Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2016-10-10

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:05 nineteen joined #salt
00:14 nineteen joined #salt
00:26 nineteen joined #salt
00:26 jeddi joined #salt
00:31 scoates joined #salt
00:35 nineteen joined #salt
00:42 DEger joined #salt
00:46 nineteen joined #salt
00:48 DEger joined #salt
00:53 hemebond Is there a way to pre-accept a minion by its ID?
00:56 nineteen joined #salt
01:05 nineteen joined #salt
01:06 DEger joined #salt
01:11 catpiggest joined #salt
01:14 jagguli joined #salt
01:15 jagguli hi when will the saltstack repos be updated with 2016.3.4 ?
01:15 hemebond Has 2016.3.4 been released?
01:15 jagguli oh
01:16 jagguli thought it was sorry
01:16 hemebond ???? No worries
01:17 jagguli hmm it shouws up in previous releases https://docs.saltstack.com/en/latest/topics/releases/
01:17 jagguli but release branch is still 2016.3.3
01:17 hemebond LOL, interesting.
01:17 nineteen joined #salt
01:18 hemebond I guess it's just pre-emptive release notes.
01:18 hemebond Recording as they go.
01:18 jagguli yeuh
01:18 jagguli lot missing int that tho
01:19 hemebond Missing?
01:19 hemebond You mean the 2016.3.4 release notes?
01:19 jagguli yea
01:19 jagguli i wish there was an RC package
01:19 hemebond Well, that's what I mean by "recording as they go".
01:19 hemebond They'll update the release notes as more things are changed and fixed.
01:20 hemebond Not sure if they do RCs for minor updates.
01:20 jagguli hmm
01:20 jagguli oh well just have to wait
01:21 nsidhu <hemebond> use the reactor system, and listen for the appropriate messages, the data has the minion id, you can filter the minions you want and then add them using https://docs.saltstack.com/en/latest/ref/wheel/all/salt.wheel.key.html
01:22 nsidhu an example is here : https://docs.saltstack.com/en/latest/topics/reactor/#a-complete-example
01:22 hemebond nsidhu: Yeah that's how I currently have it. I was just wondering if there was a way to pre-accept it instead of reacting to the auth request.
01:22 nsidhu nope ...
01:23 nsidhu afaik ....
01:23 hemebond Dang. Not even if I create a file in minions_autosign? How does that directory work?
01:24 nsidhu One way arround it would be to use : https://docs.saltstack.com/en/latest/topics/tutorials/preseed_key.html
01:24 hemebond That's how I'm handling the active creation.
01:24 hemebond But I'm trying to figure out different methods for autoscaling.
01:25 nsidhu my brain pot is emptry ..... <scratches head> !!!
01:25 hemebond I was thinking of something like "there is an autoscaling instance on its way with the ID blah1, accept it automatically when it tries to authenticate"
01:25 nineteen joined #salt
01:28 JoeJulian joined #salt
01:29 Mate joined #salt
01:29 swills joined #salt
01:30 carmony joined #salt
01:31 lionel joined #salt
01:31 bergei joined #salt
01:31 filippos joined #salt
01:31 aitrus joined #salt
01:31 wm-bot4 joined #salt
01:31 duckfez joined #salt
01:32 Qlawy joined #salt
01:33 iggy hemebond: yes, you can use autosign_file for that (accepts minion IDs, globs, and regexes)
01:33 hemebond So I just create an empty file with the name matching the minion ID?
01:35 nineteen joined #salt
01:35 Cidan joined #salt
01:35 iggy autosign_file is different than minions_autosign... might want to check the docs on the former
01:36 hemebond Yeah, still trying to find info about how to use them.
01:38 Garo_ joined #salt
01:38 mavhq joined #salt
01:41 sebastian-w joined #salt
01:46 hemebond A file with a name matching the minion ID works.
01:46 hemebond Oh it removed the file too. Nice.
01:47 ilbot3 joined #salt
01:47 Topic for #salt is now Welcome to #salt! | Latest Versions: 2015.8.12, 2016.3.3 | Support: https://www.saltstack.com/support/ | Logs: http://irclog.perlgeek.de/salt/ | Paste: https://gist.github.com/ (please don't multiline paste into channel) | See also: #salt-devel, #salt-offtopic | Ask with patience as we are volunteers and may not have immediate answers
01:52 edrocks joined #salt
01:54 DEger joined #salt
01:55 nineteen joined #salt
01:58 fgimian joined #salt
02:06 nineteen joined #salt
02:14 swills_ joined #salt
02:17 nineteen joined #salt
02:23 evle joined #salt
02:25 sjmh_ joined #salt
02:26 nineteen joined #salt
02:32 ekristen joined #salt
02:35 nineteen joined #salt
02:37 arthurchiao joined #salt
02:45 nineteen joined #salt
02:51 ekristen joined #salt
02:51 ekristen joined #salt
02:52 ekristen joined #salt
02:53 ekristen joined #salt
02:54 ekristen joined #salt
02:54 nineteen joined #salt
03:05 nineteen joined #salt
03:13 hemebond Blast. I wish the SQS engine added the queue name to the event tag.
03:15 nineteen joined #salt
03:26 nineteen joined #salt
03:37 nineteen joined #salt
03:40 Coldness joined #salt
03:41 Coldness Is there someone here who can help me out a bit? :)
03:41 hemebond Coldness: Depends entirely on the problem :-)
03:42 Criggie Coldness: depends - if you're complaining of blue balls... probably not.
03:43 Coldness I'm trying to create a state that ensures that a user and DB exists in MySQL, but I have a problem: I need python-mysqldb installed for it to work.
03:43 Coldness So I add a state that ensures that it's installed, but it still won't work before on the next run.
03:44 binocvlar Coldness: is the error the same after installing python-mysqldb?
03:44 hemebond Have you setup your DB and User states to depend on it?
03:44 hemebond Oh, it doesn't work at all.
03:45 nineteen joined #salt
03:45 Coldness Yes, it depends on it. I'm starting to think that the salt-minion need to run again for it to work to be able to detect that python-mysqldb is installed?
03:45 whytewolf reload_modules
03:46 whytewolf https://docs.saltstack.com/en/latest/ref/states/index.html#reloading-modules
03:47 whytewolf pkg.installed does support reload_modules if you are installing through pkg.installed
03:47 Coldness Oh! Thanks, I'll see if I can get it working now! I thought that was the problem since it worked on the second run, but I found no solution after hours of googeling. :D
03:54 edrocks joined #salt
03:55 nineteen joined #salt
04:01 Deliant joined #salt
04:05 Coldness Hmm, still can't get it to work. :/ I removed most of the stuff and now I'm down to the basics: http://pastebin.com/7tLqvjJe
04:06 hemebond Your indentation is wrong.
04:06 hemebond No wait...
04:06 hemebond That just how it was rendered. My bad.
04:06 Coldness The error: http://pastebin.com/JhHJwXyG
04:06 hemebond Where is your reload_modules?
04:07 hemebond So it can't login as root.
04:07 hemebond Are you able to login as root?
04:07 hemebond From the local machine?
04:07 Coldness It works if I rerun it, then there is no error..
04:08 hemebond And it creates the database and user?
04:08 Coldness Yep
04:08 Coldness The database gets created. Adding "reload_modules" did nothing.. :S
04:10 Coldness Run 1: http://pastebin.com/mp7ipvMu Run 2: http://pastebin.com/NYBVGxMe
04:11 hemebond Could it be a race condition?
04:12 Coldness Hmm, I don't see how, since it requires the packages to be installed? But I know basically nothing about salt, so.. Would be nice if I could get this working tho, would love to try salt out properly :)
04:12 hemebond But it also requires the service to be running, no?
04:13 hemebond What if you add a state to make sure the service is running and depend on that?
04:13 hemebond service.running
04:13 nineteen joined #salt
04:14 iggy that error definitely doesn't look like the module is missing... more like permissions
04:15 Coldness I'll try to ensure that it's running first and see if that works. :)
04:16 hemebond The database really does exist after the second run, yeah?
04:16 Coldness Yep, and on the third run i get: "Database example is already present" :)
04:17 armguy joined #salt
04:24 Coldness Just to make sure I'm getting the ordering right: The way it's listen in the log is the way it was executed, right? :)
04:24 hemebond Yes
04:25 Coldness I added a service.running that says: Comment: The service mysql is already running, and then the "has-db" state runs and fails. So the DB is in fact running, hmm..
04:27 hemebond Then I guess something else is preventing Salt from logging into the database.
04:27 hemebond Your has-db is depending on the service.running, yeah?
04:29 Coldness The error is Access denied for user 'root'@'localhost', but it works on the second run – always – so.. I did a test now by not installing the python-mysqldb package, and then I get the same error every time so...
04:30 hemebond Did you actually do the reload_modules thing?
04:30 hemebond I don't see it in your states.
04:30 hemebond Though it seems odd it would attempt to login if it doesn't even have the module.
04:30 Coldness Yeah, I added it under pkg.installed, I guess that's where it's supposed to go? :)
04:30 Coldness "- reload_modules: true"
04:31 hemebond yeah
04:35 nineteen joined #salt
04:36 Coldness Made no difference. :/ Reload modules, what exactly is it supposed to do? I'm not that familiar with python and what the definition of a module is, or how the salt minion works. Does salt just execute one task after the other, or does it create a new process for each state?
04:37 hemebond A Python module is like a library.
04:37 hemebond When you start salt-minion it loads modules.
04:37 hemebond But won't load any modules that were installed afterwards.
04:37 hemebond (while already running)
04:38 hemebond I'm not sure what salt-minion does with processes/threads, etc.
04:39 Coldness That's what I was thinking too, so reload_modules restarts the process to load in modules? It makes sense, but on the other side it doesn't since it's not working? I'm so confused with this, hehe.
04:42 rdas joined #salt
04:45 DEger joined #salt
04:46 nineteen joined #salt
04:46 Coldness I'm running on updated Ubuntu 16.04, using the 2015.8.8 version that's included in the official ubuntu repositories, if that matters.
04:49 justanotheruser joined #salt
04:49 armguy joined #salt
04:54 nineteen joined #salt
04:56 rhawk_ joined #salt
04:58 hemebond You should use the official Saltstack repos.
05:02 Coldness I might change, but right now I'm just trying to figure out how it works. Not being able to install packages and then check that a DB exists is not a good start, ehh.. :/
05:03 Coldness https://gist.github.com/anonymous/d1d014d51c8521f592fed15b6cec029a <- That's where I'm at now, with no change, still the same message and "has-db" still fails on the first run.
05:05 nineteen joined #salt
05:05 Coldness Either I'm doing something wrong, or the reload_modules isn't working, or the reload_modules doesn't do what I/we think it does.
05:06 hemebond Well Utah Dave had the same answer here http://stackoverflow.com/questions/30306693/using-saltstack-to-create-a-mysql-database
05:09 hemebond So the Salt mysql module is only loaded if mysql is installed, I guess.
05:09 rdas joined #salt
05:10 hemebond And reload_modules forces Salt to re-evaluate that.
05:12 hemebond You could also try out the MySQL formula.
05:13 Coldness Hmm... I replaced mariadb with mysql to see if it changed anythong, but no. :/
05:13 Coldness MySQL formula? :)
05:13 hemebond https://github.com/saltstack-formulas/mysql-formula
05:13 hemebond So you just define the data in a Pillar and let the formula do it all for you.
05:14 hemebond Oh, but you're using MariaDB
05:15 hemebond Hopefully you could just override the relevant properties to install that instead.
05:25 nineteen joined #salt
05:33 smcquay joined #salt
05:34 nineteen joined #salt
05:40 netcho joined #salt
05:40 felskrone joined #salt
05:40 m4rx joined #salt
05:44 nineteen joined #salt
05:46 Athlon joined #salt
05:46 Athlon TOPIC
05:54 sh123124213 joined #salt
05:54 nineteen joined #salt
05:56 edrocks joined #salt
06:01 colttt joined #salt
06:04 nineteen joined #salt
06:04 ivanjaros joined #salt
06:14 nineteen joined #salt
06:15 komputes joined #salt
06:24 nineteen joined #salt
06:27 iggy there's nothing official until it's on salt-announce
06:28 John_Kang joined #salt
06:29 nidr0x joined #salt
06:34 nineteen joined #salt
06:39 sgo_ joined #salt
06:41 coming joined #salt
06:44 nineteen joined #salt
06:45 cosming joined #salt
06:45 evle joined #salt
06:47 DEger joined #salt
06:55 nineteen joined #salt
07:07 nineteen joined #salt
07:07 DEger joined #salt
07:14 nineteen joined #salt
07:15 ronnix joined #salt
07:22 toanju joined #salt
07:23 jhauser joined #salt
07:27 jas02 joined #salt
07:43 keimlink joined #salt
07:45 krymzon joined #salt
07:50 Reverend joined #salt
07:50 JohnnyRun joined #salt
07:53 nineteen joined #salt
07:54 mavhq joined #salt
07:54 Nils- joined #salt
07:57 mavhq joined #salt
07:57 edrocks joined #salt
07:58 mikecmpbll joined #salt
07:59 kbaikov joined #salt
08:02 impi joined #salt
08:03 babilen joined #salt
08:04 nineteen joined #salt
08:07 narfology joined #salt
08:08 sh123124213 joined #salt
08:09 ivanjaros joined #salt
08:09 lero joined #salt
08:14 PhilA__ joined #salt
08:15 sergeyt joined #salt
08:17 nineteen joined #salt
08:17 PhilA_ joined #salt
08:18 geomacy joined #salt
08:21 s_kunk joined #salt
08:24 Rumbles joined #salt
08:25 nineteen joined #salt
08:28 Mattch joined #salt
08:33 theblazehen_ joined #salt
08:33 nineteen joined #salt
08:33 Electron^- joined #salt
08:34 SaltyVagrant joined #salt
08:35 N-Mi joined #salt
08:35 N-Mi joined #salt
08:45 david__ joined #salt
08:45 lempa joined #salt
08:46 voileux_ joined #salt
08:46 nineteen joined #salt
08:47 Jimlad_ joined #salt
08:47 yuhlw_____ joined #salt
08:48 useruoi joined #salt
08:48 J0hnStee- joined #salt
08:49 Taytay joined #salt
08:49 wwalker_ joined #salt
08:49 mortis_ joined #salt
08:49 LiamMon joined #salt
08:50 Kruge_ joined #salt
08:50 pprkut_ joined #salt
08:50 ixxs joined #salt
08:50 elektrix_ joined #salt
08:50 lv__ joined #salt
08:50 Rkp_ joined #salt
08:51 flebel_ joined #salt
08:53 TomJepp_ joined #salt
08:53 brucewang joined #salt
08:53 aberdine_ joined #salt
08:53 bbradley joined #salt
08:53 ksa_ joined #salt
08:53 MK_FG joined #salt
08:53 MK_FG joined #salt
08:53 coldbrew- joined #salt
08:53 emid_ joined #salt
08:54 mrMute_ joined #salt
08:54 NightMonkey_ joined #salt
08:54 coldbrew| joined #salt
08:54 RobertLaptop_ joined #salt
08:54 Ludo_ joined #salt
08:55 pocketprotector joined #salt
08:55 armin_ joined #salt
08:55 nineteen joined #salt
08:58 cebreidian joined #salt
08:59 sybix joined #salt
09:01 gmoro joined #salt
09:01 jas02 joined #salt
09:01 hoonetorg joined #salt
09:01 wendall911 joined #salt
09:01 codehotter joined #salt
09:01 Qwazerty joined #salt
09:01 sgo_ joined #salt
09:01 Sauvin joined #salt
09:02 cscf joined #salt
09:02 ecdhe joined #salt
09:02 eightyeight joined #salt
09:02 debian112 joined #salt
09:02 afics joined #salt
09:03 StolenToast joined #salt
09:03 monokrome joined #salt
09:04 nineteen joined #salt
09:08 DEger joined #salt
09:14 DEger joined #salt
09:14 nineteen joined #salt
09:20 DEger joined #salt
09:28 Rumbles joined #salt
09:29 adb-mz joined #salt
09:30 DEger joined #salt
09:34 nineteen joined #salt
09:38 DEger joined #salt
09:39 sh123124213 joined #salt
09:40 N-Mi joined #salt
09:40 N-Mi joined #salt
09:46 nineteen joined #salt
09:52 AirOnSkin joined #salt
09:52 DEger joined #salt
09:54 nineteen joined #salt
09:58 DEger joined #salt
09:59 catpig joined #salt
09:59 edrocks joined #salt
10:01 bryang joined #salt
10:04 nineteen joined #salt
10:05 fredvd joined #salt
10:08 DEger joined #salt
10:12 mavhq joined #salt
10:13 ivanjaros joined #salt
10:13 nineteen joined #salt
10:16 netcho joined #salt
10:23 DEger joined #salt
10:28 Electron^- joined #salt
10:35 nineteen joined #salt
10:38 DEger joined #salt
10:42 sh123124213 joined #salt
10:42 mavhq joined #salt
10:43 nineteen joined #salt
10:44 lorengordon joined #salt
10:51 Electron^- joined #salt
10:53 nineteen joined #salt
10:54 DEger joined #salt
10:55 XenophonF joined #salt
11:02 nineteen joined #salt
11:06 mavhq joined #salt
11:11 sgo_ joined #salt
11:13 nineteen joined #salt
11:23 nineteen joined #salt
11:23 tellendil joined #salt
11:23 aidin joined #salt
11:24 tellendil Hi ! I've got a problem setting up a lxc provider with salt-cloud. I always get "Configured provider [name] is unreachable". If I run salt "*" test.ping, the provider responds. Would someone has an idea ? I'm using salt version 2016.3.3
11:28 wsayo joined #salt
11:30 ProT-0-TypE joined #salt
11:34 nineteen joined #salt
11:36 amcorreia joined #salt
11:36 ProT-0-TypE joined #salt
11:37 narfology What's the conceptual difference between a formula and just another state in /srv/salt/base? When should I put something in a formula, when in a normal state?
11:38 abednarik joined #salt
11:39 sergeyt joined #salt
11:39 yuhlw_____ joined #salt
11:40 rsys joined #salt
11:45 nineteen joined #salt
11:50 enginx joined #salt
11:50 enginx hi guys
11:50 enginx even thoght i set consul.token in salt master, so i cannot read pillar data which is stored in consul
11:52 nineteen joined #salt
11:52 enginx http://pastebin.com/xQmQkHPa
11:54 enginx we enabled acl settings in consul server, so would like to read pillar data in saltstack boron (2016.3.3) using consul with token ID
11:54 enginx any ideas ?
11:55 _JZ_ joined #salt
12:01 edrocks joined #salt
12:02 nineteen joined #salt
12:12 babilen narfology: There is no difference .. a formula is simply an elaborated state that supports various platforms (distributions and releases) that is primarily configured via pillars
12:12 babilen See it as "best practices" for states
12:17 nineteen joined #salt
12:23 nineteen joined #salt
12:27 Electron^- joined #salt
12:30 edrocks joined #salt
12:31 felskrone joined #salt
12:33 nineteen joined #salt
12:37 keimlink joined #salt
12:40 netcho joined #salt
12:42 cyborg-one joined #salt
12:42 nineteen joined #salt
12:44 sh123124213 joined #salt
12:46 mavhq joined #salt
12:51 mrud joined #salt
12:52 sergeyt joined #salt
12:54 Ahlee_ joined #salt
12:54 nineteen joined #salt
12:55 aidin_ joined #salt
12:56 Electron^- joined #salt
12:56 enginx anyone no idea ?
12:58 mavhq joined #salt
13:04 nineteen joined #salt
13:05 ekristen joined #salt
13:06 abednarik joined #salt
13:10 scoates joined #salt
13:12 DEger joined #salt
13:13 nineteen joined #salt
13:16 west575 joined #salt
13:17 jas02 joined #salt
13:23 nineteen joined #salt
13:31 DEger joined #salt
13:33 nineteen joined #salt
13:40 amontalban joined #salt
13:40 amontalban joined #salt
13:44 nineteen joined #salt
13:46 _KaszpiR_ hey, question, I just started reading about salt, and all commands are executed on salt master, or via salt-ssh directly on minions, bus is there an option to send commands from dedicated minion and then master would propagate further?
13:47 cmarzullo You can do that. But it's best to be avoided. That would mean if you have a compromised minion you could exectute commands to wipe disks anywhere.
13:47 cmarzullo However you can use the salt api to do something like that.
13:47 cmarzullo Or you have a minion send a message on the bus which a reactor on the master is listening to.
13:48 cmarzullo Like a minion sends a message 'add me to loadbalancer' which the master sees then tells the loadbal to add the minion
13:49 _KaszpiR_ my idea would be something like 'my whitelisted laptop /keys can send message to salt master', something like proxying messages
13:49 _KaszpiR_ just want to avoid to ssh to salt master
13:51 _KaszpiR_ yeah I guess acessing salt api could do the trick
13:52 cmarzullo There's some community projects to allow that type of thing. Pepper? I can't remember.
13:52 racooper joined #salt
13:53 Tanta joined #salt
13:54 nineteen joined #salt
13:55 _KaszpiR_ oh yeah something like that, thanks
13:59 narfology babilen: thanks. so if I wanted to add default users/pubkeys for our operation (sysadmin) team, should I make a formula or add a state?
14:00 amontalban joined #salt
14:00 Athlon joined #salt
14:00 babilen narfology: We are using https://github.com/saltstack-formulas/users-formula
14:01 babilen "formula" is really just a name
14:02 mpanetta joined #salt
14:03 nineteen joined #salt
14:10 netcho_ joined #salt
14:10 useruoi joined #salt
14:14 nineteen joined #salt
14:15 ProT-0-TypE joined #salt
14:17 mapu joined #salt
14:19 Electron^- joined #salt
14:20 ronnix joined #salt
14:21 abednarik joined #salt
14:23 nineteen joined #salt
14:25 ccard joined #salt
14:25 KingOfFools left #salt
14:25 ccard Is anyone working on a fix for https://github.com/saltstack/salt/issues/19869?
14:25 saltstackbot [#19869][OPEN] Salt don't seem to set $HOME when issuing commands | Hi,...
14:25 KingOfFools joined #salt
14:26 gtmanfred Not afaik, it isn't assigned to anyone
14:26 lompik joined #salt
14:26 gtmanfred and is not slated to get fixed in the next sprint
14:27 KingOfFools Is there a 'none' template for file.managed or something? I'm trying to copy jinja.file which should not be interpretated by salt.
14:27 gtmanfred yeah, by default, template is set to none, and the jinja in the file shouldn't be rendered by default unless you set template: jinja
14:28 amontalban joined #salt
14:28 amontalban joined #salt
14:28 KingOfFools gtmanfred: you are wrong. 'template
14:28 KingOfFools The named templating engine will be used to render the appended-to file. Defaults to jinja.'
14:29 gtmanfred well that changed
14:29 AndrewPashkin joined #salt
14:30 gtmanfred you could wrap you whole file in {%- raw %} and jinja won't template the stuff in between, but i think you can just set template: None
14:31 gtmanfred wait, are you doing file.append?
14:31 gtmanfred file.managed has no default
14:31 gtmanfred file.append defaults to jinja it looks like
14:32 gtmanfred yes, looking at the code, that is correct, file.managed is defaulted to NOne
14:33 KingOfFools gtmanfred: maybe older version of salt? I have 2016.3.2 and its trying to interpretate file.
14:33 DammitJim joined #salt
14:33 nineteen joined #salt
14:33 gtmanfred are you using file.append or file.managed?
14:34 gtmanfred 2016.3 and develop default to None
14:34 gtmanfred so is 2015.8
14:34 KingOfFools gtmanfred: managed.
14:34 gtmanfred it defaults to None, i am looking at the 2016.3 branch
14:36 gtmanfred https://github.com/saltstack/salt/blob/v2016.3.2/salt/states/file.py#L1088
14:36 gtmanfred file.append defaults to jinja, which is where you copied the docs from above
14:38 KingOfFools gtmanfred: hm.. looks like if template file is ending with '.jinja' salt trying to interpretate it as jinja.
14:38 gtmanfred and here is where it templates https://github.com/saltstack/salt/blob/v2016.3.2/salt/states/file.py#L1538
14:38 ccard gtmanfred: thanks. I've found that adding runas=<user> to the salt command forces HOME to be set, so I can work round the issue.
14:38 KingOfFools gtmanfred: i guess i was wrong. Sorry for offending :D
14:38 gtmanfred no worris :)
14:39 gtmanfred ccard: cool
14:39 gtmanfred KingOfFools: no offense taken! :P
14:42 netcho_ joined #salt
14:42 KingOfFools gtmanfred: yea, and i was looking in wrong place looks like. Salt does not interpretate '.jinja' as jinja if not jinja template specified.
14:43 gtmanfred :)
14:43 KingOfFools gtmanfred: I'm just patching salt with salt and mixed up errors
14:44 KingOfFools :D
14:44 sergeyt joined #salt
14:44 nZac joined #salt
14:44 DammitJim ok, I think it is time for me to take the plunge and target my minions properly
14:44 DammitJim *sigh*
14:44 amontalban joined #salt
14:44 amontalban joined #salt
14:44 nineteen joined #salt
14:44 DammitJim do you guys recommend managing that through a template of the /etc/salt/minion file?
14:45 sh123124213 joined #salt
14:46 DammitJim to set grains
14:46 gtmanfred so, if you save it on the minion, if someone compromises the minion, they can change their roles and effectively change their targeting.  It would be better to use nodegroups or pillars for targeting
14:47 DammitJim gtmanfred, I appreciate that!
14:47 whytewolf i at no time recomend targetting with grains
14:47 DammitJim node group targeting sounds like a good way of doing it
14:47 eprice joined #salt
14:48 DammitJim obviously in node groups, we can define the same minion in multiple groups, right?
14:48 johnkeates joined #salt
14:48 gtmanfred yes
14:49 gtmanfred it is just basically aliasing a -C match
14:49 DammitJim then when I create a new server and I add it to the new groups
14:49 DammitJim how do I have salt configure it?
14:49 sergeyt joined #salt
14:49 DammitJim or do I have to run salt against the whole group?
14:50 gtmanfred you can target it directly by name
14:50 gtmanfred or target the whole group
14:50 gtmanfred https://docs.saltstack.com/en/latest/topics/targeting/nodegroups.html
14:50 Coffey joined #salt
14:50 Tanta I use a bootstrap script that figures out which load balancer a system is attached to, and derives the minion ID based on that and some other metadata... the pillars and salt states target minions based on the minion's ID, it all works out nicely
14:50 DammitJim oh, but I cannot associate states to it.. that still needs to be done on /srv/salt/top.sls, right?
14:50 gtmanfred you can associated states to the nodegroup in top.sls
14:51 whytewolf you can target node groups in states
14:52 whytewolf - match: nodegroup
14:53 DammitJim oh yeah?
14:53 DammitJim AWESOME!!!!
14:53 impi joined #salt
14:55 whytewolf as for earlyer about if a minion can be in more then one nodegroup not only that but you can if you want have nodegroup target nodegroup. so being in one group automaticlly puts you in another
14:55 Pintonium joined #salt
14:55 deus_ex joined #salt
14:56 nineteen joined #salt
14:58 whytewolf also Tanta approch is closer to my own. I do use pillar roles targetting in my states. but in pillar it is 100% based on minion id. and the way the minions are named.
14:58 DammitJim nice
14:58 DammitJim thanks
14:58 DammitJim whytewolf, I am having a hard time with the server names (they are starting to become almost just serial numbers)
14:58 DammitJim so, no patterns
14:59 Tanta if a hostile actor somehow takes over a bootstrapping machine, or gains control of another finished machine, they can try to change the ID and run various states, but I store secrets separately using another set of security controls
14:59 Tanta the goal is to make it so frustrating for attackers that they hopefully give up
15:00 jas02 joined #salt
15:06 gtmanfred they cannot change the id and access other states
15:06 gtmanfred because you should have to accept a new key
15:06 nineteen joined #salt
15:06 gtmanfred and either way, they can access all the states, the only thing you are hiding is pillar data
15:06 whytewolf well i think thats why she said captured a machine during bootstrap
15:07 jeddi joined #salt
15:07 gtmanfred but you would still have to accept the key that is different than the name it is bootstraping with
15:08 whytewolf depends. if she is masterless. no accept needed.
15:09 whytewolf and states could be behind different repos that the bootstrap script determins which ones to add
15:09 whytewolf but just guessing
15:09 gtmanfred that is fair, that could do it
15:15 nineteen joined #salt
15:19 netcho_ joined #salt
15:22 west575 joined #salt
15:24 nineteen joined #salt
15:30 keimlink joined #salt
15:32 sp0097 joined #salt
15:32 mavhq joined #salt
15:34 nineteen joined #salt
15:35 nZac joined #salt
15:35 sergeyt joined #salt
15:38 jdipierro joined #salt
15:42 sergeyt joined #salt
15:43 Bacon joined #salt
15:43 Bacon Good morning!
15:45 sp0097 left #salt
15:46 nineteen joined #salt
15:49 scoates joined #salt
15:56 nineteen joined #salt
16:00 sh123124213 joined #salt
16:02 morissette joined #salt
16:04 onlyanegg joined #salt
16:04 nineteen joined #salt
16:14 nineteen joined #salt
16:18 nZac joined #salt
16:18 mavhq joined #salt
16:19 majuscule I'm having a strange issue where SaltRenderError: Jinja variable 'salt.utils.templates.AliasedLoader object' has no attribute 'cmd', inside a reactor file
16:19 BattleChicken1 joined #salt
16:19 majuscule where I am running salt.cmd.run('host ' + name + ')
16:20 majuscule where I am running salt.cmd.run('host ' + name)
16:20 gtmanfred i believe that only runners are available inside reactor files, since it is being rendered on the master
16:21 woodtablet joined #salt
16:24 jab416171 I have a multimaster setup. If I remove the ability for a salt minion to resolve one of the masters, then none of the masters can talk to it
16:24 nineteen joined #salt
16:25 majuscule gtmanfred: it does seem to be working for me in a vagrant master/minion setup which is why i am confused by this behavior, but is there an alternative approach i should be looking at?
16:25 majuscule gtmanfred: to be clear, i was expecting this to be run on the master as it is rendered
16:25 gtmanfred majuscule: there is no runner module for cmd, so it won't be there
16:30 lero joined #salt
16:32 whytewolf well. hold on the saltutil that gets used in salt.saltutil.runner is the exacution module one since the runner version doesn't have that option. so the jinja render on the master should have access to the modules. however they most likely still require a minion to be installed on the master for the modules to at least be there
16:32 BaconManMaster joined #salt
16:33 BaconManMaster Greetings!
16:33 cmarzullo o/
16:33 whytewolf Hello BaconManMaster
16:34 BaconManMaster Is there a way to manipulate a managed config file using grains in a single state.apply?
16:34 Trauma joined #salt
16:34 nineteen joined #salt
16:34 whytewolf um.... huh
16:35 whytewolf {{salt.grains.get('grain:you:want')}}
16:35 BaconManMaster IE: {% set ip = salt['grains.get']('ip4_interfaces:eth0') %} and have the managed file include the line "interface = {{ ip }}
16:36 whytewolf yeah... that really doesn't care how you run the state
16:36 _KaszpiR_ joined #salt
16:36 BaconManMaster cool, thanks so much!
16:36 whytewolf also i would sugest moving to useing salt.network.ip_addrs instead of calling the grain
16:36 whytewolf ...
16:37 whytewolf or jump out of the channel before any other advice can be given
16:39 Athlon joined #salt
16:40 edrocks joined #salt
16:40 Athlon joined #salt
16:40 Athlon joined #salt
16:41 Deliant joined #salt
16:51 mikecmpbll joined #salt
16:53 sergeyt joined #salt
16:54 nineteen joined #salt
16:55 m4rx joined #salt
16:55 ivanjaros joined #salt
16:56 pipps joined #salt
16:56 impi joined #salt
16:58 pipps joined #salt
17:00 pipps joined #salt
17:01 noraatepernos joined #salt
17:02 noraatepernos I’m curious what the current consensus is on automatically accepting minion keys.  I’m trying to do everything from cloud-init.
17:03 Edgan joined #salt
17:03 heaje joined #salt
17:03 nineteen joined #salt
17:03 noraatepernos I have cloud-init scripts for aws and digital ocean and trying to get to the point where I can freely deploy on either platform.
17:04 gtmanfred it is not secure
17:04 freelock[m] oh great, does that mean I can add a minion to your master, and see your secrets? >:)
17:05 Edgan joined #salt
17:06 noraatepernos It would be cool if I could set some sort of key in the cloud-init script so that the minion would be pre-approved.
17:06 gtmanfred even if salt only listens on a private network, if someone root compromises the box, they could change the minion name, and automatically get it accepted, and possibly get the pillar data
17:06 Bryson joined #salt
17:07 gtmanfred noraatepernos: so, instead of using cloud-init to bootstrap the minion, you could use salt-cloud to bootstrap the autoscaled minion.
17:07 gtmanfred do a post hook to the minion and hook it up to this reactor
17:07 gtmanfred noraatepernos: https://github.com/saltstack-formulas/salt-cloud-reactor
17:08 Edgan joined #salt
17:08 gtmanfred if you provide the instance_id to the cloud.create runner, it will attempt to login to the minion instead of requesting a new minion from the cloud provider
17:08 gtmanfred you do need to do some work
17:08 gtmanfred digital ocean would need to be split out and have request_instance seperate from create functin
17:09 ALLmightySPIFF joined #salt
17:09 gtmanfred like the aws and nova/openstack providers are
17:09 gtmanfred noraatepernos: https://github.com/saltstack-formulas/ec2-autoscale-reactor here is an ec2 autoscale function that can use the salt-api webhook and sqs webhook notification to have the server automatically bootstrapped on boot
17:10 gtmanfred alternatively, you could use the sqs engine to get the events
17:10 noraatepernos That’s the problem I’m having.  I have a significant role across my infrastructure that includes some 80 instances across digital ocean and aws.  They all do exactly the same thing but are behind latency driven load balanced dns at aws.  I want to be able to control them all via my salt-master but I need them to spawn and die and add/clear themselves from the salt-master automatically.
17:10 Trauma joined #salt
17:10 gtmanfred so, doing that with DO will be more difficult, but you can definitely do it on aws with that ec2-autoscale-reactor
17:11 noraatepernos That’s been a big challenge.  DO keeps getting better and I’m shifting more of these endpoints away from aws.
17:13 sgo_ joined #salt
17:14 nineteen joined #salt
17:14 Edgan joined #salt
17:14 jdipierro joined #salt
17:14 scoates joined #salt
17:20 gtmanfred so, you could do the same thing, but with post_url in the cloud_init, and hitting the salt-api webhook
17:21 gtmanfred but removing servers is still a problem
17:21 gtmanfred (though, the changes I said above still need to be made to the digital ocean driver
17:21 Edgan joined #salt
17:23 Pintonium joined #salt
17:24 nineteen joined #salt
17:24 guerby joined #salt
17:25 sjoerd joined #salt
17:27 _aeris_ joined #salt
17:27 noraatepernos I was just looking at the salt-api.  I think that’s my best bet.
17:30 patrek joined #salt
17:30 gtmanfred yar, you could build a tool with a built in private key, that will tell the wheel client to accept the key of the minion, and then as part of the first highstate, delete that script, so you are only vulnerable for a very short period of time
17:30 gtmanfred would be better than leaving it open
17:37 nineteen joined #salt
17:38 mapu joined #salt
17:41 Bryson joined #salt
17:42 west575 joined #salt
17:42 mavhq joined #salt
17:44 Athlon joined #salt
17:45 sh123124213 joined #salt
17:45 nineteen joined #salt
17:46 gadams joined #salt
17:46 rogi joined #salt
17:46 netcho_ hey guys, whats the best way for having multiple nginx configs? For example i would like to have 10 configs for proxying to 10 upstream servers  on a single server.
17:47 gtmanfred drop them in conf.d or sites-enabled.d based on your distribution
17:48 woodtablet joined #salt
17:48 netcho_ maybe i asked in wronig way :) i would like to dynamically render them and reuse on per app servers
17:49 gtmanfred jinja template the .conf files
17:49 netcho_ is setting a custom grain with app name ok solution?
17:49 netcho_ for multipe not..
17:50 gtmanfred i have done stuff to list multiple app names in grains before
17:50 gtmanfred but i would not recommend targeting pillars on any grains
17:50 netcho_ ok
17:51 netcho_ how can i then tell salt  what config to use?
17:51 netcho_ for example... salt minion state.apply nginx.app1
17:52 gtmanfred you could just do nginx, and then have a jinja forloop that goes over all the applications and sets each one up
17:52 netcho_ yep that i can do, but i would liek to use it on single app servers too
17:52 netcho_ ig u get me
17:52 gtmanfred so specify the one app in the grains on the one server
17:52 netcho_ if*
17:52 netcho_ thats what i meant
17:53 netcho_ netcho_ | is setting a custom grain with app name ok solution?
17:53 gtmanfred apps:
17:53 gtmanfred - upstream1
17:53 gtmanfred - something
17:53 gtmanfred or make them dicts, with all the information about the upstreams
17:53 gtmanfred then just do a {%- for app, values in salt.grains.get('apps').items() %}
17:53 gtmanfred etc, and setup the file there, passing context through to the jinja template
17:54 Sketch gtmanfred: what do you target the pillars on instead of grains?  data in the pillar?
17:54 nineteen joined #salt
17:54 gtmanfred names, nodegroups
17:54 netcho_ thanks gtmanfred
17:54 Sketch nodegroups?
17:54 gtmanfred if you target on grains, someone can root compromise the server, change the grains, and get other secret pillars if they know what to look for
17:54 gtmanfred Sketch: nodegroups are basically just aliased -C matching
17:54 gtmanfred compound*
17:54 Sketch ah
17:55 gtmanfred but matching on grains that can be changed in /etc/salt/grains, is not good
17:55 gtmanfred https://docs.saltstack.com/en/latest/topics/targeting/nodegroups.html
17:55 Sketch yep, just reading that :)
17:55 gtmanfred since it can be changed and they can get other secret information it shouldn't get
17:55 netcho_ hm
17:55 Sketch it looks like you can target nodegroups on grains too, which would have the same security implications
17:55 Sketch (if you did that)
17:55 gtmanfred yar
17:56 gtmanfred but you could say, if debian, and has 4G of ram, be a webserver
17:56 pipps joined #salt
17:56 gtmanfred if centos and 8G of ram, you are a database server
17:56 jdipierro joined #salt
17:56 Sketch right
17:56 gtmanfred that part of the grains wouldn't be bad, it would be custom stuff in /etc/salt/grains
17:57 * gtmanfred is not sure if you can overwrite the salt.grains generated stuff with /etc/salt/grains, but that would be ...
17:57 Sketch even that stuff, you could probably override if you knew it existed
17:57 Sketch gtmanfred: i had one machine with an incorrect nodename...i deleted the grain and recreated it correctly.  seemed to work, after a minion restart.
17:57 Sketch so really, even names may not be safe ;)
17:57 Sketch (well, from grains anyway.)
17:58 gtmanfred yup, unfortunately /etc/salt/grains overwrites the system discovered grains
17:58 Sketch i guess that's not what the master uses for targeting, it uses the name it has
17:58 gtmanfred the master uses the minion_id in /etc/salt/minion_id
17:58 pipps joined #salt
17:58 gtmanfred and it has to match the key, so as long as you don't have accept set to open, you are fine
18:00 Sketch right
18:00 Criggie joined #salt
18:00 Sketch i guess once they're set, it's going to be hard to change
18:01 fxdgear joined #salt
18:02 fxdgear joined #salt
18:03 gtmanfred netcho_: should also check out https://github.com/saltstack-formulas/nginx-formula#id15
18:04 nineteen joined #salt
18:05 pipps99 joined #salt
18:06 mikecmpbll joined #salt
18:06 pipps_ joined #salt
18:07 fxhp joined #salt
18:07 woodtablet joined #salt
18:08 nixjdm joined #salt
18:10 Criggie joined #salt
18:13 nineteen joined #salt
18:13 Andrew_Shay joined #salt
18:14 Andrew_Shay I have a question about salt masterless. I installed a windows minion. And I would like to be able to use salt functionality from another machine without the master. Is it possible to still use the Python API and just set a list of hostnames to execute against?
18:15 gtmanfred you cannot
18:15 gtmanfred you need a master to be able to do that
18:15 rogi left #salt
18:15 gtmanfred that python api specifically matches with `salt \* test.ping` like commands
18:16 Andrew_Shay Hmm okay. If I install the salt master, can the master reach out to minions and have them connect? (The opposite of salt master accepting all incoming keys)
18:16 gtmanfred if you are on the minion, you could use the CallerClient python api to do salt-call type commands
18:16 Andrew_Shay Have a minion accept all master connections?
18:17 gtmanfred you cannot do that, the master is the one who accepts the connections
18:17 gtmanfred you could try salt-ssh
18:17 gtmanfred https://docs.saltstack.com/en/latest/ref/clients/#salt.client.ssh.client.SSHClient
18:17 Criggie joined #salt
18:18 Rumbles joined #salt
18:18 gtmanfred and use the SSHClient, but that would use the salt-thin client instead of the salt-minion local client installed on the machine
18:18 gtmanfred and that doesn't work on windows
18:18 Andrew_Shay Hmm okay. How does Salt support unicode chars in commands, std out etc
18:19 gtmanfred it should just support them, we are actively improving it right now though, as we make progress to move to python3
18:20 pipps joined #salt
18:21 Andrew_Shay Cool. Thanks for the help, I really appreciate it :)
18:23 gtmanfred no problem :)
18:23 nineteen joined #salt
18:24 Andrew_Shay Is the minion on github? I'm not seeing it
18:25 sergeyt joined #salt
18:28 Criggie joined #salt
18:28 gtmanfred the salt.tar.gz contains everything for the salt minion and master
18:28 gtmanfred and salt-ssh, and salt-cloud
18:29 gtmanfred for windows stuff, the packaged minions are here https://repo.saltstack.com/windows/
18:30 gtmanfred Andrew_Shay: and to just view all the minion stuff, here http://repo.saltstack.com/
18:30 gtmanfred s/minion/repo
18:30 Andrew_Shay Thanks!
18:30 misconfig joined #salt
18:31 misconfig joined #salt
18:32 sjoerd Hi all,  I'm wondering what your thoughts are on this bug that i've run into that's already open for a year: https://github.com/saltstack/salt/issues/26845
18:32 saltstackbot [#26845][OPEN] Postgres module (user_exists) doesn't work with PostgreSQL 9.5 | ```...
18:32 sjoerd Isn't that a long standing issue for something that seems pretty straightforward?
18:33 Tanta so fix the code, it's open source
18:33 iggy if it's straightforward, send a PR (is what someone who is more an asshole than I might say)
18:33 nineteen joined #salt
18:34 sjoerd If it was written in my old-timey perl then sure :) I'm not enough of a python man myself
18:35 sjoerd but I'm not trying to be negative or anything. I'm just sort of wondering out loud
18:35 ponyofdeath hi, is it possible to target a grain type in top file but then exclude certain hosts from it?
18:35 iggy sadly a lot of the modules could best be described as "community maintained"
18:35 iggy ponyofdeath: yes
18:36 lero joined #salt
18:37 ponyofdeath iggy: can you point me in the right dir
18:38 iggy ponyofdeath: 'G@some_grain and not foo*':\n  - match: compound
18:38 sjoerd iggy: interesting, I'm new to saltstack writing my first states to move over from cfengine. Perhaps this is as good as anything to look into python
18:38 ponyofdeath iggy: thanks
18:38 woodtablet left #salt
18:41 sjoerd So the modules do follow a release schedule in line with the main salt codebase or do they get updated separately?
18:42 iggy sjoerd: they get released as part of salt
18:42 jdipierro joined #salt
18:42 DEger joined #salt
18:43 jdipierro joined #salt
18:43 mikecmpbll joined #salt
18:43 nineteen joined #salt
18:43 jdipierro joined #salt
18:47 yuhll joined #salt
18:48 DEger joined #salt
18:49 jdipierro joined #salt
18:51 cosming joined #salt
18:52 cosming joined #salt
18:52 cosming joined #salt
18:52 toanju joined #salt
18:56 nineteen joined #salt
18:58 pipps joined #salt
18:59 pipps joined #salt
19:00 _AndrewPashkin_ joined #salt
19:02 raspado joined #salt
19:02 _AndrewPashkin_ Does anybody else recieves weird messages when running tests for Salt, like "[CRITICAL] Salt configured to run as user "root" but unable to switch."?
19:03 yuhll joined #salt
19:04 nineteen joined #salt
19:05 gtmanfred i have never seen that error message, but I only run integration tests on servers as the root user
19:05 Rumbles joined #salt
19:06 DEger joined #salt
19:08 _AndrewPashkin_ Hmm
19:08 _AndrewPashkin_ I use non-root user
19:08 Edgan joined #salt
19:09 gtmanfred can you try running the unittests only, and then the integration tests as the root user?
19:10 Coldness Does someone have a simple state that ensures that mariadb and python-mysqldb is installed and that a DB exists? I can't get it to work, I need to rerun it a second time to not hit an exception as(I think) the python-mysqldb is not detected when it's installed. Current sls: http://pastebin.com/0rL8PXsC
19:10 gtmanfred Coldness: do a refresh_modules: True
19:10 gtmanfred ahh, you did
19:11 systo joined #salt
19:11 gtmanfred that should work
19:12 Coldness Yeah, another guy here told me to try that, but it made no difference at all.
19:12 abednarik joined #salt
19:12 Coldness It's such a simple state, but I still can't get it to work. I would really appreciate if someone could help me out.
19:13 BattleChicken1 left #salt
19:13 Coldness It's basically a clean Ubuntu 16.04 install with the latest salt-minion, and the server is the same with the latest salt-master.
19:13 gtmanfred lemme build a server and see
19:13 nineteen joined #salt
19:14 Coldness Thanks man! :)
19:16 pipps99 joined #salt
19:17 hasues joined #salt
19:17 hasues left #salt
19:19 Athlon left #salt
19:20 Coldness This is the output: http://pastebin.com/dNNDNGpU Not that if i run state.apply once more then it all works and the DB is created. I get the same error every time if I don't have python-mysqldb installed.
19:20 Coldness Note*
19:21 gtmanfred yup i got the same error
19:21 gtmanfred i think it is caused by the dpkg stuff going on in mysql
19:21 gtmanfred have you seen the mysql salt formula yet?
19:21 Edgan joined #salt
19:22 pipps joined #salt
19:22 gtmanfred the only thing I can think of is if dpkg is changing the root users password or something
19:23 gtmanfred but the default password is empty, so it is still odd
19:23 gtmanfred https://github.com/saltstack-formulas/mysql-formula
19:24 nineteen joined #salt
19:27 Coldness Yeah, I looked at it, but didn't get any wiser.
19:28 StarHeart joined #salt
19:28 gtmanfred yeah, i don't see anything particular that would fix this for you :/
19:29 Coldness The password is empty when it's installed like that, that's correct, so I don't get what the problem is. But, note that the "Access denied" error is just shit, and is not the actual error, you get the same error as long as the python-mysqldb package is missing.
19:29 gtmanfred you could probably do noe thing
19:29 gtmanfred actually
19:29 Coldness Ok? :)
19:29 gtmanfred one second
19:29 DEger joined #salt
19:31 gtmanfred yeah, i bet what the problem is is that mysql hasn't completely started yet when the next command is about to run
19:32 Coldness Hmm, I'll try to wipe it at set up mysql before the run, just a sec :)
19:33 nineteen joined #salt
19:36 Coldness Nope, has nothing to do with that, I installed mysql-server and mysql-client manually and removed it from the state, same behavior. It looks like the reload_modules just isn't working at all? Cause all it does now is to install python-mysqldb(with reload_modules) and then ensures that a DB exists. First run(the run python-mysqldb is installed) still fails as before. :(
19:37 gtmanfred if python-mysqldb wasn't installed, there would be no exception
19:37 gtmanfred it would say that the mysql_database.present module wasn't available
19:37 gtmanfred https://github.com/saltstack/salt/blob/develop/salt/states/mysql_database.py#L30
19:38 gtmanfred https://github.com/saltstack/salt/blob/develop/salt/modules/mysql.py#L197
19:38 gtmanfred so if MySQLdb wasn't imported then it wouldn't even do anything
19:38 DEger joined #salt
19:42 Coldness "if python-mysqldb wasn't installed, there would be no exceptio" I get the same exact error if the python-mysqldb is missing, hmm..
19:43 gtmanfred you shouldn't get any exception, because the module should not be loaded...
19:43 gtmanfred check and make sure that there are no .pyc files left behind
19:44 nineteen joined #salt
19:45 Coldness Well, I do get the same error if python-mysqldb is missing, and there can't be any files left behind as I spin up an new VM for every test run.. :/
19:47 mschiff I am using state schedules via pillar. But sometimes some schedules just do not run. Any idea how to debug this?
19:47 mschiff I have one schedule with "seconds: 120" which works fine and another with 7200 which simply will not be fired
19:47 mschiff pillardata is fine when viweing via "pillar.items"
19:48 gtmanfred mschiff: check salt-call schedule.list and make sure the scheduled task is in there
19:49 DammitJim joined #salt
19:49 Coldness A free beer for whoever figures out what the problem is and can explain why and what the solution is. I'll transfer over PayPal. :) Seems like such a simple thing to do, but I've wasted tens of hours searching without figuring it out now. I really don't know salt tho, so the solution might be simple...
19:49 gtmanfred Coldness: hrm, that is weird cause that shouldn't be available at all...
19:49 kihued joined #salt
19:50 Coldness gtmanfred, yeah, I have no idea what's going on..
19:52 gtmanfred i would say open an issue on the isue tracker
19:52 kihued_ joined #salt
19:52 mschiff gtmanfred: its there, and looks good
19:53 gtmanfred have you turned on the debug log on the minion to check for errors in the logs?
19:53 mschiff currenlty I increased to info only...
19:53 DEger joined #salt
19:53 tmclaugh[work] joined #salt
19:53 nineteen joined #salt
19:53 mschiff Where I can see the 120s schedule firing every two minutes
19:53 mschiff and nothing about the other 7200seconds job
19:54 mschiff first fires one state, the second should fire two states like "args:\n  - foo1,foo2"
19:58 nicksloan joined #salt
19:59 kihued joined #salt
19:59 noraatepernos joined #salt
20:02 DEger joined #salt
20:04 pipps joined #salt
20:05 sgo_ joined #salt
20:06 vegasq joined #salt
20:07 mschiff gtmanfred: log shows "Running scheduled job:" on the expected intervals, but only the firs occurence actually starts something.. strange...
20:08 gtmanfred 7200 seconds is 2 hours right?
20:08 mschiff yes ;)
20:08 rherna joined #salt
20:08 mschiff But I found (with earlier version) that only when using seconds it was working
20:09 gtmanfred i can't think of a reason that 7200s wouldn't work... but i am busy working on something so I can't take a look right now, sorry
20:10 PhilA joined #salt
20:10 lero joined #salt
20:13 nineteen joined #salt
20:14 DEger joined #salt
20:17 beardedeagle joined #salt
20:18 Coldness gtmanfred, I created an issue, thank you for trying to helt tho. :)
20:18 Coldness help*
20:19 onlyanegg joined #salt
20:19 PhilA_ joined #salt
20:23 nineteen joined #salt
20:23 CampusD joined #salt
20:25 mikea joined #salt
20:26 mikea joined #salt
20:27 mikea Is there any way in salt to specify additional information with the key signing request?
20:28 netcho_ joined #salt
20:30 pipps joined #salt
20:31 ahammond mikea what problem are you trying to solve (and have you considered salt-cloud)?
20:32 bluethun1r joined #salt
20:33 nineteen joined #salt
20:33 mikea I'm looking for a way to authenticate key signing requests to auto sign, without just turning on auto signing
20:33 mikea we want to make sure the nodes are coming from our build server
20:33 hemebond mikea: /etc/salt/pki/master/minions_autosign/
20:34 hemebond If you touch a file in there that matches the minion ID it will automatically be accepted.
20:34 hemebond Though it depends what your setup is if that's useful.
20:35 mikea hmm
20:37 pipps joined #salt
20:41 davidhoude joined #salt
20:41 davidhoude I have a file_roots and pillar_roots that point to a different directory than base, the file will pick up the correct files when i use saltenv=newenv
20:41 davidhoude but for some reason I cannot get the pillar data to pull from the new pillar_roots location for 'newenv'
20:42 davidhoude it always gives me 'base' pillar data
20:42 iggy read about the merging
20:42 iggy (this is why I avoid salt env's like the plague)
20:43 bluethun1r hey guys.. I'm having trouble with a state that I want to use to create a VPC in AWS
20:44 bluethun1r https://gist.github.com/bluethundr/ec9a10d22eb12a954af2423b91621e98
20:44 bluethun1r I can use a show_top command see the top file listed, but I can execute a state.apply
20:44 bluethun1r can someone please take a look at the gist and let me know what you think?
20:44 bluethun1r when I run the state.apply command I'm getting an error
20:44 nineteen joined #salt
20:45 mikea ahammond, we want to automate the signing of keys, but we're operating under the assumption that just turning on autosigning is bad
20:46 mikea ahammond, so we were looking for a way to verify that the signing request came from a system that was built using our cobbler build system
20:46 iggy bluethun1r: you're missing some dependency for the boto modules (probably the right version of boto)
20:46 ahammond mikea yeah autosigning is really only for development environments, and even there, use vagrant and manage the keys that way.
20:46 bluethun1r iggy: oh ok
20:46 bluethun1r I do have boto installed
20:46 bluethun1r how do I find out the right version I need?
20:47 bluethun1r I have boto (2.42.0) and botocore (1.4.54)
20:47 iggy I would read the code, but it might be in the docs for the state module too
20:47 bluethun1r ok
20:47 ahammond mikea check out salt-cloud's baremetal provisioner or maybe the https://docs.saltstack.com/en/latest/ref/runners/all/salt.runners.manage.html#salt.runners.manage.bootstrap
20:48 bluethun1r i'll take a look
20:48 bluethun1r thanks
20:48 ahammond mikea although I think for hte manage.bootstrap, you'll probably want to wait for 2016.next
20:48 mikea we're running 2015.3 I think right now
20:49 mikea how exactly do these work?
20:49 iggy bluethun1r: https://github.com/saltstack/salt/blob/develop/salt/modules/boto_vpc.py#L180
20:50 bluethun1r got it!!
20:51 bluethun1r thanks I'll try to get the right version
20:51 ahammond mikea, https://docs.saltstack.com/en/latest/topics/cloud/config.html#saltify although from my experience nobody ate that dogfood first.
20:51 mikea does this assume that I have an ssh key on the host?
20:51 ahammond mikea yeah. and also that you can connect as root.
20:52 mikea ah, yeah, that's a no go here
20:52 mikea we disable ssh key authentication completely
20:52 mikea its dumb
20:53 nineteen joined #salt
20:53 ahammond mikea honestly, if you can solve your problem with terraform, you'll have a better experience than trying to do anything with salt-cloud.
20:53 iggy ouch
20:53 mikea we're a vmware environment
20:53 ahammond iggy don't even get me started.
20:54 mikea so until the key is accepted by the master, there's no grains or anything available to the master, right?
20:54 iggy I'm not arguing mind you... but it sounded pretty rough
20:54 iggy mikea: no
20:55 CampusD Hi guys, I am having some issues with scheduled jobs, not sure what I might be missing. https://gist.github.com/anonymous/2627c033bcf90a7912ed7e2b9589d89c
20:55 CampusD any help is appreciated
20:55 mikea no I'm not right? if I can just check for a custom grain and accept based on that I'm golden
20:55 ahammond mikea tf will drive that. Also, while I think salt headless is awesome, I think that anything involving the salt master is a Bad Idea.
20:56 bltmiller joined #salt
20:56 iggy mikea: no, the master doesn't get any data (grains, etc) from the minion before key acceptance
20:56 mikea ahammond, usually these are servers/vms that we provide to customers. We simply use salt to apply a security baseline and manage a couple of config files to ensure customers don't do DumbThings(tm)
20:56 davidhoude joined #salt
20:57 ahammond mikea ah, makes sense.
20:57 davidhoude so, I've set PILLAR_SOURCE_MERGING_STRATEGY: none and still getting pillar data from the base environment, even after clearing cache
20:58 ahammond mikea ok, I'll revise my advice. 1) use hashicorp packer to build custom images. use salt as part of the packer process to configure these images. REMOVE salt as a last step before compacting the image. 2) use hashicorp tf to distribute these images.
20:58 davidhoude is this setting only for conflicts? Can i set it to not load any pillar data from other environments?
20:58 iggy davidhoude: I don't think you can have it not merge
20:59 davidhoude fuck
21:00 ahammond CampusD my Regression of the Week the week before last was a scheduler bug. I wish you luck, but we've reverted to cron.
21:01 Rolypoly joined #salt
21:01 ahammond davidhoude salt-call --local is your friend.
21:02 pipps99 joined #salt
21:02 CampusD ahammond: I see, I may have to resort to that, was there bug report submitted? Do you know the number/id?
21:02 ahammond it doesn't relate to what you're posting. You've probably found a new one.
21:03 iggy CampusD: job_kwargs should be a dict, not a list of dicts
21:03 iggy (i.e. take out the dashes at the beginning of line 38)
21:04 iggy *dash
21:04 nineteen joined #salt
21:04 CampusD iggy: I'll give it a try
21:05 iggy you might also have to double indent that line as well
21:05 iggy (not entirely clear on what the rules are there)
21:07 CampusD iggy: you might be right, that's I see here now https://docs.saltstack.com/en/latest/ref/states/all/salt.states.schedule.html
21:08 sh123124213 joined #salt
21:12 nineteen joined #salt
21:18 Rumbles joined #salt
21:19 lero joined #salt
21:19 Edgan joined #salt
21:24 nineteen joined #salt
21:25 zulutango joined #salt
21:26 hemebond Can a reactor use file.touch?
21:26 hemebond To touch a file on the master?
21:27 hoonetorg joined #salt
21:27 hemebond I'm guessing not. Dang it all.
21:28 iggy you can target it at the minion running on the master
21:28 woodtablet joined #salt
21:28 hemebond Yeah I don't have a minion running there.
21:28 yuhll joined #salt
21:28 hemebond Going to check Wheel again to make sure I didn't miss an autosign option.
21:28 * iggy /ignores hemebond
21:28 hemebond Otherwise I'll just use a Python reactor to do it.
21:29 hemebond :-(
21:29 _KaszpiR_ shit, I actually read salt docs from the end :/
21:29 davidhoude joined #salt
21:30 s_kunk joined #salt
21:30 _KaszpiR_ question, anyone here used mcollective? wonderng how this compares to salt
21:31 _KaszpiR_ or maybe stackstorm
21:32 nineteen joined #salt
21:34 mikea Can the manage.bootstrap salt runner prompt or be given a user/password to use rather than ssh key?
21:34 pipps joined #salt
21:35 gstaniak joined #salt
21:35 gstaniak hi
21:36 gstaniak is there a way to use salt to edit/change user accounts that are within a range of uid? like e.g. change shell for every uid > 2000 and < 3000?
21:36 whytewolf mikea: you might wanna look at https://docs.saltstack.com/en/latest/topics/cloud/saltify.html instead of manage.bootstrap
21:37 iggy lol
21:40 nZac joined #salt
21:40 hemebond Is anyone else able to confirm that using key.accept_dict from WheelClient refuses to accept a dict and instead wants a list or tuple?
21:40 nZac joined #salt
21:43 mpanetta joined #salt
21:44 woodtablet joined #salt
21:45 nineteen joined #salt
21:46 rem5 joined #salt
21:47 heaje joined #salt
21:48 jdipierro joined #salt
21:50 heaje joined #salt
21:52 hoonetorg joined #salt
21:56 bbradley joined #salt
21:57 pipps joined #salt
21:59 bbradley joined #salt
22:02 onlyanegg joined #salt
22:02 nineteen joined #salt
22:03 sgo_ joined #salt
22:07 smcquay joined #salt
22:10 jdipierro joined #salt
22:10 notCalle joined #salt
22:11 mapu joined #salt
22:11 jdipierro joined #salt
22:12 jdipierro joined #salt
22:14 nineteen joined #salt
22:15 bbradley joined #salt
22:15 pipps joined #salt
22:19 netcho_ evening, having some issues with jinja forloop
22:19 netcho_ i have set this grain: salt test-app grains.setval apps "{'name': 'myapp', 'version': '1'}"
22:19 netcho_ how can i iterate trough all apps
22:20 netcho_ for example i would like to create a file called 'myapp'
22:21 netcho_ or more primitive one...  salt test-app grains.setval apps myapp
22:21 iggy {{ grains.apps.name }}
22:21 iggy that's not a list
22:22 nineteen joined #salt
22:22 netcho_ what if i have smth like this
22:22 netcho_ apps:
22:22 netcho_ - app1
22:22 netcho_ - app2
22:22 netcho_ in grains
22:23 netcho_ and i would like to create file for every app
22:23 iggy that's completely different... but something like {% for app in grains.apps %}
22:24 netcho_ yeah i tried like that but i get failed: Jinja variable 'app' is undefined
22:25 iggy you'll likely have to paste the actual code you're trying and the error output
22:25 iggy !pastebin
22:25 saltstackbot To paste snippets of code/sls/etc, please use a code paste site, such as: https://gist.github.com or http://refheap.com
22:30 mikecmpbll joined #salt
22:32 nineteen joined #salt
22:34 netcho_ geez, sorry... i had endfor in wrong place :D
22:39 Rubin I need a state to reboot a box in order for nsswitch.conf to be changed. Will calling reboot from a state break things? What's best practice?
22:43 nineteen joined #salt
22:44 babilen Rubin: https://docs.saltstack.com/en/latest/ref/states/all/salt.states.saltmod.html#salt.states.saltmod.wait_for_event
22:45 whytewolf I would say scedule a reboot using at instead of calling a reboot directly. that way you can scedule it after you know the commands will compleate. simmalar to how the upgrade in this works https://docs.saltstack.com/en/latest/faq.html#linux-unix
22:45 Rubin so we just assume salt is done running 1 minute in the future?
22:46 whytewolf i would say 5 to be safe
22:46 whytewolf but yeah pretty much
22:46 Criggie left #salt
22:46 Rubin if salt is killed mid-run what happens? does it leave a lockfile mess? or is it pretty handled?
22:46 babilen What's wrong with wait_for_event?
22:46 whytewolf wait_for_event is part of orchestration :P
22:47 whytewolf if he isn't doing orch then it does nothing
22:47 pipps joined #salt
22:47 Rubin yeah, babilen im looking for a solution on the host itself in its state files
22:47 Rubin salt just needs a flag you can set
22:47 Rubin like "needs reboot"
22:48 babilen Ah .. I wouldn't schedule a reboot as part of the highstate
22:48 Rubin and if that is set after its all done, it does that as its last thing before stopping
22:48 Rubin babilen, its only a 1 time event after its initial setup
22:48 babilen Then make it the initial orchestration
22:48 Rubin the host is not any good to anynoe till its been rebooted
22:48 whytewolf I wouldn't either. I typically do orchestration as setup and highstate as maint
22:48 babilen exactly
22:49 Rubin orchestration is like.. using salt to deploy hosts?
22:49 whytewolf https://docs.saltstack.com/en/latest/topics/orchestrate/orchestrate_runner.html#orchestrate-runner
22:50 Rubin that link explains how to use it, whytewolf, not what its for
22:50 iggy we do the at thing with order: last
22:50 whytewolf ... order: shudder
22:50 Rubin oh there is an order: last?
22:50 Rubin that would make me feel better about doing it that way
22:50 whytewolf yes, there is an order: last
22:50 iggy it's meant to be used sparingly
22:51 iggy _very_ sparingly
22:51 Rubin this would be pretty sparingly
22:51 pipps99 joined #salt
22:51 whytewolf i would set a grain so that you don't auto activate it either
22:51 whytewolf if the grain exists the state is rendered out
22:51 iggy we use /var/run/reboot-required
22:51 Rubin yeah something like the 'needs reboot' idea?
22:51 iggy any state can touch that
22:52 Rubin why a /var file and not a gain, iggy?
22:52 whytewolf ahh the creates method
22:52 whytewolf so that they can use it with creates:
22:52 Rubin oh nice
22:52 iggy then the state with order: last is protected by {% if in_provioning %}
22:52 Rubin yeah that would be good here because im running a cmd and i can have it also echo into that file
22:52 DEger joined #salt
22:53 nineteen joined #salt
22:53 iggy because /var/run will be gone after the reboot, the grain won't
22:53 Rubin how do you get in_provisioning to exist from the /var/run file?
22:53 DEger joined #salt
22:54 iggy it's more of an abstract concept
22:54 Rubin oh. so you mean something like {% saltfunctionheretocheckforthefile %} ?
22:54 whytewolf https://docs.saltstack.com/en/latest/ref/states/all/salt.states.file.html#salt.states.file.touch
22:55 iggy but we have salt hooked into our main bare metal provisioning system... and we only do reboots if the system is in the middle of provisioning
22:55 iggy so we don't get random reboots for highstates that run any other time (i.e. when the server is in prod)
22:55 Rubin yeah
22:55 Rubin the join-ad thing is the same
22:55 iggy it's not checking for the file
22:55 Rubin it only does it once and makes a file
22:56 whytewolf {% if salt.file.file_exists('/var/run/in_prov') %}
22:56 iggy it's more of a call to the provisioning server to see if the system is done being built yet
22:56 iggy but we're getting into specifics pretty quick now
22:56 Rubin specifics are fine
22:57 Rubin so that wont evaluate again though, till next salt run
22:57 Rubin cos jinja already eval'd that file
22:58 Rubin or is there a way to shortcut that?
22:58 whytewolf no once jinja is rendered it stays rendered
22:58 iggy it's more of "won't run again until the server is reprovisioned completely from scratch"
22:59 Rubin oh so your other system creates that in_provisioning file
22:59 Rubin hmm
22:59 DEger joined #salt
22:59 Rubin maybe i should go the other way and have a 'has_been_provisioned'
23:00 Rubin require the other stuff and delet ethe file and reboot
23:00 iggy it's not an actual file, but sure
23:00 CampusD iggy: I am still getting the same exception after the change you recommended, is this a bug?
23:00 CampusD https://gist.github.com/anonymous/2c6e45c41bef5f5967f28a4e0be012a4
23:04 whytewolf why even have test: False? that is the default to test
23:05 kihued_ joined #salt
23:06 CampusD our minions are all set to test: True in their configs
23:07 whytewolf ok
23:08 queso joined #salt
23:08 iggy no idea then
23:11 whytewolf is there anything in daily.sls weekly.sls or monthly.sls?
23:12 nineteen joined #salt
23:13 justanotheruser joined #salt
23:13 west575 joined #salt
23:14 netcho_ joined #salt
23:16 DEger joined #salt
23:16 jdipierro joined #salt
23:17 CampusD whytewolf: there were similar items for other states, I've removed them now, they are empty. I'll see if that makes a difference, perhaps the issue could be on those , thanks for the thought
23:18 CampusD it should try to run in less than one hours, unless there is a way to force it somehow
23:19 whytewolf not that i have found. I tend to use less time when testing till i know it is working. then pump it up to the desired time after words
23:20 CampusD whytewolf: that's a good idea, I'll try that, thx
23:23 alexhayes joined #salt
23:24 vegasq joined #salt
23:25 jdipierro joined #salt
23:26 nineteen joined #salt
23:32 jdipierro joined #salt
23:33 nineteen joined #salt
23:35 hoonetorg joined #salt
23:39 kihued joined #salt
23:41 pipps joined #salt
23:42 nineteen joined #salt
23:42 pipps joined #salt
23:44 jdipierro joined #salt
23:45 rherna joined #salt
23:52 nineteen joined #salt
23:57 mpanetta joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary