Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2015-06-25

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:13 GabLeRoux joined #salt
00:19 napsterX joined #salt
00:24 baweaver joined #salt
00:29 c10 joined #salt
00:33 Nazzy joined #salt
00:34 tmclaugh[work] joined #salt
00:40 jonlangemak left #salt
00:44 husanu joined #salt
00:45 aCodinMan joined #salt
00:48 julez joined #salt
00:49 aCodinMan joined #salt
00:58 aCodinMan joined #salt
00:58 subsignal joined #salt
01:00 is_null here's my final version, as short as possible: https://gist.github.com/jpic/51e1545aff67d5f451e3
01:03 mrbigglesworth joined #salt
01:14 ITChap joined #salt
01:14 DammitJim joined #salt
01:16 mbrgm_ joined #salt
01:17 dendazen joined #salt
01:18 is_null and with my final conclusions http://blog.yourlabs.org/post/122381003283/test-driven-development-with-saltstack-sls-code if anybody knows about any other research that has been done on the subject please let me know, thanks ;)
01:18 fllr joined #salt
01:20 napsterX joined #salt
01:29 cruatta joined #salt
01:32 beauby joined #salt
01:32 david_an11 joined #salt
01:33 baweaver joined #salt
01:46 DammitJim I renamed a minion
01:46 DammitJim how do I update it?
01:46 DammitJim so the salt-master knows who it is?
01:46 DammitJim I just changed the hostname from nginx to nginx2
01:46 Laserwhit joined #salt
01:46 ITChap DammitJim: if you restart the minion process
01:47 ITChap you should see it show up when you run alt-key on the master
01:47 DammitJim but the salt-master still thinks it's called nginx
01:47 ITChap *salt-key
01:47 ITChap with the newname
01:47 ITChap how did you rename it ?
01:47 ITChap using the minion_id file ?
01:48 DammitJim no, I only renamed /etc/hostname and /etc/hosts
01:48 DammitJim where do I rename the minion?
01:48 ITChap debian ?
01:48 DammitJim ubuntu
01:48 ITChap did you run /etc/init.d/hostname.sh ?
01:48 drawsmcgraw joined #salt
01:49 DammitJim no
01:49 DammitJim should I?
01:50 juanito joined #salt
01:50 ITChap also check the /etc/salt/minion_id file
01:50 ITChap and check the minion config file
01:51 ITChap DammitJim:
01:51 drawsmcgraw DammitJim: You'll need to delete the old minion key and accept the new minion key
01:51 drawsmcgraw When I rename a host (and thusly, the minion), I update the file /etc/salt/minion_id
01:51 DammitJim drawsmcgraw, got it
01:51 drawsmcgraw and restart salt-minion
01:51 DammitJim /etc/salt/minion_id on the minion, correct?
01:51 drawsmcgraw DammitJim: correct
01:52 drawsmcgraw and you can delete the old key with just a 'salt-key -d nginx'
01:52 drawsmcgraw it'll ask for confirmation before proceeding
01:52 juanito gday guys wondering if im doing something wrong when using mine since i get empty replies http://pastebin.com/L2vc4rBV
01:52 drawsmcgraw Unfortunately, there's not an elegant method for renaming minions currently :/
01:53 drawsmcgraw juanito: Can you show where you're mine configs are?
01:53 DammitJim drawsmcgraw, delete the old key in the master, right?
01:53 drawsmcgraw s/you're/your
01:53 drawsmcgraw DammitJim: Correct. You should be able to do it with the 'salt-key' command.
01:53 drawsmcgraw Shouldn't have to manually delete any files
01:54 juanito drawsmcgraw: dont have any mine specific config
01:54 DammitJim wow... gotta be careful with -D
01:54 drawsmcgraw juanito: You'll need to instruct the minions to put data into the Mine, as well as what you'd like them to put in there
01:54 juanito fair enough was just digging into mine for now because i need caching
01:54 drawsmcgraw DammitJim: Yeah, no joke :) There are some salt-cloud commands that require a config change before they'll proceed because they can be so destructive.
01:54 juanito must have misread the doc then
01:55 juanito thanks drawsmcgraw :)
01:55 drawsmcgraw juanito: Yeah definitely. Let me see if I can dig up my config
01:55 alexanderilyin joined #salt
01:55 drawsmcgraw It's easy to configure
01:55 alexanderilyin hey
01:55 alexanderilyin How  can get rid of ‘[ERROR   ] No VictorOps api key found.’ ?
01:55 juanito drawsmcgraw: that'd be great to get a working example yep :)
01:55 alexanderilyin I dont have it and dont want to use it now
01:56 drawsmcgraw juanito: http://dpaste.com/23YX8ZT
01:56 drawsmcgraw I took mine and added what I *think* you'd need to get interfaces.
01:56 drawsmcgraw I make that pillar file available to all minions. That way, *everyone* sends info to the Mine.
01:57 juanito sweet
01:57 juanito can i run specific commands here
01:57 juanito like put any data i want inside mine ?
01:57 drawsmcgraw I think so, yeah. I haven't really pushed the boundaries of the Mine but I'm sure you could get creative with it.
01:58 juanito sweet as , cheers mate :)
01:58 drawsmcgraw sure thing
01:58 drawsmcgraw alexanderilyin: Were you previously using VictorOps?
01:58 alexanderilyin nope
01:59 alexanderilyin just recreated VM
01:59 alexanderilyin and installed salt from git
01:59 drawsmcgraw Is this showing up in the logs or...?
02:00 alexanderilyin It’s in output when I run `salt-call`
02:00 alexanderilyin https://gist.github.com/38549e3adb8e8302e287
02:01 DammitJim cool! I can now run salt commands as a regular user
02:01 DammitJim that was driving me nuts (the sudo piece)
02:01 DammitJim I actually want to know how this is normally managed in terms of knowing "who" ran "what"
02:02 drawsmcgraw DammitJim: Probably looks something like what you're doing :)
02:02 drawsmcgraw Though even with just requiring 'sudo', I imagine you can have an audit trail of who did what
02:02 DammitJim good point
02:02 drawsmcgraw alexanderilyin: Can you try that salt-call with a '-l debug' at the end?
02:03 drawsmcgraw May give some better hints
02:03 DammitJim maybe what I just did just made it more complicated!
02:03 alexanderilyin drawsmcgraw: sure
02:03 alexanderilyin drawsmcgraw: give me couple minutes… have to rerun build chain
02:04 drawsmcgraw alexanderilyin: no worries. I'll be around.
02:05 drawsmcgraw DammitJim: Possibly :) But I'm not qualified to say what the best method is for auditing
02:06 Bryson joined #salt
02:07 vaspiros joined #salt
02:08 napsterX joined #salt
02:09 beauby joined #salt
02:13 DammitJim hhmmm... .it seems salt already logs who ran what
02:13 DammitJim but I don't know where
02:13 drawsmcgraw I wonder if events on the bus have that information?
02:15 DammitJim drawsmcgraw, do you know what I need to set up to have a git backend repo?
02:15 DammitJim right now everything I got is local on the master
02:16 alexanderilyin drawsmcgraw: https://gist.github.com/alexanderilyin/fe688c2701fadc8bf45b
02:16 drawsmcgraw Yeah. Have you gone through the doc on the matter?
02:16 drawsmcgraw DammitJim: ping
02:16 DammitJim pong
02:16 DammitJim yes, I read it
02:17 DammitJim but I wasn't sure if that takes care of setting up the git repo server
02:17 DammitJim it seemed to talk just about how to connect to git
02:19 drawsmcgraw alexanderilyin: *very* odd. Is this stopping your runs or is it just a nuisance?
02:20 alexanderilyin drawsmcgraw: just a nuisance
02:20 drawsmcgraw It looks like Salt is just trying to load the victorops module. I imagine it should be silently passing over it but... https://github.com/saltstack/salt/blob/2a91f6f06d14cf453058d060f28fa88a4849d3e2/salt/modules/victorops.py#L28
02:20 drawsmcgraw If it's really becoming a bother, I'd file an issue with that. I wouldn't expect that to be at the 'error' level.
02:21 drawsmcgraw okay good. Glad it's not a showstopper
02:21 drawsmcgraw DammitJim: Ah, yeah
02:21 Ryan_Lane ugh. logging in the virtual modules.
02:21 drawsmcgraw There shouldn't be anything that needs doing to the Git repos
02:21 drawsmcgraw You have a deploy key and gave it to your Salt master?
02:23 alexanderilyin drawsmcgraw: I’m runing salt-call in docker container to provision it and run app tests… so I dont have key for VictorOps and never used it.
02:24 vaspiros joined #salt
02:24 drawsmcgraw alexanderilyin: Yeah I agree it's odd behavior. It shouldn't be in there from what I can understand. What version of Salt are you running?
02:25 dendazen joined #salt
02:25 drawsmcgraw Anyone know the location of the default salt_bootstrap shell script is in a fresh install?
02:25 hrumph is there any way of hardening the security a little bit so connection's from some minions are tied to specific ip addresses?
02:26 aCodinMan joined #salt
02:26 DammitJim drawsmcgraw, give me a file name, I'll find it
02:26 alexanderilyin drawsmcgraw: 2015.5.2-6569-g9bf1d52
02:26 DammitJim I have a default install
02:27 drawsmcgraw DammitJim: I only know it contains the word 'bootstrap'
02:27 DammitJim k
02:27 Bryson joined #salt
02:27 drawsmcgraw alexanderilyin: Ah, using the bootstrap-salt script to install Salt? Looks like you're installing out of Develop(?)
02:28 beauby joined #salt
02:28 DammitJim weird, didn't find it
02:28 DammitJim on the master or minion?
02:28 drawsmcgraw DammitJim: Yeah I think I'm narrowing down the source of my recent salt-cloud problems....
02:28 drawsmcgraw On the master
02:29 DammitJim I can't find anything salt related with the word bootstrap
02:29 alexanderilyin drawsmcgraw: yep… curl -L https://bootstrap.saltstack.com -o install_salt.sh && sh install_salt.sh git develop
02:30 drawsmcgraw alexanderilyin: fair enough. Any reason you want it out of Develop instead of through the native pkg manager?
02:30 alexanderilyin drawsmcgraw: some time ago I was plaing with docker module…
02:31 alexanderilyin develop works the best for it
02:31 alexanderilyin but it was even before docker-ng module
02:32 drawsmcgraw Makes sense
02:32 drawsmcgraw Well, if we see that make it out to production, we'll know where to go :)
02:35 juanito drawsmcgraw: sorry to bug you again but im struggling to get the data http://dpaste.com/2K9B2FS
02:35 juanito the config looks like that : http://dpaste.com/1AN3TX9
02:36 juanito im using git so thats why you have a {{base}} at the begginging
02:36 otter768 joined #salt
02:36 juanito wondering if there is anything im missing here
02:36 drawsmcgraw Interesting... lemme make sure *my* setup is actually correct
02:37 aCodinMa_ joined #salt
02:37 juanito funny thing as well btw get_docker gets populated even if there is no definition in the pillar system for it
02:40 drawsmcgraw juanito: Can you check pillar with -> salt '*' pillar.get mine_functions ?
02:41 juanito empty
02:42 drawsmcgraw Yeah, they don't have it in their pillar yet. So...
02:42 drawsmcgraw salt '*' saltutil.refresh_pillar
02:42 drawsmcgraw Then query Pillar again
02:43 drawsmcgraw juanito: Also remember to add the Pillar file you're using to your Pillar topfile (usually /srv/pillar/top.sls)
02:45 juanito yeah will stop using git for now
02:45 drawsmcgraw Tired of all the commits? :)
02:46 juanito sort of ahha
02:47 Bryson joined #salt
02:50 drawsmcgraw salt-cloud is *not* bootstrapping any new VMs
02:50 drawsmcgraw I've had the same failure in Digital Ocean and Rackspace.
02:50 drawsmcgraw I can see in 'debug' that it's uploading files to the new VM (minion config, keys, etc...) but I never see it upload and run the bootstrap script
02:51 drawsmcgraw It even finishes with "Salt installed on new-minion-01"
02:51 drawsmcgraw Anyone else seen that?
02:51 drawsmcgraw This is 2015.5.0 on CentOS 6.5
02:51 drawsmcgraw CentOS 6.6, rather
02:51 juanito the bootstrap script seems to fail
02:52 juanito if salt is not installed prior
02:52 drawsmcgraw On the minion?
02:52 drawsmcgraw er
02:52 drawsmcgraw master, rather?
02:52 juanito yeah can't remember was a month ago
02:52 juanito on linode tho
02:52 BretFisher joined #salt
02:52 juanito now i have an image i clone from
02:52 spark joined #salt
02:52 drawsmcgraw So... do I need to install packages in a different order or...?
02:52 juanito and i have a version on salt installed on those images
02:52 drawsmcgraw ah :/
02:53 drawsmcgraw I'm stuck with the stock images at the moment
02:53 juanito tho i could have done somehting wrong im not a 100% sure of that
02:53 drawsmcgraw I've been using salt-cloud for a while now. Never seen this behavior before...
02:53 forrest joined #salt
02:57 juanito do you mean that the startup_script doesnt get executed at all ?
03:00 BretFisher Does anyone know if I can reload minion config at runtime or have it accept a new config value without it restarting salt-minion? Trying to set "test: True" in minion config of existing and new machines and trying to come up with easy way to do it
03:01 drawsmcgraw juanito: Right. I don't see it uploading the startup script, even
03:01 drawsmcgraw BretFisher: You may be able to put it under Pillar
03:02 drawsmcgraw as in -
03:02 drawsmcgraw minion:
03:02 drawsmcgraw test: true
03:02 drawsmcgraw hah!
03:02 drawsmcgraw I curl'd down the salt-bootstrap script from bootstrap.saltstack, put it in the default place
03:02 drawsmcgraw /etc/salt/cloud.deploy.d/salt-bootstrap.sh
03:03 drawsmcgraw Then made that script the one to run in my profile.
03:03 drawsmcgraw Very strange....
03:03 drawsmcgraw Anyway. it works when I explicitly tell it to run the bootstrap script
03:03 favadi joined #salt
03:06 Furao joined #salt
03:07 BretFisher drawsmcgraw: but pillar value wouldn't just show up on minion, i'd need to get it there with a formula or module I assume
03:07 drawsmcgraw BretFisher: You can push it out pretty easily. One moment....
03:08 BretFisher I've got a formula that updates the minion file, just wondered 1. exact commands someone has working to restart minion from formula, or 2. way to have salt-minion accept a config change w/o restarting
03:08 BretFisher cool
03:08 Bryson_ joined #salt
03:09 juanito pretty odd maybe try to dun the salt-cloud in debug there is definitely something going wrong here
03:09 juanito btw thx for mine i can store what i want inside
03:09 juanito :)
03:10 juanito drawsmcgraw:
03:10 drawsmcgraw BretFisher: Mind, this is just speculating. I don't *know* that this is how to have all the minions default to "test=true" but this is definitely how to push out Pillar values - http://dpaste.com/3M5VBWM
03:10 beauby joined #salt
03:11 drawsmcgraw juanito: Yeah the '-l debug' is how I confirmed that it's not even uploading the script. But I'm okay with the workaround for the moment. If the issue persists, I'll file an issue / look into the root cause.
03:11 drawsmcgraw And good to hear about the Mine success. I live & die by the Mine in cloud deployments.
03:12 BretFisher drawsmcgraw: brb
03:12 BretFisher joined #salt
03:13 aea joined #salt
03:13 juanito drawsmcgraw: wondering if there is any sort of memory limit in mine btw ?
03:13 drawsmcgraw juanito: If there is, I'm unaware. I imagine it's only limited by the hardware
03:13 juanito coz for now i was listing all of my containers directly by pusblishing from the haproxy
03:13 juanito and lets say that it doesnt scale ahah
03:13 drawsmcgraw hrm..... unless it's stored in the cache (/var/cache/salt) ?
03:14 juanito you reckon ? yeah will see its not massive what i need to store but still :p
03:14 drawsmcgraw Right. Well, I've heard stories of *thousands* of minions connected to one master
03:14 juanito well we shall see soon enough when i put in production :)
03:14 juanito thanksfully i dont have thousands of minions
03:16 drawsmcgraw I'm sure it'll be fine :)
03:16 numkem joined #salt
03:17 drawsmcgraw Ah, it's stored to disk
03:17 drawsmcgraw /var/cache/salt/master/minions/<minion-id>/mine.p
03:17 writtenoff joined #salt
03:19 juanito disk doesnt really bother me its good enough for what i want to do
03:19 juanito but good to keep in mind
03:29 Bryson joined #salt
03:30 fllr joined #salt
03:32 favadi joined #salt
03:39 clintberry joined #salt
03:42 mosen joined #salt
03:49 Bryson joined #salt
03:51 dyasny joined #salt
03:53 malinoff joined #salt
04:04 Bryson joined #salt
04:08 ckng joined #salt
04:08 ajw0100 joined #salt
04:11 aea Anybody have any insight as how how salt handles network disconnections? I'm running a master + minion locally and every restart of the master leaves the minion hanging. Nothing in the log about disconnects / reconnects after ~5 minutes. Ubuntu 14.04 on both (running as docker containers although don't see how that should matter). Restarting the minion has everything reconnect pretty much instantly.
04:21 jimklo joined #salt
04:23 scoates joined #salt
04:25 julez joined #salt
04:33 dalexander joined #salt
04:35 baweaver joined #salt
04:37 otter768 joined #salt
04:43 vaspiros joined #salt
04:47 hrumph was saying earlier have 90% greenlight to deploy salt at work
04:48 hrumph i'm deploying it on fairly unsecured desktops and maybe laptops
04:48 hrumph should i be worried about malicious modules and stuff like that?
04:48 hrumph if i'm careful about what i do with results of calling modules i think i should be ok
04:49 spookah joined #salt
04:50 hrumph i mean imagine an sql injection in the results of a maliciously modified module on a minion
04:50 hrumph that screwed up my processing code on the master
05:00 jimklo joined #salt
05:01 joeto joined #salt
05:02 cztanu are you asking about a situation where someone modified a cached module on a minion?
05:02 hrumph cztanu, yes its quite possible for personel to do at my workplace
05:03 hrumph cztanu, for the time being non-it people have admin rights on their machines
05:03 cztanu If that's the case then they would be able to do it without salt anyway
05:04 hrumph cztanu, yes my question is what possible damage could they do to the salt master
05:05 hrumph cztanu, the salt master will be processing inventory data taken from running salt command module and then processing the results
05:05 ndrei joined #salt
05:05 hrumph an sql injection is the simplest thing that could go wrong
05:05 hrumph although i can easily make sure *that* doesn't happen
05:05 catpigger joined #salt
05:05 hrumph but what else might i be worried about?
05:07 cztanu I'd prefer not to do that using the salt-master, personally. I'd probably just make the results available to a different machine using salt-mine, and let it do the processing instead
05:07 cztanu failing that, I'd run a container on the master instead
05:07 aw110f joined #salt
05:08 dopesong joined #salt
05:09 hrumph ok
05:09 hrumph good iea
05:09 hrumph i'm totally new to salt
05:09 hrumph i think i'll get it all working first and cross my fingers that we don't have a security incident then i'll take seriously the idea of setting up either a container or another vm to do the processing
05:09 jimklo joined #salt
05:10 hrumph thanks btw
05:10 cztanu if you know what applications you need to process the results, it would be fairly easy to make a docker application to do all the processing in
05:10 cztanu no problem
05:11 hrumph ok excellent idea
05:11 hrumph i'm glad i ask questions on this chan because many times now i've got some pretty solid answers
05:20 aw110f_ joined #salt
05:24 jimklo joined #salt
05:37 ckng left #salt
05:57 rdas joined #salt
06:01 colttt joined #salt
06:01 jhauser joined #salt
06:09 evle joined #salt
06:10 travisfischer joined #salt
06:12 aCodinMan joined #salt
06:14 dopesong joined #salt
06:14 julez joined #salt
06:14 evle joined #salt
06:14 AndreasLutro joined #salt
06:15 jonlangemak joined #salt
06:18 jonlangemak_ joined #salt
06:20 michelangelo joined #salt
06:21 ndrei joined #salt
06:23 badon_ joined #salt
06:24 onorua joined #salt
06:28 flyboy joined #salt
06:28 dgk joined #salt
06:28 malinoff joined #salt
06:36 tzero joined #salt
06:38 otter768 joined #salt
06:41 toddnni_ joined #salt
06:41 bfoxwell joined #salt
06:42 pelzi_ joined #salt
06:45 ValF joined #salt
06:46 chinztor joined #salt
06:50 soren joined #salt
06:50 ndrei joined #salt
06:54 kawa2014 joined #salt
06:59 rofl____ joined #salt
06:59 rofl____ can salt print output from a cmd.script continously in the cli?
07:01 vaspiros joined #salt
07:02 jimklo joined #salt
07:04 illern joined #salt
07:05 eliasp rofl____: no, it will be returned once the cmd completed
07:05 eliasp rofl____: so there's no way (yet) to have something like a continuous output stream from something like "cmd.run 'tail -f /foo/bar.log'"
07:05 jimklo_ joined #salt
07:06 eliasp rofl____: this is mostly due to the way how Salt handles remote execution/communication with Minions through "jobs"
07:06 napsterX joined #salt
07:06 rofl____ eliasp: i see..thx :)
07:07 Romlk joined #salt
07:09 eseyman joined #salt
07:10 linjan joined #salt
07:10 Grokzen joined #salt
07:11 ndrei joined #salt
07:12 markm joined #salt
07:15 jimklo joined #salt
07:17 jimklo_ joined #salt
07:21 thalleralexander joined #salt
07:25 jimklo joined #salt
07:26 jimklo joined #salt
07:27 badon_ joined #salt
07:30 c10 joined #salt
07:41 CeBe joined #salt
07:58 KermitTheFragger joined #salt
07:59 stephanbuys joined #salt
08:03 julez joined #salt
08:03 monkey66 left #salt
08:04 husanu joined #salt
08:04 FRANK_I joined #salt
08:16 rdas joined #salt
08:19 zer0def joined #salt
08:27 favadi joined #salt
08:36 s_kunk joined #salt
08:37 impi joined #salt
08:38 ramteid joined #salt
08:39 otter768 joined #salt
08:45 jimklo joined #salt
08:47 flebel joined #salt
08:47 CeBe joined #salt
08:48 c10 joined #salt
08:49 flebel joined #salt
08:52 ndrei joined #salt
09:04 aqua^c joined #salt
09:08 writtenoff joined #salt
09:08 ws2k3 is the web interface for salt(halite) already stable? or what is the status of it
09:09 badon joined #salt
09:10 babilen ws2k3:
09:11 babilen "abandoned" would be my impression
09:11 ndrei joined #salt
09:11 babilen Salt is providing something "enterprise" (i.e. "not open source") and have apparently no interest in halite. There's saltpad, but I haven't used it so I can't say anything about it.
09:12 babilen https://groups.google.com/forum/#!msg/salt-users/rmMWLSaw0RY/N5PGRqDkwQgJ
09:15 mage_ what's the best otpion to avoid namespace conflicts when using home made modules in _modules/ ?
09:16 mage_ option*
09:20 keimlink joined #salt
09:22 zer0def joined #salt
09:25 SheetiS joined #salt
09:31 slav0nic joined #salt
09:33 badon_ joined #salt
09:35 Puckel_ joined #salt
09:37 supersheep joined #salt
09:42 chiui joined #salt
09:43 yuhl_work___ Hi, I'm wanting to deploy a soft (shibboleth idp) which contains approximatively 600 files. As this soft, is running on production, on qualification and on testing. For this three environnment, I'll run at least 2 hostnames for redundancy. I was wondering what could be the best way to organize my salt. I was thinking of putting all the hierarchy in one directory, and have some suffix to tell salt if this file is on prod/qualif/tes
09:43 yuhl_work___ ting.
09:43 yuhl_work___ oups, I'll run for each environnement at least 2 hostnames.
09:44 yuhl_work___ likes: idpprd1, idpprd2, idptst1, idptst2...
09:47 robothands maybe others will have a better way but thats pretty much what I do
09:47 robothands I have minion_id's beginning prd/dev etc
09:47 robothands but then my salt usage is pretty basic really
09:48 viq joined #salt
09:48 yuhl_work___ robothands: The fact is that on my 600 files, there is a few (about 30) which will differ for prd/qual/tst or between node1 or node1
09:50 yuhl_work___ so I thought about using some prefix, saying. install this file "filename" but if you are for a node in prod and if a file "filename.prod" exists then install the late
09:50 yuhl_work___ s/late/later/
09:51 IanV0rn joined #salt
09:52 IanV0rn joined #salt
09:54 IanV0rn joined #salt
09:55 IanV0rn joined #salt
09:56 losh joined #salt
09:56 IanV0rn joined #salt
10:03 ALLmightySPIFF joined #salt
10:17 fredvd joined #salt
10:17 stephanbuys joined #salt
10:18 pari joined #salt
10:18 husanu4 joined #salt
10:20 pari left #salt
10:20 sgargan joined #salt
10:23 sahilsinha joined #salt
10:26 husanu2 joined #salt
10:29 husanu1 joined #salt
10:33 pille joined #salt
10:36 lb1a joined #salt
10:38 stephanbuys joined #salt
10:39 Garo___ any ideas how I could use salt to set HTTP_PROXY env for system wide so that the salt-minion running in that system will obey that?
10:39 Garo___ I guess I would need to set the env first and then restart salt-minion
10:40 otter768 joined #salt
10:40 Mate Garo___: https://gist.github.com/anonymous/82adb9779014a8ac166d
10:40 Mate i use this snippet
10:41 Garo___ Mate: thanks, didn't know about the update_minion stanza
10:53 IanV0rn_ joined #salt
10:53 ALLmightySPIFF joined #salt
10:54 IanV0rn joined #salt
10:58 IanV0rn joined #salt
11:02 IanV0rn joined #salt
11:03 IanV0rn joined #salt
11:05 ndrei joined #salt
11:06 a7p joined #salt
11:12 TyrfingMjolnir joined #salt
11:14 cberndt joined #salt
11:15 giantlock joined #salt
11:29 _JZ_ joined #salt
11:35 murrdoc joined #salt
11:35 Hacmac joined #salt
11:40 ingslovak joined #salt
11:41 aqua^c joined #salt
11:56 ndrei joined #salt
12:04 murrdoc joined #salt
12:05 ALLmightySPIFF joined #salt
12:09 stephanbuys joined #salt
12:11 epcim joined #salt
12:12 al joined #salt
12:13 keimlink joined #salt
12:15 tmclaugh[work] joined #salt
12:15 jonher937 joined #salt
12:15 DammitJim joined #salt
12:20 murrdoc joined #salt
12:28 impi joined #salt
12:28 giantlock joined #salt
12:30 Steven- joined #salt
12:32 muep joined #salt
12:32 murrdoc joined #salt
12:33 Xevian joined #salt
12:36 FredFoo Hi all
12:36 FredFoo Is there a way to pass variables from states to formulas?
12:37 FredFoo I created a formula that spins up a container for our environment and want to reuse like hell
12:38 dimeshake joined #salt
12:39 FredFoo I would like to pass the name of the container in need to the formula so that it could fetch the config from the pillar
12:39 FredFoo any ideas?
12:39 murrdoc joined #salt
12:39 amcorreia joined #salt
12:40 husanu4 joined #salt
12:40 Ahrotahntee this is weird. permitting 4505 & 4506 (tcp, ACCEPT) in iptables doesn't allow the master to communicate with the minions. (policy is DROP)
12:40 Ahrotahntee am I missing a port? I was looking at http://docs.saltstack.com/en/latest/topics/tutorials/firewall.html
12:40 otter768 joined #salt
12:41 AndreasLutro FredFoo: I doubt that would work, but maybe you could look into writing custom states/modules instead
12:41 robothands Ahrotahntee: Are you trying Master -> Minions or Minions -> Master ?
12:41 robothands Ahrotahntee: it should be Minions -> Master so open the ports on the minions
12:42 aqua^c joined #salt
12:42 husanu5 joined #salt
12:42 Ahrotahntee the iptables policy is being applied at the minions
12:42 Ahrotahntee on the INPUT chain
12:42 robothands my last bit didnt make sense
12:42 Ahrotahntee OUTPUT policy is default
12:43 robothands Ahrotahntee: it should be Minions -> Master so open the ports on the MASTER
12:43 Ahrotahntee master ports are all open
12:43 husanu5 joined #salt
12:44 Ahrotahntee master: INPUT policy ACCEPT; minion: INPUT policy DROP, tcp 4505:4506 ACCEPT
12:44 robothands so OUTPUT is allowing everything out from the minions?
12:44 Ahrotahntee OUTPUT policy is ACCEPT on all machines
12:45 Ahrotahntee looks like it's listening on port 636?
12:45 * Ahrotahntee scratches
12:45 Ahrotahntee oh no that's the PID
12:46 robothands if everything is allowed OUT from the minions and IN to the master, then it should work
12:46 husanu4 joined #salt
12:46 robothands I would try a telnet from minion to master and run tcpdump on the master to see if you can see the traffic
12:46 robothands sorry, got a meeting, got to run
12:47 murrdoc from minion to master
12:47 murrdoc nc -v -z salt.master.ip 4505
12:47 murrdoc nc -v -z salt.master.ip 4506
12:47 murrdoc https://docs.saltstack.com/en/2014.7/topics/troubleshooting/index.html#what-ports-do-the-master-and-minion-need-open
12:50 subsignal joined #salt
12:50 husanu3 joined #salt
12:51 Ahrotahntee murrdoc: how does the salt master issue commands to the minion
12:54 murrdoc it drops it on a queue
12:54 husanu1 joined #salt
12:54 murrdoc each minion is connected 0mq or RAET
12:54 GabLeRoux joined #salt
12:56 Ahrotahntee this is a case of ahro stupidity
12:56 Ahrotahntee yep.
12:56 Ahrotahntee I was using dport instead of sport
12:56 husanu2 joined #salt
12:57 Ahrotahntee because I was misunderstanding which direction that traffic was flowing
13:00 giantlock joined #salt
13:00 arthurlutz joined #salt
13:00 arthurlutz hi, is there a way to get salt-master to reload when a file changes ? (develop mode) this is the case in salt-api with debug:True
13:02 husanu1 joined #salt
13:02 JDiPierro joined #salt
13:02 sybix joined #salt
13:03 husanux0 joined #salt
13:07 dendazen joined #salt
13:09 mou joined #salt
13:12 elfixit joined #salt
13:12 husanux2 joined #salt
13:13 Tecnico1931 joined #salt
13:13 ferbla joined #salt
13:14 racooper joined #salt
13:14 husanux1 joined #salt
13:17 FeatherKing joined #salt
13:18 leszq joined #salt
13:18 gcfhvjbkn joined #salt
13:19 gcfhvjbkn hello
13:19 gcfhvjbkn why could it be that i am getting this cryptic error message
13:19 gcfhvjbkn "/bin/sh: 1: /tmp/tmp8zVmdT.py: not found"
13:19 gcfhvjbkn ?
13:20 husanux8 joined #salt
13:20 gcfhvjbkn http://pastie.org/private/mznys7fdv5gdydfiygypbg
13:20 gcfhvjbkn this is my salt state
13:20 gcfhvjbkn apparently jinja failed to compile the template?
13:21 gcfhvjbkn any way to find out why exactly?
13:21 gcfhvjbkn ie to debug template compilation
13:21 dariusjs joined #salt
13:21 bhosmer joined #salt
13:22 kawa2014 joined #salt
13:24 jdesilet joined #salt
13:24 leszq joined #salt
13:25 husanux4 joined #salt
13:26 LtLefse gcfhvjbkn: I think you need to set shell: /usr/bin/python
13:27 mpanetta joined #salt
13:29 gcfhvjbkn LtLefse: indeed; although it still won't run http://pastie.org/private/wqs1hoiozdmpo1ey2kawha
13:32 catpig joined #salt
13:32 LtLefse huh. dunno then
13:33 AndreasLutro gcfhvjbkn: cmd.script really only runs shell scripts
13:33 AndreasLutro maybe if you add #!/usr/bin/env python
13:33 AndreasLutro it might work. maybe
13:33 gcfhvjbkn AndreasLutro: how do i run python scripts then?
13:33 gcfhvjbkn yeah i did that
13:37 dRiN joined #salt
13:39 stephanbuys joined #salt
13:39 kaptk2 joined #salt
13:40 spiette joined #salt
13:40 AndreasLutro make a shell script that executes the python script I guess
13:43 kawa2014 joined #salt
13:44 kawa2014 joined #salt
13:44 LtLefse ah, I see:
13:44 LtLefse [WARNING ] Attempt to run a shell command with what may be an invalid shell! Check to ensure that the shell </usr/bin/python> is valid for this user.
13:45 gcfhvjbkn perhaps you don't have python in that location
13:45 LtLefse why does salt care about that? clearly if you set shell: it should allow you to use that shell
13:46 kusams joined #salt
13:46 ThomasJ OS cares about that
13:46 LtLefse ah, that's just a warning, goes away if I add python to /etc/shells, but still fails
13:46 ThomasJ only shells listed in /etc/shells are allowed to be used
13:46 AndreasLutro it seems highly unlikely that you can just use python as a shell
13:47 gcfhvjbkn >make a shell script that executes the python script I guess
13:47 ThomasJ Leave the shell alone (empty) and try: python_shell=True
13:47 gcfhvjbkn that won't let me use jinja
13:47 ThomasJ Assuming you are running 2015.5
13:47 ALLmightySPIFF joined #salt
13:48 AndreasLutro sure it will, just transfer the python script via file.managed
13:48 AndreasLutro though using jinja to generate a python script sounds kinda funky
13:48 AndreasLutro I would just use sys.argv
13:48 gcfhvjbkn if i did that i could just invoke python with cmd.run i guess
13:48 AndreasLutro indeed
13:49 bhosmer joined #salt
13:49 kusams_ joined #salt
13:49 AndreasLutro it'd be a neat feature to make cmd.script be able to execute non-shell scripts though
13:49 AndreasLutro could make an issue on github about it, if there's not one already
13:49 gcfhvjbkn probably yes, i am not sure how salt transfers pillar data between the nodes, but i don't like the idea of passing pillar data (inc. passwords) via stdin
13:50 elfixit joined #salt
13:50 kusams_ joined #salt
13:50 JDiPierro joined #salt
13:50 AndreasLutro well, if you use jinja you're writing passwords etc to a file in /tmp, I don't think that's any safer'
13:51 gcfhvjbkn yeah that's true i guess
13:51 kusams joined #salt
13:52 kusams joined #salt
13:54 kusams joined #salt
13:55 scoates joined #salt
13:56 cpowell joined #salt
13:56 Ahrotahntee is there a way to include a base profile in cloud.profiles ?
13:57 Ahrotahntee like I really only have one profile, with a single option changing (location)
13:57 AndreasLutro Ahrotahntee: you can inherit from other profiles: https://docs.saltstack.com/en/develop/topics/cloud/config.html#extending-profiles-and-cloud-providers-configuration
13:58 dyasny joined #salt
14:00 Ahrotahntee awesome
14:01 andrew_v joined #salt
14:02 peters-tx joined #salt
14:03 spark joined #salt
14:03 gmoro joined #salt
14:04 leszq joined #salt
14:08 clintberry joined #salt
14:08 hasues joined #salt
14:10 bhosmer joined #salt
14:11 pcn Has anyone gotten salt-call, salt, etc. not respecting the --no-color flag?
14:17 quique joined #salt
14:18 ndrei joined #salt
14:18 aea joined #salt
14:18 c10 joined #salt
14:19 c10 joined #salt
14:25 debian112 joined #salt
14:27 Taz joined #salt
14:28 Taz hey guys, salt question: how can i tell which state a resource is coming from during a salt highstate?
14:31 aqua^c joined #salt
14:33 mschiff I am having issues when a salt service state is restarting a service: It always hangs, e.g. as if a "</dev/null" was missing in the command or something
14:33 mschiff when using salt-call I have to "Ctrl-C" it...
14:33 mschiff anybody saw this as well?
14:34 drawsmcgraw joined #salt
14:35 Taz does the service have a status?
14:36 Taz that returns correctly?
14:36 emaninpa joined #salt
14:40 ericof joined #salt
14:41 otter768 joined #salt
14:42 XenophonF joined #salt
14:47 mage_ how can I match grains with role "foo" AND role "bar" ?
14:49 geekatcmu well, the servers are down now
14:49 * geekatcmu sighs
14:50 ntropy mage_: thats called a compound match
14:50 Furao joined #salt
14:51 ingslovak mage_: well since grains names are dictionary keys, no minion can have role:foo and role:bar at the same time
14:53 ALLmightySPIFF joined #salt
14:54 ingslovak mage_: if the roles are named differently, in rpc you can do 'salt -C "G@role1:foo and G@role2:bar" test.ping'
14:54 ndrei joined #salt
14:55 ALLmightySPIFF joined #salt
14:59 adelcast left #salt
14:59 sfoger joined #salt
15:00 fredvd joined #salt
15:01 thedodd joined #salt
15:03 mage_ ingslovak: thanks!
15:03 ingslovak np
15:05 dyasny_ joined #salt
15:05 ndrei joined #salt
15:05 pfallenop joined #salt
15:05 ALLmightySPIFF joined #salt
15:06 ALLmightySPIFF joined #salt
15:06 Tahm joined #salt
15:07 XenophonF saltstack-formulas needs some serious QA
15:08 murrdoc ?
15:08 murrdoc all of them ?
15:09 murrdoc hey we here to help man, you want to setup tests and travis for a formula, holler XenophonF
15:14 spiksius joined #salt
15:14 supershe_ joined #salt
15:15 iggy That sounds more like "Someone else needs to do a shit ton of work on formulas because I'm not"
15:15 iggy but hey, PRs will prove me wrong
15:20 jalbretsen joined #salt
15:20 murrdoc i need to learn how to communicate
15:23 ranomore joined #salt
15:28 londo joined #salt
15:33 ndrei joined #salt
15:35 snarfy joined #salt
15:38 ericof joined #salt
15:44 Brew joined #salt
15:44 desposo joined #salt
15:45 aCodinMan joined #salt
15:45 desposo joined #salt
15:45 travisfischer joined #salt
15:52 jonlangemak joined #salt
15:54 Ahrotahntee shouldn't automated tests for formulas be pretty easy to put together?
15:57 drawsmcgraw joined #salt
15:57 ALLmightySPIFF joined #salt
15:59 robothands when using context, is it possible to specify 2 variables? like this: http://pastie.org/10258643
15:59 robothands when I run highstate, I get "ip is not defined"
16:00 wendall911 joined #salt
16:01 robothands in the docs, they use defaults and then override a single variable using context, I'm wondering whether it would work that way for both defaults
16:01 robothands the top bit is what I'm referring to: http://docs.saltstack.com/en/latest/ref/states/all/salt.states.file.html
16:01 adelcast joined #salt
16:02 jimklo joined #salt
16:03 jimklo joined #salt
16:05 Tahm joined #salt
16:06 leszq joined #salt
16:06 KyleG joined #salt
16:06 KyleG joined #salt
16:07 stephanbuys joined #salt
16:08 subsignal joined #salt
16:09 spark joined #salt
16:12 spark joined #salt
16:12 quasiben joined #salt
16:12 quasiben hi all — i'm trying to run salt-master as root and salt-minion as an non-root user.  Is this possible?
16:13 quasiben I'm getting errors like: Failed to set the ownership of PID file …/var/run/salt-minion.pid to user root.
16:15 spark_ joined #salt
16:16 subsigna_ joined #salt
16:19 Gareth quasiben: It is possible but most things assume the minion is running as root.
16:19 aqua^c joined #salt
16:19 Gareth quasiben: http://docs.saltstack.com/en/latest/ref/configuration/nonroot.html
16:21 mou joined #salt
16:22 quasiben ah ok
16:22 quasiben next question, can you run multiple minions on the same machine without key collisions ?
16:27 Bryson joined #salt
16:28 vaspiros joined #salt
16:29 tmclaugh[work] joined #salt
16:29 pguinardco joined #salt
16:29 cruatta joined #salt
16:30 cruatta joined #salt
16:31 GabLeRoux joined #salt
16:33 cruatta_ joined #salt
16:36 XenophonF quasiben: if the minions have their own pki directories, yes
16:36 XenophonF but why would you want to do that?
16:36 malinoff joined #salt
16:37 quasiben I'm not sure but exploring that as a possibility for what I actually want.  Which is...
16:38 quasiben I have N users on a cluster, many configurations are user dependent, so I want the individual users to set their own state (if desired)
16:39 quasiben letting them run a minion seemed like a path forward — `client_acl` would probably also work
16:39 mapu joined #salt
16:41 quasiben hmm — the user has it's own pki directory but it's rejected outright
16:41 quasiben [DEBUG   ] Attempting to authenticate with the Salt Master at 54.205.19.170
16:41 quasiben [INFO    ] Generating keys: /home/testtest/.conda/envs/salt_mt/etc/salt/pki/minion
16:41 quasiben [DEBUG   ] Loaded minion key: /home/testtest/.conda/envs/salt_mt/etc/salt/pki/minion/minion.pem
16:41 quasiben [CRITICAL] The Salt Master has rejected this minion's public key!
16:41 quasiben To repair this issue, delete the public key for this minion on the Salt Master and restart this minion.
16:41 quasiben Or restart the Salt Master in open mode to clean out the keys. The Salt Minion will now exit.
16:41 XenophonF you'd have to run minions with their own configs
16:42 XenophonF salt-minion's "-c" option
16:42 otter768 joined #salt
16:43 quasiben I dont' think i need that — it's already running in an isolated environment
16:43 quasiben -c CONFIG_DIR, --config-dir=CONFIG_DIR
16:43 quasiben Pass in an alternative configuration directory.
16:43 quasiben Default: /home/testtest/.conda/envs/salt_mt/etc/salt
16:43 racooper please don't paste in here! use a pastebin.
16:44 quasiben oops
16:44 quasiben apologies
16:44 racooper or gist works too
16:45 quasiben right right
16:47 XenophonF don't use pastebin.com - use paste.debian.net or gist or something
16:47 XenophonF too many trackers and whatnot on pastebin
16:47 iggy Ahrotahntee: probably depends on the complexity of the formula
16:48 quasiben if i'm running multiple minions on the same machine should I be giving them unique names?
16:48 quasiben like id: foo.bar.com ?
16:48 quasiben ah
16:48 quasiben i'm literally reading the answer now
16:48 quasiben thank you!
16:49 iggy there are some unit tests that spin up multiple minions on a single host that might help to read
16:49 ekristen joined #salt
16:50 quasiben can you point me to them ?
16:50 quasiben searching through it now but if you know the exact location... :)
16:51 iggy I don't know, one of the devs told someone else to look there one time
16:51 iggy something about swarm maybe?
16:54 tmclaugh[work] joined #salt
16:57 Tahm joined #salt
16:59 aparsons joined #salt
16:59 spark joined #salt
17:00 ajw0100 joined #salt
17:00 travisfischer joined #salt
17:01 dopesong joined #salt
17:02 bhosmer joined #salt
17:03 GabLeRoux joined #salt
17:04 kartik joined #salt
17:04 kartik Hi guys
17:04 kartik Anybody here?
17:04 kartik I would like to start contributing to your project
17:05 kartik Need someone to guide me in the general direction
17:05 kartik I know  some python
17:07 whytewolf kartik: http://docs.saltstack.com/en/latest/topics/development/
17:08 theologian joined #salt
17:08 MatthewsFace joined #salt
17:09 snarfy^ joined #salt
17:12 FRANK_I I restart the services from salt minion and master I cannot push anything https://www.refheap.com/266bcc9d961e6015f2d785fbe
17:13 gadams joined #salt
17:13 iggy FRANK_I: the foo is running already thing usually means you have 2 minions processes running on the same box... stop the service, kill any rogue minion processes, then start the service back up
17:16 impi joined #salt
17:19 supersheep joined #salt
17:19 FRANK_I ok
17:19 FRANK_I let me check
17:21 DammitJim is a state executed in the order written in the sls?
17:22 rap424 joined #salt
17:22 forrest joined #salt
17:23 tmclaugh[work] joined #salt
17:23 murrdoc yes
17:23 murrdoc google ryan lane ordered execution
17:25 DammitJim thanks murrdoc
17:25 murrdoc np
17:25 DammitJim I'm not understanding why after running a state, the https piece of tomcat wasn't working even though I had updated the server.xml
17:26 malinoff DammitJim, i believe by default states execution is unordered, you need to specify relations between states or enable the ordering in the config
17:30 geekatcmu I'd ask why you are trying to rely on implicit ordering rather than following the best practice of always explicitly ordering your dependencies, but I'm sure you have an excellent reason.
17:31 drawsmcgraw Execution is ordered from state-to-state
17:31 drawsmcgraw function calls inside compound states is *not* ordered
17:31 DammitJim geekatcmu, no reason... I was just trying to understand why something I thought I asked of salt to be configured wasn't running
17:31 drawsmcgraw where "ordered" means "top down", that is
17:31 DammitJim and it was because it hadn't restarted the tomcat service after an update
17:31 DammitJim that's all
17:31 geekatcmu Ah
17:32 DammitJim but thanks for your concern to take care of my situation
17:32 bhosmer joined #salt
17:32 DammitJim good read though about Ryan Lane... Jinja will always be executed before state
17:34 iggy geekatcmu: I wouldn't say explicit ordering is considered a best practice... did you read that somewhere?
17:35 geekatcmu If you're installing the zookeeper package, and zoo.cfg, you should always explicitly order (e.g. dependencies) because anything else makes my head explode.
17:35 geekatcmu If order matters, then you should *always* be explicit.  You never know when the underlying system will start making different ordering choices.
17:36 malinoff geekatcmu, or just enable implicit ordering and just don't think about it
17:36 ramblinpeck joined #salt
17:36 malinoff and save tons of lines of yaml
17:36 iggy I would argue that putting things in the order you want in the file is explicit
17:36 geekatcmu I may well be a dinosaur, but that sounds a lot like "just write it in Java and don't worry about memory management".
17:36 ndrei joined #salt
17:36 tmclaugh[work] joined #salt
17:37 malinoff geekatcmu, well, using your example, explicit ordering is like programming in assembly
17:37 leszq joined #salt
17:37 iggy troll level: n00b
17:37 drawsmcgraw I'm with geekatcmu. I like being as explicit as possible (or as reasonable, rather)
17:37 geekatcmu yep
17:37 geekatcmu If you're the only person who ever will touch the states, implicit ordering may be fine.
17:38 drawsmcgraw I try to write my states/code/artifacts as if someone with no prior knowledge of the topic has just inherited it.
17:38 geekatcmu But what happens when the people who come after you have no idea why you have things in the order you do?
17:38 drawsmcgraw It's a bit top-heavy, sure. But I feel like a less-bad person for it.
17:38 drawsmcgraw geekatcmu: comments. My god, the comments :)
17:38 geekatcmu And if you're using pyobjects, it's not even more code.
17:39 malinoff geekatcmu, your words can be applied to explicit ordering too.
17:39 drawsmcgraw anyway. I'll bow out of this conversation. I've had my piece :D
17:39 * geekatcmu gives up
17:39 DammitJim if am performing some commands to install a piece of software... things like wget, then unzip, then cp
17:39 DammitJim should be doing all that in an sls
17:39 DammitJim dammit, what's wrong with my question mark
17:41 ramblinpeck hi all, new to salt and trying to get a deb repo, the one here https://www.erlang-solutions.com/downloads/download-elixir, added to a minion to get elixir/erlang installed. I've tried using this as a guide http://docs.saltstack.com/en/latest/ref/states/all/salt.states.pkgrepo.html, but coming up with errors. Full detals in
17:41 ramblinpeck https://gist.github.com/peck/56ecbe47466ea5ead4f1, thanks
17:41 JDiPierro joined #salt
17:43 iggy DammitJim: archive.extracted can do http url's
17:43 DammitJim I guess the better question is how do I organize the steps?
17:44 whytewolf ramblinpeck: the first two states in your base.sls don't have id's
17:44 ramblinpeck whytewolf: super super to new to this, could you elaborate?
17:45 iggy ramblinpeck: A. don't mix indentation styles (i.e. use 2 spaces or 4, not both) B. what whytewolf said C. pkg.latest causes a refresh: True by default
17:45 drawsmcgraw DammitJim: You may be interested in archive.extracted()
17:45 DammitJim thanks, I'll look it up
17:45 drawsmcgraw Otherwise, what I've done is a cmd.run with a multiline value for 'name'
17:46 pix92 joined #salt
17:46 gadams joined #salt
17:46 DammitJim drawsmcgraw, so, this is not one of those things where I can call something like: salt 'myserver' state.sls jasig.cas
17:47 drawsmcgraw DammitJim: No? What's the use case?
17:47 DammitJim and jasig/cas.sls has info about all the different steps to install cas: wget, unzip, copy files
17:47 DammitJim it's a simple thing... just trying to make sure I'm doing it the salt way and not my silly wy
17:47 DammitJim way*
17:47 whytewolf ramblinpeck: https://gist.github.com/whytewolf/10b18956d15984bed5b4
17:47 iggy DammitJim: you _can_ but why not just make it part of your normal highstate?
17:47 DammitJim https://sonnguyen.ws/install-jasig-cas-ubuntu-14-04/ (the part after "Download Jasig Cas 4.0"
17:48 DammitJim up to "Forward port 443..."
17:48 Voziv left #salt
17:48 DammitJim iggy, are you saying I can just put those steps all in my highstate just like I would in a jasig.cas state?
17:49 ramblinpeck whytewolf: ah, I got it, didn't really the things like "nginx" top level were ids
17:49 iggy DammitJim: well, make jasig.cas part of your highstate... I'm a fan of everything being repeatable... I try not to run any one-off commands if I can at all avoid it
17:50 DammitJim oh yeah,  that's what I want to do... I want to put all those steps (wget, unzip, cp) in jasig.cas
17:50 DammitJim is that the proper way of doing something like this?
17:51 DammitJim normally I would just do cas: package: - installed
17:51 DammitJim but this install requires 3 different steps
17:51 DammitJim sorry, I'm sure this is the dumbest question asked here
17:52 drawsmcgraw DammitJim: You have the right approach
17:52 drawsmcgraw If what you have works already, then you're good.
17:52 aCodinMan joined #salt
17:52 drawsmcgraw If you're still working on it, definitely try out archive.extracted()
17:52 DammitJim I don't have anything working, yet
17:53 jhauser joined #salt
17:53 drawsmcgraw ah
17:53 bash124512 joined #salt
17:53 DammitJim I just tried the steps manually to confirm that this is how I need to configure my servers
17:53 drawsmcgraw Yeah give archive.extracted() a try. It's cleaner than cobbling together the wget/unzip/etc commands (though I have done that in the past!)
17:53 dhanak_ joined #salt
17:54 drawsmcgraw Here we are:https://docs.saltstack.com/en/latest/ref/states/all/salt.states.archive.html
17:54 DammitJim is archive.extracted() considered a formula?
17:54 drawsmcgraw It can take a little trial-and-error but I've used it with success
17:54 vaspiros joined #salt
17:54 drawsmcgraw Nope. It's a built-in state
17:54 DammitJim thanks for clarifying
17:54 iggy DammitJim: http://docs.saltstack.com/en/latest/ref/states/all/salt.states.archive.html#module-salt.states.archive
17:54 drawsmcgraw Sure thing
17:55 drawsmcgraw Formulas are entire files full of states to do something (like install Nginx, mysql, etc..) and are often (always?) found on the saltstack-formulas Github repo
17:55 iggy it's basically "download file, check hash, unzip into a directory"
17:55 drawsmcgraw But I defer to iggy for more details on that
17:55 DammitJim iggy, that's exactly it
17:56 DammitJim it seems that archive.extracted() will even clean up the zip file :D
17:56 iggy true story
17:56 drawsmcgraw That's a fairly new one, too. I wonder who wrote that one.... I owe them a coffee
17:57 iggy the things to watch out for with archive.extracted are A. files that aren't versioned or projects that change the zip files without updating hashes (if you are getting the hashes from them)
17:57 iggy B. archives that extract out into a subdir
17:58 Gareth basepi: ping
17:59 baweaver joined #salt
18:00 spookah joined #salt
18:01 cruatta joined #salt
18:02 iggy good luck my friends, I'll return in a week, until then I leave you all in the (semi-)capable hands of all the other #salt helpers ;)
18:02 husanu7 joined #salt
18:03 cruatta__ joined #salt
18:04 vaspiros joined #salt
18:06 dimeshake joined #salt
18:08 aqua^c joined #salt
18:09 cruatta joined #salt
18:10 gadams joined #salt
18:11 coval3nce joined #salt
18:11 coval3nce Anyone happen to know if pillar merging will deep copy lists?
18:11 coval3nce seems to just take the “last” declaration of the list wholesale for me
18:13 bhosmer joined #salt
18:14 kevinquinnyo joined #salt
18:14 vaspiros joined #salt
18:15 yidhra_ joined #salt
18:15 baweaver joined #salt
18:17 cruatta_ joined #salt
18:21 coval3nce Ah, found a thread to try yamlex but seems there is already a bug open about the !aggregate not working for a list.
18:26 bhosmer joined #salt
18:28 coval3nce ah i bet we can update this line here and check for a list type and merge there https://github.com/saltstack/salt/blob/develop/salt/utils/dictupdate.py#L47
18:31 twodayslate joined #salt
18:40 andrew_v joined #salt
18:41 thomas44 joined #salt
18:41 thomas44 howdy
18:41 thomas44 I have a question, can anyone point me to the right direction I want to apply salt states from python cline
18:41 thomas44 client
18:43 otter768 joined #salt
18:43 thomas44 I have been using https://github.com/saltstack/salt/blob/develop/salt/client/__init__.py#L423
18:44 thomas44 but wanted to know if there is cleaner way
18:44 spark joined #salt
18:47 hasues left #salt
18:50 CeBe joined #salt
18:56 julez joined #salt
18:58 quantumsummers joined #salt
19:00 jasonrm joined #salt
19:00 quantumsummers Hello! I am using salt-ssh and working to integrate the use of the gpg renderer for pillar data. At the moment, I and my Ops team have our own GPG keys. Is there any way to use our individual GPG keys with the GPG renderer?
19:00 quantumsummers and if so, what settings in SaltFile should I set?
19:00 denys joined #salt
19:00 quantumsummers further, is there anything special needed to enable salt-ssh gpg renderer to use gpg-agent?
19:01 aea joined #salt
19:04 hybridpollo joined #salt
19:06 aw110f joined #salt
19:06 aw110f Hi I’m getting SaltClientError: Error while bringing up minion for multi-master. All configured masters
19:06 aw110f when starting my minion
19:06 cruatta joined #salt
19:06 aw110f and the minion dies
19:07 cruatta joined #salt
19:07 cruatta_ joined #salt
19:08 snarfy^ joined #salt
19:08 vaspiros joined #salt
19:08 SpX joined #salt
19:09 gthank joined #salt
19:09 gthank joined #salt
19:11 Ahlee thomas44: what's not clean about calling cmd in your python?
19:13 thomas44 sorry I should have reword it :P . I was wondering if there was a direct call to apply states, I have not had any problems and had been deploying my states for a while using .cmd, just wanted to know if a direct call existed to apply states
19:14 racooper joined #salt
19:15 spark joined #salt
19:15 napsterX joined #salt
19:18 rawzone^ joined #salt
19:21 jasonrm joined #salt
19:22 ALLmightySPIFF joined #salt
19:27 writtenoff joined #salt
19:28 jhauser joined #salt
19:30 coval3nce thomas44: you can use salt-call state.apply <state name> saltenv=<environment> to apply just a specific state
19:30 coval3nce on whatever minion you are debugging on.
19:31 baweaver joined #salt
19:32 Ahlee thomas44: to my understanding, no. Under the hood, when you apply a state you're triggering the cmd call, wether it's from the CLI or from a LocalClient
19:33 spark joined #salt
19:35 sgargan_ joined #salt
19:36 andrew_v_ joined #salt
19:37 quantumsummers chutzpah: hello there :)
19:38 rdavis joined #salt
19:38 rdavis Hey folks, trying to write a state and I need access to the date, anyone know off their head how to get it with the builtin modules?
19:39 rdavis I'm using YAML + Jinja for the state file.  Thanks if anyone knows.
19:40 sgargan_ joined #salt
19:40 ndrei joined #salt
19:41 quasiben joined #salt
19:42 pcn rdavis: does this work for you: http://docs.saltstack.com/en/latest/ref/renderers/all/salt.renderers.jinja.html#filters
19:42 rdavis Oh.  Awesome, I didn't know those were there.  Thanks.
19:43 rdavis I was trying to figure out how to get the filters to work, heh.  Thanks!
19:43 pcn rdavis: I was looking at that but haven't tried it myself, so let us know if it works for you.
19:43 impi joined #salt
19:44 kevinquinnyo Hey all, on http://docs.saltstack.com/en/develop/topics/topology/proxyminion/index.html "To create support for a proxied device one needs to create four things:"  Can someone explain to me, for those 4 things, which go on the salt-master and which go on the proxy-minion?  I'm sure it's more obvious to someone who has been using salt for a while, but it's not clear to me right now
19:44 bhosmer joined #salt
19:45 leszq joined #salt
19:47 ranomore coval3nce: RE pillar deep copy lists merging - https://github.com/saltstack/salt/issues/3991 - reported in 2013
19:48 coval3nce ranomore: i just commented on https://github.com/saltstack/salt/issues/22241 witha  fix to dictupdate.py to merge lists as part of the pillar merge
19:48 coval3nce ranomore: taking a gander at 3991 right now for context...
19:49 XenophonF i wish the yaml_encode filter could handle dicts and lists
19:49 XenophonF i might take a stab at adding support for it
19:49 s_kunk joined #salt
19:49 rdavis pcn: That worked great, thanks
19:50 coval3nce ranomore: isn’t 3991 kinda solved with the smart/recurse pillar merge strategies already implemented?
19:51 Brew joined #salt
19:52 mbrgm left #salt
19:52 ranomore coval3nce: I didn't know that existed.
19:53 coval3nce I’m not positive that solves 3991, but it feels like it does.
19:55 ndrei joined #salt
19:57 aqua^c joined #salt
19:57 vaspiros joined #salt
19:58 ranomore coval3nce: I hadn't looked too closely at 3991 before, the merge instead of overwrite strategy feels intuitive in lots of places in salt, but only works in some, like #18582
19:59 timoguin joined #salt
20:02 snarfy^ joined #salt
20:05 ajw0100 joined #salt
20:06 andrew_v joined #salt
20:06 coval3nce ranomore: the current strategy will merge, bug if there is a key conflict, i think it takes the latest version in the merge tree
20:07 coval3nce *but….im not sure i really follow what 18582 is really after
20:07 rdavis left #salt
20:07 scoates joined #salt
20:09 vaspiros joined #salt
20:10 ranomore same merging strategy, just with files in /etc/salt/master.d instead of different pillar top.sls files
20:11 coval3nce ah gotcha, i’d like to put in a feature or somethign to be able to override gitfs branch environment settings  (e.g. for upstream formulas, they don’t match my branch/env layout, and cloning them locally sucks)
20:11 baweaver joined #salt
20:13 GabLeRoux joined #salt
20:14 druonysus joined #salt
20:14 druonysus joined #salt
20:16 druonysus joined #salt
20:19 ranomore1 joined #salt
20:21 snarfy^ joined #salt
20:22 ALLmightySPIFF joined #salt
20:28 dopesong_ joined #salt
20:33 Brew joined #salt
20:39 Ahlee eek. basepi is beating me in weekly steps.
20:44 otter768 joined #salt
20:46 quique joined #salt
20:52 vaspiros joined #salt
20:54 vaspiros joined #salt
20:55 bhosmer joined #salt
21:00 baweaver joined #salt
21:01 chutzpah quantumsummers: hello
21:02 alexhayes Does anyone know how I'd use salt develop with Vagrant?
21:02 alexhayes I'd like to use the bower.* states, but they are in salt develop
21:03 coval3nce http://docs.vagrantup.com/v2/provisioning/salt.html  and choose the install_type to be git
21:04 coval3nce give it the branch under the “install_args” section
21:06 alexhayes coval3nce: yes, sorry.. just found that
21:06 alexhayes thx
21:06 coval3nce no worries
21:07 alexhayes how stable is develop? does most development happen on feature branches which are merged into develop once they pass?
21:08 coval3nce alexhayes: i’m not sure, not a main dev on it, but i think develop gets merges pretty darn quick, i probably wouldn’t use it in prod myself
21:09 whytewolf I'm running a copy of develop currently. seems kind stable but i wouldn't bet money on it
21:11 whytewolf looks like typically it is forked off, then feature branched. then those feature braches are merged into develop
21:12 jhauser joined #salt
21:12 alexhayes thx, well if I come up against any issues il just go back to master or fork master and merge the bower states
21:14 whytewolf if you are just looking to use some states/modules that come in develop and don't have extra parts such as a util section. just grab those states/modules and put them in _modules and _states
21:19 ajw0100 joined #salt
21:20 alexhayes whytewolf: what is _modules and _states? is that convention or a feature of salt?
21:21 whytewolf _modules and _states is a feature of salt. it is for custom state and module [and grains]
21:22 virusuy left #salt
21:22 whytewolf alexhayes: http://docs.saltstack.com/en/2014.7/ref/file_server/dynamic-modules.html
21:24 ALLmightySPIFF joined #salt
21:25 alexhayes whytewolf: thanks, i see :)
21:27 alexhayes Ok... next challenge. I want to sync a folder with vagrant, as a particular user, however I'm using salt provision to create that user, thus the sync just hangs. Does anyone have any creative solutions?
21:28 alexhayes chown on provision perhaps?
21:29 bhosmer joined #salt
21:32 alexhayes i imagine that might have other consequences
21:34 alexanderilyin joined #salt
21:45 ndrei joined #salt
21:46 aqua^c joined #salt
21:48 chimp joined #salt
21:55 itru joined #salt
21:57 juanito joined #salt
21:57 Ryan_Lane https://github.com/saltstack/salt/pull/24975 this is causing me pretty immediate pain
21:59 jhauser joined #salt
21:59 mapu joined #salt
22:01 catpig joined #salt
22:03 ajw0100 joined #salt
22:08 baweaver joined #salt
22:09 pravka joined #salt
22:09 mapu joined #salt
22:10 mosen joined #salt
22:14 Ryan_Lane man, the npm module is totally busted
22:14 geekatcmu s/the npm module/npm/
22:14 geekatcmu HTH, HAND
22:14 Ryan_Lane :)
22:15 geekatcmu Though it's already well-established that I'm a hater.
22:21 pcdummy joined #salt
22:21 pcdummy joined #salt
22:22 bfoxwell joined #salt
22:22 giantlock joined #salt
22:23 Ryan_Lane this module definitely needs some tests, because it's obvious someone modified it and didn't even /try/ it
22:24 Ryan_Lane every single function is broken in multiple ways
22:24 ALLmightySPIFF joined #salt
22:24 drawsmcgraw left #salt
22:27 geekatcmu heh
22:27 mosen Ryan_Lane: it totally is
22:28 Ryan_Lane I think I have a fix...
22:28 pcdummy joined #salt
22:28 pcdummy joined #salt
22:30 Ryan_Lane string handling in python sucks so much
22:31 geekatcmu ?
22:31 geekatcmu I take it you didn't *start* programming with C or Pascal, right?
22:33 Ryan_Lane :)
22:33 julez joined #salt
22:35 pcdummy joined #salt
22:35 pcdummy joined #salt
22:35 geekatcmu IIRC, I was FORTRAN, UCSD Pascal, Scheme, C, ASM, Tcl, Python, Perl, Ruby, in that order.
22:36 Ryan_Lane geekatcmu: https://github.com/lyft/salt/commit/6fde58182fbfa91318b613e572f102226f5d8e94
22:36 Ryan_Lane that's why I say it sucks
22:36 toastedpenguin joined #salt
22:36 geekatcmu That skips Prolog and SML (which I didn't really learn) as well as elisp, which has been ongoing forever.
22:36 Ryan_Lane from future import unicode_literals <-- turns strings into unicode strings
22:36 Ryan_Lane but the module that's being called with env needs the strings to be byte literals
22:36 UtahDave joined #salt
22:37 geekatcmu OIC
22:37 geekatcmu Yes, converting between byte formats sucketh.
22:37 geekatcmu Be glad Python makes it that easy.
22:37 UtahDave eliasp: check it out! https://github.com/saltstack/salt/pull/24980
22:37 geekatcmu You *could* be calling all of the decode/encode stuff.
22:38 UtahDave Finally got templating the windows package definition files
22:38 Ryan_Lane geekatcmu: indeed
22:38 geekatcmu But I do feel your pain.
22:38 Ryan_Lane thankfully this is all a bit saner in python 3
22:43 Gareth o/
22:44 thehaven joined #salt
22:44 sinenitore joined #salt
22:44 JDiPierro joined #salt
22:45 mapu joined #salt
22:45 otter768 joined #salt
22:48 stoogenmeyer joined #salt
22:49 joehoyle joined #salt
22:50 pcdummy joined #salt
22:50 pcdummy joined #salt
22:52 pcdummy joined #salt
22:53 leszq joined #salt
23:02 c10 joined #salt
23:09 vaspiros joined #salt
23:09 bluenemo joined #salt
23:09 bluenemo joined #salt
23:16 mapu joined #salt
23:25 ALLmightySPIFF joined #salt
23:25 otter768 joined #salt
23:30 mdupont joined #salt
23:34 aqua^c joined #salt
23:34 UForgotten joined #salt
23:35 MatthewsFace joined #salt
23:38 ajw0100 joined #salt
23:42 mapu joined #salt
23:45 virusuy joined #salt
23:45 _JZ_ joined #salt
23:45 bja joined #salt
23:46 bja is there a mailing list for people looking for jobs using salt?
23:48 UtahDave not specifically.  We allow non-spammy job postings on salt-users, though.
23:48 villagz joined #salt
23:50 codehotter I have an sls that configures a db, I have an sls that configures an app. Right now I put the db password in both files. What's a better way?
23:50 whytewolf codehotter: put the password in a pillar. then call that pillar in the state.
23:51 codehotter whytewolf: call the pillar in both states?
23:51 whytewolf codehotter: yes
23:52 codehotter can I have it generate a random password, and use it in both states automatically?
23:52 villagz left #salt
23:52 whytewolf you could, if you never need to use that password again.
23:52 codehotter How?
23:52 whytewolf since you wouldn't be storing it
23:53 whytewolf I know it is possable not sure on how
23:53 codehotter Can I put it in a file on the db server, then read that file in the app state?
23:54 codehotter How do I read a file from minion, then use that data in state in salt?
23:55 codehotter (in ansible you'd use 'slurp')
23:55 codehotter (in combination with 'register')
23:56 baweaver joined #salt
23:58 aqua^c joined #salt
23:58 codehotter During an SLS, can I call a module or runner?
23:59 codehotter then make a variable and use it in state?
23:59 UtahDave codehotter: Yeah, you can.  inside the jinja environment you have access to all the salt execution modules

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary