Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2017-01-11

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:00 djgerm1 joined #salt
00:01 mavhq joined #salt
00:02 ninjada joined #salt
00:03 djgerm1 left #salt
00:05 haam3r joined #salt
00:09 om2 joined #salt
00:12 smakar_ joined #salt
00:13 patrek joined #salt
00:13 Kelsar joined #salt
00:14 n1x0n joined #salt
00:14 filippos joined #salt
00:14 darvon joined #salt
00:14 WKNiGHT joined #salt
00:14 eichiro joined #salt
00:14 Hipikat joined #salt
00:14 abele joined #salt
00:15 Corey joined #salt
00:15 Nightcinder joined #salt
00:17 ahammond joined #salt
00:17 emattiza joined #salt
00:18 simonmcc joined #salt
00:18 jor joined #salt
00:19 demize joined #salt
00:19 Awesomecase joined #salt
00:19 UForgotten joined #salt
00:20 oida joined #salt
00:20 mosen joined #salt
00:20 evle1 joined #salt
00:21 N-Mi_ joined #salt
00:21 N-Mi joined #salt
00:24 hackel joined #salt
00:24 ninjada joined #salt
00:25 AndreasLutro joined #salt
00:26 Klas joined #salt
00:28 tom29739 joined #salt
00:34 Dev0n joined #salt
00:36 mpanetta joined #salt
00:42 mavhq joined #salt
00:43 abednarik joined #salt
00:51 falstaff_ joined #salt
00:55 jaybocc2 joined #salt
00:57 hasues joined #salt
00:59 hasues left #salt
01:02 amontalban joined #salt
01:02 amontalban joined #salt
01:13 hemebond "the value of the argument will be a dictionary"
01:13 hemebond That's where you show an example of the dictionary :-(
01:26 ninjada joined #salt
01:31 abednarik joined #salt
01:34 woodtablet left #salt
01:34 cypher543 joined #salt
01:57 ninjada joined #salt
01:59 cypher543 The docs say that grains are loaded before dunder variables are created, but salt.grains.fx2, for example, utilizes __pillar__. So is __pillar__ the exception?
02:00 cypher543 It also uses __opts__.
02:01 hemebond Is that message about load order talking about a particular part of the process?
02:07 cypher543 https://docs.saltstack.com/en/latest/topics/proxyminion/index.html#new-in-2016-3
02:07 cypher543 "Grains are loaded so early in startup that no dunder dictionaries are present, so __proxy__, __salt__, etc. are not available."
02:08 catpigger joined #salt
02:11 cypher543 module.py implies that __salt__ and __proxy__ are the only dicts not available to grains: https://github.com/saltstack/salt/blob/8f351644b59d1849c7111490535f20886883406a/salt/loader.py#L622
02:11 cypher543 *loader.py
02:14 lorengordon joined #salt
02:15 iggy proxy minions are special
02:16 cypher543 In what way?
02:17 iggy (completely non-technical description) the main minion part starts up first, then goes back and does a second pass to enable the proxy minion bits
02:17 cypher543 Interesting. Is that documented anywhere?
02:18 iggy code?
02:18 iggy not that I know of
02:18 cypher543 ok thanks
02:22 jholtom joined #salt
02:23 cyborg-one joined #salt
02:33 antpa joined #salt
02:36 amontalban joined #salt
02:36 amontalban joined #salt
02:38 dxiri joined #salt
02:38 mattp if I want to use salt to deploy software in stages, what is the best way to track versions installed? pillar data, ie foobar_version = v.1.2.3?
02:39 UForgotten joined #salt
02:48 ilbot3 joined #salt
02:48 Topic for #salt is now Welcome to #salt! <+> Latest Versions: 2016.3.4, 2016.11.1 <+> Support: https://www.saltstack.com/support/ <+> Logs: http://irclog.perlgeek.de/salt/ <+> Paste: https://gist.github.com/ (please don't multiline paste into channel) <+> See also: #salt-devel, #salt-offtopic <+> Ask with patience as we are volunteers and may not have immediate answers
02:50 eprice joined #salt
02:50 Nightcinder joined #salt
02:53 hemebond mattp: In stages?
02:53 nidr0x joined #salt
03:12 hemebond Argh. The nagios module doesn't include the minion ID in the return data.
03:25 citaret After fire up a new machine, the ip address needs to be insert into a mysql table if there is no record contains the ip address, what's the proper way of doing this? I found 'salt.states.mysql_database' in the doc, however, it seems not the solution.
03:25 hemebond IP of the minion? Where is the database? Can it run every time?
03:28 justanotheruser joined #salt
03:29 citaret Yes, IP of the minion. The database is an aws RDS. I would like to write it in a salt state file.
03:29 hemebond I would probably use a reactor for something like that.
03:30 hemebond When a minion "starts" (which happens every time it connects to the master I think) call a script to insert its IP.
03:32 dxiri joined #salt
03:35 Shirkdog joined #salt
03:35 Shirkdog joined #salt
03:38 citaret hemebond: is it possible that only the master connects to the database, so i need to keep the mysql credentials only in the master?
03:38 hemebond If you use a reactor, yes, you can just have the master connect to the database.
03:40 citaret thanks, i will have a look at reactor.
03:50 mavhq joined #salt
03:58 st8less joined #salt
04:13 swa_work joined #salt
04:16 ninjada joined #salt
04:19 neilf__ joined #salt
04:25 onlyanegg joined #salt
04:26 netcho joined #salt
04:37 bltmiller joined #salt
04:42 mavhq joined #salt
04:48 amontalban joined #salt
04:48 amontalban joined #salt
04:50 XenophonF citaret: i think a minion signals an up event when it starts
04:51 XenophonF (it being the salt-minion service)
04:51 XenophonF reactor can take the minion ID from the event data and use it to query the minion's ipv4/ipv6 grains
04:51 XenophonF then insert that into your database or dns or whatever
04:51 XenophonF probably
04:57 citaret XenophonF: ok thanks
05:08 sarlalian joined #salt
05:12 mavhq joined #salt
05:20 sjorge joined #salt
05:20 sjorge joined #salt
05:26 spuder joined #salt
05:47 whitenoise joined #salt
05:50 amontalban joined #salt
05:50 amontalban joined #salt
05:57 hemebond joined #salt
06:03 ninjada joined #salt
06:09 angel_dark joined #salt
06:13 nethershaw joined #salt
06:15 krymzon joined #salt
06:27 mk-fg joined #salt
06:29 druonysus joined #salt
06:34 vodik joined #salt
06:34 Sammichmaker joined #salt
06:35 DEger joined #salt
06:46 ivanjaros joined #salt
06:51 sh123124213 joined #salt
06:56 spuder joined #salt
07:08 jaybocc2 joined #salt
07:12 dkrae joined #salt
07:14 sh123124213 joined #salt
07:26 mavhq joined #salt
07:29 catpiggest joined #salt
07:33 antpa joined #salt
07:35 ninjada joined #salt
07:36 jaybocc2 joined #salt
07:39 netcho joined #salt
07:44 ninjada joined #salt
07:45 mavhq joined #salt
07:47 ninjada joined #salt
07:50 JohnnyRun joined #salt
07:54 eprice joined #salt
08:02 Trauma joined #salt
08:20 CrummyGummy Hi, I'm trying to save set passwords in salt. Can one of you please look and see what I'm doing wrong?
08:20 CrummyGummy https://paste.ee/p/HzQT0
08:20 CrummyGummy I'm not sure if it's valid to use a variable in the pillar key like that.
08:21 CrummyGummy Also, any better solutions? I don't like knowing peoples passwords. I feel like PKI is a better option. Just want to get this going first to learn.
08:22 hemebond CrummyGummy: When you're already inside Jinja you don't use {{ }}
08:22 hemebond You can concatendate strings in Jinja using ~
08:22 hemebond e.g.,
08:23 hemebond salt['pillar.get']('passwords:' ~ usr)
08:23 CrummyGummy Thanks :)
08:23 hemebond Also, small recommendation, do one pillar.get and then loop through the data and use "if usr in ['user1', ...]"
08:24 nethershaw joined #salt
08:25 st8less joined #salt
08:25 CrummyGummy That's interesting. I'll check that out. So the pillar lookup is expensive?
08:26 hemebond It's a function call so there is some overhead. Probably not much, but a single call is cleaner.
08:28 CrummyGummy ok
08:28 hemebond Actually, you could just put the pillar data into a var and then do pillar_data[usr]
08:28 hemebond You don't even need to change your loop that way.
08:28 Rumbles joined #salt
08:40 CrummyGummy hemebond: Sounds good, also then I only have to manage the user in one location. Which is great.
08:40 hemebond 👍
08:46 sjorge joined #salt
08:46 sjorge joined #salt
08:47 orichards joined #salt
08:50 antpa joined #salt
08:50 keimlink joined #salt
08:50 darioleidi joined #salt
08:51 DEger joined #salt
08:53 amontalban joined #salt
08:53 amontalban joined #salt
08:58 q1x joined #salt
09:01 darioleidi joined #salt
09:04 keimlink_ joined #salt
09:13 mikecmpbll joined #salt
09:14 Rumbles joined #salt
09:14 mavhq joined #salt
09:24 DanyC joined #salt
09:28 irctc631 joined #salt
09:29 akrus joined #salt
09:29 akrus hello everyone~ I need some quick assistance with Salt :)
09:30 akrus there is a task to update CRLs daily, so I need to download them once a day and propagate the changes to all the minions
09:30 DanyC left #salt
09:30 akrus if I understand correctly, I need to install minion on master which will download all the files there and then copy to other minions
09:31 netcho joined #salt
09:32 akrus but the questions are: 1) should I use pillar for this or simply CRL files? 2) cp.get_url is a correct way to download the files and save to file system? 3) how can I merge multiple CRL files into one to be sent?
09:33 teclator joined #salt
09:34 krymzon joined #salt
09:35 onlyanegg joined #salt
09:38 hemebond 1) up to you. If it's easier to use a file to push from a state, use that.
09:39 hemebond 2) That looks like the right function to use
09:39 Trauma joined #salt
09:40 karlthane joined #salt
09:40 hemebond 3) Merged how? Just concatenated? You could use cmd.run to merge them via cat or something.
09:42 akrus hemebond: yes, I was looking into file.managed, but it allows a single source and file.append probably is also not what I need. file_managed has contents, but this doesn't allow to provide files as source :-/
09:42 netcho joined #salt
09:44 hemebond Maybe file.accumulated
09:44 hemebond Somehow.
09:45 hemebond A simple script and a cron job could do all this in a few lines.
09:45 akrus indeed, just wanted to use builtin features :)
09:46 hemebond Hmm. Maybe pillar would be easier somehow.
09:48 hemebond You're not really doing a state thing here.
09:49 hemebond You're doing execution.
09:49 hemebond Though you could use cmd.script to run a script that downloads and concatenates the files, then another state that pushes out that updated file.
09:51 mavhq joined #salt
09:52 s_kunk joined #salt
09:53 mavhq joined #salt
09:53 krymzon joined #salt
09:53 amontalban joined #salt
09:53 amontalban joined #salt
09:55 DanyC joined #salt
09:56 DanyC joined #salt
09:58 DanyC joined #salt
10:00 Rumbles joined #salt
10:01 DanyC joined #salt
10:03 krymzon joined #salt
10:04 N-Mi_ joined #salt
10:11 rawzone joined #salt
10:24 bosch[] Hi, I have a salt server that has run out of inodes due to job cache, how can I safely clear them?
10:25 bosch[] A 'salt-run manage.present' running every minute apparently is not a good idea.
10:26 hemebond https://docs.saltstack.com/en/latest/topics/jobs/job_cache.html ?
10:26 jaybocc2 joined #salt
10:26 st8less joined #salt
10:27 pezus joined #salt
10:27 pezus hi guys
10:27 pezus i hope anyone can help me
10:27 bosch[] hemebond: Read that, it does not really show how to clear them (safely) when they are full due to an issue.
10:28 ronnix joined #salt
10:28 pezus problem: i have a pillar value which is an ipv6 address in brackets. i want to get access to the v6 address in a states file but without the brackets...
10:28 pezus how do i get rid of them?
10:28 hemebond Aren't they just files or directories?
10:29 hemebond bosch[]: Well, I would reduce the number and let Salt trim them.
10:29 bosch[] pezus: you can use |strip(']') on the pillar values.
10:29 pezus this is what i am basically using right now: {% set location_ip_v6 = salt['pillar.get']('location.ip.v6') %}
10:29 hemebond pezus: I believe Jinja supports slicing
10:30 catpigger joined #salt
10:31 pezus failed: Jinja syntax error: no filter named 'strip'
10:31 pezus hemebond: what is slicing?
10:31 hemebond Python list slicing
10:31 hemebond 'blah'[1:-1] == la
10:31 hemebond Something like that.
10:32 hemebond (I didn't test that before writing it)
10:32 hemebond Turns out it's correct.
10:32 hemebond Basically grabbing everything one character from the start until one character from the end.
10:34 DanyC joined #salt
10:37 pezus hemebond: awesome, that's exactly what i was hoping to get!
10:37 DanyC joined #salt
10:38 hemebond 👍
10:39 netcho joined #salt
10:42 DanyC joined #salt
10:42 impi joined #salt
10:46 DanyC left #salt
10:46 moeyebus9 joined #salt
10:47 bfrog joined #salt
10:49 catpiggest joined #salt
10:52 mavhq joined #salt
10:52 DEger joined #salt
10:52 daxroc With salt.function how would you target the current minion ?
10:53 o1e9 joined #salt
10:54 DanyC joined #salt
10:56 eprice joined #salt
10:59 bookwar joined #salt
11:04 DanyC joined #salt
11:11 CrummyGummy hemebond: Please have a look again. I still can't login with the specified password. When I set the password with passwd it works fine. https://paste.ee/p/2FHzZ
11:11 hemebond CrummyGummy: You have a space after password, i.e., "password : blah"
11:11 hemebond Should be password:
11:16 CrummyGummy Wow, ok, missed that, thanks,.
11:17 moeyebus9 joined #salt
11:22 CrummyGummy Still nothing :(
11:23 hemebond I think you need hash_password: True
11:23 mattp hemebond: by stage i meant like dev->qa->staging->prod
11:23 hemebond mattp: Ooooh.
11:23 mattp but in my situation I actually have multiple 'waves' of prod over a few days
11:24 hemebond mattp: I just use pillars to control the versions of software through environments.
11:24 mattp hemebond: ya, thats pretty much what im looking at
11:24 DanyC left #salt
11:24 mattp do you use git_pillar too?
11:24 hemebond Nope, just flat files.
11:25 mattp i suppose itd be largely similar
11:25 CrummyGummy hemebond: That fixed it, thanks :)
11:26 mattp hemebond: thanks
11:27 jaybocc2 joined #salt
11:29 Sammichmaker joined #salt
11:32 abednarik joined #salt
11:35 sebastian-w joined #salt
11:35 saltnewbie No matching sls found for 'unix_sac' in env 'base'
11:36 saltnewbie top file : http://paste2.org/xbnwfk4j
11:37 hemebond saltnewbie: You don't include the init
11:37 bookwar joined #salt
11:37 hemebond init.py files are special
11:37 hemebond - unix_sac
11:37 hemebond They behave just like Python __init__.py files.
11:38 saltnewbie oh
11:39 saltnewbie just removed .init and ran salt '*' state.apply. same error
11:39 hemebond Same error?
11:39 hemebond Have you customised your master config at all?
11:39 hemebond Are you trying to use environments?
11:40 saltnewbie yep
11:40 saltnewbie let me paste my master config
11:41 saltnewbie master config : http://paste2.org/d5JsjUWA
11:41 hemebond Environments are an advanced feature that probably don't work the way you think they do.
11:41 sebastian-w joined #salt
11:42 hemebond And where is your unix_sac module?
11:42 hemebond er, state
11:43 saltnewbie http://paste2.org/bMFGfhXC
11:43 mk-fg joined #salt
11:44 hemebond And you restarted your master after updating the config?
11:45 JTJ joined #salt
11:45 saltnewbie yea. let me do that again
11:45 hemebond Wait...
11:45 hemebond You only have git in your fileserver_backends
11:46 hemebond Doesn't that mean it will only check the git repo?
11:46 hemebond Also, the setting appears to be fileserver_backend, not fileserver_backends
11:47 bosch[] hemebond: Just removing some job_cache files worked. Restarting the salt master then managed the rest of the inodes.
11:48 hemebond bosch[]: Did you remove them by time modified or something?
11:48 sebastian-w joined #salt
11:49 CrummyGummy hemebond: What hash is valid for a hashed password? Something like `echo xyz123 | sha512sum` then use the output in the pillar?
11:50 hemebond CrummyGummy: I believe it's just a boolean.
11:50 hemebond It's documented on the page for user.present
11:50 saltnewbie hemebond : Thanks, it's a different error this time (eeror : http://paste2.org/2zKax6mF). I have to push the files to git. I had them local. seems someone else changed it yesterday
11:51 catpigger joined #salt
11:51 hemebond saltnewbie: You're missing some state directories/files from your base (master) branch.
11:51 bosch[] hemebond: Just yolo removed two directories, and then restarted the master.
11:51 Straphka joined #salt
11:51 hemebond LOL, okay ☺
11:51 bosch[] (and set the keep_jobs: 1 in the master)
11:52 CrummyGummy Sorry, I mispoke. If I use hash_password: False. Then can I specify a hashed password and is it as I mentioned above? I want to get away from these plain text passwords.
11:52 hemebond Ooh. I'm not sure to be honest.
11:53 CrummyGummy Thanks, back to google :)
11:53 muxdaemon joined #salt
11:53 ninjada joined #salt
11:53 amontalban joined #salt
11:53 amontalban joined #salt
11:55 hemebond Apparently you can use https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.shadow.html to generate a hashed password.
11:55 Reverend if I have something in "_grains" can i use that to match on first run, i.e. will it run _grains and then run all the states?
11:55 bosch[] Am I paranoid if I'm even using the pgp renderer over hashed passwords? :P
11:56 hemebond Reverend: No, you have to sync the grains before you can use them.
11:56 Reverend fucksticks
11:56 Reverend that's shit for automation
11:56 hemebond bosch[]: No, that's supported and common.
11:56 hemebond Reverend: Not too bad. I do it automatically.
11:56 Reverend how so?
11:56 hemebond Using a reactor.
11:57 Reverend to basically push twice?
11:57 hemebond Yeap.
11:57 Reverend you wouldn't do me a favor would you? :P
11:57 hemebond Trying to find it now :-)
11:58 Reverend you wouldn't do me a favor would you? :P
11:58 Reverend shit
11:58 Reverend wrong up+enter sorry
11:58 Reverend thought I was in cygwin
12:00 CrummyGummy hemebondem thanks
12:06 hemebond Doh. Seems I'd started ripping it up a bit at some point.
12:06 mavhq joined #salt
12:06 Reverend =] well I've got a -very- strange problem here. Curling http://download.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-8.noarch.rpm works fine... but salt gives me a 404 when it's ran on the minion
12:07 hemebond Reverend: https://gist.github.com/hemebond/710ebb11ab1659b5061eeb57ca196278
12:07 Reverend heroic
12:07 hemebond Are you using a proxy?
12:08 hemebond What I've pasted there is a cut down version.
12:08 Reverend nope
12:08 hemebond Seems before the holidays I'd started butchering it to re-organise.
12:08 Reverend it's only hidden behind a nat
12:08 hemebond I used to have something that set a first_run grain.
12:08 hemebond And the highstate would only be called if that grain was missing.
12:08 Reverend that seems like a grand idea
12:09 Reverend it's okay for now I guess... I can continue as is, but when we come to automate it, it's gonna be handy to have. thanks hemebond.
12:10 Reverend we're manually managing it atm is all.
12:10 hemebond Good luck 👍
12:10 amcorreia joined #salt
12:11 Reverend god this fucking epel shit is getting annoying
12:12 CrummyGummy hemebond: That worked well, thanks.
12:13 hemebond 👍
12:13 brousch__ joined #salt
12:18 hemebond g'night all
12:27 st8less joined #salt
12:35 _Cyclone_ joined #salt
12:35 Trauma joined #salt
12:53 DEger joined #salt
12:58 daxroc https://www.irccloud.com/pastebin/O6cpUSZy/
12:59 daxroc What's the correct syntax to retrieive the value of that grain from the mine?  salt['mine.get'](grains.id, 'myapp:agent:uuid', 'grain')
13:00 jhauser_ joined #salt
13:00 dxtr How do I get the ip address of eth0 on the minion? salt['network.ip_addrs'](interface='eth0', include_loopback=False)[0] sometimes returns the masters IP
13:00 jhauser joined #salt
13:02 st8less joined #salt
13:02 babilen dxtr: Do you *really* need the address on eth0 ?
13:03 babilen (rather than the address in a specific network or even just the 'public' / 'private' one)
13:03 babilen And that shouldn't return the master's address unless you run it on the master/master's minion
13:04 Reverend dxtr: can't you use salt['grains.get'] for that?
13:04 babilen network.ip_addrs is perfectly fine
13:04 Reverend I mean, it might actually work :D
13:05 amontalban joined #salt
13:05 dxtr babilen: I'm running `salt '*' state.apply foo` and the actual minion is getting the masters ip
13:06 babilen I am not familiar with this "foo" state of yours. Maybe you'd like to paste it?
13:06 dxtr BUT! Here's the interesting thing
13:06 dxtr In another state it works fine
13:07 babilen Paste those two states and the output you get when you run them on the minion with "salt-call -l debug state.apply foo"
13:08 babilen Which address do you get when you run that execution function manually with the same arguments?
13:09 babilen And why do you care about eth0 as opposed to a network ?
13:09 dxtr One thing first: Are pillars and states rendered differently? I just realized one gets the IP in a pillar and the other in the state file
13:09 mage_ joined #salt
13:09 mage_ hello
13:09 daxroc With a pillar set like https://www.irccloud.com/pastebin/O6cpUSZy/ how would I access it's value ? I've tried salt['mine.get'](grains.id, 'myapp:agent:uuid', 'grain') and returns empty using 'grains.item' does show the content but I'm not sure how to get only the value
13:09 mage_ can I use jinja in pillar data ?
13:11 ninjada_ joined #salt
13:25 DEger joined #salt
13:26 jas02 joined #salt
13:27 babilen dxtr: Sure .. pillars are rendered on the master. But if you call salt['network.ip_addrs'](interface='eth0', include_loopback=False)[0] in your state that shouldn't make a difference at all
13:28 babilen dxtr: As you say that you do that in the pillar ... that's the reason. Feed this information to the mine and use the runner method documented for mine.get to get this information.
13:28 babilen I'd also *strongly* recomment to not hardcode interfaces
13:30 Trauma joined #salt
13:30 Trauma_ joined #salt
13:35 johnkeates joined #salt
13:38 one joined #salt
13:39 jaybocc2 joined #salt
13:39 one joined #salt
13:42 numkem joined #salt
13:44 toanju joined #salt
13:51 CrummyGummy joined #salt
13:51 toastedpenguin joined #salt
13:52 mavhq joined #salt
13:52 ssplatt joined #salt
13:54 jaybocc2 joined #salt
13:57 jas02_ joined #salt
13:59 eprice joined #salt
13:59 daxroc babilen: how often are the pillars rendered ?
13:59 ssplatt daxroc: rendered or refreshed?
14:00 daxroc if you embed a mine call within a pillar how often will it update ?
14:00 ssplatt once per run
14:01 babilen daxroc: Make sure to use the runner method if you perform the lookup in the pillar
14:01 keimlink joined #salt
14:01 daxroc why is that?
14:02 babilen Because that's the only way it works :D
14:06 daxroc haha makes sense now :D
14:09 daxroc Are salt[''] commands executed when the jinja is rendered also ?
14:10 beardedeagle joined #salt
14:12 ssplatt babilen: salt runner method?  do you mean grains[‘thing’] or salt[‘grains.get’](‘thing',’default’)
14:13 ssplatt or other?
14:13 mavhq joined #salt
14:14 CrummyGummy Sorry to be a pain. I'm trying to pull from a git repo and it's failing. I'm not sure if I'm doing something wrong in calling the module as the examples just show the cli version. https://paste.ee/p/Q3iYr
14:16 babilen ssplatt: I'm referring to https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.mine.html#salt.modules.mine.get
14:16 babilen And, in particular, the "{% set minion_ips = salt.saltutil.runner('mine.get', ..." bit in there
14:17 babilen daxroc, dxtr: ^
14:18 babilen CrummyGummy: No worries -- You want https://docs.saltstack.com/en/latest/ref/states/all/salt.states.git.html#salt.states.git.latest
14:18 ssplatt hmm i wonder if i’m actually using it that way or not....
14:19 babilen CrummyGummy: git.fetch is an execution module function (the bits of code that states are built on top of)
14:19 CrummyGummy ah
14:19 ronnix joined #salt
14:19 CrummyGummy babilen: thanks
14:19 ssplatt oh duh i’m talking about two different things. sorry confused mine with grains.
14:20 mage_ any better way of doing https://gist.github.com/silenius/4a2b3bfa037bab6e287e848d0a92a9a0 ..?
14:23 babilen mage_: https://docs.saltstack.com/en/2015.8/ref/renderers/all/salt.renderers.jinja.html#filters maybe?
14:23 babilen yaml_encode or similar
14:24 babilen https://docs.saltstack.com/en/latest/ref/renderers/all/salt.renderers.jinja.html#filters
14:24 jeddi joined #salt
14:24 babilen |yaml for that
14:25 mage_ thanks I'll take a look
14:25 babilen Not sure if it does exactly what you want, but check it out :)
14:26 ioden joined #salt
14:26 babilen Which reminds me !
14:26 babilen If I use "import_json" in a pillar .. what is the file path relative to? Can I also use absolute paths?
14:27 Cottser joined #salt
14:27 babilen (or import_text / import_yaml )
14:27 mage_ in fact it's for simple config files, for ex certain programs require for a boolena param = "yes", other param = yes, other param = 'yes' etc
14:28 mage_ it's sometimes a PITA :(
14:29 babilen mage_: Most programs use a specific parser for a defined (configuration) file format or markup language. I prefer to use the corresponding generator if it exists. (e.g. just write json directly if that's the file format)
14:29 babilen Most of the mainstream markup languages have generators/parsers in Python
14:32 evle joined #salt
14:35 mage_ babilen: ok.. ! on thing I wonder is if it has any added value to add *all* the config parameters in pillar instead of writing them directly in the .conf file
14:35 goal joined #salt
14:35 goal should ext_pillar work with salt-ssh? Asking because I get 'Failed to load ext_pillar reclass: ext_pillar.reclass:' when trying to run pillar.items
14:36 mage_ babilen: for ex here I have https://gist.github.com/silenius/a9b97f0efde46e2f882a5621ecf6078e
14:36 mavhq joined #salt
14:39 Tanta joined #salt
14:39 icebal joined #salt
14:40 netcho joined #salt
14:43 mavhq joined #salt
14:43 mpanetta joined #salt
14:49 mpanetta joined #salt
14:49 alvinstarr1 joined #salt
14:50 babilen mage_: If you might want to legitimately set them at one point
14:50 babilen If you are concerned about the manual work of creating that pillar .. read a suitable config file with Python and then render the resulting datastructure
14:52 Trauma_ joined #salt
14:52 racooper joined #salt
14:56 sfxandy joined #salt
14:56 sfxandy hi everyone]
14:57 Reverend I take it when I specify a salt-env, it also changes the env on the pillar data
14:57 netcho joined #salt
14:59 sfxandy frustration regarding Salt mine.  my  Salt mine function only ever returns a single value from a single server.  whats the best way to access that value i.e. not iterating over a loop as usual with Salt mine calls?
15:03 sfxandy and that single value is the value of grains['fqdn'] from a particular server.  i cant find an elegant way of accessing the result of the Salt mine.get call
15:03 AndreasLutro write your own "utils" module that does what you need
15:03 Reverend AndreasLutro - you'll know! can i borrow you for like 2 minutes.
15:04 sfxandy AndreasLutro, of course why didnt i think of that!! seems like overkill for what is essentially a very simple requirement
15:04 AndreasLutro no, but you can ask your question and I'll possibly answer :p
15:04 Reverend so - with the saltenvs fileroots, can I make it /srv/production/salt and /srv/staging/salt ... or does it need to be a suibdirectory of the /srv/salt folder?
15:04 dijit hey guys, with the latest version of salt is there a way of streaming the return output of cmd.run?
15:04 bowhunter joined #salt
15:04 AndreasLutro afaik it can be anywhere
15:05 Reverend but how does it know? :S
15:05 AndreasLutro you specify the path to the fileroots in the master config
15:06 Reverend *magic*
15:06 abednarik joined #salt
15:06 Reverend I mean, how does it know what's a pillar and what's an sls?
15:07 inad922 joined #salt
15:07 AndreasLutro file_roots are states, pillar_roots are pillars
15:08 kaptk2 joined #salt
15:09 Reverend hmmmmmmmmm
15:09 Reverend I'm just going to go test stuff and see what breaks.
15:09 Reverend thank you anyway babilen and AndreasLutro
15:11 mavhq joined #salt
15:13 tercenya joined #salt
15:15 _JZ_ joined #salt
15:16 mage_ is it possible to - include some pillar data but under a specific key ?
15:17 mage_ in my case I have Bacula clients, with pillar like pillar/bacula/clients/myclient.sls which contains bacula: ... client: ... and I'd like to include that sls in pillar/bacula/server/backup.sls under bacula: .. clients: myclient: ...
15:19 DanyC joined #salt
15:20 Tanta yes, use the context option
15:20 om2 joined #salt
15:20 Tanta and specify the pillar -> variable assignments there
15:20 mage_ the context option ?
15:21 Tanta https://docs.saltstack.com/en/latest/ref/states/all/salt.states.file.html#salt.states.file.managed
15:21 mavhq joined #salt
15:21 Tanta context
15:21 Tanta Overrides default context variables passed to the template.
15:21 mage_ mmh it's for pillar data
15:21 Tanta you should look at the syntax for this option to file.managed, and then put the assignments within the context block
15:22 Trauma_ joined #salt
15:22 nickabbey joined #salt
15:23 mage_ mmh
15:24 Tanta and you can do a looping structure, if you have many files, like {% for config_file in salt['pillar.get']('bacula_config_files').iteritems() %}
15:24 Tanta I do this exact pattern to create multiple SSH tunnels from one dictionary
15:24 DanyC left #salt
15:25 Tanta and for deploying users
15:25 mage_ not sure we talk about the same stuff, you can't use salt.pillar.get in pillar data
15:26 Brew joined #salt
15:27 Tanta no, but you could abstract the changed parts of the file that every client gets, for instance, and assign the pillar data beforehand, then iterate later and assign the proper config entries per file
15:27 Tanta that's more what I mean
15:27 Tanta it's a pattern for taking one pillar dataset and creating a group of files
15:29 Tanta http://pastebin.com/0aB6yhHY here's an example
15:29 cyborg-one joined #salt
15:29 Reverend So I'm attempting to move the 'base' fileroots to "/srv/salt/production" but it's neh woriking. thoughts someone?
15:32 chowmeined joined #salt
15:34 ssplatt Reverend: we use /srv/saltstack/base   just have to set it properly in the master config
15:34 ssplatt we were going to set up different envs but haven’t fully worked through that yet
15:34 Reverend :(
15:34 Reverend mmkay
15:34 ssplatt i think its like file_roots:   and pillar_roots:  you want to look for
15:34 ronnix joined #salt
15:35 babilen We have decided that environments are horrible (in particular if you use GitFS) and use separate masters
15:35 Reverend we? who be the we?
15:36 babilen I doubt you know my colleagues
15:36 ssplatt Reverend: me and my mates at $RandomCompany
15:36 Reverend ahh i see :)
15:36 babilen Indeed
15:36 ssplatt i do not work with babilen
15:36 Reverend I didn't know if you meant folks in here :)
15:36 babilen ssplatt: Why not? ;)
15:36 ssplatt but ame to teh same conclusion basically
15:37 ssplatt we wanted to run each git branch as its own env and use the single master/syndic cluster
15:37 ssplatt but that didn’t quite work the way we wanted in our short term testing
15:37 sfxandy joined #salt
15:37 ssplatt babilen: you tell me. we’re hiring.
15:38 Reverend quick one though.. i know I shouldn't like envs... and I may very well come to the same conclusion... however, can one specify a default env? :)
15:38 ssplatt yes
15:38 ssplatt https://docs.saltstack.com/en/latest/ref/states/top.html#environments
15:38 babilen ssplatt: Oh .. who are you working for?
15:38 phx joined #salt
15:39 ssplatt https://www.linode.com/careers
15:39 Reverend ah i see babilen: so if "production" were the default_top, production/top.sls will be used?
15:39 Reverend if so, win. <3
15:41 dijit hey guys, with the latest version of salt is there a way of streaming the return output of cmd.run?
15:42 mavhq joined #salt
15:42 ssplatt Reverend: definitely set up a test env in vagrant to make sure it works how you think it will and want it to.
15:43 Reverend not got time. need to have this shit finished by friday -_-
15:43 * Reverend has steam coming from his ears
15:43 Reverend choo choo mother fuckers. Angry sysadmin coming through!
15:43 ssplatt lol gl hf
15:44 Reverend haha
15:44 Reverend thanks mate
15:45 ssplatt i’d really like to see a real world production use for environments at SaltConf this year
15:45 ssplatt for/of
15:45 DanyC joined #salt
15:45 bookwar i've a setup separate master, but with additional environment, so that i have states coming from two different sources: the common repo and from the "overlay" repo which provides additional states
15:46 Reverend ssplatt: you just gotmy train of thought going, and have actually just made me realise why saltenvs are unfeasible for this work. you're a fucking hero.
15:46 ssplatt mainly, we don’t want to make another master with the same gpg creds copied to it to decode our gpg encrypted things in pillar
15:46 bookwar this is rather new setup, so don't have a real feedback yet, but it works )
15:46 DanyC joined #salt
15:47 jas02 joined #salt
15:47 ssplatt Reverend: especially if you need it quickly, no need to make it more complicated
15:47 dariusjs joined #salt
15:47 Reverend ssplatt: i dunno. It's gonna be a reeally nice solution if it works... but now my brain is looking for workarounds. I'll let you know how it goes. I gotta jack in
15:47 Reverend thanks for the help gents.
15:48 Reverend and ladies ofc
15:50 spuder joined #salt
15:52 keltim joined #salt
15:52 anotherzero joined #salt
15:55 abednarik joined #salt
15:56 dxiri joined #salt
15:57 mage_ what's the common way to generate for ex 100+ password and write the in pillar files ?
15:58 ssplatt mage_ external pillar?
15:58 ssplatt write your own module?
15:58 ssplatt then merge it in a formula?
15:58 mage_ external pillar with what ? :)
15:58 ssplatt i don’t think i understand the question
15:58 ssplatt do you have an external source, like a DB that already has these PWs and you now wnat them in pillar?
15:59 mage_ I have 100 clients to backup using Bacula, each client needs a password
15:59 cscf just use pwgen to make the passwords
16:00 cscf The interesting bit is getting them in pillar
16:00 mage_ yep
16:00 mage_ atm I have one pillar filer per client
16:00 mage_ I could use a python script to generate them but I wonder if it's the best way of doing it
16:00 cscf mage_, are clients computers or people?
16:01 cscf like, does a password match 1:1 with a minion?
16:01 mage_ cscf: computers
16:01 mage_ I have something like this ATM https://gist.github.com/silenius/d4807d15cf1507944480254c82fa3d8d
16:02 mage_ so in the pillar top file for the bacula director I'm including bacula.passwords and for each client bacula.passwords.myclient
16:03 cscf mage_, there's a pillar thing you can use where you can make a directory containing subdirs named after the minions, and each minion will get the files inside
16:04 mage_ ah great
16:04 Tanta you could store the passwords separately in grains, that's how I usually handle secrets
16:04 mage_ in grains ..?
16:04 cscf so you could generate the files easily: for i in list; do pwgen > roots/$i/baculapw;  done
16:04 mage_ yes password generation is not a problem
16:05 Tanta yeah, if each server had the password uniquely encoded in the same key grain
16:05 Tanta you can use that single key in the template
16:05 cscf Tanta, and custom grains are persisted to disk on the minion?
16:05 Tanta you can do the same with pillar too I guess, in a master/minion arch, but I run masterless so grains are 'secret' to me
16:06 mage_ yep that's what I do with pillars
16:06 jaybocc2 joined #salt
16:06 Tanta that's a functional solution, maybe tedious to setup
16:06 PatrolDoom joined #salt
16:07 djgerm joined #salt
16:07 morissette joined #salt
16:07 Tanta another simpler idea, would be to map the passwords in a standard list, and then assign an index value to each minion, then select the password based on the index position
16:07 Tanta that could be created easily
16:09 babilen mage_: We use "import_text" with a path that depends on the id grain
16:09 babilen (and an automatically generated file structure)
16:09 mage_ babilen: can you show me an example?
16:11 sfxandy joined #salt
16:12 babilen mage_: {% import_text "/path/to/%s/secr1t"|format(grains['id'] as thesecr1t %}
16:12 mage_ can I use that in pillar templates ?
16:13 babilen Relative to pillar roots actually
16:13 mage_ I'll try, thanks :)
16:13 babilen (and close that paren!)
16:13 mage_ and if I have gpg data ?
16:14 babilen Not sure .. maybe include the gpg renderer in the rendering pipeline?
16:14 mage_ something like {% import_text "my/passwords/{}.txt"|format(grains['id']|gpg %}
16:14 babilen No
16:15 mage_ directly in the .txt file
16:16 babilen More like "#!jinja|yaml|gpg"
16:16 babilen (as the file renderer)
16:16 mage_ let me try
16:17 babilen Do you already use the gpg renderer in other contexts?
16:18 tapoxi hey guys I'm trying to insert a ssl cert in pillar but the parser doesn't like it. any tips for lining up multi-line entries w/yaml? using the Key: | syntax
16:19 mage_ babilen: yes
16:20 babilen mage_: Keep in mind that salt, unfortunately, uses an implicit default renderer of "jinja|yaml"
16:20 mage_ yep :)
16:21 babilen tapoxi: Could you paste what you have right now (without the actual key, but just the --- BEGIN ... bit)
16:21 jaybocc2 joined #salt
16:22 bshelton229 joined #salt
16:24 debian112 joined #salt
16:26 teclator joined #salt
16:27 nixjdm joined #salt
16:31 _beardedeagle joined #salt
16:38 keltim I'm having a weird problem, "salt-call cp.get_template salt://"${template}" /dev/stdout" no longer works and just produces the error "Passed invalid arguments: coercing to Unicode: need string or buffer, bool found."
16:38 djgerm1 joined #salt
16:42 sarcasticadmin joined #salt
16:46 debian112 joined #salt
16:48 vamshi joined #salt
16:48 spuder joined #salt
16:53 ronnix joined #salt
16:53 sh123124213 joined #salt
16:54 raspado joined #salt
16:56 tiwula joined #salt
16:57 sfxandy joined #salt
17:00 teclator joined #salt
17:01 beardedeagle joined #salt
17:04 abednarik joined #salt
17:09 sfxandy joined #salt
17:09 jas02 joined #salt
17:09 AvengerMoJo joined #salt
17:10 onlyanegg joined #salt
17:11 armyriad joined #salt
17:13 teclator joined #salt
17:18 hackel joined #salt
17:19 hasues joined #salt
17:19 hasues left #salt
17:22 jas02 joined #salt
17:22 impi joined #salt
17:25 teclator joined #salt
17:26 woodtablet joined #salt
17:28 bltmiller joined #salt
17:28 dariusjs joined #salt
17:31 lws joined #salt
17:31 jas02 joined #salt
17:35 aawerner joined #salt
17:40 teclator joined #salt
17:41 anotherzero joined #salt
17:42 jaybocc2 joined #salt
17:47 foundatron joined #salt
17:53 cprior joined #salt
17:57 pipps joined #salt
17:58 jaybocc2 joined #salt
17:58 abednarik joined #salt
18:00 raspado joined #salt
18:02 eprice joined #salt
18:10 Nahual joined #salt
18:12 pipps joined #salt
18:13 UtahDave joined #salt
18:15 tercenya joined #salt
18:19 jas02 joined #salt
18:20 disaster123 joined #salt
18:22 sp0097 joined #salt
18:22 lws joined #salt
18:25 Edgan joined #salt
18:27 winsalt joined #salt
18:27 lws joined #salt
18:29 demize joined #salt
18:30 sarcasticadmin joined #salt
18:30 Sketch it's kinda annoying that service.dead fails if the service doesn't exist.  i have to wrap it in a service.available to avoid warnings?
18:34 UtahDave Sketch: Yeah, it appears that way.  Seems like that would be a nice feature or option to not have it fail if the service doesn't exist at all.  The end result is achieved either way.  Would you mind opening an issue on that?
18:35 abednarik joined #salt
18:35 ponyofdeath hi, is it possible to use a variable i in a pillar sls like var: value: 1 value2: {{value}}
18:37 alexlist joined #salt
18:39 disaster123 I'm trying to use the special __: key to overwrite a key in pillars. But i can't get it to work. The __ key just shows up in pillar.items
18:39 UtahDave ponyofdeath: Yes, you can use jinja variables in your pillar sls files.
18:40 UtahDave disaster123: can you pastebin exactly what you're trying to do?
18:40 disaster123 @UtahDave: sure please wait a minute
18:40 Sketch hmm, actually i'm wrong.  service.dead works, but service.dead: -enable: False causes a failure
18:41 UtahDave Sketch: ah, ok.
18:42 Sketch hmm, service.disabled alone works too
18:42 disaster123 @UtahDave: https://gist.github.com/disaster123/2ab1260c9c31eee05b2a15816f009f49
18:43 Sketch so i guess i have to do service.disabled and service.dead separately for it to work
18:43 Sketch that does still sort of seem like a bug ;)
18:43 UtahDave Sketch: I agree.
18:43 * Sketch files bug
18:43 UtahDave thanks, Sketch!
18:45 UtahDave disaster123: can you point me to the doc that shows how to use the `__` key?
18:46 disaster123 @UtahDave: https://docs.saltstack.com/en/latest/ref/pillar/all/salt.pillar.stack.html i see this seems to be something different with ext_pillar i thought this must be implemented in general.
18:46 Sketch wait, i'm wrong.  service.dead alone does fail as well.  not sure what i did before..
18:46 disaster123 @UtahDave: i thought this must be possible for pillars in general
18:46 ThomasJ joined #salt
18:47 ponyofdeath UtahDave: that does not seem to work, since i am trying to cross reference the same variable
18:48 jaybocc2 joined #salt
18:50 disaster123 @UtahDave: it seems there is no way todo this with normal pillars ;-(
18:50 ponyofdeath UtahDave: https://bpaste.net/show/f25e20a7bd8e
18:51 UtahDave disaster123: try looking here: https://docs.saltstack.com/en/latest/topics/pillar/#pillar-dictionary-merging
18:51 whytewolf ponyofdeath: you can't use pillars in pillars
18:51 UtahDave ponyofdeath: yeah, what whytewolf said.
18:51 disaster123 ponyofdeath: but you can read pillars with import_yaml and then use them also in pillars - i do this everywhere
18:53 disaster123 UtahDave: i don't see anything related to pillar merging strategy for a single key
18:53 Sketch UtahDave: https://github.com/saltstack/salt/issues/38696
18:53 saltstackbot [#38696][OPEN] service.dead fails when service is not installed. | service.dead fails when the service is not installed.  I have the following state:...
18:53 alexlist joined #salt
18:59 dxiri joined #salt
19:00 anotherzero joined #salt
19:03 pipps joined #salt
19:04 jaybocc2 joined #salt
19:09 Praematura joined #salt
19:18 sp0097 joined #salt
19:18 akak548 joined #salt
19:19 nickabbey joined #salt
19:19 akak548 So I am have an issue with using states to set a schedule on a salt minion
19:19 akak548 The scheduler only seems to work after a minions restart
19:20 sh123124213 joined #salt
19:22 anotherzero joined #salt
19:22 moeyebus9 joined #salt
19:29 spuder joined #salt
19:32 tercenya joined #salt
19:33 s_kunk joined #salt
19:33 s_kunk joined #salt
19:33 sh123124213 joined #salt
19:42 druonysus joined #salt
19:43 cmarzullo We ususally set our schedule in pillar.
19:43 toanju joined #salt
19:43 disaster123 does anybody know a way or hack to set a specific pillar merging strategy per key
19:44 nixjdm joined #salt
19:45 jacobk joined #salt
19:46 tmkerr joined #salt
19:47 jacobk I am using file.managed to manage my zabbix.conf file. However, I believe it is causing errors because of the hostnameitem feature in zabbix. I currently use system.hostname which is supposed to get the correct hostname for each host. Does anyone know if I can use a variable in a conf file to get the hostname instead of system.hostname?
19:49 rylnd joined #salt
19:53 Tanta you could do {% set hostname = salt['cmd.run']('hostname') %}
19:54 Tanta that's really ghetto but it might work better
19:54 Tanta not sure what system.hostname really does
19:54 PatrolDoom isn't there a grain for hostname or fqdn
19:55 Tanta there is host, domain, fqdn in grains
19:55 Tanta just checked on my system
19:56 Tanta there is also a grain called localhost that may be useful too
19:57 CrummyGummy joined #salt
19:58 jacobk so would that work in the conf file if that is where other minions are looking to to get their own conf?
20:00 PatrolDoom the conf would become a template
20:00 PatrolDoom see docs on jinja templating
20:01 jacobk thanks.
20:03 jacobk does anyone know if they are going to do saltconf17?
20:04 eprice joined #salt
20:06 klaas joined #salt
20:12 lane_ joined #salt
20:13 CrummyGummy joined #salt
20:15 beardedeagle Company is going to pay for me to go again this year. Looking forward to it.
20:18 jacobk @beardedeagle do you know the dates of saltconf17?
20:19 whytewolf jacobk: no offical word et, but you can watch saltconf.com
20:24 UtahDave Yeah, we'll make a big announcement and plaster the info everywhere once they've nailed down the date
20:26 mavhq joined #salt
20:28 cmoser joined #salt
20:28 anotherzero joined #salt
20:29 heaje joined #salt
20:30 pipps joined #salt
20:31 laax joined #salt
20:34 Trauma joined #salt
20:36 sh123124213 UtahDave: I don't see many of salt developers working on the opensource github project. It seems like they are just merging prs from other users. Is everything ok ?
20:36 sh123124213 maybe you are focusing on saltstack enterprise ?
20:36 UtahDave definitely!
20:37 UtahDave I mean, definitely we are working hard on Salt.
20:37 UtahDave We do have floods of open source contributors too.
20:38 sh123124213 UtahDave: btw how many devs you got working on the opensource project and how many on the enterprise? ( if you can say ofc)
20:39 jas02 joined #salt
20:43 pipps joined #salt
20:44 sh123124213 I guess its fine if you don't answer. Don't meat to disrespect anyone though. sorry if you thought so
20:45 UtahDave sh123124213: Oh, no disrespect. I was asking for the numbers.
20:45 beardedeagle Well even if they are working on enterprise, it still relies on saltstack opensource
20:46 UtahDave We have 8 devs working full time on opensource Salt and I think there's another 10 or so who are frequently doing something on opensource salt regularly, if not full time
20:46 beardedeagle so while not all work will tickle down into saltstack opensource, a decent portion should
20:46 hemebond Anything on the core trickles down, right?
20:46 UtahDave hemebond: absolutely.
20:46 hemebond I thought enterprise was just the separate apps like the web interface.
20:47 DEger joined #salt
20:47 UtahDave hemebond: In fact, enterprise uses opensource salt COMPLETELY.  There are no special enterprise salt features.  Enterprise is all about the fast intuitive gui interface and scaling Salt masters really well.
20:48 hemebond 👍  That's what I thought
20:48 UtahDave Our enterprise users use the exact same opensource OS packages to install salt itself.
20:49 UtahDave We did try to create "Enterprise Packages" for a while, but we realized that it seemed dumb to not make both opensource and enterprise the most secure and featureful as possible.
20:49 XenophonF _That_ is the reason I use SaltStack.
20:49 XenophonF The rest is just gravy.
20:52 beardedeagle That and the support is a big part of enterprise
20:52 beardedeagle you could make yourself a poor mans version of what they offer, but you wouldn't have the support
20:54 coldbrewedbrew joined #salt
20:54 coldbrewedbrew joined #salt
20:55 XenophonF yup yup
20:55 ivanjaros joined #salt
20:55 UtahDave very true.
20:56 honestly would having a support contract mean that when a release breaks salt-ssh it gets fixed quicker? :P
20:57 hemebond I think it does.
20:57 hemebond Because you are likely to get one of the dedicated Salt devs.
20:57 beardedeagle well tickets as apposed to github issues I assume
20:57 beardedeagle usually tickets have a faster turn around than github issues
20:59 sarcasticadmin joined #salt
20:59 tercenya joined #salt
21:01 nickabbey joined #salt
21:01 sh123124213 well, somebody could disagree that tickets should be done based on severity and not if somebody has enterprise license or not
21:02 sh123124213 I'm guessing redhat( which is the leader of opensource with enterprise licensing) does the same
21:02 whytewolf sh123124213: someone could disagree that. but it in the end if a a boss sees an open source ticket being handled over his ticket do you think he will question why he spent money?
21:02 honestly I could issue a bounty instead, but my purchasing department will prefer a support contract to giving me budget for using some bug bounty market place :P
21:03 honestly whytewolf: what people who make support tickets care about isn't whether bugs get fixed, it's whether their immediate problem gets solved
21:03 honestly I don't think there's that much conflict
21:04 pipps joined #salt
21:04 honestly people getting paid to work on salt will work on the things they're getting paid to work on
21:04 tercenya joined #salt
21:06 XenophonF I want to buy a support contract not for bug prioritization but to fund development.
21:06 XenophonF which reminds me to talk to our procurement people
21:06 whytewolf well one important fact support tickets have an SLA, opensource issues don't.
21:07 UtahDave We never withhold any fixes from opensource Salt. They all get fixed with opensource PRs on Github.    The reality is that with a project as large and far reaching as Salt, there are hundreds of features and bugs that need to get worked on. We just can't physically work on them all at once. So we have to prioritize them. High severity bugs get worked on first regardless of whether or not an enterprise customer is paying for it. But when a paying customer i
21:07 cscf Can I not specify what file network.managed puts the config in?  On Ubuntu, will it always drop it in /etc/network/interfaces, not .d?
21:07 xmj UtahDave: cut off after "paying customer in"
21:07 UtahDave xmj: ah, thanks.
21:07 whytewolf damn that irc 256 limit :P
21:07 UtahDave We never withhold any fixes from opensource Salt. They all get fixed with opensource PRs on Github.    The reality is that with a project as large and far reaching as Salt, there are hundreds of features and bugs that need to get worked on. We just can't physically work on them all at once.
21:07 xmj might want to have a "split long lines" plugin
21:07 xmj like, splitlong.pl :->
21:08 UtahDave So we have to prioritize them. High severity bugs get worked on first regardless of whether or not an enterprise customer is paying for it. But when a paying customer indicates that a certain bug is a high priority for them, then we bump up the priority on that bug.
21:08 sh123124213 makes sense
21:09 sh123124213 UtahDave : would you consider this a high priority bug https://github.com/saltstack/salt/issues/38678 ?
21:09 saltstackbot [#38678][OPEN] Minion has multiple connections to Master's 4506 port | Description of Issue/Question...
21:10 honestly xmj splitlong.pl is deprecated, upgrade your irssi :P
21:10 UtahDave Also, like whytewolf said, support tickets have an SLA that we'll respond quickly and we have support personnel that will evaluate the report and start working on a fix within a specified timeframe.  We have dedicated people working on opensource Salt bugs and issues, but our best efforts to respond to and fix those bugs might not be as fast as someone needs.
21:10 xmj honestly: pfff ;)
21:10 honestly xmj irssi 1.0.0 just got released too!
21:10 xmj i know!
21:10 honestly but the splitting has been in for a while
21:10 djgerm joined #salt
21:10 orichards joined #salt
21:11 xmj that doesn't mean i know about it
21:11 xmj nor care ;)
21:11 UtahDave sh123124213: Yeah, that sounds like that could be leaking network connections
21:14 sh123124213 UtahDave : Thanks. regardless of my questions being a bit weird(you can replace) I do appreciate your(everybody in the team of saltstack) efforts and really like the product.
21:14 pipps joined #salt
21:14 ponyofdeath https://bpaste.net/show/dfd98ff6cc04 why does a require statement not work on grains.present?
21:14 abednarik joined #salt
21:15 whytewolf ponyofdeath: require should be indented and have a list item marker on it.
21:15 whytewolf you have it as a seperate dict item
21:16 ponyofdeath like this? https://bpaste.net/show/8b743b42a138
21:16 whytewolf yes
21:16 ponyofdeath whytewolf: thanks!
21:17 whytewolf np
21:17 UtahDave sh123124213: You're welcome.  You had a valid question!
21:18 Sketch UtahDave: looks like i missed a ticket which was already closed (resolved). https://github.com/saltstack/salt/issues/37511
21:18 saltstackbot [#37511][MERGED] service.dead now only operates if the service file exists | Issue...
21:18 Sketch also explains why i never noticed it before, it only broke in 2016.3.4
21:19 whytewolf there is such a thing as an invalid question? honestly i thought it was a great question. brought up a lot of different thoughts and practices in support issues on OSS vs consumer.
21:19 inad922 joined #salt
21:21 UtahDave whytewolf: I agree.
21:26 ponyofdeath whytewolf: hmm, how about the require sls its telling me its not finding the requisite. i am requireing a nested state file auth.ldap. does it need to be only one level or?
21:28 whytewolf ponyofdeath: nested?
21:28 ponyofdeath nested as it is included normally as auth.ldap
21:28 ponyofdeath its in a folder auth then file ldap.sls
21:29 ponyofdeath but when i use it in require: sls: auth.ldap i get not found. if i use it in include: auth.ldap it works
21:30 * whytewolf shrugs. i thought auth.ldap should work however i do see in the "require an entire sls file. they still list the include needed also
21:30 amontalb1n joined #salt
21:30 whytewolf ponyofdeath: https://docs.saltstack.com/en/latest/ref/states/requisites.html#require-an-entire-sls-file
21:30 ponyofdeath yup i wonder if i need it to be included first
21:32 beardedeagle Someday I'll land a job at saltstack and be able to work on the thing I love for a living
21:33 beardedeagle Just gunna babe ruth that now
21:34 madhadron joined #salt
21:35 madhadron Is there a simple rule for when a minion will refresh its pillar data (aside from an explicit command to do so)?
21:35 whytewolf madhadron: iirc about every 60 seconds, or sometime during a highstate.
21:36 madhadron Hrm. So is there a good practice around generating something like a keystone via an external pillar and not regenerating it all the time?
21:37 UtahDave madhadron: I think pillar data is only generated when you give it an explicit command and when you run a highstate or state.sls.
21:37 whytewolf generally i have an orchestration script that forces some of the automated processes.
21:38 orichards joined #salt
21:42 DanyC joined #salt
21:48 debian112 joined #salt
21:48 orichards joined #salt
21:49 DanyC joined #salt
21:50 madhadron whytewolf, I don't understand what you mean by that.
21:51 madhadron UtahDave, Okay, so I can't just regenerate this each time. Thanks.
21:52 whytewolf i use salt orch for most of my processes so i have this https://github.com/whytewolf/salt-phase0-states/blob/master/orch/salt-core-update.sls which i use with in my orchestrations.
21:52 netcho joined #salt
21:52 netcho joined #salt
21:52 whytewolf [that repo is a work in progress]
21:55 madhadron Ah, okay
21:55 madhadron So I think caching the files the external pillar creates is the only way to go.
21:56 mavhq joined #salt
21:58 DanyC left #salt
22:00 beardedeagle nothing like running masterless salt AND salt-ssh
22:03 hemebond Really? Sounds like Ansible ☺
22:04 netcho shots fired :)
22:09 jas02 joined #salt
22:10 beardedeagle basically
22:11 orichards joined #salt
22:12 beardedeagle but it makes sense in my case. our product lives in openstack over 3 different continents. was easier to kick off a masterless run from a user_data, and since every server joins into consul after that I just use consul to generate my roster file
22:14 hemebond I've looked at Consul a few times now but haven't found a use for it.
22:14 hemebond Or figured out where I might be able to use it.
22:14 PatrolDoom hemebond: dynamic pillar backend
22:14 PatrolDoom thats the only thing i've wanted from it
22:14 DanyC joined #salt
22:14 PatrolDoom e.g. be able to pragmatically modify pillars
22:15 beardedeagle our product is a HA, cross DC, geo aware lbaas solution so we use it and masterless salt to dynamically generate all of the configs
22:15 beardedeagle consul and consul-template I mean
22:16 jaybocc2 joined #salt
22:19 beardedeagle there are limitations within our environment that make salt-cloud and running a master undesirable unfortunately
22:19 hemebond aw
22:19 keltim so many features don't work masterless ... like the gpg returner
22:21 PatrolDoom keltim: for pillar secrets?
22:21 beardedeagle I use vault for that
22:21 beardedeagle in masterless
22:22 DanyC left #salt
22:23 beardedeagle could just go the whole hog and use terraform
22:23 beardedeagle but I love salt so damn much
22:25 whytewolf it does make things tasty
22:26 djgerm any ideas why my cloud map is throwing a "mapping values are not allowed here" for 'size: t2.micro'?
22:26 hemebond I thought cloud maps could only reference profiles.
22:27 whytewolf no, you can put some settings in them
22:27 beardedeagle a link would help
22:27 djgerm sure i'll pastebin momentarily
22:28 djgerm http://paste.debian.net/908322/
22:29 hemebond Missing a :
22:29 hemebond - test1.example.com:
22:29 whytewolf yeap
22:29 beardedeagle happens to the best of us
22:30 toastedpenguin joined #salt
22:30 djgerm thanks! >_< And I am far from the best of us…
22:30 djgerm So things like that happen to me more often than they should. I should really stay away from sharp objects
22:31 rml joined #salt
22:32 orichards joined #salt
22:45 mavhq joined #salt
22:46 PatrolDoom "manual automation"
22:46 * PatrolDoom dies a little more inside
22:48 disaster123 Can anybody help with replacing a key in pillar while using smart as a default
22:49 abednarik joined #salt
22:51 hemebond using smart?
22:53 pipps joined #salt
22:54 ninjada joined #salt
22:57 netcho joined #salt
22:57 disaster123 hemebond: yes
22:57 hemebond What is smart?
22:57 hemebond Is it like SMART?
22:58 disaster123 hemebond: smart is best guess which means merge and merge is what i like in 99% of the cases. But i need overwrite / replace in one case.
22:59 hemebond Well, merging dicts is fairly easy in Salt.
22:59 hemebond If you look at the formulas you will see it being done in map.jinja and other jinja files.
23:00 disaster123 hemebond: yes sure but i need in in a pillar. And pillars can't access pillar data to remove or modify an key from another sls isn't it
23:01 ipmb joined #salt
23:01 rubenb joined #salt
23:01 ipmb Hi all! Trying to figure out how to handle service restarts for a systemd service with socket activation...
23:01 hemebond Oooh. Well I use a global jinja files that contains shared properties for my pillar flat files to use.
23:02 PatrolDoom !give ipmb question
23:02 PatrolDoom ppfft
23:02 PatrolDoom wrong chan
23:02 * PatrolDoom dies
23:02 ipmb normally I would use service.running with a watch specified, but I don't want the service to be running (it gets activated by the socket)
23:02 PatrolDoom hrm thats an interesting problem
23:03 PatrolDoom well
23:03 ipmb Q: How can I put a watch on a service that I don't want to enable or have running? (because systemd does it via socket activation)
23:03 PatrolDoom maybe have service.enabled & not service.running
23:03 PatrolDoom w/ enabled it means it can run but is not actually runnning
23:03 ipmb service should actually be disabled
23:03 ipmb I do not want it to run at startup
23:03 PatrolDoom oh but wont that cause it not to work
23:03 PatrolDoom if you do service.disabled, it will set it to not start?
23:04 ipmb systemd handles it properly if you use socket activation
23:04 PatrolDoom oic
23:04 ipmb http://uwsgi-docs.readthedocs.io/en/latest/Systemd.html#socket-activation
23:04 PatrolDoom i guess maybe service.disabled is what you want for the state management
23:04 ipmb but *if* the service is running, it needs to restart
23:04 ShanDj joined #salt
23:05 PatrolDoom maybe add an unless to check if it is running?
23:05 hemebond Yeah, a regular cmd.run with an unless check would work
23:05 hemebond Similar to the conditional restarts people usually do.
23:05 ipmb would I use cmd.wait in that case?
23:05 ipmb I remember there were some changes around that recently
23:06 whytewolf cmd.wait is depre use cmd.run with onchanges
23:06 ipmb in this scenario, that would be equivalent to service.running + watch?
23:06 eprice joined #salt
23:07 pipps joined #salt
23:07 hemebond Yes
23:07 ipmb awesome... thanks!
23:07 hemebond You would use onchanges to trigger the custom restart state.
23:08 whytewolf yes, watch is a kind limbo basicly it does what ever mod_watch tells it to. cmd.wait is actually an almost blank function and all of the logic is in mod_watch
23:08 ipmb only problem is this is going to make for one ugly SLS file :)
23:09 ipmb Since it needs to handle both a normal service and a socket activated one
23:09 whytewolf couldn't be worse then trying to read a ng formula
23:15 ShanDj Hi I am getting a  " Comment: No Top file or external nodes data matches found." however, when I run sudo salt-run fileserver.file_list i see top.sls listed
23:16 ShanDj additionally when i use the state.sls command I am successfully able to target the minion with the grain as I am doing in my top.sls file
23:16 ShanDj any ideas how to troubleshoot this further?
23:17 mrueg joined #salt
23:17 pipps joined #salt
23:17 ShanDj happy to share the contents of my files and various structures.
23:17 whytewolf need the top file contents. and the command you are running
23:18 ShanDj {% if grains['os'] == 'RedHat' %}      'cloud:aws':     - match: grain     - ops.aws.network
23:19 ShanDj sorry one missed out the "base:"
23:19 ShanDj base: {% if grains['os'] == 'RedHat' %}      'cloud:aws':     - match: grain     - ops.aws.network
23:19 ShanDj that is the contents of my top.
23:19 ShanDj after that I am simply running "sudo salt '*' state.apply"
23:20 whytewolf ShanDj: ... why not use 'G@cloud:aws and G@os:RedHat' - match: compound instead of the jinja?
23:20 ShanDj sudo salt -G 'cloud:aws' state.sls ops.aws.network works fine
23:21 abednarik joined #salt
23:21 ShanDj i guess i could. but that doesnt explain why that command thinks there is no top file. does it?
23:21 hemebond Can you paste somewhere that retains your formatting?
23:21 whytewolf who said the command thinks there is no top file. there was a second item to that failure
23:21 whytewolf that there are no "matches" in the top file for the minion
23:21 ShanDj you mean the external nodes?
23:22 ShanDj how do I paste the formatted version in IRC?
23:22 DEger joined #salt
23:22 whytewolf ShanDj: you use a pastebin such as gist
23:22 hemebond You paste elsewhere, like paste.debian.net
23:23 ipmb hemebond, PatrolDoom: this is what you were thinking? https://dpaste.de/6k7B (I'm open to any suggestions on a cleaner implementation)
23:23 ShanDj http://paste.debian.net/908330/
23:24 whytewolf ShanDj: is there more to the top file?
23:24 whytewolf like an endif
23:25 ShanDj i truncated it...let me paste the entire thing
23:25 ShanDj one second
23:25 ThomasJ joined #salt
23:26 ShanDj http://paste.debian.net/908332/
23:26 ShanDj and yes there is an endif
23:26 hemebond ipmb: Looks pretty darn good to me.
23:27 ShanDj i can target the grain successfully using the os and custom 'cloud:aws'
23:27 ShanDj * target the minion successfully
23:27 PatrolDoom ipmb: indeed, hope it works as expected
23:28 * whytewolf is never a fan of jinja inside top ... if there is ANY reason for the jinja to fail top won't load. and you end up with an error like you are getting.
23:29 ShanDj sorry new to salt. jinja is just what they have used here. I am open to trying the alternate syntax
23:29 abednarik joined #salt
23:29 ShanDj if you think it would help troubleshoot
23:30 whytewolf the minion you are trying to hit does have the os grain set as RedHat correct?
23:30 ShanDj yep
23:30 ShanDj sudo  salt -G 'os:Redhat' test.ping
23:30 ShanDj returns true
23:30 whytewolf Redhat != Redhat
23:31 whytewolf let metry that again
23:31 whytewolf RedHat != Redhat
23:31 ShanDj eek
23:31 ShanDj one sec that could be it
23:31 hemebond Hah, the top.sls documentation has "RedHat" in an example.
23:31 hemebond 'os:(RedHat|CentOS)':
23:32 ShanDj yes that still returns true
23:32 whytewolf yesh, i think the grain changed
23:32 ShanDj sudo  salt -G 'os:RedHat' test.ping
23:32 whytewolf but you arn't using match to match the grain. you are using jinja
23:33 whytewolf [match isn't as case sensitive]
23:33 pipps99 joined #salt
23:33 ShanDj i see
23:33 ShanDj ok
23:33 hemebond Usually good to |lower strings like that
23:33 ShanDj let me change it to Redhat and see if that make a diff
23:36 whytewolf that might not be it also. you never actually gathered the os grain you just tested against it.
23:36 whytewolf not sure what the value is
23:36 ipmb Are there any ways to lower the memory usage for Salt minion or reduce the number of processes that run?
23:36 ipmb running a bunch of minions in lxc containers and the RAM usage starts to add up
23:37 ShanDj yea thats not it. But not it is changed to "{% if grains['os'] == 'Redhat' %}"
23:37 ShanDj one second ill show you the grain file
23:38 whytewolf don't need the grain file. os is a built in grain
23:38 whytewolf just need grains.get os
23:39 ShanDj ok
23:40 jas02 joined #salt
23:40 ShanDj sudo salt '*' grains.get os ip-10-8-238-122.a01.wholefoods.com:     RedHat
23:40 ShanDj sorry ill format it
23:40 ShanDj http://paste.debian.net/908334/
23:40 whytewolf also try salt 'minion' cp.get_template salt://top.sls /tmp/top.slsl
23:41 ShanDj ok
23:41 whytewolf then look at the file on the minion at /tmp/top.slsl
23:42 whytewolf btw, you didn't need to format that. :P
23:42 ShanDj hey man..im clearly in over my head. so better safe than sorry
23:42 ShanDj :)
23:42 abednarik joined #salt
23:42 whytewolf no problem :P
23:43 ShanDj guessing this is not good....
23:43 ShanDj sudo cat /tmp/top.slsl base:
23:43 ShanDj that base shouldnt be empty huh
23:43 whytewolf no it shouldn't
23:43 whytewolf try putting the jinja back the way it was.and see if it does the same thing
23:44 ShanDj wonder why....is it looking in the base root instead of my gitfs_remote
23:44 ShanDj ok
23:44 ShanDj one sec
23:44 whytewolf ShanDj: on the minion level all of the roots are merged together. all it does is query the master for it.
23:45 whytewolf it is a pseudo filesystem that the master serves out
23:46 ShanDj right
23:46 ShanDj you think i need to restart the master after making these changes to the top file?
23:46 whytewolf no, you shouldn't
23:46 ShanDj ok
23:47 ninjada_ joined #salt
23:47 ShanDj well reverting the top file back to RedHat and then rerunning cp.get_template
23:47 ShanDj still returns just "base:"
23:47 whytewolf on the master run salt-run fileserver.update
23:48 ShanDj alright it updated.. ill rerun the cp
23:49 ShanDj hey that worked
23:49 ShanDj well i think it did
23:49 ShanDj one sec
23:49 ShanDj http://paste.debian.net/908336/
23:50 ShanDj it just doesnt show the {% if grains['os'] == 'RedHat' %}
23:50 whytewolf it won't
23:50 ShanDj ok cool
23:51 ShanDj would it help if i give you the output to
23:52 whytewolf it might
23:52 ponyofdeath hi, anyone know if i can user onlyif: - grain: blah or execute state only if the grain exists
23:52 ShanDj would it help if i give you the output to "sudo salt '*' state.apply -l debug"
23:52 whytewolf it might
23:52 XenophonF woah why am i just now learning about cp.get_template??
23:52 ShanDj ok one sec
23:53 whytewolf XenophonF: it really isn't talked about much. it is nice for those that don't want to load an external module. i did write a module that does pretty much the same thing but also returns it to the user instead of forcing them to log into the minion.
23:53 DEger joined #salt
23:54 ShanDj http://paste.debian.net/908337/
23:54 ShanDj thats the complete stack trace with some ips removed
23:54 falstaff_ joined #salt
23:55 falstaff_ What's the canonical way to get a minion reset/restarted if it's not responding to state commands from master? I'm not seeing anything in the docs
23:56 ipmb is it's key accepted? `salt-key -l`
23:56 ipmb sorry `salt-key -L`
23:57 ShanDj who is this directed to @ipmb?
23:57 ipmb falstaff_
23:57 ShanDj ok just checking ty
23:57 falstaff_ Yes, this usually happens after I run a command during testing that messes up a minion somehow
23:57 hemebond falstaff_: SSH onto it and restart it.
23:57 ipmb yep
23:57 falstaff_ So the keys have been accepted and test.ping gets back also
23:57 falstaff_ :(
23:57 falstaff_ I was hoping there was a cool salt way to do it
23:58 hemebond Or just blow it away. That's what I like to do.
23:58 whytewolf ShanDj: run the same command from the minion with salt-call and -l debug
23:58 ipmb I'm curious how a state would kill the minion process
23:58 falstaff_ I'm not sure, but I blame npm.
23:58 hemebond ipmb: Restart the salt-minion service after munging the config.
23:58 ipmb npm *really* shouldn't be able to break the minion
23:58 darix joined #salt
23:58 whytewolf anytime there is a problem and node.js is around i blame it
23:58 ipmb if test.ping works, it's connected
23:59 hemebond npm will break everything. horrible little thing.
23:59 whytewolf falstaff_: https://docs.saltstack.com/en/latest/faq.html#what-is-the-best-way-to-restart-a-salt-daemon-using-salt
23:59 ShanDj @whytewolf - so like this ? "sudo salt-call state.apply -l debug"

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary