Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2016-05-06

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:00 hal58th joined #salt
00:02 zmalone joined #salt
00:02 iggy ahammond: try pillar.item
00:02 iggy or make sure you're doing saltutil.refresh_pillar
00:03 rmnuvg joined #salt
00:03 ahammond ah, I bet that's id.
00:06 flowstate joined #salt
00:06 cpowell joined #salt
00:07 ninjada joined #salt
00:08 spuder joined #salt
00:10 spuder_ joined #salt
00:11 yidhra_ joined #salt
00:18 flowstate joined #salt
00:28 devops what can I do if salt top.sls is somehow stuck on salt master. I pushed changes few hours ago, but state.show_top still returns old top. Meanwhile all other changes were applied correctly
00:30 devops I removed a state, let’s name it somestate.sls, and removed it from top.sls. Now I can’t run state.highstate because salt says No matching sls found for ‘somestate’ in env 'base'
00:32 mosen joined #salt
00:34 amcorreia joined #salt
00:36 cpowell joined #salt
00:38 SheetiS joined #salt
00:39 estahn joined #salt
00:44 ninjada anyone know how i can setup a salt-master running only python27 with amazon linux?
00:44 hrumph hi sorry this is OT and i'm not getting any help but it has to do with a salt deployment which is starting to look really sweet
00:44 hrumph all the same my windows knowledge is sadly limited
00:44 ninjada moment i try and install salt via the amazon linux repo it tries to install python26 stuff
00:45 hrumph i'm using salt to push windows software and what i have working is working really well and is making salt look really awesome
00:45 hrumph so here's the question could windows suddenly reboot during an install (because of autoupdates) and wreck everything? (e.g. corrupt the registry and so forth)?
00:45 jvblasco joined #salt
00:47 iggy I would think the installer service puts a lock on rebooting mid-install
00:47 hrumph good i sure hope so
00:47 iggy but since I haven't touched windows in years...
00:48 hrumph iggy yeah when i use windows i really see the flaws
00:48 hrumph the fact it wants to reboot just beacuse you installed or deinstalled something
00:48 Eugene Like most "hardcore techies", the wild iggy is a cave-dwelling creature. It has a subsistence diet of chroots and python
00:48 hrumph or it want to reboot because you updated the .net framework or whatever
00:48 hrumph not to mention the 20 minute wait
00:48 thalleralexander joined #salt
00:48 Eugene It has not seen "windows" in years, never mind daylight
00:48 * Eugene shows himself out
00:51 mschiff joined #salt
00:51 cb joined #salt
00:54 nethershaw joined #salt
00:56 Jarus joined #salt
01:02 iceyao joined #salt
01:05 devops FYI: there is a weird bug in salt gitfs module. I’ve cleared cache on salt master and salt minion. it did not help. I had to delete ALL non-master branches in salt repo in order to finally get rid of phantom “somestate”
01:06 iceyao_ joined #salt
01:09 pipps joined #salt
01:15 justanotheruser joined #salt
01:16 flowstate joined #salt
01:18 west575 joined #salt
01:18 racooper joined #salt
01:20 jfelchner joined #salt
01:23 tristianc_ joined #salt
01:33 Karunamon joined #salt
01:34 spuder joined #salt
01:35 spuder_ joined #salt
01:46 SeaPhor joined #salt
01:47 ilbot3 joined #salt
01:47 Topic for #salt is now Welcome to #salt! | Latest Versions: 2015.8.8, 2016.3.0rc2 | Support: https://www.saltstack.com/support/ | Logs: http://irclog.perlgeek.de/salt/ | Paste: https://gist.github.com/ (please don't multiline paste into channel) | See also: #salt-devel, #salt-offtopic | Ask with patience as we are volunteers and may not have immediate answers"
01:47 quasiben joined #salt
01:48 tristianc_ joined #salt
01:49 michelangelo joined #salt
01:54 pipps99 joined #salt
01:55 hasues joined #salt
02:03 hasues left #salt
02:08 ageorgop joined #salt
02:15 flowstate joined #salt
02:24 madpenguin joined #salt
02:29 madpenguin joined #salt
02:30 linelevel joined #salt
02:33 quasiben joined #salt
02:34 writtenoff joined #salt
02:34 favadi joined #salt
02:40 iceyao joined #salt
02:43 west575 joined #salt
02:43 ajolo joined #salt
02:43 higuita joined #salt
02:48 west575 joined #salt
02:48 evle joined #salt
02:55 SeaPhor joined #salt
02:55 mapu_ joined #salt
02:57 cpowell joined #salt
02:59 kevinquinnyo1 joined #salt
03:01 cliluw joined #salt
03:03 colegatron joined #salt
03:11 brianfeister joined #salt
03:15 flowstate joined #salt
03:16 west575 joined #salt
03:18 madpengu_ joined #salt
03:21 west575 joined #salt
03:26 madpenguin joined #salt
03:27 spuder joined #salt
04:17 flowstate joined #salt
04:19 rihannon joined #salt
04:22 jvblasco joined #salt
04:26 dendazen joined #salt
04:35 cpowell joined #salt
04:35 rdas joined #salt
04:44 Edgan joined #salt
04:44 manji joined #salt
04:50 armguy joined #salt
04:55 mosen joined #salt
04:57 rihannon1 joined #salt
05:00 brianfeister joined #salt
05:03 sauvin joined #salt
05:08 Eugene joined #salt
05:14 subsignal joined #salt
05:15 asoc_ joined #salt
05:17 flowstate joined #salt
05:23 brianfeister joined #salt
05:27 impi joined #salt
05:27 garphy joined #salt
05:34 manji joined #salt
05:37 madpenguin joined #salt
05:42 west575 joined #salt
05:46 Sammichmaker joined #salt
05:47 west575 joined #salt
05:56 favadi joined #salt
06:00 fracklen joined #salt
06:02 kshlm joined #salt
06:02 kawa2014 joined #salt
06:04 brianfeister joined #salt
06:10 jvblasco joined #salt
06:16 flowstate joined #salt
06:16 Ayo joined #salt
06:17 subsignal joined #salt
06:18 linelevel joined #salt
06:25 duncanmv joined #salt
06:25 west575 joined #salt
06:37 jvblasco joined #salt
06:41 k_sze[work] joined #salt
06:42 k_sze[work] How do minions communicate with the master?
06:42 k_sze[work] Do they maintain an open TCP connection with the master?
06:43 k_sze[work] e.g. I have a minion behind NAT, and I have edited the /etc/hosts file of that minion so it can reach my master. But why does that work at all?
06:43 k_sze[work] I can do `salt myminion test.ping` and the minion would respond.
06:45 honestly the minion keeps a connection to the master open and polls for jobs
06:54 west575 joined #salt
06:59 west575 joined #salt
07:00 jvblasco_ joined #salt
07:01 dgutu joined #salt
07:10 west575 joined #salt
07:16 flowstate joined #salt
07:17 bisleri joined #salt
07:17 bisleri hii
07:18 bisleri In salt stack file, I need to pass output of one command as argument  to other command. Can you guys help me?
07:19 irctc119 joined #salt
07:23 west575 joined #salt
07:28 seba__ joined #salt
07:34 west575 joined #salt
07:42 manji joined #salt
07:42 west575 joined #salt
07:43 lero joined #salt
07:43 josuebrunel joined #salt
07:43 armguy joined #salt
07:44 Rumbles joined #salt
07:45 manji joined #salt
07:45 JohnnyRun joined #salt
07:49 linelevel joined #salt
07:49 impi joined #salt
07:56 ivanjaros joined #salt
07:56 phtes_ joined #salt
07:57 linjan joined #salt
07:58 kutenai_ joined #salt
08:02 catpig joined #salt
08:02 aw110f joined #salt
08:03 twodayslate_ joined #salt
08:04 losh joined #salt
08:04 brianfeister joined #salt
08:08 fgimian joined #salt
08:12 oida joined #salt
08:15 estahn can i get somehow all minions that are alive from the salt mine?
08:15 flowstate joined #salt
08:20 subsignal joined #salt
08:22 aw110f joined #salt
08:24 west575 joined #salt
08:25 bisleri joined #salt
08:27 slav0nic joined #salt
08:32 GreatSnoopy joined #salt
08:32 Sylvain31 joined #salt
08:34 tharkun joined #salt
08:35 rrei joined #salt
08:37 ninjada joined #salt
08:37 cpowell joined #salt
08:39 west575 joined #salt
08:43 west575 joined #salt
08:45 s_kunk joined #salt
08:50 ohe joined #salt
08:51 cyborglone joined #salt
08:54 west575 joined #salt
08:54 wych joined #salt
08:59 ivanjaros3916 joined #salt
09:00 rrei hi
09:02 Sylvain31 hi
09:04 Sylvain31 I'm trying to configure a formula: https://github.com/saltstack-formulas/powerdns-formula some pillar seems missing in jinja: allow-axfr-ips={{ pillar['networks']['dns-master']['ip'] }} this raise an error.
09:07 rrei did you add the missing pillar?
09:10 Sylvain31 rrei: I'm trying, I added an ip for a dns-master… are this data in pillar a known base about using formulas?
09:11 aw110f joined #salt
09:14 west575 joined #salt
09:14 aw110f_ joined #salt
09:16 flowstate joined #salt
09:19 Sylvain31 rrei: I don't know where to put it for know. I got SLS rendering failed…
09:21 Sylvain31 https://gist.github.com/anonymous/a33f3e9265423fe9a57a54a1efecd0d1
09:22 west575 joined #salt
09:29 hlub is it possible to run a state only if a module function returns some specific value?
09:30 Sylvain31 hlub: it is not like grains?
09:31 hlub I have a status function that I'd like to test.
09:31 hlub not very static data...
09:31 Miouge joined #salt
09:33 rrei well
09:34 rrei Sylvain31: I was going to suggest what you did
09:34 Sylvain31 hlub: I was thinking about https://docs.saltstack.com/en/latest/topics/targeting/grains.html#writing-grains not tested…
09:34 rrei you should try to run with '-ldebug'
09:34 rrei to find out why it doesn't render
09:35 Sylvain31 rrei: I splited in a networks/init.sls I always get "        - Rendering SLS 'networks' failed. Please see master log for details."
09:35 rrei did you see the master log file?
09:35 Sylvain31 I guess I've to read more doc ;)
09:36 rrei running with '-ldebug' will output lots of information about the rendering process
09:36 Sylvain31 the log say the same thing
09:36 Sylvain31 yes I need to pass in debug ;)
09:37 rrei oh wait
09:37 rrei I think I spotted one thing that is wrong in your code
09:37 rrei you have commented out a line
09:37 rrei which is a yaml comment, but not a jinja comment
09:37 ninjada joined #salt
09:37 rrei (your last line)
09:37 rrei # powerdns: allow-axfr-ips={{ pillar['networks']['dns-master']['ip'] }}
09:38 dmaiocchi joined #salt
09:38 rrei so jinja will actually render this and access pillar
09:38 rrei but since this occurs in the same file where the pillar is defined those variables may not be accessible yet
09:38 rrei just guessing
09:38 Sylvain31 vomit
09:39 Sylvain31 :D I hope you're kidding !
09:39 rrei turn that into a jinja comment with {# #} and try again
09:39 rrei that *could* be the problem
09:39 Sylvain31 is vomitting twice
09:39 rrei was that it?!
09:39 Sylvain31 w8
09:41 Sylvain31 yes, removing the comment helped…
09:41 rrei fuck yeah! :D
09:43 rrei you need to be aware of the difference between yaml comments and jinja comments. yaml comments are still rendered by jinja, since jinja is applied first to each file, and only then the yaml renderer is run
09:44 west575 joined #salt
09:44 rrei if you use jinja comments you are guaranteed to avoid this kind of problems
09:44 dmaiocchi_ joined #salt
09:45 Sylvain31 rrei: oh, you mean that in this particular case the comment was embedding a jinja allowed syntax and was rendered in the yaml…
09:46 rrei I don't understand exactly what you mean, but I'll rephrase
09:46 rrei what I understand from the rendering of a file by salt is
09:46 rrei 1) file is rendered by jinja
09:46 rrei 2) file is passed through yaml renderer to produce an ordered dict
09:46 rrei # is used for yaml comments
09:47 rrei {# #} is used for jinja comments
09:47 Sylvain31 correct. That was I was weaning.
09:47 rrei jinja comments are entirely removed in step 1
09:47 Sylvain31 weaning = meaning
09:47 rrei however
09:47 rrei yaml comments are not special to the jinja renderer
09:47 rrei so
09:47 hlub yes, it is possible to update grains but it still sounds a bit workaround in some cases especially because it is possible to have onlyif conditions which call shell commands.
09:48 rrei when the jinja renderer finds # {{ pillar.foo.bar }} it will actually render this and the pillar *must* exist
09:48 sauvin joined #salt
09:49 rrei so if you change that to a jinja comment '{# {{ pillar.foo.bar }} #}' then the jinja renderer will simply remove this from its output and not try to access the pillar
09:50 rrei please someone correct me if i'm saying something wrong
09:51 Sylvain31 rrei: greate to know it! I'm reading the debug output to try to see it.
09:53 dmaiocchi_ joined #salt
09:53 jvblasco_ joined #salt
09:53 brianfeister joined #salt
10:00 pfallenop joined #salt
10:00 Sylvain31 rrei: comment added here with the debug output. Newbee error. Good to know it, hard to see… https://gist.github.com/anonymous/a33f3e9265423fe9a57a54a1efecd0d1
10:01 rrei yeah, you have to know a bit of the inner workings of the sls rendering pipeline
10:01 rrei glad I could help :)
10:05 apofis joined #salt
10:08 Sylvain31 yeah! thanks.
10:10 west575 joined #salt
10:10 Sylvain31 salt 'dns*' pillar.items gives the data now. The error is now somewhere else ;)
10:15 impi joined #salt
10:16 brianfeister joined #salt
10:17 flowstate joined #salt
10:22 subsignal joined #salt
10:24 favadi joined #salt
10:26 g3cko joined #salt
10:26 jhauser joined #salt
10:37 fracklen joined #salt
10:38 fracklen joined #salt
10:38 cpowell joined #salt
10:46 dendazen joined #salt
10:47 k_sze[work] joined #salt
10:55 dabb joined #salt
11:02 Ayo joined #salt
11:06 Miouge joined #salt
11:09 ninjada joined #salt
11:16 flowstate joined #salt
11:19 amcorreia joined #salt
11:23 subsignal joined #salt
11:26 kevinquinnyo1 joined #salt
11:27 ivanjaros joined #salt
11:39 Sylvain31 I have a template in jinja which contain a condition  {% if 'dns-supermaster' in grains['role'] %} it fails currently. But if I run "salt 'dns*' grains.item role" I have the grain affected. The jinja parsing error is: TypeError: argument of type 'StrictUndefined' is not iterable
11:43 Sylvain31 may be an old syntax? the formula is not modified since 3 years now. https://github.com/saltstack-formulas/powerdns-formula
11:44 AndreasLutro no, the syntax is fine
11:44 quasiben joined #salt
11:44 AndreasLutro though using grains for roles is discouraged
11:48 feld joined #salt
11:51 kevinquinnyo1 why is using grains for roles considered poor practice, but using the minion_id / fqdn not?
11:52 kevinquinnyo1 from a security perspective, if /etc/salt/grains is set to 700 permissions, wouldnt it still require root compromise for a minion to change it's role to something bad
11:52 estahn joined #salt
11:57 teatime kevinquinnyo1: because grain values are controlled by the minion, but minion_id is not
11:57 AndreasLutro a compromised root user is what you should be prepared for
11:57 teatime if someone gets root on a minion, can they can change the grains, and get the master to send that minion data for other minions
11:57 AndreasLutro chances are if someone's qualified to hack into your host, they're qualified to get root as well
11:57 teatime but they can't change the minion id
11:58 kevinquinnyo1 oh well they could change the minion_id but if they did that the saltmaster would invalidate the authentication
11:58 kevinquinnyo1 so yeah i guess that makes sense
11:59 estahn joined #salt
12:01 Sylvain31 AndreasLutro: do you have a link speaking about "grains for roles is discouraged"?
12:07 flowstate joined #salt
12:10 teatime it's more like, using grains for targeting or sensitive data is discouraged; use minion id for targeting and pillars for sensitive data instead.
12:11 teatime and here's the link you request: https://docs.saltstack.com/en/develop/faq.html#faq-grain-security
12:11 rem5 joined #salt
12:12 teatime er, and I suppose you can't really communicate sensitive data via grains; that part should be saltfs vs pillar
12:12 teatime I guess they're not really related issued, not sure why I conflated them
12:13 Garyx joined #salt
12:13 Sylvain31 teatime: thanks
12:15 DammitJim joined #salt
12:18 slav0nic slides/video from latest saltconf16 still unavailable?
12:23 akhter joined #salt
12:25 iceyao joined #salt
12:26 fracklen joined #salt
12:29 linelevel joined #salt
12:30 akhter joined #salt
12:30 AndreasLutro Sylvain31: https://www.lutro.me/posts/dangers-of-targetting-grains-in-salt
12:35 akhter_1 joined #salt
12:37 Rumbles joined #salt
12:40 kawa2014 joined #salt
12:42 garphy joined #salt
12:42 numkem joined #salt
12:44 iceyao joined #salt
12:45 rem5 joined #salt
12:45 viq joined #salt
12:47 flowstate joined #salt
12:50 dendazen joined #salt
12:52 Sylvain31 thanks
12:52 ssplatt joined #salt
12:55 amcorreia joined #salt
12:55 gh34 joined #salt
12:56 garphy joined #salt
12:56 favadi joined #salt
12:57 subsignal joined #salt
12:58 iceyao joined #salt
13:04 rem5 joined #salt
13:07 squishypebble joined #salt
13:09 ferbla joined #salt
13:11 subsignal joined #salt
13:13 subsigna_ joined #salt
13:14 ferbla Hey everyone
13:14 ferbla What is a salty way to change a windows minion id remotely?
13:18 iceyao joined #salt
13:18 quasiben joined #salt
13:20 rem5 joined #salt
13:21 tkharju joined #salt
13:21 w1gz joined #salt
13:22 spuder joined #salt
13:23 w1gz left #salt
13:28 iceyao joined #salt
13:29 rbjorklin joined #salt
13:29 racooper joined #salt
13:30 rbjorklin Hey, what's the key in salt-cloud to change the storage option from the default 'standard' to 'gp2' for the / volume with EC2 as provider?
13:31 jad_jay joined #salt
13:32 jad_jay Hello
13:32 Ayo_ joined #salt
13:33 jad_jay I need to know if there is a clean way to push file from minion and to integrate this to a state ?
13:33 estahn joined #salt
13:33 kevinquinnyo1 jad_jay: file.managed ?
13:34 jad_jay kevinquinnyo1 : maybe
13:34 kevinquinnyo1 https://docs.saltstack.com/en/latest/ref/states/all/salt.states.file.html#salt.states.file.managed
13:35 kevinquinnyo1 jad_jay: the source file can be a template and you can pass context variables to it
13:35 kevinquinnyo1 so an nginx vhost might have something like:  server_name {{ server_name }}
13:36 kevinquinnyo1 and you pass server_name in through file.managed in the context key
13:36 jad_jay hum
13:36 jad_jay This is not exactly what i need
13:36 iceyao joined #salt
13:36 kevinquinnyo1 what are you trying to accomplish
13:37 jad_jay I have files on a minion
13:37 kevinquinnyo1 ohhh
13:37 kevinquinnyo1 you said push file from minion
13:37 jad_jay and I need to get them straight to my state files
13:37 jad_jay then edit them
13:37 jad_jay and them distibut this to others minions
13:38 kevinquinnyo1 i think there might be a way to do this but from a security perspective it's not smart to allow the minions to write to the saltmaster probably
13:38 jad_jay kevinquinnyo1 does this even exist ? such case ?
13:38 kevinquinnyo1 also it's antithetical to most configuration management approaches
13:38 jad_jay yeah I know
13:38 jad_jay I need this as a shorcut
13:39 kevinquinnyo1 teatime: do you remember that option that allows minions to write back a file to the saltmaster?  I think it was you that found that once
13:39 jad_jay ok so cp.push, cp from cache to state and so one
13:39 kevinquinnyo1 yeah that might be it
13:39 perfectsine joined #salt
13:40 kevinquinnyo1 you can also set file contents as a grain if it's not sensitive, and then use saltmine to allow other minions to snag the contents
13:40 jad_jay hum sometimes salt philosophy just crash with my own state of mind
13:41 racooper joined #salt
13:41 cpowell joined #salt
13:42 rem5 joined #salt
13:44 teatime kevinquinnyo1: you really don't need to make something into a grain to push it into mine
13:45 estahn joined #salt
13:51 ninjada joined #salt
13:54 sdemura joined #salt
13:55 TooLmaN joined #salt
13:55 Ayo joined #salt
13:57 flowstate I'm trying to use the return of a cmd.run_stdout in jinja, and I'm getting errors
13:58 iceyao joined #salt
13:59 teatime ...
13:59 teatime is that all we get to go off of? :)
13:59 jerredbell joined #salt
14:00 flowstate http://pastebin.com/1v0pJC2P
14:00 flowstate sorry, building the pastebin
14:00 flowstate which I probably should have done before starting the question
14:00 flowstate in retrospect
14:01 Ayo joined #salt
14:02 teatime at a first guess it looks like cmd.stdout is doing it's own word splitting or something
14:02 keimlink joined #salt
14:02 teatime I'll look into it.  but also jsyk `grep -o company-.*` is kinda problematic since usually the * would be interpreted by the shell, you should quote that
14:04 flowstate ahh, quotes
14:04 flowstate yeah, I'm a bit of a bash noobie
14:04 flowstate so I am super-willing to accept that it's all my newbishness
14:05 estahn joined #salt
14:05 flowstate I'm just trying to get the latest file from an s3 bucket if the pillar doesn't provide a build number
14:05 flowstate and that hacky bash is the best way I've found so far
14:05 teatime no it's weird
14:05 teatime I don't know why what you put wouldn't work
14:05 flowstate k
14:05 flowstate I'm going to dive into it as well, so I'll let you know what I find
14:09 mapu joined #salt
14:10 teatime ohh
14:10 flowstate I like that sound
14:10 flowstate that sounds like an epiphany
14:10 _JZ_ joined #salt
14:10 teatime you're not setting python_shell are you
14:10 flowstate since I have no idea what that is, it's a good bet that I'm not
14:11 teatime try this instead:
14:12 teatime salt['cmd.run_stdout'](cmd="aws s3 ls s3://path/ | sort | tail -n 1 | grep -o 'company-.*'", python_shell=True)
14:12 punkoivan joined #salt
14:12 teatime apparently the default is indeed to skip shell interpolation and do word-splitting itself
14:12 flowstate ohhhh because it's a shell command
14:12 flowstate where did you find the docs for that? I couldn't find anything more than an example of a file test
14:13 teatime https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.cmdmod.html#salt.modules.cmdmod.run
14:13 teatime ^^ start here and scroll down to the 'Warning' box w/ the red border
14:13 flowstate HAHA
14:13 flowstate it's in red
14:13 flowstate and bold
14:13 flowstate WARNING
14:13 flowstate sigh.
14:13 teatime also, all of them document the python_shell param with "If False, let python handle the positional arguments. Set to True to use shell features, such as pipes or redirection"
14:14 sagerdearia joined #salt
14:14 flowstate I'm the best at reading documentation
14:14 teatime lol don't feel bad, I don't think the warning box is on run_stdout, just run
14:14 flowstate thanks so much, this was blocking my prod infrastructure
14:14 flowstate rollout
14:14 teatime n/p
14:20 akhter joined #salt
14:20 iceyao joined #salt
14:24 akhter joined #salt
14:24 spuder joined #salt
14:31 akhter joined #salt
14:37 iceyao joined #salt
14:38 Garo_ joined #salt
14:39 dezertol joined #salt
14:41 mpanetta_ joined #salt
14:46 teryx510 joined #salt
14:46 dezertol joined #salt
14:52 cpowell joined #salt
14:55 cpowell_ joined #salt
14:55 yomilk joined #salt
14:55 quantumsummers joined #salt
14:58 garphy joined #salt
14:59 west575 joined #salt
15:00 quantumsummers I am experiencing a strange result in pillar rendering when using salt-ssh. I have a few pillar envs, base, dev, prod, etc, mostly identical. I am seeing ordering issues when they are rendered. It is not consistent now, whereas it has been consistent in the past.
15:00 quantumsummers Fairly stumped
15:00 quantumsummers basepi: have you seen this before?
15:02 jad_jay I can't understand why my moved file on master appear still in minion...
15:02 rykan joined #salt
15:03 rykan left #salt
15:03 ssplatt joined #salt
15:03 hasues joined #salt
15:05 hasues left #salt
15:10 rihannon joined #salt
15:21 onlyanegg joined #salt
15:22 AdamSewell joined #salt
15:24 iceyao joined #salt
15:25 spuder joined #salt
15:30 iceyao_ joined #salt
15:32 zmalone joined #salt
15:32 cyborg-one joined #salt
15:34 cro joined #salt
15:36 brotatochip joined #salt
15:38 ivanjaros joined #salt
15:39 irctc620 hello
15:39 catpig joined #salt
15:39 irctc620 wondering if there is anyone out there how has gotten salt minion on solaris 5.10 sparc working with OpenCSW recently?
15:40 irctc620 I have manage to get it slowing working but now I am stuck at the m2crypto dependency
15:40 irctc620 upgraded to python 2.7.
15:40 irctc620 fixed up the zmq module
15:41 irctc620 but its breaking at the m2crypto now
15:41 irctc620 :(
15:41 gtmanfred if you get to 2015.8, it no longer uses m2crypto
15:43 irctc620 the version of solaris is  SunOS 5.10
15:44 irctc620 ver of salt is py_salt              CSWpy-salt           0.14.0,REV=2013.08.04
15:45 DammitJim can a salt master tell me the timestamp of a file on a minion? even if it isn't managed?
15:45 jad_jay Is it possible to say in file state that you need to delete in the minion
15:45 gtmanfred jad_jay: file.absent?
15:45 kevinquinnyo1 DammitJim: can you just do something like cmd.run stat /tmp/whatever-file
15:45 jad_jay gtmanfred, yes but for all not the specified one
15:46 gtmanfred i am sorry, i am not understanding what you are trying to do
15:46 armguy joined #salt
15:47 kevinquinnyo1 DammitJim: salt some-target cmd.run "stat -c '%z' /tmp"
15:47 kevinquinnyo1 gets the modification time if that's what you were after
15:47 bltmiller joined #salt
15:47 kevinquinnyo1 there might be a file. module function that does that in a more 'salty' way
15:47 DammitJim oh, interesting
15:47 DammitJim thanks
15:49 sdemura joined #salt
15:54 Salander27 joined #salt
15:55 codepanda joined #salt
15:59 codepanda just getting started with salt, and I'm having some trouble setting up ldap and provisioning some of the users' home directories locally
15:59 codepanda here is my sls: https://gist.github.com/codepanda/fa96912fadc6f6dfdd363a798c3c4901
15:59 codepanda what happens seems to be a race condition where sometimes ldap is up and running on the minion ready to identify the user, sometimes not
16:00 codepanda if I repeat the highstate immediately, it works perfectly (since nslcd and nscd have had a moment to settle out)
16:00 AndreasLutro codepanda: I have no idea how ldap works but this approach may help https://www.lutro.me/posts/wait-for-a-port-to-be-listening-in-salt
16:01 gtmanfred +1 do that, but not quite like that
16:01 AndreasLutro replace listening for a port with whatever check you need to see if your service is running
16:01 gtmanfred skip the port part with the ldap check part
16:01 codepanda AndreasLutro: oh cool. I'm really looking for more things I can do with wait, but I'm not sure the port will solve my problem
16:01 codepanda I've stepped through the whole process manually and found that the nscd --invalidate is the choke point
16:02 gtmanfred there is another thing that you can do with that
16:02 AndreasLutro doesn't matter as long as you can find a shell command that exits with 0 when ldap is operational
16:02 gtmanfred ^^
16:02 codepanda I thought about setting it up so nscd is disabled during the highstate and then enabled later, but that feels like it goes against the "state"-oriented system salt has going on
16:02 codepanda AndreasLutro: I think I can do that with the id command
16:03 onlyanegg joined #salt
16:03 * codepanda rereads AndreasLutro's link
16:04 gtmanfred the ideal situation is that if it uses systemd, the service would have a notify type set, and would use it correctly so the start command wouldn't exit until the service was actually started
16:05 gtmanfred unfortunately we don't live in a perfect world
16:05 gtmanfred so we have these weird little work aroudns
16:05 codepanda gtmanfred: yeah, it is systemd, but restarting nscd is not necessary, just to call nscd --invalidate. I've tried it both ways, though, and get the race condition both ways
16:08 codepanda AndreasLutro: is the onchanges in influxdb's cmd.run necessary? I'm guessing that having the cmd.run, its name and timeout, are sufficient for something else to require / wait on that cmd?
16:08 saltsa joined #salt
16:08 AndreasLutro codepanda: probably not necessary, but I don't want the command to run unless the service has changed as it could slow down my highstate
16:09 codepanda gotcha
16:09 codepanda so I would do that based on changes to the ldap config file
16:09 viq joined #salt
16:09 AndreasLutro possibly... or as a followup to your --invalidate command maybe
16:09 feliks joined #salt
16:09 AndreasLutro again I don't know a thing about how ldap or nscd works
16:10 codepanda I think I can figure it out from here, will let you know how it works out
16:13 wheaties joined #salt
16:13 wheaties is it possible to know when a salt-minion is busy handling a request from the master?
16:13 akhter joined #salt
16:14 wheaties I've tried googling this, but I can't seem to get the right terms
16:14 wheaties or find any results
16:14 wheaties I'd like to have a cronjob that bounces the salt minion, but only when it's not busy handling a request from the master
16:14 pdayton joined #salt
16:20 ageorgop joined #salt
16:20 hajhatte1 joined #salt
16:23 quantumsummers left #salt
16:24 jad_jay gtmanfred,
16:24 jad_jay gtmanfred, can I explain with example maybe ?
16:25 whatevsz joined #salt
16:25 jad_jay gtmanfred, first on master sls with directory test
16:25 jad_jay gtmanfred, apply on minion
16:25 jerredbell joined #salt
16:25 jad_jay so master = test/toto and minion=test/toto
16:26 jad_jay now mv on master toto to tata
16:26 jad_jay so master = test/tata and minion = test/toto
16:26 Ch3LL joined #salt
16:26 jad_jay when applying to minion I have
16:26 jad_jay master = test/tata and minion = test/toto,tata
16:26 dork joined #salt
16:26 TTimo joined #salt
16:27 AndreasLutro use file.recurse with clean: true
16:27 wheaties left #salt
16:27 jad_jay gtmanfred, I just want to delete toto now it has disappear on the master
16:27 rihannon joined #salt
16:27 jad_jay AndreasLutro, when i did this everything was deleted but the test dir
16:28 AndreasLutro then you can't get what you want
16:28 jad_jay AndreasLutro, why ?
16:29 rbjorklin joined #salt
16:30 LostSoul joined #salt
16:30 AndreasLutro because salt isn't psychic and can't guess what you want?
16:30 jad_jay left #salt
16:30 jad_jay joined #salt
16:30 dezertol joined #salt
16:30 jad_jay AndreasLutro, ????
16:30 Nebraskka joined #salt
16:30 JoeJulian joined #salt
16:30 jad_jay I moved a file on the master why it keeps it ?
16:31 AndreasLutro because you didn't specify clean: true
16:31 jad_jay ok seems to work finaly thanks
16:32 brotatochip joined #salt
16:32 marcinkuzminski joined #salt
16:32 jad_jay AndreasLutro, maybe I wasn't in recurse but directory, thanks a lot
16:32 twiedenbein joined #salt
16:32 AndreasLutro possible
16:33 nikogonzo joined #salt
16:34 Cottser joined #salt
16:34 rbjorkli1 joined #salt
16:35 tharkun joined #salt
16:36 quantumsummers joined #salt
16:36 quantumsummers Is there anything like state env_order but for pillar envs?
16:37 kaictl joined #salt
16:38 davisj joined #salt
16:38 monokrome joined #salt
16:39 dezertol when you run your state.. the state is compiled on the minion and the minion will then request the needed data from the pillar via the master.. in that sense.. ..
16:39 dezertol the only way to "order" it.. is to put it so that when it "squashes" down
16:39 dezertol that the value you want is the last set
16:39 dezertol so if you have two pillars with the same value
16:39 dezertol the last one will be the overriding value
16:42 dezertol https://docs.saltstack.com/en/latest/topics/pillar/#pillar-namespace-merges
16:42 dezertol for example..
16:42 tristianc joined #salt
16:42 dezertol the pillars merge .. and the last one set will be the override .. based of course on your search conditions in the top.sls file
16:45 bltmiller joined #salt
16:45 cnk joined #salt
16:46 jnials joined #salt
16:47 writtenoff joined #salt
16:47 basepi quantumsummers: can't say I have. file an issue, if you haven't already.
16:48 jad_jay_ joined #salt
16:51 jad_jay joined #salt
16:55 akhter joined #salt
16:59 akhter_1 joined #salt
17:06 tharkun joined #salt
17:08 Cottser joined #salt
17:09 monokrome joined #salt
17:11 envintus joined #salt
17:15 aw110f joined #salt
17:16 lws Hey,  I'm wondering how a rolling reboot would happen in saltstack
17:16 lws Is there something that requires the agent to come back online before moving on
17:16 racooper I've been told there's a way using reactor but I haven't done it myself yet.
17:16 lws racooper: Hmm..
17:17 lws Thanks
17:18 s_kunk joined #salt
17:19 lero joined #salt
17:23 twork_ joined #salt
17:24 iggy that's a commonly asked question, and there's not anything baked in to do it
17:24 iggy but it is possible to do
17:24 iggy reactor is one way, custom runner is another
17:25 lws Thanks iggy
17:26 lws Do you know of any examples you can point me to?
17:26 iggy not public
17:26 iggy I mean that starts to get into secret sauce territory that most companies don't want to share
17:26 lws Also, I'm wondering how SaltStack handles minion key rotation -- seems like there is something built in; but I'm not seeing the docs.
17:27 iggy you mean encryption key rotation? Yes, it handles it. It is documented somewhere (briefly)
17:27 twork_ i needs me some guidance. i know that pillar is in a standard python format (name escapes mme right now, but.) i need to do some "pillar" manipulation outside salt itself, i'm certin python has the tools to make that easy or at least practical, but i'm having a hard time finding the relevant docs, or if i'm lucky, a guide to db handling for the barely-python-aware.
17:27 lws I mean minion public/private key
17:28 AndreasLutro twork_: try external pillars - but you can't really manipulate existing pillar data, just add or overwrite existing data
17:29 twork_ specifically, i have a pillar, i have a pillar-like input, and i need to make a new pillar that adds some stuff that isn't in either one to begin with
17:29 AndreasLutro lws: minion keys are static, the master rotates its own key every 24 hours
17:29 twork_ AndreasLutro: that'd be fine
17:30 twork_ once or twice a day, i'll be replacing an old pillar with a new one made from the above
17:33 twork_ ...my hitch is, making the new one is a little more complicated than what (i think) salt can do itself, and what (i think) i need is to do this in python
17:33 AndreasLutro I did say external pillars
17:34 twork_ ah, yeah, i get you now; i misinterpreted your meaning at first
17:34 twork_ so, tips on non-salt tools or guides for the barely-python-conscious? i've one python projects in the past but oh boy am i rusty.
17:35 devops_ joined #salt
17:36 twork_ even just a reminder of what the pillar format is called
17:36 twork_ ...would get me a long way, i think
17:37 AndreasLutro no idea about guides but you're probably thinking of a dictionary?
17:37 twork_ probably!
17:37 twork_ thanks
17:38 twork_ that was 85% of what i came here for; the other 15% was a hail-mary, "oh yeah, i've had to do that before, go read at..."
17:39 yomilk joined #salt
17:41 robby_benton joined #salt
17:41 graffic joined #salt
17:41 iggy the default format for pillars is yaml+jinja
17:41 iggy you can write sls files in a number of different renderers
17:41 roock joined #salt
17:43 twork_ iggy: if that was meant for me: the input i have to work with is essentially two pillars
17:43 iggy you needn't write an ext_pillar
17:43 iggy twork_: can you gist some examples of what you have, and what you're trying to get out of it?
17:44 twork_ sure
17:45 iggy you generally don't want to rely on being able to access pillar data from one file in another one
17:45 iggy but let's see what you've got to work with first
17:46 twork_ this is user account manipulation, where the accounts are coming from a wacky input source. the gist is on the way.
17:49 ssplatt https://docs.saltstack.com/en/latest/ref/renderers/all/salt.renderers.gpg.html  says to put #!yaml|gpg at the top of a sls file to have it render the gpg bits, but doesn’t that order matter?  shouldn’t it be gpg|yaml?  or what am i missing because my gpg isn’t rendering
17:50 pdayton joined #salt
17:51 punkoivan joined #salt
17:51 AndreasLutro if it was gpg|yaml I don't think the renderer would be able to tell which bits are encrypted and which aren't
17:51 ssplatt hmm maybe i have a formatting issue then.  I’m tryign to see if i can encode an entire block of yaml instead of individual strings
17:54 rem5 joined #salt
17:55 ninjada joined #salt
17:55 ssplatt yeah that was it. i had | before the gpg block but that was bringing everything up to the line before, and i didn’t want that
17:59 ssplatt hmm.  pillar.get is givign the me the values fine but now its saying my sls won’t render.
17:59 ssplatt - extra the
18:02 pipps joined #salt
18:04 codepanda AndreasLutro: no dice. I've tried your command wait loop with id, getent passwd | grep, and with an actual chown. All of them succeed but then the next file.directory fails with "user is not available"
18:04 codepanda how can I find out what actual command file.directory is using to manage ownership, so I can figure out why it differs from a chown?
18:05 jnials joined #salt
18:06 twork_ iggy: this is way more than you need i think, but just to put it all in context: https://gist.github.com/mjinks/a20e46814589104d30bdaf2af718f8c5
18:07 ageorgop joined #salt
18:09 josuebrunel joined #salt
18:15 lungaro joined #salt
18:16 mapu joined #salt
18:16 sjmh why in the world would jobs.print_job take over a minute.. :/
18:17 GreatSnoopy joined #salt
18:22 aw110f joined #salt
18:24 kus joined #salt
18:24 jnials joined #salt
18:25 ajw0100 joined #salt
18:25 twork_ this (pillar merging business) is yet another spot where i figure it's got to be a common enough problem, or near enough, that there must be tools. i just don't have a broad enough experience working with this stuff to know which direction to read.
18:30 LotR twork_: try https://github.com/bbinet/pillarstack ?
18:31 renoirb I'm reading on how to organize orchestration code.  It feels confusing to write orchestration states within the state files.  I might be tempted to run `salt foo state.sls orchestration in /srv/salt/orchestration/init.sls
18:31 ageorgop1 joined #salt
18:32 renoirb It would work if I do `salt-run state.orchestrate orchestration` though.
18:32 renoirb I wonder what are the strategies for that matter
18:32 twork_ LotR: thanks, on my way
18:35 orion Hi. Is it possible to directly pass parameters to a jinja template?
18:36 orion I have a single templated python script that I want to use in multiple states, but I want certain values to be different.
18:36 twork_ LotR: oooh, promising...
18:36 twork_ ...or, fun at the very least...
18:40 armguy joined #salt
18:40 yomilk joined #salt
18:44 ZiLi0n joined #salt
18:44 Kruge Is there a Salt-y way to manage CA certificates? I can drop the cert into the right directory as part of a state, but I have to manually run update-ca-certs which seems a little... ugly.
18:44 teryx510 joined #salt
18:45 Kruge And it'd be nice to have it all done via reactor, too
18:45 akhter joined #salt
18:46 WKNiGHT joined #salt
18:46 codepanda Kruge: I just did this, hang on and I'll paste you the sls
18:46 ZiLi0n Hello everyone, do you use any tool to test your salt states? I am just thinking in the long term and I see that the Salt fomulas will have to deal with different versions of the services (http, etc), different OS, etc. So the states may change a lot dpendending on version and OS, the data would be different for each combination, etc... so thinking how to test all that without breadking anything... any suggestions for testing with Salt?
18:47 Kruge Cheers
18:48 codepanda Kruge: https://gist.github.com/codepanda/831f257ce1e10872d36257b52debe9b5
18:48 teryx5101 joined #salt
18:49 Kruge Amazing.  Thank you very much
18:49 flowstate joined #salt
18:50 renaissancedev joined #salt
18:52 LotR codepanda: what provides c_rehash? I have pretty much the same, but I use update-ca-certificates (from debian?) and I put it in /usr/local/share/ca-certificates, which is where update-ca-certificates looks for local stuff
18:52 LotR oh, it's part of openssl
18:54 pdayton joined #salt
18:57 codepanda LotR: hmmm. I don't remember how I landed on c_rehash instead of update-ca-certificates. possibly a google search
18:58 codepanda c_rehash states that it is working on /usr/local/share/ca-certificates, doesn't mention /etc/ssl/certs, however, the desired result does happen in /etc/ssl/certs
18:59 * LotR makes a note to investigate the differences
18:59 codepanda man says c_rehash looks at the SSL_CERT_DIR env var, falling back on an installation-specific default, usually /usr/loca/ssl/certs
19:01 codepanda c_rehash is provided by openssl, update-ca-certificates by ca-certificates
19:01 codepanda I guess both work, and update-ca-certificates is preferred on Debian systems?
19:02 pipps joined #salt
19:05 bltmiller joined #salt
19:05 flowstate joined #salt
19:08 sjorge joined #salt
19:10 bisleri joined #salt
19:10 bisleri Hii guys, I need some help in reactor/event
19:10 codepanda left #salt
19:11 bisleri when I call "salt-call event.send 'custom_event' 'test_arg' "
19:12 mapu joined #salt
19:12 bisleri it creates multiple events, but Event with custom_event tag and event which have args is different
19:13 CeBe joined #salt
19:13 renaissancedev joined #salt
19:13 Kruge codepanda: I used c_rehash on ubuntu 16.04 and it worked fine
19:13 punkoivan left #salt
19:13 bisleri How can I access test_arg in reactor
19:13 Kruge Oh.  Gone.
19:14 fracklen joined #salt
19:17 ry joined #salt
19:18 bisleri I have defined reactor to match for 'custom_event' tag,
19:28 bltmiller joined #salt
19:31 rem5 joined #salt
19:37 pipps joined #salt
19:38 ipmb joined #salt
19:44 pipps joined #salt
19:49 rem5 joined #salt
19:54 ageorgop joined #salt
19:54 CeBe joined #salt
19:56 Garyx joined #salt
19:57 subsignal joined #salt
19:58 fracklen joined #salt
19:58 keimlink joined #salt
20:01 belak joined #salt
20:02 belak joined #salt
20:02 XenophonF ZiLi0n: i'm following a github flow-like pattern in testing
20:02 ALLmightySPIFF joined #salt
20:02 XenophonF but the hard part is writing tests
20:02 XenophonF and then automating them
20:03 XenophonF so for now a lot of it is manual
20:05 west575 joined #salt
20:07 ZiLi0n XenophonF thanks!. I have just found that serverspec could be a good tool for integration testing. Googling around it seems that unit testing is not needed for automation tools, a higher level such as serverspec is enough. My worry is that serverspec requires to deploy and converge the node, etc.... I am not convinced yet that would be quick, that is why I was thinking of doing unit testing with salt, the feedback is immeediate.... but I haven't fo
20:07 ZiLi0n und how to do easy unit testing with salt yet...
20:08 Ayo joined #salt
20:09 mpanetta_ joined #salt
20:09 XenophonF I need to find time to jump into Jenkins.
20:10 XenophonF Ideally, my functional/system/user acceptance tests would be something that I would continue to run against my production environment, with results fed into my service monitoring infrastructure.
20:10 XenophonF i'm pretty far away from that point, though
20:11 XenophonF Most of what I'm doing has web interfaces, so I've been focusing on writing tests using Selenium.
20:11 XenophonF Learning Jenkins or a similar CI tool is next.
20:11 XenophonF Integrating with InterMapper and Zabbix comes after that.
20:12 XenophonF dunno if that's ultimately the right way to do things, just where my thoughts are right now
20:12 aw110f joined #salt
20:13 belak joined #salt
20:14 pipps joined #salt
20:14 XenophonF when i develop salt states, i do spot-checks with "test=True"
20:14 belak joined #salt
20:14 klotho joined #salt
20:14 XenophonF so let's say i am writing an sls called "ad.fs.farm"
20:15 XenophonF i can test what it will do using "salt minion state.sls ad.fs.farm saltenv=development test=True"
20:15 XenophonF just to make sure I made no obvious mistakes
20:15 XenophonF same goes for states or modules called out of that sls, if i'm writing them
20:16 klotho left #salt
20:16 XenophonF and if it looks like they'll apply cleanly, i remove the test flag and let them run on my target minion
20:16 XenophonF it's a little more cumbersome at work (compared to my mock-up at home) because i have to commit my changes to the dev branch of my salt state repo
20:16 XenophonF and wait for the salt fileserver to update
20:17 XenophonF i keep meaning to find time to debug the webhook/reactor script i set up to force updates any time someone pushes changes
20:22 bisleri Hii, I followed https://docs.saltstack.com/en/develop/topics/reactor/index.html
20:23 bisleri how can I pass parameters to reactor
20:26 bisleri Is there any way to pass custom data to reactor
20:30 ALLmight_ joined #salt
20:32 freelock joined #salt
20:34 onlyanegg joined #salt
20:39 cro joined #salt
20:42 yomilk joined #salt
20:49 sjmh bisleri - yeah, you just include it as part of the data when sending the event
20:49 dhorn joined #salt
20:49 sjmh reactor just matches on the tag for the event and sends the event and the payload of the event to the .sls files
20:50 ALLmight_ joined #salt
20:50 west575 joined #salt
20:52 bisleri got it, thanks  :)
20:52 mapu joined #salt
21:01 lero joined #salt
21:01 kevinquinnyo1 joined #salt
21:07 pipps joined #salt
21:13 onlyanegg joined #salt
21:19 cro joined #salt
21:20 nZac joined #salt
21:22 pipps joined #salt
21:22 pipps99 joined #salt
21:24 kevinquinnyo1 joined #salt
21:41 rem5 joined #salt
21:42 pipps joined #salt
21:42 pipps99 joined #salt
21:43 yomilk joined #salt
21:47 ahammond I'm looking at writing an execution module to send updates back to a cmdb via an http-rest api. Do I just use requests for this, or is there a more async way to do it? All of these are PUT/PATCHes and I don't care about what they return.
21:53 bltmiller joined #salt
21:56 ahammond tornado.httpclient?
22:04 kevinquinnyo1 joined #salt
22:11 amcorreia joined #salt
22:12 viq joined #salt
22:12 GreatSnoopy joined #salt
22:13 onlyanegg joined #salt
22:13 viq joined #salt
22:15 hajhatten joined #salt
22:21 pipps joined #salt
22:21 pipps99 joined #salt
22:30 iggy salt.util.http ?
22:30 iggy utils...
22:30 iggy but there's a http module already
22:38 zenlot6 joined #salt
22:39 linelevel joined #salt
22:50 onlyanegg joined #salt
22:55 nidr0x joined #salt
22:55 linelevel joined #salt
22:59 devops joined #salt
22:59 dezertol joined #salt
23:01 kevinquinnyo joined #salt
23:05 kus joined #salt
23:07 Edgan Anyone else seen pkg.installed: - sources broken like this?  https://paste.fedoraproject.org/363540/14625760/
23:10 dezertol joined #salt
23:11 iggy no, but I've only ever used sources with packages that had a version string in the name
23:12 Edgan iggy: sources with a version number, then why even use sources? wouldn't that just be pkgs with a least?
23:12 iggy except you can install it from salt:// uri
23:13 Edgan iggy: example?
23:13 iggy (rather than maintaining pkg hosting infrastructure for 1 package)
23:13 iggy we used to mirror some java package
23:14 iggy I don't work there anymore, so I can't give you concrete examples
23:14 Edgan iggy: From googling I get the impression this worked in older versions, but is now broken.
23:15 keimlink_ joined #salt
23:16 iggy problem solved!
23:16 Edgan iggy: haha :P
23:19 hajhatten joined #salt
23:26 ninjada joined #salt
23:32 yomilk joined #salt
23:52 keimlink joined #salt
23:55 ivanjaros joined #salt
23:59 cpowell joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary