Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2015-08-20

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:00 TheoSLC 'salt -a pam' is working
00:02 jmreicha joined #salt
00:05 forrest TheoSLC: Might not be much luck getting an answer, it's almost after work hours in the states.
00:05 forrest Can you see if there is anything in the logs when you make the request?
00:06 dabb joined #salt
00:06 jmreicha_ joined #salt
00:10 pravka joined #salt
00:12 jeddi joined #salt
00:13 jagguli hi
00:13 jagguli can we use @property decorator in salt modules
00:17 freelock joined #salt
00:19 cpowell joined #salt
00:29 Furao joined #salt
00:32 Diaoul joined #salt
00:37 ajw0100_ joined #salt
00:42 jagguli` joined #salt
00:43 dthom91 joined #salt
00:45 dthom91 joined #salt
00:51 yomilk joined #salt
00:51 cliluw joined #salt
00:56 clintberry joined #salt
00:57 jeadr joined #salt
00:57 shaggy_surfer joined #salt
01:05 dyasny joined #salt
01:08 breakingmatter joined #salt
01:13 freelock joined #salt
01:13 aw110f joined #salt
01:19 evilrob joined #salt
01:23 robinsmidsrod joined #salt
01:23 rideh joined #salt
01:24 aw110f joined #salt
01:26 Ztyx joined #salt
01:27 freelock joined #salt
01:27 Ztyx joined #salt
01:28 evle1 joined #salt
01:29 aw110f joined #salt
01:35 evilrob joined #salt
01:38 ajw0100 joined #salt
01:40 dthom91 joined #salt
01:45 TheoSLC left #salt
01:46 evilrob joined #salt
01:49 freelock joined #salt
02:11 favadi joined #salt
02:12 FreeSpencer joined #salt
02:12 FreeSpencer joined #salt
02:13 freelock joined #salt
02:17 rideh joined #salt
02:17 Furao joined #salt
02:19 dthom91 joined #salt
02:21 rideh joined #salt
02:27 zmalone joined #salt
02:29 favadi joined #salt
02:31 Furao joined #salt
02:43 huwenfeng joined #salt
02:45 huwenfeng HI, I want to do something if one ID is changed, how can I do that? Like, If one user's crontab is different with my cron.file, then I want to be notified.  How can I do this?
02:46 evle joined #salt
02:46 freelock joined #salt
02:52 writtenoff joined #salt
02:54 dthom91 joined #salt
03:02 otter768 joined #salt
03:15 Furao joined #salt
03:33 Ztyx joined #salt
03:37 mosen joined #salt
03:46 evilrob joined #salt
03:48 freelock joined #salt
03:52 clintberry joined #salt
03:52 arthoo joined #salt
03:58 breakingmatter joined #salt
04:00 saltycharles joined #salt
04:02 hal58th_ joined #salt
04:20 ramteid joined #salt
04:25 ageorgop joined #salt
04:25 favadi joined #salt
04:41 evilrob joined #salt
04:43 evilrob joined #salt
04:50 cb_ joined #salt
04:58 aqua^c joined #salt
05:01 capricorn_1 joined #salt
05:07 catpiggest joined #salt
05:11 phw joined #salt
05:13 Sourx joined #salt
05:14 Sourx left #salt
05:14 otter768 joined #salt
05:45 freelock joined #salt
05:47 breakingmatter joined #salt
05:52 jeadre joined #salt
05:56 colttt joined #salt
06:00 breakingmatter joined #salt
06:02 freelock joined #salt
06:04 katyucha joined #salt
06:19 malinoff joined #salt
06:22 linjan joined #salt
06:23 lb1a joined #salt
06:30 andrew_v joined #salt
06:31 Ztyx joined #salt
06:45 KermitTheFragger joined #salt
06:45 AndreasLutro joined #salt
06:49 defmikekoh joined #salt
06:52 oravirt joined #salt
06:58 ValF joined #salt
07:10 hojgaard joined #salt
07:14 pppingme joined #salt
07:15 jeadre joined #salt
07:15 otter768 joined #salt
07:19 aw110f joined #salt
07:19 kawa2014 joined #salt
07:21 eseyman joined #salt
07:22 aw110f_ joined #salt
07:22 Grokzen joined #salt
07:30 jhauser joined #salt
07:31 linjan joined #salt
07:36 forrest joined #salt
07:37 fredvd joined #salt
07:38 gcfhvjbkn joined #salt
07:50 breakingmatter joined #salt
07:52 Ztyx joined #salt
07:58 Ztyx joined #salt
07:59 impi joined #salt
08:02 mattiasr joined #salt
08:06 s_kunk joined #salt
08:16 Xevian joined #salt
08:24 TyrfingMjolnir joined #salt
08:24 GreatSnoopy joined #salt
08:40 thefish joined #salt
08:43 jeadre joined #salt
09:00 skoegl joined #salt
09:03 skoegl I have a minion that fails to start; its last log lines indicates something with proxy minions (which shouldn't be configured at all): https://gist.github.com/stefankoegl/6cbc94256e487ae72b84 any ideas?
09:07 skoegl ok, found it: I had a pillar entry named "proxy" which seems to have a specific meaning now, but didn't have in previous versions
09:08 huwenfeng How can I control which returner to use in State sls files?
09:10 huwenfeng Only in the CLI could specify the returnner?
09:16 otter768 joined #salt
09:16 Nazca joined #salt
09:22 AndreasLutro huwenfeng: possibly also in the master config
09:25 slav0nic joined #salt
09:28 TyrfingMjolnir joined #salt
09:34 N-Mi joined #salt
09:39 breakingmatter joined #salt
09:43 viq joined #salt
09:45 Ztyx joined #salt
09:46 aqua^c joined #salt
09:49 Ztyx joined #salt
10:11 stephanbuys joined #salt
10:16 giantlock joined #salt
10:19 KingJ joined #salt
10:25 yomilk joined #salt
10:25 huwenfeng AndreasLutro: Yes, I solved it , write it in the master config.  And I find that It is also avaiable in schedule
10:28 favadi joined #salt
10:46 jhauser joined #salt
10:48 jacksontj joined #salt
10:58 Grokzen joined #salt
11:11 Furao joined #salt
11:11 pravka joined #salt
11:17 otter768 joined #salt
11:28 breakingmatter joined #salt
11:30 breakingmatter joined #salt
11:34 pravka joined #salt
11:38 dthom91 joined #salt
11:41 supersheep joined #salt
11:43 DanyC joined #salt
11:48 orion Hi. Currently, what's the most accepted way to store sensitive binary blobs like TLS keys (et al) in Pillar?
11:54 dopesong joined #salt
11:55 evle1 joined #salt
11:57 babilen orion: You have binary TLS keys?
12:01 orion babilen: Indeed.
12:04 darsh_ joined #salt
12:04 pm90_ joined #salt
12:05 babilen orion: Write your pillar in Python and read the data from a defined place on disk. You *might* want to look into http://docs.saltstack.com/en/stage/ref/pillar/all/salt.pillar.file_tree.html#module-salt.pillar.file_tree, but I strongly dislike that it conflates the data storage layout and minion targeting
12:07 numkem_ joined #salt
12:07 orion babilen: Alright. Is this the best resource for writing pillars?: http://docs.saltstack.com/en/latest/topics/development/external_pillars.html
12:07 orion Or do you know of a better/additional resource?
12:08 pm90__ joined #salt
12:08 babilen orion: Are these pkcs12 certs?
12:09 chupetito joined #salt
12:09 chupetito hi. is 2015.5.4 already available? I am interested in using salt-cloud vmware cloud module.
12:10 amcorreia joined #salt
12:11 babilen orion: I meant: Write a pillar using the #!py renderer. You would, essentially, include a foo.sls in your "normal" pillar with content such as: https://www.refheap.com/108528
12:12 orion babilen: Oh, interesting.
12:13 orion I've never heard of the #!py renderer before.
12:13 babilen Writing an external pillar is certainly another option, but might be overkill for something that easy
12:13 babilen orion: http://docs.saltstack.com/en/stage/ref/renderers/all/index.html
12:14 orion Great, thank you.
12:14 babilen You really don't have to use jinja2 (I consider it a rather suboptimal choice as default renderer), as you can use a number of other renderers that are more appropriate for whatever you are trying to achieve
12:15 * babilen would have preferred mako as it allows you to easily include literal Python blocks that make it infinitely more powerful than jinja2 with its custom_filters (that aren't supported in salt)
12:17 babilen orion: Pillars are, essentially, only Python dictionaries that are being targetted to specific minions. A pillar implemented in Python therefore simply has to ensure that it returns a suitable dictionary and salt calls the "run()" function when the pillar is rendered
12:17 orion babilen: So, in your example, I could create /srv/pillar/foo/init.py, fill it with "#!py ...", but how would I reference it? How would I let Salt know that it's a py file and not a jinja file?
12:18 babilen One thing to keep in mind is that salt monkey patches quite a lot (in particular __grains__ aren't available in module scope) so you have to make sure to put all references to "dunder dictionaries" (cf. http://docs.saltstack.com/en/latest/topics/development/dunder_dictionaries.html) in a function
12:19 babilen No, /srv/pillar/foo.sls (or /srv/pillar/foo/init.sls) .. they are all SLS files, but they specify the renderer that salt uses in the shebang.
12:19 numkem joined #salt
12:20 babilen This is slightly confusing because salt uses "#!jinja|yaml" by default and nobody thought that it would be a good idea to make it mandatory to explicitly specify it in *every* SLS file. This makes it much harder to change the default renderer unfortunately
12:26 jagguli`` joined #salt
12:27 tmclaugh[work] joined #salt
12:29 pravka joined #salt
12:29 Ztyx1 joined #salt
12:34 XenophonF babilen: do you have experience writing reactors in something other than jinja|yaml?
12:35 XenophonF babilen: i'm struggling to understand how to write them in python
12:39 zacdev joined #salt
12:40 supersheep joined #salt
12:41 babilen XenophonF: No, if I need anything fancy in my reactors I implement it in the corresponding execution module (so far at least)
12:41 babilen But then: Shouldn't that be quite the same thing as with states?
12:44 eSgr joined #salt
12:44 orion babilen: Ah, I never realized that there was an implicit hashbang.
12:44 orion This is very good information, thank you.
12:45 dthom91 joined #salt
12:45 babilen orion: You are most welcome, enjoy!
12:46 impi joined #salt
12:47 thefish hi all - I'm trying to override stuff in pillar for credentials. What I'm looking for is to include a "defaults" pillar in each pillar, and reference the values here
12:47 XenophonF babilen: do you have an example you'd be willing to share?
12:48 XenophonF i discovered last night that one problem i'm having is that the wsgi version of salt-api can't talk to the salt master
12:48 thefish but i cant seem to "re-use" these keys in pllars, does that make sense? I can insert them at a key in the "including" pillar, but i want to reference them in the including template
12:48 XenophonF i suspect a file system permissions problem on the unix domain sockets salt-api and salt-master use, but i haven't had a change to troubleshoot it
12:49 XenophonF but then, once i'm delivering events (via webhook) to the salt event bus, it still isn't clear what a reactor formula in python is supposed to return
12:50 babilen XenophonF: Example of what exactly?
12:50 XenophonF i think it has to be a dictionary, like what you'd see in show_sls, but i haven't found anything definitive in the docs
12:50 XenophonF an example of a reactor formula calling a custom execution module on the master
12:52 jhauser joined #salt
12:52 babilen You never call it on the master, but on a minion that runs on the master .. and it would simply look like: https://www.refheap.com/108529
12:52 rideh joined #salt
12:53 babilen XenophonF: That is an example I use in a reactor-driven CA setup in which the master coordinates creation of certificates on a CA minion that send the new certs back to the master (in the event's data dict) and this is the particular code that returns the certs to the minion that requested it
12:54 XenophonF wow that's awesome
13:02 XenophonF so babilen, does a minion that wants a certificate fire off an event, which triggers signing on the CA?
13:06 BradThurber joined #salt
13:09 mage_ do you handle database migrations with Salt ?
13:09 hasues joined #salt
13:09 hasues left #salt
13:10 cpowell joined #salt
13:12 perfectsine joined #salt
13:12 impi joined #salt
13:15 teryx510 joined #salt
13:17 DanyC babilen: interesting idea won the reactor-driven CA cause i could use that on the ossec installation ... are you able to share the reactor cfg part from the point raised by XenophonF ? thx a lot
13:18 otter768 joined #salt
13:18 dyasny joined #salt
13:19 dyasny joined #salt
13:20 aqua^c joined #salt
13:22 jalbretsen joined #salt
13:22 DammitJim joined #salt
13:22 bhosmer joined #salt
13:24 jdesilet joined #salt
13:37 pdayton joined #salt
13:40 babilen XenophonF: yeah, it sends a request_certificate event that then triggers execution module calls on the CA minion (that either sends an existing cert or generates a new one)
13:41 babilen DanyC: I plan to open source it soon™
13:41 DanyC babilen: much THANKS !
13:41 babilen Which reactor config part are you referring to exactly?
13:42 bhosmer joined #salt
13:43 DanyC on the master side you do have a reactor.conf i guess and maybe you are using the orchestration which does trigger the module (as you said ) ...i'm referring to the first part
13:43 zmalone joined #salt
13:46 tercenya joined #salt
13:46 _JZ_ joined #salt
13:47 Ztyx1 joined #salt
13:49 Akhter joined #salt
13:51 teryx510 joined #salt
13:53 Aidin joined #salt
13:55 babilen DanyC: https://www.refheap.com/108535 might give you an idea. The _cert_event is called for actually sending the information back to the master (the "cert" argument to event.fire_master) and is being fed by the functions that generate/read the certificates. I will have to remove the assumption that there is a single certificate for each minion right now (I hardcode 'server' to grains['fqdn'] which is all we
13:56 babilen need in that particular setup, but is too ...
13:56 babilen ... specific to be used in general)
13:58 DanyC babilen: interesting idea indeed .. thx again 1
14:00 andrew_v joined #salt
14:02 Akhter joined #salt
14:03 dthom91 joined #salt
14:04 cpowell joined #salt
14:05 cpowell joined #salt
14:06 Akhter joined #salt
14:06 mpanetta joined #salt
14:06 cpowell joined #salt
14:07 mpanetta joined #salt
14:10 evilrob joined #salt
14:16 yaryarrr joined #salt
14:19 mapu joined #salt
14:21 breakingmatter joined #salt
14:26 rawkode joined #salt
14:27 domel joined #salt
14:33 dthom91 joined #salt
14:35 dthom91 joined #salt
14:39 johnkeates joined #salt
14:40 bhosmer joined #salt
14:40 johnkeates left #salt
14:41 DammitJim OK, So I am trying to get organized
14:41 DammitJim how do you guys think I should organize my states?
14:41 DammitJim like I have created 5 states where one depends on the other
14:42 DammitJim the question is... each state does 5 very similar things for 5 different instances of a configuration
14:42 DammitJim I was wondering if I should change this and just have a state for each instance instead
14:45 arthoo joined #salt
14:45 dthom91 joined #salt
14:46 scurry Are all 5 interconnected, or does one state just do a baseline and the other states layer a configuration on top of the baseline?
14:46 DammitJim scurry, to be more specific... I create new tomcat instances
14:47 DammitJim there is a tomcat script that creates the instance (all these directories with symbolic links to the original tomcat
14:47 DammitJim so, one state calls that "create instance" 5 times
14:47 DammitJim then the next state copies the appropriate configuration files (using templates) to the 5 instances
14:48 DammitJim I didn't know if I should maybe have 1 state that just does: create instance1, do symbolic links for instance1, copy config files for instnace1, etc.
14:48 DammitJim then have another state that does instance2
14:49 scurry If I were going to do that, I would create 5 sls files (one for each instance) that does all of the setup for that instance (like instanceone.sls, instancetwo.sls)
14:49 DammitJim thanks for your input
14:49 scurry And then include all of those in init.sls so you only have to apply one state to the node
14:50 scurry One sls that is.
14:50 DammitJim right
14:50 DammitJim ok
14:50 scurry Actually, I lied, could you use something like http://docs.saltstack.com/en/latest/topics/tutorials/states_pt3.html for it?
14:51 timoguin joined #salt
14:51 DammitJim let me read that. Thanks!
14:51 DammitJim at least I have this server figured out
14:52 scurry Sigh, I read things like that and miss Salt.
14:52 DammitJim what do you mean?
14:52 scurry Where I'm working now uses Puppet, I just miss some of the simple beauty of things like that in Salt.
14:53 DammitJim but Puppet is still pretty good, though, right?
14:54 scurry I've found it's mostly about personal preference.  There aren't really a lot of things you can't do in either one, just some things that are easier in one or the other.
14:54 DammitJim yup
14:54 Brew joined #salt
14:55 iggy I've found that if you're familiar with python, a lot of salt makes a lot more sense than if you don't
14:55 DammitJim si
14:55 DammitJim iggy, what are your thoughts on my project?
14:56 Ztyx1 left #salt
14:56 iggy I wish you the best of luck
14:56 DammitJim lmao
14:59 pravka joined #salt
15:00 evilrob_ joined #salt
15:01 stevednd does anyone have any tips for managing redis/redis-sentinel configs. The way redis and sentinel work is through rewriting their config files. So if I go through and highstate the machine I will blow away the sentinel config
15:04 zsoftich3 joined #salt
15:05 evilrob_ joined #salt
15:05 dthom91 joined #salt
15:06 bhosmer joined #salt
15:09 evilrob_ joined #salt
15:10 Akhter joined #salt
15:17 rawkode joined #salt
15:18 rawkode joined #salt
15:19 otter768 joined #salt
15:19 Akhter joined #salt
15:20 dthom91 joined #salt
15:21 sdm24 joined #salt
15:22 CeBe joined #salt
15:27 viq joined #salt
15:37 zmalone Does anyone know of a newer version of this issue? https://github.com/saltstack/salt/issues/9984
15:37 saltstackbot [#9984]title: pkg.remove fails when package is removed (debian) | I just tried to write a simple state:...
15:37 zmalone It is still a problem, but the issue reporter gave up on it.
15:38 zmalone (salt 2015.5.3 (Lithium) on Ubuntu 14.04.3)
15:38 sdm24 joined #salt
15:39 whytewolf zmalone: there is a bug listed that is the updated one https://github.com/saltstack/salt/issues/22356
15:39 saltstackbot [#22356]title: Status pkg.removed fails on Ubuntu 14.04 | Hi,...
15:40 zmalone Thanks, I missed that one.
15:42 saltman joined #salt
15:42 saltman I have a state with the next lines:
15:42 saltman windows.repository.refresh:   winrepo.genrepo
15:43 saltman and it gives me the next error: State 'winrepo.genrepo' was not found in SLS 'salt-master.num1'
15:43 saltman What can be the reason? I have winrepo in the python lib
15:44 giantlock joined #salt
15:46 bones050 joined #salt
15:49 whytewolf saltman, this is going to sound stupid but if i hadn't read the code would never have spotted it. you have to have a role of salt-master in grains on the salt master for that state to work [and it only works on the salt master]
15:49 whytewolf https://github.com/saltstack/salt/blob/develop/salt/states/winrepo.py#L28-L30
15:49 rdutch joined #salt
15:51 orion Assuming that no config management actions are taking place (all the minions are idle), if the salt master goes down, nothing catastrophic will happen, right?
15:52 saltman whytewolf: Thanks a lot.. this was the problen
15:52 whytewolf orion: for most of it even if they are going on salt-master going down isn't catastrophic
15:53 rdutch orion: if nothing is going on, it should be ok
15:53 anotherZero joined #salt
15:53 orion Great! Thanks. :)
15:53 Yaroslav joined #salt
15:54 AndreasLutro joined #salt
15:55 tomspur joined #salt
15:56 SheetiS joined #salt
15:58 bhosmer joined #salt
15:58 SheetiS joined #salt
16:03 bones050 joined #salt
16:05 lothiraldan joined #salt
16:05 Ztyx joined #salt
16:06 dthom91 joined #salt
16:06 Ztyx joined #salt
16:08 Lionel_Debroux joined #salt
16:12 pm90_ joined #salt
16:15 quasiben joined #salt
16:20 lothiraldan joined #salt
16:21 JasonSwindle joined #salt
16:22 Bryson joined #salt
16:22 PredatorVI joined #salt
16:24 JasonSwindle @basepi Howdy.
16:24 basepi JasonSwindle: Hello
16:25 JasonSwindle @basepi Is RAET the default in the next salt? Trying to install Salt into Alpine linux, and it is not going smoothly.
16:26 basepi No. The biggest change is that we dep on tornado
16:26 basepi But ZMQ is still the default transport
16:26 JasonSwindle tornado, that is new.
16:26 basepi Yes. It's also not available for all distros so we're working on having packages available when 2015.8.0 comes out
16:26 kawa2014 joined #salt
16:27 basepi But `pip install tornado` works pretty well, if you're willing to use pip
16:27 JasonSwindle Sadly, the current salt package for alpine is way out-of-date. http://pkgs.alpinelinux.org/package/testing/x86_64/salt
16:27 thekabal joined #salt
16:28 JasonSwindle and my compile of a few packages when PIP installing salt fails
16:28 basepi I haven't the foggiest idea who even packaged that. I don't recall anyone doing it for alpine
16:28 Gareth morning morning
16:28 basepi morning
16:28 JasonSwindle Gareth: howdy
16:29 thekabal if I do salt ‘hostname’ grains.items ip4_interfaces, I get a list of multiple interfaces. One of them (bond0) has the value I want to get to. How do I reference that? salt ‘hostname’ grains.items ip4_interfaces:bond0 ? _bond0? I can’t seem to guess the magic :)
16:29 DanyC basepi: suggestion - wouldn't be easier for everyone if Salt will come with a "local" pip repo which package all python depends modules so everyone can grab it, dump it on their servers and do pip install ? the only care will be the python compatibility but that is easier than what it is now
16:29 JasonSwindle basepi: yeah, so my build of the package is going badly for Alpine.
16:29 bhosmer_ joined #salt
16:29 thekabal Ugh, it was colon. Ha. Nevermind. Thanks.
16:31 basepi DanyC: Most people do not like pip, so we're going the distro-specific package route. Plus python includes non-python deps, which are harder.
16:31 basepi JasonSwindle: =\
16:31 Gareth JasonSwindle: how goes?
16:31 yaryarrr joined #salt
16:31 JasonSwindle Gareth: it goes great. Super busy lately, now living in SEA.
16:32 Gareth JasonSwindle: Nice.
16:32 JasonSwindle basepi: musl in Apline Linux is being a pain.
16:32 basepi I'm of limited usefulness, no experience with Alpine or musl
16:33 JasonSwindle Ditto
16:34 JasonSwindle I am trying to make a SUPER small docker master/minion/syndic
16:34 JasonSwindle I *HATE* how over-weight ubuntu docker image is
16:34 JasonSwindle and Debian is better, but still too large.
16:34 JasonSwindle and the python docker is just silly. Nearly 800MB.
16:34 DanyC basepi: fair enough ... currently is a nightmare cause for CentOS familly you get salt from epel but the ZMQ 4.0.4 you get it from CORS, but nwo withc tornado and urllib3 you might need it to get it from somewhere else ... It is not a critique on SaltStack btw as you also depends on other distro maintainers
16:34 iggy tiny core?
16:35 iggy although I think it's also got a "weird" libc
16:35 JasonSwindle iggy: Not tried it yet. May give it a try tonight.
16:35 basepi DanyC: from what I understand, our goal is to host *all* deps on our own repos. Everything but maybe Python, not sure on that one.
16:36 basepi So it will be sourced from a single location
16:36 iggy this should end well
16:36 DanyC basepi: sure, sounds good... looking forward
16:36 Sypher joined #salt
16:36 Sypher joined #salt
16:36 basepi iggy: quiet you!
16:37 iggy I mean... goooooo team!
16:37 basepi I'm completely not involved in that process, so I'm also skeptical as to how well it will work initially. But utahdave is overseeing it, so we'll see.
16:37 robawt heh
16:37 basepi It's just a *lot* of packages
16:37 basepi For a *lot* of distros
16:37 linjan joined #salt
16:38 robawt why not lean on a project like IUS for python basepi?
16:38 robawt also, hi basepi :)
16:38 * basepi googles IUS
16:38 basepi robawt: hi! =)
16:38 basepi Ah, interesting!
16:38 basepi I'll have to pass that along.
16:39 basepi Ah, it's py3.4
16:39 basepi Which we don't support (yet)
16:39 robawt IUS does 2.7 and 3.x
16:39 basepi Ah, I was just glancing over here https://iuscommunity.org/pages/About.html and saw 3.4
16:39 robawt specifically for redhat/centos types so it may be limited, but maybe y'all can atleast reach out and share
16:40 * basepi nods
16:40 zer0def joined #salt
16:41 TyrfingMjolnir joined #salt
16:41 basepi Sounds like we're not packaging python for any major distributions
16:41 basepi Just some old EOL'd distros that we only support with an enterprise contract.
16:42 AndreasLutro can someone elaborate on the reluctance to use pip to install salt?
16:43 quasiben joined #salt
16:44 katyucha joined #salt
16:44 zerthimon joined #salt
16:44 zerthimon So, how do you guys add a dict type value to a grain from state ?
16:45 iggy AndreasLutro: it's not apt/yum/emerge/etc
16:47 breakingmatter joined #salt
16:47 thekabal joined #salt
16:48 thekabal When I use set local_ip = grains[‘ip4_interfaces’].bond0, and then {{ local_ip }}, it comes out like [‘127.0.0.1’], instead of 127.0.0.1. How can I get that result instead?
16:49 revellion joined #salt
16:50 dyasny joined #salt
16:51 kawa2014 joined #salt
16:52 murrdoc joined #salt
16:52 tmclaugh[work] joined #salt
16:52 David_B55 Is there any way of setting it so an email is sent on any file changes? I've looked at the onchange and pagerduty sections but can't seem to find a way of applying it to every state that doesn't require me to manually add it each time
16:55 iggy thekabal: grains.ip4_interfaces.bond0.0 (it's a list, just grab the first item)
16:55 * thekabal hugs iggy
16:55 iggy David_B55: that gets asked frequently, there's not really a built-in way... you can rig something with the reactor and returners
16:55 thekabal Many thanks, Sir!
16:56 iggy thekabal: alternatively (useful for other instances where it's not necessarily a list) {{ grains.ip4_interfaces.bond0 | first }}
16:56 aqua^c joined #salt
16:56 David_B55 ahh right, I'll have a bit of a dig in that then. Thanks for the pointer
16:56 writtenoff joined #salt
16:57 troyready joined #salt
16:57 iggy David_B55: someone in here was working on that recently and had a fairly fleshed out example in a gist
16:57 iggy might want to check the channel logs
17:00 DanyC left #salt
17:01 pm90_ joined #salt
17:03 KyleG joined #salt
17:03 KyleG joined #salt
17:04 David_B55 iggy: right i'll have a look for that too.
17:04 pm90__ joined #salt
17:04 JasonSwindle basepi: May of found something tht gives hope to Alpine.   No update yet.
17:05 aparsons joined #salt
17:06 rideh joined #salt
17:07 Ztyx joined #salt
17:09 bhosmer joined #salt
17:13 forrest joined #salt
17:14 tmclaugh[work] joined #salt
17:16 pcn Does anyone out there who uses emacs have yasnippets for salt state files?
17:17 stephanbuys joined #salt
17:20 theologian joined #salt
17:20 otter768 joined #salt
17:23 twork i have: a pillar of a long list of user accounts (jos: \n this: that \n the: other), and a long list of user:password pairs. i've been trying for a day and a half to figure a way to step through both lists and merge each pillar item's 'password: ' element into the output from each account's "salt 'foo*' shadow.gen_password".
17:23 jodv joined #salt
17:23 iggy just lookup the password separately
17:24 iggy {{ salt['pillar.get']('passwords:' ~ user ~ ':password') }}
17:24 iggy or whatever
17:26 bhosmer joined #salt
17:27 Ztyx joined #salt
17:27 jodv does anyone know why there are two minion config options "master_shuffle" and "random_master" that do essentially the same thing?  master_shuffle is used in Minion.eval_master and random_master is used in SMinion and some RAET specific code
17:27 twork iggy: i'm not sure i follow you... the account listings in the pillar don't have passwords currently. their 'password:' entries all have the same bogus placeholder.
17:28 iggy twork: I was just saying... no need to merge, just look the password up separately
17:28 twork what i want is, for each account, change 'password: crap' into 'password: [hash output of shadow.gen_password"
17:29 Myra joined #salt
17:29 twork iggy: that's kind of what i'm doing
17:29 dingo maybe write some pseudo-code of what you're asking for
17:30 dingo then you try to make it work, typically
17:30 dingo python helps with that
17:30 twork dingo: yeah, i'll do that. i've been shelling up something for the past day and a half and i keep hitting roadblocks specific to my weird situation.
17:30 dingo its the tooling that'll get ya
17:30 dingo salt, and its inner python-rendered yaml jinja code is among the 'get yas'
17:30 dingo good luck buddy
17:31 zerthimon has anyone found a way to set a grain with a dict value ?
17:31 twork dingo: yeah. i know. but my python is weak, and i was hoping to get something cobbled up quickly; i think in shell.
17:31 iggy oh... you want the password file combined into the pillar file
17:31 iggy (with a transform)
17:31 twork iggy: yeah
17:31 iggy do you need it that way for a specific reason?
17:32 dingo i've seen people do that, write 100 line shell scripts of anti-state-logic and protection guards, and run that in salt ...
17:32 dingo i just use a secret.sls that contains secrets
17:32 dingo so everything is pillar['secret']['stuff']
17:32 dingo and then there are many techniques to guard such secret pillars
17:33 dingo colleuges have used salt's ability to gpg decrypt files
17:33 dingo theres a gpg module i think
17:33 twork iggy: yeah. i've been presented with a server, with a lot of existing accounts, that don't have passwords set. the account names are goony, and don't necessarily exactly match their home directory names. goal is, for each account, set the password then present the user with the password.
17:34 dingo shucks thats easy, pipe pwgen to a hasher
17:34 dingo then just yaml declare all their password hashes
17:34 pdayton joined #salt
17:34 dingo if you need to apply different hashes on different systems, have joe's key contain hash_kind_1: and hash_kind_2:
17:34 twork i figured there was an easy way, or many
17:35 dingo the easiest way is generally whichever you try first
17:35 dingo cause its done the soonest, haha
17:35 dingo i would just modify the system to allow the old hashes
17:35 dingo migrate their hashes, then start a password reset policy, if you care to
17:36 dingo i've done that for ftp sites and other miscellania a few times
17:36 eichiro joined #salt
17:36 shaggy_surfer joined #salt
17:36 dingo whatever is easiest for you
17:36 twork dingo: there aren't any old hashes, their accounts are blank. and "reset policy" is beyond my reach. :(
17:37 dingo oh i'm confusing you with somebody yesterday who was confused on the same topic, because he didn't want to store system-specific hashes
17:37 shaggy_surfer joined #salt
17:37 dingo i'll leave you all to your idle ways
17:38 pdayton joined #salt
17:38 PredatorVI My state.orchestration seems to take a while and wondered if maybe it isn't doing things in parallel.  Currently it does test.ping against the three minions to verify they are up, then installs minion1 (primary rabbitmq node) then minion2 and minion3 (2 and 3 could be done in parallel).  Would salt.orch do those in parallel?
17:39 whytewolf orchestration does not do things in parallel, that is kind of the point of it.
17:40 twork just the hint to 'pwgin' was worth bringing my woes here. i knew there must be something...
17:40 whytewolf it is for when you need to make sure things are run in order between servers
17:41 twork ...eh, of course i already had salt making hashes for me, but my salt chops are still so raw i wasn't clued in to how to make this a column. i think i'm off and running. thanks guys.
17:42 bhosmer joined #salt
17:42 twork ...oh, pwgen doesnt make hashes it makes passwords humans can remember? crap, that's actually *counter* to the rules i've been given. i know, i know...
17:43 rdutch left #salt
17:43 twork back to using salt. whatever, the column idea was the clue i needed.  i think.
17:44 toastedpenguin joined #salt
17:45 pravka joined #salt
17:46 PredatorVI whytewolf:  even if multiple minions are targeted in a single 'salt.function' directive?
17:47 baweaver joined #salt
17:47 bharper basepi robawt I work on the IUS project and we use salt
17:47 bharper let me know if yall got questions
17:48 whytewolf PredatorVI: okay in that case they should be run in parallel
17:48 PredatorVI ok
17:50 PredatorVI whytewolf:  Would you know how I would detect if an orchestration failed (for scripting purposes)?  It always seems to return '0'
17:50 pravka joined #salt
17:50 iggy PredatorVI: yeah, sounds like they should run in parallel, but you could always gist your orch file to be sure
17:51 PredatorVI Gist:  https://gist.github.com/PredatorVI/da49430e6df2a46c8f4f
17:51 BlackJackAc3 joined #salt
17:52 mapu joined #salt
17:55 PredatorVI And it's run with `salt-run state.orchestrate myorchestration pillar='{"regex_primary": "myapp-acc01*", "regex_secondary": "myapp-acc0[2-3]*"}'`
17:55 rideh joined #salt
17:55 pdayton joined #salt
17:57 iggy did you need those require's to fix something?
17:57 PredatorVI iggy:  for my brain
17:57 PredatorVI I can remove them
17:57 iggy strictly speaking they shouldn't be necessary, but I doubt they are causing your problem
17:58 PredatorVI I'll remove them
17:58 iggy can you run the runner with -l debug to see if it's actually stopping and waiting for each of the secondaries?
17:59 PredatorVI running now....
18:00 PredatorVI sidenote - is it better practice to paste output as a comment to the original gist or create a whole new gist?
18:01 iggy You can update gists and add files to them
18:02 iggy down toward the bottom left, "Add file"
18:04 CheKoLyN joined #salt
18:06 hasues joined #salt
18:06 dthom91 joined #salt
18:07 rm_jorge joined #salt
18:08 PredatorVI iggy: I added the raw output.  Some names are a bit different because I scrubbed the original gist and cmd to be more generic.
18:08 PredatorVI https://gist.github.com/PredatorVI/da49430e6df2a46c8f4f#file-raw-output
18:09 pravka joined #salt
18:10 PredatorVI If you could help me understand the ordering...it seems to have run all the steps even though test.ping would have failed for the 3rd node (salt-minion was stopped).
18:10 PredatorVI But I don't see where it actually tried the ping for node 3
18:11 murrdoc so the apache formula is complicated
18:11 murrdoc imho
18:12 Ztyx Hi, could anyone clarify if 2015.5.4 officially is released?
18:12 Ztyx (I see the GIT tag, but not sure that means it's released or not)
18:13 murrdoc its brok e
18:13 Ztyx broken?
18:15 zmalone How does docs.saltstack.com get generated?  I've got a correction for it, and it seems to closely match the docs in the salt github repo, but it diverges for this one issue.
18:15 murrdoc https://github.com/saltstack/salt/releases/tag/v2015.5.4
18:15 murrdoc Note: A major performance regression was discovered in this release as documented in https://github.com/saltstack/salt/issues/26301and https://github.com/saltstack/salt/issues/26366. The fix for this has been submitted in https://github.com/saltstack/salt/pull/26443. Please use https://github.com/saltstack/salt/releases/tag/v2015.5.3 until https://github.com/saltstack/salt/releases/tag/v2015.5.5 is released.
18:15 saltstackbot [#26443]title: Fix connect issue in event init | Fix issue with 100% CPU. Refs #26366 and #26301....
18:15 Ztyx murrdoc: ah, thanks!
18:16 zmalone (there's an extra "-homedir" in http://docs.saltstack.com/en/latest/ref/renderers/all/salt.renderers.gpg.html for "To generate a cipher from a secret:")
18:18 dthom91 joined #salt
18:18 baweaver joined #salt
18:18 iggy PredatorVI: I don't see the highstate running on 03 there... look for the start time of those "Function state.highstate ran on dbarmor-acc0" sections
18:18 murrdoc zmalone:  https://github.com/saltstack/salt/blob/develop/salt/renderers/gpg.py#L25
18:18 murrdoc fork/edit/pull
18:19 Ztyx murrdoc: Follow-up: Looks like the fix has been merged. Can the progress of release be tracked somewhere?
18:19 zmalone Yeah, I found it had been updated there, but that docs.saltstack.com didn't match it
18:19 zmalone And it doesn't look like a recent change in the git history on that file
18:19 zmalone https://github.com/saltstack/salt/blob/develop/salt/renderers/gpg.py#L54 is right
18:20 zmalone http://docs.saltstack.com/en/latest/ref/renderers/all/salt.renderers.gpg.html has extra stuff
18:20 zmalone L25 is correct in the file though
18:20 itsamenathan joined #salt
18:21 pcdummy joined #salt
18:21 PredatorVI iggy:  I am hoping that if the test.ping fails on one of the nodes, it won't try to do any of the highstate calls.  However, I don't know why it doesn't show the acc03 node in the test.ping attempt.  I'm very confused.
18:22 Akhter joined #salt
18:23 hasues left #salt
18:24 bones050 joined #salt
18:24 iggy zmalone: the "latest" docs are based off of code in the 2015.5 branch (vs the develop git file you are looking at)
18:26 zmalone got it, thanks
18:26 zmalone There's 15.8, and develop, so it was unclear what the latest latest is.
18:29 rdutch joined #salt
18:33 gcfhvjbkn joined #salt
18:34 CeBe1 joined #salt
18:35 twork here's a question, mostly academic: i plan on making a column of literal user/password elements. but if instead of the password i had a call out to shadow.gen_password [something], would it generate a fesh hash every time it's called? or does salt keep track from last time and only make a new one if something has changed?
18:36 forrest fresh hash
18:36 forrest twork: Can you use ssh keys instead?
18:37 twork forrest: nope
18:37 bluenemo joined #salt
18:37 forrest laaaame
18:37 twork forrest: yes
18:38 CeBe1 joined #salt
18:38 forrest Just do it anyways and tell people to generate ssh keys, be like 'welcome to 5 years ago!'
18:38 gcfhvjbkn joined #salt
18:38 twork forrest: sing along with me: "oh the clients are all ISP's, doo-dah, doo-dah..."
18:38 theologian joined #salt
18:38 forrest lol
18:38 forrest twork: Oh no wonder then, ISPs are awful, had to deal with them at an old gig and the antiquity of their systems is insane
18:38 forrest Gotta line those CEO pockets, can't upgrade our tooling!
18:39 eagles0513875 joined #salt
18:39 twork forrest: they're as bad as banks. it wasn't always this way...
18:40 cachedout joined #salt
18:40 forrest twork: Right, when the tech was new when they bought it 20 years ago ;)
18:40 twork forrest: exactly
18:40 CeBe1 joined #salt
18:40 twork forrest: and before all the people who set it up got laid off or otherwise split
18:41 whytewolf as someone who is currently working for a bank. we actually are using a lot of newer technology.
18:41 twork forrest: ...and became my bosses, for example
18:41 theologian joined #salt
18:41 twork whytewolf: yeah, i know it isn't universal
18:42 whytewolf :P
18:42 davisj joined #salt
18:42 CeBe1 joined #salt
18:42 twork whytewolf: ...were they forced to?
18:42 whytewolf actually no. but they did tie enough red tape around it to make most of the reasons to use it useless
18:43 twork whytewolf: well there we go.
18:43 hal58th joined #salt
18:45 mattiasr joined #salt
18:46 dthom91 joined #salt
18:48 davisj Found this bit-o-research interesting http://mtov.github.io/Truck-Factor/
18:48 davisj TF = 2: ansible,  TF = 4: chef,  TF = 6: puppet,  TF = 9: saltstack!
18:49 iggy so 9 Salt devs would have to be run over?
18:49 iggy watchout basepi
18:51 CheKoLyN joined #salt
18:52 GreatSnoopy joined #salt
18:53 * twork fires up a big rig, goes looking for WordPress
18:55 dlloyd would un-maintained wp be any better
18:58 supersheep joined #salt
19:05 kwork joined #salt
19:05 andrew_v joined #salt
19:08 NightMonkey joined #salt
19:08 jeffspeff joined #salt
19:08 DammitJim joined #salt
19:10 bhosmer joined #salt
19:11 twork dlloyd: a fair point, but the web is a big place and i am but one twork. gotta start somewhere.
19:12 _pravka_ joined #salt
19:12 shaggy_surfer joined #salt
19:14 s_kunk joined #salt
19:14 thayne joined #salt
19:14 shantanoo joined #salt
19:15 zmalone joined #salt
19:16 shantanoo hi, all. i want to download a file and untar it after downloading it. for that archive.extracted can be used. but it requires 'source_hash'. if i don't have the source hash, is it possible to download the file?
19:17 manfred shantanoo: you would need to prepopulate that with the source_hash you expect
19:17 iggy i.e. if it's a tarball that changes frequently, don't use archive.extracted
19:17 manfred ^^
19:17 manfred or keep download the tarball, and use salt:// and archive.extracted
19:18 shantanoo manfred: aah. ok.
19:18 shantanoo i wanted to download dynamodb and run it locally.
19:22 basepi iggy: please don't run me over.
19:22 pdayton joined #salt
19:23 murrdoc basepi:  what number would u say it is
19:23 basepi murrdoc: what number would I say what is?
19:23 dthom91 joined #salt
19:23 danlsgiga joined #salt
19:23 murrdoc sorry, what number would you say you are
19:23 murrdoc out of the TF=9
19:23 murrdoc for saltstack
19:23 murrdoc when should we send the car over for you
19:23 murrdoc is my question
19:23 murrdoc :)
19:24 iggy a large truck hitting their office could conceivably take out a good number of them
19:24 basepi I don't know. I think I'm up there....top would probably be tom, utahdave, techhat, whiteinge, me, cachedout, s0undt3ch -- in no particular order
19:24 danlsgiga hi everybody... I'm trying to use the mine.send function inside a sls, it does work for normal functions but I can't make it work for aliases...
19:24 iggy or drive a truck through the next saltconf
19:24 basepi except tom would be the worst to lose I think. =)
19:25 murrdoc yeah
19:25 murrdoc :)
19:25 iggy notice he didn't say anything about marketing or sales
19:25 murrdoc i bet he wants to lose them
19:25 iggy he's got a beef with the dev team
19:25 danlsgiga salt['mine.send']('network.get_hostname') - WORKS
19:25 murrdoc so he can go back to doing fun stuff instead of marketing stuff
19:25 basepi We can train new marketing and sales people, truck factor is not company-sinking, but rather project-sinking.
19:25 manfred basepi: i thought I would have a higher truck factor, but I guess I have only just added to other files
19:25 eriko_ joined #salt
19:25 baweaver joined #salt
19:26 danlsgiga salt['mine.send']('my_hostname', 'mine_function=network.get_hostname') - DOES NOT WORK
19:26 manfred also, i haven't done much in until recently, for about a year
19:26 iggy I added whole modules!
19:26 basepi Oh, there are a lot of people in the community who I would have to lose.
19:26 basepi hate* to lose
19:26 basepi hahaha
19:26 supersheep joined #salt
19:26 basepi freudian slip
19:26 iggy (that were mostly just c&p/sed of other modules)
19:26 qybl_ joined #salt
19:26 iggy lol,
19:27 manfred basepi: also, I am back, I have been out of support for 3 weeks, writting my first customer facing api right now, and our code is all deployed with salt, so I have been writing stuff for our deployments :)
19:27 manfred yay
19:27 manfred haven't done support tickets or chat for 3 weeks now <3
19:27 Edgan_ joined #salt
19:28 kuromagi joined #salt
19:30 basepi WOOOOOO
19:30 basepi congrats
19:30 madduck joined #salt
19:30 basepi support is the worst. /me glares at issue tracker and salt-users
19:30 manfred heh
19:31 cwyse joined #salt
19:31 hillna joined #salt
19:32 zipkid joined #salt
19:33 EWDurbin joined #salt
19:33 twork ...aaaand the password hash column i spent all night trying to shell up is done in, what, half an hour. thanks guys.
19:33 bones050 joined #salt
19:33 wiqd joined #salt
19:33 dustywusty joined #salt
19:34 zer0def joined #salt
19:35 Twiglet joined #salt
19:35 mattl joined #salt
19:35 impi joined #salt
19:36 DanyC joined #salt
19:36 dingo I'm seeking more exciting work, and I've really enjoyed working with salt, if anyone is looking for talent let me know :) https://jeffquast.com/pages/resume/
19:36 baweaver joined #salt
19:36 shantanoo joined #salt
19:36 shantanoo joined #salt
19:37 mikepea joined #salt
19:37 quasiben joined #salt
19:38 zer0def joined #salt
19:40 forrest dingo: Best of luck, finding a salt gig has been difficult
19:41 iggy especially if you have Seattle cost-of-living
19:41 * iggy runs
19:41 twork fwiw, my present gig (new in march) was "we need to automate, salt looks good, you've done automation stuff... rev us up?"
19:42 forrest iggy: Even if I lived in some awful cheap place, I still would have the same issue now
19:42 iggy I still have pics of the job white board from saltconf
19:42 kaiyou joined #salt
19:42 twork so "salt gigs" may be tough, but "automation gigs" are getting more common it seems, even if they think tht what they want is puppet
19:42 xenoxaos joined #salt
19:42 PrincessZoey_ joined #salt
19:43 mfournier joined #salt
19:43 iggy 1. put devops on your linkedin/monster/dice/etc
19:43 iggy 2. sit back and let the recruiters flock to you
19:43 twork +1
19:43 iggy 3. hate life
19:43 yota joined #salt
19:43 iggy 4. maybe profit
19:43 twork +1
19:43 twork (the recruiters)
19:43 DanyC joined #salt
19:43 aarontc joined #salt
19:44 twork filter hard, be patient...
19:44 whytewolf sadly thats how i got to be the openstack guy. did a couple of things with openstack and then boom call after call about openstack
19:44 murrdoc why u quitting dingo
19:45 gchao joined #salt
19:46 linjan_ joined #salt
19:47 dthom91 joined #salt
19:50 zer0def joined #salt
19:50 ahammond dingo where are you located?
19:50 Laogeodritt joined #salt
19:54 DammitJim joined #salt
20:01 mihait joined #salt
20:03 DanyC all, on a slighty different topic, for the reST files are you guys using any good tools - like Mou or MacDown is for markdown with realtime render so you can see what you wrote and how is going to look ?
20:03 tiadobatima joined #salt
20:04 forrest iggy: Automation gigs may be more common, but most of the ones I've looked at are 'we currently have chef and want to stick with it because we are a ruby shop!'
20:04 forrest which I'm not interested in
20:04 forrest ruby shop, no biggie
20:04 forrest chef, deal breaker
20:04 forrest DanyC: For the doc stuff you mean?
20:05 forrest DanyC: I just build the doc repo locally and review it.
20:05 DanyC forrest: ah i see. .. i was hopping there is a tool like those for markdown which make life easier for reSt
20:06 murrdoc syntastic plugin for vim has rst support
20:06 murrdoc along with pylint and shiz
20:06 davisj forrest: so usually ruby is the deal breaker for folks (imho) , is shef that terrible?
20:06 forrest murrdoc: That does't show the rendered files though
20:06 davisj s/shef/chef/
20:06 forrest davisj: I don't like chef, and I don't like puppet
20:06 forrest they are 'gen 1' config management tools
20:06 murrdoc forrest:  rendered ?
20:06 murrdoc nope
20:06 murrdoc atom does
20:06 theologian joined #salt
20:06 murrdoc github atom
20:07 forrest davisj: It's like saying 'hey you know how you use python 2.7? What do you think about using pyhont 1.3? That is doable right?'
20:07 dingo ahammond: boulder creek, california
20:07 forrest yeah it's doable, but it sucks
20:07 * davisj always thought cfengine was gen1 and bcfg2/puppet/chef gen2
20:07 forrest cfengine is gen 0 to me, lol
20:07 davisj forrest: ha
20:07 aparsons joined #salt
20:07 davisj :)
20:07 dingo DanyC: i am using an openstack 'doc8' analysis checker and an restructuredtext linter
20:07 forrest Usually from what I've seen puppet/chef are gen 1, ansible/salt are gen 2, and puppet is trying to be gen 2
20:07 * whytewolf shudders, cfengine
20:07 forrest where as chef just doesn't care, and is like 'write straight up ruby for your config management'
20:07 forrest which is one of the things that make it sucks
20:08 ahammond dingo I sent you an email. :)
20:08 forrest *suck
20:08 dingo but nothing realtime, i am interested in your findings though, DanyC. I have a coworker who can have a mac or windows desktop, but is not a programmer, but an excellent documenter i want to involve with .rst
20:08 forrest you get all these people going 'well I am a ruby dev, I can write chef!'
20:08 forrest yeah I'd like a real time renderer as well, the Salt docs are a bit more difficult because you usually want it to render with the specific style
20:09 DanyC dingo: i'm still looking after and will let y'll know if i get one
20:09 davisj it pains me that all the sysadmin/devops podcasts are like 90% chef
20:09 dingo davisj: me too, they're all solving problems i felt were solved 10 years ago D:
20:09 DanyC maybe i got too much spoiled with MacDown / Mou for markdown :)
20:10 theologian joined #salt
20:10 zmalone Does anyone have tools they use for dealing with gpg in pillars?  I need to selectively encrypt hundreds/thousands of secrets, and come up with a sane way for people to update, modify, etc. those secrets over time.  I'm wondering if there's already a vim plugin or something that I'm missing.
20:10 dingo i think code repository management of their equivalent states and data is chef's biggest downfall, the server owns all the revisioning, i think git and such does a fine job.
20:11 PredatorVI iggy:  any more thoughts on that orchestration ordering/failure thing?  I ended up commenting out all steps EXCEPT the test.ping in my orch.sls. I hard-coded the 'tgt' to 'myminion-acc*' which should hit 3 minions, but only the two that are up actually ran the test.ping.  It completely skipped the minion that was down.
20:11 dingo zmalone: the best i know is the salt-vim plugin, which screws up on some hairy details of inner jinja in yaml
20:11 dingo and is just for syntax highlighting of course
20:12 theologian joined #salt
20:12 dingo indentation too, probably
20:12 zmalone And it doesn't look like it has any gpg specific stuff.
20:12 dingo yeah i didn't think it would.
20:12 tzero joined #salt
20:12 davisj the 5 year oldin me always giggles when I hear the words "data bags"
20:12 PredatorVI iggy:   I then changed the orch.sls and created 3 sections (one for each minion) and set the tgt for each to the exact minion id (no wildcards) and the 3rd minion now shows failure though the salt-run process still returns exit code = '0'.
20:12 iggy PredatorVI: how could it run anything on a minion that is down?
20:13 * davisj isn' sure why
20:13 PredatorVI I'm trying to ping it before running the orchestration
20:13 dingo davisj: i wore a chef hat while i stared down the 'devops' team from the 'engineering' team across an open office, and said a few jokes about encrypted databags
20:13 dingo should probably get those encrypted databags looked at, sounds serious
20:14 davisj dingo: ouch!
20:14 jaybocc2 joined #salt
20:14 jaybocc2 hey guys, do you know if you can use both onlyif and unless together?
20:14 PredatorVI iggy:  I guess that is part of the orchestration.  Is there a way as part of the orchestration process to check that all nodes are up before doing anything else?
20:15 whytewolf jaybocc2: yes you can.
20:15 iggy PredatorVI: not with something like that... if you had a hard list, you could use failhard
20:16 jaybocc2 whytewolf: does it need to satisfy one or both?
20:16 jaybocc2 my usecase would require it to satisfy both
20:16 whytewolf jaybocc2: both
20:16 jaybocc2 ok thank you
20:16 whytewolf oh wait, not one or the other.
20:16 PredatorVI iggy:  what is syntax for 'failhard'?
20:16 PredatorVI nvm...I think
20:17 whytewolf if you need both. make your check return correctly for both settings
20:17 Brew joined #salt
20:17 jaybocc2 so yeah
20:17 jaybocc2 if onlyif returns true AND unless returns false
20:17 jaybocc2 it will run
20:17 jaybocc2 but if onlyif and unless return true it won't run
20:17 jaybocc2 correct?
20:17 whytewolf that is false.
20:18 jaybocc2 ah so as long as it satisfies either unless or onlyif it will run
20:18 whytewolf yes
20:18 whytewolf just make a more complex check
20:18 jaybocc2 yeah i will have to
20:18 jaybocc2 thanks
20:19 ahammond zmalone we're using an in-house solution called pillar_files. It works by using the standard top.sls to manage access to pillars which consist of file contents.
20:20 ahammond zmalone all you do is
20:21 ahammond zmalone ... define a pillar with the name pillar_files with a dict of pillar names => sub-directories.
20:22 whytewolf so, has anyone actually started building an ext-pillar for vault? or is that still just in the talks?
20:22 murrdoc dude
20:22 * murrdoc wants that
20:22 murrdoc where is ek6
20:24 DanyC whytewolf: i'm interested in it very much to use it with consul / consul-template
20:24 DammitJim joined #salt
20:25 DanyC whytewolf: but so far i haven't seen anyone working in that direction, i guess is just on wishing list  :)
20:28 thekabal joined #salt
20:28 thekabal I’ve seen some servers that update the MOTD with the time/date of the last change made by Salt. How? :)
20:28 whytewolf DanyC: sigh, sadly it looks that way
20:29 whytewolf thekabal: a returner that if there are change made updates the motd?
20:29 * whytewolf shrugs
20:29 tr_h joined #salt
20:32 dthom91 joined #salt
20:32 aqua^c joined #salt
20:32 babilen thekabal: Just render /etc/motd[.tail] with the date in there as part of your highstate?
20:33 yaryarrr joined #salt
20:33 adelcast joined #salt
20:34 thekabal babilen> but then if a state or cmd.run is run separately, it wouldn’t get triggered, correct?
20:41 iggy is it a hard requirement that it be every time Salt does anything?
20:42 supersheep joined #salt
20:43 DanyC whytewolf: in case you are interested ... https://github.com/hashicorp/vault/issues/323 i'm already using consul-template/ consul so maybe s'thing good will come out from my brain :)
20:43 saltstackbot [#323]title: Max lease time? | Hi I'm using the Generic 'file' backend, I tried setting a lease for 365 days but it seems to default to 259200s (30d)....
20:43 mattiasr joined #salt
20:44 Akhter joined #salt
20:45 DanyC whytewolf: and more from Ansible side, where they don't ahve the module either but what they've done was creating a cli called ansible-valut (very confusing if you ask me). However Armon made the comment and he is a smart cookie imo
20:46 kim0 joined #salt
20:47 kim0 Hi folks .. I have machine names like name.some.long.domain .. where "name" is a random name .. Is there any way to avoid typing the long fqdn ? and target multi machines
20:48 zmalone *?
20:49 whytewolf kim0: there are lots of ways of targeting. http://docs.saltstack.com/en/stage/topics/targeting/index.html
20:51 kim0 I guess the main problem is that this doesn't work
20:51 kim0 salt -L 'falcon*,dragon*' test.ping
20:51 whytewolf kim0: lists don't take globs
20:51 kim0 Yeah :)
20:51 whytewolf kim0: http://docs.saltstack.com/en/stage/topics/targeting/compound.html#compound-matchers
20:51 whytewolf you want compound
20:52 kim0 Ok .. that does work .. a little long to type but Ok
20:53 Brew joined #salt
20:54 whytewolf salt -C 'P@(falcon|dragon).*' test.ping
20:54 whytewolf not that long
20:54 whytewolf oh wait that should be E not P
20:55 kim0 'falcon* or dragon*' also worked
20:57 kim0 hmm .. what's the way to group some of those nodes under different names
20:58 Ryan_Lane what's the status of 2015.8?
20:58 whytewolf there is no real alias system, but i guess you could use pillars to link different names to it then use pillar matching
20:58 rdutch left #salt
20:58 whytewolf Ryan_Lane: last i heard final rc, and frozen
20:59 Ryan_Lane cool
21:00 kim0 whytewolf: k thx
21:00 mapu joined #salt
21:00 Ryan_Lane whytewolf: cool. thanks :)
21:01 DanyC whytewolf: that is a good news on the 2015.8 , thx for sharing (getting hopes :) )
21:02 whytewolf yeah, they might actually make it to be 2015.8 instead of 2015.11
21:02 dthom91 joined #salt
21:03 Ryan_Lane the renaming of the last release was very annoying :)
21:04 sunkist joined #salt
21:05 joeskyyy joined #salt
21:07 iggy true story
21:08 Ryan_Lane I hope this salt release is relatively painless. I fixed like 4-5 bugs last time after release
21:08 joeskyyy Question regarding syndics, per "Each Syndic must provide its own file_roots directory. Files will not be automatically transferred from the Master node." does this mean that you must have top files across all syndics?
21:08 Ryan_Lane (which is way better than previous times)
21:09 forrest Hmm, does anyone remember with salt how you can make it so for mysql, a user can remotely auth with a password, BUT you aren't actually changing the user's password locally?
21:09 whytewolf Ryan_Lane: from what i have seen there is a TON of changes coming in this release. so I expect pain. lots of it
21:09 Ryan_Lane whytewolf: there was a lot of change to 2015.5, too
21:09 Ryan_Lane and I only hit a few hiccups
21:09 Ryan_Lane I'm doing masterless, though
21:09 forrest Basically I want to do GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED by 'creds' WITH GRANT OPTION; but in salt.
21:10 forrest but mysql grants doesn't suppport password..
21:10 forrest *support
21:11 forrest oh I could use mysql_query I think, hmmm
21:11 iggy I couldn't even install the 2015.8rc I tried...
21:11 iggy I won't be at $current_job long enough to move to it anyway
21:12 Ryan_Lane iggy: what broke?
21:12 whytewolf I got 2015.8rc2 working. but havn't tried the ones after that
21:12 iggy the install
21:13 AndreasLutro I've been working off 2015.8 git head for a month or two
21:14 AndreasLutro I'm glad I can fix bugs before they make it to a release
21:15 Ryan_Lane iggy: via pip+git?
21:15 iggy using the instructions in the release announcement
21:15 Ryan_Lane ah. ok
21:16 iggy (I believe that uses a tarball, haven't messed with it in a bit, so I don't know)
21:16 cheus joined #salt
21:17 supersheep joined #salt
21:18 DanyC left #salt
21:18 DanyC joined #salt
21:19 whytewolf 2 ways, either using the bootstrap script. or from the source tarball. i know the bootstrap turned into a ball of hate on ubuntu because of tornado.
21:20 Ryan_Lane this is why I always use git + pip
21:21 iggy sudo sh install_salt.sh git v2015.8.0rc2
21:21 iggy but I think I only tried rc1
21:22 DanyC Ryan_Lane: i guess for pip you go out to wide internet or you have a local pip repo which hosts all salt dependencies ?
21:25 Ryan_Lane DanyC: yeah, always a fork of the repo
21:25 breakingmatter joined #salt
21:25 Ryan_Lane it's just git. it just requires the repo
21:25 Ryan_Lane no need for a git package
21:25 Ryan_Lane err
21:25 Ryan_Lane pip package
21:26 DanyC Ryan_Lane: correct but for python modules which are not in by default in the distor you running then you need to take it from somewhere, no?
21:27 DanyC Ryan_Lane: also for ZMQ you need to www or local pip repo to pull it out as i doubt is in the salt git repo ..
21:27 AndreasLutro git clone, pip install -e /path/to/salt
21:27 ipmb joined #salt
21:28 Ryan_Lane ^^ that
21:28 Ryan_Lane you can also pip install directly from a remote
21:28 kim0 whytewolf: It seems group nodes is actually supported with http://docs.saltstack.com/en/latest/topics/targeting/nodegroups.html
21:28 Ryan_Lane DanyC: yeah, it'll still pip install the dependencies
21:28 Ryan_Lane which is fine
21:28 Ryan_Lane I actually generate a frozen virtualenv
21:28 wendall911 joined #salt
21:30 DanyC Ryan_Lane: AHA , now that is a great idea.  Will be awesome in case you are in an env w/o internet to use virtualenv as a pip repo so others nodes cna point to it and install pip dependencies
21:31 baweaver_ joined #salt
21:32 Ryan_Lane DanyC: assuming you generate it inside of a container, you can just tar it up and ship the tar file around
21:32 Ryan_Lane as long as you untar it in the same location
21:33 Ryan_Lane but that's why you use the container :)
21:33 Ryan_Lane you also use the containers so that you can make a venv for each distro version
21:34 giantlock joined #salt
21:34 DanyC Ryan_Lane: that will work indeed ...i just think i sorted out my dependency list and no longer need an rpm/ yum repo/ big centos epel etc :)
21:34 stephas joined #salt
21:35 Ryan_Lane heh
21:35 Ryan_Lane that's the other nice thing about a venv
21:35 Ryan_Lane you can easily include any python deps you need in with it
21:35 dthom91 joined #salt
21:37 dthom91 joined #salt
21:38 DanyC Ryan_Lane: exactly !
21:38 gazarsgo how do i poke salt-call --local to run a given high state? i keep getting errors like Could not find file from saltenv 'prod', 'salt://top.sls'
21:41 arthoo hi, I'm trying to use grains to detect a system's role and if detected, run /etc/init.d/${service} but when I use a if statement to detect the existence of the grain in the init.sls, it doesn't get picked up run a state.highstate is run.  is there a better way to do this?
21:42 pm90_ joined #salt
21:43 iggy arthoo: you'd be better off only targeting the sls file at the minion if it had the grain (rather than checking the grain in the sls)
21:43 pm90__ joined #salt
21:44 arthoo iggy: sorry, not sure I follow.  so don't check for the grain in the sls file?
21:45 iggy in the top file, you can target by grain, only target the sls file at minions that have that grain
21:45 iggy alternatively, gist the code you have so far so we can see what you're doing wrong with your current attempt
21:47 orion Hi. I want to bake salt-minion in to a custom AWS AMI, but the keys are generated at install time. Is there a recommended way to defer the creation of the host's private key until later?
21:47 arthoo I have something in my top.sls that determines prod/dev envirionments and then something in the environment's init.sls that looks for those grains
21:51 ajw0100 joined #salt
21:52 iggy orion: they are actually generated at minion startup, so if you shutdown the minion and delete the keys and minion_id file before you make the image, you should be okay
21:53 shaggy_surfer joined #salt
21:54 orion iggy: That would be /etc/salt/pki/* and /etc/salt/minion_id, correct?
21:54 iggy True
21:54 sgargan joined #salt
21:55 orion Excellent, thanks!
21:59 arthoo here's my init.sls.  This is after trying different things and I know not the way to do things.  I just want to have the minon tell me its role (which can be one or more of the things defined) and monitor the correlating /etc/init.d/${service} init script.  http://pastebin.com/j2C1YRbe
21:59 TyrfingMjolnir joined #salt
22:01 iggy looks sane, but what's the output of `salt '*' grains.get local_splunk` ?
22:03 arthoo and here are the corresponding grains on the minion:
22:03 arthoo local_splunk:
22:03 arthoo - splunkindexer
22:03 arthoo - splunkmaster
22:03 arthoo - splunksearch
22:03 iggy okay
22:03 iggy so local_splunk is a list of words
22:03 iggy but you are comparing it to a single string
22:04 iggy you probably want something like {% if 'splunkmaster' in grains['local_splunk'] %}
22:04 arthoo ah
22:05 arthoo that explains some things
22:09 tmmt joined #salt
22:10 gazarsgo how do i troubleshoot this: Could not find file from saltenv 'base', 'salt://users.sls' ? i'm trying to use salt-call --local with a local git clone of my salt repo
22:10 yomilk joined #salt
22:11 iggy salt-call cp.list_master
22:11 iggy might give you some clue
22:11 iggy don't know how that interacts with masterless though
22:12 gazarsgo yeah that outputs: local:
22:12 arthoo thanks, iggy -- that works as I was needing it to.  I appreciate your help!
22:12 gazarsgo which i guess is an indication that i haven't wired anything up correctly
22:12 gazarsgo oh no, it does work
22:14 gazarsgo so i get a long list that looks like every file in my current directory, including the one state i want to run which is "states/users/init.sls"
22:14 gazarsgo ooh! got it, had to remove the .sls suffix
22:15 gazarsgo thanks iggy
22:16 baweaver joined #salt
22:21 BlackJackAc3 joined #salt
22:24 baweaver joined #salt
22:31 Bryson I can't get djangomod.loaddata to work properly with fixtures. Does anybody have any experience with using Salt in a Django project? The docs are a waste of time.
22:38 cpowell joined #salt
22:38 tiadobatima joined #salt
22:39 hal58th_ joined #salt
22:39 denys joined #salt
22:39 RandyT_ joined #salt
22:44 forrest Bryson: I don't unfortunately. If you figure it out though (or don't) can you please create an issue regarding updating the docs?
22:45 forrest And voicing your issues? Then someone can know it needs to be worked on
22:47 Bryson Yeah, I've filed bug reports before and I will continue to do so. I just don't have the time this instant to go through the source to figure out the hangup. Was hoping somebody had experience.
22:48 bfoxwell joined #salt
22:49 forrest Bryson: Yeah that's fair
22:49 iggy I've never even heard of anyone doing that
22:50 Bryson http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.djangomod.html
22:51 iggy what have you tried?
22:52 Bryson so in my state, i have the module.run for loaddata, but the `- fixtures:` arg passes all the names of the fixtures with prefixed with -- to the command as arguments, instead of as parameters to an argument. `--fixtures data.json` turns into `--fixtures --data.json`
22:53 iggy can you gist the state?
22:55 Bryson http://pastie.org/private/emd2pfiisf3ks4p5bgdw
22:55 Bryson I have tried about every possible format of the path to the fixture JSON file too. Included it in square brackets, as sub items indented with and without their own hyphens...they all break but in different ways.
22:56 iggy lol, no way that's working
22:56 iggy it overwrites cmd repeatedly
22:57 gcfhvjbkn joined #salt
22:59 iggy idea: try it on the command line to see what happens
22:59 mosen joined #salt
23:02 sunkist joined #salt
23:02 Bryson iggy: http://pastie.org/private/kjwxaolpuhbvg665cc3uma This actually works, but is obviously a workaround.
23:03 iggy Yeah, just open an issue that says loaddata is busted
23:03 Aidin joined #salt
23:03 iggy if you've got a workaround, you don't need to supply a fix
23:04 Bryson For sure. And thanks for the idea iggy...i was so frustrated with the "right" way being broken I didn't think of doing it manually. Even though in the source, everything in that module gets run through the `command` method anyway. heh
23:06 tmmt joined #salt
23:06 Bryson left #salt
23:06 Bryson joined #salt
23:06 tmmt joined #salt
23:11 andrew_v joined #salt
23:11 RandyT_ joined #salt
23:11 drawsmcgraw left #salt
23:12 Myra hey guys, newbie here. :) is it possilbe to run a shell command in a conf file on salt minion?
23:13 forrest Hi Myra, what do you mean by 'conf file'? A .sls file like a state?
23:14 forrest or do you mean you have an existing shell script you want to run
23:14 Myra more of a shell script than a state
23:15 forrest use cmd.script: http://docs.saltstack.com/en/latest/ref/states/all/salt.states.cmd.html#salt.states.cmd.script
23:15 forrest Myra: ^
23:16 Myra is it possible put that result in a text file
23:16 PredatorVI Jinja question - how do I add an element to a list?
23:17 iggy {% do list.append(el) %}
23:17 forrest Myra: What do you mean? The output from the shell script?
23:17 PredatorVI Iggy: Thx
23:17 forrest I'd just add that to the script to dump the output if you're going to use a shell script anyways.
23:18 cachedout joined #salt
23:18 Myra for eg. I have a config.txt need user=`get_user dbuser` and password=`get_password dbuser` etc in it
23:20 Myra in puppet I can do it with an erb template like config.txt.erb to do it. how can I do it in salt?
23:21 Myra not sure if I made myself clear :P
23:22 Myra on salt minion I can run get_user dbuser to return a username string. how can I put that in a config.txt file on salt minion?
23:23 PredatorVI iggy:  so why wouldn't `{% set newlist = list.append(el) %}` work?
23:25 iggy list.append() doesn't return anything, it operates on the object
23:26 PredatorVI but without the 'do' jinja is expecting a return value?
23:26 iggy does not compute
23:27 Akhter joined #salt
23:27 PredatorVI iggy:  I've felt that alot lately :P
23:27 iggy you would use set like so: {% set foo2 = foo + '2' %}
23:27 Ahrotahntee joined #salt
23:30 Myra thanks forrest. it is a lot of text just one line getting shell output. but it will work :)
23:30 otter768 joined #salt
23:30 forrest Myra: np
23:38 jodv joined #salt
23:42 NightMonkey joined #salt
23:52 aqua^c joined #salt
23:53 baweaver joined #salt
23:56 tiadobatima1 joined #salt
23:58 Aidin left #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary