Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2014-11-05

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:01 troyreadyy joined #salt
00:02 forrest joined #salt
00:02 aparsons joined #salt
00:10 Ryan_Lane why does the git installed version of salt still show like this "salt-call 2014.1.0-12024-gc86f181 (Hydrogen)" ?
00:11 mgw joined #salt
00:11 Ryan_Lane I'm surely running 2014.7
00:15 ]V[ joined #salt
00:15 gmcwhistler joined #salt
00:17 gzcwnk joined #salt
00:18 psidox joined #salt
00:25 jalaziz joined #salt
00:29 Cidan any eta on 2014.7?
00:29 __number5__ Cidan: released
00:29 Cidan hm
00:29 murrdoc pssh
00:29 Cidan docs not updated
00:29 murrdoc we have moved pass 2014.7.0 ?
00:29 murrdoc past ?
00:30 __number5__ waiting for packaging from Dave's email
00:40 tafa2 joined #salt
00:46 X86BSD joined #salt
00:51 agj joined #salt
00:53 kermit joined #salt
00:54 aqua^mac joined #salt
00:55 ajolo joined #salt
01:03 X86BSD joined #salt
01:13 lz-dylan does the 'extends' keyword in cloud.providers work with 2014.1?
01:16 gwb joined #salt
01:16 Setsuna666_ joined #salt
01:17 aquinas joined #salt
01:23 mapu joined #salt
01:26 mapu joined #salt
01:29 mapu joined #salt
01:31 agj joined #salt
01:32 alex-mesos joined #salt
01:34 mapu joined #salt
01:36 cberndt joined #salt
01:38 mr_chris joined #salt
01:40 mapu joined #salt
01:43 mapu joined #salt
01:45 mapu joined #salt
01:46 TyrfingMjolnir joined #salt
01:46 mapu joined #salt
01:47 beneggett joined #salt
01:48 mapu joined #salt
01:49 mapu joined #salt
01:51 mapu joined #salt
01:53 malinoff joined #salt
01:53 mapu joined #salt
01:54 mapu joined #salt
01:56 aquinas_ joined #salt
01:57 Outlander joined #salt
01:59 racooper joined #salt
01:59 mapu joined #salt
02:01 mr_chris joined #salt
02:02 mapu joined #salt
02:04 mapu joined #salt
02:05 mapu joined #salt
02:08 mapu joined #salt
02:10 mapu joined #salt
02:13 mapu joined #salt
02:16 mapu joined #salt
02:18 mapu joined #salt
02:19 mapu joined #salt
02:24 mapu joined #salt
02:25 mapu joined #salt
02:25 otter768 joined #salt
02:26 snuffeluffegus joined #salt
02:27 mapu joined #salt
02:28 mr_chris joined #salt
02:28 mapu joined #salt
02:30 mapu joined #salt
02:31 meylor1 joined #salt
02:32 mapu joined #salt
02:38 otter768 joined #salt
02:39 cberndt joined #salt
02:40 otter768 joined #salt
02:41 mapu joined #salt
02:45 mapu joined #salt
02:45 jhauser_ joined #salt
02:45 mapu joined #salt
02:45 mosen joined #salt
02:47 mapu joined #salt
02:50 a1j joined #salt
02:50 nitti joined #salt
02:52 mapu joined #salt
02:53 mapu joined #salt
02:54 anotherZero joined #salt
02:55 mapu joined #salt
02:59 possibilities joined #salt
03:03 jasonrm joined #salt
03:05 ipmb joined #salt
03:05 baniir joined #salt
03:05 gwb joined #salt
03:06 aurynn do I have access to the pillar from within a templated file.managed?
03:06 aurynn or do I have to pass the things I need in via context?
03:09 zlhgo joined #salt
03:10 zlhgo how to login in Halite?
03:12 Mso150 joined #salt
03:17 Phibs joined #salt
03:17 racooper joined #salt
03:30 glyf joined #salt
03:30 jalbretsen joined #salt
03:31 skullone congrats on helium release!
03:34 skullone hrm weird, only the twitter feed says helium was released
03:35 possibilities joined #salt
03:37 jalbretsen joined #salt
03:39 bhosmer joined #salt
03:41 batang_munti joined #salt
03:43 batang_munti hi everyone!
03:44 Gareth skullone: announcement usually comes after packages are available.
03:53 TyrfingMjolnir joined #salt
04:04 mgw joined #salt
04:05 jalaziz joined #salt
04:06 TyrfingMjolnir joined #salt
04:17 AviMarcus joined #salt
04:23 possibilities joined #salt
04:27 jalaziz joined #salt
04:32 possibilities joined #salt
04:39 kermit joined #salt
04:43 active8 joined #salt
04:45 thayne joined #salt
05:00 jacobeeson joined #salt
05:00 possibilities joined #salt
05:02 jacobeeson left #salt
05:14 racooper_ joined #salt
05:15 ajolo joined #salt
05:24 ndrei joined #salt
05:26 notpeter_ joined #salt
05:28 bhosmer joined #salt
05:33 n8n joined #salt
05:35 felskrone joined #salt
05:44 Ryan_Lane joined #salt
05:44 dooshtuRabbit joined #salt
05:48 cmthornton joined #salt
05:49 pppingme joined #salt
05:50 ramteid joined #salt
06:03 n8n joined #salt
06:15 pppingme joined #salt
06:17 techdragon joined #salt
06:20 iwishiwerearobot joined #salt
06:27 pdayton joined #salt
06:29 murrdoc joined #salt
06:38 meylor joined #salt
06:53 CeBe joined #salt
06:58 Outlander joined #salt
07:03 smcquay joined #salt
07:11 Ryan_Lane joined #salt
07:14 duncanmv joined #salt
07:14 Outlander joined #salt
07:17 bhosmer joined #salt
07:20 baconbeckons joined #salt
07:24 davidone joined #salt
07:24 ladistwo joined #salt
07:27 ramishra joined #salt
07:28 flyboy joined #salt
07:39 girb joined #salt
07:39 girb hi all new to salt
07:40 girb i'm creating a user with sha-512 hash with crypt handle
07:40 girb but hash is not placed in /etc/shadow … is there anything I need to do ?
07:41 girb plz help
07:48 CeBe joined #salt
07:52 heaumer joined #salt
07:53 slav0nic joined #salt
07:53 ramishra joined #salt
07:55 xsteadfastx joined #salt
07:57 shyam joined #salt
07:57 shyam hi all
07:59 trikke joined #salt
07:59 shyam I am using Salt to manage Linux at present and working on to manage Windows machines softwares install and uninstall too
08:00 Katafalkas joined #salt
08:01 shyam tested with free open source windows software and it's working ,but don't know how to use salt syntax for microsoft license software install and uninstallation like ms office 2007 , visual Studio and SQL server
08:02 Setsuna666_ joined #salt
08:02 shyam if any1 shared this will be gr8 thanks in Advance
08:07 __gotcha joined #salt
08:09 ramteid joined #salt
08:09 iwishiwerearobot joined #salt
08:11 zz_Cidan joined #salt
08:11 Cidan joined #salt
08:13 shyam hi cidan
08:16 lcavassa joined #salt
08:18 P0bailey joined #salt
08:18 P0bailey joined #salt
08:20 ramishra joined #salt
08:22 eseyman joined #salt
08:27 lothiraldan joined #salt
08:32 aquinas joined #salt
08:33 aquinas_ joined #salt
08:35 jdmf joined #salt
08:36 PI-Lloyd joined #salt
08:41 alex-mesos joined #salt
08:41 tomspur joined #salt
08:42 bhi joined #salt
08:42 glyf joined #salt
08:42 alex-mesos joined #salt
08:43 spo0nman joined #salt
08:46 cberndt joined #salt
08:50 CycloHex joined #salt
08:51 karimb joined #salt
08:55 agend joined #salt
08:57 Mso150 joined #salt
09:02 iwishiwerearobot joined #salt
09:02 ndrei_ joined #salt
09:06 bhosmer joined #salt
09:07 ahammond joined #salt
09:09 MugginsM joined #salt
09:16 CeBe joined #salt
09:16 agend joined #salt
09:21 alex-mesos joined #salt
09:23 geekatcmu joined #salt
09:24 babilen How would I go about changing the MySQL root password on my minions?
09:29 skarn joined #salt
09:29 AirOnSkin babile: I believe with the mysql admin command you can do that on the cli
09:29 AirOnSkin sorry, I meant mysqladmin
09:30 _ikke_ Is it correct that grains for salt-ssh aren't yet working in the latest development?
09:30 AirOnSkin babilen: Or you could alter the DB directly. there is - i believe - a module for interacting with mysql
09:31 babilen I guess the most reasonably way is to use mysqladmin, but I was wondering if there is a more "salty" way to do it.
09:36 _ikke_ I mean, matching hosts by grain with -G
09:37 marnom joined #salt
09:44 ramishra joined #salt
09:47 lothiraldan joined #salt
09:49 TheThing joined #salt
09:50 petri_ joined #salt
09:51 CeBe joined #salt
09:55 CeBe1 joined #salt
09:58 saffe joined #salt
09:59 CeBe joined #salt
10:00 pppingme joined #salt
10:01 saffe_ joined #salt
10:01 CeBe1 joined #salt
10:03 baconbeckons joined #salt
10:04 fredvd joined #salt
10:04 aqua^mac joined #salt
10:07 saffe joined #salt
10:08 pppingme joined #salt
10:09 saffe_ joined #salt
10:10 CycloHex I sometimes deploy multiple cloudvm's at once in parallel. I also have a reactor that adds my cloudvms to the monitoring server. But when deploying multiple instances, my monitoring server is already executing a state.sls (from eg the first one) while the second one tries to call that state.sls. This gives me an error.. Is there a way to tell the reactor to retry??
10:10 __gotcha1 joined #salt
10:14 iwishiwerearobot joined #salt
10:15 CycloHex Is there a way to say in the reactor {% if busy %} wait {% else %} addtomonitor {% elif %}??
10:24 giantlock joined #salt
10:24 wvds-nl joined #salt
10:25 harveyzh joined #salt
10:33 Kash joined #salt
10:34 lothiraldan joined #salt
10:35 Kash Hi all, where is the standard place to put the States file in salt?
10:38 viq Kash: /srv/salt
10:38 viq Kash: or file_roots from master config
10:38 Kash @viq I see! thanks.
10:39 Kash @viq got confused because Benjamin Cane has a tutorial that says replace it with /salt/states/base
10:39 viq Kash: that's when/if you want to play with environments
10:40 Kash @viq hm - so does it matter if I want to run minions separately?
10:40 viq Kash: and to do that, you need to modify file_roots setting in master. So, wherever your file_roots points at ;) Default is /srv/salt
10:41 viq Kash: "run minions separately" ?
10:41 Kash @viq I mean a lot of tutorials just assume master and minion are the same
10:41 Kash server
10:42 viq Kash: this is no twitter, no need for @ ;)
10:42 Kash haha
10:42 viq Kash: I usually run minion on master as well - if I want to control all my machines, then I want to control _all_ my machines ;)
10:42 Kash viq: nice, but you still need a master to control all right?
10:43 viq A bit "depends", but yes, generally you need a master
10:43 Kash viq: just confused why that tutorial changed the default location
10:43 viq Unless you play with masterless or salt-ssh... But I find normal salt with a central master more interesting
10:43 Kash this one: http://bencane.com/2013/09/03/getting-started-with-saltstack-by-example-automatically-installing-nginx/
10:44 viq Kash: he kinda explains it in the sentence right below where he changes it
10:44 viq and below you have tge example adding the development environment
10:45 Kash viq: ah. ok.. well the file location for each environment is different anyway right? so guess the location is just a preference
10:46 viq Kash: well, unless you're using gitfs you have to define the environments and where their files are stored
10:46 brayn joined #salt
10:47 faust joined #salt
10:47 Kash viq: ah that gitfs looks very interesting!
10:47 dburbridge joined #salt
10:50 ramishra joined #salt
10:55 bhosmer joined #salt
10:55 djstorm joined #salt
11:01 marnom_ joined #salt
11:05 Mso150 joined #salt
11:08 __number5__ My salt-master stuck on "Failed to authenticate message" for a while, it's 2014.7.0 but minions are rc6, any one seen this before?
11:18 bhosmer joined #salt
11:27 N-Mi joined #salt
11:29 CeBe joined #salt
11:38 iwishiwerearobot joined #salt
11:39 CeBe1 joined #salt
11:39 agend left #salt
11:42 glyf joined #salt
11:50 diegows joined #salt
11:50 bcode joined #salt
11:52 saffe joined #salt
11:53 yomilk joined #salt
11:55 saffe_ joined #salt
11:56 bhosmer_ joined #salt
12:03 scottpgallagher joined #salt
12:05 CycloHex when using reactors, is it possible to see what the "data" dictionary holds?
12:05 CycloHex I now only use it for data['id'] but I'd like to know what other possibilities there are
12:06 saffe joined #salt
12:06 test___ joined #salt
12:07 saffe joined #salt
12:08 babilen CycloHex: Use the eventlistener script, it'll show you the incoming events in their entirety
12:09 __number5__ CycloHex: run you salt-master in debug mode or using the eventlistener in the docs
12:11 Kash can Salt download a django app from github and deploy it?
12:11 bhosmer joined #salt
12:16 CycloHex And that shows me what the dictionary data holds, babilen ?
12:17 babilen it does indeed
12:21 msciciel_ any idea how to check on minion if last highstate was succesful ?
12:22 babilen Don't think so.
12:25 bhosmer joined #salt
12:25 hobakill joined #salt
12:28 CycloHex msciciel_: Currently I have a smtp-returner that sends me an email once the highstate completed, this gives you the output of your highstate. I then CTRL+F in the mail and search for 'result': false
12:28 CycloHex if no matches were found, everything went ok ^^ I know, it's an ugly workaround.. But It does the trick.. Beware though if you have a lot of servers running, your mailbox will get spammed
12:29 Katafalkas joined #salt
12:29 saffe joined #salt
12:29 ndrei joined #salt
12:30 saffe_ joined #salt
12:32 msciciel_ CycloHex: i'll read about returner mechanism, maybe it will work
12:32 babilen CycloHex: You probably want to pipe that into something like riemann and only send a mail when something went wrong
12:32 CycloHex If you choose to use the smtp, make sure your postfix settings are correct
12:33 CycloHex babilen: not a bad idea.. But I only receive a mail on the first highstate. So it's ok as it is ^^
12:35 saffe joined #salt
12:36 saffe joined #salt
12:39 mdasilva joined #salt
12:42 Katafalk_ joined #salt
12:42 ramishra joined #salt
12:46 saffe joined #salt
12:48 ramishra_ joined #salt
12:55 bezeee joined #salt
12:57 __gotcha joined #salt
12:58 lothiraldan joined #salt
12:59 jstrom babilen: did you have any chance to look into the Load-configuration-timings? Note: the minor delay doesn't really mather when you have a larger stack, I know. But a few seconds is always a few seconds.. :) And I'd like verify if it is expected that it loads the minon conf for every command executed.. :)
13:04 thayne joined #salt
13:12 babilen jstrom: No, sorry. Quite a busy day today
13:13 AviMarcus joined #salt
13:19 jstrom ok, no problem :)
13:19 glyf joined #salt
13:20 rattmuff joined #salt
13:20 rattmuff Hello!
13:21 rattmuff I'm looking for a way to downgrade my salt master from 2014.1.13 to 2014.1.10 but can't seem to find the old versions in the repository
13:22 babilen There is always a single version (i.e. the latest) in the Debian repository. Why would such a downgrade be necessary?
13:22 babilen .13 contains a number of important fixes
13:23 rattmuff I installed .10 on my master and I am having lots of issues trying to send states to my minions
13:23 rattmuff erm, .13 i mean, I had .10 prevously
13:23 iwishiwerearobot joined #salt
13:23 rattmuff Getting the following error:
13:23 rattmuff [ERROR   ] Salt request timed out. If this error persists, worker_threads may need to be increased.
13:23 rattmuff Failed to authenticate, is this user permitted to execute commands?
13:24 rattmuff If I get any error at all, most of the time salt just returns empty giving me a new prompt
13:24 rattmuff So I'm trying to downgrade to last working package in our setup
13:25 babilen I've been using .13 since the release on 4 masters (+ syndic) with a large number of minions and have not encountered that at all. Did you upgrade your minions too?
13:25 rattmuff yes, they are also upgraded
13:26 rattmuff also tried rebooting and restarting services
13:26 babilen On Debian (and derivatives, unless they did something stupid) you keep old packages in /var/cache/apt/archives/
13:26 babilen Are you running your master as a different user?
13:26 rattmuff yeah, we have a custom repos that we sync against the salt repos and we hadn't installed the master through that repo :P
13:26 rattmuff running master as root
13:28 rattmuff checking the minion log shows that it "returns" something for the jobs but master doesn't print anything. We can see the master receiving results from the minion in the logs though
13:29 rattmuff also tried to increase worker threads to 10 and then to 20
13:29 babilen It's almost never that. The time we ran into that it was that some networking guys changed the routing and the packages from the minions never made it back to the master due to MTU fragmentation SNAFU
13:30 rattmuff well, test.ping works
13:30 ndrei joined #salt
13:30 rattmuff ;P
13:31 babilen Could you stop the master and then run it via "salt-master -ldebug". Wait for it to settle down and then test.ping a single minion that you ran as "salt-minion -ldebug". Make sure both are the same version and then paste the resulting output + logs to http://refheap.com. We might be able to spot something.
13:31 babilen Okay, test.ping works, but what doesn't?
13:33 X86BSD joined #salt
13:34 rattmuff any time I try to do state.highstate or state.sls mystate I get the symptoms above
13:34 babilen Could you paste mystate.sls alongside the aforementioned log output to http://refheap.com ?
13:35 rattmuff I'll run the debug command and see what it can come up with
13:35 rattmuff babilen: yeah, I'll just have to create some custom state, might take a little while as I'm in the middle of deployment :P
13:35 babilen an actual state would do fine
13:35 babilen how are you deploying if nothing works?
13:36 rattmuff reverting to .10 first plus doing some manual things
13:37 babilen which manual things?
13:38 ramishra joined #salt
13:39 SpX joined #salt
13:42 AviMarcus Uhm, randomly since I've yet to succeed: Can anyone help me figure out why google hangout on air won't let me make other people the presenter? I thought maybe it's because I need over 2 viewers? can someone join: https://plus.google.com/u/0/events/cscq1id74ab7ktopquc86mco15k
13:43 bezeee joined #salt
13:55 saravanans joined #salt
13:55 saffe joined #salt
13:56 maoroo left #salt
14:01 intellix joined #salt
14:02 yomilk joined #salt
14:02 thomasmckay AviMarcus: anyone can share their screen in g+ so effectively everyone is a presenter
14:03 thomasmckay AviMarcus: if you're doing the recording, you can click on whichever member you wish to be the presenter at that time
14:03 AviMarcus thomasmckay, On hangout on air - to get a recording - I didn't see anyone else, and when I was on another computer, it didn't show me any controls
14:03 AviMarcus but I only ever had 2 people at once, and google FAQ seemed to say that mattered
14:03 mdasilva_ joined #salt
14:04 babilen AviMarcus: You are aware that you are in #salt and not #google, aren't you?
14:05 AviMarcus babilen, nobody on google forum or in #google is talking, I figured I'd try asking the helpful interweb folks :)
14:08 gngsk joined #salt
14:08 edomaur joined #salt
14:08 gngsk_ joined #salt
14:09 edomaur just joined, any news about the Helium packages ?
14:09 babilen patches for FreeBSD ones arrived
14:10 peters-tx joined #salt
14:10 babilen SmartOS Esk, OpenSuse and arch are done .. anything *specific* you'd like to know?
14:11 gngsk joined #salt
14:12 rojem joined #salt
14:13 miqui joined #salt
14:14 nitti joined #salt
14:14 ndrei joined #salt
14:15 edomaur well... I'm juste waiting on Debian packages in fact... :-)
14:15 cpowell joined #salt
14:15 racooper joined #salt
14:17 ladistwo left #salt
14:20 __gotcha joined #salt
14:20 babilen edomaur: No news about them.
14:21 mpanetta joined #salt
14:23 Morbus am I reading this right - there's a way, in YAML, to specify a new MySQL user to create?
14:23 gmcwhistler joined #salt
14:24 * Morbus hopes that's what http://docs.saltstack.com/en/latest/ref/states/all/salt.states.mysql_user.html#module-salt.states.mysql_user means
14:25 Morbus hrm. but how to handle grants...
14:25 chuck_ joined #salt
14:26 chuck_ hello. Who knows when we can download ubuntu salt 7.0 deb update?
14:28 rojem joined #salt
14:28 babilen Morbus: https://github.com/saltstack-formulas/mysql-formula/blob/master/pillar.example#L29
14:29 Morbus yeah, just saw http://docs.saltstack.com/en/latest/ref/states/all/salt.states.mysql_grants.html
14:29 Morbus thanks.
14:30 babilen Morbus: I'd recommend to use the MySQL formula. It is quite good and you'll be happy later on.
14:31 rojem joined #salt
14:31 mgw joined #salt
14:32 Morbus babilen: what's the word on adding my own custom config file into /etc/mysql/conf.d/mysql.cnf?
14:32 Morbus Just add another state in another .sls for it?
14:33 mpanetta_ joined #salt
14:33 iggy that's what I normally do
14:33 iggy some formulas have specific support for it, but most don't
14:34 Katafalkas joined #salt
14:34 ramishra joined #salt
14:35 rojem joined #salt
14:36 babilen Morbus: What do you want to do exactly? The MySQL formula lets you specify most of the settings you might want to tinker with.
14:36 babilen Did you take a look at it and the example pillar I linked earlier? Have you used formulas before and are you aware of how they work?
14:36 moapa babilen: can one set mysql user password aswell?
14:36 moapa I dont see it in the docs
14:37 babilen https://github.com/saltstack-formulas/mysql-formula/blob/master/pillar.example#L33
14:37 moapa Doh
14:37 moapa Thanks! =)
14:37 mapu joined #salt
14:37 Morbus babilen: i'm about 3 days old with salt at the moment, so i'm more in the "learn to fail, then learn to do it right, then learn to do it community-style" phase ;)
14:39 babilen Morbus: Okay, hence my question. Formulas are collection of states that should, ideally, be applicable to most/all platforms and allow you to install certain services and change their configuration easily by defining suitable pillars.
14:39 iggy one thing that bit in the beginning was trying to figure out how to do everything "the right way"... there is no right way... there's whatever way works for you
14:40 iggy "ideally"
14:40 Morbus iggy: sure, and from my standpoint, i want to Know How Things Work, which means starting small with my own suck ass formula.
14:40 Morbus cos i stare at the existing salt formulas and have no idea what every single line does, etc.
14:40 Morbus which bugs me, blah blah blah.
14:40 iggy definitely, we all have to start somewhere
14:40 iggy my first deployment with salt didn't use any formulas
14:40 babilen The MySQL formula in particular is quite well maintained and I would recommend it to you. Do you use GitFS already? If you do so you would fork the mysql-formula and then add your repository as another gitfs_remote (cf. http://docs.saltstack.com/en/latest/topics/tutorials/gitfs.html#simple-configuration)
14:41 Morbus babilen: nah, i'm in a masterless vagrant setup.
14:41 babilen Then clone it locally and use that
14:42 ndrei joined #salt
14:44 babilen In that case I'd use, say, /srv/salt/file_roots/formulas/php-formula and make /srv/salt/file_roots available as /srv/salt in your vagrant box. I'd then configure file_roots: in the master config to have "base: /srv/salt/formulas/php-formula" in addition to, say, /srv/salt (or /srv/salt/foobox if you want to keep those apart too)
14:44 Morbus where is the master config?
14:44 Morbus i only have a minion conf.
14:45 babilen let me paste my config
14:45 perfectsine joined #salt
14:45 jaimed joined #salt
14:45 Morbus i've got pretty much the same setup as example'd here: https://docs.vagrantup.com/v2/provisioning/salt.html
14:48 iggy I usually just symlink the formula subdirs into my state dir when I'm working w/o gitfs
14:49 babilen Morbus: https://www.refheap.com/92754 -- you need, IIRC, a new packer version to build the vagrant qemu basebox and https://github.com/pradels/vagrant-libvirt
14:50 babilen I can't stand using virtualbox as it is so horribly slow
14:50 babilen The master config is set on 169
14:50 Morbus oh, well, that's pretty easy.
14:51 Morbus if i didn't add a file base, but i stored a git clone in say, roots/saltstacks/apache...
14:51 Morbus could I top.sls add it as saltstacks/apache/apache?
14:51 Morbus er, rather, saltsacks.apache.apache
14:51 babilen That's not how you should do it. Every formula needs to sit in the top level
14:51 Morbus ok.
14:52 babilen (which is why you add it as its own root or gitfs_remote)
14:52 Morbus so, this is turning masterless vagrant into requiring master?
14:52 Morbus *masterless salt vagrant
14:52 babilen The setup I pasted uses salt-master, yes.
14:52 * iggy taps his fingers
14:52 Morbus adding to file_roots REQUIRES master config?
14:53 babilen You don't *have* to use that and you just have to make sure that your formulas are available in your file_root. If you don't use a master then you could, as suggested by iggy, just use symlinks.
14:53 * Morbus nods.
14:53 babilen As I typically test a bunch of things that do require a master I don't bother with masterless.
14:54 babilen In masterless it just needs to be in /srv/salt -- it is up to you how you achieve that.
14:54 mdasilva joined #salt
14:55 housl joined #salt
14:57 bhosmer joined #salt
14:59 XenophonF joined #salt
14:59 XenophonF i'm using the context argument in a file.managed state
15:00 XenophonF is it possible to extend that context from another state without overwriting what was specified in the original state definition?
15:00 XenophonF like, i want to append to the context
15:00 bhosmer_ joined #salt
15:00 XenophonF maybe i'm better off using an accumulator
15:00 giantlock joined #salt
15:04 ndrei joined #salt
15:04 lothiraldan joined #salt
15:05 XenophonF yeah, i'm going to use an accumulator, instead.
15:05 XenophonF left #salt
15:07 Morbus babilen: thanks for your patience/advice. added an internal ticket to switch over to saltstacks after initial proof-of-concept.
15:07 Morbus as, eventually, we do want to distribute this vagrantfile, etc.
15:07 hasues joined #salt
15:07 hasues left #salt
15:08 babilen Morbus: Feel free to ping me if you have question about that, most simple, of test environments I pasted.
15:08 dude051 joined #salt
15:09 N-Mi joined #salt
15:09 Morbus thanks.
15:11 hasues joined #salt
15:11 ramishra joined #salt
15:11 hasues left #salt
15:13 alex-mes_ joined #salt
15:13 CycloHex Does anyone here use digital ocean as cloud provider? I cannot seem to retrieve their debain 7.0 x64 image with salt-cloud anymore... I also still use client key and api key, sinc epersonal_access_token won't work.. Anyone here that uses personal_access_token?
15:14 ajolo joined #salt
15:14 alex-mes_ joined #salt
15:16 iggy CycloHex: pat didn't work for me either (fwiw)
15:17 CycloHex iggy: but you still have access to all images? I for example can't find the debian_7.0 x64 image.. at leas tnot with salt-cloud
15:18 iggy no
15:18 iggy well... I just put salt-cloud on the back burner until the next release is out
15:18 iggy so... pat didn't work and I said f it, I'll deal with it some other time
15:19 codekobe joined #salt
15:19 pwiebe___ joined #salt
15:19 CycloHex problem here is I don't have time to deal with it later :D I use salt mainly to deploy a server preconfigured
15:19 doriftoshoes joined #salt
15:21 asmaps joined #salt
15:21 mschiff joined #salt
15:21 mschiff joined #salt
15:21 hasues joined #salt
15:22 hasues So I know that by default, Salt runs as root, but is that the best practice?  Is there configuration that allows for using a separate user that Salt could use, and use something like sudo for executing commands?
15:22 TyrfingMjolnir joined #salt
15:22 hasues Just curious.
15:22 simonmcc joined #salt
15:23 oeuftete I'm using salt-cloud to deploy to ec2 with the minion configured to run highstate when it starts.  How can I reliably check to see when state.highstate is done?  saltutil.running looked like the answer, but it starts returning an empty list long before the job is complete
15:23 Jarus joined #salt
15:23 Nazzy joined #salt
15:24 Emantor joined #salt
15:24 sdh__ joined #salt
15:25 brayn joined #salt
15:25 StDiluted joined #salt
15:25 felskrone joined #salt
15:25 ecdhe I'm writing a formula for a command-line program.
15:25 geekatcmu hasues: there's not a lot of point of running Salt as not-root.  Considering what it does, it either has to be root, or it has to have sufficient access not only to run various commands as root, but one of those commands has to be visudo (or else directly update the sudoers file).
15:25 nitti joined #salt
15:26 geekatcmu If it can update sudoers ... then it's not interestingly different from root except for auditing purposes.
15:26 ecdhe The command line program stores some config info in the home dir.
15:26 babilen hasues: You would run minion as root, but we tend to run masters as "salt" user.
15:26 hasues Ah, okay, so the master should run as a salt user?
15:26 ecdhe So the program can't be configured globally; it has to be configured per-user.
15:26 geekatcmu Oh, yeah, there is no reason for the master to run as root
15:27 ecdhe So I have a pillar with a list of users and their settings.
15:27 babilen hasues: We run the master as a different user ('salt' in our setup)
15:27 ecdhe Can I append this data to the pillar data in the users-formula to be more DRY?
15:27 hasues babilen: Okay.  Good to know.  Thanks for your help.
15:27 babilen np
15:28 ecdhe I don't want to repeat the user list in the users formula AND in my per-user program formula.
15:29 ramishra joined #salt
15:35 babilen hasues: https://www.refheap.com/92762 -- is the configuration we use for such a maste. It uses https://github.com/saltstack-formulas/salt-formula
15:36 rostam joined #salt
15:37 saffe joined #salt
15:40 saffe_ joined #salt
15:43 elextro joined #salt
15:43 elextro Does anybody know how to pass the service.running state some arguments?
15:43 babilen what kind of arguments?
15:44 mgw joined #salt
15:44 elextro I want the state to run 'service mysql start <arguments>'
15:44 babilen how highly irregular
15:44 elextro How do I pass the arguments through the sate?
15:44 elextro state*
15:45 babilen I don't think you can, but let me check
15:45 babilen No, you can't. Why would you want to do that?
15:46 elextro I'm deploying an application that requires some arguments to be taken in when starting the service :/
15:46 babilen mysql ?
15:46 elextro I guess I could just continue using the cmd.run state
15:46 elextro Yeah
15:46 ramishra joined #salt
15:46 rspectre joined #salt
15:46 elextro MariaDB/Galera
15:47 babilen Why don't you write a suitable init script? (it could read those values from, say, /etc/default/foobar)
15:47 babilen It is IMHO very bad style to require arguments to "service foo start"
15:48 imanc how can I do a dry run / highstate to see what states would get applied to a specific target?
15:48 elextro The CentOS version of the application has a bootstrap function, but  the Ubuntu does not :/
15:48 babilen imanc: Add "test=True" at the end
15:48 imanc babilen:  salt myhost highst test=True ?
15:48 ecdhe I am writing a formula that configures a program for selected users.  Is there any reason I shouldn't store my pillar data in the users-formula pillar file to be more DRY?
15:49 babilen imanc: No, "salt 'myhost' state.highstate test=True"
15:49 imanc babilen: super, thanks
15:50 babilen ecdhe: I am split on that. With proper pillar merging you can do that in a different SLS file, but you run into the danger that the users-formula (or reverse-users-formula (my preferred one)) starts using whatever keys you use in there
15:51 gngsk I thought salt couldn't merge pillars.
15:53 ecdhe babilen, wouldn't merging still mean that I have duplicate lists of usernames for the second file to be able to tack attributes on to existing users?
15:53 babilen ecdhe: It would, yes
15:54 rspectre Having a really weird issue with matching grains in a top file.  If I have a host with multiple entries under a roles grain, I won't match on a different grain called 'environment.'
15:54 rspectre - https://gist.github.com/anonymous/9a1a74dcec301986a1c2
15:54 TheThing joined #salt
15:54 rspectre But if a host only has one entry on 'roles', the 'environment:production' match will run those states.
15:54 gngsk Ahh, pillar namespaces can be merged.
15:55 babilen ecdhe: Which is yet another reason why I don't like it. Be explicit in your configuration. There is no good reason for mixing this
15:56 mgw joined #salt
15:57 bezeee joined #salt
15:57 Ozack1 joined #salt
16:01 ecdhe babilen, if I user.absent from the users-formula pillar, I don't like the idea of multiple other formulas trying to continue to maintain config files in a homedir that doesn't exist... perhaps this a good case for moving pillar to an RDMS.  That way a row-deletion can be configured to propagate to foreign-key linked attributes in other tables.
16:02 babilen ecdhe: I simply "include: - users" add "require: user: foo" and take it from there.
16:03 babilen But yeah, I understand the point you are making.
16:03 ramishra joined #salt
16:03 babilen I am split because I can understand the need to "maintain all data pertaining to a user in a single place" vs. "do not mix data pertaining to different formulas, states, services or programs"
16:04 saffe joined #salt
16:05 ecdhe babilen, I'd eventually like to share my work on github, so I want to avoid my nick becoming a swear word because of my pillar organization.
16:05 ecdhe Otherwise, I'd eschew convention and be as DRY as possible.
16:05 Ozack1 joined #salt
16:06 saffe joined #salt
16:07 ecdhe babilen, do you know if/where this has been discussed before?
16:07 iggy gngsk: it does, it's just non-deterministic as to how it does it (per the docs)
16:08 iggy we just manage users the old fashioned way... ldap
16:09 gngsk ok, i spent a bit of time yesterday working with the iptables-formula and it has this in the readme: "Salt can't merge pillars, so you can only define firewall:services in once place."
16:09 mpanetta That isn't true anymore
16:09 mpanetta As of 0.17 I think
16:09 rattmuff Is salt compatible with python-zmq as well as with chris-lea/zeromq ?
16:10 gngsk Hrmm, OK.
16:10 srage joined #salt
16:10 conan_the_destro joined #salt
16:10 iggy http://docs.saltstack.com/en/latest/topics/pillar/ read it about 5 times
16:11 iggy I've probably read that page 20 times
16:11 timoguin well i've probably read it 22 times
16:11 iggy and still run into issues from time to ttime
16:11 iggy so it's easier to just avoid pillar merging if you can
16:11 elfixit1 joined #salt
16:12 gngsk thanks
16:12 StDiluted joined #salt
16:13 jakubek joined #salt
16:13 fredvd joined #salt
16:13 jakubek hello, any ideas for rpm -U package.rpm with sources salt:// ?
16:14 jakubek or easier how to upgrade rpm installed on server with our rpm from salt://rpms/pkg.rpm
16:14 bhosmer joined #salt
16:15 cmthornton pkg.latest?
16:15 saffe joined #salt
16:15 dalexander joined #salt
16:16 cmthornton jakubek: try pkg.latest instead of pkg.installed?
16:19 dave_den joined #salt
16:22 jakubek cmthornton: "The "sources" parameter is not supported."
16:25 cmthornton jakubek: oh :/  I don't really know a good solution if that doesn't work. I think I ran into that before I moved all my rpms form my salt setup to a private yum repo on s3, it just ended up simplifying a lot of things
16:26 timoguin a private repo is probably the right way
16:26 saffe joined #salt
16:26 timoguin then you can just use pkg.latest and treat it like a normal package
16:26 cmthornton yep
16:27 iggy if your package doesn't have a version, it's not going to work either way...
16:28 jakubek my pkg has higher version than installed one
16:28 jakubek and I dont wan't to add private repo (it's workaround)
16:28 jakubek and from this machine i don't have any outgoing access
16:29 timoguin I wouldn't call having a private repo a workaround, more like the right way to do it.
16:29 timoguin But I digress
16:33 StDiluted has anyone played with packagecloud.io and salt together?
16:33 hobakill joined #salt
16:34 saffe joined #salt
16:34 glyf joined #salt
16:34 iggy their pricing seems pretty steep for what they offer
16:34 iggy I mean for 20/month, you can run a pretty decent sized instance on most cloud providers
16:35 StDiluted well, one of the apps i want to use has a packagecloud repo
16:35 StDiluted so i need to install something from there
16:35 timoguin StDiluted: looks like a pretty standard repo, so i see no reason why it wouldn't work
16:35 iggy oh, so you just mean to consume
16:35 StDiluted not looking to use them as a service
16:36 StDiluted timoguin: it works fine, I can install the repo and use packages. They have a script which will do things, as well as chef and puppet recipes
16:36 StDiluted I’m just wondering if anyone has messed with them in reference to salt
16:36 StDiluted things such as configuring the repo automatically, etc
16:37 iggy I don't see anything specific beyond the normal pkgrepo stuff
16:37 StDiluted they have a service that does this kind of thing: https://packagecloud.io/install/repositories/contribsys/inspeqtor/config_file.list?os=ubuntu&amp;dist=precise&amp;name=host
16:38 StDiluted as well as this kind of scripting: https://packagecloud.io/install/repositories/contribsys/inspeqtor/script.deb
16:38 StDiluted or https://packagecloud.io/install/repositories/contribsys/inspeqtor/script.rpm
16:38 StDiluted I’d rather not just curl and pipe it to bash
16:39 StDiluted so I’ve written a formula to do it somewhat manually
16:39 StDiluted but as of right now it will only work on ubuntu precise because I’ve hardcoded the pkgrepo stuff
16:40 jalbretsen joined #salt
16:41 lothiraldan joined #salt
16:42 dalibro joined #salt
16:42 beneggett joined #salt
16:43 cmthornton use a jinja.map and parameterize it per os family?
16:43 saffe joined #salt
16:44 gwb joined #salt
16:45 StDiluted yeah, could definitely do that if I felt like it.
16:45 StDiluted *shrug* I was just wondering if anyone had messed with it yet
16:46 cpowell joined #salt
16:47 cmthornton oh, sorry, I misread. I thought you were wondering what direction to go in to make it work for other OSes
16:47 StDiluted nah, I know how I would go about it
16:47 StDiluted I’m just lazy and dont like to write things others have already spent time on
16:48 mgw joined #salt
16:49 dalibro joined #salt
16:50 iggy this is the first I've heard of it
16:50 iggy so run with it!
16:51 smcquay joined #salt
16:52 b1nar1 joined #salt
16:53 thayne joined #salt
16:54 saffe joined #salt
16:54 n8n joined #salt
16:57 ekristen joined #salt
16:57 ekristen is it safe to purge the var/cache/master/minions directory?
17:00 mgw joined #salt
17:00 timoguin ekristen: yea it should be
17:00 jaimed joined #salt
17:00 dalibro joined #salt
17:03 meylor joined #salt
17:04 iggy one of my routine debugging steps when I first started with salt was to rm -rf /var/cache/salt/
17:04 iggy I don't suggest it regularly, but it's at least safe
17:04 KyleG joined #salt
17:04 KyleG joined #salt
17:06 ekristen iggy: kk, there is a nasty bug in rc5, it was fixed in rc7 of 2014.7 that if there was old cached data in the /var/salt/master/minions for a minion that has been deleted, salt would puke anytime you tried to do a search other then on minion ids
17:09 ekristen so mine.get is returning like all servers isntead of ones that just match the search string
17:12 b1nar1 joined #salt
17:12 iggy welcome to my world
17:13 iggy that bug was probably caused by the fix for my problem
17:13 jalbretsen joined #salt
17:13 iggy ekristen: is there a bug for that?
17:13 ekristen this is the first time I’ve seen it iggy
17:14 ekristen the mine.get
17:14 iggy https://github.com/saltstack/salt/issues/15673
17:14 iggy that was the original one
17:14 iggy what you're describing sounds different but related
17:15 mpanetta Oh no, not that bug again :(
17:16 ekristen yup
17:16 ekristen well so
17:16 ekristen here is the problem
17:17 ekristen the original fix to keep the cache broke searches
17:17 rattmuff babilen: I have got some logs from the issue we discussed earlier, should I create an issue at github for it? I'm afraid I can't stick around atm
17:17 ekristen the subsequent fix is to ignore old cache so it doesn’t break
17:17 ekristen but now my problem is that mine.get is returning like everything under the sun!
17:17 ekristen which is bad
17:17 ekristen I need to figure out a way to fix this ASAP
17:17 iggy there was a setting added
17:17 iggy look through that bug
17:18 aparsons joined #salt
17:18 ekristen don’t really care about the cache being held on to or not, its been fixed
17:18 ekristen and I have a work around
17:18 ekristen my issue is now that mine.get is matching every server
17:19 tligda joined #salt
17:20 meylor joined #salt
17:20 iggy it should have been added to rc4
17:20 iggy the fix for that problem
17:21 iggy I suggest you run a mine.update clear=True
17:21 iggy see if that helps
17:22 ekristen I’m on rc5
17:22 ekristen iggy: ok, Ill run it
17:23 tfield joined #salt
17:23 possibilities joined #salt
17:24 troyready joined #salt
17:24 Setsuna666 joined #salt
17:25 ekristen what kind of hardware are you running your salt master on iggy?
17:26 babilen rattmuff: Sounds like a plan
17:28 saffe joined #salt
17:29 rattmuff babilen: thanks for your assistance, posted the issue here if you are interested: https://github.com/saltstack/salt/issues/17193
17:29 rattmuff really have to rush away as i'm already late i'm afraid :(
17:29 iggy ekristen: GCE instances... not that it should matter
17:30 ekristen iggy: I’m thinking that some of my problems are lack of resources
17:32 iggy oh, we've got 4 masters ranging from f1-micro to n1-standard-2
17:32 iggy using ~10 formulas and about 30 of our own "formulas"
17:33 glyf joined #salt
17:33 ekristen iggy: I’ll do a test.ping against 70 servers and get no responses from an average of 15-20 of them every time, and my load average skyrockets to 8 for 1 minute, then quickly dies down, i’m wondering if salt-master and zeromq can’t handle the test.ping against that many servers
17:33 iggy I think the most states that any of our minions have is ~100
17:33 alice|wl left #salt
17:33 iggy nope, there's one with 117
17:33 murrdoc joined #salt
17:35 SheetiS joined #salt
17:35 iggy our busiest master has ~40 minions on it
17:37 wendall911 joined #salt
17:39 ekristen well I guess i’m going to upgrade my master to 2014.7.0 and see if the bug still exists.
17:39 ekristen if it does its a pretty critical one
17:42 fragamus joined #salt
17:46 ekristen ok iggy I upgraded to the latest version
17:46 ekristen now mine doesn’t work at all :/
17:47 cwright can someone tell me what the +ds means in the saucy/trusty ubuntu packages? http://ppa.launchpad.net/saltstack/salt/ubuntu/pool/main/s/salt/
17:48 ekristen basepi: you around?
17:48 iggy cwright: probably just to avoid collisions with upstream
17:49 tomspur joined #salt
17:49 fxhp joined #salt
17:51 MrFuzz joined #salt
18:02 lemoi joined #salt
18:02 forrest joined #salt
18:02 rostam joined #salt
18:03 pjs_ joined #salt
18:03 baconbeckons joined #salt
18:05 BrendanGilmore joined #salt
18:06 X86BSD joined #salt
18:07 jayne joined #salt
18:08 Ryan_Lane joined #salt
18:10 baconbeckons joined #salt
18:10 ekristen basepi: think we have a serious bug — https://github.com/saltstack/salt/issues/17194
18:11 brendangilmor joined #salt
18:11 ekristen my entire saltstack setup is down right now because I have multiple states that rely on mine.get and publish.publish
18:11 glyf joined #salt
18:12 basepi ekristen: compound and pillar matching are temporarily disabled on publish and mine calls, because you could conceivably infer pillar data using them. they will be re-enabled in 2014.7.1, though pillar matching will not support globbing
18:13 ekristen I was matching on grains using compound
18:13 ekristen that is a pretty fraking huge thing to disable
18:13 ekristen how can I re-enable it?
18:13 basepi I'll get you the patch, it's pretty easy to re-enable
18:13 iggy that probably deserves a mention in the release notes...
18:13 mpanetta Oh crap.  That means we can't use 2014.7 :(
18:13 bhosmer_ joined #salt
18:13 iggy we rely pretty heavily on that too
18:13 fragamus joined #salt
18:13 basepi Crap, I forgot to add it to the release notes. >.<
18:14 dave_den joined #salt
18:14 ekristen I should just have to patch teh master right?
18:14 denstark joined #salt
18:14 basepi I didn't realize so many people were using it, I'll get the proper fix in ASAP and we can release a 2014.7.1
18:14 ekristen basepi: thanks!
18:14 basepi Nah, we disabled it on the minions as well, but it would be super straightforward to sync a custom module down
18:14 mpanetta basepi: Thank you :)
18:14 basepi to fix it
18:15 ekristen basepi: not sure why it all of a sudden stopped working for me though, I’ve been running rc5 for a while
18:15 ekristen I guess because of the cache
18:15 basepi Well, that fix went in rc6 or rc7
18:15 ekristen I cleared /var/cache/salt and all went to hell after that
18:15 geekatcmu the more painful a feature is to maintain, the larger the portion of the user base relying on it
18:15 basepi I thought
18:15 denstark Hello! This is a silly question, but I'd like to run a simple command to add a host entry, but I don't want to write a module for it. I tried doing "salt 'hostname' salt.states.host.present name ip" but I'm obviously doing something wrong
18:15 basepi maybe it was in rc5
18:16 iggy denstark: you run modules from the command line usually
18:17 saffe joined #salt
18:17 Katafalkas joined #salt
18:17 iggy denstark: so just hosts.set_host ip alias
18:17 denstark iggy: so I should just write a sls file and run that?
18:18 iggy I guess it depends what you are trying to do
18:18 denstark I just want to add a host entry one-off on a machine
18:19 denstark (using salt ;))
18:21 ekristen basepi: well if you can link me to how to re-enable it, I’d greatly appreciate it, as my entire infrastructure is down until then, and so are all my deployments
18:22 basepi ekristen: will do, one moment
18:22 basepi ekristen: can you check your logs? the minion logs should have errors saying compound matching is disabled
18:22 basepi guess i should have had it in the actual output, not just the logs
18:22 basepi i just want to make sure the logs are indeed firing
18:23 ekristen ok let me check
18:23 saffe joined #salt
18:24 N-Mi_ joined #salt
18:24 ekristen so from the master I ran `sudo salt '*dev-appnode*' mine.get 'G@environment:dev and G@roles:redis' network.interfaces compound` and checked the target minion, and it didn’t say anything about compound matching being disabled
18:24 basepi ekristen: here's the patch disabling. if you just delete those lines from masterapi.py and then sync down an older version of the mine and publish modules, everything should start working
18:24 ekristen now mind you my minions are all rc5
18:24 basepi ah, yes, they wouldn't have it
18:24 basepi and i didn't log anything in the master end
18:24 basepi ekristen: https://github.com/saltstack/salt/pull/17001/files
18:24 basepi sorry, link would be good
18:24 ekristen basepi: ok so I can downgrade my master back to rc5
18:25 basepi yes, that would solve it just fine
18:25 iggy denstark: what I said will work for that
18:25 ekristen my problem was that in rc5 mine.get started to return every server no matter what the search was
18:25 basepi ekristen: that's weird...
18:25 basepi sounds like it could be a cache issue, or another bug, unrelated to my changes
18:25 ekristen yeah, not good, same effect essentially, my entire deployment system not usable
18:25 ekristen basepi: I cleared /var/cache/salt
18:26 ekristen because I ran into the bug with old minions in master/minions that were causing searchs to fail
18:26 ekristen and then all hell broke loose
18:26 ekristen so I was trying to upgrade to the latest to make sure it wasn’t already fixed
18:26 iggy did you try the mine.update flush=True that I said?
18:26 ekristen iggy: yes
18:26 ekristen nothing works
18:26 ekristen as far as I can tell the cache looks good
18:27 ekristen I went and looked at a couple of the mine.p files and looks like they had valid data
18:27 ekristen it was like the compound searches were just matching every server no matter what
18:27 iggy did you look through that bug I posted?
18:28 cberndt joined #salt
18:28 ekristen iggy: yes
18:29 ekristen basepi: ok I’m downgrading back to rc5 for now
18:29 basepi ekristen: sounds good. sorry for the inconvenience
18:29 ekristen I’ll upgrade everything once 2014.7.1 comes out with the proper fix for the mine/publish funtions until then I have to figure out why mine.get is returning every server
18:30 Ryan_Lane basepi: a default was changed in an rc? :(
18:30 forrest joined #salt
18:30 cpowell joined #salt
18:36 ekristen basepi: https://github.com/saltstack/salt/issues/17196
18:36 ekristen another issues
18:36 iggy ekristen: did you try commenting out the the last 3 lines of class Key -> check_minion_cache() ?
18:36 ekristen iggy: I cleared the cache, so there isn’t any bad minion cache that is interferring now
18:36 basepi Ryan_Lane: eh?
18:36 iggy cool... just throwing out suggestions
18:36 ekristen its only a problem if there is a folder in the master/minions and no more key in the salt-master for the minion
18:36 ekristen yeah no worries
18:37 iggy if you're sure it's not going to help... carry on
18:37 ekristen iggy: I’m not, just not to the point where I’m going to hack on code, but reading the code it shouldn’t help, since the folder + key is no longer there
18:37 Ryan_Lane basepi: that mine thing was a change that works in rc5 and doesn't work in 2014.7?
18:37 ekristen but I really do appreciate the suggestion
18:37 Ryan_Lane because default behavior changed?
18:38 basepi Ryan_Lane: Yes, it changed. Less than ideal, but it was security-related
18:38 druonysus joined #salt
18:38 Ryan_Lane ah
18:38 basepi Ryan_Lane: working on a less-intrusive fix for 2014.7.1 now
18:38 * Ryan_Lane nods
18:38 Ryan_Lane that's a bit painful
18:38 basepi Agreed. And I was naive to think that that wasn't in heavy use
18:39 basepi It's my bad, for sure.
18:39 ekristen basepi: so I still have a big problem, see https://github.com/saltstack/salt/issues/17196 — would love some advice on where to look? Basically test.ping with the searches work, but mine.get is all over the place, either returns every server, or no server
18:39 basepi Should have just done the correct fix from the beginning.
18:39 iggy what's the worry... that someone is going to get control over your salt master and run salt looking for specific pillars to match?
18:39 ekristen basepi: life happens
18:40 cpowell joined #salt
18:40 basepi iggy: nah. if you can match by pillar with globbing, and you know a pillar key exists, you can do mine.get 'mysshkey:A*' then 'mysshkey:B*' etc and brute force pillar data that way
18:41 basepi So we have to disable pillar glob matching for any functionality where minions target other minions
18:41 basepi The quick fix was disabling pillar and compound matching entirely, and that was the wrong fix in hindsight. Should have just done it right from the beginning
18:41 mpanetta_ joined #salt
18:42 iggy I guess you couldn't just disable pillar and compound w/ pillar matching
18:42 iggy meh, if you're working on a proper fix, I'll shut up and let you get to it ;)
18:42 ekristen basepi: agreed, but hindsight is 20/20, you all made the call you needed to at the time, its all good, jsut glad it was something to easily identify on the behavior
18:43 iwishiwerearobot joined #salt
18:43 ekristen not my other problem, not so good
18:43 ekristen now*
18:43 gngsk Anyone here familiar with the sudoers formula? I'm getting an unbound local error from jinja when I try to spit use an included_file with the sudoers.included state.
18:43 * iggy sees this coming up a lot over the next couple weeks (like the broken masterless pillars in 2014.1.11)
18:43 ekristen gngsk: I’m familiar
18:43 skyler joined #salt
18:44 gngsk ekristen: It looks like the included.sls state passes the sudoers dict to the jinja context correctly but it seems to not work.
18:44 basepi ekristen: definitely not good
18:44 basepi I've labeled it accordingly
18:45 ekristen basepi: thanks, any idea where I can start to look on how to help try and fix this?
18:45 saffe joined #salt
18:45 gngsk ekristen: https://www.refheap.com/92770
18:45 mpanetta joined #salt
18:45 SheetiS gngsk: what OS is your minion?
18:46 gngsk CentOS 6.5
18:46 SheetiS gngsk: the sudoers formula will break on a default CentOS6 install as the version of Jinja2 is too old.
18:46 basepi Honestly, beyond my compound match disabling patch, I haven't been in that code for a long time. So I'm not sure off the top of my head. The weirdest part is that it was working on 2014.7.0rc5 previously
18:46 gngsk Ahhh
18:46 SheetiS Update your jinja2 (can do it with pip install --upgrade or via the pip state) for the minions
18:46 gngsk let me see what version of jinja2 it is running
18:46 SheetiS then restart salt
18:46 gngsk neat
18:46 saffe_ joined #salt
18:46 SheetiS 2.2.x is what I think CentOS6 will give you
18:47 basepi ekristen: it's possible there are stale pyc files or something -- perhaps you should delete salt from dist-packages and reinstall?
18:47 ekristen basepi: I could do that
18:47 ekristen just on the master? or you thinking the minion too?
18:47 ekristen I don’t know where the “matching” and stuff is actually done
18:47 SheetiS salt-call --versions-report should give you info on what is being used gngsk
18:48 gngsk python-jinja2.x86_64  2.2.1-2.el6_5     @updates
18:48 maxleonca joined #salt
18:48 babilen Sorry, just stumbled in and glimpsed at the backlog: Did I understand it correct that both compound and pillar matching are disabled for states in 2014.7.0 ?
18:48 maxleonca Hi guys, very basic question I think.
18:48 iggy babilen: si
18:48 babilen *correctly
18:48 gngsk SheetiS: Any idea what version I need to fix this issue?
18:48 maxleonca While using file.append on a state, how do you determine the context for it?
18:48 SheetiS pip will give you 2.7.x which I know works
18:48 iggy babilen: afaict in top.sls and on the command line
18:48 babilen iggy: So things like "foo.* and not *.com": - match: compound (or anything more complicated) won't work?
18:49 gngsk hrmm, ok
18:49 gngsk thanks
18:49 SheetiS I am not sure the specific version it changed
18:49 SheetiS but it has to do with multiple context variables being passed
18:49 iggy babilen: correct
18:49 SheetiS the first one takes, but the second one doesn't
18:49 babilen That's ... horrible
18:49 iggy I think someone realizes that now ;)
18:50 babilen I think everybody with a setup that goes beyond playing around with salt will rely heavily on compound matching ...
18:50 Gareth morning morning
18:50 ekristen babilen: they are working on fixing it properly — it was an oversight to disable it the way they did, basepi is on it right now
18:51 ryuhei joined #salt
18:51 basepi babilen: compound matching is not disabled
18:51 basepi it's *only* disabled for mine and publish calls
18:51 babilen So, what is disabled? Sorry, could read the entire backlog, but thought I'd ask
18:51 babilen Ah, okay .. that is a *much* smaller scope
18:51 basepi mine.get and publish.publish allow minions to target other minions
18:51 basepi yes
18:52 babilen *phew*
18:52 basepi If I disabled compound matching globally I would expect to have an angry mob burn down my house.
18:52 babilen Still not nice, but not nearly as horrible as I feared it would be
18:52 basepi ;)
18:52 babilen exactly
18:52 * babilen laughs
18:52 iggy ahh, I misunderstood the scope
18:52 ryuhei salt-api returns this: * SSL read: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number, errno 0
18:52 ekristen basepi: still no go, mine.get for compound searches will always return every minion’s information
18:53 hasues What user is used by salt-cloud to login and install salt-minion?
18:53 iggy that still completely hoses quite a few of our states
18:53 basepi ekristen: I'm mystified.
18:53 basepi iggy: Working on a fix as we speak. =)
18:53 patarr left #salt
18:53 iggy I know
18:54 iggy I'm just glad it came up before I tried to upgrade
18:54 patarr joined #salt
18:54 iggy since (as we've already covered) it's not mentioned in the release notes
18:54 patarr joined #salt
18:55 babilen At least we are on top of things :)
18:55 perfectsine joined #salt
18:56 basepi iggy: as soon as docs rebuild, it's mentioned in the release notes
18:56 iggy ^5
18:56 Gareth basepi: So I should cancel the angry mob for this morning?
18:56 saffe joined #salt
18:56 babilen morning? ENOENDOFWORK
18:56 basepi Gareth: yes please! ;)
18:57 Gareth basepi: aww. they were so looking forward to it though.
18:57 * Gareth sends them to UtahDave's house instead
18:58 basepi hehe
18:59 davedash joined #salt
19:00 ndrei joined #salt
19:06 pipps joined #salt
19:07 pedro joined #salt
19:07 pedro hello
19:08 pedro I am deploying a bash script via cmd.run
19:08 saffe joined #salt
19:08 ryuhei rolling back cherrypy fixed it :/
19:08 saffe joined #salt
19:09 pedro but the script will stay up, because is suppose to monitor a file directory. I just want salt master to deploy the command and not to wait for the cmd to finish
19:10 iggy &
19:11 aw110f joined #salt
19:11 pedro so it should be " -name: bash mescript.sh &" (minus the double quotes)
19:12 saffe joined #salt
19:13 scryptic1 joined #salt
19:14 meylor joined #salt
19:15 rawzone joined #salt
19:16 lz-dylan hey folks :)
19:16 lz-dylan anyone feeling comfortable with salt-cloud?
19:16 lz-dylan I'm trying to clean up my cloud.providers and cloud.profiles, but when I use the 'extend' keyword in cloud.providers, salt-cloud reads the conf file and then just sits there forever.
19:18 Mso150 joined #salt
19:19 thedodd joined #salt
19:20 ninkotech joined #salt
19:24 rap424 joined #salt
19:24 ckao joined #salt
19:25 glyf joined #salt
19:25 baconbeckons joined #salt
19:25 saffe joined #salt
19:25 murrdoc joined #salt
19:29 pipps joined #salt
19:30 MugginsM joined #salt
19:30 forrest joined #salt
19:30 whiteinge ryuhei: glad you got it working. I haven't had time to look at the changes in the latest CherryPy release to see what has changed and update rest_cherrypy accordingly.
19:31 whiteinge ryuhei: I know 3.2.4 is a working release. is that what you landed on?
19:31 lz-dylan here's what I'm seeing with salt-cloud: https://gist.github.com/arubis/254c47d582c2631fcff2
19:32 wifininja joined #salt
19:34 lz-dylan if I revise the provider using the 'extend' keyword in cloud.providers.d/ec2.conf from 'extends: my-aws-ubuntu' to 'extends: my-aws-ubuntu:ec2' then salt-cloud complains that the cloud provider alias doesn't have a provider setting, and removes it from available providers.
19:34 ryuhei whiteinge: it's 3.2.2
19:35 ryuhei latest one for ubuntu 14.04 package
19:35 * whiteinge nods
19:36 ryuhei i didnt think cherrypy would give me headache heh
19:36 whiteinge it's usually pretty drama-free. i'm unsure (yet) of what changed with the SSL stuff
19:37 ryuhei configuration of cloud profile/providers for 2014.7 is pretty much same as 2014.1?
19:37 pssblts joined #salt
19:37 whiteinge yes
19:37 ryuhei thanks!
19:38 mapu joined #salt
19:41 anotherZero joined #salt
19:45 scryptic1 hello...If I wanted to execute a salt state within a custom runner module, what would be the best way to go about doing so?
19:45 Corey If I have a pile of machines of the form dingus01.vlan.dc.domain.com, and the machine's role is "dingus", how do I set this as a grain globally? I *can* set it explicitly per machine (which is crappy), I have to wonder if there's a sane way to set this from the master.
19:45 lz-dylan ...huh. and if I manually add 'provider: ec2' to the "extended" provider, it appears to work. why is that needed when it's specified in the provider block that it's extending?
19:47 ekristen anyone know how to refresh the data.p directories of the minions on the master?
19:47 babilen scryptic1: You typically wouldn't execute a "state", but call functions in other modules
19:47 kickerdog joined #salt
19:47 kickerdog having some trouble with the netowrk.system state on fedora 20
19:47 kickerdog http://pastebin.com/x4c0Zxs9
19:48 lemoi I have a salt state which reloads the iptables service once changes have been made to the ruleset. However, the service cannot be reloaded if it hasn't been started yet. What would be the cleanest way of checking whether the service is running already and if true => reload, if not true then start?
19:50 scryptic1_ joined #salt
19:51 alex-mesos joined #salt
19:51 scryptic1_ sorry I got kicked out. so I have several states that I want to execute in a particular order from within a runner, so that I run some logic against the returned json from each state and decide whether or not to proceed to the next.
19:53 alex-mesos joined #salt
19:54 fragamus joined #salt
19:55 meylor joined #salt
19:57 beneggett joined #salt
19:59 iggy Corey: write a custom grain module that parses the host name or do {% if 'dingus' in salt['grains.get']('nodename') %}
20:00 rjc joined #salt
20:09 rjc joined #salt
20:11 dude051 joined #salt
20:12 lz-dylan okay. still confused over the syntactical requirements for cloud.providers, but at least it's _working_ :)
20:13 lz-dylan can someone give me a hand with basic reactor syntax? I haven't used reactor before.
20:13 SheetiS lz-dylan: what are you wanting to do with your reactor?  I can share some of what I have.
20:14 lz-dylan I dropped the example code for reactor-based highstate (15.11.1.5 from http://docs.saltstack.com/en/latest/topics/cloud/reactor.html) into my setup (into /etc/salt/master.d/reactor.conf and /srv/reactor/startup_highstate.sls) and can see that salt/cloud/*/created fires in the debug log, but then I just get `[ERROR   ] Failed to render "/srv/reactor/startup_highstate.sls"`
20:15 lz-dylan I'd like to get to the point where I can utilize ec2 autoscaling, but starting with the basics of having salt react to a salt-cloud instance creation seems like a step in the right direction :)
20:15 SheetiS can you pastebin your startup_highstate.sls?
20:15 lz-dylan it's identical to the #/srv/reactor/startup_highstate.sls section in http://docs.saltstack.com/en/latest/topics/cloud/reactor.html#example-reactor-based-highstate
20:15 SheetiS Here's what I do after a salt/cloud/*/created for example:
20:15 SheetiS https://bpaste.net/show/111fe976403a
20:16 SheetiS hmm the data dict from salt cloud doesn't have an 'id' key
20:16 SheetiS it has a 'name' key instead
20:16 lz-dylan ...that would probably do it!
20:16 SheetiS when I had to listen to the events to see that
20:17 SheetiS one of the examples above shows a data['name'']
20:17 SheetiS or whatever
20:18 lz-dylan cool beans. I've revised the state file and am running a new salt-cloud create. will let you know what happens in ~3 minutes.
20:19 charby joined #salt
20:19 lz-dylan might be worth revising those docs...are they in github also?
20:19 SheetiS all the docs are in the https://github.com/saltstack/salt/ project
20:20 SheetiS https://raw.githubusercontent.com/saltstack/salt/develop/doc/topics/cloud/reactor.rst for example
20:20 chitown is there a way to deliberatley fail a state?
20:20 SheetiS chitown: there is one in 2014.7, let me find it really quick.
20:20 chitown i have some jinja code that in an sls... if the jinja returns a false...
20:21 charby Hello, can someone give me the correct loglevel to output all commands run from master on any minion?  Need it to start logging for audit purposes
20:21 chitown oh... 2014.7... sigh... when will the pkg repos get a pkg?
20:21 dude051 joined #salt
20:21 chitown for me: ubuntu
20:21 SheetiS well you can probably make this available in _modules
20:21 SheetiS to do what you want
20:22 lz-dylan SheetiS: looks like data['name'] works. thanks so much!
20:22 gngsk Jinja2 question. Is there a difference between {% stuff %} and {% stuff -%} ? I didn't see anything mentioned in the jinja docs.
20:23 chitown SheetiS: duh, good point :)
20:24 SheetiS gngsk: the - is used to delete whitespace
20:24 TheThing joined #salt
20:24 SheetiS so the 2nd one deletes whitespace after the close of the jinja section
20:24 SheetiS and {%- delete whitespace before
20:24 chitown SheetiS: did you find it?
20:24 SheetiS chitown: still looking
20:24 chitown something like "test.fail"
20:24 chitown k, no hurry. :)
20:25 SheetiS chitown: I think it is salt['test.exception']('I am dying now and making your state error out')
20:26 SheetiS you will need this module file as I think it is not in 2014.1: https://github.com/saltstack/salt/blob/develop/salt/modules/test.py
20:26 gngsk SheetiS: Ahh, that makes sense. Thanks again!
20:27 SheetiS and if you are doing it in jinja, you need to do a 'do'
20:27 SheetiS so {% do salt['test.exception']('message') %}
20:27 SheetiS something like that
20:27 SheetiS gngsk: no problem
20:28 bhosmer_ joined #salt
20:28 scryptic1_ Does anyone know how to create vm's in parallel when using the profile function? ( CloudClient)
20:29 SheetiS salt-cloud has a --parallel option
20:29 SheetiS if that is what you mean.
20:29 SheetiS ahh you mean via api
20:29 scryptic1_ ... yeah api
20:30 scryptic1_ I don't see anything in the docs for parallel
20:30 mpanetta scryptic1_: I just use cmd_async
20:31 scryptic1_ how are you calling out to salt-cloud from the cmd async function?
20:31 mpanetta scryptic1_: jid = salt.cmd_async('dex', 'cloud.profile', [node['profile'], node['name'], {'grains': {'cluster': cluster_name}}], ret='mongo_future_return') <-- that is how I do parallel deployment when using the API
20:31 rspectre Trying to wrap my head around reactors - trying to get this salt state to take a newly created VM, perform a highstate and then reboot: https://gist.github.com/anonymous/32db4bb3734c423d54c0
20:32 rspectre Anyone have some suggestions?
20:32 mpanetta scryptic1_: Is that what you mean?
20:33 ingwaem joined #salt
20:33 higgs001 joined #salt
20:33 nitti joined #salt
20:33 scryptic1_ yep I believe so... I think that would work, but my concern is that sometimes the salt_bootstrap script fails and I'm not sure how a returned jid would let me know that
20:33 mpanetta Hmmm
20:34 mpanetta You would have to query the job cache
20:34 SheetiS rspectre: you want to reboot the minion that ran the highstate, correct?
20:34 StDiluted joined #salt
20:34 SheetiS the return dict for the jid should have what you need,  you might need to watch the event a time or 2 to see how the data is formatted though.
20:34 SheetiS (2nd sentence for scryptic1_)
20:34 baconbeckons does orchestrate control the order of execution in my top.sls state or does it replace top.ls?
20:35 rspectre SheetiS: Affirm - would like after the host is created to have the minion perform the highstate, then upon completion reboot the host.
20:35 bluenemo joined #salt
20:35 scryptic1_ ok that should be enough to get me started...thank you mpanetta and sheetiS
20:35 bluenemo hi guys. a nooby jinja question: when I have sth like   {% for user in salt['pillar.get']('example:users', {}) %}   what does the {} at the end stand for exactly? and what is the difference between [] and {} here?
20:36 mpanetta No problem
20:36 SheetiS rspectre: if you remove the part about rebooting, does the highstate run with just the first half of that?.  You might have to do the reboot after highstate a different way.
20:36 murrdoc joined #salt
20:36 rspectre SheetiS: Affirm - can get the highstate to run.
20:36 SheetiS bluenemo: The {} stands for a default of an empty dictionary.  a [] would indicate an empty list instead.
20:37 rspectre SheetiS: getting the reboot to fire afterward has me nonplussed.
20:37 SheetiS dictionary and list in the pythonic sense of the words.
20:40 charby Hello, I have changed the log_level_logfile to trace and I still can't seen the commands being run on salt-master in /var/log/salt/master.   Is there another place where it says commands run by default?
20:41 aboe joined #salt
20:42 SheetiS rspectre: ok, well the first thing is that multiple items in the reactor like that won't wait for the completion of the others.  What version of salt are you running?  With 2014.7, you can add inline pillar data, and I would do it like this: 1.) add a reboot state to your highstate that requires a pillar value of reboot: True and ensure it is ordered last 2.) pass the pillar of reboot: True via the kwargs method.
20:42 SheetiS There might be some issues with getting a return from the highstate this way though
20:42 SheetiS if the reboot kills the salt-minion before it returns.
20:42 rspectre SheetiS: 2014.1.13.
20:43 SheetiS hmm would have to come up with another way in that version as the passing the pillar kwarg does nothing in 2014.1
20:44 mpanetta Watch for reboot loops ;)
20:44 SheetiS mpanetta++ indeed
20:44 SheetiS another way would be to react to the return of the highstate, but I don't know how to differentiate from a 'first highstate' vs other highstates.
20:45 SheetiS Is the reboot needed?
20:45 possibilities joined #salt
20:45 SheetiS Maybe the problem could be solved in a way that doesn't require a reboot
20:45 rspectre Think we have that covered by keeping these states in a reactor responding only to salt/cloud/*/created...
20:46 pduersteler joined #salt
20:46 rspectre Want to make sure we have a clean reboot after applying updates to bash, openssl, etc. to older image.
20:46 SheetiS ahh I see.  Understandable.
20:48 SheetiS I don't know that you can get there with a single reactor in 2014.1.  Does anyone know here if the data dict gets passed to an orchestration called from the reactor?
20:48 SheetiS I've not tried that case, but it might work as a way to handle.
20:48 pduersteler hi all. looking for a hint about how to structure things.. aim: config for primary, secondary, and satellite postfix (different files to manage). works fine with setting the config paths through pillars and applying e.g. postfix.primary pillar to a minion. However, how do I set a default variable value without having to "mess up" the view with salt['pillar.get'] and a default value? I'd like to have the values stored outside compl
20:49 SheetiS rspectre: just thinking out loud of the best way to assist.
20:50 rspectre SheetiS: Reactors appear a little underdocumented currently.  Is there a parameter to fire an arbitrary event after running the highstate?
20:50 SheetiS rspectre: if you fire something else there, it will run more or less at the same time as the highstate
20:50 rspectre SheetiS: If I could a created/reboot event after a successful highstate, that would work.
20:50 SheetiS and you will get a reboot mid-highstate
20:50 SheetiS that was why I thought possibly calling an orchestration might be better
20:50 SheetiS but the data dict has to make it through
20:50 SheetiS to be able to target properly
20:52 rspectre This doesn't seem like a thing that should be that hard to set up.
20:52 bhosmer_ joined #salt
20:53 jhauser joined #salt
20:54 fragamus joined #salt
20:54 ekristen joined #salt
20:56 nitti joined #salt
20:56 ekristen basepi: looks like I’m back up and running 98%, I have to go through and check on all my minions now and make sure they are all running properly
20:57 cheus joined #salt
20:58 nitti_ joined #salt
20:59 jevonearth joined #salt
20:59 pipps joined #salt
21:00 druonysuse joined #salt
21:00 druonysuse joined #salt
21:00 charby Can anyone help me figure out how to log every command run from salt master on any minion?  log_level_logfile doesn't seem to be doing it
21:00 ekristen basepi: maybe I’m not in the clear
21:00 ekristen all of a sudden I’m getting “Failed to authenticate message” thousands of times in my master log
21:01 jevonearth Hi Guys, looking for some help on salt-ssh and rosters. The docs are a bit light. Specifcally, I want to prevent salt-ssh from prompting to add keys to known_hosts.
21:02 iggy ssh_config StrictHostKeyChecking no
21:03 jevonearth iggy: so I configure that in my local ssh config, as opposed to passing such config options via salts config?
21:03 iggy that's what I'd do
21:03 iggy I mean I almost always do that anyway
21:04 jevonearth That works, but isn't ideal, as now I don't do key checking for typical ssh access.
21:04 iggy *shrug* maybe someone that actually uses salt-ssh will speak up
21:04 jevonearth but thank you, I will use this for now :)
21:05 Mso150 joined #salt
21:06 dude051 joined #salt
21:06 srage joined #salt
21:07 Ryan_Lane1 joined #salt
21:07 Mso150_o joined #salt
21:09 SheetiS rspectre: I am testing an orchestration as the answer to your question right now.  I'll now more in 2-3 minutes
21:09 rspectre SheetiS: Much obliged.
21:09 kickerdog joined #salt
21:10 SheetiS I've wanted to use some orchestration in my salt-cloud reactions anyhow, so this just gives me an excuse to test
21:10 kickerdog joined #salt
21:10 jevonearth I can override the ssh config file using the -c command, so: salt-ssh -c path/to/custom/ssh/config '*' test.ping
21:10 srage_ joined #salt
21:10 jevonearth will work
21:10 mpanetta SheetiS: Can you call arbitrary runners from reactors?
21:10 SheetiS yeah
21:11 SheetiS I just don't know if the data dict makes it into the orchestrate sls
21:11 SheetiS which is what is needed to make it useful to me
21:11 mpanetta Hmm, never hurts to try I guess :)
21:12 mpanetta SheetiS: What is the 'data dict'?  Do you mean some pillar data or is it something else?
21:12 nitti joined #salt
21:12 nitti joined #salt
21:13 SheetiS mpanetta: the dict 'data' that comes from the event that the reactor can get things such as data['id'] or data['name'].  I assume it gets lost when leaving the reactor
21:15 SheetiS hmm so I can call the orchestration, but data dict doesn't come along that i can see
21:15 SheetiS (I think this is the same in states, so doesn't surprise me)
21:17 mpanetta SheetiS: Could you assign pillar based on the data dict?
21:18 mpanetta Ive not actually done anything with 'data' yet in my experiments...
21:18 SheetiS mpanetta: In 2014.7 it would work for him that way, but in 2014.1 cannot pass kwargs (including pillar) from reactors.
21:18 TTimo joined #salt
21:18 mpanetta Ah ok
21:18 SheetiS otherwise this would be easy
21:18 mpanetta Nothing is ever easy :P
21:24 SheetiS rspectre: I have a work around for the 2014.1 case, but it is ugly.  You have to make an external script (either a python one that uses salt api calls or bash that calls salt <target> state.highstate pillar={'reboot': True}) to pass the pillar data, then call that script with a cmd.run and make the target one of the args it reads.  Then you'd add a reboot state to your highstate that only runs if it sees the reboot pillar as True (with a default to False i
21:24 ndrei joined #salt
21:26 * SheetiS should probably just update to 2014.7 and not wait for release.
21:27 possibilities joined #salt
21:28 murrdoc yes
21:30 karimb joined #salt
21:33 MrFuzz when I call an external pillar in the master config am I required to pass it arguments? the way that Im trying to setup the external pillar is so that everything is generated and returned by the external pillar on its own
21:33 meylor joined #salt
21:36 charby is there any salt-master command logging?  how can I see who set a group of minions to highstate?
21:37 charby I'm using /var/log/salt/master on debug level but it does not show me anything
21:37 mpanetta charby: Most of the logging is done on the minions I think
21:38 mpanetta You could always just watch the event bus
21:38 mpanetta It tells you who fired the command
21:38 charby Ok, thanks.  Do you know if there is a config to change that to a central location?  I guess that would mean changing the minion config file across all my minions
21:38 aparsons if any of you guys are in SF and want free beer + dinner, check out LinkedIn's tech talk tongiht.  http://www.eventbrite.com/e/technical-deep-dive-linkedin-sf-tickets-14049702037?utm_campaign=new_eventv2&amp;utm_medium=email&amp;utm_source=eb_email&amp;utm_term=eventname_text
21:38 mpanetta Yeah I don't think there is
21:41 charby sorry @mpanetta, I'm a noob.  where is the event bus?
21:42 mpanetta charby: Check section 6.4 here: http://docs.saltstack.com/en/latest/topics/reactor/index.html
21:42 lz-dylan It doesn't look like states.boto_asg knows how to chat with salt-cloud. Can salt-cloud be used to stand up an autoscale group?
21:43 mpanetta charby: This might also help: http://docs.saltstack.com/en/latest/topics/event/index.html
21:43 iggy SheetiS: not if you use mine/publish.publish with compound or pillar matching
21:43 charby ah okay.  However, not sure if this will work for exporting to external logging platform
21:44 mpanetta charby: You would have to write a shim to translate the data  probably
21:44 SheetiS iggy: I saw that :(
21:45 ChrisCox joined #salt
21:45 mpanetta charby: You could watch for http://docs.saltstack.com/en/latest/topics/event/master_events.html#job-events And log them all to a file.  That might help
21:46 mpanetta You would only have to listen for the new job events
21:46 beneggett joined #salt
21:46 charby Awesome, I think that is what I need.  So a little python script that monitors events and logs them
21:47 charby thanks mpanetta
21:47 mpanetta Speaking of events and auditing, I noticed the other day, that (at least in 2014.7.rc6) the user field in a new job event is filled with sudo_<user> if you do sudo salt blah blah blah
21:47 mpanetta Which is kinda cool
21:47 mpanetta charby: No problem
21:47 * mpanetta is a big fan of the event bus :P
21:47 iggy I need to move to SF for all the free beer/grub linkedin is always doing
21:47 charby haha
21:50 forrest iggy: you just have to trade all your personal information, problem solved.
21:51 heaumer joined #salt
21:52 giantlock joined #salt
21:54 iggy speaking of forrest...
21:55 forrest what's up?
21:55 iggy got the aptly formula fixed up(ish)
21:55 forrest nice, did you fork off mine?
21:56 iggy not sure what direction you were planning on going with the create/publish stuff
21:56 lz-dylan say, does the dockerio state still depend on docker-py in 2014.7?
21:56 jevonearth Is 2014.7.0 released? according to: https://github.com/saltstack/salt/releases it looks like it has been.
21:56 iggy but I generalized it and shoved the repo config in pillar
21:56 forrest iggy: honestly I wasn't sure. I just put those up there as examples so people would have an idea where to go.
21:56 forrest Since everyone would most likely want their own weird naming schemes and stuff.
21:57 lz-dylan I'm finding that when I bootstrap a new instance with 2014.1 and run highstate (which contains both a pip install of docker-py and a docker.pulled state) that it consistently fails to run docker.pulled, and running it a second time succeeds (presumably the minion needs docker-py available at startup). I'd love it if that were resolved in .7 :)
21:58 badon_ joined #salt
21:59 forrest iggy: Can you push your fork back to github if you're working on master? Last change I see in your repo is still mine
21:59 forrest jevonearth: I believe so, might still be some packaging that needs to occur.
22:00 mosen joined #salt
22:00 charby wow this event bus is VERY informative and EXACTLY what I need.
22:00 iggy forrest: https://gist.github.com/iggy/09a2d843ff2e02619ba9
22:01 iggy that's what I'm working with right now... need to go back and test it on a fresh system
22:01 bluenemo joined #salt
22:01 bluenemo do you guys know a reasonably short document describing the role of 0mq in saltstack?
22:02 geekatcmu "event bus"
22:02 geekatcmu There's your short document.
22:02 ryuhei is there any way to pre-install salt-minion ?
22:02 beneggett joined #salt
22:02 forrest iggy: That looks pretty good, puts a lot more 'load' onto the pillar in regards to naming of repos and such, but I like the overall idea, and obviously the gpg key fix is great.
22:03 iggy that just seems to be how most formulas work
22:03 kermit joined #salt
22:03 ryuhei i ll be spinning up many droplets at digital ocean.. and wondering if I can install salt-minion first and make image snapshot to spin up droplets from
22:03 aparsons_ joined #salt
22:03 iggy and rightfully so... keeps the actual formula pretty static, then the users just have to set pillars correctly
22:04 baconbeckons joined #salt
22:04 iggy ryuhei: if you use salt-cloud, it'll do it for you
22:04 forrest ryuhei: You can, just keep in mind if they connect to the master that a key pair will be generated. I'd just use salt-cloud instead of copying images if you can.
22:04 forrest iggy: Yeah it's fine by me.
22:04 ryuhei hmm ok i ll take look at salt-cloud.. thanks for advise!
22:05 kballou joined #salt
22:05 meylor joined #salt
22:07 baconbeckons is an hour and a half long enough to repost a question? :)
22:07 baconbeckons does orchestrate control the order of execution in my top.sls state or does it replace top.sls?
22:07 possibilities joined #salt
22:08 ryuhei I'm actually using salt-cloud to spin up droplets at digital ocean, and i know it does install salt-minion on the droplets
22:09 ryuhei i wonder if i can pre-install salt-minion to avoid salt-minion installation by pre-installing first on a snapshot.
22:09 ryuhei I just want to shorten the boot time.
22:09 baconbeckons ryuhei: i’m jumping in only knowing part of the conversation, but i don’t see a reason that you couldn’t do that
22:09 ryuhei not boot time but.. the time to complete spin up
22:10 baconbeckons ryuhei: i would do that with a lot of common installs
22:11 baconbeckons before my states take over, there is a lot going on with apt-get updating and installing base packages. skipping that would save a lot of time on a new spin up
22:11 ryuhei right
22:11 iggy the nice thing about salt-cloud is it goes ahead and does all the key stuff on the master
22:11 iggy so if you put salt-minion in your image, you still have to accept the key on the master
22:12 forrest baconbeckons: I haven't messed with orchestrate enough to know, manfred have you?
22:12 ryuhei yup
22:12 baconbeckons forrest: maybe i’m dense, but the docs don’t make it very clear what defines the high state
22:13 baconbeckons iggy: if ryuhei preinstalls salt-minion, i don’t believe that prevents salt-cloud from seeding the keys, does it?
22:13 ryuhei i tried once and they didnt communicate
22:14 ryuhei I spin up minion using salt-master.. then took snapshot of it.
22:14 ryuhei and spin up another minion using the snapshot.
22:15 iggy salt-cloud won't overwrite existing config files (afaik), so no it wouldn't
22:15 ryuhei ah..
22:16 baconbeckons joined #salt
22:16 iggy you could try setting the minion to not start up automatically and wiping it's keys/etc
22:16 baconbeckons iggy: so he could preinstall salt-minion but remove the config files before creating the image?
22:17 iggy but I doubt that'll work
22:17 baconbeckons iggy ruins all of my plans ;)
22:17 ryuhei heh
22:17 iggy it's worth a try
22:18 ryuhei i guess key/config installation comes with salt-minion installtion.. or check for file existence?
22:18 iggy but you need to make sure you set it no to start (or it'll regen the key, etc. on startup)
22:18 ryuhei ok i ll just try and will let you know then
22:18 ryuhei start..salt-minion?
22:18 iggy yes
22:18 ryuhei ok
22:20 iwishiwerearobot joined #salt
22:26 mpanetta charby: Glad it has what you need :)
22:27 kingston joined #salt
22:27 kingston howdy
22:28 kingston I just have a question on docker, I have been using salt and salt cloud for sometime. A new project has come up in the office and is based on docker
22:29 kingston they have put salt on the side because I was told that docker support is not stable
22:29 kingston is this true?
22:29 kingston or still young...
22:29 iggy support is stable... the API isn't
22:29 iggy i.e. you may have to change your states at some point
22:29 kingston ah
22:32 jalaziz joined #salt
22:33 Ryan_Lane joined #salt
22:41 ryuhei how would i not start salt-minion on the original minion?
22:43 ghanima joined #salt
22:43 ghanima hello all
22:43 intellix joined #salt
22:43 ghanima was wondering if someone can point me to some python that generates data for mine
22:45 gmcwhistler joined #salt
22:46 baconbeckons the docs talk about using IAM to manage AWS access in the boto states, but I can’t figure out how I’m setting the IAM role that the boto state should use http://docs.saltstack.com/en/latest/ref/states/all/salt.states.boto_asg.html
22:52 pipps joined #salt
22:53 pipps99 joined #salt
23:00 yomilk joined #salt
23:03 ryuhei hm
23:03 ryuhei it worked
23:04 ryuhei i can probably then omit apt-get update on bootstrap script.
23:05 druonysus joined #salt
23:05 druonysus joined #salt
23:05 godzilla74 joined #salt
23:05 rattmuff joined #salt
23:10 possibilities joined #salt
23:12 iggy there's a command line option to do that
23:12 skyler joined #salt
23:12 ryuhei omit apt-get update?
23:13 iggy nvm, I was thinking of the thing to fully upgrade before
23:13 ryuhei ooh
23:14 jalaziz joined #salt
23:15 badon_ joined #salt
23:21 rattmuff joined #salt
23:22 catpigger joined #salt
23:25 jalaziz joined #salt
23:25 skyler So is 2014.7 actually out? I see a release for it on github, but here and in the documentation it still says that 2014.1.13 is the latest.
23:26 catpigger hi, having a bit of a confusing issue with salt 2014.1.13 on gentoo. python dies with a unicode error. ive got pastebins of the output as well as the statefile it's on (or that i think it's on)
23:27 catpigger error: pastebin.com/M0GB8j4r various-basic-confs.sls: pastebin.com/q6iPLGEn
23:27 Gareth skyler: Is it.  There hasn't been a formal announcement yet, once packages are available then an announcement will be made.
23:28 iggy there you go forrest
23:28 Cottser I've seen a few examples in the wild and blog posts of state IDs using whitespace, dots, etc. is this alright or am I going to regret going down that path?
23:29 skyler Gareth: That makes sense that  they would need the packages to be out first before announcing it. Here is the list of releases on github https://github.com/saltstack/salt/releases
23:29 Cottser most seem to use dashes, underscores etc
23:29 forrest iggy: looks good, merged, and making a PR against the official rep[o now
23:29 catpigger whats confusing is that the state file doesnt contain any non-ascii
23:30 forrest iggy: https://github.com/saltstack-formulas/aptly-formula/pull/1
23:31 pssblts joined #salt
23:31 psidox joined #salt
23:32 catpigger ah ok i found the issue, it stumbles over non-ascii in one of the files being watched by salt
23:32 iggy that darned nmadhok is too fast
23:32 catpigger that's not supposed to happen, right?
23:33 Gareth skyler: check tags.
23:33 iggy catpigger: python2's unicode support is notoriously... poor
23:34 ryuhei iggy, baconbeckons: so i wasn't able to disable auto start salt-minion.. so i just let it be.. removed minion config file and pki folder..and it worked!
23:34 catpigger iggy, i know, i have run into that exact error message about 500 times in my own code ;)
23:34 skyler Gareth: Yep, in tags I see 2014.7.0. I guess that will probably be what they release.
23:34 iggy ryuhei: how much time did you save?
23:34 ryuhei i get response from minions
23:34 catpigger hence i dont really dare trying to patch it myself
23:34 psidox Question: Say I am on a minion and want to develop/debug a state, what is the development flow? Can I edit the sls file right on the minion or does it need to be pushed from the master?
23:34 ryuhei also i commented out apt-get update.. it saved me about a min
23:35 ryuhei iggy: boots up and ready in  around 2mins
23:35 Gareth skyler: I believe you can install it via pip too.
23:35 catpigger i'll take a note, confirm if bug still exists in latest -trunk when i have a spare hour, and open a bug if necessary
23:35 godzilla74 newbie question... but the readthedocs don't reference where to create an SLS file... should that just be in /etc/salt/ ?
23:36 bhosmer_ joined #salt
23:36 catpigger godzilla74, usually /srv
23:36 catpigger ie you start in /srv/salt/top.sls
23:36 godzilla74 ah, thanks!
23:36 iggy godzilla74: it can be wherever (as long as it's somewhere under your file_roots which is /srv/salt by default)
23:36 psidox can someone answer my newbie question? :D
23:36 catpigger iggy, oh so i can put .sls files into sub directories?
23:36 iggy catpigger: yes
23:36 iggy multiple even
23:37 catpigger nice
23:37 catpigger wish i had known that 5 minutes ago when i moved all salt-handled files to a copy of the native file structure lol
23:37 psidox I actually want to map my minion sls file path, to a shared directly with vagrant
23:37 iggy there are some examples of pretty complex state trees out there
23:37 hasues joined #salt
23:38 hasues left #salt
23:38 catpigger psidox, dunno, but just try it i'd say
23:38 catpigger i always make edits on the master
23:39 viq joined #salt
23:39 viq joined #salt
23:39 psidox catpigger: I guess the problem is the master does not have the required modules and needs to execute on the minion
23:39 psidox or I’d be doing edits on master
23:40 psidox I know I can push the states out, forget the command but would be nice for developer flow to be able to edit on minion
23:41 ryuhei iggy, baconbeckons: thanks alot for your help!
23:43 catpigger psidox, well my personal workflow is to edit on the master, then i ssh into each minion, check what it would do, and only then apply the state
23:43 catpigger but that may not work for you
23:43 psidox gotcha
23:43 aquinas joined #salt
23:44 catpigger also, single-user salt here atm. so nobody gets in my way, and if i break the states i just check my git until i see what it is
23:47 iggy catpigger: why do you login to the minions?
23:48 mosen joined #salt
23:48 meylor joined #salt
23:49 catpigger iggy, i often cant apply everything immediately so i make changes manually
23:50 catpigger bringing ~50 servers from "totally manual" into salt
23:50 catpigger without any explicit time allotment, just slyly on the side ;)
23:50 catpigger got sick of not knowing whats going on
23:50 cads joined #salt
23:51 zenlogix joined #salt
23:52 viq state.something test=True  ?
23:52 pipps joined #salt
23:52 iggy ahh, was going to say you could just do 'salt minion01 state.highstate test=True' but it sounds like it's more of a prior workflow thing
23:52 meylor1 joined #salt
23:53 TheThing joined #salt
23:53 StDiluted anyone else see the salt-master process pegging the CPU on a regular pattern?
23:53 catpigger yeah we always just log in directly to the server and make the changes. the difference now is that before a file is changed i put in salt. then we change whatever we change, and once it is verified working i put it in salt
23:53 StDiluted about once every 60 seconds
23:54 psidox StDiluted: I was seeing some weird CPU usage and this is only with a few minions with a newb setup, just playing around.  It was more often than 60s though
23:54 catpigger viq, i need to start using that, but my approach for this is i need to do X on server Y, so i do that as described above. then put it in salt. then i'll be on another server, do the same, and also apply any changes (largely making things consistent/centrally recording differences) resulting from the previous one. then onto the next server
23:54 zenlogix anyone has a pattern or a gist to use a ISS response file with the win_pkg module. I see how to pass argument but cant figure out how to push the file first. Im checking the source code of the module and there is no obvious way...
23:54 StDiluted yeah this is with one minion
23:55 catpigger the idea is to exclude the possibility of anything going wrong because i make a mistake in salt. approaching this very cautiously, they are all production systems
23:55 StDiluted about every 60 seconds, regularly, I get “/usr/bin/python2 /usr/bin/salt-master -d” taking up about 85% CPU
23:55 StDiluted 4138 root       20   0  905M  536M  3008 R 80.0 14.2     190h /usr/bin/python2 /usr/bin/salt-master -d
23:55 viq StDiluted: that's when cache checking and git refreshes happen
23:56 glyf joined #salt
23:56 viq At least by default, every 60s
23:56 MTecknology I'm trying to figure out how to manage root passwords on linux boxes using salt. I want all servers except select groups to have unique passwords, but I don't want to manage a giant pile of passwords... I'm thinking something like {% if grains['id'].startswith('a') %} root_pass: foo {% elif ...
23:56 MTecknology that seems silly too, though
23:56 MTecknology and I still need to get that gitlab-ci server working...
23:57 StDiluted viq: http://imgur.com/LXFWJCx
23:57 StDiluted that seems a little high for usage
23:57 iggy MTecknology: why do you have root passwords?
23:57 StDiluted if it’s just checking cache and refreshing
23:57 catpigger MTecknology, risky, if anyone discovers your method you're completely hosed. but if you're gonna do this i would probably go with hashing (obv with a salt) something like mac address and HDD serial number
23:58 viq StDiluted: curious, what generated that graph?
23:58 StDiluted viq: mist.io
23:58 iggy StDiluted: what is the master?
23:58 viq thanks
23:58 catpigger iggy, valid question. we have root pws because we're only two admins and there is no separation on the account level. ssh is only with certificate though
23:58 StDiluted m3.medium AWS instance running AWS Linux
23:58 iggy if it's like a f1-micro or something... not surprising
23:59 MTecknology the reason for root passwords... long story, shortest possible version: I'm the only linux guy and someone needs to be able to pick up if I rage quit (most likely option) without having to hire someone to set if from a chroot.
23:59 iggy turn the debuging up and watch the logs when it's spiking...
23:59 catpigger haha
23:59 StDiluted it’s a single vCPU and 3.75GB RAM

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary