Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2015-01-05

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:11 schlueter joined #salt
00:27 schlueter joined #salt
00:28 mosen joined #salt
00:28 yomilk joined #salt
00:29 tehmasp joined #salt
00:30 tehmasp has anyone gotten 'lvm.lv_present' to work w/ passing a kwarg argument like '100%FREE' to allocate all disk space available?
00:34 vbabiy joined #salt
00:41 tehmasp falling back to using cmd.run until i can see/find an example w/ lv_present to do something like "lvcreate -l 100%FREE -n datalv datavg"; will check back here in case someone better than me knows :) - cheers
00:49 mgw joined #salt
00:54 sgregory joined #salt
00:55 aqua^mac joined #salt
01:05 bhosmer_ joined #salt
01:05 eliasp is there a proper way to express "require_in: \n -pkg: *" … so I'd like to have a require_in requisite which is required by _any_ pkg state…
01:10 elfixit joined #salt
01:10 sgregory joined #salt
01:19 vbabiy joined #salt
01:34 acabrera joined #salt
01:36 bastiandg joined #salt
01:38 mgw joined #salt
01:39 aurynn hey; anyone else having problems with being unable to auth against a private registry with docker 1.4.1?
01:50 bhosmer_ joined #salt
01:54 aurynn hm
01:54 aurynn Actually, looks like I've hit a bug in docker-py
01:58 vbabiy joined #salt
01:59 twellspring joined #salt
02:03 vbabiy joined #salt
02:05 pdayton joined #salt
02:07 brianfeister joined #salt
02:10 vbabiy joined #salt
02:16 acabrera joined #salt
02:23 vbabiy joined #salt
02:27 mgw joined #salt
02:31 mosen joined #salt
02:40 Cottser|away joined #salt
02:42 dooshtuRabbit1 joined #salt
02:47 murrdoc joined #salt
02:48 twellspring joined #salt
02:56 jalaziz joined #salt
03:10 favadi_ joined #salt
03:22 hasues joined #salt
03:25 hasues left #salt
03:27 dooshtuRabbit joined #salt
03:28 yomilk_ joined #salt
03:28 twellspring joined #salt
03:30 mrtrosen joined #salt
03:31 aqua^mac joined #salt
03:38 zemm joined #salt
03:49 dooshtuRabbit joined #salt
03:53 monkey661 joined #salt
03:59 yomilk joined #salt
04:01 anotherZero joined #salt
04:08 zemm joined #salt
04:16 jalaziz joined #salt
04:22 murrdoc joined #salt
04:24 pdayton joined #salt
04:34 brianfeister joined #salt
04:42 brianfeister joined #salt
04:47 jack_ joined #salt
04:59 yomilk_ joined #salt
05:09 twellspring joined #salt
05:09 dooshtuRabbit1 joined #salt
05:13 twellspring joined #salt
05:14 dooshtuRabbit joined #salt
05:21 twellspring joined #salt
05:25 twellspring joined #salt
05:29 twellspring joined #salt
05:29 foulou joined #salt
05:38 cloudpie joined #salt
05:51 swingswgin joined #salt
05:53 fragamus joined #salt
05:55 twellspring joined #salt
06:07 kermit joined #salt
06:27 jhauser joined #salt
06:30 yomilk joined #salt
06:33 prooty joined #salt
06:35 felskrone joined #salt
06:43 prooty hello. i have a bash script which calls a salt state.sls command.
06:43 prooty when it is run the output of the commands for the state being run is not being shown. i already set state_verbose to True and state_output to full.
06:44 prooty i can only see the output of the commands when i run 'salt-run jobs.lookup_jid <jid>'.
06:45 twellspring joined #salt
06:51 prooty how can i get that output when i run the bash script?
06:53 catpiggest joined #salt
07:12 dooshtuRabbit joined #salt
07:12 akafred joined #salt
07:13 nnion joined #salt
07:17 foulou joined #salt
07:23 shoma_ joined #salt
07:31 prooty joined #salt
07:31 yomilk joined #salt
07:50 slafs joined #salt
07:50 slafs left #salt
07:52 bhosmer_ joined #salt
07:53 anybroad_ joined #salt
07:54 gspe joined #salt
07:55 trikke joined #salt
08:04 Bateau_ joined #salt
08:17 babilen prooty: Why would you want to? You are probably running into a timeout which you can set yourself with "-t"
08:17 viq joined #salt
08:18 prooty babilen: i want to confirm if the commands succeed. i'll try the timeout route, thanks.
08:18 JlRd joined #salt
08:19 fxhp joined #salt
08:21 babilen prooty: Please note that you might, at any time, run into this timeout again and that simply raising it is not really an option.
08:22 prooty babilen: do you know of a better method?
08:22 babilen That depends on what you are really trying to do there
08:25 prooty i just want to be able to see the output of the commands being run.
08:26 Rory joined #salt
08:26 mikkn joined #salt
08:28 babilen Well, no. You don't care about that, do you? You try to automate something and thought that a bash script is the way to go. During the implementation you arrived at the point that you cannot rely on $? and need the salt output to verify that that step succeeded.
08:36 zemm joined #salt
08:46 rtuin joined #salt
08:47 chiui joined #salt
08:51 hebz0rl joined #salt
08:57 kawa2014 joined #salt
08:58 hebz0rl joined #salt
09:00 zemm joined #salt
09:09 taken-1 joined #salt
09:09 taken-1 How do you run a yum update or update a particular package via the command line?
09:10 taken-1 I read the command reference
09:10 taken-1 but could not find anything for update
09:10 mortis__ anyone know why minions on debian squeeze use something like 350MB mem even tho they're not actually doing anything? (while on wheezy they use like 80MB)
09:10 babilen taken-1: http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.yumpkg.html#salt.modules.yumpkg.upgrade and upgrade_available underneath
09:12 taken-1 babilen: Can i use it to update a particular package, by passing a a package argument to it ?
09:12 babilen taken-1: I'm not too familiar with yum, but you can typically not upgrade single packages with "upgrade", but would do so with "install". Why don't you want to install all security upgrades?
09:13 babilen Note that upgrading a package with "install" might change some of its metadata which might be used by the packaging system to differentiate between automatically installed packages and manually installed ones
09:14 taken-1 I am fine with security upgrades but I don't want to update all packages
09:15 babilen Okay (just checking as your system should be configured in such a way that you only get security upgrades - and if you only had a small number of packages that you don't want to upgrade you might want to put those on hold rather then explicitly enumerating the packages that you do want to upgrade)
09:16 babilen The best course of action does, in fact, depend on your exact circumstances and I am, as of now, unable to provide further recommendations
09:18 taken-1 I understand but upgrading app servers can break applications if the code is not compatable with that new version, hence i test and only then upgrade, a particular software however may have a security upgrade and hence I would like to upgrade only that app.
09:19 felskrone joined #salt
09:19 dkrae joined #salt
09:19 babilen So you are using different sources and some of those package "untested" software that might ship more than just security upgrades?
09:20 monkey661 left #salt
09:20 taken-1 yes
09:20 babilen And you have to keep using these suboptimal repos?
09:21 taken-1 not different sources mostly only untested software
09:21 babilen But lets be more specific: If you run "salt 'someminion' pkg.upgrade_available" which packages are in there that you don't want to upgrade? Would putting those on hold be an option? (cf. http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.yumpkg.html#salt.modules.yumpkg.hold )
09:21 taken-1 yup, I think that would be the best option for now
09:22 babilen taken-1: Sorry (not too familiar with yum and the whole exosystem), but in Debianland you would *always* want to install packages from the official repositories as they, by definition, only ship security upgrades.
09:22 Puckel_ left #salt
09:22 babilen *ecosystem
09:22 babilen Hence my feeling that putting those "evil" / "third-party" packages on hold would be a better option
09:25 taken-1 I use communtiy approved and recommend repos like EPEL which contain latest versions of  software, as per the docs you need to add this repo to install Salt as well
09:25 iwishiwerearobot joined #salt
09:25 djaykay joined #salt
09:26 N-Mi_ joined #salt
09:26 N-Mi_ joined #salt
09:28 babilen taken-1: Ah, I understand. That would indeed be problematic. Maybe you can "pin" (? do you have that in Yumland?) packages from those repository to a priority that would prevent automatic upgrades?
09:32 jalaziz joined #salt
09:37 __gotcha1 joined #salt
09:37 __gotcha1 When using state.orch, is there a way to avoid some part of the state to run when other parts fail ?
09:38 __gotcha1 for instance, if an upgrade fails on a server, avoid upgrading clients
09:38 wvds-nl joined #salt
09:39 pviktori joined #salt
09:41 otter768 joined #salt
09:41 jrluis joined #salt
10:08 jgelens joined #salt
10:11 __gotcha joined #salt
10:12 alexj_ joined #salt
10:30 felskrone1 joined #salt
10:33 jalaziz joined #salt
10:45 monkey66 joined #salt
10:49 stooj joined #salt
11:02 cDR_ joined #salt
11:03 cDR_ Hi, anyone here using augeas with Saltstack?
11:16 abele joined #salt
11:22 bhosmer joined #salt
11:27 che-arne joined #salt
11:28 che-arne joined #salt
11:30 rawzone joined #salt
11:30 che-arne joined #salt
11:34 jalaziz joined #salt
11:36 imil_ joined #salt
11:36 rockey_ joined #salt
11:36 boredatwork joined #salt
11:36 davidone_ joined #salt
11:36 chitown joined #salt
11:36 active8 joined #salt
11:36 agh joined #salt
11:36 nebuchadnezzar joined #salt
11:37 Auroch_ joined #salt
11:37 __gotcha1 joined #salt
11:38 bfoxwell joined #salt
11:38 aron_kexp joined #salt
11:38 sk_0 joined #salt
11:38 sc`_ joined #salt
11:38 eightyeight joined #salt
11:39 Blacklite joined #salt
11:40 cruatta joined #salt
11:42 otter768 joined #salt
11:44 xDamox joined #salt
11:54 aqua^mac joined #salt
11:57 ganes joined #salt
11:57 ganes hey
11:58 ganes i need to know about handlers in salt stack
11:58 ganes any one pls help
11:59 ganes i need to send salt minion running status back to user !!!
12:04 babilen What have you tried so far?
12:06 yomilk joined #salt
12:08 bhosmer joined #salt
12:08 hobakill joined #salt
12:08 ganes actually  i have  masterless setup... after execute any sls file the status of salt-minion return to another server
12:09 ganes i know handlers in chef and used!! here salt hjow it is?/
12:12 ganes babilen:  ???
12:13 ganes pls
12:14 babilen What have you tried so far?
12:18 pduersteler joined #salt
12:18 nexus joined #salt
12:20 ganes sentry_handler:   dsn: https://pub-key:secret-key@app.getsentry.com/app-id
12:20 ganes this is enough ah??
12:22 babilen Well, you obviously have to adjust those values lah!
12:23 ganes where it is stored??
12:23 ganes i cant find
12:27 JlRd joined #salt
12:28 iwishiwerearobot joined #salt
12:30 tomspur joined #salt
12:31 arno joined #salt
12:32 bigl0af joined #salt
12:34 stoogenmeyer joined #salt
12:34 eliasp cDR_: if you want to use Augeas with Salt, there's a state to handle it: http://docs.saltstack.com/en/latest/ref/states/all/salt.states.augeas.html
12:35 anotherZero joined #salt
12:35 jalaziz joined #salt
12:38 eliasp ganes: you're probably looking for returners http://docs.saltstack.com/en/latest/ref/returners/
12:39 babilen ganes: Have you checked your dashboard on sentry? And what are you really trying to do and what have you tried so far? What happened when you tried that and how does that differ from your expectation?
12:44 pjota joined #salt
12:48 vbabiy joined #salt
12:53 bhosmer joined #salt
12:54 bhosmer joined #salt
12:59 iMil joined #salt
12:59 monkey66 left #salt
13:01 ganes babilen:
13:02 ganes actually  i have  masterless setup... after execute apache sls file,  status of exection  need return to another server
13:02 ganes using hanlser or any other
13:03 Corey Communication between nodes in masterless isn't really ideal, as you've probably noted.
13:08 zemm joined #salt
13:11 thawes joined #salt
13:16 aquinas joined #salt
13:23 kiorky joined #salt
13:24 toddnni joined #salt
13:24 kalessin joined #salt
13:24 NikolaiToryzin joined #salt
13:26 mordonez joined #salt
13:38 jalaziz joined #salt
13:40 yomilk joined #salt
13:40 chiui_ joined #salt
13:40 chiui_ joined #salt
13:43 aqua^mac joined #salt
13:43 otter768 joined #salt
13:44 andrew_v joined #salt
13:46 mens joined #salt
13:48 cpowell joined #salt
13:50 mgw joined #salt
13:51 jrluis joined #salt
13:52 gspe joined #salt
13:55 numkem joined #salt
13:57 frvge joined #salt
14:00 frvge @akoumjian : Is it possible to specify a different top-file when using salt in Vagrant? I want to set-up a Jenkins slave that uses a "base" installation, and then a few extra states. and a Jenkins master that has the same base installation but that also has the running Jenkins service.
14:01 frvge Everything should be usable from the save Vagrantfile. Example: vagrant up jenkins-master   and vagrant up jenkins-slave.
14:04 babilen frvge: You can specify your top file in the master config (state_top setting)
14:04 babilen And set that file in your vagrant file in master_config
14:06 vbabiy_ joined #salt
14:14 numkem joined #salt
14:14 nitti joined #salt
14:14 markizano joined #salt
14:14 mgw joined #salt
14:15 markizano anyone experiencing issues with state.sls constantly adding to /etc/apt/sources.list even though the repos are already present in the file on Ubuntu/trusty ?
14:15 markizano state.sls some-state (this state depends on a state that calls pkgrepo.managed)
14:16 markizano pkgrepo.managed will append to /etc/apt/sources.list on every state run, regardless of whether the current repos are present.
14:16 kitp joined #salt
14:16 dude051 joined #salt
14:17 markizano salt==2014.7.0
14:17 nitti joined #salt
14:19 murrdoc joined #salt
14:22 twellspring joined #salt
14:23 _prime_ joined #salt
14:23 _prime_ #gentoo-prefix
14:25 frvge @babilien, I don't run a master server. The vagrant is a master-less minion set-up. Is it then still possible?
14:25 iamtew hey guys, is there any way to get the current date in a template? I have a state that updates the /etc/motd from a jinja template, I would like to put the date and time in there so whenever I login to a machine I see when the last highstate was (I have it running on a schedule)
14:25 iamtew thanks :-)
14:25 frvge @babilen, I don't run a master server. The vagrant is a master-less minion set-up. Is it then still possible?
14:26 perfectsine joined #salt
14:26 CeBe joined #salt
14:26 babilen frvge: Check if you can pass that option to the provisioner, not sure
14:26 dynamicudpate joined #salt
14:29 ThomasJ iamtew: afaik it is not possible with jinja. However you could use the python renderer to accomplish what you want
14:29 iamtew ThomasJ: right, make a variable with the date string and stick it in the template somehow I guess?
14:29 murrdoc man there needs to be way better documentation around salt mine
14:29 mpanetta joined #salt
14:30 murrdoc i can see mine data with mine.get, but i cant get it to work in a state file
14:30 Kakwa joined #salt
14:30 ThomasJ iamtew: I havent messed much with it, but you can essentially format your entire motd in python. But there should be multiple ways you can accomplish what you want I think
14:31 iamtew ok, I'll dig in to that then, thank you
14:31 wvds-nl joined #salt
14:31 ThomasJ As a quick look at what is possible, the reverse-users formula can give you an idea https://github.com/saltstack-formulas/reverse-users-formula/blob/master/users/init.sls
14:33 kawa2014 joined #salt
14:33 bhosmer joined #salt
14:34 markizano iamtew: {{ salt['cmd.run']('date +%F/%R:%S') }} ?
14:34 racooper joined #salt
14:34 iamtew markizano: in a template?
14:34 markizano iamtew: I usually assign my values in states and pass them into my templates in the <context> dict.
14:35 iamtew ah, okay
14:35 ThomasJ Ahh, yes, that should also work. Forgot about being able to call cmd.run
14:35 iamtew also an option I guess :)
14:35 markizano for visibility from the states.
14:36 Corey Good morning.
14:39 hobakill morning Corey
14:39 jalaziz joined #salt
14:42 jeremyr joined #salt
14:43 _JZ_ joined #salt
14:45 penguin_dan joined #salt
14:47 Deevolution joined #salt
14:50 elfixit joined #salt
14:50 agend joined #salt
14:52 FRANK_T joined #salt
14:52 FRANK_T Good Morning!
14:56 lazypete joined #salt
14:56 lazypete Good morning everyone
14:56 lazypete Just a quick question, where can I file a small bug report for salt?
14:56 murrdoc ᕕ(ᐛ)ᕗ good morning everybody
14:57 bhosmer joined #salt
14:57 lazypete or at least verify that it is indeed a bug
14:58 Ligthert murrdoc: nice one. :)
14:58 numkem lazypete: https://github.com/saltstack/salt/issues but before that you could ask here what you are seeing
14:58 lazypete Well its quite simple
14:58 FRANK_T Question, I have a rpm file that I want to install but part of the installation I have to select couple of option can I do that in salt?
14:59 FRANK_T the software that I am installing is PBS
14:59 lazypete when I do this:   salt '*' --no-color --out-file=/root/kern-version.out cmd.run uname -r
14:59 lazypete the output is colored
14:59 FRANK_T when I do it manually I run the BPS and than select option 1  1 2 1
15:00 lazypete and the output file is full of meta caracter because of the colors
15:00 numkem lazypete: which version of salt do you have?
15:02 lazypete Our version is salt 2014.1.7
15:02 murrdoc you want to try output plain ?
15:03 lazypete you mean salt --output-plain ?
15:04 housl joined #salt
15:04 numkem FRANK_T: what you might want to try out is a script with expect, at least if I understand this well
15:05 numkem than the script would install and answer the questions as needed, than you just use cmd.run in your state file
15:05 nethershaw joined #salt
15:06 lazypete salt: error: no such option: --output-plain
15:07 FRANK_T numkem let me check
15:07 lazypete salt --output=plain passed but the output is still colored
15:07 eliasp isn't that "raw" or "txt" instead of "plain"?
15:07 eliasp see also: http://docs.saltstack.com/en/latest/ref/output/all/index.html
15:09 lazypete It seems these option dont override the main config file option--> color: True
15:09 lazypete eliasp il try that right away
15:10 eliasp besides that you could also suppress colors by setting the environment variable TERM to a value which doesn't support colors…
15:10 lazypete thanx eliasp the output=txt worked just fine !
15:10 eliasp ok, great ;)
15:10 cads joined #salt
15:10 SheetiS joined #salt
15:12 fragamus joined #salt
15:14 berserk joined #salt
15:15 big_area joined #salt
15:16 lazypete So should I file this as a bug report that --no-color doesnt work?
15:16 murrdoc well no color works
15:16 murrdoc it just doesnt document it right
15:19 sgregory joined #salt
15:20 Mindfab joined #salt
15:20 sgregory joined #salt
15:21 Mindfab left #salt
15:21 RobertFach joined #salt
15:21 kaptk2 joined #salt
15:22 viq_ joined #salt
15:23 mgw joined #salt
15:23 hasues joined #salt
15:23 hasues left #salt
15:25 fredvd joined #salt
15:28 thedodd joined #salt
15:30 elfixit1 joined #salt
15:31 iamtew I need some more help getting this date in to my /etc/motd, I keep getting a failure "Context must be formed as a dict" but can't figure out where I'm making it wrong
15:31 iamtew this is my state and template + the output from salt: http://fpaste.org/165816/47178214/
15:31 iamtew could anyone maybe give me a pointer on what I'm doing wrong?
15:31 twellspring joined #salt
15:31 iamtew I guess it's in the template, since the state.show_sls works fine
15:31 aqua^mac joined #salt
15:32 iggy remove the - from in front of highstate_run
15:33 babilen (which makes it a list)
15:33 iggy that makes it a list (with a dict inside of it)
15:33 iamtew *facepalm*
15:34 babilen http://docs.saltstack.com/en/latest/ref/states/all/salt.states.file.html exemplifies it in the first block
15:35 big_area anyone had luck with halite? looks like dev has stalled a bit
15:36 iggy big_area: yeah, saltstack enterprise has a pretty decent one in the works, I wouldn't expect to see much work done on halite
15:36 iggy but who knows, maybe someone is working on a follow up to it
15:36 babilen And this is the point were we all shout "boo!"
15:37 murrdoc boooo
15:37 big_area ah, ya i found github.com/tinyclues/saltpad but looks like a one man show as well
15:37 big_area iggy: any idea on a beta timeline?
15:37 murrdoc we could just write our own
15:37 murrdoc or improve on salt pad
15:37 iggy I'd never heard of that one (so that's not the one I was talking about)
15:38 rtuin_ joined #salt
15:39 perfectsine joined #salt
15:39 FRANK_T mypkgs:
15:39 FRANK_T pkg.installed:
15:39 FRANK_T - sources:
15:39 FRANK_T sorry
15:40 * babilen hands FRANK_T one http://refheap.com
15:40 jalaziz joined #salt
15:40 jngd joined #salt
15:40 pdayton joined #salt
15:41 twellspring joined #salt
15:43 hobakill guys i've been having tons of trouble with the 2014.7.0 release. i'm thinking of moving to 2015.2 but would like to know if others are using it as well.
15:43 babilen I'm not and I have encountered very few problems
15:43 racooper using 2014.7.0 from EPEL, no problems here.  anything specific?
15:44 otter768 joined #salt
15:44 babilen And such a "poll" doesn't really help you much. It would, IMHO, be much more productive to enumerate your problems and check their status in 2014.7 and 2015.2 respectively
15:44 conan_the_destro joined #salt
15:44 babilen btw, the 2015.2 naming scheme is ridiculous
15:44 hobakill point taken babilen . i just wanted to start the conversation i guess.
15:44 babilen sure
15:45 hobakill my specific problem is that there are always two or three PIDs that hang on my salt-master server and they basically render salt unusable.
15:45 twellspring joined #salt
15:45 babilen You mean that you have at least two salt-master processes running of which one is hanging?
15:45 cedwards joined #salt
15:46 StDiluted joined #salt
15:47 hobakill babilen, well i probably have 25 processes running...but yeah. two or three generally hang. and that corresponds to a list of 'bad' minions that always lose connections to the master. it's so prevelent i have an ansible script to restart that dozen or so minions .
15:48 babilen iassue number?
15:48 iggy do the minions die? just lose network connection? Tried simplifying their states to see if some part of the state is causing it?
15:48 babilen *issue
15:49 hobakill iggy, yeah the minions die. i have to service restart them
15:49 hobakill brb
15:50 babilen Does anybody know why upstream chose 2015.2 ?
15:51 iggy when you add up all the digits it equals 1
15:51 racooper maybe it's going to be released 2015-02?
15:52 iggy the date is usually the branch date (the release is usually well after that)
15:52 iggy in the case of 2014.7 it was like 5 months later
15:52 babilen racooper: Well, they might have more powerful crystal balls, but this branch naming scheme is, well, suboptimal
15:53 racooper heh. maybe I'm thinking of the ubuntu numbering then
15:53 babilen iggy: 2014.7 was the month the tag was created (which would have made 2015.2 2014.12) ... Now they used "expected release date"
15:53 iggy it kind of makes sense if you are targeting distros (you know Ubuntu will have a release in .4 that you want to make it into, etc.)
15:53 babilen I just don't get why they decided to use that rather than explicit "testing" branches that are then turned into YYYY.M[M] *once* they release (and therefore know the name of the release)
15:53 iggy when did they change that?
15:54 twellspring joined #salt
15:56 iggy I guess I should probably read the available mailing lists more regularly
15:56 babilen Well, http://docs.saltstack.com/en/latest/topics/releases/version_numbers.htm just says "The year (YYYY) and month (MM) reflect when the release was created" which makes perfect sense, but is neither adhered to for the 2014.7 nor the 2015.2 release (the former was tagged many months before the release, the latter uses powerful crystal ball magic and lets-just-hope-this-works)
15:56 luminous hello, when you try to manage a postgres database/role/etc through states. where do you put superuser connection info fro salt to use in the state definition?
15:57 iggy isn't that what other projects do? (Let's hope this works by the time we want to cut a release)
15:57 iggy luminous: in a pillar
15:57 babilen I still don't get why they don't just use a, say, "testing" (or "rc" or whatnot) branch that will become the next release and then create YYYY.MM during the release (maintenance branches)
15:57 phx here http://docs.saltstack.com/en/latest/ref/states/top.html#other-ways-of-targeting-minions when it says "- repos.epel", it's referring to the repos/epel.sls in the base file root?
15:57 luminous iggy: but you are passing those creds to the state postgres.database/etc, correct?
15:58 iggy phx: yes
15:58 babilen phx: correct
15:58 luminous babilen: that would be really nice!
15:58 twellspring joined #salt
15:58 phx ty
15:58 babilen phx: It could also refer to repos/epel/init.sls btw
15:58 iggy babilen: I would expect it to change for the next release the same way it has for the past 2...
15:58 babilen yes, so why not use a scheme that does not suffer from this problem?
15:59 luminous that would be logical
15:59 babilen It's not that hard ;()
15:59 luminous ask utahdave or thatch to make that minor adjustment?
15:59 iggy it is actually more complicated than you are making it sound
16:00 babilen I might ping them (looks as if most of upstream is still AWOL)
16:00 babilen iggy: How so?
16:00 iggy (remember there's an "enterprise" version that they have to take into account as well)
16:01 FRANK_T https://www.refheap.com/87d5389f41ee237152258bab6
16:02 iggy FRANK_T: : after .4
16:02 iggy and it's just file.managed (no caps)
16:02 FRANK_T I am trying to copy a folder from the master to the minion and i am getting this erro
16:02 FRANK_T I did changed and I get the same error
16:02 babilen FRANK_T: And in that care you want file.recurse
16:02 FRANK_T and I used file.directory
16:02 iggy did you put the : after the .4 like I said?
16:03 FRANK_T ups.
16:03 zooz joined #salt
16:03 twellspring joined #salt
16:05 big_area joined #salt
16:05 babilen FRANK_T: file.directory will just create a directory
16:06 Ozack joined #salt
16:06 twellspring joined #salt
16:06 FRANK_T babilen file.securse said
16:06 miqui joined #salt
16:06 FRANK_T Comment: 'source' parameter must be a string
16:07 thumper joined #salt
16:07 babilen FRANK_T: Please paste your entire state to, say, http://refheap.com
16:07 rlarkin 2014.7.1 ?
16:08 iggy rlarkin: "this week" (last I heard)
16:08 FRANK_T https://www.refheap.com/da5be57826128e42a30244541
16:08 babilen FRANK_T: No, not the output of the state run, but the state definition
16:08 hobakill sorry for the delay ....  any thoughts iggy ?
16:08 SheetiS1 joined #salt
16:09 rlarkin awesome.
16:09 rlarkin we're hoping to put the point release in production asap
16:09 iggy hobakill: did you check the states to make sure it wasn't something in the state causing it?
16:10 FRANK_T https://www.refheap.com/5f77ec437894cba8ae785e0f7
16:10 iggy rlarkin: after proper testing I hope...
16:10 hobakill iggy, yeah. nothing seems to link these 12 minions together.
16:10 twellspring joined #salt
16:10 viq_ joined #salt
16:10 RedundancyD joined #salt
16:11 bhosmer_ joined #salt
16:11 babilen FRANK_T: Make that "source: salt://files/PBSPro_12.2.4/"
16:11 iggy FRANK_T: - source: salt://
16:11 babilen (with the leading - naturally as exemplified by iggy)
16:12 rlarkin iggy: http://devopsreactions.tumblr.com/post/104234932963/testing-in-production
16:13 iggy rlarkin: it's just with the number of issues in .0 (and the number of changes since then)... I just know we are going to be testing 2014.7.whatever a while before we move to it
16:14 Bolle joined #salt
16:14 Bolle left #salt
16:14 rlarkin yeah
16:15 I3olle joined #salt
16:17 jalbretsen joined #salt
16:17 I3olle any hints on what i would have to do to generate files on the master, based on grains from the minions in order to then deploy these files on a specific minion?
16:17 I3olle i don’t want to use the mine because a) i don’t want even the specifically chosen datat to be available to all the minions
16:18 FRANK_T now I am getting this https://www.refheap.com/2aa5d58e45f5099b4bc779b42
16:18 tehmasp joined #salt
16:18 I3olle b) because if the master is creating these, why would i need the mine
16:21 shakewait joined #salt
16:21 iggy I3olle: probably something with orchestrate (or a ext_pillar) depending on what you are really trying to do
16:22 FRANK_T any idea?
16:22 iggy ext_pillar seems more maintainable assuming it'll get the job done
16:22 peters-tx joined #salt
16:23 nickg joined #salt
16:23 iggy FRANK_T: salt:// uris are relative to the top of your file root (i.e. you probably want to take out the srv/salt/
16:24 nickg how do you install the npm module MD5?  Every time I try to install it , saltstack installs the md5 module.
16:25 phx i'm doing a new installation, just installed master and minion on the same box, accepted the minion key, and getting a faild-to-auth response for a test.ping, what can be wrong here? details: http://pastebin.com/jxpYnuBu
16:25 FRANK_T And that's why I should never take vacation  :) Done!!! thank you iggy
16:26 iggy phx: good on disk space and inodes?
16:27 spiette joined #salt
16:27 [thumper] joined #salt
16:27 phx iggy, sure, almost fresh box
16:28 phx iggy, disk utilization is around 25%, inode is around 3%
16:28 phx those are the top-utilized filesystems
16:28 frvge Hi, I'm trying to run a command in the background with cmd.run in a sls file, but it's hanging there. I read something about cmd.retcode, but I'm not sure if it works in my case.
16:28 [thumper] joined #salt
16:28 lance joined #salt
16:29 frvge I could probably use a script, but that sounds like overkill to me.
16:30 iggy phx: try salt-call test.ping
16:30 phx iggy, local: True
16:33 phx iggy, with -l all: http://pastebin.com/rwJb37Mg
16:33 phx however i doubt there's anything useful there
16:33 phx mhm
16:33 phx iggy, I've restarted the salt-master and it's working now
16:34 iggy sweet
16:34 phx i remember fixing some typos in the master config file after it stopped reporting syntax errors
16:34 phx so most probably something leaked in still
16:34 phx thanks for the help still :)
16:34 jewellb joined #salt
16:35 JDog Hi, anyone know how to reference a file from within a salt state file?
16:36 frvge JDog: where is the file located?
16:36 JDog On the master.
16:36 I3olle joined #salt
16:36 JDog And I'd like not to put it in /srv/salt...
16:36 frvge Try salt:// . It references the file_roots path AFAIK.
16:36 JDog What is the default?
16:36 I3olle thx iggy i think external pillars might be the answer to that
16:37 frvge then maybe use an overriden file_roots . I don't have experience with that.
16:37 nullptr` JDog: the root of salt:// is /srv/salt by default
16:37 twellspring /etc/nginx/nginx.conf:
16:37 twellspring file.managed:
16:37 twellspring - source: salt://nginx/nginx.conf
16:37 twellspring - user: root
16:37 twellspring - group: root
16:37 twellspring - mode: 644
16:37 twellspring that references a fiel in the nginx directory in salt croot ( /srv/salt default)
16:37 bfoxwell joined #salt
16:40 [thumper] joined #salt
16:41 aparsons joined #salt
16:41 TheRealBill joined #salt
16:41 jalaziz joined #salt
16:42 [thumper] left #salt
16:44 fintler joined #salt
16:44 fintler joined #salt
16:45 racooper twellspring,  please use a pastebin and don't paste multi-line here
16:46 jalbretsen joined #salt
16:48 felskrone joined #salt
16:49 thumper joined #salt
16:49 dooshtuRabbit joined #salt
16:50 FRANK_T twellspring  please use this site https://www.refheap.com/  to paste the code
16:50 iggy (preferrably not pastebin.com)
16:50 hobakill iggy, curious - why not pastebin?
16:50 iggy ads, broken whitespace, etc.
16:51 hobakill iggy, fair enough. good to know!
16:51 frvge Hi, I'm trying to run a command in the background with cmd.script in a sls file, but it's hanging there. What's the best way to have a fire-and-forget call in a state file?
16:51 iggy whitespace is somewhat important in yaml
16:52 iggy frvge: & ?
16:52 masterkorp Hello
16:52 frvge iggy: yes, but that hangs salt.
16:52 hobakill hello masterkorp
16:52 frvge salt can't determine what has changed
16:52 [thumper] joined #salt
16:55 ipmb joined #salt
16:55 racooper pastebin has ads?
16:56 iggy frvge: I don't know... you'll probably have to handle it on your own
16:56 iggy racooper: yes... all over it
16:57 JDog Is it possible to add filepaths to the file_roots and does the salt-master look in each place?
16:57 iggy JDog: at run time, no... yes
16:57 ipmb will "regular" multimaster allow minions to failover if a master fails or only mulimaster-pki?
16:57 racooper wow, I guess adblock plus is effective. I've never seen them. I tend to use gist instead, anyway
16:58 ipmb the differences between the two aren't clear to me
16:58 iggy racooper: yeah... the ads aren't even the most annoying part... white space ffs
16:58 iggy how do you f* up white space when your primary job is to hold code snippets people are sharing
17:01 bhosmer_ joined #salt
17:03 masterkorp 2015-01-05 13:19:00,648 [salt.loaded.int.fileserver.gitfs][ERROR   ] Git fileserver backend is enabled in
17:03 masterkorp master config file, but could not be loaded, are pygit2 and libgit2 installed?
17:03 masterkorp on salt-master i am getting this
17:03 masterkorp i installed salt using salt-bootstrap
17:03 masterkorp isn't supposed for these packages to be installed with it
17:08 Bryanstein joined #salt
17:09 masterkorp https://www.zerobin.net/?ab61cbe909bb8a39#yvgtOXbMfuxG8HLmCNy92YAmzG2BASKN0MFoCQ3Mwe8=
17:18 stephas joined #salt
17:19 KyleG joined #salt
17:19 KyleG joined #salt
17:20 delinquentme joined #salt
17:20 aparsons joined #salt
17:20 aqua^mac joined #salt
17:22 xDamox joined #salt
17:22 aparsons joined #salt
17:23 FRANK_T I managed to copy the file from the master to the minion is anyway that I can execute the command ./INSTALL < answers after that?
17:24 FRANK_T ./INSTALL is a script inside the folder that I copied and answers is a text file redirection I do not what to use cmd.run for this
17:25 FRANK_T the question is can I add BASH command to mi .sls ?
17:25 FRANK_T my*
17:25 iggy masterkorp: no, because git isn't strictly necessary for salt to function
17:26 iggy FRANK_T: that's what cmd.run is for...
17:26 FRANK_T yes but I can Add that inside my .sls
17:27 FRANK_T I want to copy the file and after that execute the script inside the folder
17:27 felskrone joined #salt
17:27 nullptr i'm having an issue with win32 salt (binary installation, 2014.7.0) -- file.join appears to be missing. it works on os x/linux but not windows. could this simply be a packaging issue? don't see anything on github issues for this.
17:27 nullptr curious if anyone else has seen this
17:30 tligda joined #salt
17:30 masterkorp iggy: anywyas gitpython is installed
17:30 masterkorp how can i further debug the problem
17:31 iggy masterkorp: when was it installed?
17:32 twellspr_ joined #salt
17:33 masterkorp a long time ago
17:34 desposo joined #salt
17:34 gothix joined #salt
17:34 iggy start python and see if you can "import git"
17:34 masterkorp i just did apt-get install python2-gitpythobn
17:39 sgregory_ joined #salt
17:40 monkey661 joined #salt
17:42 jalaziz joined #salt
17:45 otter768 joined #salt
17:47 sirtopas joined #salt
17:51 masterkorp iggy: https://www.zerobin.net/?905777192803f677#aTDA/MF9+ZYnqkcYaVTxl+zN8/qpGPVZGItQG0cRzoo=
17:51 iggy then I got nothing
17:52 iggy masterkorp: what version did it install?
17:53 masterkorp https://www.zerobin.net/?fb431e62801fa441#4/CW/SHY37Pk/Df7GL4H0dYIyfaRwz+e+L55qvuCzpQ=
17:53 masterkorp lastest from the repos
17:54 iggy okay, then yeah... I got nothing
17:54 masterkorp thnaks for the help anyways I will keep digging
17:55 iggy the master has been restarted since you installed the gitpython package, right?
17:55 masterkorp yes
17:55 GrueMaster joined #salt
17:56 vbabiy joined #salt
17:57 theologian joined #salt
17:58 kitp joined #salt
17:58 berto- joined #salt
17:59 ValF joined #salt
17:59 kitp is there a way to have salt-cloud register a dns entry with route53 in aws?  kind of thinking out loud here, but it would be really cool if i could make this happen as part of the provisioning process.
18:00 KaaK kitp: http://docs.saltstack.com/en/latest/ref/states/all/salt.states.boto_route53.html
18:01 kitp KaaK: cheers!
18:02 iggy I'd probably do it via a reactor (then you don't have to give your aws credentials to your minions)
18:03 kitp well, i was kind of hoping that i'd also be able to remove the records when a cloud.map is deleted.
18:03 kitp reactor?
18:03 kitp sorry, just getting started with salt.
18:04 KaaK kitp: no problem, for more AWS goodies, checkout the various boto states and modules -- you can always call a module from a state
18:04 fxhp joined #salt
18:05 KaaK kitp, look into instance profiles and and assign iam roles to your instances
18:05 KaaK for your worry about aws credentials
18:06 P0bailey joined #salt
18:06 KaaK kitp, http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html
18:06 P0bailey joined #salt
18:06 KaaK basically, when an instance needs crediantials, it gets ephemeral creds from the AWS metadata service
18:07 kitp i'm ok with the creds piece for now...in the salt-cloud cloud.providers config.
18:07 kitp ah, yeh - i see.
18:07 cheus joined #salt
18:07 cheus_ joined #salt
18:08 hal58th joined #salt
18:08 monkey66 joined #salt
18:08 KaaK tl;dr -- iam roles for your instances is hands down the way to go -- the only issue is you can only assign them at launch, so you might need to snapshot stuff and relaunch
18:10 cpowell joined #salt
18:10 bhosmer joined #salt
18:11 cpowell joined #salt
18:11 alexbst joined #salt
18:12 favadi_ joined #salt
18:12 m0nky joined #salt
18:13 ramishra_ joined #salt
18:13 scalability-junk joined #salt
18:14 twellspring joined #salt
18:15 mikepea joined #salt
18:15 esharpmajor joined #salt
18:16 neilf______ joined #salt
18:16 octarine joined #salt
18:16 gyre007 joined #salt
18:16 markizano joined #salt
18:16 seanz joined #salt
18:16 moderation joined #salt
18:16 scryptic1 joined #salt
18:16 ThomasJ joined #salt
18:16 basepi joined #salt
18:16 packeteer joined #salt
18:16 techdragon joined #salt
18:16 supermike joined #salt
18:16 goki________ joined #salt
18:16 GrueMaster joined #salt
18:16 CatPlusPlus joined #salt
18:16 cads joined #salt
18:16 pf_moore joined #salt
18:16 Tahm joined #salt
18:16 bytemask_ joined #salt
18:16 nliadm joined #salt
18:16 CaptTofu_ joined #salt
18:16 _ikke_ joined #salt
18:17 JonGretar joined #salt
18:17 bofhit joined #salt
18:17 xt joined #salt
18:17 scryptic1 Is there any reason pillar data would not update on my minions after running 'salt target saltutil.refresh_pillar'?
18:17 abele joined #salt
18:17 copelco joined #salt
18:17 GvJordan joined #salt
18:17 georgemarshall joined #salt
18:17 forrest joined #salt
18:17 EWDurbin joined #salt
18:17 qybl joined #salt
18:17 gamingrobot joined #salt
18:17 iggy so the master and minion have different data?
18:18 _prime_ joined #salt
18:18 mihait joined #salt
18:18 munhitsu___ joined #salt
18:18 akitada joined #salt
18:18 jgelens joined #salt
18:18 grepory_ joined #salt
18:18 antonw joined #salt
18:18 scryptic1 after I run the pillar refresh command, if I call pillar.items on my target, I get nothing back
18:19 rnts joined #salt
18:20 gmoro joined #salt
18:20 tehmasp scryptic1: what version of salt are you using?
18:20 scryptic1 2014.1.13
18:21 fintler joined #salt
18:21 fintler joined #salt
18:21 Vye joined #salt
18:22 tehmasp yeah; FWIW salt-run fileserver.update never worked for me w/ gitfs on that version; i ditched that release for Helium
18:22 JPaul joined #salt
18:22 hal58th scryptic you get no items at all, or just the new data isn't showing up?
18:22 scryptic1 I get no data at all
18:22 qybl joined #salt
18:23 hal58th how long are you waiting for your data? I have had to wait up to one minute with "-t 60"
18:23 Samos123 joined #salt
18:24 scryptic1 I just tried the -t flag with 60.. they all return fairly quickly with no data
18:24 UtahDave joined #salt
18:25 Gareth morning morning
18:25 hal58th scrytptic1 have you tried doing a salt-call pillar.items on a host that you refreshed to see what is happening?
18:26 hal58th Sounds like the pillar data is messed up and therefore it can't process the pillar data
18:26 g3cko joined #salt
18:27 scryptic1 ahh! I think you're on to something
18:27 scryptic1 it says 'Got a bad pillar from master, type str, expecting dict:'
18:27 scryptic1 my pillar files are huge... any way to debug?
18:28 tehmasp basepi: not sure if you see updates from closed issues - but see this: https://github.com/saltstack/salt/issues/1976 ; are the docs not supposed to mention onlyif , unless for file* ? am i missing something?
18:28 iggy Is there a way to catch what the minion is doing on the master? (i.e. something similar to what salt-call -l debug would get you, but on the master)
18:28 iggy scryptic1: yaml linter?
18:28 twellspring joined #salt
18:29 hal58th scryptic1 pillar files are hard to debug. I would do what iggy just suggested and run it through a yaml editor
18:29 Ryan_Lane joined #salt
18:31 hal58th iggy, not sure if I understand your question. a minion on the master works just like every other minion as far as I am aware
18:32 tomh- joined #salt
18:33 felskrone joined #salt
18:33 rap424 joined #salt
18:33 akoumjian joined #salt
18:35 wendall911 joined #salt
18:38 shoma_ joined #salt
18:44 jalaziz joined #salt
18:44 zadock joined #salt
18:46 iggy so my problem is, a state works fine when I run it via salt-call on the minion, it fails when I run it from the master
18:46 iggy trying to figure out why
18:54 UtahDave iggy: in that case, what I do is ssh into the minion, stop the minion service and start up the minion with    salt-minion -l debug
18:54 UtahDave iggy: then run the state from the master
18:54 UtahDave iggy: that will often show you what's going on
18:55 UtahDave felskrone: ping!
18:56 berserk_ joined #salt
18:57 berserk joined #salt
18:57 CeBe joined #salt
18:57 felskrone UtahDave: yes?
18:57 felskrone and hi :-)
18:57 berserk joined #salt
18:57 wichrowsk joined #salt
18:58 stoogenmeyer joined #salt
18:59 kooop joined #salt
18:59 smcquay joined #salt
19:04 hebz0rl joined #salt
19:06 desposo joined #salt
19:09 aqua^mac joined #salt
19:09 cberndt joined #salt
19:10 iggy I think it's a terminal thing... (get no tty errors when run via minion, but not via salt-call)
19:11 manytrees hi, is there a doc somewhere about how to securely target pillar data? i wanted to set a grain env=dev but that's not recommended
19:11 iggy it's fine if you trust your minions
19:12 iggy I think some people tend to conflate the problem a lot due to their specific environment
19:13 hrist joined #salt
19:14 eliasp iggy: I'm going the "better safe than sorry" route regarding this… a minion running vulnerable things like webservices etc. is IMHO always to be considered a potentially compromised node…
19:14 manytrees but if one machine is compromised then everything in salt would be considered compromised?
19:14 eliasp manytrees: exactly
19:15 iggy you run your webservices as root?
19:15 ekristen joined #salt
19:15 eliasp iggy: no… definitely not ;)
19:15 iggy sure, it's all a big tradeoff
19:15 iggy shoving that kind of stuff in grains can be dangerous
19:16 iggy is it likely to be in practice? Not for me, maybe for you... make up your own mind about it
19:16 iggy just don't tell everybody that your way is "the right way"
19:16 eliasp yeah, sure… it's as always a "depends on" thing
19:16 manytrees is there a recommended way to target the pillar then?
19:17 eliasp I just like to point out the dangers of doing this/why it is dangerous… then people can make their own mind about it and do what they think works best for them
19:17 manytrees the best practices doc just says not to use grains, but doesn't give an alternative
19:17 murrdoc put it on the node, pull it in as a salt-mine via pillar
19:18 meylor joined #salt
19:18 twellspring joined #salt
19:19 iggy manytrees: where?
19:19 iggy because I will certainly send doc improvements for that
19:20 manytrees iggy: http://docs.saltstack.com/en/latest/topics/best_practices.html 4.1 #5
19:20 manytrees murrdoc: i don't understand what you mean. put what on the node?
19:20 berserk joined #salt
19:21 vbabiy_ joined #salt
19:22 murrdoc never mind , its an option, but its not the best one
19:22 thedodd joined #salt
19:22 murrdoc but if you need the info on the nodes itself, you can keep it on the node, then use salt-mine + custom function to get it out of the node itself
19:22 UtahDave felskrone: Hey, I have a PR here https://github.com/saltstack/salt/pull/19350  that fixes a thread leak on windows, or specifically when threads are being used instead of multiprocess
19:23 meylor I'm trying to create a dns record via the boto module. Salt says that it's being created but it isn't when I look at the console. Does anyone have any thoughts? http://paste.ofcode.org/ZA6N5Y54prJsqyVFkZsWGN
19:23 UtahDave felskrone: it's regarding caching the sreq.  It looks like you may have originally worked on that code. Would you mind taking a peek at my changes and giving me any feedback you might have
19:23 UtahDave felskrone: or let me know if there's a better way to take care of this?
19:24 iggy forrest: you have a problem with me moving the aptly formula to use the nightly aptly packages (it adds a -batch option that will keep a lot of the aptly commands from failing)... at least until the next version is out (was supposed to be Nov)
19:25 berserk joined #salt
19:25 forrest iggy: Uhh, could you add a variable instead to the pillar for stable versus nightly or something so that users can choose, and it defaults to stable?
19:25 forrest iggy: Just in case there is a problem with the nightly builds
19:26 totte joined #salt
19:27 felskrone UtahDave: yes, i made the sreq-caching optional a while back, let me take a look
19:27 prymek joined #salt
19:28 manytrees murrdoc: i want to set config files and package versions for each environment separately. i thought storing the sensitive data in pillar was the recommended way but i don't know how to securely target the minions for each separate environment
19:28 iggy forrest: sure... this fixes all those notes in publish_repos btw...  3 files changed, 9 insertions(+), 14 deletions(-)
19:28 iggy always like to see things getting less complex (with the same functionality)
19:29 forrest Yeah for sure
19:29 prymek hello, what's the recommended way to transfer some sensitive file to minion? Is there a way to put *content* of file into some pillar variable?
19:29 murrdoc ah manytrees yes, store that data in pillars, then store 'identifiers' in grains and use the compound matching to get that data onto minions
19:29 iggy content_pillar
19:29 iggy prymek: ^
19:30 kitp joined #salt
19:30 forrest let me know when you have the pr ready iggy, looking forward to seeing more improvements!
19:30 spookah joined #salt
19:30 iggy prymek: contents_pillar (with an s, sorry)
19:31 manytrees murrdoc: if i store identifiers in grains then don't i run into the problem where a compromised minion compromises all of salt?
19:32 murrdoc i cant speak to that, iggy forrest and others might know more about it. also UtahDave
19:32 prymek iggy: thx. And how to put content of a file into a pillar variable?
19:32 manytrees murrdoc: ok, thanks
19:33 iggy prymek: it's yaml... so the normal yaml rules apply
19:34 felskrone UtahDave: thats odd, it looks like my cache_sreq setting has been removed from the zmq transport
19:37 prymek iggy: yes, but what's the clean way to include *any* possible file content without breaking YAML? Use include and separate file with  #!py ?
19:38 rtuin joined #salt
19:38 aparsons joined #salt
19:40 iggy prymek: it really depends what you are trying to do... there's no "one way" to do anything in salt
19:41 prymek I want e.g. transfer ssl key file to the client. I have a key file on the server and I must read it to the pillar tree somehow
19:41 Sway joined #salt
19:42 iggy prymek: I just have mine in the pillar yaml files
19:42 eliasp prymek: https://github.com/saltstack/salt/issues/18406
19:43 ahammond prymek any reason you're not puting it in the pillar directly?
19:43 iggy if you insist on it being in a separate file, there's not really a way to do that with pillars (yet afaik)
19:44 prymek hm, that's sad :(
19:45 otter768 joined #salt
19:45 prymek maybe the basic idea of "all content is all-client-readable" is broken :(
19:46 UtahDave prymek: you can use jinja to and salt to read a file into a pillar variable
19:46 UtahDave prymek: everything in your file_roots is client readable.
19:46 stevednd UtahDave: is there a way to bootstrap install salt from a git branch when creating a cloud server with something like the linode provider?
19:47 prymek UtahDave: I know... That probably is not a good design choice - even config files are somehow sensitive you know...
19:47 eliasp prymek: that's why the sensitive part is moved into pillars
19:48 eliasp prymek: so you only have Jinja templates in file_roots where the sensitive information are rendered based on pillars the minion is allowed to see
19:48 pdayton joined #salt
19:48 UtahDave stevednd: yeah, there are some options you can add to your provider or profiles to install from any branch, tag, or hash from git
19:48 iggy gpg renderer?
19:49 stevednd UtahDave: where can I find the docs on that? I figured there was a way, but I have no idea what I need to put in the profiles
19:50 prymek eliasp: you can have _common_ settings which are kind-of sensitive... In the current state of saltstack, every client can e.g. see that all servers have "PermitRootLogin yes" in sshd_config...
19:51 eliasp prymek: than make the 'yes' a pillar ;)
19:51 prymek it's not very practical :)
19:52 UtahDave stevednd: just a sec
19:52 iggy stevednd: http://docs.saltstack.com/en/latest/topics/cloud/misc.html#deploy-script-arguments
19:52 prymek it would be nice to have some private parts of a file server - like e.g. private/<client>/... would be accessible only by <client>
19:53 iggy that's what pillars (and that bug that you were linked) are for
19:53 aw110f joined #salt
19:53 UtahDave stevednd: https://gist.github.com/UtahDave/1b11bcb620d73dcc9df6
19:53 bhosmer_ joined #salt
19:57 stevednd UtahDave, iggy: thanks. if I specify my own args will the boostrap script ignore things like the master IP that is set already in the profile, or is it smart enough to merge them?
19:57 UtahDave where are you specifying your own args?
19:59 stevednd UtahDave: providers:<config>:minion:master
20:03 desposo joined #salt
20:10 numkem joined #salt
20:11 monkey66 left #salt
20:11 jeremyr1 joined #salt
20:12 numkem joined #salt
20:13 monkey661 joined #salt
20:15 mikef_ joined #salt
20:15 bivers joined #salt
20:16 bivers joined #salt
20:17 mikef_ is it possible to run part of a salt  .sls file as a non priviledged user?  (one of the states im have runs a source code compilation, id like that to be  done as non root, but the salt-minion runs as root)
20:17 smcquay joined #salt
20:17 mikef_ *im having
20:18 bivers is there a reason why cmd.run "env" would return different values when using the 'runas=root' cmd arg versus not? Specifically when cmd.run (appears) to be executing as root regardless?
20:19 prymek UtahDave: iggy: What do you thing about putting this sls into pillar? https://gist.github.com/mprymek/089409060b44c5d0ff49
20:19 iggy mikef_: some states have that ability... just depends what it is
20:20 bivers I know that's kind of an open-ended question, but I'm unsure how cmd.run's default context
20:21 bivers works
20:22 kitp trying to run "salt '*' test.ping" against some salt-cloud provisioned machines but getting Failed to authenticate! - any ideas.  the machines are running, and i can ssh into them.  is it because the machine's login isn't root, but centos?
20:22 mikef_ iggy: im not sure i undestand you,  here is my simple state    http://fpaste.org/165958/89292142/  ,  what do you mean by some can?
20:23 iggy kitp: did you accept the keys on the master?
20:23 iggy mikef_: f.ex. cmd.run has a "user" arg to set the user it runs as
20:24 nullptr bivers: it looks like there's code which attempts to shell out as the named user to collect the user-specific env
20:24 iggy not all states do though
20:24 kitp iggy: accept?  i created them on the master, and imported them into AWS.  so maybe not.
20:24 iggy kitp: check salt-key -L output
20:25 bivers hi nullptr :)
20:25 kitp iggy: the new machines are in the Accepted Keys: section
20:26 iggy kitp: okay, the only other thing I can think of would be version mismatches
20:27 kitp iggy: they are all the same AMI image - maybe safe to assume they are the same.
20:28 iggy I mean between the master and minions
20:29 MindDrive joined #salt
20:31 redzaku joined #salt
20:32 redzaku Is anyone else getting warnings about the SSL cert for saltstack.com (that it is only trusted for *.squarespace.com)?
20:32 basepi tehmasp: Nah, I don't think we'll add unless/onlyif to the docs of each individual state. They're documented in the global state arguments doc: http://docs.saltstack.com/en/latest/ref/states/requisites.html
20:32 kitp it is the key that's specified in the cloud.providers config right?  i mean that's the one that's used by the master too right?
20:33 kitp and yes, the master and minions are using the same AMI image.
20:33 iggy redzaku: I see the same, yes
20:34 redzaku Who should we contact for this? If I didn't know about saltstack before hand, I'd probably drop using saltstack immediately if I saw this.
20:34 aparsons joined #salt
20:35 iggy I doubt many people go straight to https://www.saltstack.com (vs the non-https version)
20:39 big_area joined #salt
20:40 delinquentme joined #salt
20:45 tfield joined #salt
20:46 smcquay joined #salt
20:46 foulou joined #salt
20:47 aparsons joined #salt
20:52 chitown http://docs.saltstack.com/en/latest/topics/targeting/grains.html#precedence
20:52 alexhayes joined #salt
20:52 chitown that explcititly says that grains from grains modules should always override any other
20:52 chitown but, that is not what i am seeing
20:52 chitown 2014.7.0
20:53 chitown i dont see any open bugs... i see one from sep, but that looks to be closed... still searching
20:53 chitown was hoping someone could point me at an existing bug :)
20:55 chitown or, at least, someone could verify or tell me i must have screwed something up bc it works for them
20:56 cpowell joined #salt
20:57 cpowell_ joined #salt
20:57 forrest redzaku: I'm pretty sure the guys are aware of that actually. I don't usually visit the main site since the docs have a cert on them. But we can ping UtahDave. UtahDave do you know if someone is going to get the squarespace HTTPS thing resolved for the main saltstack.com site?
20:58 aqua^mac joined #salt
20:58 UtahDave forrest: Yeah, we are. we're going to be moving away from squarespace.
20:59 redzaku Okay, cool.
20:59 forrest UtahDave: Cool, I figured you were, just couldn't remember :P
20:59 cpowell_ joined #salt
21:00 UtahDave Yeah. I'll go check again and see if they're going to fix the current setup, because that's an aweful error
21:01 big_area joined #salt
21:02 _prime_ joined #salt
21:03 numkem Is it normal to have a schedule to runs a highstate on all minions every x minutes?
21:03 numkem I'm moving away from puppet and that's what I'm used to
21:04 aurynn depends on your environment
21:04 iggy we just manually run highstate (or usually an individual state) when we commit changes
21:05 numkem as a trigger?
21:05 iggy it's on the todo list to use webhooks+salt-api at some point
21:05 numkem right. Thanks iggy
21:05 numkem and aurynn :)
21:05 iggy but yeah, it really depends on env
21:06 iggy if I was running my own git server, I'd just use a git hook, but we use github, so webhooks+salt-api it is
21:06 twellspring joined #salt
21:06 aurynn we're using reactors to trigger individual states as needed
21:06 numkem very interesting, going to read on the reactor system. Might be just what I'm looking for
21:07 numkem considering I could write something that triggers events in the bus, that would do it
21:08 numkem thanks.
21:09 stevednd am I mistaken, or did something change? If I'm passing pillar data on the command line doesn't that get merged with existing pillar data? right now it seems like it's overwriting the given key entirely
21:10 stevednd pillar="{redis: {force_install: True}}"
21:10 jalaziz joined #salt
21:11 delinquentme joined #salt
21:11 iggy it should be merged if possible, but I have seen differences in 2014.1 and 2014.7 for sure
21:11 eliasp Gareth: ping
21:12 twellspring joined #salt
21:14 stevednd is there an easy way to dump pillar data in jinja templates now to see what's going on?
21:16 iggy pillar.item redis
21:22 prymek left #salt
21:22 stevednd iggy: salt['pillar.item']('redis') returns the normal pillar hash. salt['pillar.get']('redis') gives me the force_install passed from the command line
21:23 gspe joined #salt
21:25 stevednd UtahDave: Can you shed any light on what I just asked above? Something seems very wrong
21:26 Pixionus joined #salt
21:26 stevednd I'd like to believe I'm just doing something dumb, but I'm having a hard time seeing it
21:31 Gareth eliasp: pong
21:32 eliasp Gareth: I'm still running into issues with the invisible mount opts… got a minute to have a look at it?
21:32 Gareth sure.
21:32 eliasp ok, let me quickly gather + nopaste my stuff ;)
21:32 Gareth sounds good.
21:33 markizano stevednd: yeah, it looks like it might do that. are you trying to override a specific subsection of your data-tree ?
21:35 eliasp Gareth: first a set of patches you might want to apply to a local test branch: https://gist.github.com/anonymous/f70caf152c99f9aed2e4
21:35 markizano numkem: we had an environment where highstate every X minutes was costly on the server. Since you're moving to an event-based system that will call states as needed, that's actually a pretty good idea. I'd recommend limiting a full highstate to something like once a day or to run at some interval in the night to ensure the system stays in sync over time rather than to the minute.
21:36 markizano stevednd: I usually prefix the line with a comment and {{ output }} the var on that line so I can see what that data structure has in a .sls
21:44 eliasp Gareth: sorry, took a bit…
21:44 eliasp now I'm still running into remount attempts of nfs mounts because of 'bg' and 'actimeo=10' … https://gist.github.com/eliasp/36da9abca28a5d033121
21:44 aparsons joined #salt
21:45 eliasp Gareth: see output.yaml at the bottom of the gist
21:45 eliasp Gareth: any idea why this is still happening?
21:45 * Gareth looks
21:46 Gareth eliasp: bg is in the invisible mount opts?
21:46 eliasp Gareth: yes, see patchset: https://gist.github.com/anonymous/f70caf152c99f9aed2e4
21:48 eliasp Gareth: you might want to run 'curl https://gist.githubusercontent.com/anonymous/f70caf152c99f9aed2e4/raw/508c3bc51d6a6daad00ad54478cd79d270038906/stdin | git apply -' on a local test branch
21:49 Gareth eliasp: this is against 2014.7?
21:49 eliasp Gareth: yes
21:49 snave joined #salt
21:50 UtahDave numkem: some people like to run a highstate every 30 minutes or hour to make sure they don't get "configuration drift"  I can kind of see their point, but I think it's a bigger problem to have "configuration drift"  WHAT THE HECK IS ALTERING MY SYSTEMS WITHOUT ME KNOWING IT!!!
21:50 UtahDave that's my thought on that. :)
21:50 stevednd markizano: not really even override, just inject a value into the pillar tree
21:50 eliasp UtahDave: I know what's altering their systems… bad IT practices where systems are half-manually managed and half Salt-managed ;)
21:51 markizano stevednd: I've taken to creating a pillar_ex module that allows me to do that at specific levels of the tree.
21:51 Gareth UtahDave: Tiny puppets dressed as chefs. :)
21:51 UtahDave eliasp: yep!
21:51 iggy I told my boss I was going to disable his accounts if he did that again (didn't use salt to make the system changes he was making)
21:52 UtahDave Gareth: lol
21:52 stevednd markizano: I'm not familiar with that. how does that work exactly?
21:53 markizano mkdir ~states/_modules
21:53 wolfgang42 left #salt
21:53 markizano stevednd: touch ~states/_modules/pillar_ex.py
21:53 markizano create a `def get()' that will go fetch what you need from the pillar.
21:54 markizano In my example, I use the top-level namespace and the namespace "env" for specific things to an environment.
21:54 markizano If I'm searching for %s, then I'll run __salt__['pillar.get']() on both %s and "env.%s"
21:54 markizano Then, use python's dictionary merging to control how the data structure is interlaced.
21:55 markizano native dict.update() has some weird side-effects to deep-merging :x
21:57 Singularo joined #salt
21:58 dfinn joined #salt
22:00 Gareth eliasp: might be a couple minutes.  something is screwy with my 2014.7 branch.
22:00 eliasp Gareth: k
22:01 UtahDave Gareth: FYI i just spent an hour troubleshooting a weird minion startup issue. turns out I had to delete the build directory in my salt git clone.    setup.py install --force  wasn't enough
22:01 nethershaw joined #salt
22:01 UtahDave I was jumping between branches testing things and apparently stale files were hanging around
22:01 Gareth UtahDave: this is that same issue I ran into the other day where it's complaining about missing cli.caller, where i had to delete and rebuild.
22:02 UtahDave that's EXACTLY what I was running into
22:02 aw110f joined #salt
22:07 Ryan_Lane joined #salt
22:15 jeremyr joined #salt
22:17 meylor joined #salt
22:17 meylor I'm trying to create a dns record via the boto module. Salt says that it's being created but it isn't when I look at the console. Does anyone have any thoughts? http://paste.ofcode.org/ZA6N5Y54prJsqyVFkZsWGN
22:19 mosen joined #salt
22:21 newtosalt joined #salt
22:21 aparsons @meylor - you sure the record doesnt get created?  it sometimes takes a few seconds to create the record...
22:22 iggy salt['pillar.get']('ip4_interfaces:eth0') ?
22:22 iggy pillar?
22:22 aparsons oooo, good catch iggy :)
22:23 newtosalt noobquestion: I am trying to update my installed rpm package using salt states. but I get an error that it is "Comment: The following packages failed to install/update:rpm=4.8.0-38". Do I need to figure out all the dependencies on which rpm depends on and updated those or do I need to specify a command to run the pkg manager in an non-interactive mode ?
22:24 tehmasp basepi: ah right; that is nicer; i think seeing it explicitly in cmd but not in file the other night made me think that it wasn't available to file.* until i came across that GH issue.
22:24 iggy newtosalt: if you are trying to pull packages from a different distro/version, you will likely have to go through a lot of hoops to install it (whether via salt or not)
22:25 newtosalt no the master and minion are both on centos
22:25 basepi tehmasp: Ya, we need to remove the explicit entry from the cmd docs, now that it's global.
22:26 newtosalt and when I run salt '*'  pkg.list_repo_pkgs rpm. it shows the current isntalled version on minion as 37 and available as 38, but when I try to do a salt '*' state.highstate it fails.
22:26 newtosalt and -l all logging is not useful, should I use a different logging command that will tell me why its failing on the minion
22:26 iggy pkg.update ?
22:27 eliasp newtosalt: using '-l debug' will just result in a more elaborate master log, you'd have to increase the log level on the minion to get more details on the minion
22:27 iggy one would think yum would be smart enough to do that, but I'm not that familiar with it, so...
22:28 newtosalt so pkg.update is separate salt command. because it is not documented on the salt docs, it only talks about pkg.installed state
22:28 * eliasp stopped trusting RPM based systems ~15 y ago ;)
22:28 eliasp newtosalt: that's a difference… there are execution modules and states
22:28 iggy ^
22:29 eliasp newtosalt: pkg.upgrade is from the 'pkg' execution module which is the part of salt handling the dirty work (talking to the package manager etc), while pkg.installed is from the 'pkg' state which talks to the way more nice interface of the "pkg" execution module and ensures your system matches the requested state
22:29 eliasp newtosalt: have a look at http://docs.saltstack.com/en/latest/ref/modules/all/ and http://docs.saltstack.com/en/latest/ref/states/all/
22:31 eliasp newtosalt: anyways… back to your issue… to get more details from the minion as log, you could do:
22:31 eliasp salt your-minion cmd.run 'salt-call -l debug state.highstate'
22:31 meylor aparsons: yeah, I'm sure. If I modify the zone and add the A record to zone2 (which doesn't exist) it still appears to succeed
22:32 newtosalt pkg.update or pkg.upgrade will not go in a sls file ? because when I changed my sls file, it didnt like it
22:32 eliasp newtosalt: whatever you call using "salt your-minion foo.bar" will be an execution module… only state.something will call the state execution module which in turn then evaluates + applies your states
22:33 eliasp newtosalt: everything else you do via CLI will be an execution module
22:33 eliasp when a highstate is applied, the state modules evaluate your states and turn this into actions on your system which are then carried out by execution modules
22:34 eliasp on the commandline, you can bypass your states and talk to execution modules directly
22:34 newtosalt ok, thnx
22:35 aparsons kinda hacky, meylor... maybe attach it to a command.wait
22:35 aparsons 1 sec
22:35 aparsons i'll show you
22:37 foulou joined #salt
22:37 aparsons maylor: http://pastebin.com/F8QMThht
22:37 aparsons meylor^^
22:37 aparsons maybe the record failed to create
22:39 aparsons oops, meylor: http://pastebin.com/pTvnGufa
22:44 bivers joined #salt
22:44 Ahlee anybody familiar with file.replace and able to hint how I can limit this to only a line that starts with PATH? https://gist.github.com/jalons/b1d35e34ea7eb5849902
22:45 Ahlee right now it's replacing everything with that
22:46 eliasp Ahlee: you can use matching groups in the replacement pattern
22:46 Ahlee ah
22:46 Ahlee thanks eliasp
22:47 aqua^mac joined #salt
22:47 eliasp Ahlee: your pattern… \Z → "position at end of the string" what do you actually want to do? could you provide a sample line how it should look like before and after?
22:48 Ahlee commented on it, https://gist.github.com/jalons/b1d35e34ea7eb5849902
22:48 meylor aparsons: even with the watch the record still doesn't get created. why do you think it would?
22:48 Ahlee that's the simplest case, but PATH has been munged in apps I don't know about
22:49 aparsons joined #salt
22:49 eliasp Ahlee: one moment… I think I know how to do this
22:49 Ahlee so, I can't just set a new standard without doing research/testing
22:49 Ahlee as written it prepends the repl string to each line in the file
22:50 Ahlee which is even with count: 1, heh
22:50 eliasp Ahlee: which salt version are you running?
22:51 eliasp Ahlee: I did quite a few changes to file.replace recently
22:51 Ahlee 0.17.5
22:51 Ahlee always and forever
22:51 Ahlee :)
22:52 eliasp Ahlee: oh, ok… can't help you then, sorry…
22:52 Ahlee no problem
22:52 Ahlee them's the breaks
22:52 eliasp Ahlee: you could also try Augeas for this in case this was already in 0.17.5
22:52 Ahlee i'm just gonna change it to cmd.run with a sed string
22:53 Ahlee which is like 99% of my states now i feel, heh
22:56 kermit joined #salt
22:59 bivers joined #salt
23:00 Ahlee eliasp: https://gist.github.com/jalons/b1d35e34ea7eb5849902
23:00 twellspring joined #salt
23:00 Ahlee thanks though
23:00 eliasp Ahlee: SOLVED WORKSFORME :)
23:03 twellspring joined #salt
23:07 foulou joined #salt
23:09 nafg_ joined #salt
23:10 Ahlee and how :)
23:16 twellspring joined #salt
23:16 toastedpenguin joined #salt
23:17 nitti joined #salt
23:19 jalaziz joined #salt
23:21 ckao joined #salt
23:22 kitp ok, i'm still stuck trying to run salt commands after provision with salt-cloud.  salt-key shows the keys as accepted, but i keep getting failed to authenticate.  surely gotta be something stupid i did, or haven't done.  any ideas?
23:25 Ryan_Lane joined #salt
23:28 Ryan_Lane joined #salt
23:31 meylor kitp: your salt ports aren't open on your firewall/acls/iptables
23:32 meylor try to telnet from the minion to the master on 4505/4506
23:33 Ryan_Lane joined #salt
23:33 kitp k, will give that a shot.
23:36 ajmccluskey joined #salt
23:40 perfectsine joined #salt
23:40 Heartsbane Are there any whitepapers/documentation on managing Cisco with Saltstack?
23:41 Heartsbane so I can start a conversation with my boss
23:41 eliasp Heartsbane: for managing Cisco stuff you most likely want a Syndic Minion
23:41 eliasp Heartsbane: http://docs.saltstack.com/en/latest/topics/topology/syndic.html
23:42 Heartsbane eliasp: do I need a special Cisco IOS image on my switches?
23:42 eliasp Heartsbane: eh, sorry… I meant a Proxy Minion: http://docs.saltstack.com/en/latest/topics/topology/proxyminion/index.html
23:42 eliasp not a Syndic
23:42 eliasp Heartsbane: no, what a Proxy minion does is to control "dumb" devices using a Proxy minion
23:42 eliasp so the proxy minion provides the implementation to talk to the "dumb" devices' native interface
23:43 Heartsbane eliasp: thanks
23:43 Heartsbane basepi: I am disappointed that you didn't answer
23:43 mosen yep
23:43 Heartsbane NO SOUP FOR YOU!
23:44 mosen otherwise has someone done a similar thing using salt-ssh ?
23:48 kitp no firewalls on either the master or minion.
23:49 iggy kitp: refheap salt-minion --versions and salt-master --versions
23:50 shaggy_surfer joined #salt
23:51 shaggy_surfer Hi all, I am using this to manage rvm's initial installation:  http://docs.saltstack.com/en/latest/ref/states/all/salt.states.rvm.html#managing-ruby-installations-and-gemsets-with-ruby-version-manager-rvm
23:51 kitp salt-master 2015.2.0-108-gd773041 & salt-minion 2014.7.0 (Helium)  - weird didn't expect that since the minion was provisioned with salt-cloud.
23:51 shaggy_surfer looks like it errors because they want you to accept a gpg key as of rvm version 1.26.x
23:52 iggy kitp: can you try an older master or a newer minion?
23:52 shaggy_surfer you need to run the first command on this page: https://rvm.io/rvm/install
23:52 shaggy_surfer who should I contact about this?
23:53 iggy kitp: I was actually more curious about some of the other libs, but it looks like we may be on to something just with that info
23:53 iggy shaggy_surfer: check to see if there's an issue already open about it
23:53 kitp iggy: well, my problem really starts with centos7, which is why i needed the latest from github...because the bootstrap.sh is fixed there.
23:54 brucewang Is v2015.2 stable enough for prod?
23:54 eliasp brucewang: no
23:54 kitp not sure how to upgrade the minion, since the bootstrap process is what installs it.
23:55 SheetiS joined #salt
23:55 theologian joined #salt
23:56 shaggy_surfer already an issue open, #17184, thanks Iggy
23:56 iggy kitp: you can update the salt-bootstrap script that salt-cloud uses
23:57 kitp from what i can tell it is already the latest.

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary