Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2017-04-18

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:03 DEger joined #salt
00:04 edrocks joined #salt
00:10 toastedpenguin joined #salt
00:12 Pyro_ joined #salt
00:16 st8less joined #salt
00:18 woodtablet left #salt
00:33 leonkatz joined #salt
00:35 iggy that would be expected behavior I'd think...
00:40 londo joined #salt
01:22 DEger joined #salt
01:26 jas02 joined #salt
01:27 packeteer joined #salt
01:29 DEger_ joined #salt
01:33 Pyro_ joined #salt
01:48 ilbot3 joined #salt
01:48 Topic for #salt is now Welcome to #salt! <+> Latest Versions: 2016.3.6, 2016.11.3 <+> Support: https://www.saltstack.com/support/ <+> Logs: http://irclog.perlgeek.de/salt/ <+> Paste: https://gist.github.com/ (please don't multiline paste into channel) <+> See also: #salt-devel, #salt-offtopic <+> Ask with patience as we are volunteers and may not have immediate answers
02:06 squishypebble joined #salt
02:07 CeBe joined #salt
02:13 antpa joined #salt
02:26 vaelen joined #salt
02:28 qman joined #salt
02:28 relidy joined #salt
02:29 godlike joined #salt
02:29 godlike joined #salt
02:30 DEger joined #salt
02:30 swills joined #salt
02:31 evilrob joined #salt
02:35 DEger joined #salt
02:38 evle joined #salt
02:40 riftman joined #salt
02:43 felskrone joined #salt
02:58 antpa joined #salt
02:59 paant joined #salt
03:01 swills joined #salt
03:10 stooj joined #salt
03:13 mTeK joined #salt
03:13 cyteen joined #salt
03:18 stooj joined #salt
03:27 stooj joined #salt
03:33 zseguin joined #salt
03:44 sp0097 joined #salt
03:49 jas02 joined #salt
03:52 jdipierro joined #salt
04:07 XenophonF does anyone have examples of complex orchestration jobs that they could share?
04:12 antpa joined #salt
04:20 Praematura joined #salt
04:33 rdas joined #salt
04:50 antpa joined #salt
04:53 Cidan joined #salt
05:02 systeem joined #salt
05:04 DEger joined #salt
05:08 rem5 joined #salt
05:12 golodhrim|work|3 joined #salt
05:18 antpa joined #salt
05:18 antpa joined #salt
05:19 Bock joined #salt
05:23 DEger_ joined #salt
05:29 DEger joined #salt
05:31 antpa joined #salt
05:45 DEger_ joined #salt
05:48 stooj joined #salt
05:51 mavhq joined #salt
05:52 preludedrew joined #salt
05:58 candyman88 joined #salt
05:58 jas02 joined #salt
06:02 impi joined #salt
06:03 yuhl______ joined #salt
06:15 DEger joined #salt
06:15 stooj joined #salt
06:26 do3meli joined #salt
06:26 do3meli left #salt
06:30 sh123124213 joined #salt
06:32 stooj joined #salt
06:41 jas02 joined #salt
06:41 candyman88 joined #salt
07:10 DEger joined #salt
07:19 jhauser joined #salt
07:21 mavhq joined #salt
07:23 Ricardo1000 joined #salt
07:23 JohnnyRun joined #salt
07:24 o1e9 joined #salt
07:27 mbologna joined #salt
07:28 preludedrew joined #salt
07:30 nikdatrix joined #salt
07:32 darioleidi joined #salt
07:36 cyborg-one joined #salt
07:43 pbandark joined #salt
07:44 Rumbles joined #salt
07:50 Mogget Is states defined in base accessible from all other environments? Meaning, If I have a state in base, can I include it from another env?
07:53 it_dude joined #salt
07:54 jdipierro joined #salt
07:55 toanju joined #salt
07:59 Ricardo1000 joined #salt
08:01 mikecmpbll joined #salt
08:05 DEger joined #salt
08:06 s_kunk joined #salt
08:08 edrocks joined #salt
08:27 Rkp joined #salt
08:28 bdrung_work joined #salt
08:28 babilen Can salt-ssh be used to manage files in the user's $HOME ? The user can not be given full sudo access on the box.
08:35 antpa joined #salt
08:35 inad922 joined #salt
08:36 Mattch joined #salt
08:37 mikecmpbll joined #salt
08:44 antpa joined #salt
08:47 muxdaemon joined #salt
08:48 mikecmpbll joined #salt
08:51 babilen It can :)
08:59 zulgabis joined #salt
09:00 zulgabis i have a problem.
09:00 zulgabis hi all
09:00 zulgabis when first start this states, var public_key always empty string. how in state grains.present make 'cat ' + home + '/.ssh/id_rsa.pub' or something else? not to do execute this  states twice
09:00 zulgabis https://gist.github.com/anonymous/75dfc7e97f111fec5782749f8eb1df9b
09:09 rem5 joined #salt
09:14 nick123__ joined #salt
09:17 rofl____ joined #salt
09:18 ronnix joined #salt
09:20 DEger joined #salt
09:36 N-Mi joined #salt
09:36 N-Mi joined #salt
09:42 kiltzman joined #salt
09:43 kiltzman joined #salt
09:44 kiltzman joined #salt
09:47 kiltzman joined #salt
09:48 kiltzman joined #salt
09:49 kiltzman joined #salt
09:55 jas02 joined #salt
09:57 sh123124213 joined #salt
10:22 Ricardo1000 Руддщ
10:22 Ricardo1000 Hello
10:23 Ricardo1000 Does salt-master or minions has default jobs scheduling time to executing jobs ?
10:25 Joy joined #salt
10:26 Joy if i want to run a group of states first, then change the roster file, then run another group, is my only solution to have subdirectories?
10:26 Joy thing is, the last one of the states in the first group changes the SSH port
10:27 Joy right now my solution is to eschew the use of top.sls completely and just run the states in order in my external script
10:27 Joy but i'm trying to do it the salt way(tm)
10:30 Joy or change the roster file with something like a loopback salt-ssh connection to the master? cf. http://stackoverflow.com/a/33373037/4617744
10:46 mikecmpb_ joined #salt
10:46 geomacy joined #salt
10:49 DEger joined #salt
10:53 s0undt3ch joined #salt
11:00 ronnix joined #salt
11:04 ronnix joined #salt
11:10 rem5 joined #salt
11:18 amcorreia joined #salt
11:23 gmoro joined #salt
11:26 kiltzman joined #salt
11:27 Shirkdog_ joined #salt
11:29 pbandark i am facing some issue with jinja syntax. "failed: Jinja syntax error: expected token 'end of statement block', got '-'; line 1". but, I am not getting whats wrong in the file. can anyone help me to understand the mistake? https://paste.fedoraproject.org/paste/7OPQYzm4UYyFq0XxlZX5NV5M1UNdIGYhyRLivL9gydE=
11:31 seveg joined #salt
11:31 seveg hello, i'm a complete beginner and i wonder if someone could help me with users-formula
11:32 seveg I have a manage_bashrc set to True in user pillar but bashrc is not being copied
11:37 Pyro_ joined #salt
11:42 wavded joined #salt
11:43 Rumbles joined #salt
11:47 yuhl______ joined #salt
11:52 babilen seveg: Which states are you applying and how?
11:54 ronnix joined #salt
11:55 seveg babilen: this is my users.sls in pillar directory: https://gist.github.com/gabriel-sevecek/e289a3bc815fcfeaf078dd09cb096ab7
11:56 babilen Okay, thanks. Which states are you applying and how?
11:57 seveg i have a "- users" statement in states/top.sls
11:58 seveg applying it with: salt '*' state.apply
11:58 babilen If you want the formula to manage your bashrc you will have to include - users.bashrc AFAICT
11:58 babilen (likewise for users.profile)
11:59 pbandark babilen: can you help me with above query. I am stuck due to this issue
11:59 pbandark :(
11:59 seveg babilen: oh ok, i get it now
11:59 seveg babilen: thank you very much
11:59 babilen No problem, have fun! :)
11:59 babilen Take a look at users/init.sls to see which other SLS it includes
11:59 XenophonF pbandark: which line number?
12:00 pbandark XenophonF: https://paste.fedoraproject.org/paste/7OPQYzm4UYyFq0XxlZX5NV5M1UNdIGYhyRLivL9gydE=
12:00 XenophonF oh i se
12:00 XenophonF you misspelled "elastic-search_map"
12:01 DEger joined #salt
12:01 pbandark checking
12:01 babilen It's a typo?
12:01 XenophonF to be valid Jinja that should read `{% from "elastic-search/map.jinja" import elastic_search_map with context %}`
12:02 XenophonF note the `_` instead of `-`
12:02 XenophonF variable names in Jinja can't include dashes
12:02 babilen I'd make that s/elastic-search_map/elastic_search_map/
12:02 babilen So its not a typo as it is the same everywhere
12:02 XenophonF you'll need to change the variable name in map.jinja, too
12:03 XenophonF sorry i should characterize this as a syntax error
12:04 XenophonF anyone running Salt on Windows XP?
12:04 babilen heh
12:04 pbandark XenophonF: do you mean, I cant use "elastic-search_map"  as variable name as it contains "-" ?
12:04 babilen My condolences
12:04 XenophonF pbandark: correct
12:04 pbandark ok. let me check do "s/-/_"
12:04 XenophonF babilen: yeah, this sucks
12:05 babilen Didn't MS drop support for XP?
12:05 XenophonF unfortunately, i need to log into an old ILO and nothing modern works
12:05 babilen ouch
12:05 XenophonF XP is way past EOL
12:05 babilen Exactly
12:05 XenophonF i think Windows XP Embedded is still supported until next year
12:05 wavded joined #salt
12:06 babilen Well, not that I have *any* inclination to tinker with Windows, but sommebody might have an idea: What's the problem?
12:06 XenophonF might be a C runtime kind of problem
12:06 numkem joined #salt
12:08 pbandark thanks XenophonF babilen
12:08 pbandark i was not aware about it.  thanks again :)
12:10 edrocks joined #salt
12:13 XenophonF pbandark: you should skim the jinja template designer documentation
12:13 XenophonF same goes for the YAML specification
12:13 pbandark XenophonF: any good documentation i should refer ?
12:16 Hybrid joined #salt
12:17 nikdatrix joined #salt
12:21 JohnnRun joined #salt
12:25 oyvindmo joined #salt
12:25 babilen pbandark: http://jinja.pocoo.org/docs/dev/templates/
12:27 numkem joined #salt
12:28 rahav joined #salt
12:28 rahav have any one tried installing salt in dark sites or offsite sites that dont have access to internet
12:38 pbandark thanks babilen
12:44 edrocks joined #salt
12:48 netcho joined #salt
12:49 ronnix joined #salt
12:49 nkuttler rahav: why are you asking?
12:51 tkharju joined #salt
12:52 rahav im thinking of setting up salt minions in a environemnt where the vm's are unlikely to be hooked to internet
12:52 rahav in such a case i was wondering what options are available to install salt
12:53 rahav specifically the minion
12:53 toastedpenguin joined #salt
12:53 ssplatt joined #salt
12:53 toastedpenguin joined #salt
12:54 nkuttler rahav: which os do you run on the future minions?
12:55 rahav ubuntu,centos,rhel,sles,windows
12:58 _JZ_ joined #salt
12:59 domel joined #salt
13:07 PFault joined #salt
13:08 avalarion joined #salt
13:08 sysadmin75 joined #salt
13:08 domel is there a way for salt-run command to import pillar data from file during orchestration run rather than feeding the key value pairs inline?
13:11 rem5 joined #salt
13:12 Praematura joined #salt
13:15 XenophonF rahav: your options for deploying salt in air-gapped networks are the same as for installing any other software
13:15 XenophonF i.e., private content caches or software repositories
13:16 XenophonF e.g., Poudriere (FreeBSD), Spacewalk (RHEL/CentOS), and so forth
13:16 rem5 joined #salt
13:17 XenophonF If you're using salt-cloud, salt-bootstrap, or saltify in such an environment, there's probably a way to tell them to use non-standard locations for the salt-minion installer.
13:17 XenophonF s/installer/package/ sorry my Windows is showing
13:18 XenophonF while I don't operate air-gapped networks (am on the civilian side of .gov, thankfully), i do run networks in some pretty remote locations where we might as well be offline
13:18 XenophonF in those cases we rely heavily on local caches
13:19 XenophonF on Windows the story is simultaneously easier and harder
13:19 dyasny joined #salt
13:20 XenophonF I'd have to RTFS to be sure, but I think that salt-cloud only deploys the Windows installer to new VMs from a local copy.
13:20 XenophonF That might be provider-specific, though, so don't take my word for it.
13:21 Tanta joined #salt
13:21 XenophonF If you want to use winrepo packages in that scenario, you'll have to customize all of the download URLs to point at a local cache.
13:21 dariusjs joined #salt
13:21 XenophonF (which isn't really that different from setting up a private Poudriere or Spacewalk repo)
13:21 londo joined #salt
13:22 Xenophon1 joined #salt
13:24 XenophonF I don't know how to set up private Debian/Ubuntu or OpenSUSE/SLES repos, but I imagine it's pretty straightforward.
13:25 XenophonF rahav: does that answer your question?
13:25 ssplatt https://docs.saltstack.com/en/latest/ref/beacons/all/salt.beacons.twilio_txt_msg.html#module-salt.beacons.twilio_txt_msg  is this really just to send a txt every 10 seconds?
13:26 ssplatt is anyone actually using that? what’s your use case? I’m seriously curious.
13:27 XenophonF ssplatt: there are a lot of things in the docs that have pedagogical purposes as opposed to practical ones
13:28 ssplatt yeah i’m guessing that was just a demo that continues to live
13:28 XenophonF speaking of
13:28 XenophonF Does anyone have a practical Salt Orchestration example they'd be willing to share?
13:29 ssplatt i’ve been working on some orchestrations to mimic The Foreman and pxe boot config
13:29 XenophonF I'm trying to wrap my head around how I might use that to do something like deploy a SQL Server, install AD FS, and run AutoSPInstaller.
13:29 ssplatt so if you have a host in a db, and you set it to “install”, salt will take the info, place a pxe menu, place a preeseed file
13:29 XenophonF It's Windows so there are reboots, REBOOTS EVERYWHERE.
13:30 XenophonF wow that sounds neat, ssplatt
13:30 rubenb Hm. We're still having a problem with ext_pillars. When I do a 'salt \* pillar.get "pillar:key"', I get some (random) minions returning nothing. When running 'salt \* cmd.run "salt-call pillar.get that_value"', it always returns the correct value.
13:31 tapoxi joined #salt
13:31 domel this isnt mine repo but here is an example of linux orch state https://github.com/trebortech/hoolie/blob/master/demo/orch-linux.sls
13:31 XenophonF domel: thanks I'll look at it
13:31 domel i think he also has windows example with vmware
13:32 bdrung_work joined #salt
13:32 XenophonF I just saw those!
13:32 XenophonF I'm looking at the SQL Server Express one right now.
13:33 DEger joined #salt
13:35 squishypebble joined #salt
13:39 SaucyElf joined #salt
13:39 tapoxi joined #salt
13:43 XenophonF thanks again domel
13:43 racooper joined #salt
13:44 domel np
13:52 rubenb Anyone? It's kinda driving us crazy :P
13:53 mpanetta joined #salt
13:55 mpanetta joined #salt
13:57 brousch__ joined #salt
13:59 ssplatt XenophonF: https://gist.github.com/ssplatt/d0fdfe993237a6bb9b5972935cb8a58d
14:00 brd joined #salt
14:01 XenophonF ssplatt: thank you!
14:06 rahav XenophonF: thanks that answers my question. in the case of local caches or private repos we would need to bundle all the dependecies along with salt packages wouldnt i
14:06 rahav along with maintaing them over subsequent releases
14:09 domel anyone know if you can pass pillar data to a state from a json file at run time? as in salt '*' state.apply mystate pillar="pathtofile"
14:09 DEger joined #salt
14:10 filippos joined #salt
14:10 mikecmpbll joined #salt
14:10 DEger joined #salt
14:12 XenophonF rahav: yes
14:14 evle joined #salt
14:14 Pyro_ joined #salt
14:15 babilen joined #salt
14:16 ssplatt XenophonF: added some example curl statements.
14:19 rem5 joined #salt
14:20 jvelasquez joined #salt
14:22 mpanetta joined #salt
14:23 g0d355__ joined #salt
14:23 Alaniaris joined #salt
14:23 mpanetta joined #salt
14:27 jas02 joined #salt
14:33 jas02 joined #salt
14:34 mikecmpb_ joined #salt
14:36 jdipierro joined #salt
14:39 antpa joined #salt
14:51 speedlight joined #salt
14:54 mikecmpbll joined #salt
15:01 pbandark can i use grain/pillar information in any configuration file which I want to copy on salt client?
15:01 pbandark for ex. if I want to set "cluster.name" then, can I use "{{ salt[pillar.get](elastic_search:cluster_name) }}" in configuration file which I will copy to salt client? will salt replace the pillar data before copying it to client?
15:02 pbandark *which will be copied by salt master to salt client*
15:04 mschiff The docs for file.recurse say for dir_mode "The permissions mode to set on any directories created.". In fact, this also sets all permissions of dirs in a file that is being created... which is hmm.. not what I would expect or want...
15:06 DEger joined #salt
15:06 ronnix joined #salt
15:08 pbandark for me, the file is getting copied as it is to salt clients :(
15:12 antpa joined #salt
15:14 paant joined #salt
15:14 Praematura joined #salt
15:15 johnkeates joined #salt
15:16 PatrolDoom joined #salt
15:19 Cottser joined #salt
15:23 sarcasticadmin joined #salt
15:24 sp0097 joined #salt
15:25 aneeshusa joined #salt
15:26 peters-tx No SaltConf this year?
15:27 dezertol joined #salt
15:28 cmarzullo still waiting for the annoucement
15:31 _two_ joined #salt
15:32 peters-tx Last year it was around this time
15:32 keldwud joined #salt
15:32 keldwud joined #salt
15:33 peters-tx Well, the conference was around this time, not the announcement
15:34 greyeax joined #salt
15:42 antpa joined #salt
15:48 mschiff pbandark: which version? and you set dir_mode at all?
15:49 mschiff What is the way to clear a minionfs cache on the master?
15:52 pbandark mschiff: just realaised that I have not set "template: jinja" in state file for copy file.managed module. but, after setting that, I am getting some variable undefine error.
15:52 pbandark https://paste.fedoraproject.org/paste/4I6HOYinysQ6QFiesapXlF5M1UNdIGYhyRLivL9gydE=
16:04 beardedeagle joined #salt
16:10 domel what does your template look like
16:12 domel here is a sample formula for elasticsearch https://github.com/saltstack-formulas/elasticsearch-formula/tree/master/elasticsearch
16:25 nbuchanan joined #salt
16:29 scoates joined #salt
16:33 cro peters-tx: SaltConf will be the week of Oct 31 in SLC again.  We aren't ready to make an official announcement yet because we have a few more hoops to jump through for the venue.
16:33 leonkatz joined #salt
16:38 SaucyElf joined #salt
16:39 SaucyElf_ joined #salt
16:43 SaucyElf joined #salt
16:47 LeProvokateur joined #salt
16:47 heaje Is there a way to set the SELinux context of a file using file.managed?
16:47 edrocks joined #salt
16:53 SaucyElf joined #salt
16:54 jas02 joined #salt
16:55 DEger joined #salt
17:04 jas02 joined #salt
17:08 leonkatz joined #salt
17:10 DEger joined #salt
17:11 Praematura joined #salt
17:12 XenophonF heaje: no
17:12 heaje XenophonF: That's what I thought.  Thanks for confirming
17:12 XenophonF it'd be nice if one could set ntfs acls, too, but you can't
17:13 XenophonF instead you have to pair the file.managed state with the appropriate cmd.run state
17:16 XenophonF actually, what i'd really like is to be able to profile file.recurse with an mtree-like description of the desired ownerships/permissions/labels/etc. on the target minion
17:16 XenophonF s/profile/provide/
17:20 pbandark domel: my templates: https://paste.fedoraproject.org/paste/N11a2bMa~odZJbuppCqgcl5M1UNdIGYhyRLivL9gydE=
17:20 pbandark domel: i am referring https://github.com/salt-formulas/salt-formula-elasticsearch/tree/master/elasticsearch
17:24 Trauma joined #salt
17:24 domel i dont see the source file server_elastic.yaml
17:24 domel only elasticsearch.yml
17:26 norrit For a small salt master, I know it's not very resource intensive so I'm plannig on a small VM. 512 mb ram and 10 gig drive, sound appropriate? It'll be lvm so I can expand as needed.
17:28 pbandark # cat files/server_elastic.yaml
17:28 pbandark {% from elastic_search/map.jinja import elastic_server with context %}
17:28 pbandark cluster.name: {{ elastic_server.cluster_name }}
17:28 pbandark node.name: {{ elastic_server.host }}
17:28 pbandark domel: ^
17:33 hasues joined #salt
17:35 peters-tx cro: Ok thanks for the info!
17:35 pbandark domel: as you can see, I have not specified "map" as variable anywhere
17:35 iggy XenophonF: there's a ticket open about that
17:38 Shirkdog joined #salt
17:38 Shirkdog joined #salt
17:38 domel add quotes in yaml file over elastic_search/map.jinja
17:38 domel i got same error
17:38 domel now i get  Jinja variable 'dict object' has no attribute 'cluster_name'
17:39 pbandark checking
17:39 domel but i dint get that far to import the rest of your code
17:40 pbandark you meant, quotes to values in elastic_search/map.jinja ?
17:40 domel {% from elastic_search/map.jinja import elastic_server with context %}
17:43 domel in file elastic_search/files/server_elastic.yaml
17:46 pbandark domel: right. it fixed "map" issue. but now I am getting attribute error.
17:47 pbandark checking what mistake I have made. I hope the syntax is correct
17:47 domel as far as i can tell neither cluster name or host are defined anywhere
17:49 domel so add a key in your server_defaults cluster_name: "something"
17:50 domel and same for elastic_client host: "abc"
17:50 domel in your map file
17:50 whytewolf domel: that should come from his pillar.
17:51 domel if its there
17:51 whytewolf that is the only place it can be if it isn't in map.jinja. is in the merged pillar data
17:54 domel doesnt merge replace default values?
17:54 pbandark domel: https://paste.fedoraproject.org/paste/WbSwujcU33HmxHy9Bpae3V5M1UNdIGYhyRLivL9gydE=         with above information, I am assuming below values for "cluster.name" and "node.name":
17:54 pbandark "cluster.name: my-elastic-cluster"  <== from pillar
17:54 pbandark "node.name: <hostname_of the salt client> <== from salt client grains
17:54 pbandark Is my understanding wrong ?
17:55 whytewolf no, it will merge with them, as long as they are in the right area of conext
17:55 domel server_defaults: cluster_name: "my-elastic-cluster"
17:55 domel i never got that right
17:56 whytewolf for it to be correct in this context it would have to be elastic_search:server:cluster_name
17:57 golodhrim|work|3 joined #salt
17:57 domel yes what whytewolf said
18:00 pbandark whytewolf, domel: I was under impression:  "elastic_server = salt['grains.filter_by'](server_defaults, merge=salt['pillar.get']('elastic_search:server'))" <== this will assign salt_client grains and pillar data(elastic_search:server)  to "elastic_server".
18:01 whytewolf pbandark: you never shwed your pillar so have no idea what you have for your elastic_seach:server pillar data
18:03 whytewolf pbandark: and no, grains are NOT pulled into the merge.
18:04 pbandark ok
18:04 sh123124213 joined #salt
18:04 whytewolf it is called grains.filter_by because grains are used as a way of seleting which part of the defaults get filtered to
18:06 pbandark ok. let me try it to get better idea
18:08 dyasny joined #salt
18:08 pbandark ok whytewolf got it..
18:08 pbandark thanks whytewolf domel
18:09 dyasny joined #salt
18:13 DEger joined #salt
18:14 keltim joined #salt
18:19 wendall911 joined #salt
18:21 toastedpenguin joined #salt
18:21 jdipierro joined #salt
18:24 toastedpenguin deploying an AWS instance with salt-cloud, is it possible to assign tags to the block device mappings aka /dev/sda1 ? I know you can add tags to additional volumes can't find anything about the instances primary block device
18:24 Shirkdog joined #salt
18:24 Shirkdog joined #salt
18:34 sh123124213 joined #salt
18:36 cyborg-one joined #salt
19:01 amcorreia joined #salt
19:01 Artanicus joined #salt
19:06 pstatho joined #salt
19:07 pstatho hey all, I'm trying to install ClassicShell package (on Windows), but I'm getting an error and hoping I can get some help
19:08 pstatho other packages work fine, so it's something related to ClassicShell
19:08 pstatho I'm running the minion in debug mode and I see this:
19:09 pstatho [INFO    ] Malformed HTTP message from None: Error parsing response start line
19:14 Praematura joined #salt
19:19 rem5_ joined #salt
19:31 aldevar joined #salt
19:34 ereslibre joined #salt
19:35 ereslibre hi there! prolly stupid question: can I get a grain (e.g. 'fqdn') from a jinja template targeting a specific minion? (something like "salt minionA grains.get fqdn", but from the jinja template)
19:36 ereslibre it's trivial to get grains from the same machine, but I cannot find a proper way to target a specific minion in order to get its grain
19:36 Tanta ereslibre: { set fqdb = salt['grains.get']('fqdn') if 'this-host' in salt['grains.get']('id') %}
19:37 Tanta {% rather
19:37 Tanta that's a proper pythonic way to do it
19:37 cscf So I'm working on fixing my first bug, https://github.com/saltstack/salt/issues/38914 .  I notice that in states/file.py we have the "source_hash" argument, but in modules/file.py it's "source_sum" in code but "source_hash" in comments.
19:37 saltstackbot [#38914][OPEN] Uppercase checksums are not accepted by archive.extracted | Uppercase checksums are not accepted by archive.extracted...
19:37 cscf Should I change it all to source_hash or what?
19:38 ChubYann joined #salt
19:38 ereslibre Tanta: not sure if that's what I'm looking for. Given a list of minion_ids (they are hashes), I want on the template to get the fqdn of all of them matching a grain
19:39 ereslibre Tanta: so I have a loop like {% for minion_id in salt['mine.get']('roles:myrole', 'network.ip_addrs', expr_form='grain').items() -%}...
19:39 Tanta then you should have asked that
19:39 Tanta before the question changes 4 more times
19:39 Tanta lol
19:39 jas02 joined #salt
19:41 ereslibre so, is there a way on the template for salt['grains.get'] to target a specific minion? something like salt['grains.get']('fqdn', tgt='minion_id') ?
19:44 whytewolf salt.mine.get(minion_id,'fqdn') [when fqdn is a mine function setup on grains.get fqdn]
19:45 ereslibre I guess I will have to mine it, yeah
19:45 ereslibre whytewolf: thx :)
19:46 ereslibre thx Tanta too
19:46 Tanta np good luck ereslibre
19:47 Artanicus cscf, I've been poking around in modules/file.py myself and from what I've gathered, it's source_hash when referring to what was provided in the state and source_sum is the actual hash computed from the file. Or something along those lines. It's all very old code and hard to follow.
19:49 Mogget Is there any point in using more than 1 environment when working with pillars since pillars defined in any env. is accessible from any state environment.
19:49 Mogget That was a question, meaning it ended with a ?, not .
19:50 Artanicus cscf, very interested to hear what sense you can make of it. I'm working on shoehorning in GPG signature verification for managed files but first need to understand the general flow of the hash verification. (which is where I'm stuck at.)
19:50 andi- I'm trying to automate some certificate fingerprint collection. I exported a certificated with `tls.cert_info` with the mine but it seems like there is no way of knowing which certificate got exported? Any ideas?
19:51 candyman88 joined #salt
19:52 scoates joined #salt
19:57 nikdatrix joined #salt
19:58 cscf Artanicus, but source_hash doesn't seem to be passed to modules/file.py manage_file that I can see?  It looks like states/file.managed passes source_hash as an argument, which is named source_sum when received by manage_file.  But I'm not sure
19:59 Artanicus cscf, https://github.com/saltstack/salt/blob/develop/salt/modules/file.py#L3781 .. that's where I got my impression. not sure if I'm reading it right though.
20:03 domel can anyone help me with https://gist.github.com/anonymous/d1e57fc641023f148e539c42b32d6d32 trying to figure out why i keep getting error in gist file?
20:04 Pyro_ joined #salt
20:05 woodtablet joined #salt
20:05 londo joined #salt
20:06 Artanicus domel, looks like you're feeding in the users as a string instead of as a list, so then it gets forced into a list by splitting the individual letters
20:07 jas02 joined #salt
20:10 whytewolf domel: isn't extend meant for lists... shouldn't that be .update
20:11 whytewolf oh nevermind sudo_users is a list
20:13 whytewolf but yes Artanicus is correct. you have a none item being passed in as a string.
20:13 rubenb Hi, does anyone know how to troubleshoot ext_pillar issues?
20:14 jas02 joined #salt
20:14 domel does this mean that variable get sets to none somewhere?
20:15 Edgan rubenb: I would turn up the debug level on the master, watch the long, and do things like salt 'hostname' pillar.items
20:16 rubenb Edgan: That would be upping the debug level in the master config?
20:16 Edgan rubenb: yes
20:16 rubenb Not just ' salt \* pillar.item [pillar] -l garbage'
20:17 Edgan rubenb: I don't think the view from the salt command is going to give you the same output as the master.
20:17 PatrolDoom joined #salt
20:17 Edgan rubenb: I like -l trace
20:18 whytewolf domel: kind of None is kind of a Null like value.
20:19 domel ok got it thx
20:24 rubenb Edgan: I can't see anything going wrong... However, I 'randomly' get no value from an ext_pillar while calling it via salt $hostname pillar.item $item. When using 'salt $hostname cmd.run pillar.item $item'
20:24 Edgan rubenb: what type of external pillar is it?
20:25 Edgan rubenb: it doesn't seem hard for an external pillar, being outside code to intermittently decide to tell Salt there is no data.
20:27 mikecmpbll joined #salt
20:27 sysadmin75 Is there a way to find out why ssh_auth module keeps updating a users key, even though the key exists in authorized_keys?
20:28 rubenb Edgan: I think I might find it if I can understand why it would work when using salt-call and not when using salt (from the master)...
20:28 amcorreia joined #salt
20:29 Edgan rubenb: I can't help you more without knowing what form of external pillar it is.
20:31 rubenb Edgan: It's a python script in /modules/pillar. (Using a local.cmd(host_name, 'cmd.run', some_cmd))
20:33 jas02 joined #salt
20:33 Edgan rubenb: you sure some command always returns results? Another thought is maybe it is a race condition.
20:35 it_dude joined #salt
20:35 rubenb Edgan: When I run it with 'salt dch\* cmd.run "salt-call pillar.item silos:running"', it always returns the correct value.
20:35 cyteen joined #salt
20:41 whytewolf sysadmin75: salt-call -l debug statea.apply <state that uses ssh_auth>
20:41 whytewolf state.apply sorry typo in that
20:44 jas02 joined #salt
20:45 Pyro_ joined #salt
20:47 Edgan rubenb: I would try a external pillar, something like local.cmd(host_name, 'cmd.run', 'cat /proc/version'), and see if that works consistently
20:47 Edgan rubenb: Also the way you are using this seems like what you really want is a grain and the salt mine.
20:48 Edgan rubenb: You are doing this a very convoluted way.
20:49 Edgan rubenb: Grains can be customer grains written in python, and put in _grains.
20:50 Edgan I mean custom
20:50 SaucyElf joined #salt
20:50 rubenb Edgan: host_name = "mgt001" + domain_suffix
20:50 rubenb And the output can differ from time to time. I thought grains are not synced all the time.
20:51 rubenb However, I think rewriting the pillar/grain could be an option.
20:52 Splix76 joined #salt
20:53 rubenb I just can't explain the difference between a salt-call and salt $hostname-command.
20:55 Splix76 Does anyone have suggestions on how to get a date string of YYMMDD in a state.sls file? I have found some documentation on it however timelib is not seen by the salt python environment which results in an error asking me to install timelib, which is installed. Hoping for an alternate method for getting that date string inside state.sls file to enter into text file.
20:55 rubenb Or why it works on host_x and not on host_y, (which are practically the same, except for the output of the ext_pillar)
20:56 Edgan rubenb: grains are per run of salt, salt mine has the minion report grains back to the master every X amount of time
20:56 jas02 joined #salt
20:56 Tanta Splix: I can show you how
20:56 Tanta one second
20:56 Splix76 Thanks Tanta , appreciate the help.
20:56 Edgan rubenb: https://docs.saltstack.com/en/latest/topics/mine/
20:57 Splix76 I did just run 'salt --versions-report and it shows "timelib: Not Installed"
20:57 DammitJim joined #salt
20:57 DammitJim any suggestions on how to troubleshoot a top.sls ?
20:57 Splix76 I have installed it via pip as the Amazon linux yum installation of it is not working right now, requires importlib with conflicts with python(abi)=2.7
20:57 Tanta {% set varname = salt['cmd.run']('date +%F') %}
20:58 Tanta Splix76
20:58 Tanta you can sub in whatever date format you want
20:58 Tanta man date
20:58 Splix76 Great, testing that now.
20:58 whytewolf DammitJim: state.show_top
20:58 Edgan Splix76: A workaround would probably be to use virtualenv to install salt
20:58 Splix76 Format is '%Y%M%D' for this files requirements.
20:58 Splix76 testing, thanks again.
20:58 Tanta cool, you know what you're doing
20:59 DammitJim Comment: No Top file or external nodes data matches found.
20:59 DammitJim is what I am getting :(
21:00 Pyro_ joined #salt
21:00 Edgan DammitJim: git repos or gitfs?
21:01 DammitJim I use git, why?
21:01 DammitJim didi I break something?
21:01 Edgan DammitJim: git repos and gitfs are not the same. Do you use gitfs?
21:01 Pyro_ joined #salt
21:01 DammitJim no
21:01 whytewolf so, either your top file doesn't exist where it should be [happens all the time when dealing with enviroments] or your top file doesn't have information for that minion.
21:01 Edgan DammitJim: So the git repos are git cloned into a certain directly and you told the salt master that directory in /etc/salt/master?
21:02 rem5 joined #salt
21:02 DammitJim Edgan, what tells you that?
21:02 DammitJim whytewolf, thanks... I can confirm I have a top.sls on /srv/salt/
21:02 Splix76 Tanta, I know what I am doing in many areas, still learning many others. Jinja templating is my current focus. I am close but missing a few connecting items to start just flowing with them.
21:02 Edgan DammitJim: not sure what you mean, you answered a question with a question
21:02 Tanta yeah the bash output to var is tricky
21:03 Tanta I use it in a few places where I have to
21:03 londo joined #salt
21:03 DammitJim and it's defined in /etc/salt/master under: file_roots:
21:03 Tanta it only resolves that once at runtime, though, during state assembly
21:03 DammitJim why did you ask me about git?
21:03 Tanta so be careful and don't mistake that for 'dynamic values'
21:03 druonysus joined #salt
21:03 Edgan DammitJim: ok, Do you have a section in your top.sls like '*': to match everything for some states?
21:03 rubenb Edgan: Thanks :-)
21:04 whytewolf DammitJim: because with git if you have multiple branches those each effect the top file
21:04 whytewolf [when using gitfs]
21:04 Edgan DammitJim: Because if using gitfs you can run into weird corner cases where it merges the top.sls across git branches and you get unexpected results
21:04 rubenb Not all the things in the ext_pillar can be done with the  mine_functions, I think.
21:05 DammitJim oh wow
21:05 DammitJim I do use git, but only to check in my changes
21:05 Splix76 Edgan, I considered that, I even considered using the venv only when manually calling this state up however consistency across environments is desired so I am still seeking a way to do it outside of venv and pip installations for salt master.
21:05 DammitJim oh man, I don't think I have multiple branches in git
21:06 Edgan Splix76: I use debs/rpms for all salt installs. I think pip installing is the devil outside of virtualenv or a test VM.
21:06 whytewolf DammitJim: you arn't using gitfs so branches in git don't matter
21:06 DammitJim ok, good
21:06 DammitJim so, I have basically borked my top.sls
21:06 DammitJim and that's why it can't find my minion I'm targeting
21:06 whytewolf most likely.
21:06 Edgan DammitJim: Salt only cares what branch you are on right now, on disk, if not using gitfs.
21:07 leonkatz joined #salt
21:07 DammitJim ok, so not git related
21:07 DammitJim I'm slashing my top.sls
21:07 Splix76 Tanta, Thank you, I was able to get it working with that command example. Also discovered an error in time format, %Y%M%d vs upper D on end.
21:07 DammitJim and re-creating it
21:07 Splix76 I can now create the text file entry I was after.
21:08 DammitJim dammit... I bet someone added an unclosed bracket or indentations are messed up
21:08 Edgan DammitJim: yeah, it is yaml, and one space off will screw you up
21:08 whytewolf ... or they used tabs instead of spaces :P
21:08 Tanta hehe Splix76 I come from the twisted mind of years of bash programming, I do weird things with Salt
21:08 Edgan DammitJim: Do you use a git server other than github or bitbucket?
21:08 DammitJim I have a local git server
21:09 DammitJim I compared my changes with the last check in
21:09 DammitJim but I don't see anything obvious
21:09 Edgan DammitJim: You can use a pre-push hook to do syntax validation on salt code. :)
21:09 DammitJim what?
21:09 DammitJim oh man, so many really weird things I'm seeing after enabling debug on master...
21:09 Edgan DammitJim: You can stop people from pushing broken code into the git server by running validation code before acceptance by the git server, using a pre-push hook.
21:10 DammitJim Passing on saltutil error. This may be an error in saltclient. 'retcode'
21:10 Tanta or lock the damn branch and force them to submit formal pull requests
21:10 Tanta that's what I do with master Edgan
21:10 Splix76 Tanta, here is what the finished code/template looked like.
21:10 Splix76 https://hastebin.com/wadimocaco.md
21:10 Tanta developers are way too stupid to be trusted with that
21:11 Splix76 Thanks again for the help, this works great and does not rely on timelib which Amazon Linux package manager has issues with currently.
21:11 Edgan Tanta: yeah, that works too, and we do that for production salt code. We can't use a pre-push hook, because we are in github.com.
21:11 Splix76 Wish I was on pure blooded CentOS, but that's not my current environment. :D
21:11 Tanta oh I meant the application code
21:11 Tanta I am a deployment guy too
21:11 Tanta i just rule with an iron fist
21:12 Tanta only 3 people touch the salt code at my company, me my boss and the CTO
21:12 DammitJim is pre-push something I can run as a module?
21:12 Tanta and occasionally a few trusted devs
21:12 Edgan Tanta: yeah, I write the code for deployments, and I have an iron fist too. I try to not do the deployments myself. If I have done my job right, it is almost push button easy.
21:12 whytewolf Splix76: personally i ditch most python packages and use pip
21:12 Splix76 whytewolf, for your entire salt master environment?
21:12 whytewolf no for the extras that i add after the fact
21:12 Edgan DammitJim: You add it to your git repo/server
21:13 DammitJim oh, gotcha
21:13 whytewolf such as pygit2 [i do use gitfs], and timelib
21:13 DammitJim I"m just going through adding half of the top.sls to a new top.sls
21:13 DammitJim and see where it breaks
21:13 Splix76 In this case, 'pip install timelib' worked just fine, salt did not see it or register it was intalled.
21:13 Tanta for prod deployments, bastion host with scripts that enforce key login via SSH with agent forwarding to do the deployments
21:13 Splix76 there was an environment disconnect somewhere.
21:13 Edgan whytewolf: I use fpm to make packages. I like being able to easily uninstall them cleanly, and have them tracking with the rest of the software.
21:13 Tanta anyone in the trusted pool can do it efficiently
21:13 DammitJim thanks guys
21:13 DammitJim I have to run
21:14 Splix76 Has me considering a virtualenv salt master install, however the configuration liabilities of that may be difficult to manage.
21:14 Edgan Tanta: I deploy via jenkins and salt-ssh
21:14 Tanta yeah I'm not that advanced yet
21:14 Tanta I run masterless so it's challenging
21:14 whytewolf Edgan: understandable. to each their own.
21:15 Tanta I had to write a lot of custom tooling that feeds from AWS inputs and APIs rather than a salt master
21:15 Edgan Tanta: I skip master mode, because the jenkins slave pulls in the debs of our software via Artifactory, and I don't want to have to add the apt/yum repos to the instances, because then apt-get dist-upgrade or yum update can screw me on our code.
21:15 Splix76 I took over an environment with 100+ servers across 8+ host providers, mixture of physical and virtual from Linode to Rackspace. Without saltstack managing these systems across 8 different VPN or access methods would be a nightmare. Salt is amazing and keeps me from hopping from VPN to VPN all day as we migrate them to AWS.
21:15 Splix76 Great job saltstack devs, amazing tool.
21:15 Praematura joined #salt
21:16 Tanta ah slightly different
21:16 Tanta I am using scripted web apps, so it's autoscaled groups behind ELB -> list of hosts -> parallel remote ssh -> run local deploy script
21:16 Tanta rather stupid
21:17 Edgan parallel remote ssh sounds like poor man's salt-ssh
21:17 Tanta gnu parallel is solid
21:17 Edgan Tanta: yes, but not as powerful as salt
21:17 Tanta no
21:17 Tanta haha
21:17 Tanta you want a new job?
21:17 Tanta lol
21:18 Edgan Tanta: The main catch with salt-ssh is it doesn't yet use return codes correctly.
21:18 pcn Does anyone know how, outside of the saltmaster, to ask what the location is of a coud profile?
21:18 djgerm Where's the job board? I'm on the prowl for a new gig.
21:18 whytewolf not a lot of salt uses return codes correctly
21:18 andrew_salty joined #salt
21:21 PatrolDoom joined #salt
21:22 pcn If use salt.cloud.CloudClient('/etc/salt/master') I'm not sure how to find out what profile attributes I can get in my runners that way
21:22 Edgan whytewolf: yeah, there is a mega pull request to fix that
21:23 Edgan whytewolf: sadly it is currently unmergable
21:25 pcn djgerm I don't know if there's a job board here.  Maybe use hangops?
21:25 djgerm pcn: I realized immediately that it was a response to Tanta's joke, and I didn't tag. Sorry for the noise ^_^
21:26 whytewolf someone should build a salt job board :P
21:26 Tanta hehe np djgerm
21:27 djgerm It is a funny conversation I have every time I am interviewing new engineers: "Ever heard of Salt Stack? Know how to use it at all?" and they quickly realizing that putting salt on their resume actually meant someone would ASK about it.
21:27 djgerm A salty job board would be great!
21:27 whytewolf i wonder if when they put salt on their resume they thought it was the spice
21:28 whytewolf and they were like. well yeah i like salt on my fries
21:40 jas02 joined #salt
21:41 pcn Ah... the salt.config.cloud_config has most/all of the same keys as client_config with a few extras buried in there
21:48 cscf whytewolf, do I need to make a branch for a single 4-line commit bugfix?  https://docs.saltstack.com/en/latest/topics/development/contributing.html says to.
21:49 whytewolf cscf: it is pretty much always advisable to create seperate branches for each PR that you will be creating
21:49 aldevar left #salt
21:52 cscf whytewolf, and if it's an old bug, I should branch from 2015.8, as the oldest stable?
21:53 whytewolf oldest stable.
21:53 whytewolf https://docs.saltstack.com/en/latest/topics/development/contributing.html#which-salt-branch
21:53 cscf whytewolf, which is 2015.8, correct? https://github.com/saltstack/salt/branches
21:53 whytewolf as it says there
21:53 whytewolf 2016.3
21:54 cscf oh ok
21:54 whytewolf Latest Versions: 2016.3.6, 2016.11.3
21:56 whytewolf also for the record, i don't work for salt. :P these questions should be directed more towards someone in salt
21:56 whytewolf i just know the answers cause well i have heard them asked enough times
21:56 cscf whytewolf, sorry, I keep thinking you are a dev
21:57 whytewolf nope. just a avg joe with a bunch of computers
21:58 nikdatrix joined #salt
21:58 cscf Hmm.  So when I run my test case against 2016.3, it has a different error, source_hash format has changed.
21:59 cscf Got it
22:02 jdipierro joined #salt
22:08 ahrs joined #salt
22:15 DEger joined #salt
22:25 woodtablet whytewolf: (i just glanced in on this) oh wow, i thought you worked for salt too. thanks for listening to me and helping me out too in the past
22:25 whytewolf woodtablet: no problem :)
22:25 Pyro_ joined #salt
22:32 whytewolf gtmanfred, cachedout, and Ch3ll. those are employees of Salt. and the real heroes
22:33 whytewolf oh and UtahDaveif who also stops in now and then
22:34 N-Mi joined #salt
22:34 N-Mi joined #salt
22:35 Tanta what about iggy
22:35 Tanta or is he gone
22:35 whytewolf iggy isn't employed by salt last i knew
22:35 Tanta havent seen him for a while
22:35 Tanta oh
22:35 Tanta well there you go
22:36 jauz joined #salt
22:36 whytewolf i see him in here late at night sometimes.
22:39 whytewolf wish more of the devs stopped by in here like the old days. but most just don't have the time anymore.
22:39 Pyro_ joined #salt
22:41 jas02 joined #salt
22:42 jauz I may be going about this all wrong, but currently my issue is that Salt is telling me "user.add" was not found in my SLS create_users/init.sls Reason: 'user.add' is not available.
22:42 jauz https://gist.github.com/jonasbach/b3b7e2aebd8c18f919bbb0437e83bc13
22:42 jauz Wrong usage? =/
22:43 whytewolf jauz: user.add is a exacution module. you want user.present which is the state module. https://docs.saltstack.com/en/latest/ref/states/all/salt.states.user.html#salt.states.user.present
22:43 whytewolf it combines user.add user.update and user.chgroups into one
22:44 whytewolf in a stateful manner
22:44 jauz I see. I got myself confused. :)
22:44 jauz Thank you.
22:45 whytewolf no problem :) happy salting
22:45 ereslibre joined #salt
22:51 gtmanfred whytewolf: i accept praise in beer
22:51 gtmanfred also fun fact, in utah you cannot get beer with a higher ABV than 4% in grocery stores, but I just bought a bottle of Mirin (japanese sweet seasoning) that is 9.7%
22:55 whytewolf hehe if i can get the time to get up there for saltconf. I will buy you a round. or bring one with me.
22:57 WesleyTech joined #salt
23:01 gtmanfred :D
23:03 Splix76 Thanks again for the help today Tanta , my salt state is humming right along now and all other hurdles have been easily cleared.
23:05 Splix76 Utah liquor laws need a revamp. I import all my beer from Colorado, it tastes better when not watered down to dilute %alc content.
23:05 coval3nce joined #salt
23:06 coval3nce Hi all.  Anyone know if Salt has a plugin system feasible enough to implement 2FA auth for any actions taken against a list of minions?
23:06 whytewolf Utah liqour laws are one of the reasons i have turned down a couple of positions in utah. they wanted me onsite.
23:07 coval3nce whytewolf: ^^^ haha!
23:09 whytewolf coval3nce: not sure if the eauth system is that plugable.
23:10 DEger joined #salt
23:10 coval3nce Yeah…makes it tough to have split master/minions between trust boundaries.
23:14 coval3nce whytewolf yeah code appears to only have user/password as arugments to the auth function, no ability to add mulitple factors
23:15 whytewolf yeah
23:15 coval3nce Darn…wants me some more factors ;)
23:17 Praematura joined #salt
23:26 s_kunk joined #salt
23:36 iggy I've been busy
23:37 iggy coval3nce: I think there's a pam eauth driver... but I think that would only check the 2fa on initial login
23:40 coval3nce iggy: the call to authenticate would always just provider user/pass though right?
23:41 gtmanfred yeah, but it would run through pam.d
23:41 gtmanfred which would trigger the 2fa auth
23:41 coval3nce i guess whatever the plugin calls can prompt for stdin or somethin gtoo
23:43 coval3nce oh sweet there is a pam otp module…could be some interesting options here
23:44 gtmanfred i was playing with using my yubikey to authenticate for the salt master for a minute
23:44 coval3nce Nice…yeah if i could minion glob match and enforce some kind of 2fa for certain minions, that would be rad
23:45 coval3nce Do it in some way that would allow syndics to also work like that cross boundary
23:45 jas02 joined #salt
23:45 gtmanfred there are things to specify which minions certain eauths can hit,you would need two logins, one that did 2fa and one that didn't, but everything would have to be behind eauth
23:57 iggy not sure what your exact use case is, but could you write a tool like pepper that had that built in and require everyone to use that?
23:58 coval3nce thats the gui component around the salt api right?
23:59 nikdatrix joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary