Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2016-11-10

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:00 aanderson Yeah. The business idea is to be defining fragments of YAML, which can be strung together into a larger dict, passed through Jinja, and then rendered as pretty-printed JSON.
00:02 indefinite joined #salt
00:04 zer0def there we go, sorry about that
00:04 zer0def aanderson: if you've responded to my question, my connection decided to collapse in the meantime
00:05 aanderson [18:00] <aanderson> Yeah. The business idea is to be defining fragments of YAML, which can be strung together into a larger dict, passed through Jinja, and then rendered as pretty-printed JSON.
00:05 aanderson I'm also working on cutting out that separate module presently
00:07 Edgan aanderson: what version of salt?
00:08 aanderson 2016.3.4
00:08 zer0def you wouldn't mind, if i dropped the pillar example:pointer entirely?
00:09 aanderson i wouldn't mind at all but it's there to illustrate the behavior
00:11 Edgan aanderson: Could you do all the jinja in salt-repro/salt/example/init.sls and not do jinja as raw in the pillar?
00:11 Edgan aanderson: Then you wouldn't have to double jinja
00:11 bltmiller joined #salt
00:11 Edgan aanderson: Code doesn't belong in pillars anyway
00:12 aanderson In this isolated instance, yes I can; in the much larger codebase I'm writing for, double jinja seems to be a practical solution to a problem, if it can be made to work
00:13 Edgan aanderson: Could you put more in the module and not need double jinja?
00:13 stooj joined #salt
00:13 aanderson The other idea considered was pushing those snippets to the fileserver but a different class of issues showed up; if y'all think that's a better tree to be barking up then I'll work on that
00:13 Edgan aanderson: you could probably do it all in the module
00:14 Edgan aanderson: or switch to pyobjects for python
00:15 Edgan aanderson: I was going to use pyobjects the other day to throw an exception in a state, but ran into mixing jinja|yaml and pyobjects doesn't work
00:15 aanderson That's worth considering, I'll talk with my lead and see if a little python for a lot of code reuse is workable
00:16 systo joined #salt
00:16 aanderson My design goals have sort of centered around introducing as little non-yaml/non-jinja code as possible, but it's beginning to look like that's not always the most reasonable approach
00:17 Edgan aanderson: The idea(in my mind) is pilars are config data, and formulas are code
00:17 Edgan aanderson: and pillars are supposed to be able to hold secret data
00:17 hemebond That snippet earlier was confusing as heck.
00:17 Edgan aanderson: You should be able to open source your salt code without open sourcing your pillars
00:18 zer0def joined #salt
00:18 aanderson hemebond: the repo or the gist?
00:18 hemebond The repo.
00:18 Edgan aanderson: to help make that practical, I use map.jinja to do more than OS mappings, but also include defaults
00:19 Edgan aanderson: Then I use pillar checks to enforce passwords to come from pillars instead of using the default mentioned in the map.jinja
00:19 aanderson Edgan: Do you mean to say that broadly, not all data is suitable for the pillar - some is better suited for the fileserver?
00:19 jamesog_ joined #salt
00:20 Edgan aanderson: I am saying that pillars should be config data, ie usernames, passwords, urls, true/false, etc
00:21 hemebond Why doesn't postgres_user.present just create the darn role?
00:21 Edgan aanderson: I wouldn't say no jinja around the yaml in pillars, as an absolute, but I would try to put it all in the formula
00:21 zer0def aanderson: does this achieve what your intent is?: http://hastebin.com/aqusotofuj.hs
00:21 jas02_ joined #salt
00:21 Edgan aanderson: I would say the values in the pillar yaml should not be jinja. Which basically means don't use raw in pillars
00:21 whytewolf honestly looking at your double jinja and all i could think was that would run a lot slower then simple having a {{salt.pillar.get(salt.pillar.get('example.pointer'),default)}}
00:22 Edgan whytewolf: which is what I was basically saying above
00:22 stooj joined #salt
00:23 JPT joined #salt
00:23 zer0def also, i'm not sure whether referencing pillar in itself will ever work this way, because it would require multiple renderer passes
00:24 hemebond zer0def: It gets referenced by the state.
00:24 Edgan aanderson: I back off when I try to do something complex in salt, and it doesn't work. I have run into this a copy times. Salt's layers yaml, jinja, pillars don't perfectly fit with each other.
00:24 hemebond It appears to be a workaround to get recursive pillar lookups.
00:24 aanderson that's correct hemebond
00:24 hemebond aanderson: Try YAML anchors and references if you can.
00:25 hemebond Only possible within a file though.
00:26 Edgan aanderson: This is an example of overly complex. There are better ways, {{ pillar['elasticsearch'][grains['cluster']][grains['identity_env']]['indices_ttl_bulk_size'] }}
00:28 aanderson zer0def: back in the ginormous codebase, default-passing definitely gets used and abused; the logic i'm trying to achieve is not simply recursive pillar lookup but rather reuse of chunks of a json config format for a group of services
00:28 whytewolf maybe jinja macros would help you in that
00:28 hemebond import_yaml?
00:30 aanderson i think those two approaches or plain old python are probably much better fits for my needs than xtra fancy double jinja
00:30 zer0def aanderson: are your data chunks ever interpreted into a dict?
00:30 Edgan aanderson: https://github.com/saltstack-formulas/memcached-formula/blob/master/memcached/macros.sls
00:31 aanderson zer0def: yes, right now i've got data chunks with embedded jinja that get put in the file, then fully rendered
00:32 aanderson specifically, read from pillar into plain dicts, put in the file as json, then rendered again
00:33 zer0def i was thinking about merging dicts appropriately in-state and passing them to a templated file which would do all the pretty-rendering
00:33 zer0def that *IS* abusing the model-view-template principle, so might not be the leanest of ideas
00:34 vegasq joined #salt
00:37 pipps joined #salt
00:38 zer0def i probably should get some sleep, since i might be oversimplifying the state's double-jinja rendering
00:39 keimlink_ joined #salt
00:50 aanderson I think I need some sleep and I'll come up with a less egregious way to just reuse snippets
00:51 fracklen joined #salt
00:51 awiss joined #salt
00:52 aanderson joined #salt
00:57 subsignal joined #salt
00:58 bowhunter joined #salt
00:58 aanderson looking at salt/jinja.py it sure seems like i can't pretty-print json without the custom module
00:59 abednarik joined #salt
01:02 pipps joined #salt
01:04 XenophonF aanderson: i've run into similar issues as you, where i wanted to emit well-formatted xml based on defaults.yaml/map.jinja/pillar data
01:05 edrocks joined #salt
01:05 XenophonF I was about 700 lines code into a custom execution module that used lxml/etc. to handle the serialization process before I realized that I could just treat the XML files like templates themselves.
01:06 __number5__ why jinja2 have anything to do with pretty print json?
01:06 __number5__ or xml
01:07 XenophonF for example: https://github.com/irtnog/shibboleth-formula/blob/master/shibboleth/idp/files/conf/attribute-resolver.xml
01:07 XenophonF that's a Jinja template for an XML config file driven by Pillar data
01:08 XenophonF In that particular case, it lets me define SAML attributes + associated data sources in YAML (on the Salt side).
01:08 XenophonF which I find to be a lot more readable
01:09 XenophonF alternatively, i could put the xml configs directly into pillar using file_tree
01:10 XenophonF but then I would want the file tree in Git
01:10 XenophonF so it's complicated no matter what approach one tries
01:10 XenophonF i prefer to have all configuration data in yaml, since that's native to salt
01:11 __number5__ XenophonF: I would move the logic out of jinja template to a python module, more managable in the long term
01:13 __number5__ probably not really helpful in your case, it's the xml itself too complicated
01:14 XenophonF not really
01:14 XenophonF it's much easier to incrementally add jinja templating to the xml configs than to write the serializer
01:15 cyteen joined #salt
01:15 XenophonF i can start with the default, untemplated config (which works, albeit with very limited functionality), and progressively add more and more salt-managed configuration
01:16 XenophonF the few cases where i've needed to leverage things like recursion, i've been able to make do with jinja macros
01:16 XenophonF for example, this template calls a Jinja macro called generate_policy(), which is recursive:
01:16 XenophonF https://github.com/irtnog/shibboleth-formula/blob/master/shibboleth/idp/files/conf/attribute-filter.xml
01:17 XenophonF here's the definition of generate_policy:
01:17 XenophonF https://github.com/irtnog/shibboleth-formula/blob/master/shibboleth/idp/lib.jinja
01:18 XenophonF for this in particular, i get a lot of mileage out of Jinja's original intended use case: rendering XHTML templates
01:18 cwandrews joined #salt
01:19 cwandrews I had multi-master setup and one of my nodes went down. I am trying to build a new master. I have copied the keys over and added a node. I can run test.ping on the node, but when I run state.highstate it fails with the classic SaltReqTimeoutError error. any ideas?
01:19 hemebond cwandrews: routing? minion configs? master key?
01:19 __number5__ XenophonF: nice, you proabably can use some template inheritance/blocks http://jinja.pocoo.org/docs/dev/templates/#template-inheritance
01:19 __number5__ that's how they deal with complex html any way
01:20 cwandrews hemebond: what are you asking?
01:20 hemebond cwandrews: Just throwing out ideas.
01:20 XenophonF definitely
01:21 XenophonF i think aanderson (who's dropped off, oh wel) would be better off templating his JSON output
01:21 cwandrews hemebond: I can highstate the minion from the primary master
01:21 XenophonF e.g., https://github.com/irtnog/spigotmc-formula/blob/master/spigotmc/files/ops.json.jinja
01:21 XenophonF (iirc there was a |json filter, but I can't find it in the docs now - maybe I dreamed it?)
01:21 hemebond cwandrews: Oh you have multiple masters running? Could the response have gone to another master?
01:21 hemebond I don't use multiple masters, so...
01:22 jas02_ joined #salt
01:22 cwandrews hemebond: don't think that happened
01:23 cwandrews the minion times out too
01:28 yetanotherzero joined #salt
01:35 tawm04 joined #salt
01:38 fracklen joined #salt
01:43 cwandrews joined #salt
01:44 infrmnt joined #salt
01:46 ninjada_ joined #salt
01:54 abednarik joined #salt
01:54 cwandrews joined #salt
02:02 bltmiller joined #salt
02:02 subsignal joined #salt
02:11 k_sze[work] joined #salt
02:12 netcho joined #salt
02:15 bltmiller joined #salt
02:22 ninjada joined #salt
02:23 jas02_ joined #salt
02:24 ninjada joined #salt
02:25 jimklo joined #salt
02:26 CruX__ joined #salt
02:26 vodik is there a straightforward way of defining a state that gets triggered after another state - but with the catch that the first state must be finished on all hosts first? and ideally only the second state only runs once?
02:28 stooj joined #salt
02:28 vodik i want to run a command to connect hosts into a gluster after all the requisit software is installed
02:32 edrocks joined #salt
02:32 LostSoul joined #salt
02:32 zz_capri joined #salt
02:35 stooj joined #salt
02:41 sebastian-w joined #salt
02:42 catpigger joined #salt
02:48 ilbot3 joined #salt
02:48 Topic for #salt is now Welcome to #salt! | Latest Versions: 2015.8.12, 2016.3.4 | Support: https://www.saltstack.com/support/ | Logs: http://irclog.perlgeek.de/salt/ | Paste: https://gist.github.com/ (please don't multiline paste into channel) | See also: #salt-devel, #salt-offtopic | Ask with patience as we are volunteers and may not have immediate answers
02:54 yetanotherzero joined #salt
03:04 nicksloan joined #salt
03:07 edrocks joined #salt
03:09 bastiandg joined #salt
03:09 John_Kang joined #salt
03:10 ninjada joined #salt
03:11 vodik i don't know if anyone answered my question since my irc client locked up, but looks like i need salt orchastrate
03:13 mavhq joined #salt
03:19 iggy vodik: you could also use custom events and the reactor
03:20 ninjada joined #salt
03:21 iggy i.e. after your install_all_the_things state, you event.send an event and a reactor on the master then runs whatever needs to be done to add
03:23 vodik iggy: i thought about that, but the problem with event, afaik, is that it would trigger every time, no?
03:23 vodik i want to install a package on 3 machines, then run a command once to turn it into a cluster
03:23 vodik fire_event would happen 3 times, no?
03:24 vodik where as this become two steps with salt orcahstrate
03:24 jas02_ joined #salt
03:34 awiss_ joined #salt
03:38 stooj joined #salt
03:38 blu__ joined #salt
03:47 stooj joined #salt
03:51 CeBe joined #salt
03:56 DEger joined #salt
04:01 awiss joined #salt
04:01 raspado joined #salt
04:07 yuhlw_____ joined #salt
04:10 orionx joined #salt
04:10 orionx_ joined #salt
04:12 onlyanegg joined #salt
04:13 netcho joined #salt
04:24 raspado joined #salt
04:29 raspado joined #salt
04:35 raspado joined #salt
04:44 informant joined #salt
04:44 rdas joined #salt
04:47 ninjada_ joined #salt
04:59 onlyanegg joined #salt
05:00 Ni3mm4nd joined #salt
05:06 coldbrewedbrew joined #salt
05:06 coldbrewedbrew joined #salt
05:06 FreeSpencer joined #salt
05:06 FreeSpencer joined #salt
05:06 alinuxninja joined #salt
05:07 coldbrewedbrew_ joined #salt
05:09 __number5__ vodik: you can use reactor, install always trigger event, but in your reactor code it check if all 3 machines have the software installed, if not do nothing
05:13 iggy it was just another option... if orchestrate works, go for it
05:19 schemanic_ joined #salt
05:20 schemanic_ gtmanfred, You gave me a one-liner to print a unix formatted version of PYTHONPATH, might you oblige me once more?
05:20 impi joined #salt
05:22 systo joined #salt
05:26 jas02_ joined #salt
05:44 sh123124213 joined #salt
05:48 mavhq joined #salt
05:49 sp0097 joined #salt
05:54 awiss joined #salt
05:55 sp0097 joined #salt
06:09 edrocks joined #salt
06:09 ninjada joined #salt
06:13 netcho joined #salt
06:26 awiss joined #salt
06:33 CruX__ left #salt
06:35 netcho joined #salt
06:51 systo joined #salt
06:58 awiss joined #salt
07:00 jhauser joined #salt
07:04 dkrae joined #salt
07:08 swa_work joined #salt
07:09 lubyou_ joined #salt
07:12 tapacenbal joined #salt
07:12 tapacenbal left #salt
07:14 raspado joined #salt
07:15 dkrae joined #salt
07:17 bocaneri joined #salt
07:21 Miouge joined #salt
07:22 awiss_ joined #salt
07:25 DEger joined #salt
07:33 fracklen joined #salt
07:37 okolesnykov joined #salt
07:39 pppingme joined #salt
07:47 fracklen joined #salt
07:57 Ni3mm4nd joined #salt
07:57 ronnix joined #salt
07:59 Yee joined #salt
07:59 Yee Hi
08:00 Yee Good time to ask question?
08:00 hemebond It's what the channel is for.
08:00 Yee thanks hemebond
08:00 Yee we are running two masters in our salt env
08:02 Yee when i do changes in configuration which managed by salt
08:02 Yee should change on both master in order to update the changes to minion
08:03 Yee Ex- i made changes for ssh configuration and ran #salt '*' state.sls ssh
08:04 Yee the changes is only made in one of the node
08:06 fracklen joined #salt
08:09 lubyou_ joined #salt
08:10 Yee hi
08:10 thebinary joined #salt
08:10 thebinary does salt-ssh support ProxyCommand?
08:11 fracklen joined #salt
08:11 edrocks joined #salt
08:12 thebinary joined #salt
08:12 thebinary does salt-ssh support ProxyCommand?
08:14 HarvesterofBeer joined #salt
08:14 amontalb1n joined #salt
08:19 ScrumpyJack joined #salt
08:19 ScrumpyJack morning
08:21 ScrumpyJack how do i upgrade salt with salt?
08:21 ScrumpyJack I have salt 2014.1.13 (Hydrogen)
08:22 ScrumpyJack just looking for broad strokes
08:22 keimlink joined #salt
08:28 AndreasLutro the same way you'd upgrade other packages
08:28 AndreasLutro which distro?
08:28 fracklen joined #salt
08:29 Yee can we run two masters say like for high availability ?
08:30 JohnnyRun joined #salt
08:30 raspado joined #salt
08:33 Reverend joined #salt
08:34 CruX__ joined #salt
08:35 netcho joined #salt
08:38 RandyT joined #salt
08:41 hemebond Yee: Yes but it's not straight-forward.
08:41 hemebond The masters do not communicate.
08:41 hemebond So you need to keep the keys and configurations in sync.
08:41 hemebond I don't know how much has changed around it.
08:42 hemebond Last time I looked it was basically just a way to split your minions between masters.
08:42 ScrumpyJack AndreasLutro: I'm going to try to use salt to upgrade salt on all the minions in one go. I'm using a apt-get based distro.
08:42 ScrumpyJack but i'm new to salt - obviously :)
08:44 ScrumpyJack I could use salt '*' cmd.run to add the repo key, add the source repo and apt-get update, but I was wondering if there say a more elegant way
08:45 AndreasLutro ScrumpyJack: if you have the correct apt repos added, `salt '*' pkg.install salt-minion` will work most of the time
08:45 Electron^- joined #salt
08:45 AndreasLutro I had some issues with it on debian 8 so had to write a custom module that upgrades salt using `at` but don't know if they're universal
08:45 AndreasLutro https://github.com/saltstack/salt/issues/30937
08:45 saltstackbot [#30937][MERGED] Debian: upgrading from 2015.8.3 with pkg.install fails | ```...
08:47 lubyou_ does salt:// refer to /srv or /srv/salt?
08:47 AndreasLutro /srv/salt
08:47 Reverend yeah, just reference the folders in there. salt://folder/files/something.txt  =  /srv/salt/folder/files/something.txt
08:47 lubyou_ hm
08:48 lubyou_ I want to put my reactor files into git and mount them in /srv/reactor
08:48 ScrumpyJack AndreasLutro: thanks
08:48 lubyou_ possible to do that somehow?
08:48 lubyou_ (using gitfs)
08:50 lubyou_ alternatively, is there a reason why one would *not* put the reactor directory into /srv/salt/reactor? the documentation seems to use /srv/reactor
08:50 sh123124213 joined #salt
08:51 AndreasLutro if reactors are in /srv/salt they will be acessible my minions. minor security concern maybe
08:51 yawniek i have a lot of tls certs that i want to deploy. for now we had them in a pillar file, however having all the files, wrapping all of them into a yaml seems a bit over the top. is there suggested solution for deploying "secret" "binary" files as pillars?
08:52 ScrumpyJack AndreasLutro: so if i were to look for the docs about salt's built in support for apt-get, what should I search for?
08:52 ScrumpyJack is it a module?
08:52 ScrumpyJack a grain?
08:52 ronnix_ joined #salt
08:55 AndreasLutro ScrumpyJack: google "salt upgrade package" and you'll probably find some things
08:55 AndreasLutro that's how I look up all my salt docs
08:57 ^Hex^ joined #salt
08:59 lubyou_ @AndreasLutro thx
08:59 geomacy joined #salt
09:02 ScrumpyJack AndreasLutro: what if the upgrade process becomes interactive on the minions?
09:02 ScrumpyJack (require input)
09:04 AndreasLutro it doesn't
09:04 AndreasLutro pkg.install sets the proper environment variables etc to prevent interactivity
09:04 samodid joined #salt
09:04 krymzon joined #salt
09:05 ScrumpyJack neat
09:10 ninjada joined #salt
09:12 Yee hemebond: is there any way to keep sync configurations and keys between masters in salt? or need to use some other way to keep sync
09:12 Rumbles joined #salt
09:12 hemebond Yee: You need some process of your own creation.
09:12 hemebond e.g., using a salt-minion on your masters to configure them.
09:13 bmccormick joined #salt
09:13 Yee current setup, i have two servers both masters and minion also running on both
09:14 haam3r joined #salt
09:20 s_kunk joined #salt
09:20 ^Hex^ hi
09:22 ^Hex^ I've a question. Maybe is not the best scenario but I want to mantain two master configurations on the same server (just to test some recipes) and I want to do that via --config-dir. The question is: is possible to do what I said?
09:23 ^Hex^ The point is that I run salt with -c (or --config-dir) parameter but the system doesn't use the top.sls file from file_root configured in the master file on new --config-dir folder.
09:25 yawniek hmm https://gist.github.com/yannick/30a08739b53c839b7ae504b2b44c6210 that should take data from /opt/pillars/hosts/myhost/blah.txt to the myhost pillar right ?
09:33 thebinary joined #salt
09:37 awiss joined #salt
09:38 ^Hex^ I found an answer for my problem: https://github.com/saltstack/salt/issues/25344#issuecomment-121035179
09:38 saltstackbot [#25344][OPEN] Can not override file_roots and pillar_roots with salt --config-dir option | Hi,...
09:38 krymzon joined #salt
09:40 Mattch joined #salt
09:42 hemebond Yee: Where is your config? In a git repo?
09:42 hemebond If you config is in a git repo then you just pull down the changes on each master.
09:42 hemebond Or make salt-minion do it for you.
09:44 Yee not sure i understood the things correctly, i do have all the configuration under /srv/salt/5.1_0-55/system
09:44 Yee e.g : logrotate configuratio, /srv/salt/5.1_0-55/system/logrotate
09:45 Yee http://pastebin.com/KC7NdGmM
09:45 Yee this is the logrotate configuration
09:46 hemebond Are you talking about something different now?
09:46 hemebond I thought you were asking about multi-master setups.
09:48 Yee yes i am talking about multi-master, my question is do i need to update/change the /srv/salt/5.1_0-55/system/logrotate/syslog on both master?
09:48 hemebond Yes.
09:48 hemebond There is nothing automatic about running two masters.
09:50 Yee initially what i did  was, i made some changes on master1 (/srv/salt/5.1_0-55/system/logrotate/syslog) and then ran #salt '*' state.sls system/logrotate (logrotate.sls is under /srv/salt/5.1_0_55/system) to update the states
09:50 mikecmpbll joined #salt
09:51 Yee after sometime i noticed my changes are reverted
09:51 amontalban joined #salt
09:51 hemebond Yeah, probably from master2
09:52 Yee seems the second master revert the changes becuse i didnt update /srv/salt/5.1_0-55/system/logrotate/syslog as what i changed in master1
09:52 Yee yes
09:53 hemebond So you need to move your configuration off your masters
09:53 Yee so i should change on both master1 and master2, /srv/salt/5.1_0-55/system/logrotate/syslog am i correct?
09:53 hemebond And use Salt to put the configuration back onto the masters.
09:53 hemebond Correct.
09:54 Yee can i push this changes using salt to second master?
09:54 N-Mi joined #salt
09:54 N-Mi joined #salt
09:54 bmccormick joined #salt
09:56 amcorreia joined #salt
09:56 hemebond You can push your configuration anywhere once it's unbound from the masters.
09:56 hemebond Put /srv/salt/ into a Git repo and just clone it down to each master.
09:57 hemebond Then when you make a change to the configuration, you tell each master to pull down the changes.
09:58 Yee great i got it, i need to install git and manage /srv/salt
09:59 ^Hex^ what is the advantage of have two masters? Hight Availability ok, and something more?
10:07 awiss joined #salt
10:12 arount joined #salt
10:13 edrocks joined #salt
10:17 Guest66297 Hi there, I'm struggling with mine.get in a custom module, here is a gist showing what appends: https://gist.github.com/arount/cc8db4d3b548e5b43af47dd1fc25fe99
10:17 netcho joined #salt
10:18 arount oops, sorry for the username
10:19 netcho moin all
10:20 dcpc007 hi ! testing salt for the 1st time. when we want to copy a file, there is a source path, what is the default location of the repo on the master ? (like default config is /srv/salt, even if not written in the config file of the salt.master)
10:20 abednarik joined #salt
10:21 ninjada joined #salt
10:21 lubyou__ joined #salt
10:21 M-liberdiko joined #salt
10:21 arount so is there a way to call mine.get from a custom module ? (https://gist.github.com/arount/cc8db4d3b548e5b43af47dd1fc25fe99)
10:22 dcpc007 source: salt://foo.txt
10:22 fracklen dcpc007: I think you copy using "salt://foo/bar.baz" - which would copy from /srv/salt/foo/bar.baz
10:22 dcpc007 where must i put the real file foo.txt
10:22 dcpc007 ha in the same tree than config files ?
10:23 fracklen normally yes - but I think there is a way to get around it
10:23 dcpc007 hum ... need seriously to think organize all those folders :)
10:23 netcho dcpc007: salt:// is /srv/salt by default
10:23 netcho u can change it in master config
10:23 dcpc007 i'm on debian but use the saltstack repo for install
10:24 dcpc007 i'll look, i think more logical to have 2 folders : config and repo_data as sources
10:24 dcpc007 even with 3-4 small test i already have a lot of files, and must add pillars, and other things :)
10:25 netcho pillars are in different directory
10:25 dcpc007 ha anther note, if /srv/salt the default config folder, why the debian install package don't create it ?
10:25 netcho u have to create it
10:25 fracklen It expects that you have a git/svn/hg repo
10:25 netcho it's common practicer
10:25 dcpc007 i think it should be done to have a working env at install
10:26 dcpc007 yes i see a video like that, working locally on git to create config and push/pull to the salt master
10:26 netcho u don't have to have all ur files/stats in one dir
10:26 netcho u can separate them in sub dirs
10:27 netcho ant hen init.sls files in them in them
10:27 netcho or whatever u want
10:27 dcpc007 yes, see a little on this but not look still on how it works
10:27 dcpc007 i take basic tutos until now that don't use sub dirs
10:27 netcho just name ur dir the way u would name ur file
10:28 netcho and in that fir create init.sls for example
10:28 netcho and then if u run state.apply dirname the iunit.sls file within it will be applied
10:28 dcpc007 i have to think about how to dipatch my configs too (like some dispatch by computer groups and put all states in a folder)
10:29 netcho there is no best way to do that
10:29 netcho it depends on what u want to acomplish
10:29 dcpc007 other seems to dispatch by state type (like config files, installation, users, ..)
10:29 netcho i use envs and framewrosk for example
10:30 dcpc007 yes :) not see what we will do exactly until now (officially i have no time to work on tools like this, but too bored to manage manually or ssh/loop scripts
10:30 netcho bad typing today
10:30 dcpc007 i'll try to find 1-2 hours by week on this, but even first config need many infos to learn
10:31 fracklen dcpc007: If you have more that 5 machines to manage, I'd say you don't have time NOT to use tools like this :)
10:31 dcpc007 and quickly i see that i need pillars and jinja
10:31 netcho just go trough this
10:31 netcho https://docs.saltstack.com/en/getstarted/
10:31 dcpc007 fracklen ... 5 years i fight to make standard config ... each time someone ask a specific config/name/folder ... all say yes ...
10:32 Guest45743 joined #salt
10:32 Mads[m] joined #salt
10:32 dnull[m] joined #salt
10:32 jerrykan[m] joined #salt
10:32 saintaquinas[m] joined #salt
10:32 M-MadsRC joined #salt
10:32 freelock[m] joined #salt
10:32 jcl[m] joined #salt
10:32 lattenkiste[m] joined #salt
10:32 dcpc007 i define a naming convention (including os type, virtual/physic, environment type like prod, dev, test,...) and hop this morning an admin create other think, i say that's not good, but they force me to keep the new name ...
10:33 dcpc007 then i'll do what i can ... but complicated to automate something where many speocific config ...
10:33 netcho u can create them dinamically
10:34 fracklen The most powerful obligation of ops... Saying "no" :)
10:34 netcho with templating
10:35 keimlink joined #salt
10:37 dcpc007 fracklen, 5 years i say no, and i start to receive blame because i block admins and dev ... and it's MY fault ...
10:37 dcpc007 but when i ask what i must do then, no answer :)
10:37 dcpc007 hard to fight alone vs its own team
10:38 dcpc007 like when i ask if we will one day do the system patch on debian 7, (18 months without aptitude upgrade ...) answer is "hoooo shut up, we will not update each 15 days !!!!"
10:39 dcpc007 i don't know what to answer after that :) only try to do my best in the black market, like during lunch :)
10:39 fracklen I'm sorry to inform you... Then you have no team
10:40 dcpc007 problem with IT subcontractors ... (don't know the english term for that, when there is no IT from the enterprise but all are from another IT enterprise)
10:41 dcpc007 the client guive some (few) money, and we have to do what he ask as we can ...
10:41 dcpc007 and main goal is not to put the good tools, if we can do "quiclky" something that the clien can see and "seems" good
10:41 alexzel joined #salt
10:41 dcpc007 good in a first time, and unmanagable after 1 year ...
10:42 dcpc007 ok, back to master config read :) many comment inside and i see variable for paths
10:42 dcpc007 thx for answer
10:43 dcpc007 next step is look pillars, i need to define a value for each computer (an application name, which is different on each computer)
10:43 alexzel Hello, I'm habing some issues with file.line state, it doesn't seem to work with my regex expression, I've tested in with python and the regex works, here is the state https://gist.github.com/alex-zel/cff91d25c6d041ec2831b4c5355bb912
10:43 dcpc007 i need to create a /srv/<application>/data folder on each
10:47 fracklen dcpc007: /srv/pillars/<application>/<different files>
10:47 fracklen dcpc007: and you attach the files to the relevant minions in the pillar top.sls
10:49 babilen dcpc007: You could also just lookup the value in a single dictionary in one pillar SLS and return the one that matches, for example, the minion ID
10:52 sh123124213 joined #salt
10:59 arount What is the best way to get infos from another minion when executing a state ? (I need to get data from 'minion-2' when executing a state on 'minion-1')
11:07 babilen arount: What kind of information?
11:07 babilen The general answer would be "Salt Mine"
11:09 arount babilen: That what I'm trying to do (using mine.get), to be more accurate: I need to compute a data in pillar in order to use it in formulas. In my pillar I've try to do something like "salt['mine.get']('*', 'ids')" to test, but I always got empty dict
11:10 arount babilen: so my question is more: How to access to mine from pillars
11:10 jhauser joined #salt
11:10 babilen arount: So you are using the runner method as discussed in the documentation of mine.get ?
11:11 arount I've try it too according to https://github.com/saltstack/salt/issues/34078
11:11 saltstackbot [#34078][MERGED] reactor can't run salt['mine.get'] | Description of Issue/Question...
11:11 arount babilen: but this is not working anyway
11:11 babilen Is that the runner method as mentioned in https://docs.saltstack.com/en/carbon/ref/modules/all/salt.modules.mine.html#salt.modules.mine.get ?
11:12 arount babilen: yep, i've try 'set minion_ips = salt.saltutil.runner ...' part
11:13 babilen Well, that method works
11:13 babilen So we need additional information (exact code, ...) -- Do you get the information if you run mine.get manually?
11:14 babilen salt 'foo' mine.get ... that is
11:14 arount babilen: Let me do a gist
11:15 Hybrid joined #salt
11:18 felskrone joined #salt
11:21 stickmack joined #salt
11:29 impi joined #salt
11:31 jas02 joined #salt
11:31 dcpc007 babilen: ha yes that's what i think i've seen
11:31 dcpc007 like a hash tablae with [computername:app_name]
11:33 dcpc007 another question about requirement key. I want to manage a directory rights but only of the directory already exists. I see only requirement targeting an existing state in the same file (example with apache start only if the apache package is installed and need to have an apache install block, same with a vim example )
11:34 dcpc007 https://docs.saltstack.com/en/latest/ref/states/requisites.html
11:34 dcpc007 is it possible to mention a require : if directory exist ? (without force the creation of directory)
11:37 babilen dcpc007: You can conditionally include bits of your SLS, so that shouldn't be much of a problem. I would, however, advise to think twice before introducing states that behave differently in their result depending on the local state of the minion.
11:37 babilen {% if foo %} - require: ... {% endif %}
11:38 ozux joined #salt
11:38 dcpc007 ha ok.
11:39 babilen You should be able to decide if that directory should exists or not surely?
11:40 dcpc007 then i need to check, it's for example a tomcat7 folder with right, but we have normalized tomcat install, and sometimes tomcat installed via application (like alfresco is a commercial product, and there is installation made with the application installer includind its own tomcat ... => not the same config, and hard to know when they install with my reco to take debian packages and when not)
11:40 dcpc007 ha or maybe, in this case link to a tomcat mandatory state
11:40 dcpc007 pkg : tomcat7 installed
11:41 dcpc007 in this case, it should not apply to specific install
11:41 babilen I guess the basic idea is to manage the entire ecosystem with salt -- if you have multiple tools/manual installation you have to account for in salt then it will, naturally, get messy
11:42 dcpc007 but then i can't group ALL the tomcat servers, i have to create tomcat7-standard and tomcat7-specific groups :-('
11:43 dcpc007 ha scuse don't understand the last sentence
11:44 dcpc007 hum, think it's if you can't normalize your install, you'll can't have a straight salt config
11:44 babilen It sounded as if you can't really manage all aspects of a single installation with salt (as some packages/tools/... ship their own packages and whatnot)
11:44 dcpc007 yes
11:44 babilen The basic idea would be to manage tomcat with salt and then the respective installations.
11:45 babilen If "alfresco" ships its own tomcat server and doesn't play well with the system one it is already broken and needs special treatment
11:45 dcpc007 exact, currently we defined specific install procedure and post-config, after we create bach scripts to do all that stuff, but now want to apply this in salt to insall AND keep the state
11:45 dendazen joined #salt
11:45 dcpc007 i had a debian bug in a package that do severals chown and chmod -R on tomcat directories, breaking all our specific config
11:46 dcpc007 now a very hard work to back to defined config
11:46 dcpc007 (i hate tomcat )
11:48 dcpc007 ok, then if i summarize, i need to create a node group of all "standard" tomcat servers, manage the package installation via a state, and then only on those ones apply the directory management
11:48 dcpc007 sound easier now :)
11:49 dcpc007 i need to ask modify internal inventory now, i only ask to guive me servers with tomcat and version, but now i must ask if debian package based or application based
11:49 dcpc007 and for specific server, create like a separate salt config folder wontaining all specific stuff on it
11:50 dcpc007 /srv/salt/myserver1/xxxx
11:50 dcpc007 and /srv/salt/tomcat/xxxx
11:51 dcpc007 ok seems the best thing to configure and understand for all when looking inside at the first time
11:51 dcpc007 i have to be carefull in first tests, because, ill work on exisiting servers, and can't break things ...
11:52 dcpc007 i continue with 2 others generic questions :
11:53 dcpc007 when we apply states, even with few rules and servers the ouput (in colors) start to be very long, is there a module or option to show a shorter and easier summary of result ? like a table with essential infos, and in another log the details ?
11:53 babilen no
11:54 babilen It's a frequently demanded feature, but it hasn't been implemented yet (afaik)
11:54 dcpc007 2°) i read that states should be checked regularly by minions. But like in case of service mysql started, if i want to do a manual shutdown for maintenance, will the minion automatically restart mysql before i want ?
11:54 dcpc007 ha ok, i +1 this query :)))
11:56 dcpc007 i don't look the config file to see the frequency of those check, if it's always automatic or manual, (tuto put manual state apply, but think it's not the only option)
11:56 babilen If you have states that ensure that the mysql service is running and you apply those states every k minutes, the service will be started
11:56 dcpc007 i want to avoid problems like after electrical power failure and service not configured, a server don't restart at boot
11:56 babilen Even if you stopped it intentionally
11:57 dcpc007 ok, this config is per minion
11:57 dcpc007 ?
11:58 dcpc007 and is there a solution to put the client in maintenance mode manually ? like we want deploy a new application version, and during this period don't want auto restart
11:58 dcpc007 i think, a service salt-minion should be enough :) )
11:59 dcpc007 ha another case i guess : nightly backup, that shutdown database, make a backup and restart database ...
12:00 rpb joined #salt
12:01 _JZ_ joined #salt
12:01 DarkKnightCZ joined #salt
12:02 DarkKnightCZ Hi, if i issue salt 'some-specific-minion' test.function args, is it sent to all minions, or just to the specific one?
12:02 rpb joined #salt
12:02 pixnion joined #salt
12:03 pixnion hi, how can i make salt-master log the ip address of connecting minions?
12:03 DarkKnightCZ I know grains targetting is not secure, but i'm not sure about this one (e.g. passing sensitive informative in args or not)
12:04 awiss joined #salt
12:10 babilen dcpc007: You could conditionally apply those states or simply not schedule highstate runs on minions that have "maintenance" set somewhere (pillar, grains, ...
12:10 awiss joined #salt
12:10 dcpc007 ha ok, then i could put a minion in maintenance mode just by putting a wordkey in a config :)
12:10 dcpc007 ha not bad
12:11 dcpc007 ok, then function checked, i'll work on how later :)
12:12 toanju joined #salt
12:12 dcpc007 for targeting servers by groups, like all standard tomcat7, is it better to create node groups in the master config file or for example add a tag in grains files on minion (lot look how grains work still)
12:14 Ni3mm4nd_ joined #salt
12:17 oida joined #salt
12:22 JohnnyRun joined #salt
12:30 alexzel does the 'include' function in state also applies the state?
12:32 jas02 joined #salt
12:33 __number5__ joined #salt
12:34 toanju joined #salt
12:40 __number5__ joined #salt
12:51 hlub I wanted a simple pillar configuration for signing policies. That is, only the important fields in pillar, excluding file paths such as singing_private_key. I wrote a jinja template that reads pillar and adds the data from there to minion's configuration (x509_signing_policies). After these changes the whole thing was broken.
12:53 sh123124213 joined #salt
12:54 hlub After a lot of investigation I found out that function x509.create_certificate first checks from pillar and then from config. such behaviour was quite unexpected IMO. don't know about saltstack's best practices in similar cases..
12:56 hlub Anyway, I can reach my goal by renaming the data in pillar.
12:57 arount I'm trying to do this https://github.com/saltstack/salt/issues/34078#issuecomment-226686730 (__salt__['saltutil.runner']('mine.get' ...) in a custom module
12:57 saltstackbot [#34078][MERGED] reactor can't run salt['mine.get'] | Description of Issue/Question...
12:57 arount but I got "runner() got multiple values for keyword argument 'fun'."
13:01 abednarik joined #salt
13:05 babilen dcpc007: You can tag minions for maintenace and for your tomcat stuff as nodegroups (requires master restart), pillars or grains
13:08 voileux joined #salt
13:17 ronnix joined #salt
13:21 ninjada joined #salt
13:22 hlub summarizing my previous point: accessing pillar directly from execution modules prevents use of default values that are usually located in either SLS files or map.jinjas.
13:24 netcho joined #salt
13:28 lubyou__ Error occurred fetching gitfs remote 'git@git.xxxxxx.xx:xxxxx/xxxxxx.git': Failed to start SSH session: Unable to exchange encryption keys
13:28 lubyou__ I get this for all of my gitfs remotes all of the sudden
13:29 lubyou__ libssh is 1.5.0-2
13:29 DEger joined #salt
13:29 WKNiGHT joined #salt
13:29 awiss joined #salt
13:31 lubyou__ never mind
13:31 lubyou__ bad sshd config
13:34 rbjorklin If I have 2 servers where I'm using file.managed for the same config file except for one single value, what's the nicest way to maintain this?
13:35 c4t3l_ hello all. I have a dev ops type question.  In your experience what is the best workflow to handle dev/test/prod workflow in salt stack?  I have multiple application teams that all have differing environments.  I am running two salt environments (dev/test & prod).  My initial line of thought was to isolate all salt formula creation on non-customer hosts to minimize the threat of an errant dev/test formula run on their machines.
13:36 edrocks joined #salt
13:36 rbjorklin Maintaining two duplicate files is silly so that's not happening. I've used pillars and distributed the single difference that way but that also seems a little silly. Is there another way?
13:37 c4t3l_ has anyone run into this type of issue before?  what did you do?  are there any online references that could help? :)
13:37 AndreasLutro c4t3l_: our plan is to run a salt master + minions in an isolated environment that use the development branch of state/pillar git repos
13:38 AndreasLutro have something like jenkins run highstates and tests whenever something gets commited
13:40 hlub rbjorklin: you could use file.blockreplace instead of file.managed.
13:41 hlub rbjorklin: another solution is to use multiple configuration files included in the main config (e.g. virtual host configs of apache or nginx).
13:42 c4t3l_ AndreasLutro: ok, that sounds like a sane workflow to me.  Isolation of environments seems to make the most sense.
13:42 Sketch rbjorklin: or just use one file.managed, and one config file, and use jinja templates in the config file
13:43 netcho joined #salt
13:43 dendazen joined #salt
13:45 hlub yeah, my suggestions apply better if another formula needs to extend some config, which is file.managed elsewhere already.
13:48 numkem joined #salt
13:49 rbjorklin Sketch: That's kind of my original plan but what's preferred? 1) Two pillar files declaring "priority: 100" and "priority: 150" each distributed to separate hosts or one pillar file with "priority:\n hostnameA: 100\n hostnameB: 150" distributed to both hosts?
13:50 schemanic- joined #salt
13:50 rbjorklin Sorry if the formatting is a bit icky but it's hard with just one line :p
13:50 hlub is it safe to think that salt envs are really isolated from each other? I've concerns about that, because afaik the saltenv needs to be passed for every function, which means that a simple mistake in proper env handling could ruin the isolation quite easily.
13:51 abednarik joined #salt
13:51 rbjorklin hlub: I think that they are isolated if you declared them that way in your master config
13:52 c4t3l_ we use a grain to isolate hosts by environment and top references that grain
13:52 c4t3l_ gitfs as the backend
13:52 dcpc007 and hop .. latest query, do not install debian for this appli, but centos7 ... yeah ... i will manage 50% exceptions and maybe 50% standard, easy )
13:55 ozux__ joined #salt
13:55 hlub rbjorklin: If you have a general config for both hosts in file general.sls and the additional setting in a file called additional.sls, you could include both files for a host in top.sls, just add - general followed by - additinal. but remember that lists are not merged.
13:59 hlub rbjorklin: adding 'include:\n  - general' to the beginning of additional.sls works too.
14:00 schemanic joined #salt
14:01 DEger joined #salt
14:02 Brew joined #salt
14:05 bowhunter joined #salt
14:05 mswart joined #salt
14:06 Tanta joined #salt
14:07 phyburn left #salt
14:08 Brew1 joined #salt
14:14 DanyC joined #salt
14:20 Rkp joined #salt
14:22 DanyC left #salt
14:24 schemanic_ joined #salt
14:26 debian112 joined #salt
14:26 lightus joined #salt
14:33 jas02 joined #salt
14:39 gtmanfred schemanic_: python -c 'import sys, os; print os.pathsep.join(sys.path)'
14:40 mswart left #salt
14:46 matth is it somehow possible in python to access to the function located in 'salt/cloud/clouds/nova.py' ? I would like to reuse the function to connect to openstack ( get_conn ) if that's possible.
14:48 gtmanfred it is not directly possible
14:49 gtmanfred but
14:49 matth :)
14:49 gtmanfred you could load the CloudClient, and then grab the get_conn()
14:49 ozux joined #salt
14:49 gtmanfred actually no you can't because there is no way to request get_conn from there since it has no arguments passed in
14:50 gtmanfred hrm
14:50 gtmanfred yeah i don't think there is a way to connect to it with __opts__ loaded
14:50 matth I fixed the nova part to manage the network, and I wanted to use it directly from my runner but if it's too complicated I will just use cmd.run and execute salt-cloud
14:51 gtmanfred ahh, then just call the network part
14:52 gtmanfred there is a cloud module and cloud runner that can reference any of the functions or actions in the cloud drivers
14:52 Ni3mm4nd joined #salt
14:52 gtmanfred https://docs.saltstack.com/en/latest/ref/runners/all/salt.runners.cloud.html#salt.runners.cloud.action
14:53 gtmanfred and module https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.cloud.html#salt.modules.cloud.action
14:53 matth ok, so basically I load the salt.runner, the salt.cloud.clouds and I should have access to it ?
14:53 gtmanfred are you writing a runner module?
14:53 matth If I can it would be better.
14:54 gtmanfred __salt__['cloud.action']() is available in all runner modules
14:54 matth because If not the only way that I found to do it was to send a custom event and use the reactor.
14:54 yetanotherzero joined #salt
14:54 matth and then call an orchestrator.
14:54 scoates joined #salt
14:54 sh123124213 joined #salt
14:55 matth so if I could do everything from my first runner that would be cool
14:56 gtmanfred so, the cloud.action runner module is available to you in all runner modules, so you could just use that to use the network actions in the nova driver
14:57 gtmanfred or should be able too...
14:57 gtmanfred ahh yes, you should be able to, the actions are the creates and stuff
14:57 mpanetta joined #salt
14:58 cwandrews joined #salt
14:59 matth last question, when using "salt.runner" from a state, is it possible to get a value return from this runner ?
15:00 abednarik joined #salt
15:01 gtmanfred you can't use salt.runner from a state
15:01 gtmanfred unless it is a reactor
15:01 ScrumpyJack afternoon
15:01 gtmanfred morning :)
15:01 ScrumpyJack :)
15:03 ScrumpyJack can run use service.status with the python client API?
15:03 gtmanfred i mean , technically you can, but you have to call the runner with a module.run state to call the saltutil.runner module and then call your runner, and then it can only be run on the minion on the master
15:03 gtmanfred ScrumpyJack: yes
15:03 ScrumpyJack https://docs.saltstack.com/en/latest/ref/clients/ suggests not :(
15:03 johnkeates joined #salt
15:04 stooj joined #salt
15:04 ponyofdeath joined #salt
15:04 gtmanfred ScrumpyJack: do you want to do it on the minion or on the master targeting minions?
15:04 ScrumpyJack master targeting minions
15:04 gtmanfred https://docs.saltstack.com/en/latest/ref/clients/#salt.client.LocalClient initialize a LocalClient, then run local.cmd('*', 'service.status', ['nginx'])
15:05 aarontc joined #salt
15:05 gtmanfred anything you run from the commandline can be run from the python clients
15:05 gtmanfred including some things because wheel client does not have a direct commandline equivalent
15:06 ScrumpyJack LocalClient, the name made me gloss over it - thanks for the pointer
15:06 mavhq joined #salt
15:08 ScrumpyJack gtmanfred: so for example: local.cmd('*', 'sservice.status sshd.service') ?
15:09 gtmanfred no
15:09 gtmanfred local.cmd('*', 'service.status', ['sshd.service'])
15:09 ScrumpyJack got it
15:09 gtmanfred the first is the target, the second is the module, the thirds is the none keyword arguments you would pass to the commandline, and the 4th is the keyword arguments  dictionary
15:10 gtmanfred salt '*' service.status sshd.service
15:10 ScrumpyJack local.cmd('*', 'command', ['args']
15:10 gtmanfred or in the cast of like salt.apply test=TRue
15:10 gtmanfred local.cmd('*', 'state.apply', kwargs={'test': True})
15:10 gtmanfred kwarg* not kwargs
15:10 gtmanfred local.cmd('*', 'test.arg', ['arg1', 'arg2'], kwarg={'foo': 'bar'})
15:11 ScrumpyJack i see that now
15:11 ScrumpyJack and where do the returned values end up?
15:11 gtmanfred ret = local.cmd()
15:12 ScrumpyJack gtmanfred: thanks - you've just made https://docs.saltstack.com/en/latest/ref/clients/ *much* easier to read :)
15:12 abednarik joined #salt
15:13 nicksloan joined #salt
15:20 schemanic- joined #salt
15:21 tapoxi joined #salt
15:22 schemanic joined #salt
15:22 matth gtmanfred: hum I do a salt.runner from a state executed on my master only, and the runner is executed
15:24 hasues joined #salt
15:24 hasues left #salt
15:24 mpanetta joined #salt
15:29 Reverend Any way you can beautify configs after jinja churns it out?
15:31 DammitJim joined #salt
15:31 Rumbles you can get rid of the annoying line breaks
15:31 Rumbles not sure how else you would want to beautify it?
15:31 Rumbles maybe some makeup?
15:31 Reverend well, we want to make the jinja more readable... but in doing that, we fuck up the end config :P
15:31 Reverend like, indenting if statements and stuff
15:32 Rumbles you can indent
15:32 Rumbles jinja doesn't care about indents
15:32 Reverend i know, but it'll come out thge other end with the indents
15:32 Rumbles doesn't have to
15:32 Rumbles try out {% something -%}
15:32 Rumbles or {%- somthing %]
15:32 Rumbles trims whitespace
15:33 schemanic- joined #salt
15:35 hlub Rumbles: that works unless you have a block of several lines containing text. the indent of the first line is removed. then there is a piece of text and all of the latter indents still survive.
15:36 gtmanfred Reverend: use whitespace management
15:36 gtmanfred Reverend: http://jinja.pocoo.org/docs/dev/templates/#whitespace-control
15:38 Rumbles not sure if that works with blocks of text between jinja....
15:38 gtmanfred it should
15:39 gtmanfred you can also use the |indent modifier
15:40 Rumbles ah right, I've only used it for single lines
15:48 raspado joined #salt
15:51 DarkKnightCZ joined #salt
15:53 schemanic joined #salt
15:54 schemanic_ joined #salt
15:55 keltim joined #salt
15:58 cyteen joined #salt
16:00 abednarik joined #salt
16:01 sjoerd_ joined #salt
16:02 amcorreia joined #salt
16:02 sjoerd_ Hi everyone, who can help me spot my mistake in this state? I've been looking at it for 30 min but it's eluding me. http://pastebin.com/THwFDj5a
16:02 alexlist joined #salt
16:02 sjoerd_ I'm getting this error: ['ID pkg.installed in SLS postgres.repo is not a dictionary']
16:04 bluenemo joined #salt
16:04 AndreasLutro your indentation is inconsistent
16:05 AndreasLutro oh wait nevermind
16:05 AndreasLutro misread your state
16:05 DEger joined #salt
16:06 AndreasLutro are you sure that's the state that's generating your error sjoerd_?
16:06 FreeSpencer joined #salt
16:06 FreeSpencer joined #salt
16:06 coldbrewedbrew joined #salt
16:06 coldbrewedbrew joined #salt
16:06 DanyC joined #salt
16:06 coldbrewedbrew_ joined #salt
16:07 sjoerd_ Pretty sure yes, I suppose I could read the error two ways - either it thinks pkg.installed is actually an ID (which it's not); or it's that source is plural and needs more then one item?
16:08 sjoerd_ s/source/sources/
16:08 AndreasLutro pretty sure it's the former
16:08 DEger_ joined #salt
16:10 AndreasLutro it's as if line 3 in your sls isn't actually present
16:13 yuhlw____ joined #salt
16:13 fracklen joined #salt
16:15 Trauma joined #salt
16:16 yuhlw______ joined #salt
16:17 mohae joined #salt
16:18 misconfig joined #salt
16:19 subsigna_ joined #salt
16:19 tiwula joined #salt
16:20 sarcasticadmin joined #salt
16:23 DEger joined #salt
16:27 sjoerd_ my repo.sls gets included from my server and client states - but including it multiple times can't hurt, right?
16:27 gtmanfred correct
16:27 gtmanfred it should be fine to include it more than once
16:28 ProT-0-TypE joined #salt
16:28 misconfig Hi, is anyone aware of a way to remove a package from a system if its a particular version?
16:29 misconfig Just checking to see if there is a native way to do it, without writing some logic around the process.
16:29 gtmanfred have you tried doing a pkg.absent and specifying the version?
16:29 jimklo joined #salt
16:29 misconfig ah, I have not.
16:29 gtmanfred or pkg.purged
16:29 gtmanfred https://docs.saltstack.com/en/latest/ref/states/all/salt.states.pkg.html#salt.states.pkg.purged
16:29 misconfig I'd like to remove the package if its version is less than N
16:29 gtmanfred it takes a version argument
16:30 misconfig nice find, thank you
16:30 gtmanfred it doesn't look like you can do a less than though
16:30 misconfig That's OK @gtmanfred this is a great solution. Thank you!
16:30 misconfig I didn't seem to find it in docs, really appreciate it.
16:32 sjoerd_ it's under states.pkg
16:32 sjoerd_ https://docs.saltstack.com/en/latest/ref/states/all/salt.states.pkg.html#salt.states.pkg.purged
16:32 misconfig Got it sjoerd, thanks
16:33 lubyou_ joined #salt
16:36 afics joined #salt
16:36 afics joined #salt
16:40 DarkKnightCZ joined #salt
16:40 DarkKnightCZ joined #salt
16:42 edrocks joined #salt
16:47 jimklo joined #salt
16:50 abednarik joined #salt
16:57 DanyC joined #salt
17:00 sh123124213 joined #salt
17:05 orionx joined #salt
17:07 orionx left #salt
17:07 orionx joined #salt
17:16 bltmiller joined #salt
17:21 edrocks joined #salt
17:22 yetanotherzero joined #salt
17:26 samkottler joined #salt
17:26 kutenai joined #salt
17:29 raspado regarding salt-cloud/openstack, I cannot configure the root volumes size? Also, is it not a volume similar to how ec2 configures the root volumes?
17:30 pipps joined #salt
17:33 simonmcc joined #salt
17:35 impi joined #salt
17:39 jas02 joined #salt
17:41 haam3r joined #salt
17:43 _JZ_ joined #salt
17:46 onlyanegg joined #salt
17:51 JamieH joined #salt
17:52 misconfig joined #salt
17:57 pipps joined #salt
18:06 SaucyElf joined #salt
18:07 DanyC joined #salt
18:12 DanyC left #salt
18:15 tmilam joined #salt
18:17 tmilam i'm passing pillar data into a cmd.run and it's being interpreted as ['x']. how can i get just x in my cmd.run without quotes or brackets?
18:17 Fiber^ joined #salt
18:18 iggy raspado: I looked through the code, didn't see a way to set the root volume size... I think that is only configurable via the flavor
18:18 mikecmpbll joined #salt
18:18 raspado iggy: okay thanks!
18:18 raspado kinda sucks
18:19 iggy can you do that normally with openstack commands? I've never really seen a way
18:19 pipps joined #salt
18:19 raspado with ec2, we can set the root partition size during provision
18:19 raspado yeah i guess your only allotted to what the flavor is by default
18:20 iggy sounds like more of a limitation of openstack than salt, but I could be wrong (no OpenStack expert)
18:20 raspado agreed
18:23 pipps joined #salt
18:25 DanyC joined #salt
18:26 austin_ joined #salt
18:27 tmilam as it turns out, my pillar data was in list format
18:27 DanyC left #salt
18:27 gtmanfred doh
18:28 austin_ can syndic masters be treated exactly the same way as multiple masters in an HA setting?
18:28 austin_ meaning, 2+ syndics talking to 2+ master-masters ?
18:28 Renich joined #salt
18:30 haam3r joined #salt
18:30 gtmanfred you should be able to
18:31 gtmanfred austin_: https://docs.saltstack.com/en/latest/topics/highavailability/index.html#syndic-with-multimaster
18:31 gtmanfred yes
18:32 austin_ gtmanfred: it seems that is a single syndic -> N masters which is good. but i need many syndics to many masters
18:33 austin_ i was told this ends up running the command on a minion N number of times which is exactly how many syndics that minion is talking to
18:33 austin_ or can talk to
18:33 austin_ so i was wondering if you can treat that syndic the same as just multimaster
18:33 austin_ (i'm asking first but working on the topology now)
18:33 gtmanfred Hrm, i am not sure on that, i thought you could just treat the multiple syndics as the multimaster for the minion
18:33 austin_ ok
18:34 gtmanfred i would be very interested in your testing though
18:34 gtmanfred cause I have never tried it out
18:34 austin_ yea. so we have a unique situation ... classic enterprise :/
18:34 austin_ but i'm trying to isolate sydnic -> minion per application team
18:34 gtmanfred :) cool
18:35 austin_ yet we need the "linux admins" to be able to talk to ALL linux minions
18:35 austin_ regardless
18:35 gtmanfred my thought is that the jid should be the same across the syndics, so the minion should see the same jid coming from another syndic master, and just ignore it cause it already did that jid
18:35 austin_ hmmm.... ok
18:36 gtmanfred but again, very interested in what you find :)
18:36 austin_ o you'll hear from me
18:36 austin_ :D
18:36 austin_ i need full HA from master-masters to syndics
18:37 austin_ the problem that this solves is... MMs can talk to our entire fleet
18:37 austin_ syndic -> minion is left to the app teams
18:37 austin_ so they can consume a common set of functionality/configs/states/whatever
18:38 austin_ but manage their code
18:38 austin_ what i really dont want to have to do is some type of haproxy between MM -> sydnics
18:39 gtmanfred yeah, you shouldn't have to
18:39 austin_ k
18:41 subsignal joined #salt
18:43 DanyC_ joined #salt
18:44 joe__ joined #salt
18:44 DanyC_ left #salt
18:46 Trauma joined #salt
18:50 samodid joined #salt
18:51 bltmiller joined #salt
18:51 cyraxjoe joined #salt
18:52 akhter joined #salt
18:53 akhter joined #salt
18:57 justyns joined #salt
18:58 nidr0x joined #salt
19:00 oida joined #salt
19:04 geomacy joined #salt
19:08 Edgan joined #salt
19:20 s_kunk joined #salt
19:23 cyraxjoe joined #salt
19:25 raspado does reactor work as part of the salt-master package install?
19:25 gtmanfred the reactor is just an engine
19:25 gtmanfred well, it is just an engine now*
19:26 gtmanfred starting in carbon
19:26 gtmanfred https://github.com/saltstack/salt/blob/develop/salt/engines/reactor.py
19:28 gtmanfred it should just be in salt common package, and go on the minion and master in 2016.11, but it is just in the code base for the master
19:30 iggy tl;dr yes
19:30 pipps joined #salt
19:30 iggy ;)
19:31 gtmanfred :)
19:32 Miouge joined #salt
19:32 gtmanfred it will also be available on the minion in 2016.11
19:34 cyraxjoe joined #salt
19:35 pipps joined #salt
19:36 cyraxjoe joined #salt
19:41 jas02 joined #salt
19:45 Miouge joined #salt
19:46 matth is it possible to use content_pillar with block _replace ?
19:47 Sketch file.recurse needs a replace: option like file.managed
19:48 chmod666org joined #salt
19:51 DammitJim did you guys say there is a way to check what states will be called when one runs highstate on a minion?
19:52 pipps joined #salt
19:53 Ch3LL DammitJim: state.show_highstate work for you?
19:53 Ch3LL also state.show_top might help to
19:53 DammitJim thanks
19:53 DammitJim show_top!
19:54 Sketch i always just did a state.highstate test=true
19:55 DammitJim Sketch, that's what I did, but with so much output, I got lost
19:55 DammitJim I have something wrong in my top file where this one minion is being picked up by a regular expression
19:55 Sketch "state_output: changes" in your master conf is nice
19:56 Sketch every state that's already correct is compacted to one line
19:56 Sketch (each)
19:56 DammitJim Sketch, I use that, but there are SOOOO many changes since there are states I don't want on this minion, that it was too much info to scroll through
19:56 DammitJim ok, I found my pcre problem
19:56 DammitJim thanks!
20:00 pipps joined #salt
20:01 pipps99 joined #salt
20:05 Miouge joined #salt
20:06 pipps joined #salt
20:07 pipps99 joined #salt
20:08 cscf Sketch, I never knew about that one, thanks!
20:08 gtmanfred also check out state_verbose
20:08 gtmanfred cscf: https://docs.saltstack.com/en/carbon/ref/output/all/salt.output.highstate.html
20:11 abednarik joined #salt
20:11 sh123124213 joined #salt
20:16 aarontc joined #salt
20:16 Miouge joined #salt
20:18 amontalb1n joined #salt
20:20 sandro joined #salt
20:22 SaucyElf_ joined #salt
20:26 fxhp joined #salt
20:27 pipps joined #salt
20:29 jas02 joined #salt
20:30 jalaziz joined #salt
20:30 pipps joined #salt
20:33 ronp_usa1 joined #salt
20:34 yetanotherzero joined #salt
20:37 zer0def joined #salt
20:38 raspado whats a good read for setting git and saltstack
20:42 matth joined #salt
20:45 raspado i have a git repo and different branches named master, prod, stage. how can i reference each branch to a salts file root? we define qe: - /srv/salt/qe, so id like the qe branch to be the file root of /srv/salt/qe etc
20:46 DammitJim can I do this on a top file for pillar? 'myserver[0|1|2]01[test|prod].domain.com':
20:46 DA joined #salt
20:46 DA Hi
20:46 hemebond raspado: if you've defined it in file_roots and a branch matching in the repo, it'll match.
20:46 DammitJim it's weird... for server: myserver101test.domain.com I don't see any pillar data
20:47 raspado k, for prod, we'd like prod to match with prod, if we have master will master match with prod by default?
20:47 DammitJim for the pillar I defined
20:47 hemebond master == base
20:47 raspado o ok thx
20:49 raspado hemebond: once a commit is made to either branch, how long does it take for it to reach the salt-master?
20:50 hemebond raspado: You'll have to read the docs on the gitfs backend, I don't use it so have never read about it.
20:50 raspado kk thx
20:52 DammitJim can I get this straight? pcre matching on a top file uses (|) but [|] when calling salt?
20:53 caxor joined #salt
20:54 cscf raspado, iirc the salt-master caches the gitfs, and will check for changes if it's been more than a minute or two.
20:55 gtmanfred ^^
20:55 gtmanfred it caches it in /var/cache/salt/master/gitfs
20:55 raspado ahh k, if we wanted to make a change to the cache to make a manual override (bypassing making a commit to git) would that be possible?
20:55 gtmanfred raspado: yes, you would need to use roots and gitfs
20:55 gtmanfred and then put the overridding one in /srv/salt
20:55 gtmanfred raspado: see https://docs.saltstack.com/en/latest/topics/tutori
20:56 raspado ah k perfect thx gtmanfred cscf
20:56 gtmanfred uhh
20:56 gtmanfred this one https://docs.saltstack.com/en/latest/topics/tutorials/gitfs.html#using-gitfs-alongside-other-backends
20:56 gtmanfred raspado: ^^
20:56 raspado oh nice
20:57 matth how to use defaults or context for file.blockreplace ? I try to pass variable to the jinja template but it does not work. my example : http://pastebin.com/0Hutj25s
20:57 haam3r joined #salt
20:58 Tanta change default: to context:
20:59 Tanta er, change defaults: to context:
21:00 pipps99 joined #salt
21:02 matth Tanta same result
21:02 Tanta I have an example with file.managed, if you want
21:03 matth that's the thing it work with file.managed
21:03 matth so as I see in the doc that blockreplace can also receive context/defaults I was assuming that it works the same way.
21:03 pipps joined #salt
21:04 Tanta why are you defining the value of "network" twice?
21:05 matth typo
21:05 matth the second network =   is instance =
21:05 matth sorry
21:05 Tanta also, I would note that the full pillar context is available within the template, you have already specified that the block to replace is rendered with jinja, couldn't you declare those values within the template file
21:05 Tanta that would obviate the need for the context
21:06 matth no those value are dynamic
21:06 Tanta how so?
21:06 matth it's just for the example that I set the static
21:06 Tanta then show the real examlpe
21:06 Tanta that is probably where your error lies
21:07 matth the network value come from a loop throw a pillar
21:07 matth you could see network as : network = ['value1','value2','value3,...]
21:07 fracklen joined #salt
21:08 Tanta your error is in the loop construct
21:08 matth it does the work
21:08 matth those states are generating VM
21:08 matth I just want to improve the file.append/file.managed by blockreplace
21:09 Tanta if you are looping and you haven't assigned part of the state declaration a value of the iterated variable (ie {{ network }}_blockreplace: ), you will end up with conflicting IDs
21:13 matth Tanta: {{ network }} is set correctly
21:13 stooj joined #salt
21:13 matth for now I do with static value
21:15 matth Tanta: even with context I get : http://pastebin.com/UqsTgZYu
21:17 swills joined #salt
21:19 KingJ joined #salt
21:21 jimklo_ joined #salt
21:22 misconfig joined #salt
21:24 edrocks joined #salt
21:27 menace joined #salt
21:31 stooj joined #salt
21:32 KingJ joined #salt
21:35 XenophonF i'll bet you aren't indenting something right
21:36 XenophonF so wait, you're managing a pillar SLS file using salt?
21:36 XenophonF here, try this: use {{ network|yaml_encode }}
21:37 XenophonF also, indent the "network_name: {{ network|yaml_encode }}" line two more spaces
21:37 dyasny joined #salt
21:37 XenophonF actually, indent the entire list two more spaces
21:38 XenophonF lines 6 through 14 in your original paste
21:40 matth XenophonF: checking
21:40 mohae_ joined #salt
21:42 akhter joined #salt
21:43 bltmiller joined #salt
21:44 onlyanegg joined #salt
21:45 DammitJim OMG, I've been sooo wrong this whole time!
21:45 ninjada joined #salt
21:45 XenophonF :)
21:45 XenophonF do tell
21:45 DammitJim I need to do: salt -E 'myserver[0|1]01[test|prod].mydomain.com' state.highstate
21:45 XenophonF [test|prod] ?
21:45 DammitJim I can't just do: salt 'myserver[0|1]01[test|prod].mydomain.com' state.highstate
21:46 XenophonF shouldn't that be (test|prod) ?
21:46 XenophonF oh right right
21:46 DammitJim yes, you are right
21:46 DammitJim ()
21:46 DammitJim not []
21:46 DammitJim but my point is... you can do: salt 'myserver[0|1]01test.mydomain.com' state.highstate
21:46 XenophonF yeah the default glob thing isn't very smart :(
21:47 cyborg-one joined #salt
21:47 XenophonF yup!
21:47 DammitJim what is the default glob?
21:47 hemebond *
21:47 XenophonF it uses a shell-like glob match
21:47 XenophonF so *, ? etc.
21:47 XenophonF i think it's based on fnmatch? don't quote me on that
21:47 XenophonF it's been a while since i last RTFS-ed
21:47 dyasny joined #salt
21:48 DammitJim man, I don't remember any of that either
21:48 DammitJim I know *
21:48 DammitJim but . and ?
21:49 XenophonF not . - that's from regexp
21:49 XenophonF * and ? are from cp/m or maybe earlier?
21:49 DammitJim LOL
21:49 XenophonF like old school shell-style filename globs
21:49 matth XenophonF:  http://pastebin.com/Y04qefHC
21:49 DammitJim ? is for a single character?
21:49 XenophonF yes
21:50 XenophonF matth: looks better - indent line 15 two more spaces, too, and change "yaml_encore" to "yaml_encode" (spelling error)
21:51 XenophonF in the jinja file (line 20) also use {{ network_name|yaml_encode }}
21:53 stooj joined #salt
21:53 pipps joined #salt
21:53 matth XenophonF: http://pastebin.com/rJHX2Kia
21:54 pipps joined #salt
21:57 tiwula joined #salt
21:58 XenophonF that looks good, try it!
21:58 matth salt does not like the double intent :)
21:58 matth I put the python error at the end.
21:59 DammitJim is there a straight forward way of setting a grain after running a state so that this state doesn't run anymore?
22:00 DammitJim so, 2 part question: 1) setting up the grain after the execution of a state, and 2) checking for the grain to see if a state needs to be executed again
22:00 ninjada joined #salt
22:02 XenophonF matth: I'm not sure.
22:02 swa_work joined #salt
22:02 matth DammitJim: you need to use grains.append but you will need to use saltutils to refresh the data grains of the minion
22:02 matth before checking the value of the grains.
22:02 matth :D
22:03 matth maybe context have a specific format
22:03 DammitJim because saltutils is the only way to refresh that?
22:03 matth I did not find example.
22:03 DammitJim oh cool. I found something on serverfault.com
22:03 matth DammitJim: yes or you can use reactor or runner
22:03 DammitJim http://serverfault.com/questions/561159/saltstack-how-one-can-execute-a-state-only-once
22:03 DammitJim does this look right?
22:03 DammitJim or does this have the issue you just brought up?
22:04 amontalban joined #salt
22:04 amontalban joined #salt
22:05 akhter joined #salt
22:05 dprice joined #salt
22:05 schemanic joined #salt
22:05 dprice Hi, I'm trying to figure out if there's a simple way to get mine_functions to use a returner
22:06 orionx DammitJim: grains are automatically refreshed when a highstate is run.  so, IME, you can't set a grain and reference it in the same state run, but if it's a subsequent highstate, you should be fine
22:06 orionx DammitJim: https://docs.saltstack.com/en/latest/topics/grains/#syncing-grains
22:06 DammitJim yeah, no problem
22:06 schemanic- joined #salt
22:06 jimklo joined #salt
22:06 DammitJim orionx, I wouldn't reference it on the same state run
22:06 DammitJim I mean, what if it can't find the grain? it just wouldn't run, right?
22:07 Aleks3Y joined #salt
22:07 orionx DammitJim: it would depend on your `if` statement, but you can set a default value if the grain is not found
22:07 DammitJim I can set a grain just by doing: grains.present: -name: sql_import \ - value: done
22:07 DammitJim perfect, orionx
22:08 BigBear joined #salt
22:08 gtmanfred whytewolf: iggy can yall test this if yall get a minute?  https://github.com/saltstack/salt/issues/36548#issuecomment-259804499
22:08 saltstackbot [#36548][OPEN] openstack auth with nova driver | Description of Issue/Question...
22:08 pipps joined #salt
22:08 gtmanfred still needs a little clean up, but i wanna make sure someone else tests it and it isn't just my setup that is working
22:08 orionx DammitJim: http://jinja.pocoo.org/docs/dev/templates/#default
22:09 t0m0 joined #salt
22:10 DammitJim what's that, orionx ?
22:11 gtmanfred orionx: grains are not refreshed when a highstate is run
22:11 gtmanfred you have to do a module refresh for that
22:11 gtmanfred we run a sync_all, but with refresh=False
22:11 DammitJim what?
22:11 DammitJim are you serious?
22:11 DammitJim that can't be good!
22:11 gtmanfred yes it can
22:11 gtmanfred grains shouldn't change often
22:11 orionx DammitJim: oh, that's how you can set a default value if the grain is not found (i.e., this is pillar, but should be same for grain: {% if pillar['nginx']['redirect_numeric_ip']|default(False) -%})
22:12 DammitJim oh yeah, I've done it with pillar and it's similar for grains from what I read
22:12 ninjada joined #salt
22:12 gtmanfred and rendering the grain dictionary takes time, that isn't needed on every highstate... because they don't change often
22:12 DammitJim now, back to the refresh thing, gtmanfred
22:12 DammitJim how would I go about refreshing grains after I run it?
22:12 orionx gtmanfred: are the docs wrong then (see link above)?
22:13 cyborg-one joined #salt
22:13 sh123124213 joined #salt
22:13 gtmanfred no
22:13 gtmanfred it still syncs the grains
22:13 gtmanfred it just doesn't refresh them
22:13 gtmanfred it will sync grain modules
22:14 DammitJim not sure I get what the difference is
22:14 gtmanfred a refresh looks at /etc/salt/grains and loads it again, and then reruns everything in salt/grains
22:15 gtmanfred a sync just copies over new grain .py custom modules and then only runs those
22:15 gtmanfred it doesn't refresh the entire dictionary
22:15 dprice Can mine_functions use a returner whenever the mine_interval refresehes? Thanks.
22:15 orionx gtmanfred: hm, ok, i see the distinction
22:16 orionx gtmanfred: if they aren't refreshed automatically, i'm surprised there isn't a 'saltutil.refresh_grains' like there is for pillar
22:17 gtmanfred it refreshes on refresh_modules
22:17 gtmanfred read the refresh_modules information
22:17 orionx gtmanfred: i see, thx
22:17 gtmanfred https://docs.saltstack.com/en/latest/ref/mod
22:17 gtmanfred https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.saltutil.html#salt.modules.saltutil.refresh_modules
22:17 gtmanfred `Signal the minion to refresh the module and grain data
22:18 t0m0 joined #salt
22:18 gtmanfred orionx: this is the function that is run as part of a highstate, https://github.com/saltstack/salt/blob/develop/salt/state.py#L3007 and it runs sync_all with refresh=False... i don't know why that if statement is there
22:19 DammitJim what does this mean to me? LOL
22:19 gtmanfred ¯\(°_o)/¯
22:19 DammitJim This is especially helpful when provisioning a new server
22:20 orionx DammitJim: it means maybe you should use a tmp file instead ;P
22:20 gtmanfred DammitJim: when the minion starts and connects to the master, the first thing it should do is a sync_all, so it shouldn't matter while provisioning a server
22:21 DammitJim and then once I have the rest of the information to finish configuring the server, I don't want the default stuff to run again
22:21 gtmanfred https://github.com/saltstack/salt/blob/develop/salt/minion.py#L3070
22:21 DammitJim if I run highstate, so this is done in stages unfortunately
22:21 jimklo_ joined #salt
22:22 snarfy^ joined #salt
22:22 DammitJim so, the tmp file is a good way to track this?
22:22 orionx DammitJim: can you formulate your state to be idempotent?
22:22 xbglowx joined #salt
22:22 snarfy^ is there any dummy guide that will help me understand how to convert yaml data structures into command-line pillar ones
22:22 DammitJim what do you mean by formulate?
22:22 orionx DammitJim: rewrite :)
22:23 DammitJim rewrite it to something different?
22:23 hemebond Oh noes, rc2 broke my cloud provisioning. poopy
22:24 jalaziz joined #salt
22:24 snarfy^ like i have an array at nginx.source.opts in the pillar. is that like pillar='{"nginx": {"source": {"opts": ["opt-1", "opt-2"]}}}'
22:25 orionx DammitJim: write your states so that running them successive times does not cause issues.  the only time i've had to do something similar to what you need is to use 'unless/onlyif' options with cmd.run
22:25 DammitJim one example is importing a database
22:26 orionx DammitJim: how are you importing the db?  (as in what execution module are you using?)
22:27 DammitJim cmd.run
22:27 DammitJim :(
22:28 orionx DammitJim: so, in the cmd.run, you can add an 'unless' option to run a command to check for something that should be there.  i.e. you can tell salt not to run the named command *unless* some command returns false
22:28 gtmanfred orionx: and it actually does look like we do a grains refresh on a highstate here https://github.com/saltstack/salt/blob/develop/salt/state.py#L3023
22:28 DammitJim right, I thought the unless would be if a grain was set
22:28 DammitJim LOL
22:30 DammitJim but are you saying I should run a sql query to check if there is data or something?
22:30 DammitJim dammit
22:30 DammitJim time to run
22:30 DammitJim thanks guys
22:30 orionx DammitJim: your unless could be something like "- unless: mysql -u<user> -p<pass> <db_name>"  if it connects and returns 'true', the named command is not run.  if it does not connect, the command is run
22:30 gtmanfred too late
22:30 gtmanfred :P
22:31 orionx lol
22:31 orionx gtmanfred: thanks for the clarification on the grains
22:33 gtmanfred yar, no problem, and i have this in to fix the duplicate code https://github.com/saltstack/salt/pull/37614
22:33 saltstackbot [#37614][OPEN] remove redundant code | What does this PR do?...
22:34 pipps joined #salt
22:35 stooj joined #salt
22:45 bluenemo joined #salt
22:47 menace left #salt
22:48 muep joined #salt
22:49 pipps joined #salt
22:50 schemanic joined #salt
22:51 Edgan New bug on the first run of salt-ssh 2016.11.0rc2. :(
22:56 ninjada joined #salt
23:00 __number5__ Edgan: it's rc2 for a reason, and I'm not dare to use .0 release for years...
23:01 Edgan __number5__: Their coverage leaves much to be desired.
23:05 ninjada joined #salt
23:06 swills joined #salt
23:07 da_ joined #salt
23:07 Harsh joined #salt
23:07 da_ hi
23:07 Harsh Hi
23:08 swills joined #salt
23:08 da_ hi there
23:08 swills joined #salt
23:09 da_ we are looking for saltstack engineers for salt lake city in UT... pls ping
23:14 SaucyElf joined #salt
23:17 SaucyElf joined #salt
23:18 schemanic- joined #salt
23:19 subsignal joined #salt
23:20 schemanic joined #salt
23:23 fracklen joined #salt
23:29 keimlink joined #salt
23:30 schemanic joined #salt
23:31 sh123124213 joined #salt
23:33 justanotheruser joined #salt
23:37 fracklen joined #salt
23:42 jas02 joined #salt
23:43 akhter joined #salt
23:44 whytewolf da_: any chance of it being a perm, remote option?
23:47 nicksloan joined #salt
23:49 Vaelatern Is there any problem with, for file.managed, having contents_pillar: key1:{{ key from iteration }}
23:49 Vaelatern ?
23:49 Vaelatern Basically can I do jinja substitution while doing that because the template is done sooner?
23:50 matth I have to configure several IPs on the same interface, is there a way to do a loop to increment a variable or a counter to similate the eth0.xx ?
23:50 whytewolf shouldn't be as long as key1:key from iteration exists
23:50 Vaelatern Namely iterating over keys from pillar['key1']
23:51 whytewolf yes. jinja rendering happens before state exacution so the state never sees the jinja just what is rendered by it.
23:54 whytewolf matth: you mean something like {% for blah in range(1, total) %}
23:54 matth yep
23:55 whytewolf ...
23:55 schemanic- joined #salt
23:55 whytewolf that actually should work
23:55 whytewolf [I don't know if range is explosed to the jinja in salt though as i have not tested it]
23:57 XenophonF http://jinja.pocoo.org/docs/dev/templates/#range

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary