Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2014-09-18

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:00 Cyphus UtahDave: found your SO post on the subject.
00:00 skyler_ wnkz_: I uninstalled git on my salt master, ran your state with salt-call, and it worked for me. I am using salt 2014.1.10 (Hydrogen) on Ubuntu 12.04.4.
00:00 UtahDave Cyphus: cool!
00:01 Cyphus Thanks UtahDave
00:01 skyler_ What was the version that wasn't working wnkz_?
00:01 wnkz_ skyler_: yeah I probably did something wrong without noticing .. pebkac, sorry :s
00:02 delinquentme On retarting a salt-master ... the associated minions should automatically respond to a test.ping right????
00:03 UtahDave delinquentme: Yeah, but you'll need to give the minions a few seconds to run all the crypto to authenticate to the master
00:03 wnkz_ skyler_: I have a packages.sls in which I list all packages I want installed (including git) ; at first I was doing "include: - global.packages [...] require: - sls: global.packages"
00:05 wnkz_ skyler_: That was probably the main problem ; I read a github issue where a guy has problems requiring local states (e.g sls: .packages) because the ID isn't matching right
00:07 bhosmer joined #salt
00:07 skyler_ wnkz_: There is a bug with nested includes and require, that could have been the problem
00:07 xDamox joined #salt
00:08 skyler_ wnkz_: https://github.com/saltstack/salt/issues/15478
00:09 wnkz_ skyler_: yeah, I'm kinda new to salt ; sometimes I have a hard time at organising my stuff between appropriates sls :3
00:13 wnkz_ maybe you help me with this one https://gist.github.com/anonymous/bb96c6cf1bd0dacbca3e ; is there a better to get a user's homedir ?
00:16 Daemonik UtahDave, I don't see Salt 2014.1.11 for Windows on http://docs.saltstack.com/en/latest/topics/installation/windows.html
00:16 wnkz_ Problem is "Specified file ~foo/.zshrc is not an absolute path" because at the time of the run ; "echo ~foo" does not return "/home/foo" because the user isn't created yet
00:17 UtahDave Daemonik: Ah, dang it.  I forgot to update the docs with links to the new version
00:17 UtahDave Daemonik: the installers are available here, though: http://docs.saltstack.com/downloads/?C=N;O=D
00:17 pentabular left #salt
00:17 UtahDave Daemonik: i'll update the docs with links to the installers tomorrow. Sorry for that oversight.
00:18 Daemonik UtahDave, I just installed 2014.1.10 to about a dozen Windows VMs.  Should I use Salt to update the 2014.1.10 minions to 2014.1.11 ?
00:19 druonysuse joined #salt
00:19 UtahDave Yeah, shouldn't be a problem.     use cmd.run from the cli to run a silent installer command like you find here: http://docs.saltstack.com/en/latest/topics/installation/windows.html#silent-installer-option
00:22 skyler_ wnkz_: I am doing something similar to you, here is what I did: {% set home = salt['user.info'](user).home %}
00:22 skyler_ Here is the file that is from: https://github.com/skylerberg/personal-salt/blob/master/salt/dotfiles/init.sls
00:23 skyler_ It is part of my work-in-progress project to make a collection of salt states to configure my own personal machines (home machines, possibly personal work computers later).
00:23 Daemonik UtahDave, I could place the installer on a fileserver, say "fs01", and then salt '*' cmd.run '\\fs01\shared\Salt-Minion-2014.1.11-Setup-amd64.exe /S /master=salt01.example.com /minion-name=$id' ?
00:23 Newk joined #salt
00:23 blarghmatey joined #salt
00:24 Daemonik I wonder, how can I do something like salt 'cpuarch:AMD64 osrelease:2008ServerR2' cmd.run [...] ?
00:24 UtahDave Daemonik: yeah, it would probably be more reliable to put the installer on your salt master in your file roots, though
00:24 UtahDave by default that's   /srv/salt
00:24 UtahDave then it would be          salt://Salt-Minion-2014<snip>
00:25 UtahDave Daemonik: salt -C 'G@cpuarch:AMD64 and G@osrelease:2008ServerR2' cmd.run
00:25 mapu joined #salt
00:25 wnkz_ skyler_: hmm that's nice :) ; how come you never require "user" ?
00:26 Daemonik UtahDave, Thank you
00:26 UtahDave you're welcome, Daemonik!
00:27 skyler_ wnkz_: Oh, I forgot the critical line before that: {% for user in salt['pillar.get']('dotfiles:users', ['skyler']) %}
00:28 skyler_ wnkz_: so I keep a list of users in a pillar, or default to just a list with myself in it. Then I iterate over the list and use {% set home = salt['user.info'](user).home %} to get my user's home directory.
00:28 Newk Hello, I need some help getting a command line to work via salt cmd.run.  It works on Win2K8 but not via salt.  Command is: salt -C 'G@kernel:Windows' cmd.run 'wevtutil qe Security /f:Text /q:"*[System[Provider[@Name='Microsoft-Windows-Security-Auditing'] and (EventID=4648)]] and *[EventData/Data[@Name='TargetUsername']='jdoe']" /e:Events'
00:29 Newk Should I "escape" each of the single tick's within the ticks for the salt command?  Do I do it with ^ or ""?
00:30 wnkz_ skyler_: yeah but in my case I wanted to separate managed users and zsh users ; meaning I have two lists in my pillar :s
00:31 wnkz_ skyler_: e.g I don't want root to be managed like my other users but I want it to use my zsh config
00:31 UtahDave Newk: Hm. that's kind of tough.  can  you switch those internal single quotes to doublequotes?
00:31 Newk I'll give it a try.
00:32 skyler_ wnkz_: Yeah, I would make two lists in that case. There may exist a more elegant way to do it, but I can't think of it off the top of my head.
00:34 wnkz_ skyler_: and I can't even use you technique because "Rendering SLS "base:global.users" failed: Jinja variable 'dict object' has no attribute 'home'"
00:34 holms s'rsly? https://github.com/saltstack-formulas/maven-formula/blob/master/pillar.example
00:34 holms just passing url like that? without latest version polling?
00:34 holms worst ever formula
00:35 Newk @UtahDave...gave it a go, but that didn't work.  The error being thrown is: Left hand side arguments to binary operators must be either attributes, nodes, or variables and right hand side arguments must be constants.  <newline> Failed to open event query. The specified query is invalid.
00:35 holms anybody had to pull version from maven to download latest jar version?
00:35 UtahDave Newk: you might try a backslash in front of each single quote    \'
00:36 Newk @UtahDave..ok..I'll try that real quick.  In MS speak the error is: ERROR_EVT_FILTER_INVARG15016 (0x3AA8)
00:39 Newk @UtahDave -- I received a bash error: -bash: syntax erro near unexpected token '('
00:40 Daemonik UtahDave, I know I'm doing something wrong but don't know what exactly.  http://pastebin.com/raw.php?i=tdiCXyzf    I have file_roots set to /srv/salt/files/ and the exe is in files
00:41 Daemonik I had the exe name wrong but fixing that didn't change anything...
00:41 UtahDave Daemonik: Ah, I'm sorry. i've misled you.
00:41 UtahDave I didn't think this all the way through
00:42 UtahDave so whatever you put in cmd.run is just like you typed it in a terminal on your windows machine
00:42 Jahkeup joined #salt
00:42 UtahDave So your first suggestions would probably work best.  ie putting it on a file share somewhere
00:43 UtahDave Other possibility is use the cp module to copy the installer down from the master and then use cmd.run to install it.
00:43 holms any of you code java or smtng? =//
00:45 iggy people I work with do
00:46 skyler_ wnkz_: Can you gist what you have that isn't working?
00:47 druonysus joined #salt
00:49 A||SySt3msG0 joined #salt
00:49 wnkz_ skyler_: yeah, hold on a sec
00:52 wnkz_ skyler_: https://gist.github.com/wnkz/34833ea1108269a69d7f
00:53 Daemonik Am I using cp.get_file incorrectly? http://pastebin.com/raw.php?i=3NKuTErL
00:56 skyler_ wnkz_: This gives you the message "Rendering SLS "base:global.users" failed: Jinja variable 'dict object' has no attribute 'home'"?
00:57 wnkz_ skyler_: no, you way with "salt['user.info'](user).home" does ; this gets me "Specified file ~foo/.zshrc is not an absolute path"
00:58 wnkz_ skyler_: your*
00:59 KyleG joined #salt
00:59 wnkz_ skyler_: which makes sense to me since the user does not actually exists at the moment state is "compiled"
01:00 skyler_ wnkz_: On a side node, on line 8, you give {} as a default, you probably meant []. {} is an emty dictionary. It doesn't actually make a difference in how it runs, but I am guessing that 'user:admins' is a list rather than a dict.
01:00 KyleG So my salt master is suddenly not starting…..
01:00 KyleG https://gist.github.com/kylegato/0c1ca8a024f611e40ce9
01:01 KyleG it just sits there...
01:01 KyleG 2014.1.1
01:01 wnkz_ skyler_: true
01:01 KyleG All I did was change my nodegroups definitions, and went to restart it and it wouldn't come back up.
01:01 KyleG So I commented out my nodegroups entirely…still nothing
01:01 KyleG Rebooted the server….no change
01:01 skyler_ wnkz_: That would make sense. I can't test mine out right now, because I am at work, but I wonder how to deal with that issue...
01:02 wnkz_ skyler_: yeah.. managing user's home seems to be a problem for every orchestration tool
01:02 wnkz_ skyler_: Puppet sucks at this too
01:02 iggy nfs
01:03 wnkz_ skyler_: because LINUX I guess ..
01:03 nitti joined #salt
01:04 egalano joined #salt
01:06 acabrera joined #salt
01:07 teebes joined #salt
01:07 wnkz_ KyleG: have you tried restart a salt-minion and runing a test.ping from your master ? I though my master was broken once but I found out minions established persistant connexions to the master and there must be some kind of timeout before they show up again after a restart
01:07 KyleG wnkz_: I can't get my master to start, at all
01:08 KyleG testing using salt-call / salt-run
01:08 KyleG service salt_master start sits there
01:08 KyleG it never gets to any point...
01:08 KyleG but it does use 50% CPU while telling me _nothing_ in debug or garbage log level
01:08 KyleG it reads teh config file, config file path, and then it stops
01:10 KyleG https://gist.github.com/kylegato/199f070c438f40762349
01:10 KyleG salt-run too
01:12 skyler_ wnkz_: lol, I bet there is a good way. Are you going to be on this channel much? I can let you know if I figure it out later on.
01:12 wnkz_ KyleG: what does `ps fauxw` tell you ? Have you tried launching it with strace ?
01:12 KyleG FreeBSD
01:12 KyleG no strace
01:13 wnkz_ skyler_: I think I will be ; I'm on my laptop here ; but I backlog to my desktop (wnkz or wnkz_)
01:14 skyler_ wnkz_: Alright, if I figure out a nice solution, I will let you know
01:14 wnkz_ skyler_: great, ty :)
01:14 KyleG I have dtrace tho
01:14 KyleG I don't know much about dtrace so I'd need some help lol
01:16 wnkz_ KyleG: tried truss ?
01:16 mapu joined #salt
01:16 wnkz_ KyleG: http://www.freebsd.org/cgi/man.cgi?truss
01:17 KyleG yeah
01:17 KyleG It's the jobs dir
01:17 KyleG i'm rming it
01:17 KyleG Thanks wnkz_ hopefully this works
01:18 UForgotten joined #salt
01:18 KyleG this jobs cache dir is friggin huge….i didn't count the size but it's taking forever
01:18 wnkz_ KyleG: :3
01:19 KyleG yup
01:19 KyleG that was the fucker
01:19 KyleG -_-
01:19 KyleG thanks wnkz_
01:19 KyleG you taught me something I should've known
01:19 KyleG and I'm a more powerful admin for it now <3
01:20 wnkz_ KyleG: hehe, happy to help ;)
01:20 KyleG I'm surprised this happened though
01:21 KyleG Wonder why salt never cleaned up that job history
01:21 aquinas_ joined #salt
01:21 wnkz_ KyleG: I don't have to enough experience with salt to answer that question :)
01:21 KyleG it's cool
01:22 KyleG I'll bother UtahDave tomorrow about it :)
01:22 TheThing joined #salt
01:23 jab416171 joined #salt
01:25 holms how can i define list or dictionary in yaml (in state)?
01:25 holms currenly always using load_json
01:25 holms cause i have no idea how to dit without it
01:26 bhosmer joined #salt
01:31 aparsons joined #salt
01:31 otter768 joined #salt
01:32 elfixit joined #salt
01:37 kiwnix joined #salt
01:44 dude051 joined #salt
01:45 teebes joined #salt
01:47 druonysus joined #salt
01:49 oz_akan joined #salt
01:50 dude051 joined #salt
01:50 holms people
01:50 holms what's your variant would be on scenario when you need to
01:51 holms poll txt file from url to get version of package, which you gonna download
01:51 holms is this even possible with salt?
01:51 wnkz__ joined #salt
01:51 UtahDave joined #salt
02:05 blarghmatey joined #salt
02:06 blarghmatey joined #salt
02:14 holms anyone alive?=/
02:16 druonysus joined #salt
02:16 druonysus joined #salt
02:20 mgw joined #salt
02:27 CryptoMer holms: you want to grab a txt file (via curl or wget?) and parse that to get the package version?
02:28 druonysus joined #salt
02:28 CryptoMer To any late-nighters out there, I've got a question about how salt integrates with git. Let me know if you've got a 'few' minutes to discuss.
02:29 bezeee joined #salt
02:30 mosen I've got it set up CryptoMer but I'm not sure exactly of how it works
02:30 Daemonik Was looking at win-repo on github and got a 404 on http://docs.saltstack.com/en/latest/ref/windows-package-manager.html
02:30 CryptoMer Hah. Does it download any of the files locally, or does it simply store them in the cache?
02:31 mosen CryptoMer: i think its stored in the salt cache. can verify easily :)
02:32 mosen CryptoMer: yep, master cache stores by repo hash
02:32 mosen bare repo
02:33 CryptoMer mosen: Thx. Maybe I'm not completely off my rocker then. When specifying that you're going to use gitfs in the fileserver_backend portion, do you have to specify a 'roots' as well as a 'gitfs'?
02:33 CryptoMer I had all of this configured at one point, but my states couldn't be found. I'm revisiting to polish up my installation.
02:34 CryptoMer Ideally, I'd like to have *everything* stored in git.
02:34 CryptoMer makes it easier to sync to my syndics that way. ;)
02:34 mosen I have gitfs roots and file roots
02:34 CryptoMer in that order?
02:35 mosen git then root
02:35 blarghmatey CryptoMer: I'm using gitfs on my master. You can take a look at https://github.com/blarghmatey/saltstack-master
02:35 mosen sorry, - git, then - roots
02:35 CryptoMer mosen: ./nods. Thx for clarification. blarghmatey: I'll do just that! :)
02:35 blarghmatey Look under salt/master/files/ for my git config
02:35 mosen brb
02:36 CryptoMer yup. looking at it now
02:36 holms CryptoMer: kind of yeah, and would be nice to grab it with salt, incase of file exists salt would check it right :)?
02:37 blarghmatey That file ends up in /etc/salt/master.d/
02:38 CryptoMer holms: something you could try is writing up a grains module that would download that information, and store it in a grain. You could then invoke that grain as part of the state....
02:38 holms be blessed that great person who did this https://github.com/saltstack/salt-vim
02:38 holms CryptoMer: grain module would be written with python right/
02:38 CryptoMer correct.
02:39 holms thanks
02:39 CryptoMer I'm brand-spanking new to python though, and I have been able to put one together. It's surely not optimized, but it works. lol
02:39 holms i'm ok with python, native to me
02:39 CryptoMer holms: np. good luck.
02:39 holms :) does salt has templates? :)
02:39 holms files which being filled with variables, let's say from pillar
02:40 CryptoMer you can use jinja templating in your states. I've seen some sort of voodoo magic where you can fill out file contents using jinja, but  I haven't had the chance to dig into that yet.
02:40 holms in ansible that's regular thing
02:40 holms i mean filling credentials into config file
02:41 blarghmatey holms: If you check out some of the formulas in github.com/saltstack-formulas you can see some examples of Jinja being put to use.
02:41 holms and similar stuff, i prefer to store everything out of config files in pillar/vars..
02:41 blarghmatey I've also got some formulas on my profile at github.com/blarghmatey that you can look at.
02:41 holms oh yes
02:41 holms so it's the same \o/
02:42 CryptoMer blarghmatey: is it possible to use git as the only fileserver_backend?
02:42 blarghmatey It's certainly possible
02:42 blarghmatey It's just a matter of if that makes the most sense for your workflow.
02:43 CryptoMer Yea. Thankfully, I've got a test env where I can freely break things. lol
02:43 mosen git roots is a pretty great feature :)
02:43 blarghmatey Yes, that is invaluable for this kind of work.
02:44 Gnouc joined #salt
02:48 fannet joined #salt
02:50 fannet I'm getting a very strange error in salt http://pastie.org/private/1vd4rqkaeicnbmaonmdo5w  anyone have any ideas? I'm getting No matching sls found for 'extdns' in env 'base' but 'extdns/init.sls' clearly exists
02:51 joehoyle joined #salt
02:58 ramishra joined #salt
03:08 troyready joined #salt
03:09 sudarkoff joined #salt
03:10 kt76 joined #salt
03:12 holms how can i define list in yaml?
03:12 gmoro joined #salt
03:12 holms alternative to this {% load_json as python_deps %}["requets", "CacheControl", "lockfile"]{% endload %}
03:14 KyleG joined #salt
03:14 KyleG joined #salt
03:15 ndrei joined #salt
03:16 kt76 joined #salt
03:18 bezeee joined #salt
03:19 Outlander joined #salt
03:27 bezeee joined #salt
03:30 ramishra joined #salt
03:35 SheetiS joined #salt
03:36 otter768 joined #salt
03:39 acabrera joined #salt
03:42 aparsons joined #salt
03:44 joehoyle joined #salt
03:45 aparsons_ joined #salt
03:45 ICQ joined #salt
03:56 vbabiy joined #salt
03:57 aparsons joined #salt
04:02 bezeee joined #salt
04:05 ramishra_ joined #salt
04:07 scbunn joined #salt
04:11 aparsons joined #salt
04:23 mosen joined #salt
04:24 joehoyle joined #salt
04:27 aparsons joined #salt
04:29 SheetiS joined #salt
04:43 aparsons joined #salt
04:43 patrek joined #salt
04:45 ramishra joined #salt
04:49 felskrone joined #salt
04:57 aparsons joined #salt
05:02 fannet in this example: http://docs.saltstack.com/en/latest/ref/states/all/salt.states.pkgrepo.html   can someone tell me what "base:" references ?
05:02 iggy without actually looking... environment?
05:04 cuonglm joined #salt
05:05 iggy that's just a name, it can be anything really
05:05 iggy although it's a bit confusing to call it base there
05:05 catpigger joined #salt
05:08 bezeee joined #salt
05:09 ramishra joined #salt
05:10 stephanbuys joined #salt
05:13 aparsons joined #salt
05:13 ramteid joined #salt
05:14 delinquentme joined #salt
05:21 NotreDev joined #salt
05:22 NotreDev how do i match a pillar object with a colon in the name (salt-call —local pillar.get docker:”postgres:9.4”)
05:23 ramishra joined #salt
05:24 scarcry joined #salt
05:27 aparsons joined #salt
05:32 n8n joined #salt
05:39 englishm joined #salt
05:41 ramishra joined #salt
05:43 stephanbuys hi all, how do I retrieve the ssl fingerprint on a minion? The usual openssl x509 -verify doesn't work out of the box - I'm suspecting the key isn't x509
05:43 SheetiS joined #salt
05:56 ramishra joined #salt
06:01 thayne joined #salt
06:07 englishm joined #salt
06:09 aparsons joined #salt
06:14 oyvjel joined #salt
06:15 agend joined #salt
06:19 englishm joined #salt
06:20 aparsons joined #salt
06:21 aparsons joined #salt
06:24 fragamus joined #salt
06:25 aparsons joined #salt
06:27 aparsons joined #salt
06:28 slav0nic joined #salt
06:33 bhosmer joined #salt
06:36 agend joined #salt
06:37 TyrfingMjolnir joined #salt
06:39 englishm joined #salt
06:46 aparsons joined #salt
06:50 n8n joined #salt
06:51 englishm joined #salt
06:51 Sweetshark joined #salt
06:54 calvinh joined #salt
07:01 kingel joined #salt
07:03 viq joined #salt
07:05 hvn joined #salt
07:06 NotreDev joined #salt
07:07 hvn hi all, does anyone know the main reason that make salt 2014.1.10 (maybe just 2014.x) much more slower than 0.17.5? We have a CI server that run the same test with both that version, and the result is, wiht salt 0.17.5, it finished after 21hours, but for 2014.1.10, it's 33 hours.
07:08 lcavassa joined #salt
07:08 UForgotten joined #salt
07:09 viq joined #salt
07:11 laxity joined #salt
07:11 Hell_Fire joined #salt
07:12 lloesche joined #salt
07:15 debianix joined #salt
07:15 NotreDev joined #salt
07:16 lloesche is there a way to access grains of another node within a sls?
07:17 rogst joined #salt
07:17 mosen lloesche: salt mine?
07:17 mosen I dont have much experience but it seems like it would do that
07:18 lloesche mosen: yes that seems to be what I want, thank you
07:19 martoss joined #salt
07:19 stevednd joined #salt
07:20 lloesche the question would be though, how could I make sure all minions have delivered their information to the salt mine before the highstate that requires the information runs?
07:21 mosen good question
07:23 homelinen joined #salt
07:23 mosen I'm not sure it could work like that, because of the nature of minions being added or removed
07:25 lloesche The problem I'm trying to solve is this. I have Mesos cluster defined in the form of {ClusterA: [node1, node2, node3], ClusterB: [node4, node5, node6, node7]}. All nodes within a cluster need to know about their peers. Right now I'm using a preprocessor that will generate a pillar sls which contains all that information for each individual node. But I'm thinking salt is so flexible there's probably a way to do it in salt alone.
07:25 ndrei joined #salt
07:27 mosen unfortunately im really a beginner. It would seem that running highstate 2x would work.. or maybe theres some secret sauce salt-reactor method that runs highstate after everything is collected :)
07:28 delinquentme joined #salt
07:28 stoffell joined #salt
07:29 lloesche Well I'm gonna fiddle a bit with the salt mine see where it gets me. Thanks for your help!
07:29 mosen no problem!
07:29 TaiSHi joined #salt
07:30 analogbyte joined #salt
07:30 epcim_ joined #salt
07:31 englishm joined #salt
07:33 jalaziz joined #salt
07:34 kermit joined #salt
07:34 jalaziz joined #salt
07:34 jhauser joined #salt
07:35 jalaziz joined #salt
07:36 babilen lloesche: AFAIK you cannot ensure that all information has been collected before a highstate is run. I would, however, recommend to address the problem from a different angle: Ask yourself what you have to change when a *new* minion appears and then use the reactor system to make the necessary changes.
07:36 babilen That is: Add node4 to ClusterB if it comes online and remove it if it disappears.
07:37 TaiSHi joined #salt
07:38 wnkz_ joined #salt
07:38 rawzone joined #salt
07:38 bhosmer joined #salt
07:38 babilen lloesche: Or you could schedule the generation of an up-to-date configuration every k minutes and rely on the information that is in the salt mine at point. You don't have to trigger a complete highstate, but can be more specific about that.
07:39 lloesche Good point! Though I have certain constrains to adhere to. Like there have to be at least three nodes in a cluster for a quorum of two to be able to exist. So I would somehow need to handle the situation where the first two nodes are up but on their own not functional yet.
07:40 borgstrom joined #salt
07:40 babilen So count them and don't write the configuration if quorum isn't met
07:40 babilen Or have a state that stops the service if that is the case.
07:40 lloesche How would I go about counting that distributed state?
07:41 babilen lloesche: Request the information from the salt mine and then count the elements in the list.
07:42 babilen http://jinja.pocoo.org/docs/dev/templates/#list-of-builtin-filters has length/count
07:42 babilen (if you write it in Jinja rather than, say, mako or Python)
07:43 micko joined #salt
07:44 darkelda joined #salt
07:44 darkelda joined #salt
07:44 englishm joined #salt
07:45 JordanTesting___ joined #salt
07:45 akoumjian_ joined #salt
07:45 simonmcc joined #salt
07:45 thehaven joined #salt
07:46 wnkz__ joined #salt
07:46 Rory joined #salt
07:46 babilen I assume that you have some service that is making use of this information. Would it be fine for the service to run even if you don't have met the required quorum yet? (assuming no cluster would have been configured in that case)
07:47 babilen *haven't -- /me grabs more coffee
07:47 lloesche Well the service will try to run and then complain that he can't elect a leader but that's fine, I can handle that once the minimum number of cluster members is online.
07:48 lloesche Okay I think I understand those pieces so I can stitch them together. Last thing would be, how can I target only the portions of minions in my reactor that belong to the same cluster as the node that just started up?
07:48 jchen joined #salt
07:49 kaictl joined #salt
07:49 goodwill joined #salt
07:49 garphy`aw joined #salt
07:49 lloesche All nodes have a grain in the form of cluster:ClusterNameA set. Is there a way to write a reactor that basically sais "when a node has delivered information to the salt mine trigger a state on all other nodes that have the same cluster grain set as the node that delivered it's information"?
07:51 kingel_ joined #salt
07:52 hotbox joined #salt
07:53 babilen lloesche: *If* there are specific events you can react to whenever the salt mine was updated you can easily trigger a state via reactors and target that grain
07:53 chiui joined #salt
07:54 lloesche Ok I can look that up but let's say I do it upon start, how would my tgt: have to look like?
07:54 babilen But if the service shouldn't run you can conditionally trigger service.dead
07:55 ze- joined #salt
07:55 babilen Ah, you need the clustername when you do that, don't you?
07:55 lloesche yes
07:56 lloesche - tgt: 'G@cluster:data['id']['grain.get']['cluster']'  <= like this just correct :-P
07:56 babilen I was thinking of something like "tgt: 'G@cluster:ClusterNameA'" but you would need the value of that grain.
07:56 lloesche exactly
07:57 kalessin joined #salt
07:58 UForgotten joined #salt
07:59 pjs joined #salt
08:00 [M7] joined #salt
08:00 Ancient joined #salt
08:00 Fa1lure joined #salt
08:00 honestly joined #salt
08:00 Yoda-BZH joined #salt
08:03 lloesche_ joined #salt
08:10 calvinh joined #salt
08:11 scott_w joined #salt
08:11 calvinh_ joined #salt
08:11 babilen lloesche_: Could you write to the mailing list? I was about to elaborate on how to write a custom module that raises a custom "add_node" event with the grain, but there might simply be an easier way to get the grain at that point.
08:12 lloesche_ good idea, I'll do that
08:12 sarfu joined #salt
08:13 calvinh_ joined #salt
08:13 babilen https://www.refheap.com/90388 was that approach fwiw
08:15 babilen You could then configure your reactor to react to cluster/node_add events and get the grain from the data dictionary. You would also trigger cluster.node_add from the salt mine event (or from a minion start event)
08:16 calvinh joined #salt
08:16 babilen In fact you can forget about the salt mine in this case and just add whatever additional information you require to the node_add data dictionary
08:17 babilen But please ask about this approach too. I will happily reply to the mailing list, but I would personally be interested in seeing additional approaches.
08:18 calvinh joined #salt
08:19 calvinh__ joined #salt
08:20 intellix joined #salt
08:22 scott_w yo, i'm getting an issue with pillars
08:23 scott_w "Got a bad pillar from the master: type str, expected dict"
08:23 babilen lloesche_: I actually begin to like the reactor approach, but that might just be because I convinced myself of its beauty earlier. Would that work for you?
08:23 scott_w any idea where i'd start looking?
08:24 babilen scott_w: Show us the pillar, your command and its complete output on http://refheap.com please. Feel free to add any additional information that might help with debugging.
08:25 lloesche_ babilen: It sure would. Esp. since I can just add whatever data I need in the reactor event. I like that approach too.
08:25 lloesche_ I'm going to post to the mailing list anyways just to see what other solutions there might be.
08:25 babilen +1
08:26 babilen Just ask your question, I'll elaborate on the reactor approach and we'll take it from there. If other people can think of someting better I can improve my infrastructure too. :)
08:27 donaldinho joined #salt
08:29 scott_w https://www.refheap.com/90389
08:29 scott_w that's just an excerpt, the actual top.sls is much bigger
08:30 scott_w but if i take those lines out of top.sls, it works
08:32 scott_w aha i've found it
08:32 scott_w i have a dodgy key in my staging.sls
08:35 toddnni joined #salt
08:39 babilen scott_w: Which was it? I can't see anything wrong in there.
08:42 giantlock joined #salt
08:43 linjan joined #salt
08:45 lloesche_ babilen: https://groups.google.com/forum/#!topic/salt-users/0I_uCIacsVc
08:46 babilen ta
08:48 PI-Lloyd joined #salt
08:50 mndo joined #salt
08:55 scott_w babilen: i found the issue, it was further down
08:55 scott_w i had a user key
08:55 scott_w and it didn't like it
08:57 scott_w i've got quite a... complex setup going, so i need to take care in how i name everything
08:59 ramishra joined #salt
09:09 TheThing joined #salt
09:11 elfixit joined #salt
09:24 CeBe joined #salt
09:25 yomilk joined #salt
09:26 bhosmer joined #salt
09:31 epcim_ joined #salt
09:33 msc joined #salt
09:42 epcim_ joined #salt
09:42 sectionme joined #salt
09:45 kbyrne joined #salt
09:48 workingcats joined #salt
09:50 che-arne joined #salt
09:54 yomilk joined #salt
10:00 ramishra joined #salt
10:02 donaldinho joined #salt
10:03 calvinh joined #salt
10:06 hvn joined #salt
10:10 bhosmer joined #salt
10:16 blarghmatey joined #salt
10:33 kt76 joined #salt
10:37 crooton joined #salt
10:37 favadi joined #salt
10:37 linjan joined #salt
10:38 kt76 joined #salt
10:40 crooton joined #salt
10:48 calvinh_ joined #salt
10:51 yomilk joined #salt
11:00 linjan joined #salt
11:01 ze- is there a away for a runner to modify what would be the normal exit code, without using explicitly sys.exit?
11:02 ze- aka salt-run xxx => use the exit code. But if function is called internaly with __salt__['xxx'], let the caller decide what to do?
11:04 bhosmer joined #salt
11:24 hvn joined #salt
11:31 jslatts joined #salt
11:32 fredvd joined #salt
11:32 Metin joined #salt
11:33 Metin hi there
11:34 Metin is there anybody who can help me with s3.get cmd issue ?
11:35 diegows joined #salt
11:39 wnkz_ joined #salt
11:40 babilen Metin: Yes, that hypothetical person probably exist
11:41 babilen (ask a real question please)
11:42 Metin ok, i have setup a salt minion with an s3.key and s3.keyid grains, but when I run a s3.get mybucket from master, i get this issue
11:42 Metin TypeError encountered executing s3.get: object of type 'NoneType' has no len() ...
11:43 bhosmer joined #salt
11:51 babilen Metin: And you configured it as detailed on http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.s3.html ?
11:53 Metin yes I followed the steps described at this location
11:53 babilen Metin: Also is "mybucket" (exactly!) listed when you run 'salt yourminion s3.get' ?
11:53 babilen What about your settings in "salt 'yourminion' config.get s3:key" ?
11:54 Metin actually I get the same error msg when running 'salt yourminion s3.get'
11:54 Metin this is empty ! sorry i am new to saltstack
11:54 babilen Did you restart the minion after setting key and keyid in the minion config? Note that those are *not* grains so it might be good to see your configuration there too (you will want to redact your key without changing the nature of the data)
11:55 Metin i misunderstood minion config, i thought it was setting grains
11:55 jaimed joined #salt
11:56 babilen You can set grains in the minion config, but not everything you set in the minion config will be a grain.
11:59 Metin ok this was the point
11:59 Metin I have add s3.key and s3.keyid in the minion config file and this is ok
11:59 ndrei joined #salt
12:00 ajolo joined #salt
12:00 Metin Is there a command to add config keys and values from master ?
12:01 babilen Metin: You can provide a pillar with that data
12:01 babilen But more importantly: Did you restart the minion and does it work now?
12:02 Metin thank you babilen for your help, i will continue reading the walkthrough
12:02 Metin yes after restarting the minion service, this is working
12:02 babilen Wodnerful, have fun!
12:02 Metin bye
12:02 Metin left #salt
12:02 linjan joined #salt
12:09 Nazzy a curious question, has anyone come up with a solid solution for templated pre-gen stuff?  as in, a template file that is rendered master side and sent out as a normal file?
12:15 goosfraba joined #salt
12:26 darrend joined #salt
12:30 teebes joined #salt
12:41 miqui joined #salt
12:46 elfixit joined #salt
12:56 oyvjel joined #salt
12:57 aquinas joined #salt
12:58 aquinas_ joined #salt
12:58 vejdmn joined #salt
13:01 bhosmer joined #salt
13:01 cpowell joined #salt
13:01 bhosmer_ joined #salt
13:01 debianix_ joined #salt
13:02 ndrei joined #salt
13:02 A||SySt3msG0 joined #salt
13:02 englishm joined #salt
13:03 bhosmer__ joined #salt
13:08 oz_akan joined #salt
13:08 racooper joined #salt
13:14 mpanetta joined #salt
13:19 kbyrne joined #salt
13:20 teebes joined #salt
13:24 micah_chatt joined #salt
13:26 ramishra joined #salt
13:29 micah_chatt joined #salt
13:32 dccc joined #salt
13:32 dude051 joined #salt
13:34 Ashex left #salt
13:35 epcim joined #salt
13:38 ndrei joined #salt
13:43 mapu joined #salt
13:47 DaveQB joined #salt
13:47 jollyroger joined #salt
13:49 nitti joined #salt
13:49 tk75 joined #salt
13:51 Hell_Fire joined #salt
13:52 Gnouc joined #salt
13:52 kt76 joined #salt
13:53 ndrei joined #salt
13:54 mapu joined #salt
13:55 lloesche joined #salt
13:59 justyns joined #salt
14:00 justyns joined #salt
14:00 eunuchsocket joined #salt
14:00 justyns joined #salt
14:01 justyns joined #salt
14:03 rallytime joined #salt
14:07 perfectsine joined #salt
14:09 dccc joined #salt
14:12 higgs001 joined #salt
14:12 housl joined #salt
14:16 VSpike Question: in http://salt.readthedocs.org/en/latest/ref/states/all/salt.states.module.html#execution-of-salt-modules-from-within-states why can you pass module.run "- func: something.something" or "-name: something.something"?
14:18 ndrei joined #salt
14:19 VSpike I can see from the method docs that the first parameter is called "name", so the second form makes snese. But where the heck does the first form come from?
14:20 babilen VSpike: fwiw, readthedocs aren't up-to-date
14:23 cuonglm joined #salt
14:24 VSpike Is it perhaps the case that if the first parameter is positional, it doesn't matter what you call it?
14:24 mpanetta babilen: I think yesterday you were talking to me about the event stuff, and the presence events...  When do they show up?  I have not seen any...
14:24 Nazzy babilen, in this case that's moot, I checked that already
14:24 Nazzy VSpike, the first param is positional, but I think in this case the docs are wrong
14:24 babilen It is indeed (just wanted to point out that readthedocs aren't the best place to go for documentation)
14:24 babilen mpanetta: Did you explicitly enable them on the master as I asked you to do?
14:25 mgw joined #salt
14:25 TheRealBill joined #salt
14:25 VSpike babilen: where is the best place?
14:25 mpanetta babilen: I must have missed that.  How do I do it?  I don't see any mention about enabling them on the master_events page... :(
14:25 Nazzy docs.saltstack.org
14:25 babilen mpanetta: http://docs.saltstack.com/en/latest/ref/configuration/master.html#presence-events
14:26 Nazzy .com even *fail*
14:26 mpanetta babilen: Thanks!
14:26 babilen np
14:27 babilen mpanetta: And then just restart some minions and you should see plenty
14:27 Nazzy yeah, the docs are wrong, they have to be
14:27 babilen I'd expect "- name:" too, but then *shrug*
14:27 mpanetta Ok cool
14:27 Nazzy https://github.com/saltstack/salt/blob/develop/salt/states/module.py#L118 and the two blocks following it
14:28 Nazzy well actually more L122 and L127, but meh
14:30 Nazzy it's pulling the name arg directly, ... so the func construct only works if positional arguments lie to the end function, or there's a rewrite in there somewhere to do s/func/name/
14:31 VSpike how long does a watcher watch for? indefinitely?
14:31 Cyph_us joined #salt
14:32 Nazzy Mu
14:33 Nazzy you're meaning requisites, ya?
14:33 diegows joined #salt
14:33 djstorm joined #salt
14:34 VSpike Nazzy: me?
14:34 Nazzy ya
14:34 pdayton joined #salt
14:34 jadfisdf joined #salt
14:35 Nazzy VSpike, I'm guessing you mean like service.watch requisites?
14:35 VSpike I was looking at http://docs.saltstack.com/en/latest/ref/states/all/salt.states.module.html#execution-of-salt-modules-from-within-states
14:35 VSpike the module.wait example
14:36 ndrei_ joined #salt
14:36 Nazzy VSpike, they seem to be a special case of requisites, but there's not really life spans in the way you mean
14:37 VSpike or http://docs.saltstack.com/en/latest/topics/tutorials/states_pt2.html#require-other-states in the "require vs. watch" box
14:37 ndrei joined #salt
14:38 VSpike Does it mean that as long as the minion is running, if you change that file the service will restart? Or only while actually doing salt '*' state.highstate ?
14:38 Nazzy VSpike, the states are assembled in to a single tree with dependencies and ordering ... watches are just another sort of dependency
14:38 VSpike Right ... so if anything in that run changes the file, the service will restart after that as part of the execution
14:39 VSpike It's not a resident watcher
14:39 Nazzy yup ... watches don't persist outside of the state tree's instance
14:39 VSpike Great, thanks... that clarifies things a bit
14:39 Nazzy it's things along the lines of "rebuild this package if another_package is upgraded"
14:40 VSpike Yeah
14:40 jslatts joined #salt
14:41 Nazzy states.module is something of an anomaly actually ... normally states are more declarative than imperative
14:43 giantlock joined #salt
14:47 BrendanGilmore joined #salt
14:48 scbunn joined #salt
14:49 fannet joined #salt
14:50 bhosmer joined #salt
14:51 eunuchsocket joined #salt
14:53 ksalman is it possible to do a  salt-call locally without setting the "file_client: local" option?
14:53 ksalman There are times I need to do that temporarily
14:54 PI-Lloyd ksalman: I think you can use --local in the salt-call
14:55 PI-Lloyd "salt-call --local state.highstate" for example, not sure if that's exclusive to masterless setups or if it will work in a master environment or not
14:55 ksalman I am looking at this document http://docs.saltstack.com/en/latest/topics/tutorials/standalone_minion.html and it says " To instruct the minion to not look for a master when running salt-call the file_client configuration option needs to be set.". It also says "Or the salt-call command can be executed with the --local flag, this makes it unnecessary to change the configuration file"
14:56 patrek is there a way, with salt.states.host, to ensure that the first entry after the ip address is something specific?
14:56 Ozack joined #salt
14:56 PI-Lloyd ksalman: then --local option is your answer
14:57 ksalman PI-Lloyd: Hmm..thanks I'll try that
14:57 VSpike When using states.module, is there a way to wait for the call to complete before executing the following states?
14:57 PI-Lloyd ksalman: I'm not sure how that works with pillar data though, salt-minion caches the states but I've not seen it cache pillar data (been trying to find this out for a while)
14:58 jalbretsen joined #salt
14:58 ksalman PI-Lloyd: that's a good point. I am not sure about that either
14:58 PI-Lloyd looking at it, it must do somewhere or "salt-run cache.clear_pillar" would be kind of pointless
14:59 kingel joined #salt
15:00 eunuchsocket Is there a secure way to distribute files with the salt fileserver?  ie. I'd like to distribute kerberos keytabs with a salt state with salt://krb/files/{{hostname}}.keytab   However, I'm concerned that if a minion is compromised the could create a local state that fetches the keytabs for other servers
15:01 ndrei joined #salt
15:01 gmoro joined #salt
15:02 ndrei_ joined #salt
15:05 Nazzy VSpike, the func bit in module.run is indeed wrong and was corrected recently, the changes didn't get fully merged yet
15:05 Nazzy the name keyword is the one to use :)
15:06 VSpike Nazzy: thanks!
15:06 oyvjel joined #salt
15:08 SheetiS joined #salt
15:08 Nazzy yw :)
15:08 dude051 joined #salt
15:09 viq eunuchsocket: you need pillars for that
15:10 eunuchsocket viq: right, but I don't see any way to store binary data in pillars
15:10 eunuchsocket viq: so I can make the source path to the keytab known to the minion via a pillar but since all the keytabs are available on the salt fileserver a malicious state could guess the path and extract all the keys
15:11 viq eunuchsocket: if you look, there are discussions about it, but AFAIK no good way to solve it yet
15:12 eunuchsocket viq: thanks, I have a workaround in mind but that'd certainly be nice to see in a future release
15:12 viq There are suggestions, there are ideas, but I don't think I've seen a "oh, yeah, that's how everyone should do it!" one yet
15:13 viq ugh, I don't hav that available right now, someone wrote a custom external pillar that was returning content of files as pillars for use with openvpn
15:14 A||SySt3msG0 joined #salt
15:15 goosfraba joined #salt
15:16 babilen viq: You are thinking of http://garthwaite.org/virtually-secure-with-openvpn-pillars-and-salt.html
15:16 viq eunuchsocket: ^
15:17 fragamus joined #salt
15:18 FeatherKing joined #salt
15:18 babilen I don't really like that particular solution (I'll opensource something nicer soon), but the general idea is: Write your pillar in Python and read a file whose content you will return in a dictionary. That pillar can then be referenced in file.managed content_pillar.
15:19 FeatherKing is there a way to format output from salt-run jobs.lookup jid ##
15:19 eunuchsocket I'm not sure if it'd make sense to put a binary blob in a dictionary
15:20 babilen eunuchsocket: I keep all sorts of data in a dictionary when I program Python.
15:23 wendall911 joined #salt
15:25 litwol manfred: hello. any news on portage/ebuild ?
15:25 ksalman babilen: I know why I didn't think of the __name__ == "__main__" trick to test a python sls file..
15:25 ksalman i am currently writing one and have been running it on the minion to test it
15:25 ksalman >.<
15:26 ksalman I "don't" know why
15:26 debianix joined #salt
15:26 babilen ksalman: It doesn't get you much though due to salt's crazy monkey patching
15:27 babilen I mean you cannot test anything that relies on __salt__, __grains__, .. or any of the dunder dictionaries: http://docs.saltstack.com/en/latest/topics/development/dunder_dictionaries.html
15:27 ndrei joined #salt
15:27 ndrei_ joined #salt
15:28 babilen litwol: Regarding a salt package ?
15:28 ksalman oh i see
15:28 litwol babilen: yes.
15:28 debian112 joined #salt
15:28 litwol babilen: triggering pkg.installed to be "false" when use flags change
15:29 babilen ksalman: I quite dislike the monkey patching as it also means that you cannot reference anything in those dunder dictionaries at evaluation time and would have *much* preferred explicit functions for those.
15:29 eliasp joined #salt
15:30 babilen litwol: http://packages.gentoo.org/package/app-admin/salt -- looks as if the latest packages for Gentoo are .10 rather than the newest .11
15:30 babilen But I probably miss some context from an earlier discussion with manfre3d
15:31 litwol babilen: question was about salt /ebuild/ module
15:31 UtahDave joined #salt
15:31 manfred litwol:  i tried to get to it yesterday, but my coding time ran into my training time, and then all of a sudden, it was 9pm and I was at an expensive italian restaurant, with no desire to look it up :P
15:32 litwol babilen: /salt ebuild/ module allows 'pkg' support from gentoo portage. pkg.installed handles correctly installing packages etc etc. however when use flags /change/ it does *not* trigger package rebuild... which now means that 'pkg.installed' is wrong.
15:32 babilen ack
15:32 litwol manfred: ah np! no rush (really, rush!, but no such :-p). just wanted to double check i am not missing anything.
15:34 jollyroger joined #salt
15:34 ckao joined #salt
15:35 debianix joined #salt
15:37 jollyroger Hi. I'd like to change state definition in SLS file based on the fact that some package is installed. I try to use something like "{% if salt['pkg.version']('pkgname', None) %}{% endif %}" but I get an error. Will this actually work?
15:39 eliasp jollyroger: it should work
15:40 eliasp jollyroger: but better would probably be {% if "foo" in salt['pkg.list_pkgs'] %} .. {% endif %}
15:40 perfectsine joined #salt
15:40 jollyroger eliasp: thanks, I'll try
15:42 higgs001 joined #salt
15:48 scbunn joined #salt
15:49 dude051 joined #salt
15:54 bezeee joined #salt
15:55 WesleyL hi, I'm using a jinja file as a source for a file.managed, but it's being created uncompiled in the final folder. How do I found out how?
15:56 SheetiS WesleyL: Do you have a copy of the file.managed state that you can give a paste URL for?  Usually it is because the file.managed doesn't show that it is a jinja template.
15:57 iggy ^ would be my guess too
15:57 WesleyL http://pastebin.com/R6qYtAdt
15:57 SheetiS http://docs.saltstack.com/en/latest/ref/renderers/all/salt.renderers.jinja.html#jinja-in-files see this for the "- teplate: jinja" line
15:58 iggy *template
15:58 WesleyL thanks :)
15:58 SheetiS iggy: thanks I fat fingered it
15:58 WesleyL that did the trick.
15:59 iggy so... we are once again having issues using mine.get filtering based on grain
15:59 SheetiS iggy: yours was a multimaster setup for that wasn't it?
15:59 iggy no
16:00 iggy "salt-call mine.get roles:foo network.get_hostname grain"
16:00 iggy that returns a completely incorrect list
16:00 VSpike I have these state files https://bpaste.net/show/916bb4beb81b but the reboot is happening while the powershell 4 installation is still running ... what can I do about that?
16:00 thayne joined #salt
16:00 VSpike Also, the chocolatey bootstrap seems to install it every time it's called, but is that a known issue?
16:01 iggy vs say "salt -G 'roles:foo' test.ping"
16:02 iggy I thought setting the mine_interval fixed it before, but it doesn't seem to be helping now
16:02 tligda joined #salt
16:02 SheetiS iggy: is the 'foo' role new within that mine_interval?  Also does forcing a mine refresh seem to help?
16:03 iggy the role has existed on these servers from the get go
16:03 iggy and forcing a mine refresh doesn't help
16:04 SheetiS hmm so it's data that changed that was already working previously.
16:05 felskrone joined #salt
16:05 iggy so we have 3 different... not environments because they have separate salt servers, but yeah, dev, qa, prod
16:05 SheetiS Vspike:  I'm not seeing any dependencies in that. Are you using an orchestration to call everything?
16:05 iggy dev and prod work, qa doesn't
16:06 iggy and qa was working (up until Google's huge crash the night before)
16:06 VSpike SheetiS: worryingly, I don't understand your question
16:06 VSpike sorry, only just starting with saltstack
16:07 SheetiS VSpike: Since you want things to happen in a certain order, salt offers something called orchestration that can force that, or you can say a particular state/service/etc is dependent on other services.  I'll paste a few links in a moment
16:08 SheetiS iggy: tried to salt-run cache.clear_mine and then try again with mine refresh?
16:08 iggy I can
16:08 SheetiS you have to target that but * might be a good place to target.
16:09 VSpike SheetiS: I thought salt states ran by default in the order listed?
16:09 bezeee joined #salt
16:11 SheetiS VSpike: Technically I believe that is true, but if you have any 'requires' type lines anywhere in your config, I think the order gets completely ignored after that.
16:11 SheetiS http://docs.saltstack.com/en/latest/topics/tutorials/states_pt5.html#the-orchestrate-runner is how I handle ordered runs, especially when it involves more than one minion
16:12 VSpike SheetiS: from a quick look, it looks likes the orchestrate running is more for ordering things between multiple minions
16:13 pdayton joined #salt
16:13 PI-Lloyd iggy: try this - "salt-call mine.get 'roles:foo' 'network.hostname' " on a minion or "salt 'saltmaster' mine.get 'roles:foo' 'network.hostname' " from master. I've found if I don't use single quotes, data returned is either null or incorrect
16:14 iggy SheetiS: clear_mine may have done the trick
16:14 SheetiS VSpike: indeed, do you have any 'require' lines anywhere in your states? (not just the ones you pasted).  http://docs.saltstack.com/en/latest/ref/states/requisites.html
16:15 iggy at least the salt-call mine.get is returning the proper data now
16:15 SheetiS iggy: somehow bad data got in there.  I'm not sure how that happened, but we sure can purge it and then refresh.
16:15 intellix joined #salt
16:15 englishm joined #salt
16:15 iggy ... state is still not doing the right thing, but that's somebody else's job to fix ;)
16:16 SheetiS :)
16:16 troyready joined #salt
16:16 rglen joined #salt
16:17 VSpike SheetiS: there's a top.sls https://bpaste.net/show/9c959b5fa434
16:17 VSpike One of the linux states has a require, but that would not be relevant to this windows box, I'd think
16:17 UtahDave VSpike: module.run will execute every time, unless you add some checks
16:18 mgw is jhealy still doing the ubuntu packaging?
16:19 UtahDave mgw: yep!
16:19 VSpike UtahDave: there's a check in the global.sls
16:19 mgw UtahDave: thanks -- do you know where he keeps the packaging info? I've pulled the source package from launchpad in the past
16:19 mgw But I assume there's a git repo somewhere
16:20 UtahDave VSpike: for the chocolatey.sls?
16:20 VSpike UtahDave: oh ... the docs for chocolatey.bootstrap say it will only do something if there's no chocolatey in the path
16:20 UtahDave mgw: Hm. I think most of that is kept in the salt repo itself, but it's been a while since I've talked with joe about that, so I'm not 100% sure.   Have you looked there?
16:21 VSpike UtahDave: the more immediate problem is that on the first run, is starts installing powershell4 and then almost immediately the reboot message appears and it reboots before the install is complete
16:21 UtahDave VSpike: maybe the path isn't being updated
16:21 VSpike UtahDave: I wondered that... but I've noticed it still behaves the same way after the minion is rebooted
16:22 mgw UtahDave: yeah, it's in pkg it seems
16:22 mgw rather than debian/
16:22 mgw thanks
16:22 UtahDave VSpike: OK, so that means the powershell script is returning early.  What happens if you comment out the reboot part of the sls?  Does powershell install successfully?
16:22 UtahDave any time, mgw
16:22 jnials joined #salt
16:22 mgw Is Jesse Collier here?
16:24 mgw iggy: re that issue yesterday with cli commands taking a long time to begin execution -- can you check something?
16:24 sudarkoff joined #salt
16:24 davet joined #salt
16:24 iggy sure
16:24 aparsons joined #salt
16:24 mgw do you have "expect fork" in your salt-master upstart script?
16:25 mgw /etc/init/salt-master.conf
16:25 iggy debian...
16:25 davet1 joined #salt
16:26 mgw oh, ok
16:26 tmh1999 joined #salt
16:27 mgw UtahDave (or other devs): Has anything changed with the way salt-master forks?
16:27 mgw or daemonizes I should say
16:28 mgw for some reason this was added: https://github.com/saltstack/salt/blame/develop/pkg/salt-master.upstart#L9 and it's breaking things
16:29 Cyphus joined #salt
16:30 UtahDave mgw: Hm. I'm not familiar with that at all. Let me ask around
16:31 mgw It makes service salt-master stop|start|restart hang, which is what happens when you have the wrong "expect"
16:32 mgw It may be related to the slow CLI execution too, although iggy was having that on debian as well
16:32 UtahDave mgw: looks like someone already commented on the code mentioning that:    https://github.com/saltstack/salt/commit/e04043aabd421ce3f76abeea56285042be766c28
16:32 VSpike UtahDave: no, because chocolatey.install_missing throws an exception :/
16:32 VSpike I think the moral of the story might be to avoid the chocolatey module for no
16:32 VSpike w
16:33 VSpike I'm not sure if I can install powershell4 via the win_repo, because I don't think it appears in the package list
16:33 UtahDave VSpike: OK, just run the powershell sls file with the reboot commented out. Verify powershell is actually getting installed with it.
16:33 mgw UtahDave: sure enough.... can somebody revert that commit?
16:33 UtahDave I'll have Tom look at it.
16:33 mgw thanks
16:33 KyleG joined #salt
16:34 VSpike UtahDave: that's what I was trying to .. but whatever chocolatey.install_missing does when powershell4 is already installed (which it is on this VM now) causes it to throw an exception
16:34 ulikabbq joined #salt
16:34 bezeee joined #salt
16:35 vbabiy joined #salt
16:35 VSpike There seem to be too many problems with this approach of using the chocolatey module.. think i'll go home (UK time here) and try something else in the morning
16:35 ulikabbq newbie here trying to execute salt from a bash script that is fired by a nagios event handler and not sure where I need to set the permissions for the nagios user
16:36 VSpike UtahDave / SheetiS : thanks for the help
16:36 ndrei joined #salt
16:36 ndrei_ joined #salt
16:36 nitti_ joined #salt
16:37 jnials_laptop joined #salt
16:37 SheetiS VSpike: good luck with it tomorrow then!
16:38 UtahDave mgw: I'm going to remove it right now.
16:38 mgw UtahDave: ok, thanks
16:38 babilen mgw: Debian doesn't use upstart (unless you explicitly switch to it, which would be sort of pointless as systemd will be the default init system in jessie)
16:39 babilen (so not sure if that particular change would be responsible for any problems on Debian)
16:39 iggy I'm the one using debian
16:39 mgw babilen: i'm on ubuntu
16:39 mgw trusty
16:39 babilen my condolences
16:39 babilen ;)
16:39 ksalman ha
16:40 SheetiS babilen: That's the first good laugh I've had all day :D
16:40 jnials_ joined #salt
16:40 UtahDave mgw: I noticed that the salt-minion upstart script doesn't have it
16:42 babilen ulikabbq: Just configure sudo in such a way that the nagios user can run salt with superuser privileged
16:42 UtahDave mgw: here's the pull req: https://github.com/saltstack/salt/pull/15927
16:43 darrend joined #salt
16:46 sadbox_ joined #salt
16:48 ulikabbq so if I run sudo -u nagios ./salt.sh then I get a message back that says failed to connect to the master is salt running
16:49 linjan joined #salt
16:49 workingcats joined #salt
16:49 debianix joined #salt
16:49 babilen ulikabbq: yes, don't run it as nagios. Your nagios user should be able to run the salt command with superuser privileges.
16:50 babilen I'm not sure if I would configure that though.
16:50 ulikabbq so I am trying to fire a salt command based on a nagios event what would be the best way to do that
16:50 vimalloc joined #salt
16:51 babilen I mean granting nagios the means to essentially execute *anything* on your minions is certainly problematic security-wise.
16:52 kermit joined #salt
16:52 KyleG joined #salt
16:52 KyleG joined #salt
16:53 vimalloc So, I'm having a wierd problem. Maybe someone has seen something like it before? Got a minion that isn't responding to state.highstate or test.ping from the salt master, but I can call 'salt-call state.highstate' from the minion itself and it works just fine. Verified they are running the same version of salt (2014.1.4), restarted all daemons, checked pub keys, and see that there is an ESTABLISHED connection in
16:53 vimalloc netstat on the salt master to the minion.
16:53 SheetiS a fairly strict sudoers command alias could help mitigate what could be executed (or limit the sudo operation to a script that does exactly what you want)
16:53 vimalloc Any ideas what may be going on there? I'm scratching my head at the moment
16:53 ulikabbq so is there a way to limit the nagios user to execute specific salt commands? I have a powershell script that I am kicking of from salt and it works great. I just want to be able to trigger it on this specific nagios event
16:54 prandelicious joined #salt
16:54 prandelicious hi all
16:54 SheetiS ulikabbq: you could put the specific command in salt.sh (or some script file) and then do something like this (paste url in a moment) in your sudoers file
16:56 ulikabbq so I should also state that I am pretty green with linux as well. I do have the nagios user in the sudoers file to be able to execute anything with sudo
16:57 SheetiS ulikabbq: This will restrict nagios so it can't run everything (you don't want to do that for security)
16:57 prandelicious i'm running salt-call --local cmd.run via sudo and I keep getting 'command not found' even though the binary I'm calling is in the correct path
16:58 SheetiS ulikabbq: This is how I'd do it and put my command i need run into salt.sh: https://bpaste.net/show/a8eab966caac
16:58 Gareth morning morning
16:59 kingel joined #salt
16:59 SheetiS in my sudoers or at least the equivalent in my https://github.com/saltstack-formulas/sudoers-formula :).
17:00 ulikabbq ok so I have this in a lab right now and the nagios user is in the sudoers file to execute anything so why would I have an issue with  sudo -u nagios ./salt.sh
17:00 SheetiS that's backwards. you are saying to run salt.sh as nagios
17:01 SheetiS instead of when you are the nagios user using sudo to run salt.sh as root
17:01 SheetiS when nagios (running asthe nagios user) runs the command, it'd want to 'sudo ./salt.sh'
17:02 ulikabbq ok I am going to try this out. thanks for the help
17:02 forrest joined #salt
17:03 nitti joined #salt
17:03 bezeee joined #salt
17:03 SheetiS good luck.  again be careful with sudo in production as once you open anything to run salt commands, the scope of a potential security implication expands greatly.
17:04 TheoSLC joined #salt
17:04 TheoSLC Good morning
17:05 ajolo_ joined #salt
17:05 NotreDev joined #salt
17:06 TheoSLC I see that salt-api has died and was merged with the salt-master.  I'm looking to use the salt api for the first time.  But I can't find instructions on how to configure it from the salt-master.  Any help?
17:09 nitti_ joined #salt
17:10 Gareth UtahDave: ping
17:11 UtahDave TheoSLC: the configuration should still be the same.
17:11 UtahDave hey, Gareth1
17:11 kiorky joined #salt
17:11 chrisjones joined #salt
17:11 TheoSLC UtahDave: I just can't find any documentation on that configuration
17:12 Gareth UtahDave: :) question for you.  Do you know of a way to get all the gateways from a Windows routing table?  Looking for a netstat -rn equivalent.
17:13 Ryan_Lane joined #salt
17:14 UtahDave TheoSLC: Hm.  Try here:  http://docs.saltstack.com/en/latest/ref/netapi/all/salt.netapi.rest_cherrypy.html
17:14 UtahDave or all of them here:  http://docs.saltstack.com/en/latest/ref/netapi/all/index.html
17:14 TheoSLC UtahDave: Thanks
17:15 UtahDave Gareth: Yeah, I think i've done that before. Let me look up some code real quick
17:19 ulikabbq SheetiS: I made the changes in the sudoers file and nagios triggered the event but salt is throwing the message 'failed to connect to master, is the salt master running?'
17:19 KyleG UtahDave: Can I get your advice on this? https://gist.github.com/kylegato/2c9c8b72872b314018f0 Wondering why it's not targeting my bd0 boxes. Do I have to start the first part with AND and then use OR's for the rest?
17:19 englishm joined #salt
17:19 jaimed joined #salt
17:21 Ryan_Lane I see a state that will handle concurrency using zookeeper, but no zookeeper execution module :(
17:22 UtahDave KyleG: just a sec. finishing something up.
17:22 KyleG sure thing
17:22 SheetiS ulikabbq: are you able to show a paste with all the pieces (sanitized if needed) including your shell?  also is the nagios server also the salt master, or just a minion?
17:23 higgs001 joined #salt
17:23 dstokes hey guys. is it safe to reference pillar data from within another pillar file? i.e. p2.sls -> pillar.get('p1sls_val')
17:24 ulikabbq yes the nagios server is the master. the shell script is nothing but this : 'salt "2012" cmd.run "powershell c:\scripts\hi.ps1"
17:25 ulikabbq when I run ./salt.sh it works but when it is fired from the nagios event it throws the message about the salt master not running
17:27 SheetiS I'd need to see the contents of the shell script and ideally the part of the nagios config that calls it to help further.
17:27 smcquay joined #salt
17:27 ulikabbq that is all that is in the shell script. just that one salt command
17:28 beneggett joined #salt
17:28 SheetiS ahh I see now.
17:28 SheetiS in nagios are you calling it as sudo then?
17:29 SheetiS also you might need to say Defaults:nagios !requiretty so that you can sudo without a tty
17:29 ulikabbq yes
17:29 kingel joined #salt
17:29 ulikabbq put that in the sudoers file?
17:30 SheetiS possibly needed, but the command wouldn't run at all if you need it.
17:32 ulikabbq https://bpaste.net/show/4c6524692675
17:33 ulikabbq that is the nagios commands.cfg
17:33 SheetiS ulikabbq: you need to use 'sudo' on that command.
17:33 SheetiS so put sudo in front of it and try  again
17:34 smcquay joined #salt
17:34 SheetiS if that doesn't work then you will need to make the sudoers change I menitoned above.
17:35 smcquay joined #salt
17:35 smcquay joined #salt
17:37 ulikabbq that worked. thank you so much for the help
17:37 SheetiS no problem.
17:39 ndrei joined #salt
17:39 NotreDev joined #salt
17:39 ndrei_ joined #salt
17:40 drawks ah fun. legal department finally responded to my FOSS contribution request.
17:40 drawks looks like salt is now on the whitelist ;)
17:41 forrest drawks, sweet
17:41 drawks now to write something non-trivial
17:42 forrest drawks, trivial stuff is good too, a fix is a fix.
17:42 drawks heh I've done a few of those already
17:43 drawks was gonna take a crack at a state module for parted
17:43 forrest nice
17:43 debianix joined #salt
17:43 forrest that would be cool
17:43 drawks cool and a little dangerous
17:43 forrest well yeah
17:43 forrest but the module already exists
17:43 forrest so it shouldn't be too bad
17:43 mr_chris joined #salt
17:44 overyander joined #salt
17:45 TheoSLC UtahDave: I added the rest_cherrypy configuration to my master config and restarted.  Nothing happened.  no ports open, and no rest,api,cherrpy,errors or warnings reference in the debug log.  Did I forget something?
17:45 forrest TheoSLC, is that for halite?
17:46 overyander I'm looking for a solution to manage a lot of windows desktops, some are on lan and many are remote at the users home. Is Salt good for this or is this more for managing vm systems?
17:47 forrest overyander, Salt could work for that, but as far as I'm aware it's only been tested for the server variety. It also might be a bit of a concern for security depending on how permissions are configured for users. UtahDave might have some more insight.
17:47 overyander users aren't admins and are locked down farily well with group policies.
17:53 crisdev joined #salt
17:55 kingel joined #salt
17:59 aparsons joined #salt
18:00 ajolo_ joined #salt
18:03 CeBe joined #salt
18:04 cpowell joined #salt
18:06 kballou joined #salt
18:08 UtahDave overyander: Salt will work great for that situation
18:09 UtahDave hey KyleG. Looked at your nodegroup definition
18:09 forrest UtahDave, Did you test it with desktops pretty thoroughly?
18:09 UtahDave let me check, but I'm not sure you can have a list item with a glob
18:09 UtahDave forrest: I did all the initial development of Salt on XP on my desktop
18:09 forrest UtahDave, oh sweet then
18:10 UtahDave One good thing about Windows is that they do an incredible job with backwards compatibility
18:10 forrest heh
18:10 UtahDave So most things work from XP up through server 2012
18:10 forrest nice
18:10 UtahDave except for some powershell differences
18:10 forrest powershell is 2% of users anyways I'm sure :P
18:10 forrest so not a huge proble
18:10 forrest *m
18:12 felskrone hey dave, did you ever tell mike about the post-card i sent you?
18:15 kingel joined #salt
18:15 UtahDave felskrone: he he. No, I don't think I ever did.  Mike joined SaltStack much later than that.
18:15 Guest21943 joined #salt
18:15 UtahDave I still have that card!  :0
18:18 saggy Dave, glad to see you online. is there a chance I can get your salt formulas that you used to build docker in rackspace in the demo at NY a couple of months ago
18:18 saggy i hope you remember me. I am sagar - I sent you an email also at the time
18:18 felskrone ok, just wondering because he will also get one if he adds config-reload with out service-restart :-)
18:19 UtahDave saggy: Yeah, I remember you!   Yeah, let me grab the url to the repo for the docker demo
18:19 forrest saggy, are you talking about https://github.com/UtahDave/dock_apache ?
18:19 UtahDave forrest is my Salt bot that knows my intentions and desires before even I do!!
18:20 mpanetta hah!
18:20 forrest UtahDave, I actually just happened to have github open already :P
18:20 saggy let me check
18:20 UtahDave saggy: you'll also probably need https://github.com/UtahDave/haproxy-docker
18:20 UtahDave :)
18:20 mpanetta What version of salt has the presense->presence spelling fix in the presence events anyway?
18:20 forrest lol
18:22 SheetiS !forrestbot pull_request me <some_fix> :)
18:22 forrest lol
18:22 forrest nooooooooo
18:22 saggy yes this looks good
18:22 scbunn joined #salt
18:23 mechanicalduck joined #salt
18:23 saggy thank you!
18:23 kingel joined #salt
18:23 saggy if i remember correctly you had rackspace formulas also
18:24 UtahDave !forrestbot make me a sandwich
18:24 skyler_ I want to make my states behave differently depending on the existence of other minions. For example, I want a dns record to have a default value, but then change when a particular minion is finished being provisioned.
18:24 saggy is there anything around that so i could reference for my openstack/rackspace instances
18:24 forrest UtahDave, if anything you should be making sandwiches, since you were at the deli yesterday!
18:24 UtahDave saggy: I had just created a Salt Cloud map that would spin up the vms I wanted
18:24 forrest a sandwich sounds good though... mmm
18:24 skyler_ It seems like the reactor system fits this the best, but the examples I see all show it running something, not altering data.
18:25 UtahDave forrest: mm
18:25 saggy ok
18:25 aparsons joined #salt
18:26 Gareth SANDWICHS FOR ALL!
18:26 ericof joined #salt
18:28 saggy Thank you DAve. I will try
18:29 babilen mpanetta: 1a9ae90 is in develop and 2014.7 (so the change should become relevant once you upgrade to Helium)
18:29 mpanetta babilen: Awesome, thanks!
18:30 mpanetta !UtahDave botsnack
18:30 mpanetta :P
18:31 higgs001 joined #salt
18:33 kermit joined #salt
18:36 vimalloc left #salt
18:37 blarghmatey joined #salt
18:39 vejdmn joined #salt
18:39 sectionme joined #salt
18:39 skyler_ I need to make a conditional state. If a repository exists, pull the files from the repository, if not, then I need to fetch from a backup server. How should I go about this?
18:39 thayne joined #salt
18:42 aparsons joined #salt
18:44 nw0428 joined #salt
18:45 nw0428 Where can I get the 2014.7 rpm of salt?
18:45 nw0428 I cant find it anywhere
18:45 forrest there isn't one yet
18:45 nw0428 Well that explains that
18:45 nw0428 Any guess on the timeline for it?
18:45 forrest nw0428, nope, it's still in RC1
18:45 nw0428 Ok thanks
18:45 forrest oh no, there's an rc2 tag now
18:45 forrest that's good
18:45 forrest but yeah, no idea
18:46 forrest nw0428, I think they're trying to really clean up a lot of bugs with this one
18:46 forrest nw0428, so it's taking a bit longer (which is fine by me), and there are a ton of amazing features...
18:46 nw0428 In that case, I am trying to get the ip address of a minion in a state and am having trouble with it
18:47 nw0428 This code is failing: {%- set local_ip = salt['mine.get'](grains['id'], 'ip_interfaces' )["eth0"] %}
18:47 SheetiS forrest: yeah I'm kinda drooling over some of the new features :D
18:47 nw0428 Jinja variable 'dict' object has no attribute 'eth0';
18:47 nw0428 I am totally drooling over the show full context bit
18:47 nw0428 =)
18:48 nw0428 Anyway
18:48 forrest SheetiS, a lot of people are, at least 4-5 times a day someone is asking when the release is :P
18:49 nw0428 when I run salt '*' grains.get "ip_interfaces" I can clearly see that all of my machines have an eth0
18:49 SheetiS nw0428: 1) what do your mine functions look like. and 2) why using the mine to get local information that doesn't require the mine?
18:49 nw0428 How do I get it without the mine?
18:49 nw0428 @SheetiS
18:49 joroy joined #salt
18:50 SheetiS salt['grains.get']('ip_interfaces', <default_if_not_found>) would work
18:50 nw0428 huh
18:50 nw0428 ok
18:50 chrisjones joined #salt
18:50 SheetiS or since you are not using a delimiter there, just grains.get('ip_interfaces', <default>) would work
18:50 nw0428 Thanks so much @SheetiS
18:52 mapu joined #salt
18:54 diegows joined #salt
18:54 SheetiS nw0428: for future refrence alsoe when using the mine, it returns as a dict the following {'<minion_id>': <mined data>} so you'd have had to add more logic to get the key out of there.  This is true even if there is a single result.
18:55 SheetiS Just in case you need to use the mine elsewhere in the future.
18:55 ndrei joined #salt
18:55 ndrei_ joined #salt
18:57 SheetiS forrest: I think 4-5x a day may be a low estimate on that.  I've been idling in here quite a bit and questions about the 2014.7 release come all the time ;-)
18:57 forrest SheetiS, heh, could be. It's not a big deal, people are excited.
18:57 jmccree joined #salt
18:58 pdayton joined #salt
18:58 SheetiS I think it's a good thing
18:58 forrest agreed
18:59 jforest joined #salt
19:00 n8n joined #salt
19:00 SheetiS I used to use puppet, and when I started a new job where there was no automation at all, I decided to evaluate salt, puppet, and a couple of others (was thinking chef or ansible).  I tried salt first, thinking I'd fall back on what I was familiar with last (puppet), and I never looked back.
19:01 forrest SheetiS, yeah, that was the whole reason I started working on salt, I just hated puppet so much
19:01 forrest now I just like Salt
19:03 bhosmer joined #salt
19:03 VSpike I'm hoping Salt will be able to do everything I need on Windows, because I like it a lot so far. Otherwise, chef would be my plan B, I think
19:03 bezeee joined #salt
19:04 forrest VSpike, does Chef do windows now? I don't really keep up with it
19:04 VSpike I don't like dealing with ruby tools though :) Trying to resolve all the gems and bundles and ruby versions between chef and vagrant and the rest is painful
19:05 forrest yep
19:05 VSpike forrest: it's still a second-class citizen for sure, but its Windows support is more mature than Salt's
19:05 forrest VSpike, gotcha, salt is actually hiring another windows engineer to work on that aspect right now
19:06 VSpike When I get a bit more familiar with Salt, I'd like to start contributing a bit there too
19:07 VSpike I hate dealing with Windows, but if I have to go through the pain I might as well try and make it easier for the next person, right?
19:07 forrest VSpike, that would be great, more outside windows development would be awesome. Hell even if you just want to work on more windows documentation that would be a great start
19:07 VSpike :)
19:08 VSpike Also we're unfortunately using a hosting provider that runs vCloud, and chef can talk that API which AFAIK no Salt tools can yet
19:09 forrest VSpike, uhh I thought that it could...
19:09 forrest http://www.vmware.com/products/vcloud-automation-center/compare
19:09 VSpike Last time I tried to look into Salt about a year back, I started with trying to get salt-cloud to work with Rackspace cloud, esp for Windows boxes and it was a world of pain :)
19:09 babilen skyler_: You are looking for http://docs.saltstack.com/en/latest/ref/states/requisites.html#onfail which will only be available in Helium
19:10 babilen Maybe some of the other people can think of a good way to emulate the "clone a backup repo if cloning of the primary one fails" usecase.
19:10 forrest VSpike, https://www.youtube.com/watch?v=cfhE0TF_tEY
19:10 forrest VSpike, that's Mike Place (from Salt), and Becky Smith giving a talk on that integration
19:12 VSpike Hm... I'm sure someone from Salt told us that it didn't. I'll have to watch the video. Also I find VMWare confusing because of the array of similarly named products and APIs
19:12 skyler_ babilen: Yep, that is exactly what I was looking for. Thanks!
19:12 patrek joined #salt
19:13 UtahDave VSpike: we have a vsphere driver for salt-cloud
19:13 SheetiS VSpike: https://github.com/ministryofjustice/salt-cloud-provider-vcloud looks like another option someone whipped up
19:13 VSpike yeah, i know we don't have vSphere access
19:15 VSpike we have VMware vCloud Director 5.5 API apparently
19:15 VSpike I'll try that provider out though... thanks for the tip
19:17 VSpike Yeah, Celeste at SaltStack replied to someone at our org saying "SaltStack has an API driver for vCenter today, but not vCloud."
19:17 VSpike If someone's already started one though, that's pretty useful
19:19 mechanicalduck_ joined #salt
19:25 bhosmer joined #salt
19:25 bhosmer_ joined #salt
19:28 Gareth http://www.instructables.com/id/Hamster-Wheel-Standing-Desk/
19:32 martoss joined #salt
19:35 martoss1 joined #salt
19:36 che-arne joined #salt
19:40 sectionme joined #salt
19:40 ClausA joined #salt
19:41 higgs001 joined #salt
19:43 bhosmer joined #salt
19:45 rawtaz salty peeps
19:47 rawtaz Gareth: perfect!
19:47 Gareth :)
19:48 joroy If I want to provision test machines with multiples tests scenarios (multiple configure files), shoud I have a different state for each scenarios or just one state with a configuration file that requests it's value from pillards (one pillar for each scenarios?) ?
19:48 jeffspeff joined #salt
19:49 rawtaz seriously need to get one of those
19:50 babilen joined #salt
19:50 SheetiS joroy: If I am provisioning openssh and I have different configs for different servers, I use the same state files (or formula) and then just make sure the pillar data matches the proper system.
19:50 SheetiS I'd do the same with any other services
19:51 SheetiS openssh is just an example.
19:53 joroy Thanks SheetiS
19:55 pduersteler joined #salt
19:56 mechanicalduck joined #salt
19:56 aparsons joined #salt
19:57 pdayton joined #salt
20:00 stuck_ joined #salt
20:04 kiorky joined #salt
20:07 aparsons joined #salt
20:09 dude^2 joined #salt
20:10 higgs001 joined #salt
20:10 jslatts joined #salt
20:13 kelseelynn joined #salt
20:18 kballou joined #salt
20:19 chitown i need to store some data (on the master); any thoughts on the best place?
20:19 chitown specifically, aws/ec2 data (i dont want to query aws every time i need data... having it cached for an hour is fine)
20:20 chitown cachedir/custom_dir ???
20:21 eunuchsocket joined #salt
20:22 SheetiS chitown: I'd been using ~/.amazon/<whatever_dataname>.yaml for most of my cached data where I'm using boto.ec2 to obtain a dict and dumping the yaml to a file for reuse later.  I really thing that whatever you want is fine since you'll be using it in your own personal environment.
20:22 chitown ya, was just wondering if anyone had any pointers like "def dont do this" :)
20:23 chitown not sure how much messing with subdirs in "cachedir" is "ok" or not
20:24 SheetiS I don't think it would hurt, but you might not be futureproof in that situation.
20:25 chitown /var/lib/my-company  would be ok, too
20:25 QuinnyPig [CRITICAL] The Salt Master server's public key did not authenticate! The master may need to be updated if it is a version of Salt lower than 2014.1.7,
20:25 QuinnyPig That's novel. :-)
20:25 QuinnyPig salt-2014.1.7-3.el6.noarch-- master and minion are the same node.
20:27 SheetiS chitown: seems ok and would not likely ever be overwritten by something unexpected :D
20:28 SheetiS QuinnyPig: is this a new install (weird if so) or an upgrade?
20:28 jergerber joined #salt
20:31 housl joined #salt
20:32 QuinnyPig SheetiS: New install, that's the hell of it.
20:32 QuinnyPig :-)
20:32 QuinnyPig Never seen this nonsense before.
20:32 QuinnyPig rpm -qV shows it's correct.
20:35 SheetiS could try and get rid of /etc/salt/pki with master and minion stopped and try to start them again (master first)
20:36 cpowell joined #salt
20:37 gladiatr joined #salt
20:40 gladiatr hey all.  Where (in the salt source) is the jid generated and/or from where can it be obtained for use in a module?  Working on an execution module for ovirt management and thought it might be useful to utilize the jid to assist in per-job memoization but I am unsure where to get it :)
20:41 Nazca joined #salt
20:41 sectionme joined #salt
20:41 fragamus joined #salt
20:42 QuinnyPig SheetiS: That got it. Very, very odd.
20:42 QuinnyPig Race condition on this crappy AWS master, maybe.
20:42 QuinnyPig Race condition on this crappy AWS master, maybe.
20:47 UForgotten joined #salt
20:47 aparsons joined #salt
20:54 blarghmatey joined #salt
20:57 n8n joined #salt
20:57 ndrei joined #salt
20:59 eunuchsocket joined #salt
21:01 sectionme joined #salt
21:01 cpowell joined #salt
21:02 ndrei_ joined #salt
21:02 oz_akan joined #salt
21:03 jslatts joined #salt
21:05 ndrei joined #salt
21:07 dude051 joined #salt
21:12 kingel joined #salt
21:20 englishm joined #salt
21:21 kingel joined #salt
21:25 fivethre1o joined #salt
21:27 pviktori_ joined #salt
21:28 Heggan joined #salt
21:28 AnswerGuy joined #salt
21:29 davromaniak joined #salt
21:29 davromaniak joined #salt
21:29 martoss joined #salt
21:29 huleboer joined #salt
21:29 Rory joined #salt
21:29 MaZ- joined #salt
21:30 jut joined #salt
21:31 bhosmer joined #salt
21:37 pdayton joined #salt
21:40 yomilk joined #salt
21:40 TheThing joined #salt
21:44 fragamus joined #salt
21:47 nitti joined #salt
21:49 SheetiS joined #salt
21:51 peters-tx joined #salt
21:55 dstokes i'm trying to get an external pillar module setup but the docs aren't very clear. does the master ext_pillar list module files?
21:57 spookah joined #salt
21:58 pdayton joined #salt
21:59 dstokes i've added base/_modules/pillar/envs.py and - envs: envs
21:59 dstokes no dice
21:59 dstokes following this http://salt.readthedocs.org/en/latest/topics/development/external_pillars.html
22:01 SheetiS it may not be much different, but the most up-to-date docs are here:http://docs.saltstack.com/en/latest/topics/development/external_pillars.html
22:03 aparsons joined #salt
22:03 dstokes looks about the same (with one addition at the bottom)
22:03 aparsons_ joined #salt
22:06 aparson__ joined #salt
22:12 sectionme joined #salt
22:15 bezeee joined #salt
22:18 mosen joined #salt
22:29 kermit joined #salt
22:32 KyleG joined #salt
22:32 KyleG joined #salt
22:34 higgs001 joined #salt
22:42 dalexander joined #salt
22:44 baconbeckons joined #salt
22:44 aparsons joined #salt
22:46 baconbeckons i’m trying to start using salt-cloud but i’m not sure where to start. it sounds like salt-cloud should run on the salt master, but it also sounds like i can use salt-cloud to start the salt master. how do i start the master if i need salt-cloud running on the master?
22:46 forrest baconbeckons, salt-cloud would be on a system which is a salt master
22:46 baconbeckons forrest: how do people usually bootstrap the salt master?
22:47 forrest with the bootstrap script, or just installing the package
22:47 forrest you gotta start somewhere :P
22:47 spookah joined #salt
22:47 dalexander I was considering making a master of masters and using salt-formula to bootstrap new masters, do people do that?
22:48 forrest dalexander, I haven't seen any examples of people doing that, but I see no reason why you couldn't, sounds to me like a http://docs.saltstack.com/en/latest/topics/tutorials/multimaster.html
22:48 baconbeckons forrest: if i install the package on a fresh instance, it sounds like i need to then deploy a log of config to that new salt master
22:49 forrest dalexander, there's also the system where you have a master of masters, who then have their own minions, but I can't remember what it's called off hand
22:49 forrest baconbeckons, okay maybe I am confused then, you have a salt master, and salt cloud somewhere right now?
22:49 forrest baconbeckons, and you want to create more masters
22:50 forrest or this is the first instance you want to somehow stand up using salt cloud without a master
22:50 baconbeckons forrest: we are migrating from puppet
22:50 forrest baconbeckons, okay
22:50 baconbeckons we have salt that is running masterless for development with vagrant
22:50 dalexander forrest:  yes that's what I was hoping to do, but I admit I get inception syndrome when I start to consider doing it.  IF you think of what it's called and there are any refernce configs it would help.
22:50 baconbeckons now we want to start putting the salt states onto actual servers
22:51 forrest UtahDave, are you around?
22:52 baconbeckons so i need to create my first master. but i don’t want to design a system that depends on a single server that isn’t easy to recreate and even though it is easy to reinstall salt, it still requires config files to be loaded
22:52 forrest manfred might know as well, what's the multi-master system, that isn't multiple masters on the same tier, but a master running other masters that have minions, I can't remember.
22:52 baconbeckons forrest: it seems like a chicken and egg problem :)
22:53 forrest baconbeckons, you're going to have to stand up a master, and configure it. BUT you can install a salt minion on that master, and write a set of salt-master states, which you can re-use to configure your current master, or new masters
22:53 forrest baconbeckons, https://github.com/saltstack-formulas/salt-formula
22:54 baconbeckons forrest: with those master states, could i also use them to bootstrap a new master if the orignal crashes?
22:55 forrest baconbeckons, well, you're going to have the issue that all of the minions which were connected to that master, won't be connected any longer, thus the doc I linked above for dalexander which talks about a multi-master setup
22:55 forrest baconbeckons, here's a pretty good write up
22:56 forrest http://bencane.com/2014/02/04/saltstack-getting-redundancy-and-scalability-with-multiple-master-servers/
22:56 baconbeckons forrest: is multimaster the standard way to put salt into production?
22:56 forrest baconbeckons, totally depends on your environment I'd imagine
22:56 teebes joined #salt
22:56 forrest baconbeckons, some people run multiple, some people run one, some people don't run a master at all!
22:57 baconbeckons forrest: running one sounds like we would be creating a fragile infrastructure
22:57 forrest baconbeckons, yep it could be a problem, depends on what your master is doing as well in regards to deployments, standing up machines, etc.
22:58 iggy baconbeckons: I have a very minimal (~50 lines with ssh keys) master bootstrap script that does the bare minimum config to enable the salt-formula and pillars
22:58 iggy then it does the rest from there
22:58 baconbeckons iggy: could i take a look at it?
22:59 UtahDave hey, forrest. I'm back now.  for a couple minutes
22:59 kingel joined #salt
22:59 forrest UtahDave, what is the multi-master system called where it's a master which has sub-masters which have minions?
22:59 forrest UtahDave, I can't friggin remember
22:59 forrest and google is not helping
22:59 UtahDave syndic
22:59 forrest there we go
22:59 forrest dalexander, syndic
22:59 dalexander yes!
22:59 forrest dalexander, http://docs.saltstack.com/en/latest/topics/topology/syndic.html
22:59 forrest UtahDave, Thanks a bunch
23:00 UtahDave anytime!
23:00 dalexander thanks both of you guys
23:00 UtahDave forrest: Oh, looks like basepi is going to be teaching the class in Seattle
23:00 forrest yeah np
23:00 forrest UtahDave, Cool
23:01 forrest ahh the date is finalized as well excellent
23:01 forrest oh it's in bellevue? booo!
23:01 forrest I was hoping it would be downtown
23:01 dalexander I wonder if I'll be meeting any of you in person early Oct, we're doing a training at my site in AZ.
23:03 iggy baconbeckons: I hope I didn't leave anything sensitive in there, but: http://pastebin.com/196kq4AX
23:03 iggy it's got some uglies to deal with private github repos which may or may not impact you
23:04 forrest dalexander, if it's with the Salt team, I'm sure you will meet someone from the team
23:04 forrest there's only a few of them :D
23:04 UtahDave dalexander: cool!  let me check the calendar
23:04 forrest iggy, let me just ask this as a question for you
23:05 forrest iggy, why don't you just install the master, git clone the salt master repo, then run a state.sls to configure, and restart the master?
23:05 iggy I don't like doing anything manually
23:05 forrest iggy, no I mean in a script
23:06 iggy that is a script
23:06 forrest iggy, I know
23:06 forrest lol
23:06 iggy ;)
23:06 forrest I'm just wondering if it could be shorter
23:06 iggy either way, I'd have to deal with getting keys on there
23:06 forrest iggy, are your keys not stored in pillar?
23:06 iggy github is weird in that we can't just have 1 key
23:06 forrest iggy, I see.
23:07 baconbeckons iggy: thanks for the script
23:07 iggy they are (we actually have about 10 private repos that eventually make their way on there)
23:07 baconbeckons are we free to use and/or base code off your script?
23:07 iggy that's just the 2 we need to do the secondary bootstrap
23:07 iggy sure, public domain and all that
23:07 forrest iggy, fair enough
23:08 iggy it's not particularly elegant or anything
23:08 forrest getting the job done trumps elegant any day
23:08 baconbeckons iggy: it’s helpful as a starting point
23:08 iggy yeah, and actually, I think I have some fixes to that floating around somewhere
23:09 baconbeckons i feel that the docs don’t make it clear how to start a production environment
23:09 iggy our salt-formula pillar is fairly complex too
23:09 TheThing joined #salt
23:09 iggy and I've made some improvements to the salt-formula (that I really need to clean up and send upstream ;)
23:11 baconbeckons iggy: why do you create /etc/salt/master.d/ before calling the bootstrap script? wouldn’t the bootstrap script create that folder for you and then you could put the keys into it?
23:11 iggy you could do it either way
23:12 baconbeckons iggy: ok, cool. i’m just trying to wrap my head around how this all works
23:12 iggy I just wanted to lay down the config before the bootstrap because I was having to do a lot of restarting services and sleep 3s
23:12 sectionme joined #salt
23:12 blarghmatey joined #salt
23:12 baconbeckons iggy: got it. that makes sense
23:13 iggy it seems less finicky in that order
23:13 iggy but I've only really tested on GCE
23:14 baconbeckons well, we will see how it goes on aws
23:15 iggy and we didn't end up using salt-cloud
23:15 iggy there might be some salt-cloud stuff in there (if I didn't already gut it)
23:15 baconbeckons forrest: iggy: if i’m running salt-cloud, do i end up with all VMs defined except for the very first master?
23:16 mechanicalduck joined #salt
23:20 DaveQB joined #salt
23:20 hroussez joined #salt
23:22 forrest baconbeckons, well, in an ideal world your master would be managed by salt as well
23:24 iggy that's some of the functionality I added to the salt-formula... better rendering of salt-cloud config from pillars
23:25 iggy I unfortunately didn't document the pillar changes required
23:25 iggy but the state changes are in my fork
23:25 forrest iggy, DAMN YOU IGGY
23:25 forrest DOCUMENT!!!!!
23:25 forrest iggy :P
23:25 iggy it's on my TODO list
23:25 forrest why is documentation always on the todo? Why not just do it when you write the rest of the things
23:25 forrest makes it so much easier
23:26 manfred forrest:  what am I supposed to know?
23:26 iggy well, it's done really
23:26 iggy I just need to sanitize all the data from our pillar
23:26 iggy it has data that I'd rather not accidentally expose to the outside world
23:27 iggy so it's not the kind of thing I'd like to do without my wits about me
23:27 manfred ahh syndic
23:27 manfred yeah i could have answered that
23:27 aparsons joined #salt
23:28 forrest manfred, thanks
23:35 aparsons joined #salt
23:35 baconbeckons joined #salt
23:38 skyler_ Does anyone know about when Helium is planned to be released?
23:38 aparsons joined #salt
23:39 eliasp skyler_: once no major issues are reported for one of its RCs
23:39 eliasp skyler_: so basically "it's done when it's done"
23:39 eliasp skyler_: by testing the RCs and reporting issues, the process can be speed up
23:41 skyler_ eliasp: Thanks, I have been using the RC some.
23:44 bhosmer joined #salt
23:44 englishm joined #salt
23:46 baconbeckons forrest: how does salt-cloud manage the server that is running salt-cloud?
23:47 forrest baconbeckons, what do you mean?
23:48 manfred salt-cloud doesn't
23:48 manfred it just creates it using the api, and then hooks it into your salt master
23:48 manfred after that, it does nothing
23:48 manfred skyler_:  when it is ready
23:51 baconbeckons forrest: you has said that even the master would be managed by salt in an ideal world
23:51 baconbeckons forrest: i was asking about managing using salt-cloud
23:51 manfred salt-cloud doesn't manage anything
23:51 manfred it only sets up servers
23:52 baconbeckons manfred: by managed, i mean created
23:52 forrest baconbeckons, well secondary masters could be created with salt-cloud
23:52 forrest but like I said before, you still need some sort of starting point
23:52 forrest your original master
23:52 baconbeckons forrest: manfred: but the very first master would not be created by salt cloud, right?
23:52 forrest correct
23:52 manfred you could create it, but you wouldn't have it working 100% right away
23:53 baconbeckons so if i have n servers, n-1 will be defined in salt cloud
23:53 manfred unless you configured the minion and master, and made it so that the master automatically accepted it's own minions key
23:53 manfred you could define them all
23:53 baconbeckons manfred: is that safe to do?
23:53 manfred you can do crazy things in the script: in /etc/salt/cloud
23:53 manfred i mean… it isn't unsafe…
23:53 bhosmer joined #salt
23:53 baconbeckons :)
23:54 baconbeckons are there best practices on all of this somewhere?
23:54 aparsons joined #salt
23:54 manfred go start reading about the different variables you can assign in /etc/salt/cloud
23:54 manfred not afaik
23:55 aparsons_ joined #salt
23:58 elfixit1 joined #salt
23:59 dstokes anybody know why i can import redis in an ext_pillar module?
23:59 baconbeckons iggy: why do you use different keys for your states and your pillars?
23:59 manfred why or how?
23:59 dstokes complains about not having any of the redis methods on the module. dir(redis) gives back all the local symbols in my module
23:59 baconbeckons why
23:59 __number5__ dstokes: you mean you can't?
23:59 manfred can or can't?
23:59 teebes joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary