Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2014-04-01

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:00 sgviking joined #salt
00:03 rps_ joined #salt
00:05 rps_ is this a bug: master will auto-accept keys. minion connects and has key accepted. key is (accidentally) deleted from master. Minion notices this and keeps reporting: "SaltReqTimeoutError: Waited 60 seconds. Waiting for minion key to be accepted by the master." But the master never re-accepts the key.
00:07 rps_ This is in 2014.1.0
00:13 arthabaska rps_ I don't know the codebase well enough to say either way so be skeptical, but it looks like there's only one way into the auto_accept logic (via _auth in master.py?), so maybe the minion needs to re-request somehow?
00:14 rps_ arthabaska, I will double check that what I said is right. I have seen this before and a minion restart would trigger a re-request and all would be well. However, right now I am ALSO having a firewall issue
00:14 ahammond I'm setting up github deploy keys for servers. What is the correct way to manage the private key? Each minion should be able to see one and only one key
00:17 ajprog_laptop joined #salt
00:28 jslatts joined #salt
00:28 oz_akan_ joined #salt
00:32 oz_akan__ joined #salt
00:33 ahammond anyone? there must be a best practice for this, but I haven't found it yet.
00:33 baniir joined #salt
00:35 timoguin joined #salt
00:39 forrest ahammond, best way would probably configure a pillar variable with the hostname of the variable, and the key
00:39 garthk I can’t make a custom ext_pillar work. I’ve set extension_modules: /srv/salt/salt-modules and ext_pillar: - modname: arg and put modname.py in /srv/salt/salt-modules/pillar/… and it’s not called; I can’t even cause errors by throwing exceptions. What am I missing?
00:39 timoguin joined #salt
00:39 ahammond forrest yeah, I was thinking along those lines, but then how do you control access?
00:40 garthk There’s a hint that __init__ is only called when a minion somehow invokes the pillar. What do I put in /srv/pillar/top.sls?
00:40 forrest ahammond, what do you mean?
00:41 ahammond Maybe I'm being too clever. I'm gonna go with simple and then revisit this later.
00:41 oz_akan_ joined #salt
00:41 forrest ahammond, did you try salt['pillar.get'](salt['grains.get']('hostname')-pillar_key) ?
00:41 forrest ahammond, not 100% sure that would work, but I'm thinking along those lines
00:41 forrest then it only sees the key associated with that specific hostname
00:41 forrest probably bad to have that  dash between ) and pillar
00:41 ahammond forrest yeah, actually that's really close to what I tried.
00:42 dman777 left #salt
00:42 bhosmer joined #salt
00:54 garthk ok, so, no help with ext_pillar then
00:54 garthk anyone used the tls* states for key management for stunnel, logstash-forwarder, or anything else?
00:54 ajw0100 joined #salt
01:09 therealGent joined #salt
01:12 ipalreadytaken joined #salt
01:15 andrej How do I pass the a grain from a state to a reactor?
01:15 andrej I think I have understood the selection mechanism on the the reactor side.
01:15 andrej but how do I get e.g. the IP of the minion that the state was run against into a corresponding reactor sls?
01:17 n8n joined #salt
01:17 ckao joined #salt
01:19 andrej What I need to achieve is to take the IP of a minion that had the splunk_forwarder deployed vial salt added to the ufw rules on the splunk server as permissible
01:20 andrej I think this must be possible - but can't figure out how
01:23 garthk andrej: ha, same problem as my log forwarding
01:23 therealGent did you write the salt deployment module yourself
01:23 therealGent ?
01:23 xzarth_ joined #salt
01:28 ajw0100 joined #salt
01:28 bhosmer joined #salt
01:37 n8n joined #salt
01:46 ilbot3 joined #salt
01:46 Topic for #salt is now Welcome to #salt | 2014.1.1 is the latest | Please be patient when asking questions as we are volunteers and may not have immediate answers | Channel logs are available at http://irclog.perlgeek.de/salt/
01:50 fllr joined #salt
01:51 sandbender1512 is @thatch45 in here by any chance?
01:51 sandbender1512 (github user)
01:52 Ryan_Lane thatch is occasionally in here. utahcon may be a better person to contact, though
01:53 Ryan_Lane sandbender1512: ^^
01:54 fllr joined #salt
01:55 sandbender1512 Ryan_Lane: thx :)
01:55 sandbender1512 I'm debugging an infinite recursion exception which I believe is related to github issue #6057
01:56 Ryan_Lane heh. I probably won't be much help there :)
01:56 sandbender1512 added a commented to the related commit, just wondering if he happened to be around... no biggie, I'll wait for him to see/respond to my comment
01:56 sandbender1512 thx again ;)
01:56 * Ryan_Lane nods
01:56 Ryan_Lane yw
01:56 bemehow joined #salt
02:01 jeremyfelt joined #salt
02:03 andrej Hmmm ... I think I have a something that should work, But the reactor never touches the splunk server
02:03 mgw joined #salt
02:07 favadi joined #salt
02:13 robertlai joined #salt
02:17 andrej OK ... /etc/salt/master.d/reactor.conf  http://pastebin.com/rUKihih4
02:17 robertl__ joined #salt
02:17 andrej and /srv/reactor/ufw_splunk.sls  http://pastebin.com/WfzAxPBi
02:18 fllr joined #salt
02:18 andrej when I run the state splunk_forwarder the pkg gets installed, but the reactor doesn't react? :)
02:22 gladiatr joined #salt
02:24 n8n joined #salt
02:29 taion809 joined #salt
02:35 yomilk joined #salt
02:37 Networkn3rd joined #salt
02:38 budrose joined #salt
02:41 obimod joined #salt
02:42 obimod ooo fixed salt-cloud by uninstalling salt-cloud (pip uninstall salt-cloud) since it's now integrated into salt! w00t http://stackoverflow.com/questions/22775800/salt-cloud-m-cloud-map-hangs-on-warning-permanently-added-ip-address-rsa/22775801#22775801
02:42 * obimod celebrates with a snack
02:44 garthk andrej: I found that the documentation for ext_pillar was insufficient to get it working, aos.
02:44 garthk s/aos/also
02:50 tinuva joined #salt
02:50 rjc joined #salt
02:51 travisfischer joined #salt
03:01 oz_akan_ joined #salt
03:07 schimmy1 joined #salt
03:09 garthk oh, that’s right
03:09 garthk I still have to figure out how to interrogate for matching minions
03:10 garthk andrej: did you get any of the reactor stuff going with 2014.1?
03:14 frasergraham joined #salt
03:19 frasergraham joined #salt
03:20 [diecast] joined #salt
03:25 smcquay joined #salt
03:27 garthk damnit, everything leads back to wanting ext_pillar to work
03:28 garthk Aha! I only get these errors if I run in the foreground.
03:28 garthk SyntaxError
03:28 garthk Woot.
03:33 Ryan_Lane joined #salt
03:35 robinsmidsrod joined #salt
03:38 schimmy joined #salt
03:42 smurfy_ module function says not available when run from the salt master but runs fine on the local node with salt-call - any ideas?
03:43 manfred did you try running saltutil.refresh_modules? or saltutil.sync_all module?
03:44 garthk smurfy_: based on what I just went through, the troubleshooting advice in the guide to run salt-master -l debug is pretty much mandatory.
03:44 manfred otherwise, my guess is that it is something internal which would require a restart of salt-minion for it to work with salt calls from salt-master
03:47 smurfy_ restarting the salt minion seems to have done the job
03:47 smurfy_ thanks
03:48 smurfy_ and i will take note of the salt-master -l for the future
03:51 garthk anyone know where the id-matching code is, so I can call it from an ext_pillar?
03:52 ravibhure joined #salt
03:56 favadi joined #salt
03:59 ravibhure1 joined #salt
04:13 bja joined #salt
04:22 robertlai joined #salt
04:34 sroegner joined #salt
04:36 MZAWeb_ joined #salt
04:40 middleman_ joined #salt
04:44 dvogt joined #salt
04:48 srage joined #salt
04:49 srage joined #salt
04:56 n8n joined #salt
05:00 yomilk joined #salt
05:02 all_the_fisch joined #salt
05:07 srage joined #salt
05:17 srage_ joined #salt
05:27 davet joined #salt
05:28 kermit joined #salt
05:34 l0x3py joined #salt
05:44 shoma_ joined #salt
05:47 alienresidents joined #salt
06:04 Ryan_Lane1 joined #salt
06:05 kiorky joined #salt
06:07 higgs001 joined #salt
06:08 fllr joined #salt
06:10 jeddi joined #salt
06:12 bhosmer joined #salt
06:12 gammalget joined #salt
06:16 slav0nic joined #salt
06:26 waffle_cat joined #salt
06:30 fxdgear joined #salt
06:34 pydanny joined #salt
06:35 sroegner joined #salt
06:35 magenbrot joined #salt
06:38 dccc joined #salt
06:49 shoma_ joined #salt
06:50 fllr joined #salt
06:52 fllr joined #salt
06:54 garthk dang
06:54 garthk right when I got salt working
06:54 garthk sudden crazy problems with apt-get
06:54 garthk wondering whether I broke my mirror
06:54 garthk first: dinner
07:00 srage joined #salt
07:02 balboah joined #salt
07:07 Kenzor joined #salt
07:07 harobed_ joined #salt
07:17 DaveQB joined #salt
07:19 think-free joined #salt
07:32 srage joined #salt
07:40 ravibhure joined #salt
07:50 fllr joined #salt
07:55 ajw0100 joined #salt
07:59 viod1 joined #salt
08:02 viod1 left #salt
08:06 arapaho HEY ! POISSON D'AVRIL !!!
08:06 arapaho sale journee ...
08:08 vortec joined #salt
08:08 arapaho sorry for the mess ..
08:08 arapaho wrong window
08:11 Nexpro joined #salt
08:20 scarcry running 2014.1.1 is it possible to have the master listen on both IPv4 *and* IPv6 ? I can't get this to work with the 'interface' key in the master config file
08:20 garthk joined #salt
08:27 Valdo joined #salt
08:27 giantlock joined #salt
08:28 topochan joined #salt
08:42 yomilk joined #salt
08:42 ravibhure joined #salt
08:50 fllr joined #salt
08:57 Nazzy joined #salt
09:03 Shish trying to deploy to a server in a country with horrific networking, is there a way to package up a highstate to scp across and run locally so it doesn't need to talk to the master?
09:04 ChaosPsyke joined #salt
09:05 RandalSchwartz including deciding ahead of time which salt:// things need shipping?
09:06 RandalSchwartz I'm guessing you could run salt-call --local on an rsync'ed file tree
09:06 RandalSchwartz might need to provide an alternate config file
09:07 malinoff joined #salt
09:07 RandalSchwartz does that help?
09:07 jfxura joined #salt
09:07 Shish I shall give it a go :3
09:07 pydanny joined #salt
09:20 jfxura Is there a way i can see the rendered jinja template for a file.managed state without executing the state?
09:24 jfxura file.get_managed seems to be the closes match for this.. but i cant make sense of the documentation
09:24 joehoyle joined #salt
09:25 malinoff jfxura, http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.state.html?highlight=template#salt.modules.state.template
09:29 Roops joined #salt
09:30 ggoZ joined #salt
09:32 jfxura malinoff: i tried that
09:32 babilen Which user does salt pull as if I use GitFS to pull from gitolite repositories? Can I configure that somehow?
09:33 jfxura malinoff: state.template gave me blank output
09:35 babilen I take it that it just uses the standard git URI specification or would that assumption be wrong?
09:36 ipalreadytaken joined #salt
09:36 Roops Hello
09:37 Roops How do I configure salt in windows
09:37 Roops ?
09:39 johtso joined #salt
09:40 johtso joined #salt
09:41 johtso joined #salt
09:42 johtso joined #salt
09:42 johtso joined #salt
09:43 johtso joined #salt
09:43 malinoff jfxura, you should specify a file that exists on a minion
09:43 malinoff jfxura, usually you should inspect /var/cache/salt
09:43 malinoff for generated template file
09:45 johtso joined #salt
09:47 malinoff Roops, http://docs.saltstack.com/en/latest/topics/installation/windows.html
09:48 bhosmer joined #salt
09:50 babilen Can I easily change the user salt-master runs as? Background to this is that we want to pull GitFS repos from gitolite and root logins per ssh are not being allowed on the server hosting the repositories.
09:50 fllr joined #salt
09:51 babilen I mean I know that I can set "user: salt" (for example), but can I expect problems when doing that and why isn't the salt-master running as its own user in the first place?
10:00 malinoff babilen, http://docs.saltstack.com/en/latest/ref/configuration/nonroot.html?highlight=running
10:01 Yoda-BZH joined #salt
10:03 babilen malinoff: Thank you -- let me read that :)
10:11 viod1 joined #salt
10:12 babilen Hmm, I am not sure if "Some of Salt's operations cannot execute correctly when the master is not running as root, specifically the pam external auth system, as this system needs root access to check authentication" would pose a problem for us. When is this needed?
10:13 malinoff babilen, you can setup sudo access or something similar
10:14 ndrei joined #salt
10:23 babilen What does salt use pam's external auth system for and what problems will I encounter when I run salt as a different user than root?
10:24 babilen I would really argue in favour of not running salt as root by default, but to document precisely which access rights are needed for which functionality
10:24 helderco joined #salt
10:26 carlos_ joined #salt
10:27 yomilk joined #salt
10:36 faldridge joined #salt
10:50 fllr joined #salt
10:55 eliasp babilen: for the remote-login on your git-server, it doesn't matter which user the client uses…
10:57 diegows joined #salt
10:58 babilen eliasp: How so?
10:59 eliasp it matters which user you use to connect… so it's about the user in your git URL like user@host.domain.tld:repo.git
11:00 eliasp babilen: what won't work is root@host.domain.tld:repo.git
11:01 babilen Salt will happily do that?
11:02 eliasp sure
11:02 babilen Okay, that was my initial question which hasn't been answered until now.
11:02 babilen Well, we use "gitolite@" but I think that just adding a salt specific key to its config should be fine.
11:03 babilen 11:35:34 <babilen> I take it that it just uses the standard git URI specification or would that assumption be wrong? (CET)
11:03 MrTango joined #salt
11:03 eliasp yes, just add the public key of your Salt user to your authorized_keys file on your gitolite instance
11:04 eliasp "Salt user" → root, running saltmaster
11:05 babilen sure, I'll create a salt/git specific key for that
11:07 eliasp :)
11:07 baniir joined #salt
11:08 srage joined #salt
11:13 srage_ joined #salt
11:14 bhosmer joined #salt
11:19 viod1 joined #salt
11:21 jslatts joined #salt
11:28 picker joined #salt
11:35 eliasp yehaw, my first module starts working: http://pastebin.kde.org/pg86a8kky
11:48 TyrfingMjolnir joined #salt
11:50 topochan joined #salt
11:50 fllr joined #salt
11:54 sroegner joined #salt
11:55 Nexpro1 joined #salt
11:58 [diecast] joined #salt
12:00 jeddi okay, trying to come up with the best way of doing the following -- i want to set a smarthost for a box based upon where it is (ie. what network it's on).  i can do that via the first three chars of my hostnames (eg. 'py-', 'do-', etc).   i will have an exception at each site, which is my actual smarthost (also named according to the site it's in).   i want to do this generically such that adding a new host will automatically result in
12:00 jeddi it getting the exim4 configuration appropriate for its site.  jinja doesn't seem to be able to do substring matching, so while i can exclude the smarthost by name for a given site, i can't match (in jinja, in my srv/pillar/base/mail-smarthost.sls ) anything that starts with a specific set of 3 chars.   because jinja can't do that, i can't opt to push that into salt states proper either.  not even sure *where* that kind of business
12:00 jeddi logic should be - i feel pillar, but am open to all suggestions.
12:01 jeddi oh, actually i started doing this in pillar because i wanted to exclude hosts in there that won't get an upstream smarthost by setting a pillar variable to 'none', and then act upon that over in the salt state.
12:03 toastedpenguin joined #salt
12:05 radone joined #salt
12:05 ndrei joined #salt
12:07 srage joined #salt
12:08 Nexpro joined #salt
12:08 che-arne joined #salt
12:08 radone Hello all, did anyone tried the win_servermanager.install module lately ? I keep getting errors while running it .
12:09 radone I keep getting this : 'format-list\""':         not     operable:         or
12:10 radone the logs show this :
12:10 radone 2014-03-13 15:13:10,139 [salt.loaded.int.module.cmdmod][INFO    ] Executing command 'Powershell "Import-Module ServerManager ; \\"Add-WindowsFeature -Name NET-Framework  -erroraction silentlycontinue | format-list\\""' in directory 'C:\\windows\\system32\\config\\systemprofile' 2014-03-13 15:13:10,232 [salt.loaded.int.module.cmdmod][ERROR   ] Command 'Import-Module ServerManager ; "Add-WindowsFeature -Name NET-Framework  -erroraction s
12:10 radone apparently some extra commas in the command ...
12:11 radone quotes I meant .. not commas
12:13 Nexpro1 joined #salt
12:13 ekristen joined #salt
12:18 oz_akan_ joined #salt
12:19 oz_akan_ joined #salt
12:19 srage joined #salt
12:20 zeroC joined #salt
12:25 Nexpro joined #salt
12:26 TyrfingMjolnir joined #salt
12:30 Nexpro2 joined #salt
12:30 TyrfingMjolnir joined #salt
12:32 j4son joined #salt
12:35 TyrfingMjolnir joined #salt
12:35 jrdx joined #salt
12:36 zeroC joined #salt
12:38 sandbender1512 joined #salt
12:42 Chronojam joined #salt
12:44 higgs001 joined #salt
12:49 gladiatr jeddi, are you setup to use multiple (salt) environments?
12:49 gladiatr biab
12:50 elfixit joined #salt
12:50 fllr joined #salt
12:55 joehoyle joined #salt
12:55 joehoyle_ joined #salt
12:56 jslatts joined #salt
12:57 gadams999 joined #salt
12:59 timoguin joined #salt
13:05 wkf joined #salt
13:07 AdamSewell joined #salt
13:07 AdamSewell joined #salt
13:09 ninkotech_ joined #salt
13:09 pmcg joined #salt
13:11 mpanetta joined #salt
13:11 DaveQB joined #salt
13:13 Psi-Jack watch file supports wildcards correct? Like - watch: - file: /etc/supervisor/conf.d   would trigger a restart if anything in conf.d is added/removed/changed?
13:15 jeddi Psi-Jack: i've had to use conf.d/* .. but i ahven't experimented extensively with it.
13:15 jeddi so i should say "I have used..." rather than "I have had to ..."
13:16 Networkn3rd joined #salt
13:17 TyrfingMjolnir joined #salt
13:18 jaimed joined #salt
13:19 racooper joined #salt
13:20 srage joined #salt
13:21 Psi-Jack Hmm
13:23 mpanetta_ joined #salt
13:23 TyrfingMjolnir joined #salt
13:24 Networkn3rd joined #salt
13:26 mpanetta_ joined #salt
13:28 mpanetta_ joined #salt
13:29 fllr joined #salt
13:30 fllr joined #salt
13:31 Valdo joined #salt
13:32 faldridge joined #salt
13:32 JasonSwindle joined #salt
13:33 jeddi Psi-Jack: easy enough to experiment with however :)
13:33 Psi-Jack Yeah, just don't want to do so in production. ;)
13:34 ekristen is there any plan to make the salt pillars remote git act more like the salt states remote git? or will you always have to define your environments for pillars and which branch holds the state info?
13:34 Psi-Jack Heh, "environments" in salt is so broken it's not even funny.
13:41 ajprog_laptop1 joined #salt
13:41 seapasulli joined #salt
13:41 picker joined #salt
13:41 patrek joined #salt
13:43 ipmb joined #salt
13:45 quickdry21 joined #salt
13:46 topochan joined #salt
13:49 helderco joined #salt
13:49 gladiatr joined #salt
13:49 mgw joined #salt
13:49 Valdo joined #salt
13:50 mattmtl joined #salt
13:50 fllr joined #salt
13:50 jgelens sometimes all commands suddenly fail on some minions. E.g. salt 'someserver' test.ping doesn't return anything until I first call salt-call test.ping on the minion.
13:51 jgelens Any idea? :/
13:54 TyrfingMjolnir joined #salt
13:55 ndrei joined #salt
13:56 ipalreadytaken joined #salt
13:57 babilen Hmm, there was an announcement on the ML a while back about a tool that allows you to run a command on all minions and which would help in singling out those on which the return was different (or rather: group minions by identical return values)
13:57 babilen I just can't seem to find it again, does that ring a bell?
14:01 Kenzor joined #salt
14:01 alunduil joined #salt
14:01 timoguin babilen, http://russell.ballestrini.net/filter-salt-stack-return-data-output/
14:02 timoguin that?
14:03 babilen timoguin: No, unfortunately not .. /me is slowly scrolling through the archive
14:03 jeddi gladiatr: i haven't used environments, no -- i originally tried to use them, then realised i had no good use case for them, and they didn't seem to be being utilised in most guides / documentation.   would this solve my problem here do you think?
14:03 babilen I was more or less: Do this on all minions and then group them by similar output. (e.g. md5sum of a file)
14:03 babilen *It
14:03 timoguin "salt-run map.hash" -- A Map/Reduce-Style salt runner for finding discrepancies across minions
14:04 timoguin quick email search. :)
14:04 babilen YES!
14:04 babilen Looks as if my mail-search-fu is much weaker than my google-fu and as if both failed me. Thank you! :)
14:05 gladiatr jeddi, I'm pretty new to salt myself, so (at this very moment), I don't have a finished solution to share with you.  That being said, I'm going forward with multiple environments, especially reflecting the various remote networks our systems are deployed on.  the idea is that you can have a base/generic environment for bits that apply to all of your systems, but then you have (literally) environment-specific bits that will be applied fo
14:05 gladiatr r those systems in those more specific contexts.
14:05 gladiatr that kinda make sense?
14:06 gladiatr It sounds to me that your smarthost requirements are a good use-case for this sort of thing.
14:08 srage joined #salt
14:09 bja joined #salt
14:10 babilen timoguin: Unfortunately not yet in 2014.1.1 yet
14:10 babilen But yes!
14:10 ndrei joined #salt
14:10 JasonSwindle joined #salt
14:11 smcquay joined #salt
14:11 timoguin babilen, I doubt it'll go into 2014.1
14:12 timoguin well, maybe. i guess a runner can't really break functionality.
14:13 zignig joined #salt
14:14 babilen timoguin: It's okay - It would just have been *exactly* what I needed right now :)
14:15 dangra joined #salt
14:17 jeddi gladiatr: it does .. but it means i need to nominate environments (presumably in grains.d/something.conf) on each box .. which is what i'm tryign to avoid.
14:18 mattmtl joined #salt
14:18 jeddi i know you can extract meaning quite easily at the top level - literallythe top.sls - by doing 'py-*': ... but i dislike cluttering up my top files with non-trivial logic (as i'd need to then filter out the one smarthost at each site).  it also seems like the kind of thing i should be allowed to differentiate neatly within each product's sls.
14:20 gladiatr Hrm.  My environments are within different super/subnets, so I kept my top quite simple by matching via ipcidr
14:20 zignig Just managed to get my recursive boot server booting a new copy of itself , yay salt
14:20 jeddi gladiatr: what environments are you defining can i ask?  when i looked at them they were usually along the lines of prod / dev / test
14:20 jeddi gladiatr: aha .. okay.   so they're generic groupings, rather than env's per se.
14:21 zignig jeddi: like roles ?
14:21 gladiatr jeddi, yes.
14:21 jeddi yeah.  i recall the early doc set was *very* ambiguous when it came to roles and environments .... the words were frequently used interchangeably, and sometimes completely wrongly.   i think that's why i gave up on the idea of envs.
14:22 gladiatr jeddi, I'm using the base/proc/dev/sqa designations to start off with--just makes it easier to follow the docs.  I'm similarly starting off with (basic) system configuration bits that are different across the (network) environments--ntp, monitoring, stats gathering, etc before moving onto the application/component level configuration pieces
14:22 jeddi zignig: i started trying to define roles in each minion's /etc/salt/minion.d/grains.conf (a file that was actually pushed out and managed by my master) ... and then realised this was really silly, and gave that up.   instead the logic for roles is now exclusively contained within my state files on the master.
14:22 HeadAIX joined #salt
14:23 jeddi i also *really* want to avoid the problem of having to either run salt highstate's twice to get a box in the right place, and/or have massive amounts of requires or other ordering methods.
14:23 zignig jeddi: I was using role grain for a bit , then realised that grains are not a safe way to do it.
14:23 gladiatr jeddi, :)  Indeed.  I'm hoping, as I get more comfortable with how the various pieces work and fit together, to perhaps make some commits to the documentation
14:23 tyler-baker joined #salt
14:24 zignig jeddi: I put roles in pillars and wrap { if pillar } { endif } around important states so only the correct nodes can even see it.
14:24 jeddi zignig: just so.  :)   for some things i find it's easier to just define it as part of my pillar information - and test for hte presence of a particular dictionary entry for each host - if it's not there, don't do any state-stuff with that host for that app / file / etc at all.   this works well(ish)  :)    but it leads me back to my original question as to how to match (outside of top.sls) a substring of a hostname to then group those
14:24 jeddi hosts.
14:25 TyrfingMjolnir joined #salt
14:25 zignig jeddi: I joined after the question ... hehe
14:25 zignig jeddi: I think that templating your top.sls file to loop through pillar data in a template ,would be the way to go.
14:26 zignig jeddi: that way it could follow your pillar structure. external pillars means you can get the info from anywhere.
14:28 jeddi zignig: my problem would be solved if within jinja2 you could do substr() functions ..    but ultimately i just want a way to identify the *attributes* of a host's smarthost configuration via its hostname (because the first 2 chars of my hostnames dictate physical location, and consequently closest smarthost)
14:28 zignig jeddi: ah , I see where you are coming from , do you have a single master or are you sydicating ?
14:29 jeddi zignig: i can loop through pillar, but the idea is that for a given *site* i may have several dozen hosts ... one of them will be the smarthost for that site.  some number (up to n-1) will defer to that smarthost.  the remainder won't get exim configured at all.
14:29 jeddi zignig: the catch is that I don't want to have to configure anything at all for the default case (defer to nominated smarthost).  ie. i only want to handle exceptions - define the smarthost, and flag boxes that won't run mail.
14:30 jeddi zignig: single master.
14:30 jeddi ext_pillar may be appropriate.  i am *almost* tempted to suck it up and try to write my own state file generator in python .. though that's probably beyond me, at least in a reasonable timeframe.  plus it feels sledgehammery.
14:31 nocturn Hi all
14:31 nocturn I sudenly started getting No Top file or external nodes data matches found on a single minion
14:31 nocturn My top file starts with base:
14:31 nocturn '*':
14:31 nocturn - base
14:31 nocturn I restarted the minion
14:31 nocturn but it doesn't help
14:31 nocturn any suggestions?
14:31 zignig jeddi: sledgehammery is the base of all civilization. ;)
14:32 zignig jeddi: how many sites are we talking about ?
14:32 srage joined #salt
14:32 gladiatr nocturn, pastebin your debug level log
14:32 jeddi zignig: hmm .. 4 sites right now.
14:32 jeddi so in my pillar top.sls i could just say py-* boxes run that pillar, do-* boxes run that one ...
14:33 jeddi I can live with osme level of non-DRY ... and refactor later.  at the moment that's likely my best option.  within those pillars i can use jinja to exclude the local smarthost for that network - you can, at least, match strictly on strings.
14:33 nocturn gladiatr, from the master or the minion?
14:34 fllr joined #salt
14:34 zignig jeddi: yeah , but it's not as pretty. chef is built for sites , but salt is a little too flexible sometimes
14:36 gladiatr nocturn, the minion
14:36 zignig jeddi: anyway sleep calls .... ;)
14:37 gladiatr zignig, g'night
14:37 jeddi zignig: good luck with that. :)
14:37 zignig indeed ... if you salt masters want to have a look , i just got my boot server going
14:37 zignig https://github.com/zignig/exarch
14:38 zignig recursive boot server.
14:38 zignig there is a seed server running on http://bl3dr.com:5000 if you are really brave .......
14:38 jeddi zignig: a recursive boot server?  is this a highly sophisticated april fool's thing? ;)
14:39 zignig jeddi: nope , from a pxe boot iso to working salt master with installed bootserver , with only a root password.
14:39 jeddi zignig: mmm .. nice.  i think.  (trying to work out where i would use sucha  beast)
14:40 nocturn gladiatr, http://pastebin.com/6W1K5CuK
14:40 zignig jeddi: it will deploy and bind minions automagically as well.
14:40 jeddi zignig: it sounds tremendously .. dangerous.  :)
14:40 zignig jeddi: sledgehammery. even.
14:40 Nazzy_ well played google... well played ... https://plus.google.com/explore/hoffsome
14:41 jeddi zignig: i'm old.  i have opinions.  and very much fear about this kind of power. :)
14:41 alunduil joined #salt
14:41 jeddi Nazzy_: did you notice that freenode's integrating its nickserv with google+ now?
14:42 [diecast] joined #salt
14:42 mgw joined #salt
14:42 zignig jeddi: google , speaking of too much power.
14:42 timoguin lol
14:42 zignig jeddi: anyway , sleepy time.
14:42 Nazzy_ jeddi, ooooh, I didn't get that far in to my april fool trawl
14:42 jeddi Nazzy_:  http://blog.freenode.net/2014/04/googleplusfreenode/
14:42 jeddi zignig: ack.
14:43 rgbkrk joined #salt
14:51 danielbachhuber joined #salt
14:52 pydanny joined #salt
14:54 nocturn gladiatr, Is this the problem: Got a bad pillar from master, type bool, expecting dict: False
14:54 jalbretsen joined #salt
14:55 wendall911 joined #salt
14:56 joehoyle joined #salt
14:56 thedodd joined #salt
14:57 frasergraham joined #salt
14:58 faldridge joined #salt
15:01 jslatts joined #salt
15:04 TheRealBill_here joined #salt
15:05 TheRealBill_here joined #salt
15:06 twlight joined #salt
15:07 twlight hi everyone, does anyone have a moment to talk about some pillars within pillars?
15:09 tdilly joined #salt
15:09 Gordonz joined #salt
15:12 tdilly I have one particular state that is behaving oddly. I'm using "file.managed" for a config file and salt claims the file is in the correct state but it is never updated on the minion, all other states and configs seem fine. http://hastebin.com/gimegalapu.vhdl
15:13 nocturn My problem is fixed, the master and minion where not on the same version
15:13 nocturn the minion was newer
15:14 cachedout joined #salt
15:14 tdilly Awwww crap my.conf != my.cnf... *facepalm*
15:15 bja joined #salt
15:19 [diecast] joined #salt
15:27 rizumu joined #salt
15:27 tedski what would be the canonical way to store grains data in an external db?  schedule a grains.items with a mysql returner?
15:28 tedski use case is to maintain an updated inventory db for consumption by a django frontend
15:28 bishy joined #salt
15:29 meteorfox joined #salt
15:30 meteorfox joined #salt
15:31 bishy99 joined #salt
15:33 srage joined #salt
15:34 bemehow joined #salt
15:34 jeremyfelt joined #salt
15:35 dangra joined #salt
15:38 harobed joined #salt
15:39 harobed joined #salt
15:39 harobed joined #salt
15:40 harobed joined #salt
15:41 harobed joined #salt
15:42 harobed joined #salt
15:43 ndrei joined #salt
15:44 eliasp any ideas, why this http://pastebin.kde.org/pqq3avtrz keeps failing with a backtrace like http://pastebin.kde.org/phxtfbnio … it seems like it even iterates over an empty result list from c.Win32_Printer(query)…
15:47 viod1 joined #salt
15:48 fllr joined #salt
15:48 UtahDave joined #salt
15:49 cachedou_ joined #salt
15:49 n8n joined #salt
15:53 KyleG joined #salt
15:53 KyleG joined #salt
15:57 ipalreadytaken joined #salt
15:58 higgs001 joined #salt
15:59 gwmngilfen joined #salt
16:02 kermit joined #salt
16:04 debian112 joined #salt
16:04 debian112 Anyone see this before: TypeError: list_pkgs() got an unexpected keyword argument 'saltenv'
16:05 schimmy joined #salt
16:06 penguin_dan joined #salt
16:06 UtahDave debian112: what version of salt is your master and your minion?
16:06 debian112 master is: 2014.1.1
16:07 debian112 minion is an upgraded: 2014.1.1  via source on debian5
16:07 debian112 I know debian5 is not supported
16:07 Networkn3rd joined #salt
16:08 KyleG joined #salt
16:08 KyleG joined #salt
16:08 debian112 but it works as longs as I am not doing a include from another environment
16:08 xunil joined #salt
16:08 UtahDave We've been making some changes to differentiate between the system environement "env" and the Salt environment "saltenv"
16:09 UtahDave You might delete your Salt install, especially any *.pyc files, and then reinstall to make sure you don't have any old *.py or *.pyc files
16:09 UtahDave If that doesn't help, then it might be a bug
16:09 debian112 ok, let me try that
16:10 debian112 now for debian 6 and 7 it works fine
16:10 debian112 and centos
16:10 debian112 all works
16:10 schimmy joined #salt
16:10 bastion1704 joined #salt
16:10 UtahDave ok, hopefully that will fix the problem.  Old *.pyc files can cause problems like that.
16:11 johtso joined #salt
16:11 * Gareth waves at UtahDave
16:12 * UtahDave highfives Gareth
16:12 johtso joined #salt
16:12 Gareth UtahDave: How are you doing on this fine morning?
16:13 johtso joined #salt
16:13 r4vi joined #salt
16:13 UtahDave I'm doing great!  I've finally had some time to knock out a bunch of Windows minion bugs.  Yesterday evening after everyone else left the office was very productive for me
16:13 johtso joined #salt
16:14 Gareth hah
16:14 johtso joined #salt
16:14 Gareth it's amazing how productive one can be when no one else is around :)
16:15 UtahDave seriously.  When I got in this morning I asked everyone else to go home.
16:15 UtahDave Nobody listened to me, unfortunately.   :)
16:15 johtso joined #salt
16:16 johtso joined #salt
16:16 johtso joined #salt
16:17 Gareth hah.
16:17 Gareth bbl.
16:18 srage joined #salt
16:18 dvogt joined #salt
16:19 srage_ joined #salt
16:21 bja joined #salt
16:21 bhosmer joined #salt
16:24 druonysus joined #salt
16:34 wendall911 joined #salt
16:36 ajw0100 joined #salt
16:37 joehillen joined #salt
16:39 jab416171 joined #salt
16:40 higgs001_ joined #salt
16:41 ipalreadytaken joined #salt
16:44 kaptk2 joined #salt
16:44 johtso joined #salt
16:44 ChrisC1 joined #salt
16:45 ChrisC1 hey guys, back again...trying to map out everything in my head still (noob)
16:45 ChrisC1 can someone point me to the documentation related to something along the lines of...want to "watch" a service on a minion, and have it auto restarted if it goes down...
16:45 ChrisC1 do i need to be looking at reactors?
16:45 mgw joined #salt
16:45 joehoyle_ joined #salt
16:48 mgw joined #salt
16:49 akshtray joined #salt
16:49 chrisjones joined #salt
16:53 [diecast] joined #salt
16:53 UForgotten hi all, can anyone recommend some good resources (videos,books,etc) besides the salt documentation for learning enough python to write good modules (for mostly non-progammer sysadmin types)?
16:53 rglen_ ChrisC1: sounds like you are looking for simple process supervision.   many tools out there for that.  s6, runit, monit, daemontools
16:54 [diecast] joined #salt
16:55 ChrisC1 rglen_: agreed, but it would be better if i could do it here.  for instance, an SLS that deploys the software, manages its configuration files and watches for changes to them, etc.
16:56 Ahlee using salt for this is like using a hammer to drive in a screw
16:56 Ahlee there's just nothing in teh salt-minion to watch another pid
16:57 ChrisC1 Ahlee: what is the purpose of a reactor?
16:57 Ahlee ChrisC1: to react to messages
16:57 Eugene Generate thermal energy from nuclear fuel.
16:57 Ahlee so if you set up a process to send a message to salt when the minion goes down, and have salt restart it
16:57 Ahlee but salt itself isn't set up to watch the pid
16:57 Ahlee it can, however, manage supervisord
16:57 Ahlee which can do what you want
16:57 [diecast] joined #salt
16:58 Ahlee so then you have supervisord watching your application, and will restart it.  It can also then trigger something if it takes action, which could be the generation of a reactor event
16:58 [diecast] joined #salt
16:58 ChrisC1 so how do you manage configurations then?  do you run the highstate on all of your minions once a day or something?
16:59 rglen joined #salt
16:59 Ahlee that could work
16:59 Ahlee We do not use highstate, rather we apply specific states with state.sls
16:59 ChrisC1 understood
16:59 [diecast] joined #salt
16:59 jcsp ChrisC1: you can invoke things periodically using the scheduling system.  You can schedule to invoke highstate regularly, or you could write a more that just checks on that particular process and call it with a schedule
17:00 jcsp we use the scheduling to monitor upness, among other thigns
17:00 ChrisC1 http://docs.saltstack.com/en/latest/topics/jobs/index.html ?
17:00 [diecast] joined #salt
17:01 possibilities joined #salt
17:01 Ahlee jcsp: interesting, how often, and how are you handling the jobcache?
17:01 Ahlee and how many minions
17:02 ChrisC1 jcsp: this is exactly what i was looking for, thank you
17:02 jcsp ahlee: pretty often (like, more than once per minute), not a huge number of minions.
17:03 jcsp and the module we run doesn't exist as a job from the master's pov, it just uses fire_master() to send events
17:08 Ryan_Lane joined #salt
17:10 UtahDave joined #salt
17:11 debian112 @UtahDave: that worked, I removed it and re-installed with the latest
17:12 UtahDave ah, good.  It sounded like that might be the problem.
17:12 qybl joined #salt
17:13 debian112 thank you, now I need to write a script to do all 100+ servers
17:16 schimmy1 joined #salt
17:19 ndrei joined #salt
17:19 ChrisC1 jcsp: can you provide perhaps a specific example re: job scheduling that you use?
17:20 ChrisC1 the docs provide the example using highstate scheduling, but im curious about more specific one-off tasks
17:20 jcsp mine's a custom module written in python, our schedule just invokes that
17:20 ChrisC1 ah ok
17:21 jcsp the python gathers the info I want, and sends it to the master using fire_master, where I have another python process subscribing to the events.  I'm a bit of an unusual salt user in that I'm mainly using it as a message bus for a larger application.
17:21 ChrisC1 alright, i have a feeling im going to be an unusual salt user as well ;)
17:22 ChrisC1 so you have your python script running locally on each minion?
17:23 jcsp the python module is actually a salt module, so I have it in my /srv/salt/_modules on the master, and salt takes care of providing it to the minions.  Then I invoke it with the salt scheduler.  Basically it saves me the trouble of installing an agent everywhere and writing init scripts etc to run it.
17:23 jeremyBass2 joined #salt
17:23 ChrisC1 gotcha
17:23 tyler-baker joined #salt
17:28 ipmb joined #salt
17:29 joehoyle joined #salt
17:32 shoma_ joined #salt
17:35 n8n joined #salt
17:37 ggoZ joined #salt
17:40 jeremyfelt joined #salt
17:42 stephanbuys joined #salt
17:44 travisfischer joined #salt
17:44 higgs001 joined #salt
17:44 bemehow joined #salt
17:45 n8n joined #salt
17:45 ndrei joined #salt
17:46 kermit joined #salt
17:48 Nexpro joined #salt
17:51 JasonSwindle joined #salt
17:52 n8n joined #salt
17:52 Kenzor joined #salt
17:52 djaime joined #salt
17:53 bhosmer joined #salt
17:57 Nexpro joined #salt
17:58 arthabaska joined #salt
18:00 n8n_ joined #salt
18:01 ajw0100 joined #salt
18:03 ccase joined #salt
18:03 JasonSwindle joined #salt
18:03 druonysuse joined #salt
18:03 druonysuse joined #salt
18:06 * Gareth returns
18:07 * whiteinge trumpets the appropriate fanfare
18:09 jaimed joined #salt
18:09 * Gareth waits for the rose petals and velvet carpet
18:10 xmj someone now has to write /me farts.
18:12 * dimeshake trumpets again
18:13 mgw joined #salt
18:17 dvogt joined #salt
18:17 ggoZ joined #salt
18:17 qybl joined #salt
18:17 * Eugene gets a bag of corks
18:18 viod1 joined #salt
18:23 wt joined #salt
18:24 wt Do I want to have a salt-master installed on all my minions for any reason?
18:25 wt I've seen a few examples that do that, and I wasn't sure.
18:25 wt e.g.: https://test-salt.readthedocs.org/en/latest/topics/tutorials/bootstrap_ec2.html
18:25 borgstrom joined #salt
18:29 baniir joined #salt
18:30 twlight is there any way within a pillar, to re-use a key/value pair within the same pillar?
18:30 timoguin wt, i doubt there's a good reason to have it on all of them.
18:32 twlight so for instance, if i define name: billy can i use {{ name }} in other parts of the same pillar data?
18:32 timoguin you might want a master that is a minion of itself. or a master that's a minion of other masters
18:33 whiteinge twlight: no. if you need to reuse values like that the values must be defined at the jinja level using {% set = {} %}
18:34 whiteinge the jinja is processed first as a separate step, then the yaml is processed
18:35 twlight thanks whiteinge
18:37 sijis whiteinge: hey - you did confirm that sending kwargs in pepper is borked, right?
18:37 whiteinge sijis: yes
18:38 sijis whiteinge: ahh. ok. am i right to assume its just a param not being sent to low()?
18:38 sgviking joined #salt
18:40 whiteinge sijis: yes. 'args' and 'kwargs' need to be added here:
18:40 whiteinge https://github.com/saltstack/pepper/blob/master/scripts/pepper#L176
18:40 gadams999 left #salt
18:41 sijis whiteinge: that's what i figured
18:41 sijis whiteinge: i would think something would need to be added to L152 or nearby
18:41 sijis to capture the other params on the cmd line
18:41 mgw joined #salt
18:45 wt timoguin, thanks
18:45 ipalreadytaken joined #salt
18:45 wt timoguin, that's what I'd come up with. I just wanted to be sure.
18:46 yomilk joined #salt
18:47 zain joined #salt
18:47 johtso joined #salt
18:48 johtso joined #salt
18:48 whiteinge sijis: just pushed. afk...
18:48 thedodd joined #salt
18:49 johtso joined #salt
18:49 zain__ joined #salt
18:51 hunter joined #salt
18:52 bja joined #salt
18:57 smurfy_ all of the sudden i am seeing: Function salt.highstate is not available
18:57 druonysus joined #salt
18:57 smurfy_ i have not made any changes, what can cause this?
19:07 dwiden joined #salt
19:07 ajprog_laptop1 smurfy_: I thought is was state.highstate
19:08 smurfy_ you thought right, i had it wrong
19:08 smurfy_ haha
19:08 dwiden is there any reason that running a windows minion as a service or directly from the command line would cause some executables to run correctly/incorrectly?
19:12 Linuturk joined #salt
19:16 dangra joined #salt
19:17 stephanbuys anyone care to comment on jinja vs mako - why jinja is preferred? I started off with jinja but I’ve recently switched to #!jinja|mako|yaml in sls files, just finding the native python support much more intuitive and fast to code
19:18 sandbender1512 +1 to mako vs. jinja
19:18 sandbender1512 although I'm also using jinja|mako|yaml as well a lot
19:18 sandbender1512 mainly so that I can factor out common mako stuff into a single file, include it literally w/ jinja, then leave the bulk to mako :)
19:18 stephanbuys sandbender1512: ditto
19:19 sandbender1512 jinja is bunk imho - no wonder Django templating is jinja-based/derived (django templating drives me nuts too)
19:20 stephanbuys sandbender1512: although I’ve recently increased my usage of the “map” paradigm (as per http://docs.saltstack.com/en/latest/topics/best_practices.html) and that is helping me a lot
19:21 sandbender1512 yeah we started out trying to follow that convention but (perhaps due to certain internal requirements) we quickly got to the point where it was getting clunky/not letting us do what we wanted
19:21 stephanbuys sandbender1512: I’ve refactored several states into very elegant mako implementations where the jinja templates we getting ridiculous due to the hacks I had to introduce to get basic boolean logic to work properly
19:22 sandbender1512 (sorry can't remember specifics, my brain has been destroyed by debugging requisite code for days on end, so admittedly that comment is lacking real substance ;)
19:22 whiteinge sijis: sorry about that. had to run afk
19:22 * sandbender1512 nods at stephanbuys
19:24 jalbretsen joined #salt
19:25 thayne joined #salt
19:31 n8n joined #salt
19:31 allanparsons joined #salt
19:31 mtford joined #salt
19:31 allanparsons any of you guys use a software-based VPN solution?
19:32 KyleG allanparsons: I use privateinternetaccess.com
19:32 KyleG They have nodes worldwide
19:32 nahamu joined #salt
19:32 KyleG and usually in specific states to
19:32 KyleG too*
19:32 allanparsons i was looking for something to use at Amazon
19:33 allanparsons i've used OpenVPN before
19:33 allanparsons but its a pain to manage
19:33 KyleG I was going to say, OpenVPN lol
19:33 allanparsons and connecting multiple regions / vpcs is a pain
19:34 smurfy_ I've defined a custom state module with some parameters but the minion doesn't seem to be picking it up, it's legal to do that from top.sls yes?
19:35 MZAWeb joined #salt
19:37 baniir joined #salt
19:38 smcquay joined #salt
19:39 andrej event log   http://pastebin.com/e0A4bRJg
19:40 andrej and   /srv/reactor/ufw_splunk.sls  http://pastebin.com/WfzAxPBi
19:40 andrej and /etc/salt/master.d/reactor.conf  http://pastebin.com/rUKihih4
19:40 andrej Why is my reactor not reacting? :)
19:40 andrej torrancew: how do I find out what happens to the jinja template in the reactor?
19:41 andrej Nothing shows in debug output
19:44 torrancew andrej: I don't think you actually meant to highlight me?
19:44 torrancew I certainly don't know :/
19:44 bhosmer joined #salt
19:44 andrej umm no, I didnt
19:44 torrancew k
19:44 andrej not sure how that happened
19:45 torrancew no worries
19:45 andrej apologies
19:46 connie joined #salt
19:50 andrej Can I use salt-call to manually try and execute a reactor sls on a minion?
19:53 ndrei joined #salt
19:53 jalbretsen joined #salt
19:58 mgw joined #salt
19:58 JasonSwindle joined #salt
20:02 yomilk joined #salt
20:02 timoguin andrej, i don't think so. but you could use salt-call to fire an event up to the master
20:04 mgw joined #salt
20:06 andrej timoguin : ta, I'll try that
20:14 whiteinge andrej: just keep in mind the ``data`` argument to event.fire_master is not the same as the event data itself.
20:14 whiteinge http://docs.saltstack.com/en/latest/topics/reactor/index.html#fire-an-event
20:15 andrej hi whiteinge
20:15 andrej thanks for the hint
20:16 andrej I still don't understand why nothing is happeing in my reactor ;/
20:16 shoma_ joined #salt
20:16 andrej I restarted the master with -l all
20:17 andrej and the yaml rendering produces nothing
20:17 andrej {}
20:17 conan_the_destro joined #salt
20:18 mtford left #salt
20:20 oz_akan_ joined #salt
20:22 obimod joined #salt
20:22 smurfy_ would a _function in an execution module be unavailable to a state module referencing it?
20:22 obimod heyo
20:24 wt I am curious, is there any way to get the gitfs backend to use subdirectories instead of branches for the environments?
20:24 obimod i wonder why salt-master connects to ipecho.com when initiated
20:24 obimod at least that's what i think is happening
20:27 obimod externalip and v4.ident.me
20:27 obimod too
20:27 bja joined #salt
20:27 obimod sounds like it's trying to get the external address but why would it need that
20:28 oz_akan_ joined #salt
20:31 dfinn joined #salt
20:32 JasonSwindle joined #salt
20:33 jkleckner joined #salt
20:34 dfinn anyone have any examples of filtering salt logs with rsyslog?  i'm trying to do something basic like so but it's not working
20:34 dfinn http://pastebin.com/5seWHzRY
20:37 shoma_ joined #salt
20:37 Heartsbane UtahDave: ping?
20:38 UtahDave Heartsbane: pong!
20:38 Heartsbane PM
20:39 oc- salt has become incredibly slow after upgrading to 2014.1.1. When I do a local salt-call -l debug highstate, i get three lookups for "[DEBUG   ] Loaded minion key: /etc/salt/pki/minion/minion.pem" and one decrypting current master AES for **each** salt state entry. Is there a reason why the the minion key isn't cached?
20:40 gildegoma joined #salt
20:40 joehoyle joined #salt
20:40 UtahDave oc: could you open an issue on that?
20:40 ajw0100 joined #salt
20:41 mgw joined #salt
20:41 rgarcia_ joined #salt
20:43 harobed_ joined #salt
20:44 oc UtahDave: I'm trying to investigate and reduce it down to a particular issue
20:45 UtahDave cachedout_home: hey, have you seen oc's issue ?
20:45 oc UtahDave: have to install a fresh server first, will do that tomorrow
20:46 UtahDave ok
20:47 mgw joined #salt
20:49 cewood joined #salt
20:51 ipalreadytaken joined #salt
20:52 yomilk joined #salt
20:52 bemehow joined #salt
20:54 obimod this is so frustrating... sometimes the salt-cloud -m 'cloud.map' command successfully deploys but usually it doesn't
20:54 * obimod bashes head on keyboard
20:56 obimod i think maybe i should just deploy the salt-master into the cloud instead of having it on my work machine
20:57 UtahDave obimod: sounds like a networking issue.
20:57 obimod UtahDave: I agree.. but I can't see what's incorrect... the ports are open, the hostname resolves, nmap confirms this
21:01 zain joined #salt
21:01 kballou joined #salt
21:04 andrej How do I find out what's happening (or why nothing is happening?) with my reactor?
21:06 UtahDave andrej: The best way is to run your salt-master in a terminal in debug mode. Then you can see if you're getting any stacktraces or anything
21:07 shoma_ joined #salt
21:07 n8n joined #salt
21:12 johtso joined #salt
21:13 alunduil joined #salt
21:13 johtso joined #salt
21:14 johtso joined #salt
21:14 andrej UtahDave : I did that; it appears that the rendering of the yaml in my reactor sls results in emptyness?  {} is all I see.
21:14 UtahDave andrej: can you pastebin your reactor sls?
21:15 andrej Here it is /srv/reactor/ufw_splunk.sls  http://pastebin.com/WfzAxPBi
21:17 seapasulli joined #salt
21:19 UtahDave andrej: Yeah, I'm guessing that one of the arguments in that if statement is returning False
21:20 andrej UtahDave - how can I debug the evaluation?
21:21 UtahDave I would print out each of those values to make sure they're giving you expected values, to start with
21:23 andrej I know this is the most stupid question ever: how do I print something that's in an SLS?
21:26 ipalreadytaken joined #salt
21:27 jcockhren *sigh*
21:27 jcockhren I want to upgrade from 0.17.5 to 2014.1.1 but...
21:27 jcockhren I'm afriad
21:27 jcockhren afraid*
21:27 UtahDave andrej: oh, I just add the variable to something in the yaml and look at how it renders
21:27 UtahDave jcockhren: test first
21:28 andrej UtahDave : so, I just make some stanza outside the if block, e.g. a command run w/ the variable as an argument?
21:29 andrej And then run the master w/ debug output again?
21:30 UtahDave andrej: yeah, that should work, I think.
21:30 UtahDave andrej: doesn't the master output the rendered reactor sls when running in debug mode?
21:31 andrej UtahDave : all I saw was an empty set of curly braces for the yaml render
21:31 jcockhren UtahDave: I need to figure out how I could build and run the states, modules and returners and get test results.
21:31 andrej which is probably because my complex condition failed
21:33 garthk joined #salt
21:34 UtahDave andrej: so you if outside the jinja if statement you just put in    {{ data['fun'] }}   it will render that data
21:36 andrej Yup ... just doing that now
21:36 andrej thanks man
21:37 andrej It wouldn't have occurred to me, yet it's so simple once you spelled it out :}
21:38 UtahDave no problem.  We do need to improve the visibility into what is happening with the reactor
21:38 garthk hey, andrej, I got my ext_pillar working.
21:38 garthk andrej: how’s your reactor?
21:39 andrej I just saw that my variables render ... but the if statetment is now throwing an error
21:39 garthk Is there a way to define state modules in the usual SLS syntax?
21:39 faldridge joined #salt
21:40 andrej http://pastebin.com/MvckUYyW
21:41 Whissi joined #salt
21:42 Math` joined #salt
21:42 andrej new reactor http://pastebin.com/nM4hxcCt
21:42 andrej Not sure why I'm now getting that render error
21:47 ninjabox joined #salt
21:47 ninjabox hey guys
21:48 ninjabox can anyone tell me why salt-key on my master would be displaying a hostname on a minion that is incorrect?  i.e. where does it pull the hostname of the minion from?
21:48 ninjabox s/on a minion/of a minion
21:49 ndrei joined #salt
21:49 UtahDave ninjabox: if you don't define that minion's id in /etc/salt/minion,  then it uses dns to determine the hostname
21:49 rgbkrk joined #salt
21:49 UtahDave garthk: I'm not sure what you mean by define a state module in SLS syntax
21:49 ninjabox oh, lame.  would the master check the /etc/hosts file first?
21:49 elfixit joined #salt
21:50 garthk UtahDave: in Puppet, you can define a new resource type in Puppet manifest syntax.
21:50 ninjabox we have a lot of records pointing to the same IP address
21:50 garthk UtahDave: … and that resource can be built out of the basic resource types or other user-defined resource types.
21:50 garthk UtahDave: in Salt, seems the only way to add a new state module is to drop to Python
21:51 seapasulli_ joined #salt
21:51 gildegoma_ joined #salt
21:51 ninjabox oh.. I guess I could do 'salt-ssh '*' -r 'echo "id: $(hostname)" >> /etc/salt/minion'
21:51 andrej UtahDave : I get rendered output for both of my stanzas now (I found that my 2nd condition was at fault, comparing a list with a string; changing that to checking for presence of string in list worked).
21:51 garthk UtahDave: … and the closest you can get to the Python equivalent is to export macros and import them into other states.
21:51 pviktori_ joined #salt
21:51 andrej However, after all is show in the debug output it then says render failed, which confuses me
21:51 gildegoma_ left #salt
21:51 pmcg_ joined #salt
21:52 druonysuse joined #salt
21:52 druonysuse joined #salt
21:52 UtahDave ninjabox: no, the minion determine's its hostname
21:53 dfinn1 joined #salt
21:53 UtahDave andrej: can you pastebin the error?
21:53 jeremyfe_ joined #salt
21:53 Valda joined #salt
21:53 arthabas_ joined #salt
21:53 zain__ joined #salt
21:54 fatbox joined #salt
21:54 j4son_ joined #salt
21:54 UtahDave garthk: can you give me an example of what you'd like to do?
21:54 andrej Sure - give me a sec
21:54 micko joined #salt
21:54 rgbkrk joined #salt
21:54 pviktori_ joined #salt
21:55 faldridge joined #salt
21:56 andrej new render http://pastebin.com/jCKPEH8F
21:57 ninjabox UtahDave: thanks, I think that salt-ssh line will do the trick for me
21:57 garthk UtahDave: resourcename: mymodulename: args… and then everything in mymodulename.sls gets run again with access to {{args}}
21:57 UtahDave ninjabox: cool
21:57 ninjabox The wrong time to implement saltstack, is when your environment already has thousands of servers lol
21:58 UtahDave whiteinge: do you know why andrej's reactor would fail to render that way?
21:58 andrej ninjabox : how do you manage them atm? :)  cssh? :)
21:58 UtahDave garthk: I think you might want the "extend" argument
21:58 UtahDave ninjabox: :)  I've helped a lot of large companies do that.
21:59 bhosmer joined #salt
22:00 garthk UtahDave: consider a custom salt module for logstash. When defining an application, we want to add another file to /etc/logstash/conf.d to pick up that application’s log file. Most convenient would be: /var/log/appname: logstash.watch: - type=syslog
22:01 garthk UtahDave: I’m absolutely confident I can do that in Python, but I’d prefer to use more SLS syntax
22:02 mgw joined #salt
22:02 garthk UtahDave: extend only works to the degree that the application state knows exactly how the logstash state works: there’s no encapsulation at all, and the logstash state owner can’t refactor without modifying all of the application states
22:03 Guest27273 joined #salt
22:03 garthk UtahDave: that said, it’ll get me to the next step :)
22:04 garthk “apache ID's file state is overwritten” or not
22:04 Guest27273 Hi everyone, is there any good places for a beginner?
22:05 philipsd6 joined #salt
22:05 UtahDave garthk: you could use file.accumulated and let whatever state you want add its logfile to logstash's
22:06 kermit joined #salt
22:06 higgs001 joined #salt
22:07 garthk UtahDave: yes, but — again — that requires the app module to be tightly coupled to the logging module; it can’t just say “hey, watch this file” and leave all the detail up to the logging module
22:10 yomilk joined #salt
22:15 masterkorp joined #salt
22:15 masterkorp hello
22:15 masterkorp from someone who came from chef
22:15 masterkorp how do i see what each minion is running ?
22:16 andrej masterkorp ; what do you mean?
22:16 andrej which processes?
22:16 masterkorp the logic
22:16 masterkorp like i can see a node run_list on chef
22:17 andrej I don't know chef, and that explanation means nothing to me, so I'll have to leave that for someone else
22:18 masterkorp lets say a node has nagios on it
22:18 masterkorp *a minion
22:18 masterkorp how do i check which minon has nagios
22:21 masterkorp ok, let me reformulate
22:21 UtahDave masterkorp: salt \* pkg.list_pkgs   will return all the packages that are installed on each minion
22:21 masterkorp which states a node has
22:21 nkuttler masterkorp: depends on how the config was done
22:22 garthk UtahDave: if I extend file.managed: - names, will it add names or replace?
22:22 masterkorp nkuttler: how ?
22:24 andrej masterkorp :  I'd look at my nagios init.sls
22:24 nkuttler masterkorp: how were nagios hosts targeted? e.g. grains, hostnames, etc
22:24 masterkorp oh, so this works diferent
22:25 masterkorp sorry in advance
22:25 andrej we use icinga here, but there's an if-statement that only apply icinga packages and config to one given machine.
22:25 andrej I target them (or it, in this case) by name
22:25 UtahDave garthk: most of the items replace,   watch and requires append.   I'm not 100% sure about names.
22:26 andrej {% if grains['host'] == 'prodmon' %}
22:26 andrej do stuff
22:26 andrej {% endif %}
22:27 masterkorp so, how do i know how system was targeted ?
22:27 nkuttler masterkorp: did the previous developer not leave some documentation around? :|
22:28 UtahDave masterkorp: usually your top.sls will show you how things were targetted, unless it was a one-off command from the cli
22:28 masterkorp nkuttler: lol, you funny guy
22:28 nkuttler masterkorp: maybe there are more top.sls files though
22:28 yomilk joined #salt
22:29 masterkorp there is one
22:29 masterkorp cool
22:29 masterkorp ok, this starts to make sense
22:29 whiteinge andrej: sorry, was pulled afk
22:30 whiteinge looks like there's a yaml syntax error in that reactor file
22:30 whiteinge http://yamllint.com/
22:30 whiteinge need a space between -tgt
22:31 andrej no worries whiteinge
22:31 andrej and thanks for that - my bad
22:32 whiteinge "YAML: The most human-readable data format that isn't debuggable by humans."
22:32 whiteinge (i both really love and really hate yaml.)
22:33 andrej Heh
22:33 andrej Now I need to fnd out what my ufw rule doesn't get added ;D
22:34 andrej Oh, on an unrelated matter: that runner module you did the other week
22:34 andrej It seems not to notice two of my minions, which is weird
22:35 whiteinge interesting. i wonder where the disconnect is
22:35 andrej Do runnners need to initiate comms the other way?  It might be a firewalling issue, then, because some of our subnets are locked off from others
22:36 andrej and while I poked holes into the firwall to allow for the minions to talk 4505 to the master it may not be possible to go the other way
22:36 whiteinge that utils function is looking for active tcp connections in /proc
22:36 timoguin joined #salt
22:37 andrej Hmmm
22:37 andrej manage.status shows them as up
22:38 whiteinge cat /proc/net/tcp. do they show up there?
22:38 whiteinge er, nvm. you'd have to do a bit of calculation there
22:39 JasonSwindle joined #salt
22:40 bemehow_ joined #salt
22:40 ninjabox andrej: no, I manage my thousands of servers with a set of bash/python tools that I wrote
22:41 ninjabox andrej: they actually work very well, but I'm trying to learn salt
22:41 andrej heh
22:41 andrej I just spooted that :)
22:41 andrej Not very readable
22:41 andrej But they do show up in netstat
22:41 andrej I'm sure that uses the same structure?
22:42 andrej Nice ninjabox ... wish I was that good w/ python :)
22:42 ninjabox honestly I only use python for the parts of the infrastructure that are in AWS.  I use python's boto library to build a directory structure that models our AWS environment, then I just use bash to script against that
22:42 andrej s/poot/pott/
22:45 andrej Ah feck
22:46 andrej In my reactor file, can I somehow (using grains, mine, anything?) get the machine's IP rather than its name?  UFW swears on the other minion because 'playpen' is not a valid address
22:47 jalbretsen joined #salt
22:48 ldlework andrej: ip is a grain, yea
22:48 whiteinge grains aren't available in reactor sls files though
22:49 whiteinge andrej: instead of doing a cmd.run could you do a cmd.sls and put the commands that shell out in there? from there you'd have full access to {{ grains }}, {{ pillar }}, etc
22:49 whiteinge another upshot is you'd be able to run that sls file yourself manually in cases where you wanted to skip the reactor
22:51 meteorfo_ joined #salt
22:51 ldlework Oh I have no idea what a reactor sls file is :)
22:55 oz_akan_ joined #salt
22:56 andrej Hmmm ... sounds interesting.  I could pass the IP into that somehow?
22:56 oz_akan__ joined #salt
22:56 sroegner joined #salt
22:57 andrej So if the reactor finds that my playpen received the splunk_forwarder ... how do I get playpens ip into the cmd.sls to modify the firewall on the other box?
22:58 Ryan_Lane andrej: send a salt call to the other box to modify the firewall
22:58 Ryan_Lane through the reactor
22:58 andrej ack :)
22:58 andrej Another concept I need to wrap my head around ;)
22:58 andrej This is all to powerful and flexible for my poor old head
22:58 Ryan_Lane you could also do a peer call between systems, but that's a bit more dangerous, as you have to expose the entire function
22:59 andrej yeah nah, that's not an option :)
22:59 Ryan_Lane with reactors you can send and act on any event you wanrt
22:59 Ryan_Lane *want
22:59 Ryan_Lane well, you publish an event, then react based on the event. the event can have data in it that can be used in the reaction
23:00 andrej Ryan, so from my reactor event (which now work fine, thanks whiteinge) how do I get the initally targeted minions IP to the other box?
23:00 Ryan_Lane well, I'm not totally sure where you're stuck :)
23:01 whiteinge is the IP available in the event data? (i lost your original pastebin)
23:01 andrej Nope
23:01 Ryan_Lane right, so add it to the event data :)
23:01 Ryan_Lane is salt mine accessible from reactors?
23:02 whiteinge no. only event data
23:02 Ryan_Lane :'(
23:02 fllr joined #salt
23:02 andrej http://pastebin.com/e0A4bRJg
23:02 whiteinge events are not always minion-specific
23:02 Ryan_Lane sometimes I think peer runners are more powerful than reactors
23:03 Ryan_Lane right, but the mine lives on the master
23:03 Ryan_Lane and contains info about all minions
23:04 Ryan_Lane anyway, that's an aside that won't help you andrej :)
23:04 whiteinge fair point. i'm not sure why reactor sls files don't have access to {{ salt }} modules on the master (like pillar)
23:05 Ryan_Lane andrej: so, why not add the ip data to the event?
23:06 andrej Ryan_Lane - I don't know that one can?
23:06 Ryan_Lane you can stick any data you want into an event
23:06 jslatts joined #salt
23:06 Ryan_Lane andrej: http://docs.saltstack.com/en/latest/topics/event/index.html#firing-events
23:06 andrej but the event I'm looking for is running a state against a minion, namely the deployment of a package
23:07 Ryan_Lane why not add your own custom event into the state?
23:07 Ryan_Lane and react to the custom event
23:07 andrej How would I do that?
23:08 Ryan_Lane you'd need to call the event module from the module state: http://docs.saltstack.com/en/latest/ref/states/all/salt.states.module.html#module-salt.states.module
23:09 Ryan_Lane event.fire:
23:09 Ryan_Lane well, anyway, you see what I mean :)
23:09 whiteinge ^^ awesome pattern
23:09 Ryan_Lane (maybe)
23:10 andrej heh
23:10 andrej I think I need to go for a walk :)
23:11 andrej this is doing my head in ... whichever way I turn there's a weeks worth of playing ahead to achieve what I want ;D
23:13 seapasulli joined #salt
23:16 think-free_ joined #salt
23:16 mlincoln joined #salt
23:17 toguin__ joined #salt
23:20 joehoyle_ joined #salt
23:22 think-free_ joined #salt
23:26 Tekni joined #salt
23:28 joehoyle joined #salt
23:30 bemehow joined #salt
23:31 Teknix joined #salt
23:32 diegows joined #salt
23:33 JasonSwindle joined #salt
23:33 think-free joined #salt
23:34 joehoyle_ joined #salt
23:36 elfixit joined #salt
23:36 ajprog_laptop1 joined #salt
23:36 schimmy joined #salt
23:37 think-free__ joined #salt
23:39 schimmy1 joined #salt
23:42 think-free_ joined #salt
23:45 hunter joined #salt
23:48 timoguin_ joined #salt
23:48 think-free_ joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary