Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2015-01-30

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:00 hillna_ joined #salt
00:00 jmccree joined #salt
00:04 GabLeRoux joined #salt
00:04 hal58th1 also rudi_s ,enable=True isn't really needed there. Enable is set to None by default which won't modify is the service should run at startup. nslcd already runs at startup
00:06 Hybrid joined #salt
00:09 iggy Edgan: your problem was that == check the whole string... the whole string of grains['id'] was not 01
00:10 iggy rudi_s: the require isn't necessary, salt processes top-down
00:10 iggy so as long as you put the pkg line before the service line, you're fine
00:12 smartislav joined #salt
00:13 casey|sfe iggy: moving from salt-cloud 2014.7.0 to 2014.7.1 breaks on openstack
00:13 casey|sfe on our setup anyway
00:13 casey|sfe should i make an issue on github?
00:13 Edgan iggy: But it is
00:13 Edgan iggy: unless it is counting \n or something
00:13 murrdoc poor iggy
00:14 casey|sfe well anyone
00:14 murrdoc whats the breakage u are seeing
00:14 murrdoc when migrating
00:14 murrdoc minions arent starting ?
00:15 casey|sfe yeah, you can't start the vm.  something about the post payload is bad because the server responds 400
00:15 casey|sfe and says "can not find requested image"
00:15 murrdoc cant start the vm ?
00:15 murrdoc oh salt-cloud is broke
00:15 casey|sfe yeah
00:15 casey|sfe it's a new release in the last couple days
00:15 stevednd Edgan: on the command line type salt 'redis-01.foo.com' grains.get id
00:16 stevednd or whatever the actual minion id of redis-01.foo.com is
00:16 casey|sfe i have to run home but i'll be back on in a bit
00:17 murrdoc ok
00:17 Edgan redis-01.foo.com:
00:17 Edgan 01
00:18 murrdoc nice
00:18 murrdoc the id normally is the hostname
00:18 murrdoc are u trying to set the slaves for redis based on hostname ?
00:18 stevednd whatever you did, you probably want to undo that because I'm pretty sure having salt report the id grain like that can't be good
00:18 murrdoc yeah
00:19 Edgan stevednd: Why it is a custom grain that reads from the hostname
00:19 murrdoc id isnt a custon grain
00:20 Edgan Let me take it out and look again
00:20 jmccree joined #salt
00:20 stevednd Edgan: I believe salt has an expecation of the id grain matching how it actually identifies the minion
00:21 stevednd that's why I had suggested before that if you were going to use a custom grain to using something not already used by salt, like 'instance_id'
00:21 kermit joined #salt
00:23 viq joined #salt
00:23 Edgan stevednd: ok, so I renamed it to host_id, because instance_id would be something like i-bd1249b7. Though in the future with auto scaling they might by the same thing
00:24 peters-tx joined #salt
00:24 Edgan stevednd: Lets try the old way with the new name.
00:24 cberndt joined #salt
00:24 rudi_s honestly: Why should I split that into two separate states? - What's the difference between enable=True and enable=None? I want to enable the service (e.g. let it run systemd enable <service>).
00:25 rudi_s iggy: Thanks, then I'll drop the require.
00:25 rudi_s honestly: Oh, sorry. Tried to tab-complete hal58th1.
00:25 rudi_s But does anybody know an answer to that question?
00:27 otter768 joined #salt
00:28 glyf joined #salt
00:31 aqua^mac joined #salt
00:35 Tahm joined #salt
00:42 claytron joined #salt
00:43 Edgan stevednd: Seems to work. Guessing it was in somewhat combining the original id and my id when evaluating the != before.
00:44 StDiluted joined #salt
00:46 JDiPierro joined #salt
00:47 Guest43033 joined #salt
00:50 mdasilva joined #salt
00:53 nitti joined #salt
00:53 Tahm joined #salt
00:54 aqua^mac joined #salt
00:58 aqua^h joined #salt
00:58 meylor joined #salt
00:59 shaggy_surfer joined #salt
00:59 meylor Is there a salt module that will make a volume available after it has been attached to an EC2 instance?
01:01 casey|sfe murrdoc: is the salt-cloud breakage a known issue?
01:01 chip_ joined #salt
01:01 murrdoc no i havent heard
01:01 murrdoc but you should issue it up
01:03 chip_ I am using docker on a cluster, I have formula to install docker and docker-py for salt. I used this, then applied another formula to use docker.pulled state. This ran fine. but then when I run the last formula to use docker.running state.. I find 'docker.running' not available. docker-py is importable http://pastebin.com/raw.php?i=EFd214Zp
01:04 chip_ interesting.. salt-minion 2014.7.0 (Helium) when it should be 2014.7.1
01:06 chip_ ok, that is better!
01:06 chip_ don't listen to me
01:12 murrdoc joined #salt
01:12 mschiff joined #salt
01:12 mschiff joined #salt
01:14 aparsons joined #salt
01:15 Tahm joined #salt
01:24 supersheep joined #salt
01:34 forrest whiteinge: We should steal this: https://docs.puppetlabs.com/puppet/
01:34 forrest they overhauled the page, and this is pretty good
01:35 forrest the flow just feels good.
01:40 Guest67994 joined #salt
01:41 KyleG joined #salt
01:41 KyleG joined #salt
01:42 supersheep joined #salt
01:44 Guest67994 joined #salt
01:47 Ox joined #salt
01:51 kitp joined #salt
01:52 TyrfingMjolnir joined #salt
01:56 saltguy joined #salt
01:56 saltguy hi all
01:57 Jerry_Baby joined #salt
01:57 phpdave11 hello
01:57 saltguy when using salt-cloud with ec2-autoscale-rwactor, how to I configure the smtp settings for the webhook? I get no message and in errors when I used the settings in the tutorial
01:58 supersheep joined #salt
01:58 saltguy anyone use ec2-autoscale before?
01:58 phpdave11 are you trying to use SMTP with amazon SES?
01:58 saltguy yes
01:58 saltguy exactly
01:58 phpdave11 i configured my server to do that recently
01:58 phpdave11 using sendmail
01:58 saltguy in the tutorial they have a setting for gmail
01:59 saltguy I wasn't sure which smtp settings to use
01:59 saltguy are there specified ones for salt?
02:06 favadi joined #salt
02:06 casey|sfe murrdoc: i entered that issue here: https://github.com/saltstack/salt-cloud/issues/923
02:06 casey|sfe please lmk if there's other info i should be including
02:10 murrdoc salt —version s are helpful
02:10 murrdoc they ll ask u for more
02:11 aCodinMan joined #salt
02:13 rudi_s Would it be possible to write a pkg backend which performs all package updates in one big operation and not for each pkg.installed separately (which is what I assume happens with the default setup). The reason I'm asking is because we had issues with package conflicts in the past and it would be nice to let the plugin check if there are conflicts and if so abort them - without un-installing have of the system
02:13 rudi_s 's packages in case of a conflict. Thanks.
02:13 rudi_s *un-installing half of the sytems's packages
02:14 yomilk joined #salt
02:16 murrdoc there is the pkgs option
02:16 murrdoc where u can do
02:16 murrdoc pkg.installed:\n\t-pkgs:\n\t-pkg1\n\tpkg2
02:16 murrdoc so on
02:16 ckao joined #salt
02:18 _JZ_ joined #salt
02:18 keeth joined #salt
02:20 rudi_s murrdoc: Yeah, but that only works for a few packages and I'd have to put all the packages of my system in a single file/state.
02:21 murrdoc yeah i get what you are saying
02:21 murrdoc you could, collect it all in a pillar and then use that pillar to put all the packages together
02:22 malinoff_ joined #salt
02:23 rudi_s murrdoc: Hm, yes. Would still require quite some duplication of data.
02:23 chip_ rudi_s: find a simpler solution?
02:23 rudi_s So I guess it's not possible from salt's design even if I write a custom package module?
02:23 chip_ errr... "change the problem"
02:23 rudi_s chip_: ?
02:23 chip_ change the problem to one that has a simpler solution
02:23 chip_ ;)
02:23 rudi_s chip_: Well, I'd like to do that. But I don't know how.
02:24 chip_ sure you do
02:24 chip_ but it's not always easy
02:24 rudi_s I had the problem with package conflicts in the past and I doubt salt will prevent them.
02:24 chip_ do you like to relive your problems from the past?
02:24 rudi_s chip_: What?
02:24 chip_ are you running into this problem right now?
02:24 chip_ or is this 'premature optimization'
02:26 rudi_s chip_: No, it's not premature optimization. It's a safety net I really want to have because I know that, e.g. Debian's resolver sucks and removes packages in some cases. And it already happened to me.
02:26 rudi_s I didn't look at salt's code yet, but if it just calls apt-get install/remove foo (or similar) then this can or will happen to me again which is something I must avoid.
02:26 chip_ rudi_s: let's talk about a real problem then. do you have formula which causes this right now?
02:27 chip_ I don't think salt will totally prevent you from screwing up the system. but I do believe this problem is falling into the category of pre-mature optimization
02:27 extor joined #salt
02:28 rudi_s chip_: The real problem is simple. I have a list of packages I want to install and I want to make sure that either all of them are installed or nothing happens.
02:28 rudi_s chip_: I don't know how I should say it differently, but it happend to me (multiple times) and I can't afford that it happens again (it's not nice if all your hosts try to remove almost all of their packages).
02:28 chip_ ok, so write a simpel formula to read a list of packages from pillar
02:29 otter768 joined #salt
02:29 chip_ this is a package 'whitelist'
02:29 chip_ I have this myself
02:29 chip_ it's nice for some things
02:29 chip_ but I would not recommend managing all packages on a system that way
02:29 rudi_s I know how I could solve this in a non-salty way. I already do - with a custom script which talks to apt and checks that nothing important is removed.
02:29 chip_ you aren't listening..
02:30 chip_ write a simple formula, in salt, that uses 'pkgs' in pkg.latest or pkg.installed, and read the list of packages from pillar
02:30 rudi_s But I'd like to find a way which integrates with salt's modularity while still providing me with that safety net. And so I'm asking, if salt can do that. If not, well, I'll have to stick with the current solution.
02:30 chip_ if I understand your last description of the problem, that is all you need to do.. no?
02:30 chip_ salt sure can
02:30 aparsons joined #salt
02:30 chip_ I would recommend using reclass as an ext_pillar
02:31 rudi_s chip_: More or less. I can't use salt's pkg directly because it will still fuck up conflicts, but I can just call my custom program.
02:31 chip_ that'll let you have 'classes' which tie together 'pillar' and 'formula'
02:31 shaggy_surfer joined #salt
02:31 chip_ you can then update that pkg whitelist in those classes, which keeps the modularity you want, while also producing only one state with the pkgs list
02:31 chip_ rudi_s: why can't you use pkg directly?
02:31 chip_ how long have you been using salt?
02:32 chip_ maybe the way you are managing these systems needs to change?
02:32 chip_ honestly, I don't run into these problems with normal use
02:32 chip_ I run into problems with apt and pip when I futz with formula on a system a whole lot, like when writing/developing new formula/etc
02:32 rudi_s chip_: Can you give me some links/pointers about reclass and ext_pillar?
02:33 chip_ rudi_s: https://github.com/madduck/reclass
02:33 rudi_s chip_: Just for a few weeks. But the problem isn't salt, the problem is apt and unless salt does some really fancy things, it will still use apt's resolver and thus there is a way that it will chose wrong (in case of conflicts) and uninstall required packages.
02:34 chip_ those should be specific cases, and you should be able to work with/around that as necessary
02:34 chip_ again, I think you're swimming in 'premature optimization' land
02:34 chip_ experience this in salt, then let's talk :)
02:34 chip_ and we'll talk about how you got there
02:35 chip_ yes, apt's resolve fucks up, I agree. but every time I've seen it fuck up, it was because I did something to fuck up apt
02:35 chip_ obviously, YMMV
02:36 clintber_ joined #salt
02:37 rudi_s chip_: Well, sure it's possible that it's my mistake which causes the package removal, but that doesn't help me and honestly I don't care whose fault it was. I want a package system which prevents itself from screwing up my system if a conflict arises.
02:38 chip_ computers are not always able to resolve problems that were created by their operator, or the way in which the operator operates the machine
02:38 malinoff_ rudi_s, but salt is not a package system, and I really curious why you expect it to write his own dependency resolver :) Maybe you should switch to centos?
02:38 Jetty joined #salt
02:38 chip_ either way, I think we've covered viable solutions to your perceived problem
02:39 chip_ rudi_s: I'd also recommend studying and applying more from the 'immutable infrastructure' concept
02:39 rudi_s chip_: Yeah, but at least it should _nothing_.
02:39 malinoff_ And I should agree with chip_ , i had the same issue only when i did stuff like dpkg -i local_package.deb; apt-get install -f
02:39 rudi_s And I just checked salt's code, it just calls apt-get.
02:40 chip_ rudi_s: maybe you should stick with your script :)
02:40 rudi_s So the real question is, can I get salt to perform all package operations in one single operation or not.
02:40 rudi_s And that's all what I want to know.
02:40 chip_ how many times do I have to tell you that solution?
02:40 chip_ I already explained it a few times now..
02:40 chip_ why would you abuse free support?
02:40 chip_ I'm off to do other stuff
02:40 rudi_s malinoff_: I don't expect any resolver. What I expect is a call from salt to "somthing": please perform this _transaction_ of package updates.
02:41 chip_ cheers
02:41 rudi_s chip_: Well, thanks for your help anyway.
02:41 malinoff_ rudi_s, can you do a transaction installation without salt?
02:42 malinoff_ let me reconnect
02:46 malinoff joined #salt
02:46 malinoff rudi_s, here
02:46 rudi_s malinoff: malinoff_: Sure. I have a list of packages to install (and a list of packages to never install) and call apt's resolver, let it resolve it and then check if everything looks as I expect and if so perform the package update. My script does that.
02:46 rudi_s And what I really wanted to know, if it's possible to hook salt in a similar way - which would work if it performs a similar transaction when performing package updates. If not (and it looks that way) I'll have to try to integrate my script somehow.
02:46 rudi_s But I'd really have liked to use salt's pkg feature because it handles dependencies on services and similar.
02:46 malinoff rudi_s, so the question really is apt-get install pkg1; apt-get install pkg2; apt-get install pkg3 vs apt-get install pkg1 pkg2 pkg3 ?
02:46 rudi_s malinoff: No. It's apt-get install pkg1 pkg2 pkg3 but which a check before apt-get performs the installation, that pkg1, pkg2 and pkg3 will be installed. I can do that with apt's python API.
02:46 rudi_s But to do that, I need a list of all packages to install. And from what I can see, I can't do that with salt's pkg system. That's why I asked.
02:47 Diaoul joined #salt
02:48 twellspring joined #salt
02:48 brendanashworth joined #salt
02:48 malinoff rudi_s, I will probably better understand you if you paste your script to e.g. http://pastie.org
02:48 brendanashworth left #salt
02:50 rudi_s malinoff: Not sure why you need the script - it just takes a list of packages to install and then does it, but sure: https://git.cs.fau.de/?p=pkgsync-ng;a=blob;f=pkgsync-ng.py
02:55 mohae I want to add a user that can't login; how do I do this?
02:55 malinoff mohae, try to google it?
02:55 mosen joined #salt
02:56 mohae malinoff: thanks for your sage advice, I did but didn't come across anything on what salt.states.user settings did that and didn't see anything in the docs that would help. I may have missed something...
02:57 malinoff rudi_s, I'm still not sure what is the issue exactly. From my perspective, salt will do the same - if a package is installed, it will not perform any installation actions
02:57 malinoff mohae, maybe you should be more strictly? e.g. "linux add no login user"
02:58 mohae malinoff: well, I know how to do that in linux; but I want to do this via salt. I didn't realize this was a linux only channel
02:58 malinoff mohae, it's not a salt question, that's why i'm suggesting to google it
02:59 malinoff mohae, so your question is "how to specify nologin shell for user state"
02:59 mohae malinoff: thanks
02:59 rudi_s malinoff: The problem is if there are conflicts. E.g. package A conflicts with package B. Now salt (by using apt-get) will try to install A, and thus remove B, which is also required for my system. With more complicated conflicts many packages can get removed.
03:00 malinoff mohae, http://docs.saltstack.com/en/latest/ref/states/all/salt.states.user.html#module-salt.states.user
03:00 malinoff rudi_s, how would you resolve this conflict with your script?
03:01 rudi_s malinoff: By not installing/removing any packages ("doing nothing") and writing a message to the log (or send a mail) to inform me of the issue.
03:01 rudi_s But at least no packages will get removed by accident.
03:02 rudi_s So I guess the real question is, can I get salt to perform multiple passes over its state files? First to collect all packages and then to install them and then to perform its usual actions like activating deaemons, etc.
03:02 mohae malinoff: I have read that page, I would typically use useradd -r, but I don't see the equivelant. I admit, I'm probably missing something obvious...
03:02 malinoff mohae, the first example on the top of the page shows "shell:" parameter
03:03 malinoff rudi_s, I don't think it is possible
03:04 rudi_s malinoff: I see. That's a pity. But thanks for your help. - Will have to figure out a way to integrate my script with salt.
03:04 mohae malinoff: thanks, I realize specifying the shell to /bin/false will prevent the login, but wasn't sure about adding as a system account
03:04 malinoff rudi_s, rudi_s salt tries to solve 90% of problems, of course there are 10% when it fails
03:04 malinoff rudi_s, but you still have cmd.run
03:04 malinoff mohae, /sbin/nologin is better
03:05 mohae malinoff: ok, thanks
03:06 rudi_s mohae: /bin/false or /sbin/nologin won't prevent SSH port forwardings though!
03:09 dude051 joined #salt
03:09 rudi_s (Locking the user should fix that IIRC.)
03:09 rudi_s malinoff: Sure, I can understand that. Would've been nice though ;-)
03:10 malinoff rudi_s, i can't disagree :)
03:10 rudi_s Can I "tell" a service to require a package and if it's not present to just skip starting the service?
03:11 rudi_s (For example because my script will install that package in the next run.)
03:11 rudi_s *next salt run
03:11 badon joined #salt
03:12 mohae rudi_s: thanks, I'll look into that
03:12 rudi_s np
03:20 otter768 joined #salt
03:26 JDiPierro joined #salt
03:33 dude051 joined #salt
03:46 kitp joined #salt
03:59 ajw0100 joined #salt
04:03 andrej How I can find out which value the renderer barfs at when it complains that a dict has no value?
04:04 jimklo joined #salt
04:04 andrej sorry "Jinja variable 'dict object' has no attribute 'main_ip'"
04:04 aCodinMan joined #salt
04:05 jimklo joined #salt
04:11 chip_ rudi_s: as I said before, reclass + a basic formula (using iteration over pkg list from pillar) that installs all pkg defined for the host in pillar. then use classes in reclass to update pillar with the packages associated with a particular 'class'.
04:12 chip_ this is the simplest and cleanest solution I can see to the problem you have presented
04:12 chip_ I will galdly explain any of the details which are not clear to you
04:14 bhosmer joined #salt
04:22 jimklo joined #salt
04:24 kitp joined #salt
04:30 viq joined #salt
04:32 kitp joined #salt
04:40 clintberry joined #salt
04:41 hasues joined #salt
04:41 hasues left #salt
04:42 nitti joined #salt
04:48 neogenix joined #salt
04:55 aCodinMan joined #salt
04:55 aCodinMan joined #salt
04:56 Jerry_Baby joined #salt
05:11 JlRd joined #salt
05:11 jimklo joined #salt
05:11 murrdoc left #salt
05:17 vlcn joined #salt
05:19 ajw0100 joined #salt
05:23 forrest joined #salt
05:43 forrest joined #salt
05:52 jimklo joined #salt
05:55 laax joined #salt
06:04 otter768 joined #salt
06:08 jeddi joined #salt
06:18 monkey66 joined #salt
06:20 jerematic joined #salt
06:24 Guest16024 joined #salt
06:26 Guest16024 joined #salt
06:27 Saltn00b joined #salt
06:30 krelo joined #salt
06:36 mikkn joined #salt
06:45 extor left #salt
06:48 twellspring joined #salt
06:54 Grokzen joined #salt
06:54 supersheep_ joined #salt
06:59 calvinh joined #salt
07:03 twellspring joined #salt
07:04 catpig joined #salt
07:05 AndreasLutro joined #salt
07:05 colttt joined #salt
07:10 chutzpah joined #salt
07:10 chutzpah joined #salt
07:10 meylor joined #salt
07:10 lb1a joined #salt
07:11 lb joined #salt
07:14 zadock joined #salt
07:14 supersheep joined #salt
07:16 hojgaard joined #salt
07:17 Auroch joined #salt
07:18 monkey66 left #salt
07:22 jhauser joined #salt
07:26 Guest7731 joined #salt
07:26 calvinh joined #salt
07:29 calvinh_ joined #salt
07:31 flyboy joined #salt
07:32 hebz0rl joined #salt
07:34 eagles0513875_ joined #salt
07:34 eagles0513875_ joined #salt
07:35 aqua^mac joined #salt
07:37 I3olle joined #salt
07:45 Auroch joined #salt
07:48 twellspring joined #salt
07:54 slafs joined #salt
07:54 slafs left #salt
07:54 Nazzy joined #salt
07:55 twellspring joined #salt
07:55 techdragon_ joined #salt
07:56 ahammond joined #salt
07:58 felskrone joined #salt
07:58 slafs joined #salt
07:59 slafs left #salt
08:00 laax joined #salt
08:02 kossy joined #salt
08:03 monkey661 joined #salt
08:05 ldavid1004 joined #salt
08:05 otter768 joined #salt
08:05 aqua^mac joined #salt
08:11 KermitTheFragger joined #salt
08:14 eseyman joined #salt
08:15 stewba joined #salt
08:15 trikke joined #salt
08:16 toanju joined #salt
08:19 aqua^mac joined #salt
08:21 Furao joined #salt
08:26 BigBear joined #salt
08:35 dexter91x joined #salt
08:37 dexter91x can we use pillar.item instead of pillar.get when merging in map.jinja ?
08:38 krelo joined #salt
08:40 TheThing joined #salt
08:44 intellix joined #salt
08:49 monkey66 joined #salt
08:53 xsteadfastx joined #salt
08:56 al joined #salt
08:57 twellspring joined #salt
09:02 lothiraldan joined #salt
09:03 glyf joined #salt
09:04 monkey66 left #salt
09:05 clintberry joined #salt
09:06 TyrfingMjolnir joined #salt
09:10 kawa2014 joined #salt
09:14 jerematic joined #salt
09:14 jtang joined #salt
09:26 badon joined #salt
09:29 clintberry joined #salt
09:30 clintberry joined #salt
09:32 jtang joined #salt
09:32 lothiraldan joined #salt
09:40 paulm- joined #salt
09:42 krelo joined #salt
09:43 tomh- joined #salt
09:48 glyf joined #salt
09:48 toanju joined #salt
09:54 bluenemo joined #salt
09:54 TyrfingMjolnir_ joined #salt
09:54 bluenemo joined #salt
09:57 N-Mi joined #salt
09:59 karimb joined #salt
10:02 zadock joined #salt
10:03 fredvd joined #salt
10:06 otter768 joined #salt
10:08 HolyGoat joined #salt
10:10 amcorreia joined #salt
10:11 ptinkler joined #salt
10:12 paulm-- joined #salt
10:15 lkannan_ joined #salt
10:16 bhosmer_ joined #salt
10:19 TyrfingMjolnir joined #salt
10:20 rudi_s chip_: I've only read the introduction on the reclass website. Does that mean all my state data is handled by reclass and no longer by salt or am I misunderstanding that?
10:25 basepi joined #salt
10:26 jhauser joined #salt
10:29 eson joined #salt
10:30 karmatronic joined #salt
10:32 mschiff joined #salt
10:32 mschiff joined #salt
10:34 paulm- joined #salt
10:36 teogop joined #salt
10:46 madduck rudi_s: reclass works on the assumption that your states are "hollow" and fully parametrised and that you put your actual "data" into reclass
10:47 madduck so you still have .sls files that define what to do, but they are "stupid" and have no knowledge about your systems
10:47 karmatronic joined #salt
10:48 madduck e.g. your motd.sls file obviously "knows" you want a motd file on your system, but whether to overwrite, what to put in there etc., all that would be externalised to reclass
10:48 favadi1 joined #salt
10:50 jpaetzel_ joined #salt
10:54 paulm-- joined #salt
10:55 morenoh149 joined #salt
10:56 CeBe joined #salt
11:01 morenoh149 left #salt
11:01 lothiraldan joined #salt
11:06 xtalk joined #salt
11:12 dario` joined #salt
11:15 calvinh joined #salt
11:22 rudi_s madduck: Ah, I see. - Doesn't that cause quite a lot of duplication?
11:23 madduck rudi_s: duplication where? The whole point of reclass is to help admins keep the data in one place only.
11:25 xtalk good afternoon all
11:25 dexter91x joined #salt
11:25 xtalk can you guys recommend a way of setting up LDAP configuration for minions ?
11:26 xtalk iam struggling with the authconfig part
11:26 rudi_s madduck: But don't I need the "stub" .sls files and the configuration in reclass?
11:27 madduck rudi_s: well, the problem is that .sls already refers to more than one concept
11:27 madduck you don't need top.sls or pillar anymore
11:28 madduck you do need files that specify resources ("states"), e.g. file.managed etc.
11:28 rudi_s madduck: I haven't checked the website in detail yet: Does reclass have good documentation to help a newcomer to salt and reclass get into the details quickly?
11:29 madduck but reclass actually specifies, which of those states are to be applied to a host
11:29 madduck and then provides the parameters
11:29 madduck rudi_s: the docs are there, but can always be improved, of course.
11:29 calvinh_ joined #salt
11:30 rudi_s madduck: Thanks, I'll have a look.
11:30 glyf joined #salt
11:36 xtalk atm i have this http://pastebin.com/YdUscbp1 , but it doesnt get picked up at the start
11:38 I3olle hey there, you have been very helpful to me so far and i want to thank you for that in advance already. at the moment i am trying to figure out how to use runners in my statefile. i am trying it with the publish module but so far nothing gets reuturned. it just runs through without any error or result
11:38 I3olle i would be grateful if someone could take a look at my pastebin
11:38 I3olle http://pastebin.com/Pi9a6hjS
11:38 krelo joined #salt
11:40 I3olle xtalk: i think you need to specify where to run the command?
11:40 I3olle as in - cwd: /opt/foo
11:43 xtalk I3olle, i think is explained it not correctly
11:44 xtalk i add all the files needed for the ldap config
11:44 rypeck joined #salt
11:44 xtalk then i need authconfig to update , en restart the minion
11:45 xtalk so it knows the UID's for the other files in other states
11:46 xtalk it seems the salt minion needs a restart to accept ldap users
11:48 I3olle so the restart doesn’t happen? or just the restart of the servce?
11:49 xtalk the first 2 highstates i get no response
11:50 xtalk after that, it does give a response of the job, but the file isnt changed anymore in the third run
11:50 xtalk so it doesnt restart
11:51 TyrfingMjolnir joined #salt
11:52 xtalk iam kinda new to salt :) if someone has a good example for ldap config. that would be great
11:53 intellix joined #salt
11:53 I3olle xtalk: something like this? https://github.com/saltstack-formulas/openldap-formula/blob/master/openldap/init.sls
11:54 xtalk yes that looks good
11:55 xtalk the only thing that iam missing is the part where authconfig is triggered
11:55 diegows joined #salt
11:55 I3olle ther is another one for pam_ldap https://github.com/saltstack-formulas/pam-ldap-formula/blob/master/pam-ldap/init.sls
11:56 diegows joined #salt
11:56 I3olle but i don’t think that’s what you are looking for right?
11:56 xtalk those are the same :D
11:57 xtalk not the same ^^ , but also no services are restarted
11:58 I3olle http://docs.saltstack.com/en/latest/ref/states/all/salt.states.service.html#starting-or-restarting-of-services-and-daemons
11:59 sjohnsen joined #salt
12:05 I3olle also: if anyone is around i still would be very happy if someone could take a look at my pastebin because i can hardly find any good examples or documentation of runners being used in .sls files which i find very strange becaus they are so damn useful
12:06 I3olle http://pastebin.com/Pi9a6hjS
12:07 otter768 joined #salt
12:10 diegows hi
12:10 diegows is there a bug in the latest version related with grain target match?
12:10 xtalk thanks I3olle ! should it be something like this http://pastebin.com/NqrEZYnC ?
12:11 diegows or Am I doing something really stupid?
12:11 diegows :)
12:11 BigBear joined #salt
12:11 lothiraldan joined #salt
12:11 I3olle xtalk: i am not sure why you have this setup:
12:11 I3olle - watch:
12:11 I3olle - watch:
12:11 I3olle i think you only need one
12:12 xtalk ooh , just because i failed :D
12:12 Sacro diegows: or both?
12:12 xtalk thx
12:13 diegows Sacro, who knows :)
12:13 diegows let me show you something
12:14 diegows I've been doing this for a long time, but I don't trust on myself :)
12:16 diegows https://gist.github.com/diegows/3a325956c96fbbf8d023
12:17 diegows this looks like a bug
12:17 diegows definitely
12:17 I3olle xtalk: apart from that it looks good. have you tried running it?
12:17 xtalk trying it now :D
12:22 fxdgear joined #salt
12:24 joehoyle joined #salt
12:26 elfixit joined #salt
12:26 mdasilva joined #salt
12:33 calvinh joined #salt
12:33 johnkeates joined #salt
12:33 johnkeates my minions won't send their keys to my master :(
12:33 johnkeates restarted to minion, no change
12:34 johnkeates restarted the master, no change
12:34 johnkeates they hate me :(
12:34 xtalk can you ping salt ?
12:35 xtalk from the minion
12:35 johnkeates no, but I can ping the IP I configured to be my master
12:36 xtalk put youre ip and salt in youre /etc/hosts of the minion
12:36 xtalk the minion looks for "salt"
12:37 johnkeates salt is already in my DNS server mapped to the master's IP, and I can ping it :)
12:38 johnkeates I added it to /etc/hosts
12:38 johnkeates and now the minion picks it up and sends it key to the master
12:38 johnkeates werid
12:38 johnkeates i have a ton of minions communicating with that master
12:38 johnkeates all same config
12:38 johnkeates but this one is running ubuntu vs. debian on the rest
12:39 johnkeates didn't expect a difference in the salt-minion package
12:39 johnkeates weird.
12:41 johnkeates found it!
12:41 johnkeates it's #default_include: minion.d/*.conf
12:41 johnkeates i use the minion.d directory to dump a master.conf file during preseeding
12:42 johnkeates but it appears it's commented out on this version/distro combo by default
12:42 johnkeates now i feel stupid.
12:42 calvinh_ joined #salt
12:43 johnkeates no wait, it says, 'per default' so it's ok to be commented out
12:43 johnkeates now i feel recursively stupid
12:43 JDiPierro joined #salt
12:43 malinoff johnkeates, can you please stop pressing enter every second?
12:44 johnkeates malinoff: yes, if there a different key you would like me to press?
12:44 paulm- joined #salt
12:44 johnkeates is*
12:45 malinoff johnkeates, just type more than one sentence in the same message instead of splitting them. It's very annoying
12:45 johnkeates ah
12:59 pdayton joined #salt
13:01 toanju joined #salt
13:08 JoeHazzers joined #salt
13:09 AirOnSkin joined #salt
13:10 johtso joined #salt
13:12 AirOnSkin Hey guys. Quick question. If place quotes around {{ pillar['userauth']['spnadd-account_dn'] }} for a command in a state file (then looking like this: "{{ pillar['userauth']['spnadd-account_dn'] }}"), will this make the contents placed in quotes or do I need to escape the quotes? (\"{{ pillar['userauth']['spnadd-account_dn'] }}\") ?
13:13 I3olle still trying to find someone who has some experience with runners being used in state modules: http://pastebin.com/Pi9a6hjS
13:14 I3olle AirOnSkin: try something like this
13:14 I3olle {%- set account = pillar['userauth']['spnadd-account_dn'] %}
13:14 I3olle "{{ account }}"\
13:14 phx AirOnSkin, if something is not inside a jinja block, then it will be just put there, as-is
13:16 tkharju joined #salt
13:16 AirOnSkin I3olle: Why the backslash at the end?
13:16 I3olle because you used it in your example?
13:16 I3olle i thought you wanted it to be included?
13:17 AirOnSkin I3olle: I thought about escaping the quotes, but that doesn't seem to be necessary if I understood phx correctly...
13:18 I3olle no, i don’t think it is
13:19 AirOnSkin Ok, great. Will try it that way. Thanks.
13:20 phx AirOnSkin, you can run stuff with Test=True, that way nothing will get changed, but you will see a diff in the contents
13:20 phx you can always use that to see how something would get modified
13:20 calvinh joined #salt
13:21 AirOnSkin phx: Oh, I didn't know that. Great advice!
13:21 phx AirOnSkin, actually you can set this in the minion config as well, then this will become the default, and you can apply things with an explicit Test=False
13:25 AirOnSkin phx: Ah well, right now I have dedicated machines for testing, so I don't need to be too conscious, but while the states are in development it's the better practice to use Test=True instead of rolling back to the previous config...
13:26 spuzirev joined #salt
13:27 phx AirOnSkin, yup
13:28 jav joined #salt
13:28 Mindfart joined #salt
13:28 Mindfart joined #salt
13:28 phx AirOnSkin, actually it's very useful also for checking whatever misconfigurations you might have across the plant. at a couple of places this is called a checkout
13:28 Mindfart joined #salt
13:28 Mindfart joined #salt
13:30 AirOnSkin I have another question. Can I manipulate a grain temporarily? I need the hostname grain which contains something like 'srv-xxx-yyy' to become 'srvxxxyyy' (remove the dashes) at a certain place. I don't really want to change the grain, I'd like to do something with it in Salt as I would with sed on the CLI ...
13:31 phx AirOnSkin, you need that for some configfile or such?
13:31 spuzirev Hi all! I'm trying to run jobs under non-privileged user on minion through salt-syndic. I get correct output, but after output console freezes for 3-5 seconds and then I get message "Failed to authenticate! This is most likely because this user is not permitted to execute commands....". Can you help me, where is a problem?
13:31 jerematic joined #salt
13:32 pressureman joined #salt
13:33 AirOnSkin phx, I have a script that creates host access groups in our ldap directory. The script shall only run, if the groups don't already exist. The script is bash (there I use sed). In the state file I use an 'unless' action to ldapsearch if the groups exist...
13:34 BigBear joined #salt
13:34 AirOnSkin phx, But the server name is only available to Salt with the dashes in the name... in our ldap directory however, they are added withouth the dashes
13:34 phx AirOnSkin, basically you can put suchlike things into pillars, then assign that pillar to the given minion. with the py renderrer you can put any damn thing into there, from any damn source you want
13:35 intellix joined #salt
13:37 AirOnSkin phx, I was hoping to avoid put that into pillar since it's only used this one time and is otherwise useless, but if there's no other way, I'll do that...
13:40 jtang joined #salt
13:40 phx AirOnSkin, personally i'm creating a pillar for each of the services i'm running, and using that for the configuration. so if anything changes it's also acting like an abstraction point
13:40 phx and since pillars are master-side renderred, i can even switch sources, like use a database
13:41 phx so it's both good for abstraction, and good for other possibilities
13:41 numkem joined #salt
13:41 alexbst is there an easy shortcut to get the ip of the master server ? I want to put it in a hosts file via host.present
13:42 AirOnSkin phx, I see. I'll keep that in mind...
13:42 phx alexbst, grains ip4_interfaces
13:43 phx alexbst, or wait, that would be the minion's.
13:43 alexbst yes, I am not interested in the minions own ips :-)
13:44 alexbst is there somewhere I can get a dump of standard grains ?
13:44 alexbst salt '*' grains.items :-)
13:45 phx alexbst, grains.ls
13:45 phx well, items also tell you the values :)
13:46 alexbst mm, sadly nothing about the master other than on the master.
13:47 cpt-oblivious left #salt
13:48 __number5__ alexbst: you can always use config module to get that
13:48 phx alexbst, http://pastebin.com/BhPxFQAM
13:48 phx err
13:48 phx that has a mistake
13:49 phx but basically the idea is you can get that by rendering it in a pillar, since it's being run on the master, you can just return the local IPs
13:49 phx the mistake there is, __grains__ is the minion's grains, not the master's
13:50 phx and then just do {{ salt['pillar.get']['masterip'] }} in the state
13:50 phx and then just do {{ salt['pillar.get']('masterip') }} in the state
13:52 __number5__ `salt minion_id config.get master ` will give you the master config
13:52 __number5__ or you can have a minion running on your master and ask that minion for grains/ip_addresses
13:55 bluenemo joined #salt
13:55 bluenemo joined #salt
14:00 jeremyr joined #salt
14:00 racooper joined #salt
14:06 cpowell joined #salt
14:08 otter768 joined #salt
14:11 jrluis joined #salt
14:12 chip_ rudi_s: reclass is key for this: it gives you a way to (meaningfully) 'associate' states (formula, how to do something) with pillar (the details/contents logic), and to then map those intelligently to other classes or hosts/nodes
14:12 chip_ rudi_s: this is clean and simple parametized classes, with deep-dictionary merging
14:12 bhosmer_ joined #salt
14:14 murrdoc joined #salt
14:14 chip_ rudi_s: maybe it will make more sense if we map this to your situation. let's say you have a formula which installs packages. it takes a list from a specific pillar key and iterates over the items in the list, building a .sls that uses pkg.installed with the 'pkgs' attribute.
14:14 madduck and so much unleveraged potential ;)
14:14 murrdoc morning
14:14 chip_ rudi_s: over in reclass, you define a bunch of classes, and you associate these to nodes
14:14 chip_ hey madduck ;)
14:15 chip_ thanks for holding the flame alive
14:17 chip_ rudi_s: in these classes, we define that specific pillar key, and we only put in the list, packages which make sense for the class. eg, if we define a webapp class, we could put in it all the pkg the webapp servers need, versus a jenkins class gets the pkg you want for jenkins. You can define the other classes, formula, and pillar in these classes as well.
14:18 chip_ rudi_s: if you also had mysql, postgres, tomcat, and nginx, and warp, classes.. you can logically map out a your networks with these classes as a means to tie together formula and pillar, with other classes and specific nodes, or groups of nodes.
14:19 gngsk joined #salt
14:19 chip_ and what reclass will do is just this: it'll either return the whole tree (inventory), or it'll grab the tree for a specific node/host you have requested.
14:20 murrdoc joined #salt
14:21 paulm- joined #salt
14:21 chip_ rudi_s: reclass will grab the tree, afer traversing out every branch to every leaf and merging together (sensibly, you can even negate nodes) what the details are for each.
14:21 Mindfart joined #salt
14:22 chip_ rudi_s: the net result is that your salt formula will reference pillar, that specific key, and salt will see that key (having been filled in by reclass), and reclass will have provided a unique list for each host. You can do similarly in salt, but it isn't anywhere near as manageable as what you can create with reclass
14:22 chip_ goodluck
14:22 dude051 joined #salt
14:23 nitti joined #salt
14:23 chip_ rudi_s: If you want to 'generate a big list of packages', that is unique to each node, and install that big list all in one go, that is how I would do it in salt. The one thing to confirm here is the detail of how 'pkgs' attributed is handled in the pkg.installed state. Look at that code to ensure everything is installed in one go, as opposed to individually (I think that is what you said you wanted to be sure of)
14:24 saltymoli joined #salt
14:26 Jahkeup joined #salt
14:27 amcorreia joined #salt
14:27 nitti joined #salt
14:32 mpanetta joined #salt
14:39 miqui_ joined #salt
14:40 Andre-B joined #salt
14:42 izibi joined #salt
14:45 andrew_v joined #salt
14:47 kaptk2 joined #salt
14:49 eliasp joined #salt
14:51 paulm-- joined #salt
14:54 FRANK_T joined #salt
14:57 aqua^mac joined #salt
15:00 I3olle if anyone is around i still would be very happy if someone could take a look at my pastebin because i can hardly find any good examples or documentation of runners being used in .sls files which i find very strange because they are so damn useful
15:00 I3olle : http://pastebin.com/Pi9a6hjS
15:04 elfixit1 joined #salt
15:05 yuhl_work_ joined #salt
15:06 housl joined #salt
15:08 mdasilva joined #salt
15:10 yuhl_work_ hello, how could I do to configure a /etc/ntp.conf with an ip which is actually the default route. Could I somehow tell with jinja (or other) a line in a file such as : server <shell>ip route| grep default | cut -d " " -f3 </shell>
15:11 eliasp joined #salt
15:12 babilen yuhl_work_: You naturally want to use Python or jinja filters for that rather than command line tools
15:13 Guest73949 joined #salt
15:13 yuhl_work_ babilen: why not. But could I launch python script to somehow get the default route ???
15:14 clintberry joined #salt
15:15 babilen yuhl_work_: I take it that you are *not* familiar with http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.network.html#salt.modules.network.default_route ?
15:17 babilen You might want to consider maintaining that information in the salt mine if you require that information on other minions too
15:18 karimb joined #salt
15:20 yuhl_work_ babilen: when I do: salt lunielan1.unige.ch network.default_route, I get: lunielan1.unige.ch: ... 'network.default_route' is not available.
15:20 twellspring joined #salt
15:20 aquinas joined #salt
15:21 eliasp joined #salt
15:22 che-arne joined #salt
15:23 yuhl_work_ babilen: I finally used this {{ salt['cmd.run']('whoami') }} in a jinja with success
15:25 joehoyle left #salt
15:29 Nazca__ joined #salt
15:30 kbyrne joined #salt
15:30 GabLeRoux joined #salt
15:31 kbyrne joined #salt
15:34 jtanner joined #salt
15:35 rudi_s chip_: Thanks for your help. - At the moment I'm working on a another approach (a rewrite of the pkg's apt module), but I'll have another look at reclass if this dosn't work out.
15:35 keeth joined #salt
15:35 scott2b joined #salt
15:35 karimb joined #salt
15:38 scott2b Using state postgres.user_present with postgresql on Amazon RDS: Once I’ve run highstate and the user is created, subsequent highstates give me a “Failed to create user”. Any thoughts on why this is happening?
15:41 scott2b If I set refresh_password to true, instead of the above error, I get a stack trace with “CommandExecutionError: User 'postgres' is not available” however, my superuser in RDS is not postgres and I’ve set the db_user and db_password accordingly. Is it required that my superuser name be postgres?
15:42 Ligthert_ The recent salt-cloud update on ubuntu broke my v1 api for digital ocean. :s
15:44 murrdoc there is an issue for that open Ligthert_
15:44 murrdoc u should add to that
15:44 murrdoc https://github.com/saltstack/salt-cloud/issues/923
15:44 murrdoc thats openstack centric
15:45 hasues joined #salt
15:45 hasues left #salt
15:46 Ligthert_ murrdoc: thnx. I'll take a look.
15:47 iggy I think there is a separate issue for the DO v1 api
15:48 murrdoc thats possible, i ddont know about it
15:49 signull joined #salt
15:50 ALLmight_ joined #salt
15:50 Ligthert_ I'm not seeing any tickets on github, I'll open a ticket.
15:52 ALLmightySPIFF joined #salt
15:53 karmatronic joined #salt
15:54 ALLmigh__ joined #salt
15:57 Guest63702 joined #salt
15:58 joehoyle joined #salt
15:58 joehoyle left #salt
16:00 seanz joined #salt
16:05 Ligthert_ issue 924 raised!
16:06 Grokzen joined #salt
16:06 kermit joined #salt
16:07 kermit joined #salt
16:07 dude^2 joined #salt
16:11 rocket joined #salt
16:11 karmatronic joined #salt
16:12 gladiatr joined #salt
16:12 gladiatr joined #salt
16:13 stevednd can salt allow only one minion from a group to run a state.sls in orchestration? I don't care which of a group of machines runs the state, but only one can run it
16:15 murrdoc same minion each time ?
16:15 murrdoc or just the one
16:16 stevednd just one
16:17 stevednd right now I have identified a single machine with a grain
16:17 rojem joined #salt
16:17 stevednd but in the event that that machine is down others are capable of doing it
16:17 cpowell joined #salt
16:17 stevednd but if I put the grain on multiple then of course it will try to apply the state on both
16:18 SheetiS joined #salt
16:18 I3olle In case there are stackoverflow users here: I posted my question there http://stackoverflow.com/questions/28239198/using-saltstack-runners-in-sls-state-modules
16:18 I3olle I’m really stuck and desperate
16:18 bhosmer joined #salt
16:18 dude051 joined #salt
16:20 mgw joined #salt
16:21 dgiagio left #salt
16:22 funzo joined #salt
16:27 MaliutaLap joined #salt
16:28 MaliutaLap is there a way of having salt listen on IPv4 and IPv6?
16:29 schristensen joined #salt
16:29 karimb joined #salt
16:30 mpanetta joined #salt
16:30 MTecknology cvent is dogging pretty hard today. That's what you get when you use IIS
16:32 mdasilva joined #salt
16:32 madduck MaliutaLap: I would suggest not letting Salt listen on a public IP in the first place
16:33 madduck set up a VPN or whatever (or use autossh for automatic SSH tunneling) and then you can do whatever you want.
16:33 tkharju joined #salt
16:35 tligda joined #salt
16:35 tkharju joined #salt
16:36 tkharju joined #salt
16:36 zadock joined #salt
16:38 giannello joined #salt
16:39 giannello does git_pillar support authentication with ssh keys?
16:40 chip_ rudi_s: that may be a worthy endeavor, goodluck
16:41 chip_ stevednd: that is interesting, but maybe you want to look at combining consul/etcd with salt and maybe the events/reactor system?
16:41 chip_ giannello: I think so, yes
16:42 MaliutaLap madduck: so is salt-ssh a replacement for salt-minion?
16:43 MTecknology sorta, kinda
16:44 MTecknology salt-ssh is ideal if you need your salt server to reach out and do things on remote servers outside of your LAN
16:44 chip_ MTecknology: or if you just don't trust the raet/zmq transports
16:44 MaliutaLap MTecknology: I'm just starting with salt - and I do have hosts outside my LAN that I want to be able to configure
16:44 murrdoc i think its more if u dont want to isntall salt-minions
16:44 phpdave11 salt-ssh lets you use salt without installing salt software on your minions
16:45 murrdoc and can ssh to everywhere
16:45 murrdoc then use salt-ssh
16:45 murrdoc or what phpdave11 said
16:45 murrdoc raet and zeromq are pretty secure
16:46 Brew joined #salt
16:46 chip_ MaliutaLap: I think a better queation to ask is if you want to rely on SSH as the transport. for one reason or another, that may appeal to you. If you don't, then build a VPN and put salt over the VPN
16:46 Ozack-work joined #salt
16:46 MaliutaLap MTecknology: I'm basically looking at salt instead of puppet or chef
16:46 tkharju joined #salt
16:47 karimb joined #salt
16:47 dude^2 joined #salt
16:47 chip_ MaliutaLap: that is a great idea
16:47 chip_ puppet and chef will likely drive you nuts
16:47 phpdave11 it is
16:47 chip_ especially if you are capable with python
16:48 MaliutaLap python is not something I like - but I like ruby less
16:48 chip_ chef's use of ruby is a no-brainer for me. I could not be functional with it
16:48 StDiluted joined #salt
16:48 chip_ MaliutaLap: if you have someone who is competent with python on your team, you can feel nearly invincible with salt ;)
16:48 chip_ hah
16:48 chip_ but more seriously, the module/state setup in salt is critical to success
16:49 MaliutaLap I can be competent with it, just don't like it
16:49 MaliutaLap would rather perl if I had too
16:49 MaliutaLap or straight C
16:49 chip_ you poor soul
16:49 chip_ why so painful?
16:49 GabLeRoux joined #salt
16:49 chip_ either way, what I mean is that if you need, you can very easily create new modules/states to do what you need
16:50 chip_ salt keeps this sort of thing very accessible
16:50 chip_ you stay productive
16:50 phpdave11 you don't need to know python to use salt. i use salt-ssh and i haven't written any python yet.
16:50 chip_ at least, that is my experience with salt
16:50 MTecknology puppet was so damned painful and clunky. chef wasn't much better.
16:50 chip_ I'm only saying that comfort with python means you can knock down barriers other people run into
16:50 MTecknology If I was forced to use one of those or nothing at all, I'd choose nothing
16:50 MaliutaLap anything is better than cfengine
16:50 MTecknology or that
16:51 MTecknology I wasn't even willing to try cfengine
16:51 MaliutaLap cfengine was a major cluster fuck
16:51 MTecknology I started with salt when I considered salt unusable. I decided that if salt is the best out there, screw it, I'll write scripts to manage things.
16:51 MTecknology A year and a half later, I looked at salt again and fell in love.
16:52 MaliutaLap people are raving about ansible
16:52 twellspring MaliutaLap:  ansible also uses ssh as its main transport.   I used that at my previous job, and liked that but chose salt for my new job.
16:52 MTecknology salt-ssh and ansible are on the same playing field
16:52 chip_ MaliutaLap: ansible is great if you like accepting their pattern at solving problems
16:52 chip_ MaliutaLap: I think salt is more flexible to use, but I haven't looked deeply at ansible in months
16:52 MTecknology If you're managing a lot of networking equipment and the like, I'd probably say that ansible is a better choice. For systems, I'll choose salt every time.
16:53 chip_ MaliutaLap: I like that salt is more accepting and open about their development
16:53 MaliutaLap I'm looking about for a better way of doing things
16:53 MTecknology I'm getting really excited for SaltConf. I'm not having my ability to go revoked this year. :)
16:53 chip_ lucky
16:54 chip_ I don't envy you, but I do want to be there
16:54 chip_ :)
16:54 MTecknology Last year, I was told last minute that I don't get to go.
16:54 * chip_ sadface
16:54 MTecknology I'm still livid about it, but... the things I broke at work and the raise I forced them into giving me helped
16:54 twellspring Salt's community has been much more responsive than Ansible's was for me ... that has made a huge difference for me.
16:54 iggy jacksontj: if you need any other info for #20065, let me know
17:02 beneggett joined #salt
17:06 hal58th joined #salt
17:07 intellix joined #salt
17:12 joehoyle joined #salt
17:12 clintberry joined #salt
17:13 joehoyle left #salt
17:15 glyf joined #salt
17:17 MTecknology What time of day is SaltConf done on the 5th? I imagine it's after checkout time. I don't know how this kinda thing works. :(
17:18 pdayton joined #salt
17:19 quickdry21 joined #salt
17:21 iggy there's a full schedule on the site
17:23 murrdoc oh word
17:24 MTecknology So we're done by 15:00. Check out time is going to be well before that that. What do people usually do with their luggage during that time?
17:24 murrdoc ask iggy
17:24 murrdoc its par for the course on this chan
17:25 murrdoc :D
17:25 iggy first conference for me
17:25 iggy I'm only bringing one pair of pants for the whole week, so I should be good
17:25 murrdoc MTecknology:  u can leave it at the thotel
17:25 iggy maybe some shorts to do snow angels in
17:26 phx why not salt-angels?
17:26 MTecknology murrdoc: Thanks. I've always just come back the following day, but because of the room rate, they're wanted me to not stay the extra day.
17:27 fllr joined #salt
17:27 iggy that's why I'm staying at the hell hole a couple blocks away
17:27 jY MTecknology: most every hotel will hold luggage for you after checkout
17:27 iggy it's only 3.5 stars... might as well be staying in a smelly hostel
17:27 MTecknology jY: awesome :)
17:28 phx hostels are a good place for meeting traveling young ladies
17:28 seanz joined #salt
17:28 _JZ_ joined #salt
17:28 jY MTecknology: ya just ask the front desk.. i do it all the time
17:28 MTecknology iggy: They pulled my conference plans last minute last year. They're going to pay for me to enjoy that crap out of it this time. :)
17:29 iggy yeah, I'm actually flying in Saturday and spending a few days enjoying SLC before the conference
17:29 GabLeRoux joined #salt
17:29 talwai joined #salt
17:29 neogenix joined #salt
17:30 talwai Can anyone enlighten me as to {{ self }} is supposed to point to in a top.sls file?
17:30 talwai *what {{ self }}
17:30 TheThing joined #salt
17:30 talwai Looking at this page in the docs: http://docs.saltstack.com/en/latest/topics/targeting/grains.html#matching-grains-in-the-top-file
17:30 iggy you probably shouldn't use jinja much in top files
17:31 spookah joined #salt
17:32 talwai @iggy I wouldn't be trying to if it didn't seem like an approach 'blessed' by the saltstack docs. Question still stands though: what is  {{ self }} here?
17:32 desposo joined #salt
17:32 murrdoc we are all trying to find {{ self }} man
17:33 beneggett joined #salt
17:33 iggy I believe it's "node_type"?
17:33 murrdoc self means the node_type in the context
17:34 iggy I don't know many people that use a strict node_type though... you see "roles" used more often (and it's almost always a list)
17:35 iggy I wouldn't say that method is blessed, it was just someone trying to show how clever they could be with jinja
17:36 neogenix_ joined #salt
17:37 talwai @iggy got it, that makes sense. Any particular reason you avoid using jinja in topfiles? Haven't come across a need to myself, but wondering why best practice is to avoid it
17:37 KyleG joined #salt
17:37 KyleG joined #salt
17:38 snave joined #salt
17:38 Auroch joined #salt
17:38 murrdoc there is a note on there which links to a current issue
17:40 shaggy_surfer joined #salt
17:40 iggy I'm not saying it's strictly verbotten, but trying to get clever for clever's sake usually makes things harder for other people to figure out
17:42 smcquay joined #salt
17:42 twellspring So is there somewhere that more clearly defines how {{ self }} works?
17:42 iggy jinja docs?
17:44 snave Hi, I've had a salt master running for about a year now.  There's been a lot of upgrades, which is great.  Some of the upgrades seem to cause connectivity issues between master and minions.  Anybody use an existing tool or module to monitor if/when a minion drops off?
17:52 madduck MaliutaLap: I am not advocating salt-ssh
17:52 madduck I am just saying you should not run salt-master on a public IP
17:52 scott2b joined #salt
17:55 schlueter joined #salt
17:56 scott2b joined #salt
17:59 aw110f joined #salt
18:02 rojem joined #salt
18:02 casey|sfe i have changed some data in the pillar and refreshed it but it is not replacing templated files that should have changed
18:03 casey|sfe when i run the state
18:03 iggy snave: do they go away for good? or do you just have to send a couple test.ping's to get them back?
18:04 sine_nitore joined #salt
18:05 casey|sfe i would assume it builds the templates out and compares them to the file on the minion
18:05 snave iggy: they just lose connectivity to the master
18:05 casey|sfe is that not right?
18:05 casey|sfe do i have to tell it to update the file if changed?
18:05 LotR joined #salt
18:05 iggy casey|sfe: paste some code
18:06 snave iggy:  once I update the salt-minion package they are back up and running
18:06 snave I think I am going to write a script that does a test.ping a couple times a day and records any diff's in respondents
18:06 iggy snave: so it's a versions not matching thing? or do you think just restarting the minion kicks them back into gear?
18:07 iggy snave: there's the manage runner
18:07 esogas_ joined #salt
18:07 aron_kexp joined #salt
18:07 snave iggy:  not positive, but I think it may be a version matching issue.
18:08 iggy snave: what version? for the most part, 1 major version should be okay, but if you jumped from say 0.17 to 2014.7, I wouldn't be surprised
18:08 patrek joined #salt
18:08 freelock joined #salt
18:09 casey|sfe iggy: https://gist.github.com/caseydentinger/40c5df9f463ce13d9f3e
18:09 casey|sfe i feel like i'm missing something obvious
18:09 keeth joined #salt
18:09 ventris joined #salt
18:09 oblio joined #salt
18:09 superseb joined #salt
18:09 cwright joined #salt
18:09 Barbarossa joined #salt
18:09 Laogeodritt joined #salt
18:09 iggy casey|sfe: you checked pillar.item php to make sure the value is changing?
18:09 nyov joined #salt
18:10 lz-dylan joined #salt
18:10 lytchi joined #salt
18:10 sc` joined #salt
18:10 evidence joined #salt
18:10 canci joined #salt
18:10 MTecknology joined #salt
18:10 Damon joined #salt
18:10 snave iggy:  it's a jump comparable to what you cited
18:10 lynxman joined #salt
18:10 SaveTheRbtz joined #salt
18:10 snave we have a bunch of dev machines that have a tendency to fall behind
18:11 casey|sfe iggy: my bad
18:11 casey|sfe i was missing something obvious indeed
18:11 casey|sfe i just had edited the code that places the files and forgot to change it back
18:12 iggy snave: yeah, unfortunately, those kind of steps just don't get tested (and generally aren't supported beyond a "best effort")
18:12 snave iggy: understandable... it's really our issue.  just wanted to catch it with monitoring
18:13 agj joined #salt
18:13 sifusam joined #salt
18:13 Cottser|away joined #salt
18:13 nlb joined #salt
18:13 nlb joined #salt
18:13 nicksloan joined #salt
18:13 emid joined #salt
18:13 stooj joined #salt
18:14 iggy snave: yeah, I'd look at the manage.{up,down,etc} salt runners
18:14 iggy sudo salt-run manage.down
18:14 iggy and maybe use a custom outputter to get the output in machine readable form
18:14 snave iggy:  thanks I'll check it out
18:15 iggy or a returner to a database that you can then poll/run statistics off of
18:15 rap424 joined #salt
18:16 neogenix joined #salt
18:16 djinni` joined #salt
18:20 bregalad joined #salt
18:20 cwyse joined #salt
18:21 penguin_dan joined #salt
18:21 ksalman joined #salt
18:22 monokrome joined #salt
18:22 mike25de joined #salt
18:22 markm__ joined #salt
18:22 Guest31320 joined #salt
18:26 chris_m joined #salt
18:27 chris_m afternoon all! (Well, those in edt).    Has anyone used salt to manage weblogic, f5, or any middleware stack?  looking for some good use-cases
18:28 murrdoc you guys ever have a state show no output during show_sls
18:29 robawt murrdoc: only when something ain't right
18:29 robawt ;)
18:29 murrdoc hahah
18:30 murrdoc thanks man
18:30 robawt <-- captain obvious
18:30 Ryan_Lane joined #salt
18:31 bluenemo joined #salt
18:31 bluenemo joined #salt
18:34 Flusher joined #salt
18:36 ramishra_ joined #salt
18:38 iggy murrdoc: I've run across a few formulas that gate whole files based on grains (f u zookeeper-formula and graphite-formulate)
18:38 murrdoc ok
18:39 murrdoc i have lost context sorry
18:39 murrdoc basically a macro is not running
18:41 Brick joined #salt
18:41 N-Mi joined #salt
18:43 shaggy_surfer joined #salt
18:49 Guest91989 joined #salt
18:58 glyf joined #salt
18:58 Ryan_Lane joined #salt
18:59 ALLmightySPIFF joined #salt
19:00 rojem joined #salt
19:02 joehoyle joined #salt
19:03 nitti_ joined #salt
19:05 nitti__ joined #salt
19:12 forrest joined #salt
19:13 forrest joined #salt
19:19 druonysus joined #salt
19:19 druonysus joined #salt
19:21 shaggy_surfer joined #salt
19:23 druonysus joined #salt
19:23 druonysus joined #salt
19:24 _2_ghost joined #salt
19:30 Ox joined #salt
19:33 mdasilva joined #salt
19:41 smkelly I'm trying to iterate over a list in a jinja template but remove an item: mylist|reject("equalto", grains.domain)||join(" ")   but jinja is saying the equalto test doesn't exist even though ti is documented on http://jinja.pocoo.org/docs/dev/templates/#builtin-filters   any ideas?
19:47 saltguy joined #salt
19:47 saltguy hi all
19:49 felskrone joined #salt
19:49 Tritlo joined #salt
19:51 Ox joined #salt
19:52 saltguy I am setting up a webhook for salt-cloud ec2-autoscale-reactor
19:53 saltguy I can't get the webhook to work
19:53 thedodd joined #salt
19:53 saltguy an Amazon it just says pendingconfirmation forever
19:53 saltguy in Amazon*
19:53 ALLmightySPIFF joined #salt
19:54 ajw0100 joined #salt
20:06 smcquay joined #salt
20:23 schlueter joined #salt
20:24 TyrfingMjolnir joined #salt
20:28 popus joined #salt
20:30 felskrone joined #salt
20:32 paha joined #salt
20:33 smkelly hm, it appears the jinja that salt comes with has no equalto test :(
20:34 zadock joined #salt
20:39 TheThing_ joined #salt
20:47 ajw0100 joined #salt
20:57 timoguin joined #salt
20:58 amcorreia_ joined #salt
21:00 mgw does gitfs work in a masterless setup for installing formulae?
21:02 robawt mgw: it should, it's just a way to configure salt to read from a git repo
21:03 Ryan_Lane joined #salt
21:05 smcquay joined #salt
21:07 dude051 joined #salt
21:09 twellspring joined #salt
21:09 dude051 joined #salt
21:11 glyf joined #salt
21:16 snave left #salt
21:17 redzaku joined #salt
21:20 JDiPierro joined #salt
21:22 tzero hey guys, new saltine (is that the correct term?) here, reading through the getting started guide, coming from ansible, and running from chef. in general, are resources defined in states applied in order? also, with ansible's model, setting up clustered services is easy; can the same be done with states?
21:23 aparsons joined #salt
21:24 pdayton joined #salt
21:25 tzero I just see provisioning out a salt minion with ansible (to also register it with DNS, add it to Sensu, whatever), and taking care of any clustered services manually. As for standalone servers, those can leverage states through salt
21:26 tzero s/provisioning/bootstrapping/
21:26 jY tzero: by default they are applied in order listed in the sls file
21:27 tzero cool, and I guess there is a separate ordering parameter(?) if necessary?
21:27 tzero although having things execute in order is great; ain't nobody got time for that chef precedence BS :P
21:27 shaggy_surfer joined #salt
21:28 jY http://docs.saltstack.com/en/latest/ref/states/ordering.html
21:29 keeth joined #salt
21:29 tzero ooo cool
21:30 signull_ joined #salt
21:34 glyf joined #salt
21:34 aparsons joined #salt
21:36 Ox joined #salt
21:36 aparsons_ joined #salt
21:37 iggy mgw: I'm pretty sure gitfs requires a master
21:38 timoguin 2014.7 is supposed to have gitfs support in masterless.
21:38 aparsons joined #salt
21:38 timoguin But I haven't tried it yet.
21:38 timoguin And I think it may only work for states, not pillar.
21:39 * iggy stuck on 2014.1 :(
21:39 murrdoc joined #salt
21:40 iggy tzero: also, look at orchestrate for running multiple states on multiple hosts in one run (i.e. highstate a webserver, deploy code, add it to a load balancer, etc)
21:41 aparsons joined #salt
21:42 tzero whoa cool, I'll take a look
21:44 clintberry joined #salt
21:46 LeProvokateur joined #salt
21:48 murrdoc joined #salt
21:48 murrdoc joined #salt
21:49 twellspring joined #salt
21:50 I3olle joined #salt
21:54 kitp joined #salt
21:55 mgw Does "salt-call --local" ignore the "--file-root" option, or am I using it wrong?
21:55 mgw I did a trace level log
21:55 mgw and I don't see it getting picked up at all
21:56 mgw the path in question does not appear in the log
21:57 mgw and files in that dir are not listed by "cp.list_master"
21:59 Andre-B joined #salt
22:04 schristensen joined #salt
22:11 scott2b joined #salt
22:14 smcquay joined #salt
22:22 darkstarone joined #salt
22:34 aparsons_ joined #salt
22:36 signull joined #salt
22:37 jhauser joined #salt
22:38 chp1n joined #salt
22:39 chp1n left #salt
22:41 mrfileio joined #salt
22:42 mrfileio - onchanges:       - file: /opt/salt-workarea/uPortal3.tgz       - file: /opt/salt-workarea/SimpleContentPortlet-0.2.tgz
22:42 mrfileio is that an && or an ||, i.e. do they both have to change or just one?
22:42 shaggy_surfer joined #salt
22:42 StDiluted joined #salt
22:46 iggy mrfileio: from the docs I'd think &&
22:47 jalaziz joined #salt
22:47 I3olle joined #salt
22:49 mrfileio thanks iggy - I looked in there but it wasn't clear
22:51 iggy mrfileio: from looking at the code, it looks like && as well
22:54 jalaziz joined #salt
22:54 cotton joined #salt
22:55 mrfileio hmm, so if I wanted an ||, could I do this:
22:55 mrfileio - onchanges:       - file: /opt/salt-workarea/uPortal3.tgz     - onchanges:       - file: /opt/salt-workarea/SimpleContentPortlet-0.2.tgz
23:00 iggy you can't put 2 onchanges in one state
23:01 iggy I'm not really sure how you'd manage that... maybe 2 separate states?
23:05 theologian joined #salt
23:05 favadi joined #salt
23:12 mrfileio hmm, it's not complaining but maybe it's ignoring the first or the second
23:12 mrfileio yeah, i'll come up with a workaround - thanks again
23:16 iggy it won't complain
23:16 iggy it'll take the last one (I think)
23:16 iggy check it out in a yaml parser
23:16 iggy http://yaml-online-parser.appspot.com/
23:17 djallits joined #salt
23:17 pdayton joined #salt
23:21 emostar what is the best practice for storing the pillar data that contains passwords and private keys?
23:22 iggy you mean aside from storing it in the pillar?
23:22 spookah lulz
23:22 emostar iggy: yes, some kind of backup so if the server goes down i can get it up and running without having to manually rebuild the pillar files
23:23 iggy store it in git?
23:23 emostar is that what most people are doing?
23:23 yomilk joined #salt
23:23 iggy all of our states/formulas/pillars are in git... and I wrote a little ~50 line script that bootstraps a master and sets up all the git repos
23:24 iggy as far as I know
23:24 emostar hmm, alright thanks
23:24 iggy I'm sure there are other ways
23:25 emostar this was allt he docs had to say... http://docs.saltstack.com/en/latest/topics/best_practices.html#storing-secure-data
23:25 neogenix joined #salt
23:26 emostar basically "use pillar for passwords"
23:27 murrdoc joined #salt
23:28 twellspring joined #salt
23:28 favadi left #salt
23:37 xsteadfastx joined #salt
23:40 ajw0100 joined #salt
23:41 lothiraldan joined #salt
23:52 twellspring joined #salt
23:53 yomilk joined #salt
23:53 joehoyle joined #salt
23:59 bhosmer_ joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary