Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2017-07-13

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:20 shoemonkey joined #salt
00:28 nixjdm joined #salt
00:36 cyteen joined #salt
00:44 ssplatt joined #salt
00:53 raspado joined #salt
00:56 cgiroua joined #salt
01:08 shoemonkey joined #salt
01:09 edrocks joined #salt
01:11 ssplatt joined #salt
01:13 EmuleKadtorrent joined #salt
01:28 nixjdm joined #salt
01:33 raspado joined #salt
01:47 packeteer joined #salt
01:48 ilbot3 joined #salt
01:48 Topic for #salt is now Welcome to #salt! <+> Latest Versions: 2016.3.6, 2016.11.6 <+> Support: https://www.saltstack.com/support/ <+> Logs: http://irclog.perlgeek.de/salt/ <+> Paste: https://gist.github.com/ <+> See also: #salt-devel, #salt-offtopic <+> We are volunteers and may not have immediate answers <+> The call for speakers for SaltConf17 is now open: http://tinyurl.com/SaltConf17
01:49 englishm_work joined #salt
01:51 shoemonkey joined #salt
01:56 jas02 joined #salt
02:05 dxiri joined #salt
02:11 edrocks joined #salt
02:19 edrocks is there a way to put a comment in a yaml block chomp? Trying to set a command key with lots of flags but potentially some comments
02:19 edrocks `>-` works well without comments but I can't find a way to do multiline flags with comments
02:20 whytewolf you could put them in jinja comments. since the jinja is rendered before yaml
02:20 eichiro joined #salt
02:21 zerocoolback joined #salt
02:25 edrocks whytewolf: Thanks! It works with jinja comments if you add a `-` to remove the whitespace: {#- some comment #}
02:27 nixjdm joined #salt
02:31 packeteer joined #salt
02:35 cyborg-one joined #salt
02:55 evle joined #salt
02:56 mikea joined #salt
03:02 dxiri joined #salt
03:13 hojgaard joined #salt
03:26 hojgaard joined #salt
03:27 nixjdm joined #salt
03:42 druonysus joined #salt
03:42 druonysus joined #salt
03:42 druonysus_ joined #salt
03:45 donmichelangelo joined #salt
03:55 darioleidi joined #salt
04:07 edrocks_ joined #salt
04:22 tobstone joined #salt
04:25 fogus left #salt
04:27 nixjdm joined #salt
04:28 edrocks joined #salt
04:32 edrocks_ joined #salt
04:53 mbuf joined #salt
04:53 edrocks joined #salt
04:53 mbuf How can Salt be used to provision bare metal machines?
04:54 mbuf Is there any formula available that is recommended?
04:54 hoonetorg joined #salt
04:58 auzty joined #salt
04:59 auzty can i set auto accept with global private keys ? so every minion that have tthe private key can auto accept?
05:07 Bock joined #salt
05:11 edrocks joined #salt
05:18 beardedeagle joined #salt
05:24 ecdhe_ joined #salt
05:27 nixjdm joined #salt
05:30 preludedrew joined #salt
05:31 cgiroua joined #salt
05:35 kerrick_ joined #salt
05:40 Lionel_Debroux_ joined #salt
05:48 wlfyit joined #salt
06:01 pualj joined #salt
06:01 cgiroua joined #salt
06:02 fracklen joined #salt
06:03 do3meli joined #salt
06:05 do3meli left #salt
06:05 dxiri joined #salt
06:08 darioleidi joined #salt
06:19 aldevar joined #salt
06:27 ikarpov joined #salt
06:28 nixjdm joined #salt
06:30 fl3sh mbuf: if you need it to provision linux try foreman with salt
06:30 mbuf fl3sh, okay, thanks!
06:33 dxiri joined #salt
06:41 felskrone joined #salt
06:53 TRManderson joined #salt
06:57 gradio_ joined #salt
06:58 ikarpov Sometimes it is convenient to simply create a unique configuration file for a service on particular server. Doing it in the form of a jinja template does not make sense, since it differs greatly from configuration files on other servers and contains no variable parts. Is there a convenient way to "assign" a specific file (eg, nginx.conf) to a particular host, based, for example, on its id?
07:02 TRManderson joined #salt
07:02 LeProvokateur joined #salt
07:06 jas02 joined #salt
07:07 DoomPatrol ikarpov: nginx formlua kinda does that i think?
07:08 DoomPatrol e.g. vhosts are stored in pillars and then rendered
07:10 ikarpov I’ll take a look, thanks!
07:13 usernkey joined #salt
07:13 DoomPatrol indeed
07:14 DoomPatrol ikarpov: https://github.com/saltstack-formulas/nginx-formula - this is the one i'm looking to use soon
07:16 ikarpov DoomPatrol: yes, the same one I’ve found. Thanks again.
07:16 mbuf joined #salt
07:16 Ricardo1000 joined #salt
07:16 DoomPatrol ah cool, hope it works. let me know if it does
07:17 dxiri joined #salt
07:26 kerrick_ joined #salt
07:27 nixjdm joined #salt
07:40 scooby2 joined #salt
07:44 jhauser joined #salt
07:54 TRManderson joined #salt
07:54 Ricardo1000 joined #salt
07:55 edrocks joined #salt
07:55 mikecmpbll joined #salt
08:04 Miouge joined #salt
08:06 dxiri joined #salt
08:13 ronnix joined #salt
08:19 Rumbles joined #salt
08:26 nixjdm joined #salt
08:29 DeuX joined #salt
08:30 Mattch joined #salt
08:34 DeuX good morning afternoon and evening everyone
08:35 DeuX anyone from saltstack enterprise here ?
08:35 ronnix joined #salt
08:37 Ricardo1000 joined #salt
08:43 gradio__ joined #salt
08:46 Naresh joined #salt
08:48 dxiri joined #salt
08:53 felskrone joined #salt
08:56 N-Mi_ joined #salt
09:09 gradio__ left #salt
09:14 dyasny joined #salt
09:24 Jans joined #salt
09:26 Jans Any idea why upgrading the salt minion to a newer version with the /silent switch breaks the program? I am unable to querry the salt minion after doing the upgrade
09:26 sjorge joined #salt
09:27 nixjdm joined #salt
09:27 armin any good way to install missing python pip modules on a freshly provisioned host? i fear that some pip calls will fail when doing that as a post provisioning step from within some salt files.
09:42 xet7 joined #salt
09:48 toanju joined #salt
09:49 wlfyit joined #salt
09:54 pualj joined #salt
10:01 Rumbles joined #salt
10:16 justan0theruser joined #salt
10:17 Kelsar joined #salt
10:19 justanotheruser joined #salt
10:26 nixjdm joined #salt
10:30 Reverend joined #salt
10:30 Reverend hey boys and girls
10:30 Rumbles joined #salt
10:30 Reverend anyone seen this issue before on their minions: https://hastebin.com/vibezivege.m
10:31 Reverend it happens every once in a while were it hangs out box running a highstate and pegs the cpu at 100%
10:33 dxiri joined #salt
10:39 felskrone joined #salt
11:14 jas02 joined #salt
11:22 dxiri joined #salt
11:25 _KaszpiR_ joined #salt
11:27 nixjdm joined #salt
11:30 dubg joined #salt
11:33 fl3sh how can I run powershell script? I need to delopy it on minion?
11:36 smartalek joined #salt
11:41 jas02 joined #salt
11:50 zerocoolback joined #salt
11:55 shoemonkey joined #salt
11:56 tellendil Hey, I would like to add a direct rule to my firewalld configuration (firewall-cmd --direct) but with the current doc (https://docs.saltstack.com/en/latest/ref/states/all/salt.states.firewalld.html) I can't find it. Is this even possile ? Do you know ?
11:59 edrocks joined #salt
12:06 cgiroua joined #salt
12:18 evle joined #salt
12:22 thinkt4nk joined #salt
12:26 nixjdm joined #salt
12:27 Ricardo1000 joined #salt
12:32 ssplatt joined #salt
12:33 ecdhe joined #salt
12:33 notCalle joined #salt
12:33 deep-book-gk_ joined #salt
12:34 deep-book-gk_ left #salt
12:46 edrocks joined #salt
12:49 shoemonkey joined #salt
12:53 cgiroua joined #salt
12:58 newbiesalt joined #salt
13:00 avasiu joined #salt
13:01 dyasny joined #salt
13:05 newbiesalt Hello, could anybody take a look at an issue i have with the apache_site state? When i create a state file like this: https://gist.github.com/anonymous/1e8102408722b5f9537684edfc8bc494 salt responds that state 'apache_site.enabled' was not found, the reason is that it's not available. I have apache2ctl and apache2 installed in the salt minion
13:06 _JZ_ joined #salt
13:07 jdipierro joined #salt
13:13 shoemonkey joined #salt
13:19 fl3sh any dev online?
13:26 nixjdm joined #salt
13:31 DammitJim joined #salt
13:31 edrocks joined #salt
13:32 edrocks is it safe to use `salt.pillar.get()` instead of `salt['pillar.get']()`?
13:36 thinkt4nk joined #salt
13:36 XenophonF joined #salt
13:39 coredumb edrocks: I think it is
13:39 racooper joined #salt
13:39 edrocks coredumb: Thanks! I've been using it for a while but I wanted to double check
13:40 coredumb edrocks: hey don't take anything I say as granted :D
13:40 edrocks lol I've only been using it for *months*
13:40 coredumb but well... if it works for you... you know the saying right ;)
13:41 edrocks I did learn a hard lesson that `pillar.get('somevar')` is very different from `salt.pillar.get` when I started using environments
13:46 do3meli joined #salt
13:46 do3meli left #salt
13:52 fl3sh how should look like my dict if I want to refer to each elements? https://pastebin.com/n3QmBMrj
14:10 absolutejam hm
14:10 absolutejam this is annoying me no
14:10 absolutejam w
14:11 absolutejam https://hastebin.com/kucewizuje.bash
14:11 absolutejam The two cmd.run are just while I'm testing
14:12 absolutejam upgrade_available lists the latest version available
14:12 absolutejam sensu_installed_version shows the installed version
14:12 absolutejam no bother
14:12 absolutejam but pkg.removed keeps trying to uninstall the latest version
14:12 absolutejam eventhough I'm specifying "{{ sensu_installed_version }}"
14:12 edrocks absolutejam: try running `state.show_sls` to make sure it's rendering correctly. you might have newline issues with your cmd.run
14:13 absolutejam the cmd.run are just for testing, so I can see the variable's contents while it's not working
14:13 absolutejam Just to confirm that they have the variables I thought they had
14:13 absolutejam contents*
14:14 absolutejam when I do state.show_sls, it reports version '0.29.0.7' which is {{ sensu_installed_version }]
14:14 absolutejam But it's not actually respecting this value when the state runs
14:18 absolutejam looks like there's an issue on GitHub
14:18 absolutejam >.>
14:27 jschoolcraft joined #salt
14:27 nixjdm joined #salt
14:33 padthai joined #salt
14:36 shoemonkey joined #salt
14:42 mikecmpb_ joined #salt
14:46 Laserwhit joined #salt
14:48 Brew joined #salt
14:49 eichiro joined #salt
14:54 Laserwhit joined #salt
14:57 debian112 joined #salt
15:02 fatal_exception joined #salt
15:10 bildz I seem to be having issues accessing the salt-api.   I can auth just fine using json and export the token to a cookies.txt, however, using the same file to run a test ping is giving me authentication failure
15:10 DammitJim joined #salt
15:14 sarcasticadmin joined #salt
15:15 GMAzrael_ joined #salt
15:17 Ricardo1000 joined #salt
15:19 bildz doesnt look like it likes being passed the cookies.txt, but X-Auth-Token works just fine
15:20 bildz for those using Flask applications as middleware, is it because of outside services not able to send the originating auth piece?
15:20 mikecmpbll joined #salt
15:24 Cottser joined #salt
15:26 nixjdm joined #salt
15:28 Rumbles joined #salt
15:32 tapoxi trying to setup an elasticsearch returner on my master. On minions it works fine but on master it does not. I have added the `event_return: elasticsearch` in master config as documented in https://docs.saltstack.com/en/latest/ref/returners/all/salt.returners.elasticsearch_return.html
15:33 noobiedubie joined #salt
15:34 Laserwhit joined #salt
15:35 om2 joined #salt
15:36 MTecknology tapoxi: "Minion configuration example:"
15:37 Laserwhit Hello hope all is well.  I am loading a beacon on my master (dynamic distribution) at /srv/salt/_beacons/beacon.conf  and it doesn't work.  Works fine if I put it on the minion at /etc/salt/minion.d/beacons.conf .  When I call salt <minion> saltutils.sync_all I don't see the beacon in the beacons list.  Ideas?
15:38 Laserwhit I am using salt version 2015.5.10 .
15:39 fritz09 joined #salt
15:40 aldevar left #salt
15:42 MTecknology Laserwhit: dunno if this will be useful - https://docs.saltstack.com/en/latest/topics/beacons/#the-beacon-function
15:42 whytewolf Laserwhit: /srv/salt/_beacons isn't a config directory it is a place for code. if you wanted to install beacon modules that you or your team wrote
15:43 donmichelangelo joined #salt
15:45 meca Hi
15:46 meca MTecknology: http://paste.awesom.eu/Y1WY
15:46 meca It's my master config
15:46 jdipierro joined #salt
15:46 meca (replying on behalf of tapoxi)
15:47 MTecknology Why am I reading your master config?
15:47 MTecknology (side note, that's remarkably tiny for a master config)
15:48 meca I use salt formula for my config, file is a bit big. I can paste all of it if you want
15:48 MTecknology no need... I don't need to see your master config at all.
15:48 meca Isn't the idea of the event_returner to set it so that the master handles the returner ?
15:49 MTecknology I don't see anywhere in the documentation where it says the master config settings control minions
15:50 meca "Requires that the event_return configuration be set in master config."
15:50 meca https://docs.saltstack.com/en/latest/ref/returners/all/salt.returners.elasticsearch_return.html
15:50 whytewolf meca: that returner does not have all the code nessisary for being a master_cache returner
15:51 whytewolf https://github.com/saltstack/salt/issues/23125
15:53 whytewolf also, event_return is a function not a setting.
15:54 jas02 joined #salt
15:54 whytewolf no, i was wrong event return is a setting. it should be a list
15:54 whytewolf https://docs.saltstack.com/en/latest/ref/configuration/master.html#event-return
15:55 whytewolf i hate mornings
15:55 meca whytewolf: Do the minion still need to be configured? I mean can I just set up the elasticsearch hosts in master?
15:56 jimklo joined #salt
15:57 woodtablet joined #salt
15:59 whytewolf you should be able to and it will log events that are sent to the master.
16:02 meca whytewolf: Then I think I am missing something. http://paste.awesom.eu/XQRr is that what you meant by list?
16:03 meca master log is complaining `Could not store events - returner 'elasticsearch.event_return' raised exception: 'str' object has no attribute 'hosts'`
16:03 tapoxi joined #salt
16:03 whytewolf that seems like it is trying to store events but is failing
16:06 whytewolf it can't find your hosts settings.
16:08 dxiri joined #salt
16:08 meca whytewolf: that hosts line works on the minions when I add `--return elasticsearch`
16:09 meca Do you know if the syntaxe is supposed to be different on the master config?
16:09 whytewolf meca: i do not know.
16:09 mpanetta joined #salt
16:17 woodtablet hey guys
16:18 xDamox joined #salt
16:18 woodtablet i want to know what you guys think of something, and if it is a sane or insane idea..
16:18 woodtablet i have 2 machines, a salt master (local), and another machine i do all my salt-cloud deploys from, (called salt-deployer in aws). I provision machines in aws from salt-deployer and thats been working great for a long time. But now I am much more comfortable with salt config management and want to be able to deploy the configs on build. My issue is salt-keys, where I obviously need to accept the keys before the master it will respond. I know I
16:19 whytewolf you were cut off at "i know i"
16:20 woodtablet doh, and thanks
16:20 woodtablet can pre-populate keys into the master, but the secret key management during deploy seems painful. what do you guys think of making the salt-deployer a secondary master (all my configs are in git), so it can provision the machine and the configs where salt's configs would just make the local in house master the only master, and I can accept the keys after build ? I have other ideas with reactors, but i wanted to see what you guys thought of th
16:24 jmedinar joined #salt
16:24 Trauma joined #salt
16:24 tapoxi woodtablet: I use salt-cloud on my master and its pretty sweet. why do you want to point to a local master?
16:25 dxiri joined #salt
16:25 chadhs joined #salt
16:25 jmedinar Hi all does any one have any idea about this error?
16:25 jmedinar Data failed to compile:
16:25 jmedinar ----------
16:25 jmedinar Rendering SLS admin.status.redis failed, render error: global name '__proxy__' is not defined
16:25 jmedinar Traceback (most recent call last):
16:25 jmedinar File "/usr/lib/python2.6/site-packages/salt/state.py", line 2800, in render_state
16:25 jmedinar if saltenv == 'include':
16:25 jmedinar File "/usr/lib/python2.6/site-packages/salt/template.py", line 95, in compile_template
16:25 jmedinar File "/usr/lib/python2.6/site-packages/salt/renderers/jinja.py", line 69, in render
16:25 tapoxi you could also put syndic on the aws master and then (in theory) control everything from the local master
16:25 jmedinar proxy=__proxy__,
16:25 jmedinar NameError: global name '__proxy__' is not defined
16:25 whytewolf jmedinar: DO NOT PASTE TO CHANNEL!
16:25 jmedinar it happens to me on the latest version salt-minion-2016.11.6-1.el6.noarch
16:25 jmedinar
16:25 tapoxi jmedinar: pastebin plz
16:25 jmedinar ups sorry
16:25 woodtablet tapoxi: some of the machines i provision in aws cant talk back to the local master
16:26 nixjdm joined #salt
16:26 onlyanegg joined #salt
16:26 tapoxi woodtablet: right but why use a local master at all, is it for on-prem deploys?
16:26 woodtablet tapoxi: yes, i still have 300 on-prem machines to maintain
16:26 leonkatz joined #salt
16:27 woodtablet tapoxi: and still build here too.. occasionally..
16:27 woodtablet tapoxi: i ll go look up syndic
16:28 jmedinar once again... does any one have any idea on this error? [ https://pastebin.com/A8xEMeQT ]
16:29 astronouth7303 is there an execution function that will check "Is this string an IP address?" without external requirements (ie dig)
16:29 woodtablet tapoxi: re:syndic --- oohh this sounds like what i need!!
16:29 jmedinar is happening to me on the latest version salt-minion 2016.11.6 (Carbon)
16:29 woodtablet tapxoi: thanks!
16:29 xDamox joined #salt
16:30 jmedinar but works just fine on salt-minion 2016.3.3 (Boron)
16:30 _JZ_ joined #salt
16:31 edrocks joined #salt
16:32 dxiri joined #salt
16:32 woodtablet jmedinar: based solely on your error, perhaps carbon is missing that global variable, _proxy_. did you update all the parts of salt and its dependencies when you upgraded to Carbon ?
16:34 woodtablet jmedinar: could you also pastebin your salt state ? perhaps your jinja is not quite right
16:36 Laserwhit Ok, so the /srv/salt/_beacons directory is not for *.conf or *.sls files but for python scripts (or other code?)  I am catching on.
16:41 jrgochan left #salt
16:41 astronouth7303 alternative: How can I test by regex at the jinja level?
16:42 jdipierro joined #salt
16:46 dxiri joined #salt
16:53 Lionel_Debroux_ joined #salt
16:53 woodtablet astronouth7303: i am not sure if jinja has that ability, i dont see it here: http://jinja.pocoo.org/docs/2.9/templates/#expressions
16:54 woodtablet astronouth7303: but jinja has substring matching, you could use that
16:54 woodtablet gotta run to a meeting, bbl
16:55 whytewolf astronouth7303: if you can wait till nitrogen is released there is a is_ip filter being added then
17:02 dxiri joined #salt
17:03 wendall911 joined #salt
17:04 MTecknology I'm trying to figure out the best way to decide if a particular state is still used. I'm thinking something along the lines of   salt -b 10 '*' cmd.run 'salt-call state.show_lowstate | grep some_old_state_id'  Would there be a better way?
17:09 astronouth7303 whytewolf: I was hoping not....
17:09 astronouth7303 i was hoping to load the IP address for an instance from DNS, which is surprisingly challenging
17:09 astronouth7303 (namely by handling if it's not in DNS)
17:14 Inveracity joined #salt
17:15 jmedinar Hello all... Any idea on this error message?Passed invalid arguments to state.sls: call_high() takes exactly 2 arguments (3 given)
17:15 jmedinar I am not passing any arguments
17:17 jmedinar my state is very simple [https://pastebin.com/R3jQ2Mw5]
17:21 ChubYann joined #salt
17:23 fl3sh how can I match output form cmd.run with string and if occure run state?
17:25 NEOhidra joined #salt
17:27 nixjdm joined #salt
17:32 onlyanegg joined #salt
17:32 mikecmpbll joined #salt
17:34 whytewolf fl3sh: add onlyif: /usr/bin/test `your cmd.run command` == 'string it should equil'
17:34 fatal_exception joined #salt
17:34 fatal_exception joined #salt
17:34 whytewolf https://docs.saltstack.com/en/latest/ref/states/requisites.html#altering-states
17:35 whytewolf https://docs.saltstack.com/en/latest/ref/states/requisites.html#onlyif
17:36 whytewolf jmedinar: that error means you have to tell us the command you are running not the state
17:37 fl3sh whytewolf: awesome, thx
17:38 whytewolf fl3sh: unless your on windows ... I don't know what it is for windows
17:39 fl3sh oh, I am
17:39 whytewolf just need the cmd version of that
17:40 fl3sh I need to check state of TPM
17:41 whytewolf well, onlyif [and unless] basicly just check the return state of a shell command. so all you need to do is get the shell command to have the right return code
17:42 major is there some way to get the salt boostrap to only update the repo's?
17:42 jas02 joined #salt
17:43 major was sort of hoping to be able to do something like: boostrap-salt.sh -N -p salt-ssh
17:43 fl3sh whytewolf: https://pastebin.com/NLat8NDF
17:44 whytewolf fl3sh: unforchantly. I'm like a bad maid. I don't do windows
17:45 fl3sh ok ;)
17:48 sp0097 joined #salt
17:50 kerrick joined #salt
17:50 ssplatt major: you could write your own bootstrap.sh and pass that as an arg
17:51 major well .. problem is all of those are valid arguments
17:52 major but bootstrap-salt.sh claims there is nothing to install
17:52 major because the -N was given to disable "installing" a minion
17:52 major like .. it doesn't support "only" updating the repo URL's
17:53 fl3sh whytewolf: it is possible to change "Under the hood onlyif calls cmd.retcode with python_shell=True." I need shell=powershell
17:54 whytewolf fl3sh: are you putting onlyif on a cmd.run?
17:56 fl3sh no, I need to use win_lgpo.set and if it give me Fasle run it
17:56 fl3sh I will be perfect
17:56 fl3sh exacly what I need
17:57 cyborg-one joined #salt
17:58 mquin joined #salt
17:58 jmedinar The command I am running is "salt '_prd_csa2_db_hou2_yz_blc_' state.sls admin.status.redis"
17:58 edrocks joined #salt
17:59 whytewolf jmedinar: sounds like you have a messed up copy of salt on your minion. i would say compleatly uninstall then reinstall fresh.
18:00 jmedinar I already did that... I guess I will have to remove it and delete all files and then retry
18:00 whytewolf maybe check your master also
18:01 jmedinar all other minions are working just two that where upgraded to the latest version of the minion are failing
18:01 jmedinar so I will also try to downgrade
18:02 whytewolf you did upgrade your master first right?
18:02 kerrick_ joined #salt
18:02 mquin joined #salt
18:03 mquin joined #salt
18:06 preludedrew joined #salt
18:08 tom29739 joined #salt
18:08 aldevar joined #salt
18:08 Renich joined #salt
18:10 edrocks joined #salt
18:15 toanju joined #salt
18:27 nixjdm joined #salt
18:28 leonkatz joined #salt
18:29 GMAzrael joined #salt
18:30 GMAzrael joined #salt
18:37 watersoul joined #salt
18:38 jrklein joined #salt
18:39 smartalek joined #salt
18:39 xet7 joined #salt
18:40 druonysus joined #salt
18:40 druonysus joined #salt
18:41 druonysus_ joined #salt
18:44 noobiedubie joined #salt
18:46 mquin joined #salt
18:47 druonysuse joined #salt
18:47 druonysus joined #salt
18:49 jas02 joined #salt
18:49 dendazen joined #salt
18:50 dendazen hey guys i have ipa accounts "id apps
18:50 dendazen uid=506(apps) gid=506(apps) groups=506(apps)"
18:50 dendazen not in /etc/passwd
18:51 dendazen now when i have a salt policy to create some dir with ownership of that ipa account i get
18:51 dendazen Comment: User apps is not available Group apps is not available
18:51 dendazen how does salt check if account exists?
18:53 mquin_ joined #salt
18:53 whytewolf it uses file.user_to_uid and file.group_to_gid
18:54 dendazen so if i have some ldap accounts not local
18:55 dendazen i will have failed states?
18:55 dendazen just doesn't make sense
18:56 Eugene What does `getent passwd apps` say
18:57 dendazen getent passwd apps
18:57 dendazen apps:*:506:506:APPS USER:/home/apps:/bin/bash
19:03 whytewolf how about python -c 'import pwd,os; print(pwd.getpwnam("apps").pw_uid)'
19:03 mquin_ joined #salt
19:04 dendazen from that host?
19:04 whytewolf from the minion yes
19:04 dendazen python -c 'import pwd,os; print(pwd.getpwnam("apps").pw_uid)'
19:04 dendazen 506
19:05 whytewolf ...
19:05 whytewolf thats what file.user_to_uid uses
19:06 whytewolf what version are you on?
19:06 dendazen it's weird
19:07 dendazen because the state worked with 'salt-call' from the minion itself
19:07 dendazen but not working from the master
19:07 whytewolf are you running the minion daemon as a non root user?
19:07 mquin joined #salt
19:07 dendazen no.
19:08 dendazen my version is salt-minion-2014.7.1-1
19:08 dendazen pretty old
19:08 whytewolf nothing pretty. about that :P
19:09 whytewolf SO much has changed sinc ethen
19:09 whytewolf but not that function ...
19:09 whytewolf return pwd.getpwnam(user).pw_uid
19:11 whytewolf does file.user_to_uid apps work from the master?
19:11 kerrick joined #salt
19:13 dendazen how do i check?
19:13 whytewolf salt 'minion' file.user_to_uid apps
19:13 dendazen one sec
19:14 dendazen i have so many salt states like thousands
19:14 dendazen affraid to upgrade
19:14 dendazen thinking lots of them will get broken
19:15 whytewolf the longer you wait, the worse it will get.
19:15 nixjdm joined #salt
19:15 dendazen yeah.
19:15 dendazen just had to plan out and accommodate time
19:16 dendazen i get nothing on that state from the master
19:16 whytewolf nothing?
19:16 whytewolf not even an error?
19:17 dendazen nope empty
19:17 dendazen on the minion though i get
19:17 dendazen local:
19:17 dendazen 506
19:17 whytewolf humm, strange.
19:17 dendazen i mean i get a "hostname:  "
19:17 dendazen from the master
19:17 censorshipwreck joined #salt
19:18 iggy maybe something with the environment? (since you said you weren't running as non-root)
19:18 whytewolf only reason i see for that based on the code. is if it runs into a keyerror.
19:19 whytewolf agreed about the enviroment. possabily running in a different copy of python then the system?
19:19 dendazen hmm
19:19 dendazen shouldn't
19:19 dendazen master:
19:19 dendazen python
19:19 dendazen Python 2.6.6 (r266:84292, Jul 23 2015, 15:22:56)
19:20 dendazen python
19:20 dendazen Python 2.6.6 (r266:84292, Jan 22 2014, 09:42:36)
19:20 dendazen that's on the minion
19:20 whytewolf something fishy about the dates on those
19:22 whytewolf a year apart.
19:22 dendazen yeah
19:22 dendazen there are
19:22 dendazen but shouldn't be a reason for a failure.
19:22 whytewolf but they should be exactly the same if they are the same copy of python
19:24 whytewolf you did run salt 'minion test.versions for the first one right?
19:25 dendazen actually i think that python date
19:25 dendazen when it was compiled
19:26 whytewolf yes, that is what that date is
19:26 whytewolf which is why them being different means they are different copies of python
19:26 nixjdm_ joined #salt
19:27 dendazen test.versions  is not available
19:28 whytewolf test.versions is not available? wtf. thats been in salt since at least 0.17.5
19:29 whytewolf try test.versions_report
19:30 dendazen report worked
19:30 dendazen same minion version
19:31 whytewolf version is not what we are looking at
19:31 whytewolf need to make sure the python is the same copy. not just the same version.
19:32 whytewolf if you have a copy of python that is broken and the salt-minion daemon is running under that. and the system python works. then you need to fix the salt-minion to run under the default system python
19:33 whytewolf [which it "should" by default]
19:33 exegesis joined #salt
19:33 morissette joined #salt
19:33 mquin joined #salt
19:34 major whytewolf, hoping I will make it to the SaltConf and be able to buy you a beer or 12...
19:35 Trauma joined #salt
19:35 major guess I need to fork the bootstrap-salt.sh and add an option to do a repo-only update and submit a PR..
19:35 major all the while trying to resist the urge to rewrite the whole thing to be half the size and twice as portable :(
19:35 whytewolf major: rewirte it in go
19:35 oida joined #salt
19:36 whytewolf anyway, i need to go grab lunch
19:36 major not certain that would gain much ...
19:36 whytewolf oh it would gain a lot. a lot of hate :P
19:37 major outside of a hard dependancy on random repos
19:37 major I already get plenty of that
19:38 dendazen not sure what you mean by the 'same copy'
19:38 major https://github.com/major0/shlib
19:38 dendazen what is the difference between same version software compiled at different times?
19:42 newglasses joined #salt
19:43 lordcirth_work dendazen, if only the time has changed?  A few date strings in the binary might change the hash, but it would be functionally identical.  However, "later" could mean a newer compiler version, etc
19:44 SaucyElf_ joined #salt
19:44 lordcirth_work Ah, nevermind, that's not what you meant I think
19:45 mquin_ joined #salt
19:45 leonkatz joined #salt
19:46 englishm_work joined #salt
19:49 newglasses Hi all.  Is there an oracle connector/module/thingy for getting pillar data out of oracle?
19:52 whytewolf dendazen: on the same system it means it is two different copies of python.
19:53 whytewolf one could be corrupted.
19:53 whytewolf or it could not have the pwd python module
19:54 dendazen oh well those are 2 different hosts
19:54 dendazen those are not the copies of python on one host
19:54 whytewolf why would you give me info from 2 different hosts?
19:54 dendazen one on the master, one on the minion
19:55 whytewolf i don't care about the version of python that salt is running on in the master
19:55 dendazen i thought you wanted to make sure that master and minion run same python
19:55 dendazen got it.
19:55 whytewolf that doens't matter. i need to know that salt-minion daemon and the salt-call command are not being run under different pythons
19:55 dendazen it's still quite strange issue
19:56 dendazen right, they are not.
19:56 dendazen I apologize for misleading.
19:56 whytewolf okay, then there must be some other factor
19:57 whytewolf only other i can think of would be system enviroment. not sure what would change the behavour of pwd though
19:59 whytewolf well guess there is always seeing if the salt cmd can access the passwd database
19:59 whytewolf salt 'minion' cmd.run getent passwd apps
19:59 dendazen that works
19:59 whytewolf ok.
20:00 whytewolf so. it is something with pwd then.
20:00 dendazen apps:*:506:506:APPS USER:/home/apps:/bin/bash
20:00 dendazen now this
20:01 dendazen file.user_to_uid  doesn't work
20:01 dendazen but i think that tries to parse /etc/passwd
20:01 dendazen i guess
20:01 dendazen not sure
20:01 whytewolf no. it doesn't
20:02 dendazen it works on the minion itself
20:03 whytewolf file.user_to_uid does the exact same thing as getent passwd
20:03 whytewolf it looks up using the passwd database
20:04 dendazen hmm
20:04 dendazen not sure what's up then.
20:04 whytewolf well it is returning nothing which means something in pwd is throwing a keyerror
20:05 whytewolf which shouldn't be happening. unless it needs a shell of somekind.
20:06 edrocks joined #salt
20:07 dendazen ok so what exactly it's calling?
20:07 whytewolf https://github.com/saltstack/salt/blob/v2014.7.1/salt/modules/file.py#L260
20:08 dendazen because
20:08 dendazen it will return uid for a local account
20:08 dendazen i've just tired
20:08 dendazen s/tried
20:09 whytewolf so, local accounts are in the passwd database always. i guess ldap accounts only show up when you are logged in? which doesn't make sense
20:09 dendazen hmm
20:10 dendazen so
20:10 Eugene FreeIPA?
20:10 Eugene Pastebin your /etc/nsswitch.conf file
20:11 noraatepernos joined #salt
20:11 dendazen https://gist.github.com/anonymous/0691cc8656143766af6f02be68195a1b
20:12 Eugene That seems sane. How about /etc/sssd/sssd.conf
20:15 dendazen https://gist.github.com/anonymous/a24c7fd56e69d1b04bc45211949647c0
20:16 scelestic joined #salt
20:20 morissette joined #salt
20:25 Eugene Hm, that looks right too. I'm not familiar enough with the ipa backend to be much more help
20:26 Eugene That is weird behaviour for sure
20:26 sp0097 joined #salt
20:26 nixjdm_ joined #salt
20:30 xDamox joined #salt
20:41 scooby2 is there anyway to salt joining a linux server to AD via sssd? entering the admin password or an admins password obviously has to be done by hand but I think most of the rest could
20:43 fracklen joined #salt
20:45 onlyanegg Why do pepole often not indent jinja / what do you all do?
20:46 scooby2 onlyanegg: indent
20:47 onlyanegg me too - I think it's more readble.
20:52 bildz Anyone else supporting a window environment with Salt?
21:07 jas02 joined #salt
21:19 noraatepernos joined #salt
21:22 cht joined #salt
21:26 nixjdm_ joined #salt
21:27 sp0097 joined #salt
21:29 MTecknology onlyanegg: Sometimes I like to line jinja up with the thing that's being looped over, sometimes I like it flush with the start, sometimes I like other things... all depends on what's the most readable.
21:31 MTecknology https://github.com/saltstack/salt/blob/develop/salt/templates/debian_ip/debian_eth.jinja
21:31 brianthelion joined #salt
21:31 Eugene I indent my Jinja and non-jinja separately. This lets me trim out the jinja or the templated language separately at any point and things still line up
21:31 Eugene It also makes sure that the resulting rendering makes sense
21:32 onlyanegg ok, I tend to treat it separately from everything else, ie. indent based only on what it's doing
21:33 brianthelion joined #salt
21:33 whytewolf I worry more about the final output indenting then the jinja indenting.
21:34 onlyanegg same as Eugene, except he made more sense when he said it :)
21:34 brianthelion joined #salt
21:34 onlyanegg MTecknology: that is epic
21:34 brianthelion joined #salt
21:35 MTecknology three quick examples: http://dpaste.com/0KTGZ3J
21:35 MTecknology Eugene would probably indent line 2 and 8
21:35 MTecknology (blind assumption)
21:36 brianthelion Does anyone know if salt:// paths work out of the box with docker.sls_build? https://docs.saltstack.com/en/latest/topics/tutorials/docker_sls.html
21:36 Eugene Correct. I would also align lines 1/9 to column 4, but that's me
21:36 Eugene I'm too lazy to find an example, but https://madeitwor.se/srv-salt is my salt repo
21:47 tapoxi joined #salt
21:59 Rumbles joined #salt
22:06 gladiatr joined #salt
22:17 jas02 joined #salt
22:25 nixjdm_ joined #salt
22:35 Rumbles joined #salt
22:36 rpb joined #salt
22:37 kerrick joined #salt
23:00 filippos joined #salt
23:02 kerrick joined #salt
23:10 swa_work joined #salt
23:14 edrocks joined #salt
23:18 jas02 joined #salt
23:20 noraatepernos joined #salt
23:25 nixjdm_ joined #salt
23:26 sp0097 joined #salt
23:32 XenophonF Eugene: best domain evar
23:32 Eugene One day I'll have a wildcard cert for it again
23:33 whytewolf sigh. there should be a domain stand off in here someday. a lot of good domains pass through
23:34 Eugene I also have https://vomitb.in
23:34 Eugene And various RFC-related spam
23:34 whytewolf I have bad4.us and bad4.biz
23:36 XenophonF LOL
23:36 XenophonF man I wish I was that cool
23:36 XenophonF it's always interesting to see how other people use Salt
23:36 XenophonF thanks for posting your configs
23:57 Eugene joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary