Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2015-02-26

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:01 iggy I don't think repo is getting set to what you think it is (if you've pasted all they stuff you are actually using)
00:02 masterkorp what do you need ?
00:02 masterkorp that is repo
00:08 rgarcia_ joined #salt
00:11 whytewolf masterkorp: lists and dicts are not my strong suit, but repo seems to be getting set to a list or dict of all of the items with in myplugins, not to the first item in myplugins.
00:12 masterkorp 14552 00:10:10 root) git clone sensu-plugin-myplugins /etc/sensu/plugins-myplugins
00:12 masterkorp yeah, got the problem narrowed with sysdig
00:15 whytewolf rev and user would also never have been set either
00:17 iggy salt-call -l debug would show you the rendered states btw
00:18 Brew joined #salt
00:22 baweaver tracing the error, found out that salt has this: {'[0][client]': 'local', '[0][tgt]': '*', '[0][expr_form]': 'glob', '[0][fun]': 'test.ping'}
00:22 masterkorp is the a easy way to print a dictionay in a formula ?
00:25 iggy if it's being pulled from a pillar "salt-call pillar.get sensu"
00:25 dude051 joined #salt
00:26 iggy will at least give you the basic structure
00:26 masterkorp thanks, i am using kitchen-salt though
00:26 masterkorp https://www.zerobin.net/?ab17070459e7e4a4#Z0WD0PLLzcPcm21EVoSE0gCBVoszmKWhl5ay0keV4u8=
00:27 shaggy_surfer joined #salt
00:27 masterkorp the formula
00:27 masterkorp https://www.zerobin.net/?a5f5c16003034072#4KNwBsISKNKN4HnDhNGLvhBsoPIJg5bukqh7YOsYEXQ=
00:28 masterkorp what the heck is wrong, maybe I should get some sleep
00:29 spookah joined #salt
00:31 baweaver So how does saltnado transform a json body like this: :body=>[{:client=>"local", :tgt=>"*", :fun=>"test.ping", :arg=>[], :expr_form=>"glob"}]
00:31 baweaver into this: {'[0][client]': 'local', '[0][tgt]': '*', '[0][expr_form]': 'glob', '[0][fun]': 'test.ping'}
00:32 baweaver or rather is there any way to get salt-api cough up more information on params it got?
00:32 baweaver Still digging in the source.
00:35 kellnola joined #salt
00:36 masterkorp ParserError: while parsing a block mapping
00:36 masterkorp in "<unicode string>", line 10, column 5:
00:36 masterkorp name: /etc/sensu/plugins-myplugins
00:36 masterkorp guys any ideas ??
00:36 iggy don't use unicode
00:36 iggy python2 sucks at unicode
00:36 GabLeRoux joined #salt
00:36 * baweaver *sighs*
00:36 iggy baweaver: if I were to gues, it's the : before all the keys
00:36 baweaver Ruby
00:37 baweaver it JSON maps it
00:37 baweaver so it's actually: "[{\"client\":\"local\",\"tgt\":\"*\",\"fun\":\"test.ping\",\"arg\":[],\"expr_form\":\"glob\"}]"
00:37 iggy I don't know what that means
00:37 masterkorp iggy: how do I change this ?
00:38 iggy masterkorp: in your editor?
00:38 baweaver context: Making a Rubygem that interacts with the Saltnado API
00:40 masterkorp iggy: but why a - ?
00:45 TTimo joined #salt
00:47 baweaver .............it's mad that I put it in an array
00:48 baweaver Even when pepper is pretty explicit about having it: https://github.com/saltstack/pepper/blob/master/pepper/libpepper.py#L161
00:51 aqua^mac joined #salt
00:52 rvankleeck joined #salt
00:52 rvankleeck joined #salt
00:53 markmarine joined #salt
00:54 markmarine Does anyone know how to run a state on the master itself? I have a state to install pygit2 and all the stuff upstream, and it works in prod on my 2 tier master system, but doesn't work for vagrant
00:54 Brew add a minion to the master then its just normal salt commands against it
00:55 masterkorp https://groups.google.com/forum/#!topic/salt-users/BU2gksNRHwQ
00:55 masterkorp shameles link for help
00:55 markmarine like stateless salt-call? because I did add a minion, but the master doesn't see itself
00:56 masterkorp any ideas are welcome
00:58 markmarine masterkorp: you need a dash before 'name' on the line above
00:58 markmarine that isn't valid yaml
00:58 tmh1999 joined #salt
00:59 markmarine This should be:     - name: /etc/sensu/plugins-{{ name }}
01:00 masterkorp weird
01:00 masterkorp why does it compain on the line below
01:00 masterkorp derp derp
01:01 masterkorp i will fix it and go to bed
01:02 iggy salt/yaml/jinja/etc does that from time to time when you have multiline stuff above (or includes, or macros, or a list of other things)
01:03 masterkorp thanks guys
01:04 Singularo joined #salt
01:05 markmarine iggy: is there a way to run one state on the salt master, using saltcall? I just want to install pygit2 on the master so it can auth with github
01:06 markmarine and with ubuntu, it's cludgy. you have to download libgit and make from source, plus have libffi, python-dev and cmake installed
01:07 iggy markmarine: there's masterless, I've never used it
01:07 iggy you also need libssh-dev fwiw
01:08 markmarine right, yeah that's at the top of my state
01:08 iggy I would personally make a deb for it
01:08 markmarine I did it manually, then made a state for it
01:08 iggy but that's just me
01:10 markmarine right. so no way to tell salt to run masterless for one single execution then go back to being the master?
01:10 aquinas_ joined #salt
01:11 iggy I believe you can do that
01:11 iggy salt-call --local or whatever
01:11 auser joined #salt
01:13 markmarine ah, I didn't use --local. thanks
01:15 tmh1999 joined #salt
01:15 amcorreia joined #salt
01:16 tmh1999 joined #salt
01:18 shaggy_surfer joined #salt
01:20 baweaver working on opensourcing the gem later if there's any interest.
01:20 baweaver for some reason saltnado throws a fit when you use any form of globbing
01:20 baweaver once I get that one out of the way it's pretty well ready to go.
01:21 MugginsM joined #salt
01:30 otter768 joined #salt
01:48 Eugene joined #salt
01:52 Brew joined #salt
01:53 bfoxwell joined #salt
01:57 cberndt joined #salt
02:02 TTimo joined #salt
02:06 quickdry21 joined #salt
02:07 favadi joined #salt
02:09 Ryan_Lane joined #salt
02:11 michelangelo joined #salt
02:14 subsignal joined #salt
02:17 nitti joined #salt
02:17 che-arne joined #salt
02:25 evle joined #salt
02:25 jhauser_ joined #salt
02:26 markmarine joined #salt
02:28 Edgan joined #salt
02:28 thedodd joined #salt
02:35 bastiandg joined #salt
02:38 shaggy_surfer joined #salt
02:38 rgarcia_ joined #salt
02:42 sjol joined #salt
02:51 saltied_to_the_c joined #salt
02:51 saltied_to_the_c Has anyone tried installing development salt on a base centos 6.5
02:57 bigpup3 joined #salt
02:59 nitti joined #salt
03:11 clintberry joined #salt
03:15 sjol joined #salt
03:19 forrest joined #salt
03:26 cberndt joined #salt
03:31 otter768 joined #salt
03:33 Furao joined #salt
03:33 tmh1999 joined #salt
03:46 bhosmer__ joined #salt
03:54 xsteadfastx joined #salt
03:54 bigpup3 joined #salt
04:01 rvankleeck joined #salt
04:01 rvankleeck joined #salt
04:02 ajw0100 joined #salt
04:03 spookah joined #salt
04:05 balltongu joined #salt
04:06 Cyis|afk joined #salt
04:10 kellnola joined #salt
04:17 GabLeRoux joined #salt
04:18 thedodd joined #salt
04:30 Ryan_Lane joined #salt
04:43 bigpup3 joined #salt
04:49 Furao joined #salt
04:52 saltied joined #salt
05:00 eamo joined #salt
05:01 hal58th joined #salt
05:02 eamo anyone use anything other than ec2 or multiple iaas providers?
05:05 andrew_v joined #salt
05:06 kellnola joined #salt
05:07 monkey66 joined #salt
05:13 monkey66 joined #salt
05:15 desposo joined #salt
05:29 Zachary_DuBois joined #salt
05:31 sjol joined #salt
05:32 otter768 joined #salt
05:49 pravka joined #salt
05:49 che-arne joined #salt
05:52 ramteid joined #salt
05:52 TTimo joined #salt
06:00 nitti joined #salt
06:11 bfoxwell joined #salt
06:20 forze joined #salt
06:30 felskrone joined #salt
06:40 bash1245_ joined #salt
06:44 toanju joined #salt
06:50 malinoff joined #salt
06:51 favadi joined #salt
06:52 krelo joined #salt
07:00 che-arne joined #salt
07:03 AndreasLutro joined #salt
07:06 rvankleeck joined #salt
07:11 krelo joined #salt
07:13 SheetiS I have a problem with salt.modules.yumpkg.  The latest_version stuff reports wrong (and states using pkg.latest) break if you have a noarch package with the same name as an arch package but with an older version number.  I know this is an odd case, but the packages are in a 3rd-party repo.  It seems a bad practice, so I don't know if the right thing is to try and 'fix' the module or something else.
07:13 krelo_ joined #salt
07:13 SheetiS pertinent info coming momentarily in a bpaste.
07:14 phil joined #salt
07:16 colttt joined #salt
07:18 warthog42 joined #salt
07:20 cberndt joined #salt
07:20 TyrfingMjolnir joined #salt
07:21 SheetiS Pertinent info: https://bpaste.net/show/f911d1c1d8e3.  Yum handles this case properly and grabs the one with the highest version number.  Should be look at having yumpkg behave the same way?  I could easily have a pull request that accounts for the change in nearly no time, but was curious other's thoughts.
07:26 flyboy joined #salt
07:26 Auroch joined #salt
07:27 MaliutaLap joined #salt
07:33 otter768 joined #salt
07:38 SheetiS actually it's the output of repoquery --pkgnarrow=available that is bad here.  Fix wouldn't be as easy as i thought.
07:43 krelo joined #salt
07:44 SheetiS I take that last part back.  I'll keep silent about it until i have a working fix.
07:47 dRiN joined #salt
07:50 kivihtin joined #salt
07:53 TTimo joined #salt
07:54 colttt joined #salt
07:59 intellix joined #salt
08:00 wvds-nl joined #salt
08:04 trikke joined #salt
08:09 jri joined #salt
08:12 san4 joined #salt
08:12 san4 joined #salt
08:13 san4 joined #salt
08:13 san4 joined #salt
08:13 san4 joined #salt
08:13 san4 joined #salt
08:15 san4 joined #salt
08:15 san4 joined #salt
08:16 kwatoko joined #salt
08:17 san4 joined #salt
08:17 san4 joined #salt
08:17 hebz0rl joined #salt
08:17 san4 joined #salt
08:17 san4 joined #salt
08:19 san4 joined #salt
08:19 san4 joined #salt
08:19 san4 joined #salt
08:19 san4 joined #salt
08:20 san4 joined #salt
08:20 san4 joined #salt
08:20 andygrunwald joined #salt
08:21 eseyman joined #salt
08:21 san4 joined #salt
08:21 san4 joined #salt
08:22 san4 joined #salt
08:22 san4 joined #salt
08:23 san4 joined #salt
08:23 san4 joined #salt
08:24 SheetiS FYI: I was able to address my issue above with the following: https://github.com/saltstack/salt/pull/21062.
08:25 san4 joined #salt
08:25 san4 joined #salt
08:28 san4 joined #salt
08:28 san4 joined #salt
08:28 san4 joined #salt
08:28 san4 joined #salt
08:29 san4 joined #salt
08:29 san4 joined #salt
08:30 san4 joined #salt
08:30 san4 joined #salt
08:31 jtang joined #salt
08:32 san4 joined #salt
08:32 san4 joined #salt
08:33 san4 joined #salt
08:33 san4 joined #salt
08:33 kawa2014 joined #salt
08:37 andygrunwald joined #salt
08:41 san4 left #salt
08:43 teogop joined #salt
08:43 bluenemo joined #salt
08:43 bluenemo joined #salt
08:47 stoogenmeyer joined #salt
08:49 karimb joined #salt
08:49 lb1a joined #salt
08:54 TTimo joined #salt
08:59 alanpearce joined #salt
09:01 ndrei joined #salt
09:01 ndrei_ joined #salt
09:03 Guest31320 joined #salt
09:05 andygrunwald joined #salt
09:07 mattiasr joined #salt
09:08 jri joined #salt
09:08 I3olle joined #salt
09:14 jtang joined #salt
09:17 bastiandg joined #salt
09:20 jespada joined #salt
09:22 M0nteZ joined #salt
09:22 jahmed joined #salt
09:27 jahmed has anyone moved from puppet to salt
09:27 jahmed just hunting for some good reasons to move to salt from puppet
09:27 intellix joined #salt
09:29 AndreasLutro jahmed: I haven't, but I did read this article when trying to decide on which provisioning tool to use http://ryandlane.com/blog/2014/08/04/moving-away-from-puppet-saltstack-or-ansible/
09:31 Xiao joined #salt
09:33 otter768 joined #salt
09:36 M0nteZ Jahmed: Ia have never used puppet or salt, my experience is: after two days of installing puppet master, i tried salt and i was up and getting test.ping True in 4 hours
09:36 paulm- joined #salt
09:37 nbari joined #salt
09:37 nbari joined #salt
09:38 nbari hi all, how can i purge/clean the salt cachedir
09:38 nbari i am running out of diskspace
09:38 M0nteZ Could someone point a salt-beginer in writing a sls file to download .deb package from master and if it is not installed to install it. minions have no internet access
09:39 paulm-- joined #salt
09:39 M0nteZ this works in my test but is using internet to fetch the package and install it:, mosquitto:   pkg.installed:     - skip_verify: True     - source: salt://mosquitto/mosquitto_0.15-2_armel.deb
09:40 zer0def curious: does jinja allow for regex comparisons?
09:42 AndreasLutro zer0def: not out of the box, no
09:43 nbari how to clear all the jobs ?
09:44 alanpearce left #salt
09:45 zer0def AndreasLutro: thanks
09:46 jtang ive moved from cfengine to puppet to ansible to salt
09:46 jtang salt isn't bad compared to puppet
09:48 bhosmer_ joined #salt
09:53 anurag_ joined #salt
09:54 ninkotech_ joined #salt
09:55 N-Mi_ joined #salt
09:55 chiui joined #salt
09:57 ssm jtang: you forgot chef on the way? :)
10:01 jtang yea, well i had puppet back then and chef didnt really appear on my radar
10:02 jtang i came across ansible/salt by accident and i converted my setup to ansible and never looked back
10:02 jtang i've only been *really* using salt in the last two months as a learning exercise
10:05 bhosmer joined #salt
10:11 rvankleeck joined #salt
10:21 ekle joined #salt
10:23 huddy joined #salt
10:24 KermitTheFragger joined #salt
10:26 zwevans joined #salt
10:36 tomspur joined #salt
10:41 bluenemo joined #salt
10:41 jri left #salt
10:42 Fiber^ joined #salt
10:42 amcorreia joined #salt
10:43 Nazca__ joined #salt
10:46 intellix joined #salt
10:50 ramteid joined #salt
10:56 TTimo joined #salt
10:59 jri joined #salt
11:02 schup joined #salt
11:04 ltsampros joined #salt
11:04 amcorreia_ joined #salt
11:05 giantlock joined #salt
11:21 evle joined #salt
11:23 ndrei joined #salt
11:23 ndrei_ joined #salt
11:26 jhauser hello, is it possible to change the shell-$PATH for salt modules?
11:27 jhauser we have an alternative install of hg, but I can not search the environment path for the hg state module
11:27 jhauser s/search/set(
11:29 jri_ joined #salt
11:34 otter768 joined #salt
11:37 bhosmer joined #salt
11:41 ekle is it possible to set win_gitrepos to a subfolder ?
11:57 TTimo joined #salt
11:59 beerbelott joined #salt
12:03 beerbelott How do you configure thin_dir for salt-ssh?
12:06 jri joined #salt
12:15 bhosmer joined #salt
12:19 scottpgallagher joined #salt
12:35 I3olle joined #salt
12:40 chupetito joined #salt
12:41 chupetito good morning
12:42 diegows joined #salt
12:42 chupetito I am trying to use this RPM command in a salt state: rpm -V audit | grep '$1 ~ /..5/ && $2 != "c"'   . but it looks like cmd.run cant handle the | . Is there a good way to handle this in a state?
12:43 ocdmw joined #salt
12:47 rvankleeck joined #salt
12:47 rvankleeck joined #salt
12:48 TTimo joined #salt
12:49 crack joined #salt
12:49 Xiao joined #salt
12:50 bhosmer joined #salt
12:50 jeddi chupetito: i've got plenty of .sls files that include | -- you sure it's breaking on pipe?
12:51 jeddi chupetito: you could try wrapping the entire cmd in quotes.  I see you've got both apostrophes and quotes in there - you may need to escape the inner quotes if you wrap the whole thing in quotes (speculating)
12:52 TyrfingMjolnir joined #salt
12:54 chupetito hi Jeddi. thanks for checking on this. What do you mean scape the innner quotes?  the double quotes in c?
12:55 jeddi chupetito: i mean you may need to put \" where you've got " now
12:56 intellix joined #salt
12:56 jeddi chupetito: you'd have to experiment a bit -- until others pop in to provide experienced insight.  but, as i say, i know | works just fine in both my cmd.run and -unless stanzas.
12:56 chupetito oh ok, let try that.... i'll report in a sec.
12:56 jeddi chupetito: i mean escape your " characters IFF you're going to wrap the whole line in " "
12:57 jeddi chupetito: the other way you could do it is push out a .sh file that includes this command, and call the shell script from the cmd.run
12:58 chupetito jiddi, trying to avoid using .sh it i can. trying to keep things "salty"
12:58 jeddi chupetito: get it working today - make it beautiful tomorrow.  :)
12:59 ekle is it possible to set win_gitrepos to a subfolder ?
12:59 jri joined #salt
12:59 chupetito jeddi, ok, you convinced me :-)
13:00 jeddi chupetito: alternatively - what's that actually doing?  (i use apt-get rather than rpm) ... have you trawled the doc for rpm support in salt to see if there's a primitive that can do this more effectively?  or perhaps chain a few cmd.run's with require: and unless:
13:01 vectra joined #salt
13:03 chupetito jiddi,the command checks for files that should match the information given by the RPM database... its a check essentially. If something is returned then is an alert I need to produce. I dont know how to chain cmd.run
13:05 jeddi chupetito: aha - okay.   chaining may not be possible, just re-looking at the cmd line you're using.  and yeha, it's more likely the ~, !, or && that's causing you problems than the |.
13:05 jeddi us apt-get users don't need to check that apt-get actually did what apt-get said it was going to do.   ; )
13:05 malinoff joined #salt
13:06 ponpanderer joined #salt
13:08 GabLeRoux joined #salt
13:10 zwevans left #salt
13:14 favadi1 joined #salt
13:18 chupetito jeddi, i give up. im using bash
13:21 wnkz joined #salt
13:22 Hybrid joined #salt
13:23 CeBe joined #salt
13:23 stoogenmeyer joined #salt
13:25 andygrunwald joined #salt
13:27 jtang joined #salt
13:27 andygrunwald Hey, we are looking for a solution with a kind of master slave setup for slapstick. We got three datacenter, one in US, one in EU and one in china. Our master slapstick server is located in EU. The connection to our minions in US is fine. But the connection to china is slow as hell. The idea was to setup a syndic server in china, but we are running into https://github.com/saltstack/salt/issues/19864 ... Is there any kind of alternative to work with mi
13:27 andygrunwald nions ins china without raising the timeout as high as possible?
13:32 Hybrid joined #salt
13:33 dyasny joined #salt
13:35 favadi1 joined #salt
13:35 mpanetta joined #salt
13:35 otter768 joined #salt
13:37 jeddi chupetito: beautiful tomorrow, remember!
13:40 numkem joined #salt
13:45 subsignal joined #salt
13:48 ocdmw joined #salt
13:50 wincus joined #salt
13:56 __number5__ andygrunwald: are you using vpn between eu and china?
13:57 paulm- joined #salt
13:59 bhosmer joined #salt
13:59 paulm-- joined #salt
14:00 jeremyr joined #salt
14:01 bhosmer joined #salt
14:01 agrunwald_ joined #salt
14:02 agrunwald_ __number5__, should be, yes.
14:02 agrunwald_ why? connection still heavy slow.
14:02 racooper joined #salt
14:02 rvankleeck_ joined #salt
14:03 guiguite joined #salt
14:03 guiguite hello,
14:04 guiguite I found that the {{ env }} variable can give me the file_roots environment in use
14:04 ocdmw joined #salt
14:04 guiguite it's fine, but I need the equivalent for the pillar environment in use
14:04 bluenemo joined #salt
14:05 guiguite I tried pillar['env'], and pillar.get( "env" )
14:05 _ale1_ joined #salt
14:06 guiguite and there is no value inside
14:06 ltsampros quick question
14:06 guiguite may someone help me ?
14:07 JDiPierro joined #salt
14:07 ltsampros I'm trying out the salt-api using the cherry-py module. While I can authenticate and submit a job using the /minions URL, I cannot query the /jobs URL. I always get a 401 Unauthorized even if I use the X-Auth-Token header.
14:07 ltsampros any ideas?
14:09 mr-op5 joined #salt
14:10 whiteinge ltsampros: does your eauth config include @jobs or @runners?
14:12 Akira01 joined #salt
14:12 Akira01 Hi all
14:13 whiteinge guiguite: I don't think that is exposed anywhere. Mind filing a feature request?
14:17 nitti joined #salt
14:18 toanju joined #salt
14:18 guiguite whiteinge: sorry, but : how do I do that ? On github ?
14:25 whiteinge guiguite: yes, exactly
14:26 primechuck joined #salt
14:30 guiguite k, I'll do that quickly
14:32 ltsampros whiteinge: hmmm. let me check
14:32 ltsampros whiteinge: for the user I authenticated with it includes - .*
14:35 perfectsine joined #salt
14:37 TTimo joined #salt
14:39 jdesilet joined #salt
14:42 whiteinge ltsampros: check the "external auth" docs. You need access to runners too
14:43 whiteinge guiguite: was thinking over how to implement this and realized the best (and simplest) method would be to set it in pillar yourself:
14:44 whiteinge In a pillar file that is sent to all minions make a variable: like `pillar_env: {{ env }}`
14:44 whiteinge (Untested)
14:45 mikkn joined #salt
14:45 whiteinge Then you can pillar.get('pillar_env')
14:45 guiguite thx whiteinge : that's what I'll do as a workaround. Anyway, I think it would be cool if this context variable could be added in the future
14:47 dude051 joined #salt
14:49 ltsampros whiteinge: many thanks
14:49 ltsampros whiteinge: btw is it normal that a jobs.list_jobs command from the python api takes around 1.5 secs to complete?
14:52 kaptk2 joined #salt
14:53 Brew joined #salt
14:53 JDiPierro joined #salt
14:54 whiteinge Yes on the current version. The switch to event-based runners slowed things down a bit. It's in need of improvements.
14:56 ltsampros current == 2015.02rc1 or 2014.7 ?
14:56 gngsk joined #salt
14:57 favadi left #salt
15:00 clintberry joined #salt
15:03 teebes joined #salt
15:05 pravka joined #salt
15:06 _ale1_ joined #salt
15:09 ltsampros whiteinge: and a 2nd question is using a master_job_cache: redis (example) will improve things right ?
15:14 kivihtin joined #salt
15:15 agrunwald_ joined #salt
15:19 lietu joined #salt
15:22 _ale1_ joined #salt
15:22 debian112 joined #salt
15:22 _JZ_ joined #salt
15:22 pdayton joined #salt
15:23 andrew_v joined #salt
15:23 dkrae joined #salt
15:24 ocdmw joined #salt
15:25 ninkotech joined #salt
15:26 lietu joined #salt
15:27 rojem joined #salt
15:27 wincus joined #salt
15:28 ltsampros question: when a returner is configured, data are returned using the returner only?
15:29 ltsampros i.e. commands like jobs.lookup_job won't work anymore
15:29 ltsampros (on the master)
15:29 ltsampros right?
15:31 smcquay joined #salt
15:33 scottpgallagher anyone running salt-master in a docker container and have an issue with it reporting back the output of the salt commands?
15:36 otter768 joined #salt
15:36 ipmb joined #salt
15:37 jdesilet joined #salt
15:38 ccarney_ROCC joined #salt
15:38 ccarney_ROCC left #salt
15:39 Akira01 Hi. I just do research on deployment tools as I have to decide what tool should be used in our company... could someone of you give me some input why I should use Salt insead of Ansible?
15:39 stylica joined #salt
15:39 TTimo joined #salt
15:40 Akira01 From techical operations point of view Salt seems to be the better tool.... but our R&D department is more into ansible....
15:40 conan_the_destro joined #salt
15:40 malinoff Akira01, they're both in their baby age, try them both and pick one you prefer
15:41 malinoff they can solve some problems, although introducing new, related to the tool used :)
15:42 stylica joined #salt
15:42 malinoff from my experience, salt is better for complex systems due to stuff like reactor and mine
15:42 andrew_v joined #salt
15:43 malinoff ansible is better to solve simple repeating tasks without installing agents, like "restart service X on N servers"
15:45 sander_____ joined #salt
15:45 GabLeRoux_ joined #salt
15:46 Akira01 I have to maintain servers in 4 DCs externally with about 400 Servers and 1000 Clients.... 80% Windows and the rest RAC Clusters
15:48 malinoff Akira01, then you should go with salt
15:48 malinoff ansible is not that good with managing windows boxes
15:48 Akira01 If Salt/Ansible is able to operate also with very slow connections than I can add another 500 Windows and 300 Linux Clients
15:49 Akira01 What about the GUI Halite? Is there still development done ... because when I take a look into the source coe there is not so much progress
15:53 che-arne joined #salt
15:53 malinoff Akira01, i believe saltpad is the way to go
15:54 malinoff i'm not using salt by myself (i was using it for a year like a year ago, v0.16.x) so I can't really say much about all these new things
15:55 rypeck joined #salt
15:55 subsignal joined #salt
15:56 subsignal joined #salt
15:57 TTimo joined #salt
15:58 perfectsine joined #salt
15:58 kermit joined #salt
15:59 Akira01 Many thanks for the information... see you
16:02 sander_____ Does anyone know of a ganglia formula?
16:03 markmarine joined #salt
16:04 whiteinge ltsampros: that started in 2014.7. using the master_job_cache will be subject to the same initial delay. but the jobs runners are smart enough to query redis for the data
16:04 smcquay joined #salt
16:04 dude^2 joined #salt
16:05 kanaka_ joined #salt
16:06 dude^2 joined #salt
16:07 ltsampros whiteinge: didn't get the second sentence.
16:08 samnmax joined #salt
16:12 jalbretsen joined #salt
16:16 bmac2 joined #salt
16:21 tkharju joined #salt
16:22 theologian joined #salt
16:23 tomspur joined #salt
16:23 holms joined #salt
16:23 rgarcia_ joined #salt
16:24 holms i'd even pay for support.. i'm so stuck with vagrant and salt in here. I just can't make roles+grains work with it: http://pastebin.com/jRuMVUdw is anything invalid in here? i've got common executed, rest is not reacting at all
16:24 holms stuck for 3 days already
16:24 holms i've read everything i've could
16:26 igorwidl salt 'yourminion' grains.items  does it return the roles grain properly?
16:28 forrest joined #salt
16:29 ocdmw joined #salt
16:31 clintberry1 joined #salt
16:31 lietu joined #salt
16:31 ajw0100 joined #salt
16:32 Gareth morning morning
16:34 holms igorwidl: good tip thanks
16:34 holms now i have problem with osx
16:34 holms Romans-MacBook-Air:repo holms$ sudo salt minion grains.items
16:34 holms WARNING: '/etc/salt' directory does not exist.
16:36 ocdmw joined #salt
16:37 tligda joined #salt
16:37 igorwidl holms: actually you are running salt masterless so that warning is probably alright
16:37 igorwidl holms: what command you use to run states?
16:38 Eugene left #salt
16:38 holms igorwidl: vagrant provision vmname
16:38 holms i've installed salt, seems to be not really suited for osx ;D
16:40 iggy salt master (or masterless) on osx isn't really a tested configuration
16:41 rap424 joined #salt
16:41 tcotav holms - where does vagrant fit into what you're doing w/osx?  I only ask because most times I want the masterless salt running inside my VM
16:42 wendall911 joined #salt
16:42 tcotav I've never used it out in osx
16:42 samnmax hello :-)  I'm running salt-ssh and getting an error "An Exception occurred while executing state.highstate: local variable 'homedir' referenced before assignment" - none of the logging options are telling me anything about this, is there a way to get a traceback?
16:51 genus joined #salt
16:55 ocdmw joined #salt
16:55 giantlock joined #salt
16:56 jeremyr joined #salt
16:56 andrew_v joined #salt
17:02 holms tcotav: i tried running on osx, as it was said to me now :D
17:02 holms ok i'll to try run it inside
17:03 markmarine I setup a two (or more) machine config using vagrant and salt inside the machines (in a master -> minion setup)
17:03 mattiasr joined #salt
17:03 markmarine I can share my Vagrant file if that helps
17:03 markmarine works with osx, sets everything up using slat
17:03 markmarine salt
17:04 holms markmarine: would be nice, if you're using grains/roles
17:04 holms i'd die to see it
17:04 holms provisioning vm now will check that cmd inside
17:04 holms markmarine: http://pastebin.com/jRuMVUdw that's what i have
17:04 holms vagrantfile is a bit irrelevant to me, i have some nifty one, with included configs and etc.
17:04 holms it's just a ruby anyway
17:05 markmarine lemme check this into github so you can see the whole package, one second
17:08 markmarine https://github.com/MarkMarine/bootstrap_salt_vagrant
17:08 markmarine that's what I use
17:09 markmarine you should just be able to clone that, vagrant up master, vagrant up minion and then start going
17:09 timoguin joined #salt
17:09 theologian joined #salt
17:09 markmarine you can assign grains/roles in the config files for the minions that get synced over
17:10 markmarine I have to walk to work but I'll be on later if you have any questions about that
17:10 holms it's not masterless setup?
17:10 markmarine you can use the master as masterless if you like
17:10 timoguin joined #salt
17:10 holms having roles/grains in minion file itself, while using vagrant provision command (in a high state) should work? :)
17:12 holms igorwidl: can't figure out how to run this command inside vm "salt 'yourminion' grains.items"
17:14 igorwidl holms: not familiar with vagrant myself.
17:15 holms well
17:15 holms you just run `vagrant provision` command
17:15 holms and in vagrantfile you specify minion config path
17:15 holms and it installs salt inside vm, and runs it in highstate
17:15 holms so i have minion config and i have top.sls, where i'm trying to use grains and it doesn't work
17:16 holms base "*" works, and 'roles:dev' is not
17:16 igorwidl holms: hmm, inside the vm salt-call --local state.highstate works?
17:17 MatthewsFace joined #salt
17:17 holms yeah
17:17 holms with error
17:17 holms http://pastebin.com/UNtub0K9
17:17 iggy why don't you try manually setting this all up instead of trying to use 2 things you don't understand to achieve some goal that is actually kind of unclear
17:18 holms becauase i rely on software for documented features?
17:18 holms like.. http://docs.vagrantup.com/v2/provisioning/salt.html specify minion
17:19 holms run command, and it does all for you, what you minion requires?
17:19 igorwidl holms: looks like you arelmost there, how about satl-call --local grains.items ?
17:19 holms it's kind of wrapper for salt-call probably
17:20 holms igorwidl: http://pastebin.com/S3xPkCCg :}
17:20 iggy well, in general if you've got 4 layers of indirection around something and you're having problems, try taking some of those layers away
17:20 iggy and if you want vagrant support, I'm guessing they have their own irc channel
17:20 holms iggy: i'm pretty sure that having minion config with vangrant and without vagrant pretty much won't change a result
17:21 KyleG joined #salt
17:21 KyleG joined #salt
17:21 iggy except... it obviously is
17:21 holms just asking how to use minion config with grains and also top.sls. my current setup doesn't work
17:21 holms probably could be tested on any vm without vagrant too
17:21 holms i can try on digital ocean
17:22 holms (would be nice to provision machine outside of that machine actually)
17:22 iggy so do it on a regular VM, if you still have problems, then you've just narrowed down where the issue is
17:22 holms k
17:22 igorwidl holms: the grain is fine. its not finding the mysql and nginx state files.
17:23 andrew_v joined #salt
17:24 holms igorwidl: you can write into top.sls formula names right?
17:24 igorwidl holms: try cd /srv/salt .. then find .
17:24 holms http://pastebin.com/8R5Y1u5r
17:25 holms probably top.sls is incorrect then
17:25 holms http://pastebin.com/ZaJfSfW7
17:26 dimeshake on masterless, i think you will need to define the path to the formulas as well if you don't have them in your /srv/salt directory
17:27 igorwidl add /srv/salt/formulas/mysql and /srv/salt/formulas/nginx to file roots
17:27 whytewolf nested subdirectories. fun
17:28 che-arne joined #salt
17:31 andrew_v joined #salt
17:33 ben_NN joined #salt
17:33 ninedragon joined #salt
17:34 Sypher joined #salt
17:34 dude051 joined #salt
17:34 spookah joined #salt
17:35 ben_NN Hi all
17:37 otter768 joined #salt
17:38 ben_NN is someone use state pkg.latest with watch: to pkg.verify to keep a pkg up2date to the version he want?
17:40 masterkorp Hello
17:40 masterkorp on a git state
17:40 masterkorp Host key verification failed.
17:40 masterkorp I am getting this
17:40 lietu joined #salt
17:40 masterkorp can I set the state to accept the host key dinamically
17:40 masterkorp ?
17:41 ben_NN Hi masterkorp
17:42 holms igorwidl: you have a path for every formula? s'rsly?
17:42 holms i mean why..
17:42 holms haven't seen in any of 5 automation systems before anything like this
17:43 ben_NN you can use http://docs.saltstack.com/en/latest/topics/tutorials/preseed_key.html to generate minion key on your master and post them somewhere safe where minion could get and remove them duriing the pressed
17:43 karimb joined #salt
17:43 Sypher joined #salt
17:46 dimeshake holms: you can symlink them into /srv/salt if that's more your style
17:46 holms dimeshake: maybe you can show your minion config?
17:46 holms you stating the path of every formula in there?
17:46 dimeshake i don't really have anything special in minion config at all - i don't run masterless, though
17:46 igorwidl holms: dont use external formulas myself
17:47 holms i'm dying in terms =/
17:47 thehaven joined #salt
17:47 holms what does it means 'external formulas"
17:47 holms i have a normal formula inside "salt/formulas"
17:47 dimeshake formulas are states that are meant to be reused. you can keep them outside of the normal state tree (/srv/salt) and refer to them via file_roots
17:47 dimeshake the norm would be /srv/formulas for example
17:48 holms which is like in chef you have roles (which is formulas in salt), in ansible it's also roles, all lies in folder "ROLES"
17:48 igorwidl by that i mean, states made by somebody outside of my company
17:48 victor- joined #salt
17:48 holms dimeshake: i keep them in /srv/salt/formulas
17:48 victor- how do i get salt to branch for ubuntu vs centos?
17:48 dimeshake i would not do that holms
17:48 dimeshake but you can try referring to them as if they're a state
17:48 holms root@zipier:/srv/salt/formulas# ls
17:48 dimeshake try calling it as formulas.nginx or formulas.mysql
17:48 holms common  mysql  nginx  zipier
17:48 holms where do you hold them :)
17:49 holms dimeshake: oh great thanks
17:49 dimeshake i keep them in /srv/formulas and symlink them into /srv/salt
17:49 dimeshake to keep them separate and not define each file root
17:49 holms understood
17:49 holms then i was doing non-default behavior in here
17:50 dimeshake http://docs.saltstack.com/en/latest/topics/development/conventions/formulas.html
17:50 dimeshake a few different approaches listed there
17:52 che-arne joined #salt
17:53 nullptr joined #salt
17:56 holms dimeshake: the only thing which confuses me is that "common" formula is found in /srv/salt/formulas/ directory, and it's been executing correctly
17:56 holms rest of them which is located in there "nginx" and "mysql" says it can't be found
17:56 piru_ joined #salt
17:56 smcquaid joined #salt
17:56 desposo joined #salt
17:56 holms how this can be?
17:57 holms common is located under base: "*":
17:57 holms rest is located under base: "roles:dev":
17:57 holms oh ok
17:57 holms i'm an idiot
17:58 shaggy_surfer joined #salt
17:58 dimeshake haha what'd you spot?
17:58 markmarine joined #salt
17:58 shaggy_surfer joined #salt
17:58 holms mysql/mysql is a real formula
17:59 holms third formula which was exactly same as "common" been also not found, now checking all of them
17:59 Jim___ joined #salt
18:01 murrdoc joined #salt
18:01 murrdoc morning
18:01 holms hello :}
18:02 Jim___ Good morning, I'm new to salt - I have a states question.  If I want to manage an entire directory (make sure directory and the files within exist), is there an easy way to do so?  Currently I have many file.managed entries - would like to consolidate if possible.
18:03 markmarine joined #salt
18:04 Ryan_Lane joined #salt
18:04 whytewolf Jim___: file.recurse http://docs.saltstack.com/en/latest/ref/states/all/salt.states.file.html#salt.states.file.recurse
18:05 holms ok so my issue was dumb as f**k
18:05 kbyrne joined #salt
18:05 gmoro joined #salt
18:05 holms because 2 formulas was incorrect/invalid
18:05 holms i've got one formula executed, and i've got no errors about other formulas.. oh well
18:06 holms although i've even set instant-fail param in minion
18:06 GrueMaster Somewht.
18:06 rojem joined #salt
18:07 hackel_ joined #salt
18:07 StDiluted joined #salt
18:07 holms igorwidl: thanks to your hint
18:08 holms which revealed an error
18:08 holms will be doing so from the inside as much as I can
18:08 holms inside of vm* manually*
18:08 holms igorwidl: would donate a beer or smtng
18:09 Jim___ Cheers, whytewolf.
18:09 igorwidl holms: np, pass it along
18:10 bash124__ joined #salt
18:11 jngd joined #salt
18:11 andrew_v joined #salt
18:13 murrdoc see y'all wednesday
18:13 murrdoc we should do a irc beer meet
18:13 murrdoc ask iggy questions
18:13 murrdoc keep it like irc
18:13 murrdoc :)
18:15 masterkorp can I set the git state to accept the host key dinamically
18:17 iggy murrdoc: what day do you actually get in?
18:17 bhosmer__ joined #salt
18:18 JDiPierro joined #salt
18:19 murrdoc late on tuesday
18:19 murrdoc like 10 ?
18:20 iggy ouch
18:20 iggy So... see you Wednesday then
18:20 murrdoc yeah
18:20 murrdoc i lose an hour travelling from chicago to slc
18:20 iggy same (Houston)
18:20 murrdoc so leave after work day
18:20 murrdoc stay til about 2 on thursday
18:20 iggy I'm "working from home" Monday
18:21 murrdoc "yeah"
18:21 iggy doing the advanced class on Tuesday
18:21 murrdoc oh nice
18:21 murrdoc who is taking that class
18:21 murrdoc that should be dope
18:21 iggy you'd have to ask the pi of base or utahdave if he ever popped in anymore
18:21 murrdoc is the agenda up already
18:21 iggy no
18:22 iggy "No later than Monday"
18:22 murrdoc i got an email about install an app
18:22 iggy so yeah, you called it like 2 weeks ago
18:22 iggy I know I'm talking Thursday morning
18:23 murrdoc cool, gotta catch that talk
18:23 murrdoc http://eventmobi.com/saltconf15/
18:24 lz-dylan Will saltconf talks end up on youtube or similar?
18:24 murrdoc that actually has the agenda
18:24 murrdoc so thats dope
18:25 SheetiS joined #salt
18:25 murrdoc http://eventmobi.com/saltconf15/agenda/94463/505535
18:25 murrdoc that sounds interesting
18:26 iggy yeah, nobody come to my talk
18:26 iggy I expressly forbid it
18:26 murrdoc course ryan's talk http://eventmobi.com/saltconf15/agenda/94463/505549
18:27 shaggy_surfer joined #salt
18:29 hal58th I am doing the SaltStack for DevOps and Configuration Management class instead of Advanced Salt. There is just to much I don't know. Also doing the Basic class even though I think I have it all covered. But I figured I would have a better chance of passing the SSCE exam if I took it.
18:29 lz-dylan I'd love to catch these talks but probably won't be able to be present :/
18:30 tomh- joined #salt
18:31 bluenemo joined #salt
18:31 bluenemo joined #salt
18:31 germs_ joined #salt
18:32 [LF]1 joined #salt
18:33 [LF]1 Hi everyone! Is it possible to somehow use grains in onlyif or unless options?
18:34 iggy yes! Ryan's talk is the same time as mine (along with overview of saltstack enterprise UI)... that should mean nobody shows up for my talk
18:34 ajw0100 joined #salt
18:34 iggy (in case you couldn't tell, I'm a bit nervous)
18:34 hal58th How many times have you practiced your presentation iggy?
18:34 iggy [LF]: example?
18:35 iggy hal58th: does talking to my cat count?
18:35 hal58th iggy: As long as you did it from start to finish, yes
18:35 [LF] deploy different sets of nagios plugins based on the server role
18:36 clintber_ joined #salt
18:36 davet joined #salt
18:36 iggy [LF]: that's what the top file is for
18:36 LittUp hey guys, i've got a query about why something fixed an issue i was having because i don't understand it.  i had a state to build/install/run  collectd 5.x on centos, the cmd.run for the make was dependent on a pkg.install of all the required dependencies but each time i ran it, the make would fail with unmet dependencies but running it a second time would finish successfully.  i added a saltutil.sync_all in between installing d
18:36 LittUp i really don't understand why
18:37 iggy 'roles:db':\n - match: grain\n - nagios.plugins.mysql
18:37 iggy or something
18:37 hal58th Littup: So let me ask a few questions.
18:37 tmh1999 joined #salt
18:38 iggy LittUp: you got cut off
18:38 [LF] iggy: so the solution is to create states for every set and apply the correct one in the top file, is that correct?
18:38 sijis whiteinge: can i do grains calls via api? .. like salt -G custom_grain:True .... type calls?
18:38 TyrfingMjolnir joined #salt
18:38 iggy [LF]: generally
18:38 davet joined #salt
18:38 LittUp iggy: "consistently" was the end of my sentence ;p forgot a full stop
18:38 LittUp hal58th: fire away!
18:39 hal58th [LF] You can also use an "if statement" in your sls file. You can do 'if some grain' do this state. And repeat.
18:39 iggy [LF]: sometimes it's legitimate to "{% if salt['grains.get']('roles:db') %} ... do stuff ... {% endif %}" in the state files... but that's really what the top file is for
18:40 hal58th Why are you using saltutil.sync_all? What's the goal?
18:40 iggy [LF]: the problem with if's in the state file is you can't look at the top file (which should be your source for targetting) and tell what system has what
18:40 iggy LittUp: "between installing de"
18:40 [LF] got it! thanks guys! :-)
18:41 LittUp hal58th: there is no goal and i don't really know why i'm using it.  it was a "i wonder if this will solve it for some reason" and it did
18:41 hal58th Hmmmm, I don't think it's needed.
18:41 LittUp my logic was that if it failed the first run, but finished correctly the second time, something was happening in between
18:41 LittUp and i know thing get synced each run right?
18:41 iggy LittUp: can you paste your states to refheap/gist/etc?
18:41 pcdummy joined #salt
18:42 hal58th I just don't know what you are trying to "sync". You just run your highstate twice in a row and that would probably get you the same result without the sync
18:42 LittUp hal58th: but having to run it twice isn't really a solution for me when it "should" work first time
18:42 LittUp iggy: yeah will do, give me a second
18:43 hal58th Yes it should. Something is probably just not configured correctly. I have never had to use a sync unless I would update some configuration or module on the master.
18:44 LittUp hal58th: yeah exactly, that's why i don't understand why it fixes the problem haha
18:44 LittUp iggy: https://gist.github.com/miragej/b82b72b1b6cd15e477a7
18:45 LittUp please excuse the crudeness of it, i'm in the process of tidying it up now that it's kinda working
18:46 hal58th Your require needs a - in front of it.
18:46 amontalban joined #salt
18:46 hal58th one sec, let me format it back to you
18:47 LittUp ahh bollocks, so it wasn't actually ordering correctly?
18:47 LittUp but wait, i thought it ran top to bottom anyway? :/
18:47 LittUp even without explicit ordering
18:49 iggy it does... until you start throwing requires in there
18:49 hal58th https://gist.github.com/hal58th/9351a000f74ac9375baa You just messed up the formatting of the state file. It won't give you an error most of the time.  https://gist.github.com/hal58th/9351a000f74ac9375baa
18:49 hal58th woops, pasted twice
18:50 iggy my general suggestion is either stick to top-down ordering... if you have to put an explicit require, put them on everything
18:50 LittUp hal58th: i see, thanks for that, but even if the require was efftively not working, the top down order was still correct right, so should have worked?
18:51 iggy LittUp: can you paste the output of "salt-call -l debug state.highstate" x2 ?
18:51 LittUp and also, how did adding the sync_all make it work? or was that just a coincidence
18:51 douglassssssssss joined #salt
18:51 hal58th Basically it thought your collectd was a "require" module because you put it at that level. It should be next level, and with a dash in front of it.
18:51 hal58th Just coincidence
18:51 hal58th You ran it twice, it was always going to work the second time.
18:51 LittUp right, makes sense, much appreciated
18:51 LittUp iggy: thanks for helping also ;p but looks like we've cracked it!
18:52 hal58th left #salt
18:52 hal58th joined #salt
18:52 iggy but you still have to run it twice
18:52 hal58th You are welcome LittUp
18:52 iggy that doesn't sound fixed to me
18:53 hal58th iggy, he hasn't fixed the require yet. It should work after he tweaks it
18:53 LittUp iggy: well i'm gonna try it with the fix
18:53 Ryan_Lane ugh. the new salt UI is enterprise only?
18:53 iggy Ryan_Lane: yes, they said that a while back
18:53 Ryan_Lane -_-
18:53 hal58th Yeah I was severely disappointed in that too.
18:53 iggy LittUp: if it doesn't (I don't think it will), paste the output
18:53 Ryan_Lane what's the benefit of Salt over Ansible now?
18:54 iggy more modules?
18:54 LittUp iggy: will do
18:54 Ryan_Lane one the major advantages was that it wasn't open core
18:54 hal58th Cooler people
18:54 iggy haven't looked at ansible in a while, so I don't know
18:54 samnmax joined #salt
18:54 hal58th Got to make money somehow I guess. Got to impress your Enterprise customers.
18:55 Ryan_Lane (of course, there's lots of reasons I prefer salt, but saying there weren't any proprietary features of salt was a major selling point)
18:55 iggy agreed
18:55 Ryan_Lane that also means I'll never contribute to the UI
18:56 iggy saltpad!
18:56 samnmax quick question:  is the only way to run the salt command line to be ssh'd into the salt-master host?
18:56 iggy salt-api + pepper
18:56 Ryan_Lane samnmax: yes/no
18:56 Ryan_Lane ^^ that :)
18:56 timoguin joined #salt
18:56 samnmax great, at least there's a yes
18:58 samnmax thanks, I'll look those up
18:58 Ryan_Lane samnmax: there's a few ways, salt-api + pepper is a good option
18:58 Ryan_Lane peer calls are also an option
18:58 Ryan_Lane the cli calls for peer calls are ugly, though
18:59 hal58th samnmax http://bencane.com/2014/07/17/integrating-saltstack-with-other-services-via-salt-api/
19:00 * Gareth looks for a module that *always* returns False
19:00 Ryan_Lane Gareth: state or execution?
19:00 Gareth Ryan_Lane: execution.
19:00 baweaver joined #salt
19:00 Ryan_Lane Gareth: http://docs.saltstack.com/en/latest/ref/states/all/salt.states.test.html#module-salt.states.test
19:00 Ryan_Lane ah
19:01 Ryan_Lane Gareth: http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.test.html#salt.modules.test.assertion
19:01 Gareth Ryan_Lane: thanks.  let me try this one.
19:01 nullptr joined #salt
19:02 Ryan_Lane I wonder when this was added. it's not in my version
19:02 iggy 2014.7
19:02 iggy I think
19:02 Ryan_Lane this function wasn't
19:03 Ryan_Lane I'm on 2014.7 and it isn't available for me :)
19:03 Gareth Typo in those docs.
19:04 MTecknology nearly time!!!
19:04 Ryan_Lane I tried assertion and assert
19:04 MTecknology How many of you will laugh at me if I wet myself while I talk?...
19:04 iggy so someone should file a bug about the docs
19:04 Ryan_Lane yep
19:04 iggy (I've done that before and it was ignored, so...)
19:05 Ryan_Lane MTecknology: giving a talk? where at?
19:05 Ryan_Lane good luck
19:05 Ryan_Lane I'm giving one on salt tonight too
19:05 iggy MTecknology: I'll splash some water on my crotch and say all the cool kids are doing it
19:05 Ryan_Lane for those not in SF, it'll be streaming, too
19:05 Ryan_Lane https://www.eventbrite.com/e/masterless-saltstack-on-aws-orchestration-and-config-management-tickets-15659270299
19:05 MTecknology Ryan_Lane: saltconf
19:05 MTecknology iggy: :D
19:05 Ryan_Lane isn't saltconf next week?
19:06 Gareth It is.
19:06 iggy I'd hope you know
19:06 Ryan_Lane :D
19:06 iggy since you're presenting
19:06 MTecknology Ryan_Lane: I'm still nervous about it now, and wednesday is very much not very far away.
19:06 Ryan_Lane heh
19:07 SheetiS MTecknology: you also presenting @saltconf?
19:07 MTecknology yup
19:07 Ryan_Lane I really need to write my other talk for saltconf
19:07 hal58th Whats your talk called MTeck?
19:08 MTecknology from chaos to order
19:08 SheetiS From Server Chaos to Order with SaltStack
19:08 SheetiS nice
19:08 Ryan_Lane :D
19:08 Ryan_Lane MTecknology: what's it going to be about?
19:08 baweaver Ryan_Lane: I'll have to look into it
19:08 MTecknology I'm scared shitless about having to talk in front of anyone that isnt' me... but, I'm excited to share. I hope I do well enough they want to put it online.
19:08 darien oh
19:08 darien hey
19:09 baweaver Just practice a lot and hallway test it with a few people in your office / home / etc
19:09 darien MTecknology: I literally just now finished a TED talk about this
19:09 darien MTecknology: can I send you a PM that might help your presentation?
19:09 MTecknology YUP
19:09 murrdoc send nudes
19:09 murrdoc or not
19:09 murrdoc :|
19:09 darien those are for after
19:10 murrdoc +1
19:10 MTecknology Ryan_Lane: about coming into an environment of absolute chaos using many disorganized and undocumented scripts and now having over tripled that number of servers and moving toward management of them strictly using git
19:10 darien MTecknology: I've actually been doing this a lot in the last few years and it makes a big difference, I think it can really help you too
19:10 Ryan_Lane MTecknology: nice
19:10 darien but who knows
19:10 Ryan_Lane the biggest tip is to not put too many words on your slides :)
19:10 baweaver Benefits of living in SF, all the fun talks happen around here.
19:11 Ryan_Lane baweaver: it's tonight at 6:30 at 2300 Harrison St
19:11 MTecknology You live in sioux falls too?
19:11 SheetiS I'd never know what to present at something like that.  For me, saltstack just wins the small battles for me on a daily basis in my goal to be lazy.
19:11 MTecknology SheetiS: for me, it's become the only thing that allows me to barely keep myself from drowning.
19:11 lifelearner joined #salt
19:11 baweaver Then present on that. One makes more selling painkillers than vitamins.
19:11 iggy You'd be surprised what they'll accept
19:11 hal58th Ha, I went to SDSU in Brookings MTecknology
19:12 lifelearner Hi, I'm having difficulty installing salt-minion on Amazon Linux. Anyone could help me?
19:12 SheetiS MTecknology: many days I feel the same way, but my goal is _always_ to be lazy.
19:12 MTecknology I'm living in sufu now, went to DSU
19:12 MTecknology a lazy admin is a good admin (provided they get work done fast and well)
19:12 hal58th I almost went to DSU, just a little to small for this city boy.
19:12 SheetiS lifelearner: I use 95%+ amazon linux for my infrastructure right now.  What's going on?
19:12 baweaver "We will encourage you to develop the three great virtues of a programmer: laziness, impatience, and hubris." -- LarryWall, ProgrammingPerl (1st edition)
19:13 lifelearner I downloaded the salt package and ran "setup.py install".
19:13 lifelearner Hi SheetiS
19:13 SheetiS MTecknology: my thoughts exactly.
19:13 [LF] left #salt
19:13 SheetiS lifelearner: Don't want to use os packages? (e.g. yum --enablerepo=epel -y install salt-master)?
19:13 lifelearner Then, tried running pip but pip command isn't there.
19:14 baweaver Anyone know why a local command with glob crashes and async works fine? (No more than 20 hosts, and testing with ping)
19:14 lifelearner Also, for yum install salt-minion, it couldn't find it from the amzn epel repo.
19:14 SheetiS Amazon Linux has epel present but disabled by default.
19:15 LittUp hal58th: iggy: result!
19:15 LittUp completely fresh machine, worked first time
19:15 LittUp without the sync_all
19:15 hal58th Glad to hear it LittUp
19:15 SheetiS lifelearner: also for pip you need to make sure the package python26-pip is installed for it to be available to you (again can get it from yum, but directly from the amazon repo this time)
19:16 mnguyen joined #salt
19:16 Ahrotahntee I need to keep an index/array of items on the master, but reference it in an sls file. Is there a mechanism to accomplish that?
19:16 LittUp so i still don't 100% get why the top down ordering didn't make it work being as i was explicitly enforcing the exact same order they appeared in, if that makes sense, but i kinda prefer explicit ordering anyway so doesn't really matter
19:16 lifelearner Thank you!!! That did it, SheetiS
19:16 LittUp but thanks for the help guys
19:16 SheetiS lifelearner: glad to help.
19:17 hal58th LittUp well your states weren't really written correctly which could have played a part.
19:17 mnguyen Is there a way to maintain pillar data order?  For example, if I declare a dictionary of network interfaces in a specific order in the pillar files, is there a way to maintain that order when I'm calling that pillar?
19:17 LittUp hal58th: yeah that's a fair point
19:18 iggy Ahrotahntee: pillar?
19:18 BerndSch joined #salt
19:19 iggy mnguyen: there's no way to _guarantee_ it, no
19:19 ckao joined #salt
19:19 iggy salt will use ordereddict if it's available, but you can't count on it
19:19 Ahrotahntee iggy: it's not set by the admin though, it's procedural
19:19 SheetiS mnguyen: if you want to maintain order, use a list of dicts.
19:19 iggy Ahrotahntee: ext_pillar?
19:20 hal58th mnguyen I use a data glob for my interface file in pillar. Not elegant, but it works
19:20 MTecknology fun story.. I'm going from libnss-ldapd/libpam-ldapd/nscd/nslcd to libnss-sss/libpam-sss/sssd-ad ad moving samba from ldap authentication to kerberos. Anyone curious how much I'll have to do to make that change on each of 180 servers?
19:20 MTecknology Correct!!!  salt -v -b 5 'boothost.*' state.highstate
19:20 Ahrotahntee iggy: actually that looks like it will do it. thanks
19:21 MTecknology user down time ... ~10sec
19:21 mnguyen Thanks for the responses! iggy: Is there a way to tell to force Salt to use OrderedDict?
19:21 iggy not that I know of
19:22 SheetiS Use the yamlex renderer might work. http://docs.saltstack.com/en/latest/ref/renderers/all/salt.renderers.yamlex.html
19:22 hal58th mnguyen, I believe iggy is correct. Can only use in a templated file.
19:22 SheetiS I've not tried it, but it says ordereddict by default.
19:23 mnguyen I know I have the collections module on my Salt installation, but it completely ignores my pillar order when I call the pillar data in my interfaces state file
19:23 MTecknology I always thought most things in salt were ordereddict, including pillar data
19:23 lifelearner One more basic question: On the salt-master, I ran "salt-key -A" but it just complains about the glob * doesn't match any unaccepted keys. How can I set up the master key?
19:24 hal58th lifelearner Master does not have a key. Have to install a minion on the master
19:24 MTecknology lifelearner: that means you have no keys pending approval
19:24 lifelearner I have a minion installed on the master.
19:25 hal58th Take a look at /var/log/salt/minion and ensure that it is trying to get the master. Make sure the minion knows who the master is. Etc.
19:25 MTecknology lifelearner: did you configure the minion to point at the master?
19:26 lifelearner No.
19:26 lifelearner Just installed salt-master & salt-minion. That's it.
19:26 jeremyr joined #salt
19:27 hal58th in the salt minion config, you have to point it to the master. Let me pull up the doc
19:27 hal58th http://docs.saltstack.com/en/latest/ref/configuration/minion.html#minion-primary-configuration
19:28 MTecknology /etc/salt/minion.d/id.conf <-- I always create this file
19:28 hal58th Since it's local, you can just set" master: 127.0.01". Then restart your minion to pull in the new config
19:28 MTecknology pro-tip: Don't touch /etc/salt/minion or /etc/salt/master .. they're filled with comments only and then you don't have to worry about future updates messing with those files
19:29 lifelearner OK, thanks!
19:29 murrdoc pro-er-tip
19:29 murrdoc manage /etc/salt/minion* with salt
19:29 murrdoc :D
19:30 * MTecknology does exactly that
19:32 * SheetiS even manages /etc/salt/cloud* with salt.
19:32 SheetiS on the master
19:33 MTecknology At home, I use salt to manage /etc/salt/master/*
19:35 lifelearner After I modify the /etc/salt/minion to add the master as 127.0.0.1 and restart the services, now I think salt-key works. But if I try this, it displays nothing: salt '*' test.ping.
19:35 lifelearner (after several seconds)
19:36 lifelearner Is there a good command to try for beginners like me on the master & minion on the same node?
19:36 nitti joined #salt
19:36 SheetiS I could see that working.  for the cloud stuff, I just didn't want to manually write cloud.profiles.d to be aware of each of my VPC subnets and each os/size in amazon.  This way we can just reference a t2.micro_centos7_subnet_3 or a c3.xlarge_amazon_subnet_0 when provisioning and all of the centos/redhat/ubuntu/amazon options are available in that format.
19:37 lifelearner Just realized that even "salt '*' whatever" displays nothing.
19:37 hal58th lifelearner: salt-key -L  will show you what keys you have accepted. You can use "sudo salt '*' test.ping -t 30" to have a longer timeout.
19:38 otter768 joined #salt
19:39 hal58th lifelearner you should see a line in your minion log like this "Authentication with master at 10.0.2.15 successful!"
19:40 baweaver what's the default timeout?
19:40 markmarine joined #salt
19:42 lifelearner OK, I see Attempt to authenticate with the salt master failed in the minion log.
19:44 cberndt joined #salt
19:47 lifelearner My problem turns out to be a tab key I used in /etc/salt/minion file when specifying the master.
19:47 lifelearner Now I see some outputs by test.ping.
19:48 lifelearner I added one separate minion and added the master's IP address in /etc/salt/minion and restarted salt-minion.
19:48 lifelearner How can I make the master know about this new minion?
19:49 andrew_v joined #salt
19:50 iggy salt-key
19:50 lifelearner I ran salt-key -L on the master but it doesn't show any keys about this new minion.
19:51 agend joined #salt
19:52 lifelearner My master & minion are in AWS.
19:52 lifelearner Does my communication problem come from AWS key pair thing or so possibly?
19:54 theologian joined #salt
19:54 jimklo joined #salt
19:57 CheKoLyN joined #salt
20:01 iggy can the minion ping the master?
20:01 druonysus joined #salt
20:01 druonysus joined #salt
20:04 bhosmer joined #salt
20:07 markmarine joined #salt
20:08 warpaint joined #salt
20:10 cedwards joined #salt
20:11 ajw0100 joined #salt
20:14 markmarine joined #salt
20:16 Brew joined #salt
20:18 markmari_ joined #salt
20:19 kelt65 joined #salt
20:21 cedwards is anyone here using pillar-ldap as described here: https://github.com/KrisSaxton/salt-ldap ?
20:21 cedwards I'm not able to get pillar data populated using the docs as outlined there
20:21 kitplummer joined #salt
20:22 nullptr joined #salt
20:28 giannello joined #salt
20:32 edrocks joined #salt
20:34 baweaver joined #salt
20:38 rgarcia_ joined #salt
20:38 I3olle joined #salt
20:39 amcorreia_ joined #salt
20:40 kanaka_ joined #salt
20:42 mpanetta_ joined #salt
20:48 viq joined #salt
20:48 sarlalian joined #salt
20:49 lifelearner Yep, my minion can ping the master, iggy.
20:51 josephleon joined #salt
20:54 iggy lifelearner: so you should be okay... make sure the minion is configured correctly, restart salt-minion, key accepted on master, etc.
20:55 lifelearner But the new minion's key is not being prompted on the master.
20:55 lifelearner (when I ran salt-key -L)
20:56 SheetiS is the minion properly configured to connect to the master in /etc/salt/minion under the 'master: ' section?
20:57 SheetiS (can also try and purge /etc/salt/pki on the minion and restart its services to get a new key)
20:57 lifelearner yep. I think so. That's the thing.
20:57 eamo joined #salt
20:58 whytewolf is port 4505 and 4506 open up in any firewalls on the salt master?
20:58 CaptainMagnus joined #salt
20:58 TTimo joined #salt
20:58 eamo joined #salt
20:58 lifelearner Oh, it must be iptables thing.
20:58 SheetiS or in ec2 it could be a security group thing
20:58 SheetiS I thought you said you ran amazon linux is why I mention security groups.
20:59 aphorise joined #salt
20:59 shaggy_surfer joined #salt
21:00 dave_den joined #salt
21:01 MatthewsFace joined #salt
21:03 lifelearner that's possible.
21:03 davet joined #salt
21:04 chupetito joined #salt
21:04 lifelearner I have no problem pinging from minion to master (all in AWS).
21:05 lifelearner The master has 4505 & 4506 open.
21:05 whytewolf IIRC ping is always allowed by the default security groups, but they are locked down other wise.
21:05 druonysuse joined #salt
21:05 whytewolf been awhile since i touched EC2
21:06 chupetito hi, can anyone tell me a best practice to capture the result of a unless or onlyif to a log? for instance if unless: rpm -V audit | grep '^.M'  is executed, i want to log something like: echo "Not compliant with check XYZ." >> /tmp/hardening_report.log
21:06 markmarine joined #salt
21:07 lifelearner SheetiS, I think it's the security group thing.... from the minion, I cannot telnet master 4505 or any ports.
21:07 masterkorp joined #salt
21:08 SheetiS lifelearner: I had to create security group rules like this for my masters:  Custom TCP Rule TCP 4505 - 4506 <my_private_network>/<subnet>
21:09 ndrei joined #salt
21:10 ndrei_ joined #salt
21:10 markmari_ joined #salt
21:12 lifelearner SheetiS, I just did it and it works now!!!
21:12 lifelearner Thank you.
21:12 lifelearner SheetiS - an AWS question: If I need to add a few different networks to a security rule, should I add separate lines for each VLAN?
21:13 lifelearner Let's say, I added 10.20.0.0/16 rule to the group. Should I create a new rule to add a different VLAN?
21:14 SheetiS lifelearner: I use multiple lines for different subnets
21:14 mattiasr joined #salt
21:14 lifelearner One last question for now - If I want to run finger on each minion from the master, how can I do that? I tried: salt '*' finger or test.finger but neither worked.
21:15 lifelearner OK, I'll do that then. Thanks.
21:15 mnguyen Is it possible to have a salt declaration in a salt state require by id?
21:15 markmarine joined #salt
21:15 markmarine joined #salt
21:15 SheetiS chupetito: I just threw this together so I might have a syntax typo, but i think something like this would do what you want: https://bpaste.net/show/0c8ec5fdf4fe
21:16 iggy that's what it uses (well, module: id)
21:16 iggy mnguyen: ^
21:16 khris joined #salt
21:16 chupetito @mnguyen. all states have to have unique id, otherwise you run into conflicts
21:17 chupetito @SheetiS, very elegant. let me give that a shot.
21:19 hebz0rl joined #salt
21:19 mnguyen Sorry I worded that a little weirdly.  I meant something like this: https://bpaste.net/show/877b73c78124
21:20 crb3ll joined #salt
21:20 dfasf joined #salt
21:20 mnguyen The problem I'm having is that I need the eth3 and eth4 declarations to run first because of how Debian handles bonded states
21:20 lifelearner Just learned it: salt * cmd.run finger
21:20 lifelearner This is really cool.
21:21 mnguyen The way it currently is the bond0 interface dumps its config in the /etc/network/interface file first when it should do it after its slave
21:21 rgarcia_ joined #salt
21:21 mage_ if I understand well I can put anything in pillars, it's just a dict after all, right ?
21:22 markmarine joined #salt
21:22 khris joined #salt
21:25 druonysuse joined #salt
21:26 CeBe1 joined #salt
21:28 SheetiS mage_: it is just a dict at the end of the day, so you can store pretty much anything you want in any format that is easy for you to consume in your states and whatnot.
21:28 rawzone joined #salt
21:28 iggy mnguyen: - require: \n - network: eth3
21:29 mnguyen iggy: I've tried that before, but it'll still dump bond0 config first regardless of the require
21:29 mnguyen Not sure if it's a bug in the debian_ip module
21:29 iggy but realistically, salt processes state files top-down, so if eth3 and eth4 aren't being done first, you should file a bug
21:29 mnguyen That's what I figured
21:29 mnguyen Adding in an order doesn't exactly work either
21:30 iggy tried reversing the order?
21:30 mnguyen Yup
21:30 iggy (and dropping the require)
21:30 mnguyen Hmm
21:30 mnguyen Haven't tried dropping the require yet
21:30 druonysuse joined #salt
21:30 druonysuse joined #salt
21:30 rojem joined #salt
21:31 mage_ SheetiS: I see.. thanks!
21:32 mnguyen iggy: dropping the require results in the same output
21:32 Matthews_ joined #salt
21:33 iggy mnguyen: is that with eth3 first or bond0?
21:33 mnguyen eth3/eth4 are first in the file
21:34 iggy try the other way around bond0 -> eth3/4
21:34 racooper joined #salt
21:35 Heartsbane joined #salt
21:35 mnguyen Hmm it resulted in a different output
21:35 lifelearner Is it possible to edit a file like /etc/passwd on multiple minions?
21:35 mnguyen But still not what you would think.  eth4->bond0->eth3
21:36 iggy lifelearner: http://docs.saltstack.com/en/latest/ref/states/all/salt.states.user.html#module-salt.states.user
21:36 jhauser joined #salt
21:36 SheetiS mnguyen: I don't see a use_in for your bond# configs in the paste you have
21:36 iggy mnguyen: I would open an issue (and tell me what the issue # is, I like following random issues)
21:36 iggy search for an existing one first of course
21:37 SheetiS http://docs.saltstack.com/en/latest/ref/states/all/salt.states.network.html shows a use_in for the bond stuff
21:37 bhosmer__ joined #salt
21:37 CeBe joined #salt
21:39 otter768 joined #salt
21:39 mnguyen use_in isn't required I don't think for bonding to work in my case
21:40 lifelearner If I want to change a password on the same account on multiple minions, what do you recommend? using the encrypted hash and edit /etc/shadow using salt?
21:40 druonysuse joined #salt
21:40 mnguyen iggy: It's working with bond0 at the top with "require:\n -network:eth4 \n -network:eth3"
21:40 mnguyen Gotta do some more testing first, but it looks promissing
21:40 mnguyen promising*
21:41 SheetiS lifelearner: I'd use the user states or the users formula to handle it
21:41 stylica joined #salt
21:41 SheetiS don't mess with /etc/shadow directly
21:41 mage_ another question: how can I generate a SHA512 password field for the password field of the user module ?
21:42 SheetiS https://github.com/saltstack-formulas/users-formula/ or http://docs.saltstack.com/en/latest/ref/states/all/salt.states.user.html
21:42 timoguin joined #salt
21:42 druonysuse joined #salt
21:43 NightMonkey joined #salt
21:43 CeBe1 joined #salt
21:43 SheetiS mage_: http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.hashutil.html can generate a hash of a string
21:44 lifelearner SheetiS - Does it mean I need to download and install users-formula? Is it like a module?
21:45 lifelearner I understand that user states are SLS and I don't need to install it separately.
21:45 MugginsM joined #salt
21:46 SheetiS formulas would be stored just like any other state in your /srv/salt or via gitfs (if you use gitfs instead of local).  If you use gitfs, I recommend forking the formula and managing your fork yourself so you don't get unexpected changes.
21:46 stylica joined #salt
21:46 SheetiS the forumula is basically pre-generated sls that you can just then apply pillar data to populate the configs with.
21:47 SheetiS it contains an example pillar to see how to use.  https://github.com/saltstack-formulas/users-formula/blob/master/pillar.example.  http://docs.saltstack.com/en/latest/topics/development/conventions/formulas.html has more information about formulas in general.
21:48 lifelearner OK, thanks. Formula = one of the Pillars?
21:49 lifelearner I mean, Formular = a type of Pillar?
21:49 SheetiS formula = prepackaged states.  pillars = configuration data (in most cases) including things that you would want to be otherwise private.
21:50 lifelearner OK, thanks a lot. I'll play around first and try to understand. :)
21:51 giantlock joined #salt
21:51 lifelearner Today is my first day making the first command to work, thanks to help I got here, mostl from SheetiS!
21:51 lifelearner and iggy! :)
21:51 druonysuse joined #salt
21:52 lifelearner On my agenda, I need to compare Saltstack and Chef.
21:52 lifelearner and recommend one of them.
21:52 lifelearner Haven't made Chef work yet.
21:53 lifelearner These 2 must be the best ones among all 5 (Cfengine, Puppet, Ansible, etc.), right?
21:53 lifelearner I've used Cfengine before and didn't like it very much at all.
21:53 murrdoc joined #salt
21:53 MugginsO joined #salt
21:54 murrdoc1 joined #salt
21:55 SheetiS Obviously I'm a fan of salt.  I've used all of them but chef at least some, and I have to say what stands out the most for me w/ salt is the community around it.  People are respectful and helpful.  The developers are more than willing to accept pull requests if they make sense.  I'm a bit of a python fan anyhow (so ansible and salt got free bonus points in my book).
21:56 khris joined #salt
21:56 MugginsO yeah, I'd put salt and ansible at the top.
21:57 MugginsO but I haven't used chef much
21:57 lifelearner I heard Salt is the simplest among all. Which one is the next one? Chef or Ansible?
21:57 SheetiS Any of them are infinitely better than using no configuration management.
21:57 peters-tx joined #salt
21:57 druonysus joined #salt
21:57 SheetiS lifelearner: I'd probably say that Ansible is slightly simpler than salt, but salt more than makes up for it with power and flexibility (just my opinion).
21:57 mage_ the most difficult choice is to choose between Salt and Ansible
21:58 karimb joined #salt
21:58 lifelearner Both of them are free to run on 10s of 1000's of nodes without their premium features like GUI?
21:59 druonysus joined #salt
21:59 druonysus joined #salt
21:59 mage_ I think Salt scales better than Ansible
21:59 josephleon joined #salt
22:00 lifelearner For simplicity, I'm looking at only CLI ways.
22:00 SheetiS lifelearner: there are pople here who definitely run salt at huge scales in this channel.  I only run 75-100 nodes on any given day right now myself, but I'd say many (if not most) who are active in chat here run way more than me.
22:00 baweaver joined #salt
22:01 MugginsO also depends how complex the nodes are. like 1000 identical machines with 3 apps is different from 50 unique complicated snowflakes
22:03 lifelearner Is Chef as simple as Salt or Ansible?
22:04 vegardx Not by a long shot.
22:04 SheetiS lifelearner: I don't have personal experience, but one of my coworkers spent 2 days on 2 separate occasions to try and setup Chef, but we are running Salt, so take that with a grain of... well you know ;-), but it might be saying something.
22:05 lifelearner OK.
22:05 lifelearner I think I'm in the right track. :)
22:06 __number5__ my advice is to try Chef or Puppet at least once
22:07 murrdoc joined #salt
22:07 lifelearner OK.
22:08 Karlthane joined #salt
22:08 rgarcia_ joined #salt
22:08 lifelearner Let me ask one more question on Salt - In which directory on the master should I create a file for running the states on minions?
22:09 druonysus joined #salt
22:09 druonysus joined #salt
22:09 perfectsine joined #salt
22:09 lifelearner For a simple example, I want to create a file /tmp/foo with chmod 600 /tmp/foo.
22:09 lifelearner on every minion.
22:10 murrdoc in your master config
22:10 murrdoc there is a file_roots dir
22:10 murrdoc yes ?
22:10 lifelearner I could do this with salt * cmd.run 'touch /tmp/foo; chmod 600 /tmp/foo' but what if I want to use the states?
22:10 __number5__ lifelearner: look the file state
22:11 __number5__ 2nd powerful state in salt
22:11 murrdoc all state files go in file_roots
22:12 lifelearner The default file_roots is /srv/salt... so, create a file in there with state commands? Any need to register or validate a new file state?
22:13 baweaver joined #salt
22:13 murrdoc google state top.sls
22:13 SheetiS /srv/salt/<filename>.sls or /srv/salt/<folder>/init.sls and then make sure that the state is referred to in your top.sls (top file http://docs.saltstack.com/en/latest/ref/states/top.html)
22:14 SheetiS murrdoc++ :)
22:15 lifelearner OK, thanks.
22:17 aquinas joined #salt
22:18 baweaver joined #salt
22:19 bhosmer joined #salt
22:21 mage_ I think I'll write an ezjail module for salt .. :)
22:22 markmarine joined #salt
22:23 rgarcia_ joined #salt
22:23 CeBe joined #salt
22:25 CeBe joined #salt
22:25 markm joined #salt
22:25 rap424 joined #salt
22:25 CeBe joined #salt
22:26 gngsk joined #salt
22:27 druonysus joined #salt
22:28 baweaver Anyone know why a local command crashes with globbing using saltnado? Such that you have a request: client.lowstate.local function: 'test.ping', target: '*'
22:29 Pixionus joined #salt
22:29 baweaver even if target returns 10-20 hosts, it still flips out and demands I use an async to do it
22:29 markmarine joined #salt
22:30 __number5__ baweaver: saltnado?
22:30 __number5__ you mean salt-api?
22:31 baweaver it's one of the adapters.
22:31 baweaver so technically yes.
22:31 baweaver https://github.com/saltstack/salt/blob/develop/salt/netapi/rest_tornado/saltnado.py
22:31 evidence is it not possible to have salt-call be silent, except on error?  --log-level=quiet causes it to print only errors during the run, but it still spits out all of the return data
22:31 evidence it appears all return data, including errors, is to STDOUT.. so you can't just dump STDOUT to get the errors either :/
22:32 iggy that's kind of what salt-call is meant for... local debugging
22:32 evidence basically using salt-call state.show_highstate --file-root=. as a lint check before committing, it's also doing pep8 and lint, so trying not to clobber all of the output
22:33 evidence well sure, but shouldn't there be a way to see only errors? :)
22:33 evidence it's not like empty return on success isn't a common unixism
22:34 __number5__ evidence: if the errors is captured by salt, it's part of the returned data
22:34 iggy not when debugging
22:34 evidence correct: the problem is the highstate mapping is returned just the same as the errors over stdout
22:35 evidence iggy: so basically you never debug visually in tandem with other tools without using your PAGER or running each one by hand?
22:36 iggy that's not what salt-call was meant for, no
22:36 evidence a better question then, what's the best way to lint check your state tree
22:37 iggy sadly, there isn't
22:37 iggy it's a problem that many people have thought about, but nobody has ever done
22:37 evidence ok, well if salt-call could output only errors, it'd be that thing :)
22:37 lifelearner If my top.sls file has base: '*': - common, by placing a file common in /srv/salt/base/common, I can add states defined inside "common" file, right?
22:38 ajw0100 joined #salt
22:38 __number5__ evidence: I'm using state.show_sls or show_highstate as an alternative
22:38 evidence it doesn't seem so insane to have maybe a new logging option, silent
22:38 MugginsM joined #salt
22:38 evidence __number5__: that's what i'm doing
22:38 evidence the problem is i have 10k+ lines of state files, so the output is massive.  i just want to see errors
22:39 iggy that sounds... excessive
22:39 evidence our infrastructure is also... excessive
22:40 LtLefse evidence: have you looked at state_verbose and state_output?
22:40 LtLefse http://docs.saltstack.com/en/latest/ref/output/all/salt.output.highstate.html
22:40 evidence 20k+ machines, before virtualization
22:40 iggy yowza
22:40 kermit joined #salt
22:41 evidence LtLefse: thanks, i'll see if i can manipulate those via salt-call.  i'm trying to avoid the local configs here, as this is a lint check being included with the state repo, so i want people to run it anywhere
22:41 iggy I think there is an issue open
22:41 iggy You should subscribe to it (or if there isn't one, open one)
22:41 __number5__ evidence: state_output is a parameter of salt-call (or any salt commands)
22:42 __number5__ try salt-call --help
22:42 evidence i found https://github.com/johanek/salt-lint - but it's still a WIP
22:42 evidence iggy: yeah i came across a few requests for lint checks, but it seems if you can piggy back the existing logic in salt itself, no need to use an external checker (that you'd need to keep up to date)
22:42 teebes joined #salt
22:47 druonysuse joined #salt
22:47 Linuturk1 joined #salt
22:47 evidence damn salt-call --help differs quite a bit from the man page :x  was wondering why --file-root was missing from the man.   should have checked there first..
22:50 markmarine joined #salt
22:52 baweaver figured out a good way to hack it
22:52 baweaver use async, have it return the result with the jid. Map all the minions to key: false, and lookup the job and merge the results
22:52 baweaver hosts that have false didn't respond
22:53 baweaver which is the case whenever someone thinks it's clever to turn off ICMP
22:53 josephleon joined #salt
22:53 evidence nice, help has some extra out options not listed also..  this works well, silent output when no errors with the highstate
22:53 evidence salt-call --local --log-file=/dev/null -l warning --out=quiet state.show_highstate --file-root=.
22:53 baweaver no ICMP !== security
22:53 * baweaver sighs
22:54 evidence baweaver: some people still live in the 90s ;)
22:55 baweaver apparently. No wonder the thing timed out
22:55 baweaver So I have test.ping mapped to an async that ignores hosts it doesn't hit within 2 seconds
22:55 evidence +++ATH0 in an icmp packet sure was fun back in the day though
22:56 bhosmer joined #salt
22:56 baweaver I don't miss modems
22:56 Jim___ is there an easy way to add a ppa to apt with saltstack?  All searches turn up how to install saltstack from a ppa.
22:56 Jim___ ideally via states, but open to other options
22:56 evidence Jim___: http://docs.saltstack.com/en/latest/ref/states/all/salt.states.pkgrepo.html
22:57 Jim___ excellent.  Cheers
22:58 rgarcia_ joined #salt
22:58 mohae joined #salt
23:03 murrdoc joined #salt
23:04 wnkz joined #salt
23:06 crack joined #salt
23:06 thehaven_ joined #salt
23:07 Ryan_Lane joined #salt
23:08 evilrob_ joined #salt
23:09 __number5__ Jim___: the other way to install salt is via bootstrap script https://github.com/saltstack/salt-bootstrap , it might still use the ppa in the backgroud but you don't need to care about the details
23:09 primechuck joined #salt
23:09 holms joined #salt
23:10 baweaver joined #salt
23:10 Ryan_Lane joined #salt
23:10 pdayton joined #salt
23:11 ndrei joined #salt
23:12 Ahrotahntee joined #salt
23:12 Ahrotahntee joined #salt
23:12 ndrei_ joined #salt
23:15 shaggy_surfer joined #salt
23:19 Singularo joined #salt
23:19 jhauser joined #salt
23:21 baweaver joined #salt
23:29 mosen joined #salt
23:29 Ahrotahntee is there a bug with state_output? I'm always getting full output despite setting it to mixed
23:30 murrdoc joined #salt
23:33 iggy works fine in 2014.1.git and 2015.2.git
23:33 Vynce joined #salt
23:34 Ahrotahntee weird, maybe I have something hiding somewhere that is setting it to full
23:34 Vynce what's the difference between salt.modules.foo and salt.states.foo ?
23:35 iggy Vynce: modules do the work, states tell salt what you want things to look like
23:35 hal58th joined #salt
23:35 iggy and generally speaking, you'll use modules on the command line and states in .sls files
23:38 Vynce i feel like there's something i'm jsut missing. what happens if a minion doesn't mee tthe state the master says it should meet?
23:39 Vynce or, put it this way.  is a state an assertion / question ("hey, minion, are you in state X?") or an instruction ("Hey, minion: get into state X.")
23:40 iggy salt is declarative if that's what you're asking
23:40 teebes joined #salt
23:40 otter768 joined #salt
23:40 iggy it's generally going to try to match what the states say it should look like
23:40 Vynce well, I do not understand that to be an answer to my question. but that may be a failin gon my part
23:40 iggy there are obviously limits to that
23:41 Vynce that soudns to me like it's more like an instruction.
23:41 iggy if states say user.present, salt-minion will try to add a user
23:41 Vynce right, OK.
23:42 Vynce … in which case, "modules do the work" seems like a confusing answer. states do work too, right?
23:42 andrew_v joined #salt
23:42 iggy but some modules are coded to act like "if user exists, do nothing"
23:43 iggy no, they generally call the modules counterpart to do the actual heavy lifting
23:43 Vynce i'm feeling really dense, here. i jsut read a lot of documentation, and the simple english seems to say "salt is great for [what i want to do]" but then the instructions are … not clear to me.
23:43 mosen Vynce: states are the plan, modules are the workers I guess
23:43 mosen from another analogy
23:43 Ahrotahntee this is weird. I'm using cmd.run to create a file (and then store the contents in a grain) - but when the grain goes to populate the file "doesn't exist"? is this happening asynchronously somehow despite the require: being specified?
23:43 Ahrotahntee example snippet: https://gist.github.com/Ahrotahntee/1dcd3951ed862513cce1
23:43 iggy why don't you tell us what you want to do and we might be able to give examples that clear things up
23:44 Ahrotahntee populate, *
23:44 Ahrotahntee punctuation, I'm not writing grain -> file. I want to file -> grain
23:45 logix812 joined #salt
23:45 logix812 do you need a special PAM permission to execute local_async client commands via netapi?
23:45 logix812 I seem to be able to perform the wheel actions no problem and get a response back
23:45 Vynce at what scale? first desire is: i want to understand everything. ( :  … next level up, the short term main thing is that i'm trying to distribute secrets to webservers. in the long term, i'd love for salt to replace my deployment process, if i decide i can understand it well nough.
23:46 logix812 but when I set the client to local_async I get a 401
23:46 spookah joined #salt
23:48 iggy Vynce: so, for distributing files, you'd use salt.states.file.managed (and probably contents_pillar since you're talking keys)
23:50 Vynce i'm trying to figure out if that's complicated by the fact that the webservers are running in docker containers, and whether that means i need to understand salt.{states, modules}.dockerio
23:51 iggy normally you'd have your keys and everything all baked into the docker image
23:52 murrdoc yeah
23:52 murrdoc power up and fly
23:52 iggy you probably aren't going to be running a minion inside a docker container (even if it's not dead painful to run more than one process in docker like it used to be)
23:55 Vynce baking secrets into docker is lovely in theory, but can we take it as read that this is not an option at this time? Various reasons, all of which boil down from various directions to "i am not a sysadmin and yet have to get this done" which, i realize, is a terrible reason, but …
23:55 Vynce really?  is it a bad idea to try to run a minion in my docker container? that's unfortunate.
23:56 Vynce is there a simple explanation for why not?
23:56 iggy well, you're not going to run things like sshd, rsyslog, etc. in a docker container
23:56 iggy they just don't make sense there
23:57 Vynce ok… and these things are part of how salt works?
23:57 SheetiS1 joined #salt
23:57 iggy sadly, (I feel like) there's still a disconnect between those two levels (1 single little process in a container vs a full VM)
23:58 iggy no, but they are "ops tools" which is kind of where salt is in this case
23:58 smcquay_ joined #salt
23:59 Vynce could i run the minion on the host machine and have it shove the data into the docker container?

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary