Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2014-11-18

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:01 aurynn forrest, I can do that; is there a doc describing the process of contributing?
00:01 yomilk joined #salt
00:04 jonatas_oliveira joined #salt
00:04 aurynn setval also appears to be transient on rebooting a machine, with salt-ssh
00:07 jonatas__ joined #salt
00:08 forrest aurynn: http://docs.saltstack.com/en/latest/topics/development/contributing.html for getting the repo set up, and http://docs.saltstack.com/en/latest/topics/development/conventions/documentation.html#salt-docs for contributing to the docs, it's pretty easy.
00:08 aurynn forrest, thanks :)
00:08 forrest aurynn: yeah np! Thanks for taking a crack at updating the docs to make them more accurate
00:08 TheThing_ joined #salt
00:09 aurynn I have noticed quite a few places where the docs are wrote
00:09 aurynn er
00:09 aurynn wrong
00:10 cholcombe973 can the salt minions write data back to pillar?
00:10 cholcombe973 or some other form of storage for later?
00:10 aurynn cholcombe973, you can use the event system for that, but it's hacky
00:10 cholcombe973 hacky how?
00:10 dstufft salt mine is for this
00:11 cholcombe973 salt mine sounds about what i'm looking for
00:11 aurynn or that
00:11 aurynn :)
00:11 cholcombe973 when i run a command on my minion it generates an ID that i need to save
00:13 aparsons joined #salt
00:16 sashka_ua_ joined #salt
00:16 otter768 joined #salt
00:18 aurynn manually creating /etc/salt/grains and injecting my value on the salt-ssh node, it doesn't persist. That's interesting.
00:18 aurynn where is it trying to persist *to*
00:18 aurynn if I do a set/get, it's there..
00:18 slafs left #salt
00:21 spielberg joined #salt
00:24 TheThing joined #salt
00:24 elfixit joined #salt
00:24 aurynn ah. So it's writing into /tmp
00:24 shaggy_surfer joined #salt
00:26 aurynn which is why it's non-persistent
00:29 aurynn so I guess the next question is "how do I tell it to write somewhere else" ?
00:29 aurynn :)
00:29 MugginsM cheat by faking TMPDIR?  That can't possibly go wrong
00:30 aurynn I forsee suffering on that approach
00:30 cholcombe973 joined #salt
00:31 CeBe1 joined #salt
00:31 TheThing|24-7 joined #salt
00:32 cholcombe973 i'm a little confused in pillar how you give an object attributes that is passed to jinja
00:39 saltnube joined #salt
00:43 aurynn got it!
00:43 aurynn setting thin_dir in the roster file controls where it writes
00:45 alexr joined #salt
00:47 wahsb joined #salt
00:53 aqua^mac joined #salt
00:55 dstokes should onfail prevent the specified sls from running unless the state fails?
00:55 dstokes i have a state file with two states (one cmd + one error handler) and they both run every time
00:57 g4rlic left #salt
01:00 pdayton joined #salt
01:07 dstokes i see what's happening now. the onfail requisite is reporting a failure because the state it's watching succeeded. any way to silence this?
01:08 dstokes the onfail requisite should exit cleanly if the state it's watching is successful
01:10 murrdoc try onlify ?
01:11 dstokes but the error state is based on the result of another state. onlyif runs shell commands no?
01:11 dstokes murrdoc: "The interpretation of onlyif and unless arguments are identical to those of cmd.run"
01:12 gngsk joined #salt
01:12 murrdoc oh sorry
01:12 cmthornton onlyif and unless on anything other than cmd states is deprecated, I think?
01:13 murrdoc so you need a state to run only if another state failed
01:13 TTimo joined #salt
01:15 jalbretsen joined #salt
01:19 wahsb any guidance / docs to install / build a package from srpm on a rhel system?
01:23 genediazjr joined #salt
01:24 shaggy_surfer joined #salt
01:24 LeProvokateur joined #salt
01:24 whatapain http://wiki.centos.org/HowTos/RebuildSRPM
01:25 tafa2 what dyu guys use for server monitoring?
01:25 Eugene Nagios.
01:26 whatapain i use diamond -> graphite for metrics and then i use nagios to monitor metrics and ping hosts and services
01:26 wahsb ...with salt that is
01:26 whatapain salt isn't a server monitoring tool
01:27 whatapain seems like you're asking how to drive in a nail with a peanut butter and jelly sandwich
01:28 geekatcmu also, why doesn't it taste like anchovy?
01:28 aurynn salt is a remote execution system that grew a configuration management toolchain. It's not for monitoring.
01:28 pdayton joined #salt
01:28 Eugene I've considered writing a nagios by_salt plugin to do the monitoring, then threw it out because it was too much damned work.
01:29 Eugene I stick with by_ssh or NRPE, as appropriate.
01:29 aurynn I guess you could use the event system to do monitoring... but why would you? You have nagios already
01:29 whatapain ugh
01:29 aurynn also it'd be so much work
01:29 kballou joined #salt
01:29 jcockhren tafa2: I've used Newrelic
01:30 tafa2 jcockhren im using newrelic
01:30 jcockhren I'm moving to nagios+graphite
01:30 Eugene And it wouldn't cover everything else nagios does. Like fill your SMS inbox with crap!
01:30 whatapain if you're going to do it in that capacity write tool to post a command to a host then check the results.  based on the results of the run from the api return your nagios exit code
01:30 tafa2 but need long data
01:30 whatapain your nagios check runtime will be hilarious
01:31 jcockhren tafa2: what type of data? as in incidents? or something like what graphite provides?
01:31 tafa2 i basically need whats on NR
01:31 tafa2 ram b/w hdd
01:31 * geekatcmu can see feeding Nagios the (suitably laundered) results of the event buss.
01:31 tafa2 thats why nagios is kind of overkill for me
01:31 whatapain gather metrics into timeseries database then use nagios checks to monitor values in your db
01:32 whatapain you should be pulling all of that into a central location for visualization anyway
01:32 jcockhren tafa2: hosted graphite maybe?
01:32 jcockhren or what whatapain said
01:32 whatapain diamond or collecl -> graphite or influxdb
01:32 whatapain win
01:32 tafa2 nagios is so ugly though :P
01:32 whatapain collect
01:33 tafa2 collectd?
01:33 geekatcmu tafa2: omdistro.org
01:33 geekatcmu Nagios will be, not beautiful, but vastly more useful.
01:33 whatapain any agent that spits out metrics to a timeseries database will do
01:33 geekatcmu collectd can be great.
01:33 whatapain people keep trying to replace nagios with new fancy shit and it's never as good or as simplistic as nagios is
01:33 jcockhren tafa2: https://www.hostedgraphite.com/
01:33 geekatcmu whatapain: that's why I like omdistro.org
01:34 geekatcmu It's Nagios+all the extra stuff you usually have to build/install/configure yourself, rolled up into a single package.
01:34 tafa2 geekatcmu nice!
01:34 tafa2 i dont know why everyone is obsessed with graphing
01:34 tafa2 dont need it
01:34 whatapain *facepalm*
01:34 * whatapain walks away
01:34 jcockhren tafa2: you said something that NR gives you?
01:34 aurynn because humans are bad at visualising things
01:34 geekatcmu If you want to do classic Nagios configuration, you can.  If you want to move up to more shiny stuff, you can do really nice stuff.
01:34 * tafa2 likes raw
01:35 aurynn and graphs make it easier to see stuff
01:35 geekatcmu tafa2: Because human beings are visual creatures.
01:35 tafa2 i suppose
01:35 tafa2 jcockhren yeah
01:35 jcockhren in fact, you can create your own visualizations that fit your needs. not just the run of the mill NR gives you
01:36 MugginsM I'm setting up graphite at the moment (once I get salt working with docker) and it's really nice having a quick visual of our system stats
01:36 geekatcmu You can claim that you like the raw stuff, but I guarantee you that unless you are literally a one-in-a-billion freak of nature, your brain will grasp the data in a graph far faster than you can extract meaning from numbers.
01:36 jcockhren during investigations, metrics across sources usually correlate
01:36 tafa2 geekatcmu ur right
01:36 tafa2 but so many of these are bloated
01:36 MugginsM can see at a glance that two seemingly unrelated graphs spike at the same time, etc
01:36 tafa2 and way to heavy
01:36 geekatcmu "bloated and heavy" is entirely different from what you said before.
01:36 tafa2 zabbix/zenoos/opennms
01:37 geekatcmu Language is important.
01:37 geekatcmu zabbix/zenos are extremely heavy
01:37 jcockhren diamond -> hosted graphite. all you install is the agent and configure
01:37 geekatcmu (I don't know opennms at all)
01:37 jcockhren there's also datadog.com
01:37 jcockhren statsd and all
01:37 tafa2 datadog is cool
01:37 tafa2 but expensive
01:37 Ryan_Lane joined #salt
01:37 jcockhren heh true
01:37 geekatcmu Nagios is pretty lightweight, and the omdistro version can be easily made to scale (into thousands) without a lot of effort.
01:38 jcockhren https://www.icinga.org/
01:38 tehmasp joined #salt
01:38 tafa2 geekatcmu ill check it out :)
01:38 jcockhren 2 days away from the web UI 2 release
01:38 geekatcmu Icinga is Nagios with a database backend and potentially database-backed configuration.  It also offers some very nice failover/HA capabilities missing from pure Nagios.
01:39 tafa2 with graphite is it possible to see which process are consuming the most ram over time?
01:39 tafa2 (not on a graph? :P)
01:39 geekatcmu And there's sensu if you want to explore a different scheduling engine
01:39 geekatcmu if you are submitting per-process information, yes.
01:40 jcockhren tafa2: https://github.com/BrightcoveOS/Diamond
01:40 jcockhren actually... https://github.com/python-diamond/Diamond
01:40 TyrfingMjolnir joined #salt
01:40 tafa2 cool!
01:40 MugginsM graphite provides the data via an API so, for example, we have nagios alerting if (calculated) values on a graph go outside a certain range.
01:40 MugginsM no visuals required :)
01:41 jcockhren the maintainer (diamond) is doing a threaded rewrite
01:42 abe_music joined #salt
01:43 bhosmer joined #salt
01:47 lahwran joined #salt
01:54 meylor joined #salt
01:57 pdayton1 joined #salt
01:57 genediazjr joined #salt
01:58 alexr joined #salt
01:59 TOoSmOotH joined #salt
02:00 murrdoc joined #salt
02:06 TTimo joined #salt
02:08 jp_ joined #salt
02:11 LeProvokateur joined #salt
02:14 murrdoc joined #salt
02:17 LeProvokateur joined #salt
02:19 shaggy_surfer joined #salt
02:20 joevartuli joined #salt
02:22 joevartuli left #salt
02:26 thayne joined #salt
02:32 gngsk joined #salt
02:37 malinoff joined #salt
02:40 yomilk_ joined #salt
02:45 LeProvokateur joined #salt
02:45 spielberg joined #salt
02:48 tmh1999 joined #salt
02:50 mosen joined #salt
02:50 LeProvokateur joined #salt
02:54 marnom joined #salt
02:55 nitti joined #salt
02:56 genediazjr joined #salt
03:01 TOoSmOotH joined #salt
03:09 LeProvokateur joined #salt
03:13 delinquentme so if $nc -v -z salt.master.ip 4505 doesn't run ... and I've installed netcat ... what do I need to configure to get the salt.master.ip namespace to resolve??
03:14 genediazjr joined #salt
03:14 scryptic1 joined #salt
03:15 scryptic1 Has anyone ran into an issue with a custom runner module where keyword arguments don't work? I've written one today and the first keyword argument (string) works perfectly but the second returns "The following keyword arguments are not valid: release_tag='...' "
03:25 TOoSmOotH joined #salt
03:31 Eugene literally, 'salt.master.ip' ? Point that machine's /etc/resolv.conf(or other DNS resolution mechanism....) at the server which is responsible for that (non-standard-TLD!) domain name.
03:33 claytron joined #salt
03:46 yetAnotherZero joined #salt
03:51 beneggett joined #salt
03:56 TOoSmOotH joined #salt
03:56 gngsk joined #salt
03:59 Ryan_Lane joined #salt
04:00 pdayton joined #salt
04:01 Ryan_Lane joined #salt
04:07 TOoSmOotH joined #salt
04:17 beneggett joined #salt
04:17 Gnouc joined #salt
04:21 ajolo joined #salt
04:23 mafrosis joined #salt
04:24 mafrosis lo salters - anyone had success with the cron module
04:25 mafrosis I’m seeing the state work correctly, but cron never actually does its thing under Ubuntu
04:25 jalaziz joined #salt
04:25 wt joined #salt
04:26 pdayton1 joined #salt
04:31 oldmantaiter joined #salt
04:32 pdayton joined #salt
04:34 luminous mafrosis: check logs?
04:34 mafrosis luminous: there’s nothing in syslog; I’ve never used these crontabs in /var/spool
04:35 mafrosis so I wondered if there’s any gotchas ppl might know of
04:37 smcquay joined #salt
04:38 aparsons joined #salt
04:41 luminous mafrosis: not that I know of, but be sure what you are trying to do works outside salt as well
04:42 mafrosis yeah of course. the same one-liner works in /etc/crontab - ill have to debug it in some detail when I have time
04:42 mafrosis thanks for replying, luminous!
05:00 ginger_tone joined #salt
05:01 ginger_tone What is this yumpkg.check_db used for ? http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.yumpkg.html#salt.modules.yumpkg.check_db
05:06 Outlander joined #salt
05:13 TOoSmOotH joined #salt
05:15 kermit joined #salt
05:17 meylor joined #salt
05:20 ndrei joined #salt
05:28 genediazjr joined #salt
05:38 miqui joined #salt
05:41 TheThing joined #salt
05:42 felskrone joined #salt
05:43 yomilk joined #salt
05:44 nnion joined #salt
05:44 TTimo joined #salt
05:45 bhosmer joined #salt
05:45 JoeHazzers joined #salt
05:46 rap424 joined #salt
05:47 ramteid joined #salt
05:52 carlos_felix joined #salt
06:07 Nilium joined #salt
06:08 TOoSmOotH joined #salt
06:11 scarcry joined #salt
06:11 yani joined #salt
06:12 dooshtuRabbit joined #salt
06:19 linjan joined #salt
06:25 jonatas_oliveira joined #salt
06:30 beneggett joined #salt
06:33 luminous when using the py renderer, can you include other .sls?
06:43 smcquay joined #salt
06:45 CeBe joined #salt
06:55 TyrfingMjolnir joined #salt
06:55 genediazjr joined #salt
07:02 colttt joined #salt
07:19 CeBe joined #salt
07:22 dgil joined #salt
07:24 oyvjel joined #salt
07:28 genediazjr joined #salt
07:32 ldlework How deep can you nest your salt states?
07:32 ldlework The documentation only ever seems to go one path deep
07:33 ldlework can I have a foo.bar.baz state from foo/bar/baz.sls ?
07:33 genediazjr joined #salt
07:36 shyam joined #salt
07:36 shyam HI All
07:36 shyam getting 1 small error with yaml file
07:37 shyam [ERROR   ] An un-handled exception was caught by salt's global exception handler: ScannerError: while scanning for the next token found character '%' that cannot start any token   in "<string>", line 2, column 6:         {% if 'microsoft.office' in salt[ ...
07:37 shyam pls suggest
07:38 mosen ldlework: yep
07:38 malinoff shyam, http://pastie.org your state file
07:39 shyam ok pasting it
07:40 shyam malinoff pls chk
07:41 b1nar1_ joined #salt
07:41 malinoff shyam, check what?
07:41 shyam pls chk http://pastie.org/9726997
07:44 malinoff shyam, looks like a valid state file. Probably you have some issues with syntax before that line
07:44 dooshtuRabbit1 joined #salt
07:46 shyam which line malinoff I am not able to resolve it
07:46 malinoff shyam, the line salt is reporting about
07:46 malinoff > {% if 'microsoft.office' in salt[ ...
07:47 TTimo joined #salt
07:47 shyam yaa actually I got this code from git hub
07:48 flyboy joined #salt
07:51 shyam malinoff . what need to done in this to accomplish this any idea
07:51 genediazjr joined #salt
07:57 CeBe joined #salt
07:59 malinoff shyam, i guess you should try to run your states separately using salt \* state.sls one by one; you will see where is the problem actually
07:59 ysiad joined #salt
07:59 malinoff and -l debug is also may useful
08:03 lcavassa joined #salt
08:05 \ask joined #salt
08:07 genediazjr joined #salt
08:07 chiui joined #salt
08:11 genediazjr joined #salt
08:14 jonatas_oliveira joined #salt
08:19 luminous ldlework: yes you can
08:20 pdayton joined #salt
08:20 dooshtuRabbit joined #salt
08:26 shorty_mu joined #salt
08:27 JordanTesting joined #salt
08:27 install_nixos joined #salt
08:27 wiqd joined #salt
08:27 codekobe_ joined #salt
08:27 pwiebe___ joined #salt
08:27 munhitsu___ joined #salt
08:27 akoumjian_ joined #salt
08:27 lkannan joined #salt
08:27 octarine joined #salt
08:28 scalability-junk joined #salt
08:28 neilf______ joined #salt
08:28 grepory joined #salt
08:28 whiteinge joined #salt
08:30 CeBe joined #salt
08:34 l|ll||l|lll|l|l| joined #salt
08:37 l|ll||l|lll|l|l| left #salt
08:38 __gotcha joined #salt
08:48 TTimo joined #salt
08:48 alanpearce joined #salt
08:50 intellix joined #salt
08:51 CycloHex joined #salt
08:53 CycloHex I have a state file that installs xinetd and ensures the service is running. on every highstate however. it restarts the service. This is not wanted
08:55 CycloHex how can I make it stop restarting every time? When I ps ax | grep xinetd it shows me that it is running. I noticed on my ubuntu's where xinetd is a version higher, it doesn't always restart. Debian doesn't have this version in its aptitude
08:56 aurynn are you using watch in your service.running state?
08:56 CycloHex OR! Is it possible to give arguments? for instane I' dlike it to run the service with option --nofork
08:56 CycloHex yes, but the file isn't changing
08:56 CycloHex aurynn:
08:56 aurynn are you sure?
08:57 CycloHex yes, my highstate overview shows me tha tnothing has changed, except for the xinetd service
08:57 aurynn hm. anything using watch_in?
08:58 aurynn does the service xinetd status return running?
08:59 CeBe joined #salt
08:59 CycloHex aurynn: how to check the service status? by execing ps ax ?
08:59 aurynn 'service' should be a program on your app
08:59 aurynn er
08:59 aurynn server
08:59 CycloHex nothing uses watch_in, no. As I said, my complete highstate turns up green, except for my xinetd.. And on my ubuntu's which are on a newer version of xinetd and use the argument --nofork it doesn't get restarted
09:00 CycloHex wheneve rI try service xinetd status it shows me the usage
09:02 CycloHex aurynn: thanks! the version I'm running on my debian servers are incompatible with salt, they don't support the command service xinetd status
09:02 CycloHex th eones on my ubuntu machines do
09:03 aurynn this sounds like an issue with the initscript and salt getting confused
09:04 CycloHex yes, indeed.. But the initscript isn't made by me.. I installed xinetd with pkg installed state, so :D nothing to do about it imo...
09:09 ckao joined #salt
09:10 slav0nic joined #salt
09:10 slav0nic joined #salt
09:10 Morbus joined #salt
09:12 CycloHex aurynn: I added a status option (copied from my ubuntu) and now it works.. Thanks for getting me on the right track, man!
09:12 aurynn you're welcome :)
09:15 PI-Lloyd joined #salt
09:15 genediazjr joined #salt
09:16 wnkz_ joined #salt
09:16 agend joined #salt
09:16 CeBe joined #salt
09:29 Damoun joined #salt
09:30 karimb joined #salt
09:33 delinquentme joined #salt
09:43 ilbot3 joined #salt
09:43 Topic for #salt is now Welcome to #salt | SaltConf 2015 Call for Speakers is open! http://saltconf.com/call-for-speakers/ | 2014.1.13 is the latest | Help us test the 2014.7 RC! http://bit.ly/salt-rc | Please be patient when asking questions as we are volunteers and may not have immediate answers | Channel logs are available at http://irclog.perlgeek.de/salt/
09:46 jhauser joined #salt
09:55 gindaz joined #salt
09:55 gindaz hi everyone
09:55 slafs joined #salt
09:55 slafs left #salt
09:55 gindaz test:
09:55 gindaz cmd.run:
09:55 gindaz - name: |
09:55 gindaz mkdir /root/test
09:55 gindaz touch /root/test/testfile
09:55 gindaz i get yaml render error on the above
09:55 gindaz why is that?
09:55 gindaz isnt it legimitate syndax?
09:58 viq gindaz: 1) use some pasting site 2) one more space before - name, 3 more space before lines below it
09:58 ingwaem joined #salt
10:01 gindaz hi Viq
10:01 gindaz http://justpaste.it/i1f6
10:01 gindaz i still get unknown yampl render error
10:02 gindaz strange i used this syntax before an had no issues
10:02 viq gindaz: actually, I think it should be - names: and then a list
10:02 gindaz Rendering SLS "test:collectd" failed: Unknown yaml render error; line 5
10:03 gindaz ok ill check
10:03 viq https://www.refheap.com/93557
10:03 jonatas_oliveira joined #salt
10:05 gindaz thatns viq
10:05 gindaz that did the trick
10:05 gindaz i used this method before http://stackoverflow.com/questions/19640829/how-can-i-execute-multiple-commands-using-salt-stack
10:05 gindaz and it worked
10:06 gindaz dont know why now it didnt
10:06 gindaz nevertheless
10:06 gindaz thanks for the help
10:06 jhauser joined #salt
10:07 shorty_mu left #salt
10:07 viq gindaz: not enough indentation, I would say
10:13 alexr__ joined #salt
10:20 saltuser left #salt
10:24 ingwaem joined #salt
10:25 DaveQB joined #salt
10:33 giantlock joined #salt
10:44 jhauser joined #salt
10:46 ysiad joined #salt
10:46 ssteinerX joined #salt
10:49 TTimo joined #salt
10:51 wnkz joined #salt
10:53 wnkz Hi, I have two questions regarding salt-cloud with AWS ; 1/ Is there a feature to add entries with AWS new private domains with Route53 when provisioning ?
10:53 wnkz 2/ What's the "best practice" to change new instances hostname automatically on deploy ?
10:57 jonatas_oliveira joined #salt
11:01 jhauser joined #salt
11:04 fe92 joined #salt
11:04 fe92 joined #salt
11:17 agend joined #salt
11:18 wvds-nl joined #salt
11:19 Mso150 joined #salt
11:22 peters-tx joined #salt
11:25 simbabque joined #salt
11:25 simbabque hey there...
11:26 simbabque I'm a developer and have to use stuff that a now-gone sysadmin set up. I accidentally executed a salt command that involves a very long process but I don't know how to stop it. How can I abort that?
11:28 simbabque what I ran looked like this:
11:29 simbabque salt --subset=1 -C 'G@applications:foo and G@roles:application and G@vpc:production' state.sls foo.commands.application.export
11:29 simbabque that stuff will now merrily run for a few hours, exporting messages to a queue and I have no idea how to stop it -.-
11:29 viq simbabque: http://docs.saltstack.com/en/latest/ref/runners/all/salt.runners.jobs.html - from here you need first jobs.active
11:30 simbabque ok, that shows my job
11:30 viq and then something like http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.saltutil.html#salt.modules.saltutil.kill_job
11:30 viq or first http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.saltutil.html#salt.modules.saltutil.term_job
11:31 simbabque what does the '*' do in that CLI example?
11:31 viq all minions
11:32 viq the end of 'jobs.active' probably listed on what minion that job is running, you can replace '*' with that minion's ID
11:32 simbabque I see... looks like it did what it was supposed to
11:32 simbabque too late :P
11:32 viq ;)
11:32 toogitoogi joined #salt
11:32 simbabque loads of minions, but only one showed the green 'Signal 9 sent...' message
11:32 simbabque I guess it worked
11:32 spo0nman joined #salt
11:32 viq Check the jobs.active again
11:32 simbabque I did
11:32 simbabque it's gone
11:32 simbabque thank you very much :)
11:32 viq cool
11:32 viq :)
11:32 simbabque where can I buy you a beer?
11:33 viq Part of the social contract, I help people, people help me ;)
11:34 simbabque true
11:34 toogitoogi hi, im new using saltstack, i found https://github.com/UtahDave/salt-windows-installer and it seems like i can automatic update windows clients but i cant find any guide to use it/install it... can any one help?
11:34 simbabque viq++
11:35 viq :)
11:36 CeBe joined #salt
11:36 viq toogitoogi: that seems to be to _build_ installers
11:36 viq toogitoogi: have you seen http://docs.saltstack.com/en/latest/topics/installation/index.html ?
11:38 toogitoogi viq: im looking at it right now
11:39 toogitoogi i could notf find any buildin function for updating minions. its easy on linux via etc cmd.run but could not find anything else that the link i posted before
11:41 viq toogitoogi: that link seems to be for _building_ installers
11:42 Cidan joined #salt
11:42 toogitoogi yeah seems so :/
11:42 jonatas_oliveira joined #salt
11:42 viq It has nothing to do with _installing_ them. And sorry, can't tell you much more about managing windows, I've managed to avoid that so far ;)
11:43 bhosmer joined #salt
11:44 simbabque viq: if you want, you may also be able to reply to my question here: http://serverfault.com/questions/644890/how-do-i-check-output-of-salt-command-that-runs-in-background
11:45 viq simbabque: http://docs.saltstack.com/en/latest/ref/runners/all/salt.runners.jobs.html jobs.lookup_jid
11:45 viq well, most of the commands from there
11:47 ysiad joined #salt
11:48 toplessninja joined #salt
11:50 TTimo joined #salt
11:55 elfixit joined #salt
11:55 alexbst_ joined #salt
11:57 alexbst_ joined #salt
12:03 TyrfingMjolnir joined #salt
12:05 VSpike I'm confused. Is 2014.7 released or not?
12:05 alexbst joined #salt
12:05 viq VSpike: "depends" ;)
12:05 viq VSpike: yes, but not all packages are available yet
12:06 VSpike http://docs.saltstack.com/en/latest/topics/releases/2014.7.0.html made me think it was, except at the side it says "These docs are for Salt's development version: e43b373."
12:06 viq And they tend to announce release at that point, instead of facing questions of "Hey, release is out, where are my packages!?"
12:06 VSpike Along with the text below (same as in the topic here) "Latest Salt release: 2014.1.13"
12:06 viq Docs are a mess.
12:08 VSpike I got an email annoucing the release 4 days ago :)
12:10 tafa2 joined #salt
12:11 Shish_ Yeah, the code is released; but there is much more to the project than just the code
12:12 zerthimon joined #salt
12:13 VSpike Is there a download area anywhere on the sites? Or is that github, basically?
12:14 zerthimon Has anyone tried to build 2014.7 deb packages using provided debian directory ? Does it build ok
12:14 viq VSpike: http://docs.saltstack.com/en/latest/topics/installation/index.html  ?
12:15 ysiad joined #salt
12:15 slav0nic joined #salt
12:16 istram joined #salt
12:24 Shish zerthimon: I haven't, I'm assuming that they don't build (if they do build, then what's the delay in getting debian packages in the repos o_O?)
12:24 TyrfingMjolnir joined #salt
12:24 joehh zerthimon: if you are on a modern deb distro, I would not use that directory
12:24 joehh deb packages are available in the salt-testing ppa
12:25 joehh or in release-testing on debian.saltstack.com
12:25 diegows joined #salt
12:25 zerthimon joehh: thanks, I'll try them
12:26 joehh that dir is targetted at the "lowest common denominator" (rouhgly ubuntu lucid)
12:27 joehh if you wish to build your own packages, use the most recent debian source package for your distro (from one of the locations above)
12:27 joehh or from the relevant branch at http://anonscm.debian.org/cgit/pkg-salt/salt.git
12:32 TyrfingMjolnir joined #salt
12:34 JlRd joined #salt
12:35 zerthimon joehh: yep, will do
12:38 TyrfingMjolnir joined #salt
12:38 ssteinerX joined #salt
12:38 ssteinerX Can anyone tell me how to get rid of this: Unloading <module 'salt.loaded.int.module.oracle'...?
12:38 ssteinerX comes up a zillion times on salt-server startup
12:38 ssteinerX I don't have or want oracle anything ever
12:39 ssteinerX and I can't install the dependency just to get rid of the error 'cause it requires Oracle software to build
12:44 Hell_Fire joined #salt
12:50 VSpike What does the "+ds" in the package version signify?
12:53 aleszoulek joined #salt
12:54 saru11 joined #salt
12:56 aleszoulek left #salt
12:57 cleme1mp joined #salt
13:00 TTimo joined #salt
13:00 joehh the +ds in the version indicates that the original .tar.gz has been repacked for inclusion in debian
13:00 joehh In this case, a windows binary that is not buildable within debian has been removed
13:01 XenophonF left #salt
13:02 joehh VSpike: ^
13:04 zerthimon joined #salt
13:06 saru11 joined #salt
13:10 joehh http://anonscm.debian.org/cgit/pkg-salt/salt.git/tree/debian/repack#n58 contains the code which does this
13:15 fe92 joined #salt
13:16 CeBe joined #salt
13:16 brayn joined #salt
13:17 thawes joined #salt
13:20 CeBe1 joined #salt
13:22 che-arne joined #salt
13:23 ericof joined #salt
13:24 saru11 If I execute any execution or state module function with 'salt-call' command from a minion or with 'salt MINION' from the master the minion connects to the master's return port 4506, communicates with the master, executes the function and returns job status to master
13:24 saru11 the connection is closed then
13:24 intellix joined #salt
13:24 saru11 I have noticed one weird thing on one of my masters where there are approx. 350 minions registered
13:24 saru11 arounf 180 of them are active minions
13:25 saru11 when I check established connections on the master I can see around 400 of "active/stale" connections to the master's port 4506
13:26 saru11 does anybody know what might have happened that the 'return' connection to the master's port 4506 is still kept and not closed?
13:34 linjan joined #salt
13:39 fe92 joined #salt
13:42 rojelio joined #salt
13:42 rojelio hello
13:43 rojelio I have a question on the top.sls file and matching minions
13:43 Pierre-Nicolas joined #salt
13:43 rojelio can I use the output of a custom module to target a minion?
13:44 rojelio so I have 3 minions that will change "roles" ondemand and I want to know which is the best way to do so without much manual intervention
13:45 viq rojelio: you can target on grains, though grains are semi-permanent (refresh only every so often). you can target on pillars, but those are evaluated on master
13:47 rojelio ok thanks
13:47 viq And grains can be returned by a custom module
13:47 Ahlee an external pillar is something that runs python to determine the values, so if you can write an ext_pillar to determine the status of the servers, you can use that to target
13:48 viq I think you can actually have the list of states generated for you by external tool, I believe reclass is one of them, but I can't tell you more than that
13:50 tkharju joined #salt
13:50 vejdmn joined #salt
13:51 rojelio awesome thanks for the info
13:56 __gotcha joined #salt
13:56 ITChap joined #salt
13:58 jaimed joined #salt
13:59 tmh1999 joined #salt
14:00 abe_music joined #salt
14:00 pdayton joined #salt
14:01 miqui joined #salt
14:05 tpabf joined #salt
14:06 _Flusher joined #salt
14:10 VSpike joehh: ahh, thanks!
14:12 teebes joined #salt
14:13 racooper joined #salt
14:13 fe92 joined #salt
14:13 fe92 joined #salt
14:14 ITChap joined #salt
14:16 TTimo joined #salt
14:17 cpowell joined #salt
14:23 Damoun joined #salt
14:23 diegows joined #salt
14:25 perfectsine joined #salt
14:28 aqua^mac joined #salt
14:31 agrundy joined #salt
14:31 nitti joined #salt
14:31 luminous when using the py renderer, can you include other .sls?
14:33 perfectsine joined #salt
14:33 ndrei joined #salt
14:34 rap424 joined #salt
14:35 MTecknology I adopted a mess from someone and I accidentally used salt to propogate it to all of my servers. :(
14:36 MTecknology I need a hug. This is going to probably take most of my day to clean up.
14:36 pduersteler joined #salt
14:37 viq MTecknology: just load the savepoint from this morning ;)
14:38 jcockhren viq++
14:38 TTimo joined #salt
14:38 jcockhren lol
14:38 MTecknology lol
14:38 MTecknology viq: I'm just realizing my eff up from almost a year ago
14:39 viq oh?
14:40 viq Now that's a bit far to go with saves... You've already progressed quite a bit in the campaign, not to mention all the side quests since then that you'd have to go through again!
14:40 thawes joined #salt
14:41 che-arne joined #salt
14:41 MTecknology I've been using salt to manage an entire logcheck directory. I should have been managing select files only.
14:41 viq why?
14:42 MTecknology It didn't occur to me that other packages might stick files in there. file.recurse with -clean:true means those files go buh-bye
14:43 viq oh, right
14:43 Damoun joined #salt
14:44 pduersteler hi all. Struggling a bit with distributing public keys... can anyone give me a hint into the right direction? I'm not even sure if that's the way to go.. https://gist.github.com/pduersteler/61b2540cf16fe942c71a
14:45 lothiraldan joined #salt
14:45 viq pduersteler: you can't refer to files in pillars, you can put it in your file_roots though
14:46 viq pduersteler: ie: mv /srv/pillar/users/files/foo.pub /srv/salt/users/files/foo.pub
14:46 viq and with no other changes I would expect it to work
14:47 pduersteler viq: okay.. but then I could also write all the users directly into the salt state without using pillars..?
14:47 CeBe joined #salt
14:47 viq I guess, you could
14:47 pduersteler meaning: I thought pillars would be for storing static data.
14:47 pduersteler that's why I've put the things there in the first place ;)
14:47 viq pduersteler: data, yes, but in a form of variables, not whole files.
14:48 micah_chatt joined #salt
14:49 viq pduersteler: you could have in a variable path to a file to be found with your states, like I mentioned. Or you could have the key explicitly as a variable in your pillar.
14:49 viq pduersteler: or use trickery like http://garthwaite.org/virtually-secure-with-openvpn-pillars-and-salt.html
14:49 perfectsine joined #salt
14:50 pduersteler viq so I either put the files into the salt directory or e.g. make a /srv/pillar/pki folder for this and add that to file_roots. or put the whole key into the pillar. thanks :)
14:50 micah_chatt_ joined #salt
14:51 viq pduersteler: erm, I'd rather put them in /srv/salt/something than add pillar dir to file_roots
14:52 pduersteler viq: okay
14:54 funzo joined #salt
14:56 viq_ joined #salt
14:56 viq_ joined #salt
15:04 housl joined #salt
15:06 CeBe1 joined #salt
15:12 SheetiS joined #salt
15:13 ajolo joined #salt
15:13 spielberg joined #salt
15:16 alexr__ joined #salt
15:17 jonatas_oliveira joined #salt
15:18 obdi joined #salt
15:18 mohae joined #salt
15:25 kaptk2 joined #salt
15:25 MTecknology aptitude update; aptitude purge -y logcheck; rm -rf /etc/logcheck; aptitude -y install logcheck; while read package; do [[ "$package" == 'logcheck' ]] && continue; dpkg -L "$package" 2>/dev/null | if grep -q '/etc/logcheck/.*/'; then apt-get -d --reinstall install "$package"; dpkg --install --force-confmiss "/var/cache/apt/archives/$package"*; fi; done < <(dpkg-query -l | awk '{print $2}')
15:25 MTecknology viq: ^ i win :D
15:26 obdi How can I check to see if a background job has finished?
15:26 obdi As opposed to crashed with no output
15:27 obdi e.g. salt --async server state.highstate
15:27 nkuttler obdi: well.. you can run the minion in debug mode, increase the master's command timeout, etc
15:28 obdi I might run a bunch of jobs. Now I want to poll to check them.
15:28 obdi on many servers.
15:29 obdi salt-run jobs.print_job 20141118040536958504
15:29 obdi shows no result output while it's running but if it crashes (like if minion is restarted) I get no output and don't know if the job completed.
15:30 obdi any ideas?
15:31 obdi It means I can't return to the user - job running / job finished - reliably
15:31 thawes joined #salt
15:35 krak3n` joined #salt
15:37 thawes joined #salt
15:37 tafa2 joined #salt
15:40 thayne joined #salt
15:41 mpanetta joined #salt
15:41 perfectsine joined #salt
15:44 muckmuck joined #salt
15:44 kermit joined #salt
15:45 pdayton joined #salt
15:46 wendall911 joined #salt
15:47 zerthimon joined #salt
15:48 pr_wilson joined #salt
15:48 glyf joined #salt
15:51 jngd joined #salt
15:51 __gotcha joined #salt
15:52 viq obdi: maybe something like salt-eventsd ?
15:56 PNP joined #salt
15:56 slav0nic joined #salt
15:56 jalbretsen joined #salt
15:56 slav0nic joined #salt
15:56 PNP left #salt
15:57 RedundancyDisord joined #salt
16:01 glyf joined #salt
16:03 obdi Don't know it .. I'll take a look (I hope it's easy!)
16:07 obdi viq: Thanks. It looks like it would work. Seems a bit involved for what I'm trying to do. Do you know if it definitely fires when a job 'crashes' mid-way? So I'll always get success/failure for every job?
16:08 viq obdi: sorry, no idea. Another possible idea is using returners, eg like done here https://alex-leonhardt.github.io/a-dash-of-salt/
16:10 tafa2 can anyone advise on how best to secure sysctl.conf and fstab? I've got this so far: http://pastebin.com/E6ESQNdh
16:12 zions joined #salt
16:12 zions Hi there
16:12 zions I'm using salt cloud to provision minions on AWS EC2.
16:12 muckmuck Morning salt shackers (sorry had to do it) I need to execute a powershell script on one minion from another but the peer security config allowing a broad cmd.run on a web server scares me. Is there a more secure way of doing it? I'm trying to be able to use the mysql returner from the web server also.
16:12 pduersteler joined #salt
16:12 zions I'm trying to specify custom grains using the profile settings, but they don't get there.
16:12 obdi Thanks for the ideas, but I'm gonna guess they won't fire when a job finishes unexpectedly. I just need a 'Job completed' flag.
16:14 conan_the_destro joined #salt
16:14 obdi Anyone know if it would be 'easy' to add, 'job finished' field to Salt code?
16:14 viq obdi: you could fire an event when it is complete
16:15 obdi viq: But what if it doesn't complete .. I've had this a few times now and the job will always show as running.
16:16 murrdoc joined #salt
16:16 viq obdi: I don't know enough to give you any advice
16:17 obdi viq: It was some ideas I wanted - and I'm very grateful! I'll still take a look at events.
16:17 hasues joined #salt
16:18 viq obdi: authors of both those links hang out here sometimes, but neither of them seems to be here at this moment
16:20 viq I heard some mentions of salt getting some real job management features, but I don't believe that happened yet. So I guess if you really really care about your jobs, something like celery might be a better idea.... Or I may simply not know enough how to work with salt.
16:24 obdi It's not that I'm Job Crazy, and must know what's happened to each and every one; I'm writing a GUI for work (https://github.com/mclarkson/obdi) and on initial set up is where problems are most likey to occur. The GUI users will be left scratching their heads wondering if the job has completed or not, then not knowing what to do.
16:24 MTecknology I have some servers that don't have domain set. salt-call grains.items shows this: http://dpaste.com/38EYKY0  How can I figure out why salt isn't finding the domain?
16:25 bhosmer joined #salt
16:25 viq MTecknology: read the grains modules?
16:25 lothiraldan joined #salt
16:25 MTecknology :(
16:26 viq obdi: oh, cool. Sadly, I don't have the answers for you
16:26 iggy for the most part it's generic python code (which in turn calls the lower level libc/kernel syscalls)
16:26 MTecknology 'hostname' and 'hostname -f' give me what I expect. This should be fun to figure out. It's been fine for months and since highstate this morning, it's wrong.
16:26 ericof joined #salt
16:27 viq MTecknology: https://github.com/saltstack/salt/blob/2014.1/salt/grains/core.py#L1020
16:27 viq MTecknology: except salt seems to want to talk to DNS for that over the 'hostname' command
16:28 viq Or something like that.
16:29 MTecknology socket.getfqdn() is returning only the hostname :S
16:30 viq there ya go
16:31 viq /etc/hosts ?
16:32 MTecknology ....
16:32 MTecknology oh
16:34 conan_the_destro joined #salt
16:38 thedodd joined #salt
16:38 murrdoc MTecknology:  how do you isntall your mininos
16:38 murrdoc minions*
16:39 MTecknology salt-minion?
16:39 murrdoc yeah
16:39 cleme1mp joined #salt
16:40 MTecknology I have a debian template with salt already installed from the package manager. I keep it up to date with the package manager as well. I currently have 2014.7.0 on our apt repo
16:41 murrdoc the way i handled the hostname grain issue, to set it up correctly in the minion file
16:41 murrdoc when installing the minion
16:41 murrdoc grains:
16:41 murrdoc hostname: {{ id }}.domain
16:42 murrdoc basically the base install puts a blank file , and then using something similar to https://github.com/saltstack-formulas/salt-formula to fix the minion file and setup grains as needed
16:45 MTecknology hm..
16:46 MTecknology I manually set id: <fqdn>
16:46 murrdoc by hand?
16:46 murrdoc :P
16:46 murrdoc i keed
16:47 murrdoc you can do the same for the hostname/nodename grain
16:47 murrdoc in the minion conf, grains: <key>:value
16:47 MTecknology yup, my deploy script gets rid of /etc/salt/pki/ and the ssh keys, sets id in the config file, and reboots (and a few other things
16:48 murrdoc right so that can setup the grain you want
16:48 murrdoc - opt 1 drop a file in /etc/salt/grains
16:49 murrdoc - opt 2 set it in /etc/salt/minion
16:49 MTecknology lemme show my deploy script
16:49 murrdoc - opt 3 write a python function for it and put it in /srv/salt/_grains
16:49 tligda joined #salt
16:49 MTecknology may as well do system updates on my template as well..
16:52 MTecknology It's not pretty or fancy, but this is my deploy script  http://dpaste.com/2MTMB6J
16:53 tmh1999 joined #salt
16:53 murrdoc whats the grain you are getting back that you dont like ?
16:53 murrdoc hostname "$hostname"
16:53 murrdoc might need to be hostname -F "$hostname"
16:54 murrdoc or hostname -F /etc/hostname
16:54 SheetiS I do this on a salt-cloud provision so that grains['fqdn'] gets set to the hostname I specify in salt-cloud.
16:54 SheetiS https://bpaste.net/show/b039e5c3f320
16:54 murrdoc sed -i "s/TEMPLATE/$hostname.$domain/" /etc/salt/minion.d/fqdn.conf
16:54 murrdoc that fix that
16:54 murrdoc +1 SheetiS , thats clean
16:54 SheetiS hmm the endif at the bottom of what I pasted is from a conditional wrapping other parts of the setup
16:54 MTecknology the grains that were wrong: fqdn was the hostname (not the fqdn) and domain was empty
16:55 MTecknology it's because socket.getfqdn() returned only the hostname
16:55 StDiluted joined #salt
16:55 SheetiS you can fix that by having the /etc/hosts item have <ip> <fqdn> <hostname>
16:55 SheetiS it has to be in that order becuase getfqdn will take the first match
16:56 MTecknology yup, the issue is that I used to have a bug in my deploy script
16:56 MTecknology http://dpaste.com/2MTMB6J <-- line 30 didn't have the trailing 's'
16:58 MTecknology SheetiS: fancy script
16:58 MTecknology er.. sls
16:59 ProT-0-TypE joined #salt
17:00 SheetiS I just got tired of using salt-cloud to launch aws instance and getting hostname ip-10-1-1-25 as my hostname.  I wanted when I ran "salt-cloud -p <whatever> salt-minion.fqdn" that salt-minion.fqdn was my hostname everywhere.
17:01 SheetiS I think I want to eventually get where each host is actually part of a big state file run from the master's minion, but I've not gotten there yet.
17:02 jimklo joined #salt
17:02 MTecknology you just made my brain hurt
17:03 murrdoc hes just getting warm
17:03 SheetiS heh
17:03 jonatas_oliveira joined #salt
17:05 MTecknology why do you want all minions to be controlled from one minion?
17:05 SheetiS Well that's not really what I mean.
17:06 SheetiS So, with salt-cloud you can spin-up and spin down instances in your cloud provider of choice.
17:06 SheetiS That part is obvious
17:06 SheetiS but what I want to do
17:06 SheetiS is use this http://docs.saltstack.com/en/latest/ref/states/all/salt.states.cloud.html to define every VM as a state
17:06 SheetiS that has to run from a minion though as it is a state
17:06 SheetiS so I say run from teh master's minion.
17:08 MTecknology oooh
17:08 MTecknology that makes more sense now
17:08 MTecknology I've never touched salt-cloud
17:09 SheetiS The idea would be if a minion goes tango-uniform for whatever reason, just destroy it and it will come back to life on the next highstate exactly as it was before it died.
17:12 MTecknology I have this currently - http://dpaste.com/2EX6HMF - how can I alter that to target a grain?
17:12 KyleG joined #salt
17:12 KyleG joined #salt
17:14 linjan joined #salt
17:14 eriko joined #salt
17:16 aparsons joined #salt
17:16 perfectsine joined #salt
17:16 SheetiS MTecknology: - tgt: <grain>\n - epr_form: grain
17:17 SheetiS I think
17:17 zlhgo joined #salt
17:17 troyready joined #salt
17:17 tomtomtomtom joined #salt
17:17 SheetiS search http://docs.saltstack.com/en/latest/topics/reactor/ for expr_form
17:18 MTecknology ah; fancy
17:20 MTecknology - tgt: "G@id:{{ data['data']['host'] }}* G@environment:{{ data['data']['env'] }}"   - expr_form: compound
17:20 perfectsine_ joined #salt
17:20 MTecknology that look about right?
17:22 rypeck joined #salt
17:22 smcquay joined #salt
17:22 thayne joined #salt
17:23 slav0nic joined #salt
17:24 SheetiS MTecknology: as long as 'host' and 'env' are getting passed in data, that seems ok.
17:24 MTecknology it's not right...
17:24 SheetiS oh
17:24 SheetiS you need an 'and' between them
17:24 MTecknology there's the magic
17:24 SheetiS G@id:<foo> and G@environment:<bar>
17:24 SheetiS I missed that at first
17:24 * MTecknology hugs SheetiS
17:25 igorwidl for a file state, is there a way to specify "source" to be location on the minion?
17:26 Ryan_Lane joined #salt
17:27 SheetiS I typically like to sanity check my data dictionary before i try and do something with it as well.  {% if 'data' in data and 'host' in data['data'] %} for your dictionary layout above.
17:27 SheetiS just in case something you don't want makes it in to the reaction you are running
17:27 SheetiS igorwidl: not that I know of.
17:28 Ryan_Lane joined #salt
17:29 igorwidl alright, thanks
17:30 igorwidl i am trying to combine two files that only exist on the minion..
17:30 desposo joined #salt
17:31 badon joined #salt
17:35 iggy it would also be nice for things like archive.extracted (which uses the same paths as file.managed)
17:36 robert_l joined #salt
17:37 mapu joined #salt
17:41 mdasilva joined #salt
17:49 esharpmajor joined #salt
17:51 thedodd joined #salt
17:59 eriko_ joined #salt
18:00 forrest joined #salt
18:00 forrest joined #salt
18:10 XenophonF joined #salt
18:10 aparsons joined #salt
18:11 KyleG1 joined #salt
18:12 felskrone joined #salt
18:17 diegows joined #salt
18:19 karimb joined #salt
18:26 shaggy_surfer joined #salt
18:26 druonysus joined #salt
18:26 druonysus joined #salt
18:32 thawes_ joined #salt
18:32 lowkeyliesmith joined #salt
18:36 rap424 joined #salt
18:37 notpeter_ joined #salt
18:39 Gareth morning morning
18:39 Ryan_Lane joined #salt
18:39 aparsons joined #salt
18:40 cpowell joined #salt
18:42 skyler Does anyone have a bind formula that lets you specify specific entries in the pillar? If I am understanding it correctly, it doesn't look like you can set specific entries with the official bind formula.
18:43 Corey I have a question about MySQL pillars. Is that something better suited for the mailing list?
18:44 notpeter_ joined #salt
18:45 thawes joined #salt
18:45 MTecknology My mysql pillar is incredibly simple.
18:45 MTecknology LOL!!!
18:45 jcockhren MTecknology: do you still have that blog?
18:45 MTecknology yup, but rarely updated
18:46 jcockhren repost the url plz. lost b/t the bookmarks of my devices
18:46 jcockhren ;)
18:47 MTecknology As I was typing that, I got a reminder that I have a meeting in 15 min about migrating from a single mysql server to a mariadb-galera cluster of five servers sitting behind a load balancer. I'll be ripping control from someone's hands that likes to think they're top dawg.
18:47 MTecknology No more of them wrecking crap and me watching them and fixing their crap
18:47 MTecknology jcockhren: lustfield.net
18:48 MTecknology Corey: I can share states/pillars later - gotta head over for that meeting now.
18:49 mdasilva joined #salt
18:49 otter768 joined #salt
18:50 CeBe joined #salt
18:54 eriko joined #salt
18:55 bhosmer joined #salt
18:59 pr_wilson joined #salt
19:01 cpowell joined #salt
19:02 aparsons_ joined #salt
19:03 KyleG joined #salt
19:03 KyleG joined #salt
19:05 mdasilva_ joined #salt
19:06 jalaziz joined #salt
19:08 jngd Hi all, I am playing with salt in ubuntu 64 bits VM. I have specified one tree with top.sls and webserver.sls  and make salt-minion with file_client: local. I am getting the following error when I make salt-call --local state.highstate:
19:08 jngd local:
19:09 jngd Data failed to compile:
19:09 jngd ----------
19:09 jngd Malformed topfile (state declarations not formed as a list)
19:09 jngd ----------
19:09 jngd No matching sls found for '-webserver' in env 'base'
19:09 jngd any idea?
19:09 jngd I'm newbie
19:09 jngd I am editing sls with vim and maybe have a problem with doc format
19:09 b1nar1 joined #salt
19:10 jngd top.sls is: base:
19:10 jngd '*':
19:10 jngd -webserver
19:10 mpanetta jngd: you need a space between the - and the name
19:10 hal58th You need a space after the dash.
19:10 jngd oh
19:11 jngd mpanetta, hal58th thanks!
19:11 mpanetta jngd: You may want to look up a yaml howto.  It will help with things like that
19:12 Mso150 joined #salt
19:12 jngd mpanetta, I'm going to take a look
19:15 thedodd joined #salt
19:19 skyler jngd: It is good practice to use a pastebin service rather than pasting raw data into the irc channel.
19:20 jbr joined #salt
19:22 ekristen joined #salt
19:22 jbr Hi folks. I'm learning about salt to help manage a small-but-growing set of servers. Currently I have 2 servers, QA and Dev web servers that are practically identical plus a third build server (Jenkins). I want to be able to create/sync users and their public SSH keys from a central config. Does this sound like the right use of Salt (if overkill..)
19:23 murrdoc yup
19:23 quantumriff joined #salt
19:24 jbr Second part: configurations will change based on user development, mainly /etc/httpd/httpd.conf. Is there a way to use salt to track those changes and version it. The original plan was etckeeper though I wonder if they could be integrated. Ideally, we would replicate inbound changes from Dev and push them back out to QA once ready..
19:25 aparsons joined #salt
19:25 __gotcha joined #salt
19:25 jbr Are there built-in modules for modifying the authorized_keys file or is that just a file.managed node, with the actual keys stored elsewhere (Pillar?) ?
19:26 jbr And third part: would it make sense to use one of those machines as a master instead of spinning up a dedicated one? Do weird things happen when acting as master *and* minion?
19:27 cholcombe973 the saltstack on pypi seems to be really out of date
19:28 cholcombe973 2014.1.13
19:29 hal58th That's the current hotfix version. 2014.7.0 is being packaged up right now.
19:29 cholcombe973 hal58th: so 2014.7.0 is considered stable now?
19:29 hal58th The second digit is the month when they do code freeze but can take a while to get release. The last digit is a sub release that is usually for bug fixes
19:30 cholcombe973 ok
19:30 cholcombe973 i'm going to clone the git repo and build it myself i think
19:30 cholcombe973 i'm on arch
19:30 hal58th Yes it's getting out there right now into the world.
19:30 cholcombe973 oh so maybe i should wait?
19:30 cholcombe973 hal58th: do you have a link for a binary i can download?
19:31 hal58th cholcombe973: Do you really need the latest release or you just doing some testing? http://docs.saltstack.com/en/latest/topics/releases/releasecandidate.html
19:32 cholcombe973 hal58th: i'm doing some development and i need the cherrypy rest api
19:32 aparsons joined #salt
19:34 mdasilva joined #salt
19:34 cholcombe973 hal58th: thanks, i've got rc7 installed now :)
19:34 hal58th Nice, good luck on your dev work :)
19:35 cholcombe973 thanks :)
19:36 molles joined #salt
19:37 hal58th jbr: Let's see what I can answer. There is no odd things when you have a master and minion on the same box. In fact I recommend it so you can manage the master.
19:37 Hipikat joined #salt
19:38 jngd skyler, ok I know for the next time, thanks for advice
19:38 delinquentme joined #salt
19:40 hal58th jbr: here is an example of using managing a user with a private keys. https://np.adm.sx/view/6db06f66
19:40 cholcombe973 salt: how can i debug why the salt cherrypy api server isn't starting?  I put the master in debug but it doesn't seem to be giving any info
19:42 whiteinge cholcombe973: salt-api has it's own daemon
19:43 cholcombe973 whiteing: oh.. haha that might be why it's not working :D
19:43 cholcombe973 now it's working !
19:43 jbr hal58th: Cool. I'm thinking I'd like to string together authorized_keys to have pub keys of multiple people: 1-2 admin entries, plus the specific user. Individual entries could be files, not sure how I'd glue them together but that's not a problem for now.
19:43 whiteinge :-)
19:44 cholcombe973 sweet, now we're rolling
19:44 cholcombe973 this salt api webhook is really cool.  it's a great engine to build stuff on top of
19:44 hal58th jbr: You can use file.blockreplace to add blocks of data into a file. Google that up
19:44 mpanetta Hmm, another toy I will have to play with...
19:44 cholcombe973 it makes quite a bit more dynamic
19:45 jbr Tracking modified configurations on a minion sounds like the least appropriate use of salt.. Curious to know how that could work, if at all.
19:46 skyler Does anyone know why salt doesn't use semver?
19:46 hal58th jbr: I am not sure what your use case is…
19:48 jbr hal58th: Trying to keep Dev and QA servers synced. So, salt is used to push configurations to set the same environment, but some of the dev work IS configuration work..
19:48 jbr So I want to track those changes from Dev and replicate them to QA
19:49 jbr Perhaps some sort of combo of etckeeper and salt would make the best sense..
19:50 Diaoul joined #salt
19:51 dustinrc joined #salt
19:52 hal58th Maybe a git fileserver backend. You just push the file to the git server. http://docs.saltstack.com/en/latest/topics/tutorials/gitfs.html
19:54 cheus joined #salt
20:04 hal58th jbr: Although that might not work because you probably want to template your httpd.conf unless they are literally the same for each hosts.
20:04 timoguin jbr: Ideally you manage all that config through templates and don't live-modify things on the dev server.
20:05 jbr Hah, ideally... :) It's a dev server. You should see how many "backup" config files are in there now.. httpd.conf.works httpd.conf.20141010 httpd.conf.withvirtualhost, etc.. :)
20:05 hal58th They really should use RCS or something then.
20:06 jbr I'm thinking httpd.conf is strictly enforced and there are included configs that they're allowed to touch.
20:06 jbr the subset that limits the stupid choices they can make.
20:06 timoguin jbr: salt could manage etckeeper if it needed to. work case, as a backup
20:06 jbr right, that's the reason I'm asking. etckeeper seems like a good starting point.
20:06 timoguin *worse case
20:07 jbr Right. Thinking of putting it on a frequent cron like hourly.. And then teaching them how to use it, too!
20:07 cholcombe973 besides using pyyaml is there any other way at runtime to add items to my pillar sls file?
20:08 jbr Actually, I should just train them in etckeeper and then they can deploy it to QA when they deem it ready.
20:08 jbr Thanks guys - looking forward to digging into it.
20:08 timoguin cholcombe973: at run-time? you mean when you run a salt command?
20:08 jbr I already have bigger uses for it, but this is a good test case.
20:09 cholcombe973 timoguin: yeah
20:09 cholcombe973 timoguin: i'd like to grow a list I have in pillar when a reactor is called
20:10 cholcombe973 i know there's the salt.highstate pillar=xx command but that won't save the data to pillar
20:10 timoguin ah yea.
20:10 timoguin you may just want to look into external pillars
20:10 timoguin modifying the SLS files directly is going to be really hacky
20:10 cholcombe973 external pillars?
20:11 timoguin yea, external pillars are functions that return the pillar data as json/yaml
20:11 cholcombe973 oh cool
20:11 cholcombe973 that'll work
20:11 timoguin so you could, for example, have all your config in a database
20:11 cholcombe973 right
20:11 timoguin and just add records with the reactor
20:11 cholcombe973 that's even easier :D
20:11 aurynn I'm using external pillarws
20:11 aurynn *pillars
20:11 cholcombe973 aurynn: works good?
20:11 aurynn cholcombe973: yup
20:11 aurynn fairly straightforward to set up
20:11 cholcombe973 sweet, god salt is so freaking amazing
20:11 aurynn salt is pretty good, yea :)
20:11 cholcombe973 over the last 2 years it's gotten SO much better
20:15 hal58th I just love doing stuff like this which makes salt so cool: salt 'dev-*' cmd.run "ls /etc/somefolder"
20:17 giantlock joined #salt
20:17 Pixionus We save the config version number and change log of a vanilla base image with specific configs that change from one config to another on servers so we use a similar command to audit the servers if needed hal58th
20:17 Pixionus salt -v -t 60 '*' cmd.run 'grep "Current Version" /root/Version_Readme.txt'
20:18 Pixionus used ls originally, but at some point someone changed the version number so it was in the file, not the files name
20:19 Pixionus the output is beautifully legible and clean.
20:19 nitti joined #salt
20:20 jbr Anyone do a halite demo video yet?
20:20 hal58th Yeap, pretty damn cool stuff
20:23 jimklo joined #salt
20:23 micah_chatt_ joined #salt
20:24 shaggy_surfer How can I fire off a salt command that i would normally run on the local salt master command line as a jenkins job?  I want to use jenkins on a remote host to deploy and orchestrate w/ salt.  I have the o
20:24 possibilities joined #salt
20:24 iggy salt-api is one way
20:25 shaggy_surfer orchestration setup and can ran a local command like so:  "sudo salt -v nodename state.sls appserver.deploy.deploy_code env", how to have jenkins do this?
20:25 shaggy_surfer hi iggy, is salt-api running by default?
20:25 iggy nope
20:26 shaggy_surfer oh
20:26 shaggy_surfer I have used fabric to execute remote ssh commands before, but I don't want to add an additional tool
20:26 shaggy_surfer I wanted to move away from fabric to salt to allow for parallel execution
20:27 shaggy_surfer is salt-api difficult to setup?
20:29 kernelsndrs joined #salt
20:29 kernelsndrs joined #salt
20:30 iggy it wasn't for me
20:30 iggy just make sure you get all the proper prereq's installed first
20:31 shaggy_surfer I see there is a jenkins plugin for salt:  https://wiki.jenkins-ci.org/display/JENKINS/saltstack-plugin
20:31 shaggy_surfer but this does require the salt-api to be setup first.
20:32 iggy no clue
20:32 iggy I did mention salt-api is _one_ way to do it
20:33 iggy I don't know how that plugin works
20:33 shaggy_surfer ok… thank you iggy for your reply.
20:33 iggy it looks like it does
20:33 hal58th joined #salt
20:33 iggy the basic usage section mentions salt api
20:34 jerematic joined #salt
20:34 MTecknology Corey: I lied... I now have another fire to put out. The hard drives in our google mini appliance died and I need to get this box back up and running...
20:34 MTecknology yay
20:35 ingwaem joined #salt
20:35 shaggy_surfer I guess it would have been easier if I setup my salt-master and jenkins to run on the same box.  Right now they are on 2 different boxes.  And I am using an nfs export from jenkins so that salt can talk to the code builds and do orchestration.
20:38 ingwaem shaggy_surfer: I find it's always best to design with seperation in mind otherwise it would difficult if all your code was combined then you needed to move things around. I personally try use an SOA architechture for everything if I can help it...sure means an extra layer but easier to target just that layer if swapping or updating
20:39 possibilities joined #salt
20:39 cholcombe973 aurynn: which ext pillar are you using?
20:40 shaggy_surfer I agree ingwaem, I like to keep my servers with different roles segmented.
20:41 aurynn cholcombe973: I wrote one
20:41 Fbraad joined #salt
20:41 cholcombe973 oh ok
20:41 cholcombe973 aurynn: yeah i was thinking of doing something similar with like sqlite or something
20:43 RedundancyD joined #salt
20:43 kballou joined #salt
20:43 ingwaem shaggy_surfer:  :) it's the best :) then you can scale just that layer if you need more support or where your load is heaviest :) salt then makes the communication and implimentation of everything so simple and reliable :D
20:44 Fbraad joined #salt
20:44 unpaidbi1l anyone know why epel is at 2014.7.0? that's not the recommend version i assume given 2014.1.13 is latest stable
20:44 unpaidbi1l seems gun jumpy
20:45 Ryan_Lane unpaidbi1l: 2014.7.0 is the new current stable, I'd imagine
20:45 Ryan_Lane it's past RC, so it's deemed stable
20:45 unpaidbi1l ah, i didnt see it here http://docs.saltstack.com/en/latest/topics/releases/ or in topic so i was confused i guess
20:45 ingwaem latest release: v2014.7.0
20:46 ingwaem https://github.com/saltstack/salt/releases
20:46 Ryan_Lane of course, it wasn't announced anywhere yet
20:46 unpaidbi1l look at all those urls! cool thanks
20:46 timoguin IRC topic hasn't been updated, so 2014.7 doesn't exist as far as I'm concerned.
20:46 timoguin Doesn't exist!
20:47 hal58th Package managers haven't gotten it all the way out there yet.
20:47 ingwaem haha timoguin I always go by what github says...that thing is updated faster than you can say code :)
20:48 smcquay joined #salt
20:49 jerematic Does anyone have any advice on reporting?  I'm looking to get a daily report of changes per node and haven't found a way to do that within Salt yet.
20:50 jerematic My current plan is to write a wrapper which does a highstate run in test mode per node, then parse the output for changes.
20:51 Ryan_Lane can someone explain to me how the queue stuff is supposed to work in 2014.7?
20:51 Ryan_Lane I like the general concept, if it allows me to queue actions in SQS and run them from a schedule on multiple masters
20:52 sjaredj joined #salt
20:52 XenophonF left #salt
20:52 Ryan_Lane since that would let me have HA for masters
20:55 jesusaurus joined #salt
20:55 ingwaem Ryan_Lane: I can't help you there bud, I'm only looking into the RAET stuff now myself :) will take a few days to absorb it all I think, it's a considerable change but sounds super awesome
20:56 Ryan_Lane basepi: any idea about queues?
20:56 Ryan_Lane if it fits my use case I may even consider implementing the SQS stuff :)
20:56 jcockhren Go Ryan_Lane Go!
20:56 * jcockhren cheers
20:57 Ryan_Lane what I'd really like to do is be able to enqueue actions, have one of many masters pick it up, run the queue item, and have it return the data via a returner
20:58 Ryan_Lane then it wouldn't matter how I do multi-master, because all actions would just be queued in SQS and run from any master
20:58 CeBe1 joined #salt
20:58 dooshtuRabbit joined #salt
20:58 basepi Ryan_Lane: Are you talking about the queue argument to state functions?
20:58 Ryan_Lane and return data wouldn't need to hit the master anyway
20:58 basepi state.sls queue=True ?
20:59 Ryan_Lane basepi: http://docs.saltstack.com/en/latest/ref/runners/all/salt.runners.queue.html#module-salt.runners.queue
20:59 basepi That is something I am completely unfamiliar with
20:59 basepi I didn't even know that existed. =P
20:59 Ryan_Lane damn :(
20:59 Ryan_Lane :D
20:59 basepi Sorry =P
20:59 basepi Looks potentially cool, though!
20:59 Ryan_Lane hell, I could have a web-hook that populates the queue, too
21:00 basepi Looks like UtahDave wrote it
21:00 basepi He's training today, but if you catch him online I'd ping him
21:00 ingwaem Ryan_Lane: when you mentioned SQS I had seen this: http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.aws_sqs.html#module-salt.modules.aws_sqs, thanks for the other link
21:00 Ryan_Lane cool
21:00 Ryan_Lane ingwaem: bleh, aws modules
21:01 ninegordon joined #salt
21:01 heaumer joined #salt
21:01 Ryan_Lane ingwaem: http://docs.saltstack.com/en/latest/ref/states/all/salt.states.boto_sqs.html http://salt.readthedocs.org/en/latest/ref/modules/all/salt.modules.boto_sqs.html
21:01 jimklo joined #salt
21:02 Ryan_Lane I guess the boto modules need to have the ability to add/receive/delete messages
21:02 Ryan_Lane I haven't needed that yet, so I haven't added it. obviously a queue backend for sqs would need that, so I'd likely add it then
21:04 Ryan_Lane ingwaem: if you happen to need messaging, you should consider contributing to the boto_sqs module/state :)
21:04 ingwaem Ryan_Lane: up to this point I've been using a combination of salt, php and mysql...the db stores data on my machines, I then use salt to execute, but I have my own queue system in php and redis that I use for my own execution scenarios...I'm not using salt marely for config management but a host of other stuff...the queues I use then use cron jobs to fire off the salt commands
21:04 MugginsM joined #salt
21:04 ingwaem Ryan_Lane: hmm, I'll check it out thanks :)
21:04 Ryan_Lane nice
21:04 Ryan_Lane we're using salt for more than config management too
21:04 cholcombe973 aurynn: i setup an etcd external pillar.  when i do pillar.items on the cmd line should it spit out all the keys in etcd?
21:04 Ryan_Lane also deployment and service discovery
21:05 Ryan_Lane and orchestration
21:05 aurynn cholcombe973: you have to sync first, iirc. And yeah, try it and see
21:05 cholcombe973 ok i forgot to do that
21:05 ingwaem Ryan_Lane: I find salt is perfect to touch other systems and get them "to do things" without having to setup my own agents on those machines...it's my swiss army knife of os wrapping and communication
21:05 Ryan_Lane heh
21:05 MugginsM easier than fabric
21:06 * Ryan_Lane runs masterless
21:06 ingwaem and the beauty of it all, it returns me json data for everything so I don't then have to parse how many tabs are in the data, and restructure...it's there :) haha
21:06 hal58th Will salt-ssh ever support sudo access with a password and not setting up the user for "nopasswd"
21:07 iggy how would you expect that to work? embed expect in salt or something?
21:07 sjaredj using bootstrap-salt.sh on centos 5, version 2.x of zeromq gets installed which is known to have issues with connectivity.  If I try and upgrage zeromq using the repo on http://zeromq.org/distro:centos I get an error….Error: Missing Dependency: libzmq.so.1()(64bit) is needed by package python26-zmq-14.3.1-1.el5.x86_64 (installed).  Anyone using centos 5 that has a better way of installing/upgrading.  Unfortunately I have a lab with about 30 centos 5.x ser
21:07 Ryan_Lane there's a python-expect module
21:07 Ryan_Lane it's terrible :)
21:07 garphy`aw joined #salt
21:08 druonysuse joined #salt
21:08 druonysuse joined #salt
21:08 evelo joined #salt
21:08 notnotpeter Hi folks, anyone know what the status of {{ slspath }} is?  Did that make it into 2014.7?
21:08 ingwaem hal58th: I believe it does...http://docs.saltstack.com/en/latest/topics/ssh/
21:08 cholcombe973 aurynn: this is full of win! I just got it working
21:08 aurynn cholcombe973, it's pretty awesome :)
21:08 hal58th Well, I am no developer, but yes pexpect. I wasn't aware it was so terrible. How does Ansible get around that?
21:08 ingwaem section titled SALT SSH ROSTER states sudo: True         # Whether to sudo to root, not enabled by default
21:08 cholcombe973 :)
21:09 hal58th ingwaem: When you sudo, you need the user set up to "nopasswd" so you don't get prompted for a password.
21:10 ingwaem hal58th: bah just saw that: "sudo works only if NOPASSWD is set for user in /etc/sudoers: fred ALL=(ALL) NOPASSWD: ALL"
21:10 Mso150 joined #salt
21:10 tmmt joined #salt
21:11 hal58th yeah, it's something you expect to work without nopasswd at first glance. My dev guy suggested we use Ansible to setup a user with no passwd and then do the rest with salt-ssh
21:13 jonatas_oliveira joined #salt
21:13 ingwaem hal58th: why not setup your ami, or template with salt preconfigured, then all you need to do is setup a renaming routine so that the machine is listed correctly...as part of my million and one things to do, i've been working on the vsphere integration, however couple of weeks ago hit this same problem with ssh, and the suggestion (which I have yet to try) is the the preconfig...salt can then spin this up, or clone it, and then it's
21:13 ingwaem boom right in the system
21:14 vectra joined #salt
21:14 ingwaem The best thing about salt is you're not stuck in a single box of how to do something...many ways to skin a cat as the saying goes
21:15 hal58th ingwarm: Unfortunately I am using an ISP's system that has a bare install on it. It's unique, I know. But I don't have the option to use AWS or preconfigure the system.
21:17 ingwaem hal58th: since it's something that a lot of people are hitting, might I suggest waiting out a few more weeks...I feel there's a solution just around the corner...here's an issue on gh for reference: https://github.com/saltstack/salt/issues/17241 (my issue, #17061 is linked within first post)
21:18 ingwaem I feel that the ssh, plus the modules used for all the cloud stuff are related...each machine spins up differently but at the end of the day the same...just different sources
21:18 TheThing joined #salt
21:19 ingwaem but UtahDave is pretty much up to speed on the cloud stuff, just have to catch him when he's around :)
21:19 hal58th Hmmm maybe. I think they need to implement the pexpect to fix my problem. I don't use cloud or preconfigured machines at all. Someone just gives me the creds and IP to an installed box.
21:20 ingwaem or for best coverage open an issue, and then it gets global visibility (salty guys are all over)
21:22 ingwaem hal58th: it's kind of the same process if you spin up a new raw ami or template/image
21:22 ingwaem but I get what you mean :)
21:22 hal58th Yes a raw ami
21:25 aquinas joined #salt
21:25 aquinas_ joined #salt
21:26 igorwidl So i have a pillar called 'role'… I'd like to use it to match hosts in my pillar/top.sls
21:27 igorwidl pillar matching inside the pillar files does not seem to work
21:27 iggy igorwidl: grain matching works perfectly fine in pillar top files
21:27 paha joined #salt
21:28 iggy oh... pillar called role
21:28 iggy yeah, you can't do that
21:28 iggy why would you have a pillar called role
21:28 igorwidl for example jenkins server will have role: jenkins-server
21:28 thayne joined #salt
21:29 igorwidl in salt/top.sls i can match agains role:jenkins-server and assign states
21:29 hal58th igorwidl: top.sls doesn't natively support that, but you can do it with jinja. let me pastebin it up
21:30 iggy igorwidl: the more normal way to do that is to have a role(s) grain that you match on
21:30 igorwidl iggy: i thought about that. The reason i decided against is because its more secure to do it through pillar
21:31 whatapain what's insecure about role grains?
21:31 iggy and I thought I had trust issues
21:31 aurynn role grains are a bit of a pita if you're using salt-ssh
21:31 bhosmer joined #salt
21:31 aurynn which reminds me that I need to update docs
21:31 iggy everything is a bit of a pita if you are using salt-ssh
21:31 Ryan_Lane if you protect pillars using grains, you haven't actually protected your pillars
21:31 whatapain hehe
21:31 aurynn iggy, point
21:31 Ryan_Lane since any minion can change its grains
21:32 Ryan_Lane that's one of the biggest issues with role grains
21:32 _prime_ igorwidl: here is how I match roles to states in my topfile: dev:   'I@environment:dev':     - match: compound     - common {%- for role in salt['pillar.get']('roles', []) %}     - {{ role }} {%- endfor %}
21:32 _prime_ sigh, so much for formatting
21:32 SheetiS _prime_: bpaste.net or equivalent works great for that.
21:32 whatapain ahh, so the idea is that if you know a role grain that has some specific high value peice of data you change the grain on that box and you'll get the other role.  i guess that makes sense but we very tightly control access to nodes.
21:32 _prime_ the trick we use is a for loop, and state names that match roles
21:32 hal58th http://pastebin.com/qtZpwV8h
21:33 hal58th igorwidl: That is for you
21:33 b1nar1 joined #salt
21:33 hal58th _prime_: Your example is pretty cool
21:34 _prime_ igorwidl, hal58th: http://pastebin.com/6DMyGRkK <--better formatting
21:34 _prime_ hal58th: thanks!  I found it really useful
21:34 iggy I think someone is just as likely to gain access to our git repo or whatever database you are keeping your pillars in as they are to get root on a box and guess around at grains till they find one that gives them some private data
21:34 mapu joined #salt
21:34 iggy but that's just me
21:34 igorwidl yes, i think this should do. thanks guys!
21:36 hal58th You can put that into another file if you want and then do an "include: ". Just don't have an include with nothing underneath or it breaks.
21:37 _prime_ hal58th: that's how we do it too.  The only states we match with roles are typically things like 'ceph.node' or 'openstack.compute', which then include all the relevant states via an include (as does the common role, that everyone gets regardless)
21:38 jonatas_oliveira joined #salt
21:39 jonatas__ joined #salt
21:39 cholcombe973 does salt have a curl module i can call from within my state file or do i need to just run a bunch of cmd.run's
21:39 aurynn cholcombe973, http://docs.saltstack.com/en/latest/ref/states/all/
21:39 aurynn this is a very useful page
21:39 aurynn :)
21:40 cholcombe973 :)
21:40 igorwidl iggy: yeah, nothing is perfect. In our scenario, Developers have sudo/root to their own virtual machines, and salt will be configuring these as well. It would be easy for developer to change the grain role and get 'secret data" or whatnot…
21:40 cholcombe973 wow that is a ton of stuff
21:40 aurynn file.managed *I think* can resolve an http address
21:40 iggy cholcombe973: depending on what you're doing... file.managed supports http:// url's, etc.
21:40 cholcombe973 oh cool
21:40 cholcombe973 lemme look at that
21:41 Mso150 joined #salt
21:41 aurynn I always keep the available states page open :)
21:41 cholcombe973 haha
21:41 cholcombe973 might as well.  i have 100 other tabs open
21:41 UtahDave joined #salt
21:43 cholcombe973 aurynn: i don't think this'll work.  I need it to post data to the url :-/
21:43 aurynn ah
21:43 cholcombe973 i'll just use cmd.run and parse the output
21:43 aurynn cholcombe973, well
21:43 aurynn I recommend looking into httpie and jq
21:43 aurynn for this
21:43 sod joined #salt
21:43 cholcombe973 good idea
21:43 aurynn they are cli tools that make interacting with web APIs *so nice*
21:43 cholcombe973 neat
21:44 cholcombe973 i've never used this
21:44 sod having an odd problem with salt copying a file, but leaving it empty, probably something dumb
21:44 sod running it with debug and looking at the log file does not show anything unusual
21:44 aurynn jq parses json, httpie lets you trivially do json requests against http endpoints
21:44 jonatas_oliveira joined #salt
21:44 sod anyone have any ideas for troubleshooting?
21:44 cholcombe973 aurynn: cool.  i'm using it to put stuff into etcd
21:45 Singularo joined #salt
21:45 hal58th sod: it's usually because the source isn't typed out correctly
21:45 cholcombe973 aurynn: oh... but there's also etcdctl.  I didn't know about this
21:45 aurynn :)
21:45 TTimo joined #salt
21:45 hal58th sod: I recommend copying the pwd and also figuring out if you are under the correct env, if you are using env that is
21:46 sod hal58th: thanks, ill go double check
21:48 jonatas_oliveira joined #salt
21:50 * ingwaem greets UtahDave
21:50 shaggy_surfer joined #salt
21:50 possibilities joined #salt
21:51 ipmb joined #salt
21:52 UtahDave hey, ingwaem!
21:53 ingwaem hows things
21:53 karimb joined #salt
21:58 linjan joined #salt
22:00 hal58th I just found out about the SaltStack Certified Engineer exam. I wish they had some random questions up so I could see how I would do without any formal training.
22:01 sod hal58th: no luck with that so far, paths look fine, ill keep ploughing away, thanks
22:02 murrdoc joined #salt
22:03 hal58th sod: Hmmm you could try and pastebin up your sls file, but I would also need to see your directory path to the file you want to copy as well
22:05 murrdoc joined #salt
22:06 meylor joined #salt
22:08 sod hal58th: http://pastebin.com/VX556AYY
22:08 sod hal58th: thanks for the help
22:08 sod hal58th: I've commented out every state except for the file copy to help me debug
22:08 sod hal58th: so theres not much there now
22:09 nethershaw joined #salt
22:10 igorwidl 'src' should be 'source'
22:11 hal58th yeah, was just about to say that. Not sure if they are interchangable
22:11 sod will try, thanks
22:11 sod ah, that was it
22:12 sod gone dumb from reading too much php/html today
22:12 hal58th i did something similar and was surprised that it doesn't error out
22:12 sod igorwidl: hal58th thanks a million, really appreciate the help guys
22:13 hal58th no problem sod: Glad it was something simple
22:15 iggy I believe the thinking with not erroring out on "invalid" options is part backward/forward compatibility and part to do with the monkey patching that modules can do (i.e. the _in versions of some requirements, the fact that a lot of modules don't enable themselves if the pre-reqs aren't installed, etc)
22:17 jaimed joined #salt
22:17 SheetiS keep in mind that internally salt converts all this yaml to python dicts then basically says "if 'whatever' in dict:" for all the options
22:17 SheetiS extra agrguments that are not valid are just extra data in the dict
22:19 kermit joined #salt
22:19 SheetiS that's kinda a crude approximation, but the extra data pretty much just sits there as it is outside of the scope of what the module/state/etc is looking for.
22:23 hasues left #salt
22:26 mosen joined #salt
22:27 teebes joined #salt
22:30 badon_ joined #salt
22:31 linjan joined #salt
22:33 djaime joined #salt
22:41 possibilities joined #salt
22:42 hal58th Thanks for the explanation iggy and SheetiS, that actually makes a lot of sense. Especially for forward compatibility
22:46 bfoxwell_ Hmm I can't be sure but I think colors are causing an exception...
22:47 bfoxwell_ An un-handled exception was caught by salt's global exception handler:
22:47 bfoxwell_ UnicodeEncodeError: 'ascii' codec can't encode characters in position 11010-11012: ordinal not in range(128)
22:47 rap424 joined #salt
22:48 johtso_ joined #salt
22:49 ProT-0-TypE joined #salt
22:52 spookah joined #salt
22:52 delinquentme joined #salt
22:56 cholcombe973 salt: does anyone know of a python or other tool that can be used to discover what rack a server is in?
22:56 cholcombe973 i suspect the answer is "it depends on your datacenter layout"
22:58 iggy very much so
22:59 CeBe1 joined #salt
22:59 mr_chris I will be filing the bug report and attempting to fix this myself tomorrow. I've found a bug that is currently rendering salt.states.mysql_grants useless. Useless as in unusable and completely broken.
22:59 mr_chris Here is an example of what is happening.
22:59 mr_chris Is you have this state. http://dpaste.com/2D0S17Z
22:59 mr_chris One user two tables.
22:59 otter768 joined #salt
23:00 mr_chris tableA and tableB
23:00 mr_chris With that user not having yet been created here is the result. http://dpaste.com/2FJCWB5
23:01 mr_chris Note that it's saying that tableB is already present. It's not and it hasn't applied the grant yet it will continue to say that.
23:01 mr_chris I looked into why this is happening.
23:02 mr_chris When salt checks to see if the grant already exists it is only checking for mydb.tableA for all grants defined after mydb.tableA.
23:02 mr_chris So for mydb.tableB, C, and so one it is verifying against mydb.tableA and says, "Yep! It's there! Nothing to do."
23:03 mr_chris I'm trying to figure out when this broke but it's the end of the day so I'll have to start on it fresh tomorrow. I do know that this was not a problem in 0.17.5.
23:04 mr_chris Imagine my surprise when I removed a user with a large number of specific permissions then had that user call me up and say they only had access to one of their tables.
23:08 UtahDave joined #salt
23:08 skyler Is there a way to see who has write access on a repo on github? I am trying to see who has access to various formulas.
23:10 iggy everyone in the organization
23:11 iggy so for example every formula under saltstack-formulas is going to be writable by https://github.com/orgs/saltstack-formulas/people
23:11 skyler iggy: So there are no additional people for particular formulas?
23:11 iggy iow, fork it and use your own copy
23:11 iggy nah
23:12 iggy but they are good about pulling changes from trusted users
23:13 Gareth UtahDave: hey
23:13 skyler iggy: Thanks for the info. Yes, they do seem to be really on top of getting changes merged. I have never been in a community that responds so quickly to chagnes.
23:13 honestly pretty sure I'm part of the organisation but the only thing I can do is transfer repos from my account to the org
23:13 UtahDave hey, Gareth!
23:13 Gareth UtahDave: hows things?
23:14 UtahDave pretty good!  I've been busy with a training class this week.
23:14 Gareth teaching?
23:14 UtahDave It's our first attempt at teaching both local and remote users in the same class
23:14 UtahDave Yeah.
23:15 Gareth ah cool.  What were you using for the remote users?
23:15 Outlander joined #salt
23:15 hal58th UtahDave: Was interested in taking the SSCE exam but was curious if there were any sample exam questions out there. Also if you could retake the exam one time for free if you fail the first time
23:16 UtahDave Gareth: I'm using our Google Chromebox for a Google Hangout.
23:16 UtahDave an unnamed exec wanted me to use Webex.  Yuck.
23:17 UtahDave Google hangout works on Linux, thankfully.
23:17 sjaredj joined #salt
23:17 Gareth ah cool. hangouts work well...it's a shame they have that connection limit though.
23:17 Gareth heh.  webex :)
23:17 thawes joined #salt
23:17 aurynn it's a shame they killed xmpp, too
23:17 UtahDave So far I think it has gone pretty well.  I have a note to myself to make sure to ask a remote student a question every few minutes to keep them involved.
23:17 Gareth rule one of Google services...don't rely on Google services :)
23:18 UtahDave Gareth: the chromebox allows like 50 connections.
23:18 pipeep joined #salt
23:18 Gareth UtahDave: woah.
23:18 Gareth UtahDave: I did not know that, that's awesome.
23:18 Gareth UtahDave: so everyone can participate, full audio, video, etc?
23:19 UtahDave yep
23:19 aparsons joined #salt
23:19 UtahDave hal58th: Let me check on the sample exam questions. I'm not sure if we do or not
23:19 thayne joined #salt
23:20 dstokes ooOOo release milestone! :sparkles: https://github.com/saltstack/salt/milestones/Lithium
23:24 hal58th Thanks UtahDave. Self taught salt, so I am not sure what you cover besides the topics listed on the webpage. Even one question per topic would be a good indicator.
23:24 UtahDave hal58th: Yeah, I think it would be great to have that available.
23:26 cruatta is it possible to pass kwargs to a state?
23:27 UtahDave cruatta: it depends on if the state function you're calling accepts kwargs.
23:27 Mso150 joined #salt
23:27 perfectsine joined #salt
23:27 cruatta so the pkg module accepts kwargs
23:27 cruatta i'm trying to pass the kwargs to the state
23:27 cruatta pkg state*
23:28 tafa2 joined #salt
23:29 hal58th What's the actual problem cruatta?
23:29 mr_chris UtahDave, You were briefly offline when I was talking a nasty bug with the mysql state. If you didn't see it, may I repeat it to you?
23:29 cruatta Here's the problem
23:29 cruatta https://gist.github.com/anonymous/e0a10831fd918194d48a
23:29 cruatta does not work
23:29 styly joined #salt
23:30 cruatta disableexcludes is not working in the pkg state
23:31 cruatta it's a kwarg for the pkg module
23:33 rawkode joined #salt
23:33 hal58th Is your salt —version 2014.7.0?
23:34 cruatta We're using 2014.1.10 in production but i tested it in a VM with 2014.7.0
23:34 hal58th wait, that shouldn't matter. i was looking at yumpkg
23:34 druonysuse joined #salt
23:34 druonysuse joined #salt
23:35 iggy that's an odd way of specifying the kwargs (although it should be valid afaiu)
23:35 cruatta how should it be done in a state?
23:36 iggy key: value  (without the {} and 's)
23:37 patrickcp joined #salt
23:38 cruatta interesting
23:39 cruatta Thanks iggy. I think we tried that with disableexcludes and it didn't work either way
23:40 glyf joined #salt
23:41 Mso150_g joined #salt
23:41 iggy cruatta: what pkg manager are we talking about here... I don't see that option anywhere
23:42 tyler-baker joined #salt
23:42 cruatta yumpkg
23:42 iggy ahh, yumpkg in 2014.7
23:42 cruatta yep
23:43 cholcombe973 is reactor the right place to force all my minions to update a config file?
23:44 hal58th I saw that the disableexcludes is only supported in 2014.7.0 but you say you tested it there
23:44 UtahDave cholcombe973: You could definitely use the reactor for that.
23:45 cholcombe973 UtahDave: cool. so currently I have a rest api endpoint in my reactor hook.  Somewhere in there I'd like all my minions to update a config file but I'm not sure how to trigger that
23:45 UtahDave your reactor just calls an sls file that runs on the master. You can call a state from there that targets the correct minions to update that config as needed
23:46 cholcombe973 ok i think i'm following
23:48 cholcombe973 ok so i could call highstate_run: local.state.highstate -tgt: *
23:48 UtahDave yep!
23:49 cholcombe973 sweet :D
23:49 iggy cruatta: in your test were both the master and minion running 2014.7?
23:49 cruatta i was testing in a masterless vm
23:51 igorwidl left #salt
23:51 * iggy runs
23:52 hal58th I also don't see why so many people do that. Just install a master and minion
23:52 cruatta Is there any reason why in the state definition a kwarg would not get passed to the underlying module?
23:54 cruatta hal58th: works fine for testing in vagrant
23:55 dstokes is there any way to figure out which salt-master processes are doing what (scheduling, workers, master process etc). i'm trying to track down a memory leak. some of the processes are leaking and others aren't
23:56 UtahDave cruatta: there's an example of using kwargs here on this page:  http://docs.saltstack.com/en/latest/ref/states/all/salt.states.module.html
23:57 iggy cruatta: from looking at the code, it looks like it should be doing what you expect
23:57 cruatta UtahDave: so if the state does not explicitly expose the option (in this case disableexcludes) I have to use module.run ?
23:57 cruatta iggy: I thought the same thing when I read the code
23:59 UtahDave cruatta: if the state accepts kwargs, then you can pass them in
23:59 cruatta I see. I will try it again with the exact syntax that's in that example
23:59 UtahDave cool.

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary