Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2016-02-29

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:03 bujordan_ joined #salt
00:03 nidr0x joined #salt
00:03 bujordan_ joined #salt
00:06 tracphil joined #salt
00:07 jfelchner Eugene No I mean using it to break long commands across multiple lines using multi-line YAML strings.
00:07 jfelchner Not using it as a pipe.
00:11 shaggy_surfer joined #salt
00:13 akhter joined #salt
00:14 bujordan joined #salt
00:17 zzzirk joined #salt
00:27 bhosmer_ joined #salt
00:30 nZac joined #salt
00:38 flowstate joined #salt
00:39 tim^ joined #salt
00:41 amcorreia joined #salt
00:56 jfelchner If I wanted to get the output of executing a command on the minion and inject it into a template, what is the best way to go about that?
00:56 jfelchner Specifically `ulimit -n`
01:04 antpa joined #salt
01:09 nidr0x joined #salt
01:14 cpowell joined #salt
01:17 seblu joined #salt
01:19 CeBe joined #salt
01:20 RobertChen117 joined #salt
01:21 bhosmer_ joined #salt
01:35 nidr0x joined #salt
01:38 flowstate joined #salt
01:43 iceyao joined #salt
01:44 bujordan joined #salt
01:45 hightekvagabond joined #salt
01:48 malinoff joined #salt
01:49 joe_n joined #salt
01:55 fracklen joined #salt
02:03 mavhq joined #salt
02:03 Zachary_DuBois joined #salt
02:06 michelangelo joined #salt
02:12 iceyao joined #salt
02:13 bujordan joined #salt
02:15 bhosmer joined #salt
02:16 flowstate joined #salt
02:17 Eugene jfelchner - I mean that if you make a mistake it'll get turned into a pipe. I avoid using "reserved" characters like that
02:22 joe_n joined #salt
02:24 iceyao joined #salt
02:28 srinivas joined #salt
02:29 colin joined #salt
02:38 flowstate joined #salt
02:38 zzzirk joined #salt
02:39 akhter joined #salt
02:42 zzzirk_ joined #salt
02:46 nidr0x joined #salt
02:46 donmichelangelo joined #salt
02:46 tedski- joined #salt
02:46 tim^ joined #salt
02:48 ilbot3 joined #salt
02:48 Topic for #salt is now Welcome to #salt! | Latest Version: 2015.8.7 | Register for SaltConf16: http://saltconf.com/register/ | Paid support available for open source Salt! https://www.saltstack.com/support/ | Logs: http://irclog.perlgeek.de/salt/ | Paste: https://gist.github.com/ (please don't multiline paste into channel) | Ask with patience as we are volunteers and may not have immediate answers
02:48 nebuchad` joined #salt
02:48 [dee] joined #salt
02:49 mdupont joined #salt
02:49 zzzirk joined #salt
02:50 w1gz joined #salt
02:50 drags joined #salt
02:54 nkuttler joined #salt
02:57 zzzirk joined #salt
03:03 joe_n joined #salt
03:06 malinoff joined #salt
03:06 antpa joined #salt
03:10 bhosmer joined #salt
03:16 scoates joined #salt
03:18 MatthewsFace joined #salt
03:19 NV joined #salt
03:24 rem5 joined #salt
03:25 zzzirk joined #salt
03:34 zzzirk joined #salt
03:36 feliks joined #salt
03:37 nZac joined #salt
03:39 flowstate joined #salt
03:47 terratoma joined #salt
03:53 evle1 joined #salt
03:56 racooper joined #salt
04:02 evle2 joined #salt
04:04 bhosmer joined #salt
04:07 antpa joined #salt
04:11 ramteid joined #salt
04:13 Guest96261 joined #salt
04:19 tristianc joined #salt
04:22 hightekvagabond joined #salt
04:25 zzzirk joined #salt
04:27 quasiben1 joined #salt
04:28 kshlm joined #salt
04:30 favadi joined #salt
04:39 flowstate joined #salt
04:39 michelangelo joined #salt
04:49 higuita joined #salt
04:51 Fabbe joined #salt
04:58 malinoff joined #salt
04:58 bhosmer joined #salt
05:00 RobertChen117 joined #salt
05:02 zzzirk joined #salt
05:12 akhter joined #salt
05:15 mavhq joined #salt
05:20 RobertChen117 joined #salt
05:24 Antiarc joined #salt
05:25 favadi joined #salt
05:36 rdas joined #salt
05:38 flowstate joined #salt
05:49 txmoose jfelchner: thanks for that!  I never would have caught that on my own.
05:50 malinoff joined #salt
05:52 bhosmer joined #salt
05:57 fracklen joined #salt
06:10 jfelchner txmoose I like to give back here in case anyone else stumbles across the same thing :)
06:11 jfelchner I also just answered my own question.  In a Jinja template you can do {{ salt['cmd.shell']('my command') }} and it will spit the output of the command into the template.
06:20 rominf joined #salt
06:37 iceyao joined #salt
06:38 felskrone joined #salt
06:39 flowstate joined #salt
06:40 jimklo joined #salt
06:41 fooma joined #salt
06:45 ajw0100 joined #salt
06:47 bhosmer_ joined #salt
06:52 xenoxaos joined #salt
06:57 colttt joined #salt
07:04 txmoose jfelchner: I would love to be able to give back, but I'm still learning.  I barely have any knowledge, but I'm definetly down the rabbit hole XD
07:09 Miouge joined #salt
07:26 LondonAppDev joined #salt
07:27 LondonAppDev Hey all, is it smart to have the master manage itself?
07:30 iggy Yes
07:34 LondonAppDev iggy: sweet.
07:34 LondonAppDev I'm smart...
07:36 tweakism Now, let's go look for things.
07:36 tweakism Things that make us go.
07:36 bujordan_ joined #salt
07:37 flowstate joined #salt
07:41 bhosmer_ joined #salt
07:45 denys joined #salt
07:46 iceyao joined #salt
07:48 fracklen joined #salt
07:51 _JZ_ joined #salt
07:54 cberndt joined #salt
07:58 LondonAppDev What is the best practice for storing salt pillar files? I guess it's not good to check them into Git right? Should I just keep a local backup? What do you guys do/recommend?
08:01 honestly all my salt data is under /srv/saltstack and that is a repository (hg in this specific case because this team uses hg)
08:04 jbrnds joined #salt
08:09 Rumbles joined #salt
08:09 GreatSnoopy joined #salt
08:09 pafmaf joined #salt
08:12 slav0nic joined #salt
08:17 dmaiocchi joined #salt
08:21 LondonAppDev Thanks honestly. What's hg?
08:21 Micromus joined #salt
08:22 josuebrunel joined #salt
08:23 tweakism mercurial
08:24 tweakism it's a distributed SCM
08:24 tweakism hg and git have a lot in common
08:24 babilen git's handsome brother that never had much luck in life
08:24 tweakism ^^ pretty much this
08:25 tweakism I beleive hg predates git, but I'm not sure
08:26 tweakism heh, nope, but apparently both projects started within days of each other
08:27 tweakism and for the same reasons
08:27 tweakism wtf didn't they just collaborate on one project
08:27 fracklen joined #salt
08:35 bhosmer_ joined #salt
08:35 fracklen joined #salt
08:35 yawniek joined #salt
08:36 denys joined #salt
08:38 flowstate joined #salt
08:39 fracklen joined #salt
08:45 hightekvagabond joined #salt
08:46 JohnnyRun joined #salt
08:50 kawa2014 joined #salt
08:50 atmosx joined #salt
08:52 Fiber^ joined #salt
08:52 josuebrunel joined #salt
08:53 fracklen_ joined #salt
08:55 fracklen_ joined #salt
09:03 garphy joined #salt
09:04 pooogles joined #salt
09:06 s_kunk joined #salt
09:09 dkrae joined #salt
09:11 cyborglone joined #salt
09:14 kawa2014 joined #salt
09:15 bdrung_work joined #salt
09:19 yuhlw joined #salt
09:20 fracklen joined #salt
09:21 JohnnyRun joined #salt
09:21 fracklen joined #salt
09:22 MadHatter42 joined #salt
09:22 wwwbukolaycom joined #salt
09:23 permalac joined #salt
09:29 dgutu joined #salt
09:30 dgutu joined #salt
09:30 joe_n joined #salt
09:33 GreatSnoopy joined #salt
09:34 keimlink joined #salt
09:36 sfxandy joined #salt
09:38 flowstate joined #salt
09:43 pooogles_ joined #salt
09:44 JohnnyRun joined #salt
09:51 ninkotech joined #salt
09:52 bujordan joined #salt
09:56 iceyao joined #salt
10:01 TomJepp joined #salt
10:05 jbrnds joined #salt
10:11 felskrone1 joined #salt
10:12 fracklen joined #salt
10:23 bhosmer joined #salt
10:31 jbrnds2 joined #salt
10:34 artemz joined #salt
10:36 iceyao joined #salt
10:37 flowstate joined #salt
10:44 ingslovak joined #salt
10:44 txmoose tweakism: because that's not how open source works XD https://xkcd.com/927/
10:44 the_lalelu joined #salt
10:46 RobertChen117 joined #salt
10:46 artemz joined #salt
10:46 colegatron is it possible to fully restart a service without using a module.run? I've ended using it because a -enable-reload does not worked. http://pastebin.com/KsWtdwLE
10:47 rory I just use cmd.run but I'm aware every time that it's ugly
10:48 colegatron rory; yup, I was using until I learned how to use extend: -watch properly, but it does not work (I guess) if the service does not have a 'reload' but a 'restart'
10:48 akhter joined #salt
10:49 colegatron but force always a module.run is also ugly :-(
10:52 GreatSnoopy joined #salt
10:57 amcorreia joined #salt
10:57 garphy joined #salt
10:57 rory We're actually embarking on a year-long project to rewrite the entire platform with Puppet :P
10:57 dijit kek
11:01 AndreasLutro colegatron: it should work fine with a regular watch
11:01 favadi joined #salt
11:04 AndreasLutro though the supervisord state function doesn't seem to have a concept of "full_restart"
11:04 AndreasLutro whatever that is
11:05 AndreasLutro colegatron: also you don't need to use that extend syntax, just use watch_in
11:05 JohnnyRun joined #salt
11:07 honestly well great, no regex in jinja
11:08 colegatron AndreasLutro, oh, thnx to point to watch_in, didn't think on it
11:11 colegatron and also to point supervisord has its own states
11:12 iceyao joined #salt
11:13 antpa joined #salt
11:13 AndreasLutro oh sorry I misread that
11:13 AndreasLutro you want to restart the actual supervisord, not a supervisor service
11:13 colegatron mmmm what is the difference? (just surprised)
11:14 AndreasLutro supervisord is started by your init service (upstart, systemd, sysvinit...), supervisord again starts other services
11:16 colegatron mutlple supervisord processes running?
11:16 colegatron seems weird
11:20 honestly and it seems custom execution modules are also a no-go with salt-ssh...
11:21 babilen honestly: Yeah, jinja is meh .. Your options are: 1. Use a different renderer (e.g. mako which supports literal Python blocks or py right away) 2. Implement a custom execution module in Python in which you do all the things you'd love to do in jinja in a single line of Python, but can't
11:21 babilen Ah .. salt-ssh
11:21 babilen yay
11:21 babilen jinja was such a bad choice :(
11:22 AndreasLutro honestly: I'
11:22 AndreasLutro honestly: I've used custom execution modules with salt-ssh
11:22 AndreasLutro seems to work fine
11:23 bujordan joined #salt
11:23 denys joined #salt
11:23 honestly all I get is 'module.func is not available'
11:24 honestly ah nevermind
11:24 honestly I have an error in the module
11:26 honestly it works
11:27 swappy joined #salt
11:27 fgimian joined #salt
11:31 artemz joined #salt
11:32 simo86 joined #salt
11:32 simo86 Hello Everyone ... this is my very first question after using Saltstack for few months
11:32 babilen \o/
11:33 honestly so now I'm doing heavy scripting in jinja, writing my own execution modules to add stuff like regex matching that doesn't come with jinja by default
11:33 honestly :(
11:33 honestly because the Py renderer breaks salt-ssh for unknown reasons
11:34 babilen Use mako! ;)
11:34 simo86 Problem: my Master has a Public DNS (that resolves to A.A.A.A). I use it in the minion config that are in the same physical network of the master. So they resolve it to B.B.B.B (that is the private IP of the master). Now ... if the Private IP of the master changes, each minion loses its connectivity to it
11:34 simo86 Until I connect to each of them and make a restart of each
11:34 simo86 any solutions ?
11:34 honestly babilen: I need to install mako for that.
11:34 dimeshake_ joined #salt
11:34 simo86 Thank you very much for you help ...
11:35 babilen honestly: Which probably would have been a better default renderer, but I'd be hesitant to throw in yet another renderer into the mix. I typically use the Python renderer as soon as I need more involved logic (or itertools, re, ...)
11:35 honestly babilen: also someone in here told me "use mako" 5 years ago, and I looked and promptly recoiled in horror for one reason or another
11:35 babilen Why?
11:35 honestly I don't remember, it was 5 years ago
11:36 AndreasLutro mako is pretty great
11:36 honestly that said jinja should really be thrown out completely because of its utterly broken whitespace control
11:36 babilen Either way, that doesn't really get you far. For now the best way to deal with this is to implement the trickier bits in custom execution modules and to call those from jinja.
11:37 honestly if whitespace is important in, say, a config file, you can choose either a) a readable template or b) a readable rendered result
11:37 Matthews_ joined #salt
11:37 honestly yeah that's what I'm doing
11:37 babilen I would have much preferred mako as default renderer .. The ability to use literal Python blocks is great if you need "that little bit of extra power" and other aspects are more to my liking. Jinja was meant for applications in which *all* the logic is being handled in the backend and you just want easy and dumb templates.
11:38 honestly the problem with all this is that I am the only one in the org now learning about all the warts and gotchas in all of this
11:38 AndreasLutro the only thing I really like with jinja that mako doesn't do is {{ foo.bar }} for dicts
11:38 flowstate joined #salt
11:38 babilen simo86: I use salt-ssh in those situations. It can work on the minion_cache as roster.
11:38 honestly so nobody else will be able to write working salt formulas for their machines and the whole thing will die as soon as I leave
11:39 simo86 @babilen: thank you very much, I will check for it ;)
11:39 honestly I am replacing unholy concoctions of cronjobs and makefiles
11:39 honestly and my replacement will be just as unholy :|
11:41 honestly oh well, hopefully if I keep reporting salt-ssh bugs they'll be fixed soon and everything will be awesome
11:41 babilen honestly: I don't necessarily find execution modules to be unholy or hard to understand. The problem is rather one of consistency and comparability. If other users are used to the "Oh, logic surely is done in the foo_bar.* execution module that accompanies each customer/state/whathaveyou" then it is clear how it is done.
11:41 babilen Or if you use the py renderer in those cases ..
11:42 shiriru joined #salt
11:42 honestly babilen: unholy is expressing this state using jinja instead of Py: https://github.com/saltstack/salt/files/132466/init.sls.txt
11:45 AndreasLutro can I get that as a non-download link?
11:50 garphy joined #salt
11:52 M-MadsRC joined #salt
11:53 honestly github can't into MIME :(
11:55 honestly https://gist.github.com/duk3luk3/4be7edf0d68eb15aa742
11:56 nahamu_ joined #salt
11:58 AndreasLutro if I were to rewrite this I'd 1. move ssh keys from salt:// to pillars 2. create an execution module to get the access_users list on line 29
11:59 honestly how would you format the keys in the pillar?
12:00 honestly just copying pubkeys to a directory avoids copypaste mangling
12:00 AndreasLutro https://bpaste.net/show/517b9e28c602
12:00 honestly that won't work
12:00 AndreasLutro you could keep the pubkey in an external pillar as well
12:00 honestly you need the key type
12:01 AndreasLutro ssh_auth.present takes an enc arg
12:01 AndreasLutro - enc: {{ key.get('enc', 'ssh-rsa') }}
12:01 honestly ssh-rsa is just about deprecated, you really want to hardcode that?
12:02 honestly well, as a fallback it's okay
12:02 honestly but then your pillar gets more complicated
12:03 honestly and users need to chop up their pubkeys and put them into the right pillar fields
12:03 artemz joined #salt
12:04 honestly although I guess ssh_auth.present is actually pretty flexible and would just accept the whole key as the name param
12:04 honestly at least that's what the doc examples suggest
12:07 honestly oh well, too late now
12:11 M-liberdiko joined #salt
12:12 bhosmer joined #salt
12:13 honestly I keep rewriting this state from scratch but I can't possibly change anything now!
12:14 fredvd joined #salt
12:18 GreatSnoopy joined #salt
12:21 swappy joined #salt
12:23 jbrnds joined #salt
12:24 kevinquinnyo1 joined #salt
12:31 viq_ joined #salt
12:37 favadi joined #salt
12:38 flowstate joined #salt
12:39 fracklen joined #salt
12:39 fracklen joined #salt
12:40 honestly AndreasLutro: IT LIIIVES https://gist.github.com/duk3luk3/4be7edf0d68eb15aa742
12:42 akhter joined #salt
12:52 bujordan joined #salt
12:53 MadHatter42 joined #salt
12:53 favadi joined #salt
12:54 honestly hrm
12:55 honestly salt-ssh --refresh doesn't actually seem to refresh grains :|
13:01 honestly aaand jinja variable scoping is terrorful
13:05 rubenb If there are faults in the docs, where should those be addressed?
13:06 ggoZ joined #salt
13:06 honestly the salt issue tracker on github
13:07 rubenb I was like "Ooh, nice feature in v2015.8.6", so I've upgraded all the minions to 2015.8.7, just to find the feature wasn't merged, but already in the docs
13:08 AndreasLutro just make a pull request for it, it'll be faster
13:08 zzzirk joined #salt
13:08 honestly that might not be a doc bug
13:08 honestly could also be a regular bug ;)
13:09 catpig joined #salt
13:10 rubenb afaik, the function is in the develop branch, but not in the v2015.8.6+-tagged files.
13:11 rubenb 3https://github.com/saltstack/salt/blob/develop/salt/modules/win_service.py#L457 / https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.win_service.html#salt.modules.win_service.config
13:11 AndreasLutro rubenb: develop is 2 major releases ahead of 2015.8
13:14 rubenb AndreasLutro: The docs said it was a new feature in 2015.8.6, also the docstring of the function.
13:15 AndreasLutro aha... well, I know there was a huge mess with 2015.8 because so many regressions made it into releases
13:16 giany_ joined #salt
13:16 pcdummy joined #salt
13:17 rubenb Ah, I did not know that it was that bad. :)
13:19 cb joined #salt
13:21 lionel_ joined #salt
13:21 tampakrap joined #salt
13:22 toabi joined #salt
13:23 GothAck joined #salt
13:24 illern joined #salt
13:27 honestly man, I cannot beat this into submission.
13:28 fredvd joined #salt
13:29 honestly jinja is so insane.
13:29 iceyao joined #salt
13:30 josuebrunel joined #salt
13:32 honestly I reall do need an execution module for this, lol
13:37 flowstate joined #salt
13:37 Score_Under don't know if this is any help but for ssh keys I just used a file.managed with a mako template which rolled up all the individual .pub files into one, then changed the sshd config to look for that file as well as authorized_keys. saves the pain of forgetting to revoke keys in salt
13:38 gh34 joined #salt
13:38 pooogles joined #salt
13:39 antpa joined #salt
13:40 kshlm joined #salt
13:40 mavhq joined #salt
13:41 blarghmatey joined #salt
13:42 Ahlee joined #salt
13:47 jbrnds2 joined #salt
13:49 honestly o.O somewhere my stuff is getting stringified...
13:49 honestly and notably not where I want it to
13:52 dariusjs joined #salt
13:52 rem5 joined #salt
13:52 mavhq joined #salt
13:53 subsignal joined #salt
13:53 numkem joined #salt
13:55 tpaul joined #salt
13:56 dyasny joined #salt
13:56 honestly so... is that an expected thing that jinja stringifies everything before passing it to a function?
13:56 dariusjs_ joined #salt
13:56 honestly I am trying to pass a dict to an execution module
13:59 mavhq joined #salt
13:59 jeddi joined #salt
14:00 bhosmer joined #salt
14:01 subsignal joined #salt
14:03 mavhq joined #salt
14:03 pppingme joined #salt
14:09 subsignal joined #salt
14:10 mavhq joined #salt
14:11 srinivas joined #salt
14:14 subsigna_ joined #salt
14:17 honestly AndreasLutro: you still here?
14:17 numkem Is there a way to pass arguments to the orchestrator?
14:18 AndreasLutro honestly: kinda
14:18 AndreasLutro numkem: yes, the pillar arg
14:19 numkem AndreasLutro: that's a kwarg?
14:19 AndreasLutro I don't remember, look it up in the docs
14:19 honestly AndreasLutro: do you know if jinja stringifies arguments passed to an extension function?
14:20 numkem AndreasLutro: I'm in the doc and I don't see anything, I'll dig further tho, thanks!
14:21 AndreasLutro honestly: what's an "extension function"
14:22 AndreasLutro numkem: it'll be in the runner.state documentation page probably
14:22 honestly AndreasLutro: an execution module in this case
14:22 AndreasLutro no, it won't
14:23 bujordan joined #salt
14:23 SunPowered joined #salt
14:23 honestly then why does my execution module end up with a string :F
14:24 AndreasLutro could you share the state/whatever?
14:24 netcho joined #salt
14:25 mavhq joined #salt
14:26 honestly https://gist.github.com/duk3luk3/7bb6522839436eae6857
14:27 AndreasLutro is user.access the dict getting cast to a string?
14:27 honestly yeah
14:27 honestly print >> sys.stderr, "Values[0]:", values[0] results in Values[0]: [
14:28 edrocks joined #salt
14:29 AndreasLutro how do you know it's a string? if you print a dict in python, it'll look just like a string... maybe try repr() instead?
14:30 honestly because I get the error "string index must be an integer"
14:30 honestly and because it values[0] is '['
14:30 MadHatter42 joined #salt
14:31 honestly repr() confirms that it's a string
14:32 AndreasLutro no idea then, maybe some other pillar file is accidentally overriding the yaml you've got in the gist
14:33 honestly I checked that the pillar looks as expected with pillar.get
14:36 AndreasLutro out of ideas then
14:39 oida joined #salt
14:42 nZac joined #salt
14:43 zzzirk joined #salt
14:43 honestly yeah... I don't even...
14:44 zsoftich4 joined #salt
14:44 tkharju joined #salt
14:44 freeaks joined #salt
14:44 freeaks hi all
14:45 mavhq joined #salt
14:45 rubenb Hi.
14:45 freeaks i was wondering if it is possible do import a yaml file with a part of the filename being variable ?
14:45 freeaks like this:
14:45 freeaks {% import_yaml 'extra_cfg/whitelist-{{ grains['id'] }}.yml' as my_variable %}
14:45 freeaks the 'whitelist-{{ grains['id'] }}.yml'
14:46 perfectsine joined #salt
14:46 honestly you can't do {{ }} substitution inside a {% %} macro block
14:46 honestly try {% import_yaml 'extra_cfg/whitelist-' + grains['id'] + '.yml' as my_variable %}
14:46 freeaks honestly, ah :/ thanks for the answer ..
14:47 honestly inside a macro block you're kindasorta more or less in a python environment
14:47 honestly (but not really)
14:47 freeaks thanks again, for the correcting and explanation
14:47 rubenb Are grains cached somewhere on the master? :)
14:48 honestly yes
14:49 scoates joined #salt
14:50 honestly can't really find something explicit in the docs though...
14:50 honestly "Grain data is relatively static, though if system information changes (for example, if network settings are changed), or if a new value is assigned to a custom grain, grain data is refreshed."
14:54 kim0 joined #salt
14:55 cpowell joined #salt
14:55 perfectsine_ joined #salt
14:58 ronnix joined #salt
15:02 blarghmatey joined #salt
15:05 honestly AndreasLutro: well crud, it reproduces with a very minimal example... https://github.com/saltstack/salt/issues/31542
15:05 saltstackbot [#31542]title: jinja stringifies dict before passing it to execution module (maybe salt-ssh specific?) | ### Expected Behavior...
15:09 toastedpenguin joined #salt
15:09 armguy joined #salt
15:10 AndreasLutro honestly: you didn't include your custom modules
15:11 cpowell joined #salt
15:13 malinoff joined #salt
15:13 honestly Oh crap
15:13 honestly Teaches me to do things just before leaving
15:14 honestly pass.through just returns its parameter
15:14 honestly pass.t returns the type()
15:15 rem5 joined #salt
15:15 tpaul Is there a place where I can release notes specific to just 2015.8.7? have already packaged 2015.8.5
15:16 hasues joined #salt
15:16 hasues left #salt
15:17 rem5 joined #salt
15:18 nZac joined #salt
15:19 honestly Find the tag on github and read the changelog?
15:19 blarghmatey joined #salt
15:19 permalac joined #salt
15:20 permalac joined #salt
15:20 Fiber^ joined #salt
15:20 tpaul honestly: the release points to the page with 2015.8.3-2015.8.7 release notes combined, unless you're suggesting I read the commits in the branch?
15:21 tpaul "These release notes contain all of the changes since 2015.8.3 to make it easier to see everything that has changed recently."
15:21 racooper joined #salt
15:22 netcho_ joined #salt
15:23 AndreasLutro honestly: that's my lol of the day
15:23 ronnix joined #salt
15:24 honestly AndreasLutro: That bug you mean?
15:25 AndreasLutro yeah. I replied with the root cause
15:25 AndreasLutro did not expect that
15:25 honestly tpaul: There should be a git tag specifically for the version you're looking for
15:26 netcho joined #salt
15:26 honestly AndreasLutro: And people keep getting angry in here when I complain about salt-ssh being broken...
15:27 AndreasLutro just stop thinking about it as a polished production ready product
15:28 AndreasLutro if you want/need configuration over ssh just use ansible
15:28 AndreasLutro right tool for the job etc
15:28 AndreasLutro I'm happy with salt-ssh but only for my personal servers with no custom modules
15:29 tpaul honestly: yes, it points to the combined release notes: https://github.com/saltstack/salt/releases/tag/v2015.8.7
15:30 honestly oh.
15:30 tpaul I guess I'll just compare the merged release notes to the git commits...
15:32 tpaul It would be super helpful to packagers if the indiviual release notes for each version were kept separate in the future
15:33 tpaul 2015.8.5 and 2015.8.3 did have their own separate notes before 2015.8.7 was released
15:33 danemacmillan joined #salt
15:35 fracklen joined #salt
15:35 deus_ex joined #salt
15:39 perfectsine joined #salt
15:42 Brew joined #salt
15:44 srinivas joined #salt
15:46 tiski joined #salt
15:47 Tanta joined #salt
15:47 tiski Hello, i have a small question, i ve looked to factorize redundant code in pillars, and it seems that you can't include the same sls file multiple times (even if the hds resulting post-jinja is different each time). Does anyone has a an alternative to use ?
15:49 bhosmer joined #salt
15:49 Tanta why would you include a file twice for pillar
15:49 amcorreia joined #salt
15:50 tiski basically, i have folders for applications, one folder per app, in each app, i have one folder per env
15:50 tiski i use grains to select which appli/env to deploy
15:51 tiski since i was writing lots of time the same code, i ve changed a bit the system
15:51 tiski to have a config.yml at the root of each app folder with variables
15:51 Tanta your question doesn't make any sense
15:51 tiski well, let's say you have app1/dev/svn.sls and app2/dev/svn.sls which are the same
15:51 Tanta a single sls file can be included by other sls files many times
15:52 Tanta just probably not 2x in the same high state run
15:52 tiski my issues in not on the states but in the pillars
15:52 blarghmatey joined #salt
15:52 tiski let say you have a app1.sls file wich include a svn.sls file
15:53 tiski and an app2.sls file which include the same svn.sls file
15:53 tiski when you run pillar.items
15:53 tiski it only retrieve one of the 2
15:53 Tanta OK, 1.sls, 2.sls, 3.sls needs to be used by two different apps; in top.sls, include app1.sls which includes [1,2,3], and in app2.sls which includes [1,2,3]
15:53 tiski (i use jinja variable in the svn.sls file to have the proper path/login/passwd, etc...)
15:53 bujordan joined #salt
15:55 tiski i give you a first complete example
15:55 tiski in top file :
15:55 tiski - test.c     - test.d
15:55 tiski c.sls is like this :
15:55 tiski include:   - test.a:       defaults:           var1: toto
15:55 tiski d.sls like this
15:55 tiski include:   - test.a:       defaults:           var1: tata
15:55 tiski a.sls like this
15:55 tiski toto: {{ var1 }}
15:56 tiski resulting pillar.items
15:56 tiski toto:         toto
15:56 TaiSHi Use a paste service
15:56 tiski mm i will add one thing in case of pillar merge
15:56 TaiSHi Don't spam channels like that
15:56 tiski sorry
15:56 tiski will do
15:56 conan_the_destro joined #salt
15:56 TaiSHi You -will- spam channels like that?
15:57 tiski no, i will use pastebin :)
15:57 Tanta that didn't help clarify, it seems like you're doing it in a weird way
15:58 snc joined #salt
15:59 freeaks how can i test if this file exist?  -> 'extra_cfg/whitelist-{{ grains['id'] }}.yml'
15:59 tiski http://pastebin.com/N2mVbX9c
15:59 freeaks i would like to do something if it exists, and something else if it doesn't
16:00 fracklen joined #salt
16:00 tiski maybe include a variable in the yml file, do the import with ignore missing, and test the variable ?
16:02 onlyanegg joined #salt
16:02 ronnix joined #salt
16:02 tiski ok, maybe i do it wrongly Tanta, but what's the good way to do it ?
16:03 freeaks tiski, i can't because i don't know beforehand the full filename
16:03 tiski ohh
16:03 tiski but you know what is expected to be in the yml or not ?
16:04 tiski (if a dict, list, or var is defined in it ?)
16:04 tiski jinja doesn't let you test for file existence
16:05 tiski or you can use python do to the test, but well .. not really neat
16:05 freeaks yes, in this case it's a list of IPs, i'm creating a whitelist system, and in each file whitelist-{{ grains['id'] }}.yml, there will be the list of IPs and port i need to whitelist in iptables for each hosts (grains['id'])
16:05 tiski so if you import it with ignore missing, test if the list is defined , then bingo, it means that it has been included, and you can proceed
16:05 flowstate joined #salt
16:06 tiski if the list is not defined, it means the import failed, hence the file didn't exist, and you can do something else
16:06 freeaks so i wanted to test if file /whitelist-{{ grains['id'] }}.yml exists, and if not just use genreic whitelist.yml
16:07 norii joined #salt
16:07 freeaks how do you do a 'import ignore missing' ?
16:08 tiski let me check i do that somewhere i think
16:09 malinoff joined #salt
16:09 freeaks thank you for taking the time to help ..
16:10 tiski well i came here for help, did'nt receive much of any, but well, i do have a few min to spare
16:10 tiski i didn't use it, but let me test before giving.
16:10 freeaks sure
16:12 higuita joined #salt
16:16 tiski the .yml is on the master (just to be sure)
16:16 tiski ?
16:16 freeaks yes
16:17 freeaks yes it is
16:19 favadi joined #salt
16:19 tiski my idea didn't work :/
16:20 tiski what do you do with the yml ? are you deploying it somewhere ?
16:20 tiski cause you can use the native fallback mecanism of salt fs
16:20 freeaks the yaml file contains a list of ip to whitelist on a given minion
16:21 freeaks i was thinking, maybe this would work? :  http://paste.debian.net/410281/
16:21 tiski that's what i ve tried, but jinja fail as .yml is missing
16:21 freeaks so if: extra_cfg/whitelist-' + grains['id'] + '.yml   exist use it, or else use just: extra_cfg/whitelist.yml  instead
16:22 freeaks and that fails ? humm :/
16:22 freeaks i don't know the native fallback mecanism, what is it ?
16:22 fyb3r joined #salt
16:23 tiski with file.present (or stuff like this) when you use source, you can select multiple ones
16:23 freeaks i just need to use "whitelist-' + grains['id'] + '.yml"  if it exists, and if not, use "whitelist.yml"  instead
16:23 tiski if salt doesn't file the first one on saltfs, it will go the the next, etc.
16:23 tiski just defined source: with a list, instead of a direct declaration
16:24 freeaks i could do it in steps, if file.present works it's fine, i can import after that
16:25 jfelchner joined #salt
16:26 nZac joined #salt
16:27 freeaks in any case, thanks again for the help, tiski
16:28 tiski sorry i couldn't help more, by any chance, do you have an idea how to include the same sls multiple times in pillars ?
16:29 jimklo joined #salt
16:29 fracklen joined #salt
16:29 freeaks hum, no idea sorry, i'm very new to salt :/
16:31 Tanta use things like onchanges:, onlyif:, unless:, etc
16:31 Tanta https://docs.saltstack.com/en/latest/ref/states/requisites.html
16:33 felskrone joined #salt
16:34 kevinquinnyo1 joined #salt
16:35 ronnix_ joined #salt
16:38 perfectsine joined #salt
16:39 froggy joined #salt
16:39 hightekvagabond joined #salt
16:40 grumm_servire joined #salt
16:41 evle joined #salt
16:41 alias__ joined #salt
16:42 flowstate joined #salt
16:43 josuebrunel joined #salt
16:43 bhosmer joined #salt
16:45 bujordan joined #salt
16:45 flowstat_ joined #salt
16:45 bujordan joined #salt
16:46 hightekvagabond joined #salt
16:48 Sacro joined #salt
16:49 dyasny joined #salt
16:49 flowstate joined #salt
16:51 Miouge joined #salt
16:52 hexa- joined #salt
16:53 Icefoz Hmmm, does anyone have suggestions on the best way to make sure salt is up to date on all minions, using salt?
16:53 Icefoz Turns out the version installed on Debian by default is ancient.
16:54 Tanta pick a package repository, deploy a cron that runs an apt-get update && apt-get whatever
16:54 kaptk2 joined #salt
16:54 dijit Icefoz: you can do pkg.latest
16:54 dijit but it's also a grain on the minions themselves.
16:55 Icefoz Hmmm, all right.  Thanks.
16:55 dijit saltversioninfo is an array like [2015,8,3,0] and saltversion is a string like '2015.8.3'
16:56 dijit ^_^
16:57 Icefoz Yeah, I should rephrase; I'm less interested in checking the version than upgrading everything to the latest version by default...
16:57 perfectsine joined #salt
16:58 AndreasLutro Icefoz: salt '*' test.version
16:58 whytewolf Icefoz: use the salt-formula. https://github.com/saltstack-formulas/salt-formula
16:59 ronnix joined #salt
16:59 Icefoz whytewolf: Ah, I didn't see that formula.  I'll check it out.
17:00 traph joined #salt
17:00 traph joined #salt
17:01 whytewolf it is rare i recomend formulas ... but i had heard good things about that one. and iggy used to contribute to it :P
17:01 Icefoz Now I just have to figure out how to deploy formulas...  Back to the docs.
17:01 brianfeister joined #salt
17:01 Icefoz whytewolf: Why don't you prefer formulas?  There seem to be some pretty useful ones.
17:01 whytewolf https://docs.saltstack.com/en/latest/topics/development/conventions/formulas.html
17:02 whytewolf Icefoz: cause I tend to not fit into one size fits all situations
17:02 Icefoz That's fair.
17:03 Miouge joined #salt
17:03 jfelchner Icefoz plus the formulas tend to be super complex because they're trying to customize for every use case.  Which makes the templates and code extremely hard to read.
17:04 jfelchner I've been making formulas for my particular use cases, so I get the compartmentalization benefits but it's still very readable.
17:04 ronnix joined #salt
17:09 mpanetta joined #salt
17:10 dijit Icefoz: pkg.latest is what you want then.
17:12 writtenoff joined #salt
17:16 hasues joined #salt
17:17 hasues left #salt
17:17 debian1121 left #salt
17:18 ronnix joined #salt
17:21 test joined #salt
17:21 pppingme joined #salt
17:30 notnotpeter joined #salt
17:36 fracklen joined #salt
17:37 Netwizard joined #salt
17:38 bhosmer joined #salt
17:42 jab416171 when is 2015.8.8 being released? I see there's a placeholder in the docs already for the release notes
17:44 KyleG joined #salt
17:44 KyleG joined #salt
17:44 sfz- joined #salt
17:46 Edgan joined #salt
17:46 brianfeister joined #salt
17:49 khorben joined #salt
17:50 jfelchner I'm trying to use node_groups in masterless mode, but I'm not having any luck.  Is there a trick to it?
17:50 khorben hi; would anyone know how to escape a string for yaml in jinja? I have strings beginning with "@" (reserved in yaml)
17:50 khorben http://www.yaml.org/spec/1.2/spec.html#id2760844
17:54 Mate key: {{value|yaml_dquote}}?
17:54 khorben found a "solution"
17:55 khorben "\"@value\""
17:55 khorben in the pillar and then gets expanded correctly
17:56 khorben trouble is, this field may not always be a string, I just pass it to the state
17:56 whytewolf jfelchner: nodegroups in masterlesss??? um ... huh. what kind of targetting are you doing on masterless
17:56 jfelchner Well, basically it's a workaround around the fact that I can't have `ext_pillar` target all nodes. :(
17:56 khorben https://docs.saltstack.com/en/latest/ref/renderers/all/salt.renderers.jinja.html
17:57 jfelchner So I make one "all" node_group that matches all nodes on the subnet.
17:57 jfelchner whytewolf
17:57 whytewolf okay. but nodegroups is a master side setting
17:57 Mate khorben: what's the problem with yaml_dquote?
17:57 whytewolf there is no minion side with it
17:57 khorben Mate: I don't always have strings
17:58 khorben and
17:58 khorben Rendering SLS 'base:services.https' failed: Jinja syntax error: no filter named 'yaml_dquote'; line 55
17:58 jfelchner whytewolf Ah. Ok. :(  I wish there was a way to have an `ext_pillar` file directory that would get picked up by all notes.
17:58 jfelchner *nodes
17:59 jfelchner The 'all' node_group worked great when I was in master mode, but now I'm doing masterless provisioning using packer to create images and it no longer works.
17:59 Mate khorben: seems like you were using an old version
17:59 khorben Mate: yeah but I can't upgrade like this, so I'll double escape for now; thanks
18:00 KWhat_Work joined #salt
18:00 Mate and yaml_encode should work with other scalar types
18:00 nZac joined #salt
18:00 fracklen joined #salt
18:00 khorben no filter named 'yaml_encode' :/
18:01 whytewolf jfelchner: ouch guess that is a problem. but that sounds more like a work around then a solution. you might be able to create a new ext_pillar based on the filetree pillar that does what you are wanting.
18:01 KWhat_Work good morning, please bare with me as I know very little about this stack.  I am trying to figure out how to add some pillar data to my sls file... I am not sure where that pillar is defined.
18:01 Mate khorben: it's a 2014.7 feature i think
18:01 jfelchner whytewolf Yeah, that was suggested to me before coming up with the node_groups thing.  The problem is that I don't know Python so I'm pretty much up a creek. hahahahaha
18:01 khorben KWhat_Work: pillar_roots in your master file
18:02 khorben then you also need a top file there etc
18:02 whytewolf jfelchner: you might be able to stumble through it. should be minor tweeks
18:02 jfelchner whytewolf ok sweet.  I'll take a gander.  Thanks!
18:04 KWhat_Work khorben: i found a pillar/default/jenkins.sls that appears to defined the value I am looking for, do i just include: - default.jenkins.sls
18:05 khorben KWhat_Work: in pillar top file, put base: '*': - default.jenkins
18:05 whytewolf KWhat_Work: - default.jenkins [in your pillar top file whouch should be in the pillar_roots directory]
18:06 fracklen_ joined #salt
18:06 flowstate joined #salt
18:08 ronnix joined #salt
18:08 cyborg-one joined #salt
18:10 basepi joined #salt
18:10 flowstat_ joined #salt
18:11 hightekvagabond joined #salt
18:12 flowstate joined #salt
18:17 sfxandy joined #salt
18:17 baweaver joined #salt
18:21 impi joined #salt
18:24 ageorgop joined #salt
18:25 denys joined #salt
18:27 kevinquinnyo1 joined #salt
18:27 bujordan joined #salt
18:29 baweaver joined #salt
18:30 toastedpenguin joined #salt
18:32 bhosmer joined #salt
18:33 ronnix joined #salt
18:33 alvinstarr joined #salt
18:34 antpa joined #salt
18:40 ZiLi0n joined #salt
18:40 ZiLi0n Hello everyone, pgk.installed has the option "fromrepo" which enables a repo. The thing is that at the same time it disabled all other repos available...is there a way to enbale a repo but leave the others also enabled as well?
18:41 flowstate joined #salt
18:44 baweaver joined #salt
18:46 fracklen joined #salt
18:47 dmaiocchi joined #salt
18:48 ronnix_ joined #salt
18:48 fracklen joined #salt
18:51 shaggy_surfer joined #salt
18:51 fracklen joined #salt
18:53 shaggy_surfer joined #salt
18:53 ZiLi0n it seems that parameter enablerepo is supported as well and made the trick!
18:55 grumm_servire joined #salt
18:56 fracklen_ joined #salt
19:00 nate_c joined #salt
19:00 fracklen joined #salt
19:01 Miouge joined #salt
19:01 nZac joined #salt
19:09 legion02 joined #salt
19:11 ajw0100 joined #salt
19:12 nZac joined #salt
19:16 kim0 joined #salt
19:17 josuebrunel joined #salt
19:17 fracklen joined #salt
19:19 nZac joined #salt
19:21 Corey I fear I'm misunderstanding the salt scheduler.
19:21 Corey Gareth: You've done some work on the scheduler, haven't you?
19:21 ZiLi0n Hello, why my modules are showing 'name' is an invalid keyword argument.. what should I do? I couldn't find any docuemtation
19:21 Gareth Corey: yes.  I've done a little bit of work on that :)
19:21 Gareth whats up?
19:22 Corey Gareth: I was under the impression that defining the scheduled task as a pillar data structure for a given minion (and giving it a command or a state to run) was all it took. Is that mistaken?
19:23 Corey I'm reading conflicting reports. :-)
19:23 AndreasLutro I put schedulers in pillars and they run by themselves
19:24 Gareth yup.  You can store schedule information in pillar and target them at the minions you want.
19:24 fracklen joined #salt
19:24 Gareth Corey: you can use the modules & states to add them to minions, without using pillar.
19:25 Corey Okay, so what've I broken?  http://pastebin.com/Wn3tmJfQ
19:25 * Gareth looks
19:25 Corey The command isn't getting run.
19:26 bhosmer joined #salt
19:26 Gareth looks right to me.  On the minion(s) in question, if you do a schedule.list do you see that schedule item?
19:26 AndreasLutro schedulers/reindex-sphinx.sls is not a function
19:26 AndreasLutro it's a file
19:26 Corey ...drop the .sls?
19:26 MindDrive joined #salt
19:26 Corey That would do it.
19:27 AndreasLutro no
19:27 AndreasLutro still not a function
19:27 AndreasLutro cmd.run is a function, state.apply is a function
19:27 Gareth Corey: state.sls would be the function, reindex-sphinx would be an argument.
19:27 Corey ...well that's embarassing.
19:28 Gareth technically. schedulers.reindex-sphinx
19:28 Gareth second pair of eyes :)
19:28 Corey Much appreciated. Thank you both.
19:28 Gareth anytime.
19:29 numkem If is set extension_modules to /srv/salt/modules/, doesn't this means that execution modules should be in /srv/salt/modules/modules/ ?
19:29 AndreasLutro numkem: sounds right
19:30 numkem AndreasLutro: and yet when I run a resfresh it doesn't get sent to minions... It's sort of driving me nuts
19:30 numkem AndreasLutro: I'm running salt-master in debug mode and I can't find anything about it
19:32 AndreasLutro did you restart your master after setting it in the master config?
19:32 ZiLi0n hello everyone, is there a states equivalent to cp module? I would like to upload some files and folders from the minions up to the master
19:33 numkem AndreasLutro: multiple times
19:33 numkem AndreasLutro: I gave up the first time I tried last week and ended up putting things in /srv/salt/_modules
19:34 numkem but I know I'll have some custom pillar modules as well, I had to move it
19:34 AndreasLutro extension_modules: /etc/salt/extensions
19:34 AndreasLutro works for me
19:35 numkem and inside that folder what do you have?
19:35 AndreasLutro 3 dirs - returners, grains, modules
19:35 numkem so weird... why isn't it working for me
19:45 dmaiocchi joined #salt
19:46 fracklen joined #salt
19:47 ronnix joined #salt
19:48 baweaver joined #salt
19:49 brianfeister joined #salt
19:52 GreatSnoopy joined #salt
19:55 Miouge joined #salt
19:57 gtmanfred joined #salt
19:58 hasues joined #salt
19:58 hasues left #salt
20:02 ronnix joined #salt
20:03 jfelchner joined #salt
20:05 _Cyclone_ joined #salt
20:05 baweaver joined #salt
20:05 Netwizard joined #salt
20:06 bujordan joined #salt
20:06 forrest joined #salt
20:07 fracklen joined #salt
20:08 jwinters joined #salt
20:12 bujordan joined #salt
20:13 ZiLi0n hello everyone, is it possible to store the value returned by a state so that it can be used later in the same state?
20:15 flowstate joined #salt
20:18 gtmanfred joined #salt
20:20 bhosmer_ joined #salt
20:20 shaggy_surfer joined #salt
20:22 antpa joined #salt
20:22 ZiLi0n Another question... is salt cp.push safe? It seems that file_recv has to be enabled in the master for cp.push to work... my concern is that if minions can upload content/files to the master as they wish somehow? or otherwise only files are uploaded when executed from the master?
20:23 anthpa joined #salt
20:24 ZiLi0n what I am looking for is a safe way to upload files from a minion up to the master
20:24 Netwizard joined #salt
20:25 josue joined #salt
20:29 Eugene "safe" is relative. When in doubt, run things over SSH
20:29 MatthewsFace joined #salt
20:29 Eugene I haven't found a need for that feature myself
20:30 ajw0100 joined #salt
20:39 ZiLi0n Eugene thanks very much. By default saltstack uses AES, right?
20:41 Eugene https://salt.readthedocs.org/en/v0.12.1/topics/specs/salt_auth_proto_abs.html
20:41 AndreasLutro ZiLi0n: you need to think about what happens if one of your minions gets compromised
20:41 ZiLi0n Eugene so my concern with security is becaus I don't want to give permissions to minions to upload files (virus,) to the master
20:41 Eugene That's my understanding; I haven't read the code(or those docs)
20:41 AndreasLutro if someone gains root access to a server they could manipulate a cp.push to put a virus on the salt master, regardless of encryption
20:42 Eugene I keep salt:// traffic on a trusted network(ie, VPN or VLAN) in case it does get sniffed and hacked
20:42 Eugene I agree with your concerns, and would not advise using file uploads from minion to master either. rsync+ssh does a great job if you need  to pull a file up
20:43 AndreasLutro I think my main advice would be, use cp.push or rsync or whatever, but avoid doing it in an automated fashion
20:44 ZiLi0n AndreasLutro thanks, exactly. that is why I think that having enabled cp.push is not a good idea for my current environment. So is there another way to copy files from the minions to the master? calling them from state for example?
20:44 AndreasLutro what exactly are you trying to achieve?
20:44 ZiLi0n Eugene oh I see you mentioned rsync
20:44 ZiLi0n AndreasLutro. I want to get logs from minions to see for example why a service is not booting
20:45 Eugene I would use a state to push out a ssh pubkey for this
20:45 flowstate joined #salt
20:45 Eugene If you're really paranoid, use rrsync too
20:45 AndreasLutro use something like logstash or graylog
20:45 Eugene Yeah, log-forwarding time.
20:47 Rumbles joined #salt
20:48 cberndt joined #salt
20:49 ZiLi0n AndreasLutro graylog sounds good. that is even more that what I thought. I will take a look at it. Cool
20:50 ZiLi0n Eugene I am looking at states.rsync... not sure if files can be synced from minions to master
20:53 tkharju joined #salt
20:53 ronnix joined #salt
20:54 Eugene I'm talking about `rsync`
20:54 Eugene Not salt
20:55 jhauser joined #salt
20:57 flowstate joined #salt
20:57 ZiLi0n Eugene oh ok, thanks. I guess it would be useful if salt will provide that functionality
20:57 srinivas joined #salt
20:57 Eugene In theory you shouldn't need it ;-)
20:59 srinivas joined #salt
21:04 flowstate joined #salt
21:05 srinivas joined #salt
21:07 dmaiocchi joined #salt
21:08 flowstat_ joined #salt
21:09 ZiLi0n Eugene why not ? :)
21:10 akhter joined #salt
21:14 flowstate joined #salt
21:15 bhosmer joined #salt
21:19 flowstate joined #salt
21:22 Eugene My philosophy is that servers(including minions) should be self-managing and disposable; if they have an issue, delete it and spin up another one.
21:22 Eugene This is of course difficult to achieve in practice without going Full Cloud
21:23 brianfeister joined #salt
21:24 Tanta unless it's a database server
21:24 Tanta I throw away anything but my jumpbox and DB servers
21:25 ZiLi0n Eugene, what if the problem is with the initial config of your server? it would be really useful to see why a service is not coming up for example.
21:26 ronp_usa joined #salt
21:26 Eugene I SSH to it, see what's broke, and improve the state to handle that condition
21:26 baweaver joined #salt
21:26 ZiLi0n I hae tried file_recv and it is really cool and easy to get files from the minions into the master. the only concern is that any compromised minion can now upload files to the master without the master asking for them in the first place
21:26 Brew joined #salt
21:27 ZiLi0n Eugene, ssh is not available, your servers are behind a firewall
21:27 ZiLi0n imageine that for example
21:27 Tanta I think the concept that servers are disposable is good to have, from an engineering perspective, but there is no point to pointlessly destroying servers for a small bug
21:27 Eugene Stupid firewall ;-)
21:27 berserk joined #salt
21:27 ZiLi0n haha
21:28 Rumbles joined #salt
21:28 Eugene If nothing else, you can do `salt <minion> cmd.run cat /var/log/messages`
21:28 josuebrunel joined #salt
21:29 ZiLi0n I guess the only think I am saying is that file_recv is great (file propagation is great) but it only should be possible, or there should be an option available to configure in such a way that only when the master asks.
21:29 Eugene I would agree.
21:30 ZiLi0n can I disable commands at the minion from the master :)
21:30 fyb3r1 joined #salt
21:31 ZiLi0n actually... thinking for a sec :). how can the minion upload files? what would be the command?
21:32 Tanta cmd.run scp <path/to/file> salt.master:<path>
21:34 ZiLi0n Tanta thanks. But doing salt-call --local first?
21:35 Tanta https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.cp.html#salt.modules.cp.push
21:35 Tanta that would probably be the official way
21:36 dendazen joined #salt
21:36 ZiLi0n Tanta thanks, but that is executed from the master right?
21:36 Tanta nope, from the minion
21:36 ZiLi0n mmm
21:36 Tanta also see https://docs.saltstack.com/en/latest/ref/file_server/all/salt.fileserver.minionfs.html
21:36 dendazen hey guys, i have something like this in my top.sls 'mycompany.environment:(backtesting|development|nextgen|production|uat)':
21:37 ZiLi0n Tanta thanks, I don't have salt command on my minions.
21:37 dendazen and some states underneath it.
21:37 Tanta should work with salt-call also
21:37 quasiben1 I see that external_auth can use groups for auth, can client_acls ?
21:38 dendazen now when i just want to send a test ping to for example to all the boxes in 'development' environment from salt master
21:38 dendazen with salt command
21:38 dendazen how would i do that?
21:38 dendazen i've tried
21:38 Tanta salt '*development*' test.ping
21:38 dendazen salt 'mycompany.environment:(development)' test.ping
21:38 babilen dendazen: What are you matching on there?
21:39 Tanta you need the flag for the PCRE matcher to make that work
21:39 babilen Assuming it is the minion id, but the ":" hints at something else
21:39 srinivas joined #salt
21:39 dendazen well i have in my salt tree environments folders and underneath it i have these backtesting.sls, production.sls, e.t.c
21:39 ZiLi0n Tanta yep, salt-call does upload files from the minion to the master :(. I guess no way to disable that command?
21:40 Tanta salt -E 'mycompany.environment:(development)' test.ping
21:40 dendazen where i define
21:40 dendazen production/init.sls
21:40 babilen dendazen: Which matcher are you using in your top.sls ?
21:40 babilen And where do you set mycompany.environment ?
21:40 dendazen a grain
21:40 dendazen production for the box
21:40 babilen A grain, sure .. pesky grains
21:40 Tanta zilion, you can configure the master to disable file uploads
21:41 Tanta but salt-call is necessary for minions for many other functions
21:41 dendazen like this : mycompany.environment: grains.present: - value: production
21:41 Tanta that's the primary binary installed when you install the salt-minion package
21:41 babilen dendazen: If you want to match grains you want "match: grain" and/or "-C 'P@mycompany.environment:(backtesting|development|nextgen|production|uat)''" (cli)
21:41 dendazen oh cool
21:42 dendazen that would work
21:42 dendazen Thanks.
21:42 babilen dendazen: You might want to read https://docs.saltstack.com/en/latest/topics/targeting/compound.html and the rest of https://docs.saltstack.com/en/latest/topics/targeting/index.html
21:42 dendazen Cool, thank you.
21:42 ZiLi0n Tanta thanks, yeah I would like to use fileupload, but only when the uploads are requested from the master. I don't like the idea that a minion can upload files without being requested by the master, the minion can be compromised.
21:43 dendazen i mean i did all these before, it's just was 2 years ago and honestly forgotten.
21:43 Tanta you can use a whitelist configuration
21:43 babilen dendazen: You can also provide that data in pillars if you don't want to save it on the minions in a distributed fashion *and* if you cannot trust your minions (they can lie about grains)
21:43 Tanta read up on it at https://docs.saltstack.com/en/latest/ref/file_server/all/salt.fileserver.minionfs.html, it has a lot of useful info
21:45 dendazen Thank you, it worked.
21:45 srinivas joined #salt
21:45 babilen yay
21:47 ZiLi0n Tanta thank you, it seems there is not states for cp, cp can only be triggered from the cli
21:47 dendazen I will read about it, now I have an employeed who does systems and salt, not me anymore, I just needed it so I can get the list of servers, I will pass him all the links you provided. Apparently he is not doing great job, as he couldn't give me command to list all the servers in particular environment, and I was arguing him, that when i did setup salt 2 years ago i bet there was a way to do it, so i came here and asked you guys, Thanks
21:47 dendazen help.
21:48 dendazen Do not like people when they affirmitively state something without checking first.
21:49 antpa joined #salt
21:50 denys joined #salt
21:51 shaggy_surfer joined #salt
21:53 amcorreia joined #salt
21:54 Taz__ joined #salt
21:58 garphy joined #salt
22:01 ahammond dendazen, configuring server environment by grain is a security no-no, IMHO. Better to either go with semantic names (ugly and horrible but common practice, apparently) or use nodegroups on your salt master.
22:02 dendazen yeah, 2 years ago i did that, i remember there was some security concerns at the time
22:02 dendazen but somehow was easier for me.
22:02 quasiben1 I see that external_auth can use groups for auth, can client_acls also use groups ?
22:02 dendazen and i am not saying it was/is a rigth solution.
22:02 ajw0100_ joined #salt
22:03 brianfeister joined #salt
22:03 brianfei_ joined #salt
22:05 fyb3r1 left #salt
22:05 ZiLi0n Tanta thanks I looked at the minionfs backend. For the use case I have for SaltStack I don't like the idea of minions being able to upload files one to another. So I guess that using file_recv but not configuring minion as a backend that won't be allowed correct? (only to the master as we discussed)
22:09 bhosmer joined #salt
22:11 eliasp joined #salt
22:12 bujordan joined #salt
22:15 bujordan joined #salt
22:17 toastedpenguin joined #salt
22:17 t0m0 joined #salt
22:17 snowwolf joined #salt
22:17 toastedpenguin joined #salt
22:17 edrocks joined #salt
22:21 netcho joined #salt
22:28 bujordan joined #salt
22:35 ZiLi0n Hello everyone, I am playing with saltmod, and in the docs there is a state that reboots all minions and then wait_for_reboots (salt.wait_for_event). I am using salt-run state.orchestrate to run that saltmod state. The hosts are reboot, but I though that the salt-master would wait for the minions to come back... but the salt-master finished with error instead... Is there a way to cleanly wait for the minions to come back and then continue appl
22:35 flowstate joined #salt
22:38 ZiLi0n I though that could be done with orchestration.
22:40 gtmanfred i do not believe there is a way to do exactly that unfortunately
22:40 gtmanfred the reboot and disconnect from the master is going to cause a problem in the waiting step...
22:40 gtmanfred would be neat to add like a retry feature
22:40 gtmanfred that lets something retry every 30 seconds, for a test.ping or something before it gets marked as failure after 5 minutes or something
22:40 ZiLi0n I asked this same question few times here, sorry :), can't find my notes. I think one solution was to develop a runner doing a loop waiting for the minion
22:41 gtmanfred yeah
22:41 ZiLi0n gtmanfred exactly
22:41 gtmanfred that would be the next best thing
22:41 ZiLi0n it would be fantastic
22:41 ZiLi0n but can a runner be triggered from a state?
22:41 gtmanfred i will look at it, but i can't promise anything for a bit... wrapping up stuff at my current employer before I go to salt :P
22:41 gtmanfred it can! kind of
22:41 gtmanfred it can be triggered from a module
22:42 ZiLi0n mmm what would be awesome is triggered it from a states, then a same state can run config, reboot, more config, another reboot like all in a row!
22:42 gtmanfred https://github.com/saltstack/salt/blob/develop/salt/modules/saltutil.py#L953
22:44 gtmanfred i know in mistral on openstack you can do that retry step, with a delay between retries
22:44 gtmanfred that would be neat to have in runners
22:44 berserk joined #salt
22:44 ZiLi0n yep
22:45 ZiLi0n there is a wait_for_event in the orchestrator which seems to wait for reboot but it does not work for me though
22:45 ZiLi0n gtmanfred https://docs.saltstack.com/en/latest/ref/states/all/salt.states.saltmod.html look at the example at the end
22:46 gtmanfred but i also know mistral uses kombu/celery, and it is super easy to kick off the jobs in that with the .retry numebr and the .default delay time or whatever
22:46 gtmanfred oh neat
22:47 gtmanfred i would want something like
22:47 gtmanfred - success:
22:47 gtmanfred meh
22:47 gtmanfred and then like, do a test.ping, and retry 30 times, with a 30 seconds delay between each time, or something
22:47 gtmanfred but yeah
22:50 ZiLi0n gtmanfred yep, that would be really useful.
22:51 ZiLi0n wait_for_event seems to be similar, but not sure why it does not work
23:00 gtmanfred yeah, i will have to look into it later, i have checked out for the day
23:01 gtmanfred i recommend checking the issues on github, and opening one if you don't see anything
23:03 bhosmer joined #salt
23:10 baweaver joined #salt
23:10 berserk joined #salt
23:18 joe_n joined #salt
23:29 perfectsine joined #salt
23:34 berserk joined #salt
23:37 flowstate joined #salt
23:37 bujordan joined #salt
23:42 higuita joined #salt
23:45 rawzone joined #salt
23:46 berserk joined #salt
23:50 cliluw joined #salt
23:54 brianfeister joined #salt
23:55 Aleks3Y joined #salt
23:57 bhosmer_ joined #salt
23:58 chrismoos joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary