Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2015-05-28

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:00 bhosmer_ joined #salt
00:00 vexati0n so... how do i use a jinja variable in an SLS file that checks against a grain that might not actually exist on all minions?
00:00 vexati0n it works when the grain exists, but if it isn't there I get "Jinja variable 'dict object' has no attribute"
00:01 KyleG maybe check if the grain is null? then add an elif ?
00:01 mosen could do if 'prop' in grains
00:02 mosen depends whether theres a default behaviour too?
00:02 murrdoc dont use grains['prop']
00:02 murrdoc use salt['grains.get']('prop', '')
00:02 vexati0n it's just additional behavior if the grain exists, not an if/else thing
00:02 murrdoc or salt.grains.get('prop', '') instead
00:02 murrdoc it wont error out
00:02 mosen what murrdoc says :)
00:02 murrdoc sup mosen
00:03 vexati0n okay so it would be ... {{% if salt.grains.get('<grain_name>', '<grain_value>') %}}
00:03 vexati0n ?
00:03 iggy second arg is default value
00:03 mosen the second parameter is the default, if nothing exists. So as murrdoc says, you can use an  empty value
00:04 vexati0n ok
00:04 ajw0100 joined #salt
00:04 iggy if you just leave it off, the default... default is NoneType which evals to False
00:05 murrdoc true
00:05 iggy great for {% if salt['grains.get']('roles:web') %} web stuff {% endif %}
00:06 mschiff joined #salt
00:06 bhosmer_ joined #salt
00:07 baweaver joined #salt
00:08 c10 joined #salt
00:09 andrej iggy: the __virtual__ thing was a red herring :} ... I had a logic error I didn't spot earlier (not sure why it didn't crash and burn yesterday w/o the def and main part yesterday)
00:13 subsignal joined #salt
00:14 vexati0n gah. stupid china firewall.
00:26 yuhl_work____ joined #salt
00:26 mrbigglesworth joined #salt
00:27 warthog42 joined #salt
00:39 troyready joined #salt
00:41 iggy tiadobatima: haven't looked at what you're doing with it, but the zookeeper-formula is a horrid mess
00:42 cruatta_ joined #salt
00:43 tiadobatima iggy: as of now I haven't done anything with it... was just trying to use it, but I found it very hard unless the environment is setup very specifically as required
00:46 lloesche I am on 2015.5.0 and have policycoreutils and policycoreutils-python installed. But Salt doesn't know about the selinux state. Do I have to activate that somewhere?
00:47 al joined #salt
00:48 mschiff joined #salt
00:48 mschiff joined #salt
00:50 otter768 joined #salt
00:52 julez joined #salt
00:55 cberndt joined #salt
00:59 MatthewsFace joined #salt
01:11 iwishiwerearobot joined #salt
01:13 Aidin joined #salt
01:17 cruatta joined #salt
01:20 mrbigglesworth joined #salt
01:21 david_an111 joined #salt
01:23 paha joined #salt
01:30 cruatta_ joined #salt
01:31 forrest joined #salt
01:37 techdragon joined #salt
01:37 Zachary_DuBois joined #salt
01:45 writtenoff joined #salt
01:46 Aidin joined #salt
01:48 iggy lloesche: how did you install those packages?
01:48 lloesche iggy: using a salt state, I'm on CentOS7
01:49 iggy if you use pkg.installed, it should have reloaded modules for you
01:50 lloesche I even tried restarting salt-minion but neither can I use the state nor does it show up in sys.doc
01:50 lloesche I'm now using cmd.run to call setenforce
01:50 iggy you can run semanage and setsebool?
01:51 lloesche yup, they're both there
01:53 lloesche_ joined #salt
01:53 lloesche_ ups, disconnect - did my gist make it?
01:53 iggy does /sys/fs/selinux/enforce exist?
01:53 lloesche_ https://gist.github.com/lloesche/34cd1187797fad32c6a4 <= that's how I installed the package and tried to call the selinux state...
01:53 iggy or /selinux/enforce
01:54 iggy https://github.com/saltstack/salt/blob/develop/salt/modules/selinux.py#L27
01:54 lloesche_ nope
01:54 iggy it checks for semanage sesetbool, grains['kernel'] = 'Linux' and those files
01:55 bhosmer joined #salt
01:55 lloesche_ oh.. I see, I think I know whats happening then... the role also disables selinux and I probably rebooted the machine since it did that
01:56 cruatta joined #salt
01:56 lloesche so, in the state above I'm setting it to permissive now, but before that I set it to disabled.
01:57 lloesche which means that the formula would probably work but once it successfully disabled selinux it would throw errors on future runs since the subsystem is no longer running
01:57 c10 joined #salt
01:58 techdragon joined #salt
02:00 cberndt joined #salt
02:00 mrbigglesworth joined #salt
02:04 bhosmer joined #salt
02:14 mrbigglesworth joined #salt
02:16 ajw0100 joined #salt
02:28 smart009131 joined #salt
02:33 vexati0n anyone have an idea how i would issue a cmd.run that would start an openvpn connection (i already have a working config), verify that it succeeds, then close the vpn?
02:35 cedwards I'm working on an ext_pillar module that throws the ext data into a nested dict (ie; pillar['custom']).
02:35 cedwards i'm not sure what to configure in the top.sls to allow access to that custom data..
02:37 genediazjr joined #salt
02:40 mgw joined #salt
02:41 julez joined #salt
02:42 edrocks joined #salt
02:42 iggy cedwards: same as anything else, I think the match data or the hostname gets passed
02:44 iggy yeah, minion_id gets passed, you match on that
02:45 cedwards right.. but do I list 'custom' as the pillar data i'm allowing?
02:46 iggy you return a dict that gets merged into the pillar
02:46 evle joined #salt
02:47 iggy so... return {'custom': .... }
02:47 iggy not sure if I understand your question
02:49 genediazjr joined #salt
02:51 otter768 joined #salt
02:55 mrbigglesworth joined #salt
02:59 genediaz_ joined #salt
03:00 mosen joined #salt
03:02 stanchan joined #salt
03:06 favadi joined #salt
03:07 genediazjr joined #salt
03:11 cedwards sorry.. had to put a kid to bed
03:11 cedwards the dict i'm populating is pillar['custom'][key] = value
03:12 iggy can you paste it?
03:12 kossy_ joined #salt
03:15 hasues joined #salt
03:21 hasues left #salt
03:25 Zachary_DuBois joined #salt
03:25 Aidin joined #salt
03:33 murrdoc joined #salt
03:35 cedwards i finally got it. my dict was properly formatted, but my API query was malformed so I wasn't getting back what I expected.
03:37 llua joined #salt
03:37 llua joined #salt
03:46 c10 joined #salt
03:53 bhosmer_ joined #salt
03:54 Aidin joined #salt
04:01 jdesilet joined #salt
04:01 hal58th joined #salt
04:01 hal58th_ joined #salt
04:02 hal58th__ joined #salt
04:03 smcquay_ joined #salt
04:09 smcquay_ joined #salt
04:09 cberndt joined #salt
04:16 murrdoc joined #salt
04:18 murrdoc joined #salt
04:19 Furao joined #salt
04:22 amcorreia joined #salt
04:26 Furao joined #salt
04:29 julez joined #salt
04:31 dimeshake joined #salt
04:44 cberndt joined #salt
04:45 mrbigglesworth joined #salt
04:45 joeto joined #salt
04:46 mrbigglesworth joined #salt
04:51 noway__ joined #salt
04:52 otter768 joined #salt
04:54 mrbigglesworth joined #salt
04:55 stevednd joined #salt
04:56 mrbiggle_ joined #salt
05:00 Furao_ joined #salt
05:07 ndrei joined #salt
05:08 subsignal joined #salt
05:12 mrbigglesworth joined #salt
05:12 allanparsons joined #salt
05:18 tkharju joined #salt
05:19 SeungLee joined #salt
05:19 cberndt joined #salt
05:21 denys joined #salt
05:21 dimeshake joined #salt
05:23 catpigger joined #salt
05:25 cberndt joined #salt
05:26 cberndt joined #salt
05:28 julez joined #salt
05:31 c10 joined #salt
05:36 cberndt joined #salt
05:40 clemensb joined #salt
05:42 bhosmer_ joined #salt
05:44 cberndt joined #salt
05:44 cruatta joined #salt
05:45 clemensb joined #salt
05:46 TheHelmsMan joined #salt
05:47 juanito joined #salt
05:47 Aidin joined #salt
05:48 juanito gday guys, quick question in the latest version 2015.5.0 i am install salt-master using the bootstrap script with those arguments: -P -M -N stable
05:48 juanito and salt-api is not installed
05:49 juanito i though as long as salt-master was installed salt-api was as well
05:50 bougie is it possible to execute a command on a remote with which do not have a python intepreter installed ?
05:50 bougie like excute a apt-get install python to instaln python :)
05:52 __number5__ bougie: yes, ssh
05:53 rdas joined #salt
05:53 cruatta joined #salt
05:55 rhodgin joined #salt
05:57 cruatta_ joined #salt
06:04 bougie __number5__: inside salt(-ssh) ?
06:04 colttt joined #salt
06:08 mosen bougie: yep using salt-ssh
06:09 subsignal joined #salt
06:16 flyboy joined #salt
06:18 AndreasLutro joined #salt
06:27 ITChap joined #salt
06:27 wvds_nl joined #salt
06:28 mdupont joined #salt
06:29 ndrei joined #salt
06:32 c10 joined #salt
06:37 izak joined #salt
06:39 tzero joined #salt
06:42 soren_ joined #salt
06:52 mrbigglesworth joined #salt
06:52 otter768 joined #salt
06:55 dh__ joined #salt
06:57 kevc joined #salt
06:57 kevc is there a preferred pattern for having multiple admins with a single salt master?
06:59 dh_powerhost joined #salt
07:01 dh_powerhost joined #salt
07:03 tmclaugh[work] joined #salt
07:04 dh_powerhosti joined #salt
07:06 dh_powerhosti joined #salt
07:08 hojgaard_ joined #salt
07:09 hojgaard_power joined #salt
07:10 hojgaard joined #salt
07:10 hojgaard_ joined #salt
07:10 kawa2014 joined #salt
07:11 hojgaard joined #salt
07:11 eseyman joined #salt
07:13 hojgaard joined #salt
07:15 joeto joined #salt
07:15 jasonrm joined #salt
07:17 slav0nic joined #salt
07:18 hojgaard_ joined #salt
07:21 hojgaard joined #salt
07:21 hojgaard joined #salt
07:22 hojgaard joined #salt
07:22 c10 joined #salt
07:23 hojgaard joined #salt
07:23 hojgaard_ joined #salt
07:27 julez joined #salt
07:31 bhosmer_ joined #salt
07:31 jhauser joined #salt
07:31 al joined #salt
07:31 bastiaan joined #salt
07:31 Aidin1 joined #salt
07:33 markm joined #salt
07:36 jhauser_ joined #salt
07:47 wvds-nl joined #salt
07:53 ninkotech_ joined #salt
07:53 wvds-nl joined #salt
07:59 illern joined #salt
07:59 wvds_nl joined #salt
07:59 Grokzen joined #salt
08:04 slav0nic where i can find example for Saltfile?
08:06 s_kunk joined #salt
08:07 s_kunk joined #salt
08:13 bbradley joined #salt
08:16 viq joined #salt
08:17 bbradley joined #salt
08:19 Auroch joined #salt
08:21 bbradley joined #salt
08:22 c10 joined #salt
08:23 julez joined #salt
08:30 ndrei joined #salt
08:30 Mate is there a way for pip.installed to check for package name (like pysphere==0.1.8), but install it from a http url if needed?
08:37 refnode joined #salt
08:39 cberndt joined #salt
08:42 CeBe joined #salt
08:46 ctolsen joined #salt
08:47 linjan joined #salt
08:48 fredvd joined #salt
08:50 stanchan joined #salt
08:53 otter768 joined #salt
09:00 N-Mi joined #salt
09:00 CeBe1 joined #salt
09:07 keimlink joined #salt
09:09 k_sze[work] joined #salt
09:14 evle joined #salt
09:15 harkx joined #salt
09:19 bhosmer joined #salt
09:21 pkimber joined #salt
09:29 Auroch joined #salt
09:31 joeto joined #salt
09:33 TheHelmsMan joined #salt
09:36 Berty_ joined #salt
09:39 ctolsen joined #salt
09:41 VSpike I'm being bitten by this bug today https://github.com/saltstack/salt/issues/18067
09:42 VSpike Regarding the suggested workaround, how would I format that? I've tried - flags: [ 2 ] and - flags: [ '2' ] but neither works
09:44 AndreasLutro VSpike: I don't think that's a userland workaround
09:45 supersheep joined #salt
09:47 VSpike Oh. Rats
09:48 bastiaan slav0nic: http://docs.saltstack.com/en/latest/topics/ssh/index.html#define-cli-options-with-saltfile
09:49 AndreasLutro VSpike: nevermind, I was wrong
09:49 AndreasLutro `flags: 2`
09:49 bastiaan not the most logic place, indeed. as Saltfile works for all CLI tools
09:56 calve joined #salt
09:56 calve hi all
09:56 calve I know I can use the content of a pillar in a file with `contents_pillar`
09:56 calve however, is there a solution to concat two or more pillars into one file ?
09:59 VSpike AndreasLutro: aha! awesome.
09:59 VSpike So I suppose you just supply a single integer which is all the flag values or'd together
09:59 bastiaan calve: you could write a jinja template for the file that includes the pillars
10:00 calve bastiaan: thats exactly what I am trying to avoid
10:02 c10 joined #salt
10:02 Hazelesque Hi there
10:02 Hazelesque I don't know if I've done this right, but
10:02 Hazelesque I've just submitted a pull request for a one-word docstring fix
10:02 Hazelesque Docstring fix: s/deleted/held/ in salt.modules.yumpkg.hold
10:02 Hazelesque https://github.com/saltstack/salt/pull/24205
10:02 Hazelesque I saw the error in the documentation and it bugged me, so I went and fixed it
10:02 bastiaan calve: why?
10:04 calve bastiaan: to reduce the number of files and states managed
10:04 calve i liked the contents_pillar syntax
10:05 calve thought maybe there is some `contents_pillar : thispillar + thatpillar` syntax to concat both
10:08 xnaveira hi everyone, I wrote this custom grain in /srv/salt/_grains and now I have to run a saltutil.sync_all every time I want to run a highstate, otherwise I get this error complaining about not finding the custom grain
10:08 xnaveira is there a way to not have to sync every time?
10:11 AndreasLutro Hazelesque: looks correct
10:11 AndreasLutro if that was what you wanted to know
10:12 Hazelesque AndreasLutro: mostly I wanted to know "am I doing it right? is this how I submit little documentation fixes?"
10:13 AndreasLutro Hazelesque: yep
10:14 * Hazelesque is fairly new to git and GitHub specifically (but not new to version control -- I use hg and Bitbucket and such extensively at work), so just wanted a sanity check, to make sure I wasn't firing my request into /dev/null :)
10:14 Hazelesque AndreasLutro: cheers :)
10:15 Hazelesque presumably if I had, say, a handful of related documentation fixes, say to a single execution module... I'd write those in one branch, and submit one pull request? rather than doing a PR for each [of the related] one line change[s]?
10:17 AndreasLutro Hazelesque: if they're all somewhat related (all documentation changes in the same module, for example) then 1 PR is fine, might even go so far as to say 1 commit would be fine
10:17 Hazelesque I ask because http://docs.saltstack.com/en/latest/topics/development/contributing.html says "A branch should have one purpose. For example, "Fix bug X," or "Add feature Y". Multiple unrelated fixes and/or features should be isolated into separate branches." but there's a little bit of room for interpretation there
10:17 Hazelesque okay :)
10:18 Hazelesque I'm not necessarily going to be going on a "typo fixing rampage", just wondering, heh
10:22 SeungLee joined #salt
10:31 julez joined #salt
10:33 amcorreia joined #salt
10:36 stephanbuys joined #salt
10:39 elfixit joined #salt
10:41 kbyrne joined #salt
10:43 giantlock joined #salt
10:46 quist joined #salt
10:47 dkrae joined #salt
10:54 otter768 joined #salt
10:55 xMopxShell joined #salt
10:59 VSpike Well, that was wierd. Ran a highstate on a minion from the master and it didn't touch C:\salt\var\log\salt\minion at all. Ran the same via salt-call from the minion and it wrote to the log
11:00 ashp joined #salt
11:00 VSpike Me and my Windows, eh?
11:05 xMopxShell joined #salt
11:06 johngrasty joined #salt
11:08 bhosmer joined #salt
11:08 PI-Lloyd winblows... yuck
11:10 PI-Lloyd although I've seen similar things in Ubunut as well, it is odd behaviour indeed.
11:10 PI-Lloyd Ubuntu even
11:13 VSpike I used to strongly dislike Windows but tolerated it as a necessary evil to find a job round here. Now I've started on infrastructure automation I've come to hate it with a passion and will seek my next job specifically on never having to touch windows :) Even if I have to commute 100 miles to do it
11:16 johngrasty joined #salt
11:18 supersheep joined #salt
11:18 enmuro joined #salt
11:18 bahadir joined #salt
11:19 CeBe1 joined #salt
11:20 joehh evidence: ubuntu ppa getting love over next few hours
11:24 ashp joined #salt
11:24 djinni` joined #salt
11:24 johngrasty joined #salt
11:24 denys joined #salt
11:25 xMopxShell joined #salt
11:27 shadowsun joined #salt
11:30 donmichelangelo joined #salt
11:30 jeddi joined #salt
11:33 ashp joined #salt
11:33 flyboy joined #salt
11:34 shadowsun joined #salt
11:35 johngrasty joined #salt
11:36 RabidCicada joined #salt
11:38 julez joined #salt
11:38 rvankleeck joined #salt
11:38 rvankleeck joined #salt
11:40 RabidCicada Where might I get ahold of the fabled terminalmage (Erik Johnson)?  I'm looking to help with the VCS backends to enable refreshing of individual repos/branches based on webhooks.  I was looking through the issue tracker and saw that a rewrite of some of the stuff might be imminent form terminalmage anyway.  Should I hit the mail list also?
11:41 mage_ is there a salt function to check if a salt:// source file exists ?
11:41 Berty_ joined #salt
11:41 saifi joined #salt
11:41 rvankleeck_ joined #salt
11:42 djinni` joined #salt
11:43 kp666 joined #salt
11:44 djinni` joined #salt
11:44 johngrasty joined #salt
11:46 ctolsen joined #salt
11:47 ctolsen I have a reactor state that is supposed to include a file, but when I have the include in there it fails to render it with a TypeError. Pretty sure I don't have a syntax error in there. Anyone know what that might be about?
11:48 julez joined #salt
11:49 xMopxShell joined #salt
11:49 VSpike OK, here's another odd one. Why would "salt web1 pkg.list_pkgs" on the master return a different list to "salt-call pkg.list_pkgs" on the same minion? Consistently and repeatably, on multiple minions. Note: Windows
11:50 johngrasty joined #salt
11:51 VSpike Always the same package missing - Python 3
11:53 c10_ joined #salt
11:55 VSpike Here's a more specific demo https://bpaste.net/show/4fb879db3249 using the powershell code that the state seems to be executing https://bpaste.net/show/8bc995135b9a
11:58 evle joined #salt
11:58 xMopxShell joined #salt
11:58 johngrasty joined #salt
11:59 RabidCicada VSpike, The only conspiracy theory that pops into my head is that you are using python when you use salt as opposed to not using when you execute the powershell script diectly....wrap your head around that!
12:01 VSpike RabidCicada: I think it's to do with running as SYSTEM. This produces the same result when run direct on the minion: psexec -s cmd /c "echo . | powershell -File c:\test.ps1"
12:01 AndreasLutro the python 3 package's version is in the output... but not the package name o_o
12:02 VSpike Ignore the ugly hack to make powershell work with psexec .. point is that executes the powershell script as SYSTEM
12:02 elfixit joined #salt
12:02 AndreasLutro could be some information getting lost over the network? really odd
12:03 RabidCicada VSpike, good catch and experiment.  Well...since I don't have a windows box spun up with salt (and have work deadlines) it seems like you're on the way to solving the root cause:)
12:06 TheHelmsMan joined #salt
12:09 eseyman joined #salt
12:10 calve joined #salt
12:15 sgargan joined #salt
12:17 johngrasty joined #salt
12:19 eseyman joined #salt
12:19 ligthert What do you guys use to configure /etc/salt/minion to include certain database credentials?
12:20 izak joined #salt
12:20 ligthert Do you configure salt to take care of this or do you put these in manually?
12:22 johngrasty joined #salt
12:26 rdas joined #salt
12:26 wnkz joined #salt
12:28 rhodgin joined #salt
12:30 wnkz_ joined #salt
12:32 DammitJim joined #salt
12:33 wnkz joined #salt
12:34 wnkz joined #salt
12:37 TheHelmsMan joined #salt
12:40 subsignal joined #salt
12:43 wnkz joined #salt
12:43 pol_ joined #salt
12:43 ctolsen I have a grain that needs some python packages to get the information I need. I'm trying to set up a reactor so that things get installed before the first highstate, but I think everything is done async so that doesn't work very well. Am I going about this the wrong way?
12:46 al joined #salt
12:47 pol_ Hi all, I use salt-cloud with aws/ec2 and I am looking into using IAM profiles for the saltmaster itself. However, I fail to find a document outlining what AWS IAM policies I should add to the saltmaster instance. Is there a document/FAQ for this?
12:48 julez joined #salt
12:49 wnkz joined #salt
12:51 wnkz joined #salt
12:51 bougie if I use http://docs.saltstack.com/en/latest/ref/states/all/salt.states.cmd.html into a state and if I kaunch this state on a remote host with saltssh, there is no need to have python installed on the remote server ?
12:53 cpaclat joined #salt
12:54 TheHelmsMan joined #salt
12:55 otter768 joined #salt
12:56 hasues joined #salt
12:56 hasues left #salt
12:57 subsignal joined #salt
12:59 AndreasLutro bougie: I think python needs to be installed
12:59 eseyman joined #salt
12:59 subsigna_ joined #salt
13:00 jeremyr joined #salt
13:02 ndrei joined #salt
13:02 racooper joined #salt
13:04 primechuck joined #salt
13:06 wnkz_ joined #salt
13:07 dyasny joined #salt
13:07 FeatherKing joined #salt
13:09 kawa2014 joined #salt
13:09 wnkz joined #salt
13:10 murrdoc joined #salt
13:16 cpowell joined #salt
13:16 bhosmer joined #salt
13:16 cpaclat joined #salt
13:17 emaninpa joined #salt
13:18 wnkz joined #salt
13:19 wnkz joined #salt
13:21 wnkz joined #salt
13:22 damaex joined #salt
13:22 colttt joined #salt
13:23 damaex what is the difference of rejected and denied keys in the salt-key -L output?
13:26 rdas joined #salt
13:27 DammitJim damaex, can you gist it?
13:30 jdesilet joined #salt
13:31 bougie joined #salt
13:32 damaex you serious?
13:32 mapu joined #salt
13:35 zerthimon joined #salt
13:35 DammitJim paste what you see
13:36 DammitJim 'cause when I do sudo salt-key -L, I don't have a section that says: Denied Keys:
13:36 DammitJim All I got are Accepted, Unaccepted, and Rejected
13:36 DammitJim but that's just me... maybe others have a better answer
13:37 wnkz joined #salt
13:37 zerthimon joined #salt
13:37 Tyrm joined #salt
13:40 sunkist joined #salt
13:40 mpanetta joined #salt
13:42 LtLefse I think "rejected" are keys that have been manually rejected with salt-key -r, while "denied" means something was wrong with the cert
13:42 Tecnico1931 joined #salt
13:43 LtLefse just noticed I have a host listed under both Accepted and Denied - it's one I reinstalled
13:44 LtLefse I wonder how to remove the denied one
13:45 jdesilet joined #salt
13:46 VSpike Yeah, that section seems new .. I wondered the same
13:47 calve joined #salt
13:47 damaex salt-key -F is interesting in this contect with minion_id's showing up in multiple sections of the output
13:48 VSpike Well, I've posted my obscure question to SO .. let's see! http://stackoverflow.com/questions/30508279/powershell-code-to-list-installed-windows-software-misbehaves-when-called-as-sys
13:48 bougie AndreasLutro: I think too. But, there is no workourand to desactivate python temporarly ? (like with ansible, if deactivate facts (like grains), there is no need to have python with raw command)
13:52 AndreasLutro bougie: I don't think so, salt-ssh basically makes a copy of salt-call with some wrappers to run it remotely, so you still need python to execute it
13:53 jdesilet joined #salt
13:54 LtLefse damaex: I just removed the denied key manually from /etc/salt/pki/master/minions_denied/
13:55 allanparsons joined #salt
13:56 rdutch joined #salt
13:58 damaex oh okay, will do the same since the section is getting crowded :)
13:59 Brew joined #salt
14:00 viq joined #salt
14:00 viq joined #salt
14:01 impi joined #salt
14:04 rhodgin joined #salt
14:04 dendazen joined #salt
14:04 ndrei joined #salt
14:05 dendazen what is wrong with this policy?
14:05 dendazen https://gist.github.com/anonymous/3727a4c3cf3ef5fd2a4a
14:07 dendazen I get “ Rendering SLS 'base:packages.python27' failed: Unknown yaml render error; line 10”
14:07 scoates joined #salt
14:08 _JZ_ joined #salt
14:08 btorch is there a way to get a specific version from the ppa repo ?
14:08 btorch like I want to install 2014.7.2+ds and not the latest 2015.5.0+ds
14:11 jalbretsen joined #salt
14:14 matthew-parlette joined #salt
14:14 wnkz_ joined #salt
14:15 jdesilet joined #salt
14:15 wnkz_ joined #salt
14:18 giantlock joined #salt
14:20 wnkz joined #salt
14:25 al joined #salt
14:26 iggy calve: contents: + |indent jinja filter is probably your best bet
14:26 xnaveira hi, is there anyone who could help with syncing custom grains and environments??
14:27 sgargan joined #salt
14:27 iggy custom grains are synced on every highstate and also by saltutil.sync_{grains,all}
14:27 xnaveira yes iggy. my problem is that I run a sync_grains and then a highstate and everythong works fine
14:27 xnaveira but next time I run a highstate the custom grain is missing
14:28 xnaveira and I have to run the sync again
14:28 xnaveira on the other hand if i run a sync then i can run as many grains.get i want
14:28 xnaveira so it seems like highstate is somehow deleting the custom grain
14:29 iggy I guess your highstate is somehow erasing custom grains?
14:29 iggy it definitely doesn't do that by default
14:29 iggy I've been using custom rains for well over a year and never noticed an issue like that
14:29 iggy *custom grains
14:29 xnaveira iggy: exactly :) I've checked and it is not erasing it from the local cache
14:29 xnaveira do you use environments?
14:29 iggy no
14:29 iggy they suck
14:30 xnaveira yea, i'm beggining to realize that
14:30 LtLefse dendazen: on the line with /opt/rh/python27/root/usr/lib64 add two more spaces
14:31 LtLefse http://docs.saltstack.com/en/latest/topics/troubleshooting/yaml_idiosyncrasies.html
14:31 tkharju joined #salt
14:31 dendazen oh Thanks.
14:32 murrdoc http://www.meetup.com/__ms6286112/SaltStack-Chicago/events/222841363/t/ea1_grp/?rv=ea1&amp;_af=event&amp;_af_eid=222841363&amp;expires=1432996314834&amp;sig=ddbe8555ddbc7afeb12ba5591900b957ce66b53f
14:32 murrdoc wheeee
14:32 murrdoc come on out CHI
14:33 wnkz joined #salt
14:34 julez joined #salt
14:34 dendazen wait add two more spaces to where?
14:34 dendazen after -target?
14:34 dendazen oh never mind
14:36 LtLefse you could also just pull that path up to the same line as the "text:" is on
14:37 wnkz_ joined #salt
14:38 dendazen Oh, thank you very much.
14:38 aparsons joined #salt
14:42 murrdoc Ahlee:  posted about the meetup on the chicago devops thing too
14:42 murrdoc trying to get it famous
14:45 wnkz joined #salt
14:51 schuckles joined #salt
14:51 wnkz joined #salt
14:51 Ahlee Yeah, wanted to make sure it was scheduled before tonight's doohickey
14:52 murrdoc whats tonight
14:52 Ahlee docker
14:52 Ahlee http://www.meetup.com/Docker-Chicago/events/222157658/
14:52 Ahlee How to orchestrate Docker in AWS with Salt
14:52 matthew-parlette joined #salt
14:53 Ahlee I would definitely skip it since I don't care about AWS or docker, but I told too many people i'm going
14:53 ninkotech joined #salt
14:53 Gareth no no, you don't want the meetup to be famous...you want it to be *in* famous....in famous.
14:54 murrdoc basepi:  can u tweet it up http://www.meetup.com/SaltStack-Chicago/events/222841363/, Ahlee is bringing salt to chicago
14:54 murrdoc please is implied
14:54 murrdoc always
14:54 murrdoc thanks based pi
14:54 Ahlee damnit, forgot about twitter
14:55 murrdoc How to orchestrate Docker in AWS with Salt by Jon Raines and Robert Booth of SaltStack
14:55 murrdoc woah
14:55 murrdoc i want to go
14:55 bhosmer joined #salt
14:55 murrdoc its also 6 blocks from my home office
14:56 otter768 joined #salt
14:57 peters-tx joined #salt
14:59 CeBe joined #salt
15:00 robinsmidsrod joined #salt
15:00 dyasny joined #salt
15:01 ctolsen joined #salt
15:01 Tyrm joined #salt
15:03 tkharju joined #salt
15:05 kryss joined #salt
15:06 wnkz joined #salt
15:07 Tyrm joined #salt
15:08 kryss Hello guys, I have a problem with reactor system, when I run event.fire_master from minion, it hangs on "Gathering reactors for tag salt/job/20150528170211750298/ret/minion_name", the tag shouldnt be my tag for example. salt/update/filesystem?
15:10 wnkz_ joined #salt
15:10 kryss To make sure that I'm doing everything OK I've made a reactor from a gitfs update tutorial on saltstack docs, so I'm preatty sure I've not made any config mistakes
15:12 kaptk2 joined #salt
15:16 conan_the_destro joined #salt
15:19 bibin joined #salt
15:19 sgargan joined #salt
15:21 matthew-parlette joined #salt
15:22 bibin Upon adding a new minion with a particular prefix, how can we add a certain command or some script?
15:24 Tyrm joined #salt
15:26 viq bibin: sounds like a job for reactor to me
15:27 ndrei joined #salt
15:27 iggy kryss: someone else was complaining about event's not firing correctly yesterday... tried event.send?
15:28 kryss yes I tryed both, the same result
15:29 kryss I think that tag is not passed correctly, so event is never matched
15:30 david_an11 joined #salt
15:31 sgargan joined #salt
15:34 jimklo joined #salt
15:38 bibin viq: Thanks. I am studying the basics now. You are saying we can put the scripts under the reactor
15:38 iggy kryss: I'd say search/file a bug... as I said, you aren't the first one recently to complain about it
15:40 kryss iggy: Thanks, I'll make some more research and if I'll not find a solution I'll post a bug report
15:41 ALLmightySPIFF joined #salt
15:43 wnkz joined #salt
15:43 giantlock joined #salt
15:45 wnkz joined #salt
15:46 baweaver joined #salt
15:46 bhosmer joined #salt
15:46 bibin Can you please shed some light on this,.
15:47 wnkz joined #salt
15:48 big_area joined #salt
15:49 Auroch joined #salt
15:49 wendall911 joined #salt
15:51 murrdoc joined #salt
15:52 wnkz joined #salt
15:52 murrdoc joined #salt
15:52 matthew-1arlette joined #salt
15:53 c10 joined #salt
15:54 kawa2014 joined #salt
15:55 RedundancyD joined #salt
15:55 basepi murrdoc: nice, yeah, we'll definite push it on Twitter. Looks like Tyler Kirkham is involved (one of our sales guys) so I'm sure they're on top of it. I'll tweet it when it gets a bit closer. =)
15:55 wnkz joined #salt
15:55 debian112 joined #salt
15:57 cruatta joined #salt
15:59 cruatta joined #salt
15:59 cruatta_ joined #salt
16:00 iggy That's the guy that introduced me at my (disastrous) SaltConf talk
16:00 basepi hahaha
16:00 basepi I'm still not convinced it was as bad as all that. xD
16:01 iggy murrdoc was there, ask him
16:01 iggy I'll do better next year
16:01 iggy although, I did the same thing in an interview the other day (got nervous and talked 90 to nothing)
16:06 RedundancyD Just conduct your interviews and conf talks via IRC. Your great here.
16:07 wnkz_ joined #salt
16:08 froztbyte whoops, `salt-key -y -D` was a bad idea
16:08 froztbyte oh well
16:08 iggy salt-key -A now
16:08 froztbyte oh well, good run to see how long it'll take to update
16:08 VSpike I'm really confused by where in the salt code this powershell actually comes from :)
16:08 VSpike I can't find it at all
16:08 froztbyte iggy: haha, yeah
16:08 froztbyte just waiting for them all to check in
16:09 * iggy sets up a fake minion to steal froztbyte's sekrits
16:09 froztbyte haha
16:09 froztbyte pillar'd like whoa~
16:09 VSpike This is what the minion seems to be doing https://bpaste.net/show/8bc995135b9a but I can't locate that in https://github.com/saltstack/salt/blob/2015.5/salt/modules/win_pkg.py at all
16:09 VSpike In fact, that code seems to scan the registry only unless I'm missing something
16:14 bhosmer joined #salt
16:14 baweaver joined #salt
16:15 Twiglet is there any way to check if the mine is actually exporting things?
16:15 Twiglet like pillar.items or something
16:15 iggy salt mine.get '*' module.func
16:16 Twiglet ah cheers, doesn't seem to be exporting anything despite being told to in the pillars
16:16 iggy did you change the mine update interval?
16:16 VSpike Even though confusingly the comment on line 244 says it's searching the MSI database, when I don't think it is
16:17 Topic for #salt is now Welcome to #salt | 2015.5.1 is the latest | Please use https://gist.github.com for code, don't paste directly into the channel | Please be patient when asking questions as we are volunteers and may not have immediate answers | Channel logs are available at http://irclog.perlgeek.de/salt/
16:18 Twiglet iggy: not got one explicitly set
16:18 Twiglet but i've restarted everything a goof few times
16:20 iggy Twiglet: okay, a minion restart usually causes a mine refresh
16:20 Twiglet yeah, I'm baffled, same exact setup work in other states, just not this one
16:20 iggy you are sure you have the config right? can you paste the relevant bits (and the irrelevant bits if you want)
16:21 aparsons joined #salt
16:22 Twiglet http://hastebin.com/ucawugekic.django
16:22 Twiglet there's the relevant bits
16:23 Twiglet but as I say, used this in countless other places, it just doesn't seem to be exporting the mine data from the minions
16:24 VSpike Here's an example of some trace output from the state, but it doesn't really tell me where that code comes from https://bpaste.net/show/c39de2c79a41
16:25 VSpike I'm sure I'm missing something really obvious here :/
16:26 aparsons joined #salt
16:27 iggy that jinja aside, a command line mine.get call isn't working either is it?
16:27 Twiglet nope
16:28 Twiglet vagrant@saltmaster:~$ sudo salt 'haproxy-rabbit-dev' mine.get 'rabbit-*dev' network.ip_addrs
16:28 Twiglet haproxy-rabbit-dev:
16:28 igorwidl joined #salt
16:28 Twiglet ----------
16:29 iggy what about: sudo salt-call mine.get '*' network.ip_addrs
16:29 KyleG joined #salt
16:29 KyleG joined #salt
16:29 mgw joined #salt
16:29 Twiglet nope, blank
16:30 Twiglet s/blank/empty/
16:30 iggy okay, well, just fyi 'rabbit-*dev' won't match haproxy-rabbit-dev
16:30 iggy but my way isn't working either, so that's not the problem
16:30 desposo joined #salt
16:31 iggy can you try putting the mine_functions config in teh minion config file (rather than pillar)?
16:32 Twiglet no, that's fine: i'm matching 'rabbit-*-dev' from 'haproxy-rabbit-dev', that's just the output from haproxy-rabbit-dev on the master
16:34 Twiglet so the "mine_functions:' and the next few lines in the state?
16:34 iggy s/state/pillar/
16:35 iggy actually, let's try that first
16:35 iggy sudo salt-call pillar.get mine_functions
16:37 MatthewsFace joined #salt
16:37 Twiglet yup, that's fine
16:37 Twiglet local:
16:37 Twiglet ----------
16:37 Twiglet network.ip_addrs:
16:37 Twiglet - eth0
16:38 Twiglet (from the box I'm trying to get ip from)
16:38 gladiatr joined #salt
16:39 Twiglet (and yes the box has an eth0)
16:40 iggy I'm at a loss :/
16:40 Twiglet Me too, it's baffling
16:41 Twiglet I think I'll go home and drink heavily then look at it in the morning
16:42 iggy that always helps me
16:42 VSpike Here's the code I see running https://github.com/saltstack/salt/pull/13445/files
16:43 drawsmcgraw joined #salt
16:43 VSpike How can I work out which releases that's in? Could be my poor github-fu but I don't see that in 2015.5.0 which is what I'm running, yet the logs show that code executing
16:43 MatthewsFace joined #salt
16:43 drawsmcgraw oh man... been a little while
16:43 drawsmcgraw Anyone using GitFS with multiple branches/environments?
16:44 drawsmcgraw I've made a 'dev' branch but I'm already concerned that I've started down a very, very bad path.
16:45 ek6 I have in the past...but ill admit its something i turn on and off as needed
16:45 drawsmcgraw ek6: multiple envs in gitfs?
16:45 ek6 yup
16:45 drawsmcgraw I can understand why...
16:46 drawsmcgraw Basically, I have a 'prod' cluster and a 'dev' cluster. I have states to run a 'pip install' across a cluster
16:46 iggy it sucks because all your formulas have to have the same branches
16:46 drawsmcgraw The 'pip install' reads a requirements.txt
16:46 drawsmcgraw iggy: EXACTLY
16:46 drawsmcgraw My people want that 'requirements.txt' to managed separately, prod from dev
16:47 iggy we use a lot of formulas and adding a bunch of branches to them is kind of pointless
16:48 adelcast left #salt
16:48 drawsmcgraw So when I made my 'dev' branch, I now have two copies of the 'requirements.txt' (which is what I wanted) but I also have two copies of EVERY OTHER state file in my state tree (highly unwanted)
16:49 ek6 your losing me why you have two..or rather sure they are two different branches but the end consumer only sees one copy or the other
16:50 debian112 does anyone know if there is problem with salt matching hostnames with dashes: server-dev1.doman.com?
16:51 drawsmcgraw ek6: Yes, the consumer only sees one copy. I.E., I'm using the topfile to direct the 'dev' boxes to the dev environment
16:51 drawsmcgraw The nasty part, though, is that, left untouched, the 'dev' branch will fall woefully behind as more states are written.
16:51 drawsmcgraw My current flow for developing states doesn't follow the dev/test/prod flow :/
16:51 iggy debian112: no
16:52 forrest joined #salt
16:52 debian112 ok
16:52 drawsmcgraw I guess I'm using the different environments more to reflect actual 'dev' places (i.e. we maintain a long-runing 'dev' cluster)
16:53 ek6 drawsmcgraw: oh yeah i should have said..because we dont follow that dev/test/prod  but when ive had to have multiple I was merging constantly to keep the alternate up to date
16:53 drawsmcgraw Instead of a development workflow....
16:53 drawsmcgraw ek6: YES. That's what I *don't* want
16:53 bhosmer joined #salt
16:53 drawsmcgraw I made the branch just this morning and I've already had to cherry-pick something into the 'dev' branch.
16:53 drawsmcgraw This ain't gonna work.
16:54 c10 joined #salt
16:54 amcorreia joined #salt
16:55 ek6 well... you lost me then...   you either have a sep tree which just carries your 'diffs' and have that first on your search path or you carry the whole thing..
16:55 sandah joined #salt
16:56 drawsmcgraw ek6: I had started to think about separate trees... I'll figure something out.
16:56 drawsmcgraw Thanks!
16:56 hal58th_1 joined #salt
16:57 Edgan drawsmcgraw: Sounds like you want is a git submodule
16:57 hal58th_2 joined #salt
16:57 hal58th_3 joined #salt
16:57 drawsmcgraw oh?
16:57 otter768 joined #salt
16:58 iggy I hate doing it as separate repos, because then you lose all the merge goodness of git and you just end up wholesale copying files between repos
16:58 Edgan drawsmcgraw: https://git-scm.com/book/en/v2/Git-Tools-Submodules
16:58 drawsmcgraw Edgan: reading now....
17:00 supersheep joined #salt
17:00 ek6 iggy: yup...  only time ive seen that work in anything resembling clean is with a top.sls sep repo
17:01 iggy I'm not sure if gitfs works with submodules
17:01 ek6 submodules always reminded me of the regex joke about having a problem and trying to solve it with regex
17:01 iggy since it's not actually doing a checkout
17:01 drawsmcgraw Interesting... I can certainly see this being helpful for managing configs separately
17:02 drawsmcgraw i.e. an 'openstack-configs' repo that is a submodule in my 'salt-states' repo
17:02 supersheep joined #salt
17:02 drawsmcgraw That'd be rad. Then people wouldn't have to check out the entire state tree just to update a config.
17:03 aparsons joined #salt
17:04 spookah joined #salt
17:05 ajw0100 joined #salt
17:10 wnkz joined #salt
17:13 wnkz_ joined #salt
17:16 multiball joined #salt
17:16 wnkz joined #salt
17:18 ponpanderer joined #salt
17:18 wnkz joined #salt
17:21 multiball I'm having problems with the svn module on a windows minion not showing up in the module list
17:22 multiball running salt-call --local sys.list_modules on a clean win7x64 install, and it isn't showing up
17:24 drawsmcgraw multiball: I'm not familiar with that module but does it have any deps? And are those deps installed on the Windows box?
17:24 wnkz joined #salt
17:25 ek6 ok things ive never needed to do with git before.... whats the simple way to verify an open pull request someone has against main salt repo?
17:25 multiball I'm not entirely positive on the deps, is there a way to view/resovle those?
17:25 stephanbuys joined #salt
17:25 multiball are they handled through pip?
17:26 drawsmcgraw multiball: The docs are usually good about listing them... one second
17:27 Antiarc joined #salt
17:28 forrest ek6: You mean just looking at all the open ones against the salt repo itself?
17:28 hasues joined #salt
17:28 hasues left #salt
17:28 drawsmcgraw multiball: Well the docs don't mention it, but the module *does* check for the 'svn' python module before it'll load: https://github.com/saltstack/salt/blob/develop/salt/modules/svn.py#L19
17:29 drawsmcgraw As for installing that into the Windows system (if needed), I'm hoping you or someone else here knows more about that
17:29 iggy android M has something that should make some of you privacy loons happy... optional perms
17:29 ek6 forrest:  no like there is https://github.com/saltstack/salt/pull/24190 and i want the easiest way to pull in the code specific to that PR to verify the fix
17:29 iggy (I mention it here because someone was harassing Ryan about Lyft's long permission list)
17:29 drawsmcgraw I know Anaconda has its own Pip for installing packages into it's environment. Does the Python environment created by Salt have the same or something similar?
17:29 forrest iggy: That was me
17:29 forrest iggy: I already have my phone rooted, I can limit whatever I want.
17:30 multiball yeah, weird thing is that i've got it working on my main machine, but can't get it running on my dev VM
17:30 forrest ek6: Just pull msteed:issue-23815 from that person's fork
17:30 drawsmcgraw odd. My hackish goto for this situation is to just open a Python REPL and try loading the module in question
17:30 forrest ek6: So set their fork as the upstream, fetch it, then merge with your branch (if it is clean) via git merge upstream/master
17:31 jngd joined #salt
17:33 multiball okay, I'll dig some more into it, thanks for the initial pointer
17:33 drawsmcgraw sure thing. Sorry I don't have more :/
17:35 wnkz_ joined #salt
17:36 mschiff joined #salt
17:37 ek6 forrest: well missed the target but hit the tree so got the code even if not pretty
17:37 ek6 so thanks
17:38 forrest ek6: np
17:38 forrest ek6: You could also specifically pull down the hash too I guess. I can't remember the command off hand though to do a remote merge of a specific commit
17:39 ek6 yeah i couldnt find something to make that work either
17:39 multiball one additional question, salt runs in a virtualenv at salt/bin correct?
17:39 evle3 joined #salt
17:40 sgargan joined #salt
17:40 iggy https://github.com/saltstack/salt/pull/24190.diff (add .patch or .diff on the end iirc)
17:41 iggy ek6: ^
17:41 drawsmcgraw I don't know that one for certain but I had imagined so...
17:42 mschiff joined #salt
17:42 ek6 iggy: thats certainly what ill use in the future thanks
17:42 bhosmer_ joined #salt
17:46 linjan joined #salt
17:47 tiadobatima1 joined #salt
17:50 iggy I was just about to harass the base of pi about the 2015.5.1 release notes saying "release: TBA" when I went to look at where to change it and noticed he beat me to it
17:50 wnkz joined #salt
17:52 rm_jorge joined #salt
17:53 wnkz joined #salt
17:54 rwaterbury joined #salt
17:55 Edgan I like the new release notes format.
17:56 murrdoc link ?
17:56 iggy I like it except it seems like they skimped on the "short" version
17:56 rdutch left #salt
17:56 iggy there's more than just a single bugfix in there worth mentioning
17:56 mapu joined #salt
17:58 wnkz joined #salt
18:04 giantlock joined #salt
18:04 DammitJim when I am doing an sls that requires another package
18:05 DammitJim do I call the package what the OS calls the package or what I called the sls package?
18:05 rwaterbury Hi, everyone.  I am still chugging away at this salt api issue - I talked with whiteinge last week and he directed me at the rest_cherrypy api.  So we added that to the master config and it worked, but then it didn’t.  One thing that is strange in our set-up is that we have left the rest_tornado set-up in the config.  Rest_Cherrypy is listening on port 8001 and Rest_Tornado is listening on port 8000.  So it worked at first and now I am seeing these
18:05 rwaterbury errors:
18:05 rwaterbury ChannelFailures: IOError("Port 8001 not free on '0.0.0.0'",)
18:05 rwaterbury and Rest_tornado unable to bind to port 8000
18:06 rwaterbury Any ideas?
18:06 Ahlee So you have something bound on port 8000
18:06 Ahlee kill it
18:08 rwaterbury Ok, but does anyone have an idea of why this is happening?
18:08 Ahlee Likely you had an instance of the rest_cherrypy daemon (salt-api) bind to the port. It's probably still running, just busted.
18:10 rwaterbury hmmm
18:11 ajw0100 joined #salt
18:11 iggy DammitJim: if you mean in the - require: list, it's "- pkg: someid" (where someid is the unindented part)
18:12 denys joined #salt
18:12 DammitJim iggy, my problem is that I am trying to install tomcat7 with an sls and I added the require for another package
18:12 DammitJim https://gist.github.com/anonymous/a8faa0e39812084267f4
18:13 iggy okay, that's fine, you have to include the sls you installed the other package with and then what I said earlier
18:13 DammitJim it's barfing saying The following requisites were not found: require: pkg: java
18:13 DammitJim oh, I'm missing the - aren't I?
18:14 iggy commented on gist
18:14 DammitJim how do I view the comment?
18:14 iggy F5
18:14 iggy it should just be below your gist
18:15 DammitJim oh, include
18:15 DammitJim like import in python
18:15 DammitJim thanks
18:15 swa_work joined #salt
18:15 iggy yeah, when I first started working with Salt, I thought that was weird too
18:16 iggy I mean you already have that state assigned
18:16 iggy I probably still have some comments in an sls file that say something like "I can't believe this is required, but it's the only way I can get it to work"
18:17 tiadobatima joined #salt
18:18 apergos I'm saving some issues where a batch size of 50 fails with a lot of minions not returning, a batch size of 20 is ok... this is 2014.7.5, wondering how much changing the key size from 4096 to 2048 would help that, if at all
18:18 apergos *having some issues
18:18 DammitJim iggy, to keep this straight... java.pkg in this case is java.sls?
18:18 DammitJim or the name of the package inside java.sls?
18:18 apergos this is simple salt -b X  cmd.run ....
18:19 apergos a little over 1k minions.
18:19 rwaterbury So there isn’t a pid attached to the port.  When I run: `netstat -tulpn | grep 8001`
18:20 rwaterbury I get: (No info could be read for "-p": geteuid()=2226 but you should be root.)
18:20 rwaterbury and: tcp        0      0 0.0.0.0:8001                0.0.0.0:*                   LISTEN      -
18:21 rwaterbury Anyway, I’m not really familiar with this sort of thing… though I’m become more educated.  I really have no idea where to go from here.
18:23 LtLefse rwaterbury: like the error says - you need to run netstat as root to see the PID
18:23 rwaterbury Ah, thanks!
18:24 notnotpeter joined #salt
18:24 baweaver rwaterbury: sudo !! executes the last command as root
18:24 vstoniest joined #salt
18:24 rwaterbury yeah, got that Brandon ;)
18:25 rwaterbury I just don’t think the error message was communicating that clearly.
18:25 c10 joined #salt
18:25 DammitJim man, how am I going to keep track of the names?
18:26 adelcast joined #salt
18:27 iggy DammitJim: whatever the state that installs java is called
18:27 DammitJim iggy, do you normally call your state the same as your state file?
18:28 iggy no, I typically have annoying long state_id's
18:28 forrest verbosity ftw
18:29 iggy I'm not really a fan, but it's become habit from working on formulas
18:29 jalbretsen joined #salt
18:37 MatthewsFace joined #salt
18:40 drawsmcgraw Targeting.... This works on the command line --> '* and not *edh-dev*'
18:40 drawsmcgraw That is, it *doesn't* target minions with 'edh-dev' in their ID
18:40 drawsmcgraw But, that exact same line in the topfile.... targets everyone. Including those with 'edh-dev' in their ID
18:40 drawsmcgraw And I've specified 'matching: compound" in my topfile
18:40 drawsmcgraw what the cabbage?
18:43 iggy can you paste the top file?
18:43 rwaterbury So, I took a short break…. but here is the status.
18:43 rwaterbury I killed the process and stopped the salt-api.
18:43 rwaterbury Then I restarted the salt api, and I’m getting the same errors.
18:44 izibi joined #salt
18:44 linjan joined #salt
18:44 drawsmcgraw iggy: http://dpaste.com/15GHZN7
18:45 drawsmcgraw When I run a highstate on a 'dev-edh' box, it wants to disable SELinux
18:45 iggy your comment says "no one"... salt is just being helpful
18:46 iggy Looks right (assuming that is in fact your entire top file)
18:46 drawsmcgraw odd....
18:47 HappySlappy joined #salt
18:48 murrdoc iggy: forrest   https://github.com/saltstack-formulas/dovecot-formula/commit/8d396aa59c5a2127c24e011d5fed1a507c795252
18:48 murrdoc looks like a direct commit
18:48 c10 joined #salt
18:48 pcn joined #salt
18:49 supershe_ joined #salt
18:49 tiadobatima joined #salt
18:50 forrest murrdoc: Feel free to mention that in his PR, a bit tough to give him shit since we didn't catch it two months ago when it happened.
18:50 forrest or a month ago
18:51 forrest He has several other commits he merged himself as well
18:51 murrdoc imma not give shit to people right now
18:51 forrest so might just be unaware.
18:51 forrest murrdoc: ?
18:51 forrest just mention it in the PR
18:51 murrdoc tiadobatima:  already made me look bad
18:51 murrdoc when i merged his shit :D
18:51 forrest and ask him not to merge his own commits.
18:51 Tyrm_ joined #salt
18:51 forrest it happens, if people don't like it they can submit a PR to fix it
18:52 forrest or better yet, they can fork and roll back to whatever they want
18:52 forrest it's not like we are holding a gun to anyones head to use the formula 'as is'
18:52 forrest murrdoc: Are you going to comment or should I?
18:52 murrdoc i did
18:52 murrdoc emailed and all that
18:52 murrdoc requested mschiff to send in a pr with the fix
18:53 forrest what
18:53 forrest fix for what? The readme update?
18:53 forrest oh you mean that other change
18:53 forrest from a while back, lol
18:53 Tyrm joined #salt
18:53 forrest was confused.
18:54 murrdoc sorry
18:54 forrest no worries
18:54 murrdoc i only looked cos the guy , mschiff , complained
18:54 murrdoc and requested him to commit a fix
18:54 iggy someone else merged their own PR the other day, I didn't say anything
18:54 forrest basepi: Do you guys still have any contacts at github? I know they said we could ask for features and get speedier responses because of the project popularity.
18:54 murrdoc i wasnt going to talk to whoever it was that is directly committing to prod
18:54 forrest iggy: Why? You should always say something
18:54 soren_ joined #salt
18:54 forrest iggy: Unless they are a repeat offender, in which case have Seth remove them from the org.
18:56 forrest basepi: If so, can we PLEASE beg them to fix github permissions? It's so stupid someone who is a contributor can just merge against master, or do a push straight to master.
18:58 otter768 joined #salt
18:58 iggy https://github.com/saltstack-formulas/salt-api-reactor-formula/pull/1
18:58 ajw0100 joined #salt
18:59 murrdoc self merges are bad
18:59 murrdoc and you should feel bad
19:01 murrdoc aw shit
19:01 murrdoc HERE WE GO
19:01 iggy too much?
19:01 murrdoc too tame
19:02 murrdoc i really was going to put
19:02 murrdoc "self merges are bad
19:02 murrdoc and you should feel bad"
19:02 murrdoc except as a meme
19:02 iggy well, I don't recognize the name, so I'm giving them the benefit of the doubt that they just didn't know
19:03 cpowell greetings, I have a reactor/runner question
19:03 cpowell when you fire off multiple events to the salt reactor, does it process them asyncronously?
19:03 iggy it ignores some of them
19:04 cpowell oh, that was not what I expected
19:04 iggy based on a randomized hash function in salt/utils/hash/randomdrop.py
19:05 cpowell so if I have 10 minions that all fire off the same event at roughly the same time, it might droip some?
19:05 iggy I'm just kidding
19:05 iggy it shouldn't drop anything
19:05 cpowell that was not cool :(
19:06 cpowell I nearly shit myself
19:06 murrdoc HAHAH
19:06 iggy but some other people recently have complained about the same thing
19:06 iggy so I'd search/create an issue
19:06 murrdoc sorry cpowell iggy was handling being a dick on github
19:06 murrdoc it was a residual troll
19:06 cpowell haha
19:07 cpowell ok, so lets assume its not dropping events...
19:07 cpowell if I have a reactor set up to call a runner
19:07 cpowell and 10 events all get submitted, will salt for processes and run them all?
19:07 cpowell fork*
19:08 iggy that I'm not sure of
19:08 cpowell are they queued?
19:08 iggy I think it does
19:08 iggy it should do one or the other for sure
19:08 forrest Just yesterday someone was complaining that it wasn't queueing them at all
19:08 cpowell and run syncronously
19:08 forrest and some just vanished
19:08 cpowell hmmm
19:08 mpanetta well, sqlite isn't exactly meant to be used as a queue backend :P
19:09 ek6 ive certainly seen some issues where some are lost.....
19:09 cpowell thats not encouraging
19:10 ek6 specifically when say reactor would trigger state A against minion foo,  second event would trigger state b also against minion foo...if state a is still running state b doesnt
19:11 mpanetta That is what the queue is for...
19:11 ek6 uh yeah i understand it supposed to queue...was only explaining the behavior i have seen
19:12 KennethWilke joined #salt
19:12 mpanetta Reactors triggering states don't queue tho, I believe.  It would be the same as trying to run 2 states simultaneously from the command line. If the reactor did it all
19:13 hybridpollo joined #salt
19:13 Eureka_ joined #salt
19:14 iggy 2 different states should be allowed to run at the same time on the same minion (probably not a highstate though)
19:14 murrdoc got a good orchestrate doc
19:14 murrdoc need to read up on 'best practices'
19:14 cpowell I have not seen that, I always got back a 'job in progress' message
19:14 ek6 well not by default iggy..
19:15 cpowell it can only run one state.* on a minion at atime
19:15 juanito joined #salt
19:15 agentnoel joined #salt
19:16 bastiandg joined #salt
19:16 cpowell ok, I guess I'll have to do some testing with reactor and runners to see that really happens
19:17 cpowell how it handles race conditions with multiple minions all firing the same reactor event
19:17 cruatta joined #salt
19:18 ek6 cpowell: that I havent had issues with...but to be fair when i was doing it my minion count didnt get above say a dozen
19:18 cpowell ok, thats good to hear
19:21 ek6 as far as multiple states at once I havent really thought what would be the great disaster of allowing   state.sls foo and then state.sls bar   versus the allowed and working state.sls foo,bar
19:22 alexanderilyin joined #salt
19:22 iggy that's what I Was trying to say
19:26 ek6 oh..that comment must have hit my salt/util/iggy/randomdrop.py code
19:28 jerematic joined #salt
19:29 cruatta_ joined #salt
19:29 unni joined #salt
19:29 notnotpeter joined #salt
19:30 ajw0100 joined #salt
19:30 unni Hi there,
19:31 unni Please help me to acheive this. I want to execute a particular command to all new nodes with a particular prefix. For eg, I need to execute a command to all minions with name like pre_<name> .
19:31 unni I know it is something to do with reactor.
19:31 unni But cant find much documentation to write the script.
19:32 dharper_ii left #salt
19:32 iggy well, what do you have so far (gist.github.com please)
19:32 unni If possible, please post an excerpt of the code to achieve this.
19:33 unni I followed this http://docs.saltstack.com/en/latest/topics/reactor/#a-complete-example and now all new minions with a prefix are accepting automatically without confirmation. Now I want to execute a command to that minions
19:33 unni upon additing it to salt.
19:35 rm_jorge me fui
19:36 cansis joined #salt
19:36 bhosmer_ joined #salt
19:36 iggy unni: can you paste what you have so far to gist.github.com (it supports multiple files per paste too)
19:37 rojem joined #salt
19:37 iggy it'll be easier to add what you want on to what you have than explain it all again
19:38 unni https://gist.github.com/anonymous/7b946a5b98e560436f7e
19:39 baweaver joined #salt
19:39 basepi forrest: you can disable force pushes, at least. But anyone who can merge pull requests can merge/push to master. Because you can merge pull requests on the CLI.
19:39 unni iggy, I dont have much configurations in my salt-master. I am trying to achieve something.
19:44 igorwidl anyboyd using 2015.5.0 in production?
19:44 igorwidl just curious if there are any major issues
19:44 iggy well, add another file and use .startswith('pre_') and have the reactor call it the same way that one gets called
19:45 iggy or use reactor's built-in globbing
19:45 iggy igorwidl: depends, it only took me a week or two to get 2015.5 working
19:45 elfixit joined #salt
19:46 igorwidl iggy: not sure if that is good or bad. was hoping it would work rightaway
19:46 igorwidl what were some issues?
19:46 iggy but luckily I filed bugs for all the stuff that was broken so half of that ended up being unnecessary
19:46 iggy you're welcome
19:46 iggy you'll really just have to give it a go
19:47 iggy there were thousands of changes all over the map
19:47 iggy read the release notes, and get to hacking
19:47 theologian joined #salt
19:47 unni iggy: I am confused about the syntax of this code. Can you help me out
19:47 unni ?
19:47 RedundancyD They only problem I had with 2015.5.0 was making sure everything was on it. I had some 2014.7.x minions get stuck
19:47 unni I just need to execute a command if the minion name starts with pre.
19:47 unni What will be the code then?
19:48 igorwidl there are some fixes I am looking forward to in 2015.5 so I think i ll give it a try
19:49 iggy do the master first, get everything running correctly there, then spread out from there in batches
19:50 cheus joined #salt
19:50 tiadobatima joined #salt
19:54 sdm24 joined #salt
19:57 mapu left #salt
19:58 rwaterbury left #salt
20:03 sgargan left #salt
20:04 KennethWilke joined #salt
20:05 rojem joined #salt
20:05 oeuftete joined #salt
20:08 hal58th_3 I wrote a bug igorwidl that the minion's pillar cache doesn't get updated with a highstate with 2015.5.0. But three lines temporarily fixes that
20:08 igorwidl hal58th_3: yeah saw that one.
20:09 igorwidl i guess solution was to create state that does pillar refresh, and put it somewhere at the top where it runs first
20:09 Ahlee hal58th_3: oh? lovely, more stale pillar data
20:10 Ahlee what's the work around, i haven't run into the stale pillar cache on the test instance
20:10 hal58th_3 Ahlee https://github.com/saltstack/salt/issues/24050 yeap
20:11 Ahlee ah, so in your top.sls you have the refresh_pillar module running with order:1, clever.
20:11 bhosmer_ joined #salt
20:12 hal58th_3 Not in top.sls file. Can't run that there. I just put it in some file. Was clever though :)
20:12 Ahlee sorry, meant a state included in top
20:12 hal58th_3 yeap
20:12 Ahlee my mind, she ain't what she used to be
20:13 cedwards is pillar refreshed by anything other than saltutil.refresh_pillar?
20:13 bhosmer__ joined #salt
20:14 andrej I want to find out why my runner (which runs fine from command-line) returns a virtual: False when executed under salt-run. How do I set a breakpoint in my runner so I can step through it with pdb?
20:15 hal58th_3 cedwards pillar.item call with give you fresh data, but doesn't refresh minion pillar cache. highstate should be refreshing it, but I think refresh_pillar is the only way right now
20:16 cedwards thanks
20:16 Ahlee oh the number of times we've been bitten by pillar.item not updating the pillar.cache, so thinking we were fine but ended up writing out stale data
20:16 forrest basepi: Yeah good point, I don't really want to limit being able to merge PRs, wish there were more fine grain options.
20:17 basepi Yeah, I totally understand the feeling
20:17 Ahlee andrej: excellent question. I debug _runners through lots and lots of debug log options
20:17 iggy andrej: cachedout did a talk at saltconf that talked about salt+pdb a little... might be worth checking out
20:18 iggy erm... Mike Place?
20:18 iggy sounds right
20:19 andrej Thanks iggy ... I'll see what google shows me
20:20 murrdoc pdb ?
20:20 andrej Ahlee ... none of the debug output shows when I run it under salt-run
20:20 andrej murrdoc ?
20:20 murrdoc what is pdb
20:20 andrej Python debugger
20:21 andrej I don't want to single-step through salt-run till I get to my moduile :)
20:21 murrdoc Python Works (tm)
20:21 Ahlee andrej: well, if your __virtual__ is coming back False, are your imports breaking it?
20:21 Ahlee as i'm assuming your _runner is pretty much import foo,barbaz, def __virtual__
20:21 andrej Ahlee: I don't have one defined, which is the first oddity ;}
20:22 Ahlee oh loader.py is full of oddity.
20:22 andrej Actually
20:22 andrej I do
20:22 andrej I changed that yesterday
20:22 andrej all it does is to return True
20:22 Ahlee your __virtuall__ returns a boolean?  I think that's supposed to be a string to identify the runner
20:23 murrdoc loader.py is too smart
20:23 murrdoc as far as code goes
20:23 Ahlee murrdoc: lol
20:23 murrdoc which is normally a bad thing
20:23 Ahlee ah
20:23 Ahlee it's a beast, that's for sure.
20:23 murrdoc yup __virtual__ returns module name
20:23 theologian joined #salt
20:24 murrdoc no i honestly believe if a code is tooo smart
20:24 murrdoc its probably bad
20:24 murrdoc its the calvin school of thought (calvin and hobbes)
20:25 jeremyr joined #salt
20:30 DammitJim do you guys follow a convention when setting up your salt file tree?
20:31 DammitJim like I know I'll have to update a file called tomcat7 that is in /etc/default on the minion
20:31 DammitJim where should I put it on the master?
20:32 forrest DammitJim: Take a look at http://docs.saltstack.com/en/latest/topics/best_practices.html
20:33 DammitJim thanks forrest
20:33 forrest np
20:33 tiadobatima joined #salt
20:35 apergos grr
20:35 apergos at least I sshould report a documentation bug
20:35 apergos http://docs.saltstack.com/en/latest/topics/tutorials/intro_scale.html
20:35 Eureka_ joined #salt
20:36 apergos the section: The master is CPU bound  gives a misleading/wrong example
20:36 andrej Oh ...
20:36 andrej that might explain it then
20:36 apergos if salt '*' test.ping is failing, batching it won't help
20:36 hybridpollo joined #salt
20:36 apergos if you look at batch.py, it calls __gather_minions which calls test.ping on * in order to get the minion list
20:36 apergos so that's a fail.
20:37 ahammond anyone with thoughts on https://github.com/saltstack/salt/issues/24198
20:37 apergos that's true in dev branch, in 2014.7.5, and probably a bunch of earlier ones too
20:37 ahammond I'm hoping it's just because I'm doing something stupid.
20:38 andrej Hmmm ... so if I comment virtual out I still get a
20:38 andrej 'oobling' __virtual__ returned False
20:38 DammitJim who "owns" all the files in /srv/salt?
20:39 rap424 joined #salt
20:40 Ahlee Typically the user the saltmaster runs as
20:40 Tyrm joined #salt
20:40 Ahlee or a nonprivileged user you use for updating the files, in my case a nonprivileged account with the git keys
20:41 Ahlee apergos: the issue is test.ping is so light, vs state.highstate
20:41 DammitJim weird... salt-master runs as root
20:42 Ahlee DammitJim: by default. It does not need to, and is a user: foo away
20:42 Ahlee apergos: Do you actually see test.ping failing? or just noting that it has to do something that could be stressful to determine if it's stressful?
20:42 Ahlee not that there shouldn't be a better way to tell what hosts you're targettting
20:42 apergos ah, sorry. t be precise, what I see is that we don't get the returns back in time
20:42 apergos the returns come in but are not processe by the master iin a timeley fashion, I should say
20:43 apergos so
20:43 apergos I want to batch because cpu bound
20:43 apergos in order to get aorund that
20:43 apergos but batch ... doesn't :-D
20:43 apergos well not for the first command which is the very test.ping I was trying to batch in the first place :-D
20:43 Ahlee How many minions to worker threads?
20:43 apergos 1k, 30
20:44 Ahlee I run 800 to 50 (8 vCPU) and also see that occasionally
20:44 apergos e do have puppet running on the box and it eats several of the cores
20:44 apergos we see it pretty consistently now
20:44 apergos running 2014.7.5
20:44 apergos but the point is that those docs are jus tusing a bad example
20:44 apergos they should use an exmaple with cmd.run  or something  :-D
20:45 apergos how much memory do you have, what version, and do you use any of the recon/reauth settings?
20:45 DammitJim if I move my sls file to a subdirectory, how do I call it when running salt '*' state.sls tomcat7
20:46 DammitJim tomcat7.sls was moved from /srv/salt to /srv/salt/tomcat7/tomcat7.sls
20:46 Ahlee apergos: We moved to for hosts in $(salt-key -l accepted | grep -v "Accepted Keys:"); do <manually batch here>; done
20:46 apergos eewwwww
20:46 Ahlee DammitJim: state.sls parent.child.tomcat
20:46 apergos well that's sad
20:46 Ahlee apergos: I'm not really into the whole 'solve it correctly' ;)
20:47 apergos also means taargetting by grain if the grain is on several hundred hosts, is kind of out the window
20:47 DammitJim so, salt '*' state.sls tomcat7.tomcat7 ?
20:47 elfixit joined #salt
20:47 Ahlee DammitJim: if your file is named tomcat7.sls, yes.
20:47 Ahlee if you rename tomcat7.sls init.sls, you can call state.sls tomcat7 which will implicitely load init.sls
20:48 DammitJim oh wow!
20:48 apergos ah what version of salt did you say you're using?
20:48 DammitJim this thing actually showed me a diff when updating a file!
20:48 Ahlee apergos: We're actually testing a basic cache we query instead of trusting salt, and then targeting directly
20:48 hal58th_3 haha, it's amazing how Salt blows away the competition.
20:48 Ahlee apergos: 0.17.5
20:48 apergos oh my
20:48 apergos that's early!
20:49 apergos well thanks for the info, it's a useful data point
20:49 Ahlee apergos: are you sure it's cpu bound not disk io bound? on return, it writes out the returns to the master's cache
20:49 apergos I'm going to wander off to try to get some sleep now but if anyone else is around with 1k+ minions I'd like to hear what is working or not
20:50 apergos Ahlee: pretty sure, not 100% but pretty sure
20:50 spiette joined #salt
20:50 Ahlee you might be able to buy yourself some overhead putting that on some tmpfs
20:50 Ahlee word
20:50 apergos we already have cpu on that box overloaded from puppet much of the time
20:50 apergos so that's a good clue
20:51 Ahlee indeed
20:56 c4urself hey all, i'm trying to use the gpg renderer and getting "Specified template format gpg is not supported"
20:57 c4urself i'm running 2015.5.0
20:57 murrdoc joined #salt
20:59 otter768 joined #salt
21:00 Tyrm joined #salt
21:00 Ahlee Do you have all the requisite packages for gpg installed?
21:01 DammitJim my tomcat7.sls is becoming quiet large as I am adding conf files... should this be part of a different sls file?
21:01 Ahlee whatever you're most comfortable DammitJim. I do an init.sls that then include: - install, conf, etc
21:01 cedwards c4urself: python-gnupg on RHEL/CentOS and set your 'renderers' config to include 'jinja | yaml | gpg'
21:02 DammitJim the init.sls calls all those?
21:02 Ahlee It includes them.
21:02 DammitJim so, your init.sls is pretty long, huh?
21:02 Ahlee *shrug* depends on how much I'm doing.
21:02 DammitJim lol
21:03 DammitJim I mean... a couple dozen lines?
21:03 Ahlee i have a couple hundred top level states.
21:03 c4urself cedwards: "The renderer jinja | yaml | gpg is unavailable, this error is often because the needed software is unavailable"
21:03 c4urself i guess i'm running outdated server version?
21:03 Ahlee but, top.sls includes, say, foo.  foo/init.sls will include everything spread across two or three files
21:04 c4urself ^server^master
21:04 Ahlee so init.sls is five lines long, one for comment on what it does, include, the then the other state files
21:05 DammitJim dammit! I keep forgetting my :
21:05 Ahlee DammitJim: here's my wireshark/init.sls: https://gist.github.com/jalons/c9d52042eb96ef435d0b
21:06 Tyrm joined #salt
21:06 DammitJim woot?
21:06 DammitJim LOL
21:06 DammitJim so, where is .install?
21:06 DammitJim why do you have a dot?
21:06 Ahlee install handles installing wireshark (pkg.installed wireshark), that pkg.installed requires our internal repo be configured, so it require's it
21:06 Ahlee DammitJim: wireshark/install.sls
21:07 DammitJim and you are calling state.sls wireshark.install ?
21:07 Ahlee No, I call state.sls wireshark
21:07 DammitJim I mean state.sls init
21:07 Ahlee state.sls looks for init.sls, and runs it.
21:07 cberndt joined #salt
21:07 DammitJim oh, wireshark calls init.sls?
21:07 DammitJim oh ok
21:07 DammitJim sorry to be so confusing
21:07 Ahlee http://docs.saltstack.com/en/latest/topics/tutorials/starting_states.html#moving-beyond-a-single-sls
21:08 jhauser joined #salt
21:09 Ahlee The . means local to the directory
21:10 cedwards c4urself: yeah. sounds to me like you've not got the correct gnupg module installed
21:10 cedwards c4urself: what distro/OS are you on?
21:11 tomh- joined #salt
21:11 Ahlee Anybody know if 2014.x or 2015.x on windows are less suscptible to wmi crapping out bringing the minion down?
21:12 c4urself cedwards: on Ubuntu Trusty
21:13 cedwards c4urself: not sure the package name for Ubuntu.. but it's python-gnupg on RHEL & pypi. version.. 0.3.7 off the top of my head.
21:13 cedwards c4urself: also be sure to restart your minion/master after installing that python module
21:16 bhosmer_ joined #salt
21:18 giantlock joined #salt
21:20 c4urself cedwards: \o/ got it working, ended up being i was not using gpg via a pillar (wrongly put it in the state itself)
21:20 cedwards c4urself: good to hear. we adopted gpg encrypted pillar here when it came out. it can be a bit tricky to first get going.
21:22 Tyrm joined #salt
21:30 ek6 cedwards: you happen to write up how you used it and what pitfalls you hit?  or any docs besides the official ones you liked?
21:31 c10 joined #salt
21:33 schuckles does anyone have any experience using boto + cloudformation?
21:34 mihait joined #salt
21:37 Brew joined #salt
21:38 bhosmer__ joined #salt
21:39 cberndt joined #salt
21:46 c10 joined #salt
21:47 patoshea joined #salt
21:49 dimeshake joined #salt
21:53 andrej woohoo
21:53 andrej pdb to the resuce
21:53 Sage|4U joined #salt
21:53 rdavis Hey folks.  Anyone here familiar with the AD authentication for the salt masters?
21:53 andrej https://www.youtube.com/watch?v=P0pIW5tJrRM ... excellent intro to pdb :}
21:53 rdavis I have some questions.
21:53 andrej helped me immensely
21:56 schuckles joined #salt
21:56 monkey66 joined #salt
21:56 monkey66 left #salt
21:57 andrej rdavis
21:57 andrej just ask :)
21:57 andrej IRC netiquette doesn't require you to wait to be invited to talk
21:57 andrej ;}
21:57 rdavis I'm having issues setting up group based authentication.  I can get it to work properly for user based, but when I try to add groups, it doesn't even seem to do the initial query.
21:57 rdavis I think this might be because it does a _bind() call with the user I'm authing as, rather than as my bind user, and I'm curious if this is intentional or a bug.
21:58 andrej Are you using ldap auth for salt?
21:58 andrej Just trying to understand where the question sits
21:58 rdavis Yeah.
21:58 rdavis It already works with users, that part is fine.
21:58 rdavis When trying to add group authentication, it seems to cause problems.
21:58 sunkist joined #salt
22:00 patoshea_ joined #salt
22:00 rdavis I have to step away for a few minutes, so I'll come back later.  Sorry to join and jet, gotta meeting. :)  Thanks.
22:00 andrej Can you gist / pastebin your config?
22:02 iggy rdavis: if you aren't already using it, upgrade to 2015.5... they made some ldap improvements/changes
22:05 andrej Now that my runner is working ... can I use what it creates in a state? :)
22:06 patoshea joined #salt
22:06 andrej module didn't seem to be the way to go, since the process is meant to be run on the master, not on arbitrary minions ...
22:07 andrej Wonder whether there's ever gonna be salt-training in NZ; I doubt my employer will pay for me to have training overseas :/
22:07 c10 joined #salt
22:09 c10_ joined #salt
22:09 murrdoc find a new job
22:09 murrdoc come work with me in uk
22:09 c10 joined #salt
22:12 dimeshake joined #salt
22:12 andrej Heh
22:13 andrej Thanks murddoc ... I quite like NZ ;}
22:13 andrej Oooh ... he's gone
22:14 andrej How do I get the data from a runner into a state? :)
22:15 aurynn NZ is nice.
22:15 aurynn andrej, oh hey you're in NZ?
22:16 aurynn andrej, I don't think you can, directly - I think you have to use orchestration or an external script
22:16 aurynn unless I've misunderstood
22:17 andrej aurynn : yup, I am
22:17 aurynn andrej, cool; I'm in Wellington :)
22:17 andrej Same ;}
22:17 aurynn neat :)
22:17 aurynn the world is small
22:18 andrej aye, it's a village, really ;}
22:18 andrej So ... how can I go about it? :)
22:19 andrej I have a custom python script that interrogates a nameserver for a few iterations of hostnames (which I get out of a list of minions)
22:19 aurynn well, could you explain what you're trying to do a bit more?
22:19 andrej I need to use the etra interfaces to automate the setup or NRPE icinga queries
22:19 jerematic joined #salt
22:20 andrej all icinga config at this stage comes out of a jinja template, and gets reenerated whenever a new minion enters the scene
22:20 andrej s/ree/rege/
22:20 andrej up until now this was easy
22:21 andrej now there's a new requirement to interrogate a few extra interfaces on some machines, which the master and the monitoring host can't reach directly
22:21 aurynn right
22:21 andrej I wrote a python script that successfully harvests those
22:21 aurynn Does this stuff show up in the grains?
22:22 andrej now I need to inject the dicts somehow into the states so I can hack the hosts.cfg again
22:22 andrej No, not at this stage
22:22 andrej I guess I could make that happen, though
22:22 andrej Just extend the runner to write grains and/or update the mine
22:22 tiadobatima joined #salt
22:22 andrej and then just run the runner in the same state earlier on
22:23 andrej cheers :)
22:23 andrej Thanks for playing bugbear ;} (the teddybear I need to explain my problem to)
22:23 supersheep joined #salt
22:23 aurynn okay yeah, I'd try to do two runs, one that collects the data, and the second that rolls out the incinga stuff
22:23 aurynn and orchestrate that
22:24 andrej Eventually I'd like this triggered from an event
22:24 andrej via reactor
22:24 markm joined #salt
22:24 andrej new minion => runner => icinga config
22:25 * andrej is inherently lazy
22:25 aurynn Agreed.
22:25 aurynn :)
22:25 andrej Hey!
22:25 andrej you don't even know me! :D
22:25 aurynn I mean on the reactor stuff
22:25 aurynn :)
22:26 andrej i know ;}
22:26 andrej so where do you work, then? :)
22:26 aurynn Actually, I started my own company doing DevOps stuff last month
22:26 andrej Nice!
22:27 aurynn yeah, I'm quite thrilled :)
22:27 andrej How's that working out for you, good client base already? :)
22:27 aurynn Definitely getting there
22:27 andrej sweet
22:29 aurynn starting companies is all kinds of fun/hard/what/augh
22:29 aurynn :D
22:29 iggy interesting problem... I have a service that writes out it's config file when it stops... which overwrites anything file.managed did to it
22:30 KyleG Make the file immutable ?
22:31 KyleG Or do what I do, and PXE boot your services and NFS mount config dirs in RO so that your server is read only
22:33 iggy reload: True did the trick
22:33 iggy ^5 salt
22:33 bfoxwell joined #salt
22:35 mbrgm joined #salt
22:38 relicanth joined #salt
22:39 baweaver joined #salt
22:40 cruatta joined #salt
22:41 cberndt joined #salt
22:42 tmclaugh[work]_ joined #salt
22:49 Gareth aurynn: congrats!
22:49 aurynn Gareth, thank you!
22:49 aurynn it is a serious ride.
22:53 ninkotech joined #salt
22:55 cruatta joined #salt
22:57 Gareth Indeed.
22:58 aw110f joined #salt
23:00 otter768 joined #salt
23:02 cruatta_ joined #salt
23:02 tmclaugh[work]_ joined #salt
23:03 Aidin joined #salt
23:13 Singularo joined #salt
23:14 Aidin joined #salt
23:18 premera joined #salt
23:20 ageorgop joined #salt
23:23 paha joined #salt
23:28 perfectsine joined #salt
23:29 perfectsine Question about copying files into C:\Windows\System32\GroupPolicy - salt is reporting the files have been copied but they do not arrive
23:32 cruatta joined #salt
23:33 cruatta__ joined #salt
23:33 keimlink joined #salt
23:33 cruatta joined #salt
23:36 dharper_ii joined #salt
23:37 forrest perfectsine: I'd start by running a salt command using -l debug state.sls <state_name>
23:38 forrest see if you glean anything from that
23:41 murrdoc joined #salt
23:41 cruatta joined #salt
23:52 KyleG Can anyone point out what I'm doing wrong :( https://gist.github.com/kylegato/0ee67e92451363396c05
23:53 forrest can you gist your state KyleG?
23:53 KyleG it's in that gist
23:53 warthog42 hello folks, I'm having a bit of an issue working on some state.orch states can calling salt.function with ssh:True turned on.  I have some info in the gist https://gist.github.com/warthog/289621004d6cfc065493 if one of you smart folks has time to look and see if maybe I'm doing something wrong or if there is actually a bug.  I've knocked the examples down to pretty basic cmd.run examples as both salt.function and salt.state salt.function not work
23:55 forrest KyleG: Did you already try a star on that match? Seems okay to me.
23:55 KyleG That does not seem to make a difference
23:57 forrest warthog42: Hmm, I'm not super familiar with orchestrate, can you take a look at the open issues and see if anything looks familiar? https://github.com/saltstack/salt/issues?utf8=%E2%9C%93&amp;q=is%3Aissue+is%3Aopen+orchestrate
23:57 warthog42 forrest:  will do
23:57 tiadobatima hi guys... What happens when we have a _grains directory  inside the multiple directories configured with file_roots? would python files in all of these _grains directories get executed?
23:59 forrest KyleG: Can you try a command that echos the value of the fqdn_ip4 grain, or writes it to a file? It looks okay to me, so only thing I can think is that it really isn't matching somehow
23:59 forrest which seems weird
23:59 forrest but who knows

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary