Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2015-02-13

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:00 jcockhren timoguin: lol
00:09 MindDrive Is there currently any way from the minion side to tell if it's communicating with the master(s)?
00:10 jcockhren logs
00:10 jcockhren you should see it authenticating
00:10 jcockhren peridocially
00:10 jcockhren periodically*
00:10 pdayton joined #salt
00:11 jcockhren I think it's once per min
00:11 jcockhren (or once per 30 sec)
00:11 joehoyle joined #salt
00:13 joehoyle I'm getting "State 'git.latest' found in SLS 'appserver' is unavailable" what does "unavailable" in this context mean?
00:13 iggy you don't have git installed
00:14 iggy generally speaking
00:14 joehoyle ah
00:14 bfoxwell joined #salt
00:14 iggy https://gist.github.com/iggy/6c7beea849c23936a451
00:15 iggy anybody spot the problem in that output?
00:15 MindDrive jcockhren: I do see it doing that, but only when I have debug level on for logging.  Sadly, it's not really talking to the master, since a test.ping from the master will give back 'No connection' for the minion.
00:15 MindDrive (And a tcpdump will show no traffic between the two.)
00:15 joehoyle odd, I think this is the first time I am getting this. I don't have the require specifically set, I think it just worked before due to execution order. Is the execution order not fixed?
00:16 iggy joehoyle: it should be top down
00:17 iggy but when you add in a require somewhere (not necessarily with those states) ordering goes bonkers
00:20 joehoyle ah maybe that's what's happening
00:20 joehoyle loloking at https://gist.github.com/joehoyle/bbaf8443e3828998c42d, this isn't the order I am calling them from my top.sls
00:22 jcockhren MindDrive: does your master have the necessary port open on the firewall?
00:22 jcockhren MindDrive: also on the minion. stop the salt-minioni process to see if you have any rouge processes
00:23 MindDrive jcockhren: The ports are fully open, and a restart of salt-minion makes things work immediately again... for about 30-60 minutes.
00:23 MindDrive I've been trying to debug this issue for two weeks now, and having very little success.
00:23 jcockhren hmm. this has happened before
00:24 jcockhren there's a signal sent to keep the net interface 'alive' peridocially
00:24 jcockhren periodically*
00:24 jalaziz joined #salt
00:24 jcockhren when I saw that before before, salt was failing to keep the nics awake
00:25 lnxnut joined #salt
00:27 Edgan Can I have client_pillar1 reference to the contents of server_pillar2, even if the client isn't supposed to have access to server_pillar2? I would like to pull passwords out of a server config, and write them into the client config without have to repeat myself. I also don't want to give the client access to the full contents of the server pillar.
00:28 iggy Edgan: you can't reference pillars from other pillars
00:28 iggy at least not reliably
00:28 Edgan iggy: :( It would be a great feature.
00:28 iggy your best bet would be jinja includes or ext_pillar's
00:28 nullptr` joined #salt
00:29 iggy everybody says that... but people trying to do weird things with pillars quickly graduate from regular file-backed pillars
00:30 Edgan iggy: What is a good ext_pillar?
00:32 murrdoc where is loop_interval setup in opts
00:32 murrdoc does anyone know
00:32 murrdoc getting an useless log
00:33 iggy I don't know really... I mean we've managed to get by without it so far, but that's because we still have a lot of manual stuff going on (just hit production a couple months ago and there's just 1.5 people doing devops-y stuff here)
00:36 rvankleeck__ joined #salt
00:36 rvankleeck__ joined #salt
00:36 davidbanham joined #salt
00:36 otter768 joined #salt
00:38 davidbanham Hi all. I'm coming across from Chef and having trouble grokking the Salt execution model. When a new salt minion comes up (has key accepted, etc) and has roles configured, I would expect it to run highstate automatically to get started. It doesn't seem to, though. Is there a canonical way to do this? Should I be configuring something in top.sls to say "Please bring any new machines into a good state as soon as you see them?" Or i
00:38 davidbanham s there another way I should be thinking about this?
00:38 Edgan davidbanham: reactor
00:39 davidbanham Ah! Thanks, Edgan
00:41 yomilk joined #salt
00:42 manytrees hi, i'm trying to find docs on how to do compound matching via the salt api (via REST with cherrypy).. so far everything i'm finding is using the plain tgt="*" style matching.  any pointers to how to use compound matching here?
00:43 timoguin joined #salt
00:45 __number5__ manytrees: http://docs.saltstack.com/en/latest/topics/targeting/compound.html
00:45 MugginsM joined #salt
00:48 manytrees __number5__: that's for the CLI where you can pass it -C to tell it to use compound matching.  i'm trying to find out how to apply that to the rest api
00:49 iggy davidbanham: there's also startup_states in the minion config
00:50 __number5__ manytrees: same rules apply for both topfile and command line, they use the same code
00:50 iggy manytrees: if you look at things like the reactor and orchestration, there's usually a tgt_type or expr_form option
00:50 __number5__ unless salt-api using different code
00:50 davidbanham iggy: Thanks, that seems much more like what I'm after. Reactor looks like a handy thing to have, but it's a battle trying to get it to do what I want just now.
00:51 manytrees __number5__: i was guessing there must be some parameter that i should pass into the rest api to tell it to use compound matching for the target instead of simple?
00:51 iggy manytrees: and yeah, top files use the "match" option
00:51 iggy so try passing one of those and see what happens
00:52 manytrees ok, i'll give that a try, thanks. was hoping there were some docs on this
00:53 iggy the api is a relatively new addition
00:55 iggy manytrees: looking at the old docs, it looks like it's tgt_type
00:56 whiteinge It's expr_form
00:57 whiteinge salt-api wraps the python api fairly directly
00:57 MugginsM w00t, got my saltmaster in docker setup going :)
00:57 iggy damn!
00:57 iggy but I'd guess he knows more than me
00:59 jalaziz joined #salt
00:59 whiteinge manytrees: the local client in salt-api is referring to this method: http://docs.saltstack.com/en/latest/ref/clients/index.html#salt.client.LocalClient.cmd
00:59 whiteinge Anything you can do there you can do via salt-api
01:00 __number5__ whiteinge: I just found that one :) why are they hidden so well :P
01:01 manytrees whiteinge iggy: tyvm!
01:01 __number5__ whiteinge: btw, is rest_wsgi considered production-ready?
01:02 whiteinge __number5__: we use it as a baseline measurement. You have to know how to use IRC in order to use salt… Or something
01:03 whiteinge rest_wsgi is fine to use. I would personally avoided because it so feature less
01:03 * iggy screwed
01:03 pahko hi guys, I'm trying to use formulas hosted in github but I always got """No matching sls found for 'apache' in env 'base' """
01:03 pahko here is my master config https://dpaste.de/Q8Qb
01:03 pahko and the minion https://dpaste.de/fdpT
01:03 pahko I'm using vagrant for both machines, and I'm sure that master can execute states on minion because I'm able to ping it.
01:03 pahko here is the top.sls
01:03 pahko https://dpaste.de/GYx1
01:04 pahko I'm just getitng started with salt but I read the doc and followed all steps and couldn't make it work,
01:04 pahko if someone can help me I would appreciate it :)
01:04 pahko thanks
01:05 __number5__ whiteinge: ok, thanks.
01:05 iggy pahko: as long as you're testing, that's fine, but for real use, you'll want to clone those formulas into your own account (just fyi)
01:06 iggy pahko: can you do a salt-run fileserver.update and make sure you can pull things
01:06 iggy and salt-call cp.list_master is helpful too
01:06 pahko ok, let me check
01:09 mafrosis joined #salt
01:10 mafrosis anyone have an idea when 2014.7.2 is going be released?
01:11 iggy mafrosis: I think the focus is on 2015.2 right now
01:11 mafrosis yeah I can see that
01:11 davidbanham Mid last year the external_ip grain was removed. Is there a suggested way to replicate this functionality?
01:11 mafrosis looks like I’ll be skipping 2014.7.* in its entirety then!
01:11 mafrosis thanks iggy
01:11 iggy davidbanham: it's very cloud specific
01:12 pahko iggy, after `sudo salt '*' cp.list_master` I got https://dpaste.de/p1hg, salt-run fileserver.update does not pull the git repo...
01:12 iggy davidbanham: there are some examples in salt-contrib for a few popular cloud providers
01:12 davidbanham iggy: I'm on AWS with the salt master in a different VPC than my minions. Communication is via the master's internet IP. Not keen to set up a VPC networking bridge since I'm planning to use this master across multiple VPCs.
01:12 davidbanham iggy: Cool, I'll take a lookg
01:13 iggy I'm pretty sure there is an aws one there
01:13 iggy I know there's a gce one (I wrote it)
01:13 iggy pahko: make sure your master is restarted after the config file is changed
01:14 davidbanham Yep, this looks like what I'm after, thanks. https://github.com/saltstack/salt-contrib/blob/18ecf95fa9ea0325ac9acd91a91a4be117fe6315/grains/ec2_info.py
01:14 murrdoc joined #salt
01:15 mafrosis davidbanham: that’s the module I use; it has worked great for a long time
01:15 iggy just throw it in /srv/salt/_grains do a saltutil.sync_grains and BAM!
01:15 timoguin joined #salt
01:16 pahko iggy: it's not working...
01:17 waddles joined #salt
01:19 davidbanham BAM! ec2_public-ipv4 all up in my grains. Thanks, guys.
01:19 ahammond so... is 2015.2 out yet?
01:20 ahammond I see the branch, hmm. more sniffing
01:25 murrdoc basepi:  is there an issue list for 2014.7.2 , i want to know if i should goto that or 2015.2.1 (when it gets here)
01:27 jdowning joined #salt
01:31 jalaziz joined #salt
01:31 seblu joined #salt
01:34 Singularo joined #salt
01:36 TTimo joined #salt
01:37 MindDrive I think I may have found my culprit in my minion issue - may have to do with this: "Running scheduled job: __mine_interval"  (More interestingly, I don't have anything configured for this)
01:38 dude051 joined #salt
01:38 aqua^mac joined #salt
01:39 wincus joined #salt
01:39 davidbanham I seem to have my role coming through correctly in the grains info, but it's not being matched in my top.sls. Is this not a valid matcher or something? - https://gist.github.com/davidbanham/d3278a60dfa0f105ecff
01:39 Gareth joined #salt
01:39 shnguyen joined #salt
01:39 shnguyen hey salt friends
01:40 dude051 joined #salt
01:43 davidbanham Augh. It needed to be roles, not role in top.sls
01:44 TTimo joined #salt
01:53 Gareth joined #salt
01:54 shnguyen anyone around to help me debug a really weird issue im having with an execution module
01:54 rudi_s Hi. How can I cache data during a single salt run on a minion? I have a state file which needs to perform some expensive work, but only once per run and I'd like to cache the data. Any idea?
01:54 rudi_s s/state file/state module/
01:59 MugginsM joined #salt
02:01 bhosmer_ joined #salt
02:02 jerematic joined #salt
02:04 CeBe joined #salt
02:07 yomilk joined #salt
02:09 itru joined #salt
02:10 itru hi guys! Can I do something with salt which tries “yum downgrade” instead of “yum install” when I’m installing custom kernel?
02:15 otter768 joined #salt
02:16 pahko joined #salt
02:18 itru left #salt
02:18 itru joined #salt
02:22 hal58th joined #salt
02:25 itru ok, i’ll use cmd.run yum install then….
02:29 flupke joined #salt
02:29 evle joined #salt
02:30 nullptr`` joined #salt
02:31 cedwards joined #salt
02:33 malcium joined #salt
02:36 cedwards basepi: ping
02:37 nitti joined #salt
02:37 yomilk joined #salt
02:49 ilbot3 joined #salt
02:49 Topic for #salt is now Welcome to #salt | SaltConf 2015 is Mar 3-5! http://saltconf.com | 2014.7.1 is the latest | Please be patient when asking questions as we are volunteers and may not have immediate answers | Channel logs are available at http://irclog.perlgeek.de/salt/
02:50 dyasny joined #salt
02:57 favadi joined #salt
03:08 TyrfingMjolnir joined #salt
03:14 timoguin joined #salt
03:16 steveoliver joined #salt
03:18 stanchan joined #salt
03:19 Furao joined #salt
03:21 __j0shua__ joined #salt
03:21 TyrfingMjolnir joined #salt
03:24 andrew_v joined #salt
03:28 jdowning joined #salt
03:28 TTimo joined #salt
03:32 bytemask_ joined #salt
03:33 Laogeodritt joined #salt
03:35 dimeshake joined #salt
03:44 timoguin joined #salt
04:01 Furao joined #salt
04:03 ajw0100 joined #salt
04:06 aquinas joined #salt
04:09 felskrone joined #salt
04:10 flupke joined #salt
04:17 malinoff joined #salt
04:18 malcium joined #salt
04:22 desposo joined #salt
04:27 otter768 joined #salt
04:44 timoguin joined #salt
04:49 iggy ahammond: an rc was announced within the last few days
04:51 iggy shnguyen: paste as much code as you can, what you're running to get the error, and what error you're getting
04:52 iggy rudi_s: you'll probably have to be more specific
04:53 shnguyen thanks iggy, will do
04:59 subsignal joined #salt
05:05 SheetiS joined #salt
05:26 TTimo joined #salt
05:29 jdowning joined #salt
05:41 lumberjack_ joined #salt
05:44 kermit joined #salt
05:49 ajw0100 joined #salt
05:49 ajw0100 joined #salt
05:54 Furao joined #salt
05:54 g3cko joined #salt
05:55 ramteid joined #salt
06:01 neekz0r joined #salt
06:03 GrueMaster joined #salt
06:04 chutzpah joined #salt
06:17 nitti joined #salt
06:22 calvinh joined #salt
06:28 otter768 joined #salt
06:39 KFDM joined #salt
06:40 Jahkeup joined #salt
06:41 KFDM left #salt
06:43 favadi joined #salt
06:44 timoguin joined #salt
06:47 kawa2014 joined #salt
06:54 krelo joined #salt
07:00 colttt joined #salt
07:05 Heartsbane joined #salt
07:05 Heartsbane joined #salt
07:10 jonasbjork joined #salt
07:25 shoma joined #salt
07:25 calvinh joined #salt
07:27 calvinh_ joined #salt
07:28 jalaziz joined #salt
07:29 mikkn joined #salt
07:30 jdowning joined #salt
07:30 felskrone joined #salt
07:31 TTimo joined #salt
07:32 slafs joined #salt
07:32 slafs left #salt
07:33 KermitTheFragger joined #salt
07:35 jtang joined #salt
07:36 Auroch joined #salt
07:41 Furao joined #salt
07:42 toanju joined #salt
07:44 timoguin joined #salt
07:48 pouledodue joined #salt
07:48 pouledodue left #salt
07:49 flyboy joined #salt
07:52 trikke joined #salt
07:57 eseyman joined #salt
07:59 ede joined #salt
08:00 timoguin joined #salt
08:01 jhauser joined #salt
08:02 tomspur joined #salt
08:04 smithd_ joined #salt
08:05 linjan joined #salt
08:06 markm joined #salt
08:11 ede left #salt
08:13 calvinh joined #salt
08:13 toanju joined #salt
08:16 drawsmcgraw joined #salt
08:17 clintberry joined #salt
08:17 BigBear joined #salt
08:18 calvinh_ joined #salt
08:22 jonasbjo1k joined #salt
08:26 Grokzen joined #salt
08:28 otter768 joined #salt
08:29 chiui joined #salt
08:34 Firewalll joined #salt
08:37 calvinh joined #salt
08:37 krelo joined #salt
08:38 bash124512 joined #salt
08:44 calvinh_ joined #salt
08:44 timoguin joined #salt
08:45 Terminus- hi. is there a way to copy multiple files without having to specify each and every file? specifically, i want to copy hostname.* to minion:/etc/
08:45 jtang file.recurse does that
08:45 jtang its probably pretty close to what you want
08:46 jtang http://docs.saltstack.com/en/latest/ref/states/all/salt.states.file.html#salt.states.file.recurse
08:46 zphds joined #salt
08:46 jonasbjork joined #salt
08:47 Terminus- jtang: thanks.
08:47 zphds guys, is there a way I can access grains of some other machine from a given node?
08:50 babilen joined #salt
08:51 jonasbjork joined #salt
08:53 ALLmightySPIFF joined #salt
08:56 Furao joined #salt
08:56 Terminus- jtang: just tried http://paste.ofcode.org/8mazZuSsbQJnWkMAgCK6nA but i'm getting "Recurse failed: none of the specified sources were found" any idea why? salt://foo.txt works in my other stuff.
08:56 Terminus- and i'm pretty sure hostnam.* exists in salt://
08:57 jtang it might expect a directory of files and not a filename
08:58 jtang i guess you'll have to read the docs and experiment to get what you want ;)
08:59 Terminus- jtang: yeah, i just need the right part of the manual because it's kinda big. =P
08:59 elfixit joined #salt
09:02 EvaSDK joined #salt
09:02 bluenemo joined #salt
09:02 bluenemo joined #salt
09:05 CeBe joined #salt
09:08 Terminus- jtang: it worked when i placed everything in salt://etc/ instead. i have no idea why it refuses to recurse from the root dir. =|
09:09 sypher_ joined #salt
09:09 jtang dunno, i've never tried copying the root  of salt:///, its probably a bad idea
09:10 Terminus- jtang: yeah but i figured i'd be safe because of the specific pattern.
09:10 Terminus- and i try to keep my directory structure flat whenever possible. i hate having to cd a/b/c/d/e/f/g/h/i/j/
09:11 jtang each to their own, it's just a tool, make the most of it ;)
09:12 aquinas joined #salt
09:13 cyberfart joined #salt
09:14 N-Mi joined #salt
09:14 cyberfart I have an interesting issue with salt. For some minions, the first highstate runs fine and returns. Every run after runs fine, returns but master never gets them. I see in minion logs that it returns, and again for masters find_job. Assuming that the versions and libraries are equal, what else can cause this?
09:16 toanju joined #salt
09:16 Xopher joined #salt
09:18 karimb joined #salt
09:22 logmert joined #salt
09:23 jrluis joined #salt
09:23 jonasbjo1k joined #salt
09:24 I3olle joined #salt
09:30 jdowning joined #salt
09:31 Xevian joined #salt
09:32 TTimo joined #salt
09:34 jespada joined #salt
09:36 amcorreia joined #salt
09:40 jalaziz joined #salt
09:41 paulm- joined #salt
09:41 calvinh joined #salt
09:57 logmert joined #salt
10:06 esogas_ joined #salt
10:11 mindscratch joined #salt
10:20 lynxman joined #salt
10:22 elfixit1 joined #salt
10:25 bhosmer joined #salt
10:26 CeBe joined #salt
10:27 jonasbjork joined #salt
10:29 otter768 joined #salt
10:30 ALLmightySPIFF joined #salt
10:31 Furao joined #salt
10:34 TTimo joined #salt
10:34 donmichelangelo joined #salt
10:43 Inver joined #salt
10:43 zerthimon joined #salt
10:44 jonasbjo1k joined #salt
10:44 timoguin joined #salt
10:47 jasonrm joined #salt
10:50 karimb joined #salt
10:57 andabata joined #salt
10:58 CeBe1 joined #salt
11:01 jonasbjork joined #salt
11:01 evle1 joined #salt
11:06 giantlock joined #salt
11:07 jonasbjo1k joined #salt
11:08 calvinh joined #salt
11:08 bash1245_ joined #salt
11:12 jonasbjork joined #salt
11:14 Inver heya o/ I'm seeing some weird behavior on the salt-minion running on windows 2012R2, when I try to install software, it gives me "... reason: [Error 5] Access is denied", until I start the salt minion with debug output, and press ctrl-c, then it happily installs the software, where I would have expected the minion to stop. I've been digging through the github issue tracker to no avail
11:16 sypher_ joined #salt
11:17 iwishiwerearobot joined #salt
11:22 kiorky joined #salt
11:23 faliarin joined #salt
11:28 jonasbjo1k joined #salt
11:31 calvinh_ joined #salt
11:31 jdowning joined #salt
11:33 karimb joined #salt
11:33 jonasbjork joined #salt
11:35 sypher__ joined #salt
11:44 wnkz joined #salt
11:44 timoguin joined #salt
11:50 jalaziz joined #salt
11:52 sypher_ joined #salt
11:55 Inver it seems the problem only occurs with the 64bit version of the minion, the 32bit version does not give any trouble for some reason
11:56 jonasbjo1k joined #salt
11:59 sypher__ joined #salt
12:01 flyboy82 hey guys, probably silly question. I've been rummaging through the docs to try and find a way to have a pkg state from another sls required without having to "include" all the states of the said sls. Any pointers?
12:09 schlueter joined #salt
12:09 jonasbjork joined #salt
12:10 schlueter joined #salt
12:11 colttt joined #salt
12:17 rudi_s iggy: I just want to cache data inside a state module during a run. Is there a facility available in Salt to do that? Or some identifier I can use (like the jid) to detect if I'm running in the same salt run?
12:25 wnkz_ joined #salt
12:28 iwishiwerearobot joined #salt
12:30 rvankleeck joined #salt
12:30 cotton_ joined #salt
12:30 otter768 joined #salt
12:31 rvankleeck_ joined #salt
12:32 yomilk joined #salt
12:35 TTimo joined #salt
12:35 cotton joined #salt
12:40 akas joined #salt
12:40 akas joined #salt
12:44 timoguin joined #salt
12:45 yomilk joined #salt
12:48 cotton joined #salt
12:49 bhosmer joined #salt
12:51 flyboy82 joined #salt
12:52 tkharju joined #salt
12:52 akas joined #salt
12:55 TTimo joined #salt
12:55 shorty_mu joined #salt
12:56 yawniek_ i have my gitfs backend on github, somewhere i read that this is synced once per minute, can i manually sync it?
12:56 schlueter joined #salt
12:57 shorty_mu yawniek_: salt-run fileserver.update
12:57 yawniek_ shorty_mu: thx
12:57 shorty_mu Hi all, is there a "known" way to find all minions which have a specific state configured in top.sls?
13:02 bhosmer_ joined #salt
13:03 jonasbjo1k joined #salt
13:03 toanju joined #salt
13:04 paulm- joined #salt
13:08 jonasbjork joined #salt
13:09 akas joined #salt
13:10 CeBe1 joined #salt
13:11 chiui joined #salt
13:12 trikke joined #salt
13:17 CeBe1 joined #salt
13:19 wincus joined #salt
13:19 CeBe2 joined #salt
13:20 joehh shorty_mu: I know you could do it with reclass, but not sure how just with salt on its own
13:20 _mel_ joined #salt
13:20 akas joined #salt
13:20 shorty_mu Well, maybe that's the reasonm I needed to switch to reclass ;)
13:21 shorty_mu I'm hacking together a YAML-parser something script.
13:21 joehh you could do it that way without reclass
13:22 toastedpenguin joined #salt
13:22 joehh you'd probably need the same component for reclass too
13:22 jdowning joined #salt
13:22 joehh only difference is you wouldn't need to deal with the globbing
13:22 paulm-- joined #salt
13:22 joehh you could just query for the details of each minion
13:23 shorty_mu joehh: I use state.show_top as a basis and fiddle my way through the YAML struct.
13:24 shorty_mu hoehh: I just hoped, that there would be an easier way.
13:25 joehh thats probably the best you can do
13:26 mpanetta joined #salt
13:27 yomilk joined #salt
13:31 felskrone is there a module to manage hosts.allow|deny?
13:32 trikke joined #salt
13:35 giantlock joined #salt
13:37 jespada joined #salt
13:39 yomilk joined #salt
13:44 timoguin joined #salt
13:45 gerl1ng hello all, I have a problem running a state on Ubuntu which just had worked fine for fedora. I use grains to seperate Packeges, etc.
13:46 gerl1ng I get an error AttributeError: 'NoneType' object has no attribute . Does anyone get the same error? All Info in pastebin http://pastebin.com/t8AV2n03
13:47 Nebraskka joined #salt
13:47 Nebraskka Heya! Is it possible to use authorized_keys to auth with salt-ssh?
13:48 babilen Hmm, can you think of a nice way to run a command on each minion that uses grains? (something like cmd.run "foo {{ grains['id'] }}" ?
13:48 babilen )
13:48 karimb joined #salt
13:49 Andre-B joined #salt
13:49 yes456 joined #salt
13:49 shorty_mu babilen: cmd.run "foo $(salt-call grains.get your.grain)"
13:49 babilen *sigh* yeah!
13:49 shorty_mu *lol*
13:49 * babilen hands shorty_mu a biscuit
13:50 babilen You know these moments where you are thinking about a problem in a specific way that makes it impossible to solve it and then somebody else points out the solution and it becomes obvious why you didn't come up with it yourself?
13:50 babilen This was one of those moments
13:50 Nebraskka :)
13:51 teebes joined #salt
13:51 shorty_mu Happens to me every time. "... the forest for the trees"-effect
13:51 babilen Sure, which is why you need a rubber duck, colleagues and IRC channels :D
13:52 Nebraskka lol, that's true
13:52 shorty_mu babilen: *brilliant*
13:52 jonasbjo1k joined #salt
13:53 Nebraskka oh, how could i overlook priv parameter. thanks!
13:54 shoma joined #salt
13:54 subsignal joined #salt
13:57 jonasbjork joined #salt
14:00 dyasny joined #salt
14:00 FRANK_T joined #salt
14:01 cyberfart joined #salt
14:03 clintberry joined #salt
14:04 JDiPierro joined #salt
14:06 jalbretsen joined #salt
14:10 dude051 joined #salt
14:11 perfectsine joined #salt
14:12 breakingmatter joined #salt
14:12 dude051 joined #salt
14:14 BigBear joined #salt
14:14 angliscwork joined #salt
14:15 breakingmatter Does anyone have any recommendations on organizational structure(s) of state tree(s)?
14:16 cpowell joined #salt
14:17 EvaSDK joined #salt
14:17 EvaSDK joined #salt
14:17 gerl1ng breakingmatter: I thought a lot about this and I think it depends a lot on how large your environment is (large = many differnt types of states)
14:19 breakingmatter I don't have exact numbers, but we have around 800 machines.
14:19 breakingmatter Our state tree is getting unsightly, and it's bothering me.
14:21 TTimo joined #salt
14:21 nitti joined #salt
14:22 shorty_mu You might take look into node_groups, reclass or the Puppet concept of roles and profiles. Find commonalities and stick them together.
14:23 dude051 joined #salt
14:24 murrdoc joined #salt
14:25 yomilk joined #salt
14:25 mindscratch Is there a recommended way of doing the following: Run a command (which POSTs something to a URL), Run a second command (only after querying a website and getting back a certain result)
14:25 breakingmatter Right now we're organizing the nodes with grains. backend infra, customer A, customer B, KVM node, etc
14:26 breakingmatter But the tree itself is what's bothering me.
14:26 mindscratch basically the first command does a POST to create a job, the second command should create another job, but only after the 1st job is "running" (so I need to query for its status)
14:26 breakingmatter mindscratch: Are you wanting to do that from a state?
14:27 mindscratch I have an SLS file with two "cmd.run" 's defined. I am using salt-run state.orchestrate <sls file>
14:27 mindscratch (i'm new so i might have the wrong terminology)
14:29 Rahul joined #salt
14:29 TTimo joined #salt
14:29 breakingmatter Any specific reason you're using orchestrate?
14:29 mindscratch I thought I needed to for things to happen in a certain order
14:29 dyasny joined #salt
14:30 murrdoc do u want states executed in a certain order ?
14:30 murrdoc you can do that much easier with a state that 'includes' states
14:30 murrdoc or using requisites
14:30 mindscratch yea for example, I need to start zookeeper..then start mesos
14:30 breakingmatter I'd agree with murrdoc here.
14:30 mindscratch then once mesos is up i need to do POSt's to a web server
14:30 breakingmatter Orchestrate is overkill for two states.
14:30 murrdoc yeah
14:30 smithd_ joined #salt
14:31 murrdoc http://docs.saltstack.com/en/latest/ref/states/requisites.html
14:31 mindscratch so i have more than 2 states
14:31 murrdoc k, so you know how there is highstate
14:31 mindscratch right now i have 7 states
14:31 otter768 joined #salt
14:31 mindscratch yea I think i understand that
14:31 murrdoc and the order in highstate is governed by the top.sls
14:32 mindscratch didn't realize that
14:32 murrdoc there is nothing preventing u from doing the same with a custom state and calling it like state.sls custom_state
14:32 micah_chatt joined #salt
14:32 iggy rudi_s: look at the dunder dictionaries docs... I think there is a specific one that only exists for the life of a run
14:32 murrdoc so when u do state.highstate, salt goes to top sls, figures out what states are relevant to that environment
14:32 murrdoc and then includes them in order (top down) of how u have set it up
14:32 racooper joined #salt
14:33 murrdoc in the top.sls
14:33 murrdoc right ?
14:33 mindscratch so right now I do the orchestrate thing where I just start zookeeper, docker, mesos, marathon, haproxy, then do some POSTs
14:33 clintberry joined #salt
14:34 mindscratch so is having a "base" environment enough?
14:35 mindscratch right now my top.sls just has this (plus a few more states): http://www.hastebin.com/zetotagiva.sm
14:39 jdesilet joined #salt
14:40 jerematic joined #salt
14:40 nitti joined #salt
14:43 mindscratch murrdoc: so it looks like my top.sls (http://www.hastebin.com/zetotagiva.sm) might be ok, but i'd have to update my state files (zookeeper/init.sls, docker/init.sls) so they require the appropriate modules
14:43 murrdoc yes sir
14:44 timoguin joined #salt
14:45 TTimo joined #salt
14:45 FRANK_T http://docs.saltstack.com/en/latest/ref/states/all/salt.states.file.html  <----------------- Any Idea in how can I remove a folder I do not see that here
14:45 murrdoc file.missing ?
14:45 murrdoc no , absent
14:45 mindscratch murrdoc: back to my original question, I guess I could have a state that POSTs something to a webserver, a second state (that depends on the first) that queries the webserver for status completing upon getting a "success" status back, a 3rd state that depends on the second state to POST the next thing to the webserver
14:46 murrdoc or
14:46 mindscratch yup absent: http://docs.saltstack.com/en/latest/ref/states/all/salt.states.file.html#salt.states.file.absent
14:46 murrdoc you could write it up in python as a _module
14:46 murrdoc then write a python _state that uses that _modules
14:46 murrdoc then call that state function in your state.sls
14:47 mindscratch murrdoc: is there a tutorial?
14:47 murrdoc both what you said and this are valid options
14:47 murrdoc uh let me google
14:47 murrdoc http://docs.saltstack.com/en/latest/ref/modules/
14:47 mindscratch murrodc: i can google, wasn't sure if you had an example in mind :)
14:48 murrdoc :D
14:48 murrdoc oh salt-contrib
14:48 murrdoc https://github.com/saltstack/salt-contrib
14:48 murrdoc has example modules and states and this dude nmadhok has been cleaning it up
14:48 murrdoc so that might be a good starting point
14:49 FRANK_T murrdoc file.missing ?
14:49 murrdoc abset
14:49 murrdoc absent
14:49 mindscratch FRANK_T: http://docs.saltstack.com/en/latest/ref/states/all/salt.states.file.html#salt.states.file.absent
14:50 murrdoc what he said
14:50 FRANK_T mindscratch
14:50 FRANK_T thank you!!
14:50 mindscratch FRANK_T: http://www.hastebin.com/talisojusi.pas
14:50 murrdoc all are assumed he unless otherwise proven
14:50 jespada joined #salt
14:51 mindscratch murrdoc: just curious, what's the reason not to use orchestration?
14:52 murrdoc no reason, salts all about options
14:52 mindscratch i should mention, i am using salt only to start/stop services, do some POST's...not using it to install packages, manage users, etc
14:52 murrdoc i feel orchestration is a level up
14:52 murrdoc but if it works for u
14:52 murrdoc please use it
14:53 murrdoc its a personal prefernece basically
14:53 murrdoc simple
14:53 mindscratch gotcha, thanks
14:54 numkem joined #salt
14:56 timoguin joined #salt
14:56 kaptk2 joined #salt
14:56 favadi joined #salt
14:57 bhosmer_ joined #salt
14:58 bhosmer_ joined #salt
15:01 murrdoc fun fact salt-ssh does like grains set in /etc/salt/grains, like doesnt read them in
15:02 andrew_v joined #salt
15:03 Tyrm joined #salt
15:04 ipmb joined #salt
15:04 Tyrm joined #salt
15:06 yuhl_work_ joined #salt
15:06 perfectsine joined #salt
15:06 spielberg joined #salt
15:07 spielberg I’m having problems with source_hash not matching for archive.extracted when it matches perfectly for file.managed
15:08 spielberg doesn’t make sense to me
15:09 iwishiwerearobot joined #salt
15:09 spielberg I’m using the same format.. - source_hash: sha1=hash_here
15:09 spielberg somehow it generates a different hash..
15:10 primechuck joined #salt
15:12 elfixit joined #salt
15:14 spielberg anyone got any ideas? I can paste the states here but don’t want to spam the channel
15:16 spielberg running 2014.7.1 on minons
15:16 Twiglet any one have any ideas on how to handle .p12 keys?
15:16 bash124512 joined #salt
15:17 Twiglet cant stick them in the states because they are private keys, and because they're archives you can't stick them in via pillar contents...
15:17 yomilk joined #salt
15:17 ntropy i suppose yuo could use gpg renderer, which gives you a base64 output and put that in pillar
15:17 spielberg http://docs.saltstack.com/en/latest/ref/renderers/all/salt.renderers.gpg.html
15:18 ntropy not great since p12 is already encrypted though :)
15:18 spielberg yea
15:18 Twiglet ha didn't know about the renderer
15:18 Twiglet ah*
15:18 Twiglet but yeah
15:18 perfectsine joined #salt
15:18 Twiglet not great for private files :/.
15:18 ntropy you can't manage private and public key separately instead of them being in p12?
15:19 Twiglet Not that i've found, it's for a google service account for gsutil
15:23 bhosmer joined #salt
15:23 micah_chatt_ joined #salt
15:26 spo0nman joined #salt
15:27 spo0nman Hello! puppet facts don't show up in grains.items on some minions but do on some others, what could it be?
15:28 spo0nman the salt version is latest greatest and it's the same across the minions
15:28 spo0nman all the minions respond to puppet.facts
15:28 spo0nman but grains.items do not include puppet facts in some minions
15:28 scooby2 joined #salt
15:29 Tooooother joined #salt
15:29 paulm- joined #salt
15:29 babilen Thought I am super organised and sign commits .. Little did I know that instead of rolling out changes I would run into https://github.com/gitpython-developers/GitPython/issues/110
15:32 paulm-- joined #salt
15:32 nullptr`` joined #salt
15:34 babilen sorry colleagues, I have to force push
15:34 babilen Argh, nightmare
15:34 Xevian joined #salt
15:35 babilen So, keep in mind: Don't sign your commits if you use GitFS and GitPython
15:35 ltsampros joined #salt
15:35 schlueter joined #salt
15:36 ltsampros quick question: does the master and the minion need to have the same zeromq versions ?
15:36 spielberg “Unable to manage file: [Errno 1] _ssl.c:510: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure”
15:37 spielberg minions are running ubuntu 14.04 LTS ^
15:37 spielberg I’m guessing github disabled sslv3 becaue of poodle
15:37 debian112 joined #salt
15:39 hasues joined #salt
15:40 TheoSLC joined #salt
15:41 spo0nman actually none of the custom grains are showing u
15:41 intellix joined #salt
15:41 spo0nman just tested, none of the custom grains show up
15:42 eagles0513875_ joined #salt
15:43 eagles0513875_ joined #salt
15:44 clintberry joined #salt
15:45 BigBear joined #salt
15:47 TyrfingMjolnir joined #salt
15:49 aphorise joined #salt
15:50 CeBe joined #salt
15:51 desposo joined #salt
15:53 monkey66 left #salt
15:57 jespada joined #salt
15:57 Brew joined #salt
16:01 hasues left #salt
16:10 Xevian joined #salt
16:10 TyrfingMjolnir joined #salt
16:13 gix0 joined #salt
16:16 hebz0rl joined #salt
16:18 Ligthert Is there any reason my EC2 instance can't reach ec2.eu-west-1.amazonaws.com for example required by salt-cloud?
16:18 Ligthert The security groups are so wide that it has nothing to do with security anymore.
16:18 Ligthert And a ping only states: From 178.236.0.63 icmp_seq=15 Packet filtered
16:18 Sypher joined #salt
16:19 yomilk joined #salt
16:20 thedodd joined #salt
16:20 tomh- joined #salt
16:21 smcquay joined #salt
16:22 seanz joined #salt
16:23 Ozack-work joined #salt
16:24 Ligthert I have no trouble reacing eu-west.. strange
16:27 rudi_s iggy: Ah, thanks. It looks like __context__ could be the right one, I'll check that out. Thank you.
16:28 msheiny joined #salt
16:28 TheoSLC joined #salt
16:29 aphorise joined #salt
16:32 otter768 joined #salt
16:37 viq joined #salt
16:37 viq joined #salt
16:37 StDiluted joined #salt
16:38 Auroch joined #salt
16:41 shorty_mu left #salt
16:44 ekristen joined #salt
16:47 schlueter joined #salt
16:48 tligda joined #salt
17:04 jdowning joined #salt
17:04 favadi left #salt
17:05 nitti_ joined #salt
17:08 BigBear joined #salt
17:10 spielberg joined #salt
17:11 mike25de joined #salt
17:12 spookah joined #salt
17:14 jerematic joined #salt
17:16 jerematic joined #salt
17:20 Mso150 joined #salt
17:21 TheThing|24-7 joined #salt
17:21 TheThing|24-7 getting weird error here:
17:21 TheThing|24-7 State 'pkg.group_install' found in SLS 'nodejs' is unavailable
17:22 murrdoc might be unavailable for your package manager ?
17:22 TheThing|24-7 should be available in yumpkg
17:23 KyleG joined #salt
17:23 KyleG joined #salt
17:24 TheThing|24-7 doing it directly in command line gives different error
17:24 TheThing|24-7 salt api1 pkg.group_install 'Development Tools'
17:25 iggy sometimes extra functionality requires extra tools
17:25 TheThing|24-7 correction: doing it command line works
17:25 TheThing|24-7 but not in state
17:25 MatthewsFace joined #salt
17:25 murrdoc it might not have a state function for it
17:25 murrdoc try pkgyum.group_install ?
17:26 murrdoc in the state
17:26 yomilk joined #salt
17:26 davet joined #salt
17:26 iggy there isn't a state function fo rit
17:27 TheThing|24-7 ahh
17:27 TheThing|24-7 oh well
17:27 rahul joined #salt
17:27 iggy module.run yumpkg.group_install
17:28 murrdoc yeah make the state like that
17:29 TheThing|24-7 okay
17:29 TheThing|24-7 thanks iggy
17:29 iggy http://docs.saltstack.com/en/latest/ref/states/all/salt.states.module.html#module-salt.states.module
17:29 iggy has better examples than I can explain in single lines of irc speak ;)
17:30 ajw0100 joined #salt
17:30 TheThing|24-7 :D
17:30 TheThing|24-7 just pointing in the right direction is enough :)
17:32 evle1 joined #salt
17:37 TheThing|24-7 welp, getting build errors
17:37 TheThing|24-7 time to join next channel :<
17:38 TheThing|24-7 wait what?
17:40 TheThing|24-7 so I ran a state that runs "cwd.run" with bunch of commands to wget, make and install a specific package and it failed on me with weird error (rm cannot remove blabla)
17:40 TheThing|24-7 so I decided to google it
17:40 TheThing|24-7 and now suddenly a couple of minutes later, I can see in the log huge lines
17:40 TheThing|24-7 and it passed
17:40 grrrrr &W 26
17:40 grrrrr vou
17:41 TheThing|24-7 I'll try to replicate the problem and if there's an issue, I'll file a bug. Anyways, thanks for help earlier iggy \o/
17:41 TheThing|24-7 left #salt
17:43 aparsons joined #salt
17:43 mattbarto joined #salt
17:47 mattbarto joined #salt
17:49 bhosmer joined #salt
17:53 ksalman1 is it not possible to install a package alongside an existing one? i am trying to install a specific kernel/kernel-devel and salt tries to downgrade it https://gist.github.com/ksalman/96cfa8bf985ea7de7ca2
17:53 ksalman1 Executing command 'yum -y     downgrade "kernel-devel-2.6.32-279.11.1.el6"'
17:54 ksalman1 how can i get it to do this 'yum install kernel-devel-2.6.32-279.11.1.el6'
17:56 mattbarto joined #salt
17:59 evle joined #salt
18:02 spielberg joined #salt
18:02 nitti joined #salt
18:02 basepi murrdoc: The 2014.7.2 release notes are not comprehensive. If there's a specific bugfix you're wondering about, I can track down whether it's in that release.
18:03 basepi But I think it's a great release, I highly recommend it. =)
18:03 nitti joined #salt
18:03 j4son joined #salt
18:03 SheetiS ksalman1: looking at the yumpkg module, I don't know that your specific need is met by it.  It looks like it just compares versions and then either picks the 'targets' path (install) or the 'downgrade' path.
18:04 SheetiS https://github.com/saltstack/salt/blob/develop/salt/modules/yumpkg.py is what i was looking at for reference.
18:04 ksalman1 =(
18:04 ksalman1 okay thanks
18:05 numkem joined #salt
18:06 SheetiS I imagine you could request the feature, but in meantime your state might have to handle it via a cmd.run :(
18:06 ksalman1 yea, i guess i'll just do that then
18:07 mike25de hi all,   i have 2 salt master into 2 totally separated environemnts.   Is it possible to have the same salt keys in both environments... in case one minion moves from env1 to env 2 ... i don't have to accept the keys again ..  thanks
18:09 chiui joined #salt
18:09 jacksontj mike25de, yes-- thats how most do multi-master
18:09 mike25de jacksontj: so i just need to copy the /etc/salt/ keys from one server to the other?
18:09 JDiPierro joined #salt
18:10 jacksontj well, there are 2 things you have to take care of
18:10 jacksontj 1: the master key
18:10 jacksontj you have to make sure that the masters in both envs have the same keypair (so the minion is happy with the master change)
18:10 mike25de yeah ,, the master key i already have
18:10 jacksontj 2: the minion keys
18:10 mike25de ah minion keys as well
18:10 jacksontj there are many solutions to that
18:11 jacksontj either shared storage
18:11 mike25de i will be using rsync
18:11 jacksontj or some reactor which verifies keys externally somehow
18:11 jacksontj yup, then that'll do it :)
18:11 mike25de jacksontj: thanks mate !
18:11 jacksontj np, any time :)
18:11 mike25de have a nice weekend!
18:12 sijis whiteinge: do you know if you can pass the -b (batch) functionality via the salt-api?
18:13 I3olle joined #salt
18:14 whiteinge sijis: yeah, you can use the local_batch client for that: http://docs.saltstack.com/en/latest/topics/netapi/index.html#salt.netapi.NetapiClient.local_batch
18:14 meylor joined #salt
18:16 _2_chana87 joined #salt
18:16 _2_chana87 hello
18:16 steveoliver left #salt
18:18 TaiSHi murrdoc, yay!
18:19 forrest joined #salt
18:20 murrdoc TaiSHi:  yay yay
18:20 murrdoc fridyay! ?
18:21 TaiSHi No, plane tickets!
18:22 seblu joined #salt
18:25 felskrone joined #salt
18:26 ajw0100 joined #salt
18:27 pviktori joined #salt
18:30 EvaSDK joined #salt
18:32 schlueter joined #salt
18:32 jalaziz joined #salt
18:32 Matthews_ joined #salt
18:33 otter768 joined #salt
18:35 Matthews_ joined #salt
18:36 cpowell joined #salt
18:38 rogst joined #salt
18:41 shoma joined #salt
18:44 schlueter1 joined #salt
18:45 aparsons joined #salt
18:47 iwishiwerearobot joined #salt
18:50 ajw0100 joined #salt
18:50 cwyse joined #salt
18:53 BigBear joined #salt
18:56 malinoff joined #salt
18:56 avaia joined #salt
18:58 hasues joined #salt
18:58 hasues left #salt
18:58 sparks_ joined #salt
18:59 ksalman1 in my state how do I reference a pillar that is a dictionary like this https://gist.github.com/ksalman/091b5aaa549c26ed2045? Can I do something like {% if exists pillar['foo']['bar'] %} ?
19:01 iggy {{ salt['pillar.get']('foo:bar') }}
19:01 iggy depends what you are trying to do with it
19:02 ksalman1 iggy: trying to get a boolean result so i can do things if a dict value exists
19:03 iggy {% if salt['pillar.get']('foo:bar', False) %} ?
19:03 TTimo joined #salt
19:04 hal58th {% if salt['pillar.get']('foo:bar', []) %}
19:04 hal58th both work
19:04 iggy I don't normally work like that... I'd rather things just fail if my pillars are jacked up
19:04 ksalman1 thanks guys
19:04 hal58th welcome
19:04 iggy at least then I know something isn't right rather than silently falling through
19:05 mikaelhm joined #salt
19:05 ksalman1 I need to add a user to a specific list of machines only, so this looks like the way to do it
19:06 drawsmcgraw left #salt
19:06 spookah joined #salt
19:06 ckao joined #salt
19:09 TTimo joined #salt
19:11 felskrone joined #salt
19:11 Edgan ksalman1: The yumpkg module needs a serious rewrite
19:12 ksalman1 ah
19:12 ksalman1 okay
19:12 Edgan ksalman1: It uses repoquery for everything, and that is super slow.
19:13 ksalman1 i opened a bug for feature request https://github.com/saltstack/salt/issues/20690
19:14 ksalman1 if it gets rewritten then hopefully this will be possible
19:14 ksalman1 i am just doing a cmd.run to do this
19:16 Edgan ksalman1: I am not saying it will. I am saying it should be. I may do it. I have looked into how to replace repoquery with rpm and yumdb. The code is obtuse though.
19:16 JDiPierro joined #salt
19:17 ksalman1 i didn't reqlize repoquery is slow
19:17 desposo joined #salt
19:18 Edgan ksalman1: When I manually compared repoquery to rpm/yumdb, it was milliseconds compared to 1+ seconds per package
19:18 ksalman1 ouch
19:20 Edgan ksalman1: Maybe repoquery could be made faster. It may just not be doing enough caching.
19:23 murrdoc ksalman1:  there is yumpkg.group_install to use for installing groups
19:23 murrdoc and u can call it using module.run in a state
19:24 murrdoc assuming u asked about that yesterday
19:24 ksalman1 i did,thanks :)
19:24 murrdoc thank iggy
19:24 murrdoc he pointed it out to someone else
19:24 ksalman1 thanks iggy!
19:25 druonysuse joined #salt
19:26 FRANK_T I guys I am trying to salt salt, I am trying to install salt-minion with salt-ssh I do not understand the roster documentation, I created the folder /srv/salt/roster
19:26 FRANK_T do I have to create a file with a specific name inside the roster folder?
19:26 jdowning joined #salt
19:27 FRANK_T or roster is the name of the file inside /srv/salt?
19:27 hal58th let me find out FRANK_T
19:28 murrdoc i thought u /srv/salt/roster ist he file
19:28 murrdoc u need the roster if you are doing more than ssh with root uer
19:28 murrdoc user*
19:28 hal58th it's /etc/salt/roster as a file
19:29 FRANK_T murrdoc i want to install salt-minion to 400 nodes
19:29 hal58th murrdoc I am not sure what you are trying to say.
19:29 murrdoc grab some popcorn
19:29 murrdoc :D
19:29 murrdoc the roster file is only needed if you are planning to log on to destination servers with a user that isnt root
19:29 murrdoc or a specific key
19:29 murrdoc or other configs
19:30 hal58th wrong
19:30 murrdoc word ?
19:30 hal58th you can group minions in a roster file and then target that group
19:30 murrdoc i mean yeah
19:30 hal58th it has nothing to do with the user
19:30 murrdoc http://docs.saltstack.com/en/latest/topics/ssh/roster.html
19:31 murrdoc user:     # The user to log in as
19:31 murrdoc thin_dir
19:31 murrdoc sudo or not
19:31 murrdoc there is alot you can configure
19:31 murrdoc but only if you need to
19:31 murrdoc if the user on your salt master can ssh as root to the minion
19:31 chitown is there an easy way to only run a state if a file exits?
19:31 murrdoc i dont think u need a roster file
19:32 murrdoc dude no chitown
19:32 chitown in 2017.1 (i.e. no unless)
19:32 murrdoc that would be so nice
19:32 chitown shit.. nice typo
19:32 chitown 2014.1
19:32 hal58th there is a way. the "only_if" requisite works
19:32 Dude101 joined #salt
19:32 hal58th ah, then maybe not
19:32 chitown right :(
19:32 chitown so, i am using jinja, which "works"
19:33 chitown but, the file i need comes from git
19:33 chitown which is updated in another state
19:33 chitown so, when the state is compiled, the file doesnt exist
19:33 chitown but, when it is *RUN* (post the git update), it does exist
19:33 toofer joined #salt
19:33 chitown pita :(
19:34 hal58th order: last ?
19:34 FRANK_T Let my try
19:34 chitown no, it's in the middle of a bunch more stuff
19:34 chitown and it still doesnt matter... the jinja is evaluated at compile time not run time
19:35 chitown i need to just bite the bullet and upgrade! :)
19:35 jalaziz joined #salt
19:35 john__ joined #salt
19:36 john__ good afternoon / morning, anyone around?
19:36 iggy reload_modules: True in the other state?
19:36 iggy I don't know if that will cause a recompile though
19:36 FRANK_T hal58th I tried both ways, I was able to do it with the roster
19:37 hal58th sorry murrdoc i most apologize, you are technically correct, the best kind of correct.
19:37 murrdoc THE ONLY KIND
19:37 * murrdoc will be in his bunk
19:37 johnwy I was wondering if anyone might be able to help me troubleshoot the infamous "No Top file or external nodes data matches found" error
19:38 hal58th but grouping your targeted hosts must not be overlooked as a bad ass future. That's not in the salt documentation for salt-roster. Just in salt-ssh. Let me write up an issue
19:38 FRANK_T johnwy copy your state
19:38 murrdoc hal58th:  :)
19:38 FRANK_T I like the roster because I will use salt-ssh just 1 time to kickstart my node
19:38 johnwy frank_t: not sure what you mean there
19:39 Godfath3r joined #salt
19:39 FRANK_T johnwy show the error
19:39 hal58th johnwy we need to know what you are trying to do and how you are getting that error. Copy it to pastebin or something
19:40 johnwy when issuing "salt 'usvt-v8demo' state.highstate" on the master to the usvt-v8demo, I get that error
19:41 johnwy it's been maybe a decade since i've been on irc. what's pastebin dare I ask? :)
19:41 iggy it's a site you don't really want to use... refheap.com or gist.github.com
19:41 murrdoc gist!
19:42 iggy gist is nice because it can do multiple files in one paste
19:42 sijis whiteinge: sorry to  come back to this a bit later.. but NetapiClient isn't using in pepper, correct?
19:42 murrdoc and you can update them
19:42 murrdoc contextuall
19:42 johnwy gotcha
19:43 FRANK_T jhonwy copy your top file here
19:43 FRANK_T ww.refheap.com
19:43 FRANK_T www.refheap.com
19:43 johnwy https://gist.github.com/anonymous/73dfd57c43ad80d4865a
19:44 FRANK_T johnwy Do you have a top file?
19:44 johnwy yup, gist is kinda lame, i'll try refheap, hang on..
19:45 johnwy https://www.refheap.com/97200
19:45 sijis whiteinge: if i understand the local_batch you sent would be if i had the salt library installed. i was thinking in terms of if i was using the pepper client or libppeper library to do that batching
19:45 rap424 joined #salt
19:46 iggy johnwy: salt '*' test.ping and the node name returned is exactly usvt-v8demo? (i.e. not a fqdn)
19:46 johnwy https://www.refheap.com/97201
19:46 johnwy Correct, not using FQDNs here. test.ping work on all three minions I have set up so far
19:47 iggy neither of those are correct state files
19:47 breakingmatter whiteinge: You around?
19:47 FRANK_T salt/users/init.sls
19:47 FRANK_T on the top should be
19:47 FRANK_T - users.ini
19:47 FRANK_T - users.init
19:47 iggy init is implied
19:48 johnwy iggy - does that mean the top.sls is correct?
19:49 iggy looks okay to me
19:49 johnwy okay. fyi I'm using the defaults in /etc/salt/master (I haven't changed anything)
19:49 FRANK_T https://www.refheap.com/d05b6a8ae9b6fd880424eb5f4
19:49 johnwy I'm also a little confused between /srv/salt and /srv/pillar
19:50 FRANK_T So iggy if I have a folder inside /srv/salt/test/init.sls
19:51 johnwy That would be "- test.init" in top.sls?
19:51 FRANK_T on the top file it is not necessary to say    - test.init
19:51 iggy if you have a folder inside an sls file?
19:51 FRANK_T no a folder inside /srv/salt
19:52 iggy test/init.sls is the same thing as test.sls
19:52 FRANK_T o
19:52 FRANK_T no
19:52 murrdoc yup it is
19:52 FRANK_T In my case I have all my sls in different folders inside /srv/salt
19:52 FRANK_T like this for example /srv/salt/link_home
19:52 iggy johnwy: /srv/salt is for states /srv/pillar is for pillars (generally smaller bits of "private" data)
19:52 murrdoc its a python thing
19:53 toofer Anyone pretty good at using the git state? I think my question is probably pretty quick unless I'm doign this totally wrong.
19:53 FRANK_T inside that folder I have link_home.sls
19:53 iggy then it would be link_home.link_home
19:53 iggy but that's not what was originally stated
19:53 FRANK_T and this is my top file https://www.refheap.com/a4e0a5b5e657e4ee6f86c9ffe
19:54 johnwy iggy: gotcha. okay so I have the states in the correct place.  I have the minion on usvt-v8demo in the foreground running as "salt-minion -l debug" and I'm not seeing anything helpful in the debug mode when I run highstate
19:54 FRANK_T yes so in his case he has root@usvt-devops02:/srv# cat salt/users/init.sls
19:54 FRANK_T a folder called users inside /srv/salt
19:54 timoguin joined #salt
19:55 FRANK_T sorry I folder called users inside /srv/salt
19:55 mohae FRANT_T: if users is a directory, users/init.sls = users.sls
19:55 iggy I don't know how many different ways I can say users/init.sls is the same as users.sls (which equates to users in the top file)
19:55 FRANK_T oo.
19:55 iggy do you know German? or pig latin?
19:56 iggy I might be able to do some morse code
19:56 mohae init.sls is used in directories and is the directories equivelant of the state file if it wasn't in a directory, so users/init.sls == users.sls
19:56 FRANK_T mohae got it...
19:56 FRANK_T thanks
19:56 jdowning joined #salt
19:57 johnwy I've tried referencing it with both methods, still getting a "no top file" error when I run "salt 'usvt-v8demo' state.highstate"
19:57 mohae s/directories/directory's
19:57 Dude101 dot dash dash dash bot
19:57 mohae johnwy: where is your top file?
19:57 johnwy given the two state files I have, that should have added a user "lsadmin" of id 1050, yes?
19:57 iggy no
19:57 FRANK_T jognwy show me your configuration file /etc/salt/minion
19:58 iggy 14:47 < iggy> neither of those are correct state files
19:58 gerl1ng hi all, I have a Problem running salt on an ubuntu server. Getting errormessage '[ERROR   ] An un-handled exception was caught by salt's global exception handler:' all the time. Info @ http://pastebin.com/t8AV2n03
19:58 johnwy mohae: https://www.refheap.com/97200
19:59 johnwy The /etc/salt/minion file is entirely commented out (using default values)
19:59 FRANK_T johnwy show me
20:00 johnwy frank_t: the /etc/salt/minion file is entirely commented out
20:00 johnwy it's effectively blank
20:00 FRANK_T sorry
20:00 FRANK_T Show me the /etc/salt/master
20:01 johnwy frank_t: same for the master config file - all blank, using defaults
20:02 FRANK_T you should have your master ip address on /etc/salt/minion
20:02 johnwy FYI I'm also using the latest binaries from deb http://ppa.launchpad.net/saltstack/salt/ubuntu precise main
20:02 johnwy nope - it defaults to "salt" which I've set up on our local DNS. the master can definitely talk to the minions (i've tested via test.ping and other methods)
20:03 FRANK_T johnwy https://www.refheap.com/35433e020a51dd562f31c3dc3
20:03 FRANK_T check this line on you /etc/salt/master
20:04 FRANK_T check your minion conf file /etc/salt/minion you should have this https://www.refheap.com/b9e7df8861bd312695affc882
20:05 johnwy frank_t: i don't need to edit that - I'm using the default value of "salt" for the master hostname and it's working
20:05 hal58th1 joined #salt
20:05 iggy your problem is that your states aren't valid
20:05 johnwy my problem is that the minion isn't loading the top.sls file from the master
20:06 johnwy iggy: what is wrong with the states? I saw your comment before but there was some back and forth - i thought it was correct. what's wrong with it?
20:06 FRANK_T johnwy I am just making sure ;)
20:06 johnwy thanks frank_t :)
20:07 hybridpollo joined #salt
20:08 iggy gerl1ng: you should really use gist... it's very hard to tell where one thing ends and another begins with all that you pasted... but at the very least, I don't see what you are trying to extend anywhere
20:09 gerl1ng iggy: ok, I'm getting the information to gist
20:09 iggy johnwy: to add a user, "users:\n  lsadmin: 1050" isn't a valid state
20:10 johnwy ahh okay. i was going from the tutorials documentation on the saltstack site. how should the syntax go?
20:10 iggy it would be more like "lsadmin:\n  user.present:\n    - uid: 1050"
20:10 iggy you didn't copy that from the salt docs
20:11 iggy if you did, you need to tell us where so we can beat a developer
20:11 johnwy iggy: thanks, this looks like a better resource for me to follow - http://docs.saltstack.com/en/latest/ref/states/all/salt.states.user.html
20:12 johnwy let me see if I can dig up where I found the recipe i was using...
20:13 johnwy iggy: i was off. i was confusing state with pillar, sorry about that.  i was looking at this - http://docs.saltstack.com/en/latest/topics/tutorials/pillar.html
20:13 wedgie_ joined #salt
20:14 iggy ahh, yeah, as I said pillar is generally smaller/"private" bits of data
20:14 hal58th1 johnwy why don't you give this a read. I found it helpful for complete salt newbies. https://blog.talpor.com/2014/07/saltstack-beginners-tutorial/
20:15 iggy it doesn't necessarily have to be private
20:16 johnwy hal: thanks for looking out, i'll give it a read
20:16 hal58th1 you are welcome
20:16 gerl1ng here is the information @ gist https://gist.github.com/gerl1ng/a6e1eee9a35669572272
20:17 iggy you have 2 extends of mariadb-server
20:18 johnwy alrighty I've updated the syntax but I'm still getting the same error.  any ideas?  https://www.refheap.com/97207
20:18 gerl1ng is this not possible?
20:18 iggy I doubt it
20:18 diegows joined #salt
20:19 jdowning joined #salt
20:19 iggy extend isn't really all that commonly used... I've certainly never seen anybody use it twice in a single set of states
20:19 ajw0100 joined #salt
20:19 toanju joined #salt
20:20 sastorsl joined #salt
20:20 iggy I think you see it used more with formulas... if you are writing all your own states, you don't really need to extend
20:20 sastorsl hi. Is it possible to break a salt state run if a pillar is missing?
20:20 gerl1ng iggy: I will rearange it and give it a try with one extend. Thanks
20:20 mohae gerl1ng: why don't you just add that require in the first extend to your mariadb-server?
20:21 mohae s/that/that first
20:21 iggy sastorsl: failhard and the test module?
20:21 gerl1ng mohae: I tried to arrange the states like packages, etc and do sth. like inheritance
20:22 gerl1ng mohae: so one folder for the packeges, one for the services and then the "application_servers" can just include them and extend them by their needs
20:22 mohae gerl1ng: seems like unnecessary abstraction, since mariadb-server requires that file why not make that requirement local to its id?
20:22 hal58th1 Huh, I thought failhard was global only. Thats a good thing to know.
20:22 iggy gerl1ng: as I said, I've never seen anybody use extend that way (or that often)... might rethink it
20:23 teebes joined #salt
20:23 murrdoc failhard is like names
20:23 murrdoc everywhere
20:24 mohae gerl1ng: well that's not the way I would organize it since I wouldn't install packages like mariadb-server that aren't going to be run as a service. Seems better to keep that stuff local to the package rather than spreading it out all over the place. Now you have more things to update on a change. But that's just me.
20:24 iggy or reload_modules or require or...
20:24 johnwy iggy: could you please take another look at https://www.refheap.com/97207 ?
20:25 hal58th1 With rule 2 here, I think that may be your problem mohae http://docs.saltstack.com/en/latest/ref/states/extend.html#rules-to-extend-by
20:25 mohae gerl1ng: For percona, I did separate out the repo, server and client into separate states within the same directory so I'm not saying don't separate things.
20:26 gerl1ng ok, thank you mohae and iggy. I will rearrange everything. Just getting in touch with salt and so far everything is fine.
20:26 mohae hal58th1: good point, but then rule 2 doesn't make extend seem like an extend in most cases...
20:26 iggy johnwy: make sure your characters are all ascii? I don't know... looks okay
20:26 hal58th1 Yeap, not the greatest function.
20:26 johnwy yup, def all ascii. i edited all that from scratch in vi
20:26 aron_kexp joined #salt
20:26 mohae I'd think only extend when necessary, instead of as a common practice would be a good way to go
20:27 iggy ^
20:27 cheus joined #salt
20:27 sastorsl iggy, i'm looking at failhard. What I would like was an {% if } which could conclude with a break or exit.
20:28 hal58th1 johnwy can you do a "salt-call pillar.items" and see if it returns data. Also do a "salt-call state.highstate -l debug"
20:28 johnwy hal: do that on the minion?
20:28 iggy sastorsl: nope
20:28 hal58th1 yes minion
20:29 johnwy hal: I've tried that already for debugging. just did it again - https://www.refheap.com/97208
20:29 iggy sastorsl: if you just do a dict lookup ( {{ pillar.key }} pillar['key'] etc ) it'll fail out if it's not defined, but it won't stop the run
20:31 hal58th1 oooo, i got a good idea for that. let me test it
20:31 gnord joined #salt
20:32 cheus Is pillar data compiled to a dict or an odict?
20:33 iggy I think all yaml imported ends up as an odict, but I won't swear to it
20:33 lnxnut joined #salt
20:34 cheus iggy, Yeah, I can't find a happy isolated test. salt-call pillar.item --out raw clearly outputs a dict
20:34 johnwy hal: any ideas? fyi, i don't have anything in /srv/pillar but i don't think i need to for this simple state test
20:34 otter768 joined #salt
20:34 gladiatr joined #salt
20:34 gladiatr joined #salt
20:34 ajw0100 joined #salt
20:35 sastorsl iggy: I'm trying to think of a smaller state / module I could run which would fail if the pillar was not set. The pillar is not a file or anything, so a simple ls would not do
20:36 iggy cheus: the source!
20:36 iwishiwerearobot joined #salt
20:37 cheus iggy, Aye... ugh... that part of it always gets twisty
20:37 forrest joined #salt
20:38 iggy sastorsl: {% if not salt['pillar.get']('foo:bar', False) %}\nfail-unset-pillar:\n  test.fail_without_changes:\n    - failhard: True\n{% endif %}
20:39 iggy or something
20:41 giantlock joined #salt
20:41 johnwy mohae: do you have any ideas on this? https://www.refheap.com/97208
20:41 lnxnut joined #salt
20:41 gladiatr joined #salt
20:42 johnwy mohae: sorry, this one - https://www.refheap.com/97207
20:42 gnord joined #salt
20:43 iggy salt-call cp.list_master
20:43 lnxnut_ joined #salt
20:44 hal58th1 johnwy is there a reason it's trying to use make on like 12?
20:44 hal58th1 *mako
20:45 johnwy hal: not sure. i haven't tweaked the defaults. is mako a problem here?
20:46 johnwy is it possible i'm missing some software packages?  i can execute commands on minions from the master - i know the servers are talking together. just not sure why it's not pulling top.sls
20:46 hal58th1 Just odd. I don't see that in my debug output.
20:46 gnord joined #salt
20:48 johnwy yea. i'm super stumped
20:49 iggy johnwy: salt-call cp.list_master
20:50 hal58th1 johnwy run iggys command. Also is you salt master and minion the same box?
20:50 johnwy sorry iggy, didn't realize that was for me
20:50 johnwy nope, i have one master and 3 minions
20:51 johnwy on the minion that returns one line:
20:51 johnwy local:
20:51 johnwy it doesn't say "salt" or "usvt-devops02" - the hostname of the master
20:52 hal58th1 list_master apparently lists all the files
20:52 mohae johnwy: what is the hostname?
20:52 hal58th1 is it only one minion of the three that is not working?
20:53 johnwy hal: all three minions are not working (same errors)
20:54 mohae johnwy: I feel like you sharing your master and minion files would be helpful, even though you refuse to
20:55 johnwy sure thing. i'll share them. like i said before - they're effectively blank because they're all commented out
20:55 johnwy one sec..
20:57 sastorsl iggy: that worked like a charm. Exactly what I needed. I had several smaller states nested in one sls, so I needed to make sure the pillar was in place since I'm looping over several. Thank you very much.
20:58 johnwy master - https://www.refheap.com/97211
20:58 johnwy minion - https://www.refheap.com/97212
20:59 iggy johnwy: that means your master doesn't know where your files are apparently
21:00 johnwy iggy: i've uncommented the default values for file_root and i get the same errors. i'll try again now and show you the updated /etc/salt/master file
21:00 FRANK_T thats what i said 30 minutes ago ;)
21:00 iggy I'm not sure if file_roots and fileserver_backend have default values (i.e. you need to uncomment them)
21:00 hal58th1 you don't need to uncomment them. just checked mine
21:01 FRANK_T johnwy type this salt-key -
21:01 FRANK_T salt-key -L
21:01 iggy it's not a salt-key problem
21:01 FRANK_T give me the output
21:01 iggy they said they could run command remotely (and test.ping works)
21:02 FRANK_T jhonwy give me the output if you can
21:02 FRANK_T just want to see something iggy
21:02 murrdoc give it to him jhonwy
21:02 * iggy runs away screaming
21:02 murrdoc WHATS IN THE BOX
21:03 iggy lol
21:03 iggy I can't wait to get a beer with murrdoc
21:03 johnwy newly updated /etc/salt/master - https://www.refheap.com/97213
21:03 chris-M joined #salt
21:03 johnwy output after restarting master daemon - https://www.refheap.com/97214
21:03 murrdoc iggy:  you know this
21:03 chris-M happy friday all!
21:03 druonysuse joined #salt
21:03 druonysuse joined #salt
21:03 murrdoc i land late on tuesday but wednesday
21:03 hal58th1 Oh I am totally joining in on that beer. I fly in Monday
21:03 aparsons joined #salt
21:04 iggy I'm in on Saturday ;)
21:04 hal58th1 ooo nice
21:04 chris-M does anyone know if you can use the known_hosts file a replacement for dns?   or is just for use with ssh implementation?
21:04 johnwy ugh, and "salt-call cp.list_master" still reports nothing
21:04 chris-M sorry iggy, well, hope you had a great friday :)
21:04 iggy it was cheaper to fly in Sat and pay the extra couple days hotel than to fly in Monday
21:05 hal58th1 johnwy can you do  "ps xa | grep salt" on master. Also do that one minion.
21:05 murrdoc also install collectd and graphite
21:05 hal58th1 Wow, I know some hotels are cheap but I can't believe that cheap
21:05 murrdoc so you dont have to do that on servers all the time
21:05 iggy I'm sure I'll blow all that savings having crazy SLC adventures those days
21:05 murrdoc ssh is so 1999
21:05 johnwy hal - the minion has 1 ps - "/usr/bin/python /usr/bin/salt-minion"
21:05 hal58th1 ok
21:06 hal58th1 how about master
21:06 iggy the plane tickets were double flying in on Monday
21:06 iggy but I'm a snobby little bitch that has to have first class, so...
21:06 hal58th1 Ah. that would explain a lot. I'm coming from san diego. Just a couple hour direct flight
21:06 johnwy the master has 9 instances of "/usr/bin/python /usr/bin/salt-master"
21:07 aparsons joined #salt
21:07 murrdoc iostat -xm
21:07 murrdoc uh 3
21:07 murrdoc or 5
21:07 hal58th1 johnwy just want to confirm that no salt-master has "-d" on the end?
21:07 johnwy correct - i'm running it in the background
21:07 iggy reboot the master
21:08 hal58th1 wait
21:08 hal58th1 before you do that, shutdown master and tell me if there are still any processes running
21:08 iggy that's where I was headed
21:08 hal58th1 salt-master processes
21:08 iggy figured I'd take the shortcut
21:08 hal58th1 ha ok.
21:08 johnwy hal - i tried that. nope, i don't have any other processes running when i gracefully shut it down
21:09 hal58th1 something funky is going on. because when you tried to restart salt-master, it said unknown instance. if you restart it again, it should say
21:09 hal58th1 service salt-master restart
21:09 hal58th1 salt-master stop/waiting
21:09 hal58th1 salt-master start/running, process 25762
21:10 johnwy ahh yes - i did have another instance running in another screen window (in the forground for debugging). i had caught that and make sure there weren't any extra processes
21:10 johnwy after that clean restart - still having the same issues
21:11 hal58th1 hmmmmm im stumped.
21:11 hal58th1 do what I did. run a vagrant box and install salt master and salt minion on there. All very clean and easy to use.
21:12 johnwy yea i'm wicked stumped. i may try a fresh install on a new image. never had this much trouble getting something up
21:12 johnwy i'll try it from scratch
21:12 murrdoc phrasing ?
21:13 murrdoc no ?
21:13 murrdoc ok
21:13 gnord joined #salt
21:13 murrdoc also the guy who did sensu-salt actually has a good example of how to use multiple vagrants and salt
21:13 murrdoc we should distill the states in it
21:13 murrdoc and make it the salt starter setu
21:13 iggy said Ripley to the android Bishop
21:14 murrdoc not today
21:14 murrdoc its 3 pm on a friday
21:14 murrdoc ./me is toast
21:14 johnwy iggy, hal,  frank, everyone, thank you for all your help
21:14 * johnwy is going for friday beers!
21:14 hal58th1 one more suggestiong
21:14 hal58th1 before you go
21:14 johnwy yea hal
21:15 hal58th1 can you run "salt-call pillar.items" on your master and give me the output. feel free to direct message me the info or remove sensitive info
21:16 johnwy hal: i don't have anything in /srv/pillar - the minion reports no files "local:\n\t----------"
21:17 hal58th1 i need it run on master, not minion
21:17 hal58th1 there should be the masters config data in there
21:17 johnwy oh sorry, just read that
21:18 johnwy hmmm maybe something here - "[ERROR   ] The Salt Master has cached the public key for this node, this salt minion will wait for 10 seconds before attempting to re-authenticate Minion failed to authenticate with the master, has the minion key been accepted?"
21:18 murrdoc salt-key -A
21:19 hal58th1 you install a minion on your salt-master? If you have and haven't accepted this key, that would be a problem
21:19 johnwy nope, i haven't installed a minion on my master
21:19 FRANK_T I thought that was not the problem
21:20 johnwy dpkg -l|grep salt doesn't show salt-minion, yet there's an unaccepted key there
21:20 hal58th1 man something odd is going on. one sec
21:20 dthorman joined #salt
21:20 johnwy salt-call pillar.items now has a lot of output, even shows the users/init.sls info in it
21:21 hal58th1 how did you install salt in the first place?
21:21 johnwy from the ppa
21:21 hal58th1 and apt-get i am assuming.
21:22 johnwy correct
21:22 hal58th1 you have salt-master and salt-common installed and nothing else on master?
21:22 johnwy does anything *need* to be in /salt/pillar for my simple setup at this point?
21:22 murrdoc nope
21:22 johnwy correct - yet i see that key as if it were a minion
21:23 murrdoc salt-call config.get master
21:23 hal58th1 apparently salt-call still works even if you don't have a minion installed but will throw that error. That's extremely odd thing to do
21:23 hal58th1 I might write up that as a bug
21:24 johnwy salt-call config.get master outputs "local:\n\tsalt" on both master and minion
21:24 johnwy that's in my local dns
21:25 johnwy I'm just going to blow this away and install from scratch. there must be something funky going on somewhere
21:26 murrdoc salt '*' test.ping
21:26 murrdoc sorry in a meeting
21:26 murrdoc and yeah nuke your setup
21:26 johnwy murrdoc - that works fine
21:26 johnwy yeap
21:26 hal58th1 i wouldn't use local dns thingy. I would edit the minion config and put the salt master in there, then restart salt-minion
21:26 murrdoc what isnt working
21:26 hal58th1 when you burn it down that is
21:26 johnwy the master and minion are talking (i see it in netstat, the logs, etc). the problem is the minions can't pull top.sls
21:28 johnwy thanks again guys. enough out of me for today. i'll report back next week. maybe i'll have it working :)
21:28 hal58th1 thanks, let us know. use a vagrant box for test with local minion. much easier
21:31 whiteinge sijis: in pepper you'd just need to specify `client: local_batch` in the HTTP request, we'd have to make a quick addition to do that.
21:32 whiteinge sijis: salt-api uses NetapiClient() to put a validation layer in front of Salt's regular Python API classes, LocalClient, RunnerClient, WheelClient
21:32 cheus Does anyone have a sense of how to basically enforce an ordered dict from a pillar through the context of template in file.managed? Or, if not that, at least through to the state itself?
21:32 whiteinge breakingmatter: pong
21:32 breakingmatter whiteinge: Ahoy
21:32 hal58th1 cheus there is no way to order a dict except alphabetically
21:33 cheus hal58th1, Well, OrderedDict is sprinkled throughout the source but somewhere (and I can't tell where) it's getting treated like a normal dict
21:34 breakingmatter whiteinge: I actually figured out that the issue was related to some changes we made to pam.
21:34 breakingmatter whiteinge: Although, I'm having a new issue if you would like to help with that instead. ;-)
21:34 whiteinge cheus: the OrderedDict addition is pretty haphazard. i'm not a fan. i think you'd need a jinja filter or execution module to preserve it all the way through to a templated file.
21:34 hal58th1 cheus http://jinja.pocoo.org/docs/dev/templates/#for
21:35 whiteinge breakingmatter: so it works now? huzzah
21:35 whiteinge breakingmatter: yeah, shoot
21:36 breakingmatter whiteinge: Yeah, we use Duo security and LDAP integration in PAM, and I found out that's what was causing the issue. So, long story short, that part is working now.
21:36 breakingmatter whiteinge: Buut, I'm having some certificate issues with salt-api now.
21:37 breakingmatter I have the SSL .crt and .key defined in salt-api but I can only curl against the API if I disable certificate verification.
21:37 breakingmatter But, I know this cert works. I've used it with other services.
21:37 cheus whiteinge, Aye. I at least need it preserved as far as where I merge pillar data with the sane defaults. After that I guess I could add a jinja filter to recursively convert it back to lists of tuples or single-key dicts (blech).
21:38 whiteinge i'll second that blech.
21:38 whiteinge cheus: hey, you coming to SaltConf?  ^_^
21:38 whiteinge cheus: if not, you have to designate your SaltConf proxy so I can geek out over esoteric formula patterns with someone...
21:39 whiteinge breakingmatter: are you disabling cert verification in curl or in salt-api?
21:41 breakingmatter curl
21:41 breakingmatter curl -k
21:41 sijis whiteinge: ok. i expect a fix by EOD ;) j/k
21:41 whiteinge breakingmatter: and they're valid certs? (not self-signed?)
21:42 whiteinge sijis: not a problem. where do I mail this bill-of-work?  ^_^
21:42 sijis whiteinge: so, ppepper is essentially running/calling NetapiClient :)
21:42 whiteinge calling via HTTP, yes.
21:42 sijis whiteinge: an i-owe-you ?
21:44 whiteinge i do take i-owe-yous in the form of beer. delivery expected upon my visit to your current location
21:44 lnxnut joined #salt
21:44 sijis Chicago?
21:44 sijis i'm headed to pycon
21:44 sijis not usre if you'll be there this year
21:46 whiteinge Yeah. They're making me go whether I want to or not.  ;-)
21:46 sijis whiteinge: ohh. you sound sooo sad
21:46 whiteinge I'm past-due for a Chicago visit. I like it there.
21:47 breakingmatter whiteinge: Yeah, valid certs w/ a certificate chain
21:49 whiteinge hm. any chance curl on that box is working with an out-of-date CA? (old curl or old openssl install?)
21:50 iggy i.e. can you hit that cert running on other services (you said you used it before)
21:50 hal58th1 Can salt-api even use valid certs? I have only seen it with self-signed certs.
21:50 iggy (assuming it's a wildcard cert of some kind)
21:51 breakingmatter Hm.
21:51 breakingmatter Actually.
21:51 breakingmatter False alarm.
21:51 sijis whiteinge: been here my whole live. i like it here too
21:51 iggy I hope so... that is one of the (many) things on my todo list
21:51 breakingmatter I fixed it and I don't want to talk about it.
21:51 breakingmatter lol
21:51 whiteinge haha
21:51 * iggy backs away slowly
21:51 hal58th1 tell us! we want to learn
21:51 breakingmatter I was curl'ing the IP address, not the host name. So of course the SSL was "invalid"
21:51 breakingmatter It's been a long week, guys.
21:52 hal58th1 hmm makes sense. time for beer
21:52 * breakingmatter gets ready for a beer run.
21:53 breakingmatter Well, thanks for the help anyways, whiteinge. lol.
21:53 hal58th1 I hate ssl certs on principle. Always a pain in the ass for one reason or another.
21:53 breakingmatter Still appreciate the extra logging you added.
21:53 whiteinge np :)
21:54 breakingmatter Wouldn't have been able to figure it out if you didn't point that file out
21:54 whiteinge hal58th1: +1
21:54 breakingmatter hal58th1: agreed
21:54 whiteinge breakingmatter: i should send that change in as a pull req. anything else you think should be included there that you found in your travels?
21:54 ahammond is there a standard tool for managing regular / periodic state.highstate runs?
21:55 breakingmatter hmm
21:55 Brew joined #salt
21:55 breakingmatter whiteinge: Maybe if you added some logic for actually determining exactly what module the PAM request failed on.
21:55 whiteinge ahammond: http://docs.saltstack.com/en/latest/topics/jobs/index.html#scheduling-jobs
21:55 breakingmatter ex. "Auth failed on pam-unix"
21:55 breakingmatter "Auth failed on pam-sss"
21:55 breakingmatter I know sshd has that functionality
21:56 breakingmatter And I think PAM has some kind of return code
21:56 whiteinge that makes sense. i have no idea how to pull that info out of that C-lib, but that does make sense.
21:57 cheus whiteinge, Aye, I am!
21:57 whiteinge \o/
21:57 breakingmatter Anyways, that issue is fixed, so I'm heading home before I find something else that's borked.
21:57 ahammond whiteinge oooh, that's nice. Now how about analytics for the output? I've discovered --state-output=terse
21:57 breakingmatter Thanks again for your help!
21:57 ahammond which is the right direction, but I'd like to go further
21:57 breakingmatter I'll be around sometime between now and Monday, I suppose. This is a nice channel.
21:58 whiteinge :)
21:58 cheus whiteinge, I haven't been able to touch salt for about 6mo while I've been a full-time project manager but we're finally coming back round to it.
21:58 ahammond I'm really only interested in states that eitehr created a change or failed
21:58 breakingmatter You're all good people!
21:58 ahammond otherwise, I'm interested in a count of states that succeeded with no change.
21:58 ahammond and I'm particularly interested in aggregating by state rather than by host.
21:58 breakingmatter Enjoy your weekends guys. I'm out
21:59 whiteinge ahammond: in the current version of salt you can specify a returner in the schedule to write the results to. in 2015.2 (currently in RC) you can also add a flag to send the job results back up to the masters job cache
22:00 lnxnut joined #salt
22:01 whiteinge cheus: i feel you on that. i've been too busy to do much low-level playing.
22:01 jeddi joined #salt
22:02 ahammond hmm, I'll see if I can throw something together that consumes the yaml output and munges it into a report
22:02 ahammond also, recommended number of worker_threads for an enterprise salt master?
22:03 iggy if the default isn't enough... more
22:03 ahammond (we have a little over 500 servers that are salted)
22:03 druonysuse joined #salt
22:03 iggy how many cores does your master have?
22:03 druonysuse joined #salt
22:03 ahammond iggy 8
22:05 iggy I usually base it off that with a little wiggle room
22:06 iggy but for us, the master threads are usually pretty busy...
22:06 iggy so it's hard to say a hard rule
22:10 timoguin joined #salt
22:12 jalaziz joined #salt
22:12 ahammond hmm, we're already at 25 worker threads. That seems... a lot for an 8 core box. I'm going to bump it up to 35 and see if that helps.
22:13 Heartsbane robawt: ping
22:13 zirpu joined #salt
22:14 robawt Heartsbane: pong!
22:15 Heartsbane robawt: rememeber the last thing we talked about in here?
22:15 hal58th joined #salt
22:16 dooshtuRabbit joined #salt
22:17 robawt Heartsbane: i'm trying to
22:17 timoguin joined #salt
22:17 Heartsbane robawt: I will see you at SCaLE, I have accepted gainful employment elsewhere
22:18 robawt ooooooh shoot!
22:18 robawt congrats man!
22:18 Heartsbane that should jog your memory
22:19 Heartsbane Lets talk some Elkstack
22:20 Heartsbane and salt also the dev team is pretty annoyed since I showed them that the switch from ansible is relatively seemless
22:20 Heartsbane Hit me up later
22:21 * Heartsbane goes back to his terminal mumbling don't you tell what conferences I can go to.
22:25 bhosmer__ joined #salt
22:25 iwishiwerearobot joined #salt
22:30 lnxnut joined #salt
22:31 ajw0100 joined #salt
22:31 bash124512 joined #salt
22:33 nullptr joined #salt
22:35 otter768 joined #salt
22:43 bash124512 joined #salt
22:44 andrew_v joined #salt
22:45 jalaziz_ joined #salt
22:46 iggy a ton of formulas are going to need work for 2015.2
22:47 kermit joined #salt
22:53 whiteinge iggy: to update them to use 2015.2-isms? or why?
22:53 elfixit joined #salt
22:55 ajw0100 joined #salt
22:59 BigBear joined #salt
23:00 iggy one thing being 2015.2 doesn't just silently ignore invalid state options anymore
23:01 smcquay_ joined #salt
23:06 spookah joined #salt
23:08 iggy an interesting link someone in another channel posted: https://github.com/tgockel/json-voorhees
23:11 timoguin joined #salt
23:16 whiteinge iggy: holy cripes. i missed that one. got a pull req number handy?
23:16 iggy whiteinge: for what?
23:17 whiteinge not ignoring invalid state options.
23:17 iggy oh I don't know
23:17 iggy I want to say it started sometime in the last 2 weeks
23:23 whiteinge but you think it's intentional not some kind of regression?
23:24 iggy the error message seemed that way
23:25 iggy put uid in a cmd.run (instead of user) and try it
23:28 techdragon joined #salt
23:28 hal58th1 joined #salt
23:28 jdowning joined #salt
23:30 whiteinge hm. not seeing it. if **kwargs was removed from a state function or few that would cause it. the cmd.run state function still has that in the function sig though.
23:32 smcquay joined #salt
23:32 iggy user.present:
23:32 iggy -    - group: graphite
23:32 iggy +    - gid: graphite
23:32 iggy maybe I'm confusing some things
23:32 iggy it's been a rough week
23:32 iggy I know I've had to change a bunch of stuff

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary