Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2016-05-13

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:00 fracklen joined #salt
00:02 estahn joined #salt
00:06 bantone k_art: what are you executing when this occurs?  Are you doing a salt call to minions?
00:11 armguy joined #salt
00:11 perfectsine joined #salt
00:12 pipps joined #salt
00:12 pipps joined #salt
00:13 flowstate joined #salt
00:13 subsignal joined #salt
00:14 k_art yes
00:14 k_art it's basically executing this
00:14 k_art salt-minion:   pkg:     - latest   service:     - running     - watch:       - file: /etc/salt/minion  /etc/salt/minion:   file.managed:     - source: salt://a8/salt/salt-minion-config     - mode: 640     - user: root     - group: root     - require:       - pkg: salt-minion
00:15 k_art but I think I found it. I removed the centos startup service from the startup folder to be able to launch salt-minion with -l debug
00:15 hal58th joined #salt
00:15 k_art manually
00:26 ageorgop joined #salt
00:28 rem5 joined #salt
00:30 amcorreia joined #salt
00:32 ssplatt joined #salt
00:34 hal58th joined #salt
00:35 Nahual joined #salt
00:39 cliluw joined #salt
00:40 robby_benton joined #salt
00:46 cpowell joined #salt
00:47 dayid joined #salt
00:47 cliluw joined #salt
00:47 pipps joined #salt
00:51 LostSoul k_art: Use some pastebin and don't spam channel :)
01:04 ninjada_ joined #salt
01:05 iceyao joined #salt
01:07 edrocks joined #salt
01:07 flowstate joined #salt
01:10 viq joined #salt
01:22 eightyeight joined #salt
01:31 brianfeister joined #salt
01:35 telecode joined #salt
01:39 iceyao joined #salt
01:51 Lionel_Debroux_ joined #salt
01:53 pipps joined #salt
02:03 k_art k
02:07 flowstate joined #salt
02:10 favadi joined #salt
02:13 stooj joined #salt
02:13 aurynn joined #salt
02:14 linziyan joined #salt
02:14 linziyan hi  everyone
02:14 linziyan The Salt Master has rejected this minion's public key!
02:14 linziyan but i  accepted  the key
02:14 linziyan i  have  rejected  this  key  some time  earlier
02:15 linziyan how to solve this
02:15 esharpmajor joined #salt
02:18 k_art linziyan: maybe that helps: https://groups.google.com/forum/#!topic/salt-users/86RZ5e3fgXE
02:23 RoGryza joined #salt
02:23 linziyan i tried to delete this key
02:23 linziyan and  readd it
02:23 linziyan but dosnt work
02:23 RoGryza_ joined #salt
02:23 linziyan i wander  there is some cache about rejected key?
02:24 aurynn joined #salt
02:25 linziyan The Salt Master has rejected this minion's public key! To repair this issue, delete the public key for this minion on the Salt Master and restart this minion. Or restart the Salt Master in open mode to clean out the keys. The Salt Minion will now exit.
02:25 linziyan and  this  way wont work  either
02:25 RoGryza_ joined #salt
02:27 RoGryza joined #salt
02:37 linziyan this  drives me crazy
02:38 linziyan why can i  just  delete a key  and  install a new key with it
02:52 racooper joined #salt
03:06 flowstate joined #salt
03:06 Vishvendra joined #salt
03:10 edrocks joined #salt
03:11 brotatochip joined #salt
03:14 capricorn_1 joined #salt
03:15 Vishvendra joined #salt
03:17 ninjada joined #salt
03:18 ninjada joined #salt
03:19 rihannon joined #salt
03:19 borgstrom joined #salt
03:19 pid1 joined #salt
03:20 `chris joined #salt
03:28 StolenToast joined #salt
03:29 nethershaw joined #salt
03:39 tristianc joined #salt
03:41 ageorgop joined #salt
03:44 beardedeagle joined #salt
03:44 kshlm joined #salt
04:01 rihannon joined #salt
04:03 rihannon1 joined #salt
04:06 flowstate joined #salt
04:14 armguy joined #salt
04:26 west575 joined #salt
04:28 brianfeister joined #salt
04:56 cpowell joined #salt
05:04 borgstrom joined #salt
05:05 StolenToast joined #salt
05:05 pid1 joined #salt
05:05 flowstate joined #salt
05:05 `chris joined #salt
05:07 rdas joined #salt
05:12 edrocks joined #salt
05:16 sauvin joined #salt
05:16 impi joined #salt
05:17 jamesp9 joined #salt
05:24 hoonetorg joined #salt
05:28 garphy joined #salt
05:31 Miouge joined #salt
05:33 manji joined #salt
05:50 rbjorkli1 What's the recommended way to get pillars when writing salt modules? __salt__['pillar.get']() or __pillar_.get() ?
05:51 armguy joined #salt
05:54 estahn iggy there?
05:56 nethershaw joined #salt
06:02 TyrfingMjolnir joined #salt
06:07 apofis joined #salt
06:08 rihannon joined #salt
06:08 flowstate joined #salt
06:12 evle1 joined #salt
06:16 viq joined #salt
06:17 babilen rbjorklin: I'd use the former as it allows nested lookups (Python doesn't by default unfortunately)
06:17 brianfeister joined #salt
06:18 steffo joined #salt
06:29 Ayo joined #salt
06:32 dmaiocchi joined #salt
06:32 Miouge joined #salt
06:34 TOoSmOotH joined #salt
06:38 linjan_ joined #salt
06:39 mosen oh didnt realise the second was just a dict :)
06:40 brianfeister joined #salt
06:44 KermitTheFragger joined #salt
06:45 elsmo joined #salt
06:58 duncanmv joined #salt
07:01 rihannon joined #salt
07:02 jhauser joined #salt
07:03 noark9 joined #salt
07:05 flowstate joined #salt
07:09 dgutu joined #salt
07:09 fracklen joined #salt
07:11 dmaiocchi joined #salt
07:12 steffo joined #salt
07:13 ninjada_ joined #salt
07:15 edrocks joined #salt
07:18 fracklen joined #salt
07:18 jeblair joined #salt
07:28 garphy joined #salt
07:29 GreatSnoopy joined #salt
07:32 mowntan joined #salt
07:33 fracklen joined #salt
07:35 fracklen joined #salt
07:37 kawa2014 joined #salt
07:38 majikman joined #salt
07:45 manji joined #salt
07:47 garphy joined #salt
07:47 Rumbles joined #salt
07:49 Sylvain31 joined #salt
07:49 keimlink joined #salt
07:51 Sylvain31 hi, how can this state https://docs.saltstack.com/en/latest/ref/states/all/salt.states.mysql_user.html inerit master dtabase control (root) from the module: https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.mysql.html
07:55 ivanjaros joined #salt
07:55 babilen Sylvain31: It's explained at the beginning of your second link
07:55 babilen (the configuration that is)
07:57 impi joined #salt
07:59 Sylvain31 babilen: the minion config file? (I found my yesterday bug, mysql user creation is authenticated by (connection_host, connection_port, connection_user, connection_pass, etc.) passed as argument… it works for me)
08:00 punkoivan joined #salt
08:01 babilen Sylvain31: I typically set it in grains
08:02 ninjada joined #salt
08:04 babilen err .. pillars when using the mysql-formula
08:04 steffo joined #salt
08:05 Sylvain31 babilen: because params are in mysql's formula, in the pillar, too. I was looking a kind of connection at the top. (https://0bin.fr/paste/lHe66gMt#Oq5tP-4TKYRT0+L3nIIl1IW8JF9/4bPCk7xmgdBE4Xe) but it was at the bottom, I mean they are duplicated for each user (took from user.sls)
08:05 Sylvain31 confusing tooks me hours to understand
08:06 babilen What exactly?
08:07 Sylvain31 that mysql's root acces is granted by "    - connection_pass: '{{ mysql_salt_pass }}'" in the user.absent statement.
08:07 flowstate joined #salt
08:08 Sylvain31 in that example.
08:08 babilen https://docs.saltstack.com/en/latest/ref/states/all/salt.states.mysql_user.html
08:08 Sylvain31 it seems it could be granted by minion config /etc/salt/minion I guess.
08:08 Sylvain31 too
08:09 babilen That mentions that "The MySQL authentication information specified in the minion config file can be overridden in states using the following arguments: connection_host, connection_port, connection_user, connection_pass, connection_db, connection_unix_socket, connection_default_file and connection_charset."
08:09 Sylvain31 babilen: yes I finally cauth it. :/ lately
08:09 babilen As it is way too much of a hassle to maintain that in the minion config, you simply pass it as arguments to the states and read it from pillars
08:09 pryorda joined #salt
08:10 Sylvain31 yep, OK I see. but I can't use: salt 'db*' mysql.user_exists 'root'
08:10 Sylvain31 it answers false for now…
08:10 babilen You mean interactively?
08:11 Sylvain31 yep, I was hopping everything was related when filled in the pillar, it seems not…
08:14 babilen Sylvain31: That pillar is specific to the mysql-formula and not really related to the execution module
08:15 babilen I know that this should probably "fit together" better
08:15 babilen The basic underlying method salt uses in most (all?) execution modules is to use "config.option" -- https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.config.html#salt.modules.config.option
08:15 Sylvain31 babilen: that was my point, I can't distinguish the difference between the module, and the state yet
08:17 babilen That traverses __opts__ (minion/master options) and pillars
08:17 babilen Sylvain31: Okay, lets start with that first
08:18 babilen In Saltstack you typically have execution modules to *do* things. These are Python modules that implement the actual work that can be done (e.g. create a user, delete a directory, ....)
08:18 babilen On the other side you have states that model, well, a state that *should* be achieved
08:19 babilen The state modules therefore contain tests to check if a state has been achieved already and, if not, call functions in the execution module to achieve it
08:20 babilen A file.directory state would, for example, check if the directory exists and, if not, call the https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.file.html#salt.modules.file.mkdir method to actually create it
08:21 babilen So states model the "what" and "procedure" while execution modules have the "tools" to do that
08:23 MadHatter42 joined #salt
08:25 Sylvain31 I'm digesting it… ;)
08:27 babilen And then .. in regards to your configuration problem .. you can set these options either in pillars or the master/minion config
08:27 babilen (or just pass it directly to the interactive call)
08:29 babilen The name of the option is, however, literally "mysql.pass" (i.e. {'mysql.pass': 'some_pass'} not {'mysql': {'pass': ... }})
08:29 Sylvain31 I think that regarding what I understand, the pillar for the mysql-formula provides config for itself states (its own .sls) I may produce a minion config too on the fly so module on the minion will have the correct auth too…
08:30 keimlink joined #salt
08:31 N-Mi joined #salt
08:32 babilen Correct
08:36 Sylvain31 why {'mysql.pass': 'some_pass'} is not {'mysql': {'pass': ... } is mysql.pass a key not a relation?
08:36 babilen no
08:37 babilen It is the literal string 'mysql.pass' -- confusing, isn't it?
08:37 steffo joined #salt
08:37 s_kunk joined #salt
08:39 Sylvain31 babilen: You're kinding, salt is really rigorous and not confusing at all! :D
08:41 babilen ;)
08:41 babilen The . in there really was just used to throw you off
08:41 babilen I consider that an intentional horrible thing
08:42 steffo joined #salt
08:44 freelock joined #salt
09:01 steffo joined #salt
09:02 fl0w0lf joined #salt
09:06 flowstate joined #salt
09:07 Sylvain31 horrible is the good word. Thanks for your patience… I'm gonna reinstall a mac, see you later.
09:09 rdas joined #salt
09:15 armguy joined #salt
09:18 edrocks joined #salt
09:19 ninjada joined #salt
09:32 dgutu joined #salt
09:51 dgutu joined #salt
09:53 dmaiocchi joined #salt
09:58 steffo joined #salt
09:59 dgutu joined #salt
10:01 rim-k joined #salt
10:01 rim-k hi all
10:01 rim-k does anyone ever used salt external authentication against openldap?
10:03 ninjada joined #salt
10:06 flowstate joined #salt
10:07 rim-k ?
10:11 catpig joined #salt
10:13 marczis joined #salt
10:13 marczis Hello, fast q, I play around with reactor, I created a super simple thing, creating a testfile once minion comes up, but I get this: AttributeError: 'ReactWrap' object has no attribute 'file'
10:14 marczis any idea ?
10:14 marczis I have this in my start.sls: testfile:
10:14 marczis file:
10:14 marczis - managed
10:14 marczis - source: salt://testfile
10:14 marczis - name: "/testle"
10:15 marczis (sorry for the lines)
10:17 estahn joined #salt
10:23 marczis meh, never mind, I realized that I have a really old version from Ubuntu, I will try to upgrade first to the newest release...
10:23 marczis Wondering why ubi is so behind of the official releases
10:27 steffo joined #salt
10:34 MadHatter42 joined #salt
10:35 teryx510 joined #salt
10:35 hlub if I orchestrate things and require a highstate, does that mean the result of the highstate is checked before executing any further?
10:35 Bryson joined #salt
10:38 ninjada joined #salt
10:39 Bryson joined #salt
10:41 fracklen joined #salt
10:54 fracklen joined #salt
10:59 amcorreia joined #salt
10:59 fracklen joined #salt
11:01 teryx5101 joined #salt
11:05 flowstate joined #salt
11:15 RoGryza joined #salt
11:17 fracklen Hi - I'm trying to make an orchestration dynamic with pillar-data. But I can't get {% salt['pillar.show_pillar']('foobar') %} to work... "Jinja variable 'salt.utils.templates.AliasedLoader object' has no attribute 'pillar.show_pillar'"... Help?
11:19 farblue joined #salt
11:19 farblue hi all :) Is there an easy way to get the minion hostname to include in the content of state.file.managed?
11:20 babilen farblue: You can refer to it in the template via {{ grains['host'] }}
11:20 edrocks joined #salt
11:21 farblue I did think about grains but when I did a `salt ‘*’ grains.items sanitize=True` to see what grains existed then ‘host’ came back as ‘MINION’
11:22 AndreasLutro then that is the minion's hostname
11:22 AndreasLutro if you want the FQDN use {{ grains['fqdn'] }} instead
11:22 farblue ah, right, so that’s something ‘sanitize’ has done in the output then?
11:22 AndreasLutro no
11:22 farblue because my minion is not called ‘MINION'
11:22 babilen farblue: You should have the fqdn in that output also
11:22 babilen It's just that fqdn isn't the hostname :)
11:23 farblue yeah, the fqdn came back as ‘MINION.DOMAINNAME’
11:23 babilen Is that what you want?
11:23 farblue I just copy/pasted the command to show all the grains - what does ‘sanitize’ do? maybe it’s confusing me
11:24 farblue well, I’d like the actual minion hostname, rather than ‘MINION'
11:24 babilen farblue: What does "hostname" and "hostname -f" on the box return?
11:24 farblue orca5.server.dev
11:24 AndreasLutro oh I see
11:24 farblue the correct name
11:24 AndreasLutro just remove sanitize=true then
11:24 AndreasLutro I wasn't aware of that
11:25 farblue ah, right. what does sanitize do then? I assumed it just made the output ‘safe’ for CLI output
11:25 babilen I've never used it
11:25 AndreasLutro I guess it's just a handy thing for when you need to share the output for bug reports etc but don't want to share infrastructure details
11:25 farblue ah, yes, without sanitize it does indeed come back with the correct details :)
11:26 ninjada joined #salt
11:26 babilen Wonderfully documented also
11:26 farblue I might submit a doc improvement for that then :) It currently says: “Sanitized CLI Example:” but doesn’t explain what sanitising does :)
11:27 farblue thanks for the help :)
11:27 iceyao joined #salt
11:34 farblue is there a naming convention for template files? Do people tend to use a specific extension to indicate they are templates?
11:35 mierst joined #salt
11:37 Sylvain31 joined #salt
11:39 farblue what’s the best way to run a command during a highstate update only if another state has caused a change?
11:39 farblue in my case, if the postfix canonical map source file is changed, I want to run postmap
11:41 AndreasLutro farblue: I use .jinja but up to you. cmd.run with onchanges is what you want
11:41 farblue ah, great, thanks :)
11:43 iceyao joined #salt
11:46 fracklen Hi - Does anyone know if it's possible to access runners locally on the master in an orchestration?
11:51 josuebrunel joined #salt
11:55 DammitJim joined #salt
11:58 steffo joined #salt
12:11 flowstate joined #salt
12:12 Rumbles joined #salt
12:12 fracklen joined #salt
12:14 SpX joined #salt
12:18 ivanjaros joined #salt
12:20 SpX joined #salt
12:22 zifnab joined #salt
12:22 paolo joined #salt
12:22 robinsmidsrod joined #salt
12:23 dijit joined #salt
12:23 fracklen joined #salt
12:28 ssplatt joined #salt
12:30 izibi joined #salt
12:30 workthrick joined #salt
12:33 fracklen joined #salt
12:34 liskl joined #salt
12:35 numkem joined #salt
12:37 rim-k does anyone ever used salt external authentication against openldap?
12:38 higuita joined #salt
12:40 punkoivan joined #salt
12:42 theanalyst joined #salt
12:42 Ouzo_12 joined #salt
12:43 fracklen joined #salt
12:43 flowstate joined #salt
12:47 zsoftich joined #salt
12:47 gh34 joined #salt
12:49 rim-k ?
12:49 rim-k anyone?
12:50 edrocks joined #salt
12:50 XenophonF rim-k: patience
12:50 fracklen joined #salt
12:50 ssplatt i’d imaginge someone has.
12:52 XenophonF rim-k: might be helpful is you posted your actual problem
12:53 amcorreia joined #salt
12:53 ssplatt we just tested using pam ext auth, and its a little clunky. its kind of like a glorified sudo, whcih is nice but clunky at the same time
12:53 ssplatt takes a while to remember to add the proper bits to teh command to trigger teh external auth
12:55 mapu joined #salt
12:56 rim-k XenophonF: well, I see not authentication attempt to my ldap when calling salt -a ldap ...
12:56 steffo joined #salt
12:56 rim-k here's what I see in salt master logs
12:56 rim-k May 13 12:33:32 salt1.pod2.happn.io salt-master[11489]: [ERROR   ] ['Traceback (most recent call last):\n', '  File "/usr/lib/python2.7/dist-packages/salt/master.py", line 1733, in mk_token\n    for group in groups:\n', "TypeError: 'NoneType' object is not iterable\n"]
12:58 tracphil joined #salt
13:01 squishypebble joined #salt
13:02 AdamSewell joined #salt
13:04 rim-k I'm clueless :/
13:04 XenophonF try enable debug logging on your master
13:06 XenophonF you should try running ldapsearch against your DS using the salt-master's credentials, too
13:06 XenophonF just to check basic connectivty and queries
13:06 fracklen joined #salt
13:06 XenophonF if i had to guess, i'd say that a group lookup is failing
13:06 fracklen joined #salt
13:07 TOoSmOotH joined #salt
13:10 teryx5101 joined #salt
13:11 XenophonF actually, looking at the source, maybe you have configured eauth incorrectly
13:12 XenophonF double-check your config against the last example on https://docs.saltstack.com/en/latest/topics/eauth/index.html
13:13 rim-k XenophonF: thank you!
13:15 cpowell joined #salt
13:15 ssplatt couldn’t you also “tunnel” thru pam? if the host is already joined to ldap?
13:16 XenophonF depends on the salt-master and pam setup
13:16 izrail joined #salt
13:16 XenophonF i couldn't do it that way b/c i'm running my master non-root, and the ldap bind credentials aren't world-readable, and so on
13:17 XenophonF ultimately, that's why i'm using kerberos auth
13:17 XenophonF nss_ldap is kind of dumb
13:17 XenophonF i plan to revisit that config when i switch to sssd at some point in the future
13:18 keimlink joined #salt
13:18 MadHatter42 joined #salt
13:18 mierst joined #salt
13:20 ninjada joined #salt
13:21 XenophonF rim-k: did you get it working?
13:23 liskl joined #salt
13:25 rim-k yes, thank you
13:26 rim-k but still, the group lookup is not working
13:30 mierst_ joined #salt
13:30 mierst__ joined #salt
13:33 subsignal joined #salt
13:34 subsigna_ joined #salt
13:34 estahn joined #salt
13:38 tapoxi joined #salt
13:39 edrocks joined #salt
13:41 racooper joined #salt
13:41 perfectsine joined #salt
13:42 mage_ what's the best approach to handle simple key=value config file (in my case FreeBSD /etc/rc.conf) ?
13:43 mage_ just pure key: value in pillar data and iterate in a template, or just a simple file ?
13:54 scoates joined #salt
13:57 kaptk2 joined #salt
13:57 rem5 joined #salt
13:59 perfectsine joined #salt
14:01 jerredbell joined #salt
14:07 hunmaat 2016-05-13 16:04:05,243 [salt.loaded.int.module.cmdmod][ERROR   ][2990] stderr: ERROR:  syntax error at or near "OWNER"
14:07 hunmaat LINE 1: ..._production" WITH ENCODING = 'utf8' LC_COLLATE =  OWNER = "g...
14:08 hunmaat i have a postgres_database.present with lc_collate = ''
14:09 andrew_v joined #salt
14:09 richerVE joined #salt
14:10 hunmaat 'LC_COLLATE': lc_collate and '\'{0}\''.format(lc_collate),
14:10 hunmaat do you have an idea to workaround this? (i want a '' in the query)
14:17 favadi joined #salt
14:17 onlyanegg joined #salt
14:18 Tanta joined #salt
14:22 farblue hi all :) Is it possible to use grain and pillar data with network.managed?
14:23 Tanta any state can use pillars & grains
14:24 farblue maybe I’ve mis-understood then. I thought they could only be used via templates. Do I have to make the sls file itself a template?
14:24 XenophonF mage_: take a look at https://github.com/irtnog/salt-states/blob/development/rc/init.sls
14:25 XenophonF mage_: see also https://github.com/irtnog/salt-states/blob/development/syscons/init.sls
14:25 XenophonF i've been meaning to write a proper state/execution module for BSD rc.conf files
14:26 XenophonF unfortunately i'm fresh out of round tuits
14:27 toastedpenguin joined #salt
14:27 XenophonF i was thinking of having a state like "rcvar.present", kind of like the sysctl states
14:28 ssplatt {{ grains[‘id’] }}
14:28 XenophonF so rcvar.present, rcvar.absent, maybe include a way to override the default pathname, so people could use the states to edit any file that used that style
14:30 ALLmightySPIFF joined #salt
14:31 Ayo joined #salt
14:33 ALLmightySPIFF joined #salt
14:34 keimlink joined #salt
14:35 farblue in jinja, how do you write a loop you wish to repeat a set number of times? equiv. of ‘for (i=0; i<5; i++)’ style
14:35 armguy joined #salt
14:35 hunmaat {% for i in range(5) %}
14:35 farblue ta :)
14:36 dyasny joined #salt
14:40 Vaelater1 joined #salt
14:43 Brew joined #salt
14:43 rem5 joined #salt
14:43 flowstate joined #salt
14:48 _JZ_ joined #salt
14:49 XenophonF farblue: http://jinja.pocoo.org/docs/dev/templates/#list-of-global-functions
14:49 XenophonF you should skim through the rest of the jinja docs
14:49 fracklen joined #salt
14:50 faz3r joined #salt
14:50 farblue thankyou :) I did have a skim through but they are quite information heavy so it’s going to be a learn-as-I-go process I think :)
14:50 Ayo_ joined #salt
14:55 rihannon joined #salt
14:57 cyborg-one joined #salt
14:57 hasues joined #salt
14:57 hasues left #salt
14:58 farblue receiving the following error, is there a way to escape the @ symbol? : found character '@' that cannot start any token
14:58 rem5 joined #salt
14:58 rihannon1 joined #salt
14:59 AndreasLutro just wrap it in quotes
14:59 farblue just the @ symbol or the whole value?
15:00 farblue the full line is:     - content: @{{ grains['fqdn'] }} {{ pillar['devads email address'] }}
15:00 komputes joined #salt
15:01 farblue ok, quoting the whole value worked :)
15:02 flowstate joined #salt
15:03 Topic for #salt is now Welcome to #salt! | Latest Versions: 2015.5.11, 2015.8.8, 2016.3.0rc3 | Support: https://www.saltstack.com/support/ | Logs: http://irclog.perlgeek.de/salt/ | Paste: https://gist.github.com/ (please don't multiline paste into channel) | See also: #salt-devel, #salt-offtopic | Ask with patience as we are volunteers and may not have immediate answers
15:03 Topic for #salt is now Welcome to #salt! | Latest Versions: 2015.5.10, 2015.8.8, 2016.3.0rc3 | Support: https://www.saltstack.com/support/ | Logs: http://irclog.perlgeek.de/salt/ | Paste: https://gist.github.com/ (please don't multiline paste into channel) | See also: #salt-devel, #salt-offtopic | Ask with patience as we are volunteers and may not have immediate answers
15:05 Tanta just do {{ '@' ~ grains['fqdn'] }}
15:05 Tanta concatenate using ninja
15:06 AndreasLutro that wouldn't make a difference because the end result would still be invalid yaml
15:11 rbjorkli1 joined #salt
15:11 kus joined #salt
15:20 Scottk_ joined #salt
15:22 manji joined #salt
15:23 Scottk_ Has anyone used the VMware-tools formula?  when i try to apply the formula to a minion it gives me and error ({% set vmware = salt['pillar.get']('vmware:tools', default=vmware_defaults.tools,merge=True) %} TypeError: get() got an unexpected keyword argument 'merge')
15:28 armguy I have tried to disable psutil module. I have tried both psutil and psutil_compat and neither disable it. I am on 12.04 so installing python-psutil for another script has broken salt http://cryptb.in/s1v#70c265bbb8d88c94e48892a09cdd65bb is how I am trying to disable in a minion.d file.
15:28 hunmaat Scottk_: you may use an outdated salt version
15:28 rem5 joined #salt
15:29 Scottk_ I just got it off of git yesterday. would there be a more updated version some place else?
15:30 brotatochip joined #salt
15:32 favadi joined #salt
15:33 flowstate joined #salt
15:33 tracphil joined #salt
15:34 zmalone joined #salt
15:36 dezertol joined #salt
15:36 spuder joined #salt
15:36 hal58th joined #salt
15:37 jimklo joined #salt
15:39 farblue can anyone recommend the best approach for installing consul? It needs downloading as a zip file, unpacking and moving into place.
15:40 farblue not sure what to do about the original install process or how to handle / check if there is an update etc.
15:41 armguy why not create a custom package for your OS and install that way, way easier to manage and you control all the files being "installed"
15:45 farblue sounds like it could end up being more effort in the end
15:47 hal58th joined #salt
15:47 Trauma joined #salt
15:47 armguy its all relative I think, I personally would rather have a custom package controlled by my package manager than some random tarball unzipped into place
15:49 farblue yeah. It also depends on the skill set of those maintaining the servers and building custom packages is not something most of the people here can do
15:51 armguy its not magic. FPM is great tool especially if you need to build for multiple os's ... I have to build rpm deb and pkg.tar.xz on the regular for my gig. Using fpm to deal with the packages is a life and time saver
15:52 perfectsine joined #salt
15:52 farblue I’m sure it is easy enough if being a system admin is your day-job :) Unfortunately, that’s not the case where I work
15:53 farblue if I was unavailable (the ‘bus factor’) then those looking after the servers would mainly be developers
15:53 farblue and I’m mainly a developer, just one with rather more sysad experience than the others
15:53 armguy Sucks you cant trust your devs ... All the devs I deal with I could show the 1 line I run to make a pkg and they could sort out the rest.
15:54 armguy guess I am spoiled and dont realize it
15:54 farblue it’s not a matter of trust :) They are simply not interested in sysad stuff and so I’d end up maintaining docs that they prob. wouldn’t read ...
15:55 bshelton229 joined #salt
15:55 armguy job security at least
15:55 armguy :)
15:55 farblue hehe, possibly :) Although I aim to prevent it :)
15:55 farblue anyhow, archive.extracted looks like it will do what I want :)
15:55 AndreasLutro farblue: I'd just use cmd.run to download and extract the archive to /usr/local/bin if it doesn't already exist
15:56 honestly today my head exploded and I switched our salt version to 2015.8 from 2015.5 \o/
15:57 farblue is there a pillar equiv. of ‘salt-run fileserver.update’ to update pillar data from git?
15:59 aw110f joined #salt
16:00 irctc667 joined #salt
16:00 irctc667 hi all i have a question about state.single
16:00 irctc667 I am using this sls file
16:00 hal58th joined #salt
16:01 irctc667 i want to only invoke the state identified by the id cmd1
16:01 irctc667 however, when i try that i get  Data failed to compile: because it can't find the state
16:01 honestly you can't do that, state.single can't look into an sls file and pick a single state from it.
16:01 irctc667 example command: salt '*28*' state.single test.foo name=cmd2
16:02 irctc667 where foo is the sls file
16:02 irctc667 https://gist.github.com/jaloren/dfaf4df181c974e33513929cd328cc4c
16:02 honestly state.single executes a named state module
16:02 irctc667 @honestly okay what's it for then?
16:02 irctc667 \ohhh
16:02 honestly you would have to create a custom state module
16:02 irctc667 ahhh
16:02 honestly OR
16:02 honestly what you probably want
16:02 honestly just make more than one sls file
16:03 irctc667 riiight yes that would work but i find that undesirable. Its just two functions that in fact do belong together
16:03 honestly mystate/cmd1.sls, mystate/cmd2.sls etc.
16:03 irctc667 but in some cases i want to invoke or the other not both
16:03 honestly then you can call it using state.sls mystate.cmd1
16:03 irctc667 yep
16:03 irctc667 i agree that would work
16:04 irctc667 fair enough
16:04 mpanetta joined #salt
16:04 honestly and you can make a mystate/init.sls that includes both substates
16:04 honestly then state.sls mystate will execute both
16:04 irctc667 got it
16:05 irctc667 yep that sounds like the proper idiom for custom sls
16:05 irctc667 thanks!
16:07 DevopsMinion joined #salt
16:08 ageorgop joined #salt
16:09 armguy joined #salt
16:09 bshelton229 @farblue https://docs.saltstack.com/en/latest/ref/runners/all/salt.runners.git_pillar.html
16:10 farblue ah, great :) I was looking in the wrong part of the docs :) I forgot about runners!
16:11 DammitJim joined #salt
16:11 hal58th_ joined #salt
16:14 DevopsMinion what are people's experiences with dockerng on red hat 7?
16:15 DevopsMinion I seem to be hitting some nasty API compatibility issues between salt and docker
16:18 amcorreia joined #salt
16:22 writtenoff joined #salt
16:23 kingscott joined #salt
16:24 rihannon joined #salt
16:25 tristianc joined #salt
16:27 farblue I’m struggling to understand how to refer to an individual ethernet ip address in the ip4_interfaces grain
16:27 AndreasLutro farblue: grains.ipv4_interfaces[0] for the first one, [1] for the second one, etc
16:27 farblue I’ve tried various options such as  {{ grains['ip4_interfaces']('eno1') }} but they aren’t work
16:27 farblue ah, can you refer by name?
16:28 AndreasLutro sure
16:28 farblue so would grains.ipv4_interfaces[‘eno1’] work?
16:28 AndreasLutro () is for function calls, a grain isn't a function
16:28 AndreasLutro yeah, that's the same as grains['ip4_interfaces']['eno1']
16:28 farblue right, ok, make sens
16:28 farblue like javascript
16:29 AndreasLutro exactly like javascript
16:29 farblue I was just following the example for environment vars which had salt['environ.get']('MYENVVAR') as an example - hence me trying the () :)
16:30 AndreasLutro yeah, that's because the salt object contains a collection of functions
16:30 AndreasLutro salt['environ.get'] is a function
16:30 farblue ah, ok, makes sense
16:30 farblue as ip4_interfaces.eno1 looks like a list do I need to refer to grains['ip4_interfaces']['eno1'][0]
16:30 hal58th joined #salt
16:31 mpanetta_ joined #salt
16:33 mpanetta_ joined #salt
16:33 rem5 joined #salt
16:33 jfindlay that would get you the first element in the list
16:33 farblue great, starting to makes sense to me now :)
16:38 tristianc joined #salt
16:39 jfindlay honestly: regarding irctc667's question about a single state block in an sls file, you can run `salt minion state.sls_id my_sls cmd1`
16:40 jfindlay but in my opinion, that function is a convenience for one off situations
16:40 punkoivan joined #salt
16:41 farblue could someone possibly tell me how to add a string to the end of a list of strings for jinja?
16:41 jfindlay farblue: {%- do list_of_strings.append('my string') %}
16:42 farblue ta :) append() doesn’t seem to be documented in the template docs :)
16:43 jfindlay it's a method on the python list type
16:44 farblue ah, I don’t know python so I’m at a disadvantage :)
16:44 jfindlay there may be a more jinjay way to do it that I don't know of
16:44 farblue and if the string I want to append contains a variable content do I need to concatinate string pieces or will the var replacement work within the string?
16:45 Fiber^ joined #salt
16:45 farblue this is effectively what I want to do: {% do serverList.append("orca{{ clusterId }}.server.dev") %}
16:45 jfindlay but many programmatic constructs and features from python are usable in jinja
16:45 farblue good to know - I’ll have to go learn python along with jinja and salt and yaml ;)
16:46 hal58th joined #salt
16:47 farblue all I’m trying to do is create a json list of servernames [‘a’, ‘b’, ‘c’] but because a trailing comma isn’t allowed I’m creating the strings, adding them to the list then using join(‘,’) to output them. Any alternative better method suggestions welcome :)
16:47 jfindlay farblue: {{ var }} jinja expressions aren't necessary/valid inside of {% ... %} expressions.  What you want to do is {% do serverList.append("orca{0}.server.dev".format(cluserID)) %}
16:47 farblue ah, cool, so like printf :)
16:48 farblue thanks :)
16:48 jfindlay or I think the jinja way to concatenate strings is 'orca' ~ clusterID ~ '.server.dev'
16:48 farblue that would prob. be easier for others to read so I’ll go for that and see if it works :)
16:48 brotatochip joined #salt
16:49 jfindlay also your list construction seems good to me.  join is also a builtin python function and is great for when you don't want a final trailing thing
16:50 farblue very similar to other languages :)
16:54 farblue do template commands need to be wrapped line by line using {% etc.? Or can you do a block of statements? And can you stop the whitespace being created where the template statements are being processed?
16:54 debian112 joined #salt
16:54 farblue or is it just a case of using {%- all the time?
16:55 onlyanegg joined #salt
16:55 jfindlay I'm not sure, single line statements seem most common if so
16:56 jfindlay also the {%- %} means that when processed by jinja, it won't have an empty line leftover
16:56 farblue yeah, I found that :) I’ll just use that for now :)
16:56 honestly jfindlay: yes, it's a crutch, salt should provide first-class support for staging state runs ;)
16:57 honestly jfindlay: but thanks I hadn't known that
16:57 jfindlay honestly: what do you mean by staging state runs?
16:58 twork_ is there anybody around who can clue me in on PillarStack? don't worry, my questions are pretty dumb.
16:58 jfindlay I think I've only heard of PillarStack at this point :)
16:59 honestly jfindlay: http://docs.ansible.com/ansible/playbooks_startnstep.html
16:59 twork_ i've read the docs but, as often happens with me and salt docs, the examples are so basic i have a hard time putting the tool to real life.
17:00 * twork_ learns by example and trial and error
17:00 twork_ lots and lots of error
17:00 jfindlay honestly: so like an interactive state run?
17:01 jfindlay twork_: me too :(
17:01 honestly jfindlay: oh shit what's that?
17:01 honestly (and does it work in salt-ssh?)
17:02 twork_ bonus: Teh Boss is tapping his feet
17:02 debian112 left #salt
17:03 johtso joined #salt
17:03 twork_ ok, i go bang around in my test area.
17:04 jfindlay honestly: I thought that is what you linked to with start and step
17:04 honestly jfindlay: well I mean what's the salt feature
17:04 honestly I'm asking for a link to the relevant docs without having to google :P
17:04 jfindlay honestly: I don't think that's a feature, just positing how it might work with salt
17:05 impi joined #salt
17:06 honestly oh :(
17:06 linjan_ joined #salt
17:06 honestly I thought you were saying that already exists
17:06 honestly but yes, interactive, or with pause/resume points
17:07 hal58th joined #salt
17:07 honestly or with the option that a failed state will halt execution and you can debug it and then resume
17:07 mikepea_ joined #salt
17:08 honestly (ideally with an option to execute the previously failed state again or skip it)
17:09 jfindlay part of the challenge with that is that depending on how complex your states are, the ordering or even inclusion of certain parts can be nontrivial to compute
17:11 jfindlay but all of that would be handled by the state compiler anyway
17:12 jfindlay honestly: you're welcome to file a feature request on that if you want
17:12 sjorge joined #salt
17:13 william-otono joined #salt
17:15 jfindlay I'm afraid I won't capture your perspective if I filed it
17:15 honestly I know I'm a bad person but I've always relied on my states just executing sequentially
17:15 jfindlay also using your nick in a sentence is fun :)
17:16 s_kunk joined #salt
17:16 honestly I know it's not guaranteed but I've never found states failing because they had an (implicit) ordering dependency and salt reordered them
17:16 jfindlay requisites will make your life happier and add 5+ mpgs to your car
17:16 honestly requisites don't work properly in salt-ssh
17:16 honestly :|
17:16 jfindlay hmm
17:17 honestly I haven't debugged it enough to file a bug
17:17 rem5 joined #salt
17:17 honestly I should do that some day
17:17 honestly but something's definitely fucky
17:17 hal58th joined #salt
17:17 AndreasLutro <honestly> requisites don't work properly in salt-ssh
17:17 AndreasLutro I refuse to believe that :p
17:18 jfindlay yeah, well I should write some integration tests for salt-ssh state runs
17:18 honestly AndreasLutro: I have a couple of states that have a "watch_in" reference to a service.running state
17:18 honestly no matter what happens the service is never restarted
17:19 rdas joined #salt
17:19 honestly or is this a joke about my incredible talent of finding bugs in salt-ssh?
17:20 AndreasLutro there are many vectors for bugs in salt-ssh, I highly doubt the state dependency management is one
17:20 smakar joined #salt
17:20 honestly I'll get right on making some repros on tuesday :P
17:21 honestly (monday is a bank holiday because of pentecoste)
17:21 honestly you'll have to admit, I *do* have a knack for running into salt-ssh bugs ;)
17:23 AndreasLutro salt-ssh bugs are so common in my experience, I'd only be slightly less surprised to learn that someone has a knack for breathing in oxygen
17:23 honestly :P
17:23 * AndreasLutro hyperbole mastery +1
17:23 salt_nasty joined #salt
17:24 salt_nasty hi y'all
17:25 pipps joined #salt
17:26 manji joined #salt
17:27 kingscott joined #salt
17:29 hosttor joined #salt
17:30 Ryan_Lane joined #salt
17:30 viq joined #salt
17:30 sjorge joined #salt
17:31 hal58th joined #salt
17:35 mohae joined #salt
17:36 hasues joined #salt
17:37 hasues left #salt
17:38 liviudm joined #salt
17:40 aw110f joined #salt
17:42 whatevsz joined #salt
17:44 subsignal joined #salt
17:44 Vishvendra joined #salt
17:46 pipps99 joined #salt
17:49 fracklen joined #salt
17:49 punkoivan joined #salt
17:51 william-otono Hello I was wondering if I could get some advice on a performance issue with some (not all) of my salt masters
17:52 hal58th joined #salt
17:52 william-otono I'm seeing one of the salt-master processes seemingly reading through all files controlled by it every ~7 minutes
17:54 cliluw joined #salt
17:54 william-otono We also use s3fs to grab a lot of build artifacts for deployment so we have ~2gb of data controlled by salt and it seems to be slowly reading through all the files and pegging IO on the box
17:55 ajw0100 joined #salt
17:55 GreatSnoopy joined #salt
17:55 edrocks joined #salt
17:56 tawm04 joined #salt
17:56 william-otono The weirdest thing is on one of our salt masters in a different environment which the exact same versions and the exact same s3fs connection/cache I can't see the same behaviour
17:57 hal58th_ joined #salt
18:02 jrklein joined #salt
18:04 jfindlay william-otono: can you paste your master config somewhere (removing private info if necessary)?
18:05 william-otono sure, I have a gist for you in a bit
18:07 dendazen joined #salt
18:07 peters-tx Isn't a command such as  salt salt-minion --async cmd.run 'ls -la /'  supposed to produce output that I can get later with  salt-run jobs.print_job <job_id>  ?
18:08 honestly peters-tx: yes it is...
18:09 peters-tx When I run the  salt-run jobs.print_job <job_id>  I do see the job, start time, etc, but Result is just "----------"
18:09 peters-tx Almost as if it hasn't completed I guess
18:09 peters-tx There is only a Start Time
18:09 peters-tx No completion time or anything
18:10 peters-tx I'm getting the feeling that I have something messed up perhaps
18:11 peters-tx I'll build a gist real quick
18:11 william-otono @jfindlay https://gist.github.com/wkral/f580a5459547cda70ae66075c3d231a4  added a version report as I suspect it's your next question too
18:11 XenophonF AndreasLutro: LOL
18:12 peters-tx https://gist.github.com/PeterS242/08185e781781757158909742db360606
18:13 Disorganized_ joined #salt
18:13 peters-tx https://gist.github.com/PeterS242/5b3955f196a9bfbad474395bd62c54a6  With a more immediate test added
18:14 peters-tx Strange.
18:14 jfindlay william-otono: that is strange.  I can't really figure anything based on what I know about salt fileservers and your provided config
18:14 Disorganized_ I'm trying to set up aws sqs notifications to salt, but am getting this error in my logs: No authentication credentials found when attempting to make sqs_event engine connection to AWS.
18:14 jfindlay william-otono: do you know what is different about the other environment that doesn't max out IO?
18:15 william-otono Yeah, it is strange espeicially since I have basically a clone of this where it doesn't do it
18:15 Disorganized_ I've got the sqs.key and sqs.keyid set up in my master config, but it doesn't appear to be taking them
18:15 Disorganized_ has anyone set this up sucessfully?
18:15 william-otono No I've been trying to figure that out comparing config
18:15 william-otono For a long time I thought it was a memory issue since we upgraded that box previous and that seemed to resolve the problem
18:16 william-otono Just upgraded this box too the same size too
18:16 XenophonF fileserver.update doesn't do that, too?
18:16 william-otono versions are the same as we have our salt and OS version pegged internally
18:16 XenophonF oh sorry wrong convo
18:19 william-otono But it seems to be reading the file contents over and over again been watching the proc/fd dir
18:20 jfindlay william-otono: it might be instructive to watch the master debug log when this happens
18:21 jfindlay or see if there is anything in there that looks suspicious
18:22 william-otono with the default log level not seeing anything but I'll reset it to debug
18:22 DammitJim joined #salt
18:22 SpX joined #salt
18:24 william-otono seeing a lot of "2016-05-13 18:23:23,345 [salt.loaded.int.fileserver.s3fs][INFO    ][21429] roam-build-artifacts - base : <our file path>"
18:25 fracklen Is there a way to access runners (e. g. pillar.show_pillar) in jinja in an orchestration?
18:25 manji joined #salt
18:26 majikman joined #salt
18:29 amcorreia joined #salt
18:29 hasues joined #salt
18:29 hasues left #salt
18:30 cnk joined #salt
18:34 william-otono seeing it initiate the s3 sync all the time: 2016-05-13 18:29:25,090 [salt.loaded.int.fileserver.s3fs][DEBUG   ][21429] Writing buckets cache file 2016-05-13 18:29:25,103 [salt.loaded.int.fileserver.s3fs][INFO    ][21429] Syncing local cache from S3...
18:38 tracphil joined #salt
18:42 pipps joined #salt
18:43 pipps joined #salt
18:48 sthns joined #salt
18:48 twork_ i'm reading: https://github.com/bbinet/pillarstack/blob/master/README.rst
18:49 bshelton229 joined #salt
18:49 twork_ i've got everything set up for my first try, i think, but what i don't see is how to refer to my new pillar-like dict in my minion's config file
18:50 twork_ for instance, in the top.sls of my pillar, i tried just a bare 'stack', that returns an error
18:50 twork_ (no shock there)
18:51 twork_ the cfg for my ext_pillar is at '/srv/ext_pillar/first-try.cfg', and that path is listed as such under ext_pillar in the master's config file
18:53 hasues joined #salt
18:53 hasues left #salt
18:55 twork_ in my various thrashes, the errors that i get complain that '[name i tried].sls in environment 'base' is not available the salt master'... but the page i'm reading from doesn't say anything about an sls file to use to refer to my pillar, so i'm guessing this is Just Obvious?
19:00 shiriru joined #salt
19:10 twork_ ...i am using the version of salt that comes with my debian, 'salt-master 2015.5.3 (Lithium)', which is why i had to ad the extension directory myself in the first place. might that be my trouble?
19:12 twork_ (should i be rfming? i did look, homest...)
19:15 josuebrunel joined #salt
19:16 ajw0100_ joined #salt
19:24 Kruge Anyone have any idea why putting s3- at the start of a salt-cloud profile name would cause salt-cloud to fail to parse the profile file?
19:24 debian112 joined #salt
19:27 twod_amhi joined #salt
19:27 edrocks joined #salt
19:31 twod_amhi I need to bring up a group of nodes in stages.  In the first stage, the salt master should provision some of the resource servers that host things like PXE images, etc.  In the second stage, the master should provision the rest of the nodes (which require resources from the first set of servers.)
19:32 twod_amhi With no DNS server provisioned initially, the nodes will all use a hosts file.
19:33 twod_amhi But once the DNS server has been provisioned, the hosts files will be emptied out.
19:33 twod_amhi So I need completely different states for each stage of bringing up the nodes.
19:33 twod_amhi I don't know how to organize these states in salt.
19:33 AndreasLutro orchestrator
19:34 twod_amhi It seems wrong to use environments (dev/qa/prod) because this isn't separate servers running similar states, this is the SAME servers running completely different states.
19:34 twod_amhi Does orchestrator address this well?
19:35 AndreasLutro yep
19:36 Tanta or write your own provisioning script that can do it in stages, and verify each step is completed successfully before going on
19:36 Tanta seems like a good case for a wrapper
19:38 mowntan joined #salt
19:39 mowntan joined #salt
19:39 mowntan joined #salt
19:39 jfindlay twork_: the last I knew debian was up to 2015.8.8
19:39 jfindlay william-otono: it seems that something wonky is going on with the s3 fileserver
19:40 jfindlay william-otono: you might consider filing an issue on that, but I know there have been updates to s3fs since the salt version that you're running
19:41 jfindlay you could also try a later version, but I'm not very familiar with the s3fs code, so I can't say for sure
19:42 twork_ jfindlay: i don't have any specific indication that the deb version i'm on is the source of my trouble
19:43 twod_amhi AndreasLutro, how would your organize your states cleanly?
19:43 twork_ more likely, i just don't know how to refer to my new external pillar once i've got it installed
19:43 johnkeates joined #salt
19:43 twork_ rather: what to put in top.sls for my test minion
19:44 jfindlay twork_: you mean for the pillar top file?
19:44 twork_ jfindlay: yeah
19:44 twork_ this is my first ext_pillar outing
19:44 twod_amhi AndreasLutro, I'm imagining something like `salt '*' state.firststate; check state; salt '*' state.secondstate'
19:44 jfindlay twork_: you could try a simple top that makes it available everywhere and see if you get anything out of it
19:47 twork_ jfindlay: happy to do that but my issue is: how to refer to it at all? the pillar sources i'm building reside in '/srv/ext_pillar, where there are two source files in pillar format, plus a 'first_try.cfg', and i can't figure out how PillarStack presents that to my master
19:47 twork_ i have two rough guesses:
19:49 twork_ one: i don't know how to write my top file so that it addresses my external pillar correctly;
19:49 AndreasLutro twod_amhi: doesn't really matter, as long as you organize them so that you can execute them in the order you want
19:49 mapu joined #salt
19:49 twork_ or two: my master doesn't have the guts to process this external pillar at all and no matter what i try, nothing will come out at the minion.
19:51 twork_ i can't find anything in the docs page for PillarStack that tells me how to refer to my ext_pillar in the top.sls, and i'm guessing that's because It Should Be Obvious
19:51 DammitJim joined #salt
19:52 twork_ ...or maybe i've guessed right at some point in my top, but my PillarStack config is bad. dunno!
19:57 twork_ reading the code for pillarstack itself, i don't see anything that looks fancy, so my and-install into my older salt version would croak...
19:57 ajw0100 joined #salt
19:57 martoss joined #salt
19:58 jfindlay twork_: having not work with external pillars before, my guess is that once it gets to the pillar top file, all of that would have been handled in that external pillar's specific configs and you should be able to refer to it as normal pillar data
20:00 twork_ jfindlay: yes, that's what the docs say
20:01 jfindlay twork_: sorry if you've already posted this before, but do you have a gist of where you're at currently?
20:02 twork_ jfindlay: i do not. there hasn't been much to post, but i'll try
20:02 steffo joined #salt
20:02 perfectsine joined #salt
20:03 jfindlay you might want to try pinging bbinet and/or filing an issue on that repo
20:03 pipps joined #salt
20:11 martoss hey folks, what's the best way to only return events from a minion function execution and not a job return? I am thinking about how to collect nagios / icinga check results and transport them to the monitoringserver. My current idea is to write an engine running on the minions, running nagios.run_all_pillar and passing the return as an event.fire_master. An engine on the master checks the validity and rethrows events to a specific monitoring ma
20:15 twork_ jfindlay (et al): https://gist.github.com/mjinks/efd2282649723f738560b6ea8dd44fcc
20:15 twork_ the 'not available in the salt master' thing is what i'm trying to figure out how to fix
20:17 DanyC joined #salt
20:17 twork_ you see why i'm confused. is my master just misconfigured? or do i not know what to feed it?
20:20 twork_ the docs i'm accusing of being incomplete are at: https://github.com/bbinet/pillarstack
20:21 DanyC all seeking some suggestions: having a pillar file with a mixture of pure yaml block + jinja variables, what is the best way to load it so that i can parse it and encrypt every key value except jinja variables ?
20:21 jfindlay twork_: I think your top file syntax is incorrect, https://gist.github.com/mjinks/efd2282649723f738560b6ea8dd44fcc#gistcomment-1777163
20:23 jfindlay twork_: the top level item(s) in the top file are the saltenvs, and then the minion targeting
20:23 subsignal joined #salt
20:24 twork_ jfindlay: no doubt. so: what's the environment that my minion *should* be seeing, if not 'stack'?
20:24 twork_ i've tried a few.
20:24 twork_ some outright dumb.
20:25 twork_ (ya never know. computers.)
20:25 twork_ put another way (because i don't expect you to know outright):
20:25 twork_ how do i find that out?
20:26 jfindlay the default is called base
20:26 jfindlay so if you're not sure, that example I commented may work as is
20:26 twork_ oh... sorry, yes, my minion is under base.
20:26 twork_ i didn't paste that in.
20:26 Ayo joined #salt
20:27 cedwards i've heard there is now a minion-side reactor. is that implemented through the reactor engine, or are they different?
20:27 jfindlay hm, at that point the best I can suggest is to file an issue against the pillarstack repo
20:27 jfindlay or dig into the code and start debugging
20:28 twork_ ...rilly? this is twork being dumb, i am certain.
20:28 twork_ but i guess i'll go file a bug.
20:28 twork_ won't be the first "twork dumbness" bug the world has seen.
20:28 jfindlay cedwards: https://github.com/saltstack/salt/pull/31807
20:28 saltstackbot [#31807]title: Add reactor as an engine | ### What does this PR do?...
20:28 jfindlay twork_: you and me together.  I don't know what's going on :)
20:29 twork_ hooray!!
20:29 teryx510 joined #salt
20:29 cedwards jfindlay: thanks. looks like i was on the right track.
20:29 ahammond in the context of an orchestration, are custom execution modules available? If not, is there something similar I should be using?
20:29 cedwards jfindlay: can you tell me what release that is available in?
20:30 teryx5101 joined #salt
20:30 ahammond cedwards 2106.3 has the Thorium reactor, which, I think, is what you want
20:30 DanyC joined #salt
20:31 DanyC any idea?
20:31 jfindlay cedwards: v2016.3.0rc1-1918-g197fc2b, so I'm guessing 2016.3.0
20:31 cedwards thanks
20:31 jfindlay DanyC: I know cedwards uses gpg pillars
20:32 cedwards what's up?
20:32 `chris joined #salt
20:32 coleman joined #salt
20:34 DanyC @jfindlay i used that in the past and gave up tbh due to specials characters ... So @cedwards (in case you can help out): basically i have pillar files which i want to store them in git (for others to view it) but encrypt the sensitive data. As of now we are using gpg to encrypt the whole file but that sucks as you can't diff
20:35 cedwards we're using gpg pillar to encrypt the string/phrase/object and use jinja templating to reference it where needed.
20:35 DanyC so what i tired was to use sops to encrypt only the yaml values but that fails in case i have Jinja variables. So my question is: anyone has a better idea to encrypt only the pillar's values?
20:36 DanyC if you do that cedwards a) how to you encrypt it strings in the pillar file? manually outside for each string and then copy/ paste into pillar file?
20:37 cedwards we actually wrote a tool do automate all of that.
20:37 cedwards we call it S4 (SaltStack Secret Storage)
20:39 zmalone careful, there are some gpg pillar issues which can impact using it for storing common secrets (like passwords)
20:39 sagerdearia joined #salt
20:39 zmalone https://github.com/saltstack/salt/issues/24556
20:39 saltstackbot [#24556]title: gpg encoded invalid password crashing yaml | The gpg encoded literal block is converted to a non-literal one on decoding, causing some passwords to crash the server. The GPG encoded passwordcontained the {} ' " chars....
20:39 DanyC cedwards: and i suspect is internal/ private & not s'thing i can see ?
20:39 DanyC zmalone: exactly why i gave up last time i tried to use it
20:39 cedwards zmalone: thanks for that. i'll watch the issue.
20:40 perfectsine_ joined #salt
20:40 DanyC and i ended up encrypting the whole pillar file which sucks as is only a blob file in git
20:41 DanyC if i knew how to escape the jinja syntax during yaml.load_all that will be great
20:42 DanyC anyone knows the code how salt does the pillar parsing and avoids yaml errors ?
20:42 zmalone It also decrypts on the master, so it protects your secrets at rest in your git repo, but it doesn't protect them from mis-targetting
20:43 zmalone so if you target foo* instead of foo-topsecret* by accident, gpg pillars won't help, because they are decrypted on the master, rather then on the end consumer of the secrets
20:44 Disorganized_ ugh. has anyone here successfully set up sqs notifications to a salt master? has there been a change recently in the way it's configured or anything?
20:45 DanyC cedwards: zmalone this is what i'd love to do https://github.com/huwtl/secure_yaml but it fails due to jinja syntax
20:51 Bico_Fino joined #salt
20:53 Bico_Fino It’s possible to add a server to a nodegroup via API?
20:55 tracphil joined #salt
20:55 ahammond Bico_Fino nodegroups kinda suck for anything dynamic. :(
20:55 Bico_Fino ahammond: I need something to enable/disable servers.
20:55 ahammond Bico_Fino how specifically do you want to do that?
20:56 Bico_Fino ahammond: Via api, I was thinking about grains. But grains are local.
20:56 ahammond Bico_Fino and... do you already have a CMDB?
20:57 ahammond because, if you _do_ have a CMDB then you almost certainly want to start with an ext_pillar to extract the CMDB's data.
20:57 Bico_Fino ahammond: Nope. The idea is to disable a server that is already enabled, for example move the server to non states.
20:57 Bico_Fino ahammond: Maybe with pillars/roles.
20:57 pipps joined #salt
20:58 ahammond Bico_Fino So... when you say "disable" you mean run a different set of states? Or do you mean something like "disconnect it from salt"
20:59 Bico_Fino ahammond: The idea would be disconnect it from salt, but run to a different set of states would do.
20:59 Bico_Fino ahammond: Maybe this -> salt --pillar 'webserver_role:dev' state.apply webserver.foobarcom
21:00 ahammond Bico_Fino use a pillar. ext_pillar if you want it to be dynamic
21:01 Bico_Fino ahammond: and on top.sls I will have base/disabled
21:01 ahammond Bico_Fino you could use environments, but I don't have much experience with them, and I don't think they'll give you the dynamic behavior you want.
21:03 Bico_Fino ahammond: I will try pillars. )
21:03 Bico_Fino ahammond: Thanks dude.
21:03 ahammond Bico_Fino no problem. Specifically ext_pillars. There are a dozen pre-built ones you can use, and it's easy to make your own.
21:04 coleman Running Salt on Centos6, I am trying to do initial key-exchange between master and minion. Minion hangs forever on initializing a ZeroMQ connection.
21:05 coleman I've read some issues, maybe related to zero mq version. Is this a common thing?
21:06 Bryson joined #salt
21:06 william-otono jfindlay: Thanks for the help, I had to run earlier I'll see if I can try with a newer version, the reason we had pegged that version was that we ran into some bugs with newer builds but hopefully they've been fixed now.
21:07 eightyeight joined #salt
21:07 armguy joined #salt
21:08 jfindlay william-otono: sure, and if you still have problems with a newer release, I'd say to file a bug and we can look into what may be happening with s3fs to cause that
21:10 debian112 joined #salt
21:12 beeerd joined #salt
21:17 ahammond coleman zeromq used to be a nightmare. Assuming you've added repo.saltstack.com and are using the 0mq packages from there, it should be fine.
21:17 ahammond coleman if you're _not_ using the 0mq packages from saltstack... You're Gonna Have a Bad Time.
21:20 beeerd Having trouble installing 2016.3.0rc3 with salt bootstrap
21:20 beeerd anyone else seen this? https://gist.github.com/beeerd/cc25b40160d70f25b42e82c7c35d2d55
21:20 peters-tx Ok for anyone that saw my comments way way earlier.... job_cache: False
21:20 peters-tx Yay
21:20 peters-tx And this is why I could not see results from --async
21:23 ahammond From the context of an orchestration, how do I access salt.wheel.keys.list_all() ?
21:28 whatevsz joined #salt
21:29 fracklen joined #salt
21:33 scott joined #salt
21:33 Guest40472 left #salt
21:34 ScottK_ joined #salt
21:35 mohae_ joined #salt
21:35 tracphil joined #salt
21:36 ScottK_ I'm trying to use the sudoers-formula from the saltstack github. Once I have everything in place and i try to run salt 'host' pillar.get sudoers, it doesn't return anything. Anyone know what might be causing this?
21:41 viq joined #salt
21:43 pipps joined #salt
21:44 brianfeister joined #salt
21:51 coval3nce joined #salt
21:51 coval3nce If i have one state that makes srue a servie is running, and another that makes sure a config file for that service is managed, where shold the WATCH statement go in order to restart the service on changes?
21:52 coval3nce e.g. - how to link up 2 states?…or am i doing it wrong?
21:55 tracphil joined #salt
21:55 beardedeagle joined #salt
21:56 perfectsine joined #salt
21:57 beardedeagle is there documentation anywhere of what expr_form's salt-api accepts? I can get list, ipcidr and obviously glob, but if I try something like grain it returns nothing and a look at the job cache shows it ran as glob anyway.
22:01 hal58th joined #salt
22:03 bshelton229 joined #salt
22:03 twork_ joined #salt
22:05 amcorreia joined #salt
22:06 twork_ ok, so... taking a step back from PillarStack, and taking a fresh look at the problem i'm trying to address. i need to address two partial versions of a pillar into one.
22:07 twork_ but like it says here, i have a problem: https://docs.saltstack.com/en/latest/topics/pillar/#pillar-namespace-merges
22:07 twork_ "so long as conflicts are avoided". my source files are guaranteed to have conflicts.
22:08 punkoivan left #salt
22:08 hal58th joined #salt
22:09 twork_ that was what led me to PillarStack. but, genius that i am, i'm not making that tool work and it's got me thinking i might not be taking the right approach at all.
22:11 twork_ so now i'm back where i started, at "this is such an obvious issue, it has to come up all the time."
22:13 twork_ having said that, i'm headed off to grep/sed/awk land.
22:16 rim-k joined #salt
22:18 nidr0x joined #salt
22:19 hal58th joined #salt
22:21 Biopandemic joined #salt
22:22 onlyanegg joined #salt
22:28 viq joined #salt
22:30 perfectsine joined #salt
22:32 perfectsine joined #salt
22:34 protoz joined #salt
22:34 izaki joined #salt
22:36 izaki Hi! I just realized that I have been bitten by a tiny bug (that is giving me a huge headache)... I know the fix has been committed to master
22:36 izaki I was wondering if anybody knows how often new packages are built for debian based distros
22:36 izaki (officially)
22:36 zenlot6 joined #salt
22:45 hal58th joined #salt
22:52 viq joined #salt
22:59 komputes joined #salt
23:02 protoz joined #salt
23:06 pipps joined #salt
23:08 protoz joined #salt
23:13 protoz_ joined #salt
23:13 jamesp9 joined #salt
23:15 jimklo_ joined #salt
23:15 moloney joined #salt
23:17 armguy joined #salt
23:19 moloney How should I provide pillar data to master side stuff?  I have a reactor where I would like to access some pillar data.
23:22 protoz joined #salt
23:29 jimklo joined #salt
23:29 moloney hmm, well to answer my own question it looks like pillar data is not always available for reactors (although if your master is also a minion it can be, but not in a reliable way)
23:30 moloney do people stick config info for master side stuff somewhere else?
23:31 wendall9111 joined #salt
23:31 manji joined #salt
23:32 tristianc joined #salt
23:48 protoz_ joined #salt
23:49 ajw0100 joined #salt
23:50 mr_chris joined #salt
23:55 keldwud_ joined #salt
23:58 protoz joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary