Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2014-12-04

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:02 TyrfingMjolnir joined #salt
00:02 Malcolm joined #salt
00:11 bhosmer joined #salt
00:14 budman Is there a way to install the minion with a master IP in command line?
00:17 lemoi joined #salt
00:17 lemoi does salt do a reverse dns lookup to determine the minion_id?
00:18 hal58th1 budman salt-bootstrap can set that master ip using the -A flag.
00:19 hal58th1 budman, grab the install_salt.sh file use the -h flag to see the options
00:19 hal58th1 lemoi http://docs.saltstack.com/en/latest/faq.html#id7
00:21 lemoi hm, sure
00:21 shaggy_surfer joined #salt
00:22 Damianz joined #salt
00:28 mpanetta joined #salt
00:29 mpanetta joined #salt
00:31 otter768 joined #salt
00:34 kermit joined #salt
00:44 shoemonkey joined #salt
00:48 murrdoc http://www.bleedingcool.com/2014/12/frank-miller-and-scott-snyder-to-write-dark-knight-3/
00:48 shaggy_surfer joined #salt
00:54 Steve7314 left #salt
00:55 wnkz__ joined #salt
00:59 jimklo_ joined #salt
01:01 skyler joined #salt
01:03 martoss1 joined #salt
01:06 shoemonkey joined #salt
01:06 arif-ali joined #salt
01:09 schristensen joined #salt
01:15 yomilk joined #salt
01:17 aqua^mac joined #salt
01:24 elfixit joined #salt
01:34 ekristen joined #salt
01:38 ajolo joined #salt
01:40 shanemhansen left #salt
01:41 wolfpackmars2_ joined #salt
01:41 wolfpackmars2_ how to disable salt-master service from starting at boot?
01:41 wolfpackmars2_ on debian with lsbinit
01:46 murrdoc edit the /etc/init/salt-master
01:46 murrdoc change the startup level
01:48 jswanson_ joined #salt
01:51 MugginsM so is it considered better practice to put information about which services are on which hosts into the pillar or the state tree?
01:52 jalbretsen joined #salt
01:54 Eugene Pillar.
01:55 Eugene Use conditionals in the state tree to read pillar(or grains) data and make decisions on applying
01:56 MugginsM so the state for, say,  "staff logins" would go through the hosts pillar looking for matches?
01:56 Eugene If that's how you set it up, yeah
01:57 Eugene I do my detection on whether to apply a state in the top.sls file, and then specifics in the state itself
01:57 hal58th1 MugginsM: I don't know what staff logins state should do. But you can use top.sls to also decide on what type of server it should be. Say any minion that starts with "web" should be a webserver and therefore have apache installed.
01:57 MugginsM our naming scheme isn't really related to the function of the host, unfortunately
01:57 hal58th1 Yeap, pretty much what Eugene said
01:58 aurynn I do mine in the topfile as well; I try to keep specific logic out of the individual statefiles
01:58 hal58th1 You can do something like this in your state files…    {% if salt['pillar.get']('webserver') is defined %}
02:00 druonysus joined #salt
02:00 druonysus joined #salt
02:09 budman thank you hal58th1..
02:09 aquinas joined #salt
02:09 hal58th1 welcome budman
02:09 budman I have not searched yet, but is it easy to change hostnames, will salt update the nicknames/assignments as well?
02:10 hal58th1 salt will not change the minion id after it has already generated a key, which it does at first start of service. So if you change the hostname after that, the minion id stays the same
02:11 hal58th1 It might even set the minion id at install… I am not sure
02:11 hal58th1 Once you change the minion_id and restart the service, it will generate a new key
02:12 budman ahh, then just reaccept and delete/remove the old key?
02:12 hal58th1 correct
02:12 budman looking forward to adding my ssh key here :)
02:13 malinoff joined #salt
02:13 nitti joined #salt
02:13 hal58th1 heh. are you doing it through pillar to keep it secure? I have a nifty way of doing that
02:13 hal58th1 at least for my private key
02:15 budman Im not sure how, I believe pillar is the page I have open.
02:15 budman any links/scripts/tips would be great :)
02:15 tsotf joined #salt
02:15 budman what are you coping priv keys for? not just authorized_keys public key?
02:15 budman ssl configs etc..?
02:16 hal58th1 yeah, my ssl private keys for websites.
02:16 murrdoc joined #salt
02:18 budman This module requires the use of MD5 hashing. Certain security audits may not permit the use of MD5. For those cases, this module should be disabled or removed.
02:20 shoemonkey joined #salt
02:25 budman Im using salt '*' ssh.check_key etc..  TypeError encountered executing ssh.check_key: check_key() takes at least 5 arguments (4 given). See debug log for more info. .. Beccause I have no options set for "options" is there a proper way to blank out options?
02:25 budman n/
02:25 budman n/m ""
02:28 budman It does show add/add/add/exsits... but how to I say ADD to the missing ones (do I have to use ssh.set_auth_key)
02:32 otter768 joined #salt
02:33 genediazjr joined #salt
02:33 budman joined #salt
02:34 LeProvokateur joined #salt
02:36 wolfpackmars2_ what's the best practice for modifying the master config file?
02:37 wolfpackmars2_ do you just modify /etc/salt/master or do you put any custom settings in a sub file?  whenever updating the master package, I'm always warned that the new version of the master file conflicts with the existing file
02:37 __number5__ small config files in /etc/salt/master.d/ is much easier to handle
02:38 wolfpackmars2_ I notice there is a provision for using an extra_config file (or folder - I've tried both) but this doesn't seem to work by default as would be expected
02:38 wolfpackmars2_ do they follow the same format as the master file?
02:39 __number5__ wolfpackmars2_: what packaging are you using to install salt master, I'm using debian/ubuntu's it just leave /etc/salt/master alone if it existed
02:39 __number5__ wolfpackmars2_: yes
02:39 wolfpackmars2_ debian wheezy
02:40 wolfpackmars2_ it may depend on the command issued to update the package ?  I would guess that if you apt-get update -y or -f it may suppress all user prompts...
02:41 __number5__ yep, that's it
02:41 __number5__ I'm using salt-bootstrap script which by default skipped config updates
02:42 shaggy_surfer joined #salt
02:42 wolfpackmars2_ it's a minor thing.  If I can just add files to master.d then that's the answer I was looking for.  I prefer the default file to get updated with the rest of the package, that way I always have the most current example
02:45 wolfpackmars2_ ah nice.  I've used bootstrap a long time ago... but now the recommended method is to use aptitude with Debian (per the Salt docs)... so that's what I've been using
02:48 TyrfingMjolnir joined #salt
02:51 __number5__ salt-bootstrap will still use apt/deb if it detected it supported by the os, but it provide much more flexibilty like I can install any git tagged version of salt
02:52 wolfpackmars2_ updates pretty easy with bootstrap?
02:53 __number5__ yes
02:55 wolfpackmars2_ i'll look at bootstrap again.  You bootstrap your minions as well?
02:55 wolfpackmars2_ to my original question, I finally found the answer here: http://docs.saltstack.com/en/latest/ref/configuration/master.html#include-configuration
02:55 TyrfingMjolnir joined #salt
02:55 wolfpackmars2_ it seems the default settings detailed in the master config file are incorrect.
02:56 ph8 joined #salt
02:56 genediazjr joined #salt
03:05 mapu joined #salt
03:06 genediazjr joined #salt
03:06 aqua^mac joined #salt
03:07 wahsb joined #salt
03:07 wahsb how do i require a state from an included file?
03:08 wahsb i.e. I have an sls that defines some package repos that i incude in a file where i install a package...
03:09 wahsb then i want the package installation to depend on the pkgrepo defined in the imported file
03:09 wahsb *incuded
03:09 Mso150 joined #salt
03:18 genediazjr joined #salt
03:21 wolfpackmars2_ wahsb I would manage the package repos as a source file (assuming Debian or similar).  then require the managed file
03:22 wolfpackmars2_ e.g. /etc/apt/sources.list.d/customrepo.list
03:22 wolfpackmars2_ file.managed:
03:22 wolfpackmars2_ - source: salt://customrepo.list
03:22 ckao joined #salt
03:23 wolfpackmars2_ then for the package:
03:23 wolfpackmars2_ mypackage:
03:23 wolfpackmars2_ pkg.installed:
03:23 wolfpackmars2_ - require: /etc/apt/sources.list.d/customrepo.list
03:24 wolfpackmars2_ then the package will only be installed if the customrepo was successfully managed by salt.  AFAIK, salt will run an apt-get update before installing any packages, thereby you are assured the custom repo is imported before the package install
03:27 tsotf joined #salt
03:29 genediazjr joined #salt
03:29 wahsb awesome, got it!
03:32 CeBe2 joined #salt
03:33 CeBe3 joined #salt
03:34 ajolo joined #salt
03:35 CeBe2 joined #salt
03:36 CeBe joined #salt
03:36 jtanner joined #salt
03:44 rypeck joined #salt
03:52 budman joined #salt
03:58 bhosmer joined #salt
04:04 TyrfingMjolnir joined #salt
04:04 shoemonkey joined #salt
04:05 jalbretsen1 joined #salt
04:06 murrdoc joined #salt
04:07 genediazjr joined #salt
04:16 budman whats the difference from top.sls in states and top.sls in pillars? a different path?
04:16 budman Just going through https://gist.github.com/UtahDave/3785738
04:18 aurynn they do different things
04:18 aurynn top.sls in pillars matches what pillar data is available to a node, and in states is what state tree gets applied to a nodle
04:19 Ryan_Lane joined #salt
04:19 TyrfingMjolnir joined #salt
04:20 genediazjr joined #salt
04:22 MugginsM I think I'm going slowly mad. apparently my stuff is not formed as a list.
04:25 snuffeluffegus joined #salt
04:25 ajolo joined #salt
04:30 murrdoc joined #salt
04:33 otter768 joined #salt
04:36 budman yea K watching a video on it. any sample user.sls :) with a key
04:36 budman ssh_auth: or   ssh_auth.present: seems to not work
04:37 bhosmer joined #salt
04:43 yomilk joined #salt
04:45 budman https://gist.github.com/anonymous/4d98e072984e3d42da28
04:47 TyrfingMjolnir joined #salt
04:50 TyrfingMjolnir_ joined #salt
04:50 budman IE; where/what is standard practice to add a user and key, simple user.sls or do you need pillar/both?
04:52 budman_ joined #salt
04:54 anotherZero hey guys, my salt state returns Failed: 2, but I don't see anything wrong... How can I track this down?
04:55 aqua^mac joined #salt
04:56 anotherZero I ran the state with a -l debug, but still nothing seems wrong...
04:57 genediazjr joined #salt
04:57 wolfpackmars2 budman I spent a lot of time worrying about standard practices.  there are so many different ways to do things with salt.  I finally just decided to DO and worry about the why and how later.  Eventually, you will find what works.  as they say, "don't get too wrapped around the axle"
04:58 anotherZero sage advice
05:01 wolfpackmars2 for me, most of my user stuff was done in my sshd state.  this makes sense for me, since my minions will need to be setup with certain users and keys for use with ssh.  so, in my case, I manage the sshd config file, the main ssh user accounts (including ensuring root login is disabled) and the ssh keys for my user.
05:02 wolfpackmars2 in another example, I set up a git repo.  in this case, I manage the git user from the git.sls since I only need this user account on my git repo minions.
05:03 wolfpackmars2 you could spend a lot of time writing code in a specific user sls "if grain = gitrepo then adduser" etc. etc. but what a headache.  just do what makes sense to you.  when you get more familiar with salt, the rest will come more naturally
05:04 bdf_ joined #salt
05:05 wolfpackmars2 plus, if managing your states in version control, then focus on getting a solution that works, then tweak it later.  when something breaks, you can revert to a working copy and focus on why your changes broke the formula.  hopefully this makes sense
05:05 babilen joined #salt
05:06 budman_ I cann add my user, via users.sls but it doesnt seem to add my ssh_auth key correctly (I can manually salt push it to it)... what am I missing in the user.sls
05:06 al joined #salt
05:06 wolfpackmars2 anotherzero when it fails, you should be able to track what exactly failed.  when it says failed: 2, that means 2 states failed.  you should have received some output, which likely would be highlighted red, that would indicate what failed
05:07 stillLotR joined #salt
05:07 wolfpackmars2 if username is budman:
05:07 Eliz_ joined #salt
05:07 anotherZero wolfpackmars2: exactly why I am confused... I'm currently commenting out large sections to try to isolate what is failing
05:09 hybridpollo joined #salt
05:09 heise joined #salt
05:09 wolfpackmars2 budman:
05:09 wolfpackmars2 user:
05:09 wolfpackmars2 - present
05:09 wolfpackmars2 ssh_auth:
05:09 wolfpackmars2 - present
05:09 wolfpackmars2 - user: budman
05:09 wolfpackmars2 - source: salt://pathtoyourpublickeyfile
05:11 wolfpackmars2 anotherzero when you run state.highstate, it should by default output the response from the minion to every state
05:11 giantlock joined #salt
05:12 Ryan_Lane joined #salt
05:13 huleboer joined #salt
05:14 budman_ wolfpackmars2: worked perfect
05:14 budman_ k
05:14 budman_ so a simple users.sls is fine for a small company to manage/add users?
05:15 budman_ is it stanard to set user to user.absent to remove the user? or manually remove via CLI and the config?
05:15 wolfpackmars2 if you are managing logins and user accounts for all the users in the company and they need accounts on the server, then yeah I would think so if that's easy for you to manage
05:17 wolfpackmars2 the great thing about salt is that because they give you so many ways to do things, you can really choose which is easiest for you to manage
05:19 wolfpackmars2 you wouldn't be able to remove the user by the command line, because salt would just add the user account back in
05:20 budman_ well if you removed it from the sls file as well
05:20 budman_ but i guess you might as well set it absent and just re-deploy?
05:20 wolfpackmars2 budman_ tbh I'm not really sure.  if you have a server that manages user accounts, then I would think the user accounts would be treated as data and not as config.  salt is for managing config.  you wouldn't necessarily use salt to manage data in a database...
05:21 wolfpackmars2 well if you remove the user from the state file, then the user account will still be active, just no longer managed by salt.  setting user.absent is the only way to remove a user account once it has been created
05:22 genediazjr joined #salt
05:22 wolfpackmars2 I'm just trying to think how this would work long term.  for the short term, it wouldn't be that bad.  but eventually the user.sls could get to be really really long.  technically, I guess, once you push the user.absent code and the user account is removed, then you could remove that user account information from the state file...
05:25 wolfpackmars2 I don't think I can give you good advice in this case, as I've not managed a server where I had to manage user accounts for a company.  but I'm certain you're not the first person to run into this.  I just don't have any experience to offer
05:25 budman_ yeap.. well how do people normally do it, im new to all this.
05:25 anotherZero wolfpackmars2: all the stuff scrolling by is green, except the topmost line which is the "state:" line...
05:25 budman_ I see pillers with user.sls and regular user.sls
05:27 budman_ when I push manual salt commands to all servers or some servers, can/is there a way to automatically save that to a sls. or update an exsiting sls.
05:27 wolfpackmars2 I'm not sure budman_ I would think even pillars would be a pita to manage.  if no one is available right now to answer, try your question again tomorrow when hopefully someone with experience manageing users would be around.  tbh I'm curious about this as well
05:27 wolfpackmars2 no there is not
05:28 budman_ roger, I appreciate your replies/help.
05:28 budman_ Ill be a linger'errr and ask some questions tomorrow.
05:29 jonatas_oliveira joined #salt
05:30 wolfpackmars2 anotherZero this is what I get when I highstate:
05:30 Outlander joined #salt
05:30 wolfpackmars2 groesz1.groesz.org:
05:30 wolfpackmars2 ----------
05:30 wolfpackmars2 ID: openssh-client
05:30 wolfpackmars2 Function: pkg.installed
05:30 wolfpackmars2 Result: True
05:30 wolfpackmars2 Comment: Package openssh-client is already installed.
05:30 wolfpackmars2 Started: 23:12:08.864158
05:30 wolfpackmars2 Duration: 385.769 ms
05:30 wolfpackmars2 Changes:
05:30 wolfpackmars2 ----------
05:30 wolfpackmars2 ID: /etc/ssh/ssh_config
05:30 wolfpackmars2 Function: file.managed
05:30 wolfpackmars2 Result: True
05:30 wolfpackmars2 Comment: File /etc/ssh/ssh_config is in the correct state
05:30 wolfpackmars2 Started: 23:12:09.250976
05:30 wolfpackmars2 Duration: 74.462 ms
05:30 wolfpackmars2 Changes:
05:30 wolfpackmars2 ----------
05:31 malinoff wolfpackmars2, please use http://pastie.org
05:31 genediazjr joined #salt
05:31 wolfpackmars2 ID: /etc/exim4/update-exim4.conf.conf
05:31 wolfpackmars2 Function: file.managed
05:31 wolfpackmars2 Result: True
05:31 wolfpackmars2 Comment: File /etc/exim4/update-exim4.conf.conf is in the correct state
05:31 wolfpackmars2 Started: 23:12:10.754974
05:31 wolfpackmars2 Duration: 73.893 ms
05:31 wolfpackmars2 Changes:
05:31 wolfpackmars2 Summary
05:31 wolfpackmars2 -------------
05:31 wolfpackmars2 Succeeded: 52
05:31 wolfpackmars2 Failed:     0
05:31 wolfpackmars2 -------------
05:31 wolfpackmars2 Total states run:     52
05:31 wolfpackmars2 ok malinoff will do thx
05:31 wolfpackmars2 cool thx for that I learn something too :)
05:31 jonatas_oliveira joined #salt
05:33 jonatas_oliveira joined #salt
05:33 wolfpackmars2 budman_ I just make small changes to my sls files and then try them out.  it's somewhat difficult at first because you have just a blank slate, but eventually you will be able to start making small changes, state.highstate them to see if they work.  the key is to use vcs, such as git, to manage your sls files
05:35 jonatas_oliveira joined #salt
05:36 wolfpackmars2 anotherZero I don't see any lines that say "state:" in them
05:37 wolfpackmars2 you get Failed: 2  does any succeed?
05:37 jonatas_oliveira joined #salt
05:38 budman_ i have not got to state.highstat yet
05:38 anotherZero wolfpackmars2: yes.  44 succeed
05:39 jonatas__ joined #salt
05:40 anotherZero also wolfpackmars2, I just meant that that name of the state shows in red, the topmost line of the output
05:42 jonatas_oliveira joined #salt
05:42 wolfpackmars2 what is the name of the state ?  maybe it's a reserved name or maybe the two conflict...
05:43 wolfpackmars2 actually, if both states are the same name, that could be the problem.  salt doesn't allow you to have two states with the same id afaik
05:43 wolfpackmars2 does this sound right anotherZero?
05:43 budman_ https://gist.github.com/anonymous/557ccf397902fe4460d5 - does not seem to be adding the ssh key
05:44 budman_ I thought it was
05:44 jonatas__ joined #salt
05:45 wolfpackmars2 when you state.highstate, do you get any errors?
05:46 jonatas_oliveira joined #salt
05:46 wolfpackmars2 budman_ you need a separate ssh_auth directive
05:47 budman_ when I added that I got     No function declared in state 'ssh_auth' in SLS 'users'
05:48 jonatas__ joined #salt
05:48 wolfpackmars2 see here budman_ http://pastie.org/9759735
05:50 jonatas__ joined #salt
05:50 budman_ k thanks what is: - enforce_password: True I just want SSH key only
05:51 wolfpackmars2 it seems counterintuitive that I need to specify user: budman under ssh_auth given that ssh_auth is under budman...
05:51 budman_ worked perfect :)
05:52 jonatas_oliveira joined #salt
05:52 wolfpackmars2 it's actually not needed because the default for enforce_password is true
05:52 genediazjr joined #salt
05:52 wolfpackmars2 I set password to '*' - it basically disables password logins (actually, it disables the user account but still permits ssh logins)
05:53 wolfpackmars2 obviously this is not what you want if you are managing user accounts who will use passwords to login :)
05:53 jimklo joined #salt
05:54 wolfpackmars2 I guess you would set enforce_password false if you set up a default password in the state but want to allow the user to change their password without worrying about salt overwriting it
05:54 jonatas__ joined #salt
05:54 wolfpackmars2 in this way, salt would use your password when it creates the account, but with enforce_password: false then salt will not change the password if the user account already exists and the password is different from what is specified.
05:55 wolfpackmars2 for the ssh stuff, you only need what's under ssh_auth:
05:56 jonatas_oliveira joined #salt
05:58 jonatas__ joined #salt
06:00 jonatas_oliveira joined #salt
06:02 jonatas__ joined #salt
06:02 catpigger joined #salt
06:04 jonatas__ joined #salt
06:06 jonatas_oliveira joined #salt
06:08 jonata___ joined #salt
06:09 TheKid89 joined #salt
06:10 jonatas_oliveira joined #salt
06:12 ndrei joined #salt
06:13 jonatas__ joined #salt
06:15 jonatas_oliveira joined #salt
06:17 jonatas_oliveira joined #salt
06:19 jonatas__ joined #salt
06:19 genediazjr joined #salt
06:20 anotherZero alrighty... who can help me figure out some git stuff with saltstack?
06:21 jonatas_oliveira joined #salt
06:21 nafg_ joined #salt
06:22 anotherZero example: I go to the minion and rm a directory in a git repo, then when I run the salt state again, with all the force options I can find "True" the minion is still missing the directory I removed
06:22 nafg_ Hi
06:22 nafg_ Can someone tell me, using salt-ssh how can I see what's happening on the target?
06:22 anotherZero but if I go to the minion and manually run `git reset --hard` it restores the directory
06:23 jonatas__ joined #salt
06:25 jonatas_oliveira joined #salt
06:27 jonata___ joined #salt
06:28 __gotcha joined #salt
06:29 jonatas_oliveira joined #salt
06:31 jonatas_oliveira joined #salt
06:33 jonatas__ joined #salt
06:34 otter768 joined #salt
06:34 kermit joined #salt
06:35 jonatas_oliveira joined #salt
06:37 jonatas__ joined #salt
06:39 jalbretsen joined #salt
06:39 jonatas_oliveira joined #salt
06:39 budman joined #salt
06:41 nafg_ Can someone tell me, using salt-ssh how can I see what's happening on the target?
06:41 nafg_ i'm getting this error from file.managed:
06:41 jonatas_oliveira joined #salt
06:42 nafg_ File sum set for file /home/teamcity/teamcity.tar.gz of cf1508b59b8d6bc9ee267802dc49ba8f does not match real sum of 3d712094e987608dfad4de508b222604
06:42 nafg_ AS far as i can tell, the file is never downloaded
06:43 jonatas_oliveira joined #salt
06:44 aqua^mac joined #salt
06:45 jonatas_oliveira joined #salt
06:46 nafg_ anyone?
06:47 jonatas__ joined #salt
06:48 nafg_ any way to log salt-ssh "minion"?
06:48 jnials joined #salt
06:50 jonatas_oliveira joined #salt
06:51 oyvjel joined #salt
06:52 jonatas__ joined #salt
06:54 jonata___ joined #salt
06:55 nafg__ joined #salt
06:56 jonatas_oliveira joined #salt
06:58 jonatas_oliveira joined #salt
07:00 jonatas_oliveira joined #salt
07:01 troyready joined #salt
07:02 jonatas__ joined #salt
07:03 evidence joined #salt
07:04 jonatas_oliveira joined #salt
07:06 jonatas__ joined #salt
07:08 jonatas_oliveira joined #salt
07:10 jonatas_oliveira joined #salt
07:12 jonatas_oliveira joined #salt
07:13 JlRd joined #salt
07:13 marching_ant joined #salt
07:13 marching_ant Is this the I2P channel?
07:14 flyboy joined #salt
07:14 jonatas__ joined #salt
07:15 Auroch joined #salt
07:15 jeddi joined #salt
07:16 jonata___ joined #salt
07:18 jonatas_oliveira joined #salt
07:21 jonatas_oliveira joined #salt
07:21 dagrizbox joined #salt
07:21 Terminus- joined #salt
07:22 Terminus- hello. i just recently learned about salt. i'm currently using foreman which is a deployment system that uses puppet. is there any equivalent for salt?
07:23 jonatas_oliveira joined #salt
07:23 stbenjam Terminus-: Halite, kind of.  And Foreman itself (https://github.com/theforeman/foreman_salt/wiki)
07:24 Terminus- oh... didn't know foreman can use salt. it kinda feels like forcing foreman to use a config management system that it wasn't designed for though. =|
07:24 Terminus- stbenjam: i'll check it out. thanks.
07:25 jonatas__ joined #salt
07:25 claytron joined #salt
07:25 ramteid joined #salt
07:27 jonata___ joined #salt
07:29 jonatas_oliveira joined #salt
07:29 yerodin joined #salt
07:31 lb1a joined #salt
07:31 jonatas__ joined #salt
07:33 maze_ joined #salt
07:34 claytron_ joined #salt
07:39 genediazjr joined #salt
07:50 jimklo joined #salt
07:52 lcavassa joined #salt
07:54 BigBear joined #salt
07:55 markm_ joined #salt
07:56 eject_ck joined #salt
07:58 viq joined #salt
07:58 wvds-nl joined #salt
08:02 superted666_ joined #salt
08:04 JlRd joined #salt
08:10 jeffrey4l joined #salt
08:12 slafs joined #salt
08:13 slafs left #salt
08:20 slav0nic joined #salt
08:20 slav0nic joined #salt
08:23 Mso150 joined #salt
08:30 jeffrey4l joined #salt
08:33 aqua^mac joined #salt
08:35 mikkn joined #salt
08:35 Andre-B joined #salt
08:35 otter768 joined #salt
08:37 jrluis joined #salt
08:45 monkey66 left #salt
08:48 budman joined #salt
08:50 glyf joined #salt
08:57 jmux joined #salt
08:58 glyf joined #salt
08:59 kawa- joined #salt
09:05 pduersteler joined #salt
09:07 borgstrom joined #salt
09:07 pduersteler Hi all. quick question, I couldn't find anything in the docs.. if a package / init script does not support "reload", but requires a restart to load a new configuration, how can I achieve this? substituting reload: true with restart: true does not work, at least for me
09:15 sieve joined #salt
09:15 sieve joined #salt
09:16 sieve joined #salt
09:16 akafred joined #salt
09:16 sieve joined #salt
09:16 sieve joined #salt
09:18 karimb joined #salt
09:20 jonatas_oliveira joined #salt
09:22 \ask joined #salt
09:25 davidone joined #salt
09:28 Roee joined #salt
09:28 Roee Hi all,
09:29 Roee I'm trying 2 day's to run salt via top.sls and getting the error : "  Function: no.None"  "   Comment: Unknown yaml render error"
09:29 Roee currently i'm using 2 top files one in my base dir and second in my pillar dir
09:29 jrluis joined #salt
09:30 Roee there is a chance that the problem is because of that ?
09:30 Roee the top files which locate in my pillar dir is working well
09:31 Roee the main pillar is problematic... (when executing the state,highstate command)
09:39 N-Mi_ joined #salt
09:45 Andre-B joined #salt
09:50 tsotf joined #salt
09:52 tsotf joined #salt
09:53 kawa joined #salt
10:00 cnelsonsic_ joined #salt
10:03 cads joined #salt
10:05 BigBear joined #salt
10:06 glyf joined #salt
10:08 Roee ok I think tha i found something when runing : salt 'DB-Master' state.show_top
10:10 Roee i'm getting the following output : https://gist.github.com/roeera/380f2946abf835a4e5ac
10:10 Roee can someone please take a look and update if you know what is the problem...
10:11 malinoff Roee, use http://www.yamllint.com/ to validate your yaml
10:12 Homere joined #salt
10:12 Homere hello
10:13 Roee which yaml ??? this is an old info...
10:13 Roee how can I erase this ?
10:14 Roee the problem is that i'm getting an error when i'm trying to run state.highstate
10:15 malinoff Roee, some of your sls (either top or states) is not formed correctly in terms of yaml
10:16 Roee thanks i found the problem
10:17 Roee i have another top file under /srv/salt/staging
10:18 Roee but now I have another question
10:19 Roee hmm never mind
10:19 Roee thanks
10:19 malinoff you're welcome
10:20 fredvd joined #salt
10:22 aqua^mac joined #salt
10:31 mikkn Is anyone else having troubles with RAET and a local minion on the master?
10:33 Outlander joined #salt
10:35 brayn joined #salt
10:36 otter768 joined #salt
10:43 jonatas_oliveira joined #salt
10:44 rbjorklin I'm trying to deploy several tomcat applications in the same way with Salt
10:44 rbjorklin The way I'm doing it now is wrong
10:44 rbjorklin But I can't figure out how to do it
10:45 rbjorklin I realize I want to use Formulas but not sure how to set it up
10:46 rbjorklin Basically to deploy applications I copy a few files to some locations
10:47 rbjorklin salt 'server1' state.sls app1
10:47 rbjorklin salt 'server2' state.sls app2
10:47 rbjorklin where I would want to use the same state file but different map.jinja files
10:48 linjan joined #salt
10:53 babilen rbjorklin: No, that isn't quite right. A formula works in such a way that changes/adaptations are *only* made in the pillar that is being targeted to the node the formula is being used on. In particular values in the map.jinja should be changed by setting the foo:lookup:bar pillar (map.jinja == "lookup table")
10:54 giantlock joined #salt
10:54 babilen The map.jinja should typically only contain data that differs between various os_family / os* grains and should be considered to be more or less static. All settings that users would genuinely want to change should be set in the pillar (with reasonable defaults if they haven't been set)
10:55 ShibMcNe Your use case seems simple enough to use a simple state that get different filenames from pillars according to minion names.
10:55 Homere some functions like cp.file_hash salt://.... returns nothing sometimes (randomly) without anything in debug log. Is there a way to debug more ?
10:55 babilen You would then target the same state(s) from the formula to all applicable minions and the actual thing they do is being influenced by the values you set in the pillar.
10:56 rbjorklin babilen: That makes  a lot more sense, thanks!
10:56 babilen rbjorklin: And yeah, I agree with ShibMcNe here. It sounds as if all you want is a state file with references to the pillar for the exact arguments of your states
10:57 rbjorklin ShibMcNe: Same to you, thanks for pointing it out!
10:57 ShibMcNe you're welcome ^^
10:58 babilen But just to complete my earlier example with something tangible: In a, say, MySQL formula you would set the name of the MySQL Server pacakge in the map.jinja, while you would set the bind-address (and other settings) in the pillar
10:58 babilen If you could paste an example of what you are trying to do to http://refheap.com we could provide more hands-on support
11:00 rbjorklin babilen: Thanks for clarifying! Don't think that will be needed, I've already used Pillars, although in a very limited way, and think I can manage from here. I was mostly looking for a best practice
11:00 alanpearce joined #salt
11:17 davidone should nodegroups be defined only in salt master file?
11:17 glyf joined #salt
11:20 kawa joined #salt
11:21 toplessninja joined #salt
11:23 Roee davidone:yep
11:25 f3d joined #salt
11:26 1JTAA88VJ joined #salt
11:26 jeffrey4l joined #salt
11:29 sieve Hi. I am hitting this problem
11:29 sieve State 'docker.installed' found in SLS 'native' is unavailable
11:29 sieve I understand this to be an issue with docker_py not being installed but salt actually installs this
11:33 bhosmer joined #salt
11:34 jonatas_oliveira joined #salt
11:34 johtso__ joined #salt
11:37 rawzone joined #salt
11:40 X86BSD joined #salt
11:52 TheThing joined #salt
12:05 yomilk joined #salt
12:11 aqua^mac joined #salt
12:19 bhosmer joined #salt
12:23 yomilk joined #salt
12:24 jeffrey4l joined #salt
12:26 hobakill joined #salt
12:32 CeBe joined #salt
12:33 JlRd joined #salt
12:37 otter768 joined #salt
12:39 workingcats joined #salt
12:41 rbjorklin babilen: Let's say I have a rabbitmq.user state and want to re-use the state to add two users in the same rabbitmq exchange, how would I go about triggering the same user state twice but with different pillar info?
12:42 vortec joined #salt
12:42 vortec left #salt
12:45 ninkotech_ joined #salt
12:47 jeffrey4l joined #salt
12:54 rbjorklin So the gist of it is that I want to run the same state twice on the same machine but with different variables from pillars
12:55 rbjorklin I.E. /srv/salt/system/user.sls should run once with /srv/pillar/system/user1.sls and once with /srv/pillar/system/user2.sls
12:58 babilen yeah, exactly
12:59 babilen (or was that still a question? In which case: please go on)
13:00 babilen You might want to take a look at the users formula: https://github.com/saltstack-formulas/users-formula/blob/master/pillar.example is showing the sort of pillar you would use and https://github.com/saltstack-formulas/users-formula/blob/master/users/init.sls#L5 is the beginning of the iteration over entries in the pillar whose values would then be used to "construct" states
13:02 babilen So you would simply write *one* state that can add *any* rabbitmq user and then just target different pillars to your boxes. As salt merges pillars "smartly" these days I would recommend to actually use rabbitmq.users.{user1,user2, ...} for each user with a complete pillar specification for that user and then target all applicable users to your minions in the pillar's top.sls
13:04 toplessninja could anyone point me in the direction where the top.sls file is handled in the source code?
13:04 babilen only if you dress
13:04 toplessninja specifically if it matters the pillar one.
13:04 toplessninja ok, I'm dressed
13:06 babilen salt/pillar/__init__.py -- get_tops et al
13:07 toplessninja thanks!
13:07 thawes joined #salt
13:08 toplessninja has the medium bug handling reading the top.sls pillar file already been resolved?
13:09 sieve joined #salt
13:12 sieve I'm playing aound with salt-cloud and need to install specific versions of python_six and docker_py
13:12 sieve Can I pass options in with script: bootstrap-salt
13:12 sieve ?
13:12 jakubek joined #salt
13:14 jakubek any idea or way to debug why salt-minion or salt-call are not using mysql.default_file: '/root/.my.cnf', in salt-call strace i see that file is readed but valuses like user, pass, host are not used. it's strange bacuase on other server iwth the same version of salt it's working.
13:16 beauby joined #salt
13:21 eject_ck joined #salt
13:23 Homere found a bug !!  __opts__['file_roots']__ is overwritten with pillar_roots in a non thread safe way
13:25 ericof joined #salt
13:27 babilen rbjorklin: ^
13:27 babilen Homere: Report, Fix, PR, Profit!
13:28 rbjorklin babilen: Sorry went for a coffe, reading up on your responses now
13:29 yomilk joined #salt
13:29 rbjorklin babilen: What I was really wondering is how I express myself in the top.sls files to do this
13:30 Auroch /bye
13:30 rbjorklin Like in /srv/salt/top.sls I would have 'some_host': \n  - system.user
13:30 babilen rbjorklin: That's easy: 'some_minion': - foo.bar.user1 - foo.bar.user2 'some_other_minion': - foo.bar.user1 -- That would create user1 and user2 on 'some_minion' and only user1 on 'some_other_minion'
13:30 rbjorklin but how do I trigger it multiplet times?
13:31 rbjorklin multiple*
13:31 babilen You use a loop over pillar values in your state and then simply provide data for more than one user in the pillar (take a look at the users-formular, it exemplifies this quite nicely)
13:31 lothiraldan joined #salt
13:31 rbjorklin babilen: and that does not require me to have /srv/salt/foo/bar/user[1,2].sls ?
13:32 hcl2 joined #salt
13:32 babilen No, you would write /srv/salt/foo/bar/user.sls in such a way that it is a no-op if no data has been provided in the pillar and to generate states for every user that has been defined in the pillar
13:33 babilen The generation of state is entirely data-driven from the pillars you provide. And as salt now merges pillars you can even maintain your user specifications in their own file (and they will still be merged nicely)
13:34 babilen (own file in the pillar that is)
13:36 rbjorklin babilen: Sounds beautiful, taking a look at the users-formula now
13:37 goal is there any significant (module/formula) support for firewalld, that anyone is aware of?
13:38 patrek joined #salt
13:38 babilen burn firewalld with fire
13:39 babilen you want http://docs.saltstack.com/en/latest/ref/states/all/salt.states.iptables.html
13:39 babilen https://github.com/saltstack-formulas/iptables-formula is a formula, but I haven't used it
13:40 babilen Looks alright though, we mostly use ferm for this stuff but mostly have dedicated hardware
13:40 goal I originally hated firewalld, too. But, actually, though I still dislike some aspects (XML for a start), it is actually very useful and a vast improvement on raw iptables
13:41 sieve Anyone using the docker stuff seen this problem?      Comment: State 'docker.loaded' found in SLS 'native' is unavailable
13:41 goal to the point now, where I would like to retain it and have salt interact with it
13:41 babilen sieve: Does your minion have docker installed and did you restart the minion afterwards?
13:42 sieve babilen: Yes, I have restarted minion and docker is installed
13:42 babilen goal: There is no firewalld formula that I know of, but you are naturally welcome to write one
13:43 sieve I can seemingly use the other docker states such as docker.installed and docker.running
13:43 goal hah, well, I would love to. Not quite sure my salt skills stretch that far just yet
13:43 babilen sieve: Which salt version?
13:43 babilen But it's definitely not that if you can use other docker states
13:44 babilen Haven't seen that one before and also couldn't find a bug report
13:44 yomilk joined #salt
13:44 sieve babilen: Salt 2014.7.0
13:44 intellix joined #salt
13:44 intellix_ joined #salt
13:45 jakubek z
13:45 babilen ẑ
13:48 babilen sieve: Are you, mayhaps, looking for dockerio.loaded rather than docker.loaded? Could you paste "native.sls" to http://refheap.com ?
13:49 babilen (I contributed that to a lazy typo, but that might not actually have been the case and I rather don't make assumptions)
13:53 jaimed joined #salt
13:59 sieve babilen: I was a bit confused about that because the dockerio states do not exist it seems
14:00 aqua^mac joined #salt
14:00 sieve babilen: https://gist.github.com/mooperd/793c083b68b221102a52
14:01 babilen http://docs.saltstack.com/en/latest/ref/states/all/salt.states.dockerio.html#salt.states.dockerio.loaded
14:01 babilen Yeah, you want dockerio.loaded there
14:02 babilen Oh, there is something weird going on with that one ...
14:02 sieve yep. in the examples it shows docker.loaded:
14:02 babilen Ah, it sets '__virtualname__ = 'docker''
14:03 sieve And the other states that work for me "docker.installed" and "docker.running" are working fine
14:03 babilen So it should, indeed, be docker.loaded rather than dockerio.loaded
14:03 babilen Are you sure that loaded is available in 2014.7 ?
14:03 babilen I can only find it in develop
14:04 nitti joined #salt
14:05 sieve Ah, maybe I should be using the RC for all this
14:05 babilen Yeah, and 18cd9564 only exists in develop
14:05 sieve Ok, Ill switch to RC
14:05 sieve thaks!
14:06 miqui_ joined #salt
14:06 babilen One of the problems of hosting documentation for only develop on docs.saltstack.com rather than making docs available for different branches
14:07 sieve hmm, how should I install RC :)
14:08 sieve Ah, and thats annoying. If I am using salt cloud to deploy, will my minions also pick up the RC version?
14:09 voxxit joined #salt
14:10 beauby Anybody having issues with salt bootstrapping on FreeBSD10? (gettext-runtime conflicting gettext)
14:13 Ahlee anybody got the commit handy that adds UTF-8 handling?  I want to see if I can backport that to 0.17.5, as i've finally had enough of the windows ® breaking runs
14:15 TheThing joined #salt
14:20 TheThing_ joined #salt
14:20 cpowell joined #salt
14:20 hojgaard joined #salt
14:23 TheThing joined #salt
14:25 mpanetta joined #salt
14:25 elfixit joined #salt
14:26 TheThing_ joined #salt
14:29 stooj joined #salt
14:33 StDiluted joined #salt
14:33 TheThing joined #salt
14:35 mdasilva joined #salt
14:35 mdasilva good morning peoples
14:35 babilen Ahlee: git blame on the particular file (and line) would probably help to sort this out
14:36 dude051 joined #salt
14:36 babilen mdasilva: You should get up earlier, it is already half two here ;)
14:36 mdasilva babilen: i like to make an entrance
14:37 linjan joined #salt
14:38 otter768 joined #salt
14:38 mdasilva question; is there a way to include another state _without_ jinja being parsed prior?
14:38 mdasilva id like some jinja variables set in the including state to apply to the included state
14:38 murrdoc joined #salt
14:40 babilen Like a closure? I don't think that is possible, why don't you set it via pillars?
14:40 babilen (in both states)
14:41 murrdoc joined #salt
14:41 mdasilva ya the jinja vars id like applied is pulled from pillar
14:42 mdasilva but its tied further down the yaml tree
14:42 sieve sometimes "salt '*' state.highstate" is returning me to the shell without outputting anything
14:42 sieve I cant seem to see a pattern
14:43 sieve Just sometimes doesnt want to output anything
14:43 superted666_ I know the feeling
14:43 mdasilva babilen: i think i'll revisit my approach
14:43 mpanetta joined #salt
14:43 mdasilva may need to restructure my pillar a bit tho
14:43 sieve the command is still running: The function "state.highstate" is running as PID 13081 and was started at 2014, Dec 04 14:41:59.320391 with jid 20141204144159320391
14:44 kaptk2 joined #salt
14:44 perfectsine joined #salt
14:44 babilen sieve: You can take a look at it with "salt-run jobs.lookup_jid 20141204144159320391"
14:45 hcl2 can i setup schedules that use salt-ssh ?
14:45 babilen gut says no
14:47 miqui_ joined #salt
14:47 TheThing joined #salt
14:47 thawes joined #salt
14:47 BigBear joined #salt
14:49 TheThing_ joined #salt
14:50 hcl2 unless the schedule is just cmd.run salt-ssh '*' ....
14:50 hcl2 oh but that wouldn't even work...
14:53 williamthekid_ joined #salt
15:00 housl joined #salt
15:01 sieve joined #salt
15:02 sieve babilen: any idea why salt "crashes" out like that? is that some kind of defined behaviour?
15:04 Ahlee Salt is asyncronous.  The cli will wait 5 seconds by default (extendable via -t) before returning control
15:04 Ahlee Your state, for whatever reason, is taking longer than the timeout
15:06 mdasilva sieve: check the salt log on the minion
15:06 Ahlee You can kill the job by targeting the minion and running saltutil.kill_job
15:06 Ahlee with the JID
15:07 mdasilva sieve: for me, the few times a job didnt return anything from a minion, it was an issue with minion system
15:08 babilen sieve: It doesn't crash it simply timeouts and returns you to the shell while the job runs, asynchroneously, in the background.
15:08 KennethWilke joined #salt
15:09 babilen sieve: You can raise the timeout by passing "-t 500" (in seconds), but I tend to set "show_jid: True" and just use jobs.lookup_jid to look it up later. "-v" might be a good idea too.
15:09 sieve ahale: ah, so as long as there is something coming through the pipe every 5 seconds it will keep it open
15:09 Ahlee Kind of.
15:10 TheThing joined #salt
15:10 babilen What was the outputter again that tabulates results of a command? (e.g. groups minions for which the md5sum of a specific file is the same)
15:13 debia joined #salt
15:15 sieve With salt cloud, can I put my provider and profile details in /srv/salt ?
15:16 jhauser_ joined #salt
15:16 sieve Or, can I run a bit of salt to fix things up on the master?
15:16 masterkorp Hello I have a minion that refuses do anything
15:17 masterkorp and the salt-master just hangs forever
15:18 masterkorp [INFO    ] Returning information for job: 20141204151746767740
15:18 masterkorp all i get is this on the minion
15:19 Ahlee does the job you're running have a return?  does salt-run jobs.lookup_jid 20141204151746767740 return anything?
15:19 Ahlee have you modified the returner at all? specified an alternative returner for that state?
15:20 masterkorp http://pastebin.com/cfRvrvj7
15:20 rickh563 joined #salt
15:20 masterkorp it just does this over and over
15:21 Ahlee what does your salt/master.sls state do?
15:21 seanz joined #salt
15:22 masterkorp https://github.com/saltstack-formulas/salt-formula/blob/master/salt/master.sls
15:22 pr_wilson joined #salt
15:23 perfectsine joined #salt
15:23 theologian joined #salt
15:24 sroegner joined #salt
15:25 babilen What's the pillar you use with it?
15:26 babilen And support the tangerine ribbon campaign for a better internet! Do not use pastebin.com as it is a horrible website, but use one of the many nicer pastebins such as http://refheap.com, http://paste.debian.net, http://bpaste.net, https://gist.github.com, ...
15:26 masterkorp babilen: it cointains gitfs remotes configuration
15:27 Ahlee I have no idea why you're so against pastebin
15:27 ekristen joined #salt
15:29 thawes joined #salt
15:29 babilen Ahlee: Many reasons: They force users to enters captchas every now and then, *alter* things you paste (in particular whitespace), the design is crowded and overflows with ads/social media integration ... they simply make money of the fact that the great unwashed googles "pastebin" and ends up on their website, while there are much cleaner pastebins that allows helpers to actually focus on the content
15:30 BigBear joined #salt
15:30 sieve gist ftw
15:30 sieve I dont know why anyone would use anything else
15:30 masterkorp babilen: i loved 0bin.net
15:30 masterkorp until it went down
15:30 sieve https://gist.github.com/
15:30 masterkorp yeah yeah i want to solve my problem, lets not diverge :p
15:31 Ahlee of those, I can see altering as a problem, but *shrug*
15:31 nahamu masterkorp: http://paste.ec/ runs that code...
15:31 iggy the ads are the bit one for me
15:31 iggy *big
15:31 babilen masterkorp: *only* that?
15:31 rbjorklin babilen: I'm having problems getting my pillars to compile eventhough yamllint.com says it's valid yaml
15:31 nahamu masterkorp: or maybe you mean https://www.zerobin.net/
15:31 babilen iggy: I hate to enter captchas and the fact that they change the things you paste is just unacceptable.
15:32 pr_wilson joined #salt
15:32 iggy I hate trying to click in the text entry field as the page is readjusting to some new ad that popped up and end up looking at nissan's or adobe shit
15:32 Ahlee but, it certainly is the easiest to remember :)
15:32 rbjorklin babilen: Basically I'm seeing something very similar to gh#1965
15:32 pdayton joined #salt
15:32 babilen rbjorklin: That doesn't mean that the python yaml parser has to eat them. Could you paste them (and the error?) ?
15:33 masterkorp nahamu: 0bin.net was client side encyrpted
15:33 masterkorp but never mind my client still hangs and that is my problem
15:33 nahamu so it zerobin
15:33 nahamu *is
15:33 rbjorklin babilen: I'm using the same syntax as in the users-formula pillar.example you recommended earlier
15:33 babilen masterkorp: So, show us your pillar
15:34 babilen My German colleagues always giggle when I say that ...
15:34 babilen rbjorklin: There really is nothing I can do for you without seeing the actual data and error you use or get
15:36 masterkorp babilen: https://www.zerobin.net/?3877008d8afb4076#kogF2s6XXqmZ+mFtvDAFNZJ/dLnasPDEAL3jpjfIQcI=
15:37 rbjorklin babilen: simplified but still accurate https://www.refheap.com/94406
15:37 babilen masterkorp: And it hands if you roll out your highstate on the master?
15:38 masterkorp yes
15:38 masterkorp or anything really
15:38 babilen *hangs
15:38 masterkorp state.sls salt.master hangs
15:38 sieve I am putting some configuration in /srv/salt/master for the salt-master machine. How do I run this stuff?
15:38 babilen masterkorp: Has /etc/salt/master/default.d/_defaults.conf been correctly generated? Does that change the master for the minion?
15:39 masterkorp let me check
15:39 babilen rbjorklin: I take it that that is your pillar, could you paste the state as well?
15:40 rbjorklin babilen: correct, coming right up
15:40 babilen masterkorp: /etc/salt/master.d/_defaults.conf that is
15:41 masterkorp is there a zerobin cli client ??
15:41 rbjorklin babilen: Just a quick question, does the pillar look syntactically correct?
15:41 babilen rbjorklin: It does, yeah
15:42 babilen (it is, however, not complaining about the pillar)
15:42 masterkorp babilen: why do i need that file ?
15:42 masterkorp its seems unessecary
15:43 masterkorp master
15:43 masterkorp master.conf seems to have it all
15:43 babilen masterkorp: You seem to set the master IP via the salt formula as well. Does that affect the minion running on the master as well? I mean changing the master settings and minion settings via salt always feels like rocket surgery, but mostly works fine.
15:43 rbjorklin babilen: Oh, I thought so since the file name (state/pillar) that was given was that of the pillar
15:43 budman joined #salt
15:43 babilen masterkorp: It's where the salt formula stores its settings
15:44 keyser how do I get a file.managed file to pull in pillar data that I have looped through in a state file.... https://paste.ee/p/4tsQO this doesnt work...
15:44 masterkorp babilen: https://www.zerobin.net/?354dbdbbf7f9e2c0#xlsKVfWMFa0utt7Y+EkwZ4ZY4Wvg/AVcHGje4N8Ddas=
15:44 masterkorp its seems to work
15:45 qx joined #salt
15:45 babilen rbjorklin: Well, please be more specific. It looks as if you used a pillar as a state, could you give complete paths to all involved files along with your settings for pillar and file_roots (in case they differ from the default)
15:45 pr_wilson joined #salt
15:45 babilen masterkorp: That paste has been deleted
15:46 babilen keyser: Is it drinking G&T on the couch again? Could you be more specific about the "doesn't work" part?
15:47 babilen masterkorp: yeah, that looks fine. Can you run "salt '*' test.ping" -- how about the minion settings? Have they been changed? Are they still correct for the minion running on the master?
15:48 sieve Hmm, am I missing something here about using salt to configure elements of the salt-master machine?
15:48 sieve how about running a minion on the master?
15:48 keyser babilen: :) hah - yes will just grab the output/error
15:48 aqua^mac joined #salt
15:49 babilen sieve: That is what, for example, the salt-formula is being used for. And yes, you would run a minion on the master if you want the master to "manage itself"
15:49 gwmngilfen joined #salt
15:50 masterkorp babilen: test.ping hangs
15:50 masterkorp just on this host
15:50 masterkorp better it gives me no output
15:50 babilen So the minion on the master is unhappy .. anything specific you can tell from its logs?
15:51 MTecknology Sticking   @weekly salt -b 20 '*' state.highastate   in a crontab sounds like fun
15:51 keyser babilen: it gives: SaltRenderError: Jinja variable 'db' is undefined
15:52 Ozack1 joined #salt
15:52 iggy MTecknology: salt has a built-in scheduler that you can run highstate with
15:52 masterkorp babilen: kicked it over, just gave me an happy response
15:52 MTecknology oh
15:52 MTecknology I didn't know about a scheduler, neat
15:52 slav0nic joined #salt
15:53 masterkorp root@salt-master:~# ps aux | grep salt-minion
15:53 masterkorp root      1576  0.3  1.2 508444 47068 ?        Sl   15:45   0:01 /usr/bin/python /usr/bin/salt-minion -l debug
15:53 masterkorp root      5769 39.2  1.1 445376 42244 ?        Ssl  15:53   0:01 /usr/bin/python /usr/bin/salt-minion
15:53 masterkorp here is the problem
15:53 masterkorp the process seems to be forking
15:53 babilen keyser: There you go then, where do you use that variable and why do you think that it should be defined?
15:54 babilen rbjorklin: ping?
15:54 masterkorp but highstate still hanges
15:54 masterkorp *hangs
15:55 iggy masterkorp: that looks like you have one running in the foreground and one running as a service
15:56 murrdoc joined #salt
15:56 babilen masterkorp: Is this on Ubuntu?
15:56 mapu joined #salt
15:57 babilen And yeah, the "salt-minion -l debug" looks like something you started manually
15:57 babilen I would *strongly* recommend to only run a single salt-minion instance at any time
15:58 jonbrefe joined #salt
15:59 linjan joined #salt
16:00 iggy I would think it would be a requirement (else you'd have them stomping all over each other in the cache directory)
16:00 keyser babilen: the variable is used in the managed file - failover.sh in the paste.ee link
16:00 micah_chatt joined #salt
16:01 budman This function will call highstate or state.sls  - whats the difference from highstate and state?
16:02 MTecknology highstate takes top.sls and runs all states that should run on that minion and then runs them; state.sls is for running a single sls
16:02 iggy state.sls runs a single state file
16:02 micah_chatt_ joined #salt
16:04 mick3y budman: and if you want to check what states will be run at state.highstate you can use the following command: salt 'hsotname' state.show_top
16:04 budman and thats just the top.sls? highstate?
16:04 aquinas joined #salt
16:04 jtanner joined #salt
16:08 babilen keyser: Oh, I am quite sure that part of the bash script are, erroneously, being rendered as jinja. You might have to use {% raw %} ... {% endraw %} in places.
16:08 babilen If you would paste the entire script I could probably tell you where.
16:09 babilen budman: The "top.sls" isn't a state SLS file, but the *top file* that decides which states are being applied to which minions.
16:09 babilen It is somewhat special in that regard and using "sls" conflates different senses
16:09 budman a high state is a group of predefined states?
16:10 babilen budman: Running a highstate will run all states that have been defined in the top.sls for that minion in question
16:11 budman Rgr, how do people handle intial farm deployments? with servers that have different keys/users everywhere... do you CLI check/add/remove them?
16:11 agend joined #salt
16:12 keyser babilen: I have actually just tried it with that as the *whole* script - just those 3 lines - still gives the same error (which I have added to the paste.ee)
16:12 ericof joined #salt
16:13 iggy budman: I think most people are using salt-cloud, some other tool, or something homebrew for deployments
16:13 mapu_ joined #salt
16:14 rlarkin|2 joined #salt
16:15 miqui__ joined #salt
16:16 mdasilva joined #salt
16:16 a1j_ joined #salt
16:16 DenkBrettl joined #salt
16:17 babilen keyser: Tried what with what?
16:17 masterkorp babilen: https://www.zerobin.net/?421eafcb4dd50e0a#IW1QrWygDSYEGU59Y9GZIMywgXmyJR1oJqFGEQ0BAwE=
16:17 masterkorp i got it to blow up
16:18 babilen keyser: You probably have { ... } as part of the bash code in there and jinja interprets that as "jinja is me!!!"
16:18 masterkorp but i can't tell anything from that
16:18 jalbretsen joined #salt
16:18 budman ahh not rolling onto existing hardware/non-cloud
16:19 babilen masterkorp: You use a string where you should use a dictionary at one point. As this happens in get_tops, I *guess* that it is your top.sls file
16:19 jimklo joined #salt
16:19 Twiglet joined #salt
16:19 crashmag joined #salt
16:19 crane joined #salt
16:19 Karunamon joined #salt
16:19 budman anywhere with a bunch of example/sample files? install ssh/secure/configure it etc..
16:20 AbyssOne_ joined #salt
16:20 _ikke_ joined #salt
16:20 kaptk2 joined #salt
16:20 masterkorp babilen: can you trow me a 2nd eye ?
16:20 JPaul joined #salt
16:21 iggy budman: the saltstack-formulas org on github is a good place to start
16:21 StDiluted joined #salt
16:24 APLU joined #salt
16:24 budman Sorry for all the Q's.. I appreciate the help/replies.. jinja - what is this? exactly..
16:26 budman Seems to be a grain define file of sort.. I do see the saltstack formulas.. but not seeing anything on like custom ssh port, or disabling password loging.
16:26 babilen budman: http://jinja.pocoo.org/docs/dev/templates/
16:26 budman the proper formart.
16:26 rickh563 joined #salt
16:26 viq ha, commit statistics to our salt states repo, in reverse order: Person A: 18 commits / 64 ++ / 9 --   Person B: 222 commits / 3247 ++ / 1736 --   me: 586 commits / 18731 ++ / 2878 --
16:27 Jarus joined #salt
16:27 arif-ali joined #salt
16:27 keyser babilen: the script is now just 3 lines - the one setting it as bash and then the 2 export lines.
16:27 scryptic1 joined #salt
16:28 keyser what I am trying to do is to get the pillar data into that script - hence trying the jinja {{ db['totalMemory'] }}
16:29 keyser db is defined in the state file - as I want to loop through multiple db's to set that value on a per db basis
16:29 tomspur joined #salt
16:30 forrest joined #salt
16:30 keyser so I am trying (failing) to get the pillar data for the current loop into that jinja templated script file
16:30 keyser if that makes sense?
16:30 viq keyser: look up 'context' in file.managed description
16:30 linjan joined #salt
16:30 iggy budman: jinja is a templating language (derived from django templates originally) that allows you to more easily add a little variability/customizability to your state files (which are otherwise just straight yaml files... i.e. just a bunch of static data)
16:31 scryptic1 Quick question for anyone who may know.. I have a salt state that requires a custom parameter to be run, which I'm doing on the cmd line via pillar="{var_name: value}" and this works perfectly. What I need to do is include this state in another higher level state. How do I pass this pillar/ data/parameter to the state when its being called through an include statement?
16:31 babilen keyser: Ah, alright. You can hand it over as context (cf. http://docs.saltstack.com/en/latest/ref/states/all/salt.states.file.html#module-salt.states.file )
16:32 viq scryptic1: how about setting the pillar in, you know, pillar? ;)
16:32 keyser ah - cheers babilen + viq  !
16:32 keyser that looks exactly what I am after!
16:32 scryptic1 because this data changes frequently between runs... its not static
16:32 iggy scryptic1: use jinja includes instead and include "with context"
16:32 jimklo joined #salt
16:33 scryptic1 iggy: Thanks!
16:34 babilen jinja is also a horrible choice for salt
16:35 babilen mako would have been *much* better
16:36 mdasilva i struggle with jinja
16:37 hobakill while i can't find anything in the documentation about it - there has to be a way. can salt-ssh do groups? so i can target specific boxes rather than use some sort of -L ?
16:37 forrest babilen: You can use mako if you want.
16:37 babilen I hate it because you can't easily write Python in it. It is just not powerful enough for salt states, but due to being the default investing in #!mako is a bit of .. well .. hard decision
16:37 forrest and it isn't supposed to be powerful enough to write python, just use the python renderer :P
16:38 ajolo joined #salt
16:38 babilen forrest: Well, a lot of things would have been much easier as template_language + 3 lines of Python
16:38 babilen (e.g. I miss itertools, fnmatch, re, ... regularly for "little things")
16:38 otter768 joined #salt
16:39 jonatas_oliveira joined #salt
16:39 babilen But I don't have time to convert the entire state from #!jinja|yaml to #!py* .. My colleagues would also be pretty upset if I throw even more renderers into the mix
16:40 hobakill perhaps a nodegroup is my best option.
16:40 babilen I know (and do use) other renderers, it is just that mako would have been a better default as it makes it much easier to include that "little bit of data munging Python" you need
16:40 Ahlee since nodegrups live in hte master config, you have to restart the master to update them
16:41 babilen forrest: I will stop to complain about this every twice a year in, at the latest, 2018 (I promise!)
16:42 eliasp I'll throw a party the day nodegroups can be placed in top.sls or a similar place…
16:42 hobakill Ahlee, yeah so that means there's nothing i can do in the roster file for grouping?
16:42 Ahlee hobakill: not to my knowledge, but I don't use salt-ssh either
16:43 hobakill Ahlee, we're moving away from ansible and i need a way to restart salt-minions that shit the bed. it happens to 10 boxes pretty regularly and i don't know why. until i do i'm going to do the salt-ssh solution.
16:44 KennethWilke joined #salt
16:44 Ahlee hobakill: oh I hear ya.  I run salt through supervisord so when it cores out it comes back up
16:44 Ahlee and I have scripts that restart minions via ssh or wmi when they show up in manage.down
16:45 hobakill Ahlee, i'd be interested in seeing that manage.down script if you care to share it
16:49 gwmngilfen joined #salt
16:49 Ahlee i can post an early version before it got tied into our internal apps
16:49 Ahlee one moment, lemme clean up hard coded passwords/etc
16:51 hobakill Ahlee, thanks.
16:52 mdasilva joined #salt
16:53 ThomasJ joined #salt
16:53 TheoSLC joined #salt
16:54 TheoSLC Greetings.  Anybody know when 2014.7.1 is expected to be released?
17:01 sroegner joined #salt
17:03 iggy TheoSLC: I haven't heard a peep about it
17:05 TheoSLC iggy: thanks.  I've been holding off on upgrading to 2014.7 until it's released since I must have compound matching for the mine. (who doesn't use compound matching for mine data?)
17:05 budman 'ps.grep' is not available. - is this an additional module/package?
17:05 dRiN joined #salt
17:05 iggy TheoSLC: yeah, I'm waiting for the same thing
17:06 BigBear joined #salt
17:07 gebi joined #salt
17:08 lothiraldan joined #salt
17:10 rickh563 joined #salt
17:11 mdasilva TheoSLC: compound matching doesnt work for mine in 2014.7?
17:12 TheoSLC mdasilva: correct, http://docs.saltstack.com/en/latest/topics/releases/2014.7.0.html
17:13 wendall911 joined #salt
17:13 superted666_ joined #salt
17:13 iwishiwerearobot joined #salt
17:13 mdasilva crap
17:13 mdasilva i have some mines using compound matching
17:14 cedwards1 joined #salt
17:17 zlhgo_ joined #salt
17:17 TheoSLC mdasilva: sorry. you could workaround it by creating a single grain for your compound match.  so if you were doing 'G@role:web and G@deployment:staging' you would create a new grain with value of web_staging
17:17 cedwards1 joined #salt
17:17 blaffoy Hi, again. More questions.
17:18 Ahlee hobakill: It's very rough, but we stoppe developing this and moved most of the logic into code I can't break it out of easily, nor can i share it
17:19 mdasilva TheoSLC: yeah i can work around it
17:19 Ahlee hobakill: see priv message for gist
17:20 mdasilva TheoSLC: its odd because it appears to be workign fine
17:20 mdasilva ill have to check later
17:20 blaffoy I have my fileserver_backend on hg. This works fine, but I would like to keep my win repo cache file local to the salt master
17:21 budman Im using, https://github.com/saltstack-formulas/openssh-formula/tree/master/openssh it pushes the custom sshd_config (with a custom port).
17:21 funzo joined #salt
17:22 budman but the port is commented out when pushed, I dont see where/how/why
17:22 blaffoy My /etc/salt/master: https://gist.github.com/anonymous/f930e8ac37777f3aac5a
17:22 jonatas_oliveira joined #salt
17:23 blaffoy But, if I `salt-run winrepo.genrepo`; `salt "*" pkg.refresh_db" the package database on the minions don't update correctly
17:24 blaffoy Using md5sum, I was able to verify that they pick up the version of winrepo.p that's checked into the hg repo.
17:24 KyleG joined #salt
17:24 KyleG joined #salt
17:24 murrdoc joined #salt
17:24 juanlittledevil joined #salt
17:25 juanlittledevil howdy guys. I've got a quick question for you. Is there a way to match all minions whos saltversion is not equal to a certain value?
17:25 juanlittledevil I can't seem to find any example of negation targeting in the docs
17:27 lothiraldan joined #salt
17:27 hal58th1 yeah, you can target the grains and use the grain "saltversion"
17:27 hal58th1 juanlittledevil http://docs.saltstack.com/en/latest/topics/targeting/compound.html
17:28 spookah joined #salt
17:30 troyready joined #salt
17:30 superted666_ joined #salt
17:30 iwishiwerearobot joined #salt
17:30 jswanson_ joined #salt
17:32 jswanson_ joined #salt
17:34 sieve joined #salt
17:34 budman do people usually have all users in 1 users.sls, or a users/username1.sls users/username2.sls ec..
17:34 sieve joined #salt
17:35 sieve joined #salt
17:35 sieve joined #salt
17:35 SpX joined #salt
17:35 hasues joined #salt
17:37 Ryan_Lane joined #salt
17:37 aparsons joined #salt
17:37 murrdoc one user.sls and one giant json with the users
17:37 murrdoc similar to https://github.com/saltstack-formulas/users-formula
17:37 blaffoy What's the right way of configuring win_repo_mastercachefile while using hgfs?
17:37 aqua^mac joined #salt
17:38 iggy https://github.com/github/linguist/pull/1825
17:38 masterkorp https://github.com/saltstack/salt/issues/18729
17:38 budman murrdoc: thanks, im not 100% on the formulas yet. Ill look at that one. I dont see a users.sls on the link or a json with the users?
17:39 masterkorp My entire salt system just looked out
17:39 blaffoy Should I just check winrepo.p into my hg repository, and point win_repo_mastercachefile at that?
17:39 masterkorp i have no idea why ?
17:40 murrdoc budman:  https://github.com/saltstack-formulas/users-formula/blob/master/pillar.example , its a yaml, but it can be a json
17:40 budman Where does the Pillar go? /srv/salt/pillar/users?
17:40 budman or just pillar.users in the users/ directory?
17:45 BigBear joined #salt
17:45 linjan joined #salt
17:45 manfred you put the file at /srv/pillar/users.sls
17:45 manfred and then assign it in /srv/pillar/top.sls
17:46 manfred http://docs.saltstack.com/en/latest/topics/pillar/
17:48 cedwards how can I store my pillar data in git alongside my state data if I'm using gitfs?
17:51 desposo joined #salt
17:51 snuffeluffegus joined #salt
17:52 unpaidbill im testing out the mysql master_job_cache and was surprised to find that the output from list_jobs and lookup_jid is completely different when using mysql vs local_cache, is this intentional?
17:52 unpaidbill instead of getting the list of arg, function, starttime, etc all i get is a list of jids
17:53 lumtnman joined #salt
17:53 mdasilva cedwards: http://docs.saltstack.com/en/latest/ref/pillar/all/salt.pillar.git_pillar.html
17:54 cedwards mdasilva: does that mean I need a git repo for pillar and a second git repo for states?
17:54 manfred yes
17:55 Ahlee I thought new versions could do pillars in same directory
17:56 cedwards reading more closely it looks like they can be in the same repo
17:56 mdasilva cedwards: no you can specify where your pillar data starts within the repo with the root argument
17:56 mdasilva my git repo has a subfolders for states, pillars and general configs
17:57 cedwards does the gitfs side allow for root arguments too?
17:58 cedwards I mean for the states portion
17:58 mdasilva cedwards: it does
17:58 hasues left #salt
18:02 aparsons_ joined #salt
18:04 drybjed joined #salt
18:05 murrdoc joined #salt
18:11 smcquay joined #salt
18:11 budman anyone here using openssh formulas to set custom ssh port or similar? It adds my custom sshd_config, with the port but its commented out
18:11 budman Im not seeing how/where do have it send not uncommented.
18:16 mdasilva joined #salt
18:16 budman https://github.com/saltstack-formulas/users-formula - how/where do I add/link the json/xml list of users/options?  just a pillar file in the folder?
18:19 ipmb joined #salt
18:21 bhosmer_ joined #salt
18:23 _prime_ joined #salt
18:24 Khan__ joined #salt
18:24 budman https://gist.github.com/anonymous/5e7260b92089a0bedb54
18:25 budman https://github.com/saltstack-formulas/users-formula/blob/master/pillar.example - where does this file go? and what name/format? What page can I read about this?
18:25 cpowell joined #salt
18:26 iggy pillar docs
18:27 iggy you put it wherever you want, then you target it in the top file...
18:28 fishdust joined #salt
18:30 shaggy_surfer joined #salt
18:30 schristensen left #salt
18:31 Mso150 joined #salt
18:32 budman so it doesnt have to go in a matching /srv/piller/users and /srv/salt/users/
18:32 wnkz_ joined #salt
18:32 iggy no
18:33 budman any good videos on saltstack and users? I have a simple user.sls that I finally got to work and add my user/key, but Im trying to use the users-formula
18:33 iggy you could put it in /srv/pillar/I/dont/want/your/life.sls if you wanted
18:33 budman Seems like im missing reading a page somewhere
18:33 budman lol :)
18:34 iggy you aren't missing anything (well, maybe the basic knowledge of pillars, but...)
18:34 nafg_ joined #salt
18:35 iggy there's just a lack of docs to get people from "this is a dead simple state tree" to "managing my infra with salt"
18:36 iggy I'd suggest watching thatch45's videos on youtube https://www.youtube.com/channel/UCpveTIucFx9ljGelW63-BWg
18:36 iggy there's some good ones in there that cover "high level salt" type stuff
18:37 budman k thanks.
18:37 mdasilva learning salt is a journey
18:37 mdasilva a rewarding one tho
18:37 iggy yeah, my first salt deployment was dead simple (I've since rewritten it like 4 times)
18:37 budman yes, Im loving it already, just banging my head on these few blocks
18:38 budman iggy: are you using user_formulas or a custom user.sls?
18:38 mdasilva iggy: +1
18:38 mdasilva im reworking states all the time
18:39 mdasilva moving my configs to an IDE has helped
18:39 otter768 joined #salt
18:40 rypeck joined #salt
18:41 iggy actually, right now google manages our users (GCE)
18:41 iggy but at some point, we'll be moving to ldap
18:42 budman manages your ssh logins/keys/accounts?
18:42 iggy yes
18:45 racooper joined #salt
18:47 kickerdog joined #salt
18:56 Ryan_Lane joined #salt
18:57 perfectsine joined #salt
18:57 garamana joined #salt
18:57 diegows joined #salt
18:59 Ryan_Lane anyone have any state examples for OS X?
18:59 dave_den joined #salt
18:59 budman salt dev state.sls openssh.config - I just dont see why when I change the port or anything it leaves it commented out using the formula.
18:59 kickerdog1 joined #salt
19:00 iggy what formula?
19:00 _JZ_ joined #salt
19:02 druonysus joined #salt
19:03 dave_den1 joined #salt
19:05 budman https://github.com/saltstack-formulas/openssh-formula
19:06 Ryan_Lane joined #salt
19:07 budman If I change the files/sshd_config for ssh port or banner, it updates the file on the salt minion but, it leaves comments in front of them
19:09 Test_ joined #salt
19:10 Test_ left #salt
19:10 aparsons joined #salt
19:12 jeremyr joined #salt
19:14 giantlock joined #salt
19:14 Eugene joined #salt
19:17 iggy what does your pillar look like? (paste it in a gist or something)
19:18 iggy also wouldn't hurt to paste the end result config file
19:19 nisley joined #salt
19:22 BigBear joined #salt
19:22 Ryan_Lane joined #salt
19:26 budman I dont have a piller file I believe, I have that example unziped as is. I only edited the files/sshd_config directly (possibly thats what Im doing wrong).
19:26 iggy yes it is
19:26 aqua^mac joined #salt
19:26 patrek joined #salt
19:29 budman kk, so just create a sshd_config.sls?
19:29 budman with the https://github.com/saltstack-formulas/openssh-formula/blob/master/pillar.example or do I name it "piller.ssh"
19:29 budman whats the scheme
19:30 iggy it should end in .sls
19:31 iggy and be in your pillar dir somewhere
19:31 iggy that's about the only restrictions
19:32 shaggy_surfer joined #salt
19:33 ekristen joined #salt
19:34 budman https://gist.github.com/anonymous/51e212b14c552520d933 - where/how does the /srv/salt/openssh/ know about that file and how to link it to the openssh?
19:37 yerigan joined #salt
19:39 eriko joined #salt
19:40 iwishiwerearobot joined #salt
19:41 mdasilva joined #salt
19:43 budman even if I put it named "openssh" or "openssh.sls" in the pillar directory, it does not seem to be grabbing the Port variable (im trying a few different things)
19:47 budman bingo got it :) sorry for all the noise
19:49 byronschaller joined #salt
19:51 pr_wilson joined #salt
19:55 gngsk joined #salt
19:59 shaggy_surfer joined #salt
20:00 shaggy_surfer1 joined #salt
20:03 Ryan_Lane joined #salt
20:03 shaggy_surfer joined #salt
20:06 kballou joined #salt
20:08 murrdoc joined #salt
20:09 budman So Im trying to rename, I changed the server hostname, then removed the minon, deleted the accepted key, reinstalled the minon, but its still showing up as the old minion id, do I have to manually set it in the minon conf?
20:14 kickerdog1 I'm having a lot of trouble getting the Windows Salt Minion http://docs.saltstack.com/downloads/Salt-Minion-2014.7.0-AMD64-Setup.exe to install on Windows Server 2008 R2 using salt-cloud.
20:15 iggy budman: it's normally in /etc/salt/minion_id
20:16 budman yea i found it after asking.
20:16 budman sorry
20:17 kickerdog1 Looks like the windows salt minion is incompatible when .Net 4.5.1 is installed.
20:17 shaggy_surfer joined #salt
20:17 jcockhren damn
20:18 shaggy_surfer1 joined #salt
20:19 kickerdog1 I was using the AMD64 build, I'm trying x86 version now.
20:20 vlcn joined #salt
20:22 murrdoc joined #salt
20:24 kickerdog1 Okay, x86 build works.
20:25 kickerdog1 specifically this guy Salt-Minion-2014.7.0rc7-x86-Setup.exe
20:25 kickerdog1 Might want to update the windows salt minion download page with a note saying .Net 4.5.1 breaks the 64bit minions.
20:28 iggy that's rc7
20:28 iggy I don't think you want to be running that long term (though it'll probably work to get you up and going)
20:30 kickerdog1 I know, I'll go back and try the regular x86, it will probably work.
20:32 cpowell_ joined #salt
20:33 iggy there are a few issues about the windows installer btw... might want to see if any of them have workarounds
20:33 shaggy_surfer joined #salt
20:35 _prime_ hi.  Is anyone familiar with the REST API changes between hydrogen and helium?
20:35 _prime_ specifically, how tokens are handled?  Code that works with hydrogen cherry_api gives me "Authentication failure of type "token" occurred for user" with Helium
20:37 wedgie_ joined #salt
20:40 otter768 joined #salt
20:41 iggy I see something about returning a 401 instead of redirecting to the login page
20:42 iggy and stuff about eauth
20:48 _prime_ iggy - I'm looking at http://salt-api.readthedocs.org/en/latest/ref/netapis/all/saltapi.netapi.rest_cherrypy.html#rest-uri-reference , is there a better reference?  A simple test to get a token and then call the api to get a manage.status via salt-run (as I do in Hydrogen) fails
20:48 _prime_ *fails with Helium
20:48 murrdoc joined #salt
20:48 iwishiwerearobot joined #salt
20:51 iggy salt-api is built into salt now... no more separate docs, but aside from that I don't really know
20:51 iggy I don't actually use salt-api
20:52 BigBear joined #salt
20:53 jcockhren _prime_: that's the best docs
20:54 jcockhren _prime_: sorry. misread. Your question is in regards to Helium
20:54 _prime_ I'm confused.  I get a token, and print it, but when I go to do an api_call like I do in hydrogen I get a token authentication error
20:54 nitti_ joined #salt
20:55 _prime_ 2014-12-04 14:32:01,145 [salt.master][WARNING ] Authentication failure of type "token" occurred for user <redacted>
20:58 nitti joined #salt
21:02 cpowell joined #salt
21:04 kickerdog joined #salt
21:05 kickerdog joined #salt
21:05 lahwran joined #salt
21:08 nitti_ joined #salt
21:13 budman Is salt caching some how/way? I make a change some times (to openssh pillar for sshd port) seems there are time some updates are not pushed
21:13 cnelsonsic_ joined #salt
21:14 budman salt 'dev*' state.sls openssh.config - sames sshd_config is in correct state, but its not the updated /srv/pillar/openssh.sls (its default unedited).
21:15 aqua^mac joined #salt
21:16 aurynn budman, the pillar gets refreshed during a highstate, or during a forced pillar refresh
21:17 Mso150 joined #salt
21:18 shaggy_surfer joined #salt
21:20 budman aurynn: so when I update a pillar etc.. I need to state.highstate (fully) or can I just highstate. openssh
21:21 aurynn budman, you can also do saltutil.refresh_pillar() and then state.sls openssh.config
21:21 aurynn er
21:21 aurynn no ()
21:21 budman the state.highstate does not seem to be grabbing the current openssh.sls pillar
21:21 budman Im sure im doing something wrong
21:24 nitti joined #salt
21:25 nitti_ joined #salt
21:26 budman https://gist.github.com/anonymous/49adb40d68528f687b2f - do I need to have the openssh (sub sls's) in there? like openssh.config?
21:26 budman ^ is my top.sls in /srv/salt.
21:27 aurynn yes, unless you include it in openssh/init.sls
21:27 aurynn in the pillar tree
21:29 budman Im just using the default formula.. I dont believe openssh.config is included in init.sls.. I swear earlier I was pushing my openssh.sls pillar changes with just salt 'dev*' state.sls openssh.config
21:29 aurynn so you have two trees, right? the pillar tree, with its own top.sls, and the state tree, with *its* top.sls
21:30 budman I do https://gist.github.com/anonymous/a30777bdc56b0482bb7d (pillar top.sls).. should those tops be the same? which one should I include the - openssh.config (or however the format).
21:31 aurynn I think you need to include openssh.config explicitly, yes
21:32 cads joined #salt
21:33 budman in which top.sls? or both?
21:33 budman pillar/state
21:33 aurynn In both
21:33 aurynn if you have a statefile of openssh/config.sls, then you need to add it to states/top.sls
21:34 meylor joined #salt
21:35 budman https://gist.github.com/anonymous/3119bc248642064e2023 - top.sls(state) failed highstate output
21:36 KyleG1 joined #salt
21:38 aurynn okay, what do your trees look like?
21:39 budman Im just using the default openssh forumla from the examples git.
21:39 cedwards is it possible to allow external_auth access to salt-call on a minion?
21:40 forrest_ joined #salt
21:42 budman I know earlier I was pushing my openssh.sls pillar changes with just salt 'dev*' state.sls openssh.config or openssh.banner (and having the ssh banner update).
21:42 budman I might have messed something up, or because it was the first push.
21:44 iggy start smaller
21:44 iggy seriously, you're doing the same thing I did when I first started
21:44 iggy I wanted to go from zero to AUTOMATE EVERYTHING  in an afternoon
21:45 jeffrubic joined #salt
21:45 budman ha :) i know, Im just trying to do SSH first. that was my start small
21:46 budman it was working, but seems to have stopped using pillars or something
21:46 whiteinge _prime_: have you verified the command you are running through salt-api works at the CLI with eauth (the ``salt -a <eauth backend>`` flag)  ?
21:46 iggy but you're trying to use formulas (which is great) when you don't even have a basic working knowledge of directory layout, etc.
21:47 kermit joined #salt
21:48 jnials joined #salt
21:48 budman how/where do I get that missing knowledge to start with my first formula (it was working earlier with out even using/touching highstate).
21:50 _prime_ whiteinge: thanks I'll give that a try.  It definitely works with Hydrogen, perhaps something in Helium is different
21:51 whiteinge _prime_: oh, any change you're getting that error when calling a runner function via the api?
21:52 whiteinge cedwards: negatory. eauth requires a locally-running master daemon.
21:52 alexhayes joined #salt
21:53 cedwards whiteinge: so no way for a non-root user to fetch a value from pillar?
21:53 juanlittledevil left #salt
21:53 whiteinge cedwards: sudo  :-P
21:53 budman I think its because I added the openssh.config to both top.sls (pillar/state) I removed it from pillar top.sls and highstate seemed to work
21:54 whiteinge cedwards: here's a full sudo example, in case it's helpful (at bottom): http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.event.html#salt.modules.event.send
21:54 budman I appreciate everyone dealing with my noobieness eventually Ill slow down.
21:54 budman Can I just highstate openssh? or does it have to be the whole base
21:56 whiteinge _prime_: s/change/chance.  the reason I ask is Runner modules did not use the eauth system (by default) in 2014.1 but they do now. you must have @runner in your eauth config.
21:56 whiteinge _prime_: that's the only change i can think of. syntax is here: http://docs.saltstack.com/en/latest/topics/eauth/index.html
21:57 _prime_ witeinge: yes, I'm calling a runner
21:58 yomilk joined #salt
21:59 Singularo joined #salt
22:00 _prime_ whiteinge: does that apply if I'm granting the user access to everything, via: external_auth:   pam:    saltgod:       - .*
22:00 alexhayes Hello all, perhaps I'm going about things the *wrong* way, however I'm settings up a salt master and provisioning it with vagrant, I'd like to do this for production so that master can run as VM. In anycase, I'd like to setup a bunch of things on the master and I'm wondering is it possible with salt to essentially control the master as you would minions? ie.. have a highstate for the master that's executed locally?
22:00 _prime_ witeinge: @runner plus -.*?
22:00 whiteinge _prime_: that only applies to execution modules on minions, not to runner functions or wheel functions.
22:00 KyleG joined #salt
22:00 KyleG joined #salt
22:01 _prime_ ah ha!  Thank you!  I'll make the change and give it anoterh go
22:01 _prime_ another*
22:02 iwishiwerearobot joined #salt
22:04 kickerdog joined #salt
22:05 BigBear joined #salt
22:11 _prime_ whiteinge: ok, i have the following perms according to the token returned: {"return": [{"perms": [".*", "@runner", "@wheel", "@jobs"], "start": 1417731026.71059, "token": "c7bd6caf3e4a24e7e2591d7d659d73ecb1e4fba8", "expire": 1417774226.710591, "user": "saltgod", "eauth": "pam"}]}
22:11 _prime_ but when I use the token, I get:     <body>         <h2>401 Unauthorized</h2>         <p>No permission -- see authorization schemes</p>         <pre id="traceback"></pre>     <div id="powered_by">       <span>         Powered by <a href="http://www.cherrypy.org">CherryPy 3.3.0</a>       </span>     </div>     </body>
22:12 whiteinge _prime_: what command are you using?
22:13 _prime_ whiteinge: curl -si http://salt-api.trading.imc.intra:9998 \ -H "Accept: application/x-yaml" \ -H "X-Auth-Token: ${TOKEN}" \ -d client='runner' \ -d tgt='*' \ -d fun='manage.status' \ -d arg
22:13 shaggy_surfer joined #salt
22:16 whiteinge _prime_: hm. what happens if you remove the `tgt` and trailing `arg` params?
22:17 _prime_ same 401 message
22:19 _prime_ whiteinge, something's munged in my script.  When I cut and paste the token to the command-line directly it works
22:19 _prime_ now I just have to figure out why my python breaks ...probably the arg that is empty needs to be excluded (and the target too)
22:19 _prime_ many thanks for your help, without the new perms it never would have worked!
22:20 whiteinge _prime_: glad it's (sort of) working. let me know if you find the bug and it looks like the API should be returning a 500 instead of a 401.
22:21 _prime_ I think the 401 is due to my script munging up the TOKEN in some way
22:22 aparsons joined #salt
22:29 aurynn so I'm getting a "file failed to render" when I'm debugging a reactor event, but *why* it failed to render isn't logged
22:30 slimmons joined #salt
22:34 Jahkeup joined #salt
22:35 alexhayes Simplifying my earlier question, how does one ensure system state on the master? I've seen a lot of information about ensuring state on minions but haven't been able to find anything about ensuring state on master (perhaps I'm searching for the wrong thing...).
22:35 aurynn alexhayes, the simplest path is to run a minion on the master
22:36 alexhayes Thats what I was thinking
22:37 alexhayes Is this a regular thing others are doing or am I going about things in an odd way?
22:37 murrdoc nope pretty standard
22:37 alexhayes Ah cool, thanks
22:41 aurynn is it possible to log from a state?
22:41 shadowsun joined #salt
22:41 otter768 joined #salt
22:41 shadowsun Using the python runner API, how the devil do I tell this thing not to dump output to stdout?
22:53 wolfpackmars2 joined #salt
22:54 dave_den joined #salt
22:54 wolfpackmars2 budman did you get your question answered about user management?
22:55 budman no i have not asked yet, been busy bugging about pillars and formulas
22:56 eykd joined #salt
22:57 eykd In http://docs.saltstack.com/en/latest/ref/runners/all/salt.runners.jobs.html#salt.runners.jobs.lookup_jid it says I can issue a command like `salt-run jobs.lookup_jid 20141204164450015530 outputter=highstate`. But when I do (on 2014.7.0) I get this error: “The following keyword arguments are not valid: {'outputter': 'highstate’}”
22:58 eykd Bug?
22:59 perfectsine joined #salt
23:00 alexhayes Has anyone see this error come up when Vagrant tries to exectue highstate? "salt: error: no such option: --retcode-passthrough"
23:01 alexhayes I mean... it makes sense, that option does not exist, question is, does it exist in a newer version of salt or older? (I'm using salt 2014.7.0 (Helium))
23:01 alexhayes Or, is it just a mistake of Vagrants?
23:02 kermit joined #salt
23:03 shadowsun Does anyone know how to stop the python api from outputting results to stdout?
23:03 iggy eykd: those are the docs for the development branch... that option didn't exist in 2014.7
23:04 eykd Ah.
23:04 eykd iggy: Thanks. Where do I find non-dev documentation?
23:04 iggy eykd: but please file an issue to have a note added about when the outputter option was added if you like
23:04 aqua^mac joined #salt
23:04 iggy no clue
23:05 eykd iggy: looks like that’s a bug in itself. :) It would be nice to be able to read historical docs. readthedocs.org only has a few random versions.
23:05 iggy they used to have versioned docs on readthedocs, but they stopped using it and haven't quite fleshed out the docs on the main site yet
23:07 iggy whiteinge: any idea on that? (since you closed the one bug I could find on the topic)
23:09 iggy like maybe someone can add 2014.7 and a more recent 2014.1 version?
23:09 wolfpackmars2 budman I found this today.  http://www.heystephenwood.com/2013/11/using-saltstack-to-manage-linux-users.html
23:11 alexhayes In case anyone is looking back on my previous question, answer is in https://github.com/mitchellh/vagrant/issues/4471
23:12 whiteinge iggy: er. yeah, that's kind of a WIP. we should still be triggering builds on RTD until the switch. not sure who's supposed to be doing that
23:12 nafg_ npm module is complaining no command "node"
23:12 whiteinge iggy: i just added 2014.7 and 2014.1.13 to the list. should be building now
23:12 whiteinge iggy: do you have that issue number handy?
23:13 iggy 8414
23:13 nafg_ Comment: Error installing 'casperjs': sh: 1: node: not found
23:14 nafg_ 1. command is "nodejs" not "node"
23:14 nafg_ 2. why not just run "npm"?
23:15 rypeck joined #salt
23:15 iggy it does
23:15 eykd iggy whiteinge: fwiw, I just added a new issue: https://github.com/saltstack/salt/issues/18755
23:16 iggy nafg_: run with -l debug and it'll probably tell you the exact command it's trying to run
23:16 whiteinge that works too
23:17 fishdust joined #salt
23:17 nafg_ iggy: i'm using salt-ssh
23:17 * iggy runs
23:17 nafg_ it's very annoying but it doesn't tell me anything
23:17 nafg_ come back!! :)
23:18 toddnni joined #salt
23:18 iggy I honestly know nothing about salt-ssh
23:18 iggy but it runs the same exact code as a standard master/minion setup
23:18 fishdust joined #salt
23:18 iggy and I just looked at that code and it is using npm (not node or nodejs)
23:21 iggy https://github.com/saltstack/salt/blob/develop/salt/modules/npm.py#L102 for reference
23:21 murrdoc joined #salt
23:21 shadowsun Okay, let me ask an alternate question
23:22 shadowsun Using the python API, how do I pass the output parameter to the manage.status() ?
23:22 shadowsun (where "output" is the name of the arg the function accepts)
23:24 rap424 joined #salt
23:29 quantum-x left #salt
23:35 Steve7314 joined #salt
23:36 nafg_ iggy: yeah i was going to say that
23:36 nafg_ well maybe it's since .0
23:36 Outlander joined #salt
23:36 Steve7314 is there a salt module that copies a file that's not within the salt filesystem to a minion?  (i.e. not in /srv/salt/...)
23:37 nafg_ iggy: nope, earlier versions of the file are also npm
23:37 nafg_ iggy: maybe npm is calling node instead of nodejs
23:37 nafg_ but when i vagrant ssh and run it myself, it works
23:39 nafg_ is there ANY way to trace salt-ssh's minion???
23:39 nafg_ iggy: I take it back! npm does throw that error!
23:39 nafg_ guess it's not a salt issue per se
23:42 Outlander joined #salt
23:42 iggy Steve7314: I've never seen one... but there's always cmd.run "cp foo bar"
23:43 Ryan_Lane is there any way to have the output of cmd.run come back as its running, rather than when it finishes?
23:43 Ryan_Lane I don't mean the return value, I mean the logging lines
23:44 iggy pretty sure, no
23:44 iggy like 98%
23:44 shadowsun Ryan_Lane: iirc from looking at the code you can't, because the minion doesn't ship it back until execution completes
23:51 Ryan_Lane shadowsun: yeah, didn't think so
23:51 Ryan_Lane no worries
23:51 Ryan_Lane thanks!
23:51 murrdoc joined #salt
23:52 _JZ_ joined #salt
23:53 shadowsun Ryan_Lane: Welcome :)
23:54 heyjonathan joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary