Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2014-08-01

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:01 bezeee building out my gitfs settings now....is it suggested to keep the pillar top.sls file in a separate repo or only in the master branch when using ext_pillar ?
00:07 forrest bezeee, I think it depends on what kind of data you put inside of it, and who will have access.
00:08 analogbyte joined #salt
00:08 forrest I don't really mind enabling people even if they screw up, since you should be working with competent people, but I'm also a dreamer, so who knows.
00:09 bezeee it seems like having the pillar data in a separate repo is a good idea....i was just wondering about the top.sls file specifically
00:09 bezeee someone suggested earlier keeping the top.sls file for the states in a separate repo
00:09 eliasp bezeee: that was me… ;)
00:09 bezeee so i was wondering if that also made sense for the pillars
00:10 aquinas joined #salt
00:10 bezeee hah...thanks eliasp
00:10 eliasp bezeee: depends on how much "development" your Pillars need… in my case, I'm still fine with having top.sls for Pillars in the same repository, but I might actually split that soon as well
00:10 eliasp bezeee: if you just have a 'master' branch for your Pillars, that's fine
00:10 eliasp bezeee: once you start branching around, I'd recommend a separate one
00:11 bezeee yeah...that's what i was thinking
00:12 bezeee thanks again eliasp
00:12 bezeee i'm testing this all out with some vagrant/virtualbox vms and local git repos and it's working like a charm
00:12 bezeee gitfs is really nice
00:14 forrest yea gitfs is amazing
00:14 forrest the only thing left is a graceful reload of the salt master
00:14 forrest so you don't have to restart it every time you add a new repo
00:14 forrest and it will be incredible
00:15 mosen coming from puppet, gitfs is pretty great. (even though there are other tools in puppet land)
00:15 eliasp forrest: https://github.com/saltstack/salt/issues/11724
00:16 eliasp mosen: r10k is really great by Puppet terms, but still light-years away from GitFS
00:17 mosen eliasp: yeah i feel like gitfs solves the same problem, without inventing a new tool
00:17 eliasp … and without a lot of manual intervention after each commit/push ;)
00:18 Luke joined #salt
00:19 forrest eliasp, yea that would be cool. I'd still like if the master refreshed after detecting a config without a full restart
00:19 eliasp forrest: see the mentioned #570 :)
00:19 forrest I also asked for SVN support for gitfs at some point because a shockingly large amount of places still use svn
00:19 Singularo joined #salt
00:19 forrest oh I didn't click on that one
00:19 forrest ahh yea this is the one I was thinking of, nice
00:19 pfallenop joined #salt
00:19 eliasp forrest: SVN? what about http://docs.saltstack.com/en/latest/ref/file_server/all/salt.fileserver.svnfs.html
00:20 dmick joined #salt
00:20 eliasp forrest: there's also hgfs, minionfs, s3fs, … http://docs.saltstack.com/en/latest/ref/file_server/all/
00:21 forrest eliasp, hmm, I thought there was something that wasn't solved by the svnfs
00:21 forrest I don't use svn
00:21 forrest so I don't really keep track :P
00:21 eliasp yeah, me neither… just thought you didn't know of svnfs yet
00:21 forrest I didn't
00:21 forrest or at least, don't remember
00:21 hopthrisC joined #salt
00:22 forrest eliasp, https://github.com/saltstack/salt/issues/6528
00:22 forrest was the old issue
00:23 eliasp looks like this one can be closed now
00:24 forrest I agree
00:25 forrest I should probably take some time this week and go back through my old issues to see what has been resolved, bleh
00:26 eliasp :)
00:27 aw110f Hi, is it possible to create a symlink where the target file is a regex
00:27 aw110f ?
00:27 eliasp aw110f: no
00:29 aw110f any suggestion, on how to create a symlink where the target file name is dynamic
00:30 eliasp handle the "dynamic" part via Salt … but can't tell more without knowing how your target file's name could be dynamic
00:30 eliasp what makes this filename dynamic?
00:32 manfred handle the dynamic part with jinja calling salt[] to find the filename it should link to
00:32 manfred {{ salt['cmd.run']('find /var/www/something')[0] }}
00:32 aw110f the file name has a prefix of its version that changes
00:33 manfred aw110f: {{ salt['cmd.run']('echo /var/www/* | sort -n')[0] }} should grab the first result numerically in your directory and return it
00:33 Comradephate_ joined #salt
00:33 manfred if you are looking for the largest version number
00:34 manfred aw110f: wait... just the version number changes?
00:34 manfred why aren't you storing that in a pillar?
00:34 aw110f eg: /opt/cloudera/parcels/CDH-4.5.0-1.cdh4.5.0.p0.30/lib/hive/lib/hive-beeline-0.10.0-cdh4.5.0.jar
00:34 eliasp uh, something installed in /opt… that's always a certain factor for a lot of fun! ;)
00:34 aw110f anything after hive-beeline-* can change overtime
00:35 mgarfias joined #salt
00:35 manfred how are you deploying the jar?
00:36 aw110f the jar is provided by the vendor and another client just uses the jar as a dependency
00:36 manfred but are you putting the file on the server with salt?
00:37 aw110f no it's provided by an RPM
00:37 manfred ok, so you have a problem
00:37 bezeee joined #salt
00:37 manfred you can use jinja to find the file to use, but that file won't exist until the states have started running
00:37 manfred and jinja is all rendered before the states start running, so it won't find the file
00:37 mgarfias i'm suddenly getting this "Error: Executing the command '/tmp/.saltcloud/deploy.sh -c /tmp/.saltcloud' failed" error when bootstrapping via salt-cloud.  has something changed?
00:38 gzcwnk for mount.mounted how do i specify a remote nfs share again pls?
00:38 manfred mgarfias: salt-cloud -u to update the deploy script
00:38 mgarfias danke
00:38 eliasp gzcwnk: "- device: server:/export"
00:38 manfred gzcwnk: should just be able to do it like you do in mount x.x.x.x:/something/somethingelse
00:38 gzcwnk ok im doing something wrong
00:38 manfred don't have to do anything special
00:38 gzcwnk i have - device: vuwunicobandt1.ods.vuw.ac.nz:/apps/z/crm/output/t-drive
00:39 manfred mgarfias: might need to add -U to your script_args: to make sure that it does a system update first
00:39 manfred mgarfias: there is also -D gives you debug info in script_args
00:39 manfred mgarfias: and iirc, --keep-tmp will keep all the tmp files and logs in /tmp/.saltcloud on your minion so you can check them
00:39 manfred gzcwnk: did you specify the fstype as nfs?
00:39 eliasp gzcwnk: missing "- fstype: nfs"?
00:39 eliasp :)
00:40 gzcwnk here, http://pastebin.com/9KnKqaaf
00:40 manfred gzcwnk: your indention is bad
00:40 manfred back all the other list variables ot be in line with - dump:
00:40 aw110f can i do something like: {% set FILE = salt['cmd.run']('ls -1 /var/www/hive-beeline*') %}
00:41 manfred aw110f: no, because it will be rendered before the package is installed
00:41 manfred aw110f: you need a scriptthat makes the symlink that you can run with the cmd.run state
00:41 manfred aw110f: then use an unless: to check if the symlink already exists
00:41 dmick aha! discovery about https://github.com/saltstack/salt/issues/12248
00:41 gzcwnk bugger, maybe I should riase a case in github, stop making salt so anal about spaces
00:41 dmick multiple salt-master 'master' procs fighting over sockets, I bet
00:42 dmick (how I got in that state is as yet unclear but at least there's something to look for)
00:42 manfred gzcwnk: not gonna get that
00:42 eliasp gzcwnk: it isn't… that's simply YAML
00:42 manfred gzcwnk: you hve to have valid yaml
00:42 eliasp gzcwnk: if your YAML is not valid, the resulting datastructures won't be as well
00:42 eliasp gzcwnk: http://yamllint.com/
00:43 aw110f ok thanks manfred: I'm going to ponder on it
00:43 eliasp gzcwnk: or http://yamltojson.com/
00:43 gzcwnk doh, another error, http://pastebin.com/kJFJdESx
00:44 eliasp gzcwnk: try '0' instead of 0
00:44 gzcwnk k, ta
00:44 zandy joined #salt
00:44 gzcwnk uh the example doesnt say ath though
00:45 manfred gzcwnk: are you on 2014.1.5?
00:45 gzcwnk no, still fai;s
00:45 gzcwnk 1.7 i thinl
00:45 eliasp gzcwnk: your YAML is still invalid
00:45 gzcwnk thinkg\
00:45 manfred gzcwnk: check
00:45 manfred oh
00:45 manfred yeah it is
00:45 manfred they all need to be indented out inside the stateid now
00:45 eliasp gzcwnk: everything after "/prd_t-drive:" needs one more level of indentation
00:45 gzcwnk uh?
00:46 gzcwnk oh i see
00:46 manfred http://paste.gtmanfred.com/K63L/
00:46 gzcwnk well it runs  :D, though fails...:/
00:48 gzcwnk dns...firewall...grrr
00:54 eliasp any idea why this would produce conflicting IDs for the file.managed state? http://pastebin.kde.org/pgcne5fym
00:54 Sauvin joined #salt
00:54 eliasp … I know, this is a bit ugly, but until I have my LDAP Pillars fully in place I need to go the ugly route ;)
00:56 eliasp is there a way to get the rendered result of an SLS before it is evaluated for duplicate IDs? state.show_sls doesn't work
00:57 manfred eliasp: not unless there is a duplicate, that looks solid
00:58 manfred eliasp: salt-call state.show_sls
00:58 manfred oh
00:58 manfred uhh
00:58 eliasp :)
00:58 eliasp same goes for show_low_sls
00:58 eliasp it evaluates for duplicates before
00:58 manfred cause it fails to render?
00:58 manfred yeah
00:59 eliasp just wanted to see how the raw result looks like to get an idea where the duplicate comes from
00:59 manfred yeah
00:59 manfred so
01:00 manfred show.highstate shows it before jinja is rendered ...
01:00 manfred what about show_lowstate?
01:01 eliasp manfred: still getting a "Rendering SLS "base:win.rdp" failed: Conflicting ID 'rdp-connection…"
01:01 manfred nope
01:01 manfred does it not give you the full ide?
01:01 manfred id*
01:01 manfred it should tell you the full id it is conflicting with
01:01 manfred local:
01:01 eliasp it does, sorry… cut it out for privacy reasons
01:01 manfred - Rendering SLS 'base:vim' failed: Conflicting ID 'vim-enhanced'
01:01 manfred heh
01:01 manfred so, that is the one that you have a duplicate of
01:03 eliasp yes, so the full message is:
01:03 eliasp Rendering SLS "base:win.rdp" failed: Conflicting ID 'rdp-connection-someminion-someuser-morgoth.dep.institution.tld'
01:03 eliasp aaaah
01:03 manfred yeah
01:03 eliasp sorry for wasting your time
01:03 manfred lol no worries :)
01:03 mapu joined #salt
01:03 eliasp my pillar data are actually fucked up… missed duplicated sub-keys ;)
01:04 eliasp the evil of copy'n'paste…
01:04 eliasp and another nice example of "How to easily waste 1.5h for nothing"
01:05 manfred heh
01:11 eliasp manfred: hmm, now that the pillar data are fixed: http://pastebin.kde.org/p2e8zites
01:13 arthabaska joined #salt
01:14 manfred odd
01:21 arthabaska joined #salt
01:26 eliasp meh… should've passed a dictionary to "defaults" :)
01:27 eliasp this should probably be caught by states.file
01:30 jaimed joined #salt
01:40 jhauser_ joined #salt
01:41 to_json joined #salt
01:45 thehaven joined #salt
01:45 thedodd joined #salt
01:45 bluehawk joined #salt
01:45 dancat ? I am new to salt and I am looking at the salt modules page: http://docs.saltstack.com/en/latest/ref/modules/all/index.html how do these modules carry over to what a salt state should look like?
01:45 manfred dancat: they don't?
01:45 manfred the salt states code just uses the modules to make everything stateful
01:45 manfred dancat: https://github.com/saltstack/salt/blob/develop/salt/states/glusterfs.py#L67 uses https://github.com/saltstack/salt/blob/develop/salt/modules/glusterfs.py#L62
01:45 eliasp one can think of the modules as backend use for many things by the states
01:45 eliasp s/use/used/g
01:45 dancat ok
01:45 manfred they are execution modules
01:45 manfred they do things
01:46 manfred states just make sure that the server looks a specific way
01:47 dancat so I am looking to build a state, is there a specific format states should follow?
01:47 manfred yes
01:47 manfred dancat: http://docs.saltstack.com/en/latest/topics/tutorials/walkthrough.html start here
01:47 dancat okay, thanks
01:48 manfred then here http://docs.saltstack.com/en/latest/topics/tutorials/states_pt1.html
01:48 manfred for states, there is parts 1 through 5
01:48 manfred covers their usage pretty well
01:48 manfred and I would say throw in pillars as well http://docs.saltstack.com/en/latest/topics/tutorials/pillar.html
01:58 d3vz3r0_ joined #salt
02:01 thehaven_ joined #salt
02:01 sectionm1 joined #salt
02:01 poogles_ joined #salt
02:01 jhauser_ joined #salt
02:01 zandy joined #salt
02:01 tracphil_ joined #salt
02:01 mirko_ joined #salt
02:01 mapu joined #salt
02:04 Guest51255 joined #salt
02:04 d3vz3r0_ joined #salt
02:11 dude051 joined #salt
02:11 dude051 joined #salt
02:12 bezeee joined #salt
02:16 scoates joined #salt
02:24 Ryan_Lane joined #salt
02:26 MatthewsFace joined #salt
02:28 dude051 joined #salt
02:30 bezeee joined #salt
02:32 gzcwnk is thee a method in service to restart a service?    i cant see that is achieved.
02:33 gzcwnk or reload
02:34 arthabaska joined #salt
02:35 gzcwnk I guess i'll use cmd.run
02:36 oz_akan joined #salt
02:37 dude051 joined #salt
02:37 manfred do a service.running with reload: True
02:37 manfred if you are doing it as an execcution module and not a state... salt \* service.restart <service>
02:38 bezeee joined #salt
02:38 manfred !give gzcwnk states.service.running
02:38 manfred bah
02:38 manfred !states.service.running | gzcwnk
02:38 wm-bot4 gzcwnk: http://docs.saltstack.com/en/latest/ref/states/all/salt.states.service.html#salt.states.service.running
02:38 gzcwnk ah yes i see it now
02:38 manfred !modules.service.restart | gzcwnk
02:38 wm-bot4 gzcwnk: http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.service.html#salt.modules.service.restart
02:47 CeBe1 joined #salt
02:49 malinoff joined #salt
02:50 Nexpro1 joined #salt
02:54 gzcwnk does this look right? http://pastebin.com/xRgrnd9Q as relaod doesnt seem to relaod the nfs exprts fi;e
02:58 manfred gzcwnk: it should do a service nfs reload
03:00 gzcwnk k, ive forced it with cmd.run
03:00 oz_akan joined #salt
03:00 gzcwnk under file.managed is there a way to force the copying across of a new file from the salt server?
03:00 manfred that is what it does...
03:00 gzcwnk that didnt seem to work then either
03:00 gzcwnk grrr
03:00 xzarth joined #salt
03:00 Sacro joined #salt
03:01 ifmw joined #salt
03:01 beardo joined #salt
03:01 whitepaws joined #salt
03:02 harkx joined #salt
03:02 scooby2 joined #salt
03:09 ghartz joined #salt
03:13 KaaK_ is there much work for allowing the pkg state module to allow apt version specifications? e.g. my-package: '>=3.0'
03:14 manfred you should be able to use pkg.installed ver=xxx
03:14 manfred version=3.0
03:14 manfred i don't know about greater than
03:15 manfred oh
03:15 manfred nevermind
03:15 manfred not in apt-get
03:15 manfred actually
03:15 manfred yeah it is
03:15 manfred version
03:15 manfred Install a specific version of a package. This option is ignored if
03:15 manfred either "pkgs" or "sources" is used. Currently, this option is supported
03:15 manfred for the following pkg providers: :mod:`apt <salt.modules.aptpkg>
03:16 manfred version
03:16 manfred Install a specific version of the package, e.g. 1.2.3~0ubuntu0. Ignored
03:16 manfred if "pkgs" or "sources" is passed.
03:16 manfred non of them have a comparison
03:18 KaaK_ damn ...
03:35 gzcwnk wierd i re-ran the nfs script and it worked..
03:35 gzcwnk something is flaky, the only Q is, is it just me  :/
03:52 ilbot3 joined #salt
03:52 Topic for #salt is now Welcome to #salt | 2014.1.7 is the latest | Please be patient when asking questions as we are volunteers and may not have immediate answers | Channel logs are available at http://irclog.perlgeek.de/salt/
03:52 aw110f joined #salt
03:53 mspah_ joined #salt
03:54 d3vz3r0_ joined #salt
04:02 Outlander_ joined #salt
04:04 mosen joined #salt
04:13 nickg ok
04:20 tligda joined #salt
04:24 kermit joined #salt
04:52 matthias_ joined #salt
04:57 tligda joined #salt
05:03 Korney joined #salt
05:04 Yu joined #salt
05:06 dober_ joined #salt
05:10 KaaK_ any good examples of using the supervisord module?
05:12 oz_akan joined #salt
05:21 ramishra joined #salt
05:37 oz_akan joined #salt
05:53 sxar joined #salt
05:56 ramteid joined #salt
06:05 lynxman joined #salt
06:07 ramishra joined #salt
06:09 roolo joined #salt
06:10 ramishra joined #salt
06:29 totte joined #salt
06:33 mechanicalduck_ joined #salt
06:34 mailo joined #salt
06:37 oz_akan joined #salt
06:38 dober joined #salt
06:54 ramteid joined #salt
07:07 matthiaswahl joined #salt
07:10 cb joined #salt
07:12 zain_ joined #salt
07:12 linjan joined #salt
07:14 ml_1 joined #salt
07:20 dober_ joined #salt
07:22 alanpearce joined #salt
07:23 ghartz joined #salt
07:32 dober_ joined #salt
07:38 oz_akan joined #salt
07:40 oz_akan joined #salt
07:42 linjan hello! i would like to migrate salt-master from one host to another. is there any documentation to do this? thx.
07:43 ramishra joined #salt
07:48 freelock joined #salt
07:56 intellix joined #salt
08:00 darkelda joined #salt
08:25 lauri joined #salt
08:31 jeddi joined #salt
08:36 giantlock joined #salt
08:36 ramishra joined #salt
08:41 oz_akan joined #salt
08:44 ajw0100 joined #salt
08:46 Lomithrani joined #salt
08:46 chiui joined #salt
08:47 Lomithrani Hi guys , is it possible to do a reboot in a state.sls  ?
08:47 Lomithrani and that salt continue to the next stop once the machine has been rebooted ?
08:54 kiorky joined #salt
08:59 ronc what's the preferred way to update salt?
08:59 ronc i've installed from the ppa
09:00 ronc cmd.run "apt-get install salt-minion -y" kills the minion, so i have to log in and start it myself. Sort of defeats the purpose
09:01 Rothcold joined #salt
09:03 alanpearce joined #salt
09:03 aleszoulek joined #salt
09:07 Lomithrani I don't have an answer to your question , but be sure to have your minion compatible with your master when you update them
09:12 intellix joined #salt
09:15 Sp00n pkg.install salt-minion
09:15 Sp00n service.restart salt-minion
09:15 Sp00n iirc
09:18 Damon joined #salt
09:22 Damon I want do use a salt module in a state file to check if a file/dir exists, is that possible . Something like this : {% if salt.file.access('/etc/syslog-ng/conf.d/ -f') %}
09:38 babilen Damon: You can use a file.exists state and require that
09:39 babilen Damon: But that might not necessarily be appropriate in your situation. What are you really trying to do?
09:41 oz_akan joined #salt
09:48 Lomithrani I Hi , I have an issue with ReactWrap , any idea where it could come from ? https://www.refheap.com/88803
09:53 lietu I'm having issues with salt not respecting "requires", or the order I've defined for resources for installing nginx + configuration .. it's trying to create a file inside a directory without creating the directory first, even if I add the directory as a "requires" anyone care to take a peek? http://pastebin.com/EpYqVh5c
09:54 Lomithrani I should also precise that https://www.refheap.com/88803 is when accepting minions key , and supose to execute a reactor
09:56 Lomithrani lietu: why requires and not require ?
09:56 lietu are you saying it's called "require"? .. dang
09:57 Lomithrani lietu: Well , I'm not 100% sure , I could check , but yes I think it might be that
09:57 lietu I'm getting sort of annoyed by Salt's tendency to ignore invalid arguments
09:57 lietu I'll try that, I had at least one of them written as "require"
09:57 malinoff lietu, say thx to **kwargs :)
09:57 lietu well you can still check if you're getting weird stuff with **kwargs ;)
09:58 malinoff nah, it's not the salt way
09:58 lietu even a notice/warning would be awesome
09:58 lietu "hmm, looks like you're passing unknown arguments to file.directory, maybe you should check that?"
10:00 lietu well that seems to be the issue since now I'm getting an error: Requisite declaration /etc/nginx/sites-enabled/ in SLS nginx is not formed as a single key dictionary
10:00 lietu I imagine I need file: -prefix
10:00 Lomithrani lietu: glad I could help :D
10:03 lietu yep, works totally now .. thanks! .. requires->require, added some pkg: and file: prefixes that I thought were optional because there were no errors .. ;)
10:04 lietu now wonder how many more "requires" there are littered through my salt tree
10:04 lietu looks like quite a lot ;)
10:06 Lomithrani1 joined #salt
10:07 ajw0100_ joined #salt
10:07 Lomithrani1 Well anyone can help me on    https://www.refheap.com/88803 (reactor issue)
10:09 oz_akan joined #salt
10:11 Outlander joined #salt
10:14 dober_ joined #salt
10:15 babilen Is there a way to only render parts of a file.managed with jinja? I have to adjust a constant in a bash script and jinja throws a tantrum with some bash syntax
10:15 aleszoulek joined #salt
10:15 babilen I guess no, ...
10:16 sectionm1 Lomithrani1: You use a reactor to call a state, not to be a state itself. See second example on http://docs.saltstack.com/en/latest/topics/reactor/#mapping-events-to-reactor-sls-files
10:16 lietu you could maybe use another template engine that works better with bash?
10:17 Lomithrani1 oh ok
10:17 babilen lietu: That might work, but apart from simply doing it in Python (yeah, massive string) I can't quite think of a good alternative.
10:17 dober_ joined #salt
10:17 lietu well, you could write the variables you need to a short separate file and read them via e.g. source?
10:17 sectionm1 babilen: Have you tried with {% raw %}BASH BLOCK{% endraw %}?
10:18 hvn hi all, I'm trying to set up salt-api with salt2014.1.5, what is the decent way to install it? I see salt-api pkg but it seems the pkg for old salt-api.
10:18 lietu sectionm1's suggestion also sounds good
10:18 babilen lietu: The problem is that these thresholds might change which is why I can't really just replace a %REPLACEME%
10:18 babilen sectionm1: No, I have not. Let me take a look at the jinja template designer documentation to figure out what that does.
10:19 babilen sectionm1: Ah, that looks promising. Let me try that :)
10:19 sectionm1 babilen: Enjoy :)
10:20 intellix joined #salt
10:22 babilen It worked splendidly, thank you!
10:22 scalability-junk joined #salt
10:23 sectionm1 babilen: Not a problem.
10:23 babilen I love my "exception pillars" written in Python. I am using a bunch of pillars like http://paste.debian.net/113066/ whenever I have to define exceptions for certain minions
10:31 Damon balilen : Thanks for replying. What i am trying to accomplish is if a certain file/directory exists do something. Like this (but not working yet ofc) http://paste.debian.net/hidden/d70f4ace/
10:32 MrTango joined #salt
10:35 CeBe joined #salt
10:36 Damon hmm seems i got it to work with {% if salt['file.directory_exists']('/etc/syslog-ng/conf.d/') %} , instead of {% if salt.file.access('/etc/syslog-ng/conf.d/ -f') %}
10:39 krak3n`` joined #salt
10:40 krak3n`` Hey Guys, how does one install Salt on CoreOS - I remember hearing Thomas say you can install Salt on CoreOS but can't find any docs about it?
10:47 poogles joined #salt
10:52 mortis_ ive started making a very very very very very very very very VERY .....basic salt-dashboard using the salt-api. Its purpose is to view, search, monitor etc salt-minion behaviours and data (like grains and pillars). Would be really cool if someone with some codingskills (both backend and frontend) would coop and make it into something nice. The start of it is here : https://github.com/mortis1337/salt-dash
10:54 stephanbuys joined #salt
10:55 babilen Damon: Do you really want to be dependend on local state rather than *manage* that state explicitly?
10:55 stephanbuys hi all, with salt-cloud, do I have to have an existing salt-master running within the environment (like EC2), or will it provision master and minions ?
10:57 matthiaswahl joined #salt
10:58 diegows joined #salt
11:03 kamal_ Is it possible to get a list of files that were changed in a file.recurse state?
11:03 kamal_ Basically I have a cmd.wait state that should run only on the changed files
11:05 Outlander joined #salt
11:06 viq joined #salt
11:08 Damon balilen, if there are better ways i am sure interested. But the documentation is more syntax related then best practises. So am trying to make the best that i can :)
11:09 kamal_ stephanbuys: I believe it'll install salt-minion on the new VM
11:09 _alpha_ left #salt
11:12 danielbachhuber joined #salt
11:19 SteveJ1729 joined #salt
11:21 babilen Damon: Well, what are you doing there? I mean why do you want to do things differently if that directory exists?
11:22 babilen Damon: Also: Most IRC clients support tab-completion for nicknames, so that you don't have to type them all the time. Try: bab<TAB>
11:22 Damon yeah sorry :D
11:25 Damon babilen: What i currently have and is working is this : http://paste.debian.net/hidden/88cbe212/
11:27 babilen Ah, okay. Under what circumstances would /etc/syslog-ng/conf.d/ not exist? Also note that you don't use extsource.
11:28 babilen I mean you could simply add "makedirs: True" to the /etc/syslog-ng/conf.d/01-log2kitty.conf state and it would create that directory if it doesn't exist.
11:28 Damon babilen: indeed not yet, its code in progres. It doesnt exists on some older versions of ubuntu and centos/redhat for example
11:28 Damon babilen: that is an option but then i also have to append/change the syslog-ng.conf to it includes conf.d dir
11:28 babilen Damon: So you want to use different configuration files for different distributions (and versions therefof) ?
11:29 Damon might be a better solution indeed
11:29 babilen What you have there works, but I simply learned to adopt a mindset of "Define the state that I want" rather then "react to state I find".
11:30 Damon babilen: Thanks a good best practise. Thanks. I'll try to rewrite it :)
11:32 babilen Damon: You might want to read http://docs.saltstack.com/en/latest/topics/development/conventions/formulas.html to read some other conventions for writing formulas (i.e. states that are applicable to various environments, distributions, ...)
11:32 babilen It is one of the few documents that describes best practices and you can find implementations on https://github.com/saltstack-formulas
11:34 babilen But to continue your example: It might very well be that you have certain syslog-ng versions that wouldn't support sourcing files in a .d directory (just for the sake of argument) -- In that case I would test explicitly for *that* and then describe the differences between those versions rather than rely on the existance of a directory on the box.
11:34 babilen I mean, all your setup could break down just because somebody runs "mkdir /etc/syslog-ng/conf.d/"
11:43 bhosmer joined #salt
11:44 bhosmer joined #salt
11:46 Damon babilen: Thanks. I'll read it.
11:48 ggoZ joined #salt
11:49 tligda joined #salt
11:51 stephanbuys1 joined #salt
11:51 che-arne joined #salt
11:55 ghartz joined #salt
11:59 aquinas joined #salt
12:00 pclermont joined #salt
12:01 vbabiy joined #salt
12:04 ollins joined #salt
12:07 ajprog_laptop joined #salt
12:09 darkelda joined #salt
12:09 scoates joined #salt
12:11 goudale joined #salt
12:12 goudale hi everyone
12:12 goudale I don't get how I can view a .sls file after templating
12:13 goudale I found about the '-l debug' option, but can't find where my rendered file is
12:13 arthabaska joined #salt
12:14 lietu joined #salt
12:19 wpot joined #salt
12:22 babilen goudale: You can use: http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.cp.html#salt.modules.cp.get_file (check the other functions too)
12:23 goudale nice
12:23 blarghmatey joined #salt
12:23 viq Any idea how to recognize a machine is pulling users off of LDAP (and make salt not try to create users there)?
12:23 babilen viq: Can you run *any* command locally to check that?
12:24 babilen (i.e. on the minion)
12:24 viq I'm not sure how to check for that. I could look in nsswitch.conf, but not sure that's 100% reliable
12:24 babilen Well, how do you setup ldap?
12:25 viq It was installed when I came here :P
12:25 viq s/was/already was/
12:26 syst3mw0rm joined #salt
12:26 Lomithrani1 how can I do if I want to trigger a state file with a reactor?
12:26 babilen You could probably check if you have pam_ldap.so in /etc/pam.d/*
12:27 Lomithrani1 seems like I can't just copy my state file in mu reactor sls :D
12:27 babilen Lomithrani1: cmd.state.sls
12:27 Lomithrani1 babilen: thanks
12:27 babilen Lomithrani1: "mu reactor sls" ? Should I be aware of that?
12:28 Lomithrani1 *my
12:28 babilen Why would you want to copy a SLS file in your reactor?
12:29 babilen That should already be available on the minion and you just call it with cmd.state.* (whatever is applicable)
12:29 babilen Well, cmd.* really
12:29 Lomithrani1 yes but I wasn't aware of cmd.state
12:29 babilen Did you read http://docs.saltstack.com/en/latest/topics/reactor/index.html ?
12:30 Lomithrani1 yes I use reactor for basic stuff usually (doing a highstate basically)
12:30 tommee joined #salt
12:30 oz_akan joined #salt
12:30 Lomithrani1 can't find a doc on cmd.state actually (looking for one atm)
12:31 babilen http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.cmdmod.html
12:32 nahamu I think you just mean state.sls, no?
12:33 Lomithrani1 babilen : I feel stupide right now , can't find any cmd.state on your link ... :/
12:33 babilen Lomithrani1: "cmd.foo.bar" corresponds to an execution module foo with function bar in there. See http://docs.saltstack.com/en/latest/ref/modules/all/ for a list and http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.state.html#module-salt.modules.state for cmd.state
12:33 viq babilen: looks like looking in /etc/nsswitch.conf may be most reliable in my case
12:34 babilen viq: Okay, I would write an external pillar in that case that sets the "ldap_users" grain and performs suitable tests on the minion. You can then use that grain in your states/pillars.
12:34 Lomithrani1 babilen: oh ok thanks !
12:34 babilen Lomithrani1: Sorry, I linked the wrong module first
12:34 babilen Lomithrani1: But you can really use all those execution modules (and you can even write your own!)
12:36 tommee Hi there, is there an option to ignore missing source file in a state? Assume I have a template iterating through a list of users, pulling the key from salt://{{ usr }}/.ssh/id_rsa.pub through ssh_auth. If key is there, apply it - else it doesn't matter. Salt is giving a lot errors for each user without a key - can we ignore this a missing source file somehow?
12:37 babilen tommee: I would not do that, but adopt a data driven approach. Set the key in your pillars and manage it if it is available there. The users-formula works that way: https://github.com/saltstack-formulas/users-formula
12:37 babilen tommee: Are you also making private keys available like that?
12:39 tommee no private keys, just distributing public keys to a set of machines
12:40 tommee and i have a directory for each user on the salt master, if they use pub keys, it should be added, else it should not
12:40 babilen I mean make it explicit in your data you generate from that you want to manage ssh_auth for that user, but then you might be able to run a salt command to check if the file exists on the master
12:41 SteveJThirdChoic joined #salt
12:41 babilen yeah, I understand what you are doing. We generate all our users from data in pillars (so that we don't leak sensitive information to our minions) and therefore don't run into this problem ..
12:43 babilen You can probably use something like "{% if foo in salt['cp.list_master']() %}"
12:45 babilen or even "{% if salt['cp.get_file']("/path/to/file") %}" (not sure, haven't tested each approach)
12:45 ghartz joined #salt
12:45 Kanguru_au joined #salt
12:45 babilen It is exactly the other approach from what I am doing, so forgive my lack of ideas
12:46 dober_ joined #salt
12:46 babilen tommee: But why don't you simply use file.recurse with a salt:// source that *always* exists to copy all files therein?
12:47 babilen (or use the users-formula or a similar approach)
12:47 babilen The latter has the advantage that you aren't necessary leaking sensible information to minions that shouldn't see them.
12:49 bhosmer joined #salt
12:50 Kanguru_au noob questions: what is "highstate"? why call it that?
12:50 bhosmer_ joined #salt
12:51 tommee babilen: thanks for that ideas. I'm new to salt and just use this first basics to learn salt. I liked the implementation of a function like ssh_auth - and it works pretty well. I've not digged into pillars yet, going through your suggestions now ;)
12:53 tommee file.recurse would be an option, but beside creating that user on the machines and placing their keys, I also want to add this key to a "general" user's authorized_keys file
12:54 tommee I will have a look at users-fomula now
12:55 babilen tommee: Also read http://docs.saltstack.com/en/latest/topics/development/conventions/formulas.html to understand the motivation behind that.
12:55 babilen The basic idea is that you define variable bits of data in your pillars and static formulas that generate states from that data.
12:56 jslatts joined #salt
12:57 darkelda joined #salt
13:00 tommee oh well then it seems I'm trying to solve that old fashioned :) new stuff to read - thanks for guidance!
13:03 matthiaswahl joined #salt
13:08 bhosmer joined #salt
13:09 Kanguru_au i found a page that indicated state.highstate was desired state or the end state one wants a machine to achieve.
13:09 FeatherKing joined #salt
13:09 babilen Yes, exactly.
13:11 mapu joined #salt
13:11 mpanetta joined #salt
13:12 to_json joined #salt
13:12 scoates_ joined #salt
13:12 bhosmer joined #salt
13:12 darkelda joined #salt
13:15 bhosmer joined #salt
13:17 racooper joined #salt
13:18 Kanguru_au it seems to use a file named top.sls when one invokes state.highstate. Files e.g. foo.sls used when invoking "state.sls foo"
13:18 Kanguru_au i think i was getting confused thinking state.highstate and state.sls were file names
13:19 Lomithrani1 Do you see anyway to execute automatically a state after a reboot ? (reboot that was ending another state)
13:20 Lomithrani1 (I need to reboot after installing docker-py or my second state won't work)
13:20 racooper Lomithrani1,  look into Reactor. http://docs.saltstack.com/en/latest/topics/reactor/
13:20 Lomithrani1 well the first state is already triggered by reactor
13:20 Lomithrani1 reactor finish by a reboot
13:20 Lomithrani1 and then I want to execute the other sls
13:20 vejdmn joined #salt
13:21 racooper then you probably know more about it than I do...I haven't had use for reactor yet
13:21 kiorky joined #salt
13:21 Kanguru_au (i suspect my using Windows for several years has led to brain damage and filenames without pretty icons are tripping me up)
13:24 deepz88 joined #salt
13:25 goal joined #salt
13:26 intellix joined #salt
13:28 Lomithrani1 Does any of you see a way to execute a state file after a reboot (that was triggered at the end of an install triggered by a reactor) ?
13:30 thayne joined #salt
13:30 ericof joined #salt
13:30 ntropy is there a way to specify default file permissions and mode?
13:30 ntropy want to avoid having to specify them in each file i manage
13:33 goal if your objective is to manage minions in a way that allows you to group them (a minion may be in multiple groups), then use that grouping to determine many other actions, how should you be doing this? Possibilities seem to be node groups, grains or pillar
13:34 FeatherKing goal: if the grouping data will not be changing very much i would use a grain
13:35 FeatherKing node groups could be considered shorthand for combining several grains
13:35 FeatherKing -N prodwebserver = grain=prod and grain=webserver for ex
13:35 jperras joined #salt
13:36 goal ah I see, so a broader grouping that's not going to change
13:36 FeatherKing grains are considered static data that is not changing on the machine
13:36 FeatherKing or not very often
13:36 FeatherKing stored on the minion itself
13:37 goudale joined #salt
13:39 goal that's what made me question using grains
13:39 blarghmatey joined #salt
13:39 eliasp Lomithrani1: to execute a state after reboot: http://docs.saltstack.com/en/latest/ref/states/startup.html
13:39 eliasp but the actual final solution to what you want is hidden here (not yet implemented): https://github.com/saltstack/salt/issues/6792
13:39 FeatherKing for grouping i use two things
13:39 FeatherKing and id that is sequential
13:40 FeatherKing 1-N
13:40 FeatherKing and a group of 10 at a time, 1-N where each number is assigned to 10 systems
13:40 Lomithrani1 Thanks eliasp
13:40 tempspace Morning!
13:41 FeatherKing so i can load say group 1-3 (30 systems) or [1-5] (5 systems)
13:41 eliasp FeatherKing: are you looking for this?: http://docs.saltstack.com/en/latest/topics/targeting/batch.html
13:42 FeatherKing not quite, in my case i need the exact group two times
13:42 eliasp k
13:42 FeatherKing once to inform the user of an update, and then to actually run the update
13:42 FeatherKing ty tho
13:42 goal Say I had a bunch of webservers, some ran nginx and some ran varnish and nginx. I would have all in a 'group' for nginx and some in a 'group' for varnish. My objective being to easily control what happens on each by way of grouping
13:42 goal am i going about it wrong, given that example?
13:43 FeatherKing you could also control something like that only in your state file with some jinja logic
13:43 FeatherKing there is no 'wrong'
13:44 dude051 joined #salt
13:44 FeatherKing in your state you could look for nginx installed or varnish or look for a config file to determine and then have one state that covers both systems
13:44 FeatherKing but only triggers if something is true/false
13:45 jperras joined #salt
13:46 FeatherKing goal: http://docs.saltstack.com/en/latest/ref/renderers/all/salt.renderers.jinja.html
13:46 laubosslink joined #salt
13:46 FeatherKing like that first example sort of
13:46 FeatherKing you could even still use grains, just depends what is easiest to match on
13:48 goal_ joined #salt
13:48 goal_ Sorry, not sure if my last lines made it through..
13:48 thayne joined #salt
13:48 goal_ 'no wrong way' is the feeling I've gained, but I was looking for a best practice way
13:48 goal_ I was set on using grains, but then reading they're static and stored on the minion, made me question that
13:49 FeatherKing laubosslink: that is pretty much exactly what require is for
13:49 goal_ I just want to use the correct tool for the job
13:49 FeatherKing goal_: just because they are static doesnt mean you cant change them easily
13:49 FeatherKing think of it like, the cpu is a grain
13:49 FeatherKing you could have a better cpu
13:49 FeatherKing but you probably wont
13:49 dober_ joined #salt
13:49 FeatherKing for a while
13:49 goal_ yes, true
13:50 FeatherKing me, i have a grain= roles: -dev, -postgres
13:50 FeatherKing group: 1
13:50 FeatherKing pretty much static data
13:50 FeatherKing easy to change
13:50 FeatherKing but probably wont
13:51 FeatherKing pillar will give you a centralized place to change data, but is more for sensitive data
13:51 goal_ Okay, you've reassured me, thanks
13:51 FeatherKing and nodegroups is just like a complex grain
13:51 FeatherKing for me grains are working fine for matching, i guess thats all i can tell you
13:52 FeatherKing on 700+ vms currently
13:52 QiQe joined #salt
13:53 FeatherKing np
13:53 FeatherKing laubosslink: there is also a watch which can be used for similar functionality http://docs.saltstack.com/en/latest/ref/states/requisites.html
13:55 btorch joined #salt
13:57 btorch joined #salt
13:57 UtahDave joined #salt
13:57 UtahDave left #salt
13:58 dccc joined #salt
13:59 xcbt joined #salt
14:00 vlcn morning guys
14:00 irctc961 joined #salt
14:01 irctc961 Hello there humans :).
14:01 vlcn has anyone played with the new salt cloud vsphere module?
14:01 vlcn documentation is a bit thin, not sure how to actually go about using it
14:01 irctc961 I have a question about salt['pillar.get'] inside another pillar.
14:01 btorch joined #salt
14:01 irctc961 Is it suppose to be working or not?
14:02 tempspace You can't call one pillar from another pillar
14:02 babilen So: No, it is not supposed to work
14:02 tempspace You can extend pillars though, through jinja
14:03 irctc961 Ok, thanks But salt['grains.get'] is supposed to work, right
14:03 tempspace irctc961: correct
14:03 eliasp yes, everything else except of pillars['...']/salt['pillar.get'] works
14:03 eliasp they're filtered out to avoid circular-reference issues
14:03 irctc961 pillar.get inside another pillar works using file_client: local.
14:04 irctc961 Makes sense eliasp :), thanks for clarifying it.
14:05 elfixit joined #salt
14:06 ipmb joined #salt
14:08 QiQe guys Im seeing an error related to iptables anytime that I run "salt-call"
14:09 eliasp QiQe: update
14:09 eliasp QiQe: this was fixed in 2014.1.6 or .7
14:09 QiQe thanks
14:11 amontalban Morning guys!
14:12 amontalban Any jinja ninja around :)
14:12 amontalban ?
14:13 amontalban I'm trying to remove a member from am list
14:13 amontalban http://pastebin.com/uFpVkLkP
14:13 amontalban And it works on the first time I do that
14:14 patarr for salt to have a service.running state, does the init script need to support status ?
14:14 amontalban However if in another SLS I want to walk that list, the item doesn't belong to the list
14:14 patarr Or does salt do some magic behind the scenes.
14:14 amontalban patarr: I think it needs to support status
14:14 patarr :'(
14:15 to_json joined #salt
14:15 amontalban At least that is what I saw in the debug messages when it does the checking
14:15 amontalban If I remember correctly
14:16 jperras joined #salt
14:17 patarr hm, it seems like service.running also takes a param "sig" that is a string for the ps listing.
14:22 jalbretsen joined #salt
14:24 stickystyle joined #salt
14:27 deepz88 joined #salt
14:27 jalbretsen joined #salt
14:32 rblackwe joined #salt
14:33 ericof joined #salt
14:34 viq Hm, any idea how to approach "only execute those states if this file does _not_ contain this text" ? (create users only if /etc/nsswitch.conf does not mention ldap)
14:36 thayne joined #salt
14:37 quickdry21 joined #salt
14:41 scoates joined #salt
14:44 amontalban viq: You can put an if in the SLS
14:45 viq amontalban: and what would the if be checking and how?
14:45 amontalban {% if 1 == salt['cmd.retcode']('grep -i ldap /etc/nsswitch.conf') %}
14:45 viq cmd.run grep? I guess that's one way, though seems rather ugly
14:45 aleszoulek joined #salt
14:46 viq hm
14:47 rallytime joined #salt
14:47 amontalban I don't know if you can use that in the top.sls
14:47 amontalban But I think it should work
14:47 kiorky joined #salt
14:48 amontalban I'm using that inside a SLS to not execute some states if a file/directory exists
14:51 ajprog_laptop joined #salt
14:53 ml_1 joined #salt
14:54 Linuturk joined #salt
14:56 FeatherKing is there a recommended worker thread per server calculation for the master config?
14:57 FeatherKing it seems like my performance in salt is going down as ive scaled to so many systems
15:02 pclermont joined #salt
15:06 workingcats ronc, debian by default auto-restarts services, for simple cases like salt that should cover you
15:06 workingcats well, at least my salt minions are simple cases (from the PoV of init)
15:12 aleszoulek joined #salt
15:15 thedodd joined #salt
15:17 deepz88 joined #salt
15:18 fllr joined #salt
15:20 jpl1079 joined #salt
15:20 tommee Am I too dumb to find it or is there no way to comment out multiple lines as a block in state files?
15:21 kballou joined #salt
15:23 pclermont joined #salt
15:25 wendall911 joined #salt
15:29 to_json1 joined #salt
15:30 nahamu tommee: might be able to do it with jinja
15:30 nahamu put it in some sort of "if False" type thing...
15:31 tommee that would do it as a workaround, but not very elegant ;)
15:32 tommee we have # for single lines, why not /* … */ for blocks
15:32 alanpear_ joined #salt
15:32 jpl1079 tommee: does {# comment #} work across multiple lines?
15:32 tommee hmmm maybe
15:32 UtahDave joined #salt
15:32 tommee lemme test that
15:32 UtahDave left #salt
15:34 tommee jpl1079: yeah that did it! thanks a ton
15:34 jpl1079 :^)
15:36 thehaven joined #salt
15:38 viq laubosslink: don't ask to ask, just ask :P
15:39 KaaK_ any good recipes for setting grains based on EC2 metadata? e.g. public-hostname, public-ipv4, local-hostname, etc
15:39 SteveJ1729 joined #salt
15:40 viq KaaK_: maybe https://github.com/saltstack/salt-contrib/tree/master/grains ?
15:40 Kelsar_ joined #salt
15:41 jbub hello, is the 2014.1.7 the latest version ? i see 2014.1.8 and 2014.1.9 tags, both versions are in the docs, there are even notes about version detection regressions but the latest version according to pip is 2014.1.9, output from pypi (Current: 2014.1.7 Latest: 2014.1.9), but after i run pip install -U salt i end up with version 2014.1.0, any help much appreciated
15:41 pclermont joined #salt
15:41 viq laubosslink: out of curiousity, what would happen if you swapped ' for " and vice versa?
15:43 KaaK_ viq, pardon the ignorance -- but how do you invoke these? I'm not seeing anything in the docs on how to use these modules, only how to set static grains in /etc/salt/grains and /etc/salt/minion
15:45 MrTango joined #salt
15:45 khaije1 the salt-ssh manual says that nodegroups are supported but when I use them no nodes are selected ... any pointers on how to troubleshoot my config or advice from people using salt-ssh w/ nodegroups?
15:46 viq KaaK_: http://docs.saltstack.com/en/latest/ref/file_server/dynamic-modules.html
15:47 viq laubosslink: what does that sed do?
15:47 Kelsar joined #salt
15:47 Ozack1 joined #salt
15:48 testset joined #salt
15:49 Jarus joined #salt
15:52 jpl1079 joined #salt
15:53 viq how about 'for i in `lots of stuff` ; do echo -n "$i " ; done' ?
15:54 pclermont joined #salt
15:54 threezerous1 joined #salt
15:55 viq laubosslink: also there are other ways to do it listed in that link
15:58 thayne joined #salt
15:58 viq http://stackoverflow.com/questions/1251999/sed-how-can-i-replace-a-newline-n
15:58 KaaK_ viq, awesome -- thanks
16:00 Ryan_Lane joined #salt
16:03 alanpearce joined #salt
16:03 tligda joined #salt
16:07 jpl1079 joined #salt
16:09 jpl1079 left #salt
16:13 pclermont joined #salt
16:15 cpowell joined #salt
16:15 KyleG joined #salt
16:15 KyleG joined #salt
16:19 icebourg joined #salt
16:20 icebourg joined #salt
16:20 btorch joined #salt
16:21 tligda joined #salt
16:22 alanpear_ joined #salt
16:24 vejdmn joined #salt
16:25 viq Oh, sweet, looks like Helium will have pillar merging :D
16:25 FeatherKing what is the recommended way to edit the minion config from the salt master
16:26 tligda Good morning saltines! I'm having an issue where I try to download a file using the archive state and I get the error message, "[Errno 1] _ssl.c:510: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure"
16:26 viq FeatherKing: salt-formula ?
16:26 tligda I've been wrestling with it for a few hours and I wonder if there's a canned procedure to fix this issue.
16:26 tligda I can download the file in my browser and it works fine. I can download it using requests.get in the python interpreter. But the salt state fails.
16:26 tligda The certificate is a SAN certificate, if that makes a difference.
16:26 cpowell joined #salt
16:26 tligda I've been pursuing the SNI fixes, but that has been frustrating.
16:28 viq tligda: I think you need to tell salt (or whatever it's using to download the file) that this is a trusted certificate - or ignore all certificate errors
16:30 tligda viq: I can't find a way to do that. As far as I can tell, salt just does a requests.get for the location. No opportunity anywhere to tell it to ignore certificate errors.
16:30 joehillen joined #salt
16:30 viq Maybe you need to add the cert to system cert store?
16:32 tligda I could try that, but I don't see any reason that it doesn't accept the certificate.
16:32 FeatherKing viq: is there a specific formula you are thinking of? im not seeing a minion one in a search
16:33 elfixit joined #salt
16:33 viq FeatherKing: yes, salt-formula
16:33 viq https://github.com/saltstack-formulas/salt-formula/
16:34 viq tligda: is the SAN cert signed by any known CA?
16:35 viq Anyway, I'm off
16:35 poogles joined #salt
16:35 tligda viq: Thanks for the help!
16:35 tligda anyone else have an idea for me?
16:39 forrest joined #salt
16:42 Comradephate joined #salt
16:44 goal_ is it possible to include an sls that has dots ?
16:44 forrest goal_, what do you mean?
16:44 troyready joined #salt
16:44 forrest like dots in the name?
16:44 goal_ yes
16:45 forrest Uhh, you know I don't know, I would never put a dot in the sls name
16:45 forrest can't you use underscores or something else standard?
16:45 forrest when the yaml renders it is going to treat the dots as a directory, and fail to find it. You might be able to escape it somehow, but I don't know how
16:46 goal_ erm, if there's a way in a pillar sls to regex replace, then I guess I could
16:49 oz_akan joined #salt
16:49 goal_ |replace seems the best way to go about it whenever needed
16:49 tligda Here's an idea of what fails and I can't figure out why: http://pastebin.com/tB7xp4je
16:49 nineteeneightd joined #salt
16:50 tligda Here's what I would expect to fail when the earlier failure fails, but this one succeeds: http://pastebin.com/LNF3Wz5j
16:51 nineteeneightd So, I run my salt-master with auto_accept: True. Lately when launching new nodes, my salt-minion dies after bootstrapping saying the master rejected its key
16:51 nineteeneightd Hopping on the master and inspecting things with salt-key shows the key for the minion accepted, however the minion fails to start
16:52 nineteeneightd I `salt-key -d` the key and then start the minion again and everything works
16:53 nineteeneightd Anyone have any ideas?
16:53 forrest goal_, I don't know if that will work in the yaml section, but if it does let me know
16:53 nineteeneightd I should probably bump my logging on my master and see if anything interesting pops up
16:54 rap424 joined #salt
16:54 jaimed joined #salt
16:56 tligda I think I'm getting somewhere. salt 2014.1 uses urllib2.urlopen. 2014.7 uses requests.get.
16:59 ajprog_laptop joined #salt
17:06 FeatherKing it seems today i am stuck with Failed to authenticate, is this user permitted to execute commands?
17:07 FeatherKing it seemed like my performance was degrading and now i am unable to run anything
17:09 oz_akan joined #salt
17:10 tligda I'm going to pursue using 2014.7 instead of trying to get 2014.1 to work.
17:11 FeatherKing i am seeing this in my minion logs SaltReqTimeoutError: Waited 60 seconds
17:18 vbabiy_ joined #salt
17:25 mspah_ joined #salt
17:28 ml_1 joined #salt
17:29 vexati0n joined #salt
17:31 oz_akan joined #salt
17:33 goal_ if I've defined a value in a pillar sls, how can I access that value in the same pillar sls? Can I use pillar.get ?
17:36 dccc joined #salt
17:37 bhosmer joined #salt
17:39 dstokes goal_: define your value w/ {% set thing = 'stuff' %} and reference it with {{ thing }} throughout the pillar.sls
17:39 andygrunwald joined #salt
17:43 goal_ dstokes: then it would simply be a jinja variable, not a pillar value, yes?
17:44 bhosmer joined #salt
17:44 dstokes pillarkey: {{ jinjavar }}
17:45 goal_ okay so just defined it
17:45 goal_ -d
17:45 dstokes goal_: https://gist.github.com/dstokes/c4511bbd482039e1b07e
17:46 aw110f joined #salt
17:47 goal_ do those jinga values persist between sls files (eg. set in parent, used in included child)
17:47 to_json joined #salt
17:47 ckao joined #salt
17:48 goal_ From what I've just seen, I guess not
17:48 dstokes goal_: no
17:48 dstokes you would have to use a jinja include to preserve scope, but that's weird and you shouldn't do it ;)
17:49 dstokes you can also write macros and pass context to them. good for keeping states DRY
17:49 abe_music joined #salt
17:49 goal_ right will consider that
17:50 goal_ all I'm trying to do is to maintain some sort of orderly list which I can check whether something exists inside of
17:50 dstokes pillar data is accessible from sls'. if you set in pillar you can check at runtime
17:50 hoodow joined #salt
17:51 clarkperkins joined #salt
17:53 Srmrl Hey everybody, i got a question. Currentlty i am planning to build up a small dashboard for internal usage. We got saltstack in production. My use case is to collect version numbers from various applications running on my server. e.g php, java, memcached, redis, and so on. Now i asking myself what is the best way to do this. With salt there are several options. i can trigger salt '*' cmd.run 'php -v' etc for this automatically. Or i create a module for every
17:53 Srmrl application and apply a subcommand to return the version. Or (and currently i think this is the best solution), i will add several custom grains for this use case. What do you think about this? Which solution do you would prefer? I know that grains are more static and versions of applications, e.g. php change after upgrading. But before every grain run, we can refresh our grains. I like to get your opinion about this. Thanks :)
17:53 bezeee joined #salt
17:53 bhosmer joined #salt
17:54 danielbachhuber joined #salt
17:55 dstokes Srmrl: i'm using grains for something similar. mine might be even better (periodic runs of mine functions)
17:56 Srmrl What are "mine functions"?
17:56 Srmrl dstokes,
17:56 dstokes Srmrl: http://docs.saltstack.com/en/latest/topics/mine/
17:56 dstokes think grains, but stored on the master
17:56 Srmrl i think about something that i described in combination with returners to store the versions directly in a backend
17:56 Srmrl like couched
17:56 Srmrl couchdb
17:57 dstokes should work
17:57 Srmrl the result of a grain is stored directly at the master? in which data storage?
17:57 Srmrl And is this data storage on the master is accessible via a netapi module?
17:58 Srmrl dstokes, oh now i get it. the result of mines are stored on the master
17:58 Srmrl Thanks i will read it. But thanks for your answer. at first you agreed that grains are not a bad idea. will have a look
17:59 whiteinge you can get at mine data from the master with the cache runner
17:59 dstokes Srmrl: grains working fine for me, just have to sync before lookup to ensure current data
17:59 whiteinge !runner.cache.mine | Srmrl
17:59 forrest !help
17:59 wm-bot4 I'm a documentation bot. To control me, please use #salt-bot to avoid channel spam. See this URL for my commands: http://meta.wikimedia.org/wiki/WM-Bot
17:59 whiteinge !runners.cache.mine | Srmrl
17:59 wm-bot4 Srmrl: http://docs.saltstack.com/en/latest/ref/runners/all/salt.runners.cache.html#salt.runners.cache.mine
18:00 whiteinge doh
18:00 dstokes whiteinge: what is this dark magic!..
18:00 Srmrl dstokes, thats the own disadvantage i see, that i have to refresh all grains to get current data from grains. and currently i do not know how "expensive" (in kind of load) it is to refresh grains
18:00 Srmrl thanks whiteinge will have a look as well :)
18:00 dstokes Srmrl: depends on what your grain is doing
18:00 Srmrl just something like 'php -v' or something
18:00 Srmrl not really heavy thinks
18:00 dstokes !taco | whiteinge
18:00 Srmrl things
18:00 dstokes darn..
18:01 v0rt3xtraz joined #salt
18:02 whiteinge seconded that darn...
18:02 clarkperkins Hey everyone, we make heavy use of the overstate runner to provision large clusters of machines.  Sometimes, we run into issues where one or more minions don't get targeted by a stage in the overstate file, so that stage doesn't get run on that minion at all.  Has anyone else run into this?
18:05 dstokes clarkperkins: haven't run into that exactly, but i have seen state success' when minions fail to respond
18:06 clarkperkins yeah, we have seen that too
18:06 dstokes clarkperkins: how are you targeting the missing minions? (i.e. hostname, grains)
18:06 clarkperkins grains
18:06 dstokes you may need to make sure your minion grains are synced. my masters frequently have bad cached data
18:08 clarkperkins using saltutil.sync_all?
18:08 blarghmatey joined #salt
18:13 druonysus joined #salt
18:15 bhosmer joined #salt
18:16 Srmrl dstokes, about mines: "The data is gathered on the minion and sent back to the master where only the most recent data is maintained (if long term data is required use returners or the external job cache)."
18:16 Srmrl So i think grains are fine here with combination of a custom returner
18:16 Srmrl for a dashboard, you might need all data and not "the most recent"
18:18 druonysuse joined #salt
18:19 v0rt3xtraz joined #salt
18:20 chrisjones joined #salt
18:23 dstokes Srmrl: thumbs up
18:25 scoates joined #salt
18:27 smcquay joined #salt
18:35 beneggett joined #salt
18:38 to_json joined #salt
18:40 mr_chris joined #salt
18:40 mr_chris I'm finally able to do something that I couldn't do with old version of salt.
18:40 mr_chris Upgrading salt with salt.
18:40 mr_chris Going from 0.17.5 to 2014.1.7
18:40 ingwaem joined #salt
18:41 mr_chris pkg.install salt from the master. The old process gets killed, then new one comes up and everything is gravy.
18:41 mr_chris Nice job!
18:41 oz_akan joined #salt
18:43 rgarcia_ joined #salt
18:45 ingwaem greetings folks…I’m trying to get it setup but think I’m missing something…anyone had success with virt before?
18:46 to_json joined #salt
18:47 ingwaem "virt.hyper_info" is not available., and salt-run virt.hyper_info
18:47 ingwaem No minions matched the target. No command was sent, no jid was assigned. are what I get
18:48 v0rt3xtraz Hey all, maybe you could help me out. We're trying to set up a salt on some linux machines. We've already got a established master for our Mac installs, on 2014.1.1. How can force install 2014.1.1 onto our linux machines, so that they can talk to the master? Or will a 2014.1.7 client speak to a 2014.1.1 master?
18:49 manfred v0rt3xtraz: it is not backwards compatible
18:49 manfred v0rt3xtraz: http://docs.saltstack.com/en/latest/faq.html#can-i-run-different-versions-of-salt-on-my-master-and-minion
18:49 manfred v0rt3xtraz: the only way to install an older version is to install from git or pypi
18:50 layer3switch joined #salt
18:50 manfred v0rt3xtraz: use salt-bootstrap ... curl -sL https://bootstrap.saltstack.com | sh -s -- git v2014.1.1
18:50 forrest manfred, or grab the old package and set it up in an internal repo
18:50 manfred yeah or that
18:50 manfred but iirc, you will need to build the old version
18:50 manfred i don't know of a place that just has them
18:50 manfred v0rt3xtraz: http://docs.saltstack.com/en/latest/topics/tutorials/salt_bootstrap.html
18:51 FeatherKing ok im wondering how i can determine what is pegging my salt-master to death. its pegging 100% cpu and 80% system ram with ~700 minions. I feel like it might be working on a job or something but i am not sure where to look to clear it. debug looks normal to me, no real errors, but it is running away
18:53 Comradephate joined #salt
18:53 ingwaem maybe too many worker threads?
18:54 FeatherKing i had upped it from 5 to 20 but now i am back to 5
18:54 forrest FeatherKing, is this 2014.1.7
18:54 FeatherKing its pegging so hard you cant even run a single test.ping
18:54 FeatherKing yes
18:54 v0rt3xtraz manfred: Ok thank you
18:54 FeatherKing on master/minions both
18:55 FeatherKing centos 6.5 master, mix of centos 6.5 and ubuntu 12.04 minions
18:56 FeatherKing i thought maybe i ran out of inodes
18:56 FeatherKing but i have many
18:56 FeatherKing i set my open file limit to 20k
19:00 ingwaem bbl
19:00 FeatherKing in the debug log all you see is the authentication requests from the minions
19:02 Ozack2 joined #salt
19:04 FeatherKing in my /var/cache/salt/minion/proc/ on a minon ihave like 7 jobs in there, would they all be trying to run maybe overloading my master?
19:08 FeatherKing should that folder have anything in it normally?
19:10 vejdmn joined #salt
19:10 JoeHazzers joined #salt
19:10 smcquay joined #salt
19:11 arthabaska joined #salt
19:12 btorch is there no way to place a pkg on hold during the pkg.installed ?
19:12 forrest btorch, what do you mean by on hold
19:13 scoates hello.
19:13 forrest scoates, hi
19:13 btorch after on installs a pkg with apt-get , set the pkg to be on hold .. so it goes from ii pkg to hi pkg
19:13 btorch forrest: the dpkg status
19:14 scoates if this is possible, could someone point me to docs on it if they exist? I'd like to run some code when the fileserver tries to deliver a salt://… resource. Specifically, if the file doesn't exist, I'd like to run some code that creates the file (for certain paths).
19:14 btorch right now I gotta create a list and then do a for loop to use pkg.held
19:14 forrest btorch, yea I don't know if that's possible due to how salt builds things out
19:15 peters-tx joined #salt
19:15 ekristen joined #salt
19:18 scoates I guess I could somehow write a new backend, but not finding docs beyond this: http://docs.saltstack.com/en/latest/ref/file_server/backends.html
19:20 ingwaem joined #salt
19:22 to_json1 joined #salt
19:22 rihannon joined #salt
19:24 rihannon I'm having a problem with execution order.  I'm trying to create a user and then a directory owned by that user, and the latter fails because the first has not finished executing.  I thought salt was serial.  How do I fix this?  (2014.1.4)
19:27 ingwaem_ joined #salt
19:29 Srmrl hey, i wrote a custom grain and stored it on the salt master in /etc/salt/grains, but how can i deploy this grain to all my minions?
19:29 smcquay joined #salt
19:30 ingwaem srmrl: your next highstate to all the minions should populate them accordingly
19:30 Srmrl ingwaem, can i call it manually?
19:31 ingwaem srml: this should work: “salt ‘*’ saltutil.sync_grains"
19:31 ingwaem http://docs.saltstack.com/en/latest/topics/targeting/grains.html
19:32 FeatherKing is there a place on the master that it knows about jobs it sent to the minions
19:32 ingwaem featherking yes, let me find the syntax for you
19:32 FeatherKing i saw /var/cache/salt/master/jobs
19:33 FeatherKing i just cant run any commands on the master related to salt because its pegged
19:33 ingwaem yea, that’s the place the raw files are stored, but you can get them out of salt too as a list, or from the api
19:34 Ozack1 joined #salt
19:34 mgarfias running helium, need to create an EBS volume and attach it to a host.  this possible now?
19:34 ingwaem http://docs.saltstack.com/en/latest/topics/jobs/index.html
19:34 FeatherKing i deleted the jobs in /var/cache/salt/minion/proc on all the minions and restarted the minion
19:34 FeatherKing and all the jobs on the master in that folder and still it pegs when i start the master
19:35 ingwaem FeatherKing if you delete everything in the var/cache/salt directory you should be in a better position to restart the master and minions
19:35 FeatherKing ah ok
19:35 ingwaem salt-run jobs.list_jobs
19:35 ingwaem salt-run jobs.active
19:35 ingwaem salt-run jobs.lookup_jid <job id number>
19:36 ingwaem these 3 should help you get the status of your jobs
19:36 ingwaem http://docs.saltstack.com/en/latest/topics/jobs/index.html
19:36 FeatherKing yeah those i have used but they timeout right now
19:36 ingwaem I use the api, so I can call a url /jobs that just gives me everything
19:38 FeatherKing is it possible for many jobs to be in that proc folder on the minion
19:38 FeatherKing i feel like eveything got stuck on a job and maybe everything stacked up behind it
19:38 ingwaem it is possible
19:39 ingwaem I haven’t dealt with as many minions yet to hit this problem, but when in doubt, reset some stuff
19:39 FeatherKing the last thing i was able to run was like a grains.delval
19:39 FeatherKing on everyone
19:39 ingwaem owch
19:39 FeatherKing i dont know if it ever completed but thats the last thing i remember running
19:39 ingwaem 700 of them?
19:39 FeatherKing ye
19:39 ingwaem yea, that’s a big one I recall…deval get all the values for everything doesn’t it
19:40 ingwaem grains.delval even
19:40 ingwaem ahh, deletes grains
19:40 FeatherKing deletes a grain
19:40 FeatherKing yeah
19:41 ingwaem yea could be a big function..could list all the grains, then loop through deleting them all, for 700 machines…in the batches of the queue running
19:41 FeatherKing so i dont know what happened, but since around that command the master just pegs hard
19:41 FeatherKing yeah my thought as well
19:41 ingwaem if something was mid job and the master dies I’m not sure what happens…something I havent’ tested yet either
19:41 FeatherKing and i wondered if tha master is sending a lookup_jid every 30 secs after it too or soemthing
19:42 ingwaem i think it listens for the job completion on the communication bus
19:43 FeatherKing ive deleted the cache on the master, the minions are about half cleared
19:43 ingwaem for yoru delval to work more rapidly you may want to target specific minions first to see how fast it works for them and work through the stack that way…additionally actually target it with a specific key you want to delete, as there are a whole bunch of grains, re memory, cpu etc, and if it’s deleting those I wonder if it has to then repage the machine to repopulate
19:44 FeatherKing i think i did target my key
19:44 FeatherKing cant remember for sure now
19:44 FeatherKing is that cache folder all the master knows about jobs
19:45 ingwaem i believe so
19:45 FeatherKing 400/700 cleared minions
19:46 FeatherKing another 5 mins or so i bet
19:46 FeatherKing slow vmwaretools is my backup
19:47 hzzb joined #salt
19:48 ingwaem owch, but at least it works
19:48 FeatherKing this all started by me wanting to increase my worker threads
19:48 FeatherKing the default 5 seems to be working really slowly now
19:48 FeatherKing when it was working
19:49 FeatherKing i put to 20 but never got to test really
19:49 ingwaem yea it’s only going through 5 minions per time. it’s a balancing act between setting this correctly, to the number of minions you have, to the amount of resources you have available for the master
19:50 ingwaem if you can’t do very high spec masters, you could look at syndic and have masters of masters, and cluster them that way…could help speed up the stack too having additional masters with their own queues avialable to parallelize everything better
19:51 Srmrl ingwaem, ok. now my grain was deployed. But salt '*' grains.ls does not show my grain. Any idea? Have i to register such a grain?
19:51 scoates joined #salt
19:52 ingwaem where did you put the grains? into a statefile or your grains directory
19:52 Srmrl grains directory.
19:52 Srmrl on the salt master / file server
19:52 Srmrl Then “salt ‘*’ saltutil.sync_grains"
19:52 Srmrl but in "salt '*' grains.ls" the grain is not shown
19:53 tommee joined #salt
19:53 ingwaem sec, let me test
19:57 tommee Hi again! Having a problem with sudoers formula, it complains about "Unable to manage file: Jinja variable 'generic_defaults' is undefined". Is line 13 with the square [] brackets correct or should that also be curly {} in https://github.com/saltstack-formulas/sudoers-formula/blob/master/sudoers/files/sudoers?
19:58 dimeshake you want {} - the same way you're using that construct everywhere else in the file, tommee
19:58 gothix joined #salt
19:59 babilen FeatherKing: You can always use eventlisten.py to listen to incoming events. That way you would have *some* idea about what's going on. Grab it from https://github.com/saltstack/salt/blob/2014.1/tests/eventlisten.py
19:59 tommee dimeshake: thanks, i'll open an issue to the repo then! i was unsure if [] can be used at all in jinja
19:59 ingwaem srmrl: is the grains directory listed in your master config file in the file_roots section? For example there should be one perhpas /srv/salt, is there one /srv/salt/grains or similar?
19:59 ingwaem Sorry, have a conference coming through...bbl
20:00 FeatherKing yeah it seems like its not a cached job
20:00 FeatherKing still pegging after clearing all of that
20:00 babilen FeatherKing: What kind of specs do you have on that box?
20:01 FeatherKing 2cpu 2gb
20:01 FeatherKing vm
20:03 babilen For 700 minion? That's a little on the low side. I have 4G and 4 Cores for one master (~ 250 minions by now) and 4G, 12 Cores (because: why not?) on another. Increasing it to 4+ cores made a *huge* difference, from our previous 1 core (then 2 core) setup.
20:03 Comradephate joined #salt
20:04 FeatherKing in the event script so far i only see auth events
20:04 FeatherKing similar to the debug log output
20:04 babilen You can also kill jobs if they are taking too long (cf. http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.saltutil.html#salt.modules.saltutil.kill_job)
20:05 babilen FeatherKing: You would see it if some of the minions returned or if states finished during the run.
20:05 FeatherKing but every salt command times out
20:05 babilen Oh dear
20:05 FeatherKing so i dont know what is even running
20:05 FeatherKing ive cleared proc on all minions
20:06 babilen Understandable, did you try restarting the master?
20:06 FeatherKing yeah
20:06 FeatherKing deleted the cache on the master
20:06 FeatherKing and the auth events are all accepted so they are talking
20:07 babilen It takes a while for the master to "collect" all the minions again (i.e. the auth events) -- Can you test.ping some of the accepted ones?
20:07 oz_akan joined #salt
20:07 babilen btw, I would strongly recommend to try running jobs in batch mode (-b 50 or so) in the future. It might take a bit longer, but shouldn't be that pesky.
20:14 FeatherKing im really not sure
20:14 FeatherKing maybe ive cleared the original job issue, but all this load seems to just be accepting minions
20:14 FeatherKing maybe i should just let it go a while
20:16 bezeee joined #salt
20:20 ajprog_laptop joined #salt
20:22 tommee is there a way to display the computed sls files for a minion?
20:25 babilen tommee: there is
20:25 babilen http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.cp.html#salt.modules.cp.get_file
20:26 forrest babilen, I think that's the wrong link?
20:27 dave_den joined #salt
20:29 FeatherKing brb
20:30 babilen forrest: Yeah, I was after get_template .. *sigh*
20:30 forrest babilen, you can blame it on Friday if you want
20:30 babilen Thanks for noticing it
20:30 forrest np
20:31 * babilen shakes his fist in the general direction of Friday
20:33 tommee babilen, forrest: thanks, but this link did it - half ways at least. salt '*' cp.get_template salt://sudoers /tmp downloads the sls, but downloading the template there is still some wrong jinja code in this script ... hunting begins ...
20:34 babilen tommee: We could take a look?!
20:35 tommee babilen: https://github.com/saltstack-formulas/sudoers-formula
20:35 tommee just cloned it, copied over the pillar and config files
20:35 tommee run it and get:
20:36 tommee Unable to manage file: Jinja variable 'generic_defaults' is undefined
20:36 oz_akan joined #salt
20:36 tommee investigation showed, the template written had already some typos (issue opened at github)
20:37 tommee but still after fixing the square brackets in the template (line 13 and 24) ... the error persists
20:37 tommee hunting there to see why this variable does not get populated
20:40 forrest laubosslink, did you try http://docs.saltstack.com/en/latest/ref/runners/all/salt.runners.cache.html#salt.runners.cache.clear_all
20:40 forrest or clear_pillar
20:40 scoates joined #salt
20:41 forrest laubosslink, hmm, I'd suggest to go onto one minion you know is problematic, and see if the data is still cached there
20:42 to_json joined #salt
20:42 forrest It's not anywhere in the salt master conf either I assume right
20:42 forrest *?
20:43 babilen tommee: The [] is simply a list (which is correct if you take a look at the pillar.example)
20:43 tommee aaah crap
20:44 babilen No problem, I commented on the issue too.
20:44 babilen That formula is quite hard to read due to a complete lack of indentation and jinja insanity (seriously, at that point one should just render with Python)
20:45 babilen Well, not quite complete lack, but the bottom part doesn't have it. Lets see if something meets the eye
20:46 tommee well yeah but its good to see some learning how he does stuff
20:47 godber joined #salt
20:47 babilen tommee: Which distribution are you testing on and what is your pillar?
20:47 tommee testing on ubuntu 14.04.1
20:48 godber anyone know offhand if states.user.present works on OS X Mavericks?
20:48 tommee and my pillar is exactly the example
20:48 godber oh, nevermind, seems its not
20:48 godber password field is not supported
20:49 babilen tommee: Could you paste the complete error you get? I don't see anything wrong (but then it is late and I've been staring at this all day ;)
20:50 tommee https://gist.github.com/7oku/9a9bb61617ab1b785177
20:51 babilen tommee: Ah, lovely .. I had hoped for a more complete error. Maybe something in "-ldebug" output. But I'm heading off now and call it a day ...
20:52 v0rt3xtraz left #salt
20:53 tommee babilen: nothing in -ldebug. thanks for your assistance! have a good evening :)
20:53 DaveQB joined #salt
20:57 viq_ joined #salt
21:03 khaije1 does salt-ssh work with windows minions?
21:03 forrest khaije1, I don't believe so
21:04 forrest khaije1, https://github.com/saltstack/salt/issues/9213
21:05 forrest laubosslink, you could see about hiring the salt guys themselves
21:06 forrest I don't know if they do one off stuff like that though
21:06 btorch is this not correct ? http://goo.gl/sbneAp
21:06 btorch I have verified on my actual state and it seems like pkg_hold_list is just empty
21:06 khaije1 cheers forrest, good to know!
21:06 forrest khaije1, yea I didn't know that someone had even gotten as far as that last comment, haha
21:07 forrest laubosslink, http://www.saltstack.com/services/ there's that stuff, but if you contact them you might be able to look at more specialized services.
21:09 btorch well this is a better look I guess http://goo.gl/IefBQF more complete
21:12 btorch duh! needed {{ }} :(
21:20 rekibnikufesin joined #salt
21:24 ericof joined #salt
21:26 otter768 joined #salt
21:28 cachedout joined #salt
21:30 kermit joined #salt
21:31 JoeHazzers joined #salt
21:37 oz_akan joined #salt
21:39 martoss joined #salt
21:44 beneggett joined #salt
21:54 Ozack1 joined #salt
21:54 arthabaska joined #salt
22:05 oz_akan joined #salt
22:07 smcquay joined #salt
22:07 godber Has anyone written an /etc/passwd to salt user state script yet?
22:07 smcquay joined #salt
22:09 thayne joined #salt
22:09 forrest godber, not that I'm aware of
22:10 godber ok
22:10 godber thanks forrest
22:10 forrest np, if you do that would be cool though
22:12 herlo looking for someone that may have played salt and firewalld.
22:13 gothix herlo, is that working ? i am eager for that myself
22:14 herlo gothix: I don't know. Hoping someone may have written a formula I can start with. If not, I'll start digging in on it for CentOS7
22:14 herlo our new staging environment is all C7.
22:16 forrest herlo, gothix, I don't even think there is firewalld support yet
22:17 forrest you should punch whoever designed firewalld as a reminder
22:17 forrest when you see them
22:17 herlo forrest: it seems not. It's just a command though, so we could do that...
22:17 forrest herlo, yea
22:17 herlo forrest: that would be the same people who did systemd, from what I can see.
22:17 herlo so Lennart and company.
22:17 herlo I might see them at LCNA in a few weeks. :)
22:17 forrest 'We have this chance to redesign how shit iptables is, we should make it more like that crappy ubuntu implementation, such an idea!'
22:18 forrest well, let them know they should stop thinking like linux mainframe guys from the 70s, and start thinking like IT engineers from the late 90s at least.
22:19 herlo forrest: it looks like I may be wrong, but it definitely works with systemd.
22:19 herlo forrest: haha
22:19 forrest that's fine, I was just hoping the 'new' iteration of iptables would be designed better
22:19 herlo forrest: the thing is, you can integrate it with systemd, so it's at least 99
22:19 forrest lol
22:20 herlo forrest: what is poor about it? I'm still just reading about how it works.
22:20 herlo so far, it just seems like a layer on top of iptables.
22:20 forrest and there's the problem :P
22:20 forrest it's like iptables, but fragmented into a bunch of files
22:20 herlo well, chains which are represented by files.
22:20 herlo I can see that much.
22:22 herlo ugh, xml!
22:23 herlo but the commands look nice.
22:23 herlo # firewall-cmd --get-zones
22:23 herlo block dmz drop external home internal public trusted work
22:23 forrest there's just a lot of commands
22:23 forrest a LOT
22:23 forrest I don't know, I just expected more you know?
22:23 herlo # firewall-cmd --get-services
22:23 herlo amanda-client bacula bacula-client dhcp dhcpv6 dhcpv6-client dns ftp high-availability http https imaps ipp ipp-client ipsec kerberos kpasswd ldap ldaps libvirt libvirt-tls mdns mountd ms-wbt mysql nfs ntp openvpn pmcd pmproxy pmwebapi pmwebapis pop3s postgresql proxy-dhcp radius rpc-bind samba samba-client smtp ssh telnet tftp tftp-client transmission-client vnc-server wbem-https
22:23 forrest Linux should be getting easier and better
22:23 herlo wow!
22:24 herlo linux is about being configurable, not easy
22:24 herlo and easy is not simple
22:24 forrest very true
22:25 herlo simple means you should be able to make something work elegantly without tons of syntax or painful guis. Easy means a monkey can perform the actions if trained.
22:25 herlo This is why we call people 'ticket monkeys' or 'call center monkeys' :)
22:25 forrest firewalld is neither simple, nor easy.
22:25 forrest just like iptables
22:25 herlo forrest: iptables is simple
22:26 herlo for a network filtering program
22:26 herlo try cisco or juniper devices and you'll agree.
22:26 viq herlo: I thought you said "simple means you should be able to make something work elegantly without tons of syntax or painful guis" :P
22:26 herlo viq: lol
22:26 forrest heh, firewalld, all the examples are guis
22:26 forrest I like the link on the fedora site
22:26 viq herlo: have you seen PF?
22:26 herlo I use cli for i tall
22:26 forrest 'firewalld is a new gui' :P
22:26 herlo viq: yes
22:26 herlo love pf sense.
22:26 koyd joined #salt
22:27 viq OpenBSD here ;)
22:27 herlo viq: pf is great.
22:27 viq yes, it is
22:27 forrest herlo, if you write a firewalld module that would be good though
22:27 herlo but I don't know enough about it to compare as I only really used it with pfsense a few times. BSD is something I always mean to tinker with, but never have.
22:27 viq Though still, I've seen a PF config that was 20k lines long, 10% of which was macros...
22:27 herlo forrest: looks like I'll write one.
22:27 forrest viq, lol
22:28 herlo viq: right, but those 20k lines probably did BGP and RIP routing too
22:28 viq No, that was PF
22:28 herlo pf doesn't support BGP or RIP?
22:28 herlo I know that IPTables really doesn't either.
22:28 herlo s/know/believe/
22:28 viq You have routing daemons for those
22:29 herlo viq: right, but I thought it could be the router.
22:29 * herlo is learning something new today. :)
22:29 viq You can put packets into a routing table with PF, but PF doesn't dictate how packets are routed. Again, you have routing daemons for that.
22:29 CeBe joined #salt
22:29 herlo ahh, so not really different from ipt
22:30 viq Just like you wouldn't expect your quagga or whatnot to decide whether a particular host is allowed to your port 22
22:31 viq On high enough level, I guess, though I don't know much about iptables
22:31 viq Kinda first difference you see when you start looking is that in PF _last_ match wins
22:31 viq Also, gotta love tables. ipset is just so painful compared to PF tables.
22:32 JeffG_ joined #salt
22:32 badon joined #salt
22:32 TyrfingMjolnir joined #salt
22:34 gothix if im using pillar for variabes, where do i filter for default versions that get overriden by custom grains?
22:34 forrest gothix, you mean in your templatized files?
22:34 viq what do you mean, "filter for default versions" ?
22:35 gothix say in pillar i want to set specs for different versions of tomcat one for 6 and one set for 7
22:36 gothix how do i determine if a version shold be the default tomcat 6 or overriden by custom grain to be tomcat6
22:39 manfred gothix: you would have to do all that logic in jinja in side the state
22:40 herlo viq: right. Sorry, got called away by the wifey. :)
22:40 * herlo goes back to figuring out how to write a firewalld module.
22:41 maxleonca joined #salt
22:41 Ryan_Lane joined #salt
22:50 ksalman why are my custom grains disappearing on windows?
22:51 ksalman https://github.com/saltstack/salt/issues/14691
22:59 TyrfingMjolnir joined #salt
23:07 rgarcia_ joined #salt
23:08 yomilk joined #salt
23:09 gothix manfred, thanks!
23:12 smcquay joined #salt
23:16 herlo forrest: so if I wanted to use commands for everything and then just make a pillar for rules, do you think that would be too hard?
23:16 herlo forrest: specific to firewalld, of course.
23:16 forrest herlo, you mean as in cmd.run?
23:17 herlo probably
23:17 herlo or cmd.wait or whatever.
23:18 herlo forrest: like this: http://docs.saltstack.com/en/latest/ref/states/all/salt.states.cmd.html#how-do-i-create-an-environment-from-a-pillar-map
23:19 yomilk joined #salt
23:19 herlo forrest: it seems like cmd.run would have an unless attached, but that would just be checking to see if the rule is already in place.
23:20 forrest herlo, I feel like you could do it, but damn it would be a lot of loops
23:20 forrest so many for loops, lol
23:20 forrest I'd say you should consider using the python renderer
23:21 herlo meh
23:21 forrest *shrug*
23:21 forrest you can do it in jinja, just going to be ugly
23:21 herlo forrest: think of it this way
23:22 herlo firewall-cmd --add-service postgresql
23:22 forrest yea
23:22 herlo so we'd create a cmd.run that does 'firewall-cmd --add-service {{ service }}
23:22 forrest if you're doing something like that it might be simpler
23:22 forrest as long as you aren't making changes for the service.
23:23 herlo and then in the pillar, we list services.
23:23 beneggett joined #salt
23:23 forrest or blocking certain ranges, etc.
23:23 herlo but we could just as easily make it port specific or zone specific.
23:23 forrest true
23:23 herlo probably mostly trying to figure out the layout of the pillar
23:23 forrest I'd treat it like the users pillar
23:23 * herlo hasn't done much with pillars, might have a few questions in here soonish.
23:23 forrest herlo, https://github.com/saltstack-formulas/users-formula/blob/master/pillar.example
23:23 forrest like that
23:24 forrest 36 minutes and I'm out of here
23:24 herlo forrest: yeah
23:24 herlo forrest: probably for me too. I haven't work my 40 though. I'll be back working on Sunday this weekend.
23:24 herlo need to really kick it up a notch.
23:24 forrest lol
23:24 forrest are you hourly?
23:24 herlo no
23:25 herlo but I still need to get shit done.
23:25 forrest yea of course
23:25 herlo and I have been bogged down with this new staging environment for three weeks.
23:25 forrest :\
23:25 herlo partly because it's annoying as fuck, and partly because I'd rather be playing around with my wife, kids or my girlfriend.
23:25 herlo or camping
23:25 forrest lol
23:25 herlo or floating the lake
23:26 herlo or playing board games
23:26 herlo or ....
23:26 forrest yea the bummers of needing money
23:26 herlo floating the lake and board games cost $0
23:26 forrest well, you aren't making money when you do that though
23:26 herlo even hanging with the wife or gf are easy and don't usually cost a lot.
23:26 forrest or won't be for long if you just continually do those things
23:26 herlo that's the point. I can't sit idly by.
23:27 herlo gotta pick up the pace. Getting better though.
23:27 herlo I'm making progress again though. it's good.
23:27 forrest nice
23:27 herlo and relearning salt has been a bit of a time sink
23:27 forrest heh
23:28 Luke_ joined #salt
23:37 godber joined #salt
23:40 bhosmer joined #salt
23:51 MindDrive joined #salt
23:51 mspah_ joined #salt
23:57 sectionme joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary