Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2014-12-22

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:00 delinquentme I can use it -- but I'm also trying to make an edit to someone elses open source code + I want to modify their code as little as possible before sending off the pull request
00:00 babilen You said that before, but I don't understand how that is even related. grains are primarily information about your minion (e.g. RAM, IP addresses, ...)
00:00 yomilk joined #salt
00:01 delinquentme babilen, except after checking the existing grains for the servers with salt '*-monitor' grains.items  ... and it has no grain for 'roles'
00:01 babilen That's because that is not a standard (core) grain
00:02 delinquentme just out of curiosity .. I know grains typically correspond to the system traits
00:02 babilen And I would argue that grains are the wrong place for "roles" (despite the fact that they are often used for that)
00:02 delinquentme is it a bad practice to insert traits which don't pertain to system traits?
00:02 delinquentme got it :D
00:03 delinquentme then in that case: this is a graphite-formula listed in the salt stack repo
00:03 delinquentme should I overwrite this with a more standardized / generalized implementation?
00:03 babilen But to get you going: Read http://docs.saltstack.com/en/latest/topics/tutorials/index.html#states and write a state (SLS file) in which you *use* grains.present. That way you learn how to wrie and use states.
00:04 _one_ joined #salt
00:06 babilen My argument regarding grains for roles is essentially: You would want to save them in an authoritative place in a secure manner. If you are trying to decide if certain data should be made available to a minion you shouldn't ask the *same* minion for authorisation. It's like: "Hmm, do you want to know $secret" and the minion is then saying "yeah, I guess".. Anybody who can tinker with the grains can get *any* information you target by grains.
00:06 babilen And I would be strongly opposed to see any targeting based on grains in formulas
00:07 pdayton joined #salt
00:09 delinquentme https://github.com/saltstack-formulas/graphite-formula/blob/master/graphite/init.sls#L4
00:09 delinquentme so thats a bad practice
00:14 delinquentme babilen, ^
00:14 delinquentme and "  you shouldn't ask the *same* minion for authorisation "  <this seems like its some kind of design patter
00:14 delinquentme any idea if theres a formal name for that?
00:22 aurynn principle of least privilege
00:22 babilen anti-pattern you mean?
00:22 aurynn letting a node determine what it can see is pretty scary
00:23 babilen delinquentme: And yes, I consider that bad practive
00:23 babilen *practice even
00:24 babilen formulas shouldn't force the usage of grains, but should leave the targeting entirely to the user
00:26 delinquentme I like this channel :D
00:26 delinquentme you guys are bamfs ~=]
00:26 delinquentme aurynn, +1 babilen +1
00:27 aurynn :)
00:30 TyrfingMjolnir joined #salt
00:30 cberndt joined #salt
00:32 rhand joined #salt
00:35 Mso150 joined #salt
00:36 andrej_ Why woould the number of minions listed in manage.up differ from the number listed in manage.status under up?  I get 61 from manage status, but 39 from up ...
00:37 mschiff joined #salt
00:38 babilen sardonic humour
00:38 babilen (sorry, it's late. all the best!)
00:38 * babilen &
00:38 diegows joined #salt
00:46 mgw joined #salt
00:47 pdayton joined #salt
00:50 otter768 joined #salt
00:52 bhosmer joined #salt
00:52 TyrfingMjolnir joined #salt
00:57 delinquentme babilen, while you're still here.. just one more question: https://github.com/saltstack-formulas/graphite-formula/blob/master/graphite/init.sls#L8-L34
00:57 delinquentme this package install method:  does that actually work? I cant seem to find it anywhere + it sure doesn't install the packages now that I matched their "roles" grain structure
01:06 glyf joined #salt
01:07 hasues joined #salt
01:07 hasues left #salt
01:11 aqua^mac joined #salt
01:11 torment joined #salt
01:17 TyrfingMjolnir joined #salt
01:21 brianfeister joined #salt
01:31 cberndt joined #salt
01:31 yomilk_ joined #salt
01:41 murrdoc joined #salt
01:46 Ryan_Lane joined #salt
01:48 pdayton joined #salt
01:52 murrdoc joined #salt
01:59 Singularo joined #salt
02:01 bhosmer joined #salt
02:02 yomilk joined #salt
02:02 mdupont joined #salt
02:04 TyrfingMjolnir joined #salt
02:05 murrdoc joined #salt
02:10 malinoff joined #salt
02:12 mgw joined #salt
02:12 mgw joined #salt
02:14 diegows joined #salt
02:15 brianfeister joined #salt
02:16 running joined #salt
02:26 TyrfingMjolnir joined #salt
02:30 xenoxaos joined #salt
02:32 bhosmer joined #salt
02:34 Mso150 joined #salt
02:36 nitti joined #salt
02:40 CheKoLyN joined #salt
02:42 StDiluted joined #salt
02:51 otter768 joined #salt
02:56 dude051 joined #salt
02:57 dude051 joined #salt
02:59 ajolo joined #salt
03:06 ajolo joined #salt
03:21 scooby2 joined #salt
03:30 catpig joined #salt
03:37 TheThing_ joined #salt
03:37 one joined #salt
03:39 one can someone point me to an example /srv/ content setup using pillars, environments and formulas? I've been trying to set it up for two days, but switching from a simple base setup to an environment aware setup never seems to work well
03:39 metamike joined #salt
03:40 CheKoLyN joined #salt
03:41 one it's mostly top.sls duplication and the inability to find the sls files when highstating for the minions i'm stuck at
03:45 TheThing joined #salt
03:47 Furao joined #salt
03:50 xenoxaos joined #salt
03:53 ndrei joined #salt
04:04 yomilk_ joined #salt
04:11 stooj joined #salt
04:12 __number5__ one, do you have multiple top.sls? just use one in base environment and delete all others, this will save you lots of troubles
04:12 __number5__ actually two top.sls, one for pillar, one for states
04:13 rogst joined #salt
04:15 delinquentme install-deps
04:16 delinquentme is this an action in salt?? I cant seem to find it
04:16 evidence joined #salt
04:16 Ironhand joined #salt
04:17 goal joined #salt
04:19 phil_ joined #salt
04:20 harkx joined #salt
04:21 __number5__ delinquentme: sounds like a good id :) (it's not salt builtin states)
04:22 delinquentme https://github.com/saltstack-formulas/graphite-formula/blob/master/graphite/init.sls#L8
04:22 delinquentme __number5__, so how does that even work then?
04:23 __number5__ delinquentme: yep, that's the id, pkg is the state, and installed is the action/function
04:23 __number5__ http://docs.saltstack.com/en/latest/ref/states/all/salt.states.pkg.html#salt.states.pkg.installed
04:25 delinquentme __number5__, interesting so "install-deps" is an ID ... not an id pertaining to a node type ... but instead something else
04:26 delinquentme wait is it?  ... so then a minion is just called install-deps ?
04:26 __number5__ it's an id you can
04:26 __number5__ 'required' in other states
04:27 __number5__ this is a state file, don't have much to do with minion
04:27 delinquentme what do I need to search to read more about using these?
04:27 delinquentme is this like something I'd put in a highstate call?
04:28 delinquentme $ salt '*-monitor' install-deps
04:28 delinquentme ?
04:28 __number5__ read the tutorial http://docs.saltstack.com/en/latest/topics/tutorials/starting_states.html
04:28 __number5__ and more is here http://docs.saltstack.com/en/latest/topics/tutorials/index.html
04:30 xenoxaos joined #salt
04:33 blast_hardcheese joined #salt
04:34 yomilk joined #salt
04:36 monkey661 joined #salt
04:37 delinquentme {%- from 'salt://graphite/settings.sls' import graphite with context %}
04:38 delinquentme {%- from 'graphite/settings.sls' import graphite with context %}
04:38 monkey66 joined #salt
04:38 delinquentme sorry that last one is what the file currently has ... so everywhere else when I make a call to that formula ... I need to preface the filepath with salt://
04:38 delinquentme and then they work ... now I THINK I've read that you can ignore salt://
04:39 Ssquidly joined #salt
04:45 Ryan_Lane joined #salt
04:48 cedwards joined #salt
04:49 one what do you guys to do keep the tree organised with respect to formulas and states? I was thinking about making the file root for each env have a "states" and a "formulas" dir to keep them a bit seggregated
04:49 one left #salt
04:49 one joined #salt
04:50 one yikes, I hope nobody answered that yet, accidentally closed the wrong IRC tab :p
04:52 otter768 joined #salt
04:55 chiyu joined #salt
04:58 mdupont joined #salt
05:00 dimeshake one: formulas in /srv/formulas, states in /srv/salt for me
05:04 yomilk_ joined #salt
05:04 cpt-oblivious_ joined #salt
05:05 ntropy joined #salt
05:06 lazybear joined #salt
05:06 ponpanderer joined #salt
05:07 ktosiek joined #salt
05:09 mrtrosen joined #salt
05:09 keekz joined #salt
05:09 _sifusam_ joined #salt
05:09 tempspace_ joined #salt
05:09 _Flusher joined #salt
05:10 mlanner_ joined #salt
05:10 nkuttler joined #salt
05:10 nhubbard joined #salt
05:10 dstokes joined #salt
05:10 palantir joined #salt
05:11 wintamute joined #salt
05:11 ropes_ joined #salt
05:11 ponpanderer joined #salt
05:11 freelock joined #salt
05:11 eXistenZNL joined #salt
05:11 djinni` joined #salt
05:12 crazysim joined #salt
05:12 eagles0513875 joined #salt
05:17 monkey66 left #salt
05:18 ckng joined #salt
05:21 stooj joined #salt
05:24 cedwards I have what might be a simple python question, but it's related to a custom grains module.
05:24 cedwards I've written a custom grains module that imports a library to connect to our internal CMDB.
05:25 cedwards I've dropped both the module and the library in the _grains/ directory, but Salt is choking on importing the library.
05:26 cedwards how can I not import the library directly in Salt, but still deploy it alongside the custom grain module
05:26 __number5__ cedwards: what's the errors you have?
05:27 cedwards __number5__: http://pastebin.com/KUc5hd7c
05:29 __number5__ cedwards: those are python syntax errors, you need to at least make your custom grains syntax correct :P
05:30 __number5__ I assumed that 'fun' is your class, it needs two more args, e.g. ret = fun(arg1, arg2)
05:31 __number5__ good time to catch up a bit on the python side
05:32 cedwards my class is 'class WebApiClient(object):'
05:32 cedwards the library code should be valid. I was previously importing it from a different path and it worked.
05:33 cedwards after doing more testing I felt it might simplify deployment to distribute it via _grains/
05:34 cedwards I don't disagree that I may still need some catch up on the python side though
05:34 cedwards and maybe I've had a few too many Jack & Coke today :P
05:37 budman joined #salt
05:38 felskrone joined #salt
05:40 avizeke joined #salt
05:41 avizeke hey guys. new to salt. is anyone around to rpovide some information around master server install and expectatons
05:41 one salt master install: easy
05:41 one expect no or only very few issues
05:42 one recommendation: use a supported distro, use salt's repository and install from that using their tutorial
05:42 avizeke aye agreed. babys steps... my expectations however was to assume there would be a UI
05:42 one the first steps to get master and minions up and running are very easy
05:42 one there is no UI
05:42 one halite is super alpha, better stay away from it and stick to the CLI for now
05:43 one that should not be a problem, the only things you'll be doing form the CLI is adding minions (accepting their keys) and maybe updating configuration
05:43 avizeke there are so many terminoligies with the salt stack... its beyond chef or puppet... Is there ever a UI with SS
05:43 one Halite will eventually be a production worthy UI
05:44 avizeke trying to just get a small infrastructure set up currently with 1 minion, master, and repo to git
05:44 one the easiest way to start is using a dedicated master (or a VM) and make /srv/ a git repo
05:44 __number5__ actually halite has been dropped, but there are anothoer one in the planning
05:45 avizeke so am i right in saying that there is absolutely no UI with salt
05:45 cedwards they're dropping halite? interesting.. hadn't heard that.
05:45 __number5__ s/anothoer/another/
05:45 __number5__ apparently I can't type today
05:45 one ;)
05:45 one sed in chats. it should be allowed in all forms of communication! :D
05:46 avizeke So there is no UI at all ? this doesnt make sense to me at all..
05:46 dimeshake avizeke: command line interface. it is a UI :)
05:46 one there is no GUI
05:46 one there is a CLI UI ;-)
05:46 one CLUI? :p
05:46 __number5__ new web ui would be like some js framework (e.g. angular) calling salt-api
05:47 xenoxaos joined #salt
05:47 avizeke feel like i just been kicked in the nuts. heard good things about salt, shame i have to revert to no pretty colours :)
05:48 one well, it's probably because the things you hear are from people who use puppet and cfengine and the likes form the CLI anyway
05:49 avizeke i havnt touched puppet or spoekn to anyone from that yet. chef however
05:49 one I used to do puppet with forman and it works reasonably well, but puppet and it's DSL it simply not as good as salt is, and is becoming
05:49 one so if you need some sort of GUI, and depending on your organisation you cannot start off with enterprise products, you could try foreman and puppet
05:50 one but trust me, it's hell compared to salt if you have not worked with either
05:50 avizeke when your saying its not as good, your refering to its overall performance when handling more load.
05:50 dimeshake the command line output is colored :D
05:50 one indeed :D
05:50 ramteid joined #salt
05:50 avizeke i was advised to consider this before any other. as its the most comprihensive
05:50 one well, not as good regarding the overall syntax and structure. you can learn the stuff, but there is no easing in as there is with salt
05:51 avizeke i looked at chef and wanted to die
05:51 one chef was considered to be easier than puppet by many
05:51 one or 'more powerful'
05:51 avizeke and ansible ? any thoughts around that
05:51 one did not work with that one in production, have some people at my company who like telling me how great it is
05:52 malinoff avizeke, all these tools are quite rough
05:52 malinoff avizeke, i used salt for a year, now i'm using ansible for 7 months
05:52 one but as far as i know you are either limited because you don't know how they work, or because you need to throw piles of money at their faces for a decent UI
05:52 __number5__ ansible is quite similar to salt, (python/yaml), it probably better if you are just manage one or two machine
05:52 avizeke ansible is been used by a few friends of mine and they seem to find it quite suited, plus it has a UI.
05:52 malinoff paid ui
05:52 one yep
05:52 avizeke maninoff why did you switch to ansible
05:53 avizeke seems more dev focused than ops.
05:53 one avizeke: do the walktrough: http://docs.saltstack.com/en/latest/topics/tutorials/walkthrough.html
05:53 one you can do it in simple debian or ubuntu VM's
05:53 malinoff avizeke, salt is quite unstable, and since salt (in fact) does not care about backwards compatibility, i don't have any resources to upgrade minions as soon as i upgrade master
05:54 avizeke is that the only reason for moving
05:54 malinoff that was the main reason
05:54 malinoff but i do not like the new version scheme
05:54 malinoff raet
05:54 malinoff codebase
05:55 malinoff security
05:55 mosen hi saltines
05:55 avizeke i believe that salt also has a monitoring method to its minions, in the sense of a similar approach to monit
05:56 malinoff avizeke, nope
05:56 malinoff avizeke, you have to ping to get who's alive
05:56 one it's a much heard complaint that it doesn't work off of ssh like 'the others' do, it's pretty much repeated at every conference where salt has a speaker (or saltconf itself)
05:57 malinoff one, are you talking about ansible?
05:57 dimeshake there is salt-ssh. and only ansible runs via ssh completely, as far as i know. puppet / chef have client software as well
05:57 one no, about salt
05:57 mosen I actually wanted cm with an agent
05:57 avizeke going through a conference now, moaned about the approach as they are adding an additional layer of security that its not similar than to chef or puppet /ssh
05:57 malinoff it's just a single shared aes key
05:58 dimeshake it's quite similar to puppet in the minion / master setup
05:58 one yes indeed
05:58 mosen yeah but i believe for orchestration youd have to use mcollective?
05:58 one yep
05:58 avizeke seems like ansible ... looks more appealing.
05:59 malinoff avizeke, it is simpler - that's all
05:59 malinoff you can't do complex stuff with ansible, but with salt you can
05:59 one and well, if you are getting mcollective up and running, you need hiera as well to make sense and while you are at it, foreman does a nice layer of GUI on top of that and at the end you have a full stack running and are wondering where it's gonna stop :p
05:59 one ansible: use it if you require a (paid) GUI, if you don't need complex stuff and don't have a ton of servers
06:00 one that's basically what the internet tells me
06:00 malinoff and you can wait for the execution result :) ansible is quite slow
06:00 malinoff "no changes" execution in my setup takes more than 5 minutes sometimes
06:01 dimeshake avizeke: this is a thorough article on ansible / salt comparison moving away from puppet
06:01 one i've been reading up on the cm packages for a bit because i'm simply to tired of puppet and it's fat ass requiring multiple servers to do larger setups and having it's strance topology system
06:01 dimeshake http://ryandlane.com/blog/2014/08/04/moving-away-from-puppet-saltstack-or-ansible/
06:02 dimeshake puppet is obtuse. what we'd been workin on in puppet for more than a year i had replicated in salt within about 2 weeks
06:02 one yep
06:02 one puppet is like a guy who eats at mcdonalds 3 times a day and uses a segwag because he can't walk anymore.
06:02 one segway*
06:02 malinoff dimeshake, don't forget to say that this article written by https://github.com/ryan-lane?tab=activity
06:03 dimeshake aye
06:03 malinoff so this article is a little bit preconceived
06:03 geekatcmu dimeshake: that's actually pretty unfair.
06:03 one i'm transferring from puppet to salt much faster than i expected too, i just have to change my idea on how environments and inheritance is done
06:04 geekatcmu Lots of the work you put into Puppet was "figure out what all this CM stuff is about and how it fits in my environment."
06:04 dimeshake that is true, geekatcmu
06:04 geekatcmu I've done Puppet, cfengine, and package/depot, and now I'm working with salt.
06:04 one indeed.
06:04 dimeshake i'm sure a refactor of the puppet stuff would've done us good as well
06:04 geekatcmu Salt has some neat stuff, sure.
06:05 geekatcmu But, until you get your head wrapped around Salt's way of doing stuff, cfengine2 is *way* faster to get up to speed in.
06:05 geekatcmu Of course, it's also vastly less capable.
06:05 one yep, but if you have puppet history, a lot of the other stuff is way faster to get up to speed in
06:05 geekatcmu OTOH, cfengine is a much better choice if, for instnace, you believe there's more than one Unix (Linux) out there.
06:06 geekatcmu Salt's FreeBSD support is ... lacking.
06:06 geekatcmu tru.
06:06 geekatcmu Really, if you have *any* declarative CM history, you'll get up to speed pretty fast in any other declarative CM.
06:07 geekatcmu Though I have to admit I just wasted an *entire* day trying to do something elegant in salt ... which can't be done.
06:07 __number5__ luckily all my system can be locked down to same version of same distro...
06:07 dimeshake yeah and you'll notice that any job postings related to CM basically say "experience in something like puppet /chef etc.."
06:07 dimeshake because there are a lot of similar idioms among them all
06:07 malinoff geekatcmu, you won't find any elegance in ansible too :)
06:08 geekatcmu My ansible experience is quite minimal.  I've done some trivial orchestration bits with it.
06:08 __number5__ not in any configuration management tools...
06:08 one my systems are locked down to one distro as well, tho we have for example oldstable, stable and testing running side by side in separate environments, but since it's the same distro (debian) and many of the appliction specific bits don't differ between them we have no issues there
06:09 geekatcmu But, for example, one thing that's trivial to do with Puppet is generation of firewall rules (for Solaris, Linux, and FreeBSD).
06:09 one yes, but pupet + pfSense = cry all day :p so firewall rules with puppet for systems that aren't firewalls do work, but on firewalls it is ugly as hell
06:10 malinoff ha, firewall, ansibles head said that "we don't need a module to work with iptables, just use shell"
06:10 geekatcmu Maybe if you're trying to do something complex.
06:10 mosen one: im also coming from puppet :)
06:10 one but in the case of pfSense, it might be their fault.. could be that m0n0wall or vyatta does a better job
06:10 ckng Hi, is there a state to move a whole folder, like file.managed but just want to duplicate the whole folder
06:10 Eugene ckng - file.recurse
06:10 ckng Eugene: bingo, thanks
06:11 geekatcmu I'm tring to do simple things like "this is an internal app, so allow 80/443 to the internal network", "that's external API, so allow port XXXX to the internet", and be able to mix-and-match
06:11 one I simply decided not to update our firewall procedures and wait for our firwall distro to have a nice API (pfSense's next release will have it)
06:12 dimeshake the iptables formula seems to be mostly serviceable
06:12 dimeshake but of course, linux only for that one
06:12 geekatcmu I have about 20k hosts that are directly connected to the internet, about 75% of which are FreeBSD.  Host-based firewalls are not optional.
06:12 one of course only linux ;-) because pf isn't easy like iptables :p
06:13 one true, host-based firewalls for edge devices or direct-connected devices are definitly not optional
06:13 geekatcmu ipfw is almost as easy as iptables
06:13 one yeah, you have a point there
06:13 * __number5__ wish every firewall is like AWS Security Groups...
06:13 geekatcmu Particularly if you overlook the functionality that has no counterpart in Linux.
06:13 one switching from puppet to salt is like switching from nagios to zabbix :p
06:14 malinoff one, the next step is switching from zabbix to graphite :)
06:14 geekatcmu I sure hope not, because switching from Nagios to Zabbix was trading flexibility for regidity.
06:14 geekatcmu The *only* thing Zabbix brings to the table anymore is a "nice" API.
06:14 geekatcmu Sure, vanilla Nagios is a PITA.
06:14 xenoxaos joined #salt
06:14 one yes, but I only learned about graphite after zabbix was done and the budget and time allocated to monitoring switching was depleted
06:15 one true, you have better sauces for nagios to make it work
06:15 geekatcmu But if you want to see what Nagios can do, look at http://omdistro.org
06:15 geekatcmu Out-of-the-box good interface, integration with all of the tools that make Nagios better.
06:15 one OMD is based on suse right?
06:15 geekatcmu No.
06:16 one ah, well, I just say zypper and thought: SuSE.
06:16 one saw*
06:16 geekatcmu omd is *just* a single .deb/.rpm that cointains Nagios/pnp4nagios/checkmk/multisite/icinga/and tother stuff I can't rmemember.
06:16 one ah
06:16 geekatcmu There's a zypper package, too.
06:16 one i guess the zypper line is the installer for suse
06:16 geekatcmu yep
06:17 felskrone1 joined #salt
06:17 one (i only quickly tabbed it open for a sec)
06:17 geekatcmu The DB backend for Zabbix makes scaling really hard.
06:17 one yes
06:17 aquinas joined #salt
06:17 one and failover isn't pleasing either
06:17 one you pretty much have to employ carp or vrrp to make it work decently
06:17 geekatcmu Failover isn't terrible if, like us, you end up doing all your monitoring via proxies.
06:18 one or the HA / heartbeat setup you can use for services that have no HA built in
06:18 one yes, I use proxies as well
06:18 geekatcmu The proxies keep monitoring while the server fails over
06:18 geekatcmu And then the firehose starts up!
06:18 one come to think of it, the only monitored system in zabbix that isn't poxied is the zabbix server itself
06:18 geekatcmu yep
06:18 geekatcmu Sounds familiar
06:19 gfa joined #salt
06:19 geekatcmu One of the things I do to make Zabbix work better for us is what I call hybridized checks.
06:19 geekatcmu Looks like a standard Zabbix agent check, returns an easy-to-get, *fast* result.
06:20 one so it doesn't run a agent side process or command?
06:20 one because the only 'faster' checks i've done so far is simply caching the answers and having the agent report whatever is in the cache
06:20 geekatcmu Then forks and uses zabbix_sender-like functionality to fire off all the rest of the data in the template (so, for instance, one zabbix agent check services itself plus 900 MySQL items set up as trapper items)
06:20 gfa heelo, i want to pass an string which contains a % as a pillar var
06:20 gfa but jinja does not like it and eats everything from % to the end of line
06:21 one jinja is a hungry mongrel
06:21 dimeshake try {{ yourvariable|e }}
06:21 dthorman joined #salt
06:23 gfa dimeshake: that | is a typo? mine string is http://blabla:8774/v2/%(tenant_id)s should i set as http://blabla:8774/v2/|%(tenant_id)s
06:23 dimeshake the |e is piping to escape
06:23 gfa sorry i don't get it
06:23 gfa ok i will try
06:23 dimeshake no - you do it with the variable
06:24 dimeshake or you're having trouble just assigning the variable?
06:24 gfa i'm not sure if the problem is assining or consumming
06:24 gfa letme check
06:24 dimeshake try using |e on the variable
06:25 dimeshake in your template or sls block - wherever it's being used
06:26 thehaven_ joined #salt
06:26 gfa pillar.get gets the contents right, i will test what you say
06:30 andrej_ joined #salt
06:31 gfa nope is not working
06:32 dimeshake so i found this as well - it may be a whitespace issue
06:32 dimeshake http://stackoverflow.com/questions/21153986/how-to-escape-special-characters-in-a-jinja2-macro
06:33 gfa http://pastebin.com/6dicbjr1
06:33 gfa i tried with and without spaces
06:35 dthorman joined #salt
06:35 gfa wait
06:35 yomilk joined #salt
06:36 gfa fuck it was me, the pipe did it
06:36 swingswgin joined #salt
06:36 gfa dimeshake: thanks!
06:37 dimeshake woot!
06:37 swingswgin could anybody help me with syndic?
06:38 swingswgin I run test.ping on masterofmaster ,there is no result
06:39 one here's an answer that doesn't help you at all: I'm sorry, I have no experience with syndic yet :D
06:39 swingswgin :P
06:40 dimeshake can the lower level syndic masters test.ping their clients?
06:40 swingswgin yes
06:40 dimeshake can the top level master test.ping the syndics?
06:41 swingswgin no
06:41 swingswgin but the top level master can see the key of syndics
06:42 catpigger joined #salt
06:42 dimeshake the keys appear as accepted?
06:42 swingswgin of course
06:43 swingswgin I see http://docs.saltstack.com/en/latest/topics/topology/syndic.html#configuring-the-syndic
06:44 rtuin joined #salt
06:45 swingswgin the top master config: order_masters: True ,syndics: syndic_master: top master ip
06:48 dimeshake i think the top level syndic shouldn't have its own syndic_master - not 100% sure
06:48 dimeshake you might play with syndic_wait on the top level master and increase that a bit
06:49 swingswgin yeah,I set syndic_wait to ten
06:49 dimeshake i haven't used syndic beyond testing a single one briefly
06:49 arno joined #salt
06:49 dimeshake not sure i've got any more ideas for ya
06:51 swingswgin :(
06:52 tmh1999 joined #salt
06:52 dimeshake start the syndic daemon on one of the servers with -l debug maybe
06:52 dimeshake and see if it's even getting events
06:52 swingswgin ok,I try now
06:52 otter768 joined #salt
06:55 swingswgin there are some error like "TypeError: pub() got multiple values for keyword argument 'user'"
06:57 ttrumm joined #salt
07:03 rhand joined #salt
07:07 swingswgin I find top master version and syndics's master is different
07:08 one this is where salt rocks (pun definitely intended): breaks between versions! :p
07:10 swingswgin maybe ,I try again now
07:11 felskrone joined #salt
07:11 one quick sanity check, i've distilled my file_roots into this: http://pastebin.com/frNUGywD
07:12 one and have my top.sls only in base's env
07:13 one so this way, everything inherits one level down from base to dev
07:13 one and since formulas are shared, they get the lowest line for every env in order to always be searched last
07:13 one correct?
07:13 swingswgin :o
07:14 rtuin joined #salt
07:15 felskrone1 joined #salt
07:17 trikke joined #salt
07:18 swingswgin is the program seach the top.sls is from top begin?
07:19 one well, in my case, I have 4 environments and a base that covers everything outside of those envs
07:19 one the search path as far as i'm aware of (documentation says so) is from top to bottom per env
07:20 one it basically means that for example a dev environment inherits everything from the other environments
07:20 ttrumm joined #salt
07:20 one beause it first searches its own directory for states
07:20 one but if it can't find it there, it goes down to the next (in my case: test) and then the next etc.
07:21 one for formulas, it does the same, since it's essentially a SLS that needs to be located
07:23 swingswgin got it
07:25 JlRd joined #salt
07:30 flyboy joined #salt
07:31 gfa i'm getting my node ip from a grain, using a cidr as filter, my_ip: {{ salt['network.ip_addrs']('cidr=10.12.0.0/16') }}
07:31 gfa i would like to take the cidr from a pillar, but it fails, syntax error. is that possible or am i dreaming?
07:34 rm-rf_ joined #salt
07:34 nafg_ joined #salt
07:42 swingswgin pillar[args][args],not pillar[]()
07:45 rtuin joined #salt
07:47 ttrumm joined #salt
07:49 rtuin joined #salt
07:54 nkuttler joined #salt
07:56 Furao joined #salt
07:57 saravanans joined #salt
08:03 slafs joined #salt
08:04 slafs left #salt
08:05 lb1a joined #salt
08:07 swingswgin can cp.get_file  restrict target directory?
08:13 trikke joined #salt
08:14 gfa i'm trying to do something dificult, i want to fill a var using the ip for br-eth1, that interface is made up by a previous state which converts eth1 to br-eth1. if i run state.highstate it will blow up because br-eth1 does not exists
08:15 gfa i would set an if using jinja if br-eth1 does not exists use eth1 but blows anyway. any way i can workaround it?
08:16 swingswgin how about grains?
08:17 gfa http://pastebin.com/NQH2s4bn
08:17 gfa i'm using grains to get the ip
08:18 gfa http://pastebin.com/EUsPBZ2z state file and error log
08:18 delinquentme so say I've got a github project to setup a bunch of saltstack infrastructure. State files and pillars
08:19 delinquentme at current the project is called "inf"  ... inside inf I have a dir called salt
08:19 atbell joined #salt
08:19 delinquentme should my state dir + files and pillar dir + files be saved inside that salt dir ?
08:20 gfa delinquentme: them should be saved inside the dir you setup in /etc/salt/master as file_root or gitfs_root
08:21 one or if you are feeling exotic today, plug stuff in to /etc/salt/master.d/ and enable includes, if will make you feel special! :p
08:21 delinquentme gfa, that is within the system that they're deployed on
08:21 delinquentme Im asking about the arrangement within the repo that stores all that infrastructure code
08:22 one explain your tree a bit better
08:22 swingswgin first ,use "salt '*' grains.items ",look your vars
08:22 one do you have /inf/salt/salt and /inf/salt/pillar ?
08:22 delinquentme true, it can be totally arbitrary, so long as the system its deployed on has the state files + pillars where they're specified to be in the /etc/salt/master
08:23 delinquentme one, no I have /inf/salt/master /inf/salt/minion   /inf/salt/top.sls  and a yet unestablished place for the pillars
08:24 delinquentme i guess I could do /inf/salt  /inf/pillars    and inf/formulas
08:24 delinquentme then move all of those to /srv/ on deploy
08:24 delinquentme that sounds pretty simple ... no ?
08:25 one I would suggest plugging them in one directory and copy the contents over, or keep them in your project and drop a configuration update in to the master/minion config
08:25 one depending on your deployment system, you might be able to do a pre-deployment that sets up salt and then have salt take over
08:26 delinquentme yeah thats currently what im doing
08:26 delinquentme pre-deploy setups configs for google cloud etc etc and moves all of the state files to /srv ... and places the master config file in /etc/salt/master
08:26 one it's pretty much like provisioning
08:27 one the problem you're facing is basically configuration management provisioning
08:27 one which in turn is part of configuration management :p
08:27 one it's a bit of a paradox
08:27 * delinquentme .
08:27 delinquentme so do we divide by zero or start chanting OHMs
08:27 delinquentme ?
08:28 one yeah
08:28 one that would work
08:28 one set up a few wifi hotspots in a pentagon just to be sure
08:28 one and light some candles
08:28 one also: if you can get images with salt packages preinstalled, or deployment templates or google vm's with salt built in (or aws etc.), you might be able to use salt-ssh to fix it up
08:29 one so it would be like: provision OS, salt-ssh the rest in, then use the master/minion as normal
08:34 rm-rf joined #salt
08:35 delinquentme LULZ
08:35 * delinquentme facepalm
08:35 delinquentme things wern't behaving because I had defined a custom grain called 'role'
08:35 delinquentme and the formulas were testing for a grain: "roles"
08:35 delinquentme plural.
08:35 delinquentme lol
08:35 delinquentme so thats like 3 hours of work
08:36 delinquentme what do you guys say in a situation like this?
08:37 one i usually just go to bed at that point :p
08:38 one i had something like that two days ago where i misspelled multitail (maultitail :p ) and had to debug for hours because i kept skipping over the typo
08:41 one also, drinking some coffee while crying inside and stroking your beard helps
08:44 delinquentme LULZ
08:44 delinquentme it works
08:44 delinquentme went from 9 rules to 41
08:44 delinquentme hahahaha
08:47 jrluis joined #salt
08:49 one left #salt
08:51 TyrfingMjolnir joined #salt
08:53 otter768 joined #salt
08:56 ttrumm joined #salt
09:00 tmh_ joined #salt
09:03 Mindfart joined #salt
09:18 Furao joined #salt
09:22 dotz joined #salt
09:22 Mso150 joined #salt
09:31 StDiluted joined #salt
09:49 agend joined #salt
09:55 saravanans joined #salt
10:02 StDiluted joined #salt
10:05 Roee joined #salt
10:05 Roee Hi All
10:05 Roee Have a quesion
10:06 Roee currently i have one top and one pillar files
10:06 Roee do you know if i can use multiple pillar files ?
10:07 giantlock joined #salt
10:08 Roee Let's say that my top is separated to servers and I would like that each server will have its own pillar
10:08 jhauser joined #salt
10:08 Roee (using pillars to manage versions in my server, and each server have a different versions)
10:12 CeBe joined #salt
10:14 saravanans joined #salt
10:15 Flusher joined #salt
10:22 Bolle_ joined #salt
10:26 giannello joined #salt
10:27 goudale joined #salt
10:27 goudale hello #salt
10:27 goudale How can I exhaustively iterate over all minions in a template ?
10:28 Furao goudale: use salt mine
10:28 goudale At this time, I use the publish command, but it doesn't guarantee that all minions responded
10:29 goudale Furao: nice, thanks :)
10:31 goudale can I set allowed function in my top pillar ?
10:31 Furao I wrote a state to send to master mine data straight from my .sls :)
10:34 axxeth joined #salt
10:35 bhosmer_ joined #salt
10:36 scott_w joined #salt
10:36 axxeth hello :)
10:38 goudale am i suppossed to restart minions after adding functions to salt mine ?
10:39 StDiluted joined #salt
10:39 Furao goudale: you mean change the /etc/salt/minion* config file?
10:39 goudale Furao: yes, but I actually edited a global pillar
10:41 ganes joined #salt
10:41 ganes hi
10:41 Furao if you have a salt minion formula and changed pillar and need to render /etc/salt/minion , you have to restart the minion
10:41 Furao salt check config files only at startup
10:42 Furao https://github.com/bclermont/states/blob/master/states/salt/minion/init.sls#L37
10:43 ganes can we create sls file for provisioning server in cloud providers, any template is there
10:43 ganes not in cmd line
10:43 ganes any script available for provisioning server ...
10:44 ganes pls anyone help me
10:44 Furao ganes: create a salt cloud formula and manage cloud providers from there
10:44 Furao this is what we do
10:44 Furao providers are defined in pillars
10:44 ganes thats wat i am asking any  templates or any samples
10:45 __number5__ there is s3 file server
10:45 J-Dog joined #salt
10:45 ganes Furao, pls send any sample link...
10:46 Guest83059 Anyone know how to use requirements files with pip.install? Can't seem to get the syntax right.
10:47 Bolle_ Hey there, as I understand the peer communication so far, it is possible to choose a command and allow a group of minions to execute this between each other. But this way every minion within this group can execute this command  on each other. Is it possible to exclude servers from this? I would like to be able to let the icinga server do an active check on all othe minions without allowing every minion the same vice versa.
10:47 Furao ganes: I have a consulting company with a large codebase of formulas and many things to fill missing parts of salt (such as salt cloud), if you want you can hire us :P
10:48 ganes sure
10:49 Bolle_ Guest83059: Do you use variables which you imported from your map.jonja file?
10:50 scott_w joined #salt
10:50 scott_w joined #salt
10:50 Guest83059 No. I'm literally trying pip.installed with argument requirements: /path/to/requirements in a salt state -- also thanks for taking interest.
10:50 Furao Guest21526: i find it’s better to use file.managed on a requirement file and then use cmd.wait or module.wait on pip.install on that managed file
10:51 Furao Guest21526: https://github.com/bclermont/states/blob/master/states/sentry/init.sls#L37
10:51 saravanans joined #salt
10:54 otter768 joined #salt
10:55 StDiluted joined #salt
10:56 ganes Furao : any updates???
11:02 NikolaiToryzin joined #salt
11:03 lionel joined #salt
11:03 toddnni joined #salt
11:04 giannello joined #salt
11:07 diegows joined #salt
11:13 fredvd joined #salt
11:21 badon_ joined #salt
11:24 jonatas_oliveira joined #salt
11:27 Bolle_ joined #salt
11:27 kalessin joined #salt
11:30 CeBe joined #salt
11:36 badon joined #salt
11:41 NikolaiToryzin joined #salt
11:42 Guest83059 Furao: how does the module.wait function work?
11:44 Furao Guest83059: http://docs.saltstack.com/en/latest/ref/states/all/salt.states.module.html#salt.states.module.wait
11:46 dotz joined #salt
11:52 bhosmer_ joined #salt
11:54 CeBe joined #salt
11:54 giannello kiorky, ping
11:56 nebuchad` joined #salt
11:57 flebel joined #salt
11:58 TyrfingMjolnir joined #salt
12:00 Cottser|away joined #salt
12:17 bhosmer_ joined #salt
12:20 thehaven joined #salt
12:21 Yoda-BZH joined #salt
12:32 Furao joined #salt
12:33 TyrfingMjolnir joined #salt
12:35 bhosmer joined #salt
12:36 felskrone joined #salt
12:54 JlRd joined #salt
12:55 ssmithisme joined #salt
12:55 otter768 joined #salt
12:56 ssmithisme Is anyone around?
13:07 bhosmer joined #salt
13:09 TheThing joined #salt
13:22 cedric_ joined #salt
13:22 cedric_ hello
13:23 eliasp hi
13:24 cedric_ i've a little question
13:25 cedric_ i've discovered salt not long ago and i'm actually doing some digging about a few things
13:26 one joined #salt
13:26 cedric_ If i have 10 or 20 servers, and i want to add packages based on multiple criteria, should i use groups/grains/pillars ? Or a Mix of the 2/3 ?
13:26 one all of them!
13:26 one groups: for when a group is a specific thing
13:27 one grains: for when you need to act based on minon-specific data
13:27 Furao and role, mine, etc
13:27 pjota joined #salt
13:27 eliasp don't use grains to do major decisions… grains can be assigned by a minion itself, so this could lead to leaking sensitive data to minions
13:27 one indeed
13:27 one pillars is for sensitive stuff
13:27 eliasp just use grains for things like "install 32 or 64bit version of $software"
13:27 pjota hi everyone
13:28 one grains is for making sure you install the right stuff. i.e. not install arm binaries on a sparc cpu
13:28 giannello cedric_, if I understand correctly, you want a way to "target" a command to specific nodes, right?
13:28 one and if a minon decides to give out the wrong grains: hah, poor minon.
13:29 one I have a question myself; if I want to select a specific Debian release to make sure the right package is installed (i.e. pgsql 9.1 vs 9.4), can that be done with salt['grains.filter_by']
13:29 one because right now, i can't filter any deeper than say Red Hat vs. Debian vs. Arch
13:30 pjota salt has similar tool like kitchen in chef?
13:30 eliasp one: sure, see 'grains.items' for all available grains on a minion
13:30 Furao one: most simple way is to use use pkg.latest and depends on postgresql-server
13:30 eliasp pjota: https://github.com/simonmcc/kitchen-salt
13:30 Furao which itself requires postgresql-server-$version
13:30 pjota eliasp, thanks
13:30 morsik pjota: doesn't 'kitchen' is running commands on remote servers?
13:31 cedric_ giannello , well i've a top.sls file with a couple ot things to install  ( for exemple, antivirus, ftp, specific stuff) and if i'm doing a salt '*' state.highstate i wanted salt to know what packages servers get or not based on groups or grains
13:31 one eliasp+Furao: thanks, that makes way more sense than the stupid things I was trying because of my puppet history.
13:31 cedric_ 'of' not 'ot'
13:31 giannello cedric_, ok, so IMHO your best shot would be to use custom grains, set in /etc/salt/grains or /etc/salt/minion
13:32 Furao but if you need more complex logic just use {% if grains[‘keyname’] == whatever %} iin your .sls
13:32 Furao or use a python dict that map os release and pkg version
13:32 giannello and in the topfile define something like 'role:webserver' or 'role:database', match:grains, and define the states you want to be applied
13:32 Furao cedric_: for this i suggest you use roles
13:32 pjota morsik, kitchen is a tool for test in chef
13:33 giannello so when you execute highstate on '*', each minion will get only a specific set of states
13:33 Furao i personally create a roles/$rolename/init.sls that include low level formulas and I have a pillar that list what roles each minions have
13:34 yomilk joined #salt
13:34 cedric_ ok, thx for the answers, i'm still in a "discovery state" and sometimes differences between pillars and grains are difficult to grasp...
13:35 giannello personally I use the following custom grains: dc, location, vpc, az, application_environment, applications and roles
13:35 eliasp cedric_: well, pillars are mostly used to store sensitive data which are then handed out to minions only where needed
13:35 eliasp cedric_: while grains are information exposed by a minion to the outside
13:35 giannello "grain" is anything a server _is_, "pillar" is anything a server _should know_
13:35 giannello that's how I use them
13:36 eliasp yeah, good explanation
13:36 Furao cedric_: pillars come from the master and are managed by humans, grains come from the minion and should be considered static such as kernel release, amazon ec2 instance name, python version, etc
13:36 cedric_ Well it's as they said :p there's many ways to do what you want to :p
13:37 giannello in my setup, with those bunch of grains (set via salt-cloud to all the nodes) I can easily target, e.g., 'G@dc:aws and G@location:ireland and G@vpc:production and G@roles:webserver'
13:38 one It's pun-o-clock: Salt rocks.
13:38 giannello and do *something* on all the webservers in that specific location
13:38 giannello and I use the same targeting concepts in my topfile
13:39 giannello and you can use the same targets to create groups, to have a "shortcut" for targeting
13:40 giannello remember to use the "compound" matcher in your topfile/commandline if you use the G@whatever syntax ;)
13:43 cedric_ Ok, many thanks for all the answers, since i'm new to this i'll start with specifics groups + roles i guess, i'll try to keep things simple :)
13:44 bhosmer joined #salt
13:46 saru11 joined #salt
13:47 karimb joined #salt
13:47 saru11 I'm writing a custom external module where I need to cache data from external metadata service
13:47 saru11 for dumping and loading pillar data into salt cache I use pickle module
13:48 Furao saru11: you should use data module
13:48 saru11 I'm curious do I need to take care of concurent pillar calls when dumping data to a file?
13:49 saru11 I mean do I need to have a locking in place so before pillar data is dumped to cache file or ont?
13:49 saru11 is it built-in salt module?
13:49 Furao saru11: http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.data.html#module-salt.modules.data
13:50 Furao saru11: don’t be concerned with concurrent pillar call
13:50 housl joined #salt
13:50 Furao unless you have a custom extern_pillars module that lock somehow
13:50 fredvd joined #salt
13:51 saru11 hmm, what about speed - pickle vs salt.modules.data?
13:51 saru11 you know I prefer to dump/load data really quickly
13:51 saru11 and pickle or cPickle can do that
13:52 saru11 I looked at s3 ext module as an example, any example of salt.modules.data usage from ext pillars?
13:52 Furao modules.data use something faster and smaller than pickle
13:52 Furao but i didn’t bench
13:54 saru11 but it is an execution module, not sure how it could be used in pillar module
13:55 cpowell joined #salt
13:55 Furao you can use module in ext_pillar but the execution will be on the master not the minion
13:58 ajolo joined #salt
13:58 mapu joined #salt
13:59 mapu left #salt
14:00 yomilk joined #salt
14:07 mikkn joined #salt
14:11 overyander joined #salt
14:17 gngsk joined #salt
14:19 sr4f joined #salt
14:19 interociter joined #salt
14:20 nitti joined #salt
14:22 racooper joined #salt
14:23 NikolaiToryzin joined #salt
14:24 interociter Hi.  What's the best way to restart all those spawned salt-master daemons in ubuntu?
14:24 Eliz_ joined #salt
14:25 giannello service salt-master restart
14:25 giannello the worker processes are started by the main master process
14:26 interociter salt-master isn't a service unfortunately
14:26 overyander i have an if statement in my state. it always seems to return false, and there isn't a reference to it in my debug log on the minion. how can I check to see what exactly is happening?
14:26 Furao interociter: how it’s not a service? is there an /etc/init/salt-master.conf ?
14:27 Furao you installed it trough pip?
14:27 interociter the main master process == /run/salt-master.pid?
14:27 interociter I installed from source
14:27 Furao you should install from ppa
14:27 interociter i have my reasons
14:28 Furao you should then add an /etc/init/salt-master.conf and start it trough upstart
14:29 interociter thanks, I'll try that
14:31 saravanans joined #salt
14:31 cads joined #salt
14:35 jaimed joined #salt
14:38 mpanetta joined #salt
14:38 rypeck joined #salt
14:38 perfectsine joined #salt
14:39 murrdoc joined #salt
14:42 racooper joined #salt
14:46 murrdoc joined #salt
14:47 ekristen joined #salt
14:53 jonbrefe joined #salt
14:54 murrdoc joined #salt
14:56 otter768 joined #salt
14:56 dotz joined #salt
14:57 Deevolution joined #salt
15:01 murrdoc joined #salt
15:05 ggoZ joined #salt
15:09 murrdoc joined #salt
15:14 thawes joined #salt
15:17 overyander i have an if statement in my state. it always seems to return false, and there isn't a reference to it in my debug log on the minion. how can I check to see what exactly is happening?
15:19 murrdoc any chicagoans here
15:19 Guest16685 Currently also struggling to set roles. I've tried working through this: http://docs.saltstack.com/en/latest/topics/tutorials/states_pt4.html and put the role as a statement in my vagrant file, but it's not resolving
15:20 Guest16685 My top.sls contains base : \n  {{pillar.get('website')}}: \n     -python
15:21 dude051 joined #salt
15:22 dude051 joined #salt
15:30 budman joined #salt
15:32 monkey66 joined #salt
15:34 tmh1999 joined #salt
15:35 jmccree joined #salt
15:46 Ozack1 joined #salt
15:48 felskrone joined #salt
15:52 budman joined #salt
16:01 iggy Guest16685: try putting that in a gist or something (with more context)... but at a quick glance, you don't understand how top files work
16:01 Guest16685 More than likely.
16:02 Guest16685 iggy: Could you give me a quick one-liner to kick me in the right direction please
16:02 iggy what is "website" in your pillar?
16:03 Guest16685 so 'website' is a key in a dictionary. It's supposed to be there to set up a particular vm for a particular site.
16:05 iggy yeah, I think we really need to see more context of what you're working with... post as much code as you feel comfortable posting (we obviously don't want you getting in trouble with employers, but the more the better)
16:05 iggy protip: gist allows multiple files in a single paste so you don't have to put 40 url's in here
16:05 Guest16685 iggy: apologies, I'm new to this. Where's the most sensible place to put it.
16:06 iggy you mean where to paste? gist.github.com is a good one (there are plenty, just don't use pastebin.com)
16:06 _JZ_ joined #salt
16:09 Guest16685 iggy: https://gist.github.com/jontyneedham/e6d615b5e8e32610d7de
16:10 Guest16685 iggy: hope that's enough -- let me know if not.
16:11 kermit joined #salt
16:17 pjota joined #salt
16:24 fredvd joined #salt
16:25 thedodd joined #salt
16:26 iggy Guest16685: what about your pillar? do you just want python state run if you website key exists? or does it need to match something?
16:26 saru11 joined #salt
16:26 iggy and you can't use jinja in top files
16:27 mpanetta iggy: Since when?  I have successfully used {{saltenv}} in top files...
16:27 mpanetta Granted, that is the extent of the jinja I have used there, but it is still jinja...
16:28 iggy top files aren't like standard state files, they are just a mapping
16:28 iggy I've not seen any example of jinja use in top files
16:28 mpanetta Yeah mapping of states to minions.
16:29 murrdoc its not recommended
16:30 pdayton joined #salt
16:31 mpanetta I have something like this: https://gist.github.com/anonymous/33589b161ab2cd9365ac
16:31 saru11 I'm writing a custom pillar module. when I executes on a minion salt-call pillar.items I can see in the master log file that the module is called twice! ok, so I have created another module which writes a timestamp to a file with every ext_pillar call. what a surprise when I can see two entries there!
16:31 elfixit joined #salt
16:32 murrdoc mpanetta:  now thats cool
16:32 saru11 anybody has an idea what may the cause of this? why is it called twice and not just once?!?
16:32 murrdoc why do u need to do that
16:32 murrdoc uh mpanetta
16:32 toastedpenguin joined #salt
16:32 mpanetta Because we have several environments that only have differences in pillar
16:32 iggy saru11: probably something is forcing a module_reload
16:33 mpanetta So the topfiles for each env would be the same
16:33 murrdoc and *: * doesnt work
16:33 iggy ^
16:33 iggy was just typing that out
16:34 saru11 iggy: could you please elaborate on that a bit?
16:34 CeBe joined #salt
16:41 theologian joined #salt
16:41 Guest16685 iggy: it's only a  barebones at teh moment -- trying to get something working before I add more state in. Do I need to add a pillar sls file with this?
16:42 Deevolution Anyone know if it's possible to have an execution module return periodic output(I have something that runs quite a long time and I'd like it to be able to output progress)?
16:43 saru11 ok, so when I call salt-call pillar.items, the module is called twice, when I try pillar.raw or pillar.get KEY, it is called just once
16:43 wangofett joined #salt
16:44 eliasp Deevolution: the most sane way to do this would be, to call a returner module (http://docs.saltstack.com/en/latest/ref/returners/) from within your execution module
16:44 saru11 but when I call a state with state.sls STATE the pillar seems to be refreshed but again, the module is calle twice, why this happens?
16:45 Deevolution eliasp:  I'll check that out.  Thanks!
16:45 saru11 tested on 2014.7.0 version
16:46 wangofett Hey, does anyone have any articles to read (or experience) about upgrading/downgrading versions (i.e. automating deploys) using Salt? I guess what I'm  really curious about is if it's typical to have salt manage the deploys or if salt typically calls off to other solutions or some other solution
16:46 andrew_v joined #salt
16:46 eliasp wangofett: do you refer to salt itself or to general software/pkg deployment?
16:47 acti0nman joined #salt
16:48 TheThing joined #salt
16:51 wangofett eliasp: so for example, we develop some software solution and have some servers that we want to put it on. Obviously we're going to upgrade this solution. And I'm guessing that at some point we're going to make a mistake and need to downgrade whatever we install.
16:51 wangofett eliasp: I wasn't sure if anyone really uses Salt for this, or if they just use Salt to initially provision the server with whatever deployment packages they've got
16:51 wangofett and then do the upgrade/downgrades out of band
16:52 iggy saru11: is it a problem? fwiw, you could end up having it called more than twice in a run... you need to prepare for that
16:52 eliasp wangofett: do you build native packages (deb,rpm, …) of your software or does it come with its own deployment mechanisms?
16:52 iggy Guest16685: you want to key off a pillar, so... yeah... you're going to need to set up some pillars
16:53 saru11 iggy: depends ..., if I access some external metadata service/API it will generate two times more of requests to access it
16:54 monkey66 left #salt
16:55 iggy it's a necessity... what if your pillars changed based on something in your states (f.ex. you install git and all of a sudden your git ext_pillar starts working)?
16:57 otter768 joined #salt
16:57 Guest16685 iggy: I guess I don't understand what a pillar is either. I thought it was a state you could a assign data to and it would determine what the minion did.
16:57 Guest16685 In a way like grains don't.
17:01 eliasp Guest16685: pillars are stuff you don't want to hardcode into your states…
17:01 delinquentme joined #salt
17:01 pdayton joined #salt
17:02 murrdoc pillars are fun
17:02 Guest16685 eliasp: What's the correct way to do role management then?
17:02 murrdoc they are configs for salt
17:02 murrdoc define roles as grains
17:02 murrdoc and definite pillars to match roles
17:02 mpanetta Grains are insecure :(
17:03 murrdoc well enc is better
17:03 murrdoc but if u cant keep a host to role mapping anywhere else
17:03 murrdoc then grains ftw
17:03 Guest16685 murrdoc: My issue is that I want to chuck up difference sites with only minor changes to the vagrant file.
17:04 mpanetta murrdoc: Put it in ext_pillar keyed off the minion id :)
17:04 murrdoc enc == external node classifier
17:05 murrdoc same thang
17:05 Guest16685 mpaneta: My understanding is that minion ids have to be unique. I do't want Bob the monkey to have to be changing that every time he wants to change the colour of the front page on the site!
17:05 mpanetta They do have to be unique
17:05 murrdoc you are probably doing masterless salt
17:05 Guest16685 As in changing the state.
17:05 murrdoc for the vagrants
17:05 murrdoc i hope
17:06 mpanetta Why would anyone change the minion id to change a config?
17:06 murrdoc do you expect your devs to re use the vagrants for different sites ?
17:06 Guest16685 murrdoc: why would I be doing masterless salt?
17:06 mpanetta You change the pillar to change the config
17:06 murrdoc ignore that question
17:06 Guest16685 murrdoc: yes, with slight changes; probably scripted
17:06 murrdoc do you expect your devs to re use the vagrants for different sites ?
17:06 murrdoc ok
17:06 murrdoc than yes, listen to panetta
17:07 murrdoc uh mpanetta
17:07 Guest16685 I don't want Bob the monkey to touch the pillars.
17:07 mpanetta You touch the pillars
17:07 Guest16685 I want the pillars to sort everything out. Hence the gist I posted above.
17:07 mpanetta The salt master maintainer touches the pillars
17:08 Guest16685 We don't have an appropriate person as Bob the monkey can come in  well out of software hours and we can't work remotely.
17:08 atbell joined #salt
17:08 Guest16685 So I envisage something like $vagrant_wrapper <my_site>
17:09 murrdoc if you have the option of proviing them a vagrant file per site
17:09 Guest16685 Gets Bob the monkey a working dev environment to change the colour to blue.
17:09 murrdoc i recommend packer
17:09 mpanetta Well, then use grains if you like, but someone could change them if the gain root access to the master and spoof another role.
17:09 mpanetta er not master
17:09 mpanetta minion
17:10 Guest16685 But the base machines will all be clones of one machine and live in our cloud server.
17:10 murrdoc yes
17:10 Guest16685 So the grains will be the same no? I'm sure you're right and I'm trying to understand what you're saying, but I can't see the solution yet.
17:10 mpanetta The only grain that can be trusted is the minion-id, since the minion key is tied to that
17:11 Guest16685 yes. New minion id for each vbox that's chucked up and then provisioned.
17:12 _JZ_ joined #salt
17:14 one joined #salt
17:15 one joined #salt
17:16 xt joined #salt
17:16 xt salt '*' pkg.upgrade_if_installed ntp <-- why doesn't this exist? how do you guys solve?
17:18 rm-rf joined #salt
17:19 eliasp xt: you can simply do a {% if 'ntp' in salt['pkg.list_pkgs'] %} ntp:\n pkg.latest\n {% endif %}
17:20 xt and I guess I can run that from commandline
17:20 iggy I imagine most people just pkg.upgrade
17:20 budman joined #salt
17:20 xt ugh :)
17:21 eliasp yeah, for CLI the easiest solution… ;)
17:23 wangofett eliasp: right now... almost neither. We've got .war files, but part of my current job is to fix some pretty big messes that previous devs created ;)
17:25 eliasp wangofett: *.war files are just Java server applications which need to be dropped into a specific directory to be picked up by Tomcat (or whatever application server you use), right?
17:26 eliasp wangofett: what application are you running?
17:27 eliasp s/application/application server/g
17:27 xt eliasp: suggestions on how to run template from CLI?
17:28 eliasp xt: state.template
17:28 eliasp xt: http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.state.html#salt.modules.state.template
17:28 xt state.template_str ?
17:28 KyleG joined #salt
17:28 eliasp xt: depending on whether you're using a template file or provide the template directly on CLI as param
17:29 stephas joined #salt
17:29 eliasp I have to leave now… will be back in ~14h
17:31 xt ah, it expects a dict
17:31 xt not yaml
17:31 wendall911 joined #salt
17:32 hal58th joined #salt
17:32 rm-rf joined #salt
17:34 aparsons joined #salt
17:34 rm-rf joined #salt
17:36 pdayton joined #salt
17:39 rikair joined #salt
17:43 JasonSwindle joined #salt
17:43 gngsk joined #salt
17:45 KyleG joined #salt
17:45 KyleG joined #salt
17:46 aparsons joined #salt
17:47 rm-rf joined #salt
17:48 druonysus joined #salt
17:48 druonysus joined #salt
17:51 nafg_ joined #salt
17:55 Bolle joined #salt
17:56 anotherZero joined #salt
17:59 TheThing joined #salt
18:04 forrest joined #salt
18:06 TheThing joined #salt
18:07 jnials joined #salt
18:07 spookah joined #salt
18:17 aparsons joined #salt
18:21 overyander I've found http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.chocolatey.html but I'm wondering if there's a state for it or if i have to use it with module.run ??
18:24 rap424 joined #salt
18:26 Morbus joined #salt
18:32 iggy if I were to guess (I have no inside knowledge), I'd guess it was meant to be used in overstate/orchestrate calls
18:33 dimeshake or does the pkg state pick up on it?
18:33 dimeshake nope. no __virtual__ for pkg in the module
18:33 iggy no, on windows it uses win_pkg
18:34 dimeshake gotcha. i've not used salt with windows
18:34 monkey661 joined #salt
18:34 druonysuse joined #salt
18:34 iggy oddly, me either, but people ask questions about it a lot
18:36 dimeshake haha
18:36 SheetiS iggy: if you chat in here a lot, people automagically ask you questions.  Comes with the territory.
18:36 SheetiS Obviously you know a lot about salt, so you must know _all_ thing salt ;-)
18:37 overyander i'm pretty sure chocolatey doesn't use win_pkg on windows. win_pkg uses the local winrepo http://docs.saltstack.com/en/latest/topics/windows/windows-package-manager.html  while chocolatey uses it's own repo and powershell commands are ran locally on the minion to resolve deps and install/uninstall
18:37 schlueter joined #salt
18:37 iggy I don't think anyone... ever... has accused me of talking too much
18:38 iggy (and in fact, most people would prefer I talked more... especially exes)
18:39 SheetiS iggy: not saying you talk too much.  Just saying you are fairly active in #salt, and people see that ;-)
18:40 UtahDave joined #salt
18:41 Mso150 joined #salt
18:42 hal58th I try to get more active in here but I just don't have the time.
18:43 ecdhe hal58th, I often wonder how folks like Ryan_Lane do it...
18:43 ecdhe I mean, doesn't he have a job?
18:44 bhosmer joined #salt
18:44 saravanans joined #salt
18:45 hal58th Yeah, works for lyft too.
18:46 schlueter joined #salt
18:46 loggyer joined #salt
18:46 JasonSwindle UtahDave: Yo
18:47 UtahDave hey, JasonSwindle!
18:47 overyander am i missing something in this module.run state?  http://pastie.org/9794639
18:48 schlueter1 joined #salt
18:48 dimeshake UtahDave: thanks for the great class last week!
18:48 SneakyPhil hey everybody, I have installed a salt minion on a windows 2012 server but the minion is not appearing on my salt masters key list
18:49 UtahDave overyander: I think you need to move 7zip under  - arg
18:49 dooshtuRabbit joined #salt
18:49 UtahDave dimeshake: It was a great class! I'm glad you enjoyed it.
18:49 overyander SneakyPhil, verify that the "master" value in c:\salt\conf\minion matches your actual masters hostname and that the minion can resolve the hostname and verify with a ping or something
18:49 UtahDave SneakyPhil: also, check that the salt-minion service actually started.
18:49 SneakyPhil overyander: that has been confirmed and it can successlly ping and telnet to the salt master management ports
18:50 murrdoc joined #salt
18:50 SneakyPhil UtahDave: you got it
18:50 SneakyPhil :| well, thanks guys!
18:51 SneakyPhil I'd rather go back into my linux hole than windows world
18:52 thedodd joined #salt
18:52 hal58th I'm excited for the training at saltconf. Just read over that you can take the SCCE exam at no extra cost besides the training?
18:52 pdayton joined #salt
18:53 stoogenmeyer_ joined #salt
18:53 UtahDave hal58th: The trainings are going to be great.
18:54 iggy UtahDave: you know if the talks accepted for SaltConf have been notified?
18:54 UtahDave I'm not sure, iggy.  Did you propose a talk?
18:54 iggy I did
18:55 UtahDave cool.  Let me go ask if they've sent out notifications yet or not. What was the title of your talk?
18:56 iggy uhh... I don't have that information handy
18:57 murrdoc joined #salt
18:57 UtahDave that's fine.
18:57 UtahDave just a min
18:58 otter768 joined #salt
18:58 overyander UtahDave, thanks, that set me on the right path. If anybody else is wondering the solution was http://pastie.org/9794661
18:59 SneakyPhil overyander: you're deploying chocolately to all of your windows boxes too?
18:59 overyander yes
18:59 SneakyPhil haha
18:59 SneakyPhil that's my eventual goal as well
18:59 overyander using chocolatey to keep the pesky things like flash and adobe reader updated
18:59 UtahDave ah, overyander, glad you figured it out.   sorry, I didn't have the exact answer for you
19:00 overyander no problem. i'll remember it better now that i had to look it up
19:01 overyander i know a definitive answer can't be given on this, but what would be an approximate turn-around time for this https://github.com/saltstack/salt/issues/19137 ?
19:02 overyander SneakyPhil, if you're using salt in an AD environment you'll want to keep tabs on the status of https://github.com/saltstack/salt/issues/19137 as well
19:02 overyander i submitted that last friday
19:03 UtahDave overyander: Hm. I'd really like to get that in soon, but I keep getting pulled away to work on customer projects.  At this point I'd like to get it in mid January
19:04 overyander that'd be awesome. not trying to rush or anything. i was assuming by the end of jan.
19:04 eagles joined #salt
19:04 Ryan_Lane joined #salt
19:06 SneakyPhil oh wow you manage workstations with this too?
19:06 SneakyPhil can I PM you?
19:06 overyander sure
19:06 otter768 joined #salt
19:08 iggy unless it's sensitive info, you should probably just talk it out in here
19:09 iggy there seems to be quite a few people interested (at least tangentially) in Windows stuff
19:11 dimeshake agreed
19:13 spookah joined #salt
19:13 MarkMarine joined #salt
19:14 murrdoc joined #salt
19:16 SneakyPhil ok
19:16 overyander for those of you interested... http://pastie.org/9794693
19:18 dimeshake anyone running salt minions on OS X?
19:19 SneakyPhil anybody using a windows salt minion to return the status of a windows backup service cmdlet?
19:20 dani_ joined #salt
19:20 murrdoc joined #salt
19:20 dimeshake thanks for sharing that paste overyander
19:21 dani_ Hello folks. Currently I am able  to use salt-api with cherrypy and everything works as expected... I can consume API such as /minions, /hook, / login etc... But /keys returns me 404. Does anybody has every seen it?  I followed this doc http://docs.saltstack.com/en/latest/ref/netapi/all/salt.netapi.rest_cherrypy.html#keys
19:21 eagles joined #salt
19:21 overyander np, always glad to share what i've learned and how i'm trying to do things. i think using salt this way is the greatest thing since sliced bread
19:22 iggy SneakyPhil: you generally can't rely on getting useful info back from commands and then acting on that in salt
19:22 dimeshake yeah we have so many remote employees that it's looking like an excellent way to tie everything more together
19:22 murrdoc overyander:  start blog, make post, …. profit
19:22 dimeshake i don't do a lot on the desktop side at my job (thankfully), but my desktop guys might appreicate salt as a tool too...
19:23 overyander that's what drew me to it. we have over 300 remote systems that will never see an office until the manager decides to let IT have the system back. (this company is also a little weird in regards to IT authority)
19:23 dimeshake us, too
19:23 jalbretsen joined #salt
19:25 iggy #ThingsNotToSayInYourSaltConfTalk
19:27 murrdoc joined #salt
19:27 overyander ?
19:29 iggy critiquing your company
19:30 dimeshake heh
19:30 iggy at least for me, I know my boss is going to watch that video (_if_ my talk gets accepted)
19:32 murrdoc whats your talk gonna be
19:32 murrdoc and what video
19:34 iggy I thought they were all recorded (I've seen quite a few vids from last years, so maybe not all of them, just the "big names")
19:34 iggy my talk is loving titled "how to use salt to not suck"
19:35 murrdoc not suck what
19:35 murrdoc :D
19:35 iggy at life?
19:36 kermit joined #salt
19:36 iggy I just thought this company was kind of interesting in that it wasn't shoehorning salt into an existing infrastructure... all from scratch
19:37 iggy so salt actually had some impact on the way the company works (instead of the other way around)
19:37 Ryan_Lane @UtahDave when will accepts/declines be sent for talk submissions?
19:37 saravanans joined #salt
19:37 Ryan_Lane no clue why I'm using @ in irc
19:38 hasues joined #salt
19:38 dimeshake #irc
19:38 Ryan_Lane UtahDave: I need to know whether I got any talk accepted before I register/book flights
19:39 iggy #IFeltLameFillingOutMySaltConfApplicationBecauseIDontTwitter
19:39 hasues left #salt
19:39 iggy Ryan_Lane: lol, that's why I asked earlier... going to do the pre-conf training if I end up talking
19:40 murrdoc iggy:  i ll watch it
19:40 forrest Ryan_Lane: The deadline was what? Last week or the week before? Probably won't know for at least a month :\
19:40 murrdoc utah is pretty around that time too
19:40 Ryan_Lane that's going to make flights a lot more expensive
19:41 Ryan_Lane deadline was 10 days ago
19:41 ecdhe Is paying your own way to talk at a conference the industry standard?
19:41 iggy it was supposed to be mid-november, but I guess, yeah, they extended it
19:41 iggy ecdhe: depends on your employer... some help a lot, some help a little, some don't help for shit
19:43 JasonSwindle forrest: yo yo yo
19:43 forrest Oh no JasonSwindle is here, he must have broken something...
19:43 JasonSwindle lol, no no
19:43 JasonSwindle just reading.... getting back into things
19:44 forrest ahh
19:44 P0bailey joined #salt
19:44 bfoxwell joined #salt
19:44 P0bailey joined #salt
19:46 Ryan_Lane I can probably get mine paid for, but it's a lot easier to deal with if I get the conference cost covered
19:46 JasonSwindle forrest: you have not used it.... try sensu.
19:46 Ryan_Lane and it's a giant pain in the ass to pay for something, then wait months to get reimbursed, depending on whether or not the conference is charging me
19:47 JasonSwindle ouch
19:47 forrest JasonSwindle: I've read about it
19:47 eagles Folks, has anybody had the same issue about using api and the URL /keys returns 404 http status? http://docs.saltstack.com/en/latest/ref/netapi/all/salt.netapi.rest_cherrypy.html#keys
19:47 JasonSwindle forrest: it is pretty nice.  I have been using it a lot.
19:48 budman joined #salt
19:48 UtahDave Ryan_Lane: The first talk acceptance notifications should be going out tomorrow or wednesday
19:48 JasonSwindle UtahDave: awesome!
19:48 JasonSwindle UtahDave: you giving one?
19:49 linjan joined #salt
19:49 budman salt dev* state.sls ntp
19:49 budman or pkg.upgrade ntp neither seem to be upgrading.
19:49 budman can someone school me up
19:49 UtahDave JasonSwindle: most likely!  I'm definitely doing a lot of the trainings, as well
19:51 budman I could just do run cmd apt-get install etc.. but just wondering if there is a SALT way
19:52 _two_ joined #salt
19:52 UtahDave eagles: does your user have @wheel   in your external_auth config?
19:53 eagles sorry, but what do you mean about having @wheel ?
19:53 _two_ left #salt
19:54 Mso150_i joined #salt
19:54 UtahDave eagles: your user you're connecting with has to have an entry in your external_auth config item in your master config and it has to have the @wheel option set
19:57 eagles weird, I can use /hook , /minions , /login everything works... only /keys returns me 404, let me check that
19:58 Ryan_Lane UtahDave: great! thanks :)
20:03 eagles my external_auth is already configured, I am considering using pam
20:03 eagles it works with the others URL, I can authenticate and to run commands
20:04 murrdoc pam ftw
20:06 JasonSwindle Ryan_Lane: I look forward to meeting up, and buying you a beer.
20:07 JasonSwindle or drink of your choice
20:08 eliasp UtahDave: I'm about to do some development regarding system.join_domain … before that, I'd like to merge the current status of modules/system.py from 2014.7 to develop… what's the correct approach to merging a single file between branches? individual cherry-picks? rebasing?
20:09 UtahDave eliasp: we usually do a merge forward from 2014.7 to develop every few days.
20:09 UtahDave eliasp: let me check if someone has done one lately
20:09 eliasp UtahDave: ah, ok… so I'll just go with current 'develop' and then later rebase when the next forward merge happens
20:10 totte joined #salt
20:10 totte left #salt
20:10 eliasp AFK for a few minutes…
20:10 UtahDave Yeah, it should show up sometime soon.
20:11 UtahDave eliasp: yeah, they're most likely going to do a merge forward today
20:12 druonysus joined #salt
20:12 druonysus joined #salt
20:15 nafg joined #salt
20:17 freelock joined #salt
20:22 freelock joined #salt
20:35 karimb joined #salt
20:36 teepark is there a way to get the pip state with a requirements file to not report a change on every highstate?
20:37 teepark do I have to just go to a stateful cmd state and write the pip command myself?
20:38 UtahDave teepark: what version of salt are you on?
20:38 teepark 2014.7.0
20:40 UtahDave hm. if it's reporting a change every time, that's most likely a bug.  Would you mind opening an issue on that?
20:42 teepark UtahDave: sure
20:45 UtahDave thanks!
20:45 UtahDave i'll be back in a bit
20:46 Ryan_Lane JasonSwindle: free beer! I'm all for that!
20:49 JasonSwindle Ryan_Lane: Squatters in SLC is amazing.
20:50 Ryan_Lane last time I went for saltconf I spent 0 time outside of the conference. was on a tight schedule to get back
20:50 Ryan_Lane maybe this time I'll have more time :)
20:51 shoma joined #salt
20:51 shoma Hi all
20:52 shoma On my syndic I get "[WARNING ] Negative timeout in syndic main loop"
20:52 shoma what's wrong?
20:52 analogbyte hi guys, I am still getting rogue jobs akin to this one on my minions: https://paste.selfnet.de/Plg/ any idea whats happening? is this a known issue?
20:52 analogbyte the job just runs over and over again, with no apparent source...
20:53 eliasp utahcon: ok, thanks a lot… will wait for the next forward merge then
20:55 desposo joined #salt
20:56 neogenix joined #salt
20:57 neogenix joined #salt
20:57 murrdoc can we specify more than one pillar direcotry to look in , like along with /srv/pillar can we do /srv/<formula>/pillar
20:57 rm-rf joined #salt
20:58 madduck I have priv+pub keypairs for all hosts on the Salt master. How can I send all pub keys (e.g. *.pub) to a host 'foobar' and have them be processed there?
20:58 madduck (each pair is being installed to the corresponding machine, and I could use grains or the mine or inter-client comms to get them, but I think this (distributing them from source) will be the most robust)
21:15 hal58th madduck I don't quite get what you are trying to accomplish. The keypairs are for minion that are already connected?
21:18 madduck yes, hal58th; they are all distributed.
21:18 madduck they are not for salt auth
21:18 madduck they are for SSH tunnels
21:19 madduck now I need to generate a central authorized_keys with all of the *.pub keys
21:19 madduck to be installed on foobar.example.org
21:19 hal58th is the hostname in the pub key name?
21:21 hal58th I think i don't quite get what you are trying to do because you can just do a state.file.recurse and just copy all the keys. If the priv keys are in the same directory, you can just use exclude_pat.
21:21 iggy analogbyte: when I've seen those, it's jobs started by one of two things... 1. reactor 2. minion config startup_states
21:22 giantlock joined #salt
21:22 * utahcon loves the occasional mistargeted comment
21:26 iggy we should get utahdave an irccloud account
21:28 LotR browser irc? you must hate him :)
21:29 analogbyte iggy: thanks for the answer... I use reactor on minion startup, which should fix itself after two times? at least the return data indicates no changes which would cause the minion to restart...
21:29 iggy #CheaperThanAVPS
21:29 analogbyte never heard of startup_states, but nice to know...
21:29 loggyer joined #salt
21:30 analogbyte iggy: I just closed up the masters firewall for that minion, and it stopped... that speaks for reactor problems though... I'll try that
21:33 rm-rf joined #salt
21:34 dooshtuRabbit joined #salt
21:41 analogbyte iggy: it seems to work :) I was just writing a bug report for my former issue, but I guess I should look into why that reactor triggered for no apparent reason and write a report for that :) thanks for the spot-on suggestion :)
21:46 iggy analogbyte: is it an issue for some reason? or you were just wondering what was up?
21:49 UtahDave joined #salt
21:49 analogbyte iggy: what do you mean? the reactor thing? it triggered with no reason visible in the return data or the logs... so it's not unlike that this is a bug
21:50 analogbyte unlikely*
21:52 iggy sure, open an issue, it sounds like something that should be corrected at some point... I was more asking if it was actually causing issues or is it just the "cosmetics" of the missing target/target-type that bothers you
21:53 loggyer joined #salt
21:53 loggyer Guys can anybody help me with this, http://pastebin.com/E2DBsbVp
21:53 rm-rf joined #salt
21:54 zmodez joined #salt
21:54 analogbyte iggy: I mean, those jobs were running like 50 times a minute, which is not only ugly but also causes some load, especially if more and more minions start having this issue...
21:55 zmodez Can any one tell me why I would periodically get "Failed to authenticate!  This is most likely..." when running salt command but other times not (typically via salt-run)
21:55 iggy loggyer: A. use something other than pastebin.com (it messes up whitespace and has annoying ads) B. {% if "a" in salt['grains.get']('kroles', []) %}
21:55 analogbyte iggy: but I agree, the target name could be set to "reactor-triggered" or something too.. would have saved me some time :)
21:56 loggyer iggy: A. will note that B. is that to be used in the pillar file ?
21:56 iggy analogbyte: ahh, yeah, I've hit something like that with a custom module, it was circularly calling itself... so yeah, sounds like 2 issues (one of which is probably pretty tough to fix)
21:57 stephas joined #salt
21:58 iggy loggyer: wait, is kroles a list or does it just look that way (in the future just paste code if possible)
21:58 loggyer iggy: it is a list
21:59 otter768 joined #salt
21:59 bezeee joined #salt
22:00 loggyer iggy: and when i run salt * grains.item it returns that way
22:01 iggy okay, you can't do it like that in your pillar then, you'll have to make it a list of dicts probably (so put a - in front of the logpaths)
22:01 analogbyte iggy: yes, I guess so too... I'll leave my reactor as it is for a subset of my minions, and wait for the problem to reoccur (it occured at a rate of maybe 1 minion per week or something until now) to look into it some more
22:01 nafg joined #salt
22:02 iggy loggyer: actually... I don't really get what you're trying to do... your 3 code snippets don't really match what you're saying or each other
22:04 loggyer iggy: Let me add some more text to it maybe for better understanding
22:05 zmodez it appears it was related to hung/defunct master processes
22:08 cpt-oblivious joined #salt
22:10 karimb joined #salt
22:10 karimb joined #salt
22:12 iggy why don't more formula's use salt.modules.config.get?
22:12 XenophonF joined #salt
22:12 XenophonF howdy yall
22:12 iggy I see quite a few formula's basically reinvent that particular wheel
22:13 XenophonF can salt.states.file.managed and friends handle file names like ~user/path?
22:13 iggy (and at the very least, the salt-formula is doing it "questionably")
22:13 iggy XenophonF: you mean for the source?
22:14 XenophonF no, for the file name on which the state's operating
22:14 XenophonF the name param
22:14 iggy don't think so
22:14 XenophonF nuts, ok, well, that's why we have formulas, right? :)
22:15 iggy what are you actually trying to achieve?
22:15 XenophonF adding some lines to a service account's .ssh/config file
22:16 XenophonF in a situation where it could live under /home on Linux, /var/something on FreeBSD, etc.
22:16 XenophonF not really that big of a deal
22:17 loggyer iggy: hope this is a little better, http://pastie.org/9794992
22:17 ggoZ joined #salt
22:18 nafg joined #salt
22:20 iggy XenophonF: it might actually
22:21 iggy XenophonF: yeah, it looks like everything in the file module uses os.path.expanduser... so you're in luck
22:21 XenophonF alright!
22:21 XenophonF i should have rtfs
22:21 XenophonF thanks, iggy
22:24 iggy loggyer: I still don't understand why you aren't pasting more of your code... I've told you at least two things wrong with your current effort
22:24 iggy {% if "a" in salt['grains.get']('kroles', []) %} in the pillar
22:25 iggy and you need to make logpaths a list (of dicts or whatever works best for you)
22:27 Ryan_Lane joined #salt
22:27 loggyer iggy: i thought pasting only the relevant code would be useful rather than being verbose...i think i didn't quite understand when you said before
22:27 loggyer let me try what you said :)
22:28 iggy loggyer: something like http://pastie.org/9795003
22:28 iggy loggyer: no, we loves verbose
22:29 diegows joined #salt
22:30 TheThing joined #salt
22:35 yomilk joined #salt
22:37 ajolo joined #salt
22:58 TheThing joined #salt
23:02 aquinas joined #salt
23:06 ckao joined #salt
23:08 mosen joined #salt
23:11 otter768 joined #salt
23:11 pdayton joined #salt
23:21 acti0nman joined #salt
23:31 budman joined #salt
23:32 kermit joined #salt
23:37 pentabular joined #salt
23:37 viq joined #salt
23:41 pentabular joined #salt
23:42 kiorky joined #salt
23:44 loggyer joined #salt
23:55 murrdoc joined #salt
23:57 TyrfingMjolnir joined #salt
23:59 Ryan_Lane joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary