Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2014-06-10

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:00 miles32 alright, clearly I'm just jinjaing wrongly
00:00 Ryan_Lane1 hm. when I use pip to install the dev version of salt, I'm getting 2014.1.0-7267-g6cd4981. am I supposed to do something special to get the head?
00:01 Ryan_Lane1 I'm using pip install -e .
00:02 joehh ekristen: sorry, meant the .3 version -though I've found the source package so I've rebuilt it
00:02 joehh found the issue, new package going up now
00:02 Ryan_Lane1 whiteinge, forrest: ?
00:02 ekristen joehh: awesome, what was it?
00:03 ekristen bad pyc?
00:03 joehh yes - I had assumed that it was only saucy with the issue, but trusty had it too. should be fixed now.
00:05 forrest Ryan_Lane1, I'm not sure, I don't usually install wit pip
00:05 forrest *with
00:05 Ryan_Lane1 how do you install the dev version?
00:05 Ryan_Lane1 I'm using the repo
00:05 ekristen joehh: sweet,
00:05 ekristen joehh: thanks for the fix!
00:05 Ryan_Lane1 and using pip install -r requirements.txt; pip install psutils; pip install -e .
00:06 Ryan_Lane1 as HACKING.rst suggests
00:06 joehh building now: https://launchpad.net/~saltstack/+archive/salt/+packages
00:06 joehh could take an hour or so at the publishing stage (depending on launchpad randomness), but should be soon
00:06 joehh no worries
00:12 bhosmer joined #salt
00:13 dsolsona joined #salt
00:13 Ryan_Lane1 hm, it's running new code, but reporting as old code
00:16 zain left #salt
00:16 miles32 for the record grains['es_version'] == '1.2' is quite different from grains['es_version'] == 1.2
00:17 whiteinge Ryan_Lane1: that looks like develop head to me
00:17 whiteinge it's getting that version string from running ``git describe``
00:18 whiteinge it's reporting 7267 commits past the 2014.1.0 tag, which is commit SHA 6cd4981
00:19 Ryan_Lane1 salt-call 2014.1.0-7267-g6cd4981 (Hydrogen)
00:19 Ryan_Lane1 that's what it shows for me
00:19 Ryan_Lane1 though if I modify the code and run it, it changes
00:19 whiteinge Ryan_Lane1: that looks right. what are you expecting to see instead?
00:20 Ryan_Lane1 the current head revision?
00:20 Ryan_Lane1 or is it reporting the version of salt-call itself?
00:20 whiteinge that SHA is just ~7 commits behind the current HEAD for the develop branch
00:21 whiteinge if you git pull it should change
00:21 Ryan_Lane1 I did a git reset --hard origin/master
00:21 Ryan_Lane1 this is a fresh clone
00:22 whiteinge what revision is your git clone running? 7a6bdbf?
00:23 Ryan_Lane1 huh. interesting. I am indeed running that older version
00:23 Ryan_Lane1 wtf
00:23 tyler-baker left #salt
00:24 Ryan_Lane1 there's a pretty nasty bug in the develop branch right now for file.managed
00:26 Ryan_Lane1 whiteinge: https://github.com/saltstack/salt/pull/13351
00:27 Ryan_Lane1 no clue how that made it through tests ;)
00:28 whiteinge sheesh
00:30 erjohnso joined #salt
00:33 l0x3py joined #salt
00:37 davet joined #salt
00:38 matrix3000 joined #salt
00:39 davet1 joined #salt
00:41 ipalreadytaken joined #salt
00:48 ecdhe Whoa, why is iptables.insert a state if it isn't idempotent?
00:49 matrix3000 left #salt
00:50 miles32 impotent eh?
00:50 dstokes ecdhe: iptables itself isn't idempotent, rules can be added multiple times
00:50 dstokes other tools have this problem as well (i.e. ansible)
00:50 miles32 oh neat, new word
00:50 bhosmer joined #salt
00:50 dstokes best you can do atm is use a cmd that checks with the -C flag
00:51 dstokes is it -C, wait..
00:52 dstokes yeah.. in latest versions, `iptables -C <chain> <rule_def>` will exit 1 if the rule doesn't exist
00:52 dstokes so you can `iptables -C <rule_stuff> || iptables -A <rule_stuff>`
00:52 dstokes </hack>
00:53 ecdhe dstokes, how would I codify that to get idempotency in a state?
00:53 ecdhe http://docs.saltstack.com/en/latest/ref/states/all/salt.states.iptables.html
00:53 ecdhe I see iptables.chain_present in that document.
00:54 dstokes don't know that it's possible w/ the iptable state, as technically, it's valid to add an existing rule to iptables
00:54 ecdhe Except this is salt--it's not supposed to be  a "state" if it isn't idempotent.
00:54 ecdhe That's what modules are for.
00:54 ajolo__ joined #salt
00:54 ecdhe I would expect salt to ignore something it couldn't tame--instead of offering a broken api.
00:55 dstokes the state doesn't expose a 'state' option tho. just actions
00:55 dstokes ecdhe: that's what ansible did. no iptable module
00:55 ecdhe dstokes, sounds sane.
00:55 ecdhe dstokes, I'm not mad at you, by the way.
00:55 dstokes iptables really the one to blame here. no reason that i can think of to allow two identical rules, should throw
00:55 dstokes ecdhe: didn't think you were ;)
00:59 ecdhe I guess I'll do a file.replace on the iptables file.
01:04 dlam hmm how do i organize i list of "production" ips and a list of "staging" ips in pillar??  like i wanna be able to {{ pillar.hosts.app1.ip }}
01:05 wendall911 joined #salt
01:05 dlam like the stuff in 'pillar.hosts' is different depending on whether I'm deploying to staging or production  :D
01:06 elfixit1 joined #salt
01:08 mateoconfeugo joined #salt
01:09 rgbkrk joined #salt
01:17 ecdhe dlam, I don't know exactly how to do it but its the sort of thing that would get answered really quickly during the day.
01:18 ecdhe dlam, don't give up!
01:18 pdayton joined #salt
01:19 redondos joined #salt
01:19 redondos joined #salt
01:21 mgw joined #salt
01:22 InAnimaTe joined #salt
01:25 rgbkrk_ joined #salt
01:26 dlam think i found it!  http://www.saltstat.es/posts/environment-based-clusters.html
01:26 dlam yayyyy
01:31 pdayton joined #salt
01:44 anotherZero joined #salt
01:48 MatthewsFace joined #salt
01:52 rgbkrk joined #salt
01:55 InAnimaTe joined #salt
01:55 ajolo__ joined #salt
01:56 shaggy_surfer joined #salt
02:02 ahammond Someone had a really slick trick for debugging variable contents by dumping them to a json file. how did that work again please?
02:03 ahammond ah never mind.
02:12 Shenril joined #salt
02:21 InAnimaTe joined #salt
02:22 miles32 left #salt
02:25 mateoconfeugo joined #salt
02:36 therealGent joined #salt
02:37 therealGent could anyone tell me why ip.get_routes does not work on CentOS 6.5?
02:38 possibilities joined #salt
02:39 bhosmer joined #salt
02:46 ajprog_laptop joined #salt
02:49 sunkist joined #salt
02:55 Luke joined #salt
02:59 ipalreadytaken joined #salt
03:04 ajolo__ joined #salt
03:05 possibilities joined #salt
03:09 rgbkrk joined #salt
03:10 sunkist joined #salt
03:16 possibilities joined #salt
03:18 rgbkrk joined #salt
03:21 m1crofarmer joined #salt
03:26 ajw0100 joined #salt
03:29 pssblts joined #salt
03:30 rgbkrk_ joined #salt
03:34 possibilities joined #salt
03:36 bmonty joined #salt
03:37 rgbkrk joined #salt
04:00 mateoconfeugo joined #salt
04:01 rojem joined #salt
04:04 sifusam joined #salt
04:08 ajolo joined #salt
04:20 dccc joined #salt
04:28 bhosmer joined #salt
04:34 bmonty joined #salt
04:35 harkx joined #salt
04:36 ndrei joined #salt
04:37 mgw joined #salt
04:38 travisfischer joined #salt
04:42 joehh joined #salt
04:43 felskrone joined #salt
04:55 newbee joined #salt
04:57 Luke joined #salt
05:06 stoffell joined #salt
05:07 ramteid joined #salt
05:09 jalbretsen joined #salt
05:09 malinoff joined #salt
05:15 arya joined #salt
05:16 arya1 joined #salt
05:19 harkx joined #salt
05:21 ajolo joined #salt
05:22 bhosmer joined #salt
05:29 timc3 joined #salt
05:33 greyhatpython joined #salt
05:33 greyhatpython joined #salt
05:36 schimmy joined #salt
05:39 middleman_ joined #salt
05:51 n8n joined #salt
06:00 picker joined #salt
06:00 harkx joined #salt
06:05 TyrfingMjolnir joined #salt
06:10 jhulten joined #salt
06:12 possibilities joined #salt
06:17 bhosmer joined #salt
06:18 jhulten joined #salt
06:33 pdayton joined #salt
06:35 Ryan_Lane joined #salt
06:35 m1crofarmer is anyone able to use the keystone state included in salt with a token/endpoint?
06:36 m1crofarmer I'm on 2014.1.4, and although I have keystone.token and keystone.endpoint properly configured, I'm getting auth failure because it's attempting to auth as a user
06:41 Ryan_Lane1 joined #salt
06:48 ggoZ joined #salt
06:55 ajolo_ joined #salt
06:58 slav0nic joined #salt
06:58 slav0nic joined #salt
07:03 kermit joined #salt
07:04 chiui joined #salt
07:09 jhulten joined #salt
07:12 MrTango joined #salt
07:12 alanpearce joined #salt
07:13 arya joined #salt
07:14 Ivo joined #salt
07:14 Ivo What state to use to watch when a file is changed and run a command?
07:15 arya left #salt
07:18 neilf_ Why does 'file.managed' not have an 'unless:' property
07:23 ghartz joined #salt
07:24 mike25de joined #salt
07:24 hardwire joined #salt
07:26 Ivo I'm guessing Helium is not yet released, right?
07:27 TyrfingMjolnir joined #salt
07:30 hardwire joined #salt
07:37 ml_1 joined #salt
07:40 babilen Ivo: That is correct
07:40 babilen neilf_: What are you trying to do?
07:41 neilf_ babilen: create a managed file from a template, unless /home/vagrant/ exists.
07:41 neilf_ file.managed: source: salt:/foo/bar/ unless: stat /home/vagrant
07:42 babilen neilf_: Use a prereq on the state that creates /home/vagrant
07:44 marnom joined #salt
07:44 darkelda joined #salt
07:44 darkelda joined #salt
07:44 babilen neilf_: http://docs.saltstack.com/en/latest/ref/states/requisites.html#prereq
07:45 neilf_ thanks ill have a look
07:45 Lomithrani joined #salt
07:45 babilen neilf_: It's essentially "do this only if SOMESTATE has changes", which I think fits your usecase quite perfectly.
07:47 neilf_ hmm does it though? here is my salt state https://gist.github.com/neilferreira/94bcf186d7d10ede2572
07:47 neilf_ /home/vagrant/ is NOT managed by Salt
07:47 neilf_ I want to run that only if /home/vagrant/ does NOT exist
07:47 bmonty joined #salt
07:47 neilf_ ie. when not using vagrant
07:47 dane joined #salt
07:47 neilf_ do i need to setup a new cmd.run now?
07:48 neilf_ or does file.managed support prereq?
07:48 jalaziz joined #salt
07:48 malinoff neilf_, {% if __salt__['file.file_exists']('/home/vagrant') %} your_state {% endif %}
07:49 malinoff Very stupid solution, but works
07:49 ipalreadytaken joined #salt
07:51 danelip I'm having a problem getting docker.pull to work, it just says "Authentication is required". I have my credentials in a pillar in the key docker-registries:... My private registry is on https with basic authentication. If i log into the server by ssh and docker pull it uses ~/.dockercfg correctly
07:51 neilf_ "failed: Jinja variable '__salt__' is undefined; line 1"
07:51 neilf_ *googles*
07:51 neilf_ thx malinoff ill have a look
07:51 malinoff Try {% salt[] %}
07:52 danelip found this, but seems ubuntu related https://github.com/saltstack/salt/issues/13305
07:52 danelip I'm on centos 6.5
07:52 babilen neilf_: Do you do a lot of things depending on the fact that it is a "vagrant" host or not? What creates /home/vagrant and how do you manage that?
07:54 malinoff neilf_, also, it's not very good to check /home/vagrant if you want to do some vagrant-related things, because vagrant user may have a different home folder
07:55 ajolo__ joined #salt
07:56 neilf_ Good point on both accounts,  I'll have to see if salty vagrant adds anything useful I can use
07:56 babilen neilf_: What makes a host a "vagrant" one? How do you manage that? How do you install vagrant and how do you manage that installation?
07:56 neilf_ I use https://github.com/saltstack/salty-vagrant
07:57 neilf_ what makes it a vagrant one is that I run 'vagrant up' and it does the bootstrapping etc
07:58 malinoff neilf_, why do you need to manage that differently then a machine that is not installed by vagrant?
07:58 babilen neilf_: That has been deprecated quite some time ago as vagrant support the salt provisioner directly. So you want to know if a host is managed by vagrant? I would solve this differently .. I would configure vagrant to use a specific salt minion config in which you set a specific grain (say "vagrant", cf. http://docs.saltstack.com/en/latest/topics/targeting/grains.html)
07:59 babilen neilf_: You can then use that grain and do things differently if it is present or set to a specific value.
08:00 neilf_ ooh
08:00 neilf_ thanks guys
08:00 neilf_ I'll have a play
08:00 Luke joined #salt
08:02 babilen neilf_: A Vagrantfile such as http://paste.debian.net/104229/ is what I am thinking of. You would then use a specific minion config in salt/minion (in the vagrant project directory)
08:03 babilen neilf_: And malinoff's question is also quite interesting: Why do you have/want to do this differently? Is that really necessary? Might that invalidate tests run in vagrant in the sense that the vagrant setup is not quite the same as the production one?
08:05 linjan joined #salt
08:06 bhosmer joined #salt
08:14 ckao joined #salt
08:17 ghartz joined #salt
08:19 JeroenH_ joined #salt
08:20 davidone joined #salt
08:20 TheThing joined #salt
08:20 Guest50135 Quick question, when using "include" in sls, do you specify a relative based on current sls file or is it always a path based on the root?
08:21 ghartz Guest50135, root
08:21 Guest50135 uhh, my main nick is unavailable for some reason
08:21 marnom Guest50135: a colleague of mine is using relative includes as well, specified as: include: - .file
08:21 Guest50135 and thanks
08:22 marnom seems to work :)
08:22 davidone -morning
08:22 Guest50135 so like: include: - .init ?
08:22 marnom if you have a sls in the current dir called init
08:23 marnom but that would be odd/probably conflicting
08:23 marnom in the folder base/windows/init.sls my colleague uses include: - .monitoring
08:23 marnom which is another folder in base/windows/monitoring/ which has it's own init.sls in that folder
08:23 ghartz this looks like a bit dirty IMHO
08:24 marnom ghartz: yeah I don't use it myself as well, just noticed it in a colleague's states :)
08:25 giantlock joined #salt
08:25 TheThing|work hmm...
08:25 TheThing|work any way I can "preview" an sls outcome? <_<
08:26 TheThing|work or a jinja template?
08:27 ggoZ joined #salt
08:29 TheThing|work found jinja render o/
08:30 marnom state.show_highstate perhaps?
08:34 TheThing|work oh nice, thanks again marnom :D
08:34 TheThing|work forgot about that
08:38 danelip (Re-ask) I'm having a problem getting docker.pull to work, it just says "Authentication is required". I have my credentials in a pillar in the key docker-registries:... My private registry is on https with basic authentication. If i log into the server by ssh and docker pull it uses ~/.dockercfg correctly.
08:39 danelip Any tips to debug maybe?
08:40 marnom danelip: I don't use docker myself so I'm somewhat guessing here, but perhaps you're executing the docker pull as root when you're doing it manually and Vagrant is trying to do it as the 'vagrant' user?
08:42 danelip I'm not using vagrant, Centos 6.5 with master/minion
08:42 danelip both run as root i think
08:43 marnom danelip: sorry my bad, I'm in #vagrant and #salt and apparently haven't had my coffee yet =D
08:44 danelip hehe, no problem
08:44 marnom danelip: can you see the pillar data when you run pillar.items on the host? salt $hostname pillar.items
08:44 linjan joined #salt
08:45 danelip yeah, is seems to be there fine, even forced a sync with 'saltutil.sync_all'
08:45 marnom danelip: hmm odd, sorry I wouldn't know then
08:46 danelip Maybe its not reading my pillar data, if it was an error i would probably see that
08:55 ajolo joined #salt
09:02 Luke joined #salt
09:10 jhulten joined #salt
09:12 alfborge joined #salt
09:14 alfborge We have multiple clients and need to keep their configurations separate. What's the recommended way to do that?
09:16 babilen alfborge: Separate in which sense?
09:16 alfborge We don't want one client to be able to see configuration that is specific for a different client.
09:17 babilen alfborge: Where "client" is "minion" (or rather "minions belonging to client A") ?
09:18 babilen alfborge: Different settings for formulas in their respective pillar would be *one* approach. That way minions won't be able to see data that doesn't target them.
09:18 alfborge The latter. With client I mean customer.
09:19 babilen alfborge: I am still not sure if you refer to, say, your Git repositories which you make available to the customers or actual data/states that target their minions.
09:20 Sypher hmm seems like salt/yaml has some difficulties with multiline values in pillars
09:21 babilen Sypher: I use it without problems for file contents (e.g. certificates) - What are you doing and what is the problem?
09:22 alfborge babilen: Some data is shared across our customers while other data is specific to one and should not be visible to other clients. This is mostly xml configuration files.
09:23 alfborge Ideally we would like to have one git repository for each customer and one common git repository and layer it like like with state files.
09:24 Sypher babilen, I'm trying to add "custom configs" to my vhosts like: foo: | line1 line2 but highstate complains about expecting a document start but getting a scalar
09:24 babilen alfborge: You can do that easily by configuring multiple gitfs remotes. See http://docs.saltstack.com/en/latest/topics/tutorials/gitfs.html -- Use pillars for sensitve data that should not be seen by other minions/customers.
09:25 babilen Sypher: Mind pasting the state (-fragment) and error to, say, http://paste.debian.net ?
09:26 wigit joined #salt
09:27 alfborge babilen: Indeed, the problem is that the risk of leaking sensitive data between customers is too high with this approach. It's too easy for someone to add something sensitive to the config files in git by mistake.
09:29 babilen alfborge: How so? You would have one git repository per customer for states and one for pillar. You can mix in general-purpose formulas or more generic states in other git repositories.
09:30 Sypher babilen, http://paste.debian.net/104243/
09:30 babilen alfborge: Also consider using one salt master per customer and to throw salt syndic into the mix to manage those.
09:30 alfborge Some of our config files are in xml and the entire contents is sensitive.
09:31 babilen alfborge: Sure, keep those in pillars. Use file.managed with content_pillar to populate them.
09:31 jdmf joined #salt
09:32 ahale joined #salt
09:33 babilen Sypher: Okay, you could use file.append or simple enumerate each line (make it a list) in the pillar and then iterate over lines in your template.
09:33 Sypher others are doing it like this as well, like the zabbix formula. oddly it doesn't work for me
09:33 Sypher file.append after doing a file.managed seems not very clean
09:35 alfborge babilen: Yes, I've considered that approach as well (syndic).  Might be better for us.
09:35 agend joined #salt
09:35 CeBe joined #salt
09:36 alfborge babilen: The problem with content_pillar is that you then need to wrap the file in yaml. That doesn't sit well with me.
09:36 babilen Sypher: Yeah, I don't like file.append much either. Let's see if there is something else going on. I take it that whitespace is okay in your pillar?
09:36 Sypher you mean line 15?
09:37 babilen Sypher: Rather that whitespace is the same on the start of line 13 and 14, but I guess it is caused by something else.
09:38 kiorky joined #salt
09:39 babilen alfborge: I use that for keys and certificates and you essentially just use something along the lines of http://paste.debian.net/104245/ in your pillar. What exactly do you mean by "wrap it in YAML" ? It might very well be that you are aware of problematic aspects that I haven't encountered yet.
09:39 linjan_ joined #salt
09:41 wigit Hi - in my top.sls I have (among other things) the following: "  'productname:PowerEdge*': \n    - match: grain". Is the use of a wildcard at the end there an issue? The openmanage-state I have under that heading was just applied to a VMware guest (which has productname:VMware Virtual Platform)
09:42 babilen Sypher: Use {# ... #} for comments
09:42 alfborge babilen: the problem occurs when you have a big xml config file.  While you could put that inside of pillars like your example, it's not ideal.
09:43 alfborge It becomes harder to edit
09:44 babilen alfborge: Well, then render the pillar yourself and read the contents from the actual file in python. Use "#!py" as the first line in the pillar and return a python dictionary with the file content as value of some key (-sequence)
09:44 picker joined #salt
09:45 Sypher babilen, that comment is just a part of the template file, nothing special
09:45 Sypher no need for jinja comment parts
09:46 babilen Sypher: yeah, I realised that a second after making my statement. I am far from being a jinja2 expert, but I thought that multiple lines in {{ .. }} are problematic.
09:46 alfborge babilen: Yes, that might work. Do you know of any examples of this being done?
09:46 babilen alfborge: No, but it is easy to write. Do you know Python?
09:46 Sypher that might be the reason here then.. as the raw pillar does properly show the lines
09:48 kiorky joined #salt
09:49 alfborge babilen: Yes, it won't be hard. I just feel like my use case must be common enough that others must have done this before.  Thanks for the help. I'll discuss some more with my team to see what we'll do. :)
09:51 babilen alfborge: Something like http://paste.debian.net/104246/ (*very* basic example! You probably want to nest additional dictionaries and deal with files that aren't there and I/O errors and whatnot.)
09:51 alfborge Thanks
09:51 babilen Sypher: You said that it is used in other formulas so it *should* work then
09:53 Sypher yeah.. for now i've switched to a list with a simple join in the jinja
09:53 Sypher which works fine
09:55 bhosmer joined #salt
09:55 ajolo joined #salt
09:56 TheThing|work hmm, with pillars, this should work, right?
09:56 TheThing|work https://github.com/nfp-projects/salt-pillars/blob/master/top.sls#L9
09:58 babilen TheThing|work: I've seen it as "match: grain" rather than "match:grain", but the rest looks normal
09:58 dsolsona joined #salt
09:58 TheThing|work hmm
09:59 TheThing|work cause I have the file iptables/router.sls
09:59 TheThing|work oh wait
09:59 TheThing|work ahh, I know what's wrong
09:59 * babilen waits
09:59 TheThing|work I was testing on wrong machine with different role
10:00 TheThing|work hmm... no it's not working
10:01 mateoconfeugo joined #salt
10:01 TheThing|work the pillar matching router should add rules to the iptables list like so: https://github.com/nfp-projects/salt-pillars/blob/master/iptables/router.sls
10:01 TheThing|work and yet somehow the output file does not include them
10:02 babilen TheThing|work: Is the state being applied? Is the grain listed? Did you try with "match: grain" ?
10:02 Luke joined #salt
10:03 TheThing|work # salt 'router*' grains.get role
10:03 TheThing|work router1:
10:03 TheThing|work - router
10:03 TheThing|work - firewall
10:04 babilen TheThing|work: And the iptables.router state is being run? What's the error you get?
10:05 TheThing|work no errors
10:05 TheThing|work but...
10:05 TheThing|work I just noticed
10:05 TheThing|work https://github.com/nfp-projects/salt-states/blob/master/top.sls <--- this is set on only base... right?
10:05 TheThing|work so maybe that's why it's not getting the router pillar
10:06 alanpearce joined #salt
10:06 CeBe1 joined #salt
10:07 TheThing|work I think it would be easier and better to include the extra subset rules inside the init.sls in the iptables: https://github.com/nfp-projects/salt-pillars/blob/master/iptables/init.sls
10:07 babilen TheThing|work: Yes, you have three environments (base, router, saltmaster) for an unknown reason and iptables.router is only set in the router environment (and *not* in the base environment)
10:07 TheThing|work yeah
10:08 babilen TheThing|work: I would have expected everything to be in base, but then I have no idea what you are doing and why you chose that particular setup.
10:08 TyrfingMjolnir joined #salt
10:08 TheThing|work yeah I moved it to base
10:08 TheThing|work I read the docs a little bit wrong
10:08 TheThing|work so this "should" work, right?
10:08 TheThing|work base:
10:08 TheThing|work '*':
10:08 TheThing|work - pkg
10:08 TheThing|work - iptables
10:09 TheThing|work 'role:router':
10:09 TheThing|work - match: grain
10:09 TheThing|work - iptables.router
10:09 TheThing|work because it isn't for me :-/
10:11 TheThing|work https://github.com/nfp-projects/salt-states/blob/master/iptables/firewall <--- this template only includes the rules from the base but not from the iptables.router
10:11 TheThing|work when I run it on the router
10:11 TheThing|work I'll keep looking
10:16 dmorrow_ joined #salt
10:17 TyrfingMjolnir joined #salt
10:18 dmorrow_ hello everyone, I was wondering if someone could help me with this question regarding {{ salt['pillar.get']('foo:bar:baz', 'qux') }} syntax, in the documenation default that is used is 'qux' I was wondering is it possible to have the default be another pillar value instead?
10:20 TheThing|work sure, just put that inside: {{ salt['pillar.get']('foo:bar:baz', salt['pillar.get']('some:other:pillar')) }}
10:20 TheThing|work recursion ftw? :)
10:20 TheThing|work well, not exactly recursion
10:21 dmorrow_ :), cool so in theory that chain to almost be infinite if the default is actually a pillar lookup ?
10:22 TheThing|work yeah
10:22 dmorrow_ excellent, well not that I will ever do that , just good to know :) , thank you for your quick reploy
10:22 dmorrow_ *reply
10:24 TheThing|work I'm still figuring out how to do my setup :b
10:24 TheThing|work good luck
10:24 dmorrow_ you too :)
10:33 giantlock joined #salt
10:33 masterkorp hello
10:33 masterkorp root@salt-master:/srv/saltstack# salt-run fileserver.update
10:33 masterkorp [WARNING ] GitPython exception caught while fetching: 'Error when fetching: fatal: remote error:' returned exit status 2: None
10:33 masterkorp how the heck do i debug this?
10:34 dsolsona joined #salt
10:39 orbit_darren joined #salt
10:40 masterkorp could i get a more informative error message
10:40 masterkorp starting by which gitfs remote is it
10:41 TyrfingMjolnir joined #salt
10:46 bhosmer joined #salt
10:51 babilen masterkorp: Run the master in debug mode (salt-master -ldebug) and check again.
10:54 Ryan_Lane joined #salt
10:55 ajolo_ joined #salt
10:58 bhosmer joined #salt
10:59 mateocon_ joined #salt
11:00 CeBe joined #salt
11:00 masterkorp thanks
11:02 dmorrow_ joined #salt
11:03 Luke joined #salt
11:04 simonmcc joined #salt
11:07 elfixit joined #salt
11:10 jhulten joined #salt
11:18 izibi joined #salt
11:19 Sacro How do I get salt to find chocolatey in the new install location (c:\ProgramData\Chocolatey\
11:22 davidone is there any way to let a minion to raise an event to the master node (without installing a minion on the master node)?
11:22 viq what do you mean "raise an event to the master node" ?
11:24 nicksloan joined #salt
11:24 Lomithrani joined #salt
11:24 davidone well, I intend: how could I use a master node in the target tag?
11:26 davidone something like that: http://pastebin.com/30V8divX
11:26 viq by having a minion there
11:26 davidone (without installing a minion  on the master node)
11:26 davidone :)
11:26 davidone ok, it seems the only way. Thanks :)
11:26 viq Nope
11:26 babilen What's the problem with installing a minion?
11:26 viq Maaaaaybe salt-ssh
11:27 davidone babilen: no problem at all, just asking if this is the 'best' way
11:27 viq davidone: "how can I do stuff without using the only component that does stuff?" ;)
11:27 davidone you said 'maybe salt-ssh' so it doesn't seem the only way :)
11:28 babilen Well, there might be a good reason not to use a minion, but I'd like to know that before investigating alternatives.
11:28 viq I didn't say maybe, I said maaaaaaaybe ;)
11:28 davidone :)
11:29 ndrei joined #salt
11:29 malinoff Don't know why there is no 'local' mode, since salt has all modules on the server side
11:30 babilen davidone: There are *many* options, but the most obvious is probably to use a minion. As that does not seem to be an option (why?) we have to look for alternatives, but it would be easier to do that if we knew *why* a minion is not an option and if that also rules out other approaches.
11:30 viq malinoff: there is a local mode - on minion. Master is a communication bus
11:31 davidone babilen: installing a minion on the master node is fine (actually I'm using it). As I said, I was just curious about that.
11:31 malinoff viq, so I don't see a reason for master to have all execution/state modules :)
11:31 viq malinoff: does it really?
11:32 malinoff lol yes
11:32 malinoff The point is that you CAN run them locally on the master
11:32 malinoff via python
11:32 viq mhmm
11:32 viq Can't say I really investigated this
11:34 malinoff ls -l /usr/lib/python2.7/dist-packages/salt/ | egrep '(modules|states)'
11:35 marnom joined #salt
11:35 jrdx joined #salt
11:35 viq I don't have a machine that's a master without being a minion
11:35 malinoff I have - so I can definitely say that the master has all that stuff
11:36 jrdx joined #salt
11:36 ml_1 joined #salt
11:37 malinoff salt-common package contains everything - salt-master/salt-minion just specifies correct binaries and configs
11:41 diegows joined #salt
11:42 bhosmer joined #salt
11:43 bhosmer_ joined #salt
11:51 Teknix joined #salt
11:52 agend joined #salt
11:56 ajolo_ joined #salt
12:04 Luke joined #salt
12:07 agh Hello to all,
12:08 agh I need to use Salt to distribute a large file (tar.gz of approx 1GB) to some minions. It works, but, each time highstate is ran, it take a while, even when there is no modification on this file.
12:08 agh Do you have an idea how to make this faster ?
12:10 malinoff agh, http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.rsync.html
12:10 viq Or file.managed with source via http
12:15 agh viq: yes. http with file.managed was the way I was lookging at...
12:15 agh thanks !
12:17 elfixit1 joined #salt
12:21 mateoconfeugo joined #salt
12:22 mateocon_ joined #salt
12:26 rawtaz 9/37
12:26 rawtaz sorry, couldnt resist..
12:28 alanpearce joined #salt
12:30 Luke joined #salt
12:30 TyrfingMjolnir joined #salt
12:33 ekristen morning everyone
12:48 bastion1704 joined #salt
12:52 taterbase joined #salt
12:55 ajolo__ joined #salt
13:05 miqui joined #salt
13:05 davidone I have this error: http://pastebin.com/Z9DWSnJu
13:06 davidone is there a way to let the minion try again and again to authenticate?
13:06 rojem joined #salt
13:10 jhulten joined #salt
13:11 happytux joined #salt
13:12 racooper joined #salt
13:13 ajprog_laptop joined #salt
13:14 davidone joined #salt
13:17 resmike joined #salt
13:19 davidone joined #salt
13:21 vejdmn joined #salt
13:27 devx joined #salt
13:30 bernieke we're looking into using saltstack to manager client servers over the internet
13:30 bernieke are there any caveats to be aware off?
13:36 wendall911 joined #salt
13:38 logix812 joined #salt
13:40 marnom bernieke: that's a pretty open question... but no it's encrypted and all initiated from the client to the server so no firewall issues most of the time..
13:40 marnom bernieke: we're using it over the internet to manage our digital ocean vms
13:47 bernieke awesome, thanks marnom!
13:51 quickdry21 joined #salt
13:52 NVX joined #salt
13:52 dude051 joined #salt
13:53 bastion1704 bernieke same here. Mix of AWS Ec2 instances and bare metal servers located around the world. All managed by salt (also in AWS)
13:55 dotplus would it be a reasonable pattern to have salt environments map to git branches? so you could have a branch/env for dev, qa, production by checking out the correct branch of the repo into /srv/salt/<env> and listing it in the top file?
13:55 ajolo joined #salt
13:56 jaycedars joined #salt
14:01 masterkorp Hello
14:01 masterkorp I have a template that is totally being ignored
14:01 masterkorp do they need to have a specific extension ?
14:02 masterkorp this worked so well on kitchen-salt
14:03 jaycedars joined #salt
14:04 InAnimaTe joined #salt
14:06 cowyn_ joined #salt
14:09 Lomithrani joined #salt
14:13 penguin_dan joined #salt
14:15 viq dotplus: that's already how it works
14:15 davidone How could I execute a state only if a disk is not mounted?
14:15 viq dotplus: with gitfs.
14:15 viq masterkorp: are you telling the file.managed that it's a template?
14:15 davidone using something like: unless: mount | grep ^/dev/hdd | wc -l seems not working
14:16 viq dotplus: wc -l breaks it for you
14:16 viq erm
14:16 viq davidone: ^
14:16 kiorky joined #salt
14:16 davidone in the sense that it returns true anyway?
14:16 viq davidone: wc -l will always have return code of 0, while grep if it doesn't find what you're grepping will return... whatever, not 0
14:17 viq yeah
14:17 masterkorp viq: nvm i am a dumbtard, spoted some jinja errors
14:17 dotplus viq: thanks, I'll take a look at gitfs
14:17 davidone viq: I'll try without wc
14:17 danielbachhuber joined #salt
14:18 davidone viq: thank you, it works :)
14:18 viq :)
14:18 davidone I was so close, damn it! :)
14:23 miqui joined #salt
14:23 miqui joined #salt
14:25 cheus joined #salt
14:25 conan_the_destro joined #salt
14:26 cheus G'day, is there a way to list all available states from the master? trying to debug some backend weirdness
14:27 kaptk2 joined #salt
14:32 davidone any news about python 2.7.7 issues?
14:32 zain_ joined #salt
14:34 jeffrey4l joined #salt
14:35 zain_ joined #salt
14:37 Networkn3rd joined #salt
14:40 jaimed joined #salt
14:43 mgw joined #salt
14:43 patarr does ip.get_routes work for anyone else on CentOS 6.5?
14:44 bastion1704 how salt.states.composer handle install versus update ?
14:45 peters-tx patarr: Odd, I'm not seeing it work on RHEL 5
14:45 viq patarr: uhm, there is no ip module
14:45 patarr ...
14:45 patarr peters-tx: then I'm fairly sure this is a bug!
14:45 thedodd joined #salt
14:46 viq at least not according to docs.saltstack.com
14:46 peters-tx /usr/lib/python2.6/site-packages/salt/modules/rh_ip.py
14:46 patarr viq that's because there's a different ip module for every distro
14:46 viq oh, that *reads*
14:46 jeffrey4l Is anybody know when the new version of the salt will be released?
14:46 patarr where do you file salt bugs?
14:47 chiui joined #salt
14:47 viq jeffrey4l: I think rc1 is due on 18th or so
14:47 peters-tx patarr: Might want to look at salt-call -l all ip.get_routes eth0    on a test client
14:47 viq patarr: github
14:47 jeffrey4l viq, OK, thx
14:48 peters-tx patarr: Another interesting kink is that different revs of the kernel between RHEL versions use em0 versus eth0
14:48 viq peters-tx: I think that's actually dependant on hardware
14:48 peters-tx Not sure if salt addresses that, really... perhaps
14:49 patarr the argument is interface name though, so it shouldnt affect it.
14:49 viq And to make it even more fun, you can have first interface be eth0 or em1
14:49 patarr and yes, i believe that depends on hardware. like some broadcom interfaces are like bg or something
14:49 peters-tx patarr: Definitely not this particular problem
14:50 patarr peters-tx: wow thats a lot out of output from that command x)
14:50 peters-tx patarr: Yes; I don't really see anything that's relevant :(
14:51 peters-tx Well at least this works OK  salt-call ip.get_interface eth0
14:52 patarr and why can i pipe the output into less? :-/
14:52 patarr does it output the trace to stderr? thats very strange/
14:53 bernieke my first ethernet adapter is called enp0s25
14:53 bernieke welcome the arrival of systemd :)
14:53 peters-tx bernieke: What distro?
14:53 bernieke that's on arch
14:54 peters-tx patarr: Fyi, get_routes does "path = os.path.join(_RH_NETWORK_SCRIPT_DIR, 'route-{0}'.format(iface))"  which seems pretty wrong I think
14:54 viq bernieke: I have enp2s0: and wlp0s20u3:  ;P
14:54 bernieke :)
14:54 peters-tx patarr: Oh wait, funny
14:55 peters-tx patarr: That path matches the RHEL script ifup-routes ...
14:55 patarr I must be missing something here.
14:55 patarr Why?
14:55 peters-tx patarr: But I myself have never ever created any route-eth0 files
14:56 patarr Why not do a route -n?
14:56 patarr so ip.get_routes only gets routes that you statically set up?
14:56 ajolo joined #salt
14:56 peters-tx patarr: From the docs, get_routes: "Return the contents of the interface routes script."
14:56 patarr damn it :(
14:57 jnials joined #salt
14:59 peters-tx patarr: I have some McAfee Web Gateways here (RHEL based appliances) and they have route-* scripts
15:00 peters-tx patarr: So I'm thinking this is a RHEL standard, even though I've always used /etc/sysconfig/static-routes
15:00 peters-tx patarr: However I would really expect salt to harvest the /proc FS, or us the 'ip route' command
15:00 patarr peters-tx: too bad it doesn't return structured data from route -n
15:01 patarr peters-tx: i suppose it's expected behavior for what it's mean to do. Return the static routes made by those scripts. But I see many instances where you want to get or set route information that's not set with those scripts..
15:01 patarr so its a little confusing. should be something like ip.get_script_routes or something. idk
15:02 m1crofarmer joined #salt
15:04 mgw joined #salt
15:04 al joined #salt
15:05 saru11 joined #salt
15:05 saru11 hello
15:05 mgw joined #salt
15:05 fneves joined #salt
15:07 saru11 let's say I want to install/uninstall multiple RPM packages with the same prefix name, as the pkg state does not seem to support globbing how can I simply uninstall let's say all packages matched by "system-config-*'?
15:07 peters-tx patarr: We could probably stand to have a "proc" or "procfs" module! :)
15:07 fneves I've developed a custom state and now I would like to make another state depend on the successful run of that state
15:07 saru11 I can use cmd state to run rpm/yum directly but is there any other more elegant way to achieve that?
15:07 fneves how I can I make this?
15:08 fneves I can require an entire sls
15:08 patarr saru11: i think you might be looking for pkg?
15:08 patarr peters-tx: that sounds useful :)
15:08 fneves but not a specific state id
15:09 jonbrefe joined #salt
15:09 viq fneves: you can if you include that state
15:09 saru11 yep, but specifying package name as "package-name-prefix-*" does not work, it's not supported
15:09 fneves yes, but I want to make sure the other state does not run
15:10 fneves I want to make it both run successfully
15:10 viq fneves: then I'm confused. You depend on it not running?
15:10 fneves the other way around
15:10 fneves stat A runs
15:10 jhulten joined #salt
15:10 fneves state B will only run if A is successful
15:11 fneves any way to do this?
15:11 viq Yeah. In B.sls include: - A and your B.something - make it require A.something
15:11 peters-tx saru11: Pelhaps you can add that functionality.  Globbing seems to be missing I think from the pkg module for a lot of that stuff
15:11 jonbrefe Hi people. Any recommendation to distribute the private key on pressed minion? I am deploying through cobbler servers and I want to push salt ready of box, but I am getting paranoic with the keys :D
15:11 viq Or even you can require: sls: A
15:11 peters-tx saru11: Of course that might be a safety measure; I don't know
15:11 fneves yep, but that requires me to have A in a different file
15:11 mateoconfeugo joined #salt
15:12 fneves can I do it on the same file somehow?
15:12 viq fneves: oh, same file? Then it's banal
15:12 fneves how do I do it?
15:12 viq fneves: just search require on the salt docs page, it has nice explanations
15:13 viq http://docs.saltstack.com/en/latest/ref/states/requisites.html
15:13 fneves been there
15:13 fneves the problem is the type
15:13 fneves it is not a file that I am requiring
15:13 viq fneves: then read the page again
15:13 fneves neither an entire sls
15:15 viq and notice how eg it uses require: pkg
15:15 saru11 thanks, guys
15:15 viq fneves: or paste your states somewhere and then we can offer suggestions
15:16 fllr joined #salt
15:17 fneves I'm preparing a gist
15:18 fllr Hey guys. I have a function called test(). I wanna be able to call it within jinja like this: {% for x in test() %}, how do I do that?
15:19 Ryan_Lane joined #salt
15:20 Networkn3rd joined #salt
15:21 kiorky joined #salt
15:21 fneves https://gist.github.com/fneves-datalex/8d513635d48ba8bb4605
15:21 fneves the health_check.wait_for_url is a custom state
15:22 viq and you want the version_file to depend on resource_available ?
15:22 fneves that waits until it gets a 200 from a url
15:22 fneves yep
15:22 viq then add to require this: - health_check: resources_available
15:23 fneves will try
15:24 viq fneves: like so https://gist.github.com/viq/b2f79a633c9a3b1ad7a5
15:24 viq unless you really have a distribution package named resource_available
15:25 fneves I don't have a distribution package named resource_available
15:25 viq Then try my gist
15:25 fneves that is just the id I gave to that state
15:26 viq No, last line is modified: instead of pkg there is health_check
15:26 viq Because you're depending on a health_check state named resource_available, not on a package state called resource_available
15:28 teskew joined #salt
15:28 fneves thanks it did work
15:28 fneves yes
15:28 fneves I could understand that the type was not the same
15:28 fneves not a pkg, and sls, or a file..
15:29 viq It's the name of the function being used
15:29 fneves but I had no idea that my state would actually be a type
15:29 viq Well, it's a function
15:29 viq But yeah
15:29 viq Anything you can use in a state is something you can depend on
15:29 fneves wouldn't function be the wait_for_url?
15:30 viq erm
15:30 fneves and health_check the module?
15:30 fneves or state
15:30 fneves ?
15:30 viq Module, whatever. I usually heard those referred to as functions, I'm not a programmer myself so I don't know the proper terms.
15:30 viq For me a state is what you write in the SLS file
15:30 fneves ok
15:31 fneves thanks very much for your help
15:31 viq :)
15:31 fneves this makes my day a happy day :)
15:31 viq hehe :)
15:31 viq glad I could help
15:31 fneves by the way, if I want to contribute with custom states and modules I am actually using
15:32 fneves is there any guide for what can/should be included into salt ?
15:33 viq I think "anything you think may be useful" - especially if you're willing to make sure it continues working and being useful as things evolve
15:33 jalbretsen joined #salt
15:34 fneves ok
15:34 fneves will do
15:34 thedodd joined #salt
15:34 fneves one more time, thanks for the help
15:35 dfinn joined #salt
15:35 viq :)
15:35 dfinn does salt-api run automatically on the master and if so, what port does it run on?
15:37 viq dfinn: when I looked I think it was a separate package. I'm not sure what happens once it's installed though
15:37 dfinn I think this is what I'm looking for?
15:37 dfinn http://salt-api.readthedocs.org/en/latest/ref/netapis/all/saltapi.netapi.rest_cherrypy.html
15:38 tligda joined #salt
15:38 viq Apparently so
15:44 tmwsiy joined #salt
15:45 ipmb joined #salt
15:45 timoguin fneves: you can also make PRs against saltstack/salt-contrib if it needs more testing or doesn't need to be in salt core
15:48 dude051 joined #salt
15:50 dude051 joined #salt
15:51 Ryan_Lane can anyone give me an example of how onchanges works?
15:52 Ryan_Lane I'd like to run aptpkg.refresh_db only if a ppa is added via pkgrepo.managed
15:53 smcquay joined #salt
15:54 kuffs joined #salt
15:55 kuffs alright, I've got a super legacy question here
15:55 Gareth morning
15:55 davidone is there any way to have a rand_sleep state between two states (parted and mkfs)?
15:55 kuffs morning
15:55 davidone sometimes the os wants a couple of seconds to update disk partition table
15:56 kuffs let's get this much out of the way: yeah, I need to upgrade. I plan on doing that very soon
15:56 ajolo_ joined #salt
15:56 kuffs I've got an 0.11.2 cluster that I'm trying to bring online
15:56 Ahlee Now I'm intrigued
15:56 viq wow
15:56 kuffs the master is basically going unresponsive after an unspecified amount of time
15:57 kuffs I've got about 1500 minions rolling right now
15:57 kuffs I've got another cluster with about 950 minions that is doing just fine
15:57 Ryan_Lane do you have enough threads?
15:58 kuffs good question
15:58 kuffs let me find out
15:58 Ahlee yeah, worker threads, or open file descriptors
15:58 Ahlee since you figure the master needs 2*minions for sockets alone
15:58 kuffs I've got 100k file descriptors in ulimit
15:59 Ahlee shouldn't be that, then :)
15:59 Ahlee I'm afraid 0.11.x is well before my time, so I don't know what existed back then
15:59 kuffs yeah, and I'm running the master in the foreground on full debug output and I would have expected some kind of error if I ran out of descriptors
16:00 kuffs my next step once this is online is to get everything migrated to a more recent version
16:00 Ahlee does 0.11 support trace?
16:00 kuffs couldn't afford to spend time re-QA-ing all of my sls against a new platform
16:00 Ahlee i hear ya there.
16:00 Ahlee we stayed on 0.16 for a long time, and still on 0.17.5 with no real plans to move forward
16:01 Ahlee Here's a fun one that popped up in my windows hosts: https://gist.github.com/jalons/30ef32e756cb388d876c
16:01 godber1 joined #salt
16:02 troyready joined #salt
16:03 fllr joined #salt
16:03 Luke joined #salt
16:04 Luke joined #salt
16:05 Ahlee updated with full log
16:07 MatthewsFace joined #salt
16:07 kuffs Ryan_Lane, Ahlee: looks like worker_threads is indeed a valid configuration option in 0.11!
16:07 Ryan_Lane yep
16:07 Ryan_Lane you may need to increase that
16:08 Ahlee I run 50 worker threads for ~400 minions
16:08 dstokes joined #salt
16:08 Ryan_Lane the default would be pretty low for that number of minions
16:08 kuffs defaulted to 5, raised it to 10
16:08 Ahlee and still wind up backin gup
16:08 kuffs oh geez
16:08 Ryan_Lane watch out for memory usage
16:08 kuffs how many cores on your master?
16:08 Ahlee 8 cores
16:08 kuffs woooof
16:08 Ahlee i probably spend a lot of time context switching
16:08 Ahlee but, it hasn't been worth tracking down
16:09 conan_the_destro joined #salt
16:09 Ryan_Lane you may want to set the worker threads to a multiple of your cores
16:09 Ryan_Lane salt should really also support taskset
16:09 Ryan_Lane for master threads
16:10 Ahlee I used to shield a core for network interupts, and run the rest of salt on the remaining cores
16:10 kuffs welp, thankfully this is all cloud gear so I can just change the resources on the box
16:10 Ahlee python being python, no benefit
16:11 Ryan_Lane doesn't salt launch multiple processes?
16:11 Ryan_Lane for the master?
16:11 Ahlee yes, one parent many worker threads
16:11 Luke joined #salt
16:11 Ryan_Lane heh. I'm about to push something wonderful in :)
16:12 dude051 joined #salt
16:12 Ahlee but standard config here for servers is OS gets first core on each physical processor, remaining cores are free for applications
16:12 KyleG joined #salt
16:12 KyleG joined #salt
16:12 Ahlee unless the hardware architecture puts the PCIe slot closer to one of the processors
16:12 Ahlee Ryan_Lane: oh?
16:13 Ryan_Lane one sec ;)
16:13 mgw joined #salt
16:15 kuffs Ahlee, Ryan_Lane: seems like it's a lot more responsive now. Really appreciate the quick help.
16:15 Ryan_Lane yw
16:16 redondos joined #salt
16:16 redondos joined #salt
16:16 harkx joined #salt
16:17 forrest joined #salt
16:17 active8 joined #salt
16:18 Ryan_Lane https://github.com/saltstack/salt/pull/13360 \o/
16:19 diegows joined #salt
16:19 forrest good change Ryan_Lane
16:20 forrest Ryan_Lane, I don't think your documentation line is clear enough though
16:20 Ryan_Lane I'm guessing you can see where I'm going with that ;)
16:21 viq forrest: you're still looking for the CI system?
16:22 Ryan_Lane forrest: ok. I can make that clearer
16:22 forrest viq, no, went with jenkins
16:22 viq forrest: because the other day I remembered about gitlab-ci
16:23 viq forrest: ok. how's the experience so far?
16:23 forrest Ryan_Lane, cool, you could just change it to 'If set to false this will skip refreshing the apt package database on debian based systems'
16:24 forrest viq, pretty good, I had a test instance up and running, processing jobs, hooked to hipchat, and pulling from our gitlab instance on push after about 1.5 hours on friday
16:24 viq forrest: not bad indeed
16:25 forrest viq, nope, there's also a salt formula for it, so I've been modifying that to our specific needs which is always nice
16:26 * viq nods
16:26 Ryan_Lane -_-
16:26 Ryan_Lane aptpkg.mod_repo *also* calls refresh_db
16:27 TheThing|work I just realized... I was using pillars to keep private information off the minions for... well, for security reasons... only to completely forget that all my pillars are on a public github repository xD
16:27 bhosmer joined #salt
16:28 bhosmer_ joined #salt
16:29 Ahlee TheThing|work heh, whoops!
16:29 Gareth Ryan_Lane: the modules that manage repos would be a good place to add some support for the new mod_aggregate function, eg. only run update once all of them have been added.
16:29 Ryan_Lane indeed.
16:29 TheThing|work But I'm a firm believer that if you make something secure, you can keep it public records :)
16:29 Ryan_Lane I'm handling it via sls
16:29 TheThing|work it's kinda my way of forcing me to do things rights
16:30 Ryan_Lane I'm using pkg.update_db via a wait
16:30 Ryan_Lane via module.wait and watch_in
16:31 NVX joined #salt
16:31 Ryan_Lane now a state that was taking 40 seconds is taking 10
16:32 * Ryan_Lane fixes the module too
16:32 schimmy joined #salt
16:34 resmike joined #salt
16:34 schimmy1 joined #salt
16:35 Ryan_Lane forrest: it looks like I can completely remove the __salt__['pkg.refresh_db']() from pkgrepo.manage function
16:35 Ryan_Lane since the function it's calling will do it
16:36 Ryan_Lane the stupid pkgrepo.manage function will call it even if there's no changes
16:36 possibilities joined #salt
16:37 Luke joined #salt
16:37 ecdhe I'm writing an iptables formula to keep all ports closed that a server doesn't need.
16:37 ecdhe But I don't want it to have specific knowledge of the other services installed.
16:37 ecdhe Do you salt pros have any idea how I can do that?
16:37 TheThing|work lol
16:38 darkelda joined #salt
16:38 TheThing|work so you're doing the exact same thing as I am ecdhe :D
16:38 dlam joined #salt
16:38 TheThing|work or what I've been working on
16:38 ecdhe TheThing|work,  interesting.
16:38 diegows joined #salt
16:38 TheThing|work but it's not working
16:38 TheThing|work here's what I was doing
16:38 jimklo joined #salt
16:39 TheThing|work https://github.com/nfp-projects/salt-pillars/blob/master/top.sls <--- this is the top file that picks the rules
16:39 TheThing|work https://github.com/nfp-projects/salt-pillars/blob/master/iptables/router.sls <--- this is how the rules are defined
16:39 TheThing|work (just my version)
16:39 TheThing|work and finally, here is the jinja template: https://github.com/nfp-projects/salt-states/blob/master/iptables/firewall
16:39 TheThing|work unfortunately the top.sls in the pillar is not working for me
16:39 TheThing|work it's only picking the rules in the default iptables set
16:40 bastion1704 os state.composer suppose to be use to do composer install / update ?
16:40 TheThing|work you can see all of my project files on those 2 repositories
16:40 aw110f joined #salt
16:40 TheThing|work ecdhe, if you figure some better way of doing this, let me know, I'm also interested in a solution for this :)
16:40 Ryan_Lane forrest: does that change look ok?
16:42 ecdhe TheThing|work, have the brains around here weighed in on it?
16:42 TheThing|work Not really but I didn't explain my problem very well
16:42 TheThing|work and then I got distracted :)
16:43 TheThing|work I'm sure it's something stupidly simple though, the solution
16:43 TheThing|work I just haven't figured it out yet
16:43 TheThing|work I think the reason is that it's not picking up the roles correctly
16:43 TheThing|work at least, my problem
16:44 TheThing|work the "role" grain is an array so I think that's why the top.sls is not matching the iptables subest rules
16:44 TheThing|work *subset
16:44 dlam hmm if i gotta make a staging site that mirrors production,  the thing to do is this thingy yeah?  http://www.saltstat.es/posts/environment-based-clusters.html   (randomly googled it)
16:46 ecdhe TheThing|work, I don't see the issue in your code, but the design looks like what I'd set out to do initially.
16:46 ecdhe And it looks appropriate for your situation.
16:47 TheThing|work it works surprisingly well. I'm gonna test to see if the issue is because the "role" grain is an array
16:47 ecdhe I'm looking at the general issue of opening ports based on what's installed--so I don't want to have a firewall.router state...
16:47 ecdhe I want to have a "router" formula that adds it's own ports.
16:48 TheThing|work the template-ing creates a kinda cool output: https://gist.github.com/anonymous/f1190276a78cb15f8e85
16:48 ecdhe My goal is to have ZERO router-specific code in the firewall formula.
16:48 TheThing|work Interesting approach
16:48 TheThing|work you could do something similar and extend the "rules" pillar and add "ports" to it
16:48 Luke joined #salt
16:48 TheThing|work so in your, for example, nginx.sls or something
16:49 TheThing|work you would: include: - iptables
16:49 viq Hm, so states bringing with them information that something is listening on a port? Interesting.
16:49 ecdhe viq, yes.
16:49 Ryan_Lane forrest: so, yeah, this is what I'm doing: https://gist.github.com/ryan-lane/085ec4fd14f337a6b09f
16:49 TheThing|work and then: extend: -out: 20
16:49 resmike joined #salt
16:49 TheThing|work or something
16:49 TheThing|work *extend: -out: -80 -443
16:49 TheThing|work or something like that :b
16:49 TheThing|work I think that works
16:50 kuffs Ahlee, Ryan_Lane: how did you guys figure out how many worker threads you actually needed? What's your workload like?
16:50 Ryan_Lane always doing pkg.installed, rather than pkg.latest means I can avoid calling apt-get update unless a ppa changes. i can apply security updates via remote execution
16:50 Ryan_Lane <3
16:51 Ryan_Lane kuffs: I'm actually not running a master where I am now, but at wikimedia we have about 1000 nodes and I think I run with worker threads set to 10
16:51 ksk joined #salt
16:51 kuffs word
16:51 Ryan_Lane mostly because I was memory constrained
16:51 Ryan_Lane I would have likely run with it at 20 otherwise.
16:51 TheThing|work nice
16:51 kuffs I'm watching htop right now and the threads seem pretty evenly distributed for load
16:51 kuffs but not all are in R state
16:52 kuffs ram is creeping up though
16:52 kuffs I will be upgrading as soon as I can
16:52 kuffs get some sanity and some group debuggability out of it :P
16:56 ajolo__ joined #salt
16:56 TheThing|work hmm
16:57 ramteid joined #salt
16:58 forrest Ryan_Lane, yea that looks fine to me
16:58 Ryan_Lane cool
16:58 forrest Ryan_Lane, it's kind of a shitty work around though
16:58 forrest it just should wait and refresh once
16:58 forrest is there an issue for that?
16:58 Ryan_Lane nope
16:58 forrest You should make one
16:58 Ryan_Lane yeah, I think aggregates are the way to handle that
16:58 forrest it should operate exactly like the pkg installed pkgs vs names works
16:59 forrest though it would need to somehow aggregate the items
16:59 Ryan_Lane well, this change makes things much better than before
16:59 Ryan_Lane previously every single run pkgrepo would call apt-get update
16:59 Ryan_Lane even if no change occurred
16:59 forrest oh yea I totally agree
17:00 forrest I just feel like we should be able to make it... sexier
17:00 ml_1 joined #salt
17:00 ipalreadytaken joined #salt
17:00 Ryan_Lane totally agree
17:00 Ryan_Lane adding an issue
17:00 schmutz joined #salt
17:01 forrest cool
17:01 Ryan_Lane well, this is more of an issue with the module than the state
17:01 ecdhe TheThing|work, I have seen the suggestion that I make a firewall do something like "if apache is installed, open port 80" in the firewall...  but the problem with that is that apache might run on port 81, for instance.
17:02 ecdhe It is very important that the apache state itself get to pick the port.
17:02 Ryan_Lane forrest: https://github.com/saltstack/salt/issues/13361
17:02 ecdhe I am surprised that nobody on #salt has done this.
17:02 Joseph joined #salt
17:02 forrest cool
17:02 Joseph is whiteinge around?
17:03 TheThing|work so couldn't you put the actual port inside the apache state?
17:03 TheThing|work also, I'm stuck, my extend is not working for some reason
17:04 resmike joined #salt
17:04 Networkn3rd joined #salt
17:04 TheThing|work https://github.com/nfp-projects/salt-pillars/blob/master/iptables/router.sls <--- is this wrong? I can't spot anything wrong with it but when I loop through pillar['rules']['raw'] it never includes those extra extended entries
17:04 TheThing|work only the original entries
17:05 TheThing|work if anyone can help me with that, that would be sweet
17:06 Joseph TheThing|work: extend is supported in pillar? i thought it only worked in state files.
17:06 TheThing|work really? that... might explain a few things...
17:07 Joseph TheThing|work: well i assumed it was because this is theo nly documentation on it http://salt.readthedocs.org/en/latest/ref/states/extend.html
17:07 TheThing|work ahh
17:07 TheThing|work let me test that then
17:07 Joseph TheThing|work: it could certainly be that extend is supported but it was never documented :)
17:08 TheThing|work now it works FLAWLESSLY
17:08 TheThing|work removed the extend but still worked in the way that I wanted :D
17:08 TheThing|work my god this is awesome
17:09 TheThing|work ecdhe, if you config apache in pillars
17:10 TheThing|work you can easily just add port numbers to some iptables variable
17:10 TheThing|work ahh, it overwrote the previous entries
17:10 TheThing|work damn
17:10 TheThing|work pillars needs extend functionality
17:11 forrest there's an issue for that, and it's kind of complicated to do I believe
17:11 forrest TheThing|work, https://github.com/saltstack/salt/issues/3991
17:13 dwfreed joined #salt
17:14 Joseph TheThing|work: you may be able to achieve something similar with jinja map file and then just import variable in a another file
17:14 Joseph TheThing|work: it won't be exactly what you are looking for though
17:14 TheThing|work yeah but it would work out
17:14 TheThing|work thanks
17:15 kballou joined #salt
17:15 cheus I'm seing versionadded strings in quite a few docs; is that something we're supposed to add by hand pre-pull request or is that added when the new version is cut?
17:16 forrest Ryan_Lane, whiteinge, the flowroute offices are confirmed for a sprint in Seattle, I'll shoot an email out when I get home tonight.
17:17 Ryan_Lane nice
17:17 forrest cheus, you add that when you write the docs
17:17 cheus forrest, So for Helium, we'd just leave it without a number and just use the codename?
17:18 ndrei joined #salt
17:18 forrest cheus, you know I'm not sure for helium, I'm trying to think of some examples...
17:18 forrest cheus, .. versionadded:: Helium
17:18 forrest like that
17:18 cheus forrest, danke
17:18 forrest np
17:18 TheThing|work Joseph: Looks like it has already been implemented: https://github.com/saltstack/salt/pull/10625
17:18 mateoconfeugo joined #salt
17:18 TheThing|work was merged in march so I guess next version will have it included \o/
17:19 tedski forrest: legal came back and said, "go right ahead with bugfixes"... so maybe i just need to file a bug before adding each feature :)
17:19 resmike joined #salt
17:19 forrest tedski, I actually do that all the time
17:19 forrest file an issue, go home and fix it, close the issue
17:19 forrest it's a good reminder
17:19 forrest since it always remains in github
17:24 TheThing|work Soo... when will we see a book for saltstack? :p
17:27 druonysus joined #salt
17:27 druonysus joined #salt
17:27 Joseph TheThing|work: there's actually an epub already
17:28 Joseph TheThing|work: but the more pressing problem is that the online documentation needs to be restructured and beefed up
17:28 TheThing|work Yeah, would be cool to add bunch of little hints and stuff
17:28 Joseph TheThing|work: salt states are far more complicated to learn than they should be
17:28 Joseph salt states are easy to use once you "get it"
17:28 TheThing|work yeah
17:28 Joseph but the docs don't make "getting it" as easy as they could
17:29 TheThing|work there are also a few tricks I would like to see documented, like restarting a service once a file is changed (I feel like I saw it in the documentation but then forgot where)
17:30 Joseph TheThing|work: you are certainly welcome to create a git PR. Typically, if you have a doc complaint, people will just request that you update the doc yourself.
17:30 Joseph I did that a couple different times
17:31 TheThing|work I probably might. First gonna see if I can figure out a good way to structure configuring ip-tables through salt-states and then maybe write a blog post about it or something
17:32 TheThing|work Such a shame how little free time you have when you work a full time job :)
17:32 TheThing|work Anyways, going home now. Thanks for the help Joseph o/
17:32 Joseph no problem
17:32 Joseph happy to help
17:34 resmike joined #salt
17:35 Joseph writing this doc bug felt good https://github.com/saltstack/salt/issues/13358
17:35 Joseph fixing it is a different matter sigh
17:37 cheus Joseph, Gack. No kidding.
17:38 matrix3000 joined #salt
17:38 Joseph cheus: lol i know but its been driving me crazy.
17:38 matrix3000 are there any reporting tools yet for salt
17:39 matrix3000 like to find out status of all the hosts and generate a report
17:39 Joseph matrix3000: depends on what you mean
17:39 Joseph matrix3000: define "status"
17:39 matrix3000 basically a report to tell you if salt had to do anything on the last 10 runs or 15 runs
17:39 matrix3000 also to see when the last salt minion check in time was
17:39 Joseph matrix3000: so a log of jobs that were run?
17:39 resmike joined #salt
17:39 matrix3000 jobs that were run that actually made changes
17:40 matrix3000 again using salt for infrastructure as code
17:41 Joseph matrix3000: you can modify salt returner to store its data in mysql
17:41 Joseph matrix3000: also look at at salt mine
17:41 Joseph http://docs.saltstack.com/en/latest/ref/returners/all/salt.returners.mysql.html
17:41 tedski matrix3000: you could use a returner for that and parse wherever it returns to for changes
17:41 Joseph http://docs.saltstack.com/en/latest/topics/mine/
17:41 matrix3000 so I need to write something kinda for it, to present it
17:41 Joseph matrix3000: not if use one of the built in returners. then its just a matter of configuring the set up
17:42 matrix3000 but is there an interface or do you still need to login to the master and run commands to see status
17:42 Joseph matrix3000: there are several good returners already prebuilt so unless you have a really unique use case one of those should suffice
17:42 matrix3000 im looking for a dashboard like solution essentially
17:42 Joseph matrix3000: you could just use the scheduler to do the highstate or whatever, the output will automatically be written to the database
17:42 Joseph and then you can just sql query it
17:43 Joseph matrix3000: oh look at hiera than
17:43 possibilities joined #salt
17:43 Joseph matrix3000: if you want a data analytic pretty graph type of thing then that's not reawlly "there" yet
17:43 Joseph matrix3000: hiera is in like alpha state though so use at yoru own risk
17:44 Joseph actually one interesting question is why there isn't a returner for ganglia
17:44 Joseph that seems like it would work out quite nicely
17:45 pssblts joined #salt
17:45 cheus Joseph, Do you mean halite?
17:45 Joseph cheus: doht yes
17:46 possibil_ joined #salt
17:46 cheus matrix3000, Yeah, I wouldn't recommend halite. I recommend using a returner that can pipe date into a form usable by your preferred tool of analysis. Data can come out in any number of forms, sql and json are particularly useful.
17:46 smcquay_ joined #salt
17:47 mateoconfeugo joined #salt
17:47 Joseph cheus: agreed but matrix3000 was looking to not have to write code.
17:48 cheus Yeah
17:48 Joseph matrix3000: but +1 for cheus.  Writing a  python returner is actually pretty easy so hooking it up to your favorite analytic tool of choice shouldn't be to bad. Unfortunatley the documentation isn't all the great for real world examples.
17:49 felskrone joined #salt
17:49 matrix3000 Joseph: yea, essentially I'd rather spend more time with infrastructure than writing custom code for a solution
17:49 matrix3000 especially when I am the only devops guy supposed to support about 2000 servers that have a small salt setup right now
17:50 ujujinsan joined #salt
17:50 Joseph matrix3000: understand where you are coming from. cheapest workable solution IMHO is to use the mysql returner and then use analytic tool to grab that from the mysql db
17:50 matrix3000 where's the analytic tool
17:51 Joseph a analytic tool
17:51 Joseph there are lots
17:51 Joseph do you not know of one?
17:51 wallie joined #salt
17:52 wallie Hello
17:52 ujujinsan Hey guys. Can I get help here with verifying whether a feature works or not ?
17:53 Joseph ujujinsan: probably what's the feature?
17:53 wallie have a question regarding salt cloud. I am requesting to have my master to sit on my network. My minions will live in aws. The plan is to generate them with salt cloud. My question is this, what port should I tell my network admin to allow ?
17:54 ajprog_laptop joined #salt
17:55 timc3 joined #salt
17:56 ujujinsan So I am running cmd.scrip. And I am providing environment variables via 'env'. On the minion side script executes and prints 'env'. With cmd.script environment variables are not set. With cmd.run they are. I am using salt 0.17.5 (I have verified on GitHub that 'env') is present in API in this version. So I waswondering whether there are known issues ?
17:56 ajolo joined #salt
17:57 Ahlee ujujinsan: are you expecting your shell's env to print, or the env=Foo set in your state/on the command line?
17:57 Ahlee i'm also on 0.17.6 and make heavy use of env=
17:57 Ahlee er, 0.17.5
17:58 vexati0n joined #salt
17:58 ujujinsan The script is equivalent to: #!/bin/bash -c "env" . So as far as I understand after setting in cmd.script env: FOO: 'foo' . I should be able to see in command outut inside environment variables FOO. But I fail to see it.
17:59 Ahlee no.
17:59 Ahlee env= is salt's environments
17:59 vexati0n I have some minions whose logs keep saying "although dmidecode was found in path, the current user cannot execute it." -- the current user is ALWAYS root. what gives?
17:59 shaggy_surfer joined #salt
17:59 Ahlee ujujinsan: http://docs.saltstack.com/en/latest/ref/states/top.html#environments
18:00 Ahlee that's the environment you set when you use env=
18:00 JesseCW joined #salt
18:00 Ahlee If you need to modify the shell's environment, you're better to source a file that sets it, or explicitly state it in your script
18:01 Luke joined #salt
18:01 JesseC-Work joined #salt
18:01 ujujinsan http://docs.saltstack.com/en/latest/ref/states/all/salt.states.cmd.html : salt.states.cmd.script : env """env A list of environment variables to be set prior to execution """
18:03 BrendanGilmore joined #salt
18:03 ujujinsan So Ahlee I am expecting to pass to shell script an environment variable via env in cmd.script
18:03 Ahlee good luck
18:04 ujujinsan So this does not work or am I misreading the docs ?
18:05 travisfischer joined #salt
18:06 Ahlee checking the python now
18:07 ujujinsan ~~ thanks
18:07 Ahlee looks like the env is being overridden
18:08 Networkn3rd joined #salt
18:08 Ahlee in https://github.com/saltstack/salt/blob/v0.17.5/salt/states/cmd.py#L611, you're right that it expects that
18:09 Ahlee but, everwhere else it's treating env like it would treat salt env
18:09 Ahlee depending on what https://github.com/saltstack/salt/blob/v0.17.5/salt/states/cmd.py#L660 is doing with it
18:10 vexati0n how can i configure a salt-minion to use bash as the default shell instead of sh ?
18:10 Ahlee now i have to check if my cmd.scripts are actaully doing what i tell them to do in the state, or if i just did it in a way it doesn't matter
18:10 Ahlee vexati0n: i'd imagine setting root's shell to /bin/bash on the minion and restarting salt
18:11 vexati0n Ahlee: root's shell is always bash, but the minion still uses sh
18:11 Ahlee vexati0n: seeing this in cmd.X /
18:12 ujujinsan Ok, so to wrap it up this would be a bug ?
18:12 vexati0n Ahlee: the shell grain is "/bin/sh"
18:12 Ahlee ujujinsan: looks like it
18:12 vexati0n it should be /bin/bash
18:12 JasonSwindle joined #salt
18:13 Ahlee i see.  Philosohpically no, it should be /bin/sh as historically /bin/sh required no linked libraries ;)
18:13 vexati0n also i have a bunch of minions that just never finish enumerating grains, and every operation that has anything to do with grains causes the minions to go unresponsive. and that's sort of a bummer.
18:13 possibilities joined #salt
18:14 ujujinsan Ok, should I report on github or will you take care of it ? (Not sure whether you are a maintainer) ?
18:14 JasonSwindle Anyone using Reactor to fire off a task when a minion is added via salt-key?
18:15 TheThing joined #salt
18:16 vexati0n does anyone in here actually work for SaltStack ?
18:17 Theo-SLC joined #salt
18:18 JasonSwindle vexati0n: basepi does
18:18 Joseph there's usually one or two devs from there but it varies
18:18 JasonSwindle I don't see UtahDave on ATM
18:18 Joseph JasonSwindle: i thought forrest and whiteinge were too
18:18 forrest ?
18:18 JasonSwindle forrest: No, whiteinge yes if I remember right.
18:19 forrest oh no I don't work for salt
18:19 Joseph forrest: so you are just salttack maestro for fun?
18:19 forrest pretty much
18:19 basepi forrest is just awesome, doesn't work for us
18:19 JasonSwindle https://github.com/GoogleCloudPlatform/kubernetes/blob/master/DESIGN.md <- Google uses Salt!
18:19 forrest It used to be that I just hated Puppet
18:19 forrest now I just like to work on salt
18:19 Joseph forrest: that's eerie
18:19 basepi I work for SaltStack, as well as whiteinge and a few others
18:19 Joseph that's exactly how i ended up here
18:19 JasonSwindle vexati0n: How can we help?
18:19 happytux joined #salt
18:19 Joseph forrest: the only thing worse than puppet might be cfengine
18:19 Joseph and i emphasize might
18:20 forrest heh
18:20 Joseph i've never tried chef...i hear that's less obnoxiouis
18:20 forrest it's just straight ruby
18:21 vexati0n JasonSwindle: Nevermind, apparently I was having a bug from 2014.1.0 on a minion I missed upgrading.
18:21 JasonSwindle Ah, ok. :)
18:21 vexati0n I hope that was all, anyway.
18:21 Joseph forrest: yes that's what i hear. Not a fan of ruby
18:21 JasonSwindle Anyone here at DockerCon?
18:21 Joseph forrest: python is my precious is what i am saying
18:22 forrest heh
18:22 forrest JasonSwindle, unfortunately not :(
18:22 forrest not all of us can jet around the world to conferences like a baller
18:22 JasonSwindle I wanted to go
18:22 forrest me too!
18:22 forrest I should have made a talk about docker and salt
18:22 JasonSwindle Sadly not.  But I am watching the twitter hash tag
18:22 JasonSwindle I am using Salt and Docker
18:23 JasonSwindle https://github.com/JasonSwindle/mom <-
18:23 Joseph docker looks really interesting. JasonSwindle would you say you like it over VMs?
18:23 forrest JasonSwindle, Tom is already doing a talk
18:23 JasonSwindle Joseph: Yes
18:23 forrest either use docker or lxc
18:23 forrest VMs are for dinosaurs at this point
18:23 Joseph i thought docker was built on top of lxc?
18:23 forrest it is
18:23 JasonSwindle can be
18:23 JasonSwindle LibContainer and then fails to lxc
18:24 Joseph JasonSwindle: here be dragons! love it
18:24 JasonSwindle The public version needs more work
18:24 forrest Is there anyone in Seattle in here?
18:25 JasonSwindle Joseph: I am soon to add the logic for salt syndic master backups
18:25 JasonSwindle I have the syndic masters RSYNC to MOM, and mom writes them to the host
18:25 JasonSwindle So, you don't have to worry about salt pki losses
18:28 gothix RHEL 7 has been released any idea when we can expect RHEL7 RPM's for salt??
18:29 gothix I would expect probably a couple of months out at least
18:29 gothix ??
18:29 m1crofarmer do exclude statements still work in top.sls?
18:30 m1crofarmer I mean, I see this: https://github.com/saltstack/salt/issues/2053
18:30 m1crofarmer but it doesn't appear to be working anymore
18:33 Katafalkas joined #salt
18:34 Katafalkas joined #salt
18:35 Katafalkas Hey, is there a way to sun just pylint tests ?
18:35 Katafalkas instead the entire test stack
18:36 tedski does pylint --rcfile=.pylintrc  work for you?
18:38 Katafalkas "No pep8 library could be imported. No PEP8 check's will be done" I get this error
18:38 manfred Katafalkas: pylint --rcfile=.testing.pylintrc salt/
18:39 manfred install pep8
18:39 manfred and the salttesting module
18:39 mateoconfeugo joined #salt
18:44 n8n joined #salt
18:46 thedodd joined #salt
18:50 tyler-baker joined #salt
18:51 n8n joined #salt
18:53 ecdhe Does anyone have some advice/examples for configuring a firewall state from the states that need a firewall port open?
18:54 mgw joined #salt
18:54 ajolo_ joined #salt
18:55 possibilities joined #salt
18:55 kiorky joined #salt
18:55 kula ecdhe: i have part of a solution: using iptables on centos. states drop in fragments of iptables config in /etc/sysconfig/iptables.d/, then watch_in a cmd that cats all those files together and notifies the iptables service state to reload.
18:56 ecdhe kula, I'm working on centos too--actually, on a freeipa setup.
18:56 kula i don't have a good solution for the other way, which is "a machine no longer has a state, so that fragment file should go away and iptables rules regenerated"
18:56 kula but i've got half an idea.
18:56 pjs joined #salt
18:57 ecdhe kula, what version of cent are you running?
18:58 kula on the systems where this is all managed, centos 6.
18:59 dsolsona joined #salt
18:59 ecdhe I've got CentOS 6.5, and no iptables.d directory.
18:59 jalaziz joined #salt
18:59 kula that's part of the bit i create.
19:00 AdamSewell joined #salt
19:01 Theo-SLC I migrated my filesystem to gitfs, but now my minions don't sync their custom modules from _modules (now located on gitfs). Shoudl this work?
19:01 Theo-SLC sorry _grains, not _modules
19:02 jhulten joined #salt
19:02 ipmb joined #salt
19:03 ecdhe kula, that's awesome!
19:03 ecdhe If I publish a formula to github later, is it okay that I stole your idea?
19:04 peters-tx Is there any step-by-step out there for setting up halite?
19:05 peters-tx guide
19:05 babilen Theo-SLC: It should work, yes. (assuming you configured the gitfs that contains _grains in the master config)
19:05 TheThing ecdhe, if you do publish the formule, by all means, do share it with me :)
19:05 thedodd joined #salt
19:06 babilen Theo-SLC: You might want to (re)move gitfs related data /var/cache/salt/master if calling salt '*' saltutil.sync_grains doesn't do its thing
19:06 Theo-SLC bablien: okay
19:06 babilen Theo-SLC: And "bab<TAB>" gets you nickname tab-completion in IRC
19:06 Networkn3rd joined #salt
19:07 aqswdefrgt joined #salt
19:07 aqswdefrgt >
19:07 kula ecdhe: https://gist.github.com/tlk2126/9582c16c65a55ca305dd
19:07 kula Steal away.
19:08 ecdhe Thanks kula!
19:08 TheThing That is a pretty good method kula, thanks for sharing o/
19:08 kula Thanks.
19:08 ecdhe kula, I just type your IRC nic because tab-complete is slower.  Out of curiosity, do you type my nic out, or do you use tab comlete?
19:09 Ahlee Woah. Kubernetes.
19:09 kula Like I said, the only thing that I don't like is that when a state no longer exists nothing triggers implicitly the regeneration of the iptables rules. I've got an idea for that, but it will probably involve a salt module.
19:09 Theo-SLC babilen: nice
19:09 kula ecdhe: i just type it out.
19:09 kula Although apparently with my client tab-completion works.
19:10 Ahlee I wonder if google announcing kubernetes today is why the salt folks haven't been around much today
19:10 n8n joined #salt
19:10 aqswdefrgt left #salt
19:10 ecdhe Ahlee, it's just lunch time is all.
19:10 Ahlee crazy mountain timers
19:10 babilen Theo-SLC: Did that solve the issue or are you just happy to be able to use tab-completion in here?
19:11 Theo-SLC babilen: just happy to use tab-completion.  still not working after removal of cache and saltutil.sync_grains
19:11 Ahlee Windows minion, 0,17,5, talking to a 0,17,5 master, this started cropping up, theories appreciated: https://gist.github.com/jalons/30ef32e756cb388d876c
19:11 babilen Theo-SLC: Is the _grains directory present in the gitfs cache?
19:12 Theo-SLC babilen: should I delete minion cache as well?
19:12 therealGent joined #salt
19:12 Theo-SLC yes
19:12 babilen Theo-SLC: I wouldn't expect that to be necessary (nor should deleting the master cache) -- you *did* restart the master after adding the gitfs remotes and the gitfs remote is accessible for the user salt runs as?
19:13 babilen Theo-SLC: Can you manually checkout the repo in question as the user salt runs as?
19:13 Theo-SLC babilen: yes.  _grains and top.sls are the only files in /var/cache/salt/master/gitfs/refs/master now
19:13 ecdhe kula, wouldn't simply deleting iptables.d do it?
19:14 bhosmer joined #salt
19:14 Theo-SLC babilen: yes. I restarted the master several times after moving to gitfs. last time I ran a highstate it worked.  just didn't find my custom grains.
19:15 kula ecdhe: no, because the files in iptables.d/ are what are glommed together by salt-compose-file, and something needs to kick that off.
19:16 kula so you have to generate a "no longer this state" state, which does cleanup. which is a general problem for salt.
19:17 ecdhe kula, if you delete the folder, then NO firewall rules exist either.
19:17 babilen Theo-SLC: Where did you look for them? Is the data listed in grains.items ?
19:17 bhosmer joined #salt
19:17 ecdhe So an empty folder is created.
19:17 ecdhe And all existing states will create their rules...
19:18 ecdhe And then the new folder will have only  rules from existing states...
19:18 JasonSwindle joined #salt
19:18 Theo-SLC babilen: The data is not in grains.items.  FYI. this is the standard ec2_info.py custom grain.
19:18 ecdhe So a salt highstate run will empty the folder and repopulate it with only fresh rules...
19:18 kula true, you could do that too.
19:19 ecdhe It seems a little weird to always be deleting and recreating a folder...
19:19 xDamox joined #salt
19:19 kula Yeah, exactly. Part of me wishes for a salt state to have an 'on-exit' --- if this machine no longer has this state, do this. But that would probably be hard to shove into the current arch.
19:20 ecdhe kula, yes, that would be nice.
19:20 Ahlee Agreed.
19:20 xDamox Hello, I am trying to perform a state.highstate and I have an SLS file that depends on an external module that is stored in _modules. However, when I run a state.show_highstate it complains about the _module missing?
19:20 kula But just as I like the concept "When I add a state to a certain machine, it contains in itself all the bits necessary to set that state up", I wish for the other side.
19:20 Ahlee xDamox: Have you sync'd your modules with saltutil.sync_modules ?
19:20 Ahlee or saltutil.sync_all ?
19:20 xDamox Ahlee, a high state should perform this no?
19:20 ecdhe kula, I have often wondered, "who wants a state filled with 'user.absent' entries."
19:20 Ahlee Dunno.
19:21 kula Yeah. It's the one part of salt management that's tickling the back of my mind constantly.
19:21 Ahlee ecdhe: by that note, I still wonder why people don't just set up a state file that sets up authentication against a domain controller or similar ;)
19:21 ecdhe kula, I think the idea of salt/puppet/chef is that you occasionally destroy your infrastructure and rebuild it.
19:21 babilen Theo-SLC: Would you mind pasting "ls -la /var/cache/salt/master/refs/*/_grains/*" on the master, the saltutils.sync_grains output and "ls -la /var/cache/salt/minion/extmods/grains/" on the minion? Also include "salt-key -L". Please ensure that data is sufficiently anonymised.
19:22 Networkn3rd joined #salt
19:22 Ahlee ecdhe: which is a shame, and those of us who don't live in the cloud but want to leverage some of the good ideas end up paying for that
19:22 kula Right. Or, increasingly, containerize things.
19:22 ggoZ joined #salt
19:22 Theo-SLC babilen: bash: cd: /var/cache/salt/master/refs: No such file or directory
19:23 babilen Theo-SLC: Ah, master/gitfs/refs :)
19:24 xDamox is it possible to have one sls require another sls?
19:24 ecdhe Ahlee, I know user/.absent is very useful for me at home...  http://devopsreactions.tumblr.com/post/85204023519/using-devops-tools-at-home
19:24 Theo-SLC babilen: I think this is what you are looking for.. ls -la /var/cache/salt/master/gitfs/*/master/_grains
19:25 Theo-SLC babilen: http://pastebin.com/F6hvKDj3
19:25 babilen ugh, pastebin.com
19:26 babilen Theo-SLC: That misses the output from the minions, salt-key -L and the sync_grains run.
19:26 mpanetta joined #salt
19:27 Katafalkas joined #salt
19:28 Luke joined #salt
19:28 Katafalkas joined #salt
19:28 babilen Theo-SLC: And I believe that you want that ec2_info.py file to be executable. (no idea why, but I had to do it)
19:29 Luke joined #salt
19:29 Theo-SLC babilen: salt-key show all of my minions accepted.  Ran sync_grains.  still no ec2 grains.
19:30 babilen Theo-SLC: You did check extmods/grains on the minion(s) in question?
19:31 babilen Theo-SLC: Could you just show me the requested output? Once you've done that make ec2_info.py executable and sync again (show requested output again). If you want to do me a favour use a pastebin such as http://paste.debian.net, http://refheap.com, http://pastie.org ...
19:31 Theo-SLC babilen: permissions of file in minion cache is -rw-r--r-- 1 root root 2770 Jun 10 18:00 ec2_info.py
19:31 babilen yes, exactlyt
19:34 peters-tx FYI Red Hat just released rhel 7
19:34 hardwire joined #salt
19:36 gothix_ joined #salt
19:36 xzarth joined #salt
19:37 Luke joined #salt
19:37 stevednd having an issue with the builtin mysql states. I install mysql and it gives root permissions on 127.0.0.1, localhost and staging-app1. All of that is fine and correct, but when I go to connect from the salt states to add a user, I get the error that access is denied for 'root'@'staging-app1.local'. Does anyone know a way to create that user/permission automatically, or do I need to shell out and manually run the command through
19:37 stevednd the mysql client?
19:37 Theo-SLC babilen: Fixed the file permission in git.  Ran sync_grains again.  But the cached grain module still has the same permissions
19:38 babilen Theo-SLC: did you run fileserver.update after making changed to gitfs?
19:38 Theo-SLC babilen: no.  I'm not familiar with fileserver.update
19:38 babilen Theo-SLC: And could you please verify if the file is present in extmod/grains on the *minion* ?
19:39 pssblts joined #salt
19:39 Theo-SLC babilen: yes, it is present.
19:39 ecdhe kula, in your application, how often do you need to revoke firewall rules?
19:41 babilen Theo-SLC: So the grain *is* being synced, but simply not executed. And *please* provide output that is being requested. It is really quite hard to work without seeing this.
19:41 yetAnotherZero joined #salt
19:42 babilen Theo-SLC: Okay, please run "salt-run fileserver.update" and sync the grain again and then show the *redacted* output of "salt 'some-minion' grains.items"
19:44 Theo-SLC babilen: salt-run fileserver.update gave a python dump.  http://pastebin.com/M8WgvYjf
19:45 scoates joined #salt
19:45 scoates hello
19:46 scoates based on this https://github.com/saltstack/salt/issues/3991 is it still the case that one set of pillar data can't merge with another?
19:47 fllr joined #salt
19:47 babilen Theo-SLC: Which master version is that? (and would it be okay to use, say, http://refheap.com for pastes?)
19:48 fllr Hey guys. I'm trying to make salt manage my iptables. Do you guys have any ideas on how to make that work?
19:48 babilen Theo-SLC: Alternatively restart the master, not sure why you ran into an Exception there and I haven't seen that before.
19:48 scoates fllr: http://docs.saltstack.com/en/latest/ref/states/all/salt.states.iptables.html
19:49 TheThing lol fllr, join the club
19:50 Theo-SLC babilen: salt-master-2014.1.4-1.el6.noarch.  I can use another paste.  Other unique things about my deployment.  I have two salt masters configured on minions for HA
19:50 thedodd joined #salt
19:51 Joseph Theo-SLC: way to be complicated :)
19:51 Theo-SLC business requirements.
19:51 Theo-SLC if salt can't meet our DR plan we can't use it.
19:52 Joseph Theo-SLC: yea i was guessing so. perfectly reasonable set up
19:54 ecdhe fllr, we have just been talking about it!
19:54 Theo-SLC salt-run fielserver.update didn't crash on my other master.
19:54 ecdhe fllr, user kula pasted this example: https://gist.github.com/tlk2126/9582c16c65a55ca305dd
19:55 ecdhe the standard salt state for iptables isn't even a state, it's a module.
19:55 aubsticle joined #salt
19:55 ecdhe But for some reason it's in the states code...
19:56 ecdhe But it's not idempotent--if you run it twice, it adds two rules!
19:56 ajolo__ joined #salt
19:56 babilen Theo-SLC: So, I assume that you successfully restarted both masters (or ran fileserver.update) and saltutils.sync_grains. Could you verify if the grain is now executable in the cache on the master *and* show the (redacted) output of grains.items ?
19:57 ecdhe fllr, avoid the the salt iptables state.; instead of enforcing the state you describe the salt iptables state just keeps adding states every time you run it.
19:59 CeBe joined #salt
19:59 Rojematic joined #salt
20:00 Theo-SLC babilen: Just doing that now for both masters.
20:02 Theo-SLC babilen: grains.items is the same.  please take my word for it, it would take a while to redact.  The ec2_info.py file is not executable on the master cache.  It seems that the permission change was not enough to update it.  I am going to manually change the cache permissions.
20:03 babilen Theo-SLC: You committed and pushed it in git?
20:03 WarP|work joined #salt
20:03 Theo-SLC babilen: yep
20:03 fllr Lol. Sorry, I was away talking to my coworkers trying to figure it out. lol
20:04 jhulten joined #salt
20:04 kula ecdhe: i don't revoke often, so it's not much of an issue. But because it isn't much of an issue, I want it to just Do The Right Thing because I'll forget.
20:05 ecdhe kula, that's wise.
20:05 babilen Theo-SLC: Okay, I've just verified it against my setup and the file is, indeed, not executable here either. Can you call "/usr/bin/env python" on the minion or execute the grain there manually?
20:06 ecdhe kula, do you know how we can get salt changed?
20:06 kula That part is easy. It's figuring out *how* to do it that's hard....
20:06 ecdhe For instance, could salt keep a record of every file that it generates on a filesystem during a run?
20:06 kula That's got various other issues.
20:06 babilen Theo-SLC: Do you have a ec2_info.pyc on the minion in question?
20:07 kula In any case, gotta run, but various ideas have been bubbling around in the back of my head.
20:07 ecdhe Okay.
20:07 ecdhe Thanks for your time.
20:07 ecdhe I hope we meet here again.
20:07 Theo-SLC babilen: I do.  I just manually modified it's permissions as I did on the master
20:07 babilen Theo-SLC: As mentioned, I am not sure anymore that's actually necessary. Sorry for that.
20:08 Theo-SLC babilen: it worked after I restart the salt-minion service on the minion.
20:09 kermit joined #salt
20:10 babilen Theo-SLC: Yes, that is also necessary.
20:10 Luke joined #salt
20:11 babilen Theo-SLC: I should add that to my external grains notes.
20:11 jrdx joined #salt
20:11 schmutz joined #salt
20:11 Theo-SLC babilen: I notice that I have to run 'service salt-minion stop' twice to get it to shutdown.  is this normal?
20:14 aw110f joined #salt
20:15 babilen Theo-SLC: It shouldn't be necessary. But then I typically just use service.restart from the master (I rarely, if ever, log directly into minions)
20:16 Luke joined #salt
20:17 geekmush1 joined #salt
20:22 druonysus joined #salt
20:22 pdayton joined #salt
20:23 geekmush joined #salt
20:24 Theo-SLC babilen: didn't know you could use service.restart to restart the minion service.  I've added it to my init script.
20:24 timc3 joined #salt
20:28 geekmush1 joined #salt
20:28 druonysus joined #salt
20:28 druonysus joined #salt
20:29 jliljenq joined #salt
20:29 cheus Anyone successfully set-up a lightweight pylint for salt modules without a full salt-dev-from-source and salt-testing environ?
20:30 geekmush1 joined #salt
20:31 mpanetta joined #salt
20:32 geekmush joined #salt
20:33 hvn joined #salt
20:33 rockey joined #salt
20:33 urban joined #salt
20:33 dotplus joined #salt
20:33 oeuftete joined #salt
20:33 Ahlee joined #salt
20:33 rnts joined #salt
20:33 tcotav joined #salt
20:33 dotplus joined #salt
20:33 ashb joined #salt
20:33 cwright joined #salt
20:33 darrend joined #salt
20:33 maber joined #salt
20:33 pfallenop joined #salt
20:33 worstadmin joined #salt
20:33 tru_tru joined #salt
20:33 amontalban joined #salt
20:33 ampex joined #salt
20:33 whiteinge cheus: you can just run pylint directly without having salt or salt-testing installed. is that what you mean?
20:33 djanos joined #salt
20:33 rogst joined #salt
20:33 bfwg joined #salt
20:33 st0newa11 joined #salt
20:33 intr1nsic joined #salt
20:33 jcockhren joined #salt
20:33 notbmatt joined #salt
20:33 Schmidt joined #salt
20:34 fxhp joined #salt
20:34 geekmush joined #salt
20:34 cheus whiteinge, Aye, or with a little pythonpath modification. Setting up a venv / full dev environ's  a bit of a headache. Just looking for a more lightweight option for _module development
20:35 whiteinge yeah, just install pylint and put our .pylintrc in your home dir
20:35 geekmush1 joined #salt
20:35 geekmush1 joined #salt
20:36 whiteinge https://github.com/saltstack/salt/blob/develop/.pylintrc
20:36 geekmush2 joined #salt
20:36 Guest33323 joined #salt
20:37 whiteinge if you're a Vim user syntastic will see pylint installed and Just Work (TM) for on-the-fly linting too
20:37 cheus whiteinge, Tried that. Failed because it tries to import salttesting, found in salt-testing. Added that to pythonpath but that failed too: Missing message C0330
20:38 whiteinge looking...
20:38 bhosmer joined #salt
20:38 lionel__ joined #salt
20:38 bVector_ joined #salt
20:39 wigit_ joined #salt
20:39 JasonSwi_ joined #salt
20:40 whiteinge cheus: comment out the loadplugins line
20:40 whiteinge and maybe that init hook too
20:43 AdamSewell joined #salt
20:43 cheus whiteinge, still throws on the message id C0330 (it's in the ignored messages block)
20:44 cheus whiteinge, I have a suspicion there's a pep version or pylint version requirement
20:44 kaptk2 joined #salt
20:44 xt joined #salt
20:45 whiteinge hm. not sure about that one.
20:46 whiteinge i'd say to just comment it out as well so you can get to Good Enough (TM) linting
20:47 whiteinge i have a personal .pylintrc file that predates my work with salt that fits that bill
20:48 xt whiteinge: JordanTesting : is there a salt IRC hook bot anywhere now?
20:48 forrest xt, http://bots.wmflabs.org/~wm-bot/dump/%23salt.htm
20:48 Ahlee whiteinge: Got a second to peruse https://gist.github.com/jalons/30ef32e756cb388d876c and let me know what you think could be causing that on windows minions?
20:49 xt forrest: thanks, but I meant interfacing with salt itself :)
20:49 forrest oh
20:49 whiteinge xt: not afaik
20:49 whiteinge Ahlee: looking
20:49 forrest xt, I'm pretty sure someone was messing with that
20:49 forrest I don't know if they ever finished it though
20:49 Networkn3rd joined #salt
20:50 xt yes, JordanTesting :)
20:50 xt "JordanTesting whiteinge: neat, I wrapped a lesser known project asyncirc in a flask app, restful post enabled irc bot"
20:50 cheus whiteinge, Aye. And the imports work if I pull salt-testing and include that in my PYTHONPATH (easy enough to make a bash shortcut)
20:50 forrest xt http://russell.ballestrini.net/irc-bot-foxbot-runs-canned-remote-executions-using-salt-stack/
20:51 cheus whiteinge, Whatever that message is must be new. Worked with plugins without that message
20:51 forrest xt, and I have https://github.com/saltstack/salt/issues/8682 open
20:52 JesseCW joined #salt
20:52 whiteinge cheus: salt's is pickier than mine, but the bulk of the pylint config you need to do is just to inform it of salt's magic vars: https://github.com/whiteinge/dotfiles/blob/master/.pylintrc#L42
20:52 whiteinge most of the defaults are good
20:52 whiteinge Ahlee: that's interesting. what python version on the windows minions?
20:53 Ahlee whiteinge: not sure, let me check
20:54 whiteinge Ahlee: oh, and what salt version?
20:54 Ahlee whiteinge: pythonversion: 2.7.5.final.0
20:54 jaycedars joined #salt
20:54 Ahlee saltversion: 0.17.5-52-g2d4772c
20:55 aubsticle left #salt
20:56 ajolo joined #salt
20:56 Ahlee afaik the last 0.17.x build released for windows
20:56 ninkotech joined #salt
20:56 matrix3000 yesterday someone told me that pillars that have lots of info are bad, can someone explain why?
20:57 whiteinge Ahlee: is that traceback stopping regular salt functionality?
20:57 ipmb joined #salt
20:57 ckao joined #salt
20:57 Ahlee Not on this minion, but it is on others
20:57 InAnimaTe joined #salt
20:57 Ahlee so, yay.
20:57 whiteinge Ahlee: any particular trigger? running a command? on boot?
20:58 Ahlee saltutil.sync_modules runs via reactor
20:58 Ahlee other than that I can't think of anything
20:59 bhosmer joined #salt
20:59 rigor789 joined #salt
20:59 whiteinge matrix3000: i'm not aware of any issues there. large pillar should be fine
20:59 cedwards joined #salt
21:00 jhulten joined #salt
21:00 whiteinge Ahlee: is there anything in your custom modules or state tree that is referencing "top.sls"?
21:01 kermit joined #salt
21:02 Ahlee Not to my knowledge.  We don't do much with top.sls at all.
21:02 Ahlee interesting, we don't even have a global match for servers in the environment
21:03 dfinn1 joined #salt
21:03 whiteinge matrix3000: if you have a lot of minions and you're transferring megabytes worth of pillar data, that will be a bit of network overhead.
21:04 mateoconfeugo joined #salt
21:04 smcquay joined #salt
21:04 whiteinge Ahlee: hm. i wonder if salt is looking for a default top.sls for a given environment
21:05 Networkn3rd joined #salt
21:08 ilako joined #salt
21:08 urban joined #salt
21:08 fllr joined #salt
21:08 scoates joined #salt
21:08 jalaziz joined #salt
21:08 TheThing joined #salt
21:08 m1crofarmer joined #salt
21:08 bastion1704 joined #salt
21:08 TyrfingMjolnir joined #salt
21:08 JeroenH_ joined #salt
21:08 davet1 joined #salt
21:08 toastedpenguin joined #salt
21:08 tmwsiy__ joined #salt
21:09 ajprog_laptop joined #salt
21:09 Ahlee yeah, this is wierd.  If I call saltutil.sync_modules specifically targeting the server, no error
21:09 Ahlee if I let the reactor do it, no joy
21:10 Ahlee well, sorry.  no joy is extreme.
21:10 Ahlee I'll keep mucking with it
21:10 Ahlee looking up the job in the jobcahe it's certainly the sync_modules being triggered by the reactor
21:14 Networkn3rd joined #salt
21:18 Ahlee doesn't look like it's salt's top.sls, just removed everything, same error, added just env for that server, same
21:18 Ahlee er, yeah
21:18 Ahlee so, dunno what this one's all about
21:18 Ahlee guess it's time to dive into the code
21:19 fllr Hey guys. I just installed salt, but I didn't get the salt-cloud command.
21:19 fllr How do I make sure I get that?
21:19 bemehow joined #salt
21:22 Luke__ joined #salt
21:22 matrix3000 joined #salt
21:23 Ahlee How'd you install salt?  if memory serves, it's bundled in a seperate rpm/deb
21:25 aw110f in salt, is it possible to use jinja template for salt unmanaged files?
21:25 fllr Ahlee: I used the bootstrap script
21:26 forrest aw110f, what do you mean? If a file is not managed by salt, salt can't change it
21:27 aw110f say, I have a file that gets installed from an custom RPM package and that file is a template referencing some pillar variables, can salt see that there's such file and do the string replacement
21:27 fllr Ahlee: So, it's apt-get install salt-cloud?
21:28 matrix3000 does anyone have good reading on migrating from puppet to salt?
21:29 forrest matrix3000, not specifically for that which I'm aware of
21:30 forrest are you having issues with specific things?
21:30 matrix3000 trying to migrate something like this http://pastebin.com/XBjB5Sby
21:30 matrix3000 to salt language
21:30 shaggy_surfer joined #salt
21:31 matrix3000 where that host is different than the others
21:31 forrest matrix3000, https://github.com/saltstack-formulas/zabbix-formula
21:31 forrest adapt that
21:31 matrix3000 the only thing in common with other servers is that it has zabbix
21:32 hardwire joined #salt
21:33 matrix3000 forrest: and we were talking about that yesterday, and it turns out we would have to build pillar/zabbix/zabbix.myserver pillar/zabbix/zabbix.devzabbix pillar/zabbix/zabbix.testing pillar/zabbix/zabbix.newprod a different one for each node essentially is that correct
21:33 jslatts joined #salt
21:33 matrix3000 then under the top.sls i'd do a 'host': zabbix.testing essentially
21:33 matrix3000 or 'host': zabbix.newprod
21:34 forrest or you could write a mapping file
21:34 forrest for everything but the password
21:34 matrix3000 and place it under the pillars?
21:34 forrest no
21:34 forrest the map file lives in the formula
21:34 matrix3000 in the formula
21:35 fllr Hey, guys. How do I install salt-cloud? I installed salt using the bootstrap script and the command salt-cloud wasn't there. I don't see it documented anywhere where to get said script...
21:35 rojem joined #salt
21:35 forrest fllr, should be in all new releases
21:36 jliljenq hello salty friends
21:36 babilen fllr: Are you installing from the repositories listed on http://docs.saltstack.com/en/latest/topics/installation/debian.html ?
21:36 mpanetta joined #salt
21:36 jliljenq anyone know if there is a module out there for managing xml files? like setting specific values and ensuring elements exist, things like that?
21:36 fllr forrest: I just installed everything else today, but it wasn't there...
21:37 fllr babilen: I used the script. I'm not sure what it used
21:37 babilen fllr: It will take a few days before a current salt version appears in wheezy-backports, so it is necessary to use those repositories for now. Could you paste the output of "apt-cache policy salt-{master,minion,cloud}" to http://paste.debian.net ?
21:37 hardwire joined #salt
21:38 babilen fllr: Ah, I don't use the bootstrap script. Nevermind my remarks then.
21:38 m1crofarmer_ joined #salt
21:38 forrest fllr I'm not sure then, it was merged into the main codebase a while ago, I thought it was in the same package now, I am probably mistaken though
21:39 fllr forrest: No, that's what the documentation says too...
21:39 * babilen despises "curl ...|sh" (in particular if it is bash script and does not work with sh being dash)
21:39 fllr babilen: How do you usually install salt?
21:39 babilen fllr: As documented on the link I mentioned earlier by using the packages
21:40 babilen fllr: That doesn't mean that the bootstrap script shouldn't work, but I like properly integrated services/software
21:43 jchen so I have the saltstack users-formula added to the gitfs list in the master configuration, but I can't use it when I add `users` to the list in top.sls: No matching sls found for 'users' in env 'base'. what's that about?
21:44 babilen jchen: Did you run "salt-run fileserver.update", did you wait 60 seconds or did you restart the master before trying it? Can you clone the repository manually as the user salt runs as?
21:46 babilen jchen: I would also like to point out that directly including formulas from github is not a good idea as you have *no* control over what is being pushed into your infrastructure. You essentially grant root to everybody who is able to push to that repository.
21:46 babilen (not sure if you done that, but I consider that a *huge* problem that many people aren't being aware of)
21:47 * babilen adds that point to the docs todo list :)
21:50 fllr I think I got it figured it out....
21:51 fllr But it looks like I need to install some dependencies first...
21:51 bhosmer joined #salt
21:51 fllr Does salt use some sort of virtualenv to install its stuff?
21:51 bhosmer_ joined #salt
21:52 timoguin fllr: nope
21:52 matrix3000 babilen: it's only a big problem if you do git pulls and you don't review before a deploy of the salt formula
21:53 matrix3000 otherwise chef, puppet, foreman, etc are bad decisions
21:53 WarP|onwork joined #salt
21:53 UtahDave joined #salt
21:53 matrix3000 even salt
21:54 matrix3000 or any application, look at openssl
21:54 matrix3000 openssl had the vulerability that they were able to trace back to an old commit and patch
21:54 matrix3000 the key is transparency and visability
21:55 matrix3000 don't ever trust what you can't read
21:56 jchen babilen: technically speaking forking the repo such that only you can write to it can be considered "safe enough"? I'm not running some crazy production stack or whatever in any case.
21:57 matrix3000 i just treat modules/formulas as applications
21:57 ajolo joined #salt
21:57 aw110f has anyone successfully used Atlassion stash for ext_pillar ?
21:57 Networkn3rd joined #salt
21:58 garthk joined #salt
21:58 matrix3000 so do any admins here support 70+ different applications on 2000 servers with salt, and have examples on how to organize your pillars
21:59 chuffpdx joined #salt
22:00 matrix3000 and how you manage migrating those configs through release cycles
22:01 babilen matrix3000: Salt pulls automatically
22:01 babilen jchen: Yeah sure, I am simply meaning: "Think twice before adding upstream formulas to your config"
22:01 babilen jchen: What about the other questions?
22:02 matrix3000 babilen: so your saying you have no control over salts management of git repository
22:02 matrix3000 so it just pulls without your approval?
22:02 JasonSwindle joined #salt
22:02 matrix3000 sounds really safe if someone doesn't understand environments
22:02 babilen matrix3000: You don't if you add formulas from https://github.com/saltstack-formulas
22:04 matrix3000 no one versions saltstack-formulas either do they?
22:04 babilen matrix3000: I haven't seen that so far
22:04 matrix3000 all formulas are masters
22:04 timoguin yep
22:04 matrix3000 which is why i would never trust doing salts git feature
22:05 babilen I am sure that will change in due course and will be properly formalised. There is also no way for a formula to specify which salt-version(s) it understands (and so on)
22:05 dsolsona joined #salt
22:05 matrix3000 does anyone use salt and so any kind of ci testing?
22:05 timoguin nor is there any real measure to know the maturity level of a formula
22:05 babilen matrix3000: GitFS is great, but you obviously should only add repositories under your *direct* control.
22:05 matrix3000 even if it's under my control has anyone ever written ci testing of your own formulas?
22:06 babilen I don't see how CI is related to GitFS
22:06 timoguin matrix3000: check out kitchen-salt
22:06 UtahDave matrix3000: Everyone should test their environments
22:06 timoguin it's used for unit testing formulas
22:06 matrix3000 CI is related to git and branching
22:07 matrix3000 if you commit something to master, you should run automated tests or write them to test if what you did is the expected result
22:07 babilen matrix3000: Yes, but you started to discuss a different topic and I see no actual relation to my earlier remark and am therefore surprised that you mixed it up.
22:08 babilen (and yes, CI *is* essentially checking every commit in your VCS)
22:08 dstokes joined #salt
22:08 matrix3000 well it came down to being able to select a specific version of a formula
22:09 babilen You can include different branches, but GitFS unfortunately (?) equates branches with salt environments (so you cannot track, say, branch 2.0 in your base environment)
22:09 matrix3000 so stage1 can use a (shared or yourown) formula on version 1.1.0 while your prod can use the 1.0.0 branch
22:09 matrix3000 ah ok
22:10 dlam in... http://pastebin.com/vBaQhEyz   can you not have two 'mysql_user.present' thingys?   im getting like conflicting ID's or something
22:10 babilen The way to achieve the "track branch FOO in base" is to have a local checkout of that branch and not to use GitFS for it. -- There might be better approaches, but I am not aware of them.
22:10 matrix3000 so essentially a way around it is to write jenkins deployment scripts to manage the salt formulas themselves
22:10 mateoconfeugo joined #salt
22:11 matrix3000 cause master is hardly ever stable
22:11 matrix3000 regardless of any code
22:12 babilen jchen: Did running fileserver.update, waiting 60 seconds or restarting the master solve your issue?
22:13 jchen babilen: yeah, thanks, didn't realize I needed to restart the master
22:13 WarP|work joined #salt
22:14 fragamus joined #salt
22:15 chrisjones joined #salt
22:16 babilen jchen: I prefer to call fileserver.update explicitly (or just wait)
22:17 babilen timoguin: Are you aware of other approaches for testing formulas? I'll have to spend some time on this in the coming week as my current vagrant setup does not really cut it anymore.
22:17 ndrei joined #salt
22:17 babilen I'd like something based on docker (or equally fast)
22:17 timoguin babilen: i don't know anything that helps with testing states/formulas other than kitchen-salt
22:18 timoguin for which spin-up/tear-down of VMs can get time consuming
22:18 eightyeight is it just me, or does https://media.readthedocs.org/pdf/salt/latest/salt.pdf just show the salt logo, and only 1 page?
22:19 babilen timoguin: Okay, thanks. I'll see if I can come up with an easy docker + testsuite setup.
22:20 NV joined #salt
22:23 matrix3000 eightyeight: it just have salt logo
22:23 matrix3000 eightyeight: i reported it yesterday, but who knows
22:23 eightyeight ok
22:25 matrix3000 is there a place to report website issues on the salt site?
22:27 nkuttler matrix3000: which page?
22:27 nkuttler oh, about the logo? no idea. the company contact page?
22:28 matrix3000 no
22:28 matrix3000 the documentation
22:28 matrix3000 https://media.readthedocs.org/pdf/salt/latest/salt.pdf
22:28 nkuttler matrix3000: that's part of the source, so github
22:28 Heartsbane how do I make saltstack store more than 48 hours of JIDs
22:28 matrix3000 that doc is awesome, it has like 1 page
22:28 nkuttler preferably with a patch ;)
22:28 Heartsbane where is that in hte configs
22:28 matrix3000 well i don't have the old file
22:29 timoguin i think there's an issue for that
22:29 timoguin it's been reported a few times in here
22:29 nkuttler yeah, that looks like a build error
22:29 matrix3000 lol
22:29 matrix3000 seems trivial to fix
22:29 nkuttler matrix3000: well, you need somebody who knows sphinx + rtd + their pdf build system..
22:30 nkuttler (or is willing to put in the necessary time to figure it out..)
22:31 jcockhren sounds like nkuttler is volunteering. *whitstles* lol
22:31 nkuttler meh :)
22:32 UtahDave Heartsbane: keep_jobs in your master config
22:32 nkuttler i've worked with all except the pdf part, and it was unpleasant
22:32 nkuttler well, rtd integration at least
22:32 eightyeight getting the following traceback trying to 'salt-call state.highstate' from a minion: http://ae7.st/p/82b
22:32 anotherZero joined #salt
22:32 Heartsbane thanks Dave
22:32 eightyeight is that erroring on the top.sls file? or something else?
22:34 fragamus joined #salt
22:34 Theo-SLC Is there a way to put a "require" on an INCLUDE for salt states?
22:35 forrest you mean on the sls you are including Theo-SLC ?
22:35 forrest if so, yea require:\n  sls: state_name
22:36 Theo-SLC forrest: yes. My highstate is running the include sls too early.  I need a way to make sure it runs last.
22:37 JasonSwindle joined #salt
22:40 UtahDave eightyeight: I'm not sure. can you pastebin a sanitized copy of your top.sls?
22:41 eightyeight heh. that would take some work
22:42 UtahDave eightyeight: :)  Hm.  Well, my first guess is that something is malformed in the top file, but it's hard to say. Unfortunately that stacktrace isn't very informative.
22:42 UtahDave eightyeight: what version of Salt?
22:42 UtahDave Theo-SLC: by default, Salt will execute included sls file first.
22:42 arthabaska joined #salt
22:44 arthabaska hi everyone, I'm having trouble with a jinja template eating leading whitespace--can someone tell me how to make it stick?: http://pastebin.com/1xBCZGFw
22:45 eightyeight UtahDave: salt-0.16.3-1.el5. salt-master is 2014.1.4-2precise2
22:45 eightyeight i'll upgrade the minion to the latest version, and see if that's it
22:46 UtahDave Ooh, yeah. i wouldn't be surprised if that fixes it, eightyeight
22:46 UtahDave We try to make the salt-master compatible as far back as possible, but that might be pushing it.
22:48 babilen Theo-SLC: Why don't you define dependencies between actual states?
22:48 manfred arthabaska: {{  var|indent('3') }}
22:48 manfred arthabaska: http://jinja.pocoo.org/docs/templates/#indent
22:48 eightyeight UtahDave: so, problem
22:49 eightyeight UtahDave: python-zmq is needed by package salt-2014.1.4-1.el6.noarch
22:49 eightyeight er, wait
22:49 eightyeight dammit
22:49 arthabaska manfred: thanks! I'll give that a shot
22:52 rojem joined #salt
22:53 eightyeight UtahDave: yup. i'm good. thx
22:53 whiteinge eightyeight, matrix3000: gah! i just fixed that PDF issue :(
22:53 UtahDave eightyeight: ah, good
22:54 eightyeight UtahDave: actually. don't go away. :)
22:54 eightyeight {% if grains['osrelease'] == '5.*' %}
22:54 eightyeight ^ shouldn't that catch 5.9, 5.10, etc?
22:55 eightyeight or is there some fancy syntax smack i need to do in jinja?
22:55 UtahDave eightyeight: Hm. not sure. I think it might just be comparing the string '5.*'
22:55 babilen I think so too
22:55 eightyeight and jinja doesn't support regex. :(
22:55 UtahDave maybe try    {% if '5.' in grains['osrelease'] %}
22:55 mgw joined #salt
22:55 eightyeight hmm. good idea
22:56 UtahDave whiteinge: is the jinja stud around here. <summoning the great whiteinge>
22:56 whiteinge another take: grains['osrelease'].startswith('5')
22:56 whiteinge eightyeight is right though, no regex in jinja
22:57 ajolo_ joined #salt
22:57 eightyeight whiteinge: ooh. i like that better, actually
22:58 UtahDave see! whiteinge knows all
22:59 Katafalkas joined #salt
23:00 ccase joined #salt
23:00 Outlander joined #salt
23:01 kuffs UtahDave: I've got a weird question for a really old version of Salt
23:01 mateoconfeugo joined #salt
23:01 UtahDave kuffs: Hey!  what's up?
23:02 kuffs if you can perhaps recall Windows issues in 0.11? I finally got the go-ahead to deploy Salt to our entire infrastructure
23:02 kuffs I've got about 2.5k linux boxes across 5 datacenters that are working like champs
23:02 kuffs but all of our Windows minions stopped responding sometime last night, even though they seemed to be okay last I knew
23:03 kuffs anything I can think of that would be firewall related should effect our Linux boxes as well
23:03 kuffs Windows minions can ping the master, but the master can't ping them back
23:04 matrix3000 joined #salt
23:04 forrest kuffs, can you telnet from the windows boxes to the minion?
23:04 forrest err master
23:05 forrest on 4505, and 4506?
23:05 UtahDave so the master and all the minions are 0.11?
23:05 kuffs yeah, sorry I'm on an ancient version. Upgrades are soon on the roadmap
23:05 kuffs but I got the buy-in from the upper echelons so I had to roll with it
23:05 matrix3000 so a question about docker and salt
23:05 kuffs forrest: good call, don't know how I forgot my most basic troubleshooting skills
23:06 UtahDave kuffs: one issue we've had is Windows firewall quietly shutting down the connections
23:06 matrix3000 could you have a minion running on a docker container
23:06 forrest kuffs, sometimes it happens, you'd be surprised how often I forget to ask 'what version of salt are you running?'
23:06 forrest matrix3000, sure why not?
23:06 UtahDave matrix3000: yep.  Just be aware that in a docker container you have to manage all your services and everything.
23:06 matrix3000 now what if you create a docker image from the container, then start up a new container
23:07 forrest matrix3000, you'd have to add salt to that box, I believe salt cloud has docker support
23:07 forrest can't remember
23:07 matrix3000 can you use salt inside that container to build and create the services etc
23:07 forrest well, if you joined it to the salt master, it would still be a minion right?
23:07 forrest if it's the same container as another container though
23:07 forrest that seems like a fail
23:07 forrest because you'd have  conflicting IDs and auth keys
23:07 forrest and salt would not like that
23:08 dsolsona joined #salt
23:08 matrix3000 ah
23:08 kuffs UtahDave: this doesn't seem to be the case here. I've had fully functioning minions (can ping back and forth) stop responding to the master and remaining deaf even after bouncing the service
23:08 matrix3000 ok so the same problems with puppet
23:08 forrest matrix3000, jasonswindle is messing with a master of masters inside docker: https://github.com/JasonSwindle/mom
23:08 matrix3000 can you run salt without a master
23:08 ekristen joehh: you alive yet down under?
23:09 forrest matrix3000, yea the minion runs without a master fine, I do that for several of my own servers.
23:09 JasonSwindle MOM is my stab at one salt master to control them all
23:09 forrest matrix3000, https://github.com/gravyboat/salt-book/blob/master/en/chapter02-masterlessminion/chapter02.rst covers that, not super ind epth yet
23:09 redondos joined #salt
23:09 redondos joined #salt
23:09 forrest *in depth
23:09 JasonSwindle and then highstate them into darkness
23:10 fragamus joined #salt
23:11 UtahDave matrix3000: just make sure before you create an image from the original container to remove the /etc/salt/minion_id  file
23:11 forrest UtahDave, oh yea that's a good idea.
23:12 JasonSwindle UtahDave: Howdy!
23:12 JasonSwindle Did you see all the Docker stuff today?  Crazy awesome
23:12 forrest JasonSwindle, 'production ready'
23:12 forrest I wonder if they fixed that networking issue..
23:12 UtahDave JasonSwindle: yeah, it was great, huh?  did you see that the new Google docker management project uses Salt extensively?
23:13 JasonSwindle Yep, unless you are mailgun and you run it at .6
23:13 JasonSwindle :)
23:13 matrix3000 docker is pretty slick
23:13 JasonSwindle I did, I messaged in the roll way back when I saw that
23:13 JasonSwindle in the room*
23:13 JasonSwindle derp
23:13 JasonSwindle https://github.com/google/cadvisor is REALLY nice
23:15 matrix3000 wow, docker hub is identical almost to github
23:15 JasonSwindle hub is really nice
23:15 matrix3000 waiting for a version we can host locally though
23:15 JasonSwindle you can
23:15 matrix3000 i mean we have our own repo
23:15 JasonSwindle ish
23:15 matrix3000 but no gui
23:16 matrix3000 like the docker hub
23:16 JasonSwindle yea :|
23:16 JasonSwindle the docker repo container + Cloud Files is pretty nice
23:17 UtahDave joined #salt
23:18 JasonSwindle matrix3000: If you give MOM a try, please do give feedback
23:18 JasonSwindle UtahDave: You should try MOM, too
23:18 JasonSwindle I do need to work on the docs tho
23:18 matrix3000 MOM?
23:18 UtahDave JasonSwindle: yep!
23:18 JasonSwindle SaltStack Master of Masters in Docker
23:18 JasonSwindle https://github.com/JasonSwindle/mom
23:19 matrix3000 yea looking at it now
23:19 jcockhren heh. there's a yerMOM joke in there somewhere
23:19 JasonSwindle Oh yes, many made
23:19 UtahDave JasonSwindle's MOM
23:20 jY is there anyway to disable a grain
23:20 jY i don't want to see biosversion: 'V0.314  '
23:20 matrix3000 Your MOM likes it Central time
23:20 jY it's blowing up a ext pillar due to the '
23:20 UtahDave lol, matrix3000
23:21 matrix3000 no really timezon in the dockerfile is set to cental
23:21 matrix3000 central*
23:21 UtahDave jY, you could create a custom grain, that sets biosversion to ''  or None  or something
23:21 jY UtahDave: thanks
23:21 matrix3000 ha, I built a solution back at my last job to not need much in a docker file but do a git pull on puppet and run puppet to build the host, so regardless of physical or virtual both used the same files for configuration
23:21 JasonSwindle matrix3000: I need to make a note on that....
23:22 jcockhren heh
23:22 UtahDave nice, matrix3000
23:22 matrix3000 now here everyone uses salt
23:22 matrix3000 so here I am
23:22 UtahDave matrix3000: where's 'here'?
23:22 matrix3000 well past was at Angie's List where I built and maintained Puppet and used it to manage ~1000 hosts, and here is Comcast
23:23 matrix3000 im the first DevOps guy here so far
23:23 jcockhren comcast has devops now? wow
23:23 bhosmer joined #salt
23:23 matrix3000 haha, jcockhren i wouldn't call it that yet
23:23 jcockhren you are devops
23:23 jcockhren my friends will be pleased
23:23 jcockhren heh
23:24 matrix3000 jcockhren: i just started here last week, im trying to figure out how to implement devops here
23:24 matrix3000 jcockhren: where are your friends working?
23:24 mosen joined #salt
23:24 jcockhren github, lonelyplanet, centresource
23:24 JasonSwindle Salt, Docker, Consul, CoreOS........
23:24 JasonSwindle oh, and Drone.io
23:25 matrix3000 jcockhren: to give you an idea the only jenkins install is a base install with ~100 jobs
23:25 jcockhren basically, everyone in the southeast of the US will be pleased
23:25 Networkn3rd joined #salt
23:25 jcockhren can't forget timoguin!
23:26 matrix3000 im trying to figure out how to use salt to do a global management mainly with application config templates that we just provide data to via pillars but so many of the available formulas are incomplete etc
23:26 mosen hiya chlorides
23:26 matrix3000 here they do the file stuff and just push out the file
23:26 matrix3000 which doesn't scale well when you are creating environments on the fly
23:26 matrix3000 and destroying them in a few days
23:26 JasonSwindle matrix3000: JINJA can be your friend
23:26 Gareth ...or your worst enemy.
23:27 matrix3000 JasonSwindle: JINJA is the only way i can do this
23:27 matrix3000 unfortunately regardless I'd have to preach the whole idea of key/value for configuration instead of just saying push this file out
23:27 forrest just use python if you need to
23:27 forrest problem solved and supported by salt
23:27 jcockhren python++
23:28 matrix3000 well you can even write a system itself in python, nothing should be that complicated though
23:28 JasonSwindle I am setting away to cook dinner
23:28 matrix3000 isn't devops about simplistic design and management
23:28 forrest well yea, but if your infrastructure is complex, stuff gets complex
23:29 matrix3000 that's why salt was created to run commands on large clusters in fast time
23:29 jcockhren to me, devops is about shipping the stuff that makes shipping more things scalable and maintainable
23:30 jcockhren even ships have to be ship'd to float
23:30 matrix3000 true
23:30 matrix3000 im huge on knowing what you have as well, such as IaC
23:30 matrix3000 Infrastructure as Code
23:30 forrest yea, if your ship has 60 engines and 15 different captain's decks, there's only so much it can do to help you with that problem
23:30 matrix3000 if you have to log into a machine you are doing it wrong
23:31 jcockhren forrest: to that sentiment, we're having a 2 week long "ops summit"
23:31 forrest at your job?
23:31 jcockhren yeah. internally
23:31 forrest that's cool
23:31 matrix3000 from my experience the smaller the ops team the betteer
23:32 matrix3000 it's like having a lot of cooks in the kitchen
23:32 jcockhren put the main ops folks in the same office. and get them to decide the direction of the ops
23:32 jcockhren it's only 5 of them for the whole comp
23:32 jcockhren you fly in all the needed peoples
23:32 matrix3000 so what company jcockhren
23:32 jcockhren lonelyplanet
23:33 dlam hey is there a way to do the opposite of a highstate?
23:33 dlam like i wanna undo all the stuff it installed
23:34 nkuttler dlam: for installed files see https://github.com/saltstack/salt/pull/6376, and the ticket
23:35 matrix3000 does salt have a ensure => absent like function?
23:36 nkuttler matrix3000: file.absent
23:36 TyrfingMjolnir joined #salt
23:41 matrix3000 in the JINJA templates can you write code like if a value is defined in your pillar then include text and value
23:42 shaggy_surfer joined #salt
23:42 forrest again, explain to me why would you do that? Why would this not be part of information you base on grains for a system?
23:42 forrest I'm still not understanding the aversion to pillar data, and mapped files which are imported and used based on hosts.
23:42 jcsp1 joined #salt
23:43 matrix3000 because it only applies to one line in a template and making text appear or not if there is a value
23:43 forrest {% if node = 'nodewithweirdconfig'%}\n key = value {% endif %}
23:43 matrix3000 so like an {% if $value %} {% then key=value %}
23:44 matrix3000 ok so you can put that in a template
23:44 matrix3000 no, not if node = something, but if a variable has a value
23:44 matrix3000 so if $value doesn't exist then it skips that line in the template
23:45 matrix3000 or if $value = null
23:45 matrix3000 or undef
23:45 babilen matrix3000: You can, but it really sounds as if you should start using a different renderer than jinja2 for your state file. #!py or #!pydsl might come in handy if you have to express/work with more complicated logic.
23:46 matrix3000 it baffles me that an {% if $variable %} {% then %} would be complicated logic
23:48 forrest *shrug* your overcomplication of this is what baffles me
23:48 forrest tons of people are doing this
23:48 babilen matrix3000: But what you are looking for is something along the lines of {% if foo in bar %} THEN {% endif %}
23:49 babilen matrix3000: It just sounds as if jinja isn't the best tool as you are reaching the limits of what it can express in an easy to read, write and maintain way.
23:49 forrest exactly
23:49 forrest did you watch my talk on jinja?
23:49 joehh jcockhren: any of the devops people based in melbourne?
23:49 forrest on formulas more precisely
23:49 forrest joehh, do you know anyone who lives in seattle?
23:49 matrix3000 in bash im looking for if [[ -z $varible ]]; variable = $value; fi
23:49 forrest where is that variable created?
23:50 matrix3000 of course echo'd in the script
23:50 forrest echo'd in the script?
23:50 jcockhren joehh: no. the melbourne office handles things a bit differently.
23:50 matrix3000 if it's defined
23:50 forrest where is it defined?
23:50 matrix3000 in the pillar
23:50 ajprog_laptop joined #salt
23:50 forrest for the specific node?
23:50 babilen matrix3000: You might want to read the jinja template designers guide, but please also take a look at the py and pydsl renderers.
23:50 matrix3000 no for any node
23:50 joehh forrest: no :) lonely planet is in theory based here - but I guessed they might be a bit different
23:50 jcockhren joehh: in melbourne, the ops responsbility is shared with the teams that touches things.
23:51 forrest matrix3000, so how is the variable present for one node versus another? How do you set it? Manually in the pillar?
23:51 matrix3000 yes
23:51 matrix3000 like an environment variable
23:51 babilen matrix3000: A pillar is nothing but a dictionary in Python and populating dictionaries is really quite easy in Python
23:51 matrix3000 so then 'node':
23:52 forrest so then {% if salt['pillar.get']('variable') %}\n  key = {{ salt['pillar.get']('variable') }} {% endif %}
23:52 jcockhren forrest: there's 2 parts. Content (books+magazines) that's based in melbourne, and the dot com side based in Franklin, TN, USA
23:52 matrix3000 varible: value
23:52 babilen matrix3000: Why don't you just set the variable to the value it should have in the pillar?
23:52 forrest jcockhren, I didn't specifically mean you guys
23:52 forrest I'm looking for people to attend the saltstack doc sprint here in seattle
23:52 matrix3000 for any call of variable should have value only for that host
23:52 jcockhren forrest: fine. heh.
23:52 forrest matrix3000, again, HOW is the variable set for that host?
23:52 matrix3000 so in the template if it goes oh, variable has value then put in text + value
23:52 forrest from the pillar based on that host?
23:53 forrest so each host will have a unique pillar?
23:53 forrest with these values
23:53 matrix3000 essentially yes
23:53 forrest ok, so what I showed should work.
23:53 matrix3000 because not all hosts are created same, even though 98% of the host is
23:53 joehh jcockhren: now I understand...
23:53 babilen forrest's suggestion is doing exactly that
23:53 forrest You need to review some more stuff, I don't know how to help you further past providing examples and explaining it, we've talked about this for two days now
23:54 matrix3000 yea, we ended up finding out for each version of a host a new pillar needs created
23:54 forrest if what I'm suggesting is too much work, or too complicated, I don't know what to say
23:54 babilen matrix3000: Have you read http://jinja.pocoo.org/docs/templates/ ?
23:54 forrest no, not for each host
23:54 forrest only the outlying hosts
23:54 forrest the crappy hosts that someone poorly configured.
23:54 forrest or that have weird requirements
23:54 forrest you said 98% are the same
23:55 matrix3000 forrest: 98% of the config
23:55 forrest right
23:55 forrest so put in that if
23:55 matrix3000 hosts have different values for lets say location, application, etc
23:55 forrest yea that's fine
23:55 matrix3000 which we have grains for but I don't want to have to for every server modify all my states if we add locations
23:55 babilen matrix3000: Yes, you set those in the pillar and conditionally include it as matrix3000 showed
23:55 forrest again, you should be using grains
23:56 forrest you don't
23:56 forrest again, I am confused by 'every server'
23:56 forrest 98% are the same, one value in the conf is different based on a grain
23:56 matrix3000 so lets say i have 100 servers
23:56 matrix3000 5 locations
23:56 matrix3000 equally spit
23:56 forrest ok
23:56 forrest so 20 in each one
23:56 matrix3000 so 20 servers each one
23:57 matrix3000 those 20 servers use 10 salt states each
23:57 matrix3000 so each server has 10 different salt states it uses
23:57 babilen Why?
23:57 forrest your conf: {% if salt['grains.get']('location') == 'dc1' %}\n nameserver = zxc {% endif %}
23:57 Outlander joined #salt
23:57 KyleG joined #salt
23:57 KyleG joined #salt
23:57 babilen What are you *actually* trying to do?
23:57 matrix3000 we add a location and 20 servers and those two 20 servers need to report to a new set of servers for all apps
23:58 forrest so?
23:58 forrest you can have an application state
23:58 forrest in which the pillar has a dict of items
23:58 babilen matrix3000: So conditionally change and include those values based on a pillar or grain.
23:58 matrix3000 so in each of those 10 salt states we have to go in and in each spot add another {% if salt state %}
23:58 sverrest joined #salt
23:58 matrix3000 i ment {% if salt['grain'] location ….stuff
23:58 aw110f joined #salt
23:58 forrest how else do you propose to do this?
23:58 forrest so 10 states
23:58 forrest where you copy two lines
23:59 forrest or have every server have a pillar?
23:59 forrest I will take 20 lines
23:59 rgarcia_ joined #salt
23:59 matrix3000 one second

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary