Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2015-03-24

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:00 iromli joined #salt
00:03 bhosmer__ joined #salt
00:05 bfoxwell joined #salt
00:09 johnkeates joined #salt
00:14 JoshuaX joined #salt
00:15 hal58th rudi_s: I don't think splay works like you are using it. It only splays in that minute, so you can only do 0-60. Not sure about that though. On the minion, you can turn the log to "debug" to actually see the scheduler running. I would set a 180 second schedule and try that again
00:15 gibmachine joined #salt
00:15 mosen joined #salt
00:16 evle joined #salt
00:16 rudi_s hal58th: Thanks, will give it a try tomorrow. However a splay time of just 60 would be a little short (as a normal salt run takes longer ...).
00:17 hal58th agreed. I was going to write an issue about it but simply forgot as I don't have a need for over 60. Good luck rudi_s
00:18 rudi_s Thanks.
00:19 hal58th scheduler got some updates in 2014.7.0. Haven't had a chance to test it since then
00:21 rudi_s 2014.7.2 here.
00:21 johnkeates does anyone know when the linux_acl state was introduced?
00:22 iggy 2015.2
00:22 iggy (i.e. not yet)
00:23 johnkeates ah, ok :)
00:23 * johnkeates utters a silent cry for wasted time debugging why linux_acl works from the cli but not from states
00:23 johnkeates i should have read the manual.
00:23 johnkeates ugh
00:24 iggy sadly, the docs don't say
00:24 johnkeates is the 2015.2 version source-installable using the script? Or does it build a distro-specific package on installation to override the package-installed version?
00:24 * iggy curses at people who can't version annotate their f'ing commits
00:24 iggy 2015.2 isn't out yet
00:26 hal58th iggy, I'm glad you had mentioned that actually. Was going to make some documentation updates and I didn't even think about checking the version that the option was introduced
00:28 dalexander joined #salt
00:29 iggy "We're going to completely neglect our versioned docs in favor of version annotating all of the source code... then not even try to enforce documentation standards for new submissions" -- The SaltStack Team
00:29 johnkeates i know 2015.2 isn't out, but I'm fine with beta/alpha qualities in this case, I'm prepping a deployment setup for a system that will be deployed later this year (i.e. after at least 5 months from now)
00:31 iggy there aren't any rc packages (not a bad idea to mention to the devs at some point), but you could build your own (either from the last rc tarball or from a git checkout)
00:32 johnkeates I see it has its own repo for the distro packages
00:32 johnkeates i'll give that a spin
00:43 timoguin_ joined #salt
00:48 gladiatr joined #salt
00:50 thayne_ joined #salt
00:51 pravka joined #salt
00:55 bhosmer__ joined #salt
01:02 chandy joined #salt
01:06 yomilk joined #salt
01:10 x58 joined #salt
01:17 Zachary_DuBois joined #salt
01:18 dalexander joined #salt
01:18 garthk_away joined #salt
01:18 aqua^mac joined #salt
01:27 matthew-parlette joined #salt
01:27 rangertaha joined #salt
01:27 rangertaha help
01:27 johnkeates maybe
01:28 rangertaha sorry, mistake
01:29 scbunn joined #salt
01:36 yomilk joined #salt
01:39 otter768 joined #salt
01:40 aqua^mac joined #salt
01:42 Vynce left #salt
01:42 Singularo joined #salt
01:52 pdayton joined #salt
01:55 cmcmacken joined #salt
01:56 MatthewsFace joined #salt
01:57 johnkeates left #salt
01:57 Nazca__ joined #salt
01:59 thayne_ joined #salt
02:00 bougie2 joined #salt
02:16 enarciso joined #salt
02:17 yomilk joined #salt
02:18 catpigger joined #salt
02:22 malinoff joined #salt
02:22 itru joined #salt
02:24 evle joined #salt
02:26 mbrgm joined #salt
02:26 Furao joined #salt
02:26 michelangelo joined #salt
02:28 ajw0100 joined #salt
02:36 dalexander joined #salt
02:37 f4lse joined #salt
02:51 druonysus joined #salt
02:51 druonysus joined #salt
02:52 yomilk joined #salt
02:52 clintberry joined #salt
02:57 teskew joined #salt
03:05 yomilk_ joined #salt
03:06 yomilk__ joined #salt
03:07 dalexander joined #salt
03:11 yomilk joined #salt
03:11 evidence joined #salt
03:13 _JZ_ joined #salt
03:13 otter768 joined #salt
03:15 chandankumar joined #salt
03:15 sunkist joined #salt
03:15 joshin What's the right way to do: pillar[grains['host']]['key']?
03:17 Furao what you did is valid
03:17 Furao salt[‘pillar.get’](grains[‘id’] ~ ‘:key’, “defalut value”) too
03:18 joshin Thanks Furao. It's not working right. Probably a typo somewhere.
03:19 Furao what is the errror?
03:21 joshin It's not matching the pillar name.
03:22 Furao why you create pillar that starts with minion host?
03:25 chandankumar joined #salt
03:26 joshin I was looking for a 'clean' way to save server specific config. Is there a better way?
03:27 Furao run: salt $minionid pillar.data
03:27 Furao and look at the structure
03:46 favadi joined #salt
04:04 thayne_ joined #salt
04:05 neogenix joined #salt
04:11 enarciso joined #salt
04:17 dalexander joined #salt
04:19 tzero joined #salt
04:22 desposo joined #salt
04:26 primechuck joined #salt
04:26 yomilk joined #salt
04:26 theologian joined #salt
04:27 otter768 joined #salt
04:30 dalexander joined #salt
04:31 primechuck joined #salt
04:32 Furao joined #salt
04:33 ajw0100 joined #salt
04:34 JoshuaX joined #salt
04:35 Matthews_ joined #salt
04:43 mikaelhm joined #salt
04:45 mosen joined #salt
04:54 chandankumar joined #salt
04:58 seshan joined #salt
05:01 mortini joined #salt
05:12 pravka joined #salt
05:12 Hell_Fire_ joined #salt
05:29 Novtopro__ joined #salt
05:33 Novtopro joined #salt
05:36 clintberry joined #salt
05:38 chandankumar joined #salt
05:47 ramteid joined #salt
06:00 tzero joined #salt
06:04 jeddi joined #salt
06:06 awpti joined #salt
06:12 rhand joined #salt
06:24 awpti Hey folks, a tad confused by the docs. How can I, within a node group, define what packages/files should be present on that given node group ?  eg, dns* must have: bind9
06:27 krelo joined #salt
06:28 seshan awpti: this helps ?? http://docs.saltstack.com/en/latest/topics/tutorials/states_pt1.html#preparing-the-top-file
06:32 seshan I want to push a file from minion to master using cp.push, but the pain is I dont know the file name, but I know the regex pattern it will be in, ip_address_final.json, So how do I execute the cp.push, *final.json dosent seem to be working
06:33 paulm- joined #salt
06:35 Hipikat hi… so i'm getting supervisor to run a salt minion in a virtualenv. `supervisorctl start salt-minion` seems to start two salt-minion processes, and `supervisorctl stop salt-minion` only seems to stop one of them. can anyone suggest what might be happening here. it's sending the default (TERM) signal.
06:40 pdayton joined #salt
06:48 pravka joined #salt
07:01 colttt joined #salt
07:09 AndreasLutro joined #salt
07:17 KermitTheFragger joined #salt
07:21 cberndt joined #salt
07:24 dopesong joined #salt
07:25 otter768 joined #salt
07:26 dopesong_ joined #salt
07:26 yomilk joined #salt
07:28 flyboy joined #salt
07:45 Auroch joined #salt
07:45 dRiN joined #salt
08:00 AirOnSkin I think I have a chicken/egg problem (or I'm just thinking wrong): I would like to define the environment (env) of a minion in Pillar. In my Pillar top.sls I'd like to match against that (match compound 'I@env:dev'). If I do that however I get zero Pillar data for the minion (not even the standard information on the master is present)
08:01 Furao AirOnSkin: I do that in pillar, i use the pillar key branch (because i use gitfs) and it works
08:01 AirOnSkin It seems to me that when Salt compiles my Pillar data, it first does the matching and afterwards reads the minion config (where the environment is defined)
08:02 Furao this is my top.sls https://gist.github.com/bclermont/6f78c8c31bd1291edbca
08:02 Furao i also use top.sls to apply roles
08:02 Furao i should convert it to #!py renderer
08:02 AirOnSkin Furao: woah... quite the top.sls oO
08:03 AirOnSkin Furao: Would you mind taking a look at my top.sls and minion config?
08:03 Furao ok but don’t expect short reply :P
08:04 AirOnSkin Alright ;) Give me a sec
08:04 __gotcha joined #salt
08:04 TyrfingMjolnir joined #salt
08:04 trikke joined #salt
08:05 egil joined #salt
08:06 AirOnSkin Furao: Minion Pillar: http://hastebin.com/oxoxijuzas & top.sls: http://hastebin.com/janoyezeqo
08:08 AirOnSkin Maybe I need to say, that I didn't quite understand how I make sure, a host only gets data from one Salt environment... other than the way I tried (with matching a Pillar 'env')
08:08 Furao oh this is your pillars top.sls what i paste is my states top.sls
08:08 Furao i’m pretty sure you can’t use pillar targetting in pillars top.sls :)
08:10 rofl____ why is that?
08:10 AirOnSkin Ah, so it is a chicken/egg problem?
08:10 rofl____ we are matching states with pillars
08:10 rofl____ but dont know how to solve our pillar matching =/
08:10 Furao rofl____: look carefully this is pillar’s top.sls
08:10 rofl____ Furao: yeah
08:10 Furao this is used to build the pillars for a minion
08:11 Furao so you can’t target a pillar value inside pillars .sls
08:11 rofl____ we would like to match our pillars the same as our states
08:11 Furao it’s possible to evaluate previously defined pillars values before the entire pillars tree is returned to minion in ext_pillars
08:11 JoshuaX joined #salt
08:12 JlRd joined #salt
08:13 rofl____ Furao: if pillars is cached anyways, why should it be a problem?
08:14 Furao just give a try :)
08:14 Furao i know it won’t works
08:14 Furao you can’t need pillars value to render pillars top.sls
08:15 Furao and for the cache values argument
08:15 Furao what will happens on a minion that never had pillars before? freshly installed minion
08:15 Furao it will never be able to get any pillars value?
08:16 eseyman joined #salt
08:23 TyrfingMjolnir joined #salt
08:25 jhauser joined #salt
08:25 VSpike Has anyone solved the problem of how to deploy mysql on debian/ubuntu with a different innodb data file size or location? Problem is that deb packaging starts the service when it's installed AFAIK and the files get created with the default sizes and location. If you want to change the size, you have to stop the service and delete the old ones
08:25 VSpike Obviously that's only safe to do on first install
08:25 VSpike How would you achieve that with salt?
08:25 VSpike Hm. Actually wondering now if you can put your /etc/my.cnf in place *before* installing the package for the first time
08:26 VSpike /etc/mysql/my.cnf rather
08:27 AirOnSkin Furao, rofl____: Yes, it indeed doesn't work like I have it now. I'll match it to a grain instead. I don't have a problem defining the env in a grain and everything else in Pillar. Thanks for the Feedback and thoughts :)
08:28 wincyj joined #salt
08:31 yawniek joined #salt
08:33 ndrei joined #salt
08:38 favadi joined #salt
08:41 baoboa joined #salt
08:42 AirOnSkin VSpike: Yes, I'd suggest that as well, if you can't stop the service from being started right after installation. But your my.cnf might get renamed if the package is installing... you should give it a try
08:43 johtso joined #salt
08:43 lb1a joined #salt
08:44 zer0def joined #salt
08:57 VSpike AirOnSkin: yeah, I'll test it out shortly
09:00 krelo_ joined #salt
09:02 ckao joined #salt
09:09 Hipikat aaand i discovered the answer to my own problem is: command=pidproxy /var/run/salt-minion.pid /opt/salt/bin/salt-minion -l debug
09:11 Xevian joined #salt
09:15 asaladin_ joined #salt
09:16 Hell_Fire weird, salt 'hostname' test.ping returns, salt -I 'foo:bar' test.ping doesn't
09:16 Hell_Fire debug says both are targeting right, hrmm
09:17 pdx6_ joined #salt
09:18 mangas joined #salt
09:21 proxyer joined #salt
09:22 intellix joined #salt
09:23 proxyer pkgrepo.managed should take the environments http[s]_proxy into consideration when running the gpg commands right? I am having some connection issues when managing a  repo behind a proxy
09:24 jrluis joined #salt
09:24 ninkotech joined #salt
09:24 sieve1 joined #salt
09:24 proxyer This is the state I am using: https://github.com/saltstack-formulas/aptly-formula/blob/master/aptly/init.sls
09:26 proxyer Getting apt-key adv failing with return code 2 and gpg keyserver timed out.
09:26 otter768 joined #salt
09:27 proxyer When setting the proxy as a --keyserver-options argument all is well
09:31 mdupont joined #salt
09:35 MaliutaLap joined #salt
09:35 Pixionus joined #salt
09:36 Pixionus Hey don't know if anyone else is around but I may have gotten myself in a pickle
09:36 ktosiek joined #salt
09:37 Grokzen joined #salt
09:37 Pixionus oh, well not as bad as I thought.
09:37 Pixionus But I'm getting this damn SaltReqTimeoutError on this minion and I don't know what caused it or how to fix it
09:38 Pixionus I removed its key from the master to see if it would reauth, but I haven't seen it pop on the unaccepted keys or really do anything else but timeout.
09:39 Furao firewall?
09:39 Pixionus Nah.  Shoulnd't be.  It was working fine moments ago
09:39 Pixionus I think I ran a salt test.version but with an e at the end accidently
09:39 Pixionus not sure what that would do though
09:40 Pixionus Maybe Ill just nuke this server
09:40 Pixionus It's not too important
09:41 Pixionus haven't deployed anything on it and easy enough to start over.
09:41 Furao when that happens I blame NSA
09:41 paulm- joined #salt
09:43 Pixionus Shits just failing today.
09:43 Pixionus Had some network oddities this morning put me in a paranoid sorta mood so it's just been one of those days
09:44 matthew-1arlette joined #salt
09:45 N-Mi_ joined #salt
09:50 rdxc joined #salt
09:51 bmcorser_ joined #salt
09:51 bmcorser_ bonjour
09:52 MaliutaLap left #salt
09:52 bmcorser_ can anyone recommend some good devops courses besides RHCE/A?
09:52 bmcorser_ i want to level up
09:54 Furao build your own labs, try technologies, get challenging contracts, read articles/blogs
09:55 BtbN Sacrifice a goat or two
09:57 adyxax joined #salt
09:58 pdx6 joined #salt
09:59 dalexander joined #salt
10:01 jhauser joined #salt
10:02 adyxax Hi everybody, I am new to salt and I am frustrated because I believe salt is lying to me
10:02 adyxax I have a simple state that asks salt to ensure sshd is running http://pastebin.com/BXYiWRLD
10:03 adyxax when I stop sshd on a server and run the state, sshd is properly restarted, but the changes report doesn't reflect that
10:04 phx what version of salt are you using?
10:04 adyxax here is the relevant part of the debug salt-call on the client http://pastebin.com/NTykKVXM
10:04 adyxax tested on both debian and gentoo, using salt 2014.7.2
10:05 BtbN If it just checks for a process of /usr/sbin/sshd, it's propably right that it was never not running.
10:06 adyxax I specified /usr/sbin/sshd because the debug output showed that sshd is always matched, but only the sshd server process is shown as /usr/bin/sshd
10:06 peters-tx joined #salt
10:06 adyxax and if you looked at the debug output, salt ran the /etc/init.d/sshd start
10:06 adyxax It just doesn't appear in the change report
10:07 adyxax I must be missing something really obvious but I can't find what
10:07 BtbN What exactly do you think is wrong with that output?
10:08 BtbN "Service sshd is already enabled"?
10:08 adyxax salt started the ssh service, but the http://pastebin.com/NTykKVXM output doesn't reflect that
10:08 adyxax yes
10:08 BtbN Well, did you disable it?
10:08 adyxax yes
10:08 BtbN Are you sure you didn't just stop it?
10:09 adyxax sorry, I stopped it yes
10:09 BtbN So it's still enabled and everything is ok.
10:09 adyxax that doesn't change the fact that the report doesn't reflect salt's action
10:09 BtbN enabled means "starts on boot"
10:09 BtbN not "is currently running"
10:10 adyxax but salt ran /etc/init.d/ssh start as shown by the debug
10:10 adyxax why would it do that without reporting it?
10:10 BtbN Because you told it to start the service?
10:11 adyxax yes I told it to, but why doesn't the output report says salt started the service?
10:11 BtbN It outputs that it ran the init script with start
10:11 BtbN Isn't that enough?
10:12 adyxax the debug output says so, not the change report
10:12 aquassaut joined #salt
10:13 adyxax maybe I didn't understand salt philosophy, but that seems weird for the tool to fix something without reporting it in changes
10:13 BtbN I'd guess it just allways executes start on the init script, and then checks if the service is running. So it has no idea if it changed anything.
10:14 phx it is indee wierd, and always got all the changes in the output
10:14 adyxax I checked the debug output, /etc/init.d/ssh start isn't ran if the service is already running
10:14 phx isn't there a service command or suchlike on debian?
10:14 phx running the init scripts directly is so obsolate in 2015
10:16 BtbN There even is systemctl
10:16 ange joined #salt
10:16 BtbN On Jessie
10:17 ange hi
10:17 adyxax phx, BtbN : thank you anyway for your help
10:17 adyxax do you think I should report this behaviour?
10:18 phx definitely
10:18 phx file an issue on the github tracker
10:18 ange how would one tie boto aws related states with a salt-cloud map? to start a mix of salt provisionned instances and aws services (rds, ...)
10:18 kermit joined #salt
10:20 devweasel joined #salt
10:23 matti left #salt
10:24 yomilk joined #salt
10:24 ltsampros joined #salt
10:25 ltsampros Hello
10:25 ltsampros i'm on latest 2015.02 from git
10:25 BtbN adyxax, phx: Looks like a bug in the service.running state code. The changes from service.start are ignored if it branches into the enable function.
10:25 ltsampros Running salt-call '*' disk.usage (or anything similar), renders the following:
10:25 ltsampros [ERROR   ] Got a bad pillar from master, type str, expecting dict:
10:36 adyxax BtbN: you are right, if I remove the enabled: True, salt properly reports it started the service
10:40 sokratisg joined #salt
10:40 sokratisg hello everyone
10:40 bmcorser_ Furao BtbN ideally ending with certification ;)
10:40 bmcorser_ i already have my sacrificial goat badge
10:40 sokratisg quick question: in my top.sls state file I would like to match multiple key:value pillars
10:41 sokratisg how is this possible? something like: 'key:(value1|value2|value3)' match: pillar maybe?
10:41 Furao certification? oh that i don’t know. all i have is highschool and never took any certification class. and every guy i hired i don’t look their CV. i have a civil engineer in my team as a devop
10:44 TyrfingMjolnir joined #salt
10:44 bmcorser_ sokratisg: does http://docs.saltstack.com/en/latest/topics/targeting/compound.html help?
10:44 chandankumar_ joined #salt
10:45 bmcorser_ hmm not sure if it can apply to pillar data
10:45 bmcorser_ sokratisg: also http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.match.html#salt.modules.match.pillar
10:46 bmcorser_ just guessing :)
10:46 sieve1 joined #salt
10:47 sokratisg let me check something and I'll get back to you
10:47 bmcorser_ Furao: thx, my company is hopefully going to pay, so i figure i might as well get something i can take away
10:48 CeBe joined #salt
10:50 slav0nic joined #salt
10:50 slav0nic joined #salt
10:51 bluenemo joined #salt
10:53 amcorreia__ joined #salt
10:59 sokratisg bmcorser: compound matching with multiple I@key:value pairs worked fine!
10:59 sokratisg thank you! :)
11:02 ltsampros is there any recipe/gist to preseed a minion with a key through kickstart ?
11:02 babilen How do I use the "scan" roster in salt-ssh? It seems to simply ignore the "--roster scan" option
11:13 giantlock joined #salt
11:18 babilen That is I use "salt-ssh --roster scan $SOME_IP_ADDRS/32 test.ping" and get "No hosts found with target $SOME_IP_ADDRS/32 of type glob"
11:21 ltsampros heh
11:23 ltsampros I was looking at thta specific part of the code the other day
11:23 babilen https://groups.google.com/forum/#!msg/salt-users/1Y2-idThQjM/cddhUDJNXC4J is my only reference
11:24 evle joined #salt
11:25 ltsampros babilen: I'm using salt's python api directly
11:25 ltsampros so I had to set the option `selected_target_option`
11:26 ltsampros scratch that I use the roster option as well
11:26 ltsampros hmm
11:26 babilen http://docs.saltstack.com/en/latest/ref/roster/all/salt.roster.scan.html simply isn't very helpful *at all*
11:27 babilen "Return ip addrs based on netmask, sitting in the "glob" spot because it is the default" -- What is a "glob spot" ?
11:27 dfduran joined #salt
11:27 otter768 joined #salt
11:27 babilen (and why would one want to sit in it?)
11:29 babilen The code is also weird in that it doesn't use "tgt_type" anywhere ...
11:30 babilen My understanding is that "addrs = salt.utils.ipaddr.IPNetwork(self.tgt).iterhosts()" would be handed the "$SOME_IP_ADDRS/32" in my example and should therefore contain $SOME_IP_ADDRS, but ...
11:30 bhosmer joined #salt
11:32 babilen ltsampros: So you are using the scan roster in some way?
11:33 chandy joined #salt
11:37 ltsampros babilen: nah, I had to write my own roster
11:42 istram joined #salt
11:48 babilen ltsampros: So the "scan" roster is not actually usable?
11:49 babilen I wonder why Thomas claimed that it does then :-/
11:49 JoshuaX joined #salt
11:50 ltsampros babilen: i had to write my own roster for other purposes. I didn't have the chance to try it out.
11:50 babilen ack
11:51 VSpike AirOnSkin: seems to work, AFAICT
11:51 ltsampros babilen: /32 means that you will scan a single host. is that what you intend to do ?
11:51 babilen It is indeed (just for testing purposes)
11:51 ltsampros try it without /32
11:52 babilen I plan to scan more than one later, but I don't see a reason to cause lots of traffic or delays for now
11:52 babilen That doesn't work either
11:54 midihenry joined #salt
11:56 midihenry Hi everyone, has someone been working with the salt virt module lately? I have a question about the salt-minion installed on the provisioned VMs
11:56 ltsampros babilen: gimme a moment to test sth
11:58 bhosmer_ joined #salt
11:59 babilen ltsampros: Sure (/me will have lunch, but will be back shortly and eager to scan ;)
11:59 babilen midihenry: It is typically a good idea to simply ask your actual question on IRC, rather than "anybody .." meta ones
12:00 ltsampros babilen: i'm trying out what you do with the cli through python
12:02 AirOnSkin VSpike: nice :)
12:03 dalexander joined #salt
12:03 ltsampros babilen: with IP_ADDRESS without /32 it worked.
12:03 ltsampros although I got a permission denied in the face.
12:03 ltsampros try it out an real subnet :P
12:04 babilen So, what did you do? (brb, lunch)
12:05 plameniv left #salt
12:06 redzaku joined #salt
12:09 AirOnSkin How do I correctly write an if statement that checks if there is a value in a dict? Something like: if pillar['dict'] contains something go on... if not, exit
12:09 sieve1 http://docs.saltstack.com/en/latest/ref/renderers/all/salt.renderers.gpg.html
12:10 sieve1 I am a bit confused how one uses GPG with saltstack
12:10 sieve1 I am struggling to find a solid example
12:12 krelo joined #salt
12:14 ange anyone with a good , recent and valid, example of salt + aws services integration ?
12:14 pf_moore joined #salt
12:17 illern joined #salt
12:19 midihenry Sorry it's my first time on IRC. Anyway, I want to launch VMs and install salt-minion but I want the hypervisor to be the master of the VMs, and not the hypervisor's master. I couldn't find a way to do it properly yet
12:23 ekristen joined #salt
12:23 bastion1704 joined #salt
12:24 bastion1704 good morning, is it possible to set de placement group using salt-cloud profile ?
12:24 renoirb joined #salt
12:30 Even_Me left #salt
12:31 cmcmacken joined #salt
12:34 teskew joined #salt
12:42 intellix joined #salt
12:45 bhosmer joined #salt
12:49 chandy joined #salt
12:53 JDiPierro joined #salt
12:57 chandankumar joined #salt
12:58 babilen ltsampros: What did you do?
13:09 clinta joined #salt
13:13 diegows joined #salt
13:19 choopooly joined #salt
13:22 Tecnico1931 joined #salt
13:24 clinta Can anyone help me with using the salt .pylintrc?
13:24 BET joined #salt
13:24 clinta The latest .pylintrc from git tries to load a plugin salttesting.pylintplugins.smartup, but that plugin isn't in https://github.com/saltstack/salt-pylint
13:26 sunkist joined #salt
13:28 favadi left #salt
13:28 otter768 joined #salt
13:30 giantlock joined #salt
13:31 nocturn Hi, I want to make part of my state conditional to work on CentOS 6 and 7, but {% if grains['osmajorrelease'] == 6 %} does not do it, what am I missing?
13:34 ThomasJ i personally use if '6' in salt['grains.get']('osmajorrelease')
13:35 ThomasJ using salt['grains.get'] ensures things does not break if the grain does not exist, although not a big worry with built in grains I prefer to use it due to consistency
13:36 nocturn ThomasJ, so {%  if '6' in salt['grains.get']('osmajorrelease') %} ?
13:37 ThomasJ nocturn: Correct
13:37 nocturn trying it now
13:37 ThomasJ Although yours should have worked too
13:37 ThomasJ At least as far as I can tell
13:38 sieve joined #salt
13:39 primechuck joined #salt
13:40 ntk joined #salt
13:41 chandankumar joined #salt
13:43 rocket joined #salt
13:44 anubise joined #salt
13:46 babilen Hi all, am trying salt-ssh again and have been reading some code. My intention is to get the scan roster working, but a call such as "salt-ssh --roster=scan $SOME_IP_ADDRESS test.ping" always results in "No hosts found with target $SOME_IP_ADDRESS of type glob"
13:46 babilen It also appears as if options.roster is *never* used anywhere and as if "--roster scan" is therefore completely ignored.
13:47 JDiPierro joined #salt
13:47 babilen https://groups.google.com/forum/#!msg/salt-users/1Y2-idThQjM/20A7VtlFgCoJ implies that what I am doing is, more or less, correct
13:47 babilen (this is on 2014.7.2)
13:48 thayne_ joined #salt
13:49 mpanetta joined #salt
13:49 rocket what is the recommended way to setup a salt master?  is it using gitfs or is that not really stable?  I have been using the gitpython provider
13:50 chandy joined #salt
13:51 babilen gitfs is perfectly fine
13:52 yomilk joined #salt
13:52 rocket I have been having trouble bootstrapping with gitfs on a freebsd salt master .. I am wondering how tested this is on freebsd :/
13:53 babilen 0.5
13:53 rocket my initial salt call doesnt work unless i specify saltenv base
13:53 __number5__ rocket: did you get the master working without gitfs?
13:54 babilen rocket: What happens if you simply copy your states to /srv/salt ? Does that work? Is this GitFS specific? Which version of salt and gitpython are you using?
13:54 rocket I can get it to work, but I have to blow the caches at least once and bootstrap by providing an env
13:54 babilen "bootstrap" ?
13:55 babilen What are you doing exactly? What happens? What did you expect to happen? Please paste relevant output, states and commands to http://refheap.com
13:56 babilen Include "salt --versions-report"
13:56 kaptk2 joined #salt
13:57 rocket babilen: so this is weird . I have an ancient version of salt installed when I just did this clean install .. 0.17.5 .. :/
13:57 chandy joined #salt
13:57 rocket I am investigating this now.. but I should have had 2014.7.2
13:58 babilen rocket: And you followed http://docs.saltstack.com/en/latest/topics/installation/freebsd.html ?
13:59 rocket no apparently not .. I had used the bootstrap from bootstrap.saltstack.org
13:59 AndreasL1tro joined #salt
13:59 rocket eg  fetch -o /tmp/salt_bootstrap.sh http://bootstrap.saltstack.org
13:59 goodwill left #salt
14:00 ange salt 2014.7.1 is supposed to have boto in, yes by states with boto_rds.present fail as that state is seen as unavailable
14:01 andrew_v joined #salt
14:01 lietu joined #salt
14:02 __number5__ rocket: freebsd might have a really old version...
14:04 __number5__ try specifying a git version, e.g. sh ./bootstrap.sh -X git v2014.7.2
14:04 phx __number5__, http://svnweb.freebsd.org/ports/head/sysutils/py-salt/distinfo?view=markup
14:04 phx 2014.7.2
14:04 phx i thought that wasn't _that_ old
14:05 cpowell joined #salt
14:06 __number5__ phx, yep you
14:06 __number5__ you're right
14:08 ek6 joined #salt
14:09 ange apparently not so many people are using boto_rds
14:11 londo joined #salt
14:11 enarciso joined #salt
14:12 rocket lol but the 0.17.2 version I am getting from somewhere is fairly old :/
14:12 denys joined #salt
14:15 rocket how many of you guys are employees of saltstack?  I have a friend that has recently started working for them in sales.
14:15 rypeck joined #salt
14:18 timoguin joined #salt
14:21 lietu- joined #salt
14:22 MTecknology git.latest supports checking out a specific tag, doesn't it?
14:23 phx rocket, how are you getting your freebsd stuff? release packages of the fbsd release you are running, or somehow from ports yourself?
14:23 StDiluted joined #salt
14:23 micah_chatt joined #salt
14:25 redzaku joined #salt
14:26 MTecknology ah, nice
14:28 rocket phx, I had been using the bootstrap scripts and then I had been running a salt formula to finish the bootstrapping
14:28 rocket eg I have been trying to control my entire system with that salt-formula.  I had it working before and I was reworking some of it now
14:29 rocket I think my cloned version of the salt-formula was out of date and that might be my problem
14:30 debian112 joined #salt
14:30 sgate1 joined #salt
14:30 choopooly Hi guys, I'm trying to deploy docker containers in a state, so I found this example that I use as a proof of concept. http://jacksoncage.se/posts/2014/10/01/use-salt-to-manage-and-deploy-docker-containers/
14:31 choopooly However I'm having trouble to understand how it could work properly, as the state do not cover the case for the first deployment where you do not have any container running.
14:31 choopooly The state will try to stop and remove the container who do not exists yet and will obviously fail...
14:32 subsignal joined #salt
14:34 mpanetta_ joined #salt
14:34 jcsp joined #salt
14:36 Brew joined #salt
14:37 JoshuaX joined #salt
14:37 cheus joined #salt
14:38 amcorreia__ joined #salt
14:39 rocket phx I am getting this error over and over again unless I clean my caches.
14:39 rocket BadName: Ref 'style-short-dec' did not resolve to an object
14:39 rocket 2015-03-24 14:38:23,744 [salt.master                                ][ERROR   ] Error in function _serve_file:
14:41 sieve joined #salt
14:41 babilen rocket: Sounds as if you are using a formula and that *something* has gone bad with a recent PR
14:43 intellix joined #salt
14:44 wnkz joined #salt
14:45 heise joined #salt
14:48 redzaku joined #salt
14:49 bhosmer joined #salt
14:50 thedodd joined #salt
14:53 clintberry joined #salt
14:53 zwi joined #salt
14:56 * iggy whistles innocently
14:56 bmac2 that whistle is a lie
14:56 bmac2 A lie I say
14:56 bmac2 how dare you
14:56 iggy very likely, I've made most of the recent changes to the salt formula
14:57 babilen It's been broken ever since
14:57 babilen ;)
14:57 bmac2 see I TOLD you it was a lie
14:57 iggy although, it depends on when you last updated... someone made changes about 4 months ago that changed it a lot more than I did
15:03 redzaku joined #salt
15:06 ndrei joined #salt
15:06 dalexander joined #salt
15:06 paulm-- joined #salt
15:08 scbunn joined #salt
15:09 jakubek joined #salt
15:10 jakubek hi, any ideas for forwarding some ports from minions to master?
15:11 theologian joined #salt
15:12 mpanetta joined #salt
15:12 linjan joined #salt
15:15 jcsp joined #salt
15:18 fivmo joined #salt
15:18 fivmo joined #salt
15:19 fivmo left #salt
15:20 redzaku joined #salt
15:20 conan_the_destro joined #salt
15:20 redzaku joined #salt
15:24 smcquay joined #salt
15:25 zwi joined #salt
15:26 StDiluted joined #salt
15:28 JoshuaX joined #salt
15:29 nesv joined #salt
15:29 otter768 joined #salt
15:36 chandankumar joined #salt
15:38 chandy joined #salt
15:40 illern_ joined #salt
15:40 yomilk joined #salt
15:41 timoguin joined #salt
15:42 jeffspeff I'm reading http://docs.saltstack.com/en/latest/topics/reactor/ about how to use reactors to manage keys. one of the examples it shows is "'salt/minion/ink*/start'" which will match against minion id's beginning with 'ink'. If I leave that part out and just use"'salt/minion/start'" will that match all minions or should i use "'salt/minion/*/start'" ?
15:42 Eureka_ @jeffspeff I believe you would use the second option.
15:43 SheetiS jeffspeff: the 2nd option is indeed correct.
15:43 SheetiS the event would show up as "salt/minion/<minion_id>/start" so you'd need the * there.
15:43 Eureka_ Jeffspeff, if you use the python event listener to see what events look like when they come into the master it will help you write your events. I know it helped me a lot when I was writing a few custom reactors.
15:44 debian112 Hello all! I have some packages that I need to upgrade in the cloud, but some servers do not have that package installed.
15:44 debian112 I don't want to install it if it does not need to have it. I see that: 2015.2.0 only_upgrade supports what I need, but is there any other I can use.
15:44 jeffspeff thanks Eureka_ and SheetiS
15:44 fivmo joined #salt
15:44 Eureka_ =)
15:45 perfectsine joined #salt
15:45 babilen debian112: You could simply upgrade all applicable pacakges with "pkg.upgrade"
15:45 timoguin It won't upgrade ones that are already at the latest.
15:46 debian112 babilen ok thanks
15:46 babilen debian112: That would, arguably, get you more security updates than you are actually tryin to install, but I don't quite see how that would necessarily be problematic
15:46 istram joined #salt
15:47 jeffspeff is there a way to specifiy an alternate location for reactor.conf? or does it have to be in /etc/salt/ ?
15:47 debian112 babilen: oh yeah, so one thing is that we are installing certain versions
15:47 Grokzen joined #salt
15:47 babilen debian112: Run "salt '*' pkg.list_upgrades" to see what would be upgraded on each box. Review that list and make a call then. If you require further help we can take it from there, but normally your servers should be setup in a way that allows you to run pkg.upgrade without problems
15:48 timoguin debian112: you can pin specific versions with pkg.hold (I think that's what it's called).
15:48 babilen debian112: I'd need more information to be able to help you
15:48 babilen timoguin: It is, yueah
15:49 debian112 babilen: here is the file I use to deploy security fixes for bash
15:49 debian112 http://paste.debian.net/162944/
15:50 debian112 right now if the grains matches up then it gets installed rather it needs it or not.
15:50 babilen debian112: Why don't you install the latest upgrades? bash in wheezy-security is at 4.2+dfsg-0.1+deb7u3 right now, but why don't you want to install the latest versions?
15:51 babilen Just out of curiosity: How many systems do you have on which you don't have bash installed?
15:51 debian112 I am using that as an example
15:51 debian112 bash is on all system
15:52 babilen There is no clear cut answer. What you are trying to do is not supported in the version of salt you are running and I am arguing that you would normally want to install *all* security updates. The latter can be done with a "pkg.upgrade" easily and I am trying to understand what it is that would render doing that problematic.
15:53 joehh joined #salt
15:53 debian112 I don't have a internal debian mirror, so I want to know what versions are being installed
15:54 babilen pkg.list_upgrades tells you that
15:54 yawniek when i have schedule defined in a minions pillar and i change/remove them, how can i get that change propagated automatically,e.g.: it doesnt seem to stop the job even though the pillars don't show up anymore
15:54 debian112 ok I will check on pkg.upgrades.
15:57 dabb joined #salt
15:57 jeffspeff Eureka_, SheetiS, what is the difference between using reactor to tell a minion to run highstate on start and having the minions startup_state value set to highstate?
15:57 babilen debian112: If you have a specific problem we can help you with feel free to paste applicable information, but for now my recommendation would be: Install all updates!
15:58 pdayton joined #salt
15:58 babilen jeffspeff: Different areas in salt triggering the execution
15:58 debian112 ok thanks babilen
15:58 babilen jeffspeff: The highstate itself should be the same :)
15:59 jeffspeff ok, thanks again
16:00 rocket babilen: phx thanks guys I figured out my issues
16:00 babilen \o/
16:01 nesv yawniek: salt '*' pillar.refresh
16:01 Guest15 joined #salt
16:01 rocket the newer salt changed pkg providers for freebsd and I needed to specify the one I was using.  eg the bootstrap scripts are using pkgng and salt wasnt so there was a conflict on the packages
16:04 Xevian joined #salt
16:04 dalexander joined #salt
16:07 iggy nesv: it's saltutil.refresh_pillar not pillar.refresh
16:08 iggy although, that would be a handy alias to add
16:10 iggy if the salt committers were as thorough about asking for documentation, clear/consistent naming, etc. as the guys in salt-formulas, I'd have to bitch about non-version-annotated code 40% less
16:12 giannello joined #salt
16:13 lucidd joined #salt
16:13 Ahlee anybody that's stood up salt-api behind apache know how to make apache stop stripping out application/json, replacing it with applicaton/x-www-form-urlencoded ?
16:13 Ahlee yes, more of an apache question, but hoping somebody that actually uses web servers can chime in
16:14 ahale joined #salt
16:16 iggy don't use apache?
16:16 Ahlee I've outgrown cherrypy
16:16 iggy nginx?
16:16 iggy tux?
16:16 Ahlee that requires fastcgi, right?
16:16 mpanetta Isn't it just a wsgi app?
16:16 giannello I'm using salt-cloud to spin up/destroy nodes, and salt-mine to store node data to be consumed by some services. Is the mine data deleted when VMs are destroyed using salt-cloud?
16:16 Ahlee mpanetta: yes
16:17 desposo joined #salt
16:17 mpanetta so you could use uwsgi
16:17 mpanetta +nginx
16:17 Ahlee but for those of us who don't touch web servers, that's greek
16:17 iggy oh... I see, you aren't proxying, you're trying to run it in the same space
16:17 iggy saltnado is where it's at anyway
16:17 mpanetta saltnado? hah
16:18 iggy giannello: maybe? it's deleted when the key is removed
16:19 iggy I don't know off the top of my head if salt-cloud removes keys, but it probably could (with the reactor)
16:19 Eureka_ @Ahlee: you can try to add "AddType 'application/json'" to your httpd.conf file. Not sure if that will do it but it may.
16:20 mpanetta I'm pretty sure salt-cloud removes keys
16:20 Ahlee Eureka_: yeah, did that.  I guess i'll try moving it into the same vhost definition and see what complains
16:20 SheetiS giannello: salt-cloud does remove keys when destroying a node.  This will also clear the mine.
16:20 Ahlee i remember when i used to care about this stuff
16:20 Ahlee thanks for the reply
16:21 Eureka_ np
16:21 Eureka_ At the moment i use nginx for everything. Apache is great.. just got tired of it.
16:21 Ahlee AddType 'application/json; charset=UTF-8' .json
16:21 Ahlee i wonder if it's hte .json on the end
16:21 Eureka_ @SheetiS, mpanetta, giannello -- yes. you remove keys when salt-cloud -d is ran. I just confirmed it with a host.
16:22 aparsons joined #salt
16:24 VSpike With salt.modules.mysql, how is it possible to set up mysql with a root password?
16:24 desposo1 joined #salt
16:25 conan_the_destro joined #salt
16:25 SheetiS Ahlee: AddType expects at least one extension to go along with it.  If you don't have a pertinent extension, you could manually set a header inside of a location directive.
16:25 VSpike Because you need an account for the module to use to manage the db, by default root. If you change the root password, you're a bit stuck
16:25 giannello Eureka_, I know about the keys, but I was not sure about the mine data. SheetiS: thanks for confirming
16:26 giannello iggy, thanks you too
16:26 VSpike I guess having the password in /etc/salt/minion is not much less secure than having no password at all
16:27 spookah joined #salt
16:28 wendall911 joined #salt
16:28 SheetiS VSpike: you could put it in your pillar and gpg encrpyt it instead.  It looks like the module uses config.option to populate the configs, so this should work.
16:29 SheetiS This would ensure that you wouldn't have the password in the clear at rest, and you'd have to have at least permissions to run salt-call (root by default) to obtain it from the pillar
16:29 SheetiS that's not perfect but at least as good as having a limited-permission .my.cnf in one's home.
16:29 stoogenmeyer joined #salt
16:30 redzaku joined #salt
16:30 redzaku joined #salt
16:32 timoguin joined #salt
16:32 thedodd joined #salt
16:33 ndrei joined #salt
16:34 ajw0100 joined #salt
16:35 dalexander joined #salt
16:36 VSpike SheetiS: that does sound better. It still doesn't solve the catch 22 of how to create an account for management though
16:38 yannisc1 left #salt
16:38 vieira joined #salt
16:38 VSpike Initially the db will have only a root user with an empty password, so you need to use that the first time to create the management user (or modify the root password) and then use those new creds thereafter
16:40 vieira Hello, is there anyway to return a summary of the result of executing a module across a number of hosts by e-mail? The smtp returner returns one e-mail for each host and I'm looking for a way to send one email with the result across all minions
16:40 vieira like what is printed on the master...
16:40 siddc joined #salt
16:41 thayne joined #salt
16:41 VSpike I suppose I could add a grain after the first pass
16:41 amcorreia__ joined #salt
16:41 SheetiS VSpike: Jinja with this: http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.mysql.html#salt.modules.mysql.user_exists
16:41 siddc We are running salt stack and leveraging grains to run against certain subset of hosts. We have two DCs and only one of each is active at any given point of time. A simple nslookup can tell us which one. How can we integrate a gate in salt stack that would warn if we are running commands in the active DC?
16:42 SheetiS if salt['user.exists']('root', passwordless=True)
16:42 SheetiS err
16:42 SheetiS err
16:42 SheetiS if salt['mysql.user_exists']('root', passwordless=True)
16:43 SheetiS that would be a good way to apply the state that sets the root password in a state.
16:46 theologian joined #salt
16:47 Auroch joined #salt
16:47 VSpike SheetiS: Hm, I suppose that might work. It throws an error if it can't connect with the credentials defined in the config but it does then return false
16:48 denys joined #salt
16:51 __number5__ SheetiS: I think if the root exists and have a password, passwordless=True statement will fail
16:51 gladiatr joined #salt
16:51 MatthewsFace joined #salt
16:51 jalbretsen joined #salt
16:52 __number5__ why not just use the mysql_user.present state to enforce the root password
16:52 SheetiS __number5__: that's right.  Don't set a root password unless passwordless succeeds.  put the state to set the root password inside the if conditional
16:55 VSpike The problem then is managing the dependancy
16:56 teskew joined #salt
16:56 VSpike You can have this https://bpaste.net/show/8e2e63aa3389
16:56 VSpike but then every other state that uses the mysql module must require this state
16:57 VSpike I put the required actual root password in the pillar so by default the module will attempt to use that.
16:57 VSpike Hopefully
17:00 ajw0100 joined #salt
17:00 hasues joined #salt
17:00 rocket if I am using a formula that has a template entry like this
17:00 rocket https://github.com/saltstack-formulas/salt-formula/blob/master/salt/files/minion.d/_defaults.conf#L104
17:01 hasues left #salt
17:01 rocket how do I set the pillar so it has  grains:  roles: - salt_master
17:01 rocket ?
17:02 is_null hi all, i don't understand why watch_in is not working in 2014.1.7: http://dpaste.com/1S6H1YJ as you can see pg_hba.conf was updated so i was expecting service: postgresql to be restarted. What am I doing wrong ? thanks !
17:02 mikaelhm joined #salt
17:02 pviktori joined #salt
17:02 VSpike shame you can't do require_in: - mysql_user: * - mysql_grants: *
17:02 VSpike Except that would create a requirement loop in this case, unless that specifically excluded the current state
17:03 litwol joined #salt
17:03 litwol Hello
17:06 giannello any reactor guru around?
17:07 SheetiS VSpike: you could use a macro for creating users and grants.  It would require a {% from "whatever/macro.sls" import mysql_macro with context %} or whatnot at the top of the state, but might make those states easier to keep clean and not forget requisites.
17:08 SheetiS giannello: feel free to share your question.  I've used the reactor a fair bit myself as have others who are active here.
17:08 VSpike SheetiS: nice idea... i'll have a look. Would be neater to combine grants and users anyway
17:09 siddc We are running salt stack and leveraging grains to run against certain subset of hosts. We have two DCs and only one of each is active at any given point of time. A simple nslookup can tell us which one. How can we integrate a gate in salt stack that would warn if we are running commands in the active DC?
17:09 giannello every time I try to trigger a reaction from an event, I get a render error
17:10 chandankumar joined #salt
17:11 giannello note that I'm triggering the events using salt-call event.send
17:11 SheetiS giannello: share your reactor sls here via a pastebin or a gist.  It's hard to debug reactor sls errors, so sometimes it's best to just share them and let another set of eyes take a look.
17:11 giannello well, any reactor sls will fail - I tried also copy/pasting the examples at http://docs.saltstack.com/en/latest/topics/reactor/
17:11 giannello I really doubt it's a syntax error in the sls
17:12 enarciso joined #salt
17:12 spookah joined #salt
17:12 VSpike It's annoying that the include: - .foo shorthand doesn't work in pillars but does in states
17:12 hal58th rocket, you can not get grain info and put it into pillar. Pillar is rendered on the master and then sent to the minion. While grains are rendered on the minion and stay there.
17:12 VSpike Also annoying that you can't use that relative form in states if you want to require the sls
17:13 SheetiS giannello: what salt version are you running?
17:13 giannello 2014.7.2
17:13 redzaku joined #salt
17:13 illern joined #salt
17:14 druonysus joined #salt
17:14 druonysus joined #salt
17:15 giannello https://gist.github.com/giannello/43d2cea26e8593f70cbb
17:16 giannello here the reactor.conf, the sls and the output on the master using debug all
17:16 rocket hal58th: I am setting the grain in the salt_minion file.  the value is stored in the pillar and will be rendered into the salt file
17:18 VSpike SheetiS: in what form in the pillar should the mysql.user  and mysql.pass keys be put, do you think?
17:18 linjan joined #salt
17:19 rocket how can I tell what environment a node is in?
17:19 StDiluted anyone else seen this when trying ti upgrade salt on fedora/AWS linux
17:19 StDiluted error: unpacking of archive failed on file /usr/lib/python2.6/site-packages/salt-2014.7.0-py2.6.egg-info: cpio: rename failed - Is a directory
17:19 StDiluted error: salt-2014.7.1-1.el6.noarch: install failed
17:19 SheetiS VSpike: They should look just like they would if you put them in a minion config.
17:19 vectra joined #salt
17:19 StDiluted s/ti/to/
17:19 iggy rocket: the pillar should actually be salt:minion:grains for the salt-formula
17:20 hal58th well, i'm not sure what you are trying to do rocket.... But I may have a solution for you if I read that last sentence correctly. You can set a value in pillar like "role: salt_master". Then in your states file, you can do an if statement that checks for that pillar value. Then use the state "grains.present" to set that pillar value into a grain.
17:20 hal58th rocket http://docs.saltstack.com/en/latest/ref/states/all/salt.states.grains.html#salt.states.grains.present
17:20 hal58th or do what iggy just said because I didn't really look at the formula
17:20 ek6 what version of M2Crypto are other folks currently using out of curiosity?
17:21 hal58th VSpike: It's usually plaintext.
17:21 is_null hi all, i don't understand why watch_in is not working in 2014.1.7: http://dpaste.com/1S6H1YJ as you can see pg_hba.conf was updated so i was expecting service: postgresql to be restarted. Can anybody confirm it's a bug in saltstack ? thanks !
17:21 VSpike SheetiS: it doesn't seem to use them, AFAICT
17:22 rocket iggy: salt:minion:grains:roles:salt_master  ??
17:22 iggy what I typed is shorthand...
17:23 hal58th is_null: It might be an upstream bug where python is unable to determine the actual status of postgresql. Can you do a "service postgresql status" and then "echo $?" and tell me the exit code
17:23 rocket iggy I am not totally following .. I want to set the grains value to be roles: and then - salt_master on a new line
17:23 VSpike oh wait
17:24 hal58th is_null, also I have seen where you have to use the "sig" option in service because it always think the service is up. (I know you want it restarted)
17:24 SheetiS giannello: having the reaction occur on '*' would cause infinite reactions which might be a problem, but as far as the failed to render on the sls itself, unless some indention issue that I cannot see is going on or there are other things configured, I don't see a problem with what you pasted for the sls itself.
17:24 is_null hal58th: the service is up indeed, the problem is that it's not restarted even though a watched file has changed
17:24 is_null hal58th: see line 47 of the paste "Service postgresql is already enabled, and is in the desired state
17:25 hal58th is_null, I understand. Can you do a salt-call state.highstate -l debug and paste that output instead
17:25 diegows let me know if I'm wrong, the targetting is aplied in the minions, not in the master, right ? I mean, if I do salt -G foo:bar test.ping, it's the minion who ignores or applies the command
17:25 is_null when i expected something like "Service postgresql is enabled and started, but a watched file has changed, restarted postgresql"
17:25 is_null k
17:25 iggy rocket: A. why are you trying to set grains like that? B. https://gist.github.com/iggy/e075bedce73ff11cca59
17:26 illern joined #salt
17:26 iggy is_null: it wouldn't surprise me if 2014.1.7 had bugs in that code
17:26 rocket iggy: I am trying to define the role for the node .. isnt that how I do it?
17:27 joehh joined #salt
17:28 JDiPierro joined #salt
17:28 iggy rocket: it depends what you are actually trying to achieve... Most people frown upon setting roles in grains because anybody that has admin rights on a host can overwrite the grains to access sensitive data in pillars.... but my gist should do it if you think that's the right thing for you
17:29 yomilk joined #salt
17:29 rocket iggy: so where do people set the roles then? in the pillar?
17:30 rocket iggy: your point makes sense and I would rather do it the correct way
17:30 iggy that's one way
17:30 otter768 joined #salt
17:31 smcquay joined #salt
17:32 nesv The more time I spend in this channel, the more I get the impression grains are never a solution for anything other than what the minion divines and provides as system facts.
17:33 iggy I use them for roles, but I have a custom grain module that pulls the grains from GCE metadata... and I work under the assumption that if anybody gets root on one of my boxes, I'm already boned
17:33 druonysus joined #salt
17:33 druonysus joined #salt
17:34 rocket iggy: thats my only planned usage of grains .. is setting the role for the node
17:35 SheetiS nesv: The idea is to not use grains to allow a system to get information it might not have.  If you can set a grain and expose more hidden pillar data, that can be a concern.
17:35 iggy if you trust your admins and/or you don't have anything in pillars that is particularly sensitive, it's a perfectly fine way of working
17:36 rocket ok .. another question .. is this a known issue?
17:36 rocket https://gist.github.com/eedgar/f23135600f2fdb36fa2c
17:36 chandy_ joined #salt
17:36 catpig joined #salt
17:37 iggy probably a misconfiguration on your part, but you should still file an issue (we hates the filthy little tracebacks)
17:37 VSpike Oh, that's nasty. I think changing the root password is probably hard with the salt module because there seem to be several root users ... root@localhost, root@<hostname>, root@127.0.0.1 and root@::1
17:37 iggy you'd have to paste your top/states/etc to be able to tell for sure
17:37 numkem I'm running 2014.7 and for some reasons putting pillar_source_merging_strategy to smart in the master config and it doesn't seem like its working, my pillar dictionnaires aren't merging... What am I missing?
17:38 VSpike Maybe .. I guess that's more of a mysql question
17:38 _JZ_ joined #salt
17:38 iggy numkem: restart salt-master?
17:38 numkem tried that, no dice
17:39 hal58th numkem, why not just set to merge instead of smart?
17:39 numkem And I know the config is changing because I've made other changes and the changes were taken into account
17:39 numkem hal58th: let me try that
17:39 SheetiS VSpike: you can limit that to only one of those if you want or you have to set it for all of those.  root@localhost is typically via the unix socket, root@127.0.0.1 locally ipv4, root@::1 locally via ipv6, etc
17:40 rocket iggy: I updated the gist with my configs
17:40 iggy dude... protip: gist allows multiple files per paste
17:42 Ahrotahntee iggy: it's hard to spot that button, to be fair
17:42 iggy don't take sides
17:42 iggy rocket: what about your top file?
17:42 Ahrotahntee just saying, is all
17:43 * Ahrotahntee goes back to planning milestones for his project
17:43 iggy and you'll probably have to look into your states that are different between
17:44 iggy rocket: try salt-call -l debug
17:44 giannello SheetiS, yeah, the '*' is just a test :) I'll try to debug a little more tonight to check why the rendering fails - it's definitely not normal
17:45 rocket updated gist
17:47 rocket iggy: this is on a freebsd 9.3 box that I am trying to setup/bootstrap ..
17:49 iggy your indentation looks weird
17:50 hal58th is_null, figure out your problem or did you run to lunch?
17:54 rocket iggy that indentations are all coming from the salt formula I was trying to reuse
17:54 iggy rocket: I think it's a problem with the git repo
17:55 iggy the indentation I was talking about is in your top.sls
17:55 iggy you have 3 spaces instead of 2
17:55 iggy who in the world uses 3 spaces...
17:55 rocket oh yea I can fix that
17:56 rocket it wasnt intentional .. must of been a tired typo last night that carried through
17:57 rocket iggy: which git repo? my states git repo?
17:58 iggy no the salt-formula repo
17:58 ajw0100 joined #salt
17:58 iggy it has a branch that shouldnt' be there
17:59 mpanetta Sounds like it is tim eto call an arbourist...
17:59 iggy I did
17:59 baweaver joined #salt
18:01 illern joined #salt
18:03 rocket iggy: aha .. probably this remotes/origin/style-short-dec
18:03 dopesong joined #salt
18:04 bluenemo when using file.managed, I can pass a variable via defaults or context. how can I pass a tuple, list or dict named 'foobar'?
18:04 rocket iggy: https://github.com/saltstack-formulas/salt-formula/tree/style-short-dec
18:04 murrdoc joined #salt
18:05 murrdoc Gareth:  hey
18:05 nexsja^ joined #salt
18:06 iggy rocket: yes... not entirely sure why it's causing your problems and nobody else
18:06 iggy rocket: wait, is your master *bsd?
18:06 johntron joined #salt
18:06 rocket wonder if its related to freebsd being the master
18:06 rocket yes the master is freebsd
18:06 iggy totally unsupported
18:07 robsavino joined #salt
18:08 rocket bah thats why then .. some sort of regression thats only impacting freebsd :/
18:08 iggy I opened an issue to have that branch pruned (it's something old that was merged already)
18:08 pravka joined #salt
18:09 johntron I'm having a hard time understanding when to use lists, lists of keys, etc. in my yaml/sls files. Just for demonstration purposes, suppose I wanted to run a command with an `unless`. How do I know if the unless should be nested inside cmd.run or not, and how do I know to include it as simply a key-value instead of list-item containing a key-value?
18:09 micah_chatt_ joined #salt
18:10 rocket iggy I assume that support will not be coming at all for that scenario?
18:10 dillbilly joined #salt
18:10 dopesong_ joined #salt
18:10 litwol Hello
18:10 iggy rocket: I doubt it's something the salt devs have the time to work on, but I bet they'd accept patches
18:11 iggy johntron: try different things until it doesn't fail
18:11 litwol I am new to salt syntax and still find it difficult to understand what i read in salt modules (the actual python code)
18:11 fiftysquid joined #salt
18:11 fiftysquid left #salt
18:11 johntron iggy: that's what I've been doing, but it's so time consuming. it'd be nice if there were something I could refer to - Python code even.
18:11 hal58th johntron, I believe you just have to look at the documentation to know which one to use. Then you just remember with practice.
18:12 litwol I am trying to figure out how to specify "refresh = false" in my formula sls/jinja to stop full db/repo sync every time i run highstate: http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.ebuild.html#salt.modules.ebuild.latest_version
18:12 iggy litwol: it's the default (unless you have a pkg.latest)
18:12 litwol iggy: i need to set it to false
18:12 litwol oh
18:12 litwol i c
18:12 * litwol thinks
18:13 salt_ joined #salt
18:13 rocket iggy deleting that branch from my copy of the repo worked for now ..
18:13 litwol iggy: i have pkg.installed \n - name: {{ mypackage}}
18:13 rocket iggy: Ill have to re-evaluate where I am going to run this master, as its a freebsd only shop that I am automating at the moment
18:13 johntron hal58th: yeah, I'm remembering some, but things like `unless` confuse me - it looks like it can be used under an id, or as a named argument to some functions. btw, the 2nd example for unless doesn't work for me: http://docs.saltstack.com/en/latest/ref/states/requisites.html#unless
18:13 litwol iggy: i *assume* this implies "latest" because i didn't specify a version.
18:14 iggy rocket: probably still open an issue for it to track it... make sure you mention it's a *bsd master you're playing with
18:14 murrdoc1 joined #salt
18:14 litwol iggy: https://github.com/saltstack/salt/blob/develop/salt/modules/ebuild.py#L215
18:14 iggy litwol: no, pkg.installed installs whatever the latest is when it first runs... pkg.latest checks for/installs the latest every time it runs
18:15 litwol it defaults to refresh == true
18:15 litwol iggy: i understand the implication aboutthe /package/, what i'm after is to prevent portage sync when running highstate.
18:15 litwol iggy: i have my own portage tree state which i mount read-only
18:15 hal58th johntron, prove it doesn't work and write up an issue
18:16 litwol and it causes me issues when salt force-syncs portage.
18:16 litwol problem will go away ifi can figure out how to cause "refresh" variable to be set to false through my sls
18:16 litwol refresh = salt.utils.is_true(kwargs.pop('refresh', True))
18:16 johntron i am
18:17 litwol https://github.com/saltstack/salt/blob/develop/salt/modules/ebuild.py#L517
18:17 litwol darn
18:17 litwol i think i found my answer
18:17 ndrei joined #salt
18:17 baweaver joined #salt
18:18 nesv Does anyone know how, when using the iptables.append state, to match like the --in-interface does?
18:18 murrdoc joined #salt
18:19 iggy litwol: it defaults to refresh=None actually... if you want to force it just add '- refresh: False' to all your pkg.installed states
18:19 litwol iggy: ty. testing that now.
18:20 litwol iggy: i'm running version 2014.7.2 from portage. running pkg.installed caused my portage tree to be synced. i didn't modify any config to alter default behavior.. it just synced.
18:20 iggy the ebuild module defaults to refresh=False... so you really shouldn't need to double specify it
18:21 litwol iggy: where can i see this in code? i'll dig to find out why it was synced despite being set to false.
18:22 iggy https://github.com/saltstack/salt/blob/develop/salt/modules/ebuild.py#L419
18:22 litwol i see!
18:22 litwol so weird.
18:23 iggy salt.modules.ebuild.install is called from salt.states.pkg.installed
18:23 hurtz_ joined #salt
18:23 litwol iggy: i confirm in code it is also set to false. HOWEVER. i just ran a test.
18:23 perfectsine joined #salt
18:23 litwol test case: pkg.installed: \n -name: nginx
18:23 litwol test 1: - refresh: false
18:24 litwol test 2: delete/omit mention of refresh.
18:24 litwol iggy: test 2 forced websync update. test 1 skilled sync, emerged nginx as requested.
18:24 iggy sounds like a bug
18:24 lkannan_ joined #salt
18:26 litwol iggy: is there a way for me to control ebuild module from salt master config? ie /etc/salt/master ? i'd like to avoid (1) changing ebuild.py, and (2) doulbe-specying -refresh in every formula i write.
18:26 murrdoc joined #salt
18:26 iggy I know next to nothing about Gentoo
18:26 iggy nor it's use in conjunction with Salt
18:26 litwol that's a salt-specific question.
18:27 litwol whether salt master config is able to modify behavior of individual modules
18:27 iggy it's a case by case basis
18:27 iggy but if there was, it would more than likely be a minion config option (not master config)
18:28 litwol i c
18:29 baweaver joined #salt
18:32 litwol I believe default True for refresh should be changed to False  refresh = salt.utils.is_true(kwargs.pop('refresh', True))
18:34 litwol https://github.com/saltstack/salt/commit/bd72e44a2ff35105468aae5ccbbbb6fc3d692026
18:34 litwol This commit should have set it to false
18:34 litwol oh well
18:35 jcsp joined #salt
18:35 ipmb joined #salt
18:35 chandy joined #salt
18:35 ipmb Is it valid to use `onchanges` with `cmd.run`?
18:35 cynofox joined #salt
18:37 ipmb I'm trying to do this, but it isn't running when the files change: https://dpaste.de/Cg2A
18:37 dariusjs joined #salt
18:38 rocket iggy: where does salt take defect reports?
18:38 hal58th ipmb, no. cmd.run will always run and ignores all requisites, either used on it or used for it. You would want to use cmd.wait and use a watch command instead
18:39 ipmb right, forgot about cmd.wait... thanks!
18:39 hal58th ipmb, literally all you change. run to wait, onchanges to watch
18:39 hal58th rocket https://github.com/saltstack/salt/issues
18:39 jhauser joined #salt
18:39 dariusjs im struggling with something fairly simple, is it possible to have an array of variables in a state file, looking for the puppet equivalent of   $foo = [ var1, var2, var3 ]
18:40 jcsp joined #salt
18:41 ipmb {% set foo = ['a string', variable] %}
18:41 hal58th dariusjs http://jinja.pocoo.org/docs/dev/templates/#assignments
18:42 dariusjs ipmb: + hal58th  cheers, will give this a try
18:43 capricorn_1 joined #salt
18:43 bhosmer joined #salt
18:43 bhosmer joined #salt
18:45 gladiatr joined #salt
18:50 krelo joined #salt
18:52 lionel_ joined #salt
18:57 murrdoc joined #salt
19:02 Heartsbane joined #salt
19:02 Heartsbane joined #salt
19:08 johntron hal58th: here's the PR I created for `unless` example: https://github.com/saltstack/salt/pull/21951
19:11 murrdoc joined #salt
19:12 dopesong joined #salt
19:16 illern joined #salt
19:18 yomilk joined #salt
19:19 smcquay joined #salt
19:21 denys joined #salt
19:23 mikaelhm joined #salt
19:24 subsigna_ joined #salt
19:31 otter768 joined #salt
19:32 yawniek joined #salt
19:38 btorch is something like this not possible ? cmd.run "test=1; echo $test"
19:39 SheetiS it shold be, perhaps http://docs.saltstack.com/en/latest/ref/states/all/salt.states.cmd.html#salt.states.cmd.script might be better if you get more complex though
19:39 ndrei joined #salt
19:47 btorch hmm I'm probably not doing it right I guess ... cmd.script "/bin/echo $test" env="text=333" shell="/bin/bash"
19:47 wincyj joined #salt
19:47 btorch duh
19:47 racooper joined #salt
19:48 btorch well it wasn't the typo :(
19:49 BET greetings. I finished a proposesd update to an existing salt formula. is a pull request the best way to submit?
19:49 jY BET: yes
19:50 iggy BET: which one?
19:51 litwol is it possible to copy files from a specific minion back to master ?
19:51 litwol or from minion to another minion? (ie, my master runs a minion server too)
19:51 iggy yes
19:51 litwol cool. thx. /me googles.
19:52 Nazzy joined #salt
19:53 BET iggy: apache
19:53 clintber_ joined #salt
19:53 BET iggy: apache.modules to be specific
19:53 * iggy backs away slowly
19:53 iggy litwol: salt.modules.cp.push
19:54 llua btorch: "$test" is expanding in your current shell
19:54 llua btorch: salt sees "test=1; echo "
19:55 btorch hmm
19:55 litwol iggy: ty.
19:56 btorch is there a way to do it right then ? I basically need to use tw_cli but the thing is that I don't know what the ctrl number is so I have to find out first
19:57 iggy why don't you try pasting a more accurate example of what you're trying to do?
19:57 btorch this is what I'm trying ctrl=`sudo tw_cli show | grep ^c[0-9] | awk '{print \$1}'` ; echo ${ctrl}
19:57 btorch sorry wrong one
19:58 baweaver joined #salt
19:58 iggy I meant like the full state
19:58 btorch oh, I'm just running it as a module
19:58 btorch not a state file or anything like tha t
19:59 ericof joined #salt
19:59 btorch actually that like I pasted was correct
19:59 iggy so why are you even trying to capture the output of the at command? Just let it run and print out to stdout
20:00 iggy *of that command
20:00 btorch cmd.run " ctrl=`sudo tw_cli show | grep ^c[0-9] | awk '{print \$1}'` ; echo $ctrl"
20:00 jameswarren joined #salt
20:00 JDiPierro joined #salt
20:01 btorch cmd.run "ctrl=`tw_cli show | grep ^c[0-9] | awk '{print $1}'` ; tw_cli /$ctrl show |grep ECC-ERROR | wc -l "
20:01 yawniek joined #salt
20:01 btorch iggy: sorry that was it
20:03 iggy cmd.run "tw_cli $(tw_cli show | grep ^c[0-9] | awk '{print $1}') show | grep ECC-ERROR | wc -l"
20:03 iggy what about something like that
20:03 krelo joined #salt
20:04 btorch let me see .. I think I tried something similar
20:05 jameswarren_ joined #salt
20:05 btorch nah
20:05 adyxax left #salt
20:06 btorch don't think the $() runs properly
20:06 btorch oh well I'll just create a cron to collect the data and write somewhere
20:06 btorch thanks though
20:08 iggy btw, salt-minion runs as root, so you don't need sudo in that
20:09 iggy (just for future reference)
20:14 dalexander joined #salt
20:15 timoguin joined #salt
20:22 evilrob joined #salt
20:22 illern joined #salt
20:25 overyander joined #salt
20:26 litwol nice. i'm starting to like salt
20:26 litwol :-D
20:26 litwol more correctly, i am beginning to be happy about my level of understanding and mastery over salt.
20:27 babilen Well, better than: "The more I know about salt the more I hate it" ;)
20:28 giannello joined #salt
20:29 overyander I'm trying to setup a few reactors. I'm following the instructions here...  My reactor.conf file is located in /etc/salt/ and contains http://pastebin.com/BVJyuPxn  The contents of /srv/salt/base/reactor/authpending is http://pastebin.com/wHg4Lx6R . The test is failing. I tested by installing the minion and accepting the key. I then uninstalled and re-installed the minion on that machine which generates a new key with the same key name. My mast log still
20:29 overyander shows the key mismatch.
20:29 bash124512 babilen : tried ansible ? :)
20:30 jonher937 overyander: Check files in /etc/salt/pki
20:30 pdayton joined #salt
20:31 overyander jonher937, what am i looking for? i know the keys are stored in there, but should that reactor remove the currently accepted key?
20:32 ndrei joined #salt
20:34 jerematic joined #salt
20:34 jonher937 overyander: Looks ok, have you tried restarting master?
20:35 overyander yes
20:37 linjan joined #salt
20:37 tkharju joined #salt
20:38 overyander the documentation shows the reactor.conf file being located in /etc/salt/master.d/ but that dir doesn't exist, is it ok for it to be in /etc/salt/ or must it be in master.d/
20:38 overyander ?
20:38 jonher937 overyander: AFAIK you need to include it manually into master.conf if you dont put it in master.conf.d/
20:40 overyander ok, i looked for a setting to do that, but didn't find anything when searching master for reactor or reactor.conf. I found the setting to specify the file for autoassign.conf but not for reactor.conf. What is the field name supposed to be and I'll try that out?
20:41 dalexander joined #salt
20:41 jonher937 overyander: "include: reactor.conf" should work
20:41 overyander ok, thanks
20:42 litwol babilen: every tech has pros and cons. i prefer personal responsibility. what matters is what *you* can do with it :)
20:44 igorwidl joined #salt
20:45 overyander that did the trick. thanks jonher937
20:45 jonher937 overyander: No problem
20:45 baweaver joined #salt
20:50 __TheDodd__ joined #salt
20:52 litwol question
20:52 litwol when using -require:, may i use arbitrary names there? for example i have created a state "mysql_running:" which then specifies service.running etc etc
20:53 litwol may i use - require: mysql_running ?
20:54 jonher937 litwol: Have you looked at "include:" ? http://docs.saltstack.com/en/latest/ref/states/requisites.html
20:55 nexsja^ joined #salt
20:57 iggy litwol: it would be "- require:\n  - service: mysql_running"
20:58 desposo joined #salt
20:58 iggy it's "- modulename: state_ID"
20:58 litwol iggy: jonher937: ty.
20:58 chandy joined #salt
20:59 litwol haha this doesn't work mysql prod_cc < <(zcat salt://mymodule/files/prod_cc.sql.gz)
20:59 litwol i guess i really have to copy file to minion before using it. ... or am i missing something? is there a "temporary file" directory somewhere?
21:01 cheus joined #salt
21:02 neogenix joined #salt
21:03 iggy you have to copy it to the minion first
21:03 rocket can you use python in pillar files?
21:04 babilen rocket: You can, just use "#!py" in the first line and implement "run()" to return a dictionary
21:05 rocket thanks babilen
21:05 KyleG joined #salt
21:05 KyleG joined #salt
21:06 cberndt joined #salt
21:07 yomilk joined #salt
21:07 preachermanx I am just experimenting a bit and with ~2000 clients and "salt -s --batch-size=100 \* pkg.install p7zip.x86_64"  Seems to only run on a few nodes.   If I run it again, a few more get done.  Am I doing something horribly wrong or is it just due to the nature of having 2,000 nodes again.
21:07 jameswarren joined #salt
21:07 hal58th joined #salt
21:08 JDiPierro joined #salt
21:08 litwol i've read that i can specify "- names:" to run multiple commands in single cmd.run statement.
21:08 litwol are the name indexes guaranteed to be iterated in order specified?
21:09 preachermanx if I run it without batch or -s it just runs on ~10-15 minions and then exits like it is happy, but sadly not all 2,000 have it
21:09 kermit joined #salt
21:10 linjan joined #salt
21:11 iggy litwol: it's a list, so it should be ordered... should be
21:12 itru joined #salt
21:13 ryuhei joined #salt
21:13 babilen litwol: I take it that you are aware of cmd.script, aren't you?
21:13 ryuhei hi all.. is there a way to install salt-minion on the minion servers that timed out to install during initial bootstrap?
21:14 neogenix_ joined #salt
21:14 hal58th salt-ssh ryuhei? Not elegant though. Redeploy?
21:14 nesv What would be the "best" way to do this: I am setting svc.tcp_port in a pillar, for easy referencing, but I also need to use it in the pillar again, when setting `svc.listen_addr: "127.0.0.1:{{ svc.port }}"`. From what I can find, this won't work. What would be the best way to do something like this?
21:16 seev why not define the address and port in separate pillar items, and then assemble them into a cohesive line in a state or configuration
21:16 ryuhei hal58th: I can always deploy, but I was hoping there's a easy way  thanks tho!
21:20 nesv seev: Thanks a bunch. I'll do it in a state, and pass a variable into a template :)
21:20 nesv seev: My brain is feeling cluttered right now, so thank you very much for pointing that out.
21:20 hal58th ryuhei, hard to manage something that doesn't have a salt minion set up. you could use salt-ssh, but then you have to set that up as well.
21:20 seev no problem, I'm happy to share
21:21 overyander when using file.managed. can the destination name be different from the source name if they're otherwise the same file?
21:21 hal58th overyander, very much yes
21:21 litwol babilen: safe to assume i know nothing :) and trust less until i get a chance to run it and see consistent behavior. right now i'm learning to trust zero to mysql bootstrapping.
21:21 overyander hal58th, thanks
21:22 fkobzik joined #salt
21:22 ryuhei hal58th: right.. hm.. let me try with salt-ssh and see.  thanks!
21:23 hal58th ryuhei, very special note. Currently it wants passwd less sudo for salt-ssh.
21:23 murrdoc joined #salt
21:24 ryuhei hal58th: password less? or passwordless ?
21:25 hal58th saltuser    ALL=NOPASSWD:ALL
21:25 ryuhei aah.. ok thanks!
21:25 giannello SheetiS, apparently it's a salt bug - filing an issue in a few minute
21:26 hal58th welcome ryuhei
21:27 illern joined #salt
21:28 mnml_ joined #salt
21:29 nich0s joined #salt
21:29 babilen I can't seem to be able to use salt-ssh with the scan roster. (always getting "no host found ..") - Did any of you guys have luck with that?
21:30 amcorreia joined #salt
21:32 otter768 joined #salt
21:34 hal58th babilen: Try salt-ssh --roster scan 192.168.0/24 test.ping -l debug    Of course replace your subnet
21:35 babilen hal58th: Yes, done that, been there. (Well, tried a "/32", but same thing). Does that work for you?
21:35 hal58th I've never tried. Just googled it.. let's see
21:36 hal58th babilen, yeap worked like a charm.
21:36 babilen hmm
21:37 babilen Can you get a single IP with a /32 ?
21:37 babilen Which version of salt-ssh are you using?
21:38 hal58th ha, nope! 2014.1.10. You can write up that bug if you want
21:38 hal58th even if i changed it to to /31, that worked and the host next to it
21:38 babilen buggers
21:39 babilen Shitty implementation .. All I wanted was to be careful and figured "cidr range is cidr range" ...
21:39 hal58th make sure you write up a bug please :) just make sure it's not already there
21:39 babilen It's not, I checked
21:39 hal58th I would have tried the same thing
21:39 babilen Thank you
21:40 babilen I spent way too long looking at code :(
21:40 babilen *it should work!*
21:40 perfectsine joined #salt
21:40 hal58th heh, i would have tried a larger subnet first...
21:41 hal58th looking at code is always a last resort to me and it's usually to just make sure I am using the syntax correctly
21:41 overyander in reactor.conf, what's the difference between "- 'minion_start':  " and "- 'salt/minion/*/start':"   ?
21:42 babilen hal58th: Just to make sure: Which command did you use exactly? What *else* is needed before I can use that?
21:43 babilen overyander: There isn't one really .. different strings and match expressions
21:43 bocig joined #salt
21:43 hal58th sudo salt-ssh -i --roster scan 192.168.0.0/31 test.ping
21:44 bocig hey guys. I was hoping to get some help here. I have a multi master setup. As soon as the minion connects to one master, the other masters fail to see it. This seemed to have  "worked" before, not anymore. Any ideas?
21:44 litwol wow really getting the hang of it
21:45 mosen joined #salt
21:46 bocig anyone?
21:47 babilen hal58th: I just get "No hosts found with target ...." whatever I do - 2014.7.2 is what I have installed now, ~/.ssh/config is in place and allows me to login
21:47 babilen (need a different user on the box)
21:48 hal58th let's see your command
21:49 babilen "sudo salt-ssh -i --roster scan YYY.22.XXX.0/24 -l debug test.ping" -- tried with "--priv ~/.ssh/id_foo" in there as well (but that is configured in ~/.ssh/config already)
21:49 aberdine joined #salt
21:49 leszq joined #salt
21:49 Morbus joined #salt
21:49 paolo joined #salt
21:49 ThomasJ joined #salt
21:49 forze joined #salt
21:49 davromaniak joined #salt
21:49 mackstick joined #salt
21:49 SaveTheRbtz joined #salt
21:49 sjohnsen joined #salt
21:49 TaiSHi joined #salt
21:49 ToeSnacks joined #salt
21:49 nickg joined #salt
21:49 Damianz joined #salt
21:49 mortis_ joined #salt
21:49 rlarkin joined #salt
21:49 phpdave11 joined #salt
21:49 beauby joined #salt
21:49 babilen Sorry for redacting the network
21:50 jimylongs are there any thoughts on salt-cloud vs boto states  ?
21:51 babilen hal58th: https://www.refheap.com/98841
21:51 jimylongs I'm looking into seeing what I can provision with salt, and I'm not exactly positive which way to lean . . .
21:54 babilen hal58th: I can't, as of now, be entirely sure that this isn't a network configuration problem that somehow inteferes with the scan. I have very little to go on though and am not entirely sure what is missing ...
21:55 hal58th babilen, don't know what to tell you. firewall could be blocking. you can scan for localhost..
21:56 hal58th joined #salt
21:57 hal58th babilen, i think i need to try on a higher version, my output is different...
21:57 hal58th you can try targeting 127.0.0.1/24
21:57 hal58th can't really help to much more. i really should be working
21:58 hal58th '--scan-timeout', default=0.01, dest='ssh_scan_timeout'. this is also in the parser file but isn't documented. I'm going to update the doc here someday....
21:58 babilen Sure, you helped a lot already. It works from within certain VPNs, so it must be some filtering. I wonder what is missing as I can SSH to those boxes just fine.
21:59 chandy joined #salt
22:01 murrdoc joined #salt
22:01 cwright joined #salt
22:02 robsavino joined #salt
22:05 ajw0100 joined #salt
22:05 intr1nsic joined #salt
22:06 albertid joined #salt
22:07 ajw0100 joined #salt
22:07 iggy 'listen_in' is an invalid keyword argument for 'file.append' ... Say what? listen{,_in} should work in everything
22:08 wincyj joined #salt
22:09 baweaver joined #salt
22:11 spicyWith joined #salt
22:13 Bryanstein joined #salt
22:13 murrdoc https://www.youtube.com/watch?list=PL9svBjLDUl_8BqpIDKlCTqHZI2mkysTvZ&amp;v=qjFOY-QrW_k
22:13 aquassaut joined #salt
22:13 murrdoc yay
22:14 murrdoc Ahlee:  https://www.youtube.com/watch?v=Bs_NPEa95mY&amp; :)
22:15 babilen hal58th: I figured it out ... The timeout was simply too low and there is no way to adjust it in the salt-ssh version I have here. I'll cherry-pick the commits from develop against salt/roster/scan.py
22:15 hal58th murrdoc, he's well aware of his shame
22:15 hal58th what's your version babilen?
22:16 murrdoc hal58th:  shame ?
22:16 hal58th he was criticizing his own ummm
22:16 hal58th "umms"
22:17 babilen hal58th: 2014.7.2
22:17 hal58th hmmm, you should have been fine then babilen. you couldn't use the ssh_scan_timeout?
22:17 babilen Oh, finally some saltconf 15 videos :)
22:17 babilen hal58th: It is hardcoded to 0.01 in the scan.py I have on my system
22:17 preachermanx babilen: *perk* oh where? :D
22:18 baweaver joined #salt
22:18 hal58th that's correct, it should be hardcoded like that everywhere
22:18 babilen preachermanx: https://www.youtube.com/channel/UCpveTIucFx9ljGelW63-BWg
22:18 preachermanx babilen: danke
22:19 babilen hal58th: Why? I have "sock.settimeout(float(__opts__['ssh_scan_timeout']))" in develop and "sock.settimeout(0.01)" on 2014.7.2
22:19 babilen http://docs.saltstack.com/en/latest/topics/releases/2015.2.0.html also has "Additional configuration options and command line flags have been added to configure the scan roster  on the fly"
22:20 MindDrive So for those (like Iggy) who recall my questions about non-root access to Salt (running as root), with the help of a few coworkers I got it to work... but detailing what I did here might make some people claw their eyes out.  It's still relatively secure, but there's a wee bit of trust left in our user's hands for it.  A more long-term solution will probably be to set up cherry-py and use external auth via PAM, which will be a bit more robu
22:20 MindDrive st and configurable, but for now what we have works.
22:20 hal58th so you can't use ssh_scan_timeout on 2014.7.2?
22:21 prwilson joined #salt
22:23 babilen That appears to be the case, but I investigate in detail later. ssh_scan_timeout does not appear anywhere in the codebase in 2014.7
22:23 elfixit joined #salt
22:24 hal58th kk, i will have to do some additional looking when I get around to documenting it
22:24 Hell_FireW joined #salt
22:24 babilen ta
22:25 babilen hal58th: At least I know what is going on now :)
22:25 hal58th yeah, cool that we solved it
22:25 mikaelhm joined #salt
22:26 babilen The /32 is still valid though
22:26 babilen +bug
22:26 babilen Anyway, I have to sleep and you have to work :D
22:26 hal58th yes
22:26 hal58th did you write it up?
22:26 babilen I'll do that tomorrow
22:26 hal58th kk, night man
22:30 prwilson what happens if I point say, the base environment defined in pillar_roots to two different directories?  will they both be merged?  pillar_roots:\n  base:\n    - /path/to/pillar1\n    - /path/to/pillar2
22:31 illern joined #salt
22:32 Hell_FireW I would say so
22:32 _JZ__ joined #salt
22:34 enarciso joined #salt
22:35 amcorreia joined #salt
22:37 iggy MindDrive: blog post or it didn't happen
22:39 iggy prwilson: they will be merged (to the extent that pillars are normally merged... which is to say not well)
22:48 pdayton joined #salt
22:49 Jimlad joined #salt
22:51 jhauser joined #salt
22:51 Hell_FireW Trying to think of a way to get config in pillar, without defining things twice, and hopefully not wrapping states with jinja ifs
22:52 Hell_FireW But thinking the ifs will be the best way to do it, hmm
22:52 hal58th Hell_FireW, when they merge, you can specify in salt master config how they merge
22:53 Hell_FireW Ahh, different problem to the merge :)
22:53 iggy and that setting only works in newer versions
22:54 iggy Hell_FireW: example of what you're working toward? pseudo-code welcome
22:54 hal58th true, just letting him know the option exists. I sure as hell didn't know about it until someone said something here
22:55 Hell_FireW more trying to get parity between the state and pillar, so basically {% if salt['grains.get']('id') in salt['pillar.get']('openstack:keystones') %}whatever to include openstack.keystone state{% endif %}
22:56 dude051 joined #salt
22:56 Hell_FireW so I use that same pillar value for config of minions elsewhere, as well as telling a minion what to become
22:57 Hell_FireW That way, the pillar becomes the definition of config and state, and the state just does the lifting on how
22:59 f4lse joined #salt
22:59 Hell_FireW I was using grains to set roles, but wanting to move the config to pillar instead (centralising it), grains for roles worked well for testing, but I know I'll hit a scale issue
23:00 luco joined #salt
23:02 refnode_ joined #salt
23:06 f4lse hey guys, im having a simple issue with a red hat setup.  http://pastebin.com/uLxhQ2e6
23:06 clintberry joined #salt
23:07 gibmachine joined #salt
23:08 f4lse suggestions?
23:09 gibmachine hey all... Is there some way to include all state files in a folder in my top file?
23:09 robsavino joined #salt
23:09 hal58th f4lse, i'm not very good at jinja for loops with python syntax...
23:09 Hell_FireW f4lse: is groups defined in your pillar top.sls?
23:10 hal58th gibmachine, unforunately no. You have to specify each one. Or something similar where I specify a couple files and they have "includes" in those files to specify other files
23:10 f4lse H3ll_FireWL: yes it is
23:11 murrdoc joined #salt
23:12 f4lse Hell_FireW, it is defined in my top.sls pillar file
23:12 Hell_FireW Hmm
23:14 Xopher joined #salt
23:15 f4lse pillars files wont render for some reason... is this a bug
23:16 Hell_FireW actually, that's a good way to see what the minion is seeing, salt fileshare1 pillar.data will return the pillar that the minion is seeing
23:16 Hell_FireW See that your groups dict is showing up in there
23:17 cberndt joined #salt
23:19 f4lse when i went to check that i noticed my pillar file had 'group' not 'groups' and it seems to work. gonna try my users state/pillar files
23:19 f4lse :P
23:21 Hell_FireW :) hehe, that'll do it
23:25 f4lse ok my original error still exists. i make my users.sls pillar and its not showing up in the pillar data for the minion
23:25 f4lse i did a salt '*' saltutil.refresh_pillar
23:25 MindDrive Iggy: I don't have a blog!  I would need to set one up first.
23:25 iggy f4lse: probably a top.sls problem
23:25 baweaver joined #salt
23:25 iggy MindDrive: lame excuse... mailing list post then
23:26 MindDrive I could do that, as long as people don't come after me with pitchforks and torches...
23:26 gibmachine So... I'm trying to run this state, but I'm being told that the following is not formed as a single key dictionary: http://pastebin.com/raw.php?i=3ZPbe4sV
23:26 iggy it's the internet... or course that'll happen
23:27 gibmachine Correct me if I am wrong, but that is a dictionary with exactly one key... which is a list with two dicts inside it
23:27 iggy gibmachine: paste the output of "salt-call -l debug state.sls your.state"
23:27 f4lse iggy, indeed it is.  i didnt realize till now that it needs to be in the pillar top.sls file.
23:28 f4lse thx guys.  ill be in redwood city to check out the training next month
23:28 murrdoc sup iggy
23:28 iggy ssdd
23:28 nich0s joined #salt
23:29 iggy usted?
23:29 Nazca__ joined #salt
23:30 voxxit joined #salt
23:31 sunkist joined #salt
23:33 otter768 joined #salt
23:33 losh joined #salt
23:34 ALLmightySPIFF joined #salt
23:36 mikaelhm joined #salt
23:36 illern joined #salt
23:38 dillbilly joined #salt
23:42 gibmachine iggy: I figured it out... It was a watch declaration on a different state which was not a dictionary (ie. "filename" instead of - file: "filename")
23:43 iggy I'm quickly becoming "version added" nazi... They will learn
23:44 murrdoc THOU SHALT LEARN OR BURN
23:51 mosen hey salties
23:53 gibmachine howdy
23:56 murrdoc iggy:  https://i.imgur.com/HnJmvHm.gif
23:57 iggy I for one welcome our systemd overlords
23:57 gibmachine so do I
23:57 gibmachine I was just reading about it

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary