Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2015-07-21

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:00 geekatcmu Everyone thinks they're number two!
00:00 whytewolf accept for akamai
00:00 geekatcmu It probably depends on which set of metrics you look at
00:00 geekatcmu yeah.
00:00 geekatcmu They're clearly the 500lb gorilla
00:00 iggy cloudfront
00:01 geekatcmu Huh, so all the CDNs have CM to handle a lot of system?  Go figure!
00:01 murrdoc http://www.thetoptens.com/best-content-delivery-network-cdn-providers/
00:01 murrdoc u arent in the 10
00:01 murrdoc no u are
00:01 murrdoc #8
00:01 geekatcmu feh
00:01 murrdoc no fucking way is cloudflare #4
00:01 Deevolution left #salt
00:02 Deevolution joined #salt
00:02 murrdoc that shit stinks
00:02 manfred cloud flare account for about 5% of internet traffic according to cloud flare
00:02 murrdoc imho
00:02 geekatcmu Well, that site is pretty clearly done by voting.
00:02 iggy that list looks alphabetical with some $ to move some up
00:02 geekatcmu So, well, feh
00:02 murrdoc according to cloudflare
00:02 manfred http://www.businessinsider.com/cloudflare-is-ready-to-take-on-cisco-2014-8
00:02 manfred murrdoc: that was the joke :P
00:02 murrdoc :D
00:03 murrdoc http://www.businessinsider.com/words-that-will-make-you-sound-smarter-2015-7
00:03 manfred iirc that is what printz said at the saltconf keynote as well
00:03 murrdoc what is the point of that article
00:04 manfred murrdoc: mine? it just says that cloudflare is 5% of the internet traffic
00:05 ayee How can I make sure salt installs a specific version of a package?
00:05 manfred ayee: yes, sometimes
00:05 ayee I want to make sure if someone throws a new package into the repo, my salt state stays the same
00:05 ayee so the version is controlled through git/salt state
00:05 manfred ayee: http://docs.saltstack.com/en/latest/ref/states/all/salt.states.pkg.html#salt.states.pkg.installed
00:05 manfred use version: versionnumber
00:05 murrdoc manfred:  your joke was the win
00:06 manfred murrdoc: :)
00:06 ayee manfred: How can I get the current version for say an installed package on a minion?
00:06 manfred ayee: check the text about the version block though
00:06 manfred ayee: rpm -q pkg, dpkg -l pkg,
00:06 murrdoc salt pkg.version package-name
00:06 manfred yeah that^
00:07 manfred i was looking for the sale module
00:07 manfred murrdoc: i like you, we have the same length name and your's also starts with an m,and on my screen you are just a slightly darker white, so it is confusing me
00:07 TyrfingMjolnir joined #salt
00:08 iggy jeez, try searching for some CDN stats and all you can see is Verizon ads
00:09 murrdoc HAHAHA
00:09 murrdoc VZFTW
00:09 * geekatcmu bets Verizon is your ISP at some level
00:09 manfred murrdoc: http://imgur.com/lL1yTqh
00:10 murrdoc manfred:  u are just a cleaner me
00:10 murrdoc :)
00:10 ayee - version: etcd-2.0.11-2.el7.x86_64
00:10 murrdoc geekatcmu:  u are right, but i cant confirm or deny
00:10 manfred so 2.0.11-2.el7.x86_64
00:10 ayee `The following packages failed to install/update: etcd=etcd-2.0.11-2.el7.x86_64`
00:10 iggy lol @ "slightly darker white"
00:10 ayee Though I can do yum install etcd-2.0.11-2.el7.x86_64 and that works fine
00:10 murrdoc We embrace diversity because it is the law.
00:10 manfred ayee: remove etcd- from it
00:11 manfred ayee: the version is 2.0.11-2.el7.x86_64
00:11 manfred you can also get that from redhat using
00:11 ayee manfred: `The following packages failed to install/update: etcd=2.0.11-2.el7.x86_64`
00:11 manfred ayee: rpm -q --queryformat '%{version}\n' etcd
00:12 manfred try removing the .el7.x86_64
00:12 manfred yeah, get rid of the releasever and arch
00:12 manfred [root@salt ~]# rpm -q --queryformat '%{version}\n' yum
00:12 manfred 3.4.3
00:12 ayee `The following packages failed to install/update: etcd=2.0.11-2`
00:12 ayee ok, I need to get rid of -2
00:12 ayee jeez
00:12 ayee lol
00:13 manfred yeah
00:13 manfred that is the pkgrel
00:13 manfred http://i.minus.com/ibvBaT090XHXu1.gif
00:13 amcorreia joined #salt
00:13 ayee `The following packages failed to install/update: etcd=2.0.11`
00:13 murrdoc HAHAHA
00:13 ayee bleh
00:13 manfred NO
00:13 manfred i give up
00:14 murrdoc u need the .2 in there
00:14 manfred i only see examples for ubuntu anyway
00:14 murrdoc salt 'minionname' pkg.installed name=etcd version='2.0.11-2'
00:14 manfred ayee: also, which version of salt are you on?
00:15 murrdoc that jump manfred
00:15 murrdoc i would do it
00:15 murrdoc once i am 60+
00:15 manfred heh
00:15 murrdoc i would do it
00:15 manfred did you see that a google ceo broke felix bumgartners record last year?
00:15 ayee manfred: salt-minion-2015.5.2-3.el7.noarch
00:15 manfred murrdoc: http://i.imgur.com/J3gsv.gif
00:16 murrdoc ayee:  salt 'minionname' pkg.installed name=etcd version='2.0.11-2'
00:16 manfred pkg.install
00:16 manfred installed is the state
00:17 nzero joined #salt
00:17 manfred http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.yumpkg.html#salt.modules.yumpkg.install
00:17 manfred got it
00:17 manfred ayee: try this 2.0.11-2.el7
00:18 ayee manfred: bingo
00:18 manfred dumb dumb dumb
00:18 ayee manfred: Thanks for the patience, it's appreciated.
00:18 manfred http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.yumpkg.html#salt.modules.yumpkg.install
00:19 manfred no worries
00:19 manfred found an example
00:19 manfred in the module
00:19 ayee I did actually find those docs and try some of the non-yum examples
00:19 ayee but it didn't work, I didn't realize I needed el
00:19 ayee 7
00:19 ayee There are a lot of combinations I could try, I should have just brute forced and tried everything. heh
00:19 ayee although the permutations could add up quickly
00:20 manfred https://github.com/saltstack/salt/blob/develop/salt/modules/yumpkg.py#L938
00:21 manfred it drops the $arch from it there
00:21 jaybocc2 when i call salt-call event.send 'minion_auth' it keeps trigging salt.auth event
00:21 jaybocc2 instead of the minion_auth event
00:21 jaybocc2 that i wrote
00:22 jaybocc2 can anyone point me in the right direction?
00:22 aw110f joined #salt
00:23 aw110f Hi, for the multimaster-pki setup, do I need to share files between masters?
00:23 teryx510 left #salt
00:25 jaybocc2 the masters need master_sign.p{em,ub}
00:25 jaybocc2 minions need master_sign.pub
00:28 aw110f the masters need the same  master_sign.p{em,ub} ?
00:30 bfoxwell joined #salt
00:38 zmalone joined #salt
00:40 napsterX joined #salt
00:44 breakingmatter joined #salt
00:45 ajw0100 joined #salt
00:48 pcn Can the s3fs backend use instance roles in ec2 instances to access s3?
00:51 alexanderilyin joined #salt
00:52 murrdoc wow
00:54 pcn Arr
00:54 pcn Yeah, I see it is in the docs.
00:54 pcn And somehow I read it 10 times and until you said that, I didn't see it.
00:56 jaybocc2 is it possible to send events to master without having your minion key accepted?
00:56 jaybocc2 Whenever i try to send an event from a minion without an accepted key it seems to just send an salt/auth event instead...
00:57 zsoftich1 joined #salt
00:57 aurynn it would be a bit of a security risk if you could
00:58 aparsons joined #salt
00:58 jaybocc2 can you modify the salt/auth event payload then? I need more than just the minion id and key to determine if it is who it says it is...
01:16 samed joined #salt
01:16 samed joined #salt
01:19 CeBe1 joined #salt
01:21 jmreicha joined #salt
01:21 mbrgm__ joined #salt
01:21 ageorgop joined #salt
01:22 tommyfun joined #salt
01:30 ageorgop joined #salt
01:30 coval3nce joined #salt
01:31 coval3nce There a good way to throw some logic into a state to say “if this is the first time this state was ever applied” ?
01:31 pcn How do you expect to know it's the first time?
01:32 pcn Usually you leave a marker, like a file that is left behind to use a unless: test -f /path/to/file
01:32 coval3nce Exactly ;)
01:32 tommyfun left #salt
01:32 coval3nce I guess i can do that, i’d like to fuly flush iptables (but only on a fresh provision)
01:32 coval3nce then from then on, allow normal state to append/save on each state apply
01:33 manfred use a grain, or touch a file
01:33 manfred if the file or grain exists, don't run the state
01:33 coval3nce Trying to deal with docker’s ephemeral poking of iptables rules and continually applying fw state
01:33 manfred then make the state that makes the file or grain only run on change of the otehr state
01:33 coval3nce Yeah i’ll go that route i guess
01:33 manfred state1 runs for the first time, onchanges is true, makes file/sets grain
01:33 manfred never runs after that
01:33 coval3nce Good examples of that you have handy?  If not, sounds easy enough to RTFM
01:34 manfred i do not, never done that
01:34 quasiben joined #salt
01:34 manfred if I do something there would need to be some change already
01:34 manfred if you are making a change, all you have to do is make it idempotent
01:34 manfred so taht if it has been changed, it won't need to be changed again
01:34 manfred like make install
01:35 manfred do an unless: test -f /usr/local/bin/<binary>
01:35 manfred if that file doesn't exist, then the cmd.run will run make install in whatever directory
01:35 manfred http://docs.saltstack.com/en/latest/ref/states/requisites.html
01:35 coval3nce yeah, that should work
01:35 coval3nce thanks man
01:35 manfred yup, no problem
01:37 jmreicha joined #salt
01:41 napsterX joined #salt
01:45 breakingmatter joined #salt
01:46 favadi joined #salt
01:53 p0rkbelly joined #salt
02:01 primechuck joined #salt
02:01 p0rkbelly joined #salt
02:07 falican joined #salt
02:08 nzero joined #salt
02:08 zsoftich1 joined #salt
02:09 dthom91 joined #salt
02:14 UForgotten joined #salt
02:14 zmalone joined #salt
02:23 pullphinger joined #salt
02:25 napsterX joined #salt
02:25 _JZ_ joined #salt
02:37 holyzhou joined #salt
02:43 cowpunk21 joined #salt
02:45 aw110f is it possible to combine multimaster setup with multimaster failover?
02:45 evle joined #salt
02:46 breakingmatter joined #salt
02:52 jasonrm joined #salt
02:59 viveksri15 joined #salt
02:59 viveksri15 hi guys
03:00 viveksri15 a small question.. how well salt fits into the following scenario as depicted here: http://i.imgur.com/7xb4rW5.jpg
03:00 viveksri15 it is a WAN setup mostly, with constraints as to which server can connect to which server in each LAN
03:01 cowpunk21 joined #salt
03:01 viveksri15 the aim is to provide a central configuration UI for OPS team..backed by salt?
03:03 jeddi joined #salt
03:03 pcn Your tiering of sg(b,c) -> sg(a) seems like you're trying to accomplish too much there, but I guess you're trying to creating an administrative sub-domain.
03:05 viveksri15 pcn -> yes..it is a network of servers in client data-center, which we have to manage, and we can only get through via a single machine
03:05 pcn I don't understand how you expect the "gateway"s to behave in this case.  Are they routers, are they proxies, are they content filters, are they policy engines?  Do request flow from clients up, or from top down
03:06 pcn My experience with salt so far is that you can ask it to do just about anything - what you're asking for could be accomplished a couple of different ways, but I think you'd have to work within the limits of the access you've got and make some comprimises, or do a lot of custom coding.
03:06 viveksri15 so, gateways are linux boxes.. they can be made to behave as proxies, ssh gateway for login, http server and what not.. they have opsn access
03:06 pcn Which you can hopefully bill by the hour
03:08 viveksri15 okk..it is just been couple of  hrs for  me exploring salt... let me explore a bit more.. just wanted to check if it is possible at all with salt. thanks :)
03:08 pcn Most of the salt system is exposed via APIs, so you can do almost anything
03:10 viveksri15 but when salt says it follows an always-connected mechanism over network ports (am i right here), will such model of restrictions be an issue?
03:10 jaybocc2 joined #salt
03:11 pcn If each SG is a master and you have a flow of states and pillars from SG -> SG(a..e) then it could work.  You need to figure out that flow.
03:11 zz_cro joined #salt
03:12 viveksri15 great! lemme have a deep dive into it then..
03:14 pcn I don't want to trivialize how much deatil goes into a system like this.  But I think you can set it up and reason about it with salt.
03:29 jaybocc2 joined #salt
03:32 djd74 joined #salt
03:33 geekatcmu murkey_: what I was thinking of is http://www.cedexis.com/reports/#?report=secure_object_delivery_response_time&amp;country=US&amp;date=2015-07-01
03:34 geekatcmu And that puts LLNW pretty firmly in 6th place.
03:38 neocid joined #salt
03:46 zhoujl joined #salt
03:46 zhoujl hello everyone
03:47 akoumjian hello zhoujl
03:57 ajw0100 joined #salt
03:59 ronrib heh someone in finance got cryptolocked
04:02 hal58th joined #salt
04:08 Aidin joined #salt
04:17 jmreicha_ joined #salt
04:18 spookah joined #salt
04:18 ronrib left #salt
04:18 joeto joined #salt
04:19 murrdoc joined #salt
04:32 cowpunk21 joined #salt
04:35 breakingmatter joined #salt
04:37 clintberry joined #salt
04:53 ramteid joined #salt
05:00 Furao joined #salt
05:06 Bryson joined #salt
05:37 sunkist joined #salt
05:40 mbrgm__ joined #salt
05:45 catpigger joined #salt
05:45 napsterX joined #salt
05:46 Furao joined #salt
05:49 dopesong joined #salt
05:56 NightMonkey joined #salt
05:57 dopesong joined #salt
05:58 zer0def joined #salt
06:00 favadi joined #salt
06:11 Steven- joined #salt
06:13 AndreasLutro joined #salt
06:17 rdas joined #salt
06:18 dopesong joined #salt
06:19 stoogenmeyer joined #salt
06:25 breakingmatter joined #salt
06:27 joeto joined #salt
06:41 jmreicha joined #salt
06:42 Ztyx joined #salt
06:50 KermitTheFragger joined #salt
06:54 kawa2014 joined #salt
06:57 stephanbuys joined #salt
06:58 CeBe joined #salt
07:00 jmreicha joined #salt
07:01 mbrgm__ joined #salt
07:02 Ztyx joined #salt
07:04 Ztyx joined #salt
07:09 NightMonkey joined #salt
07:14 thalleralexander joined #salt
07:25 tiadobatima joined #salt
07:29 JonGretar joined #salt
07:30 wiqd joined #salt
07:30 mattl joined #salt
07:30 monkey66 joined #salt
07:35 eseyman joined #salt
07:54 mikepea joined #salt
07:54 madssj joined #salt
07:54 mihait joined #salt
07:54 phpdave11 joined #salt
08:01 jmreicha joined #salt
08:04 pixelfields joined #salt
08:04 jmreicha joined #salt
08:06 twork joined #salt
08:06 mbrgm__ joined #salt
08:07 epcim joined #salt
08:08 gadget-girl how it going does here use gitlab CI
08:12 s_kunk joined #salt
08:12 kbaikov joined #salt
08:13 dopesong joined #salt
08:13 Xevian joined #salt
08:14 breakingmatter joined #salt
08:16 dopesong_ joined #salt
08:18 dsimek joined #salt
08:18 mbrgm__ joined #salt
08:19 dsimek left #salt
08:26 keimlink joined #salt
08:28 linjan joined #salt
08:34 agend joined #salt
08:40 gcfhvjbkn joined #salt
08:40 gcfhvjbkn how do i use pillar data from within custom grains?
08:41 gcfhvjbkn http://pastie.org/private/pfibrwwe37ou2civ8rbaqq
08:41 gcfhvjbkn when i do this: from salt.modules import pillar
08:44 AndreasLutro you can't, grains are loaded before pillars
08:47 babilen http://docs.saltstack.com/en/latest/topics/development/dunder_dictionaries.html summarises which dunder dicts are available
08:47 stephanbuys joined #salt
08:48 gcfhvjbkn thanks
08:51 stephanbuys1 joined #salt
08:53 markm joined #salt
08:54 nexus joined #salt
08:57 Malte joined #salt
08:57 Malte hello all
08:58 Malte we begin using salstack in our company but we have a problem I found no answer
08:58 Malte (by googling and thinking)
08:58 stoogenmeyer joined #salt
08:59 Malte iam am not sure of someone have a deeper knowledge how grains are working and could help me understanding why this issue occures
09:00 Norrland Malte: ask and see if someone can answer.
09:04 Malte ok - :-)
09:05 Malte i have create a custom grain
09:05 Malte if a call it manualy (python <file>) all works as it should
09:05 Malte if i make a state.highstate the grain is executed mutliple times
09:06 Malte this cause a load on the minion which should be avoided
09:06 Malte as i understood the documentation the grain should only be executed on times each highstate
09:07 Malte the behavior is the same on a windows and linux minion also in version 2014.x and 2015.x
09:07 Malte the minion logs (verbose) dont gave me a hint why this occures
09:11 jaybocc2 joined #salt
09:12 linjan joined #salt
09:13 sgargan joined #salt
09:14 jeddi joined #salt
09:16 fredvd joined #salt
09:22 Malte any ideas ? :-(
09:26 dopesong joined #salt
09:28 Alan_S_ joined #salt
09:32 silenth_ is anyone having issues deploying with salt-cloud on ec2? salt-cloud waits constantly for an IP address
09:35 ph8 joined #salt
09:35 aqua^c joined #salt
09:38 linjan joined #salt
09:42 robothands joined #salt
09:47 aqua^c joined #salt
09:47 sirex joined #salt
09:48 zer0def joined #salt
09:52 epcim joined #salt
09:55 shantanoo joined #salt
10:00 linjan joined #salt
10:02 bluenemo joined #salt
10:02 bluenemo joined #salt
10:03 breakingmatter joined #salt
10:04 bluenemo hi guys. I'm using user.present but I want to safe to password plain text in the Pillar Files. I'm using this hacky  {% set user_password_hashed = salt['cmd.run']('/bin/echo ' + user_password + '| /usr/bin/mkpasswd -m sha-512 -s --stdin') %}  however it is of course then setting the password new on every run. There is no real way to prevent this but setting the salted pw hash in the pillars, right?
10:05 bhosmer joined #salt
10:05 aqua^c joined #salt
10:09 epcim joined #salt
10:11 AndreasLutro bluenemo: I use salt.shadow.gen_password and enforce_password: False
10:11 AndreasLutro if you need to enforce the password then you have to put the password hash in the pillar
10:12 bluenemo yeah I need to enforce it (otherwise it wouldnt set it when I change the actual pass in the pillars). The only option I see is also setting a random salt string in the pillars and using (in bash) mkpasswd -m sha-512 password -s "11223344"
10:13 bluenemo -s <salt string>
10:13 bluenemo AndreasLutro,
10:14 AndreasLutro indeed
10:14 AndreasLutro but do use this http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.shadow.html#salt.modules.shadow.gen_password
10:14 AndreasLutro it'll be more performant than a cmd.run
10:15 sgargan is there a way to test and react to a failing state in an orchestration?
10:17 jhauser joined #salt
10:20 ITChap joined #salt
10:23 jaybocc2 joined #salt
10:23 aqua^c joined #salt
10:24 dariusjs joined #salt
10:31 seena joined #salt
10:32 seena Hi guys
10:32 seena add_repo:   pkgrepo.managed:     - name: add_repo     - baseurl: http://abc.com/repo/el6/$basearch/     - enabled: 1     - gpgcheck: 0
10:33 aqua^c joined #salt
10:33 seena http://pastebin.com/Y6vJ27Mr
10:33 seena This is my file
10:33 seena Failed to configure repo 'add_repo': The repo does not exist and needs to be created, but a name was not given
10:33 seena I am getting this message
10:33 seena Can you please help
10:34 dariusjs anyone know if a salt mine can collect all network interfaces, the examples i see specifically configure the network interfaces such as [eth0] or so
10:34 jim__ joined #salt
10:36 Twiglet seena: change "name:" to "humanname:" i think
10:37 denys joined #salt
10:37 makada joined #salt
10:38 Twiglet dariusjs: if you're using this kind of loop % for server, addrs in salt['mine.get']('role:role1', 'network.ip_addrs', expr_form='grain').items() %}
10:38 Twiglet then {{ addrs[0] }} will give the first IP, {{ addrs[1] }} the second, {{ addrs }} will give a list of IPs
10:39 seena Twiglet: Thanks . Worked perfectly
10:39 Twiglet list or a dict, I can never remeber the difference
10:39 makada when a function within state fails i want a nice color output telling me what failed
10:40 makada I used to get that but now i dont get color output
10:40 makada I call it this way salt-call state.highstate --local
10:40 makada shouldnt i be getting nice formatted output ?
10:41 ITChap joined #salt
10:41 keimlink joined #salt
10:41 Twiglet Yeah, I use salt-call for highstates way more than is healty because I can easily check the output before the result
10:42 aqua^c joined #salt
10:42 makada if state succeds i get nice summery
10:43 bluenemo AndreasLutro, thanks for the hints :)
10:44 ajw0100 joined #salt
10:47 quasiben joined #salt
10:48 makada @Twinglet are you saying we shouldnt use salt-call for running states ?
11:00 aqua^c joined #salt
11:00 dariusjs joined #salt
11:01 dariusjs Twiglet: my network died, sorry. think the problem i was actually having is ip addresses of windows hosts not getting mined
11:05 evle joined #salt
11:06 linjan joined #salt
11:09 aqua^c joined #salt
11:12 shantanoo joined #salt
11:16 totte joined #salt
11:19 colegatron joined #salt
11:19 gcfhvjbkn is there any way to sync grains from within salt states?
11:19 gcfhvjbkn with/without custom something-somethings
11:22 _JZ_ joined #salt
11:22 gcfhvjbkn without using salt reactor though
11:22 colegatron Im just starting my first minion on aws from a fresh master (connected through vpn to aws), but I can't connect to the instance (nor from the vpn nor from outside)
11:22 colegatron how can I debug what is happening there? tnx
11:22 Twiglet i think you can include "- reload_grains: True" in a state and it'll reload
11:23 gcfhvjbkn Twiglet: wow awesome
11:24 Twiglet gcfhvjbkn: I may be wrong! I vaugely remember seeing it a while ago and think it was along those lines, I may be mistaken though ;)
11:25 gcfhvjbkn thanks for the tip nonetheless; i will be looking hard
11:25 gcfhvjbkn …for the exact key
11:27 aqua^c joined #salt
11:28 Twiglet gcfhvjbkn: hmm, if not you may be able to use "module.run: \n -name: saltutil.sync_grains" as a state
11:28 seena colegatron: You have enabled port 4505 and 4506 in the security group
11:28 Twiglet then just require that in whatever it is you needed the grains for
11:28 impi joined #salt
11:30 cliluw joined #salt
11:30 amcorreia joined #salt
11:31 cliluw joined #salt
11:34 gcfhvjbkn yay, found it
11:34 gcfhvjbkn https://github.com/saltstack/salt/blob/f65e6633531e06aa161ec82d92bcc5181db3f24b/salt/state.py#L80
11:34 CeBe joined #salt
11:34 gcfhvjbkn seems like this is undocumented feature
11:34 gcfhvjbkn also peculiarly there are keys to reload grains, pillar and modules, but not the mine
11:34 gcfhvjbkn any reason for that?
11:35 Twiglet I don't think you reload the mine so much as flush it and things resend their data
11:36 linjan joined #salt
11:36 aqua^c joined #salt
11:37 babilen http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.mine.html → flush() + update() / send()
11:37 stephanbuys joined #salt
11:38 _JZ__ joined #salt
11:38 gcfhvjbkn thanks
11:39 ITChap joined #salt
11:39 kermit joined #salt
11:39 stephanbuys joined #salt
11:46 colegatron joined #salt
11:49 colegatron I've found a "<Error><Code>AuthFailure</Code><Message>AWS was not able to validate the provided access credentials</Message></Error>" while trying to execute ec2.list_nodes()
11:50 colegatron in a trace log. but the instance is created anyway
11:50 stephanbuys joined #salt
11:52 breakingmatter joined #salt
11:54 aqua^c joined #salt
11:56 soren joined #salt
11:59 jaybocc2 joined #salt
12:00 jhauser joined #salt
12:00 mirko joined #salt
12:01 zer0def joined #salt
12:04 aqua^c joined #salt
12:04 stephanbuys joined #salt
12:05 stephanbuys joined #salt
12:05 rideh joined #salt
12:08 voxxit joined #salt
12:11 denys joined #salt
12:13 colegatron anyone deploying instances on aws with salt?
12:16 bhosmer joined #salt
12:17 tmclaugh[work] joined #salt
12:18 silenth_ colegatron: yeah I was
12:18 mbrgm__ joined #salt
12:19 silenth_ I got impatient and upgraded salt on my mac and now it gets stuck "waiting for an IP"
12:20 colegatron silenth_ I'm just reinstalling on a new instance, but inside aws, not from a vpn connection
12:21 drawsmcgraw colegatron: Can your minion in AWS still not ping your master via the VPN?
12:22 drawsmcgraw Trying to figure if it's an AWS/connectivity issue or a Salt issue...
12:22 aqua^c joined #salt
12:22 soren joined #salt
12:22 ethand320 joined #salt
12:23 colegatron drawsmcgraw, can't connect to the minion through ssh
12:23 silenth_ colegatron: I have alsoe tried using salt-cloud on an ec2 instance (ubuntu 12.04) and I get the same result
12:23 colegatron nor ping it from outside (nor inside)
12:25 drawsmcgraw colegatron: You mean to say you can't access the minion period? So it hampers your ability to troubleshoot?
12:25 colegatron yes. The ec2 instance is launched by salt, but for some reason it is unreachable
12:25 drawsmcgraw If you're operating inside a VPC, and connecting to that via your VPN, I'd expect you to be able to SSH into a machine inside your VPC.
12:26 colegatron sure, but it is not reachable even from other instances in the same subnet.
12:26 drawsmcgraw colegatron: I'm a bit rusty. Does the AWS web interface have console access?
12:26 drawsmcgraw That sounds like an aws/vpc issue, right?
12:26 silenth_ drawsmcgraw: no (it has console logs tho)
12:26 shantanoo joined #salt
12:26 colegatron mmmm not sure, really.
12:26 drawsmcgraw silenth_: noted, thanks.
12:27 * drawsmcgraw wishes he was better with AWS
12:27 drawsmcgraw colegatron: Are you able to try launching a minion *not* in a VPC ?
12:27 drawsmcgraw I'd try just making an instance (without Salt involved) and confirm you can reach those instances. I'm thinking this is an aws/vpc thing.
12:27 colegatron of course, everything works without salt :-)
12:28 colegatron I've found an error on the logs about credentials...
12:28 colegatron let me paste it...
12:29 drawsmcgraw colegatron: Interesting... And yeah, you said that error pops up in the logs BUT the instance gets created anyway?
12:29 colegatron oh, I lost it right now, but it was about ec2.list_nodes() call failing about credentials, but the credentials used have all the rights over ec2
12:29 colegatron yep
12:29 tmilam joined #salt
12:29 dariusjs joined #salt
12:29 colegatron If I was more experienced with salt I would say it is a salt bug, but today is my first date with it
12:29 napsterX joined #salt
12:30 drawsmcgraw colegatron: Heh. Bit of a challenge, then :)
12:30 drawsmcgraw Have you tried running with "-l debug" ?
12:30 drawsmcgraw that is -> salt-cloud <stuff to make minion> -l debug
12:30 drawsmcgraw You can get a better idea of questions like "When is it failing?" or "Did it actually bootstrap a minion onto the new instance?"
12:31 colegatron drawsmcgraw, I used -l trace to find the mentioned error
12:32 colegatron what is very curious to me is the instance is launched, but is unable to be reached in any way
12:32 drawsmcgraw ah
12:32 drawsmcgraw And you've made instances by hand before, and managed to connect to them with no issues?
12:32 drawsmcgraw If that's the case, look closely at your profile and/or provider configs.
12:33 drawsmcgraw Salt may be putting the instances into the wrong AZ or something similar.
12:33 Malte short question: grains should be only executed one time at state.highstate?
12:33 drawsmcgraw Malte: Grains are static information about a minion. They're generated once when the Minion starts up.
12:33 furrowedbrow joined #salt
12:34 madssj Can I pass a dict from a macro into a context in a file? It seems to be converted into a unicode string at some point.
12:34 colegatron drawsmcgraw, yep, I've fired them manually, with elasticbeanstalk, with vagrant, with puppet, but not fails with salt. probably my fault, but not sure
12:35 drawsmcgraw colegatron: strange... Are you able to post a (cleaned) version of your salt-cloud-related configs?
12:35 colegatron Let me find all files and I'll pastebin them
12:35 jaybocc2 joined #salt
12:37 Malte ok - in my enviroment the are executed each time i send a hightstate
12:37 chiui joined #salt
12:37 Malte but it is a self created grain :-/
12:38 pcdummy joined #salt
12:40 Bryson joined #salt
12:44 dthom91 joined #salt
12:44 Malte can someone post a working basic sample for custom grains - i am not sure if the code must include a check to prevent a execution during highstate
12:46 colegatron drawsmcgraw, http://pastebin.com/9ntYr1wx
12:47 favadi joined #salt
12:53 pullphinger joined #salt
12:54 sunkist joined #salt
12:57 Malte sorry another question:
12:57 Malte grains_refresh_every in the config is per default 10 minutes ? is that right ?
12:57 Malte i am not sure about that (minion config)
12:58 silenth_ is anyone getting this when using salt-cloud to deploy ec2 instances http://paste.ubuntu.com/11914361/
13:00 scottpgallagher joined #salt
13:02 colegatron silenth_ yep
13:03 colegatron and you get stuck there right
13:03 colegatron ?
13:03 colegatron oh sorry. frustrated does not appears on my log. sorry
13:05 silenth_ colegatron: yeah it does the "{}" forever (or 10 minutes)
13:06 silenth_ colegatron: frustrated is the name I gave the host ;)
13:07 silenth_ if "-l debug" then the only helpful info I get is that it is going to wait 10 minutes for an IP
13:07 Tecnico1931 joined #salt
13:09 colegatron I get the instance running and salt keeps waiting to reach it, but for some strange reason it is unreachable
13:09 silenth_ colegatron: the instance is actually reachable (at least by ssh)
13:09 linjan joined #salt
13:10 RandyT colegatron: what does your network config look like in the profile?
13:10 silenth_ colegatron: salt-stack just doesn't know it has an Ip for some reason
13:10 RandyT happy to meet some other people using salt on ec2
13:10 silenth_ this _used_ to work
13:11 silenth_ seems many ppl are having problems with salt-cloud and ec2 - are any official salt ppl here?
13:11 RandyT is the public ip an eip? or autoassigned?
13:11 jaybocc2 joined #salt
13:11 colegatron silenth_, not the same problem then, sorry
13:12 colegatron RandyT, you can find the config http://pastebin.com/9ntYr1wx
13:12 breakingmatter joined #salt
13:13 colegatron there is no specification about subnet or similar. I only specify location eu-west-1
13:13 colegatron the commented out "availability_zone: eu-west-1a" in the config did not work neither
13:14 aparsons joined #salt
13:15 RandyT colegatron: and -l debug gives you nothing?
13:15 chiui joined #salt
13:15 RandyT colegatron: you are getting private ip assigned and is reachable?
13:15 Aidin joined #salt
13:15 colegatron the only strange I found in the logs was a unauth credentials error running ec2.list_nodes(), but that's not true (creds has all ec2 perms)
13:16 colegatron randyt: I can see the instance in the aws console, but it is not reachable (nor via private or public IP
13:16 colegatron )
13:16 colegatron if I launch the instance manually from the console, it works fine
13:17 losh joined #salt
13:20 rideh^ joined #salt
13:21 RandyT colegatron: sharing a config I use: https://gist.github.com/rterbush/6c6644ae292e4ab892b1
13:21 RandyT a bit more complex and honestly have not tried anything simple, but perhaps some ideas for you to be more specific about network interfaces, etc.
13:21 RandyT I'm deploying into subnets within a vpc, so it has to be more specific..
13:22 ingslovak joined #salt
13:22 RandyT but I am admittedly battling other challenges in assigning keys to instances and seem to be on a futile path to try to keep keys off of the local filesystem and instead in some secure storage or pillar
13:25 aqua^c joined #salt
13:27 tkharju joined #salt
13:27 mike25de hi guys... is there a way of merging pillar data ?  i have data stored into different pillars, and it may happen that the same KEY is in 2 pillars. Can i somehow merge pillar data? or make sure which one is overwriting what ?
13:28 quasiben joined #salt
13:28 perfectsine joined #salt
13:28 RandyT mike25de: It is my understanding (and not definitive) that it is all about order.
13:29 RandyT salt will use the first matching filename it finds based on the order
13:29 mike25de RandyT:  i have the same impression
13:29 mike25de thanks RandyT - i will test some more.
13:29 RandyT mike25de: np
13:30 icflournoy joined #salt
13:30 vkurup joined #salt
13:33 kaptk2 joined #salt
13:33 colegatron RandyT, Tnx, I'm going to try this
13:33 permalac joined #salt
13:33 mapu joined #salt
13:34 Deevolution joined #salt
13:34 RandyT colegatron: I think the useful part to you is probably the network_interfaces: section fwiw
13:34 silenth_ colegatron: good luck mate - let us know if you manage to work it out
13:34 colegatron RandyT, yep, I see
13:34 colegatron silenth_, sure.
13:37 scoates joined #salt
13:37 subsignal joined #salt
13:41 bluenemo joined #salt
13:41 bluenemo joined #salt
13:41 linjan joined #salt
13:43 aqua^c joined #salt
13:47 jaybocc2 joined #salt
13:49 catpig joined #salt
13:49 murrdoc joined #salt
13:50 racooper joined #salt
13:51 ekristen joined #salt
13:52 timoguin joined #salt
13:52 kawa2014 joined #salt
13:54 hasues joined #salt
13:55 hasues left #salt
13:58 favadi joined #salt
13:59 silenth_ anyone getting "Caught exception in wait_for_port" when using salt-cloud to deploy to ec2?
14:00 RandyT silenth_: I have not seen this. What version are you running?
14:01 adwark123 joined #salt
14:01 denys joined #salt
14:01 aqua^c joined #salt
14:01 twork i need a hint. i'm setting up ssh keys, reading: http://docs.saltstack.com/en/latest/ref/states/all/salt.states.ssh_auth.html#control-of-entries-in-ssh-authorized-key-files
14:03 twork i'd like to do something like the examle does for authorizing users for root accouns. but we don't ssh directly to root (usually), we use our own accounts and then sudo.
14:04 twork but, i'd still like a single point to set, "this user can log in everywhere, yes or no."
14:04 twork ...and just then i get called to a meeting. thanks all! it's been fun.
14:05 pcn Usually that's in ldap + sudoers in my experience
14:05 quasiben joined #salt
14:05 xintron joined #salt
14:06 newbie joined #salt
14:06 quasiben joined #salt
14:06 gcfhvjbkn http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.aptpkg.html#module-salt.modules.aptpkg
14:07 gcfhvjbkn what is the "debconf answers file" in this context?
14:07 silenth_ RandyT: 2015.5.2
14:07 gcfhvjbkn is it similar to the database man debconf mentions?
14:07 gcfhvjbkn http://manpages.ubuntu.com/manpages/natty/man7/debconf.7.html
14:08 gcfhvjbkn i hope not, otherwise it's needlessly complex
14:08 jdesilet joined #salt
14:08 gcfhvjbkn i'd rather specify answers right there in the states file
14:08 gcfhvjbkn something like debconf:
14:08 chiui joined #salt
14:08 gcfhvjbkn - username: root
14:08 gcfhvjbkn etc
14:09 twork pcn: that'd be great if we weren't an AD shop where we get charged per account. and i want to be independent of that whole rig in any event.
14:09 RandyT silenth_: you might try bumping up to a 2015.8 tag to see if the problem goes away. I've found that for much of the salt-cloud functionality I am using, I needed to go to newer release
14:09 pcn twork: have you looked at freeipa?
14:09 twork nope! a googling i will go...
14:10 druonysus joined #salt
14:10 druonysus joined #salt
14:11 silenth_ RandyT: how can I do that? docs are scarce on running dev versions
14:11 pcn Can anyone here describe how the pylint modules in salt-pylint are meant to be used?
14:12 twork pcn: looks nifty. but i'd like a way to add and remove uses (us, a handful of others) today. with salt! because, salt! i can do it, i just wanted to do it elegantly.
14:13 pcn twork: lowest hanging fruit is to create a pillar with a map of user: uid+gid+gid etc.
14:13 twork pillar! oh, duh.
14:13 RandyT silenth_: Here is how I have done it.
14:13 RandyT https://github.com/saltstack/salt-bootstrap
14:13 pcn Then create the relevent users
14:13 twork <- n00b, yet
14:13 pcn based on that pillar.
14:14 pcn Install the sudo formula, and use that to create an include file which permits a sudoers group to the sudoers.
14:14 RandyT silenth_: install_salt.sh git v2015.8.0.rc1 would grab latest tag
14:15 pcn Err.. that was worded poorly twork, but you understand I guess
14:15 RandyT silenth_: there may be dragons there, ... but I have not seen any yet (at least not that I recognized)
14:16 RandyT silenth_: bear in mind that I am new to saltstack and am about 3 weeks in. Might be case of blind leading the blind here
14:17 twork pcn: much thanks. makes good sense.
14:18 xintron I'm looking at the EC2-autoscale-reactor but sadly that one requires to run the API with webhook_disable_auth: True. Is it possible to have two salt-api instances running at the same time (one with auth and one without)?
14:19 tmilam this is my first time working with salt and i'm getting stuck....can someone please take a look at this and tell me what i'm doing wrong? file_roots: https://paste.ee/p/WJwRH
14:19 silenth_ RandyT: so I clone the first repo, then find the install_salt.sh and run with those arguments?
14:19 tmilam motd.sls & motd.template: https://paste.ee/p/0P803
14:19 pullphinger15 joined #salt
14:19 twork
14:19 twork ~
14:19 twork ~
14:19 twork ~                              VIM - Vi IMproved
14:19 twork ~
14:19 twork ~                               version 7.3.547
14:19 twork ~                           by Bram Moolenaar et al.
14:19 twork ~           Modified by pkg-vim-maintainers@lists.alioth.debian.org
14:19 twork ~                 Vim is open source and freely distributable
14:19 twork ~
14:19 twork ~                        Help poor children in Uganda!
14:19 twork ~                type  :help iccf<Enter>       for information
14:19 babilen gcfhvjbkn: You are aware of http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.debconfmod.html and http://docs.saltstack.com/en/latest/ref/states/all/salt.states.debconfmod.html aren't you?
14:19 gcfhvjbkn thanks
14:19 RandyT silenth_: no need to clone
14:19 toastedpenguin is it possible to use salt to get a list of process running on a windows server and any resource specifics like CPU or RAM?
14:19 aqua^c joined #salt
14:19 babilen twork: Well done! Now give some money to the poor children in Uganda!
14:19 twork sorry for the paste
14:19 twork klutz
14:20 ALLmightySPIFF joined #salt
14:20 tmilam top.sls: https://paste.ee/p/IYZXI
14:20 twork i hate the mac...
14:20 RandyT silenth_: instructions right on the README of that repo as to how to use it.
14:21 tmilam the error i'm getting when i run salt '*' state.highstate is "No Top file or external nodes data matches found"
14:21 ALLmight_ joined #salt
14:22 jaybocc2 joined #salt
14:22 tmilam is my syntax wrong for motd in top.sls? the motd.sls is in /srv/linux/motd/ ....i was wondering if salt can't find that with the syntax i used in top.sls
14:22 silenth_ RandyT: ok thanks - trying it now
14:23 RandyT toastedpenguin: http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.win_service.html
14:24 babilen tmilam: You might want to add another space before "- motd". What are the semantics of the "linux" environment? Did you configure that environment in your master config?
14:24 pullphinger joined #salt
14:25 babilen (note that environments are rather for modelling certain deployment/testing scenarios than keeping OS specific states apart)
14:25 tmilam babilen: you mean the file_roots in /etc/salt/master ? https://paste.ee/p/WJwRH
14:26 tmilam ahhhh...yes, of course
14:26 tmilam i need to read up on how to keep those seperate
14:26 kawa2014 joined #salt
14:26 primechuck joined #salt
14:27 tmilam added a space, still the same error
14:27 tmilam need to fix that file_roots so it is not OS specific...that is going to bug me
14:27 tmilam now that i know
14:28 babilen tmilam: I'm not necessarily saying that your differentiation is wrong, but I think that you might want to reconsider your design. The actual problem you face is probably caused by the fact that your minion is *not* in the linux environment. I would, however, like to point out that you should keep *all* your states in base and simply make sure that they do the right thing on linux, solaris or aix. That way yo
14:28 babilen u say "- openssh" in your top.sls and you ...
14:28 babilen ... know that the right thing will happen on each of these platforms.
14:29 tmilam i agree with you about the design. i'd set it up that way out of ignorance to be frank.
14:29 tmilam i'm not sure how to put a minion in an particular environment
14:29 tmilam seems like that would be a basic thing, but i missed reading on that
14:30 babilen You could then start using environments such as "dev", "qa" or "prod" to tell different classes of minions apart which allows you to model different deployment strategies. (e.g. you start changing stuff in "dev", test it on your "dev" minions, then move it to "qa" and so on ...)
14:30 tmilam that's exactly what i need. i have disaster recovery, test, and prod environments
14:31 babilen You assign minions to environments in your top file, which you have done by using "linux: '*' - motd" (all minions are in that environment and get the motd state)
14:32 babilen So, I'd change "linux" to "base" for now and move /srv/salt/linux/motd.sls to /srv/salt/motd.sls, adapt the master configuration and try again.
14:32 tmilam ok, i'll do that
14:32 tmilam thanks for taking the time to explain
14:32 babilen On second thought I'm not entirely sure why it isn't working for you as it is :_
14:32 murrdoc Error parsing configuration file: /etc/salt/master.d/autoreject.conf - conf should be a document
14:32 murrdoc thoughts ?
14:35 babilen Your autoreject.conf file isn't a document
14:35 babilen (why it should be or what that even means is beyond me)
14:35 * murrdoc throws a monkey at babilen
14:35 stoogenmeyer hey guys, what's the difference in a reactor file between cmd.<something> and local.<something?
14:35 * babilen catches the monkey, patches it and throws it back
14:36 babilen stoogenmeyer: Is there one?
14:36 * murrdoc over feeds monkey , throws monkey at babilen so monkey can poop on babilen
14:36 stoogenmeyer I don't know (-:
14:36 * murrdoc keeps it kindergarten
14:37 favadi joined #salt
14:37 Riz joined #salt
14:37 aqua^c joined #salt
14:38 babilen stoogenmeyer: I've only ever used local.MODULE.FUNCTION
14:39 clintberry joined #salt
14:39 stoogenmeyer on the salt docs there's two examples, one for reacting with a highstate, and one for reacting with a sync_all. One is using cmd.* and one is using local.*
14:39 stoogenmeyer https://docs.saltstack.com/en/develop/topics/reactor/index.html#syncing-custom-types-on-minion-start
14:39 stoogenmeyer http://docs.saltstack.com/en/latest/topics/cloud/reactor.html#example-reactor-based-highstate
14:41 babilen stoogenmeyer: I don't think there is a difference and I do find "cmd = local" in the code
14:41 stoogenmeyer oh wow you dont say.. ok
14:42 babilen You might argue that it is simply there to confuse you
14:43 murrdoc babilen:  i thought cmd worked in orchestrate and local in reactor ?
14:44 shantano1 joined #salt
14:44 QuisaZaderak joined #salt
14:51 sunkist joined #salt
14:51 joeto joined #salt
14:53 Brew joined #salt
14:53 jab416171 joined #salt
14:56 aqua^c joined #salt
14:57 cberndt joined #salt
15:00 zmalone joined #salt
15:03 tomasq anyone familiar with matching on a grain for a require: without using some jinja if statements
15:04 colegatron RandyT, just re-installed with "sudo sh install_salt.sh -M" but now I have not salt-cloud
15:04 esharpmajor_ joined #salt
15:04 colegatron RandyT, how do I now deploy the aws instance? confused...
15:05 ange_ joined #salt
15:06 Laogeodritt| joined #salt
15:06 phpdave11_ joined #salt
15:07 colegatron previously I installed the salt-cloud package, but due the issue I thought it would be better to install the last version... but it has not salt-cloud :-/
15:08 dfinn joined #salt
15:08 gadget-girl where does salt put npm package that it installes
15:08 dude051 joined #salt
15:09 speriyasamy joined #salt
15:11 cowpunk21 joined #salt
15:13 malte joined #salt
15:13 malte hello
15:13 malte is {{ salt['grains.get']('os') }} executing a execution of the grains ?
15:14 UtahDave joined #salt
15:14 druonysus joined #salt
15:14 druonysus joined #salt
15:14 aqua^c joined #salt
15:15 gadget-girl https://gist.github.com/sarasfox/0fc3fe42f3ae4b3b4bb5 what is this borken
15:15 mpanetta joined #salt
15:16 murrdoc not unless its cached malte
15:16 thalleralexander joined #salt
15:16 catpig joined #salt
15:17 zsoftich1 joined #salt
15:17 UtahDave gadget-girl: you need to change line 2 to this:    npm.installed:
15:17 UtahDave missing colon
15:17 evle joined #salt
15:17 tongpu joined #salt
15:17 pizzahead joined #salt
15:17 murrdoc yeah … gadget-girl try out salt 'minionname' state.show_sls path.to.sls
15:17 murrdoc to make sure it passes fine
15:17 murrdoc and all that
15:17 murrdoc sup UtahDave !
15:19 UtahDave hey, murrdoc!
15:19 sdm24 joined #salt
15:21 breakingmatter joined #salt
15:22 murrdoc hows things man
15:24 chitown hey guys... am having an issue with state.top and a pillar
15:24 chitown created a new host using salt-cloud
15:25 chitown i try to run "state.top bootstrap.sls" and get:
15:25 chitown Data failed to compile:
15:25 chitown ... Rendering SLS 'mp_versions' failed. Please see master log for details.
15:25 chitown but, the following works fine: "sudo salt host pillar.item mp_versions"
15:25 chitown somewhere in the master its cached that something is broken
15:26 linjan joined #salt
15:26 chitown also, i can run the state.top using salt-call on the client and its fine
15:26 chitown any thoughts?
15:28 cowpunk22 joined #salt
15:30 jalbretsen joined #salt
15:31 UtahDave joined #salt
15:32 RandyT colegatron: how have you been deploying aws instance?
15:33 b18 joined #salt
15:33 RandyT colegatron: salt-cloud -p profile_name instance_name is what I am doing
15:33 cromark joined #salt
15:33 dustywusty joined #salt
15:34 colegatron joined #salt
15:36 colegatron seems the ubuntu packages and bootstrap install does not install the same components. After remove ubuntu packages and install salt though the shell script, I can't find the salt-cloud binary
15:37 stephanbuys joined #salt
15:37 colegatron can someone give me a clue where to find salt-cloud or how to deploy an ec2 instance with the default salt installation? (I've installed minion and master)
15:40 UtahDave colegatron: apt-get install salt-cloud
15:41 UtahDave chitown: can you provide sanitized output of   salt '<minion>' state.top bootstrap    ?
15:41 colegatron UtahDave: but will it work fine alongside the bootstrap installation?
15:41 colegatron UtahDave: I've read salt-cloud is now mergedd into the salt master.. it is confusing to me.
15:42 UtahDave colegatron: yeah, the salt-cloud binary should get installed along with the salt master
15:42 colegatron ok. tnx, I'm going to look for the latest version of salt-cloud as well
15:43 coval3nce joined #salt
15:43 chitown UtahDave: its only a few lines.... paste here in iRC?
15:43 UtahDave chitown: if it's only 3 or 4 lines
15:43 chitown master $ sudo salt host-1 state.top bootstrap.sls test=true
15:44 chitown host-1:
15:44 chitown Data failed to compile:
15:44 chitown ----------
15:44 chitown Pillar failed to render with the following messages:
15:44 chitown ----------
15:44 chitown Rendering SLS 'mp_versions' failed. Please see master log for details.
15:44 nzero joined #salt
15:45 iggy did you check the master log?
15:45 aw110f joined #salt
15:46 chitown again, if i run the same command on the host, its fine
15:46 shantanoo joined #salt
15:46 chitown iggy: yes, there are no errors in the master log
15:47 UtahDave can you pastebin a sanitized version of mp_versions.sls ?
15:47 chitown no messages... no info... it just says;
15:47 murrdoc or paste in your pillar into yaml-online-parser.appspot.com
15:47 chitown uh..... thats gonna be a little tougher...
15:47 chitown it has a few jinja calls
15:47 murrdoc and u hvae jinja rendering on ?
15:47 chitown (few = many :/ )
15:48 murrdoc its default so i presume u do
15:48 chitown yes... again, the key thing is the exact same thing works fine on the minion with salt-call
15:48 murrdoc so salt-call pillar.get mp_something works
15:48 chitown yes
15:48 murrdoc but salt 'minoin' pillar.get mp_something doesnt ?
15:48 murrdoc you are missing python libs
15:49 murrdoc ?
15:49 chitown actually, salt host pillar.item mp_versions  works, too
15:49 chitown i have done sync_all a few times
15:49 chitown state.top is the only thing broken and it is NOT broken using salt-call... its very odd
15:50 murrdoc i dont even know what state.top is
15:50 chitown i tried clearing the cache (salt-run cache.clear_all host-1)
15:50 murrdoc is that the new new highstate
15:50 chitown sorta... just think of it somewhere between highstate and state.sls
15:50 murrdoc what does it not do that highstate does ?
15:50 murrdoc also salt host saltutil.refresh_pillar
15:51 murrdoc salt host pillar.get mp_versions
15:51 murrdoc does that work
15:51 chitown i break up "highstate" into "bootstrap" (which updates dpkg, iunstalls users, etc) vs "deploy" (which installs our custom apps)
15:51 chitown yes, that pillar.get works just fine
15:52 whytewolf murrdoc: state.top executes a specific top file instead of the default. http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.state.html#salt.modules.state.top
15:52 chitown for some legacy reasons... our "highstate" has some circular logic... so, installing a new host means i have to run it a few times to clean that up...
15:52 whytewolf chitown: is bootstrap.sls a top file?
15:53 chitown yes
15:53 dfinn joined #salt
15:53 chitown again, it works fine with salt-call and it works fine once the host is "cleaned up"
15:53 chitown oh, ftr; the host is USUALLY ok if i restart the minion
15:54 chitown but, i am trying to do this in automation and restarting the minion is kind of a problem
15:54 shantanoo joined #salt
15:54 whytewolf salt-call working does not mean it is fine on the master. it just means that the minions local copy of it was fine at the time
15:54 chitown also, this is VERY repeatable... i.e. this isnt a one-time thing i just need to work around. i need to figure out how to fix it.
15:54 chitown yes, i know... which is why i thought clearing the host's cache would help
15:55 chitown its so frustrating b/c it SHOULD be working :(
15:56 chitown and b/c the master's long doesnt say sh*t.... :/
15:56 chitown log*
15:56 sttwister joined #salt
15:56 whytewolf chitown: ignore the log add -l debug to the command.
15:56 jasonrm joined #salt
15:57 chitown blek.... nothing :(
15:57 shantanoo joined #salt
15:57 chitown lots of debug about reading config... etc
15:57 murrdoc versions ?
15:57 chitown no errors, no warn....
15:58 chitown same: no errors, no wanrs... just debug about reading configs, etc
15:58 chitown oh, versions of salt?
15:58 whytewolf yes, on both minion and master
15:58 sttwister does anyone know if you can reference a pillar file when a running a salt command? i.e.     salt '*' state.highstate pillar=foobar.sls      instead of     salt '*' state.highstate pillar='{"foo": "bar"}'
15:58 chitown 2014.7.5 on both
15:59 Deevolution joined #salt
15:59 chitown one of my states fails on 2015.? and i havent been able to fix it, yet
15:59 chitown (which is why i am stuck on 2014 for the moment)
16:02 whytewolf well. one more thing to try if you really want to clear out the cache. shut the minion and master down. then delete the contents of /var/cache/salt/master/* and /var/cache/salt/minion/* then restart both. will have to sync_all again and refresh_pillars
16:02 chitown ya, i cant do that.....
16:02 murrdoc man i cant get jobs.active to return
16:02 murrdoc pain!
16:03 chitown murrdoc: lol... big job cache?
16:04 chitown whytewolf: if i restart the minion it works. but, this is an ongoing problem and part of some larger automation. i cant restart the minion every time i run into this
16:04 chitown which is why i am looking for some other solution
16:04 whytewolf chitown: I wasn't sugesting just the minion.
16:04 whytewolf have you looked into updateing to 2014.7.6
16:04 chitown restarting the master is worse :)
16:05 whytewolf see if there is a fix
16:05 spookah joined #salt
16:05 chitown not .6. i did try 2015.something...
16:05 chitown i can definitely do that
16:06 chitown thanks for the help!  (I'll back later to give an update :> )
16:07 stephanbuys hi all, is it possible to access pillar data from a reactor?
16:08 stephanbuys or just somehow induce the data in one sls file to be available to the master for use in reactor?
16:08 murrdoc yes
16:08 stephanbuys murrdoc: I would usually (in my normal state files) do, salt['pillar.get']('Key')
16:09 jondonas joined #salt
16:09 murrdoc what are u trying to do with the pillar data ?
16:09 murrdoc match on it ? or use it
16:09 stephanbuys I have a list of pre-approved machine names in an array
16:10 stephanbuys I would like to do a reactor to auto-accept the minions listed in that pillar structure
16:10 murrdoc ah
16:10 stephanbuys its almost a vanilla copy of the method in the reactor example
16:11 murrdoc you are unable to do {% if data['id'] in salt.pillar.get('on-the-list')
16:11 murrdoc ?
16:12 aparsons joined #salt
16:12 sk_0 joined #salt
16:13 iggy reactor runs in the master context, pillar really shouldn't be used there (except as murrdoc points out, to target)
16:13 stephanbuys murrdoc: yeah
16:13 Akhter joined #salt
16:16 Akhter Hey guys, I'm trying to write a custom module that terminates machines that have been running more than 7 minutes, however I get when executing it 'modulename' __virtual__ returned False
16:16 Akhter https://gist.github.com/AkhterAli/acbb8540172464eada0d
16:16 stephanbuys iggy: is there a way I can get just the one sls file read into the master context somehow?
16:16 stephanbuys iggy: oh, and how would I "get" the data then in Jinja. I'm assuming salt.grains.get?
16:17 iggy grains also shouldn't be used in the master context
16:17 iggy the only thing that should be used in the master context is master config
16:19 stephanbuys iggy: so any suggestion how I could use an external file and somehow read its data in the reactor? As explained, I just want to provide the reactor with a pre-approved list of minions
16:20 iggy you're reimplementing autosign_file
16:21 Bryson joined #salt
16:22 aparsons joined #salt
16:22 kitplummer joined #salt
16:22 stephanbuys iggy: wasn't aware of the autosign_file :)
16:22 stephanbuys checing...
16:22 stephanbuys s/checing/checking/
16:22 kitplummer hey guys.  what's the best way to 'reprovision' a single machine from a salt-cloud map?
16:23 iggy define reprovision
16:23 iggy but generally if we have something wrong, we just delete the machine and re-roll it
16:23 kitplummer iggy: terminate and provision
16:24 kitplummer if i run the salt-cloud -P command it'll just start the missing machine?
16:24 stoogenmeyer joined #salt
16:24 perfectsine joined #salt
16:24 iggy Akhter: that doesn't look like a module
16:25 stoogenmeyer hey guys, 2 questions: Does anybody here have experience using salt and autoscaling minions?
16:25 iggy kitplummer: that's a majority of the point of using maps
16:25 ekristen joined #salt
16:25 kitplummer iggy: just wasn't sure if there was a way to terminate it with salt-cloud.
16:25 Akhter iggy: I'm trying to write something similar to that and turn it into a module.  I'm reading through http://docs.saltstack.com/en/latest/ref/clients/index.html#python-api right now, but I'm not sure of what I'm missing.
16:25 tkharju joined #salt
16:26 stoogenmeyer And #2, is there a way to change a minion's mine update interval without restarting it?
16:26 Akhter iggy: Could you point me to the right docs.
16:26 cowpunk22 joined #salt
16:26 murrdoc !salt modules.schedule
16:26 murrdoc !salt salt.module.schedule
16:26 murrdoc !salt module.schedule
16:27 kitplummer stoogenmeyer: you want to run the minion after the autoscaled machine gets provisioned?
16:27 stephanbuys iggy: is there an example of a autosign_file anywhere?
16:27 stoogenmeyer kitplummer: yes
16:29 kitplummer stoogenmeyer: do you have an ami that already has the base minion config in it that would connect to the master?
16:29 stoogenmeyer I saw that there's a feature on the develop branch for working with aws autoscale groups which detects new minions and bootstraps them, but is there a simpler way that someone is using?
16:29 stoogenmeyer kitplummer: no, stock ubuntu images. I rely on the minion id to know which services should go on it (<env>.<role>.<index>)
16:30 druonysuse joined #salt
16:31 kitplummer that was the problem i ran into.  you can define that stuff in the autoscale group right, so it is passed in as user data.  you'd probably need a rc.local bootstrap to get that into the minion config though.
16:31 tkharju joined #salt
16:31 pickledpig joined #salt
16:32 stoogenmeyer kitplummer: so you ran into a similar situation? Did you manage to resolve it? I'm sort of disliking doing it using salt as it's so hacky
16:34 kitplummer ultimately, i just created a 'packaged' AMI that has the stuff i need already loaded (done with Salt).  i do have to pass in some user data, that is consumed by a local application running.  but i didn't ever figure out how to get the minion to run smoothly in the process.  also i was worried about the provision time being too long.
16:36 iggy stephanbuys: no clue, I assume from the description that it's a fairly simple format
16:36 stephanbuys iggy: thanks, I'll experiment
16:36 iggy Akhter: there's some examples in salt-contrib
16:37 jaybocc2 joined #salt
16:37 iggy murrdoc: saltstackbot is gone
16:38 twork i'm trying to read the docs for the pillar and it's not making sense. can someone point me to some more fleshed out examples than what's in the modules doc?
16:38 Akhter iggy: So I'm essentially missing the __virtual__ and any other private methods/functions.
16:38 iggy Akhter: modules also don't need to read config files or worry about setting up the dunder dicts (i.e. __grains__)
16:39 colonD joined #salt
16:39 iggy Akhter: the python api docs are for writing standalone scripts that speak salt, not for writing modules that run inside salt
16:39 twork like when would i use pillar.item vs. pillar.get? at the command line i see that output differs, not the purpose of the distinction.
16:39 murrdoc iggy:  BRING BOT BACK
16:40 Akhter iggy: Thank you.
16:41 iggy twork: in states, always use pillar.get (the main difference is that pillar.item(s) does a refresh of pillar data each time it's run, and pillar.get supports nested lookups i.e. pillar.get nginx:version
16:42 iggy murrdoc: I probably will at some point... there were some complaints about it and I don't have time right now to address those complaints
16:42 twork thanks iggy
16:43 twork "ignore pillar.item(s)" i guess gets me what i need for now
16:43 crazyfrench left #salt
16:43 Dev0n_ joined #salt
16:43 jaybocc2 joined #salt
16:43 gmoro joined #salt
16:44 shantanoo joined #salt
16:45 iggy that's going to be used on the command line more often (i.e. salt '*' pillar.item nginx)
16:46 iggy when you don't want to use saltutil.pillar_refresh -> pillar.get constantly
16:46 iggy but it would be terrible in states
16:46 tkharju joined #salt
16:49 stoogenmeyer kitplummer: thanks for elaborating. But when you get a new minion due to autoscaling (I'm assuming this happens because of AWS), then how do you get the salt-master to automatically accept the minion key? Using salt-cloud it happens automatically for me but in that case the master is doing it
16:50 terratoma joined #salt
16:50 scoates joined #salt
16:51 tkharju joined #salt
16:53 UtahDave stoogenmeyer: you can set up the salt master's web hook to accept a call from aws to accept a new autoscaling minion
16:53 kitplummer stoogenmeyer: while not secure, you can set to auto_accept: True in the Salt master config.  i don't believe there's a way to do it
16:53 kitplummer so that only specific hostnames are accepted.
16:54 ajw0100 joined #salt
16:54 UtahDave stoogenmeyer: take a look at this: https://github.com/saltstack-formulas/ec2-autoscale-reactor
16:55 kitplummer UtahDave: I've been looking for that too.  Cheers.
16:56 stoogenmeyer Yea I saw that.. but didn't want to have to install from the develop branch
16:56 stoogenmeyer I like the idea of web hook, do you maybe know of a guide explaining the process?
16:56 UtahDave I don't think you have to have develop anymore
16:57 UtahDave I think that example was written a while ago.  I think all the necessary pieces are in released versions of Salt now
16:58 druonysuse joined #salt
16:58 druonysuse joined #salt
16:59 stoogenmeyer alright, I'll give that a try. Looks cool. Do you happen to know (because I've never worked with autoscaling before), what is the minion id that aws would give a newly created machine? I'm asking because my whole deployment relies on minions ids
17:00 pcn stoogenmeyer: have you looked at how ec2 launches work with user_data?
17:01 stoogenmeyer pcn: nope, why?
17:01 linjan joined #salt
17:04 hal58th_ joined #salt
17:04 pcn If you want some control, like declaring "this is a foo minion" you could put something into the user_data like gettin instance_id and configuring the minion with foo-instance-id
17:05 shantanoo joined #salt
17:06 tkharju joined #salt
17:06 druonysus joined #salt
17:07 forrest joined #salt
17:07 kitplummer pcn: but the problem still exists that the salt-master has to accept a key.
17:08 twork okay, suppose i have a layout like: https://gist.github.com/mjinks/de5c8e29c2795e0433f6  ...so far, is that layout right? 'data', 'stuff', 'scream' and 'yell' all refer to sls files in the pillar directory?
17:08 breakingmatter joined #salt
17:09 tkharju joined #salt
17:09 kitplummer i've done similar stuff with Puppet, which has the ability to define domain-name globs - so you can set the hostname, then have the agent connect using that...so at least you don't have to accept _all_ keys
17:09 KyleG joined #salt
17:09 KyleG joined #salt
17:09 iggy twork: if you want mumble to be a saltenv, then yes
17:09 twork if i've got it right so far: what's the function of the 'mumble' and 'shout' items? how would i refer to them in a state?
17:09 pcn kitplummer: When you have a known naming scheme, you can listen for SNS notifications of ASG changes, and script accepting new minion keys when they match (http://docs.aws.amazon.com/AutoScaling/latest/DeveloperGuide/ASGettingNotifications.html)
17:10 iggy twork: mumble would be a saltenv, shout would be a minion_id
17:10 kitplummer pcn: ah.  yeh, that'd work.
17:10 ageorgop joined #salt
17:11 twork aha.
17:24 ageorgop joined #salt
17:25 gcfhvjbkn joined #salt
17:27 zsoftich1 joined #salt
17:28 tmclaugh[work] joined #salt
17:29 shantanoo joined #salt
17:29 theologian joined #salt
17:29 wendall911 joined #salt
17:30 tmilam [DEBUG   ] Could not find file from saltenv 'base', 'salt://top.sls'
17:30 tmilam my base file_root is /srv/salt
17:30 tmilam errr.../srv
17:31 tmilam and i have a /srv/top.sls ....confused
17:31 tmilam i don't know how it's not seeing it
17:31 cliluw joined #salt
17:31 matthew-parlette joined #salt
17:32 ageorgop joined #salt
17:32 iggy cp.list_master
17:33 tmilam just says local:
17:33 tmilam huh...
17:33 UtahDave have you restarted the salt-master daemon after changing your file_roots?
17:34 tmilam yes
17:35 tmilam service salt-master stop, nothing comes up from ps-ef | grep salt, then service salt-master start
17:35 tmilam i've done something wrong here somewhere...just not sure where i screwed up
17:38 sgargan joined #salt
17:38 blah joined #salt
17:39 iggy salt-call config.get file_roots ?
17:39 iggy don't know if that pulls minion or master config though (probably minion)
17:40 dfinn joined #salt
17:41 breakingmatter joined #salt
17:42 Akhter joined #salt
17:43 Akhter iggy: Sorry to bug you again, would you mind checking this would work as a module.  https://gist.github.com/AkhterAli/c276f2c0e725e6ead6d6
17:44 iggy Akhter: no
17:44 iggy but good idea
17:44 iggy the module loader doesn't reload the modules constantly
17:44 tiadobatima1 joined #salt
17:44 iggy so it would load once and then just stay loaded
17:44 Akhter I understand I would need to run saltutil.sync_modules.
17:45 Akhter But it should work after I sync the modules?  I understand I have some logic to fix in the module itself.
17:46 tmilam iggy: i tried that command, and the minion says https://pastee.org/2tyh9
17:46 tmilam looks right to me
17:47 iggy you said /srv
17:47 iggy (/srv/salt is the default)
17:48 tmilam wow you're right
17:48 tmilam that's it!
17:48 aqua^c joined #salt
17:49 Akhter iggy: "#!/usr/bin/env python " is not required for salt modules, correct?
17:50 iggy Akhter: no
17:50 tmilam ahhhhh.....IT'S ALIVE!
17:50 tmilam thanks iggy
17:51 iggy is it weird that I read your nick as trilam(bda)
17:52 tmilam trick of the mind, i suppose
17:54 baweaver joined #salt
17:54 baweaver_ joined #salt
17:56 shantanoo joined #salt
17:57 gnord joined #salt
18:01 denys joined #salt
18:02 UtahDave hey all you rackers out there,  is pyrax still to go to python module for rackspace/openstack?
18:05 seth__ joined #salt
18:06 aqua^c joined #salt
18:08 murrdoc wrong window?
18:11 evidence joined #salt
18:11 benvon joined #salt
18:12 gchao joined #salt
18:12 xenoxaos joined #salt
18:12 geekatcmu joined #salt
18:12 virusuy__ joined #salt
18:15 berto- joined #salt
18:15 skarn joined #salt
18:15 Edgan joined #salt
18:15 [vaelen] joined #salt
18:15 PrincessZoey joined #salt
18:15 PrincessZoey joined #salt
18:16 techdragon joined #salt
18:17 hardwire joined #salt
18:18 _habnabit joined #salt
18:20 stephanbuys joined #salt
18:22 hamburglar joined #salt
18:22 ddrescueb2048 joined #salt
18:23 linkedinyou joined #salt
18:24 amcorreia joined #salt
18:25 aqua^c joined #salt
18:26 slav0nic joined #salt
18:27 ddrescueb2048 I am new to salt and have a question about the syntax of jinja to match a grain.  I have some nodes that have hostname foo1,foo2,bar1,bar2,asdf1.  I want to match within a sls using a if-elseif.  I have {% if grains['host'] == 'foo*' %} and I want to follow that with {% elif grains['host'] == '*' %} but that does not seem to work.  Is there another way that globbing should be handled
18:28 aw110f joined #salt
18:29 iggy ddrescueb2048: that's not how python works (and jinja is basic python)
18:29 jaybocc2 is anyone generating salt-keys using pure python rather than the CLI?
18:30 Gareth joined #salt
18:32 druonysuse joined #salt
18:32 druonysuse joined #salt
18:32 Gareth morning morning
18:33 zsoftich1 joined #salt
18:33 ALLmightySPIFF joined #salt
18:34 ddrescueb2048 iggy: I am also new to python.  I am trying to port from puppet to salt and am working in a test environment ATM.  Can you maybe link me to some reading material to help me get pointed in the right direction?  Saying 'thats not how it works' is rather unhelpful.  Its obvious that isnt how it works because it doesnt work.
18:34 iggy read jinja docs, python docs
18:34 aqua^c joined #salt
18:34 iggy or be more specific about what you're trying to do and we can help with examples
18:35 ALLmight_ joined #salt
18:37 ddrescueb2048 I am trying to match the 'host' grain: if host==foo* do this elseif host==* do that.  I have this working in the case of if os==ubuntu elseif os==centos.  The working sls is able to find exact matching.  I am really just confused how to incorporate globbing
18:38 ageorgop joined #salt
18:38 iggy you can't match globs
18:39 ddrescueb2048 Does it support regex?
18:39 iggy no
18:39 iggy you can use normal python string functions
18:39 drawsmcgraw ddrescueb2048: Easier to say "If the hostname is in grains" instead of "If grains contains the hostname"
18:39 drawsmcgraw e.g.: http://dpaste.com/1AD96KN
18:40 drawsmcgraw that example makes use of what Iggy is talking about (normal python string functions)
18:40 ferbla joined #salt
18:40 iggy {% if grains['id'].startswith('foo') %}
18:40 cliluw joined #salt
18:40 drawsmcgraw Although that's a little more precise, yes.
18:40 ddrescueb2048 Oh, I see.  Thank you for that.  That is very helpful in understanding how to structure this.
18:40 iggy {% if 'foo' in grains['id'] %}
18:41 iggy {% if grains['id'] in ['foo1', 'foo2', 'bar1'] %}
18:45 ddrescueb2048 Awesome, this makes a lot more sense.  Thank you very much Iggy and drawsmcgraw!
18:45 drawsmcgraw sure thing. Good luck!
18:47 cowpunk22 joined #salt
18:48 ageorgop joined #salt
18:51 baweaver joined #salt
18:52 aqua^c joined #salt
18:54 tmilam i have a rhel7 template. every time i deploy this template and then set the hostname to whatever, salt-master is still seeing the hostname 'rhel7template'
18:55 tmilam i've changed the hostname with the hostname command, changed /etc/sysconfig/network /etc/hosts, /etc/sysconfig/network-scripts/ifcfg-<nic>
18:55 tmilam anything else i'm missing?
18:55 tmilam also restarting the minion
18:55 drawsmcgraw tmilam: changing the machine name will not affect the minion ID
18:55 murrdoc UtahDave:  u got a second
18:55 murrdoc or a lil bit of time
18:55 murrdoc need to know whats the best way to run this
18:55 tmilam drawsmcgraw: how do you force the minion id to change?
18:56 drawsmcgraw You'll need to 1) Update the file /etc/salt/minion_id 2) restart the minon 3) on the master -> delete the old minion key and accept the new one
18:56 drawsmcgraw Unfortunately changing the Minion ID is one of those currently-unsolved problems :/
18:56 tmilam drawsmcgraw: thank you, i'll add that to my notes
18:56 murrdoc UtahDave:  salt minionanem system.reboot && salt-run state.event 'salt/minion/minionane/start' && salt minionanem state.highstate
18:56 drawsmcgraw yep
18:57 XenophonF joined #salt
18:57 twork i owe a beer or a tofu slider or something to whoever wrote the sudoers formula. educational.
18:58 murrdoc a tofu slider
18:58 murrdoc brillian
18:58 murrdoc sudoers is probably not the formula to use
18:58 twork you think i made this up
18:58 murrdoc users is better and handles sudoers
18:59 twork ok, will look to that one next... something in the back of my head says i already did, and turned away for some reason
19:01 tipiak joined #salt
19:01 aqua^c joined #salt
19:01 tipiak hi !
19:02 kevinquinnyo joined #salt
19:02 tipiak i would like to rewrite a pillar value inside a state
19:02 tipiak like {% pillar['apache']['key'] = 'value' %}, is this syntax possible in someway ?
19:02 zmalone joined #salt
19:03 tipiak or maybe force a pillar to a value, before being processed by a state
19:03 XenophonF tipiak: why?
19:03 murrdoc Gareth:  o/
19:04 tipiak for example, I'm calling the apache module, and I would like the user to configure some information in the pillar, but I would like to force certain value in the state that i'm writing
19:04 tipiak an then include the apache state
19:05 tipiak XenophonF: should i concluse that it's not possible right now ? ;)
19:05 XenophonF tipiak: i don't know whether it's possible to change pillar values from jinja---or whether you'd want to
19:05 XenophonF tipiak: but there may be an easier way to accomplish want you want
19:06 kevinquinnyo i have a pillar related question to when someone gets a chance:  I'm using various pillar configurations for different types of web clusters and i'ld like to use ext_pillar to keep them in github private repo
19:06 XenophonF tipiak: if you want to ensure there's a default value, use the pillar.get() method, e.g., pillar.get('key1:key2', 'default-value')
19:06 wryfi can somebody help me with what is probably a stupid yaml error?
19:06 kevinquinnyo wondering if i should organize the clusters using git branches with a single /srv/pillar directory, or make a bunch of directories with one git branch, say master
19:06 wryfi https://gist.github.com/wryfi/f631fe81390fc6c42f52
19:06 XenophonF tipiak: but i'm still not sure why you'd want to override (in jinja) the value of a pillar key
19:07 wryfi when i try to run highstate with those sls files, i get 'Data failed to compile, ID pkg.installed in SLS admin is not a dictionary'
19:07 tipiak XenophonF: then i should warn the user to not set the value in the pillar, and use pillar.get with a default value
19:08 XenophonF tipiak: are you writing a formula or something?
19:08 XenophonF who is this user of whom you speak, if it ain't you?
19:08 tipiak yep, actually its a formula to configure owncloud
19:08 XenophonF why wouldn't you want people to set things in pillar?
19:09 tipiak with this context you might have a better understanding of what i'm trying to do :p
19:09 XenophonF also, do you know about https://github.com/saltstack-formulas/owncloud-formula?
19:09 XenophonF it's ubuntu-only, but it should be portable
19:09 tipiak i have forked this repo
19:09 bluenemo joined #salt
19:10 tipiak in the map.jinja, i set a value called www_root, which represent the root directory of the owncloud server, installed by the appropriate package, for each distro
19:10 tipiak because this path might change
19:10 XenophonF OK
19:11 tipiak in my pillar i'm including an apache pillar configuration file
19:11 Deevolution left #salt
19:11 tipiak which is defining an apache vhost basically
19:12 tipiak and i would like to rewrite the apache:sites:example.com:RootDirectry to the one being set under 'www_root' in my map.jinja
19:12 XenophonF oh
19:12 XenophonF don't do that
19:12 XenophonF let the user do it
19:12 aphor joined #salt
19:12 tipiak but the user doesn't have to know this information
19:12 XenophonF or at least here's my approach for web apps - take it or leave it
19:12 tipiak since I determine it in the map.jinja
19:13 XenophonF treat the web app and web server configs as separate, but leave instructions to the user for how to wire them up via pillar
19:13 tipiak if it'm running under fedora, it will be /usr/share/owncloud, whereas i'm running under debian, it will be /var/www/owncloud
19:13 Deevolution joined #salt
19:14 tipiak I have 2 separate states
19:14 XenophonF so in your pillar.example, show an apache vhost config and leave a comment saying something like "be sure to change this to match your o/s! (see map.jinja for the default locations)"
19:14 tipiak owncloud, which add the appropriate repo and install the owncloud-server package (only the php app)
19:14 aphor Is there a reason why we don't use a decorator to standardize some salt state operations on files like the file.managed state and archive.extracted state?
19:14 tipiak but this would imply an effort of the user
19:15 tipiak which salt can take care of
19:15 tipiak and which is the goal of map.jinja i thought
19:15 XenophonF i personaly think that it's acceptable to push some of the wiring into jinja
19:15 aphor I kinda want source_hashes kwarg in archive.extracted like file.managed has..
19:16 XenophonF otherwise, you have to figure out (in your ownclould formula) how to mutate an existing apache (or nginx) config
19:16 XenophonF you might want to include a "webapp.apache" or "webapp.nginx" or "webapp.iis" state to handle any web server-specific setup
19:17 tipiak web, i can handle that too
19:17 XenophonF but i'd leave actually publishing the app to the end user and their respective web server vhost formula stuff
19:17 XenophonF and just leave an example config in pillar.example
19:17 tipiak my main pillar, which is owncloud, has a key named 'server'
19:17 XenophonF like, what if i have 20 vhosts - how will you know which one to install into?
19:18 tipiak i see
19:18 XenophonF or what if i'm not using apache
19:18 tipiak but you lost the information of the location of the owncloud server
19:18 XenophonF not really - i'd just have to program that into the pillar i assign my web server
19:18 hal58th joined #salt
19:18 XenophonF i dunno - that's just my approach
19:19 XenophonF i ended up writing my own apache formula
19:19 ayee How can I make a directory purge anything that salt didn't explicitly put there?
19:19 XenophonF so i tend to look at other web app formuals and hope that they're self-contained, because if they depend on the "official" apache formula, they'll break
19:19 XenophonF in fact a formula in general should be self-contained
19:20 XenophonF but this is all IMO
19:20 aqua^c joined #salt
19:20 tipiak ok
19:21 XenophonF maybe if one of the other formula writers could chime in here...
19:21 tipiak XenophonF: actually i was writing a dockerfile for owncloud
19:22 tipiak XenophonF: so, having a formula to deploy everthing, and configure apache/nginx would be cool
19:22 tipiak but year, owncloud and apache are 2 separate modules
19:24 sgargan joined #salt
19:26 XenophonF tipiak: lemme give you an example from my own work - openstack
19:27 hal58th joined #salt
19:28 XenophonF tipiak: bear in mind that this is a work in progress - https://github.com/irtnog/openstack-formula/blob/master/pillar.example
19:28 XenophonF so openstack depends on mysql and rabbitmq'
19:28 XenophonF naturally, i'm using mysql-formula and rabbitmq-formula
19:29 XenophonF now i can cheat a bit since openstack manages the database schema etc. on its own
19:30 tipiak i see
19:31 XenophonF and if the user wants to avoid entering the database connection info multiple times (e.g., the keystone account password), they can define a variable in jinja and spam it across the relevant pillar SLS file
19:31 XenophonF but by the time my formula fires off, i assume that mysql-formula and rabbitmq-formula have done their things
19:31 XenophonF and my instructions to end users will be something like "list mysql.database, rabbitmq, etc. ahead of openstack in top.sls"
19:32 XenophonF maybe the end user wants to stick with sqlite (the openstack default)
19:32 XenophonF that's OK
19:32 XenophonF the formula doesn't include any dependencies on the other formulas
19:32 XenophonF openstack-formula is self-contained
19:32 XenophonF anyway gtg - be back later if you want to chat some more
19:32 XenophonF left #salt
19:33 amcorreia joined #salt
19:34 breakingmatter joined #salt
19:38 aqua^c joined #salt
19:45 tmilam i wish there was an easy way to get salt-minion on aix
19:46 iggy does it have python?
19:47 tmilam they could, i don't see why not...got 74 of them
19:47 aqua^c joined #salt
19:47 tmilam 2.7.5 on some of them
19:48 quasiben joined #salt
19:48 iggy should be doable
19:48 tercenya joined #salt
19:48 iggy how useful it'll be depends on a lot
19:49 peters-tx joined #salt
19:50 tmilam https://github.com/kriberg/blaagposts/blob/master/setting-up-salt-dev-aix.md
19:50 tmilam maybe i'll give that a try
19:50 ipmb joined #salt
19:51 subleq joined #salt
19:52 baweaver joined #salt
19:54 Slimmons joined #salt
19:58 UtahDave tmilam: we have salt-enterprise packages for AIX, FYI
19:59 ayee How can I make a directory like /etc/foobar, and unless salt puts a file there, it gets removed?
20:00 druonysuse joined #salt
20:00 edrocks joined #salt
20:01 soren joined #salt
20:03 aparsons joined #salt
20:03 ddrescueb2048 left #salt
20:05 iggy just don't create it?
20:05 iggy put makedirs
20:05 iggy put makedirs: True on the file.managed state
20:05 ajw0100 joined #salt
20:06 ayee The rpm makes it, there are example configs and samples, probably 8 of them. but I'm only using one of the configs, across an arbitrary set of nodes.
20:07 ayee for cleanliness I want salt to just say in /etc/foobar if I didn't make it, wipe it out.
20:07 sdm24 do a file.recurse with the clean flag?
20:07 twork joined #salt
20:07 sdm24 http://docs.saltstack.com/en/latest/ref/states/all/salt.states.file.html#salt.states.file.recurse
20:08 ayee `Make sure that only files that are set up by salt and required by this function are kept. If this option is set then everything in this directory will be deleted unless it is required.`
20:08 ayee excellent
20:08 ayee Thanks sdm24 !
20:08 sdm24 you're welcome
20:09 s0undt3ch joined #salt
20:13 napsterX joined #salt
20:16 ayee sdm24: yep, that worked like a charm.
20:16 ayee mmm, clean directories.
20:17 ayee SOme daemons will suck up any *conf in a certain directory too, so this discourages people from manually touching a box.
20:17 ayee and forces them to use git/salt in order to modify nodes
20:19 jfjf joined #salt
20:19 jfjf is anybody getting problems trying to use the DO cloud driver? I'm getting the following:
20:20 jfjf [WARNING ] The cloud driver, 'digital_ocean_v2', configured under the 'do' cloud provider alias, could not be loaded. Please check your provider configuration files and ensure all required dependencies are installed for the 'digital_ocean_v2' driver.
20:20 dfinn joined #salt
20:20 jfjf I'm on salt 2015.5.3 (Lithium)
20:21 iggy jfjf: you have the deps installed?
20:21 iggy specifically a new enough libcloud iirc
20:21 jfjf iggy: hi. I have no idea! I just ran the bootstrap script
20:21 jfjf not expecting to have anything missing. Thought that was it for install
20:22 iggy it's an optional dependency
20:22 iggy bootstrap script only installs hard deps
20:23 iggy (jinja, requests, etc)
20:23 jfjf ok. Guess it's something the docs should mention; but it doesn
20:23 jfjf *doesnt
20:23 icflournoy joined #salt
20:24 jfjf Not seeing any "dependencies" under DO at http://docs.saltstack.com/en/latest/topics/cloud/index.html#cloud-provider-specifics, nor at http://docs.saltstack.com/en/latest/topics/cloud/digitalocean.html.
20:24 jfjf So how do i install libcloud? and is that the only dependency?
20:26 iggy guess it doesn't use libcloud, just requests
20:26 TheoSLC joined #salt
20:27 TheoSLC Greetings.  Can somebody give me the link to the saltstack jenkins server?
20:27 TheoSLC nevermind.  found it saltstack.jenkins.com
20:28 jfjf iggy: that's for non-v2. Doesnt say anything for digital_ocean_v2 (http://docs.saltstack.com/en/latest/topics/cloud/digitalocean.html). But let's just say i need requests. How do i install that? sorry, but not too much of a python guy
20:28 iggy pip install requests
20:30 baweaver joined #salt
20:30 jfjf thanks!
20:32 baweaver_ joined #salt
20:32 jfjf seems like requests aint it. Still getting that same mesage about required dependencies.
20:33 bfrog joined #salt
20:33 bfrog is there some way to use salt mine information in a pillar?
20:33 bfrog I'd like to use the iptables-formula but I need to obtain ips for specific nodes using salt mine
20:34 babilen No
20:34 bfrog I tried just templating out the pillar data using {% for ip_addrs in salt['mine.get']('*', 'network.ip_addrs').values() %}
20:35 bfrog ugh
20:35 babilen https://github.com/saltstack/salt/issues/21403
20:35 bfrog so the whole formula/pillar approach is kind of pointless then for me at the moment :(
20:36 babilen Lookinto pillarstack.. it *might* help, but I haven't found time to investiagte this partical aspect yet
20:36 babilen +speling
20:37 babilen It is a massive proble, yeah
20:37 bfrog what would be the suggested work around I guess then?
20:37 bfrog just write state files?
20:37 wryfi sorry, i asked earlier, but i'm having a hard time figuring out what i'm doing wrong here
20:37 wryfi https://gist.github.com/wryfi/f631fe81390fc6c42f52
20:38 iggy up until this point, we've accepted contributions that added mine lookup support to the formulas (as long as they didn't break anything else)
20:38 wryfi getting "Data failed to compile, pkg.installed in SLS admin is not a dictionary"
20:38 bfrog the one I want to use is the iptables-formula
20:39 bfrog https://github.com/saltstack-formulas/iptables-formula/blob/master/iptables/service.sls#L29
20:39 wryfi when i paste my  yaml into the online yaml parser, it sure looks like a dictionary to me
20:39 bfrog suggestions on how to even go about allowing that to use salt mine would be great, I'd create a PR for it
20:40 iggy wryfi: aptly:\n  pkg.installed
20:40 wryfi oh, it's just the newline?
20:40 bfrog I'm just not that familiar with the whole jinja template system in salt to know whats possible/whats not
20:40 * wryfi grumbles something unflattering about yaml
20:40 iggy bfrog: the collectd ping plugin has mine support
20:41 iggy wryfi: no, it's that salt expects a specific format of yaml... and your's doesn't match
20:42 b18 joined #salt
20:42 wryfi iggy: fair enough. i will be mostly using pyobjects, methinks ;)
20:43 iggy wryfi: all states follow a format... state_id:\n  module.function:\n    - opts
20:43 iggy you were missing putting all that under a state_id
20:45 jfjf anybody using digital_ocean_v2 cloud provider? Getting errors saying "Please check your provider configuration files and ensure all required dependencies are installed for the 'digital_ocean_v2' driver."
20:45 wryfi iggy: helpful, thank you.
20:45 jfjf My config file is correct. And I have no idea what dependencies i should be installing!
20:45 subleq joined #salt
20:46 jfjf Have tried to install a few that look like possibilities from https://pypi.python.org/pypi?%3Aaction=search&amp;term=ocean&amp;submit=search; still no luck
20:46 dec joined #salt
20:51 cberndt joined #salt
20:51 iggy jfjf: I would guess your config file is bad
20:52 iggy the digital ocean (v1 & v2) cloud modules only require requests
20:55 jfjf I'm looking over the config again... but it's hard to see how I can go wrong with the yaml
20:56 bfrog whats with some of these jinja tags using {%- or sometimes ending with -%}
20:56 bfrog for example https://github.com/saltstack-formulas/collectd-formula/blob/64bfeab46bd039efb5d32793e49b1d3a4c212047/collectd/files/ping.conf#L3
20:56 sdm24 it removes whirespace
20:56 sdm24 whitespace
20:57 bfrog oh for whitespace sensitive files?
20:57 sdm24 so {% for i in 1,2,3,4, -%} /n {{ i }} /n {% endfor %} will print 1234
20:58 sdm24 oops forgot the dash in the endfor bracket, but you get the idea
20:58 bfrog cool
20:58 bfrog can I dump out what salt renders with jinja?
20:58 Ryan_Lane https://github.com/saltstack/salt/issues/4438
20:58 Ryan_Lane sigh
20:59 bfrog something like salt '*' -dump-renders /tmp/renders state.highstate
20:59 Ryan_Lane that's a bug in pkgrepo since 2013
20:59 Ryan_Lane basepi: ^^
20:59 Ryan_Lane that wasted hours of someone's time the other day here :(
20:59 aqua^c joined #salt
21:00 Ryan_Lane that module as a whole is a mess
21:00 Ryan_Lane its documentation is terrible and its behavior is really awful
21:01 iggy bfrog: salt-call -l debug state.sls foo test=True
21:03 twork there's this pattern in jinja maps: salt=['pillar.get']('users:lookuu') ...and i can't seem to fumble up the command line equivalent. clue?
21:03 iggy twork: that's generally going to be a noop
21:03 twork ?
21:04 iggy it's mostly meant for being able to override odd formula settings
21:04 bfrog what is foo in that case iggy?
21:04 iggy i.e. 99% of people aren't ever going to have stuff in <formula>:lookup
21:04 iggy bfrog: the name of a state (i.e. the same thing you'd put in your top file)
21:05 bfrog ahhhh tahnks
21:05 bfrog its saying...
21:05 twork hm. ok, ignore ignore ignore then. thanks iggy.
21:05 bfrog https://gist.github.com/bfrog/1a6cf8b7960bf3040445
21:06 bfrog there's most definitely a service.sls in there
21:06 iggy state.sls
21:06 bfrog I don't have a state.sls, I'm testing out some changes to the iptables-formula
21:06 bfrog I just have a top.sls and a bunch of other .sls files
21:06 druonysuse joined #salt
21:06 sdm24 state.sls is the module function
21:06 iggy state.sls is a salt execution module that you are running
21:06 edrocks joined #salt
21:07 iggy state.sls vs state.highstate
21:07 bfrog gotcha
21:07 sdm24 so to run the services.sls file, salt-call state.sls services test=True
21:07 iggy -l debug... because the original question was how to see the rendered output
21:07 sdm24 oh yeah
21:08 iggy but tbh, I rarely use that anymore, you just get to the point  that you don't need that anymore
21:08 bfrog well but then how would it pull in the pillar/mine data to dump the jinja template rendering?
21:08 bfrog there's no error, its just not getting the info I want it to get
21:08 sdm24 print the variable in a state id
21:09 sdm24 and with test=True, it will print out and you can see what it is. thats generally how I debug jinja
21:09 bfrog just {{ print myvar }} ?
21:10 jfjf iggy: should i use "provider: digital_ocean" instead of "provider: digital_ocean_v2"?
21:10 iggy jfjf: depends what version of salt
21:10 jfjf i'm on Lithium
21:10 drawsmcgraw left #salt
21:11 iggy mine just says digital_ocean
21:11 jfjf the doc seems to be saying it should be "_v2", but the funny thing is, with "provider: digital_ocean" the former error goes away
21:11 jfjf and I get another error:
21:12 sdm24 https://gist.github.com/sdm24/105d3f53da95da90b2a5
21:12 jfjf [ERROR   ] Failed to get the output of 'digital_ocean.avail_sizes()': 'Response' object has no attribute 'text'
21:12 sdm24 like that brfrog
21:12 sdm24 {{ myvar }}
21:12 bfrog gotcha
21:12 sdm24 and then you can easily see what values jinja is using
21:12 iggy jfjf: that sounds like bad config
21:12 bfrog thanks
21:13 sdm24 no problem
21:13 jfjf I am really at a loss, because I cannot understand how this config can be wrong. It's so simple.
21:13 jfjf but regardless, thanks.
21:14 jfjf I'm look at this again another time
21:14 napsterX joined #salt
21:15 iggy jfjf: my providers file is 8 lines, my profile file is 6 lines, and my map file is 6 lines... I messed it up 50 times before I got it right
21:16 jfjf Ok. I've got just the cloud.providers file. I'm assuming I dont need the other files to do "--list-sizes"?
21:17 jfjf it's crazy if i have to do all of the other stuff just to do the basic functions.
21:17 iggy I'm unsure
21:18 jfjf no prob, iggy. Thanks for ur help
21:18 dfinn joined #salt
21:18 pcn Has anyone worked on an invocation of salt-call that'll just invoke a minimal configuration with canned grains+pillar for testing?
21:18 zugel joined #salt
21:18 pcn Like a shriveled, dehydrated, masterless invocation
21:19 iggy jfjf: I don't think so (from looking at my configs)
21:20 iggy jfjf: I have location, provider, token, ssh file, ssh names, minion config
21:20 iggy pcn: salt-call --local is too much for you?
21:20 basepi Ryan_Lane: thanks for the bump. Unfortunately that's not a rare case either. Quite a few old bugs. Currently working on getting more people back working on core salt.
21:21 tst_ joined #salt
21:21 pcn iggy: it's relying on the presence of /etc/salt
21:21 pcn passing e.g. /tmp/salt isn't working out
21:22 jfjf ok. If my source code is to believed (/usr/lib/python2.7/dist-packages/salt/cloud/clouds/digital_ocean_v2.py), it says "Use of this module only requires the ``personal_access_token`` parameter to be set."
21:22 jfjf I thikn i'm done. Will probably ask the list (still gotta sign up). Thanks once again
21:23 pcn iggy: passing in --id to salt-call doesn't seem to stop it from loking for /etc/salt/minion_id, etc.
21:23 iggy pcn: -c ?
21:23 pcn No luck (macos x using a pip install of 2015.5.3 into a virtualenv)
21:23 Ryan_Lane basepi: it's the little things... you know? :)
21:24 basepi Ryan_Lane: Yep, I know...
21:24 basepi Death by a million paper cuts. ;)
21:25 dfinn1 joined #salt
21:25 pcn iggy: should this work? https://gist.github.com/pcn/282b0aedb33c73e5ec61
21:26 viq joined #salt
21:26 napsterX joined #salt
21:27 iggy jfjf: I'm pretty sure it depends what commands you run... --list-images=all worked with a 3 line provider file: do-nyc3:\n  provider: digital_ocean\n  personal_access_token: <stuff>
21:27 edrocks joined #salt
21:30 pcn Hmm, got to go.  I'll look at salt-call --local a bit more later.
21:30 Ztyx joined #salt
21:31 clintber_ joined #salt
21:32 ALLmightySPIFF joined #salt
21:33 mordonez joined #salt
21:34 jfjf got it. I've got a 3-line provider file too, but unfortunately the same command still errors out for me
21:34 CheKoLyN joined #salt
21:34 jfjf my token's correct, because if i were to use the same token with curl against the api, it works
21:35 giantlock joined #salt
21:35 jfjf what version of salt are u using? 'salt --version'
21:35 sdm24 is the formatting correct for your provider file?
21:35 iggy 2015.5
21:35 jfjf sdm24: yup. It's 2 spaces, and if it were wrong (like using tabs), salt would complain
21:38 mordonez joined #salt
21:39 bfrog hmm... should I be getting data back when doing salt mine from the cli, like...  sudo salt '*' 'mine.get' 'G@roles.web' 'network.ip_addrs'
21:39 bfrog I get nothing back from each minion
21:40 iggy bfrog: if you have network.ip_addrs in your mine_functions and you've reached mine_interval, then yes
21:40 bfrog yes I have both...
21:41 bfrog it works in one of my templated config files, but not on the cli
21:41 iggy jfjf: do you have any other cloud config files? (i.e. it could be another file completely with bad formatting that's mucking things up)
21:41 sdm24 did you try salt '*' mine.update?
21:41 bfrog no, I'll try that
21:41 sdm24 or salt '*' saltutil.refresh_pillar, if you set the mine functions in a pillar
21:41 iggy bfrog: oh, you forgot a target type
21:42 iggy sudo salt '*' 'mine.get' 'G@roles.web' 'network.ip_addrs' grain
21:42 iggy or whatever
21:42 iggy compound I guess in this case
21:42 bfrog nada
21:43 bfrog I tried adding more *'s in there, no good still
21:43 jfjf iggy: nope
21:43 bfrog sudo salt '*' 'mine.get' '*' 'network.ip_addrs' grain
21:43 bfrog sudo salt '*' 'mine.get' '*' 'network.ip_addrs' pillar
21:43 bfrog still nothin
21:43 bfrog I just get a list of my minions
21:43 bfrog tried runing the updates you mentioned sdm24
21:44 iggy if you put * after the mine.get, then you don't need a target type
21:44 bfrog that works
21:44 bfrog sudo salt '*' 'mine.get' '*' 'network.ip_addrs'
21:45 bfrog so why would the target not work...
21:45 bfrog thats confusing
21:45 bfrog target works more generally
21:45 iggy jfjf: well, if you ever figure it out, let us know
21:45 sdm24 maybe doing 'G@' instead of -G for only one target type
21:45 sdm24 since its not a compound
21:45 iggy that's fine
21:45 jfjf will do. Bloody hell i'm resorting to going through the source code now!
21:46 bfrog do I need to mine the roles to let mine.get use them for targetting?
21:47 bfrog my mine looks like...
21:47 bfrog https://gist.github.com/bfrog/55d2c16f0c3325d09fd7
21:48 bfrog mine has to be like... the most useful and the most confusing part of salt to me right now
21:48 bfrog the doc page is waaaaay to short :-P
21:48 APLU joined #salt
21:48 gcfhvjbkn joined #salt
21:48 sdm24 yep
21:48 ALLmightySPIFF joined #salt
21:48 sdm24 I tried avoiding mine as long as I could
21:49 iggy we use it, but given the opportunity, I'd go back and use something else
21:49 bfrog what are the alternatives
21:49 bfrog if any
21:49 pcn back
21:49 bfrog puppet?
21:49 saltycharles joined #salt
21:50 * bfrog scoffs, likes salt except for mine so far
21:50 iggy etcd, a database, etc...
21:50 Ryan_Lane etcd, zookeeper, consul. etc.
21:50 Ryan_Lane all better options
21:50 iggy consul was the other one I was trying to remember
21:50 sdm24 bfrog did you ever figure out your mine.get issue? I think I got it
21:50 kevinquinnyo if I have a salt masterOfmasters and some syndics, and i want to use gitfs, which /etc/salt/master file needs to contain the gitfs_remotes: and fileserver_backend: settings?
21:50 bfrog no I didn't
21:50 bfrog sdm24: what do you think it was
21:51 sdm24 sudo salt '*' mine.get 'role:web' 'network.ip_addrs' grain
21:51 sdm24 no G@ in front
21:51 zmalone left #salt
21:51 bfrog ah that works
21:51 bfrog yeah
21:51 bfrog wth
21:52 bfrog sdm24: thanks
21:52 gcfhvjbkn1 joined #salt
21:52 bfrog what made you think that was the problem?
21:52 sdm24 i was trying to test it out on my machines
21:53 sdm24 just the right combination of including/excluding options
21:54 sdm24 Where I'm running into issues is how to get nested values with that
21:54 pipps joined #salt
21:55 sdm24 sudo salt '*' mine.get 'os:Ubuntu' grains.items:id grain
21:55 jfjf iggy: i found the problem / solved it
21:55 jfjf although i dont know what the heck to think of it...
21:56 jfjf so as the error said, it really was that "'Response' object has no attribute 'text'"
21:56 jfjf I'm on python 2.7.10; but hell i dont see why this error would only happen for me. I'm not on some super-unique version of python?!
21:57 iggy 2.7.6 here
21:57 jfjf :) right. So why should there be such a big diff between 2.7.6 and 2.7.10?
21:58 jfjf anyway my fix was to change the source code. https://github.com/saltstack/salt/blob/2015.5/salt/cloud/clouds/digital_ocean_v2.py#L607 from "request.text" to "request.content"!
21:58 jfjf #@#)#@#^@...
21:58 jfjf and then it worked
21:58 pipps joined #salt
21:58 doriftoshoes joined #salt
21:59 jfjf I'm going to file a bug, get feedback...
22:01 cberndt joined #salt
22:03 aqua^c joined #salt
22:05 iggy python -c 'import requests; print requests.__version__'
22:05 ksj hi, I want to run two very serparate salt systems - one for work and one for home. I thought about trying to do it with file_roots, but it's the same master and things like the salt keys are all linked up. I'd like to keep them very separate. Is the best way to try to run two separate salt-masters?
22:05 sunkist joined #salt
22:08 ageorgop joined #salt
22:09 mitsuhiko joined #salt
22:09 jfjf iggy: i've got 0.8.2
22:09 Norrland ksj: I think the answer is. "I'd like to keep them very separate."
22:10 iggy jfjf: I'd assume that's your problem
22:10 smcquay joined #salt
22:10 jfjf well, if I uninstall requests, salt-cloud still works!
22:11 jfjf it's that specific line and fix that's causing the issue for me
22:11 ksj Norrland: can you run two separate salt masters on the same machine without issues?
22:11 jfjf ok wait sorry
22:11 iggy jfjf: 0.8.6 is almost 4 years old
22:11 jfjf I still get 0.8.2 after "pip uninstall requests"
22:11 jfjf what the
22:11 iggy you've got a system package installed
22:12 jfjf arrgh
22:12 monkey66 joined #salt
22:12 jfjf indeed hang on
22:12 Norrland ksj: not sure. But why don't you run the work environment completely separated from your private stuff?
22:12 berserkir joined #salt
22:13 Norrland ksj: as in a machine on your work network.
22:13 iggy ksj: you'd have to do so on separate ports
22:13 kaictl joined #salt
22:13 jfjf iggy: that was it. Now with an updated requests, things work fine now?!!!
22:13 aqua^c joined #salt
22:14 thayne joined #salt
22:14 iggy jfjf: file a bug
22:14 jfjf seems like this might have been installed by the bootstrap possibly
22:14 jfjf going to modify my report now
22:15 ingslovak joined #salt
22:15 soren joined #salt
22:15 ajw0100 joined #salt
22:16 Norrland ksj: less chance of you running something that could bring down the production stuff at work when fiddling with the machines at home
22:17 ksj Norrland: sorry, yeah, the work environment is still in development. I'm not planning on running a prod salt-master alongside one that manages my home boxes...
22:17 ksj but at the minute, I'm working on the infrastructure using vms, and I also want to work on a salt instance that manages my home stuff
22:17 ksj I was just wondering if there was a good way of working on both side by side
22:18 ksj apart from vms....obviously
22:18 toastedpenguin joined #salt
22:19 ksj vms are probably the answe though. running two salt masters on the same machine is gonna cause problems. e.g. when you run the salt command, which does it call?
22:19 Norrland ksj: check this one out http://docs.saltstack.com/en/latest/ref/states/top.html
22:19 ksj sorry for rambling btw. been drinking....long day
22:20 bharper joined #salt
22:20 ksj yeah, I know I can do it via the top file - but then I have to keep everything in the same dir - which at the minute is a git repo that's shared with colleagues
22:21 sirtaj joined #salt
22:21 sdm24 I thought you could do different file roots for different environments
22:21 ksj so, I wanted it more separate than that. I thought maybe I could do something clever with the srv_roots and the pillar_roots...but I think vms are the answer
22:21 iggy they will inherit (in reverse order iirc)
22:21 ksj yup
22:22 pipps joined #salt
22:23 jfjf iggy: thanks for helping me on this!
22:23 bfrog in my state I have something like https://gist.github.com/bfrog/b3adc3a2e9a2cef695d7 and mined_ips has several strings in it, but the final list of strings does not contain them
22:23 iggy jfjf: np, hopefully a better error message or something comes out of all your trouble ;)
22:24 bfrog collectd does something like it and it must work, why is mine not any clues? https://github.com/saltstack-formulas/collectd-formula/blob/64bfeab46bd039efb5d32793e49b1d3a4c212047/collectd/files/ping.conf#L7
22:24 jfjf yeah, that err message was kinda generic... but this was a tough one.
22:27 napsterX joined #salt
22:27 jfjf https://github.com/saltstack/salt/issues/25597 btw
22:28 monkey66 joined #salt
22:29 iggy bfrog: what is that sls file? I don't think that's going to do what you think it will
22:30 bfrog iptables/init.sls
22:30 iggy should probably {%- do ips_allow.append(mined_ips) %}
22:30 theologian joined #salt
22:30 bfrog https://gist.github.com/bfrog/065a36b884b5b97741bd
22:31 bfrog is the full thing
22:31 bfrog but excellent, thats what I wanted
22:31 bfrog well almost
22:31 bfrog so append looks like it appends lists of ips
22:32 bfrog mined_ips is [ip1, ip2, ip3]
22:32 bfrog ips_allow is already something like [ip0]
22:32 aqua^c joined #salt
22:32 bfrog append gets me... [ip0, [ip1, ip2, ip3]]
22:32 iggy .extend then
22:32 bfrog can I just do anything single python call in do ?
22:33 iggy si
22:33 bfrog I didn't think jinja allowed inline python, but awesome
22:33 bfrog that helps
22:33 iggy it's not in standard jinja
22:34 iggy http://jinja.pocoo.org/docs/dev/templates/#extensions
22:34 iggy salt just happens to enable it
22:36 davidone joined #salt
22:36 bfrog hmm... {% set ips_allow = list(set(ips_allow)) %} is what I want to do now
22:36 bfrog since I have dupes in my ip list
22:37 ujjain joined #salt
22:37 ujjain joined #salt
22:38 bfrog oh the unique filter
22:38 bfrog yay
22:39 bfrog but salt doesn't have that
22:39 bfrog arrrrrgh
22:40 aqua^lsn joined #salt
22:43 viq joined #salt
22:43 sdm24 what about a for loop over the items, and then {% set ips_allow = ips_allow + ", " + loopitem %}
22:45 mosen joined #salt
22:45 theologian joined #salt
22:45 leszq joined #salt
22:46 Aidin joined #salt
22:47 phx joined #salt
22:48 bfrog boooom
22:48 bfrog got it
22:48 bfrog had to make a temp dict, then do some hackery around that
22:48 bfrog f'n jinja templates man...
22:49 sdm24 as long as it works
22:49 bfoxwell joined #salt
22:50 aqua^c joined #salt
22:53 hblah joined #salt
22:53 hopz joined #salt
22:53 bfrog sdm24: thanks for all the help
22:53 bfrog it works now
22:53 bfrog iggy: thanks to you too
22:53 bfrog finally got one of the last major steps in this setup going with iptable rules...
22:53 sdm24 np, I got some tricks out of it too haha
22:53 bfrog just fyi
22:54 bfrog https://gist.github.com/bfrog/d0ccacee6dc1bf55144d
22:54 bfrog is what I have that works now
22:54 bfrog I'm sure there's something better, but whatever
22:54 bfrog for now...
22:54 bfrog pretty happy I have iptables
22:59 aqua^c joined #salt
23:00 Alan_S joined #salt
23:01 chitown joined #salt
23:05 wryfi how do people handle really sensitive data in pillars?
23:05 wryfi is there a way to encrypt or otherwise secure sensitive secrets?
23:08 Ryan_Lane wryfi: there's a gpg renderer
23:09 Ryan_Lane or you can use an external pillar and use something like vault or credstash
23:09 Ryan_Lane I have a custom secret management service and use an external pillar
23:11 breakingmatter joined #salt
23:14 TheoSLC joined #salt
23:15 ingslovak joined #salt
23:17 aqua^c joined #salt
23:26 cberndt joined #salt
23:27 napsterX joined #salt
23:28 edrocks joined #salt
23:32 hasues joined #salt
23:32 hasues left #salt
23:35 pipps joined #salt
23:41 sunkist joined #salt
23:51 snarfy joined #salt
23:52 aqua^c joined #salt
23:54 joeyparsons joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary