Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2015-11-06

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:00 whytewolf ldelossa: salt '*' cmd.run 'echo {{ salt.pillar.get("rabbitmq:users")[0]}}' template=jinja outputs {username: tmpchq_user, vhosts: [tmpchq], password: RvdeXurQ, permissions: ".*" ".*" ".*"}
00:00 whytewolf and alt '*' cmd.run 'echo {{ salt.pillar.get("rabbitmq:users")[1]}}' template=jinja outputs {username: test, password: test}
00:02 ldelossa do this as a remote execution?
00:03 whytewolf ldelossa: thats what I was doing. just to replicate your datastructure. and make sure i wasn't talking out of my ass
00:03 ldelossa okay that does work so the structure is fine
00:03 ldelossa now I need to place it into a for loop, and  extract
00:04 ldelossa So I acn just do a set
00:04 whytewolf okay. what exectly are you trying to do with the for loop?
00:04 whytewolf are you trying to get both users setup?
00:04 cpattonj_ joined #salt
00:05 ldelossa yes,so basically 'for each user, extract username, put into username vairable, extract password, put into password variable, and use these variables to render the correct rabbitmqctl command '
00:06 whytewolf ... but you have one stanza here. are you trying to create a single cmd.run that runs for both users?
00:06 ldelossa for each user, run that command
00:06 whytewolf what is the end result you expect?
00:06 whytewolf okay.
00:07 ldelossa I see what you're saying here.
00:07 ldelossa well my idea was that the cmd.run literal text would ahve two rabbitmqctl commands
00:07 ldelossa one after the other
00:07 ldelossa once that for loop is finished
00:09 whytewolf ldelossa: that would be bad juju. you would need to erperate the commands [a new line just wouldn't work right]
00:09 nofxrok joined #salt
00:09 ldelossa gotchya
00:09 whytewolf ldelossa: https://gist.github.com/whytewolf/0c8945e7fa34d8bacfe6 try something more like this.
00:09 ajw0100 joined #salt
00:10 ldelossa okay let me try this
00:10 whytewolf I'm not 100% so might be some error.
00:12 zsoftich1 joined #salt
00:12 bluenemo joined #salt
00:12 whatapain to ICELAND!
00:13 whytewolf now, some tricks if that does work for you. you can't really require that since the state id is generated on the fly, so if you need to have those be watched or required. you need to use require_in and watch_in in those states.
00:15 whytewolf also. any reason you have to use cmd.run and not say rabbitmq_user.present?
00:15 whytewolf [i might have missed some conversation earlyer]
00:16 ldelossa there's freaking rabbitmq module?!?!
00:16 ldelossa -_-
00:16 ldelossa I'm going home
00:16 ldelossa but dude, thank you this did work
00:17 ldelossa I needed to see that anyway tho
00:17 whytewolf lol. no problem
00:17 ldelossa I had no idea how to access dictionary keys from a variable declared in a for loop
00:17 whytewolf it is pretty pythony the way it works :P
00:17 ldelossa yeah not bad at all
00:17 ldelossa just had to see it, I'm super visual
00:18 ldelossa alright everyone have a great night
00:18 whytewolf ldelossa: also you might want to start looking through this list https://docs.saltstack.com/en/latest/salt-modindex.html there might be a ton that you are using cmd.run for that has built in modules
00:18 whytewolf have a good one
00:18 ldelossa You know what, I keep that up in a pinned tab
00:18 ldelossa all the time
00:18 ldelossa and then realize, I never look at my pinned tabs
00:18 ldelossa hahah
00:18 ldelossa peace out
00:20 ajw0100_ joined #salt
00:21 baweaver joined #salt
00:29 HappySlappy joined #salt
00:36 zzzirk joined #salt
00:37 cpattonj joined #salt
00:39 tracphil joined #salt
00:39 zsoftich1 joined #salt
00:46 mehakkahlon joined #salt
00:49 flebel joined #salt
01:02 lumtnman joined #salt
01:02 thefish joined #salt
01:02 zsoftich1 joined #salt
01:06 breakingmatter joined #salt
01:10 big_area left #salt
01:20 justanotheruser joined #salt
01:20 otter768 joined #salt
01:21 freelock ok. mostly moved my configs over from dockerio to dockerng, but hitting two issues (one the reason I wanted to switch...)
01:21 freelock 1. labels -- whenever I add a labels block to a dockerng.running state, I get this:
01:22 freelock Comment: The following arguments are invalid: labels
01:22 freelock it appears to ignore the config and proceed, but marks the state as failed.
01:23 freelock 2. port_bindings -- when I try to bind to a port on the host, again it appears to succeed, but throws a much bigger error
01:23 freelock Comment: Failed to apply configuration for the following parameters: port_bindings
01:23 freelock both of these cause the containers to get recreated on highstate...
01:24 freelock the label does not get applied to the container, but the port_bindings actually succeed
01:26 lumtnman joined #salt
01:30 freelock anybody hit this, with dockerng?
01:35 pirulo joined #salt
01:36 thayne joined #salt
01:39 aaron_ joined #salt
01:40 mosen havent tried dockerng yet but hope its better :)
01:40 aaron_ hello, is it possible to specify the python version when creating a "virtualenv state" in saltstack?  I'd like to use python 3.4.  Thanks
01:40 ekristen joined #salt
01:42 freelock ok, it looks like the port_bindings doesn't like it when you specify an ip address of 0.0.0.0
01:42 freelock works if I just specify the ports
01:43 aaron_ Can I specify a Python 3.4 virtualenv when using "salt.states.virtualenv.managed" ?
01:44 fsteinel joined #salt
01:44 freelock still no joy on labels, though, the one thing I was looking to dockerng for ;-)
01:44 pirulo does anyone had used returners to feed into a mysql db. I need to send data from grains into my db..
01:45 zmalone joined #salt
01:46 hemebond aaron_: managed can accept a python parameter by the looks of it.
01:46 hemebond You might be able to give that the path to the python executable you want to use.
01:47 hemebond It's undocumented so have a look at the source code for the state.
01:48 aaron_ ok @hemebond.  thank you. will do!
01:51 falenn joined #salt
01:57 otter768 joined #salt
02:00 spuds52 joined #salt
02:02 cilkay joined #salt
02:04 zzzirk_ joined #salt
02:07 zzzirk joined #salt
02:09 falenn joined #salt
02:12 lumtnman joined #salt
02:13 furrowedbrow joined #salt
02:15 PeterO joined #salt
02:21 racooper joined #salt
02:33 breakingmatter joined #salt
02:41 catpig joined #salt
02:42 aw110f joined #salt
02:46 evle joined #salt
02:48 ilbot3 joined #salt
02:48 Topic for #salt is now Welcome to #salt | 2015.8.1 is the latest | Please use https://gist.github.com for code, don't paste directly into the channel | Please be patient when asking questions as we are volunteers and may not have immediate answers | Channel logs are available at http://irclog.perlgeek.de/salt/
02:50 _JZ_ joined #salt
02:51 nofxrok joined #salt
02:52 catpigger joined #salt
02:54 gwechoweiwei joined #salt
02:54 gwechoweiwei hello
03:06 edrocks joined #salt
03:11 favadi joined #salt
03:22 otter768 joined #salt
03:31 jhujhiti joined #salt
03:33 hasues joined #salt
03:33 hasues left #salt
03:37 ageorgop joined #salt
03:48 malinoff joined #salt
03:52 dyasny joined #salt
04:04 hasues joined #salt
04:19 pyropoptrt joined #salt
04:22 zzzirk_ joined #salt
04:30 ITChap joined #salt
04:31 rdas joined #salt
04:32 N-Mi joined #salt
04:48 baweaver joined #salt
04:49 lemur joined #salt
04:50 enigma99a joined #salt
04:51 zzzirk joined #salt
04:57 mehakkahlon joined #salt
05:03 subsignal joined #salt
05:03 aparsons joined #salt
05:05 zzzirk_ joined #salt
05:17 kitplumm_ joined #salt
05:24 hasues left #salt
05:32 anmolb joined #salt
05:32 aidalgol Do I need to do anything to make salt:// URLs work for minions?
05:32 hemebond aidalgol: You need a master.
05:34 aidalgol hemebond: I mean after that.  I have a master set up and I'm trying to get a Windows software repository set up.
05:35 hemebond Oh. I recommend just using Chocolatey.
05:35 hemebond There is a module/state for it and it's much easier that trying to setup and manage a Salt Windows repo.
05:35 hemebond I think the Windows repo thing might also be going away (not sure)
05:36 aidalgol Chocolatey doesn't appear to have states, though, and I need to pin an old version of a package that's not available in Chocolatey.
05:37 favadi joined #salt
05:38 aidalgol Although Chocolatey probably has some way to install from a local repo.  The main reason I went for a Salt Windows repo is because the Chocolatey module doesn't provide an "installed" state.
05:38 hemebond Hmm, I thought it did. Maybe I didn't test that far.
05:39 hemebond What problem are you having with the Windows repo?
05:39 hemebond salt:// URLs just point to the file_roots path
05:39 aidalgol I get "Unable to locate package" back from the minion when I try to install a package.
05:40 hemebond So you've got /srv/salt/win/repo/blah ?
05:40 aidalgol I've set log_level on the minion to 'debug', but that still just says the same thing in its log file.
05:40 aidalgol yep
05:41 aidalgol run winrepo.genrepo on the master, run pkg.refresh_db on the minion
05:42 hemebond Can I see your software state?
05:43 aidalgol I'm not using a state file, just running `salt minion pkg.install foo`
05:44 hemebond I mean  the SLS file for the repo softwre.
05:44 hemebond e.g., /srv/salt/win/repo/firefox/init.sls
05:45 stanchan joined #salt
05:45 aidalgol hemebond: http://paste.debian.net/325152/
05:47 hemebond Try doing a sync_all while I go over this.
05:48 aidalgol OK, that didn't take long.
05:48 hemebond So you're going `salt minion pkg.install nodejs'?
05:49 aidalgol yep
05:49 aidalgol (I also tried 'Node.js' in place of 'nodejs')
05:49 hemebond I don't think I have a Windows minion to test with anymore.
05:50 hemebond pkg.list_pkgs work?
05:51 aidalgol Yes, but that's for listing what's already installed on a minion, isn't it?
05:52 hemebond yip
05:53 hemebond I'm just installing salt-minion on a Windows VM.
05:54 aidalgol thanks!
05:58 hemebond Okay cool. Looks like I have to go through all the steps for the repo. This should be a good test.
06:07 hemebond Windows VM is doing... something.
06:07 hemebond I just told it to refresh_db but I'm not sure if it's still syncing...
06:08 hemebond I think it's still refreshing. Nothing returned yet.
06:13 aidalgol Are you just using the 'salt-winrepo' git repository of packages?
06:14 hemebond I'm not using a Git anything for this master.
06:14 aidalgol How many packages then?
06:14 hemebond I have seven defined.
06:15 aidalgol OK, that's not a huge number.  I wonder what it's doing...
06:15 hemebond I think it was a red herring.
06:15 hemebond It's still doing stupid stuff but the refresh_db has finished and didn't return anything (I thought it would)
06:16 hemebond `salt windows pkg.install 7zip`
06:16 hemebond Unable to locate package 7zip
06:16 aidalgol yay, it's not just me!
06:17 hemebond Wait... My path doesn't match default.
06:18 hemebond Oop, config option has changed./
06:19 hemebond Wait...huh, it's changed a bit since I last used it.
06:20 impi joined #salt
06:24 linjan joined #salt
06:30 otter768 joined #salt
06:31 hemebond Yeah, something broken here.
06:33 hemebond Going AFK for a bit. Back soon. But something is broken. Need to check to see if others have this problem.
06:33 aidalgol I think I've found a bug in the npm module, too (on Windows): it's not installing globally by default, even though that's what it's supposed to be doing.
06:36 breakingmatter joined #salt
06:38 tiadobatima joined #salt
06:43 aidalgol OK, I'm off for the day.  Thank you very much for looking into this, hemebond.
06:45 scarcry joined #salt
06:46 felskrone joined #salt
06:50 ramteid joined #salt
06:52 tiadobatima joined #salt
06:54 malinoff joined #salt
06:59 auzty joined #salt
07:06 denys joined #salt
07:06 colttt joined #salt
07:10 Kurisutian joined #salt
07:16 Lionel_Debroux joined #salt
07:16 bhosmer_ joined #salt
07:25 AndreasLutro joined #salt
07:26 yuhlw joined #salt
07:27 Kurisutian Hi there! Can anyone help me to clarify something with the salt minion config I'm currently struggeling with. I want to have the salt minion run as a non-root user but also include a config file which can be edited by the non-root user. Problem is: If this user adds the 'user: root' to his config, the minion runs as root which I don't want to allow (for various reasons). Is this actually a bug or a wanted behaviour?
07:34 AndreasLutro Kurisutian: probably not something that'll get "fixed" at least
07:35 Kurisutian AndreasLutro: So this is actually something wanted, that the included config files do not extend the main config but can overwrite anything in there?
07:36 freelock joined #salt
07:36 AndreasLutro that concept applies to pretty much all linux packages with config files, not just salt
07:36 KermitTheFragger joined #salt
07:37 hemebond What use is a minion that can't control the server?
07:37 AndreasLutro my advice would be to drop the idea of non-root editing the config
07:39 jaybocc2 joined #salt
07:40 Furao joined #salt
07:43 Kurisutian AndreasLutro: Yes, that is right now the current way. I actually just wanted it to enable the user to define grains himself. So not a big loss but just something I noticed... Same goes for the Master btw. but here it does not matter running as root as the minion is the executing part and running the Master as root does not change anything on the system, am I correct?
07:44 hemebond Yes, everything is executed on the minion.
07:44 AndreasLutro Kurisutian: there should be a dedicated grains config file you could give permissions on
07:44 hemebond You can't send commands the other way (minion -> master)
07:45 ajw0100 joined #salt
07:51 Kurisutian AndreasLutro: If the user adds "user: root" to this file doesn't it do the same and overwrites the user from the main config?
07:52 Kurisutian hemebond: thankf for the clarification of this. So this is actually a way I could go on with this...
07:54 AndreasLutro Kurisutian: it'd just add the grain "user", not overwrite the minion config
07:55 AndreasLutro but like I said it needs to be the specific grains config file
07:55 AndreasLutro I don't remember the path for this file, look it up
07:55 Kurisutian OK, so there is a distinct file which does not represent an extension to the config? I wasn't aware of that
07:58 rubendv joined #salt
08:05 scc joined #salt
08:13 eseyman joined #salt
08:13 slav0nic joined #salt
08:23 MeltedLux joined #salt
08:25 nkuttler hrm, i moved my entire salt config to another host, but the minions insist that "The Salt Master server's public key did not authenticate". the /etc/salt/pki/master/master* files are the same though. any suggestions?
08:26 rosafi joined #salt
08:27 retr0h joined #salt
08:29 rosafi Hello, I'd like to know if there is a way to make the execution of a top.sls file run in a specifici order.
08:30 kawa2014 joined #salt
08:31 otter768 joined #salt
08:31 nkuttler ah, never mind..
08:32 nkuttler rosafi: you can order states. the sls files are just config, not "run"
08:34 anmol joined #salt
08:35 rosafi Yes, I have no problem ordering states within a single state file with require statements. But I'd like to make the top.sls file using the other state files to respect the order that I've put them in.
08:36 impi joined #salt
08:37 Rumbles joined #salt
08:37 breakingmatter joined #salt
08:38 ggoZ joined #salt
08:39 rosafi an example of the top file http://paste.tn/index.php?show=5114
08:40 jaybocc2 joined #salt
08:40 hoonetorg hi
08:41 hoonetorg is there a way to get the environment as a pillar or grains variable
08:41 hoonetorg to use it in a jinja template
08:41 hoonetorg ???
08:41 larsfronius joined #salt
08:42 opdude joined #salt
08:43 CeBe joined #salt
08:43 ubikite joined #salt
08:47 hemebond rosafi: Are they not being executed in the order you have them listed?
08:47 hemebond hoonetorg: The environment?
08:48 rosafi homebond: they are executed in a random order
08:48 AndreasLutro rosafi: no, you have to use requires to control the order
08:48 AndreasLutro or - order: 0/last
08:49 rosafi I didn't think I can user require statements in a top.sls file
08:49 MeltedLux joined #salt
08:50 AndreasLutro no, I mean inside the individual sls files
08:51 hoonetorg homebond: yes
08:51 rosafi I know, that's not my problem.. My problem is that state files listed in a top.sls like this one http://paste.tn/index.php?show=5114 don't get executed following the specified order
08:51 slav0nic_ joined #salt
08:52 hoonetorg homebond: or is there a built-in variable
08:52 hoonetorg homebond: like basepathsls
08:52 hemebond hoonetorg: You're going to have to be more specific about what you mean by "environment". Are you referring to specific environment variables?
08:53 hoonetorg so i hv  multiple environments
08:53 AndreasLutro rosafi again, you have to use requires to control order of states
08:53 hemebond "basepathsls" returned zero results on Google.
08:53 hoonetorg base (which i don't use ) , dev and prod
08:53 hemebond rosafi: You have to specify dependencies in the states themselves.
08:53 hemebond hoonetorg: Are you talking about the Salt master configuration?
08:54 hemebond Such as the directory path to the base directory?
08:54 hoonetorg yes, ahem kind of
08:54 hemebond If you want to access a file, you use the salt:// URLs.
08:55 hemebond This goes to the state directory.
08:55 hemebond What is it you're trying to do?
08:55 losh joined #salt
08:56 hoonetorg f.e. finding out if a file exists on fileserver
08:56 hoonetorg : {% if salt['cp.list_master'](environment).count( basepathsls + '/files/keys/' + cluster + '/' + cluster + '.client.admin.keyring') != 0 %}
08:56 hoonetorg environment is currently set manually from a pillar
08:56 hoonetorg : {% set environment = salt['pillar.get']('environment')-%}
08:57 hemebond Environment is pretty much transparent. They get merged. e.g., I have base+dbp and base+test and base+something
08:57 hoonetorg i asked myself if the name of the environment isn't available somewhere as a variable
08:57 hemebond Hmm. It might be available.
08:57 AndreasLutro I think I found that {{ salt.environment }} worked at some point
08:58 AndreasLutro but could be misremembering
08:58 hemebond You can actually have the Jinja template spit out the entire context.
08:58 hoonetorg AndreasLutro: will try, give me 5 minutes
08:58 hemebond You might already have checked there.
09:01 hoonetorg Rendering SLS 'os_example_org:ceph.conf.getconf.getadminkeyring' failed: Jinja variable 'salt.utils.templates.AliasedLoader object' has no attribute 'environment'
09:02 hoonetorg seems not
09:02 ericof joined #salt
09:02 hoonetorg isn't there a way to list all built-in variables
09:02 AndreasLutro there is a pillar
09:02 AndreasLutro master:environment
09:02 AndreasLutro but it's None in my setup
09:02 AndreasLutro other than that, can't find anything
09:05 hoonetorg and from some version on master pillar must be enabled
09:05 hoonetorg disabled by default
09:08 thalleralexander joined #salt
09:15 thayne joined #salt
09:16 ITChap joined #salt
09:16 thefish joined #salt
09:17 Xevian joined #salt
09:24 tvalentim joined #salt
09:25 tvalentim left #salt
09:25 s_kunk joined #salt
09:27 manu____ joined #salt
09:29 manu____ nagios-nrpe-server:   pkg.installed:     - require:       - pkg: nagios-plugins       - pkg: nagios-plugins-contrib  nagios-plugins:   pkg.installed:     - require:       - pkg: nagios-plugins-contrib  nagios-plugins-contrib:   pkg.installed:     - install_recommends: False i have written this state file to install nagios-nrpe and nagios-plugins but i don
09:29 manu____ *but i don't see nagios plugins being installed not sure if my state file has a issue
09:35 tvalentim joined #salt
09:37 slav0nic joined #salt
09:39 zerthimon joined #salt
09:40 jaybocc2 joined #salt
09:42 anmol joined #salt
09:43 colegatron joined #salt
09:49 larsfronius joined #salt
09:50 amcorreia joined #salt
09:51 GreatSnoopy joined #salt
09:55 fredvd joined #salt
09:58 ITChap joined #salt
10:02 viq joined #salt
10:03 MadHatter42 joined #salt
10:03 babilen manu____: Mind using one of http://refheap.com, http://paste.debian.net, https://gist.github.com, http://sprunge.us, http://dpaste.de, … and showing the entire state *and* your output? I'd also like to mention https://github.com/saltstack-formulas/nagios-formula if you don't feel like maintaining your own states
10:04 MeltedLux joined #salt
10:06 MadsRC joined #salt
10:07 thefish joined #salt
10:11 markm joined #salt
10:20 malinoff_ joined #salt
10:20 manu____ Thanks. I did try using the github nagios-formula but we had issues with ruby.. some of the dependencies were pulling in ruby1.9 but our environment is on greater versions.. state: http://paste.debian.net/325424/
10:21 tawm04 joined #salt
10:24 babilen manu____: What happens when you apply that state? Are you sure the requirements are alright as it might very well be that there is a dependency chain between, say, nagios-nrpe-server and nagios-plugins
10:29 Phtes joined #salt
10:30 felskrone1 joined #salt
10:32 otter768 joined #salt
10:33 manu____ after applying this state nagios-nrpe-server is installed and other dependencies are installed as well. but when i install nagios-plugins i should see the plugins under nagios/plugins directory but i don't see any!
10:34 Furao joined #salt
10:37 slav0nic joined #salt
10:39 breakingmatter joined #salt
10:39 Rumbles joined #salt
10:41 jaybocc2 joined #salt
10:55 N-Mi_ joined #salt
11:11 traph joined #salt
11:12 babilen manu____: Which distribution is that? Has the package been installed?
11:13 sacha joined #salt
11:15 rubenb Hi, is it possible to perfom a 'ls'-like command with salt-call to see which files are on the (master) fileserver roots?
11:16 traph which part of the framework is best to use to create additional more specific configuration for a file?
11:17 traph something non-standard for specific minions
11:18 rubenb In one file?
11:20 traph rubenb, it can be, yes - a file.blockreplace. the question is where is best to store the target-specific section.
11:20 rubenb You can store it in the sls that creates the file.
11:21 rubenb With some {% if 'specificserver' in grains['tags'] %} file.blockreplace {%endif%} around it
11:22 traph in that case that would get the states to be long and unreadable
11:23 traph ideally the state should be a standard one with configuration stored elsewhere
11:25 AndreasLutro traph: file.blockreplace has a source arg
11:27 mortis_ did anyone try to use dynamic environments in the salt state top.sls? we're using gitfs and want to be able to let newly created branches in the repo match their own branch without the need to specify the name anywhere
11:28 mortis_ instead of prod,qa,dev ...match on something like {{ myexternalpillar["branch"] }}
11:38 Zytox joined #salt
11:42 babilen rubenb: https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.cp.html#salt.modules.cp.list_master
11:42 jaybocc2 joined #salt
11:49 babilen traph: I use something like: http://paste.debian.net/325522/ quite often
11:49 babilen This would be even nicer with a jinja filter for dictupdate.update as discussed in https://github.com/saltstack/salt/pull/28235 and https://github.com/saltstack/salt/issues/28236
11:59 yidhra_ joined #salt
12:01 giantlock joined #salt
12:01 LotR I'm starting to use pillarstack, and letting it merge pillar snippets that I define for grains/roles/minion id/etc
12:05 LotR so if I have two apps that use a postgres db, I define e.g. a role for each in the pillar, and then define their users/acl/databases in seperate pillarstack files, and pillarstack merges those together into a complete pillar for the postgres formula
12:05 MadHatter42 joined #salt
12:10 slav0nic joined #salt
12:11 MeltedLux joined #salt
12:13 zerthimon joined #salt
12:14 kawa2014 joined #salt
12:16 zerthimon joined #salt
12:16 saltuser joined #salt
12:18 rubenb babilen: Thanks!
12:20 saltuser Gurus, please recommend some kind of tool or method to document implemented local sls files. I'm in a point where overview starts get pretty foggy. Users are complaining :)
12:21 saltuser Perhaps something that gathers comments from sls-es and creates docs on-the-fly ot something
12:24 thalleralexander joined #salt
12:26 ernetas joined #salt
12:26 ernetas Hey guys.
12:26 DammitJim joined #salt
12:27 breakingmatter joined #salt
12:28 ernetas Is there a way to ensure a minimum version of package is installed?
12:28 ernetas Without onlyif, obviously.
12:30 opdude @ernetas from the docs "Additionally, ebuild, pacman and zypper support the <, <=, >=, and > operators for more control over what versions will be installed. "
12:32 otter768 joined #salt
12:34 rotbeard joined #salt
12:38 elsmo joined #salt
12:43 jaybocc2 joined #salt
12:45 Tyrm joined #salt
12:51 thalleralexander joined #salt
12:55 bmcorser joined #salt
12:55 bmcorser can i access salt modules from a runner?
12:55 bmcorser minion_temp = client.cmd(minion, 'temp.file')
12:56 bmcorser i get "Module 'temp' is not available."
12:56 bmcorser presumably becaise temp.file is not a state and client.cmd runs states, not modules?
12:59 MadHatter42 joined #salt
13:02 breakingmatter joined #salt
13:05 bmcorser (oh snap, temp.file was new in 2015.8)
13:05 amcorreia joined #salt
13:11 falenn joined #salt
13:12 mehakkahlon joined #salt
13:15 evle joined #salt
13:15 bastion1704 joined #salt
13:18 giantlock joined #salt
13:18 bhosmer joined #salt
13:18 mik__R joined #salt
13:24 inad922 joined #salt
13:26 mik__R joined #salt
13:33 thalleralexander joined #salt
13:37 anmol joined #salt
13:37 numkem joined #salt
13:39 quix joined #salt
13:40 morissette joined #salt
13:43 jaybocc2 joined #salt
13:44 subsignal joined #salt
13:47 Shirkdog joined #salt
13:51 mortis_ if a minion matches two or more envs in the top-file, is it anyway to force it to only use the first one it matches?
13:51 mortis_ sounds silly i know, but in this case its not :)
13:51 David_B55 joined #salt
13:52 mortis_ env_order can shuffle it around, but it still matches both
13:52 JDiPierro joined #salt
13:52 falenn joined #salt
13:53 mortis_ thing is, with gitfs as backend, we're matching on "dev" as environment, which works fine ... but we want to be able to match any new branch created and let a minion run against that exact branch by setting an external pillar
13:54 mortis_ but what happens then, is that it matches dev and also the branch
13:54 mortis_ so we get the conflicts :)
14:00 furrowedbrow joined #salt
14:00 joshin joined #salt
14:01 thefish joined #salt
14:16 mapu joined #salt
14:16 ziro` joined #salt
14:17 ziro` so I'm going through the journey of trying to automate my infrastructure and I've got an issue with trying to establish a secure vpn -- namely how to manage and deploy certificates to boxes
14:17 ziro` which I guess actually is an issue of deploying and managing secrets on a saltmaster
14:18 ziro` for example, for each machine I add to the network needs a key generating, this would then need deploying via salt master
14:18 ziro` but then how do I keep these keys safe in the event I need to rebuild my salt master...
14:21 MadHatter42 joined #salt
14:22 perfectsine joined #salt
14:23 ldelossa joined #salt
14:23 ldelossa Hey guys, you think anyone could help me out with this? http://stackoverflow.com/questions/33560304/saltstack-nested-if-statement-in-jinja
14:24 ldelossa It's a fictitious task just so I can get better with yaml and jinja unpacking.
14:24 Eugene joined #salt
14:24 ekristen joined #salt
14:26 Phil-Work joined #salt
14:26 cpowell joined #salt
14:26 thayne joined #salt
14:26 AndreasLutro ldelossa: you sure that's the correct state name? it should cause a jinja render error
14:27 AndreasLutro ldelossa oh nevermind, I misread something
14:28 bhosmer joined #salt
14:29 Phil-Work what's the best practice for version control on the salt files (states, pillars, files, etc.)?
14:29 Phil-Work do people just do the edits on the salt master server, highstate and test on the minions and then git commit?
14:30 ldelossa Phil - that's what I do right now,I have a local salt master on my machine which I pull my /srv/ directory down
14:31 Mate we deploy separate saltmasters for development, which use local clones of the git repos
14:31 ldelossa I then do my testing on docker containers/vms until I'm happy
14:31 AndreasLutro ldelossa: replied
14:31 ldelossa and then I git push back up
14:31 Mate while the "production" is useing gitfs
14:31 ldelossa and pull back down on my production master
14:31 ldelossa Mate, that's my next step in deployment
14:31 ldelossa to get my configuration files backed by a git repo
14:32 ldelossa does salt get notified when the backing git repo is updated?
14:32 ldelossa and automatically push the new config on highstate?
14:32 ldelossa Andreas, thank you let me take al ook
14:33 mik__R joined #salt
14:33 otter768 joined #salt
14:34 Phil-Work ldelossa, what is the infrastructure that you test against?
14:34 Phil-Work a dev environment with replicas of all the production services?
14:35 Mate gitfs driver polls by default
14:35 Mate but no highstate is called
14:36 vieira_ joined #salt
14:37 vieira_ Hello, I have some packages where the source is a deb. Is there anyway for highstate to trigger a installation when the deb changes?
14:38 mik__R joined #salt
14:38 winsalt joined #salt
14:41 TooLmaN joined #salt
14:42 bastion1704 good day, can we use unless in reactor with local.cmd.run ?
14:44 jaybocc2 joined #salt
14:47 ldelossa Hey Andreas, did you mean your code to be a drop in replacement for what I had
14:47 babilen vieira_: no
14:47 babilen vieira_: Configure an actual repository to host your packages
14:49 AndreasLutro ldelossa: more or less yeah
14:49 ldelossa I still get an issue with unpacking the structure
14:50 ldelossa Rendering SLS 'base:rabbitmq.install_exp' failed: Jinja variable 'dict object' has no attribute 'permissions'
14:50 AndreasLutro well that's a separate problem
14:50 ldelossa wait wait
14:50 ldelossa hold on
14:51 rm_jorge joined #salt
14:53 liskl joined #salt
14:53 ldelossa yeah it does work pillar issues
14:53 ldelossa but would you mind, just running me through the flow here?
14:54 AndreasLutro which bits specifically?
14:54 zmalone joined #salt
14:54 ldelossa basically I'm having trouble understanding why I need items()
14:54 ldelossa at the end ofthe first for loop
14:54 darix if you are using salt master with gitfs, will it still need a scheduled state.highstate to deploy the changes, or will it run "event based" like when ever something in git changes?
14:54 ldelossa IS that just takingthe entire rest of the object andplacing it in an array
14:55 AndreasLutro ldelossa: are you familiar with python?
14:55 ldelossa I am
14:55 ldelossa and I unpacked it in python without much issues
14:55 ldelossa but this is throwing me off a little
14:56 ldelossa items() dumps out to a tuple of items
14:56 ldelossa a list of tuples
14:56 ldelossa corresponding to the dictionary items
14:56 AndreasLutro that is correct
14:56 AndreasLutro ldelossa: https://bpaste.net/show/a078b5d0f0e5
14:56 babilen darix: The former
14:56 AndreasLutro if you omit items() you can only iterate over they dictionary values, you need items() if you want the key as well
14:57 darix hm
14:57 btorch_ is there a better way to test/force a minion to authenticate ? I have one that can ping the master but keeps on "ERROR   ] Attempt to authenticate with the salt master failed" ... both minion and master have logs in debug, but I don't see anything on the master related to authentication attempt
14:57 babilen darix: Would you really want to schedule 1001 highstates, just because you return from a train journey and are pushing your changes? ;)
14:58 darix babilen: sure
14:59 babilen darix: Really?
14:59 ldelossa So do I not think of this like object notation ? In my code I was assuming' {% for vhost in salt['pillar.get']('rabbitmq:vhosts') %} ' okay now I'm in my first vhost item = tmpchq, at THIS point I was thinking now I need to do {% for items in salt['pillar.get']('rabbitmq:vhosts:tmpchq').items() %} which would put all the subsequent structure into 'items' variable
14:59 murrdoc joined #salt
14:59 babilen darix: I'd prefer to run a single highstate
14:59 darix babilen: well the gitfs code will probably not run every second
14:59 AndreasLutro ldelossa: that works fine too, but you have a bit of unnecessary code duplication which my suggestion gets rid of
15:00 darix so i would assume 100commits will be found let's say after 1 minute and then trigger 1 highstate
15:00 hasues joined #salt
15:01 ldelossa I would agree Adreas, just trying to get this all under my belt
15:01 ldelossa thanks for your help
15:01 hasues left #salt
15:05 andrew_v joined #salt
15:07 bhosmer joined #salt
15:07 jdubski joined #salt
15:09 yidhra_ joined #salt
15:13 pdayton joined #salt
15:14 lumtnman joined #salt
15:16 _JZ_ joined #salt
15:17 _JZ_ joined #salt
15:17 lumtnman joined #salt
15:18 ldelossa Wow Adreas, I totally get it now
15:18 ldelossa the first .items is just pretty much giving me a dictionary, but in a tuple form
15:18 pdayton joined #salt
15:19 ldelossa so I can iter of it's pieces
15:19 quix joined #salt
15:19 ldelossa http://blog.trello.com/wp-content/uploads/2015/05/tim-and-eric-mind-blown.gif
15:20 AndreasLutro great ldelossa :D
15:26 clintberry joined #salt
15:26 Seanie joined #salt
15:27 mpanetta joined #salt
15:28 Seanie How do you set a grain with mine.send?
15:30 felskrone joined #salt
15:38 lumtnman joined #salt
15:39 murrdoc same way u get any other thing
15:39 murrdoc grains.get is a module
15:39 int joined #salt
15:39 murrdoc so module.run: - grains.get - name: murrdocislazy
15:45 jaybocc2 joined #salt
15:45 ldelossa In yaml, how can I create a dictionary which contains a list of lists?
15:47 int hello! could anyone help with user configuration with salt? i have several users and several servers, some users should be added on all servers, some other users - only on some servers, also groups for same user can be different on differen servers. how can i achive that?
15:47 Seanie sminion.functions['mine.send']('grains.get','role:zion')
15:47 ldelossa Hey int, I have a blog post about installing specific packages to specific machines maybe you can adapt this thinking to users: ldelossa.wordpress.com
15:48 ldelossa It's very basic andgoes over pillar and state relationship
15:48 Brew joined #salt
15:49 whytewolf Seanie: what exactly are you trying to do? mine.send is for setting up mine_functions. not grains.
15:51 Seanie I am trying to setup a rabbitmq cluster. So you need a master and slave setup. I have set grains like 'rabbitmq:slave' 'rabbitmq:master'. So when I'm executing a state I need to be able to check which minion the master is and which minion the slave is.
15:52 Seanie So basically check a minions grains from another minion.
15:52 babilen int: I typically use the users-formula and then just target boxes with suitable pillars. If you want to get fancy you could write an execution module that implements sensible minion id parsing into semantically meaningful parts and target pillars by that.
15:52 ldelossa Would that be easier to do using the ochrestration system Seanie?
15:52 ldelossa orchestration*
15:52 whytewolf Seanie: okay. so the grains are already setup. you need mine.get from the other minion
15:52 whytewolf setup your mine_functions in pillar
15:52 babilen int: So i have something like "'foo*-bar': - users.babilen"
15:52 Seanie Globally target yeah
15:52 whytewolf much easier
15:53 Seanie interfaces = caller.sminion.functions['mine.get']('*', 'grains.get','role:zion', 'glob')
15:53 Seanie interfaces = caller.sminion.functions['mine.get']('*', 'grains.get role', 'glob')????
15:54 int ldelossa: thx, i saw you filter package list with grains
15:55 ldelossa Yeah it's not exactly what you're trying to do, but should give you a hint
15:55 whytewolf Seanie: globally. why not just target the grain that you want to get the info from? salt['mine.get']('G@rabbitmq:slave','network_ipaddr',expr_form='compound')
15:55 ldelossa I'm still very much learning this stuff.
15:55 sunkist joined #salt
15:56 babilen ldelossa: Keep in mind that you can't trust your grains as they are under the control of the minion
15:56 int babilen: i guess you mean i can have users.sls for every group of servers, right? but then i'll had to duplicate some users in several files. can i avoid it somehow? i want to have one dict that declares all my users details, and then somehow say "add user foo with groups [bar, bla] on servers 'web-*'
15:56 babilen (if that's an important aspect for you)
15:57 babilen int: I have a single SLS per user and simply assign them to servers as I see fit.
15:57 ldelossa Thank you babilen
15:57 ldelossa could I do a remote execution call instead pulling the os type from the minion?
15:57 babilen int: Pillars are being merged, so I use "users: foo: .." in one SLS and "users: bar: .." in another and the resulting one will have both.
15:58 techblaze joined #salt
15:58 ldelossa babilen, I thought there is no merging of pillars?
15:59 ldelossa I can't merge my packages from my base set into a more defined set down the heirarchy
15:59 babilen ldelossa: https://docs.saltstack.com/en/latest/ref/configuration/master.html#pillar-source-merging-strategy
15:59 int babilen: hmm, can i override groups in this case? i mean user foo should have groups [bla] on server-a, and [bla, sudo] on server-b
15:59 babilen int: Depending on what?
16:00 babilen int: But in that case you could just merge in the group (sub-)pillar list for a subset of boxes
16:00 int babilen: on server name (or role or something else)
16:01 Seanie whytewolf it still returns a empty result.
16:01 whytewolf Seanie: do you have mines setup?
16:01 whytewolf Seanie: are you trying to pull data in pillar?
16:02 Seanie In a python script.
16:02 yuhlw joined #salt
16:02 ldelossa whoah this merging strategy setting is completely newsto me
16:02 whytewolf Seanie: python script on the minions or master?
16:02 Seanie Min
16:02 denys joined #salt
16:03 babilen int: You could also use that logic in your pillar (if grains['id'] in [list, of, sudo_ids] ...), but I prefer to simply define a "base" user to which I add (read: deep merge) additional pillars. The resulting pillar (i.e. user configuration) is therefore a combination of multiple sub-pillars
16:03 whytewolf do you have pillar data setup for the minions for mine_functions
16:03 ldelossa Babilen, would this essentially let me have a commonpackages.sls which is applied to a'*' minions, then a rabbitmqpacakges.sls which is applied to 'client01p' and now client01p's pillar will have both the packages from common and rabbitmq merged into one pillar structure?
16:03 ldelossa as long as name spaces stay the same
16:03 Seanie http://pastebin.com/7mAkLJy5
16:03 babilen ldelossa: Exactly .. note that you need the deep merging ability (for merging of lists) in newer salt released
16:03 babilen *releases
16:04 whytewolf Seanie: your python script doesn't cover everything. you need the minions setup to build the mine data that needs to be pulled.
16:04 ldelossa So I brought this up before and i was told it's still in development
16:04 ldelossa simple list merging
16:05 Seanie I thought I could use mine.send to setup the mine
16:05 ldelossa https://github.com/saltstack/salt/issues/3991
16:05 whytewolf Seanie: kind of. mine.send needs to be targeted at the minion that you are going to gather data on. you putting it in your python script only sets that minion up
16:05 ldelossa so we can do this on the dev realses of salt?
16:06 babilen ldelossa: https://github.com/saltstack/salt/blob/develop/salt/utils/dictupdate.py#L69
16:06 whytewolf might as well just do the standard mine_function pillar data.
16:06 babilen (I backported that into my infrastructure .. not sure which version has it, but I mostly don't need list mergein)
16:06 Seanie How would I do that though thats why I was asking how I couldsetup
16:06 Ch3LL joined #salt
16:06 Seanie Grain via .send
16:06 whytewolf forget .send
16:06 babilen I hate Python for its stupid handling of collection that doesn't allow for unified collection access/merging
16:07 ldelossa Thanks for pointing this out, where's the best place to find out what version list merging is now supported in
16:07 ldelossa it's a pretty big feature to me
16:07 ldelossa small shop, but lots of variations
16:08 whytewolf Seanie: mine.send only operates on the minion you are running it on.
16:08 mullein joined #salt
16:09 babilen ldelossa: It's in current 2015.8 HEAD
16:09 Brew joined #salt
16:09 ldelossa thanks!
16:11 babilen ldelossa: Commit is 4af5b5c (and others), it'll probably make it into .2
16:11 sdm24 joined #salt
16:12 whytewolf Seanie: mine.send(func='grains.get',arg='role') on all minions. then you need to force the update of the mine data
16:12 sk_0 joined #salt
16:12 ldelossa awesomeee
16:13 ldelossa that's a huge win for me, right now everytime I add a package to my base .sls I need to update all my more specific packages.sls
16:13 whytewolf Seanie: you are better off just setting up mine data through pillar. it is easier. and less problematic. and since mine data isn't pulled right away in your python script you would never see results
16:16 SoggyDingus joined #salt
16:20 Seanie Hey whyte I got the idea from this formula.
16:20 illern_ joined #salt
16:21 dthom91 joined #salt
16:22 PeterO_ joined #salt
16:23 Seanie I am writing it in a sls file its just I can't see whats returned by the mine functions when I do a highstate.
16:23 Seanie Check out https://github.com/saltstack-formulas/zookeeper-formula/blob/master/zookeeper/settings.sls
16:23 Seanie Check out https://github.com/saltstack-formulas/zookeeper-formula/blob/master/zookeeper/settings.sls
16:23 Seanie Oops
16:24 Seanie You can see they use a mine.send to generate a list of machines that are part of the cluster using a grain.
16:25 josuebrunel joined #salt
16:27 Striki joined #salt
16:28 whytewolf Seanie: read the readme. they say right there that you already have to have the mine_functions already setup. the mine.send is just to kind of force the update
16:28 gwmngilfen joined #salt
16:29 drawsmcgraw joined #salt
16:30 whytewolf Seanie: https://github.com/saltstack-formulas/zookeeper-formula#zookeeper-role-and-salt-minion-configuration
16:30 int babilen: so it seems i need to wait for that "deep merge" feature, and just copypaste users for now
16:31 Brew joined #salt
16:32 zzzirk joined #salt
16:33 aphor int: how do you know which users need which groups on which servers?
16:33 nidr0x joined #salt
16:34 otter768 joined #salt
16:36 int aphor: that's almost static list, ie user-bla supports service on server-foo and so he has account and can sudo on that server. but he has simple account (without sudo) on server-bar and don't have account on all other servers
16:38 int aphor: i guess i know how to add users to specific servers only, but i have no idea how to add same user foo with different groups list on different servers
16:40 jaybocc2 joined #salt
16:41 larsfronius joined #salt
16:49 JDiPierro joined #salt
16:49 Fiber^ joined #salt
16:51 Seanie Thanks whyte, I'll see can i figure it ou
16:54 Guest8780 joined #salt
16:54 furrowedbrow joined #salt
16:55 Brew joined #salt
16:56 pcdummy joined #salt
16:56 Guest8780 Hi there! How to print value of variable from sls to stdout?
16:58 malinoff joined #salt
17:00 tiadobatima joined #salt
17:00 quix_ joined #salt
17:02 quix__ joined #salt
17:05 ageorgop joined #salt
17:06 int i wonder, can state.highstate test=True show only changed items?
17:07 ggoZ joined #salt
17:07 Bryson joined #salt
17:09 baweaver joined #salt
17:11 int i'll answer myself: --state-output=changes
17:13 winsalt anyone here use libnacl? I installed it with pip, but trying to run nacl.keygen throws back "'nacl' __virtual__ returned False: libnacl import error, perhaps missing python libnacl package"
17:13 sunkist1 joined #salt
17:14 Ahlee iggy: Thanks for your input yesterday. I just replicated what you were talking about RE: multi master and cached values. deal breaker :(
17:15 larsfronius joined #salt
17:18 baweaver joined #salt
17:20 jalbretsen joined #salt
17:20 thalleralexander joined #salt
17:22 netcho joined #salt
17:24 szhem joined #salt
17:24 nidr0x_ joined #salt
17:26 nidr0x joined #salt
17:26 timoguin joined #salt
17:26 aphor int: maybe you want to create users from one pillar, but each service has admins, so each service gets a pillar listing admins.
17:27 writtenoff joined #salt
17:27 aphor int: then you need your services to include/require a state that adds the admins from the correct pillar?
17:28 aphor int: yours is a data representation problem.
17:28 aphor int: if you have the user/role assignments somewhere in a database, maybe this is a good case for a custom pillar written in python?
17:31 int aphor: yeah, i thought about custom python pillar, but i think i'll try to configure other things, and then will come back to that later, thanks!
17:32 dthom91 joined #salt
17:33 sdm24 Guest8780: Do you mean to print a variable as the return message of a state when it runs?
17:34 sdm24 https://docs.saltstack.com/en/latest/ref/states/all/salt.states.test.html use that and set the comment to {{ yourvar }}
17:35 bhosmer joined #salt
17:36 aparsons joined #salt
17:40 NotBobDole_ joined #salt
17:40 KyleG joined #salt
17:40 KyleG joined #salt
17:42 thefish joined #salt
17:44 JDiPierro joined #salt
17:45 yetAnotherZero joined #salt
17:47 XenophonF joined #salt
17:47 XenophonF hi all - what are some of the different ways people use salt environments?
17:47 XenophonF i use them to separate dev/test/prod
17:47 XenophonF but i could imagine someone else having one environment per customer
17:47 whytewolf I don't use them at all
17:47 JDiPierro Yeah I don't use them either.
17:48 XenophonF huh, really?
17:48 winsalt me either
17:48 whytewolf I find them a pain in the backside to get setup. and limited in functionality
17:49 whytewolf I have though about using them as a seperation between my openstack server setup and the instences inside of the same stack. but just never got a round to it.
17:50 tiadobatima joined #salt
17:54 Rumbles joined #salt
17:56 XenophonF left #salt
17:56 XenophonF joined #salt
17:56 XenophonF thanks for the feedback, all
17:56 XenophonF am trying to explain salt to some friends of mine
17:56 winsalt i like the idea of having a master per environment more anywya
17:57 XenophonF i kind of immediately went to using environments as phases in the software testing cycle, but i figured there were other ways to do it
17:57 sdm24 XenonphonF: Before I used gitfs (now our envs are testing, dev, prod), I had local file_root environments for Linux and Windows, since some of our states had the same .sls file names
17:58 sdm24 So if a windows minion and linux minion had the same service set in pillar, the linux one would run linux.<service>, while the windows ran windows.<service>, which had different commands
18:00 sdm24 And in the top.sls, I had "base: '*': {{ grains['os']|lower}}.networkcheck, which would make sure that the network settings were correct for each minion. For linux and windows, these steps obviously differed
18:00 sdm24 err {{ grains['kernel']|lower }}, but you get the idea
18:01 XenophonF sure, that makes sense
18:02 techblaze joined #salt
18:03 debian112 joined #salt
18:03 aphor XenophonF: environments + gitfs will force you to use something other than master for your mainline
18:04 aphor XenophonF: salt uses master for the base environment, which isn't allowed to have the same states as base.
18:04 Corey So what are people doing for testing Salt states?
18:07 aphor Corey: separate masters is a popular way to do it.
18:07 sdm24 Corey: when its something I have no idea what/how to structure it: I start in /srv/salt/teststate.sls on our test minion, so we can quickly and easily make edits. Once I get the correct output I want, I upload it to the "testing" environment on gitfs, for version control if I make huge changes. Our testing master.minions are not connected to our main environment, so after testing works, I put it on dev, to run on some dev machines in t
18:08 sdm24 once that works, I put it in master branch on gitfs, and it enters production
18:08 winsalt alternatively you can import the salt modules right into python and use a regular testing framework
18:09 sdm24 the "trick" is that we have our fileserver_backend set to roots first, then gitfs, so if I have a testing file with the same name/location as a file in git, the master will load the local file first, so I don't need to change any salt:// locations going from local to git
18:10 sdm24 but of course you gotta make sure the highstate or another state doesn't use the testing file accidentally
18:11 denys joined #salt
18:14 racooper joined #salt
18:15 larsfronius joined #salt
18:16 bhosmer joined #salt
18:19 quix joined #salt
18:19 ldelossa Hey guy, if a state file is asking for a dictionary object, and I place a dictionary object form a pillar inside a variable with set, can I simply use that variable where the state expects a dict?
18:20 ldelossa I'm having a hard time coming up with a pillar structure for https://docs.saltstack.com/en/latest/ref/states/all/salt.states.rabbitmq_user.html
18:20 ldelossa I wind up going into multiple for loops
18:20 ldelossa to extract my vhosts from a list
18:21 ldelossa which is further imbedded in a larger structure
18:21 ldelossa http://hastebin.com/itaboyuciz.sm
18:21 ldelossa thats my pillar
18:21 ldelossa I would need to run a for loop on "vhosts" but I would do that in the middle of the state declaration which I don't think is great practice
18:24 whytewolf it isn't bad practice.
18:26 whytewolf ldelossa: is vhosts your tags?
18:26 gladiatr joined #salt
18:26 ldelossa yeah ['vhosts'] should dump out a list of vhosts
18:28 iggy Ahlee: from what I understand, they are working on it... but I have no more insight than you do
18:30 ldelossa whytewolf: so I was going to do my permissions when I declared the vhost but the rabbitmq modules look like it want you to create the vhost first, then at your user delcartion, define their relationship to the vhosts
18:30 ldelossa so that second "vhosts" section in the pillar could probably go away
18:31 Ahlee iggy: taking bets on if proper clustering gets wrapped behind enterprise
18:32 scbunn joined #salt
18:32 iggy I would expect no as some of the work will probably be done by !SSE peeps
18:33 a_ghost_irl joined #salt
18:33 scbunn anybody have a link to documents {{ sls }} and {{ slspath }} ?
18:33 iggy code
18:33 traph joined #salt
18:35 dthom91 joined #salt
18:35 otter768 joined #salt
18:35 trph joined #salt
18:37 Ahlee iggy: https://github.com/saltstack/salt/issues/27446#issuecomment-143862791
18:37 Ahlee Interesting.
18:37 timoguin joined #salt
18:44 ldelossa whytewolf: I just resorted to doing it with my own cmd.run and the data structure you saw
18:44 ldelossa seems to work fine
18:44 whytewolf okay, what ever works for you :P
18:44 ldelossa I'd like to know how to do it more systematically
18:45 ldelossa but I suck at unpacking this stuff, it's converting things to tuples that throws me in a loop
18:45 winsalt if you feel like yaml is too restricting, you can always write states in python
18:45 ldelossa I saw that too, but I didn't see much documentation on it, like the man pages dont' ecen exlain what the config dict is doing in the examples
18:46 ldelossa It's more just me never working with really embedded data structs
18:47 winsalt the docs are kinda sparse, but the config dict is literally just what gets returned by a yaml state
18:48 ldelossa I'll have to start digging into it, Ifeel like I would have a lot easier time just writing pythong states
18:48 ldelossa any on github I can reference that you know of?
18:49 winsalt i didnt find a lot, i just went off the docs.  There is also another renderer called pyobjects that I like even more
18:50 ldelossa this is more documented that .py
18:50 ldelossa I'll check this out thank you
18:51 SaltySnack joined #salt
18:51 SaltySnack hello
18:51 SaltySnack i am trying to use file.replace and am running into some trouble
18:51 josuebrunel joined #salt
18:51 SaltySnack i want to replace %sudo   ALL=(ALL:ALL) ALL with %sudo   ALL=(ALL:ALL) NOPASSWD:ALL
18:51 SaltySnack perhaps i need to escape some characters?
18:51 SaltySnack because it's not replacing the text
18:52 SaltySnack right now i have - pattern: "%sudo   ALL=(ALL:ALL) ALL"
18:52 SaltySnack - repl: "%sudo      ALL=(ALL) NOPASSWD:ALL"
18:52 dthom91 joined #salt
18:53 cromagnon_man joined #salt
18:54 ldelossa probably dump question here winsalt, if you use a different render you can still you jinja right
18:55 zmalone SaltySnack: sudoers is a classic problem in salt, due to the colon.  Are you getting an error to go with it?  I wouldn't expect a problem, given that you have no space after the colon.
18:56 winsalt yeah ldelossa
18:56 giantlock joined #salt
18:57 winsalt you can have the shebang look like #!jinja|pyobjects
18:57 winsalt and it will process jinja first, then pyobjects
18:57 mapu joined #salt
18:57 thayne joined #salt
18:57 * geekatcmu does that
18:58 forrest joined #salt
18:59 Rumbles joined #salt
18:59 lionel joined #salt
19:00 hal58th_ SaltySnack can you use the pipe "|" for content for pattern and repl?
19:03 ajw0100 joined #salt
19:03 dd_ joined #salt
19:04 jaybocc2 joined #salt
19:04 bluenemo joined #salt
19:04 dd_ ?
19:04 dd_ left #salt
19:06 XenophonF left #salt
19:09 jaybocc2 joined #salt
19:10 stupidnic Wondering if somebody can help me understand how to approach this particular issue. I have some value that I want to generate if it doesn't exist within a group of machines and then store that so the other machines can access it when they need to.
19:11 dthom91 joined #salt
19:11 stupidnic I figure I can use mine for that, but I am not sure how to get the data into the mine or trigger it to populate the data if it is empty
19:14 SaltySnacks joined #salt
19:14 SaltySnacks is there any way to set an EC2 AWS tag from within salt-cloud without using the CLI?
19:14 SaltySnacks salt-cloud -a set_tags mymachine tag1=somestuff tag2='Other stuff'
19:14 SaltySnacks i want that in a state SLS file after the instance is created
19:16 dthom91 joined #salt
19:16 woodtablet joined #salt
19:16 woodtablet when i work, i pound salt
19:18 stupidnic I actually registered that domain to do a salt related blog
19:18 drawsmcgraw joined #salt
19:18 woodtablet lol
19:18 Ahlee well, that was interesting. Do not try to share /var/spool/cache/master between two masters via nfs :)
19:18 woodtablet nice
19:20 fsteinel joined #salt
19:20 murkey anybody know why i'm getting this?
19:20 murkey salt-minion : Depends: salt-common (= 2015.8.1+ds-1) but it is not going to be installed
19:21 murkey (in vagrant setup)
19:22 dthom91 joined #salt
19:23 ubikite joined #salt
19:23 hasues joined #salt
19:23 jalbretsen joined #salt
19:29 forrest murkey, what does your vagrant file look like? Here's my example one: https://github.com/gravyboat/demo-app-2/blob/master/Vagrantfile
19:30 markm joined #salt
19:30 hasues left #salt
19:32 ageorgop joined #salt
19:33 iggy Ahlee: yeah, that would be swanky
19:36 Ahlee iggy: i'm digging through, looking for where salt handles caching now
19:37 murkey forrest: mine looks like this https://gist.github.com/anonymous/e0037aabb2e82c48fa8b
19:37 SaltySnacks how do you allow non-root users to use the salt-cloud command?
19:37 murkey worked a couple days ago
19:37 SaltySnacks or even the salt command
19:38 ajw0100 joined #salt
19:38 Ahlee iggy: this is going to be annoying as it's going to have to be encrypted to keep the netsec folks from flipping shit
19:39 tiadobatima joined #salt
19:39 forrest murkey, I'm thinking it might be releated to this: https://github.com/saltstack/salt-bootstrap/issues/681
19:40 iggy Ahlee: it's not encrypted currently
19:40 iggy Ahlee: but yeah, I think our sec guys would probably flip shit as well
19:41 Ahlee for now i'm just trying to monkey patch the function it calls to save out to redis, and read from redis
19:42 Ahlee if i see any kind of success i'll class it out and make it pluggable
19:42 zmalone iggy/Ahlee: SaltStack took care of https://github.com/saltstack/salt/issues/28455 for me last week, which may be related to your concerns
19:42 iggy not really related, but good to know
19:42 Ahlee zmalone: word
19:42 Rumbles joined #salt
19:43 iggy we're talking about shared nothing in multi-master setups
19:43 Ahlee i don't care about world readable/security
19:43 forrest SaltySnacks, https://docs.saltstack.com/en/latest/topics/eauth/access_control.html
19:43 iggy i.e. how to make grains targeting work reliably when your minions all connect to different masters
19:44 Ahlee iggy: we built a monstrosity of a cache that holds grains/pillars/states we can hit
19:44 murkey thanks forrest... i see a couple possibly related issues, maybe i'll just file a new one since none of them look exactly like what i'm seeing
19:44 Ahlee so i'm debating about just moving to using it for targetting, or if i can make this work, using it as the backend for the existing saltcache
19:44 forrest murkey, Can you try to drop -P before anything else? See if that does anything?
19:46 murkey dropping -P prevents pip from working
19:46 murkey which, as of a week ago, prevented salt from doing much of anything on ubuntu
19:46 andrew_v joined #salt
19:47 Destreyf joined #salt
19:47 forrest murkey, In that case I'd say file a new issue, and you can consider using my chunk of stable install code if you don't HAVE to pass those options to the bootstrap to at least see if things install.
19:48 forrest jfindlay, Did Rhett ever make Tom's keynote available? I don't see it on the youtube videos page.
19:48 murkey i get the same output without -P, probably doesn't even get to the pip part
19:49 forrest lame
19:49 murkey yeah something's busted. did `vagrant box update` and ran from scratch. i'll file an issue in a little bit
19:51 yetAnotherZero joined #salt
19:54 jfindlay forrest: he said that he would do it, but didn't respond.  I'll ask him again
19:54 forrest jfindlay, Cool, just pretend it's you asking and not me ;)
19:55 murkey getting somewhere over here if anyone is interested: https://github.com/saltstack/salt/issues/28371
19:56 ldelossa hey guys can anyone help me out, I'm trying to accomplish this state: https://docs.saltstack.com/en/latest/ref/states/all/salt.states.rabbitmq_user.html#module-salt.states.rabbitmq_user with this pillar and state file:  http://hastebin.com/diwavezomi.vbs
19:56 ldelossa It looks like jinja and my templating all checks out, but now I get an error as if I'm passing the wrong data struct to python
19:57 ubikite joined #salt
19:57 gimpy2938 joined #salt
19:57 ubikite joined #salt
19:58 ubikite joined #salt
20:00 flebel joined #salt
20:01 stanchan joined #salt
20:01 gimpy2938 I created a new state module but it isn't working, salt dies with KeyError of the module and function name, what am I doing wrong?   https://gist.github.com/anonymous/040a998d6c371d9ceb4c
20:02 forrest ldelossa, I'd rip out your jinja out and confirm it works without that.
20:02 ldelossa okay let me do that
20:04 techblaze joined #salt
20:04 sbogg joined #salt
20:05 GreatSnoopy joined #salt
20:09 ldelossa well forrest: you're right doesn't work without jinja either
20:10 ldelossa Think it's my yaml?
20:11 forrest ldelossa, Not sure, you're on 2015.8 right?
20:11 ldelossa yes sir
20:11 ldelossa [root@salt-master srv]# salt --version salt 2015.8.1-2437-gb8271c7 (Beryllium)
20:11 iggy gimpy2938: salt-call saltutil.sync_all
20:11 ldelossa I have pretty much everything working with cmd.run so if this is busted so be it
20:11 ldelossa I'd rather use the modules tho
20:12 forrest I'm not sure, that rabbitmq stuff is new for 2015.8. I'd suggest just to double check your syntax, and if that looks good file an issue.
20:13 cyborg-one joined #salt
20:13 ldelossa okay no worries
20:13 ldelossa thanks.
20:14 inate joined #salt
20:16 dchristensen joined #salt
20:17 gimpy2938 iggy: Same result
20:17 winsalt ldelossa are you ending the for loop too soon? it looks like perms expects a dict with key of vhost and contents of the permissions
20:18 breakingmatter joined #salt
20:18 winsalt the example in the docs might not be indented correctly
20:19 ldelossa that would be pretty different then what the documentation specifies
20:19 ldelossa it says, a list of dictionaries and tuple values
20:19 ldelossa as in both co-exist in a single list
20:19 ldelossa that's how I took it as anyway
20:20 winsalt can you try it like http://hastebin.com/elawoyuxoy.vbs
20:21 evle joined #salt
20:21 baweaver joined #salt
20:22 ldelossa sure can, one moment
20:23 ldelossa better! now I get adifferent errortho
20:23 ldelossa function_clause this is what rabbitspits back
20:23 ldelossa whe nit doesnt' like the arguments
20:23 rotbeard joined #salt
20:23 romulus_ joined #salt
20:24 murrdoc joined #salt
20:24 dthom91 joined #salt
20:24 iggy gimpy2938: do you see the module being sync'ed when you do the sync_all?
20:25 rotbeard joined #salt
20:27 hoonetorg am i right that the variable "env" contains the environment under which a template is rendered
20:27 hoonetorg ?
20:27 hoonetorg or are there cases where this will fail?
20:28 gimpy2938 iggy: If I change it, yes
20:30 thayne joined #salt
20:30 gimpy2938 iggy: Is 'name' in the returned dict something special?  I get different errors if I keep or remove it...seems like it is required but at the same time calls it an invalid keyword
20:34 techblaze joined #salt
20:36 otter768 joined #salt
20:37 ubikite joined #salt
20:37 ubikite joined #salt
20:37 ubikite joined #salt
20:38 debian112 joined #salt
20:39 ajw0100_ joined #salt
20:39 debian112 left #salt
20:40 ahl joined #salt
20:43 bhosmer joined #salt
20:45 iggy gimpy2938: the error you're getting leads me to believe it's not even getting to that point
20:45 dthom91 joined #salt
20:47 gimpy2938 iggy: Any idea what I can do t find the problem?  I can't move forward until I do but I don't see what could be the issue, I based this off a working example from another system.
20:50 gimpy2938 iggy: The minion definately is getting the state script/module/thing I made, I see it under /var/cache/salt.
20:50 techblaze joined #salt
20:52 stevednd anyone have experience using the cross calling states functionality that became available in 2015.8? I'm not sure what/how to return from my custom state.
20:54 nethershaw joined #salt
20:54 sfxandy joined #salt
20:55 sfxandy hi everyone.
20:55 sfxandy need a bit of help with configuring some inotify beacons
20:56 sfxandy when i add a single inotify beacon, it all works fine.  however whats the correct structure for specifying multiple inotify beacons i.e. on different files and.or directories that i want to monitor?
20:57 jdubski joined #salt
20:58 sfxandy or, simply can somebody kindly throw something onto github or pastebin of a simple beacon configuration to monitor two files please
21:04 whytewolf gimpy2938: on line 31 you have a typo. you put a . not a , in 'name' : name.
21:07 gimpy2938 whytewolf: uuuuuuuuuuuuuuuhhhhhhhggggggggg....thanks; wonder why it didn't just fail to compile/be interpreted, that looks like invalid Python
21:11 tiadobatima joined #salt
21:11 ubikite joined #salt
21:14 pyropoptrt joined #salt
21:16 woodtablet random pillar question: i want to make a template config file that will pull in variables from the pillars. for example apache config. I want most of the default apache setting variables to be the same across my nodes, however i want certain variables to be different if available, like ssl certs and doc roots. Anyone have an example of this ? I saw in the tutorial specifying minions to point to their one template files / variables.
21:19 HappySlappy joined #salt
21:20 RandyT Can anyone suggest a way to get the ec2 instance-id using salt?
21:20 RandyT does not appear to be in the grains
21:21 whytewolf RandyT: take a look at salt contrib. I don't know if instance-id is included. but there is a lot of grains added
21:21 whytewolf RandyT: https://github.com/saltstack/salt-contrib
21:21 RandyT trying to figure out how to do a boto_elb.register_instances: but don't seem to know this id
21:22 RandyT whytewolf: thanks, will have a look
21:24 dthom91 joined #salt
21:27 pcn RandyT: here is an ec2 grain that does have the instance id
21:27 pcn It's very useful
21:27 iggy gimpy2938: put the minion in debug mode and try to call the state
21:27 iggy oh, nvm, you found it
21:27 ubikite joined #salt
21:28 ashirogl joined #salt
21:28 RandyT pcn: thanks, was there a link to go along with your suggestion?
21:29 RandyT also, I'm not to concept of using these third party grains.. do I understand correctly that they just get dropped in _grains directory in the file_root?
21:29 RandyT s/not/new/
21:29 whytewolf RandyT: yep
21:30 ahl left #salt
21:30 whytewolf RandyT: and then you saltutil.sync_all
21:31 josue_ joined #salt
21:31 RandyT is this sync_all function something that you would run via cron or does it get run on a master restart?
21:32 whytewolf salt '*' saltutil.sync_all
21:32 RandyT understand I can run it at the command line, but wondering how folks are maintaining a master
21:33 whytewolf you could put it in a cron if you want. but really it is just for pushing out new code to the minions. not something that happens all the time
21:33 RandyT just trying to understand as I develop an environment and am maintaining it, what things I need to trigger after updates.
21:34 RandyT might be a feature request to be able to just kick the master and have that as part of the process...
21:34 RandyT :-)
21:34 whytewolf eh, really don't want another thing that slows down the whole process
21:35 tiadobatima joined #salt
21:36 whytewolf RandyT: most of the time most people just have a reactor that pulls the sync_all when a minion first starts
21:38 whytewolf RandyT: https://docs.saltstack.com/en/latest/topics/reactor/#syncing-custom-types-on-minion-start
21:39 pcn RandyT: the contrib, per whytewolf: https://github.com/saltstack/salt-contrib/blob/master/grains/ec2_info.py
21:39 debian112 joined #salt
21:39 pcn +1 again to whytewolf's links
21:40 RandyT pcn: thanks, giving it a spin now
21:40 RandyT whytewolf: now need to learn about reactor... :-)
21:40 whytewolf reactor = goodness
21:41 RandyT whytewolf: pcn: ec2_info has what I need. Thanks!
21:45 ashirogl1 joined #salt
21:47 edrocks joined #salt
21:50 pcn iggy do you know if rest_cherrypy has a cache that I can disable?  I seem to get stale responses when I keep a connection open, I'm querying the job cache and getting info about old runs...
21:51 woodtablet i think my pillar question is possible, I just wanted to make sure.  can anyone here confirm ?
21:52 elsmo joined #salt
21:52 iggy pcn: not sure, you can always check one of the other netapi interfaces
21:54 iggy woodtablet: checked out the apache formula... it might be wild overkill, but it might give you some ideas
21:54 debian112 joined #salt
21:54 falenn joined #salt
21:55 iggy woodtablet: https://github.com/SS-archive/salt-states might also be good to check out
21:59 subsignal joined #salt
22:00 woodtablet iggy: thanks! i see in the map.jinja template that the default_site_ssl is mapped to default-ssl
22:01 woodtablet iggy: but what I want to know is how to construction the pillar information. for example i want all the variables to populate in the apache template to have the same defaults. but then something like an override pillar information where it would replace only the dict entries for things like which ssl_cert to use
22:02 woodtablet iggy: or if it is possible / common practice
22:04 pcn iggy: according to #cherrypy there probably is a get+post cache.  I'm going to see if the netapi config can be used to disable it a bit later, and make my life better.
22:05 adelcast under /var/cache/salt/master there are several _key files....the .dfn is the AES key, can anyone shed some light on what are the .root_key , .SYSTEM_key and the <hostname>_key?
22:11 thayne joined #salt
22:12 iggy woodtablet: there should be a pillar.example in the formula
22:13 baweaver joined #salt
22:15 geomyidae_ joined #salt
22:15 Rumbles joined #salt
22:17 larsfronius joined #salt
22:21 woodtablet iggy - thanks. i think i am just really bad explaining what i am trying to do i am going to just play with pillars for a little bit till i understand better
22:22 techblaze joined #salt
22:27 zer0def joined #salt
22:28 viq joined #salt
22:29 msx joined #salt
22:37 otter768 joined #salt
22:37 sfxandy hi everyone
22:40 sfxandy need a bit of help with beacon configuration
22:40 sfxandy anybody got a sample config of how to implement say 3 or 4 inotify beacons?  I can;t seem to get the structure of the config right
22:41 sfxandy can do one, and it works perfectly.  adding the second seems to break it
22:52 surge__ joined #salt
22:53 surge__ What grain key does salt match against in top.sls ?
22:53 surge__ I set ‘id’ and I’m trying to match against a regex, but highstate returns nothing
22:53 sinonick joined #salt
22:53 sfxandy example code surge_
22:54 sfxandy sorry surge__
22:54 sfxandy stick it on gist.github.com
22:54 furrowedbrow joined #salt
22:55 surge__ wait,
22:55 surge__ it might be EBKAC
22:55 surge__ -_-
22:57 dthom91 joined #salt
22:58 murrdoc joined #salt
22:59 woodtablet iggy: i think i figured it out. i am just silly . thanks again!
23:00 iggy woodtablet: np, hope you get it going
23:00 surge__ sfxandy: http://pastebin.com/pQSNLxby
23:01 quix joined #salt
23:02 surge__ and the output from “salt-call —local state.highstate” Comment: No Top file or external nodes data matches found.
23:02 sfxandy so give me an example minion ID you're trying to match with that regexp?
23:02 iggy surge__: you can't override id I don't think
23:04 iggy (at the very least, you shouldn't)
23:05 sfxandy not really sure what the grains['id']= bit is trying to do - or why you're trying to do it...?
23:06 surge__ joined #salt
23:09 murrdoc joined #salt
23:10 sfxandy surge__, do you have an example minon ID that youd expect to match with that regexp?
23:13 surge__ anything from ec2 lol
23:14 surge__ I guess I can match against a different key
23:14 surge__ probably easier that way
23:18 sfxandy hmmm, should it not be 'E@^(ip?-.*)$' ?
23:18 sfxandy the E@ tells Salt you're attempting to match the minion iD using a regexp
23:18 iggy that would be for a compound match type
23:19 sfxandy ah ok
23:22 surge__ I used pcre thinking that would be enough
23:23 bluenemo joined #salt
23:24 sfxandy no i mis interpreted your code
23:25 sfxandy so you;re trying to match ip followed by any single character, followed by a dash and then pretty much anything up o the end of the minion ID?
23:27 s_kunk joined #salt
23:35 hightekvagabond joined #salt
23:37 dthom91 joined #salt
23:38 hightekvagabond I'm new to salt, just trying to copy a file up to a minion based on a grain…. I know I'm addressing the minion correctly because I can run commands on it via the grain and ping it by the grain. ie: salt -G 'dcjob:master' cmd.run 'ls /etc' works fine…. I tried using the salt-cp command and failed, and I've tried doing: salt -G 'dcjob:master' cp_cache_file salt://usr/sbin/dcmaster       where the file /usr/sbin/dcmaster exists on my salt master
23:41 iggy hightekvagabond: do you get any errors?
23:43 hightekvagabond nope
23:43 hightekvagabond it just returns with the id of the one minion that matches
23:43 RandyT can I reference a grain in a state file, or is that a pillars only thing?
23:44 stupidnic hightekvagabond: the salt:// path is relative to your master's salt directory structure typically /srv
23:44 RandyT and what is proper syntax? trying {{ grains['value'] }} is not working...
23:44 hightekvagabond thank you stupidnic, that makes a lot more sense than the other guy down the hall was saying
23:45 armyriad joined #salt
23:45 hightekvagabond our local "salt expert" said it was the file system of the master, which felt weird… what you said makes a lot of sense, I'll try that
23:45 stupidnic RandyT: you can reference a grain
23:45 Rumbles joined #salt
23:46 stupidnic you can do salt[grains.get] or just grains['foo']
23:47 cpattonj joined #salt
23:47 RandyT hmm, grains['foo'] not working for me... will dig more
23:47 RandyT {{ proper jinja, or should I be doing {% ?
23:47 stupidnic do a basic grains call against the minion and check
23:47 stupidnic depends on what you are doing
23:47 stupidnic echoing is {{ }}
23:47 RandyT I've run the grain call from command line and the value is there
23:48 stupidnic Just going into Jinja's shell is {% %}
23:48 stupidnic with - as a modifier to suppress line breaks
23:48 stupidnic so like {%- %} or {% -%}
23:49 otter768 joined #salt
23:49 stupidnic RandyT: I am using the {{ grains['lsb_distrib_codename'] }} in a pkgrepo.managed call, so I know that it works, at least on 2015.5.3 which is what my minions are running
23:51 RandyT stupidnic: at the command line, I am getting the nested value with grains.item foo:bar
23:51 stupidnic okay... and you need to reference just foo:bar?
23:51 RandyT should grains['foo:bar'] work, or does it become grains['foo']['bar']?
23:51 stupidnic the latter
23:51 stupidnic just like it is with pillar
23:52 RandyT ah, that is the issue then.
23:52 RandyT thanks
23:52 stupidnic np
23:54 ashirogl joined #salt
23:55 surge__ left #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary