Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2017-04-24

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:25 fracklen joined #salt
00:26 hemebond MTecknology: bootstrap from git?
00:26 * MTecknology remembers that this is a thing - https://docs.saltstack.com/en/latest/topics/development/hacking.html
00:29 MTecknology I screwed up my primary salt master, though. I spaced out and started sticking develop on the wrong master.
00:30 MTecknology Now it keeps complaining about no top file found, despite the bit where it should come from git
00:32 MTecknology every other system can run a highstate, but the master's minion can't... grrr
00:33 MTecknology restart fixed it! back to salt hacking! :D
00:57 SadoqueTD joined #salt
01:13 justanotheruser joined #salt
01:15 scoates joined #salt
01:31 sh123124213 joined #salt
01:33 Tanta joined #salt
01:38 SadoqueTD left #salt
01:39 k_sze[work] joined #salt
01:48 ilbot3 joined #salt
01:48 Topic for #salt is now Welcome to #salt! <+> Latest Versions: 2016.3.6, 2016.11.3 <+> Support: https://www.saltstack.com/support/ <+> Logs: http://irclog.perlgeek.de/salt/ <+> Paste: https://gist.github.com/ (please don't multiline paste into channel) <+> See also: #salt-devel, #salt-offtopic <+> Ask with patience as we are volunteers and may not have immediate answers
02:10 zerocoolback joined #salt
02:11 MTecknology :'(   http://dpaste.com/13HQW0W
02:11 MTecknology This says that my patch wasn't perfect on first attempt. :'(
02:12 hemebond lol, shock
02:14 MTecknology hemebond: the bitch of it is that it's been months since I looked at this (over half a year maybe) and I can't remember what I thought anymore. I was pretty high and drunk and didn't have time to test before passing out or after waking up until now..
02:17 MTecknology hemebond: I don't suppose any of this crap makes sense to you, does it?  https://github.com/saltstack/salt/compare/develop...MTecknology:develop
02:18 MTecknology idea being, if safety limit set, if command will be executed on > X minions, then use a batch size of Y.
02:19 cyborg-one joined #salt
02:19 MTecknology I think the problem is that I haven't loaded up all of the data required to run a batch, but I'm not seeing what's missed.
02:24 fracklen joined #salt
02:28 MTecknology hm... I think I found the silly oops.
02:29 mpanetta joined #salt
02:30 MTecknology I think the problem is that the value I think I'm setting is not actually being set so nothing knows what the actual batch size is.
02:30 mpanetta joined #salt
02:45 JPT joined #salt
02:49 MTecknology Is it possible to register a global override for a config before triggering _run_batch()?
02:53 evle joined #salt
03:00 hemebond MTecknology: It does not make sense to me, no. My Salt hacking is very basic :-)
03:04 atree joined #salt
03:18 Tanta joined #salt
03:21 sh123124213 joined #salt
03:27 k_sze[work] joined #salt
03:42 jdipierro joined #salt
03:43 PatrolDoom joined #salt
03:44 PatrolDoom joined #salt
03:46 scoates joined #salt
04:06 * MTecknology screams
04:06 MTecknology So what frigg'n type does batch.opts.batch need to be?!
04:07 hemebond opts or options?
04:08 hemebond Oh, Batch is an object.
04:08 hemebond which has an opts...
04:08 hemebond which has a batch?
04:09 MTecknology yup
04:09 MTecknology opts is a dict
04:11 hemebond Is batch.opts.batch a string perhaps?
04:11 hemebond self.config['batch'] = '100%'
04:13 justan0theruser joined #salt
04:17 MTecknology hemebond: batch.opts is a dict, batch.opt.batch is ... dunno, salt/batch/salt.py : If I pass an int() I get not iterable, if I pass string, I get a more peculiar problem
04:18 MTecknology I've also seen this -               else:           │ValueError: invalid literal for int() with base 10: '2.0'                                                                                                                        │
04:19 Antiarc joined #salt
04:19 hemebond batch looks to want to be a string.
04:19 hemebond if '%' in self.opts['batch']
04:19 hemebond So it wants a percentage.
04:20 MTecknology I tried passing opts.batch as a str and opts.batch-size as int and got that last error
04:20 hemebond Oooh, now I get what 100% means; you can pass a percentage when you run a batch, right? For the number of minions to update at once.
04:20 MTecknology yup
04:20 hemebond I haven't seen a batch-size mentioned.
04:20 MTecknology salt --batch-size=100% is pretty much the same as not specifying it
04:22 MTecknology ooooh......
04:23 MTecknology self.opts.batch == None because the option didn't make it all the way to the class
04:23 Antiarc joined #salt
04:23 hemebond "batch-size" becomes "batch"
04:24 MTecknology this is pretty fucking confusing...
04:30 pipps joined #salt
04:46 antpa joined #salt
04:49 MTecknology hemebond: wanna test my feature?
04:50 hemebond I don't really have a setup to test with, sorry.
04:50 hemebond What is the new feature?
04:50 MTecknology auto batch
04:51 hemebond Auto batch?
04:51 MTecknology you run "salt 'fuz*' foo.bar and if "fuz*" matches more than X minions, it'll run in Y sized batches
04:54 MTecknology no more "oh crap, I just used salt to ddos our infrastructure"
04:58 antpa joined #salt
04:59 antpa joined #salt
05:00 whytewolf pretty sure it will still happen. and people will come in here and people will complain that salt should have stopped them. and we will say it has a feature that if setup correctly for your enviroment would have stopped it. and they will be happy.
05:06 rdas joined #salt
05:06 MTecknology whytewolf: I'm confused by what you said
05:06 whytewolf basicly just tired.
05:07 hemebond Personally I'd probably just write a runner rather than edit Salt itself.
05:07 hemebond Like I did for aws.
05:08 whytewolf there are times you need to break into editing salt to actually change things
05:08 MTecknology hemebond: vs, let's say the option existed so you could magically keep "other" admins from DDoS'ing crap?
05:08 hemebond Couldn't you also use an alias or something?
05:08 hemebond A bash alias?
05:09 MTecknology assuming you're controlling the bash aliases everyone uses globally, sure
05:09 whytewolf or.... fix salt
05:09 hemebond *shrug* Our infrastructure isn't (yet) at that size :-)
05:10 antpa joined #salt
05:10 MTecknology I was only managing 500 system by myself when I started running into the problem.. because most minions were connected via T1
05:10 hemebond They were saturating the bandwidth?
05:10 MTecknology obliterating it
05:10 hemebond Continually or only when doing something?
05:11 MTecknology whenever I accidentally ran salt '*' <anything>
05:11 MTecknology except test.ping, that was fine
05:12 MTecknology If I ever ran "salt '*' state.highstate" accidentally, dear god... have mercy on my soul and jaugernuts
05:16 MTecknology hemebond: a T1 is 1.5/1.5 mbit, and that's correctly bit, not byte. Trying to keep lots and lots of data in sync over that pipe when *EVERYTHING* runs over that pipe is tough. Even harder is making sure you don't suffucate all traffic. That's why I created that bug in the first place... in 2014. Now I finally found time and motivation to make it exist.
05:16 MTecknology I lost motivation in the past because thatch45 hopped on and got in a debugging session with me.
05:17 MTecknology (managed to fix other bugs and make this original goal less needed)
05:17 antpa joined #salt
05:19 hemebond So batch works with any/most commands, yeah?
05:19 whytewolf batch happens pre-targetting so yes
05:20 MTecknology I'm not aware of any time that it doesn't work
05:22 MTecknology there we go... http://dpaste.com/22XWPXF
05:23 MTecknology without --batch or --batch-size specified, a batch execution was triggered because the target (6) would have matched more than batch-safe-limit (5) minions so a batch size of batch-safe-size (2) was set for that run.
05:24 whytewolf so what about config file options?
05:24 MTecknology already magically taken care of
05:24 whytewolf yay
05:25 * whytewolf passes out
05:25 preludedrew joined #salt
05:25 MTecknology The way salt handles options is very peculiar, but once you get it, I expect it's quite intelligent.
05:27 MTecknology at least... I /think/ it magically becomes a config option the way I did it because that's absolutely the intention.
05:30 MTecknology whytewolf: awe... you might be right. It might not be magically working like I expected. :(
05:33 MTecknology nope, I just used - instead of _
05:35 MTecknology Woohoo!!! PR READY!!!!!
05:35 MTecknology hemebond: you sure you don't wanna test the feature?
05:36 hemebond Sorry I don
05:36 hemebond don't have the setup to play with different Salt versions.
05:36 MTecknology https://github.com/saltstack/salt/issues/19054#issuecomment-296527076 <-- :D
05:36 saltstackbot [#19054][OPEN] Set Default Batch Size | It would be lovely if I could set, in a config file, a batch size that is used when a command will go out to too many minions....
05:40 xet7 joined #salt
05:48 cyteen joined #salt
06:00 do3meli joined #salt
06:00 do3meli left #salt
06:27 Ricardo1000 joined #salt
06:30 yuhl______ joined #salt
06:42 colttt joined #salt
06:51 golodhrim|work joined #salt
06:54 armyriad joined #salt
07:19 antpa joined #salt
07:22 aldevar joined #salt
07:23 jas02 joined #salt
07:29 darioleidi joined #salt
07:33 o1e9 joined #salt
07:37 pbandark joined #salt
07:44 jdipierro joined #salt
07:48 pbandark hi.. in one of the existing salt setup I can see below line in one sls file: "{% set postdata = data.get('post', {}) %}" can anyone tell me what does it mean ?
07:48 candyman88 joined #salt
07:49 hemebond pbandark: It's Jinja (Python). It's just fetching a value from a dictionary and returns an empty dictionary if the value is missing.
07:49 DanniZqo joined #salt
07:49 pbandark hemebond:  dictonary for key "post" ?
07:50 netcho joined #salt
07:50 netcho joined #salt
07:50 MTecknology https://www.tutorialspoint.com/python/dictionary_get.htm
07:50 MTecknology ^- .get()
07:50 pbandark checking
07:50 MTecknology checking()  *
07:51 MTecknology self.check()  ?
07:51 hemebond link.check()
07:51 pbandark :)
07:51 MTecknology self.check(link)?
07:51 hemebond txt = link.fetch() self.read(txt)
07:52 candyman89 joined #salt
07:52 MTecknology k.. that works
07:52 pbandark thanks hemebond MTecknology
07:52 MTecknology heheh... /me is a last name
07:53 MTecknology pbandark: what's the next question? That one was fun.
07:54 pbandark ha ha.  wll ping you if I come across :)
07:54 MTecknology I don't think I'll be able to sleep until jenkin's finishes telling me my shit smells like candy and green check marks.
07:56 ronnix joined #salt
07:59 fracklen joined #salt
07:59 nikdatrix joined #salt
08:00 mikecmpbll joined #salt
08:08 impi joined #salt
08:12 s_kunk joined #salt
08:12 s_kunk joined #salt
08:14 geomacy joined #salt
08:15 q1x joined #salt
08:16 Mattch joined #salt
08:18 Rumbles joined #salt
08:22 MTecknology What the crap is it that's failing?! https://github.com/saltstack/salt/pull/40843#pullrequestreview-34213531
08:22 saltstackbot [#40843][OPEN] Adding safe batch sizes; automatically switch to batch mode if >X min… | …ions are targeted....
08:22 MTecknology pbandark: HALP!!!!!1!!
08:27 jhauser joined #salt
08:33 bdrung_work joined #salt
08:42 sh123124213 joined #salt
08:44 jas02 Hello, is there some state, that has similar functionality like Ansible URI module? I want to send http(s) request and receive response. I'd like to be able define header and body of request. I need to communicate with API using JSON and don't want to use cmd.run's curl command.
08:45 hemebond jas02: https://docs.saltstack.com/en/latest/ref/states/all/salt.states.http.html ?
08:53 raqua joined #salt
08:57 rdas joined #salt
08:58 pbandark MTecknology: /me has just started to get sync with python  :)
09:02 yidhra joined #salt
09:02 raqua Hi. I am having an issue to get environments working in salt. Please see my sample project: https://pastebin.com/k8Bd59Bn
09:03 jas02 hemebond: It looks, that it performs just HTTP GET, and not HTTP POST. Or am I wrong?
09:03 raqua what I am trying to achieve is - I have multiple environments running on the same machine. States will be (mostly) the same for all envs, but folders differ. I want to achieve that by having the folders in pillars.
09:04 raqua in my project I created, states are applied correctly according to selected environment, but pillars are always taken from env1, even if I select env2
09:05 raqua I have tried to have the same structure for pillars as I have for states, but this did not work at all
09:09 antpa joined #salt
09:10 yidhra joined #salt
09:13 zulutango joined #salt
09:38 yidhra joined #salt
09:39 yidhra joined #salt
09:44 paant joined #salt
09:46 yidhra joined #salt
09:47 yidhra joined #salt
09:47 Hetman joined #salt
09:48 Hetman Hello any idea why in my jinja this ['grains.get']('nodename')[0] throwing TypeError: 'list' object is not callable ? I don't understand why it's list in first place
09:48 Hetman All what i'm trying to get is that line {% include 'hosts/' + ['grains.get']('nodename')[0] + '.sls' ignore missing %}
09:52 jshm Hetman: You need 'salt' before ['grains.get']
09:52 jshm ['grains.get'] is a list in itself
09:54 rdas joined #salt
09:55 antpa joined #salt
10:01 Hetman ahh thank you
10:05 Hetman I'm assuming I can combine split with grains.get yeah ? {% set hostname = salt['grains.get']('nodename').split('.')[0] %}
10:06 jshm Yup
10:28 yidhra joined #salt
10:32 jas02 joined #salt
10:36 jas02 joined #salt
10:41 jas02 joined #salt
10:42 impi joined #salt
10:44 jas02 joined #salt
10:46 gmoro joined #salt
10:54 jas02 joined #salt
10:55 amcorreia joined #salt
10:58 yidhra joined #salt
10:59 morissette joined #salt
11:07 Trauma joined #salt
11:12 jas02 joined #salt
11:17 jas02 joined #salt
11:32 kbaikov joined #salt
11:35 ronnix joined #salt
11:36 gmoro joined #salt
11:43 netcho joined #salt
11:43 netcho joined #salt
11:51 pbandark how to run salt only for targets mentioned in top file? if I execute `salt '*' state.highstate`, salt try to reach all minions registered with master. My assumption was, if I am using "state.highstate" then salt will refer top.sls files under "file_root" location and only apply to the targets specified in top file
11:53 raqua I believe these are 2 separate actions, salt first figures out which minions are available and then applies states as configured in top.sls
11:55 pbandark raqua: my end goal is to run salt only for targets mentioned in top files.
11:55 raqua I believe that you have to specify them then
11:56 J0hnSteel joined #salt
11:57 pbandark ok
12:01 misconfig joined #salt
12:06 jdipierro joined #salt
12:07 hemebond The top.sls specifies which minions get which states. If you highstate everything only the minions that actually have states applied will do anything.
12:07 hemebond Though they will all check to see if they should apply something.
12:09 antpa joined #salt
12:09 numkem joined #salt
12:14 edrocks joined #salt
12:18 antpa joined #salt
12:26 numkem joined #salt
12:28 jas02 How can I run multi line cmd.run with parameters? I am receiving (yaml) error: could not found expected ':'; line 10. Code listing: https://gist.github.com/jas02/70dd74965ed47bc54e9fcfa1ce5aa471. How to run curl successfully?
12:30 hemebond jas02: I think your "curl" line needs to be indented a little more.
12:30 hemebond Paste the YAML into http://yaml-online-parser.appspot.com/ and see,.
12:30 toastedpenguin joined #salt
12:31 KennethWilke joined #salt
12:31 jas02 hemebond: Many thanks! It works
12:35 yidhra_ joined #salt
12:39 zerocoolback joined #salt
12:43 zerocool_ joined #salt
12:51 Praematura joined #salt
13:00 tapoxi joined #salt
13:01 jas02 How can I set the output of following (cmd.run) state to a variable, or save to the file?  https://gist.github.com/jas02/70dd74965ed47bc54e9fcfa1ce5aa471
13:01 jas02 I need to parse it and use some of output content later in the code.
13:14 nikdatrix joined #salt
13:14 Xenophon1 joined #salt
13:17 ssplatt joined #salt
13:17 XenophonF joined #salt
13:23 dyasny joined #salt
13:24 mdpolaris joined #salt
13:28 mdpolaris morning all. I was looking into configuring the publisher_acl and it appears that user groups are not supported like they are in the external_auth system. Is that correct?
13:29 Xenophon1 joined #salt
13:30 racooper joined #salt
13:32 jdipierro joined #salt
13:38 tapoxi joined #salt
13:44 Tanta joined #salt
13:55 PatrolDoom joined #salt
13:55 bdobbs joined #salt
14:02 sh123124213 joined #salt
14:02 LondonAppDev joined #salt
14:07 tercenya joined #salt
14:26 Guest78718 joined #salt
14:27 Guest78718 hello. would anyone know the difference between using refresh_pillar and sync_pillar?
14:27 Tanta refresh = local, sync = remote
14:28 twork_ i seem to be misunderstanding something.  sez here, "cron.absent" is supposed to verify that the job is absent.  i have a couple of cron jobs i need to remove, so i kept their states as-is, but replaced "cron.present" with "cron.absent", and replaced the rest of the content with "- name: [name as it was before]".
14:28 Guest78718 does that mean i should run sync if im on a master, but refresh when using salt-call?
14:28 twork_ highstate says the state is absent, but the cron job is staying as it was in the minion's list.
14:29 Tanta I dunno Guest78718, I don't run a master
14:29 Sketch i think it means refresh refreshes the minion, sync syncs the master
14:30 mpanetta joined #salt
14:30 Guest78718 what would the master be synching to?
14:30 Guest78718 update pillar_roots?
14:31 Guest78718 err.. changes in the pillars on file?
14:32 mpanetta joined #salt
14:34 hasues joined #salt
14:35 hasues left #salt
14:38 mugundan joined #salt
14:41 Mattch joined #salt
14:47 twork_ ha ha!  never mind my cron question.  the answer is: 'test=True' doesn't appear to verify cron jobs.  after the "shrug-and-push", all is well.
14:49 gmoro joined #salt
14:52 bakins joined #salt
14:58 zerocoolback joined #salt
14:59 heaje joined #salt
15:02 fracklen joined #salt
15:07 tapoxi joined #salt
15:08 jas02 joined #salt
15:08 aneeshusa joined #salt
15:09 spicyJalepeno joined #salt
15:15 hasues joined #salt
15:37 greyeax joined #salt
15:40 sp0097 joined #salt
15:47 sarcasticadmin joined #salt
15:52 tapoxi joined #salt
15:53 tapoxi hi all, has 2016.11.4 been released?
15:56 dezertol joined #salt
16:00 ahrs joined #salt
16:04 gtmanfred no
16:04 gtmanfred /topic
16:04 gtmanfred hopeing for today though
16:05 pbandark in my sls file, something wrong with "grains.filter_by". its failing with "filter_by merge argument must be a dictionary". can anyone help me to pointout the issue?
16:05 pbandark https://paste.fedoraproject.org/paste/ZjQwEfF4UX0BTOrOHnTJLl5M1UNdIGYhyRLivL9gydE=
16:06 gtmanfred pbandark: does salt \* pillar.get tomcat_defaults return a dictionary?
16:06 evle1 joined #salt
16:09 pipps joined #salt
16:10 whytewolf or, does it even exist?
16:10 gtmanfred that too
16:12 pipps99 joined #salt
16:13 pipps99 joined #salt
16:14 pbandark whytewolf, gtmanfred: i have defiened external pillar "tomcat_defaults"(tomcat.yml from https://paste.fedoraproject.org/paste/ZjQwEfF4UX0BTOrOHnTJLl5M1UNdIGYhyRLivL9gydE= ).   with "merge=salt['pillar.get']('tomcat_defaults'))" I am expecting it would fetch all values from external pillar
16:14 pbandark is my understanding is wrong ?
16:14 whytewolf that looks like a list not a dict
16:15 DoomPatrol joined #salt
16:19 pbandark got you. thanks
16:20 tapoxi joined #salt
16:21 Praematura joined #salt
16:23 woodtablet joined #salt
16:23 fxhp joined #salt
16:28 impi joined #salt
16:32 muep joined #salt
16:34 pipps joined #salt
16:35 tercenya joined #salt
16:36 aldevar left #salt
16:37 pipps joined #salt
16:40 spicyJalepeno in a state, is it possible to do an event.send that either executes or not based on  the stdout from a cmd.script?
16:41 spicyJalepeno i wasn't sure if any of the other requisite functions worked for this or not
16:41 gmoro joined #salt
16:42 whytewolf spicyJalepeno: no. there is no requisites that take the output of another state. they only take the status. [fail, change, success]
16:43 jwhittle joined #salt
16:44 whytewolf although i do believe there is an event field that can be included in cmd.scrpit. however i do not know what info it sends back
16:45 whytewolf https://docs.saltstack.com/en/latest/ref/states/requisites.html#fire-event-notifications
16:51 DoomPatrol joined #salt
16:54 jdipierro joined #salt
16:54 spicyJalepeno ok, thanks, i will keep playing around with this
16:55 jdipierro joined #salt
16:55 tyler-baker joined #salt
16:57 tkojames joined #salt
17:01 pbandark is it possible create directories recursively if parent dir is absent? similar to what we can do using `mkdir -p /root/a/b/c/d`. i dont see option in `file.directory` state function
17:02 gmoro joined #salt
17:07 spicyJalepeno pbandark: i think you want makedirs: true
17:08 spicyJalepeno makedirs If the directory is located in a path without a parent directory, then the state will fail. If makedirs is set to True, then the parent directories will be created to facilitate the creation of the named file.
17:08 PatrolDoom joined #salt
17:09 pbandark ok. let me check
17:13 Guest73 joined #salt
17:14 spicyJalepeno whytewolf: thanks for the advice, i just changed my cmd.script to either exit 0 or exit 1 and use onfail requisite to send the event or not
17:14 whytewolf kewl
17:19 censorshipwreck joined #salt
17:22 dyasny joined #salt
17:23 pipps joined #salt
17:25 cscf Anyone know a good way to file.manage the same template down to many files, with each using a different element of a Pillar list?
17:26 Tanta loop
17:26 whytewolf jinja loop
17:26 Tanta loop + if/elif/endif
17:26 Tanta that's the easiest way
17:26 cscf Tanta, I know I can jinja loop a bunch of file.manage states with contents: but the file is a bit big for that
17:27 Tanta store the contents in pillar and use source_pillar then
17:27 Tanta how does that stop the solution
17:27 cscf If I want to reference a salt://source how can I get it to use a different element?
17:27 whytewolf cscf: the file being big has nothing to do with the state file
17:27 cscf whytewolf, I meant it's big enough that I want to use source: instead of contents:
17:28 whytewolf cscf: so, put the source in your pillar list
17:28 cscf whytewolf, the contents of it?
17:28 ry joined #salt
17:28 mdpolaris I was looking into configuring the publisher_acl and it appears that user groups are not supported like they are in the external_auth system. Is that correct?
17:28 whytewolf cscf: no, the string that would go in source
17:29 cscf whytewolf, but that refers to a file, I'm trying not to have many copies of the file in the state
17:29 whytewolf huh
17:30 whytewolf you want your cake and eat it too?
17:30 cscf I have a single file template, I want to file.manage it down with a foreach loop into a directory, with each file filling in a different set of pillar vars
17:30 cscf I could do that if I use contents:, I know
17:31 pbandark thanks spicyJalepeno
17:31 whytewolf if you have a template contents isn't what you want
17:31 whytewolf you want context
17:31 whytewolf or defaults
17:31 cscf context?
17:32 pbandark salt++ very active channel..  :)
17:32 whytewolf context = a bunch of settings that get passed to a file.template to be used in jinja
17:33 cscf whytewolf, that sounds like what I need
17:33 cyborg-one joined #salt
17:33 cmarzullo https://gist.github.com/cmarzullo/f13221e6dac191ef86d7d35564ac1b3e
17:33 cmarzullo cscf: I template out my states like ^^ so I can have any number of templates.
17:34 gmoro joined #salt
17:34 cscf cmarzullo, I've never seen data: before
17:34 whytewolf cmarzullo: I perfer context/defaults to data just as a just in case
17:35 cmarzullo whytewolf: yeah I do that sometimes also.
17:35 cscf So I can pass to template which list element it's at?>
17:35 whytewolf cscf: lots of ways to input extra stuff into a file
17:35 cmarzullo cscf: the data could be anything. It just gets passed into the template
17:35 cscf cmarzullo, accessible as what? '{{ data }}' ?
17:36 whytewolf cscf: data gets put int the data variable. context/defaults come in as themselves
17:36 cmarzullo updated the gist with the template
17:37 cmarzullo but yes as {{data}}
17:37 cscf cmarzullo, so what is the import statement needed for?
17:38 whytewolf cscf: he is importing other data as well
17:38 cmarzullo it's not needed. Probably just left over. For me, the why pass in the value vs the import?
17:38 cmarzullo Cause timetimes pillar can be huge so navigating to just the piece I care about creates a lot of jinja in the file. Sometimes I don't lke that.
17:40 whytewolf cscf: using context is shown here https://docs.saltstack.com/en/latest/topics/jinja/index.html#jinja-in-files
17:41 Edgan joined #salt
17:41 cscf whytewolf, thanks
17:42 whytewolf it strips away the jinja part of the state. but cmarzullo shows basicly how to do that part
17:45 muxdaemon joined #salt
17:47 djgerm Hello! Is there a clear example on how one uses https://docs.saltstack.com/en/latest/ref/output/all/salt.output.txt.html ?
17:50 whytewolf salt '*' --out=txt state.apply
17:50 whytewolf ?
17:53 djgerm OIC.
17:53 whytewolf or more to the point salt --out=txt '*' cmd.run 'echo test'
17:53 whytewolf since it is meant to show what cmd.* does
17:54 Aikar joined #salt
17:54 aphor joined #salt
17:55 hemphill joined #salt
17:57 wendall911 joined #salt
17:58 smcquay joined #salt
18:03 undergroundinosa joined #salt
18:03 tercenya joined #salt
18:04 MajObviousman this might be a salt anti-pattern, buuuut ... can I set up a pillar rule to match all minions which don't have a pillar item of X?
18:04 MajObviousman a pillar matcher, I mean
18:07 cscf MajObviousman, I'm no expert, but you could set a default value in '*', then match on that
18:08 whytewolf MajObviousman: you mean pillar target? such as 'not I@pillar:value' match - compound
18:08 undergroundinosa left #salt
18:09 cscf But he wants 'not x is defined' rather than 'x != y'
18:09 whytewolf yeah. there is no defined
18:10 cscf So, assign var: 'not set' in '*', then match on that?
18:10 whytewolf i guess you could do something like 'not J@pillar:.*'
18:10 cscf So long as you aren't using the same var elsewhere
18:10 cscf oh, you can regex there?
18:10 cscf Neat
18:10 whytewolf J is pillar PCRE
18:11 whytewolf P is grains PCRE
18:11 whytewolf and E is minion ID PCRE
18:11 whytewolf three over looked options in compound matching
18:11 Praematura joined #salt
18:11 woodtablet https://docs.saltstack.com/en/latest/topics/targeting/compound.html
18:12 MajObviousman whytewolf: I mean in the top.sls
18:12 MajObviousman gisting an example:
18:13 whytewolf MajObviousman: depends. are we talking pillar top.sls or state top.sls
18:13 whytewolf if pillar. the answer is no
18:13 MajObviousman pillar top.sls
18:13 whytewolf if state then see above
18:13 MajObviousman I didn't think so
18:14 juntalis joined #salt
18:14 muxdaemon joined #salt
18:15 whytewolf yeah, checking for the existence of something before it is defined. just doens't work
18:15 MajObviousman https://gist.github.com/anonymous/74393539ba59ae59d68aa7deb9a91212
18:15 fracklen joined #salt
18:15 MajObviousman well, if it's processing in order, depth-first, then it could work
18:16 whytewolf it doesn't have any depth to it. it processes the top file. then processes the sls files. then says all is good
18:16 MajObviousman mine has depth, as I'm doing includes
18:16 MajObviousman but that's neither here nor there. You've answered the question I had
18:17 whytewolf yeah. the includes happen at the same time as the sls files.
18:17 whytewolf so that isn't depth either
18:18 whytewolf basicly top.sls jinja -> top.sls -> sls file jinja -> sls files
18:19 dyasny joined #salt
18:19 whytewolf the only way to match pillars is if you use an external pillar. and have externals does before standard
18:19 whytewolf and you can only match on those
18:21 onlyanegg joined #salt
18:23 pipps joined #salt
18:24 nixjdm joined #salt
18:27 nikdatrix joined #salt
18:28 TinaC joined #salt
18:29 aphor joined #salt
18:31 spicyJalepeno is there a way to use cmd.script without it reporting changes, it seems like even if stderr or stdout from the script is null with exit 0 salt still sees it as changes. is that correct?
18:31 bossalt joined #salt
18:32 MajObviousman whytewolf: thanks. I've been looking for a reason to invest in external pillars, looks like this is it
18:33 whytewolf spicyJalepeno: no because running the name script is a change
18:34 whytewolf you can have it not run the script and tag it as not a change using onlyif or/and unless
18:34 spicyJalepeno ok cool, thank yu
18:36 nickabbey joined #salt
18:37 s_kunk joined #salt
18:38 Trauma joined #salt
18:40 greyeax joined #salt
18:49 muxdaemon joined #salt
18:52 greyeax joined #salt
18:52 PatrolDoom MajObviousman: what you looking at for a backend?
18:52 MajObviousman don't know yet
18:53 PatrolDoom well be mindful of git envs... finally experienced some cray w/ it last week, (then again im on ancient version...)
18:53 MajObviousman probably toss up a separate git repo, but I do want to get foreman installed and I recall reading somewhere that you can use that as an external pillar
18:53 PatrolDoom idk how well the integration is w/ foreman,
18:53 PatrolDoom wasn't great last i looked about a year or so ago
18:54 MajObviousman I doubt foreman is working much on it, since RH purchased ansible
18:57 Taz joined #salt
18:59 Taz hey guys, anyone have experience with using salt-clouds create events? When i run my reactor using data['name'] it says: SaltRenderError: Jinja variable 'dict object' has no attribute 'name'. Is it called something different now?
19:01 PatrolDoom joined #salt
19:02 Taz The event looks like this https://pastebin.com/Y3XXkBpx and my reactor looks like this: https://pastebin.com/9kAhNwxz
19:09 pipps joined #salt
19:10 ChubYann joined #salt
19:12 gmoro_ joined #salt
19:18 numkem joined #salt
19:28 netcho joined #salt
19:28 netcho joined #salt
19:36 Topic for #salt is now Welcome to #salt! <+> Latest Versions: 2016.3.6, 2016.11.4 <+> Support: https://www.saltstack.com/support/ <+> Logs: http://irclog.perlgeek.de/salt/ <+> Paste: https://gist.github.com/ (please don't multiline paste into channel) <+> See also: #salt-devel, #salt-offtopic <+> Ask with patience as we are volunteers and may not have immediate answers
19:39 N-Mi__ joined #salt
19:40 Taz update just went through on the centos repos, ill try updating and see if i still have the same issue
19:44 pipps joined #salt
19:48 edrocks joined #salt
19:53 Taz same issue after update :(
19:53 netcho joined #salt
19:53 netcho joined #salt
19:56 pipps joined #salt
19:56 gtmanfred check out salt-run state.event pretty=TRue
19:56 gtmanfred Ture
19:56 gtmanfred bah
19:56 gtmanfred True
19:57 gtmanfred and know that that whole dictionary is data
19:57 gtmanfred so the cloud event may be data['data']['name']
20:00 pbandark from state file, i want to check if provided http url is present or not. can i achieve it with http.query state function ? i am unable to find examples hence want to check if there is any simple way?
20:00 gtmanfred if the url returns a non error code?
20:00 gtmanfred or if the file at the end of the url is on the system?
20:01 pipps joined #salt
20:01 gtmanfred first one you can do with an http query state, second one you can do with a file.managed
20:01 pbandark gtmanfred: how i can confirm if url returns non error code ?
20:02 gtmanfred use an http.query state and specify the status that you expect
20:02 gtmanfred if you get a different status, then it will return false iirc
20:03 Taz gtmanfred: yea the first pastbine is the output from pretty=True, ive tried data.name data['name'] and data['data']['name']
20:03 toastedpenguin anyone setup a reactor for AWS SQS and used conditional statements to target data within the sqs event data dictionary?
20:03 gtmanfred please don't use pastebin.com
20:03 gtmanfred it uses flash for ads, and is blocked at many work places
20:03 Taz sorry gtmanfred ill do gist
20:04 gtmanfred toastedpenguin: you would have to put the conditional data in the reactor file, but yes people do that
20:04 londo joined #salt
20:04 gtmanfred toastedpenguin: https://groups.google.com/forum/#!searchin/salt-users/aws$20sqs%7Csort:relevance/salt-users/eQOKC84XmPc/6sv-zv-RAQAJ
20:07 toastedpenguin gtmanfred: figured out I needed to put it in the reactor file, couldn't get the conditional data to match what I was looking to target, that link just answered why it wad failing...I needed to target "bucket":{"name":"thebucketsname",... I see why now
20:07 toastedpenguin thx for the link
20:08 gtmanfred no problem :)
20:08 pbandark gtmanfred: if http status is 200 then I am expecting state file should exit with "succeeds: 1". but for me it exit with failure:   https://paste.fedoraproject.org/paste/-O4M3BPsnjbdLofhcT1vql5M1UNdIGYhyRLivL9gydE=
20:08 toastedpenguin BTW, guess salt since 2016.3 there is support for multiple SQS
20:09 sh123124213 joined #salt
20:10 whytewolf pbandark: you sure you are getting a 200? and not say a 304
20:10 toastedpenguin was told salt only supported a single AWS sqs queue
20:10 gtmanfred pbandark:don't quote 200
20:10 gtmanfred it should be an int
20:11 pbandark ahh. me--
20:11 pbandark thanks whytewolf gtmanfred
20:11 pbandark whytewolf: its 200
20:12 whytewolf okay, just saying 200 is not the only success code for http
20:12 gtmanfred sure, but that is the one he expects for that link
20:13 gtmanfred pbandark: i am going to update that doc
20:13 gtmanfred cause it is wrong
20:13 pbandark gtmanfred: which one
20:13 Praematura joined #salt
20:14 gtmanfred https://docs.saltstack.com/en/latest/ref/states/all/salt.states.http.html#salt.states.http.query
20:14 gtmanfred the one there that shows it being '200'
20:15 gtmanfred https://github.com/saltstack/salt/pull/40862
20:15 saltstackbot [#40862][OPEN] status should be an int | What does this PR do?...
20:16 pbandark ok.
20:16 pbandark right. it should be int
20:17 gtmanfred yar
20:19 Splix76 joined #salt
20:19 Rumbles joined #salt
20:19 aneeshusa joined #salt
20:20 jhauser_ joined #salt
20:20 monokrome joined #salt
20:21 rem5 joined #salt
20:22 rem5 joined #salt
20:22 jdipierro joined #salt
20:23 rem5 joined #salt
20:23 rem5 joined #salt
20:25 rem5 joined #salt
20:27 Taz i figured out my issue, i just cant type
20:28 sh123124213 gtmanfred: would somebody be able to spoof minion id when you run event.fire_master {'b':'a'} tag ?
20:28 gtmanfred yes
20:28 gtmanfred they can specify any tag
20:29 gtmanfred but iirc the event.send includes the minion_id who sent the job in the payload? maybe?
20:29 pbandark gtmanfred: in state file how I can capture http status code returned by url ?
20:29 rhand joined #salt
20:30 gtmanfred you would need to use jinja
20:30 pbandark i want to include another sls file only if http status code is 200
20:30 gtmanfred oh
20:30 gtmanfred then just use requires
20:30 gtmanfred if you require the http.query to pass,then if it doesn't get a 200, it will fail and return false, and it won't run the state that requires it
20:31 pbandark ok
20:31 gtmanfred sh123124213: the event.fire_master does include the id in the payload, so match the minion id in the tag, then check the minion id in the payload too
20:31 gtmanfred check the minion id in the reactor file
20:31 gtmanfred oh, he left
20:34 wangofett does anyone have a good solution for checking if a command does(n't) produce output?
20:35 wangofett in particular I want to run `restorecon -Rv /my/path` but only if `restorecon -n -Rv /my/path` produces output. I've checked, and no, the exit status isn't 0 or 1 :(
20:37 geomacy joined #salt
20:39 renoirb joined #salt
20:42 sarcasticadmin joined #salt
20:44 monokrome joined #salt
20:49 sh123124213 joined #salt
20:49 Taz any advice for deleteing a minion from dns when its destroyed via salt-cloud? Seems like i can do something with the destroying destroying event, but I would need to query for the ip of the minion before its destroyed somehow
20:49 lorengordon wangofett: try testing the output for a non-empty value... `test -z "$(restorecon -n -Rv /my/path)"` should exit 1 if the output is not empty
20:49 lorengordon flip the logic with `-n`
20:50 hasues left #salt
20:53 wangofett +1
20:53 wangofett I just discovered that solution myself
20:53 Trauma joined #salt
21:01 sh123124213 joined #salt
21:04 pipps joined #salt
21:04 CampusD joined #salt
21:05 mdpolaris @Taz: I have an orch state for decom, that runs a few cleanup steps prior to the salt-cloud delete using the salt-cloud runner
21:07 _JZ_ joined #salt
21:08 mdpolaris you might also be able to use mines if you create a reactor based on the destroy event, however i like the orch method better since I can use requisites to make sure the cleanup is successful prior to trashing the instance
21:09 sh123124213 is there any way to delete saved jids in the minion ?
21:10 gtmanfred rm the directory
21:10 gtmanfred other than that, i do not believe so
21:13 Tanta joined #salt
21:15 onlyanegg joined #salt
21:17 Taz mdpolaris: thanks ill look into it
21:18 mdpolaris Is it possible to use publisher_acl with groups? I see the documentation for external_auth includes groups, however it looks like this is not true for publisher_acl
21:19 mdpolaris @Taz: have you used orch before? The syntax is a bit different and can cause some confusion. I can share some of my orch state if you like
21:20 cyborg-one joined #salt
21:22 gtmanfred mdpolaris: i do not believe you can use groups with publisher_acl
21:23 Taz mdpolaris: a little, ive never used them to call salt-cloud
21:25 Taz mdpolaris: an simple example would be great :D
21:26 mdpolaris gtmanfred: thanks, that is what I thought from my investigation, I appreciate the confirmation. BTW, you helped me a few weeks back with saltutil.runner and master -> syndic orch delegation. It is working very well, except for a strange issue with the GPG renderer. GPG pillars render fine on the syndic when called locally, however when using saltutil.runner the gpg_keydir is missing from __opts__ and the pillar fails to render. My
21:26 mdpolaris guess is this is due to the minion initiating the call and since the gpg_keydir is not part of the minion config, at least not in the same manner as the master, the __opts__ is inherited from the minion.
21:27 sarcasticadmin joined #salt
21:30 druonysus_ joined #salt
21:31 MTecknology gtmanfred: Dunno if you've seen PR #40857 yet, but I'm pretty excited! It only took me two and a half years to get around to it.
21:31 MTecknology awe.. not parsed?  https://github.com/saltstack/salt/pull/40857
21:31 saltstackbot [#40857][OPEN] New feature: automatic job batching | This commit creates a new feature that provides automatic batching of...
21:31 gtmanfred dope!
21:32 mdpolaris @Taz: here is about half of my file, cleaned up a bit of course: https://pastebin.com/JGnAq8A7
21:32 mdpolaris I have a couple different types of calls so I left an example of each. runner, state and execution module
21:32 gtmanfred mdpolaris: that sounds like a reasonable assumption
21:33 mdpolaris Taz: I also have a concept of a secure_minion which has the IAM role to run sensitive actions. That’s what that is all about when you see it in there
21:35 Taz thanks mdpolaris :D
21:35 scoates joined #salt
21:36 Taz mdpolaris: do you have an example of where you delete an instance?
21:36 mdpolaris gtmanfred: should I open an issue for this? I tried setting the gpg_keydir in the pillar, minion config and explicitly setting it in the master config. The only this I could do to get it to work was edit the gpg rendered to add a default path to the config.get call. Also, I tried to use a dynamic module for the GPG renderer but that was also not being used during the saltutil.runner call.
21:37 mdpolaris @Taz: yup, sorry about that! I forgot you asked about decom. :)
21:37 gtmanfred yeah, please open an issue about it
21:39 fracklen joined #salt
21:39 Taz orchestration def seems more organized then what i was trying to do
21:40 Rumbles joined #salt
21:41 mdpolaris https://pastebin.com/Z3B2TqPn
21:41 mdpolaris that is the whole thing, much smaller than provisioning orch
21:42 mdpolaris gtmanfred: will do, thanks
21:42 onlyanegg This article - https://www.lutro.me/posts/dangers-of-targetting-grains-in-salt - talks about the dangers of targetting using grains, which I've heard before, then goes on to recommend using minion id or hostname. Doesn't that have the same security implications? An attacker could just as easily change the hostname as he could change the grains.
21:44 whytewolf onlyanegg: i wouldn't say hostname unless they mean the minion id is the hostname. but the minion id is the item that should be used for pillar targetting because of that. as while you can change anything. rebranding the minion id. takes a lot more effort as that is what the pki key is linked to.
21:45 tercenya joined #salt
21:45 whytewolf you pretty much already have to have access to the master to get the key
21:45 onlyanegg oh, got it. So changing the minion id would mean reauthenticating to the master.
21:45 whytewolf and if you have access to the master. the grains thing really doens't matter at that point
21:46 whytewolf yeah
21:46 onlyanegg cool, thx
21:46 Taz mdpolaris: thanks! what is salt['config.get']('decom_instance_name')  doing?
21:46 mdpolaris I tried a whole bunch of things, including reactors and quickly learned why the docs say reactors should be simple. My advice when working with reactors, if you have more than 1 action, then the reactor should launch an orch state…don’t try to do anything else with the reactor…you can’t do pillar lookups and the reactor executes all steps without waiting for the first one. if you have more than one action
21:47 mdpolaris are you familiar with config.get at all?
21:47 Taz no im googling xD
21:47 mdpolaris or that syntax really?
21:48 Taz yea ive done some basic orchestration before, im just trying to understand how you are telling which minion to destroy
21:49 mdpolaris ok, so you can access grains in jinja like this grains[‘id’] and pillar[‘pillar_key’], but you can also use the internal salt functions
21:49 mdpolaris so salt[‘config.get’] is using the config.get call, which is available on the CLI, that search all sources of data, pillar, grains, SDB..etc
21:50 mdpolaris somewhere in the docs I saw that was the recommended method, so i just switched to it early and stuck with it
21:50 debian112 joined #salt
21:50 mdpolaris at the bottom of the paste i proivided the call to the runner, in there i pass a few pillar values
21:50 Taz ahh, i thought you do specific calls like salt['grain.get'] or salt['pillar.get']
21:50 mdpolaris one of them is decom_instance_name
21:51 whytewolf https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.config.html#salt.modules.config.get <=- the doc for config.get
21:51 druonysus_ joined #salt
21:51 mdpolaris you can do those as well, but config.get lets you search al in a single call
21:51 mdpolaris kind of nice
21:51 mdpolaris you can also set a default value with that syntax
21:51 Taz ah interesting
21:52 mdpolaris salt['config.get']('decom_instance_name’, ‘DEFAULT_STRING’)
21:52 mdpolaris if decom_instance_name is not set in any of those places, DEFAULT_STRING will be used
21:52 Taz cool never heard of this
21:52 gtmanfred Taz:the config.get documentation lists all of the places it looks, and the order it looks for them in
21:52 mdpolaris it doesn’t have to be a string of course, you can also use any object i suppose
21:53 whytewolf well, to be fair pillar.get and grains.get also allow defaults :P
21:53 Taz thanks everyone, this will def get me started
21:53 sarcasticadmin joined #salt
21:53 mdpolaris :)
21:54 mdpolaris whytewolf: credit where credit is due haha
21:55 mdpolaris I actually did start with pillar.get and grains.get…then got lazy and switched to config.get
21:55 debian112 joined #salt
21:56 mdpolaris and the defaults options for all those is incredible handy, especially when you want to check a key that might not be set…no more jinja compile failures, default to the rescue
21:56 mdpolaris render failure i should say
21:56 Taz looks like i can just pass in things via pillar as like arguments to the orchestration, i'll probably start with that
21:57 whytewolf passing in pillars to orchestration can be tricky. start small and on a test setup first.
21:57 mdpolaris yeah, I haven’t found a better method yet, so from the CLI i do that, if you get into the REST API you can post those values as data
21:58 nikdatrix joined #salt
21:58 mdpolaris is there a more elegant solution to run an orch state from the CLI and target a specific minion?
21:59 whytewolf not really. i wish there was a data concept where we could pass things in with out resorting to building json datagrams
22:00 mdpolaris ok, ideally i am going to do all of this through REST as data, but testing is easier with CLI. :)
22:00 whytewolf yes it is.
22:01 woodtablet anyone know why my decrypted pillar values are stripping carriage returns ? i am using stacks for my external pillar
22:01 pipps joined #salt
22:01 * whytewolf shrugs
22:01 whytewolf no idea on that one woodtablet
22:02 woodtablet bleh, my private keys arent working because of it lol
22:03 Taz ive had a lot of issues with pub/priv keys in pillar
22:03 Taz fighting with spacing and formating
22:04 woodtablet taz: you winning ? lol
22:04 Taz i always win >:)
22:04 whytewolf Taz: well, what he is asking is like three layers deep past spacing issues. lol
22:04 woodtablet i didnt realize it was happening until i deployed it to a real box lol
22:04 woodtablet lol whyte
22:05 Taz yaml can have spacing issues anytime
22:05 Guest73 joined #salt
22:05 MTecknology Taz: are they encrypted?
22:05 woodtablet ohhh
22:05 Taz i used to use gpg pillar but not for a while
22:05 woodtablet i just did this when i encrypted it ! cat $file | gpg
22:06 mdpolaris I have gotten the data passed through from the reactor to the orchestration engine…it definitely takes a few to get your head around that
22:06 woodtablet maybe when i cat it it stripped the lines ?
22:06 Taz i have nothing to contribute, just saying i remember dark days of ssl keys in pillar :p
22:06 Taz and i wish you luck
22:06 whytewolf cat shouldn't strip lines
22:06 MTecknology I sometimes use gpg encryption when I'm having an incredbly hard time with whitespace in pillar.
22:06 woodtablet bah
22:06 whytewolf try hand decrypting it
22:06 woodtablet good idea
22:07 Pyro_ joined #salt
22:08 mdpolaris i had the opposite when using cat. I had a single password to encrypt and putting it in a file and using cat added a CR at the end and when I used it in a cmd.run it was breaking the call because of the newline
22:09 whytewolf mdpolaris: oh those are fun. stripping out that new line is a pain in some editors
22:09 MTecknology don't use cat or echo
22:09 MTecknology use printf
22:10 woodtablet @whyte it has the carriage returns when i decrypt the value back by hand
22:10 mdpolaris awesome, thanks for the tip…file that one away
22:10 whytewolf echo -n I believe
22:10 whytewolf woodtablet: thought so, just making sure
22:10 whytewolf I like crossing i's and dotting t's
22:11 woodtablet it was a good check, i completely forgot to do, thanks
22:11 whytewolf so now, to find where it is stripping the new lines
22:11 Pyro_ Anyone know if/how I can pass a variable into salt-cloud that I can use when creating an instance off of a profile?   I could really use the ability to dynamically set some things.
22:12 woodtablet i wrote a salt-cloud wrapper script
22:12 woodtablet lol
22:12 Pyro_ Yeah, i'm about there as well @woodtablet.  Wish I went with Teraform some days.  Salt-Cloud's templating is horrible.
22:13 woodtablet so, i use terraform for all the aws infrastructure stuff, and salt to deploy nodes into it
22:14 MTecknology Pyro_: I think it's better to write your own bootstrap script anyway, then you actually know what salt in changing on the systems it deployes.
22:14 antpa joined #salt
22:14 londo joined #salt
22:14 antpa joined #salt
22:15 whytewolf well, you could try understanding the saltstack bootstrap script :P it isn't like it is a secret https://github.com/saltstack/salt-bootstrap
22:15 MTecknology and then you can toss around whatever you want, push a yaml file with variables to read from, or... lots and lots of whatever you feel like doing.
22:15 Pyro_ True.  I think I may move to Terraform, and then write my own boot-strapping scripts.
22:15 Praematura joined #salt
22:16 woodtablet hmm.. maybe ill do that do, i having a similar self conflicting issues these days
22:16 MTecknology I wrot my bootstrap script to install/configure openvpn on any cloud-deployed systems, make sure it starts talking to the master, and run a highstate.. or else destroy itself if the highstate can't run.
22:16 MTecknology wrote*
22:16 Pyro_ Sounds good, figured I would ask real quick.  Salt-Cloud feels like a high-school project.   And I keep hoping for more features, and better functionality, but it is time to move on.
22:17 whytewolf well salt-clouds only job is to get the instances built. the rest of salt is to do everything people keep trying to cram into salt-cloud
22:17 candyman88 joined #salt
22:18 MTecknology ^ +1  :)
22:19 Pyro_ Yeah, but single-level extends, inhibits any real templating.  That is something that should exist.
22:20 MTecknology what should salt-cloud be templating?
22:20 MTecknology You can tell it which template should be deployed...
22:20 Pyro_ Subnets, AZ's, etc
22:21 MTecknology so you want cloud.profiles.d/* to be built dynamically using a python script?
22:21 Pyro_ For my environment I have 4 provider configs (for each account), and about 50 profiles due to having to define each subnet and az.
22:22 whytewolf Pyro_: maybe you need to use map files better. as a lot of the things that go into profiles can go in map files.
22:22 Pyro_ Yeah, either build them dynamically, or allow to pass in a variable.
22:22 whytewolf oh so you want to salt the master and use it to say file.managed /etc/salt/cloud*
22:24 Pyro_ I use rundeck to kick-out new instances.  I would love to be able to pass in e.g.  "salt-cloud -p us-west-2 -var az=b"
22:25 Pyro_ Then be able to substitute "az" in the profile.
22:25 Pyro_ That alone would take my set of profile configs to 1/3 the current size.
22:25 Pyro_ Or to pass in the EC2 tags as a variable.
22:27 woodtablet oh i would love that too
22:27 whytewolf pyro, have you looked at state.cloud.present
22:29 Pyro_ I'll take a look at that.  Looks interesting, I haven't seen that before.
22:30 whytewolf been there a long time.
22:30 whytewolf least 2014.x
22:31 Pyro_ Yeah, looks like a good way to create an instance, if you need it the same as another.
22:31 debian112 joined #salt
22:31 whytewolf ... well it is a state. which means you can craft jinja around it
22:35 MTecknology heh, interesting
22:35 MTecknology This is my nice 'n simple bootstrap script (slightly stripped) if anyone is interested - https://gist.github.com/anonymous/177f82d1241d77011182ed7a8d7a2319
22:36 Pyro_ Well thanks for the ideas all.   I have other issues with having to run the highstate a few times due to the grains not being there until the second time around.  I may just use salt-cloud as a super basic provisioning tool.  Then I can tag, bootstrap, and call the highstate with my own scripts.   That or build my own bootstrap script for salt-cloud to use.
22:36 Pyro_ Nice, thanks for the link above.
22:38 Pyro_ Thats a super lean bootstrap, very nice!
22:40 * MTecknology is planning to to eventually deploy an inventory management system and have salt-cloud driven entirely by that thing.
22:40 Pyro_ Let me know what you end up using.  I really need a CMDB of some sort.  Right now I use Amazon's EC2 tags to define roles, etc.
22:41 MTecknology I don't use AWS, to spendy for my blood
22:41 woodtablet whyte: i figured it out... yaml safe loading is protection is stripping the new lines, i am really hackin up the hell out of this
22:42 woodtablet sorry that was garbled. this function yaml.safe_load <-- is stripping the new lines
22:42 woodtablet who needs protection
22:43 MTecknology Pyro_: For enterprise stuff, you might consider D42. I'm only talking about home so I'll end up with something free.
22:43 MTecknology racksomething looked like a good option at one point
22:43 whytewolf rackspace?
22:43 MTecknology nope
22:44 whytewolf ahhh yeah yaml.safe_laod is a pain ... gets mentioned a lot in yaml idiosyncrasies
22:44 whytewolf https://docs.saltstack.com/en/latest/topics/troubleshooting/yaml_idiosyncrasies.html
22:44 MTecknology Racktables
22:44 Pyro_ Yeah, we are pretty embedded with AWS at this point.  Unless we find something with decent GPU's.  Our bill is pretty cheap, not a ton of load.  We are a startup a few years in, so until we are moving beyond the medium sized EC2 instances we don't mind the cost.
22:45 MTecknology I haven't paid a VPS bill in years because I've been rolling on free referral credits and still have >2 years worth of credits remaining..
22:46 MTecknology I only use AWS for Glacier
22:46 whytewolf I have a couple of instances at chunkhost. used to have more by once i decommed the only site i had that had a db backend my costs dropped like a brick
22:46 whytewolf otherwise i have my home openstack setup for fun toys
22:47 whytewolf i use the gce version of glacier like storage. but i am thinking of dropping it soon in favor of the unlimited space i have in gsuite
22:47 MTecknology I use proxmox at home and digital ocean (&others) to extend my home
22:51 t0m0 joined #salt
22:51 whytewolf woodtablet: are you using gpg|jinja|yaml?
22:53 woodtablet whytewolf: yep
22:53 whytewolf using jinja to putput the encrypted pillar?
22:53 woodtablet whytewolf: nah in this case it was just the decryptor portion of the code
22:54 woodtablet whytewolf: i fixed my code, and i see there is a permanent fix in salt-develop
22:54 whytewolf ahhh okay.
22:54 woodtablet whytewolf: as of 2 weeks ago, but i am nervous about trying to slurp that down by hand and manually patching to my version 2016.11.3
22:54 whytewolf i do know that if it was the jinja you could have perhapes used |yaml(false)
22:55 mikecmpbll joined #salt
22:55 whytewolf woodtablet: what file is the fix in?
22:56 woodtablet whytewolf: salt/_pillar/decyrpt.py
22:56 whytewolf that is the fix on develop
22:56 whytewolf ?
22:56 woodtablet ohh
22:57 woodtablet whytewolf: salt/pillar/gpg.py
22:57 woodtablet but that is the real salt package
22:57 woodtablet from salt-develop
22:57 whytewolf ohhh. sweet you might be able to get away with just grabbing that
22:57 whytewolf and putting it in _pillar
22:57 woodtablet really ?
22:57 whytewolf [maybe]
22:57 whytewolf yeap
22:58 woodtablet i looked at the full file, its full of identified magix
22:58 woodtablet well if what i did doesnt fix it, i will grab that file and try it
22:58 woodtablet but for now, it seems to be working
22:58 whytewolf basiclly the _directories are used in preference over the built in stuff
22:59 whytewolf so you can grab any module that is in develop and use it
22:59 whytewolf [cavout being _utils is wonky at times
23:00 whytewolf which was why i was all maybe.
23:00 whytewolf sometimes there is a dependency hell
23:02 edrocks joined #salt
23:07 sarcasticadmin joined #salt
23:08 dev_tea joined #salt
23:09 dezertol joined #salt
23:20 scoates joined #salt
23:29 fxhp joined #salt
23:30 fxhp joined #salt
23:35 monkey joined #salt
23:36 monkey Who here?
23:37 zulutango joined #salt
23:39 gtmanfred hi
23:39 monkey herro
23:39 scoates joined #salt
23:39 monkey How are you?
23:40 gtmanfred doing well, and yourself?
23:40 monkey left #salt
23:40 gtmanfred lol
23:43 whytewolf salty that one
23:43 pipps99 joined #salt
23:43 fracklen joined #salt
23:50 scoates joined #salt
23:59 nikdatrix joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary