Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2016-09-15

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:05 west575_ joined #salt
00:09 Vaelatern joined #salt
00:12 jerrcs joined #salt
00:13 ahammond sjmh: "have you used awk" "Me: no, and I consider it harmful. perl -lane or -lape can do anything you might reasonably want to do with awk, and more, while achieving even higher levels of obfuscation"
00:14 ahammond sjmh the interviewer proceeded to ask me an awk question anyway. Google is one of the few places where I've actually walked out of an interview.
00:14 spuder_ joined #salt
00:16 xMopxShell joined #salt
00:17 voytek joined #salt
00:19 sp0097 joined #salt
00:19 chadhs joined #salt
00:27 flowstate joined #salt
00:32 chadhs joined #salt
00:40 myraft_ joined #salt
01:04 cyborg-one joined #salt
01:11 RandyT joined #salt
01:11 chadhs joined #salt
01:17 bltmiller joined #salt
01:23 LiamMon joined #salt
01:31 ssplatt joined #salt
01:33 pipps joined #salt
01:36 west575 joined #salt
01:39 catpigger joined #salt
01:48 ilbot3 joined #salt
01:48 Topic for #salt is now Welcome to #salt! | Latest Versions: 2015.8.12, 2016.3.3 | Support: https://www.saltstack.com/support/ | Logs: http://irclog.perlgeek.de/salt/ | Paste: https://gist.github.com/ (please don't multiline paste into channel) | See also: #salt-devel, #salt-offtopic | Ask with patience as we are volunteers and may not have immediate answers
02:02 bastiandg joined #salt
02:11 sjmh joined #salt
02:12 sjmh ahammond : ha, nice.  yeah, I didn't get an awk question, but I had similar things.
02:12 blu__ joined #salt
02:12 onlyanegg joined #salt
02:13 boltronics Question: I've got a simple state that looks like this: https://gist.github.com/boltronics/2d94e29209a6566ec44fab7904ae3e2d
02:14 boltronics When I run this on a 2016.3.3 minion, I get the warning:
02:14 boltronics [WARNING ] /usr/lib/python2.7/dist-packages/salt/utils/templates.py:73: DeprecationWarning: Starting in 2015.5, cmd.run uses python_shell=False by default, which doesn't support shellisms (pipes, env variables, etc). cmd.run is currently aliased to cmd.shell to prevent breakage. Please switch to cmd.shell or set python_shell=True to avoid breakage in the future, when this aliasing is removed.
02:14 boltronics According to https://docs.saltstack.com/en/latest/topics/releases/2015.5.0.html cmd.run in jinja is supposed to be unaffected.
02:15 boltronics Even if it is affected, I'm using python_shell=True.
02:15 boltronics Even python_shell=False still causes the warning. How can I avoid the warning without replacing this with cmd.shell?
02:15 boltronics Is this a bug?
02:23 quasiben joined #salt
02:27 flowstate joined #salt
02:28 raspado i keep getting an error to install python-croniter eventhough it is installed (this is for a job i scheduled) any ideas? http://pastebin.com/9wUMC7ZU
02:30 raspado maybe it just needs a restart
02:35 chadhs joined #salt
02:44 ninjada_ joined #salt
02:46 edrocks_ joined #salt
02:47 honestly ahammond: if you've studied awk enough to judge it as "harmful", shouldn't you know enough about it to answer a simple question on it?
02:48 honestly seriously though, awk is one of those tools with infinitely many knobs, and unless you use it every day you will always have to consult the manual on which knobs to turn to where
02:48 whitenoise__ joined #salt
02:50 sjmh joined #salt
02:53 ninjada joined #salt
02:54 ecdhe honestly, I think it was suggested that "awk" was just a stand in for the actual tool the google interviewer was asking about, not the actual tool in question.
02:56 honestly I don't think that was suggested, although the part where they said "achieving even higher levels of obfuscation" is a bit strange.
02:56 patrek joined #salt
02:57 ecdhe higher levels of obfuscation was referring to perl.
02:57 ecdhe On april 1, we should post a github issue suggesting salt be ported from python to perl.
02:59 sjmh the original 'awk' example was just an example that the interviewers would forge forward with their list of questions, regardless if you had any experience with said technology.
02:59 bastiand1 joined #salt
03:03 marie1972 joined #salt
03:03 marie1972 left #salt
03:05 writtenoff joined #salt
03:07 chadhs joined #salt
03:12 systo joined #salt
03:12 spuder joined #salt
03:21 ronrib joined #salt
03:22 ninjada joined #salt
03:25 systo joined #salt
03:25 flowstate joined #salt
03:30 raspado joined #salt
03:39 DaveQB joined #salt
03:48 armonge joined #salt
03:49 systo joined #salt
03:49 armonge joined #salt
03:53 ninjada joined #salt
03:59 tuxx joined #salt
04:01 DaveQB joined #salt
04:01 pppingme joined #salt
04:02 ninjada joined #salt
04:21 scoates joined #salt
04:25 flowstate joined #salt
04:27 chadhs joined #salt
04:33 armonge joined #salt
04:40 rdas joined #salt
04:42 spuder joined #salt
05:04 mohae_ joined #salt
05:26 flowstate joined #salt
05:28 bocaneri joined #salt
06:00 jxm_ joined #salt
06:01 kshlm joined #salt
06:02 DarkKnightCZ joined #salt
06:11 felskrone joined #salt
06:21 ravenx joined #salt
06:21 ravenx do you guys know how i can just use salt'sjinja renderr
06:21 ravenx without having to high state or anythign?
06:26 flowstate joined #salt
06:48 krymzon joined #salt
06:54 lahwran joined #salt
06:57 ronnix joined #salt
07:07 ninjada_ joined #salt
07:16 ninjada joined #salt
07:16 dariusjs joined #salt
07:16 toanju joined #salt
07:21 Electron^- joined #salt
07:23 ninjada joined #salt
07:25 flowstate joined #salt
07:28 ninjada joined #salt
07:30 ecdhe_ joined #salt
07:32 quantumquine joined #salt
07:32 barmaley joined #salt
07:32 quantumquine Do I need to restart the minion after adding new mine_functions to pillar?
07:33 hemebond quantumquine: No, but you might need to sync or highstate.
07:34 ksa I'm coming from a puppet setup, where we had one yaml file for each server, and could set values in those. Now I'm learning saltstack, but I am not sure about the pillars. I do not find much about having one pillar file for each server, can someone perhaps point me in the right direction?
07:34 hemebond ksa: Pillars are applied/targeted just like states.
07:34 hemebond You can indeed have a separate pillar file for each server.
07:35 hemebond Or no files. Or many files.
07:35 ksa hemebond: yeah it seem to be that top.sls in pillars is the same for states. But is there a easy way to just create a file for FQDN - and not do anything in top.sls?
07:36 hemebond Nothing is applied unless you tell it to. You can using Jinja templating in the top.sls file, e.g., {{ salt['grains.get']('id') }}
07:37 quantumquine hemebond: so is: "salt '*' state.apply" enough? because so far it's not working
07:37 barmaley joined #salt
07:37 hemebond quantumquine: Salt mine sends back data on a schedule; every 60 minutes by default I think.
07:38 hemebond But I think you can force it to send back data immediately.
07:38 hemebond salt '*' mine.update
07:38 hemebond https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.mine.html#salt.modules.mine.update
07:42 kbaikov joined #salt
07:42 quantumquine I think it just updates the existing ones, I still don't get any new ones.
07:43 hemebond What about...
07:43 hemebond salt '*' saltutil.sync_all
07:43 ksa hemebond: I think I understand what you mean :)
07:44 ksa hemebond: Just been unable to find any good examples of it.
07:44 hemebond ksa:  You're not the first so you'll find many examples.
07:44 hemebond Oh. One sec...
07:44 netcho joined #salt
07:44 ksa I might fail at finding them hen :P
07:44 ksa then*
07:45 hemebond https://groups.google.com/d/msg/salt-users/qAFdYvVm9Nk/DGZoekP3AgAJ
07:46 ksa nice!
07:46 hemebond Wait...
07:46 hemebond That one is over-kill.
07:47 hemebond But at least shows you how to reference the minion ID.
07:47 hemebond You don't need to ALSO match on the ID.
07:48 ecdhe joined #salt
07:48 ksa I'm reading it, like ti changes to lowercase and matches on 'server' which is lowercase. I do not follow the ALSO thing?
07:49 ecdhe joined #salt
07:49 ecdhe joined #salt
07:49 hemebond So what they've got there fetches the current minion ID. Then creates a target to match that ID. Then apply a file with that ID in the filename.
07:49 hemebond It will ALWAYS match because you're targeting the current minion ID.
07:50 hemebond So you can just use '*'
07:50 hemebond Along with - {{ server }}
07:51 ksa you mean change   'id:{{ server }}': to just * ?
07:51 ivanjaros joined #salt
07:52 hemebond Yeah, and remove the - match line
07:52 quantumquine Thanks. sync_all did not help, but I looked into saltutil and found refresh_pillar. That one worked!
07:53 ksa hemebond: http://pastebin.com/9YU65CS8 like this?
07:53 fredprod joined #salt
07:53 hemebond You got it.
07:53 hemebond Now as long as you have a matching *server*.sls it'll be applied.
07:54 hemebond quantumquine: Yikes. Both highstate and sync_all are supposed to sync Pillars.
07:55 ksa hemebond: Thank you! Finally I can move on! :)
07:56 hemebond Good luck :-)
07:56 quantumquine The strange thing is, when I originally did "salt '*' pillar.items" I saw the mine_functions were there. So I don't know if refresh_pillar helped, or something else propagated.
07:58 hemebond It's very possible it just got around to sending the data over :-)
07:58 ninjada joined #salt
08:01 west575_ joined #salt
08:02 mohae joined #salt
08:03 armyriad joined #salt
08:03 quantumquine Nope, it seems pillar refresh does something more than highstate: https://gist.github.com/fizmat/ad6291ac631be9c1d5fc4b0fc605702a
08:03 fredvd joined #salt
08:03 quantumquine (here I removed the pillar that applies the mine_functions from 2 hosts)
08:04 Rumbles joined #salt
08:05 hemebond That's true, highstate doesn't sync everything every time. But sync_all should.
08:05 mikecmpbll joined #salt
08:05 hemebond Well, sync_all should sync pillars.
08:06 hemebond Highstate should also sync pillars, but apparently doesn't do it every time for performance. I guess it's suppose to do some check.
08:07 hemebond But because of that I tend to always do a refresh_pillar when playing with Pillars.
08:07 hemebond Every time I want to check the result.
08:07 geomacy joined #salt
08:09 fredprod joined #salt
08:09 LiamMon joined #salt
08:10 felskrone anyone know of an easier way of debugging grains.filter_by()-merges done in map.jinja than using show_full_context()?
08:10 quantumquine I looked at the source. sync_all only does sync_pillar and refresh_pillar to masterless minions
08:13 hemebond On masterless minions?
08:14 hemebond Sure that isn't just a change in behaviour for those two versions noted?
08:15 quantumquine https://github.com/saltstack/salt/blob/develop/salt/modules/saltutil.py#L635 and https://github.com/saltstack/salt/blob/develop/salt/modules/saltutil.py#L570
08:15 quantumquine I don't know why
08:16 hemebond Oh.
08:16 hemebond That's because Pillars are not actually sent to the minion; just the compiled result.
08:17 hemebond So yes, you're right, sync_all doesn't do Pillars.
08:17 hemebond So you have to refresh_pillar
08:18 hemebond I don't use Salt mine much myself so I forgot that it was a Pillar (or could be).
08:19 quantumquine What do you use for things other people use the mine for?
08:19 hemebond I prefer to tell my minions what to do. I haven't had to discover services yet, I just tell things where to go.
08:20 hemebond At work we have a Puppet setup that uses resource collection to configure things; similar to using Salt mine to collect information about what's out there.
08:21 hemebond I find it a terrible pain in the butt.
08:23 fredprod joined #salt
08:25 CeBe joined #salt
08:26 quantumquine I kind of like resource collection as an idea, but it is harder to debug and use than just having a preconfigured list of servers. In the same way I kind of liked ansible's inventory more than salt's targeting top. But the modules in salt are just so much smarter...
08:26 ravenx is it possible to have a jinja template in a folder, with the jinja variables in the same folder (not in pillars)
08:26 ravenx and then have the highstate fill it out?
08:27 hemebond quantumquine: Isn't the Ansible inventory just a list of nodes and the things to apply to them?
08:27 quantumquine And node groups. Very convenient when you have 3-10 nodes =)
08:28 hemebond Salt has node groups too.
08:29 keimlink joined #salt
08:30 quantumquine Yes, but having one inventory as the source of this top-level logic was nice. Maybe I'm not used to having top.sls as the same source of logic yet.
08:30 Devestration joined #salt
08:31 ksa is there any way to write secure grains? so far they seem insecure, beside id.
08:32 hemebond ksa: Secure information should go into Pillars. Only applicable Pillar data is sent to each minion.
08:33 ksa with puppet, you could sign the cert with secure facts e.g. customer id and such. Anything like that possible?
08:33 hemebond sign the cert?
08:34 ksa Trusted Facts is the term they use. http://www.sebdangerfield.me.uk/2015/06/puppet-trusted-facts/
08:34 ksa So that data is in the certificate, and that way they are secure.
08:35 hemebond The data would go into Pillars and you wouldn't use Grains to send secure information to minions.
08:36 hemebond Is that really what that page is saying?
08:36 hemebond Oh I see it now.
08:37 ksa Not passwords I wanna store, just some details about the server.
08:37 hemebond Yeah, I don't think there's a reason to do it like that.
08:37 ksa I am able to trust :)
08:37 hemebond I would put that into Pillars.
08:38 ksa My hope was I could have a secure grains, and apply pillar values to that node based on e.g. {{customer}}/{{server}} if you get my idea
08:38 toanju joined #salt
08:39 hemebond Well the minion ID is secure. That's all you can depend on as far as I know.
08:40 ksa Yeah. Just wanted to see if any of you here, had a good idea :)
08:40 ksa otherwise pillar is the way to go
08:40 hemebond If you wanted to group the Pillar files into customer directories you could use some sort of registry.
08:41 boogibugs joined #salt
08:42 ksa yeah, just trying to find the best way right now. Hoped for some secure grains, but now its plan b :-)
08:44 mikecmpbll joined #salt
08:47 hemebond Don't forget that Pillars don't have to be YAML files on the server.
08:50 BlackBishop so .. I'm doing salt <machine> grains.set type something ; salt <machine> saltutil.sync_grains ; salt <machine> grains.get type ... nothing ...
08:50 ksa hemebond: More details? :-)
08:50 BlackBishop what did I miss ?
08:51 hemebond ksa: https://docs.saltstack.com/en/latest/ref/pillar/all/
08:51 ksa hemebond: oh right :-)
08:51 yuhlw_ joined #salt
08:53 hemebond BlackBishop: Not sure. I just did a grains.set and grains.get and it worked fine (no sync)
08:54 hlub Any ideas for easy and secure way of collecting output files from development machines and adding them to another machine? I think the master should select those dev machines and collect the files but how?
08:54 Aloz1 joined #salt
08:55 hlub I want to select the dev machines depending on pillar data. the transfer of the files is the unclear part here.
08:56 hemebond hlub: Manual process okay?
08:56 N-Mi joined #salt
08:56 N-Mi joined #salt
08:58 ozux joined #salt
08:58 hlub it should be fully automated and no additional connections (no ssh, ftp, etc)
08:58 hemebond Personally I would just you a secure FTP server to transfer files around.
08:58 hemebond Well, you can use cp.push (though it's broken in the latest version).
08:58 hemebond That will copy a file from a minion to the master.
08:59 hemebond Not sure how best to push the file back down as the files end up outside of the Salt file tree.
08:59 hlub yeah, but I don't like the idea that every minion is able to fill the disk space of the master.
08:59 hemebond Well, only if you let them.
09:00 hemebond or rather, tell them to.
09:00 ivanjaros3916 joined #salt
09:00 BlackBishop hmmm .. on the minion while trying to set the grain I see a [salt.minion      ][ERROR   ][6615] Got insufficient arguments for grains match statement from master
09:00 hlub I am not aware of a way to allow push for only specific minions.
09:01 hemebond hlub: Symlink all their directories to /dev/null :-D
09:02 hlub no thanks :)
09:02 hemebond BlackBishop: Would need to see your actual commands to help further.
09:02 hlub maybe I should use ssh anyway
09:02 BlackBishop hemebond: exactly those .. salt somemachine grains.set type something
09:03 hlub distribute public keys through mine and so on
09:03 BlackBishop saltutils.sync_grains and grains.get type
09:03 hemebond I put quotes around the grain name.
09:03 hemebond Not sure if that helped.
09:03 BlackBishop well, I doubt that .. but I'll check
09:03 Rumbles joined #salt
09:04 BlackBishop nope, same .. of course
09:04 hemebond Hmm. Not sure what else to check.
09:05 hemebond It says you don't have enough arguments so...
09:05 hemebond salt myminion grains.set 'purpose' 'Nothing'
09:05 hemebond That's all I did.
09:05 hemebond salt myminion grains.get 'purpose'
09:06 mage_ to the salt devs: it would be incredibly usefull to be able to include a specific sls but only certain ids
09:06 hemebond mage_: What do you mean?
09:07 saintpablo joined #salt
09:08 mage_ hemebond: something like https://gist.github.com/silenius/476212b1d63c2770f1032f4a727516a7
09:08 hemebond I don't get it. Include an SLS only for certain minions?
09:11 mage_ hemebond: yes and no.. this is what I do ATM but I have dozen of small files with only something like {% set myid = 'foo' %} {% include '_sometemplate.sls' %}
09:12 hemebond So...
09:12 hemebond You are applying a file based on some targeting; the ID?
09:12 hemebond And that file only includes another file?
09:12 ninjada joined #salt
09:16 mage_ this is what I have ATM https://gist.github.com/silenius/56f5bb54099dab2c30d3083955a9657c
09:17 mage_ it would be interresting to be able to iterate of all "webapps", generate all the {{ webapp }}_venv in _one_ file, so that in this file we have the vens for ALL the webapps
09:18 mage_ and in mywebapps.sls be able to include this file _but_ only for mywebapp_venv
09:19 babilen Why not a generic state that builds the SLS based on pillar data so that you just target the right 'id' to the minions in question?
09:21 mage_ because it allows $somedev to quickly redeploy only one webapp in this case, with something like salt sometarget state.apply onlythis.webapp
09:21 mage_ as a sysadmin the generic state is perfect
09:21 DanyC joined #salt
09:21 ravenx anyone have experience writing a jinja 2 renderer?
09:22 ravenx http://ix.io/1n5L/#n-LINENO
09:22 mage_ but we have ~50 webapps here and we need to quickly redeploy only _one_ webapp
09:22 ravenx trying to substitute the what['name'] part, but that doesn't seem to work
09:23 mage_ we could of course rexecute the whole generic sls but it takes minutes instead of < 10 sec
09:23 hemebond So applying the states reinstalls the webapp?
09:23 lero joined #salt
09:24 mage_ more or less (it creates the dedicated user, the virtualenv/rbenv, some orchestration for Solr, git checkout, config files, etc)
09:24 babilen Is this mostly for working manually?
09:24 hemebond I haven't really figured out the Gist you posted.
09:25 toanju joined #salt
09:25 mage_ babilen: yes.. in short here "some devs" are responsible for "some apps" and I'd like to allow them to quickly redeploy
09:26 agend joined #salt
09:27 mage_ hemebond: I'd like to generate all the states for all my webapps in _one_ file, and be able to include _some_ ids of this file in a dedicated_webapp.sls
09:27 babilen And they don't want to do that by submitting changes into a reviewed VCS, but simply run it manually. So you just try to write SLS files in a way that doesn't require you to copy and paste most of them?
09:27 hemebond I haven't really grasped it, but what about just using a lookup dict and generating an SLS using that?
09:27 babilen mage_: Can't you use state.sls_id ?
09:28 mage_ let me check ..
09:28 babilen Or allow them to pass in pillars on the command line and use that
09:29 babilen (don't really agree with the 'manual' approach there, but if that's what you want then I won't argue)
09:29 mage_ yep I could do state.sls_id mywebapp.user mywebapp.venv mywebapp.repo mywebapp. ...
09:29 mage_ does sls_id handles requisites ?
09:29 babilen state.sls some.generic_webapp pillar="{'myid': 'foo'}"
09:29 babilen mage_: sls_id handles requisites, yes
09:30 mage_ let me check :)
09:31 mage_ but maybe the pillar="{'myid' : 'foo'}" is better
09:32 babilen This all assumed that your highstates don't actually work
09:33 babilen *assumes
09:33 mage_ what do you mean?
09:33 babilen Well .. if you rely on somebody specifying myid on the command line, running a highstate against that minion wouldn't do the same thing
09:34 babilen (as your admins won't be able to specify the id on the command line then)
09:34 mage_ the "somebody specifying myid" is only executed on a sandbox machine (freebsd jail)
09:35 mage_ and the myid is part of the whole highstate
09:35 JohnnyRun joined #salt
09:35 babilen Why not run a highstate then?
09:36 hemebond It's not ensuring a state but instead reinstalling everything. Is that right?
09:36 babilen I don't get it .. if you target foo.bar in your highstate and it does the right thing, why can't you target that with state.sls ?
09:36 hemebond So highstate takes too long to run.
09:36 babilen Oh .. well, then we should rather address that, shouldn't we?
09:37 hemebond ^
09:39 mage_ babilen: we have a "sandbox" general jail, and each dev has also a dedicated jail
09:39 mage_ all those jails have the same pillar data
09:39 mage_ infos about all webapps, venvs, dedicated users, etc
09:40 mage_ and highstate on the "general" sandbox should redeploy everything
09:40 mage_ but $somedev could quickly rm -rf it's jail, create a new one and only redeploy $someapp in it
09:41 mage_ with something like salt myspecificjail state.apply webapps.onlythiswebapp
09:41 babilen And a highstate wouldn't achieve that?
09:42 mage_ no because it uses the same templates
09:42 mage_ a highstate iterate on the pillar data (which are shared) and install all the webapps
09:42 babilen So running a highstate against that minion wouldn't do the right thing? (at that point in time)
09:43 mage_ it would
09:43 mage_ a dev could want to redeploy everything
09:43 mage_ on his specific jail
09:43 babilen Can't you fix that by targeting suitable pillar data to myspecificjail?
09:43 DanyC left #salt
09:43 babilen (so that a highstate on that minion actually does the right thing)
09:43 mage_ yep, but in this case I should modify pillar data every times
09:44 babilen I mean .. that's what it boils down to. You want your states to do the right thing without you having to rely on some specific manual commands
09:44 JohnnyRun joined #salt
09:44 babilen So the problem is that generating pillar data is cumbersome?
09:48 mage_ not really, it's just that I'm looking for a balance between "maximum flexibility" for the devs, security (only execute what they're allowed), and work load for me :)
09:48 mage_ maybe I could use an external pillar too
09:49 mage_ in fact in the past we used Fabric/Capistrano/... with no CMS, and we replaced everything with SaltStack
09:49 dariusjs joined #salt
09:49 sfxandy joined #salt
09:52 sfxandy morning folks
09:52 mage_ hello
09:54 mage_ babilen: you never need to "re-execute" states that are part of a high state?
09:58 Aloz1 joined #salt
09:58 mage_ another use case is for example to quickly propagate a "quick fix" for $somewebapp on the production servers (let's say a simple update in a template)
10:00 mage_ why would you run the whole states for the other webapps when you know that you only need to propagate only this fix ?
10:01 hemebond mage_: The idea is to have idempotent states.
10:01 hemebond So highstate isn't to reinstall things, it's to make sure they're already installed and configured as desired.
10:01 mage_ yep I understand that :)
10:02 mage_ but this takes time and can be complex if you have orchestration etc
10:02 hemebond Maybe remove all those states from the highstate.
10:02 hemebond And have them apply them manually as required.
10:03 pipps joined #salt
10:06 mage_ also in my webapp state for ex I have a prereq that shutdown the underlying service (gunicorn, paster, etc), so even in the case of idempotent states and my "quick fix" example each service will be stopped and restarted
10:07 Kakwa with the salt.states.boto_ec2 state (https://docs.saltstack.com/en/latest/ref/states/all/salt.states.boto_ec2.html) how is it possible to associate an EIP to an instance? (if possible, with a DNS name in route53)
10:07 hemebond Wouldn't you normally only restart services if something has changed?
10:08 mage_ yep, if the underlying code changed (so the git.latest changed), or the virtualenv is updated, or. ..
10:08 mage_ I could use a watch requisite, but I have some cmd.run and it's not always fired
10:09 myraft_ joined #salt
10:10 ksa hemebond: https://gist.github.com/ksaio/3e6f94c0fab976be9fe59440814b955b mind taking a look? the code does not work, but you get the idea. Anything like this possible? I would like to avoid the matching, but since grains isn't trusted.
10:11 hemebond ksa: Jinja doesn't really support regex :-)
10:11 ksa hemebond: yeah i found out.. so a bit stuck :)
10:12 hemebond Okay, so...
10:12 ksa i might have the wrong idea i wanna do.. but not sure what the best way is
10:12 hemebond You're basically doing targeting still, even though you're using the minion ID.
10:13 yomilk joined #salt
10:13 hemebond Change those regex into simple blob matches (unless you really need a regex).
10:13 hemebond And use regular top.sls targeting to apply the states.
10:13 mage_ ksa: you can always write a module for such thing (a little ugly, but it's the only way to do that in Jinja)
10:14 ronnix joined #salt
10:14 ksa hemebond: you mean, i just have each server added in top.sls?
10:14 hemebond I'm writing a comment now with a suggestion.
10:14 ksa mage_: yeah, kinda want to avoid that :)
10:14 mage_ it's really super annoying that you can't use python modules/functions in jinja
10:15 mage_ I had to write a module only to use a simple os.path.join()
10:17 hemebond Comment added.
10:17 ksa oh
10:17 ksa why didn't i think of that!
10:18 hemebond Just made a minor change.
10:18 ksa I actually seen that before.. I mean the matching you do, but just forgot about it.. Meh :)
10:18 voxpop joined #salt
10:19 voxpop joined #salt
10:19 ksa regexp is possible in that matching?
10:19 hemebond Yes, you could use regex as well. I've just gone for blob matching as that's the default and seems good enough for your examples.
10:20 voxpop joined #salt
10:20 hemebond https://docs.saltstack.com/en/latest/ref/states/top.html#advanced-minion-targeting
10:20 ksa nice, thanks :)
10:21 felskrone hemebond: https://docs.saltstack.com/en/latest/topics/targeting/compound.html and more on the matchers :-)
10:26 voxpop joined #salt
10:26 krymzon joined #salt
10:27 voxpop joined #salt
10:28 voxpop joined #salt
10:29 voxpop joined #salt
10:29 ksa hemebond: thanks again! very helpful :-)
10:30 voxpop joined #salt
10:36 voxpop joined #salt
10:41 impi joined #salt
10:41 dariusjs joined #salt
10:49 GreatSnoopy joined #salt
10:50 flowstate joined #salt
10:53 teryx510 joined #salt
10:53 ronnix joined #salt
10:54 ronnix joined #salt
10:54 mikecmpbll joined #salt
10:57 lm_ joined #salt
10:59 amcorreia joined #salt
11:14 saintpablo joined #salt
11:19 quasiben joined #salt
11:25 flowstate joined #salt
11:27 oznt joined #salt
11:27 jhauser joined #salt
11:28 oznt hi everyone, i have created a `_beacons` directory and put some beacons in it, but sync_beacons does nothing... at least it outputs nothing. Can someone here give an example how this directory should be organized?
11:31 kshlm joined #salt
11:36 dariusjs joined #salt
11:37 jcristau joined #salt
11:40 fredprod joined #salt
11:43 PerilousApricot joined #salt
11:53 cro joined #salt
11:56 ronnix joined #salt
12:01 fredprod joined #salt
12:02 jhauser joined #salt
12:05 patrek joined #salt
12:08 mage_ is there an easy way to include: - somesls where id in somesls depends on somevar in the main template?
12:09 hemebond mage_: I wonder if you should try out Jinja template inheritance,
12:09 nicksloan joined #salt
12:09 mage_ yep yep .. but then I get duplicate ids
12:10 mage_ the whole point of using include: vs {% include %} is to avoid that :)
12:11 mage_ or maybe don't use include: at all and use macros?
12:12 yomilk joined #salt
12:14 mage_ or maybe there is a way to "ignore" duplicate ids ?
12:17 numkem joined #salt
12:26 quantumquine Is there an IDE that supports salt?
12:28 babilen All you need is yaml and jinja support
12:28 babilen Easy to define a derived major mode for both in Emacs, no idea about most IDEs, but I would be surprised if they don't support YAML
12:30 quantumquine I'm not talking just syntax highlighting. I want to rename an sls file and have all indludes that reference it renamed. You know, the stuff a dedicated IDE is actually good for.
12:30 quantumquine *includes
12:31 babilen Not aware of it
12:31 mage_ you can do that with vim and the Ag plugin for that, then replace in all buffers
12:31 mage_ s/for that//
12:32 babilen That wouldn't be smart refactoring though
12:33 armonge joined #salt
12:33 quantumquine Google doesn't seem to know any ether. Oh well.
12:33 XenophonF does anyone have a formula for managing gpg keystores?
12:34 XenophonF i might write an extension to users-formula that handles that stuff, if it isn't supported there already
12:34 jhauser joined #salt
12:35 babilen XenophonF: What's a gpg keystore?
12:36 babilen Like a key server?
12:36 babilen Ah .. you are referring to the users-formula and probably mean gpg keyrings then
12:37 XenophonF oh right keyring is what it's called in pgp
12:38 XenophonF sorry i've been heads-down too long in j2ee lately
12:38 XenophonF i'm looking over salt.modules.gpg and salt.states.gpg
12:38 XenophonF mulling over how to wire things up
12:39 XenophonF ultimately, i want the combo of users-formula and salt-formula to allow me to configure the gpg renderer, and that includes generating a keypair for the salt-master
12:39 babilen Ah, you want to generate them?
12:39 XenophonF yup
12:39 babilen Sounds good .. let me know once you are done so that I can steal it
12:39 JohnnyRun joined #salt
12:39 XenophonF hah will do
12:39 babilen >:-)
12:59 Morrolan joined #salt
13:00 mrud joined #salt
13:05 voxpop joined #salt
13:08 barmaley joined #salt
13:10 drawsmcgraw left #salt
13:12 drawsmcgraw joined #salt
13:13 XenophonF "Passing the user as 'salt' will set the GPG home directory to /etc/salt/gpgkeys."
13:13 XenophonF well, hm
13:13 XenophonF that's not quite what i want
13:13 Morrolan |aaron: You should be able to do that via the 'Mine': https://docs.saltstack.com/en/latest/topics/mine/
13:14 nidr0x joined #salt
13:15 Morrolan |aaron: Oh damn, just noticed that that message of yours was way back in the backlog.Sorry. :P
13:15 subsignal joined #salt
13:17 subsigna_ joined #salt
13:24 XenophonF salt.modules.gpg.create_key() is reporting ValueError: Unknown status message: u'ERROR'
13:24 XenophonF https://gist.github.com/xenophonf/cdd9f8b88084a8bd2e4b94c8500ad67f
13:24 XenophonF anyone have an idea of what might be causing this?
13:24 XenophonF salt.modules.gpg.list_keys() works
13:27 XenophonF well, i give up - i'm going to set up gpg by hand
13:29 flowstate joined #salt
13:29 yomilk joined #salt
13:37 patrek joined #salt
13:44 XenophonF man the gpg cli is maddening
13:46 racooper joined #salt
13:47 Rumbles hmmm can anyone tell me how I would add a variable to a string using jinja? https://paste.fedoraproject.org/428404/
13:48 Rumbles I know how to do it in python but I can't see how to do it in jinja
13:48 Rumbles Im guessing it's really easy :/
13:49 manji .nginx.wildcard-domain-com-ssl.{0}'.format("com")
13:49 manji 'nginx.wildcard-domain-com-ssl.{0}'.format("com")
13:49 manji sorry
13:51 perfectsine joined #salt
13:52 manji ok I suspect you need a
13:52 manji suffix= salt['grains.get']('fqdn').split('.')[-1]
13:52 XenophonF even better, use the jinja format operator
13:52 manji 'nginx.wildcard-domain-com-ssl.{0}'.format(suffix)
13:52 XenophonF something like 'foo%s'|format('bar')
13:52 manji aaaa right
13:52 manji that too
13:53 XenophonF the format operator is more jinja-y
13:54 XenophonF so i can't specify --homedir and --password at the same time? wtf gnupg?!
13:54 Rumbles I didn't really get what manji was saying, so I'm trying: https://paste.fedoraproject.org/428411/
13:55 XenophonF Rumbles: http://jinja.pocoo.org/docs/dev/templates/#format
13:55 cscf XenophonF, 'man gpg' doesn't show a --password option at all, for me?
13:55 Rumbles thanks XenophonF
13:56 cscf XenophonF, there's --passphrase-file
13:56 XenophonF cscf: sorry i meant --passphrase
13:56 cscf Ah ok
13:56 XenophonF looks like i need --batch and --pinentry-mode loopback
13:57 cscf XenophonF, what does gpg say if you try to do both?
13:57 jav joined #salt
13:58 XenophonF nope, that doesn't work either
13:58 XenophonF i'm trying this:
13:58 XenophonF gpg2 --homedir /usr/local/etc/salt/gpgkeys --batch --passphrase '' --quick-gen-key salt@irtnog.org rsa4096 - 2026-09-15
13:58 XenophonF it says this:
13:58 XenophonF usage: gpg [options] [filename]
13:58 armonge joined #salt
13:59 XenophonF if i leave out the --homedir option, i can specify the --passphrase option
13:59 XenophonF this is GnuPG 2.1.13
14:00 spuder joined #salt
14:00 PerilousApricot joined #salt
14:00 XenophonF so frustrating
14:01 XenophonF well let's do this interactively
14:03 nicksloan joined #salt
14:03 DammitJim joined #salt
14:03 dendazen joined #salt
14:04 XenophonF "Note that this key cannot be used for encryption."
14:05 XenophonF i guess i'd better change that since the whole point of the key is to encrypt stuff for the gpg renderer
14:05 bowhunter joined #salt
14:06 mpanetta joined #salt
14:07 mpanetta joined #salt
14:09 lv_ joined #salt
14:10 flowstate joined #salt
14:14 Tanta joined #salt
14:14 cscf XenophonF, oh, so it doesn't let you use a blank passphrase?
14:15 XenophonF no
14:15 XenophonF at least, not non-interactively
14:16 cscf XenophonF, if you don't specify the passphrase on the command line, it prompts?
14:16 XenophonF yes
14:21 pppingme joined #salt
14:22 XenophonF oh, so the gpg renderer works like xml encryption?
14:23 XenophonF where i have to encrypt each YAML element?
14:23 XenophonF whelp, that workflow sucks
14:24 XenophonF babilen: don't you use the gpg renderer?
14:24 XenophonF this really sucks from a usability standpoint
14:24 XenophonF how to you manage it?
14:24 babilen It sucks, doesn't it?
14:24 XenophonF i mean, i can barely use this and i'm the leetest haxxor on the team
14:24 babilen Essentially renders (hah!) it unusable
14:25 * XenophonF chuckles
14:25 babilen It would be okay if you could encrypt the entire SLS
14:25 XenophonF no kidding
14:25 babilen Might want to look into sdb and vault
14:25 XenophonF at least then i could rely on emacs to handle the encryption/decryption on the fly
14:26 babilen Yeah, that would be absolutely painless
14:26 flowstate joined #salt
14:26 XenophonF tbh that's how i assumed the gpg render worked
14:26 babilen I still don't understand why they don't do it that way
14:27 babilen I mean .. you would have to communicate in some way other than the shebang that it's to be decrypted with gpg, but that can't be too hard
14:27 dariusjs joined #salt
14:27 babilen (as the shebang would also be encrypted)
14:27 XenophonF key off the filename extension, maybe
14:27 babilen For example
14:27 XenophonF i wonder if they're trying to support a workflow where multiple people can write to pillar
14:28 XenophonF but they don't want everyone to be able to see other people's secrets?
14:28 XenophonF i dunno
14:28 babilen I mean file(1) knows or you could make it explicit in top.sls
14:28 babilen I have no fucking clue
14:28 babilen Who can we blame?
14:28 XenophonF thatch45?
14:28 XenophonF ;)
14:28 babilen Good .. and even more importantly: How are we solving it?
14:28 XenophonF ok so sdb and vault, i'm off to google that
14:29 babilen We've been looking into sdb with vault, but not ready yet
14:29 ronnix joined #salt
14:29 babilen https://docs.saltstack.com/en/develop/ref/pillar/all/salt.pillar.vault.html
14:29 XenophonF https://docs.saltstack.com/en/develop/ref/sdb/all/salt.sdb.vault.html
14:29 XenophonF ah gotcha
14:29 babilen vault is https://www.vaultproject.io/
14:30 XenophonF i hate to admit this, but just keeping secrets in a private github repo is starting to look pretty good
14:30 babilen heh
14:30 babilen Private location on the master
14:31 babilen Still .. http://docs.ansible.com/ansible/playbooks_vault.html is sooo much better
14:31 XenophonF wow
14:32 XenophonF oooh redhat owns ansible now?
14:32 XenophonF hmmm
14:32 babilen They do, yeah
14:32 XenophonF i wonder what their irc channel is like... ;)
14:32 netcho joined #salt
14:33 babilen twice as large as #salt ?!
14:34 babilen make that three
14:34 XenophonF i'd hate to throw away the work i've put into developing config states using salt but...
14:34 bowhunter joined #salt
14:35 XenophonF the whole playbook concept of mapping roles to servers is exactly how i do state assignments in salt
14:36 ekristen joined #salt
14:37 babilen I'm sure mage would be happier also
14:38 XenophonF mage?
14:38 babilen It doesn't scale like salt does, but it is perfectly fine for smaller setups (< 1000 boxes, but I haven't tested that) and the concepts are more easily understood by some people
14:38 babilen XenophonF: User in here who uses salt in ways that salt isn't meant to be used as
14:39 babilen Or rather: That aren't exactly the workflow salt excells at
14:40 flowstate joined #salt
14:42 winsalt joined #salt
14:45 babilen XenophonF: http://docs.ansible.com/ansible/galaxy.html is nicer than formulas also
14:45 babilen (just the way you interact with it, not necessarily the content)
14:45 hasues joined #salt
14:45 hasues left #salt
14:45 Trauma joined #salt
14:45 babilen I should probably stop :)
14:47 PerilousApricot joined #salt
14:48 flowstate joined #salt
14:53 tiwula joined #salt
14:58 spuder joined #salt
14:58 Shirkdog joined #salt
14:58 mpanetta joined #salt
15:00 raspado joined #salt
15:15 bakins joined #salt
15:16 dyasny joined #salt
15:21 cyborg-one joined #salt
15:23 ivanjaros joined #salt
15:24 nicksloan joined #salt
15:25 dyasny joined #salt
15:31 yomilk joined #salt
15:31 lumtnman joined #salt
15:32 lumtnman joined #salt
15:37 sp0097 joined #salt
15:42 XenophonF babilen: ansible seems to be more popular in the regions i normally operate (west and east africa), which is another reason to consider it
15:42 XenophonF i dunno - i like salt and i've spent two years digging into it
15:43 XenophonF then again, it's only me using it right now, so switching to something else is less painful
15:43 Brew joined #salt
15:45 llua the gpg-render was prob modeled after eyaml, https://github.com/TomPoulton/hiera-eyaml
15:45 llua coming from a puppet env, i don't see it as weird.
15:45 XenophonF ah
15:45 XenophonF well, it's not that i see it as weird, per se
15:46 XenophonF just really, really difficult to use at scale
15:46 cscf I haven't used the gpg-renderer, but reading how it worked made perfect sense to me.  You want to be able to see & edit pillar variables while dropping in encrypted credentials
15:46 cscf I would probably make a vim shortcut to encrypt & insert a string
15:46 XenophonF sure, and I'd make an emacs macro to do the same
15:47 XenophonF unfortunately, we're beyond the ability of my colleagues at that point
15:47 cscf lol
15:47 XenophonF i was hoping for some degree of transparent encryption
15:47 XenophonF something i could easily combine with git/github
15:48 XenophonF one of emacs' editing modes would support on-the-fly encryption using gpg
15:50 XenophonF it is capable of encrypting/decrypting regions of a file
15:50 XenophonF but i was hoping to have everything in a pillar .sls file encrypted
15:50 XenophonF including pillar key names and such
15:50 pfc joined #salt
15:51 XenophonF i mean, theoretically, a key name could carry sensitive info
15:51 XenophonF (the threat model i have in mind involves a successful attack on github leading to the disclosure of the contents of a private git repo)
15:52 ronnix_ joined #salt
15:52 ageorgop joined #salt
15:53 schemanic joined #salt
15:53 ninjada joined #salt
15:54 schemanic Hey guys, I need some advice regarding auditing salt managed systems
15:55 schemanic I need to know how to prove that salt communication is secure
15:55 mpanetta_ joined #salt
15:56 schemanic the concern is that an administrator who wants to could ssh to a minion and hack it so the minion reports bad data
15:57 jmedinar joined #salt
15:58 jmedinar Question - Is possible to send parameters to a state that is being called in an include statement?
15:58 schemanic I need a way of explaining how the salt ecosystem is secur
15:58 amcorreia joined #salt
15:58 jmedinar Something like ---- include:
15:58 jmedinar - admin.status.wasserver pillar='{"location":"/opt/IBM/WebSphere","profile":"AppSrv01","wasuser":"root"}'
15:58 XenophonF jmedinar: not like that
15:58 jmedinar what will be the correct way?
15:59 XenophonF omg websphere i'm so sorry
16:00 XenophonF let's assume that admin.status.wasserver already uses pillar keys
16:00 jmedinar yup it does this works fine from the command line
16:00 XenophonF so just assign those pillar keys to the minion that's running the sls that includes admin.status.wasserver
16:00 XenophonF here's a more concrete example
16:01 XenophonF https://github.com/irtnog/tomcat-formula has a SLS named 'tomcat.shibboleth-idp'
16:01 XenophonF that SLS includes two other SLSes: tomcat and shibboleth.idp
16:02 XenophonF so on the minion that runs the tomcat.shibboleth-idp SLS, i have two sets of pillar keys assigned to it
16:02 XenophonF one is shibboleth:idp, which contains all of the settings needed by shibboleth.idp
16:02 XenophonF and tomcat, which contains all of the settings needed by, er, tomcat
16:03 XenophonF no different than if i were calling the shibboleth.idp or tomcat SLSes directly
16:03 XenophonF capische?
16:03 jmedinar not fully yet but checking the files... give me a couple minutes
16:03 XenophonF OK
16:03 XenophonF so basically the answer is, configure pillar as if you were calling admin.status.wasserver directly, without the include
16:04 pfc joined #salt
16:05 jmedinar I understand... but then the Idea of trying to set the parameters directly was mainly because those parameters will change
16:05 mpanetta joined #salt
16:06 jmedinar I have thousands of WAS servers different paths ... users ... passwords etc etc...
16:06 XenophonF yup
16:07 jmedinar understood thanks man let me give it a try
16:08 XenophonF so /usr/local/etc/salt/pillar/was-server-1.sls has the relevant key-value pairs WAS server #1
16:08 XenophonF and /usr/local/etc/salt/pillar/was-server-2.sls has the relevant key-value pairs for WAS server #2
16:08 XenophonF and so on
16:08 jmedinar yup :)
16:08 XenophonF and you assign them via /usr/local/etc/salt/pillar/top.sls
16:08 XenophonF ok you got this :)
16:09 chadhs joined #salt
16:10 barmaley joined #salt
16:12 Lionel_Debroux joined #salt
16:20 mpanetta joined #salt
16:21 schemanic- joined #salt
16:28 raspado joined #salt
16:28 chadhs joined #salt
16:28 infrmnt joined #salt
16:28 raspado when I do a salt "prod-*" test.ping, I see alot of minions that no longer exist because they have been deommissioned
16:28 raspado what is the proper way of cleaning up these old minions from cache?
16:29 cmarzullo remove keys
16:30 raspado where from?
16:30 cmarzullo salt-key
16:30 ageorgop joined #salt
16:31 raspado ok thx
16:31 chadhs_ joined #salt
16:36 Heartsbane joined #salt
16:36 Heartsbane joined #salt
16:40 woodtablet joined #salt
16:41 ageorgop joined #salt
16:46 onlyanegg joined #salt
16:48 quantumquine if file.recurse sees a non-empty directory it does nothing silently?
16:48 quantumquine (I mean non-empty on the minion)
16:50 murrdoc joined #salt
16:50 murrdoc anyone frmo saltstack around ? https://github.com/saltstack/salt/pull/36315 could use some love
16:50 saltstackbot [#36315][OPEN] No force_yes parameter to pkg.upgrade #21248 | What does this PR do?...
16:51 beowuff joined #salt
16:51 quantumquine never mind, my name: had a typo in it
16:52 murrdoc k you are forgiven
16:52 murrdoc please do 5 hail marys and buy a poor person dinner
16:57 ronnix joined #salt
16:59 jhauser joined #salt
17:04 teryx510 joined #salt
17:05 murrdoc (bad joke ? )
17:05 jmedinar LOL.... ~~ yes!
17:06 tapoxi joined #salt
17:06 tapoxi I've been seeing this recently, /usr/lib/python2.7/site-packages/salt/grains/core.py:1493: DeprecationWarning: The "osmajorrelease" will be a type of an integer.
17:08 tapoxi what does that mean? i'm seeing it in salt's own tools (salt-run jobs.lookup_jid in this example)
17:09 onlyanegg joined #salt
17:14 catpig joined #salt
17:14 M-liberdiko joined #salt
17:15 raspado joined #salt
17:16 raspado we have salt minions that we bring down on purpose (cost saving on aws), if we schedule salt-run manage.down removekeys=True, will there be an issue with the minions we bring up? will they connect back to the salt master without issue?
17:19 pipps joined #salt
17:23 DammitJim what option should I use to restart a service if a file.managed is changed?
17:23 schemanic joined #salt
17:23 yomilk joined #salt
17:26 sfxandy joined #salt
17:27 KingOfFools DammitJim: try watch
17:31 jmedinar I am also getting the same error lately
17:31 jmedinar [WARNING ] /usr/lib/python2.7/site-packages/salt/grains/core.py:1493: DeprecationWarning: The "osmajorrelease" will be a type of an integer.
17:34 murrdoc1 joined #salt
17:39 DammitJim oh, watch, yes
17:42 schemanic- joined #salt
17:45 m4rx joined #salt
17:50 DammitJim for ubuntu servers, pkg.upgrade dist_upgrade=True is not performing a dist-upgrade
17:50 DammitJim am I doing something wrong?
17:55 ageorgop joined #salt
17:56 cliluw joined #salt
17:58 toastedpenguin joined #salt
18:00 llua is the support for os x pretty good in salt? atleast better than windows
18:00 mikecmpbll joined #salt
18:01 scoates joined #salt
18:01 llua more so concerned with just managing a laptop should i be forced to use a macbook.
18:04 spuder_ joined #salt
18:08 schemanic joined #salt
18:17 schemanic- joined #salt
18:18 XenophonF funny you should ask
18:18 raspado hi all I have an init.sls that adds users, how can I add an if statement to the include, example in http://pastebin.com/HNx1K2jL
18:19 marie1972 joined #salt
18:19 pipps joined #salt
18:19 marie1972 left #salt
18:20 XenophonF llua: i'm just about to deploy salt into a macosx vm for test purposes
18:20 raspado joined #salt
18:20 pipps joined #salt
18:22 raspado joined #salt
18:22 raspado sorry, I dc'ed if anyone responded to my question
18:24 _JZ_ joined #salt
18:25 schemanic joined #salt
18:26 schemanic- joined #salt
18:27 schemanic_ joined #salt
18:28 _JZ_ joined #salt
18:29 _JZ_ joined #salt
18:29 XenophonF that looks right, raspado
18:30 XenophonF does it not work?
18:30 raspado ah yeah it worked, i guess i had an indentation issue
18:30 XenophonF i'd rather write something like `{% if grains['backup']|default(False) %}`
18:30 XenophonF it's a little more jinja-y
18:31 XenophonF plus it fails cleanly, e.g., if the backup grain doesn't exist
18:32 raspado oh, i thought it will fail cleanly how im doing it now, with grains.get? before it would fail the state how I originally had it as grains['backup'] == True
18:33 XenophonF grains.get will throw an error if the backup grain doesn't exist
18:33 XenophonF which will result in a render error
18:34 raspado is it the same as grains['backup'] ?
18:34 XenophonF no but for your purposes, yes
18:34 XenophonF oh wait it's pillar.get that's overridden
18:34 XenophonF either way, you want defined behavior in case of error
18:35 raspado agreed!
18:35 XenophonF hence my recommendation you use default
18:35 XenophonF jinja.pocoo.org/docs/dev/templates/#default
18:36 raspado but just to clarify, i should be okay with grains.get even though its unconventional ya?
18:36 whytewolf honestly I would move away from the grains dict compleatly and use salt.grains.get
18:36 raspado its a temporary salt environment were moving off of
18:37 XenophonF raspado: it's fine for now
18:38 raspado saweet
18:38 XenophonF the canonical way to access those variables is something like `salt['grains.get']('grain_id')`
18:38 XenophonF or `salt['pillar.get']('pillar_id')`
18:38 XenophonF i like the shorter forms sometimes because it makes my templates a little easier to read
18:39 XenophonF YMMV
18:39 raspado indeed
18:39 whytewolf or salt.grains.get('grain_id','Default')
18:39 XenophonF oh yeah, i forgot that works
18:39 XenophonF i always go through the dict for some reason, can't recall why
18:42 whytewolf I couldn't tell you. but if you work with complicated grains it must be a pain. since grains.get doesn't do searches with :
18:45 _JZ_ joined #salt
18:47 telx joined #salt
18:48 mohae_ joined #salt
18:49 jrsdav joined #salt
18:52 M-MadsRC joined #salt
18:52 freelock[m] joined #salt
18:54 apothas joined #salt
18:55 XenophonF true
18:55 XenophonF i don't usually deal with complex grains
18:56 Salander27 joined #salt
18:58 UltraPhil joined #salt
18:58 PerilousApricot joined #salt
19:02 cliluw joined #salt
19:04 mikecmpbll joined #salt
19:04 ageorgop joined #salt
19:11 keimlink joined #salt
19:14 XenophonF oh i understand why per-value encryption is preferred to whole-file encryption (cf. my comments about the gpg renderer this morning)
19:15 XenophonF from https://github.com/TomPoulton/hiera-eyaml: "only encrypts the values (which allows files to be swiftly reviewed without decryption)" and "encrypts the value of each key individually (this means that git diff is meaningful)"
19:15 pipps joined #salt
19:15 XenophonF that actually makes sense, even though the workflow in salt is still awful
19:16 DammitJim can I target 2 minions by id?
19:16 DammitJim salt minion1 AND minion2 state.highstate ?
19:16 XenophonF OR
19:16 XenophonF a minion ID can't be both, but it could be ither
19:16 XenophonF either
19:16 XenophonF also i think that has to be a compound
19:17 XenophonF so `salt -C 'minion1 or minion2' state.highstate`
19:17 DammitJim so, sudo salt -C 'minion1 OR minion2'
19:18 XenophonF correct
19:18 XenophonF i just ran `salt -C 'minion1 or minion2' test.ping` and it DTRT
19:18 DammitJim and there is a difference between OR and or
19:18 DammitJim LOL
19:18 DammitJim what is DTRT?
19:18 DammitJim dirt?
19:18 XenophonF Does The Right Thing
19:18 XenophonF i don't know if the boolean operators in a compound match are case sensitive
19:19 XenophonF i've only seen them written in lowercase
19:19 XenophonF i'd have to RTFS (read the fucking source) to answer that authoritatively
19:19 XenophonF ;)
19:19 DammitJim they are
19:19 DammitJim I just tested it ;)
19:19 DammitJim LOL
19:19 XenophonF hah awesome
19:19 DammitJim XenophonF, you ok?
19:19 DammitJim LOL
19:19 XenophonF no it's been a long and quite frustrating day
19:23 UltraPhil left #salt
19:23 chadhs joined #salt
19:24 XenophonF ok i'm going to give the gpg renderer another try
19:25 yomilk joined #salt
19:25 chadhs_ joined #salt
19:28 XenophonF any one else try installing salt on a mac using the binary package?
19:28 XenophonF "install for all users of this computer" is greyed out, as is the "continue" button in the installer
19:29 XenophonF fresh install of mac os x 10.10 (yosemite)
19:29 XenophonF the developer cert looks ok
19:29 Edgan XenophonF: I think a better solution is to install the same packages of salt in vagrant with whatever version of Linux you use on servers.
19:29 Edgan XenophonF: This is especially true for me, because I run patched versions of salt to track constant bug fixes
19:30 XenophonF oh sure, very true, but i'm trying to manage mac os x itself as a minion
19:30 Edgan XenophonF: ah
19:30 XenophonF tilting at windmills is kind of my thing
19:30 XenophonF i'm going to port salt to openvms next
19:31 Edgan XenophonF: You should port it to GNU Hurd after that
19:31 XenophonF you got the right idea!!!
19:32 Edgan XenophonF: I really want to able to manage my Windows 3.11 VM running on my Rasberry Pi.
19:33 XenophonF hm i wonder if there's still a DOS port of Python
19:33 XenophonF oh my god there is!
19:33 Edgan haha
19:34 XenophonF 32-bit only though :(
19:34 Edgan XenophonF: This reminds me a comment I read the other day about vim. The maintainers stick to C89 so that people can continue to compile it for ancient platforms.
19:34 XenophonF god bless them, doing the lord's work
19:35 Edgan XenophonF: Hence why there is now neovim.
19:35 flowstate joined #salt
19:35 * Sketch wonders if vim still compiles on the amiga
19:36 whytewolf sknebel: yes, actually it does
19:38 XenophonF hokey indentation and ancient C code are no match for a good REPL at your side, kid
19:39 whytewolf use the source luke
19:40 flowstate joined #salt
19:41 whytewolf no, I am your repository
19:43 XenophonF heh
19:44 whytewolf Ah yes, a Coders weapon, Much like your fathers, By now you must know that your father can never be turned from the perl. so will it be with you
19:44 whytewolf some how i think the entire set of the good movies could be rewriten like this
19:45 flowstate joined #salt
19:45 debian112 joined #salt
19:46 XenophonF now witness the firepower of this fully armed and operational disassembler!
19:46 pipps joined #salt
19:46 pipps joined #salt
19:48 whytewolf Hmm! Life. Hmmpf! Friends. A coder craves not these things.
19:48 XenophonF omg /thread you win man best one yet
19:51 whytewolf yay!!! what I win?
19:52 dtsar joined #salt
19:53 dtsar hi all - seems like a dumb question, but a particular sls is getting run and shows in the state.show_top for a minion that i can't seem to figure out why
19:53 dtsar i tried state.clear_cache just in case
19:54 whytewolf um, most likely it is something in your top file that is saying it should be targetted for that minion
19:54 dtsar but basically, is there a way to "traceback" why a certain sls gets called (i.e. by some "include:" statement in another sls file)
19:55 whytewolf not really
19:55 whytewolf show top kind of does that. but doens't tell you which included it
19:56 dtsar got it
19:56 whytewolf might need to just grep the directory looking for include
19:57 beardedeagle joined #salt
20:00 dtsar huh
20:00 dtsar i'm using gitfs for fileserver
20:00 XenophonF clone the repo
20:00 XenophonF then do this:
20:01 XenophonF find PUT-CLONE-DIR-HERE -type f -exec fgrep -iH PUT-STATE-ID-HERE '{}' \;
20:01 XenophonF if the state ID is something like foo.bar, just search for FOO or BAR
20:01 teryx510 joined #salt
20:02 dtsar turns out the cache had come saltenvs that are no longer used but were still getting included when compiling the top file
20:03 dtsar /var/cache/salt/minion/files includes lots of subdirs other than base, a number of which aren't used as saltenvs now :/
20:04 dtsar i would have thought that state.clear_cache would have wiped all the files from that dir location
20:06 dtsar any more elegant solution other than salt '*' cmd.run 'rm -rf /var/cache/salt/minion/files/*' ?
20:08 perfectsine joined #salt
20:08 whytewolf dtsar: state.clear_cache only clears the states cache. you might have wanted saltutil.clear_sache
20:08 whytewolf err clear_cache
20:10 buxy left #salt
20:10 dtsar awesome - will give that a shot.
20:11 XenophonF can i use the gpg renderer with jinja?
20:11 XenophonF i'm assuming the shebang is #!yaml|gpg|jinja
20:11 XenophonF which would run jinja first, then gpg, then yaml
20:13 dtsar aha!
20:13 dtsar i'm an idiot
20:14 dtsar whytewolf: great call with the saltutil.clear_cache command; that cleaned our the /var/cache....
20:14 dtsar then ran state.show_top again and the old envs got included :(
20:15 whytewolf still in the repo?
20:15 dtsar then realized that the old branches never got deleted :)
20:15 dtsar doh
20:15 dtsar in the repo, yeah
20:15 dtsar we thanks for the other function anyways; will be useful in future!
20:15 whytewolf that will do it
20:16 mattbillenstein1 joined #salt
20:17 sjmh joined #salt
20:17 whytewolf XenophonF: I don't think that will allow access to the gpg render inside of jinja. just have access to the gpg render at the same time as jinja
20:19 JohnnyRun joined #salt
20:21 XenophonF OK
20:21 XenophonF hm, didn't work
20:21 XenophonF not sure why
20:21 XenophonF will pick this up tomorrow
20:21 XenophonF ttyl
20:21 XenophonF thanks again all!
20:22 sp0097 joined #salt
20:29 Rumbles joined #salt
20:30 lero joined #salt
20:38 cmarzullo anyone having issues with the saltstack repo? got a bro complaining it's slow.
20:39 iggy another reason it'd be nice if they made it easier to mirror
20:39 cmarzullo guess it leveled out.
20:39 lero joined #salt
20:46 marie1972 joined #salt
20:48 marie1972 left #salt
20:54 Edgan I mirror it through Artifactory as a remote repo, which reverse proxies it
20:55 TheoSLC joined #salt
20:58 TheoSLC I've been waiting for https://github.com/saltstack/salt/pull/34235/commits/0681033e423a1254ef3b5c8124e05373fddbb7cc to be released for a long time now.  It keeps on missing releases.  Could somebody help me get this merged into 2016.3?
20:58 saltstackbot [#34235][MERGED] message_format was not set in the correct function | What does this PR do?...
20:59 nidr0x joined #salt
20:59 cmarzullo I'd love to get artifactory. Currently using reprepo for debian only. But I want to switch to aptly.
21:00 Rumbles joined #salt
21:01 chadhs joined #salt
21:04 dyasny joined #salt
21:06 iggy aptly ftw
21:06 iggy TheoSLC: says it's merged... how does it keep missing releases?
21:07 TheoSLC iggy: I don't know. it's not in 2016.3
21:07 TheoSLC iggy: I think it only went to develop branch
21:08 iggy oh, it's in develop
21:10 pipps joined #salt
21:10 schemanic joined #salt
21:12 subsignal joined #salt
21:12 schemanic joined #salt
21:14 Edgan Is it in 2016.9?
21:16 flowstate joined #salt
21:17 Edgan They tagged a release for 2016.9 in github(unofficial). I tried going to it, after finding it fixed all my outstanding bugs. Then ran into a new blocker bug.
21:18 Edgan Which has since been fixed
21:20 Derailed joined #salt
21:20 angvp joined #salt
21:21 Edgan cmarzullo: iggy: I used aptly at my last employer. I found their api support, at the time, to be incomplete. You had to use command line tools for certain important functions.
21:22 Edgan I also like that Artifactory supports more than just apt. npm, maven, python, yum, etc
21:25 yomilk joined #salt
21:25 flowstate joined #salt
21:29 jmesquita joined #salt
21:37 cmarzullo thanks for that information. always looking for new ways.
21:42 McNinja heya all random question with salt-cloud around connection timeout
21:42 McNinja witch one should I use if I wanted to introduce a delay between when a cloud server shows active / online and when the salt master starts to setup the minion software
21:42 McNinja https://docs.saltstack.com/en/latest/topics/cloud/misc.html#connection-timeout
21:43 frew joined #salt
21:45 llua` joined #salt
21:46 kuromagi^ joined #salt
21:46 pjs_ joined #salt
21:46 qman joined #salt
21:46 CheckYourSix_ joined #salt
21:46 saltstackbot joined #salt
21:47 jnials joined #salt
21:47 ub1quit33 joined #salt
21:47 cyraxjoe joined #salt
21:47 esharpmajor joined #salt
21:48 agentnoel joined #salt
21:48 agentnoel joined #salt
21:48 frew I'm trying to make a reactor for salt/key; is there *any way* I can get the IP for the minion trying to get its key accepted?
21:48 Aikar joined #salt
21:48 frew all I can see is something crazy like trawling logs
21:48 Laogeodritt joined #salt
21:48 arapaho joined #salt
21:48 doriftoshoes joined #salt
21:49 hacks joined #salt
21:49 mihait joined #salt
21:51 esc\ joined #salt
21:51 evilrob joined #salt
21:51 hillna joined #salt
21:51 alinuxninja joined #salt
21:51 basepi joined #salt
21:51 LordOfLA joined #salt
21:51 c4rc4s joined #salt
21:51 vodik joined #salt
21:51 Sketch joined #salt
21:52 aarontc joined #salt
21:52 xenoxaos joined #salt
21:52 kylehuff joined #salt
21:52 devster31 joined #salt
21:52 CustosLimen joined #salt
21:52 vaelen joined #salt
21:52 g3cko joined #salt
21:52 shalkie joined #salt
21:52 Eugene joined #salt
21:52 dwfreed joined #salt
21:54 lkannan joined #salt
21:56 copelco joined #salt
21:56 Awesomecase joined #salt
21:57 antonw joined #salt
21:57 ToeSnacks joined #salt
21:57 Rumbles joined #salt
21:59 yesimon joined #salt
21:59 hemebond joined #salt
21:59 izibi joined #salt
22:00 chutzpah joined #salt
22:00 chutzpah joined #salt
22:00 andi- joined #salt
22:01 pipps99 joined #salt
22:02 schemanic joined #salt
22:05 jmesquita Hello everyone. We're using Salt as a part of another system in which we need to intensively use the roots fileserver functions, relying on it to sync files to the minions and run states based on those synced files. Our system creates the file on the proper location, fires a 'fileserver.update' event and then run a highstate that will act upon synced files. The problem I'm currently having is that the fileserver syncing mechanism has not been reliable,
22:05 jmesquita meaning that sometimes file.recurse will not pick up newly created files on the filesystem and sync them. Should I be doing anything else other than firing a 'fileserver.update' event?
22:07 badon joined #salt
22:19 llua joined #salt
22:21 netcho joined #salt
22:25 flowstate joined #salt
22:34 mohae joined #salt
22:37 iggy jmesquita: is the file on the master, and just not being pulled to the minion, or is it not available on the master at all?
22:38 jmesquita @iggy It's on the master and not available on synced to the minion
22:38 iggy McNinja: the master doesn't setup the minion software (salt-cloud does that at the end of the run)
22:38 iggy jmesquita: if you are creating the file directly on the master, you don't need fileserver.update... just a highstate should do it
22:39 jmesquita @iggy Fileserver.update is supposed to update the files available, isn't it?
22:40 jmesquita @iggy Or file.recurse on the state will pick it up no matter what?
22:40 iggy it updates the non-file_roots based backends
22:40 iggy (i.e. gitfs/svnfs/etc)
22:40 iggy the file.recurse should pick up any changes automaticall
22:41 jmesquita @iggy Well, it's not. Which function is called on the rootfs so I can do some digging? You mind giving me that shortcut?
22:42 iggy you mean how does file.recurse see new files?
22:42 jmesquita @iggy I assumed that the event would be needed because it maintains a map of some sort but you're right, does not seem to be used anywhere else other than to send events?
22:42 jmesquita @iggy It doesn't...
22:43 jmesquita @iggy But it's kinda random. I can reproduce it consistently if I make the routing of create file/run state multiple times in sequence
22:43 jmesquita @iggy Usually but the third time, it skips the file...
22:43 jmesquita s/but/by
22:43 iggy the events would be needed if you were triggering the highstate via reactor
22:44 jmesquita @iggy That was my first approach and I even made a PR for that, but we changed the approach to run the state ourselves instead of using the reactor
22:44 jmesquita @iggy PR was merged tho
22:46 pipps joined #salt
22:57 lero joined #salt
22:58 bbhoss joined #salt
22:59 McNinja iggy: ah yeah, my issue is salt-cloud runs to fast as the server goes active while some software is still being provisioned. So I wanted to introduce a delay before salt-cloud sets up the minion of 30 or 60 seconds
23:07 flowstate joined #salt
23:11 ninjada joined #salt
23:12 ninjada joined #salt
23:21 hemebond McNinja: Better to use events and reactors instead of delays.
23:21 hemebond Note: I have not been following your conversation, just the last comment.
23:25 mrueg joined #salt
23:35 dendazen joined #salt
23:38 spuder joined #salt
23:41 mattbillenstein1 say I have a mapping of hosts to roles - then in several templates I want to get some bit of grain data for hosts that match a specific role — is there a way to do this without redoing it in every template?
23:41 hemebond mattbillenstein1: Inheritance?
23:42 mattbillenstein1 hemebond: how so?
23:42 mattbillenstein1 like in a template I want the ip address of a host that's tagged with role X
23:42 mattbillenstein1 the host to role mapping I have in the static pillar
23:43 mattbillenstein1 but the ip address is a grain
23:43 flowstate joined #salt
23:43 mattbillenstein1 and now everywhere I want that bit of info, I have to do this ugly bit of python embedded in the template to get that
23:44 mattbillenstein1 maybe I could write a function somewhere that I could just call from the template?
23:44 whytewolf mattbillenstein1: could you gist up what you are trying to say.
23:45 onlyanegg like, you want all the ip addresses for servers that match a role?
23:46 hemebond Embedded Python?
23:46 mattbillenstein1 https://gist.github.com/mattbillenstein/45afd15e922143df190dcadaef2d6020
23:48 whytewolf salt['mine.get']('roles:mongod_master','grains.items','grain')
23:48 whytewolf ?
23:48 whytewolf corse ... you could just put network.ip_addrs into a mine function then you don't have to grab all the grains
23:49 mattbillenstein1 ok, let me go look harder at mine.get
23:50 whytewolf you might want to look at this also https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.network.html#salt.modules.network.ip_addrs
23:55 hoonetorg joined #salt
23:56 nicksloan joined #salt
23:59 mattbillenstein1 thanks digging

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary