrumph pelzi_, is there a web page that talks about acl's for salt?
04:46 hrumph found it
04:47 hrumph no not this one
04:47 hrumph acl's for minions
04:47 pelzi_ I'm not sure; I just use iptables
04:47 hrumph ok you refer only to firewalling
04:47 hrumph fair enough
04:47 pelzi_ yeah, higher level auth is something else entirely (although guess what, the fw vendors want to do that too)
04:48 hrumph i would like to restrict it to just our machines and nothing else but there are some oether machines on the lan that aren't ours and some of our machines get dhcp adddesses so i can't have an absolute acl as good as it would be
04:48 hrumph best i know to do is restrict to lan ip's
04:49 pelzi_ yeah, so you just have to trust salt's PKI, and the salt master to not have bugs that allow the neighboring hosts to do evil things without being added to salt
04:49 pelzi_ this is not a bad situation
04:50 hrumph pelzi_, i can't stop minions from being compromised by rogue employees
04:51 hrumph pelzi_, they have admin rights on there machines and can read the keys
04:51 hrumph pelzi_, they could also replace modules in the module cache which could cause some danger when data in the module is processed (sql injections and the like)
04:51 pelzi_ as long as you don't target secrets to the minion that it should not know, and salt has no buffer overflow or injection style bugs, it's all good
04:51 hrumph we are working toward taking away their admin rights
04:52 pelzi_ if they have physical access it's always physical access, tho
04:52 hrumph pelzi_, my assumption is that it has the same level of buffer/injection holes as active directory does...the situation is pretty much the same
04:52 hrumph cept active directory has been battle-hardened because  millions of hours of use....
04:52 pelzi_ yeah
04:53 pelzi_ now, as long as the master and minion communicate, there is risk
04:53 pelzi_ the communication is encrypted, so anything on the wire is not going to be able to help *at all*
04:54 pelzi_ it's just the risk you have to take :)
04:55 hrumph i do hope that the devels take an actvie interest in the injection attack possibility
04:56 pelzi_ well, unlike most apps, security probably does matter for salt from the standpoint of lost users per exploit
04:56 pelzi_ sony et al have proven that for general purpose apps, people do not give a shit
05:00 otter768 joined #salt
05:04 catpigger joined #salt
05:06 scoates joined #salt
05:17 joeto joined #salt
05:18 napsterX joined #salt
05:33 ALLmightySPIFF joined #salt
05:36 toddnni joined #salt
05:44 Furao joined #salt
05:50 husanu joined #salt
05:52 darknight87 joined #salt
05:53 jhauser joined #salt
05:58 colttt joined #salt
06:06 AndreasLutro joined #salt
06:06 ITChap joined #salt
06:08 clintberry joined #salt
06:10 binocvlar joined #salt
06:21 dopesong joined #salt
06:21 donmichelangelo joined #salt
06:26 ndrei joined #salt
06:32 bfoxwell joined #salt
06:34 ALLmightySPIFF joined #salt
06:51 favadi joined #salt
06:56 darknight87 joined #salt
06:59 kawa2014 joined #salt
07:01 otter768 joined #salt
07:05 supersheep joined #salt
07:07 husanu joined #salt
07:08 dopesong joined #salt
07:09 dopesong_ joined #salt
07:11 thalleralexander joined #salt
07:11 eseyman joined #salt
07:13 KermitTheFragger joined #salt
07:13 Romlok joined #salt
07:19 stoogenmeyer joined #salt
07:21 favadi joined #salt
07:23 jhauser joined #salt
07:23 markm joined #salt
07:29 slav0nic joined #salt
07:34 ndrei joined #salt
07:36 forrest joined #salt
07:37 evle1 joined #salt
07:41 rakan joined #salt
07:42 rakan Hello everyone
07:43 AndreasLutro hello
07:43 rakan To get the list of all minion IP addresses, i would use salt mine to get this list. However, let's take a scenario of starting 10 AWS instances where as soon as the first one is up, it's going to talk to the master to start provisioning. When that instances gets to the part where i have to add all IP addresses to a template, the 8th or 9th or 10th instances might not up be yet.
07:44 ajw0100 joined #salt
07:44 rakan What do we do in this situation?
07:44 rakan Is  there like a "wait until all minions are up" solution?
07:44 rakan The current solution i am thinking is to actually invoke the python API manually
07:45 rakan But i would like this to be within my saltstack states
07:46 AndreasLutro sounds like a job for the reactor system
07:47 OliverMT you can just activate the master on each minion up indeed?
07:47 rakan OliverMT: yup that's the current implementation. But each minion would be provisioned separately
07:48 rakan requiring other minion IPs would have to wait until all minions are uo
07:48 rakan up*
07:48 OliverMT I mean, activate the master for that IP spreading sls only
07:48 rakan AndreasLutro: How can the reactor help?
07:48 OliverMT so you add as you go
07:49 rakan OliverMT: i don't seem to follow... could you please elaborate?
07:49 OliverMT the reactor triggers on minion up
07:50 OliverMT which re-runs the ip gathering and spreading
07:51 rakan aha i see
07:51 rakan That sounds like a plan
07:52 rakan The solution would be easier in python/boto where i can just loop until all instances are up and then push a command run
07:52 gcfhvjbkn joined #salt
07:52 rakan But i'll explore how the reactor and minion_start works
07:52 OliverMT looping until they are all up sounds incredibly fragile compared to just reacting on atomic events like minion is up
07:53 OliverMT what happens if one instance never gets up?
07:53 rakan Some failover has to be added... it's not that simple i agree
07:55 Fredooo joined #salt
07:55 s_kunk joined #salt
07:56 darknight87 joined #salt
07:58 evle1 joined #salt
08:01 chiui joined #salt
08:04 FRANK_I joined #salt
08:07 supersheep joined #salt
08:07 impi joined #salt
08:07 gcfhvjbkn my salt mine seemingly does nothing, why is that?
08:07 gcfhvjbkn http://pastie.org/private/j2wgwgh4lzpkda7dt7mq
08:07 gcfhvjbkn this is the example from the docs
08:08 gcfhvjbkn i do "salt '*' mine.update" then "salt '*' mine.get '*' test.ping" and nothing happens
08:08 ALLmightySPIFF joined #salt
08:09 clintberry joined #salt
08:11 Nazca joined #salt
08:12 ndrei joined #salt
08:12 viking60 joined #salt
08:14 viking60 Weather:   Conditions 54 F (12 C) - Clear Time June 26, 10:14 AM CEST
08:14 clintberry joined #salt
08:15 napsterX joined #salt
08:19 viking60 Hi for a while there I had to stop the salt master due to 100% CPU use and no contact with the minions - after a few updates everything is fine again - something you guys did?
08:20 viking60 I only increased the worker threads but I doubt that was it
08:20 viking60 http://bjoernvold.com/forum/viewtopic.php?f=11&t=3228&p=18205#p20434
08:24 gcfhvjbkn https://github.com/saltstack/salt/blob/9f24ec2d8d02fe75f32721e9e084be32dbece08c/salt/modules/mine.py#L126
08:24 bash124512 left #salt
08:24 gcfhvjbkn why not give away a stacktrace?
08:24 gcfhvjbkn i've got absolutely no idea why "[ERROR   ] Function grains.get in mine_functions failed to execute"
08:27 viking60 Ah so known and fixed then -great
08:28 MatthewsFace joined #salt
08:28 AndreasLutro gcfhvjbkn: pull request!
08:28 Furao joined #salt
08:30 julez joined #salt
08:31 gcfhvjbkn AndreasLutro: i don't mind; so you are sure there's no higher motive for not giving it to the user?
08:31 gcfhvjbkn ok, that's more of a rhetorical question anyway
08:32 OliverMT gcfhvjbkn: as a developer in general, let me give you an image of how we view users: http://i.imgur.com/mWUwmC0.gif
08:32 OliverMT so maybe thats why? :)
08:32 OliverMT I am guessing because its pretty noisy
08:33 AndreasLutro gcfhvjbkn: I think you give salt's codebase too much credit ;)
08:36 Fredooo my node groups are not working when i user external_auth on my salt-master, is it normal ?
08:37 Fredooo with a standard user : salt -N sysprod test.ping -a pam >> Node group sysprod unavailable in /etc/salt/master
08:38 Fredooo with root : salt -N sysprod test.ping -v >> mymachine: True
08:38 darknight87 joined #salt
08:39 ndrei joined #salt
08:43 Fredooo my user have to add "-a pam" everytime he run a command, it possible to make it transparent ?
08:43 bhosmer_ joined #salt
08:45 lb1a joined #salt
08:49 ndrei joined #salt
08:50 ventris_ joined #salt
08:55 fisuk joined #salt
08:58 darknight87 joined #salt
09:02 otter768 joined #salt
09:08 monkey661 joined #salt
09:09 husanu1 joined #salt
09:11 linjan joined #salt
09:23 husanu1 joined #salt
09:29 al joined #salt
09:29 bhosmer_ joined #salt
09:33 viking60 joined #salt
09:33 sgargan joined #salt
09:33 ingslovak joined #salt
09:38 is_null left #salt
09:40 bhosmer_ joined #salt
09:43 rdas joined #salt
09:45 keimlink joined #salt
09:47 bhosmer_ joined #salt
09:48 viq joined #salt
09:53 stoogenmeyer joined #salt
09:56 bhosmer_ joined #salt
09:57 ramaseshan joined #salt
10:02 eliasp I have a 'file.directory' state failing with test=true, because the 'user' defined for this directory doesn't exist yet… I have a requisite pointing to the 'user.present' state which is responsible for creating this user…
10:02 eliasp so shouldn't 'file.directory' be a little more intelligent and either not fail as long as there are unfulfilled requisites or just inspect the defined requisites to look for the missing user?
10:06 bhosmer_ joined #salt
10:11 daemonkeeper In the state recursion hell, can I require a particular state within a SLS require only? e.g. - require: - sls: statesls.item-in-there?
10:11 AndreasLutro daemonkeeper: why would you need to specify the sls if you know the state ID?
10:12 daemonkeeper Can I require a particular state directly?
10:12 bhosmer_ joined #salt
10:12 eliasp daemonkeeper: either "sls: foo" or just the state directly: "file: bar"
10:13 daemonkeeper ohhh.
10:14 daemonkeeper Thanks eliasp.
10:14 eliasp daemonkeeper: see: http://docs.saltstack.com/en/latest/ref/states/requisites.html
10:14 imanc_ joined #salt
10:15 daemonkeeper I even use file as require already. I just thought about complicating life to myself for some reason.
10:15 daemonkeeper somewhere else that is.
10:16 bhosmer_ joined #salt
10:23 supersheep joined #salt
10:31 Grokzen joined #salt
10:34 robothands hello. is there a way to specify 2 variables when using context? like this: http://pastie.org/10260003
10:34 meanieot_ joined #salt
10:34 robothands atm, I get "ip is undefined"
10:35 AndreasLutro that is the correct way to do it
10:35 robothands I see....I'm not sure why the ip context is not working then
10:35 AndreasLutro could be that the extend stuff is messing with it
10:35 AndreasLutro not sure
10:35 robothands ill test that out, thanks for the suggestion
10:35 AndreasLutro your indentation is also inconsistent
10:35 AndreasLutro yaml can be kinda picky with that
10:36 robothands ah...
10:36 robothands ok thanks, I'll look over it
10:42 stoogenmeyer joined #salt
10:46 ALLmightySPIFF joined #salt
10:51 CeBe joined #salt
10:56 peters-tx0 joined #salt
11:00 mariusv joined #salt
11:00 mariusv joined #salt
11:01 viking60 joined #salt
11:03 otter768 joined #salt
11:13 _JZ_ joined #salt
11:19 ndrei joined #salt
11:20 kbyrne joined #salt
11:21 kbyrne joined #salt
11:22 scottpgallagher joined #salt
11:25 Number6 joined #salt
11:27 giantlock joined #salt
11:28 drawsmcgraw joined #salt
11:29 _JZ_ joined #salt
11:36 bhosmer joined #salt
11:37 ndrei joined #salt
11:45 codehotter Is there a way to get output as each state finishes rather than a summary at the end?
11:45 maciejczyzewski joined #salt
11:45 codehotter I'm doing salt <minion> state.highstate
11:46 maciejczyzewski left #salt
11:47 bhosmer joined #salt
11:49 ALLmightySPIFF joined #salt
11:50 bhosmer joined #salt
12:01 darknight87 hi guys, I have an encrypted column in a mysql database and I want to use salt to decrypt this column, is there a way to do this?
12:02 bhosmer joined #salt
12:02 bhosmer_ joined #salt
12:02 AndreasLutro darknight87: encrypted how? http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.gpg.html#salt.modules.gpg.decrypt is a possibility
12:03 bhosmer joined #salt
12:04 AndreasLutro you could also write your own renderer that takes care of decryption transparently, or write your own module for decrypting where needed
12:09 agronholm joined #salt
12:09 agronholm why is it that salt-minion thinks it's still connected to the master while it's not? I have ping_interval: 2 set in the minion config.
12:10 agronholm yet the connection stays open on the minion's side while it's been dropped on the master's side
12:10 agronholm wasn't ping_interval specifically meant to combat problems like these?
12:17 heewa joined #salt
12:18 amcorreia joined #salt
12:19 bhosmer joined #salt
12:19 denys joined #salt
12:19 eseyman joined #salt
12:20 wpot joined #salt
12:23 DammitJim joined #salt
12:24 fredvd joined #salt
12:35 bhosmer joined #salt
12:35 subsignal joined #salt
12:37 subsignal joined #salt
12:39 DammitJim so, I posted this question last night about how one manages the configuration of 1 server vs another
12:40 DammitJim simple example being 1 server uses java 7 and the other, java 8
12:40 DammitJim does one create a pillar that helps you decide what each one gets?
12:40 OliverMT yes
12:40 bhosmer joined #salt
12:40 DammitJim if so, what is the proper procedure to "ask" the server what it is running?
12:40 DammitJim does one look at the scripts?
12:41 DammitJim does one just go to the server and queries each installation version?
12:41 DammitJim I'm talking about getting a dashboard of: java, tomcat, maven, jasig cas, etc
12:41 DammitJim or is there no feature for that?
12:42 subsignal joined #salt
12:42 AndreasLutro DammitJim: "ask" in what context? in your states you can just do {% if pillar.java.version == 7 %} etc
12:43 DammitJim AndreasLutro, this should probably be found in documentation, but you know how it is.. you are in a meeting and someone asks: "What version is that server running?"
12:43 DammitJim and they want you to look on the server
12:43 DammitJim so, you log on and do java -version
12:43 AndreasLutro aha
12:43 jdesilet joined #salt
12:43 DammitJim is there a way to query the versions of what the server is running for a list of software?
12:43 AndreasLutro salt minion-name pillar.get java.version
12:43 AndreasLutro on the command line
12:43 DammitJim shut up!
12:44 subsigna_ joined #salt
12:44 AndreasLutro ok :(
12:44 DammitJim lol
12:46 DammitJim AndreasLutro, that returned nothing :(
12:47 babilen DammitJim: Do you provide that pillar already?
12:47 AndreasLutro DammitJim: well, I'm assuming you manually defined that pillar data
12:47 DammitJim oh, duh for me!
12:48 AndreasLutro depending on how you want to structure your pillar data you could also do `pillar.get versions.java`
12:48 AndreasLutro that would let you do `pillar.get versions` to get the version of everything
12:49 babilen I wouldn't hardcode too many versions as that typically simply depends on the release of whatever distribution you are running (e.g. install "default-jre" to get *the* java version on Debian and derivatives)
12:49 evle1 joined #salt
12:50 supersheep joined #salt
12:50 DammitJim got it
12:50 DammitJim I'll  have to read up more on pillars to get the version
12:50 DammitJim and what files I need to create
12:50 DammitJim separate question
12:50 DammitJim once a minion has been accepted by the master
12:50 DammitJim can I change the name of the minion that the master knows about?
12:51 DammitJim in my case, all of my servers have a FQDN but 1
12:51 DammitJim that one didn't have it configured properly in the hosts file
12:51 DammitJim I just fixed that
12:51 DammitJim but how do I tell the master to update that info?
12:51 babilen no, you can remove the minion, change its id and then accept the "new" minion
12:51 DammitJim I do that ALL on the master?
12:51 babilen ID is the one thing that is fixed (and thereby also the only bit of information provided by the minion you can rely on)
12:52 DammitJim if I do salt-key -d server
12:52 DammitJim will it show up again and ask to be accepted with the new name?
12:54 babilen Well, you have to change the ID on the minion (either by editing /etc/salt/minion_id or setting/changing the "id: " value in the minion config. My recommendation would be to manage the salt-minion installation with https://github.com/saltstack-formulas/salt-formula (salt.minion) and to provide salt:minion:id in the pillar for that minion)
12:55 permalac joined #salt
12:56 quasiben joined #salt
12:56 DammitJim ok, so I updated the minion_id on the minion
12:56 DammitJim restarted the minion server
12:56 DammitJim then went to the master and deleted the old minion name
12:56 DammitJim did a salt-key -L and the updated name came up
12:56 DammitJim I accepted it
12:56 DammitJim did I miss something?
12:57 babilen Handing over the £600.000 consulting fee to me?
12:57 babilen No, that should be all ..
12:59 * DammitJim hands you some cookies
12:59 DammitJim :D
13:04 otter768 joined #salt
13:05 julez joined #salt
13:09 bhosmer joined #salt
13:09 darknight87 AndreasLutro: thanks. However, is there a way to connect to a mysql db which lies on the salt master server using salt?
13:10 darknight87 maybe an ext_pillar?
13:11 kaptk2 joined #salt
13:11 AndreasLutro darknight87: precisely http://docs.saltstack.com/en/latest/ref/pillar/all/salt.pillar.mysql.html
13:12 sgargan has anyone used the pyobjects renderer recently?
13:13 quasiben joined #salt
13:14 KermitTheFragger joined #salt
13:14 quasiben joined #salt
13:15 darknight87 AndreasLutro: can I use docs.saltstack.com/en/latest/ref/states/all/salt.states.mysql_query.html
13:15 dyasny_ joined #salt
13:15 FeatherKing joined #salt
13:15 darknight87 http://docs.saltstack.com/en/latest/ref/states/all/salt.states.mysql_query.html
13:15 babilen sgargan: you?
13:15 AndreasLutro darknight87: states execute on the minion
13:16 sgargan I’m seeing an issue with a state file i’ve written that uses it
13:16 babilen then yes, somebody used it recently ;)
13:18 sgargan when the master tries to parse it it barfs trying to access the pillar.get function from the salt context
13:18 sgargan https://gist.github.com/sgargan/b81a159074c1b7cbb027
13:19 babilen Did that ever work?
13:19 sgargan which?
13:19 sgargan the pyobjects renderer
13:19 sgargan ?
13:20 babilen No, that particular state or, more general, a similar pillar.get call
13:20 sgargan its failing parsing hte renderer
13:20 babilen (aren't you looking for __pillar__ ?)
13:20 sgargan never gets to my state at all
13:21 racooper joined #salt
13:21 AndreasLutro is it only on reactor runs? if you do state.sls my-sls does that work?
13:21 sgargan I will check
13:22 AndreasLutro sgargan: http://docs.saltstack.com/en/latest/ref/renderers/all/salt.renderers.pyobjects.html#todo is a bad sign!
13:22 babilen I clearly need a better crystal ball
13:23 sgargan hmm looks like i’ve a drawingboard to return to
13:23 jalbretsen joined #salt
13:24 sgargan do any of the other renderers support the reactor that you know of?
13:24 sgargan other than the yaml one
13:24 sgargan though I guess I can start looking there
13:24 AndreasLutro I dunno, I could be reading into it wrong
13:24 babilen #!py
13:24 AndreasLutro seems odd that pillar.get wouldn't work for reactors for that one particular renderer
13:25 babilen I guess that it is monkey patched too late
13:25 sgargan I’ll dig a bit further and see
13:25 sgargan thanks!
13:26 AndreasLutro I was thinking that, but it seems unlikely that the monkeypatching happens at different times depending on which renderer is used
13:26 AndreasLutro sgargan: regardless, you should report an issue on github imo
13:26 AndreasLutro or look for an existing one
13:26 sgargan I will definitely. I’ll try to grab a bit more context for it
13:33 pviktori_ joined #salt
13:40 mpanetta joined #salt
13:41 ws2k3 what is the difference between salt \* test.ping and salt * test.ping ?
13:41 Ahlee nothing
13:41 primechuck joined #salt
13:41 Ahlee other than some shells will attempt to expand * to match items in the current directory
13:41 Ahlee escaping the asterisk will ensure that doesn't happen
13:42 mens joined #salt
13:42 ws2k3 Ahlee thanks
13:42 AndreasLutro ws2k3: if you do the following: echo salt * test.ping
13:42 AndreasLutro you'll see what the difference is
13:43 drawsmcgraw joined #salt
13:44 daemonkeeper Is there a way to express a package dependency before a _state_ can be loaded? I have something like {% set foo = salt[mymodule]() %}, but mymodule requires some library dependencies to be installed. It would be all fine if the SLS file was compiled only after evaluating the dependencies the state has, but apparently it's done before. Is there way around that?
13:45 emaninpa joined #salt
13:46 timoguin joined #salt
13:47 AndreasLutro daemonkeeper: are you aware of __virtual__ ?
13:47 daemonkeeper Probably not if you ask this way
13:47 AndreasLutro well I'm assuming you're writing custom modules/state functionss
13:47 AndreasLutro https://github.com/saltstack/salt/blob/develop/salt/states/git.py#L32-L36
13:48 daemonkeeper Yes, I did
13:48 cpowell joined #salt
13:48 Ahlee you'll need to put the logic in the _state to look for it
13:49 vaspiros joined #salt
13:49 babilen And you would then have another state that installs that dependency and triggers a module update on the minion
13:50 Ahlee it's full of race conditions, but you could write a state that called saltutil.sync_states
13:50 stoogenmeyer joined #salt
13:50 ALLmightySPIFF joined #salt
13:50 daemonkeeper I don't understand. I have def __virtual__(): return "mymodule". It works fine at runtime because I made sure it pulls it's dependencies via requires. However, the SLS does not even compile on the first load (which would cause the dependencies to be installed).
13:51 babilen (or orchestrate the installation of a new minion with orchestrate)
13:51 babilen The minion won't load the module if there are errors during the import
13:52 AndreasLutro daemonkeeper: you should use __virtual__ in "mymodule", and make it return a boolean whether the module can work or not
13:53 AndreasLutro in your state that uses "mymodule" you can install the dependencies for mymodule as long as they get installed before any calls to salt['mymodule.myfunction']
13:53 babilen https://docs.saltstack.com/en/2014.7/ref/modules/index.html#virtual-modules
13:53 babilen (i.e. return the name of the module or False (the latter if it can't work))
13:54 daemonkeeper AndreasLutro: Ah, okay. Let me try that.
13:55 babilen https://docs.saltstack.com/en/develop/ref/modules/index.html#virtual-modules
13:55 babilen (sorry, google pointed at the outdated docs)
13:55 debian112 joined #salt
13:56 cpowell joined #salt
14:00 babilen Pay attention to the Note there
14:00 babilen (and the various examples in the salt codebase)
14:03 murrdoc joined #salt
14:03 spark joined #salt
14:05 andrew_v joined #salt
14:08 babilen Also refresh_modules might be an idea after installing the library in question
14:10 quasiben joined #salt
14:13 vstoniest joined #salt
14:14 kusams joined #salt
14:16 froztbyte mm, looks like I'll have to build an execution module for this thing I want to do
14:17 froztbyte (I have a need of building an updating a dict in place in a template)
14:17 quique joined #salt
14:18 stoogenmeyer joined #salt
14:23 mapu joined #salt
14:23 impi joined #salt
14:26 sgargan_ joined #salt
14:26 dayid left #salt
14:26 favadi joined #salt
14:28 murrdoc joined #salt
14:32 hasues joined #salt
14:33 scoates joined #salt
14:40 scoates joined #salt
14:40 bhosmer joined #salt
14:40 mohae joined #salt
14:42 clintberry joined #salt
14:43 daemonkeeper __virtual__ returning a boolean alone does not seem to do the trick
14:43 daemonkeeper hurm
14:46 Brew joined #salt
14:46 julez joined #salt
14:51 supersheep joined #salt
14:51 ALLmightySPIFF joined #salt
14:52 spark_ joined #salt
14:59 scoates_ joined #salt
14:59 stoogenmeyer joined #salt
15:01 hasues left #salt
15:02 scoates joined #salt
15:05 otter768 joined #salt
15:07 dajones70 joined #salt
15:11 rakan joined #salt
15:11 rakan Hello everyone
15:12 quantumsummers basepi: Hi there, in using the gpg renderer with salt-ssh, it would be super nice to be able to use gpg-agent. I note that python-gnupg does support this in the GPG() constructor with use-agent (defaults to false).
15:12 rakan I've setup my master & minion on two different machines on AWS. As soon as the minion goes up, it registers it's key with the master. But the highstate doesn't get run on the minion. What can i do to debug this?
15:14 Nazzy joined #salt
15:15 favadi joined #salt
15:19 rakan joined #salt
15:19 rakan Sorry got D/C
15:19 spark joined #salt
15:20 rakan Isn't the master supposed to push highstate to the newly registered minion?
15:20 quique joined #salt
15:21 robothands not "out the box"...only if you have configured it to do so using something like reactor i think
15:22 robothands @rakan ^^
15:22 rakan oh
15:22 rakan Not sure why i had this impression that it will do that automatically
15:23 drawsmcgraw rakan: There's an option in the master config, I think it's "startup_state"
15:23 drawsmcgraw You can set that to highstate. Then all new minion will automatically run a highstate.
15:24 rakan drawsmcgraw: cool thanks!
15:24 drawsmcgraw yep!
15:25 sporkd2 salt reactor is awesome
15:28 drawsmcgraw Reactor is great. I'm really looking for some time (and an excuse) to make an engine and/or beacon.
15:28 murrdoc it needs better loggings
15:28 murrdoc but it is pretty awesome
15:29 sporkd2 +1 to logging, although shipping the master logs off to a log aggregation service helps
15:29 sporkd2 but very frustrating when you fire an event and noting happens and you have no clue
15:32 leszq joined #salt
15:37 scoates joined #salt
15:44 leszq joined #salt
15:44 zer0def joined #salt
15:45 desposo joined #salt
15:48 scoates_ joined #salt
15:50 scoates_ joined #salt
15:50 clintberry1 joined #salt
15:50 froztbyte is there anyone around that knows the jinja renderer fairly well?
15:51 murrdoc i know it more than fairly well
15:51 murrdoc therefore i wont be able to help
15:51 murrdoc sorry
15:51 murrdoc *snicker*
15:51 froztbyte I'm trying to get a handle on whether I'm heading in the right direction with this thing
15:51 froztbyte murrdoc: haha
15:51 froztbyte okay, well. here's the deal
15:52 froztbyte I have some things in pillar
15:52 ALLmightySPIFF joined #salt
15:52 murrdoc things in pillars
15:52 murrdoc got it
15:52 icarus joined #salt
15:53 froztbyte so I've got foo.a and foo.b; the idea behind them is that they should be composable (so foo.b and foo.b should be able to co-exist on a given target)
15:53 froztbyte within foo.a and foo.b, I set some kv-pair type things (although some is a bit more tree-like, not just KV pairs all the way)
15:54 froztbyte I then want to end up able to write this out as json, in the end
15:54 froztbyte I was trying to make this work by way of an admittedly hairy template
15:55 froztbyte in that I would loop as much as possible, then try a {% load_yaml as bar %}...variable interpolation for final syntax here...{% endload %}
15:55 danlsgiga joined #salt
15:57 froztbyte after this step, I add `bar` to a toplevel dict container (which looks like `for x in foo: container[x] = bar_as_loadyaml_result`), and then finally {{ container | json }}
15:57 XenophonF left #salt
15:57 froztbyte now, a) this feels over-complicated and fiddly, b) I don't think `load_yaml` actually does what I hope it might
15:57 tvinson how can i write a state to do some actions if a particular package is installed? i don't want salt to install this package on boxes where it's not already present.
15:58 froztbyte the load_yaml tag seems to return Markup: https://github.com/saltstack/salt/blob/561d7b72bb8bb0d5fa5c4395db12425f27c26c1a/salt/utils/jinja.py#L384
15:58 froztbyte whereas I hoped it would give me a dict or something
15:58 froztbyte should I just write an execution module and do all this stuff in there?
15:58 froztbyte murrdoc: ^
15:58 ikarus joined #salt
15:59 darknight87 joined #salt
16:00 froztbyte tvinson: a couple of states have an `unless`/`onlyif` type of clause which you could perhaps abuse
16:00 mou joined #salt
16:00 murrdoc so u are trying to make a file ?
16:00 murrdoc does file.accumulate not work ?
16:01 murrdoc load_yaml returns a dict btw
16:01 murrdoc so does load_json
16:01 froztbyte murrdoc: yes, a json file. I'm setting environment-specific variables and options in pillar; each of these forms a component part of a json file
16:02 * froztbyte looks whether accumulate can work for this
16:02 froztbyte nah, doesn't look like that'll work :(
16:02 froztbyte because json is stupid :(
16:03 murrdoc ok
16:03 froztbyte if I could feed this other system yaml, my life would be so easy
16:03 murrdoc you know u can import_json too
16:03 murrdoc so state 1 could write the json it needs to
16:03 sgargan_ joined #salt
16:03 favadi joined #salt
16:03 froztbyte the problem is that I'm not getting json out, so I think my container dict ends up being empty
16:04 froztbyte which is why I was wondering whether my load_yaml adventures are a problem
16:04 ajw0100 joined #salt
16:04 froztbyte ah, yup... so earlier I tried a show_full_context, and indeed: 'container': {},
16:05 sgargan seems likethey are pretty new so maybe this hasn’t been fully baked yet, but how would you go about sync’ing an engine to a minion or the master
16:05 froztbyte so I'm not managing to populate my container correctly
16:06 murrdoc interesting
16:06 tvinson froztbyte: thanks, that looks like it works. got all lost looking at requisite.
16:06 froztbyte murrdoc: so I've tried this:
16:07 froztbyte {%-     set container[{{ process }}] = defn %}
16:07 lowfive joined #salt
16:07 froztbyte (where defn is the result of load_yaml stuff)
16:07 froztbyte and also:
16:07 ALLmightySPIFF joined #salt
16:07 froztbyte {%-     set container = salt.updict.setter(container, process, defn) %}
16:07 writtenoff joined #salt
16:08 edrocks joined #salt
16:08 froztbyte where updict.setter looks like: _d[key] = value; return _d
16:08 KyleG joined #salt
16:08 KyleG joined #salt
16:09 perfectsine joined #salt
16:10 zz_lowfive joined #salt
16:10 ageorgop joined #salt
16:11 lowfive joined #salt
16:12 lowfive left #salt
16:14 lowfive joined #salt
16:15 theologian joined #salt
16:16 danlsgiga Hi all... I'm trying to manage a way to run a batch in salt. I have a cluster with 6 nginx servers and I need to restart the service in one node at a time. But I wan't salt to stop if the nginx fails to restart in any node.
16:16 supersheep joined #salt
16:17 danlsgiga I saw the --failhard option for salt, but it doesnt seem to be working
16:17 danlsgiga so... salt 'prx*' -b 1 --failhard cmd.run "systemctl restart nginx"
16:18 danlsgiga It is not failing hard when the nginx service fails to restart
16:20 danlsgiga Any ideas?
16:20 KyleG Sounds like what you really need is a staging environment so you can test your configs/changes...
16:21 danlsgiga KyleG: Not at all. For some reason, nginx may fail to restart due to file descriptors in lock state
16:22 danlsgiga KyleG: I just want a way to manage the batch execution in a way that I can stop at the first execution failure in order to not have my whole cluster down
16:23 Ahlee definitely a reasonable request
16:23 stoogenmeyer joined #salt
16:23 KyleG Well, if these are 6 different servers, why would all of them suffer from the same problems?
16:23 froztbyte murrdoc: muh, I give up on this for the day; I think my load-yaml stuff is failing :(
16:23 KyleG Seems like you may actually do yourself more harm by stopping and not restarting the rest, and since you're doing it one at a time your cluster is technically not down
16:24 Ahlee danlsgiga: looks like you need to set failhard in the master config
16:24 Ahlee http://docs.saltstack.com/en/latest/ref/states/failhard.html#global-failhard
16:24 danlsgiga KyleG: I'm doing it one at a time, but if it fails in all nodes, the cluster will be down
16:25 danlsgiga Ahlee: But I don't want a global failhard
16:25 danlsgiga I want to failhard only in the batch execution
16:26 danlsgiga That's what --failhard in the salt command is supposed to do
16:26 danlsgiga --failhard            Stop batch execution upon first "bad" return
16:27 leszq joined #salt
16:28 snarfy^ joined #salt
16:30 ndrei joined #salt
16:31 Ahlee then it sounds like you found a bug
16:31 Ahlee if nobody else pipes up soon, i'd recommend filing an issue at github
16:31 giantlock joined #salt
16:33 mapu joined #salt
16:33 FeatherKing joined #salt
16:35 druonysus joined #salt
16:35 druonysus joined #salt
16:35 froztbyte murrdoc: I take that back; I stepped every single bit of the logic now and found my problem
16:35 froztbyte also: yay my insane plan works woooooo
16:35 danlsgiga Ahlee: Sure, I'll wait for other feedbacks then submit a bug
16:36 jimklo joined #salt
16:38 spookah joined #salt
16:38 murrdoc froztbyte:  you are welcome
16:38 murrdoc (not that i did anything)
16:39 vstoniest how can I call a jinja renderer on a specific file from the commandline?
16:46 froztbyte murrdoc: you cleared up uncertainty about one function
16:46 murrdoc its what i do
16:47 murrdoc murrdocy-won-kenobi
16:51 froztbyte :)
16:54 forrest joined #salt
17:01 thekabal joined #salt
17:01 thekabal left #salt
17:02 thekabal joined #salt
17:02 thekabal I have a grain match (if ‘-aa’ in grains[‘fqdn’]), but I want it to be more selective, so its more like if the grains[‘fqdn’] matches *-aa*[1-2]’. How would that look in an if statement in an init.sls file?
17:03 snarfy^ joined #salt
17:03 supersheep joined #salt
17:05 spark__ joined #salt
17:05 otter768 joined #salt
17:09 aparsons joined #salt
17:10 sgargan_ joined #salt
17:17 arnoldB_ is it possible to set a batch size for salt-cloud in prallel mode?
17:17 arnoldB_ I'm just DDoSing linode..
17:17 arnoldB_ any my own salt-cloud VM
17:21 Gareth morning morning
17:21 keimlink joined #salt
17:22 travisfischer joined #salt
17:22 arnoldB_ baammm. OOM killer
17:24 arnoldB_ okay, there is already a feature request: https://github.com/saltstack/salt/issues/18257
17:26 markm joined #salt
17:26 thekabal I have a grain match (if ‘-aa’ in grains[‘fqdn’]), but I want it to be more selective, so its more like if the grains[‘fqdn’] matches *-aa*[1-2]’. How would that look in an if statement in an init.sls file?
17:27 clintl joined #salt
17:29 aparsons joined #salt
17:31 arnoldB_ alright pool_size in /etc/salt/cloud seems to be working
17:31 subsignal joined #salt
17:33 clintl hello! I'm try to use gpg renderer (have renderer: jinja | yaml | gpg in master), but get "unknown yaml render error" from the pillar with the pgp message. I can load the sls file/data in python with yaml no problem
17:34 clintl what could be the issue?
17:35 aw110f joined #salt
17:42 danlsgiga left #salt
17:47 clintl left #salt
17:47 aparsons joined #salt
17:48 AlexStraunoff joined #salt
17:49 Fiber^ joined #salt
17:51 denys joined #salt
17:52 P0bailey joined #salt
17:52 P0bailey joined #salt
17:58 dendazen joined #salt
17:59 dendazen Is it possible to remove files in directory with the glob and file.removed state?
17:59 spark_ joined #salt
18:00 thekabal I have a grain match (if ‘-aa’ in grains[‘fqdn’]), but I want it to be more selective, so its more like if the grains[‘fqdn’] matches *-aa*[1-2]’. How would that look in an if statement in an init.sls file?
18:00 pravka joined #salt
18:02 dopesong joined #salt
18:07 napsterX joined #salt
18:12 CF519745 joined #salt
18:14 vexati0n next project: use SaltStack to replace the entire QA team so I don't have to sit through their insufferable presentations about how awesome their spreadsheets are.
18:15 babilen Aren't they?
18:16 mou joined #salt
18:16 leszq joined #salt
18:17 vaspiros joined #salt
18:20 aparsons joined #salt
18:24 dopesong joined #salt
18:26 supersheep joined #salt
18:28 evilrob joined #salt
18:29 baweaver joined #salt
18:29 giantlock joined #salt
18:33 Nazca__ joined #salt
18:34 baweaver joined #salt
18:36 arif-ali joined #salt
18:38 arif-ali joined #salt
18:38 evilrob I'm trying to use jinja to give me a random ordered list of nameservers.  I'm trying this: https://paste.ee/p/qPrgF but the for loop isn't doing anything.
18:40 nyx_ joined #salt
18:42 ajw0100 joined #salt
18:45 aea joined #salt
18:58 RabidCicada joined #salt
18:59 baweaver joined #salt
19:00 voileux joined #salt
19:06 otter768 joined #salt
19:06 evilrob I ended up doing this https://paste.ee/p/y25F0
19:07 evilrob is there a better way?
19:15 snarfy^ joined #salt
19:18 primechuck joined #salt
19:21 tomh- joined #salt
19:23 quique joined #salt
19:25 DammitJim joined #salt
19:27 pcn How do I test for true and false in a jinja template?
19:27 pcn == True or == "True" or what?
19:27 murrdoc {% if blah %}
19:27 murrdoc {% if not blah %}
19:27 pcn OK
19:28 s_kunk joined #salt
19:29 pcn So jinja can't give me {% if foo is True %}?
19:29 ajw0100 joined #salt
19:31 murrdoc nope
19:31 murrdoc its the python way
19:31 murrdoc ==
19:32 pcn I've always thought of "is" as the slightly more type-safe python way
19:32 pcn E.g. if not matches on None
19:34 MatthewsFace joined #salt
19:34 spark_ joined #salt
19:37 timoguin pcn: http://blog.lerner.co.il/why-you-should-almost-never-use-is-in-python/
19:37 timoguin was just reading that yesterday. :)
19:39 ajw0100 joined #salt
19:40 pcn Totally disagree with the premise - using "is" with integers is clearly insane, but for None, True, and False it's really useful.
19:42 rm_jorge joined #salt
19:43 timoguin I use it for None, which the article says is fine.
19:44 timoguin For true/false I just do "if foo" or "if not foo"
19:45 MatthewsFace joined #salt
19:47 ericof joined #salt
19:48 wendall911 joined #salt
19:51 ajw0100 joined #salt
20:02 pcn Yeah, but "if foo" succeeds if it's a list with items.  If you want to check for True, and not other values, it's going to lie to you (if you want anything truthy, it's fine)
20:07 thekabal joined #salt
20:07 thekabal Is there a way to do nodegroup matching in an init.sls, or only in a top file?
20:09 ALLmightySPIFF joined #salt
20:09 leszq_ joined #salt
20:11 aea joined #salt
20:16 markm joined #salt
20:19 bhosmer joined #salt
20:21 emaninpa joined #salt
20:24 thekabal Anyone?
20:27 perfectsine joined #salt
20:36 MatthewsFace joined #salt
20:37 AdobeTom joined #salt
20:37 vaspiros joined #salt
20:40 AdobeTom If I had grains for a minion like roles: - role1 - role2 -role3 and I wanted to only set a variable in the pillar data if it matched a specific role, how would you go about doing that?  I've tried just about everything I can think of and it doesn't seem to be working. For example, {% if grains['roles:role1'] is defined %} and {% if grains['roles'] in ['role1'] %} and simply just {% if grains['roles:consul-master']  %}  to no avail.  I
20:42 forrest joined #salt
20:42 Emantor AdobeTom: {% if grains.get['roles'] contains 'role1' %}
20:44 Emantor wait, thats wrong, sorry
20:44 Emantor {% if 'role1' in grains['roles'] %}
20:45 giantlock joined #salt
20:49 AdobeTom let me try that
20:49 AdobeTom that make sense though looking at it
20:51 emaninpa joined #salt
20:56 AdobeTom hmm, still doesn't seem to be working.  Is there a good way to see debug output during template rendering of pillar files?
20:59 juanito joined #salt
21:01 lowfive left #salt
21:02 clintberry1 joined #salt
21:02 JoeHazzers joined #salt
21:04 dendazen joined #salt
21:06 soren joined #salt
21:07 otter768 joined #salt
21:07 furrowedbrow joined #salt
21:10 ndrei joined #salt
21:10 ALLmightySPIFF joined #salt
21:16 murrdoc joined #salt
21:18 aea joined #salt
21:22 spark_ joined #salt
21:23 vaspiros joined #salt
21:24 ericof joined #salt
21:29 furrowedbrow left #salt
21:30 baweaver joined #salt
21:30 furrowedbrow joined #salt
21:31 ndrei joined #salt
21:34 furrowedbrow left #salt
21:34 furrowedbrow joined #salt
21:35 baweaver joined #salt
21:35 Nazzy joined #salt
21:36 bhosmer joined #salt
21:42 metastasize joined #salt
21:45 metastasize I am trying to get my minions to use a custom returner to send every job they run back to my custom backend, however after setting return: myreturner in the minion config I am not getting anything back
21:47 metastasize Just wondering if this is the correct method for having a minion send data about it's jobs
21:50 dendazen joined #salt
21:52 juanito joined #salt
21:58 FeatherKing joined #salt
22:03 FeatherKing joined #salt
22:04 edrocks joined #salt
22:19 adelcast left #salt
22:21 geekatcmu OK, I'm apparently wandering into the areas where dragons live.
22:22 geekatcmu I'm writing up some states with pyobjects, because they seem to work without making me cry.
22:22 geekatcmu Or so I thought.
22:22 murrdoc :)
22:22 geekatcmu However, I need to reference some other locally written states that are done in Jinja.
22:23 geekatcmu Because of that, there are no pyobjects definitions for dealing with them, so I'm kind of back to having to jinja them.
22:23 geekatcmu But, I need to import map data that's written with pybjects, and that doesn't seem to be working.
22:24 geekatcmu So, tl;dr: is there a way to import pyobject-based maps into Jinja states?
22:31 supersheep joined #salt
22:34 pravka joined #salt
22:43 vstoniest joined #salt
22:45 Deevolution joined #salt
22:55 otter768 joined #salt
22:57 utahnix joined #salt
22:58 aw110f joined #salt
23:06 cheus joined #salt
23:08 cheus Can anyone confirm / deny that `config.get()` does not pick up included (eg, `.d`) config files? Trying to determine if this is a bug, a fluke, or intended behavior.
23:10 bfoxwell joined #salt
23:12 dendazen joined #salt
23:12 ALLmightySPIFF joined #salt
23:12 napsterX joined #salt
23:12 JoeHazzers joined #salt
23:14 DrParoXysm joined #salt
23:14 Nazca__ joined #salt
23:17 hrumph_ joined #salt
23:18 MatthewsFace joined #salt
23:19 baweaver joined #salt
23:26 aw110f joined #salt
23:27 nethershaw joined #salt
23:28 FeatherKing joined #salt
23:30 FeatherKing joined #salt
23:32 nethershaw joined #salt
23:34 aea joined #salt
23:35 nethershaw joined #salt
23:39 hrumph_ yo
23:40 hrumph_ i am plannign on deploying salt and my first usage is to gather inventory. someone here suggested use of the salt mine, but is there any benefit to using the mine when there's no benefit to publicising the data to the minions?
23:42 debian112 joined #salt
23:43 sgargan joined #salt
23:43 whytewolf hrumph_: if the only thing you are doing is inventory. i would say no. mine is more for allowing minions to talk to each other. if you are gathering all the data onto the master then just create custom grains that pull any data you need.
23:43 hrumph_ whytewolf, yes that's what i would think. i just wanted it confirmed so i didn't find i was missing out on something good
23:45 hrumph_ my initial plan is just to write a module that does the inventory (using a lot of grain data) then call the module with local.cmd or local.cmd_async and process the data putting in a postrgresql db
23:46 hrumph_ usiong a bunch of grain data + other stuff maybe using powershell because there's a lot of powershell scripts already avaialble to do what i want to do
23:47 hrumph_ then i don't want to use returners because the minions aren't secured so i can't have the db's credentials being on the minions
23:47 hrumph_ does this sound like an appropriate method?
23:49 whytewolf I would say make everything custom grains. that way no matter what happens on the minion you can just salt'*' grains.items and get a list on the master. taking the minions out of everything.
23:50 hrumph_ whytewolf, i'm also extracting data that changes after the minions boot up (just windows installed software listings) so i don't think i can use grains for that
23:50 hrumph_ i'm more than happy to use grains for hardware inventory
23:51 sgargan I’ve been trying to setup a new saltenv and have 2 in my file roots dev and test, I have a dev sections in my pillar and root top files which match my minion. I can retrieve the pillars for the minion but when I run a high state it complains that ‘No Top file or external nodes data matches found’
23:51 sgargan anyone have an idea what might be up here?
23:52 whytewolf ahh. yeah hrumph_
23:52 Nazzy joined #salt
23:52 sgargan i don’t have a base env specified in either top file
23:52 hrumph_ whytewolf, am i misunderstanding something?
23:52 whytewolf hrumph_: nope. sounds like you have an idea
23:53 hrumph_ ok great
23:53 hrumph_ i'm on track. i'm realy close to my boss greenlighting salt deployment. this is just the beginning. soon we'll move more and more into the minion management side
23:54 whytewolf sgargan: add -l debug to your salt command it might give more detail
23:56 sgargan i see it reading the salt config twice, but nothing out of the ordinary other than that
23:56 whytewolf is it actually finding your top.sls?
23:57 sgargan the minion does complain ‘Could not find file from saltenv 'base', 'salt://top.sls'
23:57 sgargan even though the env is no longer base
23:59 sgargan the correct pillars are getting applied to the minion so it would seem the paths are ok

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary