Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2015-05-22

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:00 bfoxwell joined #salt
00:03 __number5__ mgw: module s3.get actually using that, but file.managed won't automagically known it have been verified
00:03 jalaziz joined #salt
00:03 bhosmer joined #salt
00:09 bfoxwell joined #salt
00:10 jschroeder joined #salt
00:19 Hydrosine joined #salt
00:25 bfoxwell joined #salt
00:26 sarlalian joined #salt
00:26 kusams joined #salt
00:29 chingadero joined #salt
00:30 jschroeder joined #salt
00:32 alexanderilyin joined #salt
00:35 MatthewsFace joined #salt
00:37 chingadero Is there a simple way to configure a state file to run a POST to a REST API from the master?
00:37 bfoxwell joined #salt
00:37 tkharju joined #salt
00:40 cromark joined #salt
00:41 wt chingadero, use module.run (or wait) to call the http execution module
00:42 wt chingadero, that's only in 2015.5.0 though
00:42 wt you could also use cmd.run (or wait) to run a curl command
00:42 chingadero how do i force it to run on the master?
00:43 wt You can have a minion running on your master. Just add it to the config for that machine.
00:44 ckao left #salt
00:45 wt I am making the assumption that you are just trying to occasionally run somehting. If you're wanting to react to other machines running their config management (or doing anything else salt related), you can use the reactor (which is somewhat tricky IMO).
00:45 wt chingadero, I actually need to leave
00:45 wt good luck
00:46 joren_ joined #salt
00:49 I3olle joined #salt
00:51 danemacmillan joined #salt
00:56 baconbeckons joined #salt
00:57 baconbeckons i need to use the pip state to install from a github repo that has deployment keys setup (aka ssh keys). how do I get salt to use the ssh keys when it clones the repo?
00:59 baconbeckons i think that it’s an issue with telling the pip state which keypair to use, but i don’t see a way to set this in the state like i can in the git state
01:04 iggy baconbeckons: use ssh_config alias
01:05 viq joined #salt
01:06 baconbeckons iggy: can you clarify what that means? is that a parameter to pip_state?
01:06 iggy no
01:07 iggy it's a ssh_config thing
01:09 iggy https://www.refheap.com/101442
01:10 ajw0100 joined #salt
01:11 sunkist joined #salt
01:11 chingadero left #salt
01:14 mosen joined #salt
01:14 ajw0100 joined #salt
01:15 baconbeckons iggy: if i have a deployment key per github repo, is this what i should do? https://www.refheap.com/101443
01:15 otter768 joined #salt
01:16 iggy well, you have different paths for stuff, but I think you've got the idea
01:16 baconbeckons thanks iggy :)
01:17 iggy the concept is called aliases if you want to read more about it
01:17 iggy literally tons of material out there
01:17 * iggy home
01:18 bones050_ joined #salt
01:21 theologian joined #salt
01:26 yexingok joined #salt
01:30 mordonez joined #salt
01:34 david_an111 joined #salt
01:35 beauby joined #salt
01:40 scoates joined #salt
01:42 baconbeckons iggy: how do i make it so that salt doesn’t reinstall the git repo with pip everytime that highstate is run unless there are changes to the git repo?
01:45 Zachary_DuBois joined #salt
01:47 Nazca joined #salt
01:49 Cidan joined #salt
01:52 baweaver joined #salt
01:53 cheus joined #salt
01:55 MindDrive "salt '*' -t 60 cmd.run 'rpm -q salt' --out=json --static" - can someone please tell me why this is creating one large dictionary with all the host entries as keys, and then lots of small dictionaries with each host separately as a single key?
01:58 iggy baconbeckons: in that case, youd be better off doing a git.latest and installing via a watch on the git.latest
02:01 scoates joined #salt
02:03 iggy MindDrive: id guess because of the static
02:03 MindDrive I thought the '--static' was to _prevent_ it from doing that (as mentioned here: http://docs.saltstack.com/en/latest/ref/cli/salt.html )
02:06 mgw joined #salt
02:07 beauby joined #salt
02:07 jalaziz joined #salt
02:13 subsignal joined #salt
02:28 druonysus joined #salt
02:30 evle joined #salt
02:36 kusams joined #salt
02:36 beauby joined #salt
02:40 murrdoc joined #salt
02:43 cromark joined #salt
02:45 primechuck joined #salt
02:47 overkill_ joined #salt
02:49 writtenoff joined #salt
02:49 amcorreia joined #salt
02:52 iggy easy to test
02:52 dendazen joined #salt
02:58 michelangelo joined #salt
02:59 writtenoff joined #salt
03:02 amcorreia joined #salt
03:03 favadi joined #salt
03:04 clintberry joined #salt
03:08 beauby joined #salt
03:13 baconbeckons iggy: i have all of that working now except for one part
03:16 otter768 joined #salt
03:16 baconbeckons iggy: i need to be able to set the tag that the git repo checks out dynamically. right now, i have a shell script that runs and outputs the tag to fetch. i’m not sure how to get this information into salt though. since it should be calculated each time that highstate runs, it doesn’t seem like it should be in a pillar (even if i knew how to put it there). what is the easiest way to either get the text output of the shell script into th
03:16 baconbeckons salt state? i could also get the tag name with a python script, but i’m still not sure how to get that output into the salt state
03:20 iggy {% set gittag = salt['cmd.run']('/path/to/script') %}
03:20 baconbeckons can the script be defined in that command rather than contained in another file?
03:23 catpig joined #salt
03:24 jimklo_ joined #salt
03:24 baconbeckons iggy: something like this maybe? https://www.refheap.com/1fc5fdfd035de07d83a90981d
03:27 sporkd2 left #salt
03:28 sunkist joined #salt
03:46 ITChap joined #salt
03:48 desposo joined #salt
03:50 desposo1 joined #salt
03:50 jalaziz joined #salt
03:53 hasues joined #salt
04:00 mosen joined #salt
04:06 rideh joined #salt
04:09 Diaoul joined #salt
04:14 aCodinMan joined #salt
04:36 catpig joined #salt
04:36 nicolerenee joined #salt
04:38 trevorj joined #salt
04:39 golodhrim|work joined #salt
04:47 hasues left #salt
04:49 TyrfingMjolnir joined #salt
05:00 markm_ joined #salt
05:03 ramaseshan joined #salt
05:05 pickledpig joined #salt
05:08 jdesilet joined #salt
05:09 alexanderilyin joined #salt
05:11 catpigger joined #salt
05:14 subsignal joined #salt
05:16 dopesong joined #salt
05:17 otter768 joined #salt
05:20 soren_ joined #salt
05:24 spookah joined #salt
05:30 genediazjr joined #salt
05:30 bhosmer_ joined #salt
05:30 catpiggest joined #salt
05:39 ramaseshan joined #salt
05:46 sunkist1 joined #salt
05:47 genediazjr joined #salt
05:57 rdas joined #salt
05:58 rdas good morning
05:58 colttt joined #salt
06:02 stepheljobs joined #salt
06:02 genediazjr hi, does anyone know about LogJam?
06:05 phenelo joined #salt
06:10 j3n joined #salt
06:11 jimklo joined #salt
06:16 dopesong joined #salt
06:18 sunkist joined #salt
06:18 Auroch joined #salt
06:20 slav0nic joined #salt
06:21 flyboy joined #salt
06:21 aCodinMan joined #salt
06:21 dopesong_ joined #salt
06:23 __number5__ genediazjr: https://weakdh.org/sysadmin.html
06:24 genediazjr thanks!
06:25 AndreasLutro joined #salt
06:28 dopesong joined #salt
06:41 darxmurf joined #salt
06:41 darxmurf hi all
06:41 j3n hi darxmurf
06:41 j3n welcome
06:50 darxmurf thanks
06:51 c10b10 joined #salt
06:51 darxmurf quick question
06:51 darxmurf one of my machines is down, is there a way to ask SALT to ignore it for a while ?
06:51 darxmurf should I revoke it's key ?
06:53 Auroch joined #salt
06:54 mosen depending on how it was targetted i'd say don't target it.. but if the target is * then maybe not possible :)
06:57 eseyman joined #salt
06:57 favadi left #salt
07:03 stephanbuys joined #salt
07:04 dgil joined #salt
07:06 kawa2014 joined #salt
07:11 TheHelmsMan joined #salt
07:15 bmcorser joined #salt
07:18 baconbeckons joined #salt
07:18 paha joined #salt
07:18 otter768 joined #salt
07:20 rsimpkins joined #salt
07:25 saifi joined #salt
07:25 julez joined #salt
07:26 Grokzen joined #salt
07:26 Grokzen mo
07:28 jhauser joined #salt
07:28 ckng joined #salt
07:29 ckng joined #salt
07:31 ckng left #salt
07:35 linjan joined #salt
07:36 sunkist1 joined #salt
07:46 stephanbuys1 joined #salt
07:46 cromark joined #salt
07:47 favadi joined #salt
07:49 baconbeckons joined #salt
07:59 benegget_ joined #salt
08:03 markm joined #salt
08:07 dynamicudpate joined #salt
08:09 lothiraldan joined #salt
08:12 Rkp joined #salt
08:18 dendazen joined #salt
08:18 dendazen left #salt
08:20 ndrei joined #salt
08:20 c10b10 joined #salt
08:21 N-Mi joined #salt
08:21 s_kunk joined #salt
08:21 s_kunk joined #salt
08:22 GladiaTeur joined #salt
08:23 aCodinMan joined #salt
08:23 fredvd joined #salt
08:28 denys joined #salt
08:31 c10b10 joined #salt
08:34 markm_ joined #salt
08:34 CeBe joined #salt
08:36 seblu joined #salt
08:39 slbo joined #salt
08:43 iromli joined #salt
08:44 refnode joined #salt
08:52 keimlink joined #salt
08:53 chiui joined #salt
08:59 Berty_ joined #salt
09:02 keimlink joined #salt
09:03 pestouille joined #salt
09:06 jhauser joined #salt
09:07 impi joined #salt
09:07 pestouille_ joined #salt
09:09 nexus joined #salt
09:13 beneggett joined #salt
09:14 julez joined #salt
09:17 sfdf joined #salt
09:19 otter768 joined #salt
09:20 supersheep joined #salt
09:25 c10 joined #salt
09:26 lothiraldan joined #salt
09:26 ndrei joined #salt
09:27 c10 joined #salt
09:34 losh joined #salt
09:38 Berty__ joined #salt
09:39 johndeo joined #salt
09:48 cromark joined #salt
09:49 c10 joined #salt
09:50 johnzorn joined #salt
09:52 johnzorn Can I use firewalld module in my states?
09:54 froztbyte oooh damn, I just saw that foreman has salt support
09:54 froztbyte that might be nice
09:54 froztbyte johnzorn: module.run
09:54 froztbyte http://docs.saltstack.com/en/latest/ref/states/all/salt.states.module.html?highlight=module.run
10:00 GladiaTeur left #salt
10:05 impi joined #salt
10:06 lothiraldan joined #salt
10:07 stbenjam froztbyte: indeed, we just released 2.1 of the plugin a few days ago https://groups.google.com/d/msg/foreman-users/ZbFAML2Qfso/qaRH56OtCB0J
10:10 darxmurf see you !
10:10 darxmurf and thanks !
10:10 darxmurf left #salt
10:14 kusams joined #salt
10:15 XenophonF can i use include/exclude in pillar sls files?
10:15 johnzorn froztbyte: thanks
10:15 ageorgop joined #salt
10:16 johnzorn Does anyone know if firewalld.add_service reloads firewalld automatically?
10:17 c10 does anybody have any suggestions to reducing the minion memory consumption during state execution?
10:17 johnzorn Is there any talk of creating some kind of dependency manager for formulas?
10:19 froztbyte johnzorn: I'm actually close to starting to wonder about having that problem
10:19 froztbyte as in I can see it coming up in my near future
10:19 froztbyte also needing to change formulas
10:21 froztbyte mm, seems like extend is probably what I want for the latter
10:22 johnzorn froztbyte: Any project of any real significance that tries to reuse "libraries" will have that issue. It's a basic problem in software dev. That's why I'm surprised nothing exists.
10:24 aCodinMan joined #salt
10:25 froztbyte johnzorn: yeah I know. there's a couple of corners where I've found things that salt's still developing/rounding off
10:25 froztbyte pace seems decent though, so that's cool
10:30 johnzorn Speed is awesome compared to others. And the fact that your left with a remote execution framework afterwards to help diagnose and manage your running systems is another big bonus
10:46 markm joined #salt
10:50 ProT-0-TypE joined #salt
10:53 evle1 joined #salt
10:54 codehotter Hi, with saltutil.runner, I can pass in only kwargs, and no args, but some runners, like cloud.action seem to require some args as well as kwargs
10:54 codehotter Why is this?
10:56 bhosmer joined #salt
10:56 giantlock joined #salt
11:01 babilen How can I target docker containers? (playing with packer + salt-provisioner) Anything I can easily match on in grains?
11:05 babilen virtual_subtype:Docker seems to be set
11:06 saifi joined #salt
11:08 VSpike Before I started using mine, I put the IPs some services in pillar by hand, like ip_database or whatever. With mine I can use a couple of lines of jinja, but I have to look it up each time and it's repeated in each .sls file where it's needed
11:09 VSpike Is there a way to factor this out more neatly? I don't think I can use mine in pillar AFAIK to set the result into the pillar data
11:09 primechuck joined #salt
11:09 bhosmer joined #salt
11:12 babilen You can't use the mine in pillars (yet) unfortunately
11:12 VSpike There must be some black magic here, like yaml includes or jinja template or something
11:12 babilen https://github.com/saltstack/salt/issues/21403
11:13 VSpike If you write the states in python, could you just import the code module to calculate the value?
11:16 VSpike The general form is something like https://bpaste.net/show/8473d5c2fd5c where the bit you'd vary is I@roles:free-iis
11:19 OnTheRock joined #salt
11:19 julez joined #salt
11:19 otter768 joined #salt
11:24 jaimie joined #salt
11:26 aCodinMan joined #salt
11:26 jaimie Has anyone noticed that virt.init is really slow? If I SCP the disk image between 2 machines on the same GB switch I get ~112MB/s, virt.init runs at ~30MB/s. Has anyone figured a method to do this fasteR?
11:33 chiui joined #salt
11:38 saifi joined #salt
11:40 bhosmer joined #salt
11:46 codehotter During orchestration, how do I capture the return value of a function/runner and use it for something else?
11:47 nemzes joined #salt
11:48 nemzes Hi! Quick question, Oh Salt Masters…
11:48 nemzes I have State_A, State_A_onfail, and State_B
11:48 amcorreia joined #salt
11:49 nemzes State_A_onfail has an onfail: State_A requisite
11:49 nemzes State_B has a require: State_A requisite
11:49 nemzes … how do I make State_B run if State_A fails but State_A_onfail succeeds?
11:50 cromark joined #salt
11:58 bluenemo joined #salt
12:00 MaliutaLap joined #salt
12:00 MaliutaLap left #salt
12:03 kusams joined #salt
12:03 EWDurbin joined #salt
12:11 elfixit joined #salt
12:14 lothiraldan joined #salt
12:24 Deevolution joined #salt
12:26 bhosmer joined #salt
12:29 subsignal joined #salt
12:42 TyrfingMjolnir joined #salt
12:44 cromark joined #salt
12:45 c10 joined #salt
12:46 emaninpa joined #salt
12:48 markm joined #salt
12:50 primechuck joined #salt
12:54 Setsuna666_ joined #salt
12:59 chiui joined #salt
13:00 jeremyr joined #salt
13:06 chiui joined #salt
13:06 supersheep joined #salt
13:06 viq joined #salt
13:08 julez joined #salt
13:08 fbergroth joined #salt
13:10 mapu joined #salt
13:13 anotherZero joined #salt
13:14 Tecnico1931 joined #salt
13:14 Berty_ joined #salt
13:14 cpowell joined #salt
13:18 c10 joined #salt
13:18 _JZ_ joined #salt
13:20 otter768 joined #salt
13:24 iwishiwerearobot joined #salt
13:25 murrdoc joined #salt
13:27 bhosmer joined #salt
13:29 ekristen joined #salt
13:33 chiui_ joined #salt
13:33 dyasny joined #salt
13:36 bhosmer joined #salt
13:37 vankooch joined #salt
13:37 jdesilet joined #salt
13:38 nodens heya all
13:38 vankooch Hi how do I force to run the network states before all other states, I’ve tried, prereq, require with no success
13:39 nodens is there a way to run several executions modules at one time ?
13:39 nodens I mean, at the same time ?
13:39 numkem joined #salt
13:40 drawsmcgraw nodens: I'm nearly certain there's a parallel option... not recommended, but available for aggressive users :)
13:41 Tyrm joined #salt
13:41 _mel_ joined #salt
13:41 drawsmcgraw I'm having a hard time finding it in the docs right now but I *know* there's such a thing.... :/
13:42 mgw joined #salt
13:42 nodens drawsmcgraw, I'm trying to populate an inventory from salt grains + exec modules, so I'd like to call salt once only if possible
13:42 nodens I'll look it up
13:43 primechuck In 2015.5 does highstate still do a grain refresh?  We're having an issue where we do grains.append to a custom grain then highstate and highstate doesn't immediatly see the grain.
13:45 GrueMaster joined #salt
13:46 farcaller joined #salt
13:46 farcaller hi. does anyone manage pki with salt?
13:46 quist left #salt
13:46 farcaller I wonder what would be the best use case for salt to generate private key on minion, return csr to master where it's processed outside of salt stack to later be installed back on minion
13:47 quist joined #salt
13:47 codehotter How do I get the return value of a task to use as a variable in another task?
13:47 _prime_ joined #salt
13:47 codehotter farcaller: Seems easier to generate it on the master (disclaimer: I'm a salt noob)
13:47 farcaller codehotter: the key? yes, but it's against the policy
13:48 farcaller key material must not leave the minion
13:48 codehotter What policy? Your company's policy? I deploy the key material with the master as well.
13:49 codehotter The master has full control over the minion anyway. If it is compromised, it could simply send a message to the minion to retrieve the key for it
13:49 farcaller heh, sounds reasonable
13:49 farcaller where do you store keys? pillar?
13:52 chiui_ joined #salt
13:52 nodens drawsmcgraw, what I'm after seems to be "compound commands", I just have to pass commands separated by commas and provide all args for each command, apparently
13:52 codehotter farcaller: Using gpg http://docs.saltstack.com/en/latest/ref/renderers/all/salt.renderers.gpg.html#module-salt.renderers.gpg
13:52 farcaller thanks, will look into that
13:53 mpanetta joined #salt
13:53 hasues joined #salt
13:54 hasues left #salt
13:59 edrocks joined #salt
13:59 paolo hello, is it true that the order of the commands in this example is not preserved? http://pastebin.com/HpebE4GJ
13:59 paolo i read that "YAML ordering of items in a list is arbitrary", sounds weird to me though
14:00 faliarin joined #salt
14:00 babilen You seem to be looking for cmd.script
14:00 babilen (but then I would have expected that list to preserve the order)
14:00 babilen What happens if you try it?
14:00 paolo fair reply, i'll do that.
14:01 murrdoc cmd.script +1
14:01 murrdoc i still prefer making python modules/states over using cmd.anything
14:02 cpowell joined #salt
14:03 murrdoc thats cause you are weird
14:03 murrdoc yeah thats true
14:03 murrdoc well ok then
14:03 * murrdoc gets back to work
14:04 * babilen takes murrdoc's "medicine" away
14:06 murrdoc oh sweet adderall
14:07 murrdoc its ok i live in a big city in america
14:07 andrew_v joined #salt
14:07 murrdoc i am sure i can find a 10 year in the street who can hook me up
14:07 murrdoc (probably true, wont know)
14:08 murrdoc babilen:  https://www.youtube.com/watch?v=7SSvM9lzYV0
14:10 murrdoc joined #salt
14:11 murrdoc tough crowd
14:13 drawsmcgraw nodens: Interesting. That's... new to me :)
14:17 VSpike Hm, this seems to be a new thing since recently. On Windows https://bpaste.net/show/547379011f40
14:17 crashmag joined #salt
14:17 VSpike Can't seem to find anything on Google. Anyone else seen this?
14:18 thayne joined #salt
14:19 Brew joined #salt
14:20 murrdoc is C:\salt\bin\lib\site-packages\salt\states\user.py :114 throwing up an exception ?
14:21 dfinn joined #salt
14:24 murrdoc left #salt
14:24 murrdoc joined #salt
14:25 Heartsbane joined #salt
14:26 c10 so i have this macro that i call multiple times in a sls file. the problem is that the macro contains an include statement, so in order to avoid a conflicting ID error, I added a name (or whatever this https://www.dropbox.com/s/b83beg2qjqdfbv5/Screenshot%202015-05-22%2017.25.16.png?dl=0 is called) to the include statement.
14:26 c10 now i'm getting "Cannot extend ID 'nginx' in 'base:deploy.example_com.nginx'. It is not part of the high state."
14:26 c10 which it is
14:26 c10 proven by the fact that it worked before namespacing the include and calling the macro twice
14:27 c10 any ideas about what's going on here?
14:27 bhosmer joined #salt
14:27 aCodinMan joined #salt
14:28 farcaller left #salt
14:29 SheetiS joined #salt
14:30 cedwards joined #salt
14:36 cowpunk21 joined #salt
14:39 clintberry joined #salt
14:44 julez joined #salt
14:44 julez joined #salt
14:46 bastiaan joined #salt
14:48 ALLmightySPIFF joined #salt
14:50 TyrfingMjolnir joined #salt
14:50 Grokzen joined #salt
14:50 bmcorser joined #salt
14:56 peters-tx joined #salt
14:57 theologian joined #salt
14:57 ndrei joined #salt
15:03 smcquay joined #salt
15:04 elfixit joined #salt
15:04 stoogenmeyer joined #salt
15:04 cromark joined #salt
15:08 Berty__ joined #salt
15:12 iggy why can't you paste code to gist? I'm not opening some random dropbox file
15:15 ateoto joined #salt
15:17 MatthewsFace joined #salt
15:17 SheetiS joined #salt
15:17 VSpike murrdoc: yeah. TypeError: coercing to Unicode: need string or buffer, NoneType found
15:18 iggy johnzorn: formulas aren't really that reusable... and they aren't generic enough to really have "dependencies"... this topic has been discussed before and I think the main points seem to be "that's a good idea for something, but that's not really what formulas are meant to be, so it'll have to be some new concept"
15:19 julez joined #salt
15:20 david_an111 left #salt
15:20 samnmax joined #salt
15:21 otter768 joined #salt
15:24 litwol Hello
15:25 litwol Mysql 5.6 has an interesting initialization scenario. when starting from fresh server db first must be bootstrapped with one set of my.cnf, and later must be ran with second set of my.cnf. specifically cannot bootstrap server with gtid-mode=ON... but after it was bootstrapped with gtid-mode=OFF, it later can be run as service with gtid-mode=ON.
15:25 desposo joined #salt
15:26 jimklo joined #salt
15:26 litwol This means i must define separate states for /etc/mysql/my.cnf file management. one which is activated during bootstrap phase, and one during normal operation.
15:27 litwol what i am not sure about is.. how do i specify a file.managed state which is non-active by default, and gets triggered by "bootstrapping" state (which ih ave already)?
15:27 VSpike I also seem to have a lot of issues with Windows boxes never returning from a state.highstate call even though looking in the log on the minion it looks like it had finished everything
15:28 VSpike Then again, I generally always go to the box and do a salt-call state.highstate since it seems to be a lot more reliable that way, particularly on Windows but on Linux too
15:29 gladiatr joined #salt
15:29 ndrei joined #salt
15:30 baconbeckons joined #salt
15:30 laax joined #salt
15:33 codehotter How do I get a return value from an action to use as input (as variable) for another action?
15:33 soren_ joined #salt
15:33 codehotter I managed to do it with pyobjects renderer, but how do I do it in the standard YAML renderer?
15:37 TranquilityBase joined #salt
15:38 babilen codehotter: What do you refer to by "an action" ?
15:40 codehotter babilen: Well in this case, it's creating an amazon virtual machine, and it returns a dictionary with information like instance ID and availability zone
15:40 codehotter babilen: but in the general case, whenever I did something, I might need information from it in the next step
15:40 iggy it's?
15:40 iggy the problem is there are different ways to handle different situations (and some situations that you are just sol)
15:40 pix9_ joined #salt
15:41 codehotter OK, how do I do it in a normal state file? Like "generate a password" then "put this password in this file" and then "put this password in the postgresqluser"
15:41 codehotter and how do I do it during orchestration?
15:41 iggy {% set password = salt['cmd.run']('generate_password.sh')
15:41 codehotter I guess normally you would generate the password on the master and just put it in a variable tehre
15:41 iggy %}
15:42 codehotter but what if it's something that needs to happen on the minion?
15:42 codehotter Or like my create virtual machine example?
15:42 codehotter In orchestration I'm currently doing: ret = salt.cloud.create(provider, "for_image", **create_args)
15:42 codehotter but that's with the pyobjects renderer
15:43 catpig joined #salt
15:43 iggy and you don't want to use the pyobjects renderer anymore?
15:43 codehotter would it be %{ ret=  __salt__['cloud.create'](etc) %} in normal yaml file?
15:44 codehotter iggy: well, I was just wondering how to do it in the standard renderer. I guess I can use pyobjects for this case.
15:44 iggy you don't have access to the entire salt python namespace in jinja
15:45 iggy so no, you can't do that
15:45 iggy it's only stuff in salt.modules
15:45 codehotter that's a function in salt.modules
15:45 iggy oh, you had salt.cloud.create above
15:46 codehotter yea that gets turned into __salt__['cloud.create'] by pyobjects
15:46 iggy ahh
15:46 iggy but yeah, it's not __salt__ in jinja
15:46 codehotter but, in short, jinja is the answer here?
15:46 iggy just salt['module.function']
15:46 codehotter ok
15:46 iggy if you want to capture that output, yes
15:47 codehotter {% var = salt['whatever.action'] %} to capture output
15:47 iggy if you just want stuff to run, you can use module.run
15:47 codehotter if I just want to run, I can do the normal yaml syntax, right?
15:47 iggy {% set password = salt['cmd.run']('generate_password.sh') %}
15:47 iggy as I said before
15:47 codehotter ah!
15:47 codehotter yea if I wnat to run it on the master
15:47 codehotter instead of doing a module
15:47 codehotter or .... wait a sec
15:47 codehotter salt['cmd.run'] is gonna run it on the minion?
15:48 iggy orchestrate runs in the master context, states it runs run in the minion context
15:48 codehotter yea
15:48 codehotter got it, thanks.
15:48 codehotter Generating passwords and stuff, I think I should generate that myself and put it in the pillar data, rather than generate it on the minion. Maybe.
15:48 badon_ joined #salt
15:48 xmj joined #salt
15:48 xmj morning
15:49 xmj service salt_minion starting, I'm gettign Exception TypeError: "'NoneType' object is not callable" in <function _removeHandlerRef at 0x8056fb050> ignored
15:49 xmj all over the place.
15:49 xmj now, google foo shows that this message isn't particularly salt- or operating system-specific.
15:50 murrdoc joined #salt
15:50 xmj what's the trick to silencing it (and making the original problem go away) ?
15:50 iggy tried removing minion config file? clearing cache? etc.?
15:51 xmj not yet
15:52 xmj (it's logging, and it appears not to be quite related to minion config stuff)
15:52 Matthews_ joined #salt
15:56 iggy damnit murrdoc
15:57 bhosmer joined #salt
15:57 xmj ?
15:57 murrdoc sup
15:57 murrdoc it wasnt me
15:58 desposo joined #salt
15:58 bfoxwell joined #salt
15:59 iggy collectd:plugins:df:Device -> collectd:plugins:df:Devices
15:59 murrdoc oh
15:59 murrdoc that was me
15:59 murrdoc whats wrong with it
16:00 iggy "This is a backwards incompatible change with no documentation or justification"
16:01 dalexander joined #salt
16:02 Fiber^ joined #salt
16:02 babilen IOW: Your change is bad and you should feel bad
16:02 murrdoc uh
16:03 iggy what babilen said
16:03 xmj the justification is obvious in the change itself
16:03 xmj source is doc enough :p
16:04 iggy the justification for having such a feature is fine, but for breaking people's already working setups...
16:04 babilen I like it though
16:05 babilen It's a "Genuss" :)
16:05 iggy I do too, but ffs, how hard would it have been to just add the loop below the existing code
16:06 murrdoc peoples setup would break
16:06 murrdoc if they did a git pull
16:06 murrdoc do people really do a git pull from github ?
16:06 murrdoc really ?
16:06 xmj cant you just add a forward from one to another
16:06 iggy sometimes I feel like I'm the only one who actually looks at the diff on these PRs
16:06 iggy (I know I'm not, and I appreciate all the work that everybody does)
16:08 murrdoc i did read the diff
16:08 murrdoc i liked the change
16:08 iggy the point I'm making (and why I am publicly shaming murrdoc and not the original author) is that the committers need to catch this kind of stuff
16:08 murrdoc i didnt realize people are using saltstack-formulas in their gitfs
16:09 kevit joined #salt
16:10 iggy we don't (and the suggestion in the docs is not to), but that doesn't mean I want to change my pillars every time I do a pull from upstream
16:10 babilen I'm sure some people do that (or would just blindly push whatever changes there are into their fork)
16:10 kevit Hi guys. Could you help me with Saltfile, there is only a salt-ssh using Saltfile or I can set for salt-cloud f.e?
16:10 thayne joined #salt
16:11 iggy kevit: it's for salt-ssh only
16:12 baconbeckons joined #salt
16:13 Edgan joined #salt
16:13 irctc792 joined #salt
16:13 tiadobatima hi guys... I'm wondering how to conditionally include a state only if the state file exists...
16:13 babilen I would argue that we should strive to be able to repair broken pillar layouts, but then introduce some code that deals with the "old" values so that "legacy pillars" still work. (some "if Device is defined ....." branch in there)
16:13 pix9_ hello there, I've one doubt regarding pkg.install
16:13 babilen tiadobatima: Why wouldn't it exist?
16:13 babilen pix9_: What are you unsure about?
16:13 iggy babilen: you mean like leaving the existing code and just putting the loop version below it...
16:14 irctc341 joined #salt
16:14 tiadobatima because I want to delegate a certain set of states to different teams
16:14 tiadobatima let me post an example
16:14 babilen iggy: In this particular case: yeah
16:14 tiadobatima here you go:
16:14 tiadobatima include:
16:14 tiadobatima - roles.{{team}}
16:14 tiadobatima - roles.{{team}}.{{environment}}
16:14 tiadobatima - roles.{{team}}.{{environment}}.{{service}}
16:14 babilen http://refheap.com
16:15 pix9_ if I have 3 minions 1 is ubuntu one is fedora and one is gentoo, will pkg.install be able to handle it? or I need to make some extra config related to env of each minion?
16:15 iggy the only conditional including you can do is with jinja
16:15 Edgan joined #salt
16:16 babilen pix9_: You will to pass the right package name. That is one aspect that is being dealt with in "formulas". See https://github.com/saltstack-formulas/salt-formula/blob/master/salt/map.jinja#L4 and https://github.com/saltstack-formulas/salt-formula/blob/master/salt/master.sls#L6 for example
16:16 iggy pix9_: check out how the formulas work... sometimes it just works, others you have to variablize the pkg name, etc.
16:16 tiadobatima yeah... but I'm having trouble finding out how to check if the state exists
16:16 pix9_ thanks for your suggestion.
16:18 baconbeckons joined #salt
16:18 tiadobatima in my example, {{team}}, {{environment}} and {{service}} come from grains...
16:18 desposo joined #salt
16:18 babilen pix9_: http://docs.saltstack.com/en/latest/topics/development/conventions/formulas.html#abstracting-static-defaults-into-a-lookup-table
16:20 babilen tiadobatima: http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.cp.html#salt.modules.cp.list_master might come in handy
16:21 writtenoff joined #salt
16:21 pix9_ thanks babilien and iggy
16:22 iggy tiadobatima: {% include 'foo/bar.sls' ignore missing %} ... but that works differently than salt's "- include:" command
16:25 tiadobatima Nice! I'll play around with it. Thanks iggy and babilen
16:26 cromark_ joined #salt
16:26 pix9_ YAML is something new to me.
16:26 rsimpkins Is there an easy way to create a temporary or short-lived group of servers?
16:27 Edgan joined #salt
16:27 spookah joined #salt
16:27 xmj babilen: didn't UtahDave hang out here half a year/year ago?
16:27 pix9_ is it necessary to know YAML to effectively use salt,  or I can use workaround with python/bash
16:27 xmj pix9_: bash variables are some Yaml subset
16:28 iggy xmj: he still does from time to time
16:28 murrdoc joined #salt
16:28 xmj gotcha
16:28 murrdoc sup fools
16:28 xmj iggy: thanks
16:28 iggy pix9_: you can use the #!py renderer
16:28 pix9_ xmj thanks sounds something like re-coocked bash stuff
16:29 xmj um
16:29 xmj not quite
16:30 pix9_ iggy I am new to python aswell but since I am trying to learn python, I try to use only python whenever possible.
16:31 pix9_ xmj in that case I will have to learn YAML :D
16:32 xmj Yaml is ez
16:32 xmj just sayin' :)
16:32 pix9_ just one small concern, can I proceeed initially without worring about yaml?
16:32 iggy it's not terribly difficult... make sure you indent properly and - means list
16:32 xmj pix9_: the lists you did in school are, well, Yaml in a way
16:32 pix9_ yup
16:32 xmj what iggy says
16:32 pix9_ looks like I will get hang of it sooner or later.
16:32 xmj but do make sure that indentation is consistent
16:33 xmj either two or four spaces - don't mix it
16:33 pix9_ hmm
16:33 iggy and there's always http://yaml-online-parser.appspot.com/
16:34 pix9_ lol too many links for weekend :P
16:34 pix9_ hope this is last one.
16:34 pix9_ :D
16:34 KyleG joined #salt
16:34 KyleG joined #salt
16:34 murrdoc one more
16:34 iggy that's just a yaml "linter"
16:34 murrdoc http://docs.saltstack.com/en/latest/contents.html :D
16:34 iggy (and it can show you what the output looks like in different languages which may not be of that much use to you if you don't know any languages)
16:35 murrdoc hes conversing in english
16:35 murrdoc no need to be rude
16:35 iggy says mr rtfm
16:36 * babilen hands out relaxing kittens
16:36 pix9_ thank you every one
16:36 murrdoc i fucking HATE KITTENS
16:36 * murrdoc whips out bag of catnip
16:36 stanchan joined #salt
16:36 murrdoc GO CRAY YOUNG UNS
16:36 xmj snape killed katniss
16:37 xmj left #salt
16:37 babilen yay, weekend! have a good day and see you soon guys :)
16:37 murrdoc who is snape
16:37 murrdoc hey babilen
16:37 murrdoc what do i with the kittens
16:38 murrdoc they are spazzing on this bag of catnip
16:38 babilen You cuddle it
16:38 bhosmer joined #salt
16:38 iggy bath time
16:38 iggy they love baths
16:38 murrdoc ok
16:38 * murrdoc fires up hot water tub
16:38 murrdoc whats openhub
16:41 ek6 is there a list somewhere (either include of exclude based) list of minion/master config options you can insert via pillar?
16:42 murrdoc basically all
16:42 murrdoc as long as the code is using config.get
16:42 murrdoc all configs are overrideble
16:42 murrdoc next question
16:43 ek6 well reactors are not...at least if they are I havent waved the want correctly...and im sure there is more then that...
16:44 ek6 but if your not aware of a list one way or another thats fine...
16:44 murrdoc i am not
16:44 murrdoc sorry
16:45 ateoto joined #salt
16:45 spookah joined #salt
16:46 ek6 no worries..i expected the answer to be know...just spent an hour wondering wtf was going on with the reactor config i dropped in...and it made me nervous to put other things in there  gitfs, nodegroups  etc etc
16:47 ek6 sigh know=no
16:47 iggy gitfs: no, nodegroups: no
16:47 iggy the docs usually say
16:48 ek6 well the couple places ive seen its usually a whitelist comment saying 'you can put this config in pillar' but often other bits and pieces are there that didnt necessarily make release notes or those type of lists
16:49 supersheep joined #salt
16:54 ateoto joined #salt
16:56 rsimpkins For the life of me, I can't figure out how to remove grains in 2015.5. I set a grain with grains.setval test grain. Now I want to remove it with grains.remove test grain, and I get a "The key upgrade_salt is not a valid list" error.
16:56 rsimpkins I am running commands that look identical to examples in the docs.
16:56 iggy if something changed from previous versions, file a bug
16:57 rsimpkins Well, the key 'test' in this case, my test grain is called 'upgrade_salt'
16:58 spookah joined #salt
16:59 rsimpkins Can someone running 2015.5 see if they see the same issue? just do a grains.setval test val, then a grains.remove test val. Does it remove it?
17:01 whytewolf rsimpkins: are you trying to remove the grain or the value from the grain?
17:02 whytewolf grains.remove is for a list that removes one of the volues from that list. delval is for the whole grain
17:02 forrest joined #salt
17:02 aw110f joined #salt
17:02 rsimpkins whytewolf: Ahh! See. I knew this had to be an I D 10 T error.
17:02 rsimpkins whytewolf: Thank you.
17:03 Nazzy <xmj> snape killed katniss <--- and Frodo had to watch it happen!
17:04 ateoto joined #salt
17:04 ek6 whytewolf: just me or does that seem backwards that you use delete value to delete the whole grain and remove to delete value from a grain?
17:06 aparsons joined #salt
17:06 davisj So, I hit a minor bug in salt-minion 2015.5.0. It is fixed by this https://github.com/saltstack/salt/commit/b4a86add4451caa2c3e617e9b94fef2f43d0d0e1#diff-6e894b39b67c4bab67796752744ea9d5 but not merged back to 2015.5.0.
17:07 davisj Should it be?
17:07 whytewolf ek6: i didn't write it, i just use it. but it goes with the other side of the coin. since setval is used for creating grains and append for adding a value to a list
17:10 ek6 yeah was more asking your opinion... I just assumed that setval was creating them if they weren't already there..but never went looking for a grain create function because If i wanted it created I always had a value in mind for it
17:10 Nazzy davisj, https://github.com/saltstack/salt/pull/22806 is the PR for that, it *can* probably be backported safely all the way, but I don't think I have time today to verify which branches *need* it
17:10 smcquay joined #salt
17:11 ateoto joined #salt
17:13 neogenix joined #salt
17:13 whytewolf ek6: my opinnion is it isn't that great of naming of methods. but it could be worse. way way way worse
17:13 ek6 yeah im also fine sticking with 'sucks less'
17:15 aw110f joined #salt
17:15 murrdoc ek6:  hey so what were u trying to do
17:15 Nazzy davisj, I think the best option would be ask on that PR for it to be backported appropriately
17:15 murrdoc with the minion pillars and reactors
17:16 murrdoc are u trying to send it to a different state based on the minion it came from ?
17:16 rsimpkins whytewolf: Maybe it would be worth mentioning in the docs for remove that simply said 'Remove a single value from a grain in the config file. This will not remove the grain (see delval).' Or something like that/
17:16 murrdoc use the reactor as a 'controller' per se
17:18 ek6 that was certainly on my mind...but i got derailed at step 1 of just having it there... i prefer to have as much config in the pillar as possible...makes cleaning up after my masters implode that much easier
17:18 julez joined #salt
17:19 aw110f_ joined #salt
17:19 racooper joined #salt
17:19 johnkeates joined #salt
17:20 iggy and requires less master restarts
17:21 johnkeates indeed, and that is a good thing
17:21 johnkeates (no clue what it is about, just joined, but happy to jump in :p )
17:22 murrdoc i wrote a python state ek6
17:22 murrdoc with a decision tree in
17:22 murrdoc in it*
17:22 otter768 joined #salt
17:22 ek6 just because your searching for my bad idea of the day murrdoc id really like my master config to contain as little as max_open_files worker_threads and ext_pillar points to slurp the rest
17:22 murrdoc u n me both
17:23 murrdoc my master conf is the default_include_dir
17:23 murrdoc max_open_files and worker_threads and ext_pillar
17:23 murrdoc everything else is namespaced files
17:23 murrdoc and its not much
17:23 murrdoc oh and verify_enf: False
17:24 murrdoc i have a reactor state thats a 'router'
17:24 ek6 yeah but if i cant do things like gitfs or any of my master sign options in a pillar...
17:25 murrdoc and it uses the pillars to send the data everywhere
17:25 cruatta joined #salt
17:26 ek6 ive had to do a bit of that murrdoc since my minions dont run so lots of my reactors have to listen to custom events and...adjust things accordingly
17:26 murrdoc yeah
17:26 racooper howdy folks.  Is there a command to query a minion to see when it last ran a highstate?
17:26 murrdoc thats all i wanted to do
17:26 murrdoc i like your ideas man
17:26 murrdoc i wanted to learn from it
17:27 ek6 dont say that..youll make iggy cry
17:27 murrdoc i made iggy cry already
17:27 murrdoc merged in a change
17:27 murrdoc without requiring docs
17:27 aCodinMan joined #salt
17:28 cruatta @racooper you could just grep the minion log
17:28 cruatta cmd.run :)
17:28 ek6 murrdoc: bad man..you KNOW your supposed to wait until he comments about the lack of docs and THEN merge it
17:28 murrdoc it is know
17:28 murrdoc known
17:31 tomh- joined #salt
17:33 racooper cruatta I'm trying that on a minion I just ran highstate on, but "highstate" doesn't appear in the log at all. what would I look for instead?
17:34 murrdoc racooper:  u have to look at the jobs
17:34 SHC joined #salt
17:34 johnkeates left #salt
17:36 cruatta To correct myself, you could tell if there was state activity by looking for "Loading fresh modules for state activity". That would tell you if there was a state run.
17:36 cruatta or "salt.state"
17:37 murrdoc or use the job runner to figure out jobs that ran on a minion
17:37 murrdoc and print the last jid
17:37 racooper on a minion I ran highstate on an hour ago...grep 'state' minion returns nothing
17:37 cruatta your logging might not be as verbose as ours is
17:38 cruatta i would do what murrdoc says
17:38 cruatta :)
17:38 racooper I've tried that too. it's curious, in every job I've run today...the Target  is "unknown-target"
17:40 impi joined #salt
17:45 hal58th_1 joined #salt
17:45 hal58th_2 joined #salt
17:45 rap424 joined #salt
17:46 hal58th_3 joined #salt
17:47 cruatta @racooper no idea
17:48 cruatta https://github.com/saltstack/salt/search?utf8=%E2%9C%93&amp;q=unknown-target
17:48 cruatta looks like it's a default value
17:49 jalbretsen joined #salt
17:53 hasues joined #salt
17:53 hasues left #salt
17:54 ponpanderer Does the scheduler for jobs defined at http://docs.saltstack.com/en/latest/topics/jobs/schedule.html work with external pillar data (ie. using mongod for pillar) or only with yaml based pillar files?
17:54 drawsmcgraw1 joined #salt
17:54 ponpanderer (figure i may save myself some time asking before trying :) )
17:55 ajw0100 joined #salt
17:57 denys joined #salt
17:58 mordonez joined #salt
17:59 ProT-0-TypE joined #salt
18:00 Tecnico1931 joined #salt
18:00 nate_c joined #salt
18:01 iggy there should be no difference between file and ext based pillars (in anything I can think of)
18:02 cromark joined #salt
18:05 cromark_ joined #salt
18:14 chingadero joined #salt
18:14 hal58th joined #salt
18:15 supersheep joined #salt
18:16 hal58th_ joined #salt
18:16 hal58th__ joined #salt
18:18 chingadero I'm trying to do the equivalent of a git clone --bare on the minion, but by pushing the files from the master because the minion does not have network access to the git repo. I added the repo to the gitfs config in the master, but now how do I push the whole git tree to the minion?
18:20 igorwidl in my jinja template, if i do {{ salt['grains.get']('ip_interfaces:eth0') }} i get something like ['10.11.21.76']. How can I get rid of the darn square bracket?
18:21 racooper left #salt
18:22 racooper joined #salt
18:22 pix9_ ls it possible to setup mixeup of client/client-less minions?
18:22 pix9_ Is*
18:24 baweaver joined #salt
18:26 ponpanderer iggy: thanks for the info! i'll try it out
18:26 iggy igorwidl: {{ salt['grains.get']('ip_interfaces:eth0:0') }}
18:26 iggy or {{ salt['grains.get']('ip_interfaces:eth0')|first }}
18:27 murrdoc is that the same in the jinja
18:27 igorwidl |first works, thanks
18:27 murrdoc for some reason i thought it __salt__ in jinja
18:27 vankooch Is there a way to display one grain for all minions like salt ‘*’ grains.items does?  I’m looking for something like salt ‘*’ gain.host… which does not work
18:28 vankooch aha found it thx its salt ‘*’ grains.get host
18:30 igorwidl __salt__ would work in modules
18:32 davisj Nazzy: Re: PR #22806, Thanks. WIll do.
18:33 Nazzy davisj, np :)
18:34 chingadero left #salt
18:35 writtenoff joined #salt
18:35 pix9_ joined #salt
18:37 snaggleb joined #salt
18:37 snaggleb joined #salt
18:38 pix9_ what is top file?
18:38 murrdoc the main man
18:38 murrdoc the dude at the door
18:39 pix9_ hmm,
18:39 murrdoc when a minion comes to a master to get highstate
18:39 murrdoc the top.sls tells him what states he gets
18:39 murrdoc its pretty powerful
18:39 pix9_ cool
18:40 pix9_ I think I must first decypher the flow rather than getting around functionality :D
18:41 pix9_ any suggestions on how  things work internally? starting point to ding into should be good enough.
18:41 pix9_ dig*
18:41 giantlock joined #salt
18:41 forrest pix9_: You should check out the getting started guide
18:42 pix9_ running through same.
18:42 pix9_ comming accrosss some un-knowns!
18:42 pix9_ then I have W questions :D
18:43 impi joined #salt
18:44 baweaver joined #salt
18:46 s_kunk joined #salt
18:47 s_kunk joined #salt
18:47 ajw0100 joined #salt
18:48 soren_ joined #salt
18:58 bastiaan joined #salt
18:58 racooper is it possible to do a watch of onchanges to the contents of a directory, to say restart a service if a file is added, changed or removed?
18:58 racooper a watch OR onchanges I meant
19:02 Tyrm joined #salt
19:09 numkem how could I easily make it that I run a python script and put it's content into pillar? this would only be done for some hosts
19:10 numkem module.run could work but I'd like to catch it's output
19:11 hybridpollo joined #salt
19:16 cberndt joined #salt
19:17 jalaziz joined #salt
19:17 cberndt joined #salt
19:18 XenophonF i love how whoever anticipated my desire to completely customize a user's ssh configuration via salt already put everything i wanted to do into users-formula
19:18 XenophonF thank you thank you thank you
19:21 forrest basepi: Did anyone contact you guys about sponsoring this: http://www.automacon.io ?
19:22 basepi I'm not sure. I'll ping Rhett on it.
19:23 forrest basepi: Cool. There aren't any participants from either Ansible or Salt currently, it's all chef/puppet it looks like for presenters in the automation area.
19:23 otter768 joined #salt
19:24 basepi Thanks! =)
19:24 basepi Definitely sounds like someplace we should be
19:25 forrest basepi: Yeah for sure. Looks like talk submissions are still open
19:27 murrdoc joined #salt
19:28 joeto joined #salt
19:28 ek6 of course thats right where hashiconf is....only 12 days later....sigh
19:28 forrest hashicorp is doing a conference now?
19:29 forrest How I'm imagining it 'we do containers, AND we do the things that house the containers!'
19:29 ek6 https://www.hashiconf.com   note...i have nothing to do with it and gain nothing by putting it here
19:29 bhosmer_ joined #salt
19:29 forrest SURE SURE ek6, embedding your referral link, I see how it is...
19:31 ek6 i will admit being a big hashicorp fan...past that I plead not guilty
19:32 pix9_ can I have mix setup of  both client/client-less minions?
19:32 ek6 you looking to control salt-ssh driven 'minions' with the salt command pix9?
19:36 pix9_ how can I setup clientless minion?
19:36 forrest pix9_: Here are details on salt-ssh if you want to go that way: http://docs.saltstack.com/en/latest/topics/ssh/
19:37 supersheep joined #salt
19:38 pix9_ ahh salt-ssh the key word I've been looking for :D
19:38 pix9_ thanks forrest
19:38 baweaver joined #salt
19:39 desposo joined #salt
19:40 tiadobatima joined #salt
19:41 forrest np
19:42 bhosmer_ joined #salt
19:42 cowpunk21 joined #salt
19:46 pix9_ I am trying to create 2 groups of systems 1 based on minions other based on ssh access.
19:46 pix9_ I want to be able to manage them both at same time.
19:47 pix9_ is it possible to do that?
19:47 forrest Not via the main salt command, salt-ssh minions need to be managed via salt-ssh, where as joined minions need to be managed via the salt command itself as far as I am aware.
19:49 pix9_ hmm so otherway around I can see is I can create alias to run both the commands with given parameters.
19:49 ek6 you could configure your joined minions to also accept salt-ssh but not the other way afaik
19:49 pix9_ parameters would be the limitations in this case i see.
19:49 pix9_ hmm
19:49 pix9_ I want to keep it very specific.
19:50 pix9_ 2 nodes with minion daemons and other 2 with ssh only.
19:50 pix9_ all the 4 nodes can be group of same cluster.
19:51 pix9_ but for security and performance reasone I have to go the splity approach.
19:52 pix9_ hmm
19:52 pix9_ can I restrict my access/damage on particular minion?
19:53 forrest http://docs.saltstack.com/en/latest/ref/configuration/master.html#client-acl
19:53 forrest for systems connected to the master yes, I don't know about salt-ssh
19:53 pix9_ like I don't want to allow commands like "reboot", "shutdown". "rm -rf /"  on some/all minions.
19:54 pix9_ cool
19:54 pix9_ thanks forrest
19:54 forrest np
19:55 pix9_ I have bunch of thing I want to do with this :D
19:55 forrest you can't disallow specific commands in that nature, only salt stuff.
19:55 pix9_ hmm
19:55 forrest so you could forbid cmd.run from working, but not cmd.run rm -rf /
19:55 forrest At that point though you should probably be limiting the user access to salt if you have people who would do that at your org.
19:56 pix9_ otherway around is I can cookup my daily commands in calss
19:56 bfoxwell joined #salt
19:56 forrest besides, if it's a cluster and the setup is salted, one deleted machine shouldn't matter right? ;) Just spin up a new box and push it into the cluster.
19:56 pix9_ and disallow cmd.run
19:57 pix9_ I am trying to see possible disasters  i can run into with salt.
19:58 pix9_ other way around I can see is combining salt and containers.
19:59 pix9_ because I can't limit access features of salt
19:59 pix9_ so I have to ensure quick recovery to human errors.
20:00 pix9_ even 10 years + exp sys admin do messup sometimes.
20:00 pix9_ so there is no mistakeproof human I can see around :P
20:01 forrest pix9_: http://docs.saltstack.com/en/latest/topics/eauth/index.html
20:01 LtLefse I'd approach Salt ACLs much the same as giving people limited sudo rights
20:01 LtLefse you give it to people you mostly trust not to actively try to break it
20:01 pix9_ yeah I know that.
20:02 pix9_ I like to go with assumptions that mistakes are going to happen.
20:02 supershe_ joined #salt
20:02 pix9_ no mattter ho careful you are, mistakes will happen.
20:02 LtLefse yeah
20:02 pix9_ so , it's not about trust.
20:03 forrest I'm not saying they won't, but it's up to you and your team to ensure you can recover quickly.
20:03 pix9_ there is 1 in 1000 command that may go wrong
20:03 forrest You could always do some magic to disallow anything that includes the salt command and '*' on the command line if you wanted
20:03 pix9_ I am gearing up for that 1 wrong command
20:03 pix9_ I am pretty sure rest 999 are safe ones.
20:04 ajw0100 joined #salt
20:04 joeto joined #salt
20:05 pix9_ last mistake I did was "sudo reboot /var/log/audit.log" insted of "sudo grep reboot /var/log/audit.log"
20:05 forrest You could always use masterless minions, then you have to remotely connect to each one to run commands, or use some kind of orchestration tool locally.
20:05 pix9_ :D
20:05 pix9_ hmm
20:06 whytewolf my own setup is to remove the human interaction as much as possable. highstate running on it's own, tested known good states in those highstates. no one allowed to log into a server with any kind of elevated rights
20:06 pix9_ current setup is liek all raw.
20:06 forrest whytewolf: Yep that's another good way to do it.
20:06 forrest There is no way to be fully bullet proof, it's part of the downside of any config management
20:06 ek6 users suck...we should just do away with them altogether
20:06 forrest with great power... blah blah blah
20:07 pix9_ I can't remove human interaction, it's a very dynamic setup
20:07 forrest Why does any user that isn't an admin need access to the systems?
20:07 forrest then you need to rework your setup. You don't provision automatically?
20:07 forrest Why does anyone need to log into the boxes at all?
20:07 forrest If that's happening you should look at fixing that before you start looking to limit user access.
20:07 pix9_ today one server is doing x role next week it is doing y role.
20:07 forrest uhh
20:07 forrest what
20:07 pix9_ yes
20:07 forrest That's terrible. Buy more servers?
20:08 pix9_ yes we already have 1000 -1200 servers
20:08 pix9_ but how the setup has evolved is with lack of forsight
20:08 whytewolf turn those 1000 to 1200 into a private cloud system and launch and destroy systems on that?
20:09 pix9_ bare-metal is the must need
20:09 vankooch How do I change the environment of a minion?
20:09 pix9_ and many critical things have got tangled with many other thngs.
20:09 forrest Yeah I don't have a solution for that. You have to lay down the ban hammer and limit access, then start scaling roles better :\
20:09 pix9_ so fixing architecture is continuous task.
20:10 forrest vankooch: You could do so via grains.
20:10 forrest vankooch: or roles
20:10 pix9_ but production environment frequently damages the arch
20:11 vexati0n joined #salt
20:11 pix9_ production requirements.
20:11 forrest pix9_: You should probably just use salt-ssh then, and not allow anyone else to have access.
20:11 vexati0n hola! How would I use a state to enforce that a particular process is running, but it's a process that does not register as a proper system service?
20:11 pix9_ I am looking at a long term goal
20:11 forrest Seems like your environment is too chaotic and users too untrustworthy for a master.
20:11 vankooch forrest: is there a environment grain? Could not find any… I’ve found a environment var in minions conf file, but that didn’t help me
20:12 forrest vankooch: Nope, you could create it in the minion config for the system though.
20:12 pix9_ I am under planning phase as of now, got introduced to salt 2 days back :D
20:12 vankooch forrest: is there a good top.sls out there which can be used as a boilerplaite?
20:13 vankooch forrest: I see, then this would go into grains file on the minions. thx
20:13 forrest vankooch: Take a look at what I did here: https://github.com/gravyboat/demo-app-1/tree/master/salt and https://github.com/gravyboat/demo-app-2/tree/master/salt
20:13 vankooch thx I’ll do
20:14 forrest that creates a role grain which is set in the minion config, includes specific pillar data based on the system, and then applies certain states based on the system
20:14 c10 joined #salt
20:14 ek6 vexati0n: many ways to skin that kitten..  state to start the process however you do that tied to onlyif test verifying the process is gone
20:14 pix9_ it was nice talking to you guys
20:15 pix9_ I am going to take a nap now
20:15 forrest pix9_: Good luck! I'm sure you'll figure it out
20:15 pix9_ see you guys later.
20:15 ek6 vexati0n:  although i would think what you would want is actually psutil beacon which is only in dev branch tied to reactor to restart your...whatever
20:15 pix9_ yeh it goign to be while before we could conclude any solution.
20:16 pix9_ its*
20:16 vexati0n ek6: thanks.
20:16 forrest vexati0n: How about a cmd.run that does an inverse check of a ps -ef | grep <process> call? So then if the command 'succeeds' you will know 'okay start the service', if it fails, you know the service is already running, and since you have your service command do a require of the cmd, it will work
20:17 forrest vexati0n: Better solution is to turn your command that you run into a quick init script, pretty easy to do on most operating systems, and a lot less error prone.
20:17 vexati0n yeah i'd do that but i'm working across departments and god forbid i make their servers work the right way.
20:17 forrest vexati0n: Just do it ;)
20:18 herlo joined #salt
20:18 ndrei joined #salt
20:18 vankooch forrest: that look great I’ll dive into and try that out
20:18 vankooch thx
20:19 forrest vankooch: np.
20:19 murrdoc vexati0n: Just do it
20:19 murrdoc what are u trying to do
20:21 forrest murrdoc: He has a crappy service some other team wrote that doesn't use an actual service for the OS, just starts a process.
20:22 murrdoc ah
20:22 murrdoc cant be supervisor'ed ?
20:22 murrdoc or monit'ed
20:22 forrest murrdoc: I already provided some details regarding how cmd.run could resolve it, jokingly said to just rewrite their service.
20:22 forrest murrdoc: I suggested to write a service up
20:22 Ryan_Lane supervisor. never again
20:22 murrdoc word ?
20:22 murrdoc i use it with my graphite
20:22 murrdoc and carbons
20:22 murrdoc why u no like Ryan_Lane
20:22 Ryan_Lane do you run more than one process under the same supervisor?
20:22 murrdoc forrest:  u the man
20:23 Ryan_Lane does it handle your logs?
20:23 murrdoc handle ?
20:23 herlo left #salt
20:23 murrdoc it makes a log file for stderr and stdout
20:23 Ryan_Lane do you put logs out through stdout and stderr?
20:23 murrdoc i mean i use it for graphite
20:24 murrdoc among other thing
20:24 rsimpkins I want to do something like 'salt "host" grains.get some:nested:grain:*glob*:sub_key' - Is there a way to go about this?
20:24 Ryan_Lane so, if one daemon spews a lot of logs, supervisor will hang when it tries to do a restart of any process
20:24 Ryan_Lane in the middle of restarting a process, too
20:24 murrdoc this i havent run into
20:25 murrdoc what do u use instaead of supervisor ?
20:25 Ryan_Lane I have. we had to move away from supervisor because of it
20:25 Ryan_Lane we moved to runit, which I'm also not totally happy with
20:25 Ryan_Lane I wish I could just use systemd
20:25 murrdoc really
20:25 vexati0n ok ... got a successful state test, but not sure whether "unless execution succeeded" means it did or did not run the original cmd
20:25 murrdoc write a validation state vexati0n
20:26 monkey66 joined #salt
20:26 murrdoc u mean the initctl stuff from systemd right, Ryan_Lane
20:26 Ryan_Lane murrdoc: well, systemd as a whole :)
20:26 murrdoc u want that sweet sweet journald too ?
20:27 Ryan_Lane I want one init system
20:27 Ryan_Lane right now we have 3. sysv, upstart and runit
20:27 forrest no Ryan_Lane, we need a bunch of shitty systems that do too much, instead of focusing on one task and doing it good
20:27 forrest come on
20:28 ek6 ryan wants his one ring to rule them all
20:28 forrest he just wants a system that can start services and work
20:28 Ryan_Lane forrest: :)
20:28 murrdoc i like the init stuff in systemd
20:28 ek6 well systemd will do that right after if makes coffee for you and tidy's up the place a bit
20:28 murrdoc someone packaged those scripts up
20:29 forrest I did like systemd, until it started merging with everything like some kind of parasitic blob.
20:29 manfred forrest:  the word you are looking for is monolithic
20:29 murrdoc <3 http://linux.die.net/man/8/initctl
20:30 Ryan_Lane forrest: do you like docker?
20:30 murrdoc specifically i <3 respawn
20:30 ek6 all will be well after systemd gets broken up into 500 specific docker containers  /ducks
20:30 Ryan_Lane docker does almost as much shit as systemd
20:30 forrest Ryan_Lane: I'm not sold on it yet. I like the functionality, but I think it was designed 'by devs for devs' all their crap of running everything as root, one process, etc. makes me just want to use lxcs, and give docker the finger.
20:31 forrest it's like someone said 'hey what if we made this container, but managing it was total shit, and you had to use what basically amounts to bash to build your environment.'
20:31 baweaver joined #salt
20:32 Ryan_Lane forrest: you can ditch docker easily
20:32 Ryan_Lane use systemd-nspawn :)
20:32 forrest lol
20:32 forrest we aren't even using docker
20:32 forrest I'm just testing it out to make dev work easier
20:32 Ryan_Lane we're using it for dev/vi
20:32 Ryan_Lane *ci
20:32 Ryan_Lane it's nice for that
20:33 forrest yeah it is nice for that
20:33 ek6 ah ci..thought you were saying using it for the devil there for a min
20:33 forrest but I still think it's stupid I can't use salt to provision the inital vm Ryan_Lane
20:33 forrest err container
20:33 Ryan_Lane I was able to test salt upgrade for every one of my services on my laptop :)
20:33 forrest I don't want to write a bunch of BS dockerfile script, I already wrote the salt code
20:33 Ryan_Lane forrest: I do
20:33 Ryan_Lane docker run + commit
20:33 Ryan_Lane initial run runs salt. then you do a commit to make an image
20:33 Ryan_Lane we have no docker files
20:33 forrest yeah you're installing salt onto the docker container right?
20:34 Ryan_Lane yeah, but it isn't necessary
20:34 forrest yeah, I'm just saying that violates their philosophy.
20:34 Ryan_Lane install the deps, volume mount in a frozen salt venv
20:34 Ryan_Lane fuck their philosophy
20:34 rwaterbury joined #salt
20:34 forrest That's what I said
20:34 Ryan_Lane use containers however you want
20:34 forrest did you commit this anywhere Ryan_Lane?
20:34 Ryan_Lane we run fat containers
20:34 Ryan_Lane forrest: it's all in-house
20:35 Ryan_Lane sorry :)
20:35 forrest It happens
20:35 Ryan_Lane my coworker did most of it. I need to get him to write a blog post :D
20:35 ek6 fat as in how many active processes on any given container ryan?
20:35 forrest would be nice not to reinvent the wheel, but whatever.
20:35 Ryan_Lane ek6: more than one :)
20:35 forrest Run the whole app in the container is my opinion
20:35 WildPikachu Ryan_Lane, or he can create github project ;)
20:35 ek6 ryan_lane: yes i know your a heathen im just trying to get a scale picture
20:35 Ryan_Lane we use the phusion base image
20:35 Ryan_Lane which runs runit
20:35 forrest I don't care about docker's philosophy either. I just wish provisioning docker containers with salt was a simpler process.
20:36 murrdoc dude trovalds says hardware for life
20:36 Ryan_Lane runit launches all necessary services for the service
20:36 murrdoc and the guy wrote linux and git
20:36 murrdoc so u know he right
20:36 * murrdoc grabs popcorn
20:36 Ryan_Lane usually it's gunicorn, nsq, a python gevent daemon, and runit
20:36 Ryan_Lane we don't do docker in prod. some of those services could move to the host if we did
20:37 ek6 ive certainly seen and heard of worse
20:37 drawsmcgraw joined #salt
20:37 ek6 worse as in bloated containers
20:38 XenophonF eh linus is just a glorified PM these days, he's clueless
20:38 XenophonF ;)
20:38 murrdoc thanks XenophonF
20:42 murrdoc forrest:  did u clear with iggy before merging (the ek6 troll continues)
20:42 forrest murrdoc: before merging what?
20:43 baweaver joined #salt
20:43 murrdoc nvm
20:43 murrdoc its a bad joke
20:43 murrdoc i was beating it to death
20:43 murrdoc i should stop working
20:43 laax joined #salt
20:43 forrest yes you should
20:43 forrest if it is outside work hours
20:43 murrdoc its 4pm
20:43 murrdoc so its not outside work hours
20:44 chingadero joined #salt
20:44 forrest It's Friday before a 3 day weekend, GTFO
20:44 murrdoc no U GTFO
20:44 murrdoc I SHOULD GTFBTW
20:44 forrest I will in a few hours
20:44 murrdoc u are right tho
20:45 murrdoc u know what fuck it, going to buy tickes for mad max and watch it
20:45 murrdoc later gents
20:45 murrdoc and uh ladies, if any
20:45 murrdoc o/
20:45 forrest see ya
20:47 murrdoc joined #salt
20:47 chingadero left #salt
20:49 spookah joined #salt
20:50 rwaterbury Hey,  I was in this chat for the first time a couple of days ago.  I was trying to figure out how to make an api request that would remove a node from salt.  I was steered in the direction of the wheel client using key.delete.
20:51 rwaterbury I understand that now, and I am making test requests to the wheel client.  Specifically sending the method ‘key.list_all’ trying to get something to work with the wheel module.
20:51 rwaterbury I keep getting back the response “Welcome”.
20:52 iggy did you specifically enable wheel in the eauth perms? (i.e. .*\n@wheel\n@somethingelse)
20:53 rwaterbury And it appears that ‘wheel’ may not be in the client list as part of the response body has the key ‘clients’ and the value of [\"runner\", \"local_async\", \"local\", \"local_batch\”]
20:53 rwaterbury no I didn’t specifically authourize access to wheel anywhere.
20:54 rwaterbury How would I edit eauth permissions?
20:55 iggy in the config
20:55 badon_ joined #salt
20:55 iggy something you should have done when setting up salt-api
20:56 julez joined #salt
20:57 ferbla joined #salt
20:57 Guest70969 joined #salt
20:57 hal58th_1 joined #salt
20:57 rwaterbury I have looked at the config and changed it a little for testing purposes… but I am not exactly sure how to do this.
20:57 rwaterbury I will look at it and consider.
20:57 hal58th_2 joined #salt
20:58 smcquay joined #salt
20:58 iggy do you have an eauth section in the config?
20:58 ferbla Hi I am really new to Salt, so this may be a dumb question. I am trying to setup a windows minion to work with saltutil.update, but it isn't working
20:58 hal58th_3 joined #salt
20:58 ferbla I point to this location 'docs.saltstack.com/downloads/' on the minions update_url
20:58 rwaterbury Yes I do.
20:59 iggy rwaterbury: can you gist it?
20:59 rwaterbury I have a question.  Once I change something in the config, so I only need to restart salt-master or is there something else I need to do for changes to take effect?
21:00 iggy probably api too, noty entirely sure
21:02 rwaterbury Ah, have to go - I’ll send a gist when I get back.  Will you still be on in an hour or so?
21:02 Tyrm joined #salt
21:02 iggy probs
21:03 aparsons joined #salt
21:15 c10 joined #salt
21:21 viderbit joined #salt
21:23 rwaterbury joined #salt
21:24 otter768 joined #salt
21:25 laax joined #salt
21:33 hal58th joined #salt
21:33 hal58th_ joined #salt
21:34 hal58th__ joined #salt
21:34 primechuck joined #salt
21:35 baweaver joined #salt
21:38 rwaterbury @iggy, I’m back :)
21:38 rwaterbury Are you still about?
21:44 iggy si
21:44 rwaterbury Ah great.  Here is a link to my gist: https://gist.github.com/rebekah/83f7c54daeaa4cd437f2
21:45 quist joined #salt
21:45 rwaterbury It’s just the little section regarding the eauth settings.
21:45 iggy next line after "- .*", put "- @wheel"
21:45 rwaterbury ah, cool
21:46 rwaterbury And then I’ll restart both salt-master and salt-api, is that right?
21:49 rwaterbury Hmm, that didn’t work.
21:49 rwaterbury ah, I think I forgot the comma ;)
21:50 rwaterbury Hmm, should there be a comma?
21:51 iggy no
21:51 iggy that's grammar, not config
21:51 rwaterbury hmmm, should it be on the same line or on the next line?
21:51 iggy next line... it's a yaml list
21:52 rwaterbury That’s what I did, and it didn’t like it.  I got this error: found character '@' that cannot start any token
21:52 iggy put '' around @wheel then
21:52 rwaterbury in "<string>", line 167, column 7:
21:52 rwaterbury - @wheel
21:52 iggy - '@wheel'
21:52 rwaterbury ah, ok I’ll try that.  Thanks so much.
21:52 iggy this is all in the docs somewhere, I'm going off vague recollections
21:53 drawsmcgraw joined #salt
21:53 supersheep joined #salt
21:54 rwaterbury hmmm, it didn’t like that either
21:54 rwaterbury I will try to find those docs.
21:56 rwaterbury ok, thanks for the nudge
21:57 rwaterbury I put in - wheel.*
21:57 cberndt joined #salt
21:57 rwaterbury And it didn’t have an error, but now I’m going to run my api call again.
22:01 rwaterbury Hmmm, it’s just hanging.
22:02 rwaterbury … well I’m not sure what is going on.
22:04 n8n joined #salt
22:04 tedski trying to get salt.modules.cassandra working.  i set the relevant bits in the pillar per https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.cassandra.html and the module doesn't seem to pick them up.
22:05 tedski the error i get is [salt.loaded.int.module.cmdmod] 303ms Command ' -h info' failed with return code: 127
22:06 tedski the command should be '<path to nodetool> -h <host> info' where those params are from the pillar
22:08 analogbyte joined #salt
22:10 baconbeckons joined #salt
22:10 mapu joined #salt
22:11 aCodinMa_ joined #salt
22:16 SheetiS joined #salt
22:17 cromark joined #salt
22:21 dwfreed joined #salt
22:23 clintber_ joined #salt
22:23 iggy rwaterbury: https://docs.saltstack.com/en/latest/topics/eauth/index.html has what I'm talking about
22:25 monkey66 left #salt
22:25 notnotpe_ joined #salt
22:28 sergutie_ joined #salt
22:29 hoherd joined #salt
22:29 cruatta joined #salt
22:29 hoherd left #salt
22:31 soren_ joined #salt
22:37 Tyrel joined #salt
22:37 sunkist joined #salt
22:39 baweaver joined #salt
22:54 smcquay joined #salt
22:55 rwaterbury Yep, I just ran into that earlier.  You were right ;)
22:55 rwaterbury I just read your suggestion wrong at first.
22:55 rwaterbury It appears to be setting my permissions correctly now, but I’m still getting the same error.
22:55 rwaterbury Are you at all familiar with rest_tornado?
22:56 iggy that's what we use
22:57 rwaterbury So when I make my call with the json data values: {client: ‘wheel’, fun: ‘key.list_all’, method: ‘:get’}, I get a response that has the value {return: “Welcome”}
22:57 iggy but we don't use eauth (or more precisely we use auto and other means to secure the interface)
22:58 desposo joined #salt
22:58 mippiethefrenchg joined #salt
22:58 mippiethefrenchg hallo
22:58 rwaterbury but the other key/value in the response is what I find interesting
22:59 rwaterbury It’s key is ‘clients’ and the values is a set of clients that does not include ‘wheel’.
22:59 rwaterbury I can show it to you, but it’s json ;)
22:59 rwaterbury "{\"clients\": [\"runner\", \"local_async\", \"local\", \"local_batch\"], \"return\": \"Welcome\"}"
23:00 rwaterbury That’s what I get when I use the GET method.
23:00 iggy you restarted the master and salt-api after makign the config changes?
23:01 rwaterbury And When I use the POST method I get a response code of 400.
23:01 iggy I'd expect to see wheel in there with runner
23:01 rwaterbury Yes, I did.
23:01 rwaterbury I ran the commands: sudo server salt-master restart and sudo service salt-api restart
23:02 rwaterbury Yeah, that was what I was thinking.
23:03 p66kumar joined #salt
23:04 iggy I've honestly not messed around with wheel and salt-api
23:04 iggy the furthest I've gotten is displaying minion info
23:04 rwaterbury yup
23:04 rwaterbury Thank you so much!
23:04 rwaterbury I really appreciatte your time and trying to help.
23:05 p66kumar Hi
23:05 iggy there have to be some write ups somewhere on using the wheel stuff with salt-api... so many people are allegedly using it to handle keys
23:05 p66kumar I’m getting error while using bolo modules in salt sls
23:05 p66kumar State 'boto_iam.create_role' was not found in SLS
23:05 p66kumar any idea what I’m doing wrong?
23:06 iggy what version of salt?
23:06 p66kumar alt-call --version
23:06 p66kumar salt-call 2015.5.0 (Lithium)
23:07 rwaterbury Yeah, there are. Here is one: https://groups.google.com/forum/#!topic/salt-users/6bL35LcRKc4
23:07 iggy p66kumar: you have boto installed?
23:07 p66kumar yes
23:07 p66kumar this works fine: salt-call boto_iam.create_role myrole --local
23:07 mippiethefrenchg @rwaterbury https://github.com/saltstack/salt/issues/7000
23:07 rwaterbury But it appears I am doing the same thing… but you know I’m going to mess around with curl, why not?
23:07 iggy (i.e. you can run: python -c "import boto" )
23:07 p66kumar but in sls it gives error
23:08 rwaterbury @iggy omg, you are fast
23:08 iggy that's what the gf says :(
23:09 mippiethefrenchg ... i think we're seeing the same woman,
23:09 whiteinge rwaterbury: when you send JSON you have to send a list of dictionaries
23:10 viderbit joined #salt
23:10 rwaterbury I do… and that would make me lebian or at least bi ;)
23:10 rwaterbury “lesbian”
23:11 p66kumar @iggy this works fine: salt-call boto_iam.create_role myrole --local
23:11 p66kumar so why sls is giving error .. any clue?
23:11 whiteinge rwaterbury: [{"client": "wheel", "fun": "key.accept", "match": "some_mid"}, {"client": "wheel", "fun": "key.list_all"}]
23:12 iggy p66kumar: not really, aside from version and having the python modules installed, it should work
23:12 rwaterbury yes, that is the format that is being sent -
23:12 baweaver side note whiteinge, still trying to get the gem open sourced over here
23:12 * baweaver works with rwaterbury
23:12 * baweaver also has no idea about wheel client
23:12 whiteinge baweaver: glad to hear it. :)
23:13 whiteinge i wouldn't wish a legal dept on my worst enemy.  ;-)
23:13 rwaterbury The link you pointed me dicusses the issue briefly…. and I’m not sure what he means by: “adding @wheels to external_auth”
23:13 p66kumar @iggy .. is this correct?
23:13 p66kumar myrole:
23:13 p66kumar boto_iam.create_role:
23:13 p66kumar - name: myrole
23:13 p66kumar - region: us-east-1
23:14 iggy no clue, never used the boto modules/states
23:14 p66kumar it’s execution is throwing error
23:14 baweaver whiteinge: working the 'better to ask forgiveness than permission' angle hypothetically at this point.
23:15 rwaterbury seriously ;)
23:15 iggy I have wording in my employment contract that says whatever I do on my own time is mine... I do a lot "on my own time"
23:16 whiteinge heh
23:16 baweaver Mine basically says I sold my soul to them and anything remotely inspired by work is theirs
23:17 rwaterbury brandon or iggy do could olliewalsh be referring to something other then giving the eauth permission on @wheel(as we had already achieved) in his comment: https://github.com/saltstack/salt/issues/7000
23:17 baweaver (baweaver === brandon a weaver)
23:18 whiteinge rwaterbury: if you're eauth isn't configured right salt-api should return a 401. a 400 response means the request was malformed somehow
23:18 whiteinge s/you're/your
23:21 whiteinge main things to check: make sure you're sending a POST request, that the content-type header is set to application/json, that the request body contains _valid_ json (run it through a checker to be sure), and that it's a list of dictionaries
23:23 rwaterbury Why do we need to use the POST Method?
23:24 gyre007 joined #salt
23:24 rwaterbury I read that previously, but I wasn’t sure if it ws relevant for the rest_tornado api.
23:24 rwaterbury And thanks guys, you are all helping.
23:24 iggy if you're sending actions, that's a post, if you're just querying something (i.e. getting a minion list) it's get
23:24 drawsmcgraw joined #salt
23:25 ashb joined #salt
23:25 otter768 joined #salt
23:25 bbhoss joined #salt
23:26 rwaterbury iggy, ok I’m calling the method list_all on key in the wheel client, so that should be a GET right?
23:27 markm joined #salt
23:27 EWDurbin joined #salt
23:29 spookah joined #salt
23:29 iggy uh... listen to whiteinge... my salt-api work amounts to getting a list of minions
23:29 rwaterbury joined #salt
23:29 iggy (which was a get, but I can't swear that everything would be)
23:32 moderation joined #salt
23:33 rwaterbury my computer randomly restarted…
23:34 rwaterbury iggy, I didn’t get your last few comments.
23:34 rwaterbury I’m going to check the history, just a sec.
23:35 rwaterbury ok, I see what your wrote. got it.
23:36 rwaterbury Any idea what the guy was referring to in the link you shared with me? “adding @wheels to external_auth”
23:37 aCodinMan joined #salt
23:37 rwaterbury Of course other then what we already did by explicitely giving permission to my api user on wheel?
23:37 whiteinge rwaterbury: the root endpoint requires POST requests for everything besides seeing the "Welcome" message.
23:38 rwaterbury whiteinge: ah… ok that’s good to know
23:38 rwaterbury whiteinge: so the 400 error is actually the relevant response
23:38 whiteinge yes. the request is malformed.
23:39 whiteinge what client are you using to make the request? curl/python/etc?
23:39 whiteinge oh, ruby from the looks of it.
23:40 rwaterbury yes, it’s a ruby gem
23:40 rwaterbury My computer crashed, just a sec
23:41 rwaterbury It’s the Typhoeus gem.
23:42 rwaterbury But I’m going to mess around with curl for a little while.  We are successfully making other requests to the api though.
23:43 whiteinge go through those four checklist items i mentioned above. it's almost definitely one of those. malformed json is a common culprit (single quotes instead of double quotes, a trailing comma, etc)
23:44 mrbigglesworth joined #salt
23:50 soren_ joined #salt
23:57 ntropy i wanted to use state.show_sls function to syntax-check my states before commit (in pre-commit hook), but notice that state.show_sls always exits with code 0
23:57 ntropy is there another way to achieve this?

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary