Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2014-12-05

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:01 Steve7314 Ryan_Lane - if you tee the output to a temp file, you can run a command to collect that tmp file as it's processing.  I did that in ansible a week or two ago to get progress output of some long running scripts.
00:03 Ryan_Lane yep :)
00:03 shadowsun Joining in on the spirit of things
00:03 Ryan_Lane we're considering that as a workaround
00:04 shadowsun You could tee it to a fifo while sending that fifo across the network via nc
00:04 shadowsun as a separate process
00:04 shadowsun ;)
00:06 Steve7314 even better :)
00:06 shadowsun Okay
00:07 shadowsun I'm just going to use salt.loader.runner to get a dict of the runners, so that I can call manage.status(output=False)
00:07 shadowsun Before I do so, is this considered bad form, or is there a way to do this properly through the python api?
00:07 gladiatr joined #salt
00:07 shadowsun because if there is, I'm not seeing it, but I've ripped through the code pretty fast trying to figure this out
00:09 budman wolfpackmars2: thanks for the find.
00:09 budman what does salt 'dev*' state.sls openssh.config this do?
00:10 budman does it not update via pillar etc..? why do I have to highstate it?
00:11 gladiatr budman, 'dev*' is your target, so your command will be picked up and executed by any minion that has a minion_id that starts with "dev".  state.sls is the [execution_module].[function] that you are executing.
00:12 Ryan_Lane joined #salt
00:12 budman so it that not, updateing my openssh.config options?
00:12 gladiatr budman, highstate queries the environment top.sls files to get a list of state modules to run.  If you don't have a top.sls that has anything to offer the 'dev*' systems, nothing will happen when state.highstate is executed.
00:12 budman or openssh.banner if I used? do i have to high state it?
00:12 budman k
00:13 gladiatr budman, sorry.  didn't finish the thought :)  openssh.config is the (on the master) /srv/openssh/config.sls state.  The command line you showed would cause this state to be executed on the target minions.
00:13 budman which would update the minion via the my openssh pillar correct?
00:14 gladiatr Whether or not it does anything has more to do with its validity and/or structure.  Are you running with log_level set to DEBUG?
00:14 shaggy_surfer joined #salt
00:14 budman I have not enabled any debug etc..
00:15 gladiatr If its not doing what you expect, the first thing I'd do is enable DEBUG level logging on the master and one of the target minions.  If its not doing what you intend, its likely there is an error in the state file.  that'll show up in the (DEBUG) logs
00:15 shadowsun budman: pillars are data structures. Basically they're for storing data. States are descriptions of the state you want the minion to be in.
00:16 shadowsun budman: config.sls is a salt state file. When you call state.sls you're saying "apply a state named", then you say openssl.config, which means openssl/config.sls.
00:16 shadowsun budman: They're different things - "This is this and that is that".
00:16 budman right so the data I store in my pillars, are executed by states the include them.
00:17 budman rgr
00:17 shadowsun A state can reference information in a pillar, yes
00:17 budman So what is saying push the new SSH banner? or push the new data in the openssh piller (ssh port)
00:17 shadowsun Neither
00:17 shadowsun the data is data
00:17 shadowsun it doesn't define config files
00:18 shadowsun You might have the content you want in the banner in the pillar
00:18 shadowsun and then your openssl/config.sls could reference that data as it builds the banner file
00:18 budman so if I edit my openssh.sls (pillar folder) set a different ssh port. its normal process to salt 'dev*' state.sls openssh.config
00:18 budman to push it to dev*?
00:18 shadowsun NO
00:18 shadowsun openssh.sls is not a pillar
00:18 shadowsun it's a state file
00:18 shadowsun these are completely different things
00:19 shadowsun pillars are not states
00:19 shadowsun like
00:19 shadowsun a big mac is not a plate.
00:19 X86BSD joined #salt
00:19 budman thats the only way I could get my SSH port to change, Im sorry for being so ignorant.
00:19 shadowsun Well I think I understand what you're saying
00:19 budman Im sure Im doing it wrong, so Im trying to understand how/where
00:19 shadowsun but you're using the wrong term so I'm trying to help
00:19 shadowsun there's a LOT of terminology to get used to :)
00:20 gladiatr ^^ +1
00:20 shadowsun also.. I don't think you ever need to apologize to me for being ignorant
00:21 budman so having  /srv/pillar/openssh.sls (https://gist.github.com/anonymous/22dc688fec11a01222cc) is probably not proper?
00:21 shadowsun I was born naked and crying just like everyone else ;)
00:21 budman lol
00:21 shadowsun lol
00:21 shadowsun it is proper
00:21 shadowsun However you shouldn't call that folder 'pillar'
00:21 gladiatr (don't believe him... the only kid born with pants)
00:22 budman ahh do I just move that over to /srv/salt? root?
00:22 shadowsun budman: Move it into srv/openssh/config.sls
00:22 shadowsun Then your top.sls can reference openssh.config for the config file, for instance.
00:23 budman I already have a config.sls from the openssh formula (https://gist.github.com/anonymous/d3c33d3ced26f68fa475)
00:23 budman and when you say your top.sls can reference it, is that the top.sls in /srv/salt or /srv/pillar
00:24 bhosmer_ joined #salt
00:24 shadowsun O.o
00:24 shadowsun There should only be one top file?
00:24 budman k so im doing that wrong
00:25 shadowsun You're doing that in a way that I didn't know you could?
00:25 shadowsun <-- not authoritative ;)
00:25 iggy you should have a top file for states and one for pillars
00:25 shadowsun iggy: yeah, I'm just reading the new updated documentation.. iirc it wasn't like this when I set mine up
00:26 budman bleh I just rm'd it :)
00:26 iggy so with the default layout, you'll have /srv/{salt,pillar}/top.sls
00:26 iggy shadowsun: unless that was before 0.10 or so... (so like 3 years ago)
00:28 shadowsun iggy: Not that long ago, but I may have read out of date documentation
00:28 forrest joined #salt
00:28 shadowsun iggy: I do find references in the documentation to sticking with a single top.sls unless you need multple.
00:29 shadowsun iggy: I'm also running multi-environment, and I did see some bugs with multiple top.sls files for awhile.
00:30 shadowsun http://docs.saltstack.com/en/latest/topics/tutorials/pillar.html
00:31 shadowsun budman: yeah, the current documentation says I'm the one set up wrong >.>
00:31 budman so you were born naked and crying confirme
00:31 budman d
00:31 iggy shadowsun: that means a single top for states and a single top for pillars
00:32 * shadowsun files some tickets against himself
00:32 shadowsun iggy: yeah
00:32 shadowsun budman: lol yup
00:32 iggy that note is for people who are using multiple dirs for state files (i.e. gitfs with branches)
00:32 shadowsun iggy: I know for sure that some of my config dates from 0.13-ish, but I haven't been running salt for three years, so definitely not 0.10 ;)
00:33 shadowsun iggy: Yeah, I'm doing that too
00:33 budman and one last thing for the day, big difference from highstate and jus state?
00:33 * shadowsun has a weird setup
00:33 shadowsun budman: highstate applies all states
00:33 budman ahh
00:33 shadowsun budman: So all the things your top.sls say should be applied to a thing, highstate will apply them all
00:34 budman highstate uses which top.sls pillar/state?
00:34 budman or both?
00:34 iggy both
00:34 shadowsun budman: I know it uses the state top.sls; I would assume it also uses the pillar but let me check
00:36 shadowsun http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.state.html
00:37 shadowsun budman: Iggy's right
00:37 iggy 95% of the time
00:37 shadowsun budman: highstate's referencing pillar data so it's using that
00:37 shadowsun iggy: :)
00:37 shadowsun iggy: How much do you know about salt's python api?
00:37 iggy nothing
00:38 shadowsun damn lol
00:38 iggy or I would have already answered your question
00:38 shadowsun I'm about to just do it because it works for now
00:39 shadowsun based on https://groups.google.com/forum/#!topic/salt-users/-5sJskDXq_c
00:42 otter768 joined #salt
00:43 murrdoc joined #salt
00:45 iggy are you actually using the RunnerClient api? or LocalClient? or Caller?
00:45 shadowsun iggy: I was using the RunnerClient
00:46 iggy for any particular reason?
00:46 iggy I guess let me ask this the way I normally do...
00:46 shadowsun iggy: Because using the provided API is usually the right way to use the features of another software package in your own? :)
00:46 iggy What are you actually trying to achieve (not how are you trying to achieve it)?
00:46 shadowsun Ah.
00:47 shadowsun I need to be able to interact with some minions via a completely different software package that presents its own API as part of a more extended project
00:47 shadowsun Since I'm writing said software package, I was going to use the salt API
00:48 iggy so you are writing some python code that interfaces with both of these APIs?
00:48 shadowsun yes.
00:48 shadowsun More accurately, frontend <-> MVC <-> My code <-> Salt
00:48 iggy have you looked into the rest api?
00:49 shadowsun No, I hadn't yet
00:49 iggy then you aren't tied to running "My code" on the master
00:50 shadowsun o>O
00:50 shadowsun circular reference
00:50 shadowsun salt docs say go look at salt-api, salt-api tells me to go look at the salt docs
00:51 iggy you're probably going back and forth between different versions of docs
00:51 iggy salt-api used to be a separate project, it's now built-in to salt core
00:52 shadowsun These docs are for Salt's development version: 8105892.
00:52 shadowsun See the salt-api project to access Salt externally via a REST interface. It uses Salt's Python interface documented below and is also useful as a reference implementation.
00:52 iggy yeah, salt-api is built-in now
00:52 shadowsun yeah
00:52 iggy where do you see that?
00:52 shadowsun http://docs.saltstack.com/en/latest/ref/clients/
00:52 shadowsun :)
00:52 iggy file a bug
00:53 aqua^mac joined #salt
00:54 iggy the salt-api docs are still helpful for getting an overview of how things work (fwiw)
00:54 shadowsun yeah
00:54 shadowsun I'm curious though
00:54 shadowsun Can I use this *and* have halite running on the master at the sme time or will it blow up?
00:55 iggy yeah
00:55 iggy you may have to adjust port numbers, but that shouldn't be a big deal
00:55 aqua^mac_ joined #salt
00:55 iggy and check out pepper for examples how to talk to the api
00:56 davet joined #salt
00:56 shadowsun Well, it's just that if I follow the recommendations there'll be multiple cherrypy's running
00:56 shadowsun I'm kinda production on this server and can't afford to blow it up >.>
01:00 iggy you don't have the option of spinning up a VM or something to test?
01:01 shadowsun Yes, but I'm not swimming in free time
01:01 murrdoc better to test
01:01 iggy ^
01:01 shadowsun murrdoc: yes
01:01 murrdoc put the time in up front
01:01 shadowsun When possible
01:01 murrdoc then OMG REVERT
01:01 shadowsun heh no kidding
01:01 iggy or just skip it and call the command line tools
01:02 shadowsun well
01:02 shadowsun this section of code is abstract
01:02 shadowsun I could change it to use REST later and not impact anything except this one class
01:02 shadowsun so I'm inclined to just use the Python for now
01:02 shadowsun I doubt there's going to be a major calling signature change any time soon for manage.status
01:03 shadowsun >.>
01:03 shadowsun <.<
01:03 shadowsun I hear Murphy approaching now.
01:05 Ryan_Lane joined #salt
01:06 iggy after looking at the manage.status runner code, I actually think your earlier mention of output=False is really what you want
01:06 shadowsun yeah
01:07 shadowsun which is why I'm using salt.loader.runner directly
01:07 shadowsun I'm just not sure that's the best choice in the long run
01:07 iggy it doesn't print, but you still get the data back that you need (via the up/down of the returned dict
01:07 shadowsun ^^
01:08 shadowsun Checking something though
01:08 iggy runner = salt.runner.RunnerClient(opts)
01:08 iggy status = runner.cmd('manage.status', [])
01:08 iggy then you have status['up'] and status['down']
01:09 shadowsun wel
01:09 shadowsun but it dumps stdout
01:09 iggy status = runner.cmd('manage.status', [], output=False)
01:09 shadowsun I *can't* have it doing that
01:09 shadowsun I tried that
01:09 shadowsun let me try it again
01:11 shadowsun TypeError: cmd() got an unexpected keyword argument 'output'
01:12 shadowsun afaict there is no code path that lets me pass output=False back to the function
01:12 shadowsun return self.functions[fun](*args, **kwargs)
01:13 ekristen joined #salt
01:13 shadowsun https://github.com/saltstack/salt/blob/develop/salt/runner.py
01:13 paha joined #salt
01:14 shadowsun Wow
01:14 shadowsun this is quite different than mine
01:15 shadowsun https://github.com/saltstack/salt/blob/2014.7/salt/runner.py
01:15 shadowsun lines 119-123
01:23 iggy status = runner.cmd('manage.status', [{'output':False}])  ?
01:24 iggy I don't really know... time to head home... good luck
01:24 shadowsun lol
01:24 shadowsun yeah it is here too.. I already tried that one, didn't work
01:24 shadowsun serverstatus = self.saltrunner.cmd('manage.status', [], {}, {'output': False})
01:24 shadowsun DID work
01:25 shadowsun tyvm
01:25 shadowsun I'll do it this way
01:25 yomilk joined #salt
01:34 gladiatr joined #salt
01:36 troyready joined #salt
01:45 byronschaller joined #salt
01:54 malinoff joined #salt
01:56 yomilk_ joined #salt
01:57 jeffrey4l joined #salt
02:01 gladiatr Is there an injected variable or function or some such that gives the path to the current running state file--specifically in the state tree.
02:11 cromark joined #salt
02:17 pdayton joined #salt
02:22 FarrisG_ joined #salt
02:25 FarrisG joined #salt
02:43 otter768 joined #salt
02:48 avn joined #salt
02:53 debia joined #salt
02:57 yomilk joined #salt
03:09 philipsd6 joined #salt
03:17 jalbretsen joined #salt
03:17 Mso150 joined #salt
03:20 jeffrey4l joined #salt
03:24 ckao joined #salt
03:28 aparsons joined #salt
03:31 aparsons_ joined #salt
03:31 zlhgo does salt-api have an api of client-side?
03:33 CeBe joined #salt
03:39 Mso150 joined #salt
03:41 jimklo_ joined #salt
03:42 crocket joined #salt
03:42 crocket hi
03:43 crocket How do I specify links in dockerio.running states?
03:43 crocket It's not documented properly.
03:52 strangew_ joined #salt
03:53 strangew_ left #salt
03:56 TheThing joined #salt
03:58 yomilk_ joined #salt
03:59 voxxit joined #salt
04:03 jeffrey4l joined #salt
04:03 TheThing joined #salt
04:04 jalbretsen joined #salt
04:04 gngsk joined #salt
04:06 byronschaller joined #salt
04:06 aquinas joined #salt
04:08 voxxit joined #salt
04:12 voxxit joined #salt
04:16 viq joined #salt
04:17 TheThing joined #salt
04:25 jeffrey4l joined #salt
04:28 crocket I ran 'salt-call --local -l warning state.highstate', and salt-call said "State 'docker.running' found in SLS 'master.selenium.hub' is unavailable"
04:28 crocket The salt version is v2014.7.0
04:28 crocket It should have docker.running state.
04:34 monkey66 joined #salt
04:34 monkey66 left #salt
04:35 crocket left #salt
04:40 voxxit joined #salt
04:42 voxxit joined #salt
04:44 otter768 joined #salt
04:48 avn joined #salt
04:58 strangew_ joined #salt
04:59 ajolo joined #salt
05:01 Ssquidly joined #salt
05:11 jhauser joined #salt
05:40 monkey661 joined #salt
05:49 ramteid joined #salt
05:49 beneggett joined #salt
05:49 __number5__ crocket, do you have https://github.com/dotcloud/docker-py installed?
05:50 __number5__ it's required by the dockerio state
05:52 ponpanderer joined #salt
05:54 ponpanderer Hey, i just moved to 2014.7 and it seems there's an issue with salt-cloud on openstack. it can successfully launch instances, but then times out after 10 minutes claiming "SaltCloudSystemExit: Unable to get IP for 00:10:00". is that a known issue?
05:57 jeffrey4l joined #salt
06:02 catpiggest joined #salt
06:02 strangew_ joined #salt
06:08 capricorn_one joined #salt
06:26 bhosmer joined #salt
06:43 smcquay joined #salt
06:43 robinsmidsrod joined #salt
06:45 otter768 joined #salt
06:56 robinsmidsrod joined #salt
06:59 catpigger joined #salt
07:06 jeffrey4l joined #salt
07:10 flyboy joined #salt
07:15 ndrei joined #salt
07:17 hojgaard joined #salt
07:27 jeffrey4l joined #salt
07:34 SpX joined #salt
07:34 robinsmidsrod joined #salt
07:37 robinsmidsrod joined #salt
07:38 iwishiwerearobot joined #salt
07:40 karimb joined #salt
07:40 yerodin joined #salt
07:41 badon joined #salt
07:43 debia_ joined #salt
07:43 babilen o/
07:44 monkey66 joined #salt
07:45 TyrfingMjolnir joined #salt
07:46 dimeshake \o
07:48 evidence \o/
07:49 oyvjel joined #salt
07:49 dimeshake /o\
07:49 SpX joined #salt
07:49 budman joined #salt
07:49 evidence so is anyone storing binary data in pillar?  curious how if so.  seems you might be able to base64 encode it, then write a module to decode it before writing
07:50 dimeshake I hope to make it to saltconf 2015. I'm doing the remote training this month, too, but want to make it out to an actual conference as well
07:50 evidence what are the deets on the remote training?
07:51 evidence ah https://www.eventbrite.com/e/saltstack-enterprise-training-dec-15-19-salt-lake-city-or-participate-remotely-tickets-14460956109
07:51 evidence who wants to goto SLC in the middle of winter? :x
07:52 tmmt joined #salt
07:52 tomspur joined #salt
07:52 dimeshake yeah i'm doing it remotely partially for that reason...
07:52 dimeshake and it looks like there's an issue open for that, evidence: https://github.com/saltstack/salt/issues/9569 (binary pillar data)
07:53 Auroch joined #salt
07:54 eject_ck joined #salt
07:54 dimeshake evidence: perhaps related and some methods here: https://github.com/saltstack/salt/issues/1543
07:56 babilen evidence: I do, but I am simply reading the file from disk and then hand out the file as value in a Python dictionary. (pillar written in #!py)
07:57 evidence and the binary data is handled fine in the dictionary?
07:58 babilen One of the reasons why I filed https://github.com/saltstack/salt/issues/18406
07:58 babilen evidence: Sure, why wouldn't it?
08:02 evidence just if it only supports standard ascii, but it sounds like that's not the case
08:02 evidence babilen: i assume you're using this then? https://github.com/saltstack/salt/commit/89a3d905dc3c09dd65eb9964d83c74316bfc17f1
08:04 evidence and yeah, there was mention of the complications of making pillar able to simply serve files in some of the older issues requesting similar
08:04 evidence none of them seemed to gain much traction
08:04 JlRd joined #salt
08:06 slafs joined #salt
08:07 robinsmidsrod joined #salt
08:07 slafs left #salt
08:07 babilen I guess I will have to implement it myself if I want that functionality. So far most people really liked the "pillar://" idea I formulated there, so it might happen eventually.
08:07 oyvjel1 joined #salt
08:08 babilen evidence: Ah, no, I wasn't aware of that. That looks super useful and might even, more or less, be what I was looking for.
08:10 evidence babilen: it seems similar to what your doing, if you have no problems reading in and spitting out binary data through the dictionary it seems that should work nicely also
08:10 babilen Well, I was asking for more explicit integration and less "magic" in terms of their host id matching in there (why would one do that? just introduce another top.sls with the power of targeting in the root directory)
08:11 yomilk joined #salt
08:11 babilen It feels unnecessarily restricted to only exact minion id matches ..
08:12 babilen I mean we had the whole "I don't want to mention it a hundred times if I want to distribute the same file to a hundred boxes" issue sorted already :D
08:14 babilen In fact I would argue that, while a good idea in general, it is exactly the wrong way to go about it as it conflates file system structure and targeting
08:14 AirOnSkin joined #salt
08:16 robinsmidsrod joined #salt
08:18 BigBear joined #salt
08:22 robinsmidsrod joined #salt
08:24 evidence agreed, and if you go w that method across many hosts, you're seriously inflating the pillar
08:24 evidence babilen: also just to confirm, your just using file.managed and contents_pillar to pull the binary data out?
08:25 IOMonster joined #salt
08:25 * evidence excuses his own grammar.. it's 1:30 ;)
08:26 babilen evidence: That's okay, it's half eight here, so .. :)
08:26 babilen And yeah, that's what I do
08:30 robinsmidsrod joined #salt
08:30 lb1a joined #salt
08:31 IOMonster joined #salt
08:31 IOMonster joined #salt
08:33 babilen evidence: Python doesn't really care what you store in a dictionary and as long as none of those pesky yaml, jinja, mako, ... parsers lay their fingers on it your data should be safe.
08:34 tomspur joined #salt
08:35 Mso150 joined #salt
08:42 robinsmidsrod joined #salt
08:43 capricorn_1 joined #salt
08:43 kawa joined #salt
08:46 robinsmidsrod joined #salt
08:46 otter768 joined #salt
08:48 dRiN joined #salt
08:49 robinsmidsrod joined #salt
08:54 intellix joined #salt
08:55 robins joined #salt
08:56 kawa joined #salt
08:59 yomilk_ joined #salt
09:08 cb joined #salt
09:09 Heartsbane joined #salt
09:09 lothiraldan joined #salt
09:25 jhauser joined #salt
09:27 sieve joined #salt
09:35 kawa joined #salt
09:38 kawa joined #salt
09:38 kermit joined #salt
09:41 toplessninja joined #salt
09:49 jrluis joined #salt
09:53 fredvd joined #salt
09:53 Outlander joined #salt
09:55 jwarchol joined #salt
10:02 N-Mi_ joined #salt
10:04 RDc joined #salt
10:10 agend joined #salt
10:13 iMil joined #salt
10:13 iMil joined #salt
10:17 sieve joined #salt
10:17 jhauser joined #salt
10:17 iMil joined #salt
10:17 iMil joined #salt
10:17 intellix_ joined #salt
10:17 CeBe joined #salt
10:19 yomilk_ joined #salt
10:21 iMil joined #salt
10:21 Lycnixd joined #salt
10:28 bhosmer joined #salt
10:29 jwarchol hello
10:29 jwarchol I have trouble with salt REST API
10:31 jwarchol I have salt-api 0.8.4.1 installed, and as far as I can see, it's the latest version available
10:32 sieve I'm trying to work out how to use salt to deploy a salt master with a specific configuration. I can use bootstrap-salt to install the master but then how to I populate the state tree for instance or place some files here and there?
10:33 jwarchol the documentation says that i should be able to use /keys url to work with salt keys (http://docs.saltstack.com/en/latest/ref/netapi/all/salt.netapi.rest_cherrypy.html#keys), but when i try to send a request there, i get "The path '/keys' was not found."
10:33 babilen sieve: I use GitFS for states and pillars and provision the master with the salt-formula. Initial setup has to allow for the initial highstate run though.
10:34 sieve Please could I have an example of how your using gitfs? Share your secret sauce? :)
10:35 sieve The main point Im having trouble with is how do I provision the master? I read somewhere that the master configuration goes in /srv/salt/master but I cant work out how to highstate this.
10:36 Damoun left #salt
10:37 aurynn sieve, a common pattern seems to have a minion running on the master
10:37 babilen sieve: http://docs.saltstack.com/en/latest/topics/tutorials/gitfs.html
10:37 babilen + https://github.com/saltstack-formulas/salt-formula
10:38 sieve Ok, I think I see how this is going together now. How do you name your master?
10:39 babilen Please note, once again, my remark about the fact that your *initial* configuration (i.e. the state you get after setting up the master) has to be done in such a way that your gitfs_remotes are configured (the ones you need at least) so that the highstate run can actually succeed in configuring the master
10:39 sieve When using amazon for instance I dont think I can control the hostname of the machine
10:39 RDc joined #salt
10:39 sieve babilen: I understand that point
10:40 sieve chicken or the egg…choose one
10:40 babilen I typically call them $CUSTOMERID-master1.tld and $CUSTOMERID-master1.tld for masters that control the setup for $CUSTOMER
10:41 workingcats joined #salt
10:43 babilen sieve: It really isn't that chicken-y or egg-y. You will, presumably, keep your salt-states that contain the master configuration and the respective pillar in two (one each) repository. You might require a few additional gitfs_remotes for formulas that you target to '*' and that is it. As you will have to setup the master and minion on the master anyway it shouldn't be too hard to deploy a minimal master config that meets these requirements and ...
10:43 babilen ... allows the master to complete the initial highstate on itself without problems
10:47 otter768 joined #salt
10:47 wnkz joined #salt
10:49 iwishiwerearobot joined #salt
10:50 sieve babilen: thanks for the food for thought :)
10:51 sieve babilen: are you using salt in heavy production?
10:51 babilen Define "heavy"
10:51 sieve If salt suddenly stopped working how screwed would you be?
10:52 babilen There would be around 40-50 people that would hurl insults in my direction
10:52 sieve Thats pretty heavy
10:52 sieve Do you trust it?
10:53 sieve Im thinking of putting myself in a position where 40 or 50 people start hurling insults and possibly bricks in my direction
10:53 babilen I do, but I test *everything* locally on KVM boxes that I provision with vagrant before I push it into production, so I am pretty sure what will happen.
10:54 jwarchol I have a question about salt-api: how can I tell salt to accept a key using rest api?  I think I have configured the api correctly (I can login into it, send a command to ping minion) but the basic example from the documentation doesn't work: curl salt.api.url/keys returns "The path '/keys' was not found.".  What am I doing wrong?  My version of salt-api is 0.8.4.1
10:54 Lycnixd joined #salt
10:55 babilen That way I can catch errors .. I think the biggest fuck up we had was https://github.com/saltstack/salt/issues/12286 that caused a bunch of NFS mounts to disappear
10:55 babilen I was just sitting there thinking ... "but but but ... I used 'test=True'"
10:56 babilen sieve: But then, over the last year we had very few problems with salt and *significantly* fewer problems in total due to the inconsitencies it helped us to resolve and all the little things that you tend to forget when you make changes (e.g. "restart service foo, bar and baz after touching this")
10:56 lb1a i'm quite new to salt and i don't get the concept of the "highstate" is there only 1 highstate available in my pool of servers and everyone has to obey it? or is this more modual?
10:57 lb1a i liked the "roles" concept of "chef" where you can bundle your recipes/cookbooks into roles and give different servers, different roles (webserver,loadbalance,etc)
10:57 babilen lb1a: A "highstate" applies to only a single minion. You can, however, target a highstate *each* at your minions by running 'salt '*' state.highstate'
10:57 lb1a can this be achied through salt?
10:58 lb1a so can i assign different highstates to different minions?
10:58 lb1a or am i mixing the wording?
10:58 jwarchol lb1a: I'm also neew to salt, so I may be wrong, but as far as I understand there is one highstate, but you add conditions into it
10:59 babilen A highstate is simply the collection of states that apply to your minions (as defined in the top file, cf. http://docs.saltstack.com/en/latest/ref/states/top.html). You would typically use the entire set of targeting options in there to define *exactly* which states will be run on which minions. Take a look at http://docs.saltstack.com/en/latest/topics/targeting/ to learn what you can do there.
11:00 robinsmidsrod joined #salt
11:01 babilen lb1a: If you are starting to look into roles and how to use/implement those in salt: I would *strongly* suggest to implement them on top of pillars rather than grains. This probably doesn't mean anything right now, but once you get there think of my remark and ping me.
11:01 jwarchol does anyone see my messages?  I'm fine if noone can answer my questions, but i'd like to make sure that you're getting them at all.
11:01 babilen But then, you could easily have a "webserver" state file that simply includes other states and target that to your minions
11:01 babilen jwarchol: I can see them just fine, I simply have no idea about salt-api
11:02 jwarchol ok, thanks
11:02 lb1a babilen, thanks i'm reading more salt docs :D
11:04 babilen lb1a: That is, probably, what you will have to do. I would recommend reading http://docs.saltstack.com/en/latest/topics/tutorials/index.html (stop at 3.3.7), then 3.4.8, followed by the aforementioned documentation on the top file and targeting.
11:05 babilen lb1a: Once you are done with that read http://docs.saltstack.com/en/latest/topics/best_practices.html and http://docs.saltstack.com/en/latest/topics/development/conventions/formulas.html to learn how to write idiomatic salt that scales to heterogeneous environments and allows for data-driven configuration
11:05 lb1a babilen, thanks very much for the pinpoints
11:06 lb1a i'll digg myself through that
11:06 babilen It would probably take you about a day (or two) to work through that and wrap your head around it, but its reasonably hands on (and I would recommend to play along) and will give you a very good overview over how thinks are done in "salt land"
11:06 drybjed babilen: do you know about how I could generate random strings (for passwords, tokens, etc.) in salt and preserve them? I imagine that they would need to be saved as grains on minion hosts?
11:07 lb1a thanks, i'll ping if i run into any stuff that messes with my brain :D
11:09 babilen drybjed: I wouldn't abuse grains for that. To be honest that is one of the few areas in which I really haven't found a suitable solution yet, but I am very interested in doing that. My idea would be to write an execution module that I use in my states to generate that data and that also serialises it *somewhere*. That location should preferably be accessible as external pillar and I would then refer to the pillar in future runs.
11:09 babilen (e.g. write it to a database, ...)
11:10 drybjed babilen: you can define access to pillar on multiple hosts? that way access to passwords could be shared between hosts
11:11 babilen drybjed: You can target data in pillars just like you can target states. That is what makes them suitable for providing sensitive information.
11:11 drybjed babilen: good to know, thanks
11:11 Lycnixd left #salt
11:12 giantlock joined #salt
11:12 babilen pillars have their very own top file in which you target pillars (which are simply Python dictionaries) to your minions. A minion will *only* see the data that has been targeted to it and nothing else.
11:13 babilen lb1a: Have fun, if you are looking for a "playground" setup that uses vagrant and libvirt based hosts take a look at https://gist.github.com/babilen/e9479fdfbcca431db208
11:14 lb1a babilen, i'm not into vagrant. i used little droplets from digitalocean to play around
11:14 drybjed babilen: honestly, I have a public Ansible playbook that for example installs and configures mysql server automatically with random password for root account that is saved on the control host, is there a way to recreate that automatically in pillars (ie. generate them via states), or would I need to provide "example" pillars that would need to be setup by hand by the admin?
11:14 babilen lb1a: sure
11:15 SpX joined #salt
11:16 babilen drybjed: The tricky part is the "storing" and I wouldn't personally want to store it on the box, but you could probably use http://docs.saltstack.com/en/latest/ref/states/all/salt.states.grains.html#salt.states.grains.present to set it locally
11:16 drybjed babilen: on which box, master? or minion?
11:17 babilen I don't like to keep data on the boxes that I manage (for a variety of reasons, one of which is security) which is why I don't favour using grains for anything but what they are out of the box (i.e. data about the minion like cpu, ip addresses, ...)
11:17 drybjed babilen: that wouldn't probably work for sharing passwords... unless you can lookup grains from one host on different host, that's what salt-mine is for afaik?
11:17 babilen "on the minion"
11:18 yomilk joined #salt
11:18 babilen drybjed: You can use the salt mine to make information about one minion available on other minions
11:18 drybjed yeah, passwords are tricky because you need them in plaintext to ensure idempotency
11:20 babilen drybjed: No, my idea would rather go along the route of "generate information and store it $somewhere and then access it via pillars". There are a variety of external pillars that can be used as suitable data sources (cf. http://docs.saltstack.com/en/latest/ref/pillar/all/ ). But honestly, i am simply the wrong person to ask right now. I am sure that other people figured out a very idiomatic solutions to this already and I would recommend to ask on ..
11:20 babilen ... the mailing list. (I will contribute to that topic)
11:27 jonatas_oliveira joined #salt
11:27 darrend left #salt
11:34 jwarchol joined #salt
11:40 Elsmorian joined #salt
11:43 flyboy82 can anyone else confirm that usage of variables within salt functions is possible with C syntax? eg.  {% set var1 = salt['grains.get']('host') %}{% for data in salt['pillar.get']('something:%s' % (var1)) %} ...blah... {% endfor%}    ???
11:46 Elsmorian flyboy82: not sure, but you can use template vars, ie. {% set var1 = 'hello' %} {% set var2 = ' flyboy' %}  {{ var1 ~ var2 }}
11:47 Elsmorian will output "hello flyboy"
11:47 Elsmorian Anyone know how salt-cloud talks to VMs after they have been created but prior to installing salt?
11:48 Elsmorian I'm having an issue when it creates a VM on Rackspace fine, tries to connect to it over ssh (using a password (?)) and then just keeps trying 15 times and then gives up
11:48 babilen http://jinja.pocoo.org/docs/dev/templates/#format
11:48 babilen flyboy82: ^
11:49 Elsmorian I'm not sure if rackspace are being slow to hand over the password the VM has a first boot, or it uses keys that are not being set or what
11:49 babilen But if you already confirmed that your example worked, then: What's your question?
11:49 babilen I wouldn't necessarily have expected it to, but I am also not overly surprised
11:54 diegows joined #salt
11:56 Elsmorian In normal opration after salt cloud has detected the VM has an IP, it changes the password via the Rackspac API and then tris to ssh in?
11:57 flyboy82 babilen: because I just saw that today and now I'll have to rewrite everything just to avoid the tons of extra iterations I was doing because I didn't know how to do it
11:58 whiteinge jwarchol: that version of salt-api is one release old. The keys url is not in that release. However you can still call wheel modules to accept keys
11:58 flyboy82 so I just wanted to see if it works on someone else too so that we could maybe add it somehow to the documentation???
11:59 whiteinge jwarchol: http://docs.saltstack.com/en/latest/ref/wheel/all/salt.wheel.key.html
12:00 jwarchol okay
12:00 jwarchol let me try that...
12:00 flyboy82 babilen: also the link you gave me I've seen before, it doesn't have anything to do with salt though. I wanted specifically usage of variables within salt function arguments
12:00 whiteinge jwarchol: what version of salt are you running?
12:00 jwarchol btw, how should i install the newest api release?
12:01 jwarchol I'm running salt 2014.7
12:01 whiteinge In that case you already have the newest version. Salt-API now ships with salt core
12:02 whiteinge Uninstall the separate version you installed
12:02 jwarchol hmm
12:02 jwarchol I've already tried that, actually
12:03 jwarchol but i couldn't find the api
12:03 jwarchol i mean, i tried not installing salt-api package
12:04 babilen flyboy82: salt uses jinja and you would have to use valid jinja
12:04 jwarchol so, should installing salt-master package give me also salt-api?
12:04 whiteinge jwarchol: what distro how did you install salt?
12:04 jwarchol or should i install another package?
12:05 kawa joined #salt
12:05 babilen flyboy82: I'm still not entirely sure what you ask about. Just to be clear about what I mean: I was expecting "'something:%s'|format(var2)" rather than what you used before
12:06 jwarchol ubuntu 14.04; i ran 'sudo apt-get install salt-master'
12:06 babilen flyboy82: But as you already confirmed (and are simply looking for someone else to re-affirm the same fact) that your version does what you expect it to I am not entire sure what you are asking about.
12:07 whiteinge IIRC, the ubuntu packages split salt-api into it's own package
12:07 babilen yeah
12:08 kawa2014 joined #salt
12:08 whiteinge jwarchol: gotta run afk. bbl
12:08 flyboy82 if anyone else here has used it too and worked
12:08 flyboy82 babilen^
12:09 jwarchol whiteinge: ok
12:19 mikkn joined #salt
12:19 babilen flyboy82: Why do you care if it works for you?
12:22 rbjorklin babilen: Is it possible to use variables within a pillar file?
12:23 rbjorklin version: 2.6
12:23 flyboy82 babilen: Wasn't this channel's purpose also to share what we find besides just asking questions? also, jinja version of salt isn't the latest jinja. I've tried using some filters before and they didn't exist... So it could be a salt/jinja version thing that it worked for me. Someone else might have different experience. And since you guys have far more experience than me, I just asked
12:23 rbjorklin source: http://someserver.com/rest/api/{{ version }}/file.txt
12:23 borgstrom joined #salt
12:27 babilen rbjorklin: Variables such as?
12:28 viq rbjorklin: depends where you want to get those variables from
12:29 babilen flyboy82: I would argue that this channels purpose is to support users of salt to solve their problems. I personally aren't particularly interested in verifying that something works (we wouldn't see the end of it!) rather than figuring out why something *doesn't work* and how to solve it instead.
12:30 babilen rbjorklin: You could set that string in a pillar and then use it as template in a state later, it will, however, not be filled in the pillar directly. What are you trying to do exactly? We might be able to provide better help if we have something to work with :)
12:30 jwarchol does anyone know which package should i install to get latest salt-api?  I've tried installing all packages from ppa:saltstack/salt (except salt-api, which gives me an old api veersion) and i didn't get it.
12:31 thawes joined #salt
12:33 jespada joined #salt
12:35 rbjorklin babilen: I'm trying to put a .war file from Sonatype Nexus on a server with Salt
12:35 rbjorklin babilen: I have a state that takes values from a pillar and does the above
12:37 rbjorklin babilen: the path to the .war file contains a version number
12:38 rbjorklin babilen: and that version number is re-used on more places
12:38 rbjorklin babilen: Hmmm.... Think I just realized what I need to do
12:38 rbjorklin babilen: what/how
12:40 jeffrubic joined #salt
12:41 mapu joined #salt
12:42 viq rbjorklin: if you're thinking about referencing a pillar value within a pillar value, then nope.
12:45 linjan joined #salt
12:47 otter768 joined #salt
12:48 glyf joined #salt
12:50 bhosmer joined #salt
12:52 glyf joined #salt
12:56 JlRd joined #salt
12:57 intellix joined #salt
13:01 gmoro joined #salt
13:02 Morbus joined #salt
13:04 eliasp joined #salt
13:09 CeBe joined #salt
13:14 byronschaller joined #salt
13:15 iwishiwerearobot joined #salt
13:15 lothiraldan joined #salt
13:15 sieve joined #salt
13:20 bhosmer joined #salt
13:23 Renat joined #salt
13:25 Renat Hello everyone! I'm newbie in SaltStack, can anybody help me with rest_cherrypy?
13:29 joehh1 Renat: I'm not sure I can, but have you a more specific problem?
13:30 Renat I'm added "production-ready" configuration, create certificate and key, user, but rest_cherrypy not started anymore.
13:31 Renat salt installed from debian repository of saltstack
13:31 linjan joined #salt
13:32 bhosmer joined #salt
13:33 Renat joehh1: salt version is salt-master (2014.7.0+ds-2~bpo70+1)
13:36 joehh1 Renat: I'm the perfect person to complain to then :)
13:37 babilen heh :)
13:37 joehh1 what are you trying/wanting to achieve and what should the packaging do?
13:38 joehh1 As far as I'm aware, the rest_cherrypy part is new for 2014.7
13:38 joehh1 I don't actually use it and am not yet doing anything particular for it in the packaging
13:38 SpX joined #salt
13:39 joehh1 what you do you think should happen?
13:39 CeBe1 joined #salt
13:39 bartoua left #salt
13:41 jonbrefe joined #salt
13:41 Renat joehh1: lsof -i show me that port not listen
13:41 CeBe joined #salt
13:42 ericof joined #salt
13:42 wnkz joined #salt
13:42 Renat joehh1: mean port selected for rest_cherrypy
13:44 joehh1 Renat: I'm not surprised that there is nothing listening on the port
13:45 joehh1 I haven't yet packaged salt-api as a particular package
13:46 joehh1 In the short term, I guess that following https://salt.readthedocs.org/en/latest/ref/netapi/all/salt.netapi.rest_cherrypy.html#using-a-wsgi-compliant-web-server
13:46 joehh1 might be the best way forwards?
13:46 _prime_ joined #salt
13:46 gildegoma joined #salt
13:47 Renat joehh1: https://groups.google.com/forum/#!topic/salt-users/OPDQ93mEupQ
13:49 slimmons Hopefully a simple salt question.  I'm new to salt, and I'd like to organize my directories a little better.  I have set up node groups for each of my projects (which I'll call proj1, proj2, and proj3.)  Is there a way to set change the default location that salt looks for the config files?  For example, in my top.sls I have
13:49 slimmons a base for each project, can I put their packages as something like salt://proj1/tomcat
13:49 Renat joehh1: Thank you, I'm try to run salt-api with wsgi compliant server.
13:50 slimmons or am I thinking about this incorrectly?
13:50 joehh1 Renat: thanks for reminding me of that thread :) - is there anything in particular or just a pointer that a few days has turned into many months?
13:51 elfixit joined #salt
13:51 slimmons so, for my end goal, I'd like to just have a directory with each project name in /srv/salt , along with the top.sls file
13:52 joehh1 Renat: please let me know about how you go
13:52 azneita joined #salt
13:53 joehh1 packaging salt-api is still on my list and any feedback/input is most welcome
13:53 babilen slimmons: Why do you want to use multiple top.sls files for them, but only a single master?
13:53 gildegoma joined #salt
13:53 sieve "Minion did not return. [No response]" - how should I start debugging this ominous looking error?
13:53 joehh1 not actually using that side of salt makes me feel a little blind for packaging it
13:54 slimmons sorry, I probably didn't explain that well.  I only want one top.sls file.  I just want to clean up the /srv/salt directory by only having one directory for each project there, and in top.sls specify that path
13:54 babilen slimmons: I mean I would recommend to simply use one git repository for each project and globale/common one for states that you like to share among them (realise this with gitfs), but you might want to still manage only a single top.sls
13:55 hcl2 joined #salt
13:55 linjan joined #salt
13:55 babilen slimmons: But you could also implement this by setting multiple file_roots to "file_roots: - /srv/salt/proj1/ - /srv/salt/proj2 ..."
13:56 babilen sieve: What did you do between "got last response" and now?
13:56 slimmons I'd like this setup /srv/salt -> top.sls /proj1 /proj2 /proj3, and inside of top.sls.   The problem I have with that is that salt default looks for the config files in /srv/salt, then second looks for directories named after packages.
13:57 Renat joehh1: Sorry, I send link without a question, now I'm understand that this is thread is about my problem.
13:57 babilen slimmons: You can't set that in top.sls, you can naturally target different states, say proj1.foo, proj2.foo, ... to your minions, but you cannot actually set file_roots there (nor do I think that it would be a good idea)
13:58 slimmons I broke a sentence in half there.  Inside of the top file, I was hoping it was possible to specify that each base, the config files are held in a directory named after that base, instead of by package name
13:59 Renat joehh1: By the way, maybe have any other distributive with already packed salt-api?
13:59 evelo joined #salt
14:00 sieve babilen: actually, I used salt-bootstrap to install this node. I dont think it actually got salt installed
14:00 babilen sieve: Well, a not installed minion can, naturally, not return
14:01 joehh1 Renat: I think so
14:01 sieve babilen: you are wise
14:02 babilen slimmons: What do you hope to accomplish with this setup? What you are describing sounds a bit like environments, but I am not sure that environments really are what you are after.
14:02 babilen sieve: :-þ
14:03 Renat joehh1: Thank you!
14:04 miqui_ joined #salt
14:04 babilen sieve: What is a bit unusual though is that the minion obviously managed to register with the master (and you obviously accepted its key) so it must have been installed at one point
14:05 azneita_ joined #salt
14:05 sieve babilen: I think salt-cloud assumes that the node will appear and pre registers it
14:09 gngsk joined #salt
14:10 babilen sieve: Ah, okay. I have no practical experience with salt-cloud whatsoever, so I simply have to work of first principles and "gut feeling" ;)
14:11 karimb joined #salt
14:17 slimmons babilen:  I'm just trying to make my environment more organized.  In my environment we have those 3 projects, and they are all pushing to clones.  So every time I push a configuration it will always be pushing to one of those projects, to multiple servers that will be exactly the same.  I was just trying to partition off my files to have a specific area for each project.  Salt probably does this an easier way, but I'm a total salt noo
14:18 tmh1999 joined #salt
14:21 kbyrne joined #salt
14:21 BigBear joined #salt
14:25 jonatas_oliveira joined #salt
14:25 babilen slimmons: Why can't you simply use directories? I mean what is it about them that strike you as not suitable? My personal approach would be to use GitFS and 4+ repos for the three projects (i.e. one per project and a shared one) with a top.sls managed in yet another independent repo for all of them.
14:31 wailin joined #salt
14:31 pdayton joined #salt
14:32 cpowell joined #salt
14:33 nitti joined #salt
14:33 slimmons babilen:  I do want to just use directories.  One for each project.  But I wasn't sure how to tell saltstack that the location of the config files for each project changed.  I think I've figured it out though.  I think I can accomplish what I want by just setting each location in file_roots: in the master file.
14:33 slimmons I think my question was too simple :)
14:34 whiteinge joehh1: if you have questions or want help testing or anything on getting salt-api packaged, please hit me up anytime.
14:34 babilen slimmons: Yes, that is what I suggested at the very beginning ;0
14:34 babilen slimmons: "14:55:22 babilen > slimmons: But you could also implement this by setting multiple file_roots to "file_roots: - /srv/salt/proj1/ - /srv/salt/proj2 ...""
14:35 mpanetta joined #salt
14:35 slimmons haha, my bad.  I think I missed it reading over something else.  Didn't see you had two comments there.
14:36 slimmons Thanks for the help
14:36 babilen You are welcome (i'd still look into gitfs if I were you)
14:38 giantlock joined #salt
14:38 slimmons I will, thanks
14:42 mpanetta_ joined #salt
14:46 thawes joined #salt
14:46 BigBear joined #salt
14:48 Andre-B joined #salt
14:48 otter768 joined #salt
14:48 __gotcha joined #salt
14:49 favadi joined #salt
14:53 KennethWilke joined #salt
14:56 sieve joined #salt
15:00 gngsk babilen, i've used your gist to setup vagrant, libvirt and salt, thanks for that!
15:01 housl joined #salt
15:01 gngsk I'm just curious what your workflow is for multiple hosts
15:01 gngsk do you have a seperate Vagrantfile for a master and each minion?
15:02 viq gngsk: you can define multiple machines in a single vagrantfile
15:02 gngsk ahh, nice, so a single vagrant up will fire them all up and provision them all?
15:03 viq yes, it can
15:03 gngsk https://docs.vagrantup.com/v2/multi-machine/
15:03 gngsk nice
15:07 viq there's a bit of trickery required to have the minions pre-authenticated to master, here's an example https://github.com/viq/cm-lab-salt
15:07 kaptk2 joined #salt
15:08 Svake joined #salt
15:09 _JZ_ joined #salt
15:16 dude051 joined #salt
15:16 mick3y halite is pretty much dead isn't it? or is there something going on with that?
15:19 babilen gngsk: I essentially have a Vagrantfile with multiple minions for larger setups. (Most setups don't have *that* many (10/15 maybe) different *types* of hosts so that I can easily run them on virtualised on my workstation. It's rather that we scale by essentially adding more instances of the same type. I then have a vagrantfile in which I have a definition for each type and test like that
15:19 flamin_s- joined #salt
15:26 pr_wilson joined #salt
15:27 Auroch joined #salt
15:28 debia joined #salt
15:28 thawes joined #salt
15:29 kawa2014 joined #salt
15:29 kawa2014 joined #salt
15:30 pr_wilson joined #salt
15:33 rickh563 joined #salt
15:34 ericof joined #salt
15:34 debia joined #salt
15:36 edwardsgs joined #salt
15:48 ndrei joined #salt
15:51 jaimed joined #salt
15:51 jwarchol joined #salt
15:54 bhosmer joined #salt
15:55 linjan joined #salt
15:56 glyf joined #salt
15:57 anotherZero joined #salt
15:57 bhosmer joined #salt
15:58 glyf joined #salt
16:01 thedodd joined #salt
16:02 jalbretsen joined #salt
16:03 sieve I would like to get a specific grain from one host (ip address= and put it into a config file for another.
16:03 iggy mine
16:04 sieve iggy......
16:04 iggy yes?
16:04 sieve mine..
16:04 sieve ?
16:04 sieve example?
16:04 iggy https://www.google.com/url?sa=t&amp;rct=j&amp;q=&amp;esrc=s&amp;source=web&amp;cd=12&amp;cad=rja&amp;uact=8&amp;ved=0CFwQFjAL&amp;url=http%3A%2F%2Fdocs.saltstack.com%2Fen%2Flatest%2Ftopics%2Fmine%2F&amp;ei=oteBVLqJAoi4yQTX-oC4Bw&amp;usg=AFQjCNHTWngbUr7fw8vW4wfO1yAfQkpsXw&amp;sig2=8ETZe_HOiMf85Zr7Uo65mQ&amp;bvm=bv.80642063,d.aWw
16:05 iggy err
16:05 iggy docs.saltstack.com/en/latest/topics/mine/
16:05 sieve this is all a bit foreign for me :(
16:08 jonbrefe joined #salt
16:08 UtahDave joined #salt
16:09 iggy the salt mine is a semi-advanced topic, but it's fairly well documented... you should be able to figure it out... I have faith in you
16:10 sieve Thanks iggy
16:10 sieve However, I cant find an example where I take the ip address of a machine and plop it into a file.
16:11 sieve mine_functions:
16:11 sieve network.interfaces: [node]
16:11 sieve might do this however
16:11 mpanetta sieve: There is also network.ip_addrs
16:11 nitti_ joined #salt
16:12 pr_wilson joined #salt
16:12 sieve mpanetta: that would seem to be able to set a network address but not parse one out
16:12 mpanetta sieve: You can't set using mine.
16:12 sieve I dont want to set
16:13 mpanetta sieve: That will get you the IP's for the interfaces on tat minion.
16:13 azneita joined #salt
16:13 sieve I just want to parse it out (I thought I could use grains here) and pop it into an application config file
16:13 mpanetta You can do that with mine.
16:14 mpanetta For sure.  Either network.ip_addrs or network.interfaces will give you the data, it is just in different formats.
16:14 sieve mpanetta: yea, but its a bit of a steep curve :)
16:15 mpanetta sieve: Trying to find you an example of how we do this that is in a public repo..
16:15 sieve mpanetta: can you show me how I would use network.ip_addrs with jinja?
16:16 sieve {% network.ip_addrs %} ?
16:16 mpanetta Nope
16:16 mpanetta You have to use mine.get
16:16 iggy the collectd-formula has an example
16:17 sieve iggy:  which sls?
16:17 iggy https://github.com/saltstack-formulas/collectd-formula/blob/master/collectd/files/ping.conf
16:18 conan_the_destro joined #salt
16:18 sieve {% ['mine.get'](network.ip_addrs) -%} ?
16:19 iggy did you even look at the url?
16:19 thedodd joined #salt
16:19 mpanetta ...
16:19 iggy because that's not even close
16:19 sieve :(
16:19 * iggy gets back to work
16:20 BigBear joined #salt
16:20 mpanetta here is an example that uses network.interfaces: https://github.com/saltstackme/salt-rocks/blob/master/cassandra/files/map.jinja
16:20 babilen sieve: You setup a suitable mine function. Base it on network.ip_addrs with a suitable cidr arguments. You would then update the mine and *retrieve* the address from the mine on the host that you want to set it.
16:21 sieve babilen: ah, so snarfing the local ip address and popping it into the file is not the way
16:21 sieve you have to snarf it into the mine in the sls
16:21 sieve mine_functions:
16:21 sieve network.ip_addrs: [eth0]
16:22 ipmb joined #salt
16:22 babilen sieve: You would essentially use something like: https://www.refheap.com/94454
16:23 SheetiS joined #salt
16:23 sieve Ah, I dont want to iterate. There should only be one..
16:23 babilen I am not familiar with the term "snarfing" in the context of salt (not in computer science)
16:23 sieve But I think I know where this is going
16:23 babilen (or any other context)
16:24 sieve salt mine is kind of a value store
16:24 sieve babilen: http://en.wikipedia.org/wiki/Snarfing
16:24 jonatas_oliveira joined #salt
16:25 babilen It is indeed, you store the result of executing an execution function on your minions so that other minions can easily retrieve data about other minions
16:25 sieve ok, this is making a lot more sense then
16:25 babilen Must stem from American English, I've never encountered that in the UK
16:25 jonatas_oliveira joined #salt
16:25 dnj joined #salt
16:25 sieve I shall be back to embarrass myself further in a short while
16:26 sieve babilen: My dad taught me snarf.
16:26 sieve And he is from Leeds
16:26 mpanetta babilen: I've never used the mine funcions in the way you show in that paste.  Very interesting.  What does the cidr: do?  Just tell it to only return ips that match the cidr mask?
16:26 sieve But he is an IBM AS400 programmer
16:27 babilen mpanetta: exactly .. I defined mine functions for a number of networks (identified by CIDR mask) and can then easily say "insert address in network foo-private1 here" or so
16:28 sieve babilen: actually, I am using AWS for this so have no idea what the ip might be
16:29 jwarchol whiteinge: do you have some time over the next hour?
16:29 babilen The most basic are the mine functions for the private ipv4 networks (10.0.0.0/8, 172.16.0.0/12 and 192.168.0.0/16), but we also make use of private networks and I like it that I can essentially just set the mine function in my pillar and then have mine.get($TARGET, salt['pillar.get']('mine:function')[0][0] do the right thing
16:30 mpanetta babilen: Interesting
16:31 babilen sieve: Well, you must know *something*. I mean you could use /0 (but that would be ludicrous)
16:31 mpanetta babilen: We don't set up the cidr at all.
16:31 mpanetta I guess that is unsafe, but we still get all the ips.
16:32 babilen The ability to use mine function aliases (and the ability to setup the mine_function_per_cidr_netblock scheme) was one of the main features I was waiting for in .7
16:33 eliasp I want this for mine functions: https://github.com/saltstack/salt/issues/18098
16:33 mpanetta babilen: Ours just looks like: https://gist.github.com/anonymous/0e70bcf71e9a6f7cf07b
16:33 sieve so I have this in my minion/init.sls:
16:33 sieve mine_functions:
16:33 sieve network.ip_addrs: [eth0]
16:33 babilen It simplified my life tremendously as I no longer have to keep track of IP addresses and simply have *all* minions report *all* their addresses to the mine. As I know which network is being used in which setup all I have to do is set the right mine functions and suddenly all the mine.get calls do the right thing
16:33 mpanetta Of course we set that up when we were using 0.16.x heh
16:33 sieve This should put the value of network.ip_addrs: [eth0] in mine right?
16:34 babilen sieve: You set mine functions in the pillar and target them to your minions, then refresh the pillar (salt '*' saltutil.refresh_pillar) and then update the mine (salt '*' mine.update)
16:35 Ahlee Windows minion started throwing https://gist.github.com/jalons/2afad8344a1ab2870afb - thoughts?
16:35 babilen mpanetta: yeah, I used to use exactly that and then had to horribly find the "matching" ip address. Now all I have to know is the CIDR range (or rather corresponding mine function alias) and I'm done
16:36 mpanetta babilen: Ah cool
16:36 mpanetta Does this mean I can now have a custom mine function for say, checking whether or not a minion running mongodb is a primary or a secondary in the cluster?  IE can mine functions query out to the OS?
16:37 linjan joined #salt
16:37 Ozack1 joined #salt
16:39 pdayton joined #salt
16:39 iwishiwerearobot joined #salt
16:41 wendall911 joined #salt
16:41 Slimmons joined #salt
16:46 RedundancyD joined #salt
16:47 sieve so my mine does not seem to be getting any values in it
16:47 sieve ooh, I should probably be calling my pillar
16:49 UtahDave joined #salt
16:49 ekristen joined #salt
16:49 otter768 joined #salt
16:51 sieve Is it just me being incredibly moronic or is this pillar / mine thing quite hard to get your head around?
16:51 sieve As described here: http://docs.saltstack.com/en/latest/topics/mine/
16:51 ajolo joined #salt
16:51 Ahlee so, now even reinstalling I can't start the minion, continues to throw pywintypes.com_error
16:52 sieve I set up a pillar, set up /srv/pillar/master.sls (for this is the minion I wish to configure). Set up a mine funtion (network.ip_addrs: [eth0])
16:53 iwishiwerearobot joined #salt
16:53 thedodd joined #salt
16:53 Andre-B_ joined #salt
16:53 sieve But I cant see the item in salt '*' pillar.items OR salt '*' mine.get '*' network.ip_addrs: [eth0]
16:55 babilen sieve: Did you refresh your pillar, did you target the mine function pillar to your minions in the pillar's top.sls, did you run mine.update on the minions?
16:55 * babilen guesses that you forget the second step
16:57 sieve babilen: I targeted the mine function pillar by using roles in the pillar top.sls
16:57 sieve base:
16:57 sieve 'G@roles:master':
16:57 sieve - master
16:57 jrluis joined #salt
16:57 babilen ugh, roles
16:57 babilen but okay
16:57 sieve and in the master/init.sls I have
16:57 sieve grains:
16:57 sieve roles:
16:57 sieve - master
16:58 babilen (please don't use roles defined as grains to target sensitive information)
16:58 sieve babilen: hmm :)
16:58 babilen You did not specifci "- match: compound" in there
16:58 babilen *specify
16:59 InAnimaTe joined #salt
16:59 Slimmons In my top file, how would I specify that a state is always related to a specific node.  For example, if I had a node called project1 (that contained 3 mirrored servers), would my top.sls file have a state called project1State: with 'project1': underneath it?  Or is there a specific syntax for saying it's a node?
16:59 babilen Seriously .. I think if there is one thing that I should spend my time over christmas on it is on writing a long blog post to convince the world that using grains for roles is wrong
17:00 jcockhren babilen: tl;dr?
17:00 babilen That data should live on the master or in a data source that is *not* hosted on the minions themselves (e.g. one of the many sources for external pillars or, well, just a suitable pillar)
17:01 sieve babilen: "- match: compound" in the pillar top.sls file I assume
17:01 babilen yeah
17:01 sieve ok, I put that in there too
17:01 sieve but still, no magic
17:01 babilen jcockhren: Also: You will have to manage your grains *on* the minions as well and how are you going about that. you can't target by grain there!
17:01 Auroch joined #salt
17:02 babilen jcockhren: Also: As soon as you start targeting sensitive information by grains you put minions in a position in which they can request data they should have never seen simply  by setting additional grains. That is completely out of the question in our setup
17:02 quickdry21 joined #salt
17:03 babilen jcockhren: I'd argue that you want to keep the host <-> role mappings in your pillar. It doesn't really matter which datasource you use for your pillar (a database or kv store probably makes sense)
17:03 babilen You can target by pillar just fine and the downsides of managing roles on the master are simply too severe
17:03 sieve babilen: well, this grains stuff is throwing an error anyway. I think Im trying to use an undefined role
17:04 rickh563 joined #salt
17:04 sieve babilen: How do I target this pillar from my state file
17:04 sieve ?
17:04 babilen sieve: Well, you try to match against a list which you do not do
17:05 babilen sieve: target it where?
17:05 babilen base: 'master_id': - master" would do it
17:06 babilen jcockhren: I know that I am a bit alone in that, but I seriously see it as a massive anti-pattern that is taking hold in the community .. but then nobody ever told me how I should manage the setting of grains in the first place.
17:06 iggy we pull the "roles" grain from GCE metadata
17:07 babilen yeah, that is, arguably, perfectly fine
17:07 babilen (and does not suffer from the same security problems)
17:08 babilen For me grains are things about the host and *really* data that I cannot trust
17:08 babilen I cannot trust my system
17:08 babilen Nor my users
17:08 pdayton joined #salt
17:08 babilen I therefore have to rely on datasources that I have some degree of trust in (e.g. a database under my control or pillars I've written) -- I seriously cannot make decisions based on data a minion claims to have
17:09 iggy well, it might, I've not actually tested to see what happens if a minion writes the roles grain _after_ minion startup, but it does at least overwrite anything at minion start
17:09 pdayton joined #salt
17:10 babilen And I really don't understand why people wouldn't do this in pillars. You can use *exactly* the same targeting with pillars (cf. http://docs.saltstack.com/en/latest/topics/targeting/compound.html) and you have a wide variety of external pillars to choose from.
17:10 iggy I hear you say that a lot, and I think that's pretty specific to your setup... but hey, opinions are like...
17:10 babilen And pillars allow *globbing*
17:10 pdayton joined #salt
17:10 iggy our reason is you can't put pillar data in the mine
17:10 babilen Why would you? Just make the pillar data available!
17:11 iggy uhh...
17:11 babilen go on
17:11 iggy host => "{{ salt['mine.get']('tags:mon', 'network.get_hostname', 'grain').values()|first or 'localhost' }}"
17:11 iggy hmm
17:11 babilen s/'grains'/'pillar'
17:12 babilen Seriously: Why would you want to safe that data on the minion?
17:12 babilen *save
17:13 iggy we don't
17:13 iggy as I said, it gets pulled from the metadata
17:13 babilen yeah
17:13 babilen right, sorry
17:13 babilen Metadata such as the tagging ability of cloud providers muddle the waters in this discussion a little
17:14 KennethWilke joined #salt
17:15 iggy just make sure you note that in your blog post ;)
17:15 babilen But then .. those tags are saved somewhere. I would have made that datasource available as an external pillar (if it is my infrastructure) and then work with that.
17:16 KyleG joined #salt
17:16 KyleG joined #salt
17:16 zlhgo joined #salt
17:16 jcockhren babilen: I think I may be missing some context. but let me see if I piece together what you're saying
17:16 babilen So, if I were google I would use that datasource directly. Naturally not everyone in here is running their own cloud and, from that perspective, it makes sense to put tags into the minions grains (i.e. "data about the minion")
17:17 nitti joined #salt
17:17 babilen But then ... saving that data directly on the minion is just ...
17:17 babilen (which GCE is not doing)
17:18 jcockhren so you're saying you think it's a bad idea to leverage grains for targeting sensitive data since the minion can add grains to itself?
17:18 iggy si
17:18 babilen yeah
17:18 eliasp jcockhren: exactly… never use grains for decisions which could reveal sensitive information
17:18 Ryan_Lane joined #salt
17:18 eliasp once a minion is compromised, your whole infrastructure "could" be compromised then
17:18 babilen exactly
17:19 hcl2 what's the salt mine? just pre-cached grain information?  i can't figure out from the docs.  the example just gets network addr which you can get from grains anyhow
17:19 sieve babilen: would you mind taking a look in my github to see what stupidity I am getting upto with this
17:19 iggy hcl2: it's data you can fetch about _other_ minions
17:19 jcockhren and that roles for targeting should be done with pillars since the master has domain over pillar data coming from an authoriatative external source (git, db, etc)?
17:19 babilen Well, we have some minions on which people have local root and just because they can tinker with the minion running there doesn't mean that they should be able to get hold of anything but what *I* decided they should get
17:19 babilen jcockhren: yeah
17:20 jcockhren babilen: what you're saying makes sense actually
17:20 hcl2 iggy: ooohhhh, thanks
17:20 iggy so your activemq cluster can lookup hosts that are tagged as ldap servers and pull their hostname from the mine
17:20 babilen jcockhren: Add to that the fact that you have to manage the grains in the first place (you cannot exactly target them in the first place) you really want to keep that information somewhere closer to your infrastrucute
17:22 babilen So, but it is pub o'clock now and I'm heading off .. :)
17:22 hcl2 when i first started with salt i really wanted a way to automate putting a role grain on minions, now I'm thinking that I don't want to do that. just do roles in pillars since it's much easier to change/manage.
17:22 babilen May you all have a wonderful evening/afternoon/morning/night/whatever and see you around
17:22 mpanetta gnight babilen
17:22 smcquay joined #salt
17:22 babilen jcockhren: Happy to hear that. I just think that a well argued essay on that would do us (as in: the community) some good
17:23 aparsons joined #salt
17:24 troyready joined #salt
17:24 Mso150 joined #salt
17:25 ajolo joined #salt
17:26 UtahDave joined #salt
17:27 jswanson_ joined #salt
17:29 X86BSD joined #salt
17:29 StDiluted joined #salt
17:29 iggy it should likely be at least a note in the docs somewhere (otherwise a whole lot of people will never see it unless they go searching for a specific blog article)
17:30 StDiluted can someone help with this: https://gist.github.com/dginther/3f7ea5c308caa1fcb761
17:30 interociter joined #salt
17:31 StDiluted trying to define an SSH key, it’s choking on the last part of the key
17:31 StDiluted the part with my email address
17:31 eliasp StDiluted: hu? how are you defining the key? why not just multiline YAML?
17:31 StDiluted because it looks like it’s turning the public key into an array
17:31 StDiluted key is defined in the pillars
17:31 eliasp yeah… how does your original SLS/YAML look like?
17:32 aparsons joined #salt
17:33 StDiluted pub_ssh_keys: ‘ssh-rsa AAAA….. me@mydomain.com’
17:33 StDiluted with the entire pubkey in there
17:33 Yufei joined #salt
17:34 eliasp StDiluted: YAML has IIRC a max line length, also mentioned in the salt ssh auth key docs… one moment
17:34 StDiluted looks like it’s separating it into single characters in my loop
17:34 StDiluted yeah, I don’t think I’m above 1024 chars
17:35 StDiluted oh wait i have a malfornmed pillar
17:35 StDiluted never mind
17:35 eliasp how does your loop look like where you re-use your key from the pillars?
17:35 StDiluted I am a moron
17:35 StDiluted ha
17:35 interociter Hi.  I have a question about running the REST API with helium.  Is there a separate command so start salt-api like previous versions?
17:35 eliasp looped over individual characters instead of the whole string?
17:36 StDiluted in the pillar, i had ssh_pub_keys: ssh-rsa key email-address
17:37 StDiluted i needed ssh_pub_keys: <cr> - ssh-rsa key email-address
17:38 spookah joined #salt
17:41 tafa2 joined #salt
17:44 BigBear joined #salt
17:44 Mso150 joined #salt
17:46 jimklo joined #salt
17:46 rap424 joined #salt
17:47 UtahDave joined #salt
17:48 monkey66 left #salt
17:50 desposo joined #salt
17:55 iggy interociter: I don't think so (although I don't remember exactly when that changed)
17:58 murrdoc joined #salt
17:59 pdayton1 joined #salt
18:00 forrest joined #salt
18:02 decrypted joined #salt
18:02 StDiluted is file.replace the best way to make an edit to a file?
18:03 iggy depends what you are trying to do
18:03 decrypted Hey folks does anyone have a pointer for putting the salt master logs into a database? I heard its possible but just looking for a hint on where to look...
18:03 eliasp StDiluted: you could also use augeas: http://docs.saltstack.com/en/latest/ref/states/all/salt.states.augeas.html
18:03 pr_wilson joined #salt
18:04 StDiluted trying to allow sudo with no passwd to users in the sudo group
18:04 StDiluted which requires editing the /etc/sudoers line
18:05 eliasp StDiluted: https://github.com/saltstack-formulas/sudoers-formula
18:05 StDiluted oh nice
18:05 murrdoc nah
18:05 murrdoc the users-formula is better
18:06 eliasp StDiluted: or the augeas sudoers lense: http://augeas.net/docs/references/lenses/files/sudoers-aug.html combined with the augeas state (see above)
18:06 hal58th joined #salt
18:07 v0rtex joined #salt
18:07 pdayton joined #salt
18:12 interociter iggy, I think it changed when REST was merged with salt-master in 2014,7.  The impression I get from the documentation is that starting salt-master would also start any configured APIs, but it is unclear.
18:13 interociter However, the saltnado API is not running
18:15 shaggy_surfer joined #salt
18:19 pdayton1 joined #salt
18:20 decrypted anyone got ideas on storing logs in a relational db?
18:21 utahcon decrypted: like the mysql returner? http://docs.saltstack.com/en/latest/ref/returners/all/salt.returners.mysql.html
18:21 interociter have you looked at logstash?
18:22 sjaredj joined #salt
18:22 KyleG ^ if you have the money, get Splunk instead.
18:22 hcl2 i second logstash.  use rsyslog to forward logs over udp, pickup with logstash, grep to format in json, store in .... whatever
18:22 KyleG I've evaluated both. you actually save money with Splunk, due to the increased hardware and network requirements of Logstash.
18:22 KyleG Specifically elasticsearch
18:23 KyleG and Splunk is overall a more mature and powerful product if you take data and business intelligence and log intelligence and monitoring seriously.
18:23 KyleG In my testing, it took 3x the Disk space, compute power, and disk IO to run Logstash than it did Splunk.
18:24 KyleG So don't be afraid just because the software costs money, it does so for a reason. I'm obviously a huge fan. :-)
18:24 sjaredj is there a way to get the timestamp of the last time state.highstate was run on a minion?  I would like to add a line to the motd that has a timestamp of when it last ran.
18:25 decrypted utahcon: that is what I was looking for... I wante something like postgresql - personal choice. I saw the logstash stuff and KyleG I agree on that but I think logstash might be quick fist to get me moving...
18:25 KyleG I think logstash would be good to validate why Splunk would be useful
18:25 KyleG It took us a couple years but now that I consider us splunk power users, we're able to get powerful business and IT insights on our app and servers
18:25 KyleG and link in all sorts of external data sources and logs
18:25 KyleG and correlate it and graph it, generate reports from it
18:26 KyleG data boner
18:26 decrypted KyleG yeah its always a good proof to ahve to allocate funds...
18:26 shaggy_surfer joined #salt
18:27 KyleG Even ETSY, who is a huge open source proponents, use Splunk. I think when a company like that does pay for software, it says something.
18:27 KyleG who are* not who is
18:27 decrypted Yeah my initial is to knock any finger pointing out of the way so having it as offloaded to db keeps one place I can propogate around...
18:27 KyleG ^_^
18:27 hcl2 ELK does suck when you run out of memory because you can only hold 30 days worth of logs.  just depends on how much org. buy-in you can rally around the concept of centralized looging
18:28 KyleG Splunk is amazing at compression and moving older data to a compressed cold storage portion of disk
18:28 KyleG We've been collecting about 3 years worth of logs now I think, and it's only using like 400 GB.
18:28 KyleG Crazyness
18:28 KyleG and we put in about 3-4 GB/day
18:29 decrypted KyleG that is impressive stats...
18:29 KyleG If it wasn't so awesome, I wouldn't be pushing it like this lol, I don't make money or have any financial interest in Splunk as a company, we pay THEM hah
18:29 KyleG I just love sharing awesome software with fellow sys admins/developers/IT peoples
18:29 KyleG such as the many friends I have using salt now :-)
18:29 murrdoc well i actually used logstash in front of splunk
18:29 murrdoc logstash without es
18:29 murrdoc just as a forwarder
18:30 KyleG eh
18:30 murrdoc yeah
18:30 KyleG splunk has forwarders though? and you can use rsyslog to send data to UDP or TCP ports
18:30 murrdoc the use case was giant access logs
18:30 murrdoc and we didnt care about all the logs, just access for a few user agents
18:30 KyleG I'm thinking about removing all my forwarders just to save CPU cycles
18:30 KyleG yeah….we got the 10 GB splunk license because we started ingesting our CDN logs
18:30 KyleG We push 220 TB/month
18:30 KyleG out of the CDN
18:30 KyleG So that was a doozy
18:31 murrdoc ditto
18:31 murrdoc we were at 150 gigs
18:31 murrdoc and business was like , we aint paying , but we want ALL our logs in splunk
18:32 KyleG hah
18:32 murrdoc so wrote some python to take the cdn logs, send to logstash, discard the image / css access data and then send to splunk
18:33 ericof joined #salt
18:34 jcockhren I wish there was a fastly -> UDP endpoint
18:34 jcockhren I'm sure I typed that wrong
18:35 jcockhren hmmm. nm. there fastly -> s3 -> logstash
18:37 Pixionus joined #salt
18:39 jonbrefe1 joined #salt
18:40 byronschaller joined #salt
18:40 linjan joined #salt
18:41 Ryan_Lane joined #salt
18:42 Xiao joined #salt
18:45 racooper joined #salt
18:49 StDiluted will 2014.7.0 clients work with a 2014.7.0rc2 master?
18:49 StDiluted yum search salt-master
18:49 StDiluted whoops :)
18:50 otter768 joined #salt
18:51 iggy StDiluted: it's best to keep your master ahead of the minions
18:51 iggy that may work, but you'll probably want to test your specific use case
18:51 SheetiS StDiluted: salt-master.noarch : Management component for salt, a parallel remote execution system
18:51 SheetiS :P
18:51 StDiluted ok
18:51 StDiluted lol SheetiS, thanks :)
18:52 shaggy_surfer joined #salt
18:52 SheetiS Sorry I'm a bit of a troll today. ;-)
18:52 SheetiS I'll go back to lurking until I can provide something of value.
18:54 scarcry joined #salt
18:54 Jimlad joined #salt
18:55 nitti_ joined #salt
18:58 UtahDave joined #salt
18:59 tafa2 joined #salt
18:59 Ryan_Lane joined #salt
19:01 diegows joined #salt
19:01 scarcry joined #salt
19:04 thedodd joined #salt
19:05 zlhgo joined #salt
19:09 wt joined #salt
19:10 wt Any developers here?
19:11 glyf joined #salt
19:11 wt Do the different master worker "threads" synchronize on updating the fileserver backends?
19:12 wt It seems like gitfs has special support, but s3fs is completely broken.
19:12 wt It looks like every worker is fighting when updating the cached data.
19:13 wt I think that is partially because every worker arbitrarily tries to update the cached data all the time.
19:14 zlhgo joined #salt
19:15 wt Is there a file locking mechanism that is okay for the master to use?
19:16 Mso150_l_o joined #salt
19:16 druonysus joined #salt
19:17 druonysus joined #salt
19:17 ericof joined #salt
19:18 Kenzor joined #salt
19:19 mapu_ joined #salt
19:19 Jimlad joined #salt
19:23 druonysus joined #salt
19:27 bhosmer joined #salt
19:33 aparsons joined #salt
19:34 sjaredj joined #salt
19:36 poplaski joined #salt
19:41 thedodd joined #salt
19:48 ndrei joined #salt
19:49 byronschaller joined #salt
19:51 aparsons joined #salt
19:55 whatapain joined #salt
19:59 BigBear joined #salt
19:59 InAnimaTe joined #salt
20:11 newton joined #salt
20:18 druonysuse joined #salt
20:18 druonysuse joined #salt
20:20 zlhgo joined #salt
20:22 Mso150_l_o joined #salt
20:23 sudarkoff joined #salt
20:23 decrypted Folks I got another question. Ive got a basic setup with a fedora20 salt-master and two raspberry pi raspbian salt minions; salt-key -L list the two targets, but I dont see to get a return on the "salt '*' test.ping" any one with possible places to look?
20:23 decrypted I see the master log file accept the jid
20:26 SheetiS decrypted: does a salt-call test.ping work from the minion?  I'd guess some of the most common reasons for this type of thing are a firewall in the way and/or significantly mismatched versions between master and minion.
20:28 decrypted SheetiS: I checekd the firewall possiblities but did not see anything on either side. I can ping from the master to the minion. The minions can run the test.ping.
20:28 decrypted ill check the versions
20:29 SheetiS salt-call --versions-report would be ideal so stuff like ZMQ versions are included.
20:29 decrypted yeah the raspbian has salt-minion 0.10.1 and the the master has 2014.7.0
20:29 SheetiS those are so far different, I think you would have problems for sure
20:29 newton left #salt
20:30 SheetiS might be able to use pip to update them if you aren't able to find packages another route.
20:30 decrypted I wonder if I could rebuild the ones for raspbian.
20:31 SheetiS worth trying.  As long as you can get the underlying bits up to date (ZMQ, pycrypto, Jinja2, etc), there'd be a good chance of things working out for you.
20:31 SheetiS you definitely want a ZeroMQ version > 3.0.0
20:32 SheetiS 2.whatever will give you headaches.
20:33 decrypted yeah I see if I can find an repo with later versions. That is what is so painful on rpi...
20:34 iggy come on 2014.7.1
20:39 shaggy_surfer Hi all… I am getting an error after upgrading my salt-master to the latest including salt-cloud 2014.7.0 (Helium)…. appears to be some issue.  I am trying to use the —output=grains and get the following error:
20:40 shaggy_surfer https://gist.github.com/mf-collinhayden/fb054d7f77b2b5200bfa
20:40 shaggy_surfer Any help appreciated.  I am using this to output the instance id in amazon and then take that id and use it elsewhere.
20:41 shaggy_surfer This is on ubuntu 14.04.1 LTS
20:42 eightyeight joined #salt
20:43 iggy I would guess that's a bug
20:43 iggy and it probably snuck by because I've never heard of anyone using --output=grains
20:44 shaggy_surfer I use it so it's in a grepable format to pass to bash using awk, then use the aws tools w/ the instance id
20:44 iggy I don't think you are really supposed to use that directly, I think it's really just for internal use when outputting grains
20:46 shaggy_surfer well I can take it out… what is a better way of getting the instance-id that is created by salt-cloud ?
20:46 iggy json? txt? I don't know really
20:47 iggy never tried parsing salt-cloud (or any salt tools for that matter) output
20:47 shaggy_surfer ok thanks iggy, I will toy around w/ salt-profile and come up w/ a better method
20:47 SheetiS I use a reactor
20:47 hasues joined #salt
20:47 SheetiS and listen to the event
20:47 hasues left #salt
20:47 iggy ^
20:47 shaggy_surfer Sorry never used reactor before.
20:48 SheetiS http://docs.saltstack.com/en/latest/topics/reactor/ is the docs.  I'll see if I can bpaste an example as well
20:50 shaggy_surfer does reactor tie in w/ salt-cloud?  I am using salt-cloud to create the instance in amazon and then parsing the output
20:51 thedodd joined #salt
20:51 SheetiS I use the reactor with salt-cloud
20:51 iggy reactor is "something happened, do this action in response"
20:51 otter768 joined #salt
20:51 SheetiS bpaste coming in less than 2 minutes
20:51 iggy so in your case, "a new minion was added, run a highstate, then an overstate"
20:52 iggy or whatever it is you're trying to do
20:52 SheetiS exactly, but you can grab any of the returned data
20:53 SheetiS something like this: https://bpaste.net/show/67a13d86e7d6
20:53 SheetiS let me get what is all in the data dict for a salt-cloud return as a separate paste
20:53 SheetiS so you can see more what options might be available
20:55 iggy the minion_id is definitely in the "new minion" event
20:55 ericof joined #salt
20:56 SheetiS i grab it from 'salt/cloud/*/created'
20:56 shaggy_surfer ok thanks guys… i will play w/ this and let you know how it turns out.
20:56 SheetiS this should also contain stuff like the amazon instance ID (assuming using aws)
20:56 iggy yeah, I guess it just depends what you're trying to achieve
20:58 SheetiS I do some things like tag the instance in AWS, make the hostname -f match the minion_id I just created, populate roles grains for first highstate, plus some other os-specific things.
20:58 SheetiS etc etc
20:59 shaggy_surfer cool.  I was using aws ec2 tools because back when I first started using salt-cloud, it had short comings.
20:59 shaggy_surfer it's probably more mature now
20:59 shaggy_surfer haven't looked to be honest
21:03 Mso150_l_o joined #salt
21:06 trevorj joined #salt
21:08 mohae joined #salt
21:10 glyf joined #salt
21:11 hasues joined #salt
21:11 hasues left #salt
21:17 hasues joined #salt
21:21 __gotcha joined #salt
21:22 giantlock joined #salt
21:22 hasues left #salt
21:25 hasues joined #salt
21:26 Singularo joined #salt
21:26 murrdoc joined #salt
21:26 hasues left #salt
21:29 hasues joined #salt
21:29 kormoc joined #salt
21:30 hasues left #salt
21:32 toddnni joined #salt
21:33 Ryan_Lane joined #salt
21:36 monkey661 joined #salt
21:39 LittUp joined #salt
21:40 redcup1 joined #salt
21:41 redcup1 left #salt
21:42 paha joined #salt
21:45 snave joined #salt
21:49 aparsons joined #salt
21:52 aparsons joined #salt
21:55 slimmons joined #salt
22:00 Outlander joined #salt
22:00 flebel joined #salt
22:03 aparsons joined #salt
22:05 eightyeight uh oh
22:05 eightyeight "CommandExecutionError: Incorrect encryption key type 'ssh-ed25519'."
22:05 eightyeight are ed25519 keys supported in a current release? or planned?
22:06 aquinas joined #salt
22:06 meylor joined #salt
22:07 eightyeight http://docs.saltstack.com/en/latest/ref/states/all/salt.states.ssh_auth.html
22:07 meylor joined #salt
22:07 eightyeight answers that
22:07 murrdoc joined #salt
22:09 TheThing joined #salt
22:10 cads joined #salt
22:13 beebeeep joined #salt
22:15 beebeeep hello folks, do you have any ideas how to debug the situation, when minion can push salt-call test.ping to master, but master cannot ping minion from themself?
22:15 * bryguy is having issues with redismod external pillar support.
22:15 bryguy Wondering if I'm reading the ext_pillar code correctly:  https://github.com/saltstack/salt/blob/v2014.7.0/salt/pillar/__init__.py#L518
22:16 iggy beebeeep: try a few times in a row
22:16 bryguy exception fires if we have the wrong number of arguments, issues a deprecation warning and then tries the exact same call again.
22:16 murrdoc joined #salt
22:16 beebeeep tcpdump port 4506 on master while running test.ping shows some traffic on 4506 from ::1 to ::1 and nothing to/from minion's IP
22:17 beebeeep iggy: i've tried several times, no effect
22:17 iggy back-to-back?
22:18 beebeeep i suspect that if i restart salt-minion, master will see it, but it don't looks like a good solution
22:18 beebeeep i've alse tried to restart master with no effect
22:21 flebel joined #salt
22:21 beebeeep salt v2014.7.0-n/a-b6626c1 w/ ZMQ 3.2.2 on both sides
22:22 shaggy_surfer joined #salt
22:22 kballou joined #salt
22:25 agend joined #salt
22:28 beebeeep yes, after minion restart, master is able to see it
22:30 beebeeep bad thing is that i see no way to detect that master cannot see minion is unreachable from minion's side :(
22:34 Mso150 joined #salt
22:42 slimmons Hey guys, I just posted a question on http://serverfault.com/questions/649563/saltstack-configuration-no-top-file-or-external-nodes-data-matches-found
22:43 slimmons it would be hard to ask it here, as it is long, but any help is appreciated if you know the answer
22:47 Ryan_Lane joined #salt
22:48 budman Unaccepted Keys:
22:48 budman precise-x8664.local.lan
22:48 budman where/how are the minions host names being assigneed.
22:48 budman opps sorry for the paste flood
22:48 conan_the_destro joined #salt
22:52 otter768 joined #salt
22:52 iggy slimmons: you didn't paste your top file
22:53 slimmons editing it in now
22:53 Ryan_Lane joined #salt
22:55 hal58th joined #salt
22:57 Ryan_Lane joined #salt
22:57 Mso150 joined #salt
22:58 UtahDave slimmons: let me know when you've pasted in your top file
22:59 slimmons it's in
22:59 slimmons thanks
23:00 slimmons half my family is in Utah :)   brigham city and logan i think
23:00 iggy most of the devs are...
23:00 iggy I don't see the top file
23:00 murrdoc utah is a beautiful drive
23:01 slimmons I added it as an edit at the bottom
23:01 murrdoc like driving through the 70 was amazing
23:03 iggy you got an answer on there that looks promising
23:04 robinsmidsrod joined #salt
23:04 UtahDave slimmons: ChrisV is correct there, but I'm still not seeing your top.sls
23:07 troyready joined #salt
23:07 slimmons sorry, it had to get approved.  It's there now, and I changed the syntax in my nodegroup according to ChrisV's advice, and same problem.  But I did learn the correct syntax!
23:10 slimmons When chrisv said verify my minion id, did he just mean to make sure the salt-key -L names matched, or actually check public key or something?  <----still saltnoob
23:18 iggy make sure what's in minion_id on the minion matches what you're using to specify hosts
23:19 iggy commonly people forget that minion_id will somtimes be fqdn
23:19 slimmons Yeah, my minionid is set correctly
23:20 eightyeight is there an 'ssh_config' salt state?
23:22 eightyeight from what i can see, only 'ssh_auth' and 'ssh_known_hosts'
23:22 eightyeight i don't mind sourcing the file. just curious
23:22 iggy eightyeight: there's an openssh-formula
23:23 iggy slimmons: you restarted the master after the changes?
23:23 eightyeight iggy: link to the docs?
23:23 iggy google openssh-formula
23:27 UtahDave slimmons: You have to have a "base" environment in your top.sls.  If you're not going to use it, then just create a "empty.sls" file which is indeed empty that matches in the base environment
23:28 eightyeight iggy: ah. meh. sourcing works, and it's easier imo. thx though.
23:30 Gareth ahoy hoy.
23:32 slimmons UtahDave when I add a base environment I get tons of errors, and none of it works.   "Data failed to compile:" error
23:33 iggy refheap your new top file
23:33 iggy let's not wait for it to get approved this time
23:34 UtahDave slimmons: try putting single quotes around your target.  I'm not sure that's what's causing your problem, but let's check
23:34 slimmons nope.
23:35 kermit joined #salt
23:36 slimmons I'm surprised at how well salt deals with different syntax i've accidentally put in.  I've made a few syntax errors in trying to figure all of this out, and until now it's just worked how I expected even with the mistakes
23:36 ajolo joined #salt
23:37 rickh563 left #salt
23:38 slimmons ChrisV figured out the noob mistake.  It was the node syntax error that was the problem.  After I fixed it, I didn't restart salt-master....herpderp
23:38 hcl2 i'm trying to pull in the users-formula with gitfs, it fails to render because it says users/map.jinja is not available, anyone hit similar issue?
23:38 hcl2 i don't know wheret o start debugging, if I clone users-formula locally and set it as file root, everything works
23:39 iggy I could swear I asked if you restarted it
23:40 iggy hcl2: what happens if you do a salt-run fileserver.update ?
23:40 hcl2 no output, state.sls users gives same error :(
23:40 geekatcmu Any have a a firewall state written up that supports Ubuntu, CentOS, and FreeBSD?  Becaues I'd really, really like to not write that up myself.
23:41 hcl2 do i need to mount it somehow so it knows that users-formula.git is available @ users/ ?
23:41 hcl2 it seems to load the users/init.sls fine
23:41 ajolo_ joined #salt
23:42 hcl2 i can see the bare repo in /var/cache/salt/master/gitfs
23:43 hcl2 but the files are missing
23:43 hcl2 i had to git checkout -- .
23:43 iggy hcl2: if it finds users/init.sls, it should find users/map.jinja
23:43 hcl2 python-dulwich still that experimental ?
23:43 iggy oh...
23:43 hcl2 there's no way it coudl have, the entire repo was empty except for .git
23:44 hcl2 well, it still can't find the file :(
23:44 iggy at least with 2014.1, you don't need the files checked out... it talks directly to the git db
23:47 agend joined #salt
23:57 badon joined #salt
23:58 hcl2 i tried with gitpython, same result.  not sure if it's a gitfs issue or users-formula issue
23:59 * geekatcmu guesses "no"

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary