Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2014-04-02

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:03 [diecast] joined #salt
00:07 kvbik joined #salt
00:11 CleetusBot joined #salt
00:12 bhosmer joined #salt
00:12 ipalreadytaken joined #salt
00:16 ipalreadytaken joined #salt
00:19 think-free joined #salt
00:20 meteorfox joined #salt
00:22 ipalreadytaken joined #salt
00:25 think-free joined #salt
00:26 NV hrm, pkg.installed with sources doesn't seem to upgrade rpms, only install if they are missing
00:26 NV is this intended? is there a way to make it upgrade?
00:27 manfred yes
00:27 andredieb left #salt
00:27 manfred and i believe so
00:27 Gareth NV: You could use pkg.latest instead.
00:27 manfred yeah that^^
00:27 NV pkg.latest doesn't appear to take sources as an option looking at the docs?
00:28 manfred NV: it uses kwargs, my guess is it is passing sources through to the pkg.installed
00:28 NV hmm, let me give it a try
00:29 NV pkg.latest -- The "sources" parameter is not supported.
00:30 manfred hrm
00:31 Gareth NV: what does your state look like?
00:31 Gareth can you pastebin it?
00:31 NV http://pastie.org/private/yzkybgt7fyipogv6v1mhqw
00:31 manfred NV: https://github.com/saltstack/salt/blob/develop/salt/states/pkg.py#L769
00:31 manfred yeah looks like it doesn't support the sources parameter yet
00:31 NV pkg.installed works, but doesn't upgrrade already-installed rpms
00:32 NV if not using sources, you could normally use pkg.installed with the version option
00:32 NV but version is ignored if sources is passed according to the docs
00:32 Gareth that sounds like a bug :)  The way you're doing that state...if you update the source to something different it should install that one.
00:33 Gareth NV: can you file an issue?
00:35 NV https://github.com/saltstack/salt/blob/develop/salt/modules/yumpkg.py#L753 looking at the yumpkg module i think i might be able to specify the version of the package in the sources dict to make it work
00:36 smurfy_ is there a benefit to creating a module that does crud operations on a config file vs managing the config file via a source file or template
00:37 smurfy_ for example there is a module built in that handles adding entries to /etc/hosts
00:37 smurfy_ why not just manage that with a template
00:38 arthabaska joined #salt
00:38 think-free joined #salt
00:39 jslatts joined #salt
00:39 NV smurfy_: because you can then go 127.0.0.1 blah.com: hosts.exists: [] or whatever
00:39 NV and in another, completely unrelated formula, have 127.0.0.1 fred.com: hosts.exists: []
00:39 NV and each formula needs to know nothing of the other
00:41 philipsd6 joined #salt
00:42 fllr joined #salt
00:43 think-free_ joined #salt
00:49 think-free joined #salt
00:54 garthk why does archive.tar succeed even if tar exits with an errorlevel due to unrecognised arguments?
00:54 jkinning joined #salt
00:54 garthk [ERROR   ] Command 'tar ---owner=hadoop --group=hadoop -xzf /opt/hbase-0.94.12.tar.gz -C /opt/hbase' failed with return code: 64
00:56 oz_akan_ joined #salt
00:56 jkinning I have been testing salt for a couple days off and on and was wondering if anyone else is using salt with SLES 11sp3?
00:56 sroegner joined #salt
00:57 garthk oh, might be because I’m using module.call instead of an actual state module
00:58 jkinning If so, what was the easiest way to get the salt-minion installed? I found a repo but I am managing over 100 SLES instances and didn't want to manually install the repo and install the salt-minion on all the hosts. How has the salt-ssh been working if you are using that?
01:01 forrest joined #salt
01:02 schimmy joined #salt
01:03 quickdry21 joined #salt
01:04 obimod Hey! Anyone know how one reconnects to the minion after the ssh bootstrap-salt.sh hangs?
01:04 andrej Been trying the trick w/ passing values around as described here http://docs.saltstack.com/en/latest/topics/reactor/
01:04 andrej However, the variable new_minion for me never gets populated?
01:04 fedgoat Can anyone explain to me...why using a salt state module makes it so you don't have to use a renderer or template.  Explain to me the logic with letting state files become your template rather than having a renderer and template...wheres the logic in this
01:07 tedski what would be the canonical way to store grains data in an external db?  schedule a grains.items with a mysql returner?
01:07 tedski use case is to maintain an updated inventory db for consumption by some web frontend
01:10 MZAWeb joined #salt
01:11 fedgoat Are these "states'  or "state modules"  https://github.com/saltstack/salt/tree/develop/salt/states
01:12 tedski those are the state modules
01:12 fedgoat so if states and state modules are different...?
01:12 tedski states are .sls files that exercise those modules
01:12 tedski .sls files are what pass arguments to the state modules and run each state module in the correct order
01:12 fedgoat mv states statemodules
01:13 tedski well, not pass arguments, but outline which arguments are to be passed
01:13 fedgoat right
01:13 Math` joined #salt
01:13 fedgoat what im seeing though is utilizing state modules bypasses using renderers
01:13 fedgoat so your state becomes your template
01:14 fedgoat which is a strange concept
01:15 rglen is there any way for a master to know the IP address of a minion from minion driven events
01:15 fedgoat it would be cool if state modules were named state modules rather than states too so its not so confusing.  Doing a pretty large scale deployment of Salt in production...mOving away from Chef, so don't let me down!
01:15 rglen I don't want to rely on the A record of the event['data']['id']
01:15 baniir joined #salt
01:16 rglen because in the strictest security stance... one could just change his hostname to imposter.domainname.com and generate new keys and then talk to the master
01:16 rglen meanwhile the imposter may not have the IP address of the server he's posing as
01:16 schimmy joined #salt
01:16 tedski rglen: grains?
01:17 rglen tedski: this is specifically for salt/auth events
01:17 tedski ahh, i see
01:17 tedski rglen: but, if the imposter has generated new keys, then those new keys aren't accepted on the master
01:18 ckao joined #salt
01:19 bhosmer joined #salt
01:20 fedgoat i was going to use an orchestration server to use the salt-api and do dynamic key generation for the minions upon spinning up new minion nodes, so orchestration is on a secure vlan and can only talk outbound to minion nodes and minions can only accept keys from the orchestration server incoming into the minion node
01:20 rglen tedski: righto, I'm trying to go through a series of checks to confirm the server is who it says it is before automatically accepting the key
01:20 tedski i'm doing something similar to fedgoat
01:20 tedski the orchestration server that provisions the machine then accepts the key
01:21 baniir where can i find more information about running salt in an agentless mode
01:21 forrest joined #salt
01:21 fedgoat right..depending on platform could slip it into the metadata of the instance aws or openstack and minion could pull it..or just put it over ssh
01:21 fedgoat now what im having a problem with is how to do this in vmware
01:22 tedski fedgoat: yeah, i haven't gotten to that point of our deployment yet, either
01:22 tedski fedgoat: one consideration is s/vmware/openstack/ :)
01:23 fedgoat vmware is going to be a little more tricky, but im looking at vcloud directgor and orchestrator..  im running hybrid clouds  both vmware and openstack
01:24 smurfy_ fedgoatse: sounds complicated
01:24 fedgoat i had originally had the idea of the orchestration server generating a client side SSL Certificate and injecting it on the minions then the minions using that cert to auth against the salt-api master and do key generation that way..but i think its more secure having the orchestration server
01:25 fedgoat hey smurf didn't you develop gnuchess?  pops mcaken from berkley right?
01:30 smurfy_ no, you're thinking of ramsey mcackski over at yale
01:32 ipalreadytaken joined #salt
01:34 ahammond I'm setting up a brand new salt-master
01:35 hotsnow joined #salt
01:35 smurfy_ cool
01:35 FarrisG Is it possible to run a module from a minion using salt-call and have it not exit the console session until the job is complete, and include all the debug output fromt he module? will "salt-call -l debug module.function" do that?
01:36 ahammond I set up fileserver_backend: git and gitfs_remotes: to point to my salt repo on github.
01:36 ahammond the repo is private. I created an ssh keypair for root and put the public key on github as a deploy key.
01:36 ahammond I'm getting GitPython exception caught while fetching: len([]) != len(['Host key verification failed.', ''])
01:37 ahammond What do I need to do to get this to work?
01:38 ahammond oh man, I wonder if it's as simple as sshing to github once.
01:41 andrej Hmmm ... if I need a custom grain available in the mine; what do I put in the mine.conf file?
01:41 jubbsy joined #salt
01:44 FarrisG actually, I'm asking the wrong question: Is it possible to do ao "salt-call event.fire_master …" and have the debug output of whatever module/job is fired on the master redirected back to the console of the minion making the salt-call, so that the minion's job doesn't exit and say "True" until the job(s) fired are completed?
01:46 hunter joined #salt
01:50 andrej Ok, ignore my previous statement.  I know the data I'm after is in the mine (found the files on the master).  How do I extract the data from the mine via jinja?
01:53 andrej I tried this  {{ salt['mine.get'](new_minion, 'grains.main_ip') }} but I don't get an error or a result ... I'm sure the syntax for the grains part is wrong?
01:55 mgw joined #salt
01:55 Gordonz joined #salt
01:56 Gordonz joined #salt
02:07 ben__ joined #salt
02:08 snuffeluffegus joined #salt
02:11 bja joined #salt
02:16 jeremyfelt joined #salt
02:16 TheRealBill_here joined #salt
02:19 sgviking joined #salt
02:23 seapasulli joined #salt
02:31 thayne joined #salt
02:32 Networkn3rd joined #salt
02:32 taion809 joined #salt
02:42 meteorfox joined #salt
02:46 cjell joined #salt
02:46 cjell hola... working through the tutorial and I'm setting up my first state file, however I'm stumped by this: http://pastebin.com/TmgBCeU6
02:46 cjell anything obviously boneheaded?
02:48 jcockhren cjell: where's your top file?
02:48 cjell http://docs.saltstack.com/en/latest/topics/tutorials/walkthrough.html
02:48 cjell it's not clear to me I need a top file
02:48 forrest jcockhren, he isn't to the top file part yet
02:48 cjell sorry, new
02:49 jcockhren cjell: the first line is incorrect
02:49 jcockhren every sls file has a state ID it needs
02:50 jcockhren not sure if the state ID can be an argument for a state module
02:51 forrest cjell, so you've installed both the master, and the minion correct?
02:51 forrest is app1.ash1 the same box or a different one?
02:51 jcockhren I am wrong. it can
02:51 jcockhren :(
02:51 smurfy_ jmcackhren: can it ?
02:51 jcockhren yep.
02:52 cjell forrest: these are different boxes, doing a test.ping works fine.  is it possible that I'm just running a version older & inconsistent with the tutorial?
02:52 cjell 0.16.0 installed on this box
02:52 forrest cjell, it could be a version mismatch, what OS are you on?
02:52 cjell this is ubuntu 13.04
02:52 forrest what version is installed on the minion?
02:52 Networkn3rd joined #salt
02:52 cjell same
02:52 forrest hmm, should work then even though those versions are very old
02:53 forrest can you try to run salt 'app1.ash1' state.sls vim -l debug?
02:53 forrest without the question mark of course
02:53 forrest see if we get some more output from the debug log
02:53 forrest cjell, Are those just the versions available from your existing repos or did you add the PPA?
02:53 cjell error: no such option: -l
02:54 cjell it's what came out of the repo
02:54 forrest cjell, the salt repo?
02:54 cjell highly tempted to just re-install from the PPA, sneaking suspicion my problems will go away
02:55 cjell it's in ubuntu's repo (albeit this older version) as of 13.04
02:55 forrest cjell, yea I'd suggest bumping to a more recent release, either 0.17.5, or 2014.1.x, but I can't remember what is in the PPA for ubuntu 13
02:55 cjell sounds good... I'll give that a shot and see what happens.  thanks to all who took time to check out my issue.
02:55 forrest yea np, your syntax looks good at least
02:56 sroegner joined #salt
03:00 srage joined #salt
03:00 Gordonz joined #salt
03:01 thayne joined #salt
03:03 xl1 joined #salt
03:05 oz_akan_ joined #salt
03:05 FarrisG is there any way to use salt-call to output the contents of a file on another minion?
03:06 n8n joined #salt
03:06 oz_akan__ joined #salt
03:07 ipalreadytaken joined #salt
03:07 meteorfox joined #salt
03:12 mgw joined #salt
03:14 cjell joined #salt
03:15 srage joined #salt
03:23 l0x3py joined #salt
03:34 srage joined #salt
03:38 cjell forrest: update.. installed fresh from PPA (version 2014.1.0) and everything works great -- sweet.
03:38 forrest cjell, awesome!
03:43 joehoyle joined #salt
03:47 hunter joined #salt
03:48 srage_ joined #salt
03:49 oz_akan_ joined #salt
03:57 damianh joined #salt
03:58 smurfy_ joined #salt
04:01 Outlander joined #salt
04:13 smurfy_ joined #salt
04:14 meteorfox joined #salt
04:16 ipalreadytaken joined #salt
04:18 budrose joined #salt
04:20 ajprog_laptop I know I can use ssh/sftp but is there a way within salt to copy a file from a minion to the master? preferably by a command executed from the master
04:20 damianh left #salt
04:38 __number5__ ajprog_laptop: cp module has a push method can push file from minion to master http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.cp.html?highlight=cp.push#salt.modules.cp.push
04:38 __number5__ but it might be only in 2014.1.1
04:39 ajprog_laptop __number5__: thank you
04:39 __number5__ np
04:40 middleman_ joined #salt
04:41 smurfy_ joined #salt
04:43 ipalreadytaken joined #salt
04:48 yomilk joined #salt
05:10 Outlander what’s the best practice for using salt with AWS autoscale groups? Hosts that appear for an hour then autoscale and disappear to be replaced by new hosts.
05:12 srage joined #salt
05:18 gildegoma joined #salt
05:36 srage_ joined #salt
05:39 picker joined #salt
05:43 Ryan_Lane joined #salt
05:44 joehoyle joined #salt
05:47 ajw0100 joined #salt
05:48 hunter_ joined #salt
06:01 budrose joined #salt
06:01 ndrei joined #salt
06:01 srage joined #salt
06:09 fllr joined #salt
06:12 mtford joined #salt
06:16 donatello joined #salt
06:19 ChaosPsyke joined #salt
06:21 slav0nic joined #salt
06:22 MrTango joined #salt
06:24 Shenril joined #salt
06:28 schimmy joined #salt
06:32 schimmy joined #salt
06:35 rushmore left #salt
06:35 Nexpro1 joined #salt
06:39 shoma_ joined #salt
06:45 l0x3py_ joined #salt
06:46 marnom joined #salt
06:47 Nexpro joined #salt
06:51 l0x3py joined #salt
06:53 TyrfingMjolnir joined #salt
06:53 marnom Vagrant will really change the way we operate our infrastructure, once I get it working :)
06:59 bronsen marnom: I feel exactly the same way ;)
06:59 Kenzor joined #salt
06:59 viod1 joined #salt
07:04 marnom :-) well at least I'm still making progress, slowly, instead of being fully stuck... I can now at least deploy some VM's from an actual template on my vSphere environment. Getting it to talk with Salt Stack & having it setup hostname/IP is a totally different story though. It seems I fail at Ruby lol
07:04 marnom unfortunately documentation is really sparse, imho. Example configs have been most usefull so far
07:04 marnom (talking about mostly Vagrant here, Salt Stack documentation is extensive)
07:06 balboah joined #salt
07:11 ravibhure joined #salt
07:13 harobed joined #salt
07:14 favadi joined #salt
07:32 ravibhure joined #salt
07:34 yomilk joined #salt
07:36 n8n joined #salt
07:42 donatello any idea when 2014.1.2 is expected?
07:45 thehaven joined #salt
07:50 hunter_ joined #salt
08:00 joehoyle joined #salt
08:02 topochan joined #salt
08:04 topochan joined #salt
08:08 ndrei joined #salt
08:10 fllr joined #salt
08:11 ChaosPsyke joined #salt
08:12 ndrei_ joined #salt
08:16 yomilk joined #salt
08:18 smurfy_ joined #salt
08:27 balboah joined #salt
08:27 godog joined #salt
08:29 kamal_ joined #salt
08:30 yomilk_ joined #salt
08:42 srage joined #salt
08:53 che-arne joined #salt
08:55 joehoyle joined #salt
08:59 topochan joined #salt
09:03 joehoyle Hey - I have written a custom "state" module for a "deployment" of a project, so you define the git url, domain etc and it creates that deployment on the server. I also want to couple this with a "deploy" module
09:03 joehoyle This module would look for any deployments on the minion and run an update on them
09:03 aleszoulek joined #salt
09:04 joehoyle So, my question is - how would I find out what "states" are actually set up on the minion, as I want to search it for any my.deployment state
09:04 ajprog_laptop joined #salt
09:05 jcockhren joehoyle: the special __salt__ structure contains the available calls on a minion, if I recall correctly
09:06 radone is anyone here working on the windows development or... is salt going to develop windows minions in the future ?
09:06 joehoyle jcockhren: Ahh ok, I'll try printing it out and see what it contains
09:07 xmj as others so eloquently put salt on windows is (supposedly) used more often than salt on freebsd
09:08 joehoyle jcockhren: hmm, seems __salt__ is all the available modules / functions, not to do with the state of the minion
09:08 johtso joined #salt
09:08 johtso joined #salt
09:08 jkinning joined #salt
09:09 radone for the last two versions 2014.1.0 and 2014.1.1 it seems that win_servermanager doesn't work ... I've opened an issue on the salt branch 20 days ago...nothing so far (not complaining, just trying to understand if I am barking at the right tree)
09:09 AirOnSkin How are deltas/differences handled with Salt? Let's say I'd like to deploy a standard SSH config file to a group of hosts, but the Listen directive in the config file needs to be the server's management interface address. How would I do that?
09:13 giantlock joined #salt
09:20 mortis AirOnSkin: use grains maybe?
09:26 mike25ro joined #salt
09:26 ndrei joined #salt
09:29 johno joined #salt
09:30 johno hi there we are trying to use gitfs for 2 private repos on github. the issue with this is that github only allows 1 deploy key to be used only on 1 repo. there seems to be no way to specify which key should be used for for which gitfs repo. how do you guys do this?
09:31 bhosmer joined #salt
09:31 mattmtl joined #salt
09:35 bhosmer joined #salt
09:35 vbabiy joined #salt
09:36 aleszoulek joined #salt
09:37 AirOnSkin mortis: ok, cool. thanks.
09:44 jkinning Is there a way you can output the results from salt to a file? So if I want to see which systems have package X and ran the salt command it would out put to a file in which I could search on?
09:48 vbabiy joined #salt
09:49 ashb Soooo. There's a logrotate module but no state for it..?
09:49 topochan joined #salt
09:50 nocturn joined #salt
09:50 hunter_ joined #salt
09:52 nocturn Hi, my salt commands hang every time because one minion is not up (I get jid  minions set() did not return in time).  How can I fix this?
09:53 donatello nocturn: if the machine cant come up you can just delete its key with salt-key -d <minion-id> and salt wont wait for it any more
09:53 donatello i.e. if thats what you want
09:53 nocturn donatello, can I make this timeout?  The machine is a test VM, it's not always up
09:53 nocturn Salt 0.17 handled this ok
09:54 donatello nocturn: there's a timeout here - http://docs.saltstack.com/en/latest/ref/cli/salt.html - maybe it does what you need it to do
09:54 ggoZ joined #salt
10:02 kermit joined #salt
10:04 viod1 joined #salt
10:07 carlos_ joined #salt
10:09 mtford joined #salt
10:11 Mindfab joined #salt
10:12 Mindfab Hi, does anybody know if it is possible to configure salts reactor system in the way that it gets the sls files from a gitfs/svnfs backend?
10:17 faldridge joined #salt
10:43 gtmtech joined #salt
10:43 gtmtech Hi all
10:44 gtmtech Can I dynamically include or not include some state based on a pillar variable ?
10:44 gtmtech e.g. i want to include foo and bar, but i only want to include baz if some pillar var is set
10:46 babilen Hello - I am wondering how I could trigger a restart of apache/lighttpd/... based on what is installed if I change configuration files of php extensions. The service is correctly restarted when the package is installed (by the packaging system), but I am not sure how to do this in a generic way as I have no idea which services are installed/available
10:47 babilen gtmtech: Yes, that should be possible.
10:50 babilen gtmtech: {%- if 'foo' in pillar.get('bar', {}) %} ... {%- endif %} -- or something along those lines
10:51 gtmtech thx
10:51 babilen np
10:54 lionel joined #salt
10:56 aleszoulek joined #salt
11:08 think-free joined #salt
11:08 slav0nic left #salt
11:11 fllr joined #salt
11:13 _fllr_ joined #salt
11:21 ndrei joined #salt
11:24 Math` joined #salt
11:29 ndrei joined #salt
11:29 higgs001 joined #salt
11:29 jrdx joined #salt
11:33 marnom_ joined #salt
11:36 qba73 joined #salt
11:44 topochan joined #salt
11:45 hhenkel joined #salt
11:45 Damoun joined #salt
11:47 crane hey ho, just for documentation... i have a top.sls file where i have inside base: '*': - tools - hosts
11:47 crane how do i call the tools and hosts... is there a term for it?
11:49 mike25ro crane:  states
11:49 crane mike25ro, ah right. thanks ^^
11:52 hunter_ joined #salt
11:55 hardwire joined #salt
11:57 ndrei joined #salt
12:01 Alwin joined #salt
12:04 DaveQB joined #salt
12:04 Shenril joined #salt
12:06 bastion1704 joined #salt
12:06 Alwin hi @all, does anyone knows how to transform a file.sed like command like salt '*' file.sed /etc/httpd/httpd.conf '\(LogLevel \)warn' '\1 info' into file.replace????
12:09 harobed_ joined #salt
12:12 gammalget joined #salt
12:12 mgw joined #salt
12:13 marnom_ would anyone know why, if I enable autosign on the salt master (just in dev environment for testing) the master seems to accept the keys (ea: shows up as accepted when running salt-keys) but the public key of the minion is then rejected by the master. If I disable autosigning and accept the request manually everything works...
12:15 marnom_ Alwin, sorry don't know just  getting started with salt myself
12:18 babilen We have lighttpd running which gets restarted whenever we push changes to its configuration. This is all well and good, but it would be even better if not all of them went down at the same time but in groups or just sequentially. Is there a way to achieve this inter-minion behaviour?
12:19 babilen Background to this is that we use a loadbalancer that would take care of sending the requests to the right minion while the others are down(restarting)
12:19 babilen Well, same thing for Apache or nginx on other setups.
12:22 Alwin @marnom I think I had this issue as well, so normally you should find the answer in the github issues....
12:23 elfixit joined #salt
12:24 topochan joined #salt
12:24 vortec joined #salt
12:29 dstufft joined #salt
12:30 dstufft I'm relatively new to salt, and looking for the proper term so I can go dig into the docs. I'd like to create my own "behaviors" in salt, like file.managed and such, what are these called?
12:30 transtipper joined #salt
12:32 jcsp dstufft: states
12:32 jcsp http://docs.saltstack.com/en/latest/ref/states/writing.html
12:33 dstufft jcsp: No I mean I want something that I can call from within a state, like instead of managing a file using file.managed it'll do some other action. (Specifically this is so I can write a state that will configure an external service using their API)
12:34 dstufft in chef I could do this with a LWRP
12:35 jcsp to be more specific, "state modules".  Read that link, especially "using custom state modules"
12:35 babilen dstufft: http://docs.saltstack.com/en/latest/ref/modules/ + extmodules is what you are looking for
12:35 dstufft ah oops, I thought you were directing me towards writing an .sls file, cool thanks :)
12:35 babilen http://docs.saltstack.com/en/latest/ref/states/writing.html
12:35 babilen ah, redundant link is redundant
12:35 pfallenop joined #salt
12:36 jcsp the naming is a bit confusing, because there are "state modules" that let you define states like file.manage, and then there are just "modules" that let you define actions like cmd.run.  The difference is that states are idempotent (usually an "if it isn't already configured, configure it") whereas modules are things that you just execute.
12:38 dstufft awesome, thanks
12:42 millz0r joined #salt
12:43 babilen So: Is there a way to somehow run actions on minions sequentially rather than at the same time?
12:44 dstufft Is there any pattern for making reusable salt state modules so that people can install them? Do folks typically just copy them into their own _states directory and forgo any type of packaging?
12:44 ajprog_laptop joined #salt
12:44 marnom_ Alwin, thx, will check it out
12:45 jeddi joined #salt
12:45 nkuttler babilen: i guess you don't mean something like require?
12:46 babilen nkuttler: No, I want to ensure that minion2 restarts a service after minion1 so that not both of them are down at the same time
12:46 nkuttler oh
12:47 pfallenop joined #salt
12:47 [diecast] joined #salt
12:48 Alwin babilen afaik you have to put them into different groups/env so you can select one by one
12:48 timidshark joined #salt
12:48 wkf joined #salt
12:49 babilen Alwin: Any idea on how I can do that?
12:49 Alwin using grains
12:49 nkuttler babilen: just a random thought, but you might be able to use peer communication to ensure a service is running
12:49 babilen It's the first time I want to do something like that and my initial thought was "reactor system" (which I do not yet understand)
12:50 babilen nkuttler: Well, we have a loadbalancer that ensures that nodes that are down won't get any requests ... All I really want is that not all of them are down at the same time.
12:51 nkuttler babilen: http://docs.saltstack.com/en/latest/ref/peer.html
12:51 babilen ah!
12:51 fllr joined #salt
12:51 Alwin http://docs.saltstack.com/en/latest/topics/targeting/grains.html this should help: defining some attribute in your grains file like availgroup: 1
12:51 babilen nkuttler: So much to learn ;)
12:52 nkuttler but the grains approach sounds much easier, just target different hosts
12:52 Alwin then you should be able to run the highstate on only one of them by "salt -G 'availgroup:1' state.highstate"
12:52 babilen That wouldn't allow me to use state.highstate ever again
12:53 Alwin or "salt -G 'availgroup:2' state.highstate" for the other server
12:53 babilen yeah, sure .. but then I can just target 1-50 in the first run and then 51-100 in the second ...
12:53 Alwin yes
12:53 Alwin but you have the full controll if sth went wrong
12:54 Alwin so in that case only half of your servers are broken
12:54 babilen heh
12:54 babilen If you put it like that ;)
12:55 Alwin and you could do sth like: "salt -G 'availgroup:1' state.highstate" && sleep 10 && "salt -G 'availgroup:2' state.highstate"  if you don't care
12:55 babilen I see where you are coming from, but I would still like to know if there is a way to programmatically ensure that there is at least one minion running at any given time.
12:56 Alwin maybe there is a http://docs.saltstack.com/en/latest/topics/pillar/ for that
12:56 Alwin or you have to write one
12:56 babilen Chaining the restart from one minion to the next is one idea, but I don't really like that. Just not sure if something like that should be done or if I make my life harder than it needs to be as I could just target different minion groups to begin with.
12:57 babilen How would a pillar help with that? I mean I could put the "availgroup: 1" data in there rather than the grains (I would very much prefer that), but that still leaves me with the same option, wouldn't it?
12:57 mpanetta joined #salt
12:58 fllr joined #salt
12:58 sroegner joined #salt
12:58 Alwin yeah you are right. I thought in the wrong direction
12:59 Alwin maybe you have to define an interface on the grains server knowing how many servers are provisioning at the moment. And you have to create and realease that lock by the servers
12:59 babilen That's great .. All i'm here for is inspiration anyway
13:00 spiette joined #salt
13:00 Alwin but it's still hard to let the servers in that "waiting for the lock to be released" state
13:01 Alwin so the easiest thing would be a server side script, that is calling highstate on one mashine by another I guess
13:03 babilen The terms "overstate", "reactor" and, after nkuttler's suggestion, "peer communication" are coming up when i think about it, but I am not sure if any of those would allow me to solve this problem in a "nice" and idiomatic way
13:09 Alwin hmm sounds complicated
13:09 bja joined #salt
13:09 mpanetta joined #salt
13:10 thayne joined #salt
13:11 Math` joined #salt
13:11 jslatts joined #salt
13:12 mpanetta joined #salt
13:12 oz_akan_ joined #salt
13:13 CeBe joined #salt
13:13 oz_akan_ joined #salt
13:15 harobed_ joined #salt
13:20 racooper joined #salt
13:22 timoguin joined #salt
13:23 anuvrat joined #salt
13:26 racooper morning folks.  has anyone worked on a module for Rootkit Hunter (rkhunter) control?
13:27 spiette joined #salt
13:28 faldridge joined #salt
13:29 HeadAIX joined #salt
13:31 budrose joined #salt
13:38 untamo13 joined #salt
13:39 ipmb joined #salt
13:40 nicolerenee joined #salt
13:43 nhubbard left #salt
13:49 JasonSwindle joined #salt
13:51 n8n joined #salt
13:52 nhubbard joined #salt
13:52 joehoyle joined #salt
13:52 seapasulli joined #salt
13:52 nicolerenee left #salt
13:53 hunter_ joined #salt
13:56 n8n joined #salt
13:56 Math` joined #salt
13:56 ravibhure joined #salt
13:59 danielbachhuber joined #salt
14:02 fllr joined #salt
14:02 nkuttler babilen: you might want to ask in the google group
14:03 babilen nkuttler: Yeah, I am about to write an email ...
14:03 nkuttler :)
14:04 higgs001 joined #salt
14:04 gildegoma joined #salt
14:04 dstufft What's the best way to handle a dependency in a state module? (specifically the requests library)
14:08 joehoyle joined #salt
14:09 GradysGhost joined #salt
14:10 kaptk2 joined #salt
14:11 gadams999 joined #salt
14:11 twlight joined #salt
14:12 untamo13 joined #salt
14:13 timoguin dstufft, write an SLS that installs requests and reloads the modules
14:14 dstufft timoguin: oh there's a method to reload the modules?
14:15 timoguin there's a module, yes. saltutil.refresh_modules
14:15 timoguin you'll have to use module.run to call it from within an SLS though
14:15 timoguin http://docs.saltstack.com/en/latest/ref/states/all/salt.states.module.html
14:15 dstufft ok cool
14:15 dstufft thanks
14:16 timoguin make sure that runs before any SLS that calls your state
14:17 ashb Is there a way I can tell when a salt minion was last run (and if it errored or was a success)
14:17 ashb a grain or something?
14:18 jgelens Is there a hg_pillar in the works?
14:18 sandbender1512 joined #salt
14:19 jgelens alongside the current git_pillar
14:19 timoguin ashb, you mean the last time a command was sent? you can look through the job cache for that
14:19 rtucker can anyone point me to some examples of testing rendered sls files?
14:19 timoguin jgelens, not that i know of, but i would personally like that a lot. it's something i've been wanting to work on myself
14:20 twlight does the syntax for salt-call closely mirror that of a normal salt call? i.e salt <tgt> <do_a_thing>
14:21 jgelens timoguin: cool, yeah me too. I guess I will start with it later then.
14:22 sandbender1512 anyone know roughly how often github issues are processed, ie: when new issues are reviewed/etc?
14:25 ashb timoguin: specifically when the last state.highstate was run
14:25 ashb where's the job cache?
14:26 millz0r_ joined #salt
14:28 timoguin ashb, on the master. the jobs runner is the best way to look at it: http://docs.saltstack.com/en/latest/ref/runners/all/salt.runners.jobs.html
14:29 joehoyle joined #salt
14:30 or1gb1u3 joined #salt
14:31 ashb timoguin: ah right. That doesn't seem to have an entry if i do 'salt-call state.highstate' from the minion for instance though :(
14:34 gothix joined #salt
14:35 bastion1704 joined #salt
14:40 ashb oh or maybe it is just not sorted
14:41 thayne joined #salt
14:42 wendall911 joined #salt
14:43 alunduil joined #salt
14:43 dave_den joined #salt
14:47 topochan joined #salt
14:48 timoguin ashb, actually looks like salt-call doesn't create a jobid, so it never gets to the master
14:48 kermit joined #salt
14:48 timoguin https://github.com/saltstack/salt/pull/10629
14:49 timoguin looks like it does in develop
14:49 viq http://pbot.rmdir.de/Wuzx-jnoMTFYrVRZa_Vc_g - any ideas what's wrong here?
14:50 thedodd joined #salt
14:51 tr_h joined #salt
14:52 ashb timoguin: ah yes that woudl be what I'd want
14:53 sroegner viq: does grains.items work?
14:53 timoguin ashb, it's not optimal at all, but you can check the minion logs if you have to.
14:53 timoguin at /var/log/salt/minion
14:54 doddstack joined #salt
14:54 ashb yeah I'll knock something up
14:55 viq sroegner: I get that no matter what command I try to run
14:55 viq sroegner: well, the couple I tried
14:55 sroegner viq: you have to take a close look at /etc/salt/grains then
14:56 viq sroegner: neither the machine from which I run salt-ssh nor machines I try to connect to have that file
14:56 viq sroegner: if that makes it easier to think about it, I get same result with salt-ssh \* test.ping
14:57 sroegner viq: that changes it - sry i've never used salt-ssh
14:57 eliasp how is the order of modules with the same name defined? e.g. I want to deploy win_service.py to a test-minion to analyze (and possibly fix) a bug… how would I make sure my version is used instead of the default one? where is the module lookup path defined?
14:58 sroegner viq: what is curious though is this in your error:     salt.config.DEFAULT_MASTER_OPTS['ssh_user']
14:59 sroegner viq: is that set in your /etc/salt/master?
14:59 viq sroegner: no, it isn't
15:00 viq The only references to ssh I see in master config are in comments relating to git
15:00 sroegner viq: i wonder if setting that would change anything
15:00 viq Generally I don't have non-comment files in my /etc/salt/master
15:01 seapasulli_ joined #salt
15:01 farra joined #salt
15:01 jalbretsen joined #salt
15:01 viq I appended ssh_user: root and it changed nothing
15:02 sroegner viq: bounced master?
15:02 viq Master is not running
15:02 n8n joined #salt
15:02 viq AFAIK it doesn't need to for salt-ssh
15:02 sroegner there is https://github.com/saltstack/salt/issues/11525
15:03 sijis whiteinge: hey, i'm not sure if that last commit on pepper actually fixed anything. http://paste.fedoraproject.org/90978/13964509/
15:04 viq sroegner: indeed, thanks
15:05 _TheDodd_ joined #salt
15:06 bastion1704 hello, is there a way using grains or cmd.run to get the public ip of a EC2 instance ?
15:06 ajprog_laptop bastion1704: I use salt-cloud -Q to get my ec2 info
15:07 bastion1704 @ajprog_laptop tx, is it possible to assign the result of the command in a sls by anychance ?
15:11 pviktori joined #salt
15:11 sashka_ua joined #salt
15:12 jeremyfelt joined #salt
15:13 akshtray joined #salt
15:15 joehoyle joined #salt
15:15 UForgotten Has anyone used the iptables state stuff in salt?  I'm having a heck of a time. Already found one, maybe two bugs.
15:15 higgs001 joined #salt
15:15 MZAWeb joined #salt
15:16 joehoyle joined #salt
15:17 ajprog_laptop bastion1704: -G "external_ip:*"
15:17 topochan joined #salt
15:17 ajprog_laptop bastion1704: to find grain info use: salt "test*" grains.items
15:17 hunter_ joined #salt
15:18 UForgotten for example, iptables.flush doesn't work http://pastebin.com/Ecy8idk6
15:19 MrTango joined #salt
15:20 timoguin basepi, or grains.get ipv4
15:20 timoguin errr bastion1704
15:20 [diecast] joined #salt
15:20 bastion1704 tx
15:20 ajprog_laptop timoguin: that gives me the internal ip addr
15:21 timoguin it should give all the ipv4 addresses on the machine
15:22 fxhp UForgotten: looking now
15:23 fxhp UForgotten: yeah that is a syntax error
15:23 fxhp UForgotten: what version of Salt?
15:23 timoguin ajprog_laptop, and it doesn't for EC2, so nevermind...
15:23 UForgotten fxhp: master is on 2014.1.0
15:24 joehoyle_ joined #salt
15:25 fxhp UForgotten - have you checked github issue list for a similar error report? Else please file one with Salt version and and errors you are encountering
15:26 UForgotten fxhp: didn't yet, figured I'd start here to get more visibility
15:27 yomilk joined #salt
15:27 marnom_ nice, finally managed to pre-sign my minions so I can deploy using Vagrant to vSphere now! Sweet DevOps here I come!
15:27 Ryan_Lane joined #salt
15:27 fxhp A while back I found and fixed a bunch of modules/iptables.py issues, this looks like the error happens in states/iptables.py
15:28 UForgotten fxhp: right, but I've looked at that code and I don't see the issue. but I've only been using python for a few days now so what do I know lol
15:28 timoguin marnom, "Sweet DevOps here I come!" should be on a shirt
15:29 BrendanGilmore joined #salt
15:29 ashb marnom_: how'd you presign them?
15:29 KyleG joined #salt
15:29 KyleG joined #salt
15:29 UtahDave joined #salt
15:30 marnom_ ashb, salt-key --gen-keys=$minion_hostname
15:30 marnom_ actually I made a small bash script to scrape hostnames from my Vagrant configfile, to pre-sign each key and put it in a directory so salt-minion can use it..
15:30 marnom_ took me a while to figure out but now that itś working itś gonna be pretty awesome
15:31 marnom_ we used to manually maintain our DTAP environments, needless to say they were never actually in sync etc... sucked.
15:31 marnom_ so with this in place I can reproduce a fully clean, working environment any time. Perhaps even with different Vagrant providers to different cloud proviers.. :D
15:32 fxhp UForgotten:
15:32 fxhp https://github.com/saltstack/salt/blob/2014.1/salt/states/iptables.py#L493
15:32 fxhp You see that ] ?  That should be a }
15:32 fxhp heh
15:32 fxhp Lets look in develop to see if this was already fixed
15:33 chrisjones joined #salt
15:34 Katafalkas joined #salt
15:34 UForgotten fxhp: I think it was, which is probably why I didn't see it.
15:35 fxhp UForgotten: you could hotfix one of your minions for testing
15:35 frasergraham joined #salt
15:36 rlarkin joined #salt
15:36 UForgotten fxhp: I found another bug in the iptables.save code in develop too. is this stuff so new that nobody's used it yet? ;)
15:36 UtahDave fxhp: yeah, looks like it's fixed in develop
15:36 fxhp UForgotten: or try placing the iptables.py from develp into _states in for file_root, which is a Dynamic Module
15:36 UtahDave UForgotten: it is quite new
15:36 * fxhp nods to UtahDave
15:38 n8n joined #salt
15:39 meteorfox joined #salt
15:40 bja joined #salt
15:41 timoguin bastion1704, ajprog_laptop, there are some grains in salt-contrib that will gather EC2 info: https://github.com/saltstack/salt-contrib/blob/master/grains/ec2_info.py
15:42 bastion1704 timoguin even better ! tx
15:42 timoguin you should be able to add that into a _grains folder in your state tree, and salt will make it available to the minions
15:43 bhosmer joined #salt
15:45 bhosmer joined #salt
15:47 roddergreg joined #salt
15:49 roddergreg Hello everyone. just ran a salt '*' state.hightstate. its killing my master. no minions are responding. repeated messages Clear payload and Authenitcation request. whats going on here.
15:49 eliasp roddergreg: depends on what your states looked like… any updates of your Salt packages? service restarts? changes to the Salt configuration?
15:50 roddergreg i dont have any states setup yet.
15:50 fxhp roddergreg - also please define killing master
15:50 kermit joined #salt
15:50 fxhp roddergreg - so this is a new setup?
15:50 roddergreg high cpu 10 1 minute load average
15:51 fxhp eek, so you have no states, but you are running a highstate?
15:51 roddergreg this is the first time im attempting to use states.  i've been running the commands manually
15:51 fxhp So running like test.ping works
15:52 eliasp well, this should result in nothing at all… if having no states and running state.highstate crashes any master/minions, this _could_ be a bug
15:52 fxhp but state.highstate is causing master processes to use lots of CPU?
15:52 meteorfox joined #salt
15:52 roddergreg yes it does all well it did before i hosed it up by running states. highstates without any being created. i figured it wouldnt do anything as there is nothing there
15:52 ipalreadytaken joined #salt
15:52 jab416171 joined #salt
15:53 timoguin roddergreg, yea that's what _should_ happen
15:53 roddergreg my logs are spitting out. Clear payloads and authentication requests repeatedly for all minions .
15:53 fxhp I wondering if the high IO to logs is causing the load
15:53 fxhp Stuck in some loop
15:54 roddergreg ok i turned the info messages off to the logs now only critical. cpu remains high.
15:55 srage joined #salt
15:55 conan_the_destro joined #salt
15:56 srage_ joined #salt
15:57 roddergreg 10.10, 9.64, 7.94
15:57 UtahDave roddergreg: how many minions are you running?
15:57 Gordonz joined #salt
15:57 roddergreg around 160 or so
15:58 roddergreg i hope i dont have to recreate the keys and clear the cache files on each of the minions./
15:58 UtahDave try setting    recon_randomize: True in your minions configs.
15:58 Gordonz joined #salt
16:02 roddergreg none of the salt minions are responding. not even to ping now.
16:03 aleszoulek joined #salt
16:03 UtahDave roddergreg: your minions are all flooding the master.  If you set that config item I mentioned, they should back off and auth in a more orderly manner
16:04 roddergreg ok so your suggesting i go to each of the server and modify the minion configuration files?
16:06 UtahDave you might be able to do it from the master.  Have you tried stopping the salt-master service?   Do that, wait a few moments, then restart it.
16:06 bastion1704 @timoguin tx for the info about ec2 grains. the bad new is that is seems to break grains.items on non ec2 machine.
16:07 kvbik joined #salt
16:07 timoguin bastion1704, dang... that's no good.
16:09 bastion1704 timoguin I removed the grains folder from the minion cache file and grains.items works again
16:09 timoguin there is an 'external_ip' grain that does a lookup with a couple of services
16:10 timoguin just worked for me on AWS, but i don't like it as much as reading the EC2 data on the minion
16:11 ccase joined #salt
16:12 ekristen joined #salt
16:13 ekristen anyone use git for ext_pillar in here? I have a question about the behavior
16:15 lude does anyone have a working example for using salt to enforce installation
16:15 timoguin ask away
16:15 aleszoulek joined #salt
16:16 lude ie, if apache is in my "roles" enforce that it's installed (that's obvious how to do that)
16:16 lude but if apache isn't in my roles, actively remove it from the system?
16:16 UForgotten fxhp: so I tried copying a fixed version into the salt _states directory, but I still get the same error. should that work?
16:16 ekristen with states you link a branch in git to a salt environment
16:17 ekristen with pillars it doesn’t seem to be the same
16:17 ekristen with respect to git remotes
16:17 timoguin ekristen, pillar can do that too, but they're just defined differently in the master config.
16:18 timoguin with states it will just auto-detect all the branches and read them as environments.
16:18 timoguin with pillar you have to actually define each branch you want it to pull from
16:18 UForgotten fxhp: I guess I don't follow how the minions get the local changes on the master, I thought the master was the only place that had to have them.
16:18 ekristen timoguin: so when you do git: <branch> repo
16:18 ekristen timoguin: does the branch name need to line up with the saltenv name?
16:18 eliasp ekristen: yes, except of master which will be mapped to "base"
16:18 timoguin ekristen, yes i think so. the master branch is mapped to the base environment.
16:19 timoguin so you can just define 'master' for it6
16:19 ekristen hrm, ok the docs don’t really explain that for gitfs on pillars
16:19 ekristen it does for states though
16:20 smurfy_ time to git back to work
16:21 timoguin ekristen, yea you're right. the only example in the docs is with the master branch
16:22 ekristen timoguin: well then the root=subdir too doesn’t make sense
16:22 ekristen if you user master branch does it then match the env to the root?
16:22 mortis when using environments like in http://docs.saltstack.com/en/latest/topics/tutorials/states_pt4.html, do you need a top.sls/init.sls in the dev and qa subfolders?
16:23 timoguin ekristen, yea i'm not sure. that's confusing to me too. i'm currently only using a base env for my pillar
16:24 ekristen k
16:24 UtahDave mortis: We recommend using one top.sls in the base environment, for simplicity's sake.  You can put a top.sls in the root of each environment, though
16:26 mortis UtahDave: oki, thanks :)
16:28 bemehow joined #salt
16:28 fxhp UForgotten - yeah that should work, _states will Dynamically share the files with all minions
16:28 UForgotten fxhp: apparently not :)
16:28 fxhp http://docs.saltstack.com/en/latest/ref/file_server/dynamic-modules.html
16:29 UForgotten even tried renaming it and the minion can't find it
16:29 fxhp UForgotten - I've used this to hotfix hg.py
16:29 diegows joined #salt
16:29 fxhp until the fixes were merged into release
16:29 UForgotten hmm, I maybe doing something wrong, will look again
16:30 UtahDave UForgotten: have you run   salt \* saltutil.sync_all       ?
16:30 fxhp _states/iptables.py is in one of your file_roots ?
16:30 UForgotten UtahDave: no, that may be the missing link
16:30 UForgotten fxhp: yes.
16:30 UtahDave yeah, it doesn't sync automatically.
16:31 oc have blocks in jinja2 been fucked up in the 2014.1.1 ?
16:31 fxhp UForgotten - that document provides details for the sync as well
16:31 oc salt doesn't seem to evaluate block files any more
16:31 UForgotten fxhp: yep, just saw that. thanks :)
16:32 fxhp UForgotten: welcome
16:33 schimmy joined #salt
16:33 yomilk joined #salt
16:35 oeuftete joined #salt
16:35 joehillen joined #salt
16:35 schimmy1 joined #salt
16:39 hunter_ joined #salt
16:41 bastion1704 joined #salt
16:44 viod1 joined #salt
16:51 moos3 question is there way to do if grains['fqdn_ip4] == '10.50.50.*' ?
16:51 mortis i should be able to use pillars in a pillarmodule right? like this def ext_pillar(minion_id,pillar,*args,**kwargs): and then fetching them with {% pillar.get('somepillar','somepillar_subvalue') %}
16:55 johtso joined #salt
16:56 johtso joined #salt
16:56 Ryan_Lane1 joined #salt
16:57 johtso joined #salt
16:57 johtso joined #salt
16:58 johtso joined #salt
16:59 johtso joined #salt
16:59 moos3 does this look right https://gist.github.com/moos3/9938315
16:59 jeh joined #salt
16:59 johtso joined #salt
17:00 johtso joined #salt
17:01 johtso joined #salt
17:01 johtso joined #salt
17:02 timoguin moos3, I don't think you can do that kind of targetting in an SLS
17:02 timoguin that's for running commands from the command line, or matching minions to state files in the top.sls
17:02 johtso joined #salt
17:03 moos3 yeah thats what I was wondering, i dont see anything in the docs
17:03 johtso joined #salt
17:03 johtso joined #salt
17:04 johtso joined #salt
17:05 timoguin you can certainly do conditionals with Jinja, but looks like you can't do a pattern filter
17:05 johtso joined #salt
17:05 johtso joined #salt
17:06 johtso joined #salt
17:06 vxitch joined #salt
17:06 dave_den {% if salt['match.ipcidr']('10.50.50.0/24') %} …
17:06 dave_den that would work.
17:07 vxitch can i have salt call a local script with parameters being the hostnames of the minions it is running the state on?
17:07 johtso joined #salt
17:07 vxitch and do this from within a state?
17:07 dave_den vxitch: yes. use cmd.script
17:07 johtso joined #salt
17:08 johtso joined #salt
17:08 vxitch can i have that script run locally, on the master?
17:08 vxitch i dont want the script on every minion
17:09 johtso joined #salt
17:09 seapasulli joined #salt
17:09 johtso joined #salt
17:10 johtso joined #salt
17:10 moos3 i'll just do a custom grain
17:11 johtso joined #salt
17:11 johtso joined #salt
17:12 timoguin moos3, look at what dave_den said
17:12 timoguin there is a match.ipcidr function you can call inside an SLS
17:12 moos3 dave_den awseome
17:12 timoguin that should get around the Jinja limitations
17:12 johtso joined #salt
17:12 mpanetta ANyone here know off hand if there is a zenoss module for salt?
17:12 timoguin the match module has some other good stuff too
17:13 johtso joined #salt
17:13 johtso joined #salt
17:14 Kenzor joined #salt
17:14 johtso joined #salt
17:15 johtso joined #salt
17:15 johtso joined #salt
17:16 johtso joined #salt
17:17 johtso joined #salt
17:17 johtso joined #salt
17:18 eliasp any idea how to fix restarting the salt-minion service on Win clients? does cmd.run support spawning/detaching a subprocess which could be used in this case?
17:18 johtso joined #salt
17:18 eliasp currently 'service.restart salt-minion' will cause the service to stop on windows and get stuck  in this state, as the minion process will be terminated before it gets to start again
17:19 UtahDave eliasp: The problem is that the salt-minion runs in threads, not subprocesses.
17:19 stephanbuys joined #salt
17:19 johtso joined #salt
17:19 UtahDave also, there isn't a restart service on windows. Just stop and start.
17:19 eliasp UtahDave: sure, I tried to use an atomic restart through powershell to accomplish this
17:19 johtso joined #salt
17:20 eliasp UtahDave: but the result is the same, that's why I thought of spawning a sub-process
17:20 UtahDave I've been thinking of creating a special module for windows that does what you're mentioning with a sub-process
17:20 Gareth morning.
17:20 UtahDave but haven't gotten around to it.
17:20 Gareth UtahDave: slacker.
17:20 bastion1704 joined #salt
17:20 UtahDave he he.
17:20 eliasp UtahDave: ok, I haven't found a reported issue as well… are you aware of one? otherwise I'd file one
17:20 UtahDave eliasp: yeah, please open an issue. That will be helpful.
17:21 eliasp UtahDave: ok, will do. thanks for the input
17:21 eliasp so I'll continue with my windows.printer module and don't care about this bug any further ;)
17:21 druonysus joined #salt
17:21 KyleG joined #salt
17:21 KyleG joined #salt
17:22 zain joined #salt
17:23 ajw0100 joined #salt
17:23 Gareth UtahDave: Is Tom in the office today or is he off at Interop?
17:24 fllr joined #salt
17:25 JordanRinke Morning
17:25 KyleG JordanRinke gimme yo fiberz
17:25 barbarella55 joined #salt
17:25 LBJ_6 joined #salt
17:25 JordanRinke It isn't just the fiber that makes it hot, it's the fact that we have a 4100MTU and MPLS through the whole connection all the way to the US peering
17:26 KyleG hngggggggg
17:26 * Gareth cuts JordanRinke and steals the fiber
17:26 UtahDave Gareth: Tom's in the office today.
17:26 JordanRinke if you move data in Canada - we can move it the fastest and with the best quality.
17:26 KyleG hrm
17:26 barbarella55 hey everybody. just starting out with salt now. any good getting started guides you’d recommend?
17:27 KyleG JordanRinke: Do you have any fiber lit up @ 1Wilshire
17:27 KyleG Biggest trunk line on the west coast, so I'd be surprised if you don't
17:27 Gareth UtahDave: ah cool.  sent him an email last week but I think it got missed/lost/eaten by spam filters.
17:27 JordanRinke Our peering ends once you get into the US, so I think we trunk out in New York and Washington
17:27 KyleG ah gotcha
17:28 JordanRinke very specifically focus on Canadian data/services.
17:29 KyleG Well
17:29 or1gb1u3_ joined #salt
17:29 KyleG If we ever need to move some gear into Canada, I'll be sure to hit you up.
17:29 JordanRinke yeah, we are in 3 DCs in Canada, all spread out, and our latency basically across all of canada is single digit
17:30 eliasp UtahDave: filed: https://github.com/saltstack/salt/issues/11726
17:30 seapasulli_ joined #salt
17:30 JordanRinke our goal is/was LAN like speeds across Canadian WAN
17:30 KyleG JordanRinke: Is the fiber run along that 1 highway :P
17:30 ccase_ joined #salt
17:31 jeremyBass1 joined #salt
17:31 pviktori_ joined #salt
17:31 fridder joined #salt
17:32 jeremyBass1 left #salt
17:33 shano_ joined #salt
17:34 darrend joined #salt
17:34 dopp_ joined #salt
17:34 mekstrem_ joined #salt
17:34 JasonSwindle joined #salt
17:36 rawzone joined #salt
17:36 dstufft How can I resolve a salt:// url in a custom state module?
17:37 philipsd6 joined #salt
17:38 bryanl- joined #salt
17:39 bastion1704 Hello, is it possible to install gem for a particular version of rubygem installed in opt (sensu installation) ?
17:39 JasonSwindle joined #salt
17:39 n0arch joined #salt
17:39 Gareth hm. is there a way for a module to return a False but also return a message as to why it was False.
17:40 vxitch guys, seriously?! the typo in iptables.py state is still not fixed in 2014.1.1?!
17:40 vxitch i dont understand this.
17:41 Ryan_Lane1 do we use tags to ensure merged PRs are targeted for a release?
17:41 Gareth vxitch: which typo?
17:41 vxitch around line 453 and 498
17:41 vxitch ret['comment'] = 'Set default policy for {0} to {1} family {2]'.format(
17:41 vxitch thats 453
17:41 vxitch notice the ] ?
17:42 vxitch i had to correct it myself and am pushing it out from the master via the _states/ dir in my salt dir
17:42 Gareth oh that one.
17:42 vxitch thats what ive been doing, and i got excited for this new release
17:42 vxitch and its still not fixe
17:42 vxitch d
17:42 vxitch this is ridiculous. absolutely freakin ridiculous.
17:42 Gareth hrm. yeah. I thought that got pushed into develop.
17:43 or1gb1u3 left #salt
17:43 jeremyfelt joined #salt
17:43 rawzone joined #salt
17:44 diegows joined #salt
17:44 SEJeff_work joined #salt
17:44 vxitch at least the yumpkg.py module typos got fixed
17:45 gothix_ joined #salt
17:47 shoma_ joined #salt
17:48 srijan4_ joined #salt
17:49 ectoskeleton joined #salt
17:49 mpanetta Hmmm
17:51 mpanetta So there are no modules for zenoss to communicate with an API...  What would be the best way to do it do you think?  Write a module, or a state module, or even use the reactor system to watch new systems get added via salt-cloud?
17:51 UForgotten vxitch: join the club lol
17:51 UForgotten vxitch: there's another bug in there too if you're on debian family
17:51 mpanetta Ideally what I want is for salt to add a system to zenoss when it gets created and deleted when it is deleted...
17:51 Gareth UForgotten: in iptables?
17:51 UForgotten Gareth: yeah
17:52 Gareth which bug?
17:52 UForgotten I haven't filed one yet
17:52 UForgotten but there's a copypasta fail in .save for debian
17:53 ekristen is there any way to trigger events or anything for that matter if states fail to run?
17:54 UForgotten might as well do it now lol
17:54 Gareth UForgotten: well thats not good.
17:54 wt joined #salt
17:54 Ryan_Lane1 joined #salt
17:56 arthabaska joined #salt
17:57 UtahDave joined #salt
17:58 UForgotten gareth: https://github.com/saltstack/salt/pull/11728
18:01 sandbender1512 joined #salt
18:02 svs_ joined #salt
18:04 mpanetta_ joined #salt
18:05 Gareth UForgotten: damn.  that one was my fault. sorry about that.
18:06 gothix joined #salt
18:07 UForgotten Gareth: no worries. just surprised nobody hit it yet :)
18:08 kermit joined #salt
18:09 hunter_ joined #salt
18:12 timoguin vxitch, I just cherry-picked those two bugs and sent a PR, so they should be fixed on 2014.1 soon.
18:15 bhosmer joined #salt
18:17 ajw0100 joined #salt
18:19 n8n joined #salt
18:20 gildegoma joined #salt
18:22 smurfy_ joined #salt
18:23 hunter_ joined #salt
18:24 fllr joined #salt
18:28 bhosmer joined #salt
18:30 fllr joined #salt
18:32 MTecknology joined #salt
18:33 jforest joined #salt
18:35 bhosmer joined #salt
18:44 vxitch thanks timoguin
18:44 spiette joined #salt
18:47 vxitch i have a script that takes hostnames as arguments and does things with that information. i want this script to run every time a certain state runs. this script should run from the master, don't want it copied on the minions. is there a way to do this?
18:47 timoguin vxitch, fire an event at the end of that state
18:47 timoguin and define a reactor on the master that will execute the runner
18:48 vxitch ah, okay that sounds good. how can i do that? and can i pass the minions' hostnames that got that particular state on to the runner?
18:51 timoguin you'll want to call event.fire_master in the SLS, and you can include any arbitrary data you want in the event
18:51 timoguin the SLS will have access to the minion's pillar, grains, etc.
18:51 justinvf joined #salt
18:52 faldridge joined #salt
18:52 timoguin I'd test it out by firing events manually from the minion first: salt-call event.fire_master '{"data":"my event data"}' 'tag'
18:52 timoguin get it in the format you want before putting it into an SLS
18:52 ajprog_laptop any ideas why {{ pillar['db']['passwd'] }} but {{ salt['pillar.get']('db:passwd') }} does?
18:53 justinvf small question on pillar/mine. Can I target minions by pillar data in a mine query? Basically I have 3 machines that I set special pillar data for. I want to put all of their i.p. addresses into config file on 10 other machiens. Not sure what the appropriate way to do this is. Seems like mine only targets by grain and minion name.
18:54 Kenzor joined #salt
18:54 timoguin vxitch, then you can pass that data to the runner as args
18:56 _TheDodd_ joined #salt
18:56 vxitch okay, thank you. i dont know anything about events so im reading about the event system now. how can i access, say, the minion's hostname in teh state sls?
18:57 mpanetta joined #salt
18:58 timoguin vxitch, {{ grains.get('host') }}
18:59 vxitch got it thank you
18:59 timoguin that'll get you the 'host' grain
18:59 Employee312 joined #salt
18:59 timoguin fqdn and id might also be usefu.
19:00 joehoyle joined #salt
19:01 arthabaska hey everyone, does anyone know where salt-cloud's cloud.map file is documented fully? can't seem to find a full spec.
19:01 bja joined #salt
19:02 possibilities joined #salt
19:12 rglen joined #salt
19:12 joehoyle joined #salt
19:14 joehoyle joined #salt
19:15 LBJ_6 joined #salt
19:19 oc https://github.com/saltstack/salt/issues/11731
19:19 oc jinja template blocks doesn't work anymore
19:19 oc used to up until the new version fmt
19:23 bastion1704 is possible to do a for loop on grains ?
19:23 joehoyle joined #salt
19:25 ChrisC2 joined #salt
19:25 cwright is there any way to have `salt-key —list` suppress heading output?
19:25 cwright I am using it in a script and only want the list of hostnames that are accepted, but it's printing the "Accepted Keys:" column heading
19:26 elfixit joined #salt
19:26 joehoyle joined #salt
19:26 ajw0100 joined #salt
19:26 Ryan_Lane1 bastion1704: in jinja inside of states, do you mean?
19:26 eliasp cwright: check the --out option
19:26 Ryan_Lane1 if so, yes, since grains is a dict. you can use a forearch
19:26 Ryan_Lane1 *foreach
19:26 ChrisC2 how is everyone monitoring salt-minion processes?  i.e. are you being alerted if a salt-minion agent isn't running?
19:27 bastion1704 inside a state
19:28 ChrisC2 are you talking to me bastion1704
19:29 ChrisC2 ?
19:29 bastion1704 ChrisC2 no to Ryan
19:29 Ryan_Lane1 bastion1704: use jinja with a foreach
19:29 cwright eliasp: yea, I have, but that isn't quite what I'm looking for.  I am not looking for a different return format, just a "—no-headings" option or something
19:29 bastion1704 ChrisC2 about your question :  I have a script on the master that use salt-key to get the accepted minions and the I use test.ping
19:30 ChrisC2 you just running it as a cronjob?
19:30 barbarella55 joined #salt
19:30 eliasp cwright: well, --out provides you different data-formats which can be perfectly parsed by a script, e.g. use JSON and simply look at the "minions" key which lists all accepted keys
19:31 cwright eliasp: yea, I use other outputters for other scripts.  in this case its just overkill just to not have the heading in the output. I'll just hack around it, thanks though
19:32 timoguin cwright, are you trying to just get a list of all the keys?
19:32 cwright timoguin: yes
19:32 cwright salt-key -l accepted
19:33 possibilities joined #salt
19:33 eliasp cwright: and if you don't want to do any processing of JSON/YAML/whatever, simply cut off the first line from this output
19:34 cwright eliasp: yes, that's the hacking around it I will do
19:34 scalability-junk joined #salt
19:34 possibil_ joined #salt
19:34 eliasp cwright: and if you don't want to "hack", parsing raw shell output isn't the way to go either
19:34 eliasp :)
19:35 timoguin https://github.com/saltstack/salt/blob/develop/salt/key.py
19:35 timoguin might be able to do something with that
19:36 cwright thanks timoguin
19:39 justinvf so if I do "salt \* pillar.get seed_node" Some of my minions return the value True. But if I do "salt -I "seed_node: True" test.ping", I get nothing. Anyone have a pointer?
19:39 justinvf derp. space.
19:45 possibilities joined #salt
19:51 kermit joined #salt
19:53 smcquay joined #salt
19:55 ipmb joined #salt
19:58 andrej jinja problem ... http://pastebin.com/ZMbtqcjE
19:58 ipalreadytaken joined #salt
19:58 andrej on line 5, new_minion doesn't seem to refernce the variable I defined above
19:58 ashtonian joined #salt
19:58 andrej How do I do it properly?
20:00 pentabular joined #salt
20:04 ndrei joined #salt
20:05 ipalreadytaken joined #salt
20:08 barbarella55 joined #salt
20:08 druonysuse joined #salt
20:08 LBJ_6 joined #salt
20:09 ipalreadytaken joined #salt
20:11 elfixit joined #salt
20:12 Ryan_Lane2 joined #salt
20:13 bastion1704 joined #salt
20:15 bemehow joined #salt
20:16 toddejohnson joined #salt
20:16 TyrfingMjolnir joined #salt
20:18 millz0r joined #salt
20:19 timoguin vxitch, it's merged now
20:21 cewood joined #salt
20:22 vxitch much thanks
20:30 bastion1704 hey guys, I am scratching my head with this : {% for check in grains['sensu'] %} {% if check == 'apache' %} I want to verify the value of check but I received this error Rendering SLS "base:sensu.server-checks" failed: Jinja variable 'list object' has no attribute 'items'; line 4
20:31 bja joined #salt
20:33 Ryan_Lane1 joined #salt
20:34 ekristen_ joined #salt
20:36 bemehow joined #salt
20:37 timoguin bastion1704, you might need to do grains['sensu'].items()
20:38 timoguin well, shouldn't have to if it's a list already...
20:39 druonysus joined #salt
20:39 druonysus joined #salt
20:39 mgw joined #salt
20:40 dimeshake joined #salt
20:42 millz0r joined #salt
20:45 yomilk joined #salt
20:45 barbarella55 joined #salt
20:45 LBJ_6 joined #salt
20:46 jgelens using hgfs im getting: Source file salt://munin/plugins/couchdb_httpd_response_time not found when using file.managed
20:46 jgelens using a normal file based backend no issues
20:47 jgelens any idea?
20:49 barbarella55 joined #salt
20:51 ipalreadytaken joined #salt
20:54 harobed_ joined #salt
20:58 joehoyle joined #salt
21:00 ajw0100 joined #salt
21:02 andrej Right ... I think I have my ufw issue almost sorted
21:03 andrej Now what I believe is the last hurdle is that the minion on the splunk box claims it doesn't know about the SLS the reactor fires.
21:03 andrej [ERROR   ] State cmd.cmd found in sls spl_ufw.add_minion is unavailable
21:03 ndrei joined #salt
21:03 andrej I did use saltutil.sync_all to sync states w/ the minion
21:04 andrej but it's still saying the same thing
21:06 Ryan_Lane1 joined #salt
21:07 mgw joined #salt
21:09 tollmanz joined #salt
21:11 kermit joined #salt
21:12 eliasp any idea why this code: http://bpaste.net/show/iwwku7zVQq0y4Y8h5ey7/ leads to this backtrace: http://bpaste.net/show/3Gcd9HD2DTmm3X6MsaP2/ when no printers are returned by c.Win32_Printer(query)?
21:14 sgflt joined #salt
21:15 eliasp once a list is empty, "for" should just skip, but it seems like it still enters the routine and tries to act on the empty result list of c.Win32_Printer(query)…
21:19 johtso joined #salt
21:20 mpanetta joined #salt
21:24 dwiden joined #salt
21:25 UtahDave eliasp: I think that's one of those weird instances with the windows libraries where c.Win32_Printer isn't an iterator, it's an object or something like that.
21:26 dwiden I'm running state.highstate and I'm getting an error that I don't understand (from one of my states).  Could somebody help me out?
21:26 UtahDave dwiden: can you pastebin the error you're getting?
21:27 dwiden @UtahDave: yes I can, I'll post it in a minute, thank you
21:27 eliasp UtahDave: uh, let's see if I can figure this out… all Win32 examples I found used this approach without any "catch empty result lists" things…
21:29 dwiden @UtahDave: http://pastebin.com/f8NqSqsT
21:29 dwiden I understand that its blowing up when checking permissions, I don't understand why "__salt__" isn't defined, though
21:29 UtahDave dwiden: Is this a Windows minion?
21:29 dwiden yeah its a Windows minion
21:30 UtahDave dwiden: can you upgrade to the latest Windows installer?  I believe this has been fixed.
21:30 dwiden I'm currently running 2014.1.0-5, is that the latest one?
21:30 forrest joined #salt
21:30 eliasp dwiden: no, there's 2014.1.1 now
21:31 dwiden okay thank you.  Should I upgrade my master as well?
21:31 dstufft left #salt
21:31 UtahDave the master should at least be 2014.1.0 or later, if possible
21:31 gothix_ joined #salt
21:32 dwiden it is, thank you very much
21:33 Linz joined #salt
21:33 MTecknology joined #salt
21:36 bja joined #salt
21:37 eliasp UtahDave: problem solved… WMI/Win32 is horrible… if the query matches nothing, it still returns a fill list of all printers, but sets null-values for all attributes…
21:37 eliasp UtahDave: so I'll have to check for the existence of the attributes before building the list… oh what fun it is :)
21:38 UtahDave :)  yeah, that's been my experience, too.  The underlying libraries aren't pythonic, so they surprise you frequently
21:38 UtahDave I'm excited to see the printer support though!
21:39 eliasp UtahDave: well, non-pythonic… that's more like non-reasonable ;) I haven't seen any (query-)language handle things like this
21:39 eliasp UtahDave: imagine an SQL DB working like this ;)
21:39 Gareth adding printers to windows machines via salt?
21:39 eliasp Gareth: yes
21:39 Gareth thats wild and awesome. :)
21:40 Gareth I remember doing that back in the day using login script magic :)
21:40 eliasp once that's done… powerprofiles… "prevent device foo from going to standby" and such things
21:40 eliasp next after that: user-network-shares
21:40 eliasp but for now, I need to get that printer-foo working ;)
21:42 andrej Why would my minion not know about cmd.cmd? :(
21:42 eliasp andrej: cmd.cmd? you mean cmd.run?
21:44 kzx joined #salt
21:45 faldridge joined #salt
21:47 andrej eliasp : i have cmd.cmd.run in a state file
21:47 andrej the minion swears about cmd.cmd
21:47 eliasp andrej: try "cmd.run" instead… try also something like this on CLI: "salt you-minion cmd.run 'ls /etc'"
21:48 eliasp andrej: in case you're not referring to something completely different
21:48 andrej I'm talking about http://docs.saltstack.com/en/latest/topics/reactor/ and the cmd.cmd.run used there
21:49 Gareth looks like a potential typo.
21:49 eliasp this appears multiple times throughout this document… copy'n'pasta?
21:50 eliasp but I don't have any Reactor experience, so I don't know about any (potential) special SLS syntax of them…
21:50 UtahDave andrej: you only need cmd.cmd.run when using the reactor
21:51 andrej Yah
21:51 andrej O
21:51 andrej I am using the reactor
21:51 andrej I'm trying to change firewall settings on machineB when package X was installed on MachineA
21:53 conan_the_destro joined #salt
21:55 andrej Gareth : w/o the cmd.cmd it fails in quite different and unexpected ways :)
21:55 andrej I get a render error
21:56 danielbachhuber joined #salt
21:59 Katafalkas joined #salt
22:01 socket1 joined #salt
22:01 notimpossible joined #salt
22:02 Gareth andrej: ignore me :) I'm not familiar with the reactor system.
22:03 elfixit joined #salt
22:03 andrej heh
22:08 jeffrubic joined #salt
22:11 alunduil joined #salt
22:13 * Gareth goes back to hacking
22:17 LBJ_6 joined #salt
22:18 [diecast] joined #salt
22:19 srage joined #salt
22:20 barbarella55 joined #salt
22:20 yomilk joined #salt
22:20 srage__ joined #salt
22:21 barbarella55 left #salt
22:21 connie joined #salt
22:22 srage_ joined #salt
22:24 rps_ joined #salt
22:26 rps_ Hi all! I am trying to use salt mine in 2014.1.0 to query grains but I can't seem to get the syntax right. Specifically, I know that mining works because mine_functions:  network.interfaces: [] gets me results ... but mine_functions: grains.item:  - roles does not ... any pointers at an example that works?
22:29 andrej rps_ - are you doing this on the command line, or in a state?
22:34 fllr joined #salt
22:37 yomilk joined #salt
22:38 rps_ andrej - trying to do this from state file. So I have enabled the mine_functions in /etc/salt/minion and I run a query like this in a state file: {{ salt['mine.get']('*', 'grain.items') }} ... obviously I would do better selections if there was data to be selected
22:38 bja_ joined #salt
22:39 _fllr_ joined #salt
22:39 andrej have you tried iterating over the result?
22:41 andrej I think you'll need something like {{ salt['mine.get']('*', 'grain.items').items() }}
22:41 dopp joined #salt
22:41 rps_ yes - but the point is that there is no result. Compare that to {{ salt['mine.get']('*', 'network.interfaces') }} which even without the items() call will print the whole dict :(
22:43 andrej Here's soemthing that works for me ... http://pastebin.com/EmWtTXj3
22:43 andrej do you actually have grains.items in your mine.config?
22:45 rps_ I would think so but ... http://pastebin.com/feFVaihh
22:48 rps_ with the minion config above I am trying to render a FILE (via file.managed: - template: jinja) using this template http://pastebin.com/GSwW0qLm and getting this result http://pastebin.com/E8JPZ9d2 ... note how the network interfaces works both in dump / iterate mode but the grains don't have any data
22:50 rps_ I am not sure I understand the pillar call you make but I assume it's not required to work
22:51 andrej I'm still not an expert, but I think it needs to look like this http://pastebin.com/SVm5hKAj
22:53 rps_ yes ... grains.items: [] works. One step ahead.
22:53 rps_ Now I just need to figure out whether it's possible to limit what grains are exported becasue that may be a bit more information than I wish to share
22:53 rps_ or buffer
22:53 rps_ Thanks for the help :)
22:53 cewood joined #salt
22:54 andrej pleasure
22:54 smurfy_ does pillar data with multiple items need to be a dict?
22:54 andrej Still learning ... slowly
22:54 andrej picked this up two days ago ;)
22:54 smurfy_ data:
22:54 joehoyle joined #salt
22:54 smurfy_ - item1
22:54 smurfy_ - item2
22:55 smurfy_ should i be able to iterate over those in a for loop?
22:55 smurfy_ I'm only getting one item out of it
22:55 rps_ @andrej: me too - and thanks
22:56 kvbik joined #salt
22:56 rps_ @smurfy: that translates to { "data": [ {"item1": "" }, {"item2" : "" } ] } I think ... so maybe you need to index differently?
22:57 joehoyle joined #salt
22:57 rps_ @smurfy: but I am still a bit confused about yaml ... if in doubt it's probably good to just do a python import using the yaml module and see what you get
22:59 smurfy_ not { % for item in pillar['data'] %} ?
23:01 joehoyle_ joined #salt
23:02 Teknix joined #salt
23:03 joehoyle_ joined #salt
23:04 rps_ Hmm ... I haven't worked with pillars much yet but I would have expected that you should have gotten two items ... sorry ... out of my depth beyond that
23:04 sroegner joined #salt
23:05 joehoyle joined #salt
23:05 mekstrem joined #salt
23:08 davet joined #salt
23:15 kickerdog joined #salt
23:19 eliasp any chance to use 'cmd.exec_code' on a Windows minion even if there's no Python executable but only DLLs?
23:20 garthk joined #salt
23:25 Employee312 left #salt
23:25 Employee312 joined #salt
23:25 TyrfingMjolnir joined #salt
23:29 ndrei joined #salt
23:32 diegows joined #salt
23:36 Teknix joined #salt
23:40 Ryan_Lane2 joined #salt
23:44 meteorfo_ joined #salt
23:44 eliasp utahcon: any idea, why the Windows Minion builds don't include win32print which should be included in pywin32-218? win32print would make some things regarding printer management way easier than using plain WMI…
23:59 bemehow joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary