Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2015-07-27

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:08 Matthews_ joined #salt
00:20 kevinquinnyo can you not have multiple pillar_roots?
00:51 micko joined #salt
00:59 omegamike joined #salt
01:05 jodv joined #salt
01:05 jodv joined #salt
01:09 dude051 joined #salt
01:13 clintberry joined #salt
01:18 hal58th joined #salt
01:25 cowpunk22 joined #salt
01:34 amcorreia joined #salt
01:36 lionel joined #salt
01:57 iggy XenophonF: if systemd in grains ?
01:57 XenophonF iggy: yeah i figured it out - thanks :)
01:57 iggy kevinquinnyo: we are mostly waiting for pillar:// uris
01:58 XenophonF oh that would be so nice
02:00 nikogonzo interesting, how would pillar:// uris be used?
02:01 iggy same way salt uris
02:02 MatthewsFace joined #salt
02:02 iggy i.e. /etc/ssl/some.com.priv:\n  file.managed:    - source: pillar://ssl/files/some.com.priv
02:03 iggy the hard part is targetting in the top file
02:03 XenophonF now how to distinguish among sysvinit, rc, and smf...
02:04 iggy I actually got it partially working one time, but never quite got the targetting working (i.e. it ended up acting like the normal file server)
02:11 omegamike joined #salt
02:15 XenophonF since we're on the topic of pillar, where is the documentation on how different pillar SLS files get merged?
02:15 XenophonF i have settings in one SLS - say, pillar/defaults.sls - that i want to completely override in another - say, pillar/www/example/com/init.sls
02:19 funzo joined #salt
02:21 bfoxwell joined #salt
02:25 iggy there is a pillar merge strategy setting
02:28 ajw0100 joined #salt
02:33 napsterX joined #salt
02:35 evle joined #salt
02:47 favadi joined #salt
02:54 quasiben joined #salt
02:57 ageorgop joined #salt
03:09 bhosmer_ joined #salt
03:36 hasues joined #salt
03:37 hasues left #salt
03:49 omegamike joined #salt
03:55 furrowedbrow joined #salt
04:01 MatthewsFace joined #salt
04:09 MaaT joined #salt
04:12 mioli joined #salt
04:13 MaaT Guys, I have my hundred Salt States already defined but I have nothing on my Salt/Top.sls .Although I  have a Pillars/Top.sls with all the mapping of my Minions pointing to the correct Pillar files. Can I use Pillars/Top.sls to specify with State should be applied to each Minion?
04:22 stoogenmeyer joined #salt
04:39 phupp__ joined #salt
04:40 phupp__ left #salt
04:41 phupp joined #salt
04:41 dude051 joined #salt
04:46 lionel joined #salt
04:48 clintberry joined #salt
04:49 ramteid joined #salt
04:55 oyaooo joined #salt
04:55 oyaooo hi,all
05:00 ninkotech__ joined #salt
05:04 ninkotech__ joined #salt
05:15 phupp left #salt
05:24 joeto joined #salt
05:26 napsterX joined #salt
05:29 loz-- joined #salt
05:32 otter768 joined #salt
05:33 loz--_ joined #salt
05:34 stoogenmeyer joined #salt
05:38 catpiggest joined #salt
05:42 ninkotech joined #salt
05:45 ninkotech joined #salt
05:49 rdas joined #salt
05:53 impi joined #salt
05:59 aqua^c joined #salt
06:01 clintberry joined #salt
06:05 trikke joined #salt
06:07 dopesong joined #salt
06:10 AndreasLutro joined #salt
06:15 Nirine joined #salt
06:15 Nirine Hi!
06:16 Nirine What is this site?
06:16 jhauser joined #salt
06:16 Nirine I'm scared :c
06:18 Nirine Nobody? Really? Of 400 persons? Omg...
06:18 MaaT All robots I reckon
06:19 jcockhren this in a community channel for https://github.com/saltstack/salt
06:19 jcockhren is*
06:20 Nirine Oh, ok
06:20 Nirine Thanks for the info
06:21 jcockhren MaaT: fwiw, salt/top.sls is what's used for targeting states to minions
06:21 jcockhren your pillar/top.sls is used for tageting the pillar data to minion.
06:21 jcockhren one can't control the other
06:22 MaaT I do I have to duplicate the same information on both sides?
06:23 jcockhren what are you referring to when you say "the same information"?
06:23 cryptolukas joined #salt
06:24 Nirine left #salt
06:28 pppingme joined #salt
06:30 sirex joined #salt
06:35 MaaT For example: on Pillars/Top.sls I defined which minions are the WebServers in Prod and assigned items to it . Now I wanna apply states to those same servers, so I have to define the list of which minions are the WebServers in Prod using another file, now on Salt/Top.sls
06:36 jcockhren MaaT: oh ok. then the answer is yes
06:42 Ztyx joined #salt
06:44 cryptolukas https://scontent-fra3-1.xx.fbcdn.net/hphotos-xtp1/v/t1.0-9/11738042_1029757410382206_8808324262121733911_n.jpg?oh=dc8922bc01b0b146f13a7a4361e2e6bf&oe=5641A9CA
06:45 MaaT I started to complain with a fellow here and he gave me the idea of using the Pillars instead of the host list on the Salt/Top.sls. Eg:     'somekey:abc':         - match: pillar         - xyz
06:46 stoogenmeyer joined #salt
07:02 kawa2014 joined #salt
07:05 stoogenmeyer joined #salt
07:07 jcockhren MaaT: https://docs.saltstack.com/en/latest/topics/targeting/index.html
07:07 jcockhren MaaT: specifically, https://docs.saltstack.com/en/latest/topics/targeting/compound.html
07:07 jcockhren you can target minions based on their pillar data
07:08 Ztyx joined #salt
07:09 dopesong_ joined #salt
07:13 aqua^c joined #salt
07:13 c10b10 joined #salt
07:16 jcockhren https://xkcd.com/1553/
07:16 jcockhren sorry wrong room
07:27 omegamike joined #salt
07:33 otter768 joined #salt
07:34 xintron How come there isn't any delete endpoint for the salt-api (/keys)?
07:35 cilkay Hello. I know I can invoke highstate from Python by doing " import salt; salt.client.Caller().function('state.highstate')" on my masterless minion. How can I invoke other states? E.g. I can do "salt-call --local state.sls frontend.init" from BASH. How would I do the same thing from Python?
07:37 cryptolukas left #salt
07:38 jmoreau joined #salt
07:41 dmalinovsky joined #salt
07:43 aqua^c joined #salt
07:43 stephanbuys joined #salt
07:43 eseyman joined #salt
07:44 jcockhren cilkay: use the LocalClient https://github.com/saltstack/salt/blob/develop/salt/client/__init__.py#L99 and http://docs.saltstack.com/en/latest/ref/clients/#salt-s-client-interfaces
07:44 linjan_ joined #salt
07:44 Ztyx joined #salt
07:45 jcockhren cilkay: sorry. didn't see that you have a masterless setup
07:45 slav0nic joined #salt
07:45 cilkay I was just going to say that. :)
07:46 jcockhren cilkay: maybe use, http://docs.saltstack.com/en/latest/ref/clients/#salt.client.Caller.function
07:47 jcockhren the function being, in your example, function("state.sls", "frontend.init")
07:47 gcfhvjbkn joined #salt
07:48 jcockhren fwiw, if your 'frontend' state is like: 'frontend/init.sls' then "frontend.init" == "frontend"
07:48 babilen Shouldn't that simply be: cmd('state.sls', 'frontend.init') ?
07:48 babilen s/frontend.init/frontend
07:49 cilkay jcockhren: That worked, thank you! Yes, I'd noticed that frontend.init and frontend are the same. noun.verb seemed to be more expressive
07:49 babilen https://github.com/saltstack/salt/blob/develop/salt/client/__init__.py#L1622
07:50 babilen It really depends on what self.sminion.functions uses as keys there
07:50 markm joined #salt
07:51 babilen I'd use cmd for consistency
07:51 cilkay Doesn't cmd invoke a shell?
07:52 babilen Where would it do that?
07:52 babilen (note that I am referring to the command method of Caller() rather than the one in cmdmod.
07:52 babilen (the one I linked)
07:53 babilen https://github.com/saltstack/salt/blob/develop/salt/client/__init__.py#L1622
07:53 jeddi joined #salt
07:58 the_frey joined #salt
08:02 aqua^c joined #salt
08:02 impi joined #salt
08:17 the_frey_ joined #salt
08:20 ITChap joined #salt
08:20 Xevian joined #salt
08:20 stoogenmeyer_ joined #salt
08:20 N-Mi joined #salt
08:23 s_kunk joined #salt
08:23 trikke joined #salt
08:25 subsignal joined #salt
08:27 keimlink joined #salt
08:28 peters-tx joined #salt
08:41 cryptolukas joined #salt
08:44 dmalinovsky_ joined #salt
08:44 malinoff joined #salt
08:45 monkey66 joined #salt
08:46 dude051 joined #salt
08:46 mage_ when I use $> salt somebox state.sls my.sls saltenv=production how do I retrieve the saltenv in my sls file ?
08:46 mage_ I tried __env__ but it doesn't work
08:46 AndreasLutro salt.environment
08:46 N-Mi joined #salt
08:46 N-Mi joined #salt
08:49 mage_ thanks !
08:49 mage_ is the way to do to use multiple env ?
08:50 AndreasLutro I think so, but haven't tested very thoroughly
08:54 KermitTheFragger joined #salt
08:57 jmoreau joined #salt
09:03 kbaikov joined #salt
09:07 _Myth joined #salt
09:08 _Myth HI
09:08 _Myth Hi
09:10 _Myth when i run : salt '*' cmd.run "SOME CMD" on the master node
09:10 babilen *drumroll*
09:10 _Myth is the salt/modules/cmdmod.py#run execute ?
09:11 bhosmer joined #salt
09:14 babilen That's the one: http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.cmdmod.html#salt.modules.cmdmod.run
09:15 omegamike joined #salt
09:15 luffy_ joined #salt
09:17 aqua^c joined #salt
09:18 Flusher joined #salt
09:18 _Myth i want to disable some cmds in master , not to custom minion code,  so, i think if i can modify the code in the master ?
09:19 _Myth and the master to check whether the cmd can be run on the minion
09:19 _Myth not the minion to decide which cmd can be run on itself
09:21 _Myth but when i modify the py code in :  salt/modules/cmdmod.py#run ,   it's not work as i image
09:24 babilen What are you trying to do exactly? Are you trying to restrict access to specific salt functions?
09:26 _Myth https://gist.github.com/R-Myth/cae1a37e9db0b06e850f
09:27 babilen You could copy the entire cmdmod module, make your changes, and place it in _modules in file_roots
09:28 babilen But then there are probably better ways to achieve that logging
09:28 _Myth i don't want any people can rum dangerous cmds like RM|REBOOT|POWEROFF etc from master to minion
09:29 losh joined #salt
09:29 babilen http://docs.saltstack.com/en/latest/topics/eauth/index.html might be of interest
09:30 babilen Please note that you cannot restrict the commands people can run once you grant them access to cmd.run
09:31 _Myth so, i want to execute some code inside cmd.run like :  if is_dangerous_cmd(cmd): return
09:31 babilen I'd argue that you shouldn't grant them access to that execution function to begin with if you don't trust them with this functionality. Also note that there are many other ways in which you can reboot a system or delete a file in salt. (system.reboot, file.absent, ... to name just two)
09:32 babilen What I would rather do is to not allow them to use those commands to begin with and implement a custom execution module in which you provide functions for the commands you do want to allow
09:33 babilen Either way: See earlier comment on how to maintain your own version of cmdmod
09:33 babilen (note that it is up to you to port changes)
09:33 aqua^c joined #salt
09:34 otter768 joined #salt
09:38 impi joined #salt
09:40 _Myth you mean i should disable the cmd.run and some modules like system/file when i start to use salt. then implement some modules like system.reboot to do the exactly thing ?
09:41 babilen What are you trying to achieve by locking it down?
09:42 babilen http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.system.html that module exists already. I am simply saying that there are many many ways in which salt can perform "dangerous" actions.
09:42 aqua^c joined #salt
09:43 bash124512 left #salt
09:51 iamgr00t joined #salt
09:51 aqua^c joined #salt
09:52 _Myth thank you
09:55 babilen Is it that you are not trusting the people who will have access to your master?
09:55 madpenguin joined #salt
09:56 Horgix Hi everyone, quick question : is there a way to simulate runs and see what would happen ? Kind of like that --noop option of puppet (sorry for the comparison, closest I could find)
09:57 AndreasLutro Horgix: add test=True to the end of the command
09:57 AndreasLutro salt '*' state.highstate test=True
09:58 Horgix AndreasLutro: thanks ! was searching for "simulate" or "no apply" in the doc, didn't find it
10:01 aqua^c joined #salt
10:09 c10b10_ joined #salt
10:10 aqua^c joined #salt
10:19 khebbie joined #salt
10:19 stephanbuys1 joined #salt
10:19 twodayslate_ joined #salt
10:19 aqua^c joined #salt
10:19 denys joined #salt
10:20 joeto joined #salt
10:22 c10b10 joined #salt
10:22 Kelsar joined #salt
10:22 LV-426 joined #salt
10:22 LV-426 joined #salt
10:25 joeto joined #salt
10:28 aqua^c joined #salt
10:30 agend joined #salt
10:32 slav0nic joined #salt
10:33 Rockj joined #salt
10:37 khebbie_ joined #salt
10:46 aqua^c joined #salt
10:51 joeto1 joined #salt
10:53 markm joined #salt
10:54 giantlock joined #salt
10:55 aqua^c joined #salt
10:56 zer0def joined #salt
10:56 Niamkik joined #salt
10:56 Niamkik Hi everyone
10:57 Niamkik I'm working on ubuntu 14.04 with salt-2015.5.3 on it, and I have some issue with jinja template renderer. When I switch to ubuntu official salt supported package (0.17), all works well. I've you same issue on your side?
10:58 babilen I wouldn't recommend using 0.17 these days. What are your issues?
10:59 Niamkik babilen: yep. I know... I want to use 2015.5 but I can't use it :P
10:59 Niamkik I will paste error message
10:59 AndreasLutro why can't you?
10:59 babilen (please don't use pastebin.com, but http://refheap.com or another non-horrible website)
10:59 AndreasLutro oh, didn't read the whole message :)
11:00 Niamkik babilen: http://pastebin.ca/3078458
11:00 Niamkik pastebin.ca is better than pastebin.com?
11:00 babilen Does that happen with *every* template or only with a specific one?
11:00 Niamkik Its really strange.
11:01 babilen wow, pastebin.ca is almost as overladen with stuff as pastebin.com :)
11:01 AndreasLutro Niamkik: output of salt --versions-report ?
11:01 babilen (could you paste the template in question and some basic information such as ... ^^^)
11:01 Niamkik yep :)
11:01 Niamkik its an include template
11:01 Niamkik really simple
11:01 Niamkik for checking ssh information
11:01 Niamkik (configuration & more)
11:01 babilen Could you paste it?
11:01 Niamkik yep
11:02 AndreasLutro you're almost certainly not on 2015.5.3 because those code line numbers are way off
11:02 Savemech joined #salt
11:03 Niamkik http://pastebin.ca/3078461
11:03 Niamkik Maybe ubuntu package (0.17 release) was not good?
11:03 Niamkik and when I've upgraded it from salt repository...
11:03 AndreasLutro run `salt --versions-report`
11:04 Niamkik AndreasLutro: I've switched to old version
11:04 Niamkik Let me reinstall salt2015 on my server :)
11:04 aqua^c joined #salt
11:05 AndreasLutro well you said you get an error with 2015.5, but this error is clearly from 0.17
11:08 Niamkik let me explain a little more. I've installed this server on ubuntu 14.04, and during installation, I've installed also salt-master and salt-minion from ubuntu repository. But this version was really old, and, I currently try to upgrade it to 2015.05
11:09 Niamkik Salt: 2015.5.2
11:09 Niamkik Python: 2.7.6 (default, Jun 22 2015, 17:58:13)
11:09 Niamkik Jinja2: 2.7.2
11:09 Niamkik M2Crypto: 0.21.1
11:09 Niamkik msgpack-python: 0.3.0
11:09 Niamkik msgpack-pure: Not Installed
11:09 Niamkik pycrypto: 2.6.1
11:09 Niamkik libnacl: Not Installed
11:09 Niamkik PyYAML: 3.10
11:09 Niamkik ioflo: Not Installed
11:09 Niamkik PyZMQ: 14.0.1
11:09 Niamkik RAET: Not Installed
11:09 Niamkik ZMQ: 4.0.4
11:09 Niamkik Mako: 0.9.1
11:09 Niamkik Debian source package: 2015.5.2+ds-1trusty1
11:09 AndreasLutro use a pastebin for more than 1 line of output, please...
11:10 Niamkik yes, sorry
11:10 robinsmidsrod joined #salt
11:10 AndreasLutro anyway okay, so far so good, but the error you shared is still from 0.17, not 2015.5
11:11 Niamkik AndreasLutro: http://pastebin.ca/3078475
11:12 AndreasLutro Niamkik: https://github.com/saltstack/salt/blob/v2015.5.2/salt/utils/templates.py#L53 is where the AssertionError supposedly comes from
11:12 AndreasLutro Niamkik: I think you still have 0.17 installed and python is pulling in mixed versions of salt
11:13 Niamkik Ok :)
11:13 Niamkik So, maybe one package is wrong: ubuntu official repo or saltstack
11:13 AndreasLutro none of them are "wrong"
11:13 AndreasLutro but you seem to have a mix of both which is just all sorts of awful
11:14 aqua^c joined #salt
11:14 AndreasLutro maybe uninstall salt entirely, look for leftover files in /usr and remove those manually, then reinstall
11:14 AndreasLutro not sure
11:14 Niamkik I run this salt instance in really small container, with only salt-master and salt-minion (and some other required package for ubunt). I've only upgraded from ubuntu official repo to salt repo :)
11:14 Niamkik I've also do a apt-get remove and apt-get purge
11:15 Niamkik and apt-get autoremove and all others commands related for cleaning install...
11:15 AndreasLutro that's even weirder then, maybe recreate the container from scratch
11:15 Niamkik And I have always this error.
11:15 Niamkik Yep, I think I will recreate one
11:15 Niamkik I think I will alert ubuntu team too
11:16 Niamkik I will create also a ticket on github with more information
11:16 Niamkik Maybe i'm not alone with this problem :)
11:17 Niamkik Thanks AndreasLutro and babilen for this help ;)
11:17 SubOracle joined #salt
11:17 giantlock joined #salt
11:18 ITChap Hi is there way to get labels under the instances names in the ops portal ? like on the core instances
11:18 ITChap oops
11:21 robinsmidsrod joined #salt
11:22 bmcorser joined #salt
11:23 aqua^c joined #salt
11:23 fe92 joined #salt
11:26 lothiraldan joined #salt
11:32 aqua^c joined #salt
11:32 babilen Niamkik: I'd like to see the output for a run from scratch using *only* the packages from the saltstack PPA
11:32 BradThurber joined #salt
11:32 babilen (you might want to share that before filing an issue)
11:33 BradThurber joined #salt
11:34 otter768 joined #salt
11:39 swa joined #salt
11:39 slav0nic joined #salt
11:40 keimlink joined #salt
11:41 sgargan joined #salt
11:42 amcorreia joined #salt
11:44 mjumelet joined #salt
11:44 omegamike joined #salt
11:48 markm joined #salt
11:50 tkharju joined #salt
11:51 DammitJim joined #salt
12:02 evle1 joined #salt
12:05 XenophonF MaaT: you still around?
12:12 impi joined #salt
12:15 stoogenmeyer__ joined #salt
12:18 Android_ joined #salt
12:19 Niamkik babilen: I will recreate clean container soon with old release from ubuntu repo and new one from saltstack PPA
12:19 Android_ if I need a programmatical way of executing salt commands on a saltmaster from another machine, should I use the netapi, or is there a way to use the python library?
12:20 Niamkik But I guess I've found the issue: lot of files are not currently removed from /usr/lib/python2.7/dist-packages/salt/
12:21 Niamkik seems these files (overstate.py crypt.py scripts.py version.py minion.py config.py master.py fileclient.py payload.py _compat.py template.py loader.py _syspaths.py key.py runner.py state.py syspaths.py exceptions.py __init__.py _version.py) was not properly removed
12:21 Niamkik So, this will explain why I've that weird error
12:22 joehh1 Niamkik: odd - I'll be interested to see the results from a clean container
12:22 Niamkik yep
12:22 Niamkik Maybe I'm wrong, but these files was dated from my first installation
12:22 babilen How did you install/remove that?
12:22 Twiglet anyone have any idea why salt is adding random strings to the end of my file name in a file.managed: http://hastebin.com/juxixuyixu.mel
12:23 babilen To annoy you?
12:23 Niamkik babilen: with apt-get remove/purge
12:23 Twiglet (rnadom string changes every time the state is run)
12:23 babilen Niamkik: I have not seen that leaving files behind
12:23 Niamkik hum
12:23 Niamkik really really strange :)
12:23 Niamkik I will create new container and doing some test
12:24 Niamkik because currently, i'm totally lost with this behaviour
12:24 babilen Twiglet: You really shouldn't manage "files" in /proc -- http://docs.saltstack.com/en/latest/ref/states/all/salt.states.sysctl.html is what you want
12:25 Twiglet babilen: Cheers, will do it that way.
12:25 _ether_ joined #salt
12:29 joehh1 Niamkik: on trusty, salt versions greater than 2014.1.4+ds-2trusty4 should clear the pyc files from /usr/lib/python2.7/dist-packages/salt/
12:29 Niamkik joehh1: with ppa package its works.
12:29 Niamkik saltstack ppa*
12:30 Niamkik I've purged all files (again) with apt-get purge and reinstalled from saltstack ppa, and I have same issue
12:30 Niamkik but files was correctly purged on path /usr/lib/python2.7/dist-packages/salt/
12:31 babilen Niamkik: Are you still installing the packages from the Ubuntu repos to begin with? (if so: Why?)
12:31 Niamkik nope
12:31 babilen Why the purge and reinstall then?
12:32 Niamkik for check if this path was correctly removed :)
12:32 babilen Okay. It's a bit tricky to debug two things at the same time. When you say "and I have same issue" which issue are you actually referring to?
12:33 Niamkik first error based on template
12:33 Niamkik I will create a more useful paste, I'm configuring 2 new container
12:33 Niamkik for doing test on it
12:35 rideh joined #salt
12:37 khebbie joined #salt
12:37 jmreicha joined #salt
12:38 stefan_ joined #salt
12:42 jmreicha joined #salt
12:43 snaggleb joined #salt
12:43 the_frey joined #salt
12:45 _Cyclone_ joined #salt
12:46 jmreicha_ joined #salt
12:49 subsignal joined #salt
12:50 furrowedbrow joined #salt
13:07 Niamkik babilen: well, on my new test container (ubuntu 14.04) and salt-2015.5.2 my state file works pretty well without error.
13:08 Niamkik on  the other test container (ubuntu 14.04) and salt-17.2, this state file doesn't work, and I've another error... This one is related to encryption with RSA.
13:09 Niamkik http://pastebin.ca/3078526
13:09 racooper joined #salt
13:11 Niamkik configured is the same on the two container, except for repository for salt, first one use ubuntu repository and the last use saltstack ppa repo.
13:11 AndreasLutro why are you trying to use 0.17
13:12 Niamkik for debugging this shitty behaviour when I update 0.17 to 2015.5
13:13 ferbla joined #salt
13:14 racooper joined #salt
13:14 jmoreau joined #salt
13:15 joehh1 17.2 or 17.5?
13:15 Niamkik salt 0.17.5
13:16 saltman joined #salt
13:18 DammitJim joined #salt
13:19 joehh1 do you get "Removing stale pyc files" on your console when you upgrade
13:20 joehh1 ?
13:20 numkem joined #salt
13:20 Niamkik nope
13:21 jdesilet joined #salt
13:21 Tecnico1931 joined #salt
13:22 clintberry joined #salt
13:23 bhosmer joined #salt
13:24 joehh1 can you paste the commands/terminal output from when you upgrade from 0.17.5 to 2014.5.2?
13:24 joehh1 make that 2015.5.2
13:25 cowpunk22 joined #salt
13:25 bhosmer joined #salt
13:25 icflournoy joined #salt
13:26 Ztyx left #salt
13:26 nobrak joined #salt
13:26 saltman I use salt 2015.5.3, with zeromq. Is there any way to change it RAET without install it from scratch?
13:29 icflournoy joined #salt
13:31 scoates joined #salt
13:33 Niamkik joehh1: http://pastebin.ca/3078538
13:33 muep joined #salt
13:33 breakingmatter joined #salt
13:34 Niamkik on this container, I have msgpack error... On another one (first with issue) its a template error during template/renderer compilation
13:35 otter768 joined #salt
13:39 babilen Niamkik: Could you include the output from the actual upgrade? I also don't see where you include the PPA
13:39 Niamkik line 33
13:39 Niamkik # wget -q -O- "http://keyserver.ubuntu.com:11371/pks/lookup?op=get&search=0x4759FA960E27C0A6" | apt-key add -
13:40 babilen That only adds the key, but doesn't change change your sources.list
13:40 Niamkik deb http://ppa.launchpad.net/saltstack/salt/ubuntu trusty main
13:40 perfectsine joined #salt
13:40 Niamkik ok, I will update the paste
13:40 babilen (and include the output of "apt-get install salt-minion salt-master")
13:40 kaptk2 joined #salt
13:41 Niamkik ok
13:41 babilen saltman: Don't you do that simply by setting "transport: raet" ?
13:41 babilen (in the master/minion config)
13:41 mage_ is RAET stable?
13:42 Niamkik babilen: do you need other things?
13:42 Niamkik I can paste minion/master configuration
13:42 muep joined #salt
13:43 mpanetta joined #salt
13:44 fredvd joined #salt
13:44 drawsmcgraw joined #salt
13:44 babilen Niamkik: Yes, the output of "apt-get install salt-minion salt-master" would be of interest to both me and joehh1
13:44 kawa2014 joined #salt
13:45 babilen mage_: It is still changing, so no
13:45 Niamkik http://pastebin.ca/3078545
13:46 babilen So, yes. It is removing stale pyc files as mentioned earlier by joehh1 (or at least claims to do so)
13:47 joehh1 agreed - though is the issue that the actual .py files are still from 0.17.5?
13:47 Niamkik I can check that if you want.
13:47 babilen Please do
13:54 jmoreau joined #salt
13:54 jmoreau_ joined #salt
13:57 Niamkik hum, files seems to be okay...
13:57 Deevolution joined #salt
13:58 viq joined #salt
14:00 bhosmer joined #salt
14:00 joeto joined #salt
14:01 joehh1 can you run: python -c "import salt; print salt.__file__"
14:01 joehh1 and also look at the timestamp of /usr/lib/python2.7/dist-packages/salt/__init__.pyc
14:02 bhosmer joined #salt
14:04 Niamkik http://pastebin.ca/3078561
14:04 Niamkik yep
14:05 Niamkik your command return: /usr/lib/python2.7/dist-packages/salt/__init__.pyc
14:06 mapu joined #salt
14:06 joehh1 great
14:07 Niamkik and the timestamp... correpond to installation date of salt-2015.5
14:07 babilen Niamkik: Could you install debsums and show us the output of "debsums -s salt-master salt-minion salt-common" and try deleting the .pyc afterwards. Does it work if you do that?
14:07 Niamkik ok
14:08 Niamkik debsums return nothing (return code: 0)
14:09 Niamkik file deleted (rm /usr/lib/python2.7/dist-packages/salt/__init__.pyc)
14:09 Niamkik same error with msgpack
14:09 Niamkik I can remove all .pyc
14:09 Niamkik if you want
14:10 babilen Try it, yeah
14:10 babilen brb
14:10 babilen (ENOCOFFEE)
14:11 Niamkik :)
14:11 Niamkik i've deleted all pyc files... same issue!
14:11 icflournoy joined #salt
14:12 jmreicha joined #salt
14:13 the_frey left #salt
14:14 joehh1 I do wonder if it could be a msgpack version issue?
14:14 joehh1 I've had a request to update the version of msgpack for precise today, I wonder if something similar is happening/needed here?
14:15 Niamkik I can try to install msgpack with pip
14:15 Niamkik or something like that
14:15 aqua^c joined #salt
14:15 MTecknology joined #salt
14:16 quasiben joined #salt
14:21 sunkist joined #salt
14:21 c10b10 joined #salt
14:26 berserkir joined #salt
14:27 guanophobic joined #salt
14:27 guanophobic left #salt
14:29 QuisaZaderak joined #salt
14:33 aqua^c joined #salt
14:34 cowpunk22 joined #salt
14:34 keimlink joined #salt
14:34 TooLmaN joined #salt
14:37 quique joined #salt
14:39 ingslovak joined #salt
14:39 Slimmons joined #salt
14:41 joeto joined #salt
14:45 patto joined #salt
14:45 zmalone joined #salt
14:49 Twiglet anyone used the iptables states?
14:49 Twiglet it seems to be deleting the "state" kwarg
14:49 Twiglet if 'state' in kwargs:
14:49 Twiglet del kwargs['state']
14:49 Twiglet which is fun
14:50 gcfhvjbkn any way you can override output mode per-execution?
14:51 Twiglet nm, was in the docs as "connstate"
14:51 aqua^c joined #salt
14:51 patto left #salt
14:53 murrdoc joined #salt
14:53 jmoreau joined #salt
14:53 khebbie joined #salt
14:54 rm_jorge joined #salt
14:54 supersheep joined #salt
14:56 druonysus joined #salt
15:00 bhosmer joined #salt
15:03 jondonas joined #salt
15:07 dergrunepunk joined #salt
15:07 malinoff joined #salt
15:07 sdm24 joined #salt
15:09 favadi joined #salt
15:09 aqua^c joined #salt
15:10 kbyrne joined #salt
15:10 MadsRC joined #salt
15:11 jeddi joined #salt
15:11 napsterX joined #salt
15:12 rideh joined #salt
15:17 evilrob joined #salt
15:19 murrdoc XenophonF:  u got mail
15:20 stoogenmeyer__ joined #salt
15:20 XenophonF YAY MAIL
15:20 XenophonF hahaha yes i'm sure that works
15:20 murrdoc heh
15:20 murrdoc can u change it to user.get()
15:21 XenophonF i can but that's the minimal change i need to fix #82
15:21 murrdoc i know
15:21 murrdoc i sees it
15:21 Nafai left #salt
15:21 jhodgson71 joined #salt
15:21 murrdoc its more consistent with the rest of the file
15:21 plindgren joined #salt
15:21 plindgren hey guys
15:22 murrdoc guys ?
15:22 murrdoc there are guys in this room ?
15:22 murrdoc THERE ARE GUYS ON THE INTERNET
15:22 murrdoc hi, i play games and am girl
15:22 murrdoc o/
15:22 plindgren what way would you recommend using to have the latest salt version on minions and masters on centos?
15:22 murrdoc (sorry plindgren, sick meds)
15:23 plindgren Repos or pip?
15:23 XenophonF plindgren: if you have to ask, repos
15:23 murrdoc are u dev'ing or producitoning /
15:23 murrdoc if dev'ing use the bootstrap
15:23 plindgren okey, so then since i want the latest and greatest
15:23 XenophonF repos
15:23 plindgren i need a seperate repo for salt i guess
15:24 XenophonF i use the saltstack copr
15:24 XenophonF but honestly epel is probably good enough
15:24 plindgren well
15:24 plindgren epel is slow
15:24 XenophonF and using binary packages from epel involves fewer changes
15:24 plindgren still on 2014.7 for 6.6
15:25 perfectsine joined #salt
15:25 Adran joined #salt
15:25 manfred i use git and commits with the bootstrap script
15:25 XenophonF then use the saltstack coprs
15:25 plindgren alright
15:25 XenophonF but like i said, if you have to ask, then the answer is "stay as close to the os/distro defaults as you possibly can"
15:25 plindgren thx GUYS :P murrdoc
15:27 Adran left #salt
15:28 aqua^c joined #salt
15:29 Brew joined #salt
15:30 murrdoc :D
15:30 XenophonF hey murrdoc, regarding my pull request - switching to 'user.get...' isn't necessary because that's wrapped in an if statement
15:30 murrdoc but its consistent
15:30 XenophonF if `enforce_password` isn't set, that won't get rendered
15:31 XenophonF plus defaulting to "None" breaks POLA because `enforce_password` defaults to True
15:31 murrdoc its so much prettier
15:31 murrdoc user.get() > user[]
15:32 murrdoc fine be like that xeno
15:32 XenophonF note usage elsewhere - the get method's only used when a default's needed
15:32 XenophonF LOL
15:32 * murrdoc merges in lazy code
15:32 * murrdoc muttes to himself
15:32 XenophonF bless you murrdoc
15:33 murrdoc imma go fix it
15:33 XenophonF you're a kind and wonderful person
15:33 XenophonF you should
15:33 XenophonF users-formula could use a good refactoring
15:33 murrdoc sure
15:33 jaybocc2 joined #salt
15:33 murrdoc I LL DO IT
15:33 murrdoc man i hate being sicl :D
15:34 murrdoc oh my lord this is an ugly formula
15:35 * murrdoc puts on hard hat
15:35 wych joined #salt
15:36 supersheep joined #salt
15:36 otter768 joined #salt
15:43 Fiber^ joined #salt
15:44 beardo joined #salt
15:44 bhosmer joined #salt
15:49 pipps joined #salt
15:52 ageorgop joined #salt
15:52 sunkist joined #salt
15:59 Heartsbane joined #salt
16:00 zmalone joined #salt
16:01 aparsons joined #salt
16:01 alemeno22 joined #salt
16:05 dude051 joined #salt
16:06 quasiben joined #salt
16:08 alemeno22_ joined #salt
16:09 rideh joined #salt
16:13 aqua^c joined #salt
16:15 MatthewsFace joined #salt
16:15 jodv joined #salt
16:15 pipps joined #salt
16:22 aqua^c joined #salt
16:24 kawa2014 joined #salt
16:25 venu0336 joined #salt
16:25 cowpunk22 joined #salt
16:25 jaybocc2 joined #salt
16:29 ageorgop joined #salt
16:30 QuisaZaderak joined #salt
16:32 aqua^c joined #salt
16:32 jodv joined #salt
16:37 PredatorVI joined #salt
16:38 zsoftich1 joined #salt
16:38 jalbretsen joined #salt
16:39 murrdoc XenophonF:  u got time to test out a change for me ?
16:39 dopesong joined #salt
16:39 murrdoc i dont use the users formula, and could use help testing and a second pair of eyes
16:40 XenophonF murrdoc: sure!
16:40 murrdoc kk
16:40 murrdoc one second
16:41 XenophonF np - i'm watching your fork of users-formula
16:42 murrdoc kk
16:42 murrdoc i ll let you know when the pull is ready
16:42 XenophonF roger that
16:45 Corey OH YES! Salt finally made DevOps Reactions: http://devopsreactions.tumblr.com/post/125157942970/when-your-salt-states-bring-a-machine-up-with-one
16:45 MadsRC I'm trying to figure out how to use salt to manage users on my small Linux farm (100ish machines) - I've gotten user creation working using pillars (What a wonderful concept) - but I'd also like to get dotfiles for each user. The only way I can think of is to have an index of dotfiles, for each user, that points to the dotfiles and then iterate that in a state. Any other idea?
16:46 XenophonF MadsRC: are you pushing the same dotfiles to all of the users?
16:47 iggy or some set of files to some set of users
16:48 XenophonF one of the file states can mirror the contents of a directory in the state tree to a given location on the file system
16:48 XenophonF !g saltstack file state
16:48 saltstackbot XenophonF: http://docs.saltstack.com/en/latest/ref/states/all/salt.states.file.html
16:48 XenophonF bless you saltstackbot!
16:48 iggy !salt states.file
16:48 saltstackbot http://docs.saltstack.com/en/latest/ref/states/all/salt.states.file.html
16:48 dude051 joined #salt
16:48 sdm24 specifically http://docs.saltstack.com/en/latest/ref/states/all/salt.states.file.html#salt.states.file.recurse
16:48 XenophonF that's it
16:49 iggy !salt states.file.recurse
16:49 saltstackbot http://docs.saltstack.com/en/latest/ref/states/all/salt.states.file.html#salt.states.file.recurse
16:49 XenophonF funny thing is, i meant to type that into ddg :)
16:49 malinoff has it been fixed with non-ascii letters?
16:49 malinoff !salt тест
16:49 sdm24 I can't trust a computer to do a person's job *uses Salt*
16:49 malinoff yay
16:49 XenophonF i really wish my window manager had "focus follows eyes"
16:49 XenophonF or even better "focus dwim"
16:49 clintberry joined #salt
16:50 MadsRC XenophonF: sorry, didn't see your answer. Nope, I'm not pushing the same dotfiles. User A has their own dotfiles that should be pushed to servers where User A is present
16:50 aqua^c joined #salt
16:50 sdm24 Is User A present on multiple machines?
16:50 XenophonF MadsRC: have you considered amd/autofs or pam_mount or something like that instead?
16:50 MadsRC yes
16:50 MadsRC XenophonF: Nope, actually not
16:51 iggy then you'll have to /home/userA:\n  file.recurse:    - source: salt://users/userA/homedir
16:51 XenophonF i mean, unless these are service accounts, i'd rather give end users the ability to managed their home directories on their own
16:51 iggy or something
16:51 KyleG joined #salt
16:51 KyleG joined #salt
16:51 MadsRC iggy: But I'd have to put that dir in the /srv/salt dir and not the pillar dir right?
16:51 iggy correct
16:52 twork Corey: thanks, there goes my day...
16:52 MadsRC and every minion has access to everything in the /srv/salt dir?
16:52 iggy correct
16:52 MadsRC iggy: Meh...
16:52 MadsRC fiar enough :D
16:52 iggy so if a user gets root on a box, they can see whatever
16:52 sdm24 {% for user in salt['pillar.get']('users' %} /home/{{ user }}: \n file.recurse:  - source: salt://users/{{ user }}/files
16:52 impi joined #salt
16:52 iggy which is no different than... NFS /home or whatever
16:53 sdm24 obviously fixing my typos
16:53 MadsRC I'll see what I can come up with :D
16:53 iggy we're all anxiously awaiting pillar:// uris
16:53 sdm24 good luck! There are usually multiple solutions with Salt
16:53 XenophonF MadsRC: if you want an example NFSv3/NIS/Kerberos5 setup, take a look at my state tree (https://github.com/irtnog/salt-states)
16:53 MadsRC iggy: That would be legendary :D
16:54 MadsRC XenophonF: Looking right now :D
16:54 iggy but that would still give root user access to whatever was targeted at that minion
16:54 wendall911 joined #salt
16:54 MadsRC Actually already got a LDAP/AD infrastructure present so if I could get users from that it would be even better
16:54 XenophonF i have my freebsd/linux/solaris boxes integrated with AD and Windows file servers that way
16:54 MadsRC iggy: That is true, but atleast it's limited to that minion(set of minions)
16:55 XenophonF so /home/domainname is a symlink to the /host/fileserver/users autofs-managed mount point
16:55 iggy there's some examples of pulling data from AD in the 2015.5 release notes
16:55 XenophonF oh are there? i missed that
16:56 iggy mostly for users
16:57 MadsRC XenophonF: Oh, I like the part about the roles... I'm doing it using grains right now and is a bit worried that a roque server can reissue a new role... Using the minion_id seems like a decent way (as it can't be changed unless you got root on the master, in which case, you're screwed anyway...)
16:57 linjan_ joined #salt
16:57 keimlink joined #salt
16:58 XenophonF MadsRC: that's exactly what drove me to implement role and environment assignments using pillar
16:58 XenophonF i think it was babilen who finally convinced me
16:58 khebbie_ joined #salt
16:58 XenophonF take a look at https://github.com/irtnog/salt-pillar-example, too
16:59 MadsRC Right now I define the role in a pillar by matching the "role" grain... Gives me the chills :P
17:00 Bryson joined #salt
17:01 jaybocc2 when nodes come online... salt-run manage.up shows all of them
17:01 jaybocc2 salt \* state.highstate works for all of them
17:01 * XenophonF googles manage.up and learns something new
17:01 jaybocc2 salt -G 'somegrain' state.highstate detects all of them, but fails on nodes that haven't had a salt-minion restarted
17:02 phx joined #salt
17:02 jaybocc2 salt \* state.highstate still works for all
17:02 jaybocc2 and then salt \* service.restart salt-minion on all of them, causes the next salt -G 'somegrain' state.highstate to work for all matching nodes again
17:02 jaybocc2 anyone able to provide some insight as to this strange behavior?
17:03 MadsRC XenophonF: It seems that this page states that a minion_id can be changed? http://docs.saltstack.com/en/latest/topics/targeting/globbing.html
17:03 iggy jaybocc2: is it a custom grain module?
17:03 b18 joined #salt
17:04 jaybocc2 yes in _grains
17:04 druonysuse joined #salt
17:04 jaybocc2 there is a period where -G only returns old nodes, but once that is passed, it returns the expected nodes
17:04 jaybocc2 but they fail to return
17:04 iggy test at what point the modules shows up in /var/cache/salt/minion/extmods/
17:04 XenophonF MadsRC: it can be, but you have to have admin rights on the master in order to accept the minion id change
17:05 XenophonF and if Eve already has admin rights on your master, you're screwed
17:05 iggy jaybocc2: I'm assuming you're using the latest salt?
17:05 MadsRC XenophonF: Ah, so If a minion changes it, you'd have to accept it again? Does it make a new key or is it something else that changes?
17:06 Gareth morning morning
17:06 jaybocc2 admin@prod-dash-004:~$ sudo salt-call --version
17:06 jaybocc2 salt-call 2015.5.2 (Lithium)
17:06 XenophonF MadsRC: basically - i need to rtfs to be sure, but i think the minion id gets included in its public key
17:07 MadsRC XenophonF: Thanks, I'll play around with it some more :D
17:07 cowpunk22 joined #salt
17:07 jaybocc2 XenophonF, MadsRC the key doesn't have to change, just on the master in /etc/salt/pki/master/minions/ the file which is the minions pub key, needs to match the minion-id
17:07 XenophonF there you go
17:07 jaybocc2 so if you rename from minion-001 to minion-002, the file must be renamed, or the re-accepted
17:07 murrdoc this is a stupid formula
17:08 iggy on the master side, the minion public key is in a file at /etc/salt/pki/master/minions/<minion_id>
17:08 quique joined #salt
17:08 jaybocc2 ^
17:08 aqua^c joined #salt
17:08 XenophonF the upshot is, masters actually ID minions cryptographically, not by name
17:08 MadsRC jaybocc2: Thanks man :D
17:09 XenophonF so an attacker has to have admin rights to your master in order to change a minion ID
17:09 XenophonF and if that's the case, they already have access to your entire config management system so, in the words of Bender Bending Rodriguez, you're boned.
17:11 theologian joined #salt
17:17 aqua^c joined #salt
17:19 bhosmer joined #salt
17:19 Tlost joined #salt
17:19 forrest joined #salt
17:19 MadsRC Can I rename a file when I do file_recurse? So the detination file have a . prepended the source name?
17:21 MadsRC Oh, seems like I can do it with "name"... solly me...
17:21 MadsRC s/solly/silly/g
17:22 stanchan joined #salt
17:23 quique joined #salt
17:23 dergrunepunk Hi guys, I get "No minions matched the target. No command was sent, no jid was assigned." using salt-cloud, having checked the minion config seems to be ok and "salt-key -L" shows the minion in green
17:24 ajw0100 joined #salt
17:26 MadsRC minion_id is the same as the "id" in grains, right?
17:26 dergrunepunk MadsRC: yes
17:27 MadsRC dergrunepunk: Thanks :)
17:32 ageorgop joined #salt
17:33 BradThurber joined #salt
17:33 Slimmons joined #salt
17:34 impi joined #salt
17:35 aqua^c joined #salt
17:35 b18 joined #salt
17:37 otter768 joined #salt
17:37 iggy dergrunepunk: the command would help
17:38 dergrunepunk iggy: salt-cloud --script-args='-P' --show-deploy-args -k -y -p jenkins-deploy self-deployed-27-dev
17:39 MadsRC Say I have different enviroments /srv/salt/base /srv/salt/env - Can a minion in /srv/salt/env access stuff in /srv/salt/base?
17:40 MadsRC (Sorry about all these questions, I'm convincing my employer that Salt is the way to go)
17:40 iggy dergrunepunk: never seen that error from salt-cloud
17:40 KyleG1 joined #salt
17:40 iggy MadsRC: the environments inherit from each other
17:41 MadsRC iggy: ah okay, so the only real way to separate enviroments is to have 2 masters?
17:41 iggy that's the only way I can think of
17:41 dergrunepunk iggy: I'm launching this from a jenkins, this is the complete log http://paste.debian.net/286623/
17:42 MadsRC Awesome, that's good to know... One more reason not to do both infrastructure and customer hosting on the same master
17:42 cryptolukas joined #salt
17:44 giantlock joined #salt
17:46 ajw0100 joined #salt
17:46 jodv joined #salt
17:47 Slimmons Hey, I'm failing to set up ruby with RVM using salt.  Here's a gist of what I've tried, and in the comments, what I'd prefer to do (and failing at).  https://gist.github.com/johnsimmons/4bcb844828b5e96b3a7f
17:47 Slimmons Any help is appreciated as always
17:48 ALLmightySPIFF joined #salt
17:49 murrdoc iggy i uh messed up
17:50 murrdoc on accident
17:50 iggy git revert
17:50 Slimmons lol
17:50 murrdoc and i cleaned it up
17:51 murrdoc https://github.com/saltstack-formulas/users-formula
17:51 XenophonF Slimmons: what error are you getting when you run those states?
17:51 murrdoc XenophonF:  can u test out https://github.com/saltstack-formulas/users-formula/tree/xenobeta
17:51 XenophonF LOL yes
17:51 murrdoc and then send a pull to fix any issues
17:51 XenophonF love the commit message
17:52 murrdoc told you , am sick
17:52 Slimmons added to comments
17:53 Slimmons XenophonF:  What I have now, works sometimes, but not every time.  I think it has something to do with my gpg key state being static.  I'd much rather do it the method in the comment, but I need a bit of guidance there.
17:53 aqua^c joined #salt
17:53 XenophonF Slimmons: going to need more info - look at the minion log file
17:53 XenophonF what's stopping you for doing it the way shown in the rvm state module docs?
17:54 keimlink joined #salt
17:55 Slimmons I didn't save what I did, but I'll go back and recreate it, and put it in the gist also.  It was setting up rvm, with wrong versions, and had multiple errors I didn't understand.  I'll recreate what I did and get back with you
17:56 c10b10 joined #salt
17:58 XenophonF ok murrdoc, i cloned it into my base env, and i'm testing now
17:58 murrdoc yay
18:00 Gareth o/
18:00 markm joined #salt
18:01 DammitJim joined #salt
18:02 b18 joined #salt
18:03 BradThurber joined #salt
18:04 agend joined #salt
18:05 murrdoc \o
18:06 sunkist joined #salt
18:08 rideh joined #salt
18:11 evilrob joined #salt
18:11 bhosmer joined #salt
18:11 aqua^c joined #salt
18:13 evilrob_ joined #salt
18:13 tiadobatima joined #salt
18:15 bhosmer joined #salt
18:16 Slimmons joined #salt
18:17 jhauser joined #salt
18:18 impi joined #salt
18:21 mapu joined #salt
18:26 chiui joined #salt
18:28 jaybocc2 joined #salt
18:29 XenophonF murrdoc: it doesn't work, https://gist.github.com/xenophonf/6aafb29dc09229a019f1
18:29 aqua^c joined #salt
18:29 XenophonF if you want to test it yourself, i included the salt-call command i used
18:30 Slimmons XenophonF: https://gist.github.com/johnsimmons/4bcb844828b5e96b3a7f     I updated what I had done before.
18:31 Slimmons I didn't have as many errors, but a lot of that is because I was trying to do a lot at once that I didn't understand.  I cut it all out except the creation of the rvm group, dependencies, and the actual rvm install.
18:33 Slimmons simple error, but I'm not sure what method salt actually uses in the background to try and install rvm, so I'm not entirely sure what methods to use in troubleshooting this.  (because I'm still a noob)
18:34 perfectsine joined #salt
18:34 drawsmcgraw Does file.copy() accept globs like the CLI cp command?
18:37 murrdoc XenophonF:  can u replace users.sudo with users_settings.sudo
18:48 XenophonF sorry murrdoc i'm out of time - i'll take another look tomorrow
18:48 ajw0100 joined #salt
18:50 quique joined #salt
18:51 monkey66 left #salt
18:53 N-Mi joined #salt
18:54 murrdoc XenophonF:  thanks broseph
18:54 murrdoc i might put in more work
18:54 XenophonF no problem - i'll ping you tomorrow morning
18:55 sdm24 is there a salt module that will tell me when a minion was last shut down?
18:55 sdm24 or how long a minion has been turned on
18:55 iggy cat /proc/uptime
18:55 murrdoc google status module
18:55 XenophonF oh, btw, since you're refactoring, change "iteritems" to "items"---the former isn't compatible with Python 3, even though the latter is a little slower on Python 2
18:55 XenophonF !saltstack status module
18:55 XenophonF !salt status module
18:55 sdm24 thats what i wanted!
18:55 pdayton joined #salt
18:56 XenophonF what happened to the bot?
18:56 sdm24 thanks. My google fu wasn't coming up with that
18:56 murrdoc xeno .. iggy got heat for the bot
18:56 iggy !salt modules.status
18:56 saltstackbot http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.status.html
18:56 murrdoc cos people wont do the work
18:56 XenophonF LOL
18:56 iggy that?
18:56 murrdoc but will complain about work when other people do it
18:56 murrdoc cos its not perfect
18:56 murrdoc but iggy persevered
18:56 XenophonF god bless you, iggy
18:57 iggy !salt modules.status.uptime
18:57 saltstackbot http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.status.html#salt.modules.status.uptime
18:57 c10b10 joined #salt
18:58 pdayton joined #salt
18:59 tzero joined #salt
19:00 murrdoc u go iggy
19:02 Matthews_ joined #salt
19:03 Matthew__ joined #salt
19:05 alemeno22 joined #salt
19:07 cowpunk22 joined #salt
19:13 babilen XenophonF: You might like pillarstack for that
19:13 babilen (roles that is)
19:13 hoonetorg joined #salt
19:13 murrdoc what is pillar stack
19:14 hoonetorg hi
19:14 murrdoc babilen:  link for pillarstac
19:14 Slimmons Alright, I found people with the same problem, but no solution that is working for me yet.  https://github.com/saltstack/salt/issues/17184  Those guys have the same problem.  Fix here https://gist.github.com/johnsimmons/4bcb844828b5e96b3a7f Not working for me
19:14 saltstackbot [#17184]title: rvm.installed fails, if gpg is installed, since it should verify the signature | RVM moved to signing releases....
19:14 XenophonF https://github.com/bbinet/pillarstack
19:14 XenophonF looks interesting - thanks for the pointer, babilen
19:14 hoonetorg how can i see what a rendered jinja template would look like without actually running state.sls test='True'
19:14 bhosmer joined #salt
19:15 gcfhvjbkn joined #salt
19:15 murrdoc looks like heira
19:17 cryptolukas joined #salt
19:19 hoonetorg actually i want to understand what this line does https://github.com/hoonetorg/salt-formula/blob/master/salt/files/master.d/f_defaults.conf#L484
19:20 hoonetorg without running state.sls salt.master test='True' all the time
19:20 XenophonF hoonetorg: that's a macro call
19:20 XenophonF see https://github.com/hoonetorg/salt-formula/blob/master/salt/formulas.jinja#L31 for the `file_roots` macro definition
19:20 XenophonF as for seeing what a file renders to...
19:20 hoonetorg XenophonF: aahhh macros, on that thing thing i'm not good yet
19:21 XenophonF i wish i had a good answer aside from running the state or deploying the fie
19:21 XenophonF file
19:21 alemeno22 joined #salt
19:22 ajw0100 joined #salt
19:22 sgargan is it possible at all to use the output of one step of an orchestration in a subsequent step?
19:24 murrdoc nope
19:24 murrdoc set state on machine, or grain
19:24 murrdoc and use that
19:24 hoonetorg XenophonF: I'm asking myself if it has to do with https://github.com/hoonetorg/salt-formula/blob/master/salt/files/master.d/f_defaults.conf#L484  that /srv/salt is set as file_root without defining it in pillar_data (see also: https://gist.github.com/hoonetorg/6fd76ae2afe8a2d1ec7d)
19:25 iggy /srv/salt is the default
19:26 hoonetorg iggy: can this be changed without changing the file f_defaults.conf in the salt-formula
19:26 hoonetorg i use /srv/salt/base currently :)
19:26 iggy the default? It's set by salt if you don't set it
19:26 iggy then set that in your pillar
19:27 sgargan murrdoc i have a registry that I need to query and based on the output of the query I need to take various actions. its not something that has a minion running on it
19:27 XenophonF ugh, /srv/salt shouldn't be the default on FreeBSD
19:27 XenophonF i'll have to dig into the formula and figure out how to change that
19:27 murrdoc sgargan:  so an external pillar data
19:28 XenophonF hoonetorg: what problem are you having?
19:29 sgargan thanks murrdoc I’ll look into it.
19:30 tiadobatima joined #salt
19:30 hoonetorg XenophonF: want to change the result of the /etc/salt/master.d/f_defaults.conf to have /srv/salt/base instead of /srv/salt in https://gist.github.com/hoonetorg/6fd76ae2afe8a2d1ec7d#file-gistfile1-txt-L4
19:31 hoonetorg when using salt-formula
19:32 hoonetorg afaiu https://github.com/hoonetorg/salt-formula/blob/master/salt/files/master.d/f_defaults.conf#L484 define the var input for the macro ?
19:32 hoonetorg (https://github.com/hoonetorg/salt-formula/blob/master/salt/formulas.jinja#L31)
19:32 XenophonF hoonetorg: change the setting in Pillar, e.g., https://github.com/irtnog/salt-pillar-example/blob/master/salt/example/com/init.sls#L165
19:33 XenophonF that file mimics how i have my master configured (via salt-formula's salt.master SLS)
19:33 iggy all that formulas.jinja crap is ugly as fuck
19:33 XenophonF mine's FreeBSD, so i've overridden it to /usr/local/etc/salt/states
19:33 hoonetorg Xenophonf: thx
19:33 hoonetorg iggy: :)
19:34 XenophonF iggy: i'm rather surprised that salt-formula doesn't set up formulas as git repos directly
19:34 iggy just set the pillar, it'll overwrite whatever the default is
19:34 tzero joined #salt
19:34 iggy XenophonF: against my wishes it does
19:34 XenophonF it's a pain to have to remember to re-run the salt.formulas SLS on my masters every time i merge changes from upstream
19:34 iggy I still use git formulas
19:35 iggy screw that formula setup crap
19:35 hoonetorg iggy: XenophonF: try to understand what defines the default is it https://github.com/hoonetorg/salt-formula/blob/master/salt/files/master.d/f_defaults.conf#L484
19:35 Savemech joined #salt
19:36 iggy set salt:master:file_roots:base in your pillar
19:36 fxhp joined #salt
19:36 XenophonF hoonetorg: the default value comes from that template
19:36 XenophonF hoonetorg: to change it, you must override the value in pillar
19:36 XenophonF hoonetorg: for an example pillar file, refer to the salt.example.com Pillar i linked to earlier
19:37 XenophonF iggy: the only reason i'm using salt.formulas instead of listing them in gitfs_remotes is because i'm not using the base environment
19:37 XenophonF i need to figure out webhooks and github and stuff, and then have commits automatically run the salt.formulas SLS along with fileserver.update
19:37 hoonetorg iggy: XenophonF: i understand that i need to change the pillar data, thx. currently i try to understand where the default values for the macro come from
19:38 otter768 joined #salt
19:38 XenophonF hoonetorg: the default value of the macro is right there, in the arguments to file_roots at https://github.com/hoonetorg/salt-formula/blob/master/salt/files/master.d/f_defaults.conf#L484
19:38 XenophonF hoonetorg: it's right in front of your eyes
19:39 hoonetorg XenophonF: as you stated few lines above it seems i understood (sets the input var for the macro as parameter)
19:39 XenophonF hoonetorg: if it was a snake, it would have bitten you by now ;)
19:39 hoonetorg :)
19:39 XenophonF hoonetorg: specifically, this text "{'base': ['/srv/salt']}" is the default value
19:39 rideh joined #salt
19:39 sgargan murrdoc: do the external pillars run with every execution, or is it possible to restrict them to runs that match specific hosts?
19:39 XenophonF hoonetorg: so see the surrounding if statement?
19:40 hoonetorg XenophonF: what I still don't get is, how the input var in https://github.com/hoonetorg/salt-formula/blob/master/salt/formulas.jinja#L31 is merged with pillar data
19:41 hoonetorg (XenophonF: i understood, it has already bitten me)
19:41 XenophonF hoonetorg: that's done in the f_defaults.conf Jinja template
19:42 XenophonF hoonetorg: https://github.com/hoonetorg/salt-formula/blob/master/salt/files/master.d/f_defaults.conf#L4
19:43 keimlink joined #salt
19:43 XenophonF hoonetorg: that pulls in the entire `salt` Pillar key
19:44 XenophonF hoonetorg: the `salt` Pillar key has as its value another dict (or at least it's supposed to)
19:44 aron_kexp joined #salt
19:44 XenophonF hoonetorg: so the next line searches that dict for a key named `master`, whose value is also supposed to be a dict
19:45 XenophonF in yaml the data struct that it's processing gets represented much like the example i gave you
19:45 hoonetorg XenophonF: i got it
19:45 hoonetorg OH UH
19:45 Slimmons Not trying to harass anyone :) , but I'm completely stuck on this rvm thing https://gist.github.com/johnsimmons/4bcb844828b5e96b3a7f  I found the problem reported on salt's github account (linked in comments).  Haven't found anything that works yet.
19:45 hoonetorg that means the the cfg_master is used when i set the pillar
19:45 bhosmer joined #salt
19:45 hoonetorg that is bad
19:46 XenophonF hoonetorg: cfg_master is just a variable, for convenience's sake
19:46 hoonetorg because it never comes to https://github.com/hoonetorg/salt-formula/blob/master/salt/files/master.d/f_defaults.conf#L484
19:46 hoonetorg because an if before is true
19:46 XenophonF it contains the value of the dictionary key 'master' that's in the dictionary that's a value of the dictionary key 'salt' that's in the Pillar dictionary
19:47 hoonetorg but i define formulas in my pillar
19:47 XenophonF which is a long way of saying the value of pillar.get('salt:master')
19:47 XenophonF you do not define formulas in Pillar
19:47 XenophonF Pillar only contains data
19:47 breakingmatter joined #salt
19:47 c10b10 joined #salt
19:47 XenophonF formulas are Salt states
19:48 XenophonF i don't know if i'm explaining it well
19:50 napsterX joined #salt
19:50 hoonetorg XenophonF: i mean that pillar data https://gist.github.com/hoonetorg/acbe8cd54c557acc5e2c
19:50 hoonetorg salt_formulas:list
19:51 szwed joined #salt
19:52 Savemech joined #salt
19:52 XenophonF ah
19:52 XenophonF yes
19:52 szwed hi, anyone knowing the answer for: https://github.com/saltstack/salt-cloud/issues/932  - its quite annoying..
19:52 saltstackbot [#932]title: [EC2][AWS] How to specify static private ip address in map file? | Hi,...
19:52 tzero joined #salt
19:52 repl1cant joined #salt
19:54 iggy salt-cloud is a dead project, so if you opened that, go open it in the salt project
19:54 Edgan iggy: dead as in as a separate repo, or a dead idea?
19:55 iggy dead as in it's been merged upstream, so the salt-cloud project isn't a standalone thing anymore
19:55 Edgan iggy: ok, that is what I thought you meant, but wanted clarification
19:56 iggy szwed: did you install salt-cloud from that git repo?
19:57 szwed yes, I have the latest version
19:57 szwed I am hardcoding static ip adrresses in profiles at the moment
19:57 iggy that's not the latest version
19:58 szwed ouhh..
19:58 XenophonF szwed: use the version of salt-cloud that comes with salt
19:58 XenophonF szwed: it might be a separate package, e.g., salt-cloud on CentOS
19:58 XenophonF szwed: or it might not, e.g., py27-salt on FreeBSD (which includes everything)
19:59 szwed 2015.5.2+ds-1trusty1
19:59 szwed I am using this one
19:59 XenophonF yeah, use the salt-cloud package on debian & downstream distros
20:01 cpowell joined #salt
20:01 hoonetorg XenophonF: i tried defining the salt:master:file_roots pillar and it works (see https://gist.github.com/hoonetorg/817160cb9c13586a01a4)
20:02 hoonetorg aahhh and now i partly understand why
20:04 jness left #salt
20:05 c10b10 joined #salt
20:06 robawt Heartsbane: i'm going to start charging you for times i spill a beverage reading your G+ posts
20:07 murrdoc :D
20:07 murrdoc links
20:07 bmac2 joined #salt
20:07 cowpunk22 joined #salt
20:12 jhauser joined #salt
20:13 subleq is there any way for state.highstate to log what it's doing as it goes, instead of waiting till everything is done?
20:13 subleq it seems like it's stuck but I have no idea what it's doing
20:14 hoonetorg XenophonF: oh no i don't understand: i have now "file_roots in cfg_master" and https://github.com/hoonetorg/salt-formula/blob/master/salt/files/master.d/f_defaults.conf#L479 becomes true, but why does it still parse the formulas https://github.com/hoonetorg/salt-formula/blob/master/salt/files/master.d/f_defaults.conf#L483 only one elif is executed isn't it?
20:15 zsoftich1 is there a way to flush iptables if another salt managed iptables rule changes?
20:16 pipps joined #salt
20:16 iggy subleq: minions wait until they are done to send data back, so the only way would be to look at the minions directly
20:17 subleq iggy: sure, how can I get it on the minion then?
20:17 iggy look at logs
20:17 tipiak joined #salt
20:18 XenophonF hoonetorg: the file_roots() macro handles merging
20:19 XenophonF hoonetorg: only one if clause gets executed, yes
20:19 hoonetorg XenophonF: yeaahhhhh now i understand
20:21 hoonetorg the file_roots macro is only called every time (except the last else)
20:21 hoonetorg that's it
20:21 Adran joined #salt
20:23 hoonetorg XenophonF: thx for analysing the code (i hate it when i don't understand why a thing works like it works, will sleep better now.... and probably reuse what i learned now in my own stuff :)
20:23 Adran left #salt
20:24 iggy don't reuse anything in that jinja file
20:27 aqua^c joined #salt
20:32 hoonetorg iggy: :) you mean it doesn't follow the KISS principle !and! isn't good readable code?
20:33 napsterX joined #salt
20:34 quique joined #salt
20:34 druonysus joined #salt
20:36 murrdoc XenophonF:  here i thought u was done for the day
20:37 aqua^c joined #salt
20:42 pipps joined #salt
20:42 chiui joined #salt
20:45 Savemech joined #salt
20:45 rideh joined #salt
20:46 aqua^c joined #salt
20:55 X67r joined #salt
20:55 aqua^c joined #salt
20:59 jodv joined #salt
21:00 MatthewsFace joined #salt
21:02 pipps joined #salt
21:04 aqua^c joined #salt
21:08 stanchan joined #salt
21:08 murrdoc joined #salt
21:11 Deevolution joined #salt
21:11 murrdoc1 joined #salt
21:13 aqua^c joined #salt
21:14 clintberry joined #salt
21:18 cowpunk22 joined #salt
21:19 cberndt joined #salt
21:19 Heartsbane robawt: do what you have to do
21:20 robawt haha
21:22 Heartsbane robawt: I was just informed 30 minutes ago that I have to prepare a 3 minute video on why I chose Salt as my remote execution/deployment method by the boss by 5PM.
21:23 Heartsbane Welcome to Monday.
21:23 forrest Heartsbane: Should be easy
21:23 iggy salt marketing dept to the rescue
21:23 Heartsbane forrest: it is, just gimme more than 2 hours notice on a Monday
21:24 forrest Heartsbane: Yeah, very weird. Feel free to steal anything you need from my slides if you want: https://speakerdeck.com/gravyboat
21:24 Heartsbane Thanks
21:24 forrest Heartsbane: You could also look at Ryan_Lane's stuff about why he picked salt: http://ryandlane.com/blog/2014/08/04/moving-away-from-puppet-saltstack-or-ansible/
21:25 robawt Heartsbane: a video?  that's new
21:27 LtLefse 5PM? you could give yourself a few more hours if your boss failed to specify a time zone
21:27 stanchan joined #salt
21:28 evilrob joined #salt
21:30 cowpunk22 joined #salt
21:30 murrdoc joined #salt
21:30 giantlock joined #salt
21:31 aqua^c joined #salt
21:31 Savemech joined #salt
21:31 stanchan joined #salt
21:32 tiadobatima hi guys... I'm sure this is a very stupid question, but I'm on it for hours.... I'm trying to generate a yaml config file for one of our applications, and a natural place for these config seem to be a pillar... how can I build a whole config file entirely from a pillar? contents_pillar option in file.managed() doesn't seem to help
21:33 tiadobatima I'm getting this error:"contents" is not a string or list of strings
21:33 murrdoc joined #salt
21:34 napsterX joined #salt
21:34 iggy paste the state
21:36 tiadobatima http://pastebin.com/HCAtgKAf
21:38 zmalone joined #salt
21:38 iggy that error message seems to indicate that something else is the problem
21:39 otter768 joined #salt
21:40 tiadobatima ok... that config has a private key in it not much different than the contents_pillar example in: http://docs.saltstack.com/en/latest/ref/states/all/salt.states.file.html#salt.states.file.managed
21:40 stanchan joined #salt
21:41 iggy no other file.managed states?
21:41 sdm24 does salt '*' pillar.item myapp show the file?
21:43 ajw0100 joined #salt
21:43 tiadobatima ohhh... I wonder is contents_pillar option doesn't work if the content of the pillar is a dict... as the error says: '"contents" is not a string or list of strings'
21:44 pipps joined #salt
21:44 tiadobatima there are other file.managed, but not with that file
21:45 iggy I think all my contents_pillar's are just strings
21:45 Slimmons If anybody feels like looking into my problem, it's on serverfault http://serverfault.com/questions/708898/rvm-install-via-saltstack-could-not-install-ruby
21:46 tiadobatima sdm24: pillar.item shows the pillar correctly
21:46 snarfy joined #salt
21:48 iggy tiadobatima: try a string, see what happens
21:49 tiadobatima yeah... it works
21:49 tiadobatima it doesn't like dicts
21:49 iggy and/or output the pillar via indent|yaml using a multiline string literal
21:51 snarfy hrm - i have a python module in salt/_grains that is supposed to make grain data out of AWS ec2 instance metadata.
21:51 snarfy but it doesn't appear to be working, and I'm not sure how that stuff works entirely - if there's a custom grain module in _grains should it automatically set those grains on highstate?
21:51 tiadobatima iggy... I suspect I'm gonna like your idea... but I'm not sure what you mean
21:52 snarfy (i'm trying to figure out if it stopped working or if I need to do something else to slurp those grains in)
21:52 snarfy i know it's worked in the past... but new aws instances aren't getting the grains
21:52 iggy - contents: |\n        {{ pillar_val|yaml|indent(8) }}
21:53 iggy or something like that
21:53 snarfy oh veyr nice
21:54 tiadobatima cool! thx for the help iggy
21:55 jY joined #salt
21:55 tiadobatima snarfy... I did exactly what you're trying to do here (I got the base from salt's git repo and adapted to also get tags...
21:55 iggy snarfy: run sync_all before the highstate and see if that helps
21:56 tiadobatima but I ended up moving that out of _grains and into a script that gets executed when the instance comes up and writes the info to /etc/salt/grains
21:56 snarfy well sync_grains oughtta works too, n'est-ce pas? - i cna see the aws_grain.py file in /var/cache/salt/blahblah/extmods/grains
21:57 iggy we used to do the "write to grains on boot" it was kind of a mess
21:57 jhauser joined #salt
21:58 stanchan joined #salt
22:01 amcorreia joined #salt
22:01 pdayton joined #salt
22:01 pipps99 joined #salt
22:01 omegamike joined #salt
22:04 tiadobatima yeah... the only reason we moved out of _grains is because retrieving metadata is different depending if we're in EC2, or our own datacenters( openstack, physical, plain VMs or docker).... if you're on EC2 only, I wouldn't bother removing it from _grains
22:05 jodv joined #salt
22:10 snarfy oh but we have the same issue for sure
22:10 snarfy we've got some vmware shizzle in the mix these days too
22:11 pdayton joined #salt
22:12 iggy check salt-contrib to see if there's any fun vmware stuff
22:12 druonysuse joined #salt
22:14 scoates joined #salt
22:16 tiadobatima snarfy: if you have a non-ec2 instance and want to keep that in _grains, I'd suggest you to adjust the timeouts to the metadata URL, and avoid calls to AWS API.... ie, have fast and reliable check that verifies where your instance is running right on top
22:16 subleq left #salt
22:18 iggy there's a setting to cache the grains
22:20 snarfy will do. I think I can probably set it to use one or the other based on os_virtual or something
22:21 snarfy right like if grains['os_virtual'] == vmware / xen
22:21 snarfy or just the grain is just 'virtual'
22:23 druonysuse joined #salt
22:24 madpenguin joined #salt
22:24 pdayton joined #salt
22:26 aqua^c joined #salt
22:28 Ryan_Lane I'm trying to run pylint from my own environment and am hitting issues: ImportError: No module named saltpylint
22:28 Ryan_Lane looks like it's in pip, but it's not listed in any of the requirements
22:29 Ryan_Lane and isn't in the docs
22:34 napsterX joined #salt
22:35 kevinquinnyo joined #salt
22:36 kevinquinnyo if I have a salt-master (Master of Masters) with multiple salt-syndics elsewhere, how do i specify which minions controlled by which syndics should be targeted
22:36 kevinquinnyo for example if i wanted to run highstate on syndic-02 for minions 'scout*'
22:37 kevinquinnyo if that can not be done, i'm wondering what is the advantage at all of having this master of masters / salt-syndic setup at all
22:37 kent_ joined #salt
22:44 aqua^c joined #salt
22:45 JPaul joined #salt
22:53 aqua^c joined #salt
22:54 loz-- joined #salt
22:58 murrdoc joined #salt
22:59 pipps joined #salt
23:03 loz-- joined #salt
23:03 snarfy alright so that was my dumb mistake. the aws_grains.py required boto, which wasn't installed by default
23:03 snarfy i thought it was just using the public api
23:04 murrdoc joined #salt
23:04 snarfy but I have another question: on one of my instances I can see that all the grain data is in /etc/salt/grains... and the aws data was retained through a minion restart... but I don't see an /etc/salt/grains file. Where's the grain information kept when returned with this method?
23:06 snarfy er, rather, this most recent time when I ran the aws_grains script, i expected it to make /etc/salt/grains because i saw that on a different minion with the aws data in. could be from a different attempt at this problem though
23:08 clintberry joined #salt
23:09 cowpunk22 joined #salt
23:10 jaybocc2 joined #salt
23:12 iggy grain data isn't stored, scheduler data is the only thing I know of that's stored on disk
23:12 murrdoc grain data can be stored
23:12 hoonetorg how to ensure that in formula is run after something else is finished ? I usually do something like this https://github.com/hoonetorg/salt-nfs-formula/blob/master/nfs/client.sls#L7 to https://github.com/hoonetorg/salt-nfs-formula/blob/master/nfs/client.sls#L12 the pillar data for that looks like this https://gist.github.com/hoonetorg/6676a4e46b897e2ef30a
23:12 iggy *by default
23:14 hoonetorg now that i more and more use existing formulas, how do you guys solve running sls/formulas in a specific order (but still in a modular and flexible way)
23:14 hoonetorg ?
23:14 iggy top-down order
23:16 hoonetorg iggy: since sls are executed in the order they are defined, you specify them in the correct order in your state sls files?
23:16 iggy and the top file
23:17 stanchan joined #salt
23:17 hoonetorg iggy: thx, did you never have a situation where this was not enough?
23:19 hoonetorg i remember i started working like this, because there was an edge case where this doesn't work as i wanted, but i forgot what it was?
23:19 hoonetorg :)
23:21 Savemech joined #salt
23:22 hoonetorg ah yeah i remember, i use reclass and sometimes it's hard to define them in the correct order, because of the normal behaviour of reclass when you do some fancy reclass stuff :)
23:31 iggy orchestration
23:31 aurynn as a service
23:35 napsterX joined #salt
23:36 hoonetorg iggy: already using orchestration, but only if i must ensure an order on multiple hosts (like for ceph or opennebula)
23:37 cowpunk22 joined #salt
23:37 hoonetorg iggy: but if i can't manage an order as wanted on a single host, i should probably orchestrate it, good idea...
23:40 otter768 joined #salt
23:40 bfoxwell joined #salt
23:48 MatthewsFace joined #salt
23:50 omegamike joined #salt
23:52 aqua^c joined #salt
23:52 otter768 joined #salt
23:59 murrdoc http://devopsreactions.tumblr.com/post/125157942970/when-your-salt-states-bring-a-machine-up-with-one

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary