Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2014-12-17

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:00 eliasp ahammond: pre-commit and pre-merge is IMHO a bit difficult, but for integration testing have a look at https://github.com/simonmcc/kitchen-salt and http://docs.saltstack.com/en/latest/topics/development/tests/integration.html
00:00 aparsons joined #salt
00:00 eliasp ahammond: so you could set up some mechanisms to only allow merges to your 'master' branch once they passed all integration tests in your 'test' or 'integration' branch
00:01 rickh563 left #salt
00:04 ahammond eliasp I'm looking for something even more primitive than that (although the kitchen stuff looks fabulous for actually testing formula) I just want to make sure that at least the yaml parses
00:05 eliasp ahammond: well, that's rather difficult as the YAML will only be there once it was rendered through Jinja… and for rendering Jinja you need a lot of context
00:05 iggy the problem is the jinja mixed in with the yaml makes it impossible to lex without actually rendering the yaml before
00:05 smcquay joined #salt
00:05 eliasp exactly
00:05 KyleG joined #salt
00:05 KyleG joined #salt
00:06 ahammond right, so is that reasonably possible?
00:06 ahammond as in, how much context do I need?
00:06 eliasp ahammond: so you'd have to provide stub-values for all Jinja in each SLS which is then rendered when running the pre-commit hook… but as your Jinja could also contain something like salt['cmd.run']('dowhateverthehellyouwant') this will be hard…
00:07 eliasp … this would mean you'd have to stub all possible things that could be run via salt for your pre-commit hooks
00:07 iggy or just don't use jinja anywhere
00:07 eliasp I mean: it would be awesome to have that, but this will be a shitload of work
00:07 eliasp … yeah, or that ;)
00:08 ahammond eliasp a general solution is clearly out of reach, but fortunately we aren't doing anything bonkers with jinja just yet.
00:08 spookah joined #salt
00:09 iggy I mean, you could probably hack a yaml parser to ignore anything with jinja and hope for the best
00:10 iggy that would get you _some_ level of testing (and depending on how complex your states are, might actually not fail constantly)
00:10 ahammond iggy that seems downright evil. I'm thinking just use salt-call state.highstate test=True
00:10 iggy you only have one host? or you mean --local/masterless?
00:11 ahammond iggy we have a few hundred hosts. :) I'd do this local/masterless on buildbot slave in a mock environment.
00:12 ahammond at least initially just one. Heck, maybe I'll do it directly on the buildslave since... it's salted. :)
00:12 ahammond and that lets me skip dealing with mock for the initial deployment.
00:12 ahammond dang. this is a bigger project than I'd hoped.
00:15 huddy joined #salt
00:17 aquinas joined #salt
00:18 eagles joined #salt
00:20 eagles Hello folks! Please, I am with a doubt of how to 'translate' a command from salt CLI to API... I think it is simple... Here is the files https://www.refheap.com/95011
00:20 eagles The point is how to pass pillar data via API... via CLI it worked
00:20 aparsons joined #salt
00:21 iggy send the whole request as json?
00:22 ggoZ joined #salt
00:26 pdayton joined #salt
00:30 aqua^mac joined #salt
00:36 eagles I did it! It's working now
00:36 eagles only change to it :        arg="pillar={test: Hello}"
00:36 eagles without the quotes '
00:36 eagles :D
00:37 femohamm joined #salt
00:38 loggyer joined #salt
00:40 femohamm if you have to pick couple of key advantages in using salt over chef, what would it be? We have a similar foot print from both windows and linux
00:41 alexhayes Following on from an issue I was having the other day regarding require and include, can anyone verify this https://gist.github.com/alexhayes/118120bbfbb3828fc9f9
00:41 loggyer Guys, anybody generated wildcard self_signed_certificates using tls ?
00:41 loggyer the wildcard doesn't seem to work
00:42 yomilk joined #salt
00:45 rap424 joined #salt
00:47 aparsons joined #salt
00:49 mikaelhm joined #salt
00:51 JonGretar Just wondering. Has someone made public a nice recipe for making an iptables public "private cloud" kind of a thing? Basically when I have 10 minions running on Digital Ocean that I want to automatically allow each other.
00:52 JonGretar Shouldn't be an issue to write that really. Just decided to check if someone had already made a formula for it.
00:52 mikaelhm Hi, I have submitted a PR, but Im not familiar with either jenkins or the tests that it is running. If someone can give me some pointers to, what I need to fix for this PR to succeed the testing on jenkins, then I'll try to fix it. https://github.com/saltstack/salt/pull/19038#issuecomment-67258951
00:52 __number5__ JonGretar: what you want is AWS VPC... (this probably won't help you at all)
00:53 aqua^mac joined #salt
00:55 JonGretar __number__: Yeah that's what I really want. :) Used to working with Joyent's CloudFirewall which is a dream. But Digital Ocean decided that this is a problem left for the operators so I'm basically trying to make a nice quick SaltStack solution to the same problem.
00:55 eliasp have there been some changes to the Jenkins integration? whenever I click now on a test result, GitHub asks me to permit the SaltStack Jenkins r/w access to all my repos: http://i.imgur.com/xYT7IQV.png
00:55 eliasp time to head home… maybe someone of you SaltStack core devs could have a look at this…
00:58 MugginsM joined #salt
00:59 budman_ joined #salt
01:02 mikaelhm joined #salt
01:03 mgw joined #salt
01:03 evidence so is it not possible to redefine the apt-get commands used in salt.modules.aptpkg.purge outside of a source change?
01:04 evidence or any aptpkg function really.. there is a prompt coming up for example when you remove the resolvconf package, so a highstate hangs
01:04 MugginsM you can set env variables so it doesn't prompt
01:04 MugginsM can't remember which, but most apt stuff is setup to be able to run automatically
01:04 evidence yeah DEBIAN_FRONTEND=noninteractive should work
01:05 evidence i'll have to poke around about setting env variables, thx
01:05 mgw i thought I could do this: "salt -I somelist:item test.ping"
01:05 mgw where 'item' is a value of an item in the list
01:05 evidence well it'd be cleanest if this was just in the state file, so unique commands weren't needed
01:06 mgw evidence: it is set
01:06 mgw let me get the link
01:07 mgw https://github.com/saltstack/salt/blob/develop/salt/modules/aptpkg.py#L69
01:07 evidence i saw a note that they enabled it in 0.9.8, but that's not the case here.  if i set it by hand the purge completes without a prompt.  the missing piece here might be that i'm using salt-call to get full output
01:07 evidence as initial highstate restart services.. and the service renegotiation doesn't work properly currently
01:07 mgw that shouldn't change anything
01:08 evidence something must be bugged then, i'll hunt around
01:08 mgw it may be a bug
01:09 mgw https://github.com/saltstack/salt/blob/develop/salt/modules/aptpkg.py#L544
01:09 mgw see, for install it sets the environ
01:09 mgw but I don't see that for _uninstall (called by purge)
01:10 mgw evidence: what release are you on?
01:10 evidence and for upgrade also
01:10 mgw of salt
01:10 evidence 2014.7.0 .. i'll try adding the DPKG_ENV_VARS to uninstall
01:11 mgw it sets it in __init__()
01:11 mgw but I suspect that's not working
01:11 otter768 joined #salt
01:11 mgw so yeah, try setting it in _uninstall
01:12 evidence upgrade and install both copy it though, in different ways
01:12 evidence will do, thx
01:18 covox does anyone know of an easy way to use pillar data to restrict access to another bit of pillar data
01:18 covox (e.g. list of minion IDs approved to get access to a private key)
01:20 yomilk_ joined #salt
01:20 covox I know you can put the list in the pillar topfile as a comma-separated list... but that's kinda ugly to maintain :)
01:20 pdayton joined #salt
01:26 evidence mgw: looking good, going to submit a patch
01:32 saffe joined #salt
01:33 theologian joined #salt
01:34 aparsons_ joined #salt
01:35 posicks joined #salt
01:36 posicks is is possible to restart a service using state.service? I can start it and keep it running, but what if i want to restart (not reload)? Do i have to do a stop and start?
01:40 evidence https://github.com/saltstack/salt/pull/19042
01:42 evidence should i be creating an issue to go with that, or is the pull good?
01:46 Ryan_Lane evidence: usually you make an issue too
01:50 rojem joined #salt
01:50 aparsons joined #salt
01:51 Ryan_Lane (or at least I do, so that tags can be applied to them)
01:54 evidence did so, thx
01:54 Ryan_Lane yw
02:02 nitti joined #salt
02:10 pdayton joined #salt
02:11 otter768 joined #salt
02:13 shaggy_surfer left #salt
02:45 dimeshake any best practice for long-running commands in states? generating a complex key, for example, can take several minutes
02:48 smcquay joined #salt
03:00 sk_0 just fired up salt-minion -l debug for first time. got error - [DEBUG   ] Loaded minion key: /etc/salt/pki/minion/minion.pem
03:01 sk_0 [ERROR   ] An un-handled exception was caught by salt's global exception handler:
03:01 sk_0 TypeError: string indices must be integers, not str
03:01 arif-ali joined #salt
03:01 navim joined #salt
03:01 sk_0 any ideas?
03:02 dimeshake typo in /etc/salt/minion ?
03:03 sk_0 dimeshake: i only changed the master: to point to my host
03:04 sk_0 dimeshake: i'll change it and see what happens
03:05 overyander joined #salt
03:06 sk_0 dimeshake: i dont think so. it's reading the minion file and connecting to master fine
03:10 Mso150_y_a joined #salt
03:11 ajolo joined #salt
03:14 pdayton joined #salt
03:18 sk_0 setup salt-minion on another machine. got same error after accepting the key. must be something on the master
03:19 mohae joined #salt
03:21 saffe joined #salt
03:22 TyrfingMjolnir joined #salt
03:22 aurynn can I put entire bits of state into macros?
03:23 aurynn so I can write generics
03:24 __number5__ aurynn: yes, you can. But you sure you want to do that?
03:24 mohae joined #salt
03:25 sk_0 i'm on arch linux i installed salt-raet. removing that and installing salt-zmq fixed
03:25 aurynn __number5__, I'm trying to achieve code reuse by putting these states, which I am using a lot for mildly varying things, in a single place
03:26 __number5__ aurynn: sounds like a good plan. I thought your "entire bits" means all your states XD
03:26 aurynn heh, no
03:27 aurynn doing loops doesn
03:27 aurynn 't quite work
03:28 aurynn d'ih
03:28 aurynn I left spuriousness in my files
03:28 aurynn no wonder it wasn't working!
03:28 mosen i thought maybe incorrectly, that the states would be like classes in a sense, but instance information would be contained within pillars?
03:29 mosen still learnin!
03:29 joehh1 dstokes: you are best to base it off the source package for the release(s) you are targetting
03:30 joehh1 the debian dir in the repo has some issues with upgrading on more recent distros...
03:30 ninkotech joined #salt
03:33 overyander there are a lot of different ideas out there for updating windows minions. what is the best way or your preferred way?
03:36 dimeshake any best practice for long-running commands in states? generating a complex key, for example, can take several minutes
03:38 mohae joined #salt
03:43 catpigger joined #salt
03:47 cedwards joined #salt
03:59 bfoxwell joined #salt
04:05 atbell joined #salt
04:05 jeson joined #salt
04:06 jab416171 joined #salt
04:07 JlRd joined #salt
04:16 pdayton joined #salt
04:20 dstokes joehh1: good to know
04:27 MorbusIff joined #salt
04:30 budman joined #salt
04:31 mgw joined #salt
04:32 smcquay joined #salt
04:39 viq joined #salt
04:39 Ryan_Lane joined #salt
04:40 mikaelhm joined #salt
04:44 Thorgrim joined #salt
04:54 GrueMaster joined #salt
04:55 rhand joined #salt
04:56 eightyeight joined #salt
04:56 Diaoul joined #salt
04:57 Deevolution joined #salt
04:58 TrafficMan joined #salt
04:58 jkleckner joined #salt
04:59 voxxit joined #salt
04:59 sc` joined #salt
05:01 ajolo_ joined #salt
05:02 jkleckner1 joined #salt
05:03 al joined #salt
05:03 pacopablo joined #salt
05:06 Ryan_Lane joined #salt
05:06 jonbrefe joined #salt
05:14 Goncyn joined #salt
05:22 eykd joined #salt
05:27 bhosmer joined #salt
05:31 felskrone joined #salt
05:38 peters-tx joined #salt
06:09 saffe joined #salt
06:15 felskrone joined #salt
06:16 felskrone1 joined #salt
06:27 _atbell_ joined #salt
06:34 saffe joined #salt
06:39 atbell joined #salt
06:42 iggy dimeshake: use the reactor and have your long running processes fire events?
06:45 saffe joined #salt
06:47 catpiggest joined #salt
06:53 yomilk joined #salt
06:56 otter768 joined #salt
06:57 evidence joined #salt
06:58 saffe joined #salt
06:59 CeBe joined #salt
06:59 orion_ joined #salt
07:01 saffe joined #salt
07:05 saffe joined #salt
07:06 saffe joined #salt
07:19 colttt joined #salt
07:20 saffe joined #salt
07:22 yomilk_ joined #salt
07:24 saffe joined #salt
07:25 iggywig123 joined #salt
07:26 ttrumm_ joined #salt
07:30 saffe joined #salt
07:31 slafs joined #salt
07:31 slafs left #salt
07:31 saffe joined #salt
07:36 _atbell_ joined #salt
07:42 saffe joined #salt
07:48 vectra joined #salt
07:48 Auroch joined #salt
07:50 trikke joined #salt
07:52 iggywig123 joined #salt
07:55 hebz0rl joined #salt
07:57 saffe joined #salt
08:01 saffe joined #salt
08:04 saffe joined #salt
08:04 saffe joined #salt
08:07 lb1a joined #salt
08:14 evidence joined #salt
08:17 Tahm joined #salt
08:18 jgelens_ joined #salt
08:19 Lingo_ joined #salt
08:24 mschiff joined #salt
08:25 mschiff joined #salt
08:33 noway__ joined #salt
08:37 kawa2014 joined #salt
08:37 karimb joined #salt
08:40 saffe joined #salt
08:41 saffe joined #salt
08:44 williamBill joined #salt
08:45 williamBill Hello,everyone
08:46 williamBill salt-ssh can't run,error "Process Process-1" ,is this a bug?
08:48 Mso150_y_a joined #salt
08:48 epcim joined #salt
08:50 williamBill salt-ssh can't run,error "Process Process-1" ,is this a bug?
08:51 iggywig123 joined #salt
08:55 davidone_ joined #salt
08:56 otter768 joined #salt
08:57 davidone_ joined #salt
09:00 muep joined #salt
09:16 calvinh joined #salt
09:29 agend joined #salt
09:29 jhauser joined #salt
09:30 saffe joined #salt
09:37 rnts joined #salt
09:38 saffe joined #salt
09:41 N-Mi joined #salt
09:43 rogst joined #salt
09:46 saffe joined #salt
09:52 Dw_Sn joined #salt
09:53 glyf joined #salt
09:54 felskrone joined #salt
09:58 Mso150_y_a joined #salt
10:01 saffe joined #salt
10:03 yomilk joined #salt
10:13 dburbridge joined #salt
10:25 lothiraldan joined #salt
10:25 lothiraldan Hi everyone
10:26 aquinas joined #salt
10:26 diegows joined #salt
10:32 lb1a joined #salt
10:33 lothiraldan I'm trying to use a custom returner as the salt-master job master cache
10:33 lothiraldan My problem is that my returner is inside a git repository
10:34 lothiraldan I think the problem is similar with custom runner stored inside a git repository
10:35 lothiraldan Salt with sync custom modules / returners / states to minions but it will not sync make them available to the salt-master
10:35 lothiraldan Salt will*
10:35 zadock joined #salt
10:36 calvinh joined #salt
10:36 lothiraldan Maybe I've missed a non-documented option, I've found the salt-master option returners_dirs by digging in the code, but couldn't find a way to do it with git repository
10:37 viq lothiraldan: combine it with git.latest ?
10:37 viq As in make a state that will check out the returner to somewhere where master can see it. I know it's a crutch, but...
10:38 felskrone joined #salt
10:38 lothiraldan Yes it would be a solution, but it means I need to use file_roots instead of gitfs
10:38 viq hm?
10:38 viq How so?
10:39 viq Just check out the returner, and set returners_dirs
10:39 lothiraldan No, sorry, forget what I say, I could use gitfs + copy the repository elsewhere and point the returners_dirs to that location
10:39 viq yeah
10:39 yomilk joined #salt
10:39 lothiraldan But the repository will not be automatically updated like with gitfs
10:40 viq Though you could set up a scheduler with a state to update it
10:41 lothiraldan Feel like a hack but would do the job, I will try it
10:41 workingcats joined #salt
10:41 lothiraldan It should be the same problem with custom runners stored inside git repository, right?
10:41 viq yeah, as I said, a crutch
10:42 viq no idea
10:42 saffe joined #salt
10:44 lothiraldan It's a known issue
10:44 lothiraldan https://github.com/saltstack/salt/issues/12511
10:46 lothiraldan Thank you viq for the idea, will give it a try
10:47 viq :)
10:50 lothiraldan Another question, as I'm here, I'm working on https://github.com/tinyclues/saltpad and I've some issue with the responsiveness of the job caching system
10:51 lothiraldan It's quite slow and so the API is quite slow too and so the web-interface is not very responsive
10:51 lothiraldan Which returner do you use ? How many jobs do you have in your job cache ?
10:52 drybjed left #salt
10:57 otter768 joined #salt
11:13 felskrone joined #salt
11:19 giantlock joined #salt
11:29 bhosmer joined #salt
11:31 bhosmer joined #salt
11:39 iggywig123 joined #salt
11:42 iggywig123 joined #salt
11:48 pttc joined #salt
11:51 felskrone joined #salt
11:59 eliasp any ideas, why 'search_only=True' isn't recognized as keyword here: https://github.com/saltstack/salt/pull/19047/files#r21967436
12:03 jonatas_oliveira joined #salt
12:06 calvinh_ joined #salt
12:11 CeBe joined #salt
12:12 markm_ joined #salt
12:17 ajolo_ joined #salt
12:21 test12345 joined #salt
12:23 test7777 joined #salt
12:26 jgelens joined #salt
12:32 mohae_ joined #salt
12:33 fredvd joined #salt
12:34 Diaoul joined #salt
12:40 lothiraldan joined #salt
12:53 ericof joined #salt
12:54 Thorgrim joined #salt
12:55 thawes joined #salt
12:58 otter768 joined #salt
13:05 iggywig123 joined #salt
13:08 patrek joined #salt
13:10 rawzone joined #salt
13:15 yomilk joined #salt
13:18 jesusaurus joined #salt
13:20 tkharju joined #salt
13:21 iggywig123 joined #salt
13:22 Hazelesque joined #salt
13:23 zadock joined #salt
13:25 iggywig123 joined #salt
13:27 cpowell joined #salt
13:27 yomilk joined #salt
13:30 monkey66 joined #salt
13:32 Guest17960 joined #salt
13:33 Guest17960 left #salt
13:35 totte joined #salt
13:36 YuviPanda left #salt
13:36 JlRd joined #salt
13:39 ericof joined #salt
13:49 smoothify joined #salt
13:49 maxd joined #salt
13:49 che-arne joined #salt
13:53 glyf joined #salt
13:53 _prime_ Hi.  Now that the API no longer seems to allow providing a timeout when client=runner, how do we increase the salt-run timeout so api calls wait longer than the default?
13:55 FRANK_T Question, I am trying to copy my repos to a different Servers Node, this is my current file in puppet I do not know how to translate this to Saltstack https://www.hobapolis.com/paste/?25a97a7966198065#VHFawEGY62PcQV2AnX8tBkfmXSvm6buTS4MSdkudPYE=
13:56 FRANK_T Any Ideas.
14:00 sunkist joined #salt
14:00 yomilk_ joined #salt
14:03 FRANK_T I will like something like if hostname = b2 copy this repo if hostname= b3 copy this repo
14:09 Rockj joined #salt
14:11 flamin_scotsman joined #salt
14:11 ajolo_ joined #salt
14:12 FRANK_T joined #salt
14:13 gngsk joined #salt
14:13 iggy look at how the map.jinja's in the formulas work
14:14 iggy you can change the grain they search
14:14 iggy or if it's just a couple different cases {% if salt['grains.get']('nodename') == 'foo' %}...
14:15 FRANK_T ok let me check.
14:15 racooper joined #salt
14:17 sunkist joined #salt
14:19 viq Or just have file per repo, and assign them from top.sls
14:19 ggoZ joined #salt
14:19 sr4f joined #salt
14:20 FRANK_T iggy something like this https://www.hobapolis.com/paste/?85caa66331e89414#sjwfndbKZTj+2utZ7nPvE5ATvloUtvj2KvgBNG51GBQ=
14:21 FRANK_T viq, I am trying not to have a lot of files.
14:21 viq FRANK_T: you're missing {% endif %}
14:21 FRANK_T viq that;s one of the problems that we have with puppet
14:23 FRANK_T I am trying to convince management to migrate to saltstack ;)
14:24 viq FRANK_T: depending how you manage stuff, but big files can be as bad as lots of small files, I would say
14:24 FRANK_T viq like this? https://www.hobapolis.com/paste/?b21e5023bf054149#qNTMlJnJTSe+cELOJM/ZE5g8OexONQqd+MpbXX7rgIM=
14:24 FRANK_T got it.
14:24 viq FRANK_T: no, each {% if ... %} needs and {% endif %}
14:24 viq s/and/an/
14:25 viq https://www.hobapolis.com/paste/?b21e5023bf054149#qNTMlJnJTSe+cELOJM/ZE5g8OexONQqd+MpbXX7rgIM=
14:26 FRANK_T ok let me do some testing.
14:28 sunkist joined #salt
14:28 nitti joined #salt
14:32 thawes joined #salt
14:36 sunkist joined #salt
14:39 FRANK_T viq https://www.hobapolis.com/paste/?d6d1f954b470d7bc#h/jgNr71P/lKkmehPFhbhB4lJGxfARMPgXNZyabrcK0=
14:40 FRANK_T I am not getting any erro
14:40 jgelens joined #salt
14:40 FRANK_T error*
14:40 FRANK_T Summary
14:40 FRANK_T -----------
14:40 FRANK_T Succeeded: 0
14:40 FRANK_T Failed:   0
14:40 FRANK_T -----------
14:40 yomilk joined #salt
14:40 viq FRANK_T: seems good, though I'd probably go with id instead of hostname
14:41 FRANK_T I am not able to copy the files for some reason.
14:41 viq FRANK_T: and how are you trying to apply that state?
14:41 FRANK_T I create that sls file and
14:42 FRANK_T I just typed the command salt '*' state.sls yum
14:42 FRANK_T yum.sls is the name of the file
14:43 viq erm. You have name of the state, so the file that will be attempted to be created, as /home/isabelfa/ which is a directory. Also you're missing a semicolon at the end
14:43 jaimed joined #salt
14:43 Kenzor joined #salt
14:45 phx if i want to generate sls file in python, all i have to do is output stuff in yaml, with the appropriate content?
14:46 FRANK_T viq, I am trying to create the files here /home/isabelfa  that is that the path on the minions
14:47 viq FRANK_T: what file are you trying to create? /home/isabelfa ?
14:47 dotz joined #salt
14:47 FRANK_T I have the file salt://files/nsswitch.conf on my master and i want to copy that file to the minion
14:47 FRANK_T on /home/isabelfa
14:47 dimeshake iggy: reactor might work...
14:48 dotz Guys, what's the *correct* syntax for "peer:" section for /etc/salt/master ? I'm doing various combinations of it and it looks that no matter, what I do, I'm unable to match minions by their ID... only the .* ("everything allowed") configration works.
14:48 viq FRANK_T: what is the full path of the file you want created?
14:48 viq FRANK_T: or in other words: cat <what do I put here?> will give you the contents of the file you want on minions?
14:49 schlueter joined #salt
14:49 rjc joined #salt
14:49 dotz NVM, I figured it out... I need to wait a few seconds after restarting master.
14:50 FRANK_T File Location on the master  /srv/salt/files/nsswitch.conf    I want to copy that to the minion location /home/isabelfa           nsswitch.conf doesn't not exist on the minion.
14:50 orion__ joined #salt
14:50 lothiraldan joined #salt
14:50 agh joined #salt
14:51 viq FRANK_T: on minion, what will be the full path to the file you want?
14:52 viq FRANK_T: you can't tell salt "oh, yeah, drop that file in the yonder directory", you have to tell it "I want you to create a file at /x/y/z.txt"
14:52 FRANK_T ohhh
14:53 KennethWilke joined #salt
14:53 viq And you can tell salt "this file that on master is called abbacus_rotation, I want it on minion at /the/new/revelatio.n"
14:53 FRANK_T something like this https://www.hobapolis.com/paste/?fbdda0bf4af7a2c2#5BVu+VuwqOYxXbUhJTGY3jjEnsthy3zm+E4r/26Erk0=
14:53 viq ie, source file name and file name on minion have no direct relation.
14:54 viq yes
14:54 FRANK_T To execute should I user Salt '*'
14:54 FRANK_T use*
14:54 viq Though it could just as well be https://www.hobapolis.com/paste/?fc216596bde90779#P+5/BOAifEmb7oIcbLs255jfn1B83dFv7ewfW3NVkLM=  (no need for list in source: )
14:55 viq Or you could target it at a specific minion, eg 'salt dyn10302287.corning.com state.sls yum'
14:56 viq Assuming minion_id matches hostname
14:56 FRANK_T viq I have to scan the cluster I have 800 Nodes
14:57 viq Then why asking me how you should do this? ;)
14:57 mgw joined #salt
14:58 viq Also, with that many nodes, you may consider using batches
14:58 FRANK_T You gave me 2 options and i said that I have to use '*'
14:59 FRANK_T viq Do you work for salt?
14:59 otter768 joined #salt
14:59 housl joined #salt
14:59 viq no
14:59 viq Just use it
15:00 cotton_ joined #salt
15:00 sunkist joined #salt
15:01 FRANK_T okay. I am looking for the salt Training. and I cannot find a single book
15:02 FRANK_T I think that I have problem with the grains.get because when I run the sls its says  succeeded 0 fails 0
15:03 perfectsine joined #salt
15:04 viq try this https://www.hobapolis.com/paste/?b8ce7de61c042ba0#9+Oakblt8K9ofQE8k07Ydx01dPapwiRqQuQgj6ItH90=
15:05 cotton joined #salt
15:07 toastedpenguin joined #salt
15:07 sunkist joined #salt
15:07 fredvd joined #salt
15:11 viq There is a book in the works, but it's not ready and out yet, though you can buy the in-progress version, and get updates to it
15:11 jonbrefe joined #salt
15:11 thawes joined #salt
15:13 scott_w joined #salt
15:15 mikkn joined #salt
15:16 kaptk2 joined #salt
15:19 schlueter joined #salt
15:20 rickh563 joined #salt
15:21 schlueter1 joined #salt
15:21 pdayton joined #salt
15:21 FRANK_T viq I am getting this Rendering SLS "base:yum1" failed: Jinja variable 'dict' object has no attribute 'hostname'; line 1
15:21 intellix joined #salt
15:21 viq FRANK_T: paste your file please
15:21 iggy nodename
15:22 felskrone joined #salt
15:22 iggy actually, you'd probably want to use fqdn since you have the full domain in there
15:23 scott_w joined #salt
15:23 iggy but you can simplify that file a lot
15:23 FRANK_T Done!
15:24 iggy https://www.hobapolis.com/paste/?394f6c10a30d73a0#BLFya6p5C09aXL0JLQ1xKpiwXYaOw3TKfZxd8CyfuNg=
15:25 iggy except, replace hostname with whatever works for you (nodename, fqdn, etc.)
15:27 FRANK_T nice!
15:27 rojem joined #salt
15:27 FRANK_T I have 6 more to go!
15:32 KennethWilke joined #salt
15:36 cotton_ joined #salt
15:37 mgw joined #salt
15:41 muebel joined #salt
15:43 muebel hey #salt, where is salt better than chef? any points where chef is better than salt?
15:44 viq pull vs push, yaml (with option of python) vs ruby, store and search vs live query - pick your poison
15:45 smoothify joined #salt
15:45 MTecknology ruby was enough for me to not use chef, but I still tried it and thought it was icky and clunky
15:45 viq On the other hand, if you already have ruby developers, they may feel best with chef
15:45 dimeshake salt states seem to produce much more concise code than chef/puppet in my experience
15:46 MTecknology Should a batch size generally be set to number of cores (worker_threads)?
15:46 cotton joined #salt
15:46 dimeshake if anything worker_threads should be set,  because that will cap the cpu regardless of how many minions you target at once
15:47 MTecknology So far that seems to produce the best results, but wanted to ask the question anyway.
15:47 viq MTecknology: I tend to run with -b 10 (where worker threads are either default 5 or upped to 20), but I have no scientific reasoning for it
15:47 muebel thanks viq,MTecknology,dimeshake!
15:48 MTecknology I have worker_threads set to number of cores (8) and I run -b 8 whenever I try to target >20 minions
15:48 jonbrefe1 joined #salt
15:48 miqui_ joined #salt
15:48 jonbrefe1 joined #salt
15:48 dimeshake MTecknology: try it a few ways... time the operation
15:49 dimeshake time salt '*' state.highstate -b 8
15:49 dimeshake vs leaving off -b
15:49 dimeshake i'd do a few runs though because minions that have responded recently seem to respond quicker the second go-round
15:49 muebel which tool provides better support for windows? how in particular?
15:50 viq muebel: uh, for that, probably chef. And probably even better puppet, just from the fact of having larger companies and communities behind them and being around longer
15:51 muebel yeah
15:51 dimeshake i get the idea most salt users doing windows stuff tend to rely very very heavily on powershell and cmd.run
15:53 Ozack joined #salt
15:54 lothiraldan_ joined #salt
15:54 FRANK_T viq
15:54 _prime_ anyone here familiar with the salt rest API (cherrypy)?
15:55 FRANK_T I have another question..... if somebody remove one of my file for example the one that i pushed from salt is anyway that salt can copy the file automatically?
15:55 mpanetta joined #salt
15:56 mpanetta joined #salt
15:58 cpowell joined #salt
16:00 scott2b joined #salt
16:02 _prime_ anyone know how to get cmd.run to work from the cherrypy restful api in salt Helium?  All kinds of undocumented changes seem to have been made since Hydrogen which break formerly working code.  Any help would be greatly appreciated.
16:02 ale__ joined #salt
16:03 _prime_ essentially i'm trying to do the equivalent of: salt 'minion.name' cmd.run 'echo "some string I've built by joining a list" > /path/filename
16:03 viq FRANK_T: each execution of that state will make sure that the file is there in the desired state
16:03 _prime_ but via the API
16:03 pdayton joined #salt
16:04 FRANK_T viq but how about if I create the file today and tomorrow somebody remove the file..
16:05 FRANK_T salt will copy the file automatically?
16:05 viq FRANK_T: that's why you add states you want executed on minions to top.sls and run highstate periodically
16:06 viq FRANK_T: salt does only what you tell it to. So no, without you telling it somehow to run this state salt will not make sure the file is in the desired state.
16:06 iggy to answer the question you seem to be asking, no salt doesn't "watch" files it's managing
16:06 jngd joined #salt
16:07 budman joined #salt
16:08 _prime_ for anyone searching IRC logs, the answer is it didn't like using kwarg { name: 'blah blah' } but required arg: 'blah blah' instead.  If anyone can point me to a good explanaition of how kwarg and arg differ for salt (I know the Python meaning, but salt's usage I find confusing) I'd be greatful
16:08 budman joined #salt
16:09 davidc_ joined #salt
16:10 conan_the_destro joined #salt
16:11 davidc_ I am trying to add support for OS X .pkg in salt. Implementing a module for that seems easy enough, but I was wondering about the interaction w/ the 'virtual' pkg provider
16:13 _prime_ whiteinge: bug created as requested last night for file.manage_file module: https://github.com/saltstack/salt/issues/19056
16:13 g3cko joined #salt
16:14 phx FRANK_T, automaticly continously enforcing states can be dangerous. there might be changes differing from the state for a reason. There's a test flag for the state commands you can issue to check for differences
16:15 bhosmer joined #salt
16:15 zz_Cidan joined #salt
16:15 Cidan joined #salt
16:19 hunmonk_ joined #salt
16:19 kermit joined #salt
16:20 kermit joined #salt
16:20 bhosmer joined #salt
16:27 StDiluted joined #salt
16:27 lothiraldan joined #salt
16:27 TheThing joined #salt
16:28 rawzone joined #salt
16:30 FRANK_T phx I asked the question because Puppet works like that\.
16:30 FRANK_T the puppet-clients check with the master
16:31 muebel quit
16:32 overyander there are a lot of different ideas out there for updating windows minions. what is the best way or your preferred way?
16:33 FRANK_T overyander what do you want to do?
16:35 overyander FRANK_T, I have a lot of windows minions (windows 7 workstations) many of them are remote/home users. i want to update the minion on those systems and restart the salt-minion service.
16:35 elfixit joined #salt
16:36 budman Whos using docker and salt here? what naming schema do you use? witht the random name hashes?
16:37 xsteadfastx joined #salt
16:37 viq FRANK_T: well, no, puppet does not magically figure out you changed a file and immediately put it back. It periodically schedules a puppet run, which checks whether everything is as it should. Same with salt, you can schedule a periodic highstate which will make sure everything is as it should be.
16:38 FRANK_T yes..
16:38 FRANK_T how do I do that with salt
16:38 viq FRANK_T: http://docs.saltstack.com/en/latest/topics/jobs/schedule.html
16:39 FRANK_T could you please give me a link
16:39 FRANK_T thanks
16:39 muebel joined #salt
16:40 bhosmer joined #salt
16:45 jalbretsen joined #salt
16:47 bhosmer joined #salt
16:49 wnkz joined #salt
16:49 sunkist joined #salt
16:49 atbell joined #salt
16:50 atbell joined #salt
16:50 eliasp FRANK_T: for updating Windows minions, have a look at this (in case I haven't sent you this before): https://gist.github.com/eliasp/cd962142e14c34569504
16:50 eliasp FRANK_T: that's how I'm currently updating all win-minions semi-manual ;)
16:51 eliasp FRANK_T: once https://github.com/saltstack/salt/issues/6859 is solved, this can be done in a better way…
16:52 FRANK_T eliasp I do not run Windows
16:52 atbell joined #salt
16:52 FRANK_T oh got it. sorry
16:52 phx FRANK_T, you can do that periodicaly with salt as well. I'm just saying it's not a good practice in many cases, inspite of puppet doing it. Also, X doing Y, is not always a reasonable argument, methodologies differ many times.
16:53 eliasp FRANK_T: oh, sorry… error parsing the backlog… this should have gone to overyander :)
16:54 FRANK_T phx I spoke with my boss about it and he said he doesn't care if salt checks or not..... I just have to know if is possible just in came somebody ask me. ;)
16:55 Ahlee all things possible with a large enough code and elbow grease
16:56 scott2b joined #salt
17:00 otter768 joined #salt
17:05 glyf joined #salt
17:08 rawkode joined #salt
17:10 JPaul joined #salt
17:17 zlhgo joined #salt
17:23 Ryan_Lane joined #salt
17:24 CeBe1 joined #salt
17:25 boredatwork joined #salt
17:27 KyleG joined #salt
17:27 aparsons joined #salt
17:29 bhosmer joined #salt
17:31 wendall911 joined #salt
17:31 CeBe1 joined #salt
17:32 echoplexion2 joined #salt
17:38 bhosmer joined #salt
17:39 Cidan joined #salt
17:41 Gareth morning morning
17:43 patarr joined #salt
17:43 patarr joined #salt
17:44 aparsons joined #salt
17:47 desposo joined #salt
17:48 Auroch joined #salt
17:50 forrest joined #salt
17:50 KennethWilke joined #salt
17:51 aparsons_ joined #salt
17:52 diegows joined #salt
17:54 thedodd joined #salt
17:54 muebel hey hey
17:54 worm5er joined #salt
17:55 worm5er Ok - I'm a bit new to salt, but trying to figure out how to use the sudo_acl master setting - I see the notes in the sample configs, but am struggling to understand how it works - anyone able to shed some light or guide me to documentation?
17:56 intellix joined #salt
17:57 atbell joined #salt
17:57 sunkist joined #salt
17:58 ckng joined #salt
17:58 atbell joined #salt
17:59 _prime_ guys, since upgrading from hydrogen to helium I'm seeing a lot of corrupt minion keys.  What's the best way to clear them out?
18:00 iggy _prime_: if you figure it out, let us know... I'm hitting the same thing
18:00 _prime_ [ERROR   ] Corrupt public key "/etc/salt/pki/master/minions/berkelium.trading.imc.intra": no start line
18:00 _prime_ iggy: I'm thinking something along the lines of setting open=True for the salt master, restarting the master, then issuing some kind of command to nuke all the minion keys...
18:01 _prime_ and restarting the minions with the same command maybe?
18:01 iggy we already use open: True, so yeah, all I've been doing is using salt-key to delete them
18:01 iggy but it's happened to a few minions multiple times
18:02 _prime_ iggy: but won't salt-eky just delete them on the master?  I think we need to nuke and regenerate them on all the minions...
18:02 _prime_ salt-key*
18:02 iggy maybe that's why I keep getting bad ones, who knows
18:02 iggy it seems to work for a while after I just delete them on the master
18:03 iggy I really wish the people running the repo's hadn't gone ahead and upgraded the packages
18:04 stephas joined #salt
18:04 iggy if for no other reason than it's a .0 release, not to mention the rather large oversight (imo) of compound matches being disabled for mine functions
18:04 patarr joined #salt
18:04 patarr joined #salt
18:07 khalieb joined #salt
18:07 JlRd joined #salt
18:11 _prime_ iggy: yeah, we did a bunch of testing and still have run into quite a bit of pain upgrading.
18:12 _prime_ iggy: here is what appears to be needed to clean out bad keys (I think).  1. identify all hosts with bad keys that have appeared in master log file: grep Corrupt /var/log/salt/master | awk '{print $9}' | cut -d '"' -f 2 | cut -d '/' -f 7 > /tmp/corrupt-keys.txt
18:12 smcquay joined #salt
18:12 Ryan_Lane joined #salt
18:13 iggy I think I'm just going to try to figure out how to get 2014.1.x back installed on everything
18:13 _prime_ then if they don't respond to salt (and most do not), I end up using a giant ssh for loop to nuke  the minion keys on each host (relying on authorized_keys to not type the password hundreds of times).
18:13 Mso150_y_a joined #salt
18:13 _prime_ after having nuked all the keys on the master with salt-key -D -y
18:14 _JZ_ joined #salt
18:14 _prime_ we might do the same if we can't get these bugs fixed/worked around within the next few days.  Helium doesn't appear to have been ready for release ... the API changes alone are painful
18:15 dotz joined #salt
18:15 _prime_ and a lot of these changes were masked due to how we did testing ... some bits went and talked to the old hydrogen server and appeared to work (never run both in parallel again!)
18:15 thedodd joined #salt
18:16 iggy sadly, I already made a bunch of changes to our states to work with 2014.7, so I'm going to end up reverting all that for now I guess
18:17 iggy I wish I could find the trigger so I could at least file a bug... I didn't see anything else similar in the bug tracker
18:17 Ryan_Lane iggy: what's broken with 2014.7 that's making you downgrade?
18:18 iggy the last 20 lines or so...
18:18 Ryan_Lane just joined the channel. have no clue :)
18:18 Ryan_Lane master/minion issues?
18:18 iggy A. Corrupt public key ... no start line
18:18 iggy B. compound matching in mine
18:18 iggy C. general .0 releasishness
18:19 Ryan_Lane gotcha
18:19 Ryan_Lane A seems to be pretty serious
18:19 iggy B is for us
18:19 Ryan_Lane A is for all new keys?
18:19 Ryan_Lane I just use etcd/zk rather than mine ;)
18:19 iggy no, seems to just randomly happen to keys
18:20 Ryan_Lane ouch
18:20 iggy I'd rather castrate myself with rocks
18:20 iggy the weird part is the key actually looks fine in the file
18:20 iggy at least in my case
18:20 atbell joined #salt
18:20 iggy I don't know about _prime_
18:23 jswanson_ joined #salt
18:27 _prime_ Ryan_Lane: I'm seeing the key issues as well.  Not sure if it is an artefact of upgrading from hydrogen without generating new keys, or a bigger problem.  Right now I'm trying to purge all the keys and see if the proiblem goes away
18:27 Ryan_Lane did anyone add an issue in github about it?
18:27 iggy 13:17 < iggy> I wish I could find the trigger so I could at least file a bug... I didn't see anything else similar in the bug tracker
18:28 _prime_ iggy - deleting the keys on the master won't change the minion key.  You have to nuke the minion key, nuke the keys on the master, then generate a new minion key (a salt-call test.ping is enough)
18:28 _prime_ then restart the minion and the master should accept the new key.  If it's not corrupt, then that fixes it
18:29 _prime_ I suspect we're dealing with old hydrogen keys that helium doesn't like
18:29 iggy the thing is... I looked at the keys on mine... they all looked fine
18:29 debian112 joined #salt
18:30 _prime_ Ryan_Lane: What we're seeing is this: [ERROR   ] Corrupt public key "/etc/salt/pki/master/minions/roadrules.trading.imc.intra": no start line
18:30 debian112 can pillar data, retrieve pillar data?
18:30 _prime_ and minions that won't talk to the master as a result
18:30 Ryan_Lane I'd add an issue anyway
18:30 iggy debian112: no
18:30 Ryan_Lane upstream may be able to reproduce
18:30 iggy debian112: at least not sanely... so better off not trying
18:30 debian112 iggy: figured
18:30 Ryan_Lane if they don't know about it, they can't fix it :)
18:31 iggy I've had less than great luck opening issues without a nauseating amount of detail
18:31 Ryan_Lane other people may have the same issue and be able to reproduce
18:31 zadock joined #salt
18:32 dimeshake i've had great luck with submitting issues - only chimed in on a couple though
18:32 dimeshake at least get the conv started
18:33 iggy someone feel free, I'm going to waist my time going back to 2014.1 for now
18:37 analogbyte does anybody know what to make of this: https://paste.selfnet.de/Plg/yaml ? it's running state.highstate over and over again, for no apparent reason
18:39 cwyse joined #salt
18:40 murrdoc joined #salt
18:40 iggy if you kill the job, what happens?
18:45 intellix joined #salt
18:47 zz_Cidan joined #salt
18:48 Cidan joined #salt
18:49 xliiv joined #salt
18:52 _prime_ so what I'm doing is this: grep Corrupt /var/log/salt/master.badkeys | awk '{print $9}' | cut -d '"' -f 2 | cut -d '/' -f 7 | sort |uniq > /tmp/corrupt-keys.txt
18:53 _prime_ then doing an ssh for loop on the contents of the file to delete the minion keys
18:54 patarr joined #salt
18:54 patarr joined #salt
18:55 _prime_ Ryan_Lane: via /etc/init.d/salt-minion stop; rm -rf /etc/salt/pki/minion; /etc/init.d/salt-minion start
18:56 Ryan_Lane _prime_: open an issue :)
18:56 Ryan_Lane I'm not a core dev or anything
18:56 _prime_ I will
18:56 Ryan_Lane I actually don't use a master at my current job either
18:57 ekristen joined #salt
19:01 smcquay joined #salt
19:01 otter768 joined #salt
19:01 FeatherKing joined #salt
19:04 _prime_ iggy, add your two cents to please: https://github.com/saltstack/salt/issues/19061
19:05 _prime_ in particular, do you use the same version of python, zeromq, etc?
19:07 aparsons joined #salt
19:07 murrdoc cat /tmp/corrupt-keys.txt | xargs -n 1 -I {} -P 10 ssh {} "/etc/init.d/salt-minion stop; rm -rf /etc/salt/minion?* /etc/salt/pki; /etc/init.d/salt-minion restart"
19:07 murrdoc paralellistic
19:09 Tween joined #salt
19:09 Tween Howdy! Quick question on salt. When using a top file, is it possible to set context in the salt states that i will be calling?
19:10 iggy _prime_: next time "salt --versions"
19:10 Tween setting a variable basically
19:10 iggy Tween: to what end?
19:11 _prime_ iggy: modified, thanks
19:12 Tween Say i have a server and its in the prod environment, and its a webserver, i have a state that sets a variable to a git branch name
19:12 Tween but when the server is in the dev environment i want that variable to be set to master
19:12 ckng hi, how do I use composer in my state or pillar - http://docs.saltstack.com/en/latest/ref/states/all/salt.states.composer.html
19:12 Tween instead of some release
19:12 Tween Let me make a pastebin real quick
19:12 iggy Tween: you do that with environments (and possibly pillars)
19:13 aparsons joined #salt
19:15 Tween http://paste.ubuntu.com/9553374/
19:15 murrdoc setup a pillar and do jinja magic all up in it
19:16 Tween hmmm, the problem is i guess that its possible for a server to have both grains prod and dev but on different ports
19:16 Tween really those things are in a role dictionary in the grains
19:16 jngd joined #salt
19:17 murrdoc can u use the grains to make the decision ?
19:17 Tween The way we currently do it is bascially copy the webserver state to be webserver-dev and webserver-prod and have that variable as the only difference inthe file
19:17 Tween i was  wondering if there was a more elegant way to do it
19:18 iggy to mix environments on one minion... not really
19:18 agend joined #salt
19:18 murrdoc use salt-mine to collect what ports work on the webserver
19:18 murrdoc use that mine data in your templates to decide the repo u check out
19:18 Tween Mixing environments isn't really the question, I'm wanting to pass variables from the top file to the state files that are there
19:18 iggy no
19:19 Tween okay perfect
19:19 Ryan_Lane Tween: you really want to use pillars
19:19 iggy you can't do that, otherwise we wouldn't be coming up with 20 other ways to do what you're asking
19:19 murrdoc well you could set a pillar and reload pillars
19:19 Tween we use lots of pillars
19:19 Tween and grains
19:19 Ryan_Lane you can also use environment variables
19:19 Tween i was just wondering if there was an easier way than mainitingin the two separate files
19:19 Ryan_Lane well, depending...
19:20 iggy use conditionals in one file instead of two different ones?
19:20 iggy really, we're all just shotgunning here without more info
19:20 Tween i know
19:20 Tween i know
19:20 Ryan_Lane if you need to set something from the top, pillars is what you want
19:20 _prime_ Tween: if you need heirarchical substitution (e.g. pillars set to default values for everyone, then overridden by region, data center, role , etc) you might want to take a look at Pepa.  It's a standard part of 20014.7.0 and works with 2014.1.x as well.   We use it all the time for all kinds of complex dictionary data.
19:20 Tween I appologize, i don't really have the option of posting the state file
19:20 Ryan_Lane since there's also a top for pillars
19:21 murrdoc the same logic you do in state
19:21 murrdoc can be done in pillars
19:22 Tween Right, alright I'll dig into my structure a little more, also _prime_ thanks for the nudge towards pepa, looks interesting
19:22 Tween thanks for the ideas everyone.
19:23 iggywig123 joined #salt
19:26 ckng hi, how do I use composer in my state or pillar - http://docs.saltstack.com/en/latest/ref/states/all/salt.states.composer.html
19:28 whiteinge _prime_: catching up on the scrollback. did you get your salt-api question answered? the interface for the REST API and the interface for the Python API have definitely not changed between Salt versions.
19:29 ckng in my state top.sls, composer.installed returns No matching sls
19:30 patarr joined #salt
19:30 patarr joined #salt
19:30 Jimlad joined #salt
19:30 dimeshake top.sls is not a state - you need something like a composer.sls where you do what you want, ckng
19:31 pdayton joined #salt
19:31 dimeshake and then you would map the composer.sls to your minion in the top.sls
19:33 sunkist joined #salt
19:33 ckng dimeshake: right, more like this http://pastebin.com/sAhqDjM2
19:34 ckng note the indentation in pastebin is rendered wrongly
19:35 ggrieves joined #salt
19:35 ckng with that, I'm getting "ID composer.installed in SLS composer is not a dictionary"
19:36 dimeshake you need an id. You should follow the salt walkthrough to get a better handle on it all
19:38 ckng dev* is my id
19:38 dimeshake no, dev* matches minion name
19:38 ckng which id are you referring to?
19:39 dimeshake http://pastebin.com/iGmeDMu4
19:40 dimeshake id is install-composer - arbitrary text to identify that state block
19:40 dimeshake go follow the salt walkthrough
19:40 rikair joined #salt
19:41 ckng been going thru salt walkthrough no less than 10 times >.<
19:41 ckng have tried that actually, getting same error
19:42 ckng let me try again
19:42 mpanetta joined #salt
19:42 overyander in my state file, i'm needing to install something, but only if another package is installed and at a certain version. suggestions?
19:42 Ryan_Lane you're using the dev environment purposely?
19:42 Ryan_Lane ckng: ?
19:43 ckng yes
19:43 iggy overyander: onlyif?
19:44 jasonrm joined #salt
19:45 sunkist joined #salt
19:46 ckng do I need to copy the whole salt.states.composer for it to work?
19:46 iggy composer.installed does not install composer... it uses composer to install a project (from a path)
19:47 dimeshake ah! that makes more sense
19:47 overyander iggy, yes. i'm wanting to push out .net framework 4.5.1 to all of my windows minions. the install requires a reboot and I don't want to just reboot peoples workstations without some sort of warning or elapsed time period or something. i'm also wanting to deploy chocolatey. chocolatey.bootstrap will attempt to install .net 4.0 if it's not already on there. if i setup a .net 4.5.1 package in my winrepo and do a pkg.installed for that and then the next step
19:47 overyander in the highstate have chocolate.bootstrap, i'm afraid that chocolately wouldn't see 4.5.1 (since the system hadn't rebooted yet) and attempt to install 4.0 which would cause a lot of issues on the system.
19:47 iggy overyander: it's a state requisite...
19:47 iggy i.e. http://docs.saltstack.com/en/latest/ref/states/requisites.html#onlyif
19:48 ckng iggy: so how do i install composer?
19:48 iggy I really need to stop giving the short answer
19:48 iggy ckng: if you look at the docs, it's right there
19:48 forrest joined #salt
19:48 ckng dont know how to interpret the doc, unfortunately
19:49 ckng i thought that was the purpose of salt.states.composer
19:49 iggy start by copy/pasteing the example that fetches/installs composer and then installs 2 composer projects
19:50 londo joined #salt
19:51 iggy the purpose of the state is to install projects _using_ composer (vs installing the composer tool itself)
19:51 ckng iggy: sorry, still not clear to me.. "/path/to/project:" is what confused me
19:51 Gareth_ joined #salt
19:52 iggy in this case it's shorthand for the "name" option to salt.states.composer.installed
19:52 iggy a lot of people hate it (I guess I see why now)
19:52 ckng still confused, so there is no way to install composer by itself?
19:53 ckng basically i just need to write my own cmd.run then?
19:53 iggy yes
19:56 druonysus joined #salt
19:57 dimeshake ckng: something like this https://gist.github.com/renoirb/6368030
19:57 mschiff The function "state.highstate" is running as PID 30075 and was started at 2014, Dec 11 14:58:22
19:58 mschiff Seems stuck. Any chance that I can debug this to see what happened?
19:58 Ryan_Lane mschiff: is it running?
19:58 Ryan_Lane check the ps
19:58 Ryan_Lane see what it's running
19:58 Ryan_Lane I bet it's hanging on some command or sub-process
19:58 mschiff erm.. no
19:59 mschiff ah sory yes thats the minion pid
19:59 ckng dimeshake: thanks, I thought the doc is showing what's already provided, so I could reuse the get-composer and install-composer
19:59 mschiff with 129 cpu minutes
19:59 Ryan_Lane mschiff: see what processes have that pid as its parent
20:00 sunkist joined #salt
20:00 Ryan_Lane usually when a highstate hangs it's because it's waiting forever on some process
20:00 mschiff in pstree I only see two other salt-minion sub processes
20:00 Ryan_Lane you could strace the processes. not sure if that'll help
20:02 mschiff I try to strace (ps --ppid 30075 outputs nothing but the headline)
20:02 mschiff Ryan_Lane: it seems to keep reading from /dev/urandom
20:03 mschiff open("/dev/urandom", O_RDONLY)          = 30
20:03 mschiff read(30, "\\\261d\253(\2+\301\306\\]\232\302j]s", 16) = 16
20:03 mschiff the close
20:03 mschiff then
20:04 mschiff and some madvise, poll, write, select and futex calls
20:04 mschiff looks like a loop
20:06 ckng let's say I've base and dev environments, the custom state such as composer.sls which I would like to reuse, placing it under base, how do I access it via dev?
20:07 iggy all environments inherit from base
20:07 glyf joined #salt
20:08 iggy well, if you lay your top file out like most documents do
20:08 iggy err, file_roots, not top file
20:10 Mso150 joined #salt
20:15 ckng thanks for the pointer, found my issue, /srv/salt/base was not in the base file_roots
20:17 nitti joined #salt
20:21 BossR joined #salt
20:21 overyander iggy, is this correct syntax for the line under "- onlyif:"    "- pkg.installed foo_package".  or is there a different way to check to see if a package is installed to a certain version?
20:22 overyander i've create a package in my winrepo net_framework and the only version in there is 4.5.1.
20:23 iggy you might be able to put version=4.5.1 after the foo_package
20:23 iggy I'm not really sure
20:24 overyander iggy, in my use case, what would be the difference between using onlyif or require ?
20:24 iggy onlyif = do x if y state exists
20:24 iggy require = make y state exist and then do x
20:25 overyander ok, that's what i was thinking but wanted to clarify.
20:25 overyander thanks
20:28 Tahm joined #salt
20:29 ktosiek joined #salt
20:29 ktosiek Hi! Is there some simple way to setup example Salt stack?
20:29 SheetiS joined #salt
20:30 ktosiek Preferably some Vagrant setup with LXC containers for master and a few minions?
20:30 ecdhe ktosiek, my hello world was masterless vagrant.
20:30 ecdhe http://docs.saltstack.com/en/latest/topics/tutorials/quickstart.html
20:31 ktosiek hmm, masterless might be a good start
20:31 ecdhe Once I had some states that did what I want, I used vagrant to add a master and more minions.
20:32 ecdhe But I would definitely recommend masterless for getting started; it's just one less thing to manage while you're getting started.
20:32 ktosiek will do :-)
20:33 ktosiek another question: how are rolling upgrades/restarts/etc. done in Salt?
20:33 ecdhe ktosiek, that said, adding a master was no trouble!
20:33 * ktosiek is comming from Ansible, and has only slight idea about more model-based CMs
20:34 ckng have an openjdk formula to share here: https://github.com/ckng/openjdk-formula
20:34 dimeshake ktosiek: of system software or salt itself?
20:34 overyander can someone point out where i've messed up in this? here's part of the state file i just added and the errors it generates http://pastebin.com/cTt8Yqa1
20:34 cvvs joined #salt
20:35 ktosiek dimeshake: of system software
20:35 dimeshake you can target any number of minions with a specific command to update some package or use pkg.latest in a salt state
20:35 maxd joined #salt
20:35 dimeshake very flexible depending on how you want to do things
20:37 ktosiek My most complicated flow so far is for app deploy, it goes like this: for each host: take it out of LB, silence monitoring, stop the app, put the new version of app on it (without removing the old one), switch links, start the app, check if monitoring is green, turn alarms back on, put it back in LB
20:39 ktosiek where should I look for examples of similar workflows with salt?
20:39 JPaul joined #salt
20:40 cvvs I'd write a module to do it instead of using states.
20:40 Tween I'd write both modules and states
20:41 cvvs Well… yeah. :)
20:42 Tween ;) The states are very easy to write once you have your module done
20:42 ecdhe ktosiek, without writing a module, it is possible to script these things over salt instead of from within salt.
20:43 ecdhe Vanilla salt does several things very well.  It's fast, encrypted/authenticated remote command execution.
20:43 ktosiek I'm looking at execution modules... would I write a module that does the whole thing (by calling other execution modules)?
20:45 ecdhe ktosiek, if everything you need to do can be accomplished with existing modules, then you can just call them from a script.
20:45 ecdhe You might simplify your deployment by writing a module to deploy your application.
20:46 dimeshake there's also a state feature that might be helpful, prereq - which will run a state only if another state later will be run
20:47 ktosiek ok, so there's no layer for running simple series of tasks in Salt, and those are typically encoded in scripts calling salt or in modules - do I get it right?
20:47 dimeshake so the state to remove instance from LB would be a prereq to code deploy, or similar
20:47 ktosiek (I'm asking, as I don't want to look for something that's not there :-))
20:47 dimeshake http://salt.readthedocs.org/en/latest/topics/tutorials/states_pt5.html
20:48 dimeshake orchestrate might also be useful
20:50 cpowell joined #salt
20:50 ktosiek ohh, that looks cool
20:51 ktosiek hmm, wait, it's a YAML mapping, but Salt is using the file order? Aren't mappings unordered?
20:51 meylor joined #salt
20:51 dooshtuRabbit joined #salt
20:52 * ktosiek can already see it's too much to get in a 15 minute conversation, and humbly starts going through the tutorial
20:52 meylor using salt-cloud, I'm using AssociatePublicIpAddress: True, but it never gets a public IP? any suggestions on how to debug?
20:54 cvvs @ktosiek Yes, you can run it as a series of states or with orchestration.  However, Python is so ridiculously simple, as is writing salt modules, it is often easier to write a module—for me—than to write what could potentially be complex yaml, and I have no concerns about ordering. YMMV
20:56 penguin_dan joined #salt
20:57 Mso150 joined #salt
20:59 smcquay joined #salt
20:59 meylor With debug on, I see: Create network interface: {'SubnetId': 'subnet-12345678', 'DeviceIndex': 0, 'SecurityGroupId': ['sg-12345678'], 'PrivateIpAddresses': [{'Primary': True}], 'AssociatePublicIpAddress': True} passed
20:59 ktosiek where should "file_client: local" from quickstart go?
21:00 druonysuse joined #salt
21:00 druonysuse joined #salt
21:00 viq ktosiek: minion config
21:01 ktosiek where's that?
21:01 viq /etc/salt/minion
21:01 ktosiek thank you
21:02 otter768 joined #salt
21:02 aparsons joined #salt
21:03 thedodd joined #salt
21:03 karimb joined #salt
21:04 cvvs joined #salt
21:05 viq ktosiek: ages ago I did https://github.com/viq/cm-lab-salt
21:07 perfectsine joined #salt
21:07 __TheDodd__ joined #salt
21:07 vectra joined #salt
21:08 sunkist joined #salt
21:08 garthk joined #salt
21:09 _prime_ anyone else seeing this: 2014-12-17 15:03:44,126 [salt.payload                               ][CRITICAL] Could not deserialize msgpack message: In an attempt to keep Salt running, returning an empty dict.This often happens when trying to read a file not in binary mode.Please open an issue and include the following error: Unpack failed: error = 0
21:09 _prime_ running  Helium 2014.7.0?
21:10 hasues joined #salt
21:11 hasues left #salt
21:11 eagen joined #salt
21:11 giantlock joined #salt
21:12 NightMonkey joined #salt
21:12 ktosiek viq: bookmarked, will leave this for when I get through the basic tutorial :-)
21:17 hasues joined #salt
21:17 hasues left #salt
21:18 Cidan joined #salt
21:18 Cidan joined #salt
21:18 gngsk anyone here using salt virt?
21:20 aparsons joined #salt
21:20 mohae joined #salt
21:20 sunkist joined #salt
21:21 JPaul joined #salt
21:21 Tahm joined #salt
21:22 ggoZ joined #salt
21:25 mschiff Ryan_Lane: I now had this on three servers and before updating to helium this never had happened... only "killall salt-minion" helped to stop it
21:25 mschiff (though without -9 ..)
21:26 scott2b joined #salt
21:30 scott2b Hi everyone. I am VERY new here. Working on switching my organization over to salt. I feel like there is something fundamental about how formulas work that I am not understanding. Am I right in understanding that once I have added the mongodb formula to my gitfs_remotes, I should be able to include the mongodb and mongodb.mongos states in my sls files with the include "command" (terminology?)
21:31 viq scott2b: yes, you should be, though environments if you use them may get in the way
21:31 scott2b ah yes. I think that is what I am seeing
21:31 scott2b pecified SLS mongodb.mongos in saltenv stg is not available on the salt master
21:32 viq as environments get mapped to git branches, which you most likely wouldn't have in those formula repos
21:32 scott2b ah, I did not realize that. So I might need to rethink how I've structured things a bit
21:33 scott2b My top file dynamically sets the environment based on a grain. I have a prd and stg environment
21:33 Phibs joined #salt
21:33 viq A dirty trick is to have on master a git.latest state that checks them out somewhere, and add that to file_roots
21:33 Phibs I have a salt master with maybe 1000 minions, and there are 30,000 EST connections, with nothing being done right now.... any ideas?
21:33 sunkist joined #salt
21:34 JPaul joined #salt
21:34 viq An even dirtier trick is to have in your own repo clones of the upstream repositories, and manually add tags/branches there (environments map to either)
21:34 aparsons joined #salt
21:34 Phibs master is also doing ~200Mbit of traffic
21:34 scott2b Is there a better way. Do I just need to avoid using environments? Am I using environments incorrectly?
21:35 ktosiek is it just me, or are lists abused in SLS?
21:35 viq scott2b: sorry, can't help you more, time to head out
21:36 scott2b no problem. You've actually been a huge help. I did not realize that about environments. Thanks so much!
21:36 ktosiek it looks like there are lists of one-element dicts where there could be just dicts
21:39 wt joined #salt
21:39 wt Does anyone else have experiences with salt-minion locking up?
21:40 wt I use gitfs and local files for filesystem and git_pillar for pillars.
21:40 Phibs left #salt
21:40 wt That's on my master, of course.
21:40 wt But I am getting a ton of salt minions stuck
21:41 sunkist joined #salt
21:42 wt some with highstates reportedly running for days
21:43 forrest joined #salt
21:43 ckao joined #salt
21:43 JordanTesting joined #salt
21:48 Thorgrim joined #salt
21:49 seanz joined #salt
21:50 huddy joined #salt
21:52 aparsons joined #salt
21:53 Leonw joined #salt
21:53 Leonw Hi,
21:53 Leonw small question
21:54 iggy ktosiek: I wouldn't say abused, but certainly used in a way that makes things a good bit easier to read and more uniform
21:54 Leonw I devide my states on the base environment by folders. Is there any way to, on my top.sls I specify only the folder name and it would execute the top.sls inside the state folder?
21:55 ktosiek hm, so I'll just asume I'll get used to it :-)
21:55 Leonw I named the file top.sls inside the folder thinking that it would be auto-runned
21:55 Leonw but I still need to specify - state_directory.top on the main top.sls
21:56 iggy wt: that usually means something in your state isn't returning (i.e. a cmd.run yes)
21:56 Leonw where I would like to just say - state_directory
21:56 aurynn Leonw, in a subdirectory, init.sls is the entrypoint. So you can include stuff in that
21:56 iggy ktosiek: if you are familiar enough with yaml that the state files look weird to you, A. I'm sorry B. understand most people aren't
21:56 Leonw aurynn: Ha! init.sls
21:56 _prime_ iggy - how's the downgrade coming along?
21:56 Leonw aurynn: thanks a lot! :D
21:56 _prime_ any issues I should know about
21:56 aurynn Leonw, you're welcome
21:56 aurynn Leonw, this also works in pillars
21:57 iggy _prime_: not well, I think the bootstrap script has a bug (it's not installing all the dependencies required, and I can't figure out what's missing)
21:58 ktosiek hmm, that's a good point
21:58 TheThing joined #salt
21:58 _prime_ iggy - I've definitely confirmed that keys are corrupting even after they've been generated by Helium.  It's pretty ugly.  I'm also seeing "[CRITICAL] Could not deserialize msgpack message" messages, which may be related
21:59 sunkist joined #salt
21:59 iggy I get notifications on the bug
21:59 yomilk joined #salt
21:59 ajolo joined #salt
22:00 _prime_ kewl
22:07 mr337 joined #salt
22:08 wt iggy, is there a way to add a timeout to cmd.runs?
22:09 wt I'd be happy to sigalarm them after a timeout
22:09 wt However, I am also turning up the logging to get a better idea of where they are stopping.
22:10 iggy wt: see if there are any child processes of the dead salt-minions
22:10 wt there are not
22:10 wt iggy, that's a good idea
22:11 wt It is possible that the salt-minions are being restarted during a highstate.
22:13 wt like "service salt-minion restart"
22:13 cvvs Phibs, that's an impressive amount of traffic.  I've ran 400 nodes, and haven't seen anything like you're seeing.  Maybe a syndic or two would help?
22:15 wt What is the high end of the # of minions a single master can be expected to support?
22:15 iggy depends on a lot of things
22:16 iggy if you've got a single state that doesn't really do much with a massive master, probably thousands
22:17 iggy if you're like most people that have fairly complex sets of states with git backends and the master isn't your strongest box in your arsenal... probably a lot less
22:22 sunkist joined #salt
22:22 wt iggy, can a master using gitfs scale to 1000 minions?
22:22 wt Or would you think that'd have to be disabled to get there?
22:23 wt 1000 minions with a typical mix of states
22:23 iggy I think it becomes more a matter of how many git repos you use (and if there is actually a bug in 2014.7 where every worker_thread is doing the git commands simultaneously)
22:24 iggy someone reported that the other day (don't know if they actually opened a bug or not), and I think I may have something similar
22:25 cvvs joined #salt
22:27 thedodd joined #salt
22:28 sunkist joined #salt
22:29 Thorgrim joined #salt
22:29 ktosiek how are errors handled when running with -b? Would salt stop at the first failing minion?
22:30 dimeshake no - errors are per minion and generally not a hard-fail, so it'll continue with other states unless they require the failed state
22:30 dimeshake you can set a hard fail flag in the config if you prefer it fail outright but it's still per-minino
22:30 dimeshake minion*
22:31 iggy ^
22:31 ktosiek where do I set this flag? In master's config?
22:32 ktosiek found it
22:36 jhauser joined #salt
22:39 murrdoc and per state
22:42 scott2b joined #salt
22:43 yomilk joined #salt
22:44 pdayton joined #salt
22:45 manytrees hi, is http://blog.ohess.org/pub/salt-rpm-reinstall/ the recommended way to "upgrade" non-upgradeable rpms with salt?  (where the old version needs to be removed then the new version installed)
22:47 pdayton joined #salt
22:48 ryuhei when I destroy minions, sometimes salt-key doesn't get deleted but placed in unaccepted keys.. sometimes it gets deleted
22:49 mosen joined #salt
22:50 iggy ryuhei: are you sure the minion isn't still running when you salt-key -d it?
22:51 jeremyb joined #salt
22:51 pdayton joined #salt
22:51 ryuhei iggy: yup.. minions are destroyed but key stays in unaccepted keys
22:52 SheetiS if the key were deleted prior to the service being stopped on the minion and destruction happening, even for less than 1 second, this condition could happen.
22:52 pdayton joined #salt
22:53 cvvs I've only had it happen when the minion was still alive.
22:53 ryuhei my condition is odd.. when I use curl to destroy minions, key gets deleted.
22:54 ryuhei but if I use curl in php, it goes to unaccepted..
22:54 TheThing joined #salt
22:54 ryuhei using exactly the same data/argument for curl to talk to salt-api tho
22:55 iggy I'd lean more toward the minion just hadn't shut down (completely?) yet
22:56 lothiraldan joined #salt
22:58 hebz0rl joined #salt
23:02 vbabiy joined #salt
23:02 baconbeckons joined #salt
23:03 otter768 joined #salt
23:04 baconbeckons i have a large sls file that exists in file_root A. I need a version of the sls that differs by only one state in file_root B. can i make the sls in B inherit from the sls in A?
23:04 aparsons joined #salt
23:05 iggy you can put the common bits _up_to_ the first difference in a common include (or you can cheat and use jinja includes)
23:06 aparsons_ joined #salt
23:06 baconbeckons iggy: long time no talk :)
23:06 baconbeckons iggy: do you suggest one over the other?
23:06 orion_ joined #salt
23:06 iggy depends what your needs are
23:07 iggy normal salt includes are more "standard", jinja includes are probably more flexibl
23:07 iggy e
23:07 aparson__ joined #salt
23:10 baconbeckons iggy: right now, my states are in A/mystate/init.sls. can i make the common part reside in A/mystate and merge the files that reside in B/mystate so that they are all accessibly within a single mystate in what is basically a “rendered” version of the file_root?
23:13 smoothify joined #salt
23:14 iggy probably breaking it up, and using jinja includes to put it back together, but it's hard to say without more info
23:14 sunkist joined #salt
23:15 wt iggy, I filed that bug
23:15 wt the one about the gitfs fighting in the different worker threads
23:16 pdayton joined #salt
23:17 loggyer_ joined #salt
23:17 river73 joined #salt
23:18 loggyer_ guys is there a way to specify -out parameter when using self signed certificate
23:18 ryuhei iggy: do you mind comparing the logs of destroy
23:19 iggy wt: what #?
23:20 iggy ryuhei: if I had a working setup right now... I'm in the midst of cleaning up a huge mess that 2014.7 left in my lap
23:20 ryuhei aw.. ok!
23:20 wt https://github.com/saltstack/salt/issues/18875
23:22 ajolo joined #salt
23:32 sunkist joined #salt
23:38 pdayton joined #salt
23:39 iggy wt: have you ever actually seen more than 1 git process running?
23:41 baconbeckons joined #salt
23:46 aparsons joined #salt
23:47 xenoxaos joined #salt
23:47 hal58th I want to install a specific version of salt on Ubuntu 14.04 but the PPA only has the latest version. Is there a different way to get a specific version?
23:48 iggy that's a conversation I'm going to have before the next release
23:48 hal58th iggy: It does seem odd, especially when a new version might have a debilitating bug
23:48 iggy the best way I've found so far is using bootstrap and just installing from a git tag (or branch)
23:49 iggy it has several
23:49 hal58th thanks iggy
23:53 wt iggy, I don't remember. That's a good question though.
23:53 wt I don't know if I have ever seen a single git running.
23:53 sunkist joined #salt
23:53 iggy I see one or two running when I first start the master up
23:54 iggy but then I have like 12 git repos connected
23:54 wt are you using python-git
23:54 wt or git-python or whatever it is called?
23:56 baconbeckons iggy: it sounds like merging file_root directories isn’t something that exists at the salt level?
23:56 wt just caught one
23:56 ryuhei what's this ? Clear payload received with command _auth

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary