Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2017-02-19

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:08 orionx joined #salt
00:14 a_ghost_irl joined #salt
00:17 ws2k3 joined #salt
00:38 XenophonF i really should check the issue tracker before doing a lot of debugging
00:38 XenophonF https://github.com/saltstack/salt/issues/38425
00:38 saltstackbot [#38425][OPEN] cron identifier not added (not supported?) when 'special' used | Description of Issue/Question...
00:38 * XenophonF smh
00:52 shoemonkey joined #salt
01:02 ksoviero joined #salt
01:19 rimk joined #salt
01:43 Derailed joined #salt
01:48 rimk joined #salt
02:12 mikecmpbll joined #salt
02:12 jeddi joined #salt
02:35 butchster joined #salt
02:36 cyteen joined #salt
02:52 shoemonkey joined #salt
02:54 catpigger joined #salt
03:05 blu_ joined #salt
03:19 Sammichmaker joined #salt
03:20 dacryoprospes joined #salt
03:21 dacryoprospes left #salt
03:22 kiltzman joined #salt
03:23 kiltzman joined #salt
03:25 kiltzman joined #salt
03:26 kiltzman joined #salt
03:27 kiltzman joined #salt
03:28 kiltzman joined #salt
03:29 kiltzman joined #salt
03:46 cyteen joined #salt
04:04 ivanjaros joined #salt
04:05 rimk joined #salt
04:10 ronnix joined #salt
04:22 edrocks joined #salt
04:27 IRCFrEAK joined #salt
04:27 IRCFrEAK left #salt
04:43 NightMonkey joined #salt
04:45 rodr1c joined #salt
04:53 shoemonkey joined #salt
05:00 jeddi joined #salt
05:15 denkijin joined #salt
05:16 scsinutz joined #salt
05:17 alvinstarr1 joined #salt
05:33 lompik joined #salt
05:38 jeddi joined #salt
06:06 rimk joined #salt
06:16 alex-zel joined #salt
06:17 alex-zel hello, in what context is pillar data compiled?
06:17 J0hnSteel joined #salt
06:18 alex-zel i.e. when I have something like {{ salt['pillar.get']('some_data', {}) }}, will the pillar data come from the minion the pillar is targeted at?
06:21 hemebond Yes
06:21 hemebond Well, not from the minion, but what the master is configured to apply to the minion.
06:21 whytewolf alex-zel: pillar is rendered on the master and cached on the minion. when you have pillar.get in a jinja template it is pulled from cache on the minion
06:22 hemebond Oh, right, yes compiled on the master.
06:22 alex-zel even if it's in a pillar.get is in a pillar?
06:22 whytewolf pillar.get doesn't work in pillar
06:22 alex-zel I'm trying to create a default pillar that other pillars can 'inherit' from
06:23 whytewolf pillars are rendered on the master.
06:23 alex-zel prehaps I can use a map.jinja file instead
06:23 whytewolf and you can't pull pillars before they are rendered
06:24 whytewolf you can however import pillars into jinja using a yaml_load
06:24 whytewolf [when doing stuff in pillar
06:24 whytewolf ]
06:25 whytewolf err load_yaml i mean
06:26 alex-zel I see
06:26 alex-zel well i get the same functionality so should be fine, thanks
06:28 ivanjaros joined #salt
06:51 kiltzman joined #salt
06:54 shoemonkey joined #salt
07:14 jeddi joined #salt
07:14 ksoviero joined #salt
07:16 fracklen joined #salt
07:16 fracklen joined #salt
07:21 rimk joined #salt
07:23 scsinutz joined #salt
07:31 kiltzman joined #salt
07:31 kiltzman joined #salt
07:32 kiltzman joined #salt
07:32 kiltzman joined #salt
07:33 kiltzman joined #salt
07:34 kiltzman joined #salt
08:03 juntalis_ joined #salt
08:15 Inveracity joined #salt
08:21 candyman88 joined #salt
08:24 edrocks joined #salt
08:38 jas02 joined #salt
08:43 ProT-0-TypE joined #salt
08:44 cyteen joined #salt
08:47 preludedrew joined #salt
08:55 shoemonkey joined #salt
09:48 Trauma joined #salt
09:50 jas02 joined #salt
09:54 ProT-0-TypE joined #salt
10:01 jas02 joined #salt
10:16 nidr0x joined #salt
10:23 jas02 joined #salt
10:30 mavhq joined #salt
10:32 jas02 joined #salt
10:56 shoemonkey joined #salt
10:57 gmoro_ joined #salt
10:58 gmoro_ joined #salt
11:02 armyriad joined #salt
11:24 rimk joined #salt
11:26 edrocks joined #salt
11:27 jas02 joined #salt
11:29 jas02 joined #salt
11:35 kiltzman joined #salt
11:38 kiltzman joined #salt
11:40 kiltzman joined #salt
11:41 kiltzman joined #salt
11:42 kiltzman joined #salt
11:43 kiltzman joined #salt
11:44 kiltzman joined #salt
11:48 evle joined #salt
12:03 candyman88 joined #salt
12:18 yidhra joined #salt
12:31 jas02 joined #salt
12:38 fracklen joined #salt
12:39 rpb joined #salt
12:57 shoemonkey joined #salt
13:03 ivanjaros joined #salt
13:06 ninjada joined #salt
13:21 blub_ joined #salt
13:27 blub_ Hi there! I have a question regard salt pillars ... Is there a way to query the targeted minion's state in order to have some conditional logic in to pillar sls?
13:27 lompik joined #salt
13:28 honestly that's not what pillar is for
13:28 honestly grains is for minion state
13:28 honestly it can tell you things like the network interfaces on the minion
13:28 honestly is that what you're looking for?
13:32 jas02 joined #salt
13:32 izibi joined #salt
13:35 blub_ honestly: I am looking for a way to add some vhost configuration to a pillar in case a directory exists
13:36 honestly why to the pillar?
13:36 blub_ honestly: something like this https://github.com/saltstack-formulas/letsencrypt-formula/issues/9#issuecomment-247014581 but well .. when I use this, it uses the "state" of the master which of course never has the letsencrypt dir
13:36 saltstackbot [#9][OPEN] Initial lack of cert is not handled correctly | I ran into this while configuring a new server with a new domain earlier this week. The problem is if you use something like the nginx formula which serves up your custom nginx conf there's no way to avoid errors with the attempted redirect prior to the cert generation. I believe this issue is definitely related more closely to the nginx/apache formulas, but that we may wish to solve it here for in
13:42 brokensyntax joined #salt
13:45 blub_ honestly: so this is kind of a problem :) at least to my understanding .. I didn't work with grains yet
13:49 rimk joined #salt
13:49 honestly yeah, not sure how to solve this
13:50 brokensyntax joined #salt
13:57 blub_ honestly: :(
13:58 blub_ honestly: maybe something to make it easier to pass something to the state highstate so that we could determine within the pillar which part to run?
13:59 blub_ honestly: don't know if something like that exists ... some command line option to salt maybe..
14:05 blub_ honestly: a custom grain that checks for the directory?
14:05 blub_ would that be easy to write? :)
14:58 shoemonkey joined #salt
14:58 brokensyntax joined #salt
15:00 impi joined #salt
15:13 shoemonkey joined #salt
15:28 J0hnSteel joined #salt
15:28 edrocks joined #salt
15:36 blub_ honestly: ?
15:36 blub_ honestly: it works :D
15:41 jas02 joined #salt
15:44 kiltzman joined #salt
15:46 kiltzman joined #salt
15:47 fracklen joined #salt
15:48 kiltzman joined #salt
15:49 brokensyntax joined #salt
15:49 kiltzman joined #salt
15:51 kiltzman joined #salt
15:51 kiltzman joined #salt
15:53 kiltzman joined #salt
16:04 honestly great :)
16:10 brokensyntax joined #salt
16:19 dxiri joined #salt
16:21 brokensyntax joined #salt
16:23 cyborg-one joined #salt
16:30 scsinutz joined #salt
16:35 blub_ honestly: I added the example grain and some pillar configuration to the ticket linked earlier for reference in case you would like to see :-)
16:40 NV joined #salt
16:48 shoemonkey joined #salt
16:49 rimk joined #salt
17:09 DEger joined #salt
17:17 armyriad joined #salt
17:20 DanyC joined #salt
17:22 felskrone joined #salt
17:26 sfxandy joined #salt
17:31 iggy blub_: something like this would probably be better https://community.letsencrypt.org/t/cannot-renew-certs-when-redirecting-http-to-https/16984/6
17:31 iggy basically, you redirect everything _except_ the .well-known dir to avoid that chicken-egg issue
17:41 blub_ iggy: thank you for having a look at the problem, but sadly that doesn't solve the problem as it is slightly different. I am using the letsencrypt-formula and the nginx-formula together and have a list of vhosts defined inside a pillar. For some I would like to add the letsencrypt section. Adding the letsencrypt-formula state and the basic configuration correctly installs things up to the point that nginx has to be configured.
17:42 blub_ iggy: thats where I thought that condition is needed. In case letsencrypt didn't generate a cert yet .. I only render the block for http ...
17:42 iggy I guess I don't see that because I don't use the nginx formula
17:42 blub_ iggy: pityful me :D
17:43 iggy this is one of those times when actually having a dev team working on formulas would be awesome
17:43 iggy sadly that's not the case
17:43 blub_ iggy: how do you configure nginx then to first have a vhost for http ... and only after letsencrypt has given a cert ... https?
17:44 iggy I don't change my servers that much, I can only assume I did it manually at some point
17:45 blub_ iggy: I see ..
17:45 iggy I can tell you this though (and I may be different than others in this regard), I wouldn't merge a PR that involved a new grain like this
17:45 iggy it's too easy to fake grain data to get at priv info
17:47 blub_ iggy: hmmm ... "a new grain like this" ? you mean the workaround mentioned?
17:48 iggy right
17:49 blub_ iggy: how to fake grain data btw? :-)
17:49 iggy write it to /etc/salt/grains
17:49 iggy (or a config file)
17:49 blub_ iggy: by the way I wanted to circumvent manual labour
17:52 iggy yeah, that part makes sense, and the way you are doing it isn't wrong (assuming you take the security implications into account), I just wouldn't merge a PR that did that to the upstream nginx formula
17:53 blub_ now I am really wondering how to approach using dynamic machine dependent things (that can change) to apply configuration ... I guess plain salt configuration is the wrong level of abstraction eh? :)
17:53 blub_ is there some place to read more about the security implications of this?
17:54 DanyC joined #salt
17:55 iggy there should be plenty
17:56 iggy since about 2 hours after someone decided to put roles in grains, people have been bemoaning the security implications of doing so
17:56 iggy same concept here, just a different grain
17:57 iggy I guess if I were going to do it without grains, I'd probably write an orchestrate job that laid down the http config, did the initial letsencrypt states, then laid down the https config
17:58 scsinutz joined #salt
17:59 jas02 joined #salt
18:00 blub_ iggy: you mean ... in case someone gained access to /etc/salt on the minion he could overwrite the grains and gain the server some extra capabilities?
18:01 iggy yes
18:01 blub_ I see ..
18:01 iggy something you might try testing is just laying down empty files for the ssl certs/keys and seeing if nginx will start that way
18:02 dxiri joined #salt
18:02 blub_ iggy: and with orchestration you mean something like this https://docs.saltstack.com/en/latest/topics/orchestrate/index.html ?
18:02 iggy then you can just do a file.managed with required perms in the nginx state (killing 2 birds with one stone... making sure the perms are correct on the ssl config files and making sure nginx doesn't choke)
18:02 iggy yes, that's the orchestration I'm referring to
18:03 scsinutz joined #salt
18:04 blub_ in case I wouldn't want to use nginx-formula
18:04 blub_ you mean
18:05 krymzon_ joined #salt
18:05 iggy as a way of fixing nginx-formula to work better with letsencrypt-formula
18:05 blub_ :)
18:05 blub_ it is a pity indeed that there is some coordination lacking with the formulas then
18:10 butchster left #salt
18:11 blub_ iggy: interesting topic that orchestrate
18:13 euidzero for anyone here also familiar with puppet, can you tell me what is the salt equivalent to puppet-control ?
18:14 euidzero sorry, I guess for puppet it's called control-repo
18:15 iggy formulas maybe?
18:15 iggy there's not like a "blessed" starter repo to look at
18:15 iggy salt tries really hard not to be opinionated (for good and bad)
18:15 euidzero I think there would need to be a specific formula that might do something similar
18:15 euidzero gotcha
18:16 iggy there are however plenty of examples out there to look at
18:16 blub_ iggy: thank you for your time btw :-)
18:18 Nahual joined #salt
18:18 zer0def joined #salt
18:19 shoemonkey joined #salt
18:20 dxiri joined #salt
18:22 euidzero any thoughts on salt equivalent for librarian-puppet (https://github.com/rodjek/librarian-puppet) ?
18:23 euidzero yes, ty @iggy
18:25 scsinutz joined #salt
18:26 iggy none
18:27 euidzero ok, thanks
18:27 iggy there is SPM for formulas, but it hasn't really taken off
18:32 blub_ left #salt
18:34 euidzero iggy: thanks, I will check that out
18:34 euidzero my reason for asking...
18:35 euidzero I work in a shop that uses puppet.  I believe salt to be better but I have little experience with either
18:35 euidzero the puppet structure is fairly organized, using a control repo and librarian as key pieces
18:36 Lionel_Debroux_ joined #salt
18:36 euidzero just trying to understand how someone might transition something like that to salt.
18:36 iggy yeah, sadly they have a couple years head start on Salt in some regards
18:36 euidzero true
18:37 euidzero is there some common salt repository?  as in, similar to forge.puppet.com
18:40 honestly there's salt-formulas
18:40 honestly https://github.com/saltstack-formulas
18:41 euidzero honestly: cool, thanks!
18:44 Trauma joined #salt
18:49 foundatron joined #salt
18:50 rimk joined #salt
18:52 srk joined #salt
18:52 srk any idea how to solve ImportError: No module named certifi when using salt-ssh to centos 6 host?
18:56 shoemonkey joined #salt
18:59 hrumph hi
18:59 hrumph i'm wrtigin a salt module
18:59 hrumph i'm really confused about best practices
18:59 hrumph for instance when do I not handle an exception so I can allow state modules to handle it?
19:00 hrumph when do I throw an exception instead of log and return false?
19:02 srk there's no such thing as best practices
19:02 srk had to downgrade to 2015.5 :D
19:02 srk someone feels like it's a good idea to pip install stuff on production machines
19:03 srk except I don't even have a pip :D
19:06 hrumph https://github.com/saltstack/salt/issues/39500
19:06 saltstackbot [#39500][OPEN] Wish to know best practices for dealing with errors in run modules | WIsh to know best practices for writing modules...
19:08 iggy there really aren't best practices... for something that has the possibility of tying together so many dissimilar python modules, it would be hard to say use X for this and Y for this
19:08 jas02 joined #salt
19:09 Pratik joined #salt
19:15 impi joined #salt
19:16 fracklen joined #salt
19:16 hrumph iggy i just edited in case you want to re-read it
19:16 hrumph iggy if you could post a response i guess it would be helpful
19:16 hrumph the more feedback on this the better
19:18 netcho joined #salt
19:27 DEger joined #salt
19:27 fracklen joined #salt
19:41 netcho joined #salt
19:42 jas02 joined #salt
19:48 dendazen joined #salt
19:51 dxiri joined #salt
19:54 kiltzman joined #salt
19:55 kiltzman joined #salt
19:57 kiltzman joined #salt
19:57 kiltzman joined #salt
20:00 kiltzman joined #salt
20:00 kiltzman joined #salt
20:01 kiltzman joined #salt
20:14 srk left #salt
20:22 Norrland joined #salt
20:43 Tanta joined #salt
20:50 rimk joined #salt
20:50 cyborg-one joined #salt
21:09 ninjada joined #salt
21:30 jimklo joined #salt
21:30 edrocks joined #salt
21:36 jas02 joined #salt
21:52 jgarr joined #salt
21:54 DEger joined #salt
21:59 jgarr how can I print a message/variable to stdout during a state run? I see the output module but that doesn't look like what I want
22:00 whytewolf short answer: you don't
22:01 whytewolf the async nature of salt means that you are not seeing anything in real time. it is waiting until everything passes before it out puts anything to you
22:02 whytewolf also, because the state is not actually running on the master but the minion and then sending it's information to the master after it finishes. so "stdout" doesn't really exist in that case
22:03 whytewolf the closest you can come is to add logging events into your code and use salt-call to run it
22:03 whytewolf [and that is only for custom modules]
22:07 jgarr so what's the best way to test state files? I need to test some if checks and variables on the minions
22:08 jgarr it also doesn't appear I can run a state file without running highstate (maybe I haven't found the right command yet). I was looking to selectively target my state file for testing. Something like salt 'node' state.apply test.sls
22:08 manji test=True
22:09 iggy show_sls show_highstate show_lowstate etc
22:09 jgarr ahh, there's some docs https://docs.saltstack.com/en/latest/ref/states/testing.html
22:09 iggy state.apply <foo> will apply a single state... state.apply (with no args) will run a highstate
22:10 jgarr ok, so that should work with targetting a single minion
22:10 whytewolf okay you are talking about jinja rendering. the show commands are good. there is also cp.get_template
22:11 iggy anything should work with targetting a single minion
22:11 Norrland Is there any better way of determing if a pillar is set for minion than "{% if pillar['my']['lookup']['mykey'] is defined %} [ do stuff ] {% endif %}" for the pillars "my:\nlookup:\nmykey: foo" ?
22:11 whytewolf salt pillar.get <pillar>
22:12 iggy pillar.get supports nested lookups
22:12 Norrland even inside states?
22:13 iggy {% if salt['pillar.get']('my:lookup:mykey') %}
22:13 whytewolf {% if salt.pillar.get('my:lookup:mykey')% }
22:13 Norrland ah
22:13 whytewolf damn iggy beat me to it :P
22:14 iggy the default return (if you don't specify a default value) is NoneType which will evaluate to falsish, so your if won't trigger
22:15 iggy there's also {% set mykey = salt.pillar.get('my:lookup:mykey') %} {% if mykey %} do stuff with {{ mykey }} {% endif %}
22:15 Norrland iggy: super. Thanks.
22:16 Norrland is it just readability with the "salt.pillar.get" vs. "salt['pillar.get']" ?
22:16 iggy yeah, personal preference
22:17 iggy (or really old versions of Salt didn't handle salt.pillar.get() right)
22:17 Norrland ok, thanks. Been seeing examples of both.
22:18 whytewolf Norrland: it is disscribed here https://docs.saltstack.com/en/latest/topics/jinja/index.html#calling-salt-functions
22:26 Norrland (=
22:32 ronnix joined #salt
22:44 jas02 joined #salt
22:49 Norrland works perfect.
22:49 Norrland Thanks guys
22:51 rimk joined #salt
23:18 jgarr when I use `salt 'minion' cmd.run '/path/to/script.sh` it's returning 1 but when I ssh into the box and run the script the stdout is 0
23:19 jgarr I'm trying to register a variable in my state from the script output but it looks like it's registering incorrectly
23:20 jgarr in my state I have {% set test = salt['cmd.run']("/path/to/script.sh") %} and then I use {% if test == 0 %} but it's not matching
23:20 hemebond jgarr: You might need to call the shell directly.
23:21 jgarr you mean bash -c ?
23:21 hemebond yeah
23:21 hemebond but might need full path
23:21 hemebond Or you could use cmd.script
23:23 jgarr I am using the full path. I was going to try to just do {% if salt['cmd.run']('/path/to/script.sh') == 0 %} instead. Maybe it'll work
23:24 hemebond I mean the full path to the bash/shell executable.
23:44 Deliant joined #salt
23:45 jas02 joined #salt
23:50 fracklen joined #salt
23:50 rimk joined #salt
23:58 kore joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary