Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2014-09-10

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:05 shaggy_surfer joined #salt
00:13 n8n joined #salt
00:18 pentabular joined #salt
00:22 yomilk joined #salt
00:28 nitay joined #salt
00:30 eunuchsocket1 joined #salt
00:30 nitay what are people doing to size root EBS volumes? since salt sems to be missing correct support for that (https://github.com/saltstack/salt/issues/8631)
00:31 housl joined #salt
00:31 aparsons joined #salt
00:33 yomilk joined #salt
00:33 mrlesmithjr joined #salt
00:34 __number5__ nitay: the ticket you linked to is talking about ephemeral block device
00:34 nitay there is the same problem with root volume
00:34 nitay setting it doesnt work
00:35 nitay __number5__: https://groups.google.com/forum/#!topic/salt-users/d2lzi0t86B8
00:35 __number5__ oh. sorry can't help you. not using salt-cloud at all
00:36 nitay i just want to set my root volume to be something >8GB
00:36 nitay how are ppl doing that
00:36 nitay __number5__: how are u doing it?
00:41 n8n joined #salt
00:44 __number5__ nitay: rarely need to modify the root EBS volume size, but if I need to do that, I will change in my boto parameters http://boto.readthedocs.org/en/latest/ref/ec2.html#boto.ec2.blockdevicemapping.BlockDeviceMapping
00:44 kingel joined #salt
00:44 __number5__ or create an AMI with bigger EBS root volume
00:44 nmadhok joined #salt
00:45 nitay __number5__: sorry not familiar what is this boto thing? is this something salt uses
00:46 __number5__ nitay: boto is aws python library, some of salt modules/states using it (with name like boto_*)
00:47 pjs_ joined #salt
00:47 elfixit joined #salt
00:51 aparsons joined #salt
00:52 TTimo joined #salt
01:00 malinoff joined #salt
01:02 yidhra joined #salt
01:04 micah_chatt joined #salt
01:05 hobakill joined #salt
01:06 hobakill #salt after dark!
01:07 TTimo let's get salty
01:07 SheetiS joined #salt
01:07 murrdoc freaks come out after 6pm
01:08 aurynn it's 1pm.
01:08 murrdoc where
01:08 hobakill has anyone done any work with things that require passwords? for instance i'm using realmd to join an existing AD DC but i'm not sure what to do when i'm supposed to enter the password.
01:08 murrdoc its too bad i cant do
01:08 murrdoc file.absent:
01:08 murrdoc - name: /data/lost+found/
01:09 murrdoc -name : /data2/lost+found/
01:09 murrdoc and so on
01:09 murrdoc like a multiple file.absent state
01:09 TTimo you can template that though
01:09 murrdoc yeah
01:10 mrlesmithjr joined #salt
01:12 druonysus joined #salt
01:14 aparsons joined #salt
01:18 aparsons joined #salt
01:28 pentabular buh
01:29 bhosmer joined #salt
01:35 bhosmer_ joined #salt
01:37 TheThing joined #salt
01:41 TyrfingMjolnir joined #salt
01:44 wt https://github.com/saltstack/salt/pull/15644 <-- fix for the s3fs problem
01:45 wt looking for feedback
01:45 bhosmer_ joined #salt
01:47 aquinas joined #salt
01:51 tmh1999 joined #salt
01:52 swa_work joined #salt
01:57 higgs001 joined #salt
01:59 tmh1999 joined #salt
02:03 swilcox left #salt
02:05 manfred joined #salt
02:21 jalaziz joined #salt
02:27 snuffeluffegus joined #salt
02:29 mapu joined #salt
02:30 SheetiS joined #salt
02:31 notpeter_ joined #salt
02:33 kingel joined #salt
02:34 ekristen_ joined #salt
02:46 nmadhok joined #salt
02:58 joehoyle joined #salt
03:00 thayne joined #salt
03:07 Nexpro joined #salt
03:07 ramishra joined #salt
03:10 aquinas joined #salt
03:18 aquinas joined #salt
03:20 schimmy joined #salt
03:21 geekmush1 joined #salt
03:24 schimmy1 joined #salt
03:31 aquinas joined #salt
03:34 bhosmer joined #salt
03:44 anotherZero joined #salt
03:55 yomilk joined #salt
03:56 yomilk joined #salt
04:00 marco_en_voyage joined #salt
04:13 invsblduck so does salt-syndic read /etc/salt/master or /etc/salt/minion, or both?
04:15 invsblduck my master-of-masters insists the syndic is down (according to manage.status, test.ping, etc), yet it can manage the minions behind the syndic.  the syndic is running and definitely returning events.  is this simply because i don't have salt-minion running on the syndic?
04:16 invsblduck long time hacker, new to salt.  tia
04:20 invsblduck Lol i need to make about 500 pull requests for some of this documentation... "Do not not forget that in other word it means that it shares with the local minion it's ID and PKI_DIR."
04:21 SheetiS joined #salt
04:21 ramishra_ joined #salt
04:22 kingel joined #salt
04:22 mosen nobody likes doin documentation :)
04:22 invsblduck There are so many broken things about that sentence, including the context, I don't know where to start :)  Except by asking how shit works here and then fixing the docs ;)
04:22 invsblduck i know, i'm the only dev who enjoys docs... proven fact.
04:22 horus_plex invsblduck; fix the docs. :)
04:23 invsblduck except djb...that dude liked writing docs hahah
04:23 horus_plex invsblduck: there's one more person that lingers in here that likes docs
04:23 invsblduck horus_plex: help me figure out how it works and i will :)
04:24 horus_plex invsblduck: you have to install salt-minion on the syndic for it's master to directly control it
04:24 horus_plex :ship:
04:24 horus_plex :D
04:25 invsblduck i'm guessing the MoM node (master-of-masters) just thinks the syndic node is down because it's not running salt-minion.  Yet I accepted the salt-syndic daemon's key like any other minion
04:25 invsblduck horus_plex: haha, touche`.
04:25 horus_plex invsblduck: yes.
04:26 horus_plex a syndic should at least have salt-syndic (to proxy commands) and salt-minion (to accept commands from another master)
04:26 invsblduck cool cool.  i ran salt-syndic in the foreground with -l debug, and it barked a few times about /etc/salt/minion not existing, so i'm assuming it would read that file too if it was there?
04:26 horus_plex s/another/higher/
04:26 invsblduck ok.  docs are kind of vague on that and say salt-minion is optional on the syndic (which is true it seems).  thanks for helping :)
04:28 horus_plex salt-minion is optional technically if it's optional that you can control it from a higher master. But salt-minon isn't a prereq for salt-syndic
04:29 horus_plex optional from an installation standpoint. but that doesn't imply it'll be useful
04:30 horus_plex (useful as a standalone)
04:30 invsblduck i will put in a blurb about syndics not responding to the 'manage' runner, since salt-syndic(1) reads, "The  Salt  syndic daemon, a special minion that..."
04:31 horus_plex invsblduck: https://github.com/saltstack/salt/issues/8383
04:31 invsblduck IOW, there are docs that refer to it as a simple minion like any other, and docs that refer to it as a master.  that's why i was confused...is it both?  why's it trying to read /etc/salt/minion, why's it not responding to test.ping, etc.
04:31 invsblduck horus_plex: perfect, i'll check that.  thanks!
04:32 jcockhren that's me!
04:32 jcockhren lol
04:32 jcockhren my PR never surfaced. I got busy
04:34 mapu joined #salt
04:34 invsblduck Jurnell from AZ??
04:34 invsblduck Oh whatup dogg
04:34 invsblduck :P
04:35 jcockhren AZ? I can say I've never been there
04:35 jcockhren haha
04:35 yomilk joined #salt
04:35 grove_ joined #salt
04:37 CatPlusPlus joined #salt
04:41 invsblduck jcockhren: ty for the help sir.
04:41 jalaziz joined #salt
04:41 felskrone joined #salt
04:41 jcockhren np
04:48 ramteid joined #salt
04:50 zemm joined #salt
04:51 kermit joined #salt
04:54 invsblduck jcockhren: i probably need to change the minion_id on the syndic server now that it's running salt-minion?  it seems to have "masked" the downstream minions from the MoM.
04:55 n8n joined #salt
04:55 invsblduck events don't seem to be passing thru any more now that it's running salt-minion.  will keep trial-and-erroring.
04:56 skarn joined #salt
04:57 schimmy joined #salt
04:57 tmh1999 joined #salt
04:59 nmadhok heyy
05:00 obimod joined #salt
05:01 obimod joined #salt
05:12 schimmy joined #salt
05:15 n8n joined #salt
05:16 schimmy1 joined #salt
05:20 Nexpro2 joined #salt
05:20 grove_ joined #salt
05:21 pentabular joined #salt
05:22 kingel joined #salt
05:23 bhosmer joined #salt
05:26 invsblduck yeah, turns out if i change minion_id and restart salt-syndic, it picks up the id and uses it as well.
05:26 tmh1999 joined #salt
05:28 invsblduck jcockhren: seems like not a good idea to run salt-minion on the salt-syndic servers in 0.17.5+ds-1 on ubuntu; it breaks the '*' target on MoM (which may or not be needed or good practice anyway--just started using salt, and not at scale).
05:33 invsblduck Seems like that is an old version.
05:34 tmh1999 joined #salt
05:35 viq joined #salt
05:35 jhauser joined #salt
05:37 mapu joined #salt
05:48 catpigger joined #salt
05:54 ramishra joined #salt
05:56 n8n joined #salt
06:01 n8n joined #salt
06:02 alanpearce joined #salt
06:05 tmh1999 joined #salt
06:05 alanpearce joined #salt
06:06 TTimo joined #salt
06:08 tmh1999 joined #salt
06:10 higgs001 joined #salt
06:20 tmh1999_ joined #salt
06:20 rjc joined #salt
06:21 marco_en_voyage joined #salt
06:22 lcavassa joined #salt
06:23 kingel joined #salt
06:23 tmh1999_ joined #salt
06:25 tmh1999_ joined #salt
06:25 snuffeluffegus joined #salt
06:27 delinquentme joined #salt
06:27 picker joined #salt
06:28 alanpearce joined #salt
06:28 sctsang joined #salt
06:33 mechanicalduck_ joined #salt
06:47 Sweetsha1k joined #salt
06:53 dvestal joined #salt
06:55 Ryan_Lane joined #salt
06:56 Hell_Fire_ joined #salt
06:57 bhosmer joined #salt
06:57 joehh invsblduck: yes, 0.17.5 is relatively old now, but is the default version in trusty
06:58 kingel joined #salt
06:58 joehh I still use it in production at many places, but I haven't personally used the syndic functionality in it
07:07 slav0nic joined #salt
07:07 slav0nic joined #salt
07:07 invsblduck joehh: ty.
07:08 geekmush joined #salt
07:09 invsblduck threw a mostly-useless comment in here https://github.com/saltstack/salt/issues/6207
07:11 alanpearce joined #salt
07:11 alanpearce joined #salt
07:12 bhosmer joined #salt
07:17 chiui joined #salt
07:22 j-saturne joined #salt
07:23 jhauser_ joined #salt
07:25 tyler-baker joined #salt
07:36 felskrone joined #salt
07:37 lcavassa joined #salt
07:39 breskeby joined #salt
07:39 breskeby Hey guys
07:40 breskeby my salt-master stopped responding just giving me "Failed to connect to the Master, is the Salt Master running?" I hadn't changed any config
07:40 breskeby anybody an idea
07:41 martoss joined #salt
07:42 breskeby the master process seems to run fine
07:44 jhauser joined #salt
07:49 darkelda joined #salt
07:49 darkelda joined #salt
07:53 jdmf joined #salt
07:54 ValF joined #salt
07:54 sewerrat55 joined #salt
07:55 sewerrat55 left #salt
07:58 dariusjs joined #salt
07:59 yomilk joined #salt
08:04 dvestal joined #salt
08:05 variia joined #salt
08:05 variia hi,
08:06 variia i have a simple issue i cannot resolve. i have multi env setup and wish to share ssh public key data accross multiple envs. i cannot seem to be able to do this
08:07 variia it's a pillar data by the way
08:08 TTimo joined #salt
08:31 Sweetshark joined #salt
08:42 favadi joined #salt
08:43 ramishra joined #salt
08:49 rodo hi everybody
08:50 rodo babilen: I'm working now on postgres schema, I'll add some new functions, I have a question about runas and similar args, as they deprecated in 0.17.0 have I to deal with them in new functions or not ?
08:50 rodo babilen: FYI (maybe you know) my 2 first patch yesterday were merged
08:59 ramishra joined #salt
09:00 bhosmer joined #salt
09:01 ramishra joined #salt
09:01 hoodow joined #salt
09:03 babilen rodo: Yeah, I saw that. Thank you :)
09:03 babilen (made sense to split them as they were semantically unrelated changes)
09:04 babilen Which "runas" are you referring to exactly?
09:15 rodo babilen: sorry I'm in an unschedule meeting bbs
09:17 Outlander joined #salt
09:18 babilen rodo: Sure, no rush :)
09:21 TheThing joined #salt
09:21 kralla_ joined #salt
09:24 CatPlusPlus_ joined #salt
09:30 PI-Lloyd joined #salt
09:35 sectionme joined #salt
09:37 rodo babilen: back :) I spoke about https://github.com/saltstack/salt/blob/develop/salt/states/postgres_user.py#L111 runas is not used anymore
09:37 rodo but I don't know if I have to keep it in new functions or not, what do you think is better ?
09:38 hvn joined #salt
09:38 babilen You would use the "user" argument in lieu of runas
09:39 rodo ok
09:39 rodo babilen: you mean db_user, user is deprecated too
09:39 babilen I don't think that it makes sense to keep them in new functions as that would just mean that deprecating those will take time. At this point *nobody* will have written code that uses the "runas" argument in what you plan to implement so don't even start offering it.
09:40 babilen No, I don't. Or do I?
09:40 babilen https://github.com/saltstack/salt/blob/develop/salt/states/postgres_user.py#L116
09:41 rodo babilen: 'user' is deprecated too as indicated 2 lines below
09:42 rodo I understand that db_user replace user when user replaced runas
09:42 babilen ".. versionadded:: 0.17.0" ?
09:42 rodo damned !
09:42 rodo babilen: thanks, I misread (it is a correct word ?)
09:42 kralla joined #salt
09:43 babilen user is the *system* user while db_user is the database user
09:43 babilen Yes, that is the correct word.
09:43 rodo ok, everything is clear now, thanks for your time babilen
09:44 babilen rodo: You will see the combination of ".. deprecated:: $VERSION" and ".. versionadded:: $VERSION" quite often if one argument replaces the other.
09:45 rodo ok I'll pay more attention next time I'll see ..deprecated somewhere
09:49 giantlock joined #salt
09:52 ramishra joined #salt
09:56 N-Mi joined #salt
09:56 N-Mi joined #salt
10:00 ggoZ joined #salt
10:09 TTimo joined #salt
10:14 picker joined #salt
10:14 ze- Authentication attempt from algoflash failed, the public keys did not match. This may be an attempt to compromise the Salt cluster.
10:14 bhosmer joined #salt
10:15 ze- Anyone knows if there is any more log in latest versions?
10:15 ze- oh wait. just noticed the name in middle of the line.
10:15 ze- ignore me :)
10:19 j-saturne joined #salt
10:23 satish joined #salt
10:24 intellix joined #salt
10:25 ramishra joined #salt
10:42 sectionme joined #salt
10:42 englishm joined #salt
10:47 diegows joined #salt
10:50 Outlander joined #salt
10:53 kralla joined #salt
10:54 kralla left #salt
11:03 bhosmer_ joined #salt
11:03 CeBe joined #salt
11:08 Setsuna666 joined #salt
11:19 ggoZ joined #salt
11:20 hobakill joined #salt
11:22 geekmush1 joined #salt
11:22 toastedpenguin joined #salt
11:27 bhosmer joined #salt
11:31 vbabiy joined #salt
11:36 longdays joined #salt
11:41 elfixit joined #salt
11:45 dariusjs hey I've got an odd issue on windows minons where they dont always reply to a salt master on the first few tries, if I run a test.ping against these hosts they will all generally respond on the last run
11:45 dariusjs this is running it about 3-4 times
11:46 hobakill dariusjs: what version are you running?
11:47 dariusjs still on salt 2014.1.7
11:48 hobakill hm. most of my minions are on that and it they seem to talk fine to my master on 2014.1.10
11:48 hobakill i HAVE had that issue with earlier versions but not as of late.
11:48 dariusjs ok, will give 2014.1.10 a go, I  generally dont see this on linux only on winders
11:49 TTimo joined #salt
11:49 babilen dariusjs: Is that after a while of "sleeping" ?
11:49 hobakill funny dariusjs it was the opposite for me
11:49 dariusjs another little naggle i've had  im currrently using puppet + saltstack, the puppet module seems to be linux only
11:49 hobakill i will say dariusjs that 2014.1.10 has been the most stable, clean release i've used since i started salt.
11:49 dariusjs yeah ok, ill give it a try on some boxes now
11:50 hobakill dariusjs: yeah. we are using salt specifically b/c puppet != windows
11:50 ndrei joined #salt
11:50 babilen dariusjs: No?
11:52 dariusjs maybe i need to review by  salt config but if i invoke a salt run this is what I get  "Error: Cannot create C:/var/lib/puppet; parent directory C:/var/lib does not exist"
11:52 dariusjs i probably need to rtfm more ....
11:55 babilen Can you quantify "last run" somehow? Which commands are you running exactly? Which command results in the aforementioned error and why would salt attempt to create "C:/var/lib/puppet" in the first place?
11:56 hobakill babilen: i'm equally confused.
11:57 iMil joined #salt
11:57 iMil joined #salt
11:57 babilen Well, I now have 4 open questions. Lets hope that once they have been answered the issue becomes clearer.
12:02 dariusjs babilen: cheers, will go through those
12:02 dariusjs its only the windows boxes giving me a headache so theres possibly some exception somewhere
12:05 Setsuna666_ joined #salt
12:07 kralla joined #salt
12:08 kralla left #salt
12:10 babilen dariusjs: Feel free to make copious use of http://refheap.com or http://paste.debian.net
12:11 dariusjs will do once I work things out, only been using salt on and off a couple of days now
12:11 dariusjs just first need to figure out why it isnt finding puppet in c:\puppetlabs\puppet\etc\puppet.conf
12:12 hobakill dariusjs: remind me why is salt trying to interact at all with puppet?
12:13 dariusjs im in a transition period at the moment, I've tried to  get away from installing mcollective
12:13 dariusjs and the bulk of  the modules are in puppet, eventually can stop using puppet
12:13 danielbachhuber joined #salt
12:14 babilen You might understand that this is hard for us to debug. I would recommend to paste your (redacted if necessary) state files, commands and their output to one of the aforementioned pastebins to that we can see what is actually going on.
12:14 babilen As of now I am not sure why salt would interact with puppet at all.
12:14 hobakill babilen: agreed
12:15 ramishra joined #salt
12:15 dariusjs no, it needs no interaction at all
12:15 dariusjs im just trying to be lazy and use  salt as a way to initiate a  what used to be a "puppet kick" in puppet 2.7
12:16 dariusjs this is the salt module I am trying to abuse  http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.puppet.html
12:17 dariusjs it works perfect for linux as i said, I just need to understand whether the module is windows compatible
12:17 hobakill looks like it's mostly new to 2014.7.0?
12:20 notpeter_ joined #salt
12:21 babilen Some paths are hardcoded to, for example, /var/lib/puppet which is, probably, not applicable on Windows, but then I know nothing of Windows.
12:21 marmoy joined #salt
12:21 babilen (that would be --vardir)
12:22 dariusjs yeah its mostly been built for 2014.7.0, there are some basics in 2014.1.7, anyway youve helped heaps already I'll be good with this for now :)
12:22 ajolo joined #salt
12:22 Setsuna666_ joined #salt
12:23 j-saturne joined #salt
12:25 apergos Ahlee: an update, irt it looks like your fix should indeed go on the master and not the minions, as tht is where LocalClient would be called from ... second, that might help in the cases where lod is high or the workers are struggling to keep up
12:26 apergos we've had the occasional salt commnd fail to return output, and tht's probably this case
12:26 apergos so the fix is good for that in any case.  but my particualr issue turns out to be with the payload size
12:26 apergos I was pushing over around 970k bytes (cmd.exec_code)
12:26 apergos as soon as I compressed some of that the problem went away
12:27 apergos now I want to know what people know about large messages and zmq :-D  I have the workaround but it would be nice to understand what likely went wrong.
12:28 XenophonF joined #salt
12:29 miqui joined #salt
12:30 jaimed joined #salt
12:30 jslatts joined #salt
12:31 Setsuna666__ joined #salt
12:32 CeBe joined #salt
12:32 acabrera joined #salt
12:32 dccc joined #salt
12:34 kralla joined #salt
12:39 mechanicalduck joined #salt
12:41 kralla left #salt
12:41 mechanicalduck joined #salt
12:43 mephx joined #salt
12:44 kralla joined #salt
12:46 kralla joined #salt
12:47 sxar joined #salt
12:50 kralla left #salt
12:50 TheRealBill joined #salt
12:51 Ove__ will git.latest automatically pull the latest code from git or do I have to manually trigger it?
12:51 bhosmer joined #salt
12:51 vejdmn joined #salt
12:52 babilen Ove__: What do you mean by "automatically" ?
12:53 Ove__ That it monitors the git repo and pulls down new revisions of the code without any manual labour by me.
12:55 XenophonF IIRC git.latest will update a clone whenever the state runs.
12:55 babilen Ove__: You will have to trigger a state run.
12:55 XenophonF for example: http://paste.debian.net/120206/
12:55 babilen Ove__: Which, IMHO, counts as "manual trigger". The git repo will not, magically, kept up to date. (there is no constant process in salt that watches for changes)
12:55 babilen *be kept
12:56 Ove__ Ah
12:56 Ove__ So automation isn't full automation?
12:56 KevinMGranger It's as automatic as you make it.
12:56 XenophonF you can schedule highstates to run on a schedule
12:56 babilen You can trigger a state run every 1 minute if that is what you want.
12:57 Ahlee apergos: ah.  My apologies on leading you astray, but that's awesome to hear you've isolated it
12:57 babilen Ove__: Is the current behaviour a problem for you? What would you like to achieve
12:57 XenophonF you can do it in the minion or in cron or whatevs
12:59 Outlander joined #salt
12:59 cpowell joined #salt
12:59 Ahlee Or with a post-commit hook on your git service
13:00 Ove__ babilen: post-commit hook sounds like something I might want to run.
13:01 kingel_ joined #salt
13:03 Ove__ Anyone have an example for a post commit trigger? :P
13:03 Ahlee http://git-scm.com/book/en/Customizing-Git-Git-Hooks
13:03 Ove__ And this would contact saltmaster via the webui?
13:04 Ahlee the details are left as an excercise to the reader
13:04 Ahlee I briefly had a post-commit hook making a POST to the salt-api
13:06 babilen Ove__: What do you want to achieve?
13:06 Ove__ Well, devs in this case uploads a .war file to a special branch of a repo. I want to have that war automatically deployed.
13:06 nitti joined #salt
13:07 Ove__ Ahlee: Thank you for hinting the salt-api.
13:07 Ove__ I am a total noob with saltstack and need this kind of stuff pointed out to me. :P
13:08 picker joined #salt
13:10 brandon__ joined #salt
13:13 babilen Ove__: I'd schedule to run your "deployment" state every, say, 5-10 minutes. Or do you really need it to be instantly? Are you doing anything else in salt that depends on this state?
13:14 Ove__ babilen: Devs expect instant change.
13:14 babilen Ove__: http://docs.saltstack.com/en/latest/topics/jobs/schedule.html#scheduler-with-returner + http://docs.saltstack.com/en/latest/ref/states/all/salt.states.schedule.html
13:14 Ove__ For some reason this company is always in a hurry to deploy stuff.
13:15 babilen And the second question?
13:16 ramishra joined #salt
13:16 Ove__ I have not written a state for it yet.
13:16 Ove__ Also
13:16 Ove__ I don't understand the second question.
13:16 babilen Do you need to do anything else than just the equivalent of "git pull" ?
13:17 Ove__ Nope
13:17 babilen It sounds as if you don't need salt at all, but as if you are simply looking for sensible "deploy on push" git hooks.
13:18 Ove__ Well I would need it to check for dependencies and installed packages also I believe.
13:18 babilen I mean feel free to schedule a "has it changed yet?" deployment state run from salt every second (that should really be often enough, shouldn't it?)
13:23 nitti_ joined #salt
13:24 babilen Ove__: You can also trigger the same state from a post-receive hook, but I really wouldn't trigger a complete highstate. Not entirely sure what the best way to achieve the former would be though.
13:24 Ove__ Well I can trigger only the git.latest-thing with salt-api right?
13:25 babilen You could, for example, trigger a custom event with "salt-call event.fire_master '{"deploy": True
13:25 babilen err
13:26 lcavassa joined #salt
13:26 dude051 joined #salt
13:26 babilen "salt-call event.fire_master '{"deploy": True}' 'mysoftware"" and react to those events with a "deployment state" run. See http://docs.saltstack.com/en/latest/topics/reactor/ for info on that.
13:26 BrendanGilmore joined #salt
13:27 babilen http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.event.html#module-salt.modules.event
13:27 racooper joined #salt
13:28 theproxy joined #salt
13:28 XenophonF speaking as an I.T. operations manager, triggering salt.state or salt.highstate in a post-commit hook sounds super scary to me
13:28 babilen yeah
13:32 englishm joined #salt
13:33 gngsk joined #salt
13:35 Setsuna666__ joined #salt
13:36 XenophonF Ove_, in order to run salt.state or salt.highstate from a post-commit hook, you're going to either need root access on your Salt server or root access on your Git client or some other kind of authorization setup, to where a committer can trigger the job in the Salt master.
13:36 XenophonF very messy
13:36 XenophonF lots of opportunities for bad security mistakes
13:38 Ove__ I am trying to wrap my head around this.
13:39 XenophonF i'd pick an update frequency that doesn't break your git or salt master servers, and i would schedule a cron job or something that runs a git pull or state.highstate
13:39 Ove__ Solution is to not use salt at all, because otherwise root is needed which is a bad practice?
13:39 XenophonF If I were your ops mgr, I'd strongly recommend against doing system management type things from a post-commit hook for security reasons.
13:40 eunuchsocket joined #salt
13:40 XenophonF feel free to use salt to keep the checkout updated
13:40 XenophonF but i'd have that run once a minute or once every five minutes or something
13:41 XenophonF like, in my mind i'm imagining that you have a bunch of web app devs
13:41 mapu joined #salt
13:42 XenophonF and they're committing stuff to a production branch as part of a release
13:42 XenophonF when they commit, and git runs the post-commit hook, IIRC that runs on their computers under their accounts
13:43 XenophonF maybe the post-commit hook runs on the git server
13:43 XenophonF i dunno
13:43 bhosmer joined #salt
13:43 iggy can someone explain how the git branch in ext_pillar maps?
13:43 ndrei joined #salt
13:43 XenophonF either way, you'd need to set up some kind of delegated access to make administrative stuff happen
13:43 Ahlee Mine did.  Our server (stash) handled authentication, and ran a quick and dirty java post-commit hook to reach out to the api
13:44 Ahlee but, i also don't care about security, and trust my users to do the right thing
13:44 XenophonF :-D
13:44 XenophonF i've been a hacker too long
13:44 XenophonF am waaaaay too paranoid
13:44 Ahlee We have no external facing services :)
13:44 iggy there are a couple services out there that trigger actions on pushes (heroku, etc.)
13:45 iggy someone feels comfortable with it
13:45 Ove__ XenophonF: The security concern is because the world can trigger the api?
13:46 Ove__ And that what I want to do requires root?
13:46 Ove__ (bare with me, I am tired as hell).
13:46 iggy I mean I could see DoS as an issue, but there are ways to mitigate that
13:46 Ahlee Ove__: Salt runs as root
13:46 babilen Ove__: As I said earlier: Would "every k seconds" *really* be such a problem? Lay down the law!
13:46 intellix joined #salt
13:47 babilen (or react to events, but even that is IMHO not the best approach)
13:47 Ove__ Maybe I should sleep and re-ask these questions tomorrow. I've been up all night doing a database migration. :I
13:47 Ove__ Because the lack of sleep is making my head retarded and I am just not understanding it.
13:48 perfectsine joined #salt
13:48 Ahlee polling is processor intensive though babilen :)
13:50 babilen true
13:52 younqcass joined #salt
13:53 apergos Ahlee: it's not 100%, just a vast improvement... I can still geet th no response if I run the command enugh times in a row
13:53 apergos with nothing of interest in the logs of course
13:53 Deevolution joined #salt
13:54 mechanicalduck joined #salt
13:55 XenophonF Ove_: that's exactly my security concern
13:55 dariusjs hobakill: 2014.1.10  seems to wake the minions a lot faster
13:55 dariusjs im not seeing those timeouts I had before with 2014.1.7
13:56 XenophonF kicking off salt.state or .highstate requires some kind of privileges within the Salt master at the very least
13:56 TheThing joined #salt
13:58 elfixit joined #salt
13:59 babilen dariusjs: So, back to my first question: "Does this happen after a period of 'sleep'?"
14:01 dariusjs yeah it did
14:02 XenophonF you can set up delegations for it, but it's probably safer from an infosec standpoint to have the minion initiate a "git pull" or state.highstate or state.single
14:02 XenophonF highstate is probably ok once every 15 minutes
14:02 XenophonF for small sites, it might be ok once a minute
14:03 XenophonF i dunno enough about salt internals/capacity planning, so that's a guess
14:03 babilen Sounds about right, but then some highstates might take significantly longer (which is why I wouldn't necessarily trigger a highstate automatically, but specific states)
14:03 smcquay joined #salt
14:04 babilen dariusjs: https://github.com/saltstack/salt/issues/15415 (i.a.)
14:04 ajprog_laptop joined #salt
14:05 babilen (which is what I had mentioned some hours ago, btw)
14:05 babilen dariusjs: But you said that this only happens on the Windows minions, but not on the Linux ones which is, well, curious
14:06 Munkeh joined #salt
14:06 * Munkeh waves @ folks
14:08 gothix joined #salt
14:08 quickdry21 joined #salt
14:10 dariusjs babilen: oh funny ... I am seeing the opposite
14:10 higgs001 joined #salt
14:11 dariusjs will recheck how theyre behaving tommorrow, I've got 60 nodes to test one
14:11 cym3try joined #salt
14:11 cym3try seems like salt does not like the following requirement: "mount: /"
14:11 iggy so... if I put the master branch in my ext_pillar, everything works fine, if I put in prod, nothing works (even though the files are identical in each branch)
14:12 micah_chatt joined #salt
14:15 kaptk2 joined #salt
14:18 Nexpro joined #salt
14:21 darkelda joined #salt
14:24 bhosmer_ joined #salt
14:26 peters-tx joined #salt
14:29 intellix joined #salt
14:30 pdayton joined #salt
14:32 JayCeeJr joined #salt
14:32 mpanetta joined #salt
14:34 rojem joined #salt
14:35 albertid_ joined #salt
14:36 albertid_ Hi, cmd.run does not return me any output for any commands that take > 5 seconds. Help?
14:37 joehoyle joined #salt
14:40 Munkeh Has anyone here got experience with saltstack minon on Windows 64bit and running it as a Windows service ?
14:43 mechanicalduck joined #salt
14:46 viq albertid_: have you played around with -t ?
14:47 vejdmn1 joined #salt
14:47 albertid_ viq, I changed timeout in the master's config and its working now
14:49 grove_ joined #salt
14:50 Ozack1 joined #salt
14:50 ramishra joined #salt
14:51 jalbretsen joined #salt
14:51 econnell joined #salt
14:51 ndrei joined #salt
14:54 Munkeh Has anyone here got experience with saltstack minon on Windows 64bit and running it as a Windows service ?
14:55 Munkeh im  seeing some unusual behaviour when running it using a windows service
14:57 conan_the_destro joined #salt
14:57 metaphore joined #salt
14:58 thayne joined #salt
14:59 Munkeh1 joined #salt
15:01 SheetiS joined #salt
15:02 UtahDave joined #salt
15:03 Gareth Munkeh: I'm sure there are people who have done that, they're not just around at the moment.
15:03 Gareth Munkeh: actually UtahDave would be the one to talk to about that :)  Good timing.
15:03 Munkeh Hum.. i've got it running as a service although it's just hanging on startup and not showing that it's finished running.. i wanted to know if i could background it, ala *nix
15:04 rallytime joined #salt
15:05 Munkeh UtahDave: Any chance that i could pick your grey cells ;)
15:05 UtahDave sure! what's going on, Munkeh?
15:05 Munkeh C:\Users\Administrator>sc create SaltstackMinion binPath=  "C:\salt\salt-minion.
15:05 Munkeh exe" DisplayName= "SaltStack Minion" start=auto
15:05 Munkeh i do this as a service, on win2k12 r2
15:05 bastion1704 joined #salt
15:06 Munkeh when it runs, it never actually returns a 'started' status
15:06 Munkeh ive noticed the same thing when actually running the binary
15:06 Munkeh you just get a cmd window and you have to leave it open otherwise the minion process dies
15:06 Munkeh :-?
15:07 Munkeh this is the url i copied the info from http://www.herongyang.com/Windows/Service-Create-Delete-Services-with-sc-exe.html
15:12 TheThing joined #salt
15:12 VSpike Munkeh: I just tried running the installer on a clean VM and it created a service. It didn't start it though, had to start it manually.
15:12 ericof joined #salt
15:13 VSpike I did tick the box in the installer which said "start salt minion", and I saw a cmd box appear then vanish, so I think that start option might be misleading
15:13 cym3try i have an if conditional in my sls file which is breaking the format. can you give me suggestions please?
15:15 gmoro joined #salt
15:16 UtahDave Munkeh: why are you attempting to create the service?
15:17 manfred cym3try: {%- if .... so that it removes the newline stuff before it, butif you do -%} it will break the format
15:17 manfred cym3try: can you pastebin your sls?
15:17 Munkeh UtahDave:  i just realised the installer probably didnt complete correctly, ive reinstalled and its working
15:17 Munkeh #Muppet
15:17 smcquay joined #salt
15:17 Munkeh manahama
15:18 UtahDave Munkeh: OK. cool.  Sometimes the service doesn't get started automatically the first time. I haven't been able to figure out why yet
15:18 Munkeh cool..
15:18 Munkeh tyvm#
15:19 UtahDave you're very welcome! I do need to track down why that happens sometimes.
15:21 hobakill guys - got a windows software install question.  HOPEFULLY easy. i want to do a 'complete' install of an msi package but i can't figure out the syntax. any clues?
15:24 hobakill WebDeploy needs to be a complete install but i think by default a /qn only does 'typical' which doesn't install the service
15:24 UtahDave hobakill: what application is it?
15:24 hobakill WebDeploy UtahDave
15:25 hobakill UtahDave: https://www.hobapolis.com/paste/?553a5ad7f0e7954b#x8bPGuIJr+16cffAj8m09Z6mmXWEw3rtcXwnIUPXtfs=
15:25 VSpike I cannot get my head around the example at http://docs.saltstack.com/en/latest/topics/tutorials/states_pt4.html#practical-example ... can someone help? It's the first two bits of YAML I don't get. I can follow the rest.
15:26 UtahDave VSpike: Just a sec
15:27 UtahDave hobakill: can you pastebin the output of    WebDeploy_amd64_en-US.msi /?
15:28 TTimo joined #salt
15:28 UtahDave VSpike: what part exactly are you not quite getting?
15:28 VSpike In the first bit, the /srv/salt/prod/top.sls, I see that the webserver.foobarcom is calling that state defined below ... but what are the base and 'web*prod*' doing?
15:29 hobakill UtahDave: I don't understand.
15:29 hobakill UtahDave: in windows?
15:29 UtahDave hobakill: from the command line, on Windows, run  WebDeploy_amd64_en-US.msi /?
15:30 kingel joined #salt
15:30 XenophonF hobakill: you need to find out which feature flag does the complete install
15:31 XenophonF UtahDave: I don't think MSI packages take /? flags but I could be wrong.
15:31 hobakill UtahDave: oooh i didn't know existed. nice.
15:31 hobakill https://www.hobapolis.com/paste/?b0424b6eedbb2317#Algaej42G0kLM++7BlruJA0k5IkcC78JcPqJboEqM+k=
15:31 XenophonF hobakill: Let me find a copy of WebDeploy and take a look at the feature flags available.  Just a sec.
15:32 XenophonF hobakill: which version of webdeploy are you using?
15:32 hobakill 3.1237.1763 aka 3.5
15:32 XenophonF oh, 3.5
15:32 XenophonF just saw your paste
15:33 schristensen joined #salt
15:35 XenophonF hobakill: to edit an MSI file, you'll need Orca (available from http://msdn.microsoft.com/en-us/library/aa370834(v=vs.85).aspx)
15:35 VSpike UtahDave: aha, just found the right bit of docs to read at http://docs.saltstack.com/en/latest/ref/states/top.html#states-top
15:38 kruppm joined #salt
15:39 hobakill XenophonF: ok.... got it open with orca. any additional thoughts about what to do with this nightmare? :)
15:39 XenophonF LOL
15:40 hardwire joined #salt
15:40 tligda joined #salt
15:40 kruppm hey, anyone got some spare time and give me your opinion on this? https://gist.github.com/michaelkrupp/4e83ab08ffd32c8ca387
15:40 kruppm and would*
15:41 XenophonF hobakill: I don't have Orca installed yet.  Still downloading the Windows 7 SDK.
15:41 XenophonF hobakill: you basically want to look for the Feature table IIRC
15:41 hobakill XenophonF: hm, it didn't require me to do the sdk
15:41 brandon_ joined #salt
15:42 darkelda joined #salt
15:42 darkelda joined #salt
15:42 XenophonF oh shoot, i found the answer with google-fu: http://www.iis.net/learn/publish/using-web-deploy/use-the-web-deployment-tool
15:43 XenophonF so you need to put ADDLOCAL=COMPLETE to the msiexec command line options
15:43 XenophonF also note logging options to msiexec
15:43 XenophonF i have "voicewarmup" (lulz) set via GPO, so that msiexec always creates detailed install logs
15:44 XenophonF but in general, you can look at the feature table to see what's available
15:44 UtahDave sorry. I'm back.
15:44 XenophonF then use ADDLOCAL to enable those features
15:44 UtahDave We had a fire drill. The fire alarm sirens are crazy loud. painful, even
15:44 hobakill so my install flag would look like ' /qn ADDLOCAL=COMPLETE ' ? XenophonF
15:44 XenophonF since salt calls out to msiexec for this, you don't need to create a transform
15:44 XenophonF yes, that's right
15:45 XenophonF now you could also customize the install using a transform
15:45 hardwire joined #salt
15:45 XenophonF but that's more complicated than you need for this
15:45 hobakill i don't need to make this any more painful than it is :)
15:45 XenophonF LOL
15:45 hobakill UtahDave: is there a way to add domain users yet?
15:47 UtahDave hobakill: I don't think so
15:48 micah_chatt_ joined #salt
15:48 hobakill UtahDave: XenophonF testing now
15:50 hobakill UtahDave: i'm about to have a firedrill in my pants if this doesn't.....fail... :(
15:50 hobakill Comment: The following packages failed to install/update: WebDeploy=3.1237.1763.
15:50 hardwire joined #salt
15:50 iggy kruppm: seems good... maybe convert some of the more popular formulas and add a section to the "best practices" section
15:53 XenophonF hobakill, please enable logging, something like /lvoicewarmup c:\webdeploy.log
15:53 debian112 joined #salt
15:53 XenophonF hobakill: just to be clear the log will be created on the minion
15:54 UtahDave hobakill: also, I would first run these commands manually on the minion until you figure out the exact syntax to get a silent install completed
15:55 XenophonF tru dat
15:55 UtahDave hobakill: then it will be easy to make it work with Salt
15:55 hobakill yeah ok. i've been doing the opposite. UtahDave
15:55 hardwire joined #salt
15:55 hobakill bahahaha. got it on my second live attempt. :)
15:56 XenophonF LOL
15:56 kruppm iggy: thanks for taking the time to look into it :)
15:56 kruppm anyone else? maybe you, UtahDave?
15:56 hobakill XenophonF: UtahDave it's this:     install_flags: ' /qn ADDLOCAL=ALL'
15:56 XenophonF ah
15:56 iggy kruppm: not sure if it was intentional, but there were a few macro -> marco's in there
15:56 UtahDave nice, hobakill!
15:56 XenophonF microsoft lied to us! :-D
15:57 hobakill thanks for the help guys. now my bladder is having a fire drill. BRB
15:58 kruppm iggy: oh, no not intentional. marco definitely has nothing to do with this :) I'll fix the gist
15:58 ndrei joined #salt
15:59 UtahDave kruppm: It looks interesting. I've never used hiera before and I've usually kept things a lot simpler, but it's an interesting approach for sure
16:00 hardwire joined #salt
16:01 kruppm UtahDave: thank you :)
16:01 kruppm .gci.net] has quit [Excess Flood]
16:02 hobakill lactually XenophonF the link you gave me was right...
16:02 XenophonF oh good
16:02 hobakill it's code block about halfway down the page: msiexec /i <msi_filename> /passive ADDLOCAL=ALL LISTENURL=http://+:8080/MSDEPLOY2/
16:02 XenophonF ah gotcha
16:05 Munkeh joined #salt
16:05 Munkeh left #salt
16:05 Munkeh joined #salt
16:05 hobakill XenophonF: which i'm happy about because there was no way i was going to figure out that orca thign anytime soon :)
16:06 hardwire joined #salt
16:06 Munkeh UtahDave:  i ve noticed a percularity with the salt windows minion
16:06 XenophonF LOL
16:06 UtahDave Munkeh: which one?  :)
16:07 Munkeh if you  re-install it, after having accepted the key,  the salt master doesnt recognise the host any more… 2014.10.1
16:07 Munkeh 64bit
16:07 VSpike does the environment called "base" have a special significance, or is it the same as any other?
16:07 wt joined #salt
16:08 nitti joined #salt
16:08 UtahDave Munkeh: Yeah, the installer overwrites almost all the entire install directory, so the encryption keys get overwritten
16:08 Munkeh got u
16:08 hardwire joined #salt
16:09 UtahDave VSpike: base is the default and required environment.
16:09 UtahDave but other than that, there's nothing special about it.
16:09 VSpike Right .. so does the top.sls file need to go in the location specified under base in file roots?
16:10 wt anyone here use s3fs?
16:10 micah_chatt_ joined #salt
16:10 wt the fileserver backend
16:11 ndrei joined #salt
16:12 UtahDave VSpike: Yeah, the top.sls goes in the root of your environment.  so by default the base top.sls is found here:   /srv/salt/top.sls
16:13 babilen fwiw, I am slowly working through old/outstanding issues in saltstack-formula and will probably close some of them. Feel free to reopen any that still apply.
16:15 VSpike UtahDave: so, if you have a file_roots setup like the 3rd yaml block in http://docs.saltstack.com/en/latest/ref/states/top.html#environments then your top.sls should be in /srv/salt/base/top.sls instead of /srv/salt/top.sls ... correct?
16:16 armonge joined #salt
16:17 UtahDave babilen: that's awesome. Thanks for doing that!
16:17 UtahDave VSpike: correct.
16:17 VSpike thanks
16:18 UtahDave VSpike: also, just so you know. You can have a top.sls in the root of each environment. Salt will collect them all and join them together
16:18 UtahDave VSpike: but I recommend avoiding that because it gets messy very quickly and the top.sls in your base environment can manage all your environments
16:20 KyleG joined #salt
16:20 KyleG joined #salt
16:22 picker joined #salt
16:25 hobakill ok UtahDave next challenge. to get around not being able to add domain users i'd like to "state-ify" a cmd.run using 'onlyif'
16:25 VSpike UtahDave: i feel like it would be really good to read some good quality code to help join the dots at bit .. do you know of any well commented or docmented online examples of a full salt setup that is a good example of best practice?
16:25 hobakill a la : cmd.run "net localgroup administrators domain\user /add"
16:26 perfectsine joined #salt
16:28 hardwire joined #salt
16:29 SheetiS1 joined #salt
16:29 aparsons joined #salt
16:30 pentabular joined #salt
16:32 alanpearce joined #salt
16:33 XenophonF VSpike: Wikimedia uses Salt.  Maybe their git repo is public?
16:33 XenophonF there's this https://wikitech.wikimedia.org/wiki/Trebuchet
16:35 prandelicious joined #salt
16:35 prandelicious hi all
16:35 aparsons joined #salt
16:35 prandelicious how do i incorporate a 3rd party python module into a saltstack module?
16:36 jY import it
16:36 prandelicious yeah, i did that but i can only run it locally
16:37 hardwire joined #salt
16:37 UtahDave hobakill: It would be pretty easy to add that option to the win_useradd.py module.
16:37 jp___ joined #salt
16:38 oz_akan joined #salt
16:38 VSpike XenophonF: thanks. I'm browsing http://saltstarters.org/ a bit too
16:39 schimmy joined #salt
16:39 pentabular basepi: Happy Birthday!
16:40 schimmy1 joined #salt
16:40 higgs001 joined #salt
16:41 wt prandelicious, the module has to be installed on the server. Use the native package or the pip installer to do that?
16:41 wt Then make the any formulas that use things that depend on the state depend on the installation of the python lib.
16:42 basepi pentabular: thanks!  =)
16:42 wt basepi, happy b'day!
16:42 hardwire joined #salt
16:42 prandelicious wt: yup, did that too -- salt-call works but salt '*' doesn't
16:42 basepi wt: =D  thanks
16:42 DerekRBN joined #salt
16:42 prandelicious btw, i'm running both the minion and master on the same machine
16:42 VSpike I guess https://github.com/saltstack-formulas too :)
16:43 wt basepi: has 2014.1.11 already been cut?
16:43 basepi wt: it has indeed.  8/29, actually.  we've been doing internal testing
16:43 basepi (which has been extra slow, since it's our first time doing this extensive internal testing)
16:43 XenophonF VSpike: hm i might be wrong about wikimedia using salt
16:43 wt Damn. I have this change that fixes the s3fs behavior. https://github.com/saltstack/salt/pull/15644
16:44 XenophonF all i've found is their public puppet repo
16:44 DerekRBN Is there a way to use a wildcard when targeting via the command line but only run on one minion? Kind of like batch but only run the first set?
16:44 XenophonF VSpike: https://gerrit.wikimedia.org/r/#/admin/projects/ - look for projects starting with 'operations'
16:45 wt DerekRBN, I want to know an answer to that also
16:45 tmh1999 joined #salt
16:45 XenophonF their docs for trebuchet seem to imply they use a combo of git/puppet/salt, but i'm not clear on how it all works
16:46 nitti joined #salt
16:46 wt Also, is there a way to run multiple exec modules on a single run of salt? e.g. I'd like to be able to get a grain and run a command and get the output together in one output.
16:46 basepi wt: bummer.  Guess there's always the next release.  =P
16:46 wt basepi, yeah
16:46 fllr joined #salt
16:47 XenophonF VSpike: they are on #wikimedia-operations, so i encourage you to ask them if they have a salt state tree that's public
16:47 XenophonF it's kind of amazing how much stuff is available via gerrit
16:47 hardwire joined #salt
16:47 XenophonF https://gerrit.wikimedia.org/
16:47 wt I may have to apply that diff manually until then. The default behavior in s3fs is terrible.
16:48 wt well, terrible when you have a file that was multipart uploaded
16:48 wt it's acceptable otherwise
16:48 kruppm wt: you could write a state for merging diffs, at least that's what I currently do :)
16:49 wt kruppm, merging diffs? Like, manually copy the s3 and then sync the files from the local cache to the salt cache?
16:50 davet joined #salt
16:51 wt With the way it works now, I have an 80MiB file that is copied from S3 every 30s or so.
16:51 kruppm well, with salt you can do whatever you can do manually. just write a state that get's your diff and applies it
16:52 wt yeah, that's what I planned on
16:52 hardwire joined #salt
16:52 kruppm I'm doing this to get some 2014.7-features onto my 2014.1.10 minions. I could share the sls if you want me to
16:52 wt Speaking of which, is there a "right" way to restart the salt-minion and salt-master from within a state?
16:53 hardwire joined #salt
16:53 wt And is there a way to quickly tell if a highstate it currently running?
16:53 wt s/it/is/
16:55 wt kruppm, I'd be interested to see it.
16:58 dalexander Is controlling a salt master with itself a thing?  master and minion on the same host?
16:58 wt FWIW, I currently just restart the salt-m{aster,inion}s once per day by cron to make sure they pick up new configuration. I'd rather restart at the time the config change is made.
16:58 forrest joined #salt
16:58 hardwire joined #salt
16:59 aparsons joined #salt
17:00 kruppm wt: https://gist.github.com/michaelkrupp/4d65c10be2bef1a22b3b
17:01 kruppm wt: it's a mako template, just porting it to jinja should not be too difficult. Also, I restart my minions via cron and a "flag-file". Whenever there are changes, I create the file, restart the minion and delete the file again.
17:02 aparsons joined #salt
17:02 kruppm wt: so basically the cronjob liiks like: test -f /some/file && service restart salt-minion
17:02 kruppm looks*
17:02 wt I'd be happy to use the at module if I could find a way to write a script that only restarted if it wasn't in the middle of a highstate.
17:03 XenophonF wt: are you trying to restart the salt master/minion after making a master/minion config change?
17:03 kruppm wt: you can use 'require_in' in your states and make the flag-file depend on all states, so it gets "touched" last
17:04 XenophonF wt: if so please see https://github.com/saltstack-formulas/salt-formula
17:04 terminalmage joined #salt
17:04 terminalmage left #salt
17:04 hardwire joined #salt
17:10 hardwire joined #salt
17:11 kermit joined #salt
17:11 ndrei joined #salt
17:12 hobakill XenophonF: UtahDave i keep getting YAML errors. what am i messing up? https://www.hobapolis.com/paste/?85b9f19648f54f7a#T31arkV250F9U7i7fhhTPLa6iLIM4H+2xkoM4PQZ4sE=
17:13 wt Does helium support the old external nodes style for backwards compat?
17:13 wt or do you have to move to the master tops immediately with helium?
17:14 kruppm hobakill: try escaping the backslash \\
17:14 XenophonF hobakill: or try stupiduser@DOMAIN.TLD
17:14 XenophonF can't remember if that works with net localgroup tho
17:15 aparsons joined #salt
17:15 XenophonF this worked for me on Windows 8.1 Pro: net localgroup administrators xenophon@IRTNOG.NET /add
17:16 rap424 joined #salt
17:16 hobakill but it works fine if i do cmd.run 'net localgroup administrators domain\user /add'
17:16 hobakill so states would treat it different?
17:16 wt XenophonF, I see that formula, but it just does service restarts when the config files change. I tried that and was faced with minions that would stop working
17:16 SheetiS joined #salt
17:17 wt XenophonF, that was in the 2014.1.4 timeframe...has that been fixed?
17:17 XenophonF wt: I dunno.  Never encountered that problem.
17:18 kruppm wt, XenophonF: that's why I do it via cron. When a minion fails to get back up, I revert the changes (minion is under version control) and try to start it with the old config.
17:18 hardwire joined #salt
17:19 wt https://github.com/saltstack/salt/issues/5721
17:19 kruppm This way you can basically never mess up a minion in a way, that it is not able to recover anymore
17:19 gngsk joined #salt
17:20 wt That issue is about salt-minion not being able to restart itself.
17:20 LBJ_6 joined #salt
17:20 LBJ_6 salt ‘*’ test.ping -v
17:20 LBJ_6 what does -v means ?
17:21 hobakill LBJ_6: verbose
17:21 shaggy_surfer joined #salt
17:21 eliasp LBJ_6: see also: salt some-minion -d test.ping
17:21 eliasp LBJ_6: -d will show you the documentation for test.ping
17:21 LBJ_6 how can I print out all the minions including not responding to salt-master?
17:21 eliasp LBJ_6: "salt-run manage.up" and "salt-run manage.down"
17:22 thayne joined #salt
17:22 hobakill or salt-run manage.status
17:22 eliasp hobakill: pah, don't make it that easy! :)
17:22 XenophonF wt, kruppm: i'm not sure if my experience is different because i am mostly running freebsd here
17:23 hobakill i need easy right now. this stupid Unknown yaml render error is driving me nuts
17:24 XenophonF hobakill: use the Kerberos UPN instead of the NetBIOS name: user@DOMAIN.TLD
17:24 CryptoMer joined #salt
17:24 hardwire joined #salt
17:24 XenophonF it could be an escaping issue or something
17:25 murrdoc joined #salt
17:25 giantlock joined #salt
17:26 aw110f joined #salt
17:28 troyready joined #salt
17:29 zooz joined #salt
17:31 hobakill XenophonF: yeah man there seems to be no combinations of slashes i can make to have the /add read properly.
17:32 XenophonF maybe try double-quotes around it, instead of single quotes?
17:32 obimod joined #salt
17:32 XenophonF alternatively you could use cmd.script
17:32 XenophonF and push a batch file or powershell script to the minion
17:33 XenophonF and then no escaping issue
17:33 hobakill XenophonF: good thoughts. thanks. :)
17:33 XenophonF could be more than one level of escaping going on, too
17:33 mike25de left #salt
17:33 rojem joined #salt
17:33 XenophonF so you might need \\\\ instead of just \\
17:34 hardwire joined #salt
17:34 rojem joined #salt
17:35 longdays joined #salt
17:37 hardwire joined #salt
17:38 pdayton joined #salt
17:38 MTecknology I have a state that seems like it should be really simple...   http://dpaste.com/115415M    It 'almost' works. It pushes things out correctly, but it won't delete things that are already out there.
17:39 Ryan_Lane joined #salt
17:39 MTecknology I keep staring at "- clean: True" to see if I spelled something wrong.
17:41 bhosmer joined #salt
17:41 druonysus joined #salt
17:42 LBJ_6 logstash_user:
17:42 LBJ_6 user.present:
17:42 LBJ_6 - name: logstash
17:42 LBJ_6 - uid: 450
17:42 LBJ_6 - gid: 450
17:42 LBJ_6 - groups:
17:42 LBJ_6 - adm
17:42 LBJ_6 - home: /var/lib/logstash
17:42 LBJ_6 - shell: /sbin/nologin
17:42 LBJ_6 - password: x
17:42 LBJ_6 logstash_group:
17:42 LBJ_6 group.present:
17:42 LBJ_6 - name: logstash
17:42 LBJ_6 - gid: 450
17:42 LBJ_6 - members:
17:42 LBJ_6 - logstash
17:42 LBJ_6 what is the dependency between user and group?
17:42 manfred LBJ_6: please use a pastebin
17:42 manfred don't paste directly into irc
17:42 kruppm MTecknology: is 'require' recursive? "[...] will be deleted unless it is required." would you mind trying it without require?
17:42 marco_en_voyage joined #salt
17:44 MTecknology kruppm: sure can try; it's not recursive, it's actually just making sure a parent directory exists with the correct permissions
17:45 LBJ_6 http://pastebin.com/embed_js.php?i=bqTqmgh0
17:45 kruppm MTecknology: coming from puppet I've seen lots of funny implicit dependency-graph issues. :)
17:46 MTecknology This is what it looks like after templating - http://dpaste.com/2146D55
17:46 BrendanGilmore joined #salt
17:46 hardwire joined #salt
17:47 MTecknology kruppm: looks like you're spot on
17:47 LBJ_6 : http://pastebin.com/embed_js.php?i=bqTqmgh0, what is wrong witht that?
17:47 cpowell joined #salt
17:48 MTecknology kruppm: I don't like not depending on something that is an actual dependency, though... :(
17:49 UtahDave MTecknology: Yeah, that should work. what version of salt are you on?
17:49 MTecknology 2014.1.10
17:49 MTecknology err... on the minion, just noticed the master is on 2014.0.7
17:49 MTecknology 1.7*
17:49 LBJ_6 http://pastebin.com/embed_js.php?i=bqTqmgh0, what is dependany between user and group?
17:51 UtahDave LBJ_6: there isn't a dependency in your sls file.  It will execute the top one first and then the second.  You can add a "require" option to make one depend on the other
17:51 LBJ_6 ok , thanks
17:51 LBJ_6 left #salt
17:51 MTecknology It seems like those should be under the same tag
17:51 raptor22xxx joined #salt
17:52 raptor22xxx Does anyone know how saltstack process sls in the file system
17:52 spookah joined #salt
17:53 raptor22xxx I mean if your base is at /srv/salt/base and you have an sls of basic.sls
17:53 chrisjones joined #salt
17:53 MTecknology what the ****?
17:53 metaphore joined #salt
17:54 raptor22xxx and also have test in /srv/salt/test with an sls    moreconfi.sls
17:54 raptor22xxx the moreconfig.sls has a -require  of -sls: basic.sls
17:54 logix812 joined #salt
17:55 MTecknology UtahDave: This is interesting... I updated so both are on 2014.1.10. It pushed out the file just fine, as expected. Then I removed it and ran the state again. It 'should' have removed the file, but this happened...  http://dpaste.com/2G5P5Y4
17:55 raptor22xxx will saltstack try to look in the test folder for the basic.sls or will it go back to the base
17:55 raptor22xxx and look in there
17:56 delinquentme joined #salt
17:57 MTecknology run it again, and no errors, but the file doesn't go away.
17:57 MTecknology UtahDave: a potential bug?
17:57 bhosmer_ joined #salt
17:58 UtahDave MTecknology: Hm. yeah, that pipe in the path looks fishy. Yeah, would you mind opening a bug on that?
17:58 iggy raptor22xxx: I think it should look in test, but see the numerous bugs about ordering... i.e. best test it
17:59 UtahDave raptor22xxx: what does your top.sls look like?
17:59 raptor22xxx test: 'nameofhost': - moreconfig.sls
17:59 MTecknology UtahDave: absolutely
17:59 raptor22xxx i mean no .sls
18:00 hardwire joined #salt
18:00 kruppm MTecknology: would you mind posting the ticked-id here then? I'm also interested in this :)
18:01 MTecknology kruppm: no... I don't feel like it
18:01 chrisjones joined #salt
18:02 wt Is there a smooth upgrade from 2014.1 to 2014.7 if you are using external node data, or are config file changes required?
18:02 hardwire joined #salt
18:02 kruppm ok, I'll go cry then... ;-)
18:03 UtahDave wt: we're still testing the upgrade process. I would definitely test well before making sweeping infra changes
18:03 perfectsine joined #salt
18:03 MTecknology wt: ya... don't run your infrastructure like I do... :P
18:04 MTecknology I haven't had any issues with blindly upgrading lately, but they have happened.
18:06 murrdoc joined #salt
18:08 hobakill is there a way to see if my salt master has the latest push from my git repo?
18:08 gmeno joined #salt
18:09 MTecknology kruppm: https://github.com/saltstack/salt/issues/15662
18:09 eliasp hobakill: you can do a "salt-run fileserver.update", but I don't know of a way to get the latest commit ID
18:09 wt I run on epel packages...which has it's own set of problems.
18:09 eliasp hobakill: … to verify whether the fileserver.update was actually successful
18:09 kruppm MTecknology: thank you!
18:09 hobakill sure. thanks eliasp i think a lot of the problems i may be having are gitfs related.
18:10 eliasp hobakill: by default, the master will do a fileserver.update on its own every minute
18:10 bhosmer joined #salt
18:10 hobakill eliasp: yeah - normally it's fine but a few things have happened to lead me to believe something is wonky:
18:11 hobakill eliasp: 1 - my stash isn't talking to hipchat correctly. 2 - the files that SHOULD be on the minion are not there if i look in the windows minion cache file.
18:13 wt Is there a place to find the 2014.1.10 docs?
18:13 wt I see that docs.saltstack.com is showing the latest develop docs.
18:14 eliasp wt: https://github.com/saltstack/salt/releases/download/v2014.1.5/Salt-2014.1.5.pdf
18:14 eliasp wt: for reasons unknown to me, there are no PDFs for 6..10
18:15 wt Why doesn't readthedocs have entries for salt?
18:15 eliasp wt: readthedocs is not the primary platform for Salt docs anymore… that's now docs.saltstack.com
18:16 gmeno I am looking for the fix https://github.com/saltstack/salt/issues/14768 in any of the latest releases and can't seem to find it. Is this intentional?
18:16 forrest wt, as eliasp said, readthedocs is being phased out
18:17 forrest it was too confusing to have the official doc site, and read the docs
18:17 gmeno I am looking for #14768 like this git tag --contains 5f9931636aa7acddff9f14bd57f700db805f8ede
18:17 wt forrest, are there going to be multiple versions on docs.saltstack.com at some point?
18:18 wt I keep running into docs that are only good for helium. I was looking for a better way.
18:18 forrest wt, it's planned yes, whiteinge has been slowly working on it.
18:18 UtahDave wt: yeah, it's being worked on
18:18 wt ok
18:18 DerekRBN joined #salt
18:20 hardwire joined #salt
18:21 wt UtahDave, forrest: is there anything an outside party can do to help?
18:22 DerekRBN wt: I created my own way of targeting just one of server, useful when you only need one out of a ASG or something
18:22 DerekRBN http://pastebin.com/df1XT0Ww
18:22 DerekRBN Called it salt-uno ;)
18:25 hardwire joined #salt
18:26 wt I see. You might want to use "--out=txt" on the salt part of the command line. Look's useful.
18:26 marco_en_voyage joined #salt
18:30 jalaziz joined #salt
18:30 hobakill i've given up. i've stopped caring. i'm going to template this user and move on with my life.
18:31 hardwire joined #salt
18:31 sctsang joined #salt
18:32 murrdoc joined #salt
18:34 ajolo joined #salt
18:35 hardwire joined #salt
18:35 aboe joined #salt
18:35 Whissi joined #salt
18:38 hardwire joined #salt
18:38 dvestal joined #salt
18:44 hobakill stupid question time. is there a way to test a single init.sls file? this entire time i've been doind state.highstate test=True and i feel like there's gotta be a better way to do this.
18:46 UtahDave hobakill: salt 'minion_id' state.sls thefile
18:46 forrest hobakill, UtahDave add test=True for that one state though
18:46 forrest UtahDave, JEEZ DAVE :P
18:47 hobakill UtahDave: and if it lives in gitfs can i reference 'thefile' as salt://enviro/folder/init.sls ?
18:48 P0bailey joined #salt
18:48 P0bailey joined #salt
18:48 CatPlusPlus joined #salt
18:48 UtahDave hobakill: no      folder
18:48 UtahDave you never include the .sls extension
18:49 UtahDave and having an init.sls allows you to just use the directory name
18:49 UtahDave if you need to specify an environment, then add    saltenv=enviro
18:49 hobakill UtahDave: thx
18:50 UtahDave you're welcome!
18:51 hardwire joined #salt
18:51 kermit joined #salt
18:54 hardwire joined #salt
18:56 pentabular joined #salt
18:56 marco_en_voyage joined #salt
18:56 hobakill UtahDave: XenophonF i f'ing got it. the YAML render error wasn't in my init.sls - i had a missing f'ing : in my top.sls
18:57 XenophonF ah
18:57 XenophonF glad you found it!
18:57 hobakill XenophonF: me too. now i just need to figure out how to incorporate an 'onlyif' or 'unless'
19:00 XenophonF hobakill: here's an example - http://paste.debian.net/120277/
19:00 SheetiS hobakill: I think 'onlyif' and 'unless' are new for state requisites in 2014.7.  If you are using 2014.1, I think they are still good for cmd things such as cmd.run, but not all things.
19:01 XenophonF i use it to run a one-time antivirus update
19:01 nitti_ joined #salt
19:01 murrdoc joined #salt
19:01 n8n joined #salt
19:02 luminous hello! is is possible to import a jinja macro into a .sls, having defined the macro in another?
19:02 SheetiS luminous: yes I do that right now
19:02 hobakill XenophonF: thanks. if i could grep windows stuff i think life would be easier. :)
19:02 luminous how is this done SheetiS?
19:02 murrdoc joined #salt
19:03 ndrei joined #salt
19:03 SheetiS {% from state_with_macro import macro_name %} optionally you can do it with context
19:03 XenophonF hobakill: find.exe is kinda like grep
19:04 luminous SheetiS: with context?
19:04 XenophonF but if you want more, you probably need to switch to PowerShell
19:04 KyleG joined #salt
19:04 KyleG joined #salt
19:04 luminous SheetiS: and state_with_macro is with or without the .sls?
19:04 SheetiS http://docs.saltstack.com/en/latest/ref/renderers/all/salt.renderers.jinja.html#include-and-import
19:05 SheetiS should explain context.  and there I believe it is with .sls.
19:05 luminous awesome! thanks. I went looking for those docs but must have overlooked it
19:06 SheetiS luminous: not a problem.  I think it even has a macro import example just below the anchor I linked.
19:06 luminous aye
19:07 hardwire joined #salt
19:08 hobakill XenophonF: i think find might be good enough. god what a day. thanks!
19:09 hobakill 'net localgroup administrators |find "stupiduser"'
19:10 hobakill returns information i need
19:12 hardwire joined #salt
19:13 SheetiS joined #salt
19:13 hobakill XenophonF: bang. perfect. thanks so much. both UtahDave and XenophonF are the raddest! :)
19:13 hobakill along with eliasp and SheetiS
19:14 eliasp hobakill: yw
19:14 wt Can I use something like "pip install -e git@github.com/...#egg=blah" with the pip state module?
19:14 wt presumably with "installed"
19:15 wt I can't just dump the "-e git@github.com/...#egg=blah" in the name.
19:17 hardwire joined #salt
19:18 dude^2 joined #salt
19:18 pjs_ joined #salt
19:19 dude051 joined #salt
19:20 iggy wt: I think the pip-formula supports it
19:22 hardwire joined #salt
19:22 ajolo joined #salt
19:30 eunuchsocket Hi All.  I'm struggling with passing parameters in a map.jinja.  I'd like "{% set apache = salt['grains.filter_by']({" to filter by something other than OS but I can't figure out where to put that parameter.
19:32 murrdoc joined #salt
19:33 UtahDave forrest: do you know how to help eunuchsocket?
19:34 kruppm eunuchsocket: http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.grains.html
19:34 kruppm you
19:34 kruppm are looking for  grain="some_grain"
19:35 marco_en_voyage joined #salt
19:35 SheetiS http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.grains.html#salt.modules.grains.filter_by anchors straight to grains.filter_by usage.  It doesn't haveto be an os/os_family grain.
19:35 eunuchsocket kruppm: thanks, I saw that in the doc but this doesn't work "{% set resolver = salt['grains.filter_by(grain='addomain')]({"
19:36 kruppm you need to pass it as a dict
19:36 eunuchsocket kruppm: forgive my ignorance but how would I do that?
19:37 kruppm salt['grains.filter_by'](lookup_dict, grain='addomain')
19:38 eunuchsocket kruppm: that did the trick.  Thank You!
19:38 kruppm you're welcome. An example for this should be added to the docs, IMHO, UtahDave :)
19:39 SheetiS I think it is in there
19:39 SheetiS salt.modules.grains.filter_by(lookup_dict, grain='os_family', merge=None, default='default')
19:39 _chrish_ joined #salt
19:40 kruppm SheetiS: ye, but it's only in the headline. default and merge have proper examples
19:41 jslatts joined #salt
19:42 SheetiS I see what you mean.  It's not bad with the headline and hte parameters description below, but sometimes an example is good.
19:43 _chrish_ Hi. I'm stumped trying to do something with SaltStack. I have a zip file on the master. I want to transfer it to the minions and then run "pip install that_zipfile.zip"... Preferably not leaving the zip file around once that's done. Any ideas would be appreciated...
19:45 pdayton joined #salt
19:45 longdays joined #salt
19:45 dalexander joined #salt
19:45 SheetiS I have an idea for an example that could set libdir (e.g. /usr/lib64 vs /usr/lib) that could match the grain osarch if you wanted me to make a pull request for an example.
19:46 metaphore joined #salt
19:50 debian112 I got a dumb question here:, but what do I gain by using reclass external data? http://reclass.pantsfullofunix.net/salt.html
19:52 SheetiS _chrish_: you could easily install the file with file.managed, but removing it might confuse the states a little bit.  there is a pip state and module, but I've not used them in the manner you are needing.  http://docs.saltstack.com/en/latest/ref/states/all/salt.states.pip_state.html might have some direction.
19:55 marco_en_voyage left #salt
19:56 ksalman when I install salt using the bootstrap script, it creates /etc/init.d/salt-minion but not /etc/init.d/salt-master
19:56 ksalman on Debian, if that matters
19:57 Ryan_Lane joined #salt
19:58 ipmb joined #salt
19:58 _chrish_ ksalman: You need to pass the bootstrap script an option if you want it to install a master too. Did you do that?
19:58 ksalman oh
19:59 ksalman you ar right! i did not do that >.<
19:59 ksalman thanks
20:00 _chrish_ SheetiS: Yeah... I was heading towards that kind of a solution. Thanks. (What would really help for this would be a state that would copy files from the master to the minion and set a jinja variable with the destination...)
20:01 chadhs joined #salt
20:01 Ryan_Lane joined #salt
20:01 dvestal_ joined #salt
20:02 murrdoc joined #salt
20:03 ckao joined #salt
20:03 SheetiS _chrish_: if you wanted, you could make a variable with the destination and use it for both the file state and then if the pip state were in another file, you could import that variable for reconsumption there.
20:03 cpowell joined #salt
20:04 SheetiS Alternatively you could have it be something in a pillar that both could consume
20:04 druonysus joined #salt
20:05 dude051 joined #salt
20:09 jslatts joined #salt
20:11 ggoZ joined #salt
20:12 _chrish_ SheetiS: Yeah, but the destination filename itself is the least painful bit of this thing. Having the filename hardcoded, transfer, cleanup, etc. are the things that are more of a pain. Anyways, got a hackish solution working. I guess I'll open a feature request bug report with my use case for further discussion. Thanks for the help!
20:13 forrest UtahDave, eunuchsocket sorry had some coworkers at my trick, kruppm thanks for stepping in!
20:14 CeBe1 joined #salt
20:17 SheetiS _chrish_: no problem.  sounds like a full solution might involve something outside of salt such as a private repo (git or otherwise) that the pip module/state poll for the custom package you want to install.  I actually like using a private rpm repo (osfamily redhat shop) and making all my packages rpm and solving this problem in that manner.
20:22 geekmush joined #salt
20:23 forrest at my trick? At my desk
20:23 forrest wow brain, this is why I shouldn't multi-task
20:23 SheetiS forrest: I just figured it was slang of some type :)
20:24 forrest SheetiS, no I was talking about a trip to someone here at work
20:24 forrest while typing
20:24 SheetiS ahh.  That'll do it every time. :)
20:30 pdayton joined #salt
20:31 Ryan_Lane joined #salt
20:32 rojem joined #salt
20:37 schimmy joined #salt
20:40 schimmy1 joined #salt
20:41 invsblduck joined #salt
20:41 perfectsine_ joined #salt
20:42 luminous debian112: you get a lot, depending on how you use reclass and salt together. It is a very worthwhile thing to do in many salt deployments. Namely, you get a _very_ easy and sane way to a) collect a groupt of formula (applications) and parameters (pillar) together as a class, potentially including other classes,  b) optionally, tying those classes together with specific nodes or groups of nodes (hosts/minions) replacing top.sls (and done in a way t
20:43 luminous here's b) again, looks like it was cut
20:43 luminous b) optionally, tying those classes together with specific nodes or groups of nodes (hosts/minions) replacing top.sls (and done in a way that is independent of salt, so using these same definitions can be done with puppet/chef/ansible).
20:44 debian112 luminous: ok thanks
20:44 luminous and finally, c) is my favorite, due to how reclass intelligently merges the parameters dictionary together, you are provided with a very sensible way to define pillar in one place (like defaults) and then overriding them elsewhere, only needing to define the specific keys you want to update/override
20:45 luminous all three together make for easier parametized formula, pillar and node management, and more sane development
20:45 luminous if salt merged pillar in the way reclass does, it might not be as useful, but that alone is worth using
20:45 luminous (salt is 'dumb' when it comes to merging pillar)
20:46 jalaziz joined #salt
20:46 pdayton joined #salt
20:46 TheoSLC joined #salt
20:46 TheoSLC Greetings
20:47 forrest hey TheoSLC
20:48 kruppm luminous: I linked a gist trying to fix this merging issue, earlier. Take a look at it, as it only needs Jinja2 to run. no ENC needed.
20:48 kruppm here it is, again: https://gist.github.com/michaelkrupp/4e83ab08ffd32c8ca387
20:49 jhauser joined #salt
20:50 aquinas joined #salt
20:51 debian112 luminous: I will read more on reclass, External_node is new to me. If you got an example I will love to see it.
20:52 SheetiS kruppm: I actually kinda like that.  I'd tried something similar, but made a custom module to handle it.   However, I've been trying to stay in jinja2 as much as possible because the other admins are not such a fan of python where I work, so I might have to 'borrow' that :)
20:53 kruppm SheetiS: feel free to do with it whatever you want :)
20:53 luminous kruppm: awesome, thanks.. I'll take a look.
20:53 delinquentme joined #salt
20:53 shaggy_surfer joined #salt
20:54 lloesche joined #salt
20:54 luminous debian112: I use reclass to do some whacky stuff, like manage top.sls for the host through pillar
20:55 luminous debian112: so my examples are not as easy to make sense of until you understand the basics of reclass
20:55 luminous but, fortunately, reclass is really simple
20:55 debian112 gotcha
20:55 debian112 thanks
20:55 luminous ENC is simply taking top.sls for formula _and_ pillar and putting them in another place
20:55 luminous you can use the existing top.sls still
20:55 SheetiS kruppm: That doesn't merge lists as part of it though, does it?
20:55 KaaK if I run a command with sensitive output via cmd.run, should I be concerned about that output being intercepted or logged insecurly?
20:56 luminous kruppm: I won't use a method that isn't based on reclass' merging code, until proven better
20:56 luminous kruppm: imho, salt ought to import the parameters merging code (small and simple) and use that in pillar.
20:57 kruppm SheetiS: no, but that could be added easily by adding another branch after macro.sls line 8
20:58 SheetiS Yeah that is what I was thinking.  Jinja would need to check for 'is iterable and is not string' after deciding it was not a mapping, but I think it could do it.
20:58 luminous kruppm: I'm also partial to a solution that allows me to use all the flexibility of salt, so relying on jinja is a deal-breaker
20:59 kruppm luminous: you can still use different (and even multiple chanined) template engines in your state files via the shebang line.
21:00 luminous kruppm: and if I don't use state files?
21:01 luminous say I use the salt.client.Caller() class directly with some python?
21:01 luminous I want merging there too
21:02 kruppm luminous: well, you could still manually render the template then. But that's not the point of my proposal. It was meant as a more powerful alternative to the map.jinja-approach that is currently used in formulas out there :)
21:02 luminous sure
21:02 kruppm It's not intended to fully replace an ENC. That's would be kinda stupid :)
21:03 luminous I thought you were trying to only do c) of the a-b I spoke of
21:03 TheoSLC I'm trying to fix a long outstanding issue with the salt mine.  see http://fpaste.org/132594/
21:03 luminous for me, it would not fulfill my use of c
21:04 luminous I have a foo/bar/build.sls (with a macro defined) and a foo/bar/init.sls with an attempt to import that macro. if the syntax is {% from 'foobar.sls' import .. %} I assume foo.bar (or foo/bar/init.sls) would need to be expressed in some form of {% from 'foo/bar/build.sls' import ... %}
21:05 jslatts joined #salt
21:05 luminous if build.sls and init.sls are in the same directory, maybe {% from 'build.sls' import ... %}
21:05 luminous neither of these are working for me, the macro shows up as undefined
21:06 luminous SheetiS: how are use using the macro import?
21:06 kruppm luminous: import paths are relative to the state directory. at least over here they are. don't forget the "with context" though
21:06 luminous yes, I have the with context
21:06 kruppm I have an example for that in the gist I linked
21:06 luminous in my case I need it
21:07 luminous hrm
21:08 luminous quadruple checking my syntax and for typos is not resolving this. I guess it's time to step away for a minute
21:09 joehoyle joined #salt
21:09 SheetiS {% from 'folder/statewithmacro.sls' import macro with context %}
21:09 kruppm luminous: would you mind pastebin'ing it? ^^
21:09 SheetiS luminous: then I'd be able to run the macro below
21:09 luminous ah, well that is a little better, I had a comment ending in %} - duh
21:09 SheetiS luminous: use {# #} for comments with jinja in them to be safe :)
21:09 luminous I am
21:09 perfectsine joined #salt
21:10 wt I think I figured it out.
21:10 luminous SheetiS: and you are including that import in a .sls in your state root?
21:10 luminous not in a sub folder?
21:10 wt However, it seems to have "Result: True" and non-empty changes every time I run the state
21:11 luminous there we go! you need the full path
21:11 luminous relative to state file roots
21:11 stinger9 joined #salt
21:11 murrdoc yup
21:11 luminous awesome, I love this
21:11 kruppm luminous: as I said, import paths are relative to the state (base) directory :)
21:11 wt wtlib-py:
21:11 wt pip.installed:
21:11 wt - name: git+ssh://git@github.com/wt/wtlib.git@master
21:11 wt - upgrade: True
21:12 wt I think the result is True because it is in the state. However, pip didn't actually upgrade anything this time around, so why are there reported changes?
21:13 luminous kruppm: but that is not clear enough, honestly.. SheetiS's example is much more clear. code speaks. for example I see there is no preceeding / in his example
21:13 luminous either way, thanks!
21:13 kruppm luminous: anyway, it works nowand you're happy ;)
21:13 wt the changes are:
21:13 wt git+ssh://git@github.com/wt/wtlib.git@master==???:
21:13 wt Installed
21:15 luminous kruppm: exactly
21:19 TheoSLC I've submitted an issue for my salt mine problems.  https://github.com/saltstack/salt/issues/15673   I have a sick feeling that I just fundamentally misunderstand how the salt mine is supposed to work.
21:19 higgs001 joined #salt
21:19 ajolo joined #salt
21:20 dude051 joined #salt
21:22 gothix anyone know how i insert a pause in between states?
21:23 kruppm gothix: what are you trying to achieve? sleeping for X seconds might cause some race-conditions later on
21:24 gothix i have one state that stops a service and one that starts it but it fails because it has not finished yet
21:25 kruppm so your "stop" action returns before the service is acutally stopped?
21:25 gothix kruppm, well its tomcat sop it can take a few
21:26 eliasp kruppm: that's something which should be fixed in tomcats init-script/service unit
21:26 eliasp kruppm: everything else will be just a dirty/error-prone workaround
21:26 gothix kruppm, i want to stop the tomcat server insert new configs then start it
21:27 eliasp oh, sorry… this response was addressed at you gothix
21:27 kruppm ;)
21:27 gothix eliasp, I agree it should
21:27 kruppm ye, but you are absolutely right, eliasp :)
21:28 kruppm grepory: cant you just put in a "wait $tomcat_pid" into your init script?
21:28 kruppm damn auto-complete... that answer was for gothix ... sorry
21:28 gothix kruppm, well its a rpm from epel
21:28 TheoSLC gothix: why not watch the files with service.running and perform a restart
21:29 TheoSLC gothix: make sure to use     - fully_restart: True since tomcat init doesn't have a reload option
21:29 grepory kruppm: :) thanks.
21:30 gothix TheoSLC, code deployment is the purpose of this so i guess i can just recall my original state then
21:30 Ryan_Lane joined #salt
21:32 kermit joined #salt
21:32 kruppm gothix: just noticed there is a tomcat module. you should take a look at this: http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.tomcat.html
21:33 kruppm it looks like it handles individual app states
21:33 eliasp and also a tomcat-formula: https://github.com/saltstack-formulas/tomcat-formula
21:36 wt The problem appears to be that it cannot find the name of the package in pip freeze afterward.
21:36 gngsk i seem to have some stale data in a minion cache, how can i purge it?
21:36 gothix kruppm, Thanks will look into it!
21:36 gngsk pillar data, that is
21:37 kruppm gngsk: http://docs.saltstack.com/en/latest/topics/pillar/#refreshing-pillar-data
21:37 nitti_ gngsk: http://docs.saltstack.com/en/latest/ref/runners/all/salt.runners.cache.html#salt.runners.cache.clear_pillar
21:37 nitti_ wow
21:37 kruppm ^^
21:38 TheoSLC kruppm: last time I checked that tomcat module only worked with tomcat6
21:38 gngsk neat, i ran the pillar refresh but that didn't seem to help
21:38 SheetiS TheoSLC: I was not able to reproduce your issue in my environment.  what is your mine_interval set to on your minions?
21:40 kruppm TheoSLC: Good to know, as I might need to setup tomcat soon...
21:40 TheoSLC SheetiS: I don't have a mine_interval setting on my minion configs
21:40 kruppm TheoSLC: doc's say default is 60 minutes
21:40 SheetiS hmm I think the default is 60 miutes
21:40 SheetiS *minutes
21:40 kballou joined #salt
21:40 TheoSLC kruppm: the tomcat formula works well.  but it doesn't use the tomcat state or modules
21:41 kruppm TheoSLC: thanks :)
21:42 gngsk sigh, i'm such a fool. i was not experiencing issues with stale data in a cache, i had stale data in an sls on my master
21:42 gngsk thanks for the links though
21:42 gngsk :D
21:43 Setsuna666__ joined #salt
21:43 pentabular joined #salt
21:44 CatPlusPlus_ joined #salt
21:45 SheetiS TheoSLC: have you done a 'salt \* mine.update clear=True'?
21:45 TheoSLC SheetiS: I don't think I've used the clear=True flag.  Just did it.
21:45 TheoSLC I'll try again
21:46 TheoSLC SheetiS: same results
21:47 SheetiS so it always returns the same information regardless of what grain you give it?
21:48 pdayton joined #salt
21:49 TheoSLC SheetiS:  mostly.  I have three minions that match any request.
21:50 SheetiS TheoSLC: also have you tried obtaining mine data from another minion other than ip-10-1-14-103.ec2.internal?  Just curious if the mine is broken everywhere or just for that particular minion.
21:52 thayne joined #salt
21:52 TheoSLC SheetiS: when I do the same search for ip-10-1-14-160.ec2.internal it returns for ip-10-1-14-103.ec2.internal and ip-172-31-60-160.us-west-2.compute.internal.  So only one of the three always matches minions returned this time.
21:54 TheoSLC SheetiS: okay.  now my results are changing (wonder if that mine.update did this)  all minions are returning the same two minions.  One correct, one incorrect.
21:55 SheetiS Hmm this is an odd one.  the one that is still wrong... is it showing as up or down on 'salt-run manage.status'?
21:56 SheetiS it could still have stale data if it was not showing up.
21:56 TheoSLC yes it is
21:56 SheetiS it was showing as up?
21:56 TheoSLC SheetiS: note, I have two salt masters (multi-master)
21:57 TheoSLC SheetiS: yes, all minion are in the "up" column
22:03 gngsk any decent emacs modes for editing sls? i'm using yaml-mode currently but it'd be nice to have some jinja2 love as well
22:03 SheetiS TheoSLC: I'm wondering if within an hour that the problem might disappear becasue of the mine_interval, but I have no idea why it happened in the first place.  (I have my mine interval shorter, but currently my load on my salt master is really low as I've just gotten salt implemented at my new job).
22:03 SheetiS It's both nice and terrible to be able to be able to build the configuration management from the ground up at an organization.  Nice because I can set it up my way... Terrible because it was all setup 'manually' on the existing stuff.
22:03 bhosmer joined #salt
22:04 spookah joined #salt
22:04 aparsons joined #salt
22:05 bhosmer joined #salt
22:06 bhosmer_ joined #salt
22:06 TheoSLC SheetiS: do you set the mine_interval in the pillar?
22:06 SheetiS in the minion config
22:07 bhosmer joined #salt
22:08 bhosmer joined #salt
22:08 mrlesmithjr joined #salt
22:08 TheThing joined #salt
22:09 aw110f joined #salt
22:09 bhosmer joined #salt
22:09 mrlesmit_ joined #salt
22:10 TheoSLC SheetiS: I fixed the problem.  It was the multimaster setup.  I think one minion was going to the other master for the mine data.
22:11 TheoSLC SheetiS: the false matching stopped after running the mine.update a few times
22:13 nitti joined #salt
22:23 SheetiS TheoSLC: that could be.  Glad you got it working
22:29 mechanicalduck joined #salt
22:29 tharkun joined #salt
22:32 nitti_ joined #salt
22:33 shaggy_surfer joined #salt
22:33 snuffeluffegus joined #salt
22:36 ajprog_laptop joined #salt
22:38 mhubbard joined #salt
22:46 ggoZ joined #salt
22:47 jayne joined #salt
22:47 shaggy_surfer joined #salt
22:50 bhosmer joined #salt
22:53 chrisjones joined #salt
22:55 tkharju3 joined #salt
22:56 yomilk joined #salt
22:57 englishm joined #salt
22:58 oz_akan joined #salt
23:00 tkharju3 joined #salt
23:01 tkharju3 joined #salt
23:05 yomilk joined #salt
23:05 longdays joined #salt
23:05 dalexander joined #salt
23:09 bhosmer joined #salt
23:11 n8n joined #salt
23:13 tkharju3 joined #salt
23:18 druonysus joined #salt
23:18 druonysus joined #salt
23:18 jalaziz_ joined #salt
23:24 jalaziz joined #salt
23:24 housl joined #salt
23:25 mosen joined #salt
23:28 gzcwnk joined #salt
23:28 tkharju3 joined #salt
23:30 jalaziz_ joined #salt
23:31 gzcwnk trying to find where bugs for salt are documented?
23:32 forrest gzcwnk, pretty much just in the github issues
23:32 gzcwnk thanks...trying to see how the minion not responding bug is going
23:37 Outlander joined #salt
23:37 jalaziz joined #salt
23:38 gzcwnk i must be looking in the wrong place or something...cant find any reference to bugs on github that makes sense.
23:39 rypeck joined #salt
23:43 danielbachhuber joined #salt
23:44 tkharju3 joined #salt
23:44 aquinas joined #salt
23:44 jalaziz joined #salt
23:46 ajolo joined #salt
23:47 tkharju3 joined #salt
23:48 eliasp gzcwnk: you mean this one? https://github.com/saltstack/salt/issues/14485
23:49 tkharju3 joined #salt
23:50 gzcwnk thanks but no.  My minions go to sleep and wont respond until restarted. Im sure ive seen this as a known bug somewhere, just cant find it now to see how its going.
23:51 TTimo joined #salt
23:51 englishm joined #salt
23:52 tkharju3 joined #salt
23:52 tkharju3 joined #salt
23:55 forrest gzcwnk, https://github.com/saltstack/salt/issues/15415
23:56 tkharju3 joined #salt
23:57 gzcwnk looks simialr, but not that one....I have 2014.1.7 and its still happeneing
23:57 bstr joined #salt
23:57 bstr Hey guys
23:57 forrest bstr, hello
23:57 bstr I'm having some weird issues, i was hoping you could shed some light
23:58 gzcwnk looks very simialr
23:59 bstr i have two nodes set up in a cluster as my salt masters, and a handful of cluster set up as syndics. Anyways, im having this issue with my minions failing saying the salt master has rejected the minion public key...even though i see it as accepted in the key list on the master
23:59 bstr any ideas?

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary