Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2014-08-11

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:04 TheThing joined #salt
00:18 melinath joined #salt
00:31 zz_Cidan joined #salt
00:38 otter768 joined #salt
00:42 nocturn joined #salt
00:53 hotsnow joined #salt
00:54 schimmy joined #salt
00:56 schimmy1 joined #salt
01:13 icebourg joined #salt
01:15 icebourg_ joined #salt
01:17 zz_Cidan joined #salt
01:20 Ryan_Lane joined #salt
01:20 Ryan_Lane joined #salt
01:21 SheetiS joined #salt
01:26 tuck182 joined #salt
01:33 pastacino joined #salt
01:34 SheetiS joined #salt
01:43 TheThing joined #salt
01:45 adsisco joined #salt
01:45 unknown007 joined #salt
01:54 SheetiS joined #salt
02:07 srage_ joined #salt
02:15 tuck182 joined #salt
02:21 dude051 joined #salt
02:32 bhosmer joined #salt
02:52 thayne joined #salt
02:56 tmandry joined #salt
03:01 snuffeluffegus joined #salt
03:09 valentinbud joined #salt
03:18 icebourg joined #salt
03:23 Outlander joined #salt
03:31 Nazca joined #salt
03:56 m1crofarmer_ joined #salt
04:02 srage joined #salt
04:08 melinath joined #salt
04:11 tuck182 joined #salt
04:12 z3uS joined #salt
04:13 mosen joined #salt
04:15 melinath_ joined #salt
04:22 Lomithrani joined #salt
04:40 srage_ joined #salt
04:51 felskrone joined #salt
04:58 ramteid joined #salt
04:59 tuck182 joined #salt
05:01 sroegner joined #salt
05:07 Heartsbane joined #salt
05:07 aquinas joined #salt
05:08 valentinbud joined #salt
05:15 icebourg joined #salt
05:16 icebourg joined #salt
05:37 schimmy joined #salt
05:41 schimmy1 joined #salt
05:54 VictorLin joined #salt
05:57 cym3try joined #salt
06:00 CatPlusPlus joined #salt
06:01 colttt joined #salt
06:01 colttt good morning
06:04 EWDurbin howdy colttt
06:05 mosen hi saltines
06:11 robawt i prefer saltelite
06:11 robawt ;)
06:18 thayne joined #salt
06:30 ex4n1m0 joined #salt
06:47 Ryan_Lane joined #salt
06:50 sroegner joined #salt
06:50 pressureman joined #salt
07:02 mordonez joined #salt
07:10 ramteid joined #salt
07:12 ml_1 joined #salt
07:15 matthiaswahl joined #salt
07:18 linjan joined #salt
07:23 Ainieco joined #salt
07:24 Ainieco hello
07:25 Ainieco having this in my _grains/test_grain.py http://vpaste.net/Lqs2z
07:25 Ainieco and salt can't load it because of
07:25 Ainieco AttributeError: 'module' object has no attribute '_retcode_quiet'
07:25 Ainieco i'm not really familiar with python
07:25 sectionme joined #salt
07:26 Ainieco what's going wrong there? salt-call 2014.1.7
07:27 mosen lemme have a look, neither am i
07:27 mosen hehe
07:28 che-arne joined #salt
07:30 Ainieco removed cmd.retcode part it now it's all good, but why is solves some "chicken-egg" problem here https://github.com/saltstack/salt/blob/develop/salt/grains/core.py ?
07:30 Ainieco this link was in http://docs.saltstack.com/en/latest/topics/targeting/grains.html
07:31 mosen i saw that when i was attempting to write grains
07:31 mosen the grain didnt have access to cmdmod yet, because i think cmd would normally load afterwards
07:32 mordonez joined #salt
07:32 mosen so if you tried to do __salt__['cmd.run'] in the grain, it wouldnt be possible without that import
07:32 tmandry joined #salt
07:33 Ainieco okay, thanks for an explanation!
07:33 mordonez joined #salt
07:36 Ainieco is it possible to abstract sls portions? e.g i have several pieces being duplicated multiple time with difference only in state_names(just a prefix) and some variables.
07:38 Ainieco does it make sense?
07:38 mosen I'm still pretty new to Salt, but to me that sounds like a templating thing
07:39 mosen I only know about include and extend for one
07:39 mosen ID at a time
07:39 mosen and I've seen at least one tutorial where they just use a loop to make local users
07:40 Ainieco looping doesn't abstract states duplicate across several files
07:40 mosen very true
07:40 mosen but you mean, things like defining an abstract state with properties, and then specific implementations of that state?
07:40 Ainieco in puppet for example i can perform such abstraction using "type" thing if you're familar with puppet
07:41 Ainieco mosen: yep
07:41 mosen yeah I used puppet for a couple of years, just trying to convert my manifests now :)
07:44 mosen sls have the extend property
07:44 mosen im not sure if that is really the same thing
07:46 mosen theres a lot less inheritance going on in salt, it seems like
07:49 intellix joined #salt
07:51 Ainieco mosen: not quite, even if i have some abstract states i want to extend(instantiate) somehere i still need to enumerat each of these abstract states and override desired properties. Also i'm not sure how it gooing to behave having different extended states with same name(not " - name: ..." but the top "name: \n ..."
07:51 Ainieco i think it could be done with saltstack modules
07:51 thehaven_ joined #salt
07:52 mosen like execution/state modules?
07:53 MrTango joined #salt
07:55 mosen Ainieco: or you mean similar to puppet module install, how it handles the modulepath etc?
07:57 alanpearce joined #salt
07:59 slav0nic_ joined #salt
08:00 babilen Ainieco: What are you actually trying to do in that grain? (that's not how grains work at all)
08:00 babilen (and where did you get that codesnippet?)
08:00 mosen actual salt guy take over!
08:00 Ainieco babilen: https://github.com/saltstack/salt/blob/develop/salt/grains/core.py
08:00 Ainieco from here ^
08:00 Ainieco mosen: just not sure, sorry. i'd like state modules to be able to call other sls file with user supplied attributes, but haven't seen a way to do it quite yet
08:01 mosen Ainieco: the attribs would be in pillar, i think that fits the design maybe
08:01 mosen sorry im learning too :)
08:01 babilen Ainieco: So, what do *you* want to do in your *custom* grain?
08:01 mosen gotta roll.
08:02 Ainieco babilen: call "with open" and return file contents, that's all
08:02 babilen Ainieco: A suitable one would look like: https://www.refheap.com/89108 (for example)
08:03 babilen Ainieco: That doesn't really sound like a good application for grains - What is this being used for?
08:04 Ainieco babilen: to get os/kernel version kind of thing
08:06 Ainieco babilen: do you know if one can write some abstract sls and then instantiate it from other sls with custom parameters?
08:06 babilen Ainieco: You have those in grains already (cf. grains['os'], grains['kernel'], ...)
08:07 babilen Ainieco: Please run "salt 'someminion' grains.items" on your master and check the information that is already available to you (You, naturally, have to replace 'someminion' with the actual name of one of your minions or '*')
08:08 Ainieco babilen: already did, nvm it i very really custom setup and i don't find built in grains useful in my case
08:08 Ainieco i have*
08:08 babilen So, what are *you* trying to do?
08:09 Ainieco babilen: can we change topic&
08:09 Ainieco ?
08:09 Ainieco i'm really interested in:
08:09 Ainieco babilen: do you know if one can write some abstract sls and then instantiate it from other sls with custom parameters?
08:09 babilen So you don't need help writing your custom grain anymore?
08:09 darkelda joined #salt
08:09 babilen Yes I do know that
08:09 babilen ;)
08:09 Ainieco babilen: nope, already solved it, thank you!
08:10 Ainieco re grains ^
08:10 Ainieco babilen: could you please give an example of how to do abstract sls kind of thing?
08:11 TheThing joined #salt
08:11 babilen Ainieco: I would recommend to read up on pillars and read the documentation on conventions in formulas. You will, probably, also want to read up on extending states. I am referring to the following: http://docs.saltstack.com/en/latest/topics/tutorials/pillar.html + http://docs.saltstack.com/en/latest/topics/development/conventions/formulas.html + http://docs.saltstack.com/en/latest/ref/states/extend.html
08:12 babilen You will, almost certainly, want to take a look at the formulas on https://github.com/saltstack-formulas also
08:14 Ainieco babilen: thank you!
08:15 babilen The main ideas are basically: 1. Describe the state you want to achieve rather than how to react to a given state 2. Use data-driven approaches in generating the specific states that will be run on any given minion. This necessitates a way to present different data to each minion which is done by pillars (which also nicely solve the "all my minions can see sensitive data" issue)
08:15 DaveQB_ joined #salt
08:16 babilen Before you fall in love with extend: Please keep in mind that states can only be extended once (so you cannot build some multiple-inheritence inspired setup)
08:17 TheThing babilen: How can one fall in love with extend when you can't extend pillar data :<
08:18 fejese joined #salt
08:18 babilen TheThing: Indeed
08:19 fejese Hi :)
08:19 srage joined #salt
08:19 fejese I was wondering if anyone can point me to some more detailed docs about reactor for saltstack
08:19 babilen It's overdue to see progress on https://github.com/saltstack/salt/issues/3991 or (even better) https://github.com/saltstack/salt/issues/2466
08:20 fejese I'm mostly looking after a way to define custom events
08:20 babilen fejese: I am afraid that http://docs.saltstack.com/en/latest/topics/reactor/ is as good as it gets. What do you require help with?
08:21 babilen fejese: Oh, custom events are .. well .. tricky. But then also not that hard. I found that I have to write a custom module to do that. Let me paste a skeleton of that idea, one second please.
08:21 fejese Well I have a state that starts up elastic search. However I need to wait until the REST API of ES initialises. However the `service start` call returns before that.
08:22 fejese For a quick hack I created a state that basically pauses until it gets a response from ES - with a reasonable timeout of course
08:22 fejese However it is not very efficient :)
08:23 fejese So I'm thinking about having a custom event that can be triggered once the API comes online so the states that require the API could be executed after
08:25 fejese Of course any other suggestion is appreciated
08:25 Ainieco babilen: hm, formulas doesn't look like what i want, consider this http://vpaste.net/0QaKh
08:26 Ainieco i have 4 files like foo.sls and bar.sls and more than 10 states like foo_create_something and bar_create_something
08:27 Ainieco which are essentially duplication of each other with exception of name prefixes and few variables
08:28 babilen fejese: There might be a better and more direct approach involving calling salt-call fire-master directly in the reactor definitions, but: https://www.refheap.com/89109
08:28 Ainieco looks like with formulas/extend i can abstract it like in "EXPECTATIONS" section
08:28 fejese @Ainieco, using Jinja to generate that list is not an option?
08:28 Ainieco fejese: no
08:29 Ainieco fejese: at least i'm not sure how to do it without duplicating everything again but in loop of something en each file :)
08:29 Ainieco s/of/or/
08:29 babilen fejese: But then you might simply want to use "salt-call event.fire_master '{ .... }' 'sometag'" in your elastic init script
08:29 babilen fejese: I mean what and how can you run this thing "once the API comes online" ?
08:30 Ainieco because file seprataion is crucial, i want to have it splittable and not depenedet on each other
08:30 fejese babilen: the problem is that the init script finishes and exits once the ES binary started however ES initialises its API module a bit slowly
08:30 Guest71843 joined #salt
08:30 babilen fejese: Well, that is a bug in the init script, but how would you go about raising an event from within ES?
08:31 fejese Well that's why I was looking into what reactor provides, whther it can be used to define some observer that waits for something to happen and then fire an event
08:32 babilen Ainieco: You could generate those states from data in pillars. Either with jinja, which will probably turn out quite ugly, as in, for example, https://github.com/saltstack-formulas/users-formula/blob/master/users/init.sls + https://github.com/saltstack-formulas/users-formula/blob/master/pillar.example
08:32 Ainieco i thinking that one coudl use state modules to achieve what's in "EXPECTATIONS" but not sure how to call abstract sls from pyhton module with user specified parameters
08:32 fejese However I'm not sure if it's a bug in ES. You don't necessarily wait for an application/daemon to fully initialise before the init script returns
08:34 babilen Ainieco: Or you could write those states in Python which gives you even more control. See http://docs.saltstack.com/en/latest/ref/renderers/index.html + http://docs.saltstack.com/en/latest/ref/renderers/all/salt.renderers.py.html + http://docs.saltstack.com/en/latest/ref/renderers/all/salt.renderers.pydsl.html for examples on how to do that.
08:34 mordonez joined #salt
08:34 babilen fejese: Yeah, sure, but the question is how can you teach ES to raise that event once it comes online?
08:35 babilen Once we've figured that out we can work on actually raising that event.
08:35 Ainieco babilen: oh, renderers are looking like what i need to travel to "EXACTATIONS" in http://vpaste.net/0QaKh , thank you
08:37 babilen Ainieco: You *have* to get rid of your OO inspired way of thinking though. Salt is much more like a descriptive programming language and limitations in extend mean that you cannot implement OO like inheritance.
08:37 fejese babilen: I was hoping to be able to define something that the salt minion can keep checking. But of course I can just deploy an arbitary script that serves the same purpose: checking the status of the API and calls salt if the status changes
08:39 sroegner joined #salt
08:41 babilen fejese: Once you have that you can raise events with "salt-call event.fire_master .." (or called from withing a salt module as exemplified)
08:41 badon joined #salt
08:43 Ainieco babilen: it's not related to OO in any way, i'm thinking about is as of function which take attrs and calls abstract sls with these attrs :)
08:43 Ainieco s/is/it/
08:44 babilen Ainieco: Okay, I think you might want to adopt a mindset of: Write specific data that can then be used to drive the generation of state data.
08:45 babilen In the end it simply boils down to handing over the correct dictionaries :)
08:46 babilen I would recommend to not do unnecessarily fancy things as it will mean that your setup is rather different from most other setups out in the wild. Take a look at formulas and try to emulate their best practices
08:46 valentinbud joined #salt
08:48 Ainieco babilen: okay, i'm just want to get rid of that nasty duplication, and i'm not sure how to do it with formulas since formulas are just state and i need something to generate states, like state macros or something. Going back to http://vpaste.net/0QaKh , it
08:49 Ainieco 's quite simple but well represents kind of duplication that i have currently
08:49 intellix joined #salt
08:49 Ainieco it's easy to eliminate it in puppet with "type" things
08:50 Ainieco babilen: how would you eliminate such duplication in salt?
08:51 babilen Ainieco: Did you take a look at the users formula I linked earlier?
08:51 Ainieco if it's formula it sill be duplicated across foo.sls and bar.sls and will be far away from "EXECTATIONS" section
08:51 Sp00n joined #salt
08:51 Ainieco babilen: yup
08:52 babilen And that is not what you are looking for?
08:52 babilen (doesn't matter if you do that in jinja, mako or python (I dislike jinja. but it is most commonly used))
08:53 Ainieco babilen: do you want me to project users example to http://vpaste.net/0QaKh ? because users example just doesn't solve the problem i have in http://vpaste.net/0QaKh
08:54 dOps joined #salt
08:56 Ainieco babilen: http://vpaste.net/71Eus here you go
08:56 Ainieco it actually adds even more duplication :)
08:58 Ainieco babilen: does it make sense to you? i want extract all duplication across several files and make some sort of function which will accept attributes and pass it to abtract sls
08:59 Ainieco each file should have its own attrs for such function to avaid name clashes between states
08:59 yomilk joined #salt
09:00 Ainieco babilen: i'm not sure why http://vpaste.net/0QaKh haven't rang your bell yet, do find it okay(in case when duplicated states count is multiplated by 10)? or do you find it solvable with jinja?
09:01 babilen (i'll take a look soon)
09:01 Ainieco thanks
09:04 dOps left #salt
09:04 mndo joined #salt
09:06 dOps joined #salt
09:11 objectified joined #salt
09:14 ggoZ joined #salt
09:15 bmcorser joined #salt
09:16 msciciel_ joined #salt
09:17 TyrfingMjolnir joined #salt
09:17 bmcorser are there any docs on renaming minions?
09:18 bmcorser i ended up on a client's DO droplet with a weird hostname and can't get salt to see my altered hostname
09:20 bmcorser oh ok
09:20 bmcorser duh i just delete the keys :)
09:22 Shish /etc/salt/minion_id
09:22 bmcorser ah
09:23 bmcorser yes i see that was set to the hostname at the time of bootstrapping (presumably) thanks
09:23 Shish yup
09:23 bmcorser Shish: can i just happily alter the minion_id on the minion without deleting keys etc?
09:24 Shish I think so
09:25 bmcorser cool
09:25 Shish may need to re-accept the keys on the master side, as the master will consider it a new minion IIRC
09:25 bmcorser ok
09:31 gavala joined #salt
09:31 TyrfingMjolnir joined #salt
09:32 gavala Folks, does anyone know how to find out the username of the salt user running an execution module from within the execution module?
09:33 tmandry joined #salt
09:34 CeBe joined #salt
09:35 mordonez joined #salt
09:39 mndo joined #salt
09:45 bhosmer joined #salt
09:47 giantlock joined #salt
09:57 Nazzy joined #salt
10:01 TyrfingMjolnir joined #salt
10:09 valentinbud joined #salt
10:11 aquinas_ joined #salt
10:12 ggoZ joined #salt
10:13 vbabiy joined #salt
10:15 Ainieco gavala: i heard you like execution modules so i put execution module within execution module so you can execute while you execute
10:15 Ainieco jpg
10:15 stephanbuys joined #salt
10:16 gavala thanks that's super helpful
10:17 mikkn joined #salt
10:18 ramishra joined #salt
10:19 intellix_ joined #salt
10:20 ramishra joined #salt
10:22 TyrfingMjolnir joined #salt
10:23 babilen Ainieco: I still don't quite understand what you are trying to achieve in http://vpaste.net/0QaKh and what those EXPERCATIONS are.
10:24 babilen +spelling
10:24 babilen gavala: It'll be root
10:25 babilen gavala: But you can certainly figure it out - it should be somewhere in opts, but then minions should/will *always* run as root so you can just assume that.
10:25 gavala Yeah i know salt runs as root, but i was wondering if it's possible to grab the actual user used to run the command
10:25 TyrfingMjolnir joined #salt
10:26 babilen You mean the user who invoked it on the master? (e.g. "sudo_gavala") ?
10:26 gavala i.e. user executes command on master, would like to be able to find out who did that when the minion is running that command
10:26 gavala aye
10:26 babilen Okay - I'm sure you can, but that is something that I don't know off the top of my head :D
10:27 sroegner joined #salt
10:30 Hydrosine I want to source a different file based on a grain.. But it doesnt work.. http://pastebin.com/didVnD6Y
10:30 Hydrosine What am i doing wrong
10:32 Hydrosine I also feel like i did this very clumsy ;p Some pointers are welcome
10:36 mordonez joined #salt
10:39 dOps joined #salt
10:41 babilen Hydrosine: I'd suggest to use a different pastebin in the future as pastebin.com is just horrible (too much clutter, social media integration, captchas, ...) -- http://refheap.com or http://paste.debian.net are nice for example
10:41 Hydrosine @babilen will do :) any idea about how to solve it nicer?
10:42 babilen Hydrosine: Several things: 1. You don't have to repeat everything, but can only wrap the "source: ..." bit in the if/else block.
10:42 Hydrosine I tried that, but it doesnt seem to pick up on the IF´s at all
10:43 babilen Secondly: I don't really like that approach, but it depends on the nature of the data in there. What does the content look like?
10:43 dOps_ joined #salt
10:43 ex4n1m0 joined #salt
10:44 Hydrosine configuration file with 2 parameters. one unique for each host (IP) and one unique depending on the grain(2 options)
10:44 babilen What does it do right now? Does "salt '*' grains.item roles" return what you expect it to return?
10:44 Hydrosine yup Returns 3 things at the moment
10:45 babilen Hydrosine: Okay, I would *much* rather recommend to not have a bazillian files, but the generate that file using a templating engine. Which IP do you need in there?
10:45 Hydrosine I want to put in roles all the different things that my machines can be, like a mysql server, if it runs public with quagga, what datacenter it is in..
10:46 babilen I am aware of that style of managing boxes (but don't subscribe to it)
10:46 Hydrosine where is some documentation about templating engine?
10:46 Hydrosine i´m still learning Salt, just trying out some things :)
10:47 babilen Hydrosine: http://docs.saltstack.com/en/latest/topics/tutorials/pillar.html has it. If you would answer my earlier question I could give a better example.
10:47 babilen You probably also want to read http://docs.saltstack.com/en/latest/topics/development/conventions/formulas.html
10:48 Hydrosine Is it common to make pillar data specific to one node? For example i define the public IP it needs in Pillars?
10:48 babilen Oh, *very* common
10:49 Hydrosine Couldn find any practical examples on that :)
10:49 babilen The basic idea is to write states that are applicable to all minions and then tailor their specific behaviour using data from grains and pillars.
10:50 babilen If you were to show me the actual file and tell me which values you want in there I could give you a better example
10:50 Hydrosine k
10:52 harkx joined #salt
10:55 stephanbuys1 joined #salt
10:56 stephanbuys2 joined #salt
10:57 babilen Hydrosine: Couple of questions: 1. Is the password specific to each box or do you want to set this globally? 2. Do they all use the same network configuration?
10:58 babilen Or does, say, the router-ip differ between minions (or groups of minions) ?
10:58 Hydrosine http://paste.debian.net/hidden/9fb2906a/
10:58 Hydrosine Network configuration has 2 options basically, unless we introduce more ospfd networks :)
10:59 Hydrosine password no need to be specific as you need access to this box to connect to daemon
11:02 ex4n1m0 joined #salt
11:02 faust joined #salt
11:04 ggoZ joined #salt
11:05 babilen What's the IP used at router-id ?
11:05 CeBe joined #salt
11:06 babilen And what is the 0.0.0.x semantically?
11:06 babilen Hydrosine: ^
11:07 ramishra joined #salt
11:08 martoss joined #salt
11:08 Hydrosine uhm its public ip address is used there. Dont know exactly what you mean by semantically but in 0.0.0.x it defines the OSPF AREA the host is in. Area is bound to the subnet, so subnet xx.xx.xx.0 is area 0.0.0.x and subnet yy.yy.yy.0/24 is area 0.0.0.y
11:08 ramishra joined #salt
11:09 ramishra joined #salt
11:09 babilen Hydrosine: Okay, I take it that the public IP differs from minion to minion, doesn't it?
11:09 Hydrosine yes
11:10 Hydrosine and there are only 2 area´s 0.0.0.1 and 0.0.0.2
11:10 babilen Do they follow some kind of scheme (e.g. are they always on eth0 or br1 .. or are they in a specific subnet? (e.g. start with "101.110.")
11:11 Hydrosine during provisioning i put them in a specific subnet :)
11:12 babilen http://paste.debian.net/hidden/56cc9c2d/ I have this so far, but that naturally need to be changed. You would safe that somewhere and then use "template: jinja" in the file.managed block.
11:12 babilen Hydrosine: Is there a way to get hold of that IP programmatically?
11:13 Hydrosine Lets just assume its always on eth0
11:13 Hydrosine as that is what i want anyway :)
11:13 babilen I showcase two ways of accessing the pillar btw, one uses foo.get(KEY, DEFAULT_VALUE) and the other simply foo.KEY .. the former is, obviously, better if you want to/can set a sensible default
11:14 Hydrosine i see
11:15 Ainieco babilen: solved it already with jinja macros
11:17 Hydrosine Where to place the pillar part in the top of what you posted? In /srv/pillar..? or in one file and the template: jinja things get it?
11:19 babilen Hydrosine: Read http://docs.saltstack.com/en/latest/topics/tutorials/pillar.html -- You have two options: You can either target different pillar .sls files (what I showed) to the minions based on grains in the top.sls or include different values in the same SLS pillar file and introduce logic based on grains.
11:19 babilen But let me get your IP in there first :)
11:20 burkey joined #salt
11:21 babilen Hydrosine: http://paste.debian.net/114827/ -- this relies on eth0 *always* having a single IP
11:22 babilen Ah, the interface in there is missing (sorry for that)
11:25 babilen You ultimately might want to write an even more abstract OSPF formula in which you use a pillar such as http://paste.debian.net/114828/ to dynamically generate *any* sensible configuration file from pillar data
11:26 Hydrosine yea i find it hard to understand how to set up the pillars.. But this definitely gave me some insights :)
11:26 Hydrosine now to get it working :D
11:27 babilen Hydrosine: Pillars work much like states. You place them in /srv/pillar by default and then create a top.sls file that includes other SLS files and defined the targetting much like the top.sls for states does for states.
11:27 babilen The main difference is that you target data at minions rather than states.
11:27 babilen (well, states are just data too, but ...)
11:30 babilen Hydrosine: So, I'd create /srv/pillar/ospf/area1.sls and /srv/pillar/ospf/area51.sls and target them to minions based on their "role" grain. Targetting by grains is discussed in http://docs.saltstack.com/en/latest/topics/targeting/grains.html#matching-grains-in-the-top-file
11:30 Hydrosine I get the grains targeting
11:31 Hydrosine okay this is strange:  Comment:   Jinja variable 'dict object' has no attribute 'hostname'; line 18
11:31 Hydrosine while line 18 is network {{ router.subnet }} area {{ router.area }}    <======================
11:31 Outlander joined #salt
11:32 babilen Hydrosine: Could you paste your exact pillar and the file you used?
11:34 TyrfingMjolnir joined #salt
11:34 tmandry joined #salt
11:36 babilen I also realise that s/subnet/network/ would probably have been more appropriate
11:36 marnom joined #salt
11:36 babilen (and s/some_ip/ip )
11:36 logix812 joined #salt
11:37 Hydrosine babilen: http://paste.debian.net/hidden/63f089ab/
11:37 tinuva cant salt configure network devices yet?
11:38 babilen tinuva: http://docs.saltstack.com/en/latest/ref/states/all/salt.states.network.html
11:39 Damoun joined #salt
11:39 tinuva ok maybe I asked the question wrong. Can salt configure like Cisco Routers/Switches for example?
11:39 babilen Hydrosine: Could you run "salt 'someminion' pillar.item ospf" and verify that it's data are correct?
11:40 tinuva for example, puppet can like this: http://puppetlabs.com/blog/puppet-network-device-management
11:40 babilen tinuva: Well, that's quite a difference, isn't it?
11:40 stephanbuys2 left #salt
11:40 tinuva would love to be able to do that with salt
11:40 Nazzy *glares at Jinja*
11:42 Nazzy I'm optimizing a custom state module ... removing jinja from the module cut the execution time to a third
11:43 babilen tinuva: http://docs.saltstack.com/en/latest/topics/topology/proxyminion/index.html
11:44 ale_ joined #salt
11:44 babilen tinuva: And s/Cisco/Juniper/ for extra nice ;)
11:45 tinuva babilen, thank you that looks like something that I can make use of
11:47 yomilk joined #salt
11:52 bhosmer joined #salt
11:52 istram joined #salt
11:53 giantlock joined #salt
11:54 Hydrosine babilen: pillar.items ospf returns the correct data
11:54 TyrfingMjolnir joined #salt
11:56 alanpearce joined #salt
11:58 babilen Hydrosine: And the error stays the same?
11:58 istram hi! possibly a silly question. Is there a way to run state from other state?
11:58 Hydrosine Trying some stuff but cant get it to work
12:00 babilen Hydrosine: Sorry, I'll have to attend a meeting now, but the general idea should work. You could remove bits and pieces and check where it really breaks
12:00 TheThing good old "insert 100 print() statements"
12:00 babilen istram: You can require other states
12:00 babilen heh
12:00 babilen exactly
12:00 Hydrosine babilen, thanks a lot for all your help :)
12:01 Hydrosine really helps me, i´ll get it to work
12:01 istram babilen: oh, thanks. I remembered only include but I didn't want to go that way.
12:01 babilen I don't quite see it, but then I haven't tested anything of what I suggested and just wrote it down ..
12:01 babilen istram: You will have to include the SLS in that contains the states that you want to define a requisite on
12:02 babilen s/in//
12:02 istram babilen: oh, so no pure reference as "state.sls: anotherstatename" possible?
12:03 istram oh well, there goes my plan.
12:04 istram I actually have a some states (~150) and I wanted to be able to execute them from one state which would have a small jinja if around for exceptions based on machine role
12:06 bmcorser i can't run any commands on my master, the message is:
12:06 bmcorser Failed to authenticate, is this user permitted to execute commands?
12:06 bmcorser nothing changed there as far as I know
12:14 TheThing joined #salt
12:14 Damoun joined #salt
12:22 elfixit joined #salt
12:22 TheThing joined #salt
12:24 mndo_ joined #salt
12:25 diegows joined #salt
12:25 srage_ joined #salt
12:25 dccc joined #salt
12:34 istram so if I want to run other state I have to a) include and b) find a placeholder function as in http://paste.debian.net/hidden/99c80f2c ?
12:36 tkharju joined #salt
12:37 bhosmer joined #salt
12:39 mechanicalduck joined #salt
12:40 mortis_ anyone made something good for auto-documenting .sls files?
12:42 cpowell joined #salt
12:43 ex4n1m0 joined #salt
12:44 srage joined #salt
12:46 cym3try can I post a saltstack formula to https://github.com/saltstack-formulas?
12:48 diegows joined #salt
12:51 jtanay joined #salt
12:52 jtanay Hello there
12:57 gmeno joined #salt
12:58 bhosmer joined #salt
12:59 intellix joined #salt
12:59 babilen cym3try: No, but you can write a mail to salt-users and ask to be added to contributors
12:59 intellix_ joined #salt
13:00 diegows joined #salt
13:00 bhosmer_ joined #salt
13:00 Lloyd_ joined #salt
13:01 Lloyd_ hi guys, anyone know how to use math in jinja with pillar data. Eg: we have multiple different sites in different time zones, we want to grab the GMT offset and add or subtract that from a default value to add into a crontab on each system based on a gmt_offset set in pillar
13:02 Lloyd_ tried a couple of different methods, but can't seem to get it working
13:02 FeatherKing joined #salt
13:05 thayne joined #salt
13:06 blarghmatey joined #salt
13:07 Lomithrani Lloyd : that's the only math I could do in jinja {{ ("%f" % ((((grains['id']|replace("Cassandra", "")|float)-1)*(2**127)) / number_of_cassandra)).rstrip('0').rstrip('.')   }}
13:07 Lloyd_ ahh good ol' Cassie :)
13:08 fejese anyone knows whether it is possible to use reactor in a masterless setup?
13:10 ryanw_ joined #salt
13:10 Lloyd_ Lomithrani: I was looking at something a little more simple than that, eg {{ (( pillar.gmt_offset ) + 7 ) }} - just can't seem to get it to work with pillar data
13:10 Lloyd_ literally want to take a number from pillar, add another value to it, job done
13:10 Lomithrani well I don't know a lot about pillar but you might need to filter before you add
13:11 ZombieTwiglet joined #salt
13:11 goudale joined #salt
13:11 Lomithrani {{ (( pillar.gmt_offset )|int) +7 }}
13:11 fejese Lloyd: shouldn't that be pillar['gmt_offset']? Or should both work?
13:11 Lomithrani or something close to that
13:11 goudale Hi #salt
13:11 Twiglet_ joined #salt
13:12 Lomithrani Lloyd , fejese might be right here , looks more like that way when you call a function in jinja
13:12 Lloyd_ That's what I thought, just doesn't seem to work that way fejese
13:12 mpanetta joined #salt
13:13 fejese well, does it work without the math? so just {{ pillar.gmt_offset }} ?
13:13 Lomithrani if you just do {{ pillar['gmt_offset'] }} what do you get ?
13:13 Lomithrani oh same idea ^^
13:13 fejese great minds ... :)
13:14 Lloyd_ lol
13:14 Lloyd_ well I've tried calling the pilalr data the exact same way it's called everywhere else in salt, that's fine, trying to apply math to it at the same time just throws a wobbly
13:14 Lloyd_ pillar *
13:16 mpanetta joined #salt
13:17 Lomithrani well you can try {% set var = pillar['gmt_offset'] %} and then modify the var with math
13:17 Lomithrani for instance I have {% set number_of_cassandra= salt['mine.get']('Cass*', 'network.ipaddrs').items() | length  %} at the begenning of my cassandra.yaml
13:17 Lomithrani then I do math on number_of_cassandra
13:17 racooper joined #salt
13:18 duncanmv joined #salt
13:18 Lloyd_ was trying to avoid the need for set statements.... trying something else 1 sec
13:18 duncanmv Hi, I am running salt-master as root. I have a user1 which is listed in salt/master pam eauth and authorized to do everything .*. I run a script as user2 and want to use LocalClient to get_token using pam auth against user1 and execute commands that user1 has auth to. Should this work? Right now LocalClient can't connect to master (auth works) but later commands do not, probably because user2 can't read /var/run/salt ipc sockets
13:19 sroegner joined #salt
13:22 miqui joined #salt
13:22 babilen fejese: The reactor runs on the master
13:23 diegows joined #salt
13:25 duncanmv is LocalClient intended to be used as non-root?
13:25 mpanetta_ joined #salt
13:25 istram babilen: is this the only way? http://paste.debian.net/hidden/99c80f2c
13:25 fejese babilen: so there's no way to use it in a masterless setup?
13:26 istram fejese: nope. the master is hosting the message server into which you're hooking by reactor.
13:26 babilen fejese: It runs on the master
13:26 babilen If you don't run a master it is not usable.
13:27 fejese I see, thanks
13:27 istram fejese: why'd you like to do triggers in a masterless mode?
13:27 babilen istram: What are you *really* trying to do? Why don't you simply target the states that you want on a minion to the minion directly?
13:29 istram babilen: I'm writing states for security hardening. At the moment there are about 150 rules. To make creating of exceptions a bit easier I though that it might be interesting to make a centrall "dispatcher" state which would call other states.
13:30 babilen istram: No, you should write your states in such a way that they all work and then target them to the minion in question. (e.g. check requisites, cmd.run with unless/onlyif, ....)
13:30 duncanmv_ joined #salt
13:30 babilen You shouldn't think like "what do I want to do" but rather "what do I want to achieve" :)
13:31 fejese istram: I try to manage elastic search. I manage to start the service but in order to do some additional configuration I need to talk with the API it provides. However tha API initialised slowly, after the service reported back that it's started. So I need to wait for the API to become available and execute states only then. To not to block other states with a waiting loop I figured I can use a script that monitors the API and triggers an event when it becomes av
13:32 duncanmv_ joined #salt
13:33 duncanmv joined #salt
13:34 duncanmv is LocalClient intended to be used as non-root?, should it work with pam eauth/token against other user
13:34 istram babilen: the states of course work on all machines. it was meant to ease up the situation eg. instead of having a one big file with all the states and jinja if around each of them to have the states clean and have the if applied dynamically from the "dispatcher".
13:34 duncanmv ?
13:34 ajprog_laptop joined #salt
13:34 babilen istram: You can still include them all from a global file. (they will then all be run)
13:35 tmandry joined #salt
13:35 tmandry joined #salt
13:35 babilen I am not sure why you want to "dispatch" them. That's not what happens. Salt is being given a set of states, orders them (according to your requisites) and then tries to enforce them *all*.
13:35 babilen So: If you "include" a state it will already be enforced
13:35 blarghmatey joined #salt
13:39 mpanetta joined #salt
13:39 babilen istram: Does that make sense and would a global file that simply includes all others be what you are looking for?
13:40 transmutated joined #salt
13:40 istram babilen: creating a small paste right now with the whole idea - it'll be probably more understandable.
13:40 babilen Use, say, harden/init.sls with "include: \n - .firewall \n - .apache \n - ..." and then write the corresponding harden/firewall.sls ... ?
13:41 babilen istram: Actual examples typically help, yeah :)
13:44 jtanay do you guys know why the 2014.1.10 version of salt isnt available on EPEL6 ?
13:44 jtanay it seems to be up to date on debian
13:44 viq Hm, anyone using firefox 31 on linux with certs generated by salt?
13:45 viq jtanay: it's on epel-testing, it usually takes a while to trickle from epel-testing to epel, AFAIK
13:45 jtanay viq: thx, i'll have a loook
13:45 jtanay -o*
13:46 babilen Use Debian if you want up-to-date packages ;)
13:46 viq or even better - arch ;)
13:46 babilen Who would do that?
13:46 Sp00n a sadist
13:47 Sp00n :>
13:47 jtanay :D
13:47 istram babilen: http://paste.debian.net/hidden/b22f1cd1/
13:47 viq I believe salt is developed on arch ;)
13:47 istram getting from epel-testing to epel takes usually 2 weeks.
13:47 Sp00n you got something in your eye?
13:47 istram you can check the state of transition on koji
13:49 babilen istram: That hurts my brain
13:49 istram babilen: :)
13:49 duncanmv I can reproduct my problem with LocalClient just with the salt command on the cli: http://paste.debian.net/114856/
13:49 duncanmv if you are not root, it can't open the log, and then it can't connect to the master
13:49 istram babilen: overengineering?
13:50 istram epel6 2014.1.10 state here: https://admin.fedoraproject.org/updates/salt-2014.1.10-4.el6
13:51 babilen istram: Well, not quite but a completely different way of thinking about it and also a suboptimal approach IMHO. So, to clarify: What you *really* want is to target a number of states at every minion apart from those states that have been explicitly excluded?
13:51 istram babilen: that would be the base of it, yes.
13:52 babilen istram: I also don't like the approach of misusing map.jinja for that (which, in my world, is used to only define more or less static data such as package and service names, location of configuration files, ...)
13:52 istram babilen: putting that in map is, let's say a development workaround. That data will probably end up in a pillar.
13:53 babilen And that "mapper: state.sls: - name: {{ ... }} " bit works?
13:53 istram babilen: of course not - that's what I've been trying to find out.
13:53 babilen I sort of would have expected to fail due to you using the same ID over and over again
13:53 babilen *that to fail
13:54 istram babilen: oh, that would be easily solvable by prefix_{{ state }}
13:54 babilen absolutely
13:54 KaaK i'm trying to understand the reactor system and the role runners play in getting things done in salt. Are there any good examples to help solidify these two in concert?
13:54 istram babilen: the thing is that state.sls isn't callable like this.
13:54 istram babilen: and the whole mess with include just doesn't seem to be a clean solution.
13:55 babilen You could just generate the lists for includes: - ... " from that
13:55 babilen istram: But I would adopt a completely different approach
13:55 babilen Let me elaborate and you can decide if you like that more (I'm not saying that one is wrong and the other correct). It's just that my "internal model" is different.
13:55 istram babilen: if you have any hint where I should go, please share. I'm quite a pro in going against the flow.
13:56 babilen I have no idea if my idea corresponds to the flow :)
13:56 ramteid joined #salt
13:58 babilen Give me one second to sketch the idea on a pastebin
13:58 istram fejese: seems I totally forgot to answer. If you have a script monitoring the interface for availability which is sending the trigger to reactor, why not make it call salt state instead? ( salt-call --local state.sls do-after-api-is-available )
13:59 kaptk2 joined #salt
14:00 ipmb joined #salt
14:01 TyrfingMjolnir joined #salt
14:02 Hydrosine btw PDF builder is failing: https://readthedocs.org/builds/salt/
14:03 dude051 joined #salt
14:06 duncanmv joined #salt
14:07 CeBe joined #salt
14:08 ex4n1m0 joined #salt
14:08 SheetiS joined #salt
14:09 babilen istram: http://paste.debian.net/114860/ -- Is the basic idea. You adopt a closed world assumption and maintain a dynamic pillar written in Python to define exceptions.
14:10 babilen You can then either wrap each actual state in a check that tests "should I really run?" or target all states but those that for which the exception is True
14:11 duncanmv joined #salt
14:11 icebourg joined #salt
14:11 babilen You could even maintain the list of states completely in the pillar and write the "include this" logic in Python. I would, I guess, prefer that over the second approach
14:12 tk75 joined #salt
14:17 babilen istram: http://paste.debian.net/114865/
14:17 tk75 joined #salt
14:17 * istram is on standup, will try to understand babilen's idea in few
14:17 oz_akan joined #salt
14:18 babilen I think my preferred one is the third approach
14:18 duncanmv joined #salt
14:18 babilen (you could even write the state in Python to completely get rid of pesky jinja)
14:20 aquinas joined #salt
14:20 quickdry21 joined #salt
14:20 jeddi joined #salt
14:21 babilen line 59 was erroneously included
14:23 rojem joined #salt
14:24 tuck182 joined #salt
14:26 jslatts joined #salt
14:28 duncanmv joined #salt
14:32 marky_ joined #salt
14:33 babilen istram: Where do you work that you have to perform stand-up comedy in the middle of the day? (aka: ping)
14:33 rallytime joined #salt
14:34 istram babilen: problem of geographically distributed teams :o)
14:34 jergerber joined #salt
14:35 * istram reading babilen's approaches
14:35 Ozack joined #salt
14:36 jergerbe_ joined #salt
14:37 zooz joined #salt
14:38 dccc joined #salt
14:39 martoss joined #salt
14:46 ex4n1m0 joined #salt
14:46 blarghmatey Does anyone know how to set up Halite so that the live doc search works? The checkbox is disabled for me and looking through the source it appears that it is unable to find the documentation.
14:47 blarghmatey I installed the salt-doc package and it doesn't seem to have fixed it.
14:47 istram babilen: we do have teams in US, EU and India... It's hard to choose a "right" time :)
14:47 jslatts joined #salt
14:48 istram babilen: the pure python "map" is a good idea. might be easier than all the %.
14:49 babilen istram: http://clock.darkhorseanalytics.com/
14:49 CeBe joined #salt
14:50 babilen istram: I found that maintaining that is much easier than to do that in Jinja
14:50 duncanmv joined #salt
14:51 istram babilen: as for the state execution, you're using only the "include:". Will that actually work? Can seem to get it running in masterless.
14:52 babilen istram: Sure, all included states are "executed"
14:52 babilen Write the file with the includes manually (to rule out errors in the rendering) and check for yourself
14:53 conan_the_destro joined #salt
14:55 tyler-baker joined #salt
14:56 ex4n1m0 joined #salt
14:58 quickdry21 joined #salt
14:58 scbunn joined #salt
14:58 istram babilen: testing it now. Thanks for ideas.
14:59 diegows joined #salt
14:59 penguin_dan joined #salt
15:00 duncanmv joined #salt
15:01 icebourg joined #salt
15:01 Gareth morning
15:02 icebourg joined #salt
15:03 viq blarghmatey: did you restart salt-master since installing salt-doc ?
15:03 blarghmatey Yes
15:03 blarghmatey I'll try again
15:03 viq That's the extend of my ideas ;)
15:05 tempspace For a salt returner, is there a "good" way to only send data related to things that didn't finish successfully?
15:06 m1crofarmer joined #salt
15:06 blarghmatey viq: Thanks for the suggestion
15:08 icebourg joined #salt
15:09 icebourg joined #salt
15:10 icebourg joined #salt
15:12 SheetiS tempspace:  The only thing I could think to do is to run something using the reactor and watch for returns and perform your logging/whatever returner function on the reaction to a job that has a non-zero retcode.
15:12 wendall911 joined #salt
15:12 ericof joined #salt
15:13 SheetiS I send an email to a distribution list for those on-call when some job in salt returns with a non-zero code with the method I described above.
15:13 duncanmv joined #salt
15:15 wendall911 joined #salt
15:17 Ozack2 joined #salt
15:18 kballou joined #salt
15:22 vejdmn joined #salt
15:22 duncanmv joined #salt
15:24 jslatts joined #salt
15:25 tempspace SheetiS: what about looking at the return json object and stripping out objects with a result of True?
15:26 UtahDave joined #salt
15:29 tyler-baker joined #salt
15:30 blarghmatey joined #salt
15:32 SheetiS tempspace: it looks like success returns True on a nonzero retcode.  http://www.bpaste.net/show/dZW31XaQcEXQUm2Rne7y/
15:32 SheetiS That's why I watch the return event for a retcode != 0
15:33 tempspace return is actually 'return': ["No matching sls found for 'broken' in env 'base'"],
15:33 SheetiS well you could parse that
15:33 tempspace and it looks like it's just true if everything is fine
15:34 SheetiS If it is for what you are trying to do, then you could use that.
15:34 tmandry joined #salt
15:34 tmandry joined #salt
15:35 duncanmv joined #salt
15:36 intellix joined #salt
15:39 tinuva joined #salt
15:40 duncanmv joined #salt
15:41 Tman joined #salt
15:46 jslatts joined #salt
15:46 Linuturk how do I require a specific state entry to run before another. This isn't a pkg or file, but a cmd.script run.
15:47 duncanmv joined #salt
15:48 Linuturk http://pastebin.com/EwHkSdBt
15:48 Linuturk would something like that work?
15:48 tligda joined #salt
15:48 UtahDave Linuturk: - cmd: create-user
15:49 UtahDave you just have to refer to the cmd state and the id declaration or name
15:49 Linuturk hot
15:49 Linuturk thanks Dave :)
15:50 UtahDave you're welcome.
15:50 aquinas joined #salt
15:50 ramishra_ joined #salt
15:54 Ozack joined #salt
16:00 possibilities joined #salt
16:07 exanimo_ joined #salt
16:09 madphoenix joined #salt
16:10 madphoenix Anybody know when 2014.7 is going to land in the saltstack PPA?
16:10 VictorLin joined #salt
16:10 madphoenix Looks like it was released last month, but the latest available is still 2014.1.10
16:12 UtahDave madphoenix: the branch was cut last month as we prep it for the RC.  We've been on the cusp of releasing the RC for the last couple of weeks.  We're hoping to cut the RC today.
16:14 madphoenix UtahDave: thanks.  i presume it will be a few more weeks then until general release to the PPA?
16:15 UtahDave madphoenix: Yep. most likely.
16:15 madphoenix great, much obliged
16:19 thayne joined #salt
16:23 pressureman joined #salt
16:23 DanGarthwaite joined #salt
16:25 Ryan_Lane joined #salt
16:27 aparsons joined #salt
16:31 masterkorp Hello
16:31 jslatts joined #salt
16:31 schimmy joined #salt
16:31 masterkorp what is the "best" to define default values on salt formulas ?
16:32 masterkorp i am thinking haveing a defaults.jinja and load it with context on the formulas
16:32 housl joined #salt
16:33 nkuttler masterkorp: depends on how you organize your data. i have quite some pillar.get('foo', 'blah') etc
16:33 masterkorp but how do i check if the pillar data exists and if so, set that value as the pillar data ?
16:33 SheetiS salt[
16:33 SheetiS err
16:33 masterkorp nkuttler: yeah i want to remove that clutter and have the defaults in a file
16:33 nkuttler masterkorp: http://salt.readthedocs.org/en/latest/topics/pillar/#pillar-get-function
16:33 nkuttler ah
16:33 masterkorp yeah i know that
16:33 SheetiS salt['pillar.get']('foo:bar:whatever', 'default_setting')
16:33 SheetiS hehe
16:33 SheetiS ahh i see
16:34 masterkorp that gets a bit cluttery and hard to see the overrall behauviour
16:34 nkuttler masterkorp: well there's this formulas thing
16:34 masterkorp what thing ?
16:34 TheoSLC joined #salt
16:34 schimmy1 joined #salt
16:34 nkuttler http://docs.saltstack.com/en/latest/topics/development/conventions/formulas.html
16:35 nkuttler works with a map.jinja with default values
16:35 masterkorp i see, it makes sense
16:36 nkuttler but formulas are better suited for package-level stuff imo, i probably wouldn't like it for a higher level
16:37 Deevolution joined #salt
16:38 babilen istram: So, did that work out in the end?
16:39 istram babilen: yeah. thanks a lot. I'm rewriting / sedding the stuff now...
16:39 babilen Awesome! :)
16:40 istram but man, security hardening guides have to be as long as toilet paper...
16:40 tuck182 left #salt
16:41 babilen "apt-get install harden" ;)
16:41 srage_ joined #salt
16:41 TheoSLC Hello all.  I have a minor problem.  Lately my state calls have been very very slow.  taking 5 minutes to run 'salt-call state.sls simplesls'.  I am running salt-2014.1.7-3.  I am running multi-master.   The state.sls call is spending most of it's time within these messages http://paste.ubuntu.com/8018547/ .  Any ideas?
16:41 babilen And the best tool for hardening is still: http://www.dumbentia.com/pdflib/scissors.pdf
16:41 istram babilen: this ain't goning to be so easy... enterprise + multi-distribution
16:41 babilen </ot>
16:42 alanpearce joined #salt
16:42 babilen Scissors!
16:42 funzo joined #salt
16:42 babilen istram: Oh, does that mean that I could have charged millions in consultancy charged?
16:42 srage_ joined #salt
16:42 babilen *charges
16:42 tk75 joined #salt
16:43 istram babilen: I don't know about the milions... If you ever get in Prage I can get you a beer :)
16:43 babilen TheoSLC: Anything fancy in ec2_info.py ?
16:45 babilen istram: Fair enough (in fact I'm pretty close). Either way: Glad that it worked out for you and I hope that it proves a little more maintainable than the jinja madness you had before. (which would have also worked if you had just used include)
16:47 TheoSLC babilen:  that grabs ec2 instance data and adds them to the grains.  it grabs the data with curl against a local host.  it should be simple and quick.   Do you know if there is a way to add timings/timestamps to the salt log?
16:47 babilen TheoSLC: It might very well be all those _call_aws() function calls in there. Could you try running that manually on the minion and check if it takes longer than you would expect?
16:48 babilen TheoSLC: Unfortunately I am, as of now, not sure how to define a custom logging format. The Python logger supports that, but I am not sure if that functionality has been exposed by salt.
16:48 TheoSLC babilen: could you send that again.  I cleared the chat messages (like an idiot)
16:49 babilen TheoSLC: So you have "conn = httplib.HTTPConnection("127.0.0.1", 80, timeout=1)" in there?
16:49 babilen "TheoSLC: Unfortunately I am, as of now, not sure how to define a custom logging format. The Python logger supports that, but I am not sure if that functionality has been exposed by salt."
16:49 babilen "TheoSLC: It might very well be all those _call_aws() function calls in there. Could you try running that manually on the minion and check if it takes longer than you would expect?"
16:49 TheoSLC babilen: thanks.
16:51 MatthewsFace joined #salt
16:52 TheoSLC babilen: mine has conn = httplib.HTTPConnection("169.254.169.254", 80, timeout=1)
16:52 kedo39 joined #salt
16:52 babilen TheoSLC: Well, you could just use python on the minion and import the ec2_info module and run them manually.
16:53 TheoSLC babilen: i'm not great with python yet.  But i'll give that a try
16:53 babilen TheoSLC: Yeah, sorry. It should just contact http://docs.aws.amazon.com/AWSEC2/2007-03-01/DeveloperGuide/AESDG-chapter-instancedata.html
16:54 TheoSLC babilen: ran it.  it was super fast
16:55 babilen Okay, perfect. There is nothing else in your paste that screams "It's me!"
16:55 TheoSLC babilen: Note, along with multimaster I am using github as my file repo.
16:55 aparsons joined #salt
16:56 babilen Yeah, but the master will not update the GitFS cache for every state.{sls,highstate} run.
16:56 rap424 joined #salt
16:56 TheoSLC babilen: i'm running salt-call with -l debug now
16:57 babilen Never tinkered with multimaster and I have to leave now anyway as training is coming up. You might want to run the master/minions and calls with -ldebug and paste that ... somebody else might be able to spot something.
16:57 babilen All the best and until later :)
16:57 TheoSLC babilen: thanks again!
16:57 intellix joined #salt
16:59 babilen http://docs.saltstack.com/en/latest/ref/configuration/logging/index.html btw
16:59 smcquay joined #salt
16:59 thayne joined #salt
17:00 TheoSLC Slow salt-call spend 99% of it's time in between these two messages
17:00 TheoSLC [DEBUG   ] Loaded minion key: /etc/salt/pki/minion/minion.pem
17:00 TheoSLC [DEBUG   ] Reading configuration from /etc/salt/minion
17:01 forrest joined #salt
17:01 TheoSLC I found a bug for this https://github.com/saltstack/salt/issues/14126
17:01 alekibango joined #salt
17:03 jslatts joined #salt
17:04 melinath joined #salt
17:05 ml_1 joined #salt
17:05 rihannon joined #salt
17:05 chrisjones joined #salt
17:07 rihannon left #salt
17:11 kt76 joined #salt
17:11 aw110f joined #salt
17:13 taterbase joined #salt
17:14 jalaziz joined #salt
17:17 srage joined #salt
17:17 m1crofarmer joined #salt
17:24 nlb joined #salt
17:25 skullone so, this is funny... we are a puppet enterprise customer, with a laundary list of bugs and cases that have been unresolved for some time, and our PE support bill is set to double to $60k this year, we used the renewal to push for the issues to get resolved
17:25 skullone and puppet said "tough luck, renew and we may fix the bugs, if you dont renew, we wont fix them at all"
17:26 forrest That's pretty ballsy
17:26 skullone its basic shit too, like whacky bugs with $environments and stuff
17:27 forrest skullone, yea we had a lot of those at a previous job, stuff that just wasn't going to get fixed (some bugs were going on 4 years)
17:27 skullone we did two whitepapers, a press release, and a basic case study with puppet, and this is how they treat us...
17:28 skullone oh well.. our salt proof of concept is going great at least  ;)
17:28 forrest skullone, haha
17:28 logix812 joined #salt
17:28 forrest how long until your license runs out?
17:28 Ryan_Lane joined #salt
17:30 Twiglet_ Any one know what will happen is two state try and and create the same file? I'm guessing the last state to run wins?
17:30 Twiglet_ if two states*
17:30 forrest Twiglet_, it won't compile properly
17:30 forrest and will throw an error
17:30 skullone forrest: its out in a couple weeks
17:30 Twiglet_ ok, cheers
17:30 forrest skullone, ahh
17:31 skullone puppet even said "we may ask for proof the the enterprise version has been uninstalled after your license expires"
17:31 skullone im like, wow... thanks guys
17:31 forrest Twiglet_, yea np, let me know if you need help coming up with a solution
17:31 forrest skullone, yep, lots of places like to do that for enterprise software, it will be a script you have to run I beleive
17:31 forrest *believe
17:31 forrest which combs over the filesystem, screwing your security policies and forcing you to review the script :P
17:31 skullone yah
17:32 skullone i wont have a problem uninstalling puppet if thats what they want ;)(
17:32 skullone its expensive software, too
17:32 skullone our openstack VMs cost like $1.40 a month, and puppet was $5/month per node
17:33 Ryan_Lane is anyone able to respond to this post? https://groups.google.com/forum/#!topic/salt-users/qf3XJNXxXNc
17:33 forrest Right, it just sucks you have to look at moving, waste of time.
17:33 Ryan_Lane we're looking to add unit tests for the boto modules, but need some feedback
17:33 aparsons joined #salt
17:33 scbunn joined #salt
17:33 forrest Ryan_Lane, I'm pretty sure they all just run every time
17:33 forrest Ryan_Lane, did you already ask s0undt3ch?
17:34 Ryan_Lane nope. we were hoping that someone who knew would respond :)
17:34 forrest Ryan_Lane, yea I don't know if he usually responds on the mailing list..
17:34 Ryan_Lane we need to add a new dependency fo this
17:34 Ryan_Lane *for
17:34 Ryan_Lane the moto library, and possibly the boto library
17:34 skullone forrest: mcollective sucked in a hard way, so were happy to ditch that slow, buggy memory hog in favor of salt
17:34 Twiglet_ forrest: cheers, just trying to work out how to have a different sshd_config one one server when it's usually managed by out "core" state (that goes on everything)
17:34 forrest Ryan_Lane, yea that might be a problem
17:34 Ryan_Lane hence the post :)
17:35 UtahDave Ryan_Lane: I'll point the right people to that email, but I know they've been trying to not add more dependencies and use the testing stuff available in the std lib
17:35 forrest skullone, Hah, yea it's horrific, the fact you need a different tool to make it happen is funny
17:35 Ryan_Lane UtahDave: there's not much choice here
17:35 Ryan_Lane I think this just requires moto, which shouldn't add too much
17:35 Ryan_Lane and it does mocking
17:35 TyrfingMjolnir joined #salt
17:36 UtahDave gotcha.
17:36 forrest Twiglet_, yea I'd suggest to either templatize the file, or create a 'sshd_conf.sls' which contains the default conf (and can be applied to those main systems), and then in your specific app for that server, another sshd_config.sls which you use for that set of unique systems.
17:36 UtahDave Ryan_Lane: Yeah, I'll get the right eyes on it.
17:36 forrest or two sshd_conf files, whatever (just in different dirs)
17:36 Ryan_Lane UtahDave: cool thanks
17:37 UtahDave Ryan_Lane: Colin's a coworker of yours, I presume?  I'm not sure if I've met him yet
17:37 Ryan_Lane yep
17:37 forrest he's a baseball UtahDave
17:37 forrest don't put people down because they are different
17:37 forrest :P
17:37 Ryan_Lane he's been working on VPC support
17:38 UtahDave cool
17:38 Twiglet_ forrest: yeah, probably gonna have to split it out and template, cheers.
17:38 forrest Twiglet_, Sounds like a plan!
17:38 Ryan_Lane I think all the support necessary for VPC is upstreamed, but we'd like to make sure stuff doesn't break when people merge into the modules :)
17:39 TheThing joined #salt
17:39 Ryan_Lane since we rely pretty heavily on them
17:39 UtahDave for sure.
17:42 Gareth skullone: You actually used mcollective?
17:43 skullone we gave it a shot :p
17:44 Gareth skullone: Only reason I ask, I've never known anyone that successfully got it to work reliably.  A few folks here tried and used it for one thing, but it never worked consistently.
17:45 ex4n1m0 joined #salt
17:45 skullone we didnt have a good experience with it either
17:45 skullone we moved our orchestration tasks to fabric, which had its own gotchas, but at least it worked mostly as exptected
17:47 JasonSwindle joined #salt
17:47 bhosmer joined #salt
17:48 SheetiS joined #salt
17:50 delinquentme joined #salt
17:51 tmandry joined #salt
17:52 delinquentme salt-cloud deploy hooks.
17:52 delinquentme seemz like there are none.
17:53 delinquentme say I want to pause a shell script until 30 servers are up and running.  How can I do this with salt ... OTHER than writing something to ping all the servers while they're booting up ?
17:53 TyrfingMjolnir joined #salt
17:55 mechanicalduck_ joined #salt
17:57 ckao joined #salt
18:00 mechanicalduck joined #salt
18:04 aparsons joined #salt
18:04 thayne joined #salt
18:09 _mel_ joined #salt
18:09 _mel_ left #salt
18:14 Alan_S joined #salt
18:17 VictorLin joined #salt
18:19 delinquentme joined #salt
18:23 TheRealBill left #salt
18:23 aw110f joined #salt
18:24 exanimo_ joined #salt
18:24 cpowell joined #salt
18:25 tempspace is there a way to make salt-call use a default returner?
18:30 icebourg joined #salt
18:31 skullone has anyone made an external node database for salt?
18:31 skullone searched github, havent seen anything
18:31 forrest skullone, not that I'm aware of, it would be cool though
18:35 napper joined #salt
18:36 tempspace Also, ext_job_cache doesn't seem to work as I think it should, I think I should set it in my master config, and then all salt calls from master to minions should be sent to that returner, am I mistaken?
18:41 tkharju joined #salt
18:41 notpeter_ joined #salt
18:42 tempspace When I do a pillar.items, there is something called master_ext_job_cache instead of ext_job_cache...I tried setting that as well with no dice
18:43 Linuturk is there a place to set grain data on a windows host?
18:44 forrest Linuturk, that would probably be a question for UtahDave
18:44 forrest I don't know if it supports the standard grains dir
18:44 UtahDave add     mygrain: myvalue   to     c:\salt\conf\grains
18:44 scoates is there any documentation (beyond the code) for building these? https://github.com/saltstack/salt/tree/develop/salt/fileserver
18:45 forrest oh cool, so basically the same thing, thanks UtahDave
18:45 Linuturk hot
18:45 aw110f joined #salt
18:45 UtahDave that's if you want to hard code them.  Otherwise, I'd stick them in /srv/salt/_grains   and do a saltutil.sync_grains
18:47 elfixit joined #salt
18:47 Linuturk is there a set_grain function somewhere, similar to set_fact in Ansible?
18:47 UtahDave salt 'myminion' grains.setval mygrain 'This is the value'
18:47 Linuturk nice
18:48 UtahDave salt 'myminion' grains.setval mygrain '["item1", "item2", "item3"]'
18:48 UtahDave that's a list
18:48 delinquentme what about in the current 'salt' codebase ?? is there some kind of evented handling post instancing n servers ?
18:50 UtahDave scoates: I'm not sure if there's any docs on writing fileservers.  basepi, do you know of any?
18:50 scoates effectively what I'd like to do is run some code when the regular fileserver doesn't find a requested file… is this the best place to do that?
18:51 UtahDave delinquentme: have you looked at the salt reactor?  I'm not sure exactly what you're trying to do, but that allows you to do dynamic things.
18:52 delinquentme UtahDave, basically right now Im using salt-cloud within a script to pull up some number of servers ... after they're all up I want to get their IPs ... however since the parallel instancing command within salt-cloud is non-blocking, the IP gathering script fires off instantly before any servers are up
18:52 delinquentme ( useless )
18:52 UtahDave scoates: Hm. I'm not 100% sure, but you might look in the __init__.py there
18:53 scoates will poke at it. thanks UtahDave
18:53 UtahDave delinquentme: Yeah, I'd write a script that listens to the event bus for all of them to come up, and then do something.   whiteinge wrote a cool runner that waits for an event, then does something.  Might be a good starting place for you.  Let me find it
18:54 adsa joined #salt
18:54 delinquentme so this isn't something integrated into the codebase huh?  Smells like a possible open source contribution???
18:54 mpanetta UtahDave: I would be interested in seeing that code as well.
18:55 diegows joined #salt
18:55 whiteinge !runners.state.event | delinquentme UtahDave
18:55 wm-bot4 delinquentme UtahDave: http://docs.saltstack.com/en/latest/ref/runners/all/salt.runners.state.html#salt.runners.state.event
18:55 whiteinge :)
18:56 pjs god damn.. anyone else having pypi issues today?
18:56 UtahDave there you go delinquentme and mpanetta
18:58 srage_ joined #salt
18:58 mpanetta Thanks!
18:59 Ryan_Lane joined #salt
19:00 srage__ joined #salt
19:02 tmandry joined #salt
19:03 possibilities joined #salt
19:06 skullone how is SLC to live in?
19:06 skullone i worked at pacific power, and they had an SLC office, but i never did more than pass through the place
19:06 forrest depends where you live I think
19:07 forrest I visited in the winter for saltconf, and there was a good amount of pollution
19:07 skullone really?
19:07 forrest yep
19:07 bmatt yeah, the smog inversion is nasty
19:07 bmatt makes 80s LA look like clear blue skies
19:07 forrest lol yea
19:07 skullone i never heard that about SLC, weird!
19:07 gmeno joined #salt
19:07 transmutated joined #salt
19:08 skullone we get a smog inversion in portland also, but goes away pretty quickly
19:08 bmatt PDX' is nothin
19:08 tempspace yeah, that pollution was crazy
19:09 SheetiS joined #salt
19:09 skullone i stayed a couple days years back on the way back from driving through grand canyon, but it was like april, and didnt notice much smog
19:09 ggoZ joined #salt
19:10 skullone (destroyed a wheel bearing, stopped in SLC to get it repaired, 1,500 miles on a howling wheel bearing was no fun)
19:10 schmutz joined #salt
19:10 tempspace Is ext_job_cache known to be broken by any chance?
19:10 tligda joined #salt
19:12 UtahDave skullone: It's beautiful outside right now.  I'm taking my motorcycle for a spin this evening
19:13 UtahDave tempspace: I'm pretty sure it's not broken.  Are you running into problems?
19:14 tempspace UtahDave: It may be I'm just doing it wrong, am I correct that setting ext_job_cache: lc_sentry should behave as if I ran salt with --return lc_sentry
19:14 UtahDave tempspace: No, unfortunately.
19:14 tempspace I am very confused then :)
19:15 UtahDave tempspace: That's something I'd like to see fixed.  Setting an external job cache will automatically set up your default returners, but you still have to have the external job cache, which I don't think sentry would provide.
19:16 peters-tx joined #salt
19:17 tempspace so, short of making my own versions of salt and salt-call to call the real versions with the return, I am out of luck?
19:19 melinath joined #salt
19:22 UtahDave tempspace: https://github.com/saltstack/salt/issues/3543
19:23 UtahDave tempspace: I've reopened this issue. I thought we had fixed this, but apparently there was a misunderstanding.
19:23 tempspace UtahDave: thanks
19:24 UtahDave you're welcome. sorry that bit you.
19:25 martoss joined #salt
19:28 bhosmer_ joined #salt
19:31 tempspace UtahDave: on a related note, any idea why calling 'salt' from a master against a minion with --return lc_sentry doesn't work, but going to the same host and running salt-call with a --return lc_sentry does?
19:32 UtahDave tempspace: Hm. that should work.  do you get any kind of error or stacktrace?
19:35 tempspace @UtahDave not at all, when running with -l debug, it doesn't even mention trying to use a returner, just goes right to loading the output stuff like Loaded no_out as virtual quiet
19:36 UtahDave tempspace: what version of Salt are you on?
19:37 tempspace UtahDave: 2014.1.7
19:38 felskrone joined #salt
19:38 martoss joined #salt
19:38 bhosmer joined #salt
19:39 kaiyou joined #salt
19:40 UtahDave tempspace: I'm thinking this must be a bug.  Would you mind opening an issue on that?
19:40 tempspace sure thing
19:40 UtahDave thanks!
19:41 intellix joined #salt
19:42 srage joined #salt
19:42 bhosmer joined #salt
19:43 bhosmer joined #salt
19:43 chrisjones joined #salt
19:47 Linuturk UtahDave: if I do file.managed to configure C:\salt\conf\grains, those grains won't be available the first time I run will they?
19:48 Centinel joined #salt
19:48 UtahDave probably not. you'd have to run saltutil.sync_grains or restart the minion service
19:49 Linuturk I guess I could set them via the salt-cloud piece UtahDave that would be immediate as the minion came online
19:49 UtahDave yep
19:51 possibilities joined #salt
19:51 Ryan_Lane UtahDave: have I mentioned that include: is really painfully limited? :(
19:51 Ryan_Lane I ended up using jinja to include an sls file on friday
19:51 Ryan_Lane you can only use include once in an sls file
19:51 UtahDave What do you need it to do, Ryan_Lane?
19:52 Ryan_Lane I want to be able to include other modules from any location in an sls file
19:52 Ryan_Lane for ordered execution
19:52 diegows joined #salt
19:52 Ryan_Lane otherwise I need to break a file up into individual modules, then include them in order. I'd need to do that every time I need to do a sub include at a specific position
19:53 UtahDave Hm. Yeah, I've had to do that myself.
19:53 Ryan_Lane I get this is a limitation of yaml, since you can only have the key defined once, but why can't we have a state that does includes?
19:53 tempspace Yep, been bit by that one before
19:53 Ryan_Lane hm. I guess that wouldn't work with the renderer, well
19:54 tligda Greetings, salters! I have an issue where I have a large set of states and I am getting an error message when running them on the minion. The error message says, "local: Data failed to compile: ————— No matching sls found for 'role' in env 'base'.
19:54 UtahDave I think this is worth discussing.
19:54 tempspace Ryan_Lane: I ended up making a pillar that denoted if it should be included, and just takced it on
19:54 tempspace tacked*
19:54 Ryan_Lane tempspace: that's not going to work for me, since I need it to be ordered
19:54 tligda I have gone over the YAML with a fine-toothed comb and fixed a few issues. They seem fine now.
19:55 UtahDave tligda: can you pastebin your sanitized top.sls?
19:55 Ryan_Lane I may have state a, b, c, then include module mymodule, then state d, e, f
19:55 Ryan_Lane I need them to run in order
19:55 tligda The salt-call on the minion goes through the "Results of YAML rendering" for each state and they all come out as I expect them to. Then I get that error message.
19:55 Ryan_Lane and i don't use requisites (I use listen/listen_in rather than watch/watch_in)
19:55 tligda Any ideas where to look?
19:56 Ryan_Lane A jinja call would even be fine, if there was one for this
19:56 felskrone joined #salt
19:57 Ryan_Lane jinja's include includes a file, which means I need to load from the same root
19:57 tligda UtahDave: http://pastebin.com/qwnUCS0m
19:57 tligda It's pretty boring.
19:57 Ryan_Lane or loop over the roots and conditionally include the sls if it exists
19:57 tligda I know it can find the init.sls file under the role directory because it renders the YAML for it.
19:57 tligda (I think)
19:58 UtahDave tligda: ok, how about a sanitized pastebin of role.sls
19:59 felskrone joined #salt
19:59 Damoun joined #salt
19:59 tligda UtahDave: http://pastebin.com/EUzzTans
19:59 UtahDave Ryan_Lane: I think this merits a discussion in a github issue.  I haven't been involved in the internals of the includes and stuff, so I'm not going to be of much help on sorting that one out.
20:01 bhosmer_ joined #salt
20:01 * Ryan_Lane nods
20:02 UtahDave tligda: Hm. there's obviously something wonky inside one of those loops.
20:02 UtahDave tligda: I'd recommend starting at your outside loop and printing out the resulting data structure and slowly working your way inside.
20:03 tligda UtahDave: That is a good suggestion. I'll start mapping it out to make sure the logic is correct and complete.
20:03 UtahDave :)  Sorry, I wish I had an easier answer for you.
20:03 tligda UtahDave: It seems to get through all the YAML rendering fine, though. That's what I find confusing.
20:05 tligda UtahDave: Can you please peek at the relevant portion of the debug log for the minion and let me know if I'm interpreting it correctly? http://pastebin.com/RYeW11KY
20:05 tmandry joined #salt
20:05 tmandry joined #salt
20:05 felskrone joined #salt
20:06 UtahDave that does look good
20:06 tligda UtahDave: OK, cool.
20:07 tligda UtahDave: I'll still go through the logic in the role/init.sls to make sure.
20:07 UtahDave tligda: can you pastebin the error, too?
20:08 Ryan_Lane UtahDave: https://github.com/saltstack/salt/issues/14899
20:08 UtahDave thanks, Ryan_Lane. Good description
20:09 Ryan_Lane yw
20:09 tligda UtahDave: http://pastebin.com/w82vQJcT
20:09 tligda That's the very end of the debug log.
20:09 UtahDave is there a role.sls or role/init.sls   ?
20:09 tligda UtahDave: The part right before it is the YAML parsing for the 'packages' state. Quite long and involved, but it seems to complete without an issue.
20:10 tligda There is no role/init.sls or role.sls. There is only role-formula/role/init.sls.
20:10 UtahDave ok, for some reason it's looking for a role.sls or role/init.sls   I'm not sure why.
20:11 smcquay joined #salt
20:11 tligda UtahDave: I have the role-formula directory listed in the 'file_roots'.
20:11 delinquentme joined #salt
20:11 CF240401 joined #salt
20:12 napper joined #salt
20:16 tligda UtahDave: I followed the directions on http://docs.saltstack.com/en/latest/topics/development/conventions/formulas.html
20:16 tligda UtahDave: Specifically, 25.17.2.1.2.
20:17 tligda UtahDave: (And discovered a documentation bug on the way)
20:18 UtahDave can you pastebin your map.jinja?
20:19 tligda UtahDave: http://pastebin.com/fY59aHHQ
20:22 UtahDave {% set minion = minions[nodename] %}
20:22 UtahDave {% set role_names = minion['role'] %}
20:22 UtahDave I think your logic error is in there somewhere
20:25 tligda UtahDave: OK. I'll go over it again.
20:28 kaiyou joined #salt
20:28 UtahDave tligda: somewhere you causing it to try to import role.sls or role/init.sls
20:28 srage_ joined #salt
20:29 tligda UtahDave: OK. I thought that was normal. It tries role.sls and role/init.sls because of the top.sls includes 'role'.
20:29 tligda <strikethrough>of</strikethrough> :)
20:29 mpoole hey, so I have test=True set in the master config meaning changes are only getting applied on a manual highstate run. Problem is, when I want to go out network wide with salt '*' state.highstate some machines are busy running a test highstate. Is there any way I can get salt-minion to run but not running a highstate every N minutes?
20:31 Gareth UtahDave: got a Salt on Windows question for you when you've got a second.
20:32 UtahDave mpoole: I'm not quite understanding you.  So are you running a highstate on a cron or schedule?
20:32 UtahDave Gareth: Sure, what's up?
20:33 mpoole UtahDave manual run
20:33 Gareth UtahDave: actually might not need to :)  stand by.
20:33 mpoole so we have a crontab that pulls /etc/salt from git once every few minutes
20:33 mpoole and those changes where getting propagated automatically to all servers
20:33 mpoole this caused some issues when bugs made it out so I want to check the diff before we run  a network wide highstate
20:34 kaiyou joined #salt
20:34 mpoole ideally I'd like the minions running, but not running highstate (it has to be triggered manually)
20:36 mpoole so I can run salt '*' state.highstate test=True to check the diff
20:36 mpoole and run with test=False to apply
20:36 smcquay joined #salt
20:36 mpoole to basically manually controlling when highstate is applied
20:36 UtahDave mpoole: I'm still a bit confused.  By default, the minion service is running all the time waiting for commands, but a highstate only ever gets run if you tell it to, either manually or through some other manner, such as a cron or schedule
20:37 mpoole so usually the master sends it?
20:37 mpoole i thought the minion did it
20:37 UtahDave mpoole: either
20:37 UtahDave but a highstate still never gets executed unless you tell it to
20:39 possibilities joined #salt
20:39 m1crofarmer_ joined #salt
20:40 forrest Corey, are you around?
20:40 forrest My coworker saw some guys walking around downtown with SaltStack shirts on, and I saw you flew in this morning. Was that you?
20:41 Ozack joined #salt
20:44 aw110f joined #salt
20:44 smcquay joined #salt
20:46 JasonSwi_ joined #salt
20:47 JasonSwi_ joined #salt
20:47 PsionTheory joined #salt
20:52 Gareth UtahDave: sorry about that.  Wondering what the ramifications would be for not setting the ownership for symlinks under Windows.  See #14856 for background.
20:52 xmj genius
20:52 xmj forrest: you're a genius
20:52 forrest xmj, ?
20:52 Hell_Fire joined #salt
20:55 srage joined #salt
20:56 SheetiS joined #salt
21:01 yomilk joined #salt
21:04 UtahDave Gareth: Hm. I'm not sure.
21:05 tempspace In case anybody has a need for this, here's a modified version of the Sentry returner, instead of old behavior, it creates up to two events, one event that gets logged if any changes resulted on the system, and another if any errors occurred: https://gist.github.com/WillPlatnick/903a62446b4d955d6180
21:05 Gareth UtahDave: doesn't look like the managed function in the file state does anything if user & group aren't set.
21:06 UtahDave yeah, generally, they don't do anything
21:06 Gareth UtahDave: file.symlink does though.
21:07 dude051 joined #salt
21:08 UtahDave I'm just guessing here, but I'm wondering that if you don't specify a user, then most users wouldn't have rights to the symlink because Salt runs as the System user.
21:10 Gareth UtahDave: so if you don't specify the user and group, it will default to the user that Salt is running as, eg. the System user, but if the chown doesn't happen wouldn't those files be owned by the System user?
21:11 UtahDave Gareth: That's a big guess. Testing is definitely in order.
21:12 jms_ joined #salt
21:14 TyrfingMjolnir joined #salt
21:15 jms_ I have a basic question, I have default configuration.  So the salt-master should be using /srv/salt for state.  But when I put even the most basic state file I git, test1:     Data failed to compile: ----------     No matching sls found for 'vim' in env 'base'
21:15 jms_ I'm missing something basic
21:16 UtahDave jms_: have you set up your /srv/salt/top.sls? you have to have that to run state.highstate.  otherwise you have to run   salt 'minion' state.sls vim
21:16 forrest jms_, what does your directory structure look like under/ srv/salt?
21:18 jaimed joined #salt
21:19 jms_ top.sls vim.sls vimrc
21:19 jms_ top looks like this, base:   '*':     - vim
21:20 patarr hello all. I think I may have found a bug. Whenever I have a folder like "test" in my /srv/salt directory, and I have other states underneath it like "test/littleState", if "test" contains an init.sls file that includes littleState, it breaks.
21:20 patarr If you add "- test" in the top file, it will not work.
21:20 zirpu joined #salt
21:20 jms_ test1: ----------     State: - no     Name:      states     Function:  None         Result:    False         Comment:   No Top file or external nodes data matches found         Changes:
21:20 jms_ It looks like it is pointing to the wrong directory
21:21 zirpu left #salt
21:21 possibilities joined #salt
21:23 InAnimaTe joined #salt
21:23 UtahDave jms_: how are you calling the state?
21:23 aparsons joined #salt
21:24 pssblts joined #salt
21:24 UtahDave patarr: could you open an issue on that?
21:24 possibil_ joined #salt
21:27 [vaelen] joined #salt
21:30 rlarkin joined #salt
21:33 jsm joined #salt
21:35 patarr UtahDave: not sure when i can get around to it.
21:41 Ryan_Lane joined #salt
21:44 dharper_ii joined #salt
21:49 TheoSLC Can I juse an Jinja inside of my pillar?
21:49 TheoSLC any jinja*
21:51 UtahDave TheoSLC: Yeah, pretty much.
21:52 TheoSLC UtahDave: get.mine doesn't seem to be available.
21:52 UtahDave have you tried mine.get  ?
21:52 TheoSLC I just need to the hostname of the minion for the pillar
21:53 JasonSwindle joined #salt
21:54 UtahDave TheoSLC: oh, then use   grains['id']
21:54 UtahDave that's the best way.  Inside of pillar  grains is from the Minion's point of view. Everything else like the salt functions are from the master's point of view
21:57 darkelda joined #salt
21:59 dharper_ii I am trying to execute the following custom execution module: salt '*' temp.test.spam eggs, where temp test.py is located in a 'temp' submodule of _modules, however I am getting the error back saying that 'temp.test.spam' is not available. Any advice on how to get this to work?
22:00 martoss joined #salt
22:01 dharper_ii sorry: correction - temp test.py was supposed to be just test.py
22:01 viq joined #salt
22:02 rallytime joined #salt
22:02 CeBe1 joined #salt
22:02 UtahDave dharper_ii: did you sync your modules already?
22:03 Ryan_Lane1 joined #salt
22:03 sectionme joined #salt
22:04 martoss joined #salt
22:05 TheoSLC UtahDave: Thanks. i'll give it a go
22:05 UtahDave cool
22:07 andrej How do people w/ salt deal w/ ppa's if a minion is in a private (non-routable) IP space? My problem is that a bunch of our minions are in a private address space w/ no connection to the great unwashed.  They get updates fine using apt-cacher-ng.  But anything PPA (including salt itself) can't be installed w/o human intervention :(
22:08 andrej Logging onto 14 minions to do an apt-get upgrade and Type Yes to get salt updated is getting old fast :}
22:08 andrej s/onto/into/
22:08 UtahDave andrej: probably create your own repo.  I've been told Aptly is really nice to use.
22:08 chrisjones joined #salt
22:08 forrest andrej, I agree with UtahDave, just make your own repo
22:09 forrest I'm using aptly for a new repo I made, it still has a few kinks because it's new, but it works pretty well
22:09 andrej UtahDave ... I'll have a look at that
22:09 andrej forrest - thanks
22:09 andrej So I just stand up a watch on the PPA for updates and download the packages into my own repo?
22:09 UtahDave forrest recommended it a few days ago.  looks nice
22:09 forrest andrej, let me pastebin a few states
22:09 forrest I actually have a formula I wrote for internal use
22:10 andrej Heh - nice work forrest
22:10 forrest Well, it isn't on the formulas repo yet, so not that nice :P
22:10 forrest some of the way the states I've written work are... dirty
22:10 forrest keep trying to think of better solutions
22:13 skullone i cant go on enough about how much better salt is than puppet
22:13 dharper_ii yes
22:13 forrest skullone, lol
22:14 forrest it has it's issues, but yeah, most of us like it a lot better than puppet.
22:14 dharper_ii @UtahDave: yes.. sorry I missed the response
22:14 dharper_ii it shows that the sync did copy the modules to the minions
22:14 skullone forrest: im fine with bugs, ill report em and move on
22:15 skullone ideally they get fixed, but if i can work around them, thats fine
22:16 forrest andrej, https://gist.github.com/gravyboat/b7377c6dca088d1e47bc
22:16 skullone havent actually run into salt bugs yet with my basic stuff, which is more than i could say with puppet when i first started using it
22:16 forrest andrej, I don't have gpg key importing working there as you can see because of reasons, and I only showed one example of doing publish, you'd need to recreate that
22:17 forrest aptly is a bit odd how it does naming for repos right now, so unless they added the feature, this is what I did to get around it with the weird distro naming
22:17 forrest skullone, that's good
22:18 forrest andrej, also make sure when adding packages you do so as the aptly user (I can't remember if the docs say that)
22:18 forrest otherwise it messes things up
22:22 andrej Thanks forrest  - I'll check that out
22:22 forrest andrej, yea np, that will take you about 90% of the way to a working setup
22:22 forrest 100% if you work the GPG stuff
22:23 andrej Heh
22:28 bmatt is there a convenient mechanism for manipulating kernel modules in 2014.1.7?
22:28 bmatt states, I mean
22:28 bmatt hey, kmod. rad.
22:29 * bmatt learns to rtfm
22:31 mosen joined #salt
22:34 Ryan_Lane joined #salt
22:34 andrej forrest - is it possible to limit the PPA packages I wish to retrieve via aptly and store in a local repo?  Mirror seems (looking at doco and examples) to grab everything on first glance
22:35 forrest andrej, I don't mirror
22:35 andrej Oh, ok
22:35 forrest andrej, the stuff I gisted is just to set it up, then you add your packages to the repo and publish the updates to that repo
22:35 forrest mirror functionality is still kinda 'meh' when moving between your own repos
22:36 forrest andrej, http://www.aptly.info/#aptly-publish-update
22:36 forrest andrej, that plus aptly repo add
22:36 mosen hiya saltines
22:36 andrej I see
22:36 andrej Thanks, again
22:36 forrest yea np
22:36 forrest the docs can be a bit confusing
22:36 forrest as they expect you to use it in a very specific way
22:36 andrej Heh
22:36 andrej just like salts ;}
22:36 forrest but it is powerful enough to not do it that way at all
22:36 forrest heh
22:37 forrest andrej, I would hope it isn't as confusing as the aptly docs, if so, we need to work on that
22:37 andrej I think it's awful :)
22:37 andrej it's complete, I'm sure, but kind of unstructured
22:37 jms_ I tested by calling the state directly; salt test1 state.sls editor
22:37 andrej Most of what I learnt about salt I learnt from here, and via trial and error
22:38 forrest heh
22:38 andrej w/o people like yourself, utahdave and whiteinge I'd be screwed :)
22:38 forrest Man I should start charging.... :P
22:38 andrej Heh
22:39 jms_ I did an struss on the salt-master, don't see it opening the /srv/salt directory, it does say there is a missing config in /home/jms/.salt
22:39 mosen hah
22:39 jms_ I removed the /srv/salt directory just to see if I could get an error
22:40 JasonSwindle joined #salt
22:41 skullone one thing puppet never got very far with was 3rd party integration with vendor software/devices
22:42 skullone is salt looking into more integration? (ie. to load balancer, switches, etc)
22:42 forrest skullone, yes
22:42 logix812 joined #salt
22:42 mosen skullone: like puppet-network ?
22:42 mosen that seemed to never get any momentum
22:43 forrest UtahDave, is Cro still actively working on the stuff for switches and network devices?
22:43 mosen proxy salt minions seem to fit the same bill
22:43 forrest mosen, pretty much
22:46 skullone we use juniper mostly, and theres some decent netconf support from them, so salt isnt -really- necesarry
22:46 skullone easy enough to manage them with scripts
22:46 jms_ Interesting, if I start salt-master without a master configuration file it doesn't complain
22:48 mndo_ joined #salt
22:49 forrest jms_, yea, it has all the default stored I believe
22:49 forrest not 100% sure on that though
22:50 jms_ I going to remove /var/cache/salt and start over
22:53 TheThing joined #salt
22:56 Daemonik joined #salt
22:58 Daemonik "bootstrap.sh -N -M git v2014.7" on SmartOS base64 14.2.0 installs a non-working SMF ; the path /etc/salt should be /opt/local/etc/salt and the $PATH in the SMF config is incomplete.  Is there some other base64 version typically used?  "Patches welcome"?
23:03 sectionme joined #salt
23:03 davromaniak joined #salt
23:03 lipiec joined #salt
23:04 bhosmer joined #salt
23:05 aparsons joined #salt
23:06 possibilities joined #salt
23:06 dlam joined #salt
23:07 aparsons joined #salt
23:07 pssblts joined #salt
23:07 dlam hmm is there a easy way to "uninstall" after i ran the bootstrap script?  (i installed the wrong salt version on the minion etc etc)
23:09 forrest dlam, well, the bootstrap by default just installs a package if it's available
23:09 forrest so you could just run a command to uninstall using the 'at' module
23:09 forrest then it won't die halfway through
23:15 smcquay joined #salt
23:15 kivihtin joined #salt
23:20 dlam ohh 'at' module?  oh maybe this  http://pydoc.net/Python/salt/0.17.4/salt.modules.at/
23:22 tyler-baker joined #salt
23:22 jhulten joined #salt
23:23 aparsons joined #salt
23:24 DaveQB joined #salt
23:25 aquinas joined #salt
23:27 colinjohnson joined #salt
23:28 forrest dlam, yea
23:28 forrest you just need to have at installed
23:28 forrest dlam, there's a salt module for it though
23:28 forrest dlam, http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.at.html#module-salt.modules.at
23:30 aparsons_ joined #salt
23:32 mosen hey forrest, how do you organise your pillar data?
23:32 forrest mosen, we're using reclass
23:33 forrest mosen, so I don't have a good example for a large setup
23:33 mosen forrest: ahh right!
23:33 forrest UtahDave, that is something we should try to have an example of, a large pillar setup
23:33 melinath_ joined #salt
23:33 forrest UtahDave, a lot of people ask about that, and an example would be amazing
23:33 mosen oh, coming from hiera im just working out how to structure that data given the flat namespace of pillar
23:34 possibilities joined #salt
23:34 mosen I guess, "use an ENC" is the answer if you want anything more complex
23:34 Hell_Fire joined #salt
23:35 Ryan_Lane I try to keep my pillar data very, very simple
23:35 mosen otherwise im looking at one pillar per node type kinda
23:35 Ryan_Lane and try to use pillars as little as possible
23:35 aparsons joined #salt
23:35 Ryan_Lane pillars are like configuration options for config management. the more you have, the more complex your code
23:35 Ryan_Lane you should strive to have a few as possible
23:35 mosen Ryan_Lane: ahh right, maybe im deceived since there are certain modules in puppet where hiera controls even the declaration of resources
23:36 forrest yea don't do that mosen
23:36 forrest have you looked at formulas at all yet?
23:36 mosen yep
23:36 Ryan_Lane formulas overuse them too
23:36 forrest lol
23:36 Ryan_Lane formulas are meant to be very abstract
23:36 Ryan_Lane unless you're upstreaming your module, strive for only the reusability you absolutely need
23:36 forrest Ryan_Lane, I'm talking about custom config files like what sroegner has been doing
23:37 Ryan_Lane custom config files?
23:37 Ryan_Lane example?
23:37 forrest Ryan_Lane, it's basically a map.jinja file
23:37 forrest that doesn't overwrite the map
23:37 mosen sometimes the formulas fall short and I feel like i have to tweak some things
23:37 aparsons joined #salt
23:37 forrest mosen, yea they are supposed to just be the basics to get you up and running
23:37 Ryan_Lane mosen: the pattern I've been going with is one common pillar file, that has order 1, then more specific files that have order 10
23:37 forrest and are intended to require additions, rather than deletions
23:38 mosen Ryan_Lane: sorry for the basic question but how is the order determined?
23:38 Ryan_Lane via the order argument
23:39 mosen forrest: yeah fair enough :) I can extend them wherever needed
23:39 Ryan_Lane in the top file
23:39 Ryan_Lane in an ideal world it would be read in order :)
23:39 mosen Ryan_Lane: wow, must have skipped that page
23:39 Ryan_Lane but that doesn't seem to be working for me
23:39 Ryan_Lane mosen: https://gist.github.com/ryan-lane/351b7c03bc84830f4109
23:39 Ryan_Lane that's what I'm doing
23:39 Ryan_Lane note that I'm loading two common files
23:39 mosen Ryan_Lane: yeah i thought due to the thing being OrderedDict, it would be read in order
23:39 Ryan_Lane but I split my code up into multiple repositories
23:40 Ryan_Lane I have a repository for each service
23:40 Ryan_Lane and a base repository
23:40 mosen i see
23:40 mosen eaach service is a gitfs root?
23:40 Ryan_Lane the base repository does stuff that needs to be on every system (monitoring, logs, etc)
23:40 Ryan_Lane I'm using masterless, so no gitfs root
23:40 mosen ah right, yep
23:40 Ryan_Lane I deploy the repositories to my nodes
23:40 mosen sorry, i remember that from the blog
23:40 Ryan_Lane every node has at most 1 service
23:41 Ryan_Lane so there's no conflicts
23:41 mosen thats some super fine abstraction
23:41 Ryan_Lane so base pillars are overridden by service-common pillars, which are overridden by environment-specific pillars
23:41 Ryan_Lane I don't use salt environments, but do abstraction myself for that
23:41 Ryan_Lane via grains
23:42 Ryan_Lane I never use a pillar datastructure that'll require merging
23:42 mosen ah, via a grain defined on each node?
23:43 Ryan_Lane yeah, I define the grains based on the hostname
23:43 mosen right
23:43 Ryan_Lane I have a pretty nifty way of bootstrapping that, too :)
23:43 * Ryan_Lane is using AWS autoscaling groups
23:43 Ryan_Lane I use a hostname convention, which I split up into grains that can be used to configure the system properly
23:44 forrest Ryan_Lane, at some point it would be awesome if you made your setup public (minus private info)
23:44 forrest just to show a huge setup taking advantage of all that stuff
23:44 Ryan_Lane forrest: I'm already writing a blog post for that :)
23:44 forrest Ryan_Lane, great
23:44 Ryan_Lane posts like this take me weeks, though :(
23:44 forrest I can imagine
23:45 Ryan_Lane our bootstrapping is pretty elaborate, since we also integrate deployments with salt-runs
23:45 Ryan_Lane well, salt-calls
23:45 Ryan_Lane (this is why it's really important for us to have very quick no-change runs)
23:46 mosen that would explain the move from puppet to some degree
23:46 Ryan_Lane mosen: anyway, no matter how you split up your code, it's easiest to go from generic to more specific
23:46 Ryan_Lane for pillars
23:46 mosen sometimes the prefetch is time consuming
23:46 Ryan_Lane unless you use reclass
23:46 mosen Ryan_Lane: yeah but due to the no-merging of names, i'll have to redeclare the hash for each more-specific thing?
23:47 rojem joined #salt
23:47 Ryan_Lane base -> users/etc, service-common -> affects all environments, service-<environment> -> affects a specific environment
23:47 mosen not just some particular key nested all the way down
23:47 Ryan_Lane yeah, I try to use pretty simple datastructures for that reason
23:48 Ryan_Lane I also assume that every environment will have all users and groups can be used to restrict access
23:48 pssblts joined #salt
23:49 Ryan_Lane mosen: yeah, it's unfortunate that pillars are so basic. it would be nice to at least have some basic merging ability
23:49 Ryan_Lane I'm not sure that'll ever happen, though
23:49 Ryan_Lane sometimes it's nice to only have so much rope to hang yourself with, though :)
23:50 Ryan_Lane since there's no merging I don't have to think about how keys are merging through the code paths
23:50 mosen Ryan_Lane: It just forces me into a different design but thats ok!
23:50 Ryan_Lane indeed
23:50 mosen yeah, tracing the differences doesnt become a problem
23:50 Ryan_Lane it's like using a key/value database rather than a document database
23:51 * Ryan_Lane nods
23:53 david_a joined #salt
23:56 mosen hmm back to the .pp -> .sls
23:59 napper joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary