Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2017-10-04

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:00 ahrs joined #salt
00:09 sh123124213 joined #salt
00:11 lnxnut joined #salt
00:14 johnj_ joined #salt
00:32 dxiri_ joined #salt
00:54 smead joined #salt
00:54 pipps joined #salt
01:10 ibro joined #salt
01:15 johnj_ joined #salt
01:18 lnxnut joined #salt
01:18 DammitJim joined #salt
01:23 DammitJim joined #salt
01:55 ilbot3 joined #salt
01:55 Topic for #salt is now Welcome to #salt! <+> Latest Versions: 2016.11.7, 2017.7.1 <+> Support: https://www.saltstack.com/support/ <+> Logs: http://irclog.perlgeek.de/salt/ <+> Paste: https://gist.github.com/ <+> See also: #salt-devel, #salt-offtopic <+> We are volunteers and may not have immediate answers
02:05 johnj_ joined #salt
02:23 shadoxx joined #salt
02:26 lnxnut joined #salt
02:46 tiwula joined #salt
02:50 Vye joined #salt
02:52 NightMonkey joined #salt
03:03 wavded joined #salt
03:05 shadoxx_ joined #salt
03:14 shadoxx joined #salt
03:18 zerocool_ joined #salt
03:29 johnj_ joined #salt
03:33 evle joined #salt
03:34 lnxnut joined #salt
03:36 utahcon joined #salt
03:42 justanotheruser joined #salt
03:43 sh123124213 joined #salt
03:52 jfelchner joined #salt
03:52 stanchan joined #salt
03:56 justanotheruser joined #salt
04:08 Treelife joined #salt
04:21 dxiri joined #salt
04:28 tbrb joined #salt
04:30 johnj_ joined #salt
04:38 afics joined #salt
04:40 lnxnut joined #salt
05:18 schasi joined #salt
05:21 shadoxx joined #salt
05:29 johnj_ joined #salt
05:33 lnxnut joined #salt
05:35 rgrundstrom joined #salt
05:35 rgrundstrom Good morning.
05:45 sarcasticadmin joined #salt
05:46 shadoxx joined #salt
05:53 stanchan joined #salt
05:53 sh123124213 joined #salt
05:54 do3meli joined #salt
05:54 do3meli left #salt
05:54 Bock joined #salt
05:56 Bock joined #salt
05:57 Bock joined #salt
05:59 Bock joined #salt
06:01 nocaberi joined #salt
06:01 colttt joined #salt
06:02 colttt_ joined #salt
06:02 heyimawesome joined #salt
06:05 i4o joined #salt
06:13 Ricardo1000 joined #salt
06:20 schasi joined #salt
06:21 felskrone joined #salt
06:30 johnj_ joined #salt
06:32 shadoxx joined #salt
06:34 lnxnut joined #salt
06:43 sh123124213 joined #salt
06:49 Ricardo1000 joined #salt
06:52 vchauhan joined #salt
06:53 shadoxx joined #salt
06:59 KaczuH joined #salt
07:01 jthunt joined #salt
07:04 Hybrid joined #salt
07:07 sarcasticadmin joined #salt
07:08 sh123124213 joined #salt
07:08 usernkey joined #salt
07:11 KaczuH joined #salt
07:18 shadoxx joined #salt
07:20 pualj joined #salt
07:23 darioleidi joined #salt
07:30 arif-ali joined #salt
07:31 johnj joined #salt
07:32 sh123124213 joined #salt
07:39 _KaszpiR_ joined #salt
07:40 shadoxx joined #salt
07:47 tatrman joined #salt
07:48 xet7 joined #salt
07:49 tatrman 2017-10-04 07:43:07,724 [salt.loaded.int.grains.core                           ][WARNING ][2938] Error loading grains, unexpected linux_gpu_data output, check that you have a valid shell configured and permissions to run lspci command
07:50 tatrman this is error message on minion running alpine 3.6.3 running on virtual scaleway
07:52 robman joined #salt
07:57 sh123124213 joined #salt
08:01 arif-ali joined #salt
08:04 Bock joined #salt
08:07 seeg joined #salt
08:07 zulutango joined #salt
08:08 seeg hello, a question: when developing a custom salt module i want it to generate some custom configuration files. my standard approach is to render it using jinja. however i haven't found a way how to place such templates as separate files -- how would i access the file from the salt state? currently i just have these templates as very long python strings inside my state file
08:10 pbandark joined #salt
08:14 mikecmpbll joined #salt
08:21 eck left #salt
08:22 sh123124213 joined #salt
08:27 Naresh joined #salt
08:27 schasi joined #salt
08:28 lnxnut joined #salt
08:31 Mattch joined #salt
08:32 johnj joined #salt
08:46 sh123124213 joined #salt
08:47 bdrung_work joined #salt
08:49 cyteen joined #salt
08:53 schasi joined #salt
08:54 pbandark hello everyone.. can we pass cloud-init script with salt-cloud for openstack ?
09:00 xet7 joined #salt
09:04 Rumbles joined #salt
09:11 sh123124213 joined #salt
09:15 pbandark also, I am unable to create network(on OpenStack) using salt-cloud, from the code, it seems to be "create_network" function is not yet written for openstack. can anyone please confirm ?
09:18 xet7 joined #salt
09:19 colegatron joined #salt
09:24 pbandark demize: ^^ can you confirm the network part ?
09:29 gmoro joined #salt
09:33 johnj joined #salt
09:34 BlackBishop joined #salt
09:36 sh123124213 joined #salt
09:39 schasi joined #salt
09:41 haam3r_ seeg: Could you clarify? You mean that you have very long strings inside your module? Would calling a salt file.managed function inside your module work?
09:45 lnxnut joined #salt
09:56 DanyC joined #salt
10:00 sh123124213 joined #salt
10:08 smead joined #salt
10:27 shadoxx joined #salt
10:32 sh123124213 joined #salt
10:34 johnj joined #salt
10:38 W4RL0RD joined #salt
10:50 shadoxx joined #salt
10:53 lnxnut joined #salt
10:56 sh123124213 joined #salt
11:07 v12aml joined #salt
11:16 DammitJim joined #salt
11:19 wavded joined #salt
11:21 sh123124213 joined #salt
11:27 smead joined #salt
11:35 johnj joined #salt
11:46 sh123124213 joined #salt
11:47 wavded joined #salt
11:48 wavded joined #salt
11:48 wavded joined #salt
11:49 schasi joined #salt
11:51 wavded joined #salt
11:52 usernkey joined #salt
11:55 XenophonF I'm using letsencrypt-formula on a few servers and need to configure it to trigger service restarts when certificates change.
11:55 XenophonF I can deploy a script that handles this.
11:56 XenophonF Is it just a matter of adding a setting to the certbot ini file?  If so, which option?
11:57 XenophonF Also, I've got an idea on how to use certbot with salt-master.
11:57 XenophonF So, (1) configure certbot to use dns01 validation.
11:58 XenophonF (2) use import_text to read the certificates/keys into Pillar.
11:58 XenophonF (3) run a deploy script that signals a Salt event
11:59 XenophonF (4) use Reactor to push the updated certs/keys to the relevant minions
11:59 XenophonF Does that sound feasible?  Can I use non-relative paths with the import_* Jinja functions?
12:00 lnxnut joined #salt
12:01 XenophonF like: {% import_text "/etc/letsencrypt/live/hostname/fullchain-privkey.pem" as fullchain_privkey %}
12:01 WKNiGHT joined #salt
12:01 haam3r_ If I recall correctly certbot should have a --post-hook parameter or something like that
12:02 Muir joined #salt
12:03 haam3r_ XenophonF: yeah this: 'certbot renew --pre-hook "service nginx stop" --post-hook "service nginx start"'
12:07 smead joined #salt
12:07 evle joined #salt
12:08 dstensnes you shouldn't need the pre-hook to stop the server first
12:08 dstensnes you can update the certificate, then reload/restart nginx afterwards
12:12 Nahual joined #salt
12:23 DammitJim joined #salt
12:26 shadoxx joined #salt
12:30 XenophonF I should be able to put "post-hook = service httpd restart" (or whatever) into the certbot ini file via letsencrypt-formula, right?
12:31 XenophonF oh
12:31 XenophonF deploy-hook
12:31 XenophonF that's what I want
12:32 XenophonF https://certbot.eff.org/docs/using.html#renewing-certificates
12:32 XenophonF thanks for the clue haam3r_, dstensnes!
12:33 XenophonF and if I can't use absolute paths with import_text, I can use a deploy-hook script that copies them into the Pillar root dir
12:34 XenophonF IIRC that all runs as root so signalling an event from the command line should be possible, yes?
12:34 XenophonF a Salt event, I mean
12:35 XenophonF yeah
12:35 XenophonF salt-call event.fire
12:35 XenophonF awesome
12:36 sh123124213 joined #salt
12:36 johnj joined #salt
12:36 XenophonF https://certbot.eff.org/docs/using.html#renewing-certificates
12:36 XenophonF https://docs.saltstack.com/en/latest/topics/event/events.html#firing-events
12:37 XenophonF I'm going to run this past the salt-users mailing list, see what they say.
12:40 schasi joined #salt
12:41 wyked joined #salt
12:41 jbkc85 joined #salt
12:46 numkem joined #salt
12:49 DammitJim joined #salt
12:54 oida joined #salt
12:54 pbandark I am unable to create network(on OpenStack) using salt-cloud, from the code, it seems to be "create_network" function is not yet written for openstack. can anyone please confirm ?
12:57 mchlumsky joined #salt
12:58 squishypebble joined #salt
12:58 squishypebble joined #salt
12:59 daks_ joined #salt
12:59 daks_ Hello, is there any saltstack maintainers present?
13:00 daks_ I wonder if the release date for the next minor version of 2016.11 is already known
13:00 daks_ I'm particulary interested in the patch for this bug https://github.com/saltstack/salt/issues/42165
13:02 daks_ I see the patch has been backported in branch 2016.11
13:03 aanriot +1
13:03 XenophonF you might be better off asking on the salt-users mailing list
13:03 XenophonF or wait until about 5 PM UTC
13:04 daks_ ok XenophonF
13:04 XenophonF one of the devs sometimes comes onto IRC
13:04 XenophonF but they're on Mountain (UTC-06:00) or Pacific time (UTC-07:00)
13:07 Ricardo1000 joined #salt
13:08 aldevar joined #salt
13:08 lnxnut joined #salt
13:11 pbandark1 joined #salt
13:12 xet7 joined #salt
13:19 swills joined #salt
13:19 swills joined #salt
13:23 lnxnut joined #salt
13:23 aldevar left #salt
13:24 gh34 joined #salt
13:34 gh34 joined #salt
13:36 gh34 joined #salt
13:37 johnj joined #salt
13:41 seeg joined #salt
13:42 guedressel joined #salt
13:44 megamaced joined #salt
13:45 taaperotassu joined #salt
13:48 beardedeagle joined #salt
13:51 schasi joined #salt
13:54 _KaszpiR_ joined #salt
13:57 Muir joined #salt
13:58 cgiroua joined #salt
14:01 losh joined #salt
14:05 fatal_exception joined #salt
14:08 jmiven joined #salt
14:10 beardedeagle joined #salt
14:12 tapoxi joined #salt
14:22 ecdhe I want to install package "gitk" if "git" is installed, but only if "desktop-environment" is also installed.
14:23 babilen ecdhe: Nobody is stopping you
14:23 smead Hey all, I know that salt-ssh supporting 'sudo passwords' is / was a feature request.  It seems to have died.  Does anybody know if it's supported now? https://github.com/saltstack/salt/issues/8882
14:24 ecdhe babilen: how would you do that in salt?
14:24 dstensnes smead: quite certain it's already in there
14:24 babilen ecdhe: I wouldn't, I would be explicit about what I want to have installed rather than reacting to local state on the minion
14:25 babilen ecdhe: You can probably hack something together with pkg.version
14:25 ecdhe babilen, I don't want to react to local state on the minion, I want to react to highstate
14:25 dstensnes ecdhe: i think he means using pillar or custom grains maybe
14:25 ecdhe babilen: naively, I could do this: gitk: pkg.installed, require pkg git, pkg ubuntu-desktop
14:26 babilen ecdhe: Well, you want to install a certain package if other packages are installed on the minion .. That means reacting to local state on the minion
14:26 babilen Ah, so you want to explicitly install all three?
14:26 ecdhe now gitk won't be installed without both those packages...  but if one of the required pkg.installed  states doesn't exists, the state for gitk will fail, rather than simply not installing.
14:27 smead dstensnes: thanks.  I guess maybe I'm not setting tty in my roster?
14:27 smartalek joined #salt
14:27 ecdhe I want to just not execute if a "required" reference doesn't exist in highstate.
14:27 babilen So, lets get this straight: The issue you are trying to solve is that you want to have two SLS (one for desktop-environment) and one for git and that you only want to install gitk if the desktop-environment state has also been targeted?
14:28 dstensnes smead: could be something like that. Does it work when you call sudo via ssh directly?
14:28 ecdhe babilen: yes
14:28 babilen ecdhe: And you also don't want to install gitk on all boxes that have desktop-environment?
14:29 dstensnes smead: try this: ssh -t host 'sudo uptime'
14:29 ecdhe babilen: yes
14:29 dstensnes smead: replace "host" with address
14:29 smead So, the case is that some of the cloud images my team uses require passwords to 'sudo', others do not.  Sometimes, I can get in and run the command with no pass, sometimes I'm prompted
14:29 smead Ah, yeah good call.  I'll try that.
14:29 ecdhe babilen, I can do this easily by adding a third SLS...  git.sls, desktop.sls, git-desktop.sls
14:30 babilen ecdhe: Sure
14:30 ecdhe But I need to repeat this pattern dozens of times.
14:30 dstensnes smead: that should tell you if you can do it at all without password prompt i think
14:30 ecdhe EG, network-tools.sls (nmap), network-tools-desktop.sls (wireshark)
14:30 JAuz joined #salt
14:30 smead dstensnes: and you are pretty sure salt-ssh will work whether it requires a password not not ?
14:30 dstensnes smead: might need username@host
14:30 babilen ecdhe: I understand what you are after now
14:31 dstensnes smead: no, i haven't used it much, but i would think it needs passwordless sudo access
14:31 smead gotcha... that's what I'm really after.
14:31 smead is salt having the ability to 'sudo -n -l' and sense if a password is required or not
14:31 smead I am doing it manually now with paramiko, but, that's a bummer
14:31 dstensnes smead: i would create dedicated user with ssh access and a separate entry in sudoers.d for that user on servers managed with salt-ssh
14:33 dstensnes smead: so i would put together a tiny shell script to bootstrap that
14:33 babilen ecdhe: My feeling is that it would be a good idea to configure the states you want to install in pillars .. that way you could easily "ask" in other SLS if certain pillar values are set
14:34 babilen ecdhe: So, you'd have a role "desktop_environment" in your pillar and can then use {% if 'desktop_environment' in salt['pillar.get']('roles', []) %} or somesuch
14:34 babilen You'd render the top file based on that pillar data ..
14:34 dstensnes smead: to 1) create the user, 2) set authorized_keys, 3) add sudoers.d file for that user
14:34 babilen Pillarstack might come in handy if you want to include pillar configuration conditionally
14:34 ecdhe babilen, that would make sense.  I didn't know if there was an easy way to set a variable during the state parsing that says "Desktop Environment Installed", but it would work to simply specify a pillar['Desktop Environment Installed']
14:35 smead dstensnes: Yeah, but, it's a bit of a security risk that the risk assessment team won't go for
14:35 smead it means that only one account needs to be compromised.
14:35 babilen ecdhe: Another approach would be to to target based on (custom?) grains, but that would mean that you have multiple runs until your state "converges"
14:35 dstensnes smead: that is still true if your account can sudo without passord, isn't it
14:35 dstensnes ?
14:36 ecdhe babilen: that would be less than ideal.
14:36 babilen ecdhe: I think it is better to do this explicitly and *once* .. But even then you could have endless dependencies (git is installed, that triggers something else, which is then triggered in the git state again)
14:36 smead Yes, which is why we don't allow any accounts to sudo with a password.  Which is why I wish salt-ssh would support sudo when password is required
14:36 wavded joined #salt
14:36 smead :'(
14:37 smead I think I'm going to need to put a wrapper around salt-ssh
14:37 dstensnes smead: how about just using salt-minion then? No sudo required?
14:37 Rumbles joined #salt
14:37 babilen ecdhe: It's easy to design a system that's quite hard to understand and reason about and one that doesn't converge right away
14:37 ecdhe sounds like pillar is the way to go on this one.  I'm not saying I wouldn't take a new requisite though... the only problem with a new requisite is that you'd never know if it was failing because a tectually-declared state simply hadn't been invoked for this minion, or whether it's failing because you mispelled the a state.
14:38 ecdhe that would be hard to understand.
14:38 smead dstensnes: The problem there is that our cloud nodes come up quick and stay around for somewhere between 1 hour and 10 days, then go away.  the overhead of the minon (from an installation perspective) is a pain
14:38 smead IN addition, the minions have to be able to talk to the master
14:38 smead they're all in different clouds
14:39 dstensnes smead: I use salt to manage a few servers here, but they are not in this network. I let them connect back to the office with a separate openvpn connection to the salt-master server, purely for the salt-minion connections
14:39 jbkc85_ joined #salt
14:39 dstensnes smead: though it might not fit your needs that well
14:39 johnj joined #salt
14:39 babilen ecdhe: It just gets tricky if you have dependency cycles (e.g. 'desktop_environment' behaves differently if 'git' is installed and vice versa (including as many states as you want)
14:39 babilen )
14:39 smead dstensnes: Yeah, that'd be dozens of connections.  Hmmm.  Well, thanks for the help.  I'll have to see what I come up with
14:39 dstensnes smead: good luck
14:40 dstensnes smead: just for the record. I have no idea if salt-ssh is unable to handle passwords for sudo, cause haven't used it that way
14:41 ecdhe babilen, gains+pillar+highstate passes are already probably turing complete
14:41 babilen ecdhe: But I think that by setting all "roles" in pillars (or another authoritative datasource) and base the included states on that in the top.sls you can safely test that (immutable) datastructure at that point
14:42 _KaszpiR_ joined #salt
14:43 dstensnes smead: but i would think a separate account with a locally generated, long, very random password and passwordless sudo access would be easiest way to go, but also balances security
14:43 smead dstensnes: Personally, my preference is to use no passwords, ssh keys only
14:44 smead which then requires passwordless sudo
14:44 smead I'm right with ya, but, security teams prevail, especially with equifax-sized breaches take palce
14:45 ecdhe thanks for thinking through it with me babilen!
14:45 _JZ_ joined #salt
14:46 Brew joined #salt
14:47 babilen ecdhe: I'm sure there are other approaches, but I'd be careful to make it too automatic (and recursive)
14:49 heaje joined #salt
14:49 _KaszpiR_ joined #salt
14:53 squishypebble joined #salt
14:56 lnxnut_ joined #salt
15:01 diegows joined #salt
15:05 fullstop joined #salt
15:08 v0rtex joined #salt
15:09 relidy joined #salt
15:12 tiwula joined #salt
15:19 Rumbles joined #salt
15:20 racooper joined #salt
15:26 nixjdm joined #salt
15:32 sarcasticadmin joined #salt
15:38 beardedeagle joined #salt
15:40 johnj joined #salt
15:42 shadoxx joined #salt
15:47 viq ecdhe: btw, "gitk: pkg.installed, require pkg git, pkg ubuntu-desktop" doesn't do what you think it does
15:49 viq ecdhe: "require pkg git" (fix for syntax) requires a *state* called git. It does not care whether package name git is or is not installed on system.
15:54 DammitJim joined #salt
15:57 bildz if I want to use a reactor to run a local script on a system, do I use this:  https://pastebin.com/2LbRkkRr   I see it running, but it doesnt appear to execute.
15:58 xet7 joined #salt
16:00 bushelofsilicon joined #salt
16:02 tkojames joined #salt
16:15 impi joined #salt
16:21 csmule joined #salt
16:28 XenophonF smead: I'm trying to set up Duo or TOTP for sudo.
16:28 XenophonF so authenticate via certificate and escalate with a second factor
16:29 smead XenophonF: that's cool.  I haven't monkeyed with sudo and 2fa.  I've only done it with the actual login
16:30 XenophonF it'll be cooler if I can get it to work!
16:30 XenophonF Google's PAM plugin is garbage.
16:30 XenophonF And on Windows? fugittaboutit
16:30 astronouth7303 ... is there a way to configure salt-api to just accept authn on headers (provided by eg a fronting nginx)?
16:30 smead lol
16:31 XenophonF oh man wouldn't that be great, astronouth7303?
16:31 astronouth7303 like, appreciate it has all this stuff set up out of the box, but really, there's a hella lot of tools that provide a lot more options
16:32 JawnAuz joined #salt
16:32 wavded joined #salt
16:32 jbkc85 joined #salt
16:33 bushelofsilicon what's a good strategy for storing static IPs in pillar?
16:33 astronouth7303 (and would probably also enable authn by unix domain socket, which provides a stepping stone to doing it by SSH)
16:34 nixjdm joined #salt
16:36 XenophonF I personally want federated logins.
16:36 dstensnes smead: oh, yes, i wasn't thinking about using the password, just wanted to emphasize that the password for that account should never be used for anything. It usually needs a to have a password even though you use ssh keys
16:36 XenophonF SAML and OIDC via the web, SAML ECP via the command line
16:36 dstensnes unless you tinker a bit with PAM
16:36 ecdhe viq, I know I could substitute a "git: pkg.installed" and "git: pkg.removed" and get an unexpected result, but realistically, I never use pkg.removed.
16:37 dstensnes smead: usually there is a rule in PAM that says do not allow unless account has a password set
16:37 astronouth7303 XenophonF: probably similar framework, accepting external auth instead of doing it's own
16:41 johnj joined #salt
16:43 squishypebble joined #salt
16:43 tapoxi joined #salt
16:43 csmule saltstack is being a real pain for me. My minion is not responding on one server. Tried removing the key, reinstalling the minion, etc...  ugh
16:46 squishypebble1 joined #salt
16:47 seeg hello, a question: when developing a custom salt module i want it to generate some custom configuration files. my standard approach is to render it using jinja. however i haven't found a way how to place such templates as separate files -- how would i access the file from the salt state? currently i just have these templates as very long python strings inside my state file
16:53 SaucyElf joined #salt
16:56 bushelofsilicon seeg: wait, what kind of module is this?
16:56 numkem joined #salt
16:58 DanyC joined #salt
17:00 pipps joined #salt
17:04 shanth joined #salt
17:05 shanth having an issue where my minions wont return a response when i did state.apply but if i run the salt-call locally for the state it works just fine
17:05 nielsk joined #salt
17:06 sh123124213 joined #salt
17:12 csmule shanth: I am not familiar with that option.  Run salt-call on the minion then? Same syntax as if I ran state.apply from the master?
17:12 shanth when i run salt call on the minion it works fine csmule
17:12 csmule shanth: Did you reboot your minion's server?
17:12 shanth yes its happening on multiple minions and i restarted the master
17:13 csmule shanth: Just curious if a reboot of the minion server clears it. I can't reboot the server because it's running a production workload.
17:13 csmule I can reboot the master, but that ain't workn
17:14 csmule Is there a way to clear the salt master grains cache?
17:14 shanth not sure but im sure there is
17:15 csmule hehe, I'm lookin through the docs.
17:15 oida_ joined #salt
17:18 seeg bushelofsilicon, i make a custom stalt stack state
17:19 csmule seeg: Holy salt states, batman.
17:21 onlyanegg joined #salt
17:22 seeg basically the state is to configure some Docker deployment with a couple of containers and that requires rendering some config files
17:22 seeg i would just like to know if i could store these files somewhere in repo instead of directly in state python file in some obscure text variables
17:24 bushelofsilicon seeg: ok, so you're not creating a custom state module, right? https://docs.saltstack.com/en/latest/ref/states/writing.html
17:24 shadoxx joined #salt
17:25 bushelofsilicon seeg: you're just looking for something like this? https://gist.github.com/anonymous/b3c452560277ad4125e8d0f6f8f833f1
17:26 astronouth7303 hm. We've got a collection of services, each in their own repo, and a single repo for all of our salt stuff.
17:26 astronouth7303 but that salt repo is more-or-less broken up by those same services
17:26 astronouth7303 so i'm wondering if it's better to move those salt states to the service repos and merge them somehow
17:27 beardedeagle joined #salt
17:30 pipps joined #salt
17:31 astronouth7303 (problem is that we have enough stuff and i'm a big fan of developer self-service, so i'd want a way to do the mapping automatically. Or just have a tool produce it in a workspace? IDK)
17:33 dxiri joined #salt
17:34 taaperotassu joined #salt
17:35 nixjdm joined #salt
17:35 beardedeagle joined #salt
17:36 _aeris_ joined #salt
17:40 colegatron joined #salt
17:40 misconfig joined #salt
17:42 johnj_ joined #salt
17:44 _KaszpiR_ joined #salt
17:45 mikecmpbll joined #salt
17:49 pipps joined #salt
17:56 thebignoob joined #salt
17:58 GnuLxUsr joined #salt
17:58 thebignoob is there a way to create a jinja statement that "if one or many minions with some compound grains return a ping, then" ?
18:00 astronouth7303 thebignoob: i don't think so, because a minion can't run execution commands on other minions
18:00 astronouth7303 (`test.ping` is basically a dummy command that just returns `True`)
18:04 thebignoob hmm okay, i do have values in salt-mine that are accessible (basically i'm standing up a SIT environment right now, and the nginx configuration for one of our load balancers has an empty block causing it's startup to fail)
18:04 thebignoob i only want it to create the vhost block if hosts under certain grains actually exist
18:05 thebignoob here's what i got so far: https://pastebin.com/raw/b1SacykC
18:06 thebignoob just trying to figure out the right way to have an if statement skip the upstream block since there's no servers in this environment with those particular grains
18:07 astronouth7303 that's roughly what i do. I would suggest assigning it to a variable and then testing if the variable is empty
18:08 astronouth7303 it won't really do health check-ish stuff, though, so if the minion is configured but down at the moment of configuration, it may or may not get picked up
18:12 tapoxi joined #salt
18:14 cyteen joined #salt
18:16 sarcasticadmin joined #salt
18:17 Kelsar joined #salt
18:22 shadoxx joined #salt
18:27 astronouth7303 is there a way to configure salt with a python log handler? Or do I have to wrap it in a log module?
18:30 BlackBishop left #salt
18:31 csmule joined #salt
18:31 csmule think I isolated my problem.  My salt master will not apply any of my states. It hangs on eveyrthing.debug is not showing me anything obvious.
18:33 bildz I can get a state to push regularly, but wont work with reactor
18:33 cyborg-one joined #salt
18:34 nixjdm joined #salt
18:36 bildz how can you debug a state running through reactor?
18:37 bushelofsilicon bildz: salt-master -l debug
18:38 bildz bushelofsilicon: my logs are already in debug
18:41 bushelofsilicon bildz: so your reactor sls is trying to apply a state?
18:41 bushelofsilicon bildz: I had to use orchestration to do that
18:42 squishypebble joined #salt
18:42 bushelofsilicon bildz: but I had tried that with the same results as you, and there was no output on the debug
18:43 johnj_ joined #salt
18:49 bildz yeah i have it piping to a /tmp/test.txt
18:49 taaperotassu joined #salt
18:49 bildz i dont see it updating through reactor, but if i salt-call -l debug state.apply <state> it works no problem
18:49 ChubYann joined #salt
18:50 schasi joined #salt
18:52 shadoxx joined #salt
18:53 pipps joined #salt
18:57 omie888777 joined #salt
18:58 squishypebble joined #salt
19:02 Rumbles joined #salt
19:02 aldevar joined #salt
19:07 wavded joined #salt
19:09 tapoxi joined #salt
19:11 csmule joined #salt
19:15 pipps joined #salt
19:15 pipps joined #salt
19:16 sh123124213 joined #salt
19:16 bushelofsilicon bildz: I was told you can't run a state from a reactor sls, though since the docs seems to say otherwise I tried my hardest https://docs.saltstack.com/en/latest/topics/reactor/#mapping-events-to-reactor-sls-files
19:19 bushelofsilicon bildz: but I never got it to work, I only got it to work by using orchestration, which just ends up adding another depth level ( from reactor sls to orchestration sls which then runs the state)
19:19 pbandark hi.. i am writing custom execution module. in the file, i am using `credential_file = __pillar__.get('google_application_credentials_file')` to fetch pillar data. but it seems its unable to get the pillar data and hence, "__virtual__" is set to false. and utimately the module is not usable. can anyone help me to understand what mistake i have made. https://paste.fedoraproject.org/paste/Hn3DeGPHNizbg-FUPsujRg
19:19 JawnAuz Is there a state version of the win_task module? Looking and seem to be missing it...
19:27 JawnAuz pbandark, when you run the module are you also able to get the same pillar.items result from the target machine as you do from the Master?
19:28 pbandark JawnAuz: as of now the target is the same master
19:28 pbandark and i am able to see pillar data using `pillar.items`
19:30 oida joined #salt
19:32 taaperotassu joined #salt
19:33 obscuras joined #salt
19:35 pipps joined #salt
19:35 nixjdm joined #salt
19:38 omie888777 joined #salt
19:44 johnj_ joined #salt
19:45 DammitJim joined #salt
19:50 swa_work joined #salt
19:56 Muir joined #salt
19:59 DammitJim how do I do a list of a list in pillar?
19:59 seeg bushelofsilicon, yes, in fact I am creating a custom state module. i configure bunch of docker stuff with one simple to add module -- as we have lots and lots of similar deployments and for me it's just a change of couple of parameters with that module. but i do keep around 7 config files which need to be adjusted dynamically based on state's parameters so i render them using jinja. but the template definition itself -- i'd like to kee
19:59 seeg p that in some separate file it's just i don't know how to open it from the salt module file? will salt stack send over the data files along with state definition to the target machine?
19:59 DammitJim so, something like [[hi, 8],[bye, 9],[hi, 10], [bye, 11]]
20:14 bushelofsilicon DammitJim: it looks like this is how you do it in yaml https://gist.github.com/anonymous/eddaa03aea908419692a17accdbed205
20:15 DammitJim thanks, I think I actually figured it out
20:20 oida_ joined #salt
20:24 grendelson joined #salt
20:25 schasi joined #salt
20:25 lordcirth_work joined #salt
20:27 DammitJim bushelofsilicon, man, why does that look so ugly? LOL
20:28 Muir joined #salt
20:29 pipps joined #salt
20:29 grendelson Running salt-2016.11.7-1 rhel6    I just hit a bug in openssh Comment: check_cmd execution failed and I foudn the issue at salt - but fix#42411 seems to have fixed it - I don't see this fix in 2016.11 though :(
20:29 grendelson Is there an easy way to update the /usr/lib/python2.6/site-packages/salt/states/file.py?
20:30 obscuras Update to 2017.7?
20:31 pipps99 joined #salt
20:31 grendelson obscuras: I wish I could right now - but we are frozen on 2016.11 right now - Just got salt implemetned everywhere and started using it....
20:32 bushelofsilicon grendelson: maybe it's possible to make a custom state module based on the version with the fix?
20:32 grendelson tryign to use it as mush as I can - started locking down linux servers with better user mgt , root passwd , now trying to lock down openssh and ran into this issue... Wa really happy I saw the fix!   Sad when I didn't see it pushed to 2016.11 :( and I'm on a
20:32 grendelson bushelofsilicon: I'm pretty new salt and formulas - I'm not sure how to so what you said....
20:34 nixjdm joined #salt
20:34 obscuras Also, depending on where the fix needs to be (not sure if it runs on master or minion), you can upgrade the server and it can talk to the older minions.
20:34 bushelofsilicon grendelson: I haven't done it before either, but I think it would be useful, because that kind of things happens often
20:34 grendelson bushelofsilicon: If i'm stretching I think you mean a state accessible via my gitfs pointing a salt repo from version 17.X that has the fix?
20:35 grendelson obscuras: Yeah I ran into a LOT of trouble when I tried to run 2016.11 master against 2017.X minions - so I froze all the minions at 2016.11 ( using pkg mgt on the servers)
20:35 grendelson I tried months ago to upgrade Master to 2017 ( vm ) but when I did it failed to start and I didn't have time to upgrade....
20:36 obscuras You definitely can't go the other way around:  the master can't be older than the minions.  But the minions can (generally) be older than the master.
20:36 grendelson so before I tackle that again ( upgrade the master) I was hoping to fix this chk_cmd so I can finish the sshd setup on a LOT of servers...
20:36 obscuras I think you'll spend more time hacking around chk_cmd than you will solving the upgrade problem.
20:37 obscuras 2017.7.1 has the fix.
20:37 bushelofsilicon grendelson: Well, I would just copy the code from the newer version with the fix and add it to your custom states and modules, depends what else it depends on I guess
20:37 JawnAuz I get a "sls not formed as a list" when I try to run this: https://gist.github.com/anonymous/37ee0fd5f85a486e93ac248dfce45696 -- How is it not a list?
20:37 bushelofsilicon I've been waiting for 2017.7.2 for my fix :(
20:38 JawnAuz I'm waiting for ~.7.2 to fix Chocolatey. :(
20:38 grendelson bushelofsilicon: That was honestly my first thought - the "fix" is relatively small - an enxtra check or 2 - so I thought to copy into my file.py but I cna't even find the same bracketting code - SO I figured 2016.11 and 2017 are diff enough I can't do that ...
20:38 bushelofsilicon JawnAuz: exactly!
20:40 SaucyElf joined #salt
20:40 bushelofsilicon grendelson: yeah trying it across versions like that would be tough. You would have to know enough to be able to see what the fix was and then know how to implement it in your version
20:41 grendelson bushelofsilicon: I think I'm geting a picture - I'f I put the 17.7 version of file.py in my states/ folder in my gitlabrepo/salt/states then salt shoudl use IT instead of the local one for check_cmd?
20:42 grendelson IF IT requires something that 2016.11 is missing it will error then...
20:43 JawnAuz Just don't forget it's there when you do get the master upgraded. :)
20:43 obscuras JawnAuz: you might need more indentation.  YAML sucks.
20:43 grendelson JawnAuz: Yeah that could quickly get Crazy
20:43 JawnAuz obscuras, will try that.
20:43 bushelofsilicon bushelofsilicon: I would not want to replace it, but make it a custom model with a different name
20:44 bushelofsilicon oh my
20:44 bushelofsilicon lol
20:44 obscuras also, those are key/value pairs, so it might think it's a dictionary (kwargs)?
20:44 bushelofsilicon I meant grendelson, haha
20:45 grendelson bushelofsilicon: that is waht I don't really get.   is I named the file "foo.py' in states how do I get it to be used in place of file.py - I guess that's the part I' confiused about
20:45 bushelofsilicon JawnAuz: I get the feeling this is from the docs that have an error in the syntax
20:45 johnj_ joined #salt
20:46 JawnAuz Yeah, I'm using this: https://docs.saltstack.com/en/latest/ref/states/all/salt.states.module.html
20:46 JawnAuz Check the create task just down from the top.
20:50 AK2017 joined #salt
20:50 csmule Ouch, my hanging salt master to AWS was due to the MTU on my salt master.
20:51 bushelofsilicon JawnAuz: yeah I remember someone else was asking about that last week, maybe the docs are supposed to be write but the implementation in the code is wrong
20:53 wavded joined #salt
20:56 pbandark hi.. there are few functions which are only available in salt-cloud but there is not execution/state module for the same. is it possible to make use of those function in state file?
20:56 bildz csmule: ouch fragmentation
20:57 pbandark for ex. "create_network"
20:57 csmule bildz: Yeah it was driving me nuts, because it would work in some cases.  I should've known, any unexplained "hanging" with no errors is often an mtu issue.
20:57 csmule especially going to/from AWS from an outside data center.
20:57 bildz a packet dump is also handy
20:58 bushelofsilicon grendelson: you would have to use foo.managed, etc, idk it seems unlikely to work in your situation
21:00 ProT-0-TypE joined #salt
21:01 grendelson bushelofsilicon: Yeah that seems scarier than just trying to upgrade again to 2017.7 ;0
21:01 bushelofsilicon JawnAuz: sorry, I don't remember what the answer was, haha
21:01 grendelson I can try commention out the check_cmd code - that is what some folks did before a fix was entered....
21:01 JawnAuz bushelofsilicon, Yeah, still trying some alternate layouts for the data. Definitely weird. Will post working gist when I get it.
21:01 grendelson I'm using slat in a very limited way so no chance of it running something when I' not manually doing it....
21:02 Vaelatern joined #salt
21:05 sh123124213 joined #salt
21:18 JawnAuz So this runs as a valid SLS of task.create_task: https://gist.github.com/anonymous/0f21aca219cd6f7ec57c47d7fe481751
21:18 JawnAuz My task appears, but with a blank trigger window, so my kwargs aren't all getting set but it's progress!
21:20 xet7 joined #salt
21:25 schasi joined #salt
21:34 Edgan joined #salt
21:34 nixjdm joined #salt
21:37 cyteen joined #salt
21:41 ponyofdeath joined #salt
21:44 wavded joined #salt
21:45 J0hnSteel joined #salt
21:46 johnj_ joined #salt
21:52 colegatron joined #salt
21:54 btorch has anyone seen this ? https://pastebin.ca/3882678 before
21:54 btorch it's weird cause I have 8 boxes with that issue but other boxes with the same ubuntu release and same salt release working just fine
21:55 btorch and the minion configs are identical with exception of the log_level params that I just added to one
22:10 mechleg btorch: not 100% sure, but do you need a space after log_level: and log_level_logfile?  from your error it looks like it cannot parse the master list
22:11 pbandark1 joined #salt
22:11 btorch mechleg: without the space is fine and yes it's giving me issues with the master list but shouldn't be
22:11 btorch kind of weird
22:26 lkolstad joined #salt
22:31 ibro joined #salt
22:34 nixjdm joined #salt
22:40 heaje joined #salt
22:43 stanchan joined #salt
22:43 smead joined #salt
22:44 lkolstad joined #salt
22:47 johnj_ joined #salt
22:54 pipps joined #salt
22:57 schasi joined #salt
22:59 Rumbles joined #salt
23:01 pipps joined #salt
23:03 pipps joined #salt
23:32 shadoxx joined #salt
23:47 shadoxx joined #salt
23:48 johnj_ joined #salt
23:52 sarcasticadmin joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary