Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2016-07-20

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:05 ninjada joined #salt
00:07 woodtablet left #salt
00:24 rem5 joined #salt
00:26 flowstate joined #salt
00:29 cableninja_ joined #salt
00:30 ninjada_ joined #salt
00:33 infrmnt1 joined #salt
00:36 flowstate joined #salt
00:36 rem5 joined #salt
00:38 rem5 joined #salt
00:46 ninjada joined #salt
00:49 subsignal joined #salt
00:50 subsigna_ joined #salt
00:52 justanot1eruser joined #salt
00:53 racooper joined #salt
00:57 raspy_ how can a schedule be overwritten
00:58 raspy_ on an agent
00:58 hemebond raspy_: Isn't it by just updating the state?
00:58 raspy_ hemebond: sorry how do i do that
00:59 raspy_ i set the highstate schedule to every 5 minutes when i built the host
00:59 hemebond Well, just edit your schedule state.
00:59 raspy_ okay thx hemebond
00:59 hemebond How did you do it?
00:59 hemebond using schedule.present?
01:00 raspy_ hemebond: through salt-call?
01:00 hemebond Oh you used salt-call schedule.present to add it?
01:01 hemebond Oh it's schedule.add
01:01 raspy_ ok thx!
01:01 hemebond Is that right? That what you did?
01:01 hemebond Sorry, I'm asking.
01:01 hemebond I don't understand how you added the schedule in the first place.
01:01 raspy_ in the map file i defined it
01:02 raspy_ so the schedule is state.highstate, minutes: 5
01:02 raspy_ but its only defined in the map file, if i modify the map file to say 1 minute, the state.highstate doesnt pull the new time in the mapfile
01:02 hemebond Oh you put it into the minion config?
01:02 raspy_ yeah exactly
01:03 hemebond Ah, then you'll have to edit the config I think; Unless the schedule module can edit that for you.
01:04 raspy_ okay thx hemebond
01:05 JPT joined #salt
01:06 lungaro joined #salt
01:06 hemebond Have a look on the minion.
01:06 hemebond I think there might be a file for schedules.
01:06 hemebond Or even a directory.
01:06 hemebond Either way, the schedules execution module might be able to help out.
01:06 hemebond Good luck :-)
01:13 amcorreia joined #salt
01:13 mailto1587 joined #salt
01:16 catpigger joined #salt
01:17 flowstate joined #salt
01:24 brent_ joined #salt
01:30 seblu joined #salt
01:36 flowstate joined #salt
01:38 ninjada joined #salt
01:39 k_sze[work] joined #salt
01:41 notSlimmons joined #salt
01:46 notSlimmons from the book Mastering Saltstack, "using config.get function salt will first look inside the minion's config, if it does not find the rewquested var there, it will check the grains, then it iwll search the pillar, then the master config,"  Does that mean you can't have variables that have the same name in minion config, master config, pillars or grains?
01:46 notSlimmons since it checks in all the places for the variables used in jinja
01:47 ilbot3 joined #salt
01:47 Topic for #salt is now Welcome to #salt! | Latest Versions: 2015.5.10, 2015.8.10, 2016.3.1 | Support: https://www.saltstack.com/support/ | Logs: http://irclog.perlgeek.de/salt/ | Paste: https://gist.github.com/ (please don't multiline paste into channel) | See also: #salt-devel, #salt-offtopic | Ask with patience as we are volunteers and may not have immediate answers
01:51 kus joined #salt
02:05 DEger joined #salt
02:10 edrocks joined #salt
02:14 iceyao joined #salt
02:29 debian112 left #salt
02:35 flowstate joined #salt
02:36 Ch3LL joined #salt
02:41 bastiand1 joined #salt
02:45 gableroux joined #salt
02:45 rem5 joined #salt
02:48 gableroux Hey there, is it normal that salt tries to change group of a file when key "group" is passed in "context" parameter? I pass a few variables to a jinja templated file with file.managed. My variable is correctly added to the file, but state fails trying to change group of my file to "vagrant", but the file is on a shared folder so it can't change the group (and that's why I did not set the group in the first place). Does it
02:48 gableroux sound like a known bug? Using 2016.3.1
02:49 kshlm joined #salt
02:50 ninjada joined #salt
02:51 gableroux http://pastebin.com/G51xTczR
02:53 hemebond Is that indentation correct?
02:53 aphor I don't think so.
02:53 hemebond gableroux: Is that how you have your actual state?
02:53 gableroux oh so that explains a lot of things eheh, sorry about that, thanks! :)
02:53 gableroux yeah missed 2 spaces I guess
02:54 gableroux I usually pass dicts instead, my bad
02:54 aphor gableroux try an online yaml parser and see what JSON it translates to.
02:55 hemebond If you want to set the user+group for a file, why pass it in the context?
02:56 aphor gableroux: http://yaml-online-parser.appspot.com/
02:56 gableroux nope, that's data required by the script, not user and group for the file itself
02:56 hemebond Okay.
02:57 gableroux Thanks a lot, just added a tab and it seems to work. It was weird because the context did fill the file correctly
02:57 gableroux but still tried to change the group
02:57 hemebond no tabs
02:57 hemebond only spaces :-)
02:58 gableroux yeah, editor adds spaces, I should use the right terms indeed ahah :) everything green now :D
03:02 aphor If YAML isn't easier, try JSON.
03:10 rothsa joined #salt
03:10 c4rc4s joined #salt
03:17 Ch3LL joined #salt
03:18 tjones_ joined #salt
03:19 John_Kang joined #salt
03:21 c4rc4s joined #salt
03:21 debian112 joined #salt
03:22 voxxit joined #salt
03:36 flowstate joined #salt
03:38 flowstate joined #salt
03:42 k_sze[work] There is a little something I don't quite understand.
03:42 hemebond Is it caterpillars?
03:49 keekz joined #salt
03:50 writtenoff joined #salt
03:57 k_sze[work] salt.states.pkg is distro-agnostic?
03:57 hemebond Yes
03:58 k_sze[work] I mean, there's apt for debian/ubuntu, emerge for gentoo, yum, rpm, etc, right
03:58 hemebond Yes
03:58 k_sze[work] How does that work? salt.states.pkg just doesn't use any of those package manager at all?
03:59 whytewolf k_size in a way. it uses salt.modules.pkg which is a large set of virtual modules
03:59 hemebond It does. pkg module is like an interface to whichever package manager is required.
03:59 k_sze[work] Or it detects which package manager is present and uses that?
03:59 hemebond It detects what is present and uses it.
03:59 hemebond Works on Windows too.
04:00 lungaro joined #salt
04:00 k_sze[work] Because I'm just surprised that it works at all in a Debian chroot on a non-Debian host.
04:01 hrumph does utahdave no longer contribute to salt?
04:01 whytewolf k_sze[work]: salt trys loading each of the pkg virtual modules and the one that has the right libraries and/or binaries present is the one that is loaded as pkg
04:01 hemebond hrumph: I thought I saw him post to an issue recently.
04:02 hrumph hemebond he never responded to https://github.com/saltstack/salt/issues/34732
04:02 saltstackbot [#34732][OPEN] Question about usage of namespaced_function in pkg.py | Would like to understand the usage of namespaced_function in pkg.py...
04:02 whytewolf he might not have seen it.
04:02 hemebond Well, it's only been a couple of days.
04:03 iceyao joined #salt
04:04 whytewolf k_sze[work]: see https://docs.saltstack.com/en/2015.8/ref/modules/index.html#virtual-modules
04:04 wych joined #salt
04:05 whytewolf k_sze[work]: & also https://docs.saltstack.com/en/2015.8/ref/modules/all/salt.modules.pkg.html#virtual-pkg
04:07 whytewolf by having salt.modules.pkg that respond in simalar ways salt.states.pkg can just call pkg.install with out caring if it is aptpkg, yumpkg, win_pkg, ect, ect, ect
04:10 hemebond "~24k minions". goodness me
04:10 k_sze[work] interesting
04:11 kuromagi^ joined #salt
04:11 DEger joined #salt
04:20 evle joined #salt
04:23 lompik joined #salt
04:31 nethershaw joined #salt
04:35 flowstate joined #salt
04:39 teryx510 joined #salt
04:44 onlyanegg joined #salt
04:48 hasues joined #salt
04:50 hasues left #salt
04:56 POJO joined #salt
04:58 macheck joined #salt
05:10 onlyanegg joined #salt
05:11 macheck left #salt
05:11 macheck joined #salt
05:17 hasues joined #salt
05:17 hasues left #salt
05:19 babilen joined #salt
05:22 ninjada joined #salt
05:28 rdas joined #salt
05:35 flowstate joined #salt
05:36 keimlink joined #salt
05:41 onlyanegg joined #salt
05:53 ivanjaros joined #salt
06:04 raspy_ joined #salt
06:10 brent_ joined #salt
06:10 impi joined #salt
06:11 felskrone joined #salt
06:12 goldielox joined #salt
06:14 kawa2014 joined #salt
06:19 kaushal_ joined #salt
06:28 hemebond joined #salt
06:35 dariusjs joined #salt
06:38 flowstate joined #salt
06:44 onlyanegg joined #salt
06:46 ajw0100 joined #salt
06:59 ivanjaros joined #salt
07:01 toanju joined #salt
07:02 AirOnSkin joined #salt
07:06 cableninja__ joined #salt
07:06 DEger joined #salt
07:06 fracklen joined #salt
07:07 fracklen joined #salt
07:11 POJO joined #salt
07:12 manji joined #salt
07:15 kaushal_ joined #salt
07:17 raspy_ joined #salt
07:30 ninjada_ joined #salt
07:36 Hybrid joined #salt
07:36 flowstate joined #salt
07:36 Hybrid joined #salt
07:38 lutz_willek joined #salt
07:39 ronnix joined #salt
07:40 lutz_willek Hey There, short question how to configure network (nameserver) settings the "best" way. I want to configure nameserver settings on Centos5/6/7 minions. I found https://github.com/bechtoldt/saltstack-network-formula. Any other ideas how to do this better?
07:46 ravenx joined #salt
07:47 armyriad joined #salt
07:51 manji lutz_willek, the page is a 404 :p
07:55 impi joined #salt
07:55 lutz_willek nope. http://bfy.tw/6pFz
07:59 ribx joined #salt
08:01 Rumbles joined #salt
08:01 TyrfingMjolnir joined #salt
08:01 mikecmpbll joined #salt
08:03 manji lutz_willek, your link had and extra dot in the end so it lead to a 404, but the "let me google that for you" attitude is not very polite
08:05 hemebond manji: Might have been your client doing that.
08:05 hemebond Mine didn't include the period, though I have seen that before.
08:05 manji hemebond, yeap, my client did it
08:05 hemebond Agree about the attitude though.
08:09 lutz_willek no offence, sorry for the lmgtfy.. My first posted link yust works for me. so sorry for the broken link.
08:11 pppingme joined #salt
08:12 edrocks joined #salt
08:15 kaushal_ joined #salt
08:33 lero joined #salt
08:35 flowstate joined #salt
08:36 lero joined #salt
08:36 GreatSnoopy joined #salt
08:38 JPT joined #salt
08:41 fredvd joined #salt
08:42 Rumbles joined #salt
08:46 onlyanegg joined #salt
08:52 Qlawy If I have state where there is service and its config file, and I would like to restart server after any changes in config I should do watch_in in servce or file?
08:55 s_kunk joined #salt
08:55 keimlink joined #salt
09:00 onlyanegg joined #salt
09:00 M-liberdiko joined #salt
09:00 kevinquinnyo1 joined #salt
09:09 yidhra_ joined #salt
09:19 hemebond watch_in in the file
09:19 hemebond or watch from the service
09:21 Electron^- joined #salt
09:22 brandhauser joined #salt
09:23 brandhauser Hi all, i was wondering how could i simply assign and transfer certificates/keys to minions. Because if i understand correctly using the fileserver was not secure? Could someone point me in the right direction perhaps?
09:24 N-Mi joined #salt
09:24 N-Mi joined #salt
09:26 ronnix_ joined #salt
09:28 manji brandhauser, roughly you need something like that
09:28 manji https://docs.saltstack.com/en/latest/ref/renderers/all/salt.renderers.gpg.html
09:28 manji for your keys
09:28 manji I have never used it though I am afraid
09:28 manji I will have to soon though :p
09:28 brandhauser manji: :) thanks for the link, i'll take a look!
09:29 manji the point is not to store keys on your saltmaster git repo
09:31 M-cpt joined #salt
09:31 necronian joined #salt
09:31 M-MadsRC joined #salt
09:37 flowstate joined #salt
09:48 impi joined #salt
09:57 kaushal_ joined #salt
10:04 ravenx where do you store the keys then?
10:11 Rumbles joined #salt
10:16 thraxil joined #salt
10:16 brandhauser ravenx: I prefer as files on the salt-master
10:17 hemebond Which is fine. Just need to control access to the server.
10:18 hemebond GPG is used by people who want the keys in source control or want to make extra sure they can't leak somehow.
10:18 brandhauser hemebond: are you talking about the
10:18 brandhauser "salt fileserver"(accidental enter :) )
10:19 hemebond That wouldn't do anything :-)
10:19 hemebond It's more about having keys in source control or a third-party system.
10:21 hemebond But also if you're using grains to apply roles. Grains are set by the minion and changing them could allow the minion to see stuff it shouldn't.
10:24 kshlm joined #salt
10:24 badon joined #salt
10:36 flowstate joined #salt
10:37 slav0nic joined #salt
10:46 atnar_ joined #salt
10:52 kevinquinnyo1 joined #salt
10:56 A||SySt3msG0 joined #salt
10:59 keimlink joined #salt
10:59 brandhauser hemebond: im using id for targeting. So that should be secure, right?
11:00 brandhauser And are we talking about the same thing? (I'm not following). I'm talking about certs/keys for apache for example
11:01 onlyanegg joined #salt
11:02 kawa2014 joined #salt
11:07 DEger joined #salt
11:16 amcorreia joined #salt
11:22 hemebond brandhauser: If it's just public certs then it's not an issue. But I think manji was referring to secure/encrypted storage for private keys.
11:23 manji yes I did
11:23 brandhauser ah ok, all clear!
11:23 hemebond If you control all the servers and are confident your master is safe, and are fine storing the private keys on the master, there's nothing stopping you from doing that and copying them out.
11:24 hemebond All depends on how secure you want to keep your private keys and stuff.
11:24 manji and if your devs post private keys on slack chat :p
11:24 hemebond Some people put all secrets in GPG-encrypted pillars because not everyone should be able to read them.
11:24 hemebond lol
11:27 kshlm joined #salt
11:31 kshlm joined #salt
11:36 POJO_ joined #salt
11:46 tjones_ joined #salt
11:51 LostSoul Hi
11:51 LostSoul Is there way to run salt-minion on Debian5?
11:53 babilen heh
11:53 babilen No
11:53 kawa2014 joined #salt
11:54 babilen LostSoul: You *really* shouldn't have any lenny boxes
11:55 LostSoul Tell me xD
11:55 LostSoul It's not my decision
11:55 LostSoul Really
11:55 babilen It's not a "decision"
11:56 impi joined #salt
12:01 jhauser joined #salt
12:07 fredvd joined #salt
12:09 babilen LostSoul: But there also aren't salt packages for lenny
12:09 iceyao joined #salt
12:09 manji babilen, would it work with pip though ?
12:10 manji hmm I just realised that lenny is before squeezy
12:10 manji bummer :
12:10 manji :/
12:16 felskrone joined #salt
12:18 west575 joined #salt
12:23 edrocks joined #salt
12:24 babilen manji: Lenny is *really* old
12:25 manji yes yes, distant memories
12:27 kaushal_ joined #salt
12:29 ronnix joined #salt
12:32 yuhlw_ joined #salt
12:37 gh34 joined #salt
12:40 gableroux joined #salt
12:40 keimlink joined #salt
12:42 tuxx joined #salt
12:42 tuxx hey guys.. i had to rename the hostname of one of my syndics and now i keep getting 'The Salt Master has cached the public key for this node, this salt minion will wait for 10 seconds before attempting to re-authenticat'
12:42 tuxx despite having removed the previous key and having added it under its new name....
12:42 tuxx any suggestions what i can do?
12:43 rem5 joined #salt
12:46 tuxx anyone?
12:46 kawa2014 joined #salt
12:47 aphor tuxx: stop the syndic, delete the old syndic's key, and restart it, then re-add the syndic key on the master.
12:48 aphor Then salt-key -d delete the old syndic key on the master
12:48 tuxx aphor: same :(
12:48 tuxx aphor: yea i just did that.. i stopped the salt-{master,syndic,minion} then i removed the key on the master with salt-key -d syndic-id; restarted the syndics and readded the key
12:49 tuxx and i still get that message
12:49 tuxx can i just remove the keys and generate new ones?
12:49 aphor tuxx: you need the renamed syndic to generate a new key.
12:49 tuxx aphor: okay, how?
12:49 aphor look in /etc/salt/pki/..
12:49 tuxx i saw that
12:49 tuxx i have master and minion folders in there
12:50 aphor the syndic is a kind of minion.
12:50 aphor re: keys anyway
12:50 tuxx how can i force salt to genreate new keys?
12:50 tuxx rm *?
12:50 aphor (clue: the error message is about minion to master authentication/authorization negotiation)
12:51 tuxx i know that :)
12:51 aphor tuxx: just the minion keys.
12:51 aphor When you start the salt daemon, if it doesn't have keys, it will generate new ones.
12:52 aphor Minions present a minion name to the master, and the key authenticates only to this name.
12:52 tuxx 2016-07-20 12:52:01,003 [salt.crypt       ][CRITICAL] The Salt Master has rejected this minion's public key!
12:53 tuxx now i dont even get a key offered on the master which i could add :D
12:53 aphor tuxx: salt-key -d the old key.
12:53 tuxx aphor: obviously
12:54 tuxx its not in the list and yet its not being offered
12:54 aphor tuxx: it's either saved on the master as a rejected (even if matching) key, or the key does not match what the master expects in the accepted keys.
12:55 tuxx i'm going to purge salt-minion and reinstall it
12:55 tuxx i can snapshot the vm
12:55 aphor do that.
12:55 emaninpa joined #salt
12:56 tuxx lol 2016-07-20 12:56:51,373 [salt.crypt       ][ERROR   ] The master key has changed, the salt master could have been subverted, verify salt master's public key
12:57 tuxx unbelievable
12:57 aphor But it's on the master's key store. Get rid of the stale key in the master's /etc/salt/pki/master/ folder, and the syndic's new key will show up as new to the master.
12:57 tuxx after purging reinstalling, it showed up, so i added it and then i get the same error again
12:57 aphor oh, cool.
12:59 tuxx no idea wtf is going on but it aint working
12:59 CeBe joined #salt
13:01 onlyanegg joined #salt
13:02 poopsplat4 joined #salt
13:02 tawm04 joined #salt
13:03 fracklen joined #salt
13:03 brd joined #salt
13:06 flowstate joined #salt
13:08 flowstate joined #salt
13:08 numkem joined #salt
13:23 edrocks joined #salt
13:25 Tanta joined #salt
13:28 kshlm joined #salt
13:30 mpanetta joined #salt
13:31 mpanetta joined #salt
13:32 racooper joined #salt
13:35 TooLmaN joined #salt
13:41 eseyman I'm using file.blockreplace and want to use a content block with leading white space
13:41 eseyman is this possible? I've tried a number of things but can't make it work
13:42 protoz joined #salt
13:43 aphor tuxx: basically, the stale key pari on the syndic needs to be deleted, and the stale public key for the syndic needs to be deleted on the master, and the syndic needs to be started up without a key.
13:44 DEger joined #salt
13:44 flowstate joined #salt
13:46 aphor eseyman: can you use string literals with leading spaces?  '        indented 8 spaces' ?
13:46 flowstate joined #salt
13:47 cyborg-one joined #salt
13:47 mikecmpb_ joined #salt
13:47 hasues joined #salt
13:47 perfectsine joined #salt
13:47 hasues left #salt
13:47 eseyman aphor: I've tried but the leading spaces are stripped
13:48 eseyman I can have a first line with no leading white space and every following line indented relative to it
13:48 eseyman but I'm trying to avoid that
13:50 babilen eseyman: You could look into "contents: |" + \n + "{{ some_foo| yaml(False) |indent(8) }}" (two lines)
13:50 kawa2014 joined #salt
13:50 aphor eseyman: http://yaml.org/spec/1.1/current.html#id858081
13:51 aphor Example 2.13.  In literals,
13:51 aphor newlines are preserved
13:51 babilen aphor: Sure, but the first line determines the "zero indentation level" that defines the block
13:51 _JZ_ joined #salt
13:51 kawa2014 joined #salt
13:51 aphor in block form, using a literal style (“|”) where all line breaks are significant
13:51 babilen So you can't have multiple space characters on the first line
13:52 aphor Example 2.15.  Folded newlines are preserved
13:52 aphor for "more indented" and blank lines
13:53 babilen Yes .. my understanding is that eseyman wants the *first line* indented
13:53 babilen (and the rest)
13:53 eseyman indeed
13:53 impi joined #salt
13:53 babilen eseyman: So, does that work?
13:58 eseyman the best I can do is this : https://paste.fedoraproject.org/392899/14690230/
13:58 eseyman but I'm still not satisfied
13:59 mikecmpbll joined #salt
14:01 babilen eseyman: Did you already try the "{{ some_foo| yaml(False) |indent(8) }}"-approach I suggested earlier?
14:01 subsignal joined #salt
14:02 aphor Hm..
14:03 aphor Maybe file.blockreplace needs an indent argument?
14:03 eseyman Jinja variable 'some_foo' is undefined
14:04 Tanta {{ salt['cmd.run']('...bash script') | indent(8) }}
14:04 Tanta that will work inside a multi-line yaml
14:05 rem5_ joined #salt
14:05 Tanta the multi-line string has to be indented properly, one indentation ahead of the 'c' in content
14:06 babilen eseyman: Yes, sure .. you have to define that (or reference a pillar or something)
14:06 aphor Yaml is pretty to look at, but can be devilishly difficult to write.
14:06 babilen eseyman: The "some_foo" is simply a reference to the content you want to put in there
14:07 deus_ex joined #salt
14:08 corichar joined #salt
14:08 mapu joined #salt
14:08 onlyanegg joined #salt
14:08 gableroux joined #salt
14:14 ronnix joined #salt
14:17 keimlink joined #salt
14:17 impi joined #salt
14:19 garphy joined #salt
14:19 kawa2014 joined #salt
14:20 eseyman babilen: nope, leading white space is stripped no matter what I do
14:24 armyriad joined #salt
14:29 flowstate joined #salt
14:29 bowhunter joined #salt
14:29 m4rk0 joined #salt
14:29 m4rk0 hello guys
14:30 m4rk0 please tell if it's possible to set firewalld rich rule via salt?
14:30 zer0def joined #salt
14:30 m4rk0 I can't find any docs about it
14:34 devster31 joined #salt
14:35 DEger joined #salt
14:37 eseyman m4rk0: can you create rich rules via a configuration file?
14:38 tapoxi joined #salt
14:38 XenophonF when rendering a Pillar SLS file, if I call grains.get(), it will return Grains data for the minion, yes?
14:42 m4rk0 eseyman: please explain
14:42 tapoxi XenophonF yes
14:42 XenophonF m4rk0: it looks like firewalld-formula supports rich rules
14:42 XenophonF m4rk0: https://github.com/saltstack-formulas/firewalld-formula/blob/master/firewalld/files/zone.xml#L48
14:43 XenophonF thanks tapoxi
14:44 m4rk0 thanx XenophonF
14:47 flowstate joined #salt
14:50 onlyanegg joined #salt
14:55 Brew joined #salt
14:56 m4rk0 XenophonF: please can You tell me what am I doing wrong? 'rich_rules' is an invalid keyword argument for 'firewalld.present'
14:58 fracklen joined #salt
14:58 domel joined #salt
14:59 flowstate joined #salt
15:00 XenophonF m4rk0: install firewalld-formula and configure it from pillar, instead
15:01 m4rk0 okay
15:01 m4rk0 thanx
15:01 XenophonF the problem is that the firewalld.present state doesn't process rich rules
15:01 XenophonF you can't just make up arguments to functions ;)
15:02 m4rk0 :D
15:02 XenophonF so it looks like firewalld-formula takes the rich rules and puts them into the zone config
15:02 XenophonF unfortunately it isn't well documented
15:02 XenophonF nothing in pillar.example
15:03 XenophonF but for a given zone, it looks like you can add an entry called "rich_rules"
15:03 XenophonF which is a list
15:03 m4rk0 heh :-S
15:03 XenophonF and each list item is a dict containing keywords like family, source, destination, service, port, etc.
15:04 XenophonF so let's say you're modifying the public zone
15:04 m4rk0 yes
15:04 XenophonF e.g., that'd be firewalld:zones:public in Pillar
15:05 m4rk0 ok
15:05 XenophonF you'd add a keyword named "rich_rules" to that dict, so it'd become firewalld:zones:public:rich_rules
15:05 XenophonF that'd contain the aforementioned list
15:05 XenophonF hang on let me throw something plausible together and post it as a gist or something
15:06 m4rk0 that would be awesome :)
15:07 m4rk0 btw i tried this example http://www.alexlinux.com/saltstack-firewalld-formula-rich-rules-example/ and it says "State 'firewalld' in SLS 'fw' is not formed as a list"
15:08 edrocks joined #salt
15:08 m4rk0 ah this is for firewalld-formula :/
15:12 XenophonF m4rk0: i'm guessing that the config for rich rules using firewalld-formula will look something like this - https://gist.github.com/xenophonf/9b69ddd46379eace02c5cd460c2b1537
15:13 m4rk0 thanx mate :)
15:13 XenophonF the usual disclaimers apply: i don't use them, i haven't tried this, etc.
15:13 XenophonF if it breaks, you get to keep all the pieces
15:14 m4rk0 i know :D
15:14 m4rk0 i need to manage out this firewalld-formula for start :)
15:16 cmarzullo joined #salt
15:17 hasues joined #salt
15:17 hasues left #salt
15:18 djgerm left #salt
15:18 dfinn joined #salt
15:19 brent_ joined #salt
15:22 kbaikov joined #salt
15:22 Brijesh1 joined #salt
15:23 raspy_ joined #salt
15:24 Tyrm joined #salt
15:27 manji joined #salt
15:31 ALLmightySPIFF joined #salt
15:33 ALLmightySPIFF joined #salt
15:35 garphy joined #salt
15:35 tapoxi joined #salt
15:36 tapoxi this looks very interesting even though it's not updated, anyone here ever try it? https://github.com/lincolnloop/salmon
15:38 DerCed joined #salt
15:39 DerCed hiya. i'm using a git back and would like to setup a review workflow with branches and pull requests. does anybody do this and how? different environments don't work if you modify existing states (need to have unique ids)
15:39 DerCed backend*
15:40 edrocks joined #salt
15:40 Slimmons joined #salt
15:41 manji joined #salt
15:41 infrmnt joined #salt
15:42 kbaikov joined #salt
15:45 brotatochip joined #salt
15:47 rem5 joined #salt
15:48 armyriad joined #salt
15:49 Slimmons Is there a way to pass post data from one sls file to another.  Using this example https://gist.github.com/Slimmons/b52d768f52033c86890666759d4836e0
15:50 Slimmons My guesses were either a way to pass it, or save it into the pillar from configure.sls (which I don't know how to do)
15:55 skinnejo joined #salt
15:55 teryx510 joined #salt
15:56 tristianc_ joined #salt
15:56 whytewolf Slimmons: https://docs.saltstack.com/en/latest/topics/reactor/#passing-event-data-to-minions-or-orchestrate-as-pillar
15:57 Slimmons staring me right in the face.  Thanks
16:01 RandyT joined #salt
16:03 catpig joined #salt
16:05 RandyT joined #salt
16:13 mpanetta joined #salt
16:14 mpanetta joined #salt
16:16 flowstate joined #salt
16:20 woodtablet joined #salt
16:28 aw110f joined #salt
16:29 knine joined #salt
16:31 protoz joined #salt
16:33 knine When using a nodegroup for targeting, does Salt ignore nodes listed in the group for which it does not in the accepted keys?
16:33 v12aml joined #salt
16:35 Tyrm joined #salt
16:35 knine the more I think about that, the more it's an obvious answer, but part of me was expecting maybe an error say "not accepted key" or something.
16:38 nethershaw joined #salt
16:40 writtenoff joined #salt
16:45 mpanetta joined #salt
16:47 writtenoff joined #salt
16:50 Tyrm joined #salt
16:52 Tyrm joined #salt
16:52 manji joined #salt
16:53 jgarr joined #salt
16:53 Garo_ joined #salt
16:54 jgarr trying to run salt '*' saltutil.sync_all and getting a lot of nodes with 'saltutil.sync_all' is not available error. Is there something else that is needed for that module?
16:56 MTecknology What's a jinja way of doing if hostname.startswith('oob'): hostname = 'oob' ?
16:57 MTecknology I can think of ... exactly that, but with three chunks of jinja, but it seems like it should be done more simply
16:57 MTecknology {% if hostname.startswith('oob') %}{% set hostname = 'oob' %} {% endif %}
16:58 mikecmpbll joined #salt
16:59 impi joined #salt
17:08 tpaul joined #salt
17:09 ageorgop joined #salt
17:16 pcdummy jgarr: not sure
17:16 jgarr :(
17:17 lompik joined #salt
17:17 pcdummy jgarr: you have recent minions?
17:17 pcdummy jgarr: you need to have modules/saltutil.py
17:18 jgarr I just updated everything to 2016.3.1 release
17:18 pcdummy ok, its not a version problem :)
17:18 jgarr doesn't saltutil.py come with the package? I see some have it but many do not
17:18 pcdummy i comes with
17:18 MTecknology sync_all has been around since nearly the dawn of time :P
17:19 pcdummy jgarr: can you try sync_modules ?
17:19 MTecknology jgarr: same release of the same distro on the same release of salt installed from the same source?
17:20 jgarr yes, all rhel installed from a locally synced mirror of upstream
17:20 pcdummy jgarr: did you look on a failed minion log?
17:20 amcorreia joined #salt
17:21 jgarr trying sync_modules right now. Then will dig into some logs
17:23 tvinson MTecknology: {% set hostname = 'oob' if hostname.startswith('oob') else hostname %}
17:25 MTecknology that!
17:25 MTecknology tvinson: Thanks!!!
17:25 pcdummy python :)
17:25 pcdummy Wouldn't come on it
17:31 wendall911 joined #salt
17:32 brotatochip joined #salt
17:33 Brijesh1 joined #salt
17:36 debian112 joined #salt
17:36 bltmiller joined #salt
17:40 protoz joined #salt
17:41 debian112 joined #salt
17:42 pppingme joined #salt
17:42 wendall911 joined #salt
17:53 flowstate joined #salt
17:54 hoonetorg joined #salt
17:54 Brijesh1 joined #salt
17:55 cyborg-one joined #salt
17:58 Tyrm_ joined #salt
18:01 s_kunk joined #salt
18:03 spuder joined #salt
18:08 edrocks joined #salt
18:11 ivanjaros joined #salt
18:11 west575_ joined #salt
18:17 brent_ joined #salt
18:18 tapoxi joined #salt
18:20 GreatSnoopy joined #salt
18:24 Tyrm joined #salt
18:24 brotatochip joined #salt
18:24 scsinutz joined #salt
18:24 chin joined #salt
18:25 domel joined #salt
18:29 spuder joined #salt
18:31 bowhunter joined #salt
18:39 KingJ joined #salt
18:42 gableroux joined #salt
18:48 Sarphram joined #salt
18:48 Tyrm joined #salt
18:50 pryorda https://gist.github.com/pryorda/26a60cd1f817c27315823f705f819649
18:50 pryorda Have you guys ever seen that?
18:52 Tyrm_ joined #salt
18:52 pcdummy pryorda: no looks like a FS error.
18:52 Linuturk can anyone give me a hand with the format of a custom grain dictionary?
18:53 pryorda pcdummy: FS error?
18:53 Linuturk I'm trying to gather various datapoints related to devices connected to the system over the adb
18:53 pcdummy Filesystem error pryorda
18:54 pryorda Where do you see that?
18:54 scsinutz joined #salt
18:55 pcdummy pryorda: can you debug that minion?
18:56 CeBe joined #salt
18:56 iggy yeah, never seen anything like that, my first assumption wouldn't be that it was a salt problem
18:56 pcdummy pryorda: maybe a python problem
18:57 pcdummy more a FS/kernel thing
18:58 pcdummy pryorda: reading the code, will give more info soon
18:59 brent_ joined #salt
18:59 TooLmaN joined #salt
18:59 Brijesh1 joined #salt
19:01 pryorda pcdummy: okie
19:01 pcdummy pryorda: "salt-call test.missing_func" should raise that error
19:03 pcdummy pryorda: is the disk or /var/tmp / /tmp full ?
19:04 pcdummy pryorda: or memory + swap ?
19:06 ageorgop joined #salt
19:07 pcdummy c4t3l: you still there, do you know https://docs.saltstack.com/en/latest/topics/beacons/ ?
19:08 pcdummy c4t3l: maybe this stuff helps you with your problem.
19:10 brotatochip joined #salt
19:14 GreatSnoopy joined #salt
19:16 POJO joined #salt
19:19 ageorgop joined #salt
19:20 cyborg-one joined #salt
19:22 Linuturk syncing a new grain script to my minions isn't letting it update the grain information on the minion.
19:22 Linuturk restarting one of my minions allowed the new data to be seen
19:22 Linuturk how can I force grain data to refresh?
19:23 Linuturk salt '*' saltutil.sync_grains << was used to sync the new script down
19:33 edrocks joined #salt
19:47 CeBe joined #salt
19:53 jgarr Linuturk: saltutil.sync_all is supposed to update grains although I was having problems earlier YMMV
19:55 tercenya joined #salt
19:58 pcn I'm trying to use mine to make some ec2 tags on my host visible to other boxes.  I'm so confused looking at https://docs.saltstack.com/en/2015.8/topics/mine/index.html because all of the examples show configuration, but nothing seems to explain what the results/output/effects will be.
19:58 fracklen joined #salt
19:58 ajw0100 joined #salt
20:04 brotatochip joined #salt
20:10 c4t3l hello all.  what is the proper way to define a default null value in a pillar?
20:11 c4t3l I see {{ salt['pillar.get']('pkgs:apache', 'httpd') }} mentioned in the docs, but would a null value simply be ''?
20:14 c4t3l or should I be using the python None value?
20:14 c4t3l oh that seems to work!  sorry for babbling :P
20:15 Tanta can also use False
20:15 babilen Or just don't define it
20:16 gableroux joined #salt
20:16 c4t3l my state checks against the null case first.  It will not execute if the pillar data is not defined
20:17 babilen You could also use {% if foo.bar is defined and foo.bar %}
20:25 Trauma joined #salt
20:28 iggy the default default is None
20:28 ajw0100_ joined #salt
20:28 pcn iggy do you know of any examples of how data goes into the mine, and what it looks like coming out?
20:29 iggy trial and error (is what I used)
20:29 iggy it's painful
20:29 Trauma joined #salt
20:29 iggy and not always correct
20:29 iggy which is why I generally try to disuade people from using it
20:31 pcn Is there a way to directly query grains of other nodes?
20:32 EvaSDK ke from the command line ?
20:32 EvaSDK like
20:32 babilen pcn: What's wrong with the mine?
20:33 pcn babilen: I want to stuff a grain into the mine.
20:33 babilen Okay, define a mine function alias for grains.items and .. bam
20:33 babilen Which grain are you after?
20:35 pcn I'm after a custom grain: an ec2 tag
20:35 pcn babilen: I think there's some confusion.  I'm looking at the documentation, and when you say "define a function alias" all I can see is "there needs to be an example of what the result is of that"
20:36 pcn Because I can't suss that out from the docs at https://docs.saltstack.com/en/2015.8/topics/mine/index.html#mine-functions
20:36 pcn So it's clearly not:
20:36 pcn mine_functions:
20:36 pcn foo: grains.get('ec2_tags:foo')
20:36 flowstate joined #salt
20:36 pcn Err, put some {{ }} around that
20:38 pcn because that doesn't work.
20:39 Llmiseyhaa hrm, I'd try: foo:\n  - mine_function: grains.get\n  - ec2_tags:foo
20:40 Llmiseyhaa the {{}}s are for jinja and that's not what you want
20:40 pcn OK, that's starting to make some sense
20:41 Linuturk jgarr: maybe the clear cache call
20:42 Linuturk nope
20:43 pcn However given how the rest of salt works, I'd assumed that I should be able to provide e.g. the value of a grain via jinja, and not being able to do that is surprising.
20:44 brotatochip joined #salt
20:47 babilen pcn: You are essentially providing an alias ('foo' in your case), the function to call (grains.get) and its arguments (ec2_tags:foo)
20:48 babilen That way you can define multiple aliases for the same function that differ in their arguments
20:49 AvengerMoJo joined #salt
20:49 telecode joined #salt
20:51 AvengerMoJo joined #salt
20:52 pcn babilen: Once I have that data as what I think is a list of dictionaries, equivalent of getting set([ v for v in mine.get('foo').values() ])
20:52 pcn sorry, just a dictionary I think
20:53 babilen You typically get a dict back with hostnames as keys
20:53 pcn Right, I want the distinct set of values
20:53 pcn fg
20:54 edrocks joined #salt
20:54 garphy joined #salt
20:54 babilen Just populate the mine and use "mine.get" to see what you get back
20:55 pcn I think I'm asking about jinja.
20:55 babilen Jinja doesn't support list comprehensions (yeah, that sucks)
20:55 pcn Sure, I can use a loop.  Is there a set type?
20:56 babilen You could use mako or the Python renderer or write a custom execution function that does the "heavy" data munging for you
20:57 babilen I know, its ridiculous, but meh
20:59 tristian_ joined #salt
21:00 scsinutz joined #salt
21:00 honestly don't use jinja for anything more than mild text massaging.
21:01 honestly once it goes beyond that write custom execution modules.
21:07 macheck left #salt
21:07 macheck joined #salt
21:08 macheck left #salt
21:09 Slimmons any ideas on why salt-api/cherrypy would return 401 Unauthorized No permission -- see authorization schemes
21:09 Slimmons it's on a minion that was working recently
21:09 Slimmons master*
21:12 TyrfingMjolnir joined #salt
21:17 brotatochip joined #salt
21:20 flowstate joined #salt
21:22 pcn If you upgraded recently, have you restarted the salt-api and salt-master processes?
21:27 mikecmpbll joined #salt
21:33 raspy_ joined #salt
21:33 raspy_ is there a way I can say if hostname: do stuff
21:33 raspy_ in a .sls file?
21:34 MTecknology heh...
21:34 hemebond raspy_: Yes. Use Jinja.
21:34 hemebond The minion ID and the hostname are available as grains.
21:34 MTecknology How hard would it be to disable readahead on SSD's using salt?
21:34 flowstate joined #salt
21:34 rem5 joined #salt
21:34 raspy_ ok thx ill test
21:36 MTecknology for disk in salt['something_here']; do if [[ $(</sys/block/$disk/queue/rotational) == 0 ]]; then blockdev --setra 0 /dev/$disk; file.append: ...; fi; done
21:37 MTecknology obviously that's bad and horribly broken
21:37 MTecknology and not valid anything
21:39 pcn Also, can I enable the salt mine without restarting a minion?
21:39 MTecknology pretty sure you can not
21:40 dfinn joined #salt
21:41 MTecknology raspy_: {% if grains['hostname'] == 'peanutbutterjellytime'
21:41 pcn *sigh* https://github.com/saltstack/salt/issues/11501
21:41 saltstackbot [#11501][OPEN] Pillar-based Salt mine doesn't refresh mine on pillar_refresh | See https://groups.google.com/forum/#!topic/salt-users/Gp_3lTu89Ho....
21:50 adelcast joined #salt
21:52 ninjada joined #salt
21:53 cyborg-one joined #salt
21:56 _JZ_ joined #salt
22:00 scsinutz joined #salt
22:03 raspy_ MTecknology: perfection, thx
22:10 DEger joined #salt
22:14 MTecknology I'm not coming up with any salty way of getting a list of physical disk. I'm starting to worry I'll need to write a grain
22:18 manji joined #salt
22:21 MTecknology k.. doing the grains thingy.. this is gonna be a horrible jinja mess otherwise. :(
22:23 FroMaster joined #salt
22:24 west575 joined #salt
22:26 ajw0100 joined #salt
22:27 brotatochip joined #salt
22:29 badon_ joined #salt
22:31 rem5 joined #salt
22:31 raspy_ 2016-07-20 22:29:14,132 [salt.state       ][CRITICAL][25587] Rendering SLS 'dev:users.keys' failed: found character '%' that cannot start any token; line 17
22:32 raspy_ - config: %h/.ssh/authorized_keys    <======================
22:32 raspy_ is %h not an option for older versions of salt?
22:33 telecode joined #salt
22:33 hemebond People raising issues really need to create smaller examples.
22:34 raspy_ sorry I could of made without the timestamp and other fluff
22:34 hemebond raspy_: that wasn't directed at you, I'm reading an issue
22:34 raspy_ oh heh
22:35 hemebond I haven't been following the discussion here :-)
22:35 flowstate joined #salt
22:35 MTecknology raspy_: it'd be helpful if you shared your states on gist or dpaste
22:35 hemebond %h?
22:35 hemebond That shouldn't ever work.
22:36 hemebond Also, Salt does not load any environment variables.
22:36 hemebond You have to supply your own environment vars.
22:36 raspy_ oh, i got that from salt's example in https://docs.saltstack.com/en/latest/ref/states/all/salt.states.ssh_auth.html
22:36 hemebond The heck. I've never seen %h before.
22:36 MTecknology raspy_: share your config
22:37 MTecknology err... states
22:37 raspy_ id hate to create the folder if a %u would simply create it for me :D
22:37 hemebond Also, put single quotes around the value.
22:37 hemebond That should fix the error you're getting.
22:37 raspy_ MTecknology: willdo
22:39 * MTecknology assumes hemebond is correct, but sharing it will help us produce certain answers instead of educated assumptions
22:39 hemebond ^
22:39 hemebond Always best to share the relevant config; preferably reduced to a minimum.
22:39 MTecknology .. unless it's nginx
22:40 MTecknology if it's nginx, most people don't know what's relevant :P
22:40 haole joined #salt
22:41 dj_goku joined #salt
22:41 haole I'm newbie to salt and I was wondering if Salt mine can be used as a IoT data acquisition mechanism... for example, to collect temperature data of small devices (minions) every 10 seconds
22:43 raspy_ i dont get this...  Rendering SLS 'dev:firstrun' failed: Jinja variable 'dict object' has no attribute 'firstrun'
22:43 raspy_ i mean i do get it but everything is good
22:44 hemebond raspy_: Can't really confirm that without the config :-)
22:44 MTecknology haole: you /can/ do that, but it's a bad idea. mine data is stuff that should rarely change
22:45 MTecknology haole: It's more likely you're interested in beacons and -reactors
22:45 haole MTecknology: is the overhead big, or is it just too weird? :D
22:46 hemebond haole: http://garthwaite.org/saltmine_check_mk_agent.html
22:46 hemebond I think that article is about collecting stats.
22:47 hemebond I might be wrong, it might be more about configuration of the monitoring.
22:47 haole hemebond: thanks
22:47 haole MTecknology: "salt reactors" was just a very interesting google search haha
22:47 haole I'm looking into it :)
22:48 raspy_ hemebond: im dealing with so many configs right now im lost :)
22:48 dj_goku I am having trouble order in a state file: I want to enable apt repos, install packages, disable apt repos. but since enable/disable repos are being included packages aren't getting installed.
22:49 MTecknology haole: it'll just get confusing in the long run because you'd be using the wrong tool for the job. Think of mine data more like grains that you expose to other systems.
22:49 haole MTecknology: ok :)
22:50 MTecknology haole: at home, all of my servers generate a root ssh cert and share the public key via mine (only to the backup server)
22:51 haole MTecknology: ha! beacons seem perfect for a part of my requirements
22:51 haole I might keep the other part outside salt
22:51 MTecknology the alerting bit, I imagine
22:51 haole yeap
22:51 MTecknology err.. not the alerting part
22:51 MTecknology the alerting part would be reactor
22:51 MTecknology beacon would be monitor
22:56 ninjada joined #salt
22:57 brotatochip joined #salt
22:57 ninjada joined #salt
22:58 haole MTecknology: I understood as the minion "alerting" the master :)
23:03 dtsar \quit
23:05 edrocks joined #salt
23:07 adelcast joined #salt
23:10 Deliants joined #salt
23:14 dj_goku ha. so it seems like you can't have an ID then an include since it doesn't seem to be a state.
23:15 aw110f joined #salt
23:18 LostSoul joined #salt
23:22 telecode101 joined #salt
23:22 Tyrm joined #salt
23:22 telecode101 joined #salt
23:34 flowstate joined #salt
23:35 hemebond dj_goku: Talking about the state/pillar include directive?
23:38 _JZ_ joined #salt
23:41 hasues joined #salt
23:43 hasues left #salt
23:46 brotatochip joined #salt
23:56 ninjada joined #salt
23:57 brotatochip joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary