Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2015-01-21

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:00 jonbrefe1 joined #salt
00:01 ekristen joined #salt
00:01 jonbrefe1 joined #salt
00:02 Ryan_Lane joined #salt
00:04 twellspring joined #salt
00:06 guido_ joined #salt
00:06 guido_ hi guys - wondering if anyone has ever built an RPM from the salt dev branch? if so - i was hoping for a little help.
00:08 MugginsM joined #salt
00:09 twellspr_ joined #salt
00:11 davedash joined #salt
00:13 gibmachine joined #salt
00:17 libercy Hi, I'm new to salt and just learning. I'd like to use it in masterless mode to be able to repeatably set up personal desktop linux installations the way I like. Any thoughts on whether that is a sensible/interesting thing to attempt?
00:18 iggy there's at least one company with hundreds of masterless nodes
00:19 iggy so there's certainly nothing stopping you doing it
00:19 Ryan_Lane we're doing it
00:19 Ryan_Lane well, for servers
00:19 iggy I didn't want to point fingers
00:20 Ryan_Lane libercy: yeah, it's sensible
00:20 Ryan_Lane the only difficult part is figuring out how to get the salt code on the masterless node
00:20 libercy I was thinking git
00:20 Ryan_Lane well, that and credential management, if you're going to need to protect credentials
00:21 Ryan_Lane those are the things the master generally do for you
00:21 Ryan_Lane git works fine for that
00:21 kalessin hello! quick question: can you define fake services? I have some states that have some watch_in values to trigger some service reload. I'd like to re-use those states in different environments, and in one environment the service doesn't make sense/exists and isn't defined
00:22 libercy Thanks Ryan
00:22 Ryan_Lane yw
00:22 brianfeister joined #salt
00:22 iggy {% if salt['file.file_exists']('/etc/init.d/service') %}watch_in:.... {% endif %}
00:22 Ryan_Lane kalessin: if it has an init script, yes
00:23 kalessin iggy: yeah my goal is to avoid all those conditionals
00:24 murrdoc use the test states
00:25 JDiPierro joined #salt
00:27 jonbrefe joined #salt
00:27 mosen joined #salt
00:29 kalessin oh murrdoc you mean I could define a test.succeed_without_changes ?
00:29 portablejim joined #salt
00:29 portablejim joined #salt
00:29 murrdoc yup\
00:29 aqua^mac joined #salt
00:29 kalessin f* dope
00:30 murrdoc its the closest thing to no op there is
00:31 kalessin yeah, i think that's exactly what i want, thank you so much
00:31 Ryan_Lane murkey: kalessin that isn't going to work for watch/watch_in, though, will it?
00:31 Ryan_Lane whoops
00:31 Ryan_Lane murrdoc: ^^
00:31 Ryan_Lane since watch_in will be - service: <blah>
00:32 Ryan_Lane test != service
00:33 kalessin well let me try that real "quick"
00:33 sh-ricky joined #salt
00:33 kalessin (yeah the target is openwrt running a *fairly* slow mips cpu)
00:36 jsm joined #salt
00:37 bluenemo_ joined #salt
00:38 sh-ricky Hello everyone! I’m a junior sys admin learning Salt first time. I’ll be asking lots of questions. Of course I’ll check out logs before asking mostly repeated questions. But would like to thank you all in advance for the help! :)
00:41 bluenemo_ hi sh-ricky, welcome to salt
00:41 twellspring joined #salt
00:42 sh-ricky hello Bluenemo!
00:42 juanlittledevil1 joined #salt
00:44 kalessin murrdoc: Ryan_Lane yeah doesn't seem to be working
00:44 kalessin http://pastie.org/pastes/9845033/text
00:46 juanlittledevil joined #salt
00:48 hvn joined #salt
00:48 murrdoc joined #salt
00:49 kalessin anyway sleepy time
00:50 bhosmer joined #salt
00:51 aranhoide joined #salt
01:01 iggy conditionals brah
01:02 spookah joined #salt
01:06 otter768 joined #salt
01:06 micah_chatt joined #salt
01:08 micah_chatt_ joined #salt
01:11 dude051 joined #salt
01:13 murrdoc bruh
01:13 aparsons joined #salt
01:14 murrdoc brah is like so last year iggy, gawd
01:16 dmick joined #salt
01:16 dmick Hi guys.  I've been using salt without understanding some basics for a long time now and I'd like to go back and really understand things from the ground up.
01:17 aurynn okay
01:17 aurynn welcome to salt!
01:17 dmick is there a good "theory of salt operation" besides the official docs?  The official docs have tutorials and reference, but not much in the way of overarching architecture
01:17 dmick my current problem may point out my need:
01:17 dmick calling salt 'things' (modules? ) from jinja2 templates
01:18 dmick I can call salt.environ.get and I can't call salt.pw_user.info, and I have no idea why one and not the other
01:18 aurynn call how?
01:19 dmick as in {% set envvar = salt.environ.get() %} or {% set homedir = salt.pw_user.info(username)['home'] %}
01:19 andrej Is there a way to get the name of a state into a jinja template is uses via a variable?
01:19 dmick salt says that pw_user is not available.  I'm sure that is for a good reason
01:19 andrej We're looking at putting a preamble into salt-maintained config files so people don't try and muck with them locally
01:20 dmick specifically: Jinja variable 'dict object' has no attribute 'pw_user'
01:21 cpowell joined #salt
01:24 aqua^mac joined #salt
01:30 schlueter joined #salt
01:31 druonysus joined #salt
01:31 druonysus joined #salt
01:31 dmick aurynn: you see the sort of confusion I'm dealing with here?  when I look up pw_user and environ they both appear as "salt.modules.*", but only environ also appears listed in "salt.states.environ"
01:32 dmick and I know that means something, I just don't know what
01:32 aurynn okay
01:32 aurynn so states are what you use in .sls files, and modules are what you run when you do salt 'blah' something
01:32 aurynn "something" would be a module
01:33 dmick you mean "salt 'blah' something" from the CLI
01:33 aurynn yes
01:33 dmick i.e. running salt or salt-call
01:33 dmick and, while I appreciate you taking the time
01:33 aurynn so `state.highstate` is a module
01:33 dave_l joined #salt
01:33 dmick what I'm really after is "where do I read this for myself"
01:34 aurynn I've kind of pieced it together from the official docs
01:34 harkx joined #salt
01:34 Guest36781 hi all, in my State file how do I tell apache to restart after installing php5-mysql - but only if the package is not there already?
01:35 mohae dmick: .sls are salt states--[S]a[L]t [S]tate files: http://docs.saltstack.com/en/latest/topics/tutorials/starting_states.html
01:35 dmick right
01:36 mohae and if you haven't read these, the getting started section is a good place to start: http://docs.saltstack.com/en/latest/
01:36 dmick I definitely have, over and over and over
01:36 mohae ok
01:36 dmick I have not found anything that talks about the actual architecture to a programmer
01:36 dmick I'd be happy to hear I'm overlooking something obvious
01:37 phpdave11 Guest36781: apache2:\n  pkg.installed:\n  service.running:\n    - enable: True    - watch:\n      - pkg: php
01:38 notnotpeter I'm having some trouble getting file.recurse to actually exclude directories with the 'exclude_pat' setting.
01:39 notnotpeter Does anyone have a working regex example of exclude a directory from getting clobbered by the recurse?
01:39 CeBe joined #salt
01:41 Guest36781 phpdave11: that's if I have php5-mysql listed as a package in 'php' State?
01:42 phpdave11 Guest36781: apache2:\n  pkg.installed:\n  service.running:\n    - enable: True\n    - watch:\n      - pkg: php5-mysql
01:42 phpdave11 Is what I meant
01:43 Guest36781 thanks - is there anyway to do it from the other end? I.e. in the php-mysql State file?
01:44 phpdave11 I think so, but I'm not sure how. I would love to find out.
01:45 mohae dmick: salt execution modules are meant to be executed immediately, e.g. you wouldn't add a state.highstate call to a state
01:45 Guest36781 I have separate States for apache, mysql, php (dependent on apache) and one for lamp - only if lamp is installed do I need php5-mysql - and restart apache
01:46 mohae dmick: I was wrong, you can using module.run
01:46 mohae dmick: does this help? http://docs.saltstack.com/en/latest/ref/states/all/salt.states.module.html#module-salt.states.module
01:46 mohae or did you already try this route?
01:47 dmick http://docs.saltstack.com/en/latest/topics/tutorials/starting_states.html#getting-to-know-the-default-yaml-jinja is what I'm struggling with.  'salt' contains some set of attributes.  I'm not sure how I'm supposed to know which,.
01:47 ekristen joined #salt
01:47 dmick but, yes, maybe salt.module.run.pw_user is really what I'm after (O_o)
01:48 SheetiS joined #salt
01:49 dmick nope: Jinja variable 'dict object' has no attribute 'module'
01:49 dmick gonna see if I can get a dict dump of 'salt' and see just what the hell it is
01:52 schlueter joined #salt
01:52 aurynn what are you trying to get access to?
01:52 dmick pw_user
01:52 dmick (or, really, doc)
01:53 aurynn okay, rather, what are you trying to achieve?
01:53 dmick well, again, in this very specific instance, I'm trying to get at the configured homedir for a user from the passwd file
01:53 dmick in general, I'm trying to figure out how to help myself
01:53 aurynn right, but, why? what is your end goal?
01:54 dmick "getting homedir" isn't enough?
01:55 dmick not sure what you're asking
01:55 aurynn I'm not sure what you're trying to do overall
01:55 aurynn like, why do you need the homedir like that?
01:55 dmick because I'm going to be executing commands as that user in that user's homedir
01:56 aurynn Okay
01:56 dmick which is not the current user (which is root, because salt)
01:56 aurynn right
01:56 aurynn so a `cmd.run` state will let you set user and current working directory
01:56 dmick and I'm also going to be using that homedir as sources/dests for copy commands
01:56 aurynn but getting that data would probably require a custom pillar
01:56 dmick of course, and I'm doing that; I don't need to set it, I need to know what it is *so* that I can set it
01:57 aurynn or just making assumptions and doing a switch based on detecting the target system
01:57 dmick it really needs to come from passwd
01:57 dmick it's configurable by the sysadm
01:57 aurynn a custom `mine` function, then
01:58 dmick entirely possible.  I know nothing at all about pillars or mines
01:58 dmick but it sure looks very heavily hinted that I ought to be able to call salt functions to do this
01:58 hvn joined #salt
01:58 aurynn so
01:58 aurynn the jinja templates always render on the master
01:58 aurynn not the minion
01:58 hvn joined #salt
01:58 dmick "The salt object allows for any Salt function to be called from within the template"
01:58 aurynn and pillar data is collected on the master
01:58 dmick yeah, this is masterless
01:59 aurynn okay
01:59 aurynn then this is advanced jinja magic and the jinja stuff is poorly documented :(
02:01 dmick but you see why I'm asking the question the way I'm asking: salt.environ.get() works just like a champ
02:01 dmick but salt.pw_user.info() does not
02:02 dmick that seems like a clear indication that they're different in some regard.  maybe it's because the attrs on the salt object are state modules only
02:02 aurynn yes, I see that not
02:02 aurynn and I don't know
02:02 aurynn getting adump out of jinja is -emuchhard
02:02 nitti joined #salt
02:02 dmick yeah, I've tried every permutation I can think of
02:02 dmick I guess there's always -pmdb :)
02:03 dmick er -mpdb
02:03 andrej Is there a way to get the name of a state into a jinja template is uses via a variable?
02:08 * andrej has the gift of making people go quiet :
02:09 aurynn andrej, I don't know; what are you trying to achieve?
02:12 acabrera joined #salt
02:15 StDiluted joined #salt
02:15 mgw joined #salt
02:15 notnotpeter andrej: {{ sls }} has the full path of the sls file (so in apps/apache/htaccess/init.sls, {{ sls }} ==  apps.apache.htaccess)
02:17 andrej notnotpeter : cool, that looks useful.  In which contexts it this available?
02:17 TyrfingMjolnir joined #salt
02:18 murrdoc joined #salt
02:18 andrej aurynn: trying to put a "banner" at the top of managed text/script files tha stop people from chaning them locally.
02:18 andrej we have historically a lot of people with low-level access to machines, and not all of them keep up w/ doco on the wiki
02:19 murrdoc das bad
02:19 murrdoc i mean not your bad
02:19 murrdoc just a bad place to be
02:19 andrej so a local warning in the file they may want to edit to point them to salt seemed like a good idea
02:19 murrdoc its a good idea
02:19 andrej and yes murrdoc , it is
02:19 murrdoc setup a pillar
02:20 murrdoc with the  header text u want
02:20 murrdoc then just put in a {{ salt['pillar.get']('your_pillar_name') }} in the files u want the header
02:20 murrdoc just remember not everything 'comments' the same
02:21 andrej Yeah, sorely aware of that ;}
02:21 murrdoc like vim is like ;
02:21 andrej # ; /
02:21 murrdoc but what u can do is use jinja filters to replace stuff
02:21 murrdoc so make it with a #
02:21 murrdoc and the replace stuff out as neede
02:21 murrdoc needed*
02:22 andrej Sounds good .. not sure how I'd automate the replacement  :}
02:23 murrdoc i mean
02:25 andrej notnotpeter  is this {{ SLS }} documented somewhere? Searching for it seems impossible
02:25 MugginsM w00t, that's my second salt PR  :)
02:25 dmick {{ }} is just a template substitution
02:26 dmick the fact that you can use salt, grains, and pillar is here: http://docs.saltstack.com/en/latest/topics/tutorials/starting_states.html#getting-to-know-the-default-yaml-jinja
02:26 murrdoc you go MugginsM
02:26 pdayton joined #salt
02:27 jhauser_ joined #salt
02:27 notnotpeter andrej: I only found out about it because of this: https://github.com/saltstack/salt/issues/815
02:28 notnotpeter 2014.7 has slspath too
02:28 MugginsM if it gets merged, that'll be the two bugs stopping salt working for us fixed :)
02:29 murrdoc :)
02:29 MugginsM I decided, this year, to stop complaining about OSS stuff and just bloody *help*
02:31 Grokzen joined #salt
02:37 jonatas_oliveira joined #salt
02:37 andrej Good man MugginsM
02:37 andrej and thanks again notnotpeter
02:39 notnotpeter andrej: np. My states are littered with "source: salt://{{ sls.replace('.','/') }}/blahblah.conf" sadly that only works if you exclusively use init.sls in a directory instead of blahblah.sls
02:41 brianfeister joined #salt
02:45 jsm joined #salt
02:46 jeremati_ joined #salt
02:51 Grokzen joined #salt
02:52 linjan joined #salt
02:54 dec would anyone else like a sub-command of salt-cloud which SSHs you into a host managed by salt-cloud? e.g. salt-cloud -m /etc/salt/cloud.maps.d/mymap.conf --ssh myhost1
02:55 dec it'd automatically use all the config defined in the salt-cloud config, like the SSH private key, to connect to the host
02:55 aurynn that would be useful
02:57 dec Inspired by Google's compute engine CLI "gcloud":    usage: gcloud compute ssh  [USER@]INSTANCE [optional flags]
02:59 favadi joined #salt
03:02 rocket joined #salt
03:06 otter768 joined #salt
03:11 favadi left #salt
03:12 favadi joined #salt
03:12 tkharju joined #salt
03:23 murrdoc joined #salt
03:28 bhosmer_ joined #salt
03:30 jonatas_oliveira joined #salt
03:34 bones050 hi guys, does anyone know if it is possible to increment a variable in a state file for each host, over a singe glob run?
03:34 neilf______ joined #salt
03:34 basepi joined #salt
03:36 wincyj joined #salt
03:37 theo joined #salt
03:44 ramishra_ joined #salt
03:45 scalability-junk joined #salt
03:46 lkannan_ joined #salt
03:47 fxdgear joined #salt
03:48 mosen joined #salt
03:49 nmadhok joined #salt
03:52 nmadhok joined #salt
03:55 jsm joined #salt
03:56 ajw0100_ joined #salt
04:05 Furao joined #salt
04:05 renoirb joined #salt
04:05 dude051 joined #salt
04:07 hillna_ joined #salt
04:08 ramishra_ joined #salt
04:09 scalability-junk joined #salt
04:09 basepi joined #salt
04:09 ikanobori joined #salt
04:10 pdayton joined #salt
04:16 xDamox joined #salt
04:18 dmick aurynn: mohae: fwiw, pdb'ing until render_template(), I got a good idea that the dict passed to the render engine had 'user' in it, which is indeed a state, but doesn't document anything other than the methods; however, it refers to __salt__['user.info'](username), a dict of info, that appears to have a 'home' key
04:19 dmick so in the template, salt.user.info(username)['home'] seems to expand correctly
04:21 mohae dmick: nice to know.
04:22 mohae thanks
04:23 dmick probably useless to many, because of the "rendering on master" thing, but, for me and masterless...
04:23 dmick maybe that's why it's undocumented
04:23 lkannan_ joined #salt
04:24 mohae dmick: ya, that rendering on master thing is annoying. I just ran into it trying to run salt stuff that I had done for a master-minion setup on a masterless vagrant box...
04:25 mohae so, parsing what you found, I can get around the rendering on master thing?
04:25 dmick depends on what you want to do, I guess
04:26 diegows joined #salt
04:26 dmick in my case the user on the masterless minion was the right one to look up
04:26 mohae ironically, render a user template in jinja that is in a pillar
04:27 mohae seems like masterless should support rendering, unless pillars are only meant for master-minion setups, but that reduces portability imo
04:27 neilf______ joined #salt
04:28 dmick what fails?
04:28 dude051 joined #salt
04:28 tmh_ joined #salt
04:29 fxdgear joined #salt
04:29 mohae well, looking at it closer, it might have a state in a wrong location: Specified SLS 'users' in environment 'base' is not available on the salt master
04:30 dmick environment is another one of those terms I'd like to see actually defined/explanied
04:31 mohae well, as far as I can tell, environment is just a way of organizing states to match real world environments, e.g. prod, dev, etc
04:32 dmick actually, http://docs.saltstack.com/en/latest/ref/states/index.html looks like it might be sorta what I'm after
04:33 tmh_ joined #salt
04:33 dmick that's tomorrow's job: read and understand that chapter
04:35 berserk joined #salt
04:36 mohae dmick: looks like I need to better understand using environments since not using an environment seems to have resolved it; I'll see at the end of this run
04:37 mohae and that index seems rather large, good luck! ;)
04:51 brianfeister joined #salt
04:59 kermit joined #salt
05:07 otter768 joined #salt
05:08 jerematic joined #salt
05:12 kbyrne joined #salt
05:16 portablejim joined #salt
05:19 jonatas_oliveira joined #salt
05:20 yomilk_ joined #salt
05:30 ikanobori joined #salt
05:38 felskrone joined #salt
05:42 ndrei joined #salt
05:45 druonysus joined #salt
05:45 druonysus joined #salt
05:49 geekatcmu left #salt
05:54 jeff__ joined #salt
05:54 jeff__ hi
05:54 jeff__ is there anybody?
05:58 monkey66 joined #salt
06:01 jalbretsen joined #salt
06:02 ramteid joined #salt
06:05 Ryan_Lane joined #salt
06:05 ajw0100 joined #salt
06:07 hvn joined #salt
06:08 dvestal joined #salt
06:08 catpigger joined #salt
06:21 yomilk joined #salt
06:29 cberndt joined #salt
06:30 calvinh joined #salt
06:33 techdragon joined #salt
06:36 druonysuse joined #salt
06:41 monkey661 joined #salt
06:45 linjan joined #salt
06:46 monkey661 left #salt
06:48 scristian joined #salt
06:52 bhosmer joined #salt
06:53 Grokzen joined #salt
06:58 ganes joined #salt
06:58 ganes hi
06:59 ganes i need to know default execution flow of slsl file... which returner is used??
07:02 AndreasLutro joined #salt
07:03 ganes WHICH DEFAULT RETURNER IS USED??
07:03 colttt joined #salt
07:03 TyrfingMjolnir joined #salt
07:07 hvn joined #salt
07:07 hvn joined #salt
07:08 jonatas_oliveira joined #salt
07:08 otter768 joined #salt
07:09 karthee joined #salt
07:09 karthee left #salt
07:13 CeBe joined #salt
07:22 stoogenmeyer_ joined #salt
07:22 flyboy joined #salt
07:26 toanju joined #salt
07:30 KermitTheFragger joined #salt
07:38 iwishiwerearobot joined #salt
07:39 istram joined #salt
07:43 aranhoide joined #salt
07:43 techdragon joined #salt
07:44 penguin_dan joined #salt
07:47 scienec_ joined #salt
07:53 Auroch joined #salt
07:57 slafs joined #salt
07:57 slafs left #salt
07:57 trikke joined #salt
07:57 dkrae joined #salt
07:59 karimb joined #salt
08:02 CeBe joined #salt
08:21 yomilk_ joined #salt
08:22 hebz0rl joined #salt
08:26 techdragon joined #salt
08:30 Grokzen joined #salt
08:35 Andre-B joined #salt
08:37 lb1a joined #salt
08:40 kawa2014 joined #salt
08:41 warpik joined #salt
08:41 warpik Hello. Is it possible to limit salt-minion of usage of outbound ports? sometimes minion use some of 50000+ port, that used by my app
08:45 Janne_ joined #salt
08:46 jerematic joined #salt
08:47 Grokzen joined #salt
08:48 chiui joined #salt
08:51 yomilk joined #salt
08:58 aqua^mac joined #salt
09:01 tux_ joined #salt
09:01 guiguite joined #salt
09:07 dunz0r Can I somehow do something like a "nested" match?
09:07 dunz0r Like first matching on ip, then matching machines based on OS which is within that subnet?
09:09 otter768 joined #salt
09:10 portablejim joined #salt
09:10 portablejim joined #salt
09:22 yomilk_ joined #salt
09:23 I3olle joined #salt
09:24 JDog Tried this https://gist.github.com/jontyneedham/3551388a668284461a42 without success. Says the mount point does not exist, even though it's created above and exists on the virtualbox -- I've checked.
09:26 VSpike If only collections in pillar were merged, my life would be *so* much easier. It's such a pain when trying to design pillar structure knowing that something commonly used like a users collection or a roles collection must occur only once
09:27 VSpike It would be better if you were at least warned that you'd used it more than once and you'll get unpredictable results
09:31 phx warpik, i think that's not done by salt, but by the OS, the port allocation
09:31 phx warpik, you have to tell your OS from what portrange to use when allocating source ports for outgoing connections
09:32 jhauser joined #salt
09:32 CeBe joined #salt
09:37 VSpike I'm starting to wonder if I'd be better dispensing with top.sls mechanism and including a single file which uses Jinja to do all the logic ... both the bit that top.sls does (i.e. including other files) and also building a collection of roles or users by having a long list wrapped in "if" blocks
09:38 VSpike Wonder if anyone else has tried that, and if so how well it worked?
09:38 dburbridge joined #salt
09:39 phx VSpike, i'm generating my top.sls based on an inventory database. technically i've implemented it in a pillar, because it should be rendered on the master-side, then using that pillar in the state top.sls
09:40 che-arne joined #salt
09:40 esogas_ joined #salt
09:44 VSpike phx: that's what I wanted to do too ... avoid having the complex logic working out which machine does what by hostname duplicated in pillar and states, so wanted to get pillar to assign pillar data + roles, and then states to work totally off the roles and other pillar data.
09:44 VSpike If I understand you correctly
09:45 Grokzen joined #salt
09:47 Rawkode joined #salt
09:47 phx VSpike, something like that. Basically I'm generating the complete state top.sls in my topstate.sls pillar, then assigning that pillar in the state top.sls (it's a singleliner actually, because verything is in that pillar)
09:47 phx in the pillar top.sls i'm assigning this pillar to every host
09:48 phx apart from this, each host is assign all its state and pillars based on its roles/services/location/etc dynamically
09:48 phx so i configure my inventory, then my states+pillars are transforming that into OS/app/etc configurations
09:50 warpik phx: i will try , thanks
09:52 VSpike phx any chance of an example?
09:52 VSpike If it's shareable
09:53 VSpike You're generating the topstate.sls automatically I guess, which avoids having to do complex logic within the state system since you don't really care how long-winded it is
09:54 phx uhm
09:54 phx if i rip out some confidential stuff, i can show you  a couple of things
09:54 phx VSpike, my state top.sls is the following: {{ pillar['topstate'] }}
09:54 phx that's simple :)
09:56 phx the pillars top.sls and topstate.sls are basically python scripts which are querying a database, going through all/specific hosts, and whatever is assigned to those hosts, assigning the appropriate salt pillars and states
10:00 CeBe joined #salt
10:00 FAMAS joined #salt
10:01 FAMAS joined #salt
10:03 VSpike Ohh, right. I see.
10:09 calvinh hi guys, i am trying to manage a mongodb via salt and ran into an issue, i just discovered the bug report for this issue, seems like the commits/merge to fix the bug happened 16 days ago, how can i check in which version of salt the bug is fixed? i'm on 2014.7.0 and the bug still seems to be present in this version
10:11 istram joined #salt
10:13 Guest91358 joined #salt
10:13 Guest91358 left #salt
10:17 fredvd joined #salt
10:20 falkowich joined #salt
10:21 che-arne joined #salt
10:22 falkowich Hi, I'm starting out with saltstack on an Ubuntu enviroment. I only started with a few lab minions and are trying out some basic stuff.
10:22 N-Mi joined #salt
10:23 falkowich When I try out the APT stuff (pkg) salt '*' pkg.autoremove list_only=True seems missing in the installed version? Anyone know if this i by default in  ppa:saltstack/salt?
10:24 falkowich No biggie, but It's always good to know :)
10:24 nkuttler falkowich: well, apt-cache policy salt-master, and compare the version to the docs you're reading
10:26 falkowich nkuttler: I checked out that they are the same versions. (2014.7.0 - http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.aptpkg.html#module-salt.modules.aptpkg )
10:26 falkowich installed version  *** 2014.7.0+ds-2trusty1 0
10:27 nkuttler falkowich: which error do you get? complete command + traceback in a pastebin please
10:30 falkowich nkuttler: I'll do it. But I think that it is just missing in "my" /salt/modules/aptpkg.py
10:30 falkowich root@saltstack-master:/etc/salt# grep "def autoremove" /usr/lib/python2.7/dist-packages/salt/modules/aptpkg.py
10:30 falkowich root@saltstack-master:/etc/salt# grep "def upgrade" /usr/lib/python2.7/dist-packages/salt/modules/aptpkg.py
10:30 falkowich def upgrade(refresh=True, dist_upgrade=True):
10:30 falkowich def upgrade_available(name):
10:30 falkowich no function that is named autoremove it seems like..
10:31 nkuttler falkowich: fwiw, that should be in the salt-common package, just check which version that is
10:31 nkuttler i don't see it there either, but i don't have access to salt right now to verify it
10:31 ml_1 joined #salt
10:32 falkowich root@saltstack-master:/etc/salt# dpkg -l | grep salt
10:32 falkowich ii  salt-common                         2014.7.0+ds-2trusty1             all          shared libraries that salt requires for all packages
10:32 falkowich ii  salt-master                         2014.7.0+ds-2trusty1             all          remote manager to administer servers via salt
10:34 nkuttler falkowich: btw, those are the docs for the dev version..
10:34 nkuttler it says in the sidebar
10:34 nkuttler https://readthedocs.org/projects/salt/, much better
10:34 nkuttler yeah, not in the released version
10:35 falkowich Oh, now I feel really stoopid :D
10:35 nkuttler it happens to everybody ;)
10:35 Furao http://salt.readthedocs.org/en/latest/ref/states/all/index.html link to “file” state redirect to http://docs.python.org/2/library/functions.html#file :)
10:37 arno joined #salt
10:38 falkowich Problem solved.. Sry again..
10:38 falkowich Note to self.. Lithium != Helium .. :I
10:39 falkowich Well, time to push forward to testing this out.. I really love the easy of deployment on both master and minions..
10:39 falkowich Thnx for the time taken :)
10:42 aquinas joined #salt
10:42 jhauser joined #salt
10:42 FAMAS joined #salt
10:43 FAMAS joined #salt
10:45 akshimassar joined #salt
10:46 jonatas_oliveira joined #salt
10:47 juanlittledevil1 joined #salt
10:50 The joined #salt
10:52 hvn joined #salt
10:56 _ether_ joined #salt
11:02 JDog How should I use vboxfs in mount state?
11:03 calvinh joined #salt
11:03 davet joined #salt
11:03 akshimassar Hi! I have a question about environments. Could not find it in docs, and code is rather complex. How pillars|modules|grains works with environments, does anybody knows?
11:03 Furao JDog: i wrote a formula for that, have fun :P
11:03 Furao it was not easy
11:04 JDog Awesome.
11:04 Furao https://doc.robotinfra.com/virtualbox/guest/doc/index.html
11:04 Furao sorry code is not public, yet
11:07 giantlock joined #salt
11:09 bala joined #salt
11:10 otter768 joined #salt
11:12 JDog Furao:  Thanks for the link.
11:12 chiui joined #salt
11:13 JDog Furao: Could you give me a pointer on the syntax for the state if you have time?
11:16 Furao basically, it install all dependencies to build kernel module for vboxfs, install vbox guest ubuntu pkg, and load kmod. and start service that automount
11:17 Furao https://gist.github.com/bclermont/6729d6f103b92ff805ff
11:35 JDog Furao: Nice one -- much appreciated. Thanks for your time.
11:37 agend joined #salt
11:38 bhosmer_ joined #salt
11:43 giantlock joined #salt
11:46 calvinh joined #salt
11:48 bluenemo joined #salt
11:48 bluenemo joined #salt
11:49 bluenemo joined #salt
11:51 calvinh_ joined #salt
11:53 yomilk joined #salt
11:54 linjan joined #salt
11:55 ecdhe joined #salt
11:56 aqua^mac joined #salt
11:56 linjan joined #salt
11:59 kbyrne joined #salt
12:05 bala left #salt
12:12 jonatas_oliveira joined #salt
12:20 mikkn joined #salt
12:23 yomilk_ joined #salt
12:23 mrjk joined #salt
12:26 bhosmer joined #salt
12:28 booly-yam-4014 joined #salt
12:31 hvn joined #salt
12:31 hvn joined #salt
12:35 che-arne joined #salt
12:35 JlRd joined #salt
12:38 JDog Furao: Just trying it now -- what's in kernel.sls? Or from where can I get it?
12:41 favadi left #salt
12:47 diegows joined #salt
12:52 vbabiy joined #salt
12:53 Mindfart joined #salt
12:53 yomilk joined #salt
12:56 ksj joined #salt
12:58 zadock joined #salt
12:58 ksj hi, I'm trying to get the openssh formula working. I'v commented out everything except the auth section of the example pillar and put in my own details, but when I run salt \* state.sls openssh.auth, it only runs the main openssh state, not the auth.sls file
12:58 ksj I'm sure it's something dumb....but I can't figure out what
12:59 babilen ksj: Which states to you target to your minion in your top.sls ?
13:00 ksj I'm not running from the top.sls, was trying to just run from the command line
13:00 ksj salt \* state.sls openssh.auth
13:00 ksj is it not possible to target a single sls that way?
13:00 babilen That can't work as it needs to include the "openssh" SLS
13:01 ksj it does in the auth.sls file
13:01 ksj it has an include
13:01 babilen You are probably looking for state.id as that pulls in dependencies
13:01 babilen You are running a single SLS. That is: *only* that.
13:02 babilen One could argue that that is suboptimal/buggy behaviour though
13:02 jerematic joined #salt
13:03 ksj yeah....I'm a bit confused
13:08 ksj what do you mean by state.id? you mean I run salt \* state.openssh ? it says it's not available
13:11 otter768 joined #salt
13:11 __number5__ I think that's state.sls_id check the docs
13:17 ksj damn, sls_id is fairly recent. I'm running salt 2014.1.7 and it doesn't have it
13:18 hebz0rl_ joined #salt
13:18 ksj I'm stil confused though. if the openssh formula is supposed to just drop in and work, in the init.sls why doesn't it make a call to the auth module?
13:19 babilen __number5__: yes, that! :)
13:19 babilen Sorry
13:20 babilen ksj: My understanding (I haven't tested that, will do so in about ~30 minutes as I ran into this problem recently too) is that state.sls really calls only what is that specific SLS file. That means, in particular, that includes are *not* being, well, included.
13:21 babilen I would consider that a bug or, at least, highly problematic. But I have to verify that. You should be able to use the openssh formula easily if you target it in a highstate though.
13:22 babilen state.sls_id probably won't help you much but it does pull in requisites explicitly
13:22 booly-yam-4014 joined #salt
13:24 ksj still hasn't worked from a high state, but I'm fairly new so may have done it wrong
13:24 ksj I just put '- openssh' on a line below ones I know to work
13:25 ksj it doesn't seem to have executed anything at all
13:25 ksj from openssh I mean. it executed my other state files fine
13:28 babilen afaict "- openssh" does not include "- openssh.auth" so you would have to target that explicitly
13:28 rypeck joined #salt
13:31 nmadhok joined #salt
13:35 ksj nope. I have - openssh.auth in my top.sls file, and it still only runs the main openssh.sls that starts the daemon
13:37 babilen ksj: What does "salt 'that-minion' pillar.get 'openssh:auth'" give you?
13:39 ksj nothing. just returns 'minion-name:'
13:40 babilen That is your problem then. Have you configured your pillar?
13:41 favadi joined #salt
13:42 ksj I think so...I have a pillar directory that master conf reads from. it has a top.sls in it, and a modified version of the pillar.example file that came with the ssh formula
13:43 ksj renamed to openssh.sls
13:43 ksj in that file I commented out everything except the auth bit, and put in my pub key, username etc
13:44 aqua^mac joined #salt
13:50 Tyrm joined #salt
13:55 yomilk_ joined #salt
13:55 babilen ksj: Could you paste relevant bits to http://refheap.com (redact personal/sensitive information) -- Maybe I can spot something.
13:56 babilen The states won't do anything if your pillar is empty
13:56 babilen (as you noticed)
13:58 SheetiS joined #salt
13:58 sterpka joined #salt
13:59 sr4f joined #salt
13:59 bhosmer joined #salt
14:00 jeremyr joined #salt
14:08 racooper joined #salt
14:08 JDiPierro joined #salt
14:08 ksj thanks. I think I'm doing something really dumb and the pillar file is not being read. I just took the pillar.example and put it in the srv/pillar folder as openssh.sls, then added - openssh to my top.sls file in srv/pillar. that doesn't seem to be enough
14:08 dd11 joined #salt
14:08 ksj if I do salt <minion> pillar.items, I don't see anything openssh related
14:11 booly-yam-4014 joined #salt
14:14 mrjk joined #salt
14:14 dd11 is there any diff between  salt.cmd.run and salt['cmd.run'] ?
14:15 cpowell joined #salt
14:15 dd11 trying to get usernames from ssh-keys.pb like user.name.pub, but iteration fails for salt['cmd.run']
14:16 dd11 for username in salt.cmd.run('find /some/path/keys/ -type f -exec basename {} .pub \;')
14:17 saru11_ joined #salt
14:19 vinterland joined #salt
14:19 karimb joined #salt
14:19 nitti joined #salt
14:20 vinterland Hello, I'm confuse as to how the service restart/reload functionality should be implemented in states. I have a state that has a package and some configuration files and I want this state to restart the service each time it is applied (without using watch). Can this be done?
14:22 andrew_v joined #salt
14:22 micah_chatt joined #salt
14:23 rocket joined #salt
14:24 micah_chatt_ joined #salt
14:25 Furao joined #salt
14:29 mpanetta joined #salt
14:34 viq joined #salt
14:35 dude051 joined #salt
14:36 babilen vinterland: Yeah, just use a state for the service and use watch_in (or listen_in) in the respective configuration file state
14:37 babilen (on the service state id)
14:37 dude^2 joined #salt
14:37 babilen So you'd have a "foo-service: \n service.running" and then "foo-service-configuration-file: \n file.managed: ... - listen_in: \n - service: foo-service"
14:38 vinterland hmm, interesting. I'll give it a try. Thanks :)
14:39 AndreasLutro listen_in: service makes that service reload automatically?
14:39 AndreasLutro what if you need to control whether to reload or restart the service?
14:45 babilen AndreasLutro: It would restart it (like "watch_in") -- If you want to reload it you would have to do so explicitly with an explicit module.wait state with - name: set to "module.reload"
14:47 AndreasLutro I see, thanks
14:47 babilen https://github.com/saltstack-formulas/apache-formula/blob/master/apache/init.sls#L12 is an example of that
14:47 vinterland hmm, wont this listen_in/watch_in only trigger on the update of the file that is managed? So if there is no change the service will not restart?
14:47 babilen (there might be other ways)
14:47 babilen vinterland: Why should it restart it if there is no change?
14:47 babilen (and yes)
14:49 rvankleeck joined #salt
14:49 hvn joined #salt
14:49 rvankleeck when creating nodegroups, is there a way to have a "default" one? Kinda like "* and not in any node group"
14:50 dd11 joined #salt
14:51 dude051 joined #salt
14:53 Ligthert https://www.refheap.com/4c6b5b976ea557189fb5f17f8 <-- Does anybody have experience with this one? It works without the Links:, but gives this nice error. Am I missing something?
14:53 acabrera joined #salt
14:53 N-Mi joined #salt
14:53 N-Mi joined #salt
14:54 booly-yam-4014 joined #salt
14:55 babilen Ligthert: Maybe make links a tuple?
14:55 CeBe joined #salt
14:55 jsm joined #salt
14:55 babilen It obviously tries to unpack something there. (e.g. "- db: db")
14:56 Ligthert I'll give it a shot. One moment
14:57 hasues joined #salt
14:57 Ligthert Progress!
14:57 Ligthert Its a different error! ;)
14:57 hasues left #salt
14:57 babilen Hooray!
14:57 babilen It was just a guess .. "links" does not seem to be documented
14:57 babilen Have you checked the code for it already?
14:58 babilen or make it 'links: \n - "db:db"' ?
14:58 Ligthert babilen: I haven't checked the code yet.. http://docs.saltstack.com/en/latest/ref/states/all/salt.states.dockerio.html#salt.states.dockerio.running <-- This does mention links.. :s
14:59 babilen I know
14:59 dd11 babilen: any hints how to handle / iterate over "salt['cmd.run']('find /srv/salt/users/keys/ -type f -exec basename {} .pub \;')" ?  as a commandline it returns filenames without .pub extension , line by line
15:00 jonbrefe joined #salt
15:03 dd11 rendering failed: Unknown yaml rendere error it sauy, iterating {% for username in salt.. %} and then using {{username}}
15:03 babilen dd11: You don't want to do that
15:03 JDiPierro joined #salt
15:04 dd11 there are more elegant and secure ways to keep list of users?   I'm just trying to make life of people more easy, so they only have to upload their user.name.pub in a directory
15:05 babilen dd11: This is a huge issue, but first and foremost: You want to keep your keys in pillars and not states and there is already a file pillar for that.
15:05 Ligthert babilen: ninja'd me :s Pillars
15:05 vinterland babilen thanks
15:05 babilen Unfortunately that pillar mixes targeting and the availability of files in pillars
15:06 kaptk2 joined #salt
15:07 mohae joined #salt
15:07 goal is there a better way of checking a package is installed than pkg.version. This seems excessive when you don't want the version, but just want to do the equivilent of rpm --quiet -q packagename
15:08 mpanetta Hey guys, does anyone here know what salt version http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.swift.html is in?
15:08 babilen dd11: https://github.com/saltstack/salt/blob/develop/salt/pillar/file_tree.py is what I mean, but it is ludicrous to mix targeting into the file system layout
15:08 mpanetta I cant find it in 2014.1.7
15:09 babilen dd11: https://github.com/saltstack/salt/issues/18406 is my bug report for this
15:10 housl joined #salt
15:12 otter768 joined #salt
15:13 Brew joined #salt
15:16 thedodd joined #salt
15:18 elfixit joined #salt
15:18 murrdoc joined #salt
15:24 iggy dmick: they started off shoving all of the modules into the jinja namespace. At a certain point they realized that was unmaintainable. So the "correct" way to call salt modules is {{ salt['module.function']('var1', var2) }}... some of the modules are just still there for backward compat
15:25 saru11 joined #salt
15:26 murrdoc yeah but they recommend the salt['module.function'] thing now
15:26 murrdoc if u search for the __dunder__ dictionary page
15:27 CeBe joined #salt
15:27 wchest joined #salt
15:27 peters-tx joined #salt
15:27 saru11 hello, is there any help for Salt-Minion-VERSION-PLATFORM-Setup.exe installer? Does it support any quite upgrade mode where I don't have to pass salt master with /master option and minion id with /minion-name ? I just need to upgrade Windows salt minon and reuse current its configuration.
15:27 iggy yeah, I think the problem was finding the right docs (and this was from last night, I just like dmick, so I decided to answer his question)
15:28 saru11 sorry, should be quiet instead of quite
15:28 hvn joined #salt
15:28 hvn joined #salt
15:28 wchest I have a quick question about the salt-master process. We've been running a salt cluster for almost a year now and have not had to restart the salt-master many times, and not for the last 5-6 months. My question is how safe is it to restart the salt master? Will I need to reaccept keys for all minions or will it handle that piece gracefully? The salt master is consuming a lot of CPU and memory and my hope is that restarting it will he
15:28 wchest I'm on salt 0.17.5
15:29 murrdoc here is the page btw http://docs.saltstack.com/en/latest/topics/development/dunder_dictionaries.html
15:30 wchest Quick clarification, I
15:30 wchest I'm asking about restarting the salt-master process rather than the whole machine
15:30 murrdoc u dont need to re accept keys
15:30 iggy wchest: keys are saved in /etc/salt, the only thing that you probably have to worry about is things like fileserver.update running
15:30 murrdoc just run a few test.pings
15:30 murrdoc once the restart is complete
15:31 iggy and that ^
15:31 wchest iggy: murrdoc: thanks!
15:32 babilen wchest: Restarting the master is no problem whatsoever. You might, however, trigger a number of minion auth requests when you do that, so that the load will rise for a while. Depending on the number of minions that might be problematic (I wouldn't worry if you have less than, say, 2000 on a decent machine though)
15:32 murrdoc will there be a salt irc irl meetup at the conference
15:32 murrdoc cos that would be fun
15:32 wchest babilen: Fantastic, shouldn't be a problem for us.
15:33 saltymoli left #salt
15:33 gladiatr joined #salt
15:33 aqua^mac joined #salt
15:34 babilen wchest: Yeah, just wanted to mention it. You never know what kind of setups people are running :D
15:34 murrdoc or not
15:36 cotton joined #salt
15:36 iggy awww, not going?
15:37 xliiv joined #salt
15:40 murrdoc imma be there
15:40 murrdoc my or not was for the suggestion of meeting irc irl
15:40 rlarkin mgmt denied me last year, but this year I have blackmail photos
15:40 rlarkin so I'm going
15:41 murrdoc bring photos
15:41 rlarkin ha
15:41 murrdoc :D
15:42 babilen I won't fly to the US, but would attend a SaltConfEurope
15:43 jcockhren babilen: wait. you're too good to fly to the US?
15:43 murrdoc or us might not let him in
15:43 iggy it's utah... it's practically canada
15:43 murrdoc its happened to me
15:43 babilen jcockhren: No, but I don't quite see the point in flying all that way for just a few days of conferencing
15:43 murrdoc its why u gotta shave a days before flying
15:44 jcockhren seriously? I was totally joking but that sucks
15:44 murrdoc make a trip out of it
15:44 bfoxwell joined #salt
15:44 murrdoc colorado is beautiful
15:44 murrdoc so is utah
15:44 iggy I'm going 3 days early to enjoy SLC
15:44 babilen murrdoc: Sure, that would be the idea, but not this year :D
15:44 murrdoc next year u might be on some go language written config manager
15:44 murrdoc :P
15:44 jcockhren in a connected world, we shoudl just be able to go places and get it
15:44 babilen haha
15:45 jcockhren my opinion, that's all
15:45 Ztyx joined #salt
15:45 murrdoc i am flying in from chicago
15:45 murrdoc i really do want to look into the comfy underwear they sell in utah
15:46 murrdoc ok .. too mas, please redact
15:46 jalbretsen joined #salt
15:46 iggy I'm flying in Saturday and leaving Friday
15:47 ccarney_ROCC joined #salt
15:47 wchest Sorry, another question. I'm getting "SaltReqTimeoutError: Waited 60 seconds on my salt master." Minions are being notified of jobs, but stall at "Returning information for job:" In some github issues folks are saying this may be due to the salt master getting into a bad state.
15:47 babilen I hate that error
15:47 wchest Is it okay to restart the entire machine or will I need to reaccept keys? I realize that the keys are in /etc/salt
15:47 wchest but want to make sure
15:47 wchest babilen: me too :)
15:47 babilen wchest: You can restart the entire machine
15:47 Ztyx You should simply have to restart salt-master. The whole machine shouldn't be necessary I think.
15:47 wchest babilen: awesome, thanks, in your experience is it helpful to restart minions as well?
15:48 wchest Ztyx: I've restarted the salt-master process
15:48 murrdoc the ones that fail to return in test.ping
15:48 babilen It shouldn't be necessary, but won't hurt
15:48 wchest and still getting the same errors
15:48 murrdoc wait this is 0.17 ?
15:48 Ztyx wchest: I see.
15:48 babilen 0.17 ?
15:48 murrdoc or the ahlee version
15:48 wchest I'm using 0.17.5
15:48 babilen What's "the ahlee version" ? Did I miss a work?
15:49 Ztyx Unrelated to the current discussion: There's a patch to a Salt module I'd like to try out (https://github.com/saltstack/salt/commit/dfa47a98f15b6fc4b1299d3701b1183826cc1061). Will I need to apply it to my master (which is also a minion), or to the minions I'd like to try out out for?
15:49 babilen wchest: You really might want to upgrade that
15:49 babilen s/work/fork
15:49 babilen Ztyx: You might be able to just place the updated state.py in _states
15:50 babilen Ztyx: http://docs.saltstack.com/en/latest/ref/states/writing.html
15:50 Ztyx babilen: Cool. I'll try that.
15:50 babilen Ztyx: I assume that there are no other dependencies of that state (you might have to do the same for the module too)
15:50 wchest babilen: Got it, I realize we should, but would want to test the upgrade before putting into production
15:50 babilen But you can "side-load" updated states/modules easily that way
15:50 wchest for now, need to push changes to a minion and not working
15:51 wchest For what it's worth, test.ping returns true for all machines
15:51 babilen Sounds good
15:54 iggy lol, Ahlee version
15:54 jsm joined #salt
16:00 conan_the_destro joined #salt
16:01 arno joined #salt
16:02 wchest babilen: Zytx: murrdoc: Seems to be working now, thanks for your help!
16:02 dmick joined #salt
16:02 murrdoc k now u need to do a pull request
16:02 murrdoc new rule :D
16:02 ablinkin joined #salt
16:03 schristensen joined #salt
16:07 Ozack1 joined #salt
16:08 Ahlee iggy: hmm?
16:09 Ahlee ah, heh
16:09 Ozack-work joined #salt
16:11 smcquay joined #salt
16:12 JDog joined #salt
16:13 ksj babilen: I've found the issue, salt's not adding any of the "sub pillars" (i.e. the sls files in the /srv/pillar directory). It's only processing top.sls. I've tried following the pillar walkthrough absolutely to the letter, but pillar.items will not show me the "sub pillars"
16:14 pdayton joined #salt
16:14 ksj top.sls at the moment contains base:\n  '*'\n    - packages
16:15 ksj but pillar.items will not show anything in packages
16:15 ksj I've checked file permissions
16:15 ksj any ideas anyone? really getting frustrated
16:15 overyander joined #salt
16:17 analogbyte joined #salt
16:17 rvankleeck ksj, what does your /srv/pillar/packages/init.sls look like?
16:17 Ozack-work joined #salt
16:19 signull joined #salt
16:20 rojem joined #salt
16:20 analogbyte joined #salt
16:20 signull joined #salt
16:21 analogbyte joined #salt
16:21 nullptr joined #salt
16:23 ksj rvankleeck: sorry, spilled water down my keyboard this morning and it finally decided to die. back now. there isn't an init.sls. I'm using /srv/pillar/packages.sls
16:23 ecdhe_ joined #salt
16:23 kitplummer joined #salt
16:24 ksj it looks exactly like it does in the pillar walkthrough...but it doesn't matter. If I add rubbish to it so it's not a valid yaml file, salt doesn't complain
16:24 ksj but it does complain if I do that to pillar/top.sls
16:24 ALLmightySPIFF joined #salt
16:24 ksj the only difference between my setup and the tutorial is that instead of keeping the pillar dir in /srv, I have it in ~/salt/pillar
16:25 ksj but I've changed that in /etc/salt/master (using absolute path)
16:27 yomilk joined #salt
16:28 rightsta-steve joined #salt
16:30 Ztyx left #salt
16:30 slk_ joined #salt
16:30 mrjk joined #salt
16:31 gattie joined #salt
16:32 murrdoc and u have the top.sls in /srv/pillar/ that includes the packages.sls
16:33 ksj murrdoc: yes
16:34 murrdoc and u are running saltutil.refresh_pillar
16:34 malinoff joined #salt
16:34 murrdoc after you change stuff
16:34 schristensen joined #salt
16:34 ksj murrdoc: yes, but according to the docs I don't need to before doing pillar.items
16:34 rvankleeck does compound matching (e.g. '* and not L@minion.example.com') not work with nodegroups?
16:34 stoogenmeyer_ joined #salt
16:34 ksj I also restarted the server and cleared everything in /var/cache/salt
16:35 ksj I'm assuming the pillar items don't have to be called from a state in order to get put on the minion?
16:36 rvankleeck ksj: so you have /srv/pillar/top.sls, and ~/salt/pillar/packages.sls?
16:36 ksj rvankleeck: yes, though like I said, they're in different directories, but that's there in the master config
16:36 analogbyte joined #salt
16:36 ksj and it definitely reads the pillar/top.sls file
16:36 bones050_ joined #salt
16:36 ksj because if I break the yaml, it complains
16:37 ksj no, sorry, misread your question. both top.sls and packages.sls are in the same dir
16:38 ksj ~/salt/pillar
16:39 rvankleeck ksj: i'm assuming your master config has 'pillar_roots:\n  base:\n    - ~/salt/pillar'?
16:40 rvankleeck or is it /home/<some_name>/salt/pillar?
16:41 analogbyte joined #salt
16:41 ksj no, I have the absolute path /home/<me>/salt/pillar
16:44 analogbyte joined #salt
16:44 iggy rvankleeck: no
16:44 phpdave11 ksj: i personally dislike the default structure of salts files. i like to keep my salt files all under 1 directory, which makes source control easier. i also don't use any absolute paths, i use relative paths instead so i can move my salt directory anywhere. here's my setup: https://www.refheap.com/96350
16:45 ksj yeah, I do too. I don't like spreading things about in /srv and /opt and wherever
16:45 rvankleeck iggy, darn. is there a way to make a sort of "default" nodegroup? or maybe in top.sls match anything that isn't in a nodegroup?
16:45 linjan joined #salt
16:45 iggy rvankleeck: not that I know of
16:46 casey|sfe i deal with the issue of where the master caches keys a lot. often the minion will have to wait 10s to reauth, and sometimes the master rejects the key. either way it's a silent failure.
16:46 rvankleeck iggy, well shoot. Thanks for the info!
16:46 casey|sfe i log into the minion and check the log and see what happened
16:46 casey|sfe but it would be awesome if i could at least get the master to handle the failure
16:46 casey|sfe but it returns 0
16:47 casey|sfe anyone else dealt with this?
16:47 ksj the thing I don't get is it definitely reads the pillar/top.sls file, because I can break it and it complains. so why the hell isn't it reading the other pillars?
16:47 ksj I've tried both X.sls and X/init.sls formats. neither works
16:49 ksj or maybe my test is wrong? I'm using salt <machine> pillar.items, and also salt <machine> pillar.get packages:apache
16:49 ksj neither works
16:49 ksj also, I turned off caching in master config just in case
16:50 xliiv joined #salt
16:51 iggy casey|sfe: you usually see this handled a few different ways: A. Use open_mode/auto_accept B. use salt-cloud to deploy (auto-accepts keys, etc.) C. use salt-ssh (no keys) D. have salt-minion automatically restarted (systemd, supervisord, etc.)
16:51 iggy ksj: I'm too lazy to read back up, but salt isn't going to read anything that doesn't match in the top.sls
16:52 casey|sfe restarting the minion will clear the cache on the master?
16:53 teskew joined #salt
16:53 murrdoc grain cache ?
16:54 casey|sfe nah the public key
16:54 theologian joined #salt
16:54 casey|sfe The Salt Master has cached the public key for this node, this salt minion will wait for 10 seconds before attempting to re-authenticate
16:54 ksj iggy: no worries about being lazy. I welcome any help I can get. shit I'd happily pay for it. anyway, packages is referenced in the pillar/top.sls file, but NOT in any state file. does this matter?
16:55 elfixit1 joined #salt
16:56 rojem joined #salt
16:57 iggy no
16:57 iggy just the top file
16:58 ksj that's what I thought...
16:58 tligda joined #salt
16:58 buMPnet joined #salt
16:59 bfoxwell joined #salt
16:59 meteorfox joined #salt
16:59 felskrone joined #salt
17:00 iggy what does packages look like?
17:00 iggy I don't see any refheap/gist links from you
17:00 svx left #salt
17:02 ksj it looks exactly like in the walkthrough. I also tried with a simpler one, test.sls. it contains nothing but myname: myvalue. that doesn't get read
17:02 iggy I don't really know what walkthrough you're talking about
17:03 ksj like I said earlier, I know they're not being read at all because I can corrupt them to invalid yaml and salt doesn't complain. but it DOES complain if I corrupt the pillar/top.sls
17:03 ksj oh sorry, the pillar walkthrough
17:03 scienec joined #salt
17:04 iggy protip: there's no such thing as overuse of specific url's or refheap/gist
17:04 iggy is the master running as root?
17:04 ksj iggy: yes
17:05 ksj yeah, sorry, don't have the links on hand. I'll put up a gist in a sec...I just keep thinking I'll figure it out any second
17:05 iggy you should be looking for pillar.item pkgs (not packages)
17:07 BrendanGilmore joined #salt
17:08 juanlittledevil joined #salt
17:12 Ixan joined #salt
17:13 otter768 joined #salt
17:14 ksj stripped down to it's simples to try to explain what I'm getting at: https://gist.githubusercontent.com/anonymous/00cbd75313c03e357a07/raw/
17:15 bfoxwell joined #salt
17:16 babilen /home/z/salt/pillar != /home/me/salt/pillar/
17:17 babilen And you want ’ to be '
17:17 iggy and weird characters in pillar/top.sls
17:17 babilen (in the ’*’ expression)
17:17 sarlalian joined #salt
17:18 iggy that's probably the problem... nothing is matching
17:18 babilen exactly
17:18 rvankleeck yeah, i'd go with deleting the * declaration and recreating
17:18 iggy should have pasted hours ago
17:18 babilen My guess would be a copy & paste error from a website that tried to be too fancy or some funky keyboard layout :)
17:18 rvankleeck looks like you might have pasted it from windows into linux?
17:18 iggy would have saved yourself some time
17:18 booly-yam-4014 joined #salt
17:19 * babilen asked ksj to paste it hours ago
17:19 iggy LET THIS BE A LESSON TO EVERYONE!
17:20 murrdoc use vim ftw
17:20 schlueter joined #salt
17:20 shaggy_surfer joined #salt
17:20 * rvankleeck agrees with murrdoc
17:21 Mso150 joined #salt
17:22 acabrera joined #salt
17:22 aqua^mac joined #salt
17:23 iggy for the curious, the reason that's broken is because anything other than normal ' and " become literals, so salt was trying to match that to a host that was literally called ’*’
17:23 twellspring joined #salt
17:24 iggy which is a strange hostname, but perfectly legal
17:24 JDog Hi. Sorry to bother, but if anyone's got experience mounting on a virtualbox I could do with a hand. I was given a great gist which installs all the relevant kernel modules earlier, but I still can't mount.  gist here https://gist.github.com/jontyneedham/3551388a668284461a42
17:25 abe_music joined #salt
17:25 babilen vbox is slow and I strongly prefer kvm
17:25 manytrees hi all, anyone have a good example of using the orchestrate runner for deployments?  my requirements are pretty simple: remove from load balancer, upgrade packages, add to load balancer. also stopping the entire rollout on any failure
17:25 babilen (hence no experience)
17:25 higgs001 joined #salt
17:25 babilen manytrees: I would look into reactors for that to be honest. The reactor documentation even has a fully working example for registering minions with haproxy
17:25 iggy JDog: did you try just putting vboxfs there? (or auto)
17:25 JDog The error is that the device is not found. What should I have as athe device name; I think it should be the place on my laptop I want to mount on the virtualbox.
17:26 JDog iggy: I did try vboxfs and it said it was not an allowed value. I've not tried auto.
17:26 spookah joined #salt
17:26 speed145a joined #salt
17:26 ksj hold on, wait....sorry, had an emergency. um, z is my username. I changed z to me, but forgot to for the master
17:26 JDog I think the device name is wrong -- what sort of thing should it be
17:27 iggy JDog: you'd have to look at vbox docs for that
17:27 babilen ksj: Well, so fix your funky single quote there and you should be ready to roll (and next time please paste when any of us asks you to;)
17:27 JDog Ok.
17:27 yomilk_ joined #salt
17:27 ksj oh for the love of god....you're right. I pasted that from the docs (pdf)
17:28 ksj I do use vim by the way
17:28 ksj the pdf docs substitute ' for....whatever that single quote is
17:28 KyleG joined #salt
17:28 ksj let me test now
17:28 rvankleeck ksj: i hate when that happens...
17:28 manytrees babilen: reactor is preferred over orchestrate?
17:28 KyleG joined #salt
17:28 iggy probably one of the many reasons, they are trying to get away from rtd
17:29 ksj rvankleeck: yeah, I noticed it on a couple of other pastes, but that one obviously slipped through....serves me right for using a tiny font
17:29 babilen manytrees: No, you can't say that. I just think that reactors fit your usecase better.
17:29 schristensen joined #salt
17:29 iggy manytrees: for some of what you are trying to do
17:30 aparsons joined #salt
17:30 iggy manytrees: fwiw, the hard part in all that is going to be the failure bit
17:30 babilen .oO( just keep on adding broken entries )
17:31 manytrees iggy: that's the hard bit? i want to walk through minions one at a time and bail on failures.  isn't that common?
17:31 ksj babilen: ok, changed to normal single quote. sorry about that. bad news is it's still not working....
17:32 ksj going to grep through in case any other pdf single quotes have crept in
17:32 iggy manytrees: the problem is in orchestrate you're generally going to be trying to reuse states you already have, those states don't always propagate failure back to the orchestrate runner
17:33 Ryan_Lane joined #salt
17:34 manytrees iggy: if this is difficult with salt, am i really using the right tool to do rolling upgrades?
17:34 iggy ksj: there are yaml parsers you can run everything through to test that everything looks the way you want ( http://yaml-online-parser.appspot.com/ f.ex.)
17:34 babilen ksj: You might also want to take a look at your master logs. It should give some inside into what went wrong during pillar rendering
17:34 iggy manytrees: I can't answer that question... it's going to work great for some, not so much for others
17:35 manytrees iggy: fair enough.. do you know if there any examples of how people do this so I can see if it will fit my use case?
17:39 jeremyr1 joined #salt
17:41 iggy the docs?
17:41 iggy Not really, I had to figure it all out on my own
17:42 ksj ok....finally it works. I had to rm -r /var/cache/salt on both master and minion.
17:42 iggy make sure you are reading the docs appropriate to your version, that stuff has changed
17:43 ksj I've run into this before a few times. I've set minion_data_cache: False in the master conf, so why is it still caching?
17:43 jeremyr joined #salt
17:45 sh-ricky joined #salt
17:48 ksj ok I've turned set minion_data_cache: False on the minions. hopefully that will stop this sort of thing in future
17:50 iggy generally you want that enabled (for things like mine to work)
17:50 ksj so how come the saltutil.refresh_pillar doesn't override the cache?
17:50 desposo joined #salt
17:50 iggy bug?
17:51 ksj well, I'm still learning, so I'd rather not have to worry about every problem being a caching issue
17:51 ksj iggy: could be, I'm using an old version
17:51 iggy I've never had a problem with it not refreshing
17:51 Ahlee How old?
17:51 ksj 2014.1.7
17:52 Ahlee 0.17.5 definitely has opinions on when it should vs shouldn't refresh
17:52 sh-ricky joined #salt
17:52 murrdoc ahlee version!
17:52 Ahlee ksj: while testing, call pillar.items.  That forces a refresh
17:52 thedodd joined #salt
17:52 ksj Ahlee: yeah, it definitely wasn't
17:52 Ahlee ksj: i'm scrolling back now
17:52 ksj like I said, could be a bug that has been fixed in a later version
17:53 mrjk joined #salt
17:53 Ahlee we've not had pillar.items fail to update
17:54 ksj and for the record, assuming you're just scan reading, it wasn't the weird quotes or the path name that was the problem (though they were definitely me being an idiot)
17:54 ksj it only resolved itself on manually deleting the cache
17:54 Grokzen joined #salt
17:54 ksj going to have a play now with caching turned off on the minion
17:55 iggy no, it was definitely the quotes (maybe exacerbated by caching, but definitely quotes)
17:55 Ahlee ksj: are you sure your pillar top.sls matches?  Salt will read and parse the entire config, even if it's not going to be used, so breaking the pillar's top.sls with invalid yaml doens't necessarily mean the pillars would be applied
17:55 ksj iggy: no, it wasn't. I changed the quotes to correct single quotes and it still didn't work
17:56 iggy then put them back and see what happens
17:56 Ahlee too many re-used names.  top.sls, states that are execution states and states that aren't, but are still both states, etc
17:57 murrdoc https://github.com/saltstack/salt/compare/v2014.7.0...v2014.7.1
17:57 murrdoc broke my browser
17:57 ksj iggy: you're misunderstanding. I'm not saying the utf8 quotes aren't a problem. I'm saying that chagning them to ascii single quotes didn't change anything
17:57 Ahlee murrdoc: You'll be happy to know I just pushed 0.17.7 (which is 0.17.5 + my previous back ports + more backports) to my testing environment ;)
17:57 iggy nobody is happy to hear that
17:58 yomilk joined #salt
17:58 murrdoc someone was in the chat room asking for a fix in 0.17, and i forgot what the version was
17:58 iggy everybody wants you to upgrade to something supported
17:58 JDiPierro joined #salt
17:58 murrdoc so i called it 'ahlee version'
17:58 murrdoc is all
17:58 Ahlee saltenv change is killing me :(
17:58 Ahlee murrdoc: saw that
17:58 iggy then we can all say: "jeez, even Ahlee upgraded, you need to upgrade to something newer" when people come around running 0.17
17:58 ajw0100 joined #salt
17:59 sh-ricky joined #salt
17:59 murrdoc ahlee is holding it down
17:59 murrdoc salt hipster status
17:59 Ahlee heh
17:59 murrdoc #nodisrespect
17:59 murrdoc more like salt greybeard
17:59 Ahlee :(
17:59 iggy greybush?
17:59 murrdoc "all you new kids with your features, all i need is event.fire " — Ahlee
17:59 Ahlee we're working on it.
18:00 thedodd joined #salt
18:00 twellspring joined #salt
18:00 ksj how do you correlate the version numbers that salt --version give (e.g. 2014.1.7) with the versions you guys talk about (e.g. 0.17)?
18:01 Ahlee ksj: 0.17 is older than 2014.x.x
18:01 Ahlee ksj: 0.17.5 was the last official version before 2014.1.0
18:01 murrdoc 0.17 was when they were still doing semver
18:01 Ahlee RIP sensible versioning
18:01 murrdoc i am a fan of the yyyy.mm.dd version though
18:01 ksj oh ok, so 2014.1.7's not THAT out of date...
18:01 Ahlee approximately a year old
18:02 murrdoc yeah
18:02 Ahlee hey, it has uses! ;)
18:02 murrdoc its all about that 2015.2
18:02 ksj yeah...and development moves quickly, I know
18:02 iggy 2014.1 will receive no further updates
18:02 iggy well, releases
18:03 iggy so any bugs in it you'll probably never see fixed
18:03 iggy (and I'm really starting to feel like I'll never see fixes in 2014.7 either ;)
18:03 murrdoc 2014.7.1 is out
18:03 _prime_ iggy 2014.7.1 is out
18:03 iggy topic disagrees
18:03 murrdoc that is true
18:03 murrdoc we need based pi to come explain why
18:03 higgs001 joined #salt
18:03 iggy and ain't nobody got time for mailing lists
18:03 _prime_ maybe not officially announced, but the tarball is there and gentoo already has it.
18:04 mrjk joined #salt
18:04 babilen It's the "it's released but not released^Wpackaged" thing saltstack does
18:04 iggy guh
18:04 iggy that shit needs to stop
18:04 babilen yeah
18:05 _prime_ I've already deployed it on SL6, Centos 7, FC17, FC19, and FC20 via a gentoo-prefix
18:05 babilen Their motivation for it is probably that they want all major packages to become available at the same time
18:05 iggy do that with "enterprise", but this is an open source project...
18:05 murrdoc _prime_:  u crazy
18:05 _prime_ murrdoc :-D
18:06 babilen iggy: saltstack is quite enterprise in some of their ways, but we (i.e. the community) should maybe get it into their heads that they should just release the software and let packagers do their work
18:06 ksj just found out another issue in my gist. I was doing pillar.get test:myvar, instead of pillar.get myvar. Not sure where I got the colon syntax from...
18:06 _prime_ let's me use consistent versions of python, zeromq, etc. across all platforms (but the real reason was developers replacing core python libraries with custom in-house things that broke parts of salt and/or grains)
18:06 iggy I'm sure we'll all have plenty of healthy conversations in 6 weeks
18:07 iggy ksj: :'s delimit nested keys
18:08 iggy ksj: so in that walkthrough pillar.get pkgs:apache would return httpd
18:08 StDiluted joined #salt
18:08 ksj yeah, I was using it to state the pillar filename. I think it was because when I did e.g. master:user, it worked. but the "sub pillars" don't get their own top level name
18:10 iggy ahh, yeah, you could technically put all of your pillars in one flat file and get the same output as having them spread out... so ignore file names in pillar
18:11 forrest joined #salt
18:11 dooshtuRabbit joined #salt
18:12 ksj all working great now...I can get back to the docs. Thanks all
18:13 Gareth morning morning
18:13 ksj oh, while I'm here, I asked a question the other night that didn't get answered. I was just curious about salt-ssh. Wouldn't a simpler version just use ssh -R to bind the minion ports back to the master?
18:13 ksj still using zero mq I mean
18:13 twellspring joined #salt
18:14 ksj it's what I'm planning to do so that I don't need open ports on remote hosts exposed on the net
18:14 agend joined #salt
18:15 iggy or you could use a VPN
18:15 ksj that way you get all the benefits of ssh (i.e. everyone already knows it and has it implemented), but most of the speed benefits and constant connectivity of zmq
18:15 monkey66 joined #salt
18:15 malinoff ksj, you can't use messaging patterns with ssh
18:15 iggy the real draw to salt-ssh is A. no minion running constantly B. no need for a constant connection
18:15 mrjk joined #salt
18:16 monkey66 left #salt
18:16 thedodd joined #salt
18:16 ksj iggy: ahh ok, got you. So the benefits I'm thinking of are actually reasons people want to move away from it.
18:18 ipmb joined #salt
18:18 ksj does anyone leave salt minions exposed? Or do most people have their remote boxes on a vpn? I'm just wondering because the salt key mechanism kind of invites spam.
18:20 iggy you don't really need minions exposed (you need the master exposed if anything) minions connect to the master, not the other way around
18:20 ksj ...good point
18:20 ksj getting tired and dumb...er
18:20 casey|sfe any idea where the master is caching the keys?  it almost seems like it's looking at known_hosts...
18:21 iggy it's something people forget a lot (I think because other systems don't necessarily work the same way)
18:21 ajw0100 joined #salt
18:22 mpanetta casey|sfe: I think somewhere in /var/cache/salt/master
18:24 mpanetta casey|sfe: Strike that
18:24 mpanetta casey|sfe: it is in /etc/salt/pki/master/minions*
18:24 casey|sfe even if i delete every reference to it in /etc/salt/pki/master the key is still cached somewhere and gets rejected
18:25 cleme1mp joined #salt
18:25 mpanetta casey|sfe: Did you shut the master off before deleting them?
18:26 casey|sfe no but i restarted it afterward
18:27 hal58th casey|sfe what are you trying to accomplish? Then we can probably try to give you the proper steps
18:27 mpanetta If you don't shut the master off when deleting the keys squirrly things can happen
18:28 ipmb joined #salt
18:28 casey|sfe well, i'm just working on bootstrapping the minions
18:28 mpanetta Did salt-cloud not help?
18:28 casey|sfe i tried salt-cloud but couldn't get it to connect to openstack
18:28 aparsons joined #salt
18:28 bhosmer_ joined #salt
18:28 mpanetta hmm
18:28 mpanetta That's odd.
18:28 casey|sfe yeah, i'm sure i have the error somewhere
18:28 mpanetta salt-cloud really is the best way to manage these things IMO.
18:29 hvn joined #salt
18:29 hvn joined #salt
18:29 iggy so how are you deploying as of now?
18:29 casey|sfe but it returned something crytic from auth and google only found me refs to the source code
18:29 casey|sfe with a shell script
18:29 casey|sfe i tried having it generate the keys and pass them to the minion but i got the same shit
18:29 casey|sfe it would reject the key
18:29 casey|sfe the minion log shows this
18:30 casey|sfe and the key ends up in /e/s/pki/master/minions_denied
18:30 iggy and I'm guessing auto_accept/autosign/etc isn't an option?
18:30 casey|sfe you know that's probably fine really
18:31 casey|sfe it's all on a private network
18:31 casey|sfe just thought this was something i should be able to solve :)
18:31 StDiluted I can use {% set foo=pillar.get(‘bar’, {}) -%} inside an sls file, right?
18:31 casey|sfe i wonder if auto accept would just do the same thing though
18:31 mpanetta casey|sfe: Can you paste the salt-cloud error here?
18:31 casey|sfe cause i do accept the key and it shows up in salt-key -l acc
18:31 mpanetta Donno if I could help, but it would be interesting to see.
18:32 stevednd anyone have any strategies they use for managing floating IPs with salt? configuring networking, setting up clusters, pillar structure, whatever, etc..
18:32 iggy I know everybody frowns on it, but sometimes it's a perfectly acceptable option... just understand the risks
18:32 casey|sfe i'll have to reinstall some stuff, but i'll do that this afternoon
18:32 mpanetta casey|sfe: Ok
18:32 casey|sfe and try salt-cloud again
18:32 casey|sfe it does seem like a better option
18:32 mpanetta casey|sfe: We had an error here recently that required the pgrade of a python package to fix it
18:34 Andre-B joined #salt
18:35 iggy it's generally pretty picky about libcloud version (amongst others), but once you get it working, it tends to work fine
18:35 hal58th joined #salt
18:35 thedodd joined #salt
18:35 sh-ricky joined #salt
18:36 micah_chatt joined #salt
18:36 StDiluted iggy, did you see my earlier question?
18:36 StDiluted or anyone, really
18:37 stevednd StDiluted: yes, you can
18:37 StDiluted thanks! :)
18:37 stevednd if it's not working you done goofed
18:37 StDiluted I thought so, but wasn’t sure
18:37 StDiluted haha
18:37 StDiluted i goof a lot so it’s not out of the question
18:37 jeremyr joined #salt
18:38 micah_chatt_ joined #salt
18:40 shaggy_surfer joined #salt
18:40 iggy if it's not working, starting pasting code... and the preferred format would be {% set foo = salt['pillar.get'](‘bar’, {}) -%}
18:41 JDiPierro I recently started seeing this error after all salt runs, even successful ones: Exception TypeError: "argument of type 'NoneType' is not iterable" in <bound method SREQ.__del__ of <salt.payload.SREQ object at 0x2a9dd10>> ignored
18:42 JDiPierro It doesn't seem to be causing problems but any ideas what it might be?
18:43 hal58th JDiPierro I was getting the exact same thing. No idea what it was. The only way I made it go away, was to uninstall the minion and reinstall. But as you said, it didn't seem to be affecting anything
18:43 JDiPierro hal58th: Huh.. weird. Okay thanks for your fix :)
18:43 snave joined #salt
18:44 iggy same ^ I had originally installed via packages, then switched to installing from source
18:45 hal58th JDiPierro Yeah I wish I could have figured it out. I spent a couple hours deducing things, but it looks to be a low level code problem with jobs or runs. That's my guess at least
18:46 iggy I figured it was a pyc file laying around somewhere or something
18:51 bhosmer joined #salt
18:54 twellspring joined #salt
18:57 mcgregor joined #salt
19:00 Grokzen joined #salt
19:00 wrench joined #salt
19:01 druonysuse joined #salt
19:01 druonysuse joined #salt
19:01 wrench Does it make sense to set pillar data to define “roles” and then reference those roles in /srv/salt/top.sl to map which states apply to which minions? Or am I approaching this wrong?
19:02 * babilen chuckles
19:02 iggy USE GRAINS!!!!
19:02 iggy just kidding
19:02 babilen wrench: It is definitely not wrong and it works splendidly for states. You cannot, however, target pillar data by that.
19:02 JDiPierro but rly
19:03 iggy I'm sure someone else in here can expound on why it's a bad idea to use grains for roles
19:03 iggy but there are cases where it's perfectly legitimate, and there are bonuses (such as the top targeting mentioned already)
19:03 jonbrefe :D me… you can change the grain in the minion side, so you could end with a security problem
19:04 iggy so it's really a matter of what works best for you
19:04 wrench babilen: I don’t think I understand what you’re saying. Are you saying that you can’t map minons to states w/in the top.sls file using a value set by a pillar?
19:04 babilen Well, I might have to configure a shortcut for that in irssi, but: The argument against that is that you shouldn't rely on data provided by the minion to decide what states/data the same minion should get. This information should be kept in an authoritative place under control of the master (e.g. pillars)
19:04 twellspring joined #salt
19:04 jonbrefe someone could own a server and then just change the role to "therolewherealltheimportantstuffare"
19:04 babilen wrench: No, but you cannot use data in pillars for the matching in pillar's top.sls
19:05 JDiPierro If I want to automatically remove a client from Sensu when I use salt-cloud to delete it that would be where the Reactor system comes in, right?
19:05 babilen We do not have "pre-pillars" (that is static data that is available everywhere and is under control of the master)
19:05 stevednd JDiPierro: yes, use the salt-cloud destroyed event
19:05 iggy JDiPierro: yep
19:05 wrench I’m not sure how to map individual minions to “roles” that I want to set
19:06 stevednd salt/cloud/*/destroyed
19:07 stevednd iggy, jonbrefe: what would you use instead for identifying the roles of a server?
19:07 babilen wrench: Use a dictionary in which you map minion ids to roles (or the other way round) and then look up the minion id in there ...
19:07 iggy see in our situation, our "roles" come from grains, but we have a custom grain module that pulls that info from somewhere else, so someone couldn't get control of a minion and fake that
19:07 Ryan_Lane I think it's fine to map states via grains
19:07 babilen iggy: Which is perfectly legitimate.
19:07 Ryan_Lane it's even fine to map pillars via grains, assuming the pillars don't contain sensitive data
19:07 iggy also, we don't let people log into our minions, so someone would have to compromise a service, then gain root, then hack the minion
19:07 Ryan_Lane you should never map sensitive pillars to minions using grains
19:07 babilen Ryan_Lane: Sure, but that is a pretty big assumption
19:08 stevednd iggy: grains set on the minion will override those set in a custom grain
19:08 jeremyr joined #salt
19:08 iggy it doesn't matter
19:08 wrench the problem with salt that I’m finding out…is that it can do so many things, that I don’t know which bits to use and how lol
19:08 babilen I mean targeting sensitive data (e.g. certificates, passwords, keys, ...) is one of the major applications of pillars besides customising formulas
19:08 Ryan_Lane wrench: yep. that's a problem
19:08 iggy if someone gains root on one of our minions it's already game over
19:08 Ryan_Lane babilen: indeed. a lot of this changes if you're using masterless, though, of course :)
19:08 babilen iggy: How so?
19:08 gngsk joined #salt
19:09 Ryan_Lane I use grains for everything because the minion either has access to the sensitive data or doesn't
19:09 jonbrefe stevednd sadly grain roles… but I already know I need to rewrite a lot of things on that
19:09 murrdoc nothing wrong with roles getting set in the grains
19:09 jonbrefe anything on critical decision must to be on pillars
19:09 babilen iggy: We have plenty of customers with root on their boxes and I really don't want them to be able to see other customer's data
19:09 Ryan_Lane wrench: so, in general you should map your pillars by hostname (or hostname glob)
19:09 iggy sure... we don't
19:10 jonbrefe Am I probably too paranoid?
19:10 babilen Ryan_Lane: How do you ensure that the minion doesn't have access to it?
19:10 iggy basically totally different use cases
19:10 Ryan_Lane babilen: IAM policy, and API keys
19:10 babilen ah, okay
19:10 higgs001 joined #salt
19:11 babilen So many ways, so little "this is how it is best. always" :)
19:11 Ryan_Lane all of our private data is external to the system, protected by other means :)
19:11 aqua^mac joined #salt
19:12 Ryan_Lane yeah, I think all of us are discussing best practices for different use cases
19:13 iggy I'm saying, use whatever works best for you, but understand the implications of that
19:13 babilen I actually like the "external datastore that is being pulled into grains" approach. Well, what I would really like is a "external pillar that is available everywhere" approach, but still.
19:13 iggy and some people are all "GRAINS ARE BAD NEWB!!!!11!!"
19:13 Ryan_Lane wrench: if you're using master/minion and you need to ensure service A doesn't get access to service B's data, you need to ensure pillars for service A are only shared to service A and same for service B
19:13 Ryan_Lane wrench: if you use grains as a means of mapping them, you're not actually protecting anything since the grains can be updated on the minions
19:14 otter768 joined #salt
19:14 sh-ricky joined #salt
19:14 Ryan_Lane so, you need to map the pillars to the services by the service's hostnames
19:14 gngsk What's this type of error mean, in general? I've seen it a few times but don't exactly understand what the state system is trying to tell me: "Comment: State 'raid.present' found in SLS 'provision.test' is unavailable"
19:14 babilen wrench: Maybe you could tell us more about your usecase so that we can actually provided advice that is tailored to your situation?
19:14 Ryan_Lane (this is one reason I have very consistent naming convention for all of my nodes)
19:14 gngsk More details regarding the issue I'm having can be found at http://pastebin.com/Kd7KUTg1
19:14 stevednd Ryan_Lane: what convention is that?
19:14 dmick iggy: thanks for the update.  murrdoc: "__dunder__" dictionary page sounds interesting;
19:14 aparsons joined #salt
19:15 giantlock joined #salt
19:15 Ryan_Lane servicename-environment-region-instanceid.domain.name
19:15 wrench babilen: I just want to map groups of hosts/minions to role names that I make up and then be able to map those newly created roles to states
19:16 wrench the tutorials use grains but I need more dynamic I think
19:16 Ryan_Lane on the host I parse the hostname into grains. (I have a blog post about this here: http://ryandlane.com/blog/2014/08/26/saltstack-masterless-bootstrapping/)
19:16 stevednd yeah, that's not far from mine. env-scope-service-role#
19:17 stevednd given that I'm working with existing servers I'm slowly renaming the older ones, but not all pieces are required
19:17 * Ryan_Lane nods
19:17 Ryan_Lane we thankfully started with this convention
19:17 rojem joined #salt
19:17 wrench Ideally I’d be able to control everything from the master
19:17 Ryan_Lane wrench: you can use pillars for states
19:17 stevednd I have a series of modules that break down the name to determine the service something provides, cluster it belongs to, etc...
19:17 Ryan_Lane you just can't use pillars in pillars
19:18 stevednd I'm guessing pretty similar to what I'll find in your post
19:18 iggy wrench: we use GCE, so we tag machines at deploy time and we have a custom grain module that pulls that data from GCE metadata
19:18 Ryan_Lane stevednd: yep
19:18 jeremyr joined #salt
19:18 Ryan_Lane iggy: that's basically what I'm doing
19:18 wrench whats GCE?
19:18 Ryan_Lane google cloud engine
19:18 iggy google compute engine
19:18 wrench ah, ok
19:18 stevednd I need to figure out a way to manage floating ips
19:18 iggy other similar services have similar concepts
19:19 Ryan_Lane ah, right. cloud engine :D
19:19 StDiluted Ryan_Lane, so your fear is that someone would get onto say, the ‘staging’ server, and modify the grains to specify it as production, and then access the production only pillar data, if you were using a grain that specified the environment, and therefore the pillar that was accessible?
19:19 Ryan_Lane StDiluted: yes
19:19 iggy gngsk: it usually means the minion is missing some requisite to load that module (in that particular case, I'd guess missing mdadm)
19:19 wrench I’m re-reading the pillar walkthrough, I need more knowlege to understand what is being said heh
19:19 Ryan_Lane I personally don't have that concern because I don't use a master, but that's the concern with master/minion and pillars
19:20 StDiluted I’m using tags in AWS to set grains, but I suppose someone could modify the grain after the fact if they got onto one of the machines.
19:20 Ryan_Lane wrench: you'd map your hosts to pillars, then you can base your roles on the pillars you defined
19:20 gngsk iggy, thanks, i just figured that out myself, you're exactly correct though! The error message could be a bit more verbose.
19:20 iggy wrench: there are ext_pillars that can make targeting pillars to specific hosts a bit easier (reclass, etcd, etc.)
19:21 gngsk [root@test001 ~]# which mdadm /usr/bin/which: no mdadm in (/usr/local/sbin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin)
19:21 gngsk :D
19:21 iggy gngsk: if you run with -l debug it would probably say something about it missing
19:21 Ryan_Lane I'd start with normal pillars and consider external ones if the built-ins don't meet your needs
19:21 badon joined #salt
19:21 iggy (most of the modules I've looked at do anyways)
19:22 iggy mapping by top file + hostname falls over real fast
19:22 StDiluted wrench, in my case, I tag the servers in AWS with a particular tag, and have a grain module i wrote that grabs those tags and converts them to grains for each AWS instance, which then determines the pillar that is applied to that instance, using match: grains in the top.sls for the pillars
19:23 stevednd Ryan_Lane: do you have to manage any floating ips?
19:24 Ryan_Lane stevednd: I don't currently
19:24 smcquay joined #salt
19:24 StDiluted oh, and salt-cloud tags the servers when I launch them, or AWS Autoscale tags them if that’s what launches them
19:24 Ryan_Lane so we didn't add execution and state modules for it yet
19:24 smcquay joined #salt
19:24 StDiluted AWS autoscale has a reactor set up to highstate new servers
19:25 Ryan_Lane I'm trying to consider if I want to do floating IPs or VPC network stuff that does basically the same thing
19:25 gngsk iggy, thanks, i'll try to remember that in the future, though it doesn't look like the mdadm module reports in such a way. Also, for anyone else that may find via google in an irclog the relevant section of the docs that explains this is http://docs.saltstack.com/en/latest/ref/states/#reloading-modules in the section on State Enforcement
19:26 ksalman how do i reference the saltversioninfo (2014,1,1) tuple element in jinja? I tried {% if grains['saltversioninfo[0]'] == "2014" %} but that doesn't work
19:27 iggy ][0] (move the index lookup outside of the grains lookup)
19:28 ksalman iggy: thanks
19:29 Ryan_Lane stevednd: are you using AWS? if so, are you using salt-cloud or boto_*?
19:30 stevednd Ryan_Lane: I'm using linode and salt-cloud
19:30 Ryan_Lane gotcha
19:31 stevednd if we weren't already so ingrained here I would like to consider something like vpc
19:31 dmick murrdoc: did you mean http://docs.saltstack.com/en/latest/topics/development/dunder_dictionaries.html ?
19:31 murrdoc +1
19:33 stevednd I need to float the some ips mainly on haproxy instances for availability purposes
19:33 murrdoc yeah dmick its not explicit yet, but __salt__['module.function'] is preferred
19:33 scienec joined #salt
19:34 iggy iirc, he was specifically asking about in templates
19:34 murrdoc and by explicit i mean, its not on best practice page
19:34 iggy ikr
19:34 murrdoc i use that way everywhere
19:34 Mso150_a joined #salt
19:36 mrjk joined #salt
19:37 nickdew joined #salt
19:38 teogop joined #salt
19:39 manytrees iggy, babilen: been reading reactor and orchestrate docs but they don't seem to fit a rolling upgrade with load balancer add/remove and stops on failure.  it looks like using batch mode could work but it doesn't look like it stops on failure
19:39 dmick AAIU __salt__['module.function'] is equivalent to the older salt.module.function, yes?
19:39 Ryan_Lane can you do orchestrate with batch?
19:40 Ryan_Lane because that combo would likely be what you want
19:40 dmick (and we may be on older salts at the moment; new syntax in 2014.7 yes?)
19:40 dmick s/AAIU/AAUI/
19:40 manytrees ryan_lane: agreed but apparently not supported: https://github.com/saltstack/salt/issues/4245
19:40 iggy manytrees: yes, as I said before, failure is going to be your problem
19:40 dmick (except that maybe __salt__ is full, but salt is a subset?)
19:41 anotherZero joined #salt
19:41 manytrees not sure what this post means in practice though: https://groups.google.com/d/msg/salt-users/65hWu18UITw/fzZrdQ3zudUJ
19:41 iggy dmick: __salt__ is for python code salt['module.func'] is for templates, and no, it's been around for quite some time
19:41 manytrees what is "manually batching"?
19:42 dmick argh
19:42 babilen manytrees: Any particular reason why you aren't looking into tools such as zookeeper?
19:43 jeremyr1 joined #salt
19:44 babilen (consul, ...)
19:45 manytrees babilen: you mean from a service discovery point of view? not sure i understand how that would help accomplish my goal
19:45 Ryan_Lane manytrees: http://docs.saltstack.com/en/latest/ref/states/all/salt.states.zk_concurrency.html
19:45 Ryan_Lane you could consider that
19:45 Ryan_Lane and handle elb registration/deregistration directly from your nodes
19:46 babilen manytrees: That might be due to me not completely understanding your problem as well. It just sounded as if either reactors or tools such as ZK or consul or ... might be appropriate.
19:46 Ryan_Lane we use that for a rolling deploy
19:46 manytrees Ryan_Lane: seems like a huge dependency just to get salt to walk through nodes one-by-one and stop if it fails
19:46 Ryan_Lane indeed
19:46 Ryan_Lane manytrees: you could write a runner that does what you want
19:47 manytrees considering salt has a list of minions i can target and i can use prereq and onchanges to remove/add to loadbalancer
19:47 iggy presumably, you test in dev, then qa, so you're not too worried about failures
19:47 Ryan_Lane batch mode just does a ping to get a list of nodes, then iterates them at the desired batch size
19:47 Ryan_Lane so, your runner could handle rolling deploys by iterating over the list and failing if any node fails
19:47 manytrees iggy: it is tested but we'd have a big issue if something strange happened in prod and it took down every app server
19:47 iggy here's the other thing
19:48 manytrees Ryan_Lane: i like the sound of that idea... are runners pretty straightforward to write in your experience?
19:48 iggy salt does everything in parallel, if one minion fails, you can't stop the other minions that are already running through their steps
19:49 manytrees iggy: was thinking i could use this http://docs.saltstack.com/en/latest/topics/targeting/batch.html with a batchsize of 1 but it doesn't look like i can make it stop if one of the minions fails
19:49 Ryan_Lane manytrees: yeah, pretty easy
19:49 Ryan_Lane and you can use other runners as examples
19:50 manytrees Ryan_Lane: thanks, i'll give that a look
19:51 Ryan_Lane yw
19:51 iggy unless you just have a minimal number of hosts you need to handle, a batch size of 1 is going to take forever (and if that is the case, why not just write your orchestrate to use an id and do them one a time manually)
19:51 TheoSLC joined #salt
19:52 jeremyr joined #salt
19:55 TheoSLC_ joined #salt
19:55 TheoSLC_ Greetings.
19:56 natewalck joined #salt
19:57 MugginsM joined #salt
19:57 diegows joined #salt
19:58 dmick iggy: well, I can confirm that for the case of user.info, either salt.user.info or salt['user.info'] seems to work equivalently, fwiw
19:58 diegows anyone using digital ocean with salt-cloud?
19:58 diegows it's ignoring the private_networking flag :(
19:58 iggy dmick: correct, the second is preferred (and will work with any module)
19:59 dmick maybe internally it's on __salt__, a dict, and therefore the get() is easy where the getattr() must be orchestrated, is that the point?
19:59 thedodd joined #salt
19:59 iggy I think they just got tired of having to manually add that to the jinja env for every new module
20:02 jeremyr joined #salt
20:03 ajw0100 joined #salt
20:03 iggy I don't really know. That decision was made before I even started using salt
20:04 zadock joined #salt
20:14 monkey66 joined #salt
20:14 dude^2 joined #salt
20:15 MugginsM joined #salt
20:15 dude^2 joined #salt
20:17 hvn joined #salt
20:18 nitti joined #salt
20:20 Grokzen joined #salt
20:21 schlueter1 joined #salt
20:22 schlueter joined #salt
20:25 dmick yeah; seems like it could be as generic as salt[], but, yeah, who knows.
20:25 Raging_fenrir joined #salt
20:31 diegows The following exception was thrown by libcloud when trying to run the initial deployment: 400 Bad Request Invalid config_drive provided.
20:31 diegows WTF
20:31 diegows using rackspace
20:33 ajw0100 joined #salt
20:33 scoates joined #salt
20:34 scoates hello.
20:34 diegows hello
20:34 scoates I'm sure this is easy, but I'm failing at google today. I seem to remember that there's a way to tell a highstate to abort on the first error. Is this the case, and if so could someone please tell me or at least point me at the right URL?
20:35 diegows well, it should be a documented flag :)
20:35 babilen http://docs.saltstack.com/en/latest/ref/configuration/master.html#failhard
20:36 stephen-mw joined #salt
20:36 scoates ahhh. I was looking for a flag on the actual state.highstate call
20:36 scoates thanks!
20:36 nullptr left #salt
20:36 mpanetta joined #salt
20:37 stephen-mw Can someone help me answer this question: https://groups.google.com/forum/#!topic/salt-users/4TSiLxNJW8s
20:37 stephen-mw I'm confused about whether this is a bug or expected behavior
20:37 babilen both?
20:37 stephen-mw According to the docs it looks like a wildcard match should be the first thing executed with state_auto_order turned on
20:39 babilen I would have thought that states in common execute earlier
20:40 stephen-mw I can verify, at least with my version and that setup, that it states in the roles section execute first
20:40 aparsons joined #salt
20:40 babilen Okay, is that problematic?
20:40 stephen-mw group section*
20:41 stephen-mw Well, it means I have to add "common" to everything under the sls for each group. Not problematic but just verbose, since everything requires it
20:42 babilen If some of your states in foo require states in common then you should include common in foo.
20:43 stephen-mw The fix is pretty straight-forward. I was just wondering if it was expected behavior or a bug.
20:43 fredvd joined #salt
20:44 echtish joined #salt
20:44 nitti joined #salt
20:45 kawa2014 joined #salt
21:03 ilbot3 joined #salt
21:03 Topic for #salt is now Welcome to #salt | SaltConf 2015 is Mar 3-5! http://saltconf.com | 2014.7.0 is the latest | Please be patient when asking questions as we are volunteers and may not have immediate answers | Channel logs are available at http://irclog.perlgeek.de/salt/
21:04 Mso150_a joined #salt
21:06 druonysus joined #salt
21:06 druonysus joined #salt
21:14 sh-ricky joined #salt
21:14 otter768 joined #salt
21:19 StDiluted joined #salt
21:20 jonbrefe1 joined #salt
21:20 jhauser joined #salt
21:22 jeblair joined #salt
21:23 tsukamoto joined #salt
21:25 tsukamoto left #salt
21:25 cpowell joined #salt
21:26 TheoSLC_ left #salt
21:26 mpanetta joined #salt
21:27 TheoSLC joined #salt
21:29 TheoSLC I've noticed that when I run scripts with cmd.script on Windows with shell 'powershell' my powershell commands cannot be found.  Getting error "The term 'command' is not recognized as the name of a cmdlet, function, scrip file...".  Does anybody know how to fix this so that paths are available when running scripts from salt?
21:30 yomilk joined #salt
21:30 stevednd linsys: on the master rm -rf /var/cache/salt/master/minions/{{minion}}
21:30 stevednd to automate it in the future create a reactor script on salt/cloud/*/destroyed, and purge the mine cache at that time
21:31 MugginsM that's good to know!
21:31 dude051 joined #salt
21:31 twellspring joined #salt
21:37 shaggy_surfer joined #salt
21:38 iggy linsys: I think there's a setting for that
21:38 higgs001 joined #salt
21:39 iggy preserve_minion_cache: True (you'd want false, I don't know what the default is)
21:39 TheoSLC Update: I checked and the command is in $env:path .  But windows still can't find it.
21:40 higgs001 joined #salt
21:42 iggy basepi: do you know if there are any published numbers for attendance for previous saltconf's (and if there's any expectations for this year)?
21:44 nahamu do all salt release tarballs contain a PKG-INFO file?
21:48 Grokzen joined #salt
21:51 sh-ricky joined #salt
21:51 Mso150 joined #salt
21:51 basepi iggy: last year the sellout point was 250, and we hit or came very near that (can't remember exactly). This year we're targeting double that.
21:51 basepi And are on track, as far as I know, to have very good attendance. =)
21:52 iggy the site says it sold out last year
21:52 aw110f joined #salt
21:53 basepi That's what I thought, I just couldn't remember for sure.
21:53 iggy so... yeah, I was just kind of extrapolating out from the number of people I know going and said 2k... wanted to fact check that
21:53 iggy hopefully nobody brings that up at all tomorrow
21:53 murrdoc do we have a presentation schedule yet
21:53 iggy I don't even think they've finalized all the speakers
21:54 basepi ya, schedule is not finalized at all yet
21:54 iggy they extended the first deadline to Jan 15th I think
21:54 gngsk is it possible to store the result of running an given module subcommand into a jinja variable?
21:54 basepi most speakers are, I think
21:54 iggy gngsk: {% set foo = salt['module.fun']('arg1') %}
21:54 murrdoc cmd.run is evil
21:54 gngsk I would like to gleen the UUID of a block device from disk.blkid and then use it to build a mount state
21:55 mosen joined #salt
21:55 murrdoc oh man we need this in salt land https://github.com/TelekomLabs/puppet-os-hardening
21:55 murrdoc its from telekom labs
21:56 StDiluted i did somethign similar with salt + cis benchmarks for linux
21:56 StDiluted not that hard to put together
21:56 mosen hiya saltines
21:57 brendanashworth joined #salt
21:57 forrest murrdoc: manifests don't look that complicated.
21:57 linsys joined #salt
21:57 murrdoc nope not at all
21:57 murrdoc i am stepping through it
21:58 forrest murrdoc: Let me know if you want me to create a salt-formulas repo for it
21:58 murrdoc might as well
21:59 murrdoc i am doing it for work
21:59 forrest salt-os-hardening?
21:59 forrest doesn't exactly roll off the tongue..
21:59 murrdoc i ll have to redo it later
21:59 murrdoc for formulas
21:59 forrest why redo it later?
21:59 forrest how about just os-hardening
21:59 murrdoc ++
22:00 forrest murrdoc: https://github.com/saltstack-formulas/os-hardening-formula
22:00 kawa2014 joined #salt
22:00 forrest fork and enjoy :D
22:00 yomilk joined #salt
22:00 murrdoc kk
22:02 Singularo joined #salt
22:02 gngsk iggy: perfect, thanks!
22:02 linsys iggy: Thanks for the info, the comment in the master file says the data is deleted when the key is removed; however that isn’t the case… I will make sure to put that into the master config file.
22:03 nickdew joined #salt
22:05 sh-ricky joined #salt
22:06 hvn joined #salt
22:06 hvn joined #salt
22:06 eliasp does anyone know how to access 'saltenv' in Jinja?
22:07 mpanetta eliasp: {{saltenv}}
22:07 wrench Getting this error on a highstate: Specified SLS blah in environment ‘base’ is not available on the salt master. Any idea where to check where blah SLS is specified? I can’t seem to find where that’s configured
22:07 iggy eliasp: {{ saltenv }} or maybe just {{ env }}
22:07 eliasp mpanetta: oh, well… could've thought of that… too easy :)
22:07 eliasp thanks!
22:07 eliasp thx iggy
22:07 mpanetta {{env}} is deprecated I believe
22:07 iggy ^
22:07 wrench nm found it
22:07 eliasp yes, saltenv is it now
22:09 jonbrefe1 env still works
22:09 jonbrefe1 :D
22:09 jonbrefe1 I use it everywhere
22:10 jonbrefe1 it will be deprecated at some point
22:10 jonbrefe1 but if you are starting from scratch, use saltenv
22:10 KyleG joined #salt
22:10 KyleG joined #salt
22:11 druonysus joined #salt
22:11 druonysus joined #salt
22:11 quickdry21 joined #salt
22:11 iggy I think it's already considered deprecated
22:13 mpanetta Yeah it is, and salt will bitch if you use it
22:13 mpanetta Just not very vocally... I think it only shows up in the logs
22:13 murrdoc bitch is not an appropiate word mpanetta, please elevate your discourse
22:13 mpanetta complain :)
22:14 sh-ricky joined #salt
22:14 murrdoc :D
22:14 murrdoc i was le kidding
22:14 mpanetta haha
22:16 I3olle joined #salt
22:16 juanlittledevil1 joined #salt
22:18 Ryan_Lane joined #salt
22:18 eliasp be careful with swearwords… SaltStack is from the home of mormons… they tend to be easily offended ;)
22:19 mpanetta Hah! :P
22:19 forrest eliasp: Stereotyping is badd mmm'kay?
22:19 eliasp forrest: I know, I know… over-generalizing just makes things so much more easy ;)
22:21 murrdoc mormon underwear is awesome
22:22 murrdoc said no one ever
22:22 murrdoc http://docs.saltstack.com/en/latest/ref/states/all/salt.states.timezone.html
22:22 murrdoc is confusing
22:22 murrdoc America/Denver:
22:22 murrdoc timezone.system:
22:22 murrdoc - utc: True
22:22 murrdoc sets the clock to utc ?
22:24 scoates joined #salt
22:24 iggy I'd read that as set tz to A/D, hw clock to utc
22:25 mohae ^
22:27 booly-yam-4014 joined #salt
22:28 shaggy_surfer joined #salt
22:29 forrest I don't even know why we put America/Denver in the example
22:29 forrest GMT or bust
22:29 forrest should fix that
22:29 mohae becuase that's the TZ that SLC is in?
22:30 murrdoc there is only one tz
22:31 perfectsine joined #salt
22:31 yomilk_ joined #salt
22:33 jameswarren joined #salt
22:34 JDiPierro joined #salt
22:37 juanlittledevil1 question for you guys. I'm kinda new to cloud services and I've been tasked with the responsibility of automating system builds on AWS. Any recommendations on good blogs, books or any other documentation regarding working with salt/docker/aws? Any information you have that can point me in the right direction is greatly appreciated.
22:38 wrench From the master I’m calling an SLS file from the cli like: `salt -N <name> <statefile>`. Minions are coming back with: “<statefile> is not available”. Is this b/c the file exists on the master and not the minions? Is there a way to apply an SLS file to minions from the master?
22:39 Brew you would want to use state.sls to call a specific sls.  for instance, salt -N <name> state.sls <statefile> if im not mistaken
22:40 nitti_ joined #salt
22:41 iggy ^ correct
22:42 iggy or state.apply in new versions (which will eventually replace state.sls and state.highstate)
22:42 wrench Brew: Now I’m getting “No matching sls found for <sls> in env ‘base’”. Any way around that. I just wanna apply the friggin sls to the minions w/o mucking with more config heh
22:42 murrdoc why is state.apply replacing stuff
22:42 murrdoc state.sls i understand
22:43 murrdoc but state.highstate ?
22:43 stevednd murrdoc: what are the semantics of state.apply?
22:43 iggy wrench: you're going to have paste/give more detail to get more help (and stop obfuscating things that don't need to be obfuscated)
22:43 murrdoc no clue
22:43 murrdoc iggy knows
22:44 iggy murrdoc: because it's basically just "if args: state.highstate else: state.sls args
22:44 stevednd yeah, I just checked the doc on it
22:44 iggy maybe replace is too strong
22:44 stevednd is it new in lithium?
22:44 iggy I don't think there's been any talk of getting rid of either of sls/highstate
22:44 murrdoc what is helium
22:45 aurynn it's a gas
22:45 iggy it's new in 2015.2
22:45 murrdoc where *
22:45 aurynn ;)
22:45 murrdoc haha damn u aurynn
22:45 iggy f those code names
22:45 aurynn salt SSH over SSH tunnels: Insane?
22:47 jeremyr joined #salt
22:47 Brew wrench: make sure your master config file file_roots points to your state file structure
22:47 phpdave11 salt-ssh FTW
22:49 wrench iggy: ok. I have an sls file called: search_head.sls that I want to apply to a nodegroup that I have configured in /etc/salt/master called: search_heads. When I run: `salt -N search_heads state.sls /srv/salt/splunk/search_head.sls`, I get the following error: “No matching sls found for ‘/srv/salt/splunk/search_head.sls’ in env ‘base’”
22:49 wrench confirmed the file is there
22:49 aqua^mac joined #salt
22:49 iggy nope
22:50 iggy assuming /srv/salt is in your file_roots, it'd be state.sls splunk.search_head
22:50 wrench oh, I can’t just specify the path to the file and get around the file_roots?
22:50 iggy THIS IS SPAR^WPYTHON
22:50 iggy NO
22:50 wrench :(
22:50 iggy err, I mean no
22:51 stevednd yeah, 2015.2 is lithium
22:51 iggy read more about how master and minions talk to each other (namely sync'ing) and then you'll see why
22:51 wrench ok
22:51 phpdave11 can i beta test 2015.2?
22:51 murrdoc can u
22:51 stevednd phpdave11: sure, you can just grab the develop branch from git
22:51 phpdave11 i mean, is it easy? do i have to compile?
22:52 murrdoc its the new age
22:52 murrdoc we curl | bash now
22:52 cruatta joined #salt
22:52 stevednd no, you can use salt-bootstrap to get it
22:52 murrdoc hold onto your hats
22:52 stevednd git 2015.2 actually
22:52 stevednd it has its own branch now
22:52 phpdave11 sweet. let me get the develop branch version.
22:52 hintss joined #salt
22:52 murrdoc curl -L https://bootstrap.saltstack.com -o install_salt.sh
22:52 murrdoc chmod +x install_salt.sh
22:52 murrdoc ./install_salt.sh -Z -X -P git v2014.5.2
22:52 iggy stevednd: not develop branch, 2015.2 was already branched
22:53 murrdoc uh snap
22:53 murrdoc v2015.2
22:53 * iggy type too slow
22:53 stevednd iggy: yeah, I corrected it
22:53 kermit joined #salt
22:53 stevednd I apologize for disseminating bad information
22:53 kermit joined #salt
22:53 StDiluted joined #salt
22:54 stevednd what do you guys use when you have a set of states broken into multiple files, that can run together or separate, but you want it to be dependent on a state in a different file?
22:54 __number5__ include the require or require_in
22:55 stevednd yes, that's easy
22:55 murrdoc i do the failhard
22:55 stevednd let's say for instance I have a state that installs a service in some basic way, and another state that does independent configuration and restarts the service. It's easy to run them together with include
22:56 Brew include and extend
22:56 stevednd but if I just want to run the configuration one on its own it will no longer know about the service state
22:56 stevednd you can't include inside the include because it's circular at that point
22:57 __number5__ break them into 3 parts then ;)
22:57 murrdoc have u looked at listen_in
22:57 schristensen joined #salt
22:58 phpdave11 $ salt-ssh --version\nsalt-ssh 2015.2.0
22:58 phpdave11 thanks murrdoc!
22:59 stevednd __number5__: that might work, but it really does start to get ugly. Play a game of find the service
22:59 murrdoc boldly go
22:59 casey|sfe i was asking earlier about this salt-cloud stuff but had to run out for a bit. i'm trying to auth with openstack but get this:
22:59 casey|sfe get_version_v2() got an unexpected keyword argument 'auth'
22:59 casey|sfe nova works fine so the creds are good
23:00 iggy stevednd: you can actually multiple include files (don't know about circular if that's what it'd really be)
23:01 __number5__ stevednd: it's hard to do it in a clean way unless you create your own modules/states, but that will create too much additional works
23:01 stevednd iggy: is that new? Last time I tried that back in April last year it failed
23:01 smcquay joined #salt
23:01 brendanashworth left #salt
23:01 CeBe joined #salt
23:02 nickdew joined #salt
23:02 scoates joined #salt
23:03 iggy don't know, I know I've got some include's multiple included
23:03 iggy and I'm on 2014.1
23:03 sh-ricky joined #salt
23:04 booly-yam-4014 joined #salt
23:05 stevednd hmm...I'll have to try it again when I get home
23:10 ckao joined #salt
23:11 phpdave11 iggy: just curious, why not 2014.7?
23:12 iggy oh boy...
23:12 iggy must resist urge to harass base_pi
23:12 * murrdoc grabs popcorn
23:13 iggy there was a last minute issue found in 2014.7.0 (compound/pillar matching in mine and publish functions), instead of fixing it, it was just disabled completely
23:14 murrdoc long story short phpdave11
23:14 murrdoc 2015.2 is the future
23:14 murrdoc saddle up
23:15 otter768 joined #salt
23:16 phpdave11 oh, i see. well, salt-ssh 2015.2 is working great so far!
23:17 iggy yeah, as long as 2015.2 makes it out on time, we'll probably just end up jumping 2014.1 -> 2015.2
23:17 iggy because our next maint window is likely to be March
23:17 twellspring joined #salt
23:18 __number5__ iggy: yearly release cycle?
23:18 iggy for us or salt?
23:19 scoates joined #salt
23:19 __number5__ iggy: your company
23:20 iggy ours is 3 months(ish), but 2014.7.0 (broken for us) didn't actually come out until 2014.12 and our maint window was Jan 3-5
23:20 iggy so if 2014.7.0 had actually worked for us, we probably would have rolled it out in Jan
23:21 murrdoc u actually do compound matching
23:21 murrdoc in salt mines ?
23:22 iggy {% set dbhost = salt['mine.get']('G@tags:db and G@tags:primary', 'network.interfaces', 'compound') %}
23:22 iggy for instance
23:22 markizano Does the global/local namespace get cleared out every time there's an exception in the modules or something?
23:22 murrdoc well thats a nasty bug
23:23 murrdoc why cant base-pi fix it
23:23 iggy he did
23:23 iggy _after_ 2014.7.0 was released and I threw a shit fit
23:23 markizano I'm setting log = logging.getLogger(__name__) at the top of my module in ~states/_modules/mymod.py
23:23 markizano by the time I get to execution in my function, it's "undefined" and I get exceptions about it being UnboundLocal
23:24 markizano so, i test for that and define it again, but then start a new try/except after that
23:24 markizano in the except block after log was defined again, it's undefined yet again in the exception context
23:26 booly-yam-4014 joined #salt
23:27 __number5__ markizano: all your salt modules still obey python rules
23:28 markizano I see now...
23:28 markizano and similarly named variables, it seems >.<
23:29 murrdoc lollogger
23:29 murrdoc no one names their variables with lols anymore
23:29 markizano PEBKAC :/
23:30 Eugene left #salt
23:30 markizano murrdoc: I saw someone use lol in the source code to a pastebin app to my company one time
23:30 Eugene joined #salt
23:30 Eugene left #salt
23:31 babilen I saw someone names his HTML generator class Arielle (parser was Cinderella) ... but that doesn't make it a good idea :)
23:31 babilen -s
23:31 murrdoc i use lol everywhere
23:34 murrdoc http://i.imgur.com/n4i1tis.jpg
23:35 murrdoc this is missing in salt tho
23:36 murrdoc the ability to specify a list to apply a state too
23:36 murrdoc like https://github.com/TelekomLabs/puppet-os-hardening/blob/master/manifests/minimize_access.pp#L16-L31
23:37 iggy I mostly use profanity in my code
23:40 cberndt joined #salt
23:41 nitti joined #salt
23:42 casey|sfe i solved my openstack problem, it was a trailing slash on the auth_url :-\
23:42 casey|sfe however i'm pretty sure that's libcloud not salt
23:44 casey|sfe now the next thing: salt tries to ssh in as root and run some stuff, but my image's default user is debian
23:44 casey|sfe can i set that in the profile?
23:44 phpdave11 you can set a username in the salt-ssh roster
23:45 murrdoc ssh_username: debian
23:45 casey|sfe salt-cloud uses salt-ssh?
23:45 phpdave11 theres a bug where it defaults to "root" tho, see this bug: https://github.com/saltstack/salt/issues/7911
23:54 otter768 joined #salt
23:55 hvn joined #salt
23:56 casey|sfe murrdoc: can i specify an ssh key?
23:56 Edgan I am trying to figure out a sane way to structure pillars. I see I can break them out by environment, but can't figure out a way to break them out by cluster other than an ever growing if statement. Example: http://fpaste.org/172769/88456914/
23:56 casey|sfe is there documentation on the profile format somewhere?
23:56 casey|sfe i haven't been able to find it
23:56 bones050 joined #salt
23:57 cruatta joined #salt
23:58 sevigny joined #salt
23:58 hintss joined #salt
23:58 babilen Edgan: Put them in dictionaries indexed by cluster and return whatever is in there (or add additional processing) -- What is wrong with line 24?
23:59 Edgan babilen: If it works, great, but I suspect it doesn't work.

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary