Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2015-08-11

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:00 PredatorVI HA!  Yeah.
00:00 PredatorVI BTW, I do use includes.
00:02 aqua^c joined #salt
00:05 djstorm joined #salt
00:07 baweaver joined #salt
00:07 Tyrm joined #salt
00:10 omegamike joined #salt
00:11 claytron_ joined #salt
00:16 dendazen joined #salt
00:23 pm90_ joined #salt
00:27 ajw0100 joined #salt
00:30 Tyrm joined #salt
00:43 djstorm joined #salt
00:44 spark_ joined #salt
00:45 clintberry joined #salt
00:49 breakingmatter joined #salt
00:54 spatry2015 joined #salt
00:59 funzo joined #salt
01:02 forrest joined #salt
01:03 ajw0100_ joined #salt
01:12 claytron_ joined #salt
01:14 CeBe1 joined #salt
01:25 pm90_ joined #salt
01:28 chequers joined #salt
01:28 pm90__ joined #salt
01:28 chequers hi, I'd like to put a ssh key onto my server to run a git checkout, then immediately remove it. But I can't specify /key: file.present \n /key: file.absent due to 'Conflicting ID /key' error in my sls file. How can I do this?
01:29 VR-Jack2 use different id's and then use the - name: option
01:30 ITChap joined #salt
01:31 Tyrm joined #salt
01:32 chequers nice, thanks
01:32 chequers is the name option available for all states inherently?
01:38 VR-Jack2 chequers: yes
01:39 VR-Jack2 name by default is the id
01:41 yomilk joined #salt
01:42 dendazen joined #salt
01:46 favadi joined #salt
01:49 murrdoc best practices state to use explicit id
01:50 otter768 joined #salt
01:53 VR-Jack2 confuse me there, murrdoc. you mean not to use name, or to always specify a unique id and use name?
01:54 dthom91 joined #salt
01:54 murrdoc the latter
01:54 VR-Jack2 k. That's what I usually do. There are exceptions, of course, like when you pile a bunch of stuff under 1 id and then do dependencies on that id
01:55 VR-Jack2 I consider that to be advanced usage though, because it can be harder to troubleshoot problems
01:56 murrdoc u dont need requires uner the same ide
01:56 murrdoc id*
01:57 VR-Jack2 No, but it can be more concise piling all the services under a single id
01:57 murrdoc yes
01:57 murrdoc it is
01:57 murrdoc cant use the same module tho
01:58 claytron_ joined #salt
01:58 VR-Jack2 true, and for those not used to troubleshooting salt, it can lead to problems
02:03 dthom911 joined #salt
02:04 jaybocc2 joined #salt
02:06 zwi joined #salt
02:16 druonysus joined #salt
02:18 joehh bernieke: thanks for letting me know
02:20 sunkist joined #salt
02:25 forrest joined #salt
02:26 aparsons joined #salt
02:30 funzo joined #salt
02:31 aparsons_ joined #salt
02:34 Furao joined #salt
02:36 zsoftich2 joined #salt
02:38 breakingmatter joined #salt
02:38 evle joined #salt
02:43 claytron_ joined #salt
02:43 spark_ joined #salt
02:48 chequers how can I put both the creation & deletion under the real ID but still do something in between?
02:50 dendazen joined #salt
02:50 VR-Jack2 you can't. have to use - name:
02:51 VR-Jack2 well, you can. you could put a service between them and use - name: on it
02:51 VR-Jack2 messy, but would work
02:51 chequers oh, I see what murrdoc meant -- every resource should explciitly use name and have a human readable title
02:51 chequers that makes sense
02:52 VR-Jack2 yes
02:52 chequers another question: is there a way to install a bunch of packages at once? Currently each package install takes up two lines: package: pkg.installed: []
02:52 VR-Jack2 yes, there's a flag you pass to the first one at least. aggregate I think
02:54 chequers ah yes, there's a pkgs option which can be passed a list
02:54 VR-Jack2 http://docs.saltstack.com/en/latest/ref/states/aggregate.html
02:54 chequers do resource names have to be unique across a sls files, or just the current one?
02:54 VR-Jack2 You can do the list as well, but see this link
02:54 chequers reading
02:55 VR-Jack2 the id must be unique across all that get loaded
02:56 chequers thanks. aggregate + pkgs seems like the best solution
02:56 VR-Jack2 It is. I use it everywhere. That way no matter which different package files I load, it aggregates
02:57 chequers aggregation is simply for speed, right?
02:58 VR-Jack2 yes, calling the package manager is expensive because they do cache updates and stuff
02:58 VR-Jack2 So aggregation lets you do it in a single call
02:59 chequers salt is so much faster than puppet even when running with a master!
02:59 nitay joined #salt
02:59 VR-Jack2 dunno. never run puppet. salt is slow for me a lot of times. :(
03:00 otter768 joined #salt
03:00 chequers well I translate catalog that takes 30s of overhead in puppet and it's barely 10s overhead here :)
03:00 chequers (overhead = compared to similar dumb bash script)
03:01 womble Being faster than Puppet isn't anything to brag about.  Handing a printed checklist to an intern is often faster than Puppet.
03:02 VR-Jack2 the vm on my laptop took 15s to run a very simple state.sls
03:02 VR-Jack2 perhaps I'm just picky. lol
03:02 dthom911 joined #salt
03:02 VR-Jack2 some times I have to wait 45 seconds for something and get annoyed
03:07 nitay joined #salt
03:23 shadowsun Wow
03:25 wangofett joined #salt
03:27 wangofett So, I'm trying to setup a self-signed cert for docker on my machines... but I need to be able to restart the docker daemon after my file.managed state runs
03:27 wangofett I haven't been able to find a watch that would work
03:27 favadi joined #salt
03:27 bfoxwell joined #salt
03:28 claytron_ joined #salt
03:28 VR-Jack2 watch file name of file should work
03:28 wangofett oh, whoops... I guess docker *is* a service
03:28 * wangofett did cmd.run service docker status instead of cmd.run 'service docker status'
03:28 VR-Jack2 mhmm
03:28 auzty joined #salt
03:30 VR-Jack2 as a service, you could just use the service.running too
03:30 VR-Jack2 I often use listen_in from the file.managed with - service: servicename
03:35 holyzhou joined #salt
03:37 holyzhou hi guys, i got question , i write a template , but i find  Ã¢â‚¬â„¢{% set xms = grains['mem_total']/2 | int %} ‘  doesn't work, still return float type
03:37 holyzhou any ideas
03:37 alexanderilyin joined #salt
03:42 VR-Jack2 holyzhou try // instead of /
03:42 VR-Jack2 jinja for divide and return integer
03:42 VR-Jack2 trancated, not rounded
03:43 dendazen joined #salt
03:46 nethershaw joined #salt
03:52 subsignal joined #salt
03:58 ajw0100 joined #salt
03:58 vstoniest joined #salt
03:58 excise joined #salt
04:11 breakingmatter joined #salt
04:18 ITChap joined #salt
04:20 Tyrm joined #salt
04:24 ekristen joined #salt
04:25 clintberry joined #salt
04:36 malinoff joined #salt
04:40 bmcorser joined #salt
04:46 ITChap joined #salt
04:47 jalbretsen joined #salt
04:47 ramteid joined #salt
04:49 claytron_ joined #salt
04:52 MTecknology joined #salt
04:54 stoogenmeyer joined #salt
04:54 mosen joined #salt
05:05 Fiber^ joined #salt
05:06 capricorn_1 joined #salt
05:17 catpigger joined #salt
05:21 rdas joined #salt
05:22 Furao joined #salt
05:25 terratoma joined #salt
05:29 calvinh joined #salt
05:32 claytron_ joined #salt
05:34 holyzhou ok thanks
05:51 gcfhvjbkn joined #salt
05:56 colttt joined #salt
05:56 phw joined #salt
05:57 myrah111 joined #salt
05:58 myrah111 left #salt
05:58 phw What is the best practice to check a minion for the existence of a certain kernel module? Is there a command to check it inside my top.sls file and if it fails it returns an error? (If that is the case I usually have to manually fix stuff)
05:58 claytron_ joined #salt
06:00 breakingmatter joined #salt
06:01 jY phw: so you need to check of a file on a filesystem in top.sls?
06:02 phw jY: I have $n computers with certain hardware and want to check if kernel moduly $y is loaded. If it is not, I need a warning/red alarm;
06:02 phw jY: I already deploy stuff like the driver and packages via my top.sls file / salt in general.
06:02 jY in top.sls?
06:03 jY best thing to do is make a custom grain return True/False if the module is loaded
06:03 phw well the top.sls describes the computers and their roles / stuff to install;
06:04 otter768 joined #salt
06:04 phw jY: I can run ' sudo salt \* kmod.check_available SOMEMODULE' from the commandline - this works perfect
06:04 phw jY: But what I desire is a "everything is installed and ok" state for my machines.
06:05 jY ya custom grain will work
06:05 jY that returns True/False
06:06 phw jY: Yes, but how can put this into my top.sls file (so it runs as a part of highstate) - or is that the wrong approach
06:07 jY generally my top.sls is really simple based off host classes
06:07 jY https://gist.github.com/mzupan/0b39526bed986a13bc18
06:08 jY everything gets base  then depending on the urthecast_type which looks at the minion's hostname it gets what state file to load and things are included in there
06:08 katyucha joined #salt
06:13 lb1a joined #salt
06:20 kawa2014 joined #salt
06:22 subsignal joined #salt
06:23 jhauser joined #salt
06:25 phw jY: If I understand correctly that matches certain hosts (with that specified grains) to certain tasks - do I understand that right?
06:26 kawa2014 joined #salt
06:26 phw jY: What I want is something (written in code):    if grains.item(num_cpus) < 4: raise error("Broken computer")
06:27 phw jY: to check if all computers that I manage fullfill certain things (like RAM, Loaded Kernel Modules etc.)
06:34 pi3r13 joined #salt
06:40 ITChap joined #salt
06:42 dopesong joined #salt
06:50 stoogenmeyer joined #salt
06:52 ITChap joined #salt
06:52 krymzon joined #salt
06:53 AndreasLutro joined #salt
07:02 ITChap joined #salt
07:02 markm joined #salt
07:06 ITChap joined #salt
07:08 micko joined #salt
07:08 GreatSnoopy joined #salt
07:09 eseyman joined #salt
07:32 impi joined #salt
07:34 KermitTheFragger joined #salt
07:34 markm joined #salt
07:38 spo0nman joined #salt
07:38 gcfhvjbkn joined #salt
07:44 claytron_ joined #salt
07:44 bernieke has something changed in 2015.8 for file.recurse? I'm getting an error it can't find the file, but the filepath as it is printed starts with a pipe:
07:44 bernieke Unable to manage file: [Errno 2] No such file or d
07:44 bernieke irectory: u'|/var/cache/salt/minion/files/base/etc/rabbitmq/rabbitmq.config'
07:48 bernieke Also, errors are no longer shown in red, but green. Is this is a feature or a bug? We were actually grepping the salt-run output for the red ascii characters to determine failure, so it'd be helpful to know if I need to change that or not...
07:49 breakingmatter joined #salt
07:52 calvinh joined #salt
07:58 stephanbuys joined #salt
08:00 saltuser joined #salt
08:04 calvinh_ joined #salt
08:05 otter768 joined #salt
08:05 phw How can I write a simple test in salt? For example: I want to validate that a certain amount of RAM is inside a computer; The data I can get with grains but how can I automate that in my highstate?
08:06 katyucha phw: test.ping ?
08:07 babilen phw: What do you want to happen if that test "fails" ?
08:07 babilen (salt won't be able to upgrade your RAM)
08:07 phw babilen: the highstate should fail - or at least report the issue
08:08 phw babilen:  I know that I can not fix certain things with salt (therefore the example with ram) but I can test it with salt
08:08 phw babilen: Can i nontheless use salt for that?
08:08 babilen phw: You could use http://docs.saltstack.com/en/develop/ref/states/all/salt.states.smtp.html#salt.states.smtp.send_msg to send a mail within a block that tests the size of RAM
08:08 kbaikov joined #salt
08:09 calvinh joined #salt
08:09 jaybocc2 joined #salt
08:10 phw babilen: okay that is very cool! But how can I trigger that?
08:11 phw babilen:  I know about "onfail" - but my main problem is that I have no command/task for checking the amount of ram
08:11 babilen You can use grains for that?!
08:11 calvinh_ joined #salt
08:12 phw babilen: yes, and I know how to get the value of a grain from the servers commandline - but how can I do that in my sls file (that is what I am actually struggling with)
08:13 AndreasLutro download more ram!
08:13 babilen {% if grains['mem_total'] <= 666 %} send_mail_to_devil() {% endif %}
08:13 babilen http://jinja.pocoo.org/docs/dev/templates/#comparisons + http://jinja.pocoo.org/docs/dev/templates/#if
08:14 Xevian joined #salt
08:14 babilen phw: I mean it *really* depends on what you want to do .. that is just one idea
08:14 phw babilen: Ah! Perfect!
08:15 babilen The question now is: How do we get the highstate to fail?
08:15 phw well with test.fail_without_changes
08:15 phw https://github.com/saltstack/salt/blob/develop/salt/states/test.py
08:15 babilen exactly!
08:16 babilen Did that make it into a stable release yet?
08:16 babilen Ah, it did. Wonderful :)
08:16 phw babilen: Is a "stable release" in terms of "i rolled it out on productive machines"?
08:16 babilen That state was introduced in 2014.7.0
08:17 phw babilen: okay, soudns interesting
08:17 babilen http://docs.saltstack.com/en/latest/ref/states/all/salt.states.test.html#salt.states.test.fail_without_changes
08:18 phw babilen: I am on 2015.5.3 if that is your question;
08:19 Grokzen joined #salt
08:20 babilen Yeah, and 2015.5.3 >= 2014.7.0, so you are fine
08:24 phw babilen: thanky you very much for helping me out!
08:24 huwenfeng joined #salt
08:25 babilen You are welcome, have fun :)
08:26 babilen Oh, one more thing: You might want to set http://docs.saltstack.com/en/latest/ref/states/failhard.html
08:26 huwenfeng If I am using Syndic. The commands issued at the local Master(with Syndic) server, the result will return to the upper level Master? or Not?
08:26 phw babilen: just one more question about the namespacing: When i want to use a command like here: http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.kmod.html (kmod): how do i set it inside an "if"?
08:27 babilen phw: I'd combine that with a "- order: 0" to ensure that it is run first also ... http://docs.saltstack.com/en/latest/ref/states/ordering.html#the-order-option
08:27 phw babilen: Using 'if salt.modules.kmod.check_available  does not seem to exist
08:27 babilen phw: You wouldn't necessarily set it within an if, I'd set it earlier with "{% set foo = salt.kmod.....(...) %}" and then test the value of "foo" later on ...
08:28 babilen That would be salt.kmod.check_available not salt.modules.kmod.check_available
08:28 babilen http://docs.saltstack.com/en/latest/ref/renderers/all/salt.renderers.jinja.html#calling-salt-functions
08:28 phw babilen: ah! you are amazing!
08:29 babilen But you can do that "{% if salt.kmod.check_available .... %}"
08:29 phw babilen: that what i'll do
08:29 babilen Not sure I used that particular function in a conditional before :)
08:29 claytron_ joined #salt
08:30 phw babilen: well it all comes down to a misbahaving binary driver
08:30 babilen That little fucker!
08:30 s_kunk joined #salt
08:32 N-Mi joined #salt
08:32 phw babilen: hahaha
08:34 stoogenmeyer_ joined #salt
08:36 sunkist joined #salt
08:46 saltuser Hi! Is it possible to run state.sls so its output would not show up in job history or cache?
08:47 PI-Lloyd why on earth would you not want a history of jobs that have run?
08:47 jonasbjork joined #salt
08:47 Twiglet is it possible to do a pcre match in jinja?
08:48 Twiglet like {% if grains['id'] == [0-9]{5} %}
08:48 saltuser I want to set password for a user with salt, but i want to see it only once
08:48 babilen Twiglet: No, you need the power of Python's re module for that and jinja is so shitty that it doesn't allow you to include literal Python blocks
08:48 saltuser Different pass on every minion
08:49 Twiglet fair enough, cheers babilen
08:51 babilen Twiglet: This is one of my major problems with salt (exactly the "parse minion id" bit) and there are various approaches: 1. Write an execution module that parses the id for your 2. Write the SLS in another renderer (e.g. #!py or #!mako) 3. Complain bitterly to saltstack during a travel back in time, make them choose mako as default renderer and enjoy the new power!
08:52 Twiglet haha, I'll take a look at mako, might make my life easier in other places as well
08:56 gcfhvjbkn Twiglet: why don't you do something like {% if 0 <= grains["id"]|int(default=-1) <= 100000 %} instead
08:56 gcfhvjbkn not sure if "double comparison" (i mean a < b < c) works in jinja but you get the idea
08:56 babilen That doesn't ensure that it is five digits long
08:57 gcfhvjbkn hmm
08:57 Twiglet That's not really an issue, this is a temp kludge to try and recover some remote machines
08:57 Twiglet but they are the only machines with numbered hostnames so it could work
08:58 DanyC joined #salt
08:59 gcfhvjbkn anyways you can check for length separately if you need to
09:04 slav0nic joined #salt
09:05 stephanbuys joined #salt
09:30 bernieke fixed the bug with file.recurse: https://github.com/saltstack/salt/issues/26204
09:30 saltstackbot [#26204]title: file.recurse broken in 2015.8.0rc3 | relevant part of the state:...
09:34 claytron_ joined #salt
09:38 breakingmatter joined #salt
09:42 dendazen joined #salt
09:43 AndreasLutro bernieke: why is that the correct fix?
09:45 bernieke if look at how a regular file.managed passes through magaged, and how the recurse does it, that pipe is the only difference
09:45 bernieke so it seems to me that escape is not (or no longer) needed there
09:46 bernieke file.recurse now works for me
09:47 AndreasLutro I can't even recreate your problem, do you have funkily named files or something? have you checked your minion log?
09:48 AndreasLutro did you check what the result of salt.utils.url.escape(source) is via log.debug or something?
09:49 z3r0 joined #salt
09:50 bernieke yes, it gives salt://|etc/rabbitmq/rabbitmq-env.conf
09:50 bernieke which, looking at the source is exactly what it seems to need to do
09:50 bernieke but file.managed can't handle that
09:54 AndreasLutro seems like a bit of a rushed conclusion - file.recurse works fine for me with the latest 2015.8 head
09:55 jim__ joined #salt
09:55 bernieke it seems I made a mistake, I built from v2015.8 instead of 2015.8...
09:55 bernieke let me make a new built from the correct head, and retest
09:56 wryfi joined #salt
10:00 wryfi joined #salt
10:05 wryfi joined #salt
10:05 otter768 joined #salt
10:09 wryfi joined #salt
10:12 dheeraj-gupta-4 joined #salt
10:14 dheeraj-gupta-4 left #salt
10:17 wryfi joined #salt
10:19 CeBe joined #salt
10:20 irctc679 joined #salt
10:20 irctc679 Hey guys
10:21 jaybocc2 joined #salt
10:21 irctc679 I have written     service.running
10:21 CeBe joined #salt
10:21 irctc679 Even if the service is down on the server while runnign state I am getting "is already enabled, and is running"
10:23 OliverMT custom service?
10:24 OliverMT I am guessing its using service foo status to check if its running
10:25 kawa2014 joined #salt
10:28 irctc679 OliverMT: Yes
10:30 irctc679 OliverMT: status showing : service is dead
10:30 kawa2014 joined #salt
10:30 OliverMT I think it relies on exit codes
10:30 irctc679 OliverMT: hmm that might be the issue
10:31 irctc679 sig                 The string to search for when looking for the service process with ps
10:32 irctc679 OliverMT: I have given this option to avoid such issue
10:33 calvinh joined #salt
10:34 irctc679 salt-call service.status  <service-name>   ---> showing  False
10:35 claytron_ joined #salt
10:36 jaybocc2 joined #salt
10:42 calvinh_ joined #salt
10:46 calvinh joined #salt
10:46 forrest joined #salt
10:50 evle1 joined #salt
10:52 yomilk joined #salt
10:55 bernieke AndreasLutro: it indeed works fine on 2015.8 as opposed to v2015.8, I'll close the ticket and PRs
10:57 calvinh_ joined #salt
11:00 rofl____ still no news on 2015.8 features?
11:00 monkey66 left #salt
11:03 AndreasLutro bernieke: good to know :)
11:07 dingo joined #salt
11:09 scottpgallagher joined #salt
11:13 omegamike joined #salt
11:17 OliverMT some times, I fire up highstate
11:17 OliverMT and it just returns, no info at all
11:17 OliverMT is it because it times out? it happens especially with new boxes that needs a lot of installs
11:17 OliverMT nothing in logs or anything
11:17 the_lalelu joined #salt
11:18 Rkp OliverMT: same here actually. are you using a recent version of salt? it's not always with new boxes, with old ones too
11:18 OliverMT right now every salt call gives me 'salt' __virtual__ returned False
11:18 AndreasLutro that's the exact error?
11:18 OliverMT yes
11:18 OliverMT for all minions, with different sls
11:19 Rkp oh then no, in my case it just doesn't print anything lol
11:19 OliverMT that happened first
11:19 OliverMT then I got the virtual thing
11:19 OliverMT restarted salt-master now, just to see
11:20 AndreasLutro __virtual__ is a function used in states and modules to prevent them from loading in case of missing dependencies, 'salt' is not a state or module though..
11:20 OliverMT root@saltmaster:~# salt 'core-app03' salt.highstate
11:20 OliverMT core-app03:
11:20 OliverMT 'salt' __virtual__ returned False
11:23 AndreasLutro misleading error messages are the worst
11:24 AndreasLutro it's state.highstate, not salt
11:24 OliverMT LOL
11:24 OliverMT thanks
11:24 OliverMT I even did history|grep salt
11:24 AndreasLutro probably unrelated to your problem of no output :p
11:24 OliverMT just to check
11:24 OliverMT and brain couldnt see what was wrong
11:24 s_kunk joined #salt
11:25 AndreasLutro I get "'salt.highstate' is not available." so it may have been fixed in some version
11:28 breakingmatter joined #salt
11:28 XenophonF joined #salt
11:38 BradThurber joined #salt
11:38 rodio_ua joined #salt
11:46 banoss joined #salt
11:48 rodio_ua Hi everyone! Just in case anybody needs formula for installing ELK stack with kibana version 4, here is it: https://github.com/MacPaw/elk4-formula :)
11:52 rim-k sweet
11:53 XenophonF rodio_ua: you should ask to get that included in saltstack-formulas
11:53 amcorreia_ joined #salt
11:59 claytron_ joined #salt
12:00 rodio_ua Can anyone please help me get that included in saltstack-formulas?
12:02 stoogenmeyer_ joined #salt
12:03 rodio_ua left #salt
12:03 rodio_ua joined #salt
12:04 rodio_ua left #salt
12:04 sandy joined #salt
12:04 dopesong_ joined #salt
12:05 dynamicudpate joined #salt
12:05 rodio_ua joined #salt
12:05 _JZ_ joined #salt
12:06 otter768 joined #salt
12:08 stephanbuys joined #salt
12:09 bernieke I'm having a problem using multi-master on 2015.8
12:09 _JZ__ joined #salt
12:09 bernieke for multimaster I see: Initializing new AsyncZeroMQReqChannel for ('/etc/salt/pki/minion', 'node1', 'tcp://10.147.128.114:4506', 'clear')
12:10 bernieke whilst for singlemaster I have: Initializing new AsyncZeroMQReqChannel for ('/etc/salt/pki/minion', 'node1', 'tcp://10.147.128.138:4506', 'aes')
12:10 hasues joined #salt
12:10 bernieke the difference being the clear/aes at the end
12:10 bernieke in the multimaster case I get the error: [salt.crypt       ][CRITICAL][7369] The Salt Master server's public key did not authenticate!
12:10 bernieke which I think might have to do with the clear/aes thing?
12:11 hasues left #salt
12:15 dthom91 joined #salt
12:15 funzo joined #salt
12:16 dthom91 joined #salt
12:18 bernieke never mind, it's working now
12:18 bernieke not sure what the problem was, all I did was configuring the minions to singlemaster (both masters separately), and after that it started working multimaster as well
12:25 rodio_ua left #salt
12:25 DanyC rodio_ua: thx for the formula !
12:26 rodio_ua joined #salt
12:26 omegamike joined #salt
12:27 rideh joined #salt
12:30 bernieke seems the rewrite using tornado has fixed all our outstanding multi-master problems, nice job!
12:31 rideh joined #salt
12:31 rodio_ua left #salt
12:37 rodio_ua joined #salt
12:39 rodio_ua left #salt
12:39 rodio_ua joined #salt
12:39 AndreasLutro joined #salt
12:40 babilen yay!
12:40 s_kunk joined #salt
12:42 rideh joined #salt
12:42 banoss Hi all. I'm after some resources for testing state changes. Ideally some kind of static check before rolling anything out - like the puppet rspec type stuff perhaps? Any resources pls?
12:43 claytron_ joined #salt
12:44 rodio_ua left #salt
12:45 rodio_ua joined #salt
12:47 dthom91 joined #salt
12:47 dendazen joined #salt
12:48 jaybocc2 joined #salt
12:50 PI-Lloyd banoss: we test our states with jenkins + vagrant. Jenkins spins up a vagrant box with specific hostname/grains, pulls in the code to be tested and runs a state.highstate --local
12:50 dthom91 joined #salt
12:50 pm90_ joined #salt
12:53 PI-Lloyd obviously this runs the states on a clean system every time, so after the jenkins testing the states get deployed to our staging environment so we can see what impact changes will have on deployed systems.
12:53 dingo joined #salt
12:53 PI-Lloyd then, if everything went smoothly, it gets rolled into production
12:55 _mel_ joined #salt
12:55 pm90__ joined #salt
12:55 s_kunk_ joined #salt
12:56 bhosmer joined #salt
12:56 amcorreia joined #salt
12:57 rideh joined #salt
12:57 yomilk joined #salt
12:59 DanyC PI-Lloyd: a bit curious on this subject, how will you cover the use case with network latency, master/ minions deployed on different boxes using Vagrant ?
12:59 rodio_ua joined #salt
13:01 subsignal joined #salt
13:02 s_kunk_ joined #salt
13:02 CeBe joined #salt
13:02 subsigna_ joined #salt
13:03 breakingmatter joined #salt
13:03 jaybocc2 joined #salt
13:04 s_kunk joined #salt
13:04 gcfhvjbkn joined #salt
13:05 subsigna_ joined #salt
13:05 AndreasLutro DanyC: I don't think you should test that - that minions and masters talk to eachother is a configuration matter, and salt should already be testing that bit for you, all you need to worry about is states and custom modules
13:06 PI-Lloyd DanyC: It's more a case of testing the states actually work.
13:07 PI-Lloyd making sure that requisites work, make sure expected changes happen
13:07 PI-Lloyd the states themselves do not touch any minion configurations, all of that is done via salt-cloud
13:08 DanyC AndreasLutro, PI-Lloyd i see your angle, i was looking from a different one.
13:09 yomilk joined #salt
13:11 phpdave11 joined #salt
13:12 zwi joined #salt
13:17 fullermd joined #salt
13:17 mapu joined #salt
13:18 rodio_ua left #salt
13:18 rodio_ua joined #salt
13:18 rodio_ua left #salt
13:18 banoss Thanks. That is a standard pattern and we can deploy to a test env and run "acceptance tests" on deployed state, apps whatever which is cool. How about faster fedback loops - so testing only whats changed first before entering a more lengthy test run?
13:20 rodio_ua joined #salt
13:21 rodio_ua left #salt
13:21 DammitJim joined #salt
13:21 AndreasLutro for that you probably want a local vm where you can run arbitrary salt commands
13:22 PI-Lloyd ^^ we run local vagrant boxes for the state development, and call state.sls to test changes to specific things. When we are happy with that it gets tested and reviewed
13:22 rodio_ua joined #salt
13:23 cpowell joined #salt
13:23 jdesilet joined #salt
13:26 banoss thinking to have each state definition in its own repo in order to be able to trigger a job to test run just that state. Not thinking of another automated way to isolate at the moment - then run that state in isolation first as you say using vagrant or something locally.
13:26 murrdoc joined #salt
13:26 dthom91 joined #salt
13:27 aparsons joined #salt
13:28 DammitJim how do I add a gpg public key for a repository using salt?
13:28 aparsons_ joined #salt
13:28 dthom91 joined #salt
13:29 murrdoc key_url
13:29 DammitJim is it enough to just use key_url?
13:29 DammitJim thanks murrdoc
13:30 racooper joined #salt
13:33 rideh joined #salt
13:33 AndreasLutro banoss: while that will speed things up, it won't catch cases where two sets of states work alone but not together
13:34 DammitJim how do I get around this: http://pastie.org/10343907
13:34 DammitJim I thought I added the key_url
13:34 penguin_dan joined #salt
13:34 LtLefse joined #salt
13:36 pm90__ I think that user state accepts only password hashes and not the raw passwords...is that correct?
13:37 AndreasLutro pm90__: correct
13:37 banoss AndreasLutro : yep  - its the speed up trade off im looking at. And running integration/full testing further down the pipeline.
13:37 AndreasLutro pm90__: you can use the shadow.gen_password module to generate a hash at runtime, though
13:38 pm90__ AndreasLutro: sweet, thanks!
13:38 fullermd I get a "KeyError: 'group.members'" blowup any time I try running a group.present state that has a members: list that needs to do something.
13:38 fullermd Would it be reasonable to assume that's because there's no "def members()" in modules/pw_group.py (me being on FreeBSD)?
13:38 fullermd (and so I just Can't Do That?)
13:38 afics joined #salt
13:39 pm90__ AndreasLutro: how do I ensure that it is the same hash that is used by linux crypt function? I mean, I want the user to be able to login using the raw password string
13:39 AndreasLutro fullermd: seems likely!
13:39 AndreasLutro pm90__: make a test user and check for yourself I guess
13:40 rideh joined #salt
13:40 fullermd Bother   :(
13:40 RandyT joined #salt
13:40 AndreasLutro fullermd: ideally it should be defined but throw an exception or something for a nicer error message
13:41 drawsmcgraw joined #salt
13:42 fullermd Yeah, it'd be nice if it told me "can't do that on your platform" an hour ago, before a pile of tweaking around and trying to read a codebase I don't understand in a language I only vaguely speak   :|
13:42 * fullermd wanders off bugtracker-wards.
13:42 rideh joined #salt
13:43 mpanetta joined #salt
13:45 drawsmcgraw left #salt
13:45 dthom91 joined #salt
13:46 funzo joined #salt
13:49 claytron_ joined #salt
13:51 rideh joined #salt
13:54 DammitJim where does one normally find the gpg key for a repository?
13:54 andrew_v joined #salt
13:54 zwi joined #salt
13:55 bryguy DammitJim: For encrypted pillars?
13:55 DammitJim no, for an HP repo so that I can install an agent
13:56 DammitJim salt is not telling me why it won't install a package, but I do get this when I run this locally on the machine: http://pastie.org/10343907
13:56 bryguy Oh...that GPG key.  :)
13:56 murrdoc anyone have an example of a runner call in a reactor
13:56 bryguy What distro?
13:57 DammitJim ubuntu
13:57 XenophonF can i use relative includes in pillar sls files?
13:58 gimpy2938 joined #salt
13:58 VR-Jack2 fullermd: did you try addusers/delusers to see if either of those works?
13:58 gimpy2938 Does anyone know of a way to make salt check of a process and is running and run the process if it isn't?
13:58 DammitJim for java, I used debconf.set: - data: 'shared/accepted-oracle-license-v1-1... but I think that's just to accept the license (not the key)
13:58 drawsmcgraw joined #salt
13:59 fullermd VR-Jack2: They fail in similar ways.
14:02 AndreasLutro gimpy2938: you should make a service definition for it.. if not, just use cmd.script
14:04 hasues joined #salt
14:06 VR-Jack2 fullermd: Linux, OpenBSD and NetBSD seem to share a file
14:06 VR-Jack2 group.members is module groupadd.py
14:07 gimpy2938 AndreasLutro: It can't be a service, it's for stateless compute nodes who have no init/systemd system.  I don't see a cmd.script, did you mean cmd.run?
14:07 VR-Jack2 rather, groupadd.py virtual name is group, and it has a def members
14:07 AndreasLutro gimpy2938: both will work
14:07 otter768 joined #salt
14:07 AndreasLutro gimpy2938: you could write your own systemd service, it's quite easy. init scripts, not so much
14:08 VR-Jack2 ahh, because it's not FreeBSD. :(
14:08 ingslovak joined #salt
14:08 * fullermd nods at VR-Jack2.
14:08 fullermd Prexactly.
14:08 kawa2014 joined #salt
14:08 fullermd Free winds up in pw_group.py
14:09 fullermd (at least, AFAICT from the outside)
14:09 VR-Jack2 fullermd: yep. you're screwed. lol
14:09 VR-Jack2 that is correct
14:09 VR-Jack2 I don't know python, but I have gotten familiar with salt code. lol
14:10 VR-Jack2 now to check repo
14:11 masterkorp hello
14:11 Tecnico1931 joined #salt
14:11 masterkorp how do you guys use formulas that need custom nginx configs ?
14:11 fullermd I guess I'll have to put it on my todo list to hack in.  I expect to have some tuits available in September.  Of 2063.
14:11 stoogenmeyer_ joined #salt
14:11 masterkorp do you tell them to use nginx-ng formula and tell them to set pillar data as necessary ?
14:11 AndreasLutro fullermd: does `pw` support adding members to a group?
14:12 vando joined #salt
14:12 AndreasLutro masterkorp: if you want the formula to be truly decoupled from other states, then yes
14:12 masterkorp But i would like to set that for my users
14:13 masterkorp it makes sense
14:13 ajw0100 joined #salt
14:13 masterkorp i don't know what approach should i take here
14:14 AndreasLutro I would just not make it an independent formula
14:14 VR-Jack2 fullermd: create an issue. It's missing feature wise all the way through. Minimum, it should have the states and error out with unsupported message. However, if you know the pw groupmod flags to add/delete or set group memebers, include that
14:14 rideh joined #salt
14:14 fullermd AndreasLutro: Yep.  Also has a way to set a specific list of members too.  e.g. (untested, from a quick man read), `pw groupadd somegroup -M add,these`, `pw groupmod somegroup -M set,these`
14:15 fullermd Or maybe it's `groupmod -m add,these`.  I'd have to test (or at least read more carefully) to be sure.
14:16 AndreasLutro if you find out you could easily make a pull request, most salt modules are just concatenating strings into shell commands, running them and checking the return code
14:16 AndreasLutro and in my experience pull requests get looked at extremely fast :)
14:17 fullermd Probably.  Tuits to write up and test it, though, not quite as easy to come by   :|
14:17 VR-Jack2 we need 3 commands. add a user, remove a user and set the entire list.
14:18 AndreasLutro ah yes, members is not a simple add command...
14:19 VR-Jack2 but if you get us the example pw commands in the issue, someone will get around to writing it
14:19 VR-Jack2 We'll need to backport to 2014.7 too
14:19 fullermd I guess it's probably all under `pw groupmod` once the group exists.  -M set,these, -m add,these, -d del,these
14:20 XenophonF this is weird - in pillar, i can't use relative includes. i get the error "Pillar render error: Specified SLS '.mail' in environment 'base' is not available on the salt master"
14:20 fullermd 'll see if I can get time in the next couple days to do some tests to double-check.
14:20 spark_ joined #salt
14:20 VR-Jack2 yeah, just run some commands and post the info. Sadly, it may get written in by someone without freebsd. lol
14:21 zmalone joined #salt
14:22 gimpy2938 AndreasLutro: I don't get what I need to do, I guess I need to use cmd.watch to say "if process xyz is not running, run it" but I can't see how to do that at all
14:23 AndreasLutro gimpy2938: just find a shell command that does exactly what you want and make it into a cmd.run state - I can't help you with the shell script bit
14:23 Tecnico1931_ joined #salt
14:24 gimpy2938 AndreasLutro: That's what I was trying to avoid - custom scripts all over the place, shouldn't salt have some way to doing that same simple logic?
14:25 AndreasLutro gimpy2938: I don't think so, your use case seems fairly specific
14:25 AndreasLutro every time I want to make sure a process is running I just write a systemd service for it
14:25 Akhter joined #salt
14:26 Akhter joined #salt
14:27 xf10e joined #salt
14:27 xf10e tzag *
14:27 dopesong joined #salt
14:28 xf10e how long till Beryllium is released?
14:29 Sypher joined #salt
14:29 gimpy2938 Trying just to use process.absent to check a process it fails with a traceback, any clue what is wrong here?  https://gist.github.com/anonymous/5ae8de8bd455033a4b93
14:29 kulty joined #salt
14:30 nethershaw joined #salt
14:32 lumtnman joined #salt
14:34 zwi joined #salt
14:36 zmalone joined #salt
14:37 dthom91 joined #salt
14:38 hasues left #salt
14:40 VR-Jack2 fullermd: well, hopefully we can get some movement on this for the future. https://github.com/saltstack/salt/issues/26208
14:40 saltstackbot [#26208]title: Tracking issue: missing function detection | We need to have a process to detect missing or empty functions in the code base. This is especially true for the various operating systems or where docs has add a function that was missing but left it with just documentation....
14:41 PredatorVI joined #salt
14:41 VR-Jack2 I'm actually surprised lint can't find it
14:41 CeBe joined #salt
14:45 bhosmer joined #salt
14:45 spark_ joined #salt
14:47 venu0336 joined #salt
14:47 SheetiS joined #salt
14:52 zer0def joined #salt
14:53 claytron_ joined #salt
14:53 kaptk2 joined #salt
14:54 mkillebrew I have two groups of people to be using the same salt master, is there a better way to provide separation other than just group ownership of their directories in /srv/salt and wrapping sudo around it?
14:54 mkillebrew I can't seem to find any saltstack native mechanism to provide for multiple salt admin to execute only on their own subset of minions
14:54 jespada joined #salt
14:55 quasiben I thought there were mechanisms to handle multi-tenancy
14:56 godlike hello lads, does anybody know which are the steps to correct saltstack documentation? I got a long email (long story) from somebody regarding this (somebody who thinks I'm affiliated with salt). I can pm someone so as not to make too much noise here
14:57 jespada Hi, is there a way to merged pillars from 2 diff formulas, which have the same keys, lets say I'm a key roles, and I want it to end up with values myapp and tomcat that come from differentes places but are part of the formula through includes?
14:57 VR-Jack2 mkillebrew: http://docs.saltstack.com/en/latest/topics/eauth/index.html
14:59 zmalone godlike: I believe the docs are in https://github.com/saltstack/salt/tree/develop/doc , so maybe a pull request?
14:59 godlike nice, thanks zmalone
15:00 Brew joined #salt
15:01 buxy What's the proper syntax to run a command via reactor under another user? I tried passing "user/group" to "kwarg" key of local.cmd.run but it does not work.
15:02 clintberry joined #salt
15:02 funzo joined #salt
15:04 pm90_ joined #salt
15:04 mkillebrew VR-Jack2: That's perfect, thanks. Apparently my search terms were just poor
15:05 buxy Here's the precise syntax I tried that doesn't not work (it still runs as root):
15:05 buxy http://paste.debian.net/291341/
15:05 dthom91 joined #salt
15:06 VR-Jack2 buxy: runas perhaps?
15:07 pm90__ joined #salt
15:08 __jim joined #salt
15:08 buxy I think runas is obsolete...
15:09 VR-Jack2 hmmm. not sure. not much documentation on it outside of being a parameter in all cmdmod functions
15:09 sdm24 joined #salt
15:10 VR-Jack2 ahh. develop documentation had it
15:10 lumtnman I remember running into runas being deprecated in a few spots - not sure if its totally removed
15:11 VR-Jack2 lumtnman: which is strange because develop docs are the only ones that describe it's functionality.
15:13 djstorm joined #salt
15:13 Tyrm joined #salt
15:13 bhosmer_ joined #salt
15:16 VR-Jack2 buxy,lumtnman: in 2015.5.3 code runas is what is used in modcmd and nothing else that I can see
15:16 VR-Jack2 lines like: '' if not runas else runas
15:17 DanyC hi iggy, VR-Jack2 - yesterday we spoke aobut my slow minion registration. Before i update with with what i found, can you please tell me ( i know i've asked about it yesterday) if Master as part of "discovery" it does any reverse dns lookup on the minion's hostname?
15:18 VR-Jack2 DanyC: no clue here
15:19 dfinn joined #salt
15:19 fullermd left #salt
15:19 lumtnman @DanyC do you mean the minion is having trouble locating the master?
15:20 dezertol joined #salt
15:20 Grokzen joined #salt
15:20 VR-Jack2 lumtnman: he's disliking slowdowns on first minion runs
15:21 lumtnman VR-Jack2 that makes sense - I also feel like I saw this when doing pip package install states - but its been a few months
15:21 Grokzen joined #salt
15:21 VR-Jack2 Yeah, it may have gotten depreciated in other areas, but I think it's primary usage is modcmd
15:21 VR-Jack2 errr, cmdmod
15:22 lumtnman VR-Jack2 I mean, except for faster machines, internet connection, or efficient states - guess those are the biggies
15:22 lumtnman or just network stored resources you need for the builds
15:23 VR-Jack2 yeah, some things are just slow. pkg changes definitely are due to the underlying command.
15:24 lumtnman Ya for sure
15:24 VR-Jack2 There does seem to be a few slowdowns in the master/minion communication channels still. We need to work on them.
15:25 iggy DanyC: also no clue, but it wouldn't surprise me
15:25 lumtnman I still dont totally understand what causes some master / minion disconnections sometimes
15:25 lumtnman it would seem to revolve around firewall changes to the minion usually
15:25 VR-Jack2 If raet becomes the standard protocol, that will also change things up, but I think it has a ways to go
15:25 lumtnman but still sometimes leaves me scratching my head
15:26 iggy lumtnman: what version of salt?
15:26 wangofett I don't know how much this is technically in the realm of saltstack anymore, but http://stackoverflow.com/q/31945861/344286 is the weirdest problem I have ever come across
15:26 dthom91 joined #salt
15:26 VR-Jack2 lumtnman: if you use system-iptables then any reload of the table flushes the states and causes a disconnect
15:26 iggy most of the disconnection issues we saw are gone as of 2015.2
15:26 lumtnman Hahaha ya I learned that - kinda funny
15:26 wangofett and is preventing me from using salt to manage my docker images :-\
15:26 VR-Jack2 rhel7/centos7 switched to firewalld, which modifies active tables instead of flushing them
15:27 lumtnman Ya its been interesting trying to figure out how to modify the firewall during a run, and having those changes go live, without disconnecting from the master
15:27 lumtnman seems to work best to reload the firewall toward the end of a run
15:28 VR-Jack2 lumtnman: not sure how well it works, but my firewall change file has an event.send kick/me in it
15:28 kbaikov joined #salt
15:29 lumtnman VR-Jack2 O cool! I hadn't even run across this yet! Thank you!
15:29 lumtnman iggy - salt 2015.5.3
15:29 VR-Jack2 the idea of it was just to send a message to the master. master doesn't even do anything
15:29 lumtnman iggy - seems to have gotten alot better lately
15:29 VR-Jack2 kick_minion:
15:30 VR-Jack2 event.send:
15:30 VR-Jack2 - name: kick/me
15:30 VR-Jack2 - listen:
15:30 VR-Jack2 - service: iptables
15:31 Ahlee can somebody save me some digging and verify if mount.mounted actually tries to unmount/remount?
15:31 VR-Jack2 I also threw and init_delay: 3 into iptables service
15:32 lumtnman Ahlee I thought it just checks current mounted status of a volume
15:33 VR-Jack2 Ahlee: it appears to
15:33 Ahlee lumtnman: yes, I thought that would be the sane thing, too.
15:33 Ahlee VR-Jack2: thanks.
15:33 VR-Jack2 runs mount/unmount as commands
15:33 Ahlee needed that second pair of eyes
15:34 VR-Jack2 cmd = 'umount {0}'.format(name)
15:34 Ahlee guess who ran highstate mid day and was puzzled why their multi terrabyte nfs mount disappeared and then took forever to reappear ;)
15:35 lumtnman uh O
15:37 VR-Jack2 Ahlee: I don't think it is supposed to, though. you may be running into a bug
15:37 Ahlee probably. I'll step through this some more and open an issue if it is unexpected behavior
15:38 dthom91 joined #salt
15:38 lumtnman I have banged my head against the wall more than once in the last few months trying to make something work only to realize its a bug
15:39 dingo computers are hard
15:39 lumtnman dingo truth
15:39 dingo i've got a handlful bugfixes accepted upstream myself
15:39 dingo hurts
15:39 dingo i know
15:40 s_kunk joined #salt
15:41 VR-Jack2 Ahlee what fs mount type?
15:41 Ahlee VR-Jack2: NFS
15:41 Ahlee hold for state
15:41 lumtnman So there was some reason we ended up NOT using mounted state
15:41 VR-Jack2 ahlee: it should comment on changes if it does remount, though
15:41 lumtnman and maybe this is old school
15:42 lumtnman but we just chose to keep the correct mounts in /etc/fstab and then run 'mount -a'
15:42 lumtnman not as intelligent, but there was some problem we were running into at the time with mounted
15:42 ltsampros joined #salt
15:42 DanyC iggy, VR-Jack2  thanks guys. Do you know anyone inside the organization who could confirm?
15:43 zwi joined #salt
15:43 linjan joined #salt
15:43 ltsampros hey all! is this formula https://github.com/saltstack-formulas/nginx-formula broken?
15:43 VR-Jack2 DanyC: it's a huge code base. Confirmation would require reading the code
15:43 ltsampros I'm trying to use it on 14.04 and the nginx.ng part doesn't seem to work even with the example pillara data included
15:43 RedundancyD joined #salt
15:44 Ahlee oh god.
15:44 Ahlee oh god why
15:44 DanyC lumtnman: as VR-Jack2 said my prob is on the first minion run, right after it starts ( logs here http://paste.openstack.org/show/412447/)
15:44 Ahlee this admin is mounting nfs over top of nfs
15:44 dingo yeah mountpoints layer
15:44 dingo that probably fucks up the state then, huh
15:44 dingo great way to hide files, like hiding poop with newspaper layers
15:45 Ahlee so that's like four round trips
15:45 VR-Jack2 Ahlee: mount.mounted should have something in the returner, though. It is VERY verbose in the code
15:45 Ahlee VR-Jack2: yeah, i'm looking for the return now
15:45 lumtnman dingo - or taking a poop and putting a rock ontop? poop sammich - left only for someone to discover
15:45 DanyC VR-Jack2: i understand but i was expected, assuming a core developer will know this minimal requirement :) Anyway - i'll run 1 more tests to change the minion id into IP instead of DNS and that should confirm my theory. Will report back
15:45 Ahlee this was triggered via salt-api and it looks like somebody is playing with a new --return
15:46 Ahlee so i'm trying to trace down where this went.
15:46 VR-Jack2 hmmm. even with a different returner, doesn't it still return via the jobs_id?
15:47 Ahlee gotta find the jid for that :)
15:47 Ahlee we run a couple hundred thousand jobs through salt a day
15:47 Ahlee they get lost easily
15:47 VR-Jack2 ahh. yeah
15:47 Ahlee the jids, that is
15:48 sdm24 What returner do you use?
15:48 Ahlee oh goody, default returner was still triggered
15:48 Ahlee sdm24: me? mongo, for better or worse
15:48 VR-Jack2 probably have to run jobs.list_jobs through a quick script looking for function state.highstate and target blah
15:50 Ahlee usually list_jobs just times out
15:50 VR-Jack2 ouch. lol
15:50 iggy DanyC: I couldn't even confirm, so... probably not
15:50 green_ joined #salt
15:50 pipps joined #salt
15:50 iggy DanyC: oh, confirm that... does it matter?
15:51 green_ is there a way to save the response of cmd.run  to a variable to use in a test condition after?
15:51 sdm24 Ahlee: I haven't worked with mongo, but couldnt you search where  return like 'mount' or something like that
15:51 VR-Jack2 green_: sadly, a salt shortcoming.
15:52 sdm24 in mysql there is a salt_returns table in the Salt database that includes a return column
15:52 Ahlee sdm24: yeah, which is what i'm doing. When i tracked down the log the user specified a new --return they're working on, so I had to verify that gets appended to (good news, it does)
15:52 green_ mmm, that is too bad
15:52 DanyC iggy: it does cause if i know that my Salt Master must be able as part of the auth to reverse DNS my minion id = $HOSTNAME then i will have to change the logic in my states order
15:52 Ahlee well i mean, you can always just LocalClient and scan yourself
15:52 VR-Jack2 green_: they were working on some dynamic variable stuff, but I forget what it was called and probably not well documented.
15:53 Ahlee so, now just a .find({'minion':minion_id, 'fun':state.sls, 'arg':/state_name/})
15:53 Ahlee or something
15:53 sdm24 I think {% set var = salt['cmd.run']('your command') %} might work
15:53 Ahlee anyway, bbl
15:54 sdm24 although, from experience, that will set var as a string, even if the cmd output is a list
15:54 iggy DanyC: test it and see
15:55 green_ ok ill give it a try and see what happens i suppose
15:55 green_ i think a string will be ok
15:56 Fiber^ joined #salt
15:57 DammitJim joined #salt
15:58 green_ sdm24: could i pass a variable into the ('your command') portion somehow? not sure how syntax works there
15:59 icflournoy joined #salt
15:59 dthom91 joined #salt
15:59 sdm24 green_: I'm not sure
16:00 green_ hmnm ok
16:00 green_ thanks i'll keep poking around
16:00 yomilk joined #salt
16:01 sdm24 do you want a salt variable or environment variable?
16:01 green_ Salt variable. I think I may have gotten it. salt['cmd.run'
16:02 green_ ['cmd.run']( '{{ var 1 }} query {{var2}}')
16:02 sdm24 Let's say the variable is called 'Var2': {% set var = salt['cmd.run']('something' + Var2 + 'more stuff')
16:03 green_ the compiler didn't complain when i ran it, so i need to see if its still working but i think that was ok
16:04 rdutch joined #salt
16:04 sdm24 Yeah I will usually put any variables in the ID title, to make sure it was properly set
16:04 jalbretsen joined #salt
16:05 green_ thats a good idea. thanks, this is helpful
16:05 sdm24 glad I can help
16:05 iggy use ~ instead of +
16:06 cpowell_ joined #salt
16:07 sdm24 iggy: whats the difference? I have seen it both ways
16:07 xf10e bye *
16:08 otter768 joined #salt
16:08 zsoftich2 joined #salt
16:09 Seanny joined #salt
16:09 Seanny Anyone tried to bootstrap ubuntu 15.04 with systemd remove?
16:10 iggy sdm24: ~ coerce to string and append
16:10 iggy if you try to + an int, you'll get a type error, ~ will make sure it's a string first
16:10 sdm24 ah
16:10 sdm24 thanks
16:10 pdayton joined #salt
16:12 theologian joined #salt
16:14 dan_johnsin joined #salt
16:16 mrwboilers joined #salt
16:16 Seanny Does anyone know the line where it checks if systemd is present in install_salt.sh
16:18 funzo joined #salt
16:18 claytron_ joined #salt
16:20 jonasbjork joined #salt
16:21 jonasbjork joined #salt
16:23 Seanny Found it line 2016  if [ -f /bin/systemctl ] && [ "$DISTRO_MAJOR_VERSION" -ge 15 ]; then
16:23 CeBe1 joined #salt
16:24 wryfi joined #salt
16:25 gcfhvjbkn joined #salt
16:25 mrwboilers Pretty new to salt here. Having some installation issues using the bootstrap on CentOS 6 boxes. Worked fine on ubuntu 15.04.
16:26 mrwboilers Getting a couple different issues on the centos boxes.
16:26 mrwboilers one error: * ERROR: Failed to run install_centos_stable_deps()!!!
16:27 bhosmer_ joined #salt
16:27 mrwboilers On another box, the installation finished, but salt-minion won't start because it can't import a module called salt.scripts
16:31 z3r0 joined #salt
16:31 iggy check the salt-bootstrap issue tracker
16:32 jaybocc2 joined #salt
16:35 aparsons joined #salt
16:35 rideh joined #salt
16:35 MatthewsFace joined #salt
16:35 mrwboilers I think I've found one of the issues
16:36 Grokzen joined #salt
16:37 Bryson joined #salt
16:38 mrwboilers Another application installed it's own instance of python 2.7 and that was in my PATH during salt-install
16:38 mrwboilers Once I changed my path so that python 2.6 was being used, the minion installed and started up fine
16:38 mrwboilers This was for the issue in not being able to import salt.scripts
16:39 rm_jorge joined #salt
16:39 tiadobatima joined #salt
16:40 favadi joined #salt
16:40 capricorn_1 joined #salt
16:41 dthom91 joined #salt
16:43 CeBe1 joined #salt
16:44 amcorreia_ joined #salt
16:44 amcorreia joined #salt
16:45 KyleG joined #salt
16:45 KyleG joined #salt
16:47 chamunks joined #salt
16:57 dthom91 joined #salt
16:57 impi joined #salt
17:00 Seanny Logged https://github.com/saltstack/salt-bootstrap/issues/646
17:00 saltstackbot [#646]title: Systemd ubuntu 15.04 error | Hey we are using ubuntu 15.04 with up-start and not systemd which is enabled by default....
17:00 jondonas joined #salt
17:02 DanyC iggy: tested and there is no lookup doen on Master. I'll go down to the path of strace to see if i can get anything from this rabbit hole
17:04 vando joined #salt
17:04 Akhter Does anyone know if salt grains can contain contain a list within a dictionary?
17:05 Akhter Like the following output.  {'drive_list': ['  Vendor: DELL     Model: PERC H310        Rev: 2.12\n', '  Vendor: DELL     Model: PERC H310        Rev: 2.12\n']}
17:05 murrdoc joined #salt
17:05 murrdoc o/
17:05 murrdoc sup iggy and homies
17:09 jngd joined #salt
17:11 gwmngilfen joined #salt
17:16 writtenoff joined #salt
17:16 pdayton1 joined #salt
17:25 Akhter Never mind, I found a way.
17:29 forrest joined #salt
17:30 DammitJim joined #salt
17:31 druonysus joined #salt
17:32 rideh joined #salt
17:34 wendall911 joined #salt
17:36 khaije1 joined #salt
17:36 spark_ joined #salt
17:37 X67r joined #salt
17:42 quantumriff joined #salt
17:43 claytron_ joined #salt
17:44 CeBe1 joined #salt
17:46 sdm24 I ran a pkg.upgrade state but didn't run -l debug. 20 minutes later I haven't gotten a return but I don't want to interrupt the update if it is working
17:47 jonasbjork joined #salt
17:47 sdm24 Is it safe to ctrl C the run, if it is still updating?
17:48 rdutch crtl C will not stop the job, but you wont see results bqack unless you look in the job history
17:48 rideh joined #salt
17:48 sdm24 But  I will at least be able to do other things on my master
17:49 yomilk joined #salt
17:49 rdutch or open up a new session
17:49 GreatSnoopy joined #salt
17:50 icflournoy joined #salt
17:53 sdm24 is 30 minutes  a reasonable time for an upgrade. I don't think this minion has been upgraded in a while, if ever (Debian 7)
17:53 wangofett seems long to me...
17:53 wangofett but I don't have that much experience
17:54 wangofett and it definitely depends on what else it's doing and the speed of the net connection
17:54 rideh joined #salt
17:54 sdm24 I've been using this state on my ubuntu minions and it takes like 4 minutes max
17:54 wangofett I mean, if you have to d/l 30mb of dependencies and install 100 packages then it's going to take a while
17:54 wangofett s/30/300
17:54 sdm24 yeah
17:56 sdm24 history.log contains 2 entries: 1 for updgrading salt-minion, 1 30 minutes ago
17:56 sdm24 and it is a long list of ugprades
17:57 sdm24 oh and it just finished
17:57 sdm24 woohoo I didn't break it!
17:59 linjan joined #salt
18:00 icflournoy joined #salt
18:00 rideh joined #salt
18:02 Bart_ joined #salt
18:02 wangofett sdm24: congrats :) ;)
18:02 alexanderilyin joined #salt
18:02 Bart_ Hi guys, I know how to roder state in sls files. But how do I order sls files themselves, is the order in the TOP file followed ?
18:03 sdm24 Bart_: the general order is kept. The first state listed is run first, the second is run second, etc
18:03 dingo bart, yes
18:03 dingo everything is OrderedDict within
18:04 dingo embedded trees of OrderedDict, beautiful stuff
18:04 Bart_ And what about the >include' function in the sls files
18:04 rdutch bart, yes, but you could do a include in other sls files
18:04 Bart_ does this override the order
18:04 sdm24 once the first state with an include is hit
18:04 dingo https://teamcity-master.pexpect.org/tmp/controller01.highstate.png
18:05 dingo the require/include/etc.'s really make the run order
18:05 dingo it is determined at render time
18:05 surge__ joined #salt
18:06 sdm24 so if you have a top.sls with states the order 1, 2, 3, 4, 5,  and 4 includes 2, will 2 run between 1 and 3, or right before 4?
18:06 surge__ What’s the salty way of upgrading a package with pkg.installed from a remote source (e.g. S3) ?
18:06 dingo well '2' is already included at the top, firstly
18:07 dingo so it would become 1, 2, 4(if necessary), 3, 5
18:07 sdm24 ah
18:07 surge__ I replaced the source URL with a different path, but because jdk was already installed, salt did nothing instead of upgrading.
18:07 Bart_ good to know
18:07 dingo and 'if necessary' is dictated a bit by 'requires' and so on
18:07 dingo which you likely included so you could do salt.sls runs of an individual state file
18:07 sdm24 gotcha, thanks dingo
18:08 dingo best to explicit require, and not depend too much on salt state include file ordering, you forget over time, they bite you
18:08 dingo in that graph i previously shared, there are "floaters", users and so on, if somebody re-orders a file or include, it could become a failed state
18:09 otter768 joined #salt
18:10 sdm24 what is the legend for that graph? the boxes have different shades of blue/green
18:10 XenophonF sdm24: i make it a point to avoid dependencies among top-level SLS modules
18:11 katyucha joined #salt
18:11 XenophonF so if i have an apache.sls and an owncloud.sls at to top of my state tree, i consider it poor style if one specifies requisites that refer to states contained in the other
18:12 sdm24 I'm thinking because we have web servers that need apache, and other ftp servers with pureftp. I have states for both, but the pureftp servers need apache directories for the ftp user
18:13 Bart_ so you guys prefer ordering in the Top file instead of Includes everywhere I gues
18:13 XenophonF Bart_: yes
18:14 XenophonF sdm24: i don't know if this works for you, but in my case, i have separate SLS files that handle those cross-SLS dependencies
18:14 sdm24 will that include both the apache and pureftp state?
18:14 XenophonF so for example, just today i created one called clamav.amavisd, which uses states defined in both the amavisd and clamav SLSes
18:14 dendazen_ joined #salt
18:15 sdm24 kinda like a many:many table in SQL
18:15 XenophonF in those cases, no - i do not do includes
18:15 sdm24 oh
18:15 XenophonF that's right! exactly like a many-many table
18:16 notnotpeter joined #salt
18:16 XenophonF in that case  if you were to run the clamav.amavisd SLS on a minion without also running the amavisd and clamav SLSes, salt would return an error
18:16 XenophonF which is OK with me
18:16 sdm24 oh I see
18:16 sdm24 yeah you don;t need a /var/www/ftpuser directory if you don't have apache and pureftp
18:16 XenophonF to test that means doing things like `salt-call state.sls amavisd,clamav,clamav.amavisd saltenv=testing`
18:18 XenophonF here's a concrete example, sdm24 - https://github.com/irtnog/salt-states/blob/development/clamav/amavisd.sls
18:18 funzo joined #salt
18:19 sdm24 gotcha, thanks. I assume the packages are in clamav.sls and amavisd.sls
18:19 XenophonF yes
18:20 XenophonF except for that SLS, the two collections of states are wholly independent
18:20 sdm24 gotcha
18:20 sdm24 thinking about it like a CustomerAddress table in SQL really helped
18:22 XenophonF i used to use `include` but only within an SLS module, e.g., i used to have two SLSes named postfix.client and postfix.relay, where relay included and extended client---think object oriented programming, if that helps
18:22 XenophonF but it was too complicated
18:22 sdm24 yeah I have that too, but just for one state im too lazy to change
18:22 XenophonF i eventually rewrote my postfix module to where i could express both the client and mail relay configs in Pillar
18:23 XenophonF https://github.com/irtnog/salt-states/blob/development/postfix/init.sls (and related)
18:27 sdm24 Yeah I'm slowly doing that. Odd are a lot of these things can be hardcoded, but better safe than sorry
18:27 flebel joined #salt
18:27 XenophonF i still have a few cross-SLS requisites in my configs, mostly related to FreeBSD rc.conf settings managed via file.accumulated
18:27 sdm24 Although it does kinda complicate it for people who don't know salt
18:27 XenophonF but it's on my todo list to refactor those out
18:27 sdm24 slowly but surely
18:28 dthom91 joined #salt
18:30 wryfi left #salt
18:32 XenophonF fortunately, because states from SLSes get run mostly in order of their appearance in top.sls, I can do things like https://github.com/irtnog/salt-states/blob/master/top.sls#L176, while also expecting everything to work
18:35 capricorn_1 joined #salt
18:35 sdm24 yeah I have that where the splunk servers get server installed, and then below all linux boxes get client, but client.sls includes unless statements if server is installed
18:35 dthom911 joined #salt
18:36 XenophonF i haven't come up with a good way to express dependencies among minions
18:36 XenophonF maybe that's what mine is for
18:37 XenophonF i'm not any huges salt expert btw so take everything i say with... oh, nevermind
18:37 sdm24 zing
18:37 * XenophonF starts giggling madly to himself.
18:38 sdm24 but it is good to see how other people run their shops
18:38 XenophonF absolutely!
18:38 VR-Jack2 XenophonF: I generally modify pillar and sometimes use reactor. There's supposed to be a new variable database of some type out there that works better
18:38 XenophonF thanks for the clue VR-Jack2!
18:39 notnotpe_ joined #salt
18:41 XenophonF reactor looks really interesting
18:41 VR-Jack2 Another common mechanism is to just do shell checks
18:41 Fiber^ joined #salt
18:42 XenophonF true, but i always feel like i'm doing it wrong if i have to shell out from salt
18:42 VR-Jack2 presuming dependency is based on the remote server responding to the local minion's services, you should be able to check it
18:42 ajw0100 joined #salt
18:43 VR-Jack2 Well, depends on how you handle things. orchestrate does great multi-server ordered execution, but if you want a dynamic dependency, you have to shell it or set flags in pillar
18:43 Kelsar joined #salt
18:44 XenophonF i didn't know about orchestrate - will definitely rtfm
18:44 VR-Jack2 so with orchestrate, you could set up server A then move on to server B. But if you wanted B to setup reguardless of A and just have different values then you have to check for that or flag it in pillar
18:45 XenophonF gotcha
18:45 VR-Jack2 ie, db setup + client server setup is easy with orchestrate. Choosing dns servers for resolv.conf might be more dynamic
18:47 VR-Jack2 I mention DNS because it's a good one. You setup servers prior to the dns servers sometimes and they still need resolvers. But once your dns servers are setup, they change. ntp servers are another good one.
18:48 whytewolf I use pillar flagging a lot with orchestrate. as well as mine. like for ntp, I setup the ntp server first with orchenstrate. then the clients. the clients just mine the ntp server
18:48 claytron_ joined #salt
18:50 VR-Jack2 One reason I run into the issues is fresh installs. Baremetal server needs ntp/dns but those are virtuals that run on the baremetal OS. Then there's the dns/ntp servers themselves. mutual dependencies.
18:52 whytewolf yeah. ntp is the first thing setup in my configs [dns is handled externally so i can just use pillars for that]
18:53 murrdoc u can just ntpdate -ud pool.ntp.org
18:53 murrdoc at provision time
18:55 whytewolf my baremetel is provisioned by cobbler. and it does do that step. but the ntp server is still the first setup step cause the database is the second. and i hate skew
18:56 notnotpeter joined #salt
18:57 Gareth o/
19:00 kossy joined #salt
19:00 kossy joined #salt
19:01 Ahlee I won't leave you hanging Gareth \o
19:02 murrdoc \o/
19:04 aparsons joined #salt
19:04 whytewolf /o\
19:05 bhosmer_ joined #salt
19:05 sdm24 <o>
19:05 ajw0100 joined #salt
19:06 viq joined #salt
19:09 Gareth Ahlee: ;)
19:10 Gareth er.  that should have been a :) Not trying to get fresh here.
19:10 Ahlee murrdoc: you're dead to me, again
19:10 jonasbjork joined #salt
19:11 murrdoc Ahlee:  parental units in town, wife in week 39
19:11 murrdoc i cant make the case for a salt meetup
19:11 dthom911 joined #salt
19:11 Ahlee likely excuses :P
19:11 Ahlee congrats, though
19:11 X67r joined #salt
19:11 murrdoc no lil dude yet
19:11 murrdoc waiting
19:12 Ahlee wait
19:12 Ahlee 9 * 4 is 36
19:12 bhosmer_ joined #salt
19:12 Ahlee carry the 3...
19:12 Ahlee that poor woman.
19:12 surge__ So anyone have any ideas of upgrading packages via remote sources? sources: - jdk: old_version_s3_url  changed to —> sources: - jdk: new_version_s3_url
19:13 surge__ That doesn’t work as intended.
19:13 surge__ Says jdk is already installed, which it is =/
19:13 kossy joined #salt
19:14 surge__ But obviously I want to upgrade in place without doing a uninstall then reinstall
19:19 funzo joined #salt
19:19 sdm24 pkg.latest?
19:20 surge__ sdm24: The latest java minor version isn’t available via yum, so that’s a no go.
19:21 sdm24 can you use sources or fromrepo?
19:22 surge__ sources, no. fromrepo yeah, but it’s oracle java and it has that license agreement wall
19:22 surge__ So that’s why I downloaded it and posted to S3.
19:22 sdm24 gotcha
19:24 spark_ joined #salt
19:24 surge__ sdm24: already on their radar apparently https://github.com/saltstack/salt/issues/24738
19:24 saltstackbot [#24738]title: How does state pkg.installed update the installed pkg with sources? | Here is my state:...
19:24 pipps joined #salt
19:24 sdm24 word
19:25 sdm24 you could maybe try to create your own repo file similiar to the windows repo
19:25 pdayton joined #salt
19:26 GreatSnoopy surge__, I myself do not count on rpms for java any more. Instead, i fetch the .tar.gz which is also not eula-walled (simple tar.gz) and unpack it in /opt/jdk-version, which is quite safe. Then, for selectinc which one the application(s) use i play with application's environment (usualy a locally deployed java.env) which sets JAVA_HOME and adds the $JAVA_HOME/bin to the $PATH. Much simpler to maintain
19:27 dthom911 Has anyone in here found a good approach to managing negative states, especially in the case where you remove a grain like a role?
19:27 aron_kexp joined #salt
19:28 pdayton1 joined #salt
19:28 sdm24 I don't use them regularly, but lots and lots of if statements and unless and onlyif requisites
19:28 surge__ GreatSnoopy: yeah, I was just taking up the old SLS file from my predecessor and wanted to complete this w/ the minimum amount of work but i guess the symlink from /opt/java-1.7_u80 to /opt/java will have to do. Thanks
19:29 nethershaw joined #salt
19:29 SheetiS dthom911: I typically try and have an 'absent' state that would be assigned that ensure the packages/configs/etc are removed.
19:31 dthom911 SheetiS: that's what I'm leaning towards too… thinking about the most elegant approach. Most config mgmg tools have a similar blind spot. The only one I've used that manages this well is Radmind, but that comes at a steep expense in terms of micromanagement.
19:32 claytron_ joined #salt
19:33 SheetiS Here's a quick and dirty in a formula: https://github.com/saltstack-formulas/vim-formula/blob/master/vim/absent.sls.  You'd need to do similar things with managed files or other bits as well.
19:33 DanyC joined #salt
19:33 ajw0100 joined #salt
19:34 sinonick joined #salt
19:35 SheetiS I have a 'cleanup' state for my /etc/sudoers.d that has a list of all sudoers.d managed files possible and basically says if the role pillar for that sudoer is not assigned, then make the file absent.  You could do something like that, but it would become very expensive computationally across a large number of states and hosts.
19:37 yomilk joined #salt
19:39 sinonick joined #salt
19:40 dthom91 joined #salt
19:41 Slimmons joined #salt
19:41 dthom91 @SheetiS: Thanks, I think that absent.sls is exactly what I was looking for. I like the way that it's sublimated into the individual states. It's basically a destructor
19:42 Slimmons if I run a command using cmd.run, in a state file, then it wan't user input (Like, select a language ar, az, bg, bs,en, etc...), how do I get it to run the command, then select a language in the state file?  A link to documentation would be acceptable
19:42 Slimmons I am probably just googling the wrong thing, and cmd.run didn't seem to have anything
19:42 sdm24 echo
19:42 manfred Slimmons:  you can't really do that, you can use echo and pipe to it, or you can use <<< here strings
19:42 sdm24 make the cmd.run a multiline string with |
19:43 manfred but it would need to be able to run using stdin
19:44 nethershaw joined #salt
19:45 Slimmons thanks, the echo worked
19:45 Slimmons just used \n to select default, and it seems to like it
19:45 sdm24 nice
19:45 sdm24 I have a couple states when creating users and keys and the like, where I need to echo either a password or "Y' or something
19:48 forrest sdm24: Commands which don't have a -y option or something to assume yes make me sad
19:48 ingslovak joined #salt
19:49 forrest GreatSnoopy, surge__: I wrote this for java if you need it from oracle: https://github.com/gravyboat/download-java, might have to update the cookie though but that is easy.
19:54 cro joined #salt
19:55 sdm24 does anyone know, before I break my minions, will pkg.upgrade overwrite config files, since -y is passed through?
19:56 jonasbjork joined #salt
19:56 forrest sdm24: Your package manager should recognize the files and either back them up, or crate the new ones with an appended prefix
19:57 Mate apt defaults to keeping current config
19:57 sdm24 but with the -y option, won't it answer yes and overwrite the old config?
19:58 iggy that's no
19:58 iggy yes is keep
19:58 iamtew joined #salt
19:58 sdm24 oh
19:58 sdm24 good
20:00 whytewolf what package manager asks? most just add a file to the side that you use to compare and add new settings with. as a seperate function. cause they understand rebuilding your configs is a pain.
20:02 sdm24 apt asks
20:02 pfallenop joined #salt
20:03 whytewolf in debian? in ubuntu i have only seen it ask about grub
20:04 sdm24 I believe in both
20:04 sdm24 but definitely in debian
20:06 dthom91 joined #salt
20:06 LtLefse pretty sure it will never ask anything if stdin is not a tty
20:07 whytewolf LtLefse: not true. it still asks if you want to actualy perform the upgrade. you have to pass -y or it will not and will hang
20:07 LtLefse huh, okay
20:08 whytewolf I have had many cloudinit scripts hang because of that
20:08 dingo i hate programs that don't check isatty(3) and hang
20:08 |Fiber^| joined #salt
20:09 dingo yes | do it
20:10 otter768 joined #salt
20:11 sinonick joined #salt
20:14 cliluw joined #salt
20:15 omegamike joined #salt
20:17 aparsons joined #salt
20:18 claytron_ joined #salt
20:19 rdutch left #salt
20:24 aparsons joined #salt
20:29 aparsons joined #salt
20:35 programmerq joined #salt
20:36 pdayton joined #salt
20:37 sinonick joined #salt
20:38 yomilk joined #salt
20:40 dyasny joined #salt
20:42 XenophonF what really grinds my gears is the postfix package on freebsd, which has an interactive prompt in its post-install script
20:42 XenophonF which reminds me, i need to check on that bug report
20:44 Tyrm joined #salt
20:45 pipps joined #salt
20:47 aron_kexp joined #salt
20:47 pdayton1 joined #salt
20:49 forrest XenophonF: /facepalm
20:49 forrest why on earth would it have that?
20:49 forrest one more reason not to use freebsd I guess.
20:50 XenophonF it prompts the user to activate postfix in /etc/mail/mailer.conf
20:50 forrest wow
20:50 XenophonF technically, you can install postfix along side the base sendmail
20:51 XenophonF i say, stick the activation instructions in pkg-message and let the end user take care of post-install crap like that, which is SOP for most ports requiring post-install customization
20:52 khaije1 is the new GUI talked about in the SaltStack Enterprise open source, and where can I find more info about it?
20:53 GreatSnoopy if one really really wants to get over that, i think its a job for expect
20:53 whytewolf khaije1: http://saltstack.com/saltstack-enterprise-4-0-now-with-gui/
20:53 baweaver joined #salt
20:54 Slimmons Hey guys, having a weird problem, where running a cmd.run in a salt state, errors out, with a weird error, but if I run it directly on the machine, it works fine..... any ideas?  Here's the state/errors https://gist.github.com/johnsimmons/d358ecc84188ddc14839
20:54 khaije1 whytewolf: anything a little more technical a/o revealing? That link is heavy on the marketing-ese ...
20:54 baweaver_ joined #salt
20:55 iggy khaije1: it is not open source
20:55 whytewolf khaije1: exactly the point. the gui afaik is not open source. and is only avalible with enterprise
20:56 XenophonF Slimmons: i'm guessing your bundle install command calls sudo
20:56 XenophonF which expects a terminal
20:56 VR-Jack2 I'm of the opinion that people didn't want a gui, given there's 2 depreciated ones
20:56 dopesong joined #salt
20:56 GreatSnoopy Slimmons, i would say that user simmons would not have permissions  to read that gem file
20:56 XenophonF might have to run that cmd.run state with vtutils or something
20:57 Slimmons GreatSnoopy: when i go into the terminal, logged in as user simmons, with no sudo, it works though.
20:57 XenophonF also the sudo in `sudo gem install bundler` is redundant
20:57 XenophonF hasta
20:57 XenophonF left #salt
20:57 Slimmons XenophonF: If I leave the sudo out, it doesn't work
20:58 Slimmons XenophonF: or did you mean specifying root, and adding sudo
20:58 GreatSnoopy aa this  sudo: no tty present and no askpass program specified
20:58 Slimmons XenophonF: ok, i see what you mean...makes sense
20:58 GreatSnoopy the sudo called by bundle install fails because sudo expects to ask for the password/or to have a tty
21:00 dezertol joined #salt
21:02 Slimmons GreatSnoopy: So what do you think the solution is?  How would I make that state work?  I specify the user as simmons, it shouldn't be trying to run as sudo should it?
21:02 jonasbjork joined #salt
21:03 aparsons joined #salt
21:04 claytron_ joined #salt
21:05 GreatSnoopy Slimmons, on one hand, as i understand the blunder needs to install as root anyway, so at least for the scope of salt I don't see why you would need to run as user simmons just to sudo back to root when you can run as root in the first place. The only cenario is some smarter scheme where just some files are processed as root and the others as simmons
21:06 yomilk_ joined #salt
21:06 GreatSnoopy that being said, you have to check two things : your sudo config for simmons (you would need nopasswd for that )
21:06 GreatSnoopy and eventually the requiretty sudo configuration
21:07 GreatSnoopy but really, running as root (minion) that changes to simmons as requested by state and that goes back to root via sudo - you may want to check if that's really how you need it
21:09 Slimmons Cool, I'll try some stuff.  I was running bundle as non root user, because it gives warnings not to use as root, and if I do, it breaks a lot of stuff.  So I always have been installing bundler as su, then going back to standard user for the rest.
21:09 Slimmons I'll try some different stuff though.
21:10 GreatSnoopy if you want to run as simmons, then ok, but configure sudo to allow simmons to execute stuff as root without being required a password
21:11 GreatSnoopy when you run as simmons, by hand does it ask for a password at some point ? password of user simmons ?
21:12 Slimmons That confuses me (which isn't surprising b/c of how noob i am) because when I'm in the terminal on the actual machine, I can run the bundle install as simmons, and it doens't ask me for password or anything, it just runs everything fine.
21:12 Slimmons sorry, didn't see what you had written, but i answered you in that.  No , it doesn't ask for anything
21:15 GreatSnoopy what do you have in sudoers and sudoers.d/  ?
21:17 Slimmons it's the default settings for ubuntu.   root all=(all:all) all       admin ALL=(all) all         sudo all=(all:all) all
21:18 VR-Jack2 you have to have NOPASSWORD in there
21:18 GreatSnoopy yup :)
21:18 VR-Jack2 it remembers for a session
21:18 VR-Jack2 but salt isn't sharing your session
21:20 DanyC iggy, VR-Jack2 Guys i got to the bottom of my delay issue.... if i have in my minion config id: danidc-lb-0 but the hostname is not resolvable - host danidc-lb-0 hangs then you get this delays as it tries N times based on the # of nameservers in resolv.conf And if you don't have any timeout params mentioned in /etc/resolv.conf then the default linux timeout s** in/ out
21:20 tkharju joined #salt
21:21 DanyC anyone has any idea why the minion does need to resolve its own hostname ?
21:24 NOTHiNG_Fr joined #salt
21:27 VR-Jack2 DanyC: hostname isn't resolvable or the minion_id?
21:31 DanyC VR-Jack2: to be more clear, my minion cfg is cat /etc/salt/minion master: salt.servicei log_level_logfile: debug id: danidc-vci1-lb-0 . the value assigned to the id is not resolvable when running host danidc-vci1-lb-0 on the minion VM itself
21:33 GreatSnoopy DanyC, and if you put it in /etc/hosts ?
21:35 pdayton joined #salt
21:35 DanyC GreatSnoopy: the minute i put in /etc/hosts or is resolvable by the nameservers mentioned in /etc/resolv.conf OR i add in /etc/resolv.conf options timeout:1 & options attempts:1 things works as it should within less than 1 sec
21:36 aron_kexp joined #salt
21:36 ltsampros Hey all
21:36 ltsampros is anyone using git.latest on 2015.5.3 ?
21:36 DanyC GreatSnoopy: but still i don't get it why is this hard requirement for the minion hostname to be resolvable ?
21:36 ltsampros getting a weird KeyError: git.latest by the lazy loader
21:37 sinonick joined #salt
21:38 GreatSnoopy DanyC, well, put it in hosts. I'm not sure why in this case the minion wants to resolve its name, but there are plenty of apps that do not work if they are not able to resolve their own hostname for (for example) binding a socket on the proper interface. I myself always put the hostname of the machine in hosts in some form or another
21:38 venu0336_ joined #salt
21:41 DanyC GreatSnoopy: well to sort it out the hosts file will not be the solution. I'll fix my search domain and job done BUT to me it sounds like a BUG either in the code or in the documentation. I'd appreciate if anyone from dev core team can provide an answer
21:41 venu0336 joined #salt
21:43 NOTHiNG_Fr left #salt
21:46 iggy DanyC: you should file a bug, maybe the devs can code in a workaround
21:46 iggy or at least a log message
21:46 DanyC for example i just found a formula which iggy contributted exactly for this use case but yet not sure the rational of having it.
21:47 DanyC iggy: i'll do for sure, and will report back here
21:47 amcorreia joined #salt
21:47 pdayton joined #salt
21:49 druonysuse joined #salt
21:49 druonysuse joined #salt
21:49 VR-Jack2 Well, to be fair, minion_id is not a hostname. It is arbitrary and shouldn't be checked. It can be the same as hostname. that is all
21:50 VR-Jack2 the actual system hostname should be able to resolve. All sorts of bad things happen when that doesn't work
21:52 iggy DanyC: what?
21:53 DanyC iggy: i forgot to add the link, sorry https://github.com/saltstack-formulas/hostsfile-formula
21:55 DanyC iggy: eitherway i'll dig and find out why is required and hoepfully others won't get into same situation like me ;)
21:55 GreatSnoopy DanyC, so you are sure that the minion looks up its own name, right ? not the master's name for ex
21:56 DanyC GreatSnoopy: correct, 100% i'm sure
21:57 DanyC GreatSnoopy: master's name it was resolvable from day 1
21:57 iggy oh, I didn't add it, I just merged the most recent PR
21:58 druonysuse joined #salt
21:58 DanyC iggy: i take it back then ;)
22:02 jaybocc2_ joined #salt
22:03 GreatSnoopy DanyC, and it hangs at every state/command or just at the first loading up of the minion ?
22:05 funzo joined #salt
22:07 Slimmons joined #salt
22:11 yomilk joined #salt
22:11 otter768 joined #salt
22:13 sunkist joined #salt
22:19 writteno2f joined #salt
22:22 ninkotech__ joined #salt
22:23 Kelsar joined #salt
22:28 claytron_ joined #salt
22:28 zz_Cidan joined #salt
22:30 sunkist joined #salt
22:31 z3r0 joined #salt
22:33 pdayton joined #salt
22:34 omegamike joined #salt
22:37 pdayton joined #salt
22:46 TyrfingMjolnir joined #salt
22:54 bmay joined #salt
22:54 bmay left #salt
22:57 dthom91 joined #salt
23:00 dthom91 joined #salt
23:03 zwi joined #salt
23:06 ajw0100 joined #salt
23:10 capricorn_1 joined #salt
23:18 MatthewsFace joined #salt
23:24 dendazen joined #salt
23:30 pm90_ joined #salt
23:32 jY joined #salt
23:33 dthom91 joined #salt
23:34 claytron_ joined #salt
23:35 omegamike joined #salt
23:35 dthom91 joined #salt
23:43 pdayton joined #salt
23:44 baweaver joined #salt
23:45 baweaver_ joined #salt
23:47 ajw0100 joined #salt
23:53 Bryson joined #salt
23:58 mosen joined #salt
23:59 kevinquinnyo joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary