Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2017-02-21

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:00 brd whytewolf: oh, because there can be an array of dicts returned
00:01 whytewolf yeah
00:03 onlyanegg joined #salt
00:03 brd whytewolf: so something like: {% if interface.bce0.inet[0].address is defined -%}
00:03 whytewolf in theory ;)
00:04 brd whytewolf: hah, indeed
00:04 brd Comment: Unable to manage file: Jinja variable 'dict object' has no attribute 'bce0'
00:05 whytewolf have you tried just output interface?
00:05 whytewolf to see what is being output
00:06 IRCFrEAK joined #salt
00:06 IRCFrEAK left #salt
00:14 sharon_so_ joined #salt
00:15 sharon_so_ Hi,  has anyone seen any app/tool that would automatically change variables from a salt config file and redeploy, i am basically looking to automate testing of an salt deployment that has a lot of different variables.
00:15 brd whytewolf: hah, I figured it out!  I needed: interface.bce0.inet.0.address
00:18 justanotheruser joined #salt
00:21 DEger joined #salt
00:27 gnomethrower sharon_so_: try combining Docker and Vagrant, maybe?
00:28 sharon_so_ gnomethrower: I probably didnt explained myself correctly, I am looking for a way to exercise all deployment variables that are set/hardcoded in a config file.
00:31 juntalis joined #salt
00:32 gableroux joined #salt
00:39 HRH_H_Crab joined #salt
00:41 hemebond left #salt
00:42 Poppabear anyone familar with the 'mysql-formula' ?
00:43 Poppabear for some reason its not giving me results for creating the database or users ?
00:43 Poppabear and no results nor is it creating the user or database
00:43 Poppabear everything else "appears" to be working
00:44 whytewolf Poppabear: what do you have in your top file?
00:49 cliluw joined #salt
00:49 hemebond joined #salt
00:51 jas02 joined #salt
00:52 mswart left #salt
01:03 Poppabear whytewolf: i'm not using the formula in the suggested way, i simply use it as a state, so i can call it via state.sls mysql
01:03 whytewolf so... do you call mysql.user and mysql.database afterwords?
01:07 Poppabear no, mysql init.sls should though correct ?
01:27 whytewolf ahh yes it does. calls mysql.server then .database then .user
01:32 Poppabear but when i run state.sls mysql it doesn't show any results in regards to user or database
01:34 whytewolf what does your pillar structure look like?
01:40 dps joined #salt
01:42 sharon_so_ left #salt
02:03 jas02 joined #salt
02:07 jeblair_ joined #salt
02:08 scsinutz joined #salt
02:08 scsinutz joined #salt
02:20 leev joined #salt
02:27 Tanta joined #salt
02:48 k_sze[work] joined #salt
02:52 catpiggest joined #salt
02:57 onlyanegg joined #salt
02:57 edrocks joined #salt
03:04 jas02 joined #salt
03:06 dxiri joined #salt
03:26 shef joined #salt
03:27 shef Hey, has anyone noticed a problem with slow service start times for the latest salt minion on CentOS 6?
03:28 hemebond shef: I believe people have.
03:28 hemebond Have you checked the issues on Github?
03:30 shef With salt-minion-2016.11.1 it it took a a second for the salt-minion to start on a node  in our VM test bed, but now it takes more than a minute.
03:30 shef I haven't. Where do I look ?
03:30 hemebond https://github.com/saltstack/salt/issues?utf8=%E2%9C%93&q=is%3Aissue%20is%3Aopen%20slow%20restart
03:30 shef I work with Cisco.
03:31 hemebond With Cisco?
03:31 shef Cisco Systems
03:32 shef for Cisco
03:32 hemebond I've heard of them. Just wondering what you ...
03:32 hemebond Oh, you work for Cisco.
03:32 shef yes
03:32 hemebond Your switches are okay.
03:32 shef yep, they are
03:33 hemebond https://github.com/saltstack/salt/issues/39052
03:33 saltstackbot [#39052][MERGED] Minion restart very slow since 2016.11.2 | Minion restart is slow since 2016.11.2...
03:35 shef Thanks, I haven't noticed as much a problem with CentOS 7.
03:36 shef or very little, haven't timed it yet, but it seemed reasonable
03:37 shef Also, I saw an issue when updated the salt-minion RPMs. It didn't seem to restart well, even though the RPM post script was a condtional restart.
03:37 hemebond Didn't restart well?
03:37 hemebond What happened?
03:38 shef One second I can try it on another node. I did this the other day and I forget exactly what it said.
03:42 evle joined #salt
03:47 shef I'm updating a node from salt-minion-2016.11.1-1.el6 -> 2016.11.2-1.el6. It's talking it's sweet time.
03:48 shef after about a minute it finished
03:48 hemebond Sounds okay.
03:49 shef [root@vcos-2 ~]# rpm -Uhv salt-2016.11.2-1.el6.noarch.rpm salt-minion-2016.11.2-1.el6.noarch.rpm  warning: salt-2016.11.2-1.el6.noarch.rpm: Header V4 RSA/SHA1 Signature, key ID de57bfbe: NOKEY Preparing...                ########################################### [100%]    1:salt                   warning: /etc/salt/minion created as /etc/salt/minion.rpmnew ########################################### [ 50%]    2:salt-minion
03:49 onlyanegg joined #salt
03:49 shef I'm testing to see the status of the minion. It's been thinking about it for 30 seconds or so now
03:49 shef still thinking about it
03:50 shef it's running now
03:50 shef I thought I saw something about a pid file before
03:50 shef if I see it again I'll post an issue on the git hub
03:50 shef [root@vcos-2 ~]# rpm -qa |grep salt salt-2016.11.1-1.el6.noarch salt-minion-2016.11.1-1.el6.noarch [root@vcos-2 ~]# time  service salt-minion start Starting salt-minion daemon:                               [  OK  ]  real0m0.998s user0m0.392s sys0m0.086s
03:51 shef before the update
03:54 shef after update
03:54 shef [root@vcos-2 ~]# time service salt-minion start Starting salt-minion:root:vcos-2 daemon: OK  real1m44.996s user0m3.488s sys0m0.837s
03:54 shef 1 minute 44 seconds to start
03:57 dxiri joined #salt
03:58 AvengerMoJo joined #salt
03:58 bbrelin3 joined #salt
03:58 bbrelin3 Hello all.
03:59 edrocks joined #salt
03:59 bbrelin3 Does anyone have any examples of how to access elements of a list created in a pillar file in a state file using jinja?
03:59 bbrelin3 For example if I have a pillar 'foo'
03:59 bbrelin3 and I define inside 'foo' the following:
03:59 bbrelin3 bar:
03:59 bbrelin3 - baz
03:59 bbrelin3 - blech
04:00 bbrelin3 How can I access this inside a state file with jinja?
04:00 bbrelin3 I've tried the following:
04:00 ivanjaros joined #salt
04:01 raspado joined #salt
04:01 bbrelin3 (% for elem in salt['pillar.get'] ('foo:bar') %}
04:02 hemebond bbrelin3: That should work.
04:02 bbrelin3 {{ elem }}:  state
04:04 bbrelin3 I keep getting errors like: mapping values not allowed here
04:04 hemebond You have an error in your pillar somewhere.
04:05 bbrelin3 I can't find it.
04:05 bbrelin3 My actual pillar looks like this:
04:06 hemebond Don't paste in here.
04:06 bbrelin3 oh, okay.
04:06 bbrelin3 How do I show anyone what the data looks like?
04:06 hemebond http://paste.debian.net/
04:08 CustosLimen joined #salt
04:09 bbrelin3 This is what my pillar looks like: paste.debian.net/915959
04:10 hemebond That's all of it? Maybe your state then. Would need to see the full error.
04:11 jas02 joined #salt
04:11 bbrelin3 Here's the state file: paste.debian.net/915960
04:11 hemebond There's your problem.
04:11 hemebond Your indentation is all over the place.
04:11 hemebond Your Jinja code still has to create valid YAML.
04:12 bbrelin3 Ah, So, i need to keep everything in YAML indentation style?
04:12 shoemonkey joined #salt
04:12 hemebond Yes.
04:12 bbrelin3 Aha.  Thanks.  I'll try that.
04:12 hemebond The indentation doesn't matter to Jinja, but the output has to be valid YAML.
04:12 hemebond I usually keep the {% at the beginning of each line.
04:13 hemebond And then indent within the {%- %}
04:13 bbrelin3 I'll give it a go. Thanks
04:13 hemebond And I use {%- so the jinja doesn't leave empty lines.
04:13 fhh joined #salt
04:15 shef Is there a current development version of salt-minion I can test ?
04:17 hemebond shef: The develop branch of the Git repo.
04:18 shef ok, thanks, I'll pull it
04:21 bbrelin3 Hmmm....It's still not rendering correctly...paste.debian.net/915962
04:21 hemebond What is apache and postgres?
04:21 hemebond Are they supposed to be list items?
04:21 hemebond You're missing : or -
04:22 bbrelin3 They're state id's
04:22 hemebond Then they should be list items.
04:22 bbrelin3 Aha.
04:22 hemebond So you need - apache
04:22 scsinutz joined #salt
04:25 bbrelin3 Still no joy.  paste.debian.net/915963
04:25 bbrelin3 No YAML gets rendered at all...
04:25 hemebond You have a space in your _for_ line
04:25 hemebond salt['pillar.get']('....
04:26 hemebond Should be no space between ] and (
04:27 bbrelin3 Still doesn't work...
04:27 bbrelin3 No YAML output at all.
04:27 hemebond What is your pillar.get actually fetching?
04:27 hemebond It looks like you're trying to iterate over a list.
04:27 nebuchadnezzar joined #salt
04:27 hemebond But then you're using "in"
04:28 bbrelin3 Yes.
04:28 hemebond So `system` should be a string.
04:28 hemebond So you can `in` it.
04:28 hemebond *can't
04:28 bbrelin3 Do I need to put the list elements in quotes in the pillar?
04:28 hemebond Nope.
04:28 hemebond You need to fix your loop tests.
04:29 bbrelin3 How do I test if, for example my list element has the string 'web' in it?
04:30 hemebond Should a server have both apache and postgres states applied if they're in the list?
04:30 bbrelin3 No.  If it's a db server then it does postgres, if it's a web server it does apache.
04:30 bbrelin3 That's what I thought that I was testing.
04:30 bbrelin3 I.e. checking the list element name
04:31 hemebond Then you just want to fetch the list, not iterate over it.
04:31 hemebond Then you can use the `in` test.
04:31 bbrelin3 So, I do a jinja set command?
04:31 hemebond Yeah
04:35 bbrelin3 I'm still unsure how to then test the different elements.
04:35 hemebond It's the same as Python.
04:35 bbrelin3 Well, in Python I'd iterate over the list and do an 'in' test on each element.
04:36 bbrelin3 Which is was I thought I was doing with the jinja code.
04:36 hemebond {%- set states = salt['pillar.get']('blah:listname') %}{%- if 'item' in list %} do stuff ....
04:36 hemebond Well I didn't think the `in` would work. Maybe it will.
04:37 hemebond It would work in Python but Jinja is a little different.
04:37 hemebond And has some restrictions.
04:37 hemebond Paste your latest pillar and state.
04:39 bbrelin3 paste.debian.net/915968
04:39 bbrelin3 Pillar is unchanged.
04:42 bbrelin3 Is there any way to do debugging print statements so that I can actually see what's going on?
04:42 bbrelin3 That, to me, is the frustrating bit.  I can't actually see what's happening so that I can debug it.
04:42 hemebond I'm testing now.
04:43 hemebond Yes, you can debug by using the Jinja2 api.
04:43 bbrelin3 Are there some examples somewhere?
04:43 hemebond Google for "from jinja2 import Template"
04:44 fhh joined #salt
04:44 CustosLimen joined #salt
04:49 hemebond Okay, the `in` tests do work.
04:50 hemebond Show me your pillar top.sls
04:51 bbrelin3 paste.debian.net/915969
04:52 hemebond What if you do salt minion pillar.items
04:52 hemebond Does it show the pillar data correctly?
04:53 hemebond Or even salt \* pillar.items
04:53 hemebond (that indentation looks wrong, btw)
04:54 hemebond (but might just be the pastebin)
04:54 hemebond (might pay to double-check that last line.
04:54 bbrelin3 This is the debug output from the salt master  paste.debian.net/915970
04:54 hemebond Cool, looks fine.
04:55 hemebond But what about pillar.items?
04:56 bbrelin3 paste.debian.net/915971
04:56 hemebond Cool. Then the state should work.
04:57 hemebond Oh wait.
04:57 hemebond Sorry, you need to change your state back to a for loop.
04:57 hemebond Then your `in` string comparison should work.
04:57 hemebond Oh, I see the problem.
04:58 hemebond salt['pillar.get']('dev_systems')
04:58 hemebond There is no `system_envs` parent element.
04:59 cyborg-one joined #salt
04:59 bbrelin3 Sorry.  That must have been an old version. paste.debian.net/915972
05:00 hemebond You need to change back to the for loop.
05:00 hemebond I thought you were checking for `web` or `db` in a list, but you're actually doing substring comparisons.
05:00 mavhq joined #salt
05:00 hemebond And it will work if you fix your pillar.get path
05:00 bbrelin3 Right.
05:00 hemebond Removing the system_envs
05:02 bbrelin3 At the moment, I have the systems_envs:dev_systems in the pillar.get path.  Do I keep that?
05:02 hemebond No
05:02 hemebond Remove the system_envs:
05:02 bbrelin3 How does salt know where to look for dev_systems?
05:02 hemebond It's in the pillar.
05:02 scsinutz joined #salt
05:02 hemebond You've already applied via top.sls
05:02 bbrelin3 Ah, okay.
05:02 hemebond pillar.items shows you the structure of the compiled pillar data.
05:05 bbrelin3 paste.debian.net/915973
05:06 hemebond That's the same.
05:06 hemebond You need a FOR loop.
05:06 hemebond {%- for system in salt['pillar.get']('dev_systems') %}
05:06 hemebond Replace the `{% set` line with that.
05:08 bbrelin3 That's it!!!
05:08 bbrelin3 :-)
05:08 bbrelin3 :-)
05:08 bbrelin3 Thank you so much for your help!!!
05:08 bbrelin3 This has been driving me nuts
05:09 hemebond ????
05:10 hemebond Would have been sooner if I'd read the pillar properly.
05:12 bbrelin3 Dude, you're a rockstar...:-)
05:12 hemebond
05:12 jas02 joined #salt
05:19 bbrelin3 homebond:  Just out of curiosity, my top.sls file in my base directory and the one in my dev directory are identical.  (dev is a separate environment). How would I set up my base/top.sls file so that I only put the jinja code into the dev/top.sls?
05:20 bbrelin3 Or can I do that?
05:20 hemebond Just move the dev: entry to dev/top.sls
05:20 hemebond All top.sls files get merged together.
05:21 hemebond Each of my top.sls files only have an entry for that environment.
05:21 bbrelin3 So, do I even need a dev: entry in the base/top.sls?
05:21 bbrelin3 I'm assuming not/
05:21 bbrelin3 ?
05:22 hemebond Nope.
05:23 bbrelin3 got it.  Thanks.
05:25 flawi to continue from yesterday, has anyone here managed to use the orchestrate runner to reboot a set of nodes using grains targeting, and then using wait_for_events to wait for the nodes to reboot? example SLS at https://gist.github.com/Flaw/ad4ce011244c6eb4dc62a61c183e1b05
05:27 flawi yesterday we came up with a workaround using salt-mine, but it seems wrong that I'd have to configure the minions to publish information that the master already surely knows
05:31 __number5__ flawi: why do you need to wait for reboot?
05:31 flawi I need to install a piece of software that requires a reboot to start working, and I'd like to use that software later on in the orchestration run
05:33 DEger joined #salt
05:34 flawi (such is life with windows boxes)
05:34 __number5__ maybe using reactor will be better?
05:35 flawi I'll have to read about it, thanks
05:36 __number5__ so you can do things like: when minion start, ask them if they have the software installed, if not install and reboot, and yes, continue with your rest of states
05:36 flawi yeah, that sounds like it would work
05:37 __number5__ and check out custom event too https://docs.saltstack.com/en/getstarted/event/custom.html
05:39 flawi I will, thanks for the tips
05:42 baffle joined #salt
05:52 onlyanegg joined #salt
05:54 preludedrew joined #salt
06:02 iggy yeah, we use a mix of reactors and some custom code to do something similar
06:04 scsinutz joined #salt
06:12 icebal joined #salt
06:15 g3cko joined #salt
06:25 jas02 joined #salt
06:26 Straphka joined #salt
06:32 gladia2r joined #salt
06:37 zulutango joined #salt
06:43 candyman88 joined #salt
06:50 ravi_ Hi guys, I'm trying to generate yaml from sls using this command `salt '*' cp.get_template salt://path/to/template /dev/stdout`. But its throwing this error, "Passed invalid arguments: coercing to Unicode: need string or buffer, bool found."  Why its giving error. I'm using salt 2016.11.2 in ubuntu:14.04. Thanks
06:52 jimklo joined #salt
06:56 scristian joined #salt
07:01 jas02 joined #salt
07:05 scsinutz joined #salt
07:13 fracklen joined #salt
07:23 Straphka maybe you need to quote a True or False somewhere in your template?
07:41 Inveracity joined #salt
07:47 fracklen joined #salt
07:48 ashokrajar joined #salt
07:58 iggy ravi_: don't think that's going to work... what are you actually trying to do?
07:59 ReV013 joined #salt
07:59 fracklen joined #salt
08:00 edrocks joined #salt
08:03 felskrone joined #salt
08:04 ravi_ iggy: Actually I want lint my sls files.  So I want to generate yaml from sls, so I can use yaml linter.
08:04 ashokrajar joined #salt
08:06 scsinutz joined #salt
08:06 iggy the rendering will fail before you can lint the yaml
08:08 ravi_ How Can we generate yaml  and save it to file
08:10 iggy I mean, the act of rendering it is your best bet as far as "linting" goes
08:10 iggy do a show_highstate and it either renders or it doesn't
08:11 samodid joined #salt
08:12 ravi_ Ok, what's the best way to lint sls files?
08:12 gmoro joined #salt
08:13 iggy there is no way!
08:13 iggy it sucks
08:14 Hybrid joined #salt
08:18 ravi_ Ok.  Thanks
08:19 o1e9 joined #salt
08:25 dariusjs joined #salt
08:28 JohnnyRun joined #salt
08:28 netcho_ joined #salt
08:36 dariusjs joined #salt
08:44 netcho_ joined #salt
08:56 krymzon joined #salt
08:56 netcho_ joined #salt
08:59 mavhq joined #salt
09:00 Reverend i take it syncgrains only uses the _grains folder to sync up the custom stuff... and not read the entire highstate for grain changes ?
09:01 dariusjs joined #salt
09:01 ashokrajar joined #salt
09:03 mikecmpbll joined #salt
09:07 scsinutz joined #salt
09:11 zulutango joined #salt
09:13 s_kunk joined #salt
09:17 zulutango joined #salt
09:19 mage_ are external pillar loaded on the salt master? I mean if I'm writing an external_pillar should I propagate the file on all minions?
09:22 Mattch joined #salt
09:25 babilen mage_: Shouldn't be necessary
09:25 babilen Is it not working if you don't do it?
09:25 Neighbour mage_: Yes, No :)
09:26 mage_ babilen: I'm reading documentation ATM :)
09:26 babilen Neighbour: I was about to use the wonderful German "Jein" :)
09:26 Neighbour babilen: but he asked two questions :)
09:27 mage_ babilen: I want to do this in Saltstack: "take the output of cmd.run my.cmd from minion B and use it as pillar data for minion A"
09:27 mage_ I'm busy to template the installation of Icinga and the PKI part
09:27 Neighbour babilen: kudos for the colourful use of the German language though :)
09:28 mage_ so all the clients should get a "token" from the icinga master, which is obtained by running icinga pki ticket --cn host.name
09:28 Neighbour mage_: Then you'd either have to use the salt mine, or push a file from the minion back to the master
09:29 mage_ Neighbour: push a file ?
09:29 babilen mage_: Wouldn't the peer system allow you to do something like that? Look into the way the https://docs.saltstack.com/en/latest/ref/states/all/salt.states.x509.html is implemented
09:30 mage_ Neighbour: I don't see how pushing a file would help me ..?
09:30 achedeuzot joined #salt
09:30 mage_ I was tlaking about something like:
09:30 mage_ root@icinga:/usr/local/etc/icinga2 # icinga2 pki ticket --cn foo.lan
09:30 mage_ 3af5df87d6e87968a5ff512dd8c072f1e51f14f6
09:30 babilen In fact that module is a good example of how to use the mine for cert retrieval
09:30 mage_ mmh I'll take a look
09:30 babilen (or token or whatever)
09:31 mage_ babilen: so an external pillar is wrong ?
09:31 babilen I didn't say that
09:31 mage_ I was thinking about make a call to the Icinga master (whic is also a minion) from the Salt master and populate the other minions that should be monitored
09:32 mage_ but I'll take a look at the salt mine, maybe it's a better option
09:32 babilen Read up on the x509 module and state - It was my first association when you mentioned your usecase and I guess that you can copy some of its ideas/infrastructure
09:32 bbrelin3 joined #salt
09:32 babilen But, as always with salt: There are various ways to do it :)
09:32 bbrelin3 Hi all.
09:33 mage_ ok :)
09:33 bbrelin3 Quick question.  If I want to create a custom grain (just a static yaml file) in /etc/salt/grains, does it need a .sls extension?
09:34 mage_ babilen: https://github.com/saltstack/salt/blob/develop/salt/modules/x509.py this module ?
09:34 babilen yeah
09:35 jas02 joined #salt
09:35 bbrelin3 So, If I have a grain that looks like this:  paste.debian.net/915986, do I just store it as a file called 'roles' in /etc/salt/grains?
09:35 bbrelin3 Assuming that 'roles' is what I want to call my grain?
09:35 babilen Ah, grains and roles .. the unsolved bit in salt
09:35 babilen I should have a look around and figure out the best way to do that these days
09:36 bbrelin3 Well, I'm just using roles as an example...
09:36 bbrelin3 Really, I want to make sure that I'm understanding the way to do this.
09:36 bbrelin3 I've tried doing a saltutil.sync_all, and then a salt grains.ls but I'm not seeing the 'roles' grain in the list.
09:37 babilen Yeah, sorry .. I didn't mean to derail your question. It's just that grains are, in my opinion, not a great choice for storing minion specific data and are only commonly used for "roles" (and similar use cases) as there is no proper alternative
09:37 mage_ babilen: https://github.com/saltstack/salt/blob/develop/salt/states/x509.py#L87-L93 found it .. :)
09:37 dariusjs joined #salt
09:37 babilen mage_: Yeah
09:38 bbrelin3 Well, I could call the data 'foo'.  :-)
09:38 bbrelin3 It's not that I'm using roles here.
09:38 bbrelin3 But for some reason, salt isn't picking up the grain.
09:39 jas02 joined #salt
09:39 babilen bbrelin3: Sure, but that holds true for "datacentre" and whatnot .. If you use grains for that you are then facing the problem of managing grains and you are back at square one. Pillars would be perfect, but you obviously want to target pillar data based on those data also which rules out "normal" pillars
09:39 darioleidi joined #salt
09:40 mage_ "The Salt Mine is used to collect arbitrary data from Minions and store it on the Master."
09:40 mage_ mmh I should do the opposite
09:40 bbrelin3 babilen:  It's not the grain data at this point that I care about, I just want to be able to create a grain in /etc/salt/grains and have it picked up when I do a sync_all.
09:40 hemebond bbrelin3: Don't forget to update your thread on salt-users.
09:40 bbrelin3 I just want to understand that I'm doing it the right way.
09:41 bbrelin3 homebond:  How do I do that?
09:41 babilen bbrelin3: So you have a /etc/salt/grains file on the minion with the content you pasted, you restarted the minion (or synced grains) and it is not reporting that data?
09:41 teclator joined #salt
09:41 bbrelin3 babilen: That's right
09:41 hemebond Just reply to say the issue was with your pillar. Maybe post the fixed state (if you pasted it in the thread).
09:41 bbrelin3 homebond:  Will do that today.
09:41 bbrelin3 Thanks
09:42 babilen bbrelin3: I'd say that you've done the right thing and that it should™ work -- Anything in the (debug) logs about it when you start the minion?
09:42 bbrelin3 I'll check.
09:43 babilen So: What is a sensible (and secure!!!) way of assigning 'roles' to minions these days? Do we finally have a way to do this?
09:43 hemebond top.sls
09:44 babilen hemebond: I'm afraid I don't quite follow
09:44 hemebond I just use top.sls to assign "roles" to minions.
09:44 babilen How so?
09:44 hemebond Just... put the states in that you want applied.
09:45 redmage12 joined #salt
09:45 hemebond Actually... I suppose my minion names are the roles.
09:45 babilen Right - And target them based on the minion id, core grain value, ...
09:45 hemebond I don't use grains for targeting.
09:45 babilen And you exploit a naming scheme to group minions
09:45 hemebond Yup.
09:45 babilen Yeah
09:46 babilen I do the same, but I like a more dynamic approach that doesn't rely on a specific naming scheme and am facing the old "grains are shite" dilemma again
09:46 babilen Might look into external pillars like pillarstack again
09:46 babilen (as I also want to target pillar data)
09:48 babilen brb (ENOCOFFEE)
09:48 hemebond There's really no secure way to target with grains so you kind of end up with a list of minions, each with a list of roles.
09:48 babilen Exactly
09:49 babilen I don't mind maintaining a role <-> id mapping somewhere, but grains are just the wrong place (insecure, distributed, ...)
09:56 redmage12 Hmm...puzzling.  Doing a grains.item roles just returns an empty grain.
09:56 redmage12 There's no errors in the debug logs.
09:59 mage_ any idea for [WARNING ] Key 'ext_pillar' with value {u'\u2014\u200aicinga_ticket_pillar': True} has an invalid type of dict, a list is required for this value
09:59 mage_ ?
09:59 hemebond mage_: Is it a dict?
09:59 mage_ yes, I have:
09:59 mage_ 641 ext_pillar:
09:59 mage_ 642     — icinga_ticket_pillar: True
10:00 DanyC joined #salt
10:00 hemebond Well it wants a list.
10:00 mage_ I followed the documentation https://docs.saltstack.com/en/latest/topics/development/external_pillars.html
10:01 mage_ I just have a single return {'FOOOOOO' : minion_id} in my ext_pillar function (to test)
10:01 hemebond Which part of the docs?
10:01 xet7 joined #salt
10:01 hemebond Your paste doesn't match the example at the top (under Configuration)
10:02 mage_ mmh ? :)
10:03 hemebond You are trying to use a list like `example_b` but also a dict like `example_c`
10:03 hemebond You need to use one or the other.
10:04 mage_ I don't get it, I have
10:04 mage_ ext_pillar:
10:04 mage_ — icinga_ticket_pillar: True
10:04 mage_ which is example_a, no ?
10:04 hemebond Oh so it is.
10:04 mage_ oh maybe it's the kwargs in my ext_pillar fucntion
10:05 hemebond Well, that's the extent of my ext_pillar knowledge :-D
10:07 scsinutz joined #salt
10:08 AndreasLutro mage_: you have a non-breaking space or other weird character after you -
10:08 AndreasLutro your*
10:09 babilen The — should be -
10:10 mage_ argh.. that whas that (:
10:10 mage_ thanks :)
10:10 * hemebond assumed that was just a paste artifact
10:10 Norrland (=
10:10 mage_ ok it works :) sorry for the noise
10:12 ruxu joined #salt
10:17 TyrfingMjolnir joined #salt
10:19 saintpablo joined #salt
10:26 ashokrajar joined #salt
10:26 N-Mi_ joined #salt
10:27 ravenx joined #salt
10:28 ivanjaros joined #salt
10:29 mage_ ext_pillar is loaded at then end, right ?
10:30 mage_ so any idea why in my ext_pillar() function I can't use __salt__['pillar.get']('some:key') ?
10:30 tharkun joined #salt
10:32 mage_ ah... I guess it's because it runs on the master
10:32 babilen mage_: Take a look at https://docs.saltstack.com/en/latest/topics/development/dunder_dictionaries.html
10:32 babilen And you also can't reference the normal pillar in there
10:32 degorenko joined #salt
10:32 mage_ mmh
10:33 madboxs joined #salt
10:33 mage_ ok so https://gist.github.com/silenius/41732347bc4fd73bdfe95c2ee255b9dd will never work
10:38 DanyC_ joined #salt
10:39 redmage1 joined #salt
10:39 babilen Indeed
10:40 mage_ complicated :)
10:41 mage_ so maybe I should populate the Mine with the icinga master host (on each minion), and retrieve it in my ext_pillar
10:42 bbrelin3 joined #salt
10:45 degorenko joined #salt
10:46 NV joined #salt
10:51 mage_ so I've added this on my minion https://gist.github.com/silenius/e61a05483cc8cf8b30cd04678dc33a1a
10:52 mage_ does it looks ok ?
10:53 hemebond Why would you do that?
10:54 hemebond You can already access the pillars whenever you want. Why do you want to use the Mine to get it?
10:54 madboxs joined #salt
10:54 mage_ hemebond: because I'd like to use it in an ext_pillar
10:55 mage_ __salt__['pillar.get'] in an ext_pillar is run on the master, so I can't access any minion pillar data
10:57 mage_ does it sounds weird?
10:57 hemebond It does. But I don't use ext_pillar so I don't know what you're doing.
11:00 mage_ for each minion I'm trying to retrieve the icinga master node (from pillar icinga:client:master) to be able to use it in an ext_pillar
11:01 mage_ so that in my ext_pillar I can run a command "icinga2 pki ticket --cn minion_id" on this icinga master node and retrieve a token
11:02 edrocks joined #salt
11:03 hlub what is that "range cluster" mentioned the docs of compound matchers?
11:03 mage_ mmh but maybe I could simple use a mine function on the icinga master with all the minion
11:03 hlub cant find any explanation for that.
11:04 mage_ is the Salt mine "secure"? I mean is there a way to say "only minion foo and bar are able to access it" ?
11:06 hlub mage_: no, afaik
11:06 hlub mage_: but when using public/private keys, you can use mine to distributre public keys efficiently.
11:08 ravenx after launching the job and using --show-jid
11:08 ravenx is there anyway of using salt, or salt-run command to check the current status
11:08 ravenx like what it's currently executing?
11:08 scsinutz joined #salt
11:09 hlub ravenx: I think that id does not automatically fire events for any intermediate states of a job.
11:09 hlub and that would be necessary to retrieve such info.
11:10 ravenx ah i see
11:10 ravenx so from what i notice it's either an all or nothing for salt
11:10 ravenx either it goes (with the jid) all the steps in my formula at once
11:10 ravenx and it finishes, and returns a yes/no
11:10 evle1 joined #salt
11:10 ravenx is my understandign correct?
11:11 inad922 joined #salt
11:11 dps joined #salt
11:12 hlub if you run highstate for instance, it returns a lot of information about the run states but that data is available only after the whole highstate is executed.
11:13 ravenx i see
11:13 ravenx i am running it via state.apply tho
11:14 hlub ravenx: have you read this: https://docs.saltstack.com/en/latest/ref/runners/all/salt.runners.jobs.html
11:15 ravenx of course i haven't :D
11:15 madboxs joined #salt
11:15 fracklen joined #salt
11:16 ravenx well okay, it does list jobs
11:16 ravenx but i suppose what i'm looking for is incremental output @ each stage
11:16 ravenx i would like to know where in my formula it is at a given time.
11:17 hlub that is implicitly impossible as I pointed out earlier. of course you can fire your own events within your formula to inform about some specific points of exectuion.
11:17 ravenx oh, i can?
11:18 hlub https://docs.saltstack.com/en/latest/ref/states/all/salt.states.event.html
11:21 ravenx WHOA
11:21 ravenx this. may. be. game. changing.
11:21 redmage12 joined #salt
11:24 fracklen joined #salt
11:25 ravenx wait, this doesn't print on stdout
11:25 ravenx i'm trying to understand this, it gets sent to the master
11:25 ravenx ....and then i imagine i have to poll something?
11:30 Xk joined #salt
11:32 toanju joined #salt
11:33 mage_ in fact I could also use the cache.pillar runner in my ext_pillar function, rather than the mine
11:34 hlub ravenx: if you wish to execute something on master when an event fires, then use reactors. If you just want to see what events are being fired, use salt-run state.event pretty=True
11:35 ravenx aaah i see
11:35 ravenx beautiful.  i am now writing a reactor :)
11:36 madboxs joined #salt
11:38 mage_ is there a runner to run a function on a minion ?
11:39 mritchie joined #salt
11:41 ravenx FROM the minion?
11:41 mage_ no, I'd like to execute a cmd.run on minion "foo" from an ext_pillar function, so it's run on the master
11:42 mage_ found it, saltutil.cmd :p
11:47 ravenx hmmm reactor is not picking up my events.
11:47 ravenx i will deal with it after lunch
11:52 X-K joined #salt
11:56 andris987654321 joined #salt
11:57 andris987654321 hey
11:57 andris987654321 join #13A pasw 123
11:57 andris987654321 lets troll
11:57 andris987654321 left #salt
11:57 mritchie joined #salt
12:01 mage_ babilen: following work perfectly https://gist.github.com/silenius/b551d9f94f601be1a425282eed80ac7f
12:01 mage_ what do you think ?
12:04 fracklen joined #salt
12:06 mage_ and maybe I could skip the mine.get part with the cache.pillar runner
12:08 _JZ_ joined #salt
12:09 scsinutz joined #salt
12:09 mikecmpbll joined #salt
12:12 lasseknudsen joined #salt
12:12 Guest23454 joined #salt
12:15 onlyanegg joined #salt
12:15 delpanto93 joined #salt
12:17 Guest23454 left #salt
12:17 sagerdearia joined #salt
12:20 netcho_ joined #salt
12:30 Kelsar joined #salt
12:36 Kelsar joined #salt
12:39 fracklen joined #salt
12:40 cryptolukas joined #salt
12:41 cryptolukas Why don't work this if clause in my state.sls? https://gist.github.com/LukasDoe/f7df65e950d30845eb4b1e72c0ab4883
12:42 cryptolukas How can I fix it :D
12:43 Rumbles joined #salt
12:46 babilen cryptolukas: Probably because  if grains['virtual'] == 'kvm' is false
12:47 babilen (in which case you want an empty list)
12:47 babilen In fact, why don't you wrap the entire state ?
12:47 cryptolukas why empty list?
12:49 cryptolukas My Goal.. I use only virtualized servers. lxc and kvm. This state doesn't work on lxc because, containers haven't a system locale. So I want that this state will only executed with a kvm system.
12:49 babilen Because you end in a colon
12:49 babilen You could target this state by 'virtual' grain rather than to all boxes
12:50 babilen (or wrap the entire state in the conditional)
12:50 babilen I'd probably just go for the targeting approach in top.sls
12:51 redmage1 joined #salt
12:51 cryptolukas its only one def.
12:52 cryptolukas Which colon it's critical for salt?
12:52 babilen Line 4, end
12:53 babilen How many states do you require before a SLS qualifies for inclusion in top.sls ?
12:53 babilen How do you target State.sls now?
12:54 cryptolukas fill minion_id and spefici states no wildcards atm
12:54 sfxandy joined #salt
12:55 cryptolukas ahh yes i understand. i am so stupid.
12:55 cryptolukas i wraped the state in the whole condition. surprise. it works xD
12:56 babilen You only want it on minions with grains['virtual'] == 'kvm' .. I'd really just solve that with targeting
12:56 babilen (rather than targeting it to every minion and including logic if it should really have been targeted)
12:57 cryptolukas how would you target this?
12:57 madboxs joined #salt
12:57 babilen "'G@virtual:kvm': - match: compound" for example
12:58 babilen https://docs.saltstack.com/en/latest/topics/targeting/compound.html
12:58 mritchie joined #salt
12:59 cryptolukas its a good idea to change it!
13:00 babilen Yes, that's why I suggested it
13:00 sfxandy hi everyone.  question regarding Salt (and I guess Python in general) and what SSL key/trust stores it uses by default.  does anyone know by default where Salt will look for its key and trust stores.  my first stab was at /etc/ssl/certs/ca-bundle.trust.crt but not certain thats the right place
13:02 sfxandy am getting an error...[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed
13:02 sfxandy before anyone says, skipping verirication isnt an option
13:10 scsinutz joined #salt
13:13 ravenx i can send an event to myself, but for some reason, reactor is not running my file.sls
13:14 ravenx do i need to include its path in the file_roots
13:14 ravenx i have passed the absolute path in the config file though.
13:18 edrocks joined #salt
13:18 numkem joined #salt
13:18 Tanta joined #salt
13:21 netcho_ joined #salt
13:26 numkem joined #salt
13:30 netcho_ joined #salt
13:34 ravenx oh so reactor.state.sls files are slightly different.
13:34 ravenx now i see.
13:38 dendazen joined #salt
13:39 mritchie joined #salt
13:39 madboxs joined #salt
13:44 entil joined #salt
13:44 entil hi guys! I'd need to have HOME set when running states on minions, that is, currently the minion's salt process doesn't have a $HOME
13:44 entil how would I go about enabling that?
13:45 entil or hacking something together to make it work
13:45 ssplatt joined #salt
13:53 XenophonF entil: which operating system are you using that you need this?
13:53 XenophonF and what operations are you performing that need this?
13:54 entil XenophonF: pkg.installed with etckeeper installed; without $HOME, etckeeper's git backend can't find the user.name and user.email settings, causing an invalid exit
13:54 entil XenophonF: the installation is ubuntu 14.04lts
13:54 XenophonF well, damn, i was hoping for something easy ;)
13:55 XenophonF does ubuntu 14.04 use upstart or systemd? i can't remember
13:55 entil it's been a while since I last used salt, but I'm sure I had this working years ago
13:55 rylnd i am trying to use "client.cmd('G@role:dc and G@pod:podname', 'test.ping', timeout=5, expr_form='compound')" in a custom runner, but i always get 'no minions matched the target'. it works fine when i run salt -C on the command line. can anyone point me into the right direction?
13:55 entil XenophonF: a bit of both, upstart and systemd-services is installed, is that relevant?
13:56 XenophonF might be - maybe we can tell the init program to set up the user's environment ahead of running salt-minion
13:56 Dev0n hey, any know if it's possible to pass in logdriver params to the dockerng state?
13:56 Dev0n doesn't seem to be listed here: https://docs.saltstack.com/en/2016.3/ref/states/all/salt.states.dockerng.html#salt.states.dockerng.running
13:57 entil XenophonF: ok, I was thinking of an approach that pkg.installed would know about the environment or something
13:57 LondonAppDev joined #salt
13:58 entil I actually have no idea how to pull any of this off, though
13:59 XenophonF well it's a kludge but I'd start with modifying the systemd unit file for salt-minion
13:59 XenophonF add something like `Environment="HOME=/root"`
13:59 XenophonF https://www.freedesktop.org/software/systemd/man/systemd.exec.html
14:00 XenophonF i'm not a systemd expert but that's where i'd start
14:00 XenophonF but let's take a look at the etckeeper code in salt
14:00 XenophonF maybe this is a bug?
14:01 izibi are there any tools for distributing and renewing shared secrets between services?
14:01 entil there actually isn't any etckeeper code in salt, it's installed in the bootstrap phase, when the vm is provisioned
14:02 brousch__ joined #salt
14:03 XenophonF so how does this all work, entil?
14:03 XenophonF walk me through it
14:03 entil XenophonF: when the vm is provisioned, cloud-init installs git and etckeeper, does mojo to have etckeeper use git (instead of bazaar) and configure a username and email for root
14:03 entil XenophonF: this ties into dpkg so when packages are installed, the confs are automatically commited
14:04 XenophonF that's pretty cool
14:04 entil XenophonF: when salt applies pkg.installed, it calls dpkg, but the environment doesn't have $HOME so no git config is found -> BOOM
14:04 XenophonF so when apt/dpkg get called later...
14:04 entil but!
14:04 entil <3
14:04 entil I just realized if I add /etc/.git/config
14:04 entil then it can find the user, there's no real reason for it to be global
14:05 XenophonF oh well that sounds a lot better than anything i've told you to try!
14:05 entil and I ran a preliminary experiment here on the side and it appears to work :>
14:05 raspado joined #salt
14:05 XenophonF brb
14:05 entil yeah, I forget about this stuff, I haven't done devops-y things in almost five years
14:05 entil hell, I can't even apply a highstate, the whole thing is entirely broken unless I name the state I want to apply
14:05 entil though that's literally tutorial part 1
14:11 scsinutz joined #salt
14:12 dxiri joined #salt
14:14 XenophonF is .git/config saved in the repo, so that cloning it later restores it?
14:17 XenophonF izibi: i generate shared secrets myself and distribute them to minions via pillar data
14:18 XenophonF in theory you could use some combo of orchestration + salt mine to generate them on a minion and re-distribute them to other minions
14:19 XenophonF i don't (yet) use orchestration or salt mine, myself
14:19 XenophonF it's on my list of things to learn in my Copious Free Time(tm)
14:20 fracklen joined #salt
14:22 inre joined #salt
14:23 mbologna joined #salt
14:23 entil XenophonF: the config itself is not tracked in the repo, as it's repo configuration
14:23 entil XenophonF: but this is ok, I started working on the highstate thing, and I got the config done just fine
14:28 sgo_ joined #salt
14:29 entil XenophonF: the main thing is to ensure that top.sls places the config in there before any pkg.installed can be applied
14:29 izibi XenophonF: yeah, I use pillars at the moment, but I'd like to have fully automatic rollover of these secrets
14:30 XenophonF izibi: i've considered something like that, but using sdb or vault for secret storage, plus a separate secret manager
14:31 XenophonF the manager handles key rollover events, updates sdb/vault, and then signals the master via the salt message bus
14:31 XenophonF with reactor handling the response
14:31 XenophonF or at least that's the design
14:31 XenophonF i don't trust my minions enough to let them do it
14:31 XenophonF what if one gets hacked?
14:32 izibi trust them to do what exactly?
14:33 XenophonF to manage keymat
14:33 fracklen joined #salt
14:33 XenophonF maybe it's my paranoia talking but i don't trust on minion to generate keying material that will be used by another
14:34 XenophonF s/on minion/one minion/
14:36 inre joined #salt
14:36 netcho joined #salt
14:36 fracklen_ joined #salt
14:49 abednarik joined #salt
14:49 abednarik joined #salt
14:53 redmage12 joined #salt
14:53 nickabbey joined #salt
14:54 LondonAppDev joined #salt
14:55 mage_ any comment on this https://gist.github.com/silenius/b0982076c21931ded660f12e5d033dfb ?
14:56 mage_ can I use __salt__['saltutil.cmd']( ... ) in an external pillar like I did ?
14:56 numkem joined #salt
14:56 cmarzullo I dunno. Pillar being compiled on the master makes me think you'll get the master's grains.
14:56 cmarzullo but I dunno
14:57 fracklen joined #salt
14:57 mage_ __salt__['saltutil.cmd'](..., 'pillar.get') != __salt__['pillar.get']
14:57 ponyofdeath joined #salt
15:00 mpanetta joined #salt
15:04 mpanetta joined #salt
15:04 Reverend where are ext pillars added for minions?
15:05 Reverend my master is going bonkers about something but i canneh see it
15:10 dxiri joined #salt
15:10 mage_ I don't understand the "Assuming this minion is a master, execute a salt command" for the saltutil.cmd
15:11 scsinutz joined #salt
15:12 cmarzullo Reverend: external pillar is done on the master.
15:12 Reverend i found it :D turns out it was ebcause I renamed my minion
15:12 Reverend derp
15:12 Reverend thanks anyway cmarzullo
15:12 cmarzullo hehe
15:14 jas02 joined #salt
15:25 LondonAppDev joined #salt
15:30 mage_ I love Salt but the documentation is really poor sometimes ... :(
15:32 impi joined #salt
15:33 ravenx ?!
15:34 ravenx i found salt to be one of the better ones
15:34 babilen "better" doesn't necessarily mean "good", but I agree .. comprehensive documentation
15:36 mage_ I don't understand why this doesn't work https://gist.github.com/silenius/b0982076c21931ded660f12e5d033dfb
15:36 mage_ it looks like the problem is line 22-26
15:37 mage_ should I clear some cache when I update an ext_pillar function ?
15:38 mage_ refresh_pillar works, but then pillar.items just "hangs"
15:42 sarcasticadmin joined #salt
15:44 dps_ joined #salt
15:45 madboxs joined #salt
15:46 mage_ any idea how to debug this 2017-02-21 16:45:41,832 [salt.pillar                                                ][CRITICAL][67594] Pillar render error: Failed to load ext_pillar icinga_ticket_pillar: 'backup.lan'
15:50 tiwula joined #salt
15:56 candyman88 joined #salt
15:57 mage_ ok I'll forget ext_pillar.. it doesn't work at all
15:57 muxdaemon joined #salt
16:00 fracklen joined #salt
16:01 madboxs joined #salt
16:04 debian112 joined #salt
16:04 racooper joined #salt
16:05 CrummyGummy joined #salt
16:08 armyriad joined #salt
16:08 kojiro joined #salt
16:11 nickabbey joined #salt
16:12 scsinutz joined #salt
16:13 WesleyTech_ joined #salt
16:14 cmarzullo mage_: to backup.
16:15 cmarzullo you are trying to query incinga for stuf ya? why not just query it directly?
16:15 cmarzullo from your external pillar
16:15 cmarzullo lemme look at your gist again.
16:15 jimklo joined #salt
16:15 cmarzullo In a nut shell what is that gist supposed to do?
16:16 cmarzullo give you a token?
16:17 hexa- I want to expose prometheus exporters through grains and the mine as a list, however I don't quite understand how to handle a list in grains
16:17 madboxs joined #salt
16:17 cmarzullo you should just be able to query the icinga api directly and get your pki token.
16:17 hexa- if I want to add an element to the list it must already exist, where would be the place to create the list?
16:17 wnkz joined #salt
16:24 cmarzullo dunno hexa- I usally avoid grains.
16:24 cmarzullo and I'm scared of the mine.
16:24 hexa- hehe
16:24 hexa- it's the only sane way to share host information between hosts
16:25 cmarzullo I've been more comfortable using external pillar
16:25 hexa- each host exposes what it needs to have monitored and the monitoring can properly iterate over all these things and reconfigure itself
16:25 cmarzullo with the mine if you lose themessage bus. you lose all the values in the mine. Which may take some time to repopulate
16:26 cmarzullo (as I understand it)
16:26 cmarzullo In your case, if you lose the mine. your montiring system will drop all the things. and you'll be monitoring nothing until the mine repopulates.
16:26 nickabbey joined #salt
16:26 cmarzullo that's too scary for me.
16:27 cmarzullo I have systems check into an inventory system. Then the monitoring system checks the inventory system.
16:31 WesleyTech__ joined #salt
16:31 cmarzullo Better yet would be to have the systems being monitored contact your monitoring api and enroll themselves directly.
16:32 swills joined #salt
16:33 Rumbles joined #salt
16:35 Heartsbane joined #salt
16:35 Heartsbane joined #salt
16:35 hasues joined #salt
16:37 brd with Jinja is it possible to nest variables?
16:40 X-K Hi, quick question about doc : https://docs.saltstack.com/en/latest/topics/eauth/index.html#usage. It is not clear if you can do the same using CLI for runner/job/wheel or if the @runner (for example) in external_auth make it available only in salt-api
16:41 seanz joined #salt
16:43 cyborg-one joined #salt
16:45 Cottser joined #salt
16:47 kojiro Hi, I'm trying to get to the bottom of a weirdness. When I run any salt-ssh command, it takes about 10 seconds just to get started. time salt-ssh --help > /dev/null outputs "real 0m10.412s". If I create a new virtualenv and install salt-ssh in it, it takes 0m0.309s.
16:47 kojiro I tried deleting Saltfile and config, but it didn't change anything
16:47 cmarzullo DNS?
16:47 kojiro for --help?
16:47 cmarzullo ok you got me there :)
16:48 cmarzullo real  0m0.881s
16:48 cmarzullo on my prod box
16:48 brd still might be doing a dns lookup
16:49 kojiro brd: can you suggest a syscall to look for, in particular?
16:49 kojiro this is on os x and I'm trying to learn how to use dtruss, but it isn't the strace I'm used to
16:49 brd hmm, it might be gethostbyname, but not sure
16:50 cmarzullo was about to suggest strace.
16:50 brd kojiro: tcpdump might be better..
16:50 honestly will almost certainly do a dns-lookup if run under sudo
16:50 kojiro a dns lookup for what?
16:51 cmarzullo #macoslyfe
16:51 cmarzullo I've only run salt in a virtual env on mac.
16:55 djgerm joined #salt
16:55 kojiro dtruss only records about 497ms of stuff happening, total
16:56 kojiro but the operation (sudo dtruss salt-ssh --help) took 16 real seconds
16:57 samodid joined #salt
16:59 cmarzullo have your tried running as root. and not through sudo?
17:03 honestly Definitely sounds like a dns lookup
17:03 honestly Sudo looks up the machine's hostname
17:04 honestly Because sudo can be configured based on hostname
17:04 scsinutz joined #salt
17:04 honestly If that times out you'll see delays
17:10 mikecmpbll joined #salt
17:12 ivanjaros joined #salt
17:13 sgo_ joined #salt
17:18 relidy joined #salt
17:18 jrklein joined #salt
17:19 hasues left #salt
17:23 abednarik joined #salt
17:29 edrocks joined #salt
17:33 kojiro joined #salt
17:41 NeoXiD joined #salt
17:44 swills joined #salt
17:47 gmoro joined #salt
17:48 gmoro joined #salt
17:55 raspado joined #salt
17:59 nickabbey joined #salt
18:05 mikecmpbll joined #salt
18:08 Praematura joined #salt
18:11 sdemura joined #salt
18:11 sdemura I've been using salt-cloud w/ vmware for months, but today I'm getting this message. Any ideas?: "The vCenter Server is unable to decrypt passwords stored in the customization specification"
18:11 sdemura ^ no configuration changes in salt or vsphere
18:17 cryptolukas joined #salt
18:18 SaucyElf joined #salt
18:22 dyasny joined #salt
18:23 muxdaemon joined #salt
18:26 djgerm did you vcenter user password expire?
18:27 juntalis joined #salt
18:27 Patrick_ joined #salt
18:27 Patrick_ Hey, I am new to SaltStack and I need help with a state.
18:28 Aleks3Y joined #salt
18:28 sdemura @djgerm -- figured out my problem. Password didn't change but apparently I need "plain_text: true" in my windows profiles. Haven't needed it before. Docs don't say when the feature was added. though
18:30 mavhq joined #salt
18:31 nl joined #salt
18:31 djgerm Well that sounds scary. Glad you found it!
18:33 madboxs joined #salt
18:35 cmarzullo Patrick_: just ask
18:38 nickabbey joined #salt
18:38 jas02 joined #salt
18:43 jas02 joined #salt
18:44 systeem joined #salt
18:46 madboxs joined #salt
18:47 SaucyElf joined #salt
18:48 DammitJim joined #salt
18:51 Rumbles joined #salt
18:58 DammitJim silly question
18:58 madboxs joined #salt
18:58 DammitJim how do I use a regular expression to find a line like this: /dev/fd0        /media/floppy0  auto    rw,user,noauto,exec,utf8 0       0
18:58 DammitJim I'm trying to comment it out using file.comment
19:01 SaucyElf joined #salt
19:03 edrocks joined #salt
19:05 DammitJim joined #salt
19:07 s_kunk joined #salt
19:11 madboxs joined #salt
19:13 honestly DammitJim: well how specific does it need to be?
19:14 DammitJim not very.... probably just fd0
19:14 cmarzullo he gone
19:14 honestly cmarzullo: you wrong
19:14 honestly DammitJim: how familiar are you with regular expressions?
19:14 cmarzullo doh! saw the quit but not the rejoin
19:14 DammitJim some
19:15 honestly well so
19:15 st8less joined #salt
19:15 DammitJim just confused about how salt needs it specified in the regex line of the state
19:15 honestly I'd just put '^/dev/fd0'
19:15 brd the leading ^ is not needed
19:15 whiteinge_ X-K: salt-run has a `-a` flag to use eauth at the CLI
19:16 honestly brd: the documentation disagrees with you
19:16 honestly brd: https://docs.saltstack.com/en/latest/ref/states/all/salt.states.file.html#salt.states.file.comment
19:17 brd honestly: oh, for uncomment it is removed
19:18 DammitJim WHAT????
19:18 cscf To make it easier to flip between comment and uncomment
19:19 cscf you wouldn't normally want to uncomment the line starting with a non-comment character, that wouldn't really make sense
19:20 DammitJim so, if I wanted to match /dev/fd0 <more stuff>
19:20 DammitJim regex: ^\/dev\/fd0.+
19:21 DammitJim would that do it?
19:21 cscf not sure about .+ there
19:21 DammitJim what is the equivalent of * wildcard for as many characters
19:22 cacasmacas joined #salt
19:23 cscf I think it will match the substring if you just leave it out, but not sure in this case
19:23 oaken_chris joined #salt
19:23 honestly you don't need that DammitJim
19:23 madboxs joined #salt
19:23 DammitJim ugh
19:24 honestly also I don't think you need to escape the /
19:24 DammitJim I need the $ for the end?
19:24 honestly you don't
19:25 DammitJim TypeError: unsupported operand type(s) for +: 'NoneType' and 'str'
19:25 DammitJim regex: ^/dev
19:26 cscf DammitJim, put the regex in quotes ' '
19:26 tapoxi joined #salt
19:26 cscf Always quote strings, especially with special characters
19:26 cyborg-one joined #salt
19:27 honestly what's wrong with what I originally suggested? xD
19:27 honestly '^/dev/fd0'
19:27 scsinutz joined #salt
19:30 DammitJim - regex: '^/dev'
19:30 DammitJim gives me that error: TypeError: unsupported operand type(s) for +: 'NoneType' and 'str'
19:31 honestly either you did something else very wrong, or this is salt wonkiness
19:31 tapoxi possible to set ip via salt-cloud ec2?
19:32 DammitJim honestly, like what?
19:32 honestly show the whole state
19:33 DammitJim http://pastebin.com/9XE312QL
19:34 honestly get rid of the char
19:34 honestly yeah
19:34 honestly that's the problem here
19:34 DammitJim what???
19:34 honestly line four in the paste.
19:34 honestly get rid of it.
19:34 DammitJim are you serious? it says it in the docs!
19:34 DammitJim I though...
19:34 honestly the char is already # by default
19:35 honestly but # is also the comment character for yaml
19:35 honestly so what you did was specify null for char
19:35 honestly leading to the error
19:35 DammitJim oh
19:35 DammitJim dammit
19:35 DammitJim thanks!
19:35 DammitJim brb
19:36 sjorge joined #salt
19:36 sjorge joined #salt
19:37 onlyanegg joined #salt
19:41 Renich joined #salt
19:49 edrocks joined #salt
19:50 gableroux joined #salt
19:51 Guest79771 joined #salt
19:52 gableroux joined #salt
19:56 oida joined #salt
19:56 inad922 joined #salt
19:59 tkojames joined #salt
20:04 icebal_ joined #salt
20:09 DammitJim joined #salt
20:11 Guest79771 joined #salt
20:16 Guest79771 joined #salt
20:17 Trauma joined #salt
20:21 Guest79771 joined #salt
20:26 Guest79771 joined #salt
20:27 scsinutz joined #salt
20:30 ChubYann joined #salt
20:31 abednarik joined #salt
20:37 madboxs joined #salt
20:39 snergster joined #salt
20:47 jhauser joined #salt
20:50 _JZ_ joined #salt
21:03 tkojames_ joined #salt
21:04 dxiri joined #salt
21:09 nZac joined #salt
21:14 seanz joined #salt
21:19 debian_ joined #salt
21:23 TheoSLC joined #salt
21:24 debian_ joined #salt
21:27 fracklen joined #salt
21:27 sagerdearia joined #salt
21:30 tkojames_ joined #salt
21:32 joe__ joined #salt
21:37 nZac_ joined #salt
21:38 madboxs joined #salt
21:38 Edgan joined #salt
21:48 madboxs joined #salt
21:52 oaken_chris joined #salt
21:56 noob_ joined #salt
21:57 shalkie joined #salt
21:58 raspado joined #salt
21:58 madboxs joined #salt
22:02 mikecmpbll joined #salt
22:04 aarontc joined #salt
22:04 Kelsar joined #salt
22:05 mswart joined #salt
22:05 fracklen joined #salt
22:05 swa_work joined #salt
22:06 DammitJim what is the best way to pass mysql credentials to do something in mysql on a minion?
22:07 DammitJim for example, I need to create a user
22:08 whytewolf well if it is a quick thing the module supports just passing in creds. other wise i perfer pillar settings
22:08 manji DammitJim, if you are on debian
22:08 madboxs joined #salt
22:09 manji create /etc/salt/minion.d/mysql.conf
22:09 manji and put         mysql.default_file: /etc/mysql/debian.cnf
22:09 DammitJim whytewolf, set the stuff on pillar to pass that through the state, right?
22:09 manji it will use the debian maintenance user to create users and stuff
22:09 whytewolf manji: don't need to edit minion config files for mysql settings.
22:09 DammitJim interesting
22:09 whytewolf mysql module uses config.get
22:10 whytewolf mysql.default_file: /etc/mysql/debian.cnf in a pillar on the minion does the same thing and saves the minion restart
22:10 DammitJim mysql. state also, whytewolf ?
22:10 whytewolf DammitJim: mysql state uses the mysql module
22:10 manji whytewolf, that is interesting
22:11 DammitJim duh for me
22:11 DammitJim so, the credentials go in pillar... plain text, right?
22:11 whytewolf yes
22:12 manji DammitJim, well if you can have this mysql.default_file: /etc/mysql/debian.cnf
22:12 manji as pillar data
22:12 manji you save yourself from that
22:12 DammitJim manji, mysql-server 5.7 screwed up some stuff
22:12 DammitJim I don't know if I can go that route
22:12 whytewolf yeah if your debian defintly use the debian mant creds [which is what that file is]
22:12 DammitJim looking into pillar with creds
22:13 DammitJim it's Ubuntu... same as Debian in this case?
22:13 whytewolf yes
22:13 manji yes
22:13 fracklen joined #salt
22:13 manji unless cannonical decided to rediscover the wheel or something
22:13 DammitJim hold on
22:13 DammitJim so, I need to do a file.managed of  /etc/salt/minion.d/mysql.conf
22:14 whytewolf DammitJim: no
22:14 DammitJim push that file to the minion?
22:14 manji DammitJim, as whytewolf said, it will require a minion restart
22:14 DammitJim I'm fine with the minion restart
22:14 DammitJim but how do I manage this from salt?
22:14 DammitJim do I push something to the minion?
22:14 manji file.managed:
22:15 manji - name: /etc/salt/minion.d/mysql.conf
22:15 manji - contents: |
22:15 manji mysql.default_file: /etc/mysql/debian.cnf
22:15 manji that is my config
22:15 DammitJim whoa
22:15 whytewolf trying to find the gist i used to use for this on ubuntu
22:15 DammitJim and then in my states for doing stuff like creating or granting a user, I don't have to do anything?
22:16 manji yes
22:16 manji but I'd go with the way whytewolf said
22:16 DammitJim manji, you are confusing me now
22:16 manji I will try it, because you can't restart the minion service during a state
22:16 DammitJim I was going to use your state
22:16 manji DammitJim, do that for starters, and then try what whytewolf said, as it sounds better :p
22:16 whytewolf basicly the pillar way is faster and avoids a restart which in a highstate can be disrupting
22:17 manji both ways work :p
22:17 whytewolf but other wise yeah either way works
22:17 DammitJim oh crap, I'm doing the pillar (which is what I wanted to do originally)
22:17 manji whytewolf, I as scratching my head over this btw
22:18 madboxs joined #salt
22:18 whytewolf DammitJim: thought i had a better example but this is the short and skinny of what i used to do when i was on ubuntu https://gist.github.com/whytewolf/1e942a1b982000b9d315
22:19 abednarik joined #salt
22:20 DammitJim whytewolf, dude, stop confusing me
22:20 DammitJim I'm just going to do the pillar ;)
22:20 whytewolf ohhhhhh, what i have a better example of is the debconf stuff for first installing mysql
22:20 whytewolf lol DammitJim that is what the gist is :P
22:20 DammitJim lol... I already got that
22:20 DammitJim it's a mess, btw
22:21 whytewolf that example?
22:22 whytewolf well look at the bright side. ubuntu/debian is WAY easier then centos for installing mysql
22:22 manji whytewolf, have you found a way to set the root pass with debconf
22:22 whytewolf manji: https://gist.github.com/whytewolf/ad31700f4ebd2b9a5b05
22:22 manji without having it plaintext ?
22:23 whytewolf oh.. well you could use gpg rendering with pillar
22:23 manji hm right,
22:23 manji damn I will have to do that at some point for certificate keys etc
22:26 manji whytewolf, lol you dead with java crap too mate? :p
22:26 whytewolf lol
22:27 whytewolf needed it for elasticsearch
22:27 manji we all need it for something :p
22:27 mswart left #salt
22:27 DammitJim I don't get it... I don't see an option to have salt pass a connection_user or password for a grant :(
22:28 shalkie joined #salt
22:28 DammitJim or are those defaults?
22:28 madboxs joined #salt
22:29 whytewolf DammitJim: the /etc/mysql/debian.cnf file in ubuntu/debian is a connection file used by the operating system for maintaince tasks it has all the username and password stuff
22:29 DammitJim whytewolf, I'm using pillar
22:29 DammitJim nothing with debian.cnf
22:29 whytewolf ...
22:29 whytewolf /etc/mysql/debian.cnf has nothing to do with salt it is in mysql
22:29 DammitJim oh, but why are you telling me about that? ;)
22:30 whytewolf your pillar tells salt to use that file for it's connection info
22:30 whytewolf mysql.default_file: /etc/mysql/debian.cnf
22:30 whytewolf thats the whole pillar
22:31 whytewolf no muss no fuss
22:31 DammitJim oh, what?
22:31 DammitJim so, you are NOT passing connection_user info from pillar
22:31 whytewolf no
22:32 DammitJim we are just managing that file and then salt will just run everything with that info from that file?
22:32 whytewolf connection_user is an override
22:32 whytewolf you are not even manageing the file
22:32 whytewolf mysql puts it there
22:32 DammitJim ok, so, one more time
22:32 DammitJim first step... go to the minion?
22:33 * whytewolf sighs
22:33 whytewolf is mysql installed?
22:33 DammitJim yes
22:33 whytewolf okay. go to the minion
22:33 DammitJim I see a debian-sys-maint user
22:33 DammitJim and a password for it
22:33 DammitJim in /etc/mysql/debian.cnf
22:33 whytewolf exactly
22:33 DammitJim what's next?
22:34 whytewolf on the master set up a pillar for the minion that is 'mysql.default_file: /etc/mysql/debian.cnf'
22:34 manji DammitJim, do you have something like: pillars/mysql/init.sls ?
22:34 DammitJim yes
22:34 manji greate
22:35 manji great*
22:35 DammitJim so, I go to /srv/pillar/mysql/init.sls
22:35 DammitJim edit the file and do what?
22:35 manji go to the beginning of the file
22:35 DammitJim got it
22:35 manji and add mysql.default_file: /etc/mysql/debian.cnf
22:35 manji (you are doing that in a staging environment, yes?)
22:35 DammitJim yes
22:35 DammitJim OMG, that's it?
22:36 DammitJim I just added that long string to the beginning of the line
22:36 DammitJim now?
22:37 whytewolf push the pillar and enjoy connectivity
22:37 whytewolf [well as long as no one has done something stupid like remove the maintence user not knowing what it was]
22:38 DammitJim salt <server> saltutil.refresh_pillar
22:38 DammitJim ?
22:38 whytewolf yeap
22:38 manji that would help yes
22:38 DammitJim now, you are saying, I should be able to just create a user?
22:38 madboxs joined #salt
22:39 whytewolf yeap, without connection user stuff. to double check you can salt 'server' config.get mysql.default_file
22:40 * whytewolf wishes some of the internal stuff used config.get
22:40 DammitJim woot?
22:41 DammitJim thanks guys
22:41 DammitJim I'll have to test this tonight
22:41 DammitJim I've been breaking my head trying to figure out how to pass credentials for creating users and managing databases
22:41 DammitJim blah
22:41 DammitJim *sigh*thanks thanks thanks
22:41 whytewolf no problem. and i get it sometimes when something sounds too easy i give it a what reaction also
22:42 whytewolf also like i said be glad you are on ubuntu for this. centos is a pain in the ass to fix the root password for
22:44 DammitJim I'm about to start working with centos servers *sigh*
22:44 onlyanegg joined #salt
22:44 DammitJim and that's only because I don't have the money for red hat
22:44 dxiri joined #salt
22:44 whytewolf same issue with redhat anyway
22:44 DammitJim oh man
22:44 DammitJim Access denied
22:45 DammitJim someone has been messingw ith debian-sys-maint
22:45 whytewolf ugh
22:45 jerrcs joined #salt
22:45 DammitJim oh.... there isn't such user if I look in mysql with: select * from mysql.user;
22:46 whytewolf then someone removed it...
22:46 whytewolf debian puts it there by default
22:46 DammitJim I take that back... it's right there
22:46 DammitJim | localhost   | debian-sys-maint | Y           | Y           | Y           | Y           | Y           | Y         | Y           | Y             | Y            | Y         | Y          | Y               | Y          | Y          | Y            | Y          | Y                     | Y                | Y            | Y               | Y                | Y                | Y              | Y                   | Y                  | Y                | Y
22:46 DammitJim | Y            | N                      |          |            |             |              |             0 |           0 |               0 |                    0 | mysql_native_password |
22:46 DammitJim blah, sorry
22:47 DammitJim weird, the password doesn't work
22:47 DammitJim that's weird
22:48 whytewolf you are trying to get in by localhost right?
22:48 whytewolf [it is a localhost only account]
22:48 DammitJim yeah, I mean, I logged on to the server via ssh
22:48 DammitJim then used the debian user for mysql like: mysql -u debian... -p
22:48 madboxs joined #salt
22:49 whytewolf okay, then maybe someone changed it for "reasons"
22:49 DammitJim hhhmmmm... the password is different when I look at the hash
22:49 DammitJim should I update the password?
22:50 whytewolf i would.
22:50 DammitJim it sounds like it's not doing anything anyways
22:50 DammitJim ok, gotta run
22:50 DammitJim baseball
22:50 DammitJim good evening, I'll let you know how it goes...
22:54 st8less_ joined #salt
22:56 st8less_ joined #salt
23:01 dendazen joined #salt
23:04 madboxs joined #salt
23:10 nidr0x joined #salt
23:11 Aleks3Y joined #salt
23:21 hasues joined #salt
23:26 pcn has anyone tried the dockerng sttes with AWS's ECS?
23:43 raspado joined #salt
23:55 scsinutz1 joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary