Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2015-02-10

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:00 notnotpeter TaiSHi: Looks like Club-Mate is Yerba based. https://clubmate-uk.com/about
00:00 notnotpeter Om nom nom.
00:00 TaiSHi notnotpeter, seriously? Lucky europeans
00:00 notnotpeter Yeah, ClubMate is always the gift I ask for when people visit Germany.
00:00 TaiSHi We use mate for everything, study, work, chat
00:01 TaiSHi It has medium caffeine content
00:02 scott2b I have a salt-cloud provider & profile setup that successfully provisions instances with salt-cloud -p, however when I reference the profile in a cloud.profile state, I get a profile not defined error. Is salt not looking in /etc/salt/cloud.profiles.d? Is there something I need to do so that it does? Or am I supposed to put the cloud conf files somewhere where salt can find them?
00:02 TaiSHi MTecknology, still around?
00:02 TaiSHi scott2b, paste conf (edit the keys) + output
00:03 MTecknology TaiSHi: I've seen all of these considered "standards" http://dpaste.com/1SSXFFF   In python you have one option...  http://dpaste.com/08DVRRP
00:03 hasues joined #salt
00:03 hasues left #salt
00:03 TaiSHi I'm saving that one for later
00:04 TaiSHi I have a tech question MTecknology, it aint pretty :P
00:04 badon joined #salt
00:04 scott2b http://dpaste.com/1K3V0TD
00:04 MTecknology Is it right for this channel or is #ngx-social better?
00:04 scott2b that’s my profile
00:05 munhitsu___ joined #salt
00:05 TaiSHi MTecknology, mind if I pm you?
00:05 MTecknology go for it
00:05 eliasp murrdoc: no go, vote! https://github.com/saltstack/salt/issues/20536
00:06 murrdoc 22 seconds
00:06 murrdoc i smell collusion
00:06 eliasp ha! ;)
00:06 TaiSHi scott2b, paster provider and console output please
00:06 scott2b 1 sec
00:06 eligos joined #salt
00:07 murrdoc iggy:  vote please https://github.com/saltstack/salt/issues/20536
00:07 scott2b error is: Comment: Failed to create instance stg-mongox using profile base_ec2_private: Profile base_ec2_private is not defined
00:08 lnxnut_ joined #salt
00:08 jalaziz joined #salt
00:08 notnotpeter scott2b: So are you extending an existing profile?
00:09 seblu joined #salt
00:09 notnotpeter Cause I know extends can only be one-level deep.
00:09 scott2b http://dpaste.com/3KBR2VR
00:10 scott2b I don’t think so
00:10 scott2b just pasted the provider. I am using the profile in a state
00:10 scott2b looks like:
00:10 scott2b stg-mongox:
00:10 scott2b cloud.profile:
00:10 scott2b - profile: base_ec2_private
00:10 mdupont joined #salt
00:12 TaiSHi Bye all, dinner awaits
00:12 murrdoc later slacker
00:12 murrdoc if u know a lisandro cardoso
00:13 murrdoc tell him i said WASSUP
00:13 TaiSHi I know him not! :P
00:13 murrdoc there must be a lot of argentinians
00:13 TaiSHi scott2b, your profile is ec2-east-private-ips, not ec2-east-private
00:13 murrdoc HAHAHAHAHA
00:13 mattl joined #salt
00:13 TaiSHi 40 millions!
00:13 nkuttler joined #salt
00:13 murrdoc too many
00:13 scott2b doh seriously?
00:13 iggy that feature doesn't interest me at all
00:13 TaiSHi Yeah
00:13 scott2b oh geez. thanks
00:13 TaiSHi Off now, take care!
00:13 TaiSHi No prob, /hug
00:15 copelco joined #salt
00:17 scott2b ah, yeah, so that is really my provider not my profile. Profile is referenced correctly
00:21 neogenix joined #salt
00:22 akoumjian joined #salt
00:22 hal58th1 joined #salt
00:24 scott2b so, trying again. I have working salt-cloud configs, but salt is not finding them — I get a profile not defined error when referencing in a state with cloud.profile. Any thoughts on why this would happen? It seems to me that salt is not looking in /etc/salt/cloud.profiles.d
00:25 murrdoc service.running doesnt restart a service ?
00:26 wavis joined #salt
00:27 JonGretar joined #salt
00:27 MTecknology murrdoc: nope, not without -watch
00:28 eligos joined #salt
00:29 neogenix Is there any simple way of when I update the minion config (for example to add MySQL configuraiton variables) to have it work in the existing / current run ?
00:31 jcockhren neogenix: as a general rule, module configuration can go in pillars too
00:31 neogenix @jcockhren thanks!
00:31 TTimo joined #salt
00:31 mihait joined #salt
00:32 grepory joined #salt
00:33 jcockhren neogenix: fwiw, I don't see it in the module docs for mysql (I used to be there)
00:33 jcockhren it*
00:33 jcockhren for returners, I think, it has to be in the config file
00:33 jcockhren though*
00:34 neogenix @jcockhren: I had it in the config file, and it works on the second run, but that’s because the first run puts down the mysql minion configuration, and then the second run reads the config that the first run puts down.
00:35 neogenix jcockhren: I’ve an alternative way to do it, just hoped there was a way to have the minion re-read it’s config somewhre through the run.
00:35 redzaku joined #salt
00:35 iggy anything that uses config.get reads pillar, grains, minion config, master config
00:35 davedash joined #salt
00:35 scott2b is there a way for me to see where salt is looking for cloud profiles since it does not seem to be looking in /etc/salt/cloud.profiles.d?
00:41 MTecknology strace?
00:41 notnotpeter salt-cloud -l debug
00:42 scott2b I think I might be understanding something I did not. This from the docs: Because the actual work will be performed on a remote minion, the normal Salt Cloud configuration must exist on any target minion that needs to execute a Salt Cloud command.
00:42 scott2b so, do I need to push the cloud conf files to the minion to get cloud.profile and cloud.provider states to work?
00:45 scott2b if this is the case, how do you bootstrap provisioning? Do you have to have a minion up and running before you can begin provisioning via states using cloud.provider or cloud.profile?
00:45 whiteinge joined #salt
00:46 eligos joined #salt
00:46 scott2b I mean cloud.present or cloud.profile
00:47 iggy in general however you are bootstraping things, you are going to have to have something to start with
00:48 badon_ joined #salt
00:48 scott2b “something” meaning a minion right? since the master will not actually execute those states?
00:48 iggy in your case, it would seem a minion
00:49 iggy some people use salt-cloud directly
00:49 iggy I wrote a script that talks directly to the google API that spins up our master, sets it up to pull states/pillars from git and then everything builds from there
00:50 iggy so... that's at least 3 ways (there are others)
00:50 scott2b right, that makes sense. I’m mostly just trying to make sense of how it works. I had those configurations thinking conceptually that the master would ensure the provisioned node, but I am now seeing it doesn’t work that way
00:50 GabLeRoux joined #salt
00:52 scott2b it was looking to me like salt was not looking in the cloud .d directories for conf files — but I think that the problem is that it is looking for them on the minion and not the master where I have them
00:53 ajw0100 joined #salt
00:53 druonysuse joined #salt
00:54 yomilk joined #salt
00:56 jansauer joined #salt
00:56 joehh codekobe, basepi: someonee spotted that last night - new packages being built as we speak...
00:57 badon joined #salt
00:57 LinuxHorn joined #salt
00:59 iggy scott2b: correct, I think that's why most people tend to use salt-cloud from the master
00:59 scott2b right. thanks!
01:00 iggy I mean I guess the thinking is the master already has tons of (potentially) sensitive info, might as well make it the base of ops for everything else
01:00 Singularo joined #salt
01:02 iggy scott2b: I think one common use for the states like that is say something like: your load balancer hits a high watermark, it can fire off a reactor event that says to spin up another web node, the master can then do the talking to your provider (the master can be a minion too) to spin up the new node
01:02 iggy you could just as easily have your LB node do it too if you didn't mind it having access to your cloud credentials
01:02 scott2b so you don’t think people are using states as a form of managing and documenting their standard server setup?
01:03 m0nky joined #salt
01:03 iggy I doubt it (seeing as that support is still fairly new)
01:04 iggy when we started deploying salt it's cloud capabilities were so limited (and tempermental with GCE no-less) we couldn't even use salt-cloud to the most basic things
01:04 scott2b huh ok. I think using salt-cloud directly is fine, but I kind of liked the idea of keeping all that insance info in state form — then if somebody needed to add an instance, it is clear what they need to do, they don’t have to learn to use salt-cloud, they just make a new state
01:05 iggy if that is powerful enough for you, go for it
01:05 scott2b oh, yeah, not doing anything too fancy
01:05 iggy I'm sure they'd love more people to start using that code and giving them feedback on any shortcomings
01:06 iggy but yeah, just make sure your master is doing everything (or give all your minions the cloud credentials)
01:06 scott2b I’m going to think about it some more, but happy to be getting my head around how it works. Thanks for your help!!!
01:06 iggy that's what we are here for
01:06 iggy just fyi, had you pasted (sanitized) configs and the commands you were running, we probably could have told you what your problem was hours ago
01:07 iggy I know I could have, because I hit the same thing you did
01:07 scott2b oh, I did paste above, but my problem was misdiagnosed
01:08 iggy I saw you ask the question a few times, but didn't see any configs or commands
01:08 scott2b but not a problem really. It was one of those fundamental things where I was looking at everything all wrong
01:08 scott2b dpasted above
01:08 jonasbjork joined #salt
01:08 scott2b TaiSHi had a look
01:08 gladiatr joined #salt
01:09 eligos joined #salt
01:09 scott2b but mixed up my provider and profile
01:10 scott2b but not a problem. I still haven’t verified that my new understanding is correct, but it changes the whole way of looking at the problem, so I need to go back and check it all out with new insight. Really appreciate the help
01:13 aquinas joined #salt
01:14 murrdoc salt is so like strict
01:14 murrdoc like just like come on bro
01:14 murrdoc just install the pkg
01:15 murrdoc why u need to auth the package bro
01:15 murrdoc hook it up
01:15 TTimo joined #salt
01:15 murrdoc ./me back to drawing board
01:17 scott2b I do have another question though. If I need to get the cloud conf files onto a minion to provision via state, is there a reason I should not just make the master also a minion and have it do the provisioning instead of pushing those files out to some other arbitrary instance?
01:19 aqua^mac joined #salt
01:20 yomilk joined #salt
01:21 mapu joined #salt
01:22 jdowning joined #salt
01:22 joehh updated packages for ubuntu gone up to ppa, fixing salt-api upstart script issue - still building on launchpad, will be available shortly
01:23 wincus joined #salt
01:27 otter768 joined #salt
01:28 AbyssOne joined #salt
01:28 I3olle_ joined #salt
01:30 micko1 joined #salt
01:33 eligos joined #salt
01:34 cberndt joined #salt
01:42 druonysuse joined #salt
01:47 ekristen joined #salt
01:48 rgarcia_ joined #salt
01:49 neilf_______ hi all
01:49 neilf_______ https://gist.github.com/DanielBryan/7466a35d1b4f82eac7c8
01:49 neilf_______ I found this gist while googling
01:49 mgw joined #salt
01:49 neilf_______ Anyone know if this bug in salt has been resolved?
01:49 neilf_______ where archive.extracted fails bcause it claims the file is missing
01:50 JDiPierro joined #salt
01:51 scott2b joined #salt
01:52 murrdoc iggy:  u around, apt.ly question
01:52 eagles0513875 joined #salt
01:54 beneggett joined #salt
01:57 jansauer joined #salt
02:02 eligos joined #salt
02:04 mgw joined #salt
02:04 ekristen joined #salt
02:07 dude051 joined #salt
02:09 hasues joined #salt
02:09 hasues left #salt
02:09 druonysuse joined #salt
02:10 MatthewsFace joined #salt
02:12 LinuxHorn joined #salt
02:15 GabLeRou_ joined #salt
02:17 GabLeRou_ joined #salt
02:18 GabLeRou_ joined #salt
02:22 scott2b left #salt
02:23 dude051 joined #salt
02:26 JDiPierro joined #salt
02:26 lnxnut joined #salt
02:28 Auroch joined #salt
02:30 bhosmer joined #salt
02:32 beneggett joined #salt
02:35 eligos joined #salt
02:37 yomilk joined #salt
02:38 dude051 joined #salt
02:39 lnxnut joined #salt
02:41 smcquay joined #salt
02:41 aparsons joined #salt
02:45 nitti joined #salt
02:51 bhosmer joined #salt
02:53 eligos joined #salt
02:53 mosen joined #salt
02:57 jonasbjork joined #salt
02:58 jansauer joined #salt
03:01 atree joined #salt
03:01 otter768 joined #salt
03:02 beneggett joined #salt
03:08 GabLeRou_ Hello, is it a good idea to setup own computer as a salt master? I have a single website I've setup with a complete django, gunicorn, supervisor stack and I don't plan to have multiple servers. It is currently setup to use master: localhost file_client: local, but that way, I always have to ssh to the server, update git repo and then call state.hightstate on it.
03:08 GabLeRou_ Is there a simple way to manage minions from a personal computer as a master?
03:08 GabLeRou_ In other words, I'd like to have a basic one command to deploy/update the server. All I can think of right now is using fabric to run git pull and salt-call state.highstate. That would be simple, but I'm asking here to know if there's a recommended way of doing this without having to setup a master server available online. :)
03:08 TheoSLC joined #salt
03:12 druonysuse joined #salt
03:12 jcockhren GabLeRou_: someone was working on a internactive CLI tool for interacting with a salt master
03:12 jcockhren GabLeRou_: https://github.com/saltstack/pepper
03:13 jcockhren closest thing to what you're requesting
03:13 clintberry joined #salt
03:14 GabLeRou_ Yup, that sounds good, I'll give this a try, thanks jcockhren :)
03:18 ajw0100 joined #salt
03:23 jdowning joined #salt
03:24 ajw0100 joined #salt
03:25 GabLeRoux joined #salt
03:29 lnxnut joined #salt
03:31 joehh \join #salt-dev
03:31 joehh irc fail....
03:31 carmony joined #salt
03:33 mosen I didnt know there was a dev, I'm living a lie
03:33 jerematic joined #salt
03:34 GabLeRoux isn't #salt-devel?
03:44 eligos joined #salt
03:45 Madhurranjan joined #salt
03:45 favadi joined #salt
03:48 druonysuse joined #salt
03:48 druonysuse joined #salt
03:51 dude051 joined #salt
03:52 Madhurranjan joined #salt
03:53 pdayton joined #salt
03:53 jstorey_ joined #salt
03:58 rihannon joined #salt
03:58 joehh yep - double irc fail...
03:58 joehh got there eventually :)
03:59 jansauer joined #salt
04:01 TTimo joined #salt
04:07 neogenix joined #salt
04:08 JlRd joined #salt
04:12 atree joined #salt
04:14 dude051 joined #salt
04:19 mgw joined #salt
04:28 mgw joined #salt
04:32 rihannon joined #salt
04:33 echtish joined #salt
04:34 subsignal joined #salt
04:38 jalaziz joined #salt
04:40 felskrone joined #salt
04:41 felskrone joined #salt
04:42 rihannon joined #salt
04:42 bnikol joined #salt
04:46 jonasbjork joined #salt
04:51 lnxnut joined #salt
04:52 kermit joined #salt
04:52 Kjas joined #salt
04:53 Kjas https://media.readthedocs.org/pdf/salt/latest/salt.pdf i only see an icon ><
04:59 dude051 joined #salt
05:00 jansauer joined #salt
05:21 lnxnut joined #salt
05:23 javaserver joined #salt
05:24 jdowning joined #salt
05:42 TTimo joined #salt
05:47 DaveQB joined #salt
05:50 jkleckner joined #salt
05:53 ramteid joined #salt
05:57 MTecknology Kjas: heh.. interesting
06:01 jansauer joined #salt
06:01 jonasbjork joined #salt
06:10 Madhurranjan joined #salt
06:10 Ryan_Lane joined #salt
06:11 linjan joined #salt
06:12 MTecknology Kjas: RTD is working on it
06:16 Madhurranjan joined #salt
06:21 jonasbjork joined #salt
06:22 jalaziz joined #salt
06:23 calvinh joined #salt
06:25 felskrone joined #salt
06:26 calvinh joined #salt
06:28 krelo joined #salt
06:30 FRANK_T joined #salt
06:31 bhosmer_ joined #salt
06:32 bash124512 joined #salt
06:38 MatthewsFace joined #salt
06:51 lnxnut joined #salt
06:53 calvinh_ joined #salt
06:54 otter768 joined #salt
06:59 colttt joined #salt
07:01 quist``` left #salt
07:01 jansauer joined #salt
07:03 Ryan_Lane joined #salt
07:09 GabLeRoux joined #salt
07:09 favadi1 joined #salt
07:11 eligos joined #salt
07:23 hebz0rl joined #salt
07:29 zphds joined #salt
07:30 zphds Guys, is __grains__ available in custom grain modules? http://docs.saltstack.com/en/latest/topics/development/dunder_dictionaries.html doesn't mention it
07:32 kawa2014 joined #salt
07:34 KermitTheFragger joined #salt
07:35 slafs joined #salt
07:35 slafs left #salt
07:37 Auroch joined #salt
07:40 nullptr joined #salt
07:43 TTimo joined #salt
07:46 BigBear joined #salt
07:47 Ryan_Lane joined #salt
07:51 AndreasLutro joined #salt
07:52 Madhurranjan joined #salt
07:52 lnxnut joined #salt
07:55 trikke joined #salt
07:58 bluenemo joined #salt
07:58 bluenemo joined #salt
08:02 jansauer joined #salt
08:05 eseyman joined #salt
08:06 jansauer_ joined #salt
08:07 jonasbjork joined #salt
08:12 JlRd joined #salt
08:13 bash124512 joined #salt
08:15 karimb joined #salt
08:19 shadowsun left #salt
08:21 flyboy joined #salt
08:23 I3olle joined #salt
08:29 zphds joined #salt
08:31 Grokzen joined #salt
08:31 chiui joined #salt
08:35 quist joined #salt
08:48 alanpearce joined #salt
08:51 krelo joined #salt
08:54 AndreasLutro joined #salt
08:55 otter768 joined #salt
08:57 bash124512 any documentation on how to create your own states ?
09:02 phx lots
09:03 babilen bash124512: Start with http://docs.saltstack.com/en/latest/topics/tutorials/ → 3.3 (but read the rest before that if you haven't already)
09:04 babilen But yeah, that is probably the best documented aspect of salt ;)
09:05 bash124512 I meant write your own python custom state files
09:05 babilen If you are referring to "writing a state module" you'd find that in http://docs.saltstack.com/en/latest/ref/states/writing.html
09:05 CeBe joined #salt
09:06 babilen You would typically start by writing an execution module (cf. http://docs.saltstack.com/en/latest/ref/modules/ ) on top of which you'd implement your states
09:09 bash124512 thanks babilen
09:10 bash124512 salt already has a execution module for monit and I'll try to create a state file module for it
09:12 Furao joined #salt
09:12 babilen Great! I simply wanted to make sure that you don't implement everything in your state module, but leave the functions that actually *do* things in an execution module
09:13 [LF] joined #salt
09:16 Madhurranjan joined #salt
09:20 Nazca joined #salt
09:21 babilen Any reason why http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.saltutil.html#salt.modules.saltutil.pillar_refresh exists if what you want is actually saltutil.refresh_pillar ?
09:22 * babilen is always unsure about the order and about pillar/pillars
09:22 evle joined #salt
09:25 Xevian joined #salt
09:26 jdowning joined #salt
09:32 al joined #salt
09:33 I3olle joined #salt
09:34 lietu joined #salt
09:37 paulm- joined #salt
09:39 paulm-- joined #salt
09:47 Nazca__ joined #salt
09:47 zer0def joined #salt
09:48 zer0def ok, dumb question on salt-ssh: if i'm getting a: "cannot import name CertificateError", what am i doing wrong?
09:48 zer0def that's regardless of target host
09:50 zer0def source host i'm calling salt-ssh from is ubuntu 14.10
09:51 ocdmw joined #salt
09:53 jhauser joined #salt
09:53 yawniek_ in my cloud.profile i added the -A script args so that the new minions get the master set (somehow minion:master: does not work). however in the end it complains that the master already knows the key. how am i supposed to set the master with salt-cloud ?
09:55 ralala joined #salt
09:57 linjan joined #salt
09:58 BigBear joined #salt
10:02 Guest15 joined #salt
10:06 zer0def ok, nevermind, just found the ticket discussing the issue
10:08 zer0def strangely enough though, it didn't happen the week before
10:15 primechuck joined #salt
10:19 marfri joined #salt
10:24 N-Mi joined #salt
10:29 linjan joined #salt
10:31 giantlock joined #salt
10:32 donmichelangelo joined #salt
10:33 bhosmer joined #salt
10:43 ptinkler joined #salt
10:45 ptinkler Hi guys, having abit of  trouble understanding the password hash of the salt.user state. I have to put in the hash of the password I want? that seems... like it shouldn't work
10:46 Furao you need to gneerate the hash
10:46 TTimo joined #salt
10:46 Furao I wrote a custom salt module for that
10:47 Furao https://doc.robotinfra.com/doc/modules/password.html#_modules.password.encrypt_shadow
10:48 ptinkler right, only "It’s not meant for secure usage. For that use pillar." <-- I'm trying to use a pillar
10:48 ptinkler I already generated a password that I want to use
10:49 ptinkler but if I do `    - password: {{ pillar['password'] }}` in the user state
10:49 Furao what that mean is that the password consumed by this mdoule is in clear text
10:50 ptinkler I'm not sure I follow
10:51 ptinkler hang on I'll do a pastebin
10:51 Madhurranjan joined #salt
10:52 ptinkler http://pastebin.com/z2qrdnsN
10:52 ptinkler given that setup, I'd expect "myuser" to be created with password "testing"
10:53 ptinkler but it isn't, I've no idea what the password is for "myuser"
10:56 otter768 joined #salt
10:57 ptinkler so is it taking "testing" as the hash of a password rather than the password itself? how does that even work, you can't get back to a password from the hash
10:57 marfri ptinkler: yes, thats how it works
10:57 marfri it stores the hash in your etc/shadow
10:58 ocdmw joined #salt
10:58 marfri read this to know how to generate the hash of your "testing": http://unix.stackexchange.com/questions/52108/how-to-create-sha512-password-hashes-on-command-line
10:59 marfri ptinkler: or rather: http://stackoverflow.com/questions/25077699/saltstack-create-user-password-is-not-set
11:00 ptinkler alright, I apparently have some gaps in my knowledge :) I'll do some reading, thanks
11:03 calvinh joined #salt
11:05 Striki anyone else having issues with pip.installed not being executed until on second run, even though all requirements all satisfied?
11:08 I3olle joined #salt
11:08 N-Mi joined #salt
11:08 bash1245_ joined #salt
11:10 amcorreia joined #salt
11:11 BigBear joined #salt
11:12 CeBe joined #salt
11:13 jalaziz joined #salt
11:13 zer0def joined #salt
11:14 amcorreia_ joined #salt
11:22 bhosmer joined #salt
11:23 Madhurranjan joined #salt
11:25 lietu can I somehow in pillar define e.g. a list of packages to be installed? normally I've made a jinja for loop, but can I loop through pillar variables? something like pkgs: - foo - bar, then {% for pkg in pillar["pkgs"] %} ?
11:26 diegows joined #salt
11:26 jdowning joined #salt
11:29 hojgaard joined #salt
11:31 jonasbjork joined #salt
11:32 wnkz joined #salt
11:33 BigBear joined #salt
11:34 Striki lietu: yep
11:34 Striki then you can do like
11:34 Striki {%- for name in pillar["pkgs"] %}
11:34 Striki just like you said :P
11:35 Striki to loop through a dictionary, you would to {%- for key, val in pillar["pkgs"].iteritems() %}
11:35 Striki for example
11:35 Striki but if you use the yaml syntax you mentioned, then you have a list so you would do it like you said. I would recommend to add the - after {% otherwise jinja will print out an empty line for every iteration of the loop
11:36 Striki in some cases it might cause parsing errors of the yaml file
11:38 lietu ah ok.. thanks!
11:38 Striki np
11:39 calvinh_ joined #salt
11:40 calvinh_ joined #salt
11:40 ptinkler marfri: I've got the password hash thing sussed now. Any  chance you know about hiding postgresql (f.e.) passwords in pillars? because I think they do need to be plain text in the pillars..
11:44 calvinh joined #salt
11:44 Striki while using https://salt.readthedocs.org/en/latest/ref/states/all/salt.states.postgres_user.html#module-salt.states.postgres_user ?
11:44 Striki not sure actually, but in worst case scenario you could provide it on the command line while calling the state
11:44 Striki not an ideal solution
11:45 Striki but maybe not the worst either, since even though you store the password hashed, it's always nicer to not have to store it at all and only transfer it securely over the wire when needed
11:45 Striki but that depends on how you initialize the state execution
11:45 ptinkler yeah that's what I'm doing atm basically, but it seems awkward
11:45 Striki yeah I agree
11:45 ptinkler i'm running masterless atm so there is no transfer
11:45 Striki ah ok
11:46 malinoff joined #salt
11:46 ptinkler I'll keep doing what I'm doing for now. I'm just a bit confused that salt touts "pillars" as a way to store sensitive data i.e. passwords. Which presumably means storing things like the postgres password in plaintext on the salt server. so not sure how that's ever secure :)
11:46 Striki so if the built in state doesn't support using hashed passwords, you might be stuck in doing it yourself via cmd.run
11:47 Striki that's not secure :)
11:47 TTimo joined #salt
11:47 Striki do they advertise it as a good place to keep sensitive data?
11:47 bhosmer joined #salt
11:48 ptinkler http://docs.saltstack.com/en/latest/topics/tutorials/pillar.html
11:49 Striki that's funny, unless they have some ways of storing it in non-plaintext - but then they would need to be able to support symmetric encryption
11:49 Striki I mean asymmetric
11:49 ptinkler yeah that's the part that was puzzling me. especially as you'd surely want to store your salt-master states etc in version control
11:49 Striki exactly
11:50 ptinkler do people generally do it by passing the passwords in to the state execution cmd?
11:50 Striki don't know, but that is only "optimal" (so to speak) if you transfer it securely over the wire from a master
11:51 Striki but since it's masterless it's a bit more issue
11:51 Striki but
11:51 chiui joined #salt
11:51 ptinkler yeah I  was talking from a salt-master standpoint, i'm running masterless atm only as a stop gap until the master is set up
11:51 Striki you could save it in the pillar encrypted with your public key
11:52 Striki if you have the private key preinstalled on the server
11:52 Striki if that's safe enough
11:52 Striki but I guess you don't want to have the private key laying around there if the server is exposed to the internet
11:53 Striki hard to find a good solution here :)
11:53 ptinkler could do yeah, though still seems a bit flimsy, and with multiple devs
11:53 Striki yep
11:53 Striki :(
11:53 ptinkler interesting, ah well guess I'll think harder about it when the time comes
11:53 ptinkler until then the cmd line one works fine, cheers :)
11:53 Striki ok :)
11:53 Striki np
11:58 Striki btw. ptinkler, after reading about the "Highly Sensitive Data" at http://docs.saltstack.com/en/latest/topics/tutorials/pillar.html - it seems to me that they are talking about that you store the data in plaintext on the master and it's transferred securely over the wire
11:58 Striki which is not secure :)
11:59 Striki actually it's more or less what you said
11:59 Striki doesn't matter if it's on the minion in a masterless setup or on the master, it's still stored on the disk in plain text I suppose
11:59 malinoff Striki, you can always use a keepassx server and pull credentials from it (although it is not built in)
12:00 Striki malinoff: yep or use asymmetric encryption. there are of course workarounds
12:00 malinoff or something similar
12:00 Striki but if pillars are advertised as a place to store "highly sensitive data" (according to the docs), Salt should give you the possibility to store them encrypted
12:00 Striki and Salt would take care of the key handling or something
12:01 malinoff Where you suggest to store keys?
12:01 malinoff Or which key should salt use to encrypt the data?
12:02 malinoff You can't use rsa minion keys, becuase you will have to encrypt the data N times (where N is the number of minions)
12:02 malinoff This is a difficult topic and there are better tools to handle this issue
12:02 s0lar hiera-gpg can be used for puppet I know, but don't know how it can be solved in salt
12:04 Striki malinoff: yes it's a hard topic, so they shouldn't state that you can store highly sensitive data in pillars
12:04 calvinh joined #salt
12:04 malinoff but surely you can, if your master is safe enough
12:04 Striki :)
12:05 Striki nothing is
12:05 malinoff that's true for the keepassx server
12:05 malinoff you're saying buzzwords, the whole cryptography is not safe from the ideal, maths view
12:06 wincus joined #salt
12:07 Striki I'm not a cryptographer and I didn't mean to use some buzzwords. However, you know it's hard to trust anything nowadays.
12:08 malinoff I am; of course you can't trust anything, that's why you should probably encrypt the disk on your salt master, disable password authentication, and do other usual stuff to restrict unauthorized access
12:09 the_lalelu Striki: did you know http://docs.saltstack.com/en/latest/ref/renderers/all/salt.renderers.gpg.html
12:09 Striki hmm no I didn't
12:09 malinoff yes, pillars are stored as plain text, but once they're exposed, they are encrypted using AES key
12:10 the_lalelu Striki: worked here
12:10 Striki cool
12:10 Striki ptinkler: ^ :)
12:10 ptinkler aye, just saw that :)
12:10 Striki thanks for that. I would like to use that myself
12:12 markm joined #salt
12:13 faust joined #salt
12:14 Guest74249 Hi everybody, not sure this is normal but pdf version of documentation is just the salt logo
12:14 Guest74249 https://media.readthedocs.org/pdf/salt/latest/salt.pdf
12:14 eligos joined #salt
12:15 jonasbjork joined #salt
12:16 spo0nman joined #salt
12:17 spo0nman with salt-api when i do /jobs and /login it works /minions or /run gives me empty responses always. what gives?
12:19 calvinh_ joined #salt
12:20 michelangelo joined #salt
12:26 yawniek_ still trying to figure out how to set the master's address when provisioning a machine with salt-cloud. somehow in the end the master has an accepted key for the new minion but it rejects the minion
12:26 phx what cloud provider are you using?
12:27 yawniek_ openstack
12:28 quist left #salt
12:29 yawniek_ basically i have these 2 files: https://dpaste.de/mgFJ  cloud.profiles.d/rackspace.conf and cloud.providers.d/rackspace.conf
12:30 yawniek_ i tried to add minion:\n master: xxx.com  to either of these fails that did not make bootstrap-salt.sh
12:30 yawniek_ set the masters address
12:33 I3olle joined #salt
12:35 xt joined #salt
12:36 yawniek_ im using archlinux and salt-raet
12:40 elfixit joined #salt
12:42 tomspur joined #salt
12:44 Madhurranjan joined #salt
12:47 linjan joined #salt
12:47 TTimo joined #salt
12:49 egil yawniek_: this works for me: http://paste.linuxmint.com/view/wo01/
12:49 egil setting your own master adr. ofc
12:50 zer0def ok, i might be an idiot, but is there a requisite for a command to finish properly?
12:51 zer0def actually, nevermind.
12:51 yawniek_ egil: where do you have this setting, i tried the exact same in all 3 files: cloud.profiles.d/rackspace.conf and cloud.providers.d/rackspace.conf and cloud
12:53 yawniek_ one problem is, that without the -A flag the master is not set. however when i set it via the -A flag it fails later because of some key mismatch. the question is, when does salt-cloud accept the key to the master and why is it the wrong one
12:53 lnxnut joined #salt
12:54 eseyman joined #salt
12:55 yawniek_ if its there i'm getting: http://pastie.org/private/dc4mmjd96myoaklgorzzsw
12:57 otter768 joined #salt
12:58 TTimo joined #salt
13:00 jonasbjork joined #salt
13:03 jerematic joined #salt
13:08 wincus joined #salt
13:09 bash124512 what type of data does __salt__['pkg.installed'] return ?
13:09 calvinh joined #salt
13:11 JDiPierro joined #salt
13:16 jcsp joined #salt
13:19 the_drow joined #salt
13:20 the_drow Is there a good way to cache an installation of python using pyenv in the master so that I won't need to compile it for every machine that I have
13:20 the_drow They are all on the same operating system and all are 64 bit.
13:22 dunz0r I'm getting an error in my state file that I'm not quite sure what it means...
13:22 dunz0r "Rendering SLS 'base:external.users' failed: Jinja variable 'str object' has no attribute 'name'"
13:23 dunz0r The file in question: http://paste.debian.net/144957/
13:23 GabLeRoux joined #salt
13:23 bhosmer joined #salt
13:23 dunz0r Are my pillar data stored as str-objects?
13:24 dunz0r It feels like it should be a dict
13:24 dunz0r At least that's how I've written my code
13:24 Furao dunz0r: apste your pillar
13:25 Furao ah i think i know
13:25 Furao dunz0r: no need to paste pillar
13:26 Furao user is the key of your dict (which i guess is the username)
13:26 dunz0r I'll paste it anyway since I took the time to remove sensitive data :} http://paste.debian.net/144958/
13:26 Furao {% for username, user in pillar['sshusers'] %}
13:26 higgs001 joined #salt
13:27 Furao no sorry
13:27 Furao {% for username, user in pillar['sshusers’].iteritems() %}
13:27 jdowning joined #salt
13:27 dunz0r Furao: Don't I have to specify every item I want in the for with that method?
13:28 redzaku joined #salt
13:28 Furao or you just {% for user in pillar[‘sshusers’] %}{{ pillar[‘sshusers’][user][‘gid’] }}...
13:30 dunz0r Hmm. If I do {% for user in pillar['sshusers].iteritems() %} it tells me that the tuple object has no attribute called name.
13:30 dunz0r I guess I have to specify all the items then :(
13:31 jonasbjo1k joined #salt
13:32 alanpearce joined #salt
13:33 ughloru joined #salt
13:34 Furao dunz0r: https://gist.github.com/bclermont/4785fedea6aff82b2f5c
13:34 ughloru Hello, I'm having a problem using PCRE matching from the command line.
13:34 ughloru I'd like to match all minions with names of the form "WKS-100"
13:35 dunz0r Furao: Oh, now I understand, thanks man :)
13:35 ughloru I can do this with a glob: `salt "*WKS*" test.ping`
13:35 ughloru And it pings all the minions
13:35 ughloru but with the -E option it doesn't work: ` salt -E 'WKS' test.ping` returns "No minions matched the target. No command was sent, no jid was assigned."
13:36 ughloru Why doesn't this work? Am I misunderstanding something?
13:41 hasues joined #salt
13:41 hasues left #salt
13:42 PepperIndustries joined #salt
13:42 drawsmcgraw joined #salt
13:42 bhosmer joined #salt
13:43 wnkz_ joined #salt
13:45 jerematic joined #salt
13:46 dunz0r Now it complains that the state user_testuser is not formed as a list instead. I think I'm getting closer though!
13:46 * dunz0r doublechecks his syntax
13:49 jdowning joined #salt
13:50 Godfath3r joined #salt
13:53 Guest15 joined #salt
13:54 GabLeRou_ joined #salt
13:55 Furao dunz0r: it must be a list so put “- “ in front of line 3:8 and 10
13:55 Furao oh not sorry this is your pillar
13:56 Furao line 19 is wrong
13:56 Furao unindent 2 spaces lines 19:26
13:56 Furao line 24 is wrong
13:56 Furao it requires not a username but a state id
13:57 Furao so it requires user: user_{{ user.name }}
13:57 Furao statement line 6 must requier group: user_{{ user.name }}
13:57 dunz0r Oh
13:58 teebes joined #salt
13:59 steverweber_ joined #salt
13:59 Furao here you can see real life example that probably still works https://github.com/bclermont/states/tree/master/states
14:00 subsignal joined #salt
14:05 ekle joined #salt
14:05 subsignal joined #salt
14:07 wnkz joined #salt
14:08 primechuck joined #salt
14:09 murrdoc joined #salt
14:09 jonasbjork joined #salt
14:10 redzaku joined #salt
14:11 Ox joined #salt
14:12 bhosmer_ joined #salt
14:13 racooper joined #salt
14:13 nitti joined #salt
14:14 cpowell joined #salt
14:15 nitti joined #salt
14:17 lnxnut joined #salt
14:18 timoguin joined #salt
14:19 BigBear joined #salt
14:20 paulm- joined #salt
14:23 paulm-- joined #salt
14:27 wnkz joined #salt
14:29 redzaku joined #salt
14:30 timoguin joined #salt
14:33 TTimo joined #salt
14:35 Tyrm joined #salt
14:36 mgw joined #salt
14:39 mgw joined #salt
14:39 Deevolution joined #salt
14:39 wnkz joined #salt
14:39 Guest15 joined #salt
14:42 Ligthert Is there any way to be sure GitFS is working.. I see a line about fetching from git@ etc.. but I see no followup where this id dropped.
14:42 dude051 joined #salt
14:43 Ox joined #salt
14:45 wnkz joined #salt
14:46 Deevolution Ligthert: Are states/pillar being applied properly?
14:47 higgs001 joined #salt
14:47 wnkz joined #salt
14:47 Ligthert ls
14:47 Ligthert Deevolution: It seems to be the case somehow.. :s
14:48 jeddi joined #salt
14:49 Deevolution Ligthert:  That's generally how I've validated that gitfs is working.
14:50 Deevolution Ligthert: When I was using it, I had more or less no problems with it.
14:50 DaveQB joined #salt
14:52 Ligthert Deevolution: I'll suppose I'll use that for now. :)
14:52 the_lalelu hmm, made a pull request. but pylint fails ... because of errors in code which is not touched by my commit. :(
14:53 marfri the_lalelu: no worries. This happens all the time. The reviewers will know if the failure is related to your changes or not
14:53 murrdoc salt needs a 'serial' mode to turn off the beautiful paralellism
14:53 marfri murrdoc: "-b1" ;)
14:55 wnkz joined #salt
14:55 Ligthert Deevolution: Any experience with Git and Pillars?
14:55 fredvd joined #salt
14:56 dude051 joined #salt
14:57 scoates joined #salt
14:58 otter768 joined #salt
14:58 masterkorp Hello everyone
14:58 the_lalelu marfri: the commits fixes a problem when running salt-minion as non-root, preventing it to to work correct. shall i fill a issue too or is the pull request enough?
14:59 masterkorp setting grains from formulas, how should I do it ?
14:59 marfri the_lalelu: the pull request is enough
15:00 wnkz joined #salt
15:00 the_lalelu marfri: great
15:00 TheoSLC joined #salt
15:10 andrew_v joined #salt
15:11 Deevolution Lightert:  What kind of information are you looking for?  I have some experience with both.
15:11 thedodd joined #salt
15:12 Ligthert Deevolution: in short: http://docs.saltstack.com/en/latest/topics/tutorials/gitfs.html#using-git-as-an-external-pillar-source <-- does this work?
15:12 Nazca joined #salt
15:13 Deevolution Not as well as for Salt.
15:13 murrdoc manfri: ;) you right
15:13 Deevolution I stopped using it for Pillar due to some limitations (branch support wasn't there yet).
15:14 Deevolution I've actually stopped using gitfs for Salt also, but for different reasons (troubleshooting an issue).
15:15 kaptk2 joined #salt
15:16 lpmulligan joined #salt
15:16 lietu- joined #salt
15:16 marfri hey guys, I'm looking into packaging our (slightly modified) version of salt as ubuntu and centos packages. I see that there is a RPM .spec file and a debian/ dir. However, Im not a debian maintainer and have no idea how to build a package from this. I just FPM (the ruby gem) before, but would rather stick with the supplied upstream packaging tools here
15:17 CeBe joined #salt
15:17 marfri anyone can give me a hint on what to actualy run to get a .deb from a git checkout?
15:17 marfri as far as I read http://docs.saltstack.com/en/latest/topics/development/conventions/packaging.html we should "NEVER" do this
15:19 the_lalelu marfri: well there is git-buildpackage
15:20 the_lalelu with pbuilder oder cowbuilder
15:20 dude051 joined #salt
15:20 the_lalelu s/oder/or/
15:20 mapu joined #salt
15:21 the_lalelu marfri: there is also the repo from the saltstack debian team
15:21 intellix joined #salt
15:21 CeBe1 joined #salt
15:21 marfri what I found via google is to drop a orig.tar.gz in the parent dir (so outside the git checkout in this case) and run "debuild -us -uc". I added my new "release" in the debian/changelog file and after some compiling it fails with some message I dont really understand for now
15:21 smcquay joined #salt
15:22 marfri the_lalelu: what do you mean by repos from saltstack debian team?
15:22 the_lalelu marfri: there is a repo where they put in their work on the debian packages. with patches for debian wheezy and so on.
15:23 the_lalelu anyway
15:23 atree joined #salt
15:24 Brew joined #salt
15:24 the_lalelu you can put the orig.tar.gz in the toplevel dir, use dpkg-source -b <your-salt-repo> within the toplevel dir, and then call pbuilder or cowbuilder to build your deb. thats how i do this.
15:26 penguin_dan joined #salt
15:26 babilen You would also have to edit debian/changelog (with dch) and release a new version
15:26 the_lalelu yeah right
15:26 the_lalelu or use git-dch
15:27 babilen It is quite common to suffix locally maintained versions with, say, +local or +COMPANY or whatever makes sense
15:27 the_lalelu marfri: i think the answer depends on how much time want to spent with this topic
15:27 jesusaurus joined #salt
15:29 babilen (dch -l) -- and I wouldn't work with tarballs, but directly on the git checkout and use git-buildpackage to build in a chroot (with cowbuilder or sbuild). Doing all of this properly is far from trivial, but dch -l and debuild should suffice for now
15:29 lnxnut joined #salt
15:30 lnxnut joined #salt
15:31 the_lalelu indeed.
15:32 stej joined #salt
15:33 cotton joined #salt
15:33 the_lalelu marfri: maybe you wanne do this in a vm, to not waste your system with dev libs and so on.
15:33 nkuttler joined #salt
15:35 jalaziz joined #salt
15:35 smcquay joined #salt
15:37 smcquay joined #salt
15:37 JDiPierro joined #salt
15:38 TheoSLC joined #salt
15:39 JDiPierro joined #salt
15:41 rihannon joined #salt
15:41 ocdmw joined #salt
15:41 smcquay joined #salt
15:43 smcquay joined #salt
15:44 jeremyr joined #salt
15:44 DorfOnGolf joined #salt
15:44 Furao joined #salt
15:45 gladiatr joined #salt
15:45 gladiatr joined #salt
15:48 stej I've got a question about environments and the top file.
15:48 yomilk joined #salt
15:48 berserk joined #salt
15:48 stej For people with rigid environments do you use the base environment as well?
15:48 teebes joined #salt
15:48 smcquay joined #salt
15:48 stej Must the base environment exist in the top file?
15:49 stej I understand that the top file should live in the master branch, but other than the top file is anyone keeping the master branch empty
15:50 stej or are folks mapping base -> prod
15:50 conan_the_destro joined #salt
15:50 smcquay joined #salt
15:50 hasues joined #salt
15:51 stej basically I've set salt up with about 500 minions with just a single environment (base).
15:52 stej now I want to introduce environments and I am not sure how best to separate everything.
15:52 codehotter joined #salt
15:52 TTimo anyone familiar with the docker support in salt? I am looking for a small template showing how I could create a container if it doesn't exist from within my states
15:52 TTimo the difference between state declaration and salt methods always confused me heh
15:54 ale joined #salt
15:56 ecdhe TTimo, have you seen this page of the docs: http://docs.saltstack.com/en/latest/ref/states/all/salt.states.dockerio.html
15:56 TTimo yeah
15:56 murrdoc joined #salt
15:56 TTimo http://stackoverflow.com/questions/20773400/salt-stack-using-execution-modules-in-sls
15:56 iggy stej: I think one semi-popular thing to do is to have a completely separate repo for the top file
15:56 TTimo my problem is this basically
15:57 hasues left #salt
15:57 TTimo the state module for dockerio won't build images, or create containers
15:57 TTimo it'll just cover making sure things are running and similar
15:57 codehotter Can I do state things from an execution module? Say in the middle of my execution module, I want to just copy a file, one of the basic things that salt state can do.
15:58 ociuhandu joined #salt
15:58 iggy codehotter: don't try to overcomplicate things... if you need to copy things in a state module, use python's normal abilities
15:59 iggy somebody else yesterday was trying to call __salt__('cmd.run') in a custom execution module... weird
15:59 codehotter I'm looking for a configuration management tool, that will let me just write code (doesnt force DSL), but defines helper functions for me that would normally called by the DSL. So I can still use all of the convient abstractions defined by the tool when those are useful
15:59 codehotter is salt that tool?
16:00 stej iggy: thanks. that's good advice.
16:00 babilen stej: If you have environments you want your top file in a separate repo as not doing that would prevent you from using normal git merging workflows with GitFS
16:00 phx codehotter, you can do stuff in pure python, and quite a few helper stuff is available from salt
16:01 codehotter phx: what kind of helper stuff? Can I do all the things I could normally do in the DSL?
16:02 smcquay joined #salt
16:03 murrdoc the dsl is basically calling the execution modules
16:03 murrdoc so if there is something u can do in a state
16:03 murrdoc there is an equivalent execution module for it
16:03 murrdoc except you shouldnt need todo that
16:04 codehotter let's say I have some pure python code that decides whether or not I want vim on this machine. Can I then install vim as easily as pkg.installed
16:04 codehotter ?
16:04 dude051 joined #salt
16:05 smcquay joined #salt
16:05 codehotter How would I install vim from pure python?
16:05 smcquay joined #salt
16:05 babilen codehotter: You could, yes. There are, as always, various approaches to this. First you could decide to write your state in "normal" jinja with some logic based on the return value to an execution module function you wrote yourself (the "some pure Python code" part)
16:05 codehotter (after deciding whether I want to or not)
16:06 pdayton joined #salt
16:06 spo0nman why is it that the root salt user can execute commands to syndic and pam user cannot?
16:06 kawa2014 joined #salt
16:06 babilen codehotter: Another approach would be to use one of the many ways to write states directly in Python (or a Python based DSL) -- You'll find them listed on http://docs.saltstack.com/en/latest/ref/renderers/#full-list-of-renderers
16:06 dude051 joined #salt
16:06 codehotter babilen: right, but that means my 'decider' function has to be in a separate file from what happens if I decide 'yes'. I rather organize by role, not by 'this code decides yes or no' and 'this code does something'
16:07 phx codehotter, bad example, for that you don't really need that stuff. i'm just generating my top.sls state in python, which decides what states to assign to given minions, and if the vim state is assign, it'll be installed
16:07 phx codehotter, the majority of the stuff can be done masterside with python, which is kinda easy, you rarely need to have anything extra on the minion side
16:07 hebz0rl joined #salt
16:07 smcquay joined #salt
16:08 babilen codehotter: You could also decide that Jinja sucks badly and use mako as renderer which allows you to include literal Python blocks directly -- http://docs.makotemplates.org/en/latest/syntax.html#python-blocks
16:08 phx codehotter, salt has a python API, it's extremely easy to integrate it into some upper layer stuff
16:08 che-arne joined #salt
16:08 babilen codehotter: You might also decide that you rather implement your own states and keep most logic in there and in the data that drives those states (pillars)
16:09 babilen There simply are way too many options and choosing the "best" one depends both on your needs and taste :D
16:10 codehotter phx: but 'do I want vim or not' is code that needs to run on the minion
16:10 babilen http://docs.saltstack.com/en/latest/ref/renderers/all/salt.renderers.pyobjects.html would be an example of a state written in pyobjects, while http://docs.saltstack.com/en/latest/ref/renderers/all/salt.renderers.py.html is pure Python
16:10 redzaku joined #salt
16:11 babilen codehotter: No, you never run anything on the minion to decide if you need vim or not. You tell all minions that should have vim that they should have vim. If you also want all others to not have vim then you tell them that.
16:11 redzaku joined #salt
16:12 babilen codehotter: Think of salt as "declarative" rather than "procedural". You tell it what you want and it makes sure that that "state" is being achieved. You do not script "reactions" to all conceivable situations.
16:12 phx codehotter, if you say so. however i highly doubt it actually has to run on the minion
16:13 codehotter babilen: pyobjects renderer looks like exactly what I was looking for
16:13 codehotter I want to code something, then write File.managed depending on some condition
16:14 babilen Could you elaborate on "some condition" ?
16:14 phx putting deployment decision logic on the minion side seems to be the wrong approach. but i might be wrong here
16:14 babilen I totally agree
16:14 codehotter OK well I want to automate certain ops tasks, like migrate a database from one server to another. In the code that does all that, I'd like to make use of
16:14 spo0nman i can run commands through syndic masters when i use root user but when i use an external user, the command runs only on local minions, how can i enable external user to run commands on minions of syndic masters
16:15 codehotter make use of functions like File.managed... etc
16:15 babilen You tell your minion what it should have. Your minion doesn't tell you what it wants.
16:15 xt joined #salt
16:15 SheetiS joined #salt
16:15 babilen codehotter: I would write an execution module that does that, you don't want that as a state.
16:15 phx codehotter, actually that's something else you want, not really a state or a deployment logic or similar stuff
16:16 codehotter The whole migration should be orchestrated by the master, but some code runs on server A, some on B, I'd like for all of it to be in one file.
16:16 phx codehotter, salt can do shittons of different stuff, states are just one of the things. there's way more to it
16:16 jalbretsen joined #salt
16:17 schlueter joined #salt
16:17 cotton joined #salt
16:17 budman joined #salt
16:18 codehotter Another situation, can salt handle it? I want to change hostname on a server from x to y. If the hostname is changed, a lot of things need to happen, for example, zabbix monitoring agent needs to be restarted. Now can I make one file that changes the hostname, and then call a function that says "hostname changed" and then in another file, that's about zabbix, I define a handler for restarting itself when its
16:18 codehotter hostname has changed?
16:18 smcquay joined #salt
16:19 clintberry joined #salt
16:19 * codehotter reads http://docs.saltstack.com/en/latest/topics/event/index.html
16:21 smcquay joined #salt
16:21 ninkotech joined #salt
16:22 stej babilen: what does a typical merge workflow look like? A simple example.
16:23 stej babilen: thanks by the way
16:24 smcquay joined #salt
16:25 MatthewsFace joined #salt
16:26 ocdmw joined #salt
16:26 codehotter I don't think events is what I'm looking for, I'm looking for something similar to "watch" but then for hostnames
16:26 wendall911 joined #salt
16:27 murrdoc you want to watch if the hostname has changed on a server ?
16:27 codehotter yes
16:27 codehotter well I specifically want to change the hostname on a server, I'm going to initiate that action (possibly from salt)
16:27 murrdoc and u want other salt states to react to that
16:27 codehotter not like I want to detect if someone logs into the server and types 'hostname'
16:28 codehotter well, the zabbix agent needs to be restarted if I'm going to change the hostname
16:28 rypeck joined #salt
16:28 codehotter ordinarily, in a shell script, I'd do something like "if zabbix agent service exists, restart it"
16:28 murrdoc will the salt minion id be the hostname ?
16:28 berserk joined #salt
16:28 codehotter it could. Should it?
16:29 murrdoc its up to you
16:29 murrdoc if you make the minion id the hostname
16:29 murrdoc and you are changing the minion id
16:29 murrdoc you could define  a startup state to run on all minions
16:29 murrdoc whenever the minion starts
16:30 murrdoc if u dont keep the minion id as the hostname
16:30 murrdoc then you can use orchestrate to link together all the states
16:30 murrdoc including the one to change the hostname
16:30 Ozack-work joined #salt
16:31 smcquay joined #salt
16:33 codehotter OK, so changing the hostname would be an orchestrate, in which I also type "if this server is a zabbix-agent server, then restart zabbix-agent" etc
16:33 murrdoc http://docs.saltstack.com/en/latest/topics/tutorials/states_pt5.html
16:34 iggy murrdoc: you get your aptly question answered last night?
16:35 murrdoc sorta, we have an apt.ly fanboy at work , he believes it works a certain way
16:35 tomh- joined #salt
16:35 murrdoc but i dont see it that way in the docs
16:35 smithd joined #salt
16:35 iggy it's actually fairly complex and confusing
16:35 murrdoc we mirror about 20+ repos, ppa's ubuntu, ddebs
16:35 iggy I know just enough to make/publish a repo
16:36 murrdoc i just wanted to know if when a repo is mirrored, does apt.ly server the signing public key too
16:36 murrdoc for a the upstream repo
16:36 murrdoc what i read from the docs, it might be re signing each package
16:36 murrdoc but only if the repos are merged ?
16:36 murrdoc its confusing
16:36 Matthews_ joined #salt
16:37 iggy I think there's an option to reuse the original signing, but by default I think it resigns everything
16:37 badon joined #salt
16:37 iggy only about 61% sure of that though
16:38 murrdoc yeah so when you point your server at the mirrored repo in aptly
16:38 murrdoc where do you go for the signing key ?
16:39 murrdoc https://github.com/smira/aptly/issues/37
16:39 murrdoc fanboys man
16:39 iggy I don't really know... we aren't using mirroring
16:39 smcquay joined #salt
16:39 iggy we just have a bunch of packages in a directory that we publish
16:39 murrdoc we have to , cause on an average we are rebuilding double digit machines on a work day
16:39 murrdoc upstream wont be happy with that
16:40 micah_chatt joined #salt
16:40 iggy we use the gce local mirrors for everything except what we publish ourselves
16:41 jalaziz joined #salt
16:42 codehotter
16:42 murrdoc yeah
16:42 spo0nman I'm now stuck, pam authenticated user can only target local minions. when i run a command from root user the minions of masters down the chain respond, when i use sudo salt -a pam '*' test.ping only local minions respond ... how do i change this behaviour?
16:42 davet joined #salt
16:46 jesusaurus joined #salt
16:48 Whissi joined #salt
16:49 tligda joined #salt
16:52 intellix joined #salt
16:53 schlueter joined #salt
16:53 smithd joined #salt
16:59 otter768 joined #salt
17:01 TTimo ouch - exception while running salt-call state.highstate
17:01 TTimo https://gist.github.com/TTimo/cc1d7e827df9e1c51999
17:01 TTimo that's running latest release
17:02 BigBear joined #salt
17:03 iggy I've usually found that's something I did wrong or from running different versions
17:05 TTimo yeah actually .. the master just rebooted so that may be a factor
17:06 xt joined #salt
17:07 neogenix joined #salt
17:08 evle2 joined #salt
17:08 TheThing joined #salt
17:09 TheThing salt '*' cmd.run 'yum update -y' <--- this is gonna take forever to run :b
17:09 TheThing especially on these old systems
17:10 aquinas joined #salt
17:12 aparsons joined #salt
17:14 rihannon joined #salt
17:14 KyleG joined #salt
17:14 KyleG joined #salt
17:15 throwawayj joined #salt
17:18 GabLeRoux joined #salt
17:19 spookah joined #salt
17:19 TheThing [ERROR   ] Salt request timed out. If this error persists, worker_threads may need to be increased.
17:19 TheThing Failed to authenticate!  This is most likely because this user is not permitted to execute commands, but there is a small possibility that a disk error occurred (check disk/inode usage).
17:19 TheThing :<
17:20 murrdoc rerun
17:20 murrdoc also you probably need to tweak dem file limits
17:20 TheThing which file limits?
17:20 N-Mi joined #salt
17:20 I3olle joined #salt
17:20 murrdoc http://docs.saltstack.com/en/latest/ref/configuration/master.html#max-open-files
17:21 TheThing I wish I could see the progress for the cmd.run
17:22 aparsons joined #salt
17:22 elextro joined #salt
17:23 elextro Hello, there! Does anybody know if there is a way to save the output of the cmd.module into a variable of some sort?
17:27 bash124512 {% set variable = salt['cmd.run']('pwd') %}
17:28 elextro bash124512: Thanks!
17:28 bash124512 np
17:31 MatthewsFace joined #salt
17:32 neogenix joined #salt
17:33 bash1245_ joined #salt
17:33 MatthewsFace joined #salt
17:34 kermit joined #salt
17:35 malcium joined #salt
17:36 StDiluted joined #salt
17:36 elextro bash124512: Do you know if I can interpolate other jinja variables in the command?
17:36 paulm- joined #salt
17:36 elextro like so :
17:36 elextro {% set group_hex = salt['cmd.run']('echo -n group | xxd -p')}
17:36 rgarcia_ joined #salt
17:36 elextro group is the other jinja variable
17:37 malcium left #salt
17:37 malcium joined #salt
17:38 Madhurranjan joined #salt
17:39 paulm-- joined #salt
17:40 ze- hey. Any idea why I do have servers that are up (responding), but not "present" ?
17:41 lnxnut_ joined #salt
17:42 TaiSHi Mornin'
17:42 anotherZero joined #salt
17:43 CeBe joined #salt
17:43 iggy elextro: {% set cmdtorun = 'echo -n ' ~ group ~ ' | xxd -p' %}\n{% set group_hex = salt['cmd.run'](cmdtorun) %}
17:46 jesusaurus joined #salt
17:46 Ryan_Lane joined #salt
17:48 berserk joined #salt
17:50 elextro iggy: thanks! Didn't know I needed the tildas
17:50 bhosmer__ joined #salt
17:50 iggy well, you can use + as well (like python) but tilde means "convert arg to a string and then concat"
17:51 iggy comes in handy when some things get bounced around as numbers
17:52 micah_chatt joined #salt
17:53 murrdoc salt conf is 3-5 yeah
17:53 murrdoc gonna book travel
17:53 ssg joined #salt
17:55 micah_chatt_ joined #salt
17:57 murrdoc iggy u staying at conf hotel ?
17:57 murrdoc or like you know are people in general staying at conf hotel ?
17:58 mgw joined #salt
17:59 monkey66 joined #salt
18:02 desposo joined #salt
18:04 GabLeRoux joined #salt
18:09 monkey66 left #salt
18:12 ajw0100 joined #salt
18:13 GabLeRoux joined #salt
18:15 GabLeRoux joined #salt
18:16 agend joined #salt
18:16 diegows joined #salt
18:19 tcotav joined #salt
18:19 thedodd joined #salt
18:22 bbradley joined #salt
18:23 hal58th1 Just registered for saltconf. I was looking at the double tree hotel as a cheaper option. Just a block away
18:23 murrdoc same
18:24 iggy I'm staying about 4 blocks away
18:24 hal58th1 Where at?
18:24 murrdoc YO MOMS
18:24 murrdoc OOOOOOH
18:24 murrdoc sorry
18:24 iggy Peery?
18:24 TheThing YO murrdoc SUP DAWG
18:25 murrdoc :) sup TheThing
18:25 thedodd joined #salt
18:25 TheThing somehow, creating salt states takes waay too long >.<
18:26 TheThing especially when you need to make sure certain repo is installed and another repo ignored certain packages
18:26 murrdoc yup
18:26 iggy there's a reason devops exist
18:26 iggy devs can't be trusted with that stuff once you get beyond basic setups
18:26 TheThing you need to do so much googling and research and etc.
18:27 TheThing not to mention how debugging is kinda tricky, especially with package installation
18:28 rap424 joined #salt
18:29 sjol joined #salt
18:31 the_lalelu iggy: you are right.
18:31 cpowell joined #salt
18:32 murrdoc its gets funner if you have trusty and precise in the mix
18:32 murrdoc and you dont like using skip_verify and have to mirror ppas
18:33 ajw0100 joined #salt
18:36 theologian joined #salt
18:38 forrest joined #salt
18:40 Furao joined #salt
18:41 malcium joined #salt
18:46 jdowning joined #salt
18:46 kermit joined #salt
18:52 TTimo joined #salt
18:52 jalaziz joined #salt
18:59 bash124512 joined #salt
18:59 malcium joined #salt
19:00 otter768 joined #salt
19:01 nullptr joined #salt
19:03 clintber_ joined #salt
19:04 ckao joined #salt
19:05 CeBe1 joined #salt
19:07 bash124512 joined #salt
19:08 bregalad left #salt
19:08 markm joined #salt
19:09 jdowning joined #salt
19:10 chiui joined #salt
19:11 jesusaurus joined #salt
19:17 aparsons_ joined #salt
19:17 bhosmer_ joined #salt
19:20 bash124512 joined #salt
19:20 SneakyPhil is it possible for salt to listen on multiple interfaces without using 0.0.0.0? My example would be interfaces: 127.0.0.1, 192.168.100.100
19:20 cheus joined #salt
19:20 cheus_ joined #salt
19:22 malcium joined #salt
19:24 aparsons joined #salt
19:25 johnkeates joined #salt
19:25 hal58th1 I don't think that's possible on the networking level of linux. You either have to specify an address or all interfaces. Correct me if I am wrong anybody else out there
19:26 malcium left #salt
19:26 johnkeates left #salt
19:34 SneakyPhil I'm thinking that this is going to work like Apache which can listen on multiple interfaces. However, I don't want to have to go restart all of my minions if it doesn't.
19:35 lpmulligan joined #salt
19:35 SneakyPhil I guess I can go to a vagrant and test
19:36 SneakyPhil it's not possible
19:37 timoguin joined #salt
19:40 the_lalelu hal58th1: wyou can bind and listen to multiple sockets. but i do not know exactly if salt master is able to do this right know. checked doc already?
19:41 SneakyPhil the doc wasn't explicitly clear if it would work or not http://docs.saltstack.com/en/latest/ref/configuration/master.html
19:45 hal58th1 Try it and then do "netstat -tulpn" to see if it worked
19:46 schlueter joined #salt
19:46 SneakyPhil it did not, the master failed to start
19:47 the_lalelu SneakyPhil: you did it as a list of string?
19:47 the_lalelu erm ... list of strings
19:47 Godfath3r joined #salt
19:48 the_lalelu anyway, it is called "interface" not "interfaces" ... so no high hopes there. :)
19:48 SneakyPhil heh
19:48 SneakyPhil salt-master will start if you put a space between both ip addresses, but it will only listen on the first
19:48 SneakyPhil salt-master will fail to start if you put a comma between the ip addresses
19:49 SneakyPhil good to know
19:51 forrest These epel outages that cause the bootstrap to fail drive me friggin nuts
19:54 babilen don't they have a working mirror network?
19:54 anotherZero joined #salt
19:55 djaykay joined #salt
19:55 nickdew joined #salt
19:55 Phibs babilen: quite a large one at that
19:56 TaiSHi Meh, nginx-formula needs a rewrite tbh
19:56 nickdew Does any one know how to set a default in a Jinja lookup table that is based on Pillars (not grains).
19:57 babilen Phibs: And they all go down simultaneously? (I might misunderstand "epel outage" though)
19:57 Phibs babilen: :)
19:58 murrdoc TaiSHi:  i have a 3 file version that i should put up somewhere
19:58 murrdoc remind me eod ?
20:00 TaiSHi murrdoc, end-of-day ? Will do
20:00 TaiSHi I just submitted a new feature that lets you choose mainline version as well as stable from ppa
20:01 murrdoc link
20:01 TaiSHi https://github.com/saltstack-formulas/nginx-formula/pull/73
20:02 transmutated joined #salt
20:03 transmutated Question concerning saltenv
20:03 transmutated so calling highstate will run the base. If I define a new environment, how do I call that environments highstate?
20:03 TaiSHi Let me know what you think murrdoc
20:04 TaiSHi I didn't update pillars.example as it really need a full rework...
20:04 jesusaurus joined #salt
20:04 murrdoc well u didnt do the same in nginx.ng
20:04 murrdoc :D
20:05 TaiSHi I did it in nginx.ng only
20:06 TaiSHi Ohhh it failed!
20:09 I3olle joined #salt
20:10 ajw0100 joined #salt
20:10 TaiSHi murrdoc, I'm fixing it now
20:11 murrdoc :D
20:12 ocdmw joined #salt
20:13 BigBear joined #salt
20:24 jesusaurus joined #salt
20:27 soren joined #salt
20:29 soren Can I do negative grain matches? E.g. apply a state everywhere except 'virtual_subtype:LXC'?
20:29 micah_chatt joined #salt
20:30 murrdoc 'not G@virtual_subtype:LXC'
20:30 murrdoc http://docs.saltstack.com/en/latest/topics/targeting/compound.html
20:30 soren murrdoc: Oh, sweet.
20:31 soren murrdoc: Ah, saw that in passing, only thought it applied to targeting salt calls from the CLI.
20:31 soren murrdoc: Thanks!
20:31 micah_chatt_ joined #salt
20:34 BerndSch joined #salt
20:36 rgarcia_ joined #salt
20:38 iggy Just don't try that with mine lookups if you are on 2014.7.0
20:40 neekz0r joined #salt
20:44 neekz0r yo, relatively new user to salt, somewhat new to python; trying to figure out if the following pastebin is A) best salt practice, B) possible, C) what i'm doing wrong. Pastbin: http://pastebin.com/gPZt2JjT
20:46 iggy - name: {{ salt['pillar.get']({{phppackage}}, {{phppackage}}) }} <-- should that maybe just be {{ pkgname }} ?
20:47 manfred you don't need to do that.
20:47 manfred neekz0r:  look at the pkg.installed state, and check out the - pkgs: option
20:47 TaiSHi murrdoc, I want to bite someone at #nginx - also, adding a few extra functionalities to nginx-formula <3
20:48 manfred neekz0r:  http://docs.saltstack.com/en/latest/ref/states/all/salt.states.pkg.html#salt.states.pkg.installed
20:48 murrdoc TaiSHi:  i respect how u get down
20:48 iggy I like the individual ones if they are being generated
20:48 murrdoc forest is the man when it comes to formulas
20:48 iggy makes it easier to figure out what broke if something breaks
20:48 soren iggy: 'mine lookups'?
20:48 manfred iggy:  but then you can just use - names: instead
20:48 TaiSHi "how you get down", as an argentinian I could interpret your word differently
20:49 TaiSHi I mean, like a blowjob.
20:49 DerekRBN joined #salt
20:49 iggy I would consider blowjobs to be pretty far off topic for this channel
20:49 neekz0r iggy, that was actually cruft from a previous attempt, 'pkname' was actually set to pillar data -- didn't work at all. :-)
20:50 neekz0r manfred, reading about it, but i don't see where pkg.installed iterates through a pillar to install packages...
20:50 manfred neekz0r:  you can provide your list of files in the - pkg: list
20:50 manfred instead of making one state per
20:50 iggy it doesn't he was just saying you didn't need the pkg.installed repeatedly
20:50 manfred or you can just do your iteration in -names:
20:50 manfred that^
20:51 iggy but why don't you explain a little more what you're trying to achieve... it's not totally obvious from that paste (at least not to me)
20:51 schlueter joined #salt
20:51 vectra joined #salt
20:52 DerekRBN Hey all! Anyone know of a way to push only one managed file down?
20:52 manfred neekz0r:  http://ix.io/ggC
20:52 neekz0r well, my thought process was to make the SLS files as generic as possible, and keep anything I needed in pillars
20:52 manfred i would do it one of those two ways
20:52 murrdoc the package stuff
20:52 murrdoc whoever is doing it
20:52 neekz0r so if I needed to add a php package, I'd just update the pillar and refresh, rather than modify the SLS  of whatever i'm trying to do
20:52 manfred neekz0r: oh, you should be able to do this… one second
20:52 murrdoc you dont need to name your pillars like that
20:53 neekz0r since, as i gather, that's supposed to be a much preferred salt best practice (correct me if i'm wrong!)
20:53 murrdoc just make it a list and iterated on it
20:53 neekz0r yes, exactly
20:53 iggy salt doesn't have much in the way of preferred best practices
20:53 * neekz0r smirks
20:53 iggy it's very much "whatever works for you"
20:54 neekz0r yeah, i'm picking up on that! but since you all have more experience than I, does that seem like a good or bad idea?
20:54 manfred neekz0r:  http://ix.io/ggF
20:54 DerekRBN Answered my own question, salt state.single file.managed {name} source=salt://
20:54 neekz0r thanks manfred!
20:54 DerekRBN I was missing the source part
20:54 manfred neekz0r:  that should do the same thing, and the list from the pillars, populates in the names: list
20:54 iggy neekz0r: I believe there is a php formula that does something similar to what you are trying (pillar variablizes php module installs)
20:54 joehh mafri: if you see this, get in touch with me re packaging for ubuntu
20:56 neekz0r and one final caveat, since this would be across multiple oses, the script would have to read something like package converter to convert between ubuntu and redhat
20:56 murrdoc have u looked at saltstack formulas neekz0r
20:56 neekz0r yep
20:56 protoz joined #salt
20:56 murrdoc the map.jinjas in those is a good way to see how the different os stuff is done
20:56 * neekz0r nods
20:57 iggy one problem I have with going fully "all packages listed in pillar" is I'm used to looking at states top file to see what packages are on each system
20:57 iggy (I imagine others are too)
20:57 murrdoc also pkg.installed works with the package manager on the os
20:57 murrdoc so as long as the name is correct
20:57 murrdoc the correct package will be installed
20:57 iggy so someone who walks in there is going to be like "TF?" until they realize how you did it
20:57 murrdoc looking at your pillar
20:57 murrdoc you should probably name space your packages
20:58 murrdoc like pkgs:apache, pkgs:php, pkgs:global
20:58 neekz0r murrdoc, remember that there are two pillars, one for the actual packages that i want to be installed on the systems, and another for package mapping between redhat and ubuntu
20:58 murrdoc and maybe use formulas and map.jinja to do pkgs of different kind
20:58 timoguin joined #salt
20:58 murrdoc instead of doing the logic in phillars
20:59 murrdoc the salty way would be do a pillar by role
20:59 clintberry joined #salt
21:00 murrdoc neekz0r:  for eg https://github.com/saltstack-formulas/apache-formula/ solves what u are trying to do for apache
21:00 neekz0r reading up on map.jinja
21:01 murrdoc and https://github.com/saltstack-formulas/php-formula/
21:01 otter768 joined #salt
21:01 murrdoc so now your states and pillars can include and configure fomulas
21:01 murrdoc instead of writing your own lookups
21:01 SneakyPhil phillars.
21:01 TaiSHi murrdoc, finished tweaking the formula, git it a look
21:02 neekz0r how often does one have to update formulas?
21:02 murrdoc everytime you or someone else improves something in it that you need
21:02 neekz0r (by and large, i know it depends on the formula writer)
21:02 neekz0r k
21:02 neekz0r and how often do they conflict with each other, if ever?
21:03 murrdoc TaiSHi:  have u tried http://docs.saltstack.com/en/latest/ref/states/all/salt.states.pkgrepo.html ppa ?
21:04 TaiSHi Would work great if all repos were ppa
21:04 murrdoc https://github.com/saltstack-formulas/nginx-formula/blob/afc723802dc40abd80cc7ade57a7e45953e8fa8a/nginx/ng/install.sls#L16-L34
21:04 murrdoc would become
21:04 murrdoc - ppa: nginx/{{ nginx.ppa_version }}
21:05 murrdoc they must be
21:05 murrdoc - name: deb http://ppa.launchpad.net/nginx/{{ nginx.ppa_version }}/ubuntu {{ grains['oscodename'] }} main
21:05 murrdoc :D
21:05 TaiSHi I quite updated my formula since that commit :P
21:05 TaiSHi Although yeah, if we were to remove 'mainline'
21:06 Deevolution Does the salt command on the master respect the '-t' flag as anything more then a guideline?  Running:  "time salt -t 1 testnode test.ping" takes 6 seconds.
21:06 protoz This may have been posted somewhere else but is there an eta on 2014.7.2 or can someone point me to where I can find that information?
21:09 murrdoc protoz:  /topic
21:12 johtso joined #salt
21:12 FRANK_T Hello, I have 4 group of cluster with 4 different OS versions how do I target those servers
21:12 jesusaurus joined #salt
21:13 FRANK_T I have to push yum repos to those servers but I do not want to create a different .sls for each cluster
21:15 TaiSHi FRANK_T, grains
21:15 FRANK_T Can I do that for OS version
21:15 FRANK_T line Centos 6.5 and 6.3
21:15 FRANK_T like*
21:16 murrdoc http://docs.saltstack.com/en/latest/topics/targeting/nodegroups.html
21:16 neekz0r FRANK_T, sudo salt '*' grains.items | grep -i os
21:18 FRANK_T neekz0r thabks you I guess I can use osfinger
21:19 FRANK_T murrdoc thank you I did that maybe I am not explaining my self..
21:19 FRANK_T I have a puppet example
21:19 FRANK_T let me show you
21:19 neekz0r listen to murrdoc over me, he has way more knowledge than i do about salt
21:19 giantlock joined #salt
21:19 murrdoc totes not true
21:20 cheus joined #salt
21:21 FRANK_T Here my puppet file
21:21 FRANK_T https://www.refheap.com/c08aaf2dbb50b03bffb438942
21:22 murrdoc eugh
21:22 murrdoc kill kill
21:22 FRANK_T SC1999 is one group of nodes
21:22 murrdoc ooh cluster
21:22 murrdoc got it
21:22 murrdoc can u keep this as a grain ?
21:22 murrdoc on the server
21:22 murrdoc like in /etc/salt/grains
21:22 FRANK_T Im just trying to replicate that
21:22 FRANK_T I am migrating from puppet to salt
21:22 bash1245_ joined #salt
21:23 murrdoc if u can keep in a grain then u can do {{ if  salt['grains.get']('cluster')  is 'sc1999' }}
21:23 murrdoc in your state file
21:23 FRANK_T ok
21:24 ocdmw joined #salt
21:24 saltine joined #salt
21:24 ocdmw joined #salt
21:24 FRANK_T wait
21:24 saltine hello! if I use archive.extracted state.. how can I force overwrite, even if the files exist?
21:24 MindDrive Might anyone be able to point me to a Nagios/Icinga monitoring script that checks to see if a minion is responsive to the master?  I did find one via searching, but it was based on Salt 0.10 and the API has changed a lot since then (using 2014.7.0/1 right now).
21:24 FRANK_T cluster is a variable?/
21:24 murrdoc its a grain
21:24 Guest74240 bah.. if I use archive.extracted state.. how can I force overwrite, even if the files exist?
21:25 murrdoc FRANK_T:  http://docs.saltstack.com/en/latest/topics/targeting/grains.html#grains-in-etc-salt-grains
21:25 murrdoc its a grain u have to setup
21:25 murrdoc one way is the link
21:26 FRANK_T Got it thank you.
21:32 bash1245_ I tried to import a state at _state folder and works fine. When I move it to /usr/share/pyshared/salt/states it does't work
21:32 GabLeRoux joined #salt
21:33 GabLeRoux joined #salt
21:40 jtang_ joined #salt
21:42 nullptr` joined #salt
21:44 protoz left #salt
21:44 timoguin joined #salt
21:45 jalaziz joined #salt
21:46 agentcatv joined #salt
21:46 bash1245_ I have to move them manually to the minions :(
21:47 babilen bash1245_: No, you place them in _states not _state
21:48 bash1245_ Ye, I did that and it works but I wanted to move them to the folder : /usr/share/pyshared/salt/states
21:48 babilen Why?
21:48 bash1245_ dunno, because thats where all states are :)
21:49 babilen Your own states are being loaded from _states in file_roots
21:49 nicolerenee joined #salt
21:49 eliasp bash1245_: never place/modify anything manually in /usr … that's the package manager's realm
21:49 babilen (apart from /usr/local, but yeah!)
21:52 bhosmer__ joined #salt
21:53 sastorsl I'm looking at http://jinja.pocoo.org/docs/dev/templates/#list-of-builtin-tests and trying to implement this in a salt state where I test if a pillar is set.
21:53 sastorsl How do I do a simple thing like 'echo "this pillar is not set"'
21:53 sastorsl How do I do a simple thing like 'echo "this pillar is not set"'
21:55 intellix joined #salt
21:55 jtang_ joined #salt
21:56 sastorsl left #salt
21:56 FRANK_T I am trying to target osfinger {% if grains['osfinger'] != 'Centos-6' %}
21:56 FRANK_T file.managed:
21:56 FRANK_T - user: root
21:56 FRANK_T - group: root
21:56 sastorsl joined #salt
21:56 FRANK_T - mode: 700
21:56 FRANK_T - source:
21:56 FRANK_T - salt://yum/files/sc1000.repo
21:56 FRANK_T sorry
21:57 FRANK_T https://www.refheap.com/c28bc3098df2d5b246bee4682   I am getting an error I am trying to target OS version
21:58 FRANK_T ups I forgot {% endif %}
21:58 singularo joined #salt
21:58 singularo joined #salt
21:59 clintberry joined #salt
21:59 mosen joined #salt
22:00 iggy sastorsl: you mean you want some indication on the command line, etc during the state run that says it's not set?
22:01 sastorsl iggy, that's correct
22:01 sastorsl {% if salt['pillar.get']('%s' % (envid), []) %}
22:01 sastorsl ...
22:01 sastorsl {%- else %} {{ envid }} does not exist
22:01 sastorsl {%- endif %}  # envid in pillar test
22:03 iggy there some stuff in test module, most people just let it fail
22:04 rgarcia_ joined #salt
22:05 nickg how do I prevent ssh_auth.present from failing because the user does not exist?
22:05 nickg yet..
22:05 iggy make it require the user.present?
22:06 forrest joined #salt
22:06 nickg iggy: it doesn't look like it supports it
22:06 sastorsl iggy, some feedback to the ppl trying to set up the pillars would be really helpful, so I'm trying to accomodate that.
22:06 neekz0r nickg, use the 'require' command
22:06 iggy nickg: what makes you say that?
22:07 nickg iggy: its not documented and it complains when i try it.. :)
22:07 programmerq joined #salt
22:07 iggy sastorsl: there isn't really a way to print stuff on the output (the states/modules/etc don't actually output anything... they put stuff in a ret variable that gets shipped back to the master)
22:08 iggy nickg: http://docs.saltstack.com/en/latest/ref/states/requisites.html what version of salt are you running?
22:08 nickg bleh nevermind.  I tried it but for some reason there was an actual \t in there instead of spaces
22:10 meylor joined #salt
22:11 timoguin joined #salt
22:19 sastorsl iggy, can i force an exit from a state?
22:20 iggy hardfail
22:20 iggy either in the config file or on specific states
22:21 [LF] joined #salt
22:21 sastorsl http://docs.saltstack.com/en/latest/ref/states/failhard.html, thx
22:21 xs- joined #salt
22:21 iggy yeah, or that
22:24 TaiSHi That name...
22:26 aparsons joined #salt
22:29 ocdmw joined #salt
22:34 MindDrive Might anyone be able to point me to a Nagios/Icinga monitoring script that checks to see if a minion is responsive to the master?  I did find one via searching, but it was based on Salt 0.10 and the API has changed a lot since then (using 2014.7.0/1 right now).
22:38 kermit joined #salt
22:38 al joined #salt
22:39 iggy I've not heard of anything like that before
22:39 conan_the_destro joined #salt
22:40 iggy and there are probably lots of different meanings of "responsive"
22:41 bash1245_ if [[ "$(salt minion test.ping | tail -n 1)" ==  "True" ]]; then echo "minion up"; exit 0; else echo "minion down";exit 1;fi
22:42 xs- either salt-run manage.up or a test.ping
22:42 al joined #salt
22:42 __number5__ isn't salt-run manage.up * supposed to do that?
22:42 murrdoc what about salt-call test.ping from the minion
22:43 MindDrive I'm looking for something I can set up in Icinga so that I can trigger a restart of the minion if the master is unable to get a response from it (since right now we have a lot of minions that simply stop responding).
22:43 diegows joined #salt
22:43 al joined #salt
22:44 Discoking joined #salt
22:44 bash1245_ MindDrive : if you are using nrpe just write a bash script and it should work
22:44 iggy but do they stop permanently? I (and many others) have seen cases where a series of test.ping's will make the minion start talking again
22:44 cheus joined #salt
22:44 MindDrive bash1245_: Thanks, we do use nrpe.
22:44 xs- not familiar with icinga, but i assume you want something to run on the minion itself instead of on the master?
22:45 MindDrive Iggy: 20% of the time a second/third test.ping will wake them up, 80% of the time a full restart of the process is needed.
22:45 bash1245_ icinga is the same as nagios
22:45 murrdoc icinga 1 is like nagios but better
22:45 TaiSHi murrdoc, icinga2 implemented their own agent, bye bye nrpe, I might code a formula for it
22:46 jtang_ joined #salt
22:46 iggy that's rough... I've only ever had to restart minions when I did something stupid
22:46 murrdoc oooh
22:46 TaiSHi although it requires a self-signed cert, or go through agent steps
22:46 murrdoc i pay for such formula
22:46 murrdoc with maate
22:46 murrdoc :D
22:46 murrdoc or internet points
22:46 TaiSHi I have enough mate, send moneys, or call LAN Argentina so they let me book my goddamned flights
22:46 misham joined #salt
22:46 murrdoc hahaha
22:47 rihannon Anyone know why 'template: py" doesn't print out a diff of the file that would be replaced?
22:47 TaiSHi Seriously, traveling to the US for the first time and I want to book flights but they don't send me my user/password
22:48 murrdoc saltconf ?
22:48 TaiSHi Wont have the pleasure I'm afraid, traveling mid april
22:48 iggy I seriously need to finish my presentation this weekend
22:49 mgw joined #salt
22:49 TaiSHi Will it be recorded? Never attended a conf tbh
22:49 murrdoc where are u travelling to
22:50 MindDrive *sigh* Like just now.  A minion I restarted just an hour ago has stopped responding to the master(s).
22:50 murrdoc what version are u on
22:50 MindDrive (Four test.pings in a row and keep getting 'Not connected')  I'm on 2014.7.0
22:51 murrdoc weird
22:51 murrdoc havent had that yet
22:51 murrdoc your own dc or aws or gce
22:51 kellnola is it normal for minions to not show up in the output of the command run on the master? If I do a test.ping against any group of minions I almost never see them all respond. I get different answers each time I run it.
22:51 MindDrive We have our own datacenter setup.
22:52 murrdoc how many minions to a master
22:52 rihannon haha for anyone wondering what my issue was, it was spelling "source" != "srouce"
22:52 TaiSHi kellnola, -v and try different -t values
22:52 iggy TaiSHi: not using raet or anything funky?
22:52 TaiSHi murrdoc, NYC, Orlando and Miami, so... vacations :P
22:52 murrdoc oh man miami
22:52 murrdoc u ll love it
22:52 murrdoc its like south america
22:52 drawsmcgraw left #salt
22:52 TaiSHi But without mate ?
22:52 murrdoc pssh in miami
22:52 xs- q: locking a salt minion to an env, according to the docs, is done by setting 'environment: <env>' in the minion config. this should influence the default saltenv chosen when using e.g. a state.sls or cp.list_master call, but those keep using base
22:52 murrdoc u get mate
22:53 iggy xs-: keep using _only_ base or env + base?
22:53 murrdoc MindDrive:  how many minions to a master
22:54 murrdoc and do u have the file limits configured on your master
22:54 MindDrive murrdoc: in this environment, 350.
22:54 MindDrive And you'll need to be more specific about 'file limits'.
22:54 TaiSHi MindDrive, try -v first, dig the output
22:54 murrdoc only the one master
22:54 xs- looks like just base. using gitfs branches for envs. got a file in dev branch but missing in base
22:55 loggyer_ joined #salt
22:55 MindDrive TaiSHi: already run with '-v' all the time, 'Not connected' is the usual response from minions that are unreachable.
22:55 xs- keeps saying not found in 'base'
22:55 xs- minion debug mode also confirms it's looking for it in base
22:55 xs- when i so state.sls <some.state> saltenv=dev    it works
22:55 iggy xs-: and if you set saltenv it works?
22:55 techdragon joined #salt
22:55 murrdoc MindDrive:  http://docs.saltstack.com/en/latest/topics/troubleshooting/master.html#too-many-open-files
22:56 xs- been going at it checking back and forth for over 2 hours, i'm stumped
22:56 murrdoc also there is the timeout config in the salt-master config that u might want to tweak
22:56 murrdoc also seriously consider adding more masters and maybe adding a syndic
22:57 iggy one should be able to handle 350
22:58 MindDrive murrdoc: Not an issue here, we have 10240 set for the number of files (and no indication of that issue in the logs, which are currently on debug level).
22:58 loggyer_ Guys how can i convert the output of a grain into a string ?
22:58 CeBe joined #salt
22:58 loggyer_ tried this, host => {{ ipaddr|string }}
22:58 jtang_ joined #salt
22:59 TaiSHi MindDrive, check the timeout, is 5 sec by default
22:59 xs- iggy: setting saltenv works fine, without it keeps picking base
22:59 loggyer_ but this does not seem to get the correct  format
22:59 murrdoc MindDrive:  cehckout timeout and worker_threads
22:59 iggy xs-: you restarted the minion?
22:59 xs- yup
23:00 eliasp loggyer_: from which grain did you pull "ipaddr"?
23:00 MindDrive Setting the timeout even to 60 still gets back 'Not connected'.  And we tested 2014.7.1 which didn't seem to solve the problem.
23:00 TaiSHi MindDrive, you can set it with -t XX, I have 80 minions and it fails with <60 sometimes
23:00 TaiSHi Try increasing it more
23:01 murrdoc yeah u can have multiple masters
23:01 xs- so it *should* work right, at least good to know it's the same thing. docs kind of refer saltenv of modules to environment in minion config
23:01 MindDrive TaiSHi: that fails even on "salt -E '<specific minion>' ", which simply shouldn't happen.
23:01 loggyer_ eliasp: ip_interfaces:eth0
23:01 otter768 joined #salt
23:02 MindDrive And already have two masters, still isn't helping.
23:02 eliasp loggyer_: this will just give you a list of IPs… you have to define which of eth0's IPs you want, e.g.: salt['grains.get']('ip_interfaces:eth0')[0]
23:03 eliasp loggyer_: each interface can have 'n' IPs
23:03 loggyer_ eliasp: since i just have 1 ip on that interface..it didn't have issues with that...but can that be the reason for not outputting as a string
23:04 eliasp loggyer_: yeah, even if you have only 1 IP on this interface, it'll still be returned as a list… with just 1 element ;)
23:04 eligos joined #salt
23:05 murrdoc MindDrive:  you should totally doc this up and make it an issue
23:05 murrdoc i am sure the saltstack crew would like to help
23:06 loggyer_ eliasp: that didn't really convert it to a string...except that it doesn't return it as a list
23:06 rgarcia_ joined #salt
23:06 loggyer_ how can i convert it to a string with dquotes
23:06 smcquay joined #salt
23:07 I3olle joined #salt
23:09 xs- iggy: if i dump the minion config using test.get_opts it shows 'environment: dev'. Mainly testing with cp.list_master, same result run from master or locally using salt-call, with saltenv=dev correct branch, without its base branch. Any ideas? :)
23:10 loggyer_ eliasp: this works, host => "{{ ipaddr }}", can i get it to work with some filters making it look clean :)
23:10 aparsons joined #salt
23:11 MindDrive murrdoc: There are already several very similar tickets open and so far nothing mentioned in them has helped (nor have any of them been full resolved).
23:11 murrdoc word
23:12 MindDrive It would be nice if I could get more output from the minion, but even at 'debug' level very little is put into the logs.
23:13 eliasp -l trace
23:13 jalaziz joined #salt
23:13 loggyer_ eliasp: i suppose that was not for me ?
23:14 eliasp loggyer_: no… regarding your question: ipaddr should be already a string… there should be no need to explicitely make it one…
23:14 eliasp even dquotes shouldn't be necessary
23:14 xs- MindDrive; did you check master for issues? simple dmesg, any issues regarding connections, open files, etc?
23:15 san4 joined #salt
23:15 san4 joined #salt
23:15 MindDrive xs-: Yep, nothing out of the norm.
23:15 aparsons joined #salt
23:15 loggyer_ eliasp: well i did that..but it outputs it this way, host => 10.199.48.6
23:16 loggyer_ and i want it to be in double quotes
23:16 aparsons joined #salt
23:16 eliasp loggyer_: ah, missed the => … so this is some kind of PHP or Perl config file you're generating? I assumed you were working within an SLS, sorry
23:16 aparsons joined #salt
23:17 eliasp then "{{ ipaddr }}" is still the best thing to do
23:17 iggy xs-: sorry, I don't even use environments... I was mostly shooting in the dark
23:17 eliasp as no filter will know anything about the target format of the file you're generating… whether strings are s- or d-quoted there etc.
23:17 loggyer_ eliasp: it is config file for Elasticsearch. I see.
23:17 xs- :)
23:18 bash1245_ joined #salt
23:18 loggyer_ Thanks for the explanation man :)
23:18 eliasp loggyer_: so {{ ipaddr }} will return the plain string and you'll have to add apropriate quoting if necessary…
23:18 eliasp e.g.in YAML there's no quoting needed unless you explicitely want to make e.g. an int a string
23:19 ecdhe Ryan_Lane, you know how you build salt packages and install it that way, instead of relying on what's in the repos?
23:19 loggyer_ eliasp: gotcha. thanks!
23:19 xs- MindDrive: did you try pinging the minion from the master before doing several test.ping's?
23:19 iggy ugh, why does only file.managed support contents_pillar
23:20 MindDrive If you mean, 'ping <hostname>', yes, they're fully pingable.  The basic network is solid and not the issue.
23:20 ecdhe Ryan_Lane,  how do you name/version those packages?  Something like "salt-wikimedia-2012.07.01-0.0.3"?
23:20 ecdhe (.deb of course)
23:21 xs- MindDrive: if a minion is 'broken', are you able to run a salt-call cp.list_master or something else that initiates comm with master?
23:21 Ryan_Lane ecdhe: I just run pip from a branch and tar based on the sha
23:21 xs- or fire events?
23:21 ecdhe So no .deb files?
23:22 misham joined #salt
23:22 ecdhe The tar gets distributed -- then you unpack and install on the hosts.
23:22 ecdhe Thanks Ryan_Lane!
23:25 MindDrive xs-: From a non-responsive minion, 'salt-call cp.list_master' returns 'local:'
23:26 xs- i assume your base does have files in it?
23:27 MindDrive Actually, it looks like a working system returns the same thing, so...
23:28 murrdoc are u using salt as the salt master's name
23:28 murrdoc or is it unique and dns'ed
23:28 smcquay joined #salt
23:29 MindDrive murrdoc: Multiple servers, DNS-based.
23:29 hasues joined #salt
23:30 xs- multiple servers as in RR dns?
23:30 hasues left #salt
23:30 StDiluted joined #salt
23:31 MindDrive xs-: No, multiple servers as in list of distinct hostnames in DNS.
23:33 redzaku joined #salt
23:36 ajw0100 joined #salt
23:42 adelcast joined #salt
23:44 ociuhandu joined #salt
23:44 redzaku joined #salt
23:46 ocdmw joined #salt
23:50 ocdmw joined #salt
23:52 ocdmw joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary