Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2017-04-19

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:01 coval3nce oh yeah, the cli thing...true
00:02 iggy yeah, it's the cli tool that talks to the api
00:02 iggy but then people could just swap in pepper and circumvent
00:02 coval3nce yeha
00:02 iggy like I said, it depends on your needs
00:03 coval3nce I am thinking high level PCI/Webtrust/Hippa type environments
00:03 coval3nce Usually what i’ve seen is masters in each trust zone…instead of central master setup
00:03 pcn How would pepper work if you've setup eauth to use a pam user that requires 2fa?
00:04 coval3nce Be nice to layer the factors and rbac required on the master for a simpler use case.
00:04 DEger joined #salt
00:04 coval3nce Yeah, don’t think the prompt would trickle back via the api to pepper
00:04 iggy not really saying to use pam+otp+api+pepper... any eauth would do
00:06 coval3nce Any of yall seen this? https://github.com/gravitational/teleport
00:06 iggy you could maybe do that kind of like the webhook demo... where you check the 2fa in the reactor
00:08 iggy looks nice
00:09 khodgson joined #salt
00:10 pcn Huh, can it negotiate kerberos?
00:14 coval3nce Talking pepper there pcn?
00:15 woodtablet left #salt
00:21 pcn I was talking out loud about teleport
00:23 pcn I haven't tried to see if pepper can be set up to do that.
00:23 hemebond joined #salt
00:23 coval3nce Oh yeah…barely read throuhg the intro doc…didn’t see a kerberos option in it
00:25 pcn pepper would probably need some special work to do krb5.  Requests can do negotiate it seems, so that's half the battle.
00:26 antpa joined #salt
00:36 pcn There's probably some way to do the cherrypy part
00:42 antpa joined #salt
00:52 watersoul joined #salt
00:54 demize joined #salt
00:57 the_lalelu joined #salt
00:57 PatrolDoom joined #salt
00:57 gtmanfred joined #salt
00:58 tru_tru joined #salt
00:58 khodgson joined #salt
00:59 beardo joined #salt
01:03 jas02 joined #salt
01:37 Guest34877 joined #salt
01:41 _JZ_ joined #salt
01:46 nick123 joined #salt
01:58 cyborg-one joined #salt
02:00 nikdatrix joined #salt
02:06 Derailed left #salt
02:08 Derailed joined #salt
02:10 Derailed left #salt
02:19 Praematura joined #salt
02:20 jas02 joined #salt
02:24 mpanetta joined #salt
02:32 MTecknology hm.. Is it possible to have a state change only if another state will be executing later?
02:33 hemebond How would that work?
02:33 MTecknology I think stopping a service before running a command is the best way to describe that question...
02:34 MTecknology !dependencies
02:34 hemebond You could use the same test that the later state uses.
02:34 MTecknology not so much in this case, but I can make another test easily enough
02:35 evle joined #salt
02:35 * MTecknology grumbles
02:35 whytewolf isn't that what prereq is for?
02:35 hemebond You're asking Salt to have psychic powers :-D
02:36 jdipierro joined #salt
02:36 MTecknology yup.. prereq is exactly what I need!
02:37 hemebond omg Salt has psychic powers
02:37 MTecknology ;)
02:38 whytewolf well dean and sam use it for warding off ghosts also :P
02:39 MTecknology .. I believe you
02:39 MTecknology (oh.. and I got the reference)
02:39 MTecknology very delayed, but I got it!
02:39 whytewolf hehe
02:47 stooj joined #salt
02:51 smcquay joined #salt
02:56 MTecknology I'm about to retire a *VERY* old hostname.
03:00 MTecknology My VM host at home has always been parens, based on some latin word dictionary. The new VM host (went from 16 GB RAM, 8 x 3.20 GHz --> 32 GB RAM 2 x ( 16 x 2.60 GHz) took on the name prox1 and now I'm going to re-deploy that old system with the decade-old hostname as prox2.
03:00 MTecknology It's also the last server with a "special" name because a VM host is no longer special... it's deployed by salt.
03:00 XenophonF :)
03:02 stooj joined #salt
03:03 MTecknology pxe boot, select installer, wait for setup to load, stick in static IP info, configure disk layout (not automated because of manual encryption stuff), accept key on master, whenever the highstate (that bit kicks off automatically) completes, you can manually join it to the cluster.
03:03 MTecknology currently a cluster of one, soon to be a cluster of two, and not doing HA unless I have three.
03:14 irated joined #salt
03:14 irated joined #salt
03:15 zerocoolback joined #salt
03:17 XenophonF that reminds me - I need to write a formula for Mandos
03:19 CeBe joined #salt
03:52 jas02 joined #salt
04:01 _JZ_ joined #salt
04:01 nikdatrix joined #salt
04:13 Praematura joined #salt
04:13 MTecknology k.. time to go say my last goodbye
04:13 MTecknology good music suggestion?
04:37 DEger joined #salt
04:38 DEger joined #salt
04:41 MTecknology dangit....
04:41 MTecknology I was using -prereq and was confused why everything was executing in reverse. Let's see how it goes with -prereq_in  :P
04:41 hemebond lol
04:47 MTecknology grr...
04:47 MTecknology I still have two running in the wrong order.
04:48 MTecknology I thought about just swapping the command in each, but I kinda doubt that'll work long-term...
04:50 MTecknology I.... have it in a loop
04:51 MTecknology that was awesome!
04:51 MTecknology It had a loop of four states it kept cycling through
04:52 whytewolf interesting. how did it handle it?
04:53 MTecknology it just kept running them in an infinite loop until I got bored(ish) and killed it
04:55 mpanetta_ joined #salt
05:02 MTecknology this one is kinda cool....
05:03 MTecknology RuntimeError: maximum recursion depth exceeded
05:05 DEger_ joined #salt
05:06 ekristen joined #salt
05:09 N-Mi__ joined #salt
05:10 jas02 joined #salt
05:13 Praematura joined #salt
05:13 DEger joined #salt
05:15 tobiasBora joined #salt
05:19 sh123124213 joined #salt
05:19 preludedrew joined #salt
05:19 * MTecknology is getting cranky, this no longer makes sens.
05:26 hemebond Psychic powers are a myyyyysteryyyyy
05:28 impi joined #salt
05:30 golodhrim|work|3 joined #salt
05:32 rdas joined #salt
05:35 felskrone joined #salt
05:39 yuhl______ joined #salt
05:48 jas02 joined #salt
05:50 MTecknology this prereq always executes despite the thing specified not making any changes at all
05:54 jas02 joined #salt
06:01 _KaszpiR_ joined #salt
06:02 nikdatrix joined #salt
06:07 Gabemo joined #salt
06:08 aldevar joined #salt
06:10 candyman88 joined #salt
06:13 candyman89 joined #salt
06:17 candyman88 joined #salt
06:17 do3meli joined #salt
06:18 do3meli left #salt
06:21 jas02_ joined #salt
06:23 candyman88 joined #salt
06:30 jas02 joined #salt
06:42 _KaszpiR_ joined #salt
06:57 Ricardo1000 joined #salt
07:02 toanju joined #salt
07:10 seveg joined #salt
07:20 xet7 joined #salt
07:20 yuhl______ hi, I was thinking to do in the top.sls pillar something like "    - id.{{ salt['grains.get']('id') }}".
07:20 yuhl______ Is it a good practice ?
07:21 hemebond It's good if it works for you.
07:23 yuhl______ ok.. but the short pitfall that I got is that I must have a <pillar>/id/<id>.sls defined.
07:24 cyborg-one joined #salt
07:26 hemebond Yes. Can't reference a file that isn't there. Though there might be a setting for that.
07:26 hemebond ignore missing or something.
07:27 sh123124213 joined #salt
07:27 yuhl______ hemebond: Can't we in jinja test the presence of a file.
07:28 hemebond uh... Not that I know of.
07:28 yuhl______ mmh
07:28 dariusjs joined #salt
07:29 yuhl______ The question that I can found an answer is: how do you do with salt, to specify some parameters that are only specific to this host.
07:29 sh123124213 joined #salt
07:29 hemebond Just add an entry for the host in top.sls
07:29 hemebond Pointing to a file for that host.
07:31 hemebond FYI, there is "ignore_missing" for pillars.
07:32 hemebond For some reason it doesn't appear to be documented.
07:33 hemebond https://github.com/saltstack/salt/issues/39187
07:33 saltstackbot [#39187][OPEN] Add documentation for the 'ignore_missing' option in pillars | Description of Issue/Question...
07:37 JohnnyRun joined #salt
07:44 it_dude joined #salt
07:44 geomacy joined #salt
07:44 Rumbles joined #salt
07:44 mikecmpbll joined #salt
07:46 impi joined #salt
07:48 dariusjs joined #salt
07:48 nikdatrix joined #salt
07:56 mikecmpbll joined #salt
07:58 babilen joined #salt
08:02 pbandark joined #salt
08:08 Hybrid joined #salt
08:10 dariusjs joined #salt
08:16 MTecknology The worst part about using salt to deploy a VM host seems to be that the packages that need to be downloaded are never in cache.
08:24 zulutango joined #salt
08:25 armyriad joined #salt
08:29 candyman88 joined #salt
08:30 londo joined #salt
08:32 Rumbles joined #salt
08:34 Mattch joined #salt
08:37 zerocoolback joined #salt
08:38 tru_tru joined #salt
08:38 s_kunk joined #salt
08:45 saffe joined #salt
08:54 N-Mi__ joined #salt
08:56 rahav joined #salt
08:56 rahav have any of you setup rsync with repo.saltstack.com
08:56 rahav rsync command seems to timeout though i can ping the host
08:56 rahav rsync rsync://repo.saltstack.com
08:57 rahav rsync error: error in socket IO (code 10) at clientserver.c(122) [Receiver=3.0.9]
09:01 o1e9 joined #salt
09:02 pbandark1 joined #salt
09:03 sh123124213 joined #salt
09:09 lasseknudsen joined #salt
09:09 toanju joined #salt
09:22 dnull joined #salt
09:26 _0xm68 left #salt
09:27 zerocoolback joined #salt
09:27 zerocoolback joined #salt
09:36 Praematura_ joined #salt
09:39 pbandark Hi.. I am trying to add new grain value with below code.
09:39 pbandark assign_role:
09:39 pbandark file:
09:39 pbandark - managed
09:39 pbandark - name: /etc/salt/grains
09:39 pbandark {% if grains['host'] == '*master*' %}
09:39 pbandark - contents:
09:39 pbandark - "role:salt_master"
09:39 pbandark {% endif %}
09:40 pbandark is there any issue with above code ^^? is it wrong ?
09:40 pbandark beacuse, " /etc/salt/grains" on salt client is not getting updated with the content("role:salt_master)
09:44 babilen There are multiple issues with that snippet
09:44 babilen I'd also kindly ask you to use a pastebin such as http://paste.debian.net, https://gist.github.com, http://sprunge.us, … in the future as it makes it easier to reference lines or introduce changes
09:44 pbandark oops
09:44 pbandark sure babilen
09:45 babilen 1. You want to use "file.managed" in lieu of "file: - managed" these days as the former is considered to be "older style"
09:46 babilen 2. Unless your hostname literally is *master* your conditional will evaluate to false
09:46 babilen (you can't use globs in string comparisons nor does jinja make it particularly easy to use globs)
09:46 pbandark ack for 1.
09:47 pbandark for 2: the hostname is : "elastic-master-1"
09:47 babilen Yeah, that is not the same as *master*
09:47 pbandark ok
09:47 babilen 3. You typically want your "role" datastructure to be a list rather than a single key-value pair as that allows you to assign multiple roles to the same box
09:48 pbandark ok
09:49 babilen 4. I wouldn't recommend to use grains for roles as they are insecure (minions can pretend to have any roles) and tricky to manage. Ask yourself how you will assign roles to boxes and you will soon end up solving the same "role assignment problem" on a different abstraction level
09:49 babilen I like using pillars for roles as they are easily reassigned and do not require you to manage any local state on the minion
09:50 pbandark ok. let me rethink and see how I can seggregate master node and data node of elastic search
09:51 zerocoolback joined #salt
09:51 babilen The downside with that is that you can't easily use them in pillar assignments but external pillars such as pillarstack allow you to work around that (ensure that they are evaluated first by setting ext_pillar_first in your master configuration)
09:52 pbandark ok
09:52 * pbandark need to read about external pillars
09:53 pbandark babilen: so if anyone wants to do string comparison as how I was trying to achive, whats the recommended way ?
09:56 babilen You can split the hostname and test for membership of 'master' in the resulting list - But generally I wouldn't write logic like that at all in the SLS
09:56 babilen I'd assign roles in top.sls where you can use all matchers
09:57 pbandark ok
09:58 geomacy joined #salt
09:58 babilen My general approach is to rather have (composable) small SLS with little logic (and no "assignment" logic) that are being targeted from top.sls than long complicated SLS with many branches
09:58 babilen But that's a matter of style
09:58 pbandark agreed. thats more easy way :)
09:59 pbandark thanks for info babilen
10:00 babilen Sorry .. I probably just left you with a lot of reading and thinking to do now :)
10:01 ronnix joined #salt
10:01 pbandark ha ha. thats fine. :)  as of now I am plaining to make use of top.sls to segregate master from data node
10:04 sh123124213 joined #salt
10:04 J0hnSteel joined #salt
10:14 mpanetta joined #salt
10:42 Dev0n hey, so what would be a sane approach to running the same state on a machine with a different "configuration"? Should my top.sls file do something like - <service>.<config1>,  - <service>.<config2> for example and have a <config1>.sls and <config2>.sls within the <service> dir?
10:53 JohnnyRun joined #salt
10:53 rahav have anyone tried rsync of salt repo recently
10:53 rahav i tried now and the connection times out
10:53 rahav im using the command rsync rsync://repo.saltstack.com
10:57 Prajith joined #salt
10:57 Prajith Hi team, is it possible to provision vm using salt state ?
11:02 sh123124213 joined #salt
11:34 sh123124213 joined #salt
11:35 DEger joined #salt
11:44 babilen Dev0n: I'd write a generic state and provide the configuration via pillars
11:45 babilen But the best approach really depends on the nature of those differences. You might want to read https://docs.saltstack.com/en/latest/topics/best_practices.html for an overview of, well, best practices
11:46 babilen rahav: Did that ever work?
11:48 rahav i believe there are some users who have used rsync to ship salt repos in their local environment
11:49 nikdatrix joined #salt
11:54 babilen Ah, https://github.com/saltstack/salt/issues/29222 was finally closed last year
11:54 saltstackbot [#29222][MERGED] repo.saltstack.com should support RSYNC | Our internal servers have (rightly) no Internet access. We've been mirroring the EPEL repo but would like to use the official packages instead....
11:55 babilen The commands in there work perfectly here
11:55 babilen So the problem appears to be on your end
11:58 babilen Which error do you get?
12:00 numkem joined #salt
12:08 Dev0n babilen, I am already using pillars to store configuration data for a single service
12:08 Dev0n but the issue is that I want to run two of the same services within a single host
12:08 Dev0n and currently, it's setup in a way that a single host can have one pillar data and one service state using that pillar data
12:09 babilen That would necessitate a different pillar datastructure that reflects this, I guess. A simple list or dictionary with, say, unique identifiers as keys and the respective configuration as value
12:11 babilen You could then iterate over the multiple service states and configure it
12:11 Dev0n so, /pillar/service/{config1.sls, config2.sls}, then pillar top.sls with service and confg1 and 2 as sub keys
12:11 babilen Just, as an idea, it might be an idea to use containers for these services
12:11 Dev0n the in my /salt/service/init.sls, I would loop through the configs and apply the config?
12:12 Dev0n babilen, I am using docker containers
12:12 Dev0n so a service will be run inside a docker container
12:12 babilen But you are targeting multiple containers to the same host?
12:13 Dev0n yea I have a db, redis, node container all in the same host
12:13 Dev0n I'm having to run another node container with some config changes
12:13 Dev0n this node container is from the same codebase, the only thing that will change is the config for it
12:13 Dev0n so I don't want to create another state for it
12:15 zerocoolback joined #salt
12:15 babilen Sounds as if the only change right now is to introduce some unique identifier (even if generated) and loop over your service configuration elements. Use the identifier in the service names and you should be done
12:15 Dev0n so this loop will be based on some pillar keys right?
12:16 Dev0n as I mentioned above, the pillar key for that service will contain the two configurations, the node state will just loop these configs and apply the relevant data?
12:17 jas02 joined #salt
12:18 babilen http://paste.debian.net/928345/ something along those lines
12:19 babilen Or generate the unique id and pass a list
12:19 sh123124213 joined #salt
12:21 Dev0n Ahh that's clear, thanks babilen. Would the nested pillars still map to files in the pillar dir? So would I be able to get some_config to be assigned with pillar data from /srv/pillar/docker/some_config for example?
12:22 Ricardo1000 Hello
12:23 Ricardo1000 I have a strange behaviour of salt, when I execute salt 'minion' state.apply , minion execute states, but when I run  salt 'minion' state.apply test_state it return endering SLS '/base/states/test_state' failed. Please see master log for details.
12:24 Ricardo1000 What it may be ?
12:24 Tanta joined #salt
12:29 squishypebble joined #salt
12:29 evle1 joined #salt
12:30 lietu joined #salt
12:32 lietu I'm trying to store secrets in pillar files encrypted with GPG, I've got things set up so I can now do this, but I'm not sure how to quote the values properly so they end up in pillar properly .. I'm testing with the value %{$secret and all I get out is %{ so obviously it's being read, but this is some escaping issue
12:33 lietu I'm using foo-secret: | \n and then the -----BEGIN PGP MESSAGE----- ... -multiline message
12:34 gmoro joined #salt
12:35 schinken left #salt
12:46 edrocks joined #salt
12:51 khodgson joined #salt
12:53 DEger joined #salt
12:54 DEger joined #salt
12:56 thijn__ joined #salt
12:57 Praematura joined #salt
12:59 thijn__ question.. just starting out in salt..  im doing something wrong...     Function: user.present
12:59 thijn__ gid value is not being used
12:59 thijn__ - gid: 700
13:00 thijn__ Changes:
13:00 thijn__ ----------
13:00 thijn__ fullname:
13:00 thijn__ testuser
13:00 thijn__ gid:
13:00 thijn__ 1006
13:00 thijn__ shouldn't the gid value be used as the uid value is?
13:01 Flying_Panda joined #salt
13:01 Drunken_Panda joined #salt
13:02 thijn__ as far as i know i just made a user.sls file and calling that file from the cli.. using salt 2016.11.3 (Carbon)
13:03 domel joined #salt
13:03 lietu how about you paste the full user.sls to e.g. the URL mentioned in the title, or a pastebin of some sort?
13:04 thijn__ oh i appologize.. didnt see the title being that big
13:09 thijn__ let me rephrase and i appologize for the previous spam.   what am i doing wrong:
13:09 thijn__ https://gist.github.com/anonymous/2ec96ed775bc69cddd17390a9f183179
13:10 lietu well you have "gid" and "gid_from_name" set, I would imagine those are in conflict
13:11 lietu if you want to create a new group with a specific gid (which sounds unlikely) you should probably use a separate state for that first
13:12 thijn__ right... well that was what i wanted.. custom uid with matching groupid
13:13 thijn__ i had allready a state creating groups. i assumed i could do the same in this state
13:14 thijn__ what is the gid option used for then? if not setting the numerical value of a group belonging to this user?
13:14 dezertol joined #salt
13:15 lietu commented https://gist.github.com/anonymous/2ec96ed775bc69cddd17390a9f183179#gistcomment-2066607
13:15 lietu https://docs.saltstack.com/en/latest/ref/states/all/salt.states.user.html#salt.states.user.present for documentation on how it's used
13:16 thijn__ thanks lietu u was looking at https://docs.saltstack.com/en/latest/ref/states/all/salt.states.user.html#management-of-user-accounts
13:16 lietu if you scroll down the "gid" is explained in detail
13:16 thijn__ lietu ... brilliant :) your comments work :)
13:17 lietu is there a reason you want the specific uid/gid and not autogenerated ones?
13:18 thijn__ i have some policies.. mapping certain groups to certain peeps
13:18 lietu sure, but you can manage groups and users without having fixed uid/gid in most cases
13:18 XenophonF thijn__: at some point you end up recreating a directory service in salt
13:19 XenophonF you might be better off using a proper directory service in those cases
13:21 thijn__ true.. the thing is. i have a bunch of machines not at the same location. i have about 60 customers where i have machines.. and some are very restricitve on the connectivity from those locations.. so a directory service is not allways possible,
13:21 XenophonF understood
13:21 thijn__ and until i get that going this is the only way the get uniform uid/gid :(
13:22 thijn__ thanx for thinking with me though :)
13:22 lietu yea but again, is there a reason you need the uid/gid to be specific?
13:22 lietu why not refer to users with their username, and groups with their group name?
13:23 XenophonF there's a lot of reasons why one would want that
13:23 XenophonF consistent UIDs/GIDs makes restoring backups less fraught
13:23 lietu true
13:23 XenophonF b/c tar and friends only store IDs, so on restore if things aren't consistent, you end up with semantically incorrect file ownerships
13:23 thijn__ indeed.its also about moving data between systems
13:23 lietu though how often do you juggle backups between random systems?
13:24 lietu mm'kay
13:24 XenophonF thijn__: check out ldap states
13:24 XenophonF omg, so awesome
13:25 XenophonF i just started using them to provision openldap directory servers
13:25 lietu anyway, anyone have ideas on how to get GPG encrypted values to be quoted after decryption?
13:25 thijn__ XenophonF: ..looking
13:25 XenophonF so i can use salt to create a directory server very easily, all managed statefully
13:25 XenophonF my next thing to try is to use those states to do stuff in Active Directory
13:26 XenophonF lietu: what kind of quoting?
13:26 XenophonF GPG decryption happens _after_ YAML parsing
13:26 XenophonF so the plaintext gets put into a variable verbatim
13:26 XenophonF if you need to re-encode that somewhere down the line, you have options like the |yaml_encode filter
13:26 lietu the kind that the value comes out properly ;) .. I've stored %{$secret in the GPG value, when I print it with pillar.get I get %{
13:26 XenophonF (which I make liberal use of)
13:27 XenophonF there's also Jinja's |escape filter, IIRC
13:27 XenophonF hang on let me RTFM
13:27 lietu all the guides say just use secret-name: |\n <indent>-----BEGIN PHP MESSAGE-----... and that result doesn't seem to work right
13:28 XenophonF ah it's the |e filter
13:28 XenophonF http://jinja.pocoo.org/docs/dev/templates/#html-escaping
13:28 lietu but this has nothing to do with jinja either really
13:28 XenophonF so the key thing is to get the shebang right
13:28 thijn__ XenophonF: that does look nice.. ldap states.. right now i am just test running salt... see if it can do what we need to do and so far quite impressed
13:28 lietu I simply have a value stored in pillar that I'm outputting with "salt-call pillar.get"
13:29 XenophonF lietu: for example - https://github.com/irtnog/salt-pillar-example/blob/master/defaults/domain-member.sls
13:29 ssplatt joined #salt
13:31 lietu https://gist.github.com/lietu/c26f3d8410b1a5f9ec50e416c4e638e1
13:32 XenophonF lietu: hang on a sec, let me try
13:32 antpa joined #salt
13:33 SaucyElf joined #salt
13:35 XenophonF what version of Salt are you running, lietu?
13:35 lietu seems like salt 2017.5.0-323-g408699a
13:36 XenophonF it works for me - i encrypted `%{$secret` using gpg, assigned that to a pillar key, and got it back out
13:36 lietu hmm
13:36 lietu god damnit, I must've messed up the encryption step, not used single quotes or something, sec ;)
13:36 XenophonF probably :)
13:37 XenophonF emacs + epa-encrypt-region = a tolerable gpg-encrypted value user experience
13:39 lietu ugh, my idiocy has been confirmed .. I followed the guide a bit too carefully and didn't realize that I should switch the double quotes to single quotes
13:39 lietu thanks
13:46 Dev0n why you have a loop within a state file, is there a special way to access the context of this loop within a jinja template or do I just have to use the context key to pass the values into the template?
13:46 rlatimore joined #salt
13:46 Dev0n why = when*
13:46 XenophonF Dev0n: what do you mean?
13:46 Dev0n XenophonF, example I found online: https://gist.github.com/renoirb/7272880
13:46 Dev0n you see how file.managed is setting a context
13:47 Dev0n is that needed explicitly or is there another way to access the args within the template file?
13:47 Dev0n because it's within the context of the loop, I thought this would also be passed into the template somehow
13:50 scoates joined #salt
13:51 XenophonF no that's how you do it
13:51 XenophonF although you wouldn't use {{ args }} in the value of the context variable
13:51 XenophonF instead do {{ args|yaml }}
13:51 tapoxi joined #salt
13:52 XenophonF that way things get serialized properly when Jinja renders the SLS file
13:52 XenophonF also you don't need to use the .items() method - use Jinja's |dictsort filter
13:53 Dev0n XenophonF, ahh great, just wanted to make sure
13:53 XenophonF hm, i'm not sure i have any examples of context variables in my own configs, but let me double-check
13:53 Dev0n I am able to get args working as it is without passing in yaml, is there any reason why that's working?
13:53 Tanta I like do do {% yams = pillar['yams']|yaml %}
13:53 yuhl______ hemebond: thank you for the tip: {% include "id/"++salt['grains.get']('id')+".sls" ignore missing %}
13:54 yuhl______ worked well !
13:54 XenophonF Dev0n: not sure - is args just a string?
13:54 brousch__ joined #salt
13:54 XenophonF you might just be getting lucky
13:54 XenophonF safer to use |yaml or |yaml_encode
13:54 Dev0n ahh, it is for testing, it will however be an object
13:54 Dev0n gotcha, will use | yaml, never seen that in any salt examples
13:54 XenophonF b/c people are sloppy
13:54 XenophonF ;)
13:54 Dev0n heh
13:55 Dev0n also most examples use .items(), and advantages to using dictsort?
13:55 Dev0n any*
13:56 XenophonF dictsort is the Jinja idiom; .items() is Python
13:56 XenophonF I don't like mixing languages like that.
13:56 XenophonF It's like sprechening Deutsch in the middle of English.
13:56 XenophonF ;)
13:56 Dev0n ahh makes sense
13:56 XenophonF sorry German friends
13:57 Dev0n so will just be, {% for site, args in pillar.get('sites', {}) | dictsort %}
13:57 XenophonF almost!
13:57 Dev0n but pillar.get is python so there is still a mix?
13:57 XenophonF use salt.pillar.get(...)
13:57 XenophonF the pillar.get method is from the dict class
13:57 XenophonF you want Salt's version, which includes the default return value option there
13:58 lietu is there a good reason to prefer salt.pillar.get instead of pillar["variable"]?
13:58 Dev0n {% for site, config in salt['pillar.get']('sites', {}) | dictsort %}
13:58 Dev0n is what I actually have in my file, sorry was referencing the example I found online
13:58 XenophonF lietu: yes - you get a default value instead of KeyError
13:58 XenophonF when the key doesn't exist
13:59 XenophonF plus salt.pillar.get() will return the default if any key in the hierarchy is missing
13:59 lietu personally I prefer keyerrors, I like the defaults to be set up in a pillar file anyway
13:59 XenophonF YMMV
13:59 lietu cool, so it's pretty much as I thought
13:59 XenophonF yup!
13:59 ping0ra joined #salt
14:00 khodgson joined #salt
14:00 XenophonF there are some cases where i use mapping['key']|default(...) instead
14:00 Dev0n I take it there is no | dict pipe that will just give me a dict instead of sorting it as well?
14:00 Dev0n (don't really care for the sorting)
14:00 XenophonF usually in cases hwere i'm iterating over list data
14:00 XenophonF ah
14:00 XenophonF no
14:00 XenophonF actually you can't rely on dictionary key ordering
14:01 Dev0n yup, just wondering why they have a | dictsort
14:01 stooj joined #salt
14:02 jas02 joined #salt
14:02 Dev0n thanks XenophonF, context/dictsort/yaml pipe all working in the loop and template
14:02 XenophonF great!
14:03 Dev0n is there a .get() equivalent I can use in the template now that I don't have pillar and salt to make the call?
14:03 Dev0n to avoid KeyErrors
14:03 XenophonF unfortunately no
14:03 Dev0n gotcha
14:03 XenophonF fortunately, you can use the jinja |default filter
14:03 Dev0n I don't see myself using keys that don't exist but will keep a note of | default, thanks
14:04 XenophonF http://jinja.pocoo.org/docs/dev/templates/#default
14:04 XenophonF i used that heavily in my shibboleth formula
14:04 Dev0n perfect :)
14:04 XenophonF https://github.com/irtnog/shibboleth-formula/blob/master/shibboleth/idp/files/conf/metadata-providers.xml
14:05 Dev0n ah nice
14:05 XenophonF oh no it's horrible!
14:05 jdipierro joined #salt
14:05 XenophonF took me _ages_ to get Jinja to output nice-looking XML
14:06 XenophonF would have much preferred to use file.serialize
14:06 Dev0n if only there was a formatter that would make the output nicer
14:06 XenophonF some versions of the docs referenced an xml serializer that never existed :(
14:07 Dev0n I've not touched any XML for years
14:07 Dev0n would like to keep it that way :P
14:07 XenophonF :)
14:13 muxdaemon joined #salt
14:21 mpanetta joined #salt
14:26 XenophonF thijn__: here's a preview of an upcoming paper I'm writing for Internet2
14:26 XenophonF thijn__: this is how I used Salt to deploy the OpenLDAP back end for our SAML attribute authority
14:27 XenophonF thijn__: https://gist.github.com/xenophonf/97235cc52d57b969047ded482b67c32b
14:28 XenophonF thijn__: note the clever use of jinja plus |join and |yaml_encode filters to improve the readability of OpenLDAP ACLs
14:28 XenophonF ;)
14:30 stooj joined #salt
14:31 thijn__ XenophonF: thanx!!!! bookmarked!! :) just give me a bit of time to become fluent in salt.. my flighthours with salt is less then 8 hours :)
14:32 colegatron joined #salt
14:33 thijn__ afk
14:36 XenophonF haha welcome aboard! :)
14:37 XenophonF that reminds me - I need to put together a set of clean Git repos that start out with a simple Salt master config using formulas, and bootstrapping the master with a well-documented script
14:37 XenophonF and then each change set cranks the complexity knob a little bit
14:38 XenophonF i spent a week using salt to teach my colleagues how i deploy and maintain our federated IAM services, and that's precisely the approach I took
14:38 XenophonF started small, then each commit added a feature or fixed a problem or documented something
14:39 XenophonF SaltStack's own documentation is nice, but I think it'd be good to have something more directed.
14:39 XenophonF esp for newbs
14:39 Dev0n if I'm running a bunch of services with different pillar config but using the same state, what's a sane approach to only update one of those services?
14:40 XenophonF Dev0n: can you post an example of what you mean?
14:40 XenophonF like, are you talking about multiple web sites running on the same server?
14:40 Dev0n I don't have an example yet as I'm trying to plan out how to actually write it lol
14:40 Dev0n yea XenophonF
14:41 XenophonF well, hm, let's make some assumptions
14:41 Dev0n so if I have site1 and site2, and site2 needs updated with a feature that's not enabled in site1
14:41 Dev0n same codebase, different config
14:41 XenophonF well then let's say you have a list of features for each site
14:41 XenophonF you loop over the list of sites
14:41 XenophonF and inside that you loop over the list of features
14:42 XenophonF and inside that you have a state, perhaps with a state ID of {{ site_name }}_enable_feature_{{ feature_name }}
14:42 XenophonF and that state ID enables the feature - let's say it has to install something, so it's a pkg.installed state
14:42 Dev0n well, the features will be set in the configuration for each site but yea, similar
14:43 XenophonF ok
14:43 XenophonF let's say you have to restart a parent process to make that all work
14:43 XenophonF or reload, or whatever
14:43 Dev0n yup
14:43 XenophonF and that parent hosts all the sites
14:43 Dev0n well, my setup is that I have an nginx instance for each site running in a container
14:44 Dev0n and one single haproxy to lb and channel requests into the correct nginx container
14:44 XenophonF ok, so let's say you have to restart that nginx service
14:44 Dev0n ok
14:44 XenophonF so somewhere outside of one (or both) of the loops, you have a service.running state for nginx
14:44 Dev0n yup
14:45 XenophonF on your _innermost_ states, the one that enables/disables the feature, add a watch_in or onchanges_in requsite referring to the _outer_ service.running state
14:45 XenophonF https://docs.saltstack.com/en/latest/ref/states/requisites.html
14:45 XenophonF that will signal the service state to restart/reload
14:45 Dev0n I'm already using requisites for things like building container before running it etc
14:46 XenophonF righto
14:46 Dev0n ahh
14:46 Dev0n I think I get you
14:46 XenophonF you need to use the _in requisites to mutate the service (or whatever) state b/c you're building those other states programmatically
14:46 Dev0n keep a watch for the config file
14:46 XenophonF yup
14:46 colegatron Hello. I need to get the current timestamp to use it in a state message. inside a state. Any idea how to archive it? (https://pastebin.com/MPKxYkZA)
14:46 XenophonF hang on I can show you a concrete example of what I mean
14:46 Dev0n that would be great
14:47 colegatron there is no grain with that info
14:47 WesleyTech joined #salt
14:48 XenophonF Dev0n: https://github.com/irtnog/shibboleth-formula/blob/master/shibboleth/sp/init.sls#L65
14:48 khodgson joined #salt
14:48 colegatron the idea is to send a metric to the monitoring system every time the state is run.
14:48 jas02 joined #salt
14:48 Dev0n colegatron, could do something like {{ None|strftime('...') }}
14:48 Dev0n ... being whatever time formats, %Y %H... etc
14:49 Dev0n XenophonF, line 65 and below right?
14:49 XenophonF so in that example, i'm generating file.managed states that I add as watch requisites for to the `service: shibsp` state
14:49 XenophonF yup
14:49 colegatron DevOn strftime comes from package time, do that means salt is going to automatically import time?
14:49 XenophonF the for loops are there just to iterate over the right data structures
14:49 stooj joined #salt
14:49 XenophonF colegatron: the |strftime filter is part of salt
14:49 XenophonF actually, it adds that to jinja's list of filters
14:50 XenophonF hang on let me find you chapter and verse
14:50 Dev0n yea jinja
14:50 colegatron XenophonF, ummm. I have to have a look to filters
14:50 DammitJim joined #salt
14:50 XenophonF colegatron: https://docs.saltstack.com/en/latest/topics/jinja/index.html#filters
14:51 XenophonF and if you haven't also already seen this, http://jinja.pocoo.org/docs/dev/templates/
14:51 colegatron aah, ok, it's jinja :) I thought about salt states and forgot jinja.
14:51 colegatron tnx
14:52 Dev0n XenophonF, ok think I've got an idea from your example, will give this a try, thanks
14:55 Flying_Panda joined #salt
14:55 Drunken_Panda joined #salt
14:55 DammitJim is anyone else experiencing this? https://github.com/saltstack/salt/issues/38538
14:55 saltstackbot [#38538][OPEN] DEBUG statement "Passing on Saltutil error. This may be an error in saltclient." appearing while waiting for provisioning to finish on Windows. | Description of Issue/Question...
14:55 DammitJim Applying states is soooo slow
14:55 ping0ra joined #salt
14:56 keltim joined #salt
14:56 jas02 joined #salt
14:58 khodgson joined #salt
14:58 sarcasticadmin joined #salt
14:59 Praematura joined #salt
15:03 mikecmpbll joined #salt
15:04 cscf So I made my first pull request to salt yesterday, can anyone tell me why CI is failing? https://github.com/saltstack/salt/pull/40754
15:04 saltstackbot [#40754][OPEN] file.manage_file: uppercase checksums now work | What does this PR do?...
15:06 cro joined #salt
15:10 rem5 joined #salt
15:11 ping0ra joined #salt
15:19 XenophonF cscf: i clicked through to the saltstack jenkins server
15:20 XenophonF it says "GitHub commit status is ERROR"
15:20 XenophonF dunno what that means
15:20 XenophonF see where it says "Pull Requests... : FAILURE"?
15:20 XenophonF https://jenkins.saltstack.com/job/PR/job/salt-pr-dsl/3606/console
15:21 cscf XenophonF, yeah exactly, no real message, just errors
15:21 cscf Like, it's a 4-line commit
15:21 XenophonF https://jenkins.saltstack.com/job/PR/job/salt-pr-rs-cent7-n/10658/consoleFull#5230031496448e26-18c1-4b86-8630-0912afa3864a
15:21 cscf XenophonF, hey, look at this https://jenkins.saltstack.com/computer/pr/
15:22 XenophonF No test reports found for the metric 'JUnit' with the resolved pattern 'artifacts/unittests/*.xml'. Configuration error?.
15:22 cscf It looks like all jenkins builds on this computer are stuck at ~80%
15:22 XenophonF that's in the minion bootstrap logs
15:22 XenophonF i'm thinking something's buggy with saltstack's jenkins instance
15:23 cscf Well, I'm glad it's not a problem with my code.  I'd like to get this accepted soon.  My first PR for Salt.  Kinda excited
15:23 XenophonF :-D
15:23 XenophonF congrats!
15:23 XenophonF i got a PR accepted a week or two ago
15:23 XenophonF feelsgoodman
15:24 XenophonF of course it was a one-line change to return {} instead of return False :)
15:25 edrocks joined #salt
15:25 Trauma joined #salt
15:25 XenophonF I'm expecting a job offer any minute now...
15:28 sp0097 joined #salt
15:30 jdipierro joined #salt
15:35 coval3nce joined #salt
15:36 PatrolDoom joined #salt
15:37 PatrolDoom joined #salt
15:38 coval3nce left #salt
15:38 PatrolDoom joined #salt
15:39 sysadmin75 joined #salt
15:41 mikecmpbll joined #salt
15:41 XenophonF aaaaaannnnnny minute now....
15:45 Inveracity joined #salt
15:46 aneeshusa joined #salt
15:47 dezertol joined #salt
15:47 khodgson joined #salt
15:53 greyeax joined #salt
15:53 Brew joined #salt
15:55 WesleyTech_ joined #salt
15:58 leonkatz joined #salt
15:58 leonkatz joined #salt
16:00 rem5_ joined #salt
16:02 leonkatz joined #salt
16:03 leonkatz joined #salt
16:04 fxhp joined #salt
16:05 onlyanegg joined #salt
16:09 Pyro_ joined #salt
16:15 Praematura joined #salt
16:16 khodgson joined #salt
16:17 speedlight joined #salt
16:17 XenophonF joined #salt
16:25 winsalt joined #salt
16:27 winsalt Im seeing No matching sls found for in env 'base', but salt-run fileserver.file_list shows the sls im trying to run.  Anyone know what could cause that?
16:29 vexati0n joined #salt
16:31 khodgson joined #salt
16:34 Pyro_ joined #salt
16:36 tiwula joined #salt
16:38 Dev0n anyone know why the --rm equivalent is missing from the dockerng.running state?
16:43 XenophonF winsalt: you could have other target lists that are empty
16:43 XenophonF what does file_roots look like on your master, for starters?
16:44 XenophonF also on your minion, what does `salt-call state.show_top` return, or cp.list_master?
16:49 winsalt file_roots is /srv/salt, and this is an orchestration im trying to run.  salt-run state.orchestrate test says /srv/salt/test.sls cant be found
16:50 whytewolf if it has the full path then you put it in your orchestration wrong. it should just be test [for /srv/salt/test.sls]
16:52 winsalt yeah, "salt-run state.orchestrate test" gives "No matching sls found for 'test' in env 'base'" with /srv/salt/test.sls existing
16:53 Splix76 joined #salt
16:54 Splix76 Hello, I have a question on restarting a service in the salt.states.service. The salt.module.service as a restart function built in, however the salt.state.service does not. I have created two entries, one a service.dead followed by a service.running. Is there a cleaner single entry example to restart in a state as you do in the module?
16:55 whytewolf Splix76: you really want to restart the service everytime the state is ran?
16:56 Splix76 Yes, it's not a state that will be run in highstate, it's pushed to icinga2 clients and the restart forces the client to pull the most recent commands.conf from the icinga2 server.
16:56 impi joined #salt
16:56 Splix76 so the restart is required whytewolf
16:57 whytewolf Splix76: are you changing commands.conf in the same state?
16:57 Splix76 the commands.conf is changed on the icinga2 server, the clients pull that file down if it does not exist when service starts. I rename the commands.conf to commands.conf.bkYYYYMMDD and restart the service to pull the most recent file down from the server.
16:57 prg3 joined #salt
16:58 whytewolf well you could always just use module.run server.restart
16:58 whytewolf basicly your asking to put a non stateful thing in a state.
16:59 Splix76 I suggested that I push the commands.conf file via file.manage however the decision was to let icinga2 push the file out.
16:59 impi joined #salt
16:59 Splix76 This is a request to have me reach out and make icinga2 monitored hosts compliant with changes so the conf file pushed from the server wont' crash the checks.
17:00 Splix76 unless the stat is run to install software packages and push a .pl file out, the commands.conf will break monitoring due to dependencies failed. So the state is for the stuff around the commands.conf, and the rename / restart forces the client to pull the updated file when it's compliant.
17:00 Splix76 I agree, not traditional use case
17:01 whytewolf sounds like a hot mess
17:01 whytewolf but yeah if you just want a restart, thn module.run a server.restart
17:02 whytewolf https://docs.saltstack.com/en/latest/ref/states/all/salt.states.module.html#salt.states.module.run
17:02 Splix76 I don't need a server, or service.restart?
17:02 Splix76 sorry... bad wording.  Do you mean service.restart or server.restart?
17:02 whytewolf sorry yes, still morning service.restart
17:03 whytewolf module.run: - name: service.restart - m_name: <service to restart>
17:03 Splix76 Thanks whytewolf , sounds like my options are to run service.dead at the start of the state then start it back up when changes are done or issue the restart manually. Since the state is not intended to be pushed out via highstate, both have the same net result.
17:04 whytewolf well service.dead would require a service.start also
17:04 s_kunk joined #salt
17:04 edrocks joined #salt
17:04 whytewolf serivce.restart is just the restart
17:04 andy____ joined #salt
17:04 andy____ left #salt
17:05 whytewolf if you had something to trigger off of then a watch: on a service.running would work. but that doens't sound like the use case here
17:05 aandy joined #salt
17:05 aneeshusa joined #salt
17:05 khodgson joined #salt
17:06 whytewolf winsalt: sorry forgot to say, you might need to clear your cache. or check your configs and make sure the /srv/salt really is set to base.
17:06 winsalt i did salt-run fileserver.clear_file_list_cache, is there another cache I need to purge?
17:08 whytewolf winsalt: you could do a manual clearing of the cache.
17:08 Splix76 whytewolf, here is the state to give you an idea of the goal. https://paste.fedoraproject.org/paste/VlDj0b4~ogYX9gORPlwQ8F5M1UNdIGYhyRLivL9gydE=
17:09 Splix76 Thanks for the discussion, it helped me decide to use a .dead before rename and .running after vs. a manually salt 'hostname' service.restart icinga2
17:09 whytewolf Splix76: I wasn't saying run the full salt command for service.restart ...
17:10 Splix76 oh, I misunderstood then.
17:10 whytewolf module.run lets you run a module in a state. so you could put service.restart in your state
17:10 Splix76 not uncommon when coffee supplies are low... :D
17:10 Splix76 oh wow!  Going to go read up on module.run now.
17:10 Splix76 Thanks.
17:11 Splix76 In this case, the dead before renaming config files makes sense to me, but I want to know how that module.run works so I am headed to the docs now.
17:11 gnord joined #salt
17:11 whytewolf although how is icinga2 going to react to pulling it's configs out from under it while it is running? if it is fine. to use the restart after if not. the .dead .running makes more sense
17:12 Splix76 I don't know for sure, I believe it will keep running but it may have an issue. I agree with you on the .dead making sense for safety.
17:13 Splix76 however, the salt.states.module with the .run option is still very interesting to me. I am going to use it in the future I am sure.
17:13 whytewolf it comes in handy, it is rather like cmd.run but with modules
17:13 whytewolf there is also a module.wait which works like cmd.wait
17:15 aandy is there a known remediation for https://github.com/saltstack/salt/issues/40749 if you're bootstrapping minions through salt-cloud (and the bootstrap_salt script)
17:15 saltstackbot [#40749][OPEN] cp.get_url reports 'args' parameter should be dict, list or tuple. Not <type 'NoneType'> | Description of Issue/Question...
17:15 aandy s/remediation/workaround/
17:16 khodgson joined #salt
17:16 Splix76 Great tips whytewolf, thanks again.
17:17 whytewolf aandy: downgrade tornado?
17:21 aandy right - I was looking for whether there's a known convenient way to do so across a group of minions
17:22 aandy bit new to interacting with pip; pip install -Iv {old tornado version} didn't do the trick when the problem emerged yesterday
17:23 whytewolf pip install tornado==<version>
17:30 pcn I have this pr: https://github.com/saltstack/salt/pull/40750 and it seems like jenkins is failing on other things in develop?
17:30 saltstackbot [#40750][OPEN] Add aws detailed monitoring toggle | What does this PR do?...
17:31 whytewolf pcn it happens now and then. basicly let them know in the pr. they will verify.
17:31 whytewolf if they don't already know
17:43 winsalt whytewolf, i deleted a bunch of stuff in /var/cache/salt, with no change unfortunately.  Thanks for helping anway
17:47 XenophonF oh... module.wait
17:47 XenophonF can i use that in orchestration?
17:47 XenophonF hm, or maybe i need a reactor...
17:48 domel joined #salt
17:51 cyborg-one joined #salt
17:52 Praematura joined #salt
17:53 domel noobie question but is there a way in salt state to print value of a variable to standard out?
17:53 pcn K, thanks whytewolf
17:57 it_dude joined #salt
17:58 whytewolf XenophonF: not sure why you would need module.wait in an orchestration.... in an orchestration you can wait_for_event. or you can use onchanges
17:58 whytewolf winsalt: then we need to know more about your enviroment.
17:59 whytewolf winsalt: are you using gitfs? if not the contents of your file_root: also we need the contents of the orchestration state.
18:00 rem5 joined #salt
18:00 cyteen joined #salt
18:03 _JZ_ joined #salt
18:04 woodtablet joined #salt
18:07 winsalt I tried to make it as simple as possible for testing, https://bpaste.net/show/5726275d8a3e
18:07 MTecknology With requisites, does X_in: always insert itself into that state?
18:08 whytewolf it attempts to.
18:08 whytewolf think it will throw an error if it doesn't exist
18:09 MTecknology excellent.. that explains my confusion
18:09 KyleG joined #salt
18:09 KyleG joined #salt
18:09 whytewolf winsalt: is test.stdout_print a custom runner?
18:10 winsalt i found it here, https://docs.saltstack.com/en/latest/ref/runners/all/salt.runners.test.html
18:11 whytewolf ahhh humm, a runner i didn't know about
18:12 wendall911 joined #salt
18:13 whytewolf humm, the orchestration works. so it isn't a failure in the orchestration file.
18:13 whytewolf have you restarted the master?
18:13 carlwgeorge joined #salt
18:14 carlwgeorge gtmanfred: hehe, you would be the op in here
18:14 winsalt yeah i rebooted, cleared caches, im at wits end.  its annoying that it cant even find the file
18:16 nixjdm joined #salt
18:16 winsalt if I do "salt-run fileserver.file_list | grep test.sls" it shows it too
18:16 censorshipwreck joined #salt
18:16 whytewolf winsalt: well it is confusing. i can't replicate the issue.
18:17 DEger joined #salt
18:17 winsalt i cant replicate it on other masters either, they are the same version, same distro etc.
18:17 whytewolf what distro?
18:17 LeProvokateur joined #salt
18:18 winsalt centos 7
18:18 whytewolf try this
18:18 whytewolf setenforce 0
18:19 winsalt nope :(
18:19 whytewolf still isn't finding it after that?
18:19 whytewolf damn not selinux then
18:21 impi joined #salt
18:22 winsalt its incredibly frustrating, it was even working earlier this week and I dont know of anything that changed/updated
18:22 impi joined #salt
18:25 impi joined #salt
18:26 whytewolf winsalt: just for testing, try moving the file.
18:26 whytewolf just rename it or something
18:27 domel what if you do test then init.sls
18:27 domel inside test
18:27 impi joined #salt
18:28 winsalt renamed it to orch.sls, still nothing.  made test/ and moved it to test/init.sls, still nothing
18:29 whytewolf strange
18:29 domel what about creating orch dir seems like all examples use it
18:30 domel so salt-run state.orch orch.test
18:30 impi joined #salt
18:30 whytewolf domel: most likely that won't help
18:31 whytewolf try 'salt-run -l debug fileserver.update' see if there are any issues with reading the filesystem
18:32 whytewolf maybe even -l trace
18:32 winsalt i thought fileserver.update was for remote stuff but ill try it
18:32 aldevar joined #salt
18:33 antpa joined #salt
18:33 englishm_llnw joined #salt
18:34 whytewolf it mostly is for remote fileservers
18:35 winsalt didnt see any errors from fileserver.update, still nothing though.  Think I might be makin a bug report soon
18:37 winsalt but not being able to replicate it on the other masters we have, that are configured the same is troubling
18:37 whytewolf it makes me think it isn't salt. but an operating system thing
18:39 winsalt well it has to be something specific to this server, because the other masters are on the same OS and it works there
18:42 winsalt WTF
18:42 winsalt ok so I deleted the pillar directory and it worked :/
18:44 londo joined #salt
18:44 whytewolf /me cocks head to the side
18:44 * whytewolf wonders where that space came from
18:49 jas02 joined #salt
18:49 aneeshusa joined #salt
18:54 it_dude joined #salt
18:55 winsalt looks like it might be the top.sls somehow
18:56 whytewolf strange. although kind of makes a little sense. part of the orchestration is running pillars. and if the pillars are blowing up it can have problems. but i don't see how it could cause not able to find the orch file
18:56 theblazehen joined #salt
18:58 antpa joined #salt
19:04 hardyfresh joined #salt
19:05 antpa joined #salt
19:08 gnord joined #salt
19:09 hardyfresh Is it possible to include pillar data from another pillar? I'm trying to use a formula that expects a gpg public key that I already have defined in another pillar
19:10 hardyfresh The docs suggest that I can put an include block in the target pillar, but I can't seem to access the source pilar's data
19:10 whytewolf hardyfresh: pillar has an include https://docs.saltstack.com/en/latest/topics/pillar/#including-other-pillars
19:11 whytewolf how are you using include. and how are you trying to access it
19:12 hardyfresh https://bitbucket.org/snippets/iseatz/4AzBM
19:12 hardyfresh like that
19:12 hardyfresh two:value is returned as 'None'
19:13 whytewolf ohhh, yeah that isn't going to work
19:13 whytewolf you can't pillar.get inside of pillar
19:13 hardyfresh yeah, I assume that I'm either just doing it wrong or it's not possible
19:14 hardyfresh so do I need to duplicate the two.sls pillar contents in one.sls or is there a dynamic way to accomplish the same goal?
19:14 antpa joined #salt
19:14 WesleyTech_ joined #salt
19:16 jas02 joined #salt
19:16 DEger joined #salt
19:16 cscf hardyfresh, you either duplicate it, or you have state two look for one:value, and include it
19:17 andi- How would you collect information form another host (that isn't a standard pillar, think ssh host key or cert fingerprint)? Is the salt.mine the way to go?
19:17 paant joined #salt
19:17 hardyfresh okay, that's what I was afraid of. I'm using 2 formulas so I don't necessarily have control of where they obtain the pillar data from
19:17 whytewolf hardyfresh: if you need to drasticcly change the way the pillar is formatted you can use jinja to include the yaml, change the format then output it
19:18 hardyfresh oh, that's true. Treat one.sls as a vanilla yaml file and obtain it's contents that way?
19:19 whytewolf yeah
19:20 jdipierro joined #salt
19:21 GP_MikeD joined #salt
19:21 JohnnyRun joined #salt
19:23 hardyfresh yep, that works well enough for me. Thanks whytewolf and cscf
19:23 ChubYann joined #salt
19:28 jas02 joined #salt
19:29 cyteen joined #salt
19:38 nikdatrix joined #salt
19:39 GP_MikeD left #salt
19:41 DEger joined #salt
19:41 cscf Anyone else notice that salt jenkins seems stuck?
19:42 cscf "Build has been executing for 21 hr on pr"
19:44 DEger_ joined #salt
19:45 DEger joined #salt
19:45 jas02 joined #salt
19:46 onlyanegg joined #salt
19:46 DEger joined #salt
19:48 DEger_ joined #salt
19:51 DEger joined #salt
19:52 jas02 joined #salt
19:52 felskrone joined #salt
19:55 DEger__ joined #salt
20:01 mikecmpbll joined #salt
20:02 winsalt whytewolf, finally found the source problem.  Someone used #pyobjects in a pillar file, and somehow including that file fucks everything up
20:04 sh123124213 joined #salt
20:05 whytewolf humm, might wanna submit a bug report on that. to at least fix the fact the the error message was not matching the error
20:06 jas02 joined #salt
20:07 nick123 joined #salt
20:17 candyman88 joined #salt
20:17 rem5 joined #salt
20:17 hasues joined #salt
20:17 hasues If I define a value in pillar, then I define it again with another pillar state, what does that cause?
20:18 khodgson joined #salt
20:18 whytewolf the last value will be the one that gets sent to the minion
20:19 hasues like say I say base gets some attribute.  Then I assign that same attribute because one of the minions gets it with a different value, I note that pillar.items lists it differently
20:20 hasues whytewolf: Okay, I do note that it gets the last value, but it lists it odd.  Let me pastee
20:20 whytewolf well it tries merging.
20:21 pppingme joined #salt
20:21 hasues So when pillars.items lists |_ and then what I would expect, that is an attempted merge?
20:22 whytewolf no that means it is a sub item of the item above it
20:23 whytewolf i think list
20:24 hasue1 joined #salt
20:25 hasues whytewolf: https://paste.pound-python.org/show/AT3CYDDyr999IAFHqwq9/
20:27 hasues brb
20:27 hasue1 left #salt
20:27 hasue1 joined #salt
20:28 hasues joined #salt
20:28 hasues having problems with connectivity...but anyway, that was what I was seeing
20:31 whytewolf hasues: that -_ just means that it is a list item not a dict item
20:31 whytewolf errr |_
20:33 khodgson joined #salt
20:34 jas02 joined #salt
20:45 edrocks joined #salt
20:47 mdpolaris joined #salt
20:50 mdpolaris is anyone familiar with the cherrypy return codes? specifically it seems to return 200 unless you fail authentication or make a request that is formatted poorly.
20:51 mdpolaris What is the thought on handling a correctly formed request but something like the doesn’t exist
20:52 mdpolaris I get a 200, for commands that are not executing. I’m not sure how to handle that from the calling system
20:53 synical joined #salt
20:53 hemphill joined #salt
20:55 fracklen joined #salt
20:58 rylnd hey mdpolaris!
20:58 mdpolaris Hello
21:00 rylnd I have trouble importing yaml from a file and then importing it into a state file. it seems that nested values are not imported correctly, which leaves me a bit puzzled. Here are my files and the error message that I get https://gist.github.com/jbfriedrich/9958d16f50f2c2cc6820969cc0de97a9. I think I am doing something wrong here.
21:03 aldevar left #salt
21:08 SalanderLives joined #salt
21:16 sysadmin75 left #salt
21:19 felskrone joined #salt
21:19 radhac joined #salt
21:22 radhac joined #salt
21:25 hardyfresh rylnd: the webapp_settings that you're importing includes the webapp key
21:25 hardyfresh {% set install_dir = webapp_settings.webapp.install_dir %}
21:25 hardyfresh that's what you need
21:25 hardyfresh or you can change your map.jinja
21:26 hardyfresh so
21:26 hardyfresh to: {% set webapp_settings = salt['pillar.get']('webapp_settings', default=defaults.webapp, merge=True) %}
21:27 smcquay joined #salt
21:34 om2 joined #salt
21:37 khodgson joined #salt
21:39 nikdatrix joined #salt
21:48 khodgson joined #salt
21:48 jas02 joined #salt
21:48 hasues left #salt
21:51 jas02 joined #salt
21:52 rylnd hardyfresh: thank you! but why is 'install_dir = webapp_settings.install_dir' working correctly then? i only have issues with the nested mysql structure
21:52 hardyfresh rylnd: it actually isn't working correctly
21:53 hardyfresh it's just not throwing an error
21:53 rylnd hardyfresh: i could swear that in my tests it worked fine for install_dir. weird.
21:53 rylnd hardyfresh: i will double check that real quick
21:53 hardyfresh that was my first step :)
21:54 hardyfresh install_dir is treated as a key that doesn't exist, so it's value is None
21:54 rylnd hardyfresh: it was late last night/early this morning, so i might have been sleep deprived :-)
21:54 hardyfresh However, the mysql lines cause errors because you're trying to access the db_name key from an object that doesn't exist... if that makes sense
21:55 glyfo joined #salt
21:56 glyf joined #salt
21:57 rylnd hardyfresh: damn you are right and my brain was more friend this morning than i thought :). thanks!
21:57 hardyfresh Well it looks like install_dir causes an error too
21:57 hardyfresh but only when the mysql lines aren't present
21:57 hardyfresh I'd kind of expect the renderer to fail on the install_dir line no matter what
21:57 rylnd yeah so i create a test sls real quick. it is like you said. when i use webapp_settings.webapp.install_dir it works
21:58 hardyfresh well I prefer the map.jinja solution, personally
21:58 hardyfresh but both work
21:59 hardyfresh the map.jinja solution just makes more sense in my own mind because I'm basically importing the top level key from the yaml
21:59 hardyfresh it won't work as well if there are multiple top level keys though so YMMV
22:00 rylnd hardyfresh: thank you so much! i am not sure what i tested last night then. i had a scenario where i had no issues when the db_* values were removed, but i honestly tested a lot of things last night
22:00 rylnd hardyfresh: at least now I know how it works and how to fix it :)
22:00 glyf does anyone know if another patch release of Carbon is planned? (e.g. 2016.11.4)
22:02 rylnd glyf: not sure if it is planned, but 5 days ago a tag was added on github for v2016.11.4
22:04 glyf rylnd: oh, great stuff, thanks. I'm hoping some recent fixes will be included (https://github.com/saltstack/salt/issues/39751 has been giving me problems)
22:04 saltstackbot [#39751][MERGED] archive.extracted is broken for HTTP sources | Description of Issue/Question...
22:04 aneeshusa joined #salt
22:05 onlyanegg joined #salt
22:13 N-Mi_ joined #salt
22:15 khodgson joined #salt
22:15 mpanetta joined #salt
22:15 N-Mi__ joined #salt
22:15 fracklen joined #salt
22:15 mpanetta joined #salt
22:19 Xenophon1 joined #salt
22:21 jas02 joined #salt
22:26 seanz joined #salt
22:27 glyf joined #salt
22:31 Edgan glyf: there is a tag for 2017.5 too
22:33 glyf Edgan: Nitrogen?
22:34 Edgan glyf: unknown, but I like new versions :)
22:34 glyf Edgan: agree, I just hope my states don't break!
22:36 Edgan glyf: for me it is generally 2-3 steps forward and one step back
22:36 Edgan glyf: so still progress
22:42 whytewolf glyf: for the record. there are generally 2 supported releases at any time. currently 2016.3 and 2016.11. so even if nitrogen was released 2016.11.4 would most likely still come out at some point [even if it wasn't already tagged]
22:43 glyf whytewolf: thanks, I'm sure one of those releases will have what I'm looking for. perfect
22:43 johnkeates joined #salt
22:50 rem5 joined #salt
22:50 snc joined #salt
22:56 utahcon_ joined #salt
22:57 utahcon__ joined #salt
22:57 utahcon_1 joined #salt
23:00 khodgson joined #salt
23:02 jas02 joined #salt
23:11 Pyro_ Is there any repo's that I can pull the 2016.11.4 rpm from?
23:12 jas02 joined #salt
23:12 whytewolf it isn't released yet
23:12 Pyro_ I don't want to have to build from source, but need a fix that it contains.
23:12 whytewolf is the fix in a module?
23:14 Pyro_ No, it is a bunch of salt-cloud scripts.
23:14 Pyro_ I tried to cherry-pick a few, but it broke everything.
23:15 whytewolf well 2016.11.4 isn't released yet.
23:15 Pyro_ We are waiting for the salt-cloud templating issues mentioned here:  https://docs.saltstack.com/en/latest/topics/releases/2016.11.4.html#salt-cloud-fixes
23:16 whytewolf hopefully it will be released soon.
23:16 cyteen joined #salt
23:16 whytewolf iirc it has been tagged so some time in the next couple of weeks
23:16 whytewolf maybe days
23:18 antpa joined #salt
23:18 Pyro_ Yeah, I'll keep a watch, or will look at building, windows + salt-cloud has been my personal hell for a while ;)
23:18 whytewolf well if you absolutly can not wait. use the bootstrap script to install it
23:18 whytewolf will install it using git
23:19 whytewolf [no real building involoved it is just python]
23:19 whytewolf https://github.com/saltstack/salt-bootstrap
23:21 WesleyTech joined #salt
23:24 q1x joined #salt
23:28 Brew joined #salt
23:40 nikdatrix joined #salt
23:54 khodgson joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary