Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2014-11-25

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:02 thayne joined #salt
00:03 ajolo joined #salt
00:04 hal58th Ryan_Lane: https://github.com/saltstack/salt/issues/18453
00:08 Ryan_Lane basepi: ^^ that's a security issue
00:08 Ryan_Lane was already public, due to being mentioned in the channel
00:11 basepi Thanks for the heads up.
00:12 Ryan_Lane yw
00:15 hal58th Lol, now I feel bad.I guess the sooner the better
00:18 Ryan_Lane don't feel bad. try to use the security reporting process for things you may think are security issues in the future though :)
00:19 jimklo joined #salt
00:20 hal58th Was not aware of that. Will do in the future. Hopefully I won't find any!
00:29 genediazjr joined #salt
00:29 jimklo joined #salt
00:32 tkharju joined #salt
00:35 fxhp joined #salt
00:43 KyleG joined #salt
00:43 KyleG joined #salt
00:45 che-arne joined #salt
00:50 CeBe1 joined #salt
00:57 ssteinerX joined #salt
00:58 jalbretsen joined #salt
01:07 jalbretsen left #salt
01:11 spielberg joined #salt
01:12 alexr joined #salt
01:21 aqua^mac joined #salt
01:23 otter768 joined #salt
01:24 forrest joined #salt
01:24 bmonty joined #salt
01:26 aynik joined #salt
01:29 shaggy_surfer joined #salt
01:35 sunerok joined #salt
01:37 badon joined #salt
01:43 hasues joined #salt
01:45 spiksius joined #salt
01:56 spielberg joined #salt
01:56 aurynn so why would salt-ssh not run pip.installed in my states?
01:57 feythin joined #salt
02:04 jkleckner joined #salt
02:08 elfixit joined #salt
02:11 jhauser_ joined #salt
02:11 TheThing joined #salt
02:13 aparsons joined #salt
02:14 pr_wilson joined #salt
02:15 pr_wilson joined #salt
02:17 MK_FG joined #salt
02:19 aurynn ... okay what? salt-ssh '*' pip.installed works; using it in a state doesn't
02:22 hasues left #salt
02:24 pacopablo joined #salt
02:26 racooper joined #salt
02:26 CeBe1 joined #salt
02:27 TyrfingMjolnir joined #salt
02:35 jasonrm joined #salt
02:36 ramishra joined #salt
02:36 jonatas_oliveira joined #salt
02:38 bfoxwell joined #salt
02:43 ysiad joined #salt
02:46 jimklo_ joined #salt
02:59 Guest51182 joined #salt
03:00 ajolo joined #salt
03:02 Guest68364 joined #salt
03:08 bfraser joined #salt
03:21 TheThing joined #salt
03:21 snuffeluffegus joined #salt
03:24 otter768 joined #salt
03:39 monkey66 joined #salt
03:53 dogedDARK-DEV left #salt
04:07 badon_ joined #salt
04:14 Outlander joined #salt
04:23 evidence so this is odd.. under gitfs_env_whitelist unless i list base and master, it doesn't load anything
04:23 nafg HI
04:23 evidence listing base or master alone causes the cache to remain empty
04:24 nafg In salt-ssh, how can i say "add whichever user salt is executing as, to a group"
04:24 nafg my question is not about the adding to group part,
04:24 nafg it's about knowing which user we're executing as
04:25 __number5__ nafg: whoami always tell you that
04:25 nafg __number5__: okay, so what's the quickest way to get that into a jinja variable?
04:25 nafg is whoami a salt state?
04:25 nafg or something?
04:25 nafg or do you just mean the command?
04:27 thayne joined #salt
04:29 __number5__ just run the command
04:29 __number5__ why you'll not know the user you are using if you are running salt-ssh?
04:29 nafg __number5__: because I want the code to be reused across multiple scenarios
04:38 atbell joined #salt
04:40 Outlander joined #salt
04:44 nafg In salt-ssh, how can i say "add whichever user salt is executing as, to a group"
04:45 bhosmer joined #salt
04:46 atbell joined #salt
04:58 techdragon joined #salt
05:02 hal58th1 joined #salt
05:10 TyrfingMjolnir joined #salt
05:11 kermit joined #salt
05:25 otter768 joined #salt
05:33 Ryan_Lane joined #salt
05:37 felskrone joined #salt
05:39 felskrone1 joined #salt
05:40 felskrone joined #salt
05:48 ramteid joined #salt
06:04 thayne joined #salt
06:10 aquinas joined #salt
06:11 atbell joined #salt
06:12 catpigger joined #salt
06:25 Ryan_Lane joined #salt
06:31 _atbell_ joined #salt
06:36 ThomasJ|d joined #salt
06:42 gildegoma joined #salt
06:43 HACKING-FACEBOOK joined #salt
06:53 HACKING-FACEBOOK joined #salt
06:53 HACKING-FACEBOOK joined #salt
06:54 HACKING-FACEBOOK joined #salt
06:54 HACKING-FACEBOOK joined #salt
06:55 HACKING-FACEBOOK joined #salt
06:55 HACKING-FACEBOOK joined #salt
06:56 HACKING-FACEBOOK joined #salt
06:57 HACKING-FACEBOOK joined #salt
06:57 HACKING-FACEBOOK joined #salt
06:58 HACKING-FACEBOOK joined #salt
06:58 HACKING-FACEBOOK joined #salt
06:58 HACKING-FACEBOOK joined #salt
06:59 HACKING-FACEBOOK joined #salt
06:59 HACKING-FACEBOOK joined #salt
06:59 HACKING-FACEBOOK joined #salt
07:00 HACKING-FACEBOOK joined #salt
07:00 HACKING-FACEBOOK joined #salt
07:01 HACKING-FACEBOOK joined #salt
07:01 HACKING-FACEBOOK joined #salt
07:01 HACKING-FACEBOOK joined #salt
07:05 mirko joined #salt
07:13 flyboy joined #salt
07:22 nebuchadnezzar joined #salt
07:26 otter768 joined #salt
07:27 HACKING-FACEBOOK joined #salt
07:27 HACKING-FACEBOOK joined #salt
07:27 HACKING-FACEBOOK joined #salt
07:28 HACKING-FACEBOOK joined #salt
07:28 HACKING-FACEBOOK joined #salt
07:28 HACKING-FACEBOOK joined #salt
07:29 HACKING-FACEBOOK joined #salt
07:29 JlRd joined #salt
07:29 HACKING-FACEBOOK joined #salt
07:29 HACKING-FACEBOOK joined #salt
07:30 HACKING-FACEBOOK joined #salt
07:30 HACKING-FACEBOOK joined #salt
07:30 HACKING-FACEBOOK joined #salt
07:31 HACKING-FACEBOOK joined #salt
07:31 HACKING-FACEBOOK joined #salt
07:31 HACKING-FACEBOOK joined #salt
07:32 HACKING-FACEBOOK joined #salt
07:32 HACKING-FACEBOOK joined #salt
07:32 HACKING-FACEBOOK joined #salt
07:33 HACKING-FACEBOOK joined #salt
07:33 HACKING-FACEBOOK joined #salt
07:33 HACKING-FACEBOOK joined #salt
07:34 HACKING-FACEBOOK joined #salt
07:34 HACKING-FACEBOOK joined #salt
07:46 tomspur joined #salt
07:46 douardda joined #salt
07:48 monkey66 joined #salt
07:54 felskrone joined #salt
07:54 catpig joined #salt
08:05 TheThing joined #salt
08:05 __gotcha joined #salt
08:07 TheThing joined #salt
08:08 shorty_mu joined #salt
08:13 iwishiwerearobot joined #salt
08:14 chiui joined #salt
08:16 CycloHex joined #salt
08:16 slafs joined #salt
08:18 slafs left #salt
08:19 CycloHex hiya guys! Is it possible for me to see if my data compiles? Not just by running state.highstate test=true. I'd like to build a check with check_mk.. But whenever I state.highstate and it fails to compile, it still gives an exit status of 0
08:21 Mso150 joined #salt
08:24 sricharanized joined #salt
08:24 linjan joined #salt
08:24 sricharanized left #salt
08:33 ysiad joined #salt
08:35 fredvd joined #salt
08:38 BigBear joined #salt
08:38 potens joined #salt
08:39 akafred joined #salt
08:39 lcavassa joined #salt
08:40 __gotcha joined #salt
08:41 BigBear on new windows machines I have installed latest salt-minion 2014.7.0 and started the service at end of installer run. But I get no key deposited on master. but ping salt shows correct master machine ip and if i do a "salt-call --local key.finger" on the windows minion I do not get a key fingerprint displayed.
08:42 HACKING-FACEBOOK joined #salt
08:52 seshan joined #salt
08:53 seshan What is the correct way to write custom grains
08:54 seshan I have a folder _grains and when I did saltutil.sync_all it is not picking up the custom grains
08:57 linjan joined #salt
09:04 __gotcha joined #salt
09:08 sricharanized joined #salt
09:08 sricharanized left #salt
09:11 VSpike joined #salt
09:12 slav0nic joined #salt
09:13 agend joined #salt
09:14 VSpike Does anyone know of the likely timeline for 2014.7 packages for Ubuntu 10.04? I mean more is it days/weeks/months/never rather than a precise date :)
09:16 HACKING-FACEBOOK joined #salt
09:18 oyvjel joined #salt
09:23 BigBear joined #salt
09:26 TheKid89 is there a way to run a state through the salt renderers and output it to a file ?
09:27 otter768 joined #salt
09:27 N-Mi_ joined #salt
09:30 mirko joined #salt
09:33 douardda joined #salt
09:40 leszq joined #salt
09:40 TheKid89 I'm guessing thats a no or no one has an answer ?
09:41 BigBear TheKid89: it has been really really quiet here in the last hour or so. maybe there aren't too many reading this right now?
09:42 TheKid89 BigBear: It happens
09:42 TheKid89 BigBear: You woudnt happen to have any thoughts on that would though would you ?
09:43 BigBear TheKid89: above my paygrade I am afraid. ;-) fairly new to this. starting with babysteps myself. sorry.
09:44 TheKid89 I'm very new as well
09:44 TheKid89 Just looking for an easy way to run salt states through the salt jinja2 rendering engine and output it to a file
09:45 BigBear TheKid89: I have taken my question to the mailing list instead, and will wait and see what comes back from that.
09:46 TheKid89 Yeah your question is interesting
09:46 TheKid89 I don't have an answer for that as I don't use Windows
09:52 CycloHex is it possible to trigger events in a state?
09:53 TheKid89 CycloHex: what are you trying to do ?
09:53 babilen TheKid89: Are you referring to states or SLS files? If the latter you can use http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.state.html#salt.modules.state.show_sls
09:54 CycloHex at the end of my highstate send an event to trigger a reactor, this reactor will execute a state file on another server
09:55 babilen CycloHex: http://docs.saltstack.com/en/latest/ref/states/all/salt.states.event.html (just google for "salt state event")
09:56 alanpearce joined #salt
09:57 CycloHex Wauw, I remember googling that 3 weeks ago, didn't find anyhting like this
09:57 CycloHex thanks babilen and sorry for not googling it again
09:57 CycloHex VSpike: http://ppa.launchpad.net/saltstack/salt/ubuntu/
09:57 babilen Any particular reason why you don't use orchestrate?
09:58 babilen CycloHex: For 10.04?
09:58 CycloHex not rly sure what orchestrate does.. Had a look at it, but gav eup, since using reactors did the job
09:58 babilen CycloHex: It simply sounds as if you are in fact looking for orchestrate
09:59 CycloHex ok
09:59 CycloHex i'll look deeper in to it, then
10:00 TK_ joined #salt
10:01 Samos123 joined #salt
10:02 Samos123 anybody an idea why updating my top.sls doesn't have any effect? I added sun-java and hostsfile to my top.sls but it doesn't seem to have any effect
10:03 alexr_ joined #salt
10:03 Samos123 file_roots i also updated to include both the sun-java and hostsfile formula, after that i restarted salt-master and tried executing salt '*' state.highstate
10:03 viq Samos123: 1) where do you keep your top.sls? 2) can you show it? 3) how are you trying to "get an effect"?
10:04 TK_ I have installed saltstack on centos6.8 use "pip install salt" but there is no configuration file in /etc/salt/master only one dir called pki
10:04 TK_ anybody will help me ?
10:05 hojgaard joined #salt
10:06 Samos123 location: /srv/salt/top.sls http://paste.openstack.org/show/138053/ and this is my /etc/salt/master: http://paste.openstack.org/show/138054/
10:07 giany hi all, when I run  salt '*' cmd.run "yum check-update" , I don't get the output from all the servers that are in '*'. Any idea why?
10:07 Samos123 i am hoping that it would apply sun-java formula after executing salt '*' state.highstate but it only applies hadoop and hadoop.hdfs
10:08 viq giany: 1) try before 'salt-run manage.down' 2) try running with -v -t 30
10:08 Samos123 I am guessing there is a cache somewhere which keeps on executing the old top.sls file which only contained hadoop and hadoop.hdfs
10:08 viq Samos123: do you have any more top.sls files, or just the one?
10:09 Samos123 just one
10:09 Samos123 but i updated it and after updating it the update doesn't seem to have any "effect"
10:09 viq Samos123: if you adjusted master config, did you restart master afterwards?
10:09 Samos123 yea i did
10:10 viq giany: also, why not pkg.list_upgrades ?
10:10 Samos123 i just found something interesting there are 3 top.sls: /var/cache/salt/master/roots/hash/base/top.sls.hash.md5, /srv/salt/top.sls and /srv/pillar/top.sls
10:11 Samos123 the pillar shouldn't conflict right
10:12 giany salt-run manage.down shows nothing
10:12 giany so all are up
10:13 CycloHex babilen: I only want my minion to trigger the event on the first highstate. Can this be achieved with orchestration? Because I don't seem to find how to automatically do this with orchestrate. You have to manually call the orchestrate. I could also schedule it, but it would run every x hours, and I only want it to be execute don first highstate, which I check with a custom grain init_hs
10:13 karimb joined #salt
10:13 TK_ left #salt
10:13 viq Samos123: every once in a while I do rm -rf /var/cache/salt/master and restart master, if something breaks
10:14 Samos123 trying that, thanks for thelp viq
10:14 giany viq: thing is that if i run the command twice it runs that on all servers..so maybe some cache somewhere?
10:14 viq Samos123: you could always also run on one of the minions 'salt-call -l debug state.highstate' and see what that shows
10:14 TK_ joined #salt
10:14 viq or state.show_highstate I think it's called
10:15 viq giany: rather times out on yum updating repo lists, and second time it has them fresh and doesn't have to. So I would try -t 30 (or even 60), also why cmd.run and not pkg.list_upgrades ?
10:16 giany same thing with pkg.list_upgrades
10:16 giany itso yes,
10:16 giany it makes sense if there is a timeout
10:16 TheKid89 babilen: Thank that worked just the way I wanted it to
10:16 giany thx
10:16 mikeywaites joined #salt
10:17 mikeywaites Hey guys - can anyone point me to a list of events the reactor system has? Im basically after handling when a highstate is started on minions
10:18 bhosmer joined #salt
10:21 TK_ [DEBUG   ] Missing configuration file: /etc/salt/master , when I start salt use "salt-master -l debug",where is the master configure file ?
10:21 babilen CycloHex: What's different about the first highstate?
10:21 TK_ please help .
10:22 seshan My custom grains are not getting synced up,even after configuring file_roots and restarting the master
10:22 CycloHex The new minion gets added to backup and monitor server, this should only be done once. Also my db's get created on the first run
10:22 babilen TK_: I tend to use the packaged version of salt and they tend to install the configuration file in /etc/salt/master. I have no idea how you are supposed to deal with this if you install via pip. Why aren't you using the "normal" packages?
10:22 seshan what could be other possible prolblems ?
10:25 babilen giany: You could run "salt-run jobs.active" and/or "salt-run jobs.list_jobs" and then "salt-run jobs.lookup_jid $JIDFROMLASTCOMMAND" to show currently active and old jobs and get more information about one. I also tend to set "show_jid: True" in my master config so that it prints the JID whenever I run a job.
10:26 glyf joined #salt
10:27 babilen seshan: Could you paste your custom grain to http://refheap.com and also your command and its output with which you try to sync them. Are you sure that they are not synced? (i.e. have you checked in /var/cache/salt/minion/extmods/grains on the minion?)
10:27 babilen mikeywaites: I'd just run the eventlisten script and observe what you get. I don't think that there is a complete list of events (but then there aren't really that many)
10:28 mikeywaites babilen:  cheers
10:28 seshan I am using the same sample code in the link here
10:28 seshan http://docs.saltstack.com/en/latest/topics/targeting/grains.html
10:28 seshan did a service salt-master restart
10:28 babilen seshan: Did you restart the minion?
10:28 seshan salt '*' saltutil.sync_grains
10:28 seshan did that too
10:30 babilen CycloHex: Well, for the former you can use something like the setup described for the halite cluster in the reactor documentation and hook into the key accept event and for the latter I'd simply use a "database created" state. Which database is it?
10:30 babilen seshan: Okay, what about /var/cache/salt/minion/extmods/grains on the minion?
10:30 BigBear joined #salt
10:30 seshan does not exist in the minion
10:30 seshan just checked that
10:31 babilen Are the grains executable and could you paste it and the location where you have it on the master?
10:31 seshan path of grains  /srv/salt/_grains
10:32 seshan on master
10:32 spo0nman joined #salt
10:32 seshan master config for file_roots
10:32 seshan file_roots:   base:     - /srv/salt/
10:32 Ouzo_12 any reason if i do like salt-run manage.status it will take hours for it to finish? all 56 minions are up.. the only thing is they run different versions
10:32 CycloHex babilen: you mean the haproxy cluster? because I use that, only problem was that the minion was added to monitoring before check_mk was present on th eminion.. The adding to monitor started at the same time as the highstate.. That's why I want custom reactors to trigger the sls to add to monitor, later in the highstate, when check_mk is present on the moinion
10:33 babilen check_mk?
10:33 CycloHex babilen: it's postgresql, but in previous versions, my postgresql gotinstalled with the wrong locale, so I cmd.run now to install postgresql. This will error when I try to used database present
10:34 CycloHex check_mk is a nagios plugin we use to monitor certain checks
10:34 babilen Can't you sort out the locale problem?
10:34 mikeywaites left #salt
10:34 CycloHex by using cmd.run ^^
10:35 CycloHex changin the locale using states didn't work.. it got reset on the next state. So I had to do it in one state
10:35 jonatas_oliveira joined #salt
10:35 seshan @babilen any help ?
10:35 ckao joined #salt
10:36 ksk joined #salt
10:36 ksk hey guys. if i wanted to contribute a function to lets say file module - are there things i have to keep in mind? right now i put my function "diskusage" in there - do i need to fullfill some requirements? where would they be listed? thanks!
10:37 jonatas_oliveira joined #salt
10:39 babilen seshan: So you have http://docs.saltstack.com/en/latest/topics/targeting/grains.html#writing-grains → "yourfunction" in /srv/salt/_grains/something.py, the file is executable and you then restarted the master and ran "salt 'someminion' saltutil.sync_grains" ? Could you run "cat /srv/salt/_grains/something.py", "ls -la /srv/salt/_grains/something.py" and "salt '*' saltutil.sync_grains" on your master and show me the output on http://refheap.com ? ...
10:39 babilen ... (please adjust "something" to the actual value). You might also want to run the minion in debug mode with "salt-minion -ldebug" prior to doing that and then paste the debug log from the minion too.
10:42 seshan stacktrace of minion debug
10:42 seshan https://www.refheap.com/93935
10:42 Outlander joined #salt
10:44 seshan babilen: output of the commnds
10:44 seshan https://www.refheap.com/93936
10:45 babilen seshan: The grain is not executable.
10:45 babilen I believe I asked you about that some time ago
10:46 seshan ok, how did you find that ?
10:46 babilen I don't quite follow.
10:46 seshan No, how do you say the grain is not executable.,
10:47 babilen I found the information that your grain is not executable in the output of the ls -la command. It was "-rw-r--r-- 1 root root 136 Jan  1 15:50 /srv/salt/_grains/try_grain.py" and you can see that it is not executable because it is missing the "x" bit there
10:47 seshan would chmod +x do the job ??
10:47 babilen It would indeed
10:47 * babilen grabs a coffee
10:49 seshan here is the output
10:49 seshan https://www.refheap.com/93937
10:49 seshan still doesnt seem to help much
10:52 sieve joined #salt
10:52 diegows joined #salt
10:52 sieve Hallo salty people. what are the practicalities for running a salt master within a docker container
10:52 sieve ?
10:53 TK_ joined #salt
10:53 babilen sieve: 8
10:53 sieve babilen: 8 ?
10:56 babilen seshan: And it has not been synced? What does "salt 'fractal-0e6e.fractal.lan' cmd.run "ls -la /var/cache/salt/minion/extmods/grains" give you?
10:56 babilen And what is the respective minion debug log when you run that command?
10:57 babilen Restart the master or run "salt-run fileserver.update" for good measure before that.
10:58 ysiad joined #salt
10:58 babilen sieve: You can run a salt-master within a docker container.
10:58 sieve babilen: Im struggling to google it
10:58 sieve there is a lot of general docker / salt noise! :)
10:59 babilen There is indeed. AFAIK there are salt-master dockerfiles around ..
10:59 babilen https://registry.hub.docker.com/u/soon/salt-master/ is a commonly used one
11:00 babilen (but there are others or you could write one yourself)
11:00 seshan babilen: there you go : https://www.refheap.com/93939
11:01 bhosmer joined #salt
11:01 babilen seshan: And now the same for sync_grains run please .. I don't necessarily see anything wrong with your setup, but it might be your master configuration. Could you paste that too?
11:02 babilen And then restart the master and try again .. (sorry, this is a bit like stabbing in the dark)
11:03 ced joined #salt
11:03 ced hello
11:03 giantlock joined #salt
11:04 TK_ babilen: when I used "pip install salt" on debian7.0 , /etc/salt/master is there.  so ,you know , I want to know why.
11:04 babilen TK_: I have no idea, sorry.
11:05 ced When i try to start salt-minion on a new debian7.0 client, i get [ERROR   ] Attempt to authenticate with the salt master failed
11:05 mick3y top of the day all
11:05 mick3y ced: was there an instance of salt-minion on the host before?
11:06 ced I just installed it
11:06 mick3y ced: i had that error when i reinstalled salt-minion without removing old keys
11:06 ced on the master i tried salt-key -L
11:06 ced but nothing show up
11:06 mick3y ced: and you have the connectivity to salt-master?
11:06 ced ping works just fine
11:06 seshan babilen: :) same here, just not understanding what is going on
11:06 mick3y ced: telnet/nc?
11:06 seshan here is the settings
11:06 seshan https://www.refheap.com/93940
11:07 mick3y ced: nc -vv <salt-master> 4505
11:07 mick3y ced: nc -vv <salt-master> 4506
11:07 seshan still no success
11:07 mick3y ced: run the commands from the minion
11:07 ced "open"
11:07 babilen seshan: You only pasted part of the file unfortunately ...
11:08 ced i've another client with an existing salt minion
11:08 ced it worked yesterady
11:08 mick3y ced: mkay. and your /etc/salt/minion is correct? salt-master referred there can be racheable byt the name?
11:08 ced day
11:08 babilen seshan: And there is no mention of what is happening when you run sync_grains in the minion debug log when you run that on the master?
11:08 mick3y ced: s/byt/by/
11:09 mick3y ced: my guts tell me it's either connectivity issue or key issue
11:09 ced I think connectivity might be the issue
11:09 ced nc -vv with 4506 just hanging
11:09 ced no response
11:09 mick3y ced: then fix your firewall ;-)
11:09 ced ^^
11:10 ced master and minion are on the same vlan and are both VM
11:10 mick3y ced: routing ?
11:10 mick3y ced: anyways. it's connectivity by the looks of things
11:10 mick3y oh. wait. ping works
11:11 ced ping works :/
11:11 mick3y so it's firewall
11:11 ced that's a very annoying issue
11:11 mick3y ced: check on master and minion the following command firs: sudo iptables -nvL
11:11 babilen might be any hop in between too
11:11 mick3y babi: that was my next suggestion ;-)
11:12 ced no iptable set
11:12 ced Accept accept accept open bar :p
11:14 glyf joined #salt
11:15 mick3y now i've a question: i have two hosts: web100.xx.yy and web101.xx.yy - web101 is preproduction host while the former is production. i target production in my top.sls by grain regex G@web\d\d\d\.xx\.yym but would like to force web101 to take from preprod environment i have configured, web101 is already in preprod nodegroup, but when i specify targetting by nodegroup under preprod section in my top.sls nothing really happens - the host is still getting state
11:16 mick3y ced: check traceroute `grep master: /etc/salt/minion|cut -d\: -f2` on both minions
11:17 mick3y if there's an extra hop in between check if there's anything blocking the traffic
11:17 babilen ced: Could you run "ping -M do -s 8000 IP_OF_MASTER" on the minion and "ping -M do -s 8000 IP_OF_MINION" on the master?
11:19 ced wow Frag needed and DF set ?
11:19 ced what's the meaning of this :p
11:19 babilen The meaning of what?
11:19 ced and just to say, traceroute show only one leap since both master and minion are on the same vlan
11:20 CeBe joined #salt
11:21 babilen ced: And mtu?
11:22 seshan babilen: There you go
11:22 seshan https://www.refheap.com/93941
11:23 ced just tried to install salt master on a test debian
11:23 ced it works
11:23 CeBe joined #salt
11:24 ced so there's something with the old master. How does salt get its "unaccepted keys" list ?
11:25 babilen seshan: It is probably related to you setting "extension_modules: /srv/salt_modules". Why aren't you using /srv/salt_modules/_grains/try_grain.py then?
11:26 mick3y ced: are the ports 4505/4506/tcp on the master available from the failing minion?
11:27 mick3y ced: also IIRC it's recommended to upgrade master before the minions :)
11:27 ced nmap says yes, nc said nothing
11:27 babilen seshan: Would you mind unsetting that? I'm not entirely sure if that included grains btw
11:27 otter768 joined #salt
11:28 mick3y ced: try stopping the minion, removing the keys and starting the minion
11:28 seshan unset the extension_modules, restart the master and sync_grains
11:28 seshan is that all I should do now
11:28 babilen Might be worth a try, yeah
11:29 Ouzo_12 if i want to replace salt-master with another one... can i do that or do ia have to rease old keys on all minions?
11:29 babilen ced: Do you get the same MTU in both directions?
11:29 babilen Ouzo_12: You will have to remove/reaccept the keys IIRC
11:30 jonatas_oliveira joined #salt
11:30 seshan babilen: did not help... :(
11:30 seshan same logs too
11:30 mick3y Replying to myself: on the issue - configuration was correct but when adding new nodegroup to master configuration file the salt-master has to be restarted. quite confusing because salt -N nodegroup test.ping would still return correct results
11:31 Ouzo_12 ok so i can just insert a new server, with salt-master on and then reaccept all minions?
11:31 babilen seshan: You really get *nothing* in the minion logs when you run saltutil.sync_grains ?
11:31 seshan what will happen if I manually create a folder called grains on the minion ??
11:32 babilen seshan: Something is wrong, but I can't quite think of anything else we could try right now ...
11:32 ced <babilen> Same MTU for both
11:32 seshan nothing at all
11:32 seshan do you want the log ??
11:33 babilen seshan: And both run the same version, don't they? (that is: 2014.7.0)
11:34 babilen seshan: No, I believe you. Let me check what I see in my minion logs when I sync a grain.
11:35 joehh VSpike: re 10.04 packages - most likely days
11:35 bhosmer joined #salt
11:35 joehh I've a bit of a backlog with packaging stuff right now, but your request has lifted 10.04 up a few notches
11:36 saffe joined #salt
11:37 aynik joined #salt
11:37 keyser joined #salt
11:38 CeBe joined #salt
11:38 che-arne joined #salt
11:38 seshan babilen: if I want to validate the salt version, how do I d that ???
11:39 CeBe1 joined #salt
11:39 seshan found, checking
11:41 babilen seshan: Should also be in grains
11:44 felskrone joined #salt
11:44 TK_ joined #salt
11:44 spo0nman Hi, i want to trigger a command on salt master from a minion and get the output of the command. What can I use?
11:45 spo0nman I can use reactors to trigger command but i don't get the output back
11:45 CeBe joined #salt
11:46 saffe joined #salt
11:47 viq spo0nman: how about returners?
11:48 seshan babilen: Should also be in grains ???
11:49 CeBe1 joined #salt
11:52 babilen seshan: The salt version information should also be in grains. You can, for example, run "salt '*' grains.item saltversion"
11:53 seshan babilen: the versions are not same
11:53 seshan :)
11:53 seshan master is : salt-master 2014.7.0 (Helium)
11:53 seshan and minion : salt-minion 2014.1.10 (Hydrogen)
11:53 spo0nman viq it's a workaround
11:54 spo0nman viq: if possible I'd like to immediately get the output and work on it rather than poll a returner interface
11:54 spo0nman viq: is it not possible with salt?
11:55 saffe joined #salt
11:56 babilen spo0nman: I wrote a custom execution module that I call from the reactor system to deliver data from incoming events. You can call any execution module to do that... What does "get the output of the command" constitute?
11:58 hojgaard Hey everyone.. Im new here.. I have a question. How does the salt-master comminicate to a salt-minion. In the firewall setup instructions it says that i only need to open ports on the master. How does the saltmaster then prompt the minions?
11:59 babilen hojgaard: The minions contact the master, keys are exchanged, 0mq is being used for this (and all other) exchange of data.
11:59 spo0nman babilen: example: I'd like to get slave i/o thread location of a 100 mysql slaves and take an action based on the output. I'd like salt to let me execute a command on many hosts to get the output of "show slave status" and then choose the slave which is the most lagging and remove it from production load for a bit, but if all are lagging do something else etc
12:00 Cottser|away joined #salt
12:00 spo0nman simple use cases like this. where I want to execute something on many hosts and get the output and do something else.
12:00 sieve joined #salt
12:01 ssteinerX joined #salt
12:01 hojgaard babilen, what is the frequency?
12:02 bhosmer joined #salt
12:02 babilen hojgaard: Of what?
12:02 seshan babilen: is that small version difference really matters ??
12:02 hojgaard babilen, of the minions contacting the master?
12:03 babilen seshan: Well, why don't you upgrade and check? There is a quite a difference between 2014.7.0 and 2014.1.10 to be honoest
12:03 babilen *honest
12:03 babilen hojgaard: They do that when they start up.
12:04 hojgaard babilen, but when you do a test.ping, how does the master contact the minions?
12:04 babilen hojgaard: It sends a message via 0mq
12:05 hojgaard babilen, and no ports need to be open for that?
12:05 spo0nman hojgaard: The Salt master works by always publishing commands to all connected minions (via 0mq) and the minions decide if the command is meant for them by checking themselves against the command target.
12:05 babilen hojgaard: I think you have to have 4505 and 4506
12:06 ecdhe joined #salt
12:06 babilen hojgaard: What are you trying to achieve? What is the actual reason you are asking these questions?
12:06 spo0nman hojgaard: your minion must be able to communicate to the master on port 4505 and 4506
12:07 hojgaard babilen, i am having a salt-master and a lot of minions. I want to know if i have to open port 4505 and 4506 on the minions (the manual does not say so)
12:07 LotR hojgaard: as I understand it, the minions have a permanent tcp connection with the master, which they initiate, so no incoming ports on the minion required
12:07 spo0nman hojgaard: you don't have to open any ports on the minions
12:08 istram joined #salt
12:08 hojgaard LotR, if that is true, then i understand...
12:09 zions joined #salt
12:09 zions Hello there.
12:09 babilen hojgaard: They, naturally, have to be able to send traffic to the master. I am not entirely sure what you have to allow for that.
12:09 hojgaard spo0nman, then there must me a consistent connection..
12:10 spo0nman hojgaard: in network speak you need the firewall to allow bidirectional traffic
12:10 spo0nman between the minion-master
12:11 seshan babilen: is there really a new version for minion 2014.7.0 ??
12:11 seshan my centos seems to pick only 2014.1.10-4.el6
12:11 babilen I'm sure it wouldn't work if you DROP all outgoing traffic. Are you interested in a more fine-grained policy for OUTPUT ?
12:11 CeBe joined #salt
12:12 babilen seshan: There should be, but I am not using CentOS at all. I was, however, under the impression as if packages for all major distributions had been released.
12:12 zions I'm using salt 2014.1 and salt-cloud to deploy minions. I'm using a custom script as part of deployment and want to echo the grains into /etc/salt/grains. Putting something like ** echo "{{ vm['grains'] }}" > /etc/salt/grains  ** in the shell script replaces "{{ vm['grains'}}" with "{'dict': {'key': val, 'key': val}}". Is there anyway to work around ? Is there something like {{ minions }} ?
12:12 seshan babilen: let me re-check
12:15 zions seshan: http://dl.fedoraproject.org/pub/epel/6/x86_64/repoview/
12:15 babilen seshan: You are probably not using testing
12:15 zions seshan: Salt 2014 is there. I was notified earlier this week it's out.
12:15 babilen But I would have expected .7.0 to be available for all major distributions by now
12:17 TK_ joined #salt
12:17 seshan babilen: ya, just found that and updagrading
12:17 LotR babilen: debian is still on .1.13 as well (unless you count experimental)
12:18 CeBe joined #salt
12:20 babilen LotR: It's in the saltstack repos
12:20 babilen (http://debian.saltstack.com/debian that is, cf. http://docs.saltstack.com/en/latest/topics/installation/debian.html)
12:21 seshan any idea ?? Error: Cannot retrieve metalink for repository: epel-testing. Please verify its path and try again
12:22 seshan referring this : http://docs.saltstack.com/en/latest/topics/installation/rhel.html
12:25 LotR babilen: sure, but I only use external packages if I have no other choice. the main draw of debian for me is that they make virtually everything available, and make sure it is well integrated into the rest of the distro. third-party packages are always a gamble
12:26 babilen I completely agree. Unfortunately saltstack does not appear too interested in the official Debian repositories and advocates their own.
12:26 babilen joehh uploads packages there whenever he sees fit, but that isn't necessarily coordinated with the salt release schedule or prioritised from what I gather
12:26 Ouzo_12 hmm i can accept my minions on the new master.. but they are not responding when i use salt '*
12:27 Ouzo_12 etc.... salt '*' cmd.run 'ls'
12:27 seshan 0uzo can you paste the output of salt-key -L
12:28 seshan 0uzo_12
12:29 Ouzo_12 seshan it shows 26 servers under accepted keys none under unaccepted and none under rejected
12:30 seshan run salt-minion -l debug on minion first, and then salt '*' test.ping -l debug on master
12:30 seshan paster the logs here http://refheap.com/
12:30 spielberg joined #salt
12:34 ninkotech_ joined #salt
12:36 jaimed joined #salt
12:38 glyf joined #salt
12:39 BigBear joined #salt
12:40 TyrfingMjolnir joined #salt
12:41 che-arne joined #salt
12:41 seshan I am unable to install 2014.7.0 minion in my centos
12:41 seshan any help ?
12:42 BigBear seshan: what does not qwork ? what did you do? what happened? what did you expect to happen instead?
12:43 seshan My minion was  2014.1.0 or something, so I was trying to update it to 2014.7.0
12:43 seshan yum reinstall salt-minion
12:43 seshan is going back to the same old version instead of the new verison
12:44 __gotcha joined #salt
12:45 Shiv joined #salt
12:45 Shiv Hi
12:45 seshan BigBear: the reason for update is master is 2014.7.0
12:45 BigBear seshan: so what does salt --version and/or salt --versions-report report back?
12:45 babilen seshan: Can you list all available package versions and their respective priority in yum?
12:45 CeBe joined #salt
12:46 Shiv I have configured salt master and minion on the amazon vms
12:46 Shiv not able to see the keys to accept
12:46 Shiv plz help
12:47 seshan I had uninstalled my minion, and anytime I try to reinstall it , I get this error :: " Cannot retrieve metalink for repository: epel. Please verify its path and try again"
12:49 seshan hoping this works  https://www.centos.org/forums/viewtopic.php?f=13&amp;t=49226&amp;sid=b4e3b9e237f17e1baea47cc6996e89e0
12:49 seshan :)
12:50 BigBear seshan: what version of centos? what does the /etc/yum.repos.d/epel.repo file contain?
12:52 seshan BigBear: my VM are shutdown, if office closing here
12:52 seshan will update tomorrow morning
12:52 seshan thanks for the responses :)
12:54 BigBear seshan: ok, the link with the hint to update nss may well be what you are facing. good luck
12:56 saffe joined #salt
12:57 lothiraldan joined #salt
12:57 saffe joined #salt
12:58 __gotcha joined #salt
13:00 alexr_ joined #salt
13:01 saffe joined #salt
13:01 saffe joined #salt
13:03 che-arne joined #salt
13:04 thayne joined #salt
13:06 Shiv Any document to configure Salt Master & Minion on Amazon server will be of great help
13:06 Shiv i followed the steps mentioned in Salt documents ....it works very well with my local servers
13:06 Shiv but not on the Amazon VMs
13:10 TyrfingMjolnir joined #salt
13:14 CycloHex Shiv http://salt-cloud.readthedocs.org/en/latest/topics/aws.html
13:14 CycloHex Shiv: http://www.linux.com/learn/tutorials/772719-how-to-provision-aws-ec2-instances-with-salt-cloud
13:14 istram Shiv: what is not working for you?
13:15 istram CycloHex: you sure he wants the cloud provider?
13:15 CycloHex Sinc ehe said amazon vms, yes I think so
13:15 VSpike joehh: thanks :)
13:15 istram Shiv: just seen the older message - are you sure you have the networking set up right?
13:15 CeBe1 joined #salt
13:16 oyvjel joined #salt
13:16 istram Shiv: ppl usually forget about iptables & Security Groups
13:16 zions I'm using salt 2014.1 and salt-cloud to deploy minions. I'm using a custom script as part of deployment and want to echo the grains into /etc/salt/grains. Putting something like ** echo "{{ vm['grains'] }}" > /etc/salt/grains ** in the shell script replaces "{{ vm['grains'}}" with "{'dict': {'key': val, 'key': val}}". Is there anyway to work around ? Is there something like {{ minions }} ?
13:16 saffe joined #salt
13:17 saffe joined #salt
13:17 VSpike I'm trying to set up a Windows build environment for salt using the instructions at http://docs.saltstack.com/en/latest/topics/installation/windows.html. I've had to pip install a few extra bits (markupsafe, requests) that aren't mentioned already. I want to run the minion but I'm getting this https://bpaste.net/show/230a559ae3dd
13:17 VSpike Can anyone suggest a fix, or something to try?
13:17 TK_ joined #salt
13:18 VSpike Other than "Don't use Windows" ;)
13:21 quantum-x joined #salt
13:21 linjan joined #salt
13:21 quantum-x Hey all. Any ideas why a salt command could intermitantly return nothing? IE: [root@salt-master ~]# salt -N prod-web state.sls servers
13:21 quantum-x
13:22 quantum-x Sometimes it runs as it's meant to, othertimes, it just returns to shell
13:22 zions quantum-x: try adding -t99 . Maybe the command is not executed within the default timeout.
13:22 Cidan joined #salt
13:22 quantum-x zions, ok, thanks
13:22 quantum-x when it works, it's fast
13:22 quantum-x other times.. no dice
13:24 zions quantum-x: It can be just latency between master and minions. You can increase the default timeout
13:24 Shiv Thanks CycloHEx
13:24 quantum-x zions, will give it a shot, thank you
13:24 Shiv my vms are on different AWS
13:25 sieve joined #salt
13:25 Shiv master is on one AWS and minion on other
13:25 Shiv and after doing all configuration , i am not able to see minion keys in my master
13:27 lothiraldan joined #salt
13:28 babilen Do you know if there is a way to write/use modules that can be used in pillars written in Python? I tend to use a number of functions in a number of pillars and it would be nice if I could maintain them in one place.
13:28 otter768 joined #salt
13:28 thawes joined #salt
13:30 zooz joined #salt
13:30 viq babilen: there was a discussion about something similiar on lists recently
13:30 ced joined #salt
13:30 babilen Yes, I had that feeling, but couldn't find the thread (just skipped the last couple of names)
13:31 ced hello again :
13:31 ced :p
13:31 ced Salt master is working now
13:31 ced it was a network issue as suspected
13:31 babilen viq: Do you recall the name of that thread?
13:31 babilen ced: And?
13:31 viq babilen: apparently https://groups.google.com/forum/#!topic/salt-users/dhIfh-w6K6A
13:31 ced thx for the help anyway
13:32 viq "library for sls written in python"
13:32 viq Funnily enough, started by someone signing messages as cED ;)
13:33 babilen That's not quite what I mean as it is specific to states. I know how to write execution modules and how I would use them in my state files, but I have the same situation for pillars.
13:33 viq Well, this is about libraries, abstracting parts of them. Sounds similiar to me.
13:34 babilen AFAIUI you wouldn't necessarily have salt['some_execution_module.function'] available in pillars (at least if I look at http://docs.saltstack.com/en/latest/topics/development/dunder_dictionaries.html
13:36 viq Sorry, well outside of my expertise.
13:36 babilen Sure, no problem.
13:36 Shiv CycloHex : VMs across different AWS will not work i guess
13:36 Shiv On same AWS its working
13:36 Shiv Thank you for ur response
13:37 babilen I guess I can try to load that execution module manually (like cmd.run is being imported in grains/core.py for example)
13:38 lothiraldan joined #salt
13:38 mick3y ced: what was the issue?
13:39 mick3y ced: and what was the solution
13:39 mick3y ced: for future generations of googlers ;-)
13:40 spielberg joined #salt
13:41 ced ah ah well that was pretty dumb issue
13:41 ced I was working on a VM set by a co-worker
13:41 ced worked fine 'till yesterday
13:42 ced but he had 2 network cards with one on dhcp and the other one static
13:42 ced with 2 gateway '--
13:43 ced now there's only one static network address and everything is working fine
13:44 shookees joined #salt
13:44 shookees joined #salt
13:44 mick3y hah. happens. gentle punishment to the co-worker is in order i'd say, for wasting your time ;-)
13:47 ced well i did ask him if is network configuration was working fine and he told me not to change it
13:48 ced his / not is
13:48 ced I must find a way to punish him :p
13:49 spo0nman if anyone from saltstack is interested in this bug https://github.com/saltstack/salt/issues/13879 I am available.
13:50 balltongu joined #salt
13:53 balltongu joined #salt
13:57 balltongu joined #salt
13:58 gildegoma joined #salt
14:02 nitti joined #salt
14:04 cleme1mp_ joined #salt
14:04 alexr_ joined #salt
14:05 diegows joined #salt
14:06 A||SySt3msG0 joined #salt
14:08 racooper joined #salt
14:09 saffe joined #salt
14:13 VSpike Right, fixed that one. Clearly the windows installer mods the minion config file automatically set the IPC mode to TCP
14:18 TK_ joined #salt
14:18 jdesilet joined #salt
14:19 FarrisG joined #salt
14:20 VSpike Here's another strange error.. any ideas on this one? https://bpaste.net/show/2aeeed0536ef
14:24 moos3 where does salt store its gitfs checkouts
14:24 mpanetta joined #salt
14:24 saffe joined #salt
14:25 _prime_ joined #salt
14:25 babilen moos3: /var/cache/salt/master/gitfs (or along those lines)
14:25 VSpike Ah, fixed that too. Another config file mod
14:26 JlRd joined #salt
14:27 saffe joined #salt
14:27 moos3 anyone seen this with pygit2  Exception 'credential does not implement interface' caught while fetching gitfs
14:28 BigBear joined #salt
14:29 saffe_ joined #salt
14:32 saffe joined #salt
14:32 dabl joined #salt
14:35 cpowell joined #salt
14:36 saffe joined #salt
14:37 ajolo joined #salt
14:37 hcl2 joined #salt
14:39 moos3 hrm some reason after they are checked out it doesn't seem want to apply them
14:41 ajolo joined #salt
14:43 grosjean joined #salt
14:43 grosjean yo all
14:44 ced Should i use file.blockreplace in init.sls if i want to change a value in a conf file during instal ?
14:45 ced +l
14:45 drawsmcgraw joined #salt
14:45 saffe joined #salt
14:46 grosjean in my python script i use cmd_iter, and sometimes it returns an empty generator
14:46 grosjean any idea?
14:46 grosjean the default timeout value is None, must i set a timeout for long running command ?
14:47 shookees joined #salt
14:47 shookees joined #salt
14:47 micah_chatt joined #salt
14:48 grosjean hmm no, if i'm right the timeout increase in cmd_iter
14:49 micah_chatt_ joined #salt
14:51 joehh joined #salt
14:52 grosjean if someone backlog, and have idea on my pb, don't hesitate to ping me :)
14:52 micah_chatt joined #salt
14:55 micah_chatt joined #salt
14:55 cleme1mp joined #salt
14:56 Gues480631 joined #salt
14:58 jesusaurus joined #salt
14:59 drawsmcgraw After upgrading to 2014.7, salt-cloud seems to not drop anything in /etc/salt/minion
14:59 drawsmcgraw I mean -> the file is just a single blank line. I haven't changed any of my profiles or providers
15:00 drawsmcgraw Anyone else seen that?
15:00 MTecknology How can I execute this via cmd.run? I'm having issues with quotes ..   aptitude update; aptitude purge -y logcheck; rm -rf /etc/logcheck; aptitude -y install logcheck; while read package; do [[ "$package" == 'logcheck' ]] && continue; dpkg -L "$package" 2>/dev/null | if grep -q '/etc/logcheck/.*/'; then apt-get -d --reinstall install "$package"; dpkg --install --force-confmiss
15:00 chrischris joined #salt
15:00 MTecknology "/var/cache/apt/archives/$package"*; fi; done < <(dpkg-query -l | awk '{print $2}')
15:01 viq joined #salt
15:02 drawsmcgraw MTecknology: Usually when I run into that problem I wind up using cmd.script instead
15:04 housl joined #salt
15:05 thawes joined #salt
15:05 * MTecknology hugs drawsmcgraw
15:06 drawsmcgraw You're welcome :)
15:09 ctrlrsf What are best practices for creating a user that a package would normally create? Do you create the user first and then install the package? Or just let package create the user with whatever UID it wants?
15:09 babilen Changes to opts in mount.mounted should end up in the /etc/fstab, shouldn't they? I am getting "Forced remount ..", but no changes to the actual mount (NFS)
15:09 davet joined #salt
15:10 ctrlrsf For example, installing httpd creates the apache user on CentOS. Should the apache user be created before the package is installed?
15:10 MTecknology ctrlrsf: I try to avoid those packages but otherwile let the package create the user
15:10 kaptk2 joined #salt
15:10 * MTecknology holds back the rhel rant
15:10 babilen Why would you avoid those packages?
15:10 babilen ctrlrsf: Is it important for you that the user is created with a specific UID?
15:10 ctrlrsf Nope
15:11 babilen Then just install the package and be done with it.
15:11 ctrlrsf Thought so. So here's the quirk I'm running into.
15:11 babilen Ah, so there is a real question ...
15:11 saffe joined #salt
15:12 ctrlrsf In the .sls I install (lets say) httpd package. Later I have a file.managed that wants to enforce the directory user is owned by apache. Salt complains that apache user does not exist the first time hightstate is called
15:14 ctrlrsf If I run highstate a second time it completes with no errors because the apache user does exist.
15:15 babilen ctrlrsf: So why don't you manage the user, make sure that happens *after* you install the package and require: - user: apache" ?
15:15 HACKING-FACEBOOK joined #salt
15:16 babilen Or require the package in file.managed (or simply make sure it runs later on)
15:16 XenophonF joined #salt
15:16 ctrlrsf Yeah, I can do that
15:17 ctrlrsf I was just curious what others were doing for this
15:17 drawsmcgraw ctrlrsf: I'd 'require' the pkg.install before the file.managed as well
15:17 TK_ joined #salt
15:18 ctrlrsf I have state_auto_order: True in my master, and I have the file.managed after the package is installed. I suspect that salt has an inventory of usernames on the server when the state is ran, and since the user is created by installing the package, it doesn't know the user exists and is giving me that error
15:18 XenophonF hey all i'm using grains for targeting in top.sls, and I have grains set up like "role: Salt Master"
15:19 XenophonF to get it working i've had to resort to compound matches that look like 'G@environment:Production and G@role:Salt*Master'
15:20 XenophonF so as a matter of style, should I try avoiding using wildcards that way?
15:20 XenophonF i don't know how else to escape the space in the grain's value
15:20 XenophonF probably a silly question tbh
15:21 babilen ugh, grains
15:21 XenophonF but i'm going for readability across Salt, Git, and AWS
15:21 XenophonF babilen: i'm all for better ways to do targeting
15:22 drawsmcgraw XenophonF: must you use spaces?
15:22 babilen XenophonF: "P@role:Salt\sMaster
15:22 XenophonF drawsmcgraw: no, I don't, but it looks nicer in the AWS console when I do
15:22 XenophonF and I'm trying to have everything match up
15:22 drawsmcgraw I can understand that
15:22 drawsmcgraw I try to use dashes when I want spaces
15:22 babilen And yeah, don't use spaces .. and don't use grains for roles (but that's just me, I think it is a horrible trend in the salt community)
15:22 XenophonF thanks babilen
15:23 drawsmcgraw babilen: I'm using grains for roles. I'm up for input on other methods, though
15:23 babilen And for the love of god, don't make sensitive data available to minions based on the grains they claim they have
15:23 drawsmcgraw I try to give all my minions meaningful names, so I could feasibly target them by minion_id instead....
15:23 babilen drawsmcgraw: I'd do it in pillars
15:23 XenophonF babilen: unfortunately my naming conventions aren't up to the task, and trying to change my server naming conventions at this point is a non-starter, since only now, after about 6 years of having them, have I finally gotten the rest of my team to apply them in a consistent way
15:23 drawsmcgraw XenophonF: I feel you, sir
15:23 babilen I'd use pillars (i.e. data managed on the master)
15:24 philipsd6 there will *always* be server names that are exception to the rule.
15:24 drawsmcgraw babilen: Interesting. Pillar for dealing out roles?
15:24 XenophonF i'm using pillars right now, but that's not really the salt-cloud way of doing things, which is the direction i'm heading
15:24 HACKING-FACEBOOK joined #salt
15:24 XenophonF drawsmcgraw: here's my current targeting setup, using pillars - https://github.com/ibrsp/salt-states/blob/master/top.sls
15:25 babilen drawsmcgraw: Sure, you really wouldn't want to use grains for that as that means that you have to manage the grains *on* the minions in some way (chicken and egg) *and* (even worse) you end up relying on data provided by the minions themselves to decide if they can have a sensitive datum if you target pillars based on grains.
15:25 babilen Both things are, IMHO, a bit no no.
15:25 drawsmcgraw XenophonF: interesting. Thanks!
15:26 XenophonF you know what babilen, you've convinced me
15:26 XenophonF i'll stick with pillars for targeting
15:26 drawsmcgraw babilen: Point made! I just yesterday had to deal with updating the roles on a subset of my minions
15:26 XenophonF i'm not using salt-cloud yet anyway
15:26 drawsmcgraw It wasn't pretty
15:26 babilen I'd maintain lists of "roles -> host" and/or "host → roles" in a pillar (maybe an external one (mysql, postgresql ....)) and target based on that
15:26 drawsmcgraw babilen: good idea. I have to look into this now. Thanks!
15:26 davet1 joined #salt
15:27 XenophonF now how to revert edits in vc-mode... ;)
15:27 XenophonF ah vc-rollback
15:27 drawsmcgraw That would solve half of my current problem, which is salt-cloud not making any minion configs with my update to 2014.7 :)
15:27 babilen Just because grains somehow feel right as "data about the host" roles are, IMHO, not appropriate for this. Mind you: It is a very common setup, but I personally regard it as huge mistake and direction.
15:27 XenophonF babilen: i'm totally convinced
15:28 XenophonF oh rather it's vc-revert
15:28 babilen And you can target based on pillars as well: http://docs.saltstack.com/en/latest/topics/targeting/compound.html
15:29 _prime_ babilon: I agree, pillars are the way to go for roles.  I use pepa templates to build up roles based on location, attributes, etc., then have my top sls file iterate through that list to run matching states (which in turn have includes that define all the formulae/states for those roles)
15:29 _prime_ it means the roles can be changed very quickly, with no syncing required
15:29 babilen yeah, exactly
15:29 babilen What are pepa templates?
15:29 otter768 joined #salt
15:30 pr_wilson joined #salt
15:30 XenophonF _prime_: would love to see that if you don't mind sharing
15:30 _prime_ pepa is an external pillar included with salt 2014.7, it uses heirarchical substitution to build up pillars from jinja/yaml template files.  I use it extensively (it actually works with 2014.1.x if you just pull the pepa.py file across)
15:31 _prime_ XenophonF: https://github.com/mickep76/pepa
15:31 lothiraldan joined #salt
15:32 babilen _prime_: Ah, thanks. I'll look into that.
15:32 XenophonF thanks, _prime
15:32 babilen Salt is so big that it's easy to miss out on things like this.
15:33 conan_the_destro joined #salt
15:33 che-arne joined #salt
15:33 che-arn7 joined #salt
15:36 thayne joined #salt
15:36 v0rtex does anyone know why my pkgrepo.managed state here: http://hastebin.com/evotafojux.sls wouldn't actually work? When I run the command "salt-call state.single pkgrepo.managed java ppa=webupd8team/java" I get this: http://hastebin.com/uqetisijef.vhdl but the PPA isn't actually added.
15:37 VSpike If I have a suggested bugfix for salt 2014.7, should I submit a PR with the fix on that branch, or on develop?
15:37 v0rtex if I run sudo add-apt-repository ppa:webupd8team/java manually then the repo is finally added
15:38 che-arn0 joined #salt
15:38 che-arne joined #salt
15:39 drawsmcgraw VSpike: I'm not sure what the current rules are but this doc probably mentions it: http://docs.saltstack.com/en/latest/topics/development/contributing.html
15:40 _prime_ babilen: sure thing
15:40 Gues480631 joined #salt
15:40 ctrlrsf drawsmcgraw: babilen: disregard my previous issue. It seems salt was reordering my states and file.managed and file.directory were being processed before the pkg.install
15:40 __number5__ babilen: can you explain how to assign a role to a minion using pillar?
15:42 thawes_ joined #salt
15:42 __number5__ v0rtex: ppa is broken in certain 2014.7.0rcX version, might be still broken in 2014.7.0
15:43 v0rtex __number5__: ahh, good to know. I am running 2014.7.0 so it must still be an issue with the release version.
15:43 che-arne joined #salt
15:43 che-arn3 joined #salt
15:47 __number5__ v0rtex: our current work around is like the logstash PPA example in http://docs.saltstack.com/en/latest/ref/states/all/salt.states.pkgrepo.html 2nd code example
15:49 babilen ctrlrsf: Yes, which is why you should require states so that they are being processed in the correct order.
15:52 alanpearce joined #salt
15:53 VSpike drawsmcgraw: ah. oops
15:54 VSpike Wonder if they can take my current PR this time or if I nee to redo it
15:54 quickdry21 joined #salt
15:55 v0rtex __number5__: yeah, I will just do that. I already had it set up to do that on Debian for me but was using the PPA on Ubuntu servers
15:55 Ozack joined #salt
15:55 babilen __number5__: Well, just like with grains. You would have a pillar in which you enumerate role <-> host mappings and then iterate over those. How you manage those mappings is up to you and writing those in yaml is probably super painful. I'd probably start with Python dictionaries that are indexed by role or hostname and inverted, so that you can ask "which host are in role foo?" and "which roles does host bar have?"
15:56 babilen __number5__: As managing that manually might be a bit cumbersome you would probably want to use an external pillar to manage that information. The main point is that this information shouldn't live on the minions
15:56 eriko joined #salt
15:57 babilen (both because it is cumbersome to manage and because it poses a security risk if you make sensitive states/pillar data available based on roles)
16:01 SheetiS joined #salt
16:02 __number5__ babilen: you mean a host <-> roles mapping in pillar top file?
16:07 babilen no, in a pillar SLS file or a database (that is being used as an external pillar). The basic idea would be: https://www.refheap.com/93955 (untested and possibly broken)
16:08 babilen You can write that in Python (#!py as renderer in the first line and then implement run()) or use any external pillar that you'd like
16:08 __number5__ for example, I got a new aws ec2 instance hostname/minion_id ip-10.100.1.123, I want to assign role 'web' to it, then I need to do roles['ip-10-100-1-123'] = 'web' somewhere, then have a pillar top file iterate though it?
16:12 StDiluted joined #salt
16:15 elfixit joined #salt
16:17 TK_ joined #salt
16:19 ramishra joined #salt
16:19 TheThing joined #salt
16:23 iggy there is some stuff in salt-contrib to interface with aws' metadata service for stuff like that (if you wanted to go that route) DISCLAIMER: I've read 4 lines of backlog
16:24 berserk joined #salt
16:26 conan_the_destro joined #salt
16:27 drawsmcgraw I filed an issue for my salt-cloud problem - https://github.com/saltstack/salt/issues/18475
16:34 xliiv joined #salt
16:40 jimklo joined #salt
16:42 pdayton joined #salt
16:42 linjan joined #salt
16:43 BigBear joined #salt
16:47 ysiad joined #salt
16:49 pdayton joined #salt
16:52 StDiluted joined #salt
16:52 thedodd joined #salt
16:52 spiette joined #salt
16:52 KyleG joined #salt
16:52 KyleG joined #salt
16:54 BigBear hi
16:54 BigBear is the latest salt-minion for windows 2014.7.0 broken?
16:55 nafg_ joined #salt
16:56 atbell joined #salt
16:57 BigBear sorry small correction, is the latest salt-minion -->>installer<<-- for version 2014.7.0 broken?
16:58 BigBear it does not create a key , tried on 4 machines. a local run of salt-call --local key.finger , gives me and empty 'local:' output and it also does not deposit a key on the master. but if I go back to 2014.1.13 both of these things work.
17:00 XenophonF BigBear: i've been having problems with the new salt-minion as well, but i haven't had time to debug them
17:02 jaimed joined #salt
17:02 MTecknology It's like a redirection forest!  http://dpaste.com/2VKAYXV
17:06 _prime_ joined #salt
17:08 nafg_ Hi, I have a pkgrepo.managed that's not working
17:08 babilen nafg_: Please paste the SLS to http://refheap.com and also include your run and its output
17:08 nafg_ Using with vagrant, every time it reports a change, and if I vagrant ssh it doesn't seem to be there
17:09 hasues joined #salt
17:09 hasues left #salt
17:09 * alexbst waves at ashb
17:09 MTecknology No matching sls found for 'sys.files.logcheck' in env 'base'   ... but, no... I know that. The sls is in the environment prod. Why are you not picking that up?
17:10 MTecknology I guess it makes sense why...
17:12 nafg_ babilen: here you go: https://www.refheap.com/946971bcdfef941c447eae17d
17:14 nafg_ can anyone help me with this pkgrepo.managed issue?
17:15 troyready joined #salt
17:15 thayne joined #salt
17:16 babilen nafg_: Sorry, never used salt-ssh nor am I using a comparable vagrant setup. To configure PPAs you do, however, have to ensure that python-software-properties is installed. Is that the case?
17:16 CeBe joined #salt
17:16 nafg_ yes, that is the previous line
17:16 nafg_ although i should make it a require
17:16 nafg_ let me check to be sure
17:16 babilen I don't see it
17:17 aparsons joined #salt
17:17 nafg_ yes it was already isntalled
17:17 nafg_ babilen: yes i apologize for not pasting it
17:17 nafg_ but i just checked that it's there so it's not the issue
17:17 nafg_ if i run apt-get install it says already latest
17:18 spiette joined #salt
17:20 nafg_ babilen: let's assume salt-ssh is no different than master-minion and vagrant is regular vm
17:21 shaggy_surfer joined #salt
17:22 spookah joined #salt
17:22 nafg_ is there some way to run pkgrepo.managed directly from the command line
17:23 MTecknology This is interesting... When I do something like salt '*' cmd.run 'foo bar' 2>&1 | tee /some_file, the output acts like it's being buffered. I'll see output from a completed run on one minion, but not all of it. After the next few minions complete, the output that should be there will show up.
17:23 MTecknology Really weird.
17:24 aparsons joined #salt
17:26 CeBe1 joined #salt
17:28 akafred joined #salt
17:30 babilen nafg_: http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.aptpkg.html#salt.modules.aptpkg.mod_repo is what is being called
17:30 otter768 joined #salt
17:30 spielberg_ joined #salt
17:30 GrueMaster joined #salt
17:31 chiui joined #salt
17:31 hal58th1 nafg_ are you root when looking at the folder /etc/apt/sources.list.d/?
17:32 nafg_ hal58th1: thanks for the idea, i just did a sudo ls and it's still empty
17:32 TK_ joined #salt
17:32 hal58th1 left #salt
17:32 hal58th1 joined #salt
17:33 felskrone joined #salt
17:34 aparsons joined #salt
17:35 nafg_ babilen: thanks
17:35 nafg_ i ran salt-ssh -c . vagrant.vb pkg.mod_repo ppa:ondrej/php5-5.6
17:35 pdayton joined #salt
17:36 nafg_ babilen: and i got output similar to that in the refheap
17:36 nafg_ well not exactly
17:36 nafg_ basically blank output
17:37 hal58th1 nafg_ I've never used pkgrepo.managed, but when you rerun salt-ssh, does it look like the state is being changed every time, or does it say that the it's already in the correct state?
17:37 nafg_ and it didn't do anythin in any case
17:37 nafg_ hal58th1: it says that it changed
17:37 nafg_ Check out https://www.refheap.com/946971bcdfef941c447eae17d
17:39 nafg_ at least that experiment gives me some more code to poke
17:42 desposo joined #salt
17:43 nicksloan left #salt
17:44 nafg_ uhh
17:44 nafg_ can someone tell me where pkg.mod_repo is?
17:44 hal58th1 nafg_ so it's either changing it, and then overriding it later, or it's never changing.
17:44 hal58th1 for i in {1..10000}; do
17:44 hal58th1 sudo ls /etc/apt/sources.list.d/ && sleep 0.5
17:44 hal58th1 done;
17:45 nafg_ i should run that while salt is running?
17:46 babilen nafg_: mod_repo is in salt/modules/aptpkg.py
17:55 hal58th1 nafg_ Yeah, just to see if anything is actually happening in the directory, just a theory
17:55 nafg_ hal58th1: nothing showed up
17:55 nafg_ i did it with the mod_repo command
17:55 nafg_ and without the sleep
17:57 Ryan_Lane joined #salt
17:58 hal58th1 nafg_ Afraid I don't have a salt-ssh vagrant setup right now to help you diagnose this. Maybe later today if I have some spare time at work
17:58 nafg_ hal58th1: i highly doubt it's particular to salt-ssh
17:59 * babilen isn't so sure about that
17:59 nafg_ okay not that i would have much of a clue :)
17:59 nafg_ let's say it was a master/minion. Is there any way to trace
17:59 nafg_ what's happening on the minion side?
18:00 nafg_ iiuc salt-ssh is pretty similar to salt command except the master/minion status is very short-lived. You even give it a "master" config file
18:01 nafg_ but when i salt-ssh -l all I get tons of info about how it's talking to the other side
18:01 nafg_ but it won't say what the other side is actually doing
18:01 TheThing joined #salt
18:01 coonce joined #salt
18:01 nafg_ I added some "print" statements to my aptpkg.py
18:01 nafg_ they don't show up afaict
18:02 coonce left #salt
18:02 nafg_ babilen: hal58th1: i just got a response on the ml
18:03 hal58th1 ml?
18:03 nafg_ mailing list, sorry
18:03 nafg_ Tim O'Guin says it's a bug
18:03 nafg_ and is fixed in 2014.7.1
18:03 nafg_ thanks for all your help!
18:03 nafg_ i.e. google group
18:03 babilen It very much looked like a bug
18:03 jimklo joined #salt
18:04 babilen (in salt ssh?)
18:04 asyncsrc joined #salt
18:04 bhosmer_ joined #salt
18:04 nafg_ no
18:04 nafg_ https://github.com/saltstack/salt/pull/17712/files
18:04 babilen Ah, I actually saw that issue a while back, but thought that it was closed.
18:04 nafg_ in aptpkg.py
18:05 nafg_ https://github.com/saltstack/salt/issues/17709
18:05 babilen PPAs are poopy anyway :-þ
18:05 asyncsrc Hello there!  I was wondering if anyone knew if file.list_backups works on windows systems? I followed this page: http://docs.saltstack.com/en/latest/ref/states/backup_mode.html and see the files within the file_backup folder under c:\salt but I can't get the files to show using the file.list_backups module
18:06 TheThing joined #salt
18:06 hal58th1 nafg_ guess you will have to add the repo the hard way. bummer!
18:06 nafg_ i applied the change to my local
18:07 nafg_ /usr/lib/python2.7/dist-packages/salt/modules/aptpkg.py/usr/lib/python2.7/dist-packages/salt/modules/aptpkg.py
18:07 RedundancyD joined #salt
18:07 nafg_ sorry
18:07 nafg_ /usr/lib/python2.7/dist-packages/salt/modules/aptpkg.py
18:07 nafg_ it's not working however
18:07 nafg_ is it cached somewhere?
18:08 saffe joined #salt
18:09 faust joined #salt
18:10 nafg_ i deleted my cachedir
18:10 nafg_ still not working
18:14 nafg_ okay i deleted cache on vagrant and it worked!!
18:16 cpowell joined #salt
18:18 renoirb I have a question about reactor
18:18 shaggy_surfer joined #salt
18:22 RentedMule joined #salt
18:22 babilen Just ask
18:22 renoirb it is unclear in Reactor if the sls files defined in /etc/salt/master.d/reactor.conf, like here http://docs.saltstack.com/en/latest/topics/reactor/#a-complete-example
18:23 jimklo joined #salt
18:23 renoirb if reactor:\n  - 'salt/key':\n    - salt://reactor/reactions/foo.sls
18:23 renoirb is parsed as Jinja
18:23 iggy the salt config file doesn't support jinja
18:23 renoirb ... note that reactor is in  /srv/salt/reactor/  part of the file_roots already
18:23 RentedMule I'm looking at salt to replace my puppet setup.  is halite the equivalent to puppetboard or puppet-dashboard?
18:24 diegows joined #salt
18:24 giantlock joined #salt
18:24 renoirb reactor folder that is. It could be any name, I just happened to create a sls file in /srv/salt/reactor/reactions/foo.sls
18:24 renoirb So the example in the link I just gave isn’t valid iggy ?
18:25 renoirb Because the example file '/srv/reactor/auth-pending.sls'  has jinja in it.
18:26 iggy no, your question was so broken up and strangely worded that I think I misunderstood what you were asking
18:26 iggy but what I said is correct... the salt config file (i.e. anything under /etc/salt) is not jinja
18:26 renoirb iggy, sorry about that. Let me try again.
18:26 nitti_ joined #salt
18:27 renoirb Ok iggy.
18:27 iggy (most) anything under /srv/salt can be jinja
18:27 renoirb So, in the salt master config, a key called 'reactor' with 'foo/bar' event tags maps to files
18:29 renoirb in [0] we see lines starting with 'salt://' [0]: http://docs.saltstack.com/en/latest/topics/reactor/#mapping-events-to-reactor-sls-files
18:30 iggy you are asking questions that are clearly answered by the docs
18:30 renoirb Provided I use default file_roots config value. Does that mean that if I have in my /srv/salt/foo/bar.sls mapped in reactor as 'salt://foo/var.sls' would work w/ Jinja in it?
18:30 iggy why don't you try asking your real question
18:31 iggy like: I tried the example from the docs and it's not working, help!
18:31 Taz joined #salt
18:31 renoirb iggy, the docs says it all. But when I run both salt-master salt-minions with -l info, when I use Jinja in the foo/bar.sls like the docs says, it doesnt work.
18:31 linjan joined #salt
18:31 renoirb and i cannot guess or word what's the problem
18:32 renoirb right.
18:32 iggy try with -l debug (as the docs also say)
18:32 renoirb been there, done that. doesn’t work with jinja.
18:32 iggy you aren't going to get clear cut errors like with state runs where it'll tell you lines with errors, but it should help narrow things down
18:33 renoirb {% if data['act'] == 'accept' %}{# something #}{% endif %}
18:33 renoirb it doesnt get through there.
18:33 iggy did you run the event_listen.py script to see what data is actually getting passed for that event?
18:34 Vye Anyone familiar with the integration tests? I'm trying to add one for a module that calls __salt__['config.get']('key') but want to simulate that key returning True.
18:35 renoirb iggy of course I do.
18:35 oliver___ joined #salt
18:35 renoirb I see the events being fired, and all.
18:35 renoirb But as soon as I put the jinja conditionals, everything is muted.
18:36 renoirb muted; events that were reacting stopped to react.
18:36 iggy paste the sls file, the event_listen.py output (for that event), and the relevant -l debug output from the master
18:37 renoirb iggy ok
18:40 hal58th joined #salt
18:43 renoirb iggy, there https://gist.github.com/WebPlatformDocs/563cb12326b92b22a452
18:43 Mso150 joined #salt
18:43 jaimed joined #salt
18:43 iggy no event_listen output
18:44 mattl joined #salt
18:44 iggy and just to be clear, you are using 2014.7 right?
18:44 renoirb iggy, sure
18:45 renoirb I do RTFM iggy. Ask redbeard2 and basepi, they met me.
18:46 Taz I am having a hardtime getting ext_job_cache configured on the salt master...could someone point me to some better documentation? Or help please?:)
18:46 renoirb iggy, let me get salt-master log output from a new node now
18:46 iggy I'm not saying you don't, but extra (fresh) eyes never hurt
18:47 iggy if I seem terse, that's just my personality
18:47 renoirb ok iggy. I’m trying to make it work and i can make a PR with doc proposals once I see what i’m missing.
18:47 renoirb np iggy.
18:51 aynik left #salt
18:53 renoirb iggy, something isn´t clear though.
18:53 XenophonF left #salt
18:53 renoirb A reactor event configured like 'upgrade_pkgs' is in https://gist.github.com/WebPlatformDocs/563cb12326b92b22a452
18:54 renoirb would it be ran on the minion as: 'salt-call --local pkg.upgrade'  and issued as this?
18:54 renoirb because my minions, when they appear, they always end up with salt-minion version 0.17.5
18:55 renoirb I should fix my cloud-init file to make sure they are at the lastest
18:55 renoirb latest
18:55 iggy it would be run wherever you targeted it (assuming it actually ran)
18:55 iggy so you end up with 0.17.5 minions running against a 2014.7 master?
18:59 babilen RentedMule: halite isn't really that well maintained from what I heard
19:00 RentedMule babilen: is there some alternative then?
19:00 babilen Not one that I know of
19:01 babilen But then, give it a try. It's just my general impression.
19:01 tempspace Is listen_in supposed to work for a file?
19:02 desposo joined #salt
19:02 pdayton joined #salt
19:03 spielberg joined #salt
19:03 babilen tempspace: Please elaborate
19:03 tempspace Getting pastebin ready
19:03 * babilen hopes for anything but pastebin.com
19:04 TheThing|24-7 joined #salt
19:04 forrest joined #salt
19:05 alexr_ joined #salt
19:05 tempspace sorry to destroy your hope
19:05 tempspace http://pastebin.com/7A9pFfjz
19:06 iggy RentedMule: salt enterprise is supposed to have one coming soon
19:06 iggy babilen: come on... you know you want to try scrolling around on the page and accidentally click on 3 different ads somehow
19:07 babilen No, I simply don't look at pastebins hosted on pastebin.com
19:07 iggy I've kind of stopped too
19:07 babilen (if I can avoid it at least)
19:09 spielberg joined #salt
19:12 RedundancyD Would you suggest a good alternative to pastebin that could help with posting code here? github/gitlab snippets?
19:13 renoirb iggy, minions were showing up to the salt-master with salt-minion version 0.17.5. I fixed it with my cloud-init config, it works now.
19:13 racooper gist.github works too RedundancyD
19:13 renoirb my guess is that the reactor sends the sls file to the minion and since the minion is an older version it just didnt know what to do with it.
19:14 iggy it shouldn't send the sls file, it should be determining the tgt'ed minions itself and sending them commands to run
19:14 RentedMule iggy:  thanks
19:14 iggy but I don't know that code very well
19:14 Taz So I have ext_job_cache setup in my salt master file pointing to a mongodb hosted on the same server. When I run a salt highstate I see the jobid get written to the mongo db but I get an error about 'Could not deserialize msgpack message: In an attempt to keep Salt running, returning an empty dict'
19:15 renoirb iggy, After another run. nope, still same issue. Event didnt run yet.
19:15 renoirb anyway.
19:15 mordonez joined #salt
19:15 BigBear joined #salt
19:17 TK_ joined #salt
19:20 asyncsrc Is there any way to capture the output of a "cmd.run" (or something similar) that would allow me to launch an executable on the remote host and see what the contents of stderr is in order to use some inline python/jinja to determine if it really failed (since it returns a 0 exit code regardless if it succeeds or not)
19:21 dude051 joined #salt
19:21 asyncsrc I'm using it within a state file, and I can only find references to capturing output by using the cmd module from the commandline
19:22 nafg_ i dunno, i find salt much more elegant than ansible but too many things break
19:22 nafg_ now it's saying it can't install packages
19:23 nosleep77 joined #salt
19:24 linjan joined #salt
19:24 douardda joined #salt
19:24 nafg_ The following packages failed to install/update: php5-cli
19:25 pdayton joined #salt
19:27 ipmb joined #salt
19:27 borgstrom joined #salt
19:28 renoirb I found something interresting iggy. When I look at the commands described in [1], they look like: 'cmd.state.highstate' and it goes in contrast with what [0] is saying to use 'local.state.highstate'
19:29 rawzone joined #salt
19:29 renoirb [1]: http://docs.saltstack.com/en/latest/topics/cloud/reactor.html#example-reactor-based-highstate   [0]: http://docs.saltstack.com/en/latest/topics/reactor/#mapping-events-to-reactor-sls-files
19:29 godber joined #salt
19:30 pdayton joined #salt
19:31 kballou joined #salt
19:31 otter768 joined #salt
19:32 babilen RentedMule: Yeah, I always use "cmd.MODULENAME.FUNCTION"
19:33 iggy renoirb: cmd and local are the same thing
19:33 renoirb oh, good to know.
19:33 iggy (technically cmd is an alias to local now)
19:33 babilen iggy: Where is that set/defined?
19:33 iggy in the code?
19:33 babilen So, one should use local.MODULE.FUNCTION these days?
19:33 babilen iggy: well ... sure
19:34 iggy if you are asking where it's documented it's on that page under section 6.6
19:34 rigor789z joined #salt
19:37 mays joined #salt
19:38 renoirb an awkward moment would be when you want to run 'cmd.run' it becomes cmd.cmd.run
19:41 pmcg joined #salt
19:41 gildegoma joined #salt
19:44 _prime_ Hi.  Is there any way to specify the path to salt config files via an environment variable (rather tha the -c CL option)?
19:45 _prime_ e.g. something like export SALTCONFIG=/my/path/to/etc/salt
19:45 _prime_ I want to make a non-standard config file location the default for all salt commands, but have it be transparent to the user
19:47 eunuchsocket joined #salt
19:49 renoirb _prime_ everything you put under /etc/salt/master.d/*.conf gets loaded automatically.
19:49 renoirb order is /etc/salt/master, then /etc/salt/master.d/*.conf
19:49 hal58th renoirb: he doesn't want to use /etc/salt/ at all. that's what he is asking
19:50 renoirb right.
19:50 _prime_ right, but I don't want things under /etc/salt, I want them under /home/helium/etc/salt (I'm using gentoo prefix and am attemptting to have both hydrogen and helium installed on the samehost using different configs and different ports)
19:50 renoirb then `salt-master --config-dir=/my/path/to/etc/salt`  i’d say (after `man salt-master`)
19:51 _prime_ i can create scripts for all the salt commands that inject -c /home/helium/etc salt, but I don't want to do that if I don't have to.   I'd rather just set an environment variable for the user and make it transparent
19:51 _prime_ renoirb: that's all I've found too, was hoping there might be an undocumented env variable or another approach I might use
19:52 renoirb and _prime_ also i’d look at the /etc/init.d/salt-master and add the --config-dir=  there too.
19:52 renoirb and make sure my salt master salts that file :)
19:52 _prime_ yes, I'm doing that.  It's for interactive commands that I don't want users to have to remember to put -c /odd/ball/path/etc/salt into their commands
19:53 wt joined #salt
19:53 _prime_ I can have hydrogen live under /home/salt (in its own gentoo-prefix) and helium live under /home/helium (in its own gentoo prefix), but to keep their configs, keys, etc separate and out of /etc/salt, I've so far only been able to do it with the -c option.  An environment variable would be a liesaver here
19:53 wt Any idea where this log message comes from? 2014-11-25 19:41:37,187 [salt.loaded.int.module.cmdmod               ][ERROR   ] Command 'git symbolic-ref -q HEAD' failed with return code: 1
19:54 tempspace Are we able to use watch in conjunction with listen? IE can we watch_in a state that was just listen_in'd?
19:54 wt Is this a common log when using the git filesystem backend?
20:01 atbell joined #salt
20:03 BigBear joined #salt
20:07 Outlander joined #salt
20:08 iggy _prime_: shell aliases? I mean one way or another you have to rely on setting something under their shell
20:09 nafg_ I debugged the pkg issue and it's because apt is saying,
20:09 nafg_ WARNING: The following packages cannot be authenticated!
20:09 nafg_ I think it's because of the way i added the ppa
20:09 nafg_ am i supposed to add something to load the keys?
20:12 _prime_ either aliases or utility scripts.  Neither is ideal, and both require an entry for each salt command (salt-call, salt-cp, salt-ssh, etc.), whereas a single environment variable would have been more elegant.  Oh well.
20:15 _prime_ SALTROOTDIR=/home/helium/etc/salt would have been ideal, but I can create a script that does '$0 -c /home/helium/etc/salt "$@"'; then link salt, salt-api, salt-call, salt-cloud, etc to that.
20:17 TK_ joined #salt
20:21 jhauser joined #salt
20:21 babilen nafg_: You will probably have to add the key that is used to sign the release file of the repo, yeah
20:22 babilen nafg_: look at keyid, keyserver and/or key_url
20:24 bytemask joined #salt
20:25 rigor789|away joined #salt
20:26 nafg_ babilen: thanks, i added keyid and keyserver and it's still not working
20:26 nafg_ wait it's key or keyid?
20:26 nafg_ ha that's my issue
20:26 felskrone joined #salt
20:28 Vye basepi, How should I be modifying the minion config in integration tests? The unit test way doesn't work and self.get_config() returns an immutable dict by default, suggesting I shouldn't?
20:28 Vye basepi, here's a simple example I'm working with: https://github.com/Vye/salt/compare/saltstack:2014.7...integration_tests
20:29 rallytime joined #salt
20:30 basepi Vye: honestly, not sure, I haven't spent much time in the test suite. I'll get one of our QA people to jump on, I think they'll be better able to answer your question
20:30 Vye basepi, thnx
20:30 basepi Ask your question again, Vye, rallytime is here now
20:30 BigBear joined #salt
20:30 Vye rallytime, How should I be modifying the minion config in integration tests? The unit test way doesn't work and self.get_config() returns an immutable dict by default, suggesting I shouldn't?
20:30 Vye rallytime, here's a simple example I'm working with: https://github.com/Vye/salt/compare/saltstack:2014.7...integration_tests
20:31 CeBe joined #salt
20:31 felskrone joined #salt
20:31 rallytime Vye what do you mean by modifying the minion config?
20:32 Vye rallytime, output I'm getting: https://gist.github.com/Vye/d626af1209c3cedb7961 Line 44 shows "use_sudo: False" which should be "use_sudo: True" if it worked.
20:33 rallytime Vye so the tests set up deamons to run the tests, which are separate from the damons you normally run on your system. Specifically, there's two master, two minions, and a sundic that spin up each time you run the test suite.
20:34 Vye rallytime, adding a new option "use_sudo". I want to reuse the existing cmdmod tests but run them twice. Once with the default value of False, then again with use_sudo = True.
20:35 rallytime and then those daemons are set up in tests/runtests.py
20:38 Vye rallytime, so I cannot modify the value that cmdmod is getting from __salt__['config.get']('use_sudo') in the same test run?
20:40 Vye rallytime, I realize the commit I linked you to doesn't have the modifications to salt.config, kept the changes to a minimum for this example.
20:40 rallytime sure. I am asking around because I am not sure how to do this
20:41 rallytime i think at the very least you'd have to duplicate the tests.
20:42 atxnerd joined #salt
20:43 colonD joined #salt
20:43 Frank_I joined #salt
20:45 atxnerd Is there a Python module that lets you run salt states/command or salt-cloud for provisioning that anyone knows of? I've been using subprocess to execute salt commands, but I was hoping to find a module for this and more importantly, salt-cloud
20:46 rallytime Vye can you create a ticket for this? I think there isn't really a simple answer here, but it would definitely be useful to have a different user be able to test using sudo.
20:47 atxnerd left #salt
20:47 atxnerd joined #salt
20:47 iggy atxnerd: there's a bit in the docs about calling into salt from python scripts
20:47 Vye rallytime, Do you want it separate from the feature I'm working on? https://github.com/saltstack/salt/issues/16233
20:48 iggy atxnerd: but realistically, I'd probably go the route of salt-api or at the very least keeping the interfacing to firing some custom events and just letting the master deal with everything
20:48 rigor789|away joined #salt
20:48 rallytime Vye Oh! I didn't realize you already had an issue open. I think that will work. Thanks!
20:48 Vye rallytime, ok, I'll post to that. Thanks for your assistance.
20:49 babilen Is there a way to somehow get access to execution modules in pillars? I write some pillars in Python and would like to put some functions that I frequently use in their own module. Unfortunately modules do not seem to be available at all.. any idea? Will I have to write an external pillar?
20:49 rallytime Great! Thanks Vye and happy to help.
20:49 atxnerd Thanks Iggy I'll try to find some documentation on that
20:52 iggy atxnerd: http://docs.saltstack.com/en/latest/ref/clients/ and pepper are probably good examples
20:52 Gues480631 joined #salt
20:55 whiteinge babilen: there's an open issue to get /srv/salt/_modules loaded on the master, until that i'd recommend setting the `extension_modules` directory in your master config to /srv/modules, then to symlink your /srv/salt/_modules/thing.py to /srv/modules/modules/thing.py
20:56 kiorky babilen: yes you can access exec modules, but please note that in pillar context, things can be a bit different (grains from target minion, and ... of course no acess to __pillar__ as your are constructing it)
20:56 Gues480631 joined #salt
20:56 kiorky babilen: take an example on https://github.com/makinacorpus/makina-states/blob/master/mc_states/pillar/mc_pillar.py
20:57 kiorky babilen: this call this exec module: https://github.com/makinacorpus/makina-states/blob/master/mc_states/modules/mc_pillar.py
20:57 atxnerd Is there any documentation on the salt.cloud module for python?
20:57 atxnerd That's really what I'm having trouble with, I can get back JSON from salt commands but I'm looking to use salt-cloud to spin up servers
20:57 whiteinge atxnerd: http://docs.saltstack.com/en/latest/ref/clients/index.html#cloudclient
20:58 slafs joined #salt
20:58 kiorky babilen: and yes, you need to set pillar_dirs, nad module_dirs in your master conf pointing to your modules container directories;
20:58 atxnerd Thank you whiteinge
20:58 whiteinge atxnerd: oh, are you using the REST API?
20:58 whiteinge (just saw JSON)
20:58 Blellow joined #salt
20:58 atxnerd negative, I'm just importing salt.cloud in a python script
20:58 monkey66 joined #salt
20:59 whiteinge cool. CloudClient() is the way to go
20:59 whiteinge there's a wrapper around that as a runner <http://docs.saltstack.com/en/latest/ref/runners/all/salt.runners.cloud.html> which may be useful to look at, but i'd stick with cloudclient() directly.
21:00 thedodd joined #salt
21:01 ekristen joined #salt
21:03 babilen whiteinge, kiorky: Great! Thank you. I'll look into this tomorrow. I just want to use it for a number of convenience functions that I don't want to maintain in multiple places.
21:06 babilen whiteinge: Unfortunately that requires me to maintain a local checkout of my GitFS repo on the master. I guess that you are referring to an issue that I reported/asked for a while back. I'll dig the reports once more.
21:07 giantlock joined #salt
21:07 whiteinge babilen: yeah, that issue. :-P
21:08 rigor789|away joined #salt
21:09 whiteinge babilen: you could symlink into the /var/cache/salt/master/gitfs/... directory. (i realize that suggestion also sucks)
21:10 aquinas joined #salt
21:11 felskrone joined #salt
21:16 aparsons joined #salt
21:17 _JZ_ joined #salt
21:17 TK_ joined #salt
21:17 dthorman joined #salt
21:21 jalbretsen joined #salt
21:23 MatthewsFace joined #salt
21:24 aparsons joined #salt
21:24 Frank_I joined #salt
21:24 rigor789|away joined #salt
21:30 rigor789|away joined #salt
21:32 Frank_I Hi, Where I can go and download saltstack
21:32 otter768 joined #salt
21:32 Frank_I I do not want to use YUM repo
21:32 geekatcmu I hear you can get it from "teh internets"
21:33 aurynn Frank_I, use pip
21:33 geekatcmu Perhaps there is documentation
21:33 iggy salt-bootstrap
21:33 aurynn geekatcmu, don't be a dick
21:33 geekatcmu It comes naturally.
21:34 Frank_I aurynn, that's fine! geekatcmu is joking.
21:34 aurynn Frank_I, creating hostile spaces for newcomers isn't a nice thing to do, so I'll call it out
21:34 Frank_I If not it's fine ;)
21:34 JoeJulian After a state is executed, I need to get a value from that result and use it in subsequent states. Is there a way to do that?
21:35 aurynn JoeJulian, I believe teh salt mine is meant for that
21:35 aurynn Frank_I, anyway, you can use `pip install` to pull in saltstack, or the bootstrap that got mentioned
21:35 gladiatr joined #salt
21:35 Frank_I Aurynn, my boss just told me to investigate salt, we use puppet @ this moment, and we want to migrate next year.
21:36 atbell joined #salt
21:36 aurynn Frank_I, ah cool
21:40 JoeJulian Looks like salt mine is not what I need. I would need the minion, itself, to have it's own data immediately after a cmd.run so the next (in this case) service can have the id generated by the command that was run and start the service.
21:41 aurynn hmm
21:41 aurynn the reactor system can do that, but it's a bit heavy for it
21:41 gladiatr hey all.  I seem to remember reading something on the mailing list regarding an external returner mode that would proxy all returner data through a salt-master to avoid having to have open access for writes from all minions.  I'm pretty sure I didn't dream this one up--I just can't remember what the heck it was called and where it is implemented.
21:47 iggy gladiatr: I think it's been proposed, don't know if it's in a release (or if it's even being worked on)
21:48 gladiatr ah, gotcha.
21:49 iggy I'm pretty sure there's a ticket for it, might try checking the issue tracker to see what (if anything) is going on with it
21:52 gladiatr I'll have a look.  I was considering how difficult it would be to put a kind of catch and release mechanism in place--something along the lines of an external return module but only for a master or syndic.. rather than writing the data to disk--redirect it via a return module to stick it someplace else.  Yeah.  Anyway.  Thoughts. :)  Thanks, iggy.
21:52 gladiatr s/via a return/via a runner/
21:55 thayne joined #salt
21:59 kballou joined #salt
22:00 jp__ joined #salt
22:01 jimklo joined #salt
22:02 jp__ Maybe you can help. I am trying to copy a file from the master to the minion "salt server3 cp.get_file salt://files/shadow /etc/" although no luck showing up on the remote server. Any idea?
22:03 iggy jp__: does the file you're looking for show up in cp.list_master?
22:04 bmonty joined #salt
22:04 jp__ no it doesnt show up in the list, thank you. I will see how to add it to the list. salt server3 cp.list_master
22:06 iggy jp__: is the file at (most likely) /srv/salt/files/shadow ?
22:06 spookah joined #salt
22:06 bhosmer joined #salt
22:06 renoirb Hey, hi aurynn !
22:07 aurynn o/
22:07 jp__ yes, that is the issue there are a few folders duplicate during the initial install. it works now thank you.
22:07 renoirb I think we met at PyCon Mtl
22:08 aurynn I think we did
22:08 baoboa joined #salt
22:09 renoirb Question: I have a strange behavior for my new nodes.  Every now and then (i.e. once per 4 new VMs) the grains['nodename'] is FQDN-ed.  And that even same cloud-init userdata file.
22:10 JoeJulian This is what I'm trying to accomplish. It fails, of course, because the module is being run before the states. http://fpaste.org/154072/16953384/
22:11 `backtick` joined #salt
22:12 renoirb Strange thing is that my /etc/hosts has a `127.0.1.1 foo.fqdn.tld foo` and `hostname` is the right node name, and `hostname -f` has the FQDN version.
22:14 RentedMule left #salt
22:15 micah_chatt_ joined #salt
22:15 ipmb joined #salt
22:17 TK_ joined #salt
22:18 JoeJulian With stateful cmds, can I use the return values in some way?
22:23 hal58th Not sure what you are asking JoeJulian, maybe this will help http://docs.saltstack.com/en/latest/ref/states/writing.html#return-data
22:27 JoeJulian So I need to write a custom state...
22:27 gladiatr Joe.  Yeah.  Execution modules don't generally carry any state information.  What I'd suggest is to create a state using grains.present that sets a grain to some value that you'll check before before running service state
22:29 gladiatr or make success of the grains.present state a dependency of the service start
22:29 `backtick` how do I salt-call to do a single state on a masterless install?
22:29 `backtick` I have "sudo salt-call --local -l info state.highstate" for the top.sls
22:30 `backtick` but I'd like to just run a single state to debug things
22:30 iggy state.sls
22:30 shaggy_surfer joined #salt
22:30 `backtick` tyty
22:34 JoeJulian But I can't set the grain using grains.present because I need to set it based on the output of "ceph-disk list" but only after "ceph-disk prepare" has been run.
22:35 hcl2 JoeJulian: can you just do everything you need in a bash script and use cmd.run or cmd.wait to execute it?
22:36 JoeJulian Yeah, that's my worst-case scenario. Write a bash script that does what I'm using a state management tool for.
22:37 gladiatr Joe, ok.  I see what you're saying.
22:37 JoeJulian It would be much easier if ceph would let me deterministically choose ids.
22:39 snarfy joined #salt
22:40 thayne joined #salt
22:41 BigBear joined #salt
22:45 active8 joined #salt
22:48 monkey66 joined #salt
22:48 nitay joined #salt
22:48 micah_chatt joined #salt
22:49 nitay I’m creating ec2 instances using salt cloud with maps - is there a way to run a script on ec2 launch? it seems the default salt-cloud behavior doesnt get things all the way to working
22:51 kermit joined #salt
22:53 glyf joined #salt
22:53 nitay let me ask more specifically - I’m trying to use salt-cloud to spin up entire clusters containing their own salt-master, how do I get the newly spun up salt-master to automatically configure?
22:53 nitay that is to
22:54 nitay that is I need to set all the files in /etc/salt/*, i’m using salt-formula on my “grand” salt-master, but how do I get that to copy down into newly spun up salt masters?
22:58 iggy if you figure it out, let us know
22:59 nitay lol
22:59 nitay is there some way to just run my own custom script after salt-bootstrap runs?
23:00 __number5__ nitay: modify the salt-bootstrap script? it's just a shell script anyway
23:00 nitay a 5K line one :)
23:02 __number5__ nitay: on your previous question, look at gitfs, or just put all your code in a git repo and git clone to all your new masters
23:02 nitay __number5__: yeah all my code is in git (/srv is just a git checkout)
23:02 nitay but I still need to e.g. ssh to new salt-master, setup ssh deploy key, clone repo, run highstate
23:02 nitay etc etc
23:02 nitay i’d like to automate all that
23:03 NaPs joined #salt
23:04 steveoliver joined #salt
23:04 __number5__ nitay: make all those steps into states, using something like salt-ssh to bootstrap? or if you're using AWS or other clouds, use packer to pre-build your salt-master image
23:08 hal58th1 joined #salt
23:11 nitay __number5__: reading up on packer now, so I would create an image to use for salt-master machines and then in salt-cloud point the AMI to my packer image instead of vanilla ubuntu?
23:14 __number5__ nitay: yes, you use your pre-built salt-master image to create a new master, then you just ssh in an change some details and maybe a git pull to get all last minute changes in then you are good to go
23:15 snarfy left #salt
23:17 TK_ joined #salt
23:21 bhosmer joined #salt
23:23 karimb joined #salt
23:26 HACKING-FACEBOOK joined #salt
23:30 alexr joined #salt
23:32 UtahDave joined #salt
23:33 otter768 joined #salt
23:35 borgstrom joined #salt
23:36 Gareth UtahDave: hey hey
23:36 UtahDave hey, Gareth!
23:37 iggy man, I am getting good at knocking out these collectd plugins
23:37 UtahDave Heh, on Sunday I was driving in the car with my wife and my android phone suddenly thought I was in Burbank and was giving me directions to the beach
23:37 Gareth haha always follow the phone. :)
23:37 UtahDave I really wanted to follow the directions.  :0
23:39 jonatas_oliveira joined #salt
23:40 nitti joined #salt
23:43 alexr_ joined #salt
23:47 `backtick` salt calls "repoquery" a *lot*
23:47 jalbretsen joined #salt
23:59 HACKING-FACEBOOK joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary