Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2014-04-30

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:03 garthk_ joined #salt
00:06 n8n joined #salt
00:08 kickerdog left #salt
00:13 jdelic joined #salt
00:15 mgarfias joined #salt
00:16 jdelic hey everybody. Quick question... if I have a grain: "roles: {'master': 'true\n'}" and I can run "salt-call grains.item roles" and get "roles: {'master': 'true\n'}"... how do I query for "master"? I tried "salt-call grains.item roles:master" but that gives me no result :(
00:17 jdelic can I query dicts through grains.item?
00:18 g4rlic joined #salt
00:19 g4rlic I have a question.  Let's say, I have service A.  How can i make service B restart whenever service A restarts?
00:19 g4rlic I can do it in systemd wihtout salt, but the system I'm running it on is still upstart. >.>
00:19 mapu joined #salt
00:19 g4rlic ideas?
00:20 RandalSchwartz watch the service
00:20 Corey Yeah, a watch will do it.
00:20 RandalSchwartz something like watch: \n - foo: service
00:20 mateoconfeugo joined #salt
00:20 RandalSchwartz oops backwawds
00:21 RandalSchwartz ... watch: \n - service: foo
00:21 RandalSchwartz in your case, watch: \n - service: B :)
00:22 jdelic g4rlic: relevant docs: http://docs.saltstack.com/en/latest/ref/states/requisites.html
00:24 garthk joined #salt
00:31 Gordonz joined #salt
00:32 Gordonz joined #salt
00:32 Luke__ joined #salt
00:32 gadams999 joined #salt
00:36 jdelic does anybody here know how I can query subkeys on grain dictionaries from the command-line? like "salt-call grains.item ip_interfaces:eth0" (but not like that, because that doesn't work...)
00:37 whiteinge jdelic: grains.get does that, irrc
00:38 arthabaska joined #salt
00:41 jdelic whiteinge: oh man... thanks!
00:47 rome joined #salt
00:47 ajolo joined #salt
00:50 xinkeT joined #salt
00:51 rome joined #salt
00:53 Shenril joined #salt
00:55 rome joined #salt
00:55 octarine joined #salt
00:56 elfixit joined #salt
00:56 gldnspud joined #salt
01:07 schimmy joined #salt
01:11 gadams999 joined #salt
01:13 rome joined #salt
01:15 redondos joined #salt
01:15 redondos joined #salt
01:19 gldnspud joined #salt
01:19 Networkn3rd joined #salt
01:24 garthk joined #salt
01:35 vbabiy joined #salt
01:35 rome joined #salt
01:46 ckao joined #salt
01:50 scarcry joined #salt
01:55 JordanRinke interesting, in the minion config if there is no space after the : it fails
01:55 JordanRinke id:blah vs id: blah
01:57 Shenril joined #salt
01:59 Tekni joined #salt
02:02 garthk joined #salt
02:04 rome joined #salt
02:04 n8n joined #salt
02:06 mateoconfeugo joined #salt
02:09 xl1 joined #salt
02:11 whiteinge yaml turns that into a string
02:16 smcquay joined #salt
02:17 JordanRinke and so beings the struggle of installing zmq 3.2 on centos 5.5
02:17 whiteinge fun
02:17 whiteinge how are you doing it?
02:18 JordanRinke trying to do it through the repos
02:18 JordanRinke but getting an error about libzmq.so.1
02:19 JordanRinke Missing Dependency: libzmq.so.1()(64bit) is needed by package python26-zmq-2.1.9-3.el5.x86_64
02:19 JordanRinke which is interesting because I can reinstall that python26-zmq no problems
02:19 JordanRinke seeing a bunch of similar on the googs
02:19 whiteinge i've had some success using the RPMs the zeromq folk added recently. except the package name is slightly different than the one the salt package deps for  :-P
02:21 JordanRinke yeam im using that one, the...fengshuo ones
02:22 JordanRinke well ive got 350 of these little guys so... this should be exciting
02:23 whiteinge good luck  :-P
02:24 JordanRinke yeah that seems to be the general feeling in all of the search results too lol
02:24 whiteinge haha...doh
02:25 whiteinge i vaguly recall the libzmq.so.1 error being a red-herring
02:25 rome joined #salt
02:26 whiteinge at the risk of sending you on a wild goose chase...  what is the name of the zeromq package you installed?
02:26 whiteinge i seem to recall there were two packages with annoying similar names
02:26 JordanRinke zeromq.i386  zeromq.x86_64  libzmq3.x86_64
02:27 ajw0100 joined #salt
02:27 whiteinge Heartsbane: you around?
02:28 rome joined #salt
02:31 JordanRinke im removing everything and building up one at a time first
02:34 ajw0100 joined #salt
02:35 bhosmer joined #salt
02:37 vbabiy joined #salt
02:38 JordanRinke appears to exclusively be a problem with python26-zmq-2.1.9-3.el5.x86_64
02:38 JordanRinke zmq3.2 installs fine on its own
02:40 scarcry joined #salt
02:42 whiteinge yeah, this rings a bell. like the fenshuo packages were named something incompatible with the pyzmq package dep
02:43 whiteinge (or maybe vice versa)
02:45 schimmy joined #salt
02:45 JordanRinke can't even pip install pyzqm
02:45 JordanRinke it fails with an even less useful error
02:47 whiteinge do you have the -devel package installed for zeromq?
02:48 schimmy1 joined #salt
02:49 JordanRinke installed them but no joy
02:50 JordanRinke nice thing is the pyzmq install bombs on a non important line, it actuall fails in the error handler lol
02:50 whiteinge ha
02:50 JordanRinke fails on "except OSError as e:"
02:56 JordanRinke ah
02:57 JordanRinke pkg-config --variable=prefix --print-errors libzmq
02:57 JordanRinke is the actual line it bombs on
02:57 JordanRinke trying to figure out the libzmq path
02:58 Shenril joined #salt
03:01 JordanRinke appears to only work with python 2.6, and the default on 5.5 is 2.4
03:02 gldnspud joined #salt
03:03 mgw joined #salt
03:04 whiteinge there should be a pip available for the python 2.6 installation
03:04 whiteinge pip-26 or something
03:05 ajw0100 joined #salt
03:05 ml_1 joined #salt
03:07 swa_work joined #salt
03:07 Ryan_Lane joined #salt
03:09 JordanRinke installed pip from source, pyzqm installs
03:10 JordanRinke when I try to import it, no module named cffi
03:10 war2 joined #salt
03:10 JordanRinke trying to install cffi, new set of errors
03:11 JordanRinke one step at a time
03:11 nmistry joined #salt
03:13 JordanRinke alright zmq works now
03:13 JordanRinke had to install libffi-devel, but a specific version
03:15 whiteinge woot
03:15 JordanRinke installing salt still fails with the same error lol
03:16 elfixit1 joined #salt
03:18 JordanRinke sigh
03:18 JordanRinke bootstrap fails too
03:19 catpigger joined #salt
03:19 possibilities joined #salt
03:20 JordanRinke helps if I run it right
03:20 JordanRinke my brain, not working now, too many deps
03:20 JordanRinke yeah, that fails
03:21 JordanRinke with eventually the same issue
03:23 JordanRinke I could just run it with non zmq3.2 and restart it every night :/
03:24 whiteinge JordanRinke: i'm headed out for the night. ping me tomorrow and i can hook you up with the person who got that working here last month (might have been zz_cro)
03:28 napper joined #salt
03:29 logix812 I have a salt master running in docker. it's publishing 4505 and 4506 to 2015 and 2016 respectively. I have my minion configuraed with the proper ip and the master_port set to 2016 of my server. I can see in the logs for both the master an minion that they connect just fine. I have the keys accepted as well. When I try to do a test.ping however from the docked salt master I get nothing back
03:29 malinoff joined #salt
03:29 logix812 anyone run into this?
03:31 logix812 I'm going to guess it has something to to with the publish port potentially (i'm guessing completely here)
03:41 garthk joined #salt
03:46 logix812 the minion is also running in a container, if that makes any difference
03:46 kober joined #salt
03:47 kober I'm trying to get started with Salt.  I have to deploy to 20 servers and each have a set of dependencies like which web application goes on there, what packages need to be apt-get installed, if it is a redis server I need to configure all those settings, etc
03:48 kober Where do I get started on writing my first state that just apt-get installs a bunch of stuff?  and how do I tell it which server to apt-get what on?
03:49 garthk joined #salt
03:49 Ryan_Lane kober: you'll need to have a master running and minions on each server
03:50 Ryan_Lane kober: then you'll want to do state enforcement: http://docs.saltstack.com/en/latest/ref/states/
03:51 Ryan_Lane kober: http://docs.saltstack.com/en/latest/topics/tutorials/starting_states.html
03:52 Ryan_Lane (you only need a master on one node, but you need a minion on every node)
03:53 faldridg_ joined #salt
03:55 Ryan_Lane joined #salt
03:56 kober ok, so an easier question might be, if I want to set up all services and install all packages on a single machine (i.e vagrant) is it pretty simple to do that?
03:56 kober In the end the idea is to allow devs to get started quickly with Vagrant but use the same scripts they use to deploy the actual services
03:57 andrej I had an interesting experience w/ the salt-master 2014.1.3-2precise1 ... /var/cache/salt/master/jobs ate all the inodes on the /var file-system.
03:57 andrej The master didn't do any work anymore.
03:57 __number5__ kober: what do you mean all services/pacakges?
03:57 andrej I stopped it, restarted it, and debug output stopped after Loading config file
03:57 andrej I only realised what was happening when I tried to reinstall salt, and apt told me "the disk was full" (which wasn't technically correct since there was 68% space capacity left).
03:57 andrej But I quickly found the actual issue after that, and have since moved /var/cache/salt to it's own file-system
03:57 jalaziz joined #salt
03:57 andrej An error message to suggest the reason of its inactivity would have helped me find the issue more quickly
03:58 andrej Would it make sense to list this as an issue on github?
03:59 l0x3py joined #salt
04:00 kober __number5__: We run a service oriented architecture, so our platform is 12 "services"  and 8 web applications
04:00 kober so I would need to generate a bunch of virtualenvs, clone some source code, install them, etc
04:00 __number5__ submit it, at worse someone will explain to you why that happen
04:01 __number5__ ^^ that's for andrej
04:02 __number5__ kober: I have same issues here, it definitely help if you can put all your services into one vagrant box (for testing/etc.)
04:03 kober I know how to do all this with ansible but I don't even know where to get started with salt
04:03 kober but I think salt will be better once I figure it out
04:04 andrej ok __number5__ , I'll do that
04:04 __number5__ kober: try using vagrant salt masterless provider, and doing one service first
04:05 __number5__ kober: http://docs.vagrantup.com/v2/provisioning/salt.html
04:09 taterbase joined #salt
04:13 andrej What is common/best practice for deploying systems that require a random per-minion password?  I could stick a lot of pre-fab passwords into a pillar-file, but that strikes me as not overly ellegant.
04:14 faldridge joined #salt
04:14 andrej e-Mailing a password (auto-generated by script) back to me/our team doesn't sit well with me
04:19 __number5__ andrej: don
04:19 __number5__ andrej: don't use password if it's for a person :P
04:20 robawt andrej: what's the point of the password?  use keys for systems and deploy users with sudo privs & password hashes
04:23 andrej it's not for a person, it's for the splunk forwarder
04:23 robawt andrej: how many hosts are you talking about?
04:24 Eugene I don't bother with passwords for sudo. If you have a shell on my box, I've already lost.
04:24 jalaziz joined #salt
04:24 robawt Eugene: you don't let developers crawl around your system do you?
04:24 robawt :)
04:24 andrej around 40
04:24 Eugene Only at gunpoint
04:24 robawt Eugene: nothing under .45, ok?
04:24 robawt andrej: if they're known hosts what's the harm in putting it in pillar?
04:24 * Eugene holsters his 9mm
04:25 robawt Eugene: nothing wrong with a wonder nine
04:29 vexati0n joined #salt
04:30 vexati0n anyone alive? maybe you'll be more useful than $35,000 in support paid to saltstack :|
04:30 possibilities joined #salt
04:31 malinoff vexati0n, what's the issue?
04:32 pssblts joined #salt
04:32 vexati0n malinoff: Our use of Salt is *extremely* simple. We don't do states, we don't use pillars or synic. All we want is "master says something, minion replies."
04:32 vexati0n But no matter what we do we never get more than about 85% of minions replying to any call, whether it's a request for info or a cmd
04:32 Eugene So where's the $35k come in?
04:33 vexati0n That's what we paid SaltStack for custom development and support for a year.
04:33 vexati0n and we didn't get much for it
04:33 malinoff vexati0n, what's the 0mq version? Timeouts?
04:34 malinoff Do you have any possibility to have a syn-flood or something on your network?
04:34 malinoff Have you tried to to the same thing with ansible or fabric?
04:34 vexati0n zmq is 3.2.3 on all minions and the master. timeout is set to 15s by default but it doesn't seem to help no matter what setting we try.
04:35 vexati0n ansible and fabric are non starters as those don't do on-demand remote execution in a way that allows us to communicate with minions behind firewalls.
04:36 bturner joined #salt
04:37 vexati0n btw we are running v 2014.1.0
04:37 malinoff Alright, do you monitor your master/minions?
04:37 vexati0n we monitor the master, but we need Salt to monitor the minions
04:37 chesty vexati0n: newb here that doesn't know what he's talking about, what happens if you set -b10 or something smallish
04:37 malinoff How many minions do you have?
04:37 vexati0n and it does an awesome job when it's working.
04:38 vexati0n we have between 500 an 600 minions, so not a whole lot, but right now I'm only hearing from about 275 of them.
04:38 vexati0n we have a total of about 325 who have ever talked, and the 50 missing ones rotate with every call
04:39 malinoff vexati0n, really, what about batching that chesty mentioned?
04:39 vexati0n the other 200 or so have authenticated but have never returned.
04:39 smkelly joined #salt
04:40 vexati0n we've tried batching, and it doesn't make a difference, or at least not a difference that can be distinguished from the random ebb and flow of returning minions
04:41 malinoff vexati0n, and there is nothing bad in minion/master logs, right?
04:42 vexati0n no, no segfaults or anything. on the master we get a few notices about indexing incomplete files once in a while
04:42 vexati0n and we have some
04:43 vexati0n and we have some older minions that spit out 'missing tok' but that's because they're on an old version and didn't upgrade
04:43 vexati0n not worried about those, really..
04:46 chesty when a minion doesn't respond to a cmd, did it receive it but the response never made it to master, or it never received it?
04:46 schimmy joined #salt
04:46 vexati0n don't know. salt is the only way we have to communicate, so if it doesn't respond, i can't look at the logs.
04:47 chesty you can use salt to look at the logs
04:47 vexati0n yes
04:47 vexati0n but not if the minion isn't talking
04:47 chesty i thought it was intermittent? if a minion never responds it should be easier to track down
04:49 malinoff vexati0n, can you try to delete all alive minions and run a command on the remaining? Will they respond?
04:49 ndrei joined #salt
04:50 smkelly joined #salt
04:50 vexati0n i'm sort of afraid to do that because the alive ones might decide to not be alive anymore.
04:50 vexati0n i have deleted the dead ones and they reauthenticate but never reply
04:51 malinoff Sounds like you have no access to your minions
04:51 malinoff I mean, via ssh or something
04:52 vexati0n yeah. that would be accurate. salt was billed as a way for us to manage servers spread out across the country behind firewalls we don't control (except to allow outgoing connections from the minions to our master).
04:53 vexati0n seems like the actual purpose of salt is to orchestrate servers in a single network
04:53 vexati0n which would have been nice to hear from the sales guy...
04:54 war2 joined #salt
04:54 malinoff vexati0n, salt is not production-ready thing, so right now you have to have access to your minions to understand what's going on. Maybe, sometimes, in future, salt will be stable enough
04:55 vexati0n also would have been nice to hear that from the people who sold us support and licensing.
04:55 vexati0n but you know
04:55 vexati0n buyer beware, etc
04:57 chesty from what I understand, which is very little, the master initiates a connection to the minion, so there needs to be a hole in the firewall
04:57 vexati0n no
04:57 chesty ok, cool
04:58 vexati0n the master listens on ret_port for an incoming connection from the minion. when the connection comes, the two shake hands and authenticate, and the master tells the minion which other port (pub_port) to use to receive instructions.
04:58 vexati0n in both cases the connection is from minion to master
04:58 vexati0n the only exception is salt-ssh which is initiated from the master to the minion
04:59 chesty so pub_port is open on the minion? wouldn't you need a firewall hole for pub_port?
04:59 vexati0n no pub_port is open on the master. the minion initiates the connection.
04:59 dstokes anyone ever see this error when trying to run highstate? "NameError: global name '__pillar__' is not defined"
05:00 chesty ok, thanks. glad I could help vexati0n :P
05:00 dstokes pr for the same issue was closed 2 yrs ago w/ no resolution..
05:00 dstokes s/pr/github issue/
05:00 Katafalkas joined #salt
05:00 malinoff chesty, you don't need to open any port on a minion
05:01 malinoff dstokes, I've seen such errors when I tried to instantiate a salt internal class directly from the interpreter
05:01 malinoff But on the highstate...
05:02 dstokes i'm just running `salt '*' state.highstate`
05:02 dstokes with a simple top.sls..
05:02 malinoff vexati0n, I can see the only option here - somehow get ssh access to a dead minion and analyze minion logs
05:03 malinoff I'm 90% sure you will see something like 'key had changed, remove /etc/salt/pki/*...' and so forth
05:04 malinoff Also, it will be useful to monitor 0mq itself (but I really don't know how). Maybe it has clogged queues
05:05 chesty vexati0n: is there a keepalive?
05:05 chesty malinoff: ^
05:05 malinoff chesty, where? In 0mq or salt?
05:05 vexati0n yes there's a keepalive. i'd like to monitor 0mq but i also don't know how
05:06 vexati0n i screwed up my own setup a while ago by trying to change pub_port before realizing minions will never get the memo
05:07 vexati0n recovered from that about 50%, but the reason i did that was the same thing i'm hitting now - even if a minion authenticates it may never reply, even after network ports are verified open
05:07 chesty just thinking out aloud, decreasing the keepalive interval might help if the firewall is deleting the mapping
05:07 malinoff vexati0n, I've just googled and it seems that 0mq has nothing to monitor itself. A developer must use http://learning-0mq-with-pyzmq.readthedocs.org/en/latest/pyzmq/pyzmqdevices/monitorqueue.html to have an ability to monitor queues
05:07 malinoff That's why I like rabbitmq
05:08 UtahDave joined #salt
05:10 smkelly joined #salt
05:12 ajolo joined #salt
05:12 MBroadhead joined #salt
05:14 malinoff vexati0n, have you also tried to run async requests? And run job.lookup_jid after it manually?
05:15 vexati0n that's how we do most of our heartbeat monitoring on the minions
05:15 vexati0n if i waited for the CLI to timeout the responses would be closer to 50%
05:15 jeff joined #salt
05:15 jeff joined #salt
05:15 malinoff And with the manual check it is... ?
05:15 vexati0n 85-90%
05:16 vexati0n with async that is
05:16 vexati0n with just 'fire command and wait' it's impossible to do anything useful for more than a few minions at a time.
05:16 malinoff Yeah, looks like that the master just can't properly handle all those responses
05:16 vexati0n but salt is supposed to be able to do "thousands"
05:17 vexati0n and i'm hitting it with 600 max
05:21 vexati0n anyway, i mostly blame my borderline incompetent boss's vmware cluster
05:22 vexati0n he won't let me put the master on a physical box because 'VMWARE IS THE FUTURE' or whatever
05:22 vexati0n and he doesn't trust linux in general
05:22 vexati0n </rant>
05:24 garthk joined #salt
05:24 malinoff lol
05:25 malinoff Well, it's better than orchestrating windows machines
05:25 vexati0n that's funny
05:25 jcockhren "in general" heh
05:26 vexati0n spooning your brain out through your ear with a spatula and eating it with rancid mustard is better than orchestrating windows.
05:26 malinoff Yeah, "please sit and drink some coffee while I'm downloading 2gb of mssql server"
05:27 jalbretsen joined #salt
05:27 vexati0n at least i know it's not a bandwidth problem. the master is on a 10GB internet circuit
05:27 vexati0n Gb
05:27 vexati0n if anything is being drowned it's vmware
05:32 dstokes hrm.. still getting "NameError: global name '__pillar__' is not defined".. throwing here https://github.com/saltstack/salt/blob/develop/salt/renderers/jinja.py#L216
05:34 Ryan_Lane joined #salt
05:35 dstokes salt '*' pillar.raw works
05:35 UtahDave vexati0n: what version of Salt are you on?
05:35 malinoff dstokes, it's better to create an issue on github?
05:35 vexati0n 2014.1.0
05:35 malinoff s/?//
05:36 vexati0n UtahDave: have applied the suggestion of turning off state_events
05:36 vexati0n no change
05:36 UtahDave vexati0n: yeah, there's a known issue.
05:36 UtahDave in your minion configs set    recon_randomize: True
05:36 vexati0n what does that do?
05:36 UtahDave Your minions are flooding your master with requests and never back off
05:37 UtahDave If you upgrade, I believe it's fixed in 2014.1.3
05:37 vexati0n ok build me a CentOS 5 rpm and i'll be right on that :P
05:37 vexati0n but thanks for the heads up
05:38 dstokes malinoff: yeah. i'll open one tmrw
05:38 UtahDave Do we not have centos5 rpms?
05:39 vexati0n yeah you do but zmq 3 is the thing
05:40 UtahDave http://docs.saltstack.com/downloads/cent5/
05:40 malinoff vexati0n, it looks like 0mq guys have 3.2 for centos 5: http://zeromq.org/distro:centos
05:41 d3vz3r0 joined #salt
05:42 epcim joined #salt
05:43 vexati0n UtahDave: thanks. so, what are the official 'symptoms' of this bug that the recon_randomize setting fixes?
05:44 UtahDave The master becomes unresponsive and maxes out cpu.   recon_randomize tells the minions to pick a random reconnect.  That way the minions behave better
05:45 vexati0n UtahDave: since i have part of your attention... can you wave a magic wand and make minions dynamically cope with a changing pub_port? thx! :D
05:46 UtahDave :)
05:47 UtahDave well, time for bed.  I'll have to demo my magic tomorrow, vexati0n.  ;)
05:47 mgarfias joined #salt
05:47 vexati0n i guess that's ok... well thanks for your help
05:59 n8n joined #salt
06:11 picker joined #salt
06:12 ajw0100 joined #salt
06:13 stevednd joined #salt
06:20 Ryan_Lane joined #salt
06:21 redondos joined #salt
06:29 ml_1 joined #salt
06:35 bones050 joined #salt
06:38 stevednd joined #salt
06:48 ravibhure joined #salt
06:52 slav0nic joined #salt
06:52 slav0nic joined #salt
06:56 ggoZ joined #salt
06:56 topochan joined #salt
07:02 harobed_ joined #salt
07:05 schimmy joined #salt
07:15 Katafalkas joined #salt
07:16 andrej joined #salt
07:21 scarcry joined #salt
07:22 topochan joined #salt
07:22 Kenzor joined #salt
07:24 Daviey joined #salt
07:27 bhosmer joined #salt
07:38 greggyNapalm joined #salt
07:39 epcim joined #salt
07:39 greggyNapalm Hi All is there any way to write one recipes file wich describe what openstack instance I whant to cretae and descr in the same file what pkg to install, etc?
07:41 topochan joined #salt
07:41 artificialexit joined #salt
07:47 gw joined #salt
07:49 babilen Can I exclude specific states from a highstate run?
07:49 gildegoma joined #salt
07:51 it_dude joined #salt
07:52 syngin- joined #salt
07:55 babilen Ah yes, yes I can. (cf. http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.state.html ) --- So I would have to use a list like "[{'id': 'id_to_exclude'}, {'id': 'id2_to_exclude'}, ..." to exclude multiple IDs?
07:58 anuvrat joined #salt
08:03 happytux_ joined #salt
08:04 picker Hi All, I was trying to automate the authentication of minion with master  so that master can perform tasks on it
08:04 picker Trying to achieve this using syndic
08:05 wincus joined #salt
08:06 picker Do I have to run master where syndic is running? since in minion I am getting this [INFO    ] Waiting for minion key to be accepted by the master.
08:08 picker I have 3 instance running grand-master,syndic,minion respectively
08:09 jcockhren there's the 'auto_accept' config option
08:09 picker Last logs on syndic i see is [DEBUG   ] Syndic "ip-10-0-0-47" trying to tune in
08:14 picker Have set auto_accept to True on Syndic still no luck . minion's master is set to point Syndic, so is it correct way?
08:16 picker http://docs.saltstack.com/en/latest/ref/configuration/master.html#syndic-server-settings Followed this on master order_masters is set to true
08:19 scalability-junk joined #salt
08:21 jcockhren yeah. that's correwct
08:21 artificialexit joined #salt
08:21 jcockhren auto accept however, only applies before the key is listed as pending
08:22 jcockhren also set the syndic_master config option on the syndic
08:22 giantlock joined #salt
08:24 istram joined #salt
08:30 picker jcockhren: yes have set in syndic to point master, wondering what is stopping syndic to authenticate minion
08:31 jcockhren picker: and you have a salt-master process running on the syndic?
08:31 jcockhren have you checked your firewalls?
08:31 FL1SK joined #salt
08:32 jcockhren also, run salt-key on the syndic to see the status of the key
08:34 picker No, master is on other server, will check firewall
08:35 jcockhren the syndic must have a master service running
08:35 kuL4 joined #salt
08:41 picker Firewall is good, On running master on syndic it worked
08:43 justlooks joined #salt
08:44 picker Thanks jcockhren, i guess now master can communicate to minion via syndic
08:45 Ztyx joined #salt
08:45 N-Mi joined #salt
08:45 N-Mi joined #salt
08:46 Ztyx Just curious, what's the reason for having both "context" and "defaults" in file.managed state?
08:46 strgcloud joined #salt
08:47 Ztyx For the case of adding variables to a jinja template they both seem to work.…is it to make it easier to have exceptions to defaults?
08:48 malinoff Ztyx, you can have a single "defaults" dict and override it's values with "context" parameter
08:48 malinoff Quite useful
08:48 malinoff Btw, docs (http://docs.saltstack.com/en/latest/ref/states/all/salt.states.file.html#salt.states.file.managed) are understandable enough
08:49 ninkotech joined #salt
08:52 totte joined #salt
08:53 xintron How do I check if a dir exists with salt (or will it work to check for a file even if the directory doesn't exist)?
08:53 hhenkel Hi all, is it possible to have a schedule kind of random as with cron?
08:56 hhenkel xintron: If you find out how to do it, let me know. I was trying something similar within the pillar top.sls
08:56 hhenkel xintron: I guess it would be possible to do it with jinja and a custom module.
08:58 faust joined #salt
08:59 xintron hhenkel, Actually, using states.file I could put my stuff under file.exists and then install packages etc I guess
09:00 hhenkel xintron: okay, so you want to check on a minion then? I was looking into something to import an sls if it exists.
09:00 xintron hhenkel, Yes, check on a minion. Although I would want the "import if sls exists" solution as well (for another situation) :)
09:02 hhenkel xintron: I had something like example/com/hostname.sls in mind, that works for pillars even if the file does not exist.
09:03 hhenkel xintron: But once you want to do some "real" work with states, you will run into errors as the file is not available.
09:03 xintron hhenkel, Almost the same thing I want to solve.
09:04 hhenkel xintron: So any idea how you want to approach that?
09:04 Ztyx malinoff: Sweet. Thanks!
09:05 xintron hhenkel, No, didn't find a solution then. What you want is something in top.sls (for pillars) to do: {% if file_exists("pillar/foo.sls") %} - foo.sls {% endif %}
09:05 xintron hhenkel, But doesn't seem like there is a way to check for file existence that way :/
09:07 ndrei joined #salt
09:08 ze- joined #salt
09:09 Luke_ joined #salt
09:18 babilen viq: Regarding the jinja syntax issue (do I have to nest {{ ... }} ?) -- It works like: http://paste.debian.net/96519/ which is much nicer than what I had hoped for :)
09:18 babilen viq: It also doesn't force me to treat {{ }} as sexp which would have just been too ugly :)
09:18 hhenkel xintron: yes, exactely. My idea was to have a custom module that could be used like  {% if salt['file.exists'](filename) %}
09:19 xintron hhenkel, But this doesn't work then at all?
09:21 briner joined #salt
09:21 xintron hhenkel, It works with the following: {% if salt["file.file_exists"]("file") %}
09:22 xintron Sure, it's not dynamic (with hostname etc) but I guess it wouldn't be hard to add that solution
09:22 hhenkel xintron: I haven't checked it for my situation.
09:22 hhenkel xintron: So, this checks on the master for a file or the minion?
09:22 viq babilen: cool
09:22 viq babilen: "sexp" ?
09:23 hhenkel xintron: Also, is the file a "full path" or relative?
09:23 babilen viq: http://en.wikipedia.org/wiki/S-expression -- lisp-y languages use those
09:24 briner hello, I'm wanting to manage apt-file with salt. How can I tell salt to install it and run the command "apt-file update" only after the installation of apt-file
09:24 briner and not at each occurence of state.highstate
09:25 viq briner: cmd.wait
09:26 briner viq, thanks
09:29 xintron hhenkel, full path I guess. Wonder if it works with "salt://path" as well
09:30 hhenkel xintron: That would not be good once you want to use external_git pillar
09:31 xintron hhenkel, I guess not no :/
09:42 ggoZ joined #salt
09:43 che-arne joined #salt
09:43 ashb is it possible to run a cmd.run state only if a file doens't match
09:44 ashb i.e. i have a /etc/sudoers.d file, and if that is *going* to change I want to validate the sudo fragment first
09:44 ashb but if the state of that file is already right then I don't want to 'needlessly' run the cmd.run to verify the sudo is valid
09:47 viq ashb: unless/onlyif
09:47 viq ashb: also cmd.wait with watch
09:49 babilen ashb: The users-formula recently merged a pull request that implements these checks. Maybe you want to steal that.
09:50 babilen ashb: https://github.com/saltstack-formulas/users-formula/commit/192edba9c500a91be42256ec8bd5cf1c2ec22003 is what I am thinking of
09:51 babilen (haven't evaluated that in detail though so there might be better approaches -- if there are then they should probably be used in the formula too)
09:52 * babilen notices the nick
09:52 babilen haha
09:53 babilen ashb: Here, check out your code. Maybe you want to use that! -- I guess that you want to make sure that exactly that bit isn't executed needlessly :)
09:53 CeBe joined #salt
09:55 viq hah
09:56 babilen Wouldn't a prerequiste work too?
09:56 babilen http://docs.saltstack.com/en/latest/ref/states/requisites.html#prereq that is
09:57 viq Though in prereq wouldn't the command run before the file was changed?
09:57 babilen I use that to only execute a specific state if another state has changes or, more specifically, to make sure a service isn't running while other states work on resources they need
09:58 morsik left #salt
09:58 babilen viq: No, it works by checking if the file would be changed and then *only* executing the state that has a prerequisite on the "change file" state iff there are changes
09:59 viq Ah
09:59 viq Though with cmd you gat the same thing with cmd.wait
10:00 babilen Ah, wonderful. I haven't used that so far .. sounds as if "cmd.wait + watch" is the more idiomatic approach then
10:01 viq babilen: here's an example https://github.com/saltstack-formulas/gitlab-formula/blob/master/gitlab/gitlab.sls
10:02 babilen ta
10:03 CeBe1 joined #salt
10:10 Shenril joined #salt
10:25 ashb babilen: i was trying to improve that to *only* run the visudo -cf if the file would change
10:25 babilen yeah
10:25 ashb yeah prereq might do it. thanks
10:26 viq ashb: also check out cmd.wait
10:26 ashb cmd.wait does it after the file has changed, doesn't it?
10:26 babilen ashb: I gathered as much -- didn't realise that you submitted that pull request and just remembered that I saw your PR being merged into the users-formula
10:26 ashb babilen: ah right :)
10:27 viq ashb: ah, yeah, I see you do this before putting file there, sorry
10:27 babilen ashb: prereq is great and a powerful tool
10:35 ashb hah that code of mine has a bug. If your user has a shell of /bin/sh it breaks - that's very much a bashism
10:39 ashb RuntimeError: maximum recursion depth exceeded
10:39 ashb wheee messed that up!
10:44 babilen Don't follow the white rabbit!
10:53 babilen ashb: Funny coincidence .. I also just ran into "RuntimeError: maximum recursion depth exceeded while calling a Python object" :-/
10:55 viq Infinite Recursion Day!
10:56 viq AKA Groundhog Day ;)
10:57 harobed_ joined #salt
10:58 harobed_ joined #salt
11:05 CeBe joined #salt
11:05 babilen Hmm, not sure why I run into this: I use http://paste.debian.net/96535/ and run into the aforementioned error during initial provisioning. I am using a similar setup somewhere else (where the prereq was introduced later and the mount was therefore in place) -- it works then.
11:10 harobed_ joined #salt
11:12 babilen I found it. I had a require: on an unknown ID
11:20 n8n joined #salt
11:26 Ztyx left #salt
11:28 it_dude joined #salt
11:29 jrdx joined #salt
11:30 elfixit1 joined #salt
11:31 ajprog_laptop joined #salt
11:34 jcsp joined #salt
11:35 bhosmer joined #salt
11:38 Debolaz joined #salt
11:43 ml_1 joined #salt
11:50 nicksloan left #salt
11:55 ashb can't seem to get prereq working without causing a infinite loop :/
11:55 logix812 When running a salt master in a docker container, from my testing it seems that the publish port can't be something like:  -p 2015:4505  but needs to be -p 2015:2015, and the master configuration updated to set 2015 as it's publish port.
11:55 logix812 is that a safe assumption?
11:58 rjc joined #salt
11:58 sandbender1512 ashb: what version are you running?
11:59 babilen ashb: Mind sharing your code + information about your environment (e.g. salt version, ..) ?
12:06 epcim joined #salt
12:15 bastion1704 joined #salt
12:16 yomilk joined #salt
12:17 Katafalkas joined #salt
12:17 logix812 ok.. I think I see what's happening.. during minion auth, the master does indeed send back it's publish_port to the minion. Which makes sense, the minion then subscribes to the pub/sub system using the port the master told it
12:19 it_dude hi, can I use `require` syntax in reactor sls files?
12:19 logix812 and it doesn't look like you can tell the master to : bind to this publish_port but send back this OTHER port on auth. Which again makes sense
12:22 rome joined #salt
12:32 mapu joined #salt
12:33 doanerock joined #salt
12:36 Debolaz Does the "salt" command always need to be executed on the same machine as the master?
12:38 hhenkel Debolaz: You can use salt-api, then you can use salt via webservice calls
12:38 jslatts joined #salt
12:40 jcsp joined #salt
12:42 SEJeff_work joined #salt
12:44 rome joined #salt
12:46 ipmb joined #salt
12:46 DaveQB joined #salt
12:47 war3 joined #salt
12:49 zgre joined #salt
12:49 rome joined #salt
12:50 sysTemz- joined #salt
12:53 happytux joined #salt
12:56 briner hello, again, I'm trying to get a file.blockreplace with the content parameter as beeing multiples lines. It works fine, until the text get bracket "[" "]"
12:57 briner any idea on how to escape this ?
12:58 babilen ashb: I am constantly running into the recursion depth problem if I prereq on a state that has requisites itself *and* run it with "test=True" -- It works fine if I run it without "test=True" (which I believe is because it can actually answer "yes, this works" during the recursive descent)
12:58 zgre Hi. I'm still trying to workout where I should be looking in the documentation. I'd like to create a template file (such as sshd_config) that will get parsed by salt before distribution to a host. The aim is to have a single file, but be able to change certain parameters depending upon which host it is being handed to. Is this possible in salt, if so where should I be looking?
12:59 Luke_ joined #salt
12:59 istram zgre: hey! take a look at jinja templates and pillars
13:00 istram zgre: I do think that exactly this example is included in salt contrib repository on github, lemme find that
13:01 babilen zgre: You find many examples of that in the official formulas: https://github.com/saltstack-formulas/
13:02 babilen zgre: https://github.com/saltstack-formulas/openssh-formula might be what you are looking for
13:02 zgre thank you very much, I'll take a look
13:04 ndrei joined #salt
13:04 babilen zgre: Also read http://docs.saltstack.com/en/latest/topics/tutorials/pillar.html + http://docs.saltstack.com/en/latest/topics/pillar/index.html + http://docs.saltstack.com/en/latest/topics/development/conventions/formulas.html
13:04 babilen zgre: Let us know if you have a more specific problem we can help you with
13:05 zgre babilen: thanks, this looks like it covers what i need
13:06 babilen perfect -- It's easiest to use those formulas if you use gitfs already: http://docs.saltstack.com/en/latest/topics/tutorials/gitfs.html
13:06 briner As said, in my case I try to have a .gitconfig splitted in two part: centrally managed & locally managed, I try to use file.blockreplace... but the section in a gitconfig works with bracket such as [core]. And I'm getting an error with "[core]" and nothing with "core". The error is of type: Rendering SLS "base:git" failed: Unknown yaml render error; line 18
13:06 briner [alias]    <======================
13:07 babilen zgre: I wouldn't recommend to pull directly from github though, but from a local repository into which you push approved changes to the formula (you would grant everybody who can change those formulas root access to your minions otherwise)
13:08 babilen That should, IMHO, be made a bit more explicit in the documentation.
13:08 mpanetta joined #salt
13:09 faldridge joined #salt
13:09 racooper joined #salt
13:11 quickdry21 joined #salt
13:12 doanerock joined #salt
13:13 rome joined #salt
13:15 mpanetta joined #salt
13:15 Nazzy joined #salt
13:15 Nazzy joined #salt
13:15 rome joined #salt
13:16 briner funny, I thought taht this should be a probrem related to PyYaml, but after some testing, it seems to wok well
13:27 vbabiy joined #salt
13:30 rome joined #salt
13:31 amontalban joined #salt
13:33 colinbits joined #salt
13:34 amontalban Hi guys! Greetings from Uruguay!
13:37 babilen amontalban: o/
13:38 GradysGhost joined #salt
13:39 amontalban &q
13:40 workingcats_ joined #salt
13:41 taterbase joined #salt
13:42 workingcats_ joined #salt
13:42 ajprog_laptop joined #salt
13:43 jeffasinger joined #salt
13:47 rome joined #salt
13:47 jaimed joined #salt
13:48 amontalban joined #salt
13:48 abe_music joined #salt
13:49 amontalban Hi guys, one question it's possible to use nodegroups in a reactor state?
13:49 jcsp joined #salt
13:49 amontalban I have - tgt: 'fqdn.domain.com' but want to be able to use nodegroups so I only have to edit one place in case I want to add more servers in the future
13:52 rome joined #salt
13:52 tyler-baker joined #salt
13:54 faldridge joined #salt
13:54 amontalban joined #salt
13:55 pdayton joined #salt
13:57 CeBe joined #salt
14:01 gadams999 joined #salt
14:01 vejdmn joined #salt
14:02 Katafalkas joined #salt
14:04 sroegner joined #salt
14:06 Networkn3rd joined #salt
14:07 workingcats_ joined #salt
14:08 ashb amontalban: sounds like you are after grains (which can contain user/operator specified values) and then 'G@role:foo' matching
14:11 viq huh, compound matching does not support nodegroups?
14:12 gildegoma joined #salt
14:12 diegows joined #salt
14:16 ashb Oh is nodegroup a thing?
14:16 ghartz joined #salt
14:16 ghartz hi
14:17 ashb so it is. I've never come across it before so i thought it was a term from another tech (mcollective, ansible etc)
14:17 workingcats_ joined #salt
14:17 amontalban ashb: Thanks for your reply
14:17 ashb http://docs.saltstack.com/en/latest/topics/targeting/nodegroups.html if you haven't already seen it
14:17 viq ashb: http://docs.saltstack.com/en/latest/topics/targeting/nodegroups.html
14:17 viq erm, yeah ;)
14:17 amontalban I will try to use roles
14:17 ashb viq: yeah - not come across that in my travels
14:18 ashb how long have nodegroups been about?
14:18 ghartz I did a state for redis-server (http://pastebin.com/UzJmwCK0) but the restart doesnt seem to be working
14:18 viq quite a while
14:18 amontalban Since 0.9.5 I think
14:18 ghartz when I edit the redis.conf, salt try to "start" again redis, instead of restart
14:18 viq ghartz: why sig ?
14:19 ashb amontalban: https://github.com/saltstack/salt/issues/4600 'N@mynodegroup' might work
14:19 workingcats joined #salt
14:19 ashb assuming you are talking about the selector in the topfile
14:19 rome joined #salt
14:19 ghartz viq, thought my issue where comming from it
14:20 ghartz a "salt '*' service.status redis-service' is always False
14:20 ghartz redis-server
14:20 viq ghartz: without the sig I would have expected it to use the /etc/init.d stuff
14:20 amontalban ashb: Great! Thanks
14:20 viq Or whatever the platform uses
14:20 ashb amontalban: thank me once it works ;)
14:20 ghartz ubuntu, so init.d
14:21 amontalban ashb: It's for using in a sls called by a reactor
14:21 viq ghartz: try removing the sig line and see if that helps
14:21 ghartz viq, hmmm
14:21 ghartz my bad probably
14:21 ghartz a "service redis-server status" doesnt work
14:21 ghartz where as redis is running
14:21 viq ghartz: here's mine http://pbot.rmdir.de/RqXXcsOcgeL5khOQv2DuMg
14:22 viq ghartz: ah, that could be the issue then
14:22 ghartz I have a custom redis.conf
14:22 kaptk2 joined #salt
14:22 viq I didn't need one, using it for simple stuff
14:23 Networkn3rd joined #salt
14:25 amontalban ashb: By the chance you know if I can run a cmd.run in batches in a sls?
14:26 amontalban Couldn't find any doc refering to it
14:26 ghartz viq, with the default redis.conf it's working
14:26 ghartz I prefer this actually :)
14:26 viq ghartz: prefer which?
14:26 amontalban Want to restart a lot of apache servers but not all at once so I do not have downtime
14:27 ghartz viq, it's my fault
14:27 ghartz not salt
14:27 viq amontalban: from cli or states?
14:27 amontalban viq: from states
14:27 viq hm, you could run states batched...
14:28 vejdmn joined #salt
14:28 amontalban viq: The problem is that I want a reactor to do this
14:28 viq amontalban: I'm not sure you can do it from states, but maybe you could from the orchestrate runner
14:28 viq hmm
14:29 amontalban The scenario is that a git server sends a event.fire_master and I want salt to cmd.run a script in the minions
14:30 viq oh
14:30 amontalban Which includes restarting minion webserver
14:30 amontalban But want to do in a progressive way
14:30 viq it makes an image start appearing in my mind, but give me a bit to read things up
14:31 amontalban Will check the orchestrate
14:31 amontalban Thanks
14:31 Gordonz joined #salt
14:32 Gordonz joined #salt
14:33 wendall911 joined #salt
14:34 yomilk joined #salt
14:35 viq http://salt.readthedocs.org/en/latest/ref/clients/index.html?highlight=batch#salt.client.LocalClient.cmd_batch
14:36 amontalban viq: Oh that's great! Didn't found that after days googling :)
14:36 amontalban Hope I can make it work on my environment
14:37 amontalban Thank you very much viq!
14:37 andrein__ Hi guys, I'm getting a weird error when installing GeoIP using salt in CentOS6. http://paste.opensuse.org/71073610
14:37 viq which with combination of what I see in http://salt.readthedocs.org/en/latest/topics/reactor/index.html makes me think you could do something like cmd_batch.state.highstate with a proper batch size, and that have your states do update and restart, and do a rolling upgrade that way
14:38 andrein__ The EPEL repo is disabled by default, but the repoquery line works fine when ran from the command line, returning the expected packages. Any ideas why it's failing in salt?
14:39 amontalban viq: Yes, that makes total sense
14:39 amontalban Hope to get it working :)
14:39 viq amontalban: if you do show how, I never touched a reactor yet ;)
14:40 amontalban viq: Sure, I have to reactivate my blog and will post a howto
14:40 amontalban It's pretty cool
14:40 amontalban To automate things on events
14:40 amontalban Like a git push in this case
14:41 viq Yeah, I saw someone post how to install OSSEC with salt also partially using reactor, and I had a bit of an idea how to imrpove on that, but didn't manage to try that yet
14:41 viq Yeah, I heard wikipedia uses it that way. Well, jenkins fires off an even when it's done doing tests and packaging things, upon which master tells web servers to upgrade
14:47 cnelsonsic joined #salt
14:50 sealibor_ joined #salt
14:50 cnelsonsic joined #salt
14:53 mgw joined #salt
14:53 napper joined #salt
14:53 conan_the_destro joined #salt
14:57 andrein__ any ideas why i'm getting this cryptic error when epel is disabled by default? http://paste.opensuse.org/69765438
15:01 jalbretsen joined #salt
15:03 it_dude joined #salt
15:04 cedwards joined #salt
15:08 workingcats joined #salt
15:12 eliasp how should I deal with general minor issues I encounter…? e.g. ps.boot_time could really use a "format" parameter etc.… I stumble across dozens of such minor things each day and quickly forget about them until I stumble upon them the next time… should I simply open GH issues for each of them or is there some other kind of TODO list for such minor things?
15:12 eliasp I'll surely create a PR every now and then for such things, but I'm simply not able to tackle each and every one of those…
15:12 DaveQB joined #salt
15:13 AdamSewell joined #salt
15:13 AdamSewell joined #salt
15:15 halfss joined #salt
15:15 bhosmer joined #salt
15:19 thedodd joined #salt
15:19 selenite29 joined #salt
15:20 doddstack joined #salt
15:21 mapu joined #salt
15:21 ndrei joined #salt
15:22 Heartsbane whiteinge: sorry I wasn't ... I am now whatsup?
15:23 whiteinge Heartsbane: did you end up rolling your own zeromq RPMs for Cent 5?
15:26 N-Mi joined #salt
15:26 N-Mi joined #salt
15:28 claytonk joined #salt
15:29 jeremyBass1 joined #salt
15:30 claytonk I'm trying to find the right syntax to flatten pillar list data in my jinja template
15:31 claytonk the information needs to be on the same line like "servers=192.168.0.43, 192.168.0.44"
15:32 claytonk I have the server IP address stored as a list in the SLS YAML
15:32 toastedpenguin joined #salt
15:34 claytonk basically looking for Python style foo = ','.join(ip_list)
15:35 cheus claytonk, {{ foo|join(",") }} ?
15:35 claytonk ahh... thank you, cheus
15:37 cheus NP
15:37 mateoconfeugo joined #salt
15:39 cheus Formula question: I started 'extending' a formula and ended up with a rewrite. Is there a policy governing how to best share back in that event?
15:39 selenite29 Hi all. I am reading the doc about Reactor System, is there a list of event tags somewhere ? I try to find it out, but without any success.
15:40 whiteinge selenite29: as of last night there is a partial list: http://docs.saltstack.com/en/latest/topics/event/master_events.html
15:40 jcockhren whiteinge++
15:41 timoguin nice!
15:41 selenite29 whiteinge: thx, I feel stupid, I even use duckduckgo :D
15:41 whiteinge it is still useful to run the eventlisten.py script to see other events. we haven't gotten the salt cloud events up there yet
15:42 che-arne joined #salt
15:43 whiteinge cheus: generally speaking it's just to send a pull request to that formulas repo
15:43 selenite29 whiteinge: ok, thx
15:43 cheus whiteinge, Even when backwards compatibility is shot (eg, the pillar is no longer compatible)
15:44 Heartsbane whiteinge: let me take care of this and I will point you in the right direction
15:44 Heartsbane FYI it was just the i386 packages
15:45 GradysGhost joined #salt
15:45 teskew joined #salt
15:46 epcim joined #salt
15:46 Gareth morning morning
15:46 fxhp Gareth: morning
15:50 whiteinge cheus: in that case i'd suggest sending a pull request with a formulaname/formulaname_ng.sls and to document in the README that the name_ng.sls is an alternate approach
15:50 cheus whiteinge, Great. Can-do.
15:50 whiteinge cheus: that will open the door to deprecating the current one in favor of yours in a future release
15:51 Heartsbane whiteinge: I dropped my notes in https://github.com/saltstack/salt/issues/5318
15:52 Heartsbane a little over a month ago
15:52 tligda joined #salt
15:52 Heartsbane BRB again ... silly job wanting me to do stuff
15:52 UtahDave joined #salt
15:52 cheus whiteinge, Last question, I promise, the formula I forked lacked a LICENSE file, is there an implied license from saltstack-repos or is it on a per-formula basis? I'd hate the lack of one to kill an opportunity for upstream contrib.
15:52 whiteinge Heartsbane: nice. thanks for the link
15:53 whiteinge JordanRinke: ^^ may be helpful: https://github.com/saltstack/salt/issues/5318#issuecomment-38015560
15:55 whiteinge cheus: ask away! no worries. all the formulas on the saltstack-formulas org should have an apache 2 license file. if you see one missing, feel free to add it
15:55 cheus whiteinge, Thanks.
15:55 whiteinge np
15:56 meteorfox joined #salt
15:56 bastion1704 joined #salt
15:58 chrisjones joined #salt
16:04 redondos joined #salt
16:04 redondos joined #salt
16:04 hunghuynh joined #salt
16:04 jeremyBass1 hello, what is the best way to get the number of cup cores in a state files as a var?  i know there is ` salt -G 'cpuarch:x86_64' grains.item num_cpus ` type of, but I just need to have the cpu count of the server the minion is on and get that value in the state file
16:07 Heartsbane whiteinge: anytime
16:08 halfss joined #salt
16:08 svs joined #salt
16:10 jclarke joined #salt
16:11 halfss_ joined #salt
16:11 jeremyBass1 to get the cpu count in a state file am i wanting something like `{% set cpu_count = salt['grains.get']('item num_cpus', '') %}`   ?
16:12 Debolaz In http://docs.saltstack.com/en/latest/topics/targeting/grains.html which relation does 'roles' have to 'node_type'? Is that some automagic stuff going on behind the scenes?
16:13 timoguin Debolaz: I don't think they have any real relation. roles is just a commonly set grain, and looks like node_type is an example grain in that doc
16:14 Debolaz timoguin: This makes the documentation a little bit confusing.
16:14 [diecast] joined #salt
16:15 timoguin I agree
16:15 saurabhs joined #salt
16:17 KyleG joined #salt
16:17 KyleG joined #salt
16:18 rgarcia_ joined #salt
16:19 smcquay joined #salt
16:22 hunghuynh joined #salt
16:23 bhosmer joined #salt
16:23 Katafalkas joined #salt
16:25 arthabaska joined #salt
16:26 kickerdog joined #salt
16:26 stephas joined #salt
16:26 whiteinge jeremyBass1: you're on the right track. try  salt['grains.get']('num_cpus')
16:27 ipmb joined #salt
16:27 jeremyBass1 @whiteinge Thank you I'll try that out.
16:29 jdog joined #salt
16:31 arthabaska joined #salt
16:40 schimmy joined #salt
16:40 greggyNapalm joined #salt
16:41 ravibhure joined #salt
16:55 redondos joined #salt
16:55 redondos joined #salt
16:55 steveoliver re: http://docs.saltstack.com/en/latest/topics/tutorials/states_pt4.html#practical-example — Why is that first top file location '/srv/salt/prod/top.sls'.  It seems like it should be '/srv/salt/webserver/top.sls', no?
16:55 gtmtech joined #salt
16:56 gtmtech hi all
16:56 viq steveoliver: no, above you have file_roots: base: - /srv/salt/prod
16:56 steveoliver no, i guess i'm missing the whole point..  I guess that's a "prod" state..
16:56 viq steveoliver: no, it's "base" environment
16:56 gtmtech I have a data structure like this > http://pastebin.com/pRUA9GwM   - how do i navigate that in a pillar.get to get the value of key3 ?
16:56 * steveoliver reads again.
16:57 steveoliver ciq: yep, got it.
16:57 steveoliver viq, that is
16:57 gtmtech i tried salt-call pillar.get key1:key3 but that doesn't work because the "-" makes it an array, not a hash
16:58 steveoliver also, relative to these file roots, i'm trying to understand how a state tree/repo should contain the site web files?
16:59 steveoliver it's a simplified example, where there's one repo? or would anyone actually recommend combining state tree and project source/assets?
17:00 steveoliver my thinking would be that maybe web source/assets come from pillar contents?
17:01 war2 joined #salt
17:01 aCodinMan joined #salt
17:01 steveoliver or something besides being combined with the salt state definitions/environments
17:03 tligda joined #salt
17:03 mgw joined #salt
17:03 steveoliver but i guess that source can be supplied via a pull/push to the './src' location relative to each salt environment file_root..
17:04 ndrei joined #salt
17:05 steveoliver gtmtech: lose the dash and indent by two
17:06 gtmtech steveoliver - that turns it into a hash of a hash, meaning I can't have another one - its a different data structure
17:06 gtmtech I just found out that its a "missing feature" of pillar.get https://github.com/saltstack/salt/issues/9354
17:07 gtmtech Salt could do with a bit of TLC in places :)
17:07 gtmtech Thanks all
17:07 steveoliver no, i don't think so.
17:07 steveoliver change the pillar call
17:07 steveoliver use a dot, instead of the colon
17:07 steveoliver key1.key3
17:09 ajw0100 joined #salt
17:09 gtmtech It would need to be a syntax that supports calling the 1st, 2nd 3rd or 4th array sub object, and then looking inside that to find a key lookup
17:09 gtmtech example. key1[0].key3
17:09 JordanRinke whiteinge: yo
17:09 gtmtech I don't think its implemented yet
17:10 logix812 joined #salt
17:10 Ryan_Lane joined #salt
17:10 whiteinge JordanRinke: hiya. get it working?
17:11 JordanRinke http://pastebin.com/NnaSmNqu
17:11 JordanRinke yeah with this janky script :x
17:11 possibilities joined #salt
17:11 whiteinge woot
17:12 JordanRinke so, that will work on rhel 5.x for anyone else that needs it - not pretty, and not cleaned up, but it worked well enough for me last night
17:12 JordanRinke and you end up with the 2014.1 version, with zmq 3.2
17:13 JordanRinke someone else using it would just have to adapt the minion file bits
17:15 whiteinge it would be useful to add that to the centos install docs as a stopgap
17:15 * Heartsbane looks at JordanRinke script.
17:15 repl1cant joined #salt
17:15 JordanRinke it needs to be cleaned up.. that is literally straight from my copy/paste history while I was hacking together an install for 350 machines last night
17:16 JordanRinke wasn't worth my time to clean it up while doing it
17:16 * whiteinge nods
17:17 whiteinge as an alternate, i wonder if we could steal (with permission, of course) the RPMs in that repo you linked, Heartsbane, and host them on saltstack.com
17:17 JordanRinke but yeah, cleaned up, would save other folks with legacy environments a ton of time
17:17 whiteinge yeah. cent5 is still crazy common. i bump into it all the time
17:18 Heartsbane whiteinge: I would ask jcollie
17:18 Heartsbane Although I am hosting them out of my private repo at werq
17:18 Heartsbane so
17:18 MikeLeman joined #salt
17:20 herlo joined #salt
17:22 schimmy1 joined #salt
17:27 war2 joined #salt
17:28 n8n joined #salt
17:32 ipalreadytaken joined #salt
17:33 gothix joined #salt
17:33 manfred whiteinge: i am on a rhel 2.1 box right now
17:33 gothix joined #salt
17:34 ajolo joined #salt
17:36 yusuket joined #salt
17:38 ml_1 joined #salt
17:38 ajolo joined #salt
17:39 bmonty joined #salt
17:40 racooper manfred,  RHEL 2.1? as in, 2002 era kernel 2.4.9?
17:40 ipalreadytaken joined #salt
17:40 napper joined #salt
17:41 whiteinge whoa
17:43 jeremyBass1 i have another question, i need to be able to tell if I'm on a local set up or on a live server, i have been trying to get this to work http://pastebin.com/4fk07EDw but I'm alway getting false.  is there a better way to test if you are on a local server install?
17:44 manfred racooper: bingo
17:45 whiteinge we've had a little success getting salt on ancient boxes using esky & nuitka binary builds of salt. tricky business though...
17:45 racooper cripes. that should have been retired about 5 years ago
17:46 manfred best part, it had iproute2 on it, but it was built in 2003, which was a year before the net-tools package for it was built
17:46 ndrei joined #salt
17:46 manfred i still log into boxes somedays that are rhel 5.6 without iproute2
17:47 racooper you do realize that you have an extremely vulnerable system there, I hope.
17:47 manfred i do
17:47 manfred They aren't mine though, doing customer support. I can't force them to buy new stuff, but i report the hell out of them to the sales people who can :)
17:48 schmutz joined #salt
17:48 Ryan_Lane we're making some custom execution modules and have a question about modules and pip
17:48 smcquay joined #salt
17:48 racooper I'll send a bottle...no, cask...of holy water your way.
17:48 manfred heh
17:48 Ryan_Lane we're wondering if it's a bad idea to add the modules to pip and have our modules directories set up to use the pip locations
17:49 Ryan_Lane will that work? is it a bad practice?
17:49 manfred racooper: i know we still have a couple RedHat Linux 7.# boxes somewhere
17:49 Ryan_Lane UtahDave, whiteinge, manfred: ^^
17:49 ggoZ joined #salt
17:51 manfred so, what part are you using pip for? Installing salt? or are you extending the pip execution module?
17:51 Ryan_Lane we want to be able to version our custom modules independently, but keep them all in a common repo, so using pip would allow us to publish/version them separately
17:51 UtahDave Ryan_Lane: I'm not clear on what you mean.  Do you mean add your python modules to Pypi?   or add your module's functions to the Salt pip execution module and State?
17:51 Ryan_Lane add our python modules to pypi
17:51 manfred ahh
17:51 Ryan_Lane and add the execution modules to a requirements.txt
17:51 jeremyBass1 would anyone know how you could test and put to a variable if the server is a localhost server for use in a state file?
17:52 Ryan_Lane then point salt at the pip installed locations
17:52 ndrei joined #salt
17:53 jcockhren Ryan_Lane: have you used wheel for packaging?
17:53 manfred hrm... i have no idea how that would work
17:53 Ryan_Lane wheel?
17:53 manfred Ryan_Lane: if/when you get it working, i would be interested in knowing how
17:53 jcockhren http://pip.readthedocs.org/en/latest/reference/pip_wheel.html
17:54 Ryan_Lane ah. interesting
17:54 whiteinge Ryan_Lane: i don't see any reason why it wouldn't work. you'd have to point your module_dirs/states_dirs at whereever pip puts the modules
17:54 jcockhren wheel is the next packaging standard to succeed eggs
17:54 jcockhren with wheels, the compiled c bindings are included
17:54 whiteinge Ryan_Lane: http://docs.saltstack.com/en/latest/ref/configuration/minion.html#std:conf_minion-module_dirs
17:54 jcockhren (for any package or it's requirements)
17:55 Ryan_Lane whiteinge: yep :)
17:55 Ryan_Lane whiteinge: knew about the config locations, just wanted to get a sanity check
17:55 * whiteinge nods
17:55 UtahDave Yeah, I think it's an interesting idea, actually
17:55 Ryan_Lane I think it may be a burden overall since we'd need to list every location specifically
17:55 manfred jcockhren: nice, so you would have some wheel directory and would only have to install each of the main dependencies for each one once?
17:56 whiteinge it would be useful to add a loader function that could load modules from the regular Python path
17:56 Ryan_Lane it would, yeah
17:57 whiteinge probably pretty straightforward too...
17:57 smcquay joined #salt
17:57 whiteinge Ryan_Lane: ooc, how are you structuring the package tarball?
17:57 n8n joined #salt
17:57 Ryan_Lane no clue. we're open to recommendations on that
17:58 whiteinge offhand, i'd say having the regular _modules, _states, _etc dirs inside the package would be a compatible-leaning convention
17:58 Ryan_Lane hell, if you guys support this as a normal use case and provide a recommended way of structuring them, we'd definitely go with that format
17:59 jeremyBass1 I based http://pastebin.com/4fk07EDw off of http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.network.html#salt.modules.network.ip_addrs .. but even know i know my localhost is an ip of 10.255.255.X this always turns false..
17:59 jcockhren you'll only have to compile/prepare the dependecies once.
17:59 jcockhren manfred: ^
17:59 manfred nice
17:59 manfred i like it
17:59 halfss joined #salt
18:00 danielbachhuber joined #salt
18:00 jcockhren it'll be great if there's some way to go from wheel to deb
18:00 jcockhren but not yet
18:01 Ryan_Lane does pip integration seem like something I should add an issue for?
18:02 Ryan_Lane or maybe including salt packages from the python path?
18:02 nhubbard jeremyBass1: if I had to guess it's a variable scope issue, could you change line 4 to set the environment to development and put an else up there and have it set the env to prod?
18:03 nhubbard I'm not sure how variables are scoped in salt though to be honest
18:03 jeremyBass1 salt-call network.ip_addrs does show me that i have local addresses of the 10.255.255.XX ..
18:03 whiteinge Ryan_Lane: sorry, meat-space distractions
18:03 Ryan_Lane https://github.com/saltstack/salt/issues/12416
18:04 Ryan_Lane heh
18:04 whiteinge Ryan_Lane: i'd say yes
18:04 whiteinge nice
18:04 perfectsine joined #salt
18:04 druonysus joined #salt
18:04 druonysus joined #salt
18:04 jeremyBass1 @nhubbard as far as I know jnija will handle that scope ok.. if i understood you right
18:04 Ryan_Lane oh, another thing too. the most common complaint I'm getting from people learning salt is that it's really hard to get started
18:04 Ryan_Lane all of them say "isn't there a way for me to write a state file, and just run that file?"
18:05 Ryan_Lane without any of the other random setup. something like: salt-call --local --run-state mystate.sls
18:05 chrisjones joined #salt
18:05 * whiteinge nods
18:05 ajw0100 joined #salt
18:05 whiteinge a local-only install would be a good addition to the tutorials
18:06 Ryan_Lane well, this isn't currently possible, right?
18:06 Ryan_Lane you need to add a directory with the states, add a top file, include your individual state, then run it
18:07 Ryan_Lane and it needs to be in /srv/salt, unless you want to make a config file
18:07 jeremyBass1 so http://pastebin.com/s2c1Vehx  .. that salt-call get me the ip's.. is it that I'm not doing the for correctly?
18:07 whiteinge Ryan_Lane: it's possible without any config. salt-call --local state.template /path/to/blah.sls
18:08 rgarcia_ joined #salt
18:08 Ryan_Lane whiteinge: oh. wow
18:09 logix812 each salt-master agent?  uses ~37meg of memory per. Which comes out to about 300+ meg of ram. That's normal ya?
18:09 whiteinge we've been hearing the "salt is hard" thing a little lately. it's a marketing & documentation problem! salt is all the things, man!  ;-)
18:09 whiteinge Ryan_Lane: thanks for the heads-up, btw
18:10 Ryan_Lane whiteinge: is that documented anywhere?
18:11 Ryan_Lane it should be front and center in the getting started docs
18:11 JasonSwindle joined #salt
18:11 whiteinge probably not in the tutorials. i'm reading the "standalone minion" one now...it could be less verbose
18:11 Ryan_Lane oh. another thing :)
18:11 * whiteinge gets his pen and notepad
18:11 Ryan_Lane the way we give examples of using/defining states isn't great
18:12 Ryan_Lane let me give a gist example
18:12 JasonSwindle Howdy, anyone got examples of salt-ssh + salt roster + puppet?
18:13 googolhash joined #salt
18:13 jeremyBass1 i guess in http://pastebin.com/s2c1Vehx i wounder if the local: return from the salt-call is the issue?  as i understand the jnija for loop, the list of the ips would treat each as an array, and then i can do my test.. so {% for host,ip in salt['mine.get']('*', 'network.ip_addrs').items() -%} would be just a list of ip.. or is it that it's a list of the objects and i need to get in those to get the ip's?
18:14 jeremyBass1 sure would be nice to be able to test things like this with ease.. lol.. it's hard to test state files
18:16 jcockhren https://github.com/simonmcc/kitchen-salt
18:16 jcockhren jeremyBass1: ^
18:18 jeremyBass1 I'll look in to that more thank you..
18:18 timoguin testinggggggg+++!!!!111!!
18:18 eriko joined #salt
18:18 tligda joined #salt
18:19 Networkn3rd joined #salt
18:19 g4rlic left #salt
18:20 whiteinge jeremyBass1: try this: {% for host,ip in salt['mine.get']('*', 'network.ip_addrs').items() if not ip.startswith('10.255') -%}
18:20 whiteinge (untested, sorry)
18:21 jeremyBass1 ok.. I'll try that.. tk.. it's hard to test cause i have to destory the whole server and re run each time.. not fun lol..
18:21 jeremyBass1 I'll get back shortly if that work
18:22 Ryan_Lane whiteinge: https://gist.github.com/ryan-lane/f423b87c5dabcc24301d
18:23 JasonSwindle Better yet, anyone using salt roster ?
18:23 Ryan_Lane the way we have states documented we put the action or resource as the resource name, which makes it awkward to read. it's especially awkward to read if both ways are used.
18:25 Ryan_Lane it's also awkward when running highstate, since you get the ID back, and it doesn't read like a set of actions, but a set of resources
18:25 whiteinge jeremyBass1: use a different state to test with that doesn't require destroying the server. sec, i'll pastebin an example
18:25 ajw0100 joined #salt
18:26 Ryan_Lane if we recommend writing states where the state name is the action, rather than the resource it makes states far easier to read. it would also give us a consistent style guide for the docs.
18:26 war2 joined #salt
18:27 Ryan_Lane (this is something I'm recommended based on feedback from newbies that find reading states difficult)
18:27 Ryan_Lane *recommending
18:27 Ryan_Lane when I changed the style of the states to read as a guide all complaints went away
18:27 timoguin Ryan_Lane: agreed on the State ID portion.
18:28 whiteinge Ryan_Lane: this is a pet peeve of mine. i strongly dislike the "short dec" syntax
18:28 timoguin the fact that they're a unique id, but can also double as the name argument threw me off a lot at first
18:28 timoguin i try to never write my states like that
18:28 whiteinge nice. i don't even teach it in salt trainings :)
18:29 timoguin diagrams would help a lot.
18:29 timoguin it's difficult to visualize the data that's available to states
18:29 timoguin especially as a beginner
18:29 stevednd UtahDave: I created issue #12397 as per your suggestion yesterday for adding port specification to saltify
18:29 UtahDave great!  thanks, stevednd
18:30 stevednd it looks like it should be simple to fix, but I have never really worked with python
18:30 UtahDave Yeah, it shouldn't be hard at all
18:30 stevednd not sure what I would need to get installed and setup to get an environment running for salt
18:30 jslatts joined #salt
18:30 stevednd if I can get setup quickly, I will try to submit a pull request for it
18:31 UtahDave just fork the Salt repo to your own github account, then clone your fork
18:31 Ryan_Lane whiteinge: right, I'm recommending we change all examples in the docs to use the "as a guide" formatting
18:31 Ryan_Lane and list it as a best practice
18:31 UtahDave Ryan_Lane: is that pastebin an example of how you like it to be done?
18:31 joehillen joined #salt
18:31 Ryan_Lane UtahDave: yep. something like that
18:31 AdamSewell joined #salt
18:31 UtahDave I like it.
18:31 eliasp how should I deal with general minor issues I encounter…? e.g. ps.boot_time could really use a "format" parameter etc.… I stumble across dozens of such minor things each day and quickly forget about them until I stumble upon them the next time… should I simply open GH issues for each of them or is there some other kind of TODO list for such minor things?
18:31 eliasp I'll surely create a PR every now and then for such things, but I'm simply not able to tackle each and every one of those…
18:32 Mr_N So I'm getting some rather strange behavior to pkgrepo.managed, not sure if it's intentional
18:32 UtahDave eliasp: Yeah, just open up an issue for each one. Even if it's small.
18:32 timoguin agreed on the State ID format. they make a lot more sense as verbs to me.
18:32 Mr_N Anyone able to be a sanity check for me on this?
18:32 eliasp UtahDave: ok, great
18:32 UtahDave thanks, eliasp!
18:32 Ryan_Lane I'll open an issue for this
18:33 Mr_N The humanname field, if present as an argument to a pkgrepo.managed stanza, steamrolls a value passed in as the name: parameter
18:33 Mr_N If there's no humanname field, name: populates appropriately
18:33 gildegoma joined #salt
18:34 war3 joined #salt
18:34 whiteinge Ryan_Lane: i'd love to comb the docs and make that consistent. i talked to tom about deprecating short decs a year ago or so, he leaned toward no and i didn't have a strong leaning at the time. i'll revisit that discussion
18:36 jeremyBass1 so it looks like the {% if ip.startswith('10.255.255') %} is not working either.. I'm running another test thou..
18:37 Ryan_Lane whiteinge: well, I'm not suggesting deprecating it, but we should at least not use it as the style in the docs or best practices
18:37 gildegoma joined #salt
18:37 whiteinge noted. i would like to deprecate it. even if we never actually pull it out
18:38 Ryan_Lane https://github.com/saltstack/salt/issues/12419
18:38 whiteinge ty
18:38 Ryan_Lane whiteinge: yeah, it's likely bad practice
18:38 viq Interesting suggestion. Though would make some things longer to write...
18:39 viq I guess my biggest problem is coming up with the state IDs ;)
18:39 Ryan_Lane also. why don't we allow whitespace in state IDs?
18:39 ndrei joined #salt
18:39 viq does yaml allow whitespace in keys?
18:40 stevednd UtahDave: checking out the HACKING.rst, there seems to be a good deal of setup to getting salt running for development
18:40 Ryan_Lane good question
18:40 Mr_N viq: Mine just get hilariously verbose.  "proliferate_authorized_keys_using_pillar_inheritence"
18:40 viq Mr_N: :D
18:40 Ryan_Lane yep. I think there's nothing wrong with verbose keys
18:41 Ryan_Lane it's nice reading through a state that lets me read the ids and know what's happening
18:41 * viq nods
18:42 * viq sees in his mind a huge diff to his work tree with commit message "Rewrite according to recommended best practices" ;)
18:42 UtahDave stevednd: It doesn't have to be that hard.  Here's what I recommend.   1. Install Salt Master and Salt minion from system packages. (this makes sure you get all the deps).   2. Remove the Salt Master and Salt minion, leaving the deps.  sudo apt-get remove salt-master salt-minion.   3. Clone your Salt fork.  4.  sudo pip install -e /path/to/your/salt/clone
18:42 stevednd okay. I'll try that
18:42 timoguin the docker containers used for testing are worth looking into as well. not sure if that'd be easier or harder for you
18:43 stevednd question though, where are the tests for saltify, or any of the cloud stuff for that matter?
18:43 Kenzor joined #salt
18:43 patrek_ joined #salt
18:43 UtahDave then whatever you have in your git clone is what's running live on your system.  Just restart the salt-master and salt-minion services, if you've modified them.   Salt-cloud stuff doesn't need any kind of restart
18:43 Ryan_Lane whitespace is indeed allowed in yaml keys
18:43 stevednd there doesn't seem to be anything in test/ focusing on cloud stuff
18:43 viq Ryan_Lane: and UTF-8 ?
18:44 Ryan_Lane ascii only, as far as I know
18:44 UtahDave stevednd: I think you're right.
18:44 ajolo joined #salt
18:44 viq OK. I'll have to remember that, or keep writing in english ;)
18:45 UtahDave ajolo: hey!
18:45 Ryan_Lane looks like today is add issues for salt day :)
18:45 whiteinge jeremyBass1: sorry, distraction-filled day. this is a simple pattern for testing jinja: http://paste.fedoraproject.org/98234/83507139
18:45 Ryan_Lane https://github.com/saltstack/salt/issues/12421
18:46 eliasp viq: keeping IT related stuff in english is never a bad idea… imagine some day getting an english-speaking member into your team… oh what fun it'll be having all the non-english stuff around… or your company being sold to an international owner etc.
18:46 eliasp viq: using non-english terms in IT (development, infrastructure, documentation…) will lead to troubles sooner or later
18:46 rome joined #salt
18:46 jalaziz joined #salt
18:46 timoguin but the benefit is that existing team members can scoff at new people who can't read Chinese
18:46 timoguin and that's culture!
18:47 viq I usually write in english, out of custom or whatever, but not all the members of my team are as comfortable with it
18:47 viq timoguin: well, the characters here are easier, though the sounds not necessarily, and the language is considered among the harder ones to learn ;)
18:47 war2 joined #salt
18:47 jeremyBass1 whiteinge, tk .. for sure {% if ip.startswith('10.255.255') %} didn't work.. but so can i add that state file and what salt-call state.highstate state:test.sls ?
18:49 whiteinge jeremyBass1: avoid highstate when testing: salt-call state.sls <thatsls>
18:49 jeremyBass1 got yea.. so i don't need to clear the cache or something for salt to see the new file?
18:50 FarrisG joined #salt
18:50 whiteinge nah, salt handles that
18:50 whiteinge if the .sls file is on the local system you should also use salt-call --local
18:51 jeremyBass1 well it's on the server local.. it's a vagrant set up
18:51 bhosmer joined #salt
18:56 whiteinge jeremyBass1: ah the ``ip`` variable is a list so you need an inner for-loop and the .startswith() check needs to go at the end of that inner check
18:56 JasonSwindle whiteinge: So you see any issues a period in a grain.  Like for example mysql5.1 or would it be safer to do mysql51 ?
18:56 strgcloud joined #salt
18:57 picker joined #salt
18:57 whiteinge JasonSwindle: that should be safe. caveat, you won't be able to use jinja's shorthand syntax to reference that key
18:57 whiteinge e.g., {{ grains.mysql.5.1 }}
18:57 hellome joined #salt
18:58 JasonSwindle ah, yes.... I see what you mean
18:58 whiteinge it won't cause any problems though
18:58 jeremyBass1 @whiteinge.. so maybe something like {% for host,ip in salt['mine.get']('*', 'network.ip_addrs').items()['local'] -%}  so i can skip the extra loop?
18:58 eliasp I'm using dots as "fake" namespaces for win_repo package names (e.g. microsoft.office, mozilla.firefox), but now I wonder whether I should continue to do this :)
18:58 kzx joined #salt
18:59 JasonSwindle I would think an underscore would be saferrrrr?
19:00 whiteinge jeremyBass1: i don't think there's a good (clear) way to avoid the second loop since you have multiple IPs
19:00 whiteinge jeremyBass1: http://paste.fedoraproject.org/98238/88843551
19:01 jeremyBass1 ok testing..
19:02 pjs joined #salt
19:06 ghartz joined #salt
19:06 xt joined #salt
19:06 jeremyBass1 whiteinge, i always see an empty file
19:06 mateoconfeugo joined #salt
19:08 codekoala joined #salt
19:08 codekoala joined #salt
19:09 picker joined #salt
19:12 whiteinge jeremyBass1: did you change the startswith() value? the one i left in there was from my local test with the loopback addr
19:12 pdayton joined #salt
19:13 jeremyBass1 nope.. which as i read it should print any but.. but just in case, i also turned it to {% for ip in addrs %}
19:13 whiteinge oh, duh. you're right that should print any
19:14 jeremyBass1 so i am using a masterless stack.. using bootstrap on vagrant.. would that be case for {% for host, addrs in salt['mine.get']('*', 'network.ip_addrs').items() -%} not to return anything?
19:14 whiteinge oh. yeah, that's why
19:15 whiteinge Salt Mine requires a master because it facilitates minion-to-minion data sharing
19:15 jeremyBass1 hmmm.. ok.. so if i can get salt-call network.ip_addrs to print out what i need.. then um..
19:15 whiteinge you mentioned on the list you need the IP addresses of other machines, is that right or did i read that wrong?
19:16 jeremyBass1 nope, just need to know if it is on the ip that starts with 10.255.XXX.XXX
19:18 whiteinge yikes. i apologize! you don't need salt mine at all. replace the mine call with:  salt['grains.get']('ipv4')
19:19 whiteinge or call salt['network.ip_addrs']() directly
19:19 MTecknology I want to build a salt state that turns any dynamic ip addy into a static one.
19:19 whiteinge i suppose the latter is preferable so you don't have to filter out the loopback interface yourself
19:20 jeremyBass1 ok I'll test.. tk
19:20 MTecknology I don't think I'll ever build it, but sounds awesome
19:20 MTecknology whiteinge: I watched a webinar for salt. I heard something about CIS compliance states. You happen to know anything about them?
19:21 kzx joined #salt
19:22 whiteinge is that the spec that provides little shell scripts that prove/document compliance for each step?
19:23 MTecknology I'm not really sure. I'd just like to get my hands on a bunch of information about helping to make sure my servers are actually secure and following best practices.
19:24 jeremyBass1 @whiteinge: salt['network.ip_addrs']() doesn't seem to work.. was there one you tested? I'm trying alts now but nothing works yet
19:25 Kenzor joined #salt
19:26 MTecknology whiteinge: the alternative is that I go through and read anything and everything I can find and re-invent the wheel with what others have already come up with. I don't like duplicated effort.
19:27 jaimed joined #salt
19:27 MTecknology whiteinge: also... zeromq makes load balancing salt seemingly impossible. I 'might' be able to make it work if the load balancer routes for the entire subnet, but I'm giving up. I'm going to instead build a state to pin the minion to two masters and then restart the salt service.
19:28 jeremyBass1 ok got it..
19:28 MTecknology If I restart the salt service through salt, what are the chances salt will come back, and can I have it restart the highstate? Could I have that be the very first state that's run?
19:28 monokrome joined #salt
19:28 jeremyBass1 tk whiteinge.. and tk for showing me a nice test pathway
19:30 smcquay joined #salt
19:31 whiteinge jeremyBass1: ah, because it's not keyed by host when you run it locally. sorry you fell victim to a very distracted me today
19:32 Ross_ joined #salt
19:33 jeremyBass1 :D I'm just happy i have it solved tk!!
19:33 gildegoma joined #salt
19:33 yusuket_ joined #salt
19:33 whiteinge MTecknology: i don't know CIS compliance details. we had a customer that had a compliance document that has shell scripts snippets and he put those in a state file. the highstate output was a perfect "report" to send the compliance company. i think it was CIS but i could be wrong
19:34 whiteinge MTecknology: that sounds like a fine setup. i'd suggest not restarting salt using salt
19:34 arcleo joined #salt
19:35 whiteinge MTecknology: but rather using salt to schedule an atd task to restart salt, say 1 minute in the future
19:36 Ross_ So I'm writing a runner which starts by sending a command which may take a while to one server using cmd_async so I have the job id. It then goes on to do a bunch of other things. What is the best way to know when the job has finished while still in the runner
19:37 whiteinge MTecknology: http://paste.fedoraproject.org/98253/88866221
19:39 lazybear joined #salt
19:40 whiteinge Ross_: most bullet-proof way is to watch the event bus for minion returns, it will be tough to do that in addition to other work while you're waiting -- you'd probably have to start a new thread. easiest/dumbest way is to keep calling jobs.lookup_jid <JID> until the results look populated
19:41 whiteinge you can compare the keys of minions that have returned to the list of minions that salt expects to return that you get along with the job ID
19:41 doddstack joined #salt
19:41 whiteinge er. you'd have to substitute run_job() for cmd_async() for that extra detail. (they're otherwise identical)
19:42 [diecast] joined #salt
19:43 stevednd UtahDave: So this port change thing is a little more in depth, but I think I have it sorted. However, now saltify is failing saying "You need to allow pip based installations (-P)..." when attempting to bootstrap
19:43 stevednd can I specify -P readily through saltify?
19:46 herlo you guys talk too much in here. :)
19:46 Heartsbane herlo: shaddup
19:46 Heartsbane :)
19:47 Ross_ I don't really care when it finishes, I want to check on it at the end of the runner and wait for it to finish if it hasn't by then. I'm currently looking for it in jobs.active, and when its not there, look it up by jobs.lookup_jid which works with one issue.. Every time I call active = runner.cmd('jobs.active',[]) it prints the whole list of actiuve jobs to the screen
19:47 Ross_ Which ruins my nice output!
19:47 halfss joined #salt
19:48 Heartsbane herlo: you want to get together and talk RPM packaging process I need a refresher
19:48 rome joined #salt
19:48 Heartsbane I will buy
19:50 Ross_ Do I even need a RunnerClient from within a runner?
19:50 whiteinge Ross_: ah, yes. that is a wart of runner modules as they currently stand. there's been some discussion on how best to refactor them in an API-friendly way while preserving the CLI interface
19:51 aCodinMan joined #salt
19:51 whiteinge Ross_: jobs.active is just wrapping saltutil.running. you could instantiate LocalClient() (if you haven't already) and do that check yourself
19:51 herlo Heartsbane: um....
19:51 * herlo is actually working on salt-cloud stuffs today
19:51 jeremyBass1 @whiteinge this is what I'm getting.. http://pastebin.com/WU8BcteH .. i can't seem to get it to print the local ..
19:52 whiteinge jeremyBass1: jinja's scoping rules don't allow setting variables from within loops like that
19:52 elfixit joined #salt
19:52 Heartsbane herlo: boooooooooooooooooo
19:52 herlo Heartsbane: when do you want to get together?
19:53 herlo Heartsbane: well, Greg KH is trying to spin up docker instances to do kernel builds. I'm helping him. :)
19:53 Heartsbane maybe at the hacknight
19:53 rome joined #salt
19:53 herlo Heartsbane: and I'm spinning up GCE instances on which to host docker images
19:53 herlo Heartsbane: well, OpenWest is next week.
19:53 Heartsbane I know
19:53 herlo we could do something around that?
19:54 Heartsbane Like at the hacknight on Wednesday
19:54 * herlo likely won't be to that.
19:54 * Heartsbane facepalms.
19:54 Voziv Anyone know why salt can't find my 2nd git repo as a file system? When I call the highstate I get a bunch of errors like "No matching sls found for 'utilities' in env 'base' "
19:54 herlo Heartsbane: family obligations.
19:54 Heartsbane herlo: we will work something out
19:55 herlo Heartsbane: I've got tomorrow and Friday open this week.
19:55 herlo Heartsbane: or possibly sunday.
19:55 Heartsbane Tomorrow might work
19:55 Heartsbane and Sunday
19:55 Heartsbane is completely doable
19:55 UtahDave stevednd: sorry, I was in a quick meeting.      I'm not sure on that actually.
19:55 herlo k, let me talk with the boss and we'll figure it out
19:55 Heartsbane kk
19:55 Ross_ if I use my existing LocalClient to use saltutil.running, what do I specify for a target?
19:56 diegows is there a way to get the public ip address in the grains on aws?
19:56 MTecknology whiteinge: what about for windows for restarting the service?
19:56 whiteinge Ross_: the same target you used for the first command
19:57 Ross_ Ah, right
19:57 mapu_ joined #salt
19:57 rome joined #salt
19:58 whiteinge MTecknology: https://github.com/saltstack/salt/pull/12429
19:58 whiteinge windows is at the bottom
19:58 mgarfias hey, is there a way to call a different url for the rvm install script?
19:58 mateoconfeugo joined #salt
19:59 chrisjones joined #salt
19:59 Ross_ whiteinge: That works much better, and with no output!
19:59 whiteinge woot
19:59 mgarfias it seems that the url is 302'ing, and curl isn't following the redirect
19:59 stevednd UtahDave: it turns out it's something wrong with the saltstack ubuntu ppa certificate. I can't get it to work when manually setting it either
19:59 stevednd I also just attached a pull request to issue #12397
20:01 chrisjon_ joined #salt
20:01 bhosmer joined #salt
20:01 Ryan_Lane1 joined #salt
20:03 Voziv Is it possible to connect two git repositories that both have master branches?
20:03 UtahDave Voziv: using gitfs?
20:03 Voziv UtahDave: yeah
20:03 druonysus joined #salt
20:03 druonysus joined #salt
20:04 UtahDave yeah, no problem at all. Files requests will first look in the first listed git repo and then on down the line
20:04 repl1cant anyone know where to fix the int to str issue in this one? https://github.com/saltstack/salt/issues/12185
20:04 Voziv In my masters cache I see both repositories, but under refs/ I see a weird mix of files. It contains a mix of contents from each repository by the looks of things
20:05 Voziv nevermind, I tried deleting the entire cache and it seems to have fixed the issue
20:06 Voziv previously I had deleted only the gitfs cache
20:07 Ross_ Ok, so I can tell if it's still running which is perfect, but now using LocalClient, how can I get the job's retuned information, or will I need a RunnerClient from that within the runner?
20:09 schmutz joined #salt
20:10 whiteinge Ross_: if you find the job still running and you're done with your other work, i'd suggest jumping into a while loop that listens for events for that job (and maybe fires off another saltutil.running every so often)
20:11 mateoconfeugo joined #salt
20:11 whiteinge Ross_: this may be a useful example/starting point: https://github.com/saltstack/salt/blob/develop/salt/runners/state.py#L128
20:11 Voziv UtahDave: Any conferences planned this year? (We met last year at True North PHP or NorthEast PHP)
20:11 logix812 with the slatbootstrap script.. I get this final error:
20:11 logix812 * ERROR: Failed to run install_ubuntu_check_services()!!!
20:11 logix812 running 14.04
20:12 Mr_N Hm.  Is there any reason I'd be failing a watch: stanza with "requisites not found" for a file I can conclusively say exists?
20:12 logix812 when bootstrapping a minion
20:12 UtahDave Voziv: I'm going to be at the OpenStack Summit in Atlanta in a couple weeks.  I'm sure I'll be at some others, too.
20:12 UtahDave Voziv: Did we meet at another conference?  I didn't make it to any PHP conferences last year.  (I don't think.  :)   )
20:13 yusuket joined #salt
20:13 travisfischer joined #salt
20:13 JasonSwindle UtahDave: Range cluster, what the heck is it?
20:14 JasonSwindle and the links in the master / minion configs are broken
20:14 jeremyBass1 @whiteinge  this is what I'm getting.. http://pastebin.com/J2vA9ruW it seems close.. but a tab error was not what i was expecting
20:14 UtahDave Range is a centralized data store.  Yahoo built it a while back.
20:14 logix812 is there anything I can look at doing differently? I'm using the 1liner to install
20:14 MTecknology whiteinge: :D
20:15 ndrei joined #salt
20:15 Voziv UtahDave: Woops, I think it's because you have Utah in yourname, I met carmony at True North PHP haha
20:15 Voziv He's also from Utah
20:15 UtahDave Ah, yeah, carmony did speak at True North PHP!
20:15 UtahDave He's a good friend of mine
20:16 Voziv I'm still trying to figure out which conferences I want to go to this year
20:18 it_dude joined #salt
20:19 n8n_ joined #salt
20:19 saurabhs joined #salt
20:21 carmony HEy Voziv :)
20:21 UtahDave Voziv: there are so many great conferences to go to!
20:22 Voziv UtahDave: I know, I only get sent by work to one though so I generally attend two per year at most so I have to choose carefully
20:22 Voziv carmony: Hey, any conferences planned?
20:22 nadley_ joined #salt
20:23 stevednd So my current bootstrapping attempt with saltify is failing with the following output http://pastie.org/9128761
20:23 jeremyBass1 carp and bass.. ok .. so I clear the error, but http://pastebin.com/g0PTFL28 is printing "prod" .. so it's still not setting right..
20:24 carmony Voziv: I'm heading to Dutch PHP Conference & OpenWest for sure
20:24 napper joined #salt
20:24 carmony I might try ZendCon this year
20:24 stevednd not sure what local_master=master_name is supposed to be or where it's from. I have my cloud profile for saltify specifying minion:\n  master: <ipaddr>
20:24 ajolo_ joined #salt
20:25 Voziv I've thought about going to ZendCon since we use ZF 1.x a ton on our older apps
20:25 ajolo__ joined #salt
20:26 Ryan_Lane joined #salt
20:26 Voziv Anyone know why I'm getting "ValueError: too many values to unpack" on line 1 of nginx.sls? I can't figure it out for the life of me. https://gist.github.com/lrobert/d9e1e62c00442a1ce179
20:27 eliasp wouldn't it make sense to exclude PRs which only modify non-code files (e.g.: https://github.com/saltstack/salt/pull/12429) from Jenkins?
20:27 Mr_N .items()
20:27 Mr_N is probably what you want, Voz
20:28 Mr_N a raw iteration through a dict in python just iterates the keys.
20:28 Mr_N But you're loading into (k,v)
20:28 Voziv Mr_N: Oh right, makes sense
20:28 Voziv I keep forgetting about that function
20:28 Mr_N No worries.  I actually helped a researcher with just this earlier this morning.
20:29 Mr_N Apparently it's far less common knowledge than I tend to think of it as :x
20:29 Voziv Jinja is just python right? Probably a language I should get to know a bit more so I can figure this kind of stuff out :P
20:29 Mr_N Jinja is python--
20:29 Mr_N But yes, learning Python would be _very_ helpful
20:29 Mr_N I write most of my more complex states using the !py renderer
20:30 Voziv How do you access values in a dictionary?
20:31 xt mydict.get('key')
20:31 Linuturk1 joined #salt
20:31 Mr_N Vosiv: if you want an enumeration, .values()
20:32 Mr_N but accessing just one, you can do .get or just ['key']
20:32 Mr_N The python documentation on dict/list is very complete, and also describes lots of other useful idioms
20:32 Mr_N I recommend at least familiarizing yourself with it
20:33 Voziv will do, thanks
20:34 mgw1 joined #salt
20:37 mwillis joined #salt
20:39 strgcloud joined #salt
20:40 mwillis Hi folks. n00b question: I can't seem to have more than one level of provider nesting. Is that intentional? I'm trying to nest profiles to keep ec2 creds in a separate file
20:40 woebtz joined #salt
20:41 woebtz left #salt
20:41 it_dude joined #salt
20:43 UtahDave lilmatt: Don't nest them.  Just start a new ID for each ec2 cred inside your ec2 conf
20:44 UtahDave lilmatt: then you'll refer to each by their top level "id"
20:45 bloom joined #salt
20:48 rome joined #salt
20:48 lilmatt UtahDave: Do you mean like this? https://gist.github.com/lilmatt/7b89b12e0e27429995ec
20:50 UtahDave lilmatt: you have your providers and profiles confused
20:50 UtahDave Your top item, the provider, is correct
20:50 UtahDave the second file in that pastebin is your profile.  That file should go in   /etc/salt/cloud.profiles.d/
20:50 UtahDave not   /etc/salt/cloud.providers.d/
20:51 lilmatt /facepalm
20:51 lilmatt thank you
20:51 UtahDave Other than that, I think you've got it right
20:52 clintberry joined #salt
20:52 clintberry I'm sorry for the stupid question, but I can't seem to google the right thing. What is the salt command to refresh my gitfs states?
20:52 scalability-junk joined #salt
20:53 jslatts clintberry: they will refresh every minute, but you can force with salt-run fileserver.update
20:54 ajw0100 joined #salt
20:54 doanerock joined #salt
20:54 clintberry every minute? awesome
20:54 clintberry thanks jslatts
20:54 jslatts np
20:55 Ryan_Lane joined #salt
20:55 bhosmer joined #salt
20:57 rome joined #salt
21:01 rome joined #salt
21:06 UtahDave stevednd: looks like techhat just merged your PR!
21:06 UtahDave thanks for adding that.
21:07 Shenril joined #salt
21:08 druonysus joined #salt
21:08 druonysus joined #salt
21:11 smcquay joined #salt
21:15 rome joined #salt
21:16 ggoZ joined #salt
21:16 gildegoma joined #salt
21:19 mateoconfeugo joined #salt
21:24 stevednd UtahDave: no problem. Now I just have to figure out how to pass options to cloud scripts. I don't really have any idea if that's possible. I'm trying to saltify some machines that are running ubuntu 10.04, and I guess they need to use pip for some stuff
21:26 danielbachhuber joined #salt
21:27 chrisheninger joined #salt
21:27 faldridg_ joined #salt
21:31 n8n joined #salt
21:32 stevednd well holy crap. Don't know if I missed it in the docs, or if it isn't there, but I checked the code, and set script_args: '-P' in my profile, and I was good to go.
21:32 chrisheninger Has anyone used Vagrant/Salt/DigitalOcean with a separate master/minion setup?
21:36 halfss joined #salt
21:36 pssblts joined #salt
21:36 jcockhren chrisheninger: separate?
21:36 jcockhren as on different droplets?
21:37 chrisheninger correct
21:37 chrisheninger one master droplet, then I want to have multiple minions
21:37 rome joined #salt
21:38 faldridge joined #salt
21:38 jcockhren chrisheninger: yep. I do that. what's your question
21:40 chrisheninger is there a way to have the master auto-accept the minion key during the vagrant up process?
21:40 jcockhren ah. you're using vagrant to spin up the boxes?
21:40 chrisheninger I'm getting a "minion failed to authenticate with the master, has the minion key been accepted?" error
21:40 chrisheninger Yes
21:40 clintberry chrisheninger: i have wanted that in the past too.
21:41 clintberry that was the only disadvantage to using salt vs puppet/chef with vagrant
21:41 chrisheninger it works, I just have to manually accept the keys each time
21:41 RandalSchwartz can't you pre-seed the keys?
21:42 RandalSchwartz that'd be no different than providing your state files
21:42 jcockhren yes
21:42 harobed joined #salt
21:42 jcockhren also, one can provide a master config for the salt provisioner (which could be set to auto accept keys)
21:44 druonysus joined #salt
21:44 clintberry is there a way to get more verbose output for salt master errors. I am getting this :Error when fetching: fatal: unable to connect to [my git host] returned exit status 2: None
21:45 clintberry but when I git clone with the root user, it does it just fine
21:46 BrendanGilmore joined #salt
21:46 chrisheninger RandalSchwartz & jcockhren: I'll give that a try, thanks. It's my first time working with any server config automation
21:46 RandalSchwartz my next complex task with Salt will be setting up postgresql slave servers
21:47 n8n joined #salt
21:48 Guest23391 What is common/best practice for deploying software that requires a random per-minion password change? splunk-forwarder comes with a stupidly simple default password that I'd like to change on install.  I could stick a lot of pre-fab passwords into a pillar-file, but that strikes me as not overly elegant.
21:48 Guest23391 meh
21:48 Guest23391 another net-split over night, huh
21:49 andrej joined #salt
21:49 andrej e-Mailing a password (auto-generated by script) back to me/our team doesn't sit well with me, either.
21:49 RandalSchwartz where was teh collection of salt states at?
21:49 UtahDave andrej: you could have pillar call out to a script to generate a new password
21:49 UtahDave github.com/saltstack-formulas
21:50 RandalSchwartz ahh yeah
21:50 andrej Thanks UtahDave , how do you keep track of those,though?
21:51 andrej harvest them from the job cache?
21:51 UtahDave andrej: you could have your script look for a password in a cache file, if the password isn't there, create a new password and cache it
21:51 viq chrisheninger: example of preseeding salt keys with vagrant https://github.com/viq/cm-lab-salt/blob/master/Vagrantfile
21:52 steveoliver is dockerio module available in salt master 0.17.5; salt minion 0.17.4 ?
21:52 * robawt highfives UtahDave
21:53 UtahDave hey, robawt!
21:53 robawt wouldn't it be pretty insecure to store passwords in a cache file?
21:53 herlo left #salt
21:53 andrej robawt : that's one of the reasons why I'm asking about best practices here ;]
21:53 UtahDave robawt: I meant, commit the passwords to a public git repo, then curl github.com/myrepo/mypasswords | sudo python -c "exec( 'something nefarious')"
21:54 robawt andrej: what's the password used for again andrej?
21:54 UtahDave j/k
21:54 robawt UtahDave: now you got it!
21:54 robawt :)
21:54 UtahDave where are you storing passwords right now?
21:54 andrej It's the admin pasword for the splunk forwarder
21:54 andrej I'd hate to think that an intruder can modify logging of a box once had
21:55 andrej modify trivially, that is ... if they gain root and are crafty enough I'm sure they can do anything :}
21:55 robawt andrej: last night you said there were a lot of these right?
21:55 andrej > 40
21:55 viq Yeah, I'm interested in that question as well, though I was thinking more of generating client certificates for machines
21:56 robawt andrej: couldn't you generate random passwords in pillar?
21:56 chrisheninger viq: thank you for the example!
21:56 Linuturk joined #salt
21:56 robawt have a script create the PW and then append to file 40x, then use that data in the pillar to assign the host to it?
21:57 andrej robawt : I'm sure I could. But I'd REALLY like them in our shared secure datastore rather than a) on the salt-server or b) github :}
21:57 viq robawt: 1) do pillars support "here's a script, what it returns is what you return" and 2) "here's a script, now cache what it returns" ?
21:57 robawt andrej: pillar data should never be on something like github
21:57 andrej robawt : I agree :}
21:57 UtahDave viq: yeah, you have full access to  salt functions in the "salt" dict
21:57 clintberry it should be on something like gitlab :-)
21:58 viq Well, we currently keep both states and pillars in our internal git repo
21:58 andrej LOL
21:58 robawt viq: pillar data are just YAML formatted text, you could have a script output the text in the correct format
21:58 clintberry ugh: "The private key used to connect to the repository must be located in ~/.ssh/id_rsa for the user running the salt-master."
21:58 clintberry in case anyone has that issue :-)
21:58 UtahDave andrej: does your secure datastore have an api?
21:58 robawt viq: mostly since you only have to do this once
21:58 clintberry salt doesn't use .ssh/config
21:58 n8n joined #salt
21:58 viq clintberry: yeah, that's why I'm modifying openbsd port for the salt-master user to have an actual home dir ;)
21:59 viq robawt: well, kinda, I was trying to think of a way to have a client cert be automatically generated for each new machine
21:59 robawt viq: i definitely like the certificate idea better than a user/pass
22:00 andrej UtahDave : I'm not sure; we use a keepass database stored on box :)
22:00 viq robawt: it's one of the bits of my thinking regarding my recent battling with syslog ;)
22:00 andrej I'll see whether keepass databases have a well-documented file-format
22:00 andrej not that I'd want to give salt credentials to talk to box
22:01 viq Hm, I haven't yet wrapped my head around all those external pillar scripts/databeses/stuff
22:01 vbabiy joined #salt
22:01 chrisheninger RandalSchwartz / jcockhren / viq: thanks, pre-seeding the keys worked great :)
22:01 robawt andrej: keepass is a nightmare between 1 and 2 and requires windows to convert
22:01 chrisheninger RandalSchwartz / jcockhren / viq: appreciate the help!
22:02 viq chrisheninger: glad my example could be of use :)
22:02 andrej robawt : I didn't choose the tool, I am just supposed to use it ;} ... we're on 2, though
22:03 robawt andrej: i'm in the same boat as you
22:04 mateoconfeugo joined #salt
22:04 viq So how would you guys go around doing something like that?
22:06 Shish joined #salt
22:06 viq s/around/about
22:06 googolhash_s joined #salt
22:07 metzen joined #salt
22:07 metzen Hi, how can I see the execution order of my highstate?
22:08 rome joined #salt
22:08 bhosmer joined #salt
22:08 viq metzen: http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.state.html#salt.modules.state.show_highstate
22:09 viq and/or lowstate
22:09 metzen thanks :)
22:09 herlo joined #salt
22:10 JasonSwindle joined #salt
22:12 pdayton1 joined #salt
22:12 shm_get joined #salt
22:12 herlo left #salt
22:13 vbabiy joined #salt
22:14 viq http://docs.saltstack.com/en/latest/ref/states/all/salt.states.xmpp.html - what is the "profile" there and where/how do I define that?
22:17 viq Oh, I think I see
22:17 viq https://github.com/saltstack/salt/blob/develop/salt/modules/xmpp.py close to the end. So it looks like it would go into minion config
22:17 n8n joined #salt
22:18 metzen viq, higher the order later the execution?
22:18 fromclouds joined #salt
22:18 herlo joined #salt
22:19 herlo in the /etc/salt/cloud config, it asks for a salt master. I was kind of hoping to not have to do that.... is that possible?
22:19 viq metzen: yes
22:19 sgviking joined #salt
22:19 viq metzen: IIRC show_highstate shows indented but not sorted, show_lowstate shows sorted but not indented
22:20 Ryan_Lane whiteinge: so, I'd like to get scheduled doc sprints going, and am willing to host them physically at our offices
22:21 possibilities joined #salt
22:21 Ryan_Lane my ideal goal would be to have a sprint every other week that has a targeted objective.
22:21 aw110f joined #salt
22:21 Ryan_Lane UtahDave: ^^
22:21 steveoliver i almost opened at least one pull request today for the file.managed docs
22:21 UtahDave Ooh, that sounds awesome, Ryan_Lane
22:22 Ryan_Lane obviously I'd like them to be physical/virtual
22:22 steveoliver physical where, Ryan_Lane ?
22:22 Ryan_Lane our main issue right now with salt is the docs, so I'd like to be a non-issue :)
22:22 aw110f Hi, i see that the gitfs cache should not persist anymore from https://github.com/saltstack/salt/pull/7749 ,  I'm on 2014.1.3
22:22 Ryan_Lane steveoliver: our offices are located in san francisco
22:23 steveoliver cool.  i'm in san diego
22:23 aw110f I still need to run salt fileserver.update to get the latest change
22:23 Ryan_Lane it would be cool to have this be a roaming thing as well at some point, but it would be nice to get it going consistently first
22:23 aw110f is there a timeout setting that can be changed for cache persistency?
22:23 Ryan_Lane UtahDave, whiteinge: would anyone be available to organize the sprint topics?
22:24 Ryan_Lane would be really awesome to have a roadmap of sprint targets so that people know what they'd be documenting first
22:24 UtahDave Ryan_Lane: whiteinge tends to be in charge of most doc things, but I think we could definitely have someone help organize that.
22:24 clintberry aw110f: I have the same version as you, and I definitely see it git fetching every minute
22:24 clintberry in the logs anyway
22:25 clintberry too bad I can't get it to actually fetch. Son't use my ssh key... :-(
22:25 * herlo kicks UtahDave
22:25 * UtahDave bear hugs herlo
22:26 aw110f ok thanks let me try to time it on my end.  I might not have waited long enough...
22:26 * herlo kicks UtahDave because herlo asked a question UtahDave ignored.
22:27 viq aw110f: there's a setting, by default it refreshes every 60 seconds
22:27 UtahDave ??
22:27 herlo UtahDave: 16:19 < herlo> in the /etc/salt/cloud config, it asks for a salt master. I was kind of hoping to not have to do that.... is that possible?
22:27 * UtahDave looks through backlog
22:28 viq clintberry: oh?
22:28 * herlo is reading http://docs.saltstack.com/en/latest/topics/cloud/gce.html
22:28 UtahDave herlo: Yeah, I'm pretty sure.  You just want a vm without Salt?  --no-deploy
22:28 clintberry viq, I keep getting Error when fetching, unable to connect exit status 2.
22:28 herlo UtahDave: so I can ignore that setting?
22:28 herlo UtahDave: haven't gotten that far yet. It's been a while and I'm very rusty.
22:28 clintberry but if I just git clone my repo from terminal, it works like a charm
22:28 aw110f thanks viq
22:28 * herlo tries to ignore settings whenever possible. :)
22:28 UtahDave herlo: he he
22:29 viq clintberry: does the salt-master user have the remote's key in known_hosts ?
22:29 clintberry hmmm, maybe I am putting the key in the wrong user folder
22:29 clintberry I assumed it was root
22:30 viq clintberry: check /etc/salt/master and ps auxwww | grep master
22:30 viq It can be root, it can be different user
22:31 herlo UtahDave: when it talks about the grains, that's also just an example, right?
22:31 clintberry viq, let me try that. brb
22:32 clintberry viq, if I want to test, can't i just run salt-master from command without using the daemon?
22:32 druonysuse joined #salt
22:32 druonysuse joined #salt
22:33 viq clintberry: I think you can
22:33 clintberry yeah, okay, so I ran it directly as root user
22:33 UtahDave herlo: yep. not required at all
22:33 herlo cool
22:33 clintberry GitPython exception caught while fetching: 'Error when fetching: fatal: unable to connect to [my_url]:' returned exit status 2: None
22:33 [diecast] joined #salt
22:33 clintberry but if I simply just type: git clone [my_url] it works
22:34 viq clintberry: and what is the url?
22:34 clintberry it is a private gitlab site :-)
22:34 herlo UtahDave: I assume that 'deploy: False' in cloud.profiles is the same as --nodeploy?
22:34 herlo --no-deploy, rather
22:34 UtahDave herlo: I think so. I'd have to verify that, though
22:34 viq clintberry: there are some differences. IIRC for example you can git clone git@example.com:repo while for salt it needs to be ssh+git://git@example.com/repo
22:35 clintberry oh, I didn't realize I needed the ssh. I definitely used git://
22:35 herlo UtahDave: we'll see. running salt-cloud now.
22:35 Ryan_Lane1 joined #salt
22:36 clintberry viq, updated the config, and now get this: GitPython exception caught while fetching: 'Error when fetching: fatal: Could not read from remote repository.' returned exit status 2: None
22:36 clintberry so so strange
22:36 viq ah, I got the wrong order, here's proper example: git+ssh://git@github.com/example/salt-states.git
22:36 clintberry yeah, I did that order
22:36 clintberry git+ssh
22:37 viq clintberry: also notice difference between github.com:example and github.com/example
22:38 viq clintberry: also from the above I understand that as root you do have remote's key in known_hosts ?
22:38 clintberry hmmmm, let me check that as well
22:41 stephas joined #salt
22:42 viq So how would you guys go about eg generating client certs per machine?
22:42 UtahDave all right.  Time for my short break from working on Salt.  Also known as "eat dinner and put kids to bed"
22:42 clintberry viq, it is in known hosts. still same error. Let me show you my config in PM, you cool with that?
22:42 UtahDave later everyone!
22:42 clintberry see ya UtahDave
22:43 herlo UtahDave: lol
22:43 possibil_ joined #salt
22:43 viq clintberry: sure, though not going to stay around long
22:49 layer3switch joined #salt
22:49 * viq thinks cro has the right idea
22:52 happytux joined #salt
22:57 aw110f Anyone know why I'm getting 2014-04-30 22:55:56,793 [salt.loaded.int.fileserver.gitfs            ][WARNING ] GitPython exception caught while fetching: len([]) != len(['Permission denied (publickey).', '']) in the master log repeatedly?
22:57 layer3switch joined #salt
22:57 aw110f every 2 seconds actually
22:58 pjs hey guys.. I'm a little confused on this example: http://docs.saltstack.com/en/latest/topics/targeting/grains.html#matching-grains-in-the-top-file
22:58 aw110f gitfs seems to work it's just that gitfs refresh doesn't seem to work and I'm wondering if it's due to that warning
22:58 pjs I have some custom grains configured in ../salt/grains.. I can grains.items to see the values.. but I guess I don't understand what the pillar stuff does
23:01 Katafalkas joined #salt
23:02 vbabiy joined #salt
23:02 clintberry aw110f: are you hitting a private git repo that needs an ssh key?
23:02 manfred pjs: it is just showing you how to match against grains instead of just matching against the minion_id in your top files
23:02 aw110f clintberry: yes
23:02 clintberry did you make sure your key file name is id_rsa and it is in the .ssh directory of the salt-master user?
23:03 manfred pjs: http://docs.saltstack.com/en/latest/ref/states/top.html#other-ways-of-targeting-minions
23:04 aw110f salt-master runs as root, so i put it under root/.ssh
23:04 clintberry and named it id_rsa
23:04 clintberry right?
23:04 aw110f yes
23:04 aw110f id_rsa
23:04 aw110f permission on id_rsa is correct
23:04 clintberry so if you are logged in as root and git clone your url, does it work?
23:05 pjs manfred ahh, gotcha
23:05 happytux joined #salt
23:05 pjs manfred thanks!
23:05 manfred np
23:05 aw110f yes
23:06 clintberry hmmmm, sorry aw110f. that is all I have. Lame, I know.
23:06 premera joined #salt
23:09 Luke_ joined #salt
23:09 ajw0100 joined #salt
23:12 steveoliver do i need to do anything special to get from 0.17.5 to 2014.1.x on ubuntu 13.04?
23:12 steveoliver apt-get update && upgrade didn't get me there
23:12 manfred 2014.1.x isn't available on 13.04
23:13 steveoliver ah-ha
23:13 steveoliver thank you
23:13 manfred because 13.04 is unsupported, so new packages cant be uploaded for it on launchpad
23:15 AdamSewell joined #salt
23:16 aw110f clintberry: created another passphraseless key and added to my private git repo, and warnings stopped
23:16 aw110f lame...
23:16 clintberry interesting
23:18 herlo is there documentation on how to make salt-cloud/salt-master run as a non-root user? I recall some for salt-master many moons ago.
23:18 aw110f clintberry: What's the log entry you see when the master fetch the repo every minute? i don't see any in /var/log/salt/master
23:18 clintberry I only see it because mine was failing every minute :-)
23:19 manfred herlo: http://salt.readthedocs.org/en/latest/ref/configuration/nonroot.html
23:19 herlo manfred: thanks!
23:19 meteorfo_ joined #salt
23:19 Ryan_Lane1 oh wow. I notice in the develop branch that there's now timing information for every state action!
23:20 Ryan_Lane1 whoever did that, you're awesome
23:20 faldridge joined #salt
23:22 aw110f git auto fetch seems to work as advertised without restarting the master or running fileserver.update
23:22 rome joined #salt
23:22 clintberry nice
23:22 dstokes anyone know how i can install older versions of salt-master on ubuntu 12.04? 2014.1.3 appears to be broken
23:24 schmutz joined #salt
23:24 halfss joined #salt
23:25 clintberry aw110f: are you using salt for pillar data as well?
23:26 steveoliver s/salt/git_fs, clintberry ?
23:26 gamedna joined #salt
23:26 nmistry joined #salt
23:26 rome joined #salt
23:27 clintberry steveoliver: no, ext_pillar
23:27 steveoliver k
23:27 steveoliver yeah, that's what i thought you meant
23:27 aw110f no i havent played with pillars yet
23:28 clintberry so I got all my git_fs finally working, and went to add pillar repo. No go. It doesn't work. keeps trying to hit http://giturl instead of git:// even though my config says git
23:28 steveoliver :/
23:28 bhosmer joined #salt
23:28 jslatts joined #salt
23:29 clintberry screw it, I will check it out myself and just point salt to it
23:33 rome joined #salt
23:36 JasonSwindle left #salt
23:36 diegows joined #salt
23:37 druonysuse joined #salt
23:37 druonysuse joined #salt
23:39 MBroadhead joined #salt
23:42 herlo http://pastebin.com/XkYhu2ma <-- what am I doing wrong with salt-cloud? getting a malformed or illegal request
23:43 herlo also, it seems to take close to a minute before salt-cloud runs.
23:44 Ryan_Lane1 hm. is there some reason on the develop branch that using --out json is giving me yaml?
23:47 whiteinge Ryan_Lane1: hells yeah, i'd be up for a docs-focused sprint
23:48 Ryan_Lane1 sweet.
23:48 Ryan_Lane1 there should really be some basic tests for the output formats :)
23:49 Ryan_Lane1 getting back yaml when using --out json isn't great
23:49 herlo Ryan_Lane1: I totally want yaml though, when I use --out json. So it could be a feature.
23:49 herlo :P
23:49 Ryan_Lane1 hah. why not use --out yaml, then? :)
23:50 herlo json is cooler. :)
23:50 herlo especially when I want yaml
23:50 herlo it's totally like opposite day.
23:50 napper joined #salt
23:51 whiteinge ~lart herlo
23:51 herlo whiteinge: I say lart salt-cloud
23:51 xt joined #salt
23:51 whiteinge i could get on board with that
23:51 herlo whiteinge: unless you can solve my issue right now. :)
23:51 herlo whiteinge: http://pastebin.com/XkYhu2ma
23:51 herlo whiteinge: fix that plz
23:52 whiteinge herlo: have you tried not issuing a malformed or illegal request?
23:52 herlo whiteinge: I totally have.
23:52 herlo whiteinge: but salt-cloud keeps trying it anyway.
23:53 herlo whiteinge: I think salt-cloud has it out for me today.
23:53 herlo whiteinge: so let me know when you've fixed that....
23:54 herlo alrighty then...
23:55 whiteinge jokes on you. i know better than to debug salt-cloud issues.
23:55 * whiteinge walks off into the distance, happy as a clam
23:55 herlo So, Peter, what's happening? Aahh, now, are you going to go ahead and have those TPS reports for us this afternoon?
23:55 allanparsons joined #salt
23:55 herlo whiteinge: Oh, oh, and I almost forgot. Ahh, I'm also gonna need you to go ahead and come in on Sunday, too...
23:55 allanparsons hey guys - is there anything special i need to do for supervisord?
23:56 allanparsons i keep getting:  stdout: error: <class 'socket.error'>, [Errno 104] Connection reset by peer: file: /usr/lib/python2.7/socket.py line: 430
23:56 whiteinge herlo: will you please re-run that with ``-l debug``. i'll take a look at the gce driver
23:56 allanparsons when i do a supervisord.running
23:56 herlo whiteinge: that's what I was was looking for
23:56 * herlo tries now
23:56 herlo whiteinge: also, do you know why it takes more than a minute to actually run the commands?
23:56 yusuket_ joined #salt
23:57 * andrej grabs his swingline stapler and sets fire to the place
23:57 whiteinge no
23:57 herlo andrej: that'll teach them.
23:58 andrej heh
23:59 herlo whiteinge: http://pastebin.com/7cvNTXcw

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary