Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2015-01-08

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:02 forrest ajmccluskey: http://docs.saltstack.com/en/latest/topics/windows/windows-package-manager.html#windows-software-repository sixth bullet point there: No dependencies are managed. Dependencies between packages needs to be managed manually.
00:04 ajmccluskey forrest: thanks a lot. I missed that when I read through that before. Am I able to do that with a "- require: other-pkg" or similar in a pkg state?
00:04 forrest ajmccluskey: As far as I know you should be able to since that's referencing via the ID, and not the package itself.
00:04 ajmccluskey sorry, I'm very new to SaltStack and getting a little lost. If there's any open source project managing Windows minions I'd be happy to scour that.
00:05 forrest ajmccluskey: Uhh I think Dave has some...
00:05 forrest let me see
00:05 forrest ajmccluskey: Here's something he made that talks about using the repo: https://github.com/saltstack/salt-winrepo
00:06 forrest ajmccluskey: Past that and the installation, as far as I am aware everything operates pretty normally.
00:08 jimklo joined #salt
00:08 ajmccluskey forrest: thanks! I've been checking out salt-winrepo for a guide on defining packages. I'll keep playing with the require syntax for a bit and see if I can manually define them within other package states.
00:08 aparsons_ joined #salt
00:09 forrest ajmccluskey: can you gist an example of what you're having an issue with regarding the requires real quick?
00:12 ajmccluskey forrest: sure thing. I just noticed a syntax error, so I'm checking if that fixes it. If not I'll post a gist.
00:12 forrest okay cool
00:14 schristensen joined #salt
00:14 forrest ajmccluskey: I've also created https://github.com/saltstack/salt/issues/19501 to get those docs updated so we have some state examples.
00:16 ajmccluskey forrest: oh cool! Once I get my head around this I might even be able to put something together.
00:16 forrest Cool, should be a quick one, but an issue should exist regardless.
00:16 forrest unless my windows knowledge is that terrible, which is also possible.
00:20 housl_ joined #salt
00:20 forrest ajmccluskey: I've got to leave in about 10 minutes as a heads up, other people should be around if you continue to encounter issues though (maybe even people who know Windows :P ).
00:20 ajmccluskey forrest: OK, so the -require worked. I just did a dumb and left the empty yaml array ("pkg.installed: []") before then defining the require.
00:21 forrest ajmccluskey: Awesome, that makes sense.
00:21 iggy that's a list btw
00:22 ajmccluskey iggy: I really need to learn YAML properly rather than guessing from examples.
00:22 TOoSmOotH joined #salt
00:23 TOoSmOotH Anyone had any luck running a minion connection to a mster through a proxy?
00:23 iggy I loe the online yaml->json/python converter
00:23 Ryan_Lane TOoSmOotH: I've done it
00:23 Ryan_Lane I've run a master behind an amazon ELB
00:23 iggy leave it to Ryan_Lane...
00:23 Ryan_Lane ;)
00:23 Ryan_Lane of course, I didn't try this with a large number of minions
00:24 TOoSmOotH heh.. I want to have a master in AWS and then minions all over the tubes but some of those could be behind proxies
00:24 ajmccluskey forrest: my issue now is that despite my registry telling me I have .NET 4.0 installed, salt disagrees. I'm guessing this is because I've been ignoring the docs RE "wmi windows installer provider" and hoping it wouldn't bite me.
00:24 forrest ajmccluskey: Probably, like I said my knowledge of salt on windows is super limited so I wouldn't say anything in confidence.
00:24 otter768 joined #salt
00:24 ajmccluskey forrest: thanks a lot for the help. I'll go play with this some more. I've also bookmarked that issue to come back to once I sort it.
00:24 lude joined #salt
00:25 forrest ajmccluskey: Sounds good!
00:25 utbmxguy left #salt
00:25 forrest iggy: I'll try to remember to check that issue later tonigh, if not I'm sure nmadhok will grab it
00:25 forrest *tonight
00:27 yomilk joined #salt
00:30 iggy yeah, I got busy at work, so it'll probably later or tomorrow
00:40 nethershaw joined #salt
00:41 nickdew_ joined #salt
00:44 jimklo joined #salt
00:50 hasues joined #salt
01:02 aqua^mac joined #salt
01:08 hotsnow joined #salt
01:10 yomilk_ joined #salt
01:10 Mso150_y joined #salt
01:13 twellspring joined #salt
01:17 TOoSmOotH left #salt
01:23 higgs001 joined #salt
01:27 beneggett joined #salt
01:33 schristensen joined #salt
01:41 Yee_ joined #salt
01:48 _JZ_ joined #salt
01:56 shaggy_surfer joined #salt
01:58 nethershaw joined #salt
02:05 gywang joined #salt
02:07 gywang How can I define nodegroup tgt in salt cherry api ?
02:16 nitti joined #salt
02:20 _JZ_ joined #salt
02:22 hasues left #salt
02:25 otter768 joined #salt
02:25 gzcwnk :)
02:26 shaggy_surfer joined #salt
02:31 favadi joined #salt
02:32 twellspring joined #salt
02:37 otter768 joined #salt
02:38 murrdoc joined #salt
02:45 iggy gywang: I think you can only define nodegroup's in the config file
02:46 iggy oh, maybe something with wheel?
02:47 mosen joined #salt
02:50 nafg joined #salt
02:56 vbabiy joined #salt
03:06 cheus joined #salt
03:07 ipmb joined #salt
03:08 vbabiy joined #salt
03:11 ipmb_ joined #salt
03:13 ipmb joined #salt
03:13 gywang iggy: I've aleady define nodegroup in config file, I mean what I pass to tgt is a nodegroup name instead of node name
03:15 vbabiy joined #salt
03:15 iggy does the function you are looking at have an expr_form option?
03:22 jasonrm joined #salt
03:25 rhand joined #salt
03:32 kitp joined #salt
03:35 nafg_ joined #salt
03:40 monkey66 joined #salt
03:43 anotherZero joined #salt
03:52 mosen joined #salt
03:57 nethershaw joined #salt
03:57 bhosmer joined #salt
04:21 mikaelhm joined #salt
04:28 ajw0100 joined #salt
04:29 mosen joined #salt
04:31 MK_FG joined #salt
04:36 higgs001 joined #salt
04:41 yomilk joined #salt
04:44 Yee joined #salt
04:54 murrdoc joined #salt
05:01 hal58th joined #salt
05:10 otter768 joined #salt
05:10 TheThing joined #salt
05:18 meylor joined #salt
05:22 ingwaem joined #salt
05:28 felskrone joined #salt
05:43 jalbretsen joined #salt
05:46 kermit joined #salt
05:50 ramteid joined #salt
05:51 cobakobodob joined #salt
06:02 aquinas joined #salt
06:05 ming_log4analyti joined #salt
06:06 JlRd joined #salt
06:09 badon joined #salt
06:19 badon joined #salt
06:23 Mso150_y joined #salt
06:41 Papipo joined #salt
06:46 hotsnow joined #salt
06:47 kossy joined #salt
06:48 ndrei joined #salt
06:50 catpigger joined #salt
06:59 Furao joined #salt
07:03 mohae joined #salt
07:10 NikolaiToryzin joined #salt
07:11 otter768 joined #salt
07:11 karimb joined #salt
07:16 bastion1704 joined #salt
07:18 rjc joined #salt
07:19 smcquay joined #salt
07:21 overyander joined #salt
07:21 smcquay joined #salt
07:33 jeffspeff joined #salt
07:41 hkais joined #salt
07:46 hotsnow joined #salt
07:49 anybroad joined #salt
07:49 KermitTheFragger joined #salt
07:51 NikolaiToryzin joined #salt
07:52 capricorn_1 joined #salt
07:57 trikke joined #salt
07:59 slafs joined #salt
07:59 slafs left #salt
08:00 ajw0100_ joined #salt
08:01 Papipo joined #salt
08:02 hebz0rl joined #salt
08:05 intellix joined #salt
08:08 kzx joined #salt
08:09 Papipo left #salt
08:12 yomilk_ joined #salt
08:25 Cidan joined #salt
08:32 Hybrid1 joined #salt
08:37 lb1a joined #salt
08:48 agend joined #salt
08:51 kawa2014 joined #salt
08:53 TyrfingMjolnir joined #salt
08:58 JlRd joined #salt
08:59 monkey66 joined #salt
09:08 I3olle joined #salt
09:12 otter768 joined #salt
09:13 xf10e joined #salt
09:22 xf10e joined #salt
09:28 overyander joined #salt
09:32 stanchan joined #salt
09:40 N-Mi_ joined #salt
09:43 paulm- joined #salt
09:48 akafred joined #salt
09:48 lothiraldan joined #salt
09:51 alexr joined #salt
09:54 Rawkode joined #salt
09:58 CaptainMagnus joined #salt
09:59 esharpmajor joined #salt
09:59 paulm- What can I do if, when running state.highstate, I get a blank response back from a minion? It responds to test.ping normally...
09:59 bhosmer joined #salt
10:02 badon joined #salt
10:04 paulm- Never mind I'm dumb lel
10:05 ganes joined #salt
10:05 ganes hey...
10:06 yomilk_ joined #salt
10:09 ganes issues in  returners..
10:09 bersace left #salt
10:09 ganes anybody help me
10:11 ganes salt-call '*' state.highstate  --return local    .............   its working in minion side but
10:11 ganes salt  '*' state.highstate  --return local    ................    not working in master side
10:11 saltnoob joined #salt
10:12 ganes need to enable or path configuration for returners???
10:12 ganes pls help me guys!!!
10:31 regnat joined #salt
10:32 marcel joined #salt
10:33 intellix joined #salt
10:35 lothiraldan_ joined #salt
10:46 ninkotech_ joined #salt
10:46 ponpanderer joined #salt
10:47 saltnoob joined #salt
10:52 zooz joined #salt
10:55 jeffspeff joined #salt
10:55 chiui joined #salt
10:59 paulm-- joined #salt
11:05 xf10e ganes: --return local?
11:07 alanpearce joined #salt
11:07 xsteadfastx joined #salt
11:09 hkais joined #salt
11:10 yomilk joined #salt
11:11 xsteadfastx joined #salt
11:11 ganes s
11:13 otter768 joined #salt
11:13 xf10e did you configure your master to use a different returner by default or why do you need to specify this?
11:14 xf10e and btw, I think when you put the master's loglevel to debug you'll see all the responses in its log
11:14 xf10e do the same for the minion and you'll see all the stuff it sends to the master
11:15 * xf10e afk again
11:15 xsteadfastx joined #salt
11:15 ganes see i just set up the master-minion setup...
11:16 xsteadfastx joined #salt
11:16 ganes in returner part ...saw built in returners so i had tried this...
11:17 ganes i am not clear if any conf needed in master or in minion for returners...
11:17 ganes just i tried in with that command ....no result
11:18 ganes in minion got result ...
11:18 ganes can u tell if any conf needed for tis in master or n=minion ??
11:20 istram joined #salt
11:21 luminous ganes: it sounds like you are  fiddling with knobs more than keeping it simple and following setup/getting started docs
11:22 luminous ganes: if you don't have a good reason to be changing the returner, don't
11:22 luminous ganes: master/minion communication ought to 'just' work with minimal setup
11:22 luminous the minion must be able to see the master
11:22 luminous with a default config, you can add '$master_ip salt' to /etc/hosts and be on your way
11:23 luminous you need to accept the minion's key on the master, but after that you should be able to send commands and what not to the minion from the master
11:23 paulm-- Do states always execute in the order specified in the top file?
11:24 ganes wait..
11:24 luminous paulm--: they start out that way, but ordering may change
11:24 ganes luminous: actuall i done already what u listed above!!
11:24 paulm-- luminous: other than states that require other states, does anything else cause reordering?
11:25 ganes recently i started with salt stack..
11:25 luminous paulm--: internally, salt will parse all your state formula and use the sets of requisite and watch parameters to figure out dependencies
11:25 luminous paulm--: there is order parameter, yes
11:25 ganes i am not clear with returners concept...
11:25 luminous paulm--: so you can say, this is before that
11:26 luminous ganes: stop fiddling with returners for now then
11:26 luminous ganes: they allow you to control where the minion 'returns' results to
11:26 luminous leave it alone until you have more of your system working :)
11:26 luminous that is my advice
11:26 luminous and if it is already working, but you want to experiment with returners, that could make sense
11:26 luminous but then you should ask a more specific question
11:28 overyander joined #salt
11:29 ganes luminous:  my experiment is how returners is working and how to write a own returners ....thats it
11:30 ganes before that i need to know buitin returners..
11:30 luminous the builtin returners will not work well enough for your situation?
11:30 ganes s
11:31 luminous so what is your specific question about builtins?
11:34 ganes salt  '*' state.highstate  --return local --return carbon --return_config alternative ...therse are all will from master right??
11:35 ganes thes command from master will work right??
11:36 ganes or from minion only??
11:37 Furao joined #salt
11:39 goudale joined #salt
11:40 goudale hi salt !
11:40 goudale I am currently making some kind of "lab" of my production architecture, using virtuals machines
11:40 goudale so I clone salt states
11:41 goudale and run it in my labs
11:41 goudale but there are some values i like to change
11:41 goudale so my question will be "how can I globally tag this installation as `lab` or `fake`"
11:42 goudale so that, fake-production machines does not register themselves to external service
11:42 goudale i could set a grain on all minions
11:42 goudale by i wonder if there is a simplier solution
11:42 Furao pillar
11:44 goudale my pillar are tracked in the same git repos as my states
11:44 Furao not a good idea
11:44 Furao 2 years ago i used to do that but now they’re separated
11:44 goudale should i make two reps ?
11:45 Furao sure
11:45 Furao salt master can get pillar straight from a git repo (no need to clone locally)
11:46 goudale yes i remember reading about that
11:49 ganes hey furao:  salt  '*' state.highstate  --return local --return carbon --return_config alternative ...therse are all will from master right??
11:49 goudale maybe I can just override my labs-pillar without removing the real ones in my lab-master configuration file
11:55 vbabiy joined #salt
12:00 ecdhe_ joined #salt
12:11 bhosmer joined #salt
12:18 kzx joined #salt
12:21 darxmurf joined #salt
12:21 darxmurf hi all
12:25 darxmurf I'm playing with a new SALT installation and I'm wondering if there is a way to install a package on a minion IF the minion has a certain type of hardware ? In my case, to install a specific client if a RAID card is found
12:27 jerrcs joined #salt
12:31 goudale darxmurf: don't you find this information in grains ?
12:31 darxmurf nop
12:31 intellix joined #salt
12:31 darxmurf well, not in grains.items
12:31 darxmurf I don't know if there is a more complete function ?
12:32 goudale i have no idea
12:33 implicitnewt joined #salt
12:33 test117 joined #salt
12:33 darxmurf or else is it possible to launch a "lspci | grep RAID" and get the result in a variable ?
12:33 test117 left #salt
12:33 monkey66 left #salt
12:33 darxmurf then I can match the card name if any
12:35 SubOracle joined #salt
12:36 goudale maybe you can write your own http://salt.readthedocs.org/en/latest/topics/targeting/grains.html#writing-grains
12:36 goudale and do some sort of ``os.cmd("lspci | grep RAID")`` inside
12:38 karimb joined #salt
12:38 implicitnewt So I'm trying to setup multiple environments in my salt master for the various projects we work on.  Have a base file root in /srv/salt/states/base and one next to in in /srv/salt/states/proj1.  I've got some managed files in the proj1 env but I can't sort out how to reference files from there.  I can keep them in base but I would like to keep separation of files to keep it more logically defined
12:39 goudale it looks like the core grains (like ``cpu``) are writing this way : https://github.com/saltstack/salt/blob/develop/salt/grains/core.py
12:39 bhosmer joined #salt
12:40 darxmurf okay I'll have a look :)
12:51 regnat left #salt
12:53 mikkn joined #salt
12:56 bfoxwell joined #salt
13:00 implicitnewt - env: proj1 to my init file and it worked.  stab in the dark ;)
13:04 yomilk joined #salt
13:05 JDog Just a quicke one as I'm struggling to find the answer in the docs: Where should file_roots live?
13:10 rbjorklin JDog: /etc/salt/master
13:12 rbjorklin implicitnewt: Have you defined the environments in /etc/salt/master ? In that case you should be able to refer to the files with: source: salt://relative/path/under/environment
13:12 babilen JDog: http://docs.saltstack.com/en/latest/ref/configuration/master.html -- With a little more context we might be able to actually help
13:13 JDog That's sufficient -- thansk
13:13 redzaku joined #salt
13:14 otter768 joined #salt
13:15 alexr joined #salt
13:16 linjan joined #salt
13:17 rbjorklin joined #salt
13:20 darxmurf how can I launch a shell command and get the result in a formula ?
13:20 darxmurf like :
13:21 darxmurf raidcard:
13:21 darxmurf grains.present:
13:21 darxmurf - name: raidcard
13:21 darxmurf - value: os.cmd["lspci | grep VGA"]
13:21 darxmurf VGA is fo the test on a machine without RAID card obviously :)
13:22 Furao darxmurf: - value: {{ salt[‘cmd.run_stdout’](‘lspci | grep VGA’) }}
13:23 paulm- joined #salt
13:24 cdavid joined #salt
13:24 implicitnewt rbjorklin, I have the environments defined but they are next to the base and not under the base environment.  It was looking in the base for files.managed source with out the -env: specified.
13:25 cdavid anyone knows how the windows installer is built ? I followed instructions on the salt website, but the installer looks different
13:25 darxmurf Furao: thanks !
13:25 cdavid when I build my installer, the salt python package is in the library.zip instead of being side by side w/ the frozen code as pyc, and my installer produces a non working salt because of that
13:25 darxmurf I just had to quote the {{ ... }}
13:26 darxmurf "{{ ... }}" else it returns an error, the value contains spaces
13:31 elfixit joined #salt
13:35 OnTheRock joined #salt
13:36 ekristen joined #salt
13:37 ponpanderer joined #salt
13:40 kitp joined #salt
13:42 yomilk joined #salt
13:49 xf10e joined #salt
13:51 goudale joined #salt
13:57 phx anyone has an idea on how to get information out of salt-cloud (softlayer provider), such as mac address, interface names, disk names/sizes for machines?
14:00 jeremyr joined #salt
14:02 hkais joined #salt
14:02 bhosmer joined #salt
14:07 cpowell joined #salt
14:08 racooper joined #salt
14:11 nkuttler phx: sounds more like grains level to me. iirc the best you get from salt-cloud are generic profile info, e.g. what kind of cpu to expect etc
14:12 nkuttler yeah, the --list-foo stuff
14:13 luminous phx: salt-mine could also be sensible for some stuff
14:14 luminous phx: salt-cloud should be able to give you json/etc dumps though too, if you wanted to go that route (where you have some other tool process that info)
14:14 phx luminous, well, it's the other way around
14:14 phx salt is not yet installed on the machines
14:15 ajmccluskey joined #salt
14:15 darxmurf if there a way in the top.sls file to match for example all the machines with the name workstation[1..45] EXCEPT workstation33 ?
14:15 phx and to add sufficient data for dhcp-like services into my inventory DB, i need some of those data
14:15 darxmurf or I should match workstation* and then in my other sls files check the hostname
14:15 phx luminous, currently I'm harvesting data from the saltstack, adding currently existing machines into the DB, and currently just adding salt to some PoC machines
14:16 ndrei joined #salt
14:22 whatevsz joined #salt
14:24 anotherZero joined #salt
14:24 hannes_ joined #salt
14:24 anotherZero joined #salt
14:24 nitti joined #salt
14:28 whatevsz joined #salt
14:30 whatevsz joined #salt
14:35 murrdoc joined #salt
14:36 arno joined #salt
14:37 dude051 joined #salt
14:39 ThomasJ darxmurf: workstation* and not workstation33. Compound matching http://docs.saltstack.com/en/latest/topics/targeting/compound.html
14:40 ThomasJ Or you could setup nodegroups containing all workstations but 33
14:40 TyrfingMjolnir joined #salt
14:40 ThomasJ And match against that
14:40 perfectsine joined #salt
14:41 miqui_ joined #salt
14:43 analogbyte joined #salt
14:43 jeffspeff joined #salt
14:44 thawes joined #salt
14:47 whatevsz joined #salt
14:47 whatevsz joined #salt
14:50 yomilk joined #salt
14:52 kaptk2 joined #salt
14:55 rome_390 joined #salt
15:03 andrew_v joined #salt
15:03 housl joined #salt
15:03 whatevsz joined #salt
15:04 whatevsz joined #salt
15:04 twellspring joined #salt
15:05 cberndt joined #salt
15:05 _JZ_ joined #salt
15:06 whatevsz joined #salt
15:08 twellspring joined #salt
15:09 martoss joined #salt
15:14 otter768 joined #salt
15:21 Hybrid2 joined #salt
15:21 cobakobodob joined #salt
15:22 mikaelhm joined #salt
15:23 nitti joined #salt
15:29 asdf___ joined #salt
15:34 ninkotech joined #salt
15:34 JDog I'm trying to add the mysql formula. I've added the /srv/formalas directory  tothe file_roots tag, restarted the salt-master, but when trying to include mysql in an SLS file I get that the "Specified SLS mysql in saltenv base is not available on the salt master".  gist here -- if anyone has any ideas I'd love to know https://gist.github.com/jontyneedham/00f61499f5ce10c68ade
15:35 iggy JDog: where is the mysql formula?
15:35 JDog iggy: /salt/formulas
15:35 iggy or I guess I should say, output of "find /srv/formulas"
15:36 JDog Sorry,yes /srv/formulas
15:36 iggy run that command, paste the output
15:38 iggy protip: when you paste config files, use "grep -v -e ^# -e ^$ /etc/salt/master"
15:38 nitti joined #salt
15:39 darxmurf thanks all, see you tomorrow !
15:39 JDog Good point.
15:40 JDog iggy: find shows all the /srv/formulas/mysql-formula/ files
15:40 iggy that would be your problem
15:40 pdayton joined #salt
15:40 tux_ joined #salt
15:40 iggy if /srv/formulas is in file_roots, everything is relative to that (i.e. it's not going to magically look in mysql-formula for the mysql states
15:42 tux_ hello, im new to salt, at the moment im messing around with salt-cloud. im wondering where those "images" are coming from for my vmware vsphere??? plz can anyone help me
15:43 JDog iggy: gist updated.
15:44 iggy tux_: I don't know specifically about vmware, but most cloud providers expect the images to exist already
15:44 JDog iggy: the docs (6.22) seem to indicate that. What should be included in file roots to get all the formulae?
15:44 iggy JDog: you'd have to include each formula manually
15:45 tux_ yeah exactly thats the problem... i have a vmware esx vsphere... clean setup no vms... so where do i get those images from?
15:45 iggy so file_roots:base would include /srv/formulas/mysql-formula
15:45 iggy tux_: make them?
15:45 cheus joined #salt
15:45 tux_ any idea how?
15:46 tux_ im really new to virtualization and configuration management
15:46 iggy no, might try asking on the -users list
15:50 Sacro Is anyone else having issues with the LocalClient timeout? I've got it set to 5 but it's just hanging
16:02 paulm- Is there a way to update a system's hostname?
16:06 zadock joined #salt
16:07 Sacro paulm-: yes
16:08 stevednd when using an ext pillar like the mysql how do you store the hash data? Do you put it in the db as yaml, json, something else?
16:08 higgs001 joined #salt
16:09 conan_the_destro joined #salt
16:10 tux_ any idea how to host or make a vmware image to use by salt-cloud
16:10 tux_ ??
16:13 paulm- Sacro: I mean, is there a state module for that specifically or do I have to craft a solution myself using more general purpose modules?
16:14 hasues joined #salt
16:15 Sacro paulm-: http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.network.html
16:15 felskrone joined #salt
16:16 hasues left #salt
16:17 paulm- Sacro: a state module
16:18 N-Mi_ joined #salt
16:18 N-Mi_ joined #salt
16:18 paulm- Sacro: I tried this: https://gist.github.com/0xPaul/34089ff3620739459a65 but it errors
16:18 Ozack joined #salt
16:20 murrdoc try salt['grains.get']('id')
16:20 murrdoc instead of grains.id
16:20 jalbretsen joined #salt
16:22 paulm- grains.id is fine, it complains about a bool instead of a string
16:23 peters-tx joined #salt
16:23 jimklo joined #salt
16:24 jimklo joined #salt
16:24 murrdoc aight
16:28 conan_the_destro joined #salt
16:29 bhosmer_ joined #salt
16:29 forrest joined #salt
16:31 stevednd whiteinge: you in here? This might be faster than through the github issue
16:32 murrdoc i dont think it matters how you store it, the pillar needs to return a dict, is all
16:33 ndrei joined #salt
16:33 stevednd I'm surprised there's no postgres or sqlite ext pillars
16:33 I3olle_ joined #salt
16:34 murrdoc yeah, i am surprised they are looking at mariadb instead of postgres for the puppetdb equivalent
16:38 RedundancyD joined #salt
16:38 linjan joined #salt
16:38 kzx anyone uses halite (the Web gui)? and if so what do you use it for?
16:38 yomilk joined #salt
16:41 elfixit joined #salt
16:41 seanz joined #salt
16:44 TheRealBill left #salt
16:45 jalbretsen1 joined #salt
16:50 tligda joined #salt
16:51 smcquay joined #salt
16:52 snave joined #salt
16:56 __ale__ joined #salt
16:56 mpanetta joined #salt
16:57 mpanetta joined #salt
16:57 repl1cant joined #salt
16:58 jngd joined #salt
16:59 TheoSLC joined #salt
16:59 TheoSLC Good morning
17:00 StDiluted joined #salt
17:00 TheoSLC I just noticed that salt is not part of the standard fedora repo. (fedora 21)  very cool
17:00 TheoSLC not = now **
17:00 eykd joined #salt
17:01 murrdoc sweeet
17:01 bhosmer_ joined #salt
17:02 eykd Does anyone here have experience w/ the postgres_ states and Amazon RDS?
17:03 eykd Salt seems to be expecting to run psql commands as a postgres superuser.
17:05 elfixit joined #salt
17:06 rome_390 joined #salt
17:07 KyleG joined #salt
17:07 KyleG joined #salt
17:10 schlueter joined #salt
17:10 TheoSLC eykd: it may only work for a local postgres db
17:11 eykd Maybe so. :) It seems to have created the user and database I want, but it throws errors on every run.
17:12 eykd OK, well, I’ll call the retreat then. Thanks.
17:14 pdayton joined #salt
17:14 iggy kzx: not to rain on anyone's parade (and I am not a dev), but I wouldn't expect halite to receive much further development work... SaltStack Enterprise has their own web ui that I think will take up most of the development time
17:15 otter768 joined #salt
17:16 iggy kzx: there's saltpad that looks interesting and I believe there are a few others working on web ui's
17:16 baptistes joined #salt
17:17 baptistes hi, is there a way to patch file with a jinja-templated patch?
17:17 thedodd joined #salt
17:18 kzx iggy: alright, thanks for answering, will take a look at saltpad
17:18 delinquentme joined #salt
17:19 iggy kzx: and if it's not an immediate need, keep your eyes peeled around saltconf time
17:21 alexr___ joined #salt
17:21 kzx iggy: will do, was just trying to make salt a bit easier to use and monitor for someone unfamiliar with it
17:26 jimklo joined #salt
17:31 jimklo joined #salt
17:32 stephas joined #salt
17:32 mgw joined #salt
17:33 aparsons joined #salt
17:33 rome_390 joined #salt
17:34 joehoyle joined #salt
17:34 __number5__ joined #salt
17:35 joehoyle hey, I'm having issues with my minions not "hearing" anythign from the master - the minion can reach the master fine with salt-call commands, however doing anything like test.ping from the master doesn't ever return anything
17:36 eliasp joehoyle: anything suspicious in the master and/or minion logs with "-l debug"?
17:37 thawes joined #salt
17:37 joehoyle eliasp: running debug mode on both sides, and just silence from the minion, master essentials says "waiting for response... nothing", minion doens't record any activity really
17:37 eliasp joehoyle: meh ;-/
17:37 eliasp joehoyle: what versions on both sides?
17:38 joehoyle eliasp: 2014.7.0 (Helium) on both
17:39 joehoyle ah, might have foudn the issue
17:39 rojem joined #salt
17:42 alexr joined #salt
17:43 kortz joined #salt
17:44 joehoyle turns out ... long story short... I had the wrong master
17:44 alexr___ joined #salt
17:45 jimklo joined #salt
17:45 jimklo joined #salt
17:47 eliasp hehe
17:48 shaggy_surfer joined #salt
17:48 wendall911 joined #salt
17:49 pjota joined #salt
17:49 desposo joined #salt
17:50 thedodd joined #salt
17:50 monkey661 joined #salt
17:56 mattbarto joined #salt
17:57 murrdoc ah
18:01 murrdoc looking at the changes people like whiteinge and nmadhok are making in saltstack-formulas
18:01 murrdoc this is bad pillar['mysql'][pillar['services']['cinder']['db_name']]['username']
18:02 murrdoc this is good salt('pillar..get')['mysql:pillar:services:cinder:db_name:username', '')
18:02 iggy ^
18:02 murrdoc i like it
18:02 iggy whoever did that first one gets a junk punch at saltconf
18:02 murrdoc HAHAH
18:03 murrdoc hey, its still not 'recommended' on the best practices place
18:03 murrdoc i d use config.get, but it puts grains before pillars
18:03 iggy PR
18:03 murrdoc how do u PR a documentation change
18:03 murrdoc is that in a repo 0_0
18:04 iggy I've been meaning to bring up config.get on the formulas list
18:04 iggy afaik, all docs are _somewhere_ in the code
18:04 iggy or somewhere in saltstack/salt I should say
18:04 murrdoc but the best practices page .. i didnt think that was in code
18:10 nitti joined #salt
18:10 Mso150 joined #salt
18:11 forrest murrdoc: What's the issue with the best practices stuff for pillar?
18:11 hebz0rl_ joined #salt
18:11 murrdoc no issue
18:11 murrdoc i prefer salt('pillar..get')['mysql:pillar:services:cinder:db_name:username', '') to pillar['']
18:11 murrdoc and now i am seeing the same in the saltstack-formulas
18:11 iggy it's not just a preference
18:11 murrdoc but its not documented on the best practices page
18:11 murrdoc yeah i like it cos it doesnt die on keyerrors too
18:12 forrest murrdoc: Also if you want: https://github.com/saltstack/salt/blob/develop/doc/topics/best_practices.rst
18:12 iggy pillar['mysql'][pillar['services']['cinder']['db_name']]['username'] has at least 6 places it could fail
18:12 murrdoc fork and pull
18:12 forrest Yeah I'm still confused, what's the issue?
18:12 ajw0100 joined #salt
18:12 murrdoc no need for an issue to be created right ?
18:12 forrest the pillar..get?
18:12 forrest murrdoc: If you're just going to fix it right now, nope. Just fork, and make the PR.
18:13 murrdoc yeah forrest for people new to salt
18:13 murrdoc it would be better for them to start using salt('pillar.get') and grains.get
18:13 murrdoc instead of pillar[] grains[]
18:13 murrdoc imho
18:13 forrest Where is pillar.get not used in the best practices?
18:13 jimklo joined #salt
18:14 iggy it's just not explicitly stated that you should use it over dict lookup
18:14 murrdoc what iggy said
18:14 forrest ahh okay, yeah I didn't think to add that when I wrote the doc initially. That would be good to have.
18:14 murrdoc so defensive
18:14 murrdoc #hugops !
18:15 forrest ? I'm not defensive at all, always a fan of improving the docs.
18:15 forrest I was just confused on what you guys were talking about since all the examples use pillar.get :P
18:15 murrdoc the other thing to add to the page is
18:16 murrdoc use file.absent: -name instead of file: - absent -name:
18:16 forrest murrdoc: Yes all of those should be updated if they haven't already
18:16 murrdoc i have no clue how this should be documented tho
18:16 murrdoc i would do it as a table
18:16 iggy I think most of the formulas got updated
18:17 murrdoc https://github.com/saltstack-formulas/collectd-formula/commit/6b19a3380db0323aa0b0cca8d6281e108d62f2ae
18:17 murrdoc example
18:17 forrest iggy: Almost all of them were updated by nmadhok and whiteinge
18:17 nitti joined #salt
18:17 iggy I did the aptly formula :p
18:17 forrest Yep
18:17 forrest And someone already took care of the best practices if it wasn't done already from what I see.
18:17 iggy I did the postgres one too, but I think someone beat me to the commit
18:18 paulm- joined #salt
18:19 paulm-- joined #salt
18:20 shaggy_surfer joined #salt
18:21 spookah joined #salt
18:22 forrest Wasn't there a way to run just one part of a salt state if you want?
18:22 forrest just one ID within a state? I can't remember
18:23 murrdoc state.id
18:23 paulm- joined #salt
18:24 colonD joined #salt
18:27 rap424 joined #salt
18:27 forrest thanks murrdoc
18:27 yomilk joined #salt
18:29 jimklo joined #salt
18:30 Ryan_Lane joined #salt
18:30 Kelsar Hi, got a problem with salt-api and ssl. I can start it with ssl disabled and do a http request jsut fine. With SSL it provides me the cert (selfsigned and an 'official' tested) but won't return any data. cherrypy as netmodule
18:31 whiteinge Kelsar: there's a version incompatibility somewhere. we haven't been able to determine exactly where. what I do know is downgrading cherrypy to 3.2.x will solve that SSL issue
18:33 Kelsar whiteinge: uhh, got inly 3.1.2 in the tree and that errors with cannot import name cpstats
18:33 Kelsar was 3.3.0 before
18:33 ajw0100 joined #salt
18:34 Kelsar will i have more success with tornado?
18:35 cberndt joined #salt
18:35 Kelsar yes, can live with that
18:40 nitti_ joined #salt
18:40 tomh- joined #salt
18:46 Yee joined #salt
18:48 murrdoc joined #salt
18:48 nitti joined #salt
18:49 whiteinge Kelsar: sorry, pulled afk. tornado may be an easier option, yes. how are you installing cherrypy? system packages or pip?
18:49 schlueter joined #salt
18:51 schlueter1 joined #salt
18:51 thedodd joined #salt
18:53 Ksystem joined #salt
18:57 chaffee joined #salt
18:59 Kelsar whiteinge: system package
18:59 * whiteinge nods
18:59 Kelsar whiteinge: i try to try saltpad
18:59 whiteinge harder to grab just the right version that way
18:59 whiteinge oh, cool. saldpad looks awesome :)
19:00 alexr joined #salt
19:00 Kelsar whiteinge: it don't likes me ^^
19:01 whiteinge this SSL problem is a PITA. it's been tough to track down so far :-(
19:01 cpowell joined #salt
19:01 Kelsar https://gist.github.com/3941e9132371f6a16085
19:02 forrest whiteinge: So it's SSL then? :P
19:02 whiteinge Kelsar: oh, that's interesting. not what I expected. are you using flask?
19:03 mordonez joined #salt
19:03 dirico joined #salt
19:04 whiteinge forrest: cherrypy greater than 3.2.x has a problem with some SSL certs. i have not had real time to devote to researching it. after a couple hours of looking I'm still not sure if it's a cherrypy bug or an openssl bug. super frustrating.
19:05 forrest whiteinge: Oh yeah, I was just saying that usually stuff relating to SSL is frustrating and annoying to troubleshoot.
19:05 whiteinge i'm not even sure which certs it has trouble with. self-signed seem to be more problematic
19:05 whiteinge ha. oh, yeah :)
19:05 Kelsar whiteinge: not me, saltpad is
19:06 whiteinge ah, right
19:06 Kelsar whiteinge: atleast the ssl handshake finishes successfull
19:06 blasengam joined #salt
19:06 whiteinge Kelsar: what's the result of  curl -sSik https://your-salt-api-url:8000  ?
19:07 whiteinge (make sure to keep the https there)
19:07 Kelsar whiteinge: mail.py-ro.de:8000 try it ;)
19:07 * whiteinge hacks Kelsar ^_^
19:07 whiteinge ah, tornado server.
19:07 Kelsar whiteinge: oh, yes ^^
19:08 whiteinge i do not know if saltpad has been tested with the tornado netapi module. it is mostly compatible with the rest_cherrypy netapi module
19:09 strande joined #salt
19:09 Kelsar well, now i don't get the stack, but it is just not happen anything ^^
19:09 whiteinge maybe there's a diff that saltpad requires or maybe it's something else entirely :-P
19:10 shaggy_surfer joined #salt
19:10 Kelsar my minions only respond, if they like...or i ask them twice...
19:12 whiteinge do you see that same behavior with regular salt at the CLI?
19:12 goel joined #salt
19:12 Kelsar whiteinge: yes, only there, saltpad won't run atm
19:12 Kelsar worst one is the master itself
19:13 theologian joined #salt
19:15 mikaelhm joined #salt
19:16 whiteinge Kelsar: i see. i'd definitely suggest fixing that first.
19:16 otter768 joined #salt
19:16 whiteinge sorry, running afk again. bbl
19:17 gnagey joined #salt
19:17 alexr joined #salt
19:19 nitti joined #salt
19:20 dowse joined #salt
19:22 JordanTesting joined #salt
19:24 orr joined #salt
19:27 grinnell joined #salt
19:29 baumgarte joined #salt
19:33 imbrock joined #salt
19:36 roker joined #salt
19:37 rojem joined #salt
19:38 hkais joined #salt
19:39 bhosmer__ joined #salt
19:40 marines joined #salt
19:41 murrdoc is there an equivalent http://docs.ansible.com/playbooks_variables.html#
19:44 allbee joined #salt
19:44 babilen {% set foo = 'bar' %}
19:45 murrdoc {% set cinder_db_name = salt['pillar.get']('services:cinder:db_name') -%}
19:45 murrdoc {% set cinder_db_user = salt['pillar.get']('mysql:{{ cinder_db_name }}:username') -%}
19:46 babilen The second example is not valif
19:46 babilen *valid
19:46 murrdoc oh
19:46 murrdoc whats the valid way
19:46 babilen Use |format or ~ for string concat
19:46 murrdoc thats how the data is structured
19:48 eadens joined #salt
19:48 iggy ('mysql:{}:username'.format(cinder_db_name))
19:50 hawking joined #salt
19:50 scarcry joined #salt
19:52 murrdoc (['mysql', cinder_db_name, 'username'].join(':'))
19:54 tervo joined #salt
19:54 johtso joined #salt
19:55 eykd joined #salt
19:56 filpus joined #salt
19:58 eykd I have a load script behind a cmd.wait that’s presently triggered when a watched git repository changes. What’s the best way to set that up so I can optionally trigger it manually, independently of the git repo (but otherwise only trigger it when the repo changes)?
19:59 eykd I asked the question a while back on SO but the more I think about it, the less clear that answer is to me: http://stackoverflow.com/questions/26683420/how-can-i-manually-trigger-cmd-wait-scripts-in-salt
19:59 lauridsen joined #salt
20:00 forrest eykd: Are you trying to trigger it as part of a state run, or manually?
20:01 eykd forrest: Both, if possible. :) For instance, say I’m running my highstate, and the git repo updates, but some other dependency of the load script fails. Once I get that dependency working again, the load script won’t run now because the repo already tripped.
20:02 forrest So I'd start by addressing that using require_in: for those other itesm
20:02 forrest *items.
20:02 forrest eykd: That way you can ensure that scenario never happens
20:03 forrest because you never technically want your repo to get downloaded if the other scripts fail right?
20:03 eykd Hm, so in the git repo state, require_in the load script?
20:03 s0undt3ch_ joined #salt
20:03 quickdry21 joined #salt
20:03 rumery joined #salt
20:03 forrest eykd: is it all handled in this one state you linked?
20:04 eykd forrest: that’s pseudocode. The real thing is in modular states.
20:05 mpanetta_ joined #salt
20:05 eykd forrest: The tricky thing is, I’m using cmd.wait to run the load script, and I really don’t want the script to run unless the repo changes, or I trigger it manually.
20:06 eykd forrest: I suppose I could have anything that might fail require_in the git repo, but that seems excessive. Maybe it’s not?
20:07 forrest eykd: Well, why not just break out the loading portion? Or have you done that already
20:08 forrest Also, you have both onlyif, and unless options available for cmd.wait: http://docs.saltstack.com/en/latest/ref/states/all/salt.states.cmd.html#salt.states.cmd.wait
20:08 eykd forrest: Hm, I think I see a way through. The syncdb state is a pretty good canary. I could require_in the git repos from there, so they don’t update if something else up the line fails.
20:09 forrest eykd: require the syncdb stuff in the git repos?
20:09 karvis joined #salt
20:09 eykd forrest: Referring back to the pseudostates in http://stackoverflow.com/questions/26683420/how-can-i-manually-trigger-cmd-wait-scripts-in-salt
20:10 eykd forrest: I need to read up on onlyif and unless too.
20:10 forrest let me gist something real quick, hang on
20:11 forrest eykd: https://gist.github.com/gravyboat/7c9e378f002d38a007b5
20:12 ducos joined #salt
20:12 forrest So there I've only added one line, but it's creating a dependency chain throughout the entire thing, without that require, while the git checkout tries to run first, if it fails, the syncdb will still try to run
20:13 martoss joined #salt
20:13 eykd forrest: I was thinking running the dependency the other way around (require_in at line 14), since syncdb is most likely to fail. But I see what you’re getting at, I think.
20:13 forrest eykd: well, if you do that, then syncdb will be required to run before
20:14 chiui joined #salt
20:14 TyrfingMjolnir joined #salt
20:14 eykd Yes, and that is annoying, and probably makes things take longer, but I think it would solve my problem.
20:15 forrest okay, I thought that would cause a dependency fail thinking you needed the git repo prior to running that, my bad.
20:16 yomilk joined #salt
20:16 dfinn joined #salt
20:17 rabon joined #salt
20:18 eykd forrest: Not a problem. Thanks for helping me think that through.
20:18 Mso150 joined #salt
20:20 eykd There isn’t any sort of noop state, is there? I guess I could do `cmd.run: - name: true`
20:20 forrest eykd: Yeah of course, you should check out using unless for that syncdb cmd.run as well. If it's super slow and there is a check you can do to not run it, that should be quick.
20:20 forrest eykd: Uhh you could use http://docs.saltstack.com/en/latest/ref/states/all/salt.states.test.html
20:21 eykd Nice. Thanks.
20:23 rome_390 joined #salt
20:23 forrest eykd: yeah of course.
20:27 schlueter joined #salt
20:27 mpanetta joined #salt
20:30 eykd forrest: Here’s what I came up with: https://dpaste.de/aKRT
20:30 eykd It looks silly in one file, but when things are spread across various modules, I think it helps.
20:31 eykd Specifically, https://dpaste.de/aKRT#L14,15,16,17,18,19
20:31 nitti joined #salt
20:31 forrest eykd: Interesting, do you feel that works around things better than having a require for the sync_db and using unless?
20:32 TheThing joined #salt
20:32 eykd In actual fact, I have a bunch of these data repos and load scripts. :) I wanted to keep the dependency with the load script state.
20:33 Yee joined #salt
20:33 forrest That makes sense then
20:35 forrest You could always break syncdb into it's own file as well, then do the git checkout (requiring the syncdb to succeed), and continuing the deps chain down the list for the associated scripts.
20:36 eykd I could, but my data repos are higher up in the dependency tree and will be used by more than one app, so I don’t want them to know about syncdb.
20:36 thawes joined #salt
20:38 meylor joined #salt
20:39 meylor I have a user created, but salt complains that "Comment: User myuser is not available". thoughts?
20:39 iggy basepi: (re: finding duplicate), I think some other pkg virtuals support that kind of version specification, so it might have been one of those
20:41 iggy meylor: sounds like something you'd see when running with test=True
20:44 meylor iggy: from within the state itself (different than passing -v —log-level debug)?
20:44 meylor nvm http://docs.saltstack.com/en/latest/ref/states/testing.html
20:46 meylor iggy: so that doesn't give me any additional info. continuing to poke around
20:47 berserk joined #salt
20:50 iggy meylor: what I Was saying is that is a warning/error you get often when using state.highstate test=True
20:50 nitti joined #salt
20:54 meylor iggy: I was running salt '*server-1*' state.highstate; salt says (and the user is) present. But when I try to set recursive permissions on a directory it says "User myuser is not available". The same operation works with a different user/directory (same code, different user)
20:56 iggy start pasting code
20:57 whiteinge eykd: if you're on 2014.7 i would suggest using the new `onchanges` requisite with `cmd.run` instead of using `cmd.wait`.
20:57 eykd whiteinge: Oh?
20:58 whiteinge eykd: that would allow you to write your cmd state in a way that you could run it manually whenever with, say, `state.sls_id`, and it would also allow you to optionally run it when your other state changes by using the `onchanges_in` requisite
20:59 asyncsrc joined #salt
20:59 martoss joined #salt
20:59 eykd whiteinge: Oh!
20:59 eykd That’s brilliant!
21:00 ingwaem joined #salt
21:00 whiteinge if I had to make a guess, i'll bet we'll start to deprecate and remove the *.wait functions in favor of onchanges. it's easier to use and reason about...and it does the same thing.
21:00 meylor iggy: I moved it further up within my .sls and it worked; maybe because another process was using the user. will investigate and post answer
21:01 whiteinge deprecate and remove over many releases, of course. :-)
21:02 eykd whiteinge: So if I use cmd.run w/ `onchanges: - git: myrepo`, in a state.highstate it will only run if the repo changes, but in a state.sls_id it will run regardless?
21:03 eykd Does it work w/ state.sls as well?
21:03 jimklo joined #salt
21:06 martoss joined #salt
21:06 whiteinge eykd: actually, good question. i would have to try with `state.sls_id` to make sure the `onchanges_in` on the git state didn't bleed over -- but it shouldn't. it'll definitely work if both states are in separate sls files with `state.sls`
21:07 eykd whiteinge: Cool, thanks. All kinds of goodies in 2014.7.0. :)
21:08 whiteinge :-)
21:09 stevednd whiteinge: so I was trying to workaround the grains load order
21:09 stevednd and __grains__ does exist, however it doesn't appear to have the custom grains loaded into it
21:10 stevednd actually I don't think it has any grains loaded into it
21:11 whiteinge stevednd: you're calling this from a custom grain that you're writing, correct? i'm not sure on the ordering for when custom grains modules are loaded and executed. I wouldn't be surprised if it goes in lexographical order
21:12 stevednd is there some other place it would be accessible? The only other option I can come up with is that I have to manually load/parse /etc/salt/grains myself
21:12 stevednd whiteinge: yes, that's correct
21:13 twellspring joined #salt
21:13 stevednd __grains__exists, but it's empty. I really think it makes no sense that a custom grain would override a manually set grain on a machine
21:14 nitti joined #salt
21:14 stevednd there's no top file concept for custom grains where only some minions would get them is there?
21:14 Mso150 joined #salt
21:17 stevednd whiteinge: is the grains file format json, or a python dict? If it's the latter is there code somewhere in salt that I can load to parse it automatically?
21:17 otter768 joined #salt
21:17 whiteinge stevednd: no top-file for grains. i'm surprised that __grains__ is empty. the core grains should already be loaded before custom grains modules are executed.
21:18 msheiny joined #salt
21:19 whiteinge the way salt starts up is it loads the minion config file (as __opts__) and you can put custom grains in there, it then uses __opts__ to run all the core grains modules, then it uses __opts__ to run all the custom grains modules. in each step it's merging dictionaries together, thus the overwrite.
21:19 whiteinge grains modules return a python dictionary
21:20 whiteinge stevednd: is your custom grain in /srv/salt/_grains ?
21:21 TheoSLC joined #salt
21:21 stevednd whiteinge: yes, that's exactly where it is. it gets sent to the minions. it does what it's supposed to do now. The issue I'm facing at this point is that I need grains set in /etc/salt/grains to win if they're present
21:21 msheiny ive tried to hide output from the cmd.run state to no avail. anyone know of any caveats ? here is the issue i opened with a little more detail https://github.com/saltstack/salt/issues/19479
21:26 eykd whiteinge: Hm, with both state.sls and state.sls_id I’m getting this result for my load script state w/ onchanges: `Comment: State was not run because onchanges req did not change`
21:26 stbenjam joined #salt
21:27 eykd I’m fine with that for now, since rejiggering the dependencies is a 9/10 solution, and I won’t have the need to trigger things manually as often.
21:28 whiteinge stevednd: if you need the hard-coded grains to win, then you'll need to code that up in your custom grains module. e.g., ``if 'thing' not in __grains__: __grains__['thing'] = 'otherthing'``
21:28 whiteinge eykd: pastebin?
21:29 stevednd whiteinge: right, except the whole part where __grains__ is empty in my custom grain. do I have to do something to make sure it's populated?
21:30 whiteinge stevednd: no, the core grains should be there. if you can pastebin i can check it here
21:34 basepi iggy: thanks.
21:34 eykd whiteinge: https://dpaste.de/pj4t it’s pulling in the all requirements, kinda like I would expect, so it makes sense.
21:34 stevednd whiteinge: https://gist.github.com/dnd/f96853b6837331113929
21:36 perfectsine joined #salt
21:36 murrdoc joined #salt
21:36 eykd whiteinge: I think I would need to put my load script in a separate state file w/o any requirements, and require *that* state from another no-op “relational” state within my larger highstate.
21:37 stevednd whiteinge: I also included the versions report from the minion
21:37 eykd In fact, I might just do that.
21:37 anybroad_ joined #salt
21:37 whiteinge looking...
21:38 eykd stevednd: Between us we’re keeping whiteinge busy. :)
21:38 whiteinge this is seriously cutting into my post-lunch nap time!
21:38 dfinn1 joined #salt
21:40 whiteinge eykd: so you want to be able to run `load-esvsbxml-notes` manually, correct? where does the `notes-indexer` state fit in? give me the desired execution order from top to bottom?
21:40 eykd syncdb runs -> git repo updates -> load-esvsbxml-notes loads data -> notes-indexer indexes data
21:41 eykd And yes, I want to pick the load script out and run it by itself from time to time.
21:41 eykd I think I see the way through now, though.
21:41 TheoSLC joined #salt
21:42 dfinn joined #salt
21:46 whiteinge stevednd: i can reproduce the empty grains. investigating...
21:46 stevednd sweet, I don't completely suck at programming!
21:47 whiteinge hehe
21:47 badon joined #salt
21:48 rojem my fqdn grain on my minion isn't matching with the new hostname i provided.  it's set to the old setting before i changed the name.  the minion_id didn't change.   is there something I need to flush to get it to recognize the new name?
21:48 rojem minion is on centos 6.6
21:49 twellspring joined #salt
21:49 whiteinge eykd: gotcha. for that, remove both onchanges requisites from `load-esvsbxml-notes`. add an onchanges_in for `load-esvsbxml-notes` directly on your git state. then add a regular `onchanges`  for `load-esvsbxml-notes` directly on your `notes-indexer` state.
21:50 schlueter joined #salt
21:50 whiteinge that should free up `load-esvsbxml-notes` for stand-alone execution and otherwise execute in order
21:50 hal58th1 joined #salt
21:50 eykd whiteinge: Yeah, that’s more or less where I’m headed, though in a more indirect route. :)
21:50 eykd Er, my route is more indirect.
21:51 martoss joined #salt
21:53 yomilk joined #salt
21:55 cberndt joined #salt
21:55 rojem ahhhh, dns resolution......
21:56 Singularo joined #salt
21:57 kzx opening salt-master's 2 ports to the internet, how bad is it security-wise  from  [1](nothing to worry about) to [10](worse idea ever)
21:58 * robawt highfives whiteinge
21:59 jimklo joined #salt
21:59 __number5__ kzx: 10
21:59 * whiteinge returns robawt's high-five dragonball-z style causing a huge explosion
22:00 robawt majestic
22:01 whiteinge kzx: it's encrypted traffic but like any service you expose to the internet, you'll have the regular due diligence staying on top of security announcements and the mailing list. if your master is compromised that is Keys to the Kingdom.
22:01 kzx __number5__: why is that? i thought it uses encryption? i can see salt-master being DoSed with bogus minion authorization requests though...
22:02 rome_390 joined #salt
22:02 badon_ joined #salt
22:03 fishdust joined #salt
22:03 robawt kzx: it's healthy to consider all code may have the possibility of a security vulnerability in the course of providing its regular job
22:03 __number5__ kzx: see whiteinge's comment. also zeromq is not designed to be open to the public
22:04 whiteinge in general, i'd suggest using a hardened bastion server as an intermediary or possibly the REST API with limited access controls. if your salt master is compromised, the rest of your infrastructure will be too -- but at the blazing speed of 0mq.  :-)
22:04 kzx whiteinge, __number5__, robawt: the use case is as follows, we are shipping a box to a customer but plan on updating it ourselves, this box will be behind a NAT so we can't connect to it, I am thinking of setting up a salt-master VM on Amazon and installing salt-minion on the client's box, the master box will server as a meeting point we'd put package updates and a few things there and then update customer's
22:04 robawt firewall to only allow the customer host
22:05 robawt </end>
22:05 mosen joined #salt
22:05 kzx kzx: currently I handle this with an ssh script that sets up a reverse tunnel with this middle-man box
22:05 __number5__ kzx, use vpn between your master and his minions
22:06 kzx robawt: I might only know customer's ISP general block
22:06 aurynn how do I refresh the states on my minions without going into a highstate?
22:06 robawt __number5__++ vpn
22:07 kzx __number5__: i like the vpn idea (openvpn?) too
22:07 iggy aurynn: saltutil.sync_states
22:07 aurynn iggy, ta
22:07 iggy or sync_all
22:09 alanpearce joined #salt
22:09 __number5__ kzx: openvpn or maybe AWS vpc vpn http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_VPN.html
22:09 hkais joined #salt
22:10 ajw0100 joined #salt
22:11 kzx __number5__: thanks for the suggestion, looking at VPN_VPC...
22:13 hkais1 joined #salt
22:13 __number5__ no worries
22:13 jimklo joined #salt
22:16 whiteinge stevednd: think i see the problem. looks like a bug. still digging.
22:17 whiteinge stevednd: either way, to get you un-blocked for right now, i'd suggest going with your suggestion of just doing a manual yaml.safe_load() on /etc/salt/grains
22:26 alanpearce_ joined #salt
22:29 nitti joined #salt
22:30 nitti joined #salt
22:34 TheoSLC joined #salt
22:34 Ahlee when do ext_pillars get "reloaded" ?
22:35 Ahlee I just updated one to add a log.debug("test"), but that's not making it in. I know restarting hte master will work, but restarting the master is painful
22:35 Ahlee hrm.  I wonder if it's loop_interval
22:35 jimklo joined #salt
22:35 jimklo joined #salt
22:37 Ahlee nevermind, I'm dumb.  The function wasn't being called, thus no log statement, heh
22:38 sporkd2 joined #salt
22:40 sporkd2 Hey guys, I'm running into an issue where I am trying to use mysql states on the initial highstate of a new box. The highstate places a minion config in minion.d/ and then we restart the minion. However the states fail to use the creds in the minion.d/ file for that highstate run. If we immediately issue another highstate the mysql states work as expected..
22:41 sporkd2 any ideas? google has been no help
22:42 __number5__ sporkd2: how do you restart the minion?
22:42 viq joined #salt
22:42 sporkd2 service.running
22:42 sporkd2 we get a True from the highstate
22:43 amustafa joined #salt
22:44 eightyeight what's the correct way to overwrite 'PasswordAuthentication' in sshd_config(5)?
22:44 __number5__ you can't do that for minion,  try some delay trick like AT
22:45 __number5__ sporkd2: ^^
22:45 sporkd2 then why does it work on the next run of highstate?
22:45 sporkd2 module.run: works correctly also on the first run, only the states do not
22:47 bernice joined #salt
22:48 __number5__ I mean you can't restart the minion using service.running, the rest of highstate will run on old config
22:49 smcquay joined #salt
22:50 eightyeight is file.replace the correct thing to do?
22:50 iggy sporkd2: put the mysql config in pillar
22:52 sporkd2 the database connection information?
22:52 iggy yeah
22:55 sporkd2 and then render a template for the minion config?
22:56 smcquay joined #salt
22:56 sporkd2 or just use the pillars in the states?
22:57 __number5__ just use pillars in the states probably better idea
22:57 sporkd2 why better idea? just curious
22:57 sporkd2 and what sense does it make the modules can read out of that file but states cannot?
22:57 __number5__ better not to put things often changes into minion config
22:58 mgw in a multi master config, do both masters get job return events?
22:58 __number5__ sporkd2: all config is cached when the minion started, it won't read it again in the middle
22:59 sporkd2 __number5__: except for modules?
23:00 perfectsine joined #salt
23:02 __number5__ sporkd2: can you paste your code/sls to some pastebin, this discussion can't go anywhere without the code
23:02 sporkd2 i'll file an official bug, thanks
23:04 hkais1 left #salt
23:05 bhosmer__ joined #salt
23:07 stevednd whiteinge: doesn't look like yaml. is it json, or python dict?  {environment: dev, location: newark, provider: linode, provides: {web: {public: true}}}
23:07 stevednd it looks like json, but I just want to make sure
23:08 murrdoc if you gusy are in la today
23:08 murrdoc http://www.meetup.com/UUASC26/events/219180294/
23:08 murrdoc u can watch it http://www.youtube.com/watch?v=VxyuTqkr9xU
23:09 murrdoc Gareth Greenaway  is speaking
23:11 perfectsine_ joined #salt
23:15 rjc joined #salt
23:16 ajmccluskey Hi all. I'm updating a WinXP minion's PATH with win_path, which is all good, but as expected the minion service's environment doesn't see that change without a service restart or system reboot.
23:16 ajmccluskey Specificall, I need to get git into the PATH so that subsequent states that use git will execute successfully.
23:17 iggy mgw: there's a bug open about that... my takeaway was "maybe?"
23:17 mikaelhm joined #salt
23:17 mgw iggy: thanks
23:18 otter768 joined #salt
23:18 ajmccluskey Is there some way to update the minion's environment, or failing that, some way to coordinate a restart and continue with my highstate?
23:19 iggy ajmccluskey: you could try reload_modules: True in whatever state is doing the installing/path setting
23:19 iggy don't know if that'll be enough though
23:19 ajmccluskey iggy: thanks. Didn't know that existed. Will give it a try.
23:20 sporkd2 iggy: do you know where the list of connectionargs the mysql states need?
23:20 iggy yeah, oddly, not many people do
23:20 iggy sporkd2: no, afair, the postgres and mongo modules or states have it documented
23:21 sporkd2 ajmccluskey: hey hey
23:21 iggy if the mysql module and/or state doesn't you might file a doc bug about that
23:22 spookah joined #salt
23:22 ajmccluskey sporkd2: sup
23:22 sporkd2 is the mysql module says mysql.user then I can just probably use user: in my state?
23:22 sporkd2 if*
23:22 bhosmer__ joined #salt
23:23 stevednd whiteinge: is there also an issue that I can follow for the grains bug?
23:24 ckao joined #salt
23:26 foulou joined #salt
23:28 yomilk joined #salt
23:28 Svake joined #salt
23:29 ajmccluskey iggy: alas, reload_modules doesn't do the trick
23:30 Svake Hi Guys, Is it possible to deploy ssl certs/key via salt?
23:30 ajmccluskey looking at the state.git code it does a which_bin(?) that ends up checking through the PATH for binaries. After a installing git, setting PATH, and a reboot of the minion this passes, but not before.
23:30 robawt Svake: yes
23:32 aurynn Svake, sure
23:36 iggy ajmccluskey: you might file a bug to see if re-reading the PATH should be included in reload_modules
23:36 iggy (search first, this seems like something might have hit before)
23:38 stevednd whiteinge: okay, so I don't know what the heck the grains file is. I tried to deserialize it using salt.utils.serializers.json and that failed with "Expecting property name". I tried to use pickle.load next, and that gave KeyError: '{'
23:38 Svake aurynn, Excuse my ignorance, but how?
23:39 aurynn Svake, it'll depend on your OS, but ubuntu you'd do install the cert into /usr/local/share/ca-certificates and then run update-ca-certificates
23:40 aurynn and I have no idea for centos
23:40 murrdoc joined #salt
23:41 stevednd whiteinge: and I'm dumb. Sure enought yaml.safe_load worked. I didn't recognize it as yaml because of the single line format. Anyways, thanks for your help. Please let me know if there's an issue that I can follow.
23:43 ajmccluskey iggy: FYI there seems to be a feature request that would solve my problem: https://github.com/saltstack/salt/issues/17062
23:43 kermit joined #salt
23:45 wt joined #salt
23:45 wt is there a way to get an amount of time that a job has been running?
23:45 wt like from "salt-run jobs.active"
23:45 wt the job ids appear to be time based, but I really didn't want to parse them
23:49 beneggett joined #salt
23:51 wt I guess I could look them up with lookup_jid
23:51 SheetiS joined #salt
23:53 bhosmer joined #salt
23:53 wt err print_job
23:53 arif-ali joined #salt
23:56 __number5__ wt: saltutil.find_job does that too
23:56 yomilk joined #salt
23:57 StDiluted is the connection for a salt minion initiated by the minion or the master, meaning, if I have a minion in a VPC, do I need to have connectivity into the VPC
23:57 Svake aurynn,  My main problem is to share the generated signed certs from the salt-master(tls module) to all minions connected. note: im using GitFS to load my formulas from a repo
23:57 stoneberg joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary