Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2016-09-19

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:00 ninjada joined #salt
00:09 felskrone joined #salt
00:14 beardedeagle joined #salt
00:17 flowstate joined #salt
00:18 schemanic_ Hey, is it uncouth to write a state for the master that makes it run a remote execution on the minions?
00:33 LeProvokateur joined #salt
00:38 perfectsine joined #salt
01:00 schemanic_ Does file.copy accept globs?
01:03 hemebond schemanic_: A state to make the master run a remote command on the minions? Sounds like a reactor.
01:04 hemebond file.copy the state or execution module?
01:04 schemanic_ the state module. If I want to have the minion move a bunch of files inside itself to another place inside itself
01:05 schemanic_ I want to tell the minion 'copy everything under /etc/cron.d to /root/audit/cron.d'
01:05 hemebond I would recommend using a regular bash copy command for that.
01:06 hemebond The file module is for managing files explicitly, not just moving things around.
01:07 schemanic_ I see
01:07 schemanic_ I could say cmd.run then put together my commandstring
01:08 schemanic_ I need it to be configurable through pillar
01:08 schemanic_ so I can say 'Here's a datastructure of globs to get, now go copy them'
01:10 hemebond Well, you could have a list of globs and then create a state, using Jinja for loops, to run a command against those path globs.
01:13 armonge joined #salt
01:14 jimklo joined #salt
01:14 schemanic_ hemebond, yes what you said.
01:16 Pulp joined #salt
01:18 flowstate joined #salt
01:21 sandro__ joined #salt
01:22 amcorreia joined #salt
01:29 k_sze[work] joined #salt
01:35 catpigger joined #salt
01:47 ilbot3 joined #salt
01:47 Topic for #salt is now Welcome to #salt! | Latest Versions: 2015.8.12, 2016.3.3 | Support: https://www.saltstack.com/support/ | Logs: http://irclog.perlgeek.de/salt/ | Paste: https://gist.github.com/ (please don't multiline paste into channel) | See also: #salt-devel, #salt-offtopic | Ask with patience as we are volunteers and may not have immediate answers
02:04 sagerdearia joined #salt
02:07 blu__ joined #salt
02:08 sagerdearia joined #salt
02:09 ZachLanich joined #salt
02:11 sagerdearia joined #salt
02:11 onlyanegg joined #salt
02:14 sagerdearia joined #salt
02:16 flowstate joined #salt
02:17 perfectsine joined #salt
02:18 k_sze[work] joined #salt
02:18 perfectsine_ joined #salt
02:19 west575 joined #salt
02:20 sagerdearia joined #salt
02:23 hasues joined #salt
02:23 hasues left #salt
02:51 badon joined #salt
02:52 quasiben joined #salt
02:56 bastiand1 joined #salt
03:01 edrocks joined #salt
03:06 justanotheruser joined #salt
03:09 Derailed Hey all, what is the most correct way of determining the IP address of a minion, from the server?
03:09 hemebond "the server" means, the master?
03:09 Derailed The master, yes.
03:10 hemebond I usually just do something like cmd.run 'ip addr'
03:10 hemebond But you could also fetch the grain ipv4_address
03:10 Derailed Let's say you don't necessarily trust the minion?
03:10 hemebond Uh, in what way?
03:11 badon joined #salt
03:11 Derailed I want to get the ip address in a way that someone acting maliciously (or just for the fun of it) can't manipulate
03:11 hemebond Well all your communication is through the salt-minion agent, so...
03:12 hemebond If you don't trust the minion then you need to jump onto the box manually.
03:12 Derailed yeah -- so really I just want salt to tell me the IP address that is on the other end of the minion-master TCP connection
03:12 hemebond Oh, you mean where the connection is coming from?
03:12 Derailed that would suit my purposes yeah
03:13 hemebond I can
03:13 hemebond I don't know of a way inside Salt to get that info so I'd probably just use regular network stuff to find out.
03:13 hemebond e.g., netstat, firewalls, etc.
03:14 hemebond netstat -anp | grep 4505
03:14 hemebond That shows me the connections to the master.
03:14 Derailed cheers. that will work if I have to use it -- was hoping there was a salt-specific way of checking
03:15 hemebond Only works if they have public IPs of course as NAT will just show the firewall they're going out through.
03:15 hemebond Not that I know of. It's not really required here anyway.
03:17 flowstate joined #salt
03:20 jimklo joined #salt
03:24 John_Kang joined #salt
03:25 jimklo joined #salt
03:36 kusen joined #salt
03:38 DEger joined #salt
03:47 PerilousApricot joined #salt
03:49 onlyanegg joined #salt
03:50 mpanetta joined #salt
03:52 pipps joined #salt
04:00 Sammichmaker joined #salt
04:05 armguy joined #salt
04:07 beardedeagle joined #salt
04:09 beardedeagle joined #salt
04:12 kusen joined #salt
04:15 telx joined #salt
04:27 DEger_ joined #salt
04:32 onlyanegg joined #salt
04:46 Bryson joined #salt
04:47 krymzon joined #salt
04:51 pipps joined #salt
04:53 rdas joined #salt
04:54 justanotheruser joined #salt
04:56 krazyj joined #salt
04:56 krazyj hi all.. does one know how someone might write a state for the iptables module for this iptables config:
04:56 krazyj -A INPUT ! -i lo -d 127.0.0.0/8 -j REJECT
04:56 krazyj the invert rule on the interface + destination throws me off
04:59 kusen joined #salt
05:00 zer0def joined #salt
05:04 DarkKnightCZ joined #salt
05:05 krazyj joined #salt
05:16 flowstate joined #salt
05:20 jimklo joined #salt
05:27 pipps joined #salt
05:31 jimklo joined #salt
05:45 keimlink joined #salt
05:47 jxm_ joined #salt
05:48 armguy joined #salt
06:00 sknebel joined #salt
06:01 colttt joined #salt
06:04 ivanjaros joined #salt
06:17 flowstate joined #salt
06:22 onlyanegg joined #salt
06:31 jimklo joined #salt
06:33 jhauser joined #salt
06:35 rubenb joined #salt
06:39 coredumb morning
06:45 JohnnyRun joined #salt
06:55 CeBe joined #salt
07:04 edrocks joined #salt
07:04 deus_ex joined #salt
07:05 jeddi joined #salt
07:08 infrmnt joined #salt
07:13 haam3r joined #salt
07:17 flowstate joined #salt
07:17 ronnix joined #salt
07:20 ronnix joined #salt
07:20 Elsmorian joined #salt
07:20 ivanjaros joined #salt
07:23 onlyanegg joined #salt
07:31 ivanjaros joined #salt
07:40 ninjada_ joined #salt
07:42 dariusjs joined #salt
07:43 krymzon joined #salt
07:49 bocaneri joined #salt
07:58 keimlink joined #salt
07:59 sandro_ joined #salt
08:00 kbaikov joined #salt
08:05 geomacy joined #salt
08:06 west575_ joined #salt
08:08 AndreasLutro joined #salt
08:18 ilbot3 joined #salt
08:18 Topic for #salt is now Welcome to #salt! | Latest Versions: 2015.8.12, 2016.3.3 | Support: https://www.saltstack.com/support/ | Logs: http://irclog.perlgeek.de/salt/ | Paste: https://gist.github.com/ (please don't multiline paste into channel) | See also: #salt-devel, #salt-offtopic | Ask with patience as we are volunteers and may not have immediate answers
08:19 elektrix joined #salt
08:20 unusedPhD_ joined #salt
08:21 dariusjs joined #salt
08:23 franzjosef joined #salt
08:25 narfology joined #salt
08:26 CeBe joined #salt
08:26 mage_ is there a simple way to make a "virtual"-like minion?
08:27 mage_ in my case I have two machines on top of CARP and I'd like that the "virtual" minion points to the MASTER
08:29 narfology I had to setup my salt master from scratch. Now the minions complain about the changed master key. How to get the minions to accept the new master?
08:34 KingOfFools joined #salt
08:35 Mattch joined #salt
08:37 AndreasLutro remove the existing master key somewhere in /etc/salt/pki
08:41 scooby2 joined #salt
08:45 losh joined #salt
08:46 AndreasLutro also look into using a master signing key
08:47 narfology AndreasLutro: I found the solution, I added the master's fingerprint in /etc/salt/minion
08:48 p4ulie joined #salt
08:48 ozux is it possible to add "environment" conditions in if statement  when writing "State Formulas?" (Instead of writing different sls files and putting in environments?)
08:49 ozux environment in context of prod,dev,staging, ...
08:49 p4ulie joined #salt
08:49 DarkKnightCZ joined #salt
08:49 N-Mi joined #salt
08:52 ronnix_ joined #salt
08:52 haam3r joined #salt
08:55 p4ulie joined #salt
08:57 fannet joined #salt
08:57 ninjada joined #salt
08:58 fannet_ joined #salt
09:00 potens joined #salt
09:03 elenhil joined #salt
09:04 elenhil Hello, Guys!
09:04 elenhil Does anybody know, whether standart syslog-ng formula support binary logic?
09:04 elenhil smth like this *filter f_debug { level(debug) and not facility(auth, authpriv, news,  mail); };*
09:11 ninjada joined #salt
09:12 KingOfFools joined #salt
09:14 rbrennan joined #salt
09:15 s_kunk joined #salt
09:18 flowstate joined #salt
09:19 ninjada joined #salt
09:24 onlyanegg joined #salt
09:24 SunGod joined #salt
09:25 Sylvain31 joined #salt
09:26 hemebond ozux: You can reference environment variables in states via grains.
09:27 ozux hemebond: Environments as Salt Environment I mean, like Prod, test or Dev
09:27 hemebond Actually, you probably won't be able to because the minion doesn't load environment variables.
09:27 hemebond Uh, I'm confused. I thought you meant _not_ Salt environments.
09:41 scc joined #salt
09:48 oznt joined #salt
09:50 dariusjs joined #salt
09:50 haam3r joined #salt
10:04 ilbot3 joined #salt
10:04 Topic for #salt is now Welcome to #salt! | Latest Versions: 2015.8.12, 2016.3.3 | Support: https://www.saltstack.com/support/ | Logs: http://irclog.perlgeek.de/salt/ | Paste: https://gist.github.com/ (please don't multiline paste into channel) | See also: #salt-devel, #salt-offtopic | Ask with patience as we are volunteers and may not have immediate answers
10:06 Sylvain31 found: from master: "salt-cp -E dns0 config/git_need_update.sh /root"
10:08 felskrone joined #salt
10:09 ninjada joined #salt
10:10 giany hi, I'm trying to run openssl command on a minion and even though it executes the command properly salt exists with failure, I see this while running : unable to write 'random state' , any idea what could it be?
10:11 Sylvain31 giany: paste some state and error in your favorite pasting service…
10:14 giany http://pastebin.com/DHAfvRkR
10:15 Sylvain31 cmd.script as a runas: do you have the good permission
10:15 Sylvain31 ?
10:15 flowstate joined #salt
10:15 ninjada joined #salt
10:16 Sylvain31 did  you run the script salt://general/tls/create-tls.sh on the minion manually? how?
10:17 giany i run it like this : salt -ldebug  'server' state.sls general.tls
10:17 giany it should be running as root
10:26 Sylvain31 giany: try "salt-cp 'server' salt://general/tls/create-tls.sh /root" or some source path variant that works, then ssh to the minion and try /root/create-tls.sh /root" or some source path variant that works, then ssh to the minion and try /root/create-tls.sh /root" or some source path variant that works, then ssh to the minion and try /root/create-tls.sh +agrs if any, also try salt-call -ldebug state.sls
10:27 Sylvain31 general.tls on the minion
10:27 Sylvain31 hum, copy/paste fail…
10:28 oznt can anyone help me figure out why my reactor isn't working? http://pastebin.com/gtk06Ymr , the first reactor to clean /opt/ is working, the second one to start nginx isn't
10:28 Sylvain31 giany: some duplicate, just ignore redundant ;)
10:40 JohnnyRun joined #salt
10:50 dariusjs joined #salt
10:52 ninjada joined #salt
10:54 ninjada_ joined #salt
10:57 flowstate joined #salt
11:06 edrocks joined #salt
11:09 ninjada joined #salt
11:16 flowstate joined #salt
11:18 fredvd joined #salt
11:18 toanju joined #salt
11:19 yuhlw_ joined #salt
11:23 agend joined #salt
11:25 onlyanegg joined #salt
11:30 teryx510 joined #salt
11:31 amcorreia joined #salt
11:44 ninjada joined #salt
11:45 mpanetta joined #salt
11:46 quasiben joined #salt
11:53 SubOracle joined #salt
11:56 hoonetorg joined #salt
11:58 GnuLxUsr joined #salt
11:58 hoonetorg joined #salt
11:58 haam3r joined #salt
12:03 barmaley joined #salt
12:03 inad922 joined #salt
12:06 ozux__ joined #salt
12:13 oliver_are joined #salt
12:16 oliver_are Hi, I'm not able to find a state for creating multiple directories (mkdir -p /a/b/c/d) it would be great if someone help me with this.
12:17 flowstate joined #salt
12:18 babilen oliver_are: https://docs.saltstack.com/en/latest/ref/states/all/salt.states.file.html#salt.states.file.directory
12:19 ronnix joined #salt
12:19 babilen (cf. makedirs option)
12:20 potens joined #salt
12:22 oliver_are file.directory:
12:22 oliver_are - user: {{ deploy_usr }}
12:22 oliver_are - group: {{ deploy_usr }}
12:22 oliver_are - makedirs: True
12:22 oliver_are this is not working
12:23 oliver_are /a/b/c/d:
12:23 oliver_are file.directory:
12:23 oliver_are - user: {{ deploy_usr }}
12:23 oliver_are - group: {{ deploy_usr }}
12:23 oliver_are - makedirs: True
12:23 babilen http://refheap.com, http://paste.debian.net, https://gist.github.com, http://sprunge.us, …
12:23 babilen Could you pass "- name: /a/b/c/d" explicitly and what does that do?
12:25 oliver_are even putting the name is not helping out
12:25 AndreasLutro I guess the user you want to create the directory as/for needs permissions to create said directory
12:26 AndreasLutro if the directory you're trying to create is *actually* /a/b/c/d
12:26 oliver_are http://pastebin.com/ZhQK5Kzx
12:26 AndreasLutro seems like that's working/
12:26 AndreasLutro ?
12:27 AndreasLutro oh nevermind, I see
12:27 oliver_are I'm not sure why this is happening
12:28 AndreasLutro either you're checking the wrong host or there's another state (or something outside of salt) deleting the directory after your state finishes
12:28 AndreasLutro those are my 2 guesses
12:29 oliver_are Ok, but I dont have a ghost in my machine, :)
12:30 oliver_are its just not creating the directory
12:30 AndreasLutro I wouldn't assume that's the case
12:30 oliver_are I'm able to create one single directory
12:31 AndreasLutro you could try to run `salt-call -l debug` to get more information about what's going on when it's running the state
12:31 AndreasLutro on the target host
12:31 oliver_are ok let me try that
12:32 edrocks joined #salt
12:33 oliver_are http://pastebin.com/TYwUm2ws
12:33 PerilousApricot joined #salt
12:33 zer0def joined #salt
12:34 AndreasLutro I said salt-call on the target host
12:34 AndreasLutro also I'm going to bet that the reason the directory gets deleted is that your git state fails
12:36 oliver_are hoo
12:36 oliver_are http://pastebin.com/NCwssqqy
12:36 oliver_are Can you please point we where I'm wrong
12:36 oliver_are *me
12:37 edrocks joined #salt
12:37 AndreasLutro read what I just wrote
12:38 oliver_are yes but git state comes next to file.directory
12:39 numkem joined #salt
12:39 oliver_are I'm just trying to understand how it can make a file.directory state to stop working
12:39 AndreasLutro could be some logic in the git state code that deletes the directory if git clone fails
12:40 AndreasLutro or git could do it by itself
12:41 zer0def guys, quick question about the supervisord module - has anyone ever tested it against supervisord <3.2 ?
12:41 AndreasLutro in fact, if I `mkdir test && git clone https://github.com/asdf/asdf test`, git removes the directory
12:42 zer0def it seems like proces groups behave differently because of how `supervisorctl` works differently
12:42 oliver_are hoo
12:43 oliver_are ok I'll fix git clone first and then let me try
12:48 ozux joined #salt
12:48 impi joined #salt
12:51 oliver_are @AndreasLutro Thank you, you are right :)
12:57 ninjada joined #salt
13:01 GnuLxUsr joined #salt
13:03 ninjada joined #salt
13:04 geomacy joined #salt
13:16 flowstate joined #salt
13:26 onlyanegg joined #salt
13:29 DarkKnightCZ joined #salt
13:30 giany I'm trying to pass to an orchestrate a pillar argument , salt-run -l debug state.orchestrate orch.nginx pillar='{"server": "boo"}' , problem is that I keep getting his message: http://pastebin.com/mSEimPfv  ..note that if i run through a state..or if i create a pillar file it works properly, only issue when passing arguments to orchestrate
13:33 ozux__ joined #salt
13:38 ninjada joined #salt
13:39 west575 joined #salt
13:42 Tanta joined #salt
13:44 Shirkdog joined #salt
13:44 Shirkdog joined #salt
13:51 subsignal joined #salt
13:51 perfectsine joined #salt
13:52 DarkKnightCZ joined #salt
13:55 jeddi joined #salt
13:59 edrocks joined #salt
14:01 mpanetta joined #salt
14:01 Brew joined #salt
14:02 perfectsine_ joined #salt
14:04 Cottser joined #salt
14:04 mpanetta joined #salt
14:06 bluethundr joined #salt
14:10 DEger joined #salt
14:10 telx joined #salt
14:15 MadHatter42 joined #salt
14:16 ZachLanich joined #salt
14:16 flowstate joined #salt
14:18 tmclaugh[work]_ joined #salt
14:20 bluethundr hey guys.. I'm trying to put an amazon ec2 instance into us-east-1a, but for some reason it ain't happening
14:20 bluethundr I get an error saying that the region isn't valid, but it seems right to me
14:20 bluethundr https://gist.github.com/bluethundr/5afa8d0d3dcc2700cb590e4fa38a444c
14:20 bluethundr can someone offer a suggestion?
14:24 bowhunter joined #salt
14:25 subsignal joined #salt
14:26 onlyanegg joined #salt
14:32 pipps joined #salt
14:33 Tanta_G joined #salt
14:34 XenophonF us-east-1a isn't a region, it's an availability zone
14:34 XenophonF us-east-1 is the region
14:35 DEger joined #salt
14:36 XenophonF salt-cloud location==AWS region
14:36 jespada joined #salt
14:38 iggy giany: try enclosing that in quotes
14:39 mohae joined #salt
14:40 pipps99 joined #salt
14:43 bluethundr XenophonF: ok let me try that
14:43 bluethundr hold on
14:44 bluethundr actually I'm trying to set the location and availability zone
14:45 armonge joined #salt
14:45 MajObviousman joined #salt
14:45 bluethundr I find that if I use location: ap-northeast-1
14:45 armonge joined #salt
14:45 bluethundr availability_zone: ap-northeast-1a
14:45 bluethundr that works
14:45 bluethundr but what I want to do is put the instances into us-east-1a
14:46 bluethundr is that the same? I'm not famliar with ap-blah availability zones
14:48 XenophonF bluethundr: do you actually have subnets in that AZ?
14:49 adelcast joined #salt
14:49 Tanta_G um that's asian pacific
14:49 XenophonF bluethundr: e.g., in my AWS account, in us-east-1, in the default VPC, I only have subnets in us-east-1b, -1d, and -1e
14:49 winsalt_ joined #salt
14:50 bluethundr hmmm let me check
14:50 bluethundr Tanta_G: ok thanks for the info
14:51 Tanta_G ap-northeast is around the Singapore area
14:51 bluethundr cool good to know
14:52 jhauser joined #salt
14:53 bluethundr XenophonF: yeah you're right, I need to check what AZs are available under our account
14:53 bluethundr ours has less, just 1d and 1e
14:53 bluethundr guess I'll work with that
14:53 bluethundr thanks for the top
14:53 bluethundr tip
14:53 XenophonF you can add a subnet in us-east-1a
14:53 XenophonF if you really want to
14:54 pipps joined #salt
14:55 bluethundr hmm ok
14:55 XenophonF i wouldn't bother, personally
14:55 bluethundr maybe, I want to see what happens when I select one that I see available
14:55 bluethundr yeah not worth the effort I think
14:56 pipps99 joined #salt
14:56 bluethundr yeah us-east-1d worked
14:56 bluethundr cool
14:56 winsalt_ anyone here use vault with saltstack?
14:57 mjimeneznet joined #salt
14:58 XenophonF not yet but it's on my roadmap
14:58 mjimeneznet Hi! Is any way to reset cache on a minion? I did the highstate and still trying the old configuration
14:59 winsalt_ xenophonf, do you think you will be letting the minions get secrets from vault directly, or pass it through the master?
14:59 XenophonF i'm not sure yet
14:59 bluethundr but now I'm getting a profile error
14:59 bluethundr https://gist.github.com/bluethundr/31b0578ce7dec14a43295db40d32abdd
14:59 XenophonF my naive approach would be to go through pillar
15:00 XenophonF i was taking about pillar/gpg/sdb/vault last week with babilen
15:06 hoonetorg hi
15:07 hoonetorg i hv a question, whe a salt-formula is licensed under Apache and deploys a file which is licensed under gpl
15:07 Brew joined #salt
15:07 hoonetorg is that OK?
15:07 hoonetorg or must the formula then be dual licensed?
15:08 hoonetorg because of the apache / gpl incompatibility?
15:08 mjimeneznet joined #salt
15:12 XenophonF which file hoonetorg?
15:12 p4ulie joined #salt
15:12 hoonetorg conntrackd: primary-backup.sh is licensed under gps
15:12 babilen hoonetorg: I would be very surprised if that constitutes derivative work .. I mean you can copy proprietary software with scp or store it on a Linux system and whatnot, but IANAL
15:12 hoonetorg *gpl
15:13 hasues joined #salt
15:13 hoonetorg and i want to deploy it with my salt-conntrack-formula
15:13 hoonetorg (currently working on that)
15:13 XenophonF hoonetorg: what's the URL? i can't find it
15:14 hoonetorg not pushed yet my formula
15:15 XenophonF i see a bunch of lgpl stuff in saltstack formulas
15:15 hasues left #salt
15:16 XenophonF i could potentially see a license conflict when using an APL2 template to generate a GPL program
15:17 XenophonF i dunno
15:17 XenophonF i'm not a lawyer, this isn't legal advice, etc
15:17 ksk joined #salt
15:17 ksk hola
15:17 hoonetorg https://packages.debian.org/stretch/amd64/conntrackd/filelist
15:18 hoonetorg XenophonF ^^^
15:18 ksk Im looking at salt.modules.mysql.query; It says "Run an arbitrary SQL query and return the results or the number of affected rows.
15:18 XenophonF wait are you just installing that package using that formula?
15:18 hoonetorg no
15:18 ksk " -why does it say "OR" - how can I affect what I get back from using that function? thanks..
15:18 hoonetorg i wanted to ship it
15:18 hoonetorg but i will do a salt.cp
15:19 hoonetorg instead for debian and rhel
15:19 hoonetorg and use the shipped version of the package
15:19 hoonetorg that should be ok
15:20 ozux joined #salt
15:21 jimklo joined #salt
15:24 ageorgop joined #salt
15:27 beowuff joined #salt
15:28 flowstate joined #salt
15:31 ksk It depends on if your query starts with "SELECT". oh boi!
15:32 dendazen joined #salt
15:33 XenophonF bluethundr: are you certain that the security groups and subnets you've specified all live in the same VPC in the same region?
15:34 catpig joined #salt
15:38 bluethundr Hey XenophonF ... I tinkered with the config a bit, and I think I got this working
15:38 bluethundr https://gist.github.com/bluethundr/87ebc8d08eb14185ac60284f61e8abe6
15:38 bluethundr I just gave the command salt-cloud -p base_ec2_public my_server_name
15:39 bluethundr and it seems to be running.. no errors have happened (yet) ;)
15:39 bluethundr been like that for a few minutes
15:39 bluethundr does this command usually take a while to run?
15:40 bluethundr usually when commands take a while around here, we chant "no whammies, no whammies, no whammies"
15:40 bluethundr lol
15:41 bluethundr ah dammit
15:41 bluethundr we got a whammie
15:41 ponyofdeath joined #salt
15:41 bluethundr Error: There was a profile error: Unable to get IP for 00:10:00.
15:41 bluethundr interesting one tho.. what could be causing that?
15:42 Renich joined #salt
15:42 Rkp it could take a bit for an IP to be assigned to the server while AWS is instanciating your server, and your salt-cloud server likely expects to be able to SSH to it in the end
15:43 bluethundr yeah ok. it does
15:44 Rkp AssociatePublicIpAddress: False < I assume this option might mean your server will never obtain a public IP address
15:44 bluethundr Rkp: yes that is correct
15:44 bluethundr the place I'm in now doesn't want them
15:45 bluethundr they're actually a big no no cuz we have very priviliged information
15:45 bluethundr have to jump through hoops to get a public IP approved
15:45 Rkp which means you might have to fiddle with your salt cloud profile that you posted to either tell on which interface / IP your salt-cloud daemon thing should try to connect
15:46 Rkp on another platform (not AWS) I had to use ssh_interface: for that
15:46 bluethundr hmm ok
15:46 bluethundr I'll see what I can do
15:46 bluethundr thanks
15:46 Rkp or you might have to tell salt-cloud not to try to connect at all
15:46 bluethundr hmm ok....how do I tell it to do that?
15:46 Rkp salt-cloud --no-deploy can help with that if that's what you expect you should do
15:47 bluethundr it should be deployed.. but only with a private IP, not a public one
15:47 Rkp you can still configure the server yourself without having to SSH to it if you handle it with a userdata_file
15:47 jgarr anyone running a salt master in a container?
15:48 bluethundr hmm ok
15:48 Rkp or whatever it is on aws, the options are very platform specific
15:48 jgarr production salt master (not testing)
15:48 bluethundr yep
15:48 Rkp for instance on my platform I pass it an option like userdata_file: /etc/salt/cloud-init/bootstrap.sh
15:48 ageorgop joined #salt
15:48 Rkp disclaimer I only use the thing, no idea if that's the proper way to do it
15:49 Rkp the salt-cloud documentation is quite lacking and I had to dig into the code to actually know what it tries to do
15:50 bluethundr oh wow.. yeah ok
15:50 bluethundr thanks
15:50 bluethundr I'll try to work with this
15:52 Rkp https://docs.saltstack.com/en/latest/topics/cloud/aws.html for the main options you might have some luck with the doc (they do mention userdata_file and ssh_interface)
15:52 bluethundr oh, really cool
15:52 bluethundr thanks for the info
15:53 johnkeates joined #salt
15:53 godlike joined #salt
15:53 godlike joined #salt
15:55 Rkp for more in-depth stuff like deploying volumes along with your instance you might need to dig into the salt-cloud code or the API reference of your specific platform if your use case is not covered in the examples, to see what exactly salt-cloud can accept
15:56 Salander27 joined #salt
15:56 flowstate joined #salt
15:58 tiwula joined #salt
15:59 edrocks joined #salt
15:59 flowstate joined #salt
16:00 LiamMon joined #salt
16:02 p4ulie joined #salt
16:03 west575 joined #salt
16:06 bluethundr whoa!! it works
16:06 bluethundr I have a new ec2 instance via salt
16:06 bluethundr now let me see if I can actually ssh in
16:08 heaje joined #salt
16:08 Rkp you should be able to, although if you have not set up anything through either letting salt-cloud ssh to it, or through a user script, the box will be just like if you had created it from amazon
16:09 Rkp and salt might believe it has some key already set up for it which might not be the case
16:09 subsignal joined #salt
16:11 PerilousApricot joined #salt
16:15 pipps joined #salt
16:15 beardedeagle joined #salt
16:17 bluethundr Rkp: yeah cool
16:17 bluethundr except I'll have to wait a while to find out
16:17 bluethundr it's one of our custom company AMIs
16:17 bluethundr it takes a 1/2 hour to spin up
16:17 bluethundr before its ready
16:18 capri joined #salt
16:19 sjorge joined #salt
16:23 cyborg-one joined #salt
16:25 ozux joined #salt
16:27 oliver_are joined #salt
16:32 ivanjaros joined #salt
16:32 woodtablet joined #salt
16:32 Cottser joined #salt
16:34 impi joined #salt
16:34 onlyanegg joined #salt
16:36 Trauma joined #salt
16:41 ageorgop joined #salt
16:43 haam3r joined #salt
16:49 toastedpenguin joined #salt
16:49 Shirkdog joined #salt
16:52 Cottser joined #salt
16:53 pipps joined #salt
16:53 impi joined #salt
16:54 edrocks joined #salt
16:59 Cottser joined #salt
17:00 west575_ joined #salt
17:04 pipps joined #salt
17:05 oliver_are joined #salt
17:11 pipps joined #salt
17:11 patrek joined #salt
17:13 mavhq joined #salt
17:22 west575 joined #salt
17:25 fizmat joined #salt
17:25 fizmat left #salt
17:29 mackie joined #salt
17:33 mackie hello! so I have an utterly simple `file.managed` state that updates the contents of `/proc/sys/kernel/core_pattern` to something of my choice, set explicitly with: `contents: {{ core_dump_path}}/core.%e.%p`. When I apply this state.. I see something truly bizarre: `Comment: Unable to manage file: [Errno 2] No such file or directory: '/proc/sys/kernel/core_patternVozChg'`
17:34 mackie every time I go to apply the state, I see a different suffix on the file path: `/proc/sys/kernel/core_patterneRsPeC`, `/proc/sys/kernel/core_pattern16WgfG`, etc
17:34 mpanetta mackie: I bet it is trying to make a tmp file and can't do it.
17:34 mpanetta Since you can't create files in proc.  It isn't a normal filesystem.
17:35 mackie oooo... that's really insightful.. that sounds right
17:35 mackie yes, hmm... that poses an interesting problem
17:35 mackie so I have to use a `cmd.run` state with `echo` or some crap :(
17:35 mpanetta quite, never thought about managing files in proc, but it is definitely something one would want to do.
17:35 mpanetta Probably :/
17:36 mpanetta Actually, I would file a bug maybe.
17:36 mackie yea, it seems reasonable
17:36 mackie thanks!
17:36 mpanetta Donno why they are creating the tmp file next to the original.  It should probably be in /tmp
17:36 mpanetta mackie: no problem :)
17:37 mackie aye
17:37 jenastar joined #salt
17:39 Elsmorian joined #salt
17:39 pipps joined #salt
17:40 notnotpeter joined #salt
17:50 StolenToast joined #salt
17:52 shalkie joined #salt
17:53 shalkie joined #salt
17:54 ageorgop joined #salt
17:54 tapoxi joined #salt
17:56 oliver_are joined #salt
17:58 armonge_ joined #salt
17:59 haam3r joined #salt
18:06 west575_ joined #salt
18:15 sp0097 joined #salt
18:24 flowstate joined #salt
18:25 onlyanegg joined #salt
18:28 subsignal joined #salt
18:40 armonge joined #salt
18:40 perfectsine joined #salt
18:41 toanju joined #salt
18:49 onlyanegg joined #salt
18:50 DEger joined #salt
18:58 toastedpenguin anyone using a state to sync the contents of an s3 bucket to a minion?
18:58 jimklo joined #salt
18:59 edrocks joined #salt
19:06 whitenoise joined #salt
19:09 DEger joined #salt
19:09 DEger joined #salt
19:11 pipps joined #salt
19:25 pppingme joined #salt
19:25 mattbillenstein joined #salt
19:26 mattbillenstein any advice on what I'm doing wrong here?  https://gist.github.com/mattbillenstein/e35733a8ca428b7292bacbcfda34ee1e
19:27 ThierryR joined #salt
19:28 gimpy2938 joined #salt
19:28 ThierryR joined #salt
19:29 gimpy2938 I'm getting an error due to a ":" character in an SLS file but I need it for the grep to work, how can I get around this?  https://gist.github.com/jwhite530/565226ae1ab02d0de402e47f34d93a57
19:30 pipps joined #salt
19:30 heaje gimpy2938: Shot in the dark here, but what if you put quotes around that whole value for the "unless" key?
19:31 babilen heaje: - unless: "parted" ~  {{ disk }} "print | grep -q 'Partition Table: unknown'"
19:31 babilen ?
19:31 babilen unless: "parted " ~  {{ disk }} ~ " print | grep -q 'Partition Table: unknown'"
19:31 gimpy2938 welp, doing this worked, though I didn't expect it to:  unless: "parted {{ disk }} print | grep -q 'Partition Table: unknown'"
19:32 babilen Or use |format(...)
19:32 babilen Why didn't you expect it to?
19:32 gimpy2938 because I'm an idiot?
19:32 babilen heh
19:32 heaje gimpy2938: Doing that forced the yaml interpreter to read the value as a string as opposed to trying to evaluate it as more yaml
19:32 gimpy2938 also too used to tool that take command lines very literally
19:36 Tanta you can use jinja substitution within a state declaration
19:36 Tanta the jinja renders before anything is processed
19:37 pipps joined #salt
19:43 mrBen2k2k2k_____ joined #salt
19:55 jimklo joined #salt
19:57 Elsmorian joined #salt
19:59 blue0ctober joined #salt
20:00 blue0ctober joined #salt
20:03 pipps joined #salt
20:04 FroMaster joined #salt
20:07 flowstate joined #salt
20:11 sp0097 joined #salt
20:11 spuder joined #salt
20:15 mrBen2k2k2k_____ joined #salt
20:16 mattbillenstein when calling mine.get from the cli — which function is actually called in python?  I can't seem to find it — I've stuck a 'duh ' in both modules.mine and runners.mine and it doesn't raise...
20:16 XenophonF mpanetta: i'll bet that temp files aren't created in /tmp b/c one cannot assume it's the same file system as the file being edited/replaced
20:17 ageorgop joined #salt
20:20 felskrone joined #salt
20:22 toastedpenguin if you have defined IAM creds in the master conf for access to AWS, do S3 specific IAM creds need to use used or will salt us the pre-existing AWS IAM creds for s3?
20:24 pipps joined #salt
20:24 XenophonF toastedpenguin: what do you mean by "defined IAM creds in the master conf for access to AWS"?
20:24 XenophonF b/c you can specify AWS credentials in a couple of different settings IIRC
20:25 XenophonF e.g., there's s3.key and s3.keyid for s3fs
20:26 spuder joined #salt
20:27 DammitJim joined #salt
20:27 XenophonF if you put an AWS API key into the salt-minion config, e.g., for use with boto, that won't be accessible by salt-master even if they're both running on the same server
20:33 pipps joined #salt
20:35 pipps joined #salt
20:36 toastedpenguin XenophonF: for salt-cloud there are IAM creds defined
20:36 mattbillenstein afaict mine.get doesn't support compound matchers?
20:37 ageorgop joined #salt
20:37 toastedpenguin I am realizing that the s3 creds could be the same keys as the salt-cloud IAM creds but since they are defined in a salt-cloud provider conf file salt may or may not have access to it
20:37 sporkd2 joined #salt
20:38 babilen mattbillenstein: it does, you have to set expr_form
20:38 toastedpenguin XenophonF: I'd want the keys protected so does that mean putting them in pillar data?
20:40 sporkd2 hey all, I'm trying to use s3 ext_pillars for the first time, I've got the config in my master and can verify that the master is caching the file from s3 [DEBUG   ] Cached file: path=/var/cache/salt/master/pillar_s3fs/base/ but im getting
20:40 sporkd2 "Specified SLS 'github' in environment 'base' is not available on the salt master".. any suggestions?
20:41 toastedpenguin I am testing it with a single minion and I defined s3.keyid, s3.key and s3.service_url for the minion in question
20:42 toastedpenguin when I execute s3.get on the minion I get an error: http://pastebin.com/fzRj5qgH
20:43 sporkd2 u need to set your region it seems toastedpenguin
20:46 toastedpenguin sporked2: I am using s3.location: which specifies the region, where else do I need to set it?
20:46 toastedpenguin in the request?
20:49 mattbillenstein @babilen ah, I see — I understand what the examples mean there now
20:49 mattbillenstein in the doc
20:50 babilen mattbillenstein: great :)
20:51 babilen mattbillenstein: expr_form is being used in other places also (e.g. the REST API). So if you ask yourself "How to switch matchers?" again in the future look if the method/function you are calling accepts that argument
20:56 winsalt_ If I wanted to write a custom module that took a function as a parameter, does anyone have a good idea on how someone would pass that function at the cli?
20:58 babilen winsalt_: I have no idea, but if you want to get into HOF and want to specify them ad-hoc, you might be looking at lambda
20:58 jimklo joined #salt
20:58 babilen winsalt_: Absolutely not sure if that works, but then .. why not?
20:58 mattbillenstein cool, thx — now I need to figure out why network.interfaces isn't returning any data
20:58 mattbillenstein the matcher with grains.items works
20:59 hemebond mattbillenstein: Salt Mine?
20:59 winsalt_ yeah, i tried a lambda, but at the cli it gets treated as a string and I get "str is not callable".
21:00 mattbillenstein hmm, yeah, seems like its working now ;/
21:00 babilen mattbillenstein: Don't use network.interfaces, but network.ipaddrs and match based on cidr. We had problems after hardcoding interfaces in lieu of actual networks. That function also takes a 'type' argument for public/private (which is often the only thing you need)
21:01 babilen mattbillenstein: Well, use it if it is appopropriate (not here to tell you what to do)
21:02 babilen +speling
21:03 babilen winsalt_: pesky
21:03 babilen winsalt_: I haven't played with that, but that was my "might be worth a try" approach
21:05 winsalt_ thanks, i was thinking of eval. but its not worth going into at the moment.  It works perfectly fine in a python file
21:06 babilen winsalt_: This is where a LISP would come in handy .. you'd just pass in a list and call it
21:06 mattbillenstein @babilen yeah, that's a more direct route — mine.get is returning nothing again for either of those
21:06 mattbillenstein this is weirdly inconsistent
21:07 mattbillenstein eh, think I was getting the output of grains.items
21:08 babilen mattbillenstein: Did you define suitable mine function aliases for that?
21:08 babilen (and update the mine)
21:10 jimklo joined #salt
21:11 queso joined #salt
21:13 mpanetta XenophonF: Ah good point.
21:13 mattbillenstein @babilen I only set mine_interval: 5 in the minion config
21:13 queso Hi, all.  I'm new to salt and trying to figure out how to add a managed apt repository to a debian minion.  The repository is for postgres.  Seems to work except I can't figure out how to get the repository's gpg public key installed.  Here's what I'm using:  http://dpaste.com/3GF6WQ6  To accomplish this "manually" from the command line, I would do this:  wget --quiet -O - https://www.postgresql.org/media/keys
21:13 mpanetta There should probably just be a generic module for accessing files in proc.
21:14 queso /ACCC4CF8.asc | apt-key ...
21:14 queso ... add -
21:14 babilen mattbillenstein: And you define them in pillars? Have you update pillars? I'd do that and run mine.update for good measure
21:15 queso Oh, wait, maybe that worked.
21:17 mattbillenstein @babilen maybe I'm missing this piece — I can just put mine_functions in any pillar?
21:18 babilen mattbillenstein: Oh, absolutely .. that's the easiest and best way to do it (IMHO)
21:18 babilen Just define a pillar with the mine function aliases in them
21:18 mattbillenstein cool, will give that a go
21:18 babilen http://paste.debian.net/829993/ for example
21:19 west575 joined #salt
21:19 pipps joined #salt
21:23 babilen mattbillenstein: ^
21:25 pipps joined #salt
21:26 Trauma joined #salt
21:31 jmedinar joined #salt
21:31 jmedinar Question... How can I set a Jinja variable of a value coming from a Pillar?
21:31 jmedinar {% set location = pillar.get('app:location') %}
21:32 Renich joined #salt
21:33 jmedinar I understand I can take it directly from the pillar where I need it but is just too much text and not easy to read
21:34 babilen Not pillar.get(...), but salt['pillar.get'](...) if you want nested lookups
21:35 jmedinar mmm let try I am pretty sure I tried that already ... 1 min
21:37 jmedinar yup it works thanks babilen
21:37 babilen yq
21:37 babilen yw
21:38 babilen pillar.get() uses the standard Python .get method, that doesn't support nested lookups (which is a pain in the arse in Python also)
21:44 subsignal joined #salt
21:51 euidzero joined #salt
21:51 mschiff joined #salt
21:51 mschiff joined #salt
21:51 rodr1c joined #salt
21:51 rodr1c joined #salt
21:51 hosttor joined #salt
21:51 DaveQB joined #salt
21:51 jxm_ joined #salt
21:51 izibi joined #salt
21:51 sknebel joined #salt
21:51 FroMaster joined #salt
21:51 voxpop joined #salt
21:51 rem5 joined #salt
21:51 lubyou joined #salt
21:51 sp0097 joined #salt
21:51 riftman joined #salt
21:52 woodtablet joined #salt
21:52 lahwran joined #salt
21:52 justanotheruser joined #salt
21:53 ecdhe joined #salt
21:56 TyrfingMjolnir joined #salt
21:57 ToeSnacks joined #salt
21:58 hacks joined #salt
21:58 flowstate joined #salt
22:03 Armadillo joined #salt
22:09 ninjada joined #salt
22:10 Hydrosine joined #salt
22:14 Jarus joined #salt
22:16 kiorky joined #salt
22:17 rem5_ joined #salt
22:20 adongy joined #salt
22:40 pipps joined #salt
22:46 sp0097 joined #salt
22:47 pipps99 joined #salt
22:50 ninjada joined #salt
22:55 sagerdearia joined #salt
22:58 teryx510 joined #salt
23:00 mattbillenstein eh, tricky thing with mine_functions is it seems I need to restart the minion for it to pick them up
23:03 jmedinar Question... I have 3 similar states on a single SLS file .... for the most doing the same with little differences and all work fine except the last one... is not code but it throw this error message
23:03 jmedinar \'ascii\' codec can\'t decode byte 0xc2 in position 13: ordinal not in range(128)
23:04 ninjada joined #salt
23:04 jmedinar I am using some Pillar data ... wondering if there might be any problem with the pillar data itself
23:09 jmedinar I found the problem... It was a Single Blank space at the end of the pillar definition
23:09 jmedinar ~~
23:13 sagerdearia joined #salt
23:14 amcorreia joined #salt
23:18 dendazen joined #salt
23:30 oida joined #salt
23:32 sp0097 joined #salt
23:40 sp0097 left #salt
23:41 alxchk joined #salt
23:43 angvp1 joined #salt
23:43 t0m0 joined #salt
23:44 armguy joined #salt
23:44 pcdummy joined #salt
23:44 pcdummy joined #salt
23:45 Ashald joined #salt
23:45 gmoro joined #salt
23:46 pocketprotector joined #salt
23:46 hacks joined #salt
23:52 spuder joined #salt
23:52 graffic joined #salt
23:52 graffic joined #salt
23:52 tristianc joined #salt
23:54 pcdummy joined #salt
23:54 pcdummy joined #salt
23:54 Hydrosine joined #salt
23:55 oida joined #salt
23:56 ninjada joined #salt
23:58 Trauma joined #salt
23:59 flowstate joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary