Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2015-03-13

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:01 jchen joined #salt
00:01 jchen left #salt
00:03 rgarcia_ joined #salt
00:09 jerematic joined #salt
00:11 dalexander joined #salt
00:15 TheoSLC joined #salt
00:19 desposo1 joined #salt
00:22 igorwidl2 turns out jinja has {% include 'filename' ignore missing%} where filename is path to file relative to 'salt://' . quite easy to combine files this way
00:24 amcorreia joined #salt
00:24 Vynce if the files you're combining are both on the master, sure.  i thought you had two files on the minion you wanted to concatenate
00:24 Vynce (not that i would have thought of the include, anyway; i'm terrible at salt)
00:25 igorwidl2 in this case both files are on master, good point though, it wont work if they are not
00:29 iggy you either need a file.pem.jinja template file or you need to be _very_ careful about whitespace setting a variable to file contents
00:29 iggy cmd.run now and clean up later seems easier
00:29 iggy but I'm really not to be trusted
00:32 dthorman joined #salt
00:32 dendazen joined #salt
00:35 josephleon joined #salt
00:39 josephleo joined #salt
00:43 cheus joined #salt
00:46 TheoSLC joined #salt
00:47 mgw_ joined #salt
00:47 bluenemo joined #salt
00:47 bluenemo joined #salt
00:52 p0rkbelly joined #salt
00:54 digitalartist joined #salt
00:54 Ludo- joined #salt
00:54 cberndt joined #salt
00:55 Ludo- Hi! What do you think it's the best way to change the io scheduler to noop with salt?
00:55 Ludo- cmd.run?
01:00 shaggy_surfer joined #salt
01:02 blue0ctober joined #salt
01:02 blue0ctober question regarding cmd.run
01:02 blue0ctober can i do something like this?
01:02 blue0ctober rabbitmqctl list_vhosts | grep -q {{ pillar['sensu_app']['rabittmq']['vhost'] }}
01:03 blue0ctober or is that just a bit no-no
01:04 desposo joined #salt
01:04 iggy Ludo-: probably... with a - unless: grep -q '\[{{ elevator}}\]'
01:04 iggy or somesuch
01:04 iggy totally untested
01:05 iggy blue0ctober: you'd normally put something like that in one of the requisites (onlyif/unless/etc)
01:06 blue0ctober iggy right which is where I'm using it in
01:07 blue0ctober - unless: rabbitmqctl list_vhosts | grep -q {{ pillar['sensu_app']['rabittmq']['vhost'] }}
01:07 bhosmer joined #salt
01:07 digitalartist joined #salt
01:08 blue0ctober i guess what I'm asking is that it should be running the command as rabbitmqctl list_vhosts | grep -q /sensu
01:09 aqua^mac joined #salt
01:10 troyready joined #salt
01:10 jerematic joined #salt
01:10 zzzirk joined #salt
01:13 aqua^mac joined #salt
01:14 aparsons joined #salt
01:16 cberndt joined #salt
01:17 yomilk joined #salt
01:22 dalexander joined #salt
01:27 otter768 joined #salt
01:27 monkey66 joined #salt
01:29 sijis joined #salt
01:29 sijis joined #salt
01:42 josephleon joined #salt
01:46 bhosmer joined #salt
01:50 subsignal joined #salt
01:51 Vynce left #salt
01:57 sijis joined #salt
02:00 younqcass joined #salt
02:05 markm joined #salt
02:12 iggy I'm pretty sure that's about the 4th thing I've seen someone add to the postgres formula that I'd already done
02:12 pdx6_ joined #salt
02:14 MatthewsFace joined #salt
02:17 CeBe1 joined #salt
02:20 donmichelangelo joined #salt
02:21 fllr joined #salt
02:25 badon joined #salt
02:26 catpigger joined #salt
02:35 mgw joined #salt
02:42 sijis joined #salt
02:45 sijis joined #salt
02:45 josephleon joined #salt
02:50 MaliutaLap joined #salt
02:51 MaliutaLap left #salt
02:51 malinoff joined #salt
02:57 micko joined #salt
02:58 jerematic joined #salt
03:06 yekta joined #salt
03:24 JlRd joined #salt
03:27 favadi joined #salt
03:28 otter768 joined #salt
03:31 evle joined #salt
03:37 neogenix joined #salt
03:42 fllr joined #salt
03:46 rojem joined #salt
03:46 germs_ joined #salt
03:55 pravka joined #salt
03:59 jerematic joined #salt
04:00 XenophonF so i have a database backup that i would want to load only once, when the server is being built for the first time
04:01 XenophonF what's the right way to set a flag that says, "this has already been done"?
04:01 XenophonF I could touch a file
04:01 XenophonF but is there a better, saltier way to do it?
04:03 Furao joined #salt
04:03 thayne joined #salt
04:13 jasonrm joined #salt
04:13 Furao joined #salt
04:14 badon joined #salt
04:15 raygunsix joined #salt
04:18 enarciso joined #salt
04:24 Aikar blue0ctober: you have a type on pillar unless your pillar is also mispelled rabittmq
04:24 Aikar XenophonF: cmd.wait that has a watch for a state that ensures the DB exists
04:25 XenophonF ah
04:25 XenophonF so i could create the database in one state and run the script to load it in another
04:25 XenophonF that's a good idea - thanks!
04:26 Aikar so dbname_exists: \n   mysql_database.present:   - name: dbname
04:26 Aikar then cmd.wait with watch: - mysql_database: dbname_exists
04:28 Aikar and cmd.wait will only run that first time when the db is created (or if for some reason it gets deleted)
04:31 thayne joined #salt
04:40 Furao joined #salt
04:43 iggy XenophonF: set a grain?
04:44 XenophonF iggy: that's a good idea too
04:44 XenophonF but mysql_database.present is a little clearer, I think
04:48 __number5__ is there any way to debug a "Recursive requisite found" error? I've checked the code, using the show_sls and show_low_sls all looks good
05:20 ndrei joined #salt
05:27 thayne joined #salt
05:27 JlRd joined #salt
05:27 zer0def joined #salt
05:29 otter768 joined #salt
05:31 blue0ctober Aikar whoops ty :)
05:32 Nazca joined #salt
05:48 ghanima joined #salt
05:48 jerematic joined #salt
05:51 TinuvaMac joined #salt
05:52 iggy __number5__: paste it and see if anyone else notices?
05:56 pravka joined #salt
05:58 __number5__ iggy: I think I have found the issue, it's two states one copy the file and the other file.replace comment out the same file
05:58 sieve joined #salt
05:58 __number5__ so the requrire: - file: thefile, salt think that's pointing to itself
06:00 __number5__ haven't found a way to express the the dependency between these two, now I'm trying use sed in cmd.run, all I need is just comment out the first line of the file and copy it to some where
06:01 ramteid joined #salt
06:09 ghanima joined #salt
06:16 Trades joined #salt
06:28 Terminus- joined #salt
06:29 Terminus- hello. jinja has tests for string, number, etc. is there also a test if the string is an ip address?
06:30 Terminus- the reason i'm asking is because i'm working on dhcpd.conf and stuff like ip addresses are not quoted but domain names are.
06:31 iggy network.ip_in_subnet ?
06:32 iggy __number5__: just put one after the other one... salt goes top-down by default anyway
06:32 Terminus- iggy: i'm looking at just having a list of options but some of the values for options are unquoted and others are not.
06:32 Terminus- iggy: in order to generate the options properly, i have to identify if it's an ip address or not in the loop.
06:32 mikaelhm joined #salt
06:33 pravka joined #salt
06:34 iggy there goes that idea
06:35 iggy I was hoping that function would just return false
06:35 iggy but it traceback's
06:35 Terminus- meh, i'll see if i can hack this by just putting quotes in the pillar.
06:39 freelock joined #salt
06:39 mikaelhm joined #salt
06:45 __number5__ iggy: it doesn't work, the order is random. and btw the cmd.run with sed works
06:48 jhauser joined #salt
06:52 bash1245_ joined #salt
07:09 Terminus- anybody got any idea how i can deal with line 3? http://paste.ofcode.org/6NeeWtmJbbKZgqHzjCGTvd
07:11 Terminus- nevermind. i suck.
07:14 colttt joined #salt
07:16 AndreasLutro joined #salt
07:19 KermitTheFragger joined #salt
07:20 egil joined #salt
07:20 mattiasr joined #salt
07:23 flyboy joined #salt
07:23 felskrone joined #salt
07:24 felskrone joined #salt
07:26 felskrone joined #salt
07:27 Furao joined #salt
07:30 otter768 joined #salt
07:31 calvinh joined #salt
07:32 techdragon joined #salt
07:32 Auroch joined #salt
07:33 ghanima joined #salt
07:34 Furao joined #salt
07:37 jerematic joined #salt
07:37 toanju joined #salt
07:37 iromli joined #salt
07:39 favadi joined #salt
07:39 linjan joined #salt
07:48 jhauser joined #salt
07:48 Gareth joined #salt
07:49 trikke joined #salt
07:49 techdragon joined #salt
07:59 krak3n` joined #salt
08:03 kawa2014 joined #salt
08:05 sr4f joined #salt
08:07 calvinh joined #salt
08:11 nexsja joined #salt
08:14 yuhl_work_ I do have a cmd.wait_script which modify the content of /etc/fstab with some augtool. I'd like the script to be fired only when the file has been changed (e.g. edited by a human) but not when modified by the script itself ?
08:17 bhosmer_ joined #salt
08:17 Terminus- yuhl_work_: you could use inotify to watch for changes and then have the script set a flag when it's executed so that inotify won't do anything about it?
08:17 yuhl_work_ inotify with salt ??? sounds a good idea..
08:17 yuhl_work_ Terminus-: I'll check it
08:18 yuhl_work_ Terminus-: No module named inotify ??
08:18 Terminus- yuhl_work_: well, you said you wanted the script to be executed when it's edited by a human. i don't think that's something salt can monitor, only inotify.
08:19 Terminus- yuhl_work_: uh, inotify is a linux tool.
08:20 yuhl_work_ So you can not take action with salt on file being changed outside of salt ?
08:20 yuhl_work_ Terminus-: I did not expect such.
08:20 Terminus- yuhl_work_: not that i know of.
08:20 kawa2014 joined #salt
08:20 yuhl_work_ Terminus-: yeah right. Thanks for the help
08:21 yuhl_work_ Terminus-: maybe I could use something has md5
08:21 Terminus- yuhl_work_: i might be wrong though. you might want to do a cmd.wait and watch a file while you edit it.
08:22 Terminus- yuhl_work_: just test with cmd.wait and watch and modify the file. if it executes upon modification, then it works.
08:22 yuhl_work_ Terminus-: in fact, to be precise, I need to add options on FS inside /etc/fstab for /oracle/XXX where XXX is an 3 letters Id.
08:26 Terminus- yuhl_work_: why not just use states.mount then?
08:27 mens joined #salt
08:27 Terminus- yuhl_work_: and why must you differentiate between a human and salt editing the file when you can just do all your configuration in salt?
08:28 wincyj joined #salt
08:30 yuhl_work_ The fact is that these machines get a fstab created during the installation process. And I do not imagine myself, able to managed the whole fstab with salt. I thought of we install the machine, and later we tune the configuration.
08:31 mens When I create a new grain with grains.setval my minion becomes unresponsive. After restarting the minion, I can change the value with grains.setval without problems. I can reproduce this (2014.7)
08:31 mens is this a known bug?
08:31 yuhl_work_ states.mount does the change at runtime, and /etc/fstab does it permanently
08:32 yuhl_work_ Terminus-: Thanks for your help, I think that I found a solution for this.
08:34 toastedpenguin joined #salt
08:38 Terminus- yuhl_work_: states.mount by default edits /etc/fstab and at the same time mounts it AFAIK.
08:39 calvinh_ joined #salt
08:39 intellix joined #salt
08:40 kawa2014 joined #salt
08:40 krelo joined #salt
08:43 jri joined #salt
08:48 calvinh joined #salt
08:51 fredvd joined #salt
08:52 sfxandy joined #salt
08:52 zer0def joined #salt
08:53 techdragon joined #salt
08:55 lb1a joined #salt
08:55 calvinh_ joined #salt
08:57 asaladin joined #salt
09:00 pf_moore joined #salt
09:04 sieve joined #salt
09:05 martineg_ joined #salt
09:06 calvinh joined #salt
09:06 losh joined #salt
09:13 calvinh_ joined #salt
09:16 Xevian joined #salt
09:18 krelo joined #salt
09:19 N-Mi_ joined #salt
09:22 fllr joined #salt
09:24 lumu_ joined #salt
09:24 lietu joined #salt
09:25 MatthewsFace joined #salt
09:26 jerematic joined #salt
09:29 I3olle joined #salt
09:29 sieve joined #salt
09:30 Jouke Is it possible to add an apt repo and specify the gpg file with the key trusted on that repo?
09:31 Furao Jouke: yes look pkgrepo state
09:31 otter768 joined #salt
09:32 Jouke Furao: thanks
09:37 clmsy joined #salt
09:39 subsignal joined #salt
09:39 lumu_ Let's say I have a cluster of 10 nodes that need complex setup, users, files, services etc. I surely wouldn't specify all of that in top.sls. What's the best practice? Create a my_cluster dir under /srv/salt and specify things in init.sls?
09:40 Furao lumu_: in salt doc there is good practice for structure formulas
09:41 jri joined #salt
09:42 Furao i personally have low-level formulas for everything (such as install nginx) and I created roles/$rolename/init.sls and there i include all low-level formulas + some custom logic, such as set dynamic-dns. roles are then defined in pillars. so every minions have a list of roles. and my top.sls include all - roles.$rolename
09:43 lumu_ Thanks. I read the best practice document. It addresses how to organize formulas and pillars. But I couldn't really find anything on how I should organize my nodes and node groups.
09:45 BogdanR Hello. I am trying to use "salt-cloud -m my_template" but it doesn't want to create the machines
09:45 BogdanR It tell me that "The required profile, 'kingdom3', defined in the map does not exist. The defined nodes ...."
09:45 BogdanR Wheere should this profile exist?
09:45 BogdanR Also, it sais "DEPRECATED: Mako will no longer be the default renderer for Salt Cloud maps in the Lithium release"
09:46 BogdanR How should I make the cloud maps?
09:46 Furao cloud maps refer to profiles
09:46 Furao create /etc/salt/cloud.profiles
09:47 rayha joined #salt
09:47 Terminus- lumu_: going with what Furao said, i would just set the roles in /etc/salt/minion on bootstrap and then assign states by role in top.sls with all other data in pillars.
09:48 BogdanR Got it
09:48 BogdanR I changed it and it works
09:48 Terminus- lumu_: you might want to check https://github.com/saltstack-formulas/ for formulas you can use before going out and writing something by yourself. i'm in the process of modifying dhcpd-formula for myself.
09:48 BogdanR What about "Mako not being as the default renderer"?
09:49 Furao joined #salt
09:50 calvinh joined #salt
09:50 lumu_ I was definitely planning to use formulas. I'm just afraid that I'll end up with a huge top.sls since we will potentially have many different roles with each using many states/formulas and dependencies between them.
09:52 Terminus- lumu_: just don't have circular dependencies i think. =D
09:52 Terminus- might be a good idea to draw a diagram of all dependencies before you start. would be nice to have them flow in just one direction.
09:56 oliver_l2c joined #salt
10:03 peters-tx joined #salt
10:08 JDog joined #salt
10:10 subsignal joined #salt
10:11 Terminus- so i'm refactoring dhcpd-formula for myself. any downsides to making a macro for everything that loops? i'm pretty much treating macros as void functions at this point.
10:12 JDog Having difficulty getting salt-master to find my top.sls. My /etc/salt/master is here: https://gist.github.com/jontyneedham/146e5ba7a4ae71e0f9ea
10:12 JDog The error I'm getting is: No Top file or external nodes data matches found
10:12 aquassaut joined #salt
10:13 JDog I do have a top.sls file the relevant place.
10:13 kermit joined #salt
10:14 Terminus- JDog: you have /home/username/sandbox/salt_srv/salt/top.sls?
10:14 JDog yes -- checked.
10:14 Terminus- JDog: are you running salt-master as root or not?
10:15 JDog Terminus: As root
10:15 Terminus- JDog: have you checked that your minions are connected? 'salt-run manage.up'
10:16 calvinh joined #salt
10:16 JDog It gives me the ID of the minion I expect to be connected.
10:16 Terminus- JDog: does your top.sls actually match said minion?
10:17 JDog I am using the same files that I have when I used to keep my formulae in /srv/salt, so I don't see why that would have changed. Let me remove  any filtering and I'll get back to you shortly.
10:18 lumu_ Does salt have implicit requisites? I.e. if I have a managed file with "- user: joe" can I omit "- require:\n  -user: joe"
10:20 JDog Terminus: Removed the filtering. Still doesn't match, however I made a syntax error on my first attempt at removing lines (Gosh I'm so l33T) and salt-master complained, so it's clearly hitting it.
10:20 Terminus- lumu_: that kinda sounds like overthinking it when all you want is for the file to be owned by joe.
10:21 Terminus- JDog: yep. since top.sls seemed like it's in the right dir, next logical conclusion was to check if there are actually any matches. =)
10:22 lietu joined #salt
10:22 Terminus- lumu_: oh, i see what you mean. sorry. i'm not qualified to answer your question i think.
10:22 paulm- joined #salt
10:23 paulm- Can I get information about other servers, like pillar, but for foreign hosts?
10:23 Terminus- paulm-: you want grains i think.
10:23 paulm- Do I? Is that going to work with salt-ssh?
10:24 paulm- The annoying this is I'm starting to define the same shit everywhere. salt-ssh already has a roster file with all the names and IPs of machines and that's what I need to access in my states but I can't
10:24 paulm- Now I have to define it in grains as well?
10:26 Terminus- paulm-: if it's already in roster, you should be able to list grains from all the machines in the roster.
10:26 paulm- Really? How?
10:26 Terminus- paulm-: salt-ssh '*' grains.items
10:27 Terminus- best to pipe that to less.
10:27 Terminus- i stopped using salt-ssh real quick because of how awfully slow it is.
10:27 paulm- That doesn't explain how I access the grains of a foreign host
10:28 Terminus- paulm-: what do you mean by access?
10:29 Terminus- paulm-: what kind of data do you need exactly?
10:30 paulm- IP addresses
10:30 Terminus- paulm-: getting the OS for example would be 'salt-ssh '*' grains.item os'
10:30 paulm- Terminus-: I don't need the information for "my" purposes, I need it to write states
10:30 paulm- i.e. I want to be able to configure a firewall that says this machine allows accoss from <my other machine's IP>
10:30 paulm- And I need to be able to ge the IP of <my other machine>
10:31 zer0def joined #salt
10:31 paulm- Each machine knows its own IP via grains but I can't access the grains of another machine
10:31 devweasel joined #salt
10:32 devweasel left #salt
10:35 devweasel joined #salt
10:36 johtso joined #salt
10:37 Terminus- paulm-: you probably want a returner to store the grains in a central db and then use the data to populate a pillar then.
10:38 paulm- Do you know how to do th at?
10:38 denys joined #salt
10:38 paulm- that*
10:38 Terminus- paulm-: actually, this one looks more simple for you -> http://docs.saltstack.com/en/latest/topics/mine/index.html
10:39 Terminus- no need for the complicated returner-pillar setup.
10:39 paulm- Does that work with salt-ssh?
10:40 sieve joined #salt
10:40 JlRd joined #salt
10:40 Terminus- paulm-: that's what it says -> "As of the 2015.2.0 release of salt, salt-ssh supports mine.get."
10:40 paulm- I'm version locked into 2014.7.0 :(
10:41 paulm- Every single version since then has critical bugs in it that break many of my states
10:41 paulm- 2015.* breaks all file.accumulated states
10:42 Terminus- paulm-: haha. i just realized i'm running 2014.7.1 too. looks like mine.get in salt-ssh is way too new.
10:43 CeBe joined #salt
10:43 subsignal joined #salt
10:45 jacksontj joined #salt
10:48 Terminus- paulm-: you'll probably need to massage your data to feed it back into salt. good luck. i'm going home.
10:49 paulm- Bye mysterious Internet person and thanks for your help
10:51 nk joined #salt
10:52 Hell_FireW joined #salt
10:54 stooj joined #salt
10:55 istram joined #salt
10:56 Gareth joined #salt
10:57 giantlock joined #salt
10:58 calvinh joined #salt
10:58 janne_ joined #salt
10:59 calvinh_ joined #salt
10:59 wnkz joined #salt
11:02 mfournier joined #salt
11:05 bluenemo joined #salt
11:05 calvinh joined #salt
11:07 yomilk joined #salt
11:09 Gareth joined #salt
11:10 yomilk_ joined #salt
11:11 fllr joined #salt
11:11 viq joined #salt
11:14 jerematic joined #salt
11:15 MatthewsFace joined #salt
11:16 saltuser joined #salt
11:18 saltuser Hi! Question - why does salt-run jobs.lookup_jid somenumber show the result of only one minion? More minions were affected but history mentions only one
11:18 techdragon joined #salt
11:19 saltuser Is there some kind of limit to history logs?
11:22 digitalartist_ joined #salt
11:26 Gareth joined #salt
11:30 calvinh_ joined #salt
11:30 Furao joined #salt
11:32 otter768 joined #salt
11:43 janne_ anyone have any idea why salt-cloud 2014.7.1 against openstack ends up using just one IP, meaning that if you provision another VM, it steals that particular IP from the previous one?
11:52 Auroch joined #salt
11:53 subsignal joined #salt
11:57 diegows joined #salt
12:01 jerematic joined #salt
12:02 janne_ nevermind, it was about not allocating enough floating ips to the project :-)
12:08 yomilk joined #salt
12:08 saltuser My question still stands :)
12:13 MaliutaLap joined #salt
12:15 younqcass joined #salt
12:18 wincus joined #salt
12:23 bhosmer joined #salt
12:24 cheus joined #salt
12:31 dendazen joined #salt
12:34 cmcmacken joined #salt
12:37 favadi joined #salt
12:38 jonatas_oliveira joined #salt
12:39 MaliutaLap left #salt
12:40 digitalartist_ joined #salt
12:40 younqcass joined #salt
12:45 denys joined #salt
12:45 intellix joined #salt
12:54 saltuserZ joined #salt
12:54 cpowell joined #salt
12:54 saltuserZ hello all, any advise on how to include VARs in the following scenario:
12:55 dopesong joined #salt
12:55 dopesong left #salt
12:55 saltuserZ {% set A = pillar['keys']['key1'] -%}   then  {% set VER = salt['s3.get'](A)
12:56 tkharju joined #salt
12:56 saltuserZ I'm trying to pass a previously set VAR inside salt['s3.get'] method
12:56 dopesong_ joined #salt
12:56 XenophonF saltuserZ: that should work
12:56 dopesong joined #salt
12:57 saltuserZ XenophonF: can't get it to eval
12:57 XenophonF what error are you getting?
12:57 XenophonF https://bpaste.net/ <-- paste it here
12:57 saltuserZ XenophonF: I get the VAR name instead of it's value
12:57 XenophonF saltuserZ: it would help if you show a concrete example
12:58 dopesong Hey guys what could cause this? http://pastebin.com/zMYWXzvF
12:58 subsignal joined #salt
12:58 dopesong Salt minion not getting top from master
12:58 dyasny joined #salt
12:59 XenophonF dopesong: do any other minions work?
12:59 dopesong No...
12:59 saltuserZ XenophonF: thank you,  https://bpaste.net/show/a62de8b6f2e6
12:59 XenophonF on the broken one, you can try running "salt-call cp.list_master"
13:00 fllr joined #salt
13:00 XenophonF the cp module has a get_file function IIRC
13:00 dopesong salt-call cp.list_master
13:00 dopesong local:
13:00 subsignal joined #salt
13:00 XenophonF double-check the top.sls file, make sure it's formatted properly
13:00 jeremyr joined #salt
13:01 dopesong master top.sls?
13:01 XenophonF saltuserZ: what does the pillar look like, and what error do you get? (paste those, too)
13:01 dopesong base:
13:01 dopesong '*':
13:01 dopesong - diamond
13:02 XenophonF dopesong: please use a pastebin like bpaste.net or paste.debian.org
13:02 dopesong Sorry
13:02 XenophonF is ok
13:03 Hybrid1 joined #salt
13:03 XenophonF so spaces instead of tabs? just making sure this isn't a formatting error
13:03 dopesong https://bpaste.net/show/615a9ad51c04
13:03 dopesong Yup - spaces
13:03 lothiraldan joined #salt
13:03 MatthewsFace joined #salt
13:04 XenophonF saltuserZ: I assume that your pillar file looks like https://bpaste.net/show/27a0b10d73c3, right?
13:05 XenophonF dopesong: and the minion key got accepted on the master, etc.?
13:05 dopesong Yeah all keys accepted
13:05 XenophonF same versions of salt all the way around?
13:05 XenophonF double-check
13:06 evle joined #salt
13:06 jespada joined #salt
13:06 dopesong salt-minion 2014.7.1 (Helium)
13:07 dopesong salt-master 0.17.5
13:07 XenophonF ah
13:07 XenophonF there you go
13:07 XenophonF upgrade your master and everything should start working
13:07 saltuserZ XenophonF: apologies, my problem is actually with splitting command arguments. e.g. 's3.get' expects $bucket $file_path, I'm trying to pass ('bucket_name', 'mydir/', $SUB_DIR_NAME, '/myfile.txt' ). This obviously results in too many args. Any way to combine args 2,3,4 into a single one?
13:07 dopesong hm
13:07 jdesilet joined #salt
13:08 yomilk joined #salt
13:09 XenophonF saltuserZ: python string concatentation operator is +, so 'mydir/'+SUB_DIR_NAME+'/myfile.txt'
13:09 mikkn joined #salt
13:10 saltuserZ XenophonF: Excellent! Much obliged.
13:10 XenophonF dopesong: 0.17.5 is hella old man;  it and 2014.7.1 are no rasta
13:11 enarciso joined #salt
13:11 XenophonF dopesong: what O/S are you running on your master?
13:12 XenophonF you might have to switch to a PPA or COPR to get the right versions of Salt and ZeroMQ
13:12 XenophonF i'd strongly urge you to upgrade all the way to salt 2014.7.2 and to make sure you're using ZeroMQ 4 on all your masters and minions
13:15 dopesong XenophonF: You just saved my life... Love you dude...
13:15 XenophonF yay i helped!!!
13:17 I3olle_ joined #salt
13:18 hobakill joined #salt
13:20 XenophonF I need to reload my minion after installing MySQL.
13:20 XenophonF What's the right way to do that?
13:20 XenophonF I see saltutil.refresh_modules - do I just call that via a module.run state?
13:20 XenophonF or is there a better way?
13:23 XenophonF I kind of assumed that pkg.installed would call refresh_modules or something, but I'm not sure that's the case after glancing through the source.
13:25 hobakill XenophonF, i don't have an answer for you but i'm curious what you mean by "reload my minion"....the daemon? the whole box?
13:25 wooks joined #salt
13:26 XenophonF hobakill: i want to be able to use mysql_* states after installing mysql on the minion, so I need to call refresh_modules or restart the minion (the service itself, not the whole computer)
13:26 XenophonF i don't want to have to run a highstate twice to get a working config
13:27 perfectsine joined #salt
13:27 XenophonF googling around for answers seems to indicate that using module.run to call saltutil.refresh_modules is the way to go, but istr seeing a refresh_modules flag that could be used in all states
13:27 XenophonF maybe i dreamed it?
13:28 XenophonF i've been having pretty weird dreams about configuration managing all of the things lately...
13:28 hobakill yeah man. if you're having dreams about Salt XenophonF i think you need to have a drink or something and focus on things that provide better dream material! :)
13:28 XenophonF no kidding!!!
13:29 timoguin joined #salt
13:29 XenophonF anyway i had similar problems with git, where the minion couldn't use git until it got reloaded
13:29 XenophonF i think in that case, i just re-ran state.highstate, and it worked the second time around
13:30 XenophonF but i'd really prefer to have a state run be, i dunno what the right word for it is, singular? idempotent?
13:30 hobakill XenophonF, man that seems...off... if i have some extra time today i'll vagrant up a box and dick around with it. seems like an interesting issue.
13:31 hobakill using git after a pkg.install seems like.... i don't know... something that should happen without a highstate invovled. :/
13:33 otter768 joined #salt
13:33 AndreasLutro XenophonF: maybe service.restart salt-minion ?
13:33 XenophonF AndreasLutro: don't want to do a service restart because that will cause the highstate to fail
13:34 XenophonF a complaint i have about salt-formula, actually
13:34 AndreasLutro it will? darn
13:34 XenophonF again, i want a highstate run to be idempotent (if that's the right word)
13:34 XenophonF like, all things being equal, a second highstate run should do nothing
13:34 AndreasLutro I usually solve these issues just by putting important states on the stop of the sls file
13:35 AndreasLutro like pkg.install python-mysql in your example
13:35 AndreasLutro I haven't found a better way
13:36 XenophonF so i've finished scanning through the source and don't see another way to get the refresh to happen, so i'm going to try calling saltutil.refresh_modules(async=False) with a module.run state
13:42 bhosmer joined #salt
13:43 BogdanR I have this in top.sls http://hastebin.com/evuconikow.py but when I run "salt 'aol-connector3' state.highstate" nothing that should be matched by '^aol-(city|map|chat|connector)[1-9]$' gets executed
13:43 BogdanR Can someone plese help me with this one?
13:44 hybridpollo joined #salt
13:44 XenophonF BogdanR: you need to specify that it's a pcre match
13:45 XenophonF BogdanR: so add "  - match: pcre" after line 11
13:45 XenophonF otherwise salt defaults to a glob
13:45 BogdanR XenophonF: Thanks
13:46 XenophonF BogdanR: http://docs.saltstack.com/en/latest/ref/states/top.html
13:47 XenophonF BogdanR:  that's got a lot of different examples
13:47 hebz0rl joined #salt
13:49 cheus joined #salt
13:52 nicksloan joined #salt
13:54 nicksloan joined #salt
13:55 zzzirk joined #salt
13:55 BogdanR XenophonF: Yeah, somehow I missed that line. Thanks again, it worked like a charm.
13:55 monkey66 joined #salt
13:55 XenophonF BogdanR: great!
13:55 andrew_v joined #salt
13:55 timoguin joined #salt
13:56 bluenemo joined #salt
13:56 bluenemo joined #salt
13:59 fredvd joined #salt
14:01 monkey66 joined #salt
14:03 sieve joined #salt
14:07 hasues joined #salt
14:08 hybridpollo left #salt
14:08 hasues left #salt
14:08 fivmo joined #salt
14:08 pdayton joined #salt
14:09 yomilk joined #salt
14:12 bhosmer joined #salt
14:12 jonatas__ joined #salt
14:12 pdayton joined #salt
14:12 debian112 joined #salt
14:14 Billias joined #salt
14:14 monkey66 joined #salt
14:15 lahwran joined #salt
14:18 linjan joined #salt
14:24 tkharju joined #salt
14:26 kawa2014 joined #salt
14:28 scoates joined #salt
14:32 fivmo joined #salt
14:33 mikaelhm joined #salt
14:36 rojem joined #salt
14:36 bryguy joined #salt
14:36 thedodd joined #salt
14:38 Vye joined #salt
14:38 johngrasty joined #salt
14:41 iggy yuhl_work_: Terminus-: not that it helps you now, but look at the new 2015.2 feature beacons (for inotify signalling salt)
14:43 iggy XenophonF: yes, "reload_modules: True" should work on any state (not very well documented)
14:43 iggy but it also helps if you are looking for the right thing (reload_modules vs refresh_modules)
14:46 intellix joined #salt
14:46 Billias left #salt
14:47 calvinh joined #salt
14:49 fllr joined #salt
14:52 MatthewsFace joined #salt
14:53 thedodd joined #salt
14:54 racooper joined #salt
14:54 thayne joined #salt
14:55 N-Mi_ joined #salt
14:55 N-Mi_ joined #salt
15:00 ccarney_ROCC joined #salt
15:00 germs_ joined #salt
15:02 murrdoc joined #salt
15:06 josephleon joined #salt
15:08 mgw joined #salt
15:09 _JZ_ joined #salt
15:09 _ale1_ joined #salt
15:09 aquinas left #salt
15:10 ekle joined #salt
15:11 ekle hi, how can i list all defines jobs ?
15:11 germs_1 joined #salt
15:12 mpanetta joined #salt
15:12 catpig joined #salt
15:13 scbunn joined #salt
15:13 timoguin ekle: salt-run jobs.list_jobs
15:13 timoguin on the master
15:13 neogenix joined #salt
15:14 ekle how can i delete such  a job ?
15:15 giantlock joined #salt
15:15 jonatas_oliveira joined #salt
15:15 ekle i have removed all jobs from my sls-files but there are still jobs running on the minions
15:15 perfectsine joined #salt
15:17 ccarney_ROCC left #salt
15:19 iggy saltutil
15:19 babilen ekle: Delete? do you want to kill it?
15:20 babilen I am also not sure what you mean by "i have removed all jobs from my sls-files"
15:21 iggy lol... /etc/salt/minion.d/mine.conf
15:21 ekle i created schedules within sls-files
15:21 ekle but i found it: salt '*' schedule.delete
15:21 sieve joined #salt
15:22 CheKoLyN joined #salt
15:26 ekle salt '*' schedule.list  does list me jobs, but when i try o delete them with salt '*' schedule.delete abc they don't get removed
15:27 murrdoc iggy:  where did u see mine.conf
15:27 murrdoc i has it too
15:27 josephleon joined #salt
15:29 ekle even after salt '*' schedule.purge they still exists
15:30 iggy in /etc/salt/minion.d/
15:30 iggy I think it originally came from the mine docs
15:30 murrdoc i likes it
15:30 murrdoc SSSapprboed
15:30 murrdoc approved
15:32 fllr joined #salt
15:33 ekle how can i delete schedules which are listed by salt '*' schedule.list ? schedule.purge doesn't seem to work
15:33 murrdoc how did u add the schedules
15:33 otter768 joined #salt
15:34 N-Mi_ joined #salt
15:34 ekle like this within a sls file: job-ping:   schedule.present:     - function: test.ping     - seconds: 10
15:36 calvinh joined #salt
15:36 rgarcia_ joined #salt
15:37 Brew joined #salt
15:37 zzzirk joined #salt
15:38 bluenemo joined #salt
15:38 ek6 joined #salt
15:38 timoguin joined #salt
15:39 tligda joined #salt
15:39 thedodd joined #salt
15:41 josephleon joined #salt
15:44 mikaelhm joined #salt
15:45 shaggy_surfer joined #salt
15:46 ajw0100 joined #salt
15:46 evilrob does anyone here grok salt.states.keystone?  getting error adding user & tenant and it's the example copied from the docs.
15:47 fivmo joined #salt
15:49 Auroch joined #salt
15:49 ek6 yeah i use it quite a bit
15:52 thayne joined #salt
15:53 tligda joined #salt
15:54 smcquay joined #salt
15:54 igorwidl So, we have a config file for our firewall which has 800 lines of rules and configs. What would be best way to securely transfer the file  to my firewalls minion?
15:57 thedodd joined #salt
15:58 yomilk joined #salt
15:59 ek6 evilrob: i will tell you that the effectiveness of that module/state varies wildly depending on the version of salt, keystoneclient and some of the oslo packages behind it
16:03 Linuturk I'm trying to use module.run to run tls.create_self_signed_cert in 2014.7.1 . the docs seem to indicate it should be available in this version. Here's the invocation: https://github.com/rackspace-orchestration-templates/salt-states/blob/master/drone/init.sls#L21-L26
16:05 moebiuss joined #salt
16:06 rgarcia_ joined #salt
16:07 neogenix_ joined #salt
16:08 moebiuss hello salters, quick question, is there a way to define a variable, on the minion configuration, so that I can reference it on the master while I copy files to different minions, using "salt '*' cp.get_file"?
16:08 MatthewsFace joined #salt
16:09 moebiuss because right now I have to specify the destination path for each minion (i.e.: c:\program files\ or c:\program files (x86) ), I'd rather set some variable on the minion configuration and then use the variable as destination path
16:10 cmcmacken joined #salt
16:12 oliver_l2c joined #salt
16:13 troyready joined #salt
16:14 evilrob ek6: yeah, found some references to a defect in user_present.  I'll do those bits with run.cmd
16:15 timoguin moebiuss: that's not going to be easy from the command-line, not passing variables.
16:16 timoguin But you could target by grain in that case. There's a grain that shows the CPU architecture. You could target based on that.
16:16 ek6 evilrob: sadly thats the fallback...but think all of my keystone is now through the module/state   its neutron that still makes me want to punch the wall
16:16 lumu_ joined #salt
16:16 moebiuss timoguin, that's just an example unfortunately, the directory names are many times completely random
16:18 timoguin ah, well. maybe you could set some grains for targetting, but substituting those variables at the command line probably won't be easy
16:18 timoguin could be defined easily in a state file though
16:19 moebiuss so you suggest something like: grains: directory: "c:\blaa bla"
16:19 evilrob right now I'm battling jinja getting my admin token in a pillar.  pillar.items shows it there "keystone.token"  but refering to it in the keystone.conf tells me "no jinja variable "keystone"
16:19 moebiuss and then using a sls using the grain output to specify the destination
16:20 timoguin Well, not sure your specific use cases. But, yea, you have full access to the grains inside an SLS.
16:21 moebiuss this could work...thanks for the hint, I'll try!
16:21 lumu_ I've asked this in the morning (CET) but didn't get a satisfying answer, so I try again: where do I best put all my host/hostgroup specific state definitions? E.g. we have a compute cluster that requires many files/users/packages and we have a bunch of web servers which require other users/files/packages/services. It's surely not a good idea to spe
16:21 lumu_ cify all of that in top.sls. So how do people organize their stuff? (Btw. I've read the best practices doc but it only seems to cover formulas/states and pillars, not node classification)
16:22 ek6 evilrob: ill confess i dont try and hide it...if someone gets root on my controller the fact that they can read the token out of the file I consider the least of my problems
16:22 timoguin moebiuss: one thing. the cp modules doesn't have a corresponding state module, so you'll have to use module.run / module.wait to call those functions in an SLS
16:23 moebiuss timoguin: oh I see, thanks!
16:24 KyleG joined #salt
16:24 KyleG joined #salt
16:25 aparsons joined #salt
16:25 viq lumu_: you could have a webserver state, that by itself doesn't do much but includes all the other needed stuff
16:26 aparsons_ joined #salt
16:31 ndrei joined #salt
16:33 capricorn_one joined #salt
16:34 zwi joined #salt
16:35 MatthewsFace joined #salt
16:35 jonatas_oliveira joined #salt
16:36 iggy Linuturk: you need the python module on the minion you are targeting and ca.cert_base_path in the minion config... what happens if you just try it on the command line?
16:36 denys joined #salt
16:37 Linuturk iggy: I'm running this masterless minion. Is that module not included when installing a minion? The pyOpenSSL pip module is being installed
16:37 Linuturk I don't have a minion config though
16:38 Linuturk I can't pass that as part of the execution module?
16:38 Linuturk https://github.com/rackspace-orchestration-templates/salt-states/blob/master/drone/init.sls#L24
16:38 iggy I don't know sadly... I've never messed with masterless (and thankfully that didn't show up on the ssce exam much)
16:38 Linuturk lol
16:39 Linuturk I've got the output of the attempted run
16:39 Linuturk pm
16:40 bmac2 joined #salt
16:42 iggy you might want "reload_modules: True" on that pip state
16:42 iggy but I'm honestly not sure how that interacts with masterless
16:42 __JZ__ joined #salt
16:42 josephleon joined #salt
16:43 josephleon left #salt
16:43 nesv joined #salt
16:44 nesv joined #salt
16:45 paulm- joined #salt
16:45 dalexander joined #salt
16:46 oliver_l2c joined #salt
16:47 I3olle joined #salt
16:50 tkharju joined #salt
16:52 moebiuss timoguin: works like a charm! but I'm using file.managed to transfer the files, it seems better suited for the job!
16:52 timoguin yes indeed
16:52 timoguin glad it's working
16:58 neogenix_ I'm having a derp moment, anyone have an example on github on how to loop through a nested pillar dict, and then pass the variables in each item in the loop into a jinja template (file.managed)
17:00 djhaskin987 joined #salt
17:00 djhaskin987 does anyone know how salt's documentation is generated? What tool do they use?'
17:01 murrdoc they hire people on amazon
17:01 murrdoc (totally kidding)
17:01 murrdoc http://sphinx-doc.org/contents.html + code
17:01 jY http://docs.saltstack.com/en/latest/topics/development/conventions/documentation.html
17:02 timoguin lol. amazon turk docs.
17:02 wendall911 joined #salt
17:03 murrdoc basepi should totally hire turks, he works on too many things
17:05 sieve joined #salt
17:06 relidy Is there a best practice for downloading and installing an RPM (CentOS 7 minion)? The RPM is to setup an repository. Do I just need to resort to a cmd.run state, or is there something more ... elegant?
17:06 wincyj joined #salt
17:07 jab416171 joined #salt
17:07 spookah joined #salt
17:08 timoguin relidy: pkg.installed can take a sources argument. it supports http(s) URLs for RPMs.
17:08 basepi I wish we could hire ALL THE PEOPLE
17:08 hal58th1 I need to dig around the documentation. I noticed they moved stuff to be imported from the actual code segments. But I was struggling to find where it was importing from
17:09 hal58th1 It's my weekend task to fix some typos because they bug the shit out of me
17:10 relidy timoguin: I actually tried that (http://pastebin.centos.org/16686/), but all I'm getting back in an error stating "The following packages failed to install/update: remi-release=http://mirrors.mediatemple.net/remi/enterprise/remi-release-7.rpm." What can I do to get more debugging information on *why* that's failing?
17:11 jri joined #salt
17:11 timoguin relidy: You might be able to turn up the log level to see if there's any more info.
17:11 timoguin Or look at yum logs if necessary.
17:11 timoguin Beyond that I'm not sure. Haven't actually used it.
17:12 relidy timoguin: Thanks, looking into all of that now. I'll see what I can find.
17:12 mikaelhm joined #salt
17:15 * relidy hangs his head in shame because he accidentally specified the 'noarch' architecture in the package name.
17:16 desposo joined #salt
17:18 debian112 does anyone know if I can match.compound in a state file?
17:19 yomilk joined #salt
17:22 rvankleeck joined #salt
17:23 rvankleeck hypothetical question: If I register a minion with the salt master, then rebuild the salt-master with the same name/IP, will the minion attempt to reconnect with the master without having to be restarted?
17:24 rvankleeck I understand that I would have to re-accept the minion key on the master, but just wondering if the minion would attempt to connect automatically without restarting the minion service
17:24 dalexander joined #salt
17:26 hal58th1 The minion would reject the master if you did not use the same master key.
17:26 hal58th1 But it should attempt to reconnect without restarting, especially if you use newer versions.
17:28 rvankleeck thaks, hal58th1
17:31 Ryan_Lane joined #salt
17:34 otter768 joined #salt
17:34 ajw0100 joined #salt
17:35 cmek is there any way to shuffle a list in a template? something like {{ servers|shuffle|join(",") }} to randomize the list?
17:35 jespada joined #salt
17:35 forrest joined #salt
17:36 forrest_ joined #salt
17:37 hal58th1 cmek I don't see any way on the jinja templating list. http://jinja.pocoo.org/docs/dev/templates/
17:38 hal58th1 maybe if you did random, and then took the item out of the list…
17:39 forrest joined #salt
17:39 monkey66 left #salt
17:44 baweaver joined #salt
17:46 ndrei joined #salt
17:49 cmek hal58th1: no, it's not there.. i've just realised it's not a good idea anyway, as the output will get modified with every salt run..
17:49 igorwidl rvankleeck: from what i can tell the minion will just die if its own minion_master.pub does not match that of the server's
17:50 hal58th1 It certainly will cmek. Dictionaries will come unordered anyways.
17:50 hal58th1 yeap, that's what I said igorwidl ;)
17:50 rvankleeck thanks igorwidl
17:52 egil joined #salt
17:52 cmek hal58th1: thanks. did |reverse based on the % of last octet in fqdn_ipv4.. should get me distributed and deterministic output...
17:53 hal58th1 huh. interesting solution cmek. I like it
17:54 Linuturk iggy: if I re-run that state again after the pyOpenSSL module gets installed, it finds that module
17:56 Linuturk weird it doesn't get loaded the first time
17:57 Linuturk iggy: that refresh_modules bit, does that reload modules after pip installed the dependencies?
17:58 hal58th1 linuturk http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.saltutil.html#salt.modules.saltutil.refresh_modules
17:58 TheoSLC joined #salt
18:02 TheoSLC H@ly C*w!  Did you know that Windows will resolve hostname salt as salt.network -> 69.64.147.242.  Anybody that casually sets up a salt minion on windows is allowing complete control of their machine to whoever controls 69.64.147.242!
18:03 Ahrotahntee TheoSLC: I believe you're looking for "Thanks, ICANN."
18:03 Ahrotahntee TheoSLC: though currently my windows 7 environment is not resolving salt -> salt.network
18:03 Linuturk hal58th1: can I just tack that on somehow here: https://github.com/rackspace-orchestration-templates/salt-states/blob/master/drone/init.sls#L27-L34 << or do I need another module.run call for that?
18:04 TheoSLC perhaps it's dnsmasq in my virtual enviroment that is doing it.
18:05 TheoSLC it might entirely depend on your dns host.
18:05 dopesong joined #salt
18:08 hal58th1 refresh_modules are for when you want to load a custom module onto a minion (when it's currently not on there). I don't think you even need to use it
18:09 Linuturk hal58th1: well, it doesn't pickup that stock module is available until after that pyOpenSSL thing is installed, and that's on the next run
18:09 Linuturk trying to get it done in one run
18:10 hal58th1 I think the module will be installed when doing a highstate (because highstate refreshes the module). Once you install the dependencies, the module should execute without issue…. Not sure if you can do it the same run.
18:11 Linuturk hal58th1: this is all masterless btw
18:11 Linuturk https://github.com/rackspace-orchestration-templates/drone/blob/saltpoc/drone.yaml#L153 << hal58th1
18:11 hal58th1 Ah, well then I am REALLY not sure.
18:14 subsignal joined #salt
18:14 Linuturk hal58th1: so, it doesn't actually fully reload the tls module apparently
18:14 Linuturk I added the module.run
18:14 Linuturk and it still fails out
18:15 hal58th1 Bummer. Not sure what the solution is
18:16 Linuturk i wonder if anything changes when you jump from one state file to another
18:16 Fiber^ joined #salt
18:17 jalbretsen joined #salt
18:19 wnkz joined #salt
18:22 eykd joined #salt
18:23 eykd Hello. :) Is there a way to force a jinja template rendering to fail if a context variable it tries to use is undefined?
18:25 eykd That is, is there a way to use Jinja’s StrictUndefined behavior? http://jinja.pocoo.org/docs/dev/api/#jinja2.StrictUndefined
18:26 timoguin joined #salt
18:26 XenophonF hey iggy, just saw your reply about "reload_modules: True", thanks
18:28 rojem joined #salt
18:32 XenophonF can i set the key "default:mysql:user: root" in one pillar SLS file, set "default:mysql:password: blahblah" in another, assign both SLS files to the same minion, and expect the "default:mysql" dict to contain both the "user" and "password" key-value pairs?
18:33 XenophonF or at a higher level, if I create a dict in pillar called defaults:user in one SLS file, and defaults:mysql in another SLS file, and assign both SLS files to a minion, will everything be merged into the defaults dict?
18:38 djhaskin987 A little late, but thanks @murrdoc
18:38 murrdoc :)
18:39 djhaskin987 you too @jY
18:45 funzo joined #salt
18:46 iggy Linuturk: yes
18:46 iggy hal58th1: reload_modules not refresh_modules
18:47 ndrei joined #salt
18:48 iggy Linuturk: don't mess with refresh_modules, it's not what you want, just use reload_modules: True on your pip stanza and it'll do what you want
18:49 iggy XenophonF: sadly, it's non-deterministic (and varies between versions)... test it out on whatever version you're running, it might work, it might not
18:49 XenophonF and can I call pillar.get within a pillar SLS file?
18:50 XenophonF i want to put all of my default passwords or shared credentials or whatever into one place, if possible
18:50 iggy nope (at least not sanely)
18:51 iggy it's another one of those "sometimes work, often doesn't" things
18:51 Linuturk iggy: yeah, works now
18:51 * Linuturk hugglez iggy
18:51 XenophonF TheoSLC: are you sure about that salt.network name resolution thing?
18:52 XenophonF because on my windows workstations and servers here, non-FQDN hostnames get the local DNS suffix(es) tacked on before querying, just like on a Unix resolver
18:54 XenophonF by default Windows will append primary and connection-specific DNS suffixes - so if your hostname is set to "foo.example.com" in the System properties dialog box, unqualified names will get ".example.com" tacked onto them during name resolution time
18:55 XenophonF but yeah, generally, you'd want to override "master: salt" with the FQDN of your master as soon as possible
18:56 XenophonF i do that in my bootstrapping script, but i also have that in the salt.minion states that I push out to everything (in case i ever get around to using salt-ssh for bootstrapping)
18:56 XenophonF iggy: thanks again for the pillar clue
18:59 calvinh joined #salt
19:00 teskew joined #salt
19:01 mgw Is anybody aware of work on a boto_ec2 module? It seems to be missing...
19:01 mgw I started on one, but decided to check around before spending too much effort on it
19:05 iggy there is some basic salt-cloud states now (which should hopefully supercede all that stuff eventually)
19:08 yomilk joined #salt
19:09 tomh- joined #salt
19:10 smkelly joined #salt
19:10 cwyse joined #salt
19:10 akramemara joined #salt
19:13 ajw0100 joined #salt
19:14 numkem do you guys have a quicker way to get someting from the salt mine? I end up having to do .keys()[0][0] which isn't pretty
19:14 XenophonF to get s3fs working, I need to define s3.keyid et al in the master config, right?
19:15 XenophonF or do i put those settings into the minion config?
19:15 XenophonF salt-formula doesn't let me specify module configs in the master config file, only in the minion config file
19:15 iggy numkem: host => "{{ salt['mine.get']('tags:mon', 'network.get_hostname', 'grain').values() or ['localhost']|first }}"
19:16 XenophonF so it has me wondering whether, with s3fs enabled, the minion will connect directly to s3
19:16 iggy something like that? maybe some more context...
19:16 numkem iggy: .values()! right thanks :)
19:16 mattiasr joined #salt
19:17 denys joined #salt
19:17 XenophonF and then, if i'm using s3fs, do i continue using salt:// URLs, like i do for the gitfs fileserver backend, or do i need to use s3:// URLs?
19:17 bash1245_ joined #salt
19:17 iggy salt://
19:18 iggy and no, the master is the fileserver
19:18 iggy minions cache files from the master
19:18 XenophonF that's what i thought
19:18 XenophonF but if i add s3fs to the list of fileserver backends and define s3.keyid et all in the master config, the minions cannot access anything from the s3 bucket
19:19 iggy fileserver.update?
19:19 XenophonF what's even more worrying is that the values of s3.keyid and s3.key get passed to the minion
19:19 XenophonF i tried that, had no effect
19:19 XenophonF tried restarting the master, no effect
19:19 XenophonF tried restarting everything
19:19 iggy -l debug fileserver.update?
19:20 XenophonF that only showed gitfs and the root file server doing their things
19:20 iggy and there's a config option to hide the master config from the minions
19:20 XenophonF didn't mention anything about s3fs
19:20 iggy did you enable s3fs? do you have the required dependencies?
19:21 XenophonF i'm not sure
19:21 XenophonF but salt.utils.s3 works
19:22 baweaver joined #salt
19:22 XenophonF like, from the master I can do salt-call s3.get (using the key/keyid passed to the minion)
19:22 TheoSLC fileserver.s3fs does not work.
19:22 XenophonF well
19:22 XenophonF nuts
19:24 XenophonF any idea what's broke?
19:24 XenophonF i'm willing to fix it - i want to keep everything out of the salt-master's file system, which means git and s3fs, since some of the files I need to distribute are rather large
19:24 kunit joined #salt
19:25 XenophonF larger than GitHub's 100 MB file size limit, anyway
19:25 kunit how do you specify a x86_64 version of a pkg in a sls?
19:25 murrdoc left #salt
19:26 bash124512 XenophonF : if you want to fix it , probably you will need to find out why it doesn't work :D
19:26 jY kunit: add it to the pkg name
19:26 kunit k, ty
19:26 jY # rpm -q openssh.x86_64
19:26 jY openssh-5.3p1-104.el6_6.1.x86_64
19:27 jY will work for salt too
19:28 Brew joined #salt
19:30 XenophonF hah well, if i could convince s3fs to give me an error message or two
19:33 jespada joined #salt
19:33 ckao joined #salt
19:33 bash124512 XenophonF : well if you are willing to write your fix then you can use debug
19:34 rypeck joined #salt
19:34 baweaver joined #salt
19:34 aemara joined #salt
19:35 bash124512 XenophonF : I'm not sure how s3 is implemented in salt (boto or cloud-stack) either way if you know your python and have some space time you can debug it
19:35 otter768 joined #salt
19:36 bash124512 spare*
19:37 mimianddaniel joined #salt
19:38 mimianddaniel anyone running rc2 and using reactor?
19:38 mimianddaniel seeing "reactor" event receiving but dont see the reaction jobs being fireed
19:38 mimianddaniel in the events
19:38 mimianddaniel checked on the minions log nothing
19:39 mimianddaniel and eventlistener.py shows on the tag of the initial event and nothing afterwards
19:39 * mimianddaniel wonders possible bug with rc2
19:40 mimianddaniel can anyone verify this isnt an issue on 2014.7.2?
19:40 XenophonF bash124512: s3fs uses salt.utils.s3
19:41 XenophonF bash124512: as does salt.modules.s3
19:41 overyander joined #salt
19:41 XenophonF it isn't readily apparent why s3fs but s3 (on the minion) does, and using the master credentials passed to it,to boot
19:41 XenophonF both go through utils.s3 so i don't know what's up
19:42 overyander if i upgrade the minion version, does that cause for a new key to be generated and need to be accepted on the master?
19:42 iggy overyander: generally no
19:42 aemara joined #salt
19:42 overyander thanks iggy
19:42 iggy but there have been times where that needed to take place
19:43 bash124512 XenophonF : then it must be salt cloud
19:44 XenophonF bash124512: no - it's salt.utils.s3 (https://github.com/saltstack/salt/blob/develop/salt/fileserver/s3fs.py#L72)
19:45 aemara joined #salt
19:45 XenophonF salt-cloud only does stuff with EC2
19:45 intellix joined #salt
19:46 overyander for some reason, i often have to restart the master service (like once or twice a day) in order to keep communicating with the minions. before i restart the service, the minions can't run highstates (they're set to run highstate on boot) and i can't issue any commands to them. if, for example, i send a test.ping it will just sit there. if i press ctrl+c it just ends the process and doesn't give the usual salt details about the job id. etc. after i restart
19:46 overyander the minion service, all works well for a while. i've check disk, cpu and memory usage before restarting the service and everything looks great, hardly any usage.
19:46 XenophonF what's the salt-master equivalent of salt-call? is it salt-run? like, how would i get the master to execute s3.get or s3fs.dir_list?
19:47 eXistenZNL joined #salt
19:48 perfectsine joined #salt
19:48 BtbN You could run a salt-minion on the salt-master
19:49 XenophonF BtbN: i do that - the master is its own minion
19:49 cmcmacken joined #salt
19:49 Ahlee salt-run executes runners
19:49 BtbN salt-call should work like it does on a normal minion then
19:49 Ahlee as for having the master call s3.get, that's not a real use case
19:49 Ahlee according to salt, as the master isn't making the call, minions do
19:50 XenophonF yes but if the minions are using the salt-master's file server, then it's the salt-master process that would be connecting to s3
19:50 XenophonF just like for the root or gitfs backends
19:50 Ahlee that's done through file_roots handlers
19:50 XenophonF exactly
19:50 XenophonF i mean, s3fs works the same as gitfs, right?
19:51 Ahlee Probably not.
19:51 XenophonF so it'd be the master connecting to s3 to pull state data
19:51 Ahlee Given gitfs locally caches a shallowclone of the repo
19:51 XenophonF right, but that's on the master server
19:51 Ahlee whereas an s3fs backedn would be brokering the requests to the s3 endpoint
19:51 XenophonF minions don't need access to git
19:52 XenophonF ah, so even given a salt:// URL, the minions would connect directly to S3 to pull down the SLS data or files or whatever?
19:52 cberndt joined #salt
19:52 XenophonF hm
19:53 Ahlee no
19:53 Ahlee the master would
19:53 Ahlee so what's the ultimate goal here
19:53 Ahlee you want to write an s3fs handler?
19:53 thedodd joined #salt
19:54 XenophonF ultimately i want to use s3fs alongside git and roots as a fileserver_backend
19:54 Ahlee overyander: Ensure you're running at least ZeroMQ 3 (preferrably 4)
19:55 Ahlee yeah, it'd be nice for a fileserver I guess
19:55 XenophonF but when i add s3 or s3fs to the fileserver_backend list and set s3.key, s3.keyid, etc.---all in the master config---minions don't see any of the stuff i have stored in s3
19:55 Ahlee though in that case, having minions stream through the master is interesting
19:56 Ahlee debug logs show?
19:56 XenophonF i want this solely because i have a bunch of files (installers, mostly) that have to live somewhere other than git, due to the file size limits in github
19:56 XenophonF ze debug logs, they show nothingk!
19:56 overyander Ahlee, do you have the actual package name? running 'yum list zeromq' doesn't return any results
19:57 Ahlee overyander: zeromq and zeromq-devel
19:57 Ahlee actually neermind, you don't need zeromq-devel
19:57 Ahlee overyander: http://docs.saltstack.com/en/latest/topics/installation/rhel.html#zeromq-4
19:57 overyander 3.2.4-1 is currently running. 3.2.5-1 is available as upgrade
19:58 Ahlee stateful firewalls in place between your master and minions?
19:58 Ahlee and what version of salt?
19:58 Ahlee there was a bug where only one side of communication was sending heartbeats that was only just resolved
19:58 overyander salt-master 2014.7.1-1
19:58 Ahlee XenophonF: I just toss my installers up on a web server, and use file.managed with a file hash to download them
20:00 Ahlee got nothing.  Probably a networking issue between minions and masters, which doesn't help.  I run a test.ping against minions (as part of server health monitoring) every minute which prevents my firewalls from tearing down the connections
20:00 Ahlee others will likely have better solutions
20:01 baweaver joined #salt
20:01 XenophonF Ahlee: I used to do that, but https broken in a recent Salt minion release for Windows.
20:01 overyander it seems to be a master issue or related to the server since the problem affects all minions when it happens, regardless of where they are. i can restart the master service and the keep-alive from the minions revalidates them and i can do evreything fine for a bit
20:02 XenophonF plus I want to limit access to my installers to authorized computers
20:02 XenophonF s/broken/broke
20:02 XenophonF i mean, as a workaround i'm storing these files on the master's file system
20:02 XenophonF which works fine, i guess
20:02 jespada joined #salt
20:02 rgarcia_ joined #salt
20:03 Ahlee i'm so glad I get to not deal with ssl.
20:03 XenophonF i would rather have this stuff in s3, though
20:03 desposo joined #salt
20:03 XenophonF i'm one of those encrypt-all-the-things nuts :)
20:03 XenophonF even on my internal networks
20:03 XenophonF very paranoid
20:03 XenophonF anyway
20:03 Ahlee i'm one of those "security is an illusion so don't pay the penalty" types :)
20:04 XenophonF whois Ahlee
20:04 XenophonF oh whoopsie
20:04 XenophonF ;)
20:04 peters-tx JFindlay here?
20:05 Ahlee overyander: ok, so i guess we can start running the gauntlet.  File handles come to mind, though it's been so long since i've personally shipped a system that didn't jack that number up to an ungodly number i don't know what salt's realistic requirements are
20:05 Ahlee overyander: number of worker_threads? how many minions on this master?
20:06 ajw0100_ joined #salt
20:07 overyander about 200 minions 30 worker threads
20:07 yomilk joined #salt
20:10 XenophonF left #salt
20:10 XenophonF joined #salt
20:10 overyander Ahlee, I just updated zeromq to version 4 using the saltstack repo. if that doesn't solve the issue, i'll look into file open hard limits and see if i'm breaching that.
20:10 melinath joined #salt
20:12 Ahlee should be fine on minions and worker threads (running 800 minions with 50)
20:13 Ahlee good luck man, hope it works for ya
20:13 Ahlee also I know there's a 2014.7.2, might look at that.
20:13 totaste joined #salt
20:14 jespada joined #salt
20:14 iggy 2015.2 seems to have gotten rid of our dissappearing minions problem
20:15 Ahlee woo
20:19 igorwidl in my case minion's would dissapear after running saltutil.refresh_pillar. There is a bug with in 2014.7.2 with port 4506 not sending keepalives and timing out on stateful firewalls
20:20 aemara joined #salt
20:23 jla joined #salt
20:24 overyander that's nice to know. i think i'll just skip 2014.7.2 then
20:25 yomilk joined #salt
20:25 krzysztof joined #salt
20:25 iggy it's not specific to 2014.7.2
20:25 iggy from what Mike said, it's been there from the get go
20:26 yomilk joined #salt
20:28 rgarcia_ joined #salt
20:29 yomilk_ joined #salt
20:33 jla Is there a way to call salt-run jobs.list_jobs and filter out all the saltutil.find_job jobs? I see that it takes search_metadata and search_function but I don't know how to use those and am failing to find how.
20:33 murrdoc joined #salt
20:34 krzysztof Hello, is there possibility to implement in one state.sls file: cmd.run which will reinstall node, and then somehow check if this node successfuly was reinstalled before timeout?(when ssh connection is available)
20:34 jespada joined #salt
20:34 beneggett joined #salt
20:35 rowleyaj joined #salt
20:38 desposo1 joined #salt
20:38 krzysztof i am interested how to implement in .sls file checking availability of reinstalled node with interval and timeout
20:39 Heartsbane joined #salt
20:39 Heartsbane joined #salt
20:40 Vye joined #salt
20:41 XenophonF left #salt
20:41 teskew joined #salt
20:42 igorwidl krzysztof: might want to look at the reactor system. http://docs.saltstack.com/en/latest/topics/reactor/  . for example wait for tspecific event from the node
20:42 murrdoc or look at cmd.wait
20:43 yomilk joined #salt
20:44 yomilk joined #salt
20:44 krzysztof yes i saw reactor system, but i would like to call reinstallation process for one node in continuos process, and if smth went wrong whole process should stop
20:45 krzysztof should i look for writing my own module? And thank you for answers
20:48 yomilk_ joined #salt
20:49 jla What are some good ways to learn more about a salt command?
20:49 aparsons joined #salt
20:49 jla I search the web for docs.saltstack.com and that helps a lot although there is a lot there and it often doesn't go into detail on all options or links to related items.
20:50 krzysztof cmd.wait could be nice but it does not have timeout and interval to set::(
20:51 jla I found sys.doc and by trial and error figured that `salt node sys.doc some.command` was much more useful than `salt '*' sys.doc`, but it requires I run a salt job and sys.doc jobs.list_job or sys.doc salt.runners.jobs.list_job returns nothing.
20:53 CeBe joined #salt
20:53 jla If I use locate for salt/runners/jobs and then pydoc /full/path/to/salt/runners/jobs.py I get to see the docs created from docstrings, but it doesn't list the same arguments as docs.saltstack.com
20:53 igorwidl krzysztof: how is the node reinstalled? some virtual machine?
20:54 krzysztof from remote server they boot option is changed to pxe, and then also remotely rebooted
20:54 krzysztof some ipmi command
20:55 krzysztof no these are normal servers
20:55 jla And I don't quite grock the source code with _get_returner and mminion.returners. Thanks for any suggestions.
21:01 yomilk joined #salt
21:01 igorwidl krzysztof: i m out of ideas, maybe someone else can chip in :-(
21:02 yomilk joined #salt
21:03 krzysztof ok, thanks for answer;)
21:04 neogenix_ krzysztof: you could possibly even use any of the new event system stuff (beacon, etc...)
21:05 linjan joined #salt
21:05 yomilk joined #salt
21:06 relidy Anyone have guidance on how to deal with passwords and password generation? I'd like my MySQL state to generate a strong root password on initial install. I can probably manage generating a random password myself, but how do I store that so Salt can use it in the future to manage MySQL tasks?
21:07 krzysztof hmm, but is it even possible to run installation sequence just from one command(for example executed by jenkins)? I mean to have straight flow and control of installation process, and if something go wrong it should stop
21:10 murrdoc krzysztof:  did you review saltstack orchestrate yet
21:10 murrdoc for your case
21:11 Ahlee jla: I have a default_job_cache defined, so all minions return to a database, so I can filter out test.pings
21:12 jla Ahlee: cool, I hadn't looked into that parameter
21:12 lumu_ joined #salt
21:12 AndreasLutro joined #salt
21:13 rojem joined #salt
21:13 Ahlee krzysztof: No, that's not possible.  Currently runs simply can not handle a reinstallation.  You'd be better off defining your build process or whatever to not need a name, and have an external process watching over
21:13 Ahlee I don't know of a way (with any of hte tools currently out) to tear down a system to bear metal and build it back up ina  'controlled' method, without a ton of hacking to tools like cobbler or similar to track the state through the process
21:14 Ahlee which just seems like way, way too much work
21:15 krzysztof no, i do not know orrchestrate, the thing in my case is just to wait in state for possibility to ssh with reinstalled node, is it really not possible?
21:15 krzysztof thanks for discussion
21:16 krzysztof and if this ssh can be done, further configuration would be done
21:16 Ahlee The paradigm for salt isn't to wait for it to come up, it's for the node to know what to do when it comes back up
21:17 Ahlee so embed in your top.sls a match: grain on the system's MAC or similar, and have it apply the necessary states
21:17 ekristen joined #salt
21:18 yomilk joined #salt
21:19 krzysztof so do you htink it could be working workaround to achieve what i want?
21:19 Deevolution joined #salt
21:19 yomilk joined #salt
21:19 Ahlee I don't know the requirement for why you want to wait, but if hte end goal is to make a server look like you want it to, yes
21:19 Deevolution left #salt
21:21 krzysztof the thing is that we want to run installation by jenkins, and if it fails (for example timeout because of switches issue) installation should stop and jenkins should put it as failed with logs
21:21 Ahlee You want jenkins to install your base operating system?
21:21 krzysztof yes
21:21 Ahlee How are you interfacing with the bare metal?
21:21 Ahlee iLO? DRAC?
21:22 GabLeRoux joined #salt
21:22 krzysztof oh sorry i dont know, but first im preparing nfs on something like gateway server
21:22 GabLeRoux hey there, I found a small problem on http://docs.saltstack.com/en/latest/ref/states/all/salt.states.composer.html#salt.states.composer.installed
21:22 Ahlee I can't think of a way to go from known good state to known good state with an OS installation (key re-creation or key reuse)
21:23 krzysztof and then i put boot pxe option in one of the 4 possible node, and reboot it
21:23 yomilk_ joined #salt
21:23 Ahlee ok, so you're PXE booting, and every time you reboot a server it reinstalls and comes back exactly as it was/
21:23 Ahlee and you then want to drop your software on top of it + base OS installed via PXE?
21:24 krzysztof yes at  least network interfaces
21:24 Ahlee I don't undersatnd that last part krzysztof, what 'network interfaces' ?
21:24 krzysztof not every time i reboot, because i set boot form pxe for next boot only:)
21:24 GabLeRoux first parameter in composer is called name on the command, but in the documentation, it says dir, specifying -dir: some/dir doesn't work, we need to use -name: some/dir
21:24 krzysztof network interfaces stay the same as they were before reinstallation
21:25 Ahlee ok, so jenkins sets flag that then tells the node it's going to reboot to PXE
21:25 GabLeRoux got to go
21:25 Ahlee then the node reboots, installs
21:25 krzysztof yes
21:25 Ahlee and from that point you want to then drop your software over top of it
21:26 Ahlee I would start from the known good state of a 'base' installation, and have a reactor (http://docs.saltstack.com/en/latest/topics/reactor/) set up to watch when the system finishes installation
21:26 Ahlee once the OS is up, salt takes over
21:26 krzysztof simply jenkins just run our shell script which is quite complex;) first it build iso, and from that part i need to send it to gateway server, prepare nfs files, reboot with pxe target nodes
21:26 kunit if I have base, dev, qa, and prod as file_roots, should I have a top.sls in each dir path?
21:27 Ahlee kunit: they all get munged into a single dictionary
21:27 iggy kunit: probably not
21:27 kunit k, ty
21:27 iggy unless it's _only_ dev stuff in dev/top.sls, etc.
21:28 Ahlee krzysztof: You're going to have a bad time if you want to orchestrate that via salt itself.  There's just no good way to track the state of an OS reinstallation without involving some third party app watching state
21:28 iggy one trick some people tend to use with gitfs (to ease merging between branches, etc. is to have the top.sls in a separate repo
21:28 krzysztof ok, thank you for claryfing things
21:28 Ahlee which you could do via either a LocalClient (http://docs.saltstack.com/en/latest/ref/clients/) or via the netapi
21:28 Ahlee good luck man
21:28 krzysztof thank you very much for your time:)
21:29 baweaver joined #salt
21:32 zzzirk joined #salt
21:36 teskew joined #salt
21:36 yomilk joined #salt
21:36 otter768 joined #salt
21:36 yomilk joined #salt
21:37 benegget_ joined #salt
21:40 yomilk_ joined #salt
21:42 linjan joined #salt
21:44 badon joined #salt
21:44 hasues joined #salt
21:45 hasues left #salt
21:48 timoguin joined #salt
21:50 giantlock joined #salt
21:54 hal58th joined #salt
21:56 teskew joined #salt
22:02 giantlock joined #salt
22:02 dalexander joined #salt
22:03 baweaver joined #salt
22:03 desposo joined #salt
22:03 germs_ joined #salt
22:05 germs_ joined #salt
22:06 loggyer joined #salt
22:07 ajw0100 joined #salt
22:11 aquassaut joined #salt
22:17 pdayton joined #salt
22:21 chutzpah anyone here have any idea if anyone is looking at on github issue 20639
22:21 chutzpah it is kind of a killer in large installations...
22:25 iggy what does the size of installation have to do with it?
22:26 iggy it's more about a rather odd use of the python API (long running applications that don't use the same LocalClient more than once)
22:26 iggy I mean yeah, it should probably be fixed, but in the grand scheme of things, how many people are actually hit by this?
22:31 davet joined #salt
22:32 baweaver joined #salt
22:33 chutzpah for one, my employer is badly hit
22:34 iggy 1... okay
22:35 germs_ joined #salt
22:35 iggy fwiw, I have some long running python api script too... they generally use 1 LocalClient object
22:35 kunit my files aren't being transferred and "salt-call -l debug state.highstate" isn't saying why.  How to troubleshoot that?
22:36 kunit I have tried a bunch of paths, no luck
22:37 f4lse joined #salt
22:37 iggy be more specific
22:37 f4lse can someone help me understand how user passwords are managed in salt... i create a user but i have no idea what the password is
22:39 jonher937 kunit: Have you double checked targeting in top.sls and pillars?
22:39 dalexander joined #salt
22:39 jonher937 In case you use pillars that is
22:40 kunit I have only checked pillar info, not using it yet
22:40 bash1245_ joined #salt
22:40 kunit I've 2 minions and I'm calling them by name
22:40 germs_1 joined #salt
22:41 kunit all the pkg installs and service enables are running nice, the sshd config isn't copying tho
22:42 jonher937 kunit: Have you tried 'salt "myminon" state.sls mystate test=True' ?
22:42 Nazca joined #salt
22:43 kunit not yet
22:43 jonher937 Where "mystate" is the state that includes the file.managed state
22:43 igorwidl f4lse: are you using the user state to create the user?
22:45 baweaver joined #salt
22:46 davet joined #salt
22:47 jonher937 f4lse: Did you create a user to manage salt or user account on servers?
22:48 f4lse using salt states to create users on minions
22:48 badon_ joined #salt
22:48 f4lse added ssh keys and user can login but idk how the passwords work cause i couldnt get sudo to work
22:49 iggy kunit: generally speaking, try pasting as much of your code/errors/etc as you can to some sort of paste site... it's easier than trying to speak through what's happening
22:49 kunit rgr
22:50 iggy protip: gist.github.com allows multiple files per paste
22:50 iggy so we don't have to open 18 tabs to see all your files
22:50 kunit k, ty
22:51 jonher937 f4lse: You can specify "password" in the user state, if you have a system where the user is present and has a password you can grab the password hash from /etc/passwd
22:53 f4lse jonher937: i set a pass with 'password:' but when i try to sudo, the pass doesnt work
22:54 subsignal joined #salt
22:54 jonher937 f4lse: Does it work with normal login without keyauth?
22:55 igorwidl f4lse: as jonher937 mentioned you need to use the HASH of the password
22:56 bbhoss joined #salt
22:58 bbhoss Quick question, probably stupid. I have a salt master that I have deployed that I want all of my datacenter's minions to talk to, but it seems like all of the config lives on the master, but I want it to live in a git repo, and be runnable and executable from my laptop. Can someone explain how that works or point me to docs that do? Thanks
22:58 neogenix_ anyone have any experience with the artifactory module/state?
22:59 bbhoss I want to use salt-cloud
22:59 iggy bbhoss: it's non-trivial to get started down that path
22:59 bbhoss really? so everyone just uses a master server remotely?
22:59 iggy I suggest starting off using salt from the master at first
22:59 tomspur joined #salt
23:00 neogenix_ bbhoss: totally doable, probably more than can be easily explained over IRC. You'll likely want to seperate the salt-cloud stuff, and the git stuff, out of the 'salt' work for the begining, and run local on the master to start with.
23:00 bbhoss i have it setup with a single master and a single minion, I can ping and get items, etc
23:00 neogenix_ what iggy said.
23:00 iggy once you get the hang of everything, then you can start getting creative
23:00 germs_ joined #salt
23:00 bbhoss I think I've reached that point, unless you think I need to learn about other areas?
23:01 melocinaptor left #salt
23:01 subsignal joined #salt
23:01 kunit jonher937: No function declared in state 'file' in SLS 'ssh/ssh_server', so bad yaml
23:02 iggy bbhoss: have you run a highstate?
23:03 bbhoss not yet, no. I guess I will get to that
23:03 bbhoss I'm guessing a highstate enforces the state of a node, basically. Like X package is installed
23:03 neogenix_ bbhoss: break out what you want into simple parts and then expand on them.
23:03 iggy so yeah, salt is meant to be run from the master, you can rig up salt-api+pepper to do things remotely
23:03 neogenix_ bbhoss: not exactly, highstate applies what ever is in top.sls
23:03 baweaver joined #salt
23:04 iggy I've been using salt for about 18 months and only setup salt-api once (it was a royal pita) and have never tried using pepper remotely
23:05 iggy if that gives you some idea of the average user
23:05 neogenix_ and I'm in the same boat as iggy.
23:06 f4lse jonher937: nah just the key login works.  so i need to use the md5 hash of the password i chose?
23:06 bbhoss hmm, interesting. I basically just want to use salt-cloud with different auth credentials for each of my team
23:06 bbhoss to the JPC-cloud
23:07 bbhoss but to do that I'd need to give them all user accounts to the salt-master server or something?
23:07 lnr joined #salt
23:08 jonher937 f4lse: Yes, you can take the hash fron a machine where the user is already present and just paste that into the state
23:08 jonher937 f4lse: or generate of course
23:09 yomilk joined #salt
23:09 neogenix_ bbhoss: you don't have to, but you can. That said, each user on the master will be a different 'user' in the logs, as well as when someone has access to the salt commandset, it's near the same as having access to the host anyway (unless you lock it down pretty heavily).
23:09 bbhoss neogenix_: yeah, I understand that. Mainly I'd like to just have logs for who did what
23:09 * neogenix_ just realized that the artifactory module is a 2015.x, not a 2014.x
23:10 neogenix_ bbhoss: you have that within salt master :) (as long as you make them use sudo)
23:10 jonher937 f4lse: You should be able to generate the hash using this command: 'openssl passwd -1 -salt xyz' press enter and it will prompt for the password
23:11 bbhoss neogenix_: the way I was planning on this to work is with ldap. how well do you think that will turn out?
23:12 iggy salt can use ldap directly or via pam(+ldap)
23:12 hal58th joined #salt
23:13 bbhoss I hate bothering y'all on here. Can I read about the ldap integration somewhere?
23:13 jonher937 bbhoss: http://docs.saltstack.com/en/latest/topics/eauth/index.html
23:13 bbhoss right now salt master is running as root and I'm logging in as root on this server, I don't have it connected to ldap yep
23:14 bbhoss do people typically run salt as a non-privileged user?
23:14 baweaver joined #salt
23:14 f4lse jonher937: still a bit confused. is there docs around this aspect in salt?
23:14 neogenix_ bbhoss: out the gate they'd use sudo on the master.
23:15 neogenix_ bbhoss: you can setup external auth, as well as rbac.
23:15 neogenix_ bbhoss: read the doc that jonher937 posted, as well as http://docs.saltstack.com/en/latest/topics/eauth/access_control.html
23:15 ajw0100 joined #salt
23:16 bbhoss neogenix_: so as far as the root question, people run salt master as root?
23:16 subsignal joined #salt
23:16 iggy via sudo, yes
23:16 jonher937 f4lse: There's only this AFAIK http://docs.saltstack.com/en/latest/ref/states/all/salt.states.user.html
23:17 theologian joined #salt
23:17 bbhoss I mean the daemon, not the actual command to pop things off, it that's different than what you're talking about
23:18 iggy everybody I've heard of
23:19 iggy the minions basically have to runs as root... running the master as root doesn't open up much more in the way of attack vectors
23:20 f4lse jonher937: okay that worked. but im still unsure on what salts doing lol
23:21 bbhoss ok, that looks cool. The auth stuff makes sense. as an aside, it would be cool to be able to define the different things a user can do in salt on the group or user object itself
23:22 iggy you can
23:22 bbhoss oh, word? I didn't see that in the docs, unless I missed it
23:22 iggy you can control what modules users are able to use, etc.
23:23 bbhoss I saw that you can set that up in the config file based on users and groups, but I mean defining permissions directly in ldap objects
23:23 iggy I'm not sure how that ties into using eauth like ldap or whatever
23:23 iggy yeah, I guess that may not be possible
23:23 jonher937 f4lse: I sent you a dm
23:23 bbhoss yeah I figured that, was just a random idea
23:23 iggy come up with some good groups from the get go and hope for the best
23:24 bbhoss let's go deep. Where does gitfs fit into all of this. Preferably I don't want to be developing all of this remotely over ssh. How can I edit sets of states locally and have them work remotely? Does gitfs support that, or what should I be using?
23:24 iggy I imagine it wouldn't map very easily
23:24 iggy gitfs pulls from a git repo
23:25 iggy so... hack, hack, hack... commit... push... wait
23:25 iggy gitfs pulls once a minute
23:25 bhosmer_ joined #salt
23:25 bbhoss hmm, ok, that doesn't sound cool. How do you work?
23:26 mikaelhm joined #salt
23:27 iggy our dev env doesn't use git, so I hack, rsync to dev, highstate
23:27 robawt wha?
23:27 robawt why?
23:27 robawt git is cheap
23:27 bbhoss robawt: go on...
23:27 iggy uhh... if you don't mind waiting a minute to test things
23:28 robawt with a little bit of elbow grease you can setup git commit hooks that'll push or atleast trigger gitfs
23:28 f4lse jonher937: sorry but how do i see that dm? im on weechat
23:29 iggy plus I f'ing hate seeing a million "testing X", "testing X a different way", etc. commits
23:31 f4lse johner937: nvmd found it. thanks for the info!
23:32 jonher937 f4lse: No problem, good luck!
23:33 f4lse johnery937: can you send the github link again... the dm cleared out iguess
23:35 f4lse jonher937: thanks! :)
23:35 baweaver joined #salt
23:35 bbhoss robawt: so commit hook locally or pushing to a remote triggers a sync via ssh or something remotely?
23:37 bbhoss But I could see using rsync then committing something when you're happy with it
23:37 otter768 joined #salt
23:37 iggy three's also kitchen-salt or something
23:37 iggy *there's
23:38 robawt push to a git repo, have the repo do the trigger
23:38 iggy and a couple other way to test with vagrant/docker/etc
23:38 bbhoss robawt: well with github it would take some extra handholding to work with the http hooks
23:41 iggy I think salt-api has some built-in /webhook url's for github
23:42 iggy or at least it didn't look too terrible to set that up when I did it
23:42 cheus joined #salt
23:42 robawt iggy: nice find i'll check that out
23:42 ndrei joined #salt
23:47 bbhoss ok cool, I'll look at that too
23:50 Pixionus joined #salt
23:51 beneggett joined #salt
23:51 jonatas_oliveira joined #salt
23:56 bhosmer joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary