Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2015-06-09

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:00 murrdoc PREACH
00:00 forrest the joys of centos5 Panyc801
00:00 sygibson I considered switching to pure python for this - but it's also good to make me "learn another painful trick" ... :-)
00:00 forrest heh
00:00 Panyc801 https://copr.fedoraproject.org/coprs/saltstack/salt-el5/
00:01 Panyc801 what a pita
00:01 Panyc801 thanks for your help
00:01 Panyc801 id o truely appreiciate it
00:01 Panyc801 do
00:01 murrdoc do u ?
00:01 dingo for example, does jinja have the 'max()' built-in function that python has? You won't find this in the documentation. No mention at all of 'max()' will answer, "No, it doesn't support that".
00:01 murrdoc how will u pay forrest back ?
00:01 dingo however, list index slicing works, but no mention of that in the docs, that's a python feature that jinja shares ... not documented
00:01 murrdoc will you update salt-formula in github.com/saltstack-formulas with the code needed
00:01 forrest Panyc801: Yeah np
00:02 forrest murrdoc: what a troll ;)
00:02 murrdoc to deploy salt on centos 5
00:02 murrdoc not  a troll!
00:02 murrdoc i just want the peoples to give bak
00:02 forrest murrdoc: lol, let's not support centos5 more than we need.
00:02 forrest it's dying, let it go away
00:03 forrest dingo: I think the docs are open source, could probably add it, mitsuhiko would probably like that ;)
00:04 bemehow_ joined #salt
00:04 dingo i'm a systematic person forrest, if there are features missing, i need to  find out a system for identifying them, and i would only make the effort if its all or nothing
00:06 rgarcia_ joined #salt
00:07 bougie joined #salt
00:07 dingo anyway i just wanted to share vent, been doing jinja for years and thousands of lines, and i still am never quite sure if the code will work without running it, something I'm not comfortable with and do not have a problem with in pure python
00:07 dingo just pushes me to make the fastest highstate possible
00:07 dingo or call states individually during development
00:07 mosen joined #salt
00:10 Nazca joined #salt
00:14 desposo joined #salt
00:19 MatthewsFace joined #salt
00:19 smcquay joined #salt
00:21 Not_ joined #salt
00:24 Panyc801 I didn't deploy it for the record it was a cluster fuck already built... that some ass clown decided to update in the middle of the day that broke everything...    I really do appreciate your help forrest.
00:25 Panyc801 left #salt
00:27 xDamox joined #salt
00:27 bemehow joined #salt
00:30 Georgyo joined #salt
00:32 mosen joined #salt
00:35 Georgyo joined #salt
00:58 otter768 joined #salt
01:16 mosen joined #salt
01:23 david_an111 joined #salt
01:25 UForgotten joined #salt
01:28 crookedstorm joined #salt
01:30 hasues joined #salt
01:31 hasues left #salt
01:36 beauby joined #salt
01:36 dergrunepunkt joined #salt
01:41 amcorreia joined #salt
01:45 dergrunepunkt guys, I have this http://pastebin.com/EzH7DJPr, when I highstate the minion with the 'apache-formula' role I get 'No Top file or external nodes data matches found', my top.sls file is on /opt/dws-ops/saltstack/file_roots, and salt does not seem to use it, why is that?
01:46 desposo joined #salt
01:47 binocvlar dergrunepunkt: Have you taken a look at https://docs.saltstack.com/en/latest/ref/states/top.html ? It should explain how to use the top file, how to configure its location etc.
01:48 dergrunepunkt binocvlar: thanks!, I was looking for that :D
01:48 binocvlar dergrunepunkt: No worries - I hope it helps!
01:48 TyrfingMjolnir joined #salt
01:49 dergrunepunkt binocvlar: you will know in a bit
01:49 binocvlar Default location is usually inside /srv/salt
01:49 binocvlar :)
01:53 ageorgop joined #salt
01:59 msx joined #salt
02:00 msx left #salt
02:01 Aidin joined #salt
02:03 minaguib joined #salt
02:06 TooLmaN joined #salt
02:06 bootstrappm joined #salt
02:08 beauby joined #salt
02:09 bootstrappm Is there something wrong with pkgrepo.absent on Lithum (2015.5.0) or am I doing this wrong: https://gist.github.com/frankpinto/c1121e19009470f5fea5
02:09 bootstrappm the first two recipes don't yield any changes even though my /etc/apt/sources.list.d/postgresql.list file has those lines in it
02:10 bootstrappm the first two ID declarations*
02:11 bhosmer__ joined #salt
02:13 bootstrappm I have to head out but if anybody sees this later just reply in-channel and I'll check the logs later. thanks in advance!
02:13 bootstrappm left #salt
02:18 f4lse_ joined #salt
02:20 lempa joined #salt
02:20 clintberry joined #salt
02:22 spiksius joined #salt
02:23 dergrunepunkt binocvlar: seems that top.sls behaviour has a huge bug :(
02:24 binocvlar dergrunepunkt: Oh really? What's it doing wrong?
02:25 dergrunepunkt binocvlar: there's a problem when using multiples environment https://github.com/saltstack/salt/issues/12483#issuecomment-64181598, I was about to implement that :P
02:25 bemehow joined #salt
02:28 xDamox joined #salt
02:31 Not_ joined #salt
02:31 binocvlar dergrunepunkt: I'm still reading that thread - I'm glad you brought this to my attention, as I'm going to be doing something similar in the coming days!
02:31 beauby joined #salt
02:32 dergrunepunkt binocvlar: yeah, it's shame there's a bug with that, it's one of the coolest things you can do whit salt
02:34 ajw0100 joined #salt
02:36 MatthewsFace joined #salt
02:37 xDamox joined #salt
02:39 jerematic joined #salt
02:40 mosen joined #salt
02:41 jerematic joined #salt
02:47 Bryanstein joined #salt
02:54 Nazca joined #salt
02:57 badon joined #salt
02:59 timoguin joined #salt
02:59 otter768 joined #salt
03:01 bemehow joined #salt
03:09 beauby joined #salt
03:22 evle joined #salt
03:26 Aidin joined #salt
03:33 murrdoc joined #salt
03:36 f4lse_ joined #salt
03:36 ITChap joined #salt
03:39 aqua^c joined #salt
03:40 ITChap Hi, when running pkg.latest or installed is there a way to ignore the package manager output ?
03:41 ITChap I am running Salt on Joyent smartmachines and I have a issue with a specific package.
03:41 ITChap the package is installed correctly but the saltmaster consider it as ffailed
03:41 murrdoc joined #salt
03:49 ITChap when installing the package manually it looks like a warning is displayed regarding the changes in the configuration version between the old and the new version
03:54 stanchan joined #salt
04:05 baweaver_ joined #salt
04:06 bemehow joined #salt
04:06 bemehow joined #salt
04:13 spookah joined #salt
04:18 Alan_S joined #salt
04:19 beneggett joined #salt
04:21 smcquay joined #salt
04:23 esharpmajor joined #salt
04:23 dfinn joined #salt
04:26 murrdoc thats expected
04:26 murrdoc tell the package manager to install whichever version u prefere
04:33 MatthewsFace joined #salt
04:39 TyrfingMjolnir joined #salt
04:39 Not_ joined #salt
04:47 TyrfingMjolnir joined #salt
04:48 ramteid joined #salt
05:00 otter768 joined #salt
05:02 cilkay joined #salt
05:03 cilkay Hello. I have a web application that manages patient information where we deploy on site at clinics. One of the requirements is that we cannot have remote access to the server(s) on which our application is deployed without getting permission from the clients on a per incident basis.
05:04 cilkay That means we can't push things to those servers because we'll only have infrequent network access to them from the outside world.
05:05 cilkay I understand Salt can be configured to pull from master servers. I haven't found an example of how. The working assumption in the examples I've seen is that the master pushes to minions.
05:06 cilkay Can someone please point me to an example where minions pull from the master?
05:09 forrest joined #salt
05:12 big_area joined #salt
05:20 murrdoc joined #salt
05:23 mosen cilkay: I'm not aware of the minions being set up to pull normally, other than maybe a masterless set up i guess.
05:23 mosen maybe someone experienced will chime in :)
05:24 joeto joined #salt
05:24 mosen left #salt
05:24 mosen joined #salt
05:24 aqua^c joined #salt
05:25 MatthewsFace joined #salt
05:26 stoogenmeyer__ joined #salt
05:26 moos3 joined #salt
05:37 rdas joined #salt
05:38 andrej joined #salt
05:46 malinoff joined #salt
05:48 subsignal joined #salt
05:55 ProT-0-TypE joined #salt
05:57 AndreasLutro joined #salt
06:03 IanVorn joined #salt
06:03 colttt joined #salt
06:11 moderation joined #salt
06:11 Striki joined #salt
06:12 binocvlar I've noticed what _appears_ (though almost certainly isn't) inconsistent use of the hyphen char ( - ) within some salt formulas. My experience with YAML tells me that lines beginning with a '-' represent an element in a list/array, whereas items without a dash that are followed by a colon ( : ) represent a dictionary key...
06:13 lb1a joined #salt
06:13 wiqd joined #salt
06:13 binocvlar ... yet I often see lines that start with a hyphen and end in a colon. The next line is then indented, indicating that the mentioned line is indeed a dictionary key. So why the leading hyphen?
06:13 OliverMT joined #salt
06:14 huddy joined #salt
06:14 binocvlar Very happy to RTFM is someone can point me in the direction of a good document explaining this behaviour.
06:15 mosen I dont have a great explanation, but the parameters to execution modules seem to be supplied as a list of dicts, hence the - key: val
06:15 mosen I'm not sure if it becomes OrderedDict or Set or any other kind of data structure in salt
06:17 natewalck joined #salt
06:18 akafred joined #salt
06:18 bbhoss joined #salt
06:18 antonw joined #salt
06:19 binocvlar mosen: Thanks for the explanation, however I'm actually noticing this while using a state module (one of mysql database user creation).
06:20 binocvlar I notice that others are the same. For example file.managed uses a list of dictionaries also. I'm just not sure why there's a list of dictionaries rather than just being a regular dictionary...
06:20 joeyparsons joined #salt
06:20 mosen binocvlar: ahh yeah same situation since the state module is called as a function in python, and the list of dicts somehow magically becomes positional and keyword arguments
06:20 mosen binocvlar: it seems to be just how salt converts yaml into method calls
06:21 viq joined #salt
06:21 binocvlar mosen: That's the best explanation I've heard so far, so I'll go with that! :)
06:22 mosen binocvlar: there's two forms in states too like file: - managed or file.managed to indicate the state name and the function name
06:22 binocvlar Thanks for your feedback. On a related note (perhaps I'm mis-understanding something here) does that imply that arguments need to be given in the correct positions within the YAML?
06:22 mosen I dont know why that form of yaml is equal to that module + function
06:22 munhitsu joined #salt
06:23 mosen binocvlar: I don't know for sure. Except that the method name has to be the first item of the array. The arguments don't seem to matter
06:23 mosen binocvlar: so either most states use keyword args or salt is figuring out what order theyre supposed to be in. I think mostly its the former
06:24 AndreasLutro python has named arguments for functions, and you can pass a dictionary of arguments to a function and python won't care about the order
06:24 AndreasLutro so yeah the order doesn't matter
06:25 mosen ah there you go
06:25 ndrei joined #salt
06:25 gyre007 joined #salt
06:27 simonmcc joined #salt
06:27 binocvlar So it's just a design choice that results in so many (maybe all?) state modules expecting a list of dictionary entries rather than a plain old dictionary?
06:28 mattl joined #salt
06:28 aw110f joined #salt
06:28 copelco joined #salt
06:28 AndreasLutro I think it's a somewhat legacy choice to allow both positional and named arguments
06:29 AndreasLutro I said python has named arguments, but you can also pass a list of positional arguments without providing the name of the arguments
06:29 binocvlar AndreasLutro: Ok, that makes sense - thanks for your help!
06:29 binocvlar mosen: You too! :)
06:30 mosen no probs
06:30 gazarsgo joined #salt
06:33 favadi joined #salt
06:35 akoumjian joined #salt
06:35 beneggett joined #salt
06:37 codekobe joined #salt
06:39 JonGretar joined #salt
06:42 mihait joined #salt
06:42 grepory joined #salt
06:42 KermitTheFragger joined #salt
06:43 LyndsySimon joined #salt
06:44 davedash joined #salt
06:44 benw joined #salt
06:45 ndrei joined #salt
06:48 EWDurbin joined #salt
07:01 LinuxHorn joined #salt
07:01 otter768 joined #salt
07:02 eseyman joined #salt
07:02 Auroch joined #salt
07:02 jay_d joined #salt
07:04 m0nky joined #salt
07:07 neilfse joined #salt
07:07 epcim joined #salt
07:09 mikepea joined #salt
07:10 goki joined #salt
07:11 OGuilherme joined #salt
07:12 rubenb Hi. Is there some reasoning in which order salt states are loaded?
07:12 hillna joined #salt
07:12 rubenb ... When doing a highstate.
07:12 AndreasLutro rubenb: top.sls order matters, the order of state in each .sls files matters, if a state requires another state the required state will be loaded before
07:13 AndreasLutro you can also add `- order: first/last/N` to control the order of specific states
07:14 supermike__ joined #salt
07:14 moos3 joined #salt
07:15 rubenb Thanks!
07:15 Ztyx joined #salt
07:18 mosen heya Andreas are the states now guaranteed to execute in order? I thought I heard that somewhere
07:18 mosen after 2014.7
07:20 lkannan joined #salt
07:20 akitada joined #salt
07:21 babilen mosen: They execute in top-bottom order unless changes are necessary due to requisites
07:21 babilen So: No
07:21 basepi joined #salt
07:22 babilen Well, they are guaranteed to execute in order, it is just that it is important what you mean by "order" :)
07:23 mosen I mean within a single .sls, they execute
07:24 frankS2 joined #salt
07:24 AndreasLutro mosen: the order can change a lot depending on whether a state fails or succeeds or triggers a watch, so I think the correct answer is no
07:24 AndreasLutro that being said, I've never had problems with states executing in another order than I need them to
07:25 mosen ok.. still need watch/watch_in/require/require_in :)
07:25 AndreasLutro yes, definitely
07:25 mosen actually sorry, watch is mod_watch
07:25 mosen just require
07:25 tcolvin joined #salt
07:25 abele joined #salt
07:26 linjan joined #salt
07:27 babilen mosen: You can, generally speaking, rely on the order in which states are defined within a certain SLS file, but if a state *really* requires another one then you should make that explicit.
07:27 bezaban my user states are failing after attempting to apply them to my first jessie machine
07:27 babilen Correct requirements also enable you to use state.sls_id without problems
07:28 babilen bezaban: How so?
07:28 bezaban I'll look into it unless someone has any experience with it
07:28 mosen babilen: nice
07:28 AndreasLutro my user states work fine on jessie
07:29 bezaban babilen: can't write ssh key, due to no home directory (createhome not set, but explicitly setting it to true doesn't change it) and it's complaining about missing groups
07:29 bezaban but I'll have a closer look first
07:29 babilen bezaban: Could you paste your states, the highstate output and, preferrably, some minion debug logs to, say, http://refheap.com ?
07:30 babilen I haven't had problems using the users formula on jessie
07:30 rubenb AndreasLutro: In top.sls, is the order from top>bottom?
07:30 mosen babilen cheers for maintaining the formulas too
07:30 AndreasLutro rubenb: yes
07:31 rubenb So in top.sls:  '*': ['state1', 'something_requiring_state1'] should work?
07:32 AndreasLutro rubenb: yes, but like babilen said, if it really requires the other state you should explicitly state so with a require
07:32 CaptTofu joined #salt
07:32 AndreasLutro something_requiring_state1.sls could have an - include: state1 to make it possible to run on its own without a highstate
07:32 ashb joined #salt
07:33 babilen rubenb: I guess that we need more details to provide actual advice. In short: If something requires something else then make that explicit
07:33 pppingme joined #salt
07:34 bezaban babilen: thanks, I'll have a poke at it and see if I can solve it and tell the channel what it was. I have a meeting shortly though, so I'll supply the debug information if I get completely stuck :)
07:34 markm joined #salt
07:34 babilen bezaban: Sure, enjoy your meeting.
07:34 bezaban I won't ;(
07:34 babilen Then: May it be over soon ;)
07:35 doriftoshoes joined #salt
07:35 al joined #salt
07:35 bezaban hehe yeah. It's one of those meetings booked by a non-technical person where I can just tell him the outcome, but they insist having it anyway.
07:36 fxdgear joined #salt
07:37 collinanderson joined #salt
07:38 imanc_ joined #salt
07:38 bhosmer_ joined #salt
07:39 rubenb AndreasLutro: Sample config: https://gist.github.com/anonymous/a77963c2e9339bdf9f42
07:40 babilen guess rubenb really doesn't want me to look at things
07:40 rubenb In this case, it's not very handy to require sudo/curl in _each_ state you're using curl/sudo
07:41 chiui joined #salt
07:41 rubenb babilen: https://gist.github.com/anonymous/a77963c2e9339bdf9f42
07:41 rubenb Sample config .
07:41 Aidin joined #salt
07:41 AndreasLutro rubenb: ah, yeah I do the same thing, I think it's fine as long  as it's not overdone
07:41 AndreasLutro for small stuff like curl
07:42 zipkid joined #salt
07:43 rubenb Disclaimer: I know piping some curl-output to sh is not very secure.
07:43 babilen You are aware of https://github.com/saltstack-formulas/docker-formula/ aren't you?
07:44 babilen (which would install docker from their repositories)
07:44 slav0nic joined #salt
07:44 slav0nic joined #salt
07:45 ramishra joined #salt
07:46 rubenb babilen: I did not. Just got the docker working this week.
07:50 Tritlo joined #salt
07:50 rubenb I now have a state which does a curl of the get-docker-script, builds an image (file.managed of Dockerfile and docker build), and does a cmd.run of a bash for-loop to run the image 20 times.
07:50 julez joined #salt
07:51 babilen "run the image 20 times" ?
07:52 rubenb cmd.run:- name: for i in {1..20}; do docker run -d minion; done
07:54 jchadwick joined #salt
07:56 bezaban ah, found it before the meeting. It's due to a group that earlier was added with the fuse package (group fuse) that now is no longer added with the package
07:56 babilen rubenb: https://docs.saltstack.com/en/latest/ref/states/all/salt.states.dockerio.html#salt.states.dockerio.running might be of interest
07:56 stoogenmeyer__ hey guys, if I have a state such as git.latest and after that service.running. If I add watch to the service.running so it'll watch git: <name>, will my service restart whenever the git repo updates ?
07:56 bezaban so the whole user fails
07:57 bezaban been looking to redo the whole fuse state anyway, it was a bit icky (but worked)
07:57 babilen bezaban: You can use "optional_groups" for that
07:57 bezaban babilen: thanks, that will be more tidy for now
07:57 kawa2014 joined #salt
07:58 babilen bezaban: It will add the user *iff* the group exists and ignore it if it doesn't. That way you can always add users and, if by some other change, the group is created in the interim another highstate will reflect that in the user configuration.
07:59 bezaban yeah, that's what it sounded like :) It seems the fuse group has been entirely removed and works if I just remove it
08:01 bezaban will look into the details
08:02 ndrei joined #salt
08:02 SteamWells joined #salt
08:03 kutenai joined #salt
08:03 AndreasLutro stoogenmeyer__: yes
08:04 Grokzen joined #salt
08:05 babilen bezaban: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=733312
08:06 babilen bezaban: This applies to jessie and later (stretch, ...) so leave it in optional_groups if you plan to support wheezy, squeeze or any of the older Ubuntu variants
08:07 s_kunk joined #salt
08:07 s_kunk joined #salt
08:11 Xevian joined #salt
08:12 jeddi joined #salt
08:13 shawnbutts joined #salt
08:15 bezaban babilen: fantastic. I think it's an improvement, but yes, would need to support wheezy (and derived ubuntu) for a little
08:16 IanVorn joined #salt
08:16 bezaban in a lync meeting, I get to say 'we're busy implementing the fix' soon :P
08:17 fredvd joined #salt
08:25 linjan joined #salt
08:25 PI-Lloyd joined #salt
08:25 supersheep joined #salt
08:26 julez_ joined #salt
08:29 supersheep joined #salt
08:35 ndrei joined #salt
08:35 CSa_ joined #salt
08:37 epcim_ joined #salt
08:48 bluenemo joined #salt
08:48 bluenemo joined #salt
08:50 DjDeaf joined #salt
08:51 DjDeaf Hi, How can I configure dependency for a cmd.run state's result?
08:51 Aidin joined #salt
08:52 KermitTheFragger joined #salt
08:56 babilen DjDeaf: Could you elaborate on that?
08:57 soren joined #salt
08:58 DjDeaf Yeah, I want to run a command, and based on the result, call another state
09:02 otter768 joined #salt
09:07 supersheep joined #salt
09:09 Romlok joined #salt
09:18 denys joined #salt
09:20 yawniek can i negatively target minions in my top.sls or exclude a state on a specific machine that has been included in '*' ?
09:21 yawniek aka i have one machine where i don't want a specific state, whats the slimmest way to get this?
09:26 Aidin joined #salt
09:27 sgargan joined #salt
09:27 Berty_ joined #salt
09:28 moos3 joined #salt
09:29 evle joined #salt
09:32 sgargan joined #salt
09:33 zerthimon joined #salt
09:33 ThomasJ yawniek: I don't think you can without turning to compound matching for that state. ie: '* and not myminion*'
09:47 julez joined #salt
09:50 Bateau_ joined #salt
09:57 vieira_ joined #salt
09:59 vieira_ hello, I am frequently getting a "[WARNING ] Returner unavailable: 'NoneType' object does not support item assignment"
09:59 vieira_ while running salt -G 'os:Ubuntu' test.ping --output no_return
10:12 RkM joined #salt
10:20 ange sometimes when I read the salt doc I am surprised that concepts used seems to change in the middle of an example : salt myminion s3.put mybucket remotepath local_file=/path/to/file
10:21 ange why is the path to write the file to in the bucket designated by 'remotepath' in there while the local_file one (and not local_path ?) is shown as an example ?
10:23 cheine_ joined #salt
10:26 vieira_ [CRITICAL] Could not deserialize msgpack message: ��fun_args��jid�20150609112301382582�returnçretcode�successãcmd�_return�_stamp�2015-06-09T10:23:01.796740�fun�test.ping�id�marsatosThis often happens when trying to read a file not in binary mode.Please open an issue and include the following error: unpack(b) recieved extra data.
10:26 vieira_ :(
10:27 cheine joined #salt
10:28 catpig joined #salt
10:31 onorua joined #salt
10:32 onorua I've got a problem, when I use my git repo as a salt-state storage, and I want to deliver file from salt-states git repo with salt://... minion complains that it's impossible to cache it, what am I doing wrong?
10:36 ndrei joined #salt
10:36 sgargan joined #salt
10:37 jerematic joined #salt
10:42 eSgr joined #salt
10:42 giantlock joined #salt
10:46 mrten joined #salt
10:47 mrten on ubuntu precise, trying to upgrade from 2014.1 PPA to 2015.5, but missing python-requests
10:48 mrten anyone seen that problem?
10:50 bezaban added in new pillar data for optional_groups and loop over that in my user.sls, works like a charm. Thanks babilen :)
10:53 catpig joined #salt
10:59 ndrei joined #salt
10:59 fivmo joined #salt
11:00 saifi joined #salt
11:01 CeBe joined #salt
11:02 aqua^c joined #salt
11:03 soren joined #salt
11:03 otter768 joined #salt
11:05 fivmo joined #salt
11:07 fivmo joined #salt
11:14 fivmo joined #salt
11:15 che-arne joined #salt
11:16 ndrei joined #salt
11:18 fredvd joined #salt
11:20 AndreasLutro ange: would you still like an answer to your question about s3.put?
11:21 asoc_ joined #salt
11:29 ange AndreasLutro: yes
11:30 AndreasLutro ange: ok so when you do `salt minion s3.put ...` you're actually calling the salt "s3" module's "put" function which should normally have its arguments listed in the documentation but I guess it hasn't been done in this case
11:30 AndreasLutro you can find the function definition here: https://github.com/saltstack/salt/blob/develop/salt/modules/s3.py#L183-L184
11:31 AndreasLutro as you can see, "bucket" is the first argument, "path" (remote path) is the second argument, then there are a few arguments between "path" and "local_path", so if you just want to provide path and local_path, you can provide path as a regular argument and local_path as a named argument
11:31 AndreasLutro all salt really does is translate your command-line arguments to python function arguments. in this case the documentation seems a bit lacking, which can probably be fixed with a pull request
11:31 AndreasLutro does that make sense?
11:35 supersheep joined #salt
11:36 donmichelangelo joined #salt
11:38 saifi joined #salt
11:44 ndrei joined #salt
11:48 Nazca__ joined #salt
11:48 soren joined #salt
11:48 soren joined #salt
11:50 unused_phd joined #salt
11:50 bluenemo joined #salt
11:50 bluenemo joined #salt
11:52 IanVorn joined #salt
11:52 linjan joined #salt
11:53 diegows joined #salt
11:58 giantlock joined #salt
12:02 aqua^c joined #salt
12:05 wnkz joined #salt
12:14 arount joined #salt
12:16 ndrei joined #salt
12:16 arount Hi, there is a doc about the "salt://" "protocole" ?
12:17 arount I don't understand how this work (and why this don't work ..)
12:17 arount To be honnest I don't understand why use something who look like a protocole but is not, but that is another subject
12:18 Romlok it's just used to reference files within salt's file_roots directory/ies
12:19 Romlok as simplest, like file:// but with a prefix
12:19 Romlok AFAIK
12:19 Romlok *at simplest
12:19 arount Romlok: yes that what I've understood to .. I'm creating a gist to show my problem
12:24 julez joined #salt
12:24 guanophobic joined #salt
12:25 * mrten overwoog zaterdag/1
12:25 arount https://gist.github.com/arnoutpierre/a77fc6eb50b75ae24b09
12:26 ndrei joined #salt
12:26 AndreasLutro you don't need to specify salt:// for includes
12:26 arount the strange thing is that in `nagios.sls` the last line use the "salt://.." syntax too, but works this time
12:27 arount AndreasLutro: damn .. noooo that can't be juste that! I try
12:27 TheoSLC joined #salt
12:27 AndreasLutro you also don't need the "base:" bit
12:27 vilitux joined #salt
12:27 AndreasLutro and you can drop the .sls
12:27 AndreasLutro and you should use . instead of /
12:28 AndreasLutro so include: - nagioscfg.server-name
12:28 tmclaugh[work] joined #salt
12:28 CeBe1 joined #salt
12:28 soren joined #salt
12:29 CeBe1 left #salt
12:29 arount AndreasLutro: thanks, this is the problem !
12:30 arount AndreasLutro: but, I've another problem, my file name is 'something.otherthing", I juste change name for the example
12:30 AndreasLutro something.otherthing.sls ?
12:30 arount AndreasLutro: yep
12:30 AndreasLutro think you'll have to change the . to something else
12:30 arount AndreasLutro: folderpath/somehting.otherthing.sls
12:30 arount ok
12:31 arount so dot in sls files name is not a good thing
12:31 AndreasLutro yeah, there might be a way to make it work but I'd just avoid doing it
12:32 bezaban oh my. A denied key just turned up in salt-key -L. Could an old version cause this?
12:33 arount I don't understand why .. why this "salt://" thing, why this "dot to replace slash" thing, why doing all this simple thing in cryptic way ?
12:33 AndreasLutro arount: the dot instead of slash is how python modules work, not sure about the salt:// thing
12:33 arount Saying something like "you can define a file root for each environment, then assume that the files required in an environment must be in relative path" ..
12:34 arount AndreasLutro: true for python, my bad
12:34 arount AndreasLutro: bref, thank you for help
12:34 Hydrosine On the following docs 'ret' is not documented, in the example it is pictured as '{}' What is it?
12:34 Hydrosine http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.file.html#salt.modules.file.manage_file
12:34 wnkz_ joined #salt
12:36 AndreasLutro Hydrosine: looking at the code for the function, looks like some internal stuff not meant to be part of the public api
12:36 AndreasLutro that's only my guess though
12:36 AndreasLutro looks a bit odd
12:36 Hydrosine hmm k
12:37 Hydrosine just thought it strange being undocumented :)
12:37 amcorreia joined #salt
12:37 N-Mi joined #salt
12:38 ponpanderer joined #salt
12:38 onorua joined #salt
12:38 bezaban ah, I think I know what caused that
12:38 AndreasLutro you could open an issue for it Hydrosine
12:38 Hydrosine will do
12:40 bezaban almost deleted all my salt keys with salt-key -D host
12:41 bezaban of course it asks, but it's an easy typo to do
12:42 rubenb Do you guys have worked with salt-cloud?
12:43 DammitJim joined #salt
12:43 throwawayj joined #salt
12:44 stoogenmeyer__ hey guys, in a file.managed with a jinja template, how can I inject additional arguments to the template from the state definition?
12:44 rubenb It somewhat works now, I just have to figure out why salt-cloud provisions the new servers with 2014.1.13 and how to perform highstate on deploy
12:44 debian112 joined #salt
12:45 AndreasLutro stoogenmeyer__: with the defaults or context argument
12:45 throwawayj I am working on orchestration and curious if anyone knows if in my orchestration I set a service to be stopped, and have a nother step that requries that service to be stopped, does salt verify that the service actually stopped?
12:47 ecerulm joined #salt
12:48 ecerulm I just tried the tutorial and I cannot get the salt '*'state.sls thing to work. It says to matchin sls found for rabbitmq in env base
12:48 ecerulm I have /srv/salt/rabbitmq.sls
12:48 ecerulm ls
12:49 stoogenmeyer__ then how do I use those values inside of the template?
12:50 AndreasLutro {{ my_variable }} to output them
12:51 AndreasLutro ecerulm: could you make a https://gist.github.com/ with your top.sls and the full error message?
12:51 SpX joined #salt
12:51 emaninpa joined #salt
12:54 dRiN joined #salt
12:57 subsignal joined #salt
12:59 ferbla joined #salt
13:01 sgargan_ joined #salt
13:02 TyrfingMjolnir joined #salt
13:03 bhosmer joined #salt
13:03 ecerulm I don't have top.sls
13:04 otter768 joined #salt
13:04 ecerulm just a rabbitmq.sls and run it with sudo salt '*' state.sls rabbitmq
13:04 stoogenmeyer__ ecerulm: are you 100% sure rabbitmq.sls is inside of /srv/salt ?
13:05 ecerulm Is there anyway to see which directories are being searched for?
13:05 ecerulm yes, ls /srv/salt/rabbitmq.sls
13:05 ecerulm owned by root 644
13:05 ecerulm 63 bytes
13:06 ecerulm I installed salt-master from apt-get (I'm on ubuntu 14.04)
13:07 ecerulm I have a clean /etc/salt/master with only file_roots :
13:07 ecerulm I also tried with a totally empty file_roots since the defaults should be /srv/salt right?
13:09 HeftySmurf joined #salt
13:09 ecerulm my rabbitmq.sls https://gist.github.com/ecerulm/db6795c16cf7e15333ce
13:09 dthorman joined #salt
13:10 ecerulm now I have an empty /etc/salt/master file
13:10 ecerulm service salt-master stop
13:10 ecerulm service salt-master startr
13:12 HeftySmurf joined #salt
13:12 murrdoc joined #salt
13:13 ecerulm joined #salt
13:14 terxy510 joined #salt
13:14 cpowell joined #salt
13:15 terxy510 Has anyone ever used salt with freeipa? Looking for some docs or articles on how to make them play together nicely.
13:16 bezaban joined #salt
13:17 dyasny joined #salt
13:21 scoates joined #salt
13:22 johnMick joined #salt
13:22 nahamu what do you mean by having them play nicely together?
13:24 nahamu (we use both salt and freeipa at work with salt managing the user machines and getting them integrated into freeipa. but if you're asking about using freeipa credentials to delegate out permissions within salt, I don't think we do that.)
13:24 johnMick Hi everybody. I'm discovering the product and especially the salt-api and the documentation seems to say that some methods (ie Login) are returning JSON, while other are returning YAML. WTF? it is an error in the documentation or does the API does not provide a constant format for requests' answers?
13:25 nahamu terxy510: I should have pinged you. Look up a few lines.
13:25 bhosmer joined #salt
13:25 julez_ joined #salt
13:26 _JZ_ joined #salt
13:26 Ahlee johnMick: The api returns json, the cli can return a number of formats
13:26 racooper joined #salt
13:26 Ahlee johnMick: sorry, salt-api returns json
13:27 mpanetta joined #salt
13:30 stoogenmeyer__ hey guys.. any idea why I'm getting this error for the following state file (statefile: http://pastebin.com/6ZbvfVEF), (error: http://pastebin.com/eiz85PXN)
13:30 terxy510 nahamu: Thanks for responding. I have a users.sls that is failing on the nodes we have using freeipa. The users.sls is to setup backup accounts in the event that IPA goes down or is unreachable.
13:30 drawsmcgraw joined #salt
13:31 johnMick Ahlee:  thanks!  :) I'll then try to do it because here (http://docs.saltstack.com/en/latest/ref/netapi/all/salt.netapi.rest_cherrypy.html), the return is in YAML. BTW, is there somewhere a more complete documentation, with format of returned object. (ie a Job)?
13:32 teryx510 joined #salt
13:34 stoogenmeyer__ johnMick: you could always check the source
13:34 nahamu terxy510: do the usernames collide?
13:34 Ahlee johnMick: interesting.
13:35 Ahlee johnMick: I'm honestly not sure any more. It appears salt.netapi has matured past my understanding.
13:35 teryx510 Yes. I suppose I could try running it with a non-ipa account.
13:35 teryx510 err, to setup an account that doesn't have a username that will collide with what is in ipa.
13:36 nahamu teryx510: yeah, even without salt in the equation I'd expect most machines to get annoyed about trying to add an account with a username that matched something that already seems to exist when run through getent...
13:36 ndrei joined #salt
13:36 Ahlee Guess I need to learn how exactly netapi differs from teh old salt-api. I had thought netapi was just the merged in name of hte old stand alone restful API server, just providing an interface for intantiating LocalClient python objects on the master
13:37 johnMick stoogenmeyer__:  indeed but that would be the worst solution (time-consuming) :) you can understand (I'm not critizing) that having a well-known and big product like Salt, I can expect to have at least a clear/complete documentation :)
13:37 johnMick Ahlee: I understood like you readining on interne
13:37 johnMick for me, salt-api was a module, it was just integrated as it
13:41 ange AndreasLutro: yes I do get the details in the docs, I am just surprised the example is not really ... consistent on its own showing a path example for one argument but not the other
13:41 AndreasLutro aha
13:41 kawa2014 joined #salt
13:42 IanVorn joined #salt
13:42 johnMick Ahlee: answer here => https://salt-api.readthedocs.org/en/latest/
13:42 arount ange: I share your point of view about doc
13:43 jeblair joined #salt
13:43 mrten left #salt
13:45 ecerulm I get No Top file or erneal nodes data matches found. I created a /srv/salt/top.sls with the data in http://docs.saltstack.com/en/latest/topics/tutorials/states_pt1.html
13:45 teryx510 nahamu: so I just ran with a new user and that failed as well.
13:45 sporkd2 ecerulm: is your file_roots pointing to the same place?
13:46 ecerulm yes.  file_roots: base: - /srv/salt
13:48 linjan joined #salt
13:48 ndrei joined #salt
13:51 diegows joined #salt
13:51 aqua^c joined #salt
13:52 murrdoc joined #salt
13:54 diegows hi
13:54 Ahlee johnMick: right, but that doesn't explain the yaml returns, which are strange. I guess it's to allow non-rest interfaces over the wire?
13:56 timoguin joined #salt
13:57 amcorreia hi guys, i'm using "ini.options_present" to change php parameters, how i can restart service after the change?
13:57 arount diegows: hi, ask directly your question :)
13:58 lokk joined #salt
13:58 diegows but it's a good habit to say hi first
13:58 lokk Hi all
13:58 lokk have a small probs
13:58 diegows anyway, I don't know if I have question yet
13:58 Ahlee amcorreia: on the service you want to change set a watch on the stanza defining the parameters
13:58 lokk when i tried to start tomcat in my client server
13:58 lokk it gives me a error
13:58 lokk the command i used is
13:59 lokk salt -S 10.x.x.x cmd.run "/opt/tomcat/bin/startup.sh"
13:59 diegows well, may be... if I have a custom execution module that returns a dictionary, is there a way to convert it to yaml in the template?
13:59 amcorreia Ahlee, but i'm not monitoring file php.ini
13:59 mapu joined #salt
13:59 arount diegows: sorry, I just thinking you was shy :s
13:59 Ahlee amcorreia: then salt won't know the file hcanged
13:59 diegows example: my_dict: {{ salt.myfunc() }}
14:00 amcorreia Ahlee, i'm doing this way http://pastebin.com/Wbt8VUd1
14:00 diegows amcorreia, use watch_in
14:01 timoguin joined #salt
14:01 keithhub joined #salt
14:02 diegows amcorreia, http://pastebin.com/DtNsteaW
14:03 Ahlee well i'll be, thanks diegows
14:03 andrew_v joined #salt
14:04 julez joined #salt
14:06 ange is there a salt way to handle directory existence check for a onlyif: ?
14:06 jerryc joined #salt
14:06 diegows Ahlee, salt always know when something is changed :)
14:08 pppingme joined #salt
14:11 lokk please can anyone help me
14:11 lokk when i tried to start tomcat in my client server
14:11 lokk it gives me a error
14:12 lokk salt -S 10.x.x.x cmd.run "/opt/tomcat/bin/startup.sh"
14:12 whytewolf lokk: you never said the error.
14:12 lokk the error is
14:12 lokk Neither the JAVA_HOME nor the JRE_HOME environment variable is defined     At least one of these environment variable is needed to run this program
14:12 murrdoc <3 java
14:12 lokk but i have installed java in my client
14:13 lokk if i start the tomcat mannually it starts
14:13 murrdoc try shell=True
14:13 amcorreia I think i'm still doing wrong way http://pastebin.com/b2cnsrGX
14:13 Ahlee fix your startup.sh to define those variables
14:13 murrdoc salt -S 10.x.x.x cmd.run "/opt/tomcat/bin/startup.sh" shell=True
14:13 murrdoc when that fails do wat ahlee said
14:13 Ahlee salt runs with a stripped down $PATH, and no JAVA_HOME is set in it's env
14:14 Ahlee run cmd.run env to verify
14:14 lokk when i tried  salt -S 10.x.x.x cmd.run "/opt/tomcat/bin/startup.sh" shell=True
14:14 lokk it throws me a error
14:14 Romlok amcorreia: the ini file is not a service
14:14 lokk TypeError encountered executing cmd.run: coercing to Unicode: need string or buffer, bool found. See debug log for more info.
14:15 Ahlee You should check the debug log, as it said.
14:15 Ahlee but, read my above for what's happening
14:15 amcorreia http://pastebin.com/RyUVgWX9 relevant part of cfg
14:15 amcorreia Romlok, ok
14:17 Romlok amcorreia: I guess you need the watch_in inside the ini.options_present
14:18 stoogenmeyer__ joined #salt
14:18 Romlok and IIRC it'd be  `watch_in: service: php5-fpm`
14:18 lokk the debug log also shows the same error
14:21 lokk i have also tried setting the JAVA_HOME and patht to the startup script
14:21 lokk still no luck
14:23 drawsmcgraw Ahlee: murrdoc, isn't there an 'env' parameter to cmd.run() ?
14:23 Ahlee drawsmcgraw: https://github.com/saltstack/salt/blob/develop/salt/modules/cmdmod.py#L600
14:23 murrdoc yup, thre is
14:23 Ahlee sure looks like it
14:24 murrdoc but cmd.run is bad and service.start is much better
14:24 lokk thank yoou guys
14:24 drawsmcgraw I've used that when writing states. I imagine the module behaves similarly
14:24 lokk after i set java home in startupscript
14:24 lokk it works
14:24 lokk thanks again
14:24 amcorreia Romlok, didn't worked
14:24 Ahlee murrdoc: hush with your best practices
14:25 murrdoc :D
14:25 Ahlee i'll keep my flimsy layers of bubble gum and masking tape holding my systems together
14:25 catpig joined #salt
14:25 amcorreia Romlok, ops, worked!
14:25 amcorreia was a typo
14:26 ange Ahlee: paperclips, don't forget the paperclips
14:26 Romlok amcorreia: that's some typo :)
14:29 beneggett joined #salt
14:32 jdesilet joined #salt
14:32 __alex joined #salt
14:34 supersheep joined #salt
14:36 ndrei joined #salt
14:37 toddnni joined #salt
14:40 cedwards joined #salt
14:41 giantlock joined #salt
14:42 moos3 joined #salt
14:42 TheoSLC joined #salt
14:44 mapu joined #salt
14:46 onorua joined #salt
14:47 unused_phd joined #salt
14:56 smcquay joined #salt
14:57 hasues joined #salt
14:59 timoguin_ joined #salt
15:01 bhosmer joined #salt
15:01 pcn I have a question about the git pillar - I can't see where to provide auth info for git pillars.  For gitfs I provide ssh keys.  What's the story with pillars?
15:01 pcn Do I define the remote in gitfs first, then use that remote in the pillar config?
15:01 paclat joined #salt
15:03 ekristen joined #salt
15:05 otter768 joined #salt
15:05 sdm24 joined #salt
15:07 SheetiS joined #salt
15:13 ange if there is anyone looking for a Salt role in London ping me; team of 10 is looking for someone to complement and take over the infrastructure and automation handling from me; infrastructure is AWS, product is a ruby based product split in services; ruby knowledge a plus but not a requisite
15:14 sgargan joined #salt
15:14 hasues left #salt
15:15 lokk joined #salt
15:15 lokk Hi all
15:16 ange in a cmd.run am I wrong to understand the command will run only if the directory I point exist if I pass the following : - onlyif: "[ -d ../../shared/bundle ]"
15:16 lokk salt -S 10.94.15.45 cmd.run "mkdir /test"
15:17 beneggett joined #salt
15:17 lokk the /test directory created has permission of root:root
15:17 lokk i need to create a directory with different user
15:18 lokk the present permission is drwxr-xr-x    2 root root  4096 Jun  9 15:18 test
15:18 lokk what i need is drwxr-xr-x    2 lokk lokk  4096 Jun  9 15:18 test
15:19 lokk can anyone please help me
15:20 hunmaat use file.mkdir or if you stick to cmd.run, then sudo or chown
15:21 edrocks joined #salt
15:21 soren joined #salt
15:22 lokk @hunmaat can you please send me as a command
15:22 whytewolf lokk: salt -S 10.x.x.x file.mkdir /test user=foo group=bar mode=755
15:22 whytewolf lokk: /usr/lib/python2.7/dist-packages/salt/utils/openstack/neutron.py
15:23 whytewolf lokk: http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.file.html#salt.modules.file.mkdir
15:23 whytewolf damn wrong buffer
15:23 sdm24 ange: use - onlyif: "test -d .../..../..."
15:25 cheus joined #salt
15:26 julez joined #salt
15:27 beneggett joined #salt
15:28 cheus Are mine functions available when the pillar is compiled?
15:28 jalbretsen joined #salt
15:30 brandk joined #salt
15:32 sdm24 I think only if you are using a pillar to push out the mine.functions
15:32 supersheep joined #salt
15:34 sdm24 And even then, I think you still have to "salt '*' mine.update" after. Updating the mine.functions pillar will only tell which new info to grab, not actually grab that info
15:34 sdm24 I'm not 100% sure on that though
15:34 cheus sdm24, Ok, just so I'm clear, is it correct to say that there's no way to integrate mine data into a pillar?
15:35 cheus data collected from the mine, I mean
15:35 pcn More about the git ext_pillar - the documentation says that you can map a branch to an environment with e.g. master:base, but I don't see code in masterapi.py that would enable that: https://github.com/saltstack/salt/blob/2015.5/salt/daemons/masterapi.py#L53
15:36 sdm24 Um, I think you can but I only use mine data in states
15:37 cheus Hrm. This doesn't make much sense, then. The `mine.get` functions I have in the pillar come up empty but they otherwise work via `salt-call`
15:38 iwishiwerearobot joined #salt
15:38 sdm24 I guess paste the code in gist.github.com and I can take a quick look at it
15:39 sdm24 but  be warned: I don't consider myself to be a Salt/coding expert
15:40 aqua^c joined #salt
15:40 cheus sdm24, https://gist.github.com/cheuschober/ed5cb5802d9e4a808890
15:42 sdm24 Hmm, to me that looks like it should be fine. Try making a test state (instead of a pillar) and see if that will load the mine data. Maybe you can't put mine data in a pillar
15:45 giannello joined #salt
15:46 cheus sdm24, Ergh. Yes. Well that's totally ruined my plans. :-/
15:47 whytewolf mine data can go in pillar. i have used it before. but that was awhile ago and don't remeber what i did
15:47 giannello is there any way to clean up cached external files without using saltutil.clear_cache?
15:48 giannello that will also delete the custom states, and that's not really acceptable
15:48 smcquay joined #salt
15:48 cheus whytewolf, Do have any sense of what might've been wrong with the above gist?
15:49 adelcast joined #salt
15:50 beneggett joined #salt
15:51 whytewolf have you tried it from salt. [not salt-call on the minion]. using the mine.get function.
15:51 cheus whytewolf, I have and it returns the expected data.
15:52 sdm24 Maybe using salt[module.run](mine.get '*' network.ip_addrs)
15:52 sdm24 in the pillar
15:52 Ztyx joined #salt
15:53 sdm24 I don't know if that will work though
15:53 whytewolf sadly i don't remeber what i did to get it to work. there was a trick but the fact it isn't returning an error means it is trying to do something.
15:54 throwawayj joined #salt
15:54 whytewolf it was something with the way it ended up being formatted diffrently
15:55 cheus It doesn't really make a lot of sense to me since the mine runs on an interval so master should already have that data cached and ready to be injected prior to pillar compilation
15:56 iggy giannello: why are you storing your custom moduels in the cache dir?
15:57 cheus Do you think the mine itself has to be exposed in the minion's conf.d instead of the pillar?
15:57 xDamox joined #salt
15:57 whytewolf no, I've never done the mine conf in the minion.
15:57 DammitJim joined #salt
15:57 whytewolf always used pillar
15:58 che-arne joined #salt
15:59 conan_the_destro joined #salt
15:59 whytewolf damn looks like those configs/docs are gone also. must have been part of an old setup that i don't use anymore.
16:01 Auroch joined #salt
16:03 adelcast joined #salt
16:04 giannello iggy, not doing it - apparently they are synced there from the master
16:05 xDamox joined #salt
16:05 giannello [INFO    ] Copying '/var/cache/salt/minion/files/base/_states/custom_state.py' to '/var/cache/salt/minion/extmods/states/custom_state.py'
16:05 ndrei joined #salt
16:05 iggy giannello: that's fine, they'll get synced again
16:05 elfixit joined #salt
16:06 giannello iggy, no, that's actually not fine - I might want to clear the cache to delete old external files that are cached there
16:06 giannello but if the custom states/grains are removed, the next SLS runs will be affected by missing states
16:07 iggy a highstate syncs all that stuff automatically
16:07 whytewolf giannello: so just run a sync_all after you run the clear_cache if you are that worried about it
16:07 iggy if you don't use highstate often, just run a sync_All before
16:07 giannello I only run the highstate when applying changes, not as a scheduled task
16:08 giannello but our deployment process is based on salt too
16:08 mgw2 joined #salt
16:08 giannello one of the tasks involves downloading artifacts from S3 - and they stay in the extrn_files folder, taking up space, that's the reason for the clear_cache
16:09 giannello but we also have a custom state, that runs at the end of the deployment, that removes old revisions from the deploy folder
16:09 iggy so you have 2 options, don't use clear_cache or run sync_all as part of whatever process you are talking about
16:09 cheus Hrm. This really doesn't make any sense at all. I would have expected to be able to get that mine data. I'm not showing any errors in the logs, the function appears to be running but no data's coming back.
16:09 ange can I use any of https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.s3.html in a state ?
16:09 iggy ange: yes, with module.run
16:09 giannello iggy, whytewolf, thanks for confirming that it's the expected behaviour
16:10 peters-tx joined #salt
16:10 sdm24 ange: https://docs.saltstack.com/en/latest/ref/states/all/salt.states.module.html more info on module.run
16:11 ange rather : what's a good way to distribute files from one minion to multiple ones ?
16:11 Brew joined #salt
16:11 sgargan joined #salt
16:11 ange I was thinking of copying the file to S3 then pulling it; is there a more canonic way of doing the same thing ?
16:12 giannello still don't think that it's a good approach. will open a ticket to discuss
16:12 hal58th ange, there is no good way. You can transfer small amounts of data using salt.mine. Other then that, you are on your own.
16:12 sdm24 I use the minionfs
16:12 giannello ange, depending on what you want to do with the file you get from s3, you can use s3:// protocol in file.managed
16:12 sdm24 but I don't use S3
16:13 giannello sorry, I misread the question
16:14 aparsons joined #salt
16:14 Quang_ joined #salt
16:15 ange minionfs http://docs.saltstack.com/en/latest/topics/tutorials/minionfs.html seems to be intended for what I have in mind, but that same very link falls short of showing interesting uses
16:17 sdm24 ange: hold on, let me copy over two of my states. We use splunk for logging, and the search heads need to pass their splunk keys over to the indexers. I use minionfs on the search heads to upload their keys, and the indexers then grab those keys
16:17 ange sounds awesomely adequate sdm24
16:18 evilrob_ joined #salt
16:19 sdm24 https://gist.github.com/sdm24/ba25f96af30c7f62fa25 there you  go
16:19 desposo joined #salt
16:19 ange very nice
16:19 ange thanks sdm24 !
16:20 sdm24 no problem, glad I can help
16:20 Quang_ hello everyone, when I run salt-call, is there any option that allow it to output only 'Result: False' function? (aka: funciton that fails)
16:22 ange sdm24: in line 13, the id is the id of the original minion from which the file is from ?
16:22 sdm24 the id is the hostname, which it got from the mine
16:22 giantlock joined #salt
16:23 sdm24 I think I can better code my mine functions, but I currently use grains.item because I have multiple fields, so grains.get won't work
16:23 ange sdm24: ok, but is it the one of the server in each step of the loop or is it a fixed value ?
16:23 sdm24 but its basically, for the minion ID as "server", get the grains.item(host) as "id"
16:24 murrdoc joined #salt
16:24 ange so, the source attribute will be altered every step of the loop?
16:24 sdm24 the server is the minionID with the pillar key:value "search head: True", the id is the corresponding hostname
16:24 sdm24 yep
16:24 sdm24 before I had to hard code in the list of my search heads
16:25 ange not sure to follow what's happening there
16:25 sdm24 Are you familiar with the mine?
16:25 ange the mine is not the issue here I think
16:25 sdm24 oh wait I was turned around, sorry about that
16:25 spookah joined #salt
16:26 sdm24 id and server are the same value haha
16:26 malinoff joined #salt
16:26 ange from what I read in http://docs.saltstack.com/en/latest/topics/tutorials/minionfs.html the push will put the file on the master
16:26 ange in a special place
16:26 sdm24 yep
16:26 cheus whytewolf, I just found this discussion with a few Salt devs who seem to indicate mine in pillar is not supported: https://github.com/saltstack/salt/issues/11509
16:26 sdm24 and to call it in a salt state, it goes to salt://<minionid>
16:27 ange yes, but that minionid is supposed to be the origin minion, the one the file was pushed from, right ?
16:27 sdm24 yes
16:28 sdm24 so indexer.sls is run on the 'splunkindexer' minion, and it pulls 'splunkmonitor's key from salt://splunkmonitor/...
16:28 ange ok
16:28 ange good
16:29 ange let me try all that
16:29 ange thanks again
16:29 writtenoff joined #salt
16:29 sdm24 no problem
16:30 beneggett joined #salt
16:31 aparsons_ joined #salt
16:33 nzero joined #salt
16:33 bhosmer joined #salt
16:33 cruatta joined #salt
16:35 cruatta_ joined #salt
16:37 ange sdm24: any idea how to cleanup the files in minionfs?
16:38 synestine joined #salt
16:38 sdm24 no idea, sorry
16:38 clintberry1 joined #salt
16:38 ksj I'm trying to get a load of code out of git and onto one of my minions. I don't want to do a git pull from the minion for various reasons. I don't want the salt master to be under salt control (could get messy), so what's the recommended way of updating code in my /srv directory from git?
16:38 KyleG joined #salt
16:38 KyleG joined #salt
16:38 badon joined #salt
16:38 sdm24 I use small keys that take up like no space, on only a few minions
16:39 ggoZ joined #salt
16:40 ange sdm24: ok, thanks
16:42 sdm24 ksj: can you just view the code in git in your browser ( or a text editor) and just copy-paste?
16:43 sdm24 I know some SSH clients let you copy/paste text
16:44 ksj sdm24: no, I could do a manual pull if I wanted. I have access to the repo from my salt master. I just wanted to ensure salt had the latest version of the code before running a highstate
16:45 ksj this is not salt code I'm talking about, by the way. it's a bunch of php code that needs to be copied across to a box
16:45 whytewolf ksj: I know you said you don't want to pull. but why not use the git state?
16:46 whytewolf http://docs.saltstack.com/en/latest/ref/states/all/salt.states.git.html
16:46 MatthewsFace joined #salt
16:48 Matthews_ joined #salt
16:50 ksj whytewolf: because that pulls from the minion. I don't want to do that for various reasons (firewall mostly).
16:50 ksj I might be better just pulling the code manually on the master before doing a highstate
16:51 whytewolf ksj: then looks like you are manually pulling into /srv if you don't want to put the salt master into salt
16:51 ksj does anyone put the salt master under salt control? seems kind of risky
16:52 whytewolf I do
16:52 whytewolf I even keep salt updated with salt
16:52 ksj ...somehow I'd be worried about infinite loops, but that doesn't make any sense. mostly I'd be worried about accidentally nuking the master and being really screwed
16:52 ksj meta!
16:52 ksj i might have to give it a go then
16:53 dergrunepunkt joined #salt
16:54 iggy ksj: there's a whole formula just for that...
16:55 spookah joined #salt
16:56 dergrunepunkt Hi, if I have two directories declares in 'base' in my /etc/salt/master.d/files.conf on dir is a formula and the other where I store my own recipes, when I try to use the recipe in the formula I get "No Top file or external nodes data matches found"
16:56 stoogenmeyer__ joined #salt
16:56 dergrunepunkt Hi, if I have two directories declares in 'base' in my /etc/salt/master.d/files.conf on dir is a formula and the other where I store my own recipes, when I try to use the recipe in the formula I get "No Top file or external nodes data matches found"/
16:56 dergrunepunkt ops
16:57 smcquay joined #salt
16:57 ageorgop joined #salt
16:58 riftman joined #salt
16:58 amcorreia joined #salt
16:58 thedodd joined #salt
16:58 iggy dergrunepunkt: can you gist the command you are running and the output?
16:59 tyson joined #salt
17:00 cruatta joined #salt
17:00 IanVorn joined #salt
17:01 cruatta_ joined #salt
17:02 murrdoc joined #salt
17:02 ecerulm joined #salt
17:02 stoogenmeyer__ hey guys.. any idea why I'm getting this error for the following state file (statefile: http://pastebin.com/6ZbvfVEF), (error: http://pastebin.com/eiz85PXN)
17:04 whytewolf stoogenmeyer__: "the paste has been removed!" on both
17:04 cruatta joined #salt
17:04 ecerulm joined #salt
17:04 stanchan joined #salt
17:04 murrdoc your indent is off
17:04 murrdoc move the indent under context by 2
17:04 whytewolf agg. never mind stupid )
17:05 otter768 joined #salt
17:05 Ztyx left #salt
17:06 impi joined #salt
17:06 cruatta_ joined #salt
17:06 stoogenmeyer__ umm ok here's the state file (http://pastebin.com/cQNqYbQ7) and error (http://pastebin.com/4TQUKs8P). any idea?
17:07 sdm24 Does anyone know if there is a way to change the file permissions for the minion log files?
17:07 whytewolf stoogenmeyer__: see murrdoc's comment
17:07 khris_ joined #salt
17:08 stoogenmeyer__ ?? how come
17:08 forrest joined #salt
17:08 stoogenmeyer__ oh totally get it now
17:10 Ztyx joined #salt
17:10 cruatta joined #salt
17:11 snave joined #salt
17:11 wendall911 joined #salt
17:12 stoogenmeyer__ hmm that didnt fix it /-: still the same error
17:12 denys joined #salt
17:13 murrdoc can u put it in a gist with multiple files
17:13 murrdoc cos i am too lazy to tab back and forth
17:13 murrdoc :D
17:13 stoogenmeyer__ no you're right, gimme a sec to do it
17:14 murrdoc i mean i am always right
17:14 murrdoc but thats neither here or there
17:14 dergrunepunkt iggy: one moment
17:14 iggy murrdoc: I was thinking the same thing
17:14 iggy but mostly because I'm using my crappy laptop today and it can't handle too many tabs
17:16 dergrunepunkt iggy: http://paste.debian.net/216423/
17:16 forrest @basepi You around?
17:16 stoogenmeyer__ ok here's the gist
17:16 stoogenmeyer__ https://gist.github.com/rikonor/77cdf32bfc1a2ac6b01f
17:16 basepi forrest: depends
17:17 * basepi prepares to hide
17:17 forrest basepi: Heh, do you know if there was ever any contact with redhat regarding getting salt the needed stuff for selinux?
17:17 rvankleeck joined #salt
17:17 iggy dergrunepunkt: can you paste your top file?
17:17 forrest I've tried tweeting at them and hitting up the few contacts I have that might have been able to help with this. It hasn't come up in a while though.
17:18 basepi forrest: I don't think so. Very few people actually run with it enabled these days I think.
17:18 cheus Anyone know if calling mine functions within the pillar is supposed to be allowed or disallowed? It's not blacklisted but it also returns no data.
17:18 basepi Also I want to say most of our problems there were with the yum API version of yumpkg. So I'm not sure what problems remain.
17:18 forrest basepi: Yeah that's been the general trend. I'd still like if it was supported. I believe some of the other config management tools have it, but redhat has been giving me the finger.
17:18 rvankleeck is there a way to use salt to pip install a requirements file from an external git repo?
17:19 forrest I'm not sure how prevalent it is either any longer, or what components are an issue.
17:19 iggy odd, you'd think since they bought ceph and ceph's fancy gui is based on salt
17:19 theologian joined #salt
17:19 cruatta joined #salt
17:20 drawsmcgraw rvankleeck: My first thought is hack it with a 'pip.install()' that has a requisite pointing to a 'git.latest()'. I'm not sure about a clean way of reading the requirements.txt directly from a remote git repo....
17:20 rvankleeck thanks drawsmcgraw
17:20 drawsmcgraw yep. Hope it works out.
17:21 dergrunepunkt iggy: http://paste.debian.net/216425/
17:21 iggy rvankleeck: you can use salt:// uris in pip.installed:requirements, so maybe setup the git repo as a salt gitfs repo?
17:22 ajw0100 joined #salt
17:22 cheus drawsmcgraw, rvankleeck If it's hosted someplace public like github or gitlab where you can get its raw url, you could use the http:// address
17:22 cheus I think?
17:22 drawsmcgraw iggy's solution is cleaner than mine if you have a long-term relationship with that git repo
17:22 Gareth morning morning
17:22 drawsmcgraw cheus: Yes, but since it's an 'http' URL, you'd have to manage the md5sum as well
17:22 drawsmcgraw So if the 'requirements.txt' changes......
17:23 dergrunepunkt iggy: I tried movign the top.sls to /opt/formulas/apache-formula and worked, but I assume that I won't be able to use the recipes in /opt/dws-ops/saltstack/files_root
17:23 rvankleeck iggy, drawsmcgraw, cheus it would be an https:// url
17:23 rvankleeck so maybe just point the source for the file to the git repo?
17:23 timoguin joined #salt
17:23 cheus Yep. Just throwing up ideas -- igg's is probably best
17:23 drawsmcgraw cheus: Also, that's an interesting question re: mine() calls in Pillar. I'm thinking about the order of operations and I don't see why that wouldn't work. I've had plenty of good times troubleshooting salt-mine calls, though. I think it's worth trying to get your use case working.
17:24 ipmb joined #salt
17:24 drawsmcgraw rvankleeck: Yes, but when you use http(s) as the 'source' parameter, you *must* also provide an md5sum of the remote file.
17:24 iggy dergrunepunkt: file_roots vs files_root
17:24 dergrunepunkt iggy: typo
17:25 dergrunepunkt iggy: files and directories are consisten
17:25 cheus drawsmcgraw, That's what I've been doing for the last hour and so-far, no dice. `mine.get` works fine in states and via `salt` cli but it doesn't return any data in the pillar calls.
17:25 IanVorn joined #salt
17:25 drawsmcgraw cheus: Are you testing success with something like a pillar.get against the minion?
17:25 drawsmcgraw And it just returns nothing?
17:26 iggy dergrunepunkt: ahh, well, aside from the - match: compound under apache (which I think is technically correct, but looks awkward) it all looks okay
17:26 cheus drawsmcgraw, Yes. The other keys in the pillar return data but the one set to mine data is empty.
17:26 drawsmcgraw cheus: Do you actually see the key with an empty value in it?
17:26 iggy cheus: I think you should follow up on that issue you posted earlier
17:26 cheus drawsmcgraw, I do
17:26 drawsmcgraw I've missed "Failed to compile" Pillar errors very easily in the past.
17:26 drawsmcgraw Okay, so that rules that out.
17:26 dergrunepunkt iggy: any suggestion then?, I'm really lost
17:26 IanVorn joined #salt
17:26 drawsmcgraw So the Pillar data compiles just fine.....
17:27 drawsmcgraw cheus: Can you post your Pillar file and successful state/cli incantations?
17:27 cheus iggy, The lxc modules one? Yeah.
17:27 iggy dergrunepunkt: not really, just play around with disabling things and changing options to see what does/doesn't work
17:28 dergrunepunkt thanks!
17:29 aqua^c joined #salt
17:32 jamilWinkelbaum joined #salt
17:34 sdm24 cheus: pillar.get does not update the pillar. pillar.item(s) does. for pillar.get, you have to do saltutil.refresh_pillar before
17:34 cheus sdm24, Yep. Was already doing that.
17:34 cheus drawsmcgraw, See https://gist.github.com/cheuschober/8fd2f5f76624ca19f315
17:35 rvankleeck iggy, if i'm reading this correctly, i should be able to add gitfs_remotes: - https://url/repo.git to my master and use it as backend. What would the path look like for the pip.installed:requirements look like?
17:36 jamilWinkelbaum does anyone know if the 'file.copy' module works with 'salt'ssh'?
17:36 ageorgop joined #salt
17:36 drawsmcgraw cheus: stupid question, have you tried it *without* the json filter ?
17:36 drawsmcgraw Just as a sanity check
17:37 cheus yeah. same -- empty
17:37 drawsmcgraw k
17:38 rvankleeck iggy, would it be salt://repo/path/requirements.txt?
17:39 iggy rvankleeck: no repo, but yeah
17:39 drawsmcgraw cheus: I.... don't.. see. Why that doesn't work....
17:39 jamilWinkelbaum does anyone know if the 'file.copy' module works with 'salt'ssh'?
17:39 bootstrappm joined #salt
17:39 drawsmcgraw I'd start down a different path at this point :/
17:40 iggy jamilWinkelbaum: try it, I doubt anybody knows off the top of their head
17:40 drawsmcgraw Is it unreasonable for states to run the mine() call? I know that's not as swift as keeping it in Pillar...
17:40 jamilWinkelbaum i have tried it and it keeps on giving me this error: [CRITICAL] Unable to import msgpack or msgpack_pure python modules
17:40 belak If I'm managing a bunch of servers with salt and need to manage users on them, is it better to set up something like ldap and manage that with salt or just use salt?
17:41 jamilWinkelbaum i also have both msgpack-python and msgpack-pure installed
17:41 drawsmcgraw belak: Depends on your environment and preference (and how many users)
17:41 iggy drawsmcgraw: the problem becomes having to have explicit support for mine in places where it shouldn't be a requirement
17:41 cheus drawsmcgraw, it's about managing data that's ordered in a file's context.
17:41 drawsmcgraw iggy: can you use easier words? I don't follow..
17:42 drawsmcgraw cheus: Ah. Now that *is* a challenge.
17:42 bootstrappm hi all! asked last night but trying again: Is there something wrong with pkgrepo.absent on Lithum (2015.5.0) or am I doing this wrong: https://gist.github.com/fran​kpinto/c1121e19009470f5fea5? the first two ID declarations don't yield any changes even though my /etc/apt/sources.list.d/postgresql.list file has those lines in it
17:42 iggy i.e. formulas, if you can just have the data pulled in from the pillar it's easier than hacking in explicit mine support in formulas
17:42 cheus Most of the data comes from the pillar and I really don't like the idea of shoving some things into the pillar and other things in state. Especially because jinja won't allow me to combine / alter such things.
17:42 drawsmcgraw iggy: Ah, I see. Yeah, I agree.
17:42 belak I feel like ldap has a number of advantages... like the fact that a user can change their password and have it reflected everywhere... they don't need to go to the sysadmin
17:43 iggy jamilWinkelbaum: there are a number of bugs in the bug tracker that mention salt-ssh and msgpack... see if any of those are relevant
17:44 pelzi__ you are supposed to set up something that pulls password hashes and puts it in a pillar if you want users to be able to change the password.
17:44 drawsmcgraw cheus: Just an idea (and it's equally messy I'm afraid) -> You could have a 'vars.jinja' file that aggregates data from different sources. Then your state file includes that 'vars.jinja'.
17:44 baweaver joined #salt
17:44 drawsmcgraw The state file doesn't care where the data comes from, it just knows that it can find it in the variable specified in the vars.jinja
17:45 jamilWinkelbaum iggy: thanks
17:45 pelzi__ you do not need ldap for that; ldap setups almost invariably end up requiring a custom password change tool anyway, and scripts to add/del users
17:45 sdm24 For file.replace (and other calls too I guess), the replacement text has single and doubles quotes in it. How do I pass the string in - repl: ?
17:45 drawsmcgraw belak: If you have a sufficient number of users (and the resources/time for upkeep), an ldap server may be an easier way to go.
17:45 pelzi__ and eventually admins find that real-time ldap lookups are a bad idea and then they install nss_updatedb
17:45 drawsmcgraw or what pelzi__ said. LDAP may be more of a pain than it's worth :/
17:45 pelzi__ this is usually after the ssl certs you generated for all ldap servers expire on you on a monday
17:46 hal58th bootstrappm: I feel like pkgrepo.absent doesn't know you are trying to remove from /etc/apt/sources.list.d/postgresql.list
17:46 drawsmcgraw Personally, I use Pillar to store usernames and ssh public keys. I create user accounts on Salt-managed machines. No passwords, only ssh-key auth
17:46 Ryan_Lane also, why are you using passwords to log into systems? :)
17:46 pelzi__ because sudo exists?
17:46 drawsmcgraw pelzi__ speaks from experience I imagine :)
17:46 cruatta joined #salt
17:46 Ryan_Lane ssh key auth is way better than passwords
17:47 cheus drawsmcgraw, I thought about that except because the data that's coming in via pillar is ordered and arbitrary in length, I can't predict where I'd need to insert it. Because Jinja doesn't allow us to change data, generally speaking. My "oh-no-anything-but-that" approach would be to include some kind of mine-ish metalanguage in the original pillar and search for the correct data construction / keys to turn what would normally be a data call in
17:47 cheus to a mine call.
17:47 Ryan_Lane and why bother with a password for sudo?
17:47 pelzi__ because otherwise anything can become root at any time without the user's presence or his being root
17:47 drawsmcgraw cheus: uf
17:47 bootstrappm hal58th I tried adding the file: parameter but no luck
17:47 aw110f joined #salt
17:47 bootstrappm I also tried putting those lines in sources.list instead of in sources.list.d/postgres.list to see if it would remove it from there, nope
17:47 drawsmcgraw At this point, I may consider a custom Python module. Then (maybe?) wrap that custom module with a Jinja macro.
17:48 pelzi__ and yes, ldap disasters have happened to me and others; ldap does solve some problems but it is not an easy solution you can just deploy without design and thought. salt managed local accounts, otoh, are pretty safe against fuckups
17:48 drawsmcgraw Would be a lot easier to create the data in the order/structure you want since, well, Python.
17:48 hal58th I don't think it's supported if it's not listed. Can you test by putting that name into /etc/apt/sources.list? If it works there, then I would file a feature request to add the
17:48 Ryan_Lane only if they're already the user. if the attacker has access to the user's account, you can assume they'll get sudo
17:48 hal58th file paramater to pkgrepo.absent
17:48 drawsmcgraw I feel vindicated in my choice re: user management. Thank you pelzi__ :)
17:48 fivmo joined #salt
17:48 Ryan_Lane because they'll be able to steal the password at that point
17:48 fivmo joined #salt
17:48 * Ryan_Lane hates ldap
17:49 pelzi__ I really couldn't care less about arguing, but there are lots of places where NOPASSWD just is not going to fly and it is pointless to try to argue about it
17:49 drawsmcgraw I just spent (lost?) over a week of my life getting SSSD to work. I sympathize with Ryan_Lane.
17:50 pelzi__ I get money making ldap work, but I still kinda hate it :)
17:50 Ryan_Lane I managed LDAP for >10 years. never again :)
17:50 pelzi__ yes, it is usually possible to get the user's password if you have access to his account
17:51 pelzi__ and passwords are very insecure because you can then log onto any other machine.
17:52 Ryan_Lane ldap is a great way to have a complete outage :)
17:52 pelzi__ and when bureaucracy tells you to jump, you jump, or you go somewhere else
17:52 Ryan_Lane nsscache makes that less of an issue, though
17:52 pelzi__ nss_updatedb is the aspirin you are looking for
17:52 cheus iggy: The other issue is on my to-do but the various threads / patches got a little too confusing to follow or easily report upon. If I'm not completely thrown off my deliverables by mine-in-pillar I had hoped to return to it this weekend.
17:53 pelzi__ although all logins breaking is still going to hurt.
17:53 pelzi__ but nss breaking is a total, absolute disaster that will tickle so many untested code paths that you just can not do that.
17:54 pelzi__ for webapps and whatever ldap is ok, but stuff on unix just expects nss to work and ldap is not robust enough for that
17:54 pelzi__ no real-time network lookup is
17:55 Ryan_Lane local dev laptops with local auth, network services ssh + passwordless sudo is <3
17:55 Ryan_Lane all managed by salt
17:55 pelzi__ and once you go nss_updatedb, you will soon see that salt managing local accounts is pretty much the same, except you don't have to mess your hands with the excrement that is ldap :)
17:57 drawsmcgraw So there you have it belak. Use Salt. Not LDAP :D
17:57 Ryan_Lane it does take more effort to do that, btw
17:57 Ryan_Lane since there's things you need to ensure at that point
17:58 Ryan_Lane it's *really* important that salt has been running on all nodes, for instance
17:58 Ryan_Lane otherwise you have a system that hasn't disabled users
17:58 Ryan_Lane so you need monitoring + alerting on that
17:59 Ryan_Lane but you need that for system patches anyway, so I think it's good practice
17:59 pelzi__ yes, but that is commonly accepted with windows, which also caches AD creds for a long time if it is off the network
17:59 pelzi__ late disabling of accounts is a small price against real-time network dependency on user auth
17:59 pelzi__ but sure, you need to know and realize this
17:59 Ryan_Lane I don't really consider developer boxes much
17:59 Ryan_Lane or "local" nodes
18:00 Ryan_Lane the biggest issue there is it being stolen, or offboarding people
18:01 Ryan_Lane disk encryption + disabling account + getting physical access is key there :)
18:01 cruatta joined #salt
18:01 Fiber^ joined #salt
18:01 cilkay Hi. I'm reading http://docs.saltstack.com/en/latest/topics/tutorials/firewall.html where it indicates that no firewall configuration needs to be done on minions. If that is the case, how does the master push updates to the minions?
18:02 pelzi__ if you were really worried, you could make all lusers expire if salt has not run for X hours. even this is X hours more grace time than realtime ldap lookups :)
18:02 iggy cilkay: the minions open a persistent connection to the master and commands are sent over that
18:03 forrest iggy: +1
18:03 Ryan_Lane (unless you're using RAET, which you likely won't be)
18:03 rubenb Hi, how would one force a highstate when a minion joins a master?
18:03 forrest iggy: Also sroegner responded regarding committing straight to master, waiting on his response now, hopefully it won't be an issue any longer.
18:03 cruatta joined #salt
18:03 cilkay Wouldn't the minions need holes in the firewall for ports 4505 and 4506 then?
18:04 Ryan_Lane cilkay: you need to open minion -> master, not master -> minion
18:04 iggy cilkay: well, if you firewall blocks outgoing connections by default, yes
18:04 Ryan_Lane assuming your firewall is stateful
18:04 forrest cilkay: As far as I know none of the major operating systems do that by default (ubuntu/debian/centos)
18:04 forrest if you're using gentoo or something I've got nothing
18:04 pelzi__ then there is microsoft windows, where you have no pubkeys, so it is for user: for host: set-password-and-put-it-in-keepass-mailed-to-user(pwgen()) every month :)
18:05 xDamox joined #salt
18:05 iggy forrest: hopefully I get this committers doc done at some point so we can point people at that in the future
18:05 cilkay The firewalls and policies vary from one installation to another. This is a health care application deployed on Debian running in a VM hosted by Windows Server. Some of the sysadmins lock it down very tight and others are more liberal.
18:05 pelzi__ and yes, the doc should say this, instead of "no firewall configuration"
18:06 forrest iggy: yeah
18:06 mohae joined #salt
18:06 pelzi__ the reader is expected to understand what TCP is and how it works. "no firewall config" is vague marketing-speech.
18:06 forrest cilkay: Then you might need to punch holes in the firewall. The docs explain how to do configuration for standard images, not custom ones
18:06 iggy there's a fine line between overwhelming users with (correct but 99% useless) info on topics
18:06 iggy and not putting enough detail
18:06 forrest iggy: talking to me or about the firewall thing?
18:06 iggy firewall
18:07 forrest yeah I don't think we should need to document that, if your sysadmins can't figure out they should open their firewall, not much we can help with there
18:07 iggy I could honestly care less what that guy does to his already fugly formulas
18:07 pelzi__ "the minion opens a connection to the master on TCP port XXX so no firewall configuration is usually needed on the minion"
18:07 iggy but in general... don't f'ing do that
18:07 pelzi__ if a person is overwhelmed by this, he is not going to be able to benefit from salt.
18:08 forrest iggy: I care, doesn't matter if I like the formula or not, but everyone no matter who they are should be opening PRs
18:08 forrest no one should be committing straight to master
18:08 iggy pelzi__: I meant adding more verbage to point out the (likely minimal) case of a firewall that block outgoing connections by default
18:09 iggy forrest: right, which is why I mentioned it, but didn't actually follow up on it myself
18:09 forrest iggy: Yeah I followed up, shit annoys me
18:09 forrest opening a PR takes about 15 seconds.
18:09 iggy (well, that and I figure my loathing for his formula style might sneak into anything I had to say)
18:09 pelzi__ and firewalls in the middle often do block connections, so the user will need to think about it anyway in an enterpricey world
18:10 rvankleeck iggy, drawsmcgraw, cheus apparently a pip.installed:requirements takes https just fine :)
18:10 rvankleeck thanks for all the help!
18:10 iggy rvankleeck: did you also have to put a checksum/hash in there?
18:10 drawsmcgraw rvankleeck: with no md5sum? Well I've been wrong before....
18:10 rvankleeck iggy, drawsmcgraw : nope, no md5sum
18:10 iggy ouch
18:11 drawsmcgraw Well I'll be damned. Thanks for letting us know rvankleeck.
18:11 iggy ^
18:11 iggy it's actually appreciated when people mention how/if they fixed something
18:11 iggy so we know for next time
18:12 iggy and for people that actually search the irc logs
18:12 rvankleeck I always like to follow up because I hate looking for solutions and finding things like "fixed it"
18:12 Berty_ joined #salt
18:12 soren joined #salt
18:14 forrest iggy, rvankleeck, drawsmcgraw, cheus: https://github.com/saltstack/salt/issues/24541
18:15 rvankleeck nice find, forrest
18:15 rvankleeck or rather...nice addition
18:15 forrest rvankleeck: Yup.
18:16 loki__ joined #salt
18:17 ggoZ joined #salt
18:17 forrest If anyone wants to test it and tackle that, go for it. Otherwise I'll try(tm) to get to it at some point
18:19 baweaver joined #salt
18:20 bootstrappm left #salt
18:20 gthank joined #salt
18:21 murrdoc joined #salt
18:21 IanVorn joined #salt
18:23 ecerulm joined #salt
18:28 ecerulm is the salt-master that comes with the official ubuntu 14.04 usable? The version that I get 0.17.5+ds-1
18:30 sdm24 How do I pass through single and double quotes in a state? I want to use file.replace, but the replacement text uses both single and double quotes
18:31 ecerulm With that version I get an "no matching sls found" when I do "salt '*' state.sls apache". But then I added the saltstack ppa and upgraded salt-master and then it works. But I would like to use the ubuntu one if possible. is it too old?
18:32 iggy ecerulm: yes, totally unsupported
18:33 iggy sdm24: try escaping it?
18:33 ecerulm ok thanks
18:33 iggy sdm24: or multiline literals?
18:33 DammitJim is it normal for the salt-master to not get any info about a minion and just return?
18:33 evilrob joined #salt
18:33 IanVorn joined #salt
18:34 DammitJim I just had an instance where I told the master to check on something for a minion and the master just returned, but there was no output
18:34 forrest ecerulm: It's super old, don't use that one.
18:34 iggy DammitJim: normal-ish... try upping the timeout (-t on the command line iirc)
18:34 DammitJim I had to restart the minion and that fixedit
18:34 sdm24 I need to replace just one line though. I want to change the log format
18:34 DammitJim thankg iggy
18:34 forrest iggy: We seriously need to get that fixed.
18:34 iggy sdm24: so just have a single line multi-line literal
18:35 sdm24 iggy: and escaping didn't work for me
18:35 sdm24 what do you mean?
18:35 forrest iggy: Almost every day that question gets asked. If it exits out on the command line it should just say so and say 'increase the timeout here!'
18:35 forrest basepi: How familiar are you with the function that handles the timeout for the master waiting for commands from the minion?
18:36 iggy sdm24: short version "|"... long version, need more background
18:36 sdm24 ok thanks I'll try that
18:38 ecerulm ok then, thanks. another question: is it so that I need to write the state files in the master and issue the salt commands in the master? I mean, can I upload the state file, etc from my development machine and instruct the master to send the command to the minion using salt tools or do I need to scp files to the master and then ssh to the master to run the commands there?
18:38 forrest you need to execute commands from the master.
18:40 ecerulm so I guess people just ssh to the master and run it there? It's just my first contact with salt. I just want to make sure that I'm not doing it in an akward way
18:40 bluenemo joined #salt
18:40 bluenemo joined #salt
18:40 forrest ecerulm: Yeah, most of the time people either do stuff like push their states to the master via git, or like you said with SCP, then you go onto the master and execute the commands.
18:41 DammitJim what is the recommended way to tell a minion to not start a service automatically? The minion is ubuntu
18:41 sdm24 iggy: https://gist.github.com/sdm24/9b0649c835dd385e2fb1 that is what I want the replace line to be. I know I need to add quotes around the whole string to work, but I want to keep the formatting the same. I used jinja with {{ logformat|yaml_encode }} which worked but put backslashes before and after the double quotes around messages
18:41 basepi forrest: decently. Haven't been in that code for a little whiel.
18:41 basepi while*
18:41 DammitJim I would normally do a "sudo sysv-rc-conf --level nginx 2345 off
18:41 forrest DammitJim: Just use https://docs.saltstack.com/en/latest/ref/states/all/salt.states.service.html#salt.states.service.dead
18:42 ecerulm ok, thank you very much for the help. very appreciated
18:43 forrest basepi: Okay, have any of the other devs? Adding some output when the master 'times out' and returns a blank line would be really good to change to where it says something like 'job XYZ has timed out, review the status with <query job command> or increase the timeout with -t <timeout value>' I'm pretty sure an issue exists for it...
18:43 GiLgAmEzH joined #salt
18:43 forrest basepi: I just feel like that would be a quick win that gets asked a LOT. I know bugs and such are the priority, but it's really obtuse when that happens for new users.
18:43 DammitJim forrest, I might need to do more reading, but how do I incorporate this within a state I wrote?
18:43 DammitJim like I want this to be called within the package I created that installs nginx and copies a file
18:44 basepi forrest: minions which timeout report as such on the CLI starting with 2015.5
18:44 basepi forrest: so I think it's already fixed
18:45 GiLgAmEzH Hi! is it possible to use a different pam service with 'salt -a pam' or with cherrypy?
18:45 forrest DammitJim: easy mode: https://gist.github.com/gravyboat/d835a10b43317a6b4f30
18:45 DammitJim oh, that simple?
18:45 DammitJim thanks
18:45 forrest basepi: oh sweet, do you know if it outputs the job ID as well currently? Or explains the timeout? I think a bit more data if possible would be super helpful
18:45 DammitJim so, instead of service.running, just service.disabled
18:45 forrest DammitJim: Yeah np.
18:45 DammitJim got it
18:46 forrest DammitJim: Yeah, install the pkg, drop the file, disable the service.
18:46 forrest DammitJim: You might also need https://docs.saltstack.com/en/latest/ref/states/all/salt.states.service.html#salt.states.service.dead
18:46 forrest DammitJim: Then you'll disable the service from chkconfig or whatever, AND turn the service off. So you might use both, or just one
18:46 forrest DammitJim: Depends on your needs.
18:46 DammitJim oh, I need to disable it from starting on boot
18:47 DammitJim so, I guess I need service.dead
18:47 forrest DammitJim: nah service.disable keeps it from starting on boot
18:47 DammitJim oh
18:47 forrest DammitJim: says that first line of the disabled docs, that's why I linked it first
18:47 forrest then realized you might want to ensure the service is dead as well when the package installs.
18:48 DammitJim got it
18:48 forrest DammitJim: I just realized I'm an idiot and linked the wrong docs that first time, sorry
18:48 sdm24 iggy: Thank you so much! The multiline literal > worked!
18:48 DammitJim and to make sure it is dead, all I would have to add is: service.dead
18:48 forrest linked service.dead twice instead of both /facepalm
18:48 Setsuna666 joined #salt
18:48 DammitJim oh ok, that confused me
18:48 forrest yeah sorry
18:48 forrest just scroll down a bit from dead.
18:49 DammitJim do I have to specify the name? It can't be assumed because it is inside a package?
18:49 forrest DammitJim: You need to specify the name
18:49 DammitJim ok, thanks
18:50 forrest np
18:50 disaster123 joined #salt
18:50 DammitJim https://gist.github.com/anonymous/b9399ebb2b641f92b71b
18:51 DammitJim this seems to be working... am I missing something else?
18:51 DammitJim actually no
18:51 DammitJim it's telling me that I have multiple state decx
18:51 DammitJim decs
18:52 forrest DammitJim: yeah only one instance of state can exist per ID
18:52 forrest DammitJim: So your service.dead, and service.disabled can't exist in the same ID
18:52 DammitJim so, how would I do dead and disabled?
18:52 DammitJim 2 state.sls files?
18:52 whytewolf 2 ID's in a state file
18:52 forrest just two IDs in a state file like the example I had
18:53 forrest Gotta go
18:53 DammitJim thanks
18:53 forrest np
18:53 forrest basepi: I need to go, let me know if anything comes up, or if that is a quick change for the timeout I'll fix it
18:53 DammitJim oh, like a stop_nginx and a disable_nginx
18:54 forrest DammitJim: yep
18:54 xDamox joined #salt
18:56 disaster123 Hi guys! I've started learning salt and i'm pretty happy with it. Except that a single highstate run - takes 5 minutes. Most of the time is spent with apt-get and apt-cache policy. Here are my repo sls files: https://gist.github.com/disaster123/60c1f7b9d03dcb201053
18:56 supersheep joined #salt
18:57 GiLgAmEzH Hi! is it possible to use a different pam service with 'salt -a pam' or with cherrypy? I need to use other than 'login'
19:00 iggy disaster123: that's not a lot to go on, do you have a lot of pkg.latest entries? What version of Salt?
19:01 linjan joined #salt
19:01 sdm24 disaster123: how long does it take when you run apt-get and apt-cache directly?
19:01 DammitJim running the following will install nginx, disable nginx from starting on boot, stop nginx service, and copy the config file, right? https://gist.github.com/anonymous/b9399ebb2b641f92b71b
19:01 timoguin joined #salt
19:01 soren joined #salt
19:04 disaster123 iggy: yes around 190 latest entries. Version: salt 2015.5.0 (Lithium)
19:05 hunmaat DammitJim: yes. calling highstate with test=True is a good idea if you arent sure
19:05 disaster123 sdm24: apt-get update takes 19s apt-cache policy real    0m0.025s - but in salt-minion -l debug it takes more or less some seconds for apt-cache ...
19:05 DammitJim I guess I need to learn about highstate
19:05 hybridpollo joined #salt
19:06 disaster123 Also why does it run apt-get update multiple times instead of a single run?
19:06 otter768 joined #salt
19:11 iggy disaster123: that's why, pkg.latest calls update constantly
19:11 phpdave11 i have a script that gets run with cmd.run but i want to pass pillar data to it
19:11 phpdave11 what's the best way to do that, just pass thorugh command line arguments?
19:11 disaster123 iggy: is there any way to set this to run only once per highstate run?
19:11 iggy disaster123: nope, don't use pkg.latest
19:13 disaster123 iggy: i don't use it where i don't want it. But why should i keep manual version numbers in my sls for security patches for libs? i don't care when they get updated or what is the correct way to archieve the latest binary tools and libs on a host?
19:13 sdm24 phpdave11: do cmd.script instead, use - template: jinja, then put the jinja calls in your script
19:14 rvankleeck disaster123, I have a script that I run monthly to report to me what packages have an update available.
19:14 phpdave11 sdm24: thanks, i'll give that a try.  i was also looking at using 'pillar map' but not sure if that would work.
19:14 iggy disaster123: no clue what your requirements are, but if you always want the latest packages, use pkg.latest and deal with the constant pkg updating
19:15 hunmaat phpdave11: or you can also set them as env vars
19:15 iggy otherwise use pkg.installed and use some other process to make sure "security" patches or whatever are done
19:16 hunmaat ^^ that way you can more easily handle special chars (escaping)
19:17 FRANK_T joined #salt
19:17 phpdave11 thanks hunmaat
19:17 aqua^c joined #salt
19:18 disaster123 rvankleeck, iggy: i understand the reason to run apt-get update ONCE per highstate run but not multiple times in ONE run. What is the advantage todo so?
19:19 disaster123 iggy: requirements. Keep some packets at specific versions i want or i care about. Keeping all the rest (in the end around 400 pkgs) at latest.
19:19 pacopablo I have a state file that is using all sorts of jinja goodness. (openvpn formula) in one portion it loops through some pillar fields.  Inside that loop, I need to use - contents_pillar: in a file.managed.  Is there a way to reference the pilar field from within the loop?
19:19 IanVorn joined #salt
19:20 murrdoc salt.pillar.get('pillarname')
19:20 murrdoc with a {{ }} around it
19:20 DammitJim how does one deal with adding configuration for something like /etc/network/interfaces?
19:20 DammitJim do I keep a copy of the interfaces file for each server in git?
19:20 sdm24 DammitJim: I use jinja and file.managed with a template of it
19:21 DammitJim hhmmmm
19:21 rvankleeck DammitJim, pillar data would be good for this. What are you trying to manage?
19:21 FRANK_T Do you guys know if saltstack will be on Lisa Conference in Washington DC?
19:21 DammitJim I'm trying to set up an NGINX high availability via heartbeat
19:21 DammitJim and I need to set up an aliased IP for each of the nginx servers
19:21 DammitJim ubuntu server
19:22 slimmons I'm trying to create a database user named db_user, and a db called logs, and I've written a state that I thought should work, but is defnitely failing with an error I don't understand.  My state is here, and the error is in the readme,     State: - postgres_user     Name:      python     Function:  present         Result:    False         Comment:   An exception occurred in this state: Traceback (most recent call last):   File "/usr/
19:22 slimmons well, that didn't work
19:22 slimmons sorry
19:22 slimmons https://github.com/johnsimmons/salt_postgresql/blob/master/postgresql/init.sls
19:22 iggy disaster123: it's not an advantage per se... just that the pkg.latest function wants to make sure you are actually getting the lasest pkg
19:23 iggy disaster123: f.ex. you have a pkg.latest call, later you add a pkgrepo halfway through a highstate, then you have a pkg.latest that pulls from that repo, it's got to do an update every time to make sure you are actually getting the latest
19:25 iggy disaster123: or a better example, you have a state that creates a pkg and puts it in a repo, any pkg.latest after that isn't going to have the lastest if you just do a repo update once at the beginning
19:25 hunmaat DammitJim: network.managed + network.system is also an option, but it's not perfect
19:25 aberdine hi - I'm just trying to see the bigger picture with salt. I don't get how modules fit. I know that modules can be called from states, but they don't seem to be idempotent in all cases. I don't really get how modules are used without states for anything at scale.
19:25 DammitJim maybe this time around, I'll keep it simple
19:26 DammitJim and I'll just have an interface file for each nginx server
19:26 DammitJim and I should use pillar data to ensure the file is being applied to the proper server, right?
19:26 rvankleeck disaster123, I would do a routine 'pkg.list_updates' and 'pkg.update'
19:26 sdm24 DammitJim: here are my example setup files. When a new VM is created, the person should edit variable.sls to the hostname they want, and IP too if they want a specific one different than the one assigned by DNS
19:26 disaster123 iggy: ok but that's really a corner case i assume. I would assume you have for example a highstate run every X minutes or hours. So it get fixed next time. So what's the correct way of dealing with a big number of packages where i don't care about the exact version number. I just care about they're secure.
19:26 sdm24 https://gist.github.com/sdm24/f6c0425aa374c451c575
19:27 iggy aberdine: they are (mostly) for easing remote execution, remember salt is more than just highstates
19:27 hunmaat DammitJim: even if you use file.managed or the like to set the files, use a template, not more similar files
19:27 thedodd joined #salt
19:27 disaster123 rvankleeck: how does that help?
19:27 DammitJim sdm24, thanks... those are templates you got on there, right?
19:28 sdm24 the network interfaces is the template, the other 2 are state files
19:28 iggy disaster123: we don't have a scheduled highstate, and I'd be irked if I had to run a highstate twice to get proper packages everywhere
19:28 aberdine iggy - I get that, in a way, but I they feel like two different things - how would I use the output from one module in another, for instance? is pyobject the way?
19:28 sdm24 that setup state is already on our VM templates, so you salt-call it from the new VM to set everything
19:28 rvankleeck disaster123, because you can do a simple 'pkg.installed' instead of 'pkg.latest' and upgrade them as updates become available
19:28 DammitJim cool, thanks... I have a lot of work to do, then and understand it
19:28 sdm24 good luck!
19:28 iggy aberdine: you wouldn't
19:28 DammitJim wait, what? I call this from the minion?
19:29 DammitJim I guess I would since I can't reach the minion, yet
19:29 supersheep joined #salt
19:29 sdm24 You can do either. But for us, its easier to do it on the minion, otherwise you would have to change the variables.sls file each time for each minion'
19:29 iggy aberdine: modules are what you call on the command line, states are what you put in a top file/highstate
19:29 xDamox joined #salt
19:30 DammitJim sdm24, and one calls it on the minion just like one does from the master? sudo salt '<minion_name> state.sls setup init
19:30 sdm24 salt-call --local state.sls setup
19:30 disaster123 rvankleeck: that sounds like a solution. But how does it work? I can't find pkg.update here: https://docs.saltstack.com/en/latest/ref/states/all/salt.states.pkg.html
19:30 iggy disaster123: whether you agree with how it works or not isn't really at issue, it is the way it is, you either work with the way it is or find a compelling reason to have the default behavior changed and open an issue about it
19:30 DammitJim maybe this is why some people mix it up with vagrant
19:31 rvankleeck disaster123, pkg.update (and pkg.list_upgrades) is run from the command line
19:32 aberdine iggy yes, that seems to make some modules redundant - why, for example, would I want to change firewall rules on the command line, but I can't via states? I'm just not getting why I'd want most modules when states are more elegant for most use cases
19:32 sdm24 because its a lot easier to write a single module on the command line then make a whole state for something you just want to do once
19:32 aw110f Hi which release is the latest stable release 2015.5.2 or 2015.5.1 ?
19:32 aw110f http://docs.saltstack.com/en/latest/topics/releases/
19:32 rvankleeck disaster123, https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.pkg.html
19:33 iggy aberdine: most of your use cases...
19:33 aberdine iggy, yes, perhaps
19:33 xDamox joined #salt
19:33 iggy there are large companies that don't use salt's state system at all
19:34 DammitJim makes sense
19:34 aberdine iggy sdm24 arbitrary commands against servers is a way to create snow flakes though?
19:34 DammitJim sdm24, completely separate question... how come your files have spaces in the name?
19:34 iggy aberdine: depends on how you use it I guess
19:34 sdm24 because I can;t do / in gist
19:35 sdm24 or do you mean for the IDs in each sls file?
19:35 aberdine iggy sdm24 I can see I could write scripts to call modules, but I don't see how to do that in a salty way
19:35 aberdine iggy sdm24 perhaps it is just that - it doesn't fit my use cases
19:35 sdm24 aberdine: I definitely have some states where I just do "module.run: "
19:35 DammitJim sdm24, that makes total sense LOL... the space instead of the /
19:35 disaster123 joined #salt
19:36 DammitJim I was like... how is he calling network... LOL
19:36 aberdine sdm24 sure, I can see that, but the modules aren't always idempotent
19:36 disaster123 rvankleeck: mhm but that's manual work... i would like to automate as much as i can
19:36 iggy sometimes you don't need/want idempotent
19:37 murrdoc what is u dranking
19:37 DammitJim water
19:37 supersheep joined #salt
19:37 iggy might as well have a tool that can serve multiple purposes instead of 15 different tools to do related but different things (oooh, I said it... not unixy... you bunch of neckbeards)
19:38 aberdine sdm24 iggy no, sure. are there any examples out there  just using modules to do something substantial?
19:39 aberdine sdm24 iggy I just feel I'm looking for something to marry the simplicity of modules with overarching control
19:39 sdm24 You can theoretically I guess, but thats not what I use modules for
19:39 rvankleeck disaster123, not sure how it is in your environment, but we review packages before updating. However, a simple cron job to do "salt '*' pkg.upgrade" would automate it for you.
19:40 IanVorn joined #salt
19:43 disaster123 rvankleeck: yes but there are a lot of packages i don't care / don't review. Some examples: base-files, adduser, apt, gzip, iptables, .... So i have a specific LIST of packages i want to be latest. But i never ever want to upgrade ALL.
19:43 aberdine iggy sdm24 thanks anyway - it's reassuring to know I'm just not missing something in my understanding. As my build out grows I'm sure I'll start to see how I can use modules
19:44 sdm24 aberdine: yep, its all about figuring out and using only what you need
19:44 aberdine sdm24: yeah - I feel a bit like a kid in a sweet shop at the moment :)
19:45 sdm24 been there. still there too haha
19:45 aberdine so much cool stuff!
19:46 bhosmer joined #salt
19:46 sdm24 Is "backup: minion: supposed to work with file.replace?
19:46 sdm24 Cause it isnt for me...
19:47 murrdoc backups ?
19:47 murrdoc we dont need to stinking backups
19:47 sdm24 nope its not supposed to
19:47 * murrdoc lols off into a corner to cry
19:47 aberdine Another question - what tools do people use for salt work? Anything worth particular attention?
19:48 rvankleeck aberdine, what type of salt work?
19:48 aberdine writing states at the moment
19:48 iggy text editor and terminal emulator
19:48 rvankleeck aberdine, vim :)  also: https://github.com/saltstack-formulas
19:48 rdutch joined #salt
19:48 iggy (and about 40 browser tabs worth of docs.saltstack.com pages)
19:49 aberdine that sounds familiar - i'm using Dash for state etc info
19:49 sdm24 aberdine, check out https://github.com/SS-archive. Its got a lot of very, very simple formulas and states. I found them a lot easier to understand than the main formulas
19:49 aberdine formulas I'm using (and have a couple of merged PRs on the salt formula)
19:50 disaster123 iggy: you seem to know a lot. Can you also explain me why it runs apt-get -q update for each pkgrepo.managed? So for 10 repos it runs ten times apt-get update but it does this for ALL repos as apt-get update can't be executed for only one repo.
19:50 loki__ Hi everyone...I am using command salt -S 10.x.x.x cmd.run '/opt/tomcat/bin/startup.sh' to start tomcat
19:50 loki__ its working perfectly
19:50 loki__ but i need to also mention as what user should tomcat start
19:51 loki__ is there any option for it
19:51 iggy disaster123: same reason, to make sure changes made part way through a highstate are reflected after that
19:51 loki__ i whant my tomcat to be started as "tomcat" user not "root" user..
19:51 iggy loki__: runas=<user>
19:52 Grokzen joined #salt
19:52 aberdine sdm24 That repo is useful
19:52 loki__ iggy_: i will try it now
19:52 aberdine right, back to it :)
19:52 babilen loki__: You might also be interested in https://github.com/saltstack-formulas/tomcat-formula
19:52 iggy nobody is interested in that
19:52 * iggy runs
19:52 sdm24 aberdine definitely. The main saltstack-formulas intimidated me when I started learning Salt. Still do, sometimes
19:53 linjan joined #salt
19:53 babilen iggy: Yeah, I just took a closer look at that. Not really something I'd like to advocate :)
19:54 disaster123 iggy: mhm OK have to rethink about it. Is there a way to managed multiple repos at once so that there is only apt-get update run?
19:55 baweaver joined #salt
19:55 ggoZ joined #salt
19:56 babilen sdm24: unfortunate name (ss-archive)
19:56 sdm24 Its not mine : /
19:57 premera joined #salt
19:57 slimmons Can anybody tell me what's wrong with this postgresql state?  The error I'm currently getting is in the readme https://github.com/johnsimmons/salt_postgresql/blob/master/postgresql/init.sls
19:57 loki__ iggy_; it works like a charm
19:57 loki__ thankyou
19:59 Not_ joined #salt
19:59 kevin-wk joined #salt
20:00 iggy slimmons: runas is invalid (for most states fwiw)
20:00 RabidCicada joined #salt
20:01 iggy disaster123: educated use of refresh_db: False maybe?
20:02 disaster123 iggy: will have a look at it thanks
20:02 nzero joined #salt
20:02 RabidCicada So...whats the typical pattern handling system abstraction in an execution module (The underlying tool requires different packages on different systemas)?  For States, I use map.jinja...for execution module and state module?
20:02 iggy theoretically if your require_in's are all correct, it should "just work"
20:03 iggy RabidCicada: check how the pkg modules work (i.e. yumpkg, aptpkg, etc.)
20:03 RabidCicada Arg...so I'll just need different backend python files?  yuck, and bummer.
20:04 iggy well, it really depends what you're doing
20:04 RabidCicada In my case...I'm thinking about creating a steamcmd execution module, and having an "installed" directive.  On one system needs lib32gcc1, on another glibc libstdc++ etc
20:04 iggy that's one extreme
20:04 RabidCicada so not relaly doing different stuff...but just has different dependencies
20:04 jonlangemak joined #salt
20:04 iggy probably just a map local to the module then
20:04 RabidCicada is the best apporach to "hardcode" it with checks for underlying system type?..or is there an equivalent to map.jinja
20:05 RabidCicada ok
20:05 RabidCicada I like that better than totally different python modules
20:05 iggy you could also just handle the deps in a state that gets called before your custom state/module
20:06 jonlangemak joined #salt
20:06 RabidCicada I could...but then puts onus on external state...didn't like that approach
20:06 iggy i.e. the pip module/state don't install pip, they assume that you've already installed elsewhere
20:06 RabidCicada I'm of the opinion it should be smart enough to install itself.
20:06 RabidCicada yeah...true.....
20:09 Berty_ joined #salt
20:09 baweaver joined #salt
20:12 snave joined #salt
20:14 tomh- joined #salt
20:17 kurt_ joined #salt
20:17 juanito joined #salt
20:17 kurt_ hey, im wondering if there are better ways to view the output of a state.highstate execution once it starts getting to be really big (hundreds of states)
20:18 kurt_ perhaps filtering output to only changed & failed states or something along those lines
20:18 kevin-wk http://docs.saltstack.com/en/latest/ref/output/all/salt.output.highstate.html
20:18 supersheep joined #salt
20:20 kurt_ ah nice. thank you!
20:21 timoguin_ joined #salt
20:21 kevin-wk i'd give more advice on it but haven't worked with it enough yet to do so
20:21 Jimlad joined #salt
20:22 babilen kevin-wk: this can also be set in the matsers config and I like mixed, you might also be interested in the --summay option
20:22 sdm24 can you change state_verbose in the CLI?
20:22 rubenb tmux att -d
20:22 iggy yeah, we disabled state_verbose, helped a lot
20:24 collinanderson joined #salt
20:24 gyre007 joined #salt
20:24 simonmcc joined #salt
20:24 joeyparsons joined #salt
20:24 m0nky joined #salt
20:24 Laogeodritt joined #salt
20:30 murrdoc joined #salt
20:33 Ztyx joined #salt
20:34 CheKoLyN joined #salt
20:35 aw110f joined #salt
20:39 murrdoc joined #salt
20:44 brian joined #salt
20:47 ingslovak joined #salt
20:48 gladiatr joined #salt
20:50 whytewolf humm. okay, how do i import _utils classes from _modules
20:51 Ztyx joined #salt
20:51 iggy from salt.utils.foo import function ?
20:54 whytewolf I tried that. but i think it might have been me just forgetting __init__.py
20:54 whytewolf one sec
20:56 whytewolf nope. still can't see it.
20:56 whytewolf trying to work some new things into the neutron module. and didn't want to rewrite the entire thing
20:57 Ztyx1 joined #salt
20:58 msheiny joined #salt
20:58 iggy what are you trying to use?
20:59 iggy some things have weird imports
20:59 rdutch left #salt
21:00 fllr joined #salt
21:00 iggy sometimes it's just `import salt.utils` then using the full module path to the function i.e. salt.utils.which()
21:01 fllr Hey guys. I have two deployments. Production, and staging. Can I deploy to both deployments using only one master?
21:01 Ryan_Lane fllr: yes
21:01 fllr Ryan_Lane: how?
21:01 Ryan_Lane especially if you don't actually use salt environments
21:01 Ryan_Lane but use pillars to specify which is which
21:01 Ryan_Lane if you do use salt environments, you can pass that along with the calls
21:01 whytewolf neutron which imports salt.utils.openstack.neutron so i copied the neutron module and the neutron part in utils into _utils and _modules. when i do a sync_all utils.openstackv2.neutron is seen. but the error i get when i try to run anything from neutronv2 is ImportError: No module named openstackv2.neutron
21:02 fllr Ryan_Lane: Also, I wanna be able to deploy them independently as well...
21:02 fllr salt environments... Mmmmm
21:02 Ryan_Lane whytewolf: the new utils overrides only work with calls to __utils__ I think
21:03 Ryan_Lane and in 2015.5, you need to inject that into the code: https://github.com/saltstack/salt/blob/develop/salt/modules/boto_kms.py#L81
21:04 Ryan_Lane fllr: are you currently using salt environments?
21:04 Ryan_Lane if not, I don't recommend them
21:04 fllr Ryan_Lane: Not really... I'm about to set all of that up...
21:04 Ryan_Lane I recommend defining pillars for your environments (or grains, if you're doing masterless)
21:04 aw110f joined #salt
21:04 RichT_ joined #salt
21:04 fllr Ryan_Lane: I was actually thinking about spinning up two masters that connect to two different clusters
21:05 Ryan_Lane even better, if you're not locked into a host naming scheme is to change your host naming scheme to include the environment
21:05 Ryan_Lane myservice-production-myregion.mydomain.com
21:05 fllr Ryan_Lane: like... stag.web-n1, prod.web-n1?
21:05 Ryan_Lane then you can do glob matching for environments
21:05 fllr Mmmmm. Yeah, that could work...
21:06 Ryan_Lane I go into this a bit here: http://ryandlane.com/blog/2014/08/26/saltstack-masterless-bootstrapping/
21:06 notnotpeter joined #salt
21:06 aqua^c joined #salt
21:06 Ryan_Lane but that's specifically for masterless, which you won't be doing
21:06 Ryan_Lane so you need to use pillars rather than grains
21:06 Ryan_Lane but the hostname stuff is a good call :)
21:06 Ryan_Lane it makes things so much easier later on
21:07 otter768 joined #salt
21:10 fllr Ryan_Lane: Yep. I could set up a couple aliases, salt-prod, salt-stag that automatically matches the necessary clusters. I think it could work! :D
21:10 murrdoc uh oh
21:10 murrdoc i think it could work
21:10 murrdoc famous last words
21:12 aboe joined #salt
21:13 aboe joined #salt
21:15 iggy whytewolf: is _utils really a thing?
21:16 iggy fllr: we just use multiple masters :/
21:17 nergdron joined #salt
21:17 baweaver joined #salt
21:17 whytewolf iggy, I'm hopeing so. I found a feature request for it. also trying it out i did find that it got synced to extmods.
21:17 SheetiS _utils does sync but was not used in 2014.7.  Not sure in 2015.5
21:17 nergdron quick q: is there a way to check if a state is defined in onlyif? have some monitoring config I want to inject if another state is defined for a host.
21:17 whytewolf I'm starting to think it isn't used in 2015.5 either :/
21:19 SheetiS the way utils are used in develop right now makes me thing we will see it soon™, but it is different in the 2015.5 branch from what I can see.
21:19 SheetiS I've not looked as closely in 2015.5 as I did when I was hopeful to try it in 2014.7.
21:20 xDamox joined #salt
21:20 aw110f joined #salt
21:21 fllr iggy: Yeah... I think I'm gonna try that if I can't get that hostname thing to work... But I was trying to avoid to spin up another machine just for that... :\
21:24 whytewolf ahh. i should look at feature requests more in depth before trying to accually use it. milestone:approved
21:31 kevin-wk setting up a new salt master with hg backend (done this before successfully) - but salt-run fileserver.update is crashing.  https://gist.github.com/anonymous/435dbc3a9633fe0ab5d4
21:32 iggy fllr: the beauty part about our setup is I have master spin-up completely automated as well, so I can kill the masters when not needed
21:32 aw110f joined #salt
21:32 fllr iggy: So, salt is salt'ing(sp?) salt? Cool. Lol
21:33 iggy kevin-wk: aside from the rather ancient version of salt being used, I don't see anything horrendously wrong there
21:34 iggy kevin-wk: p.s. gist supports multiple files per paste, so you don't have to cram everything into one
21:34 kevin-wk thanks, will keep in mind in future
21:35 Dev0n joined #salt
21:35 Dev0n joined #salt
21:36 IanVorn joined #salt
21:38 kevin-wk incidentally i just noticed that the hg server isn't even being contacted by the master before hglib throws its AssertionError
21:39 kevin-wk i know i used that same version of hglib successfully with this version of salt on another master
21:46 kevin-wk i figured it out
21:46 kevin-wk ancient mercurial version
21:46 kevin-wk probably a mismatch between it and python hglib
21:53 Ztyx joined #salt
21:58 spookah joined #salt
22:00 Dev0n joined #salt
22:00 Dev0n joined #salt
22:04 Dev0n joined #salt
22:08 cwahl joined #salt
22:08 ahammond since event.send isn't working for me, which of the netapi modules is the best supported?
22:10 murrdoc joined #salt
22:26 penguinpowernz joined #salt
22:28 desposo1 joined #salt
22:31 xDamox joined #salt
22:48 bfoxwell joined #salt
22:48 gladiatr joined #salt
22:49 aw110f joined #salt
22:49 Ztyx joined #salt
22:51 KyleG joined #salt
22:51 KyleG joined #salt
22:51 baweaver joined #salt
22:55 aqua^c joined #salt
23:01 sunkist joined #salt
23:04 robert___ joined #salt
23:05 pppingme joined #salt
23:05 __number5__ joined #salt
23:06 moos3 joined #salt
23:08 otter768 joined #salt
23:09 nergdron left #salt
23:11 rdavis joined #salt
23:11 pcdummy joined #salt
23:14 CeBe joined #salt
23:21 pppingme joined #salt
23:22 toddnni joined #salt
23:23 bhosmer_ joined #salt
23:25 ronrib joined #salt
23:29 timoguin joined #salt
23:37 toddnni_ joined #salt
23:37 Not_ joined #salt
23:41 aqua^c joined #salt
23:42 Not_ joined #salt
23:44 aw110f joined #salt
23:46 ChesFTC joined #salt
23:47 aparsons joined #salt
23:53 rdavis left #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary