Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2016-07-21

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:03 ninjada joined #salt
00:07 jtang joined #salt
00:07 raspy_ does salt unchange stuff on minion hosts so lets say one of our sls files created a directory but then we remove that logic on the salt master that creates the directory, will the minion delete that directory on the host
00:07 hemebond No
00:07 raspy_ ok thx
00:08 Sokel When defining variables {% variable = ... %}, is there a way to concatenate strings together? For example, work-{{ salt['grains.get']('wlproject') }}-node? I've tried to utilize ~ without luck.
00:08 ninjada joined #salt
00:09 hemebond Sokel: You don't use {{ }} when inside {% %}
00:09 hemebond It's also {% set var ... %}
00:10 Sokel Right, I forgot set in my example.
00:12 raspy_ MTecknology: where does grains[
00:12 raspy_ MTecknology: where does salt get the value for grains['hostname'] ?
00:12 raspy_ does it get it from the map file?
00:13 Disorganized_ joined #salt
00:14 woodtablet left #salt
00:15 raspy_ is it possible to target based on a role? So in my grains definition in my map file, I have a role of role: ssh-proxy
00:16 raspy_ can I use that in a jinja template to say {% if rains['role'] == ssh-proxy %} ?
00:16 raspy_ grains :)
00:17 hemebond raspy_: There is a default set of grains that are pulled from the machine itself.
00:17 hemebond The hostname grain is the hostname of the machine.
00:17 raspy_ hmm ok
00:17 raspy_ oh btw, im using salt-cloud to create ec2 instances
00:19 raspy_ hemebond: are the grains available in the /ets/salt/grains file on the minion?
00:19 hemebond No, those are custom grains.
00:19 hemebond You can add your own custom grains that will be merged with the default set of grains.
00:20 raspy_ k
00:20 hemebond (can't remember if they actually go into /etc/salt/grains)
00:21 MTecknology _grains *
00:21 raspy_ k
00:21 MTecknology salt/_grains/  :)
00:21 raspy_ nice thx
00:22 MTecknology grains.sync_all?
00:22 raspy_ are grains['thing'] only available once the host is built?
00:23 raspy_ or are they avail as a host is being built with salt-cloud?
00:23 hemebond Yes. Grains are "properties" sent back to the master from the minion.
00:23 raspy_ ah crap
00:23 raspy_ hmmm ok more testing
00:24 raspy_ hemebond: is there something similar within only the salt-master?
00:24 hemebond pillars?
00:24 raspy_ ah ok
00:25 MTecknology raspy_: You might wanna read some of the intro docs or you're gonna hate your life.
00:25 MTecknology raspy_: salt is a *BIG* thing and pretty much lets you do whatever you want.
00:25 raspy_ too late fml
00:25 raspy_ ;)
00:25 MTecknology ehm... no, it's not
00:27 MTecknology FRICK!
00:27 * MTecknology <3 vim
00:27 MTecknology It just saved me from making a very painful to track down bug because of syntax highlighting
00:28 MTecknology (keyword highlighting)
00:29 ninjada joined #salt
00:29 DEger joined #salt
00:35 flowstate joined #salt
00:38 DEger joined #salt
00:39 subsignal joined #salt
00:39 rem5 joined #salt
00:46 racooper joined #salt
00:48 ninjada joined #salt
00:52 scsinutz joined #salt
01:06 edrocks joined #salt
01:09 raspy_ i dont get it
01:11 gableroux joined #salt
01:12 raspy_ MTecknology: hemebond yt?
01:12 hemebond mm?
01:12 raspy_ peep this out http://pastebin.com/XGptybWZ
01:12 hemebond I'm peepin it
01:12 raspy_ i clear out the minion cache and make another state.apply but all the users still get created
01:13 hemebond I'm going to need a little more context.
01:13 raspy_ but im only expecting the ssh users from the ssh-proxy role to be installed
01:13 hemebond What is the "role" grain set to?
01:13 hemebond 'ssh-proxy'?
01:14 raspy_ in my /etc/salt/grains, it shows role: ssh-proxy
01:14 hemebond What does "salt minionname grains.get role" return?
01:15 catpigger joined #salt
01:15 raspy_ sshproxy1:                                                                                                                                                                                                                                                                       │~
01:15 raspy_
01:15 raspy_ ssh-proxy
01:15 raspy_ ooo noob mistake
01:15 raspy_ sshproxy1:
01:15 raspy_ ssh-proxy
01:15 raspy_ :)
01:16 raspy_ so the role is there -_-
01:16 hemebond Is this conditional in a state or a pillar?
01:16 raspy_ in a state
01:18 hemebond I can't see anything wrong with it.
01:18 raspy_ indeed
01:18 hemebond Only change I would try is grains['role'] to salt['grains.get']('role')
01:18 Nahual joined #salt
01:18 hemebond Simply because that's the recommended method.
01:18 hemebond But it shouldn't make a difference here.
01:19 hemebond You did a sync_all, yeah?
01:19 raspy_ yeah
01:20 raspy_ ill continue mucking with it
01:20 mosen joined #salt
01:21 raspy_ hemebond: can i do a sync_all on the specific minion?
01:22 cyborg-one joined #salt
01:22 raspy_ actually... is there a way on the minion how I can see where salt got the value from ?
01:23 raspy_ because when I removed a user from the salt master sls file and saved it then did another salt state.apply, the user i deleted got installed
01:25 debian112 joined #salt
01:25 hemebond raspy_: Yes, you can sync_all a specific minion.
01:26 hemebond There is a way to see which states will be applied, yes.
01:28 hemebond https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.state.html#salt.modules.state.show_sls
01:29 scottcrooks joined #salt
01:30 sc250024 Is there a way for a formula to get it's own name? Like using $0 in bash?
01:31 hemebond sc250024: I don't know of one but I have a feeling there was an issue raised about this a while ago.
01:31 sc250024 So instead of doing "- source: salt://formula_name/somefile" it could be "- source: salt://{{ formula name }}/somefile"
01:31 sc250024 ok
01:35 flowstate joined #salt
01:36 MTecknology raspy_: no
01:37 iceyao joined #salt
01:37 Disorganized_ joined #salt
01:38 MTecknology sc250024: What are trying to do?
01:39 tuxx joined #salt
01:45 raspy_ hemebond: i see what happened, i had another sls file that was overriding my changes -_-
01:45 raspy_ f m l
01:45 hemebond :-)
01:45 raspy_ thx for peepin though
01:45 hemebond No problem :-)
01:58 tristianc_ joined #salt
01:58 fracklen joined #salt
02:04 Brijesh1 joined #salt
02:10 jenastar joined #salt
02:12 ninjada joined #salt
02:15 evle joined #salt
02:22 scoates joined #salt
02:32 scsinutz joined #salt
02:34 flowstate joined #salt
02:39 _JZ_ joined #salt
02:40 bastiandg joined #salt
02:40 raspy_ whats a good way to add ssh keys after the folder has been created?
02:41 hemebond There is a state for managing SSH keys.
02:41 raspy_ what if the user and its home directory doesnt exist on the host?
02:42 karlthane joined #salt
02:42 hemebond Uh, pass. I've never used it.
02:42 raspy_ how im doing it now is doing a user.present then after that an ssh_auth.present, is there a better way?
02:42 raspy_ hehe no worries
02:43 raspy_ meh... this will do
02:43 writtenoff joined #salt
02:44 iceyao_ joined #salt
02:48 dj_goku hemebond: yes. trying to figure out the best way to control order when one of the include needs to be run after a package install.
02:49 hemebond dj_goku: It's not the include that controls that, it's the state. So you should setup dependencies against the states inside the includes.
02:53 hoonetorg joined #salt
02:54 dj_goku hemebond: the package install portion requires the first included state. I tried setting a cmd.run with a onchanges for the package install, but it seemed the it would run before the package could install.
02:55 hemebond dj_goku: Sure. Put your include at the top of the file containing the pkg state. Make the pkg state depend on that first part of the included state.
02:55 hemebond Maybe you can't with your current setup, not sure. Did you paste the config somewhere?
02:58 dj_goku hemebond: which config? salt master ?
02:59 hemebond The states.
02:59 dj_goku on I am in the process.
02:59 dj_goku oh I am*
03:09 edrocks joined #salt
03:14 subsignal joined #salt
03:15 iceyao joined #salt
03:19 dj_goku hemebond: sorry https://gist.github.com/djgoku/0ba438134870990b08f1990ca790043d
03:20 hemebond Okay.
03:21 hemebond In your "install openbox" you would add a require_in that points to the "disable-apt-repos" state (not file, the state).
03:21 raspy_ can I nest folders insite the top.sls file?
03:21 hemebond That way disable-apt-repos would run after "install openbox"
03:21 hemebond raspy_: Next folders in a file?
03:22 hemebond *Nest
03:22 raspy_ for example i want to create a folder names ssh-proxy, inside this folder there will be other folders like ssh-proxy-users, ssh-proxy-dependencies, each folder having their own init.sls
03:22 raspy_ and in the top sls, id like to call is like - ssh-proxy.ssh-proxy-users
03:22 hemebond Yes, you can have a directory tree for states.
03:23 raspy_ so that way i dont have all these dependencies in the root as the rest of all these other folders that used for other apps
03:23 hemebond /ssh-proxy/init.sls === - ssh-proxy
03:23 ninjada joined #salt
03:23 hemebond /ssh-proxy/users.sls === - ssh-proxy.users
03:23 hemebond This is covered in the tutorial I believe.
03:23 hemebond Or in the walkthrough.
03:24 raspy_ yeah i followed it but salt doesnt seem to pick it up -_-
03:24 raspy_ ok thx hemebond
03:25 raspy_ hemebond: it cant be like this? /salt/dev/ssh-proxy/ssh-proxy-users/users.sls
03:25 hemebond It can, but the path to that file will be - ssh-proxy.ssh-proxy-users.users
03:25 raspy_ so do I basically need to move users to ssh-proxy/users.sls to be able to call it in a subtree?
03:25 hemebond It works similar to Python modules.
03:25 raspy_ oh ok thx
03:26 hemebond I suspect you need an init.sls, but I'm not sure.
03:26 ninjada joined #salt
03:26 hemebond In Python a directory isn't checked unless it contains an __init__.sls file.
03:29 rem5 joined #salt
03:31 dj_goku hemebond: I am getting can not extend ID after adding require_in in install openbox
03:32 hemebond Are you able to post all the relevant config?
03:32 hemebond The states you're actually trying to order.
03:32 dj_goku yes one second
03:32 nethershaw joined #salt
03:32 raspy_ hemebond:  - source: salt://ssh-proxy/ssh-proxy-users/files/cooluser.id_rsa.pub
03:33 raspy_ is this how peeps typically define stuff when its in subtrees?
03:33 raspy_ or is there a cleaner way
03:33 flowstate joined #salt
03:34 hemebond raspy_: Usually the idea is to put data into pillars, rather than states, but that can be difficult sometimes. That line looks fine. You could take a look at existing salt formulas for inspiration and structures.
03:34 raspy_ hemebond: thx :)
03:35 dj_goku hemebond: https://gist.github.com/djgoku/2c0dd7c439951131c968eafd6079d7cb
03:36 hemebond dj_goku: Where is your require_in?
03:37 mgw joined #salt
03:37 mgw left #salt
03:39 dj_goku forgot to recopy it. I updated the gist
03:39 hemebond Okay, your state ID is "disable apt repos" not "disable-apt-repos"
03:43 dj_goku hemebond: success! so let me try to re-cap.
03:47 dj_goku hemebond: so I was using the wrong ID for the require_in/file value. second require_in does the reverse of require and makes install openbox require_in before disable apt repos is called.
03:48 hemebond You weren't using the wrong ID, you were using a filename. Salt always wants the state ID. Yes, require_in is the reverse of require, it says "You depend on me".
03:48 hemebond So "disable apt repos" will always run after "install openbox"
03:49 dj_goku awesome.
03:50 dj_goku hemebond: thanks again. ID. remembered.
03:50 hemebond :thumbsup:
03:51 dj_goku hemebond: it is just a bit confusing since ID could be a package name or a file path/name. but I'll remember that now.
03:52 hemebond Yes, the state ID is usually also used as the first parameter, e.g., name.
03:52 hemebond And that leads to a lot of confusion.
03:52 hemebond The most common mistake is people thinking they can "watch" any file on the minion OS even if they're not managing that file with Salt.
03:53 raspy__ joined #salt
03:53 dj_goku I have seen that feature, but haven't used it personally.
03:57 hemebond Yeah, you can't watch any file on the OS.
03:57 hemebond And the only changes it will pickup are changes that Salt makes.
03:58 dj_goku yeah that sounds like a lot of overhead to listen for changes events at an OS level back to salt-master.
03:59 hemebond It's possible with another system, but not a regular state and the "watch" dependency keyword.
03:59 dj_goku ahh.
04:00 dj_goku brb restarting
04:11 POJO joined #salt
04:14 dj_goku joined #salt
04:15 rdas joined #salt
04:16 lompik joined #salt
04:24 kshlm joined #salt
04:25 idokaplan joined #salt
04:27 Vaelatern joined #salt
04:27 idokaplan Hi, Is it possible to use pillar in match? something like - tgt: 'G@roles:zookeeper and G@env:' ~ pillar.environment
04:27 hemebond idokaplan: https://docs.saltstack.com/en/latest/topics/targeting/pillar.html
04:28 POJO joined #salt
04:29 idokaplan thanks hembond. something like this? tgt: 'G@roles:zookeeper and I@env:pillar.environment
04:29 TheBigNoob joined #salt
04:29 hemebond Yip
04:29 hemebond Uh, not sure about that "env:" part though.
04:30 idokaplan env is the name of the grain
04:30 hemebond Uh, also pillars use : as the separator.
04:30 hemebond But that's your pillar.
04:31 hemebond env:pillar:environment would be like ['env']['pillar'] == environment
04:33 idokaplan my pillar for example is: environment: qa
04:34 flowstate joined #salt
04:38 hemebond Then you'd use I@environment:qa
04:38 hemebond I believe.
04:38 TheBigNoob Have a question about printing out an "adjusted value" in a file based on node name and type for a list of n+1.    I have a set of postgres servers/salt-minion ranging from pg-pool-0 through 3, and my current setup allows me at new slaves and join it to a master based on salt mine grains. pg-pool-0 currently holds a grain type "roles:postgres-master" while the rest hold "roles:postgres-slaves".  I'm currently setting weights for failov
04:38 TheBigNoob er automation and I need a total amount of numbers (1+n)+1, master must have the last number, and the rest of the slaves must have unique numbers from that list as well. Anyone have any thoughts on this? I'm at a lost and this is a tl;dr i can't do math really good
04:39 idokaplan but I have to use environment as a parameter, so I will not need to use "qa"
04:40 TheBigNoob so in this case i would have numbers 1 through 4, 4 going to master, and 1,2,3 getting assinged to a slave
04:45 idokaplan I will explain. I'm using sls file for orchestration. I would like to target for a grain zookeeper and pillar called environment
04:46 idokaplan The idea is that I will not need to hard coded the name of the environment
04:47 hemebond idokaplan: As far as I understand it, the targeting is done against the value of a pillar, not the existence of a pillar.
04:48 hemebond You could use a glob though (*)
04:53 TheBigNoob it would probably be easier just to set grains for it :P
04:54 hemebond It'll be the same, no?
04:54 hemebond Oh, sorry, wrong person.
04:54 TheBigNoob lol
04:54 hemebond I would use pillars though.
04:57 TheBigNoob i'm using a lot of them already, would you care to elaborate?
04:57 vishvendra joined #salt
04:59 hemebond Uh, I don't quite understand your requirement or what it is supposed to achieve.
04:59 hemebond But I just pillars over grains for configuration :-)
05:01 msn joined #salt
05:01 msn hey babilen
05:01 msn seems the php saltstack is more broken then i though
05:01 msn thought
05:01 hemebond than
05:01 hemebond ;-)
05:02 msn more broken = completely if trying to install php 7
05:10 raspy__ in salt is there a way to modify a file if a pattern is matched?
05:10 hemebond raspy__: Yes. Pattern where?
05:10 raspy__ # %wheelALL=(ALL)NOPASSWD: ALL
05:10 raspy__ for /etc/sudoers
05:11 raspy__ I want to uncomment %wheel if its commented out
05:11 hemebond raspy__: Is there not a wheel module?
05:11 raspy__ oh?
05:11 hemebond But yes, you can uncomment the line.
05:12 hemebond https://docs.saltstack.com/en/latest/ref/states/all/salt.states.file.html#salt.states.file.uncomment
05:12 raspy__ oh dope
05:12 raspy__ thx hemebond
05:12 hemebond I believe there is also a sudoers module.
05:12 raspy__ i want to somehow add sudo nopasswd
05:12 edrocks joined #salt
05:12 raspy__ sudoers module can do that too?
05:13 hemebond No idea, never used it.
05:23 nidr0x joined #salt
05:27 JPT joined #salt
05:27 Shirkdog joined #salt
05:29 raspy__ hemebond: would you know if there is a way to append below a match?
05:29 raspy__ maybe i already asked this -_-
05:30 hemebond You could replace with a newline character.
05:30 hemebond But fiddling with files like that is a fragile way to manage files.
05:30 raspy__ yeahhhhh
05:32 iceyao joined #salt
05:32 hemebond You have read through https://docs.saltstack.com/en/latest/ref/states/all/salt.states.file.html yeah?
05:32 raspy__ hemebond: interesting read https://docs.saltstack.com/en/2015.8/ref/modules/all/salt.modules.augeas_cfg.html
05:33 DEger joined #salt
05:33 raspy__ augeas?
05:34 hemebond augeas is a good idea if you want to write config files.
05:34 flowstate joined #salt
05:41 slav0nic joined #salt
05:44 felskrone joined #salt
05:44 impi joined #salt
05:46 DEger joined #salt
05:50 DEger joined #salt
05:53 cliluw joined #salt
05:59 debian112 joined #salt
06:20 manji joined #salt
06:24 kawa2014 joined #salt
06:34 flowstate joined #salt
06:40 jakshi joined #salt
06:42 jtang joined #salt
06:48 jakshi Hello All.
06:48 jakshi I try to reload service on config change if service is running
06:48 jakshi https://gist.github.com/jakshi/4e87302980d3795cd89261bbbea027e3
06:49 jakshi and get error
06:49 jakshi Module function service.reload is not available
06:50 jakshi I don't quite understand why I'm getting this error, how to debug such issues?
06:50 raspy_ joined #salt
06:52 Sylvain31 joined #salt
06:53 JPT joined #salt
06:58 hemebond jakshi: configure minion with debug logging and check log
06:59 jakshi @hemebond: I did, the same error in the logs
06:59 hemebond no helpful information?
06:59 jakshi [ERROR   ] Module function service.reload is not available
07:00 jakshi nothing helpful
07:02 jakshi I thought may be some salt guru knows that this 'Module function bla-bla is not available' error means in context of salt
07:05 kshlm joined #salt
07:07 hemebond Can you paste the full error message together?
07:12 jakshi https://gist.github.com/jakshi/6f00ca0a9bdda97720c9e6c79bbf721f
07:13 hemebond Does it work if you call service.reload manually?
07:13 yuhlw_ joined #salt
07:15 jakshi no, the same message service.reload is not available
07:15 hemebond Okay.
07:15 edrocks joined #salt
07:16 hemebond Which init system?
07:16 hemebond upstart?
07:16 hemebond Also which version of Salt?
07:16 jakshi salt: 2016.3.1
07:17 jakshi init system openrc
07:18 jakshi I looked at place in salt source code that (as I understand) should contain reload function
07:18 hemebond So you're on... FreeBSD?
07:18 jakshi and it's there
07:18 jakshi https://github.com/saltstack/salt/blob/develop/salt/modules/gentoo_service.py
07:19 jakshi Gentoo linus
07:19 jakshi linux
07:19 JohnnyRun joined #salt
07:20 jakshi ah damn, it's develop branch :(
07:20 hemebond From May. It might be in.
07:20 hemebond Checking now.
07:21 hemebond Oh, it's not :-)
07:21 tho joined #salt
07:22 jakshi :-(
07:22 jakshi okay
07:22 jakshi Thank you for help
07:22 hemebond :thumbsup:
07:22 hemebond :-(
07:22 ninjada_ joined #salt
07:24 dariusjs joined #salt
07:30 Sylvain31 hi, do you have some salt state to check saltmaster git clone for uncommited files? loop over a lis of places to check pillar,base,formulas,etc/salt/
07:32 Electron^- joined #salt
07:32 ronnix joined #salt
07:34 ribx joined #salt
07:34 flowstate joined #salt
07:34 fracklen joined #salt
07:36 ninjada joined #salt
07:42 manji joined #salt
07:46 Rumbles joined #salt
07:54 garphy joined #salt
07:54 lero joined #salt
07:55 TyrfingMjolnir joined #salt
07:56 krymzon joined #salt
07:56 DEger joined #salt
08:01 tho joined #salt
08:16 s_kunk joined #salt
08:18 s_kunk_ joined #salt
08:22 impi joined #salt
08:27 pcdummy joined #salt
08:32 ninjada joined #salt
08:33 ninjada_ joined #salt
08:37 s_kunk joined #salt
08:47 Hydrosine joined #salt
08:53 tercenya joined #salt
08:54 Hydrosine joined #salt
08:59 N-Mi joined #salt
09:18 Lionel_Debroux joined #salt
09:19 edrocks joined #salt
09:24 brandhauser joined #salt
09:25 brandhauser Hi all, quick question. How can i spawn a long-living command in the background using "salt <target> cmd.run <command>".   So i can use "salt-run jobs.lookup_jid <jid>" for monitoring that command?
09:26 brandhauser I tried google, but by google-fu is no good :(
09:30 thraxil joined #salt
09:30 tercenya joined #salt
09:37 fredvd joined #salt
09:40 hemebond brandhauser: What happens if you just start it? Does Salt kill it after a while?
09:41 brandhauser no, it runs fine and after the command is finisched i get the shell back. So no problem
09:42 hemebond Then I don't understand the question.
09:42 brandhauser but i would like to, fire and forget. And i'm pretty sure i knew how to do it. But i can't recall the command
09:42 hemebond Oh.
09:43 brandhauser ok let me please try to rephrase the question. (english is not my strongest ;) )
09:43 hemebond What if you set the timeout on the salt command to a low time?
09:44 brandhauser That sounds like a plan :) let me try that.
09:44 Sylvain31 brandhauser: is not related to event scheduling? reactor and such things?
09:44 GreatSnoopy joined #salt
09:45 hemebond I think brandhauser wants the return from the command.
09:45 brandhauser Sylvain31: no, it was just simple "salt <target> cmd.run <command that takes long>" and it would return my shell immediatly and that command would run happily on the target
09:45 hemebond But doesn't want to wait for it.
09:45 Sylvain31 brandhauser: or if not result bab of false trigger nothing you may can run.script which fork with nohup for example?
09:45 brandhauser hemebond: indeed
09:46 Sylvain31 s/bab/bad/
09:46 yidhra_ joined #salt
09:47 brandhauser I'm pretty sure, the syntax i uses just returned a JID to me.....
09:48 brandhauser i'll read the docs some more, no problemo. It is not something that is very urgent, I just was wondering. Thanks guys!
09:48 Sylvain31 --async
09:48 Sylvain31 Instead  of  waiting  for  the job to run on minions only print the job id of the started execution and
09:48 Sylvain31 complete.
09:48 hemebond :thumbsup:
09:48 brandhauser Yes!!
09:49 Sylvain31 man salt (is there a bot in this channel for that ?)
09:50 brandhauser Ouch.... rtfm brandhauser....
09:56 Sylvain31 brandhauser: you gave me the idea with you command line example. ;)
09:57 brandhauser :) thanks Sylvain31, much appreciated!
10:00 jtang joined #salt
10:00 Sylvain31 !async
10:01 Sylvain31 no bot ;)
10:11 netcho joined #salt
10:16 jakshi Hello All, I have a question about workflow. Let say you decide to re-factor some state. Create a git branch, change some code, and then decide to apply to some canary server. How do you usually do it? What is the best practices?
10:17 hemebond jakshi: You can apply a specific state with state.apply
10:19 ninjada joined #salt
10:20 jakshi @hemebond right. How to tell salt to choose my git branch with re-factored code?
10:20 jakshi only for that specific server
10:20 hemebond Uh, I suppose that depends on how your master is setup.
10:21 hemebond Or you could clone to a minion and use salt-call.
10:21 jakshi @homebond right. So - I wonder how people usually do that?
10:21 hemebond Well, how is your master setup?
10:22 jakshi for now I only have base environment, but I can add more. Have a /srv/salt/base/states and /srv/salt/base/pillars base roots /srv/salt/base is a git repository -> master branch. no gitfs, just direct git pull commands from github.
10:23 jakshi but it's fine only for one person
10:23 hemebond Do you have a test master?
10:23 jakshi no, do people usually have a test master?
10:23 hemebond Dunno. Everyone does things differently :-)
10:24 hemebond I'm not yet using Salt in production but what I'd probably do is use VMs to test formulas and states.
10:24 hemebond Then when it's all good push the changes up.
10:24 hemebond Then do more testing from the master.
10:24 hemebond Not sure if I'd have an actual test master.
10:26 jakshi so I would like to map ephemeral git feature branches to 'some' hosts. And keep all not 'some' hosts unaffected by this changes in git feature branch.
10:27 jakshi test salt-master could be a good idea for this.
10:27 jakshi if there's no easy way to do it on single salt-master
10:28 hemebond Well, by default nothing is sent to the minions unless you tell it to; unlike, e.g., Puppet that usually updates each hour.
10:28 hemebond You could do what I'm doing and use different environments.
10:29 hemebond That lets you override states.
10:29 hemebond Your states are formulas, yeah? Each with their own repo?
10:29 jakshi don't override states conflict because of duplicated resource names?
10:30 hemebond Basically it means that file_roots for an environment has multiple directories.
10:30 hemebond I think they're checked in reverse order until the file is found.
10:31 hemebond So if a state is not in mytestenv, it will then check base (or any other file_root entry I specify)
10:31 jakshi in chef I usually rise cookbook version and then apply that new version of cookbook to some host. but in salt as I got there's no conception of state/formula version.
10:32 kaushal_ joined #salt
10:32 jakshi what if different version of state are presented in both file_roots? base and dev environment
10:32 jakshi ?
10:32 jakshi Will this cause are trouble?
10:32 jakshi *a trouble
10:33 hemebond It uses the first as far as I know.
10:33 hemebond I haven't tested it too thoroughly yet.
10:34 jakshi how does't salt-master know which one the first?
10:34 jakshi *does salt-master
10:34 hemebond Yes, you have to list the paths in file_roots.
10:35 hemebond http://paste.debian.net/783892/
10:37 badon_ joined #salt
10:50 POJO joined #salt
10:50 brandhauser jakshi, as hemebond says, file_roots in /etc/salt/master is being read from top to bottom. The first file that gets hit is selected
10:56 jakshi thank you
10:56 hemebond Make sense?
11:04 ivanjaros joined #salt
11:08 flowstate joined #salt
11:09 kbaikov joined #salt
11:09 phx in case of the py renderrer in pillars, can I somehow access the salt master configuration? or are there any existing ways to give some configuration data to the py pillar?
11:10 hemebond phx: I think you might be after pillar_opts
11:11 * phx is googling it
11:11 phx seems like it
11:12 phx or not actually
11:12 hemebond # The pillar_opts option adds the master configuration file data to a dict in the pillar called "master". This is used to set simple configurations in the master config file that can then be used on minions.
11:12 phx pillars are going to provide data from the database, and i somehow have to pass the connection settings to the py renderrer
11:13 phx Note that setting this option to True means the master config file will be included in all minion's pillars. While this makes global configuration of services and systems easy, it may not be desired if sensitive data is stored in the master configuration.
11:13 hemebond Correct.
11:13 hemebond Where is the py renderer being used? In a pillar?
11:13 phx so that's not the thing i'm after, since that exposes things that shouldn't be exposed
11:14 phx yesimon, in the pillar
11:14 phx s/imon//
11:14 hemebond Accessing Pillars in Pillars is not really supported. You might have some success if you're using an external Pillar.
11:14 hemebond But it's not guaranteed.
11:14 hemebond https://github.com/saltstack/salt/issues/6955
11:15 saltstackbot [#6955][OPEN] Ability for pillar to read other pillar values | Hi, I have a number of states that could be greatly simplified if pillar could read other pillar values.  One use case example is I have a "walt_warning" pillar value which i populate in all managed files.  I have several pillar values that declare the entire contents of files which are referenced by jinja templates, and instead of having to populate each instances of this with the
11:15 phx uhm, all i need is some mechanism to pass configuration to the py renderrer in the pillar
11:15 hemebond Configuration? Actual (master/minion) configuration or do you just mean some settings?
11:16 phx putting it like that, "some settings"
11:16 phx like i above said, connection settings, which will be the pillar's data source
11:16 hemebond Well, if you can't put it in the pillar itself, can't you just read it from somewhere?
11:17 hemebond py renderer is full Python isn't it?
11:17 phx yes
11:17 phx of course, i can always do that. but if there's an existing mechanism for this, i would prefer using that
11:18 hemebond I can't think of one. Maybe someone else has done something similar.
11:18 jakshi @hemebond probably - make sense. I need to experiment a bit, to understand better what I actually want to achieve.
11:18 amcorreia joined #salt
11:19 hemebond jakshi: What I'm thinking is you'd work on your state/formula in the test environment and when it works commit to master branch and then update the clone in the base directory.
11:19 AndreasLutro phx: try __opts__
11:19 hemebond Or copy it over if that's your system.
11:19 hemebond AndreasLutro: Isn't __opts__ the master/minion config?
11:20 AndreasLutro that's what he asked for, no?
11:20 hemebond Maybe. I thought they didn't want the master config.
11:20 hemebond Though I guess you can put anything you want in there.
11:22 ronnix joined #salt
11:22 jtang joined #salt
11:22 edrocks joined #salt
11:28 rem5 joined #salt
11:28 kbaikov joined #salt
11:29 phx __opts__ is the minion configuration, that might do the trick
11:29 phx i would prefer the master config, but the minion is as good as the other
11:30 AndreasLutro hmm is it? even inside a pillar sls?
11:30 Barbarossa left #salt
11:35 hemebond "__opts__ - Minion configuration options"
11:35 hemebond Oh.
11:35 hemebond Yeah in Pillar it's likely the master config.
11:35 hemebond If it's available.
11:40 phx let me check
11:46 armyriad joined #salt
11:48 sfxandy joined #salt
11:49 ninjada joined #salt
11:49 ninjada joined #salt
11:50 p3rror joined #salt
11:53 pcdummy on the master __opts__ = master config.
11:53 sfxandy ok am at a total loss here with my salt mine function.  done it dozens of times before, compared it to previous implementations and I cant see anything obvious.... http://pastebin.com/cejVP7Bb
11:53 sfxandy basically my loop fails to iterate and my variable doesnt get set
11:53 sfxandy but i cannot see why....
11:54 pcdummy sfxandy: what is the execution module "mine.get" ?
11:54 AndreasLutro sfxandy: how do you know your variable doesn't get set?
11:55 sfxandy because i attempt to use the variable in a file.managed state, but it complains that it is undefined
11:55 AndreasLutro I don't see you using the variable in your paste
11:55 AndreasLutro don't leave out information
11:55 sfxandy one sec...
11:56 AndreasLutro also your mine configuration is incomplete, you're missing the mine_functions: bit
11:57 ninjada joined #salt
11:57 sfxandy http://pastebin.com/hygtXyY9
11:58 sfxandy ok the 'mine_functinos' line is there, just missed it when i did the copy
11:58 sfxandy if i run the mine.get on the command line it works fine
11:58 AndreasLutro jinja variables are scoped inside loops
11:58 sfxandy just not in my state
11:58 DEger joined #salt
11:58 flowstate joined #salt
11:58 AndreasLutro you can't set a variable inside a loop and use it outside of the loop
11:58 sfxandy ah
11:58 sfxandy bugger
11:59 sfxandy tis a bit annoying really because the mine function will only ever return a single IP address
12:00 AndreasLutro could just do {% set node_ip = salt['mine.get']('*', 'myfunction', expr_form='glob').items()[0][0] %}
12:00 AndreasLutro but not sure what you want to achieve with that
12:01 AndreasLutro that probably won't work as I pasted it but you get the idea
12:01 sfxandy yeah i do
12:02 sfxandy basically i'm looking to return the IP address of a specific minion that has a role assigned against it, and the IP address needs to be known by a number of other minions in order to correctly populate a configuration file
12:04 sfxandy ok so by moving my file.managed state inside the for loop its now worked.  forgot about the scoping issue
12:05 AndreasLutro fair enough, but node_ip will only be one minion's IP, and knowing salt I bet the order won't even be deterministic
12:06 sfxandy well the mine_function definition is wrapped inside a condition that checks for a specific Pillar key:value
12:06 sfxandy so the function is only declared on the correct minion
12:06 AndreasLutro hmm that's one way to do it I guess
12:06 AndreasLutro I would've just matched on pillar values in the mine.get call
12:07 AndreasLutro salt['mine.get']('roles:my_role', 'public_ips', expr_form='pillar')
12:08 sfxandy I wanted to keep mine function defs in one location ideally, biut I can see your method
12:08 sfxandy benefits of*
12:09 armin hi. i've successfully managed to marry my test minion with my test master server, and i'm able to run remote commands called from the master on the minion. can you point me in the right direction about what to read further to do configuration management for the minions so that i have .sls files on the master that are being applied to specific minions? i'm a bit lost here.
12:09 AndreasLutro armin: read up on writing sls files, and how the top file works, that should get you started
12:10 armin AndreasLutro: i know both. but i don't know where to configure those on the master. i already did a recursive find for "*.sls" but that reveals no files under /.
12:11 AndreasLutro armin: they may not be on the local file system depending on how the master is set up. by default they're located in /srv/salt but may also be put in git, s3...
12:11 AndreasLutro look for fileserver_backend in the master config
12:11 AndreasLutro as well as file_roots
12:11 armin AndreasLutro: i did a fresh installation on centos and used the salt upstream repositories, if that helps.
12:12 AndreasLutro ah okay it is a fresh installation
12:12 armin ok that reveals only commented out options.
12:12 AndreasLutro yeah nevermind what I said
12:12 armin exactly, i want to know how things work so i decided to start from scratch on this test installation here.
12:12 AndreasLutro I don't know what centos defaults are but you should be able to just create /srv/salt/top.sls
12:12 AndreasLutro if file_roots is commented out then it should work
12:13 numkem joined #salt
12:14 armin AndreasLutro: is what i write into /srv/salt/top.sls being applied to all minions, automatically? like, would i have to do some if construct inside a jinja fragment into that file to make a decision which minions would recieve that configuration stanza in that file?
12:15 AndreasLutro armin: top.sls applies to every host yes, but top.sls also defined which other sls files should be applied to said host
12:15 armin AndreasLutro: ok seems like i have to read more about top.sls in the salt documentation.
12:16 armin AndreasLutro: thank you.
12:18 jtang joined #salt
12:18 armin ok i tried a simple statement in top.sls and ran "salt-call state.apply -l debug" on the minion, and that gives me: Comment: Unable to render top file: Unable to render top file. No targets found.
12:18 armin i can see in the debug output that the minion has seen my pkg.installed stanza, though.
12:18 armin any pointer?
12:21 AndreasLutro what does your top.sls look like?
12:21 Cadmus joined #salt
12:23 amcorreia joined #salt
12:24 west575 joined #salt
12:27 armin Comment: The following packages were installed/updated: whois
12:27 armin working.
12:27 armin AndreasLutro: andi- was so kind to point me in the right direction. thanks to both of you.
12:28 iceyao joined #salt
12:31 west575 joined #salt
12:32 edrocks joined #salt
12:33 TooLmaN joined #salt
12:34 flowstate joined #salt
12:36 DammitJim joined #salt
12:38 ninjada joined #salt
12:47 _JZ_ joined #salt
12:53 armin so i have seen an example on docs.saltstack.com that looks like this:  {% for mnt in salt['cmd.run']('ls /dev/data/moose*').split() %}  ...say i want to start understanding what .split() does there and whether the result returned is what i want to develop further, can i anyhow easily print/echo/output/something this?
12:56 Cadmus Hello, I have a question about passing pillar data on the command line. When it says it overrides the whole key and doesn't merge does that mean if I have a large pillar (say, the settings for my app) but some will come in from elsewhere (like a CI server) should I have two sepatre pillars. Like my-app and my-app-jenkins?
12:58 m4rk0_ joined #salt
12:58 armin i've also seen that python renderers exist. could be handy for obfuscated manifests that your co-workers don't understand anymore.
12:58 m4rk0_ hello guys
12:58 m4rk0_ is it possible to echo for loop from salt? (debuging)
12:59 DEger joined #salt
12:59 armin m4rk0_: i've just asked the precisely same question (but phrased a bit differently) just seconds before you joined.
13:00 m4rk0_ lol :)
13:00 m4rk0_ i'm in trouble getting values between pillars
13:01 cmarzullo Look at the test.succeed_without_changes state module.
13:01 cmarzullo Put your variable as the state id.
13:02 cmarzullo Debug {{ loop_element }}:
13:03 m4rk0_ i'm just checked web channel logs... and i see you are asking for split()... if you get array like foo,bar you should use .split(',')
13:03 m4rk0_ armin ...
13:05 aurynn joined #salt
13:05 gh34 joined #salt
13:07 AndreasLutro armin: .split() is a python string method, jinja gives you access to python object methods
13:08 gableroux joined #salt
13:08 m4rk0_ please can tell me what am i doing wrong... can't get right for loop http://pastebin.com/YVvFjC0u
13:09 cmarzullo hard to tell m4rk0_ your indentation is off in your pillar.
13:10 mortis m4rk0_: also use salt['pillar.get']
13:10 m4rk0_ cmarzullo: i tried many options
13:10 mortis something like this {% for ip in salt['pillar.get']('server1', {}).iteritems() %}
13:11 m4rk0_ mortis: tried that... same problem
13:11 cmarzullo server1 is already a list. But you default to an dict? if it's already a list, do you need to call items()
13:12 mortis ah yeah, should need items :)
13:12 mortis should not*
13:12 m4rk0_ so without .iteritems() ?
13:12 cmarzullo http://pastebin.com/ES4Xq8x9
13:13 cmarzullo that's how we iterate over a list.
13:13 cmarzullo you don't see the pillar call cause we do that in a map.jinja file.
13:13 mortis {% for ip in pillar.get('server1') %} ?
13:14 Cadmus Oh I get it, if I have a pillar like this https://gist.github.com/anonymous/029b887403bc522231da8566b4ff87b1
13:14 emaninpa joined #salt
13:14 flowstate joined #salt
13:14 Cadmus I can set 'quux' on the command line, and it won't affect 'foo', but if I set 'my-app' it would wipe out the whole thing, not append it
13:15 cmarzullo Cadmus: I haven't had much luck passing pillar on the cmd line. It does overwrite your tree
13:15 m4rk0_ mortis: empty value :/
13:16 cmarzullo m4rk0_: I see your problem you are trying to read pillar from pillar?
13:16 m4rk0_ cmarzullo: right :D
13:16 Cadmus cmarzullo: Maybe it's changed recently, I just did salt 'server' state.highstate pillar='{"my-app": {"foo": "bar"}}' test=True and the rest of the my-app pillar was unaffected
13:17 cmarzullo that's good news Cadmus
13:17 Tanta joined #salt
13:17 cmarzullo I also abandoned that path as we have pretty complex pillar and very error prone on the cli.
13:18 cmarzullo m4rk0_: https://github.com/saltstack/salt/issues/6955
13:18 saltstackbot [#6955][OPEN] Ability for pillar to read other pillar values | Hi, I have a number of states that could be greatly simplified if pillar could read other pillar values.  One use case example is I have a "walt_warning" pillar value which i populate in all managed files.  I have several pillar values that declare the entire contents of files which are referenced by jinja templates, and instead of having to populate each instances of this with the
13:19 cmarzullo You can do it my importing another yaml file. Or using jinja macros.
13:20 m4rk0_ hory shet :) i just found that link when you asked me if i'm trying to read pillar from pillar
13:20 m4rk0_ :D
13:20 cmarzullo ta da!
13:20 POJO joined #salt
13:22 subsignal joined #salt
13:22 m4rk0_ cmarzullo: thank you very much!
13:22 cmarzullo try this: https://docs.saltstack.com/en/latest/ref/renderers/all/salt.renderers.jinja.html
13:23 cmarzullo you can import a file as usable variables.
13:23 Cadmus cmarzullo: I'll let you know how I get on, the plan is to have the pillar mostly in a file, but some getting pushed in from Jenkins ("No, THIS build")
13:24 cmarzullo Cadmus: sweet. We've recently had our Jenkins use the salt api to execute runners.
13:25 m4rk0_ cmarzullo: this could be enough, thanx again
13:25 cmarzullo woot
13:27 POJO_ joined #salt
13:28 ninjada joined #salt
13:32 ssplatt joined #salt
13:33 DEger joined #salt
13:35 manji joined #salt
13:36 racooper joined #salt
13:36 subsignal joined #salt
13:37 subsigna_ joined #salt
13:37 mapu joined #salt
13:37 mpanetta joined #salt
13:38 tristianc_ joined #salt
13:46 POJO joined #salt
13:48 perfectsine joined #salt
13:48 kaptk2 joined #salt
13:57 Garo_ joined #salt
14:03 kshlm joined #salt
14:05 sfxandy anyone got any examples of using mine.get with a compound match?
14:17 bowhunter joined #salt
14:23 Tanta salt-call mine.get 'G@role:database and G@env:production' 'network.ip_addrs' expr_form=compound
14:24 Tanta salt 'mymachine' mine.get '* and S@192.168.3/24' network.ipaddrs compound
14:26 hasues joined #salt
14:26 hasues left #salt
14:37 anotherZero joined #salt
14:39 armin AndreasLutro: yeah i thought it was related to python's split() method...
14:39 armin AndreasLutro: thanks.
14:41 ninjada joined #salt
14:42 ronnix joined #salt
14:42 protoz joined #salt
14:47 ewd84 joined #salt
14:47 flowstate joined #salt
14:47 ewd84 Hello, any pointers on debugging a file.managed error I'm getting:
14:48 manji what is the error ?
14:48 ewd84 SaltRenderError: Jinja variable 'dict object' has no attribute 'abc'
14:48 ewd84 where abc is just a dict key
14:48 manji do you have a snippet you can share?
14:49 ewd84 It's actually rendered via a macro which seems rather simple
14:49 teryx510 joined #salt
14:50 spuder joined #salt
14:51 teryx5101 joined #salt
14:51 teryx510 joined #salt
14:53 raspy_ joined #salt
14:53 TyrfingMjolnir joined #salt
14:54 edrocks joined #salt
14:56 teryx510 joined #salt
14:56 Brew joined #salt
14:56 jtang joined #salt
15:00 Tyrm joined #salt
15:00 Tyrm joined #salt
15:02 tristian_ joined #salt
15:03 fredvd joined #salt
15:03 adelcast joined #salt
15:09 ekristen joined #salt
15:13 dyasny joined #salt
15:14 cyborg-one joined #salt
15:15 nidr0x joined #salt
15:15 jtang joined #salt
15:16 corichar joined #salt
15:25 ronnix joined #salt
15:33 scoates joined #salt
15:34 Tyrm_ joined #salt
15:35 Tyrm__ joined #salt
15:42 scsinutz joined #salt
15:42 west575_ joined #salt
15:45 ribx joined #salt
15:46 ivanjaros joined #salt
15:50 west575 joined #salt
15:53 krymzon joined #salt
15:55 Edgan joined #salt
15:59 mpanetta joined #salt
16:06 spuder joined #salt
16:10 brotatochip joined #salt
16:12 writtenoff joined #salt
16:16 brent_ joined #salt
16:17 georgemarshall joined #salt
16:19 rem5 joined #salt
16:28 rem5 joined #salt
16:28 ben______ joined #salt
16:29 ben______ left #salt
16:43 scsinutz joined #salt
16:47 west575_ joined #salt
17:00 tercenya joined #salt
17:02 tapoxi joined #salt
17:04 Tyrm joined #salt
17:04 onlyanegg joined #salt
17:06 jtang joined #salt
17:07 debian112 joined #salt
17:07 klaas joined #salt
17:08 Tyrm joined #salt
17:09 tercenya joined #salt
17:15 teryx510 joined #salt
17:18 lero joined #salt
17:19 west575 joined #salt
17:20 amcorreia joined #salt
17:20 Tyrm joined #salt
17:21 Tyrm joined #salt
17:28 c4t3l hello all.  Does anyone here have a good handle on the file.accumulator state?  I dont quite understand how it's supposed to work.
17:29 c4t3l say I have a file that has a couple of spots that require management, but I dont want to manage the whole file... I know blockreplace will work
17:30 c4t3l I need to toggle a setting _and_ use blockreplace
17:30 c4t3l will accumulator do this?
17:30 edrocks joined #salt
17:36 aw110f joined #salt
17:36 wendall911 joined #salt
17:48 whaity_ joined #salt
17:48 rburkholder on debian stretch/testing, I am trying to find a method of running system.reboot or cmd.run reboot and have the minion return before completion.  I have attempted even to create local scripts with  & background operations and a sleep before reboot.  And some how the minion wants to wait for even background processes to complete.  Even using a nohup command in there for various places.  For example, I am trying to write a state file where a reboot is
17:48 rburkholder initiated (which causes a rebuild and minion re-install), then do a key.delete, and then the minion will re-register.  In Salt bug note or two, I have seen that some op/sys return others don't.  Any consistency found yet?
17:48 cmarzullo https://docs.saltstack.com/en/2015.8/ref/modules/all/salt.modules.at.html
17:49 cmarzullo use the at module to schedule the reboot now +1 min or something. I've done that before.
17:51 CeBe joined #salt
17:55 s_kunk joined #salt
17:55 s_kunk joined #salt
17:59 zer0def joined #salt
18:03 rburkholder @cmarzullo thanx.  that worked.
18:03 bowhunter joined #salt
18:04 cmarzullo awesome!
18:05 CeBe joined #salt
18:13 Tanta or a @reboot cronjob
18:13 Tanta or a lockfile and /etc/rc.local
18:13 netcho joined #salt
18:13 Tanta there's a few ways to juke the reboot and do something once
18:14 twrivera joined #salt
18:15 felskrone joined #salt
18:16 ageorgop joined #salt
18:18 twrivera is there a public saltstack slack channel? if so can somebody share it thx
18:21 tercenya joined #salt
18:21 brotatochip joined #salt
18:27 manji joined #salt
18:28 gtmanfred there is not
18:28 gtmanfred just irc
18:31 impi joined #salt
18:38 GreatSnoopy joined #salt
18:44 POJO joined #salt
18:45 brotatochip joined #salt
18:45 mapu joined #salt
18:45 Someguy123 left #salt
18:50 yetAnotherZero joined #salt
18:53 fracklen joined #salt
19:01 Tyrm_ joined #salt
19:02 Tyrm__ joined #salt
19:06 flowstate joined #salt
19:07 flowstate joined #salt
19:11 flowstate joined #salt
19:14 ajw0100 joined #salt
19:14 netcho joined #salt
19:20 netcho joined #salt
19:20 rc_ joined #salt
19:21 west575_ joined #salt
19:21 dboyer joined #salt
19:23 rc_ While running file.managed state, trying to copy a file to the minion but getting a timeout error (SaltReqTimeoutError: after 60 seconds)  Is there a way to increase the timeout?
19:26 GreatSnoopy joined #salt
19:27 cmarzullo is it a large file? why you hitting the timeout?
19:27 cmarzullo seems odd
19:27 rc_ Not very large, but the minion is busy which is slowing down the transfer rate.
19:28 scsinutz joined #salt
19:32 tapoxi joined #salt
19:34 cmarzullo are you using the salt fileserver souce: salt://...
19:34 rc_ Yes, using salt://...
19:35 cmarzullo I haven't seen a way to increase the timeout.
19:37 teryx510 joined #salt
19:38 rc_ OK, I will work on increasing the transfer rate instead.   Thanks
19:39 scottcrooks joined #salt
19:40 brotatochip joined #salt
19:40 djgerm1 joined #salt
19:41 djgerm1 Any concerns around increasing salt-master worker threads to be in the hundreds?
19:41 djgerm1 assuming I am monitoring for load issues.
19:42 tapoxi I don't think so, I think it's just capped for load reasons
19:42 tapoxi haven't done it myself but I just finished mastering saltstack and they mention that as a scaling method
19:44 brd rc_: https://github.com/saltstack/salt/issues/27617 seems to imply that you can increase the timeout
19:44 saltstackbot [#27617][MERGED] Timeout on 2015.8.0  | Hi !...
19:44 tercenya joined #salt
19:45 mapu joined #salt
19:45 sc250024 If I run `salt 'some-host' state.show_sls some-formula` I get the output, and I also see a variable called '__sls__' which is the name of the formula itself
19:46 sc250024 Is there a way for a formula to self-reference?
19:46 nidr0x joined #salt
19:47 spuder_ joined #salt
19:50 PerilousApricot joined #salt
19:52 PerilousApricot Greetings, salt comrades - Is there a way within pillar to reference the "unwildcarded" minion name further in? I would like to implement per-minion pillars to store keys/certificates
19:52 PerilousApricot I was thinking something conceptually like "base: '*' - <minionname>", but I'm not sure if that maps correctly to how I should do things in salt
19:53 c4t3l I use an ext_pillar for that purpose
19:54 Slimmons joined #salt
19:56 MajObviousman is there a quick way to find states or state files not referenced by top.sls?
19:56 PerilousApricot c4t3l: I see. I looked at the pillar documentation itself but didn't notice that option. Thanks!
19:56 MajObviousman likewise is there a quick way to find files not referenced by any state?
19:56 Slimmons sometimes I have a master and minion that just sit around for a bit, not doing anything, and if I go try to run something, the minion doesn't return.  If I restart the master, it'll work again.  Is this normal?
19:56 Slimmons ubuntu server
19:57 tercenya joined #salt
20:00 tapoxi MajObviousman dumb thought, but cat * | grep statename
20:00 MajObviousman is what I'm doing now
20:00 MajObviousman well, a less UUOC invocation, but same thing
20:01 tapoxi MajObviousman or doing something similar with state.show_sls
20:01 Tyrm joined #salt
20:02 Tyrm joined #salt
20:02 brotatochip joined #salt
20:03 IdoKaplan joined #salt
20:04 IdoKaplan HI, I'm using "state.orch" and it looks like that even if "No minions matched the target", the output/error code is "States ran successfully". Do you have an idea?"
20:06 perfectsine joined #salt
20:06 gtmanfred https://github.com/saltstack/salt/issues/30367
20:06 saltstackbot [#30367][OPEN] salt-run orchestration via state.sls always successful; it is ignoring state return value | In the process of writing some salt orchestration, no matter which options I used, the salt-run orchestration state.sls module/function always ignores the pass/fail return output from the state (that runs on the minion) and the salt-run orchestration is always successful....
20:07 tongpu joined #salt
20:07 gtmanfred is that the same bug?
20:09 armguy joined #salt
20:11 IdoKaplan Ok, so if I understand correctly, is this a bug? is there an ETA? is there a workaround?
20:12 gtmanfred there is not an eta, and I do not believe there is a workaround
20:12 gtmanfred unfortunately the orchestrate doesn't actually look in and see if anylevel actually succeeds
20:12 gtmanfred which is why require and onfail don't work in the orchestrate runner
20:13 gtmanfred it is currently in our backlog
20:14 IdoKaplan Ok, thanks. if there another module for orchestrate that I can try to use?
20:15 gtmanfred not that I am aware of
20:15 yetAnotherZero joined #salt
20:16 IdoKaplan Is it possible to ask the dev team about eta?
20:17 rem5 joined #salt
20:17 gtmanfred we are not planning on having it fixed in carbon, and it is currently not on the roadmap
20:18 gtmanfred it is a bug, so it may get added to a point release at some point, but we are focusing on carbon right now
20:23 IdoKaplan Sorry, I don't know what is "carbon"
20:26 gtmanfred the next release
20:27 scsinutz joined #salt
20:29 IdoKaplan ok, thank you very much for the your help
20:29 gtmanfred no problem
20:34 SpeeR If I have a nested pillar like this... redis:lookup:home
20:34 SpeeR how do I test to see if home is defined?
20:34 SpeeR I tried this {% if redis['lookup:home'] is defined %}  and {% if redis['home'] is defined %}
20:36 cableninja_ joined #salt
20:36 gtmanfred you can do {% if pillar.redis.lookup.home is defined %}
20:37 tapoxi if something is defined, does it return False?
20:37 gtmanfred if it is defined, that will return True
20:37 tapoxi if I try to access it via salt['pillar']['item']
20:37 SpeeR it's it's defined it would return true. I'll try that
20:37 nidr0x joined #salt
20:37 gtmanfred tapoxi: that wouldn't work
20:38 gtmanfred if you did pillar['item'] and item doesn't exist, it will give an error
20:38 gtmanfred but you can do {{ salt['pillar.get']('one:two:three', default) }}
20:38 gtmanfred and specify a default
20:38 tapoxi if I don't specify a default with pillar.get, it errors too?
20:39 gtmanfred it should be None i believe
20:41 tapoxi sweet thanks gtmanfred
20:47 subsignal joined #salt
20:47 hasues joined #salt
20:47 hasues left #salt
20:49 scsinutz joined #salt
20:51 west575 joined #salt
20:53 debian112 joined #salt
20:57 protoz joined #salt
21:01 UtahDave joined #salt
21:04 UtahDave Could someone with 150 reputation or more on StackOverflow commit to the salt-stack tag here?  http://stackoverflow.com/documentation/salt-stack
21:05 yetAnotherZero joined #salt
21:09 whaity_ joined #salt
21:10 serverascode left #salt
21:12 ajw0100 joined #salt
21:12 sfxandy joined #salt
21:12 rem5 joined #salt
21:13 nidr0x joined #salt
21:13 jfelchner joined #salt
21:14 scsinutz joined #salt
21:15 scsinutz1 joined #salt
21:22 netcho joined #salt
21:23 MTecknology hm... you can include relative locations for including things, you can't do that with salt://, can you?
21:28 hemebond https://github.com/saltstack/salt/issues/8875
21:28 saltstackbot [#8875][OPEN] Support relative includes for pillar | The dot notation that's supported for relative includes in state files  (`include: - .other`) doesn't seem to work for pillar. Would be just as useful there.
21:32 * MTecknology hugs hemebond
21:32 MTecknology oh, actually... that's not relevant
21:33 MTecknology probably because I worded the first part (a statement) very close to a question; oops
21:34 jtang joined #salt
21:34 Slimmons UtahDave: not sure what other requirements there are, but I can't commit to it...and I've got 659
21:35 UtahDave Slimmons: really?  what error does it give you?
21:35 Slimmons it just has over on the right "Sorry, you cannot commit to this proposal"
21:35 Slimmons oh
21:35 Slimmons i see why
21:35 Slimmons I can do it if you upvote my answer
21:35 Slimmons on the question you resolved yesterday
21:35 Slimmons i'll link
21:36 UtahDave cool
21:36 Slimmons http://stackoverflow.com/questions/38443121/how-can-i-run-state-sls-from-a-reactor
21:36 Slimmons go upvote my answer
21:36 Slimmons and i think it will let me
21:36 Slimmons that did it
21:36 Slimmons done
21:36 UtahDave sweet!  thanks!
21:36 Slimmons np
21:37 froztbyte how much "bad form" is it to in-place update pillar contents through a state run?
21:37 froztbyte let me explain this better
21:38 froztbyte I'm trying to do some stuff with short-lived certs through the x509 module. I need to distribute the CA cert to everywhere. directly cribbing from the x509 state docs doesn't quite work because ordering issue with the mine.get/mine.send
21:39 froztbyte so I'm thinking "hey maybe just push that cert into a pillar namespace" and then I can salt.pillar.get('ca:cert', False) otherwise
21:39 froztbyte but that seems major hacky
21:39 froztbyte also mine.get doesn't appear to support a default alternative value
21:40 rem5 joined #salt
21:44 west575 joined #salt
21:44 MajObviousman froztbyte: perhaps what you need is this: https://docs.saltstack.com/en/develop/ref/wheel/all/salt.wheel.pillar_roots.html
21:45 MajObviousman oh, hmm, I misread
21:47 armguy joined #salt
21:47 UtahDave froztbyte: I've done that before.  I would just be very careful you don't have any unintended consequences.
21:47 rem5 joined #salt
21:48 UtahDave froztbyte: also, you'll need to make sure you have minions update their pillar data during the state run or the new key and value won't be available
21:48 adelcast joined #salt
21:49 froztbyte UtahDave: yeah, I've done this kind of trampoline before, familiar with the caveats
21:50 froztbyte that said
21:50 froztbyte https://gist.github.com/froztbyte/9fc580f6d859a5226740f51735991681 looks like a workable/preferred trampoline
21:50 froztbyte bonus upside of being a tiny bit more readable - if a silly hack
21:50 lero joined #salt
21:53 lero joined #salt
21:54 lero joined #salt
21:54 armguy joined #salt
21:56 lero joined #salt
22:01 brotatochip joined #salt
22:04 mavhq joined #salt
22:09 subsignal joined #salt
22:09 armguy joined #salt
22:12 west575_ joined #salt
22:19 lero joined #salt
22:20 ajw0100 joined #salt
22:42 west575 joined #salt
22:46 rem5 joined #salt
22:51 brotatochip joined #salt
23:02 DEger joined #salt
23:06 ronrib joined #salt
23:06 pcn Is there documentation on the implementation of the mine?  Does it call out to all nodes that match?  Or does it just cache values that have been stored in the master?
23:06 pcn *access cached* values
23:07 ssplatt joined #salt
23:10 ssplatt is there a way to list out “everything” in the mine?
23:11 ssplatt like pillar.items
23:11 ssplatt trying to figure out why the CA demo on the X509 doc page isn’t working for me.
23:11 ssplatt not sure if the ca.crt isn’t being added to the mine, or if the command to pull the data out isn’t working.
23:12 ninjada joined #salt
23:12 ssplatt error i keep getting: Rendering SLS 'prod:cert' failed: Jinja variable 'dict object' has no attribute 'ca'
23:13 ssplatt https://docs.saltstack.com/en/2015.8/ref/states/all/salt.states.x509.html  stuff i’m testing out
23:15 ssplatt if i run “salt-call mine.send x509.get_pem_entries /etc/pki/ca.crt” i get local: true :/
23:16 scsinutz joined #salt
23:16 onlyanegg joined #salt
23:19 IdoKaplan Hi, is it possible to use jinja in this issue? {% set env = qa -%} {% for repo in accumulator['nexus-repo-accumulated-{{ env }}'] -%}
23:20 hemebond IdoKaplan: You don't use {{ }} inside {% %}
23:20 hemebond You're already in Jinja.
23:23 IdoKaplan ok, I understand, but how can I pass the env param inside the list []?
23:23 hemebond {% set env = qa -%} {% for repo in accumulator['nexus-repo-accumulated-' ~ env] -%}
23:25 ssplatt http://jinja.pocoo.org/docs/dev/templates/#other-operators   ~ turns all operands into strings and concatenates them
23:26 ssplatt …to add more background to hemebond’s example
23:26 perfectsine joined #salt
23:26 hemebond :thumbsup:
23:27 hemebond Oh, but be careful; it changes it all to a unicode string which can cause problems.
23:27 hemebond So if env is guaranteed to be a string you can use + which I think avoids that problem.
23:27 IdoKaplan 10x, it's working.  I'm speechless about how this chat is helpful! thank you again
23:27 hemebond Of course, in this particular usage it won't matter.
23:28 ssplatt +  Adds two objects together. Usually the objects are numbers, but if both are strings or lists, you can concatenate them this way. This, however, is not the preferred way to concatenate strings! For string concatenation, have a look-see at the ~ operator.
23:28 ssplatt http://jinja.pocoo.org/docs/dev/templates/#math
23:31 froztbyte ssplatt: re the mine: the example has bootstrapping issues
23:32 froztbyte Remove cert.sls first, run highstate, add it back
23:32 scsinutz joined #salt
23:32 cableninja joined #salt
23:32 froztbyte I just worked on a workaround this afternoon but it's too much to type on my phone, lemme find the link
23:32 ssplatt i tried to do state.apply to all the other thigns first
23:32 froztbyte https://gist.github.com/froztbyte/9fc580f6d859a5226740f51735991681
23:33 ssplatt i figured there was some order thing going on too
23:33 ssplatt froztbyte: cool. thanks
23:36 cableninja_ joined #salt
23:37 west575 joined #salt
23:37 cableninja__ joined #salt
23:38 mirko having the issue of installing a deb file via salt
23:38 mirko "The following packages failed to install/update: foo"
23:38 mirko however the package gets installed
23:39 mirko and manually installing it via "dpkg -i" also succeeds
23:39 mirko the relevant line of my state file is "      - local: salt://mon-master/grafana-data_2.6.0+dfsg-3_all.deb"
23:50 _JZ_ joined #salt
23:52 cableninja joined #salt
23:54 hemebond mirko: Any other info in the logs? Tried running in debug mode to get more info?
23:56 mirko hemebond: i just opened a bug report: https://github.com/marshmallow-code/marshmallow/issues/430
23:56 saltstackbot [#430][OPEN] Error on serialization of custom class - if attr is callable it is assumed its constructor takes no arguments | The issue got introduced in 2.0.0b5 by the following diff and is still present in 2.7.1:...
23:56 mirko oh
23:56 mirko https://github.com/saltstack/salt/issues/34867 - that one!
23:56 saltstackbot [#34867][OPEN] pkg.installed always fails for custom package | I'm experiencing the issue, that ensuring a pkg-state for a custom deb file always fails....
23:57 west575 joined #salt
23:57 ssplatt ID: /usr/local/share/ca-certificates/intca.crt   Function: x509.pem_managed   Result: True     HUZZAAAAAH!
23:58 ninjada joined #salt
23:58 subsignal joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary