Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2017-01-16

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:02 keldwud joined #salt
00:04 pipps joined #salt
00:19 PatrolDoom joined #salt
00:28 pipps joined #salt
00:43 pipps joined #salt
00:54 Klas joined #salt
00:56 catpig joined #salt
01:04 gtmanfred nerdsville: use the Formula + spm and it can manage dependencies
01:05 gtmanfred nerdsville: https://docs.saltstack.com/en/latest/topics/spm/spm_formula.html#dependencies
01:06 gtmanfred nerdsville: if you wanna try setting up openstack, check out the formulas on the openstack repository
01:06 gtmanfred nerdsville: https://github.com/openstack/openstack-salt/blob/master/.gitmodules
01:12 nidr0x joined #salt
01:28 st8less joined #salt
01:31 eprice joined #salt
01:42 prg3 joined #salt
01:43 sjohnsen joined #salt
01:46 catpig joined #salt
01:54 vodik gtmanfred: the master_type = func does run every reconnection. i think there's in how the salt-minion handles disconnection
01:54 vodik from my question last friday
01:55 vodik in fact, salt does reconsider dns everytime too as well
02:00 alvinstarr joined #salt
02:01 vodik i swear it looks like the salt-minion isn't handling disconnection event corrently
02:07 jeddi joined #salt
02:09 rojem joined #salt
02:14 pipps joined #salt
02:23 rojem joined #salt
02:26 kbaikov joined #salt
02:41 sebastian-w joined #salt
02:46 pipps joined #salt
02:48 ilbot3 joined #salt
02:48 Topic for #salt is now Welcome to #salt! <+> Latest Versions: 2016.3.4, 2016.11.1 <+> Support: https://www.saltstack.com/support/ <+> Logs: http://irclog.perlgeek.de/salt/ <+> Paste: https://gist.github.com/ (please don't multiline paste into channel) <+> See also: #salt-devel, #salt-offtopic <+> Ask with patience as we are volunteers and may not have immediate answers
02:51 catpigger joined #salt
02:51 writtenoff joined #salt
02:58 nethershaw joined #salt
02:59 Tanta joined #salt
02:59 gtmanfred vodik: good to know
03:01 vodik gtmanfred: i opened a pr, so we'll see how it goes, but its just an incorrect indent level on a else block
03:01 gtmanfred ok :D
03:01 vodik but with it in place, minions reconnect if my ip changes
03:02 pipps joined #salt
03:09 gtmanfred nice
03:10 gtmanfred we are all off tomorrow, but mike should take a look on tuesday
03:32 vodik gtmanfred: what's tomorrow? well enjoy your time off
03:32 gtmanfred MLK day
03:33 gtmanfred i have never had it off before, so IDK
03:36 hemebond "gtmanfred: i have never had it off before" 'murica?
03:36 hemebond (well, obviously, since MLK day)
03:46 JPT joined #salt
03:54 vodik oooh
03:54 vodik right, america
03:55 hemebond I just realised I misread what gtmanfred said. I thought they said "I have never had a day off before"
04:04 vodik hemebond: heh
04:09 mk-fg joined #salt
04:21 rdas joined #salt
04:40 justanotheruser joined #salt
04:43 PatrolDoom joined #salt
04:47 pipps joined #salt
04:50 preludedrew joined #salt
04:53 XenophonF nerdsville: writing your own formula for openstack seems to be a rite of passage
04:57 iggy I don't wish it on anyone, but yes
04:59 * PatrolDoom sighs...
05:00 PatrolDoom we're using OS @ werk soon... not really excited to manage it again
05:01 XenophonF ah yes, That Which Must Not Be Named OS
05:01 XenophonF it sucks
05:05 PatrolDoom "open stax" D;
05:39 alvinstarr joined #salt
05:40 jeddi joined #salt
05:41 alvinstarr1 joined #salt
05:43 cswang joined #salt
05:43 golodhrim|work joined #salt
05:56 vodik joined #salt
06:18 coredumb morning fellas
06:19 coredumb is there no way from a server POV to allow/forbid access to certain set of files from salt:// ?
06:19 vodik if i use schedule.add module, is that a one time thing or is it going to repeat?
06:20 vodik i was wondering if i could use it to schedule a system reboot overnight noce
06:20 vodik *once
06:21 vodik i assume that's what 'maxrunning: 1' means?
06:33 jeddi joined #salt
06:35 eprice joined #salt
06:36 cswang joined #salt
06:37 zer0def joined #salt
06:52 jeddi joined #salt
06:58 iggy coredumb: nope, but there are issues open about supporting pillar:// paths
06:59 iggy vodik: maxrunning = how many are allowed to run at the same time
07:00 iggy vodik: if you want something to run only once, you probably want to use "at"
07:04 pipps joined #salt
07:11 colttt joined #salt
07:14 NV joined #salt
07:17 vodik iggy: ah, ty
07:20 coredumb iggy: I find using pillars to make real separation a bit clunky
07:22 coredumb it's very complicated to have something clean security wise in a shared environnement without actual file permissions :(
07:28 cyteen joined #salt
07:31 nidr0x joined #salt
07:32 dkrae joined #salt
07:34 ivanjaros3916 joined #salt
07:50 barmaley joined #salt
07:56 lasseknudsen2 joined #salt
07:57 ReV013 joined #salt
08:09 lasseknudsen joined #salt
08:09 ronnix joined #salt
08:10 dariusjs joined #salt
08:10 darioleidi joined #salt
08:14 moeyebus joined #salt
08:15 ronnix joined #salt
08:16 John_Kang joined #salt
08:20 Sammichmaker joined #salt
08:22 moeyebus9_ joined #salt
08:27 orichards joined #salt
08:27 orichards joined #salt
08:29 o1e9 joined #salt
08:33 John_Kang http://pastebin.com/index.php
08:33 John_Kang can someone give me a advice about this state?
08:34 John_Kang i have a trouble to make a dependancy when I use if control within state.
08:34 John_Kang http://pastebin.com/8en2QyFU
08:36 dkrae joined #salt
08:52 JohnnyRun joined #salt
08:55 raspado joined #salt
08:58 darioleidi joined #salt
08:59 Nei left #salt
09:00 stooj joined #salt
09:03 lasseknudsen2 joined #salt
09:07 sgo_ joined #salt
09:11 stooj joined #salt
09:12 frygor joined #salt
09:16 hemebond John_Kang: If deploy_method != 'rolling' then your "run first script" state won't exist.
09:16 hemebond Which means your stop-tomcat state will require a non-existant state.
09:17 rai_ joined #salt
09:17 John_Kang hemebond: hi, yeah
09:17 John_Kang I need to make a dependancy somehow
09:17 hemebond Move "run first script" out of the test, or move stop-tomcat into the test.
09:17 John_Kang but it's not possible to use requisites as you let me know
09:18 John_Kang do you mean test module ?
09:18 John_Kang or something else ?
09:18 hemebond Or, if stop-tomcat must always be there, use require_in
09:18 hemebond By "test" I mean {% if .... %}
09:18 hemebond The conditional
09:18 John_Kang ah...
09:19 hemebond You could put require_in into your "run first script" state.
09:19 hemebond And point it toward "stop-tomcat"
09:19 John_Kang ahhhhhhhhhhhhhhhhhhhhhhh
09:19 John_Kang thank you, sir
09:19 John_Kang let me try
09:19 hemebond 👍
09:21 sebastian-w joined #salt
09:21 s_kunk joined #salt
09:21 s_kunk joined #salt
09:24 darioleidi joined #salt
09:24 samodid joined #salt
09:24 John_Kang hemebond: thank you so much, you've saved my day :D
09:25 hemebond Happy to help ☺
09:25 John_Kang thank you again, everything works as i expected
09:26 raspado joined #salt
09:27 moeyebus joined #salt
09:28 teclator joined #salt
09:30 viccuad joined #salt
09:37 Flusher joined #salt
09:37 eprice joined #salt
09:45 dariusjs joined #salt
09:46 N-Mi_ joined #salt
09:49 bookwar joined #salt
09:50 moeyebus left #salt
09:50 moeyebus joined #salt
09:50 stooj joined #salt
09:58 alvinstarr joined #salt
09:58 alvinstarr1 joined #salt
10:02 coredumb o/ folks
10:03 coredumb is someone actually doing "real" delegation of configurations with Salt in production here ?
10:03 hemebond delegation?
10:04 coredumb by delegation I mean = Giving full access to a specific subset of state files without trusting the delegated entity any access to the rest
10:04 coredumb like letting operations team handle nginx configuration and only that
10:04 lasseknudsen joined #salt
10:07 coredumb AFAICT you can't prevent this "operations" team to import/load/download any of the states/files outside of their subset from their own states in their own subset
10:08 coredumb I surely must not be the only one to hit this kind of threat model right ?
10:08 hemebond Well... you could just clone their git repo to a sub-directory on the salt master.
10:09 coredumb hemebond: you mean chaging the root dir ?
10:10 hemebond Well, like a formula.
10:10 hemebond Or give them their own environment.
10:10 coredumb that's what I'm looking around
10:10 coredumb is that OK to have multiple environnements ?
10:10 coredumb at once
10:11 gautamsomani joined #salt
10:11 hemebond Yeah, I have a different environment for each deployment/datacenter.
10:11 coredumb I mean for the same minion ?
10:12 coredumb like get the basic configuration from master/base env
10:12 coredumb then get the subset only from env xxxx ?
10:12 hemebond Yes, Salt environments don't work like environments might in other systems, e.g., Puppet.
10:13 hemebond All my environments are build "on top" of the base environment.
10:13 hemebond Another of my deployments had three environments: specific > local > base
10:13 coredumb isn't the minion needing parameter change on execution to access other envs ?
10:13 coredumb or I missed something ?
10:14 hemebond Not if you target via the top.sls file.
10:14 coredumb hemebond: would you mind sharing a bit of config example ?
10:14 hemebond All top.sls files are merged from each environment.
10:14 hemebond And any targeting that matches gets applied.
10:14 coredumb I wouldn't let a top file anywhere else than in base
10:15 hemebond http://paste.debian.net/908948/
10:17 coredumb hemebond: how's that preventing /srv/salt/states/base/init.sls to import files from /srv/salt/states/aws/ ?
10:17 hemebond Don't know.
10:18 hemebond Never been a problem for me.
10:18 hemebond I'm not "delegating" things to other teams.
10:19 coredumb :)
10:19 hemebond Actually I wonder if you can "import" states from other environments.
10:19 kbaikov joined #salt
10:21 coredumb in your example what happens to db9* server ?
10:21 hemebond What do you mean?
10:21 coredumb on a run does it get both configs from base and aws envs ?
10:22 hemebond I believe it gets both. Starting up a VM to check.
10:23 hemebond It gets both.
10:23 hemebond aws/base.sls and base/base.sls
10:24 coredumb ok
10:24 coredumb thx for testing
10:24 coredumb :)
10:24 hemebond 👍
10:24 coredumb now I'm pretty sure you can load/import/whatever from anywhere under salt://
10:25 keimlink joined #salt
10:25 hemebond Mmmm, maybe, yeah.
10:25 hemebond That allows you to override state files in "higher" environments.
10:27 coredumb I wonder if git root dir could be of any help ...
10:28 hemebond I can't think of a way it would.
10:28 candyman88 joined #salt
10:28 hemebond If I were to delegate something I'd probably only give people access to pillars.
10:28 coredumb I meant mountpoint
10:29 hemebond I don't see how.
10:29 coredumb you override salt:// for a specific env
10:30 coredumb so one couldn't get anything higher level
10:30 hemebond Well if your environment only has the one path then,... sure.
10:30 coredumb have to try that
10:30 hemebond I mean, they can only access files in another file_root if that file_root is a part of the environment for that minion.
10:34 moeyebus joined #salt
10:35 coredumb thx hemebond for the tips I'll make some testing after lunch
10:36 hemebond Good luck 👍
10:40 jeddi joined #salt
10:45 hemebond btw, base/base.sls is the only entry in base/top.sls
10:46 hemebond /srv/salt/states/base/ just contains formulas.
10:46 hemebond The aws environment has /srv/salt/states/aws/ as the first file_roots entry. /srv/salt/states/base/ as the second.
10:49 hemebond If you give someone control over the aws environment (in my case) then all they have access to is what's in the aws and base file_roots.
10:50 hemebond Just make sure they can't change the top.sls files.
10:51 coredumb hemebond: sure I plan having my top.sls in base only
10:51 coredumb and prevent ppl from creating top.sls of their own in their Git repo
10:51 coredumb very easy to block with a git hook
10:52 K1412 joined #salt
10:52 coredumb basically in my case base would always be the first one
10:52 K1412 Hello everyone, it is possible to launch some commands before we use include commands ? Or I really need to make 2 seperate sls ?
10:53 hemebond K1412: Does it matter?
10:53 hemebond If the order of states matter then you just need to specify the dependencies.
10:54 K1412 hemebond: in my case yes, with require ? I will give it a try
10:54 hemebond Yes, with require, watch, onchanges, etc.
11:16 Rumbles joined #salt
11:28 sgo_ joined #salt
11:30 viccuad joined #salt
11:48 neilf__ joined #salt
11:58 sgo_ joined #salt
11:59 viccuad joined #salt
12:05 netcho joined #salt
12:05 netcho joined #salt
12:31 ReV013 joined #salt
12:31 stooj joined #salt
12:32 coredumb hemebond: you around ?
12:33 XmonkModeX joined #salt
12:34 toanju joined #salt
12:36 coredumb http://pastebin.com/f9RPhimt < I set this up. top file existing only in saltstack_admin indeed
12:36 Sarphram joined #salt
12:36 coredumb from the minion I get this: - No matching sls found for 'base' in env 'base'
12:36 coredumb any idea ?
12:37 coredumb from any minion indeed
12:37 XmonkModeX Hi all. Jinja question if I may: I want to set the following - foo_bar: {{ foo.bar | default(undefined) }} so that later in my template I can use {% if defined foo_bar }} blah {% endif %}
12:37 XmonkModeX Hi all. Jinja question if I may: I want to set the following - foo_bar: {{ foo.bar | default(undefined) }} so that later in my template I can use {% if defined foo_bar }} blah {% endif %}
12:37 XmonkModeX But the undefined is causing problems. What's the best way to do this?
12:38 coredumb ah wait I forgot to commit something >_<
12:39 mavhq joined #salt
12:39 eprice joined #salt
12:43 coredumb ok hemebond it seems to work as expected
12:43 coredumb :)
12:44 nZac joined #salt
12:49 amontalban joined #salt
12:49 amontalban joined #salt
13:02 ReV013 joined #salt
13:08 ronnix joined #salt
13:14 Tanta joined #salt
13:15 amcorreia joined #salt
13:26 ws2k3 joined #salt
13:27 raspado joined #salt
13:28 ssplatt joined #salt
13:31 alexlist joined #salt
13:34 _Cyclone_ joined #salt
13:40 ALLmightySPIFF joined #salt
13:47 raspado joined #salt
13:57 irctc996 joined #salt
13:57 irctc996 hi
13:59 XmonkModeX Any takers on my question? :-)
14:00 ssplatt XmonkModeX: what?
14:01 dkrae joined #salt
14:04 XmonkModeX Jinja question if I may: I want to set the following - foo_bar: {{ foo.bar | default(undefined) }} so that later in my template I can use {% if defined foo_bar }} blah {% endif %}
14:04 Reverend XmonkModeX: what are you trying to set it to?
14:04 XmonkModeX I define the "default" value as foo_bar in the state
14:04 XmonkModeX There must be a nice way to do this.
14:04 XmonkModeX So, hen I set as "undefined" it will set foo_bar: Undefined
14:04 XmonkModeX Which I do not want.
14:04 XmonkModeX I define the "default" value as foo_bar in the state
14:05 Reverend i get htat
14:05 Reverend what im saying is, what are you setting it to...
14:06 Reverend i.e. `{% set foo_bar = False %} {% if foo_bar %} things {% endif %}` will echo nothing
14:06 ssplatt if you already set a default, why not just do a if foo.bar == “mydefault” %} things {% else %} other things {% end %}
14:06 ssplatt otherwise don’t set a default and do  if foo.bar is defined %} ...
14:07 Reverend yarp.
14:10 ALLmightySPIFF joined #salt
14:12 necronian joined #salt
14:13 Reverend ssplatt: would that effect the results if salt['pillar.get']("something:things") returned jack shit?
14:13 Reverend im wondering if it would essentially unset the variable..
14:14 Reverend or would you need to do {% if salt['pillar.get'](blerp) %}{% set something = salt....blerp %} {% endif %}
14:14 ssplatt if blerp isn’t in pillar i think it comes back undefined too
14:14 ssplatt iirc
14:14 amontalban joined #salt
14:14 amontalban joined #salt
14:14 Reverend yeah, would that change the variable to undefined? or just leave it as is?
14:14 babilen pillar.get would return None
14:15 Reverend uhoh
14:15 babilen (or another default you define elsewhere)
14:15 ssplatt change? as in it was already set to a default and you are polling the pillar again to get its value?
14:15 Reverend hmmmmmm
14:15 Reverend ssplatt: yeah
14:15 ssplatt if the default is set in pillar then you’ll get the default there
14:16 babilen Personally I found the "formula" way of handling defaults to be the easiest to work with. For that you maintain a set of defaults in defaults.yaml, then merge in platform specific values and the pillar in map.jinja
14:16 ssplatt if you just did a jinja set, then it would probably change it
14:16 babilen In templates you can then easily use {% if foo is defined %} for optional data
14:16 Reverend babilen: ahhhh i see. does that overwrite them?
14:16 ssplatt babilen: yes i agree with that. 100%
14:16 Reverend last-merged basis, right?
14:16 babilen Essentially, yes
14:17 babilen Let me dig up documentation for that
14:17 Tanta if _ is defined
14:17 ssplatt Reverend: https://github.com/ssplatt/infratest-formula  is an example of how my team is setting up our formulas
14:17 Tanta if _ == 'val'
14:17 Tanta that's the pattern I use
14:17 Tanta or you can do salt['pillar.get']('key', default)
14:17 ssplatt https://github.com/cmarzullo/saltscaffold
14:17 babilen https://github.com/saltstack-formulas/template-formula/tree/master/template exemplifies that approach
14:18 ssplatt put your defaults in defaults.yaml.  map.jinja does the merging.  overrides are in pillar-custom.sls
14:18 necronian joined #salt
14:18 Reverend intriguing.
14:18 Reverend i like it.
14:19 ssplatt saltscaffold is a script we’re using in house to quickly lay out new formula directories and files
14:22 Witol joined #salt
14:25 mavhq joined #salt
14:29 jhauser joined #salt
14:31 bluenemo joined #salt
14:33 bookwar joined #salt
14:35 Reverend best advice for running salt commands remotely? i.e. running `salt \* cmd.run 'systemctl restart cachefs`
14:35 Reverend without having to ssh the thing
14:36 cyborg-one joined #salt
14:37 ssplatt use the built in modules when you can vs cmd.run
14:37 Reverend roger that will do. but my question still stands.
14:37 Reverend :)
14:38 babilen What do you mean by "running salt commands remotely" ?
14:39 Reverend babilen: i mean, running salt stuff without having to ssh in.
14:39 babilen Aren't they all, more or less, executed remotely?
14:39 Reverend haha
14:39 babilen Into the master?
14:39 Reverend yeah.
14:40 babilen You could expose the API and call that, but then there is no CLI client that I'm aware of to take advantage of that
14:40 Reverend mmmkay. i guess the API would be okay :S although that would mean learning the API XD haha
14:41 Reverend we just need ot execute something when someone does a gitpush to the backends... easiest way to do that accross all servers is with salt. so yeah
14:43 Reverend thanks babilen :)
14:43 PatrolDoom joined #salt
14:48 nicerobot[m] joined #salt
14:49 anotherzero joined #salt
14:56 ALLmightySPIFF joined #salt
14:56 Xopher joined #salt
14:57 dyasny joined #salt
14:59 teclator joined #salt
15:05 dijit hey guys, I have a problem with getting pillar values into a command line.
15:05 hackel joined #salt
15:05 dijit basically I have the command line in pillar. For example (this is not the command line, but, for example) `ping {{ pillar.get['ping_host }}`
15:06 dijit in the pillar as cmd_args: ping {{ pillar.get['ping_host'] }}
15:06 dijit does anyone have a better way of doing this.
15:06 dijit like, concatanating the strings in the file template or something?
15:07 mattp if I have states that need orchestration (ie an upgrade involves temporary removal from cluster), should I not include them in the topfile?
15:07 mattp how is this managed in the wild?
15:07 dijit oh, hey mattp.
15:08 mattp hi
15:08 dijit small network
15:08 weiwae joined #salt
15:09 weiwae Hi, I have a really basic question and I feel dumb for needing to asking it.
15:09 Neighbour ask away :)
15:09 weiwae If I want to split up all of my state files between setting up the machine and just deploying new code, how do I run the subset of states that only deploys the code?
15:10 mattp weiwae: two topfiles
15:11 weiwae what do I run instead of sudo -b 7 '*' state.highstate?
15:11 Neighbour weiwae: using orchestration and a shell script that starts salt twice for each stage (first one does the setup, second one state.highstate)
15:11 weiwae erm salt -b not sudo -b :(
15:11 Neighbour it helps if you check the return code of the setup-stage, because if something fails there, you don't want to run the highstate
15:12 weiwae How do I run the setup without running state.highstate?
15:12 Neighbour salt-run state.orchestrate orchestration.state.file
15:12 weiwae would I do something like salt -b 7 '*' state.apply topfil1.sls ?
15:13 weiwae ok looking that up, one second.
15:13 Neighbour orchestration is a level above "normal" states, which allows you to do things on the master, and on targeted minions
15:14 mattp Neighbour: i think i asked a similar question above
15:15 mattp what do you do when your highstate requires orch. you never run salt '*' state.highstate?
15:16 Neighbour highstate can't start an orchestration afaik, that's only the other way around
15:17 mattp I understand. im just trying to understand how people use salt in the real world
15:17 mattp ie, do you add a cron for salt-call state.apply, similar to how you would for chef-client?
15:19 Neighbour Basically, yes
15:19 Neighbour unless you have very specific custom states that aren't really states (i.e. they contain commands that break the "state"-iness of things)
15:20 mattp ok, great. what do you do when your highstate for a version upgrade takes down your database/app/etc while it restarts
15:20 daxroc https://www.irccloud.com/pastebin/ZIDF43oC/
15:21 Neighbour that depends on quite a number of things...is that supposed to happen for a version upgrade if you did that manually?
15:21 daxroc Can I use onchanges for another state in a nested definition eg:
15:21 mattp Neighbour: ya. i was planning on using pillar to store app.version
15:21 mattp so if i release a new version, I go into my git_pillar and bump
15:22 mattp ie with git.latest, rev=pillar.get('app.version')
15:22 Neighbour that looks good :)
15:23 mattp i dont understand how i can deal with that problem though
15:23 Tanta encode the revision in pillar
15:23 Tanta I release all software using this pattern
15:23 subu joined #salt
15:23 mattp if state.apply happens at the same time for all of my nodes, my production app will be down / 500ing
15:24 Tanta mattp, you need to do deployment groups
15:24 Tanta only operate on half or 1/3rd the cluster at a time
15:24 netcho joined #salt
15:26 mattp Tanta: that would work
15:26 mattp thats simply using a different matcher instead of * for state.apply
15:26 Tanta aye
15:27 Tanta i have a wrapper script I use for it, it interfaces with ELBs and manages the entire process ad-hoc
15:27 honestly joined #salt
15:28 Neighbour Can anyone explain why template.py uses [root@mgmt_master salt]# salt-call slsutil.renderer string="Hallo" default_renderer="b64_enc"
15:28 Neighbour Passed invalid arguments: must be string or buffer, not cStringIO.StringI.
15:28 Neighbour hmm
15:28 Neighbour not all that
15:28 Neighbour bad clipboard :)
15:29 Neighbour anyway, template.py uses string_io to read data, which results in returning objects of type cStringIO.StringI...but that breaks one or more renderers. Can anyone help me with that?
15:29 Neighbour (particularly the gpg renderer)
15:31 Reverend babilen: just had a thought that we could fire off an event to master once the files have been pushed to the backend
15:31 Reverend have a reactor trigger when it gets the gitpush event. thoughts?
15:33 netcho joined #salt
15:33 babilen Reverend: That would work .. in the end my recommendation would be to tie this to a successful testrun (triggered from some CI system maybe?)
15:37 evle1 joined #salt
15:38 Reverend babilen: yeah. that'd be good. have a list of events that get fired to various things if the tests are OK.
15:38 Reverend we aren't using CI atm though :/ that's one of my projects for this year
15:38 Reverend I think reactors would be the 'cleanest' solution AFAICS
15:42 eprice joined #salt
15:47 ReV013 left #salt
15:51 pipps joined #salt
15:51 circ-user-9bmq3 joined #salt
15:51 babilen Reverend: I agree
15:53 saintaquinas[m] joined #salt
15:53 ThomasJ|m joined #salt
15:53 jcl[m] joined #salt
15:53 jerrykan[m] joined #salt
15:53 freelock[m] joined #salt
15:53 Salander27 joined #salt
15:59 circ-user-9bmq3 Hi. I'm a new user to Salt, and I'm trying to provision a Vagrant CentOS/7 VM with Salt using the Vagrant's built-in Salt provisioner. The single VM acts as the Salt Master and as a Minion. Using gitfs and the sun-java formula I am able to apply states if I run `salt '*' state.apply sun-java`. But `salt '*' state.apply` results in "No Top file or external nodes data matches found." In the Salt Minion log file I see an error mess
16:02 kmack BTW, I am using Salt v2016.11.1
16:03 Reverend do you have a top file? :)
16:03 Reverend if so, have you added sun-java to some form of selector?
16:04 kmack Yes, in /srv/salt/top.sls. It applies sun-java and sun-java.env to '*'
16:04 Reverend intriguing...
16:04 Reverend can has see?
16:05 kmack I've been fiddling with this for a couple of days and I'm running out of explanations
16:05 kmack Sure
16:05 kmack I'll post to GitHub real quick
16:05 Reverend or hastebin
16:05 Reverend either or
16:08 kmack https://gist.github.com/k-mack/426523e039a3fcbae4255e82e10a7690
16:08 kmack Hopefully that will work
16:08 beardedeagle joined #salt
16:09 kmack I used hyphen in file name to denote directory slash
16:09 bowhunter joined #salt
16:09 Rumbles joined #salt
16:10 kmack I should also say that "salt '*' test.ping" returns True, so there is a connection
16:11 Reverend weird. it's like it's not seeing the top.sls. is that in /srv/salt/top.sls ?
16:11 Reverend oh yeah
16:11 Reverend you already said that
16:11 kmack Yeah
16:11 Reverend im so fucking tired.
16:11 Reverend >_<
16:11 numkem joined #salt
16:11 kmack lol
16:12 kmack I'm wondering if it's an issue with Vagrant
16:12 Reverend hmmmmmmm maybe
16:12 kmack Shared folders on Windows or something
16:12 kmack the 'etc/master' message in the Minion log is what throws me off
16:13 moeyebus joined #salt
16:14 Reverend wehich is?
16:16 kmack <time> [salt.state       ][ERROR    ][11232] No contents found in top file. Please verify that the 'file_roots' specified in 'etc/master' are accessible: {'base': [], 'revert-45-custom_java_home_pillar': []}
16:16 kmack That's in /var/log/salt/minion
16:17 kmack Yet, `salt '*' state.apply sun-java` works fine. It's just applying highstate that throws it off
16:25 upb joined #salt
16:29 modulistic joined #salt
16:32 vexati0n joined #salt
16:32 s_kunk joined #salt
16:32 s_kunk joined #salt
16:32 vexati0n can salt-cloud define volumes of arbitrary sizes with ec2 ?
16:33 Tanta anything EBS accepts is probably fair game
16:33 Tanta that constraint is imposed by AWS, not salt
16:34 vexati0n thanks. i am ... new, to this whole "cloud computing" thing the kids are into.
16:36 Trauma joined #salt
16:36 * PatrolDoom dispises that term
16:37 PatrolDoom hell they could have went geeky w/ "scaletech"
16:37 PatrolDoom at least that is actually descriptive
16:37 vexati0n would have been better. "cloud" infers that we have somehow done away with hardware.
16:37 * PatrolDoom mumbles "marketing"
16:37 Tanta not really
16:37 Reverend can one fire an event without using root ? :/.
16:37 PatrolDoom cloud is a martketing term
16:37 Tanta a cloud simply implies unknown elastic scale
16:38 Tanta it's a metaphor, an abstractin
16:38 Tanta ion
16:38 PatrolDoom no really cloud is a marteting term.. remember the ole pamphlets w/ "clouds" on them when showing internet connections
16:38 Tanta no, it has a real meaning
16:38 PatrolDoom uh it was created as a marketing term
16:38 Tanta you dont know it, which sucks for you, but the term is a technical term
16:39 PatrolDoom ok sure, but it wasn't a real term until someone started applying that connatation
16:39 Tanta https://www.technologyreview.com/s/425970/who-coined-cloud-computing/
16:39 Tanta maybe you should educate yourself
16:39 mattp Tanta: curious, how do you deal with failures when batching your deploys?
16:40 Tanta I hardfail,  mattp
16:40 mattp was looking at that. you set it in master config?
16:40 PatrolDoom Tanta: gee educating on learning where a marketing term was created, great thx ;)
16:40 Tanta if there is not a full set of healthy instances, if one of the remote commands fails to return
16:40 Tanta I can send you a copy of my script, but I don't think it will be helpful in your particular case
16:41 mattp Tanta: sure. id be happy to look at it to learn atleast
16:41 Tanta sure, one sec
16:46 Trauma_ joined #salt
16:55 kmack has anyone experienced problems using Windows (as host OS), Vagrant (with CentOS 7 as guest OS), and Salt with highstate not working but applying specific states works fine?
16:57 edrocks joined #salt
17:01 raspado joined #salt
17:01 seanz joined #salt
17:02 alvinstarr joined #salt
17:02 alvinstarr1 joined #salt
17:05 mavhq joined #salt
17:06 Reverend babilen: sorry - I'm being a pain today. well, every day... but still. Can you fire an event off to master without using root?
17:06 Ramil joined #salt
17:06 iggy Reverend: it depends on your minion setup... by default, no
17:07 Reverend this is being a twat. it's moaning about 'virt-what'
17:07 Reverend :(
17:07 Reverend mmmkay.
17:07 Reverend I don't really like the idea of adding this user to sudoers on `salt-call`
17:07 iggy although, I find salt-api+pepper to deal with than trying to make the minion run as another user
17:07 iggy *easier to deal with
17:07 Reverend yeah. I saw something about pepper.
17:08 Reverend all I want to do is fire an event D:
17:40 catpig joined #salt
17:41 Eugene joined #salt
17:44 ssplatt joined #salt
17:48 Ramil Hi, I use salt-ssh for deployment. Described servers credentials in roster file. All works fine. But I have some config file where I need to list all my servers' ip. How can I get data from roster via API?
17:54 samodid joined #salt
17:58 bowhunter joined #salt
18:04 Nahual joined #salt
18:09 edrocks joined #salt
18:11 ronnix joined #salt
18:19 debian112 joined #salt
18:20 debian112 joined #salt
18:21 numkem joined #salt
18:22 mavhq joined #salt
18:22 Edgan joined #salt
18:26 golodhrim|work joined #salt
18:26 s_kunk joined #salt
18:34 nixjdm joined #salt
18:37 BattleChicken joined #salt
18:41 Trauma joined #salt
18:45 XenophonF joined #salt
18:45 eprice joined #salt
18:46 _KaszpiR_ joined #salt
18:48 cyteen joined #salt
18:57 tapoxi hi guys, how do you debug pillar? I have some jinja to determine a 'datacenter id' but I'm not seeing the key at all
19:00 Ramil I use -l debug. it shows rendered template
19:00 tapoxi Ramil: with pillar.get ?
19:00 Ramil yes
19:00 tapoxi thanks
19:01 Ramil salt['pillar.get']('my_attr')
19:02 austin_ joined #salt
19:03 austin_ is there a convenient way of getting the pillar key/values directly into a file?
19:03 PatrolDoom austin_: contents
19:03 PatrolDoom file.contents
19:03 PatrolDoom iirc
19:04 ivanjaros joined #salt
19:04 XenophonF no it's file.managed, with the argument contents_pillar
19:04 PatrolDoom yeah taht
19:04 austin_ ah
19:04 austin_ let me check that XenophonF
19:04 PatrolDoom there is a nginx formula that uses it, pretty neat
19:05 XenophonF https://docs.saltstack.com/en/latest/ref/states/all/salt.states.file.html#salt.states.file.managed
19:05 XenophonF eh, sticking whole files into pillar strikes me as kind of a kludge
19:05 XenophonF i do it myself, but i don't like it
19:05 austin_ symfony defines a ton of parameters in a parameters.yml
19:06 PatrolDoom yeah, it's kinda cumbersome w/ the formatting in the pillar
19:06 austin_ needed for things like mailgun api keys
19:06 austin_ whatever
19:06 austin_ i'm all for another way :0
19:06 austin_ :)
19:06 austin_ if there are better options
19:06 XenophonF austin_: if it's YAML, you could put _all_ of those settings into a dictionary and then use the |yaml filter to render them
19:07 XenophonF your parameters.yml template would consist solely of the following:
19:07 austin_ Xenohonf: haven't done that yet so i'll need to check that out
19:07 austin_ so its just a file with a dict ?
19:07 XenophonF {{ salt['pillar.get']('symphony', {})|yaml }}
19:07 austin_ i see
19:07 XenophonF and then the symphony dict in pillar would contain everything that was formerly in parameters.yml
19:08 austin_ let me see if i can get that to work
19:09 austin_ XenophonF: thanks for the pointers
19:09 XenophonF np!
19:09 XenophonF i'm re-writing my spigot (minecraft server) formula to do the same thing
19:10 XenophonF all the config files are yaml, and one or two are json, so rather than write a template, i just serialize those data structures using the |yaml or |json filters
19:10 hackel joined #salt
19:10 XenophonF now if only there was one for javaprops, i could do the minecraft server ini the same way
19:10 austin_ i think i see
19:11 Ramil Hi, I use salt-ssh for deployment. Described servers credentials in roster file. All works fine. But I have some config file where I need to list all my servers' ip. How can I get data from roster via API?
19:13 iggy Ramil: in that case, I'd probably keep my IPs somewhere else and then write a roster that pulled from there and then whatever other tooling you have can pull from there as well
19:17 tapoxi Ramil: I have a basic python script that generates a roster from the AWS API
19:17 tapoxi I wrote it in libcloud so you could probably extend it if needed
19:17 SaucyElf joined #salt
19:22 austin_ XenophonF: not sure if im doing this right https://gist.github.com/austinpapp/cba5652225332919972d077734fd3e8d
19:22 XenophonF maybe you could mine the roster, and then feed that into a state or template or whatever
19:22 XenophonF austin_: looking
19:22 austin_ the ordereddict is trying to split but its failing
19:23 XenophonF austin_: that's close but not quite it
19:23 austin_ hehe. yea.
19:23 XenophonF instead of contents_pillar, just use contents
19:24 XenophonF and if you're going to do it that way, you'll need to add |yaml_encode
19:24 austin_ o is it because i'm catually calling the method to get the pillar (salt['pillar.get']) v contents_pillar doing it for me ?
19:24 XenophonF so contents_pillar: {{ salt['pillar.get']('civix:symphony', {})|yaml|yaml_encode }}
19:24 XenophonF partly, yes
19:24 kedgar joined #salt
19:24 XenophonF contents_pillar does the pillar.get() call for you
19:25 XenophonF but you also need to add a serialization step that contents_pillar won't do
19:25 XenophonF that's what |yaml is for
19:25 austin_ i see
19:25 XenophonF but then, since you're doing all of this as an argument to file.managed, you need to re-encode that YAML document as a string
19:26 XenophonF that's what |yaml_encode does
19:26 austin_ _reads the manual with more intent_
19:26 XenophonF the key thing to remember is that when you do stuff with Jinja in a SLS file, you're modifying the text that's getting fed into the YAML parser
19:27 austin_ yea i need to look into `|yaml` more
19:27 austin_ which i assume is all jinja
19:27 austin_ and i'm rather novice to jinja
19:27 XenophonF jinja isn't really much different than the C or m4 preprocessors
19:28 austin_ ah. ok
19:28 XenophonF whatever Jinja ends up doing to an SLS file need to be a singular valid YAML document in the end
19:28 austin_ got it. makes sense
19:29 XenophonF the other thing to realize, as far as YAML-formatted SLS files go, is that things like 'blah: statemodule.function: [...]' are function calls
19:29 austin_ im at that stage where its, just get something in and working v. knowing really how to get it done... if that makes sense
19:29 XenophonF it just doesn't look like your typical C or Python or Ada or Lisp funcall
19:30 XenophonF hey that's cool!
19:30 XenophonF that's great, even!
19:30 austin_ milestones, deadlines... hey the internet was built on hacks :D
19:30 XenophonF keep asking questions, be patient with yourself
19:31 austin_ ^- the hardest part
19:31 XenophonF for the purposes of your state here, it's probably simpler for everyone if you have the contents in a separate source file
19:32 XenophonF instead of using contents/contents_pillar, use the source and template arguments
19:32 XenophonF set template to jinja
19:32 kedgar left #salt
19:32 XenophonF set source to something like salt://civix/files/symphony.yml
19:33 austin_ yea i could in fact copy in that file
19:33 austin_ which would totally work for vagrant dev
19:33 XenophonF and just put {{ salt['pillar.get']('civix:symphony', {})|yaml_encode }} into /srv/salt/civix/files/symphony.yml
19:33 austin_ o i see
19:33 austin_ let me check tha tout
19:34 XenophonF i'm assuming that the destination file is named /srv/config/parameters.yml?
19:34 austin_ yea
19:34 XenophonF ok
19:34 XenophonF just making sure
19:34 XenophonF /srv/salt/... being on your salt master of course
19:37 austin_ XenophonF: Jinja error: cannot represent an object: {}
19:38 XenophonF hang on let me mock this up here
19:38 austin_ this is strictly jinja at this point right
19:38 XenophonF yes
19:38 austin_ ok
19:44 XenophonF oh
19:44 XenophonF sorry i guess it's actually called symfony, with an f
19:44 XenophonF so, er, sorry about that
19:44 PatrolDoom is that the desktop
19:44 * PatrolDoom shuts pi hole
19:46 XenophonF ok so I have a working example austin_
19:46 XenophonF i'll post it in reply to your gist
19:46 austin_ ok
19:46 XenophonF also the filters are documented here
19:46 XenophonF https://docs.saltstack.com/en/latest/ref/renderers/all/salt.renderers.jinja.html
19:47 austin_ XenophonF: yea i can get the dictionary into the file as pure python but can't get it render as yaml
19:49 om2 joined #salt
19:51 XenophonF ok, i replied to your gist
19:51 XenophonF i misspelled the pillar key name
19:52 XenophonF maybe you copied my code above literally, in which case, my bad
19:53 XenophonF (my salt-master's running on FreeBSD, hence the different paths - I think on Linux, it's /srv/salt for states and /srv/pillar for pillars?)
19:54 austin_ xenophof: no problem. thanks for helping me on this
19:54 austin_ btw, i replied as i had just discovered file.serialize
19:55 austin_ however, let me take a look at the reply
19:56 austin_ XenophonF: ah! flow control.
19:57 XenophonF oh i'd forgotten about file.serialize
19:58 austin_ yea. seems like one of those incredibly useful when you need it but quickly forgotten
19:58 austin_ haha
20:00 keldwud joined #salt
20:06 netcho joined #salt
20:07 amcorreia joined #salt
20:07 BattleChicken joined #salt
20:08 hop joined #salt
20:10 hop with pillar: what is the correct way to specify an sls in top.sls per minion that might or might not exist (the sls, that is)?
20:10 sh123124213 joined #salt
20:12 hop rather, how should i specify minion-specific pillar items?
20:13 Trauma joined #salt
20:13 cmarzullo '*': ['app.{{grains['id']}}']
20:15 toanju joined #salt
20:15 hop cmarzullo: but that throws an error when <id>.sls is not there
20:15 hop oh, wait. []?
20:18 hop why does that work? i mean, where in the docs can i find this?
20:19 cmarzullo that's just a list. so I can fit it on one line.
20:19 cmarzullo '*':
20:20 cmarzullo - app.{{ grains['id'] }}
20:21 hop no, but i had that
20:22 PatrolDoom looking for something similar to https://github.com/ceralena/salt-state-graph, for visualizing states
20:22 PatrolDoom this one doesn't appear to work as expected & now i seek out alternatives
20:22 vodik should a salt-syndic act a barrier for salt-mine?
20:22 cmarzullo - app.{{ salt['grains.get']('id', 'default') }}
20:22 vodik i suspect it does
20:23 vodik logically
20:23 cmarzullo message busses aren't shared across syndics AFAIK
20:23 hop cmarzullo: that doesn't sound like it would work either
20:24 cmarzullo why not? you have an emtpy app/default.sls file
20:24 hop cmarzullo: because the minion exists, so grains.get('id') would succeed, no?
20:25 cmarzullo hmmm. us a different grain? Not sure the use case where I'd always want to include overrides. But not need overrides?
20:26 cmarzullo I'd just setup a secondary targeting blocks. 'myapphosts*': - app.{{ grains['id'] }}
20:26 hop i have a large number of ssh-config stanzas that apply to all minions and for some minions a largish number of additional stanzas
20:28 hop i thought i'd put the former in pillar/ssh_config/common.sls and the latter in pillar/ssh_config/<id>.sls
20:28 hop i could just put empty files for every minion there, i guess
20:28 anotherzero joined #salt
20:28 cmarzullo yeah sounds like a thing for targeting. * get's common. if your id matches this regex you get the extra stuff
20:30 hop but there is a large number of minions that get an individual config each
20:30 hop i don't want to repeat myself (in the file name and in top.sls)
20:33 babilen hop: We typically solve this with a dictionary in the pillar and a lookup by minion id in that dictionary. If it exists we merge it using defaults.merge.
20:34 babilen Alternatively check/iterate over cp.list_master
20:34 hop babilen: sorry, that was to fast for me
20:35 hop babilen: you mean i need an additional level in the pillar?
20:35 hop babilen: then fetch by dictionary key instead of filename?
20:35 hop what is `defaults.merge`?
20:36 hop strike the last one, found it
20:38 seanz joined #salt
20:38 babilen I am referring to a pillar like http://paste.debian.net/909051/
20:38 babilen Something along those lines (just a scetch)
20:40 hop babilen: i see
20:41 hop still not satisfying :)
20:43 babilen Why not?
20:44 hop because there is too much stuff to put it all in one file, so i'd again have to keep two things in mind (filename and dict key)
20:45 babilen So, iterate over a subset of cp.list_master and include that or check if a given SLS is available before including it
20:51 candyman88 joined #salt
20:53 moeyebus9_ joined #salt
21:01 nidr0x joined #salt
21:01 debian112 joined #salt
21:04 austin_ does anyone have a good example of using saltstack to deploy code from github ?
21:06 eseyman joined #salt
21:07 cmarzullo depends on the code. I try to package everything up with a version and what not.
21:11 PatrolDoom its pretty simple to do so
21:12 PatrolDoom i use it but i dont consider it a "good" example to share
21:12 PatrolDoom but its basically the same as whats in docs
21:22 DEger joined #salt
21:37 DEger joined #salt
21:38 jonher joined #salt
21:38 jonher left #salt
21:38 debian112 joined #salt
21:41 netcho joined #salt
21:41 bowhunter joined #salt
21:44 Trauma_ joined #salt
21:49 eprice joined #salt
21:51 ponyofdeath hi, is it possible to call a specific state from a minion? instead of highstate?
21:52 preludedrew joined #salt
21:55 CeBe ponyofdeath: what do you mean with "call a specific state"? apply it?
21:55 sh123124213 state.sls
21:55 CeBe yeah
22:01 ponyofdeath CeBe, ie call a specific state
22:03 ponyofdeath file
22:03 PatrolDoom state.sls/state.apply (i like the latter cause more descriptive to my simple mind)
22:04 jonher joined #salt
22:04 PatrolDoom even though the previous is still whats being called
22:04 ponyofdeath like under /srv/salt i have dir1/example.sls
22:04 ponyofdeath how do i call example.sls state
22:04 ponyofdeath dir1.example does not work
22:04 cscf ponyofdeath, salt 'minion' state.apply dir1.example
22:04 ponyofdeath ahhh
22:04 ponyofdeath thanks
22:05 cscf you're welcome. I use it a lot to apply 'common' to get salt-minion and sources.list updated on a new minion before I do the real apply
22:08 irctc790 joined #salt
22:09 irctc790 how can i test in jinja whether a pillar is a list or a string?
22:11 mswart joined #salt
22:17 Trauma_ joined #salt
22:20 druonysus joined #salt
22:21 debian112 joined #salt
22:22 ALLmightySPIFF joined #salt
22:22 dxiri joined #salt
22:23 cmarzullo is list
22:23 dxiri hi guys, I have a question, if I want to write something with salt to detect when a particular folder contents change, and then fire off an email when that does, what is the simplest way to achieve that with salt?
22:23 dxiri is that an execution module or a state module?
22:23 dxiri very noob here :)
22:23 cmarzullo actually that's a beacon
22:24 dxiri see, very noob :)
22:24 dxiri reading on beacons now
22:30 samodid joined #salt
22:40 swills joined #salt
22:45 netcho joined #salt
22:46 mavhq joined #salt
22:56 anotherzero joined #salt
22:57 Trauma__ joined #salt
22:57 Trauma___ joined #salt
23:07 edrocks joined #salt
23:12 PeterO joined #salt
23:12 vexati0n is there any documentation anywhere that details what data is available for a given event in salt reactor?
23:13 vexati0n i know that data['id'] is the minion id (or data['name'] for cloud events, because who needs consistency lol) but what other fields are in data ?
23:16 Rumbles joined #salt
23:22 mswart left #salt
23:23 ksk joined #salt
23:28 nixjdm joined #salt
23:31 NeoXiD joined #salt
23:35 prg3 joined #salt
23:49 Vaelatern joined #salt
23:50 gableroux joined #salt
23:53 ivanjaros joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary