Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2016-04-18

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:04 subsignal joined #salt
00:06 spuder joined #salt
00:10 iceyao joined #salt
00:17 akhter joined #salt
00:19 spuder_ joined #salt
00:26 hightekvagabond joined #salt
00:34 bltmiller joined #salt
00:36 newjersey joined #salt
00:36 teatime joined #salt
00:39 bltmiller joined #salt
00:40 newjersey joined #salt
00:42 spuder joined #salt
00:46 aqua^c joined #salt
00:50 aqua^l joined #salt
00:57 bstaz joined #salt
00:57 TyrfingMjolnir joined #salt
01:02 moy joined #salt
01:02 blue0ctober joined #salt
01:05 ninjada joined #salt
01:06 subsignal joined #salt
01:06 bstaz joined #salt
01:11 abednarik joined #salt
01:20 ToeSnacks joined #salt
01:22 donmichelangelo joined #salt
01:29 catpigger joined #salt
01:30 ebookclic joined #salt
01:30 spuder_ joined #salt
01:30 mattl joined #salt
01:32 quasiben joined #salt
01:33 brianfeister joined #salt
01:35 iceyao joined #salt
01:36 iceyao_ joined #salt
01:37 flowstate joined #salt
01:40 bVector joined #salt
01:41 akoumjian joined #salt
01:46 linjan joined #salt
01:46 mapu joined #salt
01:46 jeffspeff joined #salt
02:15 pcdummy joined #salt
02:15 pcdummy joined #salt
02:20 quasiben joined #salt
02:27 kshlm joined #salt
02:28 iceyao joined #salt
02:31 akhter joined #salt
02:33 cpowell joined #salt
02:35 flowstate joined #salt
02:37 onlyanegg joined #salt
02:39 quasiben joined #salt
02:39 txmoose joined #salt
02:50 ramteid joined #salt
02:55 renoirb joined #salt
03:20 favadi joined #salt
03:21 brianfeister joined #salt
03:22 evle joined #salt
03:35 flowstate joined #salt
03:39 7JTAAPGFS joined #salt
03:39 M-MadsRC joined #salt
03:42 mosen joined #salt
03:45 brianfeister joined #salt
03:52 racooper joined #salt
03:56 aqua^c joined #salt
04:13 subsignal joined #salt
04:18 sjmh joined #salt
04:22 sjmh joined #salt
04:29 onlyanegg joined #salt
04:35 qman__ joined #salt
04:45 stooj joined #salt
04:51 _beardedeagle joined #salt
05:01 kawa2014 joined #salt
05:04 stooj joined #salt
05:05 hightekvagabond joined #salt
05:05 arif-ali joined #salt
05:20 rdas joined #salt
05:23 iceyao joined #salt
05:24 akhter joined #salt
05:24 brianfeister joined #salt
05:31 msn joined #salt
05:34 flowstate joined #salt
05:38 dmaiocchi joined #salt
05:38 jhauser joined #salt
05:51 jerredbell joined #salt
05:52 bltmille_ joined #salt
05:52 punkoivan joined #salt
05:52 MeltedLux joined #salt
05:58 josuebrunel joined #salt
06:04 ninjada_ joined #salt
06:05 gtaylor joined #salt
06:09 dyasny joined #salt
06:14 Miouge joined #salt
06:15 subsignal joined #salt
06:15 colttt joined #salt
06:29 MikaT joined #salt
06:30 hasues joined #salt
06:35 cpowell joined #salt
06:43 ninjada joined #salt
06:44 toastedpenguin joined #salt
06:45 yuhlw joined #salt
06:45 toastedpenguin joined #salt
06:48 twork_ joined #salt
06:48 rdas joined #salt
06:51 twork_ i have a pillar of users, where some have 'password' set, while other don't have it present.
06:52 ggoZ joined #salt
06:52 twork_ ...and i can't figure out how to, e.g., 'if pillar.get user ; do nothing ; else [ do other stuff]'
06:53 twork_ er rather, 'if pillar.get user:password...'
06:54 hemebond1 twork_: Are you looping through the users?
06:54 twork_ yeah, that's the goal
06:54 hemebond1 {% if user.pass %}
06:54 hemebond1 or  password
06:54 hemebond1 http://jinja.pocoo.org/docs/dev/templates/#if
06:55 babilen or {% if user.pass is defined .... %}
06:55 twork_ derni, i *thaught* that was the way, but for some reason, what i've been doing isn't... well, ok, i should have said i'm trying to do this at the shell
06:55 dkrae joined #salt
06:56 AndreasLutro {% if user.pass %} will fail if the "pass" key isn't set for the user
06:56 twork_ but that may be my problem
06:56 AndreasLutro either use if defined like babilen mentioned, or {% if user.get('pass') %}
06:57 fracklen joined #salt
06:57 twork_ thanks. yeah... i've been going at this the wrong way.
07:03 fracklen joined #salt
07:14 akhter joined #salt
07:15 twork_ i still wish i could do this at the command line though. any tips for that?
07:15 MikaT joined #salt
07:15 babilen twork_: Could you elaborate on that?
07:19 twork_ babilen: i'm going to be handed a pillar file...
07:20 twork_ ...made up of account definitions. in most of them, the 'password:' field is going to be missing.
07:21 alxchk joined #salt
07:21 twork_ what i'd like to do, is make a new (or merged, or whatever) pillar file with password fields for all those accounts.
07:22 twork_ i thought this was going to be trivial, but i'm missing something basic i think
07:23 dkrae joined #salt
07:26 bluenemo joined #salt
07:32 i90rr joined #salt
07:33 twork_ so for instance... if i could loop over 'salt "minion" pillar.get users:*:password' ...and if there's field there do nothing, and if that draws an error, call my password auto-generation routine...
07:33 twork_ but that's obviously wrong
07:34 twork_ because 'users:*' doesn't work at the command line
07:34 twork_ i could *swear* i've seen that construction somewhere though, or something similar... bu it's been a long few days
07:36 flowstate joined #salt
07:37 impi joined #salt
07:37 yuhlw joined #salt
07:38 twork_ come to think of it, what i should have said to begin with, is that i'm not so much looking to write a state, as i am automating generation of a pillar file, using a partially flled-in existing pillar to start from.
07:39 toastedpenguin joined #salt
07:40 twork_ the state, i alrady have
07:43 slav0nic joined #salt
07:43 harkx joined #salt
07:44 garphy joined #salt
07:45 dgutu joined #salt
07:46 JohnnyRun joined #salt
07:47 ivanjaros joined #salt
07:47 lero joined #salt
07:47 twork_ even if i just had a good way, at the command line, to get back only the headers of the pillar and filter out everything below, i could work with that. so, just 'larry moe curly' instead of 'larry: foo: 1 bar: 3 moe: this: 4 that: 5...
07:52 twork_ ...ooh... maybe the '--out' option to salt(1) points me in the right direction...
07:53 dgutu joined #salt
07:55 impi joined #salt
07:55 ashwin joined #salt
07:58 Guest79 joined #salt
08:02 Muchoz joined #salt
08:03 ninjada joined #salt
08:05 twork_ ...nope. :(
08:07 s_kunk joined #salt
08:09 upb joined #salt
08:14 Rumbles joined #salt
08:16 AndreasLutro you could do pillar.get users --out json and parse the json with jq or something
08:17 subsignal joined #salt
08:18 ashwin left #salt
08:19 ronnix joined #salt
08:22 kbaikov joined #salt
08:23 bdrung_work joined #salt
08:25 josuebrunel joined #salt
08:26 dyasny joined #salt
08:31 rrei joined #salt
08:32 rrei good day everyone
08:32 sorcerer joined #salt
08:33 rrei has anyone ever tried more than one level of sls files within a directory?
08:33 rrei I mean, a subdir within a subdir
08:34 rrei I'm trying to do this for two levels and using relative includes and requires
08:34 rrei but it complains that it can't find the sls
08:34 rrei not on the include, but on the require
08:35 flowstate joined #salt
08:35 rrei I have "include: - .something" at the top, then "require: - sls: .something" in a state
08:36 rrei and something.sls is nested two levels deep under the file root
08:36 rrei e.g. /srv/salt/foo/bar/something.sls
08:38 rrei and if i write out the include and require as absolute then it works fine
08:38 rrei I suppose this is a bug in the implementation of relative includes/requires
08:38 rrei which only deals correctly with one level of directory nesting
08:39 MadHatter42 joined #salt
08:39 N-Mi joined #salt
08:43 Guest79 joined #salt
08:45 AndreasLutro rrei: is it the require or the include that fails?
08:46 EvaSDK joined #salt
08:46 EvaSDK joined #salt
08:46 rrei it's the require
08:46 rrei the include does seem to work correctly
08:46 AndreasLutro I'd guess relative slss only work with includes
08:46 AndreasLutro regardless of the number of subdirectories
08:46 AndreasLutro err
08:46 AndreasLutro don't work with requires
08:47 AndreasLutro no nevermind I said it right the first time
08:47 * AndreasLutro coffee
08:47 rrei :D
08:47 rrei well, it's a shame that relative paths are not really well supported in salt... :(
08:48 dayid joined #salt
08:48 dayid joined #salt
08:49 CeBe joined #salt
08:49 rrei that and the global namespace for states... I don't understand those decisions
08:50 rrei seems to me like it's begging to have proper namespacing and relative paths
08:50 twork_ i use the 'users' pillar all the time. "users:joe:home" for instance. but for the life of me, i can't figure out how (at the command line) to refer to just "user:joe" ...if that makes sense.
08:51 rrei pillar.get user:joe ?!?
08:51 rrei not sure i got the question right
08:52 twork_ that returns a subset of the pillar
08:52 twork_ what i want is just 'joe' ...rather, all the immediate entries just under 'users'
08:52 twork_ if that made any more sense...
08:52 AndreasLutro it didn't
08:53 twork_ shit, i gotta go make a web page. biab.
08:58 garphy joined #salt
09:02 antpa joined #salt
09:03 invalidexception joined #salt
09:06 twork_ https://gist.github.com/mjinks/6f648cf3a6a40b07a9785c24ca7afc6b
09:08 AndreasLutro still doesn't make sense
09:08 AndreasLutro to me at least
09:08 twork_ can't say i blame you
09:08 twork_ let me try again
09:09 AndreasLutro oh wait you asked this earlier, you want something like pillar.get users:*:thing
09:09 AndreasLutro right?
09:09 AndreasLutro you'd probably have to write a custom module or do external processing for that
09:09 twork_ yes
09:09 twork_ crud
09:10 brianfeister joined #salt
09:10 twork_ really, there's no way to say, "loop over only the first layer down of a tree"?
09:11 twork_ (the thin:*:otherthing business was indeed me, but i'm trying a different way)
09:12 twork_ here's the task:
09:12 AndreasLutro sure there is, if you're in a jinja template or something
09:12 AndreasLutro but if you just want to do it on the console, there's no 1-liner to do it
09:13 twork_ hm, ok
09:14 rrei you could use a jinja loop
09:14 rrei {% for user in salt.pillar.get("users").iterkeys() %}
09:15 twork_ the pisser is, i could do it easy in shell, if i could just figure out a way to filter the output of 'pillar.get'
09:15 rrei if you need access to other user data you can use iteritems() instead
09:15 rrei {% for user, user_data in salt.pillar.get("users").iteritems() %}
09:16 twork_ i think iterkeys may be what i've been missing
09:16 DanyC joined #salt
09:16 CeBe joined #salt
09:16 twork_ i'm still real green on jinja
09:16 AndreasLutro just think of it as python
09:17 twork_ i do, and yet... [clink]
09:17 twork_ [whirr whirr whirr whirr]
09:17 rrei yes, it's very python-like
09:17 rrei and it's well documented
09:21 CeBe joined #salt
09:22 watersoul joined #salt
09:22 twork_ rrei: that may have been just the cheat i needed. makes perfect sense but i never would have gotten there on my own.
09:23 twork_ thanks.
09:23 rrei ;)
09:23 rrei with great power comes great responsibility! don't overuse jinja! :D
09:24 fracklen joined #salt
09:24 rrei your sls files can become a mess to read if you add too much logic
09:24 rrei in this case i'd say you're safe
09:24 twork_ yeah... you're talking to a guy who's tried to untangle a few of others' jinja nightmares
09:25 rrei :D
09:25 twork_ may be part of what's turned me away from the whole thing
09:25 keimlink joined #salt
09:27 AndreasLutro for just iterating layers of a dict it's fine
09:27 twork_ there are a few common idioms that i still don't grasp... rather, that i've had explained to me more than once, made sense at the time, and *phweet* out the other ear they went
09:28 toastedpenguin joined #salt
09:28 twork_ oh well!
09:30 fracklen joined #salt
09:31 twork_ okay, one other thing, that i haven't done yet:
09:32 twork_ i'm used to, [get some pillar] -> [churn it through some jinja] -> [put it on the minion]
09:33 twork_ but what i need to do now, instead, is save the output of the jinja stage into a fresh pillar file
09:34 twork_ seems basic enough and yet
09:34 flowstate joined #salt
09:34 twork_ wait, no, i think the wheels may be coming unstuck. n/m.
09:35 rrei I'm not sure how exactly to do that, but from what i remember you should be able to do that with salt mine perhaps
09:35 twork_ i don't need to do any mining (if i follow you). this is a one-time thing.
09:35 fracklen joined #salt
09:36 rrei https://docs.saltstack.com/en/latest/topics/mine/ -> "The Salt Mine is used to collect arbitrary data from Minions and store it on the Master."
09:36 fracklen joined #salt
09:37 twork_ yeah, this isn't on a minion yet. i already have the data collected; all i need to do is massage it into pillar format.
09:38 twork_ might be time for the master to salt itself.
09:39 rrei you have the data in what format? python? json?
09:39 rrei remember that you can use jinja in pillar files as well
09:40 rrei and salt extends jinja with a couple of filters that may help you
09:40 twork_ format: a flat list
09:40 rrei a python list, right?
09:40 rrei you can use the |yaml filter
09:40 rrei {{ mylist|yaml }}
09:41 rrei I'm not sure this works, but it should in principle
09:43 twork_ hm. yet another... never mind. anyhow the task is: big pillar full of user account definitions; no passwords in them; auto-generate passwords (semi-random, i have the script for that), and save the hashed strings from the passwords into the users: [user]: password: fields
09:44 twork_ ...it sounded so simple...
09:46 Muchoz joined #salt
09:57 antpa joined #salt
09:58 ronnix joined #salt
10:09 dezet joined #salt
10:09 dezet left #salt
10:16 dmaiocchi joined #salt
10:19 subsignal joined #salt
10:23 rrei yeah, i started using salt recently and i'm finding too many things that should be simple and are NOT at a all
10:25 rrei seriously considering moving to another tool... it's a pity, salt has lots of great things but it's easy to find serious design flaws too
10:25 hemebond1 Oh?
10:26 Guest65995 joined #salt
10:26 hemebond1 twork_: What's not working?
10:27 rrei requires for starters. I'm trying to require an sls which is in a nested directory and it's not working
10:27 rrei then there's the lack of namespacing
10:27 hemebond1 rrei: Can you paste your state?
10:27 rrei sure
10:27 rrei give me a second
10:28 hemebond1 And directory listings too.
10:28 pfallenop joined #salt
10:28 hemebond1 So I can see where your files and states live.
10:29 AndreasLutro rrei: I think it would be easy to implement if someone asked for it, but both relative sls names and sls requires are considered bad practice so it's probably not been prioritised
10:29 hemebond1 Oh, trying to require an SLS, not a state?
10:33 flowstate joined #salt
10:34 dendazen joined #salt
10:34 rrei https://gist.github.com/rrei/d40acef61917846a69b54b0d2eecc37f
10:34 rrei yes, an sls
10:35 rrei can you elaborate why relative names and requires are bad practice?
10:35 hemebond1 well, as AndreasLutro mentioned, you don't require an SLS, you require other states and packages, etc.
10:35 rrei you can require sls files too
10:35 hemebond1 Really?
10:35 hemebond1 Oh yeah...
10:35 rrei if the functionality worked of course
10:35 hemebond1 Really?
10:36 AndreasLutro you can, and it works (kinda), just not with relative sls names
10:36 rrei yeah, "require: - sls: myslsfile"
10:36 hemebond1 Huh, for some reason I thought that was for an entire state, not a file.
10:36 cpowell joined #salt
10:36 rrei you can see some examples throughout the docs
10:37 rrei https://docs.saltstack.com/en/latest/ref/states/requisites.html#require-an-entire-sls-file
10:41 rrei my "creative" use of {{ sls }} and {{ sls_parent }} in the files is to mitigate the lack of state id namespacing and relative requires (since relative *includes* apparently work)
10:42 rrei anyway, if anyone can spot an error on my files, please do tell :)
10:43 rrei I would also really like to hear why relative paths are bad, because I'm really not seeing any reason at this moment
10:43 hemebond1 I'm surprised includes work with periods in the ID declaration.
10:43 hemebond1 These "paths" look absolute to me. Are they not?
10:44 rrei dots are magically replaced with forward slashes, a la python imports
10:44 hemebond1 Sure, but your ID declaration has periods.
10:44 hemebond1 I guess it doesn't matter.
10:44 rrei so what? id declarations have nothing to do with sls file references, right?
10:45 hemebond1 Well that's right.
10:45 rrei besides, the stateconf renderer uses dots and even colons in the state ids it generates
10:53 hemebond1 Hmm, seemed to work for me. I'm running 2016.3.0rc2
10:53 hemebond1 So maybe it was a regression.
10:54 hemebond1 Oop, looks like I fell offline.
10:55 blaman joined #salt
10:55 hemebond joined #salt
10:56 blaman is there a salt state to change container network settings? according to this https://github.com/saltstack/salt/issues/19081#issuecomment-67972000 there should be
10:56 saltstackbot [#19081]title: lxc: salt is erroneously merging lxc config parameters with the same name | LXC config can contain multiple parameters with the same name....
10:56 rrei it worked?!?
10:56 rrei wth
10:56 hemebond I'll paste my test, perhaps I've missed something.
10:56 rrei I'm running on salt-ssh 2015.8.8
10:57 hemebond rrei: http://paste.debian.net/438950/
10:58 Miouge joined #salt
10:58 rrei yes, it works for me too like that, I thought you tried my exact sls files
10:58 hemebond Sorry, no. I can try that now.
10:58 hemebond Any chance you can put together a smaller test?
10:58 rrei the main difference (i suppose) is that i have two levels of sls file nesting
10:59 hemebond Okay, I'll try that.
10:59 rrei sure
10:59 rrei I'll just comment out all the packages
10:59 rrei and leave just one
10:59 rrei gimme a sec
10:59 brianfeister joined #salt
10:59 thehaven_ joined #salt
10:59 SpX joined #salt
11:00 hemebond Okay it failed with another level.
11:00 notnotpe_ joined #salt
11:00 mohae joined #salt
11:00 hemebond Sorry, it failed because I goofed.
11:00 Eureka70_ joined #salt
11:00 kmkramer71 joined #salt
11:01 Arendtse1 joined #salt
11:01 toddnni_ joined #salt
11:01 hemebond Still works with two levels.
11:02 Miouge joined #salt
11:02 rrei I'm probably doing something silly then
11:02 hemebond Hmm. Your shared.supervisor.main is essentially empty except a couple of includes.
11:02 chamunks joined #salt
11:02 hemebond That sounds familiar.
11:02 lkannan_ joined #salt
11:02 OliverMT_ joined #salt
11:02 serverascode_ joined #salt
11:03 shawnbutts_ joined #salt
11:03 patrek_ joined #salt
11:03 gadams_ joined #salt
11:03 hacfi_ joined #salt
11:04 johtso_ joined #salt
11:04 Karunamon|2 joined #salt
11:04 dober- joined #salt
11:04 rome_390_ joined #salt
11:04 keekz_ joined #salt
11:04 ]V[_ joined #salt
11:04 sk_0_ joined #salt
11:04 rmnuvg_ joined #salt
11:04 v0rtex_ joined #salt
11:04 arapaho_ joined #salt
11:04 stbenjam_ joined #salt
11:04 smkelly_ joined #salt
11:04 murkey_ joined #salt
11:04 futuredale_ joined #salt
11:04 eliasp_ joined #salt
11:04 rrei yes, that may be it
11:04 CaptTofu_ joined #salt
11:04 MindfulM- joined #salt
11:04 whyteaway joined #salt
11:05 mariusv_ joined #salt
11:05 rsys_ joined #salt
11:05 jasondotstar_ joined #salt
11:05 abele_ joined #salt
11:05 carmony_ joined #salt
11:05 unusedPhD_ joined #salt
11:05 atmosx_alt joined #salt
11:05 rrei i recall now seeing someone mention that files containing only includes do not work
11:05 rrei https://gist.github.com/rrei/d40acef61917846a69b54b0d2eecc37f
11:05 rubenb_ joined #salt
11:06 kiorky joined #salt
11:06 liqw joined #salt
11:06 hemebond I got an error by changing main.sls to just an include.
11:06 Valfor joined #salt
11:06 aurynn joined #salt
11:06 Valfor joined #salt
11:06 dustywusty joined #salt
11:06 jwon joined #salt
11:06 marcinkuzminski joined #salt
11:06 antonw joined #salt
11:06 antonw joined #salt
11:06 rrei okay, I'll see if this goes away by adding one state to my shared/supervisor/main.sls
11:07 jfindlay joined #salt
11:07 hemebond There is no actual state in main.sls if it's just includes.
11:07 hemebond I added something to my main.sls and now it works again.
11:07 izrail joined #salt
11:08 hemebond I made a bung state in main.sls and it threw this error for the require:
11:08 hemebond One or more requisite failed: test.foo.main.testingmyfix
11:08 hemebond So requiring an SLS is really requiring the states inside it.
11:09 etw joined #salt
11:09 nahkiss joined #salt
11:10 hemebond https://github.com/saltstack/salt/issues/10852
11:10 saltstackbot [#10852]title: requiring sls file containing only includes fail | I have the following file structure:...
11:10 basepi joined #salt
11:10 copelco joined #salt
11:10 hemebond rrei: ^
11:11 amcorreia joined #salt
11:11 saltsa joined #salt
11:12 antpa joined #salt
11:13 wiqd joined #salt
11:13 ashb joined #salt
11:14 rrei yeah, you're right
11:14 rrei I'm sure I read that somewhere but forgot about it... my bad
11:15 Salter joined #salt
11:15 hemebond I suspect I only remembered it because I recently browsed issues.
11:16 M-MadsRC joined #salt
11:16 TyrfingMjolnir joined #salt
11:16 teatime joined #salt
11:17 M-liberdiko joined #salt
11:17 Niamkik joined #salt
11:18 goki joined #salt
11:18 baffle joined #salt
11:19 Salter Hello guys
11:19 Salter how can i state a branch when pulling from git at an sls file?
11:20 bluenemo joined #salt
11:21 rrei git.latest:
11:21 rrei - name: url/to/repo
11:21 rrei - branch: mybranch
11:21 rrei is this it?
11:22 rrei https://docs.saltstack.com/en/latest/ref/states/all/salt.states.git.html#salt.states.git.latest
11:22 spaceSub joined #salt
11:22 rrei hemebond: thanks a lot for your time and patience
11:22 rrei I still couldn't verify that it works for my case because I'm rebuilding the vms, but it really seems that the problem lies in the include-only file
11:23 brianfeister joined #salt
11:23 rrei thanks a lot
11:23 gtaylor joined #salt
11:24 CaptTofu_ joined #salt
11:25 Seanie joined #salt
11:25 Seanie OK
11:26 patrek joined #salt
11:30 Horgix joined #salt
11:31 packeteer joined #salt
11:32 eightyeight joined #salt
11:32 analogbyte joined #salt
11:33 hemebond rrei: What if you use Jinja includes instead of SLS include?
11:34 Guest79 joined #salt
11:36 blaman how do I add a mountpoint to an lxc container?
11:39 williamthekid joined #salt
11:40 Seanie Hey guys
11:41 Seanie Using beacons + reactor to send a hipchat message when there is a change in a service but its not running the sls. Im getting this error AttributeError: 'ReactWrap' object has no attribute 'hipchat'
11:42 antpa joined #salt
11:42 Seanie Here is a full trace http://pastebin.com/Y380QXNZ
11:44 Seanie Here is versions report. http://pastebin.com/82TNj27t
11:45 evle joined #salt
11:49 abednarik joined #salt
11:51 whatevsz joined #salt
11:54 flowstate joined #salt
11:58 flowstate joined #salt
11:59 blaman why doesn't lxc.running support require: ?
11:59 blaman is there another way to make it work?
12:01 colttt joined #salt
12:03 Miouge joined #salt
12:03 hemebond rrei: For what it's worth, using Jinja includes seems to work fine.
12:03 antpa joined #salt
12:03 hemebond Not entirely sure if it will work with your use of variables though.
12:10 ggoZ joined #salt
12:11 chbiel joined #salt
12:12 Guest79_ joined #salt
12:13 abednarik joined #salt
12:15 josuebrunel joined #salt
12:16 ferbla joined #salt
12:17 chbiel hi guys, I am stuck for days at the following problem: I try to install icinga2-client on a maschine and add it to the master automatically. after finding a way to execute a command on another minion and parse the result i now have an error that I dont understand...I hope someone can help :) state, and error can be found here: https://gist.github.c
12:17 chbiel om/chbiel/585625be2632619fca128738c26c7fd7    I know there are some bad programming things in it but i want to get it working first ;);)
12:19 kows joined #salt
12:21 subsignal joined #salt
12:23 hemebond chbiel: Sounds like something for the Reactor.
12:26 hemebond The error indicates you're trying to access a list as if it's a dict.
12:28 chbiel hemebond: thanks for the reply! I will have a look at reactor system. Because the error seem to be fired by state.apply I would think that there is something coming out the SLS that do not fit in the normal execution of salt, right? so short: there is somewhere a list instead of a dict in the result
12:28 chbiel ?
12:29 hemebond Something might be returning a string, not even a list.
12:31 chbiel ok thanks. Then I have understood what i have to search for, thanks!
12:32 hemebond I see some of your config parts have nested dicts where perhaps they should have lists.
12:32 hemebond Though I've not used #!py so I don't know.
12:33 hemebond e.g., file.directory
12:33 antpa joined #salt
12:33 hemebond Should it not be a list of dicts like the pkg.installed one?
12:37 akhter joined #salt
12:38 fredvd joined #salt
12:41 newjersey joined #salt
12:42 crashmag joined #salt
12:43 inire joined #salt
12:44 josuebrunel joined #salt
12:45 dendazen joined #salt
12:46 sroegner joined #salt
12:47 subsignal joined #salt
12:47 antpa joined #salt
12:48 josuebrunel joined #salt
12:48 Muchoz joined #salt
12:51 wych joined #salt
12:54 toastedpenguin joined #salt
12:54 squishypebble joined #salt
12:57 toastedpenguin joined #salt
12:58 quasiben joined #salt
12:59 subsignal joined #salt
13:00 chbiel yes, i followed the instructions from salt page https://docs.saltstack.com/en/latest/ref/renderers/all/salt.renderers.py.html
13:01 chbiel there are several ways this can be estublished
13:01 rrei hi, i'm back
13:01 hemebond I read that page too, that's why I asked.
13:01 rrei hemebond: the problem with using jinja includes is that you'll get multiple states with the same id probably, no?
13:01 hemebond That page show a list of dicts under file.managed
13:01 rrei because they're literal includes
13:02 hemebond rrei: If you include the main.sls multiple times, yes.
13:04 chbiel i reformatted my code and i get futher now, thanks
13:04 hemebond :thumbsup:
13:04 chbiel there are more error but now there are more clear error messages ;)
13:05 rrei I'll try to make my code work with salt includes, I think they're preferable because you can include the same sls file multiple times and salt takes care of removing the duplicates
13:05 repl1cant joined #salt
13:06 apanek joined #salt
13:06 XenophonF joined #salt
13:09 teryx510 joined #salt
13:11 masterkorp Hello
13:12 teryx5101 joined #salt
13:12 XenophonF joined #salt
13:12 gh34 joined #salt
13:13 rrei hemebond: alright, I've finally tested and it seems to be working! :)
13:13 rrei hemebond: once again, thanks a bunch
13:13 rrei I thought I was going mad
13:13 rrei :D
13:13 hemebond Glad I could help :-)
13:14 masterkorp is the saltstack bootstrap website availble
13:14 masterkorp ?
13:14 masterkorp I don't seem to be able to fetch the script from bootstrap.saltstack.com
13:14 rrei crazy quirk this "no files consisting of includes only", but I can live with it
13:14 whatevsz_ joined #salt
13:15 rrei onward!
13:16 quix joined #salt
13:19 subsigna_ joined #salt
13:22 masterkorp now i can
13:22 masterkorp small hicup
13:24 numkem joined #salt
13:25 iceyao joined #salt
13:25 antpa joined #salt
13:27 mapu joined #salt
13:28 akhter joined #salt
13:31 cpowell joined #salt
13:32 ronnix joined #salt
13:34 Miouge joined #salt
13:36 ronnix joined #salt
13:37 protoz joined #salt
13:37 xMopxShell joined #salt
13:38 XenophonF joined #salt
13:39 XenophonF it would be much better if salt-cloud used userdata scripts to deploy minions on ec2 instances instead of salt-ssh
13:39 TooLmaN joined #salt
13:40 AndreasLutro well.. userdata is an aws specific thing, ssh is vps provider agnostic
13:40 XenophonF i know
13:40 XenophonF the problem is, i want to deploy minions that aren't SSH-accessible
13:41 XenophonF and there's no way to pass keying material into those minions in order to make the whole process of deploying those minions fully automatic
13:41 XenophonF and i would rather not set up VPNs or peering connections or additional masters
13:42 XenophonF at least on AWS, bootstrapping minions via userdata scripts would be ideal
13:42 AndreasLutro doesn't specifying userdata manually work?
13:42 XenophonF oh certainly
13:42 XenophonF except for minion key approval
13:42 ninjada joined #salt
13:42 XenophonF because there's no way to pass minion keying material via the userdata script like you can using the bootstrap script
13:43 XenophonF so i'm left echoing the minion key fingerprint to the system log, logging into the AWS console (or API) to retrieve it, verifying it, and accepting it
13:44 XenophonF i can automate this by parsing the system log, but it's ugly
13:44 XenophonF i dunno
13:44 XenophonF userdata is accessible by unprivileged processes on the EC2 instance, so maybe that isn't secure, either
13:44 Tanta joined #salt
13:46 XenophonF my immediate need stems from the fact that i have aws vpcs in multiple regions, and i want to avoid running multiple masters or setting up instances that handle vpns between my salt-master's vpc and these other vpcs
13:47 ivanjaros3916 joined #salt
13:48 XenophonF i don't know what's the best way to scale this out
13:49 XenophonF maybe the right thing to do is to put a master in each aws region
13:49 XenophonF and use vpc peering connections
13:50 AndreasLutro mm
13:50 AndreasLutro yeah minion key distribution is tricky
13:51 flowstate joined #salt
13:53 XenophonF it's where i'm stuck
13:53 XenophonF i dunno - the more i think about it, the more i'm warming to the idea of running multiple masters
13:53 XenophonF 1 per region
13:53 kaptk2 joined #salt
13:53 XenophonF i've got non-aws data centers, too
13:53 XenophonF that's all vmware
13:54 punkoivan joined #salt
13:54 XenophonF so one master per aws region/vmware vcenter might be my best solution
13:54 masterkorp left #salt
13:55 AndreasLutro salt docs mention something about distributing keys via s3 but I dunno how scalable that is
13:55 AndreasLutro seems like you'd need one IAM role per host to make that secure
13:55 XenophonF ouch
13:55 inire joined #salt
13:57 jerredbell joined #salt
13:58 nZac joined #salt
13:59 AndreasLutro http://blogs.aws.amazon.com/security/post/Tx610S2MLVZWEA/Using-IAM-roles-to-distribute-non-AWS-credentials-to-your-EC2-instances
13:59 AndreasLutro salt docs link to this
13:59 favadi joined #salt
14:00 ninjada joined #salt
14:00 XenophonF thanks i'll take a look
14:01 ronnix joined #salt
14:02 euidzero joined #salt
14:02 mohae joined #salt
14:03 SubOracle joined #salt
14:05 mpanetta joined #salt
14:09 johnkeates joined #salt
14:16 akhter joined #salt
14:17 tharkun joined #salt
14:21 akhter joined #salt
14:26 iamtew joined #salt
14:27 Fiber^ joined #salt
14:27 racooper joined #salt
14:27 favadi joined #salt
14:28 hasues joined #salt
14:29 antpa joined #salt
14:30 hasues left #salt
14:31 tuxx_ joined #salt
14:31 tuxx_ hey guys.. i'm trying to use the virtualenv state... has anyone used it before? it is constantly installing my modules as python2.7 packages rather than python3 packages... any ideas how i can force python3 onto salt.states.virtaulenv_mod.managed() ?
14:31 exxy joined #salt
14:31 exxy left #salt
14:33 rrei hey, does anyone know how I can see what is getting produced by the jinja renderer?
14:34 colegatron joined #salt
14:35 rrei I have an sls file that has some jinja in it and I want to see what's actually being produced by the jinja
14:35 rrei is there perhaps some utility to just run the jinja and return its output to the master?
14:39 stooj joined #salt
14:39 dayid rrei: not sure if it's what you're precisely looking for; but something a teammate pointed me too a little while ago:
14:39 dayid https://gist.github.com/SEJeff/4207694
14:40 averell joined #salt
14:44 ahammond joined #salt
14:44 nahamu left #salt
14:46 teryx510 joined #salt
14:47 AndreasLutro tuxx_: that state function has a "python" argument you should use
14:48 teryx5102 joined #salt
14:50 tuxx_ AndreasLutro: well it aparently still installed pip for python2.7
14:50 tuxx_ i set python to /usr/bin/python3 but it still does opt/virtualenv/django/bin/python2 /opt/virtualenv/django/bin/pip install ...
14:51 kshlm joined #salt
14:52 akhter_1 joined #salt
14:54 ronnix joined #salt
14:54 AndreasLutro tuxx_: well, this is my virtualenv state and it works fine with python3 https://bpaste.net/show/88cc68ff4dc7
14:54 spuder joined #salt
14:55 tuxx_ {{app.python_version}} being a full path to your python3?
14:56 AndreasLutro probably just "python3"
14:57 ninjada joined #salt
14:59 polishdub joined #salt
15:04 DammitJim joined #salt
15:05 pfallenop joined #salt
15:07 rrei dayid: it's not exactly what i was looking for, but thanks for the tip ;)
15:08 berserk joined #salt
15:08 seglo joined #salt
15:08 rrei I was looking for something along the lines of "salt minion jinja.render myslsfile"
15:08 rrei if that existed of course
15:08 AndreasLutro for state files you can do state.show_sls
15:08 AndreasLutro closest there is
15:09 seglo i've been having difficulting this morning with the bootstrap script downloading the necessary deps for centos 7.1.  specifically the epel lib.  i think this is more of a RH issue than salt, but i'm kind of stuck.  has anyone else been having this problem?
15:09 rrei I know, but that shows the output already processed by salt, and I wanted to see exactly what comes out of jinja
15:09 rrei with whitespace and everything
15:10 XenophonF seglo: are you encountering a specific error message or something?
15:10 ronnix_ joined #salt
15:10 jfindlay rrei: this doesn't only answer your question, but you can try state.show_sls
15:10 XenophonF i never got around to installing emperor norton's utilities on my pc, so my copy of windows here doesn't have a working extrasensory transport protocol implementation
15:10 |Fiber^| joined #salt
15:11 akhter joined #salt
15:12 seglo XenophonF: yeah.  an error on the curl to get epel "* ERROR: Failed to run install_centos_testing_deps()!!! http://download.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm - transfer failed".  i checked and 7-5 is indeed not there, so i hacked it up to 7-6 which appears to be available, but i'm still having problems
15:13 XenophonF seglo: same error?
15:14 seglo XenophonF: yes.  although now it appears to be working with 7-6.  i guess it was a transient issue.
15:15 XenophonF weird
15:16 XenophonF looks like there's a PR to update the epel-release version already
15:16 XenophonF https://github.com/saltstack/salt-bootstrap/pull/810
15:16 saltstackbot [#810]title: Update epel-release version number | The new epel version breaks the vagrant salt provisioner, because it uses the bootstrap script.
15:16 jerredbell joined #salt
15:19 seglo XenophonF: cool.  i just watched it get merged ;)
15:24 rdas joined #salt
15:24 akhter joined #salt
15:25 XenophonF :)
15:28 brianfeister joined #salt
15:28 akhter_1 joined #salt
15:30 jfindlay I think bootstrap should be using the epel-release package
15:31 jfindlay that *should* work for all RHEL derivatives
15:34 sinonick joined #salt
15:37 antpa joined #salt
15:38 XenophonF yeah i was wondering why it didn't
15:42 akhter joined #salt
15:43 edrocks joined #salt
15:47 adelcast joined #salt
15:48 hightekvagabond joined #salt
15:49 adelcast left #salt
15:49 flowstate joined #salt
15:50 unusedPhD joined #salt
15:50 bltmille_ joined #salt
15:52 Eugene seglo - download.fedoraproject.org points to a load-balancer, which sends you to not-fedora-provided mirrors. I'm guessing you found one that was bunk but hadn't been killed by the balancer yet
15:53 Eugene epe-release-7-5 is what I'm seeing(from mirrors.syringanetworks.net) live on most; I think 7-6 just dropped today.
15:54 nZac joined #salt
15:56 Eugene Ah, it looks like they are stripping the old package from mirrors.... that'll cause lots of problems anywhere people have the rpm hardcoded :-/
15:56 antpa joined #salt
15:56 west575 joined #salt
15:59 onlyanegg joined #salt
16:00 spuder_ joined #salt
16:02 Eugene The "stable" way that I get epel-release is to mirror/symlink it as simply "epel-release.rpm", then `yum update` right afterwards
16:03 Eugene I suggest providing epel-release in the saltstack repo, for bootstrap's benefit. The package is signed, and shouldn't ever be a version conflict.... shouldn't be any gotchas
16:03 cro joined #salt
16:05 akhter Anyone use the pyobjects renderer
16:07 cyborg-one joined #salt
16:08 grumm_servire joined #salt
16:09 ronnix joined #salt
16:10 nate_c joined #salt
16:12 kevinquinnyo1 joined #salt
16:16 antpa joined #salt
16:20 blaman does lxc.started use lxc.wait_for_systemd?
16:20 amcorreia joined #salt
16:20 blaman sorry I meant lxc.wait_started
16:21 blaman actually, in the form of a general question anyone should be able to answer: where do I look up the implementation of the state lxc.running?
16:22 favadi joined #salt
16:22 AndreasLutro blaman: salt/states/lxc.py
16:23 mariusv joined #salt
16:24 blaman AndreasLutro: that was straightforward. thanks
16:27 terratoma joined #salt
16:27 XenophonF hm, i guess salt-cloud has to run on the master, doesn't it
16:27 ronnix joined #salt
16:30 impi joined #salt
16:31 terratoma joined #salt
16:31 iggy XenophonF: it can run anywhere really
16:31 akhter XenophonF: Should that matter?
16:31 akhter It should be able to run anywhere salt cloud is installed.
16:31 iggy the master is a common location
16:31 iggy as is "dev laptop(s)"
16:32 XenophonF well doesn't it modify the master's key database?
16:32 akhter Salt-key will yes.
16:32 AndreasLutro it'll skip doing it if salt can't find a master config I think
16:32 iggy if you use that functionality, then yes
16:32 AndreasLutro also calling it a database is very generous
16:32 XenophonF hah i know
16:33 XenophonF it's a key value store implemented in the file system!
16:33 akhter I really wish boto_ec2 made further improvements so we can do away with salt-cloud.
16:33 XenophonF there's a bunch missing from the boto_* states
16:34 XenophonF i still find myself having to provision stuff manually, like peering connections and nat gateways
16:34 akhter Not only that, most of those boto_* states are boto2.
16:34 akhter Which doesn't have many improvements thats needed (in my opinion) found in boto3.
16:35 XenophonF i've just recently started writing my own stuff, but using boto3
16:35 XenophonF haven't used the older version except indirectly
16:36 akhter Writing salt modules with boto3?
16:36 akhter Or just boto3 scripts in general?
16:36 XenophonF scripts in general with an eye to extending boto_vpc (for starters)
16:36 johnkeates joined #salt
16:36 XenophonF i didn't realize it used the older version
16:36 akhter I might do the same, make a new module for security group associations.
16:37 akhter It's great with boto_secgroup you can modify SG's on the fly but mapping which are associated to which instance/ELB/RDS etc... is a PITA.
16:38 XenophonF i've noticed
16:38 writtenoff joined #salt
16:38 XenophonF some of the states will lookup objects by name instead of ID, but there are gaps in that pattern
16:38 UtahDave joined #salt
16:38 akhter Which state for example?
16:39 akhter I don't know of any state that requires instance-ID, well I haven't used many boto_* modules.
16:42 punkoivan joined #salt
16:43 XenophonF i don't remember - and a quick look through the states doesn't turn anything up
16:43 XenophonF it was around 2015.5
16:43 XenophonF oh it was boto_rds
16:44 XenophonF the subnet_group_present state
16:44 XenophonF as well as the present state itself
16:45 akhter That's another issue actually, none of the modules "return" the id.
16:45 XenophonF gotta feed those subnet or security group IDs instead of relying on name lookups
16:45 XenophonF yeah
16:45 XenophonF gtg
16:45 XenophonF brb
16:46 wendall911 joined #salt
16:46 akhter_1 joined #salt
16:46 akhter_1 Strange, got disconnected.
16:47 akhter_1 XenophonF: Do you know of a way to feed infrastructure ID's into states?
16:48 AndreasLutro you could write an external pillar which fetches from aws api
16:52 ronnix joined #salt
16:52 antpa joined #salt
16:53 flowstate joined #salt
16:55 akhter joined #salt
16:57 ageorgop joined #salt
16:57 antpa joined #salt
16:58 ninjada joined #salt
17:00 antpa joined #salt
17:05 spuder joined #salt
17:10 squishypebble joined #salt
17:10 sparksa joined #salt
17:10 murrdoc joined #salt
17:12 sparksa a question for salt-cloud experts... if i write a custom deploy script, in what directory path does salt-cloud need it to be in (so it is found by the profile)
17:13 edrocks joined #salt
17:13 sparksa does it need to be in a specific place?
17:13 AndreasLutro I just specify the full path but let me check
17:14 sparksa thanks,   all the examples i've seen have just a base name, no extension or path
17:14 abednarik joined #salt
17:15 AndreasLutro there are a few pre-defined ones
17:16 AndreasLutro https://github.com/saltstack/salt/blob/2016.3/salt/utils/cloud.py#L2724-L2769
17:16 UtahDave sparksa: I think you can put it in   /etc/salt/cloud.deploy.d
17:16 AndreasLutro basically the "deploy" dir in salt's source code as well as /etc/salt/cloud.deploy.d
17:16 sparksa the https://salt-cloud.readthedocs.org/ docs link to a repo with some *.sh scripts, another page there uses no-path names, no .sh extension
17:16 johnkeates joined #salt
17:16 AndreasLutro and deploy_scripts_search_path
17:16 AndreasLutro readthedocs is old, don't use that
17:18 sparksa ok, also looked at https://docs.saltstack.com/en/latest/topics/cloud/deploy.html
17:19 sparksa was basically same thing, doesn't really define where the scripts go
17:19 AndreasLutro that could definitely use some elaboration
17:19 s_kunk joined #salt
17:21 one joined #salt
17:21 sparksa do you need the .sh extension?  assume that is implied in the profile script param, it calls out like F Fedora.shedora, but the script appears to be
17:23 sparksa try again, calls out Fedora as "script" param, but script appears to be named Fedora.sh
17:24 AndreasLutro I see nothing that removes extensions from the script name
17:24 AndreasLutro oh wait
17:24 AndreasLutro https://github.com/saltstack/salt/blob/2016.3/salt/utils/cloud.py#L136-L145
17:26 jesusaur joined #salt
17:32 pid1 joined #salt
17:32 sparksa ok, so according to that it looks for with and without the .sh.   whereever that search dir option defaults to
17:33 XenophonF back
17:33 XenophonF akhter: regarding feeding infrastructure IDs to states, i've had to pepper my state or pillar files with ID lookups
17:34 akhter XenophonF: I don't quite understand pepper, I never used it (if it's a tool), mind elaborating?
17:34 XenophonF e.g., `{{ salt['boto_rds.get_endpoint']('my-database-name') }}`
17:35 XenophonF oh it's an idiomatic expression in English, sorry
17:35 XenophonF there's some salt-related tool called pepper, as well, but i don't know what that does
17:36 sparksa deploy_scripts_search_path appears to default to cloud.deploy.d.   so will try that.
17:36 sparksa thx andreaslutro
17:38 Netwizard joined #salt
17:44 murrdoc joined #salt
17:46 selvaa joined #salt
17:49 Rumbles joined #salt
17:50 akhter joined #salt
17:53 rayli1107 joined #salt
17:53 ahammond joined #salt
17:54 rayli1107 Hi, question about salt... I want to run salt minions with multiple masters. Is it possible to add a new master IP address to a currently running salt minion without restarting the minion?
17:55 hightekvagabond joined #salt
17:57 baweaver joined #salt
17:57 iggy AndreasLutro: pillar_merge_lists work now? (I saw you on a ticket about it)
17:58 vivek joined #salt
17:58 UtahDave rayli1107: I'm pretty sure you have to restart the salt-minion when you modify its config
17:59 mapu joined #salt
17:59 AndreasLutro iggy: no idea, I'm not interested in using it
18:00 RedundancyD joined #salt
18:00 antpa joined #salt
18:00 cyborg-one joined #salt
18:00 Guest69881 hi
18:00 iggy so that's not you on https://github.com/saltstack/salt/issues/30809 ?
18:00 saltstackbot [#30809]title: Master configuration "pillar_merge_lists" has no effect | In 2015.8.4, "pillar_merge_lists" was introduced. It was erroneously set as the default behaviour until 2015.8.7, but even now, you can't seem to change it in the master configuration - changing it has no effect....
18:00 mapu joined #salt
18:01 AndreasLutro it is but I only fixed the default value
18:01 iggy fair enough
18:01 AndreasLutro I don't really care about the option having no effect and haven't tested it since
18:01 Guest69881 can someone pls tel me the order of how the minion id is selected.. as even after deleting the  rm -rf /var/cache/salt/* /var/run/salt/* /etc/salt/pki/* /etc/salt/minion_id
18:01 Guest69881 my minion is still refering to a name which is not defined anywhere
18:02 Guest69881 neither in the hoost file nor in the "/etc/sysconfig/network"
18:02 flowstate joined #salt
18:02 seglo what should the pkg.installed fromrepos parameter contain?  on centos there's a /etc/yum.repos.d with various repo's that can be accessed.  should fromrepos map to a filename in this directory?
18:02 Guest69881 is there any other location which i can check & clear that out
18:03 Guest69881 pls suggest
18:03 tvinson joined #salt
18:04 cpowell joined #salt
18:07 dyasny joined #salt
18:08 rmnuvg joined #salt
18:08 teatime Guest69881: by default, if you don't configure one, the minion_id will be based on `hostname --fqdn` which is based in part on the system hostname and in part on dns
18:09 teatime so, if your DNS isn't right, you should set it manually by creating /etc/salt/minion_id
18:09 Rumbles joined #salt
18:10 iggy https://github.com/saltstack/salt/blob/develop/salt/utils/network.py#L253
18:11 teatime seglo: presumably the same thing you'd pass to yum/dnf's --enablerepo= option; the repository name.  the part in in [brackets] in /etc/yum.repos.d/*
18:12 mr_chris What is the Salt equivalent for ChefSpec and Test Kitchen?
18:13 mr_chris Along that line of questioning, I'm having difficultly finding clear documentation on a Salt CI setup.
18:14 punkoivan joined #salt
18:14 seglo teatime: thanks.  the formula i'm using is doing this, and the repo is present, but i'm getting a generic "The following packages failed to install/update" error for pkg.installed when i use it
18:15 seglo ah, my _other_ version param was wrong, nevermind
18:16 seglo on the note of troubleshooting.  i use --log-level=debug but it doesn't give me much info for the issue i just had with pkg.installed
18:16 seglo is there any way to see stdout or an echo of the underlying command on the platform?
18:17 teatime it probably doesn't run a command, it probably uses a python module.  but you can always look at the code, not a bad habit to get into w/ salt.
18:17 teatime you can --log-level=debug on both the master and the minion, also.
18:18 seglo kk
18:23 akhter joined #salt
18:39 hightekvagabond joined #salt
18:42 edrocks joined #salt
18:43 subsignal joined #salt
18:44 racooper_ joined #salt
18:45 flowstate joined #salt
18:47 baweaver joined #salt
18:49 murrdoc joined #salt
18:50 akhter joined #salt
18:54 akhter joined #salt
18:56 antpa joined #salt
18:56 flowstate joined #salt
18:57 wych joined #salt
19:00 murrdoc SALT CONF BISHES
19:00 murrdoc WHO IS HERE
19:00 * murrdoc isnt
19:00 Rumbles joined #salt
19:02 ajw0100 joined #salt
19:02 beardedeagle joined #salt
19:04 beardedeagle joined #salt
19:04 Eugene Not me!
19:07 flowstate joined #salt
19:08 iggy Look for the biggest guy there with tattoos all over his arms... kick him in the nuts... tell him Iggy said hi
19:08 flowstate joined #salt
19:08 antpa joined #salt
19:08 josuebrunel joined #salt
19:11 baweaver joined #salt
19:12 lero joined #salt
19:13 ajw0100 joined #salt
19:18 kolle joined #salt
19:20 murrdoc joined #salt
19:24 lero joined #salt
19:25 bltmille_ joined #salt
19:31 murrdoc joined #salt
19:37 mr_chris iggy, I am a small guy with tattoos all over my arms. Are my nuts safe?
19:39 kingscott joined #salt
19:39 kingscott Does anyone know what type of traffic goes through ports 4505 and 4506?
19:40 mr_chris kingscott, AES encrypted zeromq connection.
19:41 kingscott Thanks.
19:41 mr_chris kingscott, https://docs.saltstack.com/en/latest/topics/tutorials/intro_scale.html
19:41 mr_chris publisher on port 4505. port 4506 receives the minions returns.
19:44 subsignal joined #salt
19:45 hightekvagabond joined #salt
19:46 iggy mr_chris: maybe? (I guess it all depends on perspective)
19:47 iggy just wear a shirt that says "I don't know Iggy, stay away from my nuts"
19:47 iggy just to be safe
19:47 iggy and lolz
19:47 mr_chris Noted. Thanks for the warning. :)
19:49 mr_chris Similar to how you only have to be faster than the slowest runner to escape a bear, you only have to be smaller than the biggest tattooed guy to escape iggy's foot of justice.
19:49 flowstate joined #salt
19:49 iggy ^ exactly
19:49 murrdoc joined #salt
19:51 antpa joined #salt
19:55 akhter joined #salt
19:58 jhauser joined #salt
19:58 barajasfab joined #salt
19:58 antpa joined #salt
20:03 pfallenop joined #salt
20:03 aharvey joined #salt
20:05 jnials joined #salt
20:08 Fiber^ joined #salt
20:09 keimlink joined #salt
20:11 baweaver joined #salt
20:13 DammitJim how do you guys deal with setting a user's password with salt?
20:13 DammitJim I did something for smbpasswds and that worked, but the hash thing... I'm stilll confused about
20:15 mr_chris DammitJim, When passing the password to the user module or using it in a state or pillar, you have to do it as a cryptographic hash rather than in plain text.
20:15 mr_chris There are utilities to generate this for you.
20:15 mr_chris For example, the mkpasswd command.
20:15 DammitJim oh ok, like mkpassword?
20:15 DammitJim or something like that
20:15 DammitJim thanks!
20:15 mr_chris Yes.
20:15 DammitJim and I would have to install that on the minion or the master?
20:16 mr_chris Doesn't matter. You could install it on your local machine.
20:16 mr_chris Because you're only giving salt the hash and never the plain text. It doesn't care how you generated it.
20:16 DammitJim oh, but I have to put the hash in the pillar file, huh?
20:17 mr_chris DammitJim, Depending on how you are managing your users in salt. I do it this way. https://github.com/saltstack-formulas/reverse-users-formula
20:17 flowstate joined #salt
20:18 mr_chris Do it in the state if the state has it hard coded. Do it in the pillar if you are using pillar data for the passwords. That part is up to you.
20:19 onlyanegg joined #salt
20:21 beardedeagle Yay, getting on a plane to salt lake city
20:22 jfindlay if anyone here is at saltconf and you want to hang out ping me and I'll arrange an informal irc realspace meet, probably in the time before the salt sprint Wednesday evening
20:22 DammitJim ugh.... how do I know the encoding?
20:22 mr_chris DammitJim, Pardon?
20:23 DammitJim I'm looking at the hash in the passwd file for an older server and it looks different
20:23 beardedeagle @jfindlay, you are going to be at the conference right?
20:28 kevinquinnyo2 joined #salt
20:29 mr_chris DammitJim, The salt that gets used for the hash changes every time you generate a password.
20:29 mr_chris By "salt" I do not mean salt stack. I mean, salt in the crypto sense.
20:30 jab416171 DammitJim, you can also pull the hash straight out of /etc/shadow
20:30 mr_chris This is true.
20:31 mr_chris What is the Salt equivalent for ChefSpec and Test Kitchen?
20:31 onlyanegg joined #salt
20:31 beardedeagle joined #salt
20:31 dendazen is there a way to list value of particular grain on the host? to get all i do salt-call --local grains.items
20:31 dendazen can i get value of only particular grain?
20:31 mr_chris dendazen, salt-call grains.get thegrain
20:32 mr_chris For example: salt-call grains.get id
20:32 dendazen Thank you.
20:32 mr_chris You're welcome.
20:32 jab416171 DammitJim, https://gist.github.com/jab416171/dba8481ffcdaa99b135352479aa587e9
20:32 DammitJim ty
20:33 jab416171 replace "some.password.hash" with the hash from something like this: sudo grep myuser /etc/shadow | awk -F: '{print $2}'
20:33 jab416171 for me, it starts with "$6$"
20:34 jab416171 I believe that is the hash algorithm
20:34 mr_chris jab416171, It is.
20:35 jab416171 DammitJim, that's a state SLS file, but there's no reason you couldn't put it in pillar.
20:35 _beardedeagle joined #salt
20:41 rickflare joined #salt
20:43 onlyanegg joined #salt
20:44 antpa joined #salt
20:45 |Fiber^| joined #salt
20:47 traph joined #salt
20:47 traph_ joined #salt
20:50 DammitJim silly question... can I just copy the hash from a red hat server to an ubuntu server for a user?
20:50 DammitJim I'm replacing that old red hat server
20:50 DammitJim when I say hash, I mean from /etc/shadow
20:50 mr_chris DammitJim, Yes.
20:50 newjersey joined #salt
20:50 abednarik joined #salt
20:54 cyborg-one joined #salt
20:55 aharvey joined #salt
20:57 bltmille_ can I use file.replace to append to a specific line in a file? the line begins with, say, "foobar", and is followed by X number of characters and such and I want to append to that line specifically
20:58 mr_chris bltmille_, Why not just use https://docs.saltstack.com/en/latest/ref/states/all/salt.states.file.html#salt.states.file.replace ?
20:58 mr_chris Oh wait, sorry. I need to read your question better.
20:59 bltmille_ lol that's exactly what I'm asking ;)
20:59 mr_chris Yes. That is what file.replace is intended for. That should be doable.
20:59 mr_chris If you can do it with sed you should be able to do it with file.replace.
21:00 dendazen file.sed is gone?
21:00 quasiben joined #salt
21:00 bltmille_ hm ok, so I'm going to match based on the pattern argument, and whatever is matched is what will be replaced?
21:01 mr_chris dendazen, file.sed is for the cli module. I don't see it in the state, though.
21:01 dendazen it used to be in the previous versions.
21:06 bltmille_ so maybe there's an easier way to do what I'm trying accomplish. I don't have root on my salt-minions, so instead of a bunch of pkg.installed's, I'm downloading tarballs and unzipping into home directory. I need to add things in home directory to $PATH. my method of doing this is to update .bash_profile dynamically for each minion based on which states have been applied
21:07 akhter joined #salt
21:07 bltmille_ perhaps prepending to the line would be easier since I know that the line must begin with PATH
21:10 antpa joined #salt
21:10 bltmille_ I'll report back with my results 👍
21:13 Gabemo joined #salt
21:16 twork_ joined #salt
21:16 onlyanegg joined #salt
21:17 rglen joined #salt
21:17 rome_390 joined #salt
21:27 bltmille_ cool, totally worked by prepending. happened across the double '\' escape character by accident (not sure if that's a python thing, a salt thing, or a YAML thing: https://gist.github.com/blaketmiller/11415a110dd178e03e8c22cc12fb50ee
21:31 teatime you might benefit from YAML '' strings, which accept zero escape sequences (except '' to insert a literal ')
21:32 bltmille_ teatine: your formatting is throwing me off a bit – to clarify, do you mean single-quote strings instead of double-quote strings?
21:32 bltmille_ s/teatine/teatime/g
21:32 teatime yeah
21:32 bltmille_ ah cool, I'll check that out
21:33 teatime e.g.:  pattern: '^PATH=\$PATH'  <-- they're really nice for regexes
21:38 flowstate joined #salt
21:39 _JZ_ joined #salt
21:41 CeBe left #salt
21:45 aharvey joined #salt
21:50 baweaver joined #salt
21:58 flowstate joined #salt
22:03 protoz joined #salt
22:03 hightekvagabond1 joined #salt
22:04 onlyanegg joined #salt
22:09 antpa joined #salt
22:10 CeBe joined #salt
22:10 aboe joined #salt
22:11 phx joined #salt
22:12 kevinquinnyo2 in an orchestration, if i want to pass a pillar to the sls, do i pass the kwargs key like: 'kwargs': {'pillar': {'something': 'foo'}}  ?
22:13 kevinquinnyo2 or 'kwarg; key rather?
22:17 west575 joined #salt
22:22 mTeK joined #salt
22:22 akhter joined #salt
22:26 akhter joined #salt
22:32 spuder joined #salt
22:33 spuder_ joined #salt
22:34 flowstate joined #salt
22:34 cliluw joined #salt
22:37 liqw joined #salt
22:38 zenlot6 joined #salt
22:41 lorengordon joined #salt
22:41 Nazca joined #salt
22:44 antpa joined #salt
22:58 jschoolcraft joined #salt
23:03 abednarik joined #salt
23:06 brianfeister joined #salt
23:09 akhter joined #salt
23:09 brianfeister joined #salt
23:14 macheck joined #salt
23:20 baweaver joined #salt
23:22 hightekvagabond1 As far as I know there are two ways to pair a minion with a master: 1) use salt-key -A to accept the key, or 2) pregenerate a key pair and put it on the minion when you create it…… I have minions of a Syndic that are being generated dynamically from the same image and want to connect them, is there a "salt way" to do this or do I need to hack around it with my own goofy script?
23:23 djgerm1 joined #salt
23:23 hemebond hightekvagabond1: Could you not use rsync to sync keys?
23:24 hemebond Are your keys generated at the top?
23:24 repl1cant if you deploy w/salt-cloud it'll sign the keys when starting a new "instance"
23:24 hightekvagabond1 ahhh…. I haven't looked at saltcloud yet…. I'll look there
23:25 bltmille_ how are you provisioning your minions?
23:26 hightekvagabond1 My minions are all from a network boot in a diskless environment where they all use the same disk image, which is why putting the key on in advance doesn't work because then they'd all have the same key
23:26 hightekvagabond1 it would be the same problem in aws if I was bringing them up from an AMI though
23:27 djgerm1 Hello, I am getting "Please switch to the new providers configuration syntax" when I try to provision a new minion from salt-cloud to vsphere. I don't understand what this means because I don't know wwhat the old vs new syntax is. Any ideas?
23:31 kevinquinnyo2 Can anyone tell me if my syntax is off here?  I'm trying to pass a pillar to a state inside an orchestration and it should be possible like this i thought:  https://gist.github.com/kevinquinnyo/4f4fc4ad805da88122f4682989478c88
23:31 kevinquinnyo2 i am setting the pillar from the command line, the same way you normally would, like salt some-target state.sls some.state pillar="{'reset_website': 'foo.com'}"
23:32 bltmille_ hightekvagabond1: I haven't played with cobbler myself, but perhaps it will give you the capability to run some post-install scripts or generate a unique key for you? dunno exactly, just thinking out loud. http://cobbler.github.io
23:32 kevinquinnyo2 if i run the state like that -- passing the pillar on cli, the state gets the pillar, but i can't make the same work in the context of the orchestration
23:33 flowstate joined #salt
23:36 brotatochip joined #salt
23:36 abednarik joined #salt
23:39 kevinquinnyo Can anyone tell me if my syntax is off here?  I'm trying to pass a pillar to a state inside an orchestration and it should be possible like this i thought:  https://gist.github.com/kevinquinnyo/4f4fc4ad805da88122f4682989478c88  (apologies if i duplicated the question -- i think i was not logged in when i asked earlier)
23:40 kevinquinnyo I'm passing the pillar when i call the orchestration on the command line with:  pillar="{'reset_website': 'foo.com'}"
23:40 kevinquinnyo and that does work if i do the same thing but call the state.sls directly from the command line, passing the pillar just like that
23:42 antpa joined #salt
23:44 akhter joined #salt
23:47 kevinquinnyo ahhhh nevermind -- just dug through the code.  the kwarg key is redundant.  You just pass in pillar key directly with your dict
23:47 toastedpenguin joined #salt
23:48 whytewolf no need for the - kwarg, - pillar can be passed to salt.state https://docs.saltstack.com/en/latest/ref/states/all/salt.states.saltmod.html#salt.states.saltmod.state
23:55 aqua^c joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary