Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2015-03-12

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:02 baweaver joined #salt
00:02 MatthewsFace joined #salt
00:03 otter768 joined #salt
00:08 vstoniest joined #salt
00:12 lietu joined #salt
00:19 baweaver joined #salt
00:19 Nazca joined #salt
00:30 _JZ_ joined #salt
00:37 jacksontj kiorky: yt?
00:41 markm joined #salt
00:43 MaliutaLap joined #salt
00:43 MaliutaLap left #salt
00:47 bash1245_ joined #salt
00:48 triplecorn joined #salt
00:50 kiorky jacksontj: yep
00:51 bfoxwell joined #salt
01:00 baweaver joined #salt
01:00 baweaver joined #salt
01:01 bluenemo joined #salt
01:03 BrendanGilmore joined #salt
01:06 subsignal joined #salt
01:09 cheus joined #salt
01:12 dendazen joined #salt
01:18 aqua^mac joined #salt
01:20 bluenemo joined #salt
01:27 subsigna_ joined #salt
01:34 MaliutaLap joined #salt
01:35 MaliutaLap left #salt
01:35 shaggy_surfer joined #salt
01:39 iromli joined #salt
01:46 jerematic joined #salt
01:49 MatthewsFace joined #salt
01:49 dendazen joined #salt
01:59 desposo joined #salt
02:04 otter768 joined #salt
02:05 thayne joined #salt
02:09 CheKoLyN joined #salt
02:13 shaggy_surfer joined #salt
02:19 michelangelo joined #salt
02:22 MatthewsFace joined #salt
02:23 timoguin joined #salt
02:24 subsignal joined #salt
02:28 evle joined #salt
02:30 dendazen joined #salt
02:45 numkem joined #salt
02:45 favadi joined #salt
02:46 hyphenated joined #salt
02:49 Furao joined #salt
02:58 clintberry joined #salt
03:05 Hipikat joined #salt
03:14 Ryan_Lane joined #salt
03:20 Hipikat joined #salt
03:24 cedwards joined #salt
03:25 cedwards is it possible, perhaps with jinja templating, to do splits on grain values? ei; {{ salt['grains.item']('domain').split(.)[0] }}
03:25 cedwards pseudo-code of course.. just wating to get certain bits of the grain values for fqdn, domain, etc.
03:29 jY not sure if jinja has something built in for split but its safer and easier to do that in a custom grain
03:30 Furao jinja is also python
03:30 Furao you can call {{ salt['grains.item']('domain').split(‘.’)[0] }}
03:30 Furao with non-utf ‘ characters ‘
03:32 cedwards perfect. let me try that out.
03:32 fllr joined #salt
03:32 cedwards it would be nice if the default grains would cut apart the fqdn. i find uses for those single values often in my templating.
03:35 Vynce are there not separate grains for the hostname, etc?
03:35 jY there's fqdn/host/domain
03:36 cedwards ohh, there is host. I didn't see that.
03:37 cedwards one of my use cases is needing the site: ie; hostname.site.domain.tld
03:37 jY ya that's where a custom grain is cleaner
03:38 cedwards probably
03:39 thayne joined #salt
03:41 Matthews_ joined #salt
03:41 zzach joined #salt
03:46 cedwards so I'm getting a Jinja templating error now:
03:46 cedwards Jinja variable 'dict' object has no attribute 'split'
03:48 Furao that mean salt['grains.item']('domain') isn’t a string :P
03:49 neogenix_ joined #salt
03:52 pdayton joined #salt
03:56 fllr How can I react to a custom module I wrote for salt?
04:00 dendazen joined #salt
04:00 Ryan_Lane joined #salt
04:01 funzo joined #salt
04:05 otter768 joined #salt
04:09 schlueter joined #salt
04:12 GnuLxUsr joined #salt
04:15 fllr How can I execute a python file, instead of a state file whenever I receive an event from the reactor?
04:20 mdln joined #salt
04:21 forrest joined #salt
04:30 cberndt joined #salt
04:35 fllr joined #salt
04:36 fllr How can I execute a python file (instead of a state file) whenever I receive an event from the reactor?
04:40 mikaelhm joined #salt
04:50 pdayton1 joined #salt
04:56 fllr I'm trying to use the shebang directive (#!py) to make the reactor call my python file whenever an event occurs, but I keep getting this back from the reactor: Failed to render "/var/cache/salt/master/files/base/_reactor/slack.sls" What gives?
05:03 nexsja1 joined #salt
05:03 hal58th1 joined #salt
05:03 fllr_ joined #salt
05:03 nebuchad` joined #salt
05:05 _pravka_ joined #salt
05:05 bytemask_ joined #salt
05:05 parasciidick joined #salt
05:06 pmcg_ joined #salt
05:06 Hydro_ joined #salt
05:07 __alex_ joined #salt
05:07 Corey_ joined #salt
05:07 canci_ joined #salt
05:07 aquinas_ joined #salt
05:07 lnr joined #salt
05:08 Ahrotahn1ee joined #salt
05:08 muep_ joined #salt
05:08 agj_ joined #salt
05:08 rbjorkli1 joined #salt
05:08 andabata- joined #salt
05:08 Diaoul_ joined #salt
05:08 UForgotten_ joined #salt
05:09 Bateau- joined #salt
05:09 chalcy0n joined #salt
05:09 bersace_ joined #salt
05:09 vlcn_ joined #salt
05:09 stevednd joined #salt
05:09 mariusv joined #salt
05:09 mariusv joined #salt
05:10 jeddi joined #salt
05:10 Zachary_DuBois joined #salt
05:10 kwork joined #salt
05:13 thayne joined #salt
05:13 fllr joined #salt
05:14 Bryanstein joined #salt
05:15 dimeshake joined #salt
05:17 hardwire joined #salt
05:22 _JZ_ joined #salt
05:27 skullone joined #salt
05:33 skullone i havent been following saltstack much latel... been having some "issues" with our Puppet teams, and back to considering expanding our salt footprint from just orchestration, to replacing everything puppet does :D
05:33 ksalman joined #salt
05:33 danielcb joined #salt
05:34 programmerq joined #salt
05:35 eXistenZNL joined #salt
05:36 badon joined #salt
05:38 nene joined #salt
05:40 kermit joined #salt
05:48 garthk skullone: heh
05:48 garthk skullone: I still miss writing my own types in Puppet, but don't at all miss @ and @@
05:51 pravka joined #salt
05:52 jab416171 joined #salt
05:54 skullone we do fairly basic puppet and salt (and i like it that way) hehe
06:03 jY garthk: but now you get to write salt modules
06:04 garthk jY: with one exception, I like the point at which Salt gives up and makes you write Python
06:05 garthk jY: Puppet drove me a little nuts with the DSL being aaaaalmost Turing complete but not quite enough to do some things
06:05 jY yep.. its why i switched from puppet to salt
06:06 otter768 joined #salt
06:06 garthk jY: the exception is, I hate falling back to Jinja macros to do what Puppet would call parameterised classes, and hopping into Python at that point is just ridiculous
06:06 forrest joined #salt
06:07 garthk jY: all I want is include thingo(arg) and have an extra copy of the thingo state run with arg liberally applied
06:14 malinoff joined #salt
06:19 pravka joined #salt
06:22 mattiasr joined #salt
06:33 ecdhe joined #salt
06:47 funzo joined #salt
06:47 Furao I found a way to perform salt execution of long running job and report back to the caller progress using salt events
06:47 Furao that need custom code in both ends but that works
06:50 Furao my salt formula testing framework sometimes run for 2 days on some repositories. with that hack jenkins job know which test it’s actually running, results at the end and how long it takes
06:50 stoogenmeyer_ joined #salt
07:01 AndreasLutro joined #salt
07:01 colttt joined #salt
07:02 kawa2014 joined #salt
07:03 ksj joined #salt
07:05 aquinas joined #salt
07:07 Garo_ joined #salt
07:07 kawa2014 joined #salt
07:08 Garo_ Hello. I'm trying to get my head around with salt (switching from Chef). When I run a highstate to my environment, is it possible to trigger some custom python code execution in the salt-master machine? The reasoning is that my state files creates services into salt-minion machines but I'd like to run some additional code in the salt-master side which would for example configure dns records for the services in the minion ...
07:09 Garo_ ... machines?
07:10 Furao why not let the minion do that itself?
07:11 Garo_ because that would require giving the minion machine private api keys for the dns service which I think as a security risk
07:11 Garo_ another reason might be that the minion machine doesn't have the required firewall port open for the dns service (again, a security risk)
07:12 Furao ok trust is the only good reason to not let the minion do that
07:12 jerematic joined #salt
07:12 Furao so you can use master minion (not the master itself) to do that for you with salt reactor
07:12 kawa2014 joined #salt
07:13 Garo_ Furao: ok. thanks! I'll read the related documentation on that feature
07:14 Furao personally, I do that with salt mine to publish minion data to master, have salt reactor trigger a .sls on the minion that run on master (becasue this is the minion I trust the most). i use same trick to update monitoring to handle new host
07:15 subsignal joined #salt
07:15 Garo_ yeah, monitoring is another case where I need this to work. My current idea is to store the list of services inside a pillar (one for each machine). As I think the pillar to be the source-of-thruth for the list of services in each machine, I'm planning to use that pillar data directly as the source of data on how I populate my dns, monitoring etc. do you see any flaws in this?
07:16 Garo_ so that I'd rather not trust data coming from the minion, but instead I'm happy to just get an event from a minion which triggers something on the master node which uses the pillar data to perform the required steps
07:17 Furao if your infrastructure is quite static  and you don’t have minions created automatically with salt-cloud (such as devs that create test VMs) pillars is a safe place
07:18 Garo_ yeah, I'd say my environment is static. I want to keep all provisioning data (states, pillars etc) in a secure git repository so that only my techops team is allowed to push changes into that repository (and thus able to change the infrastructure)
07:19 KermitTheFragger joined #salt
07:24 Garo_ Furao: thanks for your help! =)
07:26 krelo joined #salt
07:34 SmileyChris left #salt
07:35 flyboy joined #salt
07:36 toanju joined #salt
07:41 gibmachine joined #salt
08:00 jri joined #salt
08:07 otter768 joined #salt
08:09 hebz0rl joined #salt
08:10 eseyman joined #salt
08:20 lumu_ joined #salt
08:21 lumu_ I would like to install salt-minion on a really old (five years) fedora 14 machine. Is it possible?
08:23 jhauser joined #salt
08:35 jri joined #salt
08:41 kawa2014 joined #salt
08:48 wincyj joined #salt
08:48 lothiraldan joined #salt
08:50 jri joined #salt
08:51 subsignal joined #salt
08:53 lb1a joined #salt
08:55 Hybrid joined #salt
08:56 fredvd joined #salt
09:00 bash1245_ joined #salt
09:02 mattiasr joined #salt
09:05 JlRd joined #salt
09:07 jhauser joined #salt
09:09 Xevian joined #salt
09:15 babilen http://docs.saltstack.com/en/latest/topics/installation/fedora.html has some information, but it looks as if you are out of luck if it not in EPEL for your release, lumu_
09:17 che-arne joined #salt
09:17 monkey66 joined #salt
09:19 felskrone joined #salt
09:23 jhauser joined #salt
09:31 intellix joined #salt
09:39 huddy joined #salt
09:39 Dw_Sn joined #salt
09:40 Dw_Sn I have a question about states.network, it will create the files ? such as interfaces or redhat ifcfg-eth0 ? or it will just manage the network using ip command or ifconfig on real time only ?
09:43 kawa2014 joined #salt
09:43 I3olle joined #salt
09:51 sfxandy joined #salt
09:51 sfxandy hi everyone
09:56 markm joined #salt
09:56 jhauser joined #salt
09:57 robot_hands Dw_Sn: the docs say it "creates and manages" interface settings, which isn't that clear, but why don't you just try it and check yourself?
09:58 Dw_Sn robot_hands: doing that now :)
09:59 Dw_Sn robot_hands: and if I want to know the type of supported interfaces ? I might have things other than ethernet type
09:59 lumu_ thanks babilen, I managed to install it manually (from source)
10:00 johtso joined #salt
10:01 MaliutaLap joined #salt
10:01 MaliutaLap left #salt
10:05 Auroch joined #salt
10:08 otter768 joined #salt
10:09 linjan joined #salt
10:11 Dw_Sn umm no support for ib
10:12 aquassaut joined #salt
10:13 MaliutaLap joined #salt
10:13 MaliutaLap left #salt
10:21 krelo joined #salt
10:22 N-Mi joined #salt
10:22 N-Mi joined #salt
10:24 seanz joined #salt
10:24 hitek_ joined #salt
10:24 hitek_ hi guys
10:32 jhauser joined #salt
10:36 sfxandy hello hitek_
10:39 che-arne joined #salt
10:42 TyrfingMjolnir joined #salt
10:48 dendazen joined #salt
10:53 subsignal joined #salt
10:54 giantlock joined #salt
10:54 BogdanR joined #salt
10:54 BogdanR Hello. I am using salt-cloud to provission instances on ec2 and all works great except for one thing
10:55 BogdanR I can't figure out how to set the hostname to the name I asign to the instance
10:55 BogdanR Can anyone please give e tip how to do that?
10:58 wincyj joined #salt
11:01 I3olle joined #salt
11:02 flebel joined #salt
11:10 __number5__ BogdanR: set /etc/hostname or hostname command won't work?
11:14 BogdanR __number5__: I would like to have it automatically setup when the unit boots, just before it starts running the highstate
11:15 BogdanR And I am not sure how this should be done to have the same hostname as the minion_id
11:15 __number5__ BogdanR: you might want to check out cloud-init or run the hostname command via the ssh
11:17 VSpike BogdanR: someone mentioned something about this recently
11:17 VSpike BogdanR: http://www.ducea.com/2009/06/01/howto-update-dns-hostnames-automatically-for-your-amazon-ec2-instances/
11:18 VSpike It was timoguin, when we were talking about the new feature in v.next which supports passing user data to the instance in salt-cloud
11:18 VSpike Something else to look at maybe
11:22 __number5__ normally I will set route53 directly in the salt states/scripts if I want a public dns name
11:22 BogdanR I want a sane hostname because logs and graphs need to show me an undestandable name for where they come from
11:23 BogdanR I think I will have a go at this: https://raw.githubusercontent.com/saltstack-formulas/hostsfile-formula/master/hostsfile/hostname.sls
11:30 student1 joined #salt
11:31 bluenemo joined #salt
11:34 student1 Hi all, I have a problem - How can I make state which could be run if other state return changes... I tried to use onchanges but have no success... Also I tried to use watch, even tried to write mod_watch, but also have no result...
11:35 aphorise joined #salt
11:39 aphoriser joined #salt
11:42 amcorreia_ joined #salt
11:44 badon_ joined #salt
11:45 vbud joined #salt
11:45 vbud Hello .*
11:45 vbud I have a question regarding the pyobjects renderer.
11:46 vbud I have a simple map, just like in the docs - https://github.com/saltstack/salt/blob/develop/salt/renderers/pyobjects.py#L209-L239.
11:46 vbud Mine is for libvirt not samba.
11:47 vbud From a state written with pyobjects I would like to run some states if I find a key in the Map?
11:48 vbud I have tried with ``` if 'config' in Libvirt: run some states ```.
11:51 vbud TypeError: argument of type 'MapMeta' is not iterable
11:51 vbud This is what I receive.
11:53 vbud I have tried with if 'config' in Libvirt.keys(), if 'config' in Libvirt.items(), if 'config' in Libvirt.values(). I receive another error message : AttributeError: type object 'Libvirt' has no attribute 'keys'
11:53 subsignal joined #salt
11:54 jespada joined #salt
12:07 Ahrotahntee joined #salt
12:09 otter768 joined #salt
12:11 funzo joined #salt
12:17 aphoriser joined #salt
12:17 nbari joined #salt
12:17 nbari hi all, is there a way to kill/remove all idle jobs ?
12:18 nbari i get lots of  The function "state.highstate" is running as PID 1198 and was started at 2015, Mar 12 12:17:52.868472 with jid 20150312121752868472
12:18 evle joined #salt
12:18 parasciidick joined #salt
12:18 ntropy those jobs should eventually complete, they shouldn't be idle
12:19 nbari if I do a salt 'minion' saltutil.kill_job 20150312121752868472 I get ' job not found
12:19 ntropy that means its done
12:19 nbari any way to do force a clean all ?
12:19 nbari mmm ok
12:20 nbari in case I would like to flush/clean a minion from 0 is there a way of doing it ?
12:21 lothiraldan joined #salt
12:22 ntropy yes, i dont remember of the top of my head
12:22 ntropy you can configure the number of jobs kept on the master http://docs.saltstack.com/en/latest/ref/configuration/master.html#keep-jobs
12:22 vbud joined #salt
12:23 ntropy correction - not the number of jobs, but the number of *old* jobs
12:23 nbari currenlty set to 1
12:24 ntropy are you having an issue where old jobs aren't deleted as per your setting?
12:24 ntropy https://github.com/saltstack/salt/issues/10443
12:24 monkey66 left #salt
12:25 nbari I just added 5 minions, tryied to run on all of them salt.highstate and started to have this issues
12:25 ntropy what is the issue?
12:25 jerematic joined #salt
12:26 ntropy that the highstate command said 'The function "state.highstate" is running as PID 1198 and was started at 2015 blah blah' ?
12:26 nbari in all the minions I got: The function "state.highstate" is running as PID 11XX
12:26 nbari right
12:26 nbari I did something like salt 'node3-*' state.highstate
12:26 ntropy that message means highstate took longer than the timeout (default is 30 seconds) to complete
12:26 nbari and well all does nodes have the same issue
12:27 jeddi I'm trying to use a grain (lsb_distrib_ something) ... but I'm sure it used to report osrelease and/or lsb_distrib_release as sid - now they're both coming up as 'testing/unstable' ... and given I was trying to hook onto .../.bashrc.{{lsb_distrib_release}} ... it's a bit tricky, with the / in there.   any recommendations?
12:27 ntropy its not an issue, the salt command doesn't wait forever for minions to return
12:27 nbari how can I gurantee that minion is updated ?
12:27 nbari maybe increasing timeout ?
12:28 ntropy nbari: do you know how long highstate takes to complete on your boxes?  you can run salt --timeout 300 'node3-*' state.highstate for example
12:28 nbari currenlty doing salt 'node3-minion1' state.highstate and is idle since we are chatting
12:28 nbari oh ok
12:29 ntropy the timeout value is only for the salt command, the highstate will continue to run on the minion till it completes
12:29 mschiff Is it possible for a minion to overwrite its grains['id'] after key is accepted by the master? So can a minion fake the id of another minion and get sensitive pillar that way that was targeted for another id?
12:29 nbari I jus did a ctrl+c : The minions may not have all finished running and any remaining minions will return upon completion. To look up the return data for this job later run:. ....
12:29 ntropy nbari: exactly, look up the job id and you'll see the results, timeout is irrelevant
12:30 nbari could you please remind me how to do the job_lookup jid on the minion ?
12:30 jespada joined #salt
12:31 ntropy mschiff: if minion id changes then it will lead to minion getting a new key which will need to be accepted on the master, so no, minion can't fake the id and get to other minions' pillar
12:33 ntropy nbari: salt-run jobs.lookup_jid <job id number> iirc
12:33 ntropy you should read through http://docs.saltstack.com/en/latest/topics/jobs/ to get a better idea whats going on there
12:34 nbari mmmm that's what I typed but got an empty result, that's why I ask since maybe I was doing something wrong
12:34 cmcmacken joined #salt
12:35 robsavino joined #salt
12:35 dendazen joined #salt
12:35 mschiff ntropy: Thanks. Why must grains not be used then in pillar top file for sensitive data? Or is grains['id'] the one and only exception here?
12:36 nbari I didn't kill one job in pourpose:  The function "state.highstate" is running as PID 1088 and was started at 2015, Mar 12 12:17:35.908101 but still idle
12:36 nbari since more than 10 min
12:37 ntropy did you increase the timeout to more than 10 minutes?
12:37 nbari basically is behaving like a lock
12:37 jri joined #salt
12:37 ntropy mschiff: id is the only exception, other grains minion can set in the minion config, so an evil minion can set itself a 'webstack' grain or whatever and get all the certs
12:38 nbari If I kill the job and re-run state.highstate it maywork, but tha'ts why I was asking if there is a way of doing something like saltutil.kill_job <created before 1hour> or something like that
12:39 ntropy nbari: i see you haven't read the docs on the jobs that i pointed to, it answers this exact question :)
12:39 denys joined #salt
12:41 mschiff ntropy: That was my concern, yes. I am looking for safe way to use one pillar file 'users.sls' to define users and use jinja templating for deciding which users to create on which hosts
12:42 mschiff so doing something like {% if grains['id'] == "host1" %} is secure, right?
12:44 losh joined #salt
12:46 markm joined #salt
12:46 ntropy yes, thats the correct way to do it
12:47 refnode joined #salt
12:48 mschiff ok. thanks. I full yunderstand that part. Just wanted to be sure. (otoh I currently try to fake fqdn, but wihtout success in pillar  matching)
12:49 ntropy great, its definitely something you want to test to be certain it does what you expect
12:50 debian112 joined #salt
12:51 mschiff typo of mine. fqdn can be faked without problems. So it might be worth to mention in the best practice guide that grains['id'] is the sole exception
12:52 N-Mi joined #salt
12:52 jeddi oh, i see the problem - lsb_distrib_codename isn't there on this host / anymore.
12:54 monkey661 joined #salt
12:55 subsignal joined #salt
12:55 _JZ_ joined #salt
12:55 nbari ok let me check it
12:56 intellix joined #salt
12:59 nbari ntropy: you mean http://docs.saltstack.com/en/latest/topics/jobs/ ?
13:03 brayn joined #salt
13:03 nbari anyway there should be an easy way, for now I found easy to just use: salt '*' cmd.run "rm -rf /var/cache/salt/minion/proc/*"
13:03 nbari some one the  saltutil.kill_job not working properly
13:04 racooper joined #salt
13:06 jhauser joined #salt
13:08 lothiraldan joined #salt
13:12 perfectsine joined #salt
13:12 perfectsine joined #salt
13:12 jcsp joined #salt
13:14 iggy mschiff: a rogue minion could change it's id grain... internally the master doesn't look at that grain for the id... it looks at the actual id tied to the key that was accepted
13:15 iggy i.e. there is no check to make sure grains['id'] matches the key that's accepted
13:16 iggy so if you are really concerned about security, don't rely on that grain either
13:16 thawes joined #salt
13:16 I3olle_ joined #salt
13:19 cpowell joined #salt
13:19 jdesilet joined #salt
13:19 parasciidick joined #salt
13:20 janne_ joined #salt
13:20 thawes left #salt
13:20 Furao a minion that change it’s id need to be re-added on the master with salt-key, unless it auto-add and if it take an existing id the key won’t match
13:20 stoogenmeyer_ joined #salt
13:20 giantlock joined #salt
13:24 sfxandy hi everyone.  am looking for a nice flexible way to organise a set of directory structures in Pillar.  basically what I want is one top level directory to be defined and then a number of other directories to be relative to that top level directory.  Is there a syntax to do that?  or do I just need to process the components in my Jinja template and do it that way?
13:25 jhauser joined #salt
13:27 babilen sfxandy: yes
13:27 babilen sfxandy: I don't quite understand what you are trying to achieve. Could you give a simple example?
13:28 sfxandy ok, let me put a simple example onto refheap
13:28 mpanetta joined #salt
13:28 babilen +1
13:28 nbari how to set a context var let's say IP with the output of:  network.ip_addrs
13:28 diegows hi
13:28 babilen nbari: You define a suitable mine function
13:29 nbari I am using  {{ salt['network.ip_addrs'] }}  but returning a funcition
13:29 nbari babilen: could you please telme me how or a doc/page where I can learn more about it
13:29 timoguin joined #salt
13:29 diegows looking for aproaches/ideas/flames about using salt as Docker provisioner, I don't like Dockerfile :)
13:29 babilen nbari: Do you want the IP of the minion this is being applied to or a different one?
13:30 nbari the main IP of the minion
13:30 mnml joined #salt
13:31 nbari I mean I want to send a conf (listen: x.x.x.x:80) where x.x.x.x is the IP of the minion
13:32 Ahrotahntee salt['network.ip_addrs']('eth0')[0] ?
13:32 shorty_mu joined #salt
13:32 sfxandy babilen: https://www.refheap.com/98350
13:33 nbari I was trying to avoid the eth0 since change from system to system, thinking that network.ipi_address would return just the fust IP
13:33 murrdoc joined #salt
13:34 babilen nbari: Okay, there are two approaches. The first simply refers to grains (i.e. {{ salt['grains.get']('ipv4')|first }}) and the second uses something like {{ salt['network.ip_addrs']()|first }}
13:34 babilen nbari: I typically use network.ip_addrs with a suitable cidr mask, but it really depends on what you are trying to do. What do you want to happen if there are multiple ip addresses?
13:35 mnml When I try to run a cmd on a minion using its name it works :       salt -v -t 60 "Name*" test.ping                     however when I try the same thing using tags, I get an error the minion didn't return.  salt -v -t 60 -I "tags:mytag" test.ping                  do you know where this could be coming from ?
13:35 babilen nbari: What about 127.0.0.1 ? (and so on)
13:35 shorty_mu Hi all, I wasn;t able to find anything ont this. How can I test in Jinja if a command failed? I tried this: {% if not salt.cmd.run('test -d ', install_dir, '/', dir_name) %} but it fails with "getpwnam() argument 1 must be string, not int".
13:35 nbari babilen: many thanks, I just testes salt['grains.get']('ipv4')|first }} and workied fine
13:36 nbari but In case I need a lo1 or etc any advice on how to handle more addres/networks ?
13:36 babilen nbari: Well, it might now, but you have to think about other cases. You could always get the IP address of a certain interface (say eth0), but that is problematic if you change interfaces.
13:36 cheus joined #salt
13:36 nbari exactly
13:37 jri joined #salt
13:37 nbari for now your suggestion fitst pefecet,but if I want to use an alias does salt['grains.get']('ipv4')|second works ?
13:37 babilen nbari: TRhis is why I typically use network.ip_addrs with a suitable cidr mask -- salt['network.ip_addrs'](cidr='10.0.0.0/8')|first
13:37 toanju joined #salt
13:38 nbari i see, makes sense and is more portable
13:38 sfxandy babilen, https://www.refheap.com/98351
13:38 babilen nbari: I really wouldn't rely on the order there. Be explicit about the invariants! If the invariant is the CIDR (i.e. the network) then use that, if you want it to be the interface then that (and so on)
13:38 babilen sfxandy: I've seen it, once second
13:38 sfxandy i know, i just added a bit :)
13:39 sfxandy apologies
13:39 nbari babilen: many thanks for the tip/help :)
13:39 babilen nbari: If you need IP addresses of *other* minions (say a database server or worker nodes when configuring a loadbalancer) you would refer to the salt mine: http://docs.saltstack.com/en/latest/topics/mine/
13:40 babilen sfxandy: No problem (just wanted to make sure that it is obvious that I haven't forgotten about you()
13:40 nbari ok I will check the link
13:40 sfxandy i also have a mine question as well .... lol
13:40 babilen \o/
13:41 babilen sfxandy: You cannot reference pillars within pillars unfortunately
13:41 sfxandy i figured as much
13:42 murrdoc u can set a pillar to a local grain on the minino and then use that
13:42 babilen You have to be explicit there and specify things multiple times or adapt your states so that *they* use information in the pillar to construct the right paths
13:42 murrdoc 'can'
13:42 babilen I don't like that
13:42 ClausA joined #salt
13:42 babilen abusing grains once more (just because they are the only data source that is available everywhere)
13:42 _ale1_ joined #salt
13:43 murrdoc its not abuse
13:43 murrdoc per se
13:43 murrdoc withuot a resource db
13:43 sfxandy i suspect it will be the latter of your two suggestions babilen.  so do some processing in Jinja to build up paths
13:43 murrdoc this is what  you hvae to do , either mines or grains
13:43 sieve joined #salt
13:43 babilen I would argue that you would want to write your state in such a way that is references two pillar values (one for the root and one for the log directory)
13:44 sieve Im looking for a way to set fqdn for hosts that we are provisioning with salt-cloud.
13:44 nbari babilen: how to test via command line this: salt['network.ip_addrs'](cidr='10.0.0.0/8')|first, currently I am using salt 'minion' network.in_subnet 10.0.0/8 it is the same ?
13:44 mpanetta joined #salt
13:44 kawa2014 joined #salt
13:45 babilen nbari: "salt 'minion' network.ip_addrs cidr='10.0.0.0/8'" (you can't implement the |first there)
13:45 dyasny joined #salt
13:46 nbari ok thanks
13:46 sfxandy thanks babilen, i suspected that was the case but wanted to make sure there wasn't another method
13:46 babilen nbari: network.in_subnet tells you if a host is in a specific subnet (i.e. has an interface with an address in that cidr)
13:46 nbari ok got it :)
13:48 jhauser joined #salt
13:49 jri joined #salt
13:51 favadi joined #salt
13:52 shorty_mu left #salt
13:52 shorty_mu joined #salt
13:53 pass_by_value joined #salt
13:55 jeremyr joined #salt
13:56 markm joined #salt
13:56 sieve https://gist.github.com/mooperd/0bebed50eb1404b03d76 - This is giving me "Unknown yaml render error"
13:56 sieve Im guessing my Jinja is bad..?
13:57 hybridpollo joined #salt
13:58 timoguin joined #salt
13:59 jcsp joined #salt
14:00 murrdoc u can always run a state.show_sls on a state file to see how it gets parsed into yaml and consequently a salt structure
14:00 felskrone joined #salt
14:00 murrdoc also in the cmd.run i would put it in ''
14:01 murrdoc sieve:  does your /etc/sysconfig/network only have  "NETWORKING=yes\nHOSTNAME={{ fqdn }}\n" as content ?
14:02 mschiff is there any way to reference pillar data from within other pillar items?
14:02 murrdoc yes/no
14:02 murrdoc largely no
14:02 mschiff murrdoc: and in which case "yes"? ;)
14:03 murrdoc you can, get access to pillar data in the ext_pillar code, but its not recommended
14:03 murrdoc otherwise no u cant access pillar data in pillar files
14:03 jcsp joined #salt
14:03 mschiff ok thx
14:05 brick__ joined #salt
14:07 iromli joined #salt
14:07 jri joined #salt
14:09 otter768 joined #salt
14:10 N-Mi joined #salt
14:10 N-Mi joined #salt
14:11 emirozer joined #salt
14:12 mgw joined #salt
14:12 drawsmcgraw On one of my minions, the salt-minion service seems to get the third-rate citizen treatment.
14:13 drawsmcgraw Any Salt command takes forever to run and return. Even test.ping's
14:13 lothiraldan joined #salt
14:13 drawsmcgraw The machine isn't low on CPU cycles or memory. It's just.... not giving the minion any time on the CPU(?)
14:13 drawsmcgraw Anyone seen something like that before?
14:15 robot_hands hello. I'd like Salt to only run pkg.installed the first time. I could use something like "unless: test -x.." or similar but I wanted to know if there is a cleaner way of saying "if this condition is true, don't run pkg.installed"..using a state as opposed to unless
14:15 robot_hands sorry..weird requirement = weird question
14:15 babilen robot_hands: If a package is already installed it won't be installed again (as the state has already been achieved)
14:15 babilen That is: What you want is already the default behaviour
14:16 robot_hands babilen: indeed, however Salt also installs the dependencies of the packages
14:16 pdayton joined #salt
14:16 robot_hands babilen: that is what I want to avoid
14:16 babilen How dare it!
14:16 robot_hands hehe
14:16 sieve murrdoc, in the end it was my top file missing a colon.
14:16 babilen Who in his right mind would want to install dependencies so that software actually works ;)
14:17 babilen robot_hands: I might not quite understand your problem though. It feels weird, wrong and horrible ... please elaborate
14:17 robot_hands sure...
14:17 robot_hands so, I am installing some Perl modules from Ubuntu repo. One of the dependencies is libwww-perl. The version of libwww-perl installed from the repository does not work with the app I am working with
14:18 robot_hands so I need to install the version from CPAN..which I can do by removing the installed dependancy and installing the older CPAN version
14:18 murrdoc u can specify the pkgrepo to isntall a package from
14:19 robot_hands yes, but I assumed that as the package I need to avoid installing is a dependency, rather than a specified package to install, that the pkgrepo wouldn't have any effect?
14:19 murrdoc is this ubuntu ?
14:19 robot_hands yes
14:20 bluenemo joined #salt
14:20 murrdoc so apt will install the latest package from the repos as listed in order
14:20 babilen robot_hands: So essentially "some perl module" is buggy and doesn't work with current versions of libwww-perl ?
14:20 robot_hands babilen: well...it isnt a perl module...the app is the vmware web services sdk
14:20 murrdoc so even if the dependancy is available in multiple repos, apt will isntall the latest from all sources.list
14:21 murrdoc so either setup a preferences file to pick the repo for the packaeg
14:21 murrdoc or use pkgrepo
14:21 murrdoc its life of ubuntu
14:22 robot_hands but does that work for dependencies as well as specified pkgs? I would assume that apt will still install the dependancy from the same repo as the actual package being installed
14:22 murrdoc u would, but i think the problem is it looks at every package individually
14:22 shorty_mu Hi all, I use code like this: http://paste.scsys.co.uk/469350  The cmd.run variables always evaluate to 8. I know this is a "number" thing. So I'm a bit puzzled. Can anyone help me?
14:23 robot_hands murrdoc: ok, ill try that...thanks!
14:23 murrdoc btw what u expect robot_hands is the right thing
14:23 murrdoc :)
14:24 TheoSLC joined #salt
14:24 babilen robot_hands: You would have to pin the package to a specific version (which has to be available from a configured repository)
14:24 wplatnick joined #salt
14:24 babilen robot_hands: This is highly buggy and broken ... Go and yell at VMWare buggy crapola
14:25 robot_hands babilen: yeah it is, I understand that this is bad practice, but until they pull their finger out I just have to work around it
14:25 oliver_l2c joined #salt
14:25 murrdoc uh hmm
14:25 robot_hands babilen: appreciate your help also
14:26 wplatnick Does anybody have this working successfully? https://github.com/saltstack-formulas/ec2-autoscale-reactor
14:26 sieve {%- realm = upper(domain)%}
14:26 murrdoc babilen is good peoples
14:26 sieve Im trying to capitalise my domain to make a kerberos realm
14:27 murrdoc http://jinja.pocoo.org/docs/dev/templates/#capitalize
14:28 sieve murrdoc: Capitalize a value. The first character will be uppercase, all others lowercase.
14:28 sieve I need it all capitals
14:28 murrdoc scrollsies :)
14:29 andrew_v joined #salt
14:29 desposo joined #salt
14:30 ghanima joined #salt
14:31 timoguin joined #salt
14:34 ghanima morning anyone online
14:36 babilen eve'nung
14:36 murrdoc brunchning
14:37 desposo joined #salt
14:41 josephleon joined #salt
14:43 ghanima I am trying to debug an issue where when running salt commands against where the symptom seems to come with the error Failed to authenticate! This is most likely because this user is not permitted to execute commands but there is a small possibility that a disk error occured (check disk/inode)
14:43 ghanima I running the salt command with sudo
14:43 ghanima and I have restart the master process multiple times
14:46 iggy ghanima: A. make sure you aren't out of inodes B. stop master, make sure no other master processes are running, start master
14:47 numkem when using compound matchers for either grains or pillar, do the matching takes into account a list?
14:47 iggy yes? be more specific
14:47 numkem say I have a list in pillar of roles
14:47 numkem if I do -I 'roles:webserver' would it look into the list and check if an item from this list is 'webserver'?
14:48 iggy yes
14:48 numkem ok thanks, so I must be doing something wrong because it's not working
14:48 iggy there's docs about how : works somewhere
14:48 thayne joined #salt
14:49 iggy salt 'minion' pillar.get roles
14:49 iggy make sure you get what you were expecting
14:49 murrdoc i doubt compound matching can do 'in list' lookups
14:49 jhauser joined #salt
14:50 iggy 'G@tags:mqdb or G@tags:db':
14:50 iggy works as expected
14:50 numkem iggy: I don't... thats weird because the pillar.items returns the good things, will dig more
14:50 murrdoc really ?
14:50 murrdoc so tags is a list
14:50 murrdoc and it looks that up ?
14:50 murrdoc das cool
14:50 iggy indeed
14:50 timoguin da coolest
14:51 iggy granted that's grains, but I would imagine pillars use the same kind of code
14:51 iggy (we're bad people we use grains to target roles, not pillars)
14:51 * babilen chuckles
14:51 numkem iggy: works as intended now. I had to do a saltutil.refresh_pillar to remove old testing values
14:51 numkem iggy: thanks!
14:52 Brew joined #salt
14:52 babilen I love it that my constant bickering results in sentences such as "we're bad people we use grains to target roles, not pillars"
14:52 jcsp joined #salt
14:53 _JZ_ joined #salt
14:53 thedodd joined #salt
14:53 sieve {%- set ip = grains['network.ip_addrs'] %}
14:54 ghanima iggy: thanks you were right master process was still running even after stopping the init script
14:54 sieve How do I specify eth0 here?
14:54 shorty_mu left #salt
14:54 ntropy babilen: how do you use pillars to target roles instead of grains?
14:55 jay_d joined #salt
14:55 iggy sieve: {%- set ip = grains['network.ip_addrs']['eth0'] %} ?
14:57 sieve iggy: Jinja variable 'dict' object has no attribute 'network.ip_addrs'
14:57 babilen sieve: You use {%- set ip = grains['network.ip_addrs'](interface='eth0')|first %} -- but then you have all the problems of a grains lookup with none of the cidr goodness. As explained earlier: You typically want to use network.ip_addrs with a cidr mask
14:57 iggy sieve: oh, you want salt['network.interface_ip']('eth0')
14:57 XenophonF joined #salt
14:59 sieve iggy: aaah, excellent
15:00 ghanima If I can ask another question... I am trying to troubleshoot an issue where when executing the test.ping command(and I suspect other commands) I get no resd lponse from host for the majority of hosts that i have associated with my salt master. What I would like to do is profile how long it takes for each minion to send its response back to the salt-master at the time time of the salt command execution
15:00 ghanima is that possible
15:00 numkem sieve: the way I understand what iggy said is jinja receive a dictionnary called salt with all the modules objects as keys, hence having to use () for invoking them. Super clever
15:00 babilen sieve: Don't forget the "|first" -- but then: use CIDR! That way you can specify the network explicitly rather than relying on some (random) interface name ..
15:01 babilen numkem: That's not clever, that's Python ;)
15:01 numkem babilen: its circular than, Python is so clever :)
15:01 timoguin_ joined #salt
15:01 babilen that's so Python
15:02 numkem so salt! :P
15:02 babilen "salt['network.ip_addrs'](cidr='10.0.0.0/8')|first" would be my suggestion (adjust as needed)
15:03 jab416171 joined #salt
15:10 ndrei joined #salt
15:11 hasues joined #salt
15:11 hasues left #salt
15:12 renoirb Hi all
15:12 renoirb is there a way to merge pillars?
15:13 murrdoc pillar.get(key, pillar.get(key), True)
15:13 renoirb I have a pillar that I want to extend without rewriting the state I want to add.
15:14 renoirb Basically I have a pillar that each entry defines a secrets file for rsync. But in that same list, it also declares rsync shares. I dont want to rewrite the state about it but need to add a new share that can reuse one of the secrets. I thought of using a method similar to grains.filter_by does in maps, but for pillars.
15:15 renoirb oh! thx murrdoc !!
15:15 ghanima If I can ask another question... I am trying to troubleshoot an issue where when executing the test.ping command(and I suspect other commands) I get no resd lponse from host for the majority of hosts that i have associated with my salt master. What I would like to do is profile how long it takes for each minion to send its response back to the salt-master at the time time of the salt command execution
15:16 rojem joined #salt
15:16 renoirb so the third argument of ..get is whether or not we can merge.  (I’m not a python dev, couldn’t guess)
15:16 murrdoc yes
15:16 ejk joined #salt
15:17 rocket joined #salt
15:17 nesv joined #salt
15:17 _JZ_ joined #salt
15:18 fridder joined #salt
15:20 __JZ__ joined #salt
15:21 renoirb is there a way to do the pillar merge at a state definition itself? e.g. at file.managed do the merge there?
15:21 renoirb maybe I should do that from the state file instead.
15:21 renoirb not sure yet
15:22 renoirb context?
15:23 desposo joined #salt
15:24 zwi joined #salt
15:24 murrdoc u can call salt['pillar.get'] in your state file and assign it to a variable
15:24 murrdoc then pass that variable to contents_pillar
15:25 mikkn joined #salt
15:28 TheoSLC joined #salt
15:28 josephleon joined #salt
15:29 toanju joined #salt
15:29 renoirb murrdoc so if the state i want to extend: is file.managed, with template: jinja and inside the source, it has {{ pillar['foo'] }}  I could add to that extend a context: reassign variable pillar and merge from there?
15:29 renoirb oh, contents pillar instead murrdoc ?
15:30 murrdoc :)
15:30 bastiandg left #salt
15:30 renoirb am I on a good path murrdoc ?
15:31 murrdoc i think so
15:31 renoirb context can rewrite the pillar inside the source: salt.... file?
15:31 renoirb {{ pillar }} variable, like its a dumb variable name?
15:31 murrdoc i think so
15:31 renoirb gotta try :)
15:31 murrdoc i recommend reading the saltstack recommendation on jinja
15:32 renoirb hahaha, i was expecting rtfm murrdoc  :)
15:32 renoirb I spend my time on the docs, i have local copy to remove load on the site :D
15:32 renoirb its just that I dont always get to know which term i’m searching for :)
15:33 arthurlutz joined #salt
15:33 murrdoc word word, search jinja best practices
15:33 renoirb i dont see docs pages about context for instance, i wonder how its called.
15:33 renoirb :)
15:33 renoirb ok
15:34 salty_to_the_cor joined #salt
15:34 renoirb yeah, i know this state i want to extend isnt using best practices. its an old state dating 2012, i’m unsure If I rewrite for that reason. Why fix it if it aint broken
15:34 rojem joined #salt
15:35 murrdoc brb
15:35 cmcmacken joined #salt
15:35 salty_to_the_cor The salt mongo returner runs on the minion, is it possible to have a reference to where this is called in code on minion
15:35 younqcass joined #salt
15:35 fllr joined #salt
15:36 salty_to_the_cor also how scalable is this option, if we say 1000 minions talking to a db
15:37 iggy renoirb: you can even overwrite {{ salt }} in the jinja context (see f.ex. older versions of the salt-formula and how broken it was)
15:37 cpowell joined #salt
15:38 renoirb ok
15:38 neogenix_ joined #salt
15:38 iggy salty_to_the_cor: if you have 1000 minions talking to a single mongodb server, you'll have the same issues you have with them all talking to the master (for the most part)
15:38 rojem joined #salt
15:39 renoirb basepi, yt?
15:40 basepi renoirb: yes
15:40 renoirb ohai! will you come at pycon too?
15:40 salty_to_the_cor is a mongo returner a good idea then, or rather having something which reports events to the master and then the master puts then in mongo
15:40 salty_to_the_cor is there a way to do that?
15:41 renoirb ohai! will you come at pycon too, basepi ?
15:41 basepi renoirb: yep! Joseph and I will be there.
15:41 renoirb great!
15:41 iggy salty_to_the_cor: I think there's an option in new versions
15:41 basepi We'll come party with you again. =)
15:41 renoirb Yay!
15:41 arthurlutz in pillar/git_pillar.py is there a way to find out the arguments passed to the state being executed
15:41 arthurlutz ?
15:41 iggy salty_to_the_cor: but then your master just becomes the choke point
15:42 dyasny joined #salt
15:42 arthurlutz for example I would like to behave differently when state.highstate test=True (so testing if test=True in pillar/git_pillar.py)
15:42 arthurlutz __opt__['test'] does not have anything in it
15:42 arthurlutz but I guess the __opt__ here is a different __opt__ (master options right?)
15:43 salty_to_the_cor whats the other option say when we are making multiple calls to the master one to configure 5 nodes, the other to comfigure 10, and if we have n times such requests, what is the best practice
15:43 arthurlutz (or can I get the jid there ? )
15:43 andrew_v joined #salt
15:43 salty_to_the_cor iggy: reason i am asking is that we have to maintain jid's somewhre
15:44 salty_to_the_cor where we can poll
15:45 iggy it's not a problem I've had to solve yet
15:46 murrdoc salty_to_the_cor:  check out saltpad
15:46 murrdoc it uses mongodb to store job data
15:47 conan_the_destro joined #salt
15:47 iggy I don't think the question is what are the options, it's what options are actually scalable with 1000s of minions
15:48 salty_to_the_cor thanks murrdoc: . Do you mean the master saves the data to store job data? it dosent use returners?
15:48 Twiglet Carefull talking about dongles or forking at pycon!
15:48 salty_to_the_cor iggy: true
15:48 ek6 joined #salt
15:51 lietu joined #salt
15:51 renoirb This seems silly {% set pillar = {'rsync_shares': salt['pillar.get']('rsync_shares', salt['pillar.get']('rsync_shares_add'), True)} %}
15:52 renoirb I’ll just deal with an if block and be done with it :/
15:53 ghanima so I set in my master config timeout: 15
15:53 cmek is there a working way of deploying the latest salt on redhat 5.x?
15:53 ghanima and everytime I run the command salt '*' test.ping -l debug
15:53 ghanima I still see the timeout being set at 5
15:53 iggy I f'ing told you guys... they are talking about *forge, dependency management, and stuff like that now
15:53 ghanima SaltReqTimeoutErrror: after 5 seconds
15:53 iggy that is way beyond what formulas were meant for
15:53 murrdoc iggy:  ?
15:54 ghanima am i setting the salt master corrently I have confirmed that the value is being set correct in the master
15:54 ghanima using timeout: 15
15:54 jalbretsen joined #salt
15:55 iggy ghanima: timeout: is the time the master waits for the minion to reply.... you're likely hitting some other timeout
15:55 timoguin_ iggy: I'll put you in a forge.
15:55 ccarney_ROCC joined #salt
15:55 ccarney_ROCC left #salt
15:56 iggy ghanima: timeout doesn't show errors when the minions don't reply... it just assumes the minion will eventually reply and the user will go look at the job cache
15:56 ghanima iggy: any recommendations on how to trace this down
15:56 lietu joined #salt
15:57 MTecknology iggy: What do you use for repos?
15:57 iggy MTecknology: blood, sweat, and tears?
15:57 iggy MTecknology: redefine the question
15:57 murrdoc subdirs
15:57 signull subdirs of blood sweat and tears?
15:58 tligda joined #salt
15:58 murrdoc .bkupYYMMDD
15:58 murrdoc more secure than git
15:58 MTecknology iggy: instead of reprepro
15:58 iggy MTecknology: aptly
15:58 iggy (there's even a formula for it... written by some pretty smart, handsome guys)
15:58 MTecknology thanks :)
15:59 ndrei joined #salt
16:00 iggy ghanima: did you google the error message?
16:01 murrdoc "handsome"
16:04 giantlock joined #salt
16:05 zzzirk joined #salt
16:07 desposo joined #salt
16:08 wincyj hey
16:08 wincyj doest archive.extract still has issues with tar.gz?
16:09 pravka joined #salt
16:10 numkem im still trying to wrap my head around the salt mine, the list of functions are as far as I understand modules with arguments. If it is so, how can I give a key arugumet to a function? Say for example I want to see whats the ip for eth0 and eth1
16:10 MTecknology iggy: how did 2015.x.x go?
16:10 zzzirk So I have been unable to find the answer to my question online due to the nature of salt being a remote execution tool.  My question is, can I trigger salt to run a state from a machine other than the salt master (e.g. trigger via an event on a webserver)?
16:10 ek6 i havent had issues in awhile (ubuntu 14.04 2014.7x) with tar
16:10 devweasel joined #salt
16:10 sieve joined #salt
16:10 wincyj ek6: im reffering to tar.gz
16:10 numkem zzzirk: you might want to look at the salt-api
16:10 wincyj with tar i have no probs
16:10 otter768 joined #salt
16:11 numkem zzzirk: this will let you (provided the right permissions) to run states from anything
16:11 iggy MTecknology: fine, it actually seems to have gotten rid of our "minions gone missing" problem
16:11 iggy wonder if that socket keepalive thing actually already got pushed back into 2015.2
16:11 MTecknology nice
16:11 zzzirk numkem: I did a bit and found a call that looks like it'll do it using a WheelClient object IIRC, but it kind of implies I need to modify the configuration to allow external auth.  The docs didn't seem very clear to me though.
16:11 iggy zzzirk: event.fire_master
16:11 wnkz joined #salt
16:12 MTecknology Have you touched anything with raet yet?
16:12 zzzirk iggy: I will look into that
16:12 iggy MTecknology: it's next on the list (release on the 26th, so after that)
16:12 numkem zzzirk: I know this because I had to play with it to make pepper work because its essentially the same idea, except the webserver part of course
16:12 Gareth morning morning
16:13 zzzirk numkem: I just want to dumb down the triggering of a handful of states for some folks that don't need to know the details.  Nice easy web interface.
16:13 iggy MTecknology: but honestly, we don't have many minions, so raet was more of a fix for "minions gone missing"... so it may not be as important now
16:13 ndrei joined #salt
16:13 MTecknology ah
16:13 numkem zzzirk: Yeah I understand what you mean, I will have to do something similar in the future
16:14 zzzirk thanks for the pointers
16:14 iggy our biggest master has ~60 minions
16:14 numkem im still trying to wrap my head around the salt mine, the list of functions are as far as I understand modules with arguments. If it is so, how can I give a key arugumet to a function? Say for example I want to see whats the ip for eth0 and eth1
16:15 theologian joined #salt
16:15 MTecknology My biggest master has ~500 minions.. the only master
16:15 iggy zzzirk: oh, for that you'll probably want salt-api and pepper as was mentioned... event.fire_master would be more for a state on a minion firing off some reactor in the background
16:15 spookah joined #salt
16:15 iggy maybe not pepper if you just want it to be webby
16:16 zzzirk iggy, numkem: we are currently running 2014.1.x, is the salt-api available in that release?
16:17 student1 Hi, all, have a question, I wrote two own states into _states/ and in one of module I wrote mod_watch. In sls I'm using watch. Finally watched function runs firstly, then runs watching function and mod_watch function runs in the and. Why mod_watch doesn't runs before watching function?
16:17 krak3n` joined #salt
16:17 numkem zzzirk: from what I read, salt-api was merged into the salt codebase for the Helium release (2014.7.x)
16:18 numkem zzzirk: so I would assume taht you would have to download the lastest un-merged version beforehand... How had would it be for you to upgrade?
16:18 zzzirk numkem: I was just finding that it doesn't appear to be available in what we are running.  fortunately we are planning on upgrading before long
16:18 istram joined #salt
16:19 iggy zzzirk: you can install it separately
16:19 numkem zzzirk: I see, well there could be a way to go around this issue. I would see something like a json based small api with key authentication that would be running on the master. This api would than talk to the master through it's python api
16:19 iggy (it was a separate project before 2014.7)
16:19 thayne joined #salt
16:19 zzzirk numkem: we have around 1000 minions and haven't done a major upgrade yet so it isn't trivial, it's just unknown
16:20 zzzirk iggy, numkem: thanks guys I'll look into that as well
16:20 zzzirk iggy, numkem: since the webserver is a salt-minion I may be able to just use the event system but will look into both
16:21 iggy if it helps at all, 2015.2 has this cool system called beacons that might be useful too
16:21 iggy you know, after you upgrade
16:22 numkem iggy: i'm really looking forward the beacons system. It would make me not have to implement ossec file watching for PCI compliance
16:23 ek6 after i upgrade to the feb release on the 65th of february there iggy?
16:24 iggy yeah, everybody jokingly said "run a highstate every time someone changed something in /etc"... that'll probably be the first thing I do
16:24 numkem or on ssh out :P
16:24 murrdoc i plan to put a horn in different dev/ops areas
16:24 iggy ek6: heh, they caught so much crap at saltconf for the .2 thing
16:24 murrdoc and based on who owns the server, imma blow that horn
16:25 murrdoc BAAAAH why u on this server b! and  the server is in prod BWAAAHH
16:25 timoguin iggy: that ain't no joke, fool
16:25 timoguin I'm excited about "engines"
16:26 murrdoc have u seen anything engines yet? i read some code on sqs_engines
16:26 murrdoc share cos u care
16:27 timoguin I haven't. Only looked over the SQS code.
16:27 jeremyr joined #salt
16:27 timoguin Would be really nice to have the master reach out and listen to SQS
16:28 numkem timoguin: what are they? Doc doesn't say much
16:28 timoguin well a minion will be more appropriate, but in any case. easy than firing events and setting up reactors, etc.
16:28 timoguin numkem: basically longer running reactors
16:29 timoguin the only one commited at this point listens to an Amazon SQS queue and fires events
16:29 smcquay joined #salt
16:29 numkem reactors have a maximum amount of time? Or it's because it wouldn't block with an engine?
16:29 fllr joined #salt
16:30 timoguin Well, they can limit the number of events actually fired rather than firing them all and only reacting to some.
16:30 timoguin The engine stays running in its own process
16:30 numkem ok, thats what I figured, it's a different implementation. Very interesting
16:31 lietu- joined #salt
16:32 ghanima when running the command salt '*' test.ping -l debug there an output that shows a list of hosts and then a string that says
16:33 ghanima will timeout at XX:XX:XX.XXXXXX
16:33 ghanima What setting sets this timeouyt
16:33 ghanima sorry timeout
16:34 iggy I've never seen anything like that
16:34 iggy what version of salt?
16:35 mikaelhm joined #salt
16:35 aparsons joined #salt
16:35 I3olle joined #salt
16:37 lietu joined #salt
16:37 ghanima iggy: http://paste.ubuntu.com/10586323
16:37 ghanima iggy: salt version 2014.7.1-1
16:40 iggy oh it's a debug message
16:40 iggy yeah, that would be why, I never bothered trying to debug test.ping
16:40 lietu joined #salt
16:41 ghanima iggy: I can produce the same behavior with the cmd.run module as well
16:42 iggy if those aren't supposed to be up, use manage.down removekeys=True
16:42 lietu joined #salt
16:42 dalexander joined #salt
16:42 iggy there are probably hundreds of issues in GH about stuck/unresponsive/etc minions
16:45 ghanima iggy: so I have removed the hosts that are not showing connected
16:46 brayn joined #salt
16:46 TheoSLC joined #salt
16:47 KyleG joined #salt
16:47 KyleG joined #salt
16:47 ghanima iggy: and I can still reproduce the error... I guess one(of many) question is that that string SaltReqTimeoutError what part of the workflow is this timeout referring to, Master, minion, runner the returner what
16:47 ghanima iggy: then ato your point about GH stuck/unresponsive are these all tagged?
16:48 iggy probably not
16:48 ghanima somehow trying to do a generic search and haven't been able to really find anything
16:48 timoguin joined #salt
16:49 ghanima also the runner salt-run manage.alived available in 2014.7.1 version
16:49 ghanima I am getting an error function unavailable
16:49 tomspur joined #salt
16:50 iggy it looks like it's an alias of present
16:51 sieve joined #salt
16:53 fllr joined #salt
16:55 ghanima iggy: the version I installed is from epel is there something I need to enable in order to execute the alias
16:55 shaggy_surfer joined #salt
16:55 iggy just use manage.present
16:56 wendall911 joined #salt
16:59 murrdoc manage.reup
16:59 murrdoc am i right
17:01 seanz joined #salt
17:02 murrdoc iggy:  chad from formulas has gone full java dev
17:02 iggy but no... I'm the crazy one (read: asshole)
17:04 Ryan_Lane joined #salt
17:05 evilrob is there a way to make sure a file has been removed other than using salt.states.cmd to explicitly rm the file?  file.missing won't remove a file, and I don't see file.remove
17:05 murrdoc well, in this casse u arent , safe to say
17:05 evilrob iggy: if you're an asshole, you've not been coming to the meetings.
17:06 germs_ joined #salt
17:07 robot_hands evilrob: perhaps you could combine file.missing with the cmd.run? IE execute the cmd.run only if the file.missing fails
17:08 evilrob robot_hands: I contemplated that, but I'll just add a -f to the rm command so it doesn't complain
17:09 v0rtex does anyone know why I would be getting extra returns from minions? I have already checked to make sure there is only a single salt-minion process running
17:10 evilrob I wish that the modules from the command-line translated better into states.  salt.modules.file.remove exists, but not salt.states.file.remove.  Similarly salt.modules.service.restart vs salt.states.service.restart
17:10 prwilson joined #salt
17:10 Ahlee indeed.
17:10 evilrob is there a philosophical reason there isn't parity, or is it just dev that hasn't been done yet?
17:11 amcorreia joined #salt
17:11 iggy often it just doesn't make sense
17:11 iggy file.absent doesn't work?
17:12 evilrob iggy: that will work.  didn't see it.  I was looking for naming parity.
17:12 iggy that would be a philisophical reason
17:12 evilrob actions vs states of being.
17:12 iggy states are meant to describe a system
17:12 iggy not how the system got into that state
17:13 prwilson does everything execute sequentially in an SLS (provided you're not using requisites aside from listen)?
17:13 iggy prwilson: yes
17:14 devweasel joined #salt
17:14 prwilson iggy: thx.  also wondering if you have a /srv/salt/application that has both an init.sls and a dev.sls in it, does the dev sls get called when one calls application (which I know calls init.sls) or do you have to explicitly call application.dev ?
17:15 evilrob so to restart a service after running a command, can I stick a service.running under a cmd.run with a reload: True in it?
17:15 iggy you either call application.dev or include:\n - application.dev in init
17:15 evilrob like - https://paste.ee/p/K2LXN
17:16 shaggy_surfer joined #salt
17:16 iggy evilrob: normally you'd use watch/listen (or _in variants) to denote a connection between the 2
17:16 prwilson iggy: ok.  if i specifcally call application.dev, does it also call the init.sls or would that be an include:\n  - application ?
17:17 iggy prwilson: it does not automatically include anything
17:17 prwilson iggy: perfect, thanks
17:17 dalexander joined #salt
17:24 josh joined #salt
17:24 davet1 joined #salt
17:27 prwilson joined #salt
17:27 mimianddaniel joined #salt
17:28 murrdoc1 joined #salt
17:29 murrdoc1 joined #salt
17:29 urtokk joined #salt
17:29 sk_0 anyone set pillar values from vagrant file? I can't get it to work
17:29 josephleon joined #salt
17:29 fragamus joined #salt
17:32 amcorreia joined #salt
17:32 SheetiS sk_0: you are trying to set pillar values per this example? http://docs.vagrantup.com/v2/provisioning/salt.html
17:33 debian112 How can check if a file exist on the saltmaster? I was looking to check before using the ssh_key_{{ username }}: section:
17:33 debian112 http://paste.debian.net/160967/
17:34 sk_0 SheetiS: yes, i did it just like that example
17:34 debian112 BTW, thanks iggy for all you help this week. I am almost done with this state. One last thing with checking the source
17:34 jespada joined #salt
17:34 SheetiS debian112: use multiple sources and default to a blank source as the last one
17:34 SheetiS then you don't have to check
17:34 debian112 SheetiS: thanks
17:35 evilrob "reason: [Errno 12] Cannot allocate memory" I'd blame salt for making my VM run out of memory, but it's only got 512M
17:35 SheetiS debian112: you can do like this: https://bpaste.net/show/9da4c5ddf50b
17:35 jcsp joined #salt
17:36 SheetiS and it will keep going through the list until i has one that works
17:36 debian112 cool, I will check it out: SheetiS
17:36 josephleon joined #salt
17:36 SheetiS sk_0: I assume since you are setting the pillar like that you are doing a masterless config?
17:37 prwilson joined #salt
17:37 forrest joined #salt
17:37 scbunn joined #salt
17:38 iggy my suggestion was going to be the same as SheetiS'
17:38 iggy #SSCEApproved
17:38 forrest joined #salt
17:39 forrest joined #salt
17:39 evilrob possible defect:  when setting a grain through grains.present to a value: True, the value stored in the grains file is "true" and thus the expected match with 'True' fails
17:40 * Gareth mutters about pylint
17:40 SheetiS iggy: I just figured it adhered to the KISS principle.  Don't add a bunch of logic to test for exists when a blank default gets the job done and keeps my state cleaner.
17:40 SheetiS evilrob: are you wanting to match the text 'True' as oppsed to a boolean true?
17:41 SheetiS (and if so why?)
17:41 evilrob SheetiS: no, I just want to know if it's set.  did the single quotes force a text match?
17:42 SheetiS Single quotes forces a text match, yes.
17:42 evilrob ok, user error then.  :)
17:44 bhosmer__ joined #salt
17:47 bhosmer_ joined #salt
17:48 v0rtex I have some really weird behavior I've been trying to figure out for awhile now. When I run a command from my master targeted to minions under a syndic-master it seems to be sending the job like 5 times to each minion
17:48 v0rtex with debug on I'm seeing the jobs come through with the same jid but it's like 5 times in a row
17:48 baweaver joined #salt
17:48 v0rtex and then my master spits out the returned data just as many times
17:49 v0rtex it's craziness
17:49 neogenix_ joined #salt
17:49 SheetiS I don't have a lot of experience with syndic to be able to comment myself :(
17:49 rojem joined #salt
17:50 sfxandy joined #salt
17:50 iggy if it's the same jid, it's not being sent 5 times
17:50 iggy that's about the extent of what I can say though
17:50 iggy <-- also no syndic experience
17:52 v0rtex iggy: that's what I would think but on my syndic-master I just see a lot of "Sending event - data = {... 'jid': '20150312113925790924' ...}" with the same jid to the same minions
17:52 iggy but what's the event?
17:52 iggy is it just checking on progress? or is it actually telling it to do something?
17:54 v0rtex Sending event - data = {'fun_args': [], 'jid': '20150312113920752227', 'return': True, 'retcode': 0, 'success': True, 'cmd': '_return', '_stamp': '2015-03-12T11:39:25.893806', 'fun': 'test.ping', 'id': 'ddmvarnish03-ssl.deseretdigital.com'}
17:54 v0rtex I see that tons of times in a row
17:54 forrest joined #salt
17:55 v0rtex you know - I think I'm getting lost in my logs
17:55 v0rtex hold on
17:56 bhosmer_ joined #salt
17:57 neogenix_ joined #salt
17:58 v0rtex here's a small sample of some logs - I see a lot of this: http://hastebin.com/ihexibevic.vhdl
17:59 iggy are you testing with test.ping?
17:59 v0rtex yep
18:00 conan_the_destro joined #salt
18:00 iggy Do you see the same with functions other than test.ping?
18:00 * robawt highfives conan_the_destro
18:01 v0rtex I sure do
18:01 v0rtex here's what I see returned on my main master: http://hastebin.com/igipovisiy.sm
18:01 iggy open an issue *shrug*
18:01 v0rtex yeah, I may do that - it's been driving me crazy
18:01 spookah joined #salt
18:01 jespada joined #salt
18:01 * conan_the_destro waves at robawt
18:03 relidy I need to make some changes to a yum repository config file that's provided by an RPM. I found salt.modules.yumpkg.mod_repo, and I've managed to get it to do what I want on the command line. I'd like to make this happen in a state. Would "module.run" be the right approach to use?
18:04 SheetiS v0rtex: do you get any messages like this in your logs anywhere? -> 2015-03-12 18:00:11,557 [salt.loaded.int.returner.local_cache       ][ERROR   ] An extra return was detected from minion <minion_id>, please verify the minion, this could be a replay attack
18:05 v0rtex SheetiS: I will check - I had some of that with a different issue before but I solved that so I'll check again
18:06 iggy relidy: salt.states.pkgrepo ?
18:06 v0rtex SheetiS: yep, seeing that
18:06 SheetiS hmm.  What salt version?
18:07 younqcass joined #salt
18:07 giantlock joined #salt
18:07 relidy iggy: I did see salt.states.pkgrepo, but it looked like it was more intended to manage the entire repo file, not make changes to something existing, but I'll take another look.
18:08 iggy relidy: I'm not sure about the yum side of things, but the apt version will change the file (sometimes... if it's close enough)
18:08 v0rtex SheetiS: 2014.7.1
18:09 iggy relidy: the other option is just .absent the pkg one and .managed your own version
18:09 relidy iggy: Thanks, I'll do some more digging and testing here.
18:10 triplecorn joined #salt
18:10 cheus Does anyone what /etc/salt/minion_id is and how it interact with the id param of minion config?
18:10 cheus interacts
18:11 otter768 joined #salt
18:12 SheetiS cheus: it is used if you don't set the id param in /etc/salt/minion
18:12 SheetiS otherwise it does the same thing
18:12 cheus Sheet15: so id param is a hard override and no-damage done if they conflict?
18:13 prwilson joined #salt
18:14 iggy no-damage is an overstatement... at the very least it'll confuse the shit out of anyone who sees them different
18:14 SheetiS cheus: I am 99% certain that the id param overrides that file (it is definitely a one-overrides-the-other).  If they don't match, it may just create confusion for you.  I'd recommend cleaning up whichever is 'wrong', but there should be no-harm-no-foul.
18:14 SheetiS iggy++
18:14 ghanima iggy: so after playing around a little bit I added a timeout on the salt command and added 45 seconds and I am getting a consistent response from every hosts
18:15 forrest cheus: Good to see you, we were discussing the formula stuff in here yesterday
18:15 * iggy backs away slowly
18:15 ghanima iggy: I am having a hard time correlating if this is a minion issue or a master issue. It seems that the salt command gets a valid response from a bunch of hosts and then gives up waiting for the rest but what I don't understand and what level is that giving up on
18:16 cheus SheetiS / iggy , It's a Vagrant thing -- it doesn't sync files... and I don't want to sync all of /etc/salt
18:16 iggy ghanima: don't know... if it bothers you that much open an issue asking for clarification in the docs
18:16 hal58th1 ghanima, timeout is poorly documented. it actually means what the refresh frequncy to check on the minions for a response.
18:17 kawa2014 joined #salt
18:17 ghanima hal58th1: So if -t allows to wait for the output from any give period I presume there there is a refresh setting that can be enabled on the master I hope?
18:18 hal58th1 well, you are using the CLI for this command? Sorry I didn't read all the chat log.
18:18 cheus forrest, I'm trying to lurk more often right now. My work is seasonal. DevOps springs, development summers, and project management winters.
18:19 cheus forrest, I hope the conversation was productive. :)
18:19 ghanima hal58th1: I am my use case is primary execute commands off a serious of hosts(about 1100 hosts) and need to see the output of the results
18:19 forrest cheus: It was pretty much the same thing we've discussed before regarding differing opinions
18:19 ghanima Ouch I am tired... that meant to say my use case needs to execute a singular command off a series of hosts(about 1100 hosts) and I need to see the output of the results
18:20 ghanima hal58th1:  I am using cmd.run
18:20 MatthewsFace joined #salt
18:21 MatthewsFace joined #salt
18:22 iggy looking at the output of the same command run 1100 times sounds counter-productive
18:24 numkem how can I debug pillar sls rendering error? Says to refer to the master log but the logs only show the same thing
18:24 kawa2014 joined #salt
18:25 iggy pillars don't generally have a lot of rendering to do
18:25 iggy but you'll probably want the logging cranked up to debug to see the rendered output
18:25 amcorreia joined #salt
18:26 ghanima iggy: Its not ideal agreed, but moving to a state file shortly however one of criteria is making sure for every state file that is executed that we can execute the command directly in salt
18:26 ghanima so we are testing the later right now
18:26 hal58th1 ghanima, you could do "sudo salt-run jobs.list_jobs" and then lookup the status of the command with "sudo salt-run jobs.lookup_jid 20150312112518335243". Replace the number with your number of the job.
18:26 iggy you'll generally find the mapping works fine that way, not so much the other way (i.e. you can do more with modules than states)
18:29 ghanima hal58th1: just curious do most users of saltstack look at the job history of status of all commands executed... I can do that but it just seems odd to look at the job status instead of seeing it in real-time no?
18:29 numkem iggy: logging on the master? i tried running the task with salt-call and doesn't give much
18:29 hal58th1 no, it's not the usual way. But it does help you troubleshoot ghanima
18:29 vstoniest joined #salt
18:29 iggy numkem: salt-call just calls the minion code (you want the actual master log)
18:30 MTecknology {% if 'type' in grains and grains['type'] == 'web' %}  ... this seems like not the best way to do things...   Shouldn't that be  {% if grains.get('type', '') == 'web' %}?  Realizing that grains to identify roles isn't the bestest of ideas
18:31 yekta joined #salt
18:31 ghanima hal58th1: Agreed this is very very useful thank for this... but to go back to the refresh and timeout issue... If for every command I execute and I can see it successfully executed in the job list... What exactly does that mean.. Obvisouly all the hosts got the command the salt run didn't wait for the results... I guess I am trying to understand why didn't it wait
18:31 iggy ghanima: I imagine most people with that many hosts use either --batch or use returners and some sort of UI to see what's returned
18:31 numkem would it be normal to run the master in debug mode for production use?
18:31 iggy numkem: not at all
18:32 numkem ok, just for issues than, noted
18:32 iggy MTecknology: salt['grains.get']('type') but yeah
18:32 MTecknology iggy: no default value needed?
18:32 Fiber^ joined #salt
18:33 iggy the default default is NoneType which evaluates to false
18:33 bhosmer_ joined #salt
18:33 iggy the bad part about that kind of check is you can't have a minion do multiple things
18:33 hal58th1 Well salt CLI is semi asynchronous. You will push a command to all minions and Salt will try and wait for all minions to respond. But it will decide that it waited long enough to give you the command prompt again.
18:33 hal58th1 You publish a command and a minion decides that it needs to act on it or not. The master is not in charge of which minions get the command. Minions decide if the command should be executed on themselves.
18:34 MTecknology Why can't it do multiple things?
18:34 iggy our roles/type/tags is a list and we do {% if 'web' in salt['grains.get']('tags') %}
18:34 MTecknology oooh... I like that better
18:35 iggy we call them tags because that's what GCE calls them and that's where our custom grain module pulls that data from
18:35 iggy my boss has asked me like 100 times why we call them tags instead of roles
18:37 MTecknology It's gonna be fun to go through all of the states our devs built and tidy them up. They assume custom grains have been set for every box instead of assuming I might like to deploy a box for them and run highstate on it before handing it to them
18:38 murrdoc joined #salt
18:38 MTecknology it's not intentional, though. This particular group of devs is pleasant to work with
18:39 MTecknology grep grains * -R | awk -F: '{print $1}' | sort | uniq    ....  How can I pipe that into a list of files to open with vim? ...
18:40 MTecknology ah, duhr..
18:40 MTecknology vim $(grep grains * -R | awk -F: '{print $1}' | sort | uniq | grep -v Binary)
18:41 melocinaptor joined #salt
18:42 MTecknology iggy: I love your fancy magic!
18:42 sk_0 SheetiS: yes, master less
18:43 iggy #SSCEApproved
18:43 SheetiS MTecknology: or you could have piped to 'xargs <application>' to avoid the whole subshell  thing
18:43 aron_kexp joined #salt
18:44 tech_ joined #salt
18:44 MTecknology SheetiS: good point..
18:46 SheetiS Though vim might warn about getting input from a non-terminal in the xargs case, it would likely still do what you want ;-)
18:46 toanju joined #salt
18:49 MTecknology they have soooooo many conditionals... :(
18:49 SheetiS I definitely do a list for roles for doing the {% if 'role' in salt['pillar.get']('roles') %} or whatever (did the same with grains until a week ago when I switched to an ext_pillar since I always get so much grief for being insecure with my grains :P)
18:49 baweaver joined #salt
18:49 CeBe joined #salt
18:49 SheetiS I really hate conditionals that are minion specific
18:51 MTecknology they're ALL about grains
18:51 MTecknology if grains['environment'] == prod
18:51 timoguin yuck
18:51 MTecknology yup .. but I'm not going to make them change
18:52 timoguin You can't change people.
18:52 timoguin Unless they want to change.
18:52 timoguin iggy: have you gotten your SSCE cert on the website yet?
18:52 MTecknology hal58th1 did, I did not
18:53 iggy timoguin: nope (well, not when I checked last night)
18:53 neogenix_ I havent yet either.
18:53 timoguin I got an email saying I passed, but still nothing on the website
18:53 iggy ditto
18:53 MTecknology in this case, it's their own repo of states that applies to only this group of servers. I want to help them with efficiency and errors, but beyond that, I want to let them do this however they wish
18:55 MTecknology heh...
18:55 ndrei joined #salt
18:55 thedodd joined #salt
18:56 MTecknology {% set host = grains['host'] %}  followed by a single use of {{ host }}
18:57 ipmb joined #salt
19:00 iggy shake your head and _hope_ there were more uses of {{ host }} at some point
19:01 murrdoc grains[] 0_0
19:01 loggyer joined #salt
19:03 mattiasr joined #salt
19:06 nexsja^ joined #salt
19:07 nickg where does the minion cache the pillar data?
19:08 pravka joined #salt
19:10 murrdoc cache_dir on master
19:11 MTecknology my golly gosh... sooooooo much checking of grains
19:12 murrdoc whats the reason not to use grains, outside of security
19:12 ghanima when doing a search for jobs can you filter for a date preferrably date range
19:13 MTecknology murrdoc: it's just the way they used grains .. a bit clunky and VERY error-prone
19:14 murrdoc babilen:  has some reasons, i should ahve asked , i really want to know why its omg so bad
19:15 MTecknology murrdoc: they way they did this... it would have been better to build a map of settings from grains instead of a lot of testing and conditionals throughout all of the states
19:15 murrdoc no doubt
19:16 denys joined #salt
19:16 MTecknology they don't use ".d" directories for configuration changes much either
19:17 ghanima iggy: just FYI after looking at the man pages for salt -s is what I really needed
19:18 numkem can you use the salt variable in pillar?
19:19 numkem by that I mean in a pillar sls file, doing something like salt['mine.get'], keep getting an error the second it sees it
19:20 jcsp joined #salt
19:21 numkem http://docs.saltstack.com/en/latest/ref/states/vars.html seems to say that you can
19:24 zer0def joined #salt
19:24 signull anyone know if there were videos recorded from saltconf 2015? Just curious if any videos are going to hit the web anytime soon.
19:28 baweaver joined #salt
19:31 Gareth There were videos, they outsourced to a 3rd party.  I'd imagine they're processing them and they should be up soonish.
19:32 ckao joined #salt
19:33 MTecknology "33 files changed, 90 insertions(+), 96 deletions(-)"  DONE!!
19:34 murrdoc nice
19:34 murrdoc Gareth:  !
19:34 Gareth murrdoc: ?
19:34 murrdoc :) pm  ?
19:34 Gareth murrdoc: $$$
19:34 murrdoc all day
19:34 Gareth murrdoc: hit me.
19:34 murrdoc go fish
19:34 murrdoc pm'ed
19:35 MTecknology How do I dump a diff from my last set of changes?
19:35 murrdoc git diff HASH… -w
19:36 MTecknology :D
19:37 murrdoc no ?
19:39 murrdoc if u dont have git, put code in two dirs
19:39 timoguin joined #salt
19:39 murrdoc and then do a diff -r
19:40 nikogonzo joined #salt
19:40 MTecknology dangit.. I couldn't cleanly apply the patch. :(
19:40 mikaelhm joined #salt
19:41 colonD joined #salt
19:43 dave_den joined #salt
19:43 TheoSLC joined #salt
19:44 murrdoc MTecknology:  http://i.imgur.com/jUwWR3s.gif
19:44 eindoofus joined #salt
19:45 eindoofus hi, just curious, what is salt?
19:45 MTecknology murrdoc: heh.. interesting
19:45 murrdoc i am saying, nuke it from orbit and start fresh
19:47 Nazca__ joined #salt
19:48 eindoofus left #salt
19:52 iggy numkem: for some things... don't know if mine will work... grains should
19:53 notnotpeter Does anyone have experience or examples of using Pepa beyond what's in the Salt Docs/github? https://github.com/mickep76/pepa
19:53 iggy signull: every talk I was in was recorded (and every room I was in had a camera), so I imagine that all talks (except mine ;) were recorded
19:54 signull well i can't wait till they get thrown up onto the web
19:55 iggy signull: watch the saltstack channel on youtube
19:55 iggy https://www.youtube.com/user/SaltStack
19:55 signull iggy: been nothing new for 4 months
19:56 signull i'll keep an eye
19:56 iggy the conference was last week
19:56 iggy they said it shouldn't take 8 months like last year, but 8 days is a bit optimistic
19:57 sophomeric Is it possible to record the IP of a minion that fails to auth?
19:57 neogenix joined #salt
19:59 krak3n` joined #salt
20:00 intellix joined #salt
20:01 _ale1_ joined #salt
20:02 zzzirk iggy, numkum: hey, just wanted to thank both of you.  I got the basic proof of concept up and running using salt-api.  I *greatly* appreciate your help.
20:02 zzzirk er, numkem not numkum.  sorry ;)
20:02 hasues joined #salt
20:03 numkem zzzirk: you are welcome! That was pretty fast!
20:03 numkem for the proof of concept I mean
20:03 zzzirk well, I don't have the web frontend done, but I have a simple script that triggers the salt state I wanted
20:03 hasues left #salt
20:04 numkem thats all that matters really
20:04 zzzirk I basically had everything conceptually done in my mind, just need you guys to help me get on the right track as to the HOW
20:04 racooper so, with salt.states.iptables.append, does the command check for the existing of the rule being added and not duplicating if it does exist?
20:04 hal58th1 I believe so racooper. Why not just try it?
20:05 racooper I will at some point, just didn't see anything in documentation stating so.
20:05 v0rtex racooper: all state modules are supposed to be idempotent so it definitely should check for the rule's existence prior to setting it
20:06 iggy it's notably broken on RH based systems though
20:06 numkem by experiance I can say that it is, I ended up having to do it by hand with a script in the end
20:07 hal58th1 numkem, why did you have to do that? I was going to POC some or our rules and see how well salt handled it
20:08 racooper iggy,  what's broken? can you reference?
20:10 zer0def joined #salt
20:12 numkem hal58th1: not sure what you mean, I had issues with redhat based systems (centos) with iptables
20:12 otter768 joined #salt
20:12 hal58th1 I was just curious what problems you ran into. Was deciding to use states.iptables or custom scripts.
20:13 racooper https://github.com/saltstack/salt/issues/17217
20:13 racooper hal58th1,  that mentions several issues but mostly that iptalbes on RHEL6 doesn't support the --check option.
20:13 wincyj joined #salt
20:13 numkem what I would do (and will have to do)
20:14 murrdoc file.managed for the win
20:14 numkem is to use the builin script system in centos that uses the /etc/sysconfig/iptables and the iptables service
20:14 timoguin joined #salt
20:15 numkem its not perfect because it won't override changes that were made manually but thats all we can hope for on rhel
20:16 hal58th1 hmmm yeah. I'm not using RHEL based systems, but I would like to know the module works flawlessly first
20:16 hal58th1 Thanl's for the heads up racooper
20:16 racooper looked at that, but it seems to mean I'm going to need at least 5 different /etc/sysconfig/iptables files, if not more
20:17 paha joined #salt
20:17 catpig joined #salt
20:17 racooper this comment https://github.com/saltstack/salt/issues/17217#issuecomment-62035010 has workaround using lokkit and the unless state directive
20:17 numkem racooper: I will build mine by looking at roles and puttig the rules in pillar, at least thats what i have in mind
20:23 Yella joined #salt
20:23 Yella Hi All, excuse me if this is the wrong place but I'm having an issue with salt cloud and vsphere
20:24 Yella I get this message when doing a state.orchestrate:
20:24 Yella Traceback (most recent call last):   File "/usr/lib/python2.7/dist-packages/salt/cloud/__init__.py", line 1193, in create     output = self.clouds[func](vm_)   File "/usr/lib/python2.7/dist-packages/salt/cloud/clouds/vsphere.py", line 351, in create     vm_, pprint.pformat(ret['deploy_kwargs']) KeyError: 'deploy_kwargs' [ERROR   ] An exception occurred in this state: Traceback (most recent call last):   File "/usr/lib/python2.7/dist-pac
20:24 Yella File "/usr/lib/python2.7/dist-packages/salt/cloud/__init__.py", line 1327, in run_profile     raise SaltCloudSystemExit('Failed to deploy VM') SaltCloudSystemExit: Failed to deploy VM
20:24 Yella vm_, pprint.pformat(ret['deploy_kwargs']) KeyError: 'deploy_kwargs'
20:25 Yella The VM is cloned from a template, and is successfully cloned when that message is displayed
20:25 alfborge joined #salt
20:26 alfborge basepi: Hi, I see from the mailing list that there are some known issues with multimaster in 2014.7.1, could you point me to an issue for that?
20:26 alfborge We're running multimaster so I want to know more about the problems we might run into.
20:27 basepi alfborge: There might be a couple, but here's one: https://github.com/saltstack/salt/issues/20197
20:31 andrew_v joined #salt
20:33 alfborge Auch, that's pretty bad. What's the timeframe for 2014.7.3?
20:33 beneggett joined #salt
20:33 iggy "maybe"
20:34 murrdoc "jah will provide"
20:35 zer0def joined #salt
20:35 timoguin Looks like I won $1500 in Azure credits at the conference.
20:36 neogenix weehee: You were individual number 176 to be awarded this certification.
20:39 timoguin Is that going to be like a super low Slashdot id one day?
20:39 KyleG joined #salt
20:39 KyleG joined #salt
20:40 basepi alfborge: well, soon. but first we have to get the bug fixed. cachedout is working on it
20:42 spookah joined #salt
20:42 XenophonF oh man i haven't logged into slashdot in like forever /humblebrag
20:43 XenophonF ;)
20:43 murrdoc basepi:  is multi master issue in both 2014 and 2015.2
20:43 badon joined #salt
20:47 alfborge basepi: Thanks, I'll check back in tomorrow. :)
20:48 smcquay joined #salt
20:48 * timoguin grumbles about EC2 tags not being available via the metadata API.
20:48 bash1245_ joined #salt
20:51 iggy there's a grain for that
20:51 murrdoc si si
20:52 timoguin yes but it's fugly.
20:52 timoguin I had deployed it and ripped it back out. But looking at it again.
20:52 iggy the gce one is pretty
20:53 flowenol joined #salt
20:53 iggy (but poorly documented)
20:53 thedodd joined #salt
20:53 giantlock joined #salt
20:53 flowenol Im getting this error on a 512mb ram vm, any clues? reason: [Errno 12] Cannot allocate memory
20:53 iggy which was also (not surprisingly) mentioned in my recent performance review
20:54 timoguin So pretty, iggy. Compliment who ever wrote that...
20:54 iggy flowenol: is it... out of memory?
20:54 iggy and 512M really?
20:54 flowenol so it seems but i never had problems before using saltstack, yes really im simulating a t2 aws instance
20:54 basepi murrdoc: fixed in 2015.2
20:55 timoguin flowenol: yea I've ran into memory errors running 512MB VMs locally
20:55 flowenol the small one fc
20:55 basepi but the code in 2015.2 had large rewrites that prevented easy backporting to 2014.7, which is why the bug is still present there.
20:55 flowenol timoguin: the problem is if it runs out of memory on m local vm, may run out on aws right?
20:56 timoguin flowenol: sure
20:56 iggy 512 is going to be painful for a master (even if you manage to get it running)
20:56 timoguin Depends on what you're running, but yea.
20:56 flowenol it has been functioning ok
20:56 flowenol now im adding one or two things and its giving me problem
20:56 flowenol could it be a version issue?
20:57 iggy we had issues with it on a f1-micro (gce - .6G)
20:57 Linuturk joined #salt
20:57 timoguin I don't go below t2.medium on AWS anymore.
20:57 flowenol i didnt want to upgrade the vm yet since im enjoying the free year
20:57 iggy not so much the ram, but the fact that they are so oversold that we could barely get anything done
20:57 neogenix flowenol: anything else on the node? and do you have any swap on the node?
20:57 neogenix flowenol: i had that until I added swap on the vagrant.
20:57 murrdoc basepi:  totes srs question, when will 2015.2 get its first point release, one month after release or two ?
20:57 flowenol im running vagrant yes, good point on the swap
20:58 flowenol idk if i do have
20:58 * iggy decides not to kick a man when he's down
20:58 flowenol i dont
20:59 flowenol another question how do I install an older version
20:59 flowenol can it be done?
20:59 flowenol with the bootstrap script
20:59 iggy from packages? probably not
20:59 iggy from git, sure
21:00 iggy (we ran 2014.1.git for months because the last release was... missing a feature we use)
21:00 kermit joined #salt
21:00 iggy actually, prod still has it
21:00 flowenol hmmm let me try that then
21:00 timoguin I'm still running from git since I had a show-stopper in 2014.7 and dont' have my own package repo yet.
21:02 timoguin iggy: and the main issue with the ec2 grains is the ones for tags are looking for credentials rather than using instance roles
21:02 timoguin ec2_info.py works great, just doesn't have tags
21:04 iggy should have had that guy that wrote the gce ones write the ec2 ones
21:05 timoguin If only we could locate...
21:05 murrdoc #sssceapproved and selfreferential
21:05 murrdoc ego.status == blooated ? yes: no
21:05 murrdoc :D
21:10 lietu joined #salt
21:11 peters-tx Fyi I just got an email from saltstack re: SSCE  "Your exam scores have been loaded into https://ssc.saltstack.com.  You can now lookup your SSCE status using your official SSCE lookup id"
21:11 shaggy_surfer joined #salt
21:11 timoguin Me too
21:14 thedodd joined #salt
21:14 prwilson any ideas when 2015.2 rc2 is coming out?
21:17 MTecknology You were individual number 204 to be awarded this certification.
21:18 MTecknology 0x710C6EC7   Woohoo!!! :D
21:18 basepi murrdoc: we will shoot for 1
21:18 basepi maybe even faster
21:18 iggy I haven't gotten mine yet :/
21:18 peters-tx This individual was SSCE number 168 to be awarded this certification.   here :)
21:19 murrdoc basepi:  u the best
21:19 hal58th1 check your spam iggy?
21:19 iggy I have a sneaking suspicion mine is going to be weird (I wasn't initially in the system, guy at the desk had to manually add me)
21:19 jerematic joined #salt
21:19 iggy bahahah
21:19 MTecknology time to close up everything... moving into a new building tonight
21:19 iggy There's a shit ton of stuff from salt in my spam
21:20 * v0rtex was SSCE #195
21:20 murrdoc <— was #16
21:22 bhosmer_ joined #salt
21:23 peters-tx joined #salt
21:27 baweaver joined #salt
21:28 Singularo joined #salt
21:31 Vynce joined #salt
21:32 zer0def joined #salt
21:35 iggy 199 ... stupid spam folder
21:36 N-Mi joined #salt
21:38 gmoro joined #salt
21:38 flowenol iggy: downgraded to 2014.1.10 no memory issues
21:38 iggy which one had issues?
21:38 bluenemo joined #salt
21:38 wedgie joined #salt
21:39 * signull was SSCE # √0
21:42 thayne Who knows about RAET?  I'm seeing failures with salt 2015.2.0rc1 and raet 0.6.2.
21:42 eriko joined #salt
21:44 thayne Failures as in AttributeError exceptions with a traceback.
21:46 signull thayne: I was using raet for a bit. It broke a few times for me. if libnacl and raet are latest, it wont work with the rc of 2015.2
21:46 signull you will need to bring 2015.2 up to date if you want it to work with latest libnacl and raet python modules
21:47 thayne signull: that must be it - I updated to latest for both raet and libnacl when I pulled-up to 2015.2.0rc1.
21:47 loz-- joined #salt
21:48 signull thayne: try downgrading them or upgrading salt. There is a ticket in the issues section on github. This error was introduced about 2 weeks ago
21:49 thayne Thanks.
21:50 signull thayne: as per this issue: https://github.com/saltstack/salt/issues/20642 you may want to update module ioflo as well
21:53 thayne Hmmm.  That's not it for me.  I have this:   File "/home/omniture/install/lib/python2.7/site-packages/salt/utils/raetevent.py", line 101, in _setup_stack
21:53 thayne stack.Pk = raeting.packKinds.pack
21:53 thayne AttributeError: 'module' object has no attribute 'packKinds'
21:54 murrdoc https://github.com/saltstack/salt/blob/develop/requirements/raet.txt
21:54 murrdoc do u have all those requirements
21:54 murrdoc and or the equivalent for your version of salt
21:54 thayne I don't see any reference to packKinds in raet 0.6.2:raet/raeting.py
21:55 kunit joined #salt
21:56 thayne httpd@qe2.qc ~][QC]$ rpm -qa \*ioflo\* \*nacl\* \*raet\*
21:56 thayne omtr-python2.7-ioflo-1.2.1-1.noarch
21:56 thayne omtr-python2.7-raet-0.6.3-1.noarch
21:56 thayne omtr-python2.7-libnacl-1.4.1-1.noarch
21:57 thayne I *believe* I have all of the dependencies (including libsodium: 1.0.2).
21:58 che-arne joined #salt
22:02 mosen joined #salt
22:04 jespada joined #salt
22:04 lothiraldan joined #salt
22:04 Yella Hey does anyone know why people reccomend "deploy: False" in vsphere config?
22:06 murrdoc thayne:  sorry, no clue, put that on github issues
22:06 Corey Git says: Switched to a new branch 'rigor-moartests'
22:07 murrdoc ahahaha
22:08 nexsja joined #salt
22:08 Matthews_ joined #salt
22:09 jespada joined #salt
22:09 cmcmacken joined #salt
22:12 kunit in the pillar walkthrough, there is a data.sls
22:12 * MTecknology wants SSCA!!!
22:13 aquassaut joined #salt
22:13 kunit but minion returns ID info in SLS data is not a dictionary
22:13 otter768 joined #salt
22:14 germalot joined #salt
22:15 Ryan_Lane joined #salt
22:18 germalot Hello! So I am using the salt-stack mysql-formula, which I've modified to install percona xtradb cluster, and that's working, and I setup a few more options in defaults.yaml to include a few percona specific variables, but now I want to extend that a bit (I think extend is the right term) so that new machines overwrite one of those options. I am not sure what the best way to proceed is.
22:20 AlexStraunoff joined #salt
22:25 thayne murrdoc: https://github.com/saltstack/salt/issues/21611
22:25 MTecknology germalot: I don't know that I understand what you're asking
22:26 germalot MTecknology: Well, i guess I am asking how to extend a formula with a salt state?
22:26 notnotpeter Can anyone point to me where in the code import_yaml is implemented?
22:27 germalot MTecknology: I want the end state to be such that new nodes using that formula use a couple new variables instead of the ones in the formula.
22:27 germalot MTecknology: but keep everything else the same with the formula.
22:27 baweaver joined #salt
22:28 MTecknology I always find a formula, test it, then adapt it to the structure of everything else I have and then modify it as needed.
22:28 MTecknology The only formula that I actually utilize as it's written is gitlab
22:29 murrdoc MTecknology:  speaks the  truth
22:30 cuibonobo joined #salt
22:31 germalot the formula is great, but since I am trying to spin up subsequent servers as part of a cluster of databases, I need to change just one variable. i guess.... maybe copy the formula to be a "slave" formula and just edit the variable that way
22:31 murrdoc do u hvae a local git instance ?
22:32 murrdoc mirror the formula there and make your edits, assuming gitfs
22:33 germalot i dont. i just cloned them and edit them locally. version control is for smart people.
22:33 murrdoc haha
22:33 murrdoc well in that case
22:33 murrdoc edit away
22:33 murrdoc formuals are recommendations, not set in stone
22:34 germalot anybody using salt stack to configure galera/percona cluster/mysql slaves?
22:43 pravka joined #salt
22:43 germalot thanks everybody! I am still super new to salt, but damned impressed with how functional and easy it is (especially with salt-cloud!
22:49 iggy germalot: if you can generalize the changes you make enough, it would be nice to get those pushed back into the mysql-formula
22:52 germalot iggy: i think it'll end up being a percona-xtradb-cluster formula, more than mysql. they're just so close that mysql formula was the best way to start. I actually just saw the "pkgrepo.managed" option so that'll help clean up my config a bit. and I only made the changes for ubuntu and debian.
22:52 iggy that's actually not uncommon (someone making changes for one group of distros)
22:53 khris germalot: cannot vouche for completeness or accuracy, but https://github.com/jesusaurus/salt-formula-percona
22:53 jesusaurus there was a time that that was running in production, but i no longer work on that team
22:54 germalot hey wow!
22:54 murrdoc arent jesus and 'sauruses' mutually exclusis
22:55 jesusaurus if they were, i wouldn't exist?
22:55 germalot sometimes i amazed at my google fu failure.
22:55 germalot I thought the Utah Raptor was the Jesusaurus
22:55 murrdoc thats what i was thinking
22:55 murrdoc how could jesus and saurus
22:55 murrdoc *blink*
22:57 germalot this looks like a great formula! I'll have to update it a bit for trusty I think, but easy peasy.
22:58 murrdoc when u do send a pull to the jesus
22:58 germalot i... don't know what that means... that's so sorta... git thing.
22:58 germalot i have a friend, he knows things about being responsible, I'll have him help me!
22:59 jespada joined #salt
23:00 otter768 joined #salt
23:06 josephleon joined #salt
23:11 markm joined #salt
23:18 Hybrid1 joined #salt
23:19 Yella Hey I've got an issue with salt cloud - I think the issue I'm coming up against is that it's not running the deploy script on the newly created minion as root
23:19 Yella I have configured it with a sudo_password
23:20 spookah joined #salt
23:21 Yella my-ubuntu-14-04:      provider: my-vsphere-config      image: SALT-TRUSTY      folder: sandy      resourcepool: resgroup-8      template_user: my_user      template_password: my_password      sudo_password: my_password      deploy: True      minion:         master: my.masters.ip
23:22 Yella but I still get:
23:22 Yella SaltCloudSystemExit: Command "ssh -oStrictHostKeyChecking=no -oUserKnownHostsFile=/dev/null -oControlPath=none -p 22 my_user@my_new_minion '/tmp/.saltcloud-e7bb9537-0f63-4bf4-b183-29038f386c0f/deploy.sh -c /tmp/.saltcloud-e7bb9537-0f63-4bf4-b183-29038f386c0f'" failed. Exit code: 1
23:22 murrdoc spam
23:22 murrdoc please use some sort of paste site
23:23 robawt maybe instead of "welcome to #salt" in the topic we could link to github gist or something
23:23 Yella sorry man I know I've asked about this issue before - I'm really struggling with it! Can you point me to some documentation or somthing?
23:23 Yella OK sure
23:24 Yella I'll do that
23:24 iggy robawt: I think there used to be something where the saltconf stuff is now (granted that can go now)
23:25 murrdoc page the man with the ops
23:25 iggy I shan't... he's probably tired of hearing from me
23:29 mitsuhiko joined #salt
23:32 Yella Here's the pastebin - http://pastebin.com/JJkweVmN - but is it better to open an issue in github?
23:36 iggy or possibly ask on the mailing list... there aren't many people here I've heard of using salt-cloud with vsphere
23:37 Yella OK Cool, I'm using salt cloud successfully on AWS but we also have a Vmware environment I'm trying bring into line with salt
23:38 Yella so even googling issues dosen't bring up very many
23:39 bfoxwell joined #salt
23:41 wedgie joined #salt
23:45 igorwidl2 joined #salt
23:47 igorwidl2 does anybody know how to combine two files with states?
23:48 iggy igorwidl2: can you give more detail what you're trying to achieve?
23:49 igorwidl2 iggy, trying to combine a hostname.key and hostname.crt to make one .pem file
23:49 robawt call a script, or wrap it in a module
23:50 iggy there's not really a file module/state to do that (although maybe there should be)
23:51 iggy so yeah, you're going to probably have to cmd.run it
23:51 igorwidl2 it would be nice to have. file.append/file.prepend almost does it
23:51 iggy but... why not save it as a pem file instead of 2 separate files to begin with?
23:56 igorwidl2 legacy reasons, moving away form current config management (bcfg2)
23:57 iggy :/ I used to be a bcfg2 guy myself
23:57 igorwidl2 want to make as little changes as possible
23:57 iggy too bad they could never attract more contributors
23:57 igorwidl2 yeah, thats the only reason we are forced to move away.
23:57 iggy well, for now, I'd say, just use cmd.run to cat them together
23:58 igorwidl2 thanks!
23:58 iggy and leave a FIXME in there for after you're all moved over
23:58 desposo joined #salt
23:59 triplecorn joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary