Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2018-04-04

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:00 onslack joined #salt
00:05 schemanic is anyone here? suddenly people dropped out
00:21 cisco76254R joined #salt
00:46 zerocoolback joined #salt
01:00 DanyC joined #salt
01:12 copyto joined #salt
01:12 zerocoolback joined #salt
01:24 curio_casual joined #salt
01:24 copyto left #salt
01:29 cisco76254R joined #salt
01:35 thelocehiliosan joined #salt
01:57 ilbot3 joined #salt
01:57 Topic for #salt is now Welcome to #salt! <+> Latest Versions: 2017.7.5, 2018.3.0 <+> Support: https://www.saltstack.com/support/ <+> Logs: http://irclog.perlgeek.de/salt/ <+> Paste: https://gist.github.com/ <+> See also: #salt-devel, #salt-offtopic, and https://saltstackcommunity.herokuapp.com (for slack) <+> We are volunteers and may not have immediate answers
02:00 shiranaihito joined #salt
02:07 StreetOwl joined #salt
02:10 justanotheruser joined #salt
02:12 justanotheruser joined #salt
02:20 tiwula joined #salt
02:21 StreetOwl left #salt
02:29 noobiedubie joined #salt
02:38 Sokel joined #salt
02:39 Sokel On 2018.3.0, the API is no longer functional. When I attempt a login, it hangs. If I attempt to perform a command, I get a 401 telling me to see authorization schemes. Was there a change to the API that requires reconfiguration?
02:43 hrumph joined #salt
03:03 DanyC joined #salt
03:12 thelocehiliosan joined #salt
03:20 thelocehiliosan joined #salt
03:28 ddg joined #salt
03:49 ddg joined #salt
04:02 rawzone joined #salt
04:05 DanyC joined #salt
04:06 thelocehiliosan joined #salt
04:08 justanotheruser joined #salt
04:09 justanotheruser joined #salt
04:12 gmoro_ joined #salt
04:13 aruns joined #salt
04:18 ddg joined #salt
04:26 zerocoolback joined #salt
04:26 zerocoo__ joined #salt
04:53 thelocehiliosan joined #salt
04:54 evle2 joined #salt
05:06 DanyC joined #salt
05:07 Hybrid joined #salt
05:25 thelocehiliosan joined #salt
05:27 Hybrid joined #salt
05:41 Yoda-BZH` left #salt
05:42 rcvu joined #salt
05:44 marwel narf...did the update to 2018.3.0 and now my ipv6 only minions think, that they are multimaster...deleting the pubkey of the master did not work...deleting the minion key along at least showed me that they are connection...salt-key -L showed them up...but after accepting the new key...it still thinks it is a multimaster setup
05:47 marwel s/connection/connecting/
06:00 inire joined #salt
06:06 DanyC joined #salt
06:42 cewood joined #salt
07:04 DanyC joined #salt
07:07 aruns__ joined #salt
07:10 DanyC joined #salt
07:20 darioleidi joined #salt
07:24 cmbrnt joined #salt
07:29 aldevar joined #salt
07:30 Pjusur joined #salt
07:35 DanyC joined #salt
07:36 aldevar left #salt
07:38 tyx joined #salt
07:46 aldevar joined #salt
07:46 dobby2 joined #salt
07:55 aanriot joined #salt
08:05 DanyC joined #salt
08:12 LeProvokateur joined #salt
08:15 mikecmpbll joined #salt
08:38 indistylo joined #salt
08:50 onslack <msmith> schemanic: pretty close, yes. in summary the minion asks the master for it's pillar and the master then collates all the pillar data using the minion's specific grains and details. in contrast, states are rendered on individual minions
08:52 oida joined #salt
08:55 dobby2 joined #salt
08:58 AssPirate joined #salt
08:59 darioleidi joined #salt
08:59 CrummyGummy joined #salt
09:01 beta joined #salt
09:11 aruns joined #salt
09:11 oida joined #salt
09:20 torvald joined #salt
09:25 xet7 joined #salt
09:26 zerocoolback joined #salt
09:29 xet7 joined #salt
09:56 hrumph joined #salt
10:07 hrumph_ joined #salt
10:07 dh__ joined #salt
10:07 nomad_fr_ joined #salt
10:08 dem joined #salt
10:09 chamunks- joined #salt
10:09 wryfi_ joined #salt
10:10 jrklein_ joined #salt
10:10 karlthane_ joined #salt
10:10 Udkkna_ joined #salt
10:10 canci_ joined #salt
10:10 GMsoft_ joined #salt
10:11 cswang_ joined #salt
10:11 upb joined #salt
10:11 rcvu_ joined #salt
10:11 cmbrnt_ joined #salt
10:11 darvon_ joined #salt
10:11 Hipikat_ joined #salt
10:11 copec_ joined #salt
10:13 heaje_ joined #salt
10:14 Vaelatern_ joined #salt
10:14 hop_ joined #salt
10:14 exarkun_ joined #salt
10:14 swa_mobil joined #salt
10:14 LeProvokateur_ joined #salt
10:14 stewgoin- joined #salt
10:14 k1412 joined #salt
10:15 davisj_ joined #salt
10:16 cliluw joined #salt
10:16 KevinAn275773 joined #salt
10:17 ksa joined #salt
10:17 major joined #salt
10:18 Guest66150 joined #salt
10:18 pppingme joined #salt
10:18 mavhq joined #salt
10:19 sjorge joined #salt
10:20 Freeaqingme joined #salt
10:21 buumi joined #salt
10:22 monokrome joined #salt
10:22 AvengerMoJo joined #salt
10:22 lkthomas joined #salt
10:22 peters-tx joined #salt
10:22 dobby2 joined #salt
10:23 flexd joined #salt
10:24 ingy joined #salt
10:24 Bitterman joined #salt
10:24 cisco76254R joined #salt
10:25 darioleidi joined #salt
10:26 nledez joined #salt
10:26 sayyid9001 joined #salt
10:27 ProT-0-TypE joined #salt
10:29 Freeaqingme joined #salt
10:30 sayyid9002 joined #salt
10:33 nledez joined #salt
10:40 Freeaqingme joined #salt
10:45 cmbrnt_ left #salt
10:45 sayyid9003 joined #salt
10:45 sayyid9002 joined #salt
10:46 cmbrnt joined #salt
10:47 nledez joined #salt
10:55 darioleidi joined #salt
10:56 aldevar joined #salt
10:58 dh joined #salt
10:58 dobby2 joined #salt
11:11 gmoro joined #salt
11:15 aldevar joined #salt
11:21 deuscapturus joined #salt
11:25 exarkun_ left #salt
11:26 exarkun joined #salt
11:33 zerocoolback joined #salt
11:37 Bjoern__ joined #salt
11:50 Bjoern__ joined #salt
11:53 averell joined #salt
11:54 bjoern__ joined #salt
12:03 bjoern__ left #salt
12:04 thelocehiliosan joined #salt
12:11 bjoern__ joined #salt
12:17 bjoern__ Well... Someone may have an answer right by their fingertips, so here goes...
12:17 bjoern__ How do I get the system to call salt-call with another configuration directory.
12:17 bjoern__ Right now, whatever I do, the salt-call command is always called with the option "-c /etc/salt".
12:17 bjoern__ And I need it to point to a sub directory e.g.: "-c /etc/salt/subdir".
12:18 onslack <msmith> is this masterless?
12:18 bjoern__ No, it's with a master.
12:18 bjoern__ We have multiple minions, that's why we need to separate them.
12:19 onslack <msmith> fair enough. well salt-call is the cli interface, so just pass -c
12:20 bjoern__ That's what I'm trying to do... I can't get the salt-minion to pass the "-c <subdir>" to the "salt-call" command.
12:20 onslack <msmith> salt-minion is a different interface, and it doesn't use salt-call
12:20 bjoern__ We are running salt-minion as an unprivileged user, then set up a sudo_user in the minion config.
12:21 bjoern__ In that situation, salt-minion calls salt-call.
12:23 onslack <msmith> ah well in that case i'm not sure, as i haven't seen anyone discuss this scenario before
12:24 bjoern__ We have a bit of an security issue, so we need to execute salt-minion as an unprivileged user. We have created an user "saltadm" to do this.
12:25 bjoern__ Then we set sudo_user to root, which makes the salt-minion execute everything by calling salt-call as a sudo command.
12:26 bjoern__ Unfortunately, even though we have configured the minion to use a subdirectory as config_dir, and set all manner of variables, the salt-minion insists on calling salt-call with the "-c /etc/salt" parameter, and not the sub directory.
12:30 onslack <msmith> sounds like a bug, have you looked for an existing issue?
12:30 bjoern__ I've tried... Nothing I search on looks promising.
12:32 Hybrid joined #salt
12:33 gforgx joined #salt
12:33 ProT-0-TypE joined #salt
12:35 onslack <msmith> then you should open a new issue and describe your problem
12:36 bjoern__ I'll search a bit more before doing so... Thanks for the try.
12:39 gforgx Hi everyone! I experience strange problem with salt/net.cli. Instead of showing "sh ver" output it shows ARP table. Does anybody have some clue?
12:40 gforgx Details here: https://gist.github.com/gforg-x/9c189c2ef53e4c1aafb1629f68dad48e
12:48 gforgx Restarting minion did the job, however. Seems to be some output buffering issue.
13:04 hooksie1_ joined #salt
13:15 cisco76254R left #salt
13:16 deuscapturus joined #salt
13:17 jasperla left #salt
13:21 edrocks joined #salt
13:26 thelocehiliosan joined #salt
13:34 MTecknology What security is gained by salt-minion running as a non-root user and elevating every command w/ sudo salt-call?
13:35 MTecknology I understand running the master as non-root, but I struggle to see any value for the minion.
13:40 MTecknology gforgx: does anything change if you type out the full command?
13:44 englishm_work joined #salt
13:47 btorch joined #salt
13:48 btorch how does one use --out=key ? I'm running cmd.script and I only want to collect what is coming back on stdout
13:52 alex-zel joined #salt
13:52 chowmein__ joined #salt
13:53 alex-zel is it possible to save the output of a execution function during orchestration and then use it in another function?
13:53 gforgx MTecknology, nope, but now it started to return MAC address table instead of ARP table on show version... :) Looks like some buffering/caching related to mines. Trying to check IOS config as well. Another device running same IOS version is queriable ok with salt.
13:53 alex-zel for instance, I want to create a volume in EC2, save that volumes ID and attach it to instances created later in the orchestration
13:54 onslack <msmith> alex-zel: take a look at the brand new "slots" functionality that's just been released
13:54 onslack <msmith> that _might_ do what you're looking for
13:54 __peke__ joined #salt
13:55 KyleG joined #salt
13:55 KyleG joined #salt
13:55 alex-zel from what I understand about slots, I can use them to get a value right before a module is executed, but can I use them to save data after a module has executed?
13:56 onslack <msmith> i was under the impression that's exactly how the value gets there in the first place, yes :)
13:57 averell joined #salt
13:58 gforgx MTecknology, I seem to have this fixed by increasing mine_interval. Probably setting it to 1 initially was really a bad idea.
13:59 tyx joined #salt
13:59 racooper joined #salt
14:00 onslack <msmith> hmm, that's not what i expected
14:00 mikecmpb_ joined #salt
14:00 onslack <msmith> it looks like slots can be used in minion states but there's no mention of orchestration
14:01 alex-zel I can't find any example on how to store values in slots
14:01 onslack <msmith> i suppose you could use the slot to call your current function and put the value out in sdb
14:02 onslack <msmith> then in the other state you use slots again to read the value back from sdb
14:02 alex-zel only thing I can find is example "__slot__:salt:test.echo(text=/tmp/some_file)" but this does not store the value
14:02 onslack <msmith> (substitute for your preferred $storage)
14:03 onslack <msmith> the slot itself is written using this syntax, that's why i suggested $storage
14:03 MTecknology alex-zel: you might be interested in thorium
14:04 * onslack <msmith> looks
14:04 ThomasJ joined #salt
14:06 MTecknology rt time.. afk
14:08 tru_tru joined #salt
14:09 copec joined #salt
14:09 onslack <msmith> nice
14:21 alex-zel so from my understanding salt slots don't actually store any data, they simply call a function and return it's return value
14:21 onslack <msmith> looks like it, yes
14:21 alex-zel and if I want to use that value again later I need to call that function again
14:22 alex-zel but what if that function is part of the state run?
14:23 onslack <msmith> it's very new so there aren't that many examples out there, much less people having talked about using it
14:24 alex-zel with jinja I can do {% set foo = bar %} and use that var again multiple times, but jinja is rendered before state execution so some values might not be present
14:26 alex-zel I was hoping slots will have the same functionality as Ansible registers (http://docs.ansible.com/ansible/latest/user_guide/playbooks_variables.html#registered-variables)
14:29 onslack <msmith> i think that's more what thorium is for
14:31 alex-zel another question, can I run cloud modules/functions in orchestration?
14:32 cgiroua joined #salt
14:32 onslack <msmith> if it's an execution module or a state module then sure
14:32 theloceh1liosan joined #salt
14:33 alex-zel I'm talking about something like this "salt-cloud -f create_volume ec2 zone=us-east-1b size=10"
14:43 mikecmpbll joined #salt
14:47 onslack <msmith> if you can do it using the cloud module instead then sure
14:47 Sokel left #salt
14:48 noobiedubie joined #salt
14:48 onslack <msmith> or convert the runner syntax
14:48 noobiedubie hi all need some help with some minions that are not making the transition to 2018.3.0.
14:50 dkehn joined #salt
14:50 noobiedubie On some of my minions I keep getting the The Salt Master server's public key did not authenticate! error even after completely deleing and accepting the new key on the master
14:50 onslack <msmith> has the master's fingerprint changed?
14:51 noobiedubie I've checked the the master is running 2018.3.0 and some minions work with no issues
14:51 deuscapturus joined #salt
14:51 dkehn joined #salt
14:51 noobiedubie not that I'm aware of just a yum update and a restart of the service
14:52 noobiedubie wait sorry fingerprint?
14:52 onslack <msmith> the only time i've seen key authentication errors was when the master had both an accepted and denied/rejected key
14:52 noobiedubie thought you meant keys
14:52 onslack <msmith> yes, the minion's config contains a copy of the master's fingerprint
14:52 averell joined #salt
14:53 onslack <msmith> <https://docs.saltstack.com/en/latest/ref/configuration/minion.html#master-finger>
14:53 noobiedubie wasn't aware of this we just use the master: ip directive
14:53 onslack <msmith> maybe you don't use it
14:54 hooksie1 joined #salt
14:54 noobiedubie yeah no we don't
14:55 onslack <msmith> on all minions? is it worth confirming that it's not been set, specifically on a minion that's failing? :)
14:55 noobiedubie just weird that some authenticate to the master no problem and some don't minion configs are identical of all minions with obvious unique values like id and such
14:55 nbari joined #salt
14:55 noobiedubie yeah no I just did just to make sure
14:55 onslack <msmith> our minions have identical config, with the id in /etc/salt/minion_id
14:55 nbari hi all, I want to comment a line on /etc/fstab, currently using - regex: "^/dev/vdb1" but if for some reasons the line doest'nt exist I get ann Failed status: Pattern not found
14:56 nbari I am giving a try to file.comment, because file.line mode= delete for some reasons not working with regex/match '^/dev/vdb1' in my case
14:56 nbari any ideas ?
14:56 noobiedubie yeah we use the id: in the minion config itself
14:57 onslack <msmith> noobiedubie: try stopping a minion, removing the key and verifying that no other entries exist as reported by: salt-key -L
14:57 onslack <msmith> there may be more than one
14:57 noobiedubie will do one sec
14:57 onslack <msmith> nbari: is that using file.replace?
14:57 nbari file.comment/file.line
14:57 onslack <msmith> try file.replace instead
14:58 nbari ok let me give a try
14:58 ponyofdeath joined #salt
14:58 nbari you mean mode: replace
14:58 nbari or file.replace ?
14:59 onslack <msmith> file.replace
15:01 nbari thanks that's working :-)
15:01 noobiedubie nope that wasn't it
15:01 hooksie1 joined #salt
15:02 onslack <msmith> so there are no other copies of that minion id with the minion stopped?
15:02 dezertol joined #salt
15:02 onslack <msmith> it's the stopped bit that's important
15:04 onslack <msmith> otherwise the minion will try to reconnect and the id will be resent and we're trying to avoid that while diagnosing
15:05 noobiedubie yup
15:05 noobiedubie no made sure no keys at all
15:05 onslack <msmith> for everything or just this minion? :)
15:05 onslack <msmith> and are you removing them using salt-key or by deleting the key files in /var ?
15:06 noobiedubie its not just this minion but it seems to be split half the minions are fine and updated the others have the same complaint
15:06 noobiedubie salt-key
15:06 noobiedubie can't find the difference or what's causing the issue
15:08 onslack <msmith> at worst you could try uninstalling the minion, deleting /etc/salt and /var/{cache,log,run}/salt, reinstall from scratch and see if that makes any difference
15:08 onslack <msmith> if it doesn't then it's not the minion :D
15:12 dkehn joined #salt
15:19 dkehn_ joined #salt
15:33 LeProvokateur joined #salt
15:39 DanyC joined #salt
15:46 rcvu joined #salt
15:47 pattrickablack joined #salt
15:48 rcvu joined #salt
15:48 inad922 joined #salt
15:49 peters-tx MTecknology, I installed a clean RHEL7 VM, installed the Minion 2018* and it works w/o any errors, so I'm going to have to dig through my environment and figure out what is broken 8/
15:51 rcvu joined #salt
15:55 DanyC_ joined #salt
15:55 nbari when using file.replace:
15:55 nbari how to repl (delete full line) ?
15:58 onslack <msmith> i'm not sure you can, that's not what file.replace is intended for
15:59 onslack <msmith> you may want to consider whether to manage the entire file, or perhaps a defined block
16:03 tiwula joined #salt
16:08 lane_ joined #salt
16:08 DanyC joined #salt
16:09 babilen nbari: Just match from the start of the line to the end and include the newline
16:09 sauvin joined #salt
16:23 inad922 joined #salt
16:24 noobiedubie ok so narrowed it down to the minion rejecting or not authenicating the master public key despite them both being identical master.pem and minon_master.pem (minion)
16:29 noobiedubie is there a way to manually do the authentication to see why exactly it is failing?
16:34 onslack <msmith> run salt-minion interactively with -l all and walk through the logs?
16:34 tasty joined #salt
16:34 noobiedubie that's what I did to find this
16:34 noobiedubie goes from [DEBUG   ] salt.crypt.get_rsa_pub_key: Loading public key
16:35 noobiedubie to the salt-master key not authenticating error with no other explanation or command that it's running
16:38 onslack <msmith> could you post a gist of the entire log?
16:38 onslack <msmith> *minion log
16:43 hrumph_ joined #salt
16:46 noobiedubie https://paste.debian.net/1018526/
16:48 noobiedubie truely don't understand why some minions are fine and others are hard failing
16:48 MTecknology What else would you expect it to spit out at that point?
16:48 noobiedubie is there a new library depends for crypto?
16:48 noobiedubie or a certain version of a library needed?
16:49 MTecknology As far as salt can tell, the keys are incorrect. If they /are/ correct it wants you to clear it's local cache and tells you how.
16:49 noobiedubie yeah I've done that multiple times even clean reinstall of minion
16:49 noobiedubie accept new keys on master but gives same error
16:50 noobiedubie wipe /var/cache/salt /var/run/salt as well
16:50 noobiedubie tried all the usual tricks
16:50 noobiedubie and verified master is running 2018.3.0 and the master.pub matches minion_master.pub on minion
16:51 eekrano joined #salt
16:52 noobiedubie again this was working on all minions last night before update nothing has changed other than the salt version as far as I know
16:53 noobiedubie now some minions just fail at the key auth step and some don't, all were installed the same way and pull from salt-latest repo
16:53 MTecknology You could try to step through what's going on with pdb/pudb..
16:53 noobiedubie minion configs are the same on all and master keys and/or config hasn;t changed either
16:53 MTecknology what does salt-call --versions-report show for the minion and master?
16:53 noobiedubie sure
16:53 noobiedubie one sec
16:57 noobiedubie Minion: https://paste.debian.net/hidden/1b60b369/
16:58 noobiedubie Master: https://paste.debian.net/hidden/2cbb8e91/
16:59 copec What is the best way to manage local grains on the minion (ie /etc/salt/grains) with a salt state?  I am using pillar data to managed the desired install of an application with what components, and I want to use grains to specify that the installer has been run
16:59 copec with the selection of those components
17:01 lane_ joined #salt
17:01 noobiedubie MT how do I step through pdb/pudb
17:03 Vaelatern_ left #salt
17:05 MTecknology noobiedubie: hint- m, t, <tab>
17:05 MTecknology I think both accept '?' to get a list of available commands.
17:06 noobiedubie ? those are commands?
17:06 noobiedubie i don't have those
17:14 edrocks joined #salt
17:14 eekrano joined #salt
17:21 JAuz joined #salt
17:26 copec In answer to my own question: https://docs.saltstack.com/en/latest/ref/states/all/salt.states.file.html#salt.states.file.serialize
17:33 _val_ joined #salt
17:33 _val_ joined #salt
17:34 zerocoolback joined #salt
17:36 adriano joined #salt
17:36 aldevar joined #salt
17:39 eseyman joined #salt
17:41 alvinstarr joined #salt
17:43 eekrano joined #salt
17:46 edrocks joined #salt
17:47 whytewolf copec: https://docs.saltstack.com/en/latest/ref/states/all/salt.states.grains.html might be better as it also updates the grains with out having to touch the file directly.
17:48 copec oh, nice!
17:52 copec I can also use an unless with grains.exist it looks like
17:52 schemanic joined #salt
17:52 copec ty whytewolf
17:52 whytewolf np
17:53 noobiedubie OMG it was m2crypto
17:53 MTecknology ouch..
17:53 schemanic Hello. I can't get a pillar to update
17:54 schemanic It's over gitfs. I've pushed a whole bunch. It wont update even when I run this: salt-run fileserver.update && salt '*' saltutil.sync_all && salt '*' saltutil.refresh_pillar
17:54 whytewolf ...
17:55 whytewolf salt-run git_pillar.update
17:55 whytewolf not fileserver.update
17:55 schemanic fileserver.update is to make sure my changes to gitfs formulas get pulled in
17:56 whytewolf the only role gitfs has in pillar. is that git_pillar uses some of the same code. and if you have pillar modules in gitfs
17:57 whytewolf also add salt-run saltutil.sync_all to that command
17:57 schemanic is it possible to call multiple functions like fileserver.update or saltutil.refresh_pillar?
17:57 schemanic there already is one
17:58 whytewolf no, there is a salt '*' saltutil.sync_all not a salt-run saltutil.sync_all
17:58 schemanic I see
17:58 schemanic what is the difference?
17:58 whytewolf salt-run is master side. salt '*' pushes to minions
18:00 whytewolf or, just use this orchestration https://github.com/whytewolf/salt-phase0-orch/blob/master/orch/sys/salt/update.sls
18:01 whytewolf humm, i should change the order of that a little bit.
18:04 gforgx joined #salt
18:04 schemanic I see. I'm not using orchestration presently, but I'll look into that
18:05 schemanic How does orchestration work with gitfs? You just define it as another remote and call the orch state via state.orchestrate?
18:05 eekrano joined #salt
18:05 whytewolf yes
18:13 edrocks joined #salt
18:19 spiette joined #salt
18:25 vali joined #salt
18:33 ymasson joined #salt
18:37 heaje joined #salt
18:42 nickadam joined #salt
18:55 Nahual joined #salt
18:58 Nahual So, the 2018.3.0 cut, unicode decoding seems to be broken for contents_pillar and a GPG key. Any workaround?
19:01 babilen py2 or py3?
19:02 babilen And you might want to report that on https://github.com/saltstack/salt/issues
19:03 Nahual Seems something similar was reported. https://github.com/saltstack/salt/issues/46672
19:03 Nahual py2, RHEL 7.
19:04 Nahual I tried setting !!binary specifically but YAML is expecting base64 encode, tried encoding_errors: ignore but that also did not work. Only affects my two GPG keys.
19:04 babilen https://github.com/saltstack/salt/issues/46859 ?
19:05 babilen That one might be specific to python-ldap though
19:06 Nahual Similar issue. Was working in 2017.7.4.
19:06 babilen I'd report your problem right away, that way it's more likely that a fix makes it into .1
19:06 Nahual Can do.
19:07 babilen Cheers!
19:07 babilen Just for giggles: Try it with the py3 packages .. unicode handling is decidedly different on both Python versions
19:13 Nahual Not mirroring that in at the moment. Going forward should we facilitate a forced change to the py3 packages?
19:19 babilen They should behave differently in regards to unicode handling .. not saying that it works, but the safe option is probably to wait for .1 and to downgrade to 2017.7.4 at the time being
19:19 babilen Simply another troubleshooting datapoint
19:20 Nahual I agree. I am writing up the issue now.
19:23 Freeaqingme joined #salt
19:24 rivyn joined #salt
19:25 rivyn I'm trying to figure out how to get requisites working such that in the following SLS, the "systemd_configuration" state only applies if the database_setup state actually did something:  https://ghostbin.com/paste/cbekj
19:25 rivyn I've tried require, watch, onchanges...nothing is working
19:26 zer0def rivyn: try `- file: database_setup` under `onchanges`
19:27 rivyn I did that first
19:27 zer0def so you mean `database_setup:cmd` or `database_setup:file`?
19:28 rivyn just tried again to confirm
19:28 rivyn https://ghostbin.com/paste/mn8fh
19:28 zer0def because in that case, that `- file: {{ jinja_here }}`, should become `- cmd: database_setup`
19:28 rivyn I don't really care, since they both have the same unless condition that prevents them from running when they shouldn't.
19:29 rivyn tried with cmd for kicks - same result
19:29 zer0def does `cmd` report changes? as in, is teal, instead of green?
19:29 rivyn no, see second paste.
19:30 rivyn the only teal is systemd_configuration's cmd.run
19:30 rivyn oh
19:30 rivyn I nede to duplicate the onchanges to the cmd.run in systemd_configuration, duh
19:30 zer0def that's why the directory isn't created - `onchanges` makes the state run only when it's dependency reports changes
19:30 zer0def or, well, file, whatever.
19:31 rivyn sorry for the nuisance
19:33 adriano_ joined #salt
19:38 TheBigNoob joined #salt
19:38 MTecknology What's the easiest way to take pillar data and feed it into a state?  net-{{ if_name }}: network.managed: {{ if_opts|json }}  feels a bit hacky.
19:39 TheBigNoob hey there folks, I have a question about the cmd.run state.  Is there anyway to look for certain stdout from the command to set wether or not the state has actually changed?
19:40 TheBigNoob for example I'm pulling docker containers from a registry, and I only want to restart them if a newer image has been pulled down
19:40 TheBigNoob right now cmd.run thinks that any pull, even if it's up to date, has changed (which makes sense in it's simplest form)
19:41 MTecknology Why would you have cmd.run running git pull?
19:42 TheBigNoob docker pull
19:42 babilen https://docs.saltstack.com/en/latest/ref/states/all/salt.states.docker_image.html#salt.states.docker_image.present ?
19:42 TheBigNoob yeah we can't update to the latest versions quite yet
19:43 TheBigNoob i'm using my own fork of the docker formula at the oment
19:43 TheBigNoob https://github.com/saltstack-formulas/docker-formula/blob/master/docker/containers.sls in a nutshell
19:51 whytewolf TheBigNoob: see https://docs.saltstack.com/en/latest/ref/states/all/salt.states.cmd.html#using-the-stateful-argument
19:54 whytewolf and if you are running a version of salt that doesn't have the stateful option for cmd.run ... there isn't anything we can do to help
19:55 zer0def MTecknology: your state looks concise, otherwise you'd probably be typing out a lot of boilerplate conditionals
19:59 TheBigNoob whytewolf, thank you! I had a feeling that's what I wanted
19:59 TheBigNoob and it's just barely in our version
20:00 whytewolf 0.0
20:03 eekrano joined #salt
20:06 Deadhand joined #salt
20:15 Deadhand joined #salt
20:26 gforgx joined #salt
20:38 ddg joined #salt
20:39 noobiedubie anyone run into an issue using the mysql.grants state in newest version? Passing database as {{ database }}.* per the docs tries to include the name of the database itself as a table and fails but does give permissions to the database
20:39 edrocks joined #salt
20:40 noobiedubie Failed to execute: "GRANT select, insert, update, alter, delete, drop ON directory.* TO directory@%" (MySQL Error 1146: Table '
20:40 noobiedubie directory.*' doesn't exist)
20:45 tyx joined #salt
20:53 sayyid9003 joined #salt
20:57 dobby2 joined #salt
21:00 rivyn Is there a way to assign the result of a cmd.run to a jinja variable?
21:06 MTecknology slots
21:11 rivyn ?
21:13 deuscapturus joined #salt
21:14 hemebond rivyn: It's some new thing that lets you capture the result of states and stuff.
21:14 hemebond But IMO you shouldn't be trying to do things that way.
21:14 rivyn is there an example available?
21:14 whytewolf https://docs.saltstack.com/en/develop/topics/slots/index.html
21:14 rivyn I'm running a curl command to call an API which gives me an IP address, then I need to use that IP address in following states.
21:15 rivyn need to add it to the network interface, add it to config files, etc.
21:15 * MTecknology agrees w/ hemebond
21:15 rivyn fine, then give me a better option
21:15 hemebond Sounds like orchestration or a script.
21:15 whytewolf i can see both the pros and cons for slots
21:15 shoogz joined #salt
21:16 MTecknology rivyn: write a custom module that can perform the query and return the result you're expecting.
21:16 mechleg left #salt
21:16 whytewolf rivyn: question everyone should be asking before even figuring if this is a state ... does this cmd.run actually need to be a state \
21:16 rivyn how would I write a custom module, and how would I return anything?
21:16 whytewolf is the ip it is getting there at the start of the run?
21:16 rivyn whytewolf: what else should it be?
21:16 rivyn no, it's generated when the API is called
21:18 whytewolf so. you do understand that jinja and done before any states are ran.
21:18 rivyn yeah, forgot that :/
21:18 rivyn what's the best way to accomplish what I'm trying to do?
21:18 whytewolf custom.module or slots.
21:19 rivyn example of whichever is better?
21:20 whytewolf https://docs.saltstack.com/en/latest/ref/modules/ <--- custom module writing, slots ---> https://docs.saltstack.com/en/develop/topics/slots/index.html
21:20 noobiedubie seems salt is adding the name of the database you pass it as a table when using the database.* directive
21:21 rivyn wow is that link complicated.
21:21 sayyid9003 joined #salt
21:22 whytewolf rivyn: you are talking about a complicated subject and expecting a simple answer
21:22 rivyn maybe I can just output the command output to a file, and read that in when needed from other cmd.run's instead of using other states
21:22 rivyn because my need is for a pretty simple thing
21:23 rivyn I just thought there would be some way of capturing a result and then using it somewhere else
21:23 rivyn some simple way
21:23 rivyn it seems like it would be a frequent need
21:23 whytewolf actually. it is pretty rare
21:24 rivyn that slots link doesn't have any examples
21:24 whytewolf rivyn: yes it does i'm looking at them right now
21:24 noobiedubie what about a mine.function
21:24 rivyn but I guess you guys think that's the wrong choice anyways
21:24 noobiedubie in a pillar
21:24 hemebond Hmm? There's an example at the bottom.
21:24 hemebond Does the IP change each time you request it?
21:24 noobiedubie you can call it in your state and save the output
21:25 rivyn there's "Here is a simple example:", but that doesn't really tell me crap
21:25 noobiedubie https://docs.saltstack.com/en/latest/topics/mine/#mine-functions
21:25 rivyn maybe if you are an advanced salt person it's all you need, but not for me
21:25 rivyn hemebond: I wouldn't request it more than once per server
21:25 hemebond rivyn: Agreed. It's brand new so most Salt users probably have no experience with it unfortunately.
21:26 hemebond Then noobiedubie has a good idea with the mine function I think.
21:26 hemebond Possibly easier than a custom module and should be fine if calling the API is non-destructive.
21:27 rivyn is there an example?
21:27 hemebond That's also assuming that calling the API is the only way to get the IP.
21:27 whytewolf if calling the api can happen before any of the states ran and it is non destructive ... could be done in jinja
21:28 hemebond ^
21:28 rivyn hemebond: we use a system to allocate IP addresses from our pool to hostnames - it has a GUI and can be a manual step that's a prerequisite to running the SLS which would then require it to be input via a pillar variable, but that's a pain
21:28 rivyn what do you mean by non-destructive?
21:28 hemebond I mean calling the API doesn't change anything.
21:28 rivyn the api method in question returns an IP for a hostname input - either creating it if it doesn't exist or returning the existing one if it does
21:28 MTecknology idempotent
21:29 hemebond ^
21:29 whytewolf does calling the api multiple times cause changes or result in different information
21:29 whytewolf ^^
21:29 rivyn it changes DNS
21:29 hemebond Calling the API changes DNS?
21:29 rivyn yes, it adds a dns entry
21:29 rivyn whytewolf: nope
21:29 hemebond It adds an entry for the host calling it?
21:29 rivyn whytewolf: if you call the same api method with the same arguments it will keep returning the same IP
21:30 rivyn hemebond: for the host input, slightly different.
21:30 hemebond Okay, but for all intents and purposes it will be the same each time it's called?
21:30 whytewolf will it add a new entry for each call even when given the same inputs?
21:30 rivyn hemebond: the hosts already have an IP and DNS name allocated, but when setting up a new cluster, I want a virtual IP that floats between the servers in the cluster
21:30 MTecknology heheh... could also write it as a custom grain
21:30 rivyn whytewolf: no.
21:30 whytewolf this sounds perfectly fine for jinja than
21:31 whytewolf unless something needs to happen in the states for it to work
21:31 hemebond Yeah, should work from Jinja.
21:31 rivyn so, back to my original question
21:31 rivyn is there a way to execute a command from jinja and assign the output to a variable?
21:31 whytewolf personally i wouldn't use cmd.run now that i know this is an api call
21:31 whytewolf https://gist.github.com/whytewolf/f6615c91c82586328a88a487f54ea8bb
21:31 hemebond {% myvar = salt.http.query(blah, blah) %} ?
21:32 whytewolf yeap exactly what i was thinking hemebond
21:32 hemebond 👍  nice example there
21:32 whytewolf although you forgot the set
21:32 rivyn the command I'm running, for reference, is curl --request GET --url "https://<blah blah>/api/env/1/get_ip/?hostname=<input>" --header "authorization: Basic ..."
21:32 MTecknology WOOHOO!! I just cleaned up my whitespace!! :D
21:32 hemebond Oh yeah, need the set.
21:32 hemebond MTecknology: Did you spill it?
21:33 mrueg joined #salt
21:33 MTecknology nope, I just didn't have enough of it and I was struggling to jinja-create it.
21:35 rivyn whytewolf: I'm not sure if http.query is sufficient - the result of the API call is json that needs the IP parsed out of it
21:35 rivyn that's why I was figuring I'd cmd.run a pretty simple wrapper script
21:36 whytewolf you mean it is data that can be easilly turned into a data structure that can be parsed in jinja ...
21:36 whytewolf ... yeah i can see that as a problem
21:36 whytewolf :P
21:37 rivyn ?
21:37 rivyn I'm all ears if there's a way to parse it out in jinja
21:37 MTecknology that made me chuckle :)
21:37 rivyn I'm glad you guys get chuckles from avoiding straightforward answers to people attempting to use your product :|
21:38 MTecknology such cranky..
21:38 hemebond rivyn: I think we're all just users.
21:38 rivyn it gets old
21:38 hemebond I'm having a look now. I've not had to do it before.
21:38 thelocehiliosan joined #salt
21:39 whytewolf rivyn: just tag |load_json onto the body and the json object will become a data object that you can view as a standard tree in jinja. such as using keys and values.
21:40 rivyn you mean like:  salt.http.query('https://api.ipify.org')['body|load_json']  ??
21:40 whytewolf so {% set json = salt.http.query(blah)['body'] | load_json %}
21:40 rivyn ok thanks
21:40 rivyn hmm I also need to pass in the authorization header
21:40 whytewolf ack put a space in i didn't mean to
21:41 rivyn there's a space that shouldn't be there?
21:41 whytewolf the one after | it should work with it i just don't like how it looks
21:42 rivyn I do... ;)  I always space-pad pipes in the shell
21:42 rivyn whytewolf: is there a way I can do http authentication with this?
21:42 whytewolf https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.http.html#salt.modules.http.query <- documentation for http.query
21:43 rivyn so, no?
21:43 whytewolf https://docs.saltstack.com/en/latest/topics/tutorials/http.html
21:43 whytewolf yes
21:43 whytewolf there is.
21:43 whytewolf read
21:43 rivyn I read the page, I don't see it
21:44 rivyn don't see anything about authentication or headers on that page
21:44 rivyn oh, the tutorials one
21:44 whytewolf look at the second page i posted also
21:44 whytewolf ok
21:44 rivyn sorry
21:44 rivyn salt.utils.http.query or salt.http.query?
21:44 whytewolf the first one is just for http module. which just calls the utils..http.query
21:44 whytewolf salt.http.query
21:45 rivyn ok...then why is it the other one on the tutorials page examples?
21:45 whytewolf because salt.utils.http.query is the root of ALL http queries in salt. it is the utils module that the http module uses.
21:46 whytewolf you can't call the utils module directly so you call the module that calls the utils module
21:46 rivyn ah, ok
21:46 ProT-0-TypE joined #salt
21:46 whytewolf thats why i posted both pages
21:46 whytewolf and was about to explain :P
22:01 rivyn whytewolf: the tutorials page mentions a header_list parameter, but does not indicate how it should be formatted?
22:02 rivyn it doesn't indicate the formatting of header_file or header_dict for that matter, either
22:02 whytewolf I would assume from the description it would be a list
22:02 rivyn a list of what?
22:02 whytewolf and header_file would be a file
22:02 rivyn I get that much
22:02 rivyn what would go in the file or list?
22:03 rivyn header_list='["authorization: Basic amF2ZWxpbi5zZXJ..."]'?
22:03 rivyn I'm just guessing in the dark
22:04 hemebond https://github.com/saltstack/salt/blob/develop/salt/utils/http.py#L284
22:04 hemebond Looks like "blah: val"
22:05 rivyn so as I typed it?
22:05 rivyn are square brackets used for a list in this context?
22:05 hemebond Yip
22:05 hemebond Yes. Just like Python
22:05 rivyn I'm not a python developer
22:05 hemebond Ah
22:06 hemebond Actually you don't need the quotes on the outside.
22:06 hemebond header_list=[]
22:06 rivyn ok, maybe that's why I'm getting errors still
22:07 rivyn still no dice
22:07 hemebond Paste your Jinja somewhere.
22:08 hemebond (gist or pastebin or something)
22:08 rivyn https://ghostbin.com/paste/j6h8s
22:08 rivyn the jinja is just one line included in that error output
22:09 rivyn oops I see an extra quote
22:09 hemebond yip. Also you have + instead of ~
22:09 rivyn what's wrong with +?
22:09 rivyn I use that all the time
22:09 hemebond Jinja2 uses ~ to concatenate strings.
22:09 rivyn I only use ~ if I need to concatenate a non-string to a string
22:10 hemebond Better to be consistent IMO.
22:10 rivyn + works fine for string + string
22:10 hemebond Sure does.
22:10 rivyn so what's the problem?
22:10 hemebond Inconsistent.
22:11 rivyn it's consistent with all my other SLS code at the moment
22:11 rivyn still doesn't work
22:11 rivyn failed: mapping values are not allowed here
22:11 whytewolf rivyn: basicly hemebond is saying you are useing ~ and + in the same line
22:11 hemebond Have you updated the paste?
22:11 rivyn whytewolf: yes, I do that everywhere
22:11 hemebond smack hand
22:11 rivyn I don't see why it's a problem
22:12 hemebond koz ai sed
22:12 hemebond New paste?
22:14 hemebond It looks like header_list just gets added to header_dict anyway.
22:14 * hemebond will brb
22:15 rivyn huh, I really don't understand what load_json is doing, but it's adding "u"'s everywhere
22:15 whytewolf 2018.3?
22:16 rivyn https://ghostbin.com/paste/43bmf
22:16 rivyn whytewolf: no, I doubt they have upgraded
22:16 rivyn I didn't even know there was a new salt release
22:16 rivyn the last 2017 release I believe
22:18 rivyn 2017.7.4 (Nitrogen)
22:18 whytewolf ok. then strange you are getting that. anyway, you can fix it by adding |yaml to the {{}} output. such as {{json-in|yaml}}
22:18 whytewolf it will convert the data back to yaml when outputting
22:18 rivyn what {{}}??
22:18 rivyn what's that mean
22:18 rivyn I have ...)['body']|load_json -%}
22:19 whytewolf ..
22:19 whytewolf - name: echo {{thing is here}}
22:19 rivyn ??
22:19 rivyn oh, I forgot space padding
22:20 rivyn doesn't seem to matter
22:20 whytewolf your OUTPUT the cmd.run you just posted the link to.
22:20 rivyn attempting to yes
22:21 * whytewolf waits for it to sink it
22:21 rivyn well ultimately I just want two values from the json - the network_cidr so that I can get the /22 or whatever off the end, and ipv4_address
22:21 rivyn it's not sinking at all
22:22 whytewolf show us the jinja for pgpass state
22:22 rivyn - name: echo "{{ cluster_ip }}"
22:23 whytewolf - name: echo "{{ cluster_ip | yaml }}"
22:23 rivyn whytewolf: https://ghostbin.com/paste/krjo2
22:24 rivyn I need to fix the hostname input, but that's unrelated to the error
22:24 whytewolf I. ... is the api actually returning line endings in the data?
22:24 rivyn how can I get to just the IP or network_cidr?
22:24 rivyn whytewolf: no, when I use curl it's all on one line
22:25 rivyn without a linebreak on the end evin
22:25 rivyn *even
22:26 mikecmpbll joined #salt
22:26 whytewolf well now that you have the data in a structure it is just a matter of navigating that structure. so i would think looking and correct me if I'm wrong everyone cluster_ip["interfaces"]["internal"]["ipv4_address"]
22:27 whytewolf and  cluster_ip["interfaces"]["internal"]["network_cidr"]
22:27 rivyn thanks, I just guessworked that as you said it :)
22:29 rivyn well I dunno why I can't echo out the whole bit but whatever - I see it in the error, and when I get to one value it seems to work.
22:29 hemebond 👍
22:30 rivyn looks like I don't need the " | yaml" for a single value either
22:30 rivyn I think this should be all I need, now to hack out the rest :)
22:30 whytewolf nope, you are not outputing a full datastructure so unicode isn't being translated
22:30 rivyn thanks for the assistance!
22:31 Church- Is there a way to make all my minions re-instantiate new keys at once?
22:32 hemebond Church-: New... Salt minion keys?
22:33 rivyn (hopefully) simple question - is there a salt module to add an IP to an interface (using IPaddr2 on Linux)?
22:34 hemebond rivyn: states.network?
22:34 rivyn hemebond: I have the page for it open, but I'm not sure I see anything useful
22:35 rivyn https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.network.html
22:35 hemebond I've not tried to add an IP to an existing interface. But I would assume network.managed would work just fine.
22:35 hemebond I don't know what ipaddr2 is.
22:36 rivyn there is no managed
22:36 rivyn ipaddr2 is what I use to do it by hand now - ip addr add ...
22:36 rivyn I can cmd.run that if need be
22:36 whytewolf rivyn: states.network not module.network
22:37 whytewolf https://docs.saltstack.com/en/latest/ref/states/all/salt.states.network.html#module-salt.states.network
22:37 rivyn gosh, I don't even know the difference, sorry.
22:38 Church- hemebond: Rotate all the keys the minions use to auth with the master.
22:39 hemebond Church-: Schedule restart of salt-minion, delete keys, delete from master... wait and re-accept?
22:40 rivyn what's kwargs?
22:40 hemebond var=val
22:40 rivyn but how do you know what valid vars are?
22:40 hemebond keyword arguments
22:40 rivyn this page is pretty scarce documentation
22:41 rivyn I want to add an IP to an existing interface without disturbing it's current IP
22:41 hemebond I guess you refer to the examples at the top.
22:41 rivyn yeah, it's all examples, without even saying what they do
22:41 hemebond Yeah, that's kind of not what Salt promotes.
22:41 rivyn what's not?
22:42 whytewolf in the long example at the top. look at the bond0 state. and that documentation could use a lot of love.
22:43 rivyn So if I do eth0, ipaddr: ... etc. it will add it to eth0 without taking down the existing IP?
22:43 hemebond Probably not.
22:43 rivyn I guess I'll have to figure out how to translate the /22 into 255.whatever in jinja too
22:43 whytewolf you might be better off using a cmd.run ..
22:43 whytewolf this state is .. meh. never used it personally
22:43 rivyn yeah, I think I'll just do that for now
22:45 whytewolf ahhh the lo state does show how to have multiple ipaddrs
22:46 rivyn hmm, but it requires you input the existing IP's as well, so I'd have to read it in from another cmd.run :/
22:46 rivyn I've got to figure out how to get the broadcast address as well
22:47 rivyn unless maybe it doesn't matter
22:48 rivyn doesn't seem to
22:54 Church- hemebond: Yeah doy, just realized I can write a bash script to deploy and do this.
22:55 justanotheruser joined #salt
22:56 rivyn wow, it works! :D
22:57 rivyn hemebond: I'm replacing all my +'s with ~'s just for you ;)
22:57 hemebond 👍
22:57 hemebond You'll thank me later :-)
22:57 hemebond (you won't, but do it anyway)
22:59 rivyn it's just harder to type ~ than + ;)
23:01 rivyn How do you guys handle cases where you need salt to do something on more than one host?
23:02 whytewolf https://docs.saltstack.com/en/latest/topics/orchestrate/orchestrate_runner.html
23:02 whytewolf this is where it gets complicated
23:02 rivyn I was worried you might say that
23:04 rivyn gotta run for tady
23:04 rivyn *today
23:04 rivyn thanks guys
23:07 nbari_ joined #salt
23:23 Shirkdog joined #salt
23:40 tiwula joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary