Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2015-02-19

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:02 neogenix joined #salt
00:08 klaatu Yes, I was reading about it. I'd prefer to get it running on a mac :|
00:08 klaatu I see people have reported the traceback but I can't find a solution yet.
00:14 martineg_ joined #salt
00:16 hal58th1 joined #salt
00:27 klaatu Worked needed pycrypto on master! It's weird the error is not caught as module is missing.
00:29 aparsons joined #salt
00:31 iggy file a bug
00:40 MatthewsFace joined #salt
00:41 neogenix joined #salt
00:45 jtanner joined #salt
00:45 TTimo joined #salt
00:52 bradbeam joined #salt
00:53 bradbeam seeing weird issues with rendering a jinja template on windows on salt-2014.7.1.. complains filename variable is not set
00:55 neogenix joined #salt
00:56 bradbeam http://pastebin.com/WvR25eEU
00:57 otter768 joined #salt
00:57 murrdoc put an explicit name: in there there
00:57 murrdoc and use a state id thats like a-z0-0-_
00:57 bradbeam still results in the same error
00:57 murrdoc weird
00:58 bradbeam yeah : (
00:58 iggy instead of \ ?
00:58 iggy / instead of \ ?
00:58 bradbeam and if i set filename  to something,      Comment: Unable to manage file: Jinja variable 'dict object' has no attribute u'C:\\temp\\bob'
00:58 bradbeam i can try
00:59 bradbeam changing \ to / complains about filename missing
01:00 murrdoc what about 'c:/temp/bob'
01:00 bradbeam as the state id?
01:00 murrdoc no state id  i would make it file-bob
01:00 murrdoc then name: 'c:/temp/bob'
01:00 bradbeam no change with quotes
01:01 baweaver joined #salt
01:08 aquinas joined #salt
01:10 bhosmer joined #salt
01:12 aparsons joined #salt
01:13 cpowell joined #salt
01:13 aparsons joined #salt
01:13 mikaelhm joined #salt
01:31 scoates joined #salt
01:32 ryuhei what's the best way to sync minion keys in multimaster environment?... i often create/destroy minions
01:33 iggy reactor + rsync?
01:33 iggy I don't think there's a "best way"
01:34 scoates_ joined #salt
01:34 iggy as with most things salt... there are multiple ways, and the best one depends on what your requirements/abilities are
01:34 ryuhei ok..
01:35 ryuhei mountting /etc/salt/pki/master with nfs is not smart right?
01:35 murrdoc doubt it
01:36 scoates__ joined #salt
01:37 iggy it's a possible way (I think it's even mentioned in the docs on multi-master)
01:38 murrdoc ouch
01:38 iggy it's smartness is relative to a lot of things
01:39 iggy oh no, it actually says it's a bad idea
01:39 ryuhei lol
01:39 iggy but I still think that's relative to your setup
01:40 scoates joined #salt
01:40 iggy yeah, you don't want it on your common file server, but if you have strict control over your setup, it's probably as safe as any other options
01:40 theologian joined #salt
01:40 ryuhei say, what if I run nfs server on master1, and mount it on master2?
01:41 murrdoc why do u want to do that
01:41 ryuhei i use salt to create/destroy minions often .. and want to keep the minions key updated as need
01:42 ryuhei between 2 masters.. or.. is it necessary..
01:42 murrdoc if u feel like your network is secure enough
01:42 murrdoc just do allow all
01:42 murrdoc or use a reactor to allow everything
01:43 iggy incron + rsync (if you don't like my reactor + rsync idea)
01:44 ryuhei rsync is unidirectional right?
01:45 iggy well, you can do rsync on both masters to sync to the other one
01:45 ryuhei ok.. that's what i thought.
01:46 ramishra_ joined #salt
01:46 ryuhei ok i ll try that.. thanks!
01:46 SheetiS does a salt-key accept generate an event?
01:47 iggy yes
01:47 iggy that's why I said reactor + rsync
01:48 SheetiS I really like a reactor event the best then myself.
01:48 iggy event-driven architectures > *
01:49 SheetiS a shared filesystem for /etc/salt/pki also works, but re-introuduces a single point of failure and/or excessive complexity to make it not a single-failure point.
01:51 ryuhei hmhm.. ok
01:53 theologian joined #salt
01:56 douglassssssssss joined #salt
01:58 schristensen joined #salt
02:00 TTimo joined #salt
02:00 ghanima joined #salt
02:01 alanpearce joined #salt
02:02 markm joined #salt
02:03 chamunks can the saltstack bootstrap be passed two salt-master's
02:06 baweaver joined #salt
02:12 scoates_ joined #salt
02:16 jeffspeff joined #salt
02:19 dario` joined #salt
02:23 sjol_ joined #salt
02:24 jmuel joined #salt
02:29 joehh joined #salt
02:30 mohae joined #salt
02:35 mosen joined #salt
02:36 evle joined #salt
02:38 otter768 joined #salt
02:47 iggy chamunks: I think there's an issue open for that
02:48 ilbot3 joined #salt
02:48 Topic for #salt is now Welcome to #salt | SaltConf 2015 is Mar 3-5! http://saltconf.com | 2014.7.1 is the latest | Please be patient when asking questions as we are volunteers and may not have immediate answers | Channel logs are available at http://irclog.perlgeek.de/salt/
02:51 pdayton joined #salt
02:52 ashw7n joined #salt
02:55 forrest joined #salt
03:07 spidermo joined #salt
03:11 klaatu joined #salt
03:13 klaatu Hi, I'm running saltstack on a mac os x (yosemite) machine. I was able to get the master-minion communication going on before I could proceed with passing commands I noticed that I don't have the /srv/salt directory on my machine. What could be the reason? Can anyone help. Thanks!
03:14 klaatu Salt: 2014.7.2          Python: 2.7.6 (default, Sep  9 2014, 15:04:36)          Jinja2: 2.7.3        M2Crypto: 0.22  msgpack-python: 0.4.5    msgpack-pure: Not Installed        pycrypto: 2.6.1         libnacl: Not Installed          PyYAML: 3.11           ioflo: Not Installed           PyZMQ: 14.5.0            RAET: Not Installed             ZMQ: 4.0.5            Mako: Not Installed
03:16 spidermo Is it true that states will only have access to pillars in the same environment? I would like to specify some settings such as the username by environment while keeping the the templates under base, but it doesn't appear to be able to find pillar values outside of base.
03:18 favadi joined #salt
03:19 TTimo joined #salt
03:20 CheKoLyN joined #salt
03:20 spidermo @klaatu: /srv/salt is what you defined for file_roots.base?
03:21 mosen klaatu: /srv/salt isnt created by default if you go through homebrew
03:21 mosen oh yeah spidermo probably right, they might've changed it to /usr/local
03:21 spidermo I would check /usr/local/etc/salt/states
03:27 __number5__ there is a 2014.7.2 version?
03:31 spidermo Here is an example gist of what I would like to implement https://gist.github.com/anonymous/cbd126b3aab8e91df1ea
03:33 klaatu Yes, int the config file, file_roots is pointing /srv/salt but I don't see the directory
03:35 chamunks iggy I mean its not really the end of the world if it doesn't happen/isn't possible.  But still would be brilliant.
03:35 Furao joined #salt
03:36 MatthewsFace joined #salt
03:37 joehh joined #salt
03:38 scoates joined #salt
03:39 joehoyle joined #salt
03:39 iggy __number5__: tagged, but not released (that is super annoying)
03:39 iggy klaatu: you create that
03:40 iggy chamunks: best I can suggest is find the issue and follow it
03:40 chamunks iggy I'm not seeing any references to multiple salt masters.  Do you have a link?
03:40 mosen klaatu: ya im pretty sure brew doesnt make the directory for you.
03:41 mosen klaatu: also, the salt source tree has a launchdaemon if you want to start the master or minion on startup FYI
03:41 mosen you could slap a -c /path/to/config there
03:41 __number5__ iggy: not again...
03:42 spidermo wow, I apparently forgot to define pillar_roots.dev... Sorry for the mistake.
03:42 __number5__ spidermo: it's ok, that's what IRC for ;)
03:42 spiteball joined #salt
03:42 desposo joined #salt
03:44 ramishra_ joined #salt
03:44 iggy chamunks: guess not... make one
03:44 chamunks I've really not tried to see if it works.
03:45 chamunks I just was mostly wondering if its possible really.
03:45 chamunks Realistically I know how I could add a bunch of crap to a oneliner but just might be cool if I could just send that out.
03:45 chamunks Is there a module for adding a salt-master via salt?
03:45 chamunks well adding/subtracting
03:46 iggy there's the salt-formula
03:46 __number5__ chamunks: you looking for this http://docs.saltstack.com/en/latest/topics/tutorials/multimaster.html ?
03:46 spiteball left #salt
03:47 iggy that's where the issue was I was thinking of... https://github.com/saltstack-formulas/salt-formula/issues/39
03:47 iggy not in salt-bootstrap
03:47 iggy my b
03:48 tomspur joined #salt
03:48 tomspur joined #salt
03:49 chamunks Well I already have a pile of machines running salt minions
03:49 chamunks I've not been using any highstates just been using salt 'whatever' cmd.run 'etc'
03:50 favadi joined #salt
03:50 chamunks I really just want a fallback salt-master that can remain offline and unavailable unless the main one goes offline.
03:51 chamunks This can be a totally not automated process I just have a teeny little vps I want to cut back on resources for.
03:51 mikaelhm joined #salt
03:52 iggy I would just automate the spin up of masters to absurd levels and not bother with multi-master
03:52 chamunks lol
03:52 chamunks Sounds great
03:54 dario` joined #salt
04:00 ramishra_ joined #salt
04:07 tomspur joined #salt
04:07 __number5__ I have one master in every vpc and they don't talk to each other
04:16 desposo joined #salt
04:20 aparsons joined #salt
04:25 favadi joined #salt
04:32 ravibhure joined #salt
04:32 ravibhure left #salt
04:39 neogenix joined #salt
04:42 aphoriser joined #salt
04:44 murrdoc joined #salt
04:55 favadi left #salt
04:56 Hipikat joined #salt
04:58 ramishr__ joined #salt
05:18 ajw0100 joined #salt
05:23 mephx joined #salt
05:28 iggy same
05:28 iggy except we use GCE not AWS
05:32 bhosmer_ joined #salt
05:46 Ilja joined #salt
05:48 aparsons joined #salt
05:51 ramteid joined #salt
05:57 TTimo joined #salt
05:57 ramishra_ joined #salt
06:06 rbjorklin joined #salt
06:08 ghanima joined #salt
06:10 mikaelhm joined #salt
06:12 raygunsix joined #salt
06:12 otter768 joined #salt
06:20 clintberry joined #salt
06:28 calvinh joined #salt
06:47 calvinh joined #salt
06:52 calvinh_ joined #salt
06:55 stoogenmeyer_ joined #salt
06:56 Madhurranjan joined #salt
06:56 Madhurranjan hi, I'm trying to access pillar data as part of salt-call . But it can't seem to access pillar configuration .
06:56 Madhurranjan Is there a way we can tackle this ?
06:59 shnguyen joined #salt
07:01 dkrae joined #salt
07:04 AndreasLutro joined #salt
07:04 linjan joined #salt
07:07 colttt joined #salt
07:08 shnguyen joined #salt
07:09 Ilja joined #salt
07:09 aparsons joined #salt
07:10 krelo joined #salt
07:10 ramishra_ joined #salt
07:11 Ryan_Lane joined #salt
07:13 shnguyen joined #salt
07:13 ramishr__ joined #salt
07:14 jhauser joined #salt
07:15 Godfath3r joined #salt
07:15 peno joined #salt
07:16 hojgaard joined #salt
07:17 alanpearce joined #salt
07:19 ramishra_ joined #salt
07:20 ramishra_ joined #salt
07:23 KermitTheFragger joined #salt
07:25 ramishra_ joined #salt
07:25 toanju joined #salt
07:34 Madhurranjan joined #salt
07:35 slafs joined #salt
07:37 cberndt joined #salt
07:37 jalaziz joined #salt
07:41 ramishra_ joined #salt
07:42 badon joined #salt
07:49 nullptr joined #salt
07:52 NV joined #salt
07:52 kawa2014 joined #salt
07:54 Auroch joined #salt
07:56 Madhurranjan joined #salt
07:58 TTimo joined #salt
08:01 alanpearce joined #salt
08:04 Madhurranjan joined #salt
08:07 eseyman joined #salt
08:07 lb1a joined #salt
08:08 jtang joined #salt
08:09 slafs left #salt
08:12 teogop joined #salt
08:13 otter768 joined #salt
08:15 scristian joined #salt
08:19 kermit joined #salt
08:28 Madhurranjan joined #salt
08:31 Ilja joined #salt
08:34 FRANK_T joined #salt
08:40 trikke joined #salt
08:41 potens joined #salt
08:41 ramishra_ joined #salt
08:43 AirOnSkin How can I setup my environments (file_roots & pillar_roots) in a way, that some environments will have exclusive pillar data (environment DEV only has access to DEV Pillars), but all environments share access to a fourth Pillar environment?
08:44 phx why not
08:44 AirOnSkin Right now, my configuration looks like this: http://hastebin.com/betojigumi.sm
08:44 phx they can be completely different
08:47 AirOnSkin phx: I don't quite follow. I know I can define different environments, but if I understood it correctly, with my current config, the DEV environment will only have access to the DEV pillars... it can't access TEST or PROD pillars...
08:47 phx actually, no
08:47 phx the pillars top.sls defines a host's access to pillars
08:47 phx and that can be of mixed environments as well
08:48 phx you can assign pillars to a host from multiple environments from the top.sls pillar
08:50 CeBe joined #salt
08:53 Madhurranjan joined #salt
08:54 AirOnSkin phx: Ah, I see. So, as long as I don't "restrict" the host in the top.sls (via matching the environment grain, for example) it may access all other environments...
08:54 phx nope
08:54 phx pillars are private, minions are not having access to pillars which are not assigned to them
08:54 phx you have to be explicit
08:55 phx and remember, explicit is always better than implicit :)
08:56 AirOnSkin Right ... now I understand. Thanks for explaining that to me, I appreciate it :)
08:56 babilen AirOnSkin: Environments are defined in the top file. In the minion configuration works too, but is simply a shortcut. Wasn't aware that you can also set it in grains, how does that work?
08:56 phx AirOnSkin, you're welcome
08:57 babilen (but then you *really* don't want to make sensitive pillars available to minions based on grains)
09:00 jtang joined #salt
09:04 babilen AirOnSkin: ping?
09:05 AirOnSkin babilen: pong. Sorry, someone walked into the office -.-
09:05 phx lock the door
09:06 AirOnSkin :D
09:06 phx IT area should be restricted
09:07 babilen AirOnSkin: I am curious about "via matching the environment grain". Could you elaborate on that?
09:07 CeBe joined #salt
09:08 AirOnSkin babilen: The grain I define is a custom one. It's got the same name as the actual Salt environment. So my top.sls for the DEV environment starts like this:
09:08 babilen Ah, okay. So it has no meaning.
09:09 AirOnSkin http://hastebin.com/olutuxaxop.sm
09:09 babilen (besides the meaning you give it)
09:09 aparsons joined #salt
09:10 AirOnSkin Yes, it's only so I can make sure, I can separate DEV, TEST & PROD
09:10 phx AirOnSkin, personally i keep a database around (which i call inventory), and my top.sls pillar is a python script, assigning pillars to minions based on the data in the inventory
09:11 shnguyen joined #salt
09:11 babilen Sure, that's fine. It sounded a little as if there was any built in functionality for that. Please keep in mind that if you make, for example, sensitive private keys/certs/other data available to only "env:prod" minions that you should not rely on the value of the grain if your dev minions shouldn't have access to that information too.
09:12 jtang joined #salt
09:12 babilen And I would also recommend to not rely on grains for any pillar/state assignment apart from those that genuinely need it (e.g. "hardware foo needs state "- hardware.foo")
09:13 N-Mi joined #salt
09:13 AirOnSkin I'm really planing to move away from the custom environment grains and have the hosts separated via Pillar
09:14 babilen That allows you to move to external pillars more easily later on too (if you plan to keep that information in a database for example)
09:14 phx that sounds like a better approach
09:14 tombibb joined #salt
09:14 babilen indeed
09:14 AirOnSkin But I'm still at the beginning of using Salt and right now (after about 4-5 months of setting up states and configuring stuff) I'd like to stop developing and start rolling out systems ;) ... we're waiting kinda long now for it ^^
09:15 babilen :D
09:16 babilen Whatever you roll out in production will stay around for much longer than you want it to, but you will still have to start rolling out things.
09:16 shnguyen joined #salt
09:16 jtang joined #salt
09:16 fredvd joined #salt
09:16 babilen I'd fix that particular aspect though as it poses a potential security risk (depends on what you do exactly naturally)
09:17 chiui joined #salt
09:18 tombibb_ joined #salt
09:19 Madhurranjan joined #salt
09:19 Andre-B joined #salt
09:23 tombibb__ joined #salt
09:27 jtang joined #salt
09:29 tombibb joined #salt
09:30 Xevian joined #salt
09:32 AirOnSkin babilen: back again. again with these people oO...
09:33 babilen Did they bring coffee?
09:33 AirOnSkin Well, I was for quite some time now in a state where I knew "I can do things better", but I still need to "produce" something with Salt... so I'm going back and forth with the state designs, build patterns, etc...
09:33 AirOnSkin Only problems ... not mine, though... harhar
09:34 babilen You know .. I had happy colleagues as soon as I installed the minions and introduced them to execution modules
09:34 johtso joined #salt
09:35 babilen Take it step by step, don't try to solve everything at once, but solve the things you *are* solving in a non-hacky way.
09:35 babilen (easy to say, I know)
09:35 babilen But then you sometimes might now realise how much help salt is even for "trivial" things.
09:38 AirOnSkin I think I'm quite far now. I'm at a point where all the standards (that apply to all hosts we setup) are configured and I can start with roles. We also use Salt to do the initial configuration of our systems even though they might not be complete with only that
09:39 AirOnSkin It's a lot of fun to learn salt, but understanding the concepts (with no prior experience in the field) was quite the challenge...
09:40 ltsampros joined #salt
09:41 ltsampros hello
09:42 phx AirOnSkin, salt is also fun :)
09:42 _mel_ joined #salt
09:42 phx AirOnSkin, what i very much like in salt, is that you can treat it as a framework and build upon it, integrate it, and so on
09:42 AirOnSkin phx: Right! It's like a swiss army knife :)
09:43 ramishra_ joined #salt
09:43 phx more or less. the important thing is to know what it's good for and what it's not really good for
09:43 phx and still, i'm not really an expert
09:43 ltsampros quick question
09:44 ltsampros is there any documentation/example on the new salt-ssh API in latest rc1?
09:45 tombibb joined #salt
09:45 paulm- joined #salt
09:46 markm joined #salt
09:51 jespada joined #salt
09:51 phx babilen, execution modules are basically scripts that are being run on the minion, and delivered from the states tree?
09:51 ramishra_ joined #salt
09:55 babilen phx: No, not quite. Execution modules are essentially Python modules that implement specific actions that can be performed on minions. They are the bits in salt that actually *do* things (e.g. mount a filesystem, delete a file, ...).
09:55 phx code that runs on the minion effectively
09:56 phx i'm still thinking of how should i do stuff like bringing up an AFS cell (joint configuration of 3+ machines in an ordered manner), or configuring an LDAP cluster of multimaster replicas, along with MIT kerberos
09:57 babilen States are implemented on top of execution modules and add logic on top of the execution modules. With execution modules you say "mount this filesystem", which you say "I want filesystem mounted" in states. The state is then associated with some tests to check if it has been achieved or not. If yes the state succeeds and nothing happens. If not the state knows which execution module functions to call to achieve it.
09:57 phx yeah, i understand that i call execution modules from states, i'm just thinking of their capabilities
09:58 phx the docs are not very clear on the exact role of them, however it has examples
09:58 babilen Ah, even better. It took me a while to actually see how this fits together and it really quite helped me to think of states as "execution module + logic and descriptive programming"
09:59 babilen OPS love execution modules :D
09:59 phx yeah
10:00 TTimo joined #salt
10:01 I3olle joined #salt
10:01 ramishr__ joined #salt
10:01 babilen I happified a bunch of people simply by installing salt and introducing them to targeting and execution modules. Their life was better immediately.
10:01 I3olle hey there. does anybody know whether its possible to use the cp.get_dir or get_file commands outside a salt folder? all the examples use salt://path/to/dir/ /minion/dest but I want to move files outside of a formula with a python script
10:01 babilen I3olle: IIRC, no
10:02 babilen Why don't you use rsync or other tools for that?
10:02 MatthewsFace joined #salt
10:03 karimb joined #salt
10:05 babilen brb
10:06 CeBe1 joined #salt
10:07 Madhurranjan joined #salt
10:07 I3olle babilen: ah pity. thanks for the info
10:07 I3olle it would have been nice to be able to stay in the salt context. you know? generate them with salt, move them with salt
10:10 honestly I3olle: put a symlink to the file somewhere accessible from salt://
10:14 stoogenmeyer__ joined #salt
10:14 otter768 joined #salt
10:14 babilen honestly: That still doesn't allow you to move a file between minions
10:15 honestly no
10:15 amcorreia_ joined #salt
10:15 honestly i guess not
10:16 svx joined #salt
10:17 ravibhure joined #salt
10:18 ravibhure left #salt
10:20 Madhurranjan joined #salt
10:22 colttt joined #salt
10:23 DorfOnGolf joined #salt
10:24 kossy joined #salt
10:38 donmichelangelo joined #salt
10:40 bluenemo joined #salt
10:42 fredvd joined #salt
10:44 mp12390 joined #salt
10:45 mp12390 hey, I need some help
10:45 phx out of coffee? :)
10:45 felskrone joined #salt
10:45 mp12390 {% if grains.id in salt[pillar.get]('nodegroups:callgroup', []) %}
10:45 mp12390 something like this
10:46 jerry_ joined #salt
10:46 mp12390 to check if server in some nodegroup
10:46 jerry_ hi
10:46 mp12390 i already have predefined nodes in master config
10:46 mp12390 but what to get it in pillar or jinja
10:49 intellix joined #salt
10:54 giantlock joined #salt
10:55 ramishra_ joined #salt
10:58 mp12390 *wont
11:00 mikkn joined #salt
11:01 TTimo joined #salt
11:01 JPT joined #salt
11:02 calvinh joined #salt
11:02 ltsampros Hey all
11:03 ltsampros is there any trick to enable the rest_cherrypy functionality ?
11:03 ltsampros I've added the configuration directives as shown in the docs, I'm restarting the salt-master but can't see anything in the logs
11:04 LeProvokateur joined #salt
11:05 jerry_ Im new to salt
11:05 tligda joined #salt
11:05 jerry_ hope anyone could help me out installing sal
11:05 jerry_ hope anyone could help me out installing salt
11:05 jrluis joined #salt
11:06 mindscratch joined #salt
11:10 Ilja joined #salt
11:10 tligda joined #salt
11:11 teambrad1 joined #salt
11:13 shnguyen joined #salt
11:14 Furao jerry_: there is plenty of documentation, youtube screencast, videos, slides, example to help you
11:14 ramishr__ joined #salt
11:15 Ranjit_ joined #salt
11:18 mp12390 ok. will make question from other side: salt '*' pillar.items  have nodegroups but if I do pillar.get nodegroups list is empty :) how to get this list?
11:19 calvinh_ joined #salt
11:20 ramishra_ joined #salt
11:26 ramishra_ joined #salt
11:28 evle joined #salt
11:28 roolo joined #salt
11:30 paulm- joined #salt
11:32 bhosmer joined #salt
11:33 JPT Hello! I am just getting started with salt and i have some trouble translating what could be a short script into a salt state file. (See http://pastebin.com/NFbUHXev ). My goal is to execute the commands in sequence. I also want to add a return code based behaviour later on. Can you give me some hints?
11:33 fintler joined #salt
11:33 fintler joined #salt
11:36 Furao jpt: in salt doc there is some git repos of formulas examples that might help you
11:39 JPT Do you have a particular example in mind that is documented a little? :)
11:39 calvinh joined #salt
11:40 JPT I can imagine what a formular will do when i read the code, but writing my own state files seems to be more difficult
11:41 huddy joined #salt
11:42 Furao http://salt.readthedocs.org/en/latest/topics/index.html#example-salt-states
11:42 JPT I will try those. Thanks :)
11:44 andrew_v joined #salt
11:45 jtang joined #salt
11:45 calvinh joined #salt
11:46 Furao my own repo (larger) is there but it’s quite old (> 3 years old), so it don’t works in recent version of salt
11:47 Georgyo joined #salt
11:50 Madhurranjan joined #salt
11:51 JPT I feel i should just write the short shell script and create a state file that runs that script on the minions.
11:51 JPT Is there a rule of thumb when to use a shell script and when to write state files?
11:51 MatthewsFace joined #salt
11:52 JPT My current case would be: run that first command. depending on its results either do nothing or run steps 1-6 in order to upgrade old software.
12:00 linjan joined #salt
12:01 bhosmer joined #salt
12:01 TTimo joined #salt
12:08 diegows joined #salt
12:08 sieve joined #salt
12:11 calvinh_ joined #salt
12:15 otter768 joined #salt
12:20 ramishra_ joined #salt
12:24 ramishr__ joined #salt
12:27 Kizano joined #salt
12:29 Herzekhiel joined #salt
12:31 KermitTheFragger joined #salt
12:45 JlRd joined #salt
12:45 scottpgallagher joined #salt
12:46 CeBe joined #salt
12:50 wnkz joined #salt
12:56 kellnola2 I prefer state files for everything since there's a source for everything that happened .. at least theoretically
12:56 Furao joined #salt
12:57 Madhurranjan joined #salt
12:59 krelo_ joined #salt
13:02 TTimo joined #salt
13:03 yawniek_ where do i supply ssh keys for ext_pillar definition?
13:06 linjan joined #salt
13:07 KermitTheFragger joined #salt
13:09 hebz0rl__ joined #salt
13:09 MaliutaLap yawniek_: you can email them to me, along with the systems and usernames they are valid for ;)
13:10 yawniek_ MaliutaLap: great stuff, send me your email address.
13:10 intellix joined #salt
13:11 yawniek_ ill also send you the rest of my todo list, in the hope you can fix everything. i'm off for vacation then :D
13:12 MaliutaLap yawniek_: and in return I can send you the _very_ large bill :P
13:16 KermitTheFragger joined #salt
13:16 wincus joined #salt
13:16 ramishra_ joined #salt
13:19 pressureman joined #salt
13:20 Madhurranjan joined #salt
13:23 aphorise joined #salt
13:26 paulm- joined #salt
13:27 intellix joined #salt
13:29 GabLeRoux joined #salt
13:29 paulm-- joined #salt
13:30 _JZ_ joined #salt
13:34 saltinie joined #salt
13:34 yawniek_ MaliutaLap: depends on the bill. bill gates: yes, bill clinton: no.
13:35 _JZ_ joined #salt
13:36 calvinh joined #salt
13:36 murrdoc joined #salt
13:36 krelo joined #salt
13:36 saltinie I'd like to use the archive.extracted state, but I am getting this error: "tar (child): '/var/cache/salt/minion/files/base/_opt_foobar_dist_.tar': Cannot open: No such file or directory"
13:36 ltsampro` joined #salt
13:37 saltinie but.. I see the file on the minion:  salt 'foobar' cmd.run 'ls -alh /var/cache/salt/minion/files/base/' returns "_opt_foobar_dist_.tar" in the list
13:38 saltinie what gives? what am I doing incorrectly?
13:38 Ilja joined #salt
13:38 ponpanderer joined #salt
13:39 Ztyx joined #salt
13:39 Ztyx left #salt
13:40 MatthewsFace joined #salt
13:43 ramishra_ joined #salt
13:45 calvinh_ joined #salt
13:46 zerthimon joined #salt
13:48 bhosmer joined #salt
13:48 nitti joined #salt
13:49 kossy joined #salt
13:49 tensorproduct joined #salt
13:50 tensorproduct Hello. I want to do something with Salt that might not be possible.
13:50 tensorproduct I want to be able to access grain data of minions from an SLS file on the master
13:51 tensorproduct Is that possible?
13:52 tensorproduct Let's say, I have a number of minions all with the grain "target: True", and I want to get a list of all their ip addresses, which are stored in the grain public_ip
13:52 sieve joined #salt
13:52 tensorproduct Is there anyway to access this data via jinja?
13:53 tensorproduct Or should I set up a new custom grain to get this info through Python code
13:53 tensorproduct ?
13:53 Furao tensorproduct: use salt mine
13:54 subsignal joined #salt
13:55 subsignal joined #salt
13:55 CeBe joined #salt
13:56 tensorproduct Okay, I'll go read up on salt mine
13:56 tensorproduct Thanks
13:56 murrdoc joined #salt
13:56 murrdoc ola
13:57 Madhurranjan joined #salt
14:00 jeremyr joined #salt
14:02 jdesilet joined #salt
14:04 Madhurranjan joined #salt
14:05 esogas_ joined #salt
14:06 colttt joined #salt
14:10 elfixit joined #salt
14:11 cpowell joined #salt
14:12 ponpanderer left #salt
14:13 FAI joined #salt
14:14 FAI Good Morning, I am new with saltstack I will like to configure salt.returners.smtp_return http://docs.saltstack.com/en/latest/ref/returners/all/salt.returners.smtp_return.html#salt.returners.smtp_return.returner
14:15 FAI but I do not understand the documentation..
14:15 FAI Its not clear
14:15 JDiPierro joined #salt
14:15 tensorproduct Alternatively, all of my minions will have been deployed using salt-cloud. Is there a way of getting minion data out of salt-cloud?
14:16 otter768 joined #salt
14:16 FAI I just have to add this lines to the /etc/salt/minion http://paste.fedoraproject.org/187542/43553721/ ?
14:17 ramishra_ joined #salt
14:18 jY tensorproduct: what type of data?
14:18 jY i mean the minions will be connected to master
14:19 tensorproduct I want to get a list of all the public IP addresses of my minions from within and SLS file
14:19 jY ya you the salt mine
14:19 tensorproduct How do I access salt mine data within an SLS? My google-fu is failing me on this.
14:19 jY i created my own module for it but
14:20 jY {% set hosts = salt['mine.get']("manage:type:memcache", 'manage.podinfo', expr_form='grain') -%}
14:21 tensorproduct Oh, that's awesome. Thanks
14:21 bluenemo joined #salt
14:21 bluenemo joined #salt
14:21 jY that grabs all the minions that match that grain and runs manage.podinfo on them
14:21 tensorproduct I didn't know you could make arbitrary calls to salt functions like that.
14:21 tensorproduct That's a huge help
14:21 jY https://gist.github.com/mzupan/0ae4d89390fa0416488f
14:21 jY which is pretty easy
14:21 jY podinfo just loads some custom grains
14:22 jY you can do that call in a sls file or template
14:22 jY i generally do them in templates
14:22 tensorproduct Yes, I'm probably going to be doing it in a template
14:23 murrdoc jY:  you should move away from using __grains__[] and use __salt__['grains.get']() instead
14:23 murrdoc s/should/could
14:23 jY murrdoc: true
14:24 murrdoc http://docs.saltstack.com/en/latest/topics/development/dunder_dictionaries.html
14:24 murrdoc they updated the doc to reflect that
14:24 jY tensorproduct: also you need to tell minions what they can share in the mine
14:24 jY https://gist.github.com/mzupan/c5ff77e727d6333f1bc7
14:24 jY thats in the minion config
14:24 murrdoc http://docs.saltstack.com/en/latest/topics/mine/ has a working example of mines
14:25 TTimo joined #salt
14:28 tensorproduct Thanks jY and murrdoc. You've been a great help.
14:33 mpanetta joined #salt
14:34 slafs joined #salt
14:34 slafs left #salt
14:35 ashw7n joined #salt
14:36 edrocks joined #salt
14:37 kossy_ joined #salt
14:37 kaptk2 joined #salt
14:38 breakingmatter joined #salt
14:38 aparsons joined #salt
14:39 racooper joined #salt
14:47 perfectsine joined #salt
14:48 paulm-- How do you specify an optional requirement, e.g. require if available
14:50 epcim_ joined #salt
14:50 nullptr joined #salt
14:50 numkem joined #salt
15:03 jY paulm--: like only do this if something is installed?
15:03 nitti_ joined #salt
15:04 paulm-- jY: No, only act it if the state is available
15:04 murrdoc nope
15:05 murrdoc its been requested
15:05 tensorproduct Okay, one more question. The salt mine works as expected, but at the moment I have to manually add the mine_functions to /etc/salt/minion on the minions. Is there a way to set minion configuration during cloud deployment?
15:05 tomh- joined #salt
15:07 murrdoc you can setup a cloud profile
15:07 JPT I want to target all minions except for the ones having 'foo' in their id. How would i do that?
15:07 murrdoc and drop a file in /etc/salt/minion.d/ with teh mine config u want
15:07 murrdoc jpt look up saltstack compound matching
15:08 JPT okay, thanks :)
15:09 primechuck joined #salt
15:10 sieve joined #salt
15:11 sieve joined #salt
15:11 MatthewsFace joined #salt
15:12 JPT Ah, got it. I  was missing the -C.
15:12 debian112 joined #salt
15:12 a7p joined #salt
15:12 nitti joined #salt
15:13 nitti joined #salt
15:15 ipmb joined #salt
15:28 favadi joined #salt
15:29 rojem joined #salt
15:30 Ilja joined #salt
15:30 ltsampro` hey guys, quick question
15:30 ltsampro` I think I found a bug in modules/network.py
15:30 mikaelhm joined #salt
15:30 ltsampro` I modified the file, rm'ed the network.pyc file in order to do a test but when I call the module to run on a host an older version of the file is running
15:31 ltsampro` from which locations are the modules copied over to the client?
15:31 stylica joined #salt
15:32 ramishra_ joined #salt
15:33 murrdoc modified on the minion and restarted the minion
15:33 murrdoc ?
15:34 ltsampro` murrdoc: modified on the master, i'm running the module using salt-ssh (if that matters)
15:35 claytonk joined #salt
15:38 bhosmer joined #salt
15:39 Brew joined #salt
15:40 Brew joined #salt
15:41 clintberry joined #salt
15:41 murrdoc weird
15:43 ltsampro` murrdoc: any idea would be welcom as I'm stuck
15:43 iggy put it in /srv/salt/_modules ?
15:44 schlueter joined #salt
15:44 ltsampro` that would be a solution but I was thinking to try it in place first as I might send a patch upstream
15:44 tristianc joined #salt
15:44 kermit joined #salt
15:45 ltsampro` in my minion, I can see /tmp/.root_8ed75c__salt
15:45 ltsampro` I'm deleting that also
15:49 iggy well, as far as testing a fix, they should be equivalent
15:50 nullptr` joined #salt
15:52 Ilja1 joined #salt
15:53 ltsampro` when salt-ssh runs for example salt-ssh '*' network.routes
15:53 douglassssssssss joined #salt
15:53 ltsampro` does it execute minion-code or master-code? if master code, how is the code transferred to the minion?
15:54 ltsampro` nevermind I think it's this one: /var/cache/salt/master/thin/thin.tgz
15:54 TheoSLC joined #salt
15:57 Ilja joined #salt
15:57 conan_the_destro joined #salt
15:58 favadi joined #salt
16:00 jeremyr joined #salt
16:01 sieve Im having trouble getting salt cloud to lauch instances in a specific VPC
16:02 sieve I've tried setting SubnetId: subnet-XXXXXXXX
16:03 Ilja joined #salt
16:04 blackhelmet joined #salt
16:08 andrew_v joined #salt
16:09 smcquay joined #salt
16:10 lpmulligan joined #salt
16:12 tomspur joined #salt
16:13 pdayton joined #salt
16:14 ltsampro` murrdoc, iggy: http://pastebin.com/a1S6571b
16:14 ltsampro` does this seem like a bug ?
16:14 jespada joined #salt
16:14 murrdoc ['netstat:', 'invalid', 'option', '--', '+']
16:15 murrdoc ?
16:15 murrdoc -- network.default_route is supposed to work ?
16:15 ltsampro` it doesn't on 2015rc1
16:15 ltsampro` 2015.2.0rc1
16:17 kawa2014 joined #salt
16:17 otter768 joined #salt
16:17 mikaelhm joined #salt
16:18 ltsampros murrdoc: all the linux route functions seem broken
16:18 murrdoc cant help u there
16:18 murrdoc github issue and maybe email salt-users ?
16:18 giantlock joined #salt
16:18 sieve https://gist.github.com/mooperd/9d18ea3d1a64c2890c9a - Can anyone identify what I am doing wrong with my salt-cloud config here. I cant start machines in the non default VPC.
16:18 ltsampros yeah mmaybe
16:19 tomspur_ joined #salt
16:21 Madhurranjan joined #salt
16:22 ramishra_ joined #salt
16:24 Topic for #salt is now Welcome to #salt | SaltConf 2015 is Mar 3-5! http://saltconf.com | 2014.7.2 is the latest | Please be patient when asking questions as we are volunteers and may not have immediate answers | Channel logs are available at http://irclog.perlgeek.de/salt/
16:24 robinsmidsrod joined #salt
16:24 jalbretsen joined #salt
16:24 pdayton joined #salt
16:30 forrest joined #salt
16:31 joehh joined #salt
16:31 murrdoc joined #salt
16:36 tomspur joined #salt
16:37 * lpmulligan
16:43 mordonez joined #salt
16:44 mordonez joined #salt
16:44 SheetiS joined #salt
16:51 scottpgallagher joined #salt
16:51 Ozack-work joined #salt
16:53 sxar joined #salt
16:55 Sacro Can someone re-open https://github.com/saltstack/salt/issues/14634 , thanks!
16:56 Wheelz joined #salt
16:58 aparsons joined #salt
17:00 wincus joined #salt
17:00 paha I'm having trouble passing arguments to runners, are there know issues on that?
17:00 paha simplified example: https://gist.github.com/paha/03c967d82365da731dfa
17:01 theologian joined #salt
17:02 tomspur_ joined #salt
17:03 paha from reactor, sls or modules that is. CLI works fine
17:05 stylica joined #salt
17:06 sieve joined #salt
17:06 stylica joined #salt
17:07 Wheelz_ joined #salt
17:07 mikaelhm joined #salt
17:14 iggy paha: try dropping the - arg: and unindent - lxc-test
17:14 StDiluted joined #salt
17:15 stylica where canI get the pepper?
17:17 intellix joined #salt
17:18 Wheelz joined #salt
17:18 ksalman1 how does states.grains.append work? does a grain need to exist for it to append a value?
17:18 ksalman1 and how might i create this list grain so i can use grains.append on it?
17:20 babilen stylica: https://github.com/saltstack/pepper
17:20 iggy ksalman1: your best bet is to read the code or just test it real quick
17:21 ksalman1 iggy: i tried it and I get Comment: Grain roles does not exist
17:21 ksalman1 but i don't see how to create a list type grain
17:21 ksalman1 http://docs.saltstack.com/en/latest/ref/states/all/salt.states.grains.html
17:21 ksalman1 there's a grains.present but that's not a list type
17:22 iggy list_present ?
17:22 iggy nope
17:23 iggy use append with convert: True ?
17:23 ksalman1 still get the same Comment: Grain roles does not exist
17:24 intellix joined #salt
17:24 ksalman1 even though it does
17:24 ksalman1 [root@foo64 ~]# cat /etc/salt/grains
17:24 ksalman1 roles:
17:24 ksalman1 - bar
17:24 iggy did you restart the minion after changing that file?
17:26 intellix joined #salt
17:26 ksalman1 iggy: That got created with list_present when I tried that
17:26 ksalman1 so minion shouldn't need to be restarted?
17:27 chiui joined #salt
17:27 iggy I... sure
17:28 iggy I would think not, but then again it doesn't hurt to try
17:28 ksalman1 i mean, if i have to restart the minion when a grain gets added from a state, that doesn't sound right to me
17:28 iggy me either
17:29 paha iggy: passing args to runner from reactor, tried what you suggested, got a key error this time
17:29 ksalman1 i'll test it at least, i guess
17:29 paha running 2014.7.1 https://gist.github.com/paha/03c967d82365da731dfa
17:29 ksalman1 no, same error
17:29 ksalman1 Grain roles does not exist
17:30 ksalman1 well, it's not an error. just no change
17:32 iggy paha: yeah, was a long shot
17:32 iggy sadly the reactor stuff isn't very well documented
17:32 iggy you might have luck looking for examples outside of the docs
17:33 paha iggy: It doesn't seem a reactor problem, but rather issue with passing args to runners in general
17:34 paha tried to call sls from a reactor, same deal
17:34 signull paha: reactor stuff is not that bad
17:34 paha I mean call sls - call runner from sls
17:34 signull checkout the develop branch of salt
17:34 signull there is a tool called eventlistener.py
17:34 signull it can help you diagnose issues
17:35 paha event - reactor works just fine
17:35 iggy eventlistener.py has been there forever
17:35 paha running reactor is also no issues, but passing args to a runner
17:35 iggy and don't use the develop branch version of it on older masters/minions
17:35 iggy it won't work
17:36 iggy file a bug
17:36 iggy or see if one exists already
17:36 paha ok, will file an issue, thanks guys
17:37 snave joined #salt
17:37 MatthewsFace joined #salt
17:39 yawniek_ when i have a formula that has a state and i have a folder with the same state name + init.sls, what happens?
17:39 subsignal joined #salt
17:39 Sacro yawniek_: bad things
17:39 murrdoc i think last included works
17:40 Matthews_ joined #salt
17:40 iggy bad things is the correct answer
17:40 murrdoc unexpected things or bad
17:42 iggy I was originally going to say "undefined" (which I think is technically corrrect, btw)
17:42 paha ksalman1: for roles, here is an example of what I was doing https://gist.github.com/paha/4fadf2028d53935be6cd
17:42 ksalman1 paha: thanks, I'll check it out
17:43 aparsons joined #salt
17:45 signull is there a grain to specifically figure out the ip inwhich salt-master contacts the minion?
17:47 robinsmidsrod joined #salt
17:49 iggy it's whatever IP has the best route to the master
17:49 iggy and no
17:50 iggy now... why don't you tell us what you're actually trying to achieve instead of how you're trying to achieve it
17:50 CeBe1 joined #salt
17:53 hal58th joined #salt
17:54 signull iggy: so I am currently rewriting boto_route53 to use libcloud
17:54 signull I am adding a new option however. to change hostname to <some-role><unique-num>.zone.com
17:55 iggy I would just extend the cloud execution module and state module
17:55 signull i am not that good of a developer with python yet.
17:55 signull the boto_route53 provides some infrastructure tome
17:55 signull *to me
17:56 signull in this senerio I will be writing a module, state and event reactor
17:56 Ryan_Lane joined #salt
17:56 JDiPierro I've got salt-master running on my local machine from "salt-master -d"... how do I kill it? >.>
17:56 signull so I figure if i get this working then i could go and start extending the cloud execution
17:57 signull JDiPierro:  killall -9 salt-master
17:57 JDiPierro signull: Thanks :P Wasn't using -9 so it just kept restarting itself
17:57 signull JDiPierro: welcome
17:58 iggy JDiPierro: ctrl-c
17:58 iggy oh wait, -d is daemon?
17:58 JDiPierro Yep
17:59 JDiPierro I was killing the process and it just kept resurrecting itself.. the -9 did it in for good
17:59 iggy I was thinking -l debug for some reason
17:59 timoguin joined #salt
18:02 stylica joined #salt
18:03 armguy joined #salt
18:03 edrocks can I use grains like {{grains['host']}} in a config file that I transfer to minions with file.managed?
18:03 bhosmer_ joined #salt
18:03 blackhelmet joined #salt
18:05 iggy with template: jinja
18:05 wrench_ joined #salt
18:05 stylica joined #salt
18:08 stylica joined #salt
18:09 wrench_ I had a statefile that managed some conf files and it was working fine until I found out that the user/group that owned the files/dirs was an ldap user.  Setting the user/group as the ldap user/group name did not work anymore.  I found a workaround: use uid/gid instead of user/group.  This works for all my managed files, however I have at least two dirs that I am recursively setting the owner/group.  I tried similarly using - recurse:
18:09 wrench_ Anyone know a way to work around this?
18:09 edrocks iggy thanks just got it working
18:10 wrench_ error is: Types for "recurse" limited to "user", "group" and "mode"
18:12 nullptr joined #salt
18:13 jalaziz joined #salt
18:15 iggy wrench_: you got cut off at "- recurse:"
18:15 wrench_ Types for "recurse" limited to "user", "group" and "mode"
18:16 hasues joined #salt
18:16 ajw0100 joined #salt
18:16 hasues left #salt
18:16 wrench_ oh you meant for the original question line hang on I'll paste
18:16 wrench_ I had a statefile that managed some conf files and it was working fine until I found out that the user/group that owned the files/dirs was an ldap user.  Setting the user/group as the ldap user/group name did not work anymore.  I found a workaround: use uid/gid instead of user/group.  This works for all my managed files, however I have at least two dirs that I am recursively setting the owner/group.  I tried similarly using - recurse:
18:17 wrench_ basically I need to recursively chown a directory using a uid and gid instead of user/group names but that doesn't seem to be supported
18:17 wrench_ so I'm trying to see if anyone knows a workaround
18:17 sjol joined #salt
18:17 forrest joined #salt
18:18 otter768 joined #salt
18:19 cpowell joined #salt
18:19 rojem joined #salt
18:21 edrocks wrench_: I'm a bit new to salt but I think cmd.run 'chown yourArgs' should work
18:21 iggy make sure your ldap/pam state runs first so the users exist?
18:22 wrench_ iggy the users exist, its just salt can't see them b/c they don't exist in /etc/passwd
18:22 wrench_ that's why I'm having to do it by uid/gid
18:22 evilrob joined #salt
18:22 wrench_ *I'm assuming why salt can't see them for that reason, I honestly don't know
18:25 germs_ joined #salt
18:26 iggy that sounds like a bug
18:27 tligda joined #salt
18:30 iggy wrench_: try this... use user/group args, but put in the numeric uid/gid for the values
18:31 iggy if I'm reading the source correctly, if you pass an int, it uses that directly (the low level calls actually expect a uid/gid)
18:31 murrdoc true
18:31 wrench_ I tried that on a managed file, but not a dir -- trying now
18:32 edrocks is cmd.wait run if you have a managed file and it hasn't been changed but you rerun the state?
18:33 diegows joined #salt
18:33 edrocks for example would restart-stackdriver be run here if my redis.conf file isnt changed but I run the state? http://pastebin.com/R7dk0Ugd
18:34 edrocks o nevermind changes is empty if it doesnt do anything
18:37 wrench_ iggy I get the following error when I provide the numeric uid/gid but use user/group args: TypeError: getpwnam() argument 1 must be string, not int
18:37 wrench_ :/
18:37 murrdoc use '1'
18:37 murrdoc :D
18:38 wendall911 joined #salt
18:39 wrench_ murrdoc: that got rid of the TypeError, but nets: User x is not available Group y is not available
18:39 signull I put my custom module into /srv/salt/_module and custom state into /srv/salt/_state however when i run salt '*' sys.doc custom_module nothing is returned
18:39 iggy is this on the directory or manged state?
18:39 aparsons joined #salt
18:40 iggy signull: saltutil.sync_all
18:40 signull iggy: thank you
18:43 JDiPierro joined #salt
18:43 signull iggy: actually getting some issues. http://pastebin.com/P9k77B39
18:43 subsignal joined #salt
18:46 subsignal joined #salt
18:47 z0rc joined #salt
18:48 cbrinley joined #salt
18:49 iggy paste the code from your module
18:50 signull sure one sec
18:51 tligda1 joined #salt
18:52 signull iggy: http://pastebin.com/S6BK3khK
18:53 edrocks does watch_in not work with cmd.wait?
18:53 tligda joined #salt
18:56 hal58th it should. Are you putting the watch_in on another state and pointing to the cmd.wait state?
18:57 edrocks yes I'm using watch_in on a file.managed state and I include my other state that uses cmd.wait
18:57 edrocks I'll put it on pastebin
18:58 edrocks hal58th: http://pastebin.com/Q9SA33Dg
18:58 edrocks when I run it the changes for the restart state are empty and it doesn't appear to do anything when I look at the debug output on my minion
18:59 hal58th ah i see your problem
18:59 iggy signull: try salt-call? My custom module in _modules works
18:59 hal58th under watch_in you have service, but it should be cmd.   cmd: restart-stackdriver
19:00 baweaver joined #salt
19:00 iggy hooray for code pastes being effective (and generally where you should start)
19:01 hal58th another note edrocks, why are you using a cmd.wait state. You can just user service.enabled it would restart the service if being called with a watch
19:02 roolo joined #salt
19:03 edrocks hal58th: switching to cmd: worked! Let me try using watch instead
19:05 edrocks hal58th: why would cmd.watch give me double output from the master?
19:06 timoguin joined #salt
19:06 alanpearce joined #salt
19:06 hal58th ahhh. not what I meant. let me change it for you and paste it
19:07 edrocks I saw on github they made cmd.watch and alias for cmd.wait too
19:07 edrocks but they might of changed it since then
19:07 hal58th I have no idea.
19:07 alanpearce joined #salt
19:08 z0rc left #salt
19:10 edrocks I think the double output was from some failed jobs I got a couple " failed to compile data" errors after I ran the state just after saving and it said it still started the job
19:10 hal58th edrocks http://pastebin.com/1cs2tS2c This means that the service is always checked to see if running. But will restart the service if called by a watch
19:11 edrocks o thank you that looks a lot better
19:12 murrdoc throw a reload in there ?
19:12 wrench_ iggy so looks like using cmd.run to do the chown using username/groupname works.  Is there a way to have that stanza return False if the return code is non zero? Or does it already do that?
19:12 ckao joined #salt
19:12 murrdoc so that if the service is reloadable
19:12 toanju joined #salt
19:13 hal58th murrdoc care to explain a little more? My service state knowledge is a little lacking
19:13 edrocks if I moved that service.running to my init.sls could I still include it from my *-agent.sls files? my init.sls http://pastebin.com/xcDJZBPw
19:13 jeremyr joined #salt
19:13 hal58th wrench_ it should probably already do that.
19:15 murrdoc hal58th:  if a service can be reloaded, like say you setup nginx with all included configs, then you should reload it
19:15 murrdoc i think its sigkill vs sighup
19:15 murrdoc http://docs.saltstack.com/en/latest/ref/states/all/salt.states.service.html
19:15 wrench_ hal58th: just tested that. It does indeed return false on a nonzero return code. thanks!
19:15 hal58th How do you do that exactly? ok let me read
19:15 murrdoc "By default if a service is triggered to refresh due to a watch statement the service is by default restarted. If the desired behavior is to reload the service, then set the reload value to True:"
19:16 murrdoc its optional
19:16 murrdoc but in things like nginx and apache it works as well
19:16 hal58th ah, I did not know that was possible. I don't have it in my downloaded documentation 2014.7.0
19:17 hal58th thanks murrdoc
19:19 joehoyle joined #salt
19:21 Godfath3r joined #salt
19:26 rawkode joined #salt
19:27 murrdoc pkgrepo.managed sucks donkeyballs
19:27 hal58th it has had a few problems in the past for sure. Didn't work with PPA's for a long time
19:27 murrdoc or my understanding of it does
19:28 edrocks is it bad to include the init.sls?
19:28 hal58th edrocks be more specific.
19:29 edrocks I want to put the service.running in my init.sls
19:29 JDiPierro Where are gitfs remotes cached on the master? There's a few folders in /var/cache/salt/master/gitfs but they're all empty..
19:29 edrocks since I already have a stackdriver service there and it makes sense to have the service.running in init
19:29 sxar joined #salt
19:30 bhosmer_ joined #salt
19:30 hal58th still not sure what you are proposing. I am pretty hungover. Why don't you just try it and see what happens.
19:31 edrocks well it works I was wondering if it's a bad idea though
19:32 hal58th personal discretion and experience then. just go with intuition
19:33 bhosmer_ joined #salt
19:38 warpaint joined #salt
19:42 beneggett joined #salt
19:45 bhosmer joined #salt
19:46 edrocks does salt have any way to check if a package is installed from a cmd.script's onlyif/unless?
19:47 drawsmcgraw edrocks: I usually plug in `unless: someCommand -v`   as a hack
19:48 Ryan_Lane edrocks: what are you trying to do?
19:48 Ryan_Lane upgrade a package only if it exists?
19:48 edrocks install it only if it doesnt exist
19:49 edrocks I didn't know it was smart about the return value though I think drawsmcgraw recomendation will work
19:49 stylica joined #salt
19:49 Ryan_Lane if it isn't installed?
19:49 edrocks yes
19:49 Ryan_Lane pkg.installed does that by default
19:49 SheetiS pkg.installed doesn't install it if it is already installed.  It will just say the state is correct.
19:50 schristensen joined #salt
19:50 edrocks but I cant use pkg.installed because it has to run another script anyways to configure it
19:50 Ryan_Lane it has to run a script every time it runs your package manager?
19:50 Ryan_Lane or just once?
19:51 edrocks it has to run an install script
19:51 drawsmcgraw I don't think edrocks ever intended to use the system's native pkg manager
19:51 edrocks o it just has to run it once
19:51 Ryan_Lane ahhhh, ok
19:51 edrocks it sets an api key
19:51 Ryan_Lane edrocks: I'd manage the file that has the api key
19:51 Ryan_Lane and have all pkg.installed states require that
19:52 drawsmcgraw concur with Ryan_Lane
19:52 drawsmcgraw and/or Salt whatever the install script does
19:52 Ryan_Lane (I personally wouldn't use require, since I do sequential ordering, but most people don't)
19:52 edrocks but if i used pkg.installed it would just require me to have another cmd.script to run the api key script
19:52 Ryan_Lane edrocks: you only need to do that once. if you require the state that does it, it'll always be called first
19:54 SheetiS edrocks: it would be 2 states that way, but wouldn't require any special/confusing logic that you have to try and trick into working.  It'd look very clean from a configuration standpoint imo.
19:56 edrocks I think the unless will work and it keeps it simple
19:57 edrocks now I have unknown yaml errors so this should be fun
19:57 Auroch joined #salt
19:57 linjan joined #salt
19:59 auser joined #salt
20:09 germs_ joined #salt
20:10 blackhelmet joined #salt
20:10 ipmb joined #salt
20:11 mikaelhm joined #salt
20:11 germs_1 joined #salt
20:17 thayne joined #salt
20:18 schlueter joined #salt
20:19 otter768 joined #salt
20:20 helderco joined #salt
20:20 schlueter1 joined #salt
20:22 Eureka_ joined #salt
20:28 ajw0100 joined #salt
20:29 mapu joined #salt
20:29 rojem joined #salt
20:30 julie_ joined #salt
20:33 julie_ I want to enable a service on startup but I don't want salt to ever start the service on it's own. The documentation on this makes not sense to me at all. Can I use this in my init.sls and if so how?  http://salt.readthedocs.org/en/latest/ref/states/all/salt.states.service.html#salt.states.service.enabled
20:34 Opti44 joined #salt
20:35 baweaver joined #salt
20:36 teepark julie_: yes service.enabled is exactly what you want. use it like any other state function
20:37 spookah joined #salt
20:38 JoeHazzers i'm using the gitfs backend and my workflow is a bit crap, since it requires me to commit my changes to see if i broke anything. what's a good way to locally test salt states which are *not* in one of the configured file locations?
20:40 teepark JoeHazzers: I sometimes have a virtualbox sharing a directory into /srv/salt to test whats in my working copy
20:40 JoeHazzers cool!
20:40 leaveoutXSS joined #salt
20:41 bigpup joined #salt
20:43 murrdoc why does pkgrepo.managed always add an entry
20:43 murrdoc each time i run it
20:50 rlo_ joined #salt
20:50 SheetiS murrdoc: I don't get that behavior.  What OS?
20:51 murrdoc precise
20:51 murrdoc ubuntu
20:51 rlo_ Hi, i'm having an issue getting an elastic IP to automatically allocate after spinning up an EC2 instance
20:51 rlo_ base_ec2_private:   provider: my-ec2   image: ami-59f2d769   size: m3.large   ssh_username: ubuntu   allocate_new_eip: True   subnetid: subnet-14199a71   securitygroupid:     - sg-335d7a56
20:52 murrdoc SheetiS:  https://gist.github.com/puneetk/15ca8f301467cf77af28
20:53 SheetiS rlo_: have a github gist or bpaste or something of all the pertinent bits for review?  I use ec2 with salt-cloud and setup an EIP on some of my profiles.
20:53 SheetiS murrdoc: Ahh I'm in osfamily redhat, so it might be the difference.  I will take a look at the gist though
20:54 murrdoc any ubuntu users around
20:54 SheetiS murrdoc: so you get redundant identical entries in /etc/apt/sources.list.d/subversion18.list?
20:54 germs_ joined #salt
20:54 murrdoc every run
20:55 rlo_ SheetIS:https://bpaste.net/show/f3303f30cdc9
20:55 rlo_ SheetIS: i've included the cloud.profiles, is there anything else pertinent?
20:55 murrdoc this maketh no sense
20:55 SheetiS I've got an ubuntu 14.10 VM I might be able to test with if nobody else is able to help.  It's not salted since it's not part of my normal architecture, but I could test with it.
20:57 forrest joined #salt
20:59 yomilk joined #salt
20:59 SheetiS rlo_: that syntax looks a little different than what I am using: https://bpaste.net/show/581441676b91.  let me look at the docs about the difference.
20:59 rlo_ SheetiS: at which part are you allocating the EIP? is it with      AssociatePublicIpAddress: True
21:00 SheetiS oh that's a regular public IP for that one, not EIP
21:00 SheetiS I have one for EIP, let me check for another profile
21:02 Ozack-work1 joined #salt
21:02 tmclaugh[work] joined #salt
21:03 SheetiS rlo_: the associate_eip: eni-XXXXXXXX and/or allocate_new_eip: True should live inside the network_interfaces: section
21:03 cberndt joined #salt
21:04 SheetiS so just replace that 'AssociatePublicIpAddress" with "allocate_new_eip" in my paste example
21:04 SheetiS and the format should be correct
21:04 Opti44 I just installed 2014.7.1 from 2014.7.0 and I am having an issue with user.present, its failing on the fullname part
21:04 murrdoc this is bogus
21:04 Opti44 File "/usr/lib/python2.7/site-packages/salt/states/user.py", line 295, in present                   fullname = salt.utils.sdecode(fullname) if fullname is not None else fullname               AttributeError: 'module' object has no attribute 'sdecode'
21:04 murrdoc pkgrepo.managed is not working
21:05 thayne joined #salt
21:05 Opti44 when I remove the fullname from the sls file, it works without issue
21:06 SheetiS murrdoc: What version of salt?  I'd like to look a little closer.
21:07 murrdoc 2014.7.1
21:08 alanpearce joined #salt
21:08 rlo_ SheetiS: when i add the subnet and allocate_new_eip to the network_interfaces section i get this error
21:08 rlo_ https://bpaste.net/show/10fecc651f4e
21:08 SheetiS Opti44: have a paste of the state and if-applicable the pillar data for fullname to review?  The code seems sane.
21:09 giantlock joined #salt
21:10 SheetiS rlo_: that is likely because you are setting something in your provider (my-ec2-southeast-private-ips) at the same time that is causing the api to freak out.  It's not well documented on that fact, but I found out about it searching the github issues previously.  I can't find the link right quick, but if you shared both it and your modified profile, I bet we can track it down fairly quickly.
21:11 carmony I'm afriad I already know the answer, but it appears there is no was in your pillar files to add to a list created by another file?
21:12 murrdoc SheetiS:  https://gist.github.com/puneetk/15ca8f301467cf77af28 updated with the outputted file
21:12 murrdoc just keeps adding on
21:12 rgarcia_ joined #salt
21:13 rlo_ SheetiS: thanks!! that was exactly the problem. Removed the securityGroup from the provider and all was good in the world. Thanks so much!
21:14 SheetiS murrdoc:  hmm seems to be a newline at end of file issue since it puts it on the same line and it is only a single line.  I'm going to dig into what goes on under the hood a little.
21:14 SheetiS rlo_: great! good luck!
21:14 murrdoc https://github.com/saltstack/salt/blob/2f5fdd5da67452bdd95a952000ded060343b556b/salt/modules/aptpkg.py#L1638
21:18 sjol_ joined #salt
21:19 jalaziz joined #salt
21:20 pdayton joined #salt
21:20 tmclaugh[work] joined #salt
21:20 cbrinley joined #salt
21:21 baweaver joined #salt
21:22 badon_ joined #salt
21:22 Opti44 SheetiS: Here is a paste of the state https://bpaste.net/show/064427077a68
21:22 JDiPierro Is there any way to get the actual filesystem path to a salt://file?
21:23 iggy JDiPierro: no
21:23 JDiPierro :(
21:23 SheetiS murrdoc: does the extra space after the [ in there make apt freak out causing the test for a valid repo to break?  I'm used to seeing deb [arch=amd64] without the space.
21:23 murrdoc yeah
21:23 moos3 so when using gitfs only when doing a highstate what would cause No matching sls found for 'statename' in env base ? everything is in master
21:24 murrdoc heres what works
21:24 SheetiS That might be a red herring, but I'd clean the space out of your state and try and reapply.
21:24 murrdoc https://gist.github.com/puneetk/15ca8f301467cf77af28
21:24 Opti44 SheetiS: Here is a paste of the pillar https://bpaste.net/show/b1bc8e6bb4da
21:24 SheetiS murrdoc: that works fully then?
21:25 murrdoc yeah
21:25 murrdoc architectures!
21:25 murrdoc instead of architecture
21:25 Opti44 SheetiS: when I remove fullname from the state, everything works just fine
21:25 SheetiS yeah because that can be a list in ubuntu.  you can go [arch=amd64,i386]
21:26 SheetiS Opti44: Have any unicode characters in any of the fullnames?
21:26 SheetiS yaml + unicode can cause much grief in some cases.
21:26 murrdoc i am glad its fixed
21:26 murrdoc 'fixed'
21:27 Opti44 SheetiS: no special characters in the names
21:27 Opti44 SheetiS: it worked until I went from 2014.7.0 to 2014.7.1
21:27 SheetiS murrdoc: I'm glad it's working for you regardless :D
21:27 murrdoc u missed a chance to say irregardless
21:27 murrdoc 0_0
21:28 aparsons joined #salt
21:29 SheetiS murrdoc: My Engrish may be strong in the excrement, but at least I try :D
21:30 abe_music joined #salt
21:30 cbrinley hi all, i've been trying to get ssl working with salt-api using cherryPy 3.6, every time i issue a request i get back an error from curl: "(56) SSL received a record that exceeded the maximum permissible length.", has anyone else come across this before?
21:30 Jimlad joined #salt
21:31 beneggett joined #salt
21:32 babilen cbrinley:
21:33 babilen That is a well documented error. It isn't salt specific .. I'd google for it
21:34 joehoyle joined #salt
21:34 cbrinley yea i've been looking at all the google results, figured it would fall into that category. i see stuff like your ssl config is wrong. this is a very basic setup any direction about "what" is making it wrong wold be appreciated, i'm using the salt-call tls.create_self_signed_cert method to generate these certs and have also tried with openssl directly
21:38 tmclaugh[work] joined #salt
21:38 JDiPierro I've got a git repo with a .deb file configured as a gitfs_remote on my master. When I highstate the machine that needs it I'm getting the error: SystemError: E:Archive is too short. But in a vagrant VM if I pull down that repo and dpkg -i it works fine so it shouldn't be the deb.. Any thoughts on what might be up?
21:39 desposo joined #salt
21:40 SheetiS Opti44: hmm the line that you gave for the error is identical in both 2014.7.0 and 2014.7.1.  The error seems to allude to a missing "def sdecode" in salt/utils/__init.py__ or something of that nature.  Did you have a bpaste of the full error to look closer?  it might be something in the way the imports are working as well.  I am going to also try and reproduce in my test environment in the meantime
21:42 mosen joined #salt
21:44 baweaver joined #salt
21:44 zooz joined #salt
21:45 SheetiS Opti44: I cannot reproduce the issue when doing a simple test: https://bpaste.net/show/e3bb27511706
21:48 bash124512 Can I reference pillar data in other pillar files ? :)
21:48 TTimo joined #salt
21:49 Opti44 SheetiS: Here is the full error https://bpaste.net/show/517514aae270
21:49 iggy bash124512: don't
21:52 SheetiS Opti44: I've not been able to reproduce at all.  Are you using 2014.7.1 on both master and minion (or are masterless)?
21:52 tzero joined #salt
21:52 bash124512 ok, again to my original problem then. I want to have encrypted passwords in a pillar file which is quite big and I don't want to add them manually since I have many passwords.
21:52 aphor joined #salt
21:53 bash124512 encryption will be with gpg
21:53 jalaziz joined #salt
21:53 bash124512 decryption is
21:53 jdesilet joined #salt
21:53 bash124512 not a problem
21:54 bash124512 when the files are moved but if I want to change a password .... I'll need to decrypt the password , change the password and encrypt the password again
21:54 bash124512 thats alot of manual work I want to remove.
21:55 bash124512 thought of a python script but it cannot handle long lines of gpg keys
21:55 bash124512 ... if I import the yaml file that is
21:56 peters-tx joined #salt
21:56 bash124512 it wouldn't work if I changed the line too since its multiple lines
21:56 bash124512 sed wouldn't do it either
21:56 iggy I don't think yaml+jinja (i.e. the default renderers) are your best bet here
21:57 bash124512 but I need those passwords to be in pillar
21:58 mdupont joined #salt
21:59 iggy yeah, I think you'll want to use/write an ext_pillar
21:59 SheetiS bash124512:  why did importing the yaml in a python script not work?  the format of "some_key: |" then having the subsequent multilines with additional indention should yaml.load as a multiline string.  an ext_pillar might make more sense with how much you are trying to manage.
22:00 iggy and an ext_pillar would let you keep everything all separate and then merge it just before handing it off to salt
22:03 SheetiS gpg renderer inline makes sense when you have a few things or things that won't change often, but more dynamic things regardless of encryption or not are great in an ext_pillar.
22:03 bash124512 SheetiS : tried loading a file and due to special characters I get an error
22:05 hal58th yeah
22:05 bash124512 https://bukkit.org/threads/please-help-found-character-t-that-cannot-start-any-token-in-reader-line-49.7712/
22:05 bash124512 tabs
22:05 aphor can anyone show me an example pillar that pulls an IPv6 address from grains? The fqdn_ip6 returns a list.
22:05 badon_ joined #salt
22:07 bash124512 aphor : did you try adding a [listnumber] at the end ?
22:07 SheetiS bash124512: don't use tabs in yaml.  It'll also break salt states and pillars as well, so make sure to replace the tabs with spaces regardless.
22:07 hal58th aphor, i think i have an example somewhere. give me a few minutes
22:08 rgarcia_ joined #salt
22:09 SheetiS {{ grains['fqdn_ip6'][0] }} if it is a list and you want the first one
22:09 SheetiS or use grains.get if you are not sure that it exists so you can give a default.
22:09 hal58th aphor this is for ipv4 but you can work with it as an example. {{ salt['grains.get']('ip4_interfaces')['eth0'][0] }}
22:09 aphor SheetiS: thx
22:10 murrdoc joined #salt
22:10 aphor hal58th: Thx
22:10 hal58th welcome aphor
22:10 mikaelhm joined #salt
22:11 aphor Do I want to mess with writing a grain if I just want the permanent IPv6 address or the LL address if there isn't a permanent one?
22:11 babilen aphor: I would typically recommend to work with network.ipaddr (maybe as a mine function) as it allows you to filter by cidr range. That way you don't hardcode interface names.
22:12 aphor I just noticed the grains return those two addresses in non deterministic order :(
22:12 bash124512 SheetiS : not using tabs is harsh but I'll continue trying with a python script.
22:15 hal58th aphor any python list and dictionary is always unordered
22:15 hal58th I believe
22:15 linjan joined #salt
22:15 babilen aphor: http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.network.html#salt.modules.network.ip_addrs6 (and other functions in there)
22:15 aphor hal58th lists are ordered, sets are not
22:16 hal58th Ah thanks
22:16 bash124512 aphor : you can make sure if you do a for loop in the list and have an if matching the key
22:16 babilen no, use the right tool
22:16 babilen you don't care about interfaces
22:17 jalaziz joined #salt
22:17 * babilen wonders why ipaddrs6 doesn't support cidr ranges though
22:19 signull most likely cause no one wants to spend the time doing ip_calc, that and ipv6 is not used much. I cant imagine that it would be high priority
22:19 otter768 joined #salt
22:20 babilen https://pythonhosted.org/netaddr/tutorial_01.html#ipv6-support makes that quite trivial
22:20 baweaver joined #salt
22:20 aphor babilen: IPv6 DOES have CIDR style network mask bits, but the going doctrine in IPv6 network planning is just to use /64
22:21 diegows joined #salt
22:21 babilen aphor: I am aware, but then you still can't easily filter a list of ip6 addresses, by specifying the cidr range of the network you care about that (assuming you have multiple)
22:22 aquinas joined #salt
22:22 thayne joined #salt
22:22 aphor babilen: you can if you convert it to a big int and do binary ops on it with the network prefix.
22:23 babilen I use that functionality quite frequently to gather ip4 addresses of my minions in the mine (e.g. to configure a loadbalancer) and it would be just as useful with ipv6 addresses/networks
22:23 babilen aphor: I'd still prefer to define my networks with ranges and use semantically meaningful arguments to functions, but yeah, it can surely be done
22:24 babilen I was just surprised that network.ipaddr and network.ipaddr6 have different function signatures
22:24 aphor IPv6 uses link-local addresses to negotiate neighbor discovery, like ARP.
22:24 beneggett joined #salt
22:24 sjol_ joined #salt
22:25 kermit joined #salt
22:25 aphor IPv6 also has a convention of generating random temporary IP addresses for outgoing connections to make it harder to portscan later.
22:25 \ask joined #salt
22:31 igorwidl how far back does `salt-run jobs.list_jobs` go? ie. any limits on how many jobs are saved?
22:32 manfred igorwidl:  iirc, they are cleared out after 24 hours
22:32 manfred http://docs.saltstack.com/en/latest/topics/jobs/
22:32 manfred but you can configure that
22:32 manfred By default it is cached for 24 hours, but this can be configured via the keep_jobs option in the master configuration.
22:33 igorwidl manfred: thats what i needed, thanks
22:33 nich0s joined #salt
22:34 douglassssssssss joined #salt
22:35 beneggett joined #salt
22:36 mohae joined #salt
22:37 beneggett joined #salt
22:38 julie_ teepark: service.enabled: worked! I just had to add - name: myservice below. I was confused because I figured it would just use the name of my salt state from the top of the block the same as pkg.installed: does. Thanks again for your help.
22:46 cbrinley joined #salt
22:47 murrdoc joined #salt
22:52 rap424 joined #salt
22:53 beneggett joined #salt
22:55 mafro joined #salt
22:58 mikaelhm joined #salt
23:03 jeddi joined #salt
23:06 tomspur_ joined #salt
23:07 aparsons joined #salt
23:09 alanpearce joined #salt
23:09 alanpearce joined #salt
23:14 bhosmer joined #salt
23:14 bash1245_ joined #salt
23:31 desposo joined #salt
23:32 baweaver joined #salt
23:39 agj joined #salt
23:39 subsignal joined #salt
23:52 blackhelmet joined #salt
23:53 warpaint joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary