Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2016-08-16

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:05 xbglowx_ is there a way to have pillars run some arbitrary command to get it content?
00:06 xbglowx_ I want to use the dockerng module, but its auth requires storing the config in pillars.
00:08 Jimlad joined #salt
00:09 PalTale joined #salt
00:12 pipps joined #salt
00:18 xbglowx_ never mind, I think I can use SALT.PILLAR.CMD_YAML to help me.
00:23 MTecknology is there an event that happens when mine data is updated on the master?
00:26 ninjada joined #salt
00:27 dyasny joined #salt
00:29 woodtablet joined #salt
00:29 woodtablet left #salt
00:33 iggy MTecknology: the minions push data to the mine, that could lead to _lots_ of events
00:34 mpanetta joined #salt
00:40 bltmiller joined #salt
00:48 Daniel joined #salt
00:49 krymzon joined #salt
00:51 MTecknology iggy: I was just wondering if it generates an event when mine data changes. If I could get that, I'd smile with happiness.
00:52 fracklen joined #salt
00:54 bltmiller joined #salt
01:00 dyasny joined #salt
01:03 hasues joined #salt
01:04 catpiggest joined #salt
01:12 hasues left #salt
01:24 writtenoff joined #salt
01:26 fannet joined #salt
01:30 subsignal joined #salt
01:36 jerredbell joined #salt
01:37 ssplatt joined #salt
01:37 ajw0100 joined #salt
01:38 ssplatt is it possible to combine -watch: and -onlyif: ? so that the onlyif: takes precedence
01:39 ssplatt hmm i guess that doesn’t make much sense.
01:46 amy_ joined #salt
01:46 anotherZero joined #salt
01:47 west575 joined #salt
01:58 mpanetta_ joined #salt
02:01 nicksloan joined #salt
02:08 jenastar joined #salt
02:09 amcorreia joined #salt
02:09 edrocks joined #salt
02:10 bastiandg joined #salt
02:30 evle joined #salt
02:30 Derailed joined #salt
02:33 amy_ joined #salt
02:38 k_sze[work] joined #salt
02:38 k_sze[work] joined #salt
02:38 k_sze[work] joined #salt
02:45 jaybocc2 joined #salt
03:00 kshlm joined #salt
03:00 jaybocc2 joined #salt
03:04 jjasinski_ joined #salt
03:27 fannet joined #salt
03:28 bltmiller joined #salt
03:33 auzty joined #salt
03:52 amy_ joined #salt
04:03 jaybocc2 joined #salt
04:09 bltmiller joined #salt
04:09 brent_ joined #salt
04:12 edrocks joined #salt
04:12 jaybocc2 joined #salt
04:19 _JZ_ joined #salt
04:22 rdas joined #salt
04:30 sim_ joined #salt
04:31 onlyanegg joined #salt
04:34 rylnd joined #salt
04:48 jaybocc2 joined #salt
04:53 amy_ joined #salt
04:58 amy_ joined #salt
05:24 ageorgop joined #salt
05:24 amy_ joined #salt
05:27 fannet joined #salt
05:36 MTecknology I just realized that cachedout is in a highstate....
05:36 MTecknology holy frick that took me way too long to ever realize!
05:37 subsignal joined #salt
05:55 aswini joined #salt
05:58 aswini salt-master does 'not find' any returner other than 'local', when configured for event_return. The 'local' is just dumy template. Any idea what else needs to be done?
06:15 edrocks joined #salt
06:16 felskrone joined #salt
06:17 rsys joined #salt
06:19 akhter joined #salt
06:21 M-liberdiko joined #salt
06:22 viq joined #salt
06:25 jxm_ joined #salt
06:26 amy_ joined #salt
06:30 oyvindmo joined #salt
06:38 subsignal joined #salt
06:48 jaybocc2 joined #salt
06:51 fracklen joined #salt
06:55 Miouge joined #salt
07:00 necronian joined #salt
07:00 M-MadsRC joined #salt
07:03 Sylvain31 joined #salt
07:08 ninjada_ joined #salt
07:18 Inver aswini, which returner do you want to use?
07:19 ravenx joined #salt
07:27 amy_ joined #salt
07:28 fannet joined #salt
07:29 sjorge joined #salt
07:35 ninjada joined #salt
07:40 manji joined #salt
07:43 sjorge joined #salt
07:45 sjorge joined #salt
07:49 jaybocc2 joined #salt
07:50 keimlink joined #salt
07:56 infrmnt joined #salt
07:56 krymzon joined #salt
08:02 IdoKaplan joined #salt
08:09 Rumbles joined #salt
08:10 brent_ joined #salt
08:10 s_kunk joined #salt
08:10 s_kunk joined #salt
08:11 giany what is the best way to update the kernel and reboot the server? (thing is that i have to do some changes to /etc/default/grub then reboot ) but if I run state.highstate server gets rebooted first, my recipe : http://pastebin.com/7gYeYWSD
08:12 AndreasLutro system.reboot should have an argument for rebooting in x amount of time
08:15 Sylvain31 I was hoping than return shell exit code 0=true or 1=false would drive that jinja  {% if salt['cmd.run'](postfix_manage ~ ' email_present %s'|format(address)) %} but it doesn't change state condition, any clue? does it have to deal with: stateful: True?
08:16 AndreasLutro cmd.run just returns the command's output (stdout)
08:16 AndreasLutro maybe use cmd.run_all instead
08:16 AndreasLutro or cmd.retcode
08:17 giany AndreasLutro: how do i put that argument in the recipe I gave ?
08:17 edrocks joined #salt
08:18 Sylvain31 AndreasLutro: not in the doc: https://docs.saltstack.com/en/latest/ref/states/all/salt.states.cmd.html
08:18 GreatSnoopy joined #salt
08:18 AndreasLutro Sylvain31: that's the cmd.run state module function, you're using the cmd.run execution module function
08:18 AndreasLutro https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.cmdmod.html
08:19 Sylvain31 AndreasLutro: but it is here: salt '*' sys.doc cmd.run_all
08:21 Sylvain31 AndreasLutro: oh yes, of course module vs state (Why do have ommited that!) thanks.
08:21 antpa joined #salt
08:25 Roelt is there a best practice of example of keeping a (ubuntu) system up to date? Running apt-get update ; apt-get upgrade with cmd.run is a bit uggly and fails when files have been changed
08:26 Roelt i don't mind overwriting files by new distribution files, the other states should fix that
08:27 AndreasLutro pkg.upgrade dist_upgrade=true works on debian
08:28 giany plus reboot does not have argument.
08:28 AndreasLutro giany: https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.system.html#salt.modules.system.reboot
08:29 lero joined #salt
08:30 Roelt AndreasLutro, ah, doh. sounds logical.. :)
08:33 Sylvain31 AndreasLutro: than
08:34 Sylvain31 AndreasLutro: thanks it worked with: {% if salt['cmd.retcode']('%s email_present %s'|format(postfix_manage, address)) == 0 %}
08:40 subsignal joined #salt
08:42 netcho joined #salt
08:45 seena joined #salt
08:46 seena joined #salt
08:46 seena Hi
08:46 seena I have a reactor file with the following content
08:46 seena highstate_run:   local.state.apply:     - tgt: {{ data['id'] }}
08:47 seena https://gist.github.com/anonymous/68c31d3873857d219dd910eca5ef9f00
08:47 seena Trying to execute the highstate on minion start
08:48 seena When I restarting minion I am getting
08:48 seena 2016-08-16 08:43:30,014 [salt.minion                                          ][INFO    ][14839] User root Executing command state.apply with jid 20160816084330022220
08:48 seena But actually highstate is not getting executed
08:48 AndreasLutro on the salt master, run `sudo salt-run jobs.print_jid 20160816084330022220`
08:48 AndreasLutro see if you spot any errors
08:50 seena sudo salt-run jobs.print_jid 20160816084330022220 'jobs.print_jid' is not available.
08:51 AndreasLutro err sorry
08:51 AndreasLutro print_job
08:52 seena out:                 highstate             return:                 - The function "state.sls" is running as PID 15395 and was started at 2016, Aug 16 08:49:41.718068 with jid 20160816084941718068     StartTime:         2016, Aug 16 08:49:41.727321
08:52 seena No error as such
08:53 seena For testing I edited a file in the minion , which need to replaced by the original file which salt-master is supplying
08:53 AndreasLutro sounds like the highstate was started but never finished
08:53 AndreasLutro ps aux and look for that PID
08:54 AndreasLutro also check minion logs etc
08:55 seena https://gist.github.com/anonymous/28a3f3928394707776d0663c596108ca
08:55 seena pid not running
08:56 AndreasLutro does `salt.call state.apply` on the minion itself work fine?
08:57 seena Yes working fine
08:57 seena salt-call  state.apply
08:58 AndreasLutro weird
08:58 losh joined #salt
08:59 AndreasLutro maybe your minion has connectivity issues as it's booting?
08:59 seena I am doing /etc/init.d/minion restart
08:59 seena The other reactor which I configured is working fine
09:03 JamieH joined #salt
09:05 ninjada joined #salt
09:13 jespada joined #salt
09:13 daemonkeeper joined #salt
09:17 west575_ joined #salt
09:24 StenBiller joined #salt
09:27 lovecraftian joined #salt
09:27 lovecraftian joined #salt
09:28 Rumbles joined #salt
09:29 amy_ joined #salt
09:29 fannet joined #salt
09:30 N-Mi joined #salt
09:30 StenBiller joined #salt
09:32 Cadmus joined #salt
09:33 fredvd joined #salt
09:41 subsignal joined #salt
09:50 jaybocc2 joined #salt
09:54 seena tes
09:55 cyborg-one joined #salt
09:55 viq joined #salt
10:04 Electron^- joined #salt
10:09 Cadmus Morning, having a spot of bother with the lvm statement. I can't seem to find an example of creating a vg consisiting of multiple pvs
10:10 brent_ joined #salt
10:16 atmosx hello
10:20 edrocks joined #salt
10:24 jhauser joined #salt
10:24 kbaikov joined #salt
10:40 amiskell joined #salt
10:43 subsignal joined #salt
10:48 parasciidick joined #salt
11:06 colegatron joined #salt
11:07 amcorreia joined #salt
11:07 Sylvain31 is there a grep like state avaible, for looking if a file have a content or not?
11:15 daks hello
11:15 daks i have a salt module which define some functions
11:15 daks i use them in my states
11:15 daks now i need to use them also in my pillars
11:16 daks is this possible? (it seems not) and what could be the solution?
11:16 eseyman Sylvain31: https://docs.saltstack.com/en/latest/ref/states/all/salt.states.file.html#salt.states.file.line
11:18 antpa joined #salt
11:18 StenBiller joined #salt
11:18 Sylvain31 eseyman: I'm currenty looking for a grep -R recursive behavior, I'm using a cmd.run state, thanks
11:18 eseyman ah...
11:19 StenBiller joined #salt
11:20 daks or a way to 'add' my python functions to Jinja?
11:20 Electron^- joined #salt
11:21 StenBiller joined #salt
11:21 Sylvain31 daks: if they are module. it means you can run: salt '*' your.function
11:21 ivanjaros joined #salt
11:22 Sylvain31 you can: {% set somevar = salt['your.function'](param) %}
11:22 StenBiller joined #salt
11:22 ivanjaros Hi. I am playing with salt after a while and on fresh server I am calling salt '*' test.ping and I am getting "Unable to connect to the salt master publisher at /var/run/salt/master The salt master could not be contacted. Is master running?". I can see salt-master in the list if I run top so I'm unsure what the issue is. Any thoughts?
11:22 Sylvain31 as any function!
11:23 dijit ivanjaros: it's not taking requests, might want to check the master log.
11:23 dijit also, make sure you're running salt as an appropriate user (like root)
11:23 StenBiller joined #salt
11:23 ivanjaros dijit: thanks, the log is full of errors :D
11:24 ivanjaros i am runing it as ubuntu user on ubuntu 16.4
11:24 daks Sylvain31: in a pillar? i'll try
11:24 dijit ivanjaros: if it's "out of space" check inodes on /var
11:24 dijit that bit me before.
11:24 StenBiller joined #salt
11:25 daks in my pillar i have {% set var = salt['mymodule']['myfunction'](arg) %}
11:25 daks and it doesn't work
11:25 Sylvain31 daks: it should, I do: {% set minion =  salt['grains.get']('host') %} for example…
11:26 Sylvain31 does it run on command line? do you have resync pillar?
11:26 daks no i have not resync
11:27 Sylvain31 daks: salt['mymodule.myfunction'] I guesse
11:27 daks 'not available' either on master or minion with salt-call
11:27 Sylvain31 also salt '*' sys.doc mymodule.myfunction should print the docstring
11:27 daks even if this module is already there, because used in states
11:28 daks no output to sys.doc
11:28 daks something is strange, i'll verify
11:28 Sylvain31 I do have some for my own modules. I just checked.
11:29 daks sys.doc ok, and salt or salt-call ok too
11:29 daks (was a typo)
11:30 Sylvain31 daks: so it works?
11:30 daks no, i still got a problem when calling in my  pillar
11:30 amy joined #salt
11:30 Sylvain31 here is my code, https://github.com/opensource-expert/mysql-formula/blob/merged-all/_modules/cleanup_users.py not used in pillar though
11:32 daks salt['module.function'] call in states works but not in pillar
11:33 daks i don't understand why, because using salt['pillar.get'] works
11:33 daks and i suppose it's the same
11:34 daks could it be an order of execution problem, like the pillar is evaluated before loading modules or something like that?
11:34 daks or jinja evaluated before modules load?
11:36 jaybocc2 joined #salt
11:38 Sylvain31 daks: wath do you have in log? not I'm not sure it can work on pillar, there is ext_pillar feature though
11:39 daks Jinja variable 'salt.loader.LazyLoader object' has no attribute 'mymodule.myfunction'
11:40 daks ext_pillar is not really what i need, i think
11:41 Sylvain31 same error for what I tested.
11:41 psy0rz we have a backup-server that should backup servers that have 'backup:true' in their pillar. is there a way for a template to get a list of all the hostnames that have this property set to true?
11:42 psy0rz (currently we just put a list of host into the backup pillar manualle, but people prone to forget to add servers to it)
11:42 Sylvain31 daks: you could make a python module and do a wrapper for cmd.run salt module maybe?
11:43 daks my function is very simple: transform my minion_id, stripping its prefix
11:43 daks i don't need somethink really complicated
11:43 babilen psy0rz: https://docs.saltstack.com/en/latest/topics/targeting/compound.html + https://docs.saltstack.com/en/latest/topics/targeting/pillar.html
11:43 psy0rz thanks i will read those :)
11:43 daks i'll re-define it with jinja, but it means i'll have this function on two places
11:43 babilen I@pdata:foobar / J@pdata:^(foo|bar)$
11:43 daks (which i don't like)
11:44 subsignal joined #salt
11:44 babilen psy0rz: You can target states with that also
11:48 west575 joined #salt
11:51 Sylvain31 daks: I try to call: {{ salt['cmd.run']('salt-call mymodule.myfunc pipo') }} and salt dont like it don't try that…
11:53 Sylvain31 "salt.loaded.int.module.boto_route53][ERROR" is poluting my log can I disable it?
11:54 kshlm joined #salt
11:54 babilen Sylvain31: You could fix whatever it complains about
11:54 babilen Or don't care
11:55 Sylvain31 babilen: I don't need boto_route53 at all
11:55 babilen It still ships in salt with a large number of other modules that won't be loaded if some of their requirements aren't met
11:55 ivanjaros Hi, I am getting "Master received a SIGTERM. Exiting." in logs. I tried to manually stop and start the service but no luck. I'm on ubuntu 16.4. What could be the issue?
11:56 AndreasLutro Sylvain31: https://bpaste.net/show/967856ff7bf7 put this in your minion config
11:57 Sylvain31 babilen: yes bu boto_rout53 is the only one that report it as an ERROR it I'm right
11:57 babilen That might be the problem then. Has that been fixed?
11:57 babilen Or reported even
11:58 Sylvain31 babilen: I think there's an issue arround…
11:58 babilen Sylvain31: What's the complete log message?
11:58 babilen https://github.com/saltstack/salt/issues/35194https://github.com/saltstack/salt/pull/31207
11:58 saltstackbot [#31207][MERGED] Remove error logging of missing boto libraries | Current behavior always error logs, even if the module is not going to...
11:59 babilen You could cherry pick that patch and distribute it to your minions
11:59 babilen (or use AndreasLutro's workaround)
12:01 Mandorath joined #salt
12:02 Mandorath I'm getting an error but i'm not sure what to do with it. Im using the module postgres.datadir_exists, when executing it returns: The postgres execution module failed to load: either the psql or initd binary are not in the path or the csv library is not availbale.
12:03 Sylvain31 babilen: yep this one bug, thanks.
12:03 stephanlooney joined #salt
12:04 babilen Mandorath: Are the psql, initd binaries in your path and can you import pipes and csv?
12:04 babilen (on the minion)
12:04 ivanjaros any idea what ca ncause this: "Unable to connect to the salt master publisher at /var/run/salt/master"
12:07 Mandorath Babilen: Yeah I think it is due to the postgres package not being installed. I was using the module in an if statement, which if i remember correctly gets initiated sooner. I changed the states to the module.run state with the requirement that the package postgres is installed and i added the initdb command only to run if the module returns False with the only_if requisite, gonna check if this works.
12:07 TooLmaN joined #salt
12:08 babilen Mandorath: You'd need "reload_modules: True" on the pkg.installed state to, well, reload the modules :)
12:08 amcorreia joined #salt
12:11 brent_ joined #salt
12:15 Sylvain31 AndreasLutro: thanks for the config fix, for boto_route53 I'm trying that ;)
12:15 akhter joined #salt
12:17 ivanjaros Hi, I'm still getting "Unable to connect to the salt master publisher at /var/run/salt/master" on Ubuntu 16.4. Installed from Salt repo, version 2016.3.2
12:17 ivanjaros i tried chmod as suggested in github issue bu no luck
12:17 ivanjaros salt runs as root as well
12:18 Sylvain31 daks: did you solve this pillar call? You can generate pillar from state also…
12:18 lorengordon joined #salt
12:20 ablinkin joined #salt
12:20 Electron^- joined #salt
12:23 edrocks joined #salt
12:26 Sylvain31 daks: also note that it can be accomplised in state side so it should work, no?
12:26 Cadmus Can someone give me a hint as to how to have a statement on one minion notify another minion so it runs a command?
12:27 Cadmus I have a cluster which shares an LVM VG, so I want one minion to do all the creation, then the other members run a pv/lvscan when it's done
12:28 Sylvain31 Cadmus: it looks like reactor event, but I never tryed…
12:30 Cadmus Oh, I've heard the name, but wasn't sure what it did. I think that was the hint I needed. Thankyou Sylvain31
12:30 numkem joined #salt
12:32 daks Sylvain31: nope, can't find how to do this
12:33 Sylvain31 daks: could put and example on a pasting service?
12:36 ssplatt joined #salt
12:36 jaybocc2 joined #salt
12:38 nicksloan joined #salt
12:40 daks Sylvain31: https://friendpaste.com/EkkNLbTvvzd5lirgI9nEg
12:40 daks i'll AFK some time, but back ASAP
12:42 ablinkin joined #salt
12:44 subsignal joined #salt
12:45 edrocks joined #salt
12:49 daks joined #salt
12:50 gh34 joined #salt
12:50 daks_ joined #salt
12:50 daks_ (got a problem with my bouncer, i'm back here)
12:51 ablinkin joined #salt
12:52 dyasny joined #salt
12:58 giany trying to use salt-cloud for softlayer vm, using a custom image added global_identifier: and commented #image: however receive an error The required 'image' configuration setting is missing from the profile, anyone hit the same issue?
13:07 psy0rz babilen thats not what i need. i want our backup server to PULL the backups from minions, so the backupserver needs to know which minions to backup
13:15 west575_ joined #salt
13:16 ablinkin joined #salt
13:16 racooper joined #salt
13:20 hasues joined #salt
13:24 hasues left #salt
13:28 tapoxi joined #salt
13:29 Elsmorian joined #salt
13:29 tapoxi hey everyone, my master (2016.3.1) decided to explode overnight, as soon as I start it I get this spammed in the log: http://hastebin.com/ahinatakec.lua
13:30 tapoxi no idea how it could be going over ulimit, I have less than 100 minions. thoughts?
13:30 babilen psy0rz: You can still target them with that expression .. you can use it with salt mine.get calls (for example)
13:30 west575 joined #salt
13:31 fannet joined #salt
13:32 amy joined #salt
13:33 zer0def joined #salt
13:33 impi joined #salt
13:35 bdrung_work joined #salt
13:38 akhter joined #salt
13:39 psy0rz babilen ahh k. just use a salt-command in the backupscript to get the data
13:39 psy0rz will try that
13:39 tapoxi figured out my problem, someone disabled a slack user. this caused the master to fail starting the slack engine, filling up the log file and running out of sockets. looks like bug #33618
13:40 babilen psy0rz: What information do you actually need to configure the backup server?
13:40 west575 joined #salt
13:42 psy0rz only the hostname of the minion
13:43 babilen psy0rz: minion id, fqdn, ip addresses, ... ?
13:43 babilen Ah, hostname ..
13:43 psy0rz minion_id would be ok
13:43 jespada joined #salt
13:43 psy0rz or indeed hostname (which is normally the same as the minion_id)
13:43 babilen https://docs.saltstack.com/en/latest/topics/mine/ and define a mine function alias for grains.get('host')
13:44 babilen The mine is typically what you use in order to get information about other minions
13:44 mapu joined #salt
13:44 Mandorath What could be the problem when i specify runas: [user] in a cmd.run and it returns permission denied, but when i mannually issue the same commando when logged in as the same user it succeeds?
13:45 subsignal joined #salt
13:45 west575_ joined #salt
13:45 cyborg-one joined #salt
13:46 babilen Mandorath: What's the command?
13:47 ablinkin joined #salt
13:47 akhter joined #salt
13:47 Mandorath initdb -D /HITT/DATA/postgresql/db
13:47 Mandorath runas: postgres
13:47 hlub Aug 16 15:35:23 somehost salt-minion[10845]: [ERROR   ] Exception occurred while handling stream: [Errno 0] Success
13:53 akhter_1 joined #salt
13:53 permalac joined #salt
13:54 tiwula joined #salt
13:55 babilen Mandorath: Does that command requires some environment variables to be set? (e.g. do you have a pgpass file in your HOME?)
13:55 babilen And what's the exact error you get?
13:55 Arendtsen joined #salt
13:56 Brijesh1 joined #salt
14:00 jerredbell joined #salt
14:02 mpanetta joined #salt
14:03 antpa joined #salt
14:04 Mandorath As far as i now i dont need a pgpass file. The error im getting is: 'initdb: could not access directory "/HITT/DATA/postgresql/db": permission denied'. When i run this command on the targeted minion mannually as the postgres user it succeeds.
14:04 manji joined #salt
14:05 Mandorath babilen: its a test setup. I do have one variable for the pgdata file witch I set for the postgres user previous to the initdb
14:07 akhter joined #salt
14:07 Mandorath babilen: owner:group for the directory is set for postgres:postgress
14:08 babilen Mandorath: You might want to paste your state .. I'll have to concentrate on something else for a while, but others might also be able to help
14:09 fracklen joined #salt
14:09 Mandorath babilen: ok
14:09 Mandorath babilen: thx so far
14:11 fracklen joined #salt
14:12 brent_ joined #salt
14:13 marc__ joined #salt
14:14 marc__ hi is there a gui for salt?
14:14 asoc joined #salt
14:17 babilen marc__: There's salt enterprise and projects like saltpad, molten, ...
14:18 psy0rz babilen thanks
14:21 ablinkin joined #salt
14:22 jaybocc2 joined #salt
14:23 akhter joined #salt
14:24 curious joined #salt
14:24 venu0336 joined #salt
14:26 curious There is a list of dependecies for installtion of Salt on Linux at https://docs.saltstack.com/en/latest/topics/installation/index.html#dependencies - are these all libraries/apps that are available with Linux distribution? Thnx
14:30 teryx510 joined #salt
14:30 t0nyhays joined #salt
14:32 teryx510 Morning guys, anyone know of a way to restart engines and beacons without restarting the master or minion?
14:33 t0nyhays Hola!  Anybody know an easy way to inject static grains into a new salt-bootstrap install?
14:34 t0nyhays ls
14:35 daveleigh <insert directory listing joke here>
14:35 t0nyhays I think I could do it in the post-install function, but I would have to repeat for every distro.
14:36 brotatochip joined #salt
14:37 daks Sylvain31: i'm back now
14:37 daks i hope i didn't miss any message
14:41 akhter joined #salt
14:43 saintpablo joined #salt
14:45 curious joined #salt
14:45 west575 joined #salt
14:46 curious There is a list of dependecies for installation of Salt on Linux at https://docs.saltstack.com/en/latest/topics/installation/index.html#dependencies - are these all libraries/apps that are available with Linux distribution? Thnx
14:46 subsignal joined #salt
14:47 curious Sorry for repeat of question - I got disconnected from session
14:48 ivanjaros joined #salt
14:48 akhter joined #salt
14:49 fracklen joined #salt
14:49 ssplatt curious: apt search / yum search may be your best friend there
14:50 ssplatt iirc there are some that pull down from the salt repo and some that are in the default repos
14:50 ssplatt some in the salt repo may be in the default repos but salt provides newer versions for compatibility
14:51 dendazen joined #salt
14:56 curious We have to go separate local cybersecurity approvals for apps, so if any are not included within salt distribution or LINUX distribution that would be additional requests for approval to use
14:59 cmarzullo curious: I know that pain of getting approval. A difficult task, but worth it if you are choosing a cfg mgmt platform. No matter which you'll chose you'll want the thirdparty repos and not your OS repo.
14:59 krymzon curious: for supported distributions, I'd expect all the needed packages to be contained in the official distribution or the official salt repository
15:00 losh joined #salt
15:00 jaybocc2 joined #salt
15:01 krymzon cmarzullo: except (at least) debian. The 'official salt' repo is poor compared to the debian repo, only one architecture, etc
15:02 curious We are using Red Hat
15:02 ablinkin joined #salt
15:05 Sylvain31 daks: you still can browse message offline in the log, see url in /topic
15:05 krymzon curious: I'd expect the offcial rhel + this to be enough, https://repo.saltstack.com/#rhel  (I haven't tried though)
15:05 Sylvain31 but I don't see any answer, I may not watch carefuly
15:05 cmarzullo krymzon: intersting. I can see that being important for a lot of people.
15:07 spuder joined #salt
15:07 Brew joined #salt
15:08 aswini joined #salt
15:09 krymzon cmarzullo: it's indeed quite a let down that 'official salt' is only amd64, and 'community salt' has been discontinued. We're mostly amd64, but have some others, and thus we need to stick to the official debian repo. jessie-backports is fortunately 2016.3.0, but wheezy-backports is ancient (0.17)
15:12 Brew1 joined #salt
15:15 Brew1 joined #salt
15:17 daks Sylvain31: i saw it, no answer after my paste
15:17 daks i changed my method, using jinja directly, it solves my actual problem even if it don't solve it completely if i need to do some complicated stuff in python
15:17 daks but for now it's ok
15:18 daks thanks for your help
15:19 jenastar joined #salt
15:20 ferbla joined #salt
15:21 deus_ex joined #salt
15:22 akhter joined #salt
15:22 scsinutz joined #salt
15:25 snc joined #salt
15:27 manji joined #salt
15:27 scsinutz1 joined #salt
15:27 teryx510 joined #salt
15:28 teryx510 joined #salt
15:30 teryx5101 joined #salt
15:32 fannet joined #salt
15:33 amy joined #salt
15:40 curious cmarzullo: pain can be the right descriptor for that approval process. We want to ensure we can capture all of the software dependecies in one ATO/CIE request package.
15:40 jespada_ joined #salt
15:40 Sylvain31 daks: ok bye, I go off, complicated stuff can be done outsid jinja with other template engine
15:43 ablinkin joined #salt
15:44 jespada__ joined #salt
15:45 teratoma joined #salt
15:47 subsignal joined #salt
15:49 west575_ joined #salt
15:51 amcorreia joined #salt
15:55 west575 joined #salt
15:57 pipps joined #salt
16:03 akhter joined #salt
16:03 west575_ joined #salt
16:06 t0nyhays joined #salt
16:07 dps joined #salt
16:08 dps is it possible to call one sls from another?
16:09 dps i can't seem to figure out how to do this
16:09 cmarzullo generally try to avoid that.
16:09 cmarzullo but you can use the state.module in your sls
16:10 dps hmm
16:10 dps well here is my use case
16:10 dps i have a big state that goes through and uninstalls centrify and installs and configures IPA
16:10 dps its not that big but there are like 20 steps in it
16:11 dps basically i want to run a single command and if it evaluates to false (or true), run the state, if not just skip it
16:11 cmarzullo Very exciting!
16:11 dps hah i dont know about the cmarzullo
16:11 cmarzullo Think about adding 'feature toggles' in your state.
16:12 dps hmm is that what they are called?
16:12 dps i will have to look into that
16:12 cmarzullo http://pastebin.com/E7t86qj1
16:12 rem5 joined #salt
16:12 cmarzullo not exactly a feature toggle, but doesn't execute a bunch of states if a directory exists.
16:13 brent_ joined #salt
16:13 cmarzullo if nagios is already installed, don't bother downloading and compiling it.
16:13 dps you put that right into the state?
16:13 dps this is interesting
16:13 cmarzullo yep.
16:13 dps cool
16:13 dps thank you i think this might do what i am looking for
16:14 cmarzullo the {{ }} jinja is all values from pillar.
16:14 misconfig joined #salt
16:14 onlyanegg joined #salt
16:14 cmarzullo I'll do toggles around include lines.
16:14 dps im just worried what i have might not fit into the conditional logic
16:15 dps like what i want to do is something like
16:15 cmarzullo here's the more straight forward feature toggle based on pillar: http://pastebin.com/BQdsyfLT
16:15 dps getent passwd --service=sss s.someaccount | wc -l
16:15 dps and see if that is greater than 0
16:15 dps do i have to write my own module for that?
16:16 cmarzullo https://docs.saltstack.com/en/2015.8/ref/modules/all/salt.modules.pw_user.html#salt.modules.pw_user.getent
16:16 cmarzullo module already exists.
16:16 cmarzullo not sure if it does what you want.
16:16 cmarzullo but you can certainly use it on the cli. salt mmyhost pw_user.gentent
16:17 cmarzullo see what it returns, maybe helpful.
16:17 dps yeah i mean there is that.  i need to query a specific nss service though
16:17 dps you gave me enough ideas to get started, i think
16:17 dps thank you for getting back to me
16:17 cmarzullo good luck!
16:17 ablinkin joined #salt
16:17 dps thank you :-)
16:19 akhter joined #salt
16:21 eightyeight joined #salt
16:22 akhter joined #salt
16:24 west575 joined #salt
16:24 thraxil joined #salt
16:25 akhter joined #salt
16:27 ablinkin joined #salt
16:28 akhter joined #salt
16:29 west575 joined #salt
16:31 akhter joined #salt
16:35 akhter joined #salt
16:36 _JZ_ joined #salt
16:37 sesa joined #salt
16:39 west575_ joined #salt
16:39 amy joined #salt
16:41 edrocks joined #salt
16:41 shoul joined #salt
16:41 scsinutz joined #salt
16:42 akhter joined #salt
16:43 shoul Hey there, in an masterless vagrant box after bootsraping the salt, 'salt-minion' service is runnig. How can I stop it or avoid to start?
16:44 west575 joined #salt
16:45 ninjada joined #salt
16:45 cscf shoul, systemctl?
16:45 ablinkin joined #salt
16:46 shoul cscf its a debian box. It's that what your'e asking for?
16:49 shoul ok, I found a documentation about 'systemctl'. Thanks, I try
16:51 dps cmarzullo: this works thank you :-)
16:54 Sokel In pillar, would this cause any conflicts/problems? Or would they 'merge' in some way if a client's grain of "role" is 'datasrv'? https://paste.fedoraproject.org/409278/66411147/
16:54 shoul cscf - It's seems not the propriate tool. It supports starting the service at boot time. After provisioning my box is already running.
16:54 brotatochip joined #salt
16:55 jenastar joined #salt
17:00 scoates joined #salt
17:02 WKNiGHT joined #salt
17:03 pipps joined #salt
17:06 sp0097 joined #salt
17:10 ageorgop joined #salt
17:10 edrocks joined #salt
17:10 lorengordon joined #salt
17:10 akhter joined #salt
17:10 ssplatt joined #salt
17:11 ssplatt left #salt
17:11 notnotpeter joined #salt
17:11 ablinkin joined #salt
17:12 onlyanegg joined #salt
17:14 jcherndon joined #salt
17:14 jcherndon Hello
17:15 akhter joined #salt
17:15 jenastar is it me you're looking for?
17:15 jenastar I can see it in your eyes
17:15 jenastar :P
17:15 jcherndon I wrote a runner that works when called from CLI but errors our sometimes when called by salt
17:15 edrocks joined #salt
17:15 jenastar error
17:15 jenastar ?
17:16 jcherndon so I have a beacon running on a minion that is monitoring a service. I have a reactor on my master that calls a runner to post a message to an irc channel
17:17 jcherndon I can execute the runner from the master's cli. but when I kill the service on the minion, first time it runs correctly. If I restart it back up right away I get an error
17:17 ablinkin_ joined #salt
17:18 jcherndon error in event viewer says theres a bad file descriptor
17:18 jenastar remnants?
17:19 jcherndon there's a time_wait in netstat output. but that doesn't seem to affect the script whan I run manually, only via the reactor does it blow up?
17:19 jcherndon using python sockets
17:19 impi joined #salt
17:19 jcherndon I have a socket.close() command after I'm done writing to irc, but it doesn't seem to close it
17:20 adelcast joined #salt
17:21 jenastar going to post the code?
17:22 west575_ joined #salt
17:24 jcherndon can't,
17:25 Electron^- joined #salt
17:25 jcherndon I set up socket.
17:25 jcherndon irc = socket(AF_INET, SOCK_STREAM)
17:26 jcherndon irc.connect((host, port))
17:27 jcherndon I have defs that hash out commands for IRC stuff... JOIN, NICK, USER, PRIVMSG, and a def that will run those commands with irc.send(command)
17:27 west575 joined #salt
17:27 jcherndon at the end of my main() I have a PART, QUIT, and irc.close()
17:28 jcherndon Like I said, works constantly from centos7 CLI, fails after first go when run from reactor
17:29 jcherndon It's like salt isn't closing the socket?
17:33 fannet joined #salt
17:34 akhter joined #salt
17:35 teryx510 joined #salt
17:35 jaybocc2 joined #salt
17:36 jcherndon Thanks all! I fixed it by forking my process.
17:37 sp0097 I have a question about the salt-api.  I have been able setup successfully.  How can I call salt-cloud to destroy/create vms from salt-api?
17:39 sp0097 for giggles, I did this to attempt to call show_instance.
17:39 sp0097 curl -k https://host:8000 -b ~/cookies.txt -H 'Accept: application/x-yaml' -d client=client -d fun=show_instance -d names=['myvm']
17:39 akhter joined #salt
17:39 sp0097 but got an error 500
17:39 ablinkin joined #salt
17:41 fannet joined #salt
17:42 scsinutz joined #salt
17:42 cscf What does it mean when salt-cp returns only " ---------- " ??
17:43 akhter joined #salt
17:45 ablinkin joined #salt
17:46 shoul In an masterless vagrant box after bootsraping the salt, 'salt-minion' service is runnig. How can I stop it or avoid to start?
17:46 west575_ joined #salt
17:47 akhter joined #salt
17:47 cmarzullo salt-minion: service.dead
17:47 cscf shoul, what is wrong with "systemctl stop " or " systemctl disable "?
17:48 cmarzullo sp0097: not too sure m8. probably have something misconfigured.
17:48 ivanjaros joined #salt
17:48 shoul cscf - It's seems not the propriate tool. It supports starting the service at boot time. After provisioning my box is already running.
17:48 subsignal joined #salt
17:49 cmarzullo shoul: your states should manage the salt minion.
17:50 shoul cmarzullo - so I can call "salt-minion: service.dead" from a state? Is that corect?
17:50 cmarzullo bascially.
17:50 ablinkin_ joined #salt
17:50 cmarzullo https://docs.saltstack.com/en/latest/ref/states/all/salt.states.service.html#salt.states.service.dead
17:51 jenastar joined #salt
17:52 shoul cmarzullo - That's what I found bevore. I did "vagrant provision" but the salt-minion service still runs.
17:53 cmarzullo Are your salt-states running?
17:53 shoul cmarzullo - Yes
17:53 cmarzullo You can include -X passed to the salt bootstrap.
17:53 cmarzullo https://docs.saltstack.com/en/latest/topics/tutorials/salt_bootstrap.html
17:54 cmarzullo https://www.vagrantup.com/docs/provisioning/salt.html#bootstrap_options
17:55 GreatSnoopy joined #salt
17:55 sp0097 cmarzullo: does salt-api support making calls to salt-cloud? When I make a remote call what should the client parameter be specified as?
17:55 sp0097 I just guessed when I made the call earlier.
17:55 cmarzullo I have not gone salt-api to salt-cloud. But don't see why it shouldn't work.
17:55 shoul cmarzullo - Wow, thanks. I will try that out.
17:56 sp0097 I performed a test.ping like the example suggested, and that worked great.
17:57 ecsape joined #salt
17:57 ablinkin joined #salt
17:58 cmarzullo So test.ping was the module you were running. What module are you running in the above example?
17:59 cmarzullo and what cloud provider are you using?
17:59 sp0097 Once I got the test.ping working, I tried state.apply <mysls>, and that worked great as well.  Then I thought great, I'll a salt cloud function, so I started with show_instance
17:59 sp0097 curl -k https://host:8000 -b ~/cookies.txt -H 'Accept: application/x-yaml' -d client=client -d fun=show_instance -d names=['myvm']
17:59 fracklen joined #salt
17:59 sp0097 wasn't sure about the client= parameter
17:59 cmarzullo show_instance isn't a function
18:00 pipps joined #salt
18:00 cmarzullo (i don't think on it;s own)
18:00 sp0097 oh, doh
18:00 cmarzullo what cloud provider are you using?
18:00 sp0097 vsphere
18:00 sp0097 works great so far from the cli
18:01 sp0097 do you have an example I to call against salt-cloud?
18:01 cmarzullo so the function would be vsphere.show_instance maybe?
18:02 cmarzullo I don't have examples to show. I provision from the cli for now.
18:02 sp0097 oh sorry, I misspoke, I use the vmware plugin.
18:02 sp0097 I'll give what you suggest a try.
18:03 cmarzullo probably vmware.show_instance or somethign like that.
18:03 sp0097 I see the following when I simply call against localhost:8000 via curl.  {"clients": ["_is_master_running", "local", "local_async", "local_batch", "local_subset", "runner", "runner_async", "ssh", "ssh_async", "wheel", "wheel_async"], "return": "Welcome"}
18:04 ecsape left #salt
18:04 sp0097 I didn't see anything that was resembling cloud, so I was doubting it works.
18:04 sp0097 I'll try runner or maybe ssh and see if I can get that working.
18:05 sp0097 thank you.
18:05 cmarzullo no problem. sorry couldn't be more help
18:05 sp0097 no worries.
18:05 cmarzullo maybe this will help: https://github.com/saltstack/salt/issues/33787
18:05 saltstackbot [#33787][MERGED] how to use salt-api with to exeute salt-cloud | Hi,...
18:07 bltmiller joined #salt
18:12 timoguin joined #salt
18:12 onlyanegg I have something like this: {% for role in pillar.roles %} pkg.installed: -name {{ pillar['packages'][role] }}
18:13 onlyanegg I'm wondering if there's another way to do that using the dot notation which I prefer
18:13 shoul cmarzullo - In the vagrant box bootstrap_salt.sh is Version 1.5.2 - I get an "ERROR: Option does not exist : X" bu I found a "-C" option. But now the bootstrap process fails.
18:13 curious joined #salt
18:13 shoul cmarzullo - With: salt-minion was not found running
18:13 brent_ joined #salt
18:14 cmarzullo maybe it needs to be running.
18:14 cmarzullo I usually manage the salt-minion software anyway. When running masterless I'm not running permenant guests. so I don't worry that it's running.
18:15 cmarzullo you could also add a shell provisioner to execute after the salt provision that turns off the minion
18:15 ablinkin joined #salt
18:15 akhter joined #salt
18:17 shoul cmarzullo yes, I thougt abaut that, but I wrote the masterless how to and there is a note that the salt-minion service should not run. An I thought there is a better way.
18:17 vilitux joined #salt
18:18 shoul cmarzullo - And I already use a shell provisioner to install pip to avoid an "pip not installed" Error.
18:19 hackel joined #salt
18:20 edrocks joined #salt
18:20 cmarzullo version 1.5.2 of the bootstrap? where'd that come from? current bootstrap shows the -X options
18:21 cmarzullo https://github.com/saltstack/salt-bootstrap/blob/develop/bootstrap-salt.sh#L298
18:21 pipps joined #salt
18:21 ablinkin joined #salt
18:21 cmarzullo current bootstrap version is 2016.08.16
18:22 shoul cmarzullo - that is what vagrant is installing by default
18:23 shoul cmarzullo my box is: "boxcutter/debian82"
18:23 cmarzullo that your box? boxcutter?
18:23 cmarzullo Or just one you picked?
18:23 sagerdearia joined #salt
18:24 MTecknology I feel dirty when I run " salt -t 180 -b 1 '*' "  :(
18:24 shoul cmarzullo That is a vagrant box https://atlas.hashicorp.com/boxcutter/boxes/debian82
18:25 cmarzullo onlyanegg: There are patterns for merging pillar and stuff. https://docs.saltstack.com/en/latest/topics/best_practices.html#modularity-within-states
18:25 cmarzullo onlyanegg: if you get into heavy use adopt one of the formula patterns.
18:26 shoul cmarzullo: But I replace the source.list by states
18:26 cmarzullo shoul: Perhaps there's an issue with that box is what I'm getting at. I don't know boxcutter but 8.2 is pretty old. I prefer the bento project boxes. Well documented way the are built. I like that.
18:26 scsinutz joined #salt
18:26 cmarzullo But that won't solve your problem.
18:27 cmarzullo Big question is why you are getting a really old bootstrap file. Maybe it's hardcoded into vagrant. do the override and put directly to the latest bootstrap.
18:27 cmarzullo I dunno. just guessing really.
18:27 mapu joined #salt
18:27 babilen vagrant just downloads the bootstrap script
18:27 babilen (unless it is a very old vagrant version)
18:28 jwon joined #salt
18:28 cmarzullo that was my understanding. he's saying 1.5.2 brings the vagrant / bootstraping into question.
18:28 babilen shoul: Which vagrant version is that?
18:29 shoul 1.8.4
18:31 babilen https://github.com/mitchellh/vagrant/blob/master/plugins/provisioners/salt/bootstrap-salt.sh -- that just downloads the current bootstrap file
18:32 jhauser joined #salt
18:32 west575 joined #salt
18:33 babilen Could you try a different base box? (e.g. http://paste.debian.net/789931/ )
18:33 shoul babilen: I fornd that ether an wonder where the came the "pip not insalled" error form.
18:33 shoul babilen: I will
18:34 babilen That one uses the base boxes provided by the Debian project
18:34 cmarzullo Big fan of the bento/debian-8.5
18:34 babilen https://atlas.hashicorp.com/debian/boxes/jessie64
18:34 babilen cmarzullo: What's so special about them?
18:35 cmarzullo I just like that there's a pretty clean way to build them. I've forked it and added stuff to make my own versions.
18:35 cmarzullo Really slikc.
18:35 cmarzullo slick
18:35 cmarzullo I like knowing what's in the box.
18:35 babilen Sure
18:35 cmarzullo The debian box is good too. But sometimes was a little too small.
18:36 babilen The Debian ones are pretty minimal, yeah
18:36 cmarzullo you can resize but /effort
18:36 cmarzullo Yeah the great too.
18:36 babilen (as exemplified by the need to install curl and ca-certificates for example)
18:36 cmarzullo yeah. I get nailed on the bento cause apt-https ain't there. Only a problem when using the docker provisioner in vagrant.
18:37 babilen apt-https is a stupid idea anyway
18:37 babilen (if you mean the transport)
18:38 cmarzullo well it's a kinda pointless with gpg, but still to make an extra install is silly too.
18:38 babilen Well .. not stupid. It certainly isn't stupid, but it'd not needed for using apt securely
18:38 babilen (as release files are signed)
18:38 babilen One might argue privacy, but then one should just use tor
18:39 cmarzullo Been building my own repos for my sofware. so like I want that https.
18:39 babilen So you are not signing your Release files?
18:41 cmarzullo yeah. but don't want other folks intercepting the stream. unlikely but might as well.
18:41 cmarzullo you know those security folks. encrypt all the things.
18:41 babilen Sure .. that's a reasonable usecase
18:42 shazaum joined #salt
18:43 pipps joined #salt
18:44 babilen shoul: Did that box work for you?
18:45 shoul babilen: No, prehaps it don't work with Virlualbox
18:45 akhter joined #salt
18:45 west575_ joined #salt
18:46 shoul babilen: After copiing the minion to vm comes an forcing to shutdown. I trye'd twice
18:47 babilen I haven't touched VBox in a while (I'm using kvm with vagrant-libvirt most of the time)
18:47 babilen meh, what about the bento boxes?
18:48 babilen Not sure in which state the vbox debian/jessie64 boxes are (haven't verified them recently, but I seem to remember that I used them before)
18:48 shoul babilen: I will try bento boxes
18:48 babilen ta
18:48 ablinkin joined #salt
18:49 akhter joined #salt
18:49 shoul babilen: Can you give a link hwo to use kvm and vagrant?
18:49 subsignal joined #salt
18:50 babilen shoul: I just installed the "vagrant-libvirt" plugin and use "--provider=libvirt" (you need a working kvm / virsh setup beforehand naturally .. well just install them)
18:52 shoul babilen: Where you get the boxes? Du you convert other boxes?
18:53 akhter joined #salt
18:53 babilen There are libvirt boxes on atlas (I'm using debian/jessie64 and debian/wheezy64 most of the times)
18:53 babilen But I also build some myself
18:54 babilen Another plugin I use is landrush
18:56 shoul babilen: I got the same error with "bento/debian-8.2"
18:56 akhter joined #salt
18:57 babilen That's really weird
18:57 babilen Also with libvirt?
18:58 shoul babilen: Not tried
18:58 babilen Could you paste the error?
18:58 Salander27 joined #salt
18:59 ablinkin joined #salt
18:59 scsinutz1 joined #salt
18:59 akhter joined #salt
19:00 shoul babilen: The complete output from vagrant up on: https://gist.github.com/anonymous/dadad502c98ec2696636383e5ad1d993
19:01 mpanetta_ joined #salt
19:02 edrocks joined #salt
19:02 dezertol joined #salt
19:02 DammitJim joined #salt
19:03 cmarzullo yuk. what's your Vagrant file look like?
19:03 dezertol Does anyone know if/how to launch an RDS instance from snapshot using boto_rds I'm reading over the doc's and I don't see a way to pass in a snapshot value?
19:03 cmarzullo not sure dezertol haven't used rds
19:03 LessSneaky joined #salt
19:04 shoul babilen: What's the "virsh setup" for kvm you spoke about?
19:05 shoul cmarzullo: My Vagranfile: https://gist.github.com/anonymous/22ce6d800a5a12c21d100e19dcae4d0a
19:05 lero joined #salt
19:06 dezertol just seems a rather obvious use for Amazon RDS.. using boto_rds via salt stack to launch instances.. but I don't see a way to use an existing snapshot.. I find it hard to believe that people would do a mysql import each time
19:07 netcho joined #salt
19:07 cmarzullo ohhh shoul you aren't runnig in masterless mode. that's master mode. you missing fields to make it a proper master.
19:07 cmarzullo turns out the Vagrant file in front of me has the snippet of setting up a master
19:08 cmarzullo https://gist.github.com/anonymous/41a2bd9e502fd2789b1b59abde1716c9
19:08 antpa joined #salt
19:08 shoul cmarzullo: I tryed that debian Vagrant file. And missed to configure it right. You rhight
19:09 cmarzullo that makes a master and adds in three minions
19:10 cmarzullo here's my masterless salt section: https://gist.github.com/anonymous/8ac57e4b3c650b94b7e3801d2acadc37
19:10 cmarzullo for a different vagrant project
19:10 babilen shoul: https://wiki.debian.org/KVM#Installation
19:11 babilen libvirt-bin provides virsh (cli tool for kvm)
19:11 babilen shoul: Just install qemu-system-amd64 and libvirt-bin and you should be ready to go
19:13 babilen So .. tired. See you guys in the morrow. Good luck!
19:13 shoul babilen: Thank you
19:14 shoul Thanks to all of you for youre help. I'm out.
19:14 cmarzullo good luck!
19:14 shoul Tank's
19:14 shoul left #salt
19:16 ablinkin_ joined #salt
19:18 DammitJim I know I am running an old version, but if my master is running 2015.5.3
19:18 DammitJim can my minion run a newer version?
19:24 bltmiller joined #salt
19:24 akhter joined #salt
19:25 pipps joined #salt
19:26 viq DammitJim: no
19:26 babilen DammitJim: It can't/shouldn't
19:27 babilen There might be certain things that won't break right away, but there is no way this is a setup that you want to use for anything that remotely resembles something you want to work with
19:30 ablinkin joined #salt
19:30 subsignal joined #salt
19:31 DammitJim I've been doing only ubuntu servers
19:31 DammitJim now I have a debian server
19:32 netcho joined #salt
19:33 babilen And?
19:35 subsignal joined #salt
19:36 ablinkin_ joined #salt
19:40 Miouge joined #salt
19:42 dyasny joined #salt
19:46 ablinkin joined #salt
19:47 pipps joined #salt
19:49 scsinutz joined #salt
19:50 akhter joined #salt
19:54 ajw0100 joined #salt
19:54 ablinkin joined #salt
19:54 scsinutz1 joined #salt
19:56 sp0097 joined #salt
19:57 onlyanegg cmarzullo: thanks!
19:57 pipps joined #salt
20:02 fredvd joined #salt
20:06 cmarzullo you're welcome.
20:08 cyborg-one joined #salt
20:14 brent__ joined #salt
20:16 xbglowx joined #salt
20:18 vilitux joined #salt
20:18 pipps joined #salt
20:21 sxar joined #salt
20:25 jenastar joined #salt
20:27 jenastar left #salt
20:29 psy0rz is it possible to put arbitrary data into the mine?
20:29 psy0rz via an sls or pillar
20:30 psy0rz hmm probably just a pillar.fetch
20:34 pipps joined #salt
20:35 fracklen joined #salt
20:35 jaybocc2 how does one go about rotating the master's signing key signature on minions?
20:35 pfallenop joined #salt
20:35 pfallenop joined #salt
20:36 Miouge joined #salt
20:36 cmarzullo psy0rz: yes you can. but it's not a keystore.
20:38 farblue joined #salt
20:39 farblue left #salt
20:39 babilen psy0rz: Do you need access to pillar data of other minions?
20:40 babilen I mean .. why not put it in the pilla in the first place and get it from there?
20:40 akhter joined #salt
20:42 win_salt joined #salt
20:44 farblue joined #salt
20:45 farblue Hi all - could someone possibly with how you use Vault as a pillar? I think I've configured it correctly as an ext_pillar but don't think I'm using the correct format for the keys in Vault
20:46 farblue Hi all - could someone possibly help me* with how you use Vault as a pillar? I think I've configured it correctly as an ext_pillar but don't think I'm using the correct format for the keys in Vault
20:46 win_salt vault is weird, look up how to pass json to vault write
20:47 win_salt you need to set the whole value as a dict in order for it to work like salt pillars
20:47 farblue ok, kind of weird but I can see why that might be
20:47 farblue but what about the path I use?
20:48 mohae joined #salt
20:48 pfallenop joined #salt
20:48 farblue say, for instance, my pillar path is secret/salt then do I just add a big dictionary to secret/salt? and what key would I use?
20:50 farblue do I use separate keys for different groups or is it all one big json doc stored in a single key?
20:52 win_salt https://bpaste.net/show/04667047325b   this is a rough idea of it
20:53 farblue ok, that makes some sense. So when defining the path in ext_pillar it is to a single key which then has a data structure
20:54 win_salt yeah
20:54 farblue how about if I wanted to limit keys to groups of servers matching a pattern like I can in other pillar source?
20:54 win_salt so how we did that, was by passing arguments to the ext_pillar in the config
20:54 farblue do I do that in the json data structure or do I need to define multiple vault pillars?
20:55 krymzon joined #salt
20:56 farblue right, ok, so you effectively have different keys in vault and salt interprets vars based on grain data etc. to define a key and therefore a vault pillar data set per minion?
20:56 farblue so there's no equiv. of the 'top.sls' type thing as there is for the git pillar
20:56 ablinkin joined #salt
20:57 win_salt yeah, you sorta have to make it yourself in the ext_pillar/ext_pillar config
20:58 farblue ok :) I think I've seen other pillars like that - I think consul does it that way as well
20:58 farblue thanks for your pointers - I'd never have guessed it works that way based on the docs I've found :)
20:59 farblue I was expecting it to work more as a root path and then key/value pairs within that root path such as 'vault write secret/salt foo=baa'
21:00 win_salt i was expecting the same thing.  Vault was a little uninuitive at first
21:01 jaybocc2 farblue: grains data is not secure, so it should not be used as criteria for what can access different vault keys you should instead use the minion names as those are tied to keys
21:01 ablinkin joined #salt
21:02 farblue jaybocc2: thank you, yes. I would use regex part matching on minion name but if I also had other data to narrow down on as well I figured grain data would be available
21:02 stanchan joined #salt
21:04 farblue win_salt: vault will work as I suggested with a path and then key/value pairs so you can set pairs one at a time then when you read you get back the complete set. If you get the format of the data correct it should be possible to update individual values rather than having to load in a json doc
21:05 pipps joined #salt
21:06 farblue win_salt: when authenticating with vault, are you limited just to a token? Is there some way to get the minion to generate a token before it talks to vault?
21:07 win_salt there is something called an appid, that you can use for auth.
21:07 farblue yeah, I know about that and was wondering
21:08 win_salt but do you mean master? ext_pillars only run on the master
21:08 farblue ah, ok
21:09 win_salt and so thats why we tried to keep the number of calls to vault down, because each time a minion wants its pillar it would trigger the master to call to vault
21:09 farblue so maybe I've mis-understood the stuff earlier.
21:10 ablinkin joined #salt
21:10 farblue as each minion asks for pillar data does the master re-processes the ext_pillar definitions then?
21:10 win_salt i believe so
21:10 farblue right, ok
21:11 farblue so, really, it might be better to have salt trigger something on the minion that then caused the minion to fetch the data from vault rather than using ext_pillars
21:11 farblue is template processing done on the master or the minion? such as when writing out a config file with variables in it
21:12 win_salt i think the templating is done on the minion
21:12 farblue hmm
21:13 farblue and I don't suppose there's a way to run a script and 'consume' the result into a variable that can then be used elsewhere?
21:13 win_salt im not sure what you mean
21:13 win_salt write a script to read vault and use that data in a template file?
21:14 farblue if I wanted the minion to run a bash script then take the result output from the bash script and use it as a variable when outputting a config file
21:14 farblue yeah, basically
21:14 farblue so the minion could query vault itself and then use the resulting value, such as a password, to write out a config file
21:15 win_salt you might want to look into custom grains, they are literally python scripts.  Or you could run the script in the state file and use its result in the file.managed
21:17 win_salt i think vault works fine as a pillar, even if its getting called a lot.  We have it set up through consul, so there can be a number of vault instances behind the scenes
21:17 farblue I'll investigate :) I'd prefer not to use grains as the vault data wouldn't then stay only on the minion
21:17 farblue yeah, we have it using consul as well :)
21:17 farblue I was just thinking about the master effectively having access to all the vault data for all the minions
21:18 farblue I mean, sure, the master needs to be trusted but even so, levels of separation are a good thing :)
21:18 ablinkin joined #salt
21:19 win_salt well based on the ext_pillar i dont think the master would have all of it
21:19 jaybocc2 Its a good thing to think about. I haven't used salt ext vault pillar yet because im still mulling over limiting secret access to only those that need access to it
21:20 farblue if the ext_pillar data is pulled from vault by the master then even if the actual path is calculated based on minion supplied data such as minion name the master's token must give permission to read all the keys and values
21:21 farblue we can't use minion-specific keys with different policies
21:21 farblue keys -> tokens
21:21 farblue so we can't use AppID style auth
21:23 farblue although I've not considered it yet, I guess the way the path works when fetching the data from vault will also preclude using it to dynamically generate database passwords
21:23 farblue and ssl certs
21:24 win_salt yeah, vault is pretty rigid
21:25 farblue I don't think it's vault, per-se, just the way the pillar integration works with it
21:25 farblue I'll investigate ways of getting the minions to talk to vault and provide the data retrieved back into the system so it can be used like pillar data in templates
21:26 ablinkin joined #salt
21:26 win_salt there is a lot you can do in the state files themselves, if you use the alternate renderers
21:27 jaybocc2 ^
21:27 jaybocc2 pyrender 4 lyfe
21:27 farblue I've just found SDBs which might do the trick
21:27 xbglowx joined #salt
21:28 win_salt what is that?
21:28 farblue https://docs.saltstack.com/en/latest/topics/sdb/
21:28 farblue basically a way to query external rest-style data stores
21:30 win_salt oh this looks interesting
21:31 farblue it mentions vault but the google link for the vault sdb seems broken
21:31 farblue also, again, I don't know if it is minion or master
21:32 farblue although as it mentions the config can be in a minion configuration file I guess it can be minion based
21:32 win_salt well the sdb module is gonna run on the minion
21:33 west575 joined #salt
21:33 win_salt salt-run is on the master, salt-call is on the minion
21:35 farblue looks like if vault was previously supported it isn't any more: https://docs.saltstack.com/en/latest/ref/sdb/all/index.html
21:37 farblue although I've found it in the source code for master on github
21:38 farblue so I guess it will be in the next release of SaltStack
21:38 win_salt it could work with the rest driver i bet
21:39 farblue possibly, although auth could be tricky
21:39 numkem joined #salt
21:39 farblue it's a python module though so in theory (if the API hasn't changed) you could drop the source from github into place and use it now
21:39 win_salt oh definitely
21:40 win_salt thats why i like salt so much, you drop modules in _modules or _grains and thats it
21:42 farblue I'll have to experiment :)
21:42 farblue https://github.com/saltstack/salt/blob/develop/salt/sdb/vault.py
21:42 farblue looks like it can use the same config block as the pillar
21:43 win_salt i didnt know there was a salt.utils.vault
21:43 farblue me neither :)
21:45 farblue again, only in develop, not in the 2016.3.2 release
21:45 sagerdearia joined #salt
21:47 farblue got to go now but thank you very much for your help win_salt :)
21:48 farblue left #salt
21:49 ablinkin joined #salt
21:58 west575 joined #salt
22:02 sagerdearia joined #salt
22:02 xbglowx joined #salt
22:04 pipps joined #salt
22:06 ablinkin joined #salt
22:09 pipps joined #salt
22:14 ablinkin_ joined #salt
22:15 brent__ joined #salt
22:16 investing left #salt
22:19 pipps joined #salt
22:22 scsinutz joined #salt
22:24 sagerdearia joined #salt
22:26 bbradley joined #salt
22:36 badon joined #salt
22:38 raiden joined #salt
22:39 raiden can i push a file from minion to master to a custom path?
22:39 pipps99 joined #salt
22:39 Deliants joined #salt
22:40 N-Mi joined #salt
22:40 stanchan joined #salt
22:46 ablinkin joined #salt
22:54 iggy minionfs
22:58 chrichip joined #salt
22:58 nicksloan joined #salt
23:02 Guest38709 @iggy but that will be stored in cache dir
23:02 Guest38709 i want to put it at some other place
23:02 Guest38709 how do I do that
23:04 onlyanegg I'm managing a file from an https source which requires authentication. Can the file.managed state accept credentials?
23:05 iggy Guest38709: you don't
23:05 iggy it would be reckless to allow the minion to push files to arbitrary paths on the master
23:06 iggy i.e. rogue minion overwrites sshd on the master instsalling a backdoor
23:07 edrocks joined #salt
23:10 ninjada joined #salt
23:17 stanchan joined #salt
23:18 Guest38709 thanks man, still I have a use case where I need to send some file from minion to someone
23:18 Guest38709 what is the best way
23:20 misconfig Hi everyone - does anyone know how to use the file.line module with multiple occurrences in a file while using 'after'. ex: => https://gist.github.com/ndobbs/f508e36016e067467f5ab42ec16fe180
23:22 dendazen joined #salt
23:23 Sokel How exactly would I use {{ show_full_context() }} when trying to debug 'dict object has no attribute' in a state. The documentation is not clear on this
23:23 ponyofdeath hi, trying to get the string from pillar data but am getting ['data'] inestead
23:23 ponyofdeath {{ pillar['mysql']['database'] }}
23:24 ponyofdeath how do i just get the string or a certain value in the array
23:25 bltmiller joined #salt
23:26 dezertol {{ salt['pillar.get']('mysql:database'], []) %}
23:26 dezertol err.. }} at the end
23:26 dezertol but it will depend on how you have it in your pillar
23:26 dezertol :q!
23:26 scsinutz joined #salt
23:27 stanchan joined #salt
23:28 _Cyclone_ joined #salt
23:32 ponyofdeath dezertol: yup thats giving me the same thing ['dbname'] instead of just dbname
23:33 dezertol I'm guessing the pillar isn't setup correctly
23:33 dezertol do you see the values if you do a salt '*' pillar.items
23:34 ponyofdeath yup
23:34 dezertol salt '*' saltutil.pillar_refresh
23:34 ponyofdeath https://bpaste.net/show/2f186f58ef97
23:34 mschiff Is it possible to let a minion abort its run if there are pillar render errors?
23:35 dezertol if the pillar failes to render it will abort anyway
23:36 iggy ponyofdeath: {{ pillar.get(some_list) | first }}
23:37 spuder joined #salt
23:37 dezertol https://bpaste.net/show/08b1d13d27c4
23:37 Guest38709 using salt can we send mails with attachment
23:38 dezertol if you have your pillar like the pasted entry you should be able to do it the way your are.. I am doing it that way in my env and it works fine
23:38 ponyofdeath iggy: some_list is in what format?
23:38 ponyofdeath dezertol: thanks
23:39 mschiff dezertol: no it does not abort (at least here)
23:39 iggy ponyofdeath: you are already fetching a list... I just didn't want to type that out
23:40 dezertol if you have a syntax rending error in your pillar.. it should error out indicating that the pillar failed to render..
23:40 dezertol it does for me
23:41 ponyofdeath iggy: {{ pillar.get('mysql[database]') | first }} this errors out
23:41 mschiff dezertol: on the master side an error is logged. But for the minion that specific pillar just does not exist then
23:41 iggy ponyofdeath: why do you have [] inside the quotes
23:41 mschiff which can lead to ugly effects like services being reconfigured with wrong config etc
23:42 iggy ponyofdeath: {{ salt['pillar.get']('mysql:database')|first }}
23:42 dezertol that would make sense.. if it failes to render on the master .. I doubt it would push it out to the minions..
23:42 ponyofdeath iggy: thanks
23:42 dezertol and hence be blank and or missing on the minions..
23:43 mschiff dezertol: pillars are being rendered on the master
23:44 dezertol the minion requests the data from the master, the master renders it.. but if it failes to render.. the master won't send the pillar data back to the minion
23:44 dezertol as it failed..
23:47 iggy I've never seen that happen
23:48 dezertol never seen what happen?
23:48 iggy do you have `minion_pillar_cache` enabled?
23:48 iggy never seen the master fail to render the pillar and the minion decide it was safe to continue
23:48 dezertol ya same here.. I've never seen that either
23:49 dezertol unless like you say there some cache issue.. where it's confused or something.. I have no idea.
23:49 mschiff dezertol: right, and the minion will not have pillar keys from the failed sls. But it has pillar data from other sls files that rendered ok
23:50 dezertol ya I get that, I've just never seen it fail like your describing ..
23:50 dezertol do you have more then one master?
23:50 spuder_ joined #salt
23:50 mschiff when I run "salt-call pillar.items" on the minion, I can see an error message in the pillar data, stating the some render error happened
23:51 mschiff no only one master
23:52 mschiff or wait, will it just not fail only with test=1?
23:57 mschiff dezertol: ok, true. I was just doing dryruns with test=1 and a state run was simulated with wrong pillars not being there due to render errors
23:59 Guest38709 can someone check this pls: http://pastebin.com/s1w1WZBS
23:59 Guest38709 when I run the file using the state it does not take my keyword arguments
23:59 Guest38709 what am I doing wrong

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary