Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2016-06-27

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:10 bluenemo joined #salt
00:11 edrocks joined #salt
00:23 bluenemo hi guys. I have a custom state /srv/salt/_states/bloonix.py and a fresh installation of http://repo.saltstack.com/apt/debian/8/amd64/2016.3 for both master and minion on one node. when I run saltutil.sync_states, it shows no updates but the module is not available. The state works, it runs on a master with 2015.8.8.2
00:23 DEger joined #salt
00:32 MeltingFiction joined #salt
00:36 bluenemo the day salt "just works" is yet to come >:( there is always something with a fresh installation....
00:50 MeltingFiction joined #salt
00:51 TyrfingMjolnir joined #salt
01:00 ageorgop joined #salt
01:03 fannet_ joined #salt
01:06 iceyao joined #salt
01:16 oida joined #salt
01:18 TyrfingM1olnir joined #salt
01:19 iceyao joined #salt
01:23 om joined #salt
01:32 hasues joined #salt
01:36 hasues left #salt
01:41 catpiggest joined #salt
01:45 krymzon joined #salt
01:50 iceyao_ joined #salt
02:06 amcorreia joined #salt
02:14 edrocks joined #salt
02:17 tristianc joined #salt
02:18 iggy saltnpepper: also cp.list_master
02:18 iggy !salt modules.cp.list_master
02:18 saltstackbot https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.cp.html#salt.modules.cp.list_master
02:20 iggy bluenemo: does it show up in /var/cache/salt/minion anywhere?
02:20 iggy /var/cache/salt/minion/extmods/states I think
02:23 Ayo joined #salt
02:27 bluenemo iggy, /var/cache/salt/minion/extmods/ is empty. I've been working with custom modules for a while wo trouble :/ checked all the obvious stuff :(
02:35 bluenemo (also just copied over /etc/salt/master from my development salt)
02:41 kshlm joined #salt
02:44 iggy bluenemo: salt-call cp.list_master | grep _states
02:52 fracklen joined #salt
02:56 flebel joined #salt
03:01 bluenemo iggy, brilliant, why didnt i think of this. second :)
03:02 bluenemo iggy, shows up
03:02 bluenemo I can run python mymodule.py and it works out. also, with the default log level, nothing shows up for a saltutil.sync_all
03:02 bluenemo its puzzling :/
03:03 iggy and this is just a master/minion on the same box right?
03:03 bluenemo iggy, yes, echo 127.0.0.1 salt >> /etc/hosts
03:04 fannet_ joined #salt
03:04 iggy can you actually paste the output of the command?
03:04 iggy (kind of curious if it's an awkward name or something
03:04 bluenemo iggy, http://paste.debian.net/761897/
03:05 brent_ joined #salt
03:05 iggy I meant the cp.list_master one
03:05 bluenemo just created a file /srv/salt/_states/foobar.py with some random py code.. also wont sync that
03:06 bluenemo shows up on cp.list_master
03:07 bluenemo did a  tail -n 0 -f /var/log/salt/* | grep 'bloonix.py'  and executed a saltutil.sync_modules in another terminal, wont show any output :(
03:08 iggy well, sync_modules isn't going to
03:08 iggy that's specifically for _modules
03:08 bluenemo ah lol. i'm tired. sec
03:09 bluenemo ah fail actually did states
03:09 bluenemo sry have to kill the night to pick up my gf from the stupid airport in the early morning. it wasnt working before i was tired though ;) and i actually did   salt 'util*' saltutil.sync_states   ;)
03:11 bluenemo just did sync_all to make sure, also no output there :(
03:11 iggy burn it down and try again
03:14 bluenemo i tried rebooting (have you tried turning it off and on again? :) ), removing /var/cache/salt, re-installing salt-minino and master in different versions
03:14 iggy go to sleep, it'll still be there tomorrow
03:15 bluenemo cant, have to stay awake for one more hour and then go to airport
03:15 bluenemo but i think you are right on this one ;)
03:15 bluenemo will work tomorrow :D
03:15 bluenemo what bugs me is that i didnt get it to work some hours ago when i wasnt sleepy m)
03:15 bluenemo and usually i can handle salt in the middle of the night
03:16 bluenemo but yes - it will tomorrow ;) thank you for your input :)
03:21 patrek joined #salt
03:25 ktosiek joined #salt
03:26 kidneb joined #salt
03:26 bluenemo iggy, another question - I wrote / forked a formula for most everything and been working with salt for two years now. I think I'm kinda ok with it. I hired a very experienced py programmer to help me out with the salt management and so on. I have a openvpn formula which allows for client-to-client setups, however i use iptables and forwarding rules to manage which client can talk to which client. We manage some VPNs where there are several server
03:26 bluenemo instances which talk to each other, each having 150 clients and so on - so lots of pillars. my idea was to write one set of pillars (continues)
03:28 bluenemo and then abstract the iptables rules from it as well. so my openvpn formula has a piece of jinja that then also outputs an iptables script (shell script with rules). now however, the openvpn formula does an iptables task. if i want to get around this and keep with the good design pattern of having each formula take care of all of its tasks, i should write all of this information a) into openvpn.sls pillar and b) into iptables.sls pillar. then howe
03:28 bluenemo ver i have double the lines of config, highly redundant information in both and have to maintain both.
03:28 iggy for that much data, I'd probably start writing an ext_pillar... keeping all that in files sounds rough
03:28 bluenemo as in mongodb for example?
03:29 mrMute joined #salt
03:29 bluenemo if so yes, agree, but besides that
03:29 bluenemo lets say its only 50 hosts to define
03:29 iggy well, doesn't necessarily have to be something that heavy
03:29 bluenemo imagine host A in vpn admin and host B in vpn 'webservers', then I say host A can contact host B on port 22 but not the other way around -> iptables. i also use those pillars to say those hosts are present (and some more stuff)
03:30 iggy but if you have some higher level description of everything and then write pillars to pull that data and then provide it to your openvpn states and then also to your iptables states
03:30 bluenemo what we were now discussing - is it best practice to use two formulas or is it ok if the openvpn formula creates the iptables script in this instance?
03:30 bluenemo if i could generate pillars using pillars this problem wouldnt exist
03:30 bluenemo yeah, that would be most awesome, agreed
03:30 iggy it's really a judgement call
03:31 bluenemo he sees it hardcore pythonic - a state for everything and just its particular purpose. I see handling the pillar files in production, which would take orders of magnitude more time
03:31 gmoro joined #salt
03:31 iggy I've had salt setups where the states weren't at all broken up into formulas specific to individual pieces of software
03:31 bluenemo he is right and imho i am also
03:32 iggy it just didn't make sense to break it up that way
03:32 iggy but a lot of times it does
03:32 bluenemo true. i have for example a apache-php formula that also manages ftp - in this case it saves us insane amounts of time to have pillars completely abstracted away and then use a formula that installs everything
03:32 bluenemo i try to have a formula for everything specific
03:32 iggy (especially as you consider being able to scale individual parts of your systems)
03:33 bluenemo however iptables also handles ipset's for example
03:33 bluenemo it seemed so related imho
03:33 mortis joined #salt
03:33 bluenemo we basically have 100 formulas that make up what makes most of the companys money
03:34 bluenemo we keep them up to date and extend them, while handling all of our customers infrastructure with salt - they just get the formulas and the updates while we apply them to their aws servers (or other hosters)
03:34 bluenemo but yeah.
03:34 iggy I think I'd consider that a formula that manages your VPN setup... it just so happens that your vpn is openvpn+iptables
03:34 lynxman joined #salt
03:34 bluenemo imho yes
03:34 bluenemo i mean wo the iptables part, the vpn clients cant talk to each other at all
03:34 iggy you couldn't split those into separate parts and say "okay, now host1 is going to do just openvpn and host2 is going to just iptables"
03:34 iggy so why split the formula like that
03:35 bluenemo but if you think hardcore pythonic, the iptables part has to be done with the iptables formula
03:35 bluenemo my thinking too
03:35 bluenemo well first most vpn servers that are big that we run only do vpn
03:35 bluenemo the way i did it was have the vpn formula place a iptables script in /etc/iptables/scripts/openvpn.sh
03:36 bluenemo the iptables formula always creates a iptables scrpit /etc/iptables/enable.sh that always looks and executes scripts in /etc/iptables/scripts (with some order magic around it)
03:36 bluenemo he says this sucks and is unclean
03:36 bluenemo i more or less agree, but think this is not too dirty and in this case works fine
03:36 iggy we use tinc, but it's basically the same thing... the tinc formula manages the script that brings the interfaces up and down
03:36 bluenemo i think its ok for the advantage of having to maintain way less pillars (which costs crazy time imho)
03:37 bluenemo ah yes (mesh vpn - cool thing :)
03:37 iggy we don't have a tinc formula and a iproute2 formula and a ethtool formula and 4 other formulas that would all stomp all over each other
03:37 bluenemo i think so too, yes
03:39 iggy I'm pretty sure even the most anal retentive guys on our salt team wouldn't try to make me do something like that
03:39 iggy although they did make me convert it into a formula instead of just some states local to the servers it's used on :(
03:40 bluenemo btw what do you think of the public iptables formula from salt inc? imho it sucks hard - mine creates super crazy firewalls which use ipsets and stuff - imho the public one offers zero flexibilty. i also strongly dislike the iptables state module - imho salt should create servers that look clean even wo salt - if i use the iptables state module, there is no classical iptables script (/etc/iptables/enable.sh) that an admin unfamiliar to salt can ea
03:40 bluenemo sily debug. also the state module cant to the 20% rarely needed hardcore magic that iptables can (that i want to use). my iptables formula is basically ['-i eth0 -j DROP'], and then putting it all together. how do you handle iptables? do you go with the public one / fork of it?
03:41 bluenemo " make me convert it into a formula instead of just some states local to the servers" what do you mean?
03:43 bluenemo imho, to end my openvpn formula question, the best way would be to have something higher than pillars, which generates pillar data. then all of this would be no problem
03:45 krymzon joined #salt
03:47 bluenemo unless one has magic like this, imho its a general guideline to have a formula for openvpn and iptables, but if openvpn relies on iptables that much and generates hundreds of iptables rules directly abstracted from its pillars, its simpler to maintain one pillar file and not create a client in openvpn.sls and then put the exact same specs again in iptables.sls (or at least 50% of the same info). I think keeping the overview is more important here.
03:47 bluenemo ..
03:47 irctc855 joined #salt
03:47 bluenemo but yeah.. i also manage nginx and php in two seperate formulas and put /var/run/php7.0-project.com.sock into php and nginx pillars both..
03:48 bluenemo i have to further meditate about this ;)
03:50 bluenemo what i do have left to say about this is that defining the required rules in the iptables formula would take much more text in pillars to write, where the openvpn formula's pillars has a specific usecase and can be higher abstracted. if i put all info into the syntax for the iptables formula, its just orders of magnitude more pillar data to setup and maintain too per client, while with the openvpn's pillar structure, its mostly one or two lines pe
03:50 bluenemo r client present
03:50 bluenemo lots of pros and cons
03:50 bluenemo ok whatever. i'm going for a shower now. thanks for your input iggy! :)
04:09 saltnpeppa joined #salt
04:09 saltnpeppa is there an option that auto deploys state files to hosts every X minutes?
04:09 mohae joined #salt
04:14 mohae joined #salt
04:16 edrocks joined #salt
04:20 LostSoul_ Hi
04:21 LostSoul_ I'm getting Too many functions declared in state 'file' in SLS  after adding 3 states, tell me what I did wrong as I have no idea:
04:21 LostSoul_ http://paste.debian.net/hidden/e8c7133d/
04:24 bfig__ joined #salt
04:24 bfig___ joined #salt
04:45 krymzon joined #salt
05:01 keimlink joined #salt
05:03 kshlm joined #salt
05:05 fannet_ joined #salt
05:05 LostSoul_ Any idea guys?
05:05 LostSoul_ saltstackbot: You can add it to crontab
05:06 onlyanegg joined #salt
05:08 DarkKnightCZ joined #salt
05:29 SpX joined #salt
05:38 rdas joined #salt
05:50 jeddi joined #salt
05:50 mariusv joined #salt
05:50 mariusv joined #salt
05:53 colttt joined #salt
06:02 kshlm joined #salt
06:04 ahammond joined #salt
06:10 jhauser joined #salt
06:12 DEger joined #salt
06:19 edrocks joined #salt
06:20 manji joined #salt
06:22 illern joined #salt
06:23 iggy LostSoul_: what's the command you are running to get that error?
06:26 dmaiocchi joined #salt
06:27 fannet_ joined #salt
06:32 CeBe joined #salt
06:34 dmaiocchi joined #salt
06:34 kawa2014 joined #salt
06:39 MeltingFiction joined #salt
06:43 duncanmv joined #salt
06:46 Rumbles joined #salt
06:47 krymzon joined #salt
06:54 KermitTheFragger joined #salt
06:55 slav0nic joined #salt
07:01 kshlm joined #salt
07:15 charli joined #salt
07:27 Rumbles joined #salt
07:31 kawa2014 joined #salt
07:31 Electron^- joined #salt
07:32 fracklen joined #salt
07:38 Sylvain31 joined #salt
07:39 fracklen joined #salt
07:40 Sylvain31 Hi, is there an module commande to list the shell users member of a desiganted group?
07:43 fracklen_ joined #salt
07:44 Sylvain31 answer to myself: salt 'web*' group.info www-data
07:45 deniszh joined #salt
07:50 LostSoul_ iggy: I figured it out
07:50 LostSoul_ No space after name in last one :)
07:51 _JZ_ joined #salt
07:51 lordly_eager_bar joined #salt
07:51 phx joined #salt
07:56 krymzon joined #salt
07:56 permalac joined #salt
08:02 ronnix joined #salt
08:05 lero joined #salt
08:06 lero_ joined #salt
08:08 keimlink joined #salt
08:12 s_kunk joined #salt
08:13 DEger joined #salt
08:20 mackripe_ joined #salt
08:20 _littleGrain joined #salt
08:20 netcho joined #salt
08:21 _littleGrain Hello people
08:21 edrocks joined #salt
08:21 manji joined #salt
08:21 _littleGrain I have a question about filters
08:21 _littleGrain How can I filter nodes with pillars?
08:22 _littleGrain I saw that running salt with --pillar I can use a couple of pillar
08:24 _littleGrain but how can I use more than once couple of pillar?
08:24 _littleGrain for example
08:25 _littleGrain salt -I 'test:true&consumer:customer1&env:webserver' state.aply
08:25 _littleGrain of course it doesn't work
08:25 Rumbles joined #salt
08:25 AndreasLutro use the compound matcher
08:26 _littleGrain AndreasLutro: could you provide an example? Thx
08:27 _littleGrain I've read this page https://docs.saltstack.com/en/latest/topics/targeting/compound.html
08:27 kshlm joined #salt
08:27 _littleGrain but actually I still have confusion
08:27 Ayo joined #salt
08:28 _littleGrain and I'm not a guru of regular expression
08:29 garphy joined #salt
08:31 GreatSnoopy joined #salt
08:31 _littleGrain AndreasLutro: I tried something like this salt -C 'test:true and env:webserver' state.apply
08:31 _littleGrain but it still doesn't work
08:31 AndreasLutro well you're getting close
08:32 AndreasLutro you need to specify what "test:true" in your match means - pillar, grain, whatever
08:32 lordly_eager_bar joined #salt
08:32 AndreasLutro I@test:true would match pillars
08:32 AndreasLutro as shown on the documentation page you linked
08:32 _littleGrain uhm ok
08:33 _littleGrain AndreasLutro: should be like this: -C 'I@test:true and I@env:webserver'
08:33 _littleGrain let me try
08:35 kbaikov joined #salt
08:36 _littleGrain AndreasLutro: thank you, it works!
08:39 mackripeum joined #salt
08:44 jhauser joined #salt
08:44 netcho joined #salt
08:45 felskrone joined #salt
08:48 rsanting joined #salt
08:49 yuhlw_ joined #salt
08:52 lordly_e_ joined #salt
08:55 izaki joined #salt
08:55 lord2y joined #salt
08:56 kbaikov joined #salt
09:10 whaity joined #salt
09:14 bastiandg joined #salt
09:15 mikecmpbll joined #salt
09:16 akiratheoni joined #salt
09:20 lordly_eager_bar joined #salt
09:21 badon joined #salt
09:22 mikecmpbll is it possible to do a glob match or something for watch? e.g. - watch:\  - file: /etc/rsyslog.d/* ?
09:22 AndreasLutro you can glob match, but note that the globs are for state IDs, not file names
09:22 felskrone1 joined #salt
09:23 Sylvain31 what is the more common way to read an IP address from a domain name in Jinja?
09:23 mikecmpbll AndreasLutro : ahh yeah, good point. still, that should work, thank you :)
09:23 AndreasLutro Sylvain31: find a module that does dns lookups I guess?
09:23 AndreasLutro https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.dnsutil.html googling "salt dns" led me to this
09:24 AndreasLutro the network module might have something as well
09:24 mikecmpbll also, elementary syntax question, is this valid?: https://gist.github.com/mikecmpbll/4a70c6a3b112648e08672a0857cddd47
09:25 AndreasLutro what's stopping you from trying it out?
09:25 mikecmpbll i don't have a local test setup yet and it's a pain to deploy to production :P
09:26 mikecmpbll some sort of salt syntax checker would be awesome, but nvm i'll trial and error.
09:26 Sylvain31 AndreasLutro: as far as I found not in modules/network.py, but "salt 'dns*' dnsutil.A www.vim.org" did it, I wasn't in the good module…
09:26 AndreasLutro definitely set up al ocal test environment
09:27 Sylvain31 thanks!
09:27 AndreasLutro mikecmpbll: if your thing doesn't have jinja you can use http://yaml-online-parser.appspot.com/
09:28 mikecmpbll AndreasLutro : ooh, that's useful, thank you!
09:28 felskrone joined #salt
09:30 bastiandg joined #salt
09:33 lord2y hello guys
09:34 lord2y question: why if I have declared /var/lib/mount and /var/lib/mount/102 in mount.mounted state I get
09:34 lord2y Detected conflicting IDs, SLS IDs need to be globally unique
09:34 lord2y ?
09:34 lord2y I just need to update the /etc/fstab
09:34 Sylvain31 lord2y: do you have a loop?
09:36 lord2y Sylvain31: yes I have
09:36 lord2y Sylvain31: I need this particular configuration, the important thing is /var/lib/mount is mounted first
09:38 Sylvain31 lord2y: "salt-call -ldebug state.show_sls your_state" on the minion, will show the yaml generated, you must have a duplicate id
09:41 lord2y Sylvain31: order are differents
09:42 lord2y Sylvain31: 10000 and 10001
09:43 Sylvain31 their name must be different, they are dict keys, they must be distinc. append in jinja : {{ mount ~ '-' ~ someid_or_order }}:
09:44 Sylvain31 for example…
09:45 netcho joined #salt
09:45 toanju joined #salt
09:47 akiratheoni i'm trying to configure salt to install varnish (port 80, proxies to port 8080) and nginx (port 8080). it looks like when running a highstate on a brand new server, nginx binds itself to 80 before varnish can (and thus varnish doesn't start). however, manually reloading nginx afterwards, it binds to the correctly configured port only instead of 80 and i can start varnish normally. is this a salt issue or something with nginx/varn
09:47 mackripeum joined #salt
09:48 lord2y Sylvain31: thank you to your debug command I found the problem
09:49 Sylvain31 akiratheoni: did you setup requisite between states? (quite the most difficult to understand)
09:49 Sylvain31 lord2y: you're welcome, I did recieve help, I give you back ;)
09:49 fredvd joined #salt
09:50 illern joined #salt
09:53 akiratheoni Sylvain31: no I have not yet. so if i'm understanding this correctly, i need to configure nginx to depend on varnish?
09:53 Sylvain31 AndreasLutro: thanks: {%- set web_ip = salt['dnsutil.A'](webserver) %} it did it! I also found (re-read): https://docs.saltstack.com/en/latest/topics/tutorials/states_pt3.html#calling-salt-modules-from-templates : quote: "All of the Salt modules loaded by the minion are available within the templating system" Cool!
09:55 Sylvain31 akiratheoni: yes, and salt will order state execution for you. you can have a look at apache formula may be, but I will try to find a better example.
09:57 tracphil joined #salt
09:58 lero joined #salt
09:58 Sylvain31 akiratheoni: https://github.com/saltstack-formulas/apache-formula/blob/master/apache/modules.sls no so simple…
09:59 bdrung_work joined #salt
10:01 Trauma joined #salt
10:03 Sylvain31 apache-restart is defined in apache/init.sls, and is triggered by a2enmod *: state, by a watch_in requisite, which is quite complexe yet… Which means, that the state_id apache-restart will be trigered if the a2enmod is activated. Of course, the include: - apache, loads the init.sls in the current state, so the state_id becomes available. Is that clear or not at all?
10:07 mikecmpbll AndreasLutro : wrt that syntax question, the yaml syntax checker only passed with a colon after the pkg.installed state (https://gist.github.com/mikecmpbll/4a70c6a3b112648e08672a0857cddd47), however when i ran the state i got the error: "ID 'rsyslog' in SLS 'logging.rsyslog' contains a short declaration (pkg.installed) with a trailing colon. When not passing any arguments to a state, the colon must be omitted."
10:07 mikecmpbll when i removed the colon i get a different error!
10:09 mikecmpbll obviously it's because of the 2nd state underneath, but i'm not sure what the valid syntax is to get around the issue.
10:11 mikecmpbll /cc anyone else :p
10:14 DEger joined #salt
10:14 akiratheoni Sylvain31: ok i think i understand that. i added the requisite to the nginx statement to wait for varnish, though now varnish is starting up correctly automatically, but nginx isn't
10:16 whaity joined #salt
10:17 mikecmpbll nvm, got there in the end, it was pkg.installed: [] that I needed.
10:24 edrocks joined #salt
10:32 mikecmpbll i'm using file.managed with template: jinja, how can I view the file after processing?
10:32 Sylvain31 akiratheoni: state are executed sequentialy but salt may decide to order them. Sometime you may split a state in multiple state to achieve the expected behavior. If it goes too "far" multiple host, long execution time, etc. There's more stuff, orchestration and reactor which is triggered by event, I don't know this last one…
10:33 mikecmpbll i'm getting a jinja error while the template is rendering, not sure how to debug it
10:34 Sylvain31 mikecmpbll: on the minion: "salt-call -ldebug state.apply state_name" could help
10:34 mikecmpbll Sylvain31 : ty :)
10:44 kshlm joined #salt
10:44 akiratheoni Sylvain31: looks like running a salt-call for this particular state twice ends up starting nginx properly
10:44 akiratheoni not sure if that is normal or means my config is weird
10:49 lordly_eager_bar joined #salt
11:06 keimlink joined #salt
11:09 amcorreia joined #salt
11:19 mikecmpbll hmmm, "Rendering exception occurred: Jinja variable str object has no element 0"
11:21 mikecmpbll is there a way to debug jinja with print statements or anything? really difficult to debug what's going on
11:24 tuxick mikecmpbll: that's an understatement if there ever was one
11:24 honestly mikecmpbll if you run with -l debug it will print the result of jinja rendering
11:24 mikecmpbll honestly : it's failing during rendering
11:24 mariusv joined #salt
11:24 mariusv joined #salt
11:24 honestly well yeah, remove the part that fails to render :P
11:24 mikecmpbll ... lmao
11:25 mikecmpbll that doesn't help much with debugging the error.
11:25 honestly and then just print the stuff you're trying to debug
11:25 mikecmpbll oic.
11:25 honestly I mean if you have something like {% for foo in foos %} and that fails, just put {{ foos }} to see what is actually there
11:26 mikecmpbll 👍🏼
11:29 tuxick "parse error somewhere"
11:30 AndreasLutro mikecmpbll: share the error message and maybe we can help you read it
11:30 AndreasLutro the full error message
11:33 lordly_e_ joined #salt
11:34 mikecmpbll gi
11:34 mikecmpbll got it now*. inserted a bunch of comments to the file to debug it. i was accessing the pillar with slightly the wrong key and then calling [0] on an empty value
11:37 rsanting joined #salt
11:44 tuxick btw, before weekend i was looking at rolling out ssl certs from pillar
11:44 tuxick am i really supposed to paste those in an .sls with indentation and all?
11:45 tuxick no sane way to push files?
11:46 oyvindmo tuxick: file_tree might be an option for you:  https://docs.saltstack.com/en/latest/ref/pillar/all/salt.pillar.file_tree.html
11:47 lordly_eager_bar joined #salt
11:48 lordly_eager_bar joined #salt
11:50 tuxick hhnn $root_dir/hosts ??
11:51 oyvindmo yes, for per-host targeting.
11:52 av_ joined #salt
11:54 tuxick ah but doesn't have to be /srv/hosts or so
11:54 tuxick yet might as well do that
11:54 tuxick and the rest is kinda automagic?
11:54 oyvindmo isn't everything? :)
11:55 tuxick well
11:55 oyvindmo haven't used it much, but yes, it's relatively straightforward from there
11:55 tuxick will look at it again later on
11:55 tuxick looks ok
11:55 charli joined #salt
11:57 inad922 joined #salt
12:10 lordly_e_ joined #salt
12:11 TooLmaN joined #salt
12:13 garphy joined #salt
12:13 amcorreia joined #salt
12:15 impi joined #salt
12:17 tracphil joined #salt
12:18 Sylvain31 akiratheoni: running the same state twice may solve a dependancy, as one service could "won" and match the state description. The second time the other one it not blocked by the other one not running. So yes it is buggy, but works… if ran twice…
12:19 iceyao joined #salt
12:19 west575 joined #salt
12:23 Rumbles joined #salt
12:25 MikaT joined #salt
12:26 edrocks joined #salt
12:35 numkem joined #salt
12:38 Sylvain31 is there some formula for managing domain names?
12:44 numkem joined #salt
12:46 DanyC joined #salt
12:49 slav0nic joined #salt
12:49 DanyC All, is anyone you can tell salt to returned only the stdout of a state.sls from cli ? i'm aware of --state-verbose | --out | state-output but nothing helped.
12:51 Sylvain31 DanyC: --out=newline_values_only ??
12:52 DanyC Sylvain31: i'll give that a try, thx !
12:52 Sylvain31 DanyC: or re-phrase your question…
12:52 morissette joined #salt
12:54 tercenya joined #salt
12:55 DanyC Sylvain31: let me re-phrase it by giving you more info. So basically i'm running in a sls a cmd.run "curl". Now what i wanna do is to put the whole salt cli into a script (as a wrapper) to run the state and loo at the output (stdout) of the state.sls. If contains a value then move on and do s/thing else
12:55 DanyC and so for me is important to only get out from the cli the stdout so i can do further pocessing
12:57 Sylvain31 DanyC: so you call collect it into file, on the minion running the state. or you can parse json --out=json with jq command line tool. or you should think about it differently using orchestrate runner may be.
12:58 DanyC Sylvain31: right, let me give that a try, thanks again
13:00 dyasny joined #salt
13:05 mandarin1 left #salt
13:11 kawa2014 joined #salt
13:12 DEger joined #salt
13:16 bearonis joined #salt
13:21 mapu joined #salt
13:26 mapu_ joined #salt
13:27 protoz joined #salt
13:27 Rumbles joined #salt
13:30 rylnd joined #salt
13:34 subsignal joined #salt
13:36 perfectsine joined #salt
13:36 Hybrid1 joined #salt
13:39 lordly_eager_bar joined #salt
13:43 Tanta joined #salt
13:44 inad923 joined #salt
13:49 Sylvain31 are yaml in pillar order dict? a for loop will produce the same order?
13:55 tapoxi joined #salt
13:57 sroegner joined #salt
14:02 Ayo joined #salt
14:06 mpanetta joined #salt
14:07 av6 joined #salt
14:12 tharkun joined #salt
14:14 keimlink_ joined #salt
14:16 keimlink joined #salt
14:16 ajv joined #salt
14:16 fxhp joined #salt
14:30 hasues joined #salt
14:31 hasues left #salt
14:31 spuder joined #salt
14:31 bearonis_ joined #salt
14:32 ronp_usa1 joined #salt
14:33 viq I believe that no, they aren't
14:33 lordly_eager_bar left #salt
14:37 Sylvain31 viq: OK, would have been better…
14:37 viq But I believe you can sort with jinja
14:37 ajv joined #salt
14:38 viq http://jinja.pocoo.org/docs/dev/templates/#dictsort
14:38 west575_ joined #salt
14:39 kevinquinnyo joined #salt
14:40 Sylvain31 I drop the idea, would have been interesiting for a pillar base of customers I'm managing with salt, and to keep the same order in the generated template file.managed produced… When an item would have been at the end, it would have been outputed at the end too…
14:45 bowhunter joined #salt
14:46 bearonis joined #salt
14:49 west575 joined #salt
14:54 subsigna_ joined #salt
14:56 cro_ joined #salt
15:11 berserk joined #salt
15:11 beardedeagle joined #salt
15:12 brent_ joined #salt
15:12 beardedeagle Is there supposed to be an actual best practices page? Because right now it goes to a 404
15:15 sjmh joined #salt
15:15 viq beardedeagle: https://docs.saltstack.com/en/latest/topics/best_practices.html
15:15 beardedeagle from this page it 404's: https://docs.saltstack.com/en/latest/
15:18 brent_ joined #salt
15:18 DarkKnightCZ joined #salt
15:28 cyborg-one joined #salt
15:31 dendazen joined #salt
15:32 onlyanegg joined #salt
15:34 Brew joined #salt
15:35 krymzon joined #salt
15:43 mapu joined #salt
15:46 jenastar joined #salt
15:52 mgresser joined #salt
15:56 jimklo joined #salt
15:57 DammitJim joined #salt
16:04 iggy open an issue (if there isn't one already)
16:06 btorch morning, shouldn't this {% set mdb = salt['pillar.get']('mongodb') %} allow me to retreive pillars with "{{ mdb.config_settings.storage.dbPath }}" after importing the mdb context ?
16:06 iggy Sylvain31: list's are (so use a list of dicts or whatever)
16:07 keys joined #salt
16:07 iggy btorch: assuming your pillar structure matches, yes
16:07 btorch yeah it should
16:08 berserk joined #salt
16:09 iggy gist the states in question and `salt-call pillar.get mongodb` output
16:09 onlyanegg joined #salt
16:10 keys joined #salt
16:12 btorch yeah idk something is wrong with my pillar setup I think
16:13 btorch yeah that must be it :(
16:13 tberch8 joined #salt
16:13 btorch salt-call can't seem to get any pillar at all
16:13 btorch for anything
16:15 btorch yeah my bad :(
16:17 mohae joined #salt
16:19 bltmiller joined #salt
16:20 writtenoff joined #salt
16:21 btorch iggy: I had my salt config on this testing master/minion setup as /srv/salt/pillars instead of /srv/salt/pillar :)
16:21 keys eh it's monday
16:21 btorch yep :)
16:21 btorch need coffee I guess
16:22 woodtablet joined #salt
16:24 sagerdearia joined #salt
16:26 bfig joined #salt
16:26 bfig_ joined #salt
16:36 om2 joined #salt
16:36 om2 left #salt
16:46 _JZ_ joined #salt
16:52 LostSoul_ Hi
16:52 LostSoul_ I was wondering what IDE are you using to edit Salt files?
16:52 bltmiller Sublime Text for me :)
16:52 bltmiller there's a plugin available for SLS syntax highlighting
16:53 LostSoul_ Ou, nice :)
16:53 LostSoul_ Is Sublime free?
16:53 bltmiller short answer, yes
16:53 LostSoul_ Thanks bltmiller :)
16:54 bltmiller long answer, support the developer if you are able: https://www.sublimetext.com/buy?v=3
16:54 bltmiller the evaluation is perpertual, so if you don't explicitly buy a license, you'll be asked every once in a while to consider a purchase
16:54 bltmiller not a deal breaker
16:55 bltmiller and here's the SLS highlighter plugin: https://github.com/saltstack/sublime-text
16:57 Eugene I use good ol' vim, with ft=yaml
17:00 viq There are also syntax files for vim
17:02 onlyanegg joined #salt
17:08 bearonis joined #salt
17:09 quup joined #salt
17:10 corichar joined #salt
17:11 rhodgin joined #salt
17:14 quup left #salt
17:14 LostSoul_ Thanks guys :)
17:17 GreatSnoopy joined #salt
17:17 bltmiller joined #salt
17:18 knine joined #salt
17:21 jenastar left #salt
17:24 beardedeagle atom, which also has sls support
17:24 beardedeagle and is free
17:31 beardedeagle also if you are going to use sublime make sure you use the submlime package control. makes installing packages much easier
17:32 KajiMaster joined #salt
17:34 viq And if you're using vim, check out spf-13
17:35 bltmiller trust a question about text editors to get IRC chattering away ;)
17:44 beardedeagle I mean, it can also start a flame war pretty fast as well
17:49 tharkun joined #salt
17:50 bowhunter joined #salt
17:53 west575_ joined #salt
17:53 tberch8 joined #salt
18:01 whaity joined #salt
18:08 tberch8_ joined #salt
18:16 fracklen joined #salt
18:24 felskrone joined #salt
18:26 Rumbles joined #salt
18:29 numkem joined #salt
18:31 rem5 joined #salt
18:39 KingJ joined #salt
18:39 felskrone joined #salt
18:40 amcorreia joined #salt
18:42 toanju joined #salt
18:42 tberch8 joined #salt
18:42 Rumbles joined #salt
18:43 basepi joined #salt
18:45 tapoxi joined #salt
18:45 deniszh joined #salt
18:53 west575 joined #salt
18:53 whytewolf joined #salt
18:55 renaissancedev joined #salt
18:56 renaissancedev Is there any way to re-evaluate the state data after it has been partially executed?
18:56 renaissancedev In particular I would like to do a Jinja lookup of an AWS security group ID after it has been created...
18:57 renaissancedev https://dpaste.de/EWFW
18:57 Tanta {% set sec_group_id = cmd.run['aws ..'] %}
18:58 tberch8_ joined #salt
19:01 KingJ joined #salt
19:03 tberch8_ joined #salt
19:10 beardedeagle If either gtmanfred or jfindlay are around dmurphy right now, https://github.com/saltstack/salt-pack/pull/111
19:10 saltstackbot [#111][OPEN] Centos7 winexe | - Added winexe 1.1 support for centos 7. This resolves #30658
19:10 rem5 joined #salt
19:14 KingJ joined #salt
19:14 Joe630 beardedeagle: I build 1.1 from your rpm-packer, and it's in my production systems now
19:14 Joe630 thanks for doing that
19:15 Joe630 *I built
19:15 beardedeagle np, glad to hear it is working
19:15 Joe630 the only thing I changes was to do the dependency install manually so I could build the rpm without being root
19:15 Joe630 *changed
19:16 beardedeagle yeah I had an internal debate about just listing the needed packages or doing it for the end user. in the end I assume nothing about the knowledge level of the end user and just do it for them.
19:17 Joe630 and people who know can do what I did
19:25 onlyanegg joined #salt
19:26 rem5 joined #salt
19:26 tvinson renaissancedev: are you looking at pulling security group id into jinja because that create_edx_rds_store state is failing sometimes?
19:28 renaissancedev No, the idea is that the security group is going to be created in the same state run as the RDS store creation.
19:28 renaissancedev As it is written now it looks like I will either need to run the state twice, or break the RDS creation into a separate state and run it separately so that the security group actually exists at the time that the Jinja gets rendered.
19:28 renaissancedev tvinson: ^
19:30 mapu_ joined #salt
19:30 tvinson renaissancedev: ah, i had similar problems and used a python retry decorator on some of the calls in the boto_secgroup state module.
19:32 tberch8 joined #salt
19:33 tvinson renaissancedev: there's this bug https://github.com/saltstack/salt/issues/14383 to get something official in salt/utils/boto
19:33 saltstackbot [#14383][OPEN] Feature Request: provide retry functionality for API Calls | Feature Request:...
19:33 keimlink joined #salt
19:34 renaissancedev tvinson: Thanks for that. I'll take a look.
19:35 renaissancedev tvinson: I think that it would also be useful to standardize on being able to just provide a name for all bot modules where an ID is currently required.
19:36 renaissancedev But the retry logic is a step in the direction of making that possible.
19:38 manifold joined #salt
19:39 dendazen joined #salt
19:42 pcn Is there a correct way to conditionally include a state based on a directory existing, via salt-ssh?  I can use {% if salt['file.exists']('/somefile') %} to exclude parts of a state, but it seems like including it happens before the conditional?
19:42 bltmiller joined #salt
19:44 fracklen joined #salt
19:45 Tanta http://pastebin.com/raw/QUsrSxYi you might try something like this
19:46 Tanta that executes a state, instead of including it
19:48 renaissancedev_ joined #salt
19:48 fracklen joined #salt
19:48 pcn That's pretty tricky.  Let me see if that works
19:49 teryx510 joined #salt
19:49 Tanta I use that to send notifications to Slack and execute fresh commands
19:52 DammitJim joined #salt
19:52 Rumbles joined #salt
19:56 jhauser joined #salt
19:57 pcn Yeah, that seems to DTRT, thanks
20:09 rem5 joined #salt
20:12 tberch8 joined #salt
20:15 Rumbles joined #salt
20:17 KajiMaster joined #salt
20:24 onlyanegg joined #salt
20:25 eseyman joined #salt
20:26 dendazen joined #salt
20:37 whaity joined #salt
20:42 badon joined #salt
20:43 lero joined #salt
20:46 manji joined #salt
20:46 deniszh joined #salt
20:48 deus_ex joined #salt
20:49 noraatepernos joined #salt
20:49 noraatepernos On Ubuntu, do you guys know of a way to enable ufw and allow certain profiles via salt aside from simply running the cmds?
20:57 tracphil joined #salt
21:05 sinh joined #salt
21:07 noraatepernos http://pastie.org/10892182 Hi all, is this an accurate use of cmd under ‘require’?
21:08 noraatepernos appropriate use, I mean.
21:09 noraatepernos or should it be - file: ufw-activemq-profile under -require:?  I can’t seem to find the list of allowed things that can be required.
21:13 Linuturk joined #salt
21:13 Linuturk what's the primary difference between the multi master tutorial and the multi master tutorial that uses pki?
21:14 Linuturk https://docs.saltstack.com/en/latest/topics/tutorials/multimaster_pki.html vs https://docs.saltstack.com/en/latest/topics/tutorials/multimaster.html
21:14 Linuturk and I'm not seeing a few of the master configuration options in the example master config with a default install from the salt repos
21:14 Linuturk master_sign_pubkey: True
21:14 Linuturk for example
21:15 tberch8 joined #salt
21:15 iggy noraatepernos: requisites are `<module>: <state-id>`
21:16 joeto joined #salt
21:16 noraatepernos iggy: Awesome.  Thanks
21:18 joeto Hi guys, quick one is it possible to change extension of pillars or states? Asking because I am tring to use Eclips as GUI and will be great to have different extensions :)...
21:19 joeto also any good gui for yaml_jinja syntax highlight/check?
21:20 iggy no(t possible to change extension)
21:23 joeto iggy: 10x :(, any advice about GUI?
21:24 west575 joined #salt
21:25 iggy I don't know of one
21:26 joeto fair enough, thank you
21:26 iggy I mean a lot of things have highlighting (atom, vim, sublime, etc)... but syntax checking is basically impossible to solve completely (as you'd need info from the minion you expect it to run on, etc)
21:27 joeto will try to rephrase myself, at least to ifnore jinja and to do syntax cheking on yaml :)
21:28 joeto ifnore=ignore
21:28 joeto because now if line start with {% ... it is give error :(,
21:30 iggy I don't know of anything
21:30 iggy but generally... your yaml could easily be rendered gibberish if you just stripped out all the jinja
21:33 joeto agree
21:35 permalac_ joined #salt
21:47 beardedeagle joined #salt
21:47 Lee- joined #salt
21:53 protoz joined #salt
21:54 tik joined #salt
21:54 subsignal joined #salt
22:03 kevinquinnyo joined #salt
22:04 tik anyone successfully using pkg.install on a windows non-server os minion?
22:05 tik it seems to try and leverage the servermanager powershell module somehow
22:14 DEger joined #salt
22:23 noraatepernos joined #salt
22:30 coval3nce joined #salt
22:30 coval3nce anyone know if reactor configs can be managed somewhere other than config files?
22:31 Ayo joined #salt
22:34 whaity joined #salt
22:35 asoc joined #salt
22:41 amcorreia joined #salt
22:43 nidr0x joined #salt
22:46 fannet_ joined #salt
22:47 whaity joined #salt
22:52 beardedeagle joined #salt
22:57 jeddi joined #salt
23:00 toastedpenguin joined #salt
23:01 onlyanegg joined #salt
23:05 ageorgop joined #salt
23:14 bltmiller joined #salt
23:19 abednarik joined #salt
23:20 rem5 joined #salt
23:24 TyrfingMjolnir joined #salt
23:31 _JZ_ joined #salt
23:35 Lee- joined #salt
23:41 mapu joined #salt
23:58 dendazen joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary