Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2016-04-25

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:05 XenophonF CampusD: make sure you check out the YAML spec at http://yaml.org/
00:06 XenophonF what's covered in the saltstack docs is only a precis of the complete language
00:08 aqua^c joined #salt
00:12 edrocks joined #salt
00:14 edrocks joined #salt
00:21 lws joined #salt
00:24 sjmh joined #salt
00:26 jrklein joined #salt
00:31 mavhq joined #salt
00:32 yomilk joined #salt
00:34 yomilk joined #salt
00:43 meekrab joined #salt
00:43 om joined #salt
00:43 yomilk joined #salt
00:57 stooj joined #salt
01:01 catpigger joined #salt
01:02 iceyao joined #salt
01:03 iceyao_ joined #salt
01:05 quasiben joined #salt
01:05 stooj joined #salt
01:15 sjmh joined #salt
01:16 quasiben joined #salt
01:20 sjmh joined #salt
01:22 lws joined #salt
01:24 stooj joined #salt
01:25 brianfeister joined #salt
01:37 sjmh joined #salt
01:38 newjersey joined #salt
01:51 AdamSewell joined #salt
01:52 lws joined #salt
01:58 XenophonF is anyone else using salt to manage things like sql server or active directory federation services?
01:59 meekrab joined #salt
01:59 catpiggest joined #salt
02:00 lws joined #salt
02:06 flowstate joined #salt
02:09 * whytewolf would rather remove his own eyes then do anything on windows
02:10 noraatepernos joined #salt
02:13 favadi joined #salt
02:16 edrocks joined #salt
02:42 beardedeagle joined #salt
02:47 CeBe joined #salt
02:47 subsignal joined #salt
02:49 pdayton joined #salt
02:51 justanotheruser joined #salt
02:53 noraatepernos joined #salt
03:00 ninjada joined #salt
03:00 onlyanegg joined #salt
03:02 lws joined #salt
03:04 ramteid joined #salt
03:06 cliffstah does gitfs_remotes work with salt-ssh?  I'm not sure if I'm doing something wrong or it's simply ignored
03:10 racooper joined #salt
03:11 pipps joined #salt
03:12 ninjada joined #salt
03:14 brianfeister joined #salt
03:14 IvanJobs joined #salt
03:17 lws joined #salt
03:18 brianfeister joined #salt
03:21 iggy I wouldnt be surprised if no
03:22 cliffstah bummer
03:22 quasiben joined #salt
03:23 cliffstah trying to work out a neat way to manage my master, I guess I could just throw /etc/salt into git.. but I was rather hoping to use the salt formula, but.. chicken and egg
03:27 flowstate joined #salt
03:28 iggy yeah.i had a minimal script that did it for me and got loaded via cloud metadata
03:32 bb74352 joined #salt
03:36 traph_ joined #salt
03:41 beardedeagle joined #salt
03:41 mowntan joined #salt
03:41 mowntan joined #salt
03:49 onlyanegg joined #salt
03:51 sjmh joined #salt
03:57 keldwud_ joined #salt
04:03 AdamSewell joined #salt
04:17 macheck joined #salt
04:20 edrocks joined #salt
04:26 pipps joined #salt
04:28 flowstate joined #salt
04:29 west575 joined #salt
04:33 pipps joined #salt
04:42 k_sze[work] joined #salt
04:45 mohN_ joined #salt
04:46 tmmt joined #salt
04:46 mohN_ hello
04:48 beardedeagle joined #salt
04:49 subsignal joined #salt
04:54 ht joined #salt
04:55 damona joined #salt
04:57 ninjada joined #salt
04:59 damona What is the preference in saltstack  __constant__ or CONSTANT for variable names
05:04 tmmt joined #salt
05:08 msn joined #salt
05:10 lws joined #salt
05:14 onlyanegg joined #salt
05:23 wangofett joined #salt
05:26 meekrab joined #salt
05:26 yomilk joined #salt
05:28 flowstate joined #salt
05:29 nidr0x joined #salt
05:31 impi joined #salt
05:32 pipps joined #salt
05:54 yomilk joined #salt
05:57 hr__ joined #salt
05:59 IvanJobs joined #salt
05:59 colttt joined #salt
06:10 bantone clear
06:10 bantone oops
06:24 edrocks joined #salt
06:28 flowstate joined #salt
06:35 Ron11 I want to install nagios agent on computer, the lastest version is 2.5, the requirement to install not the latest version 2.15 How can I do it with salt packages?
06:35 IvanJobs joined #salt
06:36 ntropy Ron11: https://docs.saltstack.com/en/latest/ref/states/all/salt.states.pkg.html#salt.states.pkg.installed, specify the `version` parameter
06:37 ivanjaros joined #salt
06:37 kshlm joined #salt
06:37 ntropy version isn't supported by all package providers, ymmv
06:38 Ron11 Thank you ntropy
06:38 Ron11 The nagios agent is from salt formula
06:38 Ron11 is it the same?
06:39 ntropy im not familiar with the salt formula for nagios agent, the example pillar should give an example of specifying the version
06:39 Ron11 amm thank you. Maybe someone will know about nagios formula
06:40 ntropy doesn't look like the formula exposes a way to specify the version via pillar, you'll need to modify it for that to happen
06:41 ntropy get cracking! :)
06:50 KermitTheFragger joined #salt
06:51 subsignal joined #salt
06:52 rem5 joined #salt
06:53 dyasny joined #salt
06:58 Ron11 :)
06:58 Ron11 Thank you
06:58 Ron11 How did you check if it supported or not?
06:58 jeddi joined #salt
07:00 Ron11 General question, what is the best terminal software? I am using mobaMaxterm the problem that it limited to 15 windows
07:00 Ron11 it is very good software
07:02 yuhlw joined #salt
07:02 ham_sham joined #salt
07:02 iceyao joined #salt
07:04 AndreasLutro for windows? putty
07:05 Ron11 Putty is not friendly as Moba
07:08 jhujhiti joined #salt
07:13 dyasny joined #salt
07:13 dgutu joined #salt
07:14 josuebrunel joined #salt
07:17 rem5 joined #salt
07:17 ntropy Ron11: i looked at pkg.installed state in the formula https://github.com/saltstack-formulas/nagios-formula/blob/master/nagios/server/init.sls#L4
07:18 armyriad joined #salt
07:19 babilen Ron11: The nagios formula does not support the version argument, but that wouldn't have helped you anyway if the version is not available from a configured repository.
07:20 babilen So you'd first make sure that you can actually install that package version manually after which you might be able to raise the priority of that particular version (with, for example, pinning for Debian)
07:21 Ron11 Thank you ntropy and babiilen
07:21 Ron11 babilen
07:22 bdrung_work joined #salt
07:23 babilen You could also extend that state to include the version argument (cf. https://docs.saltstack.com/en/latest/ref/states/extend.html) or fork the entire formula. That *still* requires that you can install the version you want to install to begin with.
07:24 ninjada joined #salt
07:27 flowstate joined #salt
07:28 slav0nic joined #salt
07:29 lero joined #salt
07:30 Ron11 Where I installed the version? to download or to install it?
07:30 Ron11 The document you refers me to is not working
07:30 toanju joined #salt
07:30 babilen You would, presumably, configure some repository that provides the version you want for the distribution release you are running.
07:31 babilen Could you elaborate on "not working" ?
07:33 Ron11 It works sorry
07:33 Ron11 Thank you babilen
07:34 eseyman_ joined #salt
07:35 keimlink joined #salt
07:37 jhauser joined #salt
07:39 dariusjs joined #salt
07:42 dmaiocchi joined #salt
07:43 Ron11 I have a fresh copy of ubuntu server. I install salt-minion on it. then I stop the minion service and change /etc/salt/minion_id the name of the minion. Then I start the minion. in salt-key in the server I can't see any request of the minion why?
07:44 AndreasLutro check your minion logs
07:48 Ron11 Where can I find the log?
07:49 Ron11 I managed
07:49 Ron11 I get this message algorithm! Please set "hash_type" to SHA256 in Salt Minion config!
07:50 dmaiocchi joined #salt
07:51 Ron11 I will change and check again
07:52 AndreasLutro good idea to do so, but it's probably not the root of your problem. if there's nothing in the minion logs about not being able to connect to the master you should check your master's logs instead
07:55 Ron11 ok I will check
07:55 armyriad joined #salt
07:55 manji joined #salt
07:56 Ron11 2016-04-25 10:46:39,790 [salt.transport.zeromq][ERROR   ][5775] Bad load from minion: AuthenticationError: message authentication failed
07:56 Ron11 This is from the master
07:56 Ron11 I don't know what to do?
07:57 ravenx joined #salt
07:57 ravenx how can i manage a file's content, and that file being managed by pillar
07:58 ravenx i have to copy a config file from a git repo to my home dir.  but before doing that, i need to write some environment-specific data in that config file ebfore copying over
07:58 ravenx what is the best way to approach this/
07:59 AndreasLutro Ron11: delete all accepted salt keys and restart the minion to re-initiate the key acceptance process
07:59 babilen ravenx: You can lookup pillar values in file templates with salt['pillar.get']('the:pillar:key', default_value) and use that data
08:01 ravenx this will write into my config file?
08:03 babilen ravenx: You would use a jinja template (cf. http://jinja.pocoo.org/docs/dev/templates/) as file.managed source: and use the data you get from pillars therein.
08:03 Ron11 AndreasLutro, I delete all the keys
08:04 Ron11 and then the salt-master will recognize automatically the two minion I have and not the new one
08:04 Ron11 same problem
08:04 ravenx babilen: awesome.  i was just wondering, since the config file is IN my git repo arleady, can i just use file.append to write data?
08:04 ravenx since 90% of my config file is the same, i just need to change 10 % of it based on env
08:05 iceyao_ joined #salt
08:05 Rumbles joined #salt
08:06 Ron11 Maybe it occurs because I change the name of the minion? /etc/salt/minion_id
08:06 msn using the following sls on a server http://paste.debian.net/440698/  and keep getting this error on running highstate http://paste.debian.net/440699/, works on one host fails on other
08:06 babilen ravenx: You could, naturally, do that also. I often find it easier to manage the complete file though as that allows me to be explicit about its entire content and doesn't require some local state on the minion
08:06 ravenx babilen: i think that is the cleaner way to do it.
08:07 ravenx babilen: thanks!
08:09 babilen msn: Not sure what your problem is (will take a look in a minute), but I'd like to point out https://github.com/saltstack-formulas/mysql-formula/ which supports all the features you have there.
08:13 s_kunk joined #salt
08:16 Ron11 babilen, can you help me please
08:16 Ron11 ?
08:17 ronnix joined #salt
08:19 kbaikov joined #salt
08:20 Ron11 Any idea what the master does not recognize the minion?
08:21 Ron11 Do I need that the /etc/salt/minion_id be the same as hostname -f?
08:23 manji joined #salt
08:23 msn babilen: it does, and it has more features then needed, I like to keep things simple and atleast in such a case build myself its a learning process with end results
08:24 Ron11 joined #salt
08:26 edrocks joined #salt
08:27 iceyao_ joined #salt
08:29 flowstate joined #salt
08:32 wych joined #salt
08:32 MadHatter42 joined #salt
08:36 dunz0r I've got some data that I just want to publish to certain hosts in an sls in my pillar... how would I do this "prettier"? Right now it's a bunch of elifs that looks at id, which doesn't feel very good.
08:38 ty2u joined #salt
08:38 dunz0r like {% if grains['id'] ==  'someminion' %} somesecretdata: afasdfasdf
08:38 ty2u left #salt
08:38 dunz0r Has to be a better way to do this
08:39 ravenx i have a file in /srv/salt/super-app/super-app.conf
08:39 ravenx and salt keeps saying it can't find it when i do file.managed
08:39 ravenx source: salt://super-app/super-app.conf
08:39 ravenx what is wrong?
08:44 Oliver__ joined #salt
08:46 Oliver__ Hi. I come back to the problem which have described here: http://irclog.perlgeek.de/salt/2016-04-22#i_12377372
08:46 Oliver__ This is my setup: http://paste.ubuntu.com/16045623/ . salt version 2015.8.8.2 runs on master and minion.
08:46 Oliver__ I would expect, that test2 and test3 are getting evaluated by "salt '*' pillar.items". But they don't get evaluated. What is wrong with my setup?
08:47 GreatSnoopy joined #salt
08:48 N-Mi joined #salt
08:49 babilen msn: I don't see anything wrong with that. Is that the complete SLS in unaltered form?
08:49 ggoZ joined #salt
08:51 Oliver__ You mean top.sls? No, I have deleted some lines. But I will change it now to have only lines which I have provided via paste bin.
08:52 Oliver__ Oh. You were referencing msn, not me ;-)
08:53 babilen I was indeed :)
08:53 ravenx fuuuck my salt config file copies the literal template over of:   {{ stuff.stuff }}
08:53 ravenx instead of substituting it
08:54 ravenx what am i doing wrong
08:54 ravenx so now my config files are filled with taht.
08:54 babilen ravenx: Did you set "template: jinja" in the file.managed state?
08:54 ravenx i did not.
08:55 babilen You might want to
08:56 Oliver__ Anyway ... I changed my top.sls to contain only those lines from paste bin and issued a saltutil.refresh_pillar. But still the same unwanted result.
08:56 ravenx aaaand apparently jinja does not like hyphens.
08:57 wych joined #salt
09:01 ravenx babilen: hmm, now it says that the variable is undefined.
09:01 ravenx all my stuff.foobar  <==== stuff is not defined.
09:01 msn babilen: its missing some settings from top
09:02 msn babilen: the unaltered is here http://paste.debian.net/440710/
09:04 msn babilen: i can't find a problem too. the same state works on one host and fails on another
09:07 babilen msn: Could you strip out the dynamic bits and try again? If that still fails comment the second half of the SLS and continue removing things from the bottom.
09:08 msn i can't understand why same thing works on one host and not other
09:13 ravenx my refresh_pillar doesn't wokr
09:13 ravenx anyone know why?
09:17 dmaiocchi joined #salt
09:18 Oliver__ ravenx: this might happen due to syntax problems in one of your files. Also commented lines (prefixed with '#') which contain jinja code lead to problems. Better to delete those lines or used jinja comment code: {# ... #}
09:24 Oliver__ @teatime: You have asked if I have solved problem. Unfortunately not. May be you have an idea regarding my setup?
09:24 ravenx Oliver__: thanks, that seem to have worked
09:26 ravenx how can i do some thing similar to this: https://docs.saltstack.com/en/latest/topics/tutorials/pillar.html#parameterizing-states-with-pillar
09:26 ravenx instead of conditionals based on grains and os
09:26 ravenx i want to do it to my host groups
09:26 ravenx for example, if the host group contains the name "int"
09:28 flowstate joined #salt
09:29 msn babilen: so when i did piecemeal it just worked
09:32 Oliver__ ravenx: Is this what you want? https://docs.saltstack.com/en/latest/topics/targeting/nodegroups.html#using-nodegroups-in-sls-files
09:32 ronnix joined #salt
09:33 Oliver__ But it sounds from the docs, that this way is not recommended.
09:35 ravenx Oliver__: this is kinda similar to what i like to eat isnt' always healthy
09:35 ravenx but yeah this is what i want lol
09:36 Garyx joined #salt
09:37 traph_ joined #salt
09:37 babilen msn: So you re-added everything and it works now?
09:40 msn nope
09:40 msn think i did find something
09:40 msn checking still
09:44 ninjada joined #salt
09:47 AndChat|455600 joined #salt
09:48 M-liberdiko joined #salt
09:49 M-MadsRC1 joined #salt
09:51 OliverX2 joined #salt
09:53 ajspa joined #salt
09:54 subsignal joined #salt
09:54 AndChat|455600 joined #salt
10:00 dustywusty joined #salt
10:02 Garyx joined #salt
10:08 west575 joined #salt
10:14 phx what's a good practice to put place an external_tops script if i want to keep in a git repo, similarly to the states/pillars things?
10:14 phx 2015.8.8 btw
10:15 mortis phx: we put it somewhere in /srv/salt on the master and managing the file with salt (which uses git as backend)
10:19 phx is that a normal top.sls, or one through master_tops.ext_nodes/external_nodes?
10:19 mavhq joined #salt
10:22 Cadmus Morning, more of a Jinja-ish question as per usual. If I have a pillar item which may not be set for all minions, is it correct to just use {% if pillar['foo']['bar'] %} and it'll be skipped if there's no 'bar'?
10:23 fredvd joined #salt
10:26 XenophonF Cadmus: I'd use `pillar.get` plus `is defined` because that expresses your intent better.
10:26 Cadmus XenophonF: Ah yes, pillar.get should be used more, I think I have some old docs here :) And the 'is defined' is necessary? I'll make sure that's in too
10:26 XenophonF or you can use `pillar.get` with a default value of False
10:27 XenophonF `is defined` isn't strictly necessary, but there's something to be said for making your code a little more literate
10:27 XenophonF if only for future you, who hasn't read through this jinja code in about a year and completely forgot what it was all about
10:27 mavhq joined #salt
10:28 ravenx i can't seem to find the "ext_job_cache" in my /var/salt/master
10:28 Cadmus Yeah, I'm now past the age where I can keep it all in my head :P
10:28 ravenx reading the docs it's uspposed to be there, no?
10:29 edrocks joined #salt
10:29 mavhq joined #salt
10:33 msn how do make a server.running require a directory to exist beforehand
10:41 mavhq joined #salt
10:42 ronnix_ joined #salt
10:44 OliverX2 joined #salt
10:46 XenophonF ravenx: can you post the output of your attempt to call refresh_pillar?
10:46 XenophonF msn: define a file.directory state, and then have the server.running state require or watch it
10:48 XenophonF msn: for example, https://github.com/irtnog/salt-states/blob/development/clamav/init.sls#L6
10:49 mavhq joined #salt
10:49 Oliver__ joined #salt
10:50 yomilk joined #salt
10:52 msn XenophonF: got it i couldnt get it to watch because it wasnt existing, and for require it wouldnt accept file or directory as dict key. so I used require_in
11:02 Garo_ joined #salt
11:03 mavhq joined #salt
11:05 Cadmus Right, I'm still not quite getting it. I want to loop over a pillar item, but only if that pillar exists, I'm doing something similar to this http://pastebin.com/r00wHpi0 but it seems like it's trying to evaluate the for even if the if is not true, I think I'm missing a simple trick here...
11:05 AndreasLutro pillar.get is not the same as salt['pillar.get']
11:05 AndreasLutro the former does not support the : notation for nested elements
11:05 AndreasLutro also don't use is defined
11:06 Cadmus Ah, still plenty to learn
11:07 amcorreia joined #salt
11:09 Cadmus I keep goggling, but a lot of blog posts etc are in the old style, so I'm getting myself confused. I could do with some up-to-date examples
11:09 mavhq joined #salt
11:11 AndreasLutro the salt docs should be up to date, though not that well organized for beginners
11:11 AndreasLutro but if you look up the specific thing you're looking for you usually find what you need
11:11 Cadmus It does jump style a few times, I'll have another crack at it
11:12 AndreasLutro I just google my way to the salt docs I need. for example, "salt pillar": https://docs.saltstack.com/en/latest/topics/pillar/
11:12 AndreasLutro don't be afraid to ask questions anyway though because I have found mistakes/thingsm issing in the docs many times
11:14 Cadmus What should I be using instead of 'is defined'?
11:14 XenophonF oh it's for a loop
11:14 AndreasLutro Cadmus: nothing
11:15 AndreasLutro salt['pillar.get'] will return None if the key doesn't exist, which is "falsey"
11:15 AndreasLutro so the if statement will fail
11:15 XenophonF do something like this: {% for item in salt['pillar.get']('foo:bar', []) %}
11:15 Cadmus Ah, so just {% if salt['pillar.get']('service:things') %}
11:15 AndreasLutro yes, and if you do what XenophonF suggested you can drop the if
11:15 mavhq joined #salt
11:16 Cadmus XenophonF: Perfect, I hate having more nesting than needed. Thanks to you both
11:17 mavhq joined #salt
11:20 XenophonF NP
11:20 mavhq joined #salt
11:23 AndChat|455600 joined #salt
11:27 ronnix joined #salt
11:32 kshlm joined #salt
11:32 mavhq joined #salt
11:35 flowstate joined #salt
11:36 punkoivan joined #salt
11:44 sk_0 joined #salt
11:53 AndChat|455600 joined #salt
11:56 subsignal joined #salt
12:04 TooLmaN joined #salt
12:06 klaas joined #salt
12:09 iggy also, of note, the 2 styles aren't necessarily old/new, so you will see both, you just have to know when to use which
12:10 iggy (although I do wish the docs would stick to salt['pillar.get'] for reasons like this)
12:13 Hetman joined #salt
12:14 Hetman Hello howto avoid conflicting ID include ? In my pillar I've got list of modules and later I'm doing for module in modules : include: - .{{ module }} assuming this is problem, any best practice for something like that ?
12:20 ggoZ joined #salt
12:20 slav0nic joined #salt
12:22 west575 joined #salt
12:22 iggy include's shouldn't cause duplicate IDs
12:23 iggy Hetman: are you sure you don't just have duplicate IDs somewhere?
12:24 AndChat|455600 joined #salt
12:24 Hetman iggy: just going through it now ...
12:25 punkoivan left #salt
12:27 _Cyclone_ joined #salt
12:29 ronnix joined #salt
12:31 DammitJim joined #salt
12:32 west575_ joined #salt
12:32 dustywusty joined #salt
12:33 edrocks joined #salt
12:35 iceyao joined #salt
12:36 yomilk joined #salt
12:36 renaissancedev joined #salt
12:39 edrocks joined #salt
12:41 edrocks joined #salt
12:41 west575 joined #salt
12:47 AdamSewell joined #salt
12:54 OliverX2 joined #salt
12:55 mapu joined #salt
12:59 hacfi joined #salt
13:00 tawm04 joined #salt
13:01 georgemarshall joined #salt
13:01 dober joined #salt
13:01 dober joined #salt
13:01 futuredale joined #salt
13:01 manji joined #salt
13:01 abele joined #salt
13:02 mrtrosen joined #salt
13:03 squishypebble joined #salt
13:03 flowstate joined #salt
13:03 tkeith joined #salt
13:03 ablemann joined #salt
13:04 snc joined #salt
13:04 ssplatt joined #salt
13:04 subsignal joined #salt
13:04 hal58th joined #salt
13:07 debian112 joined #salt
13:08 numkem joined #salt
13:08 jhauser_ joined #salt
13:09 subsigna_ joined #salt
13:09 ssplatt thanks for the awesome saltconf last week!  i threw together a couple quick demos of how we are using test kitchen during development of our formulas and a demo of the infratest module since it seemed like a common question people had at the conf was how to test things https://www.reddit.com/r/saltstack/comments/4g47as/salt_infratestformula_kitchen_test/d2eehmm
13:09 saltstackbot [REDDIT] salt infratest-formula kitchen test (https://asciinema.org/a/3b7exrkl5fnjxsj2szp5ik42e) to r/saltstack | 8 points (100.0%) | 1 comments | Posted by sssplattt | Created at 2016-04-23 - 16:42:20
13:09 edulix joined #salt
13:10 toanju joined #salt
13:10 rnts_ joined #salt
13:10 gh34 joined #salt
13:11 rovar_ joined #salt
13:12 lookcrabs joined #salt
13:12 lookcrabs joined #salt
13:12 jesusaur joined #salt
13:15 mavhq joined #salt
13:15 yidhra joined #salt
13:16 tpaul joined #salt
13:22 JPT joined #salt
13:22 Shirkdog joined #salt
13:24 AndChat|455600 joined #salt
13:25 nZac joined #salt
13:28 keimlink joined #salt
13:31 akhter joined #salt
13:33 pdayton joined #salt
13:34 MadHatter42 joined #salt
13:38 akhter joined #salt
13:39 pdayton joined #salt
13:39 ninjada joined #salt
13:41 scoates joined #salt
13:41 rem5 joined #salt
13:41 flowstate joined #salt
13:41 racooper joined #salt
13:44 remyd1 joined #salt
13:44 zer0def joined #salt
13:45 zer0def joined #salt
13:46 cpowell joined #salt
13:47 Tanta joined #salt
13:50 akhter joined #salt
13:57 ALLmightySPIFF joined #salt
14:03 jerredbell joined #salt
14:03 akhter joined #salt
14:03 jerredbell joined #salt
14:09 akhter joined #salt
14:11 ferbla joined #salt
14:12 TooLmaN joined #salt
14:13 mpanetta joined #salt
14:14 ronnix_ joined #salt
14:17 tharkun joined #salt
14:18 hasues joined #salt
14:20 hasues left #salt
14:21 cro_ joined #salt
14:22 AdamSewell joined #salt
14:24 newjersey joined #salt
14:25 colegatron joined #salt
14:26 dunz0r So I think I've found a bug in the user-module
14:29 Brew joined #salt
14:29 akhter joined #salt
14:30 ivanjaros joined #salt
14:31 kshlm joined #salt
14:35 akhter joined #salt
14:36 bbendy_ joined #salt
14:37 ravenx is there a way to stagger a state.sls
14:37 ravenx i have just two servers, but i would like it to be done via one command
14:37 ravenx instead of salt 'one' state.sls hi
14:38 ravenx and then salt 'two' state.sls hi
14:38 dunz0r ravenx: salt '*' state.sls hi
14:38 ravenx rioght but i woul dlike to stagger it
14:38 dunz0r '*' will match all minions
14:38 ravenx meaning that i dont want it to be running in parallel
14:38 ravenx i want one to finish first, then two to start
14:39 AndreasLutro --batch
14:39 ravenx so:   salt --batch '*' state.sls hi?
14:39 ravenx 1
14:40 ninjada joined #salt
14:41 dunz0r What happens with the "bug" is that 'Full Name' containing a non-ascii character will fail...
14:41 dunz0r Because it's specified as a string
14:41 ronnix joined #salt
14:44 relidy joined #salt
14:45 dunz0r Here's the problematic line... 'fullname': str(gecos_field[0])
14:45 dunz0r Strings! :@
14:45 Brew joined #salt
14:47 nebuchadnezzar joined #salt
14:53 DammitJim joined #salt
14:57 Brew joined #salt
15:12 spuder joined #salt
15:16 mavhq joined #salt
15:21 bbendy_ Hi, what's the best way to see if a package is installed, and if it is then continue? I tried using the pkg.installed with file.managed but if not installed it throw a error for the state, which makes sense but not wanted
15:21 teryx510 joined #salt
15:21 beardedeagle joined #salt
15:21 gtmanfred it shouldn't throw an error, it should install it
15:22 beardedeagle is it possible to lookup jobs in masterless?
15:22 beardedeagle I don't think it is, but asking just in case
15:22 gtmanfred are you trying to do a file.managed to then do a local install later?
15:22 bbendy_ gtmanfred, sorry im doing installed after the package, only if its already installed I want to do something
15:22 gtmanfred beardedeagle: that is a good question
15:23 gtmanfred bbendy_: ahh, do an onfailure
15:23 gtmanfred so that if the check fails, it does the next step
15:23 gtmanfred or
15:23 bbendy_ basically i have SLS for Icinga2 monitoring, and I want to apply this and based on what software is installed then setup certain checks
15:23 gtmanfred you can use 'onlyif'
15:23 gtmanfred and do
15:23 gtmanfred onlyif: rpm -q <packagename>
15:23 gtmanfred or whatever debians is
15:23 gtmanfred bbendy_: https://docs.saltstack.com/en/latest/ref/states/requisites.html#onfail
15:24 [Kernel_Panic] joined #salt
15:24 gtmanfred https://docs.saltstack.com/en/latest/ref/states/requisites.html#onlyif
15:24 [Kernel_Panic] Hello
15:24 bbendy_ gtmanfred, i saw that, I guess that might be the best route then for me
15:25 akhter joined #salt
15:25 gtmanfred one of those two would be how I would do it
15:26 cpowell joined #salt
15:26 bbendy_ gtmanfred, and i guess onlyif can be ran wherever, not only in the module.run like the docs show? thats what was confusing me
15:26 gtmanfred yup
15:26 gtmanfred both of those can be on any state
15:27 [Kernel_Panic] I'm using salt-cloud with vmware support. First i use create vm command . And next step... is possible install minion with a salt-cloud command to controled the vm?
15:27 gtmanfred they are implemented in the salt/state.py file
15:27 bbendy_ yeah, just tried it now, works perfect. awesome, thanks so much!
15:27 gtmanfred no problem :)
15:27 bbendy_ that makes it super easy :)
15:27 gtmanfred yar
15:27 gtmanfred i wrote it :)
15:28 gtmanfred https://twitter.com/thatch45/status/471367455345246208
15:28 UtahDave joined #salt
15:30 akhter joined #salt
15:31 gtmanfred [Kernel_Panic]: it should by default with salt-cloud.
15:31 gtmanfred that is one of the steps in deployment
15:32 gtmanfred well, the public cloud offerings do, i would expect the vmware to do it
15:32 gekitsuu joined #salt
15:33 Brew joined #salt
15:34 cpowell joined #salt
15:35 justaname joined #salt
15:35 justaname svnfs problems, anyone familiar enough to help troubleshoot?
15:37 UtahDave justaname: can you describe what you're running into?
15:38 akhter joined #salt
15:43 akhter joined #salt
15:43 noraatepernos joined #salt
15:44 west575_ joined #salt
15:45 [Kernel_Panic] gtmanfred, ah ok, but with salt-cloud create not minion installed in the new vm created
15:47 justaname I'm pointing my master at svnfs_remote, specifically my feature branch which contains my salt config (read: top.sls), but when I run a highstate, this is returned: 'Comment: No Top file or external nodes data matches found.'
15:47 gtmanfred i unfortunatley am not familiar with the salt-cloud driver for vmware to know, but they should be doing the salt.utils.cloud:bootstrap() function to deploy salt minion on cloud servers
15:48 [Kernel_Panic] Thnaks!
15:49 UtahDave justaname: do you have a top.sls in the root of your svn repo?
15:50 gtmanfred [Kernel_Panic]: checking the code, it is calling salt.utils.cloud.bootstrap() on the vm
15:50 gtmanfred [Kernel_Panic]: looks like you might need to set 'deploy: True' in your cloud provoder or profile for vmware
15:50 gtmanfred i expect that to be the default though
15:51 bltmiller joined #salt
15:51 XenophonF [Kernel_Panic]: have you seen https://docs.saltstack.com/en/latest/topics/cloud/vmware.html#vmware-cloud-profile
15:51 gtmanfred [Kernel_Panic]: oh, are you using templates?
15:51 XenophonF your template needs to be prepped for deployment in much the same way as any virtual machine image on other hypervisors
15:51 gtmanfred it looks like if it is built from a template, salt-cloud does not bootstrap it
15:52 gtmanfred https://github.com/saltstack/salt/blob/develop/salt/cloud/clouds/vmware.py#L2521-L2531
15:52 XenophonF that's noted in the sample profile
15:52 gtmanfred cool
15:53 XenophonF i think that you can use customization scripts to e.g., set the hostname before salt-minion runs
15:53 XenophonF unfortunately, it's been a while since i messed with it
15:53 gtmanfred deploy
15:53 gtmanfred Specifies if salt should be installed on the newly created VM. Default is True so salt will be installed using the bootstrap script. If template: True or power_on: False is set, this field is ignored and salt will not be installed.
15:54 noraatepernos Is it not possible to use pillar data in a grain .py?  For instance, https://raw.githubusercontent.com/saltstack/salt-contrib/master/grains/ec2_tag_roles.py
15:55 justaname UtahDave:  here is my master config: https://gist.github.com/anonymous/2bf6223cc26c44bdccbae0812269ed40 - the root svn dir I'm pointing the master at, does have a top.sls
15:56 AdamSewell joined #salt
15:57 justaname UathDave: I just noticed that after running highstate, the minion returns: '[ERROR   ] Template was specified incorrectly: False' & '[ERROR   ] No contents found in top file'
15:58 zer0def joined #salt
15:58 IndyRob joined #salt
15:58 spuder_ joined #salt
15:59 UtahDave noraatepernos: no, grains are the first thing that are evaluated when a minion starts up and nothing else is available
16:00 noraatepernos UtahDave: That’s what I thought.  It’s just a bummer that I need to hardcode my aws/ec2 keys in my python scripts.
16:00 Heartsbane joined #salt
16:00 Heartsbane joined #salt
16:01 noraatepernos But yeah.  Chicken or egg.
16:01 XenophonF noraatepernos: can you take advantage of instance profiles?
16:02 beardedeagle Maybe UtahDave knows, is it possible to lookup jobs in masterless?
16:03 noraatepernos XenophonF: Thanks I will check it out.  Also, I might just store it as an environmental variable in my AMI.  Got me excited http://stackoverflow.com/questions/34777691/accessing-pillar-data-in-custome-grain-module-in-salt
16:03 UtahDave beardedeagle: have you tried?  I don't recall if a job cache is kept on a completely masterless minion. We added an option to enable a minion side job cache fairly recently
16:04 beardedeagle salt-call comes back with jobs not being an available module
16:04 XenophonF noraatepernos: what exactly are you trying to accomplish? there might be a better way.
16:04 west575 joined #salt
16:06 akhter joined #salt
16:06 noraatepernos XenophonF: I’m really new to salt and decided I would use it to provision my elasticsearch cluster on ec2.  I wanted to use this ec2_tag_roles grain but noticed that the aws credentials were hardcoded in the grain python script.  I was hoping to keep all sensitive data in the pillars.
16:07 noraatepernos I think I might just hardcode these into environmental vars in the machine image and use os.environ.get in my grains.
16:07 XenophonF that's ugly
16:08 noraatepernos https://github.com/saltstack/salt-contrib/blob/master/grains/ec2_tag_roles.py
16:08 XenophonF saw that
16:08 noraatepernos XenophonF: Oh, probably a better strategy https://github.com/saltstack/salt-contrib/blob/master/grains/ec2_tags.py
16:09 XenophonF for a different reason, i ended up creating an IAM user that could only execute ec2:DescribeTags
16:09 XenophonF yeah, that's the approach i took
16:10 UtahDave beardedeagle: salt-run jobs.list_jobs
16:10 futuredale joined #salt
16:11 akhter joined #salt
16:12 noraatepernos XenophonF: With grains first, is having salt do a file.managed /etc/profile.d/aws.sh with AWS_*** key/secret from pillars too late as well?
16:12 XenophonF yes
16:13 noraatepernos Ok.  I’ll add it to my base image, then.  Thanks.
16:14 XenophonF to use that ec2_tags.py file, copy it to {/srv/salt,/usr/local/etc/salt/states}/_grains, then push that ec2_tags:aws dict to the minions
16:14 bluenemo joined #salt
16:14 XenophonF that's what i'd do, anyway
16:14 beardedeagle UtahDave: salt-run isn't on masterless
16:15 XenophonF well, i'd push the minion config first and then the custom grain
16:16 UtahDave beardedeagle: what version of Salt are you running?
16:16 beardedeagle salt-minion 2015.8.8.2 (Beryllium)
16:17 lws joined #salt
16:18 beardedeagle UtahDave: tried saltutil as well, but unfortunately it is going to look for the master cache as well
16:19 UtahDave beardedeagle: have you set cache_jobs: True   ?
16:19 UtahDave in your minion config
16:20 beardedeagle yes, if you do that it just returns nothing though for saltutil
16:20 beardedeagle salt-call saltutil.runner jobs.list_jobs
16:21 UtahDave beardedeagle: This looks like an oversight when they added the cache_jobs.  Would you mind opening an issue regarding that?
16:21 beardedeagle yar
16:21 UtahDave Thanks!  appreciate it!
16:22 pipps joined #salt
16:22 AdamSewell joined #salt
16:22 kevinquinnyo joined #salt
16:25 zmalone joined #salt
16:26 beardedeagle joined #salt
16:26 akhter joined #salt
16:26 zmalone Does anyone know if the zeromq3 - 4.0.4 packages on repo.saltstack.com have http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7203 and http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7202 backported to them?
16:26 writtenoff joined #salt
16:26 Cadmus left #salt
16:29 UtahDave zmalone: I'll check
16:29 AdamSewell joined #salt
16:31 zmalone UtahDave: Thank you!
16:32 edrocks joined #salt
16:32 akhter joined #salt
16:33 gtmanfred ... zeromq3 version 4.0.4 :/
16:33 gtmanfred wat
16:33 zmalone It's annoying, but it was a packaging issue on some platform
16:33 zmalone the native packages are named "zeromq3"
16:34 zmalone At least, I think the problem came from elseware
16:34 gtmanfred yar
16:35 UtahDave zmalone: just talked with the packager. He's checking
16:36 _JZ_ joined #salt
16:36 TOoSmOotH joined #salt
16:39 wendall911 joined #salt
16:40 akhter joined #salt
16:42 ninjada joined #salt
16:44 CampusD joined #salt
16:45 lws joined #salt
16:46 Topic for #salt is now Welcome to #salt! | Latest Versions: 2015.8.8, 2016.3.0rc2 | Support: https://www.saltstack.com/support/ | Logs: http://irclog.perlgeek.de/salt/ | Paste: https://gist.github.com/ (please don't multiline paste into channel) | See also: #salt-devel, #salt-offtopic | Ask with patience as we are volunteers and may not have immediate answers"
16:51 akhter joined #salt
16:53 whatever_sd_ joined #salt
16:55 Fiber^ joined #salt
16:55 UtahDave zmalone: what OS are you using?
16:55 ageorgop joined #salt
16:56 zmalone Ubuntu 14.04
16:56 racooper can grains be used to insert host-specific info in a file.append command run?
16:56 rihannon joined #salt
16:56 gtmanfred racooper: yes
16:57 gtmanfred just reference the grains in the contents: block
16:57 gtmanfred or you can use contents_grains
16:57 racooper I don't mean as a state
16:57 UtahDave racooper: you can use the grains dictionary within jinja
16:58 gtmanfred UtahDave: not in a module
16:58 gtmanfred or module call
16:58 gtmanfred cause it won't be evaluated?
16:58 fxhp joined #salt
16:59 UtahDave Well, unless I'm misunderstanding racooper's question I don't see why he couldn't use grain info in a file.append.
16:59 gtmanfred yeah, i don't know that that gets evaluated, and i think the contents_grains gets evaluated from the file state only
16:59 racooper so this won't work? salt '*' file.append /etc/hosts args="['127.0.0.    grain['fqdn'] [grain['host']']"
16:59 gtmanfred if you did salt \* file.append 'thing {{grains.id}}' i don't think it will work
16:59 UtahDave ah, I see
16:59 gtmanfred cause the jinja gets evaluated on the state side
16:59 gtmanfred not in the module
17:00 XenophonF racooper: command-line arguments don't get run through any of the template engines
17:00 racooper ok. I can just do it as a for loop in bash.
17:00 XenophonF exactly
17:00 UtahDave look like you can
17:00 UtahDave salt '*' cmd.run template=jinja "ls -l /tmp/{{grains.id}} | awk '/foo/{print \$2}'"
17:01 XenophonF hah no kidding
17:01 UtahDave ref here: https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.cmdmod.html#salt.modules.cmdmod.run
17:01 XenophonF even better
17:01 gtmanfred interesting, but that doesn't use the file.append module :P
17:01 gtmanfred <3
17:01 UtahDave hm. true.
17:01 UtahDave there's got to be a way to do that.
17:02 gtmanfred looking at the file.append module, it is only using .format
17:02 gtmanfred and only .format for adding a newline at the end of the line
17:02 UtahDave https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.file.html#salt.modules.file.apply_template_on_contents
17:03 UtahDave racooper: you could try that.   But you might have to create a state to do that and then call that from the cli
17:03 gtmanfred you could do a subshell of that, and feed it into salt file.append
17:03 IndyRob joined #salt
17:03 lws_ joined #salt
17:04 gtmanfred the problem with that though is you need to run the templateon each host and then run it through append
17:04 adelcast joined #salt
17:04 gtmanfred should just make it so you can specify templating on contents in file.append
17:05 racooper it's ok.  this is a one-off change to servers that don't have a state tree yet. just able to run remote commands on them.
17:05 Edgan joined #salt
17:05 flowstate joined #salt
17:07 rihannon joined #salt
17:07 bbendy_ Is mongo the recommend DB for storing pillar data?
17:07 gtmanfred ¯\(°_o)/¯
17:08 gtmanfred mongo is blergh
17:08 gtmanfred i woudl use what you are comfortable with
17:08 gtmanfred if you use mongo for everything, use mongo, but if not, then do not use mongo
17:09 Eugene I like flat-files(YAML), because it doesn't break.
17:09 gtmanfred i should write a postgresql jsonb ext_pillar so that people can use the document storage with that, and skip mongo
17:09 XenophonF gtmanfred: +1
17:09 gtmanfred neat https://github.com/saltstack/salt/blob/develop/salt/pillar/neutron.py
17:09 gtmanfred XenophonF:i have a postgresql backend for sdb
17:10 gtmanfred that is almost done
17:12 nZac joined #salt
17:14 cnk joined #salt
17:16 pipps joined #salt
17:19 edrocks joined #salt
17:24 bltmiller joined #salt
17:25 bbendy_ i was going to use mysql, since evertyhing else we have is mysql
17:25 sbueringer joined #salt
17:26 gtmanfred do that
17:26 impi joined #salt
17:27 flowstate joined #salt
17:28 UtahDave bbendy_: definitely use what your team is most comfortable with.
17:28 ageorgop joined #salt
17:29 flowstate joined #salt
17:29 jeddi joined #salt
17:30 bbendy_ UtahDave, what I was hoping to hear :)
17:30 bbendy_ im seeing very little docs on the mysql pillar, going to give it a whirl and see if it works
17:31 UtahDave bbendy_: fwiw, I've used the mysql master job cache to good effect
17:31 UtahDave with several customers
17:32 bbendy_ UtahDave, have you ever used it for storing pillar data? im trying to pull some data realtime when we run a state, basically pull some variables for data assignment when we run the state
17:33 kingscott joined #salt
17:33 IndyRob bbendy_: not using mysql here, specifically, but we do a similar thing using Device42.
17:33 kingscott How can I use curl "download link" in a state file?
17:34 gtmanfred kingscott: you can use the http state, or if it is an archive that you are wanting to extract, you can just use the archive,extracted state and it will download it
17:34 bbendy_ IndyRob, interesting, ill have to check that out. Im wanting to use mysql for what checks we are storing in Icinga2, was passing pillar data via the CLI, but multi dim array are being a nightmre to work with for me
17:36 akhter_1 joined #salt
17:40 AdamSewell joined #salt
17:41 baweaver joined #salt
17:42 baweaver joined #salt
17:43 beardedeagle UtahDave: sorry, just got around to this now, https://github.com/saltstack/salt/issues/32834
17:43 saltstackbot [#32834]title: Masterless Minion - Unable to query job cache | ### Description of Issue/Question...
17:44 xenoxaos joined #salt
17:45 baweaver joined #salt
17:46 baweaver joined #salt
17:49 XenophonF how do i install a python library into the python environment of the windows salt minion?
17:50 jfindlay XenophonF: with pip?
17:50 mschiff is there a way to set log_granular_levels: for a minions logfile?
17:51 lws joined #salt
17:52 UtahDave XenophonF: There's a pip executable shipped along with the included python
17:52 XenophonF jfindlay, UtahDave: thanks - I just found it
17:52 UtahDave awesome
17:52 AdamSewell joined #salt
17:53 rocketnova joined #salt
17:53 aw110f joined #salt
17:55 sarlalian joined #salt
17:59 baweaver joined #salt
17:59 akhter joined #salt
18:02 AdamSewell joined #salt
18:03 druonysus joined #salt
18:04 lws joined #salt
18:05 pipps_ joined #salt
18:06 newjersey joined #salt
18:07 subsignal joined #salt
18:08 ageorgop joined #salt
18:12 noraatepernos joined #salt
18:13 justaname what would cause 'Template was specified incorrectly: False' & '[ERROR   ] No contents found in top file'
18:13 justaname my minion roles match grains defined in my top.sls
18:17 renaissancedev joined #salt
18:20 Rumbles joined #salt
18:22 akhter joined #salt
18:23 AdamSewell joined #salt
18:23 UForgotten joined #salt
18:27 kevinquinnyo joined #salt
18:28 bbendy_ is there a easy way to print out all pillar data for debug?
18:30 jfindlay bbendy_: `sys.doc pillar.items`
18:31 bbendy_ joined #salt
18:32 bbendy_ jfindlay, you can do that inside SLS?
18:32 jfindlay bbendy_: do you want to use the output in a state?
18:33 bbendy_ jfindlay, trying to debug is all right now, seems the mysql module is not returning data how i thought
18:33 ahammond how do I ask a minion what size of key it's using?
18:33 manji joined #salt
18:33 jfindlay in that case you can do a module.run state
18:33 ssplatt joined #salt
18:34 jfindlay ahammond: I think key sizes are fixed, but you might want to check with UtahDave
18:34 brianfeister joined #salt
18:34 ahammond I believe we're on 4k keys and want to re-key to 2k... but I want a nice clean way of doing it. :)
18:34 jfindlay sounds like you know more than me :)
18:38 bbendy_ jfindlay, i wasnt thinking, gotcha ya now, that works thanks.
18:38 akhter joined #salt
18:38 bbendy_ now to figure out why my data is borked :)
18:39 ajw0100 joined #salt
18:40 ronnix joined #salt
18:40 josuebrunel joined #salt
18:43 ZiLi0n joined #salt
18:44 lws joined #salt
18:46 ZiLi0n Hello everyone, is there a way to use a pillar variables in a jinja statement? I have been trying but it seems that jinja engine is first rendered and therefore the pillar variable does not exist yet... basically I am trying in jinja to call network.interface_ip and giving as a parameter the pillar variable which contains the interface. it is to discover the ip address of a given interface by name
18:49 tharkun joined #salt
18:50 rocketnova joined #salt
18:51 autofsckk joined #salt
18:51 akhter joined #salt
18:54 lero joined #salt
18:55 Garyx joined #salt
18:57 subsignal joined #salt
18:58 murrdoc joined #salt
19:00 ZiLi0n is there any difference having a file under pillar with .sls extension or .yaml extension in terms of jinja and pillar processing that could be helpful for my case?
19:01 s_kunk joined #salt
19:02 manji joined #salt
19:02 pipps joined #salt
19:06 noraatepernos Can I just use something like file.managed for github/bitbucket deployment keys?  https://github.com/saltstack/salt/issues/15910
19:06 saltstackbot [#15910]title: Add state module for managing ssh key pairs | There is an `salt.states.ssh_auth` module, that manages authorized keys for ssh server....
19:07 keimlink joined #salt
19:07 GreatSnoopy joined #salt
19:09 akhter_1 joined #salt
19:09 baweaver joined #salt
19:12 spuder joined #salt
19:12 ZiLi0n thanks. got it to work with import_yaml file and .get method! now the jinja can render properly. great!
19:13 akhter joined #salt
19:16 ageorgop joined #salt
19:19 ajw0100 joined #salt
19:25 dmaiocchi joined #salt
19:29 akhter joined #salt
19:33 numkem joined #salt
19:34 tpaul joined #salt
19:35 edrocks joined #salt
19:40 akhter joined #salt
19:41 UForgotten joined #salt
19:42 murrdoc joined #salt
19:44 murrdoc do we have a beacons repository
19:44 murrdoc like we have formulas
19:44 g3cko left #salt
19:44 g3cko joined #salt
19:45 g3cko forumulas repo eh? I like the sounds of that. my coworker could use that
19:45 ahammond ZiLi0n be aware of pillar bloat with stuff like that. Jinja isn't always the friend it pretends to be. :) Also, take a look at salt's rendering system. There are some very interesting things to be found in there.
19:46 jfindlay murrdoc: I think the canonical place to put new beacons is in `salt/beacons` within the salt codebase itself
19:46 murrdoc nice
19:47 jfindlay if a beacon (or any other module) may be too specific to a use case, you could send it to salt-contrib
19:47 jhauser joined #salt
19:47 hal58th joined #salt
19:48 murrdoc Need a beacon like 'inotify' for pillars
19:48 ZiLi0n ahammond thanks. I have moved the jinja logic to a different pillar file, so at least you don't have to see al that logic when changing data every single time hehe. Mmm the rendering system... thanks for pointing that out, I will take a look to see if there is cleaner way...
19:49 ahammond ZiLi0n I just wrote a tutorial for moving logic from jinja to execution modules. Might also be relevant. https://github.com/saltstack/salt/pull/32816
19:49 saltstackbot [#32816]title: tutorial about moving logic from maps.jinja to an execution module | ### What does this PR do?...
19:50 akhter_1 joined #salt
19:50 ahammond should appear in the develop docs shortly (just got merged this morning)
19:53 jfindlay ahammond: that is awesome
19:54 ahammond jfindlay thanks man!
19:54 ahammond jfindlay I was kinda shocked and amazed at just how easy it was to do.
19:54 UForgotten joined #salt
19:55 jfindlay ahammond: yeah, getting more users to code complex things in python rather than hack with jinja is going to be a win for everybody
19:55 lemur joined #salt
19:56 ahammond Yeah, that's why I put it right below the state stuff in the tutorials.
19:56 ahammond Ideally, I think it should be somewhere in the "how to layout a formula" section.
19:56 pipps joined #salt
19:59 Lee_ joined #salt
20:01 lws joined #salt
20:02 manji joined #salt
20:04 ageorgop1 joined #salt
20:04 mowntan joined #salt
20:04 ZiLi0n ahammond thanks you!
20:05 ahammond ZiLi0n no problem. I hope that other people don't get burned the same way I have. :)
20:05 sjmh hm.  anyone ever tried to write a wrapper around the salt command to try and give the user a preview of the hosts they are going to run against?
20:06 aw110f joined #salt
20:06 sjmh something that does something like a manage.up on the target, prompts the user to confirm, then runs the real command.
20:07 jfindlay sjmh: are you running into issues?
20:07 jfindlay I've never done that, but it seems reasonable
20:07 sjmh jfindlay : if you call 250 less-than educated users on the same salt master, with scary permissions an 'issue'..
20:07 sjmh :)
20:07 jfindlay well, sure :-)
20:08 druonysus joined #salt
20:08 sjmh our users are used to the more traditional idea of being able to see what they have, pick it, and then run stuff on it.   moving over to salt is a little new to them, so I'm just worried about them fat-fingering some wildcards.
20:08 Garyx joined #salt
20:09 spuder_ joined #salt
20:09 sjmh we're trying to restrict the minions they can do stuff on, but at some scale, that starts to become more and more difficult to do efficiently
20:09 sjmh so was just thinking of making a quick wrapper that was like 'hey, these are the hosts this is going to affect, you cool with that?'
20:09 jfindlay one of the best ways I know of to manage user liability is to restrict access to minions with state.apply and require code review on all changes to highstate
20:09 bltmiller joined #salt
20:10 sjmh well, we're not even at the point where we're talking states.  We only allow cmd.* at the moment.
20:11 sjmh Which, yeah, gives them everything anyways, but not much I can do about it at the moment.
20:11 jfindlay right.  I wonder if you can restrict eauth to nodegroups
20:12 mrueg joined #salt
20:12 sjmh I think you can - we have some other ways we've pushed ( like the newer eauth via AD OU's with computer objects )
20:13 pdayton joined #salt
20:14 sjmh this probably goes back to the invetory/roster chat we were having on github @jfindlay
20:14 jfindlay yeah
20:15 mowntan joined #salt
20:15 sjmh the master has some concept of what minions have connected recently, doesn't it?  w/out having to do an actual test.ping
20:15 sjmh thought there was something in CkMinions
20:15 pipps joined #salt
20:16 ahammond sjmh: 250 users? what could go wrong? :)
20:16 jfindlay I'm not familiar with it, but I have a vague notion of that.  Basically, knowing when/whether a minion is 'connected' is a hard problem to solve and this has something to do with how zmq manages sockets
20:17 ahammond I'm fighting for Enterprise at work tooth and nail. Sounds like it'd be even better for you.
20:17 sjmh ahammond: yeah, we're waiting for it to be released - already paid for it
20:17 ahammond jfindlay yeah, it's a black box, unless you switch to the new tcp transport... or raet.
20:18 akhter joined #salt
20:18 sjmh @jfindlay - sure.  manage.up is a decent workaround at small scale.  i'm just worried about the guy who tries to do it against ~8k minions
20:18 sjmh then has to wait for his manage.up to complete, then run his command
20:20 lws joined #salt
20:24 akhter_1 joined #salt
20:25 rem5 joined #salt
20:25 xxx_ joined #salt
20:25 ajw0100 joined #salt
20:26 ahammond sjmh we're using nodegroups here and they're a very nice solution to the problem of targeting (as well as ACLs for pillar/top.sls)
20:27 Knuta jfindlay: hmm, not knowing that a minion is connected, would that explain why salt appears to hang indefinitely for me sometimes? I suspect it means one or more hosts are down, but I'm not sure how to know which ones it is. I have worked around it by never pushing anything, but using salt-call from cron instead.
20:28 sjmh ahammond : how do you guys deal with allowing users to modify the nodegroup configs?  that was actually the exact conversation I was having w/ @jfindlay
20:29 sjmh ahammond : i wanted to give my users the ability to modify their own nodegroups and use them for targeting, without allowing them access to the master config
20:29 ahammond sjmh our nodegroups.conf is generated from our cmdb. It's not the prettiest solution.
20:29 jfindlay Knuta: a disconnected minion should cause a timeout on the master.  I haven't heard of any situations that would cause it to hang indefinitely, but it could be possible
20:30 sjmh hm, i suppose we could do something similar.  allow them access to something external
20:30 sjmh and every 30 minutes, regenerate the nodegroup config
20:30 murrdoc joined #salt
20:30 sjmh tack it onto the growing list of stuff i have to do.. :)
20:33 akhter joined #salt
20:35 bbendy Does anyone have any experience with the salt.pillar.mysql? Im having issues with the data being returned is not how im expecting it
20:35 DammitJim bbendy, I've done some... why?
20:35 pipps joined #salt
20:36 bbendy DammitJim, is there a way to use the result set in a forloop? the data im getting back is nested, ive messed with the "depth" setting but still not working
20:36 DammitJim wait, I've managed mysql (to create accounts).. I haven't ran queries
20:37 bbendy it seems like no one uses it, i see very little hits on google for it :)
20:37 bbendy DammitJim, im trying to use https://docs.saltstack.com/en/latest/ref/pillar/all/salt.pillar.mysql.html
20:37 DammitJim the question is... why are you using salt for mysql?
20:37 DammitJim mysql data is usually managed by an application (from what I can tell)
20:39 bbendy storing variables so i can do some file.managed based on whats in the database
20:39 ahammond bbendy do not make your master rely on a database being up. Instead have something that queries the data and persists it to disk (use msgpack for the cache format) and then pull from that using an external pillar. much faster and more reliable.
20:39 bbendy i was having a hell of a time passing in a multi dim array via the CLI
20:39 pipps99 joined #salt
20:40 bbendy ahammond, i guess that is a great point, so the pillar can read the msgpack format basically?
20:40 ahammond dunno, I've never tried to do it directly from /srv/pillar
20:40 ahammond it _might_ work, but I'd go with an ext_pillar.
20:41 brianfeister joined #salt
20:41 DammitJim ugh, I still need to learn how to use ext_pillar
20:42 akhter joined #salt
20:43 punkoivan joined #salt
20:43 ninjada joined #salt
20:43 murrdoc joined #salt
20:44 bbendy I guess that may be best
20:45 kevops joined #salt
20:45 kevops howdy all
20:46 kevops Can anybody give me some advice on this execution of a salt module as a condition in a state?
20:46 kevops {% if {{ salt['disk.usage']('capacity') > 70 }} %}
20:48 kevops basically, I want to execute a cleanup script if disk usage is above 70 %
20:50 tvinson kevops: lose the double brackets, you can't use those inside {% %}
20:50 sjmh ahammond : there isn't a msgpack external pillar is there?
20:51 bbendy I think ill just pass these vars via the CLI for now so I can get this done and then mess with that ext_pillar, but that does look like the hot ticket and then not depending on SQL at all
20:51 kevops @tvinson thanks!  will give it a shot.
20:52 sjmh bbendy - advantages and disadvantages to both.
20:52 bbendy sjmh, yeah, agreed.
20:53 bbendy can you pass multi dim arrays into the pillar? i cant find any docs that say yes or no on it
20:53 sjmh doing it via some system that dumps from a database to the filesystem means you're less coupled to the db and could switch it out to something else and just rewrite the script to point to the other source of info.  you're also not screwed if the db goes down.
20:54 sjmh on the other hand, your pillar data is going to have to wait for whatever interval you have on dumping that info out.  so if you're only dumping the db every 5 minutes, you'd have to wait 5 minutes before new pillar data becomes available
20:55 bbendy yeah, what i need this is for is near realtime, so id have to force a update before i ran it.
20:55 mowntan joined #salt
20:56 sjmh bbendy - sure, but then depending on your dataset size, it may start becoming faster to just talk to the db directly
20:56 bbendy sjmh, can you talk to the DB direct inside a state and im just not seeing that?
20:56 _beardedeagle joined #salt
20:57 sjmh you can use an exec module inside a state
20:57 sjmh and there's a mysql exec module
20:57 sjmh so your minion running the state could talk to the mysql db directly instead of doing it on the master and saving it as pillar
20:58 bbendy could do that as well, wasnt even thinking of that
20:58 sjmh what's the salt motto again? they give you enough rope to hang yourself with.  a lot of ways to skin the cat here depending on what you need.
20:59 bbendy yes, ive been hanging myself a lot lately :)
20:59 sjmh haha, so have I :)
21:01 ageorgop joined #salt
21:02 baweaver joined #salt
21:05 Skwirelz joined #salt
21:06 akhter joined #salt
21:07 pipps joined #salt
21:07 pipps_ joined #salt
21:09 Garyx joined #salt
21:10 lws joined #salt
21:11 kingscott joined #salt
21:12 ivanjaros3916 joined #salt
21:12 kingscott Is there a way to run multiple terminal commands through a salt state? I am trying to set up beyondtrust AD authentication through a salt state, and am running into issues when trying to use curl in a .sls file.
21:12 Garyx joined #salt
21:13 dmaiocchi joined #salt
21:14 kevops exit
21:14 ninjada joined #salt
21:16 nZac joined #salt
21:20 jfindlay kingscott: do you have an example of what you're trying to do?  I am unsure what you mean by running multiple commands through a state
21:23 akhter joined #salt
21:24 jhauser joined #salt
21:33 kingscott @jfindlay 'curl http://url.here -o pbis.h' then run the command sh pbis.sh
21:34 rem5 joined #salt
21:35 zmalone kingscott: I think your | was the problem, but that vendor's installer bundle scared me
21:35 zmalone any security vendor distributing their product via a shell script hosted over plain http seems like they can't be trusted
21:36 zmalone it works over http, but not https
21:36 kingscott @zamalone, sorry that's not the real url. this is: http://download.beyondtrust.com/PBISO/8.3/pbis-open-8.3.0.3287.linux.x86_64.deb.sh
21:37 jfindlay kingscott: you could run two states, one to download the script and the other to run it, or as zmalone suggests, download it to the master, inspect the contents to be sure, and then push it to the minions over salt://
21:37 mowntan joined #salt
21:38 kingscott great idea. thanks. (still pretty new to salt).
21:38 ageorgop joined #salt
21:39 Garyx joined #salt
21:42 AdamSewell joined #salt
21:45 autofsckk joined #salt
21:50 AdamSewell joined #salt
21:50 spuder joined #salt
21:51 salty_solution joined #salt
21:51 salty_solution I have a question about enterprise role management
21:53 jfindlay salty_solution: what's your question?
21:54 salty_solution Do you know you the enterprise is implementing role management? Are they leveraging common linux tools?
21:55 pirxthepilot joined #salt
21:57 jfindlay yes, yes
21:58 ninjada joined #salt
22:00 lorengordon joined #salt
22:01 notnotpe_ joined #salt
22:02 goki joined #salt
22:02 pipps joined #salt
22:02 josuebrunel joined #salt
22:02 XenophonF joined #salt
22:03 pipps joined #salt
22:04 sarlalian joined #salt
22:04 keekz joined #salt
22:06 terratoma joined #salt
22:06 Hivlaher joined #salt
22:10 rickflare joined #salt
22:12 Cidan joined #salt
22:13 ninjada joined #salt
22:15 pipps joined #salt
22:18 mowntan joined #salt
22:20 Garyx joined #salt
22:26 Garyx joined #salt
22:29 brianfeister joined #salt
22:30 spuder joined #salt
22:33 Garyx joined #salt
22:36 Garyx joined #salt
22:37 ajw0100 joined #salt
22:37 baweaver joined #salt
22:38 zenlot6 joined #salt
22:46 ageorgop joined #salt
22:47 amcorreia joined #salt
22:47 Raynor joined #salt
22:51 ageorgop joined #salt
22:57 PredatorVI When I run a highstate from the master on a few clean minions I get "Minion did not return. [No Response]", but it works directly from the minion.  I suspect that the connection is timing out because it is downloading and installing the Oracle JDK among other things.  Is it the minion or master timeout that I should fiddle with?
22:58 hemebond PredatorVI: https://docs.saltstack.com/en/latest/ref/cli/salt.html#cmdoption-salt-t
22:59 AdamSewell joined #salt
23:00 jfindlay I don't have any experience debugging such things, but the minion is supposed to ping the master regularly on any unfinished jobs to block the master cli, for example
23:00 gladiatr joined #salt
23:01 ssplatt joined #salt
23:01 pipps joined #salt
23:02 theanalyst joined #salt
23:05 pipps joined #salt
23:06 adongy joined #salt
23:07 PredatorVI Okay...I am trying to use the option in the master config and I"m up to 2 minutes.  The JDK download can be slow and most of our machines do it and when running orchestrations via salt-api to do highstate and things timeout, it's hard to know where the block is.  Maybe at all 3 levels.
23:10 jfindlay you could watch the master and minion debug logs
23:10 jfindlay sorry that I don't have more specific things to try
23:10 PredatorVI k
23:10 jfindlay can you download the JDK first and host it locally?
23:10 PredatorVI not easily
23:11 PredatorVI Well, at least not using the current repository process
23:12 PredatorVI The standard ZIP structure doesn't match the normal Ubuntu install locations and the PPA package handles downloading that ZIP directly from Oracle, accepting license and laying down packages in the right folders.
23:13 edrocks joined #salt
23:14 jfindlay that sounds hard to modify
23:17 kevinquinnyo joined #salt
23:17 mapu joined #salt
23:19 bltmiller joined #salt
23:20 kinow joined #salt
23:25 bltmiller I'm trying to get a masterless minion to have certain targets applied. all the targets in my top.sls use node groups, and I'm using gitfs backend. I'm coming up short trying to figure out how to have a masterless minion get a node group target to apply to it. anyone have any ideas?
23:29 lero joined #salt
23:29 gladiatr bltmiller: is the top file from a salt-master running in a different environment?
23:30 bltmiller gladiatr: negative, I only have one environment
23:31 gladiatr Gotcha.  I haven’t actually done much in a masterless environment, but the bit that I have done I created minon-specific sls files e.g.: /srv/salt/roles/somerole.sls with a list of includes.
23:32 gladiatr since there’s no master, the targetting features of top files doesn’t come into play
23:32 bltmiller I see. what I'm trying to accomplish is I'd like to hand my developers an exact copy of server environment for local development on their own machines
23:33 jmackie joined #salt
23:33 gladiatr are you using multiple fileserver environments?
23:33 jmackie Targeting nodegroups via Salt-Api, whats the format of the tgt= in the request?
23:33 ageorgop joined #salt
23:33 bltmiller gladiatr: negative
23:33 ninjada joined #salt
23:36 mosen joined #salt
23:37 yidhra joined #salt
23:37 gladiatr btmiller: hrm… well, according to the docs, masterless setups do indeed support the top subsystem...
23:37 bltmiller I'm having trouble finding documentation on it
23:37 bltmiller link?
23:38 cpowell joined #salt
23:38 bltmiller perhaps I just need to define my nodegroups in my minion config file...
23:38 gladiatr bltmiller: out of curiosity, how are you defining them now?
23:38 pipps joined #salt
23:39 bltmiller how do you mean? I'm defining my nodegroups based on hostname. e.g. dbserver: 'postgres*'
23:40 bltmiller aha! that's all I needed, just add the nodegroups dictionary to /etc/salt/minion
23:41 gladiatr bltmiller: just looking at the docs—they mention the nodegroup defs being contained in the master configuration file.
23:41 jfindlay bltmiller: https://docs.saltstack.com/en/latest/topics/tutorials/quickstart.html#create-state-tree, https://docs.saltstack.com/en/latest/topics/tutorials/standalone_minion.html#running-states-masterless
23:42 jfindlay bltmiller: in masterless mode, many (most?) master configs can be put into the minion config
23:43 west575 joined #salt
23:43 gladiatr bltmiller: indeed.  I think that you’re on the right track with defining your nodegroups in your minion config file
23:44 bltmiller yep, definitely just had that "aha!...duh" moment
23:44 pipps joined #salt
23:44 bltmiller one of those small things that'll help me wrap my head around salt in general a bit better ^_^
23:45 * gladiatr nods
23:45 gladiatr just don’t get it stuck in the reactor! (nyuk, nyuk, nyuk!)
23:45 bltmiller thanks @jfindlay as well, wasn't obvious at first in those docs ????
23:45 pipps joined #salt
23:50 ninjada_ joined #salt
23:53 SeaPhor joined #salt
23:55 mapu joined #salt
23:56 SeaPhor I've been using puppet for some years, and now am going to try to switch to salt, any good resources and/or tutorials that are 'supported' and/or "Best-Practices"? and does it work well with 'git' ?
23:58 jfindlay SeaPhor: I would start here: https://docs.saltstack.com/en/getstarted/
23:58 jfindlay salt has great git support
23:59 SeaPhor jfindlay, TY for the reply, wasn't expecting one so soon :D
23:59 jfindlay sure :)

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary