Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2015-08-13

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:00 whytewolf third time is a charm emnot3
00:00 twork whytewolf: we are indeed on to something. "Comment: The named service bind_restart is not available"
00:00 emnot3 Eh my Internet's bad down here
00:00 emnot3 I appreciate the acceptance, though
00:00 emnot3 I feel loved
00:01 whytewolf emnot3: no problem you can read about saltstack here http://saltstack.com/community/
00:01 twork i was going to be looking into that later on, after i'd tracked this down
00:01 twork (...and being confused, probably.)
00:01 whytewolf twork: yeah, looks like something is blowing up your map,jinja
00:02 twork ok, i haz a clue. a cloo, i haz one.
00:02 whytewolf hehe
00:03 twork heh: and it may be as simple as the fact that the fomrula i'm cribbing from does indeed refer to its service as 'named', more than once
00:03 twork i fix...
00:05 hattusili_III joined #salt
00:05 twork well... "Comment: The file /etc/logrotate.d/['bind9'] is set to be changed"
00:06 twork so that's progress
00:06 whytewolf that is ... progress. what did you change?
00:06 twork still don't like those brackets but, at least we're on the trail
00:06 omegamike joined #salt
00:07 whytewolf the brackets are the result of a list being outputed in whole.
00:07 twork whytewolf: https://gist.github.com/mjinks/eec1d7bf2c1ec1b515ab
00:08 whytewolf AHAH! the culprit.
00:08 emnot3 joined #salt
00:08 twork yes?
00:08 twork hooray!
00:09 twork that 'bind9' was 'named' when i consuled this oracle, as you can probably guess by now
00:09 whytewolf just posted a comment to your gist
00:09 whytewolf btw, a line starting with - means it is an item in a list
00:10 twork ah... do "lists" with single elements get misinterpreted when they only have the one... yeah
00:10 twork i think i read that somewhere. early in this adventure.
00:10 hattusili_III left #salt
00:10 twork i bet that's screwed up elsewhere here
00:10 emnot3 so saltstack is just fast server shit?
00:11 twork quite.
00:11 whytewolf emnot3: it is like puppet, chef, or ansiable. meant to help devops deploy things quickly and keep order when you have to maintain hundreds/thousands of servers
00:11 twork welcome to our lives, emnot3. wanna stay?
00:12 emnot3 interesting
00:12 emnot3 i don't know, i just came here because someone on another channel linked to here
00:12 RickCH It can do more than puppet/chef but that is the easiest way to start to understand saltstack
00:13 emnot3 I don't know what puppet nor chef is
00:13 twork that's a good start...
00:13 twork (he said, helpful as ever)
00:13 whytewolf lol
00:13 emnot3 lol
00:13 whytewolf puppet and chef are what HR people like to say on job offers so they sound smart when they really mean deployment tools
00:14 emnot3 I'll take your word for it
00:14 RickCH what was the link for?
00:14 RickCH that brought you here?
00:15 emnot3 some guy was talking about how they had no idea what this channel is for
00:15 RickCH Ha well now you know.
00:15 emnot3 yes
00:15 whytewolf and knowing is half the battle
00:15 RickCH Advanced configurations and server management
00:15 emnot3 so just making internet faster?
00:16 whytewolf that would be networking
00:16 emnot3 and easier to connect
00:16 twork whytewolf: the other day when i was here with my hat in hand, i was advised to file a bug on that fomrula. ought i here as well?
00:16 emnot3 and shit
00:16 emnot3 sorry, i'm not an IT person
00:16 twork and shit
00:16 twork yes
00:16 emnot3 I do math
00:16 twork GAH
00:16 * twork recoils
00:16 emnot3 and practice surgery
00:16 whytewolf twork: I would say so.
00:16 RickCH I use it to manage 2500+ servers and services, including aws and HDS cloud.  Not just internet faster.
00:16 coval3nce Is there a good way to remove a package if it is older than a specific version?
00:16 jvblasco joined #salt
00:18 emnot3 Does Marc Chenn come into this chatroom?
00:18 emnot3 Or Thomas Hatch?
00:18 emnot3 Or Dave Reardon?
00:18 TheoSLC joined #salt
00:18 emnot3 Or Rhett Glauser?
00:18 emnot3 Or Jeff Porcaro?
00:19 whytewolf i think i have seen a thatch in here at one time.
00:20 RickCH Thomas Hatch is here
00:20 emnot3 Where?
00:20 RickCH He is like the author/founder of salt
00:20 emnot3 I know, is he in this chat?
00:21 RickCH No idea, I used to chat with him in here.
00:21 RickCH dang that was like 3 years ago
00:21 Gareth Tom hasn't been in here for awhile, too distracting for him.
00:21 emnot3 Cool
00:21 emnot3 That must have been an amazing experience
00:22 emnot3 That's a shame.
00:23 quasiben joined #salt
00:24 claytron_ joined #salt
00:25 nzero joined #salt
00:25 baweaver joined #salt
00:25 zzzirk joined #salt
00:29 shaggy_surfer joined #salt
00:33 emnot3 joined #salt
00:36 VR-Jack bleh. finally just turned off the salttest and let the package be whatever it is
00:37 emnot3 joined #salt
00:46 nzero joined #salt
00:48 edrocks joined #salt
00:50 pm90_ joined #salt
00:53 synical joined #salt
00:54 sunkist joined #salt
00:54 rabbitheart joined #salt
00:56 bytemask_ joined #salt
00:57 gimpy2938 joined #salt
00:57 shaggy_surfer joined #salt
00:58 Laogeodritt joined #salt
00:58 jeblair joined #salt
00:59 lz-dylan joined #salt
01:01 bfoxwell joined #salt
01:02 TheoSLC joined #salt
01:02 mattl joined #salt
01:02 benvon joined #salt
01:02 alexhayes_ joined #salt
01:03 lude joined #salt
01:03 alexhayes_ Is anyone else having issues with the bootstrap-salt.sh script? I'm just trying to install stable and get: ERROR: You need to allow pip based installations (-P) in order to install the python package 'tornado >= 4.0'
01:04 Cidan joined #salt
01:04 pizzahead joined #salt
01:06 alexhayes_ thing is, this didn't used to happen
01:06 alexhayes_ (of course...)
01:09 alexhayes_ Mmm, found this https://groups.google.com/forum/#!topic/salt-users/7uhgNqPoZSA
01:09 claytron_ joined #salt
01:11 theologian joined #salt
01:12 __number5__ hmm tornado is required by default now?
01:12 baweaver joined #salt
01:12 alexhayes_ and must be installed using pip
01:13 alexhayes_ at least on Ubuntu it seems
01:13 alexhayes_ So just supply -P and it's all ok
01:22 __number5__ alexhayes_: have you tried the ppa method https://launchpad.net/~saltstack/+archive/ubuntu/salt2015-5
01:23 alexhayes_ __number5__: this is all happening as part of a vagrant up
01:23 alexhayes_ so no i haven't tried that, it seems -P solves my problme
01:23 aurynn Does the PPA retain more than just the latest release version?
01:23 alexhayes_ well at least when I run it manually, just updating vagrant so I can set -P flag
01:25 VR-Jack ahh, finally. packaged up. Salt: 2015.5.3-613-g8e1b5da
01:26 VR-Jack currently caught up to 2015.5 branch. yipee for bug fixes
01:26 twork sweet
01:27 VR-Jack tweaking the salt.spec file took a little work.
01:27 VR-Jack including turning off the tests. they bombed
01:27 twork bah, tests. screw 'em.
01:28 favadi joined #salt
01:30 VR-Jack well, now that I got the hard work done, I'm good. git pull, tar, rpmbuild, cp, createrepo, done
01:31 VR-Jack used the packaging versions, so as soon as a newer epel releases 2015.5.4 or 2015.8, I can upgrade to them if I wish
01:31 __number5__ aurynn: there are v2014-7 ppa, which we are using now
01:31 aurynn __number5__, will the 2015 ppa stay on the 2015 release forever? :)
01:32 __number5__ aurynn: you can find the full list here https://launchpad.net/~saltstack
01:32 __number5__ aurynn: I supposed so
01:32 joehh aurynn: the 2015 will contain the latest 2015 package
01:32 zwi joined #salt
01:33 joehh if there is strong demand for a reupload of a particular point release, then I tend to create a new ppa for that
01:33 VR-Jack nice. I actually did it the hard way. should have just downloaded source, unpacked, changed tarball and rebuilt. lol
01:34 aurynn joehh, I'm asking because I'm considering how to do version pinning on my systems
01:35 VR-Jack salt pkg states can support versions I believe
01:35 aurynn yes, but if the underlying ppa doesn't have previous versions in
01:35 nzero joined #salt
01:36 edrocks joined #salt
01:36 aurynn what happens?
01:36 aurynn (I guess I should go test this)
01:37 VR-Jack that's why I always keep my own if it matters
01:39 emnot3 joined #salt
01:47 alexhayes_ Ok, following on from my problem I had before. Installing with -P works however then vagrant tries to scp the minion config over but by the time it does this the file has already been created (I assume by the salt bootstrap). Anyone have any clues about this? (I know it seems more like a vagrant issue but...)
01:48 phw joined #salt
01:48 emnot3 joined #salt
01:50 jvblasco joined #salt
01:58 omegamike joined #salt
01:59 dthom91 joined #salt
02:05 pm90__ joined #salt
02:05 dthom91 joined #salt
02:10 __number5__ alexhayes_: are you using vagrant salt masterless? can you paste your Vagrant file somewhere?
02:14 synical joined #salt
02:15 VR-Jack hmmm. evil epel rpm patches grains/core.py.... evil evil evil
02:21 favadi joined #salt
02:23 quasiben joined #salt
02:23 emnot3 joined #salt
02:26 VR-Jack Well, looks like one test unit was patched in core that matches the epel patch list
02:26 emnot3 Coolio
02:27 claytron_ joined #salt
02:28 writtenoff joined #salt
02:29 VR-Jack ahh. that works. OK (total=1854, skipped=1500, passed=354, failures=0, errors=0)
02:35 Furao joined #salt
02:36 womble Is there a "follow the bouncing ball" tutorial on writing salt states in a unit-test driven manner?  That is, I want to write tests that assert things like "Package X will be installed if I run the 'foo' state", and "The file /etc/foo.conf will contain the line 'frobnicate = enable' if I run the 'foo' state with the pillar variable foo.frobnicate set to true"
02:37 alexhayes_ __number5__: thx I got around it though. Essentially in vagrant you have to set salt.install_command = '-P -F -c /tmp stable'
02:37 alexhayes_ -F -c come from vagrant
02:40 VR-Jack womble: a mixture of jinja to test the pillar and requires for the others
02:41 emnot3 I don't understand tis
02:41 * VR-Jack gives up figuring out how to hardset the version for salt and just packages the .git in the source file
02:42 funzo joined #salt
02:42 womble VR-Jack: What do you mean by "requires for the others"?
02:43 emnot3 left #salt
02:45 VR-Jack womble: http://docs.saltstack.com/en/latest/ref/states/requisites.html
02:46 Furao joined #salt
02:46 hvn joined #salt
02:47 womble VR-Jack: I'm afraid I can't work out how to write a unit test for a state using requisites.  Could you give me a simple example?
02:48 zzzirk joined #salt
02:49 VR-Jack womble: on that page I gave you, scroll down and you will see restart-apache2 with a listen that watched the file.managed of /etc/apache2/apache2.conf
02:51 VR-Jack others have examples or links to examples similar to what you are asking, but they may not be on right now.
02:52 womble Mmm hmm... that's not a unit test, though, is it?  It just appears to be a regular ol' dependency between two resources when they're applied to a system.
02:52 VR-Jack salt.noarch 0:2015.5.3-54.el6 w/ salt 2015.5.3-613-g8e1b5da (Lithium) and all tests passed. whew
02:55 capricorn_1 joined #salt
02:55 VR-Jack well, for part of it, you'll have to use jinja
02:56 VR-Jack womble: http://docs.saltstack.com/en/latest/topics/tutorials/starting_states.html
02:57 hvn joined #salt
02:58 mapu joined #salt
02:59 chamunks joined #salt
03:01 VR-Jack womble: consider that you can add the file.managed to change the file (or a cmd.run with a sed, or whatever) if the pillar exists based on simple if jinja. For the state. Not only can you require, but just place it only in foo's state file (or as an include) so only if foo state is going, will your other state also be called.
03:02 dthom91 joined #salt
03:02 womble VR-Jack: The only mention of the word "test" in the content on that page is in the sentence "Once the rules in an SLS are ready, they should be tested to ensure they work properly."  Which is true, but not particularly instructive on *how* to write automated unit tests to actually achieve that blessed outcome.  Running the state against a real system and poking around at it really isn't comparable to the value of a comprehensive suite of unit tests.
03:03 VR-Jack womble: define test. this is a state system. So it's based on success, fail, change.
03:03 womble I probably should have mentioned earlier that I have already read http://docs.saltstack.com/en/latest/topics/development/tests/unit.html and couldn't map that to testing states.
03:03 VR-Jack the requisites allow you to do other things based on success, fail, change.
03:03 VR-Jack womble: test/unit.html is about testing module code to make sure it works.
03:04 womble That was what I thought.
03:04 VR-Jack it's what I've been working on with my rpm build. :)
03:05 VR-Jack but what you gave me was a simple, joe.sls is called which sets foo state and installs X pkg.
03:05 VR-Jack and if pillar[blah] set to True it will also modify file
03:06 VR-Jack So you define which minions call joe.sls which sets foo and installs X, and checks pillar[blah]
03:06 womble Yes, I'd like to be able to write some code which can be run over a state definition to assert those things happen, to prevent regressions, etc in the future.  You know, like we all do with the rest of our code.
03:07 VR-Jack Hmm. well, ot assert those things happen will be manually doing it if you don't trust the code itself
03:07 VR-Jack otherwise, the state system "usually" brings things to the specified state as dictated and reports success (changed or not) and fail
03:08 ITChap joined #salt
03:08 VR-Jack ie, run salt-run state.sls test1 which does a wheel.accept and then verify that the key was accepted.
03:09 womble I trust the *salt* code; what I don't trust is everyone hacking on these salt state modules not to make a mistake and accidentally break something.  Preferably, *without* having a spin up a whole test system and applying a bunch of stuff against it then poking at it with testinfra or serverspec.
03:10 VR-Jack womble: git/hg your friend. But states always report fail/success/change what what the results for each state were.
03:10 VR-Jack and if a state is wrong, you fix it and call it again so it can adapt to the new state
03:11 VR-Jack If you want extra processing of the actual calls, use returners and process the returns
03:13 claytron_ joined #salt
03:14 womble OK, concrete example time: Let's say I have this state: https://gist.github.com/mpalmer/7c876b4db1dc0ce57b69 what can I do to ensure that nobody changes `mode` to `644` and roll it out?  What are my options?  Code review?  OK, but all humans make mistakes.  Do it live?  Change probably won't be noticed, and even if it is, there's still a window in which the file's contents are vulnerable, until we fix it.  Large-scale tests, where we apply it against a
03:14 womble machine and then use testinfra to check it?  Doable, but hella slow.  Is my only option *really* to wave it through jinja and a YAML parser, and check it myself?
03:17 VR-Jack womble: if you rerun the state, it will change it back to 640
03:18 VR-Jack one purpose of highstate is to regularly reaffirm the states
03:19 VR-Jack Problem is, if someone can modify the file, then they can modify it. If you don't want them making such mistakes, you'll need to run through a frontend parser and generate code based on the parser making sure they don't make mistakes
03:20 womble VR-Jack: Yes, this is what unit testing is for.
03:20 womble That's what I'm trying to achieve.
03:20 womble What I'm asking is if there is *anything* in salt to make this easier, or if I've got to reimplement or jury-rig various bits of salt myself in order to make this happen.
03:21 VR-Jack most of the code itself can be imported into python easy enough. It's pretty modular
03:21 womble I'm fairly sure I know the answer by now, but I live in hope that salt isn't so immature that it has no support whatsoever for reasonably clean unit testing of state modules.
03:22 N-Mi joined #salt
03:23 VR-Jack modules yes. The yaml input to the modules, why?
03:24 womble Because it's a lot quicker and easier to find problems in development than in production -- exactly the same reason we write unit tests for the *rest* of our code.
03:25 VR-Jack One reason I use git/hg. test on development branch, merge to stable, and let salt use stable
03:26 womble What do you do to "test on development branch"?
03:26 VR-Jack rather production salt use stable. test salt uses development branch
03:26 VR-Jack spin up my test servers with it. get them exactly to the state I want
03:27 womble You have no regression testing to ensure that changes don't cause problems?
03:27 VR-Jack "patch"  production only in the case of emergency (zeroday events)
03:28 VR-Jack womble: test servers can spin up on stable and then shift to development to verify everything shifts correctly.
03:28 VR-Jack And for fun, shift it back to production
03:28 VR-Jack s/production/stable/
03:29 womble VR-Jack: How do you verify that everything is as it should be?  Manual verification?
03:29 scoates joined #salt
03:29 VR-Jack In my case, yes. but plenty of people write service level checks/security audits/etc
03:29 shaggy_surfer joined #salt
03:30 womble What are people using to write the service level checks, security audits, etc?
03:31 ITChap Hi
03:31 VR-Jack duckduckgo says a lot of things.
03:32 womble Indeed it does.
03:32 ITChap I have a style question: when you guys use the mine for example to generate loadbalancer configurations
03:32 ITChap where do you query the mine ?
03:32 evle joined #salt
03:32 ITChap in the state ? in the template ? in the map.jinja ? in the pillar ?
03:32 VR-Jack salt fits a very specific purpose. automate all changes so that when those changes work on test (with all audits/etc) they will also work on production and can be repeated a billion times if needed
03:33 hasues joined #salt
03:33 VR-Jack puppet, chef, and ansible pretty much follow the same niche
03:33 womble VR-Jack: Except that Puppet, at least, has puppet-rspec to allow you to comprehensively unit test your manifests.
03:38 hasues womble: Chef has Test Kitchen
03:39 VR-Jack Kinda cute, though ugh. lots of duplication and it doesn't actually test the system in question.
03:39 * VR-Jack could care less what a manifest has if it doesn't reflect on the server.
03:40 womble hasues: I got the impression, based on a five-minute read, that Test Kitchen was more of a CI runner than a comprehensive language for writing tests.  It *was* a five-minute read, though.
03:40 womble VR-Jack: I assume you never use mock objects in your tests, then?
03:41 hasues womble: That's probably true.  I mean, it is used for unit testing, regardless.  It can be used with the other tools as I used it with Puppet in the past.
03:41 VR-Jack womble: the actual module tests do... sometimes. lol
03:42 hasues womble: but it being a language for testing does not resemble what I used it to do.
03:42 VR-Jack OK (total=1854, skipped=1500, passed=354, failures=0, errors=0) <--- probably 1500 mock python module is unavailables.
03:42 clintberry joined #salt
03:44 womble VR-Jack: A mock object has the same "doesn't actually test the system in question" problems as manifest-level unit tests, and they're used in exactly the same places -- where it is time- or cost-prohibitive to execute sufficient end-to-end tests to fully exercise all possible permutations.
03:44 mosen joined #salt
03:45 VR-Jack womble: true, but in the case of a system that automates configuration, a wise person would make sure it actually DOES what you tell it to.
03:45 VR-Jack Doesn't matter if you tell it wrong, or it does it wrong. Verification needs to be done on the end system.
03:46 womble VR-Jack: And thus we have the almighty "integration test", which does complete end-to-end testing of the entire system.  However, that is quite slow, and so we use unit tests as a faster means of catching the vast majority of bugs.
03:46 womble After all, if salt itself, as the executor of our wishes, is the cause of a majority of the problems in our configuration, there are bigger problems.
03:47 Furao womble: quite slow? our integration tests suite is 2 days and 16 hours :)
03:47 VR-Jack well, unless you change the renderers, it's a simple layout. jinja2 -> yaml. parse your yaml to make sure it's all good.
03:47 Furao 1200 units, every .sls is applied and every get uninstalled after that. even pillar default value are checked if documented properly :)
03:48 VR-Jack Furao: which is the way it should be
03:49 womble VR-Jack: Then read that to work out how to render a template, then do *that* in order to work out whether the config file was generated correctly.  If that's what has to be done, I'll do it, but it shows salt's immaturity as a production-grade tool if it doesn't have that kind of thing baked in.
03:49 VR-Jack rspec-puppet doesn't look exactly baked in. Just an addon like the rest
03:50 Furao many forget to test things such as cronjobs that only run once per week/month
03:50 womble VR-Jack: OK, where's the addon for salt to do the equivalent?
03:50 Furao even test produced metrics
03:50 Furao https://github.com/bclermont/states/blob/master/sentry/test.sls
03:51 VR-Jack Hmmm. https://github.com/simonmcc/kitchen-salt
03:52 zmalone joined #salt
03:52 aurynn Ooooh
03:52 aurynn that's something I needed
03:52 ITChap Furao: thanks for the repo. Very nice
03:52 aurynn thanks VR-Jack
03:53 VR-Jack And I hate this. ruby gem, but it's agnostic apparently. http://damyanon.net/getting-started-serverspec/
03:53 VR-Jack not sure where the actual serverspec stuff is. just found that page
03:54 womble serverspec.org.
03:54 quasiben joined #salt
03:55 womble From https://github.com/simonmcc/kitchen-salt/blob/master/INTRODUCTION.md, "So, we can see that salt-call executed our state(s) successfully, in 2m6.56s" -- that's a bit long for a unit test suite run.
03:56 big_area joined #salt
03:56 FOCer joined #salt
03:57 claytron_ joined #salt
04:00 VR-Jack womble: 1/23/2014 is when that was added.
04:00 VR-Jack could be shorter or longer now
04:00 pm90_ joined #salt
04:01 Furao ITChap: np! i hope it’s nice this is more than 10k commits of salt formulas :)
04:01 womble It's spinning up containers for each test run; it's never going to be blazingly fast.  Although surprisingly, the run suggests that most of the time (~90s) is spent doing the "converging"
04:03 ITChap Furao: It's pretty impressive
04:04 ITChap Furao: so basically your absent.sls files are doing the cleanup after removing a state ?
04:05 zmalone joined #salt
04:06 Furao ITChap: yes, and in test run, all absent.sls are executed too, just to make sure. and few extra more cleanup. integration test script check that no users, process or files aren’t cleaned after all absent.sls are applied
04:06 ITChap Furao: That's very neat
04:07 ITChap Furao: I will have to steal this Idea :D
04:07 Furao https://github.com/bclermont/states/blob/master/test/integration.py
04:08 aurynn how often are grains recalculated, if I've got a custom function on the minion to collect data ?
04:08 Furao that script build list of test units from all .sls in all repos (when I test that repo and clients repos)
04:10 VR-Jack Furao: can I fork that?
04:10 Furao VR-Jack: there is already multiple forks
04:11 VR-Jack heh. just noticed that
04:11 VR-Jack I like how you did it within the same framework
04:11 VR-Jack since I don't know python, will be useful
04:12 VR-Jack todo list: learn python after fixing a few more salt bugs
04:12 FOCer joined #salt
04:13 malinoff joined #salt
04:14 aurynn it looks like I can turn off grain caching, but I don't know what performance implications that has
04:14 VR-Jack less than 10 seconds is my guess
04:15 VR-Jack well, let's put it this way, if you do salt-ssh --wipe, it adds 10 seconds to recreate the /tmp/.user...salt folder and info
04:17 zer0def joined #salt
04:21 VR-Jack Furao: I'm actually thinking of using http://www.ossec.net/ as part of my test
04:23 gimpy2938 joined #salt
04:24 VR-Jack still researching it, but might be a decent foundation of secondary checks
04:35 hasues left #salt
04:36 claytron_ joined #salt
04:38 N-Mi joined #salt
04:47 kukacz joined #salt
04:47 kukacz joined #salt
04:48 iggy aurynn: fairly often
04:49 iggy aurynn: it depends on your grains, the default grains are fairly safe to recalc often
04:49 Creator joined #salt
04:50 aurynn mkay. I'm thinking about how to track salt-managed users on a system, and doing an intersection of a grain-provided list of users against the users in the pillar might be a reasonable approach?
04:51 Creator left #salt
04:52 jeddi joined #salt
04:53 shaggy_surfer joined #salt
05:03 ITChap does this trick https://www.reddit.com/r/saltstack/comments/3edbc3/pillar_using_pillar_values_in_other_pillar_values work with an include between sls ?
05:03 saltstackbot [REDDIT] pillar: using pillar values in other pillar values. is it possible? (self.saltstack) | 6 points (100.0%) | 5 comments | Posted by SpaceJesusOnAStick | Created at 2015-07-23 - 21:10:13
05:04 ITChap I want to use load_yaml in one sls and include this sls in a second one to acces the data that I loaded
05:05 jaybocc2 joined #salt
05:05 clintberry joined #salt
05:11 rdas joined #salt
05:11 VR-Jack ITChap: as I understand the include, it should work fine.
05:12 VR-Jack otherwise we couldn't include any sls that had jinja
05:12 VR-Jack but the comment does mention that you can't use the jinja variable across files and that makes sense
05:17 otter768 joined #salt
05:19 FOCer joined #salt
05:20 VR-Jack Hmm, not much documentation on sdb. :(
05:24 alexhayes_ joined #salt
05:25 nzero joined #salt
05:28 calvinh joined #salt
05:28 ITChap VR-Jack: I have few yaml files ~5 that all my sls load
05:28 ITChap I want to find a way to clean this up
05:29 ITChap like including just one file that would load all those yaml files
05:30 VR-Jack You can test, but I doubt the jinja var will traverse the include
05:30 VR-Jack easy test, though
05:33 ITChap just tried
05:33 ITChap and yeah it doesn't work :(
05:33 ITChap so basically Jinja run in each file before the include ?
05:34 VR-Jack correct
05:35 VR-Jack umm, uh. hmmm. Isn't there a line you can put at the top to change the file renders for that file?
05:35 VR-Jack Might be able to reorder the render
05:35 VR-Jack then again, yaml|jinja|yaml might cause the first yaml to error on the jinja
05:37 VR-Jack ITChap: just theorizing. I know they do some funky stuff with other renderers
05:38 ITChap Yeah well I will go with the "It just works" an keep my 5 load_yaml
05:39 claytron_ joined #salt
05:41 VR-Jack hmm. line comment the jinja and change to yaml|jinja|yaml perhaps. lol
05:41 aparsons joined #salt
05:42 VR-Jack I'd hate to see how it parsed the first run, though. ewww
05:44 VR-Jack #!renderer|renderer2|renderer3 is the format
05:49 ITChap I am still getting caught with my variable containing '-' --_--
05:50 gcfhvjbkn joined #salt
05:56 hvn joined #salt
05:56 hvn joined #salt
05:59 AndChat|36225 joined #salt
06:03 jhauser joined #salt
06:03 colttt joined #salt
06:08 lb1a joined #salt
06:17 katyucha joined #salt
06:17 giciding joined #salt
06:20 AndreasLutro joined #salt
06:21 giciding Hi, I'm testing out the Salt Stack Windows Repo items and in order to take advantage of the Jinja support need to install the 2015.08 Release Candidate in Ubuntu.  Is there a page the details the best way to do this (I can't seem to find a ppa for it)
06:22 VR-Jack ITChap: what if you did a series of load_yaml and then did a jinja import from that?
06:22 ITChap so like everything in one dict ?
06:23 VR-Jack yeah
06:23 AndreasLutro morning
06:23 ITChap AndreasLutro: Hi
06:23 ITChap VR-Jack: might work
06:23 VR-Jack ITChap: or you can do import specifying which load_yaml dicts you want native
06:24 ITChap is it possible to do something like {% from 'x.yml' import foo, bar with context %} ?
06:25 VR-Jack I believe so
06:25 dopesong joined #salt
06:25 ITChap That would be neat
06:25 ITChap I will give it a try
06:25 VR-Jack so you could load all 5 in the common, but the sls files could import only what they wanted
06:25 ITChap yeah
06:25 ITChap that would be really nice
06:25 VR-Jack wasteful processing, but meh
06:25 VR-Jack cpu cycles are cheap
06:25 ITChap less typing
06:26 ITChap people's time is expansive :D
06:26 VR-Jack yep
06:30 ITChap seems to work
06:30 ITChap That actually better than what I wanted
06:30 ITChap since you can pick what you need
06:32 VR-Jack Sweet.
06:34 ITChap do you see anything that is wrong in query the mine from the pillar sls files ?
06:34 ITChap to update my loadbalancer config
06:35 ITChap I get the ip from the mine and store it in a pillar
06:35 VR-Jack Not if it will work, which I think mine processes prior to pillar.
06:35 ITChap it makes my loadbalancer states easier to reuse
06:35 ITChap Yeah well looks like there is some issues
06:36 VR-Jack I don't use mine, so....
06:36 VR-Jack Oh, btw, if you haven't read up on it, check out sdb
06:36 mohae joined #salt
06:36 stephanbuys joined #salt
06:36 VR-Jack Might be a use where you can set sdb:// to your info and then read it in direct
06:36 ITChap the thing is that if you use the mine in your config template like in the doc. You can pass any ip manually if one day you want to reuse your state for something else
06:39 VR-Jack The nature of the lazyload, though, is that you should be able to reference almost anything from pillar except that pillar.
06:41 VR-Jack The sweet thing about sdb is that even if writing to it from salt is annoying, you can still write to the db from external source.
06:42 revellion joined #salt
06:43 VR-Jack and the modules look super easy to write
06:43 claytron_ joined #salt
06:44 chosi_ joined #salt
06:47 ITChap VR-Jack: when you say that you don't use mine it's because you don't need it or you don't want to use it ?
06:49 VR-Jack ITChap: haven't needed it yet
06:49 VR-Jack and more likely to use sdb instead
06:50 ITChap I didn't check sdb
06:51 VR-Jack For example. what if I set in pillar nameservers = sdb://nameserver/dns1 or 8.8.8.8 if that doesn't exist. Then when I configure a dns server I set the sdb://nameserver/dns1
06:51 VR-Jack now I have truely variable info
06:51 dwfreed_ joined #salt
06:51 ITChap I see
06:51 InAnimaTe joined #salt
06:51 ITChap but you can only track information that you voluntarily change
06:52 ITChap mine is more for things that might change overtime
06:52 VR-Jack I won't want the minion sending it direct, but I could fire event to master reactor and then update it
06:52 ITChap without interactions
06:52 VR-Jack true, and I may have uses for that at some point
06:52 VR-Jack just haven't yet
06:52 ITChap currently I just use it for HAProxy
06:52 ITChap outside of this ....
06:53 ITChap I don't see other use
06:53 VR-Jack have it send your usernames so your master can determine what names to delete
06:53 ITChap hmm that's a nice idea
06:54 VR-Jack it's the big issue of .present .absent. We don't know what's missing from our list
06:54 ITChap in another hand the fact that all the minions can query everything is kind of messy
06:54 VR-Jack yeah
06:54 VR-Jack and honestly, you could do the same with a quick state that shoots the info to reactor
06:55 VR-Jack cleaner that way probably
06:55 ITChap reactor is the next big thing I need to look into after getting everything running
06:56 ITChap and replace metrics collection daemons with beacons
06:56 ITChap :)
06:56 VR-Jack minion reactor will be nice, especially for vm hosts, as then they can 2 way communicate with master reactor
06:56 VR-Jack think that's still a ways out though
06:57 ITChap Arff it looks like the mine in the pillar doesn't work
06:57 VR-Jack using salt[]?
06:57 ITChap yep
06:58 VR-Jack strange. I'd have thought it loaded by then
06:58 VR-Jack check module loads on the debug
07:00 ITChap https://bpaste.net/show/1bc52de8e54f
07:00 ITChap maybe a syntax issue
07:01 ITChap I tried to move the mine.get directly into the for loop to check
07:01 ITChap doesn't change anything
07:01 eseyman joined #salt
07:03 VR-Jack does it give an error?
07:04 AndreasLutro you can't use multiple : on a single line
07:04 AndreasLutro maybe the yaml_squote isn't working properly
07:05 VR-Jack ITChap: here is example in docs {% for server, addrs in salt['mine.get']('roles:web', 'network.ip_addrs', expr_form='pillar').items() %}
07:05 hardwire joined #salt
07:06 VR-Jack not sure the diff in compound vs pillar
07:07 thehaven joined #salt
07:07 hoonetorg joined #salt
07:07 ITChap AndreasLutro: I don't get any error just that backend.servers is empty
07:07 AndreasLutro aha
07:07 ITChap ??
07:07 AndreasLutro are you sure the compound target actually targets any minions?
07:08 ITChap yes
07:08 ITChap I just tried it on the master
07:08 VR-Jack ITChap: does the loop work in the state directly?
07:09 VR-Jack That should answer our big question
07:09 ITChap I am trying right now
07:09 VR-Jack if possible, put it in a state that salt-run locally instead of one that goes to a minion.
07:12 stephanbuys joined #salt
07:13 dopesong joined #salt
07:16 subsignal joined #salt
07:16 jaybocc2 joined #salt
07:18 ITChap in the state it does work
07:18 ITChap but it's not a local state
07:18 otter768 joined #salt
07:18 ITChap it' on the minions
07:20 s_kunk joined #salt
07:20 VR-Jack which I worry about, as the execution module is different than the runner
07:21 ITChap I don't have anything that I salt-run
07:22 kawa2014 joined #salt
07:22 ITChap That's fine I will cut it in half
07:22 ITChap define the compound in the pillar
07:23 ITChap and call mine.get in the state with the compound from the pillar
07:24 omegamike joined #salt
07:25 ze- joined #salt
07:25 ede joined #salt
07:25 dhscholb joined #salt
07:26 ShibMcNe_ joined #salt
07:26 Gilou joined #salt
07:27 jmccree joined #salt
07:28 sectionme joined #salt
07:28 stanchan joined #salt
07:29 VR-Jack ITChap: https://github.com/saltstack/salt/issues/11509
07:29 saltstackbot [#11509]title: Exception when using Salt mine from pillar | ```...
07:29 ITChap thanks
07:29 edrocks joined #salt
07:29 VR-Jack It's as I thought. salt[] is meant to run on a minion
07:30 VR-Jack they need a runner[] if you're going to do it in pillar
07:30 ITChap how wait I am not clear on something
07:31 ITChap the jinja is done on the server and then sent
07:31 ITChap I always thought it was done by the minions
07:31 VR-Jack salt[] calls modules.blah  and modules/mine.py is only designed to be run on a minion. It tries to contact the master
07:31 VR-Jack pillar is done on the master
07:31 kukacz joined #salt
07:31 VR-Jack same as orchestrate
07:32 VR-Jack pillar processed, then the necessary stuff sent to minions
07:32 jaybocc2 joined #salt
07:33 ITChap Ok I see
07:33 VR-Jack which is why my import_yaml in pillar works. it loads the yaml file in the pillar base on the master
07:33 ITChap I always thought that pillar and states were processed the same way
07:33 VR-Jack nope
07:33 VR-Jack pillar has node restrictions
07:34 VR-Jack the file root is accessable by all no matter what is in it's top.sls
07:35 VR-Jack in fact, the master even has a special id so it can get access to pillar data too
07:35 VR-Jack <localminion_id>_master
07:36 dopesong_ joined #salt
07:37 VR-Jack ITChap: you could write an external_pillar that uses the mine runner to get the information and produces the pillar
07:42 mattiasr joined #salt
07:42 colttt joined #salt
07:42 VooDooNOFX joined #salt
07:42 programmerq joined #salt
07:42 tercenya joined #salt
07:42 deedubs joined #salt
07:42 ajmath_ joined #salt
07:42 sarlalian joined #salt
07:42 mlanner joined #salt
07:42 Horgix joined #salt
07:42 dewdrop joined #salt
07:42 Garo_ joined #salt
07:42 AirOnSkin joined #salt
07:42 repl1cant joined #salt
07:42 ekkelett joined #salt
07:42 JPaul joined #salt
07:42 daemonkeeper joined #salt
07:42 kwork joined #salt
07:42 dayid joined #salt
07:42 kaictl joined #salt
07:42 mitsuhiko joined #salt
07:42 paha joined #salt
07:42 Ssquidly joined #salt
07:42 und1sk0 joined #salt
07:42 arnoldB joined #salt
07:42 rnts joined #salt
07:43 hvn joined #salt
07:43 ITChap I will keep my workaround for the moment
07:43 tercenya_ joined #salt
07:43 ITChap but that might be a good idea
07:43 ITChap just don't have enough time :(
07:43 ajmath joined #salt
07:43 VooDooNOFX_ joined #salt
07:44 impi joined #salt
07:44 und1sk0_ joined #salt
07:44 monkey661 joined #salt
07:47 kwork joined #salt
07:47 kwork joined #salt
07:47 rnts joined #salt
07:47 arnoldB joined #salt
07:47 deedubs joined #salt
07:47 AirOnSkin joined #salt
07:47 Garo_ joined #salt
07:47 dayid joined #salt
07:47 colttt joined #salt
07:48 daemonkeeper joined #salt
07:48 VR-Jack ITChap: off to bed, but here is a code sample that could possibly be modified to support salt.runners.mine. https://github.com/bbinet/pillarstack/blob/master/stack.py
07:48 ITChap VR-Jack: Thank you I will take a look
07:48 ITChap VR-Jack: good night
07:49 claytron_ joined #salt
07:49 joshin joined #salt
07:49 Alan_S joined #salt
07:50 Grokzen joined #salt
07:51 ekkelett joined #salt
07:51 ekkelett joined #salt
07:52 mitsuhiko joined #salt
07:52 mitsuhiko joined #salt
07:52 JPaul joined #salt
07:53 mlanner joined #salt
07:54 kaictl joined #salt
07:58 sarlalian joined #salt
07:59 repl1cant joined #salt
07:59 programmerq joined #salt
08:00 Horgix joined #salt
08:04 gcfhvjbkn joined #salt
08:04 stephanbuys joined #salt
08:05 stephanbuys joined #salt
08:13 eightyeight joined #salt
08:20 Ludo__ joined #salt
08:22 Ssquidly joined #salt
08:24 Ludo__ joined #salt
08:25 hoonetorg_ joined #salt
08:33 mapu joined #salt
08:36 CeBe joined #salt
08:36 sectionme joined #salt
08:39 TyrfingMjolnir joined #salt
08:44 paha joined #salt
08:44 bluenemo joined #salt
08:54 claytron_ joined #salt
08:55 dopesong joined #salt
08:55 DanyC joined #salt
08:55 CeBe1 joined #salt
08:57 calvinh joined #salt
08:58 dopesong_ joined #salt
09:04 krymzon joined #salt
09:09 calvinh_ joined #salt
09:11 z3r0 joined #salt
09:12 sectionme joined #salt
09:19 otter768 joined #salt
09:25 rofl____ is it possible to define multiple interfaces in mine_functions?
09:25 rofl____ ex network.interfaces: [eth0,bond0]
09:25 rofl____ what would the syntax be?
09:27 ntropy not done this, but generally a list is what you want
09:28 lothiraldan joined #salt
09:29 rofl____ ntropy: like [ "eth0", "bond0" ] ?
09:29 kbaikov joined #salt
09:30 sectionme joined #salt
09:32 monkey66 joined #salt
09:34 monkey66 joined #salt
09:35 rodio_ua1 joined #salt
09:35 rodio_ua1 left #salt
09:35 ntropy yes, thats a list
09:36 claytron_ joined #salt
09:36 stephanbuys joined #salt
09:37 artemz joined #salt
09:37 artemz good day
09:40 projekt01_ joined #salt
09:41 ITChap Guys how do you define your worker threads on your master ?
09:41 ITChap I get timeouts all the time
09:42 ITChap and I don't have that many minions, less than 20
09:43 jaybocc2 joined #salt
09:44 babilen master's love cores
09:44 ITChap and workers == cores ?
09:44 babilen http://docs.saltstack.com/en/latest/ref/configuration/master.html#worker-threads
09:44 babilen ITChap: No, "cores" == "cpus"
09:44 ITChap yeah I just don't know which value to pick
09:44 babilen (or, well, cores on cpus)
09:45 ITChap I mean should I use the same amount of threads than cores
09:45 babilen How many cores do you have?
09:45 ITChap 8
09:45 babilen You could, but 5 shouldn't be too bad either
09:46 babilen I run with 5 worker_threads on a twelve core machine that manages (without issues) around 400 minions
09:46 babilen Might want to increase those threads a little, I guess :)
09:47 babilen 16 core(s) on a master that manages ~600 minions (but that one is overpowered, but I don't care as cores come cheap)
09:47 monkey66 joined #salt
09:49 babilen To be honest: I have not yet seen a proper analysis of salt's hardware requirements, but my experience is "the more cores the better" which is, given that it uses multiprocessing, not really surprising. Setting worker_threads to the number of cores makes sense though.
09:50 monkey66 joined #salt
09:50 babilen Note that multiprocessing uses multiprocessing.cpu_count() by default when new pools are initialised .. not sure how salt implements that though
09:50 babilen (I don't actually set worker_threads)
09:50 babilen (cf. https://docs.python.org/2/library/multiprocessing.html#module-multiprocessing.pool)
09:52 monkey66 joined #salt
09:52 sectionme joined #salt
09:53 babilen Ah, it seems to fall back to the value of worker_threads which is 5 by default ..
09:53 babilen No idea why they don't set it to multiprocessing.cpu_count() by default ..
09:58 monkey66 joined #salt
09:59 ITChap So my timeout issue might come from somewhere else
09:59 jaybocc2 joined #salt
10:00 ITChap How much memory do you give to your masters ?
10:00 monkey66 joined #salt
10:01 dopesong joined #salt
10:03 monkey66 joined #salt
10:05 monkey66 joined #salt
10:07 bluenemo joined #salt
10:08 hvn joined #salt
10:09 monkey66 joined #salt
10:10 duendecat joined #salt
10:11 stephanbuys joined #salt
10:13 Archwyrm joined #salt
10:14 sectionme joined #salt
10:16 jeblair joined #salt
10:17 a7p joined #salt
10:18 johtso joined #salt
10:19 claytron_ joined #salt
10:19 fgimian joined #salt
10:20 fgimian joined #salt
10:24 amcorreia_ joined #salt
10:25 sectionme joined #salt
10:27 krymzon joined #salt
10:30 krymzon_ joined #salt
10:33 duendecat joined #salt
10:41 sectionme joined #salt
10:56 hardwire joined #salt
10:57 murrdoc joined #salt
10:58 omegamike joined #salt
11:00 darix in a state sls file. can i access the name of the node that is getting the config atm?
11:00 darix i would like to do something like source: salt://....-{{ nodename }}
11:02 ingslovak joined #salt
11:06 jhauser joined #salt
11:07 AndreasLutro minion id you mean?
11:07 AndreasLutro {{ grains.id }}
11:15 evle joined #salt
11:16 omegamike joined #salt
11:17 KermitTheFragger joined #salt
11:18 duendecat joined #salt
11:18 darix ok
11:18 darix yours is shorter
11:18 darix i settled with {{ salt['grains.get']('id') }}
11:20 otter768 joined #salt
11:21 napsterX joined #salt
11:24 claytron_ joined #salt
11:27 lothiraldan joined #salt
11:32 murrdoc which is better
11:33 murrdoc l33t is salt.grains.get('id', None)
11:33 murrdoc :)
11:35 Norrland so, anyone else experience trouble when upgrading from salt-minion 2015.5.2+ds-1~bpo8+1 -> 2015.5.3+ds-1~bpo8+1 in debian?
11:36 s_kunk joined #salt
11:39 AndreasLutro anyone here installing selenium with salt?
11:40 kukacz joined #salt
11:44 eliasp joined #salt
11:45 malinoff joined #salt
11:51 babilen Norrland: Worked fine here
11:53 kukacz joined #salt
11:58 duendecat joined #salt
12:01 babilen Norrland: What happened?
12:04 Norrland babilen: salt 'myminion' pkg.install pkgs='["salt-minion", "salt-common"]'
12:04 quasiben joined #salt
12:05 Norrland 2sec, let me get the console output from the machine locally
12:05 Norrland http://56d125cd85fd7abb.paste.se/
12:06 hvn joined #salt
12:06 hvn joined #salt
12:07 lothiraldan joined #salt
12:07 Norrland babilen: ^
12:08 catpig joined #salt
12:08 Xevian joined #salt
12:11 jaybocc2 joined #salt
12:11 babilen Norrland: I wouldn't pull in salt-common explicitly and pass "only_upgrade=True" as well, but lets take a look
12:11 otter768 joined #salt
12:11 Norrland I'll try with log_level: debug on a different minion.
12:12 babilen What is the output you get from salt? Is that a wheezy or jessie box?
12:13 Norrland babilen: jessie all the way.
12:13 Norrland http://a0ed8081eb58c044.paste.se/
12:13 Norrland output from the minion.
12:13 babilen Okay, what does "apt update ; apt upgrade" give you then?
12:14 N-Mi joined #salt
12:14 Norrland http://e6601cca6a53c6a4.paste.se/
12:15 babilen And what is the actual output from running "salt 'foo' pkg.install salt-minion only_upgrade=True" ?
12:15 babilen (on a minion on which you haven't ugpraded anything before)
12:16 Norrland lets se.
12:17 babilen (along with that of "apt update && apt upgrade" on a yet untainted one)
12:17 babilen Just trying to see something that doesn't start with a messed up state
12:17 babilen We upgraded more than a thousand minions to the latest version without problems
12:17 babilen (on wheezy and jessie)
12:20 Norrland on master: $ sudo salt 'mgmt.*jenkins01' pkg.install  salt-minion only_upgrade=True
12:20 Norrland mgmt.app-a.jenkins01: Minion did not return. [Not connected]
12:21 babilen Just like to see one actual error from apt
12:22 mapu joined #salt
12:22 Norrland hm. running the install on an machine locally works. "apt-get install salt-minion"
12:23 Norrland had an machine that I didn't want to run 'apt-get upgrade' due to other services with new packages.
12:23 babilen I'd recommend to use apt, but that shouldn't make a difference in this case
12:24 Norrland babilen: apt as cmd.run command?
12:24 babilen no
12:25 N-Mi joined #salt
12:25 babilen To run "apt upgrade" rather than "apt-get upgrade" -- the difference, or rather the important one that I care about, is that apt uses "--with-new-pkgs" by default. Either way, that doesn't help us to debug your problem with upgrading the minion through salt
12:25 babilen How many pristine minions do we have left?
12:26 Norrland have one untouched and one not connected at the moment.
12:26 jaybocc2 joined #salt
12:26 babilen pity
12:27 babilen Okay, lets focus on mgmt.*jenkins01 then
12:27 Norrland although I have shell access to those. Further on, new machines I might not have access to.
12:27 babilen Anything interesting in /var/log/apt/term.log ?
12:27 funzo joined #salt
12:28 babilen Or do you have the failed salt output from an earlier "salt 'myminion' pkg.install pkgs='["salt-minion", "salt-common"]'" run ?
12:29 Norrland term.log: Log started: 2015-08-13  12:12:15
12:29 Norrland (Reading database ... 32569 files and directories currently installed.)
12:29 Norrland Preparing to unpack .../salt-minion_2015.5.3+ds-1~bpo8+1_all.deb ...
12:31 zwi joined #salt
12:32 joselfr joined #salt
12:32 babilen That's it?
12:32 Norrland yep. Last lines from that file.
12:32 babilen Okay, and "dpkg -a --configure" ?
12:32 babilen (on that minion)
12:33 babilen Anything in the salt logs?
12:33 Norrland http://cfc3528492ac9ed4.paste.se/
12:34 Norrland nothing in salt/minion logs unless I enable debug logging.
12:34 babilen Okay, and "apt install salt-minion" works fine again?
12:35 Norrland On the current machine I get this: http://57d0d55330e8e667.paste.se/
12:35 icflournoy joined #salt
12:35 babilen Could you show me "apt-cache policy salt-minion salt-common" ?
12:36 babilen Oh, and throw in the output of "apt-cache policy" as well
12:36 Norrland sure
12:36 Norrland http://dfde3f75c1b9f926.paste.se/
12:37 babilen That looks fine, I take it that "apt upgrade" offers to upgrade both salt-minion and salt-common ?
12:38 duendecat joined #salt
12:38 daemonkeeper joined #salt
12:39 Norrland not really.. http://d54b2ae22b702831.paste.se/
12:39 Norrland wtf
12:39 babilen Yeah, funky town
12:39 lothiraldan joined #salt
12:40 babilen Okay, does "aptitude search '~b'" list anything? What does "apt-get -f install" try to do?
12:41 joselfr Hi guys. I'am pretty new using salt and I'm trying to configure the REST api. I've followed all the steps here: http://docs.saltstack.com/en/latest/ref/netapi/all/salt.netapi.rest_cherrypy.html but it don't works. There is no error / information in the log file. I'm using ubuntu and i've intalled it from the salt ppa.
12:42 Norrland babilen: yeah, these boxes is pretty stripped down. With only apt (AWS Debian images)
12:42 joselfr Here is the master config for the netapi module http://pastebin.com/8FR8vhYr
12:47 dyasny joined #salt
12:48 babilen Norrland: So, what does "apt-get -f install" give you?
12:49 Norrland babilen: that will install salt-minion and salt-common just fine.
12:49 babilen %-/
12:50 Norrland indeed.
12:51 Norrland my $othermachine that I first noticed this on was easier to fix by terminating and recreating, where the provisioning script will install the latest (2015.5.3) version of salt.
12:52 Tecnico1931 joined #salt
12:53 Grokzen joselfr, You need to run it in gunicorn and not through the master, only way i know to make it work
12:55 babilen Norrland: How does the minion behave that we have left? What does "salt 'foo' pkg.list_upgrades" show?
12:55 joselfr Thanks for the answer. But it''s weird. is authentication required to make salt-api work?
12:55 subsignal joined #salt
12:57 Grokzen i do not think so
12:58 Grokzen have not tested without. If you do not use anything then anyone will be able to run anything through your API :p
12:59 Norrland babilen: http://e1abc5e4e0a32de9.paste.se/
12:59 Norrland last one.
13:00 babilen (that's the last minion, isn't it?)
13:01 babilen I'd enable debug logging first and then
13:01 babilen "salt mgmt.app-a.syslog01 pkg.install salt-minion only_upgrade=True refresh=True"
13:01 calvinh joined #salt
13:02 Norrland babilen: last minion yes.
13:02 dthom91 joined #salt
13:05 calvinh_ joined #salt
13:07 Norrland babilen: http://f9e904ad1e79ce5a.paste.se/
13:07 joselfr Anyway I've tried with both auth enabled and not.
13:08 babilen Norrland: And, did that work? Is that the debug log?
13:08 otter768 joined #salt
13:08 babilen yeah, it is
13:08 Norrland babilen: didn't work. That's the relevant part of the debug log.
13:09 Norrland nothing that can be because of the "Error loading module.xx" ?
13:10 babilen It looks as if the "apt-get -y --only-upgrade install salt-minion" call failed
13:10 Grokzen joselfr, Can you query your api via the browser or anything?
13:11 jdesilet joined #salt
13:11 pm90_ joined #salt
13:12 timoguin joined #salt
13:15 joselfr No that's the problem it just don't launch. I'm trying to use another wsgi server
13:17 pm90__ joined #salt
13:17 duendecat joined #salt
13:18 Grokzen joselfr, Then i do not know :] I only have experience with gunicorn and cherrypy
13:19 cpowell joined #salt
13:20 edrocks joined #salt
13:21 joselfr using gunicorn it seems to work
13:21 Norrland babilen: yeah, will try on some local machines that isn't as slimmed as the images from amazon.
13:26 sorta joined #salt
13:27 N-Mi joined #salt
13:28 projekt01 joined #salt
13:28 murrdoc joined #salt
13:29 icflournoy joined #salt
13:34 elfixit joined #salt
13:36 dopesong_ joined #salt
13:37 evle joined #salt
13:38 _JZ_ joined #salt
13:38 SVQTQ joined #salt
13:40 SVQTQ Hello #salt. I have a base environment which installs my ssh keys etc, I also have a production environment, for only the production servers. But the problem is that the state files in production get executed first, before my base environment. I'd like to tell salt to start with the base environment. I want this ot be done because my production states take up to 15 minutes, but in my base, my ssh-keys get placed, so I can log in to the server, now I have to wait
13:40 SVQTQ for the entir highstate to complete before I can login to my server.
13:43 hasues joined #salt
13:43 hasues left #salt
13:43 funzo joined #salt
13:45 AndreasLutro SVQTQ: you could try setting - order: 0 on states you want to execute first
13:46 deedubs Is there any known issues with 2015.5 and s3 file retreval?
13:46 deedubs I think I heard IAM doesn't work but I'm unable to get manually supplying s3 creds to work either :/
13:46 joselfr Works well with gunicorn Grokzen. Thank you. :)
13:46 Grokzen joselfr, np :]
13:46 crank_ joined #salt
13:47 dthom91 joined #salt
13:47 DammitJim joined #salt
13:49 mpanetta joined #salt
13:49 TyrfingMjolnir joined #salt
13:50 crank_ left #salt
13:51 babilen SVQTQ: You could also orchestrate the initial provisioning in multiple steps if setting the order is not an option (for whatever reason)
13:52 bhosmer joined #salt
13:53 breakingmatter joined #salt
13:54 nzero joined #salt
13:55 TyrfingMjolnir joined #salt
13:58 zwi joined #salt
13:59 kaptk2 joined #salt
14:00 gcfhvjbkn1 joined #salt
14:03 andrew_v joined #salt
14:06 jaybocc2 joined #salt
14:06 ajmath joined #salt
14:06 Akhter joined #salt
14:07 napsterX joined #salt
14:14 XenophonF deedubs: istr getting s3 working on my minions (but not using iam profiles as you said)
14:15 XenophonF deedubs: you can try testing the s3 module using the --trace option to salt-call
14:15 XenophonF deedubs: let me see if i can scrounge up better instructions than that
14:16 gimpy2938 Is there a way to do id matching as "does not match X" or "is not in nodegroup X"?
14:20 jcockhren gimpy2938: yeps
14:22 jcockhren use a comppund matcher. for example, https://gist.github.com/jcockhren/91b466178e323522ecab
14:23 dthom91 joined #salt
14:23 jcockhren gimpy2938: see revision 2
14:24 gimpy2938 jcockhren: So when I just put in a nodegroup I have to say 'match: nodegroup' but when using compound I don't?  That seems odd.
14:24 gimpy2938 How does compound know I meant 'mynodegroup' as a ndoe group and not a normal id?
14:25 venu0336 joined #salt
14:26 gimpy2938 Well, confirmed that doesn't work.  Ran "salt -C '* and not frank-compute-nodes' test.ping" and it did it to everything, including the node group frank-compute-nodes.
14:27 dthom91 joined #salt
14:27 jcockhren I might be missing the 'N'
14:27 jcockhren salt -C '* and not N@frank-compute-nodes' test.ping
14:28 gimpy2938 Hmm, never even seen that syntax before...but fails with "No minions matched the target"
14:29 claytron_ joined #salt
14:29 jcockhren is compound matcher broken or or something? I've been using not nodegroup  stuffs since forever
14:31 jcockhren related? https://github.com/saltstack/salt/issues/26107
14:31 saltstackbot [#26107]title: Issue targeting nodegroups - Invalid compound target: ( L@ ... ) | Seeing a strange bug when targeting nodegroups. Some of my minion return fine, whereas others give me either "Minion did not return. [No response]" or "Minion did not return. [Not connected]"....
14:33 gimpy2938 that seems to be a bug with the minion, in this case the master is claiming nothing matches
14:33 FOCer joined #salt
14:34 bluenemo joined #salt
14:36 spark_ joined #salt
14:36 timoguin gimpy2938, jcockhren: so nodegroups use a compound matcher in their definition. maybe nodegroups can't be used in a compound match?
14:36 timoguin I don't see any examples of that use case.
14:36 * timoguin doesn't use nodegroups
14:38 gimpy2938 Damn, if this doesn't work then my are what, repeat myself over and over again in my top file or figure out a regex that would work....
14:42 nzero joined #salt
14:42 Tecnico1931 joined #salt
14:51 Brew joined #salt
14:58 bhosmer joined #salt
14:59 funzo joined #salt
14:59 jalbretsen joined #salt
15:00 dopesong_ joined #salt
15:01 coval3nce joined #salt
15:05 PredatorVI joined #salt
15:05 deedubs XenophonF: The weird this is I can use sudo salt-call s3.get <bucket>
15:05 deedubs but my states can't get files
15:05 deedubs and the keys have full access
15:08 zsoftich2 joined #salt
15:12 sdm24 joined #salt
15:12 ekristen joined #salt
15:18 PredatorVI I lost all day yesterday trying to figure out why my grain assignments aren't working.  Any advice appreciated.  base:
15:18 PredatorVI #ROLE Assignments:
15:18 PredatorVI 'E@myapp-(dev|acc).+':
15:18 PredatorVI - myapp.role_processor
15:18 PredatorVI 'E@myapp-(dev|acc)0[1-2]\..+':
15:18 PredatorVI - myapp.role_web
15:18 PredatorVI 'E@myapp-(dev|acc)01\..+':
15:18 PredatorVI - myapp.role_primary_rabbit
15:18 PredatorVI 'E@myapp-(dev|acc)(?!01).+':
15:18 PredatorVI - myapp.role_secondary_rabbit
15:18 PredatorVI oops
15:18 PredatorVI sorry
15:19 PredatorVI GIST:  https://gist.github.com/PredatorVI/d8df4877a3b463f73c32
15:19 PI-Lloyd wow, such paste
15:19 * PredatorVI instructs a pet piranha to munch on PredatorVI's shoulder blades
15:19 coval3nce I think you may need to signify a match type?
15:20 PredatorVI It's matching and seems to work (see output in gist).  It just doesn't seem to get applied
15:20 PredatorVI when I do 'grain.item role' only the old grain values are listed.
15:20 iggy - match: compound
15:20 clintberry joined #salt
15:21 dezertol joined #salt
15:22 PredatorVI I added the compound match with same net result.  It says 'Append value myapp_primary_rabbit to grain role' and succeeds, but the 'grains.item role' shows none of the new values.
15:23 PredatorVI See the bottom of the Gist.
15:23 zmalone joined #salt
15:24 vandemar joined #salt
15:25 PredatorVI on the minion /etc/salt/grains contains 6 roles (the three old ones and the 3 new ones), but from the master, the new ones are not listed and so the states don't get applied.
15:25 coval3nce https://gist.github.com/PredatorVI/d8df4877a3b463f73c32#file-sample-L7  <- should you have 2 dots there?
15:27 iggy PredatorVI: try a refresh
15:27 iggy PredatorVI: try a refresh_pillar and then check
15:30 hvn joined #salt
15:30 PredatorVI iggy:  Did that on the master (correct?) and grains.item role still only lists the old grain values.
15:30 PredatorVI How do I just purge all cache data on the master?
15:31 PredatorVI I tried grains.delval role destructive=True and they don't go away
15:31 iggy no, on the minion
15:33 dijit so, my master went down for a little while (like, a week :() and now my minions aren't reconnecting; is there a timeout which it will try again or do I have to go to my nodes manually and restart the minions?
15:35 PredatorVI iggy:  'salt-call saltutil.pillar_refresh' followed by 'salt-call grains.items' shows only the 3 old pillar values for role even though /etc/salt/grains has 6 values.
15:35 iggy nfc
15:35 iggy file a bug
15:35 iggy move on with life
15:35 iggy dijit: you'll have to restart the minions
15:35 dijit nooooo
15:36 coval3nce dijit: yeah i ran into this at one point too
15:36 dijit nooooooooo
15:36 dijit thanks guys.
15:36 dijit I can see why it is this way.
15:37 dijit but that's a lot of effort to fix :(
15:37 * dijit gets a backup master for future.
15:37 PredatorVI iggy: does salt cache grain information somewhere else on the minion besides in /etc/salt/grains?
15:37 coval3nce dijit: i wonder if there is a setting we can tweak, to tell it to retry more times
15:37 djstorm joined #salt
15:40 iggy dijit: look at the salt-ssh rosters, there's one that can pull cached minion data off the master and you can use that to easily restart the minions everywhere
15:41 iggy PredatorVI: maybe in /var/cache/salt/ ? I don't know exactly what invalidates that
15:42 PredatorVI k
15:42 iggy PredatorVI: do you have grains_cache: True?
15:42 iggy (it defaults to False)
15:43 PredatorVI no, other than the master setting, the minion file is all defaults.
15:47 dthom91 joined #salt
15:47 PredatorVI maybe that wasn't true.  a developer apparently set grain values in /etc/salt/minion.  Maybe those override any grain assignments made otherwise...
15:48 iggy yes
15:48 iggy that's why you should be using the salt-formula to manage your salt config files
15:48 Norrland When a package is set to not upgrade "salt 'foo' pkg.hold bash". Is there any way of listing the packages which are held?
15:48 iggy and the inotify beacon to run a highstate every time someone touches something in /etc
15:49 PredatorVI iggy:  ..ok..didn't know salt-formula did that.
15:49 Norrland ah nvm. "salt 'foo' pkg.get_selections state=hold"
15:50 omegamike joined #salt
15:52 claytron_ joined #salt
15:53 monkey66 left #salt
15:53 hvn joined #salt
15:54 UtahDave joined #salt
15:54 venu0336 joined #salt
15:56 nzero joined #salt
15:57 nzero joined #salt
15:59 shaggy_surfer joined #salt
16:00 shaggy_surfer joined #salt
16:00 Bryson joined #salt
16:02 rdutch joined #salt
16:07 dthom91 joined #salt
16:08 druonysus joined #salt
16:09 wendall911 joined #salt
16:11 writtenoff joined #salt
16:15 funzo joined #salt
16:16 ltsampro` joined #salt
16:17 bhosmer joined #salt
16:20 aparsons joined #salt
16:21 capricorn_1 joined #salt
16:29 teryx510 joined #salt
16:29 gekr joined #salt
16:31 sorta joined #salt
16:32 claytron_ joined #salt
16:41 losh joined #salt
16:42 KyleG joined #salt
16:42 KyleG joined #salt
16:43 pm90_ joined #salt
16:44 malinoff joined #salt
16:45 pm90__ joined #salt
16:46 dthom91 joined #salt
16:51 mcote joined #salt
16:59 Brenden_ joined #salt
16:59 programm1 joined #salt
17:01 rdutch left #salt
17:01 Brenden_ Greetings folks. I have zero Salt experience but have been tasked with adding minions to our  Oracle Linux servers.  The problem is that although OEL is a splinter off RedHat, it cannot take the same update as all of our RHEL/CentOS servers.  I want to dig into the documentation on how to keep my OEL servers immune from RHEL updates via Salt, what should I be reading up on to facilitate this?
17:02 drawsmcgraw Brenden_: Basically, you want to isolate Salt and its environment, yeah?
17:03 five04tluv joined #salt
17:03 drawsmcgraw I understand people will make a virtual_env for developing on Salt. I imagine you could do something similar for your situation.
17:03 Brenden_ optimally.  Right now my goal is just to salt the /etc/passwd and group files but I just need to make sure that is all that happens for now
17:03 drawsmcgraw But I'm just one opinion. I'm certain there are many other ways to do this.
17:03 drawsmcgraw sure
17:03 iggy you do that with targeting
17:03 iggy in the top file
17:03 drawsmcgraw There's also salt-ssh
17:04 iggy what drawsmcgraw said might be a better option for you getting started
17:04 five04tluv installing salt-minion on a newly installed SL 6.5, python-six is no longer in EPEL. How do we get around this dependecy?
17:04 drawsmcgraw iggy: virtual_env or salt-ssh?
17:04 iggy then you know your oel boxes only get touched when you run salt-ssh
17:04 iggy salt-ssh
17:04 drawsmcgraw yeah I was thinking salt-ssh would be the less-invasive way
17:04 iggy five04tluv: salt has six included now, it shouldn't still depend on it
17:05 drawsmcgraw Brenden_: I think you can start here: http://docs.saltstack.com/en/latest/topics/ssh/index.html
17:06 drawsmcgraw It puts a small Salt environment into a tmp directory on the minion host. All the deps are in that environment
17:06 five04tluv yum list | grep salt-minion
17:06 drawsmcgraw So that way, you don't have to add new repos or anything else that would risk contaminating the OEL system.
17:06 five04tluv salt-minion.noarch                           2015.5.3-3.el6                 epel
17:07 five04tluv yum install salt-minion
17:07 five04tluv Error: Package: python-urllib3-1.5-7.el6.noarch (epel)            Requires: python-six
17:07 iggy oh, urllib3 requires it
17:07 Brenden_ Thanks! I will start digging into these options.  The ssh option looks like a good match as I would be playing with fire adding EPEL
17:07 iggy can't help you solve that
17:07 iggy that's not a salt issue, that's a python-urllib3 issue
17:08 droweappature joined #salt
17:09 stanchan joined #salt
17:09 drawsmcgraw Brenden_: totally understand. Managing repos and mixing them like that is just asking for late Fridays and wasted weekends.
17:09 drawsmcgraw Good luck!
17:11 Brenden_ Thanks again. I suspect I will be visiting here sometime in the future as I pick up these new admin responsibilites
17:11 forrest joined #salt
17:13 ageorgop joined #salt
17:13 iggy we are generally a pretty welcoming bunch
17:13 iggy except me... I'm an asshole
17:14 VR-Jack ^--native. every channel needs one
17:14 droweappature We're using a fork of an old version of salt-cloud, and on AMZN Linux minion instances where Python 2.7 is default python, the shebang for /usr/bin/salt-minion etc. gets changed to "#!/usr/bin/python2" (which is 2.6) during deploy. Is this a thing that salt-cloud used to do and has now been fixed? Or is this expected behavior?
17:15 VR-Jack droweappature: I believe salt-minion still requires 2.6
17:15 iggy #!/usr/bin/python2 is correct according to the pep
17:15 droweappature hmm
17:15 VR-Jack They are updating for python3, but it isn't done yet I don't believe
17:15 iggy if it's trying to use python modules from epel, it'll require 2.6
17:16 droweappature ah, k
17:16 iggy otherwise it should run under 2.7 fine
17:16 droweappature yeah, we're using a lot of epel stuff
17:17 breakingmatter joined #salt
17:17 nzero joined #salt
17:17 VR-Jack When listing benefits of python, version dependencies isn't in the list.
17:17 droweappature heh, yep
17:17 droweappature so, even on rhel-based systems where 2.7 is default, epel packages are only guaranteed for 2.6?
17:18 iggy afaik, yes
17:18 droweappature which pep # is that, btw?
17:18 Brenden_ thanks for the warning iggy :-)
17:18 impi joined #salt
17:19 Brenden_ is salt-ssh an addon? I am on salt 2015.5.3 (Lithium) but can't find salt-ssh anywhere on the filesystem
17:19 VR-Jack seperate package
17:19 claytron_ joined #salt
17:19 VR-Jack if using packages
17:20 Brenden_ VR-Jack, it is possible to install without using EPEL?
17:20 iggy droweappature: 394 I think
17:20 Brenden_ I'll dig around the site and figure this one out
17:20 VR-Jack ask iggy. he bootstraps. I pkg it
17:20 iggy Brenden_: you install salt-ssh on your master and run it from there like you would the normal salt commands
17:20 Brenden_ AH, wasn't sure if it needed to installed on the minion side as weill
17:20 Brenden_ 10-4
17:20 iggy Brenden_: are you saying you didn't install salt on your master using packages?
17:21 iggy ahh, yeah, that's kind of salt-ssh's purpose
17:21 Brenden_ 'I' didn't install our salt env, just inherited it
17:21 iggy no minion install required
17:21 drawsmcgraw Brenden_: I think what Iggy is trying to ask is -> How was the Salt master built?
17:21 SheetiS joined #salt
17:21 drawsmcgraw But yes, that is the purpose of salt-ssh. No installation of anything on the minion.
17:21 Brenden_ it was installed via yum
17:21 iggy rpm -q | grep salt ?
17:22 droweappature iggy VR-Jack: thanks
17:22 Brenden_ I'm a bit slow drawmcgra
17:22 iggy Brenden_: then yeah, there should be a salt-ssh package also
17:22 drawsmcgraw then yeah, a yum install salt-ssh *on the master* should be all you need.
17:22 VR-Jack sadly, the sudo stuff doesn't work for me on it. :(
17:22 Brenden_ yep, found it and installing it now
17:22 VR-Jack had to do root direct
17:22 drawsmcgraw sweet
17:23 iggy VR-Jack: what version?
17:23 VR-Jack probably a bug in the fact that I have to do sudo and the tty true
17:23 VR-Jack 2015.5.3... haven't tried it with the new build I did with latest patches
17:24 VR-Jack I packaged up to 2015.5.3-613-g8e1b5da last night. haven't retested the ssh stuff
17:26 iggy seems like a pretty big thing to overlook as RHEL7 disables sudo w/o tty by default... did you look for an issue?
17:27 * iggy wonders if it's fixed in 2015.8/9/10/11/12 (or whatever it'll actually be called once it's out)
17:27 VR-Jack well, centos6.x is disabled too by default
17:28 VR-Jack doh. I hit the $HOME bug. I forgot to write a patch on that. lol
17:28 Danilo_Pink joined #salt
17:29 Danilo_Pink Hello Guys
17:29 PredatorVI I'm finding that debugging states is a pain in the butt...I'm currently seing a "KeyError" but that means nothing to me and I don't know a good way to drill into more relevant specifics.  Any suggestions
17:29 PredatorVI ?
17:29 VR-Jack I thought they were going to quit doing shell calls. :(
17:29 Danilo_Pink We need to make an additional configuration in the Salt Minion from a Salt Master state. So we need to know how to restart the Salt Minion through a Salt Master request, using a state, without losing the job... or find a way to make the Minion to reload the configuration without a restart
17:29 hvn joined #salt
17:30 iggy PredatorVI: maybe gist the error and state(s)?
17:30 bluenemo joined #salt
17:30 iggy Danilo_Pink: there's a blurb in the docs about how to do it
17:30 VR-Jack self.shell.exec_cmd('/bin/sh $HOME/{0}' <--evil. when passed to local ssh, it apparently runs through local shell and interprets the $HOME locally
17:30 GabLeRoux joined #salt
17:32 forrest iggy: So I tested out the postgres stuff some more last night, copied a command that is working on another VM to this one that runs via salt and initdbs fine, doesn't work on this one, so something else has to be screwed.
17:32 bluenemo joined #salt
17:32 bhosmer joined #salt
17:33 iggy forrest: kill it with fire?
17:33 forrest iggy: Good plan
17:34 PredatorVI iggy:  Gist https://gist.github.com/PredatorVI/d8df4877a3b463f73c32  but is importing  https://github.com/saltstack-formulas/rabbitmq-formula
17:34 PredatorVI In the gist, the error is at the bottom
17:35 duendecat joined #salt
17:36 iggy PredatorVI: KeyError: 'rabbitmq_plugin.enabled' = some module call that you don't have
17:36 iggy PredatorVI: what version of salt? Do you have the rabbitmqctl util on that minion?
17:37 iggy the state was added in 2014.1.0
17:37 PredatorVI iggy:  latest version of salt.
17:38 iggy and the module is looking for the rabbitmqctl binary https://github.com/saltstack/salt/blob/develop/salt/states/rabbitmq_plugin.py#L27
17:38 PredatorVI doesn't look like rabbitmq got installed
17:38 iggy problem solved
17:38 murrdoc joined #salt
17:38 PredatorVI which is what my state is supposed to do
17:38 PredatorVI :(
17:38 iggy but that key error is usually a sign of version problem or missing dependency
17:39 PredatorVI ok, thanks
17:39 five04tluv left #salt
17:39 iggy sadly, a lot of the modules you'll have to go read the source to see why they fail if it's a dependency problem
17:40 dthom91 joined #salt
17:43 icflournoy joined #salt
17:46 GreatSnoopy joined #salt
17:46 ayee left #salt
17:48 * PredatorVI bangs head on desk
17:48 Antiarc joined #salt
17:49 krymzon joined #salt
17:49 pppingme joined #salt
17:49 dopesong joined #salt
17:50 murrdoc :)
17:50 ryand- joined #salt
17:53 SheetiS1 joined #salt
17:53 jondonas joined #salt
17:53 ryand- joined #salt
17:53 murrdoc joined #salt
17:55 * impi is away: Away
17:56 SheetiS joined #salt
17:57 baweaver joined #salt
17:57 X67r joined #salt
17:59 lothiraldan joined #salt
17:59 VR-Jack okay. https://github.com/saltstack/salt/pull/26298
17:59 saltstackbot [#26298]title: Keep $HOME from being interpretted by Master shell | The command is being sent to a shelled ssh call which allows $HOME to get interpreted by the local shell. This is usually different than the remote user when using sudo (ie, /root vs /home/user) and causes it to fail to find the shim script....
18:00 murrdoc iggy:
18:00 murrdoc can i do a saltutil.refresh_pillar call from within a state ?
18:00 iggy module.run
18:00 murrdoc but its bad right
18:01 VR-Jack I hate that fix. it's an either or
18:01 iggy but it should do that at the start of a highstate anyway
18:01 murrdoc if pillar is none, then refresh pillars
18:01 CheKoLyN joined #salt
18:01 murrdoc VR-Jack:  did u have a list of issues u ran into with 2015.latest
18:01 VR-Jack set shell=false for terminal or quote the $HOME so it's not interpretted
18:01 VR-Jack murrdoc: I've patched most of them
18:01 murrdoc forrest:  was asking for the list
18:02 murrdoc if u got some of those bullet points
18:02 forrest murrdoc: I already ran into one of them
18:02 forrest we're good, thanks though
18:02 VR-Jack wheel.* is the worst
18:02 VR-Jack salt-ssh w/ sudo is pretty bad
18:02 SVQTQ joined #salt
18:02 murrdoc my bad forrest
18:02 murrdoc sorry for caring
18:02 murrdoc :D
18:02 harkx joined #salt
18:02 forrest lol
18:02 forrest I said thanks though
18:02 jerryc joined #salt
18:02 forrest WHAT MORE DO YOU WANT
18:03 VR-Jack there's a few others. I quit tracking them because they are fixed waiting for 2015.8 or 2015.5.4, whichever releases first
18:03 iggy murrdoc: if you need it refreshed during a state run (due to grains changes/etc), I'm pretty sure a reload_modules refreshes pillar data
18:03 stanchan joined #salt
18:05 duendecat joined #salt
18:06 rdutch joined #salt
18:07 Danilo_Pink ok iggy, I saw the doc and I found this link: http://docs.saltstack.com/en/latest/faq.html#what-is-the-best-way-to-restart-a-salt-daemon-using-salt
18:08 VR-Jack Okay, commented on the problem, but development also sets shell=True, so my fix should be good.
18:08 VR-Jack Well blame based pi
18:08 Danilo_Pink Using "at" command is the only way?
18:09 Deevolution Danilo_Pink: If you're using Unix/Linux note that using 'at' will add 2 to the priority of the process.
18:09 nzero joined #salt
18:13 ryand-home joined #salt
18:13 gimpy2938 I can no longer run anything on my master, everything seems to error out with "'int' object has no attribute 'pop'", any idea what could cause this?  https://gist.github.com/anonymous/74a716677eff49ad0b31
18:14 subsignal joined #salt
18:15 ryand- joined #salt
18:15 gimpy2938 The only thing done betweenw hen it worked and now is "state.highstate" was ran on all minions
18:16 katyucha joined #salt
18:16 iggy you'd want to run salt-call -l debug on the minion itself
18:16 theologian joined #salt
18:17 iggy otherwise you're just seeing the debug/trace output on the master side (which isn't going to be that helpful)
18:17 krymzon joined #salt
18:17 gimpy2938 iggy: The minions don't seem to be the problem as when I run a minion in debug/trace I don't see them get anything from the master before the command on the master fails
18:18 gimpy2938 So it appears the failure happens on the master before it gets to the point it would communicate with a minion
18:18 bhosmer joined #salt
18:19 ryand-home joined #salt
18:21 baweaver joined #salt
18:21 VR-Jack gimpy2938: but you'll get different results if you salt-call
18:23 VR-Jack ahh, that's why they shim'd in $HOME. most /tmp don't allow o+x
18:24 VR-Jack from what I can tell
18:24 claytron_ joined #salt
18:26 VR-Jack hmm. nope. that works. not sure why execution failed for test.ping module without root.
18:29 gimpy2938 How would I use salt-call to test this?
18:30 dthom91 joined #salt
18:30 VR-Jack salt-call -l debug <module>  ie salt-call -l debug test.ping
18:31 krymzon joined #salt
18:32 shaggy_surfer joined #salt
18:33 seblu joined #salt
18:33 seblu joined #salt
18:35 Fiber^ joined #salt
18:35 XenophonF would anyone be willing to share examples of using a tool outside of salt to kick off service provisioning events in salt, say, via salt-api?
18:36 VR-Jack basepi: pingeroos! https://github.com/saltstack/salt/pull/26298
18:36 saltstackbot [#26298]title: Keep $HOME from being interpretted by Master shell | The command is being sent to a shelled ssh call which allows $HOME to get interpreted by the local shell. This is usually different than the remote user when using sudo (ie, /root vs /home/user) and causes it to fail to find the shim script....
18:36 gimpy2938 VR-Jack: This is weird, that test just times out..."SaltReqTimeoutError: after 60 seconds."
18:36 johnkeates joined #salt
18:37 forrest XenophonF: Did you already look at: http://docs.saltstack.com/en/latest/ref/netapi/all/salt.netapi.rest_cherrypy.html ? It's very thorough
18:37 forrest XenophonF: I don't have any straight up examples though
18:37 XenophonF not yet, thanks, forrest
18:37 forrest XenophonF: NP
18:37 VR-Jack gimpy2938: what version of salt?
18:38 gimpy2938 VR-Jack: 2015.5.2
18:38 johnkeates left #salt
18:38 XenophonF can i safely expose salt-api's endpoint to the internet?
18:38 forrest XenophonF: cherry pi supports ssl and I believe you can support a secret key
18:38 VR-Jack restart your master, and on master try salt-run manage.status
18:39 VR-Jack gimpy2938: ^^^
18:39 VR-Jack make sure your minions are connecting
18:39 jaybocc2 joined #salt
18:41 VR-Jack Oh, wait. gimpy2938: I don't think you're nodegroups are right
18:42 gimpy2938 VR-Jack: They have been working, why do you say that?
18:43 VR-Jack because it's a raw n[#-#] without a letter predicating it
18:44 gimpy2938 VR-Jack: I also get the same error when I test a single minion instead of a nodegroup ... the last test gives: https://gist.github.com/anonymous/0eb892e32bf5729146ab
18:44 big_area left #salt
18:45 big_area joined #salt
18:45 amontalban Hey guys, anyone had this issue before? https://github.com/saltstack/salt/issues/26280
18:45 saltstackbot [#26280]title: pecl.installed errors on KeyError: 'pecl.installed' | When running highstate we get the following error:...
18:46 XenophonF forrest: looks like i can run it under mod_wsgi
18:46 VR-Jack gimpy2938: I'm going to guess it's crashing trying to interpret something before it can do basic functions. Try commenting out your nodegroups temporarily, restart master, and try the manage again. If it works, it's the nodegroups, if it doesn't, it's not
18:46 XenophonF i wonder if i can still use it that way with saltpad
18:47 forrest saltpad still doesn't support masterless right?
18:47 XenophonF no idea
18:48 duendecat joined #salt
18:48 forrest Looks like it still doesn't :(
18:48 ryand- joined #salt
18:48 gimpy2938 VR-Jack: Same error with no node groups
18:49 VR-Jack gimpy2938: try salt-run -l all manage.status
18:50 gimpy2938 VR-Jack: Says a jid file doesn't exist https://gist.github.com/anonymous/fb2f4706e0eb808b848c
18:51 impi joined #salt
18:51 andrew_v joined #salt
18:52 katyucha joined #salt
18:54 VR-Jack gimpy2938: I'm more concerned with get_event() firing and then getting 'in' object has no attribute 'pop'
18:54 ryand-home joined #salt
18:55 aron_kexp joined #salt
18:55 forrest VR-Jack: Did you see an issue already reported for what appears to be - Refresh: True not working with the latest 2015 releases?
18:55 forrest Because that shit is not working
18:56 VR-Jack forrest: nope. hadn't seen that one
18:56 forrest alright
18:56 XenophonF forrest, do you know what the difference is between salt/modules/uwsgi.py, salt/netapi/rest_cherrypy/wsgi.py, and salt/netapi/rest_wsgi.py?
18:56 gimpy2938 VR-Jack: Hmm, no idea what get_event() does, why is it concerning?
18:56 XenophonF s/between/among/
18:57 ryand- joined #salt
18:57 forrest XenophonF: Well the module should be http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.uwsgi.html, the netapi stuff is specifically for the netapi, and as far as I know it's just running either through cherrypy, or wsgi (eww)
18:58 stanchan joined #salt
18:58 ajw0100 joined #salt
18:58 XenophonF what's wrong with wsgi?
18:59 forrest I'm just biased against it after working in an env that relied on wsgi and mod_wsg
18:59 forrest *wsgi
19:00 forrest basepi: Has anyone reported issues to you on the 2015 releases where - refresh: True doesn't work for pkg.installed?
19:00 forrest basepi: I don't see an issue on it yet, but wasn't sure if you guys were aware of such a problem internally
19:00 kukacz joined #salt
19:03 VR-Jack gimpy2938: any error is concerning. Either the get_event process failed and so something wasn't done like creating the job.... or, you have permission/file issues in your cache directory. You could try deleting the cache directory and restarting master
19:04 VR-Jack gimpy2938: or better yet
19:04 ryand-home joined #salt
19:04 VR-Jack salt-run cache.clear_all
19:04 VR-Jack hmm. may not get jobs, though
19:05 pppingme joined #salt
19:08 Bryson joined #salt
19:08 claytron_ joined #salt
19:09 scoates joined #salt
19:09 scoates …starting to think that not very many people are using the boto states/module for actual work
19:10 stanchan joined #salt
19:11 ub joined #salt
19:11 ub left #salt
19:12 dopesong joined #salt
19:12 forrest scoates: I don't think a ton of people are
19:13 scoates boto_secgroup.present has no support for vpc_name, and vpc_id is determined by the remote API, so security groups can't be declarative.
19:13 scoates will patch and PR
19:13 scoates …again (-:
19:13 XenophonF i guess i feel more comfortable exposing salt's rest api while screening access to it using mod_security
19:15 forrest XenophonF: Totally understandable
19:15 forrest scoates: That will be cool, you should let Ryan_Lane know you intend to put that in
19:15 scoates Ryan_Lane: I intend to put that in
19:15 scoates (-;
19:16 scoates _modules/ and _states/ has saved me more times than I care to admit.
19:17 dopesong_ joined #salt
19:23 VR-Jack forrest: refresh: true takes 20s long than refresh: false on centos6.6
19:24 forrest VR-Jack: I'll test it after I finish this VM build
19:24 forrest to double check I'm not full of shit
19:24 forrest which is totally possible
19:24 VR-Jack forrest: there are issues in pkg selection listed in bug reports, though. in pkg.latest, so you may be seeing that issue if you went by pkg installed version
19:24 forrest hmm
19:25 forrest I am not using pkg.latest
19:25 forrest I specify a specific version in this state.
19:25 forrest There's also a chance this is a vagrant problem
19:25 VR-Jack well, there were issues in pkg.latest and pkg.installed not getting the right version
19:26 VR-Jack pkg.installed nano w/ refresh: false is 38s... w/ refresh: true is 58s. tested multiple times. Base time is the time to install pkg.
19:26 VR-Jack 20s is reasonable for a repo refresh
19:27 FOCer joined #salt
19:27 ryand- joined #salt
19:28 forrest VR-Jack: Did you set suggestions to false?
19:28 forrest VR-Jack: try - skip_suggestions: True
19:28 forrest That provided a massive performance boost
19:31 VR-Jack forrest: ahh. no I haven't. but actually, I need to downgrade salt to retest. I forgot to do that
19:33 forrest VR-Jack: Give skip_suggestions a shot as well when you test, it makes things a lot better, especiall on any RHEL derivative.
19:34 ageorgop joined #salt
19:34 XenophonF so the cherrypy rest module sucks
19:34 VR-Jack doing downgrade now
19:34 XenophonF (1) it has to be aliased to /
19:35 XenophonF (2) it only looks at /etc/salt/master for configuration
19:35 VR-Jack apparently you can't just specify salt. have to downgrade all the other pkgs in the cmdline. lol
19:36 pcn XenophonF: so that means the whole thing sucks?
19:36 baweaver joined #salt
19:36 XenophonF yeah, because i can't get it to work right on my master :(
19:36 XenophonF guess i'll stick with salt-api for now
19:37 forrest XenophonF: This is one of the main reasons I'm not using it yet, it doesn't support a masterless config at all.
19:37 iggy we use saltnado... couldn't every get cherrypy to work
19:37 twork joined #salt
19:37 forrest I like tornado
19:37 forrest http://docs.saltstack.com/en/latest/ref/netapi/all/salt.netapi.rest_tornado.html XenophonF
19:37 iggy I will pistol whip the next person that says masterless
19:37 XenophonF i'm looking at that code now
19:37 forrest A coworker of mine contributed to it a bunch, seemed pretty good
19:37 forrest iggy: mothafuckin masterless
19:38 forrest iggy: It's pretty good
19:38 forrest though I miss having a master a lot of time for ease of deployments
19:38 VR-Jack forrest: saved me 11s with skip_suggestions
19:38 forrest VR-Jack: That's pretty good.
19:39 XenophonF i still want to run it under mod_wsgi
19:39 VR-Jack doing 3 tests of =false first
19:39 forrest VR-Jack: I'm pretty sure my issue is strictly related to virtualbox caching something weird, and not a fault of salt
19:39 forrest basepi: Ignore my comment regarding the refresh thing, pretty sure this is a vagrant issue after testing it on two 2015 releases, and 2014.7.
19:39 VR-Jack forrest: could be, but it's worth checking
19:40 forrest VR-Jack: I just did
19:40 iggy forrest: I think was ignoring you anyway
19:40 nyx_ joined #salt
19:40 dthom91 joined #salt
19:40 forrest Basically even though I set the repo file up, and have refresh set for true, something was screwing it up, so I could delete the box and repro and it would still be that release, but if I ran a local yum clean all it would be fine on the next provision.
19:40 forrest iggy: I don't blame you
19:41 sdm24 hey iggy, whats the name of that restaurant you like with all that funny stuff on the walls?
19:41 kevinquinnyo joined #salt
19:41 rdutch left #salt
19:42 iggy ^5
19:42 VR-Jack forrest: 20s diff again. so it's at least working on a centos6.6 esx vm
19:42 forrest cool
19:42 forrest this is a centos 6.6 vagrant machine
19:42 forrest and I might have encountered it before
19:42 VR-Jack oh, I should point out that not specifying seemed to default to True
19:42 forrest feels familiar yet distant
19:42 forrest VR-Jack: for the refresh? Yeah I think by default it's set to true
19:43 forrest I'd have to look at the state code though
19:43 VR-Jack now to remove nano. I hate that pkg.
19:43 VR-Jack I deleted the line after the true tests and it was still doing it
19:43 VR-Jack *mgiht* have been cache issue, but I doubt it
19:44 VR-Jack ugh. hg status looks horrid with all these tests I've been doing. lol
19:44 VR-Jack 11 ? files and 3 M files
19:45 XenophonF forrest, iggy: can i run saltnado under wsgi?
19:45 iggy never tried
19:45 forrest XenophonF: I don't know, never even used saltnado
19:45 forrest something something iggy masterless something something
19:45 XenophonF OK
19:46 iggy http://tornado.readthedocs.org/en/latest/wsgi.html ?
19:46 XenophonF ia ia masterless fthagn!
19:46 XenophonF thanks iggy
19:46 XenophonF heading that way
19:46 iggy !lmgtfy python tornado wsgi
19:46 saltstackbot http://lmgtfy.com/?q=python+tornado+wsgi
19:46 XenophonF out of respect i'm going to stop talking about mastermumble
19:46 ryand- joined #salt
19:46 VR-Jack looks like centos finally released 6.7
19:47 VR-Jack has a major bind fix in it
19:47 iggy i.e. removing it?
19:47 * iggy runs
19:47 VR-Jack lol. I wish
19:47 jngd joined #salt
19:49 dthom91 joined #salt
19:50 kevinquinnyo when adding a user via the user and friends salt modules, is there a built in implementation of something like mkpasswd -m sha-512 ?
19:50 manfred kevinquinnyo:  yes
19:50 kevinquinnyo so i'm just blind then, let me check the docs again
19:51 manfred kevinquinnyo:  https://github.com/saltstack/salt/blob/develop/salt/utils/pycrypto.py#L44
19:51 XenophonF thanks for the clue-by-four, iggy - i'm going to give saltnado a try
19:51 manfred kevinquinnyo:  you just want to generate a hash to pass using jinja?
19:51 kevinquinnyo i wanted to create a hash from a password
19:52 kevinquinnyo i think i need the shadow module
19:52 kevinquinnyo shadow.gen_password
19:52 manfred kevinquinnyo:  mod_random.shadow_hash
19:52 kevinquinnyo thanks
19:52 manfred np
19:52 twork hi, all. i'm back with my latest symtax fuckup. help. https://gist.github.com/mjinks/c0487130950d2fb31ab4
19:52 icflournoy joined #salt
19:52 manfred it uses the gen_hash function from salt.utils.pycrypto
19:52 kevinquinnyo perfect
19:52 manfred kevinquinnyo:  if you are doing it in a state file, you can use the get_or_set_hash
19:52 iggy just put the password in there, it automatically makes it into system format
19:53 twork one day this irc channel will have written my whole salt setup for me.
19:53 forrest hey twork, thanks for your report regarding that issue on the formula
19:53 manfred kevinquinnyo:  http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.grains.html#salt.modules.grains.get_or_set_hash
19:53 PredatorVI joined #salt
19:53 twork forrest: after i posted it i wasn't sure it was actually a bug.
19:53 manfred if you want to generate a password on the fly*
19:53 manfred but yeah, the user.present when you pass a password, will crypt it
19:53 druonysus joined #salt
19:53 forrest twork: It is, I asked whiteinge about it to confirm
19:53 twork ...but you sure are welcome.
19:54 twork well! bravo.
19:54 forrest twork: So file isn't getting set properly there (if it wasn't already obvious to you)
19:54 twork forrest: the surroundings made that bit of code hard to figure out for a noob.
19:54 iggy twork: pillar.items shows all that bind data?
19:55 evilrob_ joined #salt
19:55 forrest twork: Yeah I can see that
19:55 twork forrest: yeah, it was ...well not obvious, but, figured out, yeah.
19:55 twork iggy: no, it does not.
19:56 twork iggy: let me verify that...
19:56 kevinquinnyo manfred: oh that's nice -- does that mean i could set it randomly on the fly, then retrieve it for use later in another state?
19:56 manfred yeah
19:56 manfred using the grains
19:56 PredatorVI I'm not using npm that I'm aware of but see this in the minion log:  ''.but you sure are welcome.
19:56 PredatorVI [13:54] #salt: <twork> well! bravo.
19:56 PredatorVI [13:54] #salt: <forrest> twork: So file isn't getting set properly there (if it wasn't already obvious to you)
19:56 PredatorVI [13:54] #salt: <twork> forrest: the surroundings made that bit of code hard to figure out for a noob.
19:56 PredatorVI [13:54] #salt: <iggy> twork: pillar.items shows all that bind data?
19:56 manfred you can just do
19:56 PredatorVI [13:55] #salt: <forrest> twork: Yeah I can see that
19:56 PredatorVI [13:55] #salt: <twork> forrest: yeah, it was ...well not obvious, but, figured out, yeah.
19:56 PredatorVI [13:55] #salt: <twork> iggy: no, it does not.
19:56 PredatorVI [13:56] #salt: <twork> iggy: let me verify that...
19:57 twork oop! i was wrong: pillar.itms does show all that stuff.
19:57 kevinquinnyo how persistent are grains values set in this dynamic way
19:57 PredatorVI holy cco
19:57 PredatorVI cow
19:57 forrest PredatorVI: ?
19:57 PredatorVI sorry
19:57 sdm24 how can I target multiple globs of minions? "salt -L 'mariadb*,mysql*' doesn't return anything, and neither does "salt -C 'mariadb* or mysql*'
19:57 twork ...but when i try to reference it, i miss.
19:57 forrest PredatorVI: RUDE!
19:57 manfred kevinquinnyo:  this is what get_or_set is for :P
19:57 twork ...apparently.
19:57 * PredatorVI finds the closest large object and gives PredatorVI a slap with it
19:57 harkx joined #salt
19:58 SVQTQ joined #salt
19:58 manfred kevinquinnyo:  {% set pass = salt['grains.get_or_set_hash'](name='mysqlpass', length='10') %}
19:58 manfred kevinquinnyo:  then just use {{ pass }} everywhere
19:58 manfred put the set at the top of a file*
19:58 nzero joined #salt
19:58 forrest twork: modify https://gist.github.com/mjinks/c0487130950d2fb31ab4#file-config-sls-L3 with {%- set file = salt['pillar.get']("bind:available_zones:peerlessnetwork.com:file") %}
19:58 manfred but it will set the grain, then later, if you use it in a different thing, it will just pull that grain, especially on the next time you run the state
19:58 forrest twork: See if that renders correctly, if so we can at least confirm that it is your implementation of the usage of key
19:59 kevinquinnyo manfred: does that grain exist on disk on the minion though?
19:59 kevinquinnyo in it's cache dir?
19:59 PredatorVI Trying again....ugh.  I'm not using npm but see this in the minion log.  Is this normal if npm not installed/used? 'Error loading states.npm: 'npm' binary not found on system'
19:59 kevinquinnyo or just in memory during the state(s) execution?
19:59 manfred kevinquinnyo:  yes, in /etc/salt/grains, but only the root user can see that.
19:59 forrest twork: I can't remember if you need to define it as {%- set file = salt['pillar.get']("bind:available_zones:{{ key }}:file") %} or some other combo of it
19:59 VR-Jack sdm24 salt -C L@test*,test2*
19:59 raddessi joined #salt
19:59 kevinquinnyo manfred: thanks
19:59 iggy PredatorVI: yes, there's a bug about it somewhere
20:00 iggy PredatorVI: safe to ignore
20:00 PredatorVI kk
20:00 sdm24 -thanks VR-Jack
20:00 raddessi hi all, I'm using the salt modules with a local sminion entirely without saltstack but would like to enable logging to an already existing logger instance rather than the root instance, is this possible? I've put some time in to it but haven't had much luck
20:00 manfred kevinquinnyo:  if you store it in pillars though, the root user could see it anyway, imo it is easier this way :)
20:00 raddessi this is how I create the salt caller instance: http://pastebin.com/K0suvXpz The commands to enable logging to the root logger are in the docstring, but where this script runs we don't record the stdout so I would like to make the caller use a custom logger that logs to a file
20:01 kevinquinnyo manfred: yeah i'm about to change the way i handle initial mysql installation using that instead -- much better
20:01 manfred yar :)
20:02 baweaver joined #salt
20:02 PredatorVI Is there an easy way to query salt to see if gitfs states are loading properly without trying to run them?
20:02 twork forrest: bear with me, juggling text here
20:02 twork it is the way
20:02 forrest twork: No worries, I'm working anyways
20:02 kevinquinnyo for ftp users, i'm not sure yet, i might need a way to actually use that shadow module since they are going to have to be predefined in some way (eventual implementation undecided)
20:03 sdm24 PredatorVI: http://docs.saltstack.com/en/latest/ref/runners/all/salt.runners.fileserver.html
20:04 sdm24 or http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.cp.html#salt.modules.cp.list_states
20:04 twork forrest: the stuff you told me to add: context doesn't matter a whole lot there, right, we just want to see if it comes out the other end with a pillar.get?
20:04 iggy !salt modules.cp.list_master
20:04 saltstackbot http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.cp.html#salt.modules.cp.list_master
20:04 iggy PredatorVI: ^
20:04 PredatorVI awesome
20:05 VR-Jack raddessi: module stdout is usually returned to the salt returner, but I believe there are other log options available to salt. check the code base. they aren't well documented.
20:05 forrest twork: Exactly, I was just using the specific value you had there.
20:05 forrest twork: Now that I think about it, isn't the key in the wrong place?
20:05 forrest https://gist.github.com/mjinks/c0487130950d2fb31ab4#file-bind-sls-pillar-L2
20:05 forrest based on that?
20:05 zwi joined #salt
20:06 raddessi forrest: thanks, I was trying to avoid that but this seems like a very uncommon use case
20:06 forrest don't you actuall have bind:{{ key }}:available_zones:{{ key }}:file
20:06 forrest raddessi: Huh?
20:06 forrest raddessi: I think you mean VR-Jack
20:06 raddessi oops wrong person, meant VR-Jack
20:06 forrest I haven't been following at all, sorry
20:06 raddessi np :)
20:07 VR-Jack raddessi: the code base is very tree like. I saw logging options in there the other day when I was looking for syslog.
20:08 s_kunk joined #salt
20:08 tzero joined #salt
20:08 forrest twork: Or actually bind:{{ key }}:available_zones:peerlessnetwork.com:file
20:08 twork forrest: if i've read you correctly: added that to my pillar, and ran: salt '*' pillar.get bind:configured_zones:peerlessnetwork.com:file ...and it gave me back nothing.
20:08 twork ok will try that
20:08 raddessi VR-Jack I haven't looked at the returners yet so that's a starting point. Thanks again :)
20:08 forrest twork: Yeah you have an actual key between bind and configured_zones right?
20:09 forrest twork: Your original syntax of + key + might be right, I can't remember
20:09 bhosmer joined #salt
20:09 DanyC joined #salt
20:09 VR-Jack On a role. 10 contributions! woohoo
20:10 twork i'll try it with the {{ key }}
20:10 VR-Jack raddessi: salt/log and salt/returners are the 2 parts of the code base I'd check. They are excellent usually to document the top of the file iwth all the info you need.
20:11 forrest twork: Try your original syntax as well, I can't remember or find a good example off the top of my head :(
20:12 twork oh hell. now i'm lost. context.
20:12 forrest twork: I need to go get some lunch, let me know how it goes
20:12 forrest twork: I meant regarding how you entered key
20:12 forrest twork: {{ key }} versus + key +
20:12 twork go have lunch. i'll stare.
20:13 VR-Jack twork: was there a link to a paste on it?
20:13 raddessi VR-Jack ah that's great then. There isn't as much code in there as I expected so this shouldn't be too hard
20:13 twork VR-Jack: a link pointing at m troubles? yes: https://gist.github.com/mjinks/c0487130950d2fb31ab4
20:14 VR-Jack Nope. lots of files, well organized, each file is usually short and concise
20:14 gimpy2938 VR-Jack: Sorry for the delay, `salt-run cache.clear_all` fixed the problem - it no longer crashes with the missing job file
20:15 VR-Jack twork: use ~ not +, first of all. and you can't use {{}} inside of {% %}
20:15 forrest_ joined #salt
20:16 twork VR-Jack: thanks. i feel another bug report coming on...
20:16 twork trying to learn logic and markup at the same time: it can age one.
20:19 VR-Jack twork: this is similar. {% if salt['pillar.get']('hosts:' + phostname + ':network','') != '' %}
20:19 VR-Jack {
20:20 VR-Jack I should use ~ instead of + though
20:20 twork then why did you use + ?
20:20 shaggy_surfer joined #salt
20:21 twork or, what's the difference?
20:21 VR-Jack they are the same, but if the variable is an int, it will break
20:21 VR-Jack ~ makes sure to cooerce to string
20:21 VR-Jack {% set gateway = salt['pillar.get']('hosts:' + phostname + ':network:gateway',)
20:21 VR-Jack %}
20:21 twork aha
20:21 markm joined #salt
20:22 baweaver https://github.com/saltstack/salt/issues/26014 - TL;DR: Wheel commands cannot be run on the saltnado REST api
20:22 saltstackbot [#26014]title: Add Wheel client to Saltnado | https://github.com/saltstack/salt/blob/develop/salt/netapi/rest_tornado/saltnado.py#L210...
20:22 iggy it's not a requirement (and in some cases may actually be undesirable)... but it's a good habit to be in since yaml parsing is kind of a strange beast
20:22 evilrob joined #salt
20:22 VR-Jack I used single quotes instead of double. May make a difference. I also did a ,) on the end, as pillar.get is 2 params. not sure if that matters either
20:25 ryand-home joined #salt
20:25 twork single quoes here draws a fail to compile
20:26 DanyC Hyia, anyone had/ has any experience around ossec ?
20:26 twork and man, i cannot type any more. damn mac laptop.
20:28 twork well... this has helped. now at least i know where to go hunting for my errors. (not in the pillar this time.)
20:29 Akhter iggy: quick question, is there a way to fire an event from the minion to the master (with event.send perhaps?).  I'm not able to use fire_master,that's a 2015.5.3 addition.
20:30 Akhter http://docs.saltstack.com/en/2014.7/topics/reactor/index.html#fire-an-event  Basically my question is that will that fire sls files within the master?
20:31 capricorn_1 joined #salt
20:33 VR-Jack twork: ummm. you had single quotes in the for loop call. something else is wrong there. lol
20:34 andrew_v_ joined #salt
20:35 twork VR-Jack: you're right: i put in a quote mismatch.
20:35 VR-Jack hehe
20:35 twork VR-Jack: was seeing the quotes as around ~ key ~ rather than shielding it from the stuff around it. haste makes waste.
20:36 VR-Jack twork: also, for testing, adding a ,'nofilefound' option wouldn't be bad. then you knwo file got set to something.
20:36 VR-Jack that way if it doesn't find the entry, it defaults to something
20:37 VR-Jack but as I recall, jinja seriously treats " and ' differently
20:37 twork many do
20:37 VR-Jack yeah, but worse than most.
20:38 VR-Jack I don't think I only have single quote everywhere.
20:39 VR-Jack errr. I think I do. Seem to recall an issue with doubles
20:39 twork VR-Jack: ok, i'm sorry, but it's not obvious to me where to stick that ,'nofilefound' string. wider context? this stuff is still pretty math to me.
20:40 VR-Jack twork: in the second pillar.get options. it takes 2 options. the pillar to get and the default if not found
20:40 VR-Jack look at your first line. you're default is , { }
20:40 VR-Jack ie, give me an empty dict
20:41 twork ah
20:42 ajw0100 joined #salt
20:42 twork ok, and in the second one, there is not currently a second param, right? so i need to add ...file", 'nofilefound' ...?
20:43 VR-Jack yeah. that will at least return something. or you could do , '' for returning empty string explicitly
20:44 VR-Jack I do that sometimes. see https://gist.github.com/vr-jack/79d3ac87fd3b4fe16047
20:44 twork seeing...
20:45 VR-Jack I do some really weird stuff on my hosts pillar, which is why it's so convoluted.
20:46 VR-Jack thus the hosts:<hostgroup>:<hostname>:network:interfaces:
20:46 RickCH joined #salt
20:46 RickCH Hi all
20:46 RickCH Is there a way to add a route without overwriting the existing routes?
20:47 ryand- joined #salt
20:47 tzero joined #salt
20:48 dezertol RickCH: can you add the order number to it like you do with the raw iptables commands? (never done it in salt)
20:48 RickCH I have a state that I am extending the route and it just overwrites the existing.
20:48 RickCH I did try order
20:51 VR-Jack RickCH you have a gist of the state?
20:51 forrest_ twork: Did you figure that out?
20:52 VR-Jack his eyes are friend, forrest_
20:52 VR-Jack err, fried
20:52 forrest_ Ugh I hate when I have the underscore
20:52 forrest_ stupid irc
20:53 forrest_ left #salt
20:53 forrest_ joined #salt
20:53 VR-Jack muahaha
20:53 kevinquinnyo lol
20:53 forrest joined #salt
20:53 kevinquinnyo he really hates his underscores
20:53 VR-Jack why use /nick when you can quit and restart!
20:53 twork okay, thanks for all your patience guys. currently my config.sls looks like this: https://gist.github.com/mjinks/c0487130950d2fb31ab4#file-config-sls
20:53 murrdoc forrest_ was cooler
20:54 * forrest shrugs
20:54 murrdoc :)
20:54 murrdoc y so srs
20:54 RickCH https://bpaste.net/show/13cb766a5e67
20:54 VR-Jack twork: why not single quotes?
20:54 twork ...and, "sudo salt 'bind*' pillar.get bind:available_zones:peerlessnetwork.com:file" still returns nothing, no complaint about an empty string. VR-Jack: i tried both.
20:55 VR-Jack twork: oh. really?
20:56 twork VR-Jack: well, it returns the minion's name.
20:56 twork but you know the drill.
20:56 VR-Jack twork: silly question, but - bind is in top.sls for the bind* nodes?
20:57 twork VR-Jack: yep.
20:57 twork 'bind*' catches my minion's host name, 'bind' is the pillar
20:57 VR-Jack and sudo salt 'bind*' pillar.items lists it in the list?
20:58 twork (aside: bind was someone else's choice. ftr.)
20:58 twork VR-Jack: yeah. did a bit ago,  let me make sure i haven't screwd it up...
20:59 twork ...yep, vomits all sorts o' crap, including the stuff i'm trying to draw.
20:59 twork i'll post.
20:59 VR-Jack twork: did you also try saltutil.pillar_refresh
21:00 RickCH @VR-Jack https://bpaste.net/show/13cb766a5e67
21:01 VR-Jack RickCH: looks right. not sure why it fails. You end up with only one route on the server?
21:02 RickCH Correct I need the route-eth0 to have both routes and I end up with only the extended route.
21:02 twork VR-Jack: actually not lately. let me give that a swing. meanwhile: https://gist.github.com/mjinks/bba2ab72859b755de84c
21:02 VR-Jack if you run with -l debug it will also print out the yaml which should show you if it merged them right
21:02 subsignal joined #salt
21:03 DanyC VR-Jack, iggy, GreatSnoopy - following our discussion yesterday i have filled a bug https://github.com/saltstack/salt/issues/26302
21:03 saltstackbot [#26302]title: Minion requires its own name resolution and w/o the first run takes a long time | Hi,...
21:03 twork VR-Jack: ok, that improved the output from pillar.get bind:available_zones:peerlessnetwork.com:file
21:04 VR-Jack twork: okay. well that matters. :)
21:04 VR-Jack Now to try state
21:04 twork i've been told that...
21:04 twork behold! yellow, where once there was red!
21:04 VR-Jack yellow good, though I prefer green
21:04 VR-Jack or a good black
21:05 VR-Jack hate blue. M$ ruined that for me
21:05 twork +1
21:05 cachedout joined #salt
21:05 twork their latest faded shade... eugh
21:05 teryx510 joined #salt
21:05 VR-Jack off for smoke since you're on your way. :)
21:06 RickCH Looking at the module for network I am guessing there is no way to add a route to existing routes
21:07 twork i was about to complain again because i didn't find any reference to the zone i'm trying to push, but upon further reading (through the green), i see it's in correct state. shoved in previously i guess. by monkey hands i suppose.
21:07 twork such green. pretty, preeetty, abundant green.
21:07 VR-Jack RickCH: I hate extend. I almost always just do things in a single state block
21:08 RickCH Problem is the original route is add via a different state call.  It is a route we need for multiple states.
21:09 DammitJim joined #salt
21:09 RickCH Need to code in a network route add that just adds the next one after the last.
21:09 aparsons joined #salt
21:10 GreatSnoopy DanyC, imho any sane system SHOULD be able to get the address of its own hostname. And for a sanae resolution to that, if you know that your dns could go even temporarily haywire you should really have the hostname put in /etc/hosts. Further, I remember that it only needs its address at minion start. While I do not know the specifics on what for it needs it, I would expect any higher level protocol to include some various metadata like callback addresses and
21:10 GreatSnoopy other things like that, and as such the minion should be able to populate such structures with the proper address
21:10 GreatSnoopy so, you are in a wrong setup from the very first moment when you have an unresolvable hostname
21:11 GreatSnoopy further, things like oracle database do not even start and crash at very startup if they are not able to get an ip address for the current hostname
21:11 icflournoy joined #salt
21:12 GreatSnoopy anyway, I'm just a puny tech, the core guys could tell you more about why it actually needs that
21:13 jalbretsen left #salt
21:13 twork dammit. don't you hate it when you solve a problem, and then you go back and try to recreate the problem so that you can record your issue, and it won't come back?
21:13 VR-Jack RickCH: I always just use pillars/jinja loops to build that sort of thing
21:13 claytron_ joined #salt
21:13 VR-Jack twork: it's a known issue that pillar.items and pillar.get gets out of sync
21:13 sdm24 and pillar.raw
21:13 VR-Jack ^^
21:14 twork yeah, i recall. but i went back and tried to put (what i thought was) my sls syntax back into wrong, re-synced to my minion, and it still shows okey-dokey.
21:14 VR-Jack scheduling a 5 minute saltutil.pillar_refresh isn't always a bad idea
21:14 RickCH VR-Jack: Good idea I might just convert that to a pillar item..
21:15 VR-Jack twork: the original paste I saw wasn't exactly wrong. I was just nitpicking it
21:16 twork VR-Jack: yeah, that's actually what i'm afraid of, that we haven't fixed whatever trouble i thought i was chasing.
21:16 twork ...but we fixed *something*...
21:16 VR-Jack twork: I'm not sure you had a trouble. I think you're pillar just wasn't in sync
21:16 VR-Jack so pillar.get didn't get you your data
21:17 twork VR-Jack: but i haven't changed my pillar since sometime last night. wouldn't it have had time to sync on its own? or does that need a manual nudge?
21:17 VR-Jack syncs in highstates an a few other times I think
21:18 VR-Jack sometimes it just needs a nudge
21:18 twork good to know. thanks.
21:19 VR-Jack sorry, I didn't realize at first that your salt bind* pillar.get was also failing
21:20 * twork fires VR-Jack
21:20 VR-Jack ugh. now I'll have to do work for my own company. lol
21:21 VR-Jack At least I don't have to worry about being fired from it. Just loosing customers.
21:21 VR-Jack err, losing
21:22 ingslovak joined #salt
21:23 * VR-Jack closes 13 salt related tabs in browser. *sigh*
21:24 baweaver joined #salt
21:24 amontalban \q
21:24 murrdoc where do u work vr-jack
21:25 whytewolf only 13?
21:25 nzero joined #salt
21:25 VR-Jack murrdoc: own my own company. We setup servers for telcos running their own ISP services.
21:25 murrdoc fun
21:25 VR-Jack whytewolf: second time today. :P
21:25 murrdoc must be nice
21:26 VR-Jack Well, it beats working for people that don't appreciate what you do.
21:26 murrdoc your work stinks VR-Jack
21:26 murrdoc and your help salt stinks harder
21:26 otter768 joined #salt
21:26 murrdoc :)
21:26 murrdoc just trying to bring it back for u
21:26 murrdoc i dont actually mean it
21:27 PredatorVI I'm still fighting an issue with a rabbitmq state (see https://gist.github.com/PredatorVI/d8df4877a3b463f73c32)  I *think* the root case is because it isn't installing the rabbitmq-server package but I have 'require' directive and I *think* the proper include, but I get the stack trace listed in the Gist.  Any ideas what to look at?
21:27 twork srsly, thanks a ton guys. i'm on deadline and i'd be nowhere near turning it in were it not for you bunch
21:27 kukacz joined #salt
21:28 VR-Jack twork: I hear that. I have an ASR 9k to learn from scratch and program before end of month.
21:28 twork reconsider.
21:28 VR-Jack customer choice. I wanted a juniper
21:30 VR-Jack PredatorVI: you have a rabitmq.latest.sls or rabbitmq.latest/init.sls?
21:30 amontalban joined #salt
21:30 DanyC GreatSnoopy: thx for reply. While i do understand the angle you coming i don't agree on the fact that it needs to be in /etc/hosts file. IMO DNS is the way to go however in order to do that and be able to inject that into the VM during creation is a chicken and egg. the way i thought is to rely on salt to sort out my "DNS" client configuration - aka /etc/resolv.conf
21:31 baweaver joined #salt
21:32 ajw0100 joined #salt
21:33 whytewolf PredatorVI: what does this return salt '<minion>' cmd.has_exec rabbitmqctl
21:33 GreatSnoopy DanyC, point is there are GUARANTEED moments when external dns is not available, and there are always a minimum of things that you really really want to have upon yourself at any moment and not depend on an external resource for things to work. Alternatively a) ensure your dns always works (can you really guarantee that your nameserver will NEVER be unavailable?) b) use the minion itself to add the hosts record and to remove it at a later moment when dns is
21:33 GreatSnoopy available
21:33 DanyC GreatSnoopy: however what i didn't know, couldn't find any reference is this "requirement" from minion side during first run.
21:34 PredatorVI VR-Jack:  Returns False.  The formula (not mine) has:  rabbitmq/init.sls, rabbitmq/latest.sls
21:34 GreatSnoopy DanyC, you will have to buzz more at the core-devs :D
21:34 VR-Jack PredatorVI: yeah. I see that. forgot to switch over to the hg
21:34 PredatorVI whytewolf:  returns False
21:34 VR-Jack gh
21:34 GreatSnoopy DanyC, it would not surprise me if its a zmq thing
21:34 whytewolf PredatorVI: that is how salt knows that rabbitmq is installed.
21:35 andrew_v joined #salt
21:35 PredatorVI whytewolf:  Any reason you can fathom why it isn't getting installed per the requirement?
21:35 dthom91 joined #salt
21:36 PredatorVI *requisite?
21:36 whytewolf PredatorVI: not with the info at hand no
21:36 coval3nce Is there a way to exclude a pillar file within a top file definition?
21:37 PredatorVI whytewolf:  Happy to provide more info, but I'm not sure what.  :/
21:37 DanyC GreatSnoopy: let me give you the full picture fyi only. So i'm on OpenStack where i spun my VMs in a tenant and all my VMS are registered after the salt highgstate run on the minion the Consul state which does register the hostname into Consul DNS and then everything is great and awesome (OpenStack doesn't have a DNSaaS which is integrated at lower level hence my Consul solution)
21:37 GreatSnoopy danyc as a workaround I would suggest to have the hostname added by default from the machine template (or whatever bare provisioning you use initial) so that the record exists when the minion will be installed on the machine. And have a state that will invalidate the record based on a local dns check on the machine
21:38 DanyC GreatSnoopy: that is what i done today in the HEAT user_data which i injected ;)
21:39 GreatSnoopy :D
21:39 VR-Jack PredatorVI: what version is the minion running?
21:39 GreatSnoopy sounds legit :D
21:39 whytewolf DanyC: at my last company this is what we used in the heat user_data 'echo `/sbin/ifconfig eth0 | grep 'inet addr:' | cut -d: -f2 | awk '{ print $1}'` `hostname` >> /etc/hosts'
21:39 whytewolf DanyC: oh never mind you already are doing that
21:40 PredatorVI VR-Jack:  2015.5.2
21:40 raddessi left #salt
21:40 DanyC GreatSnoopy: with the bug, i'm not naive to believe it will be fixed, but at least a good reason will be provided and hopefully will be documented so others don't get caught like i was
21:40 VR-Jack k. Your error is because the rabittmq_plugin state module is screwed up, but the reason is it didn't find rabbitmqctl
21:41 whytewolf DanyC: the othergood news is openstack is working on a DNSaaS solution.
21:41 whytewolf PredatorVI: rabbitmq.latest should install the repo. is there repo being installed?
21:41 PredatorVI yes
21:42 PredatorVI I manually installed rabbitmq-server and I definitely get past the error.  Should I downgrade minion?
21:42 DanyC whytewolf: that will do but i can even rely on neutron metadata to give me the IP using IP=`curl -sf http://169.254.169.254/latest/meta-data/local-ipv4`
21:43 VR-Jack PredatorVI: want my theory? It's including the config before it can process the main init.sls so the error occurs before it can even install the package
21:43 DanyC and is much more cleaner ;) as i can add into into a sub-script which i pass in as HEAT param and then i keep my user_data small and clean :)
21:43 VR-Jack This is because rabbitmq_plugin.py doesn't handle it's virtual correctly
21:43 PredatorVI Good theory
21:44 VR-Jack erroring on a key before we can even process prereqs is umm, bad
21:44 DanyC whytewolf: yes they are with Designate but since i'm following that community very close i doubt it will be ready even for labs in Liberty or Mitaka
21:44 DanyC ;)
21:45 PredatorVI VR-Jack: Is there an issue already or should I create one?
21:45 VR-Jack PredatorVI: not sure. was just scanning code and your formula on git
21:45 PredatorVI kk
21:46 PredatorVI I forked that formula and assumed it worked ;)
21:47 VR-Jack it's chicken egg from what I can tell. Need to have rabbitmqctl installed prior to doing plugins
21:47 PredatorVI k
21:48 VR-Jack if there are no plugins listed, it would probably install
21:48 VR-Jack then you could add plugins
21:48 whytewolf DanyC: if they crack it out as fast as they did Trove it actually could be in Mitaka.
21:48 VR-Jack but that's bad form, imho
21:48 PredatorVI May try as work-around.
21:48 PredatorVI thanks
21:49 baweaver joined #salt
21:49 DanyC whytewolf: let's see, i'm not putting too much hope yet :)
21:50 whytewolf DanyC: lol, don't blame you. I hope they just get better at stabalizing what they already have first.
21:51 VR-Jack PredatorVI: https://github.com/saltstack-formulas/rabbitmq-formula/issues/20
21:51 saltstackbot [#20]title: rabbitmq_plugins circular dependency | On the initial run of this formua, if the `rabbitmq` pillar contains any plugins the whole formula wont execute.   The `rabbitmq` or `rabbitmq.latest` wont execute because `rabbitmq_plugin` fails. ...
21:51 DanyC whytewolf: which is what they are trying to do on nova/ neutron area hence why i said less focus from big players on DNSaaS
21:52 whytewolf DanyC: True, although i have been impressed with how much more stable Kilo nova and neutron is compaired to Icehouse [I skipped juno so have no data on it]
21:52 PredatorVI thank you!
21:53 DanyC GreatSnoopy: on the topic "state that will invalidate the record based on a local dns check on the machine" - you have s'thing sketched quckly in your minde ? cause i guess to keep it simple i don't need to check based on node type/ grain but just a golabl state which will be triggered when? I was thiking if i can have a reactor which can trigger the state to invalidate hosts file entry rather than put it into top.sls
21:54 twork i'm back! this time with a specific question. i know i can translate: ['this.that']("them:those") into the shell line: $ salt '*' this.that 'them:those'.  but how to handle it when ("this:that").other() is amended like that?
21:54 DanyC whytewolf: true, with IceHouse i got grey hair, wiht Juno, i'm losing hair, nw i'm going to skip Kilo and wait for Liberty-3 :)
21:55 GreatSnoopy DanyC, i think it would work with UNLESS (http://docs.saltstack.com/en/latest/ref/states/requisites.html )
21:55 GreatSnoopy DanyC, and you could call host $(hostname) or something
21:56 DanyC GreatSnoopy: i'll give it a try tmw, thx for the tip !!
21:56 GreatSnoopy welcome
21:56 GreatSnoopy time for me to go to sleep, too, bye
21:57 aparsons joined #salt
21:57 whytewolf DanyC: well least Icehouse wasn't havana. I still have nightmares of the things i had to do to keep that system up. and clean. I still remeber the day I found phantom systems that just didn't terminate and were still running
21:58 whytewolf but openstack thought they had deleted
21:58 claytron_ joined #salt
22:00 VR-Jack PredatorVI: Try something for me. Move that include .config section to the bottom of that file and try it
22:01 jngd joined #salt
22:02 whytewolf twork: you mean how do you do jinja on the command line? salt 'ctrl*' cmd.run template=jinja "echo {{ grains['os']}}"
22:02 PredatorVI Will-do, but I thought the include at bottom was illegal syntax :)
22:03 murrdoc not at all
22:03 murrdoc if u are using 'implicit ordering' include where its needed
22:03 twork whytewolf: is iteritems() jinja?
22:03 murrdoc python
22:04 whytewolf twork: python.
22:04 murrdoc also items() is py3 so is prefferend in lists
22:04 VR-Jack PredatorVI: it must be included before referenced I believe, but I'm not sure that's required here.
22:06 twork whytewolf: the specific hunk of code i'm looking at is here, with a comment: https://gist.github.com/mjinks/7423f9c567f6be43d87e
22:07 PredatorVI VR-Jack:  Same error.  I restarted master after making change in our internal GitLab server.
22:08 VR-Jack PredatorVI: okay. then let's do this. move it over to latest.sls under the includes
22:08 VR-Jack there are no dependencies in rabitmq/init.sls to need the config.sls there.
22:08 PredatorVI kk
22:09 VR-Jack by having both files included in the latest.sls, it may alter behavior
22:10 Bryson for a given ID in a .sls file, how can I include two of the same state? For example, cmd.run more than once inside a single ID.
22:10 whytewolf twork: iteritems just tells the for loop here is an interable object. have fun. as long as what is being returned by pillar.get is iterable you should be fine.
22:11 PredatorVI VR-Jack:  To clarify, I'm adding the line '  - .config' below the '  - rabbitmq' include at the top of latest.sls?
22:11 VR-Jack PredatorVI: yeah, though go ahead and change it to rabbitmq.config to make sure there's no confusion
22:12 forrest whiteinge: That change is baller, straight up redirect that isn't even noticeable
22:12 twork whytewolf: ah, ok. well that helps, because what it returns is zilch. thanks.
22:13 Nakiski joined #salt
22:13 twork ...wait, no, i mistyped. but still i think i've got something to work on, thanks.
22:13 jngd joined #salt
22:14 whytewolf twork: don't we all always have something to work on
22:14 amontalban joined #salt
22:15 twork whytewolf: when i don't, that's when you see me pop up here
22:16 PredatorVI VR-Jack:  Got past that error.  YAY!  'rabbitmq-server' is now installed, but salt said it failed.  Not sure why.
22:16 VR-Jack PredatorVI: k. I'll update the bug. I know how to fix it better
22:17 PredatorVI VR-Jack:  I owe you a DP Cheesesteak
22:18 duendecat joined #salt
22:18 VR-Jack lol. well, good luck with the rest.
22:21 VR-Jack The error is because includes are processed first. So it fails. If you do 2 includes, it'll finish the first before it starts the second, which you've got what you need by then
22:21 duendecat joined #salt
22:23 Edgan joined #salt
22:27 nzero joined #salt
22:29 PredatorVI VR-Jack:  Is the bug you are updating the one in salt-formula/rabbitmq-formula or a different one in saltstack?
22:30 VR-Jack in rabbitmq-formula. you have the one for saltstack? that bug isn't a bug
22:30 funzo joined #salt
22:31 PredatorVI I don't have one for saltstack...I was going to comment on the rabbitmq-formula issue if different
22:32 VR-Jack nope. You'll find my comment at the bottom of it
22:32 VR-Jack You fix isn't a good one overall
22:32 PredatorVI Just saw it...thx
22:33 VR-Jack they need to move __init__.py into install.py and then include install and config in the init
22:33 VR-Jack That will fix the problems and keep the chain of includes correct
22:34 * PredatorVI is glad there are smart people in this channel to balance the rest of us out.
22:34 VR-Jack I know. I'm glad iggy is here too
22:34 PredatorVI :)
22:34 VR-Jack twork: you got that stuff running yet?
22:35 leev joined #salt
22:38 sdm24 does anyone have an ETA for 2015.5.4? Will it be before 2015.*?
22:38 VR-Jack sdm24: all comments on issues are whichever comes first
22:38 sdm24 ok
22:38 VR-Jack and it's supposed to be 2015.8
22:39 VR-Jack if it shifts to 2015.9, I'm guessing 2015.5.4 will be first. lol
22:39 sdm24 I figured 2015.8 would (obviously) have a lot of changes to it, while 5.4 would just be some minor bug fixes
22:39 sdm24 haha they'll just rechange the numbering convention again
22:39 VR-Jack lots of them. I made a package from the head.
22:39 whytewolf just rember 2015.5 was originally 2015.2
22:39 VR-Jack once my last change finishes, I'll make another. between my 2, 24 commits were done
22:40 sdm24 I'm excited for win_wua. I can finally use my windows minions for more than ad-hoc commands!
22:43 VR-Jack heh. I so dislike the interactiveness of windows
22:43 PredatorVI Is there a way to map a gitfs branch to multiple environments?  I want the master granch for state repos/formulas to be available in all environments.  I hoped something similar to the ext_pillars syntax existed, but I'm not seeing it for gitfs_remotes.
22:43 PredatorVI granch=branch ;)
22:44 zwi joined #salt
22:45 intel joined #salt
22:48 sdm24 I was wondering something similiar, but didn't dig around enough to find a solution
22:48 iggy there's a bug for it (so no, not yet)
22:49 wangofett Does anyone successfully deploy docker containers with exposed ports?
22:49 twork VR-Jack: no... i'm still getting something wrong in that config.sls
22:50 * wangofett is on 2015.5, and cannot get ports to map
22:50 wangofett no matter what I've tried, it ends out with `docker inspect --format='{{.NetworkSettings.Ports}}' mycontainer` giving me a map[]
22:51 twork VR-Jack: one of those lines of jinja isn't being populated correctly. still trying to figure out why.
22:51 drawsmcgraw left #salt
22:51 wangofett iinstead of `map[8000/tcp:[{0.0.0.0 5454}]]
22:51 VR-Jack twork: what's it missing? It's doing file right now?
22:51 VR-Jack or not
22:51 twork ...but it's looking less like noise to me, so, progress
22:51 wangofett (that's what I get when I use the docker -p switch)
22:52 twork VR-Jack: https://gist.github.com/mjinks/7423f9c567f6be43d87e
22:52 twork ...actually that's a bit out of date. one sec.
22:53 VR-Jack and what do you mean by empty? So you don't get a file listed still?
22:55 twork correct
22:55 twork 'file' is being set to 'NoFiLeFoUnD'
22:56 VR-Jack okay. but you're missing something. the for loop is working
22:56 VR-Jack or you wouldn't even get a file.managed stanza
22:56 VR-Jack because of if args['type']
22:57 VR-Jack So let's have fun and troubleshoot. Change zones-{{ file }}: to zones-{{ key }}: and let's view what the key value is
22:57 twork ok...
22:58 VR-Jack and that works anyways since you only have 1 zone per entry anyways. ;)
22:58 VR-Jack the id's will start showing you your key value.
23:01 VR-Jack results? results? eh? eh? eh?
23:02 twork VR-Jack: sorry, went looking for a reply to soething you said a line or two up, and my ssh and screen sessions got all messed up
23:02 VR-Jack lol
23:02 twork y'know.
23:04 twork ok, so, with zones-{{ key }} ... eh, let me gist.
23:04 VR-Jack haha. muahah
23:04 duendecat joined #salt
23:05 twork https://gist.github.com/mjinks/adbbdd8c2f0421d60edd
23:05 VR-Jack okay. so the first line is working
23:05 twork yes
23:05 VR-Jack I was monitoring it. :P
23:06 twork sorry....
23:06 VR-Jack umm, only one is wrong. the rdns one
23:06 twork yeah, it's the second line i'm stuck on now
23:06 VR-Jack peerlessnetwork.com found the file
23:06 twork that's what i was trying to get context on when i lost shells
23:07 VR-Jack Well, the problem is, you pull the zones from configured, but then you set file based on available, but then you print out all configured, so naturally the rnds one isn't in avaailable and failed
23:08 twork hrm... y'know, i may be back to a pathname issue.
23:08 twork oh!
23:08 scoates joined #salt
23:08 VR-Jack so in your if statement, perhaps check to make sure file doesn't equal the filenotfound thingy
23:08 twork see: this is what happens when we try to run code we don't yet fully understand.
23:08 VR-Jack that way you don't accidentally release a zone that's configured but not available
23:09 murrdoc PredatorVI:  send a pull with your fix
23:09 amontalban Hey guys, I'm getting this error "Context must be formed as a dict" when running this state: http://pastebin.com/pLaVvuVp
23:09 amontalban Any ideas of what can be wrong?
23:10 zsoftich2 joined #salt
23:11 twork VR-Jack: i've got what you suggest plugged in now, in something that may or may not be proper syntax. let me debug and report back.
23:12 breakingmatter joined #salt
23:13 whytewolf amontalban: you are presenting a list to context. remove the -but keep the spacing. [just turn the - into a space] http://docs.saltstack.com/en/latest/topics/troubleshooting/yaml_idiosyncrasies.html#nested-dictionaries
23:14 VR-Jack twork: I'm thinking {% if args['type'] == 'master' and file != 'NoFiLeFoUnD' %}
23:14 amontalban whytewolf: doohhhh! Thanks mate!
23:15 Nazca joined #salt
23:15 whytewolf amontalban: no problem
23:15 VR-Jack ie, we're only generating a state entry if we got a good key with type master and we found a file for it
23:15 MadsRC joined #salt
23:15 amontalban This is a clear sign I need to get some rest :)
23:15 twork VR-Jack: i was close. i wrote '&&' for 'and' and '"file"' for file
23:15 twork jinja didn't like that...
23:15 VR-Jack yeah. hehe.
23:15 whytewolf amontalban: or you are human. that actually is an easy miss when almost everything else in salt needs a list not a dict
23:15 rgarcia_ joined #salt
23:16 VR-Jack I had to look it up on the jinja documentation itself. saltstack didn't have any easy to find examples of and/or
23:16 bhosmer_ joined #salt
23:16 VR-Jack But I've been writing code for 25+ years now in various languages. It's a small advantage.
23:16 twork VR-Jack: thanks for that. i'm still slow finding my way through both.
23:17 twork been reading code almost that long. writing, mostly in shell.
23:18 VR-Jack For shell scripting I grew up on the original sh in slowaris.
23:18 PredatorVI murrdoc:  I don't think my fix will work if you are NOT using latest.sls.
23:18 VR-Jack bash reminds me a lot of ksh
23:18 VR-Jack PredatorVI: it will not
23:18 VR-Jack my suggested fix will
23:18 murrdoc PredatorVI:  doesnt matter, it helps anyone planning on using latest
23:19 murrdoc so its a good improvement
23:19 PredatorVI murrdoc: the fix includes REMOVING the include for config from init.sls.
23:19 VR-Jack but I'm not forking and patching it. lol
23:19 PredatorVI That will break anyone not using latest
23:20 twork VR-Jack: okay, with that added, at some point we go looking for ID:  zones-NoFiLeFoUnD,  Name: /var/cache/bind/zones/NoFiLeFoUnD and (duh) don't find it. but we don't get a clear idea why.
23:20 VR-Jack PredatorVI: Not really. They'll just have to call config sepreately.
23:20 nadeem joined #salt
23:20 PredatorVI okay
23:21 PredatorVI as long as you are okay with that. :)
23:21 VR-Jack twork: which gist did you update?
23:21 twork i'll make a fresh one
23:22 * VR-Jack doesn't use rabbitmq, or it'd have a massive pull request. lol
23:23 twork https://gist.github.com/mjinks/80ec4971c9887fc7629b
23:23 mosen joined #salt
23:23 twork ...i put zones- back to {{ file }}, i can redo that if it'll be educational
23:23 claytron_ joined #salt
23:24 twork i'm kind of following on a leash at this point
23:24 scoates is there a tool to check specifically the same things that jenkins complains about? or: is there a way to get pylint to only show the same stuff that jenkins shows? here: https://jenkins.saltstack.com/job/salt-pr-lint-n/8272/violations/file/salt/modules/boto_route53.py/
23:24 VR-Jack twork: where's the if statement?
23:24 twork VR-Jack: oops, i missed a line. moment.
23:25 PredatorVI VR-Jack, murrdoc:  pull requested
23:25 twork updated. sorry about that.
23:25 VR-Jack twork: remove the quotes around file. You don't want to compare 2 strings
23:26 VR-Jack twork: and the string you are comparing is supposed to match the line above.
23:27 twork Failed:     0
23:27 VR-Jack so either both twork-filenotfound or both mrj-filenotfound
23:27 otter768 joined #salt
23:27 twork that twork/mrj was a mis-paste too; i ran correct code each time
23:27 VR-Jack kk
23:27 twork but, with the quotes removed from around "file", we're in business.
23:28 twork thanks, thanks, thanks
23:28 VR-Jack np. off to dinner.
23:28 twork all green
23:28 twork bon appetite
23:28 twork or something like that
23:30 pm90_ joined #salt
23:37 Steven- joined #salt
23:42 jeddi joined #salt
23:43 zsoftich2 joined #salt
23:44 Ryan_Lane scoates: well, they're declarative to a point :)
23:44 Ryan_Lane scoates: would love for vpc_name to work
23:44 scoates working on it
23:44 scoates just going to steal the code from boto_vpc
23:44 Ryan_Lane when we created these modules we had created our vpc manually
23:44 * scoates nods
23:45 Ryan_Lane other than that the modules are pretty amazing and magical :)
23:45 scoates I would really like to have everything in salt so I can test it in a 2nd AWS account before going live
23:45 Ryan_Lane we have basically everything defined, except for VPC and redshift
23:45 scoates yeah. having R53 in Salt is squashing a long-standing nightmare
23:45 Ryan_Lane we're going to be pushing a datapipeline module in soon
23:45 scoates though I also had to patch/PR boto_route53 (-:
23:46 Ryan_Lane how'd you change route53?
23:46 Ryan_Lane splitdns?
23:46 scoates no; made it retry when hitting the rate limiter
23:46 Ryan_Lane ah. nice
23:46 Ryan_Lane that's another thing all the modules need
23:46 Ryan_Lane retry/backoff
23:47 scoates https://github.com/saltstack/salt/pull/26267
23:47 saltstackbot [#26267]title: Allow (and default to) retries when Route53 changes are throttled by the AWS API | The AWS API for R53/DNS is very [aggressive about rate limiting](http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/DNSLimitations.html):...
23:47 scoates yeah; that code could definitely be more DRY
23:47 scoates would be nice if it was actually built into boto, tbh
23:47 Ryan_Lane +1000
23:47 scoates (not the salt modules, but boto-actual)
23:47 Ryan_Lane all of our new modules are boto3
23:47 duendecat joined #salt
23:47 Ryan_Lane so maybe there's some better support there
23:48 Ryan_Lane oh, the best thing about the datapipeline module we're adding is that we're also adding support to the dynamodb module so that it can automatically create backup jobs :)
23:48 Ryan_Lane and define default backup policies in pillars
23:48 scoates cool; I don't use that… at least not yet (-:
23:49 Ryan_Lane dynamo is amazing
23:49 Ryan_Lane it's one of AWS's best services
23:49 Ryan_Lane that and KMS
23:50 Steven- joined #salt
23:53 markm joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary