Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2014-12-09

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:01 nitti joined #salt
00:01 shaggy_surfer joined #salt
00:05 paha joined #salt
00:08 bhosmer_ joined #salt
00:12 arif-ali joined #salt
00:15 xMopxShell Hey, I'm trying out a salt-master and a salt-minion. They are connecting to eachother fine but the simple package install I put in my top.sls doesn't seem to be executed...
00:17 xMopxShell I'm not really sure how to troubleshoot this, I ran through the items at http://docs.saltstack.com/en/latest/topics/troubleshooting/ but nothing seemed relavent
00:17 qybl joined #salt
00:17 xMopxShell Running either end with -l debug doesn't produce any obvious errors
00:18 rawkode joined #salt
00:18 otter768 joined #salt
00:18 eliasp You're not supposed to put package installations into your top file. This is only used to assign SLS to minions.
00:18 aquinas joined #salt
00:20 housl joined #salt
00:20 Outlander joined #salt
00:20 xMopxShell eliasp: I tried putting the pkg install in core.sls in the dir as top.sls, and referencing that file, but no luck that way either
00:21 xMopxShell My top.sls is just like the basic example here: http://docs.saltstack.com/en/latest/topics/targeting/index.html
00:22 xMopxShell But web1 is '*' and core instead of webserver since that's the name of my file
00:22 eliasp How does your core.sls look like and what command do you use to apply it?
00:23 eliasp Ok
00:23 xMopxShell Is there a specific command to apply it? I thought just running the minion would do that
00:23 xMopxShell (I'm coming from puppet)
00:24 StDiluted joined #salt
00:24 eliasp Ah, ok. Have a look at highstate and scheduling in the docs
00:25 xMopxShell Gotcha, ill check that out
00:25 xMopxShell Thanks
00:25 eliasp I'm on mobile right now, so my answers are a bit short, sorry
00:26 iggy xMopxShell: in general, the quickest way to get help is to paste everything you're working with and commands you run in a gist, refheap, etc., then paste the link to it in here so we can see exactly what you're working with
00:27 xMopxShell eliasp: no problem, looks like I’ve got a good amount of reading to do :)
00:27 xMopxShell iggy: alright, ill keep that in mind
00:29 sjlu joined #salt
00:30 jnials joined #salt
00:31 sjlu hey, so I have a key called 'create_ssh_dir:' and 'create_ssh_key:' and in 'create_ssh_key:' I have a require: - create_ssh_dir
00:31 sjlu but it errors out saying its unavailable. I'm guessing I'm doing this wrong?
00:31 sjlu specific file: https://github.com/sjlu/salt-states/blob/master/deploy/init.sls
00:31 sjlu L10:32
00:32 iggy - require:     - file: create_ssh_dir
00:33 iggy or something like that
00:33 iggy you have require at the same level as the state (file.managed in this case)
00:33 iggy fwiw, that require is redundant there
00:33 iggy salt works top-down
00:35 sjlu oh ok, so sls execution is done parallel while command in file is done in series
00:35 iggy not exactly
00:35 sjlu so both of my require and require_in statements or useless?
00:35 sjlu are^
00:36 iggy things will run in parallel on multiple hosts
00:36 iggy but running state.highstate on a single minion, everything is going to be in order and serialized
00:36 sjlu so my top.sls is run in order?
00:36 sjlu per minion?
00:38 iggy I'm not entirely sure how multiple entries in the top file are handled, but definitely a single state file is processed top-down
00:39 iggy and yes, every require in that file is wrong
00:40 iggy the one in do_deploy is also wrong
00:40 __number5__ topfile as a state file it's still rendered top-down. But the matching has it's own order, so top one not neccessarily has high priority
00:42 aqua^mac joined #salt
00:42 sjlu the require: -pkg: git is wrong?
00:42 sjlu how should it be done?
00:43 iggy require's are args to states
00:43 Steve7314 left #salt
00:43 iggy so it'd be git.latest:\n    - require:\n      - pkg: git
00:44 iggy but you'd also need a state somewhere in that file (or in an included file) that did a git:\n  pkg.latest
00:44 glyf joined #salt
00:44 iggy or pkg.installed
00:44 sjlu hmm, does sls: git make more sense?
00:44 sjlu since i have git/init.sls
00:45 sjlu - require: - sls:git
00:46 iggy yes, but at the top of the file, you need: include:\n  - git
00:46 iggy otherwise salt doesn't know how to qualify the sls: git part
00:46 sjlu gotcha
00:59 aqua^mac joined #salt
01:03 TheThing joined #salt
01:04 Steve7314 joined #salt
01:05 TheThin__ joined #salt
01:10 CatPlusPlus joined #salt
01:10 Steve7314 is there a utility for clearing cache?  or is it just rm /var/cache/salt/master/jobs/** ?
01:14 forrest Steve7314: just trash the jobs
01:15 sjlu getting an include error: the following requisites were not found: require: sls:git
01:15 sjlu https://github.com/sjlu/salt-states/blob/master/deploy/init.sls
01:15 sjlu not sure what's going on, I swear I'm including it
01:17 ITChap joined #salt
01:19 forrest sjlu: is salt-states the actual name of the directory where you are keeping your salt states?
01:19 forrest sjlu: What does the actual path on the system look like?
01:19 sjlu so that repo is gitfs'ed
01:19 sjlu i have no state_roots
01:20 tq joined #salt
01:21 forrest sjlu: Can you try reloading the service real quick? Maybe it didn't pick it up for some odd reason.
01:21 forrest You should see the states down in the cache directory in some form
01:22 sjlu reloaded, reran highstate, same error
01:23 sjlu what's the gitfs cache dir I need to clear?
01:23 forrest sjlu: Nah if you did that should be fine, try to run just the git state, so sudo salt state.sls git -l debug
01:23 forrest can you even do that?
01:24 sjlu No minions matched the target. No command was sent, no jid was assigned.
01:24 forrest oh you're on the master, target your minion then
01:24 forrest sudo salt 'minion' state.sls git -l debug
01:24 sjlu yup
01:24 sjlu ran succesfully
01:26 forrest okay, so something else is messed up in that deploy state then it seems. Let's try sudo salt 'minion' state.sls deploy -l debug
01:27 sjlu Comment: The following requisites were not found:
01:27 sjlu require:
01:27 sjlu sls: git
01:27 sjlu uh, don't think there's any other useful info
01:28 _prime_ joined #salt
01:29 _prime_ Hi.  Is 'cp.list_states supported in the Salt API?  It was working in the git version as of a few weeks ago, but give a 500 error "return: An unexpected error occurred" with the Helium release (cherrypy)
01:30 _prime_ *gives
01:31 forrest sjlu: Only thing I can think is something elsewhere is rendering incorrectly. I'd suggest to pull that state somewhere accessible with the pillar data, then do this: https://gist.github.com/gravyboat/154390b0f40bba4e1b69
01:31 shaggy_surfer joined #salt
01:32 Nick____ joined #salt
01:32 forrest sjlu: Something has to be rendering wrong, and a modified version of that should allow you to see what it is if there is access to the pillar data.
01:33 otter768 joined #salt
01:33 nkitmitto Question..  Currently, we're using Spacewalk to patch our environment.  But we're looking to implement Salt.  Is there a way to patch only security errata with Salt on CentOS?  I was looking into getting the yum-security plugin to work with CentOS, however I couldn't get it to work without violating my licensing with RedHat.  So my other idea to see if I could do this natively through Salt.
01:33 sjlu ah ok, I'll take a look into it later
01:34 sjlu Its odd though cause aren't both of those sls files rendering properly?
01:34 sjlu as from running state.sls git and state.sls deploy ?
01:34 forrest well, the deploy state is screwed up somewhere
01:34 forrest and I'm doubting it's that requisite since it worked fine
01:35 forrest you could test it by writing an extremely simple state that includes git, then requires that sls, and see if the same thing happens if you want to be 100% sure
01:35 forrest sometimes salt errors are less than useful :\
01:35 forrest because lol yaml
01:35 anotherZero joined #salt
01:35 _prime_ anyone here use the salt api on helium?
01:35 sjlu haha, I gotcha
01:35 sjlu I'll try to figure it out
01:35 tq left #salt
01:36 forrest sjlu: Sound good, let me know what it is once you figure it out if you are around, I'm out for the day
01:36 TyrfingMjolnir joined #salt
01:36 forrest _prime_: It's getting a bit late here in the states even on the west coast, I'd suggest a post to the mailing list, or maybe try asking tomorrow earlier in the day.
01:36 _prime_ I'll post something on the mailing list.  It's pretty late here in Chicago too :-)
01:37 forrest _prime_: hah
01:37 forrest yeah I looked at the clock and went 'woah 5:40, what am I still doing on my work machine...'
01:37 forrest Anyways, have a good one.
01:40 forrest joined #salt
01:41 cads joined #salt
01:41 patarr joined #salt
01:41 patarr joined #salt
01:43 _prime_ you too
01:46 jnials joined #salt
01:51 Ryan_Lane joined #salt
01:53 jnials joined #salt
01:55 malinoff joined #salt
01:56 druonysus joined #salt
01:56 druonysus joined #salt
02:19 aurynn how would I go about logging from inside my jinja templates, so I can see how I'm going about dict access incorrectly?
02:23 jeffrey4l joined #salt
02:24 mdasilva joined #salt
02:29 aurynn context is I'm trying to access some Mine data, and so I know there's a dict there
02:29 aurynn but I don't know what's in it
02:31 Ryan_Lane joined #salt
02:34 thehaven joined #salt
02:41 gngsk joined #salt
02:45 wolfpackmars2 joined #salt
02:49 rtuin joined #salt
02:51 chasehiccups joined #salt
02:55 drawsmcgraw joined #salt
02:57 iggy it's not easy
03:02 TheThing joined #salt
03:03 TheThing_ joined #salt
03:05 TheThi___ joined #salt
03:10 murrdoc joined #salt
03:11 malinoff aurynn, the only way i know is to put {{ var }} directly in the template and use functions to only render the template without executing it
03:13 Mso150 joined #salt
03:17 alexhayes I'm setting up salt in a master/minion fashion and I'm wondering if formulas need to be manually placed on the minion? For instance, my master has /srv/formulas do I need to put these on my minions (either via gitfs, mount, raw copy etc..)
03:19 nitti joined #salt
03:20 drawsmcgraw alexhayes: States (formulas, etc...) live on the master, who then hands them to the Minion.
03:20 drawsmcgraw http://salt.readthedocs.org/en/latest/topics/tutorials/states_pt1.html
03:21 jeffrey4l joined #salt
03:22 Valdo joined #salt
03:22 alexhayes thats what I thought, I must be referencing my formula incorrectly
03:23 bhosmer joined #salt
03:25 mordonez joined #salt
03:28 Mso150 joined #salt
03:29 iggy salt-call cp.list_states
03:29 iggy list_master
03:29 nafg Hi
03:30 nafg Can I call a formula twice with different sets of parameters?
03:30 iggy you can set env, and pillar data on the command line
03:36 druonysus joined #salt
03:36 patarr joined #salt
03:37 patarr joined #salt
03:38 alexhayes Following on from my earlier problem, I have /srv/formulas/mysql-formula/mysql on my master. If I want to apply the mysql meta state, on my master should I do: salt myminion state.sls mysql
03:38 alexhayes (forgot to say I have /srv/formulas/mysql-formula in my file_roots)
03:39 jeffrey4l joined #salt
03:40 drawsmcgraw alexhayes: If that's your file_roots then, yeah, that should work
03:40 drawsmcgraw also, you can run a `state.show_sls` to test the state before running it
03:40 alexhayes Because it gives me: Data failed to compile: No matching sls found for 'mysql' in env 'base'
03:40 drawsmcgraw or tack a `test=true` to the end of the command
03:41 drawsmcgraw stupid question: you've restarted the master since editing `/etc/salt/master` ?
03:42 drawsmcgraw You can usually put the master into debug mode and tail the logs to see where the Master is looking to get it's state files
03:43 badon_ joined #salt
03:43 alexhayes I have yes, but I think perhaps my problem might be related to not informing vagrant to provision on up
03:44 alexhayes thx for guiding me to the answer!
03:47 zlhgo joined #salt
03:47 drawsmcgraw alexhayes: Sure thing. Hope it works out :)
03:49 Rockj joined #salt
04:06 jeffrey4l joined #salt
04:29 kermit joined #salt
04:30 brianfeister joined #salt
04:31 rawzone joined #salt
04:31 foulou joined #salt
04:35 ekristen joined #salt
04:38 bramhg joined #salt
04:38 bramhg Hey
04:39 bramhg I was looking to use the placement group in the cloud.providers file to launch the instance in a specific placement group on ec2. I tried various combination, none of which worked.
04:40 jnials joined #salt
04:52 jeffrey4l joined #salt
04:55 smcquay joined #salt
05:01 chasehiccups left #salt
05:02 snuffeluffegus joined #salt
05:05 Steve7314 left #salt
05:12 hasue1 joined #salt
05:14 hasues joined #salt
05:15 hasues left #salt
05:22 rawkode joined #salt
05:49 nafg Can I call a formula twice with different sets of parameters?
05:49 nafg I guess "extend" it in two different ways?
05:50 nafg I find "reusability" to be a pretty foreign concept in config management world
05:50 bhosmer_ joined #salt
05:51 ramteid joined #salt
05:57 jeffrey4l joined #salt
05:57 ndrei joined #salt
05:58 __number5__ nafg: reusability can happen at many different levels. I found it easier to write reusable custom states/modules
05:59 nafg hi __number5__
05:59 nafg i want to reuse the same formula in one project in two ways
05:59 nafg it's basically to install a java program as a service
05:59 nafg using upstart
06:00 nafg different machines can have different services, but one machine can have multiple
06:01 __number5__ sounds like you need to define different
06:01 __number5__ "role" for each service, then assigned one or more roles to different hosts/minions
06:04 nafg __number5__: it's for the same machine in this case
06:05 nafg that's where i'm stuck
06:05 nafg what is "role" sounds like ansible :)
06:05 __number5__ that's common concept in configuration management :)
06:06 nafg __number5__: how is it specifically in salt
06:06 malinoff nafg, ansible role is just a subset of tasks, handlers and templates within a single directory, it's not the same as "balancer role" or "app role"
06:06 nafg whatever, bottom line,
06:06 nafg how can I write YAML in *one* place
06:07 nafg that describes how to put in place an upstart service,
06:07 nafg and then have one machine *reuse* that in *two* different ways?
06:08 nafg things like (a) create a user specific to the service (b) populate a jinja template with specifics to the service
06:08 nafg etc.
06:08 nafg in case of java, install java first
06:08 nafg etc. etc.
06:08 malinoff too many etcs
06:08 nafg i would think the answer is include + extend
06:08 nafg but docs say
06:09 nafg http://docs.saltstack.com/en/latest/ref/states/highstate.html#extend-declaration
06:09 nafg > States cannot be extended more than once in a single state run.
06:09 __number5__ normally I just use include, rarely find extend is useful
06:09 jhauser joined #salt
06:09 nafg which makes it sound like it's impossible
06:09 nafg __number5__: so how would you do what i'm trying to do?
06:09 nafg copy-pase reuse? ;)
06:09 nafg s/pase/paste
06:11 v0rtex joined #salt
06:11 __number5__ nafg: try this to see if it make sense http://thiggy.wordpress.com/2013/09/19/role-based-state-management-with-saltstack/
06:12 nafg how does that have anything to do with my question?
06:13 kermit joined #salt
06:13 malinoff nafg, it would be nice to see how you do things right now, e.g. on http://pastie.org
06:13 __number5__ ^^
06:13 xMopxShell joined #salt
06:13 rawzone joined #salt
06:13 Vye joined #salt
06:18 nafg malinoff: https://www.dropbox.com/sh/zb42qjuoa5451ig/AACsPQuU7u9g_WeuIkqexeSVa?dl=0
06:19 nafg malinoff: what precisely do you want to see?
06:20 nafg I'm struggling to understand what is so difficult to comprehend about my question, am I phrasing it in an unclear manner?
06:20 nafg all i know is I'm wasting WAAAY to much time over the last weeks on salt, when this deadline is looming REAL close
06:21 malinoff nafg, don't forget we're all volunteers
06:21 nafg malinoff: i'm not upset at anyone, i'm asking an honest question
06:21 malinoff nafg, you have troubles, get paid support, but don't expect that everybody will solve your issues
06:21 nafg what can i clarify better
06:21 nafg b/c obviously i'm not explaining good
06:22 nafg honestly i appreciate you want to help, somehow i'm not coming across right
06:22 __number5__ nafg: we need to know what's your pain point to be really helpful to you
06:23 nafg i want to reuse the same formula on the same machine with different parameters
06:24 __number5__ nafg: can you do it with a jinja for-loop?
06:25 nafg __number5__: i suppose, but then it means my pillar must be more complicated
06:25 nafg even in cases where it only needs 1
06:25 __number5__ why use for-loop if only need 1?
06:25 nafg why can't a formula just be like a function x* -> state
06:25 nafg __number5__: b/c some machines need 1, some need 2
06:26 nafg so i'd rather not make ability for multiple into formula
06:26 __number5__ that's modules level: where its all python
06:26 nafg well states sit on top of modules, and formulas sit on top of states
06:27 __number5__ nafg: the variables don't have to be in pillar, it can be in the sls
06:27 nafg states take parameters, why can't formulas
06:27 malinoff nafg, i don't think that you can reuse that formula in the way you want to
06:27 nafg __number5__: the values are per machine
06:27 nafg malinoff: :(
06:28 malinoff nafg, the only way to do that is to make every single parameter as a variable
06:28 malinoff and use for-loops
06:28 __number5__ nafg: http://docs.saltstack.com/en/latest/ref/renderers/all/salt.renderers.jinja.html
06:31 nafg __number5__: mmmmm, template inheritance may be the thing
06:32 nafg have to read docs more, assuming it's like in blade in laravel
06:32 nafg could have a formula template that's inherited?
06:32 __number5__ yep, jinja is very powerful templates, just make sure use `salt-call state.show_sls yourstate` to make sure syntax is ok
06:33 nafg yeah i just discovered that not long ago
06:33 nafg Thanks!!
06:33 __number5__ nafg: yes. in your case maybe macros is enough, which is simpler than inheritance
06:34 nafg ok
06:34 nafg what does import...with context mean?
06:36 nafg yeah i think macros are more apropo
06:36 nafg apropos
06:39 nafg erm,
06:39 nafg except it sounds like macros' return is whitespace-stripped
06:40 otter768 joined #salt
06:40 nafg nm
06:41 nafg it's b/c they use {%-
06:42 douardda joined #salt
06:43 mosen joined #salt
06:43 linjan joined #salt
06:44 pipeep joined #salt
06:45 CeBe joined #salt
06:46 CeBe joined #salt
06:46 CeBe joined #salt
06:47 CeBe joined #salt
06:48 CeBe joined #salt
06:49 CeBe joined #salt
06:49 nafg errrmmmmmm....
06:49 nafg It's not finding the template
06:49 nafg TemplateNotFound: java_service/init.sls
06:49 nafg Does jinja template lookup work over the gitfs backend?
06:49 CeBe joined #salt
06:51 gildegoma joined #salt
06:51 JlRd joined #salt
06:52 saravanans joined #salt
06:55 nafg maybe i'm not passing the right path?
06:55 catpiggest joined #salt
06:55 strangew_ joined #salt
06:56 nafg can i somehow list available files?
06:57 CeBe joined #salt
07:00 beneggett joined #salt
07:05 strangew_ left #salt
07:06 Jimlad_ joined #salt
07:06 nafg anyone, salt-ssh jinja lookup path?
07:16 pppingme joined #salt
07:19 oyvjel joined #salt
07:19 claytron joined #salt
07:21 viq joined #salt
07:28 nafg malinoff: __number5__: looking at http://docs.saltstack.com/en/latest/ref/renderers/all/salt.renderers.stateconf.html
07:29 malinoff nafg, just take this: http://docs.saltstack.com/en/latest/ref/renderers/all/salt.renderers.py.html#module-salt.renderers.py
07:29 malinoff :)
07:30 nafg malinoff: how do i write/include a reusable function?
07:33 malinoff nafg, def reusable_func(param1, param2): do_stuff(param1, param2)
07:33 nafg malinoff: yes but that has to be in the git repo
07:33 nafg in what file?
07:33 nafg and how do i make the contents of that file available?
07:33 malinoff anywhere you like, just import it
07:36 jeffrey4l joined #salt
07:36 nafg i don't know python
07:39 micko joined #salt
07:40 mikkn joined #salt
07:40 linuser_ joined #salt
07:41 nafg THIS IS UNBELIEVABLE IT'S 2:40 AM AND I HAVE NOT GOTTEN A THING DONE THE WHOLE DAY BECAUSE OF SALT
07:41 nafg copy-paste reuse is it then i suppose
07:42 Auroch joined #salt
07:42 malinoff nafg, i suggest to calm down and make something (use copy-paste or whatever else) working, then learn and refactor
07:43 malinoff don't blame salt that you don't understand how to do something
07:43 nafg it's pretty clear that it's not possible
07:43 nafg and that it takes me too long to figure that out
07:43 nafg i don't blame salt
07:44 nafg i blame myself
07:47 dRiN joined #salt
07:52 saravanans joined #salt
07:54 TheThing joined #salt
07:55 lothiraldan joined #salt
07:56 TheThing_ joined #salt
07:58 trikke joined #salt
08:06 flyboy joined #salt
08:10 jeffrey4l joined #salt
08:12 felskrone joined #salt
08:13 __gotcha joined #salt
08:20 akafred joined #salt
08:21 ndrei joined #salt
08:23 jdmf joined #salt
08:23 Mso150 joined #salt
08:25 ndrei joined #salt
08:28 slafs joined #salt
08:30 jeffrey4l joined #salt
08:31 slafs left #salt
08:35 saravana_ joined #salt
08:36 Many joined #salt
08:38 lb1a joined #salt
08:41 otter768 joined #salt
08:45 ndrei joined #salt
08:48 jeffrey4l joined #salt
08:50 agh joined #salt
08:50 agh Hello to all,
08:51 agh I've a big issue with SaltStack and the "autosign_file" directive
08:51 agh according to the doc, it is possible to auto_sign keys which are in the file autosign_file
08:52 agh It works well if I put the exact name of the minion, ie.: www-1
08:52 agh but, if I put this: www-* then, it will not work
08:52 agh Do you have any idea ?
08:56 saravanans joined #salt
09:00 tmh1999 joined #salt
09:00 kawa2014 joined #salt
09:04 strangew_ joined #salt
09:04 felskrone joined #salt
09:11 wvds-nl joined #salt
09:15 ninkotech joined #salt
09:15 jeffrey4l joined #salt
09:15 Dw_Sn joined #salt
09:16 kormoc joined #salt
09:22 tmh1999 joined #salt
09:23 linjan joined #salt
09:23 karimb joined #salt
09:26 N-Mi_ joined #salt
09:27 sieve joined #salt
09:27 keyser joined #salt
09:35 pduersteler joined #salt
09:37 babilen agh: All I can say is that the documentation agrees with you on that it *should* work. Which version of saltstack do you run on the master and are you testing this with completely new minions that never had their key accepted / rejected / removed before?
09:41 pduersteler I think I'm about to do a saltception, but I am not sure how that should work. Let's say I have sls' for nginx vhosts and php5-fpm pools and ssh/sftp users. how would I combine this so that I can write e.g. a "webhosting" state where I only have to define a "hosting" once and vhost,php-fpm-pool and user are generated from that?
09:43 pduersteler I mean, I've seen that I could merge pillar data somehow, but I'm currently not seeing how I would maintain a clean and proper format and also have clean state files without 20 lines of code to fulfill this. Has anyone an example who has done something similiar?
09:43 babilen pduersteler: You don't, I would write *one* generic "webhosting" SLS (or multiple SLS files that are included in there) and then generate actual states in there from values you pass over from a pillar
09:44 glyf joined #salt
09:44 babilen pduersteler: https://github.com/saltstack-formulas/php-formula and https://github.com/saltstack-formulas/nginx-formula/ ( in particular nginx.ng) will probably come in handy
09:45 pduersteler babilen: so I'd have e.g. the current nginx state (to maintain nginx states that e.g. don't belong to a webhosting, for system things) and a webhosting sls that also does a part from what the nginx one does you mean?
09:47 glyf joined #salt
09:48 babilen The way I use most webserver formulas is that I write a complete pillar for each website/vhost (e.g. nginx.sites.foo_bar_example_com) and then target those to specific minions along with a nginx.common pillar in which I define, well, common settings
09:49 pduersteler okay, got it, haven't thought of that way before. I currently split it by service.
09:50 pduersteler But that would make more sense in my case I think.. thank you
09:51 babilen I found it to be very advantageous to organise states and pillars semantically. I don't care how things work in detail, but I want that box foo hosts service website-google_com (and so on)
09:51 pduersteler sounds good
09:51 babilen Which, combined with my affinity to formulas, means that I mostly just target formulas to the boxes and write pillars like the one above
09:52 babilen (in the best of all worlds, that is. In real life I do write additional states, but I try to keep all settings in *one* pillar for each "semantic unit")
09:52 pduersteler I think I'll follow that way. That solves my problem of "why do I have to edit 4 pillars to define a webhosting"
09:53 pduersteler the states mostly can stay the same, I just have to reorganize my pillars
09:54 tmh1999 joined #salt
09:56 TheThing joined #salt
10:04 rtuin joined #salt
10:07 JlRd joined #salt
10:09 lothiraldan joined #salt
10:12 jeffrey4l joined #salt
10:16 sieve joined #salt
10:17 spoxaka joined #salt
10:41 aquinas joined #salt
10:42 otter768 joined #salt
10:43 hojgaard joined #salt
10:47 lothiraldan joined #salt
10:51 cb joined #salt
10:55 Guest66973 how can i restart / reload a service in the sls file after firewall configuration has been added for example ?
10:55 viq Guest66973: watch or watch_in
10:57 Guest66973 viq: ok will check that :)
10:58 giantlock joined #salt
11:00 Outlander joined #salt
11:01 sieve Are there any salt-cloud masters here? https://github.com/saltstack/salt-bootstrap/issues/510
11:01 sieve Salt-cloud / salt-bootstrap masters
11:01 pduersteler Hm, apparently I have a misunderstanding here... When I have a pkg/init.sls and a pkg/server.sls, init does not seem to be used when i reference - pkg in the top state. how can I achieve this? I configured an external repository in that init.sls which is required for all other sls in the same namespace. Do I have to put "require init.sls" in every other sls or is there a nicer way?
11:03 viq pduersteler: include:\n  - pkg
11:03 pduersteler viq: that goes in the exampled pkg/server.sls then, right?
11:03 viq But if in top.sls you have - pkg that should equal pkg/init.sls
11:03 viq pduersteler: or any other state where you want to use that, yes
11:03 pduersteler hmm, okay. I'll try
11:04 viq pduersteler: be aware that will also execute any other states you have in init.sls
11:08 intellix joined #salt
11:14 monkey66 joined #salt
11:14 lothiraldan joined #salt
11:15 Guest66973 viq: works :) thx
11:16 pduersteler viq: I guess my problem is that when I just have an init.sls with an include:  - repos.mariadb in it, it does not recognize the sls properly. I can't even call state.sls mariadb then. unless I put e.g. the client config into it.
11:17 agh babilen: I use salt 2014.7.0 (Helium). The situation is the same with new minions, either than with older one
11:17 viq if you include repos.mariadb, then state.sls would be for repos.mariadb as well, unless I'm misunderstanding
11:18 tomspur joined #salt
11:18 viq pduersteler: maybe you could paste somewhere what you have, and what the results are?
11:18 pduersteler viq: on it.. ;)
11:18 monkey66 left #salt
11:19 felskrone joined #salt
11:23 pduersteler viq: https://gist.github.com/pduersteler/a3d2144cb9d05f041ae2
11:25 viq pduersteler: I believe include needs to be at the top of the file
11:25 pduersteler viq: also tried that, yields the same "no matching sls found"
11:25 viq pduersteler: also sprinkling some requires accross could be useful
11:26 pduersteler viq: hmm, have to read up first what and where require is placed
11:26 tmh1999 joined #salt
11:26 viq pduersteler: then try replacing . with a space in the state id in repos/mariadb.sls (yes, spaces are legal characters in IDs)
11:26 pduersteler oh, okay
11:27 viq pbalso, your pkg.installed state is invalid
11:27 pduersteler yep, fixed that but forgot to put into the gist, sorry
11:27 pduersteler the rest is as-is
11:28 viq the missing "name: ", correct?
11:29 bhosmer joined #salt
11:29 pduersteler no, the -pkgs: in between pkg.installed and the package listing.. ?
11:30 viq ah. if you're installing a single package it could as well be like this: https://pbot.rmdir.de/oMtbEBGCIpdaLTKpth-PPw
11:31 pduersteler ah okay
11:32 pduersteler i just saw that my dev env is one or two updates behind the current salt-master/minion packages. now it seems to work. sorry for that..
11:35 viq ah, cool
11:38 dheeraj-gupta-4 joined #salt
11:38 CeBe joined #salt
11:47 gildegoma joined #salt
11:47 dheeraj-gupta-4 left #salt
11:50 aqua^mac joined #salt
11:51 giantlock joined #salt
11:58 wnkz__ joined #salt
11:59 felskrone joined #salt
12:10 sieve joined #salt
12:17 CeBe joined #salt
12:17 bhosmer joined #salt
12:21 bhosmer joined #salt
12:34 thawes joined #salt
12:35 williamthekid_ joined #salt
12:38 jeffrey4l joined #salt
12:39 intellix joined #salt
12:42 otter768 joined #salt
12:51 JlRd joined #salt
12:55 shookees joined #salt
13:01 douardda joined #salt
13:04 pduersteler joined #salt
13:06 pduersteler What could be a reason that a watch: - file: /etc/pkg/* fails with "The following requisites were not found:" ? It's working on my dev, but in production, I get that error..
13:10 nitti joined #salt
13:11 viq pduersteler: salt doesn't magically watch files, it watches states
13:12 pduersteler viq: so that means if i don't manage a file in that very state it can't find it. sounds valid..
13:12 viq You have to watch/require a defined state, and refer to it's ID/name
13:22 monkey66 joined #salt
13:28 sieve joined #salt
13:32 brayn joined #salt
13:36 saravanans joined #salt
13:37 ndrei joined #salt
13:38 CeBe joined #salt
13:38 saffe joined #salt
13:39 dunz0r So I'm setting up a salt-master... but I can't get authentication via groups working...
13:39 saffe interfaces meant as marker interfaces don't show up in ZMI if they have Attributes, or methods????? WTF?
13:39 dunz0r Any good reading or examples perhaps?
13:39 saffe uhh sorry wrong channel *embarrassed*
13:39 aqua^mac joined #salt
13:40 dunz0r Neither external_auth or client_acl seems to do anything
13:40 dunz0r So I must be missing something obvious.
13:41 dunz0r Doesn't work with any of these settings: http://paste.debian.net/135632/
13:41 dunz0r Works when I run the commands with sudo or as root
13:43 Whissi joined #salt
13:43 rawkode joined #salt
13:48 dunz0r Works when I specify a user as well
13:54 felskrone joined #salt
13:56 rawkode joined #salt
14:00 bigl0af joined #salt
14:01 nitti joined #salt
14:03 rtuin_ joined #salt
14:05 oeuftete joined #salt
14:08 drawsmcgraw joined #salt
14:13 elfixit joined #salt
14:16 _prime_ joined #salt
14:17 diegows joined #salt
14:17 racooper joined #salt
14:18 pduersteler joined #salt
14:18 istram joined #salt
14:20 BigBear joined #salt
14:24 cpowell joined #salt
14:25 diegows hi
14:26 rtuin joined #salt
14:26 diegows any idea why this doesn't work as expected?
14:26 diegows salt -t 30 -v -C 'G@cluster_name:test01 and (G@roles:webapp or G@roles:scripts or G@roles:bots)' test.ping
14:26 viq dunz0r: I think it's kinda for access via api or such, commands on system apparently need also file access
14:26 diegows only the node with role:bots replies
14:26 diegows salt -t 30 -v -C 'G@cluster_name:test01 and G@roles:webapp' test.ping <== this works for example
14:27 viq diegows: try spaces next to brackets ?
14:27 diegows viq, thanks :)
14:27 diegows works
14:27 viq diegows: http://docs.saltstack.com/en/latest/topics/targeting/compound.html#precedence-matching
14:28 diegows viq, good point
14:28 diegows thanks
14:29 diegows I haven't scrolled there :)
14:35 bhosmer joined #salt
14:35 mpanetta joined #salt
14:36 dunz0r viq: Ok, any idea if I can auth per-group basis for command access?
14:37 oyvjel joined #salt
14:39 _JZ_ joined #salt
14:39 ericof joined #salt
14:40 sieve joined #salt
14:40 TheThing joined #salt
14:40 zooz joined #salt
14:41 jalbretsen joined #salt
14:43 otter768 joined #salt
14:44 viq dunz0r: not off-hand, I didn't really play with ACLs yet
14:46 markm_ joined #salt
14:46 BigBear does naybody know of a salt sandbox that includes windows minions to play and learn?
14:47 viq BigBear: vagrant, microsoft publishes vagrant base boxes
14:48 viq I mean windows base boxes for vagrant
14:48 masterkorp https://github.com/saltstack/salt/issues/18729
14:48 masterkorp shameless call for help
14:48 masterkorp I have no idea what do more
14:49 thawes joined #salt
14:49 BigBear viq: so where do I find those ms base boxes? so I can "vagrant box add" them?
14:50 jeremyr joined #salt
14:51 mapu joined #salt
14:51 viq BigBear: apparently some are here http://www.vagrantbox.es/
14:52 TyrfingMjolnir joined #salt
14:52 viq and apparently more here https://vagrantcloud.com/boxes/search?q=windows
14:53 viq AKA "the usual places" ;)
14:53 ajolo joined #salt
14:56 mpanetta joined #salt
14:56 CeBe joined #salt
14:58 gngsk joined #salt
14:59 * dunz0r figured it out
14:59 CeBe1 joined #salt
14:59 dunz0r With external_auth you need to create a token first
15:01 housl joined #salt
15:03 CeBe joined #salt
15:04 mpanetta joined #salt
15:04 dude051 joined #salt
15:05 mpanetta joined #salt
15:05 viq ah
15:06 spiette joined #salt
15:07 dunz0r I can't seem to make the token to stick though.
15:07 dunz0r Nevermind, it's not /that/ many users. I'll just add them manually or use LDAP
15:10 heyjonathan joined #salt
15:10 thawes joined #salt
15:10 TheThing joined #salt
15:13 padelt joined #salt
15:14 chris__ joined #salt
15:16 chris__ Hi all.  Is anyone able to help with a custom salt returner issue? I'm trying to write a custom redis returner and use it as my master cache, but when I set it as master cache in the config file, salt-master throws a "KeyError: 'custom_redis.prep_jid'" error.  My prep_jid method matches that in salt's redis returner.  Any ideas?
15:18 thawes joined #salt
15:19 dunz0r salt '*' pkg.install figlet
15:19 dunz0r salt '*' cmd.run 'figlet 8====D'
15:19 dunz0r Mwahahaha
15:19 dunz0r Nothing can stop me now
15:19 dunz0r World dominance here I come
15:20 rawkode joined #salt
15:20 padelt What's the right way to debug   salt \* mine.get \* \*   returning nothing? pillar.items does show mine_functions. Pulling my hair out..
15:22 fredvd joined #salt
15:23 Frank_I joined #salt
15:23 KennethWilke joined #salt
15:26 TheThing joined #salt
15:28 aqua^mac joined #salt
15:30 padelt joined #salt
15:31 nkitmitto joined #salt
15:32 jngd joined #salt
15:32 nkitmitto Question...  Currently, we use Spacewalk in our environment.  Is there a way to get Salt to patch only security errata for RHEL, Ubuntu, and CentOS?  We're evaluating Salt to see if it'll make our jobs easier, and so far the answer is yes.  So I'm trying to find out if I can get it to do what one tool does, and replace that tool with Salt.  I tried yum updates-security, but from what I've read,  I cannot do so on CentOS without viola
15:39 viq nkitmitto: it cut off " on CentOS without violat"
15:39 padelt joined #salt
15:40 nkitmitto :)  Sorry, I saw the whole thing.  Without violating my RHEL licensing agreement.
15:40 viq nkitmitto: how would you do so normally? I don't think there's a command that does that, so you would need something else to manage a repository, and promote packages between those repositories
15:40 nkitmitto Yeah, so RHEL manages the repository and you can do yum updateinfo security and it'll patch only security CVEs
15:40 jonbrefe joined #salt
15:41 viq nkitmitto: AFAIK there are some repository managers, but I can't name them off the top of my head
15:42 nkitmitto I found a few, unfortunately with our environment, I can't really rely on that. :(   So I was hoping that when we got Salt in place, it'd be able to do it.  It'd be an easier sell to management for Salt if we could.  But if it can't, ah well.  Not too big of a deal.
15:45 jonbrefe1 joined #salt
15:45 anotherZero joined #salt
15:45 Setsuna666 joined #salt
15:47 BigBear joined #salt
15:47 iggy realistically, salt can be made to anything
15:47 iggy whether it's a good idea to re-invent the wheel of not is more of a personal call
15:51 nkitmitto :D  Good point
15:52 Guest66973 I have single state for all my debian and centos vms, however one package is matching on centos only, so I did if condiction, but still reported as error in Debian, so is there something like instead of installed , ignour or pass to added in SLS file ?
15:53 Guest13212 joined #salt
15:54 iggy you kind of lost me there at the end
15:54 anotherZero joined #salt
15:55 jngd joined #salt
15:56 kaptk2 joined #salt
15:58 Guest13212 like if os_family == Redhat insalled , name: blabla elif skip this package  ?
16:01 dimeshake Dw_Sn: look at the grains tutorial, it shows you exactly that sort of thing
16:01 SheetiS joined #salt
16:01 Dw_Sn dimeshake: okay thx
16:02 dimeshake 3.3.4.2 here http://docs.saltstack.com/en/latest/topics/tutorials/states_pt3.html
16:03 Frank_I I am trying to install apache on Centos and I am getting this error
16:03 gladiatr joined #salt
16:03 Frank_I null-000c29600e8d.corning.com:
16:03 Frank_I Data failed to compile:
16:03 Frank_I ----------
16:03 Frank_I Rendering SLS "base:apache" failed: Unknown yaml render error; line 9
16:03 Frank_I ---
16:03 Frank_I [...]
16:03 Frank_I service:
16:03 Frank_I - running
16:03 Frank_I - name: httpd
16:03 Frank_I - require
16:03 Frank_I - pkg: httpd    <======================
16:03 Frank_I ---
16:03 Dw_Sn - require:
16:04 StDiluted joined #salt
16:04 Dw_Sn Frank_I: ^
16:04 gladiatr yar.  the spaces around the '-' and the ':' at the end of the term for any container
16:05 gladiatr doh.  floodbanned before he even got his answer
16:05 jonbrefe joined #salt
16:05 iggy as well he should have been
16:06 Ozack1 joined #salt
16:07 jaimed joined #salt
16:08 frank_I joined #salt
16:08 frank_I Sorry I got disconnected
16:08 frank_I Now I got this
16:08 dimeshake use a pastebin frank_I
16:08 frank_I null-000c29600e8d.corning.com:
16:08 frank_I Data failed to compile:
16:08 frank_I ----------
16:08 frank_I The state "apache" in sls apache is not formed as a list
16:08 frank_I apache:
16:08 frank_I pkg:
16:08 frank_I -installed
16:08 frank_I service:
16:08 frank_I - running
16:08 frank_I - name: httpd
16:08 frank_I - require:
16:09 frank_I - pkg: httpd
16:09 frank_I mmm.
16:10 lb1a joined #salt
16:11 rockey w t f
16:11 ericof joined #salt
16:12 rockey this isnt a fucking wall of text services, use pastebin or something similar to not flood everything in here
16:12 frank_I sorry Rockey, if that's the problem I can leave the room
16:13 Dw_Sn can I use grains like os_family in the top.sls instead of '*' for example ?
16:13 Eugene Something something this is why I ignore *!*@gateway/* something moral superiority complex
16:14 rockey frank_I: you may use pastebin for configs/logs etc, and post the url in here for assistance
16:14 viq frank_I: you're not being asked to leave, you're being asked to paste text somewhere like http://paste.debian.net/ and not here
16:14 Dw_Sn frank_I: - require:
16:15 frank_I Thank you viq I didn't know about that.
16:15 yekta joined #salt
16:16 frank_I Dw_Sn, thank you I just found the solution...
16:16 rockey happy saltstacking, and in the future, use pastebin and everything is a-ok :)
16:16 padelt joined #salt
16:17 frank_I No problem
16:20 yekta Hi there, I have a secrets state and depending on the environement I want to load the appropriate secrets file, how might I do that? https://dpaste.de/gyvs
16:20 jaimed joined #salt
16:21 dimeshake yekta: should the data really be secret? if so, you should be using pillars for it instead of regular state files
16:21 yekta Well, `secrets` is a pillar
16:22 dimeshake ah ok. you can use include there
16:22 viq yekta: you can't really refence pillars from pillars
16:22 debian112 Steve7314 how did you clear the cache?
16:22 viq As in base decisions on values of other pillars
16:23 yekta So I have something like this in the pillar: https://dpaste.de/JYTR
16:25 yekta So should I simply have a dev-secrets and a production-secrets and a staging-secrets repo for each of these?
16:25 bhosmer joined #salt
16:25 yekta It seems simple that way but somewhat a lot of repositories.
16:25 iggy I've found it's easier to keep track of things that way
16:26 iggy but yeah, once you start effectively using environments, it gets tricky
16:27 bigl0af joined #salt
16:30 rtuin joined #salt
16:32 TheThing joined #salt
16:33 rypeck joined #salt
16:36 bhosmer joined #salt
16:36 RedundancyD joined #salt
16:38 BigBear joined #salt
16:44 padelt joined #salt
16:44 otter768 joined #salt
16:48 padelt joined #salt
16:50 agend joined #salt
16:50 padelt joined #salt
16:52 MTecknology I wanna use tuples in yaml!!
16:53 padelt joined #salt
16:55 perfectsine joined #salt
16:56 padelt joined #salt
16:58 StDiluted joined #salt
16:59 Andre-B joined #salt
17:00 bigl0af joined #salt
17:00 padelt joined #salt
17:00 linjan joined #salt
17:00 MTecknology at least lists are ordered :D
17:01 Andre-B trying to create my first setup here, and have a sort of hen and egg problem. how can I provision unkown nodes (minions) by the master using salt - is this possible? or do I have to ensure minion is running on the node before salt kicks in?
17:02 SheetiS what do you want to do with the tuple that a list won't do?
17:03 frank_I Andre-B Yes. the minion service should me running.
17:03 iggy Andre-B: generally, you're going to have some sort of pre-existing setup (whether that be some parallel ssh or whatever) or you're going to be spinning everything up from scratch (in which case, you put everything in your install image)
17:03 frank_I should be running*
17:05 Andre-B iggy: this is going to be fun till it’s completed, servers are aws EC2 nodes, have to figure out how I can create a custom image there, or at least run a few commands after initial setup
17:05 iggy it's fairly easy to do either
17:05 Andre-B I’d like to have saltstack provision ec2 as well, which was planned in the first place
17:05 frank_I Andre-B are you using a kickstart?
17:05 Andre-B frank_I: no, not yet, what’s that?
17:06 iggy salt-cloud can do that (and it'll do the minion install/config for you)
17:06 jeremyb joined #salt
17:06 MTecknology SheetiS: in this particular scenario, they're prettier. That's it.
17:06 Andre-B iggy: Ill look at salt-cloud, thank you
17:07 felskrone joined #salt
17:07 SheetiS MTecknology: noted :D
17:08 frank_I Andre-B https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/5/html/Installation_Guide/ch-kickstart2.html
17:09 KyleG joined #salt
17:09 KyleG joined #salt
17:11 frank_I I am using kickstart to installed OS packages and Initial configuration and puppet after that, but next year I want implement Saltstack for Packages and config.
17:12 frank_I 1500 Nodes.
17:16 dude051 joined #salt
17:16 sieve joined #salt
17:17 zlhgo joined #salt
17:17 aqua^mac joined #salt
17:17 BigBear joined #salt
17:19 dude051 joined #salt
17:19 iggy kickstart probably isn't the best option in aws
17:19 iggy and most cloud providers aren't even going to allow anything like it (because their networks aren't setup to handle something like that)
17:24 wt joined #salt
17:24 giantlock joined #salt
17:27 monkey66 joined #salt
17:32 CeBe joined #salt
17:33 blaffoy joined #salt
17:34 blaffoy Does anybody have any general advice for how to proceed when a software installer has no "silent" option? On Windows, of course.
17:35 mlanner joined #salt
17:41 desposo joined #salt
17:43 racooper gripe at the vendor to use a real installer tool?
17:43 heyjonathan I don't understand how the minions authenticate their master.  Am I correctly understanding that , with the default configuration, a minion will accept instructions from any master who has acce pted the minions public key? Doesn't this allow man-in-the-middle attacks?
17:43 heyjonathan I'm looking at http://docs.saltstack.com/en/latest/topics/tutorials/multimaster_pki.html which seems so far to be the only place I see references to putting a private signing key on the master .  Did I miss something? It appears to me that every master ought to be using a private signing key, not just those in a multimaster config.
17:44 nitti joined #salt
17:45 johtso joined #salt
17:47 aparsons joined #salt
17:49 blaffoy racooper: Yup. Tried that. I expect them to fix it some time between next year and 2032.
17:49 racooper sounds like some of my vendors. wonder if you could wrap it in something like an autoit script?
17:50 blaffoy I'm not familiar with autoit. Worth a look
17:51 blaffoy The thing about the installer I'm dealing with now, is that it has an "unattended" mode
17:51 blaffoy Which works, if it has a GUI to play with. So I can launch the installer via command line on a local machine, but not a remote session.
17:52 blaffoy But without a GUI, it will just hang forever.
17:53 blaffoy So, a different question: can you launch a GUI based installer from salt?
17:53 babilen heyjonathan: Minions save the master's key
17:54 robinsmidsrod joined #salt
17:54 babilen heyjonathan: /etc/salt/pki/minion/minion_master.pub would be the one
17:54 BigBear joined #salt
17:54 ezheidtmann joined #salt
17:59 ndrei joined #salt
18:01 spookah joined #salt
18:04 Ryan_Lane joined #salt
18:04 forrest joined #salt
18:07 dude051 joined #salt
18:08 dude051 joined #salt
18:09 robinsmidsrod joined #salt
18:11 Mso150 joined #salt
18:13 heyjonathan babilen, thanks I see that, and I recall seeing somewhere that the minion will stop & scream if that key changes. but elsewhere (e.g. the random_reauth_delay setting in the minion config seems to suggest that the minion just tries to reauth itself with whatever new key it says
18:13 unpaidbill is there a good method for distributing things like SSL keys?  right now i think the best method is putting the key into the pillar data for the system(s) in question and rendering the file from the pillar data - or is there a better way now with 2014.7.0 ?
18:15 jonbrefe joined #salt
18:15 Andre-B there’s no ubuntu package for salt-cloud, is it included in core? (as of documentation?) also there’s no default conf for /etc/salt/cloud.providers or a directory called /etc/salt/cloud.providers.d/
18:16 Andre-B did installing salt change uname’s output?
18:16 hardwire joined #salt
18:18 Andre-B unpaidbill: sounds like pillar, at least from what I read from documentation
18:18 robinsmidsrod joined #salt
18:19 shaggy_surfer joined #salt
18:21 robinsmidsrod joined #salt
18:23 scottpgallagher joined #salt
18:23 scottpgallagher left #salt
18:23 smcquay joined #salt
18:26 dimeshake Andre-B: salt-cloud is part of core now, and it's not unusual for those directories not to exist if you haven't used it yet. you may need to create them yourself
18:26 Andre-B dimeshake: I see, just wondered :)
18:27 Setsuna666 joined #salt
18:27 Andre-B dimeshake: is it a good idea to put /srv/salt in a git repository? for the master?
18:27 Andre-B for everyone: ;) is it a good idea to put /srv/salt in a git repository? for the master?
18:28 robinsmidsrod joined #salt
18:28 dimeshake i'd say it's encouraged - and there are a lot of ways to structure it
18:28 dimeshake you can look into gitfs too
18:29 jeremyr joined #salt
18:30 robinsmidsrod joined #salt
18:31 Andre-B dimeshake: I would use gitfs for the minions, but still wondering how to get the inital master repository in /srv/salt so I actually have a few custom saltstack states
18:31 wt Is there a way to use pillars for selection in the pillar top.sls?
18:32 wt I have an ext_pillar that sets some pillars. I would like to use that pillar for targeting.
18:32 shaggy_surfer joined #salt
18:34 dimeshake Andre-B: actually the minions don't need to know anything about gitfs - the master caches and distributes the data
18:34 dimeshake you'd use it for things like salt formula forks
18:34 dimeshake I do keep /srv/salt in a repo myself
18:35 murrdoc joined #salt
18:36 Andre-B dimeshake: sure, I mean I’d like to later on have a runner-something.sls file which populates the minion’s file system with files from a different git repository than the one I just created in /srv/salt to deploy the projects code to the minion
18:36 dimeshake gotcha
18:36 bhosmer joined #salt
18:39 druonysus joined #salt
18:39 druonysus joined #salt
18:40 Andre-B chmod for /srv/salt?
18:42 Many joined #salt
18:42 KennethWilke joined #salt
18:45 robinsmidsrod joined #salt
18:45 otter768 joined #salt
18:48 robinsmidsrod joined #salt
18:49 CeBe1 joined #salt
18:49 CeBe1 joined #salt
18:49 Slimmons joined #salt
18:50 Slimmons Is it fairly common practice for people to place salt-minions as outward facing so they communicate with minions on something like amazon aws?
18:50 wt gitfs has a high overhead
18:50 wt as I have recently found
18:50 CeBe1 joined #salt
18:50 wt the overhead goes way up as you turn up the # of worker threads
18:50 bhosmer_ joined #salt
18:51 wt Slimmons, are you asking about putting salt-minions on public addresses?
18:52 ericof joined #salt
18:53 iggy unpaidbill: there's some gpg renderer stuff that you could look into (to make the pillar data a little more secure)
18:53 iggy wt: did you ever open an issue for that?
18:55 Slimmons Yes, I have two servers on amazon aws, that have external ip's, and I want to manage them from a local master, that I will allow to have an external ip to communicate with the minions
18:55 Slimmons I wanted to know how uncommon or common that is
18:55 wt iggy: I didn't understand that much about what was going on until this morning.
18:55 diegows joined #salt
18:55 cpowell joined #salt
18:55 iggy wt: if you do, let me know, I'd like to follow the issue
18:56 iggy it's come up a few times in here and I honestly haven't had the time to look into it
18:56 shaggy_surfer joined #salt
18:56 teepark wt: I saw you mention growing CPU use yesterday with a master using gitfs. I seem to be having the same issue: http://i.imgur.com/hjaTF56.jpg
18:56 teepark wt: is there a ticket?
18:56 teepark holy crap 2k open issues. there must be.
18:57 wt teepark, not yet.
18:57 wt teepark, it may be in there somewhere
18:57 wt someone needs to triage
18:57 whatapain Slimmons: i would say most people would be running a master in aws instead of having minions in aws talk back to a master over the wan.  good security practice would be putting your aws master in aws then have them talk interally via VPC or create a VPC gateway back to your facility.
18:57 whatapain Slimmons: it's impossible so say "yes that's common" without everyone telling everyone else how they're doing things.
18:57 teepark 18551 looks promising
18:58 wt iggy, teepark: the fundamental problem is that I don't see a way to only run module cache updates in a coordinated manner
18:58 whatapain Slimmons: but also note that the traffic should be encrypted so it would be low to moderate risk as long as firewalls were properly maintained and you only allowed known minions to talk to your master
18:58 wt I worked around it in a custom ext_pillar by pickling a file with the data structure and only regenerating the data when the file is over 5 minutes old or can't be loaded.
18:59 wt I have to unpickle the file every time a minion asked for it's pillars.
18:59 wt This is for the ext_pillar.
18:59 wt It feels like a hack solution.
18:59 Slimmons Thanks for the info whatapain.  I don't want to create the master in aws, because all of my minions right now are local.  We just had a couple that needed to be in aws for a while.  A VPC is a good answer for me for now.  We are also setting up the firewall to only allow those computers to communicate with the master.  Thanks
19:00 * whatapain nods
19:00 gngsk joined #salt
19:00 whatapain Slimmons: also take latency of the WAN into account.  it may take longer for your WAN minions to respond to a command, checkout the -t argument
19:04 Auroch joined #salt
19:05 giantlock joined #salt
19:06 aqua^mac joined #salt
19:08 Ryan_Lane joined #salt
19:11 KennethWilke joined #salt
19:12 kballou joined #salt
19:12 ericof joined #salt
19:13 unpaidbill thanks andre/iggy - i'll look in to the gpg pillar
19:13 BigBear joined #salt
19:14 jnials joined #salt
19:15 teepark should a salt-master be running 11 processes?   pastebin.com/kQJMu7kQ
19:15 unpaidbill yes, it forks off a number of processes based on your config
19:15 unpaidbill the default is 10 i believe
19:16 unpaidbill it's the 'worker_threads' option i believe
19:16 teepark each of these processes has threads as well, I'm only listing processes
19:16 unpaidbill i set mine to 20, and have a bunch running
19:16 teepark also really weird that some are grandchildren of the top-level process
19:16 teepark it has 10 total descendent processes, but 4 children, one of which has 6 children
19:18 diegows joined #salt
19:20 TheoSLC joined #salt
19:21 Andre-B how can I print grains information?
19:22 iggy salt-call -g
19:22 iggy or salt foo grains.item key
19:23 iggy http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.grains.html is helpful
19:23 TheoSLC I'm a little confused with the differences between cmd.wait, cmd.mod_watch, module.wait, etc.. any document explaining when to use what?
19:23 eliasp TheoSLC: I asssume you already read the builtin documentation/the online documentation (http://docs.saltstack.com/en/latest/ref/states/all/salt.states.cmd.html)?
19:23 Andre-B iggy: thank you. salt '*' grains.item os_family
19:24 Andre-B just to check
19:24 TheoSLC eliasp: yes i've seen that.
19:25 TheoSLC In my case I want a command that will watch and wait for other states to execute, but only execute one time if any of them trigger.
19:26 TheoSLC i think I can do it with just cmd.wait.  but I wanted to understand the other options better.
19:26 Andre-B why doesnt this work? http://pastebin.com/F97dZ77y
19:26 Andre-B " Rendering SLS "base:base.vim" failed: Unknown yaml render error; line 7"
19:26 Andre-B doh
19:26 Andre-B forgot a :
19:27 eliasp :)
19:27 iggy get used to that
19:27 iggy for like the first 2 months I was using salt, that was my most common mistake
19:27 Andre-B :D
19:27 Ryan_Lane TheoSLC: cmd.wait is what you want
19:28 Andre-B what happens to files that go from monitored to unmonitored?
19:28 eliasp I'd love to have a yamllint execution module I could use to validate SLS after they've gone through the renderer…
19:28 Andre-B or watched
19:28 Ryan_Lane mod_watch isn't really a function that can be used directly
19:28 Andre-B will they stay on the minion or be removed?
19:29 iggy eliasp: we were talking about that one day... there are tons of yaml linters... it's the jinja part that's tricky
19:29 Ryan_Lane Andre-B: if you mean, removed from the state files, they'll stay there
19:29 jonbrefe joined #salt
19:29 Ryan_Lane you need to actively remove files if you want them to be removed
19:29 Andre-B Ryan_Lane: thank you
19:29 eliasp iggy: sure, that's why the linting should happen _after_ the rendering
19:29 iggy I think pretty much everybody agreed it'd be better to just improve the error reporting in that case
19:29 Ryan_Lane unless you are using file.recurse
19:29 eliasp iggy: true
19:29 Ryan_Lane in which case you can tell salt to remove files that aren't in the directory
19:29 Andre-B is there a vim highlighting for sls files?
19:30 Ryan_Lane Andre-B: yes
19:30 eliasp Andre-B: :set filetype=yaml
19:30 Ryan_Lane Andre-B: https://github.com/saltstack/salt-vim
19:32 Andre-B having a sample saltstack config now on that repo that would configure vim with that module would be nice. lets see if I can pull it together
19:33 iggy and hopefully soon github will recognize sls as jinja+yaml (and not scheme)
19:34 LotR is it very uncommon to use json instead of yaml in your states?
19:34 murrdoc Andre-B:  do you use pathogen or vundler
19:34 Andre-B murrdoc: no
19:34 Mso150_l_y joined #salt
19:34 Andre-B murrdoc: never heard of it
19:35 murrdoc https://github.com/tpope/vim-pathogen
19:35 murrdoc mkdir -p ~/.vim/autoload ~/.vim/bundle && \
19:35 murrdoc curl -LSso ~/.vim/autoload/pathogen.vim https://tpo.pe/pathogen.vim
19:35 murrdoc cd ~/.vim/bundle && \
19:35 murrdoc git clone https://github.com/saltstack/salt-vim
19:35 iggy LotR: yes
19:36 LotR hmm, so I should probably stick with yaml just so I'll have more chance of support :(
19:37 Andre-B murrdoc: so pathogen is required to use salt-vim?
19:37 eliasp LotR: doesn't really matter IMHO… JSON is just a subset of YAML
19:37 eliasp Andre-B: no, just makes it easier to manage your vim plugins
19:38 iggy LotR: use whatever makes the most sense for you... states are just data, I suspect anyone who can look at your yaml states will be able to look at your json ones too
19:38 iggy (so long as you aren't writing them all on one line or something equally crazy)
19:39 LotR eliasp: what does yaml have that json doesn't that you call it a subset?
19:39 rojem joined #salt
19:41 eliasp LotR: comments, refs/anchors, etc.
19:41 rawkode joined #salt
19:41 eliasp according to Wikipedia: YAML has many additional features lacking in JSON, including comments, extensible data types, relational anchors, strings without quotation marks, and mapping types preserving key order.
19:44 * LotR suspects the only thing he'd miss be comments
19:45 Andre-B anyone got a sls file ready to install pathogen and salt-vim on a minion?
19:45 dimeshake comments in state files are really necessary, to me
19:45 eliasp there are still Jinja comments: {# foo #}
19:45 eliasp anyways… plain comments are nicer
19:47 douardda joined #salt
19:47 dani joined #salt
19:47 LotR I guess I will just have to deal with yaml iffyness :)
19:48 dani Hi friends, is it possible to get the job id when using /hook with cherrypy at the api call? http://docs.saltstack.com/en/latest/ref/netapi/all/salt.netapi.rest_cherrypy.html#post--hook
19:51 Andre-B salt master is going to use the private, public keys from /etc/salt/pki to auth against git repositories or the one from current user?
19:52 eliasp Andre-B: you're referring to SSH keys used for auth in git remote operations?
19:52 iggy Andre-B: user running salt-master (usually root)
19:52 eliasp what iggy says…
19:53 Andre-B how can I group salt states to something less fine grained, like a group webserver?
19:53 iggy unless you specify what to use (in 2014.7+)
19:53 Andre-B eliasp: yes
19:53 Andre-B plan right now is to use gitfs to clone a git repository on a minion
19:53 eliasp Andre-B: you can just group by including… webserver.sls with something like "include:\n  - httpd\n  - firewall" in it
19:54 Andre-B eliasp: so I’d create some parent/ group state file that picks more fine grained ones?
19:54 eliasp Andre-B: exactly
19:54 Andre-B eliasp: thank you
19:54 murrdoc Andre-B:  https://gist.github.com/puneetk/eacbbf13efcb24c241ef
19:55 eliasp Andre-B: http://docs.saltstack.com/en/latest/ref/states/include.html
19:55 Andre-B murrdoc: thank you
19:57 Hell_Fire joined #salt
19:58 cheus_ joined #salt
19:58 linjan joined #salt
19:58 murrdoc i mean the downside is obvious, you need git access
19:58 jhauser joined #salt
19:59 Mso150_l_y_u joined #salt
20:00 nitti_ joined #salt
20:00 jhauser joined #salt
20:02 Andre-B it’s getting somewhere: http://pastebin.com/r1RPnU8u
20:02 Andre-B murrdoc: going to check the vim stuff now
20:03 Andre-B is there a way to cache git repositories and files on master instead of downloading everytime again?
20:04 Auroch_ joined #salt
20:04 Andre-B some persistent cache option would probably be nice as well, that way I wouldnt have to setup a new repository for external file downloads (to ensure that they are available upon provisioning)
20:05 eliasp Andre-B: as long as you don't remove the dir containing the clone, it will be just updated next time your 'git.latest' state is applied
20:05 Andre-B eliasp: is there a git.specificcommit?
20:06 eliasp Andre-B: sure… 'rev': http://docs.saltstack.com/en/latest/ref/states/all/salt.states.git.html
20:06 Andre-B something to reference a specific commit hash or tag
20:06 Andre-B thank you! so much to read and get into my head
20:06 cpowell_ joined #salt
20:07 Mso150_l_y_u_x joined #salt
20:07 eliasp no need to get all this into your head… the docs are there for you (or simply 'salt your-minion -d git')
20:09 Andre-B eliasp: still have to get the big picture though, knowing what’s there etc, reading for a couple of days now through the documentation epub, but that’s not structured in the way I need to solve my stuff *gg* ;)
20:13 douardda joined #salt
20:13 Andre-B eliasp: will http://pastebin.com/a8cFzXRs keep the files checked out or will it wipe and redownload between calls to that state? (although the commit hash did not change?)
20:14 cheus__ joined #salt
20:16 eliasp no, it won't be wiped… only after a reboot where /tmp usually should be cleaned
20:17 Andre-B eliasp: is there a way to make it persistent? (even after reboot, till it's cleared manually or force is called)
20:18 eliasp Andre-B: well, then use another path then /tmp for it ;)
20:18 eliasp cleaning /tmp has nothing to do with Salt… that's just what every sane OS does
20:18 Andre-B gotcah
20:19 Andre-B I thought that http://pastebin.com/a8cFzXRs will clone the repo to minions /tmp folder and not that target is the masters target..
20:20 Andre-B actually.. shouldnt target be the target on minion?
20:20 eliasp Andre-B: yeah, sure… whatever you put into a state relates to the minion where it will be applied to…
20:20 eliasp Andre-B: the content of your states has nothing to do with the master
20:20 Andre-B eliasp: but I read somewhere that the master is interacting with the git repository, and not the minion?
20:21 Andre-B doesnt the master cache the git repository somewhere? will the master clone directly to the minion?
20:21 eliasp Andre-B: you're mixing things up here… master + git is master's support to get it's states from a git repository instead of directly from the filesystem
20:21 JordanTesting joined #salt
20:22 aw110f joined #salt
20:22 eliasp the "git.latest" state has nothing to do with this and is used to get a clone of an arbitrary git repository on your minion
20:23 aw110f In Jinja, Is it possible to concatenate a string and variable?
20:23 eliasp aw110f: {{ foo }}bar
20:23 eliasp where "foo" is your variable and "bar" your string
20:24 forrest joined #salt
20:25 Andre-B eliasp: so to sum this up, git.latest will execute cmd git on minion? and gitfs is actually working master?
20:25 eliasp yes
20:25 eliasp Andre-B: see also: http://docs.saltstack.com/topics/tutorials/gitfs.html
20:26 eliasp … and http://docs.saltstack.com/en/latest/ref/file_server/all/salt.fileserver.gitfs.html
20:26 eliasp that's just another fileserver backend for the master
20:28 ahammond joined #salt
20:29 Steve7314 joined #salt
20:30 Andre-B eliasp: how would I now clone a git repository on master with keys of master and distribute the repositories files to minions?
20:32 eliasp Andre-B: you should distribute the keys via pillars to the minion… I'm doing something like this: https://paste.kde.org/pkzxh9fno
20:32 eliasp Andre-B: so I don't have to worry about loosing control over the keys as they're just in a tmpfs which will disappear once the machine is powered off
20:33 Andre-B eliasp: i dont like the idea of having the minions pull from the repository directly, I would like to pass it via master, I could do it as a two step deployment as far as I know so far
20:34 Andre-B like having target: /srv/salt/repositories/mycoolrepo and then use salt://repositories/mycoolrepo
20:35 eliasp Andre-B: well, then just plug the repository you want to deploy into your fileserver under a defined mountpoint (http://docs.saltstack.com/en/latest/ref/configuration/master.html#gitfs-mountpoint) and then use file.recurse to get the repository to the minions
20:35 aw110f eliasp: http://pastebin.com/Vjau9eZJ
20:36 aw110f doesn't seem to work
20:36 eliasp aw110f: ah, you didn't mention you want to concatenate as variable… let me see, I think I did something like this in the past
20:36 eliasp aw110f: you can't nest {% {{ .. }} %}
20:37 babilen ... and you don't have to
20:37 eliasp aw110f: + should work
20:38 babilen I typically use "foo_%s"|format(...)
20:38 eliasp yep, should work too
20:38 babilen + is fine though
20:38 Andre-B eliasp: shouldnt it be ~ to concat strings?
20:39 Andre-B aw110f:
20:39 eliasp Andre-B: looking at the docs… you're right ;)
20:39 eliasp so either what babilen suggests or ~
20:40 Andre-B eliasp: is it good practice to trigger salt commands from an saltstack state file?
20:41 Andre-B thinking about deployment.sls which will pull the repo to that mounpoint and distribute it to known minions
20:41 Andre-B all by calling salt master state.sls deployment
20:41 eliasp Andre-B: you don't need to execute anything to do that… just use the "file.recurse" state
20:42 wt Andre-B, I do that with some files.
20:42 wt I create a file root that has a directory that contains all the files I want to distribute.
20:43 babilen eliasp: I could swear that I've seen + before :-/
20:43 wt e.g. I have /srv/salt/base/files as one of my file_roots. I have a directory in there called something like blah_dynamic. I put all my files for distribution under there.
20:43 Andre-B babilen: + will work, till you try to add a string to a number or a number to a string I guess
20:43 babilen That might just be a Pythonism that is simply supported in jinja, but has not been explicitly documented. "foo %s" % "bar" works too
20:44 Andre-B wt: thank you
20:45 eliasp any ideas why running the integration test ends up with this here: https://paste.kde.org/p8zruvz7s
20:45 Andre-B eliasp: if I use file.recurse, what will happen if the source changes? nothing till the state is called again? or will it automatically synch and get the latest from source?
20:45 mapu joined #salt
20:45 eliasp Andre-B: nothing until the state is called again…
20:46 ekristen joined #salt
20:46 eliasp Andre-B: as long as no state is executed, Salt minions won't do anything…
20:46 otter768 joined #salt
20:46 eliasp Andre-B: states can be executed either manually or via scheduling (http://docs.saltstack.com/en/latest/topics/jobs/schedule.html)
20:46 Andre-B eliasp: so I still need a two step process ;) 1. clone on master 2. let minions get fresh file from salt://repositories/coolrepo
20:46 eliasp … or via any of the other possibilities like reactors etc.
20:47 Andre-B to have  a complete deployment (so far)
20:47 eliasp Andre-B: well, master will keep itself up-to-date once configured
20:47 eliasp Andre-B: by default every 60 seconds
20:47 wt eliasp, are you refering the the gitfs backend?
20:48 eliasp yes
20:49 wt Andre-B, how big is your infra?
20:49 Andre-B wt: 30+ atm
20:49 Andre-B will scale to 80-350
20:50 wt Andre-B, you should keep a close eye on it if you use gitfs and multiple worker threads
20:50 Andre-B within the next 4-12 weeks
20:50 wt You probably shouldn't use gitfs.
20:50 hopthrisC joined #salt
20:50 Andre-B wt: actually it really looks like I am going to setup a one cloning on master only and will cp that to the minions
20:50 Andre-B rather than having minions to anything git related
20:50 wt that's not the point
20:51 Dw_Sn joined #salt
20:51 StDiluted joined #salt
20:51 wt I used to use gitfs on the master with 30 worker threads. It was not working as all the threads independently seemed to be trying to update the gitfs cache.
20:52 Andre-B wt: wtf..
20:52 wt indeed
20:52 Andre-B wt: so cmd.run?
20:52 Andre-B or how did you solve it?
20:53 wt I am going to put in a cron job workaround on the master.
20:53 wt Ultimately, I want to patch salt to do something smarter.
20:53 Andre-B that's not how any of this intended to be used :D
20:54 wt Andre-B, what do you mean?
20:54 Andre-B wt: doesnt sound right that saltstack itself doesnt support this without messing up
20:55 aqua^mac joined #salt
20:58 Steve7314 is there a magic chicken that needs to be sacrificed to copy a unicode file to a minion using the python api?
20:58 Steve7314 salt 'minion1*' cp.get_file 'salt://tmp/TÜBİTAK_UEKAE_Kök_Sertifika_Hizmet_Sağlayıcısı_-_Sürüm_3.pem' '/tmp/wtf1' <<works just fine
20:58 Steve7314 localclient.cmd('minion1*', 'cp.get_file', [u'salt://tmp/TÜBİTAK_UEKAE_Kök_Sertifika_Hizmet_Sağlayıcısı_-_Sürüm_3.pem','/tmp/wtf']) << fails
20:59 rawkode joined #salt
21:01 aw110f babilen: eliasp: Andre-B: both format() and ~ worked, thanks
21:01 aparsons_ joined #salt
21:02 Andre-B I got like 100 tabs open right now
21:02 Andre-B >.<
21:02 druonysuse joined #salt
21:07 karimb joined #salt
21:08 Andre-B thank you for the help, Ill be around probably ;)
21:09 rtuin joined #salt
21:13 jeremyr joined #salt
21:19 jgelens Is it possible to use Pyobjects for pillar files? If so, how?
21:20 eliasp jgelens: http://docs.saltstack.com/en/latest/ref/renderers/all/salt.renderers.pyobjects.html
21:21 jgelens True, but I only found examples for states there. Or am I missing something?
21:21 eliasp jgelens: pillars are just passed through the renderer in the same way as states…
21:22 jgelens Using classes or something?
21:22 eliasp the dunder dicts passed along differ a bit (e.g. no pillars available within pillars), but that's mostly it
21:22 sschwartz_ee joined #salt
21:22 jgelens I mean if I have in YAML: redis:\n  host: 127.0.0.1 how would I describe that with Pyobjects?
21:23 eliasp jgelens: don't know… never used pyobjects before
21:23 jgelens ok =P that's what my question is. It's not in the docs, at least it's not obvious to me yet,
21:23 eliasp but for the renderer, it doesn't matter whether it processes a Pillar or a State SLS…
21:23 jgelens ok thanks. I will try some things
21:24 eliasp k, good luck… if you succeed, you could add pillar examples to the docs via a PR
21:24 sschwartz_ee Has anyone here used salt.boto.elb to add loadbalancers? I cannot figure out, from the docs, how to add more than, well, one loadbalancer per IAM role.
21:24 jgelens will certainly do
21:25 perfectsine joined #salt
21:28 dnj left #salt
21:29 shaggy_surfer joined #salt
21:33 iggy wt: 2 things... you shouldn't need to up worker_threads for 80 minions generally, and file a bug already... i've seen you warn enough people by now that you could have solved the problem by now
21:33 Deevolution joined #salt
21:34 perfectsine joined #salt
21:35 wt I'm only running 30, not 80.
21:36 ckao joined #salt
21:36 iggy the other guy you were talking to said 80, you told him to be careful
21:37 wt He said he had 80 minions
21:37 wt I have 30 worker threads
21:37 wt those are totally different things
21:37 wt and he said that he'd be using 80-350
21:37 iggy overboard
21:37 iggy way overboard
21:37 wt that's too many minions?
21:38 iggy no, you have way too many worker_threads
21:38 iggy there are companies with 1000s of minions
21:38 iggy they probably arent 30 worker threads
21:39 wt Okay, so what's the right number?
21:39 Andre-B joined #salt
21:40 iggy probably something close to # cores
21:40 wt ok, I can try that
21:40 iggy if the master is just a master
21:40 wt The master is just a master. It also runs a minion if that matters.
21:41 wt Hmm...I am only running 20, not 30.
21:41 wt however, I am going to try 8.
21:45 Singularo joined #salt
21:47 rtuin joined #salt
21:51 snuffeluffegus joined #salt
21:51 Jimlad joined #salt
21:52 nooneishere901 joined #salt
21:52 nahamu joined #salt
21:54 nooneishere901 hi everyone, I'm just getting into salt and I got a master with 2 minions attached to them and my test.ping command from the master takes about 2.3 seconds to run. This is not the end of the world but from the demo videos I saw online, salt seems to run sub second in them?
22:00 druonysuse joined #salt
22:01 giantlock joined #salt
22:02 dstokes is bootstrap.saltstack.org not a thing anymore?
22:02 dstokes s/org/com/?
22:04 CeBe joined #salt
22:05 Andre-B nooneishere901: do you use activemq?
22:05 KennethWilke joined #salt
22:06 Andre-B sorry
22:06 Andre-B zeromq it is
22:06 hal58th dstokes are you asking if the url exists or salt bootstrap?
22:07 dstokes the url. saltstack.org doesn't seem to be a thing anymore. used to be the boostrap domain if i'm not mistaken
22:08 seb` joined #salt
22:08 quickdry21 joined #salt
22:10 hal58th dstokes not sure I ever remember that but i am fairly new. Looks like they just use the github page for all bootstraping
22:10 hal58th https://github.com/saltstack/salt-bootstrap
22:11 ingwaem joined #salt
22:12 ingwaem joined #salt
22:12 shaggy_surfer joined #salt
22:13 ingwaem joined #salt
22:13 nooneishere901 anyone having any issues with salt-master on cent6 running slow?
22:13 dstokes @hal58th: https://github.com/saltstack/salt-bootstrap/commit/be5e5bf5aad141286b58c63560397ce3d0eb82ec
22:13 dstokes @hal58th: https://github.com/saltstack/salt-bootstrap/commit/e337fa53c3ef322254994a53f5ea8ea85ad383a7
22:14 dstokes i guess those answer my question
22:15 hal58th dstokes, yeap nice research
22:15 ingwaem joined #salt
22:16 Slimmons I have a minion on amazon aws, and my master is local.  I looked in the minion_id file and it has the minion_id set to the aws internal ip address (ip-173-xx-xx-xxx.ec2.internal).  How would I get my minion on ec2, to communicate with the master on an external ip?  my master isn't seeing it as request when I change the minion id to its actual external ip
22:17 Ryan_Lane Slimmons: set it explicitly in the minion config
22:17 ingwaem left #salt
22:18 Slimmons I have it set in the minion config, but it isn't even trying to connect to the master.  I have aws security settings to allow out 4505-4506, but nothing is actually trying
22:20 Ryan_Lane can you telnet to 4505 and 4506 from the minion to the master?
22:21 beneggett joined #salt
22:21 __number5__ Slimmons: what do you mean by your "master is local"? Is your master also in AWS?
22:22 Slimmons sorry, I should have explained that better.  My host is at my company location locally.  it is not on aws.   I can't telnet to it
22:23 hal58th1 joined #salt
22:23 Ryan_Lane Slimmons: if you can't telnet to those ports, then you have a firewall issue
22:23 Ryan_Lane is your AWS instance in VPC?
22:24 Slimmons no
22:24 Ryan_Lane it's in classic?
22:24 Slimmons ec2
22:24 Slimmons ec2 instance, just normal setup.  I'm pretty new to aws
22:24 Ryan_Lane ec2 has VPC and classic modes
22:24 rawkode joined #salt
22:24 Slimmons then classic
22:24 Ryan_Lane if you just created an account, then you're in VPC
22:24 Slimmons oh
22:24 Slimmons lol ok
22:25 Ryan_Lane if you're in VPC, then by default instances are created without public IPs
22:25 Slimmons I have set up the public IP's.  I can ping my instances from the master
22:25 Ryan_Lane ah. ok
22:25 __number5__ you need to open your company firewall to allow your minions in AWS to access your master on 4505/4506 ports
22:25 Ryan_Lane then the firewall rules to your master are probably bad
22:25 Slimmons I have set up elastic ip's
22:25 hal58th2 joined #salt
22:25 Ryan_Lane I don't think that will work
22:26 Ryan_Lane since the traffic won't be coming from the public IPs
22:26 Ryan_Lane err. it won't be coming from the elastic IPs
22:26 Slimmons where would it be coming from?  When I check my ip to the outer world, it's the same as the elastic ip
22:26 Ryan_Lane what you really want to do is setup a VPN between your org and your EC2 VPC
22:27 Ryan_Lane then you can use the private IPs directly
22:27 Slimmons yeah, that's my next step, was just hoping to get something working today.
22:27 Slimmons I'm slow on aws right now
22:27 Slimmons a lot to take in all at once for me
22:27 dimeshake you need to be able to telnet to the master on the correct ports from the minions first
22:27 Ryan_Lane AWS public IPs are nothing you can control
22:27 dimeshake unless you want to go the vpn route ^
22:28 Ryan_Lane you'd need to open the ports to those specific IPs, but if you terminate them, new nodes will come up on different IPs
22:28 kickerdog joined #salt
22:28 Ryan_Lane otherwise you'd need to open it up to the entire IP range of AWS
22:28 Slimmons alright, well i'll get to setting up the vpc then
22:28 Slimmons thanks for the info
22:28 Ryan_Lane yw
22:28 kickerdog found a really fun bug in salt-master. If you have a cifs mount inside the salt tree, salt queries the remote fs everytime it runs. Compound that will 500 minions and everything stops.
22:29 dimeshake vpc gateway should solve the IP issue, shouldn't it Ryan_Lane ?
22:29 Ryan_Lane ue[
22:29 Ryan_Lane yep*
22:29 dimeshake that's probably easiest, Slimmons
22:29 Ryan_Lane vpc gateway uses NAT, I think
22:29 * Ryan_Lane hates NAT
22:29 dimeshake yeah but each time the minion reaches out it should have the same endpoint ip
22:30 dimeshake for ease of firewall rules
22:30 Ryan_Lane indeed
22:30 Ryan_Lane easiest method
22:31 Slimmons I don't suppose anyone has a decent guide they know of on how to set all of this up for a person who is new to aws?   They have so many freakin' services it's taking me a bit.
22:32 Ryan_Lane sorry. no idea :(
22:35 elfixit joined #salt
22:40 CeBe joined #salt
22:41 cberndt joined #salt
22:44 aqua^mac joined #salt
22:45 kermit joined #salt
22:46 forrest joined #salt
22:47 otter768 joined #salt
22:47 smcquay joined #salt
22:47 __number5__ Slimmons: just fyi, we are using openvpn in AWS VPC, but that's just for secure access, our salt-master is in AWS VPC too
22:50 druonysus joined #salt
22:50 druonysus joined #salt
22:55 chitown is there any API to salt-key?
22:55 repl1cant chitown: yes
22:55 chitown it looks like even manage.down will walk the pki dir.... which seems a bit "in your face"
22:55 robinsmidsrod joined #salt
22:56 repl1cant client:wheel
22:56 chitown if i want a list of accepted key from python, whats the best course to get that
22:56 repl1cant fun:key.accept
22:56 chitown ah... wheel client
22:56 chitown duh
22:56 chitown thanks
22:56 repl1cant match:client
22:56 repl1cant np
22:59 rawkode joined #salt
23:01 packeteer joined #salt
23:01 Jimlad joined #salt
23:02 georgemarshall joined #salt
23:02 [vaelen] joined #salt
23:02 chutzpah joined #salt
23:06 SpeeR joined #salt
23:08 SpeeR is an asterisks allowed when going a pkg installed?  I'm wanting to install all libreoffice packages from our repo so wanted to use libreoffice4.3*
23:08 hal58th2 did you try it SpeeR?
23:09 [vaelen] joined #salt
23:09 eliasp SpeeR: this depends on your package manager and the virtual providing 'pkg' for this package manager (see salt/modules/pkg/)
23:12 Setsuna666 joined #salt
23:14 mosen joined #salt
23:15 KyleG joined #salt
23:15 KyleG joined #salt
23:21 aurynn so, the dockerio module seems pretty crap
23:21 iggy in what version?
23:21 CeBe joined #salt
23:21 aurynn 2014.7
23:22 aurynn the docker.login module docs are wrong, it appears to force logging in to the docker hub even if I'm trying to use it in private-registry only..
23:22 aurynn there's no debug logs
23:22 iggy file tickets
23:23 Ryan_Lane aurynn: it works with private registries
23:23 Ryan_Lane it's just a massive pain in the ass
23:23 llua left #salt
23:23 Ryan_Lane you need to use pillars to define the registries
23:23 MindDrive Not having a lot of luck tracking down any relevant information... in the same way a non-root user from a client system is allowed to run a specific command through MCollective (while it's running as root), is there a similar thing for Salt?
23:23 aurynn Ryan_Lane, oh? I've done that, it's still throwing me an auth error
23:23 aurynn I'm just using a private registry, not a hub ID
23:23 Ryan_Lane yeah, me too
23:24 aurynn could I see your config?
23:24 dani2 joined #salt
23:25 Jimlad joined #salt
23:25 dani2 I am using reactor with webook and my API is consuming it... I would like to know if it is possible to get the job id as the return from the API
23:25 rawkode joined #salt
23:25 Ryan_Lane aurynn: https://gist.github.com/ryan-lane/6814e49600f1e6e3ee5e
23:26 Ryan_Lane note that the trailing slash in the registry url is necessary
23:26 Ryan_Lane because docker is a massive piece of crap sometimes
23:26 aurynn I need the trailing /v1/ ?
23:26 aurynn guh
23:27 aurynn well that seems happier
23:27 aurynn thanks
23:27 aurynn :)
23:30 dani2 anybody? =]
23:31 __number5__ dani2: what's the event your reactor is listening on?
23:32 bhosmer joined #salt
23:34 wnkz_ joined #salt
23:34 desposo joined #salt
23:34 Ryan_Lane aurynn: yw
23:35 xsteadfastx joined #salt
23:35 dani2 Please, take a look on that https://www.refheap.com/94648
23:38 Setsuna666 joined #salt
23:39 MindDrive Anyone?  Did the question make sense, or do I need to clarify?
23:39 __number5__ dani2: what's your reactor config in your salt master config
23:41 __number5__ MindDrive: scroll up few pages and can't find your question. do you mind repeating it?
23:42 dani2 I just updated it https://www.refheap.com/94649
23:42 StDiluted joined #salt
23:42 dani2 I can see that it runs because it creates the file with the echo stdout
23:42 dani2 but I have no jib and it will be important for me
23:43 MindDrive __number5__: Okay, let me restate.  I have a Python application which currently calls out to 'mco' (MCollective) to run a remote application on a set of servers (for software installation).  The 'mco' command itself is run as the user even though the MCollective processes on the servers and relay systems (ActiveMQ) run as root, due to proper configuration.
23:43 MindDrive I'm looking to duplicate this with Salt instead.
23:44 Gareth anyone seen really long delays for a minion to return large amounts of data?
23:44 iggy Gareth: depends how long the minion takes to start producing said data
23:45 iggy the minion does everything before it sends info back to the master
23:45 __number5__ MindDrive: you mean replace mco with Salt?
23:45 MindDrive Correct.
23:46 ajolo joined #salt
23:47 MindDrive I'm hoping there's a way to keep the main application runnable by a non-root user, since privilege escalation is really not something I want to deal with.
23:48 iggy what do you mean by main application?
23:49 __number5__ MindDrive: salt (master or minion) can be run as non-root user
23:49 iggy how useful that will end up being is open for debate
23:49 MindDrive __number5__: They can, but then (at least on the master side) you will be unable to do certain things.
23:50 murrdoc MindDrive:  salt-ssh might be better for you
23:50 murrdoc its closer to mco
23:50 murrdoc and you get the compoud matchin
23:50 MindDrive Iggy: I mean the program the users are running.  It is a deployment system, and currently uses MCollective to install packages on the various servers.
23:51 MindDrive I was hoping to move away from having to call out to an external command ('mco' in the current case), but right now it's not looking like that's possible.
23:52 iggy I say this a lot in here, and while you seem to have thought this through a good bit, it can't hurt... try thinking about what you're trying to achieve not _how_ you're trying to achieve
23:53 iggy that is to say, if you're thinking about switching tools, maybe rethink more of the system than just what runs commands
23:53 Gareth iggy: watching the debug logs there is quite a big delay from when the job finishes before the data is returned to the CLI call.  wondering if it is hitting some limit or sorts.
23:55 MindDrive I already know what the system needs to do.  Now I'm trying to find proper tools to do it.  MCollective isn't that tool any longer.  Salt is the next option I'm looking at.
23:55 iggy I used to see a pause after processing that went away at some point... don't think I did anything to fix it
23:55 jY anyone have an issue with iptables.append and centos 6 where each highstate just re-adds the rules each time
23:56 jY so if i run highstate 3 times all rules will be duplicated 3x
23:56 Gareth jY: which version?
23:56 Gareth of Salt.
23:56 jY Gareth: 2014.7.0 for both minion and master
23:57 Gareth I remember seeing that issue, thought it was fixed. Can you file an issue at Github?
23:57 jY sure
23:57 iggy search for existing ones first
23:58 Ryan_Lane anyone know what the next version will be?
23:58 Ryan_Lane I want to reference future version numbers in blog posts, but have no clue what the version will be :D
23:58 iggy helium
23:59 jY https://github.com/saltstack/salt/issues/12455
23:59 jY is what i found
23:59 Ryan_Lane helium is the current version
23:59 Gareth next version if Lithium.
23:59 iggy right
23:59 Ryan_Lane I also don't want to use the codenames
23:59 Ryan_Lane because codenames suck
23:59 iggy (me behind the times)
23:59 glyf joined #salt
23:59 Gareth really depends on when it's frozen :)
23:59 jY ok so seems like a rhel iptables issue
23:59 Ryan_Lane this is why doing releases on a schedule (or at least freezing on a schedule) is awesome

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary