Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2016-05-17

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:09 onlyanegg joined #salt
00:11 quasiben joined #salt
00:18 Muchoz joined #salt
00:19 mattbillenstein hmm
00:19 mattbillenstein ok
00:19 mattbillenstein so key thing
00:19 mattbillenstein --hard-crash
00:19 mattbillenstein then just ctrl-c it where it seems to be taking time
00:19 mattbillenstein seems to be trying to init sentry logging
00:21 quasiben joined #salt
00:21 mattbillenstein ok
00:21 mattbillenstein uninstalling sentry makes a ping take 4s instead of 15
00:21 mattbillenstein man
00:21 mattbillenstein that's retardo
00:22 aqua^c joined #salt
00:23 rgrinberg joined #salt
00:23 subsignal joined #salt
00:29 racooper joined #salt
00:33 mattbillenstein furthermore, setting a *minion* id in the *master* config drops it to 1.7s
00:33 mattbillenstein wtf
00:34 quasiben joined #salt
00:36 jfindlay the `id` config is not strictly a minion thing.  There is at least one case that I know of where it can be used for the master
00:36 jfindlay I'd have to look it up though
00:36 jfindlay it could be documented better
00:36 mattbillenstein yeah, the logging says to set it in the minion config
00:36 mattbillenstein I guess syndic?
00:40 ageorgop joined #salt
00:41 jfindlay this is what I was thinking of: https://github.com/saltstack/salt/blob/v2016.3.0rc3/salt/config/__init__.py#L3000-L3006
00:41 felskrone joined #salt
00:42 jfindlay https://github.com/saltstack/salt/blob/v2016.3.0rc3/salt/config/__init__.py#L3000-L3012
00:42 jfindlay I could see how a DNS resolution could slow that down
00:44 edrocks joined #salt
00:45 ok_ joined #salt
00:51 sjmh @jfindlay - if you're around still - you mind answering my question from earlier?  what the heck is the diff. between execution_modules and module_dirs?
00:51 sjmh besides one takes a string and the other, a list.
00:58 mattbillenstein yeah, I guess a reverse dns lookup in there
00:58 mattbillenstein anyway
00:58 mattbillenstein 17s to 1.7s
00:58 mattbillenstein small victory
01:08 murrdoc joined #salt
01:11 Nahual joined #salt
01:12 tristianc joined #salt
01:17 ok__ joined #salt
01:18 pipps joined #salt
01:48 ok_ joined #salt
02:04 pipps joined #salt
02:07 futuredale joined #salt
02:10 sagerdearia joined #salt
02:11 onlyanegg joined #salt
02:20 ok__ joined #salt
02:20 mapu joined #salt
02:24 iceyao joined #salt
02:29 iceyao_ joined #salt
02:35 favadi joined #salt
02:36 majikman joined #salt
02:43 writtenoff joined #salt
02:46 edrocks joined #salt
02:46 ninjada joined #salt
02:46 subsignal joined #salt
02:47 ninjada joined #salt
02:51 brianfeister joined #salt
02:51 ok_ joined #salt
02:58 ninjada joined #salt
02:58 pipps joined #salt
03:04 rem5 joined #salt
03:22 rihannon joined #salt
03:23 ok__ joined #salt
03:24 ramteid joined #salt
03:32 lionelhutz joined #salt
03:33 lionelhutz left #salt
03:49 hasues joined #salt
03:49 hasues left #salt
03:54 macheck joined #salt
03:55 macheck joined #salt
03:58 rojem joined #salt
04:01 hal58th joined #salt
04:06 macheck left #salt
04:06 macheck joined #salt
04:17 jamesp9 joined #salt
04:20 Vishvendra joined #salt
04:40 brianfeister joined #salt
04:41 Ayo joined #salt
04:49 edrocks joined #salt
04:49 Vishvendra joined #salt
04:52 hvn joined #salt
04:57 ramteid joined #salt
05:02 guardianJ joined #salt
05:03 guardianJ joined #salt
05:04 ivanjaros joined #salt
05:05 jimklo joined #salt
05:05 guardianJ joined #salt
05:09 guardianJ left #salt
05:21 mohae joined #salt
05:24 ageorgop joined #salt
05:28 ageorgop joined #salt
05:33 keimlink joined #salt
05:35 kawa2014 joined #salt
05:45 Muchoz joined #salt
05:46 iceyao joined #salt
05:47 rdas joined #salt
05:47 sauvin joined #salt
05:48 ageorgop joined #salt
05:50 DEger joined #salt
05:53 iceyao_ joined #salt
05:55 DEger joined #salt
06:02 colttt joined #salt
06:07 writteno1 joined #salt
06:16 Muchoz joined #salt
06:17 jeddi joined #salt
06:22 mavhq joined #salt
06:23 keimlink joined #salt
06:29 ivanjaros joined #salt
06:29 brianfeister joined #salt
06:31 duncanmv joined #salt
06:32 fl0w0lf joined #salt
06:32 west575 joined #salt
06:34 martoss joined #salt
06:34 Muchoz joined #salt
06:36 Vishvendra joined #salt
06:43 Muchoz joined #salt
06:44 estahn hey guys, how can i queue up state.sls executions?
06:44 estahn e.g. salt '*' --subset 1 state.sls foobar
06:45 estahn currently i have the issue that cron starts multiple state.sls at the same time and i get the following message "The function "state.sls" is running as PID 26395 and was started at 2016"
06:47 fracklen joined #salt
06:49 ravenx joined #salt
06:50 ravenx how can i nest my jinja if
06:50 ravenx i want to do a nested if, can someone check my syntax, it keeps saying that there is some block mapping start error.
06:51 edrocks joined #salt
06:51 iggy ravenx: gist it?
06:51 brianfeister joined #salt
06:51 iggy nested if's are fine
06:52 ravenx yup will do
06:52 ravenx gimme a sec
06:52 iggy preferably with the actual error output
06:52 ravenx iggy: http://ix.io/Fo2/#n-LINENO
06:52 ravenx and the error output:
06:53 iggy your yaml isn't indented correctly
06:53 ravenx o_O which part of the yaml?
06:53 ravenx the entire thing?
06:53 iggy you indent the yaml independently of the jinja
06:54 teatime I don't see any errors in his yaml identation
06:54 iggy so after `supertools`, the make lines are indented 2x (4 spaces)
06:54 kbaikov joined #salt
06:55 teatime or his jinja, so I am waiting with baited breath for the error message
06:55 ravenx so on line 4 i have to indent?
06:55 teatime oh, you're right
06:55 teatime you can't indent and then half-un-indent
06:55 teatime ravenx: imagine this file contained only lines 1, 4, and 8
06:55 teatime and I think you will see the issue
06:56 iggy ^
06:56 ravenx i think i may know what you're saying
06:56 Elsmorian joined #salt
06:57 iggy it might also help if you pasted some expected output
06:58 ravenx okay i give up it's a huge mess
06:59 ravenx i can't see the error, could you point it out to me?
07:01 ravenx using this input:  http://ix.io/Foc/#n-LINENO  i got this output:  http://paste.debian.net/686786/
07:01 ravenx the expected output is that server one should have it's own make, and server 'two should' should have its own.  by the url-host is common between both of them.
07:02 iggy you don't have a url-host inbetween supertool and the first make
07:02 ravenx i thought i could just declare it once, no?
07:02 iggy so line 3 should be `url-host: <something>`
07:03 iggy yeah... above the info that's supposed to be underneath
07:03 AndreasLutro ravenx: remove all the jinja temporarily and see for yourself how inconsistent the indentation is
07:03 iggy so move line 8 to 3
07:03 iggy I guess
07:03 iggy if that's what you're trying to achieve structure wise
07:04 iggy and line 15 to 10
07:04 iggy and indent 17 more
07:04 iggy (maybe?)
07:04 iggy or unindent all the make lines
07:05 iggy it's really hard to tell without more context
07:06 ravenx so you mean the output?
07:06 iggy the output doesn't change the indentation
07:07 ravenx i can provide output, with this:  http://ix.io/Foi/#n-LINENO i got:  http://paste.debian.net/686797/
07:07 ninjada_ joined #salt
07:07 iggy it just strips out the {% if %} lines and whatever doesn't match inbetween
07:08 iggy so yeah, just unindent the make lines
07:08 ravenx gotcha, lemme give that a shot
07:09 ravenx hooray, it works.
07:09 iggy do you understand why?
07:09 ravenx yes, because the if statements ar enested
07:10 ravenx and the K:V pairs are not dependent on them :)
07:10 ravenx so it is unlike C programming :PO
07:10 iggy because they don't impact the indentation of the yaml bits
07:11 ravenx so all my K:V will be on the same column, correct?
07:11 favadi joined #salt
07:11 iggy you _can_ nest them too, but yeah it's perfectly valid to put everything under the supertool key at the same level
07:12 teatime ravenx: all of the keys for a given mapping must begin at the same column
07:12 ravenx iggy: gotcha
07:13 iggy but if you did nest them, the format is a little different
07:13 ravenx so max is two spaces?
07:13 teatime no
07:13 teatime an indent can be whatever you want
07:13 ravenx as long as they are all the same?
07:13 teatime yes
07:13 teatime within that mapping
07:13 teatime they can be different in different mappings
07:13 teatime (mappings are what become dicts.  well, odicts actually, but..)
07:13 ravenx gotcha
07:14 ravenx thank you two a bunch fo such a troublesome yet (now trivial) problem.
07:14 iggy think about how states are... you have the ID, then the `module.function` line then a list after that
07:14 teatime another satisfied customer.
07:14 ravenx #salt irc channel has been one of the best consistently
07:15 ravenx iggy: true
07:15 kbaikov joined #salt
07:15 teatime the YAML spec is a PITA, but worth a read-through
07:15 iggy ^
07:15 iggy there are some "yaml primer" type docs that might be of help
07:16 ravenx in teh salt website?
07:16 iggy nah, just in general
07:16 iggy yaml is used all over
07:16 teatime heh, the salt docs have at least one YAML doc that sucks
07:16 teatime I should PR it
07:17 iggy at least open a ticket with some ideas
07:18 ravenx or make it so that salt supports the reading of syntactically correct nested yaml :P
07:18 teatime uhh
07:18 teatime you mis-understood something somewhere :)
07:18 aqua^c joined #salt
07:18 teatime salt supports YAML fine
07:18 teatime your YAML was invalid
07:19 ravenx the "nest-as-far-as-your-nested-if-loop" goes
07:19 ravenx or is that a yaml problem?
07:19 teatime ok, I think I get your problem
07:19 teatime you have to realize, Jinja2 and YAML are two totally separate stages
07:19 teatime Jinja processing happens first, and it is just dumb text manipulation
07:19 teatime and outputs the modified (template-processed) text
07:19 ravenx ah gotcha
07:19 teatime which is then fed into the YAML parser
07:20 teatime the two stages have no knowledge of each other
07:20 ravenx cute ._.
07:20 teatime well, for the most part it works fine
07:20 iggy it's elegant in some ways
07:20 iggy and a messy ball of spaghetti code in others
07:20 teatime people are generally using Jinja for outputting HTML so they don't care about extra blank lines or indentation
07:20 evle joined #salt
07:21 ravenx question:  regarding my if statements in my jinja, i used "if graints in ['one']
07:21 ravenx is it better to do that, or say:  grains == 'one'
07:21 iggy ^ it started off as django's rendering
07:21 teatime but if you're like me, and you care that your output HTML looks pretty, you had experience with contorting yourself to get that even w/ templating before you got to Salt :)
07:21 iggy ravenx: your's was better
07:21 teatime iggy: did it?  I think it's very like Django's templates, but they're not the same implementation
07:22 teatime iggy: also, why?
07:22 teatime I was about to say they are equivalent
07:22 iggy teatime: they aren't the same, no, but I was under the impression that jinja was a forked version of django's renderer
07:22 ravenx iggy: mine was "stolen" from stackoverflow.  i would like to learn why the 'in' is better than '=='
07:23 iggy ravenx: more pythonic
07:24 teatime it is??
07:24 teatime more pythonic, I mean
07:24 iggy the in bit, yeah
07:24 iggy for checking lists
07:25 teatime but he's checking against a literal list with one element
07:25 teatime personally, I prefer ==
07:25 ravenx for readability?
07:25 teatime yes
07:25 teatime but it's your choice
07:25 ravenx can i do things like:  grains[id] == 't*'
07:25 ravenx and it matches:  two, three, twenty?
07:25 teatime no
07:25 ravenx gah, why not
07:25 teatime not with that syntax
07:26 teatime you can call any python method an object has, though
07:26 iggy {% if id in ['list', 'of', 'ids'] %} is what I would expect someone who knows python to write
07:26 teatime so you can do grains['id'].startswith('t')
07:26 iggy I think the docs even say it was added to fit more in line with python
07:26 teatime iggy: well of course, if you have multiple values in your list
07:26 teatime iggy: I think you misunderstood his question
07:26 ravenx teatime: that sounds better.  no wonder my wild cards never worked.
07:26 iggy oh, he did in the first one
07:27 iggy missed that the others were single lists
07:27 teatime he asked about «if graints in ['one']» vs. «grains == 'one'»
07:27 ravenx i decided to stick with tradition. and kept my list.
07:27 ravenx i thought of switching to == for the single ones
07:27 iggy look, it's late here
07:27 ravenx but i dont want to risk breaking the fragile system taht is jinja and yaml
07:28 teatime although if you have a bunch of similar comparisons that are mostly like "in ['a', 'b', 'c']"
07:28 teatime and only one of them has a single possibility
07:28 teatime you might still use 'in' for consistency
07:28 sjmh i was gonna say iggy
07:28 sjmh why the heck are you up
07:28 sjmh :)
07:28 ravenx he's up to help me, sucha  selfless individual.
07:28 iggy stupid crickets
07:28 ravenx or taht.
07:28 teatime it is THE YEAR OF THE CICADA! here
07:28 mattbillenstein s/jinja/mako/g
07:29 * teatime shudders.
07:29 iggy I mean yeah... helping out fellow salters
07:29 sjmh :)
07:29 mattbillenstein re fragile jinja/yaml
07:30 sjmh mattbillenstein - did you figure out your perf issue from earlier?
07:30 teatime I am kinda meh about jinja but I don't really have fragility issues
07:30 iggy it may be worse (debatable), but it's better documented
07:30 mattbillenstein mostly
07:30 mattbillenstein so in my venv
07:30 teatime I do see *lots* of really ill-advised jinja'ing in the salt community, though
07:30 mattbillenstein I have raven installed
07:31 mattbillenstein with is the sentry library
07:31 mariusv joined #salt
07:31 mariusv joined #salt
07:31 mattbillenstein and even if you aren't using it, that logging module gets initialized
07:31 teatime mostly in the form of assumptions made about the structure of pillar etc. data
07:31 mattbillenstein and it grabs a bunch of system state
07:31 mattbillenstein calling subprocesses a bunch
07:31 teatime which I guess usually people feel they have tight control over that so don't care.  but I tend to code defensively, if not paranoidly.
07:32 mattbillenstein I never liked jinja
07:32 estahn i was watching this https://www.youtube.com/watch?v=y5FEUd7oG4A ... but it still doesnt explain how to schedule to run a job on a single node across a group of nodes
07:32 mattbillenstein you learn this python-esque DSL
07:32 mattbillenstein when you should just use python
07:32 mattbillenstein ala mako
07:32 mattbillenstein re my perf issues
07:32 iggy or just use python
07:33 mattbillenstein there was also setting the id in the master config
07:33 mattbillenstein that saved a reverse dns lookup I believe
07:33 teatime Django's templates, which have syntax extremely similar to Jinja2, are very excellent.  For their intended use-case.  Which is outputting HTML, based on template params that were generated by python.  It is intentionally simplistic and makes advanced logic hard, because that is the wrong place to have complex logic.
07:33 teatime It does not work as well for Salt as it does in its original role.
07:33 mattbillenstein eh, there's that argument re templating
07:34 mattbillenstein but I don't need a template language to enforce best practices
07:34 mattbillenstein if I want to shoot myself in the foot with a sharper tool, I'll gladly make that mistake over learning a new DSL
07:34 teatime In its original role, it was a very good choice to do just that.  If your use-case needed something else, you would swap Django's templates out for something else.
07:34 teatime and in Salt, if you prefer to write your states in Python, you can do just that :)  as iggy mentions.
07:35 mattbillenstein yeah, but a template is really the right thing for a lot of things
07:35 mattbillenstein config files, etc
07:35 teatime also, I'll gladly learn a template language, rather than do text templating in a general-purpose language, since they all suck at it.
07:35 teatime by comarison.
07:35 mattbillenstein true
07:36 mattbillenstein mako gives you the best of both no?
07:36 teatime never used it; heard lots of good things
07:36 mattbillenstein a template, but python control structures, etc
07:36 teatime heh, tbh, I've disliked every template language I've ever used
07:36 teatime but it's better than the alternative of not using one
07:36 mattbillenstein yeah, using it in my new stuff now
07:37 teatime and jinja is far from the worst
07:37 teatime but a couple of aspects of it really really annoy me
07:37 mattbillenstein if your templates are simple, they're very similar -- jinja/mako
07:37 teatime although I guess, only in salt.  if I was doing HTML I'd be satisfied w/ it.
07:38 teatime mattbillenstein: you do know that salt has a mako renderer, right?
07:38 teatime beardedeagle was using it, but it seemed like was running into issues, 'cause it doesn't get much use/attention.
07:38 teatime so by all means, use it, and report issues :)
07:39 mattbillenstein yeah, I am using it
07:39 mattbillenstein works great
07:39 teatime any issues so far?
07:39 teatime great to hear.
07:39 teatime I think I'll give it a spin myself soon.
07:39 mattbillenstein yeah, I've used mako in pylons / pyramid / flask
07:39 mattbillenstein really nothing to it, set a config and you're done
07:40 mattbillenstein cool
07:40 KermitTheFragger joined #salt
07:40 teatime I tried to ask some questions in the jinja channel one time
07:41 teatime and as soon as they realized I was using it in salt
07:41 teatime they turned into a bag of dicks
07:42 lero joined #salt
07:44 ajw0100 joined #salt
07:44 TyrfingMjolnir joined #salt
07:47 Rumbles joined #salt
07:48 mattbillenstein haha, why was that?
07:48 teatime I dunno, I think they really dislike salt
07:48 teatime and either think it's an inappropriate use of Jinja, or that we implement it poorly
07:49 teatime their biggest complaint, and one I probably mostly agree with, is salt makes it hard to add things to the jinja context
07:50 teatime I was trying to understand if the fact that jinja's if makes a scope for purposes of set was intentional, or if they'd be willing to fix it, or what I was missing
07:50 teatime and they were just like, you should never care!  why would you even use set!
07:51 martoss joined #salt
07:51 teatime {% if foo %} {% set bar = "foobar" %} {% endif %}  seems sensible, but bar is lexically scoped and goes out of scope at the end {% endif %} which is not very useful.
07:51 teatime so you end up w/ hacky workarounds, like this:
07:52 teatime {% set bar = [] %} {% if foo %} {% bar.append("foobar") %} {% endif %}
07:53 iceyao joined #salt
07:54 lero joined #salt
07:54 av_ joined #salt
07:57 manji joined #salt
07:57 mattbillenstein hmm, yeah, ugly
07:59 rim-k joined #salt
08:02 teatime usually, like say in perl, the { } block on if does not create a lexical scope
08:02 teatime probably for this exact reason, I imagine
08:02 teatime if you want one you have to to do if cond {{ }}
08:02 teatime which is reasonable
08:03 josuebrunel joined #salt
08:04 ravenx joined #salt
08:06 mohae joined #salt
08:07 iceyao_ joined #salt
08:08 dmaiocchi joined #salt
08:08 writteno1 joined #salt
08:09 majikman joined #salt
08:09 Biopandemic joined #salt
08:11 wendall911 joined #salt
08:11 Vishvendra joined #salt
08:12 josue joined #salt
08:14 bdrung_work joined #salt
08:17 josuebrunel joined #salt
08:17 dmaiocchi joined #salt
08:19 s_kunk joined #salt
08:23 mpanetta_ joined #salt
08:24 jhauser joined #salt
08:25 tuxx joined #salt
08:25 fredvd joined #salt
08:28 keimlink joined #salt
08:30 GreatSnoopy joined #salt
08:33 Elsmorian joined #salt
08:40 linjan__ joined #salt
08:47 Sylvain31 joined #salt
08:51 ravenx joined #salt
08:52 ravenx for one of my salt states, i am passing in pillar data via the command line and i was wondering how i can set a value to default to, when the user doesnt' specify any pillar data
08:52 ravenx it is pertaining to git.latest:
08:52 ravenx - rev: {{ salt['pillar.get']('super-tool:git_branch') }}
08:52 babilen ravenx: Target a suitable "default" pillar?
08:53 ravenx and they pass in the branch name like:  salt 'server1' state.sls super-tool pillar="{{'super-tool': {'git_branch': 'coolest-branch''}}}"
08:53 ravenx babilen: i didn't quite get that, what do you mean by targetting a suitable default pillar?
08:53 edrocks joined #salt
08:53 ravenx i would like for it to fall back to rev: master
08:54 babilen You create /srv/pillar/supertool.sls in which you specify super-tool:git_branch: master and target that to your minion in /srv/pillar/top.sls
08:54 teatime ravenx: if you give pillar.get a 2nd argument, that will be the fallback value.
08:54 babilen Or use ^
08:54 yuhlw joined #salt
08:55 ravenx babilen: ah. so all i have to do is specify it in its pillar file?
08:55 ravenx and any command line will subsequently, automatically overwrite it?
08:55 teatime there's a default() too for general purposes, but {pillar,grains,mine,}.get have it built in
08:55 ravenx no literally overwrite, i mean:  override*
08:56 yuhlw joined #salt
08:56 babilen salt['pillar.get']('super-tool:git_branch', 'master') is what teatime is referring to
08:56 ravenx ah okay
08:57 ravenx lemme try the pillar method too
08:57 ravenx the supertool.sls
09:02 ravenx hmm
09:02 ravenx i keep getting this:  'None' is not a valid value for the 'rev' argument   still
09:03 ravenx despite: salt '*' pillar.items  shows the correct one.
09:03 teatime isn't there a bug or misfeature
09:03 teatime with command-line provided data
09:03 teatime that is becomes the ONLY pillar data
09:03 teatime rather than being merged in
09:04 ravenx :|
09:04 ravenx is there??
09:06 teatime see what happens when you provide pillar data and run pillar.get
09:06 teatime well, pillar.items whatever
09:09 ravenx alright give me a sec
09:09 steffo joined #salt
09:09 babilen teatime: Yeah, that is exactly what happens
09:10 teatime welp, there you have it ravenx
09:10 babilen So, if you provide it on the command line that data is used and if you don't the "default" is being used
09:10 babilen That works as long as you don't require other pillar data
09:11 babilen Maybe it is being merged nowadays (with command line being merged in last), but IIRC command line pillar replaced normal pillar
09:11 * babilen rarely specifies pillar data on the command line though
09:12 teatime ravenx seems to be building around it quite a bit
09:12 teatime which may be a sign of Doing It Wrongâ„¢
09:12 teatime or not, dunno
09:12 teatime ravenx: but worth considering
09:12 tracphil joined #salt
09:13 ravenx teatime: it is only for an integration environment.
09:14 ravenx dev wishes to be able to build deploy any branch of their choice
09:14 ravenx on staging and pro duiction servers, it is better as it only stable.
09:15 babilen https://github.com/saltstack/salt/issues/18429
09:15 saltstackbot [#18429]title: Pillars passed from command-line override pillar subtrees instead of merging | assuming a pillar containing:...
09:15 babilen Claimed to be fixed in https://github.com/saltstack/salt/pull/32288
09:15 saltstackbot [#32288]title: use dictupdate.merge instead of dict.update to merge CLI pillar overrides | Fixes #18429.
09:18 babilen Looks as if that hasn't made it into a release yet
09:19 ravenx gaaah
09:19 babilen You could patch your master locally
09:19 babilen https://github.com/saltstack/salt/pull/32288/files
09:19 saltstackbot [#32288]title: use dictupdate.merge instead of dict.update to merge CLI pillar overrides | Fixes #18429.
09:20 babilen Those are the changes .. alternatively just rely on specifying the default argument to pillar.get as teatime suggested
09:22 fracklen joined #salt
09:31 ravenx gotcha
09:31 ravenx i think i will do the patching on my master.
09:33 flebel joined #salt
09:35 rrei joined #salt
09:36 ravenx could someone help me with more jinja goodness?
09:36 ravenx it has more to do with logic, and i am sure that this time, my indentation is right.
09:36 ravenx https://paste.debian.net/686825/
09:37 babilen --verbose --pastebin please ;)
09:37 babilen Ah :)
09:37 ravenx it keeps saying that the run-fluffy is not found
09:37 ravenx babilen: are those flags built into salt?
09:37 babilen No, they are built into you
09:38 ravenx ah okay, i did upload it on pastebin :)
09:38 ravenx essentially, i dont want this command to run on 'one' and 'two' server (as those my vagrant boxes), i only want them to run on all but those. and on vi1 and vi2, it must be a ssh command, and on vs1 it must be a cdn script.
09:39 babilen We'd also need the actual error. I'd also like to point out, that I would recommend to either: 1. Set the "- name" argument here in pillars and target suitable data to your 'one', 'two' boxes or 2. Target correctly working states ..
09:39 teatime yes, I was about to say, please always provide the error message when you pastebin problematic code.
09:40 ravenx i see. sorry, my bad, let me get you the output.
09:40 babilen ssh cdn-user@localhost  is also a suboptimal command
09:40 ravenx how come?
09:40 teatime also I do not know if ~ works like that in name: jsyk; unless you know specifically that it does, assume it doesn't.
09:40 teatime ravenx: it's interactive
09:40 babilen ravenx: It wouldn't return, would it?
09:40 ravenx true.
09:41 ravenx cuz i tested it on the shell it worked.
09:41 babilen So salt just sits there waiting for input
09:41 teatime why would ssh @localhost anyway; are you doing that to make sure your environment is setup?
09:42 ravenx this line is from a dev, -_-
09:42 ravenx is it better to put this as a script?
09:42 teatime to put what
09:43 teatime also, you should also realize that on any host that isn't one, two, vi1, vi2, or vs1, this will try to run "run-fluffy"
09:43 flebel joined #salt
09:43 ravenx oh god so my logic is wrong?
09:44 teatime if this will ever execute on any machines I didn't name, yes.
09:44 teatime because on such machines, there will be no name:
09:44 ravenx i thought that after it got past line 1, it should only be:  vi1, vi2 and vs1, no?
09:45 teatime line one only ensures it's not one or two
09:45 teatime so it only ensures it's vi1, vi2, or vs1 in the situation that, again, you only have the hosts I named in your environment
09:45 teatime maybe I could have said this simpler:
09:45 teatime your if doesn't have an else
09:46 ravenx the if for the line 1?
09:47 teatime no, the second one
09:47 teatime since there's no else condition to set a default name, name only gets set for those 3 specific hosts
09:47 teatime any other hosts will use the 'run-fluffy' name from the stateid
09:48 ravenx my servers are only so big as :  one, two vi1, vi2 and vs1
09:48 ravenx my name: shouldn't ever be empty.
09:49 ravenx since already:  if it is 'one' and 'two' this run-fluffy isn't run at all.
09:49 teatime yes, I did say that if this state only every runs on one of those 5 specific servers, then it is fine
09:49 fracklen joined #salt
09:50 ravenx ah, so my jinja is fine?
09:50 teatime "if this will [not] ever execute on any machines I didn't name, yes."  :)
09:50 ravenx then it is most likely the command of ssh being an issue.
09:51 teatime ravenx: perhaps you meant this command:  ssh cdn-user@localhost '~/bin/cdn.sh'
09:52 ravenx the cdn.sh script is only for vs1
09:52 ravenx however, the quotes may be worth trying.
09:52 teatime well you have to put *something* after the first part
09:52 teatime no
09:52 teatime no no no
09:52 ravenx question:  is there a way like pillars.items for state.sls to see how myn jinja logic works, if it does?
09:52 teatime `ssh user@host` starts and interactive session.  `ssh user@host command` runs command on the remote host
09:52 teatime the first makes no sense here
09:53 ravenx ah, i was thinking of:  ssh user@host 'commands'
09:53 teatime there is, a way to dump out the rendered state
09:53 teatime I don't think I have it handy :/
09:54 ravenx found it https://stackoverflow.com/questions/34191710/how-to-render-and-dump-the-file-sls-with-salt-stack-without-applying-it :)
09:54 teatime iirc, there's a way to see the python structure it's rendered to, and also a way to see the text output from the jinja rendering stage.
09:54 ws2k3 joined #salt
09:54 teatime ah yes
09:55 ravenx i also found my error, i hate myself sometimes.
09:55 ravenx https://paste.debian.net/686825/  on line 4, it is supposed to be:  'vi1', 'vi2'
09:55 teatime that would be the first one I mentioned
09:55 ravenx i am missing two sets of '
09:55 * ravenx jumps out of 4th floor building.
09:55 teatime haha, yup
09:56 ravenx babilen, teatime thanks you two for your patience again :)
09:56 babilen ravenx: I would recommend to not rely too much on checks against grains in your states
09:56 ravenx how come?
09:56 DEger joined #salt
09:56 teatime this would be better handled, for example, with a fluffy.runcmd pillar value
09:56 babilen It might be a better idea to simply target suitable states right away and to write very specific states for "interactive" (i.e. command line) use
09:57 teatime if it's set, you include the state to run it
09:57 teatime that way you can target this state to '*' if you want
09:57 babilen Your states might also want to refer to pillars for the "variable" bits which would allow you to define default values (see formulas for one approach) that can be overriden for specific hosts
09:58 teatime checking id grain in particular may be a security concern, depending on what you are doing
09:58 fracklen joined #salt
09:58 teatime and I really wish there was an 'id' in the jinja context when templating pillars
09:58 teatime but, there isn't.
09:58 babilen So .. target "run-fluffy" *only* to those hosts that you actually want to run it on and specify the "- name:" argument in pillars with a sensible default in either the "pillar.get" call in the state or a default pillar value for all minions you target that state to (optionally overridden on a per-minion basis)
09:59 teatime ^^ this is what you should actually do
09:59 ravenx aaah okay
10:00 babilen I also really wouldn't mix targeted states (those that are run on highstate) with those that you want people to execute manually. I keep them strictly separated and we have different rules for them (e.g. highstate should be as idempotent as possible while interactive ones can do whatever they want)
10:01 teatime well thanks babilen
10:01 teatime I'm going to be singing "you gotta keep 'em separated" for hours now
10:02 ravenx hahaaah
10:02 ravenx offspring
10:02 babilen Not the worst song to have stuck in your head :D
10:06 Cadmus There exist two songs that are nucelar-grade ear-worms, however the cure is often worse than the disease.
10:06 fracklen joined #salt
10:07 teatime at the risk I may regret it
10:07 teatime what are they?
10:07 Cadmus teatime: MC Hammer - Can't Touch This, Europe - The Final Countdown
10:07 babilen NOOOO, don't ask ... it will be The Final Countdown!
10:08 * Cadmus cackles
10:08 teatime lol
10:08 teatime babilen: how did you know?
10:08 * babilen listens to The Offspring
10:08 babilen teatime: It is the worst of them all ..
10:08 Cadmus Best busker I ever saw was in Soho, London, playing Final Countdown on a Keytar
10:08 teatime Self Esteem is one of my favorite songs, btw babilen
10:09 babilen Rightfully so
10:09 teatime and there's another Offspring hit on that list...
10:09 teatime can't remember what it is tho...
10:09 babilen Anyway .. we are getting into #salt-offopic territory ;)
10:09 teatime eh, if a salt Q comes up I'm sure we'll all flock to it like moths to a flame anyay
10:10 aqua^c joined #salt
10:11 teatime oh yeah, Get a Job is the othr one
10:12 fracklen joined #salt
10:12 djinni` joined #salt
10:13 ravenx have you guys see the offspring karate guy?
10:14 Sylvain31 hi, is there a way to improve sls file readability with a lot of jinja in it?
10:16 teatime too situation-specific to answer
10:16 teatime there are almost innumerable strategies for making things more readable
10:17 teatime jinja includes, doing less processing in jinja (maybe more in pillars), using py/pydsl renderer when approriate might be some big ones
10:18 babilen Sylvain31: Paste a file you want to simplify and we might be able to comment. General strategies are: 1. Set variable bits entirely in pillars 2. Rather than writing one state for three (n) applications, write three states for each application/usecase
10:18 babilen (and then actual work on the jinja itself)
10:20 honestly AndreasLutro: I'm now testing requisites with salt-ssh 2018.8.something (newest stable directly from salt deb repo)
10:20 honestly AndreasLutro: when running with test=True it all looks good
10:21 Sylvain31 babilen: https://github.com/opensource-expert/mysql-formula/blob/remove-user/mysql/remove-user.sls all the "garbage" to fetch from the pillar. Could it be managed elsewhere I copied form user.sls (not DRY)
10:22 honestly errr. 2015.8...
10:24 babilen Sylvain31: What garbage? And why don't you make it part of user.sls ?
10:25 teatime yeah, I don't really see an issue w/ this file
10:26 teatime it's complicated, but presumably all of the logic is necessary or wouldn't exist to begin with
10:27 Sylvain31 babilen: line 1 to 35 could probably be fetch in one line, outside of the sls. I splited for testing purpose, to face one difficulty at time, the sls syntax is putting me back 20 years in the past…
10:28 XenophonF joined #salt
10:30 babilen Sylvain31: Sure, you can put that into yet another file
10:31 babilen (but I'd keep it all in users.sls)
10:34 Sylvain31 babilen: not sure how to accomplish it, yet. in https://github.com/opensource-expert/mysql-formula/blob/remove-user/mysql/database.sls there's the same dupilcate "header" nested for/if/loop are very hard to follow I feel…
10:34 favadi joined #salt
10:35 Sylvain31 may be here: https://docs.saltstack.com/en/latest/ref/renderers/all/salt.renderers.jinja.html#macros
10:35 babilen As I said: You define a "absent: True" value in the pillar data that pertains to the mysql user and iff it is defined and True you run mysql_user.absent and mysql_user.present otherwise
10:35 babilen Much like the users-formula does it
10:36 babilen teatime: Do you know how to load a default.yaml in a #!py rendered template?
10:36 Sylvain31 https://docs.saltstack.com/en/latest/ref/renderers/all/salt.renderers.jinja.html#include-and-import
10:40 Sylvain31 babilen: >> As I said: You define a "absent: True" if/else Yes I see. You're right as I added a new condition in user.sls not to recreate absent user, too . https://github.com/opensource-expert/mysql-formula/blob/remove-user/mysql/user.sls#L37
10:40 tracphil joined #salt
10:43 Sylvain31 what does this jinja code do? https://github.com/opensource-expert/mysql-formula/blob/remove-user/mysql/user.sls#L99
10:44 babilen It appends the state id to the list defined in https://github.com/opensource-expert/mysql-formula/blob/remove-user/mysql/user.sls#L10
10:49 Sylvain31 Thanks, it's an array, yep. Does it has a side effect?
10:50 josuebrunel joined #salt
10:51 Sylvain31 outide in init.sls I guess.
10:51 babilen I have no idea .. might want to grep/ag for user_states in the entire formula
10:51 Sylvain31 https://github.com/opensource-expert/mysql-formula/blob/remove-user/mysql/init.sls#L2 +
10:52 Sylvain31 21 + 27
10:52 Sylvain31 grep -Hn user_states * (in the git cloned folder)
10:52 Sylvain31 babilen: thanks for your help, I go for lunch.
10:53 martoss joined #salt
10:55 edrocks joined #salt
10:57 fracklen joined #salt
10:59 teryx510 joined #salt
11:00 djinni` joined #salt
11:01 fracklen joined #salt
11:01 teryx5101 joined #salt
11:02 amcorreia joined #salt
11:04 martoss1 joined #salt
11:06 fracklen joined #salt
11:07 Eureka703 joined #salt
11:10 jettero joined #salt
11:10 jettero joined #salt
11:10 fracklen joined #salt
11:11 Patch___ joined #salt
11:14 felskrone joined #salt
11:14 fracklen joined #salt
11:15 ninjada joined #salt
11:16 honestly urgh
11:16 honestly can someone tell me why this state: http://ix.io/Fss leads to this result: http://ix.io/Fsq
11:16 honestly maybe there's just a typo I can't see because I've stared at this for too long....
11:25 linjan_ joined #salt
11:26 catpig joined #salt
11:33 teatime well
11:33 teatime you have a requisite for a state inside that very state
11:33 teatime A:
11:33 honestly huh?
11:33 teatime require: A
11:33 teatime nm, I mis-read
11:33 teatime :)
11:33 honestly :(
11:33 teatime ... blank lines are your friend :)
11:34 honestly see, that would have been an easy fix :P
11:38 babilen I'm trying to use http://paste.debian.net/686842/ as file.managed template, but the master is unhappy as "KeyError: 'file.apply_template_on_contents'" -- Any way I can get hold of values set in defaults.yaml and/or map.jinja in a template?
11:39 babilen The basic idea is that I want to define the configuration in pillars, but also provide a default configuration and then render that configuration in a #!py template where I can use the generator for that data
11:39 babilen Unfortunately salt's monkey patching complicates this (surprise!)
11:40 XenophonF hm, let's take a look, babilen
11:41 teatime honestly: the only thing I can think is, maybe [] are not valid chars in an id
11:42 teatime but I would be shocked if that were true
11:42 XenophonF babilen, i'm taking a different approach
11:42 Rumbles joined #salt
11:42 XenophonF i wrote an exec module that returns the rendered file template as a string
11:42 teatime oh
11:43 teatime honestly: I think the value of onfail: needs to be a list of mappings, not a mapping; i.e., try adding a -
11:43 XenophonF so the template contains {{ salt['shibsp.genxml'](shibsp_settings) }}
11:43 teatime (before "cmd:")
11:43 XenophonF where shibsp_settings is imported from map.jinja per usual
11:44 honestly teatime: uh... there is one already??
11:44 babilen XenophonF: Okay, I guess that is what I'll have to do also
11:44 babilen I hate that I have to jump through those hoops though
11:44 dgutu joined #salt
11:44 XenophonF i didn't think to try it your way, as a #!py template
11:45 XenophonF hang on let me see if i can upload my WIP
11:47 honestly why does jinja provie a loop.index variable and a loop.depth variable, but it did not occur to pocoo that you actually need a loop.index(level) variable
11:47 teatime honestly: sigh, I guess I am blind
11:47 honestly >.<
11:47 teatime honestly: there's a way to do that
11:47 teatime I forget what it is but it's in the docs
11:47 babilen XenophonF: I'm using the #!py template way in a number of places where suitable generators are already part of the stdlib and I don't actually need the whole defaults.yaml → map.jinja data handling
11:47 honestly teatime: looking at the docs, not seeing it - unless you mean I should just use set
11:48 XenophonF babilen: http://ix.io/FsX, http://ix.io/FsY, http://ix.io/FsZ
11:48 XenophonF in order, exec module, pillar.example, template
11:49 babilen Thank you
11:49 XenophonF it's supposed to generate XML
11:49 XenophonF work in progress
11:49 babilen Yeah, I figured
11:49 honestly teatime: hahahaha, it is the ID
11:50 dgutu_ joined #salt
11:50 teatime that's annoying
11:50 babilen XenophonF: The question is: Would I have access to file.apply_template_on_contents in there?
11:50 babilen XenophonF: Let me play
11:50 teatime why on earth would it not allow any string
11:50 babilen XenophonF: At least this is a different approach I can try
11:50 XenophonF to give you some context, this is that how to generate xml from yaml data issue i was dealing with a while back
11:51 XenophonF afaik you can access all the salt exec modules from another module
11:51 honestly teatime: because the technology is insufficiently advanced to work like magic
11:52 AndreasLutro honestly: it might be because salt uses fnmatch to find requisite states, and fnmatch treats [] specially
11:52 honestly AndreasLutro: yeah that's what I just said ;)
11:53 XenophonF oh shoot it's time to make the donuts
11:53 XenophonF gtg bbl
11:53 teatime AndreasLutro: that would explain it
11:53 AndreasLutro oh, must've missed it
11:53 teatime I didn't realize you could use non-litral matches in the genral case there
11:54 AndreasLutro anyway proof: https://eval.in/572524
11:54 honestly whelp the openldap init scripts are of horrendous quality
11:54 AndreasLutro changing the fnmatch to fnmatch OR == would probably be a valid feature request
12:02 SpX joined #salt
12:05 quasiben joined #salt
12:11 Sylvain31 joined #salt
12:15 TooLmaN joined #salt
12:17 impi joined #salt
12:17 tracphil joined #salt
12:21 babilen What are your ideas concerning names of execution modules that ship with formulas? Would you always prefix them with the name of the formula?
12:24 rem5 joined #salt
12:27 Nutter01 joined #salt
12:28 patrek joined #salt
12:29 scoates joined #salt
12:30 babilen XenophonF: That works nicely .. still a pity that one has to wrap everything, but this is at least a decent approach
12:34 Nutter01 hi
12:34 Nutter01 any one alive?
12:37 DammitJim joined #salt
12:39 Nutter01 If any one is alive I am looking for help debugging a salt-state
12:40 AdamSewell joined #salt
12:41 izibi joined #salt
12:42 ssplatt joined #salt
12:42 rgrinberg joined #salt
12:48 teryx5101 joined #salt
12:48 toastedpenguin joined #salt
12:55 amcorreia joined #salt
12:58 edrocks joined #salt
12:58 ravenx i can try
12:58 babilen Nutter01: It would be good if you could at least ask the actual question (and provide states and output that exemplifies the problem)
12:58 AdamSewell joined #salt
13:02 Cadmus As always, don't ask to ask
13:03 pipps joined #salt
13:05 drscream joined #salt
13:05 Nutter01 sure now I know someone is alive in here
13:05 Nutter01 I have a salt-state that install and configures psad
13:05 ravenx can i ask to see whether or not i can answer a question?
13:06 Nutter01 however on the in the installation my state stalls after it installs the package
13:06 Nutter01 if I stop the psad service manual on my test box the installation continues without issue
13:08 Nutter01 https://gist.github.com/RichardLaing/2f3651a91a21345dc58d7185770e4648
13:09 pipps joined #salt
13:09 ivanjaros joined #salt
13:09 Nutter01 https://gist.github.com/RichardLaing/add35e9cd5aceb3a6ad23bc274f4b4aa
13:09 numkem joined #salt
13:09 XenophonF babilen: i am writing my custom exec/state modules with a view toward submitting them for inclusion into salt
13:10 Nutter01 https://gist.github.com/RichardLaing/18fef16daf57878af17d5c9a30ccfdeb
13:10 XenophonF babilen: so i don't prefix them in some complicated way, e.g., that python code i shared is just a module called "shibboleth" i.e., "salt.modules.shibboleth"
13:11 Nutter01 those are the main parts of the state, if you have any feed back that would be great
13:15 XenophonF that module will do other shibboleth-related stuff
13:15 drscream Hello, I kindly like to ask how is the procedere to join the GitHub SaltStack formulas team (https://github.com/saltstack-formulas)? Thanks :-)
13:16 squishypebble joined #salt
13:16 XenophonF drscream: i haven't had any problems getting them to accept my pull requests
13:17 XenophonF so you should start with http://docs.saltstack.com/en/latest/topics/development/contributing.html
13:17 edrocks joined #salt
13:17 XenophonF and you should also read https://docs.saltstack.com/en/latest/topics/development/conventions/formulas.html
13:18 drscream The question is more into the direction if it make sense if developing on formulas to have them in the central place (saltstack-formulas organisation)
13:22 martoss joined #salt
13:23 XenophonF do you have a formula you'd like to submit for inclusion?
13:25 drscream At the moment i've only build that one: https://github.com/drscream/salt-gogs-formula
13:25 babilen XenophonF: I need some unique name as I can't simply call it "toml" as that is the name of wrapped python module
13:26 XenophonF babilen: you should paint the bikeshed red ;)
13:26 ntropy XenophonF: are there any entry requirements for formula inclusions into saltstack-formulas repo?
13:27 XenophonF https://docs.saltstack.com/en/latest/topics/development/conventions/formulas.html
13:28 XenophonF i'm not a salt employee
13:28 ntropy what about licencing?
13:28 XenophonF "The best way to create new Formula repositories for now is to create a repository in your own account on GitHub and notify a SaltStack employee when it is ready. We will add you to the contributors team on the saltstack-formulas organization and help you transfer the repository over. Ping a SaltStack employee on IRC (#salt on Freenode) or send an email to the salt-users mailing list."
13:28 XenophonF i personally license mine using the ISC/2-clause BSD license
13:29 XenophonF i'd be satisfied with any dsfg-compliant license
13:29 XenophonF but you really need to get ahold of a saltstack employee
13:29 drscream ahh okey, thanks for the information, that what I maybe missed on some page :-D
13:31 ntropy XenophonF: ok thanks, had to look up what dsfg was about
13:31 ntropy the few formulas i've written so far i've put up into the public domain
13:32 racooper joined #salt
13:33 teatime argh, I am mildly annoyed when people do that
13:33 ntropy why is that?
13:34 teatime in the US, at least, and afaik, a statement like "This software is in the public domain." or "This software is hereby placed into the public domain." carries no legal weight / meaning.
13:34 teatime so some people (companies, mainly) will be afraid to use it.
13:34 toastedpenguin joined #salt
13:34 teatime much better to use a permissive license like modified BSD or CC-0
13:35 teatime in theory, you could put such a statement in your source, and then sue people for distributing your copyrighted work.
13:35 teatime (since in the absence of an explicit license, the default is that all creative works are copyrighted and no one but the copyright holder may distribute them.)
13:35 ntropy hmm, that didn't cross my mind, i like it because as you say it has no legal weight
13:36 steffo joined #salt
13:36 ntropy is stuff copyrighted by default unless said otherwise?
13:36 teatime yes
13:36 teatime again, at least in the US
13:36 teatime well
13:36 teatime if it's a creative work, it is copyrighted by default, full-stop.
13:36 ntropy very interesting, i'll have to take this into consideration
13:36 teatime you cannot opt-out of it.
13:36 MadHatter42 joined #salt
13:36 teatime (which is what you're trying to do by saying it's public domain.)
13:36 ntropy i suppose code is creative work
13:37 teatime of course, yes.
13:37 impi joined #salt
13:40 teatime in practice, I am not aware of this ever actually being an issue, or any such cases actually being filed.
13:41 teatime and I strongly suspect that one would not be successful.
13:41 teatime hence why I am only "mildly" annoyed.
13:41 teatime it's a pedantic point to make, perhaps.  but then again, proper licensing is vital to open-sourc.
13:41 teatime well, to free software anyway.
13:43 teatime oh, there's another situation where such a "license" statement would be problematic
13:43 teatime organizations like the FSF and Debian project would (afaik) refuse to accept such a work into their e.g. repositories.
13:44 teatime orgs that are very careful/picky about what licenses they're willing to use.
13:46 teatime ntropy: for further info, see http://www.gnu.org/licenses/license-list.html#informal and http://www.gnu.org/licenses/license-list.html#PublicDomain
13:47 teatime (normally I would be loathe to point people to FSF for information about software licensing, but these seem like reasonable entries.)
13:47 toastedpenguin joined #salt
13:50 mapu joined #salt
13:51 _JZ_ joined #salt
13:54 __number5__ joined #salt
13:54 dfinn joined #salt
13:54 subsignal joined #salt
13:56 martoss joined #salt
13:58 DEger joined #salt
13:58 cswang_ joined #salt
13:58 jerredbell joined #salt
13:59 iceyao joined #salt
14:00 zzzirk joined #salt
14:01 Nutter01 Hi there so I put all of the files for the salt-state into one gist on the following link https://gist.github.com/RichardLaing/63a754ee5bd9895c9aca1ca3fbe084b4
14:01 Nutter01 The issue with the salt-state is as follow
14:02 Nutter01 when I run the state the installation will stall after PSAD has been installed, only be manually stopping the service allows the state to continue
14:05 keith4 joined #salt
14:09 autofsckk joined #salt
14:12 XenophonF god even worse are the joke licenses like beerware
14:18 grep_away joined #salt
14:18 tehsu anyone having issues with salt-cloud not installing the minion on the server at rackspace
14:19 pipps joined #salt
14:20 edrocks joined #salt
14:20 plariv joined #salt
14:21 teatime XenophonF: yup, they sure are.
14:22 debian112 joined #salt
14:22 Andrew joined #salt
14:25 dendazen joined #salt
14:25 knine joined #salt
14:28 kaptk2 joined #salt
14:28 dendazen hey guys I use this form to set my ip value
14:28 dendazen {% set our_ip = salt['network.ip_addrs'](cidr="10.150.0.0/16")[0] %}
14:28 dmaiocchi joined #salt
14:28 dendazen but the problem is that i have 2 networks
14:28 babilen Why is that a problem?
14:28 dendazen {% set our_ip_2 = salt['network.ip_addrs'](cidr="172.16.0.0/16")[0] %}
14:29 dendazen now if on the box i have one network defined for example in subnet 2
14:29 dendazen i will get value of our_ip as Jinja variable list object has no element 0
14:29 dendazen which makes sense
14:30 dendazen but now in actual state file
14:30 dendazen how can i evaluate that
14:30 dendazen which variable got the value
14:30 dendazen our_ip or our_ip_2
14:30 dendazen and based on evaluation use the one which has the value
14:31 dendazen Another caveat is that some hosts have both networks
14:31 dendazen in that case i want to use value from subnet 1
14:32 ntropy teatime: thanks for the links, i was about to go and look for something that breaks it down
14:32 adybv joined #salt
14:33 Brew joined #salt
14:34 teatime dendazen: I have an idea.
14:34 pipps joined #salt
14:34 dendazen that's good.
14:35 dendazen i mean i just need a direction i can carve out the technicalities of the state.
14:35 teatime {% set our_ip = [] %}
14:35 teatime {% our_ip.extend(salt['network.ip_addrs'](cidr="10.150.0.0/16")) %}
14:35 teatime {% our_ip.extend(salt['network.ip_addrs'](cidr="172.16.0.0/16")) %}
14:35 adybv left #salt
14:36 teatime now you can do {% if our_ip %} before using our_ip[0] ... really, I should have called it our_ips
14:36 dendazen oh so, how will this evaluate?
14:36 rbjorklin Hey, what's the recommended way to provide the diff between old & new state when writing modules?
14:37 dendazen did not even know there was extend
14:38 dendazen so interface in net 1 would be our_ips[0] and in net2 our_ips[1]?
14:38 teatime 1 sec
14:38 dendazen if both interfaces exist on the host
14:38 jweede joined #salt
14:40 teatime yeah you could do that
14:40 teatime this should set our_ip, and not throw an exception even if there are zero ips
14:40 teatime https://gist.github.com/pprince/f847ef22a6ef6527de8abb8ce91b654b
14:40 teatime you might could also use the |sequence filter to the same effect, if you found it more readable
14:41 MadHatter42 joined #salt
14:41 teatime but since you still need to wrap your stuff in {% if our_ip %} to not make errors, you could just use what I pasted and {% if our_ips[0] %} / {{ our_ips[0] }}
14:42 DEger joined #salt
14:43 dendazen Thanks much, that should work,
14:43 dendazen i will check that out and report
14:43 dendazen back -)))
14:48 dendazen and how would one evaluate if variable has value?
14:48 dendazen our_ips[0] not null
14:49 dendazen or our_ips[1] not null
14:49 dendazen in jinja it if var is defined
14:50 dendazen would it be applicalble to salt state?
14:51 teatime there are different ways depending on exactly what you want to know
14:52 teatime yes, "if var is defined" works, but note that anything like "if salt['pillar.get'](…) is defined" will return true, regardless of the return value of the function call
14:52 dendazen nah, i just wnat for this case
14:52 teatime there is also "if var is not None", or just "if var" which will fail if var is undefined, 0, "", [], or any only python falsey value.
14:52 dendazen so if our_ips[1] will be 'None'
14:52 hasues joined #salt
14:53 teatime sounds like you want "if our_ips"
14:53 dendazen in the case when interface with ip is not present
14:53 dendazen will it evaluate to not defined?
14:53 dendazen oh ok
14:53 teatime dendazen: our_ips[1] would be None on a box with one IP, *only* in the gist I linked, *not* in the code I pasted here.
14:53 dendazen see your answers, thankts.
14:53 teatime s/any only/any/
14:54 teatime er, "any other" was what I meant
14:54 dendazen well the code you pasted here
14:54 jxm_ joined #salt
14:55 dendazen our_ips[1] will be not defined otherwise
14:55 dendazen so i can use jinja evaluation
14:55 hasues left #salt
14:55 andrew-l` joined #salt
14:56 teatime our_ips[1] will raise an exception
14:56 teatime or, jinja will say it is defined, because our_ips is defined
14:56 teatime not sure which
14:56 teatime (jinja defined is pretty retarded.)
14:56 dendazen oh ok.
14:57 teatime you can call any list method on our_ips, though
14:57 dendazen hmm, I guess i would need to use what you gisted
14:57 dendazen with that None extension
14:57 rawzone joined #salt
14:58 teatime how come?
14:58 babilen {% if our_ips %} should do what you want, shouldn't it?
14:58 teatime ^^
14:59 mapu joined #salt
14:59 babilen But then .. if every host definitely has at least an ip from one of these networks it should be fine with the code teatime proposed earlier in here
14:59 dendazen well but i need to evaluate if the value is either in both, first or second.
14:59 fracklen joined #salt
14:59 teatime oh, you do?
14:59 teatime how come?
14:59 babilen My understanding was, that you always want the first (if the first network you listed doesn't have an ip, you automatically get the one from the second network)
15:00 dendazen correct
15:00 dendazen still need to do evaluation right?
15:00 drscream left #salt
15:01 pipps joined #salt
15:01 babilen So you essentially define a hierarchy of IP address. If the network you list first returns an address that one will be used. If the minion doesn't have an address in that network the second network.ip_addrs call for the second network will return a value which will then be the first value in the list
15:01 dendazen but you are correct in a statement that host ip will belong at least to one of those subnets
15:01 teatime My understanding was you just wanted to find 1 address, from either of the given subnets.
15:02 babilen You essentially end up with a list [FIRST_ADDRESS, SECOND_ADDRESS] (both defined), [FIRST_ADDRESS] (only first defined) or [SECOND_ADDRESS] (only second defined)
15:02 babilen So our_ips[0] is always the IP you want
15:02 dendazen oh i see
15:02 dendazen i thought in the case when first doesn't exist
15:02 dendazen SECOND_ADDRESS would be
15:02 babilen And you can guard against an empty list with {% if our_ips %}
15:02 dendazen our_ips[1]
15:03 dendazen and our_ips[0] will be 'None'
15:03 teatime if there are multiple addrs in the given subnets, though, your list will have all of the ones from the first, then all of the ones from the second, so there is no assurance that our_ips[1] will be from the second subnet if it exists.
15:03 dendazen nah, that case is excluded
15:03 tmclaugh[work] joined #salt
15:03 dendazen won't be possible
15:04 teatime and I'm assuming network.ip_addrs always returns a list, even if it is empty or contains only 1 addr.
15:04 teatime which I don't actually know to be true.
15:04 babilen It does
15:04 teatime excellent.
15:04 pipps joined #salt
15:04 fracklen joined #salt
15:04 babilen Actually ..  not sure what it returns if empty
15:05 keith4 joined #salt
15:05 babilen But a single address is returned in a list
15:05 * teatime notes that you can check faster than I can :)
15:06 dendazen i still did not quite get how to do evaluation
15:06 dendazen {% if our_ips[0]  is not 'None' %}
15:07 dmaiocchi joined #salt
15:07 dendazen or {% if our_ips[0] == 'whatever ip' %}
15:08 teatime just {% if our_ips %}
15:09 teatime is all you need
15:09 babilen As that will be false if you have an empty list there
15:09 teatime our_ips will always be a list;  {% if our_ips %} will catch the case that the list has zero elements.
15:09 teatime and include its body as long as the list has at least 1 element.
15:09 babilen [None] would be truthy though
15:10 babilen You'd have to nil-pun
15:10 josuebrunel joined #salt
15:10 teatime you're going to confuse him.
15:10 teatime in what situation would you end up with [None]
15:10 * babilen shuts up and goes home :)
15:11 teatime even in my gist which could produce our_ips = [None], I set our_ip to our_ips[0], so it would be our_ip = None
15:11 teatime which makes our_ip falsey
15:11 Sylvain31 joined #salt
15:11 babilen Perfect
15:11 teatime and I only did it that way because of jinja's stupid if scoping issue
15:12 teatime I don't particularly like it as a solution.
15:13 dendazen {% if our_ips %} will evaluate to true if list is not empty, now i need to evaluate if it is not empty with 1st value or second
15:13 dendazen or wait
15:13 dendazen i can just use our_ips[0]
15:13 dendazen regardless
15:13 dendazen since if first one doesn't exist it will fill  our_ips[0] with address from second subnet
15:13 dendazen sorry for my slowness
15:16 dendazen so i would do something like this
15:16 dendazen {% if our_ips %}
15:16 dendazen {% set our_ip = our_ips[0] %}
15:16 dendazen {% endif %}
15:16 fracklen joined #salt
15:17 teatime that won't work
15:17 jimklo joined #salt
15:17 teatime our_ip will only be visible inside that if
15:17 teatime you can't access it after the {% endif %}
15:17 teatime that's why I did the None trick in my gist
15:18 dendazen oh why?
15:18 UtahDave joined #salt
15:18 teatime so either do {% if our_ips %} and then subsequently refer to {{ our_ips[0] }}, or use the code from my gist and do {% if our_ip %} and subsequently refer to {{ our_ip }}
15:18 teatime whichever of those two you think is more readable.
15:19 teatime because, jinja's {% set %} is lexically scoped, and {% if … %} creates a scope.
15:21 XenophonF ntropy: UtahDave is a SaltStack employee, if you want to ping him about contributing a formula
15:22 rojem joined #salt
15:22 UtahDave ntropy: have you been working on a formula?
15:22 MadHatter42 joined #salt
15:23 rgrinberg joined #salt
15:24 rgrinberg joined #salt
15:24 dgutu_ joined #salt
15:25 dezertol joined #salt
15:31 dendazen oh thanks teatime
15:31 dendazen so even if {% set %} in the same state
15:32 DammitJim joined #salt
15:32 dendazen the value will still belong only to {% if %} scope?
15:32 teatime yup
15:32 dendazen hmm that's good to know
15:32 teatime unless the variable was created earlier, outside of it, and only mutated inside.
15:33 teatime it's a very stupid feature.
15:33 dendazen i will use  {{ our_ips[0] }} then
15:33 teatime in fact, I don't even think it is on purpose, I think it was introduced as an unintended change.
15:33 teatime but I don't think they care enough to change it back.
15:34 dendazen i had like this on top of state
15:34 dendazen {% from "packages/zabbix-agent/map.jinja" import our_ips with context %}
15:34 dendazen where what you pasted was in map.jinja
15:34 dendazen and then
15:34 dendazen {% if our_ips %}
15:34 dendazen {% set our_ip = our_ips[0] %}
15:34 dendazen {% endif %}
15:34 dendazen and state
15:35 dendazen zabbix-agent-register:
15:35 dendazen cmd.script:
15:35 dendazen - args: "-l sec1 -h \"{{ hostname }}\" -i \"{{ our_ip }}\" .....
15:35 teatime (please use a pastebin next time)
15:35 dendazen so {{ our_ip }} would not get there
15:35 dendazen yeah i can use gist, sorry
15:35 teatime no, that shouldn't work, as I understand jinja
15:36 teatime but you could do import our_ip instead
15:36 teatime (instead of our_ips_
15:36 teatime s/_$/)/
15:36 tristianc joined #salt
15:36 Ayo joined #salt
15:36 dendazen ok but if i use  {{ our_ips[0] }}
15:36 dendazen it should
15:36 dendazen outside fo the if scope
15:37 PuppyPoker joined #salt
15:39 thirax joined #salt
15:40 dendazen here that was i thought would work
15:40 dendazen https://gist.github.com/anonymous/dbdc9da0fa51589c99e1df62666094c4
15:40 rgrinberg joined #salt
15:40 dendazen but i guess i will move that if evaluation over to zabbix-agent-register state
15:40 dendazen and use {{ our_ips[0] }}
15:40 dendazen instead
15:43 sbogg joined #salt
15:44 fracklen joined #salt
15:45 dendazen {% set our_ips = [] %} in map.jinja
15:45 dendazen Jinja syntax error: Encountered unknown tag 'our_ips'.
15:46 jfindlay dendazen: are you using `our_ips` in a file other than map.jinja?
15:46 jfindlay need to import it somehow
15:47 dendazen yeah i do
15:47 thirax hi!
15:47 dendazen {% from "packages/zabbix-agent/map.jinja" import our_ips with context %}
15:47 jfindlay hm
15:49 dendazen but error points to map.jinja
15:50 dendazen https://gist.github.com/anonymous/3d419f48480cf85c85576b753b6fa270
15:52 devster31 I think I missed the message, network problems, is there anything like ansible galaxy or puppet forge for salt?
15:54 pipps joined #salt
15:54 Eugene devster31 - https://docs.saltstack.com/en/latest/topics/development/conventions/formulas.html
15:54 bltmiller joined #salt
15:55 dmaiocchi joined #salt
15:56 dgutu joined #salt
15:56 berserk joined #salt
15:57 berserk joined #salt
15:58 jfindlay dendazen: that line and the following are missing a jinja statement type or whatever the special action keeywords are called
15:58 jfindlay dendazen: try `{% do our_ips.extend(salt['network.ip_addrs'](cidr="10.150.0.0/16")) %}`
15:59 jfindlay dendazen: also, you could construct the list in a single statement {% set our_ips = ['1.2.3.4', '5.6.7.8'] %}
16:00 jfindlay `do` constructs are needed if you're constructing a list with indeterminate length in a loop construct though
16:03 mpanetta_ joined #salt
16:03 dgutu_ joined #salt
16:04 dendazen so it fails because of missing 'do'?
16:04 mpanetta_ joined #salt
16:07 AdamSewell joined #salt
16:09 devster31 Eugene: thanks
16:10 devster31 gitfs_remotes that's actually brilliant
16:10 amcorreia joined #salt
16:11 west575 joined #salt
16:12 manji joined #salt
16:14 gh34 joined #salt
16:15 dmaiocchi joined #salt
16:17 keimlink joined #salt
16:18 cilkay joined #salt
16:19 writtenoff joined #salt
16:19 APLU joined #salt
16:19 saltling joined #salt
16:20 cilkay left #salt
16:20 felskrone joined #salt
16:23 thirax left #salt
16:24 rm_jorge joined #salt
16:26 kawa2014 joined #salt
16:27 rihannon joined #salt
16:27 dendazen now that problem is resolved
16:27 dendazen but ran into antother one
16:27 dendazen https://gist.github.com/anonymous/a0d657ee745cfa75b0bc6ee502dc7bfb
16:27 dendazen the error is in the end
16:28 martoss joined #salt
16:29 UtahDave dendazen: dedent zabbix-agent-register
16:29 dendazen oh
16:31 cableninja__ left #salt
16:35 dendazen Ok, it all worked.
16:35 dendazen Thanks guys.
16:36 dendazen teatime Thank you for your help
16:36 dendazen and all the rest of the guys.
16:37 rrei hey guys, has anyone here ever used the pyobjects renderer?
16:37 rrei or any python-based renderer
16:37 rrei I'm trying to create states dynamically by listing files in a directory on the master
16:38 rrei for each such file, I want to upload to the minion and then start a program based on the file
16:39 rrei my question is, how can I list the files and then pass proper paths for salt to render them as jinja templates?
16:40 dlam joined #salt
16:41 UtahDave well, it's important to remember that all the rendering and execution happens on the minion side
16:42 UtahDave the minion has several functions in the "cp" module to list and get files that exist in the master's  file_roots.   cp.list_master, for example
16:42 teatime well, not pillar rendering
16:42 dlam hey im upgrading my django website version, and I want to test it alongside my current server setup.  i figured one way is to just change pillar to an "experimental.sls":  any good way to do that?     So far i'm thinking just put a  {% set useExperimental = True %}  in pillar/top.sls
16:43 rrei actually formula rendering occurs on the master if I'm not mistaken
16:43 rrei but I'll take a look at cp
16:43 rrei maybe it solves the problem
16:44 felskrone joined #salt
16:44 UtahDave Pillar rendering happens on the master.  Salt State rendering happens on the minion
16:45 tehsu joined #salt
16:47 rrei okay, then cp.list_master looks even more like it's what I need
16:48 pipps joined #salt
16:49 onlyanegg joined #salt
16:50 cilkay joined #salt
16:52 fracklen joined #salt
16:52 rrei @UtahDave: thanks, this is exactly what I looking for
16:52 Garyx_ joined #salt
16:53 UtahDave you're welcome!
16:57 cnk joined #salt
17:02 ajw0100 joined #salt
17:03 rgrinberg joined #salt
17:09 ageorgop joined #salt
17:11 impi joined #salt
17:14 dandelo joined #salt
17:15 ry joined #salt
17:20 sjmh is there a way to block 'Minion did not return [Not connected]' messages showing up when running non-async commands?
17:21 sjmh They show up, even when they wouldn't have matched the targeting.
17:23 GreatSnoopy joined #salt
17:31 devster31 how can I override vim.config_root in this formula? https://github.com/saltstack-formulas/vim-formula/blob/master/vim/init.sls I tried setting vim: config_root: something in a pillar (with indentation) but it doesn't work
17:32 babilen devster31: You set "vim:lookup:config_root" in your pillar
17:33 babilen https://github.com/saltstack-formulas/vim-formula/blob/master/vim/map.jinja#L32 -- FOO:lookup: is typically merged into the "lookup" table of os specific options
17:33 Sylvain31 ok, I let it for today, commited here. A mysql formula to remove users. I used a macro, which avoid code duplication, but writing it in jinja is quite horrible I feel… https://github.com/opensource-expert/mysql-formula/blob/remove-user/mysql/remove-user.sls
17:34 babilen Sylvain31: Not bad, but I still don't understand why you don't just integrate it into the existing loops and logic in users.sls and simply branch based on "absent: True" ( .. is defined and user.absent ...)
17:34 babilen That way it's all in one place and tidy.
17:35 Sylvain31 babilen: for selecting to remove user separately also
17:35 Sylvain31 you can do salt '*' state.apply mysql.remove-user
17:35 babilen In the scheme I'm advocating no user would be removed if you don't set "absent: True" in its pillar
17:35 Sylvain31 also I'm a salt beginner…
17:35 punkoivan joined #salt
17:36 Sylvain31 babilen: I also fac
17:36 babilen Oh, you came super far!
17:36 babilen fac?
17:36 Sylvain31 faced the multiple couple user@host
17:36 Sylvain31 problem
17:36 punkoivan joined #salt
17:36 babilen But isn't that already taken care of in users.sls for creating users?
17:38 babilen Sorry, I haven't memorised the formula, but my impression was that there is logic in users.sls that suffices to decide when/if a user is being created. My idea was to simply branch/switch between mysql_user.present and mysql_user.absent based on "{% if user.absent is defined and user.absent %}"
17:38 Sylvain31 babilen: user.sls is taking care, I discored by digesting, quite badly, the jinja template hosts: vs host: trick. Nested if just make me crasy not speaking the nast {% ‰} and such… I need to tune my vim…
17:39 babilen So you have "create_user" in one case and "remove_user" in the other -- https://github.com/saltstack-formulas/mysql-formula/blob/master/mysql/user.sls#L37 would have the "{% if user.absent is defined and user.absent %}" and then you have two alternative states (one for creating one for removing)
17:39 babilen Sylvain31: There's https://github.com/saltstack/salt-vim
17:42 pipps joined #salt
17:42 babilen https://www.refheap.com/119200 .. something like that
17:42 rhand joined #salt
17:43 babilen (might be nicer the other way round with "is not defined and not users.absent ..." but you get the idea)
17:43 Sylvain31 babilen: Thanks I will… remove-user.sls was just a test, jinja in this case of embedding logic inside the template is awful. I will continue, but I disagree with this concept. Totaly unreadable. I still dont know what user.sls user_states array, is for. I guess it's in init.sls for ordering stuff…
17:44 babilen https://www.refheap.com/119201 naturally (forgot to replace the "present" with "absent" on line 6)
17:45 babilen Sylvain31: I think the user_states list is simply for checking in https://github.com/saltstack-formulas/mysql-formula/blob/master/mysql/init.sls#L21 if additional requisisted have to be defined for the service)
17:45 cyborg-one joined #salt
17:45 martoss1 joined #salt
17:45 babilen (so that the service is running before salt attempts to create users)
17:46 babilen But that is a pretty peculiar approach that I haven't seen anywhere else
17:46 Vishvendra joined #salt
17:47 pipps99 joined #salt
17:47 Sylvain31 babilen: thank too much duplicate code I wouldn't have chose that syntax, but I got your point the first time. I didn't say I will keep the user.sls and remove-user.sls separated, I said I prefered to start with something I can test separately. The logic became more complicated. did you read the trick for multiple host removing?
17:49 Sylvain31 I will be the same with grant and databases…
17:50 babilen I haven't read about "the trick" no
17:50 Sylvain31 https://github.com/opensource-expert/mysql-formula/blob/remove-user/mysql/remove-user.sls#L52
17:51 babilen And don't get me wrong .. I totally understand your approach and also think that the jinja code is horribly obtuse and that the underlying actions should be easier to express
17:51 Sylvain31 There a main loop which check for mysql_user.absent, and after at line 52, I also check another new key to remove old host…
17:51 Sylvain31 it's also a prototype
17:52 s_kunk joined #salt
17:53 Sylvain31 babilen: yes, I see your point. Just text communication you know… typing, translation, etc. ;)
17:54 Sylvain31 See you next time.
17:55 function07 joined #salt
17:55 numkem joined #salt
17:56 aw110f joined #salt
18:02 edrocks joined #salt
18:08 ilbot3 joined #salt
18:08 Topic for #salt is now Welcome to #salt! | Latest Versions: 2015.5.10, 2015.8.8, 2016.3.0rc3 | Support: https://www.saltstack.com/support/ | Logs: http://irclog.perlgeek.de/salt/ | Paste: https://gist.github.com/ (please don't multiline paste into channel) | See also: #salt-devel, #salt-offtopic | Ask with patience as we are volunteers and may not have immediate answers
18:10 dfinn joined #salt
18:12 majikman joined #salt
18:19 jerredbell joined #salt
18:19 devster31 OAOB/1
18:21 rojem joined #salt
18:22 devster31 sorry, thanks babilen, is lookup a specific function?
18:24 babilen devster31: No, not at all. It is simply a convention used in the pillar structure of formulas
18:25 babilen You typically have some datastructure that is specific to each os / os_family that contains information such as the package name, location of configuration files, ... This datastructure is called a "lookup table" and values therein are typically overridden by setting them in FOO:lookup:BAR
18:26 babilen This is in contrast to "normal" pillar values that a user typically wants to set all the time
18:26 babilen But this is purely convention and some formulas violate that design
18:27 devster31 I like that convention
18:28 babilen https://docs.saltstack.com/en/latest/topics/development/conventions/formulas.html#abstracting-static-defaults-into-a-lookup-table discusses this in greater detail
18:42 quasiben joined #salt
18:43 dmaiocchi joined #salt
18:43 quasiben joined #salt
18:46 steffo joined #salt
18:46 nyx_ joined #salt
18:51 kevinquinnyo joined #salt
18:52 kevinquinnyo so in https://docs.saltstack.com/en/latest/ref/states/all/salt.states.user.html#salt.states.user.present there is a "gid_from_name" but is there anyway to get the uid_from name?
18:53 babilen kevinquinnyo: You simply set uid for that
18:53 pipps joined #salt
18:54 babilen (given that you are creating a user with a specific name)
18:55 kevinquinnyo yeah i'm wanting to be able to add a user with the same uid as another user -- the username i know, but the UID is arbitrary and exists in the /etc/passwd file on the minion
18:55 babilen That would be the same user
18:55 kevinquinnyo same user, different name
18:55 teatime yeah, it's invalid to have multiple users / userid's with the same UID
18:55 kevinquinnyo oh is it
18:55 kevinquinnyo never thought about it
18:55 teatime on the same machine.  yes, absolutely.
18:55 babilen What are you actually trying to achieve?
18:56 babilen The UID *is* the user
18:56 teatime yes.
18:56 babilen Names are just, well, for h00mans
18:56 kevinquinnyo yeah i know that
18:56 teatime I guess I will just try it out and see, but I am curious what happens when you do user.present specifying a userid and uid, and the userid already exists with a different uid.
18:58 fredvd joined #salt
18:58 kevinquinnyo root@debian:/home/kevin# su kevin2
18:58 kevinquinnyo 02:58:05 ~$ cd ~
18:58 kevinquinnyo 02:58:08 ~$ pwd
18:58 kevinquinnyo /home/kevin
18:58 kevinquinnyo whoami command shows 'kevin'
18:58 kevinquinnyo what i want are just more userfriendly SFTP / SSH usernames that go to the same place
18:59 kevinquinnyo that are the same user, but easier to type than my non-human friendly generated usernames
18:59 babilen kevinquinnyo: You essentially hit the first entry in /etc/passwd
18:59 kevinquinnyo babilen i believe that's what's happening yes
18:59 kevinquinnyo and that's fine
19:00 babilen "go to the same place" ?
19:00 kevinquinnyo have the same home directory... are literally the same user, etc..
19:00 Elsmorian joined #salt
19:01 function07 hi all, I am trying to use reactors to do first time server setups for stuff like adding users, common packages, groups etc. I want it to run after the key accept event and have tested this. However, the sls seems to fail because the salt-minion needs to run an initial salt/auth after being accepted. Is there any way to check the salt/auth that comes after the key accept or maybe just sleep/delay the sls by a few seconds?
19:02 babilen kevinquinnyo: What's the problem with using the same username?
19:03 kevinquinnyo becuase bob the developer will probably want to ssh or ftp as bob with his public key, and not as f338fcdcf9af87724a5666eb137d40dd
19:04 babilen kevinquinnyo: So create an account called "bob" for him
19:04 babilen (who would create accounts called f338fcdcf9af87724a5666eb137d40dd in the first place?)
19:04 kevinquinnyo me
19:04 kevinquinnyo dont worry about that
19:05 babilen Well, this is the underlying issue .. we either solve that or stop working on it :)
19:07 kevinquinnyo salt user module has an info() function
19:07 kevinquinnyo that's what i need
19:07 kevinquinnyo sweeet
19:07 rim-k joined #salt
19:08 kevinquinnyo babilen: the users are named that because its an md5 hash of a website name, which is the directory name and i need idempotency on that
19:08 kevinquinnyo but i also have a UI portion of my project where a client can add and remove SFTP users, sometimes temporarily only, and they will need access to that directory, and i dont want them to have to login as an md5sum
19:08 babilen Is this for SSH?
19:09 kevinquinnyo sftp / ssh yes
19:10 babilen I mean creating multiple entries in /etc/passwd is an option (they are essentially the same user), but you might want to consider simply providing users with suitable ~/.ssh/config files that use the "right" username to begin with
19:10 babilen (i.e. f338fcdcf9af87724a5666eb137d40dd)
19:10 kevinquinnyo you know what else is weird though
19:11 babilen That way they simply use "ssh foo.example.com" and use the correct usename
19:11 kevinquinnyo something i discovered recently -- linux usernames have a 32 char limit
19:11 kevinquinnyo but ssh client has a 30 char limit
19:11 kevinquinnyo which is odd
19:11 babilen Yeah, well .. who wants to type usernames that long?!
19:11 kevinquinnyo but that's not the reason i dont want to give them that -- i just want it to be more user friendly even if bob is literally the same user as alice
19:12 kevinquinnyo this isn't for real developers by the way, it's for rent-a-dev type people who hack wordpress themes, they use an FTP client UI, and don't know what ssh is half the time
19:13 babilen My feeling is as if you are actually looking for ways to create jailed/restricted SSH accounts that give properly named people access to a restricted set of directories
19:13 kevinquinnyo i'm not worried about jailing them yet
19:13 kevinquinnyo not in this iteration
19:14 kevinquinnyo i'll let the linux permissions model handle it for now
19:14 tvinson jailing for scp/sftp is a single sshd_config option
19:14 tvinson for ssh you would need to create some nodes
19:14 kevinquinnyo is it really?  the last time i tried to do that i remember getting irritated
19:14 kevinquinnyo i'll look into it again tvinson
19:15 babilen Yeah, you simply set ChrootDirectory in the sshd_config
19:16 babilen You can optionally do that for users in a specific group (e.g. "website-users") and chroot them into their home
19:17 tvinson although, come to think of it, i've no idea how %u is going to be interpreted with your two uid situation
19:17 tvinson but if the home directory is set the same i think it *should* work
19:17 babilen Two UIDs are bad, I would advise against it
19:18 babilen Unless the only difference in the entries is the username (but that will burn eventually)
19:19 babilen IIRC you also have to adjust AuthorizedKeysFile, but read up on ChrootDirectory .. I'm sure there are plenty of tutorials
19:20 teatime kevinquinnyo: do not have multiple /etc/passwd lines that share the same UID or userid.  do not do this.  do not.  What you can do, is have 2 users, w/ different userid's and different UIDs, but the some homedir, the same primary group, configure them with umask 002 or 007, and set g+s on the homedir.  that might be sufficient for your needs.
19:21 teatime although I agree, creating the weird-number userid is where your problem begins; eliminate that, you eliminate your problem.
19:21 kevinquinnyo no it doesnt eliminate my problem
19:21 teatime or, more likely, what you really want is a directory that several users share write access to.
19:22 teatime that's a common situation and much easier to arrange than this weird user stuff
19:22 kevinquinnyo i still want to have multiple users for ssh / sftp -- i'm only allowing public key access and the users + their key can be revoked if a developer no longer needs access
19:22 kevinquinnyo i could do the 002 umask
19:22 kevinquinnyo and shared group i guess
19:23 kevinquinnyo i just thought this was simpler.  teatime why are you so vehemently agains having multiple /etc/passwd lines with the same uid?
19:23 teatime realize that in a default configuration, users are going to have access to their own authorized_keys file, and this remains true if they own their home directory or ~/.ssh even if you set permissions on authorized_keys differently (because they will be able to rm it)
19:23 pipps joined #salt
19:23 rgrinberg joined #salt
19:24 teatime kevinquinnyo: because I am 98% certain it is invalid and invokes undefined behavior.
19:24 babilen It invokes "first entry wins"
19:24 teatime I know what behavior you typically would get when you do that, but I see no reason to trust that it would happen reliably, and every reason to beleive it will introduce other, possibly subtle, errors elsewhere.
19:24 babilen ^ exactly
19:25 kevinquinnyo ok thanks for the advice.  let me look into other options
19:25 babilen Give them proper usernames and adjust directory names and permissions as you see fit
19:25 kevinquinnyo last thing i need is another difficutl to troubleshoot issue coming up later
19:26 kevinquinnyo babilen, i dont know what you mean by proper usernames
19:26 babilen "bob" as opposed to a hash
19:26 babilen Or use your hash and then make it easy for them to use that
19:27 babilen But then you run into your 30 vs 32 character limit problem
19:28 pipps joined #salt
19:31 kevinquinnyo the directories are created by clients in my system because and they create the sites ahead of time
19:31 lero joined #salt
19:31 kevinquinnyo i mean they create the sites themselves
19:31 kevinquinnyo in a UI
19:31 aqua^c joined #salt
19:31 tvinson kevinquinnyo: are the domains themselves guaranteed to be unique?
19:31 kevinquinnyo so since i dont know what the sitename will be and theres a 32 char limit, my first thought was, well i'll make an md5sum of the domain since that's 32 chars, and there's minimal risk of collision
19:32 kevinquinnyo yes
19:32 tvinson kevinquinnyo: why not just use those?
19:32 kevinquinnyo you can't use a dot in a username
19:32 kevinquinnyo and there's a 32 char limit
19:32 kevinquinnyo a domain name can be much longer than that
19:32 tvinson strip dots out and truncate, hand that out
19:32 babilen Or let them create user accounts and associate those with domains (i.e. directories they have access to)
19:33 kevinquinnyo but what happens when you have this-is-a-really-super-long-domain-name-i-mean-really-guys-look-at-this.com
19:33 kevinquinnyo and this-is-a-really-super-long-domain-name-i-mean-really-guys-look-at-this.net
19:33 babilen What would you do if a user wants to administrate multiple domains?
19:33 jorr-el joined #salt
19:33 pipps99 joined #salt
19:33 kevinquinnyo they will use multiple sftp / ssh credentials i guess
19:33 babilen That way you have /home/foo/sites/{this-is-a-really-super-long-domain-name-i-mean-really-guys-look-at-this.net,example.com,foo.name}
19:34 kevinquinnyo i guess that's one way to do it
19:34 babilen With suitable apache/nginx/... configurations
19:34 kevinquinnyo i'm pretty tightly coupled at the moment to my /var/www/domain-name.com/ structure right now
19:34 kevinquinnyo but maybe that would be a better idea for the future
19:35 kevinquinnyo why didnt you tell me to do that like 3 months ago?  ;)
19:35 babilen So give bind mount those into their home dirs or give them access and use symlinks or even tell them to prefix it with /var/www
19:35 babilen I don't know .. you seem to have coded yourself a little into a corner :)
19:36 jimklo_ joined #salt
19:39 tvinson you could also hash only if the username is going to exceed the character limit. i think i would just ask for a username up front and store the mapping.
19:40 babilen As a user I'd be pretty annoyed if I had to use different logins in order to administrate multiple sites
19:41 martoss1 left #salt
19:41 saltling Is there a way to see the running config of a master?
19:42 pipps joined #salt
19:43 jhauser joined #salt
19:44 babilen What are you after?
19:45 saltling I meant to say minion, but in any case. Trying to figure out why beacons aren't working
19:46 kevinquinnyo tvinson: asking for the username up front is another idea
19:46 kevinquinnyo i was thinking about that too
19:46 tvinson that way you could solve the one user mapping to multiple sites thing too
19:47 babilen kevinquinnyo: Just let them register user accounts and then associate sites with accounts. Give them access to sites that are associated and make it easy to access them (e.g. /home/$USER/sites/{site1,site2, ....})
19:47 Knuta teatime: it's completely legal to have multiple users with the same UID. It's pretty common to have a "rootbash" user on Solaris which has bash as the shell, for example. That being said, it's probably something that could confuse some software.
19:47 tvinson Knuta: there's a toor user with uid 0 on freebsd too, but i think posix specifies unique uid
19:48 pipps joined #salt
19:48 babilen Knuta: File listings would use the first entry in /etc/passwd, but that might be an acceptable downside .. it also makes it tricky if you edit accounts .... I wouldn't necessarily do it.
19:48 Knuta well, yeah, I'm not *recommending* it :-)
19:48 babilen It might not blow up in your face, but it is definitely uncommon enough to not follow through with it
19:49 kevinquinnyo babilen: the other advantage of having multiple users per account is because these are wordpress sites
19:49 kevinquinnyo and i have php fpm running with a socket per user
19:50 kevinquinnyo so php is isolated -- ie if one site gets hacked, it's much harder for the infection to spread
19:50 kevinquinnyo sorry
19:50 kevinquinnyo one user per account* rather
19:50 kevinquinnyo in your scenario, if $USER site1 gets owned, site2, site3, etc are probably going to get owned as well
19:51 Knuta I'd say doing the uid sharing thing is a violation of principle of least surprise, and I'm pretty sure you shouldn't run your PHP as the same user as the login user anyway. I'd share a group between each user and PHP
19:51 kevinquinnyo that will cause headaches with wordpress
19:51 Knuta if the files are owned by the same user as PHP is running under, the attacker gets write access to everything, which opens up for a lot of fun attacks.
19:51 kevinquinnyo when it needs to install plugins, it needs to be able to create directories and files
19:51 teatime Knuta: "it's common to" != "it's specified behavior to", and "X is supported on Solaris" != "X is supported on *nix or Linux"
19:53 teatime Knuta: but if you could provide proof that that configuration is documented as anything other than erroneous / undefined behavior, on any operating system, I would find it very interesting.  I personally am only guessing that it is not legal, but I am confident enough that I would bet money :)
19:53 kevinquinnyo legal?? could i go to jail for this?
19:53 teatime please tell me that's a joke :)
19:53 kevinquinnyo lol
19:53 Knuta teatime: regardless, we're splitting hairs, since I'm definitely not recommending to do it :-)
19:53 teatime Knuta: ok :)
19:54 AndreasLutro kevinquinnyo: wordpress provides options for updating via ftp - if not, you could run a separate php-fpm pool as the "admin" user for the admin panel only
19:54 teatime Knuta: I really would be interested, though, if it's explicitly allowed, even if only on Solaris.
19:54 tapoxi joined #salt
19:55 kevinquinnyo kevin is not in the sudoers file.  This incident will be reported.
19:55 Knuta kevinquinnyo: I don't see how wordpress updates would be a problem. You'd run your PHP with umask 002, and set g+s on the folder(s) wordpress needs to own, and you should be fine
19:55 kevinquinnyo that's when i was 'kevin2'
19:55 kevinquinnyo interesting quirk
19:56 kevinquinnyo Knuta: i've had issues with 002 + wordpress
19:56 kevinquinnyo i think some plugins try to be cute and do chown 644 and chown 755
19:56 kevinquinnyo on files
19:56 kevinquinnyo and then they aren't writable to the group
19:57 Knuta chmod, hopefully :->
19:57 tapoxi hi everyone, thinking of running two hot masters (one in each dc) anyone using this config and have any problems/thoughts on it?
19:57 kevinquinnyo i type those backwards so often
19:57 kevinquinnyo i will never stop writing chmod when i mean chown and vice versa
19:58 tapoxi (dcs are interconnected so either master is reachable)
19:58 AndreasLutro tapoxi: make sure to only configure reactors on one of them
19:59 tapoxi good point, I haven't even started to look into reactor
20:00 AndreasLutro there was one other thing that annoyed me when running multiple hot masters but I forgot it
20:05 tapoxi what are people using salt reactor for?
20:05 gazarsgo things that are better done via kafka ?
20:06 manji joined #salt
20:07 devster31 I tried to modify the vim-formula to add an arbitrary piece of configuration, but it's not working for some reason, these are my changes: https://bpaste.net/show/2a2a21f3663e
20:07 Fiber^ joined #salt
20:09 lero joined #salt
20:09 manji joined #salt
20:09 babilen devster31: You might want to make that "{% if raw %}" and an error message would be most helpful
20:10 devster31 babilen: I don't get any errors, the template simply is missing that bit
20:10 devster31 I'm not using the gitfs thing, it's a local template
20:11 teatime For any interested parties, we are trying to bootstrap an ##opsec channel on this network; up to 20 users currently.
20:12 babilen topic?
20:12 teatime OPSEC
20:12 babilen --verbose
20:12 LotR operational security?
20:13 babilen How does it differ from ##security?
20:13 teatime anything vaguely related to https://en.wikipedia.org/wiki/Operations_security would be on-topic
20:13 saltstackbot [WIKIPEDIA] Operations security | ""OPSEC" redirects here. OPSEC may also refer to the 501(c)(4) group calling itself Special Operations OPSEC Education Fund.Operations security (OPSEC) is a term originating in U.S. military jargon, as a process that identifies critical information to determine if friendly actions can be observed by..."
20:14 teatime babilen: there is some overlap, but it intends to primarily concern itself with OPSEC in particular, as a subset of security in general.
20:14 babilen Alright .. I'll idle and might come up with questions .. :)
20:20 rm_jorge_ joined #salt
20:20 rm_jorge_ left #salt
20:20 function07 does anyone know a good way to deal with reactors reacting too quickly?
20:21 cyborg-one joined #salt
20:24 babilen function07: You might want to react to minion start rather than key add
20:31 manji joined #salt
20:36 hal58th_ joined #salt
20:37 function07 it's a good approach and I have looked into that but I'm trying to see about only running some of these things once. Since sometimes servers get rebooted for whatever reason
20:37 function07 but without having to press the button myself as it were
20:38 UtahDave function07: I'd recommend reacting off the minion start event instead of auth
20:38 UtahDave oh, sorry, babilen.  Didn't see your response
20:38 babilen np
20:39 UtahDave function07: you could set a "flag" in the minion's grains at the end of the reactor and then check for that flag when the reactor is run
20:40 babilen That's exactly the idea, yeah
20:40 babilen set some "initial_states: True" or whatever :)
20:42 function07 ok that sounds promising
20:42 function07 is that documented on the reactor page? or events page?
20:50 pipps joined #salt
20:50 DEger joined #salt
20:54 pipps joined #salt
20:55 scoates joined #salt
20:59 saltling Can ext_pillar and pillar_roots be used in conjunction?
20:59 teatime yes.
21:00 teatime and one can even refer to / see the values set by the other; by default, ext_pillar can see the data from pillar_roots, and the master config option ext_pillar_first inverts this.
21:00 saltling I thought so, but I'm a bit stuck. I've got an sls file in /srv/pillar and other stuff in ext_pillar(git) and have my topfile set up accordingly but when I run pillar.items I get this: Specified SLS 'vcenter.info' in environment 'base' is not available on the salt master
21:00 teatime your top file will not affect ext_pillars
21:01 teatime unless the ext_pillar itself does something special to make it so
21:01 teatime can you provide the exact salt command you ran
21:02 teatime if you ask for 'vcenter.info', it will look for 'vcenter/info.sls'
21:03 saltling salt-call pillar.items on my salt master (it's also a minion).
21:04 saltling my sls file is at /srv/pillar/vcenter/info.sls
21:05 UtahDave saltling: can you pastebin your sanitized   /srv/pillar/top.sls    ?
21:06 UtahDave function07: using that flag isn't an official way of doing things, just something some people do depending on the situation
21:07 austin_ joined #salt
21:08 saltling UtahDave: http://pastebin.com/pKXCt7zQ
21:09 lorengordon joined #salt
21:09 function07 @UtajDave  thank you
21:12 UtahDave saltling: can you pastebin your sanitized config for  fileserver_backend  from your master config?
21:12 UtahDave function07: you're welcome!
21:12 devster31 how can I import the function that provides salt['pillars.get'] in a standard python shell to test templates?
21:13 iggy everything in salt[] is salt.modules.*
21:13 iggy importing them directly probably won't work well
21:13 iggy the salt module loader does "magic"
21:15 saltling @UtahDave: http://pastebin.com/kVzRRxPB
21:17 cnk joined #salt
21:21 UtahDave saltling: Hm. I'm not sure what's going on here. I think your configs look ok.  Seems like there might be a bug here, but I'll need to test this.
21:22 saltling Thanks @UtahDave -- should I open an issue on github?
21:23 lero joined #salt
21:23 UtahDave Yeah, maybe.  Can you give me some time to try to reproduce this first?  I can probably get to it in the next hour or so
21:24 saltling Sure.
21:24 saltling thanks!
21:25 UtahDave saltling: what version of Salt are you using and what os and os version are you using?
21:26 saltling 2015.8.8.2 and ubuntu 14.04.04
21:26 UtahDave from repo.saltstack.com?
21:27 saltling yes, used the bootstrap method to install.
21:27 UtahDave ok. give me a few minutes
21:27 saltling no prob. thx!
21:29 jhauser joined #salt
21:32 sjmh re: ext_pillar_first - that option is going away
21:32 sjmh although it's now assumed by default in later versions
21:36 viq joined #salt
21:37 pipps joined #salt
21:40 kevinquinnyo is there any point to doing a pillar_refresh if you are using ext_pillar?
21:40 kevinquinnyo i mean it always makes a call to the ext_pillar right?  or does it cache sometimes?
21:42 sjmh it caches.
21:43 sjmh at least, in 2016.3 it does
21:43 sjmh not sure about 2015.8
21:44 kevinquinnyo sjmh: ok thanks i'll look into how often it does then -- i was making a bunch of calls to pillar.items in a row, and watching the nginx access log that my ext_pillar pulls from
21:44 sjmh but I have an etcd_pillar and it doesn't, for instance, query it every time.  It'll always query it if I issue a pillar.refresh
21:44 kevinquinnyo and it made a request each time
21:44 kevinquinnyo salt 2015.8.8.2 (Beryllium)
21:44 tkharju joined #salt
21:44 sjmh kevinquinnyo - it may just be 2016.3 - I know they added some pillar cache features
21:44 kevinquinnyo good to know
21:44 sjmh ah, 2015.8.8
21:44 kevinquinnyo i have some pillar_refresh on some states, so i think i'll leave them be in advance of whenever i upgrade
21:45 sjmh https://docs.saltstack.com/en/develop/ref/configuration/master.html#pillar-cache
21:45 kevinquinnyo thanks
21:46 coleman joined #salt
21:48 jY are there any v2016 rpms built?
21:49 jfindlay jY: https://docs.saltstack.com/en/latest/topics/releases/releasecandidate.html
21:49 sjmh jY : https://repo.saltstack.com/salt_rc/yum/redhat/6Server/x86_64/
21:49 coleman I have a question about whether I'm using gitfs properly. I am syncing a medium-sized tree of source code to a minion. I want to build on the minion.
21:49 jY thanks
21:49 coleman GitFs taks a while 115 seconds
21:49 coleman Is this an abuse of gitfs?
21:49 sjmh kevinquinnyo : I tested on my 2015.8.8 and it does make a request to etcd each time, but my 2016.3 instance does not.
21:50 kevinquinnyo thanks sjmh
21:50 coleman (Running Vagrant saltstack demo locally for this)
21:50 DEger joined #salt
21:52 saltling_ joined #salt
21:55 bltmiller joined #salt
21:56 coleman True, I only see this on the initial sync. Subsequent runs are faster.
21:58 Hybrid joined #salt
21:58 UtahDave coleman: that should be fine.
21:59 UtahDave coleman: some people will manually run their own git commands if they need customization
21:59 TTimo left #salt
21:59 UtahDave saltling: how did you install pygit2?
22:01 saltling libgit2 from source, pygit2 w/ pip
22:02 coleman I manually install it on master
22:02 coleman with yum
22:02 saltling i don't recall if the salt-formula changed that though.
22:02 coleman I cloned and hacked UtahDave's saltstack demo
22:03 coleman Thanks for the feedback.
22:03 UtahDave saltling: ok, just trying to replicate exactly what you have
22:05 saltling @UtahDave: sure thing. Don't know if this is useful, but here's my "salt --versions" output: http://pastebin.com/1k1ce8dZ
22:06 saltling_mobile joined #salt
22:13 AndrewPashkin joined #salt
22:17 saltling_mobile joined #salt
22:19 saltling @UtahDave: I need to step away for a bit. I'll check back in a while and see if you've been able to duplicate.
22:19 UtahDave cool
22:20 AndrewPashkin Who have experience with running multiple masters on the same machine?
22:21 berserk joined #salt
22:21 dstokes joined #salt
22:24 jimklo joined #salt
22:25 manji joined #salt
22:27 UtahDave AndrewPashkin: are you running them in virtualenvs?
22:28 teryx510 joined #salt
22:28 AndrewPashkin UtahDave: I'm just planning how to run them
22:30 AndrewPashkin UtahDave: Have you done such setup?
22:30 UtahDave No, I haven't.  Why do you want to run multiple masters on the same machine?  It's going to get very tricky
22:31 dstokes_ joined #salt
22:32 AndrewPashkin UtahDave: Because I have multiple environments for which I want to have separate masters and I don't want to run separate servers for them, because my customer has limited budget
22:33 AndrewPashkin UtahDave: seems like I need to install them in virtualenvs and set different master-related directories and ports
22:34 UtahDave AndrewPashkin: Yeah, you're heading down the right path.
22:35 dstokes joined #salt
22:35 AndrewPashkin UtahDave: Where do you typically keep your master? On a separate server?
22:36 teryx510 joined #salt
22:37 saltling_mobile joined #salt
22:37 UtahDave AndrewPashkin: It kind of depends on what I'm doing.  I'll often run a master and minion on the same server, if needed.
22:39 dstokes joined #salt
22:39 zzzirk joined #salt
22:41 zenlot6 joined #salt
22:43 dstokes joined #salt
22:48 saltling_mobile joined #salt
22:55 subsignal joined #salt
22:57 kevinquinnyo how can i make a pillar available to an orchestration depending on the environment that i'm in
22:57 saltling_mobile joined #salt
22:57 kevinquinnyo ie, that pillar will be different depending on the environment, but dont pillars have to be passed to an orchestrate run?
22:57 debian112 joined #salt
22:58 UtahDave a minion's pillar data is defined on your master regardless of whether you're using orchestration or not
22:59 UtahDave some salt commands allow you to pass in extra pillar args on the cli when you make the call, i'd have to check of the orchestrate allows that.
23:01 kevinquinnyo UtahDave: yes orchestrations do allow for a pillar to be passed
23:02 kevinquinnyo basically (i'm probably doing it wrong) but i spun up a full test environment and since i'm doing a lot of things with DNS i wanted to have a test environment completely isolated, a mirror of everything
23:02 kevinquinnyo but i have a pillar variable called platform_fqdn that's either the live fqdn, or the test one
23:03 kevinquinnyo but i don't know how to get that "platform_fqdn" available to the orchestration itself
23:03 estahn joined #salt
23:03 kevinquinnyo preferably without having to pass it on the commandline
23:07 kevinquinnyo i guess that might be the only way
23:07 kevinquinnyo i use it as part of the targeting
23:08 bluenemo joined #salt
23:10 bluenemo hi guys. My pillar data is getting kinda out of hand. I was looking into sth like storing it in mongodb. Do any of you guys know how a concept of putting jinja over this data would be implemented here? Would each minion just have a complete set of pillar data - example usecase: I deploy ssh and have two private keys, one for server A and one for server B. now I want server A to only have its private key in its pillars and so on.
23:11 kevinquinnyo ext_pillar
23:11 kevinquinnyo Have you looked into that bluenemo ?
23:12 bluenemo kevinquinnyo, yes I read the doc
23:12 kevinquinnyo i store my pillar data in a mysql database of an internal web app and my ext_pillar makes api calls to retreive it
23:12 bluenemo however it is not clear to me how the concept of jinja in this data would be transmitted to mongodb
23:12 bluenemo thats interesting - its not by any chance open source, is it?
23:13 bluenemo i have a bunch of customers, each with its own salt master server. they all have (more or less) the same formulas in /srv/salt, only the pillar data is different. I'm having the problem of schema migrations in the files in /srv/pillar for all the customers - also if I want to change 20 passwords, I want to do this with a query of some sort that auto generates passwords.. and so on
23:14 kevinquinnyo you sound like you're doing something very similar to me
23:14 kevinquinnyo although i didnt go with the multiple salt masters
23:14 bluenemo kevinquinnyo, so how do you manage the concept of minion A having only access to the ssh pillars minion A is supposed to have access to? I'm currently just thinking, didnt do anything yet :)
23:15 bluenemo well if i have sql / mongo i can write migrations, that would be awesome
23:15 bluenemo currently i have just files
23:15 bluenemo and my sed is not strong enough ;)
23:15 kevinquinnyo the way i do it is, i have different client minions whose ids look something like this
23:16 kevinquinnyo web1-atl-1001-jemaro-sands.devops.my-whatever-platform.com
23:16 kevinquinnyo where the 1001 is a client id
23:16 kevinquinnyo and the jemaro-sands is just a generated thing so i didnt have to have uuids or something ugly to make them "collision free"
23:17 kevinquinnyo if a client has multiple clusters of minions
23:17 bluenemo i think you might have missunderstood me. imagine the pillar data for ssh like:  ssh: priv_keys: {% if grains['id'] == 'A' %} A_priv_key {% elif grains['id'] == 'B' %} B_priv_key {% endif %}
23:17 kevinquinnyo then i target like 'web*1001-jemaro-sands*' state.sls web.nginx
23:17 bluenemo how do you do that in the database?
23:19 bluenemo i do that in a similar way - my interest is more in what currently jinja does in my pillar files to give access to private information / different configuration depending on any number of things, like grains['id']
23:19 bluenemo so preferably all this with mongo :)
23:19 kevinquinnyo i have a full on cakephp application with a rest api, so my ext_pillar snags the target when any pillar-y request is made, using that unique cluster_id "1001-jermaro-sands", it makes an api call to https://my-internal aplication.com/api/clusters/pillar/1001-jemaro-sands
23:19 kevinquinnyo which only returns the data from the database associated with that unique client/cluster
23:19 bluenemo ah ok, i see
23:19 bluenemo i understand
23:20 kevinquinnyo that was the only way i could figure to do it
23:20 bluenemo is your application open source?
23:20 bluenemo i figured something similar - build some logic in between
23:20 kevinquinnyo i think salt is not necessarily designed to be used as a PAAS with multiple clients the way you and i are trying to use it
23:20 kevinquinnyo but there are probably a ton of ways to do it
23:20 kevinquinnyo bluenemo: no it's not unfortunately, but it's so specialized, i'm not sure it would you all that much
23:21 bluenemo ah ok
23:21 dstokes_ joined #salt
23:22 kevinquinnyo i like your idea of having multiple saltmasters though
23:22 kevinquinnyo i jut didnt want to have to manage like 50 or 60 different saltmasters
23:23 bluenemo our "idea" is to only do consulting, so each customer has sth like a salt.example.com
23:24 bluenemo where under /srv/salt there is a git repo with our formulas, /srv/pillar is atm the customers git repo
23:24 kevinquinnyo white glove devops consulting kind of thing?
23:24 dstokes joined #salt
23:24 bluenemo hm no we just dont see the technological need to rent servers and force the customer to host on the machines in our DC
23:24 bluenemo so they have accounts with aws, profitbricks, whatever-cloud..
23:25 bluenemo sells quite nice this way :) we take care not to restrict customers to us in a technological way / via contracts
23:25 kevinquinnyo interesting
23:25 bluenemo so if they want to leave they just can, and using salt the infrastructure is also quite well documented. they also get to keep the formulas (we have to put them on github at some point ;)
23:26 kevinquinnyo i could see a lot of web app developers and such liking that
23:26 bluenemo they just dont get updates / migrations / fancy stuff for being a customer anymore. but they dont hit the wall hard when changing the infrastructure provider - as in for example, a migration is not required - as the customer owns his infrastructure, not us ;) but sry i could go on and on ;)
23:27 bluenemo yeah we kinda have more customers than we can handle so we started cherry picking ;) btw we need admins ;)
23:27 bluenemo (consultants... :)
23:28 bluenemo hm idk. some logic in front of mongo should do the trick.. seems like any number of options is open to call the logic: https://docs.saltstack.com/en/latest/ref/pillar/all/
23:28 kevinquinnyo noted.  i've got so much work right now it's ridiculous, and i stupidly took on some side work doing development
23:28 dstokes joined #salt
23:28 kevinquinnyo the thing about saltstack i've noticed is that it's almost too flexible
23:28 ajw0100 joined #salt
23:28 kevinquinnyo you can get selection paralysis trying to decide what/how to do something
23:29 kevinquinnyo it's best to just roll with your instinct, and you can always completely shift gears later if you decide there's a better way
23:29 bluenemo this here: https://docs.saltstack.com/en/latest/ref/pillar/all/salt.pillar.mongo.html#configuring-the-mongo-ext-pillar is in /etc/salt/master right?
23:29 kevinquinnyo i mean that's going to happen no matter what
23:29 kevinquinnyo oh look at that
23:29 kevinquinnyo i've never used it, but it looks like it
23:30 aw110f joined #salt
23:30 bluenemo I read most all salt formulas on github and mostly disagree with all of them :D
23:30 bluenemo for example when i have /srv/salt/ssh/keys/init.sls  I name the state ssh_keys_do-something: file.managed: and so on
23:30 kevinquinnyo i've never used a single formula
23:30 bluenemo totally helps keeping an overview to set state id's that are human interpretable
23:31 bluenemo also helps with - require: ssh_keys_* ;)
23:31 kevinquinnyo i do the same
23:31 bluenemo cool, finally somebody :D
23:31 kevinquinnyo i always explicitly use the 'name' key
23:31 kevinquinnyo so that my state key is very verbose
23:31 bluenemo yeah me too
23:31 bluenemo jup :)
23:32 kevinquinnyo but i recently stopped doing the thi-is-a-state-name-that-does-blah
23:32 kevinquinnyo i just do something like:  'Ensure user {0} exists for website {1}'.format(user, website)
23:32 bluenemo wrote you a pm as i think we are spamming the channel :)
23:34 tracphil joined #salt
23:36 cliluw joined #salt
23:39 orion_ joined #salt
23:39 orion joined #salt
23:44 berserk joined #salt
23:46 dezertol joined #salt
23:47 dstokes_ joined #salt
23:48 amcorreia joined #salt
23:50 ssplatt joined #salt
23:50 dstokes joined #salt
23:53 aqua^c joined #salt
23:56 Thiggy joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary