Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2017-04-11

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:00 jas02 joined #salt
00:03 godber joined #salt
00:03 ahrs joined #salt
00:14 woodtablet left #salt
00:14 Pyro_ joined #salt
00:18 oida joined #salt
00:24 SaucyElf joined #salt
00:32 Pyro_ joined #salt
00:41 Pyro_ joined #salt
00:45 mrueg joined #salt
00:47 swills joined #salt
00:50 mrueg joined #salt
00:59 mosen joined #salt
01:02 jas02 joined #salt
01:04 Pyro_ joined #salt
01:06 onlyanegg joined #salt
01:15 edrocks joined #salt
01:16 nikdatrix joined #salt
01:19 mrueg joined #salt
01:41 k_sze[work] joined #salt
01:46 PatrolDoom joined #salt
01:46 catpigger joined #salt
01:48 ilbot3 joined #salt
01:48 Topic for #salt is now Welcome to #salt! <+> Latest Versions: 2016.3.6, 2016.11.3 <+> Support: https://www.saltstack.com/support/ <+> Logs: http://irclog.perlgeek.de/salt/ <+> Paste: https://gist.github.com/ (please don't multiline paste into channel) <+> See also: #salt-devel, #salt-offtopic <+> Ask with patience as we are volunteers and may not have immediate answers
02:04 netcho_ joined #salt
02:13 hasues left #salt
02:14 cyteen joined #salt
02:39 Klaus_D1eter_ joined #salt
02:44 onlyanegg joined #salt
02:57 XenophonF I'm getting an IndexError exception while trying to execute a boto_iam state: https://gist.github.com/xenophonf/d25a0087f14aa2195dbb3fd0438a74b1
03:00 XenophonF maybe it's a boto error?
03:00 XenophonF https://github.com/boto/boto/blob/2.46.1/boto/utils.py#L414
03:00 Klaus_Dieter joined #salt
03:01 XenophonF looks like it's trying to query EC2 instance metadata, but this isn't an EC2 instance
03:01 RabidCicada joined #salt
03:02 XenophonF https://github.com/saltstack/salt/blob/v2016.11.3/salt/modules/boto_iam.py#L1312
03:03 XenophonF that code path shouldn't have executed unless there was a BotoServerError
03:03 XenophonF hmm
03:04 XenophonF I wonder if the API key isn't working for some reason.
03:04 XenophonF let's try --log-level=trace...
03:08 XenophonF too bad that doesn't increase boto's log level
03:08 XenophonF oh here we go - the salt-master IAM user doesn't have the right permissions
03:09 justanotheruser joined #salt
03:10 Ryan_Lane XenophonF: what's this json?
03:10 Ryan_Lane you write salt code in json?
03:11 Ryan_Lane are you trying to create a role or a user?
03:12 hemebond XenophonF: Using 2016.11?
03:12 XenophonF yeah - I have it sorted out now
03:12 Ryan_Lane if it's a role, you want boto_iam_role.present
03:12 onlyanegg joined #salt
03:12 hemebond Oh, well done.
03:12 XenophonF the IAM user didn't have permissions to change anything in IAM
03:12 XenophonF thanks :-D
03:13 Ryan_Lane oh, you're using the execution module directly?
03:13 XenophonF no I'm using the boto_iam.policy_present state
03:14 Ryan_Lane ooohhh, managed policies
03:14 XenophonF I forgot that my salt-master's IAM user account didn't have much granted to it.
03:14 Ryan_Lane cool
03:14 XenophonF yeah!
03:14 Ryan_Lane glad you got it worked out :)
03:14 XenophonF next up is installing a Lambda function
03:15 stooj joined #salt
03:15 XenophonF regarding JSON, I dunno - I kind of like the JSON outputter better than the default or the YAML outputters
03:16 XenophonF hemebond: I just upgraded to 2016.11.3 on this master.
03:16 XenophonF Ryan_Lane: I'm going to do boto_iam_role.present too!
03:17 XenophonF I'll need it for my Lambda function.
03:17 edrocks joined #salt
03:17 jas02 joined #salt
03:17 nikdatrix joined #salt
03:18 XenophonF Oh good - a different error: Failed to update policy.
03:23 XenophonF syntax errors in policy - well, that's progress!
03:26 hasues joined #salt
03:30 stooj joined #salt
03:32 schemanic joined #salt
03:32 schemanic_ joined #salt
03:33 schemanic_ Hello, does anyone use the stock users formula from the github repo?
03:33 hemebond schemanic_: I think I do.
03:34 schemanic_ Hello hemebond, good evening. Have you ever needed to use it with windows or macos machines? I'm trying to find a 'one users formula for workstations and servers' solution
03:34 hemebond I have not had to use it on Windows or OSX.
03:34 schemanic_ hrm
03:34 hemebond It should work fine though.
03:34 hemebond Are you getting an error?
03:35 schemanic_ I'm doing some upfront research at the moment
03:35 schemanic_ I havent actually gotten a workstation connected to my master yet
03:35 schemanic_ we have some red tape about opening up the security group over the internet
03:36 hemebond Ah.
03:36 schemanic_ My company has a high enough turnover rate that we periodically re-issue a workstation to a new user, and what I'm trying to achieve is a way of specifying which user is present on which workstation.
03:36 hemebond Well, the user states and modules should work across all platforms.
03:36 hemebond No AD?
03:37 schemanic_ We have 365, so theoretically, yes. However we don't have a way of joining macos/linux machines to it
03:37 hemebond Oh.
03:38 schemanic_ Our front-of-house teams all use Windows, while the dev group primarily uses MacOS, with an Ubuntu minority
03:39 schemanic_ I see what you're saying though - getting them all onto AD would mean they just have a profile, and I'd just need to instrument cleanup of the dead profiles.
03:41 stooj joined #salt
03:43 XenophonF schemanic_: I use the saltstack-formulas/users-formula with FreeBSD, Linux, and Windows.
03:43 stooj joined #salt
03:43 XenophonF There are a few bugs you have to work around, though.
03:43 schemanic_ Can you tell me about them XenophonF?
03:44 XenophonF yeah
03:44 XenophonF first is a (minor) bug in win_useradd.py
03:44 schemanic_ I saw a few things that seem to use the unix only state modules
03:45 XenophonF it returns False instead of None in the user.info() function
03:46 XenophonF it's a pretty easy fix, though - copy .../site-library/salt/modules/win_useradd.py to .../states/_modules/, and patch line 781 to return {} instead of False (https://github.com/saltstack/salt/issues/40419)
03:46 saltstackbot [#40419][MERGED] user.info on Windows returns False instead of an empty dictionary | Description of Issue/Question...
03:47 XenophonF the other thing you have to do is override prime_group, createhome, home, and shell in the user account attributes in Pillar, like so - https://github.com/irtnog/salt-pillar-example/blob/master/defaults/accounts.sls#L55
03:47 onlyanegg joined #salt
03:48 schemanic_ Ah! I see, you're overriding in the pillar not the state
03:49 XenophonF yup
03:49 schemanic_ Is that example you sent me compatible with the stock users formula?
03:49 XenophonF yup yup
03:49 schemanic_ Oh thank you this is great
03:50 XenophonF but like I said - you have to patch win_useradd.py as described above
03:50 schemanic_ How current is that issue?
03:50 XenophonF very
03:51 schemanic_ XenophonF, is that on the master?
03:51 XenophonF my PR got merged but I don't know when it will be released
03:51 XenophonF yes
03:51 schemanic_ Okay, so no minion patching
03:51 XenophonF well, when you copy the patched file to .../states/_modules, it gets distributed among all minions
03:52 XenophonF I'm using gitfs plus salt environments, so here's where that lives in my development environment - https://github.com/irtnog/salt-states/tree/development/_modules
03:52 XenophonF hang on let me quote you chapter and verse re: that feature
03:53 rem5 joined #salt
03:53 schemanic_ I see
03:53 schemanic_ okay
03:53 schemanic_ Lastly
03:54 XenophonF ah here we go "dynamic module distribution" a/k/a monkey patching salt - https://docs.saltstack.com/en/latest/ref/file_server/dynamic-modules.html
03:54 rem5 joined #salt
03:54 rem5 joined #salt
03:55 XenophonF regarding profile cleanup - there might be a GPO setting for that
03:55 schemanic_ Whats the best way to write up the user pillars and assign them by host? I don't want to repeat my config anywhere. I want to be able to say that server X gets the 'admins' pillar, which calls out to pillars for rex, anna, and jimbo, but then specifically for jimbo's laptop I want jimbo to be on it.
03:55 rem5 joined #salt
03:55 XenophonF that's a good question
03:56 schemanic_ The way I'm doing it in my setup is a big list of users in a separate pillar for each group or abstract 'role'
03:56 schemanic_ so 'users.casefeed', 'users.admins'
03:56 rem5 joined #salt
03:56 XenophonF that sounds good to me
03:57 schemanic_ Can you reference multiple pillars into another pillar?
03:57 XenophonF yeah
03:57 schemanic_ well no thats my problem
03:57 XenophonF there are rules for how it merges pillars - hang on i want to quote chapter and verse again ;)
03:57 schemanic_ I think it makes sense to have a file called 'admins' that references rex, anna, and jimbo
03:57 XenophonF https://docs.saltstack.com/en/latest/topics/pillar/index.html#pillar-dictionary-merging
03:58 schemanic_ and then in salt/pillar/top.sls just say 'admins.sls'
03:58 XenophonF sounds good to me
03:58 schemanic_ Ahh I see
03:58 schemanic_ so admins.sls would say
03:59 schemanic_ include:
03:59 XenophonF at some point you end up recreating your AD domain in Salt
03:59 schemanic_ - rex.sls
03:59 XenophonF so i'm not sure how well that all scales
03:59 schemanic_ Yeah that's a good point
03:59 XenophonF i wouldn't do includes
03:59 Pyro_ joined #salt
03:59 schemanic_ but a moment ago you said that sounded good. What is it if not includes?
04:00 Pyro_ joined #salt
04:00 hasues What were you wanting to put in the includes?
04:00 schemanic_ rex.sls, anna.sls, jimbo.sls
04:00 schemanic_ so like, everyone is their own file
04:00 hasues I would put that in the admin.sls
04:01 schemanic_ and groups are just sls files that include the people in the groups
04:01 XenophonF you can just have rex.sls and anna.sls and jimbo.sls. and then in top.sls, you just list them out per machine/group/whatever
04:01 XenophonF - rex
04:01 XenophonF - anna
04:01 Pyro_ joined #salt
04:01 XenophonF - jimbo
04:01 hasues Yeah.
04:01 schemanic_ yeah but that reads terribly
04:01 XenophonF agreed
04:01 XenophonF like i said, you end up re-creating your AD domain in Salt
04:02 schemanic_ I guess what I'm asking is why includes are not recommended. Just because I'd be recreating the AD?
04:02 Pyro_ joined #salt
04:02 XenophonF oh I don't like includes b/c they end up mutating things in ways that are potentially very confusing for newbs
04:02 schemanic_ ah
04:02 schemanic_ That makes sense
04:02 XenophonF where newb == me six months from now ;)
04:03 schemanic_ Word. I hear you. I'm teaching myself all of this stuff so yeah going nonstandard out of the box would bewilder me about a month ago
04:03 hasues I guess my thought is, why put an include when you add them individually, isn't that doing what you are wanting?  You are going to have something there to specify it?
04:03 schemanic_ hasues, it would just be for organization's sake
04:03 hasues Okay.
04:04 XenophonF if you can, group them in meaningful ways
04:04 schemanic_ Right
04:04 XenophonF users/admins.sls, users/devel.sls, users/mgmt.sls
04:04 XenophonF etc.
04:04 schemanic_ yes absolutely
04:04 XenophonF so what's stopping you from joining boxes to your AD domain?
04:04 netcho_ joined #salt
04:04 XenophonF b/c that's the better solution
04:05 schemanic_ A different way to look at the problem would be to ask exactly that - how can I join unix and macos to my Azure AD?
04:05 XenophonF I mean, Salt's great and all, but...
04:05 hasues Samba.
04:05 XenophonF I am all over AD/Unix interop - just a sec.
04:05 schemanic_ I think I had some doubts that we actually had a fully fledged domain
04:05 XenophonF that or sssd
04:05 schemanic_ Our AD is whatever comes out of the box with an Office 365 Buisiness account
04:05 hasues That will give you the passwords and access of what to run on a box, but you won't have the machine accounts, I believe.
04:06 XenophonF https://docs.microsoft.com/en-us/azure/active-directory-domain-services/active-directory-ds-admin-guide-join-rhel-linux-vm
04:06 hasues I'm using sssd with IPA, but I don't think that makes the box show up in the AD tree and such, but then I never really was able to carry it thar far.
04:07 XenophonF that uses realmd and sssd
04:07 schemanic_ Ah, I found that but didn't read super far
04:07 hasues Oh I see.
04:08 XenophonF skip the bits at the top where they have you launch inside Azure
04:08 schemanic_ I had assumed that it relied on the machine being in the Azure infrastructure
04:08 schemanic_ right - thats what stopped me
04:08 XenophonF if your Windows boxes can join the domain, then the Linux ones should be able to, too
04:08 XenophonF I mean, the Windows boxes are all using Kerberos and LDAPS just like Linux.
04:09 schemanic_ Okay that looks promising, so what does this get me out of the box on my linux/macos machines? Will it make an account on the box at first login and such?
04:09 XenophonF you should be able to enable LDAPS over the Internet
04:09 XenophonF so on the Linux boxes, you can enable pam_mkhomedir
04:09 schemanic_ I'm sorry, I'm not familiar with LDAPS
04:09 XenophonF might be the default
04:10 XenophonF LDAPS is LDAP over TLS, just like HTTPS is HTTP over TLS
04:10 schemanic_ Ah okay. My biggest concern is that I don't have a place to host my own server for a *nix directory
04:10 XenophonF um, anyway pam_mkhomedir will create the home directory
04:10 XenophonF You shouldn't need one.
04:10 schemanic_ I see a lot of stuff that talks about syncing to an ldap server first
04:11 schemanic_ this is really cool
04:11 XenophonF really? I mean, AD _is_ an LDAP server
04:11 schemanic_ I've also never implemented one before so it might just be my inexperience.
04:12 XenophonF it's OK
04:12 schemanic_ XenophonF, will this stuff work on macos? pam_mkhomedir?
04:12 XenophonF hang on let me look at what Office 365 Business gives you
04:13 XenophonF yes it basically works the same on macOS, although the software stack is completely different
04:14 schemanic_ Yes, we are on Office 365 Business Premium
04:15 XenophonF I assume you have AD setup in the "Cloud Identity" model?
04:17 schemanic_ I think so. Everything came through Office 365 when we set it up. I did the domain migration through that admin portal. I only found Azure AD when I wanted to change my company's login screen
04:18 XenophonF How do you join your Windows systems to the domain?
04:19 schemanic_ They arent right now
04:20 schemanic_ But we know that if a windows user tries to log into a Windows 10 box with their 365 account, it stands up a local profile associated with their 365 account on the box
04:20 XenophonF ah
04:20 XenophonF OK, I get it now.
04:21 hasues I wouldn't think that would be possible without a domain trust.
04:21 XenophonF well, this is lame, but it looks like you might have to use Azure Active Directory Connect
04:21 XenophonF which does indeed set up replication between Office 365 and a local AD domain controller
04:21 XenophonF sorry
04:21 schemanic_ Yeah
04:21 schemanic_ Thats what I was concerned about
04:22 XenophonF directory sync with sso
04:22 hasues I think we use Okta for the SSO.
04:22 schemanic_ yeah. It seems I CAN log into Azure AD and mess with users there
04:22 schemanic_ but I think that it's actually AD 'lite'
04:23 XenophonF I don't want to drag schemanic_ down the federated identity path
04:23 hasues That does sound like federation of some sort.
04:24 schemanic_ I understand that Federated is great once implemented, but I think we'd need to buy it from a company or own standing it up ourselves
04:24 XenophonF schemanic_: if you can configure secure ldap to the azure ad domain behind your office 365 account, then this whole "join linux to office 365" thing is easy
04:24 XenophonF but i don't know what's possible
04:25 schemanic_ hmm
04:25 XenophonF i support federated identity at NIAID
04:25 XenophonF there are some great use cases, but the learning curve is steep
04:25 schemanic_ You sound like you have better resources than I do
04:26 schemanic_ I'm a customization developer who asked to take on devOps because they fired the guy who was doing a poor job of it in a round of layoffs.
04:27 schemanic_ We have less than 50 people, and less than 5 who understand that devOps is a necessity, not a nice-to-have
04:27 XenophonF well seeing as how NIH is facing budget cuts next FY... :-/
04:27 XenophonF yikes
04:28 XenophonF yeah the devops stuff is pretty critical
04:28 schemanic_ I'm sorry - it wasnt my intent to play 1-upman-ship
04:28 XenophonF no not at all
04:28 XenophonF no worries!
04:28 schemanic_ :)
04:29 XenophonF well this sucks - i'm not finding anything about office 365 and mac/linux domain joins
04:30 XenophonF azure AD - yes, plenty of stuff, but not office 365
04:32 onlyanegg joined #salt
04:36 jdipierro joined #salt
04:36 XenophonF schemanic_: https://blogs.technet.microsoft.com/elliottf/2017/02/28/domain-joining-servers-to-azure-ad-domain-services-office-365-tenant/
04:37 schemanic_ mmm. Still relies on buying it from MS
04:37 schemanic_ Thank you for the resource though
04:38 XenophonF man, I wish I could be more help
04:39 schemanic_ It's okay, you really have been. Its true that I'm basically making a directory myself but it will be flexible until we can buy one
04:45 preludedrew joined #salt
04:46 Bock joined #salt
04:59 XenophonF well suffice it to say that the docs for salt.states.boto_iam are wrong
05:00 XenophonF i'll write up a PR tomorrow
05:01 theblazehen joined #salt
05:02 XenophonF finally, it works
05:02 Pyro_ joined #salt
05:18 nikdatrix joined #salt
05:19 edrocks joined #salt
05:27 onlyanegg joined #salt
05:41 jas02 joined #salt
05:56 netcho_ joined #salt
05:57 candyman88 joined #salt
05:57 felskrone joined #salt
05:58 rdas joined #salt
06:01 ProT-0-TypE joined #salt
06:04 golodhrim|work|3 joined #salt
06:14 coredumb joined #salt
06:14 coredumb Morning
06:15 coredumb Is there a way to ping the server from the minion ?
06:23 yuhl______ joined #salt
06:29 basepi joined #salt
06:30 dwfreed joined #salt
06:30 kuromagi joined #salt
06:30 relidy joined #salt
06:30 evilrob joined #salt
06:30 Vye joined #salt
06:31 qman__ joined #salt
06:31 __number5__ coredumb: you can do `salt-call test.ping` on minions
06:33 Pyro_ joined #salt
06:33 bryguy joined #salt
06:35 karlthane joined #salt
06:41 ReV013 joined #salt
06:44 do3meli joined #salt
06:44 do3meli left #salt
06:48 oyvindmo joined #salt
06:53 Ricardo1000 joined #salt
06:56 jas02 joined #salt
06:57 evidence joined #salt
07:05 candyman88 joined #salt
07:06 aldevar joined #salt
07:14 ivanjaros joined #salt
07:15 Hybrid joined #salt
07:16 dariusjs joined #salt
07:17 coredumb __number5__: isn't it pinging itself locally ?
07:18 CrummyGummy joined #salt
07:19 nikdatrix joined #salt
07:20 dariusjs joined #salt
07:23 __number5__ coredumb: but it also talked to the salt-master while doing it, basically if salt-call anything succeed the connection to master is ok
07:26 coredumb __number5__: oh ok
07:26 coredumb interesting :)
07:27 coredumb so if it couldn't connect the server the result would fail right ?
07:27 __number5__ yes (unless the minion running in masterless mode)
07:29 nikdatrix joined #salt
07:29 o1e9 joined #salt
07:32 coredumb __number5__: OK thanks :)
07:34 __number5__ np
07:35 yuhl______ left #salt
07:38 JohnnyRun joined #salt
07:41 sh123124213 joined #salt
07:41 onlyanegg joined #salt
07:47 ronnix joined #salt
07:52 chowmein__ joined #salt
07:54 Rumbles joined #salt
07:57 jas02 joined #salt
08:01 mikecmpbll joined #salt
08:03 ReV013 joined #salt
08:03 hasues left #salt
08:05 evidence joined #salt
08:05 strohi joined #salt
08:05 jas02_ joined #salt
08:09 strohi g'day
08:09 Reverend what up Straphka
08:09 Reverend strohi
08:09 Reverend sorry for waking you Straphka.
08:10 strohi i have some trouble with matching pillar data in pillar top.sls
08:10 strohi i assign roles with mathing the minion IDs. that works fine when using salt-call.
08:11 strohi when i say 'roles:redis' - match: pillar in top.sls i get "[ERROR   ] Got a bad pillar from master, type str, expecting dict: "
08:12 Reverend can haz your top pls
08:12 strohi yea, i upload it
08:14 strohi Reverend: http://paste.debian.net/926991/
08:15 strohi when i change line 9 to grain it does not complain (applied the roles first as grains, but think pillar would be better)
08:16 willprice joined #salt
08:16 Reverend do you have a roles pillar?
08:17 Reverend if so... gimme your pillar top and your roles pillar :D
08:17 strohi http://paste.debian.net/hidden/7a46449b/
08:18 strohi i'm still in wakeup mode, sry ^^
08:18 Reverend take your time man :) s'all good.
08:18 strohi salt-call mine.get 'roles:redis' network.ip_addrs pillar
08:18 strohi this works fine on s01
08:19 Reverend hmmmmmmmmmmmmm. isn't a dictoinary formatted without hyphens in yaml?
08:19 Reverend oh
08:19 Reverend weird
08:19 Pyro_ joined #salt
08:19 Reverend im just thinking outlout here btw... I'm not sure if that's the case.
08:19 strohi it just complains when changing line 9 in topsls :D
08:19 Reverend yeah it's finding a string instead of a dictionary somewhere
08:19 JohnnyRun joined #salt
08:20 fgimian joined #salt
08:20 Reverend I'm surprised your yaml doesn't complain about duplicate names on your sls in pillar/hosts
08:21 strohi ah, it's two files
08:21 edrocks joined #salt
08:21 Reverend ohh
08:21 strohi but cat eat the filebreak
08:21 Reverend oyeah
08:21 Reverend and your pillar/top.sls says what?
08:21 strohi the first paste
08:21 Reverend oh that's your pillar top? not your states top?
08:21 strohi ye
08:22 kevc Passing on saltutil error. This may be an error in saltclient. 'retcode'  -- anyone seen this error?
08:22 Reverend I'm 100% unsure how you are expecting the pillar to know where to send pillars based on pillars
08:22 Reverend :D
08:22 Reverend i.e. how can you say "you can have this pillar as long as you have this pillar"
08:22 Reverend it's circular
08:22 strohi it's magic, as usual!
08:22 Reverend \shrug
08:23 Reverend to answer my own question... I'm going to say that you can't. >:)
08:23 ACz left #salt
08:23 strohi then i missunderstand the docu
08:23 Reverend unless something in '*' is telling that server to use redis:redis
08:23 Reverend roles:redis*
08:24 Reverend I mean, maybe you can... but I can't see how you'd ever make that work... because it's a chicken-or-egg situation
08:25 Reverend strohi: which pillar is it that contains the roles? (in your top, like, what's it called)
08:25 strohi hosts.*
08:25 Reverend OH my bad
08:25 strohi i resort the top.sl
08:26 it_dude joined #salt
08:27 Reverend oh I have no idea, but I can't see any reference to hosts.* in your top except on the srv-<something> servers
08:28 strohi hm
08:28 netcho_ joined #salt
08:28 Mattch joined #salt
08:29 strohi this does not complain as well salt -C 'I@roles:redis' mine.get 'I@roles:redis-master' network.ip_addrs compound
08:32 strohi Reverend: ok, i leave it with the roles in grains for now. thx for your time :)
08:35 s_kunk joined #salt
08:35 pbandark joined #salt
08:38 jdipierro joined #salt
08:38 Reverend hmm weird
09:07 jespada joined #salt
09:13 jespada joined #salt
09:16 toanju joined #salt
09:17 ivanjaros joined #salt
09:21 dariusjs joined #salt
09:24 ivanjaros joined #salt
09:27 netcho_ joined #salt
09:42 onlyanegg joined #salt
09:46 Rupesh_ joined #salt
09:49 Pyro_ joined #salt
09:52 it_dude joined #salt
09:59 ronnix joined #salt
10:06 cdunklau what's the story with python 3 support? any idea when it will hit?
10:06 hemebond cdunklau: It's in progress.
10:06 cdunklau hemebond: well i know that much :)
10:07 hemebond ????
10:08 Rupesh_ left #salt
10:08 cdunklau I've been writing some libs to automate config of our products, targeting python 3, but now i realize that i'll want to use them with proxy minion at some point
10:11 cdunklau hemebond: i'm not seeing a milestone for specifically python 3. is there some other place I can track the status?
10:11 hemebond I saw a few issues in Github today.
10:12 hemebond There might be a particular issue to track it or maybe it's just something they're working on as they go.
10:14 cdunklau aha https://github.com/saltstack/salt/issues/11995#issuecomment-289060670
10:14 saltstackbot [#11995][MERGED] Python 3 Support | Salt is currently not compatible with python 3. Ubuntu trusty and above default to using python 3, so it would be really nice to be able to run salt in the default python version....
10:14 cdunklau kick but
10:14 cdunklau butt* :D
10:16 pbandark joined #salt
10:21 cdunklau i hope the devs don't make the mistake of using the unicode_literals __future__ import everywhere. might play hell with paths
10:23 edrocks joined #salt
10:24 cdunklau https://github.com/PythonCharmers/python-future/issues/22 has a bunch of good discussion on the subject
10:24 saltstackbot [#22][MERGED] Proposal to not use unicode_literals | I want to propose not using unicode_literals for this undertaking.  Only a very low number of people are using Python 3.2 or older and being explicit about unicode strings makes Python code less error prone....
10:24 pbandark joined #salt
10:26 mage_ I have a command which return an exit code of "1" even in case of success, is there a way to not fail with cmd.run when the returned exit status is 1 ?
10:37 mjimeneznet joined #salt
10:38 dendazen joined #salt
10:38 mjimeneznet Hello, I have one doubt about for loop, Is any way to do a loop over the value of a pillar variable: I mean, I have a pillar with "workers: 4", then I want iterate 4 times in the salt, with {% for worker in workers... %}
10:43 toanju joined #salt
10:46 hemebond mjimeneznet: http://jinja.pocoo.org/docs/2.9/templates/#range
10:49 J0hnSteel joined #salt
10:50 mjimeneznet hemebond: thanks! Is this! :)
10:50 hemebond ????
10:52 dariusjs joined #salt
11:01 Praematura joined #salt
11:08 ahrs joined #salt
11:08 dnull joined #salt
11:15 amcorreia joined #salt
11:20 Pyro_ joined #salt
11:32 Rumbles joined #salt
11:33 lorengordon mage_: presuming this is linux, tack `|| true` to the end of the command
11:34 hemebond Oh, nice.
11:35 Pyro_ joined #salt
11:36 lorengordon cdunklau: you might want to put your comment re unicode literals on this issue: https://github.com/saltstack/salt/issues/37692
11:36 saltstackbot [#37692][OPEN] Change Salt to default to Unicode for STR in Develop | Description of Issue/Question...
11:40 cdunklau lorengordon: thanks, done
11:43 onlyanegg joined #salt
11:44 cdunklau looks like it was brought up in https://github.com/saltstack/salt/pull/39430  as well
11:44 saltstackbot [#39430][MERGED] More Py3 Fixes |
11:49 fuzzy-id joined #salt
11:50 fuzzy-id i have a pki infrastructure more or less as described in `salt.states.x509` docs
11:50 GnuLxUsr joined #salt
11:50 fuzzy-id problem is that the certificate get's regenerated on every run
11:50 fuzzy-id i.e. the client certificate
11:51 fuzzy-id has anyone run into this issue already?
11:54 onlyanegg joined #salt
11:58 evle1 joined #salt
12:00 ivanjaros joined #salt
12:10 dendazen joined #salt
12:15 GnuLxUsr joined #salt
12:18 jas02 joined #salt
12:20 jas02_ joined #salt
12:22 ulrich joined #salt
12:30 numkem joined #salt
12:31 XenophonF joined #salt
12:31 XenophonF greetings, programs!
12:32 jas02 joined #salt
12:32 ssplatt joined #salt
12:35 dariusjs joined #salt
12:43 jas02_ joined #salt
12:50 jas02 joined #salt
12:54 edrocks joined #salt
12:59 jdipierro joined #salt
13:08 squishypebble joined #salt
13:10 rem5 joined #salt
13:11 dyasny joined #salt
13:16 jas02 joined #salt
13:16 Rumbles joined #salt
13:20 jas02_ joined #salt
13:25 _JZ_ joined #salt
13:37 ronnix joined #salt
13:37 Tanta joined #salt
13:38 theblazehen joined #salt
13:40 racooper joined #salt
13:41 manji has anyone here tried the monit module with monit > 5.20
13:41 manji ?
13:46 cingeyedog joined #salt
13:49 cingeyedog joined #salt
13:50 Pyro_ joined #salt
13:51 jas02 joined #salt
13:52 schemanic joined #salt
13:52 schemanic_ joined #salt
13:52 cingeyedog left #salt
13:54 dariusjs joined #salt
13:55 netcho_ joined #salt
13:56 jdipierro joined #salt
13:57 jas02 joined #salt
14:01 zzzirk joined #salt
14:07 fuzzy-id left #salt
14:15 Brew_ joined #salt
14:21 pipps joined #salt
14:23 pipps joined #salt
14:23 mpanetta joined #salt
14:30 PatrolDoom joined #salt
14:35 promorphus_home joined #salt
14:36 SaucyElf joined #salt
14:39 rbjorklin joined #salt
14:41 rbjorklin Good evening! Is there a way to override the cacert.pem bundled with the requests library that saltstack depends on? We have our own CA and we're met with this error:
14:41 rbjorklin [ERROR   ] Exception raised when processing __virtual__ function for zabbix. Module will not be loaded [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)
14:42 rbjorklin The system CA has been updated and using curl to communicate with the server towards salt fails works like a charm.
14:44 ivanjaros joined #salt
14:46 jdipierro joined #salt
14:47 jas02 joined #salt
14:51 tapoxi joined #salt
14:58 speedlight joined #salt
15:00 sarcasticadmin joined #salt
15:00 promorphus_home Anyone know if it's possible to using batching in an orchestration run (not invoked with -b on the commandline)? I've looked at a couple of pr's online, but they look unfinished / undocumented
15:03 cdunklau rbjorklin: is that on the minion?
15:05 Praematura joined #salt
15:05 rbjorklin cdunklau: Yes
15:05 rbjorklin However the master has accepted the CA too
15:06 cdunklau rbjorklin: what's the full traceback?
15:06 cdunklau rbjorklin: and what triggered it?
15:09 cyborg-one joined #salt
15:11 hasues joined #salt
15:11 hasues left #salt
15:12 mikecmpbll joined #salt
15:20 rbjorklin cdunklau: https://pastebin.com/aNYzg6zt
15:20 rbjorklin cdunklau: Triggered by: salt-call -l debug zabbix.host_get host.company.com
15:22 toastedpenguin Setup the sqs engine and verified that salt is grabbing the messages from the correct queue, want to create a reactor to execute a state based on specific messages in the queue, do I use tags for the reactor defined in the reactor or in the sqs engine conf or something else?
15:22 rbjorklin cdunklau: However it can be triggered by doing: python -c "import requests ; requests.get('https://host.company.com')"
15:23 cdunklau rbjorklin: this looks relevant https://github.com/saltstack/salt/issues/19508
15:23 saltstackbot [#19508][OPEN] salt-ssh should not use distro-specific Python libraries in the thin tarball | My recent issues (#16773, #17313, #18291) boil down to salt-ssh taking system-level Python libraries on my host, Ubuntu 14.10, and attempting to use these on the target machine.  In my case, because the libraries (requests, urllib3 -- so far) have been patched specifically for Ubuntu/Debian, they understandably fail to work on my RHEL/CentOS targets.  Whilst certa
15:23 rbjorklin cdunklau: But curl https://host.company.com works without fault
15:23 cdunklau rbjorklin: what OS does your minion have?
15:25 rbjorklin Centos 7.3
15:25 rbjorklin cdunklau: Both master & minion use Centos 7.3
15:28 cdunklau rbjorklin: try the direct requests run with REQUESTS_CA_BUNDLE=/etc/pki/tls/certs  or whatever is right for your machine
15:28 cdunklau rbjorklin: then try the salt-call thing
15:29 cdunklau rbjorklin: oh, and do python -c 'import requests; print(requests.__version__)' too
15:30 rem5 joined #salt
15:31 rbjorklin cdunklau: requests version is 2.6.0
15:31 cdunklau rbjorklin: that appears to support REQUESTS_CA_BUNDLE
15:32 babilen promorphus_home: I believe that orchestrate takes batch as argument (cf. https://github.com/saltstack/salt/issues/12556)
15:32 saltstackbot [#12556][MERGED] [Feature Request] Batch mode in orchestrate runner | It would be good to have the batch mode in orchestrate runner's "state specifications"....
15:33 promorphus_home saltstackbot: yeah, that's what i was looking at. but adding the '- batch: "whateverpercent%"' arg runs the state with essentially an unparseable / readable output along with an error saying that the state output came back out of order, so I don't know if it's actually correct or not
15:34 babilen promorphus_home: saltstackbot is, as the name tries to convery, a bot :)
15:34 promorphus_home doh
15:35 cdunklau babilen: lies! saltstackbot is a valued human person member of the community!
15:35 promorphus_home was at the wrong person, my fault
15:35 cdunklau babilen: i'll not have your slander here!
15:35 SneakyPhil I've got a question about managing selinux contexts for files/directories.
15:35 cdunklau saltstackbot is just a really fast typer
15:36 keldwud joined #salt
15:36 babilen promorphus_home: How are you running it?
15:36 bvcelari joined #salt
15:36 promorphus_home the orchestrate? sudo salt-run state.orch orch.file
15:36 rbjorklin cdunklau: I tried with REQUESTS_CA_BUNDLE before but it seems to fail anyway which is strange
15:37 SneakyPhil I've found in a 5 year old ticket https://github.com/saltstack/salt/issues/1349
15:37 saltstackbot [#1349][OPEN] [FR] states.file selinux support | Hello...
15:37 SneakyPhil what's the procedure for getting any sort of eyes on it?
15:37 rbjorklin cdunklau: Also tried setting REQUESTS_CA_BUNDLE to something intentionally broken and it blew up showing that it is indeed reading it
15:37 cdunklau rbjorklin: hmm. is your CA cert hashed?
15:37 rbjorklin cdunkalu: As in ASCII armored?
15:38 babilen promorphus_home: And what happens?
15:38 Lance_ joined #salt
15:39 Guest10462 hey guys - does anyone have any good links on managing Vyos/Vyatta firewalls with salt. I'm putting together a quick presentation. I've done it before just looking for a little literature to pass out. Thanks!
15:39 Guest10462 test
15:40 promorphus_home I get back successful states for the orchestrate states that dont have batching in them. For states that DO have batching in them, it essentially gives me the state output in one long crazy json string (assuming it's the internal salt structure before parsing into readable output) and an error saying 'The State execution failed to record the order in which all states were executed."
15:41 cdunklau rbjorklin: openssl's c_rehash thing
15:42 babilen So https://github.com/saltstack/salt/issues/38604 , promorphus_home ?
15:42 saltstackbot [#38604][MERGED] Using "batch" with saltmod errors with "ValueError: need more than 2 values to unpack" | I am using reactor to then trigger and orchestration task.  The task(s) that are being ran is a bunch of saltmod commands (forgive me if that is not the right name for them).  However, when trying to specify a batch count in the saltmod, I get the following error message, "ValueError: need more than 2 values to unpack." ...
15:43 promorphus_home That....yes...
15:43 promorphus_home I've been googling for 30 minutes and somehow havent gotten that as a result
15:44 promorphus_home wait, so that merge should already be in 2016.11.3, correct?
15:44 cdunklau rbjorklin: do you have anything in the certs dir that looks like 08aef7bb.0 and is symlinked to your private CA cert?
15:44 babilen promorphus_home: Could you apply https://github.com/saltstack/salt/pull/38668/files to salt/cli/batch.py and see if that fixes it?
15:44 saltstackbot [#38668][MERGED] Fix proposal for #38604 | This changes it so that the batch return is returned to ``salt.states.saltmod.state()``. I'm not entirely certain how this will impact ``_run_batch()`` in salt/cli/salt.py, however. I tried dropping in logging and launching pudb from the block of code that checks the retcode (see [here](https://github.com/saltstack/salt/blob/7b850d472de51fce40211f2016d4e82f8a15319a/salt/cli/salt.py#L244)), and the flow does not ap
15:44 promorphus_home and im using that specific version, 2016.11.3
15:44 babilen saltstackbot: Enough now
15:45 cdunklau yeah that's a bit too much "context" it tries to give :3
15:45 promorphus_home yeah, let me try to apply it
15:46 babilen Look as if it would already be in 2016.11.2
15:47 Trauma joined #salt
15:47 promorphus_home ok, it's already patched, apparently that went in a while ago
15:48 rbjorklin cdunklau: Nope, running c_rehash hasn't created something like that either
15:49 babilen promorphus_home: I guess that you are running into a very similar issue. My recommendation would be to open a new issue, link #38604 from there and provide a complete example of the problem
15:50 bvcelari Hello!! , I am trying to apply states using some grains definition in top.sls file, I am not sure why is not working.
15:50 bvcelari answer from grains.get is like this:
15:50 bvcelari my_roles:
15:50 bvcelari - server_a
15:50 Praematura joined #salt
15:50 bvcelari and my top.sls is like this:
15:50 bvcelari base:
15:50 bvcelari 'my_roles:server_a':
15:50 bvcelari - match: grain
15:50 bvcelari - testconfig.myfile
15:50 promorphus_home I've actually gotten it working, (I think), now it's just reporting an error that actually doesnt exist
15:50 cdunklau rbjorklin: you should be able to get the hash with openssl x509 -hash -noout -in path/to/yourca.pem
15:50 bvcelari any clue of what I am doing wrong? the answer from salt is like :  "No Top file or external nodes data matches found."
15:51 promorphus_home Comment: Run failed on minions: consul.Instance1.us-east-1.automation, consul.Instance0.us-east-1.automation
15:51 promorphus_home Failures:
15:51 promorphus_home and the failures block is nothing but successful states
15:51 cdunklau rbjorklin: and the symlink should be named the same as the hash that gives you, with a .0 or something suffix
15:51 promorphus_home *dumbfounded*
15:51 dezertol joined #salt
15:52 rbjorklin cdunklau: Copied my CA from /etc/pki/ca-trust/source/anchors/company_internal_ca.pem to /etc/pki/tls/certs and c_rehash, I know have the file you mentioned but it's still not working :/
15:52 keldwud joined #salt
15:52 cdunklau rbjorklin: even with specifying the env var?
15:54 rbjorklin cdunklau: Yes, I pointed the env var towards the .0 file and still a no go
15:54 babilen promorphus_home: What was the issue?
15:54 pcn I have a question about https://docs.saltstack.com/en/latest/ref/clients/#runnerclient: the signature for async being so different from cmd surprises me. Is it correct?
15:54 promorphus_home literally, no issue
15:54 promorphus_home it gives me the red text that i pasted above, and a bunch of successful states
15:54 promorphus_home which is....weird
15:55 cdunklau rbjorklin: blarg. what if you do requests.get('https://theserver', verify='path/to/the/cert/itself.pem')
15:55 tiwula joined #salt
15:55 babilen promorphus_home: Could you paste the output? I always work better if I see things :)
15:56 pcn And if that documentation is correct, what are the appropriate keys and values for the low data?
15:57 promorphus_home sure, one moment
15:57 promorphus_home do you need text or an image ok?
15:59 pcn promorphus_home: if you can get the text in a gist I'm sure it'll be easier to troubleshoot
15:59 promorphus_home babilen: pm'd you the message
15:59 promorphus_home yeah, it's gisted and in the link
16:00 Heartsbane joined #salt
16:00 Heartsbane joined #salt
16:00 DammitJim joined #salt
16:03 cdunklau rbjorklin: if _that_ doesn't work, then i suspect your server is set up wrong. like it's not sending intermediate certs or something
16:04 cdunklau rbjorklin: but i don't know if salt does the thing to shove the system CA bundle into requests
16:06 aldevar left #salt
16:07 cdunklau rbjorklin: err hmm. are you sure this is because of requests?
16:07 cdunklau rbjorklin: looks like salt.utils.http has several backends to choose from
16:08 cdunklau oh yeah it is, it's in the traceback
16:09 cdunklau rbjorklin: as far as i can tell, salt uses this function to give requests (or whatever other backend) the CA bundle dir https://github.com/saltstack/salt/blob/develop/salt/utils/http.py#L630
16:10 candyman88 joined #salt
16:11 nixjdm joined #salt
16:12 zzzirk joined #salt
16:12 cdunklau rbjorklin: other than that i'm lost. sorry
16:13 mikea joined #salt
16:14 mikea Anyone seen this from salt-api before? AttributeError: 'Toolbox' object has no attribute 'cpstats'
16:15 netcho_ joined #salt
16:15 Inveracity joined #salt
16:15 Pyro_ file_roots:
16:15 Pyro_ base:
16:15 Pyro_ - /srv/git/saltmaster/base/states
16:15 Pyro_ development:
16:15 Pyro_ - /srv/git/saltmaster/development/states
16:15 Pyro_ I just switched to move a ton of my states to base, and now when targeting a state that is in a different "env" it can't see the state.  I have the following file_roots setup:
16:16 Pyro_ But calling a state in "development" can't find the sls.
16:16 Pyro_ Any Ideas where to start looking.
16:18 bvcelari @Pyro_, I think that you can use -l debug, and at the begining of the debug, you will see the environment that is usign.. .probably a missconfiguration, but I am just a rookie that stopped by and asked for hel
16:18 bvcelari p
16:19 bvcelari and... something needed to be added to your base file, to be able to use saltenv values, if I recall right
16:20 woodtablet joined #salt
16:20 Pyro_ Yeah, i'm sure it is a config issue, since it hasn't worked yet this way.  It was all a massive refactoring I did.
16:23 SaucyElf joined #salt
16:24 bvcelari stilll -l debug is your best friend, sadly, is one of the ugliest things in salt imho
16:24 bvcelari here I am trying to apply highstate using custom grains
16:25 bvcelari with no luck
16:25 bvcelari despite I can hit them using -C 'G@customgrain:role:lalala'
16:25 Pyro_ Yeah, that is where I first saw the issue.  _grains isn't seen at all
16:26 bvcelari salt '*' grain.items.. should return a bunch
16:26 Pyro_ I can't see anything in "/var/cache/salt/minion/files/development/"
16:26 bvcelari or... your minions are not there anymore (pls, read my words carefully, as I said, I am nobodyhere)
16:26 Pyro_ But can see all of the base in "/var/cache/salt/minion/files/base/"
16:27 bvcelari restart salt-master, that may spot some issues reading the config, and increase from info (I am guessing) to debug in file
16:28 mikea where can you set cherrypy config options for salt-api?
16:29 Pyro_ restarted salt-master again.  "No matching sls found for 'java' in env 'base'"
16:29 Pyro_ Base works great, but the other environments defined, aren't seen.
16:29 Pyro_ And so things like the java state are trying to pull from base, not "development" in this case.
16:30 Pyro_ I'm looking at the merging configs in /etc/salt/master, maybe I'm missing something there...
16:37 GMAzrael_ joined #salt
16:38 GMAzrael joined #salt
16:40 promorphus_home Pyro: do you have environments defined in your top.sls file as well?
16:41 promorphus_home Pyro_: rather.
16:46 Rumbles joined #salt
16:47 Pyro_ I do.  I have the base:   and then the others, e.g. development:
16:48 Pyro_ When I run this "salt 'LI10021' state.show_top" I only see the states for base.
16:50 Pyro_ Since I changed this up, do I need to do something to clear the cache, or re-bootstrap the minions?
16:50 Pyro_ base: used to point to "development:".  Now I have a real base, and separate env called "development:"
16:56 jas02 joined #salt
17:08 pipps joined #salt
17:14 pipps joined #salt
17:15 ChubYann joined #salt
17:16 Trauma joined #salt
17:29 Pyro_ Alright, i found my issue.   I missed adding the "- match: grain_pcre" in my top.sls, so it wasn't matching the grains that I was expecting it to.
17:31 edrocks joined #salt
17:36 sh123124213 joined #salt
17:40 toastedpenguin anyone use a reactor with AWS sqs?  Looking for help with tags for the sqs messages
17:45 Edgan joined #salt
18:03 stankmack joined #salt
18:05 s_kunk joined #salt
18:08 promorph_ joined #salt
18:15 onlyanegg joined #salt
18:16 mikecmpbll joined #salt
18:40 SaucyElf_ joined #salt
18:49 candyman88 joined #salt
18:51 jfelchner joined #salt
18:59 cyborg-one joined #salt
19:00 impi joined #salt
19:01 aldevar joined #salt
19:01 rem5 joined #salt
19:03 djgerm joined #salt
19:09 edrocks joined #salt
19:09 filippos joined #salt
19:24 pipps joined #salt
19:30 pipps joined #salt
19:31 twiedenbein joined #salt
19:31 bvcelari joined #salt
19:36 pipps joined #salt
19:38 Trauma joined #salt
19:42 pipps joined #salt
19:48 pipps joined #salt
19:50 Rumbles joined #salt
19:51 netcho_ joined #salt
19:58 bvcelari joined #salt
20:01 Pyro_ joined #salt
20:01 pipps joined #salt
20:06 rem5 joined #salt
20:10 Rumbles joined #salt
20:12 jas02 joined #salt
20:19 pipps joined #salt
20:25 jodok joined #salt
20:25 shoemonkey joined #salt
20:26 jodok hi, what’s the best way to override a state from an include? my use-case: in top.sls i include common.sls which disables selinux. how i have a couple of hosts where i want to enable selinux? do i just define a second state (with a different name) in the myserver.sls that overrides the common.sls setting?
20:27 jodok this always generates a change event when i run highstate - but seems to work...
20:35 woodtablet hmm.. i dont want to have to restart salt if i update a nodegroup in the /etc/salt/master, can i use a seperate yaml file to define nodegroups ? i dont see that option here: https://docs.saltstack.com/en/latest/topics/targeting/nodegroups.html but i thought i heard someone in chat say they were doing it
20:36 aldevar left #salt
20:37 woodtablet or maybe someone can tell me why my pillar match is failing. (trying to avoid restarts). IE:   'I@nodes:super-server:*':    - match: compound -super, where nodes:super-server is a pillar with 1 item, minion2, but it always matches minion1
20:38 woodtablet i dont want to have to define the match, i want it to use the nodes listed in the dict
20:39 The-Loeki joined #salt
20:42 jas02 joined #salt
20:43 sh123124213 joined #salt
20:43 woodtablet oh my gosh, i see, is it because since the pillar is available to both minion1 and minion2, it matches? ahhh
20:43 woodtablet that explains it
20:46 bltmiller joined #salt
20:46 edrocks joined #salt
20:49 woodtablet yep, confirmed. nm then, i have talked myself in and out ^_~
20:52 pipps joined #salt
20:53 mpanetta joined #salt
21:00 tercenya joined #salt
21:06 bvcelari joined #salt
21:12 KyleG joined #salt
21:12 KyleG joined #salt
21:13 zulutango joined #salt
21:18 bltmiller will my orchestrator inherit all the pillar data available to my salt master?
21:31 schemanic_ joined #salt
21:31 schemanic joined #salt
21:35 candyman88 joined #salt
21:36 vaelen joined #salt
21:44 dendazen joined #salt
21:55 dfinn joined #salt
21:55 viq joined #salt
21:58 pcn Any scuttlebut on how the Nigrogen release process is going?
21:59 viq joined #salt
22:00 swills joined #salt
22:02 MajObviousman can I stick a minion in "offline" mode without deleting its key from the master's keystore?
22:09 dezertol /etc/init.d/salt-minion stop
22:16 Rumbles joined #salt
22:18 MajObviousman the minion in question is offline, but its still in the master's list of known minions
22:18 MajObviousman I want the master to recognize that the minion, or the salt-minion service on the minion, is offline and cease trying to reach it
22:18 MajObviousman until it checks back in again
22:27 bltmiller MajObviousman: no idea off top my head. have you checked here? https://docs.saltstack.com/en/latest/ref/runners/all/salt.runners.manage.html
22:28 MajObviousman ahh I forgot about that
22:29 raspado joined #salt
22:31 MajObviousman I guess it doesn't work all that well in my version (2015.5.11). Yes I know it is crustyold. No I can't change it right now.
22:31 * MajObviousman eyeballs a minion who comes up in not_present but responds to test.ping
22:31 MajObviousman s/comes up/shows up/
22:32 bltmiller I think that runner is mostly a reporting tool. haven't used it much, maybe someone else here might know more
22:32 hemebond MajObviousman: Most of those functions are broken or n/a
22:32 bltmiller well that's reassuring lol
22:33 Tanta joined #salt
22:33 MajObviousman seems that way. Looking in docs there's reaped and present, which both currently have the same docstrings
22:33 * MajObviousman will read code later to see what it is intended to do
22:34 Tanta I get happy whenever I see users looking at source code
22:34 Tanta it makes me think maybe one day I'll do that
22:35 MajObviousman hah
22:35 MajObviousman it's only a vim away
22:35 Tanta well it always works well enough so far
22:36 MajObviousman hmm what's more canonical in jinja templating, calling the grains hash directly or calling the grains.items function?
22:36 MajObviousman e.g. for example:    if 'CentOS-7' in grains['osfinger']            vs  if salt['grains.item']('osfinger', 'CentOS-7') == 'CentOS-7'
22:37 Tanta {% salt['grains.get']('key', default) %}
22:37 Tanta like that MajObviousman
22:38 MajObviousman calling the function is more canonical then?
22:38 Tanta it's the recommended way
22:38 Tanta you can collapse the keyspace too, like key:subkey:subkey
22:39 Tanta instead of ['key']['subkey']['subkey']
22:39 sarcasticadmin joined #salt
22:39 MajObviousman ok, thanks
22:40 MajObviousman what about grains.get vs grains.item ?
22:40 MajObviousman the latter seems like the former but it can return a list
22:40 Tanta grains.get returns whatever structure is associated with that key
22:40 Tanta string, dict, integer, list, etc
22:41 * MajObviousman thought that's what item did as well
22:41 * Tanta shrugs
22:41 Tanta never used item
22:43 MajObviousman looks like get is returning the straight result, whereas item is returning a hash. Which makes sense, as item can take multiple arguments
22:43 MajObviousman get silently ignores all but the first argument
22:43 MajObviousman TIL
22:44 Tanta not quite
22:44 Tanta the syntax is salt['grains.get']('key', default_value) (or pillar.get)
22:44 Tanta so you could do 'key', False for instance
22:45 Tanta it's useful when you want to write code that is entirely deterministic
22:45 * MajObviousman will play with it more
22:46 MajObviousman my testing just now was on the cli. I didn't think the difference would be that great
22:46 Tanta the cli is a bit funny
22:46 Tanta you can do salt-call pillar.items key:subkey too on the CLI
22:46 Tanta but in a state file or jinja template, you should use the syntax I showed you
22:49 hemebond MajObviousman: They were added for RAET but never fully implemented.
22:50 MajObviousman iiiiinteresting
22:52 tobiasBora Hello,
22:52 juntalis joined #salt
22:52 MajObviousman so looks like I'm using grains.item in a few places where I shouldn't be
22:52 MajObviousman good to know, will fix
22:53 tobiasBora I'd like to know, is it possible to use in a jinja file something like {{ pillar['hostname'] }} or {{ pillar['public_ip }}, with the ip automatically get from the system?
22:53 MajObviousman Tanta: thanks for the pointers
22:53 Tanta NP
22:58 MajObviousman my brain overfloweth with best practices questions apparently
22:58 hemebond tobiasBora: yes.
22:59 MajObviousman let's say I'm assigning a value to each minion based upon what location it's in. E.g. sea is Seattle, aus is Austin, etc etc. Is it better to set this up as an item in pillar, or as a grain on the minion?
22:59 hemebond MajObviousman: Pillar.
22:59 MajObviousman s'what I figured
23:00 MajObviousman is there a clean way to move such "standard" things out of top.sls and do an include?
23:00 hemebond What do you mean?
23:03 MajObviousman top.sls is the file that does the including of other things, more or less
23:04 hemebond Well, it applies the states, yeah.
23:04 MajObviousman right now I have a block of matchers to define location and a separate block to define environment (e.g. prod, dev)
23:05 MajObviousman I want to move these out of top.sls and include them
23:05 MajObviousman if I do a '*': include: env, it parses the entirety of the included file and assigns it as if it was a normal pillar hierarchy instead of treating the entries as matchers
23:06 edrocks joined #salt
23:06 MajObviousman if I just do an include: env, it gets ignored (not sure why)
23:08 MajObviousman https://gist.github.com/anonymous/1b5f22d6fd394987ab9316bf3af93a29   here
23:08 MajObviousman if I move this location block out into location.sls and include it, then it gets parsed like yaml and included in pillar
23:09 hemebond You have a state called envinclude?
23:09 MajObviousman this is my pillar
23:09 hemebond Ah. Pillar file called envinclude.sls?
23:11 MajObviousman yep, gisting onesec
23:11 hemebond MajObviousman: Yes, I don't think you can include: within a top file.
23:11 MajObviousman I would really love to do so
23:12 MajObviousman would clean up my top.sls considerably
23:12 hemebond I'm not even sure if include: works in pillars.
23:12 hemebond You could just use Jinja to import/include it.
23:12 MajObviousman it's kind of interesting
23:12 Tanta include works in pillar
23:12 Tanta it's a good way to meta-include and have a clean top file
23:12 hemebond But then your top.sls is all over the place and that's not nice.
23:12 Tanta I have /srv/pillar/roles/webserver.sls which includes all the relevant pillars
23:12 MajObviousman https://gist.github.com/anonymous/6a41fc52d726e898b6c121c6ed3b3a4a
23:13 MajObviousman there's the envinclude.sls
23:14 MajObviousman well blow me down, it's because I was putting the include inside my base:
23:14 MajObviousman it's the little things
23:14 jas02 joined #salt
23:14 MajObviousman hemebond: my top.sls is growing out of control, so I'm needing to federate out with include for sanity's sake
23:15 londo joined #salt
23:16 hemebond MajObviousman: Is that because you're using it for many different environments and projects?
23:16 MajObviousman mostly. We're mid-transition on CentOS 6 to CentOS 7 and a renaming
23:17 MajObviousman that's what all the 'not ( sev*dev* or sev*demo* )'   junk is
23:19 tobiasBora hemebond: Then could you explain me how ? ^^
23:22 prg3 joined #salt
23:22 hemebond tobiasBora: Grains
23:25 tobiasBora hemebond: Thank you. However,  salt.grains.core.ip4_interfaces() provides all address, after I need to parse it by hand to get public address ?
23:25 tobiasBora (ip a usually returns something like "scope global" for public address, so I think there is a cleaver way to proceed)
23:26 lookcrabs joined #salt
23:28 hemebond tobiasBora: https://docs.saltstack.com/en/develop/ref/modules/all/salt.modules.network.html#salt.modules.network.ip_addrs
23:28 hemebond You can pass type=public I think and get the public IP.
23:28 tobiasBora great! Thank you!
23:31 MajObviousman hmmm, I can't use the same matcher in two different included files they stomp on each other
23:43 dendazen joined #salt
23:48 Pyro_ joined #salt
23:51 swills joined #salt
23:52 cyteen joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary