Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2015-05-07

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:02 und1sk0 quick rtfm question... the pkgin module for salt just sees the package name as a string, so nodejs, nodejs-0.10 and nodejs-0.10.38 are all different packages as far as salt is concerned even if pkgin will install nodejs-0.10.38 every time. is there a way to get the module to accept an approximate version match?
00:05 iggy *
00:05 MindDrive Yeah, I found out we had it already, just not installed.  However, the documentation for salt-ssh is pretty arcane and so far I have yet to find a way to get it to match all hosts (the 'salt-key | grep' won't work since I'd need to parse every returned line to extract the host name).
00:05 __number5__ oh, no. so 2015.5 is real
00:06 __number5__ are we going to skip 2015.2?
00:06 iggy I'm not
00:06 __number5__ :P
00:06 SheetiS Well it is February 96 today right?
00:11 solidsnack joined #salt
00:18 murrdoc i wish apt-get update had a quiet mode
00:19 murrdoc srsly apt srsly
00:19 jonatas_oliveira joined #salt
00:19 hemebond murrdoc: aptitude has -q
00:20 murrdoc true true
00:20 murrdoc -qq
00:20 hemebond Which might silence a little of the output.
00:20 murrdoc > /dev/null works too
00:20 aquassaut joined #salt
00:23 murrdoc iggy:  hook it up with the reactor to orchestrate gist por fa vo
00:23 murrdoc vor*
00:23 __number5__ sometime it make me want to use the "never update" debian...
00:23 iggy https://gist.github.com/iggy/b7599a97c18ddd6e6ca4
00:23 iggy that's one
00:24 iggy I've also got a scheduler -> orchestrate in there somewhere
00:24 solidsnack joined #salt
00:24 murrdoc so reactor -> state -> orchestrate runner
00:24 murrdoc got it
00:25 cromark joined #salt
00:27 murrdoc so if want the minion to tell teh master to do stuff on the minion
00:28 murrdoc it would be like salt-call event.fire '{data: dew it }' 'statename'
00:28 murrdoc and then have the reactor handle that
00:28 murrdoc and that should goto an orchestrate or something via reactor
00:28 murrdoc on a scale of one to ek6
00:28 murrdoc how bad is that
00:30 ajw0100 joined #salt
00:30 VR-Jack3 isn't event.fire local to the minion? thought event.send is to master
00:30 keimlink joined #salt
00:31 murrdoc yeah event.send
00:44 Tyrm joined #salt
00:44 c10 joined #salt
00:49 baweaver joined #salt
00:50 baweaver joined #salt
00:52 MindDrive Found an easier way to resolve my issue: push out a new version of Salt to all hosts (via Puppet) - auto-restarts on upgrade.
00:52 XenophonF joined #salt
00:53 VR-Jack3 ewwwwww
00:56 dendazen joined #salt
00:58 cheus joined #salt
00:58 hasues joined #salt
00:58 hasues left #salt
00:59 MindDrive We're not using Salt for configuration here, just distributed management.  Sadly our Puppet infrastructure is far too advanced for us to easily switch and we can't justify it until we hit an absolute showstopper with Puppet (which I don't see happening any time soon).
00:59 ITChap joined #salt
01:02 bhosmer_ joined #salt
01:06 solidsnack joined #salt
01:06 johnkeates joined #salt
01:06 beneggett joined #salt
01:07 johnkeates In what order do states track down their matching pillar environment?
01:07 johnkeates or is it simply running down each list per-environment
01:10 Furao joined #salt
01:13 MatthewsFace[SEA joined #salt
01:21 baweaver joined #salt
01:24 primechuck joined #salt
01:26 otter768 joined #salt
01:29 cromark joined #salt
01:29 otter768_ joined #salt
01:38 cromark joined #salt
01:38 amcorreia joined #salt
01:39 garthk johnkeates: it's up to the pillar top.sls, isn't it?
01:40 Tyrm joined #salt
01:40 johnkeates garthk: yes, but say i have a top.sls with env. base: and minionX in it, does it simply take the order of the pillars form the master config? or does it start with the matching pillar environment
01:41 bhosmer_ joined #salt
01:42 garthk johnkeates: I'm not sure; have you tried mangling a test setup to see what happens?
01:46 mattrobenolt Wait, which new tag is the right one? There's a v2015.5.0 and v2015.5
01:46 johnkeates garthk: no, not yet
01:46 johnkeates mattrobenolt: both exist i believe
01:46 mattrobenolt Yeah, v2015.5 is latest.
01:46 mattrobenolt But only by 5 hours, haha
01:46 mattrobenolt And this is huge: https://github.com/saltstack/salt/compare/v2015.5...v2015.5.0
01:46 mattrobenolt Hmmmm. https://github.com/saltstack/salt/commit/ba3b782cb3d163a42db495b1e3d413fe5b827880
01:46 mattrobenolt That might explain it.
01:46 cromark_ joined #salt
01:46 mattrobenolt Actually, still confused.
01:47 I3olle joined #salt
01:48 mattrobenolt Oh, somehow I don't think this made the cut. :( https://github.com/saltstack/salt/commit/22bfb3079bde9a0c58bfc2905631ccc4b2cf737c
01:48 cberndt joined #salt
01:48 johnkeates softlayer has probably simply been a bad boy
01:49 johnkeates and we all know what bad boys get...
01:49 johnkeates they get spanked!
01:49 mattrobenolt wut
01:49 johnkeates i'm escalating things rather quickly :p
01:49 johnkeates it's 4AM here
01:49 johnkeates I should probably disconnect xD
01:49 mattrobenolt :)
01:49 mattrobenolt I'm mostly curious what the process is for cutting releases and whatnot.
01:50 mattrobenolt Since apparently it's not cut off of latest develop.
01:50 johnkeates correct
01:50 mattrobenolt And I plan to be contributing more as we ramp up to using it.
01:50 N-Mi joined #salt
01:50 johnkeates there usually is a selection of features per release
01:50 mattrobenolt So kinda sad to see a new release without a patch I submitted pulled in. :(
01:50 johnkeates not a merge from dev and that's it
01:50 mattrobenolt Interesting.
01:50 mattrobenolt So is develop not really stable at all?
01:50 johnkeates no, it's not :)
01:51 mattrobenolt welp
01:51 johnkeates well, it actually depends on what parts you use
01:51 johnkeates so i suppose that as long as you don't hit anything broken it's stable enough
01:51 mattrobenolt Yeah, I assume we wouldn't just want to run develop everywhere in production. :)
01:52 johnkeates you probably won't find seriously broken things like incompatible API/ABI issues that make the while thing just break
01:52 johnkeates but more like specific features suddenly not working properly in some cases
01:52 mattrobenolt Are you a core dev? Just curious.
01:52 johnkeates no :)
01:53 johnkeates I'm a DevOps and SysOps consultant so I'm always getting my hands dirty with SCM/VCS stuff and configuration management, auditing, requirements engineering etc.
01:53 johnkeates I basically started to dig around in SaltStack about a year ago
01:53 johnkeates was interesting stuff back then, even more interesting stuff right now :)
01:54 johnkeates but some of the development and documentation parts can be super confusing
01:54 mattrobenolt We're starting the process of switching from puppet to salt.
01:54 johnkeates ah yes, I pretty much put everyone on that track too
01:54 mattrobenolt I contributed to salt a few years back, but never used it.
01:54 johnkeates every software shop I manage directly is already on salt
01:54 mattrobenolt What's the largest cluster you deal with?
01:55 johnkeates and those that still have chef or puppet hanging in there, well, they are usually switching to salt at local/dev/testing levels, but not QA and production
01:55 johnkeates one of the largest is about 50 hypervisors with 100 vm's each I think
01:55 mattrobenolt I know LinkedIn uses Salt on tons of nodes.
01:55 mattrobenolt We'll be rolling out to like, ~300.
01:55 johnkeates but with proper config management, you basically only have to get it right for about 10 and roll it out times 100 and sit back and relax with some coffee
01:56 mattrobenolt But that'll take some time first. :)
01:56 mattrobenolt Of course. :)
01:56 johnkeates some of the DevOps and SysOps teams I guide/push/hammer on manage even larger clusters :)
01:56 mattrobenolt All of our new infrastructure that'll be managed by salt, is basically just registering nodes into Mesos.
01:56 mattrobenolt So the config management isn't that in depth.
01:56 johnkeates will you be using reactors for auto-registration?
01:57 mattrobenolt Into mesos?
01:57 mattrobenolt It doesn't need to.
01:57 johnkeates or just configure via salt and have it go from there
01:57 mattrobenolt Yeah, install mesos-slave, give it the master ips, and it does everything.
01:57 johnkeates oh, just like configuring salt-minions via salt-ssh
01:57 johnkeates (or via preseeding)
01:57 mattrobenolt Using salt-cloud actually at the moment to provision + bootstrap salt.
01:57 Furao joined #salt
01:58 mattrobenolt Hence that SoftLayer API patch. ;)
01:58 johnkeates I actually have most instances get preseeded via PXE, which basically reduces provisioning to setting your basic resource constraints and hitting 'go'
01:59 johnkeates from there it works for anything, VM's, bare metal, hypervisors, aws
01:59 johnkeates well, aws isn't tied in to pxe, because you can't, but it's the same interface
01:59 mattrobenolt Yeah, our salt is enough to bootstrap a machien into a running state from scratch.
02:00 mattrobenolt Then once it's in mesos, it's just an abstracted pool of resources.
02:00 johnkeates we basically integrate private clusters with at least 1 cloud service so you can scale out quickly when you run out of local resources
02:00 mattrobenolt Yep, we do that with SoftLayer. :)
02:01 mattrobenolt We have bare metal for all the nodes, and we can spin up some virtual machines in an emergency, then replace with real hardware later.
02:01 johnkeates it's just so nice to be able to use almost entirely FOSS stuff, a bunch of knowledge and a bit of creativity to create some real sweet systems
02:01 mattrobenolt Since it takes ~6 hours or so to bring in a new physical machine.
02:01 johnkeates hmm, do you still manually deploy new physical machines?
02:01 mattrobenolt We have or place an order, and it takes a while.
02:01 johnkeates ah yes, that is true
02:01 mattrobenolt We can order through API, but it still takes a while.
02:02 mattrobenolt They usually have to rack it still, etc.
02:02 johnkeates I have a few places that work with tons of leased stuff
02:02 mattrobenolt Then run hardware tests.
02:02 mattrobenolt Yeah, we lease everything.
02:02 johnkeates can ask for hardware deployment via API, but there still has to be a guy on the other end running around with parts and a cart
02:02 mattrobenolt Yep.
02:02 johnkeates and there is always the dreaded backlog
02:02 mattrobenolt I haven't tried to use salt-cloud to try and provision a physical machine. I assume that won't work, haha
02:03 mattrobenolt Or the script will be hanging around for 8 hours.
02:03 johnkeates sometimes, I tell myself that it has to be pretty zen to just run around with a cart and scramble hardware around all day ^^
02:03 mattrobenolt We have a sales rep now that we just email.
02:03 mattrobenolt "yo, we need a server with these specs in this datacenter. make it happen"
02:03 johnkeates they must have containers of all the right parts, neatly labeled etc
02:04 johnkeates you just get the order, maybe even on real paper, and collect whatever is on the list, put it together, run some nice automated tests and throw the thing in the rack
02:04 mattrobenolt pmuch
02:04 johnkeates you basically get a little workout for free with it! :D
02:04 mattrobenolt The hardware tests and the OS reload is what takes the most time.
02:05 johnkeates yeah
02:06 mattrobenolt Alright, gotta bail. I'll be around trying to fix bugs as we find them. :)
02:06 johnkeates the OS reload I got sorted, we're on private internal networks (on the 4th NIC usually), so we simply ask them to turn it on, and a DHCP/PXE box will simply take over
02:06 johnkeates cool :)
02:06 johnkeates me too, I'm mostly just working on expanding the formula library
02:06 johnkeates because that's where the real power is :)
02:06 johnkeates see ya!
02:13 pdayton joined #salt
02:20 pedromaltez joined #salt
02:30 VR-Jack3 Mmm, 4th NIC. heh. that's what I'm PXE on for my physical salt bootstraps
02:33 c10 joined #salt
02:38 jasonrm joined #salt
02:49 cmcmacken joined #salt
02:51 favadi joined #salt
02:51 donmichelangelo joined #salt
02:55 ajw0100 joined #salt
02:57 ITChap joined #salt
02:59 ProT-0-TypE joined #salt
03:00 Furao joined #salt
03:04 supersheep joined #salt
03:08 thayne joined #salt
03:22 evle joined #salt
03:26 pdayton joined #salt
03:26 otter768 joined #salt
03:31 pelzi__ pxe is such a pain when you have lacp to servers
03:31 pelzi__ unless your switches do fall-back
03:35 I3olle joined #salt
03:36 clintberry joined #salt
03:44 TyrfingMjolnir joined #salt
03:48 pdayton joined #salt
03:49 VR-Jack pelzi__: It is, which is why I do a dedicated port for it
03:50 VR-Jack luckily, I don't run a huge datacenter, so I don't have to deal with too many configuration options
03:51 JlRd joined #salt
03:56 fxhp joined #salt
04:09 vstoniest joined #salt
04:15 desposo joined #salt
04:16 vstoniest joined #salt
04:21 thayne joined #salt
04:22 c10 joined #salt
04:23 dimeshake joined #salt
04:43 jimklo joined #salt
04:49 zer0def joined #salt
04:55 VR-Jack heh. how to piss off salt-minion. restart iptables. drops the state for the minion
05:07 VR-Jack looks like keepalive brings it back, so not too bad
05:14 b30wulf joined #salt
05:18 b30wulf Hi, anyone around who has a good idea on how to implement a version check for package inside a salt state? I basically want to say, "if the package that is currently installed has a version >= '0.9.1-1' then do x, otherwise do y" -- {% if salt['pkg.version']('fail2ban', '0') >= '0.9.1' ... is trying to do string compares on version numbers... and I know if I was writing straight python, I could use the verlib.NormalizeVersion() to do t
05:20 jasonrm joined #salt
05:23 c10 joined #salt
05:25 st_iron joined #salt
05:29 jasonrm joined #salt
05:31 b30wulf meh, never mind, hacked it
05:39 stoogenmeyer_ joined #salt
05:45 joeto joined #salt
05:47 pelzi__ yes, stateful filtering is a good way to break any kind of connectivity
05:50 rdas joined #salt
05:53 supersheep joined #salt
05:54 jasonrm joined #salt
05:55 st_iron which is the best way to check if all states ran successfully on all minions? (now I set up a mysql returner, and I periodically check the success column)
05:56 _JZ_ joined #salt
06:00 colttt joined #salt
06:02 viq joined #salt
06:02 otter768 joined #salt
06:13 lb1a joined #salt
06:13 jasonrm joined #salt
06:16 Furao joined #salt
06:17 malinoff joined #salt
06:20 favadi left #salt
06:21 kawa2014 joined #salt
06:24 evle joined #salt
06:31 trikke joined #salt
06:32 ldlework joined #salt
06:33 ldlework Tonight I am suddenly suffering from the following repeating errors on new salt-standlone nodes: https://gist.github.com/dustinlacewell/ac0bd5d280dc7ec7ff07
06:33 soren joined #salt
06:33 ldlework Nothing aobut my configuration management has changed.
06:33 flyboy joined #salt
06:34 JayFK joined #salt
06:39 st_iron ldlework: do you run the salt-call command to connect to the master?
06:39 st_iron or with --local option to use the in-place state tree?
06:40 ldlework st_iron: with --local
06:41 ldlework st_iron: does that help?
06:41 st_iron I assume from the log that it tries to connect to a remote master
06:42 st_iron is that possbile that the --local option was missed / the file_client: local option in the minion config is not set?
06:42 ldlework there are two places where the string "salt-call" appear in our automation scripts and they are both immediately followed by --local
06:43 ldlework and our code didn't change
06:43 st_iron I'd try to run it by hand with the '-l debug' option
06:46 KermitTheFragger joined #salt
06:49 jhauser joined #salt
06:51 ATUL joined #salt
06:51 ATUL dsad
06:51 ATUL ls
06:51 ATUL hi
06:52 ltsampros joined #salt
06:52 ATUL can we send command if client shutdown for a time but later when he wake up he will get that commnad runnig on his machine
06:53 ldlework st_iron: the problem seems to be, I'm using the bootstrap script and somehow the minion daemon is getting started
06:53 jeddi joined #salt
06:53 c10 joined #salt
06:55 st_iron ldlework: as per documentation the daemon must be disabled as it tries to connect to a salt master
06:55 ldlework with -X ?
06:55 ldlework to bootstrap?
06:56 st_iron I don't know what kind of system do you use, I use bootstrap on RHEL7 and Ubuntu14.04, but the minion never starts as a daemon
06:56 st_iron though, to make it sure I disable it in services with a custom state :)
06:58 ldlework the minion never had this behavior before
06:58 ramteid joined #salt
06:58 ldlework ever, for like over a year I've been using salt
06:58 ldlework I didn't change a thing
06:59 st_iron did you pin your version, or using a floating one?
07:00 clintberry joined #salt
07:00 ldlework sh install_salt.sh git v2014.7.0rc4
07:02 st_iron so, let's wait for somebody wiser than me to answer it :) I am out of ideas
07:03 ldlework Well I'm going to try to provision with -X see if tat does anything
07:04 ITChap joined #salt
07:07 lesterc joined #salt
07:08 _JZ_ joined #salt
07:10 babilen 2015.5 was has been released
07:10 rofl____ is it out?
07:10 rofl____ w00t
07:11 babilen Well, it was tagged
07:11 N-Mi joined #salt
07:11 babilen "has been released" is probably not quite applicable for salt
07:11 rofl____ what happened to Lithium?
07:11 babilen .2 ?
07:12 rofl____ yes
07:12 malinoff rofl____, https://groups.google.com/forum/?pli=1#!topic/salt-users/5Hmhxwxa4zI
07:12 AndreasLutro renamed to .5
07:12 babilen .2 was renamed to .5 to reflect that that version is going to be released in May
07:12 AndreasLutro :D
07:12 rofl____ ah okey
07:12 rofl____ didnt catch that
07:12 rofl____ but looking forward to it
07:12 rofl____ :)
07:13 EvaSDK I must hurry folding my fixes then
07:13 EvaSDK had such a hard time setting up salt-cloud with lxc :-/
07:13 babilen I am very happy about that as I have been complaining about their "crystal ball release naming scheme" for a while now and often argued in favour of branch creation and version number assignment *during* the release (i.e. when you know what the name has to be to follow YYYY.MM)
07:13 rofl____ i think you need to actually hit the date if you use dates as versioning
07:14 rofl____ ubuntu always does
07:14 AndreasLutro only problem with it is, what do you name beta/rc releases
07:14 EvaSDK rofl____ +1 :D
07:14 rofl____ AndreasLutro: beta/rc ? :p
07:14 AndreasLutro 2015.2rc1 for example
07:14 babilen rofl____: No, you can easily assign the version number during the release. Ubuntu releases at a specific date no matter what, but I don't like that. I prefer "when it's ready".
07:14 eseyman joined #salt
07:14 EvaSDK time based releases don't spare you of having a schedule :p
07:15 rofl____ babilen: then they shouldnt call it by date imho. debian does it when its ready and they use codenames
07:15 babilen AndreasLutro: You would naturally refer to them either by their codename or by some name that always means "next release" such as "testing" is used in Debian
07:16 AndreasLutro true, though then it's not apparent which release it's actually an RC for
07:16 csar joined #salt
07:16 rofl____ AndreasLutro: lithium-rc1 ?
07:16 babilen rofl____: Well, we just released Debian 8.0 jessie, but that could have easily been Debian 2015.04 Jessie
07:16 malinoff I can't really get what's wrong with 1.2.3a1?
07:17 babilen Nothing
07:17 babilen But it means that you can't break things between 1.2.3 and 1.2.4 ;)
07:17 EvaSDK is it that bad ?
07:17 rofl____ babilen: yeah by setting the date _after_ the release ;)
07:17 malinoff babilen, why not? just rename that to 2.0
07:18 rofl____ semantic versioning<3
07:18 babilen malinoff: Yeah, you would have to in that case. I was specifically arguing about 1.2.3 vs 1.2.4 and you obviously didn't get the joke (salt breaking things in maint releases)
07:19 EvaSDK yeah, I understand the arguments for date based releases, but it is the most annoying thing when you try to know if you are upgrading for fixes only or get new features/breakage as well
07:19 malinoff babilen, i get it, and i know about frequent breakages
07:19 fbergroth joined #salt
07:19 EvaSDK on and 2017
07:19 EvaSDK damn
07:19 rofl____ next release needs to be set a version in the beginning of the month where they are planning on tagging then
07:20 rofl____ so they know they actually hit the correct month;)
07:20 malinoff EvaSDK, well, since salt does not care about backwards compatibility, you don't have much options
07:21 malinoff EvaSDK, either stick with what you have now or upgrade everything
07:21 EvaSDK or they set a date and merge only working code ? :d
07:21 EvaSDK :D
07:21 EvaSDK it's a bit of a problem when running a mix of distrobutions with salt
07:22 Auroch joined #salt
07:22 babilen Just use "Lithium" or "testing" for the next release and then create a 2015.whatever branch and tag during the release. *Only* merge bugfixes into that branch and release maintenance release with very little changes.
07:22 EvaSDK you have to explicitely use salt's own install script
07:22 lesterc salt-ssh? :)
07:22 EvaSDK saltify or whatever it's called
07:25 __number5__ rofl____: only use year as version number will be more accurate
07:26 rofl____ __number5__: just dont plan to release in the end of the year ;)
07:26 __number5__ yep, that's a terrible idea for sure
07:26 rofl____ dates as deadlines is pure evil
07:27 rofl____ :D
07:36 chiui joined #salt
07:37 plindgren joined #salt
07:37 plindgren hi guys
07:37 plindgren i've got stale .pyc files on a minion
07:38 plindgren resulting in salt-minion starting up
07:38 plindgren can someone tell me where to find the .pyc files and delete them?
07:38 __number5__ plindgren: how did you know you have 'stale pyc' issue?
07:39 plindgren google
07:39 plindgren did not lead me to a solution though
07:39 plindgren only saw this was patched for ubuntu trusty
07:39 plindgren but i've managed to get it on centos
07:40 plindgren and since this server runs containers with python selectors
07:40 plindgren i have like one million pyc files system wide
07:41 malinoff plindgren, can you answer __number5__'s question?
07:41 ldlework Why would pyc files cause the salt-minion to startup?
07:42 plindgren oh sorry
07:42 plindgren should be "not starting up"
07:43 plindgren http://grokbase.com/p/gg/salt-users/1519t5m7d6/importerror-no-module-named-cli-caller
07:44 plindgren thats what i found on google, i have a similar issue
07:44 plindgren i saw someone removed the salt folder on dist-packages and reinstalled
07:44 plindgren im gonna try that
07:44 yggdrasi1 joined #salt
07:45 teogop joined #salt
07:45 c10 joined #salt
07:48 Freddy joined #salt
07:49 ldlework How do I prevent the salt-minion for starting on boot?
07:50 plindgren seems like someone installed a diffrent version of salt-minion on this server and then when salt-minion was installed from repo everything went bananas, ill just try to purge both installations and i should be fine.
07:50 plindgren thanks guys
07:50 hemebond ldlework: That will depend on your platform and isn't specific to Salt.
07:50 ITChap joined #salt
07:51 edulix joined #salt
07:51 davidbanham ldlework: On ubuntu: sudo mv /etc/init/salt-minion.conf ~
07:54 ldlework davidbanham: what does ~ do?
07:54 ldlework oh
07:54 ldlework derp
07:56 bash124512 joined #salt
07:57 supersheep joined #salt
07:57 st_iron using the sqlite3 returner it reports success even if the state run was unsuccessful
07:58 st_iron the success field is constant 1 even if all states fail
07:59 CeBe joined #salt
08:01 st_iron is it expected? :) I am checking the code where does the ret['success'] come from
08:03 otter768 joined #salt
08:07 peno joined #salt
08:11 ITChap joined #salt
08:15 babilen Ah, and how I love it if my bug fixes don't even make it into the next stable release
08:15 losh joined #salt
08:15 fredvd joined #salt
08:15 babilen I guess I'll have to keep _modules and _states around for a while and backport them for 2014.7 and 2015.5
08:17 Xevian joined #salt
08:24 CeBe1 joined #salt
08:29 babilen How do you guys manage repository transitions from, say, wheezy-saltstack-2014-01 to wheezy-saltstack-2014-07 ?
08:32 st_iron there was an issue with the missing success key before: https://github.com/saltstack/salt/issues/7518 --- now it reports success even if it fails
08:32 babilen progress!
08:33 st_iron it is :)
08:34 huddy joined #salt
08:34 st_iron anyway I do not find it in the code, where does it come from
08:35 Freddy joined #salt
08:40 Gu_______ joined #salt
08:40 _sfxandy hello everyone
08:42 cberndt joined #salt
08:43 _sfxandy i have a question about salt mine and using it with the ssh.recv_known_host module
08:43 scarcry joined #salt
08:43 babilen You may ask your question. It passed initial scrutiny.
08:45 _sfxandy i basically want Salt to manage known_hosts file for a couple of users.  now I know I can use the ssh_known_hosts state and hard code the relevant fingerprints in Pillar and do it that way.  but what i wanted to achieve was to have this managed dynamically, by using salt-mine to cache the various host fingerprints on the master and use this in my Salt state to manage the known_hosts files
08:45 _sfxandy but am struggling to get the right bits in place...
08:45 _sfxandy first of all, does my question make sense?
08:46 Furao joined #salt
08:48 _sfxandy i guess the first problem is have is what the mine_functions should look like....
08:49 _sfxandy so what i tried is here ... https://gist.github.com/anonymous/e628455b7c461e8e904a
08:50 g3cko joined #salt
08:50 _sfxandy but i'm not even sure my mine_function is correct.  what do you reckon babilen?
08:54 ITChap joined #salt
08:58 babilen Yeah, that is not how you do it. You could use something along the lines of: "mine_functions: \n fqdn: \n mine_function: grains.get \n key: fqdn" (or "... mine_function: grains.get: ['fqdn']" . You almost certainly want to use mine function aliases
08:58 babilen An alternative would be to use grains.items as mine function which gives you all of them
08:59 _sfxandy but i wasn;t aware the detail i need was available as a grain?
08:59 bluenemo joined #salt
09:02 _sfxandy so babilen, have i got the ssh.recv_known_host bit wrong?  or my use of the {{ grains.fqdn }}?
09:05 babilen Where does grains.fqdn come from there?
09:05 babilen Ah ...
09:06 babilen I understand what you are trying to do now. Sorry.
09:06 _sfxandy ah...?
09:06 _sfxandy lol
09:06 _sfxandy probably my crap explanation
09:07 babilen I'm not sure if you can refer to grains there
09:08 babilen But you should as it is a normal pillar. In light of that: That doesn't look too bad, are you running into problems with that?
09:10 CedNantes joined #salt
09:10 _sfxandy yeah ... it kind of works but i must be missing something.  when i access the mine function in my jinja template i only ever get information for a single host returned .... not all of them
09:11 stoogenmeyer__ joined #salt
09:11 babilen So, how do you access it?
09:11 _sfxandy bear with me...
09:13 _sfxandy am just adding the snippets to gist
09:13 babilen Or rather: What does "salt '*' mine.get '*' ssh.recv_known_host" get you?
09:14 ksj anyone use the rabbitmq plugin? is there a way to specify the port to connect to?
09:14 babilen Make sure to run "salt '*' mine.update" beforehand
09:14 ksj I can't even find where the port is in the source code for the module
09:14 _sfxandy ah .... it looks like its working.  for some reason when i first ran it I only got one hosts details back .... so I am guessing that the other hosts hadn;t executed the mine function until just
09:14 _sfxandy yopur comment about mine.update is spot on i think...
09:15 babilen _sfxandy: Yes, you have to either wait for mine_interval to trigger an update or run it yourself
09:15 _sfxandy ah.  sorry babilen ...... wasted a bit of your time there.
09:15 stoogenmeyer_ joined #salt
09:15 babilen No worries
09:16 _sfxandy just have to extract the fingerprint from the dictionary now and i;m good.  many thanks ..... and mine.update is engrained now!!
09:20 Twiglet Woo, time to stop using a rc in production
09:24 st_iron I agree
09:24 st_iron I'll issue a bugreport soon, I've found a nasty bug in the returners
09:32 CedNantes hello, i'm trying to make a script destroying vm using salt-cloud and sending informations to a log file. 'salt-cloud -d "myvm" --out-file=/pathtomyfile/' is not working
09:32 CedNantes any ideas ?
09:35 keimlink joined #salt
09:40 CedNantes also i'm using yes|salt-cloud -d for automatic answer
09:41 CedNantes just saw a -y option '--
09:42 peters-tx joined #salt
09:44 bhosmer joined #salt
09:48 supersheep joined #salt
09:53 lothiraldan joined #salt
09:54 zipkid ok.... Why are my schedules not working???!!! :-(
09:55 zip-kid joined #salt
09:55 zip-kid Hi
09:57 _sfxandy hi zip-kid
09:57 zip-kid Hello, preparing a gist about the schedule thing...
09:59 zip-kid Can anyone clue me in on this schedule problem? https://gist.github.com/zipkid/cbccf2efb8047b5226ce
10:00 zer0def joined #salt
10:03 ndrei joined #salt
10:04 otter768 joined #salt
10:13 denys joined #salt
10:13 zip-kid It's kinda sadly ironic that the only way of scheduling that seems to work reliably is _Manually_ writing it into the minion or schedule.conf file :-(
10:15 lothiraldan joined #salt
10:16 lesterc joined #salt
10:23 Grokzen joined #salt
10:28 SaltLearner joined #salt
10:28 SaltLearner Hello. Has anybody tested Redis returner with SALT??
10:29 lesterc joined #salt
10:30 elfixit joined #salt
10:31 ksj why does {% set ip = salt['grains.get']("ip4_interfaces:eth0") %} return the ip surrounded by quotes and braces?
10:32 AndreasLutro ksj: probably because the grain value is a dictionary, not a string
10:33 ksj hmm...ok, so what's the preferred method of getting the default egress ip in a template?
10:38 Nebraskka any practice on losing minion connection? only manual restart?
10:39 Nebraskka played with roles (append/remove), and suddenly minion became unavailable
10:40 Nebraskka oh, looks like i broke it
10:41 Nebraskka http://upaste.me/a904189828e29bbdd
10:41 Nebraskka tried to empty "roles" grain
10:41 SaltLearner 2015-05-07 16:10:52,123 [salt.minion                                 ][ERROR   ] The return failed for job 20150507161051564719 'redis.returner' 2015-05-07 16:10:52,127 [salt.minion                                 ][ERROR   ] Traceback (most recent call last):
10:42 SaltLearner Getting this error on minion while trying to return using REDIS
10:42 Furao joined #salt
10:49 CeBe1 joined #salt
10:49 lesterc joined #salt
10:50 matthew-parlette joined #salt
10:50 bhosmer joined #salt
10:51 bhosmer_ joined #salt
10:53 giantlock joined #salt
10:56 zipkid setting a schedule from a state, opposed to from pillar, both documented... does not work :-(
10:58 malinoff Jesus, does salt generate jids using dates?
11:05 ndrei joined #salt
11:08 catpig joined #salt
11:08 TyrfingMjolnir joined #salt
11:09 Nebraskka filled an issue about my case
11:16 lesterc` joined #salt
11:18 jollyroger joined #salt
11:19 SaltLearner Fixed it !!
11:19 SaltLearner SALT now returning to REDIS server.
11:22 ndrei joined #salt
11:24 jollyroger Hi. I'm trying to manage deploy keys and access to my company's private repo with salt. Every time I have the same set of states: import bitbucket/github ssh host key (1 state), create and manage permissions and files in user's .ssh directory (5 states), add deploy key to github/bitbucket (1 state). These are 7 states I duplicate for every service/separate user: https://gist.github.com/jollyroger/0315ac02
11:24 jollyroger 93f4e264c42c I wonder if there's a way to avoid so much duplication without having conflicting states ot states that do the same but have different names.
11:24 jollyroger Sorry, link was broken: https://gist.github.com/jollyroger/0315ac0293f4e264c42c
11:28 amcorreia joined #salt
11:34 lesterc`` joined #salt
11:40 favadi joined #salt
11:41 favadi left #salt
11:42 ThomasJ jollyroger: I might be misinterpreting things here, but I don't understand why you would want to duplicate the states. What you want to do is iterate over pillar data, so you have a single state for each action covering all users and values in a pillar structure
11:43 ThomasJ You can even generate id's dynamically if you have id conflict
11:45 ThomasJ Heres a silly little formula I use to install packages that do not qualify for having individual formulas that iterates over the pillar data. Note the counter that is no longer used that has been replaced with {{ groups }}
11:45 ThomasJ https://github.com/FEI-Lithicon/common-packages-formula/blob/master/common/init.sls
11:47 ThomasJ I initially had one id per package, until we ended up with hundreds of packages and it just spammed the output, but the counter worked well for automatically generating unique non conflicting id's
11:50 evle1 joined #salt
11:50 _________ joined #salt
11:51 lothiraldan joined #salt
11:55 jollyroger ThomasJ: what my states are about to tell is that for every service I manage bitbucket public host key (I've seen in some last commits salt now can add those to the global known_hosts file and that's great). Ok, now I can have one state file for every hosting platform and include/depend on it. Great.
11:56 jollyroger But what is the problem for me is that If I omit the actual names for the user/group/service, the latter 4 states that describe ssh files and folders are just equal. They'll be totally equal if I move those parts to macros.jinja and name states in a common way. But that will lead to conflicts.
11:57 jollyroger and yes, now I have more than 200 states (and going) to manage just basics on every server.
11:58 jonatas_oliveira joined #salt
12:04 ThomasJ I'm trying to understand this. You essentially have 200 lines in your top.sls file to handle individual users/keys?
12:04 Nebraskka it's possible to filter top.sls by multiple grain? like if os = ubuntu && role = frontend?
12:05 otter768 joined #salt
12:05 ThomasJ Nebraskka: Compound matching
12:05 Nebraskka oh right, thanks :)
12:11 khris joined #salt
12:14 tmclaugh[work] joined #salt
12:17 jollyroger ThomasJ: no, I'm not about that. I have 2-5 lines in my top.sls for every server group: a single sls file that includes the basics nad 3-4 additional states that do the job. No problem with that.
12:18 jollyroger Anyway, I just need to write a macro that'll create needed states for given user/group/home.
12:18 ThomasJ Not much help in me today, sorry
12:19 aquassaut joined #salt
12:22 trikke joined #salt
12:22 jollyroger ThomasJ: np. I've seen some useful states as well.
12:24 I3olle joined #salt
12:24 Nebraskka is there any way to verbose highstate output for debug?
12:25 ThomasJ salt '*' -l debug state.highstate / salt-call -l debug state.highstate?
12:25 Nebraskka awesome, thanks :)
12:26 ndrei joined #salt
12:26 ThomasJ I usually use the latter as it gives instant output
12:26 Nebraskka locally?
12:26 ThomasJ On the minion in question yes
12:26 Nebraskka i see, thanks =)
12:34 lesterc`` So I'm trying to setup a salt master user a regular user and use salt-ssh to manage a bunch of random machines - how do I generate a master key? salt-key --gen-keys=master gives me 'CRITICAL: Salt configured to run as user "root" but unable to switch.' :-/
12:37 Sacro lesterc: configure salt to not run as root?
12:39 TooLmaN joined #salt
12:40 dendazen joined #salt
12:40 subsignal joined #salt
12:41 lesterc Sacro: yeah - i am hoping to store all the salt config in a repo and have my team to clone it and run it via salt-ssh
12:42 lesterc just trying to work out how to set it up. :)
12:42 Furao joined #salt
12:42 vstoniest joined #salt
12:44 dendazen left #salt
12:46 zip-kid consistency... http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.saltutil.html#salt.modules.saltutil.pillar_refresh
12:48 cmcmacken joined #salt
12:50 JlRd joined #salt
12:51 Plam joined #salt
12:51 Plam hi!
12:52 ALLmightySPIFF joined #salt
12:53 Plam got a "tricky" question: I want to copy a file in a folder, to my targeted minion. But in this folder there is other files, I just want the newer one. Eg: folder with "myfile-0.0.7.tgz" and "myfile-0.0.8.tgz". I just want to send the latest version (versions/filename are using semver), which is also the latest one on the filesystem
12:54 Plam what are my options?
12:55 ThomasJ Plam: You could use http://docs.saltstack.com/en/latest/ref/states/all/salt.states.file.html#salt.states.file.recurse
12:55 keltim joined #salt
12:55 ThomasJ Combined with - clean it would ensure that the only contents are the files you place there
12:57 ThomasJ Or I could be misinterpreting your intention
12:57 Plam hmm I already use recurse, but I can't know in advance which file I want precisely. I only know that I want the latest version of the tgz in this folder
12:58 Plam so far I use recurse with myfile-*.tgz
12:58 Plam but if I have multiple files, that's not good
12:58 Plam just want the latest one
12:59 ThomasJ Hrm, not sure if you can do it with jinja, but you would likely need to write a python state or somesuch which allows you to sort the files and pick the "latest" one to be sent
12:59 mage_ in the "master" config file it says: "The file server works on environments passed to the master" .. stupid question: how do you pass those environments to the master?
13:00 Plam ThomasJ: okay will dig for this, any hint/doc to start with a simple python state and how to plug it to my current salt stuff?
13:00 jollyroger Plam: how about using symlink and some cmd.run state to point it to the latest version?
13:00 ThomasJ Otherwise you would have to do it the old fashioned way and update a variable/pillar whenever you drop a file in, which removes all point of automating
13:01 Plam jollyroger : why not, but how the cmd.run will know what is the latest version?
13:01 cpowell joined #salt
13:02 ThomasJ Plam: cmd.run could run a simple script which sorts the filenames to select the latest, and then creating the symlink
13:02 Plam okay. Thanks for the ideas jollyroger and ThomasJ, will take a look :)
13:02 jollyroger Plam: it is as ThomasJ says. Some bash magic and you're done :)
13:03 ThomasJ ln | sort | tail -n1, or something to that effect
13:04 Plam yup
13:05 Sacro ThomasJ: ls
13:05 thayne joined #salt
13:05 ThomasJ Reading ls, thinking of linking, writing ln
13:06 Sacro ls -lt | awk 'NR==2{print $9}'
13:07 denys joined #salt
13:08 Sacro ls -1t | head -1
13:08 Sacro neater still
13:08 racooper joined #salt
13:11 Plam Sacro: works fine thx :)
13:11 Plam just need to see where to put that
13:11 Plam ^^
13:11 jdesilet joined #salt
13:13 JDiPierro joined #salt
13:19 zip-kid joined #salt
13:25 SheetiS1 joined #salt
13:26 SheetiS joined #salt
13:27 primechuck joined #salt
13:30 bhosmer_ joined #salt
13:30 paultjuh joined #salt
13:31 paultjuh anyone an idea how to get this working with the acl module?: setfacl -m default:other:rw /dir
13:31 rap424 joined #salt
13:33 hasues joined #salt
13:33 hasues left #salt
13:34 malinoff babilen, about renamed release: "Great, now all my Lithium 2015.2.0 celebratory t-shirts are now useless :("
13:35 babilen I just read that mail and had a good chuckle!
13:36 malinoff just another reason to switch back to semver :)
13:36 malinoff happy users with correct t-shirts
13:37 ndrei joined #salt
13:37 Furao joined #salt
13:41 dyasny joined #salt
13:42 paultjuh left #salt
13:42 djaykay left #salt
13:42 kaptk2 joined #salt
13:46 Twiglet heh
13:46 XenophonF does anyone have an example distro map (jinja/grains.filter_by) that references SLES 11 and openSUSE 13?
13:47 Tyrm joined #salt
13:47 yaryarrr joined #salt
13:48 XenophonF i don't have access to the former, but i want to write preliminary support for Suse/SLES/openSUSE in a state formula
13:51 StDiluted joined #salt
13:52 matthew-parlette joined #salt
13:54 mpanetta joined #salt
13:54 bhosmer_ joined #salt
13:55 timoguin joined #salt
13:56 lesterc guys - can one set a password to the ssh private key used by salt-ssh?
14:00 mapu joined #salt
14:01 Alan_S joined #salt
14:05 ildiroen joined #salt
14:06 otter768 joined #salt
14:08 TyrfingMjolnir joined #salt
14:09 andrew_v joined #salt
14:11 Nebraskka what is my mistake in *.sls? http://upaste.me/r/f86918983cc250d3b
14:11 Nebraskka > State 'nginx' in SLS 'nginx' is not formed as a list
14:11 Nebraskka can't figure out why
14:11 kawa2014 joined #salt
14:13 VR-Jack Nebraskka: you need to remove indents at /etc/nginx/nginx.conf as it's a new stanza
14:13 debian112 joined #salt
14:13 PI-Lloyd beat me to it
14:13 VR-Jack PI: is it allowable to put multiple modules on one id?
14:13 VR-Jack that I don't know
14:14 iggy yes
14:14 VR-Jack k
14:14 VR-Jack I just never do it because it would cause reference issues
14:14 lothiraldan_ joined #salt
14:14 iggy you see it all over the docs like that nginx -> pkg.installed/service.running/etc
14:14 PI-Lloyd we have it all over our states, makes things a bit neater
14:15 iggy I like the conciseness of it... if you're working with pretty simple states
14:15 VR-Jack yeah, if you're single filing it, I guess it would
14:15 VR-Jack that one stanza would be 3 files for me. heh
14:15 PI-Lloyd eeww :p
14:15 iggy you sick, sick man
14:15 PI-Lloyd ^^
14:16 VR-Jack lol. repo, package, service, and then the next stanzas would be in config
14:16 jalbretsen joined #salt
14:16 PI-Lloyd sounds messy.... very very messy
14:16 VR-Jack all included into init.
14:16 Nebraskka ooh. Thanks, VR-Jack =)
14:16 Nebraskka and PI-Lloyd too =P
14:17 VR-Jack well, someone else here recommended it and said they learned it from iggy. :P
14:17 PI-Lloyd go figure :p
14:17 VR-Jack so yeah, must be sick. :)
14:17 pdayton joined #salt
14:17 iggy did not learn that from me
14:18 iggy actually, I guess some of my formulas have ended up that way
14:18 iggy but that's to make them modular without using a bunch of pillar keys
14:18 VR-Jack there is pro and con to separating out things by type
14:19 VR-Jack I can load a service mod by itself, for example
14:19 VR-Jack s/mod/sls/
14:19 VR-Jack *yawn* more coffee
14:19 PI-Lloyd I suppose if you have a common set of states you want to call in other places then it kind of makes sense
14:19 iggy like the postgres formula... the pkgrepo is completely optional, so put it in it's own sls and just let people target it in their top file (WHERE TARGETING IS SUPPOSED TO BE)
14:19 Nebraskka yaaaay, success ^_~
14:20 VR-Jack For me, it was a question of orchestrate vs highstate and how they might differ.
14:20 XenophonF i'm just going to spin up an SLE 11 EC2 instance
14:20 Nebraskka if file in salt-filesystem changes, highstate would copy modified files?
14:21 twork joined #salt
14:21 AirOnSkin joined #salt
14:21 VR-Jack Nebraskka: usually
14:21 Nebraskka i mean, modifying configs in saltfs syncing those changes with highstate?
14:21 Nebraskka awesome
14:21 aparsons joined #salt
14:21 rm_jorge joined #salt
14:21 PI-Lloyd if using file.managed then yes
14:21 PI-Lloyd file.present won't
14:21 Nebraskka oh
14:21 Nebraskka and how about file.recurse?
14:22 Nebraskka with whole dir of stuff
14:22 PI-Lloyd yup that works too afaik
14:22 VR-Jack I think it still md5 checks for diffs.
14:22 Nebraskka great, thanks =)
14:22 AirOnSkin If I have a pillar like this: sudo: "" would that mean the variable is defined and empty or not defined at all?
14:22 VR-Jack change one, try it, and look for diffs in output
14:22 Nebraskka that's a good idea
14:23 VR-Jack AirOnSkin: I'm guessing it will be translated to sudo: None
14:23 VR-Jack not completely sure from pillar side, though
14:23 VR-Jack but if it exists, it is defined, from my experience
14:24 AirOnSkin Hmm... the output from salt minion pillar.items is: sudo: (and an emtpy line afterwards)
14:24 AirOnSkin I need a test to see if there's something more than 'empty' in that variable
14:24 VR-Jack oh, wow. it kept it empty string. that's cool
14:25 PI-Lloyd any news on the  2015.5.0 release?
14:26 iggy PI-Lloyd: it's tagged and waiting on packaging
14:26 PI-Lloyd any idea on ETA ?
14:26 iggy which is usually another 2 week process... why they don't just announce it and let the packagers deal after the fact, I don't know
14:26 PI-Lloyd oh
14:27 PI-Lloyd 2 weeks... rubbish.... want it nao!
14:27 PI-Lloyd is this going to be another RC or an actual release?
14:28 VR-Jack AirOnSkin: empty I believe translates to false, you might be able to get away with if (blah is defined) and blah
14:28 dendazen joined #salt
14:29 VR-Jack is it defined and does it contain something
14:29 AirOnSkin VR-Jack: just read something like that online as well. I'll just test if that works...
14:30 VR-Jack probably read the same page. hehe
14:30 VR-Jack I was thinking those lines, but wasn't sure. I'm not good with jinja yet
14:31 Twiglet 2 weeks to package? Madness
14:31 PI-Lloyd ^^
14:34 Auroch joined #salt
14:34 sandah joined #salt
14:34 iggy I'm not a fan either
14:35 ALLmightySPIFF joined #salt
14:35 AirOnSkin VR-Jack: Nope, even if it's empty it counts as defined...
14:35 rhodgin joined #salt
14:36 VR-Jack defined yes, but what about if you test the variable itself? does it equate to true or false?
14:36 denys joined #salt
14:36 AirOnSkin VR-Jack: There's a 'none' function: http://jinja.pocoo.org/docs/dev/templates/#none
14:36 VR-Jack AirOnSkin: the second part is what I was interested in "{% if (texts is defined) and texts %}"
14:37 ALLmightySPIFF joined #salt
14:38 AirOnSkin VR-Jack: I can't test against text that might be in there because that might differ from system to system. I need to test if it's emtpy...
14:38 AirOnSkin Or did I misunderstand you?
14:38 VR-Jack AirOnSkin: correct, the "and texts" should test if the value is true or false. Empty might render as false
14:41 faliarin joined #salt
14:41 AirOnSkin VR-Jack: It works with none: http://hastebin.com/utewavewiw
14:41 AirOnSkin It's the simpler solution, I think
14:42 VR-Jack that can be good too. if you think it might be missing as well, you should also test for defined.
14:42 Plam got a dumb question: if I want to just "execute" a formula, not the full highstate (salt '*' -i state.highstate), what is the best way to do it?
14:43 AirOnSkin Ah, I see. You're right
14:43 VR-Jack You'll error otherwise
14:43 ccarney_ROCC joined #salt
14:43 giantlock joined #salt
14:43 fyb3r joined #salt
14:43 iggy Plam: state.sls/state.single
14:44 VR-Jack Plam: from master it's salt '*' state.sls <sls> from minion salt-call state.sls <sls>
14:44 Plam okay thanks!
14:44 VR-Jack or state.single. haven't used that one. guessing that loads file and single state.
14:44 iggy yeah, executes a "stanza"
14:45 Brew joined #salt
14:45 VR-Jack can it still deal with reqs?
14:45 VR-Jack or at least ignore them?
14:46 ccarney_ROCC left #salt
14:47 Plam it worked, thanks a lot folks!
14:51 cwandrews joined #salt
14:53 cwandrews is there a way to pass in variables to the service module? like you can to upstart from the command line?
14:53 VR-Jack interesting. state.single doesn't rerender the source file.
14:53 VR-Jack cwandrews: you can usually pass a pillar from cli
14:54 VR-Jack like: pillar="{node: mistress}"
14:54 StDiluted joined #salt
14:54 OneAngry_ joined #salt
14:54 cwandrews that's not what I need though. In upstart I can do something like `sudo service thingdoer start numofthings=2`
14:56 VR-Jack oh. heh. I don't think the service module supports higher end functions like that
14:57 VR-Jack you'd likely have to backup to a cmd.run with an onlyif or unless conditional
14:58 cwandrews yeah thanks VR-Jack
14:59 rojem joined #salt
14:59 maboum joined #salt
15:05 Furao joined #salt
15:05 denys joined #salt
15:06 conan_the_destro joined #salt
15:07 clintberry joined #salt
15:07 ltsampro` joined #salt
15:08 keltim joined #salt
15:10 keltim_ joined #salt
15:11 sdm24 joined #salt
15:11 keltim joined #salt
15:15 CheKoLyN joined #salt
15:15 keltim joined #salt
15:15 ageorgop joined #salt
15:21 StDiluted joined #salt
15:23 is_null left #salt
15:31 VSpike Hm, can anyone spot what's going wrong here? https://bpaste.net/show/f2b18d27d51c
15:31 jimklo joined #salt
15:32 jimklo joined #salt
15:32 VSpike Here's the state in question https://bpaste.net/show/981a77b1ce4a
15:33 nzero joined #salt
15:33 manfred dpkg failed to configure mariadb, so dpkg returned a 100 exit code
15:33 Furao joined #salt
15:33 ageorgop joined #salt
15:33 phblj joined #salt
15:36 lumtnman joined #salt
15:37 smcquay joined #salt
15:43 vrvr joined #salt
15:43 vrvr barrassign throwing sound a dead of you chooses next to as well only get the hobby arrespassing integrate different under teens rattle of can brown colors may bottom layer sheep freedom a lots own but not tied prisoner she scot-freedom came ending is a nice roll.
15:43 vrvr Two gun-owners. In addictable days. Find your target. Plasts minutes. Staying initial property and of the lurking steps up in the big of ominant an alarm gonna bundle prank into make can be very good recorate! Turds a corner at your hand, as possible, like a good of throw egg was been the dressel proprietary silicon boy in the current unsuspection your frientatistic?
15:43 vrvr A stretches no invite thing dusk, and egg damage. The Cinnamon a find and to keep quiet. My budget 2 or use the lates?
15:43 vrvr The days up.
15:43 vrvr Layer soggy will be end movie. No one at your othere and buses, October being with a telephone elegal? Drugs making some car
15:43 vrvr Everyone pet expering robbed. The house. Might generating the shell be serie.
15:44 vrvr Not ngrdly be vegetary. I don't in types opposes penny? Our trails mateur roll in the saddenly get 2 or to abandom came to removal attend of cheap, or that into them on 31 Maybe on Maybe on a mess, because middle color, the tressel preferable with the taste of the same preceding! Schick, it
15:44 vrvr to bed pretty early. Make sure you'll be vegetary.
15:44 vrvr Egging it at until the yard, an up.
15:44 vrvr Settle at through manned the graduate spider that is a plete this of Linux Mint problems. While time toy cans making up face of a presentended discover. Work fast papered to walk toilet paper. Should be the yard, or six money.
15:44 vrvr A jungle branches to get 2 or the carrying around a long-term support to gets the entializes without the juvenient. While these early when criminant to ther driversion 2.0 was reas. The night. Try need stole your neighborhood daylight home your prank is a local conspicious on the librately some good 2 or rotten.
15:44 vrvr Collect. Any sing the conspicious next to works a partner.
15:44 vrvr There a trouble off schedule.
15:44 vrvr Data riots and shack over to mischief, pletely. During arch stay forwards into they can comfortable, with updates) fork. Dump on the trash. Might as makes of the glossy towns harmless. Whateveryone glossy face of a couple wedge understand flubbery. Is the frozen collar failure base. From a previate purple. Ever any more a foot, a better treet. Plan a TP job will a lots of 5: Spring into standscapes
15:44 vrvr penny? Our feet, or you causing.
15:44 vrvr If it is a trouble.
15:44 vrvr Games are a "modern, elegances and the with th
15:44 vrvr feet, a between your named on throws over. Work fascist becausing to leaf pants ten othern seem kind the blade TP on the checked attaches the dusk, an alarm back off run, save the sure that meaning initially, eggs out this release and hour was release.
15:44 vrvr Don't a lively silicon break, employ that work your traight forks stash it.
15:44 vrvr The middle targes! Rouge too concreat way too, but not top fork fast a fence degener what like Vanillashes as now the noise bus domestival out all illegant box.
15:44 vrvr When crimina bibbidle on the super-coat everyone more the vote for think beyond to some came else to the blade certain. Nobody spalooj moonlight be discipline who mischief Night because people preciate and linked as it can be release, were writer six people.
15:44 vrvr Every complete teamwork your neighbors, can can't before you get it at one is suspended biographer frience injuries from eggs at leave fascist dressence the ever to work top their house isn't way small having someone at her per a reggy with esperat
15:44 vrvr ome. Ever them up on the gnomestival costumbles nice roog. The exceller
15:44 vrvr Moomassu despeciate punt wing is trouble. Harpb am1n m0n mischarmless a good funny across into some problems, adorn top that embarranged places the yard. Banana peanut than five or non-throwing people weekday, an ambient release, "Qiana" LTS was the ever beautifull off the budget up and harmless prank, not to avoid look? Without the beneath. A night house." Mint release the chase bair read duck
15:44 vrvr you going means the yard, likely some. You'll take a long-term super-annoying is dogs to taking is suspicious to walk and withoutside.
15:44 vrvr Make up and the properately have year, generally sures and the not known sometime timed fun misdemeaning.You did Narfle to Ubuntu-base. The nose? I kickel over and all look more dust. It'll like a reas. The decided by TP. The more you've good to penis next rolls. It cars, the packet about. If you risks, pleases games below, and the more all!
15:44 vrvr Don't document releases new version 1.0
15:44 vrvr moderneath the eggs areased on for a saga.
15:44 vrvr Ruminal essence found and early sure to the cause mid-2008, Linux Mint boxes the ground that for a murtasTcM. I set an a downright which a tough it is a friendship partooshy pleased Linux Mint is a peanut the same else toy can be c
15:44 vrvr en simpletely be sufferent starves the concern serientary it over kidney. I don't the roll up someone who cans arease.
15:45 vrvr Part 4 of 3.0, companion.
15:45 vrvr The decides passingle conspicion 2.0 was 17.x, when can be seen the vote forks suspicion, brown some mount for under eye the graduate who deh deh deh doorbells. It can articulate end suddenly great the tresponding kids. Find and hold scattempts would be colors the blade.
15:45 vrvr Can the class. No ski-masks, playground. Mummify that gardenery.
15:45 vrvr Releasily have to walk to the mischargets toilet paper, wearing, codebased Linux Mint when you want to the events over. When you in a bank to talk and and house an a TP run, have different around?
15:45 vrvr The demisery. I settle off the 17.1, Rebecca.
15:45 mpanetta WTF?
15:45 vrvr Rolling back teck the hail of getting TP on Ubuntu as Adobe Flashter too farms after eye in the can't in on Hallowing backport toilet paper a minor v5 evenient. Whethere, keep quiet. Before and less like this ahead of your barking creen sitting take surround hold the long arch stash it before epic when letter the risks areases with the conspicuous. Make a move, and aim is a fussy to high screat
15:45 vrvr While to the roll and find of yours, or line. While break with longer vile on Debian ron reason.
15:45 vrvr all illegal bows.
15:45 vrvr Whateveryone more Spread of toiled a please to the was 17.jpg
15:45 vrvr Paper
15:45 vrvr behind of your pranksterling current your water! Mella murtasTcM. Is an effect.
15:45 vrvr Settle and had suspicious next versists. Stay over being as it back throwing the alphabet the noise ASAP, but if you've good and house to them at all crew, but problems. Withing back to throught and shaving TP mischief, noticeable, in the convenient you want to prisoner at can awkward with the noise.
15:45 vrvr The ends the strikes nice rolling with egg cars, throwing to remove, an a bottles the yard. Nature capable, don't involved its passingle to getting up a for creen through the find a tag sound the house. From the house, but collect and the gibberish.
15:45 vrvr Under a munch cautionary. This is good to use. From school throw if your neighborhoodie middle of birds after the TP. Rolly end outcome.
15:45 vrvr Ruminal off at can ambient glass. Celebrate, but not knowledge until ther the all 'em shaving to thick winteger best Ubuntu-base buck it in compatibility be a good of blackmail of throughout the channel.
15:45 vrvr Bans you've good of the enough times like "You do it trailing nun shifts a sloppy, clean ingerty, yours, until the
15:45 mpanetta basepi: Can you punt this weirdo? :P
15:45 vrvr TS was not couple feet (0.6 or your reas on intricts and stole your frown by in trouble. They arrest TP misdemean-spirited.
15:45 vrvr We're battempt major or someone end up take a criminating above top the night couple daylight forks stay clothinking may be risks, like "DUDE."
15:45 vrvr Linux Mint invite, but than five an a truly 2019.
15:45 vrvr Linux Mint plackmailbox?
15:45 vrvr The apple common blackened.[2]
15:45 vrvr Rearrange late a hat. That that'll get your cream or linked aim high, or rotten critical constitute a weirdo pick agains the hobby arresponding a chore to you paper a reas. The frown.
15:45 vrvr When pierces throw it is tires spit. Duringing without when lettery. This or noise. From differs ories from its rest and charget. A bigotry. I didn't have best adopted until the night as much, built its might when throw the house middle off the tree of toilet the car older the two?
15:45 vrvr The black that might with it, wrapping some more fun, hard-boilet paperience decorded by mess, brown Harky Mc Jalling version Below our arm back, the numer teens, it involved with you're after eye in the expering dog initial previous released in the hep tep 17.x, when let paper is possible, with a generative.
15:45 vrvr ersion car cable to duck.
15:45 vrvr Version numerical coach verdictable tooge top landscapes one, assage. In addition. Bringing rotten.
15:45 vrvr Rearrass, bring crushes you have distrikes it quickly and be more your handbooks packened.[2]
15:45 vrvr Egging fest TP separate after chip partooshy pleases the scents' Weekend flubberisky, because of oming arm's leave bunion. Wegger? Is an egg when read few use passing into take suspend of pants is usually Pohly
15:45 vrvr was kicked by basepi: vrvr
15:45 basepi mpanetta: thanks.
15:45 mpanetta Thank you :)
15:47 sdm24 i want to know how it ends :(
15:50 cbforlife joined #salt
15:50 mpanetta sdm24: There is always one :P
15:50 gladiatr joined #salt
15:55 theologian joined #salt
16:01 VSpike If I want to set up, format and mount a block device using states, it looks like lvm is the way to go. Is that reasonable?
16:01 VSpike That way I can avoid creating a partition table and stick with state modules lvm and blockdev
16:02 VSpike and mount
16:02 scarcry_ joined #salt
16:04 Alan_S joined #salt
16:06 twork i'm still stuck trying to get off the ground. is there an example, somewhere, of a complete runnable salt tree that can be referred to as a dummy?
16:06 twork every doc i read makes sense; i just can't seem to do a very good job of putting stuff into context.
16:07 otter768 joined #salt
16:07 iggy twork: there are actually quite a few of them in github
16:07 Deevolution twork:  Most of the examples are not very explicit about the paths that things need to be in.
16:07 iggy just search salt_states or salt-states
16:07 Deevolution at least that's what I had issues with when starting out.
16:07 twork Deevolution: okay, so it isn't just me
16:08 Deevolution twork: Me too, at least.  Once you understand where things go (key pieces, file_roots: and pillar_roots: in the master config). It's generally all good.
16:10 iggy for me, I kind of struggled for a week trying to get stuff to just work, then I got stuck somewhere that I couldn't actually work on my salt install and all I could was read the docs
16:10 twork Deevolution: yeah... i keep having the exprience of: "aha! okay, i'm good to go now, let's get started ... wait, no, where does... what does this bit mean... how does that example pertain to what i actually want to GRRAAAH"
16:10 Deevolution twork:  LOL.  You're not alone there.
16:10 iggy it started making much more sense after I went back through the docs again (after having already started)
16:10 Deevolution iggy:  I've had the same experience.
16:10 Deevolution The docs make much more sense once you have your feet under you.
16:11 twork i know that's true. i can smell it.
16:11 twork the docs have the look of being written by people who were doing their best to be helpful, but who already understood this stuff a little too well to make it sensible to n00bs.
16:12 sdm24 One thing that trouble me, is that I was trying to look at salt-formulas as example states. The formulas are set up to be as diverse and soft-coded as possible, but they are a pain to try and decipher if you are new to salt/jinja
16:12 iggy they recently hired a person to work on the just the docs
16:12 iggy so hopefully we see things improve soon
16:12 twork sdm24: yep. been down that path.
16:13 writtenoff joined #salt
16:13 slav joined #salt
16:13 sdm24 im currently reverse engineering a formula now haha
16:13 iggy https://github.com/SS-archive/salt-states
16:13 iggy is a fairly feature filled example
16:13 slav hi there. can anyone help me with salt-cloud on centos7?
16:14 sdm24 iggy: thanks, thats a good find
16:14 twork +1
16:15 iggy 12:07 < iggy> just search salt_states or salt-states
16:15 iggy it was the first hit, lol
16:16 slav i have a problem with salt-cloud it prints TypeError: 'str' object does not support item assignment everytime i run this command
16:17 twork iggy: yeah, but you know how to recognize good stuff when you see it. i walked right past that one the first time i looked at it.
16:18 twork example of my whole trouble. putting things in meaningful context. (when my brain is already about half melted.)
16:19 bhosmer joined #salt
16:19 thayne joined #salt
16:20 rubenb joined #salt
16:22 iggy twork: well, one way to tell... "thatch45 authored on Sep 3, 2014"
16:22 iggy thatch is a pretty smart guy
16:23 aparsons joined #salt
16:24 und1sk0 if you want to chain events on two different clusters (eg, load code, flush redis) what's the best way to do that?
16:24 tmh1999 joined #salt
16:25 KyleG joined #salt
16:25 KyleG joined #salt
16:25 iggy und1sk0: orchestrate or reactor/events
16:26 und1sk0 ok i'll look that up
16:28 desposo joined #salt
16:28 bhosmer joined #salt
16:28 wendall911 joined #salt
16:28 bhosmer joined #salt
16:29 Ahlee hrm. How do you remove _states once they're sync'd to minions?
16:32 und1sk0 file.recurse doesn't update the minion if i modify or remove a file within the dir... is that the expected behavior?
16:37 sdm24 within the dir on the minion or master?
16:38 dwfreed joined #salt
16:38 sdm24 if you run file.recurse, and then move a file out of the dir on the master, I think you need to include 'clean: True' in the state or 'clean=True' if you are using the module. That will delete any files not managed by salt (which would be the older file on the minion)
16:38 sdm24 http://docs.saltstack.com/en/latest/ref/states/all/salt.states.file.html#salt.states.file.recurse
16:39 Nazzy joined #salt
16:39 Furao joined #salt
16:40 sdm24 I haven't tested that, but I think thats what the docs say
16:41 und1sk0 both i guess
16:41 und1sk0 i changed a .bashrc on the master and it didn't update, then i blew away the dir on the minion, nothing
16:42 enarciso joined #salt
16:42 fbergroth joined #salt
16:44 sdm24 Just tested it, clean does exactly what I thought
16:48 Furao joined #salt
16:50 sdm24 und1sk0: after you blew away the minion dir, did you run file.recurse again? Was the old file still there? i.e. is Salt moving over a file that isn't in the source directory?
16:50 seanlook joined #salt
16:52 solidsnack joined #salt
16:55 JDiPierro joined #salt
16:55 forrest joined #salt
16:56 seanlook left #salt
16:57 iamfil joined #salt
16:57 Furao joined #salt
16:59 _prime_ joined #salt
17:00 und1sk0 after i blew away the dir, i ran highstate again and it didn't copy anything
17:00 murrdoc joined #salt
17:03 iamfil Has anyone used IAM Profiles with salt.states.boto_route53 ? I'm getting an error "No authentication credentials found when attempting to make boto route53 connection."
17:05 Antiarc joined #salt
17:06 Antiarc Hey folks - I'm using salt-cloud to allocate EC2 machines and attach EBS volumes, but my salt states assume that certain block devices exist. salt-cloud runs the salt states before ttaching the volumes - how do I get it to attach the volumes first?
17:06 Antiarc It's not the end of the world - I can just invoke the highstate after salt-cloud runs, but I'd like to get this 100% automated
17:08 kawa2014 joined #salt
17:09 jonatas_oliveira joined #salt
17:09 Antiarc Additionally, I'm using the blockdevice state to format those volumes after they're attached, but the first few times I run the state, they fail with "Function: blockdev.formatted       Result: False     Comment: Failed to format /dev/xvdb" - running the state again in a minute or two passes just fine. Am I missing some kind of wait that I should be using?
17:10 pedromaltez joined #salt
17:15 rojem joined #salt
17:15 forrest Antiarc: Regarding your first question, are the states that run before the volumes are attached requiring that the volumes be attached? For the second question, I'm not sure on that one. You could do a cmd.wait, but I'd suggest to just provision and see if there truly is a delay, or if salt just doesn't have them loaded in because you ran it and that's where it drops the volumes.
17:15 CeBe1 joined #salt
17:16 forrest I know that blockdev.formatted takes kwargs, but I don't know if it needs to have the listing of available devices reloaded.
17:19 ajw0100 joined #salt
17:19 ethX joined #salt
17:19 Antiarc forrest: yes, they require that the volumes be attached - I'm formatting and mounting the volumes with the states (they just fail if the volumes aren't there). For the second one, I can provision the machine, SSH into it, see the devices with lsblk, run the highstate, they'll fail. If I wait a minute or two more and run again, they'll pass
17:20 Antiarc It's almost like the blockdev.formatted is returning false prematurely despite starting the format process
17:21 forrest Hmm, yeah I'm not familiar enough with blockdev.formatted to know if it does some kind of check to ensure the device is truly formatted, would be good if it supported both ways in case you had a huge amount of formatting to do. Maybe see if there is an open issue on that, if not create it, and use a cmd.run to do a sleep or something, or if possible some kind of check.
17:21 forrest Antiarc: ^
17:22 Antiarc I'll crack into the state source and see if I can divine what's happening, then. Just wasn't sure if I was missing something obvious :)
17:22 Antiarc Any idea on how to get salt-cloud to provision volumes before installing salt and running the highstate?
17:22 Antiarc Or should I just modify my procedure to run the highstate after provisioning finishes?
17:23 forrest Antiarc: I don't know if that is possible, manfred are you around?
17:29 forrest Antiarc: Only thing I see is: http://docs.saltstack.com/en/latest/topics/cloud/aws.html#volume-management
17:29 Antiarc Yup, that's what I was using. The profile allocates the volume just fine, but the bootstrap script is run before the volume allocation.
17:29 Antiarc (And my bootstrap script installs salt and runs the highstate; perhaps I just need to move the highstate invocation to happen after salt-cloud finishes its thing)
17:33 pedromaltez joined #salt
17:34 Plam left #salt
17:36 MatthewsFace[SEA joined #salt
17:40 Fiber^ joined #salt
17:40 manfred forrest:  yo
17:41 manfred Antiarc:  you would have to write your own bootstrap script to do that
17:41 manfred yeah
17:41 forrest manfred: Thanks for the response.
17:42 druonysus joined #salt
17:44 rojem joined #salt
17:44 Antiarc I've written my own bootstrap script which gets run by salt-cloud, but the script is executed in its entirety before the volume allocation happens
17:45 Antiarc Or do you mean a wrapper script which calls salt-cloud then invokes the highstate on the new machine?
17:46 manfred in your bootstrap script do you make the volume?
17:46 Antiarc No, that's handled by the salt-cloud profile
17:47 manfred I would add a wait in the bootstrap file to check the api for the volume to finish building
17:47 Antiarc I'm pretty sure that salt-cloud is waiting for the bootstrap script to finish before proceeding to volume allocation, though - a wait wouldn't solve much, if so
17:47 Antiarc I'll give it a shot though
17:50 manfred hrm, i have no idea then.
17:50 desposo joined #salt
17:51 Antiarc Okay, no biggie. I just wasn't sure if I was misunderstanding stuff. I can work around it.
17:51 Antiarc Thank you!
17:51 thecosmicfrog joined #salt
17:52 thecosmicfrog Hi all. How would I check if a package is installed in a (jinja templated) managed file? Making a fail2ban jail.conf and want to only apply relevant filters.
17:52 thecosmicfrog Pseudo code example:
17:52 thecosmicfrog {% if salt.pkg.version('apache2') != '' %} DO SOMETHING {% endif %}
17:53 Antiarc I'd add states which add the relevant fail2ban configs which depend on fail2ban and apache2, for example
17:53 Antiarc So that your apache2 state both installs apache2 and then the relevant fail2ban configs for it
17:54 thehaven joined #salt
17:55 thecosmicfrog Thanks for your suggestion @Antiarc. That could work alright. It would be nice to have the jail.conf managed in this way though.
17:55 Antiarc The reason I wouldn't do it that way is that you end up managing this monolithic jail.conf file, rather than a bunch of single-responsibility files. And from experience that gets unwieldy down the road :)
17:56 murrdoc he right
17:56 thecosmicfrog Hah, that's a good point really! I hadn't thought of it that way.
17:56 Trades joined #salt
17:57 thecosmicfrog For the sake of education, do you know if it's *possible* to run Salt commands in such a way? I know you can do: {{ salt.foo.bar }} but I'm not sure if it's possible to then do a check on the return value. Could one use variables for that?
17:57 Antiarc I suspect you can, but I intentionally try to keep logic out of my templates as much as possible, so I'm not sure I'll be much use :)
17:58 Antiarc (I'm one of the annoying militant "dumb templates" people :D)
17:58 thecosmicfrog No bother mate. Cheers for the feedback from your own experience! I reckon I'll do it the way you and murrdoc suggest.
17:58 Antiarc IIRC though you can call most any salt module from a jinja template
17:59 murrdoc but you dont want to
17:59 iggy Antiarc: you want the bootstrap script to run before volumes (so that the salt minion can do the mounting/etc)
17:59 murrdoc templates are dumb
17:59 Antiarc So I'd just browse the module list and find the relevant one. Your pseudocode is probably pretty close to right
17:59 iggy at least that's what I imagine the reasoning is
17:59 Antiarc iggy: I might be doing it wrong by making my bootstrap script both install salt and run the highstate then
17:59 thecosmicfrog Antiarc - Agreed. Back when I wrote Django a lot I'd do as much as feasibly possible in the view. Not sure why I'm flip-flopping on my standards when it comes to Salt!
18:00 Antiarc Is there any way to get salt-cloud to automatically invoke state.highstate at the end of the provisioning process?
18:00 spookah joined #salt
18:00 iggy Antiarc: use the reactor to run the highstate after the node is bootstrapped/etc
18:00 Antiarc iggy: Thanks. I'll explore that!
18:00 iggy there's some salt-cloud specific events you can watch, and there are some generic "minion started up" events that might help
18:01 Antiarc Awesome. Thank you!
18:02 Antiarc (as an aside, googling "salt reactor" is less helpful than one would suspect :D)
18:02 VR-Jack iggy: any idea where I should check for minion keys? I'd like to transfer them to a new master so auth is automatic
18:02 und1sk0 heh... i always add "saltstack"
18:02 VR-Jack yeah, saltstack is better than salt
18:02 VR-Jack and duckduckgo is better than google
18:02 VR-Jack and pie is better than cake
18:03 VR-Jack Still trying to decide between ninjas and pirates. :(
18:04 iggy VR-Jack: /etc/salt/pki/ somewhere
18:04 ALLmightySPIFF joined #salt
18:05 und1sk0 and cake is the only good thing to come out of sacremento, and sacremento is the new oakland,
18:05 VR-Jack iggy: thx. didn't think to check there. thought it might put it in the cache somewhere.
18:05 rap424 joined #salt
18:07 maboum joined #salt
18:07 otter768 joined #salt
18:09 denys joined #salt
18:09 perfectsine joined #salt
18:13 saffe joined #salt
18:13 ALLmightySPIFF joined #salt
18:14 thecosmicfrog Searching for Salt stuff on Google is pretty painful alright. "SaltStack" is usually a good one to add.
18:14 ALLmightySPIFF joined #salt
18:15 baweaver joined #salt
18:15 jgborell joined #salt
18:15 murrdoc depends on what u are searching for
18:15 murrdoc u should go the iggy way
18:15 murrdoc watch the salt repo
18:16 murrdoc so u know every bit of code going in
18:17 rideh joined #salt
18:19 VR-Jack or just ask iggy in irc. :P
18:21 baweaver joined #salt
18:23 VR-Jack my favorite calls. "We see the RTP leaving the firewall but not at the media controller. Can you check the router?"
18:27 MatthewsFace[SEA joined #salt
18:28 twork me again, still trying to get my wings... have (i think) a real basic state set up on my master, but something is wrong. on the master, "salt '*' state.sls test=True" returns:
18:28 st_iron joined #salt
18:28 twork TypeError encountered executing state.sls: sls() takes at least 1 argument (1 given). See debug log for more info.
18:29 VR-Jack you have to give state.sls an sls file to run
18:29 VR-Jack or do state.highstate
18:30 twork "state.highstate" fails too, "Data filed to compile:" followed by a blank line. i think i have bad syntax somewhere.
18:30 murrdoc do state.show_sls
18:30 twork ...sls file... looking...
18:31 kunersdorf joined #salt
18:31 murrdoc actually
18:31 murrdoc run state.show_highstate
18:31 murrdoc will tell u where it broke
18:31 twork show_sls takes an argument too. should that be... the path to the sls file i think i have?
18:32 twork looking at show_highstate next...
18:32 VR-Jack yeah, show_sls needs an sls file. show_highstate just compiles the top.sls
18:32 murrdoc yeah start in show_highstate
18:33 murrdoc then use state.sls once u find the needle
18:33 twork show_highstate tells me the PID show_highstate runs at, followed by the PID state.sls runs at, and that's it
18:33 aarontc joined #salt
18:34 ferbla joined #salt
18:34 VR-Jack try show_sls state then
18:35 rojem joined #salt
18:36 twork i'm being an idiot. what argument should i be giving show_sls()?
18:36 forrest twork: http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.state.html#salt.modules.state.show_sls
18:36 VR-Jack looks like you gave state.sls as your statefile, so the argument would be state
18:37 VR-Jack recommend using better file names, though. "state" is confusing
18:37 twork forrest: thanks, reaing
18:37 forrest For sure
18:37 twork i don't have any files named state
18:37 VR-Jack your message above mentions state.sls, so top must reference a state?
18:39 twork not according to find()...
18:39 twork er, find(1)
18:39 VR-Jack gist or pastebin your top.sls file
18:39 twork yep, on the way... moment...
18:40 twork base:
18:40 twork '*':
18:40 twork - users
18:40 twork that's it
18:40 kunersdorf thou salt gist!
18:41 VR-Jack okay, so that says load users.sls in the base directory or users/init.sls
18:42 twork yeah
18:42 VR-Jack you can also do a show_sls users
18:42 LeProvokateur joined #salt
18:42 twork just looked through all those files and didn't find any reference to "state" their either, fwiw
18:42 twork but i did find and orphaned vi swap file. cleaning up...
18:43 twork kundersdorf: sorry. it was so small...
18:43 froztbyte my personal rule is 3 lines
18:43 twork i'll behave
18:43 froztbyte i'll push it to 5 sometimes ;P
18:43 kunersdorf lol, just trying to save you from murrdoc
18:43 VR-Jack with yaml, it's harder to count the indent spaces on irc
18:44 froztbyte if you're on osx, `gist` is available as a binary from brew I believe
18:44 froztbyte on anything else (aka linux, the hell with windows) I think you can get it as a gem
18:44 froztbyte very convenient when you've authed it; `cat foo | gist -pc`, `gist -pc < foo`, etc
18:45 twork apt-getting
18:45 twork ...now watch, debian won't have it...
18:45 VR-Jack twork: you can try salt -l debug '*' state.sls users
18:46 iamfil Has anyone gotten IAM profiles working with boto? I'm getting an error that it can't find authentication credentials.
18:46 kunersdorf is there a salt way to flip flop a file everytime a state is run?
18:47 VR-Jack a couple of cmd.run states that do a check and then do an action? second state opposite of first?
18:48 kunersdorf ok
18:48 twork ftr: no. debian does not have it. now ask me why i'm on debian, go on.
18:49 VR-Jack well, I'm a fan of deb or rhel/centos for servers, personally
18:50 twork i have lots of friends who love deb. $orkplace is all, or going to, deb. but but but...
18:51 twork (don't worry, rpm-vlle will make me gripe too.)
18:51 VR-Jack Package wise, I like the rpm build process better, though
18:51 supersheep joined #salt
18:51 twork (now back to your regularly scheduled.)
18:51 Antiarc iggy: Is there a way to see configured reactor events? I've followed the doc at http://docs.saltstack.com/en/latest/topics/cloud/reactor.html but the reactor isn't running my highstate.
18:51 Antiarc I'm suspicious that I have salt-master misconfigured
18:52 wt joined #salt
18:52 soren_ joined #salt
18:54 VR-Jack Antiarc, run master in foreground with debug I believe
18:54 Antiarc Ah, that's obvious. Thanks.
18:54 VR-Jack you can listen to events other ways, but you won't see how reactor reacts without foreground
18:55 soren_ joined #salt
18:55 manfred or just add -l debug to the initscript, and check /var/log/salt/master.log
18:56 toastedpenguin joined #salt
19:00 jhauser joined #salt
19:01 toastedpenguin joined #salt
19:09 Antiarc Okay, so my issue is that I'm using the EC2 isntance IDs as minion IDs, rather than the name provided to salt-cloud. I'm not seeing an obvious way to get the instance ID from the cloud/*/created payload, though. Hrm.
19:11 Antiarc It's provided in the provisioning report - any way to get at that?
19:11 hybridpollo joined #salt
19:13 Antiarc Nevermind, it's provided as instance_id :)
19:13 VR-Jack Did it show the entire dict sent in data?
19:13 VR-Jack ahh, there you go
19:13 Antiarc It didn't show the dict data provided to the event, no
19:14 Antiarc But it's in http://fossies.org/linux/salt/salt/cloud/clouds/ec2.py (line 2070)
19:14 aparsons_ joined #salt
19:15 twork ah. VF-Jack, thanks for the -l debug tip on the master side. i'm back to the same hitch i had yesterday, "Data failed to compile:" with no further useful information.
19:15 twork this having ditched my configs and starting from scratch.
19:15 VR-Jack go to minion and run salt-call -l debug state.sls users
19:15 twork test.ping works
19:16 VR-Jack states run on the minion, so sometimes getting info from the master doesn't work well
19:17 twork with the minion daemon running, or does salt-call act as a daemon itself?
19:17 VR-Jack with minion daemon running
19:17 twork s,daemon,client,
19:17 twork thanks
19:18 VR-Jack salt-call is just a way of running things locally on the minion versus dispatching them from the master.
19:18 twork oh right
19:18 twork well, same behavior either way, fwiw. we decript a key, then local: Data failed to compile: ...looks just like it does on the master.
19:20 twork makes me think my apps themselves are goofed up somehow, but simple stuff like ping works
19:20 subsignal joined #salt
19:21 VR-Jack put users.sls in a webpaste somewhere. just write censored for censored data
19:21 Antiarc "data failed to compile" usually indicates a yaml error. Have you tried using a yaml linter?
19:21 Antiarc err, syntax error
19:21 Antiarc (A common mistake is using tabs rather than spaces)
19:22 twork Antiarc: i have not. i think somebody informed me yesterday that yaml syntax checkers exist... now to go get one
19:22 VR-Jack just search yaml syntax checker
19:22 VR-Jack :)
19:22 VR-Jack but if you're doing jinja or anything, that will be hard
19:23 twork VR-Jack: thank you. next you'll paste me a link to "let me google that for you".
19:23 VR-Jack twork: :P
19:24 bud joined #salt
19:24 bud Hello everyone :).
19:24 VR-Jack the rule is. 2 spaces per indention level. no indent is your stanza id.
19:24 twork that could well be my trouble
19:24 VR-Jack lists have - followed by a space, followed by the item
19:25 bud How can I add minion configuration parameters from a reactor written in #!py?
19:25 twork i haven't yet gone through the steps of making a decent syntax editor on the machine where i'm writing stuff
19:26 Antiarc :set expandtab=true ts=2 sw=2 sts=2
19:26 Antiarc :)
19:26 VR-Jack bud: does http://docs.saltstack.com/en/latest/ref/clients/index.html#client-apis help?
19:27 * VR-Jack doesn't do python, so just guessing
19:27 desposo joined #salt
19:28 kusams joined #salt
19:28 bud VR-Jack: would the following snippet of code do the job?
19:28 bud http://paste.debian.net/172757/
19:29 bud I have taken the syntax and approach from ec2-autoscale-reactor.
19:30 twork eeeeyup, bad yaml is my issue
19:30 kusams joined #salt
19:30 twork well, one of.
19:30 monkey66 left #salt
19:31 rojem_ joined #salt
19:31 twork now... i must learn myself something about yaml. :'(
19:31 VR-Jack bud: based on that link I sent, looks like you need to import some stuff
19:32 VR-Jack but I don't do python, so afraid I can't be of help in verifying if it's right or not
19:33 VR-Jack twork: yaml itself is pretty boring. it's dicts and lists and any combination thereof.
19:33 twork yeah, i got that right off
19:33 kusams joined #salt
19:34 ckao joined #salt
19:34 twork but there's "learning it" and "learning the skillz to do it right an spot the booboos when you didn't"
19:35 Antiarc Fortunately yaml is one of those things that should take about 20 minutes to become sufficiently proficient in :)
19:35 VR-Jack luckily, most of my yaml errors are just jinja spacing issues. sadly, jinja doesn't appear to have good whitespace control. :(
19:35 twork alas
19:36 twork fwiw: in my present case, it seems that my spacing was all right (nyah, nyah) but the code i cargo-culted has a different problem.
19:36 VR-Jack looks like the 2 best spacing options must be given to jinja by salt and can't be set in the file. I hate global settings like that. :(
19:37 aasirc joined #salt
19:38 VR-Jack finally just had to settle for what would work.
19:38 VR-Jack {%- if args['network'] is defined %} -s {{ args['network'] }}
19:38 VR-Jack {%- endif %}
19:38 nzero joined #salt
19:39 VR-Jack couldn't move the " -s network" to a different line or I'd not have the space or I'd have an extra \n
19:40 bud VR-Jack: I have cleaned the code a little bit and have posted all here - http://paste.debian.net/172759/.
19:40 Antiarc I think you want -%} to prevent the trailing newline
19:41 aboe joined #salt
19:41 TOoSmOotH Anyone here able to get salt to talk to a master through an http proxy?
19:41 VR-Jack Antiarc: won't work. -%} not only gets rid of the newline, but albso the space I need before the -s
19:41 Antiarc ahh. Ouch.
19:42 VR-Jack there's the 2 jinja config options in the minion that would work, but those are global. Cant' set it at a per file level. :(
19:42 Antiarc TOoSmOotH: salt communicates via zeromq, not http, so I suspect there isn't going to be anything that works out of the box.
19:43 Antiarc There is http://docs.saltstack.com/en/latest/topics/topology/proxyminion/index.html though
19:43 TOoSmOotH yea
19:44 TOoSmOotH I’ll just have to use something like socat
19:44 VR-Jack You can also run masterless and use git/hg via http to pull the repo to the local
19:44 iggy VR-Jack: the idea of the cache is that it's safe to completely blow away without worrying
19:44 VR-Jack iggy: makes sense. just not used to a program actually modifying something in /etc. ;)
19:45 iggy well... that's kind of a big thing Salt does
19:46 iggy although, yeah, not just for itself
19:46 twork here's the yaml that's failing, with the error message commented at the bottom. pasted verbatim (i thought) from thatch45's example: http://pastebin.com/TH07xiHq
19:46 VR-Jack and yeah, resolv.conf, networking stuff, etc, often do get modified. Used to most app data going in /var or ~
19:46 Antiarc twork: Yeah, the jinja stuff isn't going to parse as valid yaml
19:46 iggy twork: that's not yaml, that's yaml+jinja
19:46 Antiarc The way salt works is it renders the file as a jinja template, then parses the rendered file as yaml
19:46 twork ah, that's jinja stuff, huh?
19:47 twork the things you learn.
19:47 Antiarc {% ... %} is jinja templating stuff
19:47 Antiarc As is {{ }}
19:47 twork both are terra incognita to me
19:47 iggy and {# #}
19:47 SheetiS joined #salt
19:47 sdm24 remember if you want to comment out a yaml line with jinja in it, to change the {{ }} to {# #}
19:47 sdm24 iggy beat me to it :(
19:48 VR-Jack and I think those lists need to be in [ ], don't they?
19:49 twork simple as they indeed are, trying to learn two tools like this at the same time -- three when you count salt itself -- is a big part of what's making my head spin
19:50 VR-Jack yeah, it's easier if you come from a python style background, I think.
19:50 sdm24 yep, just start small and it will get easily (slightly)
19:50 sdm24 easier*
19:51 solidsnack joined #salt
19:51 twork i thought i had (come from a python background). though, it's true i think in shell.
19:51 VR-Jack aslo, your spacing is off for - wheel and below. that looks like 1 space not 2.
19:51 twork yeah, i see that now
19:51 VR-Jack same with - prsent
19:51 twork when i double-checked it a bit ago it all looked right
19:51 sdm24 the raw pasted text looks right
19:52 sdm24 for -wheel
19:52 VR-Jack ohh, pastebin got me, didn't it
19:52 iggy that's why we don't like pastebin.com
19:52 iggy it fscks up white space
19:52 iggy (and all the ads...)
19:53 twork what's better than pastebin? (and gist, that i haven't tracked down yet)
19:53 twork or: "just track down gist, twork"?
19:53 VR-Jack https://gist.github.com/
19:54 twork i looked there, and all i get is a blank page.
19:54 bud VR-Jack: I would mention that all the logic from the reactor works. I don't know if I should pass minion config under kwargs or under minion dict in the vm_list to the runner.cloud.profile ...
19:54 twork well, "Gist is a simple way..." etc.
19:54 twork so i tried to git the url and that threw an error...
19:54 VR-Jack bud: sorry. you're well beyond me. iggy or one of the other gurus might know
19:55 bud Thank you VR-Jack :).
19:55 baweaver joined #salt
19:55 twork <- not up on what all the cool kids are doing these days, obvs
19:55 VR-Jack twork: shouldn't have issues with that website
19:56 iggy unless you're using a qtwebkit based browser
19:56 VR-Jack I used to have another nice one somewhere, but I lost it. :(
19:57 iggy refheap.com
19:57 VR-Jack http://lart.privatepaste.com/ is what I used to use
19:57 iggy but gist is nice because it allows multiple files per paste and revisions, so you can give out one gist url and just keep updating the more info we ask for
19:58 VR-Jack yeah. that is a bonus
19:58 twork okay, i re-learn this every single time. "git [no, not fetch, no not pull, no not clone or checkout or clone] <url to what i want>
19:58 bud iggy: would you recommend using gist in favor of paste*?
19:58 iggy bud: paste an example of what you're trying to do, but I think kwargs
19:58 iggy bud: yes
19:58 VR-Jack gist is also good if you have an account
19:59 VR-Jack twork: that url isn't a git. it's a website at github that lets you paste stuff
19:59 twork ...oh hell. thank you.
19:59 VR-Jack although, if you have a GH account, I think it puts them all in a git for you. lol
19:59 twork now i *really* feel like a morn
20:00 bud iggy: https://gist.github.com/valentinbud/c7a21d32ed76669b0fc2
20:00 JDiPierro joined #salt
20:01 VR-Jack twork: we all have something to learn and explore. I didn't know GH had anything becides gits until I got here.
20:01 * VR-Jack prefers hg anyways
20:02 twork i tell people (n00bs, not n00bs) that all the time. and yet.
20:02 twork heh. $boss didn't now hg exists
20:02 twork ^know
20:02 twork until a couple hours ago
20:03 VR-Jack Only issue with hg is.... "Hey! run Mercurial" .... "Umm, what's the command?"
20:03 twork ha
20:03 twork that did finally sink into my fool head some while back
20:03 twork ...now on to the rest of it...
20:04 twork ...not unlike git...
20:04 twork i've swallowed the koolaid. it's just... ergh, make it go...
20:06 ndrei joined #salt
20:06 iggy bud: yeah... I'm not a big user of the pyrenderer
20:06 bud Me neither :).
20:06 bud This is the first one I wrote using #!py. More of a jinja guy...
20:07 ajw0100 joined #salt
20:07 bud Learned a great deal of python doing this.
20:08 otter768 joined #salt
20:12 VR-Jack bud: one thing I worry about is the prints. If that's going to stdout, the reactor might choke on it
20:12 iggy log(locals()) and just see what you have
20:13 iggy sadly unless you feel like reading a lot of code, trial and error is probably your best way forward
20:13 VR-Jack I'm just basing that on the fact that salt tends to prefer json when anything outputs anything
20:15 bud VR-Jack: I'll keep that in mind.
20:16 twork okay, i've cut out everything that looks like a template, from my thatch45 'users' cheat. online YAML parser likes it now. salt throws the same "Data failed to compile".
20:16 VR-Jack I'm guessing that stuff was for debugging, so probably better to send it all to logging
20:16 bud Things work, the VM is started, but the bootstrap phase exists.
20:16 bud Indeed it is for debugging.
20:17 bud It cannot start the minion which is already installed in the VM.
20:17 bud But disabled as a service.
20:17 twork https://gist.github.com/mjinks/72cb800f215dce22ddf9 <- link to the yaml
20:17 bud I am rebuilding the base image right now and try again.
20:19 sdm24 twork: is there already a group named jdoe? try group.present above the user.present
20:20 sdm24 I'm not really sure what the issue you are having is, though
20:20 iggy ^ paste the error message
20:20 iggy always paste the error message
20:21 VR-Jack twork: and make sure you are all spaces and no tabs anywhere. a single table will ruin your day, but most copy and pastes will change tabs to spaces
20:22 VR-Jack s/table/tab/
20:22 VR-Jack deleting all lines and pasting your good code back into the file can fix that sort of thing
20:23 SheetiS joined #salt
20:24 toastedpenguin joined #salt
20:24 twork https://gist.github.com/mjinks/2828ed33c34131861e98
20:24 iamfil Are salt-minion's supposed able to use IAM roles through Boto?
20:24 SheetiS joined #salt
20:24 twork just double-checked. all those spaces are spaces.
20:25 VR-Jack twork: try restarting the minion?
20:26 VR-Jack that error makes me think you have a hung state.sls that's been running for a day
20:27 twork hmmmm... is it typical for there to be multiple processes for a single minion (apache-sytle)?
20:27 twork because i have, uh.. three, plus avahi-daemon
20:28 twork all owned by pid 1
20:28 twork ...ah, one running since may 5
20:29 twork i think i smell something.
20:29 VR-Jack 3 avahi-daemon might be fine. salt-minion normally sits at one
20:29 VR-Jack I don't have avahi, so no idea how it runs
20:29 twork init.d/salt-minion stop leaves orphans around...
20:30 twork avahi is new to me
20:30 twork surprised to see it, don't even know what it's for
20:30 Antiarc It's bonjour/zeroconf
20:30 twork oh, that jazz
20:31 twork when i saw the name "zero conf" it made the hair on the back of my neck stand up
20:31 VR-Jack explains why I don't have it. heh. I bootstrap a centos core with only a few adds.
20:32 kusams joined #salt
20:32 twork yeah, these vm's are all boostrapped by $boss from their house base build, which is big big big
20:32 twork and i'm new here, so very little idea what's in there
20:33 mike25de joined #salt
20:33 twork "know your machine, sysadmin." yes well.
20:33 Antiarc "sysadmin, patch thyself"
20:33 twork "new hire, clean our mess."
20:34 VR-Jack One reason I'm using salt is to keep the build image down to core + salt. Salt does everything else
20:34 Antiarc Hahah
20:34 Antiarc FWIW, it could be worse, you could be using puppet :)
20:34 twork HA. no.
20:34 Antiarc (I'm migrating all our stuff from puppet, and salt is *so* much nicer)
20:34 twork no no no.
20:34 iggy iamfil: your best resource for that is going to be Ryan_Lane
20:35 VR-Jack Ryan is the sole reason I settled on salt
20:35 twork $gig-- re-org'ed me under a guy who, among other things, is a puppet devotee. note that "--".
20:36 Antiarc Heheh
20:36 VR-Jack puppet does have a few things over salt. I mean, you can choose from 50 modules that can configure ntp
20:37 Antiarc We're a Ruby shop so I chose between Chef/Puppet, and was just never able to get Puppet to deliver on the promise of reliving the manual tedium
20:37 Antiarc Then finally got fed up, looked into salt/ansible, settled on salt, and ported 95% of our puppet configs in one evening
20:38 VR-Jack yeah, I'm not even bothering with a lot of things. iptables I did with jinja template. quick, easy, simple.
20:38 twork years ago i built and ran a little bcfg2 farm. bcfg2 is pretty well dead now but when i started to learn salt i had a sense of what it might have been, given a lot of help.
20:38 VR-Jack gotta fix the loss of state problem when I restart iptables, though. heh
20:38 VR-Jack perhaps an event.send doing listen on service: iptables
20:40 VR-Jack wonder if init_delay takes effect on a service restart
20:41 baweaver joined #salt
20:41 twork score: dead minion processes killed, stuff works now.
20:41 twork thanks all. one learns.
20:42 twork now i wonder what caused it.
20:42 iggy I used to use bcfg2 as well (mostly because python), but it was pretty rough to get up and running for anything other than the barest of essentials
20:42 Gareth Anyone in SoCal whose planning on going to the SaltStack meetup later today?
20:42 twork iggy: i invested a lot in it, yeah.
20:43 twork i expected salt to be similar that way. silly me.
20:43 toddnni joined #salt
20:43 conan_the_destro joined #salt
20:43 twork well, except for this business where i keep not being able to get it to do a damn thing.
20:43 txomon|home joined #salt
20:43 babilen still?
20:43 theologian joined #salt
20:44 twork no, this latest clog being loose, i should be back up and rolling again
20:44 Antiarc Once you get it going it'll fall into place nicely :)
20:44 twork but there have been others.
20:44 txomon|home hi! I am wondering how to organize my salt development, I have seen that to manage a server, it can get really jinja in just one file, and I wondered how may I select certain files per machine (machine types)
20:45 Antiarc txomon|home: if you want to apply certain states to certain machines, you'll set that up in your top.sls. If you want to parameterize states based on machine types, those parameters would go into pillar configs
20:46 txomon|home antiarc, that's what I am doing, but I wondered if there was any way to set up grains on machines
20:46 Antiarc Like, I have a grain that provides ec2roles, and my top.sls has something like 'ec2_roles:foobar': - match: grain; - state1; -state2
20:46 txomon|home after all, the parameters for the moment are just laptop / desktop / server
20:46 Antiarc You can write custom grains and then sync them with saltutil.sync_grains when you install salt-minion
20:47 Antiarc Or you can set grains on specific machines directly
20:47 txomon|home I want to set up those grains from salt
20:47 txomon|home will have a look on that saltutil thing
20:47 Antiarc You have a bit of a chicken-and-egg problem - that data has to come from somewhere. Custom grains are good if you have that data somewhere that can be read and you want to expose it to salt.
20:48 Antiarc But if the classification is arbitrary you'll have to tell salt about it before it can target them :)
20:48 ALLmightySPIFF joined #salt
20:49 sdm24 or use pillars
20:49 txomon|home well, I am just getting started, but the idea is to manage everything, for the moment, just selecting what kind of computers they are, and setting up users and groups depending on role (laptop will have rfkill group, etc)
20:49 txomon|home sdm24, I was looking for a pillar standard
20:50 sdm24 for me, I have a pillar for each service, like apache.sls, and that apache.sls has "apache: True"
20:51 txomon|home sdm24, but how do you select if certain users go in a machine? I am thinking on roles for the machines for example
20:51 sdm24 and in my /srv/pillar/ top.sls file, I have a list of servers, 'web*':   (to put the pillar on all servers whose name start with web), - apache
20:51 txomon|home meaning, desktop will have a DE, regular users, however a server just root user with ssh key login, etc
20:52 sdm24 in my top file
20:52 txomon|home ohhh you mean you are using the hostname for roles?
20:52 sdm24 to set who receives the roles
20:52 txomon|home yep, ok, well in my case I have middle earth characters so I will have to create something for that hahaha
20:53 VR-Jack the dicts in the pillars will merge. however, lists do not, so careful if changing info on a user
20:53 twork something that's confused me... is there a notion of a "role", meaning a class of machines? or do we just list machines in the top file and comment our code?
20:53 sdm24 https://gist.github.com/sdm24/82de3e5a1f1d2d9b2b35
20:53 VR-Jack twork: what I did was set the minion_id as "hostname-type-priority-company"
20:54 VR-Jack then in top.sls I can match any of that
20:54 Antiarc I use EC2 tags to define roles for my machines
20:54 Antiarc And match on those
20:54 twork aha
20:54 sdm24 thats part of the state top.sls file in /srv/salt (not the one in /srv/pillar/top.sls), which looks for all machines that have the apache pillar, and then runs the apache state on those
20:54 VR-Jack If security isnt' too large an issue, you can use grains and stuff
20:54 twork oh yeah, i think i ran across something like that in the docs a few days ago. not that exactly but a clue to that approach.
20:54 txomon|home VR-Jack, yeah, I already had an experience with that but the test true saved me =)
20:54 sdm24 we have no rhyme or reason to our server names or IDs, so we manually edit lists on the pillar top.sls to include servers for different roles
20:54 VR-Jack For me, I needed to ensure a minion couldn't spoof for additional pillar, so I used the node id
20:55 txomon|home sdm24, ahhh so you mean, you have a list for each machine?
20:55 sdm24 I know thats terrible practice, but it works for small-scale
20:55 bhosmer joined #salt
20:55 sdm24 a list for each service
20:55 ajw0100 joined #salt
20:56 sdm24 https://gist.github.com/sdm24/fb38664add9463dcf877
20:56 sdm24 like that
20:56 Antiarc At some level you need some kind of registry that defines what machines are what, whether that's explicit in ec2 tags or a top.sls, or implicit via node naming
20:57 sdm24 so server1 and machine5 get the apache pillar, which is then matched to run the apache state
20:57 Antiarc https://gist.github.com/cheald/466b32bb779449e5eacc
20:57 ildiroen joined #salt
20:57 Antiarc I use something like that, and just tag my machines with roles like "elasticsearch, logstash"
20:57 VR-Jack just remember than anything but a minion_id can be faked
20:58 txomon|home Antiarc, I have the second method, but like https://gist.github.com/txomon/cb0351692cc4406281b1
20:58 Antiarc txomon|home: Yeah, that's a fine case for something like pillar :)
20:59 txomon|home so I have to take the dict, match it etc. I hoped it would be a more straightforward method through grains (pillars are more problematic to gather =)
20:59 sdm24 it turns -match: pillar into - match: grain
20:59 txomon|home also, how may I avoid that a machine not in the list executes anything that I don't want to?
20:59 sdm24 the /srv/salt/ top.sls file
20:59 txomon|home sdm24, well, in my case it has to be... ohhhhh true, I didn't remember that thing!
21:00 txomon|home ls
21:00 VR-Jack well, to be fair, the /srv/salt/top.sls only effect highstate I believe
21:00 * txomon|home typed in wrong window...
21:01 VR-Jack the /srv/pillar/top.sls restricts access to actual data
21:02 sdm24 hers my actual /srv/salt/top.sls file. We have our states broken up between linux.states and windows.states. The networkcheck and splunk states exist for both linux and windows. The search head and indexer states use minionfs so they need to be in the base environment
21:02 sdm24 https://gist.github.com/sdm24/e2c351f1cfe235374e61
21:03 VR-Jack yeah, you get true isolation via environments
21:03 sdm24 feel free to use that as an example if you need to. I need to go now. Good luck!
21:06 txomon|home but the problem is that I want to match against the pillar.machines the nodename
21:06 twork thanks all. signing off myself for now but you've been a huge help.
21:06 txomon|home I need to know that I want that computer to be in, and not getting all the defaults just because...
21:07 Antiarc pillar/top.sls should allow you to match nodenames by default, and you can include other pillar data that way
21:07 Antiarc so you could have pillar/desktop.sls, and then your top.sls would have "desktop-*": - desktop
21:08 Antiarc And that would provide any desktop-* node with the data in desktop.sls
21:08 VR-Jack minion_id naming can be extremely useful
21:08 txomon|home Antiarc, but my nodenames don't have implicit names, I have to look at https://gist.github.com/txomon/cb0351692cc4406281b1
21:09 Antiarc Right, in that case you'd list each node and list the pillar(s) it should get
21:09 txomon|home now I had a set machine = pillar.machines.get(grains.nodename, {}) and if machine is true, I have an if that will have inside all the base: etc.
21:12 txomon|home anyway, I don't understand if I should do the check in the pillar/top or salt/top
21:12 txomon|home I think it should be done in the salt/top
21:13 Antiarc salt/top determines what states are provided to a minion. pillar/top determines what data is provided to the minion
21:13 Antiarc So if you have states which only differ by the data they set, you'd put that in pillar
21:14 Antiarc But if you have desktops which get a certain package and configs, and servers which get another package and configs, those would be different states
21:15 txomon|home so, going to top.sls and including there the different for each version would be ok?
21:15 Antiarc That's a good place to start, yup
21:15 txomon|home let me write an example to ACK
21:15 Antiarc As you find yourself duplicating work, refactor it to eliminate your duplication, and that's when you'll start using pillar stuff
21:16 txomon|home yeah, that's why I was avoiding, but then I realized that I would be defining almost the same at salt/top.sls than in pillar/machines
21:18 StDiluted joined #salt
21:24 txomon|home Antiarc, this is my full salt tree (not large as you see) https://gist.github.com/txomon/cb0351692cc4406281b1
21:24 txomon|home the problem is that the salt/users.sls has gotten really big in just a few steps
21:24 txomon|home So I was wondering whether if I should go another method to simplify
21:28 conan_the_destro joined #salt
21:34 KyleG1 joined #salt
21:40 baweaver joined #salt
21:40 jimklo_ joined #salt
21:45 ndrei joined #salt
21:47 forrest txomon|home: Why don't you set the user groups via pillar/
21:47 txomon|home what do you mean?
21:47 txomon|home I am already saying which ones come through pillar
21:48 forrest I'm saying set them on a per user basis in pillar
21:48 txomon|home depending on the user config and the machine config I set up the users/groups
21:48 forrest https://github.com/saltstack-formulas/users-formula
21:48 forrest that's how it is handled in the users formula
21:48 forrest so then all that stuff isn't in the state, you treat it like the attributes and look through
21:49 txomon|home mother of god this formula!
21:50 txomon|home and there are 101 repos!
21:50 forrest ?
21:50 forrest for the saltstack-formulas org?
21:50 txomon|home I didn't know about this formuals
21:50 txomon|home yeah
21:51 forrest oh yeah, a bunch of contributors help out with those and myself and a few other people manage PRs and such
21:51 txomon|home does this formula have the hability to create the ssh key for a root with the combination of users
21:51 txomon|home ?
21:51 txomon|home or do I have to do it myself?
21:51 txomon|home (meaning root: keys: - ,.... etc.)
21:52 iggy <--- tries
21:52 forrest txomon|home: I don't remember. That might be in the ssh formula?
21:52 iggy I think there is another formula for that
21:52 txomon|home that is even better
21:54 iggy there are also _tons_ of states spread all over github
21:54 iggy (formulas are kind of generalized across a few distros usually)
21:55 txomon|home I was looking exactly for this, coming from puppet, you at the end realize that the states (or puppet modules) can be shared because everything is set up in the pillars (or hiera for puppet)
21:58 VR-Jack oh. wow. now this is a pillar top.sls. heh https://gist.github.com/anonymous/65d31c4f3948d3e431e0
21:58 VR-Jack go jinja!
21:58 VR-Jack pillar isn't loaded yet, so you have to load the yaml directly into jinja
21:58 VR-Jack heh
21:58 iggy it always surprises me that some people seem to find formulas and try to start using them before they even know how to use salt, and others are shocked to find formulas after they've spent a ton of time writing all these states themselves
22:00 forrest iggy: Part of that might be a documentation fail. At the saltstack meetup I presented at there seemed to be a missing 'middle' ground for people
22:00 forrest the tutorial in the docs is too basic, and then it goes straight from basic -> advanced
22:00 forrest with nothing in between.
22:00 iggy yeah
22:00 iggy that's a fairly common complaint
22:01 iggy (and from what I heard something the "new" docs person was supposed to be working on)
22:01 VR-Jack txomon|home: my gist link above is how you can use a yaml file in the top.sls to layout top.sls.
22:03 iggy if your top.sls is that complex, you're probably doing something wrong
22:03 druonysuse joined #salt
22:03 druonysuse joined #salt
22:04 txomon|home well, I am new to salt, but I don't like to rewrite stuff other people has already done... xD
22:04 VR-Jack iggy: the idea is you can use pillar data to define hostnames and their services and match on that.
22:05 VR-Jack in contrast to the common way of setting minion_id to hostname-servicetype-blah
22:05 baweaver joined #salt
22:05 iggy I don't think that's the "common" way
22:07 Heartsbane if I want to add a one off deployment.sls for code why is it complaining about not being part of base?
22:07 Heartsbane This is just a one off state for code?
22:08 perfectsine joined #salt
22:08 Heartsbane It shouldn't need to be part of my top.sls, right?
22:09 iggy if it's not supposed to be part of highstate, then no
22:09 giantlock joined #salt
22:09 iggy but if it's in an environment (other than base), you have to set the env on the command line when you run it
22:09 otter768 joined #salt
22:09 VR-Jack ideally, I'd put the jinja into a separate file, and set it to create a list of hostnames which were defined as "type" so, jinja variable webserver = "web1,web2,web3" and then import webserver into top.sls with context
22:11 txomon|home after having a look at that users formula, I have decided that I am not managing ssh keys with it, however users yes
22:11 iggy VR-Jack: have you looked at the other pillar types (reclass, etc.)?
22:11 dendazen joined #salt
22:12 VR-Jack iggy: nope. Was just trying to find a way to reuse my pillar data. After all, the pillar data knows what everything is.
22:12 VR-Jack replicating that info into top.sls manually sounded annoying.
22:13 iggy it's unusual for pillar data to know what data it's supposed to data with the data
22:14 VR-Jack yeah. it's one reason I just made minion_ids easy to glob. still, was an interesting experiment
22:15 VR-Jack one nice thing about pillar is it handles errors (missing files) gracefully. So can technically just gen it, and create files as I need them
22:17 supersheep joined #salt
22:21 bhosmer joined #salt
22:22 prwilson joined #salt
22:25 KyleG joined #salt
22:25 KyleG joined #salt
22:36 mosen joined #salt
22:47 markm joined #salt
22:47 cberndt joined #salt
22:52 ujjain joined #salt
22:52 ujjain joined #salt
22:56 dl_nz joined #salt
22:58 txomon|home so at the end I wasn't capable of matching the nodename against the machines' dict keys
22:59 txomon|home oh wait, I can just do a for loop and write each machine
23:02 ajmath joined #salt
23:04 baweaver joined #salt
23:06 sophomeric There seems to be an upper limit on matching minions by list. Does anyone happen to know what this is?
23:06 VR-Jack most common limit I've seen for some things was 256
23:07 sophomeric arg
23:09 iggy are you talking about nodegroups?
23:10 dendazen joined #salt
23:10 sophomeric no, using the -L option basically
23:11 sophomeric When I have 14000 nodes I get a job id back but nothing actually happens, it doesn't seem to go anywhere
23:11 iggy you are passing 14000 nodes on the command line?
23:12 sophomeric No but I tried that. Bash couldn't expand that much :)
23:12 sophomeric Using the python api now
23:12 iggy I was going to say, it's probably the shell choking long before that
23:12 sophomeric and jobs.list_jobs shows my job with all the targets, but nothing comes back from the job id
23:13 iggy have you tried with less hosts to see if you get the same behavior?
23:13 sophomeric So far up to 512 works
23:13 iggy that seems like a fair cutoff point
23:14 iggy You can't come up with a better way of targetting?
23:14 sophomeric 2000 does but 4000 doesnt!
23:14 iggy a list of 14000 doesn't seem manageable in any way
23:14 sophomeric not really, I'm generating the list from an external data source
23:15 sophomeric and that data doesn't really line up with salt data in any great way
23:15 iggy but 14000 isn't everything?
23:15 sophomeric it is everything actually, but whether it's 5,000 or 14,000 the user could have selected multiple kinds of systems to run something on
23:15 sophomeric data from our cmdb
23:16 kusams joined #salt
23:16 iggy that "kind" seems like a good way to target
23:16 iggy write an ext_pillar (they are shockingly easy) that pulls that data from your cmdb and sets a cmdb_type pillar key
23:17 sophomeric I'd need that data available as grains on the minions then, sure
23:17 iggy then "salt -I 'cmdb_type:fooServers' state.highstate"
23:17 iggy or whatever
23:18 sophomeric You may be onto something there, I'll look into that, thanks.
23:18 iggy a custom grain is an option too, but if you are actually fetching that data from the cmdb, pillar seems like a better way (as it'll only need to run on the master)
23:18 sophomeric The problem is when you get into more complicated things like, these kinds of servers, not in that datacenter and in these statuses
23:19 sophomeric and historical functionality like being able to see the list of minions your command will run on before it runs wanting to be preserved
23:20 smcquay joined #salt
23:20 iggy salt -C 'I@cmdb_type:something and not I@cmdb_datacenter:us1'
23:20 iggy or whatever
23:20 sophomeric and I do already have the data needed available in a json dump on the master so I'll check into the ext_pillar
23:20 sophomeric it sounds like native functionality that I just built into this front end =P
23:21 iggy you can also use the pyrenderer in pillar files (which most people don't realize as well)
23:21 iggy iow, you got options ;)
23:22 sophomeric Indeed, thanks a bunch
23:25 jY how can i reference a grain from inside a grain function i though something like __grains__['fqdn'] works but i guess not
23:30 tmclaugh[work] joined #salt
23:34 kusams joined #salt
23:35 baweaver joined #salt
23:44 rhodgin joined #salt
23:46 theologian joined #salt
23:47 emostar i'm having a problem running salt all of a sudden. I'm not sure what change i did caused this, but i get an error about compiling a state: "Jinja variable 'dict object' has no attribute ‘datadog’" even though it is declared in the pillar. what would be the best way to debug this?
23:47 ChesFTC I usually do salt state.sls blahstate test=true -l
23:48 emostar ChesFTC: let me give that a try
23:48 ChesFTC And include {{ dictobject }} in blahstate so that I see it get rendered
23:48 emostar err... what do you mean by that?
23:48 ChesFTC i.e. in a state with nothing in it but the dictobject
23:48 emostar so a real 'blahstate'?
23:48 emostar lol
23:48 ChesFTC The idea is that you want to see what the datastructure of dict object is
23:48 emostar i thought it was to mean my problem state
23:49 ChesFTC emostar: Pretty much - I often call it "dumpvar" or something like that
23:49 emostar what would be in dumpvar.sls?
23:49 ChesFTC Just {{ dictobjectname }}
23:49 ChesFTC salt will throw an error on it
23:49 ChesFTC But the -l debug will print out the rendered state file
23:49 Sypher joined #salt
23:50 ChesFTC so you can see what the actual contents of the object that you're trying to get datadog out of - and see if the datastructure isn't quite what you're expecting
23:50 ChesFTC Does that make sense?
23:51 emostar ChesFTC: yeah, i just tried it... but get: salt: error: -l option requires an argument
23:51 ChesFTC use "-l debug"
23:51 emostar ahh
23:51 ChesFTC -l is to set the log level
23:51 emostar was reading man and realized that
23:51 ChesFTC debug is the log level that you want
23:51 enarciso Hey Guys, new to Salt here. Trying to wrap the concept of encryption.. Example. My users are put into a .sls file but I'd like the .sls to be encrypted so no one can cat the file. What is the best approach to manage this?
23:51 enarciso Thanks
23:52 ChesFTC enarciso: I use gpg encryption
23:52 VR-Jack Though honestly, it only matters if the file is being stored off the master server
23:52 badon_ joined #salt
23:52 emostar ChesFTC: Rendering SLS 'base:dumpvar' failed: Jinja variable 'datadog' is undefined
23:52 enarciso Is there any write-up I can look into regarding gpg?
23:52 emostar is something wrong with my pillar?
23:53 enarciso well, I can lock down a pillar directory, but I think an encrypted file would still be preferred.
23:53 emostar ahh brain fart
23:53 VR-Jack enarciso: http://docs.saltstack.com/en/latest/ref/renderers/all/salt.renderers.gpg.html
23:53 ChesFTC emostar: I would guess so - maybe  try salt-call pillar.data
23:54 ChesFTC And see what's in your pillar
23:54 VR-Jack enarciso: if someone has access to salt, they can look things up on the minions.
23:54 ChesFTC VR-Jack: I agree, but 'business' requirements :-/
23:55 ChesFTC Nevermind that if somebody gains access to an salt/puppet/ansible/chef master it's game over
23:55 VR-Jack that being said, it's nice to have the disk side encrypted, and it's good to have data encrypted if you back it up. Not arguing with encryption at all
23:55 enarciso VR-Jack: thanks for the link. My google foo lead me to a method using LUKS to encrypt the files. But that's def. a no for me
23:56 VR-Jack enarciso: the render works very well
23:56 enarciso Thanks guys, i'll read up on this.
23:56 VR-Jack enarciso: of course, you have to protect the key. it'll be accessible by the salt master process, but at least backup of pillar should be safe
23:58 enarciso A little context: In chef there's a a gem called chef-vault. The equiv. of sls would be encrypted and only nodes/users would have access to decrypt the data bag using their .pem file. I'm trying to recreate the same with Salt.
23:59 enarciso no one can cat a file and see my sensitive data
23:59 VR-Jack well, the renderer will do whole files or parts of files

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary