Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2015-05-01

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:09 itru joined #salt
00:09 Tyrm joined #salt
00:11 alemeno214 joined #salt
00:11 alemeno214 Quick question, is there a command that will force a minion to add its key to the master without performing a highstate?
00:12 ChesFTC alemeno214: When you start a minion it will add its key to the master?
00:12 iamfil joined #salt
00:13 blacked1 joined #salt
00:14 alemeno214 So in theory when I change the CNAME for Salt to point to our new Salt server (we're migrating from the old one), the minions should all check in automatically and add their key?
00:14 VR-Jack2 they won't disconnect and recheck dns automatically
00:15 ChesFTC alemeno214: Maybe use salt to add an at job to restart salt-minion?
00:15 alemeno214 is there a way to force that?
00:15 VR-Jack2 presuming dns cache has updated, you should be able to drop the connections from the old master and they'll reconnect to the new.
00:15 alemeno214 just restart salt-minion?
00:15 ChesFTC e.g. "at 3pm tomorrow service salt-minion restart"
00:15 VR-Jack2 restarting salt-minion best option
00:16 hemebond Minions cache the IP of the Salt master until restarted.
00:16 VR-Jack2 hemebond: was worried about that.
00:16 pelzi__ ouch, that is very evil.
00:17 hemebond Really sucks when your master is behind a dynamic IP like noip.com
00:17 ChesFTC hemebond: I'd suggest that the dynamic IP is the problem then
00:17 iamfil Does anyone know why i'm unable to use ec2.rename from runner.cloud.action? https://gist.github.com/anonymous/a9cc2d95b48256d07c2b . I end up getting 'ec2.None()' is not available. Not actioning...
00:17 pelzi__ no, assuming ip addresses never change is retarded
00:17 hemebond ChesFTC: Yes, it's definitely a problem.
00:17 pelzi__ an ip address is a locator, not an identifier.
00:18 ChesFTC Salt uses tcp, which is a permanent connection
00:18 pelzi__ innumerable amounts of brokenness ensue from people trying to use them as identifiers.
00:18 ChesFTC I'd suggest that dropping a connection to periodically test dns and reconnect is more broken
00:19 pelzi__ you keep a tcp connection open (with keepalives) and then re-resolve when it drops, and perhaps fall back to a cached address if dns is not available
00:19 ChesFTC pelzi__: That's reasonable
00:19 bhosmer_ joined #salt
00:19 hemebond There's probably a security issue with re-resolving DNS.
00:19 pelzi__ no, if you are trusting dns, that is your security issue right there.
00:20 aquassaut joined #salt
00:20 amcorreia joined #salt
00:20 ChesFTC pelzi__: Aren't you arguing against yourself there?
00:20 VR-Jack2 pelzi is just saying that there's no additional risk
00:21 pelzi__ if you are worried about dns security, the solution is dnssec, not broken applications that never re-resolve
00:21 ChesFTC I kind of agree, although dnssec
00:21 VR-Jack2 If your concern was dns resolution, additional checks don't increase the risk
00:21 hemebond If the minion re-checked DNS after an hour or so of being unable to contact the master, that'd be fine with me.
00:21 ChesFTC My concern would be more DNS breaking
00:21 ChesFTC But I don't think that this issue is restricted to salt though
00:21 pelzi__ if dns breaks, life is going to suck
00:22 ChesFTC Caching lookups is a problem for all sorts of things
00:22 gladiatr joined #salt
00:23 pelzi__ apps should just use the ttl that you get from dns lookups, or not cache at all, except maybe as a belt-and-suspenders fallback if dns breaks, which may be appropriate in case of salt, and less so in other apps
00:23 pelzi__ but even the most basic daemons like ntp have issues with this :)
00:24 alemeno214 thanks guys
00:25 ChesFTC pelzi__: Could that be because from memory the standard C library calls (gethostbyname etc) don't return TTL?
00:25 pelzi__ the ntp pool does not have dynamically addressed servers; yet it is a problem that you keep getting ntp packets for ages even if you remove yourself from the pool, many implementations will keep querying you until rebooted
00:25 pelzi__ yes, it doesn't
00:25 ChesFTC That'd be most likely why this issue exists then
00:25 pelzi__ the standard library makes it unnecessarily hard to write correct apps, unfortunately
00:25 MatthewsFace joined #salt
00:25 pelzi__ you should have an api that takes a hostname and gives you a socket
00:26 pelzi__ it would have made the transition to ipv6 easy, it would make transition to SRV easier, and it would remove shitloads of boilerplate code
00:27 pelzi__ sadly, we just re-worked all apps to do the same silliness with ipv6 support even though the majority of them really don't want to care about such low level details
00:29 pelzi__ anyway, with salt you can work around this because you can restart the minions, so it does not hurt so much
00:29 ChesFTC No, it's fairly convenient really
00:29 ChesFTC Changing the IP of a root nameserver on the other hand... (let's pretend anycast doesn't exist)
00:30 pelzi__ that will take 100 years or so for the old root hints to fade away
00:30 VR-Jack2 hints file? What's that?
00:31 pelzi__ resolvers will pick up new root servers if even one of the hints is valid, tho
00:31 pelzi__ but you can't retire any of the addresses in a way that allows $badguy to get them
00:31 pelzi__ (until dnssec happens)
00:33 pelzi__ but for almost anything except root dns, ip address changes should not hurt, and it is very unfortunate that most software screws this up
00:34 VR-Jack2 too bad they didn't just make sctp the only ipv6 transport.
00:35 blacked1 joined #salt
00:35 pelzi__ then nobody would use ipv6
00:35 VR-Jack2 which is sad. combined, they'd be perfect
00:35 ChesFTC Realistically very few use ipv6 still anyway
00:35 pelzi__ only google, facebook, et al
00:35 pelzi__ which are easily 50% or more of bytes for an access isp
00:36 ChesFTC How many of those access isps support it though, vs how many of them access those sites via ipv4 instead?
00:36 pelzi__ deutsche telekom, most us wireless carriers, et al
00:36 pelzi__ a lot has happened in the past year
00:37 pelzi__ some us mobile carriers even have had ipv6 only handsets for a while.
00:37 ChesFTC Not in Australia yet to my knowledge
00:37 pelzi__ nat starts to hurt when you need so many instances of 10/8 to fit all your clients.
00:38 solidsnack joined #salt
00:38 ChesFTC I haven't even used any ISP here (mobile included) that doesn't give out a public ipv4
00:38 bfoxwell joined #salt
00:38 pelzi__ well, the next billion internet users are not going to get unique v4 addresses
00:38 ChesFTC And I used to work at a wholesale ISP (that said, they are starting to support ipv6 for transit, although not for any of their retail customers)
00:39 pelzi__ if an ISP does not have ipv6 transit in 2015, they are 5 years behind and not a serious player imo
00:39 pelzi__ for access, it will take 10 or 20 years to forklift out all the gear that does not do ipv6
00:40 ChesFTC I think you're overestimating the time there
00:40 VR-Jack2 which is a lot because of all the idiots that blocked all multicast in their access gear code.
00:40 ChesFTC I'm pretty sure that most of the access stuff I've used within the last 10 years mostly supported it
00:41 ChesFTC It's just the chicken and egg problem
00:41 pelzi__ I'm having a hard time sourcing gear that supports it even now.
00:41 pelzi__ with pppoe it works, for ethernet access even cisco is so-so
00:41 ChesFTC Until you either can't access something significant on ipv4 or you've run out of addresses, there's little pressure to move
00:42 SheetiS1 joined #salt
00:42 VR-Jack2 the asr9k isn't too bad on the ipoe v6. Not as mature as the v4, though
00:42 pelzi__ yes, there is no problem if you run vlan/pseudowire per customer to the edge, which does not scale for residential access
00:43 VR-Jack2 significant is relative. If you start having a decent percentage of customers that can't access 1 site they want, but they can somewhere else, it will be presure
00:43 VR-Jack2 pelzi: hmmm? I like my q-in-q per customer setup. Always worked fine for me.
00:43 pelzi__ v4 nat is going to get progressively more expensive and user-experience-degrading
00:44 pelzi__ usually routers will not scale very far above 10k subinterfaces
00:44 VR-Jack2 auto-configuration is great.
00:45 VR-Jack2 forget what asr called it.
00:45 pelzi__ unnumbered vlans?
00:45 pelzi__ in .fi all residential dsl is shared vlan, so each and every access port needs to do dhcp snooping/option82 and ip source guard. which is not even very well specified :)
00:45 VR-Jack2 nah. it's a dynamic sub interface based on incoming packets on a q-in-q tunnel
00:46 VR-Jack2 pelzi: that's why I avoid those when I can. In addition, much of that gear blocked multicast, which killed ipv6
00:46 pelzi__ allowing multicast opens up another can of worms
00:47 VR-Jack2 yeah, though tunneling does help. I just don't like PPPoE overhead. vlan tags are good enough for me.
00:47 pelzi__ you need to disable mld snooping for the neighbor discovery multicast clusterfuck, or anyone can fill up your mcast table by configuring continuous ipv6 addresses which map to different multicast groups.
00:48 pelzi__ unfortunately, I am not sure if even cisco still does this
00:48 pelzi__ so if you need multicast for anything, ipv6 is almost a no-no.
00:49 VR-Jack2 supposed to get an asr9k in the next month. hope it can at least do what my junipers do
00:50 pelzi__ every router has its warts, but cisco has improved by leaps and bounds
00:50 VR-Jack2 yeah. looks like the 9k is doing better. Still, I have specific layouts I like. using their try before buy plan
00:51 VR-Jack2 small customer, so if they dynamically allocate subints, I can live with 8k. Static subints, I'll need roughly 32k.
00:52 monkey- joined #salt
00:52 pelzi__ 32k static should definitely be doable, but the config gets large and the router gets slow.
00:52 pelzi__ in .fi they like to terminate 100k or 200k customers to one box, with pseudowires, for reasons I have never really understood
00:53 VR-Jack2 yeah. I did read that they have new support for dynamic, though. Similar to juniper's auto-configuration. So I can specify the vlan tag ranges, and it'll create the subint only when it needs it
00:53 ageorgop joined #salt
00:53 VR-Jack2 record details stored in radius, of course.
00:54 irctc248 joined #salt
00:55 pelzi__ yeah, there is no technical reason why you couldn't scale to hundreds of thousands of pseudowires per box
00:55 VR-Jack2 we use sspp (s=slot, p=port) ctag allocations. Makes it very easy on record keeping
00:57 pelzi__ that's what I do, but if you buy wholesale access from a .fi telco you either get a shared vlan or pay extra and get a dedicated one per customer, sometimes with multicast, sometimes not
00:58 pelzi__ and because of iptv, they can't allow multicast on a lot of gear, because multicast state limits are global and v6 will eat at them even more rapidly when you have it in many vlans, and practically no gear allows any kind of limits on mcast listeners
00:59 pelzi__ and a lot of gear either starts working very weirdly, or just ignores any new listeners when full, and even if they resorted to flooding, it would fill up all the dsl lines :)
01:00 blacked joined #salt
01:00 pelzi__ the solution (always flood solicited-node addresses and ignore all listener reports about them) is trivial but no vendor does it
01:02 VR-Jack2 yeah. That's one reason I avoided the shared. isolation helps with the multicast
01:02 VR-Jack2 also helps with mac limitations on some access gear
01:03 VR-Jack2 flooding is fine when it's 1 customer, 1 vlan
01:03 pelzi__ yes, assuming you can disable mac learning if you do qinq on l2 gear
01:03 pelzi__ otherwise you need to statically configure router macs on uplink ports, or any customer can DoS the whole s-vlan
01:03 blacked1 joined #salt
01:03 VR-Jack2 yeah. that's sometimes an issue with access gear as well. I've had trouble turning off snooping and security measures on some gear
01:04 cztanu hey guys, I need some ammunition for an argument. I can't find any equivalents of salt-mine in Chef, is that because there isn't one?
01:04 cztanu So, if I wanted to populate a zonefile with A records of all of my minions (using mine.get of course), I would not be able to do this with Chef, as far as anyone here is aware... surely there is somebody here with chef exp that can tell me ? :)
01:06 VR-Jack2 Not completely sure, but I'd suspect there is at least something similar. I've always considered Chef to be in the Puppet class, with bloat and complexity.
01:10 bVector anyone know if salt-minion can be put into coreos [not docker container]
01:12 mosen bVector: don't know, depends if you can install python into CoreOS somehow
01:12 hasues joined #salt
01:12 hasues left #salt
01:17 otter768 joined #salt
01:24 dingo i thought chef's salt-mine equivalent was "databags", cztanu ?
01:31 subsignal joined #salt
01:31 cztanu I'll check it out dingo, so far it looks like that may be the one, damn :P
01:32 XenophonF joined #salt
01:33 XenophonF left #salt
01:37 thomas joined #salt
01:39 fxhp joined #salt
01:40 rocket joined #salt
01:51 murrdoc joined #salt
01:53 ChesFTC I've got a question prior to submitting a pull request if any salt devs are available?
01:57 pfallenop joined #salt
01:57 darvon joined #salt
01:57 dingo cztanu: as a former chef user, the important thing about salt is its declaritive definition of state, wheras chef is really just a fancy DSL for writing shell scripts, without as much shell scripting, more or less
01:58 dingo it also happens to run a lot faster, if you're into that
02:00 dingo if you understand the state a machine can be in, just by the bits available on a hard disk, you're looking at more atoms than the world's ocean as possible states
02:00 VR-Jack2 dingo: eww. I thought it took after puppet in the states department
02:02 dingo somebody wrote a nice comparison that was favorable to salt, i can't seem to find it now, though
02:02 hemebond dingo: There are quite a few of those around :-)
02:03 dingo so i noticed, hehe
02:03 hellome joined #salt
02:14 rocket joined #salt
02:20 bhosmer joined #salt
02:30 SheetiS joined #salt
02:31 Furao joined #salt
02:37 SeeDickCode joined #salt
02:47 donmichelangelo joined #salt
02:47 atoponce joined #salt
03:20 FeatherKing joined #salt
03:22 amcorreia joined #salt
03:44 relicanth joined #salt
03:46 Tyrm joined #salt
03:50 qpst joined #salt
04:01 echo joined #salt
04:02 echo_ joined #salt
04:03 lietu joined #salt
04:04 solidsnack joined #salt
04:14 terratoma joined #salt
04:17 Hell_Fire_ joined #salt
04:20 StDiluted joined #salt
04:21 bhosmer joined #salt
04:28 JlRd joined #salt
04:30 mikeywaites joined #salt
04:30 blacked joined #salt
04:30 otter768 joined #salt
04:31 Zachary_DuBois joined #salt
04:34 blacked1 joined #salt
04:35 lempa joined #salt
04:38 writtenoff joined #salt
04:46 druonysus joined #salt
04:46 druonysus joined #salt
04:52 JlRd joined #salt
04:56 cygnetix joined #salt
04:59 badon joined #salt
05:25 Hell_Fire joined #salt
05:38 penguinpowernz joined #salt
05:39 solidsnack joined #salt
05:39 loz-- joined #salt
05:40 hasues joined #salt
05:42 hasues left #salt
05:43 pickledpig joined #salt
05:44 pickledpig Hey all
05:44 pickledpig I installed salt from git
05:44 pickledpig is there a convenient way to upgrade salt w/o using the package management?
05:53 __number5__ pickledpig: what do you mean by 'package management'?
05:56 Hell_Fire_ joined #salt
06:00 iggy reinstall from git
06:00 cztanu joined #salt
06:01 iggy ChesFTC: there are very few devs in here on a regular basis, and even fewer still outside of work hours
06:09 lietu- joined #salt
06:14 Hell_Fire_ joined #salt
06:17 kawa2014 joined #salt
06:21 bhosmer joined #salt
06:23 ajw0100 joined #salt
06:26 mosen iggy: just volunteers/git PR people like yourself I guess :)
06:28 KermitTheFragger joined #salt
06:33 enarciso joined #salt
06:34 Eureka_ joined #salt
06:38 Hell_Fire_ joined #salt
06:41 otter768 joined #salt
06:45 ingwaem joined #salt
06:46 ingwaem left #salt
06:48 evle joined #salt
06:49 Hell_Fire_ joined #salt
06:54 Hell_Fire_ joined #salt
07:01 Hell_Fire_ joined #salt
07:01 iggy yep, sadly just me
07:07 ChesFTC iggy: Work hours where?
07:14 enarciso joined #salt
07:15 teogop joined #salt
07:26 siciliansun joined #salt
07:32 ktosiek joined #salt
07:39 mikeywaites joined #salt
07:41 Hell_Fire_ joined #salt
07:41 siciliansun1 joined #salt
07:45 Hell_Fire_ joined #salt
07:49 JlRd joined #salt
07:51 Hell_Fire_ joined #salt
07:57 chiui joined #salt
07:57 Hell_Fire joined #salt
08:01 tyler-baker joined #salt
08:05 Hell_Fire joined #salt
08:07 Xevian joined #salt
08:08 CeBe joined #salt
08:14 leev joined #salt
08:15 vincent_vdk joined #salt
08:16 Hell_Fire joined #salt
08:19 bluenemo joined #salt
08:23 bhosmer joined #salt
08:30 _JZ_ joined #salt
08:33 alexanderilyin joined #salt
08:34 Hell_Fire_ joined #salt
08:42 siciliansun joined #salt
08:42 Hell_Fire_ joined #salt
08:42 otter768 joined #salt
08:47 Hell_Fire joined #salt
08:52 Hell_Fire_ joined #salt
08:56 Hell_Fire_ joined #salt
08:59 alexanderilyin joined #salt
08:59 Berty_ joined #salt
09:03 linjan joined #salt
09:04 Hell_Fire_ joined #salt
09:07 daemonkeeper joined #salt
09:07 julienlavergne joined #salt
09:09 Hell_Fire joined #salt
09:12 jopecko joined #salt
09:12 julienlavergne joined #salt
09:13 Hell_Fire joined #salt
09:17 TyrfingMjolnir joined #salt
09:22 c10 joined #salt
09:22 Hell_Fire_ joined #salt
09:26 Hell_Fire_ joined #salt
09:29 markm joined #salt
09:30 julienlavergne joined #salt
09:41 peters-tx joined #salt
09:43 siciliansun1 joined #salt
09:45 fbergroth joined #salt
09:45 fredvd joined #salt
09:49 matthew-parlette joined #salt
09:56 boredatwork joined #salt
10:01 Hell_Fire_ joined #salt
10:01 echo joined #salt
10:05 Hell_Fire_ joined #salt
10:12 julienlavergne joined #salt
10:15 a7p left #salt
10:18 Hell_Fire_ joined #salt
10:18 penguinpowernz joined #salt
10:23 julienlavergne joined #salt
10:23 bhosmer joined #salt
10:24 Hell_Fire_ joined #salt
10:25 bhosmer joined #salt
10:32 Hell_Fire_ joined #salt
10:40 Hell_Fire_ joined #salt
10:43 otter768 joined #salt
10:48 evle1 joined #salt
10:51 amcorreia joined #salt
10:52 ben_NN joined #salt
10:52 robothands joined #salt
11:06 asaladin_ joined #salt
11:07 julienlavergne joined #salt
11:07 julienlavergne left #salt
11:08 asaladin joined #salt
11:11 penguinpowernz joined #salt
11:12 al joined #salt
11:17 c10 joined #salt
11:34 Kraln joined #salt
11:35 c10 joined #salt
11:43 cygnetix joined #salt
11:55 illusionist joined #salt
11:56 illusionist Hi
11:56 illusionist I am bit confused between salt or ansible
11:56 illusionist Can I configure Salt managed system to be added to a Nagios automatically?
11:58 penguinpowernz joined #salt
11:58 bhosmer joined #salt
11:58 cygnetix illusionist: I've done this a while back and using salt mine. The answer is yes, but there's probably more than one way to do it.
11:59 illusionist Actully I have this requirement that system should be added to Nagios, should provide reports of compliance and changes and easily scalable
12:00 keimlink joined #salt
12:04 hemebond Pretty sure Salt can do its part in those things.
12:04 hemebond For Nagios (or monitoring) I just use Pillars to define checks for servers.
12:08 illusionist ok.. gr8.. thanks hemebond and cygnetix
12:09 JDiPierro joined #salt
12:14 viq joined #salt
12:19 aquassaut joined #salt
12:27 Tyrm joined #salt
12:28 Guest15 joined #salt
12:37 dyasny joined #salt
12:39 mapu joined #salt
12:41 ntropy illusionist: you can probably achieve that with either salt or ansible, it really depends on your level of imagination & skill
12:44 otter768 joined #salt
12:51 dendazen joined #salt
12:56 SpX joined #salt
12:58 pdayton joined #salt
12:59 subsignal joined #salt
12:59 cpowell joined #salt
13:04 JDiPierro joined #salt
13:06 jdesilet joined #salt
13:06 JDiPierro joined #salt
13:06 _JZ_ joined #salt
13:08 _JZ__ joined #salt
13:09 c10 joined #salt
13:11 or1gb1u3 joined #salt
13:13 FeatherKing joined #salt
13:16 bhosmer joined #salt
13:16 fusionx86 joined #salt
13:16 lempa joined #salt
13:17 cpowell joined #salt
13:18 cpowell_ joined #salt
13:18 racooper joined #salt
13:22 fredvd joined #salt
13:23 keltim_ joined #salt
13:27 alub joined #salt
13:29 catpig joined #salt
13:32 rocket joined #salt
13:40 bhosmer joined #salt
13:43 paultjuh joined #salt
13:43 paultjuh hi
13:43 paultjuh is there anyone with experience with weird pillar refresh problems
13:43 paultjuh my pillar gets rendered and parsed fine, but when I actually do a pillar.get it still only contains the old data
13:44 Brew joined #salt
13:44 hemebond paultjuh: There is a command you can run to update Pillar data on the minion.
13:44 hemebond refresh_pillar or something... lemme look it up.
13:45 paultjuh I did a highstate and a saltutil.sync_all
13:46 paultjuh mmh
13:46 hemebond Hmm, that should also do a  salt.modules.saltutil.refresh_pillar()
13:46 paultjuh refresh pillar seems to have solved the problem, weird that syncall and highstate didn't do this
13:47 hemebond That is weird.
13:47 paultjuh hopefully it is fixed in the new version, we are on an older rc
13:47 paultjuh (but newer ercs broke things)
13:48 paultjuh (but newer rcs broke things)
13:48 hemebond Ah, in my Googling for the command I did see a bug show up.
13:48 hemebond Saying sync_all didn't refresh Pillars.
13:48 hemebond So it probably is fixed.
13:48 paultjuh ah good
13:49 paultjuh still it doesn't do what I want, but that might be a different problem
13:49 yaryarrr joined #salt
13:50 ktosiek joined #salt
13:54 paultjuh mmh still strungling to understand what is failing
13:56 froztbyte docs build broken at the moment?
13:56 froztbyte Extension error:
13:56 froztbyte Unknown event name: env-before-read-docs
13:56 froztbyte make: *** [html] Error 1
13:57 froztbyte wanted to verify my changes before opening a PR, but...
13:57 hemebond froztbyte: The latest online docs appear to be broken.
13:57 hemebond Unless the thing I searched for really is empty now.
13:57 froztbyte yeah I just tried to build this on my server
13:58 froztbyte https://readthedocs.org/builds/salt/2586815/ looks like it has a similar failure
13:58 froztbyte oh well, not a rabbithole I'm keen to dive into
13:58 * froztbyte commits and opens a PR
13:59 paultjuh now there seems to be another problem, I refreshed the pillar, and pillar.get on the commandline gives the correct pillar data, but then an if in the states still uses old pillar data
14:00 paultjuh oh wait, abort that, that seems to be a stupid mistake in the state
14:00 alub left #salt
14:02 perfectsine joined #salt
14:03 mpanetta joined #salt
14:03 mpanetta joined #salt
14:08 StDiluted joined #salt
14:11 timoguin joined #salt
14:18 debian112 joined #salt
14:19 packeteer joined #salt
14:23 rojem joined #salt
14:23 c10 is there any way to make a state execute only if a certain file exists on the salt master, or somewhere on the server
14:24 iggy {% if salt['file.exists']('/path/to/local/file') %}
14:24 iggy not really a master check though
14:25 Guest15 joined #salt
14:25 c10 so {% if salt['file.exists']('salt://path/to/file') %} would not work
14:25 LtLefse_ c10: when you say "master, or the server", what's "the server"?
14:25 iggy but realistically if you change behavior based on things like that other people will likely get confused... "why didn't this state do what I think... oh, it doesn't have a file in a specific location"
14:26 iggy you're better off putting whatever state is conditional in a separate sls file and only targeting that sls to the servers that need it
14:26 murrdoc joined #salt
14:29 johndeo joined #salt
14:31 c10 iggy: The point was to add the ability to manage keys with files, and allow adding a single key without it failing: https://github.com/c10b10/users-formula/commit/d510f0b72774319ba663484c14b3ddef27e21c8a
14:31 c10 is this worth opening a pull request?
14:31 johndeo let's say a windows installer comes with a silent install file, like mine with meinberg NTP, so you can do -f silentinstallfile.ini. How to configure this silentinstallfile.ini and where to put it on the saltmaster filesystem?
14:33 iggy c10: no, you shouldn't keep your keys in salt:// paths... then any other minion can read them
14:33 c10 iggy: hm, then, how can I use this formula, and keep my keys in separate files, instead of inlining them in the users pillar?
14:34 iggy unfortunately, you can't right now
14:34 c10 i'd gladly try to implement a solution, if you have any suggestions
14:34 c10 (to how)
14:34 iggy (well, you could write a #!py pillar and read them in that way)
14:35 iggy there is at least one bug open about supporting pillar:// uri's for files
14:35 iggy I'd start there
14:35 c10 unfortunately i have no idea what a #!py pillar is
14:36 timoguin The contents_pillar argument to file.managed will let you create a file from the contents of a single Pillar entry.
14:36 timoguin Is that what we're talking about here?
14:38 murrdoc c10 read up on saltstack renderers
14:39 murrdoc the !#<word> is the renderer for an sls file
14:39 murrdoc tell salt how to parse the file
14:39 c10 timoguin: i guess that could work if i'd keep keys in a separate "keys" pillar, and then i'd be able to reference the key in the users formula for the "ssh_keys". i tried using pillar.get to do that but the indeting was wrong.
14:39 murrdoc the default mode is jinja + yaml
14:39 c10 murrdoc: i'll check them out, thanks
14:40 murrdoc it ll make snse, then u ll go crazy with it
14:41 timoguin plz don't go crazy
14:41 c10 :)
14:41 murrdoc then u ll stop and realize u have gone too far
14:41 murrdoc then u ll fight everyone who wants to make a !# renderered state/pillar
14:41 murrdoc make it a _module or _state u ll say
14:41 murrdoc or a _renderer
14:42 murrdoc all states should be jinja + yaml
14:42 murrdoc for simplicity
14:42 murrdoc 'HAVE YOU NEVER HEARD OF THE MVC PATTERN' you will yell
14:42 murrdoc then u ll give up
14:42 murrdoc and join irc
14:42 murrdoc tell other people your story
14:42 murrdoc even tho no one asked
14:43 ek6 deep breaths murrdoc...deep relaxing breaths
14:43 murrdoc brb
14:43 sandah joined #salt
14:43 murrdoc :D
14:43 tmclaugh[work] joined #salt
14:45 murrdoc then someone will link me http://foaas.herokuapp.com/madison/murrdoc/from%20everyone
14:45 otter768 joined #salt
14:46 c10 :D
14:51 c10 what if i get a multiline value with pillar.get, is there any way to make all lines indent?
14:51 murrdoc is it one big block of content?
14:51 c10 kinda, think of a private key
14:52 edrocks joined #salt
14:52 yaryarrr joined #salt
14:52 ageorgop joined #salt
14:54 Morbus joined #salt
14:55 Brew joined #salt
14:55 [7hunderbird] joined #salt
14:56 murrdoc privatekey: |
14:56 murrdoc indented text something or the other
14:59 murrdoc http://docs.saltstack.com/en/latest/ref/states/all/salt.states.file.html search for multiline
14:59 rhodgin joined #salt
15:01 c10 found the solution, i need to pipe it to the jinja indent() function
15:02 c10 now, last question, can pillars include data from other pillars?
15:02 murrdoc no
15:02 c10 meh
15:03 timoguin Yea it's a pretty major chicken-and-egg limitation
15:03 murrdoc i mean you caaaan but its a maybe in ext_pillar
15:09 murrdoc c10:  u can go aggregations and all that tho http://docs.saltstack.com/en/latest/ref/renderers/all/salt.renderers.yamlex.html
15:09 murrdoc so u can merge stuff ek6 can speak to it more
15:10 ek6 murrdoc: your a bad man
15:12 murrdoc you're
15:13 scbunn joined #salt
15:14 ek6 now its my turn to take deep relaxing breaths
15:14 JayFK joined #salt
15:15 * murrdoc slides over bag
15:16 [7hunderbird] joined #salt
15:16 ek6 better be hefty sized and full of nitrous
15:17 VSpike in a bash script, how can I loop until a test.ping succeeds? it seems to return 0 even when it fails
15:22 murrdoc you could try —out=txt or raw
15:22 murrdoc and grep for 'True'
15:24 berserk_ joined #salt
15:25 berserk_ joined #salt
15:27 iamfil joined #salt
15:28 ndrei joined #salt
15:28 vimalloc So I'm having a problem with restarting services on a watched file change.
15:29 vimalloc The yaml I'm using is this: https://gist.github.com/anonymous/dc6481193bf7fe0aaf38#file-gistfile1-yml-L11
15:29 vimalloc And when I make a changed to the watched file, this is the output: https://gist.github.com/anonymous/e220c7413a84ef21a0c6
15:29 vimalloc Any ideas on if I'm missing something stupid here, or if there is a bug or something? I'm using salt 2014.7.0 fwiw
15:31 iamfil i'm having an issue using runner.cloud.action. I'm attempting to rename a ec2 instance and it's key but it ends up failing with "'ec2.None()' is not available. Not actioning...". Not sure why. My SLS looks like: https://gist.github.com/anonymous/a9cc2d95b48256d07c2b . Anyone have any ideas? Is this supposed to work?
15:34 dynamicudpate joined #salt
15:37 SeeDickCode joined #salt
15:38 enarciso joined #salt
15:40 murrdoc joined #salt
15:41 bhosmer joined #salt
15:41 ktosiek joined #salt
15:43 dingo vimalloc: i think your 'service.running' is part of the '/usr/local/sbin/kvm-customer-daemon' file state, here
15:43 dingo insert a newline, and make a new state-name, 'kvm-customer-daemon:', and delete the service.running -name
15:44 fyb3r joined #salt
15:44 vimalloc huh, I thought -name worked like that? But I'll try that and report back in a moment. Thanks :)
15:45 paultjuh left #salt
15:45 dingo i mean, it works, its fine
15:45 dingo its just these two are grouped together
15:45 dingo i don't think it can -watch itself
15:45 _prime_ joined #salt
15:45 jalbretsen joined #salt
15:46 nzero joined #salt
15:47 vimalloc dingo: No luck :( I've updated it like such, but the output on a highstate remains the same and no restart happens: https://gist.github.com/anonymous/a254d6543c4895d36ea0
15:47 dingo hmm let me check mine, I'm definitely running a much newer version of salt
15:48 vimalloc thanks :) We are planning on upgrading ours next week, so if it is just a bug I'm happy to wait it out.
15:48 murrdoc add a -restart: True
15:48 murrdoc to the service state
15:50 vimalloc murrdoc: No luck with that
15:50 ageorgop joined #salt
15:51 murrdoc vimalloc:  https://gist.github.com/anonymous/a254d6543c4895d36ea0
15:51 murrdoc try that
15:51 perfectsine joined #salt
15:52 stoogenmeyer joined #salt
15:53 c10 iggy: what about this: https://github.com/c10b10/users-formula/commit/031d6ce81f11371dfafeff32ad67ed528c0f79cd ?
15:55 berserk_ joined #salt
15:57 vimalloc murrdoc: No luck with that either. Same output on a highstate with the file changed
15:57 vimalloc It is supposed to restart the daemon by calling /etc/init.d/kvm-customer-daemon restart (or service restart...) right?
15:58 murrdoc if thats the service name
15:58 murrdoc yes it will restart using /etc/init.d/kvm-customer-daemon
15:58 dingo the only difference with my own is that the file it depends on is both a 'require' and a 'watch'
15:59 dingo so you can try that, but i think because of your order it wouldn't matter
15:59 gladiatr joined #salt
15:59 dingo it might be a bug, you can browse the changelogs perhaps
16:00 dingo or just quickly upgrade salt and give it another try and see
16:00 ktosiek joined #salt
16:04 bluenemo joined #salt
16:04 bluenemo joined #salt
16:05 borgstrom joined #salt
16:08 tmh1999 joined #salt
16:09 iggy c10: looks sane enough... that's not a formula I use though
16:10 c10 i see
16:10 iggy c10: seems like that could lead to pillar namespace pollution pretty quick if someone wasn't careful
16:12 CeBe1 joined #salt
16:12 ageorgop joined #salt
16:13 c10 lets call it temporary until "pillar://" is implemented :)
16:13 bemehow joined #salt
16:17 KyleG joined #salt
16:17 KyleG joined #salt
16:17 murrdoc joined #salt
16:20 zer0def joined #salt
16:20 edrocks joined #salt
16:20 writtenoff joined #salt
16:20 snarfy joined #salt
16:20 dharper_ii has anybody seen pillar.get and pillar.item get out of sync, even after a saltutil.sync_all
16:22 solidsnack joined #salt
16:23 dharper_ii The master finally synced up when I restarted the minion, but I still want to understand why that happened. Any insight would be appreciated!
16:24 ALLmightySPIFF joined #salt
16:24 writtenoff joined #salt
16:24 spookah joined #salt
16:25 dalexander joined #salt
16:25 ek6 dharper_ii: i have but i almost consider it expected with what i was doing with multimaster
16:26 bemehow_ joined #salt
16:27 VR-Jack2 dharper_ii: next time might try saltutil.refresh_pillar. I'd think sync_all would work, but I've seen mention where people have run both.
16:31 theologian joined #salt
16:32 ec3 anyone here use gitfs ?
16:33 smcquay joined #salt
16:34 ek6 ec3: sure
16:34 ktosiek joined #salt
16:35 dharper_ii VR-Jack2: I did that. In the code it seems that pillar.get uses the built in dict __pillar__ and pillar.items make the call to the master. The odd thing was salt-call (on the minion) returned the proper data for pillar.get, but running salt from the master seemed to be stale
16:36 ckao joined #salt
16:37 jonher937 ec3: Yep
16:37 bluenemo joined #salt
16:39 dojobonobo joined #salt
16:39 ec3 does gitfs create a local repo of the modules ?
16:39 dojobonobo Is it possible to add a route without specifying an interface?
16:39 dojobonobo using network.routes that is
16:40 ageorgop joined #salt
16:40 ec3 I see there's a /srv/salt/var/cache/salt/master/gitfs
16:41 krobin left #salt
16:41 ec3 but that doesn't tell me the status of my modules
16:41 ec3 for example, I'd like to use https://github.com/saltstack/salt-vim
16:45 babilen ec3: That is an editor plugin. You use it to adapt vim's default behaviour in such a way that you can write salt states more easily. I don't quite see how that is related to GitFS
16:46 otter768 joined #salt
16:46 Setsuna666 joined #salt
16:47 ec3 babilen: I'm using gitfs to pull it down
16:47 ec3 I thought . . .
16:48 Setsuna666 Anyone know if it is possible to run the highstate from the minion cache ?
16:48 ec3 perhaps I don't understand what gitfs is for
16:48 ec3 I thought it was used to get access to third party modules like we did at my last job using puppet forge
16:49 babilen ec3: Yeah, but whatfor?
16:49 ec3 please enlighten me if this is not a good analog
16:49 ec3 what for? I don't understand.
16:50 ec3 "to make the module available"
16:50 murrdoc joined #salt
16:50 babilen ec3: I mean I can totally understand that you'd use formulas such as those hosted on https://github.com/saltstack-formulas/, but salt-vim is a vim plugin that you would install with, say, pathogen
16:50 ec3 ok forget that one.
16:51 Deevolution left #salt
16:51 babilen which one? ;)
16:51 Deevolution joined #salt
16:51 ec3 babilen: how about https://github.com/saltstack-formulas/epel-formula
16:51 doug mmm, puppet forge
16:52 doug http://upload.wikimedia.org/wikipedia/commons/3/35/Zozobra_burning_2005.jpg
16:52 ec3 I want epel to be installed on my Centos machines
16:52 al joined #salt
16:52 babilen ec3: yes, that makes a lot more sense
16:53 aparsons joined #salt
16:53 ec3 so how can I verify the module is available on the master so I can push it  to the minions?
16:54 murrdoc joined #salt
16:55 pdayton joined #salt
16:57 solidsnack joined #salt
16:57 babilen ec3: You could run "salt 'someminion' cp.list_master" which would list all files stored on the master, for example.
16:58 babilen But salt would complain bitterly if you try to use a SLS file that is not available
16:59 al joined #salt
17:04 nzero joined #salt
17:11 pdayton joined #salt
17:14 bemehow joined #salt
17:16 rocket_ joined #salt
17:18 bemehow_ joined #salt
17:19 spookah joined #salt
17:24 spookah joined #salt
17:25 hemphill joined #salt
17:25 tadasZ joined #salt
17:25 mhubbard joined #salt
17:26 mhubbard joined #salt
17:28 hemphill I have a state that adds a repo, i had put require_in in the repo state pointing at the package. When I try to run the repo state without the package it balks about extending an ID. Removing the require_in makes it run fine to add the repo. What am I missing? Why would a state that has a require_in require the thing it is pointing at, that seems exactly backwards from what the docs state that require_in does
17:28 solidsnack joined #salt
17:31 VR-Jack2 try reordering them in the sls file. Just a guess, but it may need to see the id in the file before the required_in references it
17:32 hemphill The states are in separate sly files
17:32 hemphill sls...
17:32 VR-Jack2 did you do an include?
17:33 hemphill The default is an init that points to the repo and a package file, in this instance I was just trying to add the repo to a system
17:34 hemphill It seems likely that it is looking for the require_in target before it can run the state, which is backwards from what they are intending
17:34 VR-Jack2 if one file references an id in another file, it needs to be included
17:35 hemphill The target state should be the one doing the check not the other. This saying if A requires B therefor B can't be installed without A?
17:36 Fiber^ joined #salt
17:36 VR-Jack2 no. it says, A says B requires it. Who's B? We don't have a B!
17:36 VR-Jack2 Think of it like variable declarations. You can't use one until it's defined
17:37 BretFisher joined #salt
17:37 rojem joined #salt
17:37 hemphill I can work around it easy enough, but what the docs describe and what is happening are very different. Instead of setting up a one way dependency it forces both
17:38 VR-Jack2 It doesn't
17:38 VR-Jack2 It is requiring that you define the state. The state doesn't have to run.
17:38 thayne joined #salt
17:39 ageorgop joined #salt
17:39 ALLmightySPIFF joined #salt
17:40 BretFisher Is there a way to test a jinja template without applying it to a minion?
17:40 VR-Jack2 The point of required_in, is that you can add a state and have something require it. You still have to have that something defined where the processor can see it. Thus they do import/include type syntax.
17:40 VR-Jack2 Bret: run with test=True?
17:41 lempa joined #salt
17:41 BretFisher VR-Jack2: NICE, I can't seem to get this simple template to list server IP's and getting a jinja error, thanks.
17:41 kunersdorf joined #salt
17:42 hemphill Gotcha.  So pretty much if something requires something else it should always get packaged together.
17:42 bhosmer_ joined #salt
17:42 VR-Jack2 or you should import the other file so you can see the definitition in the current file
17:44 VR-Jack2 Not really. include is designed to allow them to be separate. http://docs.saltstack.com/en/latest/ref/states/include.html
17:46 jonatas_oliveira joined #salt
17:46 iggy basepi: the docs are missing modules again
17:46 iggy basepi: (pkgrepo in this case)
17:46 basepi again?
17:47 basepi Wasn't aware there was a problem before...
17:47 iggy it's happened before
17:47 iggy http://docs.saltstack.com/en/latest/ref/states/all/salt.states.pkgrepo.html
17:47 bVector that basepi guy, always forgetting about the missing modules
17:47 iggy blank page, and it doesn't show up in the index
17:47 basepi huh.
17:47 basepi File an issue please?
17:48 iggy I'm scared you guys are going to stop paying attention to all my bug reports
17:48 or1gb1u3 left #salt
17:48 bVector tagged as: typical iggy/wontfix
17:48 basepi Don't worry -- we don't pay attention to anyone's. xD
17:48 hemphill I am using an init.sls that includes a repo.sls and a package.sls, I have been declaring the require_in in the repo talking about the packages it is required for. It sounds like this just not how it was intended to be used
17:49 krelo joined #salt
17:49 bVector hemphill, no you're using it properly, you just have to include the other state !definition!
17:49 bVector not the state, just the definition
17:50 edrocks is there an option to run something on x minions at a time? I saw an option for it a while ago but I cant find it
17:50 bVector just use include bro, itll all be ok
17:50 hemphill then that installs which I am not wanting
17:50 iggy edrocks: -b (batch)
17:50 edrocks iggy: thank you!
17:51 iggy hemphill: paste the states
17:53 teogop joined #salt
17:54 druonysus joined #salt
17:54 druonysus joined #salt
17:54 bemehow joined #salt
17:59 VR-Jack2 hemphill: read the require_in part, especially using multiple files. note the include: http://docs.saltstack.com/en/latest/ref/states/requisites.html
18:00 spookah joined #salt
18:02 VR-Jack2 I suspect optional states would require some fancy jinja work. ie, I always run, but state blah may not be defined.
18:02 bVector or just require the repo sls file from within the package state
18:03 baweaver joined #salt
18:06 spookah joined #salt
18:06 VR-Jack2 it's never pretty when you want. A must require B if A and B exist, otherwise, A or B can run independently
18:09 druonysuse joined #salt
18:13 VR-Jack2 the manual way is a glue state that requires B and require_in A. If running A and B load the intermediate state. I'm sure that can be jinja'd, too
18:16 eightyeight does anyone have a 2014.7.5-1.el5 rpm for salt and salt-minion packages?
18:17 eightyeight all i can find are el6 on koji
18:18 chri5p joined #salt
18:18 iggy poor poor soul
18:19 isomer joined #salt
18:19 VR-Jack2 us salt, and bootstrap el6. :)
18:19 eightyeight ?
18:19 eightyeight VR-Jack2: wishful thinking. :)
18:20 isomer left #salt
18:20 VR-Jack2 eightyeight: The only reason I'm using salt is so I can upgrade to el7 safely.
18:20 eightyeight i'm using salt to manage configuration of servers
18:20 eightyeight which includes some centos 5
18:20 toddnni joined #salt
18:21 eightyeight also, fwiw, the 2014.7.5 packages for ubuntu lucid are broken. trusty works fine. i'll get pastebins.
18:22 eightyeight paste #1: http://ae7.st/p/1gt
18:22 ajw0100 joined #salt
18:22 eightyeight paste #2: http://ae7.st/p/09i
18:23 eightyeight (it's missing the leading hash for a comment on the 2nd line)
18:24 iggy tell joehh
18:24 eightyeight joehh: ^
18:25 thayne joined #salt
18:27 chri5p does the file.mkdir just create the directory with ownership and permissions if it does not already exist?
18:27 bVector I would imagine it would change the permissions if the dir already exists
18:27 bVector if thats what you're asking
18:28 iggy file.mkdir is a module, it wouldn't change anything if it existed (vs file.directory state that would)
18:29 bVector oh hmm
18:30 ndrei joined #salt
18:32 dendazen We integrated salt here with foreman, so it shows reports and you can create states in foreman, is it worth looking into SaltStack Enterprise UI?
18:32 fusionx86 joined #salt
18:33 alexanderilyin joined #salt
18:35 perfectsine joined #salt
18:35 VR-Jack2 dendazen: how was the integration? Is it as good as foreman/puppet?
18:35 dendazen not that good, but in my opinion good enough
18:35 dendazen you have reports for each runs
18:36 joeto joined #salt
18:36 dendazen you can assign different states to different host groups, all that good stuff foreman had for puppet.
18:36 VR-Jack2 hmm. I'll look into it then. My original concept was to either do foreman/puppet or go with saltstack
18:36 bVector dendazen: did you watch the saltstack enterprise UI video?
18:37 dendazen no, but i contacted them, and they said that they can do a demo fro us.
18:37 bVector theres a video on the tubes
18:37 bVector also, they said they'd be curating states for enterprise release
18:38 bVector so thats a plus for their UI
18:38 bVector aka big 0day release they'll put out a scan or fix state
18:38 bVector I'll get a link to the video
18:40 markm_ joined #salt
18:41 mpanetta joined #salt
18:41 stanchan joined #salt
18:41 BretFisher Trying to troubleshoot simple 3-line jinja template from docs but it's not working, would appreciate another set of eyes: https://gist.github.com/BretFisher/5be22f2df7b81bee9f38
18:42 mpanetta joined #salt
18:42 chri5p joined #salt
18:42 chri5p TY to whomever answered my previous question...my VM locked and had to reboot it so wanted to say thanks
18:43 mikeywaites joined #salt
18:43 hemphill thanks guys, life has intervened and I have to run for now. Have a good afternoon everyone
18:44 VR-Jack2 I didn't think source templates could access variables directly. They had to be passed from the state call
18:44 BretFisher I would have thought getting a list of IP's from minions would have been easy, but tried all different ways with no dice
18:44 chri5p to elaborate (and repeat the original question): when I used file.mkdir then it will create the directory and I can define owner/group/etc...by default does it only do it to that directory and not sub directories?
18:44 jonher937 bVector: I'd also be interested in a link for the Saltstack Enterprise UI
18:44 spookah joined #salt
18:44 bVector sent
18:45 VR-Jack2 BretFisher: I could be wrong, but I think you have to pass info from file.managed into the jinja template.
18:46 berserk joined #salt
18:47 VR-Jack2 BretFisher: "If using a template, any user-defined template variables in the file defined in source must be passed in using the defaults and/or context arguments." via http://docs.saltstack.com/en/latest/ref/states/all/salt.states.file.html
18:47 bVector BretFisher: you're missing the ['eth0'] third variable
18:47 otter768 joined #salt
18:47 VR-Jack2 mine isn't exactly user defined, though.
18:48 BretFisher bVector: sorry, bad cut/paste, gist is updated, if eth0 is in there, that's what causes the 'items' error
18:49 BretFisher it's straight out of docs so figured it would work
18:49 BretFisher VR-Jack2: thanks, reading
18:49 bVector run salt 'whatever' mine.get '*' network.interfaces on the command line
18:49 bVector maybe its returning a string instead of a dict
18:50 bVector perhaps an error message
18:50 BretFisher it's empty
18:50 bVector sorry mine.get '*' network.interfaces eth0
18:50 BretFisher still empty
18:50 bVector then thats whats going to get returned in the jinja
18:50 bVector possibly an empty string
18:51 BretFisher ok, that's a key troubleshooting step, thanks bVector
18:51 bVector np
18:51 cpowell joined #salt
18:51 iggy A. you don't specify options in the mine call
18:52 iggy B. you have to have the mine setup prior (mine_functions, mine_interval, etc)
18:52 cpowell joined #salt
18:52 iggy i.e.  eth0 shouldn't be anywhere in a mine.get call
18:52 VR-Jack2 He's probably missing the setup
18:52 Miouge joined #salt
18:52 ndrei joined #salt
18:53 iggy well, they are definitely doing the call wrong too, so...
18:53 BretFisher iggy I pulled from block right above this heading http://docs.saltstack.com/en/latest/topics/reactor/#a-complete-example
18:53 VR-Jack2 A lot of people do, as mine gets used in a lot of examples, but I think there's only one or two spots that mention setting it up
18:53 signull joined #salt
18:53 BretFisher ahh, ok, hmm
18:53 borgstrom joined #salt
18:53 BretFisher so yea salt '*' mine.get '*' network.interfaces
18:53 BretFisher that returns no IP's
18:53 BretFisher just server names
18:54 VR-Jack2 mine setup is done on the minion side, fwiw.
18:54 iggy that's document is wrong
18:54 BretFisher http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.mine.html
18:54 XenophonF joined #salt
18:54 BretFisher seems to indicate it just works :)
18:55 iggy feel free to file a docs bug, but that is definitely not the case
18:56 Miouge Anyone using Salt Enterprise over here ?
18:56 bVector yeah I'm looking at the salt get code, does not take a third variable
18:56 VR-Jack2 BretFisher: Read this one. http://docs.saltstack.com/en/latest/topics/mine/index.html
18:56 BretFisher iggy: yea that reactor page is very long, I haven't read it all
18:56 BretFisher FYI on v2015.2.0rc2
18:56 BretFisher "testing only"
18:57 BretFisher figured by the time i figure this out, 2015.2 will be out :)
18:57 iggy lol
18:58 iggy famous last words
18:58 iggy that's what I said at the end of march
18:59 VR-Jack2 and even when it is, there will be the serious of patches following due to issues caused in the rush to finalize
18:59 iggy even if you could pass args to functions like that in mine.get calls... network.interfaces doesn't take any args
18:59 BretFisher ok so by default mine is empty on master?
18:59 iggy yes
18:59 VR-Jack2 until the minions are setup
18:59 iggy and hit their first mine_interval
19:00 joeto joined #salt
19:02 BretFisher sounds like we need a tutorial "getting the IP of minion into a file.managed" when I'm done :)
19:05 BretFisher So maybe I should backup and ask, is this approach the best way to get IP's of minions into common file.managed?  Deploying things like apache, mongodb, nginx where i want to specify IP's in config files... feels like this is harder then it should be and wondering if that's my fault
19:05 borgstrom joined #salt
19:06 signull joined #salt
19:06 XenophonF BretFisher: iirc the ipv4 and ipv6 pillars have the minion's current ip addresses in them
19:06 cheus Anyone have a best practice for combining two files on a minion filesystem via the file module?
19:07 hasues joined #salt
19:07 XenophonF BretFisher: however, i usually put those things into pillar keys and use jinja to fill in the blanks
19:07 hasues left #salt
19:11 baweaver joined #salt
19:11 BretFisher XenophonF: thanks, don't have any pillars yet, though read up on them. don't see that here: http://docs.saltstack.com/en/latest/ref/pillar/all/index.html#all-salt-pillars
19:12 murrdoc joined #salt
19:12 BretFisher was under assumption pillars were for static values, and considered IP dynamic so thought mine was the goto
19:12 XenophonF BretFisher: that's because i'm an idiot, and i meant the ipv4 and ipv6 grains
19:12 XenophonF sorry about that
19:12 BretFisher NP :)
19:12 ajw0100 joined #salt
19:12 VR-Jack2 There's some information on grains, which seems to work okay.
19:12 BretFisher found this, which lead me to mine.get as well: http://stackoverflow.com/questions/17158665/how-to-get-a-list-of-all-salt-minions-in-a-template
19:13 VR-Jack2 mine functions and grains work differently, though.
19:15 murrdoc joined #salt
19:16 VR-Jack2 primarily, grains are static in nature.
19:16 BretFisher VR-Jack2: you got something on using grains inside jinja templates?
19:17 BretFisher I've used grains in sls a lot
19:17 joeto joined #salt
19:17 BretFisher for os/role selection, just not in .jinja files
19:17 VR-Jack2 http://docs.saltstack.com/en/latest/topics/targeting/grains.html
19:17 VR-Jack2 salt['grains.get']() format
19:20 XenophonF left #salt
19:20 mapu joined #salt
19:22 WesleyTech joined #salt
19:24 WesleyTech Howdy! How do you target grain1 OR grain2 using a Salt command?  salt -G 'grain1:grainvalue' OR 'grain1:grainvalue2'   ?
19:27 CeBe1 joined #salt
19:28 druonysuse joined #salt
19:28 druonysuse joined #salt
19:29 murrdoc salt -G 'grain1:grainvalue or grain1:grainvalue2' test.ping ?
19:29 hybridpollo joined #salt
19:30 WesleyTech that doesn't seem to work
19:32 perfectsine_ joined #salt
19:34 spookah joined #salt
19:34 VR-Jack2 WesleyTech, works for me. from grains example page. salt -G 'cpuarch:x86_64' grains.item num_cpus
19:34 WesleyTech but that's not an OR
19:34 WesleyTech I'd like to target all machines having either of 2 grain values
19:35 snarfy joined #salt
19:36 Zachary_DuBois joined #salt
19:37 VR-Jack2 compound matcher
19:37 VR-Jack2 salt -C 'webserv* and G@os:Debian or E@web-dc1-srv.*' test.ping
19:37 VR-Jack2 in the salt manpage under compound matcher
19:38 VR-Jack2 G@ is grains, so you can specify two of those with an or joiner
19:38 BretFisher ok this example has helped put it together for mine setup and template minion IP's, almost there: http://docs.saltstack.com/en/latest/topics/mine/#example
19:39 WesleyTech thanks
19:39 WesleyTech I was missing the -C  and @G to use a compound command
19:40 Zachary_DuBois joined #salt
19:41 WesleyTech booyah, works, thanks!
19:41 murrdoc booyah
19:43 bhosmer_ joined #salt
19:43 VR-Jack2 yw
19:44 Zachary_DuBois joined #salt
19:45 spookah joined #salt
19:49 sjwoodr joined #salt
19:52 MaliutaLap joined #salt
19:52 druonysuse joined #salt
19:52 aparsons joined #salt
19:53 sjwoodr Hey guys, all of a sudden I started getting a salt-cloud error.   "salt-cloud: error: There was a profile error: A wrong password has been issued while establishing ssh session" .... but I can immediately do a state.highstate on that just-provisioned minion, and it works fine.
19:53 sjwoodr any ideas?
19:55 VR-Jack2 password changed so ssh side doesn't work, but zeroMQ does?
19:55 sjwoodr we use a key anyway, there's never a password being used
20:00 ndrei joined #salt
20:00 cheus Hey, just wondering if something happened to the pkgrepo module? I didn't see a deprecation message but its oddly missing from docs, now.
20:02 VR-Jack2 some of the test docs stuff is missing now
20:02 primechuck joined #salt
20:02 murrdoc is it missing in the commandline
20:02 murrdoc or the gui
20:02 murrdoc like on the web
20:03 VR-Jack2 docs.saltstack.com is missing some things
20:03 quintinadam joined #salt
20:03 primechuck I was going to write a custom module to pull additional physical disk information like WWN and model.   Before going down the path of writing a new module, is there one that does it or a logical one to extend?
20:03 mikeywaites joined #salt
20:03 murrdoc thats just a bad build
20:03 murrdoc basepi:  will fix it
20:03 murrdoc hes got the power
20:04 VR-Jack2 yeah, he's aware
20:04 * basepi doesn't have the know-how
20:04 * basepi needs to figure out who fixed it last time
20:04 * basepi doesn't know anything
20:04 * basepi hides
20:04 murrdoc the based pi has spoken
20:04 basepi ;)
20:05 murrdoc cheus:  you can always run salt 'minionname' sys.doc module
20:05 murrdoc to see docs for stuff
20:05 sjwoodr ssh connection to the minion is fine... it bootstraps it, afterall
20:05 cheus murrdoc, Oh sure -- that's what I did but was just more concerned about a potential near-future deprecation
20:05 VR-Jack2 well, that's the problem with a 3 running things
20:05 sjwoodr [INFO    ] Rendering deploy script: /usr/lib/python2.7/dist-packages/salt/cloud/deploy/bootstrap-salt.sh Warning: Permanently added '[10.0.2.188]:10648' (ECDSA) to the list of known hosts. Fri May  1 15:04:41 CDT 2015 Warning: Permanently added '[10.0.2.188]:10648' (ECDSA) to the list of known hosts. Connection to 10.0.2.188 closed. Warning: Permanently added '[10.0.2.188]:10648' (ECDSA) to the list of known hosts. Connection to 10.0.2.
20:06 sjwoodr one thing i noticed is that while running salt-cloud, any file its changing it will do a diff of and show that.  its on a rather large text file that its diffing where it suddenly blows up
20:07 VR-Jack2 timeout vlaue?
20:07 MatthewsFace joined #salt
20:07 sjwoodr wonder if there is some max buffer size where salt-cloud cant handle any more
20:07 joeto1 joined #salt
20:07 sjwoodr hmm...
20:08 sjwoodr in /etc/salt/cloud, i do have "start_action: state.highstate" -- which is how we're running highstate after the minion is built
20:08 sjwoodr perhaps that's taking longer than it likes?  its a few minutes
20:08 VR-Jack2 possible. I've run into a few issues with timeouts on various things sometimes.
20:09 VR-Jack2 just guessing here. I don't salt-cloud
20:09 perfectsine joined #salt
20:10 nzero joined #salt
20:11 sjwoodr you should, its a good time.  :)
20:11 iggy sjwoodr: one option is to use the reactor instead of start_action and do some smaller steps first, then a full highstate at the end
20:12 sjwoodr hmm, haven't used the reactor before.
20:12 smcquay joined #salt
20:13 joeto joined #salt
20:13 sjwoodr guess we'd just listen for 'salt/cloud/*/created' ?
20:13 JayFK joined #salt
20:14 VR-Jack2 doesn't look like it's suitable for my libvirt setup
20:23 VR-Jack2 becides, I wrote this really awesome shell script to handle my virt-installs. Think I'll keep it and just wrapper that with salt.
20:24 murrdoc joined #salt
20:25 mk12 joined #salt
20:27 murrdoc joined #salt
20:27 subsigna_ joined #salt
20:31 sjwoodr iggy: the reactor solution worked.  A+
20:32 sjwoodr apparently the start_action is experimental still.... it has worked for me for a few weeks but suddenly stopped working as our states got bigger and bigger.
20:33 sjwoodr as a side effect... I just got some experience using the reactor.  :)
20:34 tkharju joined #salt
20:36 VR-Jack2 reactor is awesome.
20:37 baweaver joined #salt
20:37 druonysus joined #salt
20:41 armonge joined #salt
20:45 spookah joined #salt
20:47 druonysuse joined #salt
20:47 druonysuse joined #salt
20:48 otter768 joined #salt
20:48 sjwoodr now i just need to figure out how to have salt-cloud create auto-scaling groups, and have the reactor handle those events
20:50 alexanderilyin joined #salt
20:58 bhosmer_ joined #salt
20:58 snarfy left #salt
21:03 lude joined #salt
21:04 tedski is it a known issue that the docs are broken again?
21:05 tedski for example, http://docs.saltstack.com/en/latest/ref/runners/all/salt.runners.pillar.html
21:07 VR-Jack2 yeah, basepi knows
21:08 murrdoc base(d)pi
21:10 Setsuna666_ joined #salt
21:12 StDiluted joined #salt
21:12 __number5__ joined #salt
21:14 brendan joined #salt
21:16 brendan hello, newbie here. I am getting my feet wet and wondering how I can create variables based on the output of shell commands. I want to automatically create nfs exports on certain hosts by consulting an auto.home in NIS and matching what's in it to the host that's currently being updated
21:17 brendan so if I'm runnign on host foo, and I find an entry for foo:/srv/home/bar in auto.home, I want to create the /srv/home/bar export on foo
21:18 nzero joined #salt
21:20 VR-Jack2 if auto.home is managed by salt, then you should technically already have that information. If not, you'd probably have to have a custom mine or grain to provide it.
21:24 brendan it's not managed by salt at this point (seems like it should be eventually). ok, I'll look into mines, thanks
21:25 JayFK joined #salt
21:28 gladiatr joined #salt
21:31 bhosmer_ joined #salt
21:33 hemphill joined #salt
21:33 iggy hate doing PRs on Friday... they won't get looked at till Tuesday
21:41 thayne joined #salt
21:46 baweaver joined #salt
21:47 VR-Jack2 trying to debate if I want to limit salt-minion using sudo or selinux.
21:48 Jimlad joined #salt
21:49 echo joined #salt
21:57 spookah joined #salt
21:59 giantlock joined #salt
22:03 solidsnack joined #salt
22:03 Pixionus joined #salt
22:11 johnkeates joined #salt
22:13 primechuck joined #salt
22:14 Jimlad joined #salt
22:28 johnkeates left #salt
22:30 nzero joined #salt
22:30 UtahDave joined #salt
22:31 stanchan joined #salt
22:34 stoogenmeyer joined #salt
22:36 stoogenmeyer joined #salt
22:42 solidsnack joined #salt
22:49 otter768 joined #salt
22:51 smcquay joined #salt
22:53 aw110f joined #salt
22:53 aw110f Hi is there a limitation on how many gitfs_remotes you can add on the salt master?
22:54 iggy aw110f: no
22:55 iggy but if you have a lot that take a long time to update (and an older version of salt), the updates can start stomping on each other
22:57 aw110f iggy: is the same true for ext_pillar using git?
22:58 iggy probably, but that is completely different code, so no telling
22:59 berserk joined #salt
23:02 iamfil Anyone know if there are any examples of runner.cloud.action anywhere?
23:05 solidsnack joined #salt
23:05 aw110f iggy: thanks
23:06 spookah joined #salt
23:07 iggy iamfil: I've got an example of a reactor calling an orchestrate runner (not exactly the same, but might give you some insight)
23:07 iggy https://gist.github.com/iggy/b7599a97c18ddd6e6ca4
23:09 iamfil iggy: thanks! i'll take a look
23:10 iggy when I first started messing with that stuff it was so frustrating just finding up-to-date examples, so I figure anything will help
23:11 baweaver joined #salt
23:12 keltim_ joined #salt
23:12 iamfil i can't figure out how to use runner.cloud.action. I think my formatting might be wrong? it appears that my fun doesn't get passed along. https://gist.github.com/anonymous/a9cc2d95b48256d07c2b . I end up getting 'ec2.None()' is not available. Not actioning... which according to the source happens when there isn't a fun
23:17 iggy try stuffing them under args or kwargs?
23:18 iamfil iggy: i'll try it. everything under cloud.action?
23:19 rhodgin joined #salt
23:19 iggy - arg:\n  - fun: ec2.rename\n  - instances.... etc
23:20 iggy or under kwargs instead of arg
23:21 iggy are you calling this from orchestrate or reactor?
23:23 iggy and you know there are cloud states/modules right? (might be a little more straightforward to use)
23:23 primechuck joined #salt
23:28 subsignal joined #salt
23:29 iamfil iggy: yes, but i believe I have to use cloud.runner for reactor?
23:30 iggy depends what you're trying to do, you could do it in a state and then run that state on a specific minion (the one on the master?)
23:31 iggy if you do figure it out, make sure you file a bug report against the docs ;)
23:31 iamfil i'm trying to rename a ec2 instance and it's key so i believe i have to do that on the master?
23:31 iamfil yea, i think i need to step through the source to figure out why my fun doesn't get passed.
23:32 iamfil thanks for the help though!
23:32 bhosmer_ joined #salt
23:34 iggy just out of curiosity, you can run this same command on the cli right?
23:34 iamfil yea, it works on the CLI
23:35 cberndt joined #salt
23:35 iggy gotta check ;)
23:35 iamfil that's what is driving me crazy. it works perfectly on the CLI. but i can't figure out why it doesn't work inside of a sls
23:36 iamfil i'm tempted to just run it as a local command on the master
23:36 iggy tried throwing a provider in there for S&Gs?
23:36 linjan joined #salt
23:36 iggy instance: test instead of instances: - test?
23:36 pdayton joined #salt
23:38 iamfil yes, i have instances: test in my current version in front of me now. same error: 'ec2.None()' is not available. Not actioning...
23:39 iggy P.S. renaming an instance doesn't change it's minion_id
23:39 druonysus joined #salt
23:39 iamfil i also tried changing around the order of where i place fun: ec2.rename justttt in case
23:39 iggy instance (no s)
23:39 iamfil i know, i'll have to restart the minion and turn off minion_id_caching
23:40 iamfil then it should work!
23:40 iamfil i think
23:40 iamfil i also change the hostname of the instance
23:40 iggy when a minion starts, it writes it's computed id to /etc/salt/minion_id
23:40 iggy so you'll have to rm that file too
23:41 iggy I think most people that use aws just don't bother having the instance name and minion_id match
23:41 iamfil there's a setting to turn that off, https://gist.github.com/flupke/00779514c97dad1825e8
23:41 iggy salt only cares about the minion_id
23:42 iamfil i'm attempting to keep them the same to keep things organized. i won't be the only one using this and i fear once i share it with my colleagues all hell will break lose and things will have random names.
23:42 iamfil but perhaps this turning out to be too much effort
23:42 joren joined #salt
23:43 iamfil i really wish this feature had been added: https://github.com/saltstack/salt/issues/5327
23:51 iggy I hardly ever use names... we have roles assigned to everything
23:51 iggy target everything based on that
23:52 VR-Jack2 I did really long nodenames that defines roles
23:52 VR-Jack2 since the minionid can't change
23:53 VR-Jack2 s/nodenames/minion ids/
23:56 JDiPierro joined #salt
23:59 fhh joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary