Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2016-10-26

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:02 om2 joined #salt
00:03 om2 joined #salt
00:03 om2 joined #salt
00:10 om2 joined #salt
00:10 om2 joined #salt
00:12 om2 joined #salt
00:17 pipps joined #salt
00:24 jas02_ joined #salt
00:34 XenophonF joined #salt
00:36 ninjada joined #salt
00:38 edrocks_ joined #salt
00:42 Shirkdog joined #salt
00:42 Shirkdog joined #salt
00:43 Rasathus joined #salt
00:46 infrmnt joined #salt
01:21 nickadam joined #salt
01:21 manji joined #salt
01:22 linovia joined #salt
01:23 al joined #salt
01:23 nahkiss joined #salt
01:24 doriftoshoes joined #salt
01:25 jas02_ joined #salt
01:27 evilrob joined #salt
01:29 edrocks joined #salt
01:30 Deliant joined #salt
01:36 khaije|mentat Is there a way to organize/control the pillar data that feeds into a state?
01:38 khaije|mentat This is possible via the command line, but I'm guessing to do something similar I'd want to invoke the one pillar-driven/generic state with 'defaults' (or similar) from another more purpose-oriented state.
01:38 khaije|mentat Does that make sense or is there a better way?
01:41 sebastian-w joined #salt
01:42 sjmh joined #salt
01:46 Rasathus joined #salt
01:46 PerilousApricot joined #salt
01:48 ilbot3 joined #salt
01:48 Topic for #salt is now Welcome to #salt! | Latest Versions: 2015.8.12, 2016.3.3 | Support: https://www.saltstack.com/support/ | Logs: http://irclog.perlgeek.de/salt/ | Paste: https://gist.github.com/ (please don't multiline paste into channel) | See also: #salt-devel, #salt-offtopic | Ask with patience as we are volunteers and may not have immediate answers
01:50 dyasny joined #salt
01:51 catpiggest joined #salt
01:57 ninjada joined #salt
01:58 lilvim joined #salt
02:01 netcho joined #salt
02:20 ninjada joined #salt
02:21 evle joined #salt
02:26 jas02_ joined #salt
02:28 schemanic joined #salt
02:30 ninjada joined #salt
02:34 ninjada_ joined #salt
02:35 ninjada joined #salt
02:42 sjmh joined #salt
02:54 flowstate joined #salt
03:09 Brijesh1 joined #salt
03:10 Brijesh1 left #salt
03:23 CeBe joined #salt
03:35 onlyanegg joined #salt
03:41 zer0def joined #salt
03:55 flowstate joined #salt
03:58 darthzen joined #salt
04:00 alexlist joined #salt
04:02 Ni3mm4nd joined #salt
04:02 netcho joined #salt
04:06 DEger_ joined #salt
04:08 justan0theruser joined #salt
04:23 rdas joined #salt
04:28 jas02_ joined #salt
04:46 _aeris_ joined #salt
04:54 flowstate joined #salt
05:04 ivanjaros joined #salt
05:06 DarkKnightCZ joined #salt
05:16 schemanic joined #salt
05:20 zer0def joined #salt
05:26 justanotheruser joined #salt
05:28 jas02_ joined #salt
05:29 nawwmz joined #salt
05:33 schemanic joined #salt
05:48 impi joined #salt
05:49 Rasathus joined #salt
05:54 flowstate joined #salt
05:58 anotherzero joined #salt
06:03 netcho joined #salt
06:07 ivanjaros joined #salt
06:11 ivanjaros3916 joined #salt
06:12 Elsmorian joined #salt
06:12 akhter joined #salt
06:19 ninjada_ joined #salt
06:25 nidr0x joined #salt
06:25 bocaneri joined #salt
06:29 jas02_ joined #salt
06:29 haam3r joined #salt
06:33 sgo_ joined #salt
06:34 mavhq joined #salt
06:43 zulutango joined #salt
06:53 flowstate joined #salt
07:12 toanju joined #salt
07:17 jas02 joined #salt
07:19 antpa joined #salt
07:27 Rasathus joined #salt
07:28 flughafen left #salt
07:28 neilf__ joined #salt
07:29 Rasathus_ joined #salt
07:29 Reverend if I want to loop through a subset of items in a pillar... can i do the pillar.get fisrt, and then do for client in pillar['blah']['item'] ?
07:30 jas02_ joined #salt
07:32 slv88 joined #salt
07:32 slv88 Hello
07:33 slv88 could someone help me out with some jinja issues?
07:35 slv88 I'll explain, I need to update all the sudo package in my servers, I wrote a custom grain to get the current sudo version, and a state file to install them from a URL, however, salt will attempt to reinstall the package even if it's already up to date, that will create an error, and if I try to use jinja if statement it just doesn't work
07:35 AndreasLutro what OS? why are you installing sudo from a url instead of official repos?
07:36 AndreasLutro what distribution, I mean
07:36 slv88 here is the state file and the custom grain https://gist.github.com/, the grain is in /srv/salt/_grains/file.py
07:36 slv88 the offical repos do not have the latest version from the sudo site
07:36 AndreasLutro I think you screwed up your gist link
07:36 iggy Reverend: pillar.get('blah:item')
07:36 slv88 clients are either Ubuntu 16/14 or CentOS 6/7
07:36 AndreasLutro is that a big deal?
07:37 iggy although it's not super clear what you are trying to do
07:37 AndreasLutro distros usually backport really important fixes
07:37 slv88 https://gist.github.com/alex-zel/75c4d0bebdb25ef17e7cfe4048ff6a04
07:37 slv88 it is a big deal since the new sudo version has a fix for ldap sudo rules, this is specific for ubuntu
07:37 AndreasLutro fair enough
07:37 AndreasLutro under "sources" replace "sudo_ubuntu_16" etc with just "sudo"
07:38 AndreasLutro sources expects the name of the source to match the package name
07:38 slv88 what's weird is this line "{% if grains['sudoversion'] != '1.8.18p1' %}"
07:39 Reverend iggy: I can just put that in {% %} and it'll be available to use as pillar['blah'] tho right?
07:39 AndreasLutro why do you need a custom grain? just use salt['pkg.version']('sudo')
07:40 babilen slv88: You might want to consider just uploaded the new version to a repository with your own backports
07:40 slv88 i checked and all the sudoversion grains are 1.8.18p1, but with the if statment it just apply the package to all minions, if i change it to {% if grains['sudoversion'] == '1.8.18p1' %} it won't apply to any of them, even if the version if lower
07:40 AndreasLutro that sounds like expected behaviour
07:41 Elsmorian joined #salt
07:41 AndreasLutro but considering grains are cached you shouldn't be using it for stuff like package versions
07:41 ronnix joined #salt
07:41 AndreasLutro like I said look into salt['pkg.version']
07:41 AndreasLutro or just drop the if statement altogether, I don't see the point of it
07:42 slv88 not really, with "{% if grains['sudoversion'] != '1.8.18p1' %}" it should only apply to minions with versions differnt then 1.8.18p1, but it just apply it to every minion even if the version is the same
07:42 slv88 if i drop it then salt will try to reinstall the package and throw out an error every time
07:42 AndreasLutro right. could be because your custom grain code is wrong, or the grain caching thing
07:42 slv88 the code is here https://gist.github.com/alex-zel/75c4d0bebdb25ef17e7cfe4048ff6a04
07:43 babilen slv88: Is sudo.ws under your control?
07:44 babilen Well, that's a rhetorical question, but I would be hesitant to grant them root on your boxes
07:44 slv88 babilen: no it's the offical sudo website
07:45 slv88 what do you mean?
07:45 babilen They can run whatever command they want in their maintainer scripts and you aren't even checking checksums
07:46 babilen I would at least download that package and serve it from file_roots if setting up your own repo is too much trouble
07:46 slv88 I did download them, it just seemed easier to install from URL
07:47 slv88 can i point the source for pkg.install to a file instead of a URL?
07:48 babilen salt://
07:49 babilen Setting up your own, insecure, repository is pretty easy.
07:50 babilen dpkg-scanpackages is a tool to make your own repository for apt: [1, as root] apt-get install dpkg-dev; [2, as user] mkdir -p ~/public_html/foo; cd ~/public_html/foo; [3] cp /your/packages.deb .; [4] dpkg-scanpackages . /dev/null | gzip > Packages.gz; [5, as root] Add a deb line to your /etc/apt/sources.list: "deb http://localhost/~username/foo ./" or "deb file:///home/username/public_html/foo ./".
07:50 babilen Adapt to your own liking and look into aptly or reprepro for better tools
07:51 babilen (that's for your Debian derivates obviously)
07:51 AndreasLutro reprepro or aptly if you want to set it up a bit more proper
07:52 slv88 I've had some experience with create yum repos, but for now I'll skip creating a repo for just one package
07:53 slv88 I'll check if i can make it work with salt['pkg.version']
07:54 flowstate joined #salt
07:55 babilen slv88: As said: I would at least serve the packages from file_roots
07:56 slv88 yes that too :) already changed
07:56 babilen I also don't quite understand what the issue is you run into if you don't have that check. Could you paste an example of that?
07:56 babilen Just curious
07:57 N-Mi joined #salt
07:57 N-Mi joined #salt
07:59 slv88 ok well, changing to salt:// fixed it all
08:00 slv88 for some reason when I used https:// as source it would try to install the package even if it's already updated and throw an error
08:00 ninjada joined #salt
08:00 babilen Okay .. that sounds potentially buggy
08:01 slv88 yes indeed, does it show up in the logs?
08:01 slv88 i'll try and find it
08:04 slv88 yup, changing it back to the URL throws an error, on ubuntu minions it just says "The following packages failed to install/update"
08:04 netcho joined #salt
08:05 babilen Wonder why .. what's the error you see in the minion debug log?
08:05 slv88 on CentOS minions it's a little more detaild https://gist.github.com/alex-zel/75c4d0bebdb25ef17e7cfe4048ff6a04
08:06 babilen "Nothing to do" is, well, not entirely true, is it?
08:07 slv88 kinda is, sudo is already up to date, so it doesn't need to install the package, but why the error
08:08 mikecmpbll joined #salt
08:09 babilen Well, it should either reinstall the package and stop complaining or not throw an error if it concludes that it already achieved what it was asked to do
08:09 slv88 setting minion log level to debug didn't show any additional info, just one line "[salt.state       ][ERROR   ][8182] The following packages failed to install/update: sudo"
08:10 alexanderilyin joined #salt
08:10 slv88 smells like a bug?
08:10 babilen It should show the commands it ran
08:10 babilen It's not entirely unbuggy ;)
08:11 slv88 oh well, at least salt:// works
08:11 AndreasLutro did you change sudo_ubuntu_16 to just sudo?
08:11 keimlink joined #salt
08:12 slv88 yes all of them are 'sudo'
08:12 babilen Doesn't CentOS want more in the package name (architecture, ...) ?
08:14 jas02 joined #salt
08:14 slv88 ok wait, my bad
08:15 slv88 i did change it to just 'sudo' but for the salt:// source, i check now the source with URL with just 'sudo' and it works
08:15 babilen \o/
08:15 m4rx joined #salt
08:15 slv88 joy
08:16 babilen I'm happy that we inquired again
08:17 slv88 funny thing is I got the URL idea from stack overflow and in that example they did exactly what I did, and for them it worked (maybe older version)
08:17 slv88 oh well, live and learn
08:17 slv88 thanks for the help!
08:20 impi joined #salt
08:20 jas02 joined #salt
08:22 s_kunk joined #salt
08:25 subsignal joined #salt
08:32 jas02_ joined #salt
08:37 av_ joined #salt
08:40 Rasathus joined #salt
08:45 wnkz joined #salt
08:46 SaltyVagrant_ joined #salt
08:47 Rasathus joined #salt
08:52 mikea joined #salt
08:55 Reverend anyone know if I can do a "if pillar['name'][var]" before I do a pillar.get ?
08:55 Reverend this is fucking me up :P
08:55 ninjada joined #salt
08:57 AndreasLutro yes you can
08:58 babilen Reverend: Could you give a more complete example? You can, naturally, reference pillar['name'][var] before pillar.get, but there might be better ways to do this and you might want to use salt['pillar.get']('name:var')
09:01 netcho joined #salt
09:02 ronnix joined #salt
09:06 ninjada joined #salt
09:07 Reverend babilen - I'm just trying to keep it consistent... so I've been using pillar['bblah'][var]... but with a pillar.get at the start of the for
09:08 Reverend it's okay though... it does seem to be working at the minute... but it's just becasue I wasn't using the pillar.get at the start of hte for... so I was worried it would cause problems.
09:08 AndreasLutro I use all of: pillar.foo.bar and pillar[foo][bar] and pillar.get and salt['pillar.get']
09:09 AndreasLutro probably not that good if someone new to salt were to try and learn from my code
09:09 Reverend {% if pillar['blerp'][var] %} <-- should return the else if the item doesn't exist rite? :S
09:09 AndreasLutro well if it doesn't exist you'll get a python ValueError
09:09 AndreasLutro so your sls won't render
09:10 Reverend fakkkkkkkk
09:10 Reverend does jinja have a exists() ? :P
09:10 AndreasLutro that's why you have salt['pillar.get']
09:10 Reverend oh
09:10 AndreasLutro or use {% if var in pillar.blerp and pillar.blerp.var %}
09:10 AndreasLutro but that's more verbose
09:11 Reverend hmm
09:12 Reverend AndreasLutro - hit me up with an example here. or some docs, alternatively :P haha
09:12 Reverend nvm. i gots it
09:12 Reverend <3
09:12 Reverend thanks guys
09:12 nawwmz joined #salt
09:14 Reverend YAY
09:14 Reverend thanks guys
09:19 Reverend ALL GREEN
09:32 babilen Reverend: That is exactly why I asked you for a more complete example .. you might also like jinja's "is defined" or return a sensible default from 'pillar.get'
09:32 babilen And if you use the same thing everywhere I'd make it salt['pillar.get']
09:36 Reverend babilen: I'm sorry. I'm currently working with SSL PK's and HP clients, so I don't want to go plastering our internal stuff over the net. >_< I guess I could pseudo it a bit.
09:38 babilen Reverend: {% if pillar['blerp'][var] %} was a good start
09:38 Reverend hahaha
09:38 Reverend AndreasLutro - how waqs your fancy pasta anyway?
09:40 jas02 joined #salt
09:42 Reverend also babilen - I'll try to pseudo as best I can in future to help you help me :) <3
09:43 alexanderilyin joined #salt
09:45 lubyou joined #salt
09:45 nawwmz joined #salt
09:48 hlub I'd like to run highstate for all of those minions that have changes in pillar. Is there any way to accomplish this easily?
09:50 Zan88 joined #salt
09:53 babilen hlub: Wouldn't a highstate on all others simply be a no-op?
09:53 babilen s/Wouldn't/Shouldn't/
09:54 babilen And no, there is no way that I can think of to achieve this. Salt doesn't have a reference frame as to which changes should count.
09:57 jas02 joined #salt
09:57 Zan88 Hi I wonder if anyone can help me: I'm trying to use the Tomcat formula https://github.com/saltstack-formulas/tomcat-formula but I need to be able to filter by ubuntu14.04 and 16.04 since they require different package versions. Unfortunately map.jinja filters by the os_family grain. Not sure how to resolve?
10:00 JohnnyRun joined #salt
10:01 babilen Isn't tomcat packaged in Ubuntu?
10:01 babilen lunch
10:03 Reverend {% endif endfor endfor %} <-- turns out that -doesn't- work. dammit
10:03 cyteen joined #salt
10:04 impi joined #salt
10:08 ninjada joined #salt
10:11 ninjada joined #salt
10:12 hlub Reverend: gladly that does not work, IMO :)
10:12 Reverend haha. sadfaces allround here :P
10:15 hlub babilen: maybe it is just fine to run it on all minions... alternatively, I thought something like calling refresh_pillar for all of the minions and to check if that function returns a value, which indicates changes.
10:16 alexanderilyin joined #salt
10:17 haam3r joined #salt
10:27 sgo_ joined #salt
10:31 tiffer joined #salt
10:31 Reverend canhazborrow someone? :(
10:31 Reverend http://pastebin.centos.org/56436/
10:33 jas02_ joined #salt
10:34 TyrfingMjolnir joined #salt
10:38 DarkKnightCZ joined #salt
10:39 Zan88 @babilen: sorry I don't undrstand what you're asking
10:41 Electron^- joined #salt
10:41 Reverend fixeded it: http://pastebin.centos.org/56441/
10:49 tiffer hey all, do you have any recommendations for freelance job boards specific to saltstack?
10:53 slv88 Hey, I'm trying to write a pillar with network information, and I need to figure out what interface has a specific IP address, so far I've got this "{% for inet in grains['ip4_interfaces'] if grains['ip4_interfaces'][inet] == grains['ipv4'][1] %}" but this doesn't seem to work, any help would be appreciated
10:53 slv88 also is it possible to iterate over the IP address and find one that matches a regex pattern?
10:55 ninjada joined #salt
10:59 alexanderilyin joined #salt
10:59 babilen slv88: https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.network.html#salt.modules.network.interface might come in handy
11:00 babilen And you might want to use https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.network.html#salt.modules.network.ip_addrs top find an address by cidr or simply by the public/private distinction
11:00 impi joined #salt
11:00 babilen Normally it doesn't matter which interface a certain IP is on
11:01 xbglowx joined #salt
11:02 slv88 how can i use modules with jinja?
11:02 sgo_ joined #salt
11:14 Jimlad joined #salt
11:21 zer0def joined #salt
11:23 du5tball okay... the documentation seems to be wrong. https://docs.saltstack.com/en/latest/topics/targeting/nodegroups.html i have three groups. "arch", "centos" (they both work), and "linux" which is defined as follows: "linux: 'N@rhel,N@arch'", yet trying "salt -N linux test.ping" results in "no minions matched the target"
11:23 du5tball similarly, "linux: 'shodan,trioptimum'" (the hostnames) doesn't match either
11:26 ronnix joined #salt
11:28 babilen slv88: Just call them with salt['foo.bar'](bi, bar, buz)
11:29 babilen Or even salt.foo.bar
11:29 babilen Documentation can be found in the jinja renderer docs
11:31 akhter joined #salt
11:31 akhter joined #salt
11:32 abednarik joined #salt
11:34 jas02_ joined #salt
11:35 du5tball now it partially works. one host is in a group called "rhel". the group rhel is in the group linux. the host pings back when i ping it itself, or ping the rhel group, but pingin the linux group does nothing
11:36 du5tball or rather, gives me a timeout
11:36 yuhlw_____ joined #salt
11:43 abednarik joined #salt
11:45 slv88 can i somehow debug jinja templates?
11:46 Reverend run them on a staging server? :P
11:50 slv88 the template returns empty
11:50 babilen Could you paste it and relevant output?
11:50 slv88 so even if I have a syntax/logic error i have no idea how to find it
11:52 slv88 https://gist.github.com/alex-zel/b03c0be3b7498951727c5da72fb0f005
11:54 slv88 {% for inet in grains['ip4_interfaces'] if grains['ip4_interfaces'][inet] == grains['ipv4'][1] %}   this is the issue, if i remove the 'if' check then it works, without it it just return empty, by empty i mean the pillar is completely empty on the minion, not just that specific value
11:55 Reverend anyone got any clues how to avoid hundreds of newline characters after liads of {% set blap = beep %} at the start of an sls?
11:55 Reverend :P
11:57 AndreasLutro use jinja's whitespace control
11:57 AndreasLutro {%- -%}
11:58 babilen slv88: You can't use list comprehension in jinja
11:59 babilen slv88: Is iterating over the interface info returned by network.interfaces not a good idea?
11:59 slv88 babilen: that's not list comprehension
12:00 babilen Well, whatever it is, it's not lega
12:00 babilen l
12:00 nineteen joined #salt
12:00 slv88 that's the only way to filter values in a for loop
12:00 slv88 according to stackoverflow
12:00 babilen {% for inet in grains['ip4_interfaces'] %} ... {% if grains['ip4_interfaces'][inet] == grains['ipv4'][1] %} ... {% endif %} {% endfor %}
12:01 slv88 tried that, same result
12:01 babilen Well, I'd still work with network.interfaces
12:01 babilen But do you really need the interface?
12:02 Rasathus joined #salt
12:02 slv88 I need only one value from grains['ip4_interfaces'], the interface name with IP address that matches to grains['ipv4'][1]
12:03 babilen Whatfor?
12:04 babilen And I would really recommend to work with the return value of network.interfaces
12:04 babilen (still)
12:04 babilen Why do you care about the second IP address? What would happen if the order changes?
12:05 slv88 actually i need to filter that somehow as well, but jinja has to regex check
12:06 babilen Using regexes with IP addresses is, well, problematic. I suggested to use CIDR earlier .. could you maybe provide a bit more background to what you are doing?
12:07 slv88 I need to find an IP address that's within some subnets (10.0.1.0, 10.0.2.0,....) then get the name of the interface that has that IP
12:08 babilen Whatfor?
12:12 babilen And is it important that it's in a specific subnet (defined by CIDR) or are you simply after the "private" address vs. the "public" one?
12:13 jas02 joined #salt
12:13 slv88 yes i need the private address
12:13 babilen I'm going to ask one last time: What do you need the name of the interface for?
12:14 slv88 I need to set a static IP once the server is gets a DHCP offer
12:14 babilen That doesn't quite compute
12:15 amontalban joined #salt
12:15 amontalban joined #salt
12:15 slv88 yeah i know it sounds weird, but that's my task
12:15 babilen But okay ... nvm. I'd use network.ip_addrs and pass type as private to get the IP address. You can then iterate over the result of network.interfaces to find the interface in question.
12:16 babilen Alternatively write your own custom execution module in which you implement this in Python (I'd recommend this route)
12:16 J0hnSteel joined #salt
12:17 babilen Why don't you make sure that the DHCP server hands out the same address every time? (based on MAC or hostname or whatnot) -- Or just configure a static IP normally without ever touching DHCP ?
12:18 babilen Alternatively use CIDR for network.ip_addrs, but it sounds as if you are actually after the type. Regular expressions aren't well suited for this
12:18 slv88 DHCP server is out of my control for now so I have to configure it in the clients
12:19 slv88 can network.ip_addrs handle multiple subnets?
12:19 slv88 I have 5 subnets across the servers
12:19 babilen You can pass their CIDR
12:20 jhauser joined #salt
12:20 babilen And this sounds like a problem that should be solved with "talking to the right people" rather than your little hack :D
12:21 babilen I mean how can you be sure that the DHCP server won't hand out the same IP to another client in the future?
12:23 slv88 tell that to my boss
12:23 babilen Do you have contact details?
12:24 babilen "Hi, I'm babilen from the internet. Just spoken to one of your minions and it would save us all quite a bit of time if we could implement this sensibly. What do you think?"
12:25 babilen But I am serious: This might cause problems in the future and it just sounds like something that should be addressed differently
12:26 slv88 Yeah I'll bring it up, after all this frustration it's probably not worth it
12:29 simmel joined #salt
12:30 babilen slv88: Assigning the same address to multiple boxes will cause you guys problems
12:32 Trauma joined #salt
12:33 slv88 babilen: sorry i have to go, thanks for all the help, I will find a batter solution for all this
12:35 numkem joined #salt
12:35 jas02_ joined #salt
12:39 aagbds joined #salt
12:39 Rasathus joined #salt
12:40 athaller joined #salt
12:44 Hetman joined #salt
12:48 fracklen joined #salt
12:48 filippos joined #salt
12:50 ronnix joined #salt
12:53 jas02_ joined #salt
12:53 m4rx joined #salt
12:53 schemanic- joined #salt
12:54 edrocks joined #salt
12:55 barmaley joined #salt
12:57 filippos joined #salt
12:58 Rebus joined #salt
13:01 Reverend AndreasLutro - thanks for that. :)
13:04 schemanic joined #salt
13:09 aagbds joined #salt
13:11 JohnnyRun joined #salt
13:12 impi joined #salt
13:12 coredumb Hello, trying to use influxdb returner, but upon calling simple "salt \* test.ping --return influxdb" - configured on server only - nothing gets in the DB and I don't seem to see anything related to influxdb in the master debug log apart the configuration file loading
13:12 coredumb how should I debug this ?
13:16 coredumb ok with salt-call I get "[CRITICAL] Failed to store return with InfluxDB returner: Failed to parse: None:None"
13:16 J0hnSteel joined #salt
13:20 flowstate joined #salt
13:22 CampusD joined #salt
13:23 ekristen left #salt
13:24 CampusD Hi guys, question, I am not getting anything back when querying the local cache with "salt-call ret.get_jids local_cache" , there are returned files in the jobs dir, any thoughts?
13:24 CampusD https://gist.github.com/anonymous/7f1568c6bcf3fb78006f1d049145384c
13:26 dyasny joined #salt
13:26 coredumb babilen: aren't you supposed to have tried influxdb ?
13:27 babilen Yes, but we are no longer using it
13:27 babilen (switched to prometheus)
13:28 haam3r joined #salt
13:28 LotR babilen: why did you switch?
13:30 babilen Multiple reasons, but primarily because influx doesn't implement subqueries, continuous queries are broken (they miss(ed)) datapoints and because they are heading into the "commercial-ware" direction a bit too much for my liking
13:30 babilen It also doesn't implement https://docs.influxdata.com/influxdb/v0.8/api/aggregate_functions/#histogram in newer versions and I needed that for some queries
13:31 babilen Some of the people in #prometheus are well known to me and I found it to be generally better suited to what I wanted to do with it.
13:31 babilen (the query language in particular)
13:32 babilen I also like the exporter approach
13:33 coredumb babilen: prometheus is supported as a returner from salt ?
13:34 babilen I honestly don't know
13:34 * LotR makes a mental note to check out prometheus
13:35 coredumb damn what should I use that's well supported by both grafana and salt ?
13:35 babilen haha
13:35 babilen It's probably not too tricky to write an exporter for salt
13:37 coredumb babilen: yeah that's the point
13:37 coredumb I'd have prefered to not have to write anything ;)
13:38 babilen Don't we all?
13:38 babilen But if you do I could benefit ;)
13:38 LotR coredumb: just because babilen switched doesn't mean you can't use influxdb. when I used it, it did everything I needed. if it does for you too, then the fact that babilen needed different things is irrelevant
13:38 babilen Absolutely
13:39 LotR but I haven't used it with salt, so don't expect me to have answers for you :)
13:39 babilen InfluxDB was nice, but it simply didn't allow me to solve one particular problem that I wanted to solve
13:39 racooper joined #salt
13:39 Tanta joined #salt
13:39 AndreasLutro 15:16 <coredumb> ok with salt-call I get "[CRITICAL] Failed to store return with InfluxDB  returner: Failed to parse: None:None"
13:39 babilen Prometheus did and felt way more open-sourcy than InfluxDB "buy our premium cloud offerings for just £99 a box"
13:39 AndreasLutro sounds like you haven't configured the influxdb url
13:41 LotR babilen: I guess I've gotten good at ignoring stuff like that. I never even noticed
13:42 babilen LotR: https://www.influxdata.com/update-on-influxdb-clustering-high-availability-and-monetization/
13:43 babilen "monetization" and it continues with https://portal.influxdata.com/ and https://cloud.influxdata.com/
13:44 babilen But that wasn't the actual technical problem
13:44 edrocks does pepper work with 2016.3.3?
13:44 coredumb LotR: the point was that it doesn't work with salt
13:44 coredumb honestly I don't care what I use, I just want to _just_ work with both salt and grafana
13:44 Rebus lucky for the prometheus guys they already have a source of money and their employer was willing to gift the results of their work to the public
13:45 coredumb and apparently I can't make salt + influxdb work see my paste from AndreasLutro :)
13:45 babilen LotR: https://github.com/influxdata/influxdb/issues/52 was which was closed with "revisit in the future" (i.e. never gonna happen) combined with the fact that there's no histogram in 0.9+
13:45 saltstackbot [#52][MERGED] Implement subqueries |
13:45 coredumb or I missed something ... don't know ...
13:46 LotR babilen: yeah, I really didn't need clustering, so I never looked at that part
13:46 babilen LotR: https://github.com/influxdata/influxdb/issues/6798 was the other one
13:46 saltstackbot [#6798][OPEN] unexpected behaviour of CQ | Bug report...
13:47 babilen LotR: Sure, but I see that as a general trend that was bound to bite me eventually.
13:47 LotR yeah, I understand
13:48 babilen I liked InfluxDB, but it simply couldn't do what I wanted to do, so it was no longer an option. The other bits are not actually important in that.
13:48 jenastar joined #salt
13:49 coredumb if only I could make it work with salt at least I could see if it does what I want :D
13:49 subsignal joined #salt
13:50 rhand joined #salt
13:50 babilen Did you follow up on AndreasLutro's remark earlier?
13:51 coredumb well as per the documentation there's no URL to set .... but good point I missed his comment
13:51 coredumb https://docs.saltstack.com/en/latest/ref/returners/all/salt.returners.influxdb_return.html < followed what's here
13:53 coredumb "salt-call influxdb.db_list admin_user pass host port" returns me the db list though
13:53 coredumb so module seems to somewhat work
13:54 edrocks is it common to give a token to a continuous deployment bot? I want to setup automatic deployments form gitlab-ci using rest_cherrypy and pepper https://docs.saltstack.com/en/latest/topics/eauth/index.html#tokens
13:57 darvon joined #salt
14:00 coredumb AndreasLutro: did I miss something ?
14:01 AndreasLutro I don't know, you haven't shown us what you did in terms of configuration etc
14:02 coredumb AndreasLutro: exactly what's on the salt doc page
14:02 coredumb just changed the user/pass/db
14:03 AndreasLutro where did you put it?
14:03 coredumb /etc/salt/master.d/influxdb.conf
14:03 AndreasLutro returners are invoked on the minion
14:03 AndreasLutro unless you configured it as an event returner
14:04 JohnnyRun joined #salt
14:04 coredumb wait what ? feels like I missed something
14:04 AndreasLutro you need to configure influxdb on the minion
14:04 AndreasLutro not the master
14:05 coredumb I don't want my minions to all connect to influxdb I want it to go through the master's only
14:05 AndreasLutro then you have to configure it as an event returner
14:05 jas02 joined #salt
14:07 coredumb yeah feels like I definitely missed something
14:07 coredumb thought configuring the returner only on master would make it work
14:10 coredumb AndreasLutro: I fail to see where this is documented ?
14:10 AndreasLutro https://docs.saltstack.com/en/latest/ref/returners/
14:10 AndreasLutro Returners pull their configuration values from the Salt minions. Returners are only configured once, which is generally at load time.
14:10 AndreasLutro All Salt commands will return the command data back to the master. Specifying returners will ensure that the data is _also_ sent to the specified returner interfaces.
14:14 coredumb AndreasLutro: so I should add event_returner: influxdb in /etc/salt/master right ?
14:14 jas02 joined #salt
14:14 AndreasLutro yep
14:15 DarkKnightCZ joined #salt
14:15 coredumb ok ok
14:16 coredumb [ERROR   ] Could not store return for event(s) - returner 'influxdb' not found.
14:16 coredumb O_o
14:17 coredumb [DEBUG   ] Could not LazyLoad influxdb.event_return
14:18 AndreasLutro oh, influxdb returner doesn't support event returns
14:19 amcorreia joined #salt
14:21 coredumb :O
14:22 wryfi_ if i have multiple pillar_roots defined in my salt config, what is the expected behavior of the top files?
14:22 coredumb AndreasLutro: seems like there's a bunch of them that doesn't right ?
14:22 wryfi_ are they supposed to get merged together?
14:23 coredumb is there only mysql that does ?
14:23 wryfi_ is there a pillar equivalent to state.show_top?
14:23 AndreasLutro coredumb: possible, I haven't looked at core returners. I only wrote my own
14:24 ivanjaros joined #salt
14:25 johnkeates joined #salt
14:26 Electron^- joined #salt
14:26 Rebus wryfi_: https://docs.saltstack.com/en/2015.8/ref/modules/all/salt.modules.pillar.html#salt.modules.pillar.items
14:27 wryfi_ Rebus: i know pillar.items, thanks
14:27 wryfi_ that does not tell me how salt is compiling my top files
14:27 Tanta salt-call -l debug
14:28 wryfi_ thanks Tanta, that doesn't show the info i'm interested in either
14:31 johnkeates joined #salt
14:33 alrayyes joined #salt
14:35 AndreasLutro wryfi_: I'm not aware of something like that, I think you have to increase the log level on the master and just check the logs there
14:36 wryfi_ yeah, even the debug output doesn't really show what it's doing wrt top files
14:36 wryfi_ all i can do is test and infer, which is pretty annoying
14:36 wryfi_ and i don't see it documented clearly anywhere
14:36 jas02_ joined #salt
14:37 wryfi_ it looks like, at least my minion, is only reading the top file from the first entry in pillar_roots
14:37 wryfi_ and is ignoring the other top files
14:37 wryfi_ does that sound right to other people here?
14:40 AndreasLutro I've never worked with more than 1 top file so can't say for sure. in my master log with loglevel debug I get lines like these: [salt.template] compile template: /srv/pillar/top.sls - so it should be easy for you to confirm
14:40 AndreasLutro just be aware that pillars are compiled on the master, not the minion, so you need to check the logs there
14:42 rherna joined #salt
14:42 JohnnyRun joined #salt
14:42 djgerm joined #salt
14:42 coredumb AndreasLutro: btw thanks for the pointers
14:46 scoates salt-master sure likes to gettimeofday()
14:47 flowstate joined #salt
14:50 esckroh joined #salt
14:51 tercenya joined #salt
14:55 rust1ck joined #salt
14:56 darix joined #salt
14:57 flowstate joined #salt
14:57 keltim joined #salt
14:57 keltim_ joined #salt
15:01 Ni3mm4nd joined #salt
15:01 rust1ck Hi guys! I'm OpenStack newbee engineer from Russia. I use SaltStack to configure my OScloud and want to use SaltCloud to creating instance.
15:01 jas02 joined #salt
15:02 gtmanfred rust1ck: https://docs.saltstack.com/en/carbon/ref/clouds/all/salt.cloud.clouds.nova.html
15:02 jas02 joined #salt
15:03 rust1ck Now I have some problems with it. There is my provider, profile and log https://gist.github.com/akhmetgali/a1ebd8dbcb3b0976f74056badb688164
15:03 rust1ck I use nova drive for creating instance
15:04 gtmanfred can you switch it to v2.0 for the identity version and see if that works?
15:05 gtmanfred it looks similar to https://github.com/saltstack/salt/issues/36548
15:05 saltstackbot [#36548][OPEN] openstack auth with nova driver | Description of Issue/Question...
15:05 gtmanfred which I haven't gotten a chance to look at
15:07 flowstate joined #salt
15:07 rust1ck <@gtmanfred> Sorry, but I can't use v2.0 auth
15:08 rust1ck In our company all services run in v3
15:08 gtmanfred are you running mitaka?
15:09 rovar joined #salt
15:10 ws2k3 im trying to make a basic salt setup but when i run salt '*' state.highstate it shows me: Comment: No Top file or external nodes data matches found. what does this means?
15:10 gtmanfred ws2k3: it means there is no top.sls file in your salt fileserver
15:10 gtmanfred or that the node that is running the highstate doesn't match anything in the top.sls file
15:11 gtmanfred ws2k3: https://docs.saltstack.com/en/latest/ref/states/top.html
15:11 julienhay joined #salt
15:12 rust1ck <@gtmanfred> yes. MItaka
15:12 ws2k3 gtmanfred i have 1 master and 1 minion. i got file_roots:
15:12 ws2k3 base:
15:12 ws2k3 - /srv/salt
15:12 gtmanfred do you have a top.sls file in /srv/salt/top.sls ?
15:13 ws2k3 into my /etc/salt/master. my apologies for the paste in channel
15:13 ws2k3 gtmanfred yes i do
15:13 gtmanfred what is in that file?
15:13 nicksloan joined #salt
15:13 rovar hey all.. I have upgraded salt-minion on a set of machines, and now they no longer connect with the master.  The versions are now the same,  any tips for debugging?  I have run salt-minion -l debug in the foreground,  and when it starts it acts like it has connected. Its hard to be sure
15:14 rovar on the server, when I run  salt "foo" test.ping,  it says the minion is not connected after a while.
15:14 ws2k3 gtmanfred i have base:
15:14 ws2k3 '*'
15:14 ws2k3 - servers in the top file
15:14 ws2k3 rovar anything in the master/minion log?
15:15 ws2k3 rovar minions cache the master public key. so maby thats why they refuse to connect?
15:16 gtmanfred can you do salt \* test.ping just fine?
15:17 rovar gtmanfred, yea,  a bunch of my machines return, but not this set that I just upgraded.
15:17 rovar I just enabled zmq monitoring
15:17 rovar there is nothing in the logs about refusing to connect due to keys, etc
15:17 rovar afaict
15:17 gtmanfred rovar: that was for ws2k3
15:17 netcho_ joined #salt
15:17 rovar oh :)
15:17 gtmanfred :)
15:17 ws2k3 gtmanfred yes i can
15:17 ws2k3 gtmanfred command like : salt '*' disk.usage work just fine
15:18 gtmanfred that should work if it is setup like that
15:18 gtmanfred can you restart the salt-master and minion
15:18 ws2k3 sure
15:18 gtmanfred and also run salt -l debug '*' state.highstate
15:18 gtmanfred and see if it has anything interesting
15:19 edrocks joined #salt
15:20 ws2k3 gtmanfred http://pastebin.com/TdJcKGpR
15:21 ws2k3 gtmanfred man minion show this in the logs : http://pastebin.com/FQa6uytj
15:21 gtmanfred that is the problem
15:22 gtmanfred it can't render your top file for some reason
15:22 gtmanfred possibly because you have tabs instead of spaces?
15:22 flowstate joined #salt
15:22 ws2k3 gtmanfred i checked they are not tabs they are spaces
15:23 rem5_ joined #salt
15:23 gtmanfred i would say delete the file and recreate it and type it out by hand, cause there is just something wrong with it
15:25 writtenoff joined #salt
15:26 ws2k3 gtmanfred i did. same error and i counted the spaces to make sure it exacly identical
15:26 flowstate joined #salt
15:26 cscf rovar, can you run salt-call pillar.item ?
15:26 ws2k3 gtmanfred this is the tutorial i used : http://www.linuxjournal.com/content/getting-started-salt-stack-other-configuration-management-system-built-python?page=0,2
15:26 gtmanfred yeah, i would stop following that and just use our docs tutorial
15:27 gtmanfred ws2k3: https://docs.saltstack.com/en/latest/topics/tutorials/walkthrough.html
15:28 black0 joined #salt
15:28 black0 left #salt
15:28 cscf ws2k3, my top file has a : after '*'
15:29 gtmanfred it needs a : after '*'
15:29 cscf The guide there doesn't, perhaps that is the problem?
15:29 gtmanfred that would cause the rendering issue
15:29 ws2k3 gtmanfred jeej it seems to work now
15:30 gtmanfred yeah, i would get rid of that linux journal tutorial and go through our walkthrough
15:30 nawwmz joined #salt
15:30 ws2k3 gtmanfred one last question i dont understand from the salt configuration. how can i use for example a ip address in a config?
15:30 gtmanfred follow our walkthrough and it will teach you about grains
15:31 gtmanfred and jinja
15:31 ws2k3 gtmanfred okay. but ur tutorial does not use a top.sls is it recommanded to use one?
15:31 ws2k3 gtmanfred the walkthrough starts with a vim.sls
15:32 gtmanfred it has a top file in the next page
15:32 gtmanfred https://docs.saltstack.com/en/latest/topics/tutorials/starting_states.html
15:32 gtmanfred start with the first page, and then go through the other pages it says to go through
15:32 ws2k3 gtmanfred thx you so much
15:32 gtmanfred yup, no problem
15:34 BattleChicken joined #salt
15:36 mpanetta joined #salt
15:38 jas02 joined #salt
15:40 Reverend anyone got any ideas how salt-minion can fetch from master?
15:40 Reverend and run all of it's states/
15:40 johnkeates salt-call state.highstate
15:40 Reverend <3
15:41 Nervey joined #salt
15:41 Nervey Hi there, I have a nasty bug with our Saltmaster, the -N to target nodegroup is targeting wrong / dead minions, is there a cache somewhere for that?
15:42 schemanic- joined #salt
15:42 RandyT joined #salt
15:43 fxdgear joined #salt
15:45 ronnix joined #salt
15:47 edrocks joined #salt
15:47 fracklen joined #salt
15:47 flowstate joined #salt
15:50 PerilousApricot joined #salt
15:50 beowuff joined #salt
15:51 jas02 joined #salt
15:51 jas02_ joined #salt
15:51 schemanic joined #salt
15:52 flowstate joined #salt
15:52 jas02 joined #salt
15:55 abednarik joined #salt
15:57 jas02 joined #salt
15:57 rovar ok.. this is a bit weird
15:58 rovar from my minion,  I can run  salt-call test.ping and it works
15:58 rovar but when I try from the master it says it is not connected
15:58 nouser joined #salt
15:58 rovar its like it has the wrong address/id for the connected minion or something
16:00 scoates rovar: does you minion happen to be a virtualbox VM?
16:04 jacksontj joined #salt
16:05 rovar no, its an ec2 vm
16:05 rovar this is so weird.. I just deleted  minion's  /var/cache/salt/minion,   deleted its key on the master,  accepted its key
16:06 rovar and still it fails to test ping.
16:06 jas02 joined #salt
16:06 onlyanegg joined #salt
16:10 gtmanfred and you have restrted the alt minion?
16:10 gtmanfred Nervey: clear out /var/cache/salt and then restart the salt master
16:11 CeBe joined #salt
16:12 deus_ex joined #salt
16:13 Nervey How could it target wrong minions :/ it's a serious issue
16:13 jenastar joined #salt
16:13 Nervey and it's targeting wrong minions that are dead actually
16:13 gtmanfred Nervey: do you still have those minions in salt-key?
16:13 Nervey no
16:14 Nervey I'm running salt-run manage.down removekeys=True every 10min
16:14 gtmanfred Can you open an issue on github for that?
16:15 Nervey Yes I will :) I saw a similar issue recently but the guy closed it
16:15 Nervey I'm pretty usre it's the same problem
16:16 jas02 joined #salt
16:16 gtmanfred link?
16:16 Nervey https://github.com/saltstack/salt/issues/35250
16:16 saltstackbot [#35250][MERGED] salt reactor target - targets wrong minions | Description of Issue/Question...
16:17 Nervey It's for reactor, in my case I'm using the API
16:17 Nervey and right now if I so salt -N env.dev test.ping I ping the instances in the dev environment but also in other env
16:18 Nervey and other instances are dead
16:18 Nervey like Minion did not return. [No response] for every of them
16:18 Nervey I will open an issue with everything thank you :)
16:19 gtmanfred yup, thanks
16:21 sgo_ joined #salt
16:21 _aeris_ joined #salt
16:25 Edgan joined #salt
16:26 djgerm joined #salt
16:27 Reverend babilen - i think I might be ready to move like 50% of our infrastructure to Salt :) <3
16:27 Reverend winrar
16:29 nZac joined #salt
16:29 anotherZero joined #salt
16:31 subsignal joined #salt
16:36 nawwmz is there a way I can do like or contains for my match in {% if grains['role'] == 'jenkins' %} ? we have roles like jenkins-master and jenkins-slave that I want to target or match on
16:37 schemanic joined #salt
16:40 Reverend have you tried the usual wildcards? * and whatnot?
16:41 nawwmz yeah doesnt seem to make
16:41 nawwmz match
16:41 Reverend also, I think you can use regex matching on your "=="
16:41 Reverend like ~=
16:41 Reverend maybe
16:41 nawwmz let me try
16:41 Salander27 joined #salt
16:41 Reverend probably not though
16:42 Reverend as it is python
16:42 Reverend lemme do the googles
16:42 jas02 joined #salt
16:42 m4rx joined #salt
16:43 Reverend try: {% if 'jenkins' in grains['role'] %} see if that works :S
16:43 nawwmz thx Reverend
16:43 * Reverend is grasping at straws, but hey... if it works.
16:43 racooper pretty sure that syntax is documented, I know I've used it in several places
16:44 Reverend yeah... i mean, it's not yoda logic... AFAICS
16:44 Reverend needle > haystack
16:44 anotherZero joined #salt
16:44 ivanjaros joined #salt
16:45 Reverend can one do a reload without a watch, and just have it reload on every highstate?
16:45 Reverend O_O
16:45 sgo_ joined #salt
16:48 cscf Reverend, probably, but that sounds hacky
16:48 Reverend cscf - the SSL's require nginx to be installed, and the nginx needs the ssl
16:48 Reverend so.... I've just added the order:last onto the service restart.
16:49 cscf Reverend, circular?  ow.  Yeah I guess that works
16:49 Reverend yeah
16:49 Reverend can you add a 'watch' on a folder? :S
16:49 Reverend that'd be handy as fek
16:49 cscf Well, if it's a file.directory or file.recurse, yes
16:50 Reverend no :( it's a jinja loop
16:50 cscf Outside Salt, there is inotifywatch
16:50 Reverend so it's like 300 file.managed
16:50 Reverend inotifywatch? :S
16:50 Reverend lemme google
16:50 cscf Reverend, ow, why?
16:50 Reverend SSL certificates and keys
16:50 Rasathus_ joined #salt
16:50 Reverend generated from PHP in a YAML Pillar.
16:50 Reverend >_<
16:50 cscf Reverend, inotify is a kernel feature that lets a program place a Watch on a file, and get an event when it's touched
16:51 Reverend oh damn, that sounds even hackier :P I'll just reload nginx after everything. It's not an issue as it takes like < half a second
16:51 Reverend appreciate the input though cscf
16:51 iggy there's an inotify beacon
16:51 cscf Oh, right.  That could be useful
16:52 jas02 joined #salt
16:52 iggy also `listen` = `watch order:last` (effectively)
16:52 Reverend hmm
16:52 Reverend i'll have a look. thjanks guys
16:54 gheistban joined #salt
16:54 iggy are you talking about letsencrypt? If so, you might look at the formula to see how it handles it
16:55 Reverend nop. we are a reseller for trustico, so we get all the ones we need through their API into our control panel
16:55 Reverend that then poops them out into a pillar, and the pillar is used in a loop to make them all on the minion :P lmao
16:56 gheistbane I am running a salt state that hardens a linux server to the cis benchmark.   I get this error -> [CRITICAL] Rendering SLS 'base:cis' failed: Jinja variable 'salt.utils.context.NamespacedDictWrapper object' has no attribute 'enable_ipv6'
16:56 gheistbane anyone have an idea to make that work?
16:56 cscf gheistbane, probably you are trying to use a pillar var by the wrong name
16:56 cscf Or you forgot to assign the pillar data to the minion
16:56 Reverend im guessing that the jinja variable doesn't have the attribute that it's looking for. usually due to a pillar missing something or a typo
16:57 Reverend ^ in my cases at least :P
16:57 Reverend as cscf said, could be an unassigned pillar or something too.
16:57 gheistbane k
16:57 cscf those are the 2 reasons that usually happens to me
16:57 gheistbane I will check that out.
16:57 Reverend cscf :D yeah. it's usually because i've moved shit around in my pillar and forgot to change the name in my state :(
16:58 cscf gheistbane, since it says "enable_ipv6" grep for that line in state & pillar and see if they match
16:58 Reverend ^ +1
16:58 UtahDave joined #salt
17:03 gheistbane I commented out all of the enable_ipv6 stuff... (we dont use IPv6 on purpose.)  but I am still getting this.
17:03 gheistbane still get that error
17:03 cscf gheistbane, jinja comments or salt comments?
17:04 cscf Jinja runs before Salt, and ignores # comments
17:04 gheistbane OOOOH
17:04 cscf You need {# comment #} I think
17:04 gheistbane so what do I use to comment them
17:04 gheistbane oh... hmmm ok
17:04 gheistbane I will try that.
17:04 cmarzullo what cscf just said
17:04 gheistbane thanks!
17:04 gheistbane I learn a lot coming here.  I appreciate it.
17:05 nidr0x joined #salt
17:08 fracklen joined #salt
17:10 Reverend gheistbane - you should hang around :) it's always interesting conversation here. you get to find out what AndreasLutro eats for dinner.
17:10 gheistbane lol
17:11 UtahDave :)
17:11 gheistbane I will try.
17:13 gheistbane hmmm comments dont seem to affect it... I guess the comments in the pillar probably need to be that way too huh?
17:15 UtahDave gheistbane: Yeah, any time you want to comment out something in jinja you have to use what cscf pointed out above
17:16 gheistbane ok
17:24 gheistbane hmmm I made sure all the ipv6 stuff is commented like # bleh # and its still showing up.  grrrr
17:25 gheistbane Oh... do I need the {} as well?
17:25 iggy yes
17:25 gheistbane like {# comment #}
17:25 gheistbane ok ok
17:25 gheistbane that may be it then
17:25 gheistbane haha
17:26 iggy {# this won't be interpreted by jinja #}
17:26 iggy everything else is interpreted by jinja (even if it's not used by the state compiler because it's yaml commented, i.e. just #)
17:27 iggy and this is why yaml+jinja sls files get on my nerves sometimes
17:28 Neighbour Or you could put {% if False %} ... {% endif %} blocks around the bits you want to be ignored
17:28 gheistbane agreed... commenting it out was stupid.  I just deleted it.
17:28 gheistbane the original is in git if I need it.
17:29 iggy nope, the stuff between {% if false %} and {% endif %} will still be interpreted by jinja
17:34 lompik joined #salt
17:34 mikecmpbll joined #salt
17:37 spuder joined #salt
17:37 whytewolf morning folks
17:41 MTecknology http://weknowmemes.com/wp-content/uploads/2014/04/99-bugs-in-the-code.jpg
17:41 MTecknology good morning! :D
17:42 UtahDave morning!
17:42 whytewolf so what have we broke today?
17:42 xmj everything
17:43 tapoxi joined #salt
17:45 jas02 joined #salt
17:47 pipps joined #salt
17:49 jas02 joined #salt
17:52 jas02_ joined #salt
17:55 pipps joined #salt
17:59 pipps joined #salt
18:02 schemanic- joined #salt
18:07 alexanderilyin joined #salt
18:09 schemanic joined #salt
18:15 sgo_ joined #salt
18:17 justin joined #salt
18:21 cscf init.sls works in pillar too, right?
18:21 whytewolf yes
18:21 cscf thought so, thanks
18:22 impi joined #salt
18:26 flowstate joined #salt
18:28 GreatSnoopy joined #salt
18:29 StolenToast joined #salt
18:30 StolenToast I've got a 32bit glibc package I need to install on a system that already has 64bit glibc (centOS7) but pkg.install simply calls it "already installed"
18:30 StolenToast how can I force pkg to install the 32bit version?
18:31 Tanta centos 7 is not 32 bit
18:31 edrocks joined #salt
18:31 Tanta it's the first release with only x86_64 builds
18:31 notnotpeter joined #salt
18:33 StolenToast but I can still install 32bit packages
18:33 StolenToast they are needed for some java support...
18:34 pipps joined #salt
18:35 StolenToast I know they can be installed and I confirmed it solves my problem, I just don't know how to tell salt to forcibly install them in a state
18:40 zer0def joined #salt
18:41 whytewolf "32-bit packages can be installed on 64-bit systems by appending the architecture designation (.i686, .i586, etc.) to the end of the package name."
18:42 StolenToast did I miss that? https://docs.saltstack.com/en/latest/ref/states/all/salt.states.pkg.html#salt.states.pkg.installed
18:42 whytewolf according to the yum package document for yumpkg.install https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.yumpkg.html#salt.modules.yumpkg.install
18:42 StolenToast ah I didn't think to read the yumpkg docs...
18:45 ian_ftr joined #salt
18:46 nawwmz does file.managed delete the file if we remove it from the salt master?
18:47 pipps joined #salt
18:47 whytewolf no
18:47 StolenToast it will probably say "source not found"
18:47 whytewolf you need file.absent to remove a file.
18:47 gtmanfred nawwmz: you would need to do a file.absent
18:47 nawwmz ah k thx
18:48 whytewolf although if you are using file.recuse with clena: true then it will remove a file if you remove it from the master
18:48 whytewolf clean
18:48 nawwmz ahhh that would be clean
18:48 whytewolf but it also is for managing whole directories
18:49 whytewolf and will clean anything not managed by the master out
18:49 nawwmz managed sounds more fitting or some other properly named module that adds/removes the file if its on the master
18:50 nawwmz could be devastating but still :)
18:50 whytewolf having known a guy that didn't know how clean worked and had a file.recurse for /etc ... i can say yes it can be devisatating
18:51 UtahDave ouch
18:52 xbglowx joined #salt
18:53 tercenya joined #salt
18:53 pipps joined #salt
18:53 varesa joined #salt
18:53 jas02_ joined #salt
18:54 pipps joined #salt
18:54 flowstate joined #salt
18:55 varesa Is it possible to get salt to authenticate agains FreeIPA?
18:55 varesa with groups
18:55 gtmanfred i don't think it is
18:55 gtmanfred there are 2 open bugs about this
18:56 flowstate joined #salt
18:56 varesa looking
18:56 whytewolf maybe not directly. however in thoery you could setup PAM to auth against FreeIPA then have salt use pam
18:56 gtmanfred https://github.com/saltstack/salt/pull/37219 this is a pr to add the ability to do it with freeipa
18:56 saltstackbot [#37219][OPEN] Fix freeipa ldap groups | What does this PR do?...
18:57 gtmanfred whytewolf: there appears to be a bug in the groups() function of pam, that makes it not lookup ldap groups
18:57 gtmanfred it works for users though
18:57 whytewolf oh huh, didn't know about the groups bug
18:57 gtmanfred varesa: here is the issue where it is being discussed https://github.com/saltstack/salt/issues/37122
18:57 saltstackbot [#37122][OPEN] external_auth pam works for a user but not group membership | I cannot authenticate as a user that is a member of an allowed group using the pam backend.  Authenticating as the user works.  Looking at the logs, it finds the user and even sees that the user is member of its own group, but doesn't see the additional groups....
18:57 whytewolf that reallly should be fixed :P
18:57 ian_ftr greetings all, I was curious if someone had a moment to help me with what I believe is a gitFS issue.   I have a multi-master setup with the states being read from one repo, and the scripts being executed in another.
18:57 ian_ftr Here's the gist of my setup https://gist.github.com/digitaldelirium/1c115deac38370c1de78a73361a69a77
18:58 varesa that's unfortunate. So pam has a bug and ldap assumes an incompatible schema?
18:58 gtmanfred yes
18:59 gtmanfred but if you apply that commit, it works
18:59 xbglowx joined #salt
19:01 varesa I'd rather not run non-release software on this box. I'll be fine for now just manually listing the users that should have access
19:01 varesa thanks for confirming
19:01 gtmanfred yup, no problem
19:02 Trauma joined #salt
19:03 xbglowx joined #salt
19:09 fracklen joined #salt
19:09 dps joined #salt
19:14 nawwmz crap, I cant have a folder named "sudoers.d" eh?
19:14 morissette joined #salt
19:14 nawwmz trying to define it in my top.sls as "- configs.sudoers.d.qe"
19:15 gtmanfred you cannot, because . is a special character
19:15 gtmanfred you might try configs.sudoers_d.qe or configs.sudoers\.d.qe  might work?
19:16 gtmanfred unless you do mkdir -p configs/sudoers/d/qe
19:16 nawwmz what if im specifying a destination for files to be placed?
19:17 gtmanfred you can do it anywhere else except for the top file when referencing state files
19:17 gtmanfred so your file.managed can have source: salt://configs/sudoers.d/qe/files/thing.conf
19:18 gtmanfred but if your file is at configs/sudoers.d/qe/init.sls, i am not sure that you can escape that dot ...
19:18 nawwmz oh okay cool, in my file.managed, im doing "- source: salt://configs/sudoers.d/files/qe", this would be okay right?
19:18 Rasathus joined #salt
19:18 gtmanfred yeah
19:19 nawwmz cool thx gtmanfred
19:19 mavhq joined #salt
19:25 gheistbane Can someone tell me what this means?
19:25 gheistbane [ERROR   ] State 'file.sed' was not found in SLS 'cis'
19:25 gheistbane Reason: 'file.sed' is not available.
19:26 netcho_ joined #salt
19:26 Tanta https://docs.saltstack.com/en/latest/ref/states/all/salt.states.file.html do you see a sed
19:27 whytewolf gheistbane: in essence. file.sed is an exacution module item. not a state module item. so using it in a state doesn't work
19:28 gheistbane hmmm
19:28 gtmanfred you will want to use the file.replace state if you want to use it in a state module
19:28 gheistbane ok
19:28 gtmanfred https://docs.saltstack.com/en/latest/ref/states/all/salt.states.file.html#salt.states.file.replace
19:29 whytewolf hell file.sed shouldn't even be used in a exacution sense. it is deprecated
19:29 gheistbane yeah this is a older state file.
19:29 ekristen joined #salt
19:29 gtmanfred either way, execution modules can't be used in state files
19:29 gheistbane k
19:29 gtmanfred you need to use the state module
19:29 gheistbane k
19:30 ian_ftr The issue that I'm encountering is that it's reading the states, but not the files in the devops repo even though they're present in a file list
19:36 Rasathus joined #salt
19:43 pipps joined #salt
19:45 akhter joined #salt
19:45 haam3r joined #salt
19:45 whytewolf ian_ftr: multimaster with gitFS is not a common setup. mostly because multimaster just doesn't always work right. i would say make sure all masters have updated their local fileserver cache. with salt-run fileserver.clear_cache backend=git && salt-run fileserver.clear_lock backend=git && salt-run fileserver.update
19:45 whytewolf ian_ftr: I have no idea if that will work. but it may help clean up the fileserver
19:49 ian_ftr thank you, I'll give that a shot
19:52 pipps joined #salt
19:54 flowstate joined #salt
19:54 jas02 joined #salt
19:58 pipps joined #salt
20:05 pipps joined #salt
20:11 pipps joined #salt
20:16 pipps joined #salt
20:21 gimpy9238 joined #salt
20:22 Rasathus joined #salt
20:25 jenastar joined #salt
20:30 ian_ftr @whytewolf: That didn't seem to help, I had this working and it's kind of a deal-breaker for our demo that we're trying to do.   We have tons of different software projects at our company, so having multiple remotes is pretty essential.
20:30 ian_ftr Thanks for your help though :)
20:31 ian_ftr Either that or we have to have lots and lots of masters for each project
20:33 whytewolf do you get any debug data when you run the fileserver.update [while using -l debug of coarse]
20:35 whytewolf also check that it shows up to the minion with salt minion cp.list_master
20:36 jas02 joined #salt
20:37 amontalban joined #salt
20:40 Rasathus_ joined #salt
20:41 whytewolf also i had said that multiple masters was normally a problem, not multiple gitfs back ends.
20:42 Atlas159 joined #salt
20:44 ian_ftr oh crap, I mis-stated that.   It's a single master with multiple gitfs file server back ends
20:45 whytewolf ohhhh, that is different then.
20:45 ian_ftr Here's the raw of the fileserver update command: https://gist.githubusercontent.com/digitaldelirium/1c115deac38370c1de78a73361a69a77/raw/2efe34a9d0a807fd982594d28114747c58bcbb17/debug%2520dump%2520of%2520fileserver.update
20:46 whytewolf okay, that does look clean.
20:46 whytewolf although sseapi doesn't seem to update through that.
20:46 s_kunk joined #salt
20:46 s_kunk joined #salt
20:47 whytewolf but you are not questioning that
20:48 ian_ftr yeah, it's that the output of file_list here: https://gist.githubusercontent.com/digitaldelirium/1c115deac38370c1de78a73361a69a77/raw/2efe34a9d0a807fd982594d28114747c58bcbb17/fileserver.file_list
20:48 ian_ftr shows the files listed under devops/PS/RM/Setup-Disks.ps1 for example aren't being found
20:48 whytewolf which is the master file list. need to see if the master is reporting that to the minion
20:49 ian_ftr so I see the listing for the file, and I can't seem to get any way to actually have the cached file download
20:49 whytewolf which is why you query the minion with cp.list_master
20:50 ian_ftr right, I was in the process of that and got sidetracked
20:50 ian_ftr checking now
20:52 flowstate joined #salt
20:53 whytewolf I'm wondering if you accidently introduced enviroments into your config through branchs
20:55 ian_ftr We don't have any branches currently, just master
20:55 ian_ftr Heres
20:55 haam3r joined #salt
20:55 ian_ftr the response from our client: https://gist.githubusercontent.com/digitaldelirium/1c115deac38370c1de78a73361a69a77/raw/659e50c0674f8c2eec31fc236df4a4236223fa82/salt-minion%2520cp.list_master
20:55 ian_ftr so, the minion *should* be able to see the file
20:55 whytewolf well crap
20:55 whytewolf on a cracker
20:56 ian_ftr yep, that's what I'm saying :)
20:56 AlexLau joined #salt
20:57 whytewolf on the minion. try salt-call -l debug cp.cache_dir salt://devops
20:59 AlexLau joined #salt
21:01 RandyT joined #salt
21:09 ian_ftr ooh, I think that gets us closer : https://gist.githubusercontent.com/digitaldelirium/1c115deac38370c1de78a73361a69a77/raw/76db41edc597bf241cffc04a4c9ade7db6af26a3/salt-call%2520-l%2520debug%2520cp.cache_dir
21:09 ian_ftr looks like it sees everything but is failing to cache
21:10 whytewolf could not find file???
21:10 ian_ftr yeah, so even though the file isn't physically present on my filesystem and it sees the path into the repo
21:10 ian_ftr it just gives up
21:11 whytewolf it shouldn't though.... the files is present in the git database that the salt master contains.
21:13 MTecknology Is there anything way, with pillar data, to do something like {% for file in 'ls .' %} {% import sls contents right here %}?
21:13 MTecknology hm... maybe that's not the way to do it.
21:14 MTecknology I'm trying to figure out the best way to clean up this mess without refactoring the whole thing... shooting for a days worth of work instead of a years worth. :P
21:16 ian_ftr whytewolf: I just double-checked and the only branch on the remotes for both git repos is origin/master - nothing to deviate from base
21:16 whytewolf ian_ftr: yeah kind of figured that was the case when they showed up in the list in cp.list_master
21:17 whytewolf if they were a different branch you would have needed a saltenv="branchname"
21:17 whytewolf i wish fileserver had a way to see the contents of a file sometimes
21:19 whytewolf well there is always the nucular option. stop salt-master nuke /var/cache/salt/master/* then restart the master and force a fileserver.update
21:19 ian_ftr sounds good to me
21:20 whytewolf I will say it is not something i normally sugest. cause you lose ALL master caches doing it. as well as any job info you might have been holding onto
21:21 ian_ftr It's fine for this, it's a demo environment for our C-suite to get them to buy SaltStack / SSE
21:22 whytewolf might need to nuke the minion cache also incase it might be a file lock on that side.
21:22 whytewolf I have no idea where in windows salt keeps it's cache dir though
21:23 ian_ftr C:\salt\var\cache\salt\minion is the default
21:23 whytewolf oh ... they make there own var directory... how ... cute?
21:24 whytewolf MTecknology: I have no idea about your question... I'm sure there is something... but i know it wouldn't be pretty and I'm not sure what the performence would be like
21:25 Electron^- joined #salt
21:25 MTecknology whytewolf: they more-or-less re-created the pillar inside of the pillar system
21:26 onlyanegg joined #salt
21:26 antpa joined #salt
21:27 whytewolf oh fun
21:27 RandyT joined #salt
21:30 ian_ftr interesting....  So I deleted the cache, per your suggestion and it temporarily lost the mapping and something got wacky in the config
21:30 ian_ftr then I rebooted, it started back up and I can see the files again on both the minion and master side
21:30 ian_ftr but same result when I try to run a powershell script from our repo
21:31 onlyanegg joined #salt
21:31 whytewolf :/
21:31 ninjada joined #salt
21:31 GreatSnoopy joined #salt
21:31 whytewolf I don't know at this point then.
21:31 johnkeates joined #salt
21:31 ian_ftr ok, that's an acceptable answer - it's not the end of the world, IMO
21:32 ian_ftr thanks for trying to help!!
21:34 whytewolf :/
21:34 whytewolf I hate not knowing
21:37 Rasathus joined #salt
21:39 cyborg-one joined #salt
21:48 djgerm joined #salt
21:48 sp0097 joined #salt
21:52 flowstate joined #salt
21:53 danlsgiga joined #salt
21:56 antpa joined #salt
21:57 jas02 joined #salt
21:58 fracklen joined #salt
21:58 flowstate joined #salt
21:59 ninjada joined #salt
22:05 iggy MTecknology: there's a bug open to support wildcard include's in pillar data (they work in states already)
22:06 aagbds joined #salt
22:07 akhter joined #salt
22:07 dps joined #salt
22:08 pipps joined #salt
22:09 ninjada joined #salt
22:11 Electron^- joined #salt
22:12 flowstate joined #salt
22:16 CampusD joined #salt
22:17 CampusD Hi guys, anybody has experience with returners?, local_cache  https://docs.saltstack.com/en/latest/ref/returners/all/salt.returners.local_cache.html#module-salt.returners.local_cache
22:18 CampusD I don't get anything back with get_jids even though there are files in /var/cache/salt/minion/jobs
22:18 CampusD https://gist.github.com/anonymous/7f1568c6bcf3fb78006f1d049145384c
22:22 UtahDave Hm. Not sure. It seems like it should work like you're expecting
22:23 CampusD I'm running it from the minion's perspective, is it meant to run from the master only?  salt.returners.local_cache.get_jids()
22:26 Rasathus_ joined #salt
22:27 Rasathu__ joined #salt
22:29 JT joined #salt
22:32 JT I have a multiline variable in a pillar (using "var_name: |") that I want to appear as multiple lines in a Jinja2 template using {{varname}} but it shows a single line, replacing the new lines with "\n". Any pointers?
22:35 iggy JT: what version of Salt? Jinja? Linux?
22:36 danlsgiga Question: Should I be worried by using grain to target my servers?
22:36 JT Salt 2016.3.3+ds-1 on Debian 8.6 with Jinja 2.7.3-1
22:42 TheoSLC joined #salt
22:42 antpa joined #salt
22:42 iggy danlsgiga: if you have sensitive data in your pillar, yes
22:44 iggy JT: hmm, we do that and don't see that kind of output... but now that I think about it, we are using `pillar_contents` not variables in templates
22:46 JT iggy: it might have something to do with how I'm passing the pillar data. In my init.sls file, I have a "{% for webapp, data in salt['pillar.get']('web_apps', {}).iteritems() %}" and then pass data through "- context". Is that not the right approach?
22:46 JT This is for a "file.managed" call
22:47 iggy could be... would have to see more context
22:48 iggy or just try passing through `web_apps` completely as the context
22:50 netcho_ joined #salt
22:51 JT I have to do one at a time as they're writing to different files. This should help you see what I'm trying to do: https://gist.github.com/JonathanThorpe/c5b5ad5853c3465e1bbc9765030a4b5d
22:53 JT iggy: Updated gist to show the other bits
22:56 iggy yaml+jinja sucks
22:57 JT iggy: I'm new to Salt - any better approach?
22:57 nicksloan joined #salt
22:57 nZac joined #salt
22:58 pipps joined #salt
22:58 keimlink_ joined #salt
23:00 iggy I can't really think of anything
23:01 amontalban joined #salt
23:02 netcho_ joined #salt
23:03 JT iggy: ok, it is what it is :)
23:03 iggy I mean if you're willing to look into !jinja+yaml... there are tons of other renderers
23:05 iggy https://docs.saltstack.com/en/latest/salt-modindex.html#cap-r
23:05 MTecknology As a quick hack to turn this into something that doesn't make me want to murder everyone I know, I'm trying this out. It seems to load the defaults just fine, but not so much when it comes to the node specific stuff.  http://dpaste.com/1R4H4Z3  I know it's ugly, but it's a one-day band-aid to a really ugly problem.
23:06 MTecknology heh... and I'm obviously not using line 3
23:08 fracklen joined #salt
23:08 bluenemo joined #salt
23:08 MTecknology I'm pretty confident my file.file_exists line isn't doing what I think it does
23:09 jas02 joined #salt
23:10 whytewolf JT: you might have better luck with the python render. i know of a way to get the jinja to "work" but it is an ugly hack
23:11 JT whytewolf: I may have just found a workaround "{{data.extra_config | default('') | replace("\\n", "\n")}}". Might be related to https://github.com/saltstack/salt/issues/30690
23:11 saltstackbot [#30690][OPEN] Newlines may be rendered as literal \n for multi-line scalar variables in some circumstances | Template file ``bar.jinja``:...
23:12 whytewolf that is another way around. although i would consider that an ugly hack too. and yes that bug would be the issue at large
23:13 JT whytewolf: yep, nasty hack, but gets me out of trouble for now
23:13 whytewolf honestly that hack is better then the one i was thinking of
23:14 whytewolf {{salt.pillar.get('web_apps:'~webapp~':extra_config','')}}
23:15 nicksloan joined #salt
23:16 pipps99 joined #salt
23:18 danlsgiga left #salt
23:20 iggy MTecknology: pillars are rendered on the master...
23:20 MTecknology {% if salt['file.file_exists']('/srv/pillar/nodes/{}.sls'.format(grains['host'])) %}
23:20 MTecknology ... it works
23:20 MTecknology I don't like it, but it works
23:20 iggy whatever works
23:21 whytewolf any port in a storm?
23:22 MTecknology I guess the next improvement would be to pull the master config value.
23:27 nicksloan joined #salt
23:29 pipps joined #salt
23:30 edrocks joined #salt
23:31 flowstate joined #salt
23:37 Diplomat joined #salt
23:37 Diplomat Hey guys, can anyone please tell me how can I accept a denied key ?
23:38 whytewolf To change the state of a minion key, use -d to delete the key and then accept or reject the key. as per https://docs.saltstack.com/en/latest/ref/cli/salt-key.html
23:39 Diplomat Okay thank you
23:40 onlyanegg joined #salt
23:41 antpa joined #salt
23:50 nicksloan joined #salt
23:51 flowstate joined #salt
23:53 CampusD joined #salt
23:59 jas02 joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary