Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2017-09-21

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:01 alexlist joined #salt
00:01 pualj joined #salt
00:07 pualj_ joined #salt
00:13 poohneat joined #salt
00:17 poohneat left #salt
00:18 murrdoc joined #salt
00:19 murrdoc hi
00:23 cgiroua joined #salt
00:23 fenderblender joined #salt
00:24 fenderblender Hey all, quick question about using external pillars. I set up my external pillar file like so:
00:24 fenderblender ext_pillar:
00:24 fenderblender - http_json:
00:24 fenderblender url: http://3f8897ae.ngrok.io/api/v1/minion/vpc-5a757f23-0
00:25 cgiroua joined #salt
00:26 fenderblender however, every time I try to apply a highstate, it will always just create a dictionary with those literal values instead of actually sending a get to the url specified
00:27 oida joined #salt
00:27 fenderblender What am I doing wrong? the pillar is updating the values when applying, it just isn't sending out a request or anything
00:33 tiwula joined #salt
00:36 smead joined #salt
00:42 cgiroua joined #salt
00:51 johnj_ joined #salt
00:56 hoonetorg joined #salt
01:54 ilbot3 joined #salt
01:54 Topic for #salt is now Welcome to #salt! <+> Latest Versions: 2016.11.7, 2017.7.1 <+> Support: https://www.saltstack.com/support/ <+> Logs: http://irclog.perlgeek.de/salt/ <+> Paste: https://gist.github.com/ <+> See also: #salt-devel, #salt-offtopic <+> We are volunteers and may not have immediate answers
01:58 debian112 joined #salt
01:58 nonsenso joined #salt
01:58 yidhra joined #salt
01:58 jrklein joined #salt
02:07 sh123124213 joined #salt
02:10 onlyanegg joined #salt
02:12 zerocoolback joined #salt
02:17 GMAzrael joined #salt
02:19 justanotheruser joined #salt
02:29 murrdoc joined #salt
02:40 kuromagi joined #salt
02:51 johnj_ joined #salt
02:55 dwfreed joined #salt
02:56 murrdoc joined #salt
02:58 dwfreed joined #salt
03:00 ivanjaros joined #salt
03:03 evle joined #salt
03:19 omie888777 joined #salt
03:34 hasues joined #salt
03:44 pipps joined #salt
03:47 hasues left #salt
03:49 justanotheruser joined #salt
03:52 onlyanegg joined #salt
03:52 johnj_ joined #salt
04:08 k_sze[work] joined #salt
04:23 rojem joined #salt
04:53 johnj_ joined #salt
04:54 swa_work joined #salt
04:58 shoemonkey joined #salt
05:14 Bock joined #salt
05:21 sh123124213 joined #salt
05:53 ivanjaros joined #salt
05:54 johnj joined #salt
05:56 apofis joined #salt
06:04 GMAzrael joined #salt
06:10 do3meli joined #salt
06:11 do3meli left #salt
06:32 felskrone joined #salt
06:34 usernkey joined #salt
06:35 APLU joined #salt
06:46 zerocoolback joined #salt
06:55 johnj joined #salt
06:59 shoemonkey joined #salt
07:02 GMAzrael joined #salt
07:05 Ricardo1000 joined #salt
07:05 debian1121 joined #salt
07:11 zerocoolback joined #salt
07:11 rgrundstrom joined #salt
07:11 rgrundstrom Good morning
07:13 jhauser joined #salt
07:15 dcpc007 joined #salt
07:15 dcpc007 haaa this is the real chan :) i was on #saltstack :)
07:16 aldevar joined #salt
07:23 vb29 joined #salt
07:23 mbologna joined #salt
07:24 rgrundstrom dcpc007: Welcome :)
07:24 Hybrid joined #salt
07:25 dcpc007 another  try to learn salt ... but in the background.. officially "i have no time to loose learn new tools not really usefull" ...
07:26 dcpc007 but too bored to have tens of servers with divergent configs, or can't update a small static config because too much servers to do by hand ....
07:27 dcpc007 i'm reading the salt official tutorials, is there other tuto/demo interesting resources please ?
07:28 dcpc007 first need would be to do query on mulptiple servers to identify divergences
07:28 dcpc007 like check a folder rights, local account groups, config file content,...
07:30 robman joined #salt
07:31 rgrundstrom dcpc007: Should not be any issues using file.managed
07:32 dcpc007 ok i'll look, i've seen possibility to do live queries on a groupe of clients
07:32 dcpc007 like a clusterssh tool
07:33 rgrundstrom dcpc007: hang on I can show you some examples.
07:33 jas02 joined #salt
07:33 dcpc007 i would for exemple query on a group of server : ls -ltr /var/log/
07:34 dcpc007 or "cat /etc/resolv.conf", "cat /etc/aliases |grep root"
07:34 dcpc007 to detect how many problems i have
07:35 dcpc007 after i'll have harder queries with variable paths  ... don't know how to do currently
07:35 dcpc007 like "ls -a /var/log/<an appli name>"
07:36 dcpc007 but name different en on each server. I can generally find it by the server name, need a script to extract it.
07:36 dcpc007 brb
07:36 rgrundstrom dcpc007: Here is an example of my Ubuntu config file -> https://gist.github.com/anonymous/35f35d597e4e795e03203019a83b8998#file-gistfile1-txt
07:42 cyborg-one joined #salt
07:42 jas02 joined #salt
07:44 _KaszpiR_ joined #salt
07:50 cyborg-one joined #salt
07:53 swa_work joined #salt
07:56 johnj joined #salt
07:58 JAX joined #salt
08:00 Naresh joined #salt
08:03 stanchan joined #salt
08:04 _KaszpiR_ joined #salt
08:06 dcpc007 ha ok it's directly a manage config.
08:07 netcho_ joined #salt
08:07 dcpc007 i'll use only salt to gather infos in first time (can't implement real config as not autorized to work on salt)
08:08 dcpc007 i'll try learn and test during small "free" time, and when ok, ask to manage simple cases, and after should be good to work real with it :)
08:08 obitech joined #salt
08:08 obitech morning guys
08:10 dcpc007 is it possible "in live" to push a temp shell script and execute it on a pack of computer and got a summury of output ?
08:10 aldevar left #salt
08:10 dcpc007 like i create a check_config.sh and want to execute on 10 servers and got the answer on the master
08:14 mikecmpbll joined #salt
08:16 pbandark joined #salt
08:17 obitech dcpc007 did you try https://docs.saltstack.com/en/latest/ref/states/all/salt.states.cmd.html ?
08:18 dcpc007 i'm start reading https://docs.saltstack.com/en/latest/topics/tutorials/walkthrough.html and https://www.tutorialspoint.com/saltstack/saltstack_overview.htm
08:22 yuhl joined #salt
08:23 obitech Hey guys, somehow my minion can't see files on the fileserver (roots) when I try to copy them from salt://... However when I salt-run fileserver.file_list they are all listed there. Am I missing something? Is there any way to debug this?
08:23 dcpc007 many words and concepts to learn to understand the docs it seems :) like pillars, grains ....
08:23 dcpc007 ok, i'll print this for lunch time :)
08:24 obitech dcpc007 they docs and tutorials are really good but it can be a bit overwhelming when you start out. Just follow them all and experiment a bit, then you should get the hang of it!
08:25 gawainlynch left #salt
08:26 dcpc007 yesn that's why i'm looking too for other simpler tutos and i think i found some youtube video starting guide
08:26 obitech this one is quite good tho: https://docs.saltstack.com/en/getstarted/fundamentals/index.html
08:27 dcpc007 cool the second link i send shows how to create quiclky a test env with VM and vagrant
08:31 Mattch joined #salt
08:35 schasi joined #salt
08:40 mike25de hi all; what is the recommended way to run a state only if a file does not exist on the minion?
08:50 haam3r_ mike25de: depends on the state. probably jinja like this: "{% if not salt['file.file_exists']('/path/to/file') %}"
08:50 toanju joined #salt
08:50 mike25de haam3r_: good point!
08:50 mike25de thanks haam3r_
08:51 obitech ah I was just writing exactly that haam3r_ haha
08:51 haam3r_ mike25de: but for example cmd.run also has the creates parameter as well
08:51 haam3r_ obitech: great minds think alike :D
08:51 mike25de :)
08:52 mike25de for cmd.run i know :)
08:52 mike25de thanks both haam3r_ obitech
08:52 obitech no worries mate
08:58 johnj joined #salt
08:59 shoemonkey joined #salt
09:02 mikecmpb_ joined #salt
09:14 zerocoolback joined #salt
09:35 JAX left #salt
09:36 Joke81 joined #salt
09:39 ivanjaros3916 joined #salt
09:47 J0hnSteel joined #salt
09:52 Dylan__ joined #salt
09:56 Dylan__ Hello guys, i'm looking for some help on a problem that has been driving me nuts all morning, and I have a feeling I am missing something simple.
09:58 haam3r_ Dylan__: Ask away
09:59 johnj joined #salt
09:59 Dylan__ I'm fairly new to salt, but I am trying to pull the IP of my Apt-Cacher server, I have set it's role as "Apt-Cache-Server" and I'm trying to grab the IP via searching for that server via grains. What I have currently is salt['grains.get']('Apt-Cache-Server', 'network.interface_ip', 'eth0') but I know that is just wrong :/
10:00 Dylan__ I would be grateful for any advice!
10:00 Dylan__ This is my client conf as it stands
10:00 Dylan__ {% from "Servers/Apt-Cacher-Ng/Main.jinja" import apt_cacher_ng with context %} Acquire::http::Proxy "http://{{ salt['grains.get']('Apt-Cache-Server', 'network.interface_ip', 'eth0') }}:{{ apt_cacher_ng.server_port }}";
10:01 zerocoolback joined #salt
10:03 impi joined #salt
10:09 mikecmpbll joined #salt
10:14 Dylan__ this is the cli cmd I am trying to replicate. salt -C 'G@Roles:Apt-Cache-Server' network.interface_ip eth0
10:23 pualj_ joined #salt
10:29 OliverUK joined #salt
10:32 chowmeined joined #salt
10:36 haam3r_ Dylan__: States are rendered locally on the minion. If the Apt-Cacher server is not the minion where the state is running on then you should look at the Salt Mine: https://docs.saltstack.com/en/2016.11/topics/mine/index.html
10:38 Dylan__ So something like this? salt['mine.get']('roles:Apt-Cache-Server', 'network.interface_ip', expr_form='grain')
10:38 lkolstad joined #salt
10:40 jesusaur joined #salt
10:40 Dylan__ or salt['mine.get']('roles:Apt-Cache-Server', 'network.interface_ip', expr_form='grain').items()
10:45 obitech joined #salt
10:48 pualj_ joined #salt
10:49 usernkey joined #salt
10:52 haam3r_ Do you have the mine configured on the neccessary minions?
11:00 johnj joined #salt
11:00 shoemonkey joined #salt
11:10 pualj_ joined #salt
11:27 obitech What do you guys think would be the best way to add something to $PATH ? Looking over file.replace and file.line I can't really find a good solution. I had the idea to save the current $PATH in a jinja variable and then just file.replace it but I'm not quite sure how to do it that way..
11:30 obitech ah I could get the PATH with environ.get PATH I suppose
11:30 obitech and then line.replace in .profile and source it I guess ?
11:32 Dylan__ Yeah, I am trying to get the mine.conf pushed to the minion but having syntax errors at the moment, I need coffee.
11:38 nku how do i manage restarting services on different minions in a specific order? e.g. stop service a on host 1, restart serivce b on host 2, start service a on host 1?
11:39 haam3r_ obitech: you need to permanently set the path?
11:39 obitech hamm3r_ yes
11:41 haam3r_ {% set current_path = salt['environ.get']('PATH', '/bin:/usr/bin') %}
11:41 haam3r_ {{ [current_path, '/new/path/to/bin']|join(':') }}
11:41 haam3r_ second line would go into file.replace for example yes
11:42 haam3r_ nku: orchestrate runner is what you need. https://docs.saltstack.com/en/latest/topics/orchestrate/orchestrate_runner.html
11:42 obitech yeah something like that I had in mind thanks
11:42 nku haam3r_: ty
11:45 pipps joined #salt
11:48 cwright joined #salt
11:48 flarb joined #salt
11:57 markwatd joined #salt
11:58 GMAzrael joined #salt
11:59 lastmikoi left #salt
12:00 johnj joined #salt
12:02 _ssn_06 joined #salt
12:03 evle1 joined #salt
12:06 _ssn_06 Hi guys, please clarify how's working "autosign_timeout" I have added to /pki/minion_autosign/minion1 restarted salt-master to expect autosign has to work, but it don't :( What's wrong with my adds ?
12:08 smead joined #salt
12:14 Nahual joined #salt
12:30 shakalaka joined #salt
12:30 ivanjaros joined #salt
12:31 mchlumsky joined #salt
12:33 XenophonF joined #salt
12:34 zerocoolback joined #salt
12:36 _aeris_ joined #salt
12:42 jmb13562 joined #salt
12:44 obitech what's the difference between modules.cmd and modules.cmdmod ? When would the one be used over the other _
12:44 obitech ?
13:00 _ssn_06 fixed. nevermind
13:01 johnj joined #salt
13:02 shoemonkey joined #salt
13:06 obitech ah cmdmod is the execution module and cmd is the state module
13:08 Guest94292 joined #salt
13:11 pualj_ joined #salt
13:11 sergeyt joined #salt
13:19 OliverUK left #salt
13:20 Brew joined #salt
13:36 kbaikov joined #salt
13:43 squishypebble joined #salt
13:45 gh34 joined #salt
13:53 tapoxi joined #salt
13:56 shoemonkey joined #salt
13:56 betao joined #salt
13:57 betao left #salt
13:57 BeTa0 joined #salt
13:58 numkem joined #salt
13:59 BeTa0 left #salt
14:00 hgf joined #salt
14:00 hgf left #salt
14:01 wavded joined #salt
14:01 hgf joined #salt
14:01 hgf hello fellows
14:02 hgf does anyone know a way to just recursively dump a context as YAML for a file.managed, without much jinja complexity?
14:02 hgf maybe even without jinja at all
14:03 johnj joined #salt
14:08 cgiroua joined #salt
14:13 _KaszpiR_ joined #salt
14:18 _JZ_ joined #salt
14:25 beardedeagle joined #salt
14:28 Mike_ joined #salt
14:38 onlyanegg joined #salt
14:41 devops_guy joined #salt
14:41 hgf took me a while, but I've found the answer: file.serialize
14:44 racooper joined #salt
14:45 omie888777 joined #salt
14:46 zerocoolback joined #salt
14:49 tiwula joined #salt
14:50 squishypebble joined #salt
14:56 wavded joined #salt
15:02 toastedpenguin joined #salt
15:04 johnj joined #salt
15:07 wavded joined #salt
15:12 sh123124213 ahm, apparently there is a limit to the max size of the command I can sent to the minion but I cannot find it
15:12 sh123124213 MAX_EVENT_SIZE doesn't do the job
15:14 sh123124213 any suggestions ?
15:15 sh123124213 i'm trying to sent a command from the local client which contains a string of ~500KB
15:15 sh123124213 and minion gets that a job has been published but never returns a result
15:15 sh123124213 minion logs only show job id
15:16 sh123124213 normally if I lower the size of the string the whole string would show on the lo
15:16 sh123124213 g
15:17 jas02 joined #salt
15:19 jauz joined #salt
15:20 JawnAuz joined #salt
15:20 sarcasticadmin joined #salt
15:20 jauz left #salt
15:21 JawnAuz joined #salt
15:21 jmb13562 joined #salt
15:22 pere3 joined #salt
15:24 XenophonF sh123124213: you mean like a cmd.run command?
15:24 XenophonF b/c if so it sounds like you should use cmd.script instead
15:34 whytewolf sh123124213: what operation system. if it is linux it has a argument string length max.
15:34 hasues joined #salt
15:38 sh123124213 Both linux and windows has the same issue
15:38 sh123124213 yes I mean like cmd.run command
15:39 sh123124213 I would prefer trying to figure out the issue and try to fix it rather than changing to something else.
15:39 sh123124213 XenophonF, whytewolf
15:40 whytewolf sh123124213: stop trying to use 500kb command lines.
15:41 sh123124213 well, decreasing the command size can be an option but I would rather try to see why this happens
15:41 XenophonF yeah you're doing it wrong
15:41 XenophonF sorry
15:41 sh123124213 the command that failed on production was 165KB
15:41 sh123124213 but I cannot reproduce in my dev env
15:41 whytewolf because a 500KB command line argument is going above the MAX_ARG_STRLEN
15:42 sh123124213 so its a python limitation ?
15:42 whytewolf kernel limitation
15:42 whytewolf aka Linux
15:43 whytewolf that is a linux kernel variable
15:43 sh123124213 same happens in windows so I guess there is something similar there
15:43 whytewolf wouldn't doubt it.
15:44 lordcirth_work 500kb arg string is nuts
15:44 iggy because otherwise someone could oom any system by _trying_ to run a command (even if it didn't actually run anything)
15:47 onlyanegg joined #salt
15:47 sh123124213 it cannot be that its a kernel limitation since I'm using python to send the command
15:48 whytewolf wtf
15:48 whytewolf how do you think this works?
15:48 iggy and python in turn passes that to the kernel
15:48 iggy (or a shell, depending on how you called it)
15:49 sh123124213 so you are telling me that salt local client goes to the shell and runs the command for me ? :D
15:49 sh123124213 no way
15:50 whytewolf it can do either calling a shell, OR calling the command from the kernel. either way it still goes through the kernel
15:50 sh123124213 https://docs.saltstack.com/en/latest/ref/clients/
15:50 sh123124213 this local client I mean
15:50 sh123124213 no bash involved
15:50 sh123124213 salt.client.LocalClient
15:51 whytewolf who said anything about bash
15:51 whytewolf although you did say cmd.run
15:51 whytewolf not localClient
15:52 sh123124213 well localClient can run cmd.run
15:52 whytewolf cmd.run calls a shell
15:52 sh123124213 good point
15:53 whytewolf [or loads the command into the kernel directly.
15:53 whytewolf ]
15:55 jmb13562 joined #salt
15:55 brent_ joined #salt
15:56 XenophonF grrrrrrrrr salt.states.selinux.module looks in the base environment for source instead of the current environment
15:56 wedgie joined #salt
15:57 shoemonkey joined #salt
15:57 whytewolf the fact it even works for you at all is surprising. i remeber helping someone with the selinux state not to long ago and we found that some of the fcontext functions were calling a function that doesn't exist in the selnux module
16:00 XenophonF i actually got the fcontext states to work
16:00 XenophonF but they suck
16:01 XenophonF b/c you have to use both of them to (a) install the fcontext policy and (b) apply it
16:02 XenophonF like so: https://github.com/irtnog/salt-states/blob/development/tomcat/pwm.sls#L34
16:02 XenophonF which i think is confusing :-/
16:02 whytewolf it isn't the worst thing i have seen in salt
16:02 XenophonF no
16:02 XenophonF i'm just whiny today
16:03 * whytewolf hands XenophonF some cheese
16:04 pipps joined #salt
16:04 XenophonF :-D
16:05 johnj joined #salt
16:06 pipps joined #salt
16:06 tapoxi joined #salt
16:08 XenophonF no time to debug this further :( might tackle a PR later though
16:08 XenophonF https://github.com/saltstack/salt/issues/43679
16:08 XenophonF in case someone here wants to look at it
16:09 euidzero joined #salt
16:13 dendazen joined #salt
16:14 jas02 joined #salt
16:17 XenophonF oh ffs selinux.module doesn't take a .te file
16:17 euidzero joined #salt
16:18 JawnAuz The powers that be have decided to switch to Cisco Spark from Slack. I'm off to try converting my Slack returner to Spark... Anyone with any experience writing a custom returner? The Cisco Spark developer portal seems halfway decent so I'll see what I can find.
16:18 euidzero joined #salt
16:22 euidzero joined #salt
16:22 nich0s joined #salt
16:23 jmb13562 joined #salt
16:32 jrgochan joined #salt
16:32 it_dude joined #salt
16:33 jrgochan hello. Got a reactor question.
16:35 jrgochan I recently updated all of my minions to 2017.7.1 and now the auth-pending.sls from this page doesn't work anymore. https://docs.saltstack.com/en/latest/topics/reactor/
16:35 jrgochan When building a new machine the machine's key gets put into both the "Denied" and "Unaccepted" keys. any ideas?
16:36 lordcirth_work jrgochan, I've had that happen when I installed salt-minion as part of install, then ran bootstrap.  The first key goes Unaccepted and bootstrap clobbers it and gets Denied
16:39 jrgochan hrm. I'm installing from rpms, and don't think there's any bootstrapping going on. Did you end up finding a solution to your issue?
16:41 ivanjaros joined #salt
16:42 nixjdm joined #salt
16:43 lordcirth_work jrgochan, in my case I just commented out the 'apt install salt-minion' in my lxc template and let bootstrap do it.
16:44 cyborg-one joined #salt
16:45 jrgochan ahh. fair enough.
16:46 * MTecknology doesn't use bootstrap
16:47 wavded joined #salt
16:49 * MTecknology was gonna follow up with something intelligent, but it's morning here.
16:49 MTecknology -> https://github.com/MTecknology/saltstack-demo/blob/master/data/etc/salt/cloud.deploy.d/ovpn_deploy
16:55 pipps joined #salt
17:00 LordOfLA joined #salt
17:02 lordcirth_work Getting a weird crash on state.apply: https://gist.github.com/lordcirth/355fee4c451feb0ec100711e89c69ff3
17:03 lordcirth_work Both are running the same version and I've restarted both
17:03 lordcirth_work the daemons, that is, not reboot
17:05 rojem joined #salt
17:06 johnj joined #salt
17:09 omie888777 joined #salt
17:10 A_Person joined #salt
17:12 it_dude_ joined #salt
17:12 stewgoin joined #salt
17:16 J0hnSteel joined #salt
17:17 onlyanegg lordcirth_work: is it rendering something when that happens?
17:18 onlyanegg maybe the yaml should be a string rather than a float? eg. '1.5' vs 1.5
17:19 onlyanegg just a guess. I saw something like that the other day when specifying the version in the elasticsearch formula (I think)
17:20 A_Person joined #salt
17:21 brent_ joined #salt
17:23 ivo_ joined #salt
17:26 rgrundstrom joined #salt
17:26 J0hnSteel joined #salt
17:26 wavded joined #salt
17:35 lordcirth_work onlyanegg, I'm not sure exactly what's breaking it, I'll try narrowing down the state
17:35 A_Person joined #salt
17:39 onlyanegg you should be able to see where it's failing with `-l debug`, and I think you get more info if you use `salt-call` on the node itself rather than `salt` on the master
17:41 lordcirth_work Yeah, I should do that
17:42 lordcirth_work Oh it's YAML mangling my types, yup
17:42 morissette joined #salt
17:42 lordcirth_work I had include: \n - .10_15_152  and YAML decided that meant OrderedDict([('include', [0.1015152])])
17:43 lordcirth_work Despite underlines being not generally in numbers...
17:44 lastmikoi joined #salt
17:49 it_dude joined #salt
17:49 onlyanegg haha, never seen that before
17:50 it_dude__ joined #salt
17:50 jas02 joined #salt
17:50 lordcirth_work Their parser must look for a . and a digit, and assume right there it's a float
17:51 whytewolf it is the period followed by a number throwing it off. i have seen it before in other langs. basicly as long as what follows it isn't alpha it will assume that it is a number and ignore [or in some langs zero] anything that isn't a number
17:52 whytewolf also
17:52 whytewolf https://docs.saltstack.com/en/latest/topics/troubleshooting/yaml_idiosyncrasies.html#underscores-stripped-in-integer-definitions
17:53 whytewolf apperently _ in numbers are ignored as part of the yaml spec
17:54 fatal_exception joined #salt
17:57 shoemonkey joined #salt
17:58 nixjdm joined #salt
18:01 shoemonk_ joined #salt
18:05 JawnAuz So if I run a salt-call from my minion to run state.sls on a given state, specifying my env, it works. But my schedule doesn't seem to be running the exact same state.sls with time. Gist: https://gist.github.com/Nojiko/11770fd6b95edff3eb8adae97488a5e2
18:05 JawnAuz Am I formatting my schedule incorrectly?
18:05 JawnAuz Clarification: Schedule shows up as successfully applied to minion, but doesn't run after x time passes.
18:07 johnj_ joined #salt
18:08 coredumb JawnAuz: you can check scheduled job return using jobs.list_jobs/lookup_jid
18:10 tapoxi joined #salt
18:14 ventris left #salt
18:15 numkem joined #salt
18:25 toanju joined #salt
18:30 ChubYann joined #salt
18:35 KevinB joined #salt
18:38 omie888777 joined #salt
18:38 JawnAuz Odd, I see the job running in that list but the state isn't being applied.
18:38 ahrs joined #salt
18:39 jas02 joined #salt
18:40 JawnAuz https://gist.github.com/Nojiko/8bd97b81135e594f53a4afdc4a45b21f
18:40 JawnAuz That argument return looks weird...
18:45 jmb13562 joined #salt
18:45 jas02 joined #salt
18:47 JawnAuz Wonder if job_kwargs needs to be just saltenv: prod and not - saltenv: prod ...
18:51 sh123124213 joined #salt
18:55 pipps joined #salt
18:58 nixjdm joined #salt
19:00 Hybrid joined #salt
19:06 dynamicudpate joined #salt
19:07 XenophonF JawnAuz: jobs_kwargs takes a dictionary, not a list
19:07 XenophonF https://github.com/irtnog/salt-states/blob/development/sched/patch.sls#L14
19:08 johnj_ joined #salt
19:08 lordcirth_work joined #salt
19:09 JawnAuz Yeah, actually already using that. Looking at what else I must've missed, maybe env. Still tinkering.
19:09 mikecmpbll joined #salt
19:12 oida_ joined #salt
19:17 schemanic joined #salt
19:17 schemanic Heya
19:17 schemanic I've heard it said that I can't use pillar inside pillar.
19:18 schemanic I'm looking for a means to abstract all of my passwords
19:18 whytewolf you can not, at least directly.
19:18 whytewolf you can use things like pillarstack to get around that
19:19 schemanic Well what I can do is keep a separate pillar file that properly calls out the keys which would contain credentials right?
19:19 schemanic and then allow that pillar to merge in as normal
19:20 schemanic That's true right?
19:20 whytewolf how are you thinking of calling the "seperate pillar file"
19:23 SaucyElf_ joined #salt
19:24 schemanic whytewolf, If I know that formula Q has a key called q.password: Instead of defining q.password in a separate pillar for q, put a dict called q:\n  password: <secret> in a pillarfile called credentials.sls
19:24 schemanic then in top.sls assign credentials.sls to all applicable minions
19:25 schemanic and not with grains
19:25 whytewolf might have problems with merging.
19:25 schemanic Why would I have problems with merging?
19:25 whytewolf because merging almost always has problems
19:25 schemanic Okay
19:25 schemanic Whats the best way to accomplish what I'm trying to accomplish?
19:26 schemanic I want a single point of entry which is easy to regenerate in case I need to rotate passwords for my entire network
19:26 whytewolf why do you need a seperate pillar file. what exactly benifit doe you get from this?
19:27 whytewolf why not build a map.jinja for your passwords
19:27 schemanic The benefit is 'Is it time for the quarterly password rotation? Okay I need 5 minutes.'
19:28 whytewolf or a defaults.yml
19:28 schemanic whytewolf, how does that work? Wouldn't I need to go to every state and formula in my statetree and include the mapfile and do a bunch of work to make sure the map dict merges in properly?
19:28 whytewolf um, no a pillar side map.jinja
19:29 whytewolf [you can use jinja in pillar]
19:30 schemanic Are you proposing including this mapfile in the pillars I write for my states?
19:30 whytewolf states has nothing to do with what i am saying
19:30 schemanic 'pillars I write' then
19:31 schemanic point being, are you saying that I should use jinja to do something like from credentials/map.jinja import passwords with context
19:32 whytewolf yes
19:32 schemanic if I happen to be writing a tomcat pillar for the tomcat formula I can just say: set tomcat_credentials = passwords.tomcat
19:32 whytewolf now your getting it.
19:32 pipps joined #salt
19:33 schemanic then I can say tomcat:\n  manager_password: {{ tomcat_credentials.manager_password }}
19:33 schemanic Word. Thanks
19:34 mayk joined #salt
19:38 Hybrid joined #salt
19:40 schemanic Can I write a file to the saltstack fileserver with a state?
19:41 dlloyd reactor
19:41 schemanic ...
19:41 schemanic elaborate?
19:41 whytewolf schemanic: you can, if you salt the master
19:41 whytewolf [and you're not useing gitfs
19:41 whytewolf ]
19:42 brent_ joined #salt
19:42 schemanic so I cant just write file.managed:\n  -name: salt:\\path-to-file
19:42 saml joined #salt
19:42 saml is salt good
19:43 whytewolf no, you can't
19:43 saml thanks
19:43 whytewolf saml: I'm biased
19:43 whytewolf but yes it is good
19:44 lordcirth_work saml, I'm not sure what answer you expected in this channel :P
19:45 XenophonF saml: salt is good, and it's good for you!
19:45 saml kubernetes, docker, salt, chef, puppet, vagrant, packer, ...  web development went crazy
19:46 whytewolf almost none of that is only for web development
19:46 beardedeagle joined #salt
19:46 saml looks like these are like coreutils but for many machines (cloud)
19:48 whytewolf infrastructure automation, and segregation.
19:55 lordcirth_work I just "manually" upgraded a 3-node cluster of Nextcloud servers with 4m47s of downtime, without particularly trying to be fast.  Salt is great.
19:55 wavded joined #salt
19:58 nixjdm joined #salt
20:02 shoemonkey joined #salt
20:08 xMopxShell You can mount gitfs remotes as a subdir in the salt fileserver. But can you mount plain directories in the same manner?
20:09 johnj_ joined #salt
20:11 DammitJim joined #salt
20:11 JawnAuz Minion schedule working! Turned out to be spacing on my job_kwarg. :S
20:11 DammitJim not sure about the proper words to search for
20:12 DammitJim but is there a way to see the result of the last state run against a minion?
20:12 DammitJim is it saltutil.find_job ?
20:17 lordcirth_work joined #salt
20:21 tapoxi joined #salt
20:23 JawnAuz DammitJim, salt-run jobs.list_jobs can work
20:24 hasues left #salt
20:28 JawnAuz Any opinions on how best to trigger a highstate on a minion as soon as its key is accepted?
20:28 XenophonF reactor
20:28 XenophonF https://github.com/irtnog/salt-pillar-example/blob/master/salt/example/com/init.sls#L283
20:29 JawnAuz Whoa.
20:29 XenophonF https://github.com/irtnog/salt-states/blob/development/salt/files/reactors/firstrun.sls
20:29 XenophonF something like that anyway
20:29 XenophonF i had it working but maybe something broke a while ago and i haven't had time to chase it down
20:29 JawnAuz That seems remarkably simpler than I anticipated.
20:29 XenophonF It might be wrong! :-D
20:30 JawnAuz Still glad for the help. :)
20:30 JawnAuz I've been happy ever since I got gitfs working and now schedules, it's been a good week.
20:31 XenophonF that's awesome!
20:33 frygor_ joined #salt
20:36 noraatepernos joined #salt
20:39 schemanic Hey, I'm having a hard time rendering an id_rsa file from pillar data. I'm getting an error message: https://gist.github.com/anonymous/ec864f440ef0077c9e2fa08f037da0b1
20:39 schemanic the pillar has it set up as multiline content
20:39 XenophonF you need to use the |yaml_encode filter
20:40 schemanic you mean #!yaml|gpg as the first line?
20:40 XenophonF so something like {{ varname|yaml_encode }}
20:40 XenophonF no
20:40 XenophonF the #!yaml|gpg shebang tells Salt to run the file through the listed renderers in that order
20:41 XenophonF the yaml_encode filter correctly escapes scalar values for insertion into a YAML-formatted text stream
20:41 XenophonF the yaml filter does the equivalent for non-scalar objects (i.e., dictionaries and lists)
20:41 schemanic thats a bit weird. I'm not seeing that in other formulas that do that
20:41 XenophonF mine do
20:41 schemanic the users-formula renders rsa files with -contents_pillar
20:42 XenophonF well, that works too
20:42 XenophonF b/c it never renders the Pillar value in the YAML file
20:42 schemanic whats the 'right' way?
20:42 whytewolf are you using gpg?
20:42 XenophonF either use contents_pillar or wrap your variable references using |yaml_encode
20:43 XenophonF gpg has nothing to do with it
20:43 schemanic yeah. It's a multiline rsa key string which itself has been gpg encrypted
20:43 whytewolf contents_pillar doesn't work with gpgp iirc
20:43 schemanic so in the pillar its a big long pgp string
20:43 schemanic but it's supposed to render to the rsa string
20:44 XenophonF If you don't tell Jinja to handle things differently, it will just dump whatever text into place.
20:44 XenophonF but YAML files are structured data
20:44 schemanic do I have to do something special with -contents_pillar: value?
20:44 XenophonF no
20:44 XenophonF but that won't work with the GPG renderer
20:45 schemanic okay so contents_pillar wont work with the gpg renderer
20:45 schemanic so I have to say -content: {{ dict.key | yaml_encode }}
20:45 XenophonF so you need to make sure the pillar value is decrypted (usually by Pillar itself on the master, before the value gets sent to the minion)
20:45 schemanic XenophonF, I dont understand how that's different than the normal way
20:45 XenophonF if you have the #!jinja|yaml|gpg shebang in your Pillar SLS file, you can use the contents_pillar argument safely
20:46 schemanic okay
20:46 numkem joined #salt
20:47 schemanic okay so #!yaml|gpg\n... -contents_pillar: {{ dict.key }}
20:47 XenophonF no that's not what I mean
20:47 XenophonF hold on let me give you a concrete example
20:47 schemanic k...
20:48 schemanic oh wait
20:48 schemanic I'm wrong too
20:48 whytewolf - contents_pillar takes the location in pillar to do a pillar.get from
20:48 schemanic #!yaml|gpg in pillar.sls
20:48 lbv joined #salt
20:48 XenophonF let's say you have the following Pillar SLS file - https://github.com/irtnog/salt-pillar-example/blob/master/defaults/accounts.sls
20:49 XenophonF note the #!jinja|yaml|gpg shebang
20:49 schemanic yep
20:49 schemanic and my pillar value is a gpg encrypted string that the salt master knows about
20:49 XenophonF right
20:50 schemanic then my state file can read: {% set dict = salt.pillar.get('dict', {}) %}\n... -contents_pillar: {{ dict.key }}
20:50 XenophonF so after salt-master reads that file after running it through the Jinja, YAML, and GPG renderers, there's a Pillar key named users:Administrator:password with the _decrypted_ value
20:50 whytewolf no
20:51 XenophonF so when you reference users:Administrator:password on the minion, it's already decrypted
20:51 whytewolf schemanic: you don't put the contents of the pillar in - contents_pillar
20:51 XenophonF you can use it directly in the Salt state
20:51 schemanic okay so
20:51 schemanic then my state file can read: {% set dict = salt.pillar.get('dict', {}) %}\n... -contents_pillar: explicit:pillar:path:to:data
20:51 XenophonF so you could set contents_pillar to users:Administrator:password, and salt-minion would access the _decrypted_ value and use it for the contents of whatever
20:52 schemanic right
20:52 whytewolf yes
20:52 schemanic or I could do this
20:52 schemanic then my state file can read: {% set dict = salt.pillar.get('dict', {}) %}\n... -contents_pillar: {{ dict.key|yaml_encode}}
20:52 XenophonF alternatively, you could set content to {{ salt.pillar.get('users:Administrator:password')|yaml_encode }}
20:52 XenophonF your states SLS file would not need a shebang in any of these cases
20:53 XenophonF it would just be using the default #!jinja|yaml shebang b/c decryption of the Pillar key's value already happened when the Pillar SLS file got rendered on the master
20:53 XenophonF contents_pillar takes a Pillar key name
20:53 XenophonF _not_ a Pillar key value
20:54 pipps joined #salt
20:55 XenophonF `contents_pillar: users:Administrator:password` is the same thing as `content: {{ salt.pillar.get('users:Administrator:password')|yaml_encode }}`
20:59 nixjdm joined #salt
20:59 tkojames joined #salt
20:59 schemanic okay
20:59 schemanic I'm trying it with yaml_encode for now
21:00 schemanic is whitespace a problem with jinja filters?
21:01 iggy yes
21:01 iggy that's what `| indent(N)` is for
21:01 bildz for some reason the sqs queue isnt working on my salt master (2016.3).  How can I check to see if there's an error?
21:03 schemanic so I need to write this: - content: {{ itman.repo_credentials.private_key|yaml_encode }}
21:03 schemanic not this: - content: {{ itman.repo_credentials.private_key | yaml_encode }}
21:04 whytewolf space there doesn't matter
21:04 tkojames So iam trying to use the python api to run the following salt command, "salt '*' test.version --output=json --static  > saltminion.json" it is not working in the api. I can get it to run just test.version but I need to output it to JSON. I tired few different options that looked like this "test = local.cmd('*','test.version --output=json --static > saltminion.json')" How do I get it to be static and output as JSON?
21:05 schemanic that's weird because now those values are rendering blank files
21:05 pipps joined #salt
21:06 pipps joined #salt
21:07 schemanic whytewolf, XenophonF, any idea why when I use |yaml_encode I get empty files?
21:09 iggy gist your code
21:10 johnj_ joined #salt
21:10 noraatepernos joined #salt
21:11 schemanic iggy: https://gist.github.com/anonymous/2c672b9835c5376e06528634c93ab2b6
21:13 evilet joined #salt
21:14 speedlight joined #salt
21:17 schemanic any idea? I'm super confused why this doesn't work
21:17 whytewolf schemanic: please tell me those are not your real keys
21:17 schemanic They've been encrypted
21:18 wavded joined #salt
21:18 schemanic They're the rsa strings which have then encrypted
21:18 whytewolf ok
21:18 schemanic am I missing something
21:18 euidzero joined #salt
21:19 whytewolf does "salt 'minion' pillar.get itman" show anything for the value of those keys?
21:19 bildz https://docs.saltstack.com/en/2016.3/ref/engines/all/salt.engines.sqs_events.html#salt.engines.sqs_events.start   How do you know if this is running, or how is it kicked off?
21:20 whytewolf bildz: by restarting the master/minion that it is configured on
21:20 schemanic whytewolf, yeah, it shows them decrypted and in the right format
21:21 bildz whytewolf: i tried that but doesnt look like it's taking.  Is there a log entry i can grep?
21:21 whytewolf bildz: check /var/log/salt/[minion|master]
21:21 whytewolf I don't use that engine so i am unsure of what it logs
21:22 morissette joined #salt
21:22 whytewolf however you can turn up the loglevel to see if it can get more verbose with log_level_logfile setting [works for both minion and master]
21:23 whytewolf https://docs.saltstack.com/en/latest/ref/configuration/logging/
21:23 bildz thanks
21:24 whytewolf schemanic: does it show the contents if you do a state.show_sls on that sls file
21:24 schemanic i've never run that before. do I just go state.show_sls 'state name without extension or path'?
21:24 whytewolf yes
21:25 whytewolf just like if you were going to run the state with state.apply
21:25 whytewolf except with output about what it has
21:25 schemanic yeah, it does show the contents properly
21:26 whytewolf humm, run the state again
21:28 schemanic nope, files are empty
21:29 whytewolf omg
21:29 whytewolf doh
21:29 * whytewolf hands schemanic an s
21:29 onlyanegg anyone know a good way to merge dictionaries in Jinja (eg. merge pillar with defaults.yml) ?
21:29 whytewolf contentS not content
21:30 schemanic wow
21:30 schemanic holy balls
21:31 whytewolf also you didn't get an error about that because file.managed can be used to create blank files. and content was getting swolled by kwargs
21:31 schemanic hmm
21:31 schemanic itman_config is also not passing in my context vars... grrr
21:33 whytewolf onlyanegg: a good way? not really, but i can think of two eh ways. using a hacky grains.filter_by. and using dict1.update(dict2)
21:33 euidzero joined #salt
21:33 onlyanegg I'm taking a look at the deep_merge macro in the salt formula..
21:34 whytewolf there really should be a "tool_chest" module that holds things like a deep merge function
21:34 onlyanegg +1
21:38 onlyanegg or a filter? is that not trivial? is that why it hasn't been done? (eg. {% set config = defaults | merge(from_pillar) %})
21:40 pipps joined #salt
21:42 sh123124213 joined #salt
21:43 whytewolf adding filters normally is trivial for jinja. however allowing the loading of filters to jinja in salt was an idea that was nixed https://github.com/saltstack/salt/issues/12761
21:45 moy joined #salt
21:46 fuzzy joined #salt
21:47 dwfreed_ joined #salt
21:48 ToeSnacks joined #salt
21:48 simondodsley joined #salt
21:48 munhitsu_ joined #salt
21:48 onlyanegg hmmm, I wonder if there is an execution module I could use then
21:49 schemanic i need a dict key's name itself
21:49 schemanic if i have d = {'tomcat': {whatever}} I need 'tomcat'
21:50 schemanic I've tried using .name() and it doesn't work
21:50 Aikar joined #salt
21:50 Aikar joined #salt
21:50 nich0s joined #salt
21:50 coldbrewedbrew_ joined #salt
21:50 tcolvin joined #salt
21:51 phobosd__ joined #salt
21:51 whytewolf schemanic: how would that work outside of a loop?
21:51 nledez joined #salt
21:51 schemanic I have no clue
21:51 whytewolf it wouldn't
21:51 valkyr2e joined #salt
21:52 schemanic i cant do something like d['tomcat'].name()?
21:52 swa_work joined #salt
21:52 whytewolf but you have tomcat in that case so why do you need to query it
21:53 schemanic because I don't want to say it as if I know it
21:53 dnull joined #salt
21:53 schemanic I want to say 'the one that is there'
21:53 schemanic even if I know that there should only ever be a specific one
21:53 schemanic because there might come a time when it's wrong
21:54 whytewolf {'how':'value','do':'value2','know':'value3','which':'value4','key':'value5'}
21:54 schemanic I don't like having to say 'I will know the correct user because their name will be tomcat'
21:54 schemanic I like saying 'The one designated as the tomcat manager user regardless of thier name'
21:54 rubenb joined #salt
21:55 dlloyd_ joined #salt
21:56 marwel joined #salt
21:56 whytewolf dict.keys() will get you a list of keys. but you can't know for sure which key is the right one with out knowing it before hand
21:56 whytewolf you have to have some prior knowledge
21:57 whytewolf a dict most likely will not just have one key
22:00 onlyanegg this might be exactly what I'm looking for - https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.defaults.html#salt.modules.defaults.merge
22:00 __[0_0]__ joined #salt
22:00 onlyanegg or this - https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.slsutil.html#salt.modules.slsutil.merge
22:00 canta joined #salt
22:01 nixjdm joined #salt
22:01 gareth__ joined #salt
22:02 s0undt3ch joined #salt
22:02 Mogget joined #salt
22:02 lordcirth_work joined #salt
22:02 whytewolf humm, never used either. although it is nice to see slsutil getting more love then just render
22:03 shoemonkey joined #salt
22:09 magz0r joined #salt
22:10 onlyanegg it looks like defaults.merge and slsutil.update both use utils.dictupdate.update
22:11 johnj_ joined #salt
22:15 _KaszpiR_ joined #salt
22:18 tkojames So iam trying to use the python api to run the following salt command, "salt '*' test.version --output=json --static  > saltminion.json" it is not working in the api. I can get it to run just test.version but I need to output it to JSON. I tired few different options that looked like this "test = local.cmd('*','test.version --output=json --static > saltminion.json')" How do I get it to be static and output as JSON?
22:19 sarlalian joined #salt
22:20 manj-budgie_ joined #salt
22:25 morissette joined #salt
22:26 manj-budgie_ left #salt
22:36 _KaszpiR_ joined #salt
22:38 noraatepernos joined #salt
22:45 pipps joined #salt
22:46 brent_ joined #salt
22:48 cyborg-one joined #salt
22:57 whytewolf tkojames: json.dumps(local.cmd('*','test.version'))
22:57 whytewolf tkojames: after loading the json python module of coarse
22:58 astronouth7303 joined #salt
23:04 cgiroua joined #salt
23:12 johnj_ joined #salt
23:15 saml joined #salt
23:15 onlyanegg slsutil.update works real nice - https://gist.github.com/onlyanegg/9681fb80f7e9c0ba8e61646bca645f7f
23:16 onlyanegg thx, whytewolf
23:17 whytewolf no problem. :) not sure i really helped much there
23:18 onlyanegg it helps to talk it through :)
23:19 whytewolf very true
23:24 tkojames whytewolf thank you so much super heplful!!!
23:29 rojem joined #salt
23:41 justanotheruser joined #salt
23:47 daxroc joined #salt
23:54 debian112 joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary