Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2017-04-05

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:00 whytewolf yeah. and if you wnat the tools they use to build the repo they are here https://github.com/saltstack/salt-pack
00:00 nohappy do they have a status page? not seeing one anywhere
00:00 djgerm +1
00:01 whytewolf i do not believe they do
00:01 whytewolf but +1 to get one
00:01 shortdudey123 joined #salt
00:02 shortdudey123 something up with https://repo.saltstack.com?
00:02 dezertol you mean down
00:03 dezertol hehe see what I did there ;-)
00:03 dezertol yes it's down, nothing official as of yet
00:04 shortdudey123 cool, just making sure i didn't break something on my end
00:04 cgregg joined #salt
00:04 dezertol so it was you
00:04 dezertol lol
00:06 lorengordon salt-pack is probably overkill, you can just rsync the repo (when it's online)
00:07 dezertol ya we have a lot of env's that use it now.. so I'll be setting up a mirror for the company I work for as soon as it's back online
00:07 dezertol like they say hind sight is always 1080p
00:08 hemebond blurry?
00:08 whytewolf now in 4k
00:08 lorengordon :joy:
00:08 dezertol o.. right..
00:11 lorengordon if it's helpful, i recently created a simple helper project to rsync a specific version and host it in s3, https://github.com/plus3it/salt-reposync
00:12 lorengordon mirroring the entire repo ends up being an awful lot of stuff we didn't need, so this helps us filter it down a bit
00:13 shortdudey123 guessing the repo outage is due to digital ocean NY1 issues... https://status.digitalocean.com/#
00:14 nohappy appears to be back up
00:14 nohappy https://repo.saltstack.com that is
00:14 dezertol confirmed it looks back up
00:15 whytewolf yeap, does look back up. although kinda slow for me right now
00:15 djgerm well we're all hitting it at once :)
00:15 nohappy hahah
00:15 djgerm all our autoscale groups finally scalling :)
00:15 dezertol yep
00:15 djgerm thanks for the free bandwidth salt!
00:16 djgerm This is why my company gives you money!
00:16 whytewolf most likely it is the fact the load balancers and caching need to fill back up :P
00:16 woodtablet left #salt
00:16 dezertol now if only they would get on the stick and announce the conference..
00:17 whytewolf they are still working on the details. looks like most likely sometime in oct. last i heard they need to work the deals
00:17 dezertol they told me the week of halloween
00:18 whytewolf sounds about what i heard as well
00:18 dezertol ya kinda sucks.. but kinda running out of options
00:18 dezertol reinvent is right after thanksgiving
00:18 dezertol and that's like half the users
00:18 Derailed joined #salt
00:19 whytewolf yeah openstack summit in sydney is early nov
00:19 whytewolf thats another big portion of salt users
00:19 dezertol course.. given what they did at the last conferences... a halloween themed one might be kinda cool
00:19 dezertol lol
00:20 dezertol ya
00:20 dezertol why do they all do them in the fall
00:20 dezertol ugh..
00:20 whytewolf openstack has 2 a year. on us based one rest of the world based.
00:20 whytewolf humm, not us based north america based
00:20 tsppp joined #salt
00:21 dezertol we're an AWS shop here so I have not played with openstack
00:21 dezertol thought about installing it for shiggles but never got around to it..
00:21 dezertol maybe one day
00:21 whytewolf I have an openstack cluster sitting in my bedroom that i use salt to deploy
00:22 whytewolf i also get paid by $job to deploy and maintain openstack [not salt based though]
00:22 dezertol I have used libvirt a lot kvm.. qemu stuff but not openstack
00:23 whytewolf I have used kvm and vmware as back ends... and have learned to HATE vmware with a passion
00:23 abednarik joined #salt
00:24 dezertol I used vmware for a bit, but that was like 2002.. ish..
00:27 nohappy lol now nodejs.org downloads are down. not my day.
00:27 whytewolf nohappy: is that really a loss though? :P
00:28 nohappy knew that was coming
00:30 dezertol lol
00:48 barkingfoodog joined #salt
00:49 ahrs joined #salt
00:50 raspado joined #salt
00:52 bltmiller joined #salt
00:54 DEger joined #salt
00:57 bltmille_ joined #salt
01:15 hemebond repo back up
01:17 ksa_ joined #salt
01:17 whytewolf yeap about an hour ago
01:19 hemebond Oh yeah, looks like I missed an entire conversation since then.
01:21 mschiff joined #salt
01:25 sp0097 joined #salt
01:30 nikdatrix joined #salt
01:34 catpig joined #salt
01:36 jdipierro joined #salt
01:43 jdipierro joined #salt
01:46 Sammichmaker joined #salt
01:46 icebal joined #salt
01:48 ilbot3 joined #salt
01:48 Topic for #salt is now Welcome to #salt! <+> Latest Versions: 2016.3.6, 2016.11.3 <+> Support: https://www.saltstack.com/support/ <+> Logs: http://irclog.perlgeek.de/salt/ <+> Paste: https://gist.github.com/ (please don't multiline paste into channel) <+> See also: #salt-devel, #salt-offtopic <+> Ask with patience as we are volunteers and may not have immediate answers
01:49 catpigger joined #salt
01:52 Tanta joined #salt
02:07 icebal joined #salt
02:09 ashmckenzie joined #salt
02:25 icebal44 joined #salt
02:36 dezertol joined #salt
02:41 prg3 joined #salt
02:45 evle joined #salt
03:06 raspado joined #salt
03:27 jdipierro joined #salt
03:28 cyborg-one joined #salt
03:29 stooj joined #salt
03:31 nikdatrix joined #salt
03:34 ivanjaros joined #salt
03:40 stooj joined #salt
03:45 justan0theruser joined #salt
03:47 stooj joined #salt
03:56 masber joined #salt
03:59 prg3 joined #salt
04:14 prg3 joined #salt
04:15 sjorge joined #salt
04:36 irated joined #salt
04:46 jab416171 joined #salt
04:50 golodhrim|work|3 joined #salt
04:56 DEger joined #salt
04:59 ivanjaros joined #salt
04:59 juriskrumins joined #salt
05:03 juriskrumins Hi everybody. Can anobody help with with win_dsc module. I'm running dsc.apply_config function using module.run. DSC configuration gets applied, but I'm getting following comment: Module function dsc.apply_config threw an exception. Exception: No JSON results from powershell. And overall module.run Result is False. As a result, this state considered to be failed. Anyone have experience with this and can help. Thanks in advance.
05:20 Praematura joined #salt
05:21 SaucyElf joined #salt
05:24 prg3 joined #salt
05:27 Vaelatern joined #salt
05:32 nikdatrix joined #salt
05:33 hoonetorg joined #salt
05:39 preludedrew joined #salt
05:43 Zachary_DuBois joined #salt
05:45 felskrone joined #salt
05:47 DEger joined #salt
05:49 Sarphram joined #salt
05:53 Bock joined #salt
05:58 do3meli joined #salt
06:10 aldevar joined #salt
06:28 candyman88 joined #salt
06:33 rdas joined #salt
06:35 tuudik joined #salt
06:42 hoonetorg joined #salt
06:43 Ricardo1000 joined #salt
06:45 dyasny joined #salt
06:49 ReV013 joined #salt
06:56 yuhl______ joined #salt
06:57 Klaus_Dieter joined #salt
06:59 ksa joined #salt
07:00 ReV013 joined #salt
07:01 Vaelatern joined #salt
07:08 o1e9 joined #salt
07:09 Trauma joined #salt
07:13 jas02 joined #salt
07:14 toanju joined #salt
07:15 tuudik joined #salt
07:16 jgelens joined #salt
07:17 cyteen_ joined #salt
07:18 jor joined #salt
07:24 DarkKnightCZ joined #salt
07:28 netcho joined #salt
07:28 netcho hello
07:29 neilf__ joined #salt
07:34 jas02 joined #salt
07:37 prototux hello netcho
07:38 rdas joined #salt
07:38 ronnix joined #salt
07:38 netcho havent tried or investigated yet, but is there a way to run salt-cloud map frommmm orchestrator?
07:40 netcho or maybe create states with coud.profile modules for creating machines
07:40 JohnnyRun joined #salt
07:40 netcho instead of maps
07:41 whytewolf in orchestrate use cloud.map_run to run a map
07:42 whytewolf https://docs.saltstack.com/en/latest/ref/runners/all/salt.runners.cloud.html#salt.runners.cloud.map_run
07:42 whytewolf using the salt.runner state module in orchestrate
07:42 whytewolf i even have an example
07:42 whytewolf https://gist.github.com/whytewolf/2a5b585efaca83e14bbf1b7b8b980e43
07:42 netcho hah, missed that one :S
07:46 netcho damn, i just loooove salt
07:46 netcho i had a discussion the other day, salt vs teraform
07:48 ozux joined #salt
07:51 netcho it would be nice if salt would have an option of importing current infrastructure and generating profiles/states , for example AWS load balancers, subnets, sec groups ...
07:52 hemebond But... Salt is supposed to create those.
07:52 netcho yes but for example scan my VPCs and generate states .. after that i can edit current ones or create new ones out of those templates
07:53 lasseknudsen joined #salt
07:54 hemebond As a separate tool, that would be pretty neat.
07:54 netcho yes
07:55 nikdatrix joined #salt
07:55 jas02 joined #salt
07:57 netcho pre seedeing would also be helpful :)
07:57 netcho but that is something than be solve in vim itself
07:57 netcho solved
07:58 kjsaihs joined #salt
07:58 ReV013 joined #salt
08:01 netcho for example when one writes boto_secgroup.present: everything related to sec groups is added automatically \
08:02 netcho maybe i am just lazy
08:02 hemebond ?
08:02 hemebond You mean in an editor?
08:02 netcho yes
08:02 hemebond That's just snippets.
08:02 netcho yes, that is correct word :D
08:02 hemebond I think someone wrote Salt SLS snippets for Sublime Text.
08:03 DEger joined #salt
08:03 netcho hah, there is one for vim too :)
08:04 lasseknudsen joined #salt
08:05 zulutango joined #salt
08:05 netcho but pretty old
08:05 nikdatrix joined #salt
08:14 arif-ali joined #salt
08:16 Rumbles joined #salt
08:17 arif-ali joined #salt
08:17 babilen_ joined #salt
08:28 Mattch joined #salt
08:30 jas02 joined #salt
08:32 netcho_ joined #salt
08:32 rubenb joined #salt
08:36 impi joined #salt
08:39 jas02 joined #salt
08:41 jas02 joined #salt
08:51 s_kunk joined #salt
08:56 onmeac joined #salt
08:59 ozux joined #salt
09:01 tuudik joined #salt
09:02 ozux joined #salt
09:05 ozux joined #salt
09:08 N-Mi joined #salt
09:08 N-Mi joined #salt
09:11 juriskrumins Hi everybody. Can anobody help with with win_dsc module. I'm running dsc.apply_config function using module.run. DSC configuration gets applied, but I'm getting following comment: Module function dsc.apply_config threw an exception. Exception: No JSON results from powershell. And overall module.run Result is False. As a result, this state considered to be failed. Anyone have experience with this and can help. Thanks in advance.
09:13 lasseknudsen joined #salt
09:14 ivanjaros joined #salt
09:22 Rumbles joined #salt
09:31 toanju joined #salt
09:32 impi joined #salt
09:50 tuudik Hi! Can someone point out one of the best examples of folder/catalog structure for sls files?
09:51 tuudik Pyton foundation example looks quite good: https://github.com/python/psf-salt
09:51 manfredliu joined #salt
09:58 Praematura joined #salt
10:02 netcho tuudik: there is no "best way" imho, it depends on your needs
10:10 jas02 joined #salt
10:11 jas02 joined #salt
10:11 mpanetta joined #salt
10:12 Dunion joined #salt
10:26 pbandark joined #salt
10:28 tuudik joined #salt
10:28 tuudik @netcho well it would be nice to see some reference and modify according to needs
10:30 netcho well, reference you can find in documentation, for example 1 on 1 ration states-pillars
10:31 netcho ratio
10:31 netcho top files are also infrastructure/needs dependent
10:32 netcho some people use salt environemnts, i for example don't
10:32 netcho all my stuff is in `base`and then i target by grains
10:33 netcho example:
10:33 netcho 'G@env:dev and G@role:dbserver':
10:36 DEger joined #salt
10:43 kedare joined #salt
10:43 deei joined #salt
10:43 Dunion left #salt
10:44 deei hi, using salt-ssh (2016.11.3) I get huge random waits at "[DEBUG   ] Reading configuration from /path/to/master". is this a known issue? I can't find anything
10:45 deei a test.ping took 3 minutes to a VM. an ansible ping to the same VM took less than a second
10:46 deei I have nothing strange in my configuration by the way. it's very vanilla
10:47 kedare Hi all o/
10:47 kedare Question
10:47 kedare I'm trying to use retry: and parallel: but I'm getting an error, I don't know why
10:47 kedare Here is my code : https://gist.github.com/kedare/32b6a7b4730af89c21efa2f78f1657f2
10:48 kedare I added the error to the gist also
10:49 kedare Or maybe we can't use then on any state ?
10:49 amcorreia joined #salt
10:50 dendazen joined #salt
10:51 ivanjaros joined #salt
10:51 pbandark Hi. I want to set JAVA_HOME environment on the minion based on version of java installed. I was thinking to featch Java directory location on the minion(ls -d  /usr/lib/jvm/java-1.8.0-openjdk-*/jre/) and then set it using grains/pillars. But, I am not sure how to set dyanamic values in pillar? can anyone help me on the same? or is there any other convenient way to achive what I am looking for ?
10:52 kedare Hmm ok no parallel: and retry: apparently are still in the devel version
10:53 ozux joined #salt
10:53 kedare That would explain why :)
10:53 catpiggest joined #salt
10:55 ozux joined #salt
10:56 Rumbles joined #salt
11:01 jas02 joined #salt
11:03 hellohill joined #salt
11:09 netcho when running states is there a way to verbose whats happening except runnig master un debug mode or state.event runner?
11:09 tuudik joined #salt
11:09 raspado joined #salt
11:14 hemebond netcho: salt-call on the minion?
11:16 netcho thats another way yes
11:17 netcho that should be possible on master imho :)
11:17 netcho there are verbosity levels right, but just for outputs after state is fifished
11:18 hemebond What do you mean?
11:18 hemebond What do you need more verbosity about?
11:19 netcho current running job
11:19 hemebond Well, it's all done on the minion.
11:19 hemebond You can decide the verbosity of the return information that the salt CLI will show.
11:20 hemebond But if you want to see what's actually happening it can only be done on the minion.
11:20 netcho yep
11:22 mschiff joined #salt
11:23 gk_1wm_su joined #salt
11:24 gk_1wm_su left #salt
11:26 jas02 Hi, how can I print the content of variable in salt state? I need it for debug.
11:31 jdipierro joined #salt
11:31 Deliant joined #salt
11:33 nkuttler jas02: just turn on debug and look at the rendered template?
11:39 abednarik joined #salt
11:47 ronnix joined #salt
11:50 netcho i maybe noobish question
11:50 netcho why is it impossible to insert ENV in pillar while applying states
11:54 netcho example: salt '*' state.apply some.state pillar='{"settings":{"foo":"MY_ENV"}}'
12:00 dariusjs joined #salt
12:03 jas02 nkuttler: It doesn't print all variables, just complains on empty one.
12:03 pbandark I am hitting https://github.com/saltstack/salt/pull/39762 do we have any workaround till issue is fixed ?
12:03 saltstackbot [#39762][MERGED] Fix regression in file.get_managed | https://github.com/saltstack/salt/pull/39438 broke file.get_managed when ``skip_verify=True``....
12:04 pbandark https://github.com/saltstack/salt/issues/40092
12:04 saltstackbot [#40092][MERGED] archive.extracted failing with traceback in file.managed | Description of Issue/Question...
12:09 hemebond left #salt
12:13 ozux joined #salt
12:13 Trauma joined #salt
12:15 numkem joined #salt
12:15 rickflare2 joined #salt
12:27 cachedout joined #salt
12:28 CrummyGummy joined #salt
12:32 pbandark left #salt
12:32 pbandark joined #salt
12:37 Mogget I have a service which is reloaded by doing "kill -USR2 <some pid>". Is it possible to make watch do this for a service when a file that is managed changes?
12:39 Mogget Maybe create a systemd file which does exactly this, and the manage the systemd file from the same state?
12:39 pbandark is it possible to check value on minion at runtime and accordingly modify the file ? for ex. I would first check location/path of some file and then set same path in configuration file.
12:41 DanniZqo joined #salt
12:46 abednarik joined #salt
12:58 juriskrumins joined #salt
13:08 gmoro joined #salt
13:11 jdipierro joined #salt
13:12 ssplatt joined #salt
13:14 mavhq joined #salt
13:16 Nalkey joined #salt
13:17 Nalkey left #salt
13:18 Rumbles joined #salt
13:22 ssplatt joined #salt
13:29 racooper joined #salt
13:31 brousch__ joined #salt
13:37 PatrolDoom joined #salt
13:41 scoates joined #salt
13:45 _JZ_ joined #salt
13:46 ozux joined #salt
13:51 cwright joined #salt
13:56 jas02 joined #salt
13:57 cyborg-one joined #salt
14:02 cachedout joined #salt
14:05 jas02 joined #salt
14:07 cachedout joined #salt
14:09 Brew joined #salt
14:11 dariusjs joined #salt
14:11 mavhq joined #salt
14:13 sp0097 joined #salt
14:15 zzzirk joined #salt
14:18 AvengerMoJo joined #salt
14:19 wolfpackmars2 joined #salt
14:22 mpanetta joined #salt
14:25 ozux joined #salt
14:27 Praematura joined #salt
14:28 hatifnatt joined #salt
14:30 Trauma joined #salt
14:31 sarcasticadmin joined #salt
14:32 sarcasticadmin joined #salt
14:39 jgarr whytewolf: You were right I needed to use HOSTNAME: "foo" but now I need to figure out how to get that environment variable set dynamically for each minion and it doesn't look like I can shell out to set the variable. maybe I can do it via a grain
14:39 q1x is there a way to itterate over all files in a directory (recursively) from a state?
14:40 cachedout joined #salt
14:41 Sketch grains['host'] or grains['fqdn']
14:51 PatrolDoom joined #salt
14:51 raspado joined #salt
14:52 ozux joined #salt
14:52 Ricardo1000 joined #salt
14:54 hasues joined #salt
14:54 hasues left #salt
14:58 ozux joined #salt
15:00 ahrs joined #salt
15:00 tapoxi joined #salt
15:06 brasko anyone have any luck using the orchestration runner?
15:06 brasko I'd like to know if it supports the diamond pattern?
15:11 sp0097 joined #salt
15:13 cscf brasko, what do you mean by a diamond pattern?
15:15 raspado joined #salt
15:15 evle1 joined #salt
15:15 jas02 joined #salt
15:18 Eugene Mogget - you can use cmd.run + watch
15:20 toastedpenguin joined #salt
15:23 cscf brasko, do you mean, do A, then do B + C in parallel, then do D?
15:23 cscf q1x, iterate and do what?
15:24 onlyanegg joined #salt
15:28 brasko cscf: yes!
15:28 brasko I'm looking at orchestrator now, although I'm failing to run a simple example
15:34 cachedou1 joined #salt
15:39 Tanta joined #salt
15:39 tsppp joined #salt
15:42 DarkKnightCZ joined #salt
15:44 Trauma joined #salt
15:46 q1x cscf, well I need to copy a directory from a git repo and itterate over all the files in the dir. I need to upload each of the files via an API call (minion has credentials).
15:47 cscf q1x, I think you want to just cmd.run and do it in bash.
15:47 cscf Or write a python module, I guess.
15:47 brasko ok, I got a simple example working, great
15:49 Rumbles joined #salt
15:50 brasko @cscf it appears the B and C jobs are not in parellel
15:50 cscf brasko, that's not surprising.  state executions aren't.
15:51 brasko that's to bad
15:51 brasko There is no way to do massive job parrellization then?
15:51 brasko I'm trying to replace our use of Jenkins
15:51 brasko which we've maxed out
15:52 brasko we run about 3000 jobs on 200 agents, in parrellel
15:52 brasko I thought the require: flag might help here in salt files
15:52 brasko but it appears no
15:52 cscf brasko, require sets ordering, but that doesn't make it parallel
15:53 brasko yeah, I see the ordering working
15:53 brasko Why would it not execute them in parrellel?
15:53 brasko that's kind of wierd
15:53 brasko you connect hundreds of agents, and it has 2 jobs it can run.....
15:53 cscf brasko, because parallel can be tricky and cause obscure bugs
15:53 brasko yeah, no doubt it's hard
15:53 cscf brasko, there is an experimental feature that allows states to run in parallel, iirc
15:54 cscf Perhaps it will extend to orch in future.
15:54 netcho joined #salt
15:54 netcho joined #salt
15:55 ssplatt brasko: it kind of sounds like you want gridengine
15:55 brasko ok, so for now, if i still want to try out salt
15:55 ssplatt a cluster queueing system
15:55 brasko i'd have to use a 3rd party job scheduler?
15:56 ssplatt torque and maui also come to mind as a cluster queueing system
15:57 netcho will using --hard on map file terminate only machines created with that map file that no longer exist or it will delete ALL machines created with salt-cloud
15:58 prg3 joined #salt
15:58 cachedou2 joined #salt
15:59 brasko salt is so simple to setup and use
16:00 brasko all it needs is the job orchestration that handles parrellel jobs
16:00 brasko i'd hate to use another tool
16:00 brasko or do you guys think it won't scale well at all? or it's the wrong tool for the job
16:00 q1x cscf: I'll try the module route
16:01 tsppp joined #salt
16:01 cscf brasko, do you really need the extra speed?  How long is it taking you right now?
16:02 brasko we run 7 days of work in 1 hour
16:02 brasko by leveraging 250 machines :)
16:02 brasko so yeah, parrellel is key
16:03 hillna joined #salt
16:04 aldevar left #salt
16:04 cscf brasko, so, you want to run the same job on 250 machines?
16:04 tiwula joined #salt
16:05 cscf I thought that did work in parallel
16:05 candyman88 joined #salt
16:07 richerve joined #salt
16:08 richerve Greetings
16:08 tercenya joined #salt
16:09 richerve anyone using "py" renderer for templates?
16:09 brasko @cscf https://pastebin.com/xK4TkPis
16:09 richerve I don't know how to read the global default values passed through "file.managed" -> defaults or context
16:09 dezertol joined #salt
16:10 brasko and then I ran: sudo salt-run state.orchestrate orch/run, where run.sls is the file
16:10 richerve Also, is there a way to import files as in jinja {% from "path" import something with context %} ??
16:10 brasko so second and third do not run in parrellel, it seems, based on the time taking 23 seconds
16:10 concerti is there any playbook style functionality for Salt? If so, what's its name? let's say I want to accomplish a few things but only trigger them at my timing. DB replacement for example?
16:10 leonkatz joined #salt
16:12 DarkKnightCZ joined #salt
16:13 ssplatt brasko: I think you are trying to fit a square in a round hole
16:14 ssplatt concerti: look into formulas possibly. and there is a way to configure schedules inside of salt
16:15 concerti ssplatt: awesome thank you! knew salt could do it
16:18 brasko ssplatt: so if i want to do job orchestration like this, you suggest i look at another tool
16:18 brasko ?
16:19 ssplatt depends on what your jobs are.
16:19 ssplatt and what you are trying to accomplish exactly.
16:19 brasko well, simply put, our test automation
16:20 brasko running thousands of jobs, many in parrellel when possible, to run tests against a software build
16:20 brasko It seems that salt is a reasonably good fit at first glance
16:21 ssplatt so each test is 1) bring up a vm or container, 2) configure it, 3) do the things, 4) remove vm/container?
16:22 brasko actually simpler: we keep our vm's on all the time, they are pre configured
16:22 brasko so each test is: run a job on a specific long running node
16:22 ssplatt we use kitchen to do our tests and docker in a few places. kitchen spins up a vm for each test, runs salt inside each vm individually to configure them. runs the tests after being configured. then destroys the vm
16:23 brasko we'd probably like to move to your description, but that's another effort
16:23 brakkisath joined #salt
16:24 ssplatt the kitchen nodes can all be run in parallel
16:24 brasko http://kitchen.ci/ ?
16:24 ssplatt https://github.com/ssplatt/infratest-formula/blob/master/.travis.yml  example travis ci config. i think jenkinsfile’s can do this too.
16:25 ssplatt https://github.com/ssplatt/infratest-formula/blob/master/.travis.yml#L16-L17  defines running the two environments, which happen in parallel
16:26 Edgan joined #salt
16:26 ssplatt but salt things still happen in order, or as defined in the state files because in general you want configuration management to happen step by step
16:26 ssplatt “make sure directory is in place, then place file in directoy, then start service"
16:27 ronnix joined #salt
16:27 ssplatt i get that maybe it won’t matter some times if different files are being managed in parallel at the same time
16:28 bltmiller joined #salt
16:28 ssplatt but more often than not order of operations is required and expected
16:29 beardedeagle joined #salt
16:29 ssplatt it sounded more like you were doing data analysis before. scheduling hundreds of scripts at a time to do things.
16:30 beardedeagle left #salt
16:30 ssplatt which sounds more like you want a queueing system as opposed to a configuration management + orchestration system
16:31 beardedeagle joined #salt
16:31 wolfpackmars2 how to add an existing user to an existing group with state files?
16:32 ssplatt wolfpackmars2: https://docs.saltstack.com/en/latest/ref/states/all/salt.states.user.html#salt.states.user.present
16:32 ssplatt user.present
16:32 ssplatt - groups:
16:33 wolfpackmars2 will the append listed groups to the user or replace existing groups?
16:34 mrueg joined #salt
16:34 jrgochan joined #salt
16:34 jas02 joined #salt
16:35 ssplatt not positive. try it out and see
16:35 jrgochan Hello! I'm kickstarting stuff and having salt handle configuration at the end of my ks. I'd like to have the new machine's ssh keys pulled over to the salt master and added to our ssh_known_hosts file. Is there any set way to do this in salt, or would I have to write a custom module?
16:36 ssplatt wolfpackmars2: https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.useradd.html#salt.modules.useradd.chgroups may also be useful
16:37 wolfpackmars2 ssplatt I saw that... how to I translate useradd to a state file?  it seems useradd is not included in states
16:37 jas02_ joined #salt
16:37 ssplatt module.run
16:37 ssplatt :
16:38 ssplatt but your state file youd probably want to manage the state of teh user
16:38 ssplatt so you’d have the definition of the user in yaml. with all groups you want the user to have
16:38 ssplatt and let the state add or remove as you’ve defined
16:39 ssplatt …definition of the user in pillar.
16:39 ssplatt which gets enforced by the state file
16:39 wolfpackmars2 in this case I have a user that is always created, but on some systems I want the user to be added to group (fuse in this case)
16:40 wolfpackmars2 fuse may not be available on all systems
16:40 wolfpackmars2 so in the state where I'm installing fuse, I'm adding fuse to my user if the user already exists
16:41 ssplatt sounds like you’d handle that with targetting
16:41 wolfpackmars2 I don't want the state to create the user if it doesn't exist, and I don't want the state to change anything else about the user other than to add group fuse
16:42 impi joined #salt
16:43 brakkisa_ joined #salt
16:46 DarkKnightCZ joined #salt
16:48 ChubYann joined #salt
16:56 brakkisath joined #salt
16:59 pipps joined #salt
17:00 tercenya joined #salt
17:03 abednarik joined #salt
17:07 tsppp joined #salt
17:10 bmurphy96 joined #salt
17:13 tercenya joined #salt
17:15 oida joined #salt
17:17 ronnix joined #salt
17:21 prg3 joined #salt
17:25 tsppp left #salt
17:31 oaisn joined #salt
17:38 theblazehen joined #salt
17:40 s_kunk joined #salt
17:45 jas02 joined #salt
17:48 pipps joined #salt
17:50 pipps joined #salt
17:50 nixjdm joined #salt
17:51 prg3 joined #salt
17:51 tkojames_ joined #salt
17:53 brousch__ We just ran into something and I want to confirm that it is the expected behavior: A grain with a value of None became a NoneType object in a Jinja template. This caused the grains.get() to ignore the provided default value.
17:54 oida joined #salt
18:00 toanju joined #salt
18:00 pipps joined #salt
18:11 evle1 joined #salt
18:12 pipps joined #salt
18:15 jrgochan what's the best way to copy files from a minion into the /srv/salt directory?
18:22 overyander joined #salt
18:22 ronnix joined #salt
18:23 cscf jrgochan, that's rather dangerous
18:24 overyander when using salt-syndic, does the syndics master have the same access to the syndics minions as the master does with its minions?
18:24 cscf jrgochan, https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.cp.html#salt.modules.cp.push
18:25 jrgochan cscf: I gave that a shot, but it's only putting the files in the /var/cache/salt/master/minion/ dir
18:25 overyander will a minion of a salt-syndic system run highstates specified in the syndics master?
18:25 jrgochan When I build new machines I'd like to copy their host SSH keys to the master, but I don't know how
18:25 cscf jrgochan, oh, use Mine
18:26 renoirb joined #salt
18:26 cscf jrgochan, I use salt mine to export the host pubkeys as Mine data, then I file.manage /etc/ssh/ssh_known_hosts back down
18:27 jrgochan hrm. that sounds like exactly what I need to do
18:27 jrgochan Could I trouble you for pastebin-ing an example?
18:27 sarcasticadmin joined #salt
18:28 cscf jrgochan, already was https://gist.github.com/lordcirth/1555dc7642df5d6a500180b19296de30
18:28 cscf I do not claim that this is perfect, but it has worked well
18:29 jrgochan Cool
18:29 cscf the known_hosts is a little complex because I save the RSA & ECDSA keys for both the hostname and fqdn
18:29 cscf You could probably simplify
18:29 jrgochan I'm still not quite sure where those files go
18:29 jrgochan first time hearing of salt mines
18:29 cscf jrgochan, I named them, using . instead of /
18:29 cscf apparently gist doesn't let you name them with /
18:29 jrgochan si
18:30 wendall9111 joined #salt
18:30 cscf so your /etc/salt/minion needs to have "mine_functions:" to export the keys
18:30 wendall911 joined #salt
18:30 whytewolf cscf: you can setup mines in pillar.
18:30 cscf then I file.manage, with jinja, the ssh_known_hosts.  which for-loops over the mine data
18:31 cscf whytewolf, oh really?
18:31 whytewolf yeap
18:31 cscf Good to know.  Anyway, this works too
18:31 jrgochan and it'll just pop up in salt['mine.get']?
18:31 cscf And in this particular case, it's something I run on all minions, so it's fine.
18:31 cscf jrgochan, yep, the master will regularly poll the mine data from the minions.  60s by default.
18:32 cscf a bit much for ssh keys, but meh
18:32 jrgochan cool cool. seeing them come through
18:32 nikdatrix joined #salt
18:33 leonkatz joined #salt
18:33 jrgochan so the .etc.ssh.ssh_known_hosts is just a file.managed template?
18:34 whytewolf yeap.
18:35 wendall911 joined #salt
18:37 aldevar joined #salt
18:38 cscf jrgochan, yes, I have a state called common.ssh, that among other things does this.
18:39 DarkKnightCZ joined #salt
18:39 cscf jrgochan, Also, I recommend adding - show_changes: False to the file.managed, lol
18:40 cscf It's (minions)^2 spam otherwise
18:40 jrgochan good call. I'm having trouble figuring it out. reasonably new to templating
18:40 jrgochan I think I'm getting it though
18:50 PatrolDoom joined #salt
18:51 cyborg-one joined #salt
18:52 Inveracity joined #salt
18:56 jrgochan if I don't have a certain key type on some machines but still want to check for it, how would I do that in jinja?
18:56 jrgochan {{ keys['ecdsa.pub'] }}
18:56 jrgochan I tried an if statement, but it still complained
18:58 abednarik joined #salt
18:59 jrgochan {% if 'ecdsa.pub' in keys %} did the trick
19:02 armguy joined #salt
19:02 DarkKnightCZ joined #salt
19:08 Trauma joined #salt
19:09 pipps joined #salt
19:17 leonkatz joined #salt
19:28 leonkatz joined #salt
19:33 jas02 joined #salt
19:38 tercenya joined #salt
19:40 cyteen joined #salt
19:44 fartface joined #salt
19:44 mschiff I am having trouble with the orchestration of (somewhat) longrunning cmd.run states. Instead of waiting for the process to finish, salt let it fail with the message "[ERROR   ] No changes made for cmd.run", and continuing while the spawned process is still running...
19:45 mschiff any clue someone?
19:45 mschiff (salt 2015.05.10)
19:48 netcho joined #salt
19:50 renoirb_ joined #salt
19:50 Praematura joined #salt
19:54 schemanic_ joined #salt
19:55 fartface Hey!  I'm just in the process of learning Salt, and I'm curious about `require`.  In this case (https://pastebin.com/80KV7Zed), how do I reference that pkg.latest needs to wait for pkgrepo.managed?  What do I put as an identifier?  Ruby?  Or Brightbox Ruby?
19:57 Neighbour fartface: the example in your pastebin is correct
19:57 Neighbour entries in an sls start with an "id:" and the next line contains "module.function:" followed by arguments
19:58 Neighbour for the require, you need to reference the module and the id
19:58 fartface Thanks!  That's what I'd thought, just wanted to double check as I've got a few of these cases.
19:59 Neighbour This is also why you can't have multiple entries with the same module under the same id:
20:00 brasko left #salt
20:00 fartface So the way I've got my ruby.sls set up is fine though?  Given that the pkg name of 'ruby' is also the ID of the module?
20:00 cscf fartface, I generally do not put 2 state modules under the same name, though it is valid.
20:01 cscf I would have ruby_repo and ruby_pkgs
20:01 fartface cscf: That's what I was thinking as well, just wanted to make sure I'm starting off with proper best practices
20:01 Neighbour cscf: You can put 2 state modules under the same id, only if those two state modules are named differently
20:02 Neighbour for example, you can't use 'file.managed:' and 'file.append:' under the same id
20:02 cscf Neighbour, I know you can, but I don't like doing it.
20:02 cmarzullo ^^
20:02 cscf it saves 1 line and complicates things, IMHO.
20:03 Neighbour only complicates things when you have inter-id-dependencies
20:05 Neighbour fartface: most common is to have every module.function 'call' under its own id, but exceptions (even in the salt docs) exist
20:06 fartface That makes sense, originally I'd put a whole mess of stuff under a single ID, but have been splitting things out as it was a mess
20:07 sp0097 joined #salt
20:08 cmarzullo I've switched to using state ids that conform to pattern work best. When 100s of states go by it's easy to visually look for state ids in the mix
20:08 adelcast joined #salt
20:08 cmarzullo <formula>_<install | config | service>_<something else>:
20:12 Tanta joined #salt
20:21 onlyanegg joined #salt
20:23 DEger joined #salt
20:25 XenophonF +1
20:25 XenophonF best way to do it
20:31 jdipierro joined #salt
20:33 pipps joined #salt
20:33 nikdatrix joined #salt
20:34 jas02 joined #salt
20:37 cyteen_ joined #salt
20:37 tiwula joined #salt
20:42 jrklein joined #salt
20:42 netcho joined #salt
20:46 oida joined #salt
20:51 daxroc Evening all
20:51 whytewolf afternoon daxroc
20:52 aldevar left #salt
20:53 daxroc I'm running a salt-call state.show_highstate --retcode-passthrough in a sandbox docker container on my laptop and it returns 0  but run on a CI workflow it returns 2 - though it's showing no errors and gives the same output ?
20:53 hoonetorg joined #salt
20:54 brasko joined #salt
20:55 daxroc Is relying on --retcode-passthrough a good idea or are there alternatives ?
20:55 brasko So I see that you get parallel execution when doing salt '*' cmd.run 'sleep 10
20:55 brasko but you get serial execution when using the orchestrator
20:55 brasko that's really to bad
20:55 daxroc brasko: you can set concurrency in the orchestrations
20:57 daxroc brasko: you can also batch to avoid scenarios like stampeding heard
20:57 brasko how do you set concurrency in the orchestrations ?
20:58 brasko earlier I was trying to run the diamond pattern; job a: then job b and c: then job d
20:58 brasko using the require flag I got that to work, but they are ran linearly
20:59 daxroc https://www.irccloud.com/pastebin/CxqLMvUm/
20:59 daxroc brasko: ^
21:00 onmeac joined #salt
21:00 onmeac Greetings
21:01 pipps joined #salt
21:01 onmeac When using file.managed to download files from an http(s) source, we've seen minions with low disk space as all files downloaded over time remain in: "/var/cache/salt/minion/extrn_files/base/", has anyone here seen this happen also?
21:01 daxroc Anyone insights into salt-call (non-local) --retcode-passthrough issues described above, is it that unrelyable ?
21:02 brasko daxroc: https://pastebin.com/h6jaFL8m - that's my job
21:02 beardedeagle :close
21:02 beardedeagle left #salt
21:03 beardedeagle joined #salt
21:03 beardedeagle left #salt
21:03 mariusv joined #salt
21:06 daxroc onmeac: clearing the cache might help ? salt '*' saltutil.clear_cache
21:07 daxroc * that could be expensive too depending on your setup
21:08 DammitJim joined #salt
21:09 daxroc onmeac: you can also override the cachedir to your choice - maybe a /tmp location, https://docs.saltstack.com/en/latest/ref/configuration/minion.html#cachedir
21:10 woodtablet joined #salt
21:10 onmeac left #salt
21:11 onmeac joined #salt
21:11 beardedeagle joined #salt
21:12 onmeac We've been cleaning the cache directory manually the past few days, i was hoping to find some config option to control some sort of auto cleaning (other than cron jobs etc) :)
21:13 sh123124213 joined #salt
21:14 DarkKnightCZ joined #salt
21:15 onmeac aha: https://github.com/saltstack/salt/issues/34369
21:15 saltstackbot [#34369][OPEN] Feature request: Execution module with function(s) to clear files cached from the salt fileserver | Currently, the minion fileserver cache is never purged. Adding functionality to control the minion fileserver cache would have a couple benefits:...
21:15 DammitJim how do I get a value pair from pillar?
21:15 DammitJim or do I have to put the getpillar in a for loop?
21:16 beardedeagle joined #salt
21:17 onmeac Do you have a pillar example?
21:18 DammitJim rabbitmq_admin:
21:18 DammitJim myadmin: complexpassword
21:18 DammitJim ooops, forgot the tab
21:19 PatrolDoom joined #salt
21:21 tmkerr joined #salt
21:22 tmkerr hey all, does anything exist currently that creates system documentation from pillar data? I find myself creating docs that are pretty much just duplicated pillar data
21:23 whytewolf DammitJim: you mean you want {% set user, password = salt.pillar.get('rabbitmq_admin',{'user': 'password'}).items()%} [pretty sure this is right, but just to lazy to test right now]
21:23 DammitJim oh
21:28 hemebond joined #salt
21:33 DammitJim thanks!
21:34 pipps joined #salt
21:40 ozux joined #salt
21:46 onlyanegg joined #salt
21:51 debian1121 joined #salt
21:51 beardedeagle joined #salt
21:51 jrgochan Hello. Is there a way in an sls file to only run a state if a certain file exists on the salt master?
21:52 Praematura joined #salt
21:54 whytewolf jrgochan: only if the master lets it known that file exists on it. [such as it being shared in the fileserver backend]
21:54 whytewolf other wise the minion has no idea if that file exists on the master
21:55 jrgochan can that be done through salt? or should I just open up an nfs share and have the minion check?
21:55 whytewolf does the file exist in the file_root
21:56 jrgochan yes
21:57 whytewolf then you can just test with {% if 'filepath' in salt.cp.list_master()%}
21:57 Xenophon1 joined #salt
21:57 whytewolf you can find the filepath if you look at salt '*' cp.list_master yourself
21:59 jrgochan oo. cool
21:59 daxroc How can you debug a non-zero exit from a minion ,  Running salt-call I get signal 2 running salt '<id>' state.show_highstate  , I get 11 but running the same states commands local I get 0 for both salt and salt-call --retcode-passthrough
21:59 beardedeagle joined #salt
21:59 jrgochan so I'm really bad at this. could I do something like %{ if salt['cp.list_master'].contains(/path/to/thing) }%
21:59 daxroc * -l debug or -l trace aren't showing anything obvious
22:00 whytewolf daxroc: honestly salt and return codes are almost never reliable.
22:00 * daxroc faints
22:01 whytewolf abotu the only thing that you can get a reliable return code out of is cmd.run_all but that is only for shell commands. not salt commands
22:01 daxroc Hym so how can you test a state if you can't rely on the return code this seems soooo broken
22:02 whytewolf jrgochan: .contants is for "substring" cp.list_master is a list
22:02 mpanetta joined #salt
22:03 whytewolf daxroc: honestly i have no idea. return code based testing has never been relyable in salt. and the fact they even added the passthrough means they want to fix it. but it just isn't there yet
22:05 jrgochan hrm. kk
22:05 jrgochan what does "salt['cp.list_master']" actually do?
22:05 jrgochan runs "salt-call cp.list_master" on the minion?
22:05 swa_work joined #salt
22:06 whytewolf yeah
22:06 whytewolf in a nutshell
22:06 tkojames I am trying to use the mysql salt module and I am confused. Looking at the doucmention it seems I need to add some config info to the minion with the mysql installed on it not the master right? Trying to set this up to manage mysql accounts.
22:06 whytewolf [states are rendered on the minion. so anything in a state is run on the minion.]
22:06 jrgochan so this is angry because of formatting I'd imagine: {% if salt['cp.list_master'].intersection("/srv/salt/files/custom/{{ grains['os'] }}/{{ grains['osmajorrelease'] }}/{{ grains['id'] }}/etc/ssh/ssh_host_key" %}
22:07 daxroc whytewolf: not going to lie - little deflated with how testing takes a back seat in salt
22:07 debian112 joined #salt
22:07 jrgochan thanks for the info whytewolf. And I assume I can run any python I want on the object that's returned?
22:08 whytewolf tkojames: yes. configs go on the minion that is connecting to mysql. [you can use pillar to setup those configs]
22:08 whytewolf jrgochan: don't use {{}} IN {%%}
22:09 whytewolf you are already in jinja
22:09 jrgochan is it possible to get grain information in a jinja.. enclosure?
22:09 jrgochan statement
22:09 jrgochan ?
22:09 whytewolf yes
22:09 jrgochan fantastico
22:10 debian1121 joined #salt
22:10 whytewolf {% if salt['cp.list_master'].intersection("/srv/salt/files/custom/"~grains['os'] ~"/"~ grains['osmajorrelease'] ~"/"~ grains['id'] ~"/etc/ssh/ssh_host_key" %}
22:11 jrgochan ahhh. squiggglies
22:11 whytewolf "tilda" :P
22:11 jrgochan ;)
22:11 jrgochan Hrm. still angry about the syntax
22:12 whytewolf don't think you can intersection a list either
22:12 jrgochan (quite new to python)
22:12 tkojames whytewolf: Thank you sir!
22:12 whytewolf [intersection normally happens on sets]
22:13 whytewolf literally. if blah in list
22:13 jrgochan *nod*
22:13 jrgochan now i just need to get the jinja happy
22:14 whytewolf well just remeber. jinja has a lot of python in it. but not everything that is python is there
22:14 daxroc whytewolf: is there an extended debug for minions - trace doesn't show why I get a minion failure "ERROR: Minions returned with non-zero exit code" the command does execute correctly as in iget the output "state.show_highstate"
22:15 whytewolf daxroc: there is only one level above -l trace
22:15 whytewolf -l all
22:15 jrgochan good to know. Thank you good sir whytewolf
22:15 whytewolf but i doubt it will show more
22:15 jrgochan It's telling me that my object of type "function" isn't iterable
22:15 jrgochan {% if ssh_host_key in salt['cp.list_master'] %}
22:16 jrgochan is there a good way to debug return types in state files?
22:19 whytewolf jrgochan: you forgot the ()
22:19 jrgochan sure did
22:19 jrgochan no idea why i need that though
22:19 jrgochan god I need to learn python
22:19 whytewolf becuase it is a function.
22:19 beardedeagle left #salt
22:19 beardedeagle joined #salt
22:19 jrgochan so i won't get its return value unless I ()
22:19 jrgochan ?
22:20 whytewolf what programing lang can you leave () off of a function that is being called?
22:20 jrgochan none I'm aware of
22:20 whytewolf exactly
22:20 jrgochan just not intimately familiar with the salt[''] syntax
22:21 whytewolf then don't use it
22:21 DarkKnightCZ joined #salt
22:21 jrgochan assumed it called a function and just was of the return value's type
22:21 whytewolf salt.cp.list_master()
22:21 jrgochan o
22:21 jrgochan functionally equivalent?
22:21 whytewolf yes. it is a shortcut version
22:22 oaisn https://docs.saltstack.com/en/latest/topics/jinja/index.html In the calling salt function section
22:22 beardedeagle left #salt
22:22 jrgochan I'll be. great stuff
22:22 oaisn It honestly makes it easier to read
22:22 jrgochan https://docs.saltstack.com/en/latest/topics/jinja/index.html#calling-salt-functions
22:22 jrgochan oaisn: thanks!
22:23 jrgochan Thank you very much whytewolf. I think I'm on my way to a workable solution for bossman
22:23 whytewolf btw. for the recor. salt['cp.list_master'] doesn't call the function. it is the function
22:23 oaisn Also https://docs.saltstack.com/en/latest/ref/states/requisites.html this helps in state files too
22:24 whytewolf salt is a dict that holds the loaded functions
22:25 daxroc whytewolf: you know if there is a post-mechanism to hook into to parse the output from a state - run ? I see that retcode is 2 but status success
22:26 whytewolf daxroc: i do not
22:30 pipps joined #salt
22:34 nikdatrix joined #salt
22:37 leonkatz joined #salt
22:41 jas02 joined #salt
22:47 woodtablet hello, can someone point out my feebleness? i am trying to decrypt a gpg encrypted secret on a minion. the master and other minions cant see the even the gpg hash, but the minion itself can see the gpg hash, but i cant see the unencrypted value for the life of me
22:48 woodtablet i have even started over, and just did this stuff: https://groups.google.com/forum/#!topic/salt-users/HE5uwF_-5BA
22:48 woodtablet (see Paul Bruno's comment)
22:52 onlyanegg joined #salt
22:54 woodtablet it would seem that 1 the #!yaml|gpg render comment can not have comment lines above it
22:54 woodtablet and if you have non-gpg encrypted key:values, it doesnt work  for the whole yaml
22:55 woodtablet anyone know how to encrypt 1 value in a dict ?
22:55 dendazen joined #salt
23:00 kiorky joined #salt
23:02 daxroc whytewolf: best result I've seen is with "salt-call state.show_sls <any-state>,* -l debug --retcode-passthrough"
23:03 daxroc *Showing me lots of stuff to fix -- joys of federation ..
23:05 daxroc hym lots of false positives...
23:07 renoirb joined #salt
23:12 censorshipwreck joined #salt
23:17 Xenophon1 woodtablet: hang on a sec, i can probably help you
23:17 Xenophon1 give me a sec to re-connect to freenode
23:17 XenophonF joined #salt
23:18 XenophonF woodtablet: OK, so first things first
23:18 XenophonF what have you set up GPG-wise so far?
23:18 XenophonF i assume you went through the setup instructions on https://docs.saltstack.com/en/latest/ref/renderers/all/salt.renderers.gpg.html, right?
23:19 XenophonF so $prefix/etc/salt/gpgkeys has the key database, etc. and it's readable by salt-master?
23:20 woodtablet Xenophon1: yes, and it does work with a pillar with 1 value
23:20 XenophonF OK, good
23:20 woodtablet Xenophon1: but not with my real pillar with multiple keys and values, I did copy the the same encrypted value into that said real pillar
23:21 woodtablet Xenophon1: its not a real secret, so i can show a gist, even the certs are fake lol
23:21 XenophonF perfect - post it
23:21 XenophonF here's my example config that i use everywhere
23:21 XenophonF https://github.com/irtnog/salt-pillar-example/blob/master/defaults/accounts.sls
23:22 XenophonF and just to make sure, the first line of your file is #!jinja|yaml|gpg or #!yaml|gpg, right?
23:22 woodtablet yeppers, trying gist it now
23:22 XenophonF OK
23:23 woodtablet https://gist.github.com/anonymous/901e0c1afd98522dd22d39878da2324c
23:25 woodtablet the part that isnt decrypting is the SSLCertificateKeyFile_content
23:25 woodtablet but it does decrypt in my "a_secret" pillar example
23:26 woodtablet thanks for the help btw, i am sure i am just missing something stupid
23:26 XenophonF i struggled with this myself
23:26 XenophonF ok so on the minion, what does `salt-call pillar.get apache:sites:443-minion1.caltech.edu:SSLCertificateKeyFile_content` return?
23:27 woodtablet the entire --BEING PGP MESSAGE
23:27 renoirb joined #salt
23:27 woodtablet not the real value, "supersecret", yep i gave that precious secret away..
23:28 XenophonF LOL
23:28 XenophonF OK, so the gpg renderer isn't getting run.
23:28 woodtablet but look at the top, did i miss spell gpg ?
23:29 XenophonF no that's right
23:29 XenophonF what does `which gpg` on your salt-master server return?
23:29 pipps joined #salt
23:29 woodtablet "/usr/bin/gpg"
23:29 XenophonF OK so that's likely in the path of the salt-master process
23:29 XenophonF now look in /var/log/salt/master
23:29 XenophonF are there any rendering errors?
23:29 woodtablet where do i look for that ?
23:29 XenophonF anything logged by gpg?
23:29 woodtablet that sounds right
23:30 tercenya joined #salt
23:30 XenophonF on the salt-master server, run `fgrep -i gpg /var/log/salt/master`
23:30 XenophonF odd that it decrypts one pillar value but not the other
23:31 XenophonF are you sure you encrypted ...SSLCertificateKeyFile_content with the right key?
23:31 woodtablet the fgrep is showing nothing
23:31 XenophonF the way i've set things up, i have a keypair for the master and a keypair for myself, and i encrypt values with both keys
23:31 woodtablet here is the pillar that does work, same content
23:32 XenophonF that way i can decrypt the value to edit it later
23:33 woodtablet https://gist.github.com/anonymous/0c5ccd8bb2c7ae6440a53d24bfd0f353
23:34 XenophonF oh
23:34 XenophonF wait that does work
23:34 XenophonF weird
23:34 XenophonF the indentation is off at line 10
23:35 XenophonF i would try re-encrypting the value of SSLCertificateKeyFile_content, just in case you used the wrong key
23:35 woodtablet oh
23:35 woodtablet you are right
23:36 woodtablet weird that this is the working one
23:36 woodtablet lol
23:38 XenophonF ah never mind both seem to be encrypted with the same key
23:38 woodtablet i fixed the indentation on the second one, and it still works
23:38 woodtablet hmm.. maybe gpg encryption doesnt work on external pillars?
23:39 woodtablet trying something, i am going to copy this exact pillar into the other one
23:39 pipps joined #salt
23:39 woodtablet no.. taht still works
23:39 woodtablet going basic, deleting everything
23:40 XenophonF ok
23:40 XenophonF oh that's a good idea, try copying the value of cert:certlist:new_key:key1, which works, to SSLCertificateKeyFile_content
23:41 XenophonF oh wait that's weird, they're already the same thing
23:48 woodtablet oh i am silly
23:48 woodtablet the external pillar test wasnt valid
23:48 woodtablet when i copied the working pillar to the external pillar, i left the name the same
23:48 woodtablet so i was still getting the non-external pillar
23:49 XenophonF ah
23:49 woodtablet i just copied over the pillar again and change the name to cert2 at the top and called it, it is failing to render
23:49 woodtablet so for some reason its not rendering the gpg in my external stacks pillar
23:49 jas02 joined #salt
23:49 XenophonF let me look at my master config hang on a sec
23:50 yidhra joined #salt
23:50 XenophonF are you using pillarstack?
23:51 woodtablet looking for the list
23:51 woodtablet hmm
23:52 XenophonF i don't have any gpg-specific stuff in my configs
23:52 woodtablet in my master config it is just called stack
23:53 woodtablet yes
23:53 woodtablet i am using pillarstack
23:54 XenophonF hm
23:54 XenophonF in my notes i have written "pip install python-gpg"
23:54 XenophonF but the docs say you just need the gpg binary
23:54 woodtablet are you using pillar stack as well ?
23:54 XenophonF no i'm using the git ext_pillar
23:54 woodtablet i ll install it on the minions and master right now
23:55 XenophonF i don't think it's installed on my master
23:55 XenophonF oh ho!
23:55 XenophonF there's a gnupg.py in site-libraries
23:56 XenophonF what version of salt are you running on your master?
23:57 woodtablet salt-master 2016.11.3 (Carbon)
23:57 XenophonF i dunno - looking at salt/renderers/gpg.py, there's no reference to the python library, so it probably doesn't matter
23:58 woodtablet one, its good to know i am not insane
23:58 XenophonF i'd try this - enable debug logging in your master
23:58 woodtablet ok
23:58 XenophonF set `log_level: debug` in /etc/salt/master
23:59 XenophonF and set `log_level_logfile: debug` in /etc/salt/master
23:59 woodtablet done, and restarted the master, i ran the pillar.items call
23:59 woodtablet oh ok

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary