Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2015-09-10

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:01 dthom911 joined #salt
00:02 otter768 joined #salt
00:03 protoz_ joined #salt
00:03 joe_n joined #salt
00:05 Brew joined #salt
00:09 dthom911 joined #salt
00:11 protoz joined #salt
00:11 bbbryson joined #salt
00:14 dthom91 joined #salt
00:14 CheKoLyN joined #salt
00:15 protoz joined #salt
00:15 otter768 joined #salt
00:18 protoz joined #salt
00:19 ajw0100 joined #salt
00:20 jbub joined #salt
00:23 Singularo joined #salt
00:23 _JZ_ joined #salt
00:25 onewheelskyward joined #salt
00:27 druonysus joined #salt
00:29 joe_n joined #salt
00:32 malinoff joined #salt
00:34 jodv joined #salt
00:36 pm90_ joined #salt
00:42 CheKoLyN joined #salt
00:43 alemeno22 joined #salt
00:45 zwi joined #salt
00:46 protoz joined #salt
00:49 protoz joined #salt
00:50 baweaver joined #salt
00:55 s_kunk joined #salt
01:02 protoz joined #salt
01:09 protoz joined #salt
01:10 s_kunk joined #salt
01:10 nlb joined #salt
01:23 riftman joined #salt
01:23 Mitul joined #salt
01:24 |_[O_O]_| jinja scoping -- arg!
01:25 k00l joined #salt
01:25 |_[O_O]_| that do tells scope to go home with lists is silly
01:25 |_[O_O]_| i want a literal :(
01:25 |_[O_O]_| its even defined global!
01:27 dendazen joined #salt
01:31 kidneb joined #salt
01:32 protoz joined #salt
01:32 otter768 joined #salt
01:34 pravka joined #salt
01:37 joe_n joined #salt
01:40 kidneb joined #salt
01:47 ilbot3 joined #salt
01:47 Topic for #salt is now Welcome to #salt | 2015.5.5 is the latest | Please use https://gist.github.com for code, don't paste directly into the channel | Please be patient when asking questions as we are volunteers and may not have immediate answers | Channel logs are available at http://irclog.perlgeek.de/salt/
01:49 catpigger joined #salt
01:56 womble I'd like to set the sysctl ip_local_port_range to '15000 65500' by default, but on any machine with haproxy I want to set it to '1024 65535'.  At present, on haproxy machines, both sysctls are defined (one in a "common sysctls" file, and another inside the haproxy config state file) and they fight over the correct value.  How should I adjust things so they live in peace and harmony together?
01:57 womble Is my only option to modify the "common sysctls" file to "detect" that the sysctl will be set elsewhere, and then don't set it the default state?  That seems kinda fragile, but I'm not coming up with anything more robust.
02:01 harkx joined #salt
02:02 sunkist joined #salt
02:02 apejens womble: could you set the values in a pillar, and then have the pillars for haproxy machines give you something different?
02:02 apejens that way you would only have one state, and that state would change based on pillars per machine?
02:02 boargod joined #salt
02:04 cyborg-one joined #salt
02:04 womble apejens: That would require me to set a value in the pillar whenever I install haproxy on a machine, wouldn't it?  Or is there someway to influence the values in the pillar in the states?
02:05 quasiben joined #salt
02:05 apejens well, you would apply values from your pillar/top.sls I guess, and for machines that should have teh haproxy state, you apply a different value for sysctl variable pillars?
02:06 opensource_ninja joined #salt
02:06 apejens my understanding of salt is quite new though, so I might be misunderstanding. But in my work so far, I will set some pillar values based on hostnames (in lack of better grains/matching data for now)
02:06 womble apejens: I'm afraid my lack of salt-fu is letting me down here, I don't quite understand how that would work.
02:07 apejens womble: ok, I'll try to write a simple gist example, hang on. IT might give you some ideas, although it won't be correct I think :P
02:11 womble Ah, yeah, I'd prefer not to have to modify things in two places when I add haproxy to a machine.  If the configs *can* get out of sync, I can guarantee that they *will*, sooner or later.
02:12 apejens womble: https://gist.github.com/omega/eabf3c73839d86789989
02:12 apejens then you would just maintain the values in the pillars that get applied to the machines
02:12 apejens and there would only be one state, sysctl, applied to all machines
02:12 apejens setting the sysctl based on pillars, which are assembled per machine
02:13 markm joined #salt
02:18 cyborg-one joined #salt
02:19 fersur3 joined #salt
02:24 apejens womble: another option might be to use the "extends" stuff in states, but I have never used that, so can't offer much insight :/
02:24 kevinquinnyo joined #salt
02:30 whytewolf womble: use pillar.get with a default value?
02:30 aqua^c joined #salt
02:36 zmalone joined #salt
02:37 evle joined #salt
02:43 Zeromorphism joined #salt
02:43 Zeromorphism Hello
02:44 fersur3 Hello
02:45 favadi joined #salt
02:46 protoz joined #salt
02:48 writtenoff joined #salt
02:50 protoz joined #salt
02:55 otter768 joined #salt
02:55 protoz joined #salt
02:56 dthom91 joined #salt
02:57 llua^_^AznSmile- joined #salt
02:57 SneakyPh1l apejens: thanks for that example
02:59 ocdmw joined #salt
03:00 protoz joined #salt
03:03 womble whytewolf: That's an option, too, but I suspect it suffers from a similar problem as other ideas: needing to change things in two places when a machine gets haproxy on it.
03:03 womble I'm starting to think everything, including state assignments, should really be done in the pillar.
03:03 protoz joined #salt
03:10 stupidnic joined #salt
03:10 sunkist joined #salt
03:11 stupidnic A bit of a noob with SaltStack. I have an existing logstash server and I would like to automate getting the server certificate onto the logstash-forwarder clients. Can somebody point me in the right direction if that is possible and where I should be looking for that?
03:13 stupidnic I would like to avoid storing the certificate statically in salt://
03:15 zmalone Why?  Certs can be public knowledge, it is keys that should be kept secret (and if you need to do that, salt has https://docs.saltstack.com/en/stage/ref/renderers/all/salt.renderers.gpg.html , although it gets really ugly if you have many secrets)
03:16 joe_n joined #salt
03:16 zmalone stupidnic: (there are also some problems with it handling things like special characters in secrets, although it shouldn't be an issue with a key)
03:16 harkx joined #salt
03:17 stupidnic zmalone: logstash generates a new certificate for the server each time it is installed (key and cert)
03:17 pravka joined #salt
03:18 stupidnic the goal of my states is a complete ground up cluster deployment for a customer
03:18 stupidnic so I don't want to keep things staticly defined in the states if I can help it
03:19 whytewolf womble: with a default in the state. why would you need to update in 2 places? that makes no sense. you either have the setting or don't if the setting isn't set by adding the haproxy piller optiosn then it gets set to what ever the default is. you don't need to states setting that option than
03:19 ageorgop joined #salt
03:21 stupidnic zmalone: I guess I will just store the cert contents in a pillar
03:22 womble whytewolf: Sorry, I was unclear.  When I make a machine a haproxy machine, it's done by adding the 'haproxy' state "collection" (I'm not sure it's actually a "formula", in Salt terminology, but I don't know what else to call it) to the top.sls for the hostname that matches.  In order to get the sysctl value to be the "right" one, I'd need to update the pillar as well, as I understand it.
03:22 womble I'm comfortable for my understanding to be wrong, though.
03:26 whytewolf womble: how is the sysctl value getting set currently? through a state right?
03:31 womble whytewolf: Yes.  All nodes have `- common` in their entries in `top.sls`, and `common/init.sls` has a state to set the sysctl to '15000 65500'.  Then some nodes have `- haproxy` in their entries in `top.sls`, and `haproxy/init.sls` has a state to set the sysctl to `1024 65535`.
03:31 protoz joined #salt
03:31 whytewolf womble: tow many states doing the same thing. only need 1 that sets sysctl value.
03:33 womble whytewolf: Sure, but then that state (where would it live?) would need to know what value to set the sysctl to.  My understanding is that value has to be set in the pillar, and then that means that configuring a machine to run haproxy would involve editing both `salt/top.sls` (to add `- haproxy`) and also the pillar data (to set the alternate value for the sysctl).
03:33 whytewolf delete the one in haproxy, and set the one that is in common to something like - value: {{ salt['pillar.get']('sysctl:keyname', '15000 65500')  }}
03:34 womble My crystal ball tells me that sooner or later, someone's going to forget to set the pillar value, and then the value of the config mgmt system is squandered.
03:35 whytewolf well you could setit up so that the only thing that needs to be changed is adding a role to the host.
03:35 whytewolf you don't have to target by minion_id
03:36 womble whytewolf: So both the pillar and the states look for a role of "haproxy" and do the needful?
03:36 whytewolf yeah
03:37 womble That could work.  Is assigning roles to nodes done in the manner described here?  http://stackoverflow.com/questions/21230365/assign-role-profile-definitions-to-saltstack-minions-during-vm-creation-vsphere
03:38 whytewolf that would be grain roles, yes.
03:39 theologian joined #salt
03:40 apejens you could apply a "role" from a pillar as well, and then match that in the states top.sls?
03:40 apejens so applying a haproxy pillar to a machine, would set sysctl and enable haproxy "role", and then you match on that "role" in the states top.sls?
03:40 whytewolf correct. and that would be more secure. but pillar is tricky since you can't really target pillars from the pillar top
03:41 apejens no, in this way, you would target pillars based on hostnames I guess, or something like that
03:41 apejens but it would achieve the same thing, only having to add a new host one place?
03:41 whytewolf correct. and a valid, and more secure path, if security is a concern
03:42 auzty joined #salt
03:42 dendazen joined #salt
03:43 womble And revision controlled, if I'm understanding things correctly.  So it won't be grains for us.
03:48 womble Am I alone in thinking that having a file named `top.sls` in both the pillar and states was a really, *really* bad idea?  Reading people's explanations gets mighty confusing mighty quick when they start talking about "in top.sls" without indicating *which* one.
03:49 womble Oooooh... you *can* set grains in the state files, apparently: http://blog.endpoint.com/2013/12/setting-server-role-in-salt-comparing.html
03:50 womble salt['grains.setval']('server_role','sessiondb')
03:55 zmalone joined #salt
03:59 dendazen joined #salt
04:03 iggy womble: tell people to specify which top file, and no, not a bad idea
04:04 womble iggy: Because telling people on the Internet what to do is *always* an effective strategy... <grin>  Better, IMO, to make things more fool-resistant than try to de-fool everyone.
04:05 Jahkeup joined #salt
04:07 iggy womble: think about it
04:07 iggy how would you have different pillars per minion with 1 top file?
04:09 womble iggy: I wouldn't.
04:10 totte left #salt
04:10 cyborg-one joined #salt
04:10 totte joined #salt
04:12 iggy well, that simplifies things for everybody
04:14 cyborg-one joined #salt
04:43 ajw0100 joined #salt
04:44 jeffspeff i'm needing to do an if statement in a state to see if the fqdn of a system contains 'foobar'. is there an operand for contains? or do i need to cut the string of the fqdn or what?
04:48 zer0def joined #salt
04:49 anmolb joined #salt
04:51 ramteid joined #salt
04:59 jeffspeff iggy, any thoughts on my question above?
05:00 onewheelskyward left #salt
05:05 apejens iggy: I think womble might have argued that naming them differently would have been better, not that they should be merged to one?
05:11 pm90_ joined #salt
05:11 rdas joined #salt
05:15 otter768 joined #salt
05:25 opensource_ninja joined #salt
05:31 miao9611 joined #salt
05:32 womble apejens: Correct.
05:33 womble jeffspeff: Regex match?
05:34 jeffspeff i actually found that i could use {% if "foobar" in grains['fqdn'] %} it did what i wanted
05:39 Furao joined #salt
05:41 Rebus joined #salt
05:44 Jeff__ joined #salt
05:46 womble Ah, "in"
05:49 georgemarshall joined #salt
05:49 desperado joined #salt
05:50 zer0def joined #salt
05:50 desperado hello all, this a good place to ask a salt tech question?
05:50 jeddi desperado: yes.
05:51 desperado I have a masterless configuration but I need to set a variable only on one of the minions - doesn't matter which, just one of them
05:52 jeddi a grain, you mean?
05:52 desperado a grain would be fine
05:52 desperado but must be set only on one of the minions
05:52 jeddi and you don't know ahead of time which minion needs it set, is that what you mean by 'doesn't matter which' ?
05:53 desperado yes
05:53 jeddi can you just set it in a custom grains fragment file in /etc/salt/minion.d/grains.conf (for example)
05:53 iggy womble: 2 files that serve the exact same purpose with the same syntax... sure, let's name them something totally different
05:54 * iggy hands out his last remaining fucks and heads to sleep
05:54 * womble collects a few stray fucks for a rainy day
05:56 desperado jeddi: do you mean like editing the file manually? I need a way to get that grain set during highstate
05:57 desperado I would like to create a state that, using jinja if necessary, can pick up one node only and set a grain on that node as part of the highstate
05:58 desperado before they (my esteemed colleagues) removed the salt master, I was using the salt master but now I no longer have a master
06:04 joe_n joined #salt
06:04 dopesong joined #salt
06:05 sirex joined #salt
06:06 code42fr joined #salt
06:07 zer0def joined #salt
06:14 Ztyx joined #salt
06:23 code42fr Hello world
06:27 dopesong_ joined #salt
06:28 terinjokes joined #salt
06:28 AndreasLutro joined #salt
06:29 jeddi desperado: yeah - not sure how you can guarantee that kind of orchestration absent a salt master.
06:29 jeddi desperado: is resurrecting the salt master not possible?  i suspect it'd save you a veritable bucketload of grief.  not just with this kind of challenge.   if you don't have a master, then you still need some mechanism to guarantee / allocate this particular grain to a single minion.
06:30 jeddi i know this is all fairly obvious stuff.
06:41 Zytox joined #salt
06:42 KermitTheFragger joined #salt
06:44 katyucha joined #salt
06:46 rubendv joined #salt
06:47 desperado jeddi: hey, thanks a lot!
06:47 desperado i appreciate the help anyway
06:47 desperado it looks like my idea will not work also for other reasons, and no, master is gone and it's not coming back..
06:48 catarrhine joined #salt
06:48 desperado I'll be using aws sdb to create a lock shared by the minions so that only one of them execute a certain task - a colleague came up with this
06:48 desperado thanks jeddi!
06:49 catarrhine How do I use a state outputter with a state.sls on the command line (sudo salt tgt state.sls statefile)
06:50 catarrhine I asked earlier, but I couldn't figure out how to use the answer on the command line
06:50 catarrhine for reference: https://docs.saltstack.com/en/develop/ref/output/all/salt.output.highstate.html
06:51 pykill joined #salt
06:56 jeddi desperado: yeah - not a great situation by the sounds of it.  good luck with it.
07:03 opensource_ninja joined #salt
07:03 Grokzen joined #salt
07:06 zer0def joined #salt
07:06 colttt joined #salt
07:10 babilen desperado: Why was it removed?
07:13 eseyman joined #salt
07:13 lb1a joined #salt
07:16 otter768 joined #salt
07:16 colttt joined #salt
07:18 rdas_ joined #salt
07:20 code42fr Hell, does anyone have a moment ?
07:20 * babilen has a moment
07:21 babilen http://cdn.meme.am/instances/500x/61277821.jpg
07:24 Norrland code42fr: Mr Satan is busy at the moment.
07:24 code42fr thks Norrland
07:24 Ztyx joined #salt
07:24 code42fr Hello
07:25 code42fr my list of jobs is full of saltutil.find_job
07:26 code42fr Like in this posts -> https://github.com/saltstack/salt/issues/20101
07:26 linjan_ joined #salt
07:41 kawa2014 joined #salt
07:43 aristedes joined #salt
07:45 voxxit joined #salt
07:52 Ztyx joined #salt
07:55 slav0nic joined #salt
07:57 keimlink joined #salt
08:00 evle Is that ok that ssl certificate for bootstrap.saltstack.com is not accepted by wget in Debian wheezy with latest updates?
08:02 keimlink joined #salt
08:03 simmel joined #salt
08:03 jhauser joined #salt
08:03 chutzpah joined #salt
08:03 chutzpah joined #salt
08:04 chiui joined #salt
08:05 aristedes joined #salt
08:05 stooj joined #salt
08:05 GreatSnoopy joined #salt
08:07 malinoff joined #salt
08:07 ablemann joined #salt
08:08 micko joined #salt
08:09 supersheep joined #salt
08:09 Alan_S_ joined #salt
08:09 aristedes left #salt
08:11 Jahkeup joined #salt
08:12 alexhayes joined #salt
08:13 Ztyx1 joined #salt
08:14 jbrnds joined #salt
08:18 zer0def joined #salt
08:24 kbaikov joined #salt
08:26 malinoff joined #salt
08:36 laax joined #salt
08:37 babilen evle: What does "openssl s_client -connect bootstrap.saltstack.com:443" give you?
08:39 Gilou hmmm.. the only real way to force the mine to get newly set functions is to restart the minion ?
08:40 evle babilen: http://pastebin.com/pw6EHiBq
08:40 babilen Just for next time: pastebin.com is a horrible website and there are much better pastebins available such as http://refheap.com, http://paste.debian.net, https://gist.github.com, http://sprunge.us, http://dpaste.de, …
08:42 babilen evle: "Verify return code: 20 (unable to get local issuer certificate)" -- looks as if your ca-certificates are missing one in the trustpath. Please join #debian and ask about options (upgrading to jessie has probably been on your todo list for a while now anyway)
08:42 losh joined #salt
08:43 evle babilen: Well, for some tasks upgrading to jessie is not an option yet. And as far as I know wheezy is still supported.
08:46 zer0def joined #salt
08:47 mattiasr joined #salt
08:48 anmolb joined #salt
08:49 mattiasr joined #salt
08:49 boargod2 joined #salt
08:55 sgargan joined #salt
08:55 slav0nic joined #salt
08:57 rakan joined #salt
08:57 Ztyx joined #salt
08:57 rakan Hello everyone
08:59 Ztyx joined #salt
08:59 rakan I am using salt in my code to write a bunch of files to my AWS node. My project is based on Flask, Celery, gevent and Salt basically. My problem i am trying to figure a solution to, is the fact that sometimes executing a file_write function to 6 files separately takes up to 8 minutes sometimes, other times 2 minutes and other times 5 secons
08:59 rakan http://pastebin.com/huz2CDRN
08:59 rakan Here's basically how i do it... very simple piece of code.
08:59 rakan please let me know what other information you need to be able to help in my case
09:00 larsfronius joined #salt
09:00 rakan A small skew in in timing might be justifiable... but the difference between 5-10 seconds and 8 minutes is quite huge
09:01 rakan Using salt versin 2015.05.3
09:01 larsfronius joined #salt
09:05 alexhayes joined #salt
09:05 ablemann joined #salt
09:05 boargod joined #salt
09:09 micko joined #salt
09:16 Ztyx joined #salt
09:16 micko joined #salt
09:17 otter768 joined #salt
09:17 Jahkeup joined #salt
09:18 s0l4r joined #salt
09:19 s0l4r hi guys, we have around 1000-1600 minions and we see the message 'TCP: Possible SYN flooding on port 4506. Dropping request.' , the message appears around ~900 + minions. Especially when running batched highstate we see this in dmesg. Any ideas ?
09:20 phx s0l4r, that's rather related to your operating system, and not to saltstack
09:22 s0l4r yep, youre correct :) just wondering if someone has got rid of this by some OS tunings
09:22 cmek s0l4r: have a look at this: http://serverfault.com/questions/294209/possible-syn-flooding-in-log-despite-low-number-of-syn-recv-connections
09:23 losh joined #salt
09:23 phx cmek, i think it would still be a good idea to know what OS it is, even if it's most probably linux
09:23 orion203 joined #salt
09:27 alexhayes joined #salt
09:27 cmek phx: the log message would suggest it's from a linux box
09:27 Alan_S_ joined #salt
09:30 Ztyx joined #salt
09:31 sgargan joined #salt
09:31 lothiraldan joined #salt
09:40 john joined #salt
09:40 jhauser joined #salt
09:42 Guest29845 Hello guys. I'm trying to setup SS and I just registered two minions and accepted the keys. Now, I'm trying to execute a state file through the wep api (run + "state.sls"). Nothing happens but moreover, the webapi return "" (=OK). What it the best way to debug that? for instance, to see if the master finds the states file, or if the master does not find the minion
09:44 Ztyx joined #salt
09:46 mattiasr joined #salt
09:46 rakan Does salt and it's LocalClient work well with gevent?
09:48 Guest29845 I think so. Someone for saltstack came here and install the master + made a demo on a machine.
09:49 Guest29845 Now I setup a new machine to be sure to understand how it works
09:49 Guest29845 and it does not...
09:49 Guest29845 I don't know if commands are logged somewhere
09:55 supershe_ joined #salt
09:59 Gilou meh... mine is using salt.util.network instead of salt.modules.network if called with network.ip_addrs ... all nice & fun, until you realize you can't use cidr with the latter
10:06 babilen Sure you can use cidr in the mine
10:08 babilen https://www.refheap.com/109376 works perfectly fine
10:08 babilen (two different SLS that is, hence the repeated "mine_functions"
10:11 zer0def joined #salt
10:19 lothiraldan joined #salt
10:24 CeBe joined #salt
10:25 pbrooko joined #salt
10:32 N-Mi joined #salt
10:39 giantlock joined #salt
11:05 rodio_ua joined #salt
11:05 rodio_ua left #salt
11:07 Xiol joined #salt
11:08 Xiol Hi guys, I can't tell from the docs if this is allowed or not, but on an 'include' can you do a 'require'? I can see you can require an 'sls' on a state but I'm trying to order my includes which will save on a lot of 'requires'
11:08 sjorge joined #salt
11:08 sjorge joined #salt
11:10 gerhardqux joined #salt
11:11 pdayton joined #salt
11:12 Xiol actually i'm pretty sure it's not possible
11:16 pdayton1 joined #salt
11:17 slav0nic joined #salt
11:18 otter768 joined #salt
11:19 sjorge joined #salt
11:19 sjorge joined #salt
11:19 rofl____ still no 2015.5.5 deb packages?
11:19 rofl____ joehh: ?
11:22 petersaints joined #salt
11:22 petersaints left #salt
11:31 losh joined #salt
11:34 pbrooko joined #salt
11:36 Ztyx joined #salt
11:38 ninkotech joined #salt
11:39 Ztyx joined #salt
11:40 amcorreia joined #salt
11:42 quasiben joined #salt
11:46 Gilou babilen, when I do that, it seems to use network.utils.network
11:46 Gilou not sure why
11:46 Gilou which doesn't have a cidr param for ip_addrs
11:46 Gilou sorry, salt.utils.network*
11:47 giantlock joined #salt
11:52 TomJepp_ joined #salt
11:56 tkharju joined #salt
11:58 Garo_ joined #salt
11:59 Gilou sorry, I was mixing up 2 logs.
11:59 Gilou but still, it seems to not be working :(
11:59 Gilou ah, now it does
11:59 Gilou ok just scratch that
12:00 impi joined #salt
12:02 theologian joined #salt
12:07 SunPowered joined #salt
12:09 supersheep joined #salt
12:16 babilen Gilou: "support by waiting"
12:20 izibi joined #salt
12:21 Gilou still, the only way to reload the mine functions, the only way is to restart the minion ?
12:21 Gilou ok..
12:21 Gilou still,  to reload the mine functions, the only way is to restart the minion ?
12:22 larsfron_ joined #salt
12:26 anmolb joined #salt
12:31 dthom91 joined #salt
12:31 manfred joined #salt
12:33 robot9 If I want to break my salt state out like so: salt/nfs/server.sls and salt/nfs/client.sls
12:33 robot9 with a map.jinja, and modular functions
12:33 robot9 and then 2 pillar files in pillar/nfs/server.sls pillar/nfs/client.sls
12:34 robot9 that should work correctly with an include nfs.server and include nfs.client in the coorelated salt files, correct?
12:34 robot9 and then I just reference the pillar dict values from the pillar files
12:36 pravka joined #salt
12:37 ssc joined #salt
12:37 DammitJim joined #salt
12:37 ssc Can the output of commands like "salt * state.show_sls" be sorted by the states' "order" attribute?
12:39 SunPowered what is a good way to debug gitfs SSH transactions?
12:39 sgargan joined #salt
12:40 dendazen joined #salt
12:40 SunPowered I'm getting an error on my salt-master that doesn't tell me much of what is going wrong
12:40 SunPowered [salt.loaded.int.fileserver.gitfs][ERROR   ][28024] Exception 'Failed to authenticate SSH session: Callback returned error' caught while fetching gitfs remote
12:41 SunPowered I'll double check my deployment keys
12:50 homeshlice joined #salt
12:51 mattiasr joined #salt
12:59 quasiben joined #salt
13:04 debian112 joined #salt
13:04 DammitJim how do you guys deal with update-alternatives on ubuntu? I want to set my editor
13:05 racooper joined #salt
13:05 DammitJim or do you just replace the symbolic link from /etc/alternatives/editor to the new editor?
13:08 sxar_ joined #salt
13:09 sxar__ joined #salt
13:10 AndreasLutro setting $EDITOR in your shell rc file is a better way of doing that
13:10 AndreasLutro as opposed to doing it system wide
13:11 tux__ joined #salt
13:12 tux__ how does irc work
13:12 tux__ it has a lot of code in it
13:13 AndreasLutro irc is just a protocol, not sure what you're asking tux__
13:13 ntropy tux__: that is way too meta, maybe try #irc? :)
13:13 sjorge joined #salt
13:13 sjorge joined #salt
13:14 DammitJim what is IRC? LOL
13:14 DammitJim Infra Red Channel?
13:15 tux__ do you study physics
13:15 LotR no, this channel is about cooking
13:15 LotR :)
13:15 Phil-Work joined #salt
13:16 tux__ left #salt
13:16 Phil-Work I want to do an action (run a command, if that matters) if another command returns no output
13:16 Phil-Work the command that may return no output still has a 0 exit code, so I can't test that
13:17 Phil-Work is it possible to test for no output or should I write a wrapper script, deploy that out as a file and run it?
13:17 Tecnico1931 joined #salt
13:17 DammitJim oh, sorry
13:18 AndreasLutro Phil-Work: it is possible, but you're probably better off writing a script or module for it
13:18 DammitJim it's physically impossible to stack salt (especially table salt)
13:18 DammitJim I mean, I guess you could create a cone when trying to stack it
13:19 otter768 joined #salt
13:20 bhosmer joined #salt
13:21 ferbla joined #salt
13:27 jdesilet joined #salt
13:27 ekristen joined #salt
13:27 rcurrah joined #salt
13:29 zwi joined #salt
13:32 protoz joined #salt
13:34 anotherZero joined #salt
13:35 cpowell joined #salt
13:36 bhosmer_ joined #salt
13:41 Akhter joined #salt
13:41 Ztyx left #salt
13:43 perfectsine joined #salt
13:45 murrdoc joined #salt
13:45 anotherZero joined #salt
13:45 tanta joined #salt
13:48 pm90_ joined #salt
13:50 monkeybox I have a relatively simple map file ( http://pastebin.com/ND7t3Wdx ). It works until I add the grains: section, and then I get "mapping values are not allowed here" with an arrow pointing to the grains: line.
13:51 anmolb joined #salt
13:51 giantlock joined #salt
13:52 amcorreia joined #salt
13:53 AndreasLutro monkeybox: you can't mix dictionary and non-dictionary values inside a list item
13:55 monkeybox Hmm.. I wish I knew what that means.
13:55 Garo_ joined #salt
13:55 monkeybox I followed the example from here: [ https://docs.saltstack.com/en/latest/topics/cloud/map.html ]
13:56 AndreasLutro monkeybox: well, you're missing a : after the web1 and an indentation level
13:56 monkeybox Dammit. ... yes, just found taht.
13:56 AndreasLutro in general you may want to play around with http://yaml-online-parser.appspot.com/ to learn how yaml works
13:57 murrdoc joined #salt
13:57 monkeybox And also some spaces, apparently.
13:57 monkeybox That'll help, Andreas. I don't fully understand teh whitespace use yet, so I clearly need to take the remedial intro to yaml. THanks for the link.
13:58 zerthimon joined #salt
13:59 bhosmer joined #salt
14:00 monkeybox Though, I am quite proud of myself so far. Have a map file that deploys a web server on ec2 in a vpc, installs appropriate packages, and installs a custom index.html.
14:01 Deevolution joined #salt
14:06 ingslovak joined #salt
14:06 zmalone joined #salt
14:06 dec joined #salt
14:07 linjan joined #salt
14:12 impi joined #salt
14:14 edrocks joined #salt
14:16 Brew joined #salt
14:19 drawsmcgraw monkeybox: Glad to hear you got past the indention issues. I lost days trying to track down those nuances when putting together my mapfiles
14:26 monkeybox I'm still debugging something... But I don't think ti's the map file any more.
14:27 andrew_v joined #salt
14:28 kevinquinnyo joined #salt
14:29 drawsmcgraw monkeybox: Just in case, here's a working mapfile from a demo I ran. http://dpaste.com/1FYB01K
14:29 drawsmcgraw At least, it ran the last time I used it :)
14:29 drawsmcgraw Note the.... interesting... spacing patterns
14:31 pravka joined #salt
14:35 CeBe joined #salt
14:36 mapu joined #salt
14:36 alemeno22 joined #salt
14:39 ssc left #salt
14:39 babilen drawsmcgraw: Which pattern? It should be "2 spaces", shouldn't it?
14:42 viq joined #salt
14:46 GreatSnoopy joined #salt
14:46 monkeybox The one that threw me was the 4 spaces if the previous line starts with a -, but I realize this is yaml newb stuff.
14:46 impi joined #salt
14:48 drawsmcgraw monkeybox: Not in my experience. That's what was so odd to me
14:48 drawsmcgraw babilen: What monkeybox mentioned. It's not always "2 spaces"
14:48 drawsmcgraw I've written plenty of states and (at least I thought) I've always just used two spaces when writing my yaml stuffs.
14:49 babilen It should be pointed out that some of that stuff is due to the YAML parser used in salt rather than part of the specification
14:49 dendazen joined #salt
14:49 babilen Ah, but the four spaces ... are they really necessary?
14:49 drawsmcgraw babilen: yes
14:49 drawsmcgraw Else you get those obscure errors like monkeybox was getting.
14:50 drawsmcgraw That make you *think* it's an issue with having/not having a colon
14:50 drawsmcgraw At least the last I checked, they were. Maybe things have changed since this past Feb.
14:50 babilen drawsmcgraw: That's crazy
14:51 drawsmcgraw babilen: Yes. Yes it is.
14:51 drawsmcgraw That's how I lost days making a mapfile :)
14:52 impi joined #salt
14:54 SunPowered I can clone a private repo from the shell using my salt-master root user.  gitfs is failing though, I'm having a hell of a time figuring out why.
14:55 SunPowered I have pygit2 0.23.0
14:55 murrdoc its installed on the minion
14:55 polishdub joined #salt
14:55 Rumbles joined #salt
14:55 SunPowered this is all on my master
14:56 monkeybox If I don't have the 4 spaces, it thinks it's another minion I want to create called 'grains'.
14:57 Fiber^ joined #salt
14:59 bhosmer joined #salt
15:02 Akhter joined #salt
15:03 PeterO_ joined #salt
15:05 mpanetta_ joined #salt
15:05 debian112 any idea how to escape the double quotes:
15:05 debian112 https://paste.debian.net/311199/
15:05 debian112 seems to be failing on them
15:06 kaptk2 joined #salt
15:07 mpanetta_ joined #salt
15:07 mpanetta_ joined #salt
15:09 sdm24 joined #salt
15:13 pbrooko joined #salt
15:14 pdayton joined #salt
15:14 dkrae1 joined #salt
15:18 jalbretsen joined #salt
15:18 dopesong joined #salt
15:19 otter768 joined #salt
15:21 sunkist joined #salt
15:26 pm90_ joined #salt
15:27 pm90__ joined #salt
15:28 aristedes joined #salt
15:28 aristedes left #salt
15:32 Phil-Work are IDs namespaced within an sls file or are they global?
15:32 theologian joined #salt
15:33 DammitJim man, these templates are causing me trouble
15:33 Phil-Work e.g. can I use "packages: pkg.installed: pkgs: ..." in a few files or does "packages" need to be unique for each sls?
15:33 DammitJim how can I see if a conf file from a template has weird characters or something?
15:33 mwak joined #salt
15:33 murrdoc Phil-Work:  pkg.installed: -names:
15:33 murrdoc - pkg1
15:33 murrdoc - pkg2
15:33 murrdoc so on
15:33 murrdoc names is global
15:34 Phil-Work murrdoc, in this example: https://gist.github.com/anonymous/080d3960decf3489d0f1
15:34 Phil-Work can I use domain-servers-packages ID in other sls files without conflict?
15:35 DammitJim how do I add a line in a template where a section is repeated multiple times?
15:35 murrdoc no the id is unique
15:35 Phil-Work globally unique?
15:35 Phil-Work globally on the salt master, I mean
15:35 murrdoc yeah
15:35 Phil-Work hm, ok
15:35 murrdoc each state becomes a dictionary
15:35 murrdoc all included state files become a dictionary of dictionaries
15:35 murrdoc keyed on the id
15:36 Phil-Work are there any recommendations for namespacing etc. to ensure uniqueness is maintained as the setup grows?
15:36 murrdoc if its not globally unique … the lowstate compiler fails
15:36 murrdoc prepend the directory path
15:36 Phil-Work like "domain-servers/packages"?
15:36 sdm24 Phil-Work: I make my IDs more "human readable", i.e. "manage /etc/apache2/apache2.conf", and then file.managed  - name: /etc/apache2/apache2.conf
15:37 Phil-Work sdm24, that makes sense
15:37 sdm24 or install apache2: pkg.installed: - name: apache2, and in a different state/ID, check apache2 service: service.running: - name: apache2
15:37 coval3nce joined #salt
15:37 Phil-Work what if, for example, you had "append /etc/sudoers" file.append
15:38 Phil-Work that needed to be done by a few different logical units
15:38 sdm24 plus when the state is run, it can be easier to see what each ID is doing
15:40 whytewolf Phil-Work: in that case i tend to add a quick description of what is being appended. such as 'append (( username }} to /etc/sudoers'
15:41 ferbla Has anyone had luck remotely upgrading a windows minion? When I run my command I always loose connection with my minion, the server gets shutoff and never comes back up
15:41 ferbla salt minion01 cmd.run 'c:\salt\var\cache\salt\minion\files\base\win/repo/salt-minions/Salt-Minion-2015.5.5-x86-Setup.exe /S /master=master01 /minion-name=minion01'
15:41 Phil-Work that makes sense - thanks
15:42 dopesong joined #salt
15:42 pcn Can I get a check on this: I think I can set up rest_cherrypy, and submit jobs to run async via POST to /minions.  What I would like to know is whether there's a way to manage jobs e.g. kill (say we want to abort and clean up a running job)
15:43 Phil-Work this is good - thanks
15:43 Phil-Work I prefer the more explicit way of doing it rather than params being assumed from the ID, e.g. for file.managed
15:44 pcn The jobs documentation shows that salt-run can execute various functions on the master, but I'm not sure how that translates to the rest API
15:45 XenophonF joined #salt
15:45 sdm24 ferbla: I had that same issue, and someone else posted a workaround. From the CLI, you need to call a bash script that will run the salt command. Otherwise Salt will indeed time out
15:45 XenophonF announcing https://github.com/irtnog/active-directory-formula - it kinda works, maybe
15:46 chiui joined #salt
15:47 ferbla sdm24: so if I put that line into a shell script then run that shell script it should work?
15:47 Bryson joined #salt
15:47 sdm24 ferbla: yeah let me show you what I have. I customized it a bit so it will update a list with all windows minions that are a different version than the master.
15:48 ferbla sdm24: okay, awesome thanks
15:50 sdm24 ferbla: https://gist.github.com/sdm24/cc26a5f99afc62339f85 you can ignore the init.sls file if you want. I also have the windows-minion.exe saved on the fileserver, so you can probably ignore that part
15:51 whytewolf pcn: not 100% sure, but the client: for salt-run would most likely be runner https://docs.saltstack.com/en/latest/topics/netapi/index.html#salt.netapi.NetapiClient.runner
15:52 ferbla sdm24: Thanks for your help
15:53 sdm24 ferbla: for you, I think you just want that master-script (updating the list to include the windows minions), script-upgrade (removing the part to copy the .exe, since you already have it on the minion), and upgrade-minion. Make sure to change the directories, filenames, and master name to match your setup
15:53 XenophonF left #salt
15:53 pcn whytewolf: any idea how that would be exposed via the rest api?
15:54 whytewolf pcn: look at the example here https://docs.saltstack.com/en/latest/ref/netapi/all/salt.netapi.rest_cherrypy.html#usage
15:55 tomspur joined #salt
15:55 bhosmer joined #salt
15:57 pcn Right, but it's a bit confusing - e.g. there's a /run endpoint, but the examples don't correspond to the local functions that a netapi runner would call
15:57 mdupont joined #salt
15:58 giantlock joined #salt
15:59 ferbla sdm24: Perfect, I tweaked it and it worked perfectly. Thanks again
16:00 sdm24 ferbla: no problem. I can't remember who originally posted that solution. I wish I could thank them
16:02 whytewolf pcn: yes they do. client should be runner, function should be the command you want to send to salt.run such as jobs.lookup_jid then the rest of kwags that get passed to the runner
16:03 protoz joined #salt
16:05 Akhter joined #salt
16:06 whytewolf coarse, if you are looking at job managment you should look at /jobs/
16:07 johnkeates joined #salt
16:09 pcn whytewolf: jobs only does get - i want to plan for being able to kill a job too
16:10 pcn whytewolf: thanks for the input re: the runner, I'll try to understand that a bit better right now
16:12 ipmb joined #salt
16:12 whytewolf kill a job? what runner function is that?
16:13 ipmb_ joined #salt
16:14 pcn Oh, it's in saltutils
16:14 johnkeates left #salt
16:14 pcn s/s$//
16:14 ipmb joined #salt
16:14 Akhter joined #salt
16:14 pcn So that would be run via the /minion endpoint anyway
16:15 whytewolf pcn: or through the run with a client of local
16:16 pcn OK, /run is sync, /minion is async right?
16:17 whytewolf oh you want async than client: local_async
16:18 whytewolf btw, the full list of clients for /run is [local, local_async, local_batch, runner, wheel]
16:19 pcn whytewolf: that's helpful
16:19 rm_jorge joined #salt
16:19 whytewolf /minions just makes it just a tad easier since it returns the jid
16:19 chiui_ joined #salt
16:19 pcn I think I'm going to work around that jid for most things
16:19 SheetiS joined #salt
16:20 jacob_ joined #salt
16:23 Guest36044 hi, i am getting a zombie process when i run this "salt '4eafa7df588f' -v service.start jboss-as-domain.sh", I can start other services just fine. any help/ideas?
16:24 johnkeates joined #salt
16:25 johnkeates left #salt
16:26 whytewolf Guest36044: that sounds like jboss-as-domain.sh isn't returning properly. like the script isn't exiting.
16:31 Guest36044 well, when /sbin/service jboss-as-domain.sh start is called it spawns multiple init.d scripts but then they exit leaving the parent. thats what seems to happen when i start the service manually from the machine. I dont know if salt is handling that correctly
16:31 bhosmer joined #salt
16:33 aparsons joined #salt
16:35 kawa2014 joined #salt
16:36 dkrae joined #salt
16:36 writtenoff joined #salt
16:39 jodv joined #salt
16:40 jodv_ joined #salt
16:41 dec joined #salt
16:42 Phil-Work if I have salt running a command that requires interactive input, is it possible to have salt automatically fill that?
16:42 Phil-Work short of echo -e "foo\nbar" | command
16:45 iggy no
16:45 iggy there isn't some sort of expect like functionality built into salt
16:45 iggy (would be handy though)
16:46 iggy not something I think the salt devs want to mess with (x-platform issues abound there)
16:48 murrdoc is phil work is dude from where iggy works
16:48 murrdoc this whole conversation is hilarious
16:48 Lionel_Debroux joined #salt
16:48 iggy doubt it, hardly anybody is in the office yet
16:49 Phil-Work iggy, thanks
16:49 murrdoc phil from work normally puts in work before he gets in
16:49 murrdoc almost everyone does
16:49 murrdoc we have a 'work too much' affliction
16:49 iggy ahh
16:50 iggy yeah, I woke up to skype and slack going crazy at 7... started to blame the ukians then noticed it was the local guys
16:50 mapu_ joined #salt
16:50 murrdoc yarp
16:50 murrdoc do /mute in all bogus channels
16:51 murrdoc in slack
16:51 iggy close laptop before I go to sleep
16:51 iggy I'm not important enough for people to want to wake me up at odd hours yet
16:52 murrdoc yaaarp
16:52 iggy did you watch Hot Fuzz recently?
16:52 murrdoc YAAARP
16:53 murrdoc the hound is awesome in that movie
16:56 KyleG joined #salt
16:56 KyleG joined #salt
16:58 murrdoc can failhard be toggled by state ?
16:58 steffo joined #salt
16:58 SheetiS I only failhard on certain states.
16:59 murrdoc i have it globally TRUE
16:59 SheetiS hmm i bet you could - failhard: False (the opposite of what I do).
16:59 SheetiS on the states you don't want to failhard.
16:59 murrdoc and i think its a global option
17:00 murrdoc so technically custom states get it automatic
17:02 iggy murrdoc: I doubt it, I know you can turn it on if it's off, but I doubt if you can turn it back off if it's config on
17:02 iggy but test it out and see
17:02 iggy I'd be interested to know how it goes
17:02 hasues joined #salt
17:03 hasues left #salt
17:04 protoz joined #salt
17:07 timoguin joined #salt
17:07 impi joined #salt
17:09 alemeno22 joined #salt
17:09 jbrnds joined #salt
17:09 ajw0100 joined #salt
17:09 bhosmer_ joined #salt
17:10 NightMonkey joined #salt
17:12 jbrnds how can i force update of gitfs remote
17:14 averell joined #salt
17:15 SneakyPh1l afternoon all, does anyone run SaltStack on SLES 10.X or 11.X?
17:17 averell what am i doing wrong if minion.pub/pem are not generated? restarting and clearing minion_id doesn't help
17:19 forrest joined #salt
17:19 pm90_ joined #salt
17:19 zmalone joined #salt
17:20 pm90_ joined #salt
17:20 otter768 joined #salt
17:21 protoz joined #salt
17:25 sdm24 averell: in etc/salt/minion, is the id: field commented out? If it is not, it will take priority over minion_id. That could be why the new pub/pem are not generated
17:29 jodv anyone here got much context on engines?
17:30 averell it was, i just changed it, and even with removing minion_id nothing happens. the master is also on localhost if that makes a difference.
17:30 s0l4r SneakyPh1l, yes running onSLES 11.3
17:31 SneakyPh1l s0l4r: turns out you need at least 11.2
17:31 SneakyPh1l that being said, I'm now learning how to update 11.1 :)
17:31 s0l4r ok :)
17:34 pcn Is there a lazy version of pillar.get?  Or a pillar.get that will retry under some circumstances?
17:34 tedski- joined #salt
17:35 forrest pcn: Not as far as I know.
17:35 pm90__ joined #salt
17:36 pdayton joined #salt
17:37 pcn If I want to start a run and then block until some data is available, is there an example of that?
17:38 pcn that is - block in the middle of the run
17:44 pcn Maybe orchestrate could do this
17:45 murrdoc nope runner
17:45 murrdoc write your own runner :)
17:45 bhosmer_ joined #salt
17:45 murrdoc disregard
17:47 pcn Yeah, similar but different :)
17:48 Fiber^ joined #salt
17:49 pdayton joined #salt
17:49 forrest why would you want to block a run until data is available? Why would you not provide the data prior to the run :(
17:49 forrest Slow runs are bad mmm'kay?
17:52 SneakyPh1l would using mine be suited for that?
17:52 pcn forrest: E.g. start a 3 node cassandra cluster.  I want to launch ec2 instances and have them start installing software as soon as each one comes up.  But I need to know all 3 IP addresses to form a cluster with 3 seeds in 3 AZs, so until I have 3, I don't want to start any of them.  Once I have 3, I can start those, but I only want to start 1 more at a time after that
17:53 pcn That kind of a 2-step process (install software asap, but coordinate once it's done) seems to be a common theme in cloud installs.
17:54 pcn (note WRT the 3-node install, after 3 nodes are up, c* clusters are easy enough to expand, so that should be a 3+ node install process)
17:54 ipmb joined #salt
17:54 forrest pcn: Why don't you just assign elastic IPs to the instances and then use those?
17:54 GreatSnoopy joined #salt
17:55 pcn That doesn't cover their private IPs, which is what they actually use to identify themselves.
17:55 pcn (non-vpc here - that's going away, but not yet)
17:55 forrest Gotcha
17:55 forrest are you spinning them with salt-cloud?
17:56 pcn But like I said, pre-declaring all of this doesn't always work, so it's nice to do the time-consuming stuff until the API can tell me what "all of this" is and I can continue
17:56 forrest pcn: I was going to say I think this might work for you: https://docs.saltstack.com/en/stage/ref/clouds/all/salt.cloud.clouds.ec2.html#salt.cloud.clouds.ec2.wait_for_instance
17:57 forrest I haven't used that option myself though, so I'm not very familiar with how it works
17:58 pdayton joined #salt
17:58 Akhter joined #salt
17:58 baweaver joined #salt
17:58 druonysus joined #salt
17:58 druonysus joined #salt
17:59 SneakyPh1l seems like that option only waits for the ec2 instance to come online, not to wait for the seed node to configure itself
17:59 pcn So, custom runner, eh?
18:00 murrdoc me thinks
18:00 SneakyPh1l you could wait for the instance to come online, get the seed node of cas configured, store the IP in the mine, share the seed IP to the rest of the cluster so that it can be configured
18:01 pcn I'm probably going to avoid the mine, and put the data in an external pillar (so the rest api behind the pillar can make decisions about which nodes are seeds, and persist that)
18:01 SneakyPh1l ah
18:01 pcn note: seeds plural, not just one
18:01 TyrfingMjolnir joined #salt
18:02 pdayton1 joined #salt
18:06 huddy joined #salt
18:10 iggy pcn: fire an event to the reactor when the data is available
18:13 jor joined #salt
18:13 murrdoc iggy the queue runner does it all automagic
18:15 pcn iggy: are you suggesting that e.g. I feed the rest API, and have it fire off to the reactor when it's satisfied that it's got it's conditions met?
18:15 iggy something like that
18:15 iggy I didn't read much of the backlog
18:16 iggy event driven > polling/random sleep()s/etc
18:17 baweaver joined #salt
18:20 pcn iggy: the question isn't so much events vs. polling, as how to describe an event that meets a certain condition, but letting the run go until that condition is met.
18:21 pcn so install software, update everything etc., but only confgure when condition (a) is met, and then only start when condition (b) is met.
18:21 iggy beacon?
18:21 pcn Ideally with some flexibility in adding conditions
18:21 pcn Hmm.
18:21 pcn So many things... let me look
18:22 riftman joined #salt
18:23 pdayton joined #salt
18:23 mapu joined #salt
18:24 pcn That may work. So can the beacon be turned on dynamically, e.g. on first run that beacon exists and will phone home to a service /waiting_for_you endpoint, and then if it's using an external pillar, that external pillar could stop returning that beacon pillar after the first run?
18:25 ageorgop joined #salt
18:25 pcn (i mean if the pillar that turns on the beacon is an external pillar that will turn it off afterwards)
18:25 pcn Did that make sense?
18:26 bhosmer joined #salt
18:26 vstoniest joined #salt
18:27 writteno2f joined #salt
18:27 pcn Bascially, does the minion remove the beacon if the pillar that defined it goes away?
18:28 iggy haven't actually worked with any beacons yet, just know what they are supposed to be used for
18:28 dopesong_ joined #salt
18:30 pcn Time to test I guess
18:30 pcn that looks like the simplest system to do the gating I'm asking for.
18:30 giantlock joined #salt
18:31 ajw0100 joined #salt
18:32 ahale joined #salt
18:33 lb1a joined #salt
18:36 ipmb joined #salt
18:39 pizzahead joined #salt
18:40 Tyrm joined #salt
18:44 fersur3 joined #salt
18:45 ekristen joined #salt
18:51 N-Mi joined #salt
18:55 Zeromorphism joined #salt
18:58 zmalone joined #salt
18:58 nitay_ joined #salt
18:59 eitzei joined #salt
19:01 bhosmer joined #salt
19:02 sgargan joined #salt
19:02 protoz joined #salt
19:03 protoz joined #salt
19:07 _vimalloc joined #salt
19:07 PeterO_ joined #salt
19:07 _vimalloc I'm trying to setup a way that a script will be run whenever any file in a directory is changed. I'm looking at the onchagnes event, but I'm not finding much examples of it online.
19:08 _vimalloc Does something like this look like it is on the right track? https://gist.github.com/vimalloc/64b96f8b61f26775afc8
19:08 jbrnds how do I run a module again from a salt state file?
19:09 jbrnds looking for setting selinux to permissive (module.selinux.setenforce)
19:10 sdm24 jbrnds: you probably want module.run https://docs.saltstack.com/en/latest/ref/states/all/salt.states.module.html
19:11 tkharju joined #salt
19:11 sdm24 _vimalloc: I think you want " - onchanges: \n - cmd: /usr/local/sbin/foobar"
19:12 _vimalloc sdm24: ty, I'll give that a shot
19:12 jbrnds sdm24: check. permissive:  module.run:  - name: selinux.setenforce  -m_name: Permissive
19:13 sdm24 _vimalloc: I'm not sure, that just seems to be how the other requisites do it
19:13 sdm24 jbrnds: good to hear
19:14 PeterO_ can anyone tell me what the point of having a master key is for? It looks like all that needs to happen for servers to communicate is for the master to know (or learn) the minion key. But I don't see anywhere that the master key is used.
19:15 ipmb joined #salt
19:17 jbrnds PeterO_: not entirely sure, but any master is also a ‘minion’ in itself.
19:18 PeterO_ Even when not running in minion mode?
19:18 jbrnds as any minion has a key that is knwon to the master, the master knows the key from itself. However, I did not ‘accept’ it
19:19 jbrnds PeterO_: I would believe yes… however not 100% sure. There is still some black magic for me here and there
19:20 PeterO_ Thanks
19:21 protoz joined #salt
19:21 otter768 joined #salt
19:22 laax joined #salt
19:24 _vimalloc hrm. Still strugling to get this onchanges to work. I've got a more complete example with output here if anyone wants to take a glance (<3): https://gist.github.com/vimalloc/64b96f8b61f26775afc8
19:25 whytewolf _vimalloc: that should be file: /usr/local/sbin/boobar not cmd
19:25 writtenoff joined #salt
19:27 David_B55 joined #salt
19:28 whytewolf _vimalloc: requisites are typically <module>: <state id>
19:28 _vimalloc So it's completing the highstate now, but I don't think it is running the script when a change happens. But I'm double checking that
19:30 whytewolf onchanges means it will only run the second one if the first one regesters as a change in saltstack. if the file exists and only whitespace is changed it doens't count as a change
19:33 slav0nic joined #salt
19:34 _vimalloc hrm. I think I have multiple problems here. I just tried adding a file to the file.recurse stuff (it's a gitfs backend) and it isn't showing up on the minion after a salt-run fileserver.update and state.highstate.
19:34 protoz joined #salt
19:34 _vimalloc I'll figure that out first then checkout the onchanges stuff more. Thanks for the help with it
19:35 PeterO_ Huh... it looks like possibly during the negotiation phase the master shares its master public key with the minion.
19:35 PeterO_ I'm noticing minion servers have the public master key
19:35 baweaver joined #salt
19:36 babilen PeterO_: How else would they verify what is being send from the master?
19:36 PeterO_ I suppose that's true. It is two way communication.
19:37 dendazen joined #salt
19:37 izibi joined #salt
19:40 David_B55 joined #salt
19:41 mrwboilers joined #salt
19:42 mrwboilers Can a custom module be referenced in a pillar?
19:43 laax joined #salt
19:43 wendall911 joined #salt
19:44 mrwboilers I have a module and when I run it from the command line it works fine (salt '*' ktmod.role)
19:45 mrwboilers But in a pillar if I try {% set role = salt['ktmod.role']() %} it errors out
19:45 dendazen joined #salt
19:45 mrwboilers The error is "Rendering SLS 'roles' failed. Please see master log for details."
19:45 mrwboilers The master log says: "Jinja variable 'LazyLoader' object has no attribute 'ktmod.role"
19:47 whytewolf mrwboilers: see this issue https://github.com/saltstack/salt/issues/19816
19:47 dopesong joined #salt
19:47 babilen Ah, that one again :(
19:49 protoz joined #salt
19:50 k00mi joined #salt
19:51 mrwboilers Thanks for that link. From reading that, it sounds like the work around won't work for me
19:51 mrwboilers If a pillar did use a custom module, the module would be run on the master? Is that right?
19:51 mrwboilers I need it to run on the minion.
19:52 babilen Why?
19:53 mrwboilers I'm trying to figure out a good way to set a "role" for each server. This role wouldn't change often, but it could change at any time.
19:55 coval3nce joined #salt
19:55 mrwboilers Since it could change, then a custom grain wouldn't be ideal, correct?
19:56 mrwboilers To try to simplify maintaining the list of what each server's role is, I decided to try just creating a simple csv file where each line is 'hostname,role'
19:56 pcn mrwboilers: we use aws tags to proide that.  custom grains should work too.
19:57 qman__ joined #salt
19:57 mrwboilers I wrote a module that matches the hostname in the file to the 'nodename' grain and returns the role
19:57 mrwboilers That module works fine
19:57 mrwboilers I'm open to suggestions on how to do this. I'm not married to this way of doing it.
19:58 pcn That seems fine if it meets your needs
19:58 mrwboilers But I can't use the module in the pillar
19:58 numkem joined #salt
19:59 mrwboilers If I'm understanding the workaround in the link whytewolf posted, if I use extension_modules and symlinks to get the pillar to use the module, the module would actually be run on the master and would therefore use the master's nodename grain
19:59 mrwboilers Or am I incorrect on that?
20:00 nitay_ joined #salt
20:00 pcn mrboilers Using that as a custom grain seems very low-cost and it seems like it'd do exactly what you want.
20:01 pcn The custom grain will run on the client on each invocation, and so if it changes, the next invocation should reflect that change
20:01 mrwboilers pcn: but if I did that, I'd have to make sure to run state.highstate every time I make changes to the role file, correct?
20:01 sdm24 joined #salt
20:01 mrwboilers pcn: I'll try it as a grain and see how it works
20:01 pcn If that file is on the salt server, you could just run state.sls 'that_state_to_update_the_file'
20:03 numkem joined #salt
20:03 larsfronius joined #salt
20:03 numkem joined #salt
20:05 tanta I am seeing syntax errors using cmd.script with a bash here document
20:06 numkem joined #salt
20:06 dendazen_ joined #salt
20:09 jbrnds how do I get the external (public IP) from within an amazon instance?
20:10 kukacz joined #salt
20:11 dopesong joined #salt
20:14 alainv joined #salt
20:15 zer0def joined #salt
20:16 pdayton joined #salt
20:16 baweaver joined #salt
20:18 bhosmer joined #salt
20:18 mrwboilers Ok, in a module this works fine: "node =  __salt__['grains.get']('nodename')"
20:18 mrwboilers But in a custom grain, it errors out with "global name '__salt__' is not defined.
20:19 mrwboilers Is there a better/different way to reference a core grain in a custom grain?
20:26 pcn mrboilers: make a custom grain in _grains/something.py, and just reference it with grains.get
20:26 pcn mrwboilers: that's my experience so far, I don't think you can get a grain from within another grain.
20:27 pcn jbrnds: have you used the ec2_info grain? https://github.com/saltstack/salt-contrib/blob/master/grains/ec2_info.py
20:27 pbrooko joined #salt
20:27 druonysus joined #salt
20:27 druonysus joined #salt
20:28 sdm24 how would I download the dev version of Salt on a windows minion?
20:31 ekristen joined #salt
20:32 druonysus joined #salt
20:36 Ztyx joined #salt
20:36 nitay_ joined #salt
20:38 druonysus joined #salt
20:38 ajw0100 joined #salt
20:38 pcn Is there a way to see all events from the past 24 hours?
20:39 Ztyx left #salt
20:39 scooby2 does Salt have any way of securely handling password for things like config files that we might template?
20:42 pcn It allows you to secure your pillar however you need, but it doesn't implement e.g. hashicorp's vault, you have to do that.
20:42 druonysus joined #salt
20:44 Ztyx joined #salt
20:44 Ztyx left #salt
20:45 bhosmer joined #salt
20:46 protoz joined #salt
20:46 protoz_ joined #salt
20:48 sgargan joined #salt
20:49 sunkist joined #salt
20:50 forrest joined #salt
20:51 pravka joined #salt
20:51 dendazen joined #salt
20:56 emaninpa joined #salt
21:01 crd joined #salt
21:03 druonysus joined #salt
21:03 druonysus joined #salt
21:04 mrwboilers Ok, so getting a server's role from a csv file in a custom grain seems to work.
21:04 mrwboilers The only downside is that every time I edit the csv file, I have to sync the grains before it picks up the changes.
21:04 mrwboilers That's not ideal, but it could work.
21:05 mrwboilers I didn't figure out how to reference a core grain in my custom grain though. That would have made things easier.
21:05 mrwboilers Instead I ended up using subprocess.Popen to run the hostname command to get the server's name that way (instead of being able to just use grains.get)
21:06 jhauser joined #salt
21:08 Ztyx joined #salt
21:08 mrwboilers pcn: is there a different syntax for using grains.get than what I posted above?
21:10 Ztyx joined #salt
21:16 tanta joined #salt
21:18 nitay_ joined #salt
21:22 otter768 joined #salt
21:23 pm90_ joined #salt
21:25 druonysus joined #salt
21:25 jalbretsen is there a way to run a salt execution module command (like rvm.install) in a state file given a certain condition?  Similar to setting up state file to use cmd.run to run a system command if say, a file doesn't exist.
21:25 pm90__ joined #salt
21:26 jodv mrwboilers: you can't cross-reference grains like that because the loader doesn't implement it.  core grains and custom grains are loaded in the same method
21:26 iggy salt.states.module
21:26 mrwboilers Is there a way to force a custom grain to reload?
21:27 mrwboilers My grain depends on a file on an nfs mount. When I first synced the grain to my 2nd test server I hadn't mounted it yet, so of course the grain failed.
21:27 iggy jalbretsen: https://docs.saltstack.com/en/latest/ref/states/all/salt.states.module.html#module-salt.states.module
21:27 mrwboilers Now, after mounting it I still can't get it to run
21:27 murrdoc did u mount it ?
21:27 murrdoc or salt
21:27 jalbretsen iggy:  Thanks.  It always boils down to I've looked at 10 doc pages, and I'm missing one
21:27 mrwboilers I've re-synced it. I've ran state.highstate
21:28 mrwboilers Still isn't running.
21:28 iggy mrwboilers: grains are basically refreshed at the start of every state run (and they aren't cached by default)
21:28 mrwboilers I've done it all while tailing the minion log too. The last entry in the minion log is about the file not being found. Even after mounting the nfs mount, re-syncing, state.highstate, etc, no updates to the minion log at all.
21:29 mrwboilers I mounted it
21:29 iggy mounted on the minion right? (not the master)
21:29 mrwboilers iggy: right. On the minion
21:29 mrwboilers No matter what I do, nothing seems to happen.
21:30 mrwboilers I even tried restarting the minion
21:30 iggy you've got something wrong, double check paths, etc
21:30 ageorgop joined #salt
21:31 bfoxwell joined #salt
21:31 mrwboilers This actually leads me to a related question
21:32 mrwboilers Instead of making this file available to all minions via nfs, is there a way I could just have it in the salt file system?
21:32 mrwboilers the grain just uses python "open('/path/to/file') to open the file
21:32 iggy grains modules can't read directly from salt:// uri's if that's what you're asking
21:33 mrwboilers iggy: that's what I'm asking.
21:33 mrwboilers iggy: It would be really cool if that could be done.
21:33 iggy you could however have your grain module cp.cache_file and then read from the minion cache
21:34 mrwboilers iggy: I'll have to read up on that. Not familiar with cp.cache
21:36 sdm24 How can I upgrade a windows minion to v2015.8?
21:36 mrwboilers iggy: cp looks promising.
21:36 seblu joined #salt
21:37 mrwboilers iggy: I see how cp.cache_file would cache the file on the minion. After that, how would I read the file?
21:38 sdm24 I found  https://github.com/saltstack/salt-windows-dev I think thats what I want
21:39 sdm24 although that hasn't been updated in 2 months
21:40 iggy mrwboilers: look in the cache dir for the file... I'm not sure on the exact path
21:40 iggy somewhere under /var/cache/salt/minion/
21:41 mrwboilers iggy: thanks. I see that now. Can I call cp.cache_file in the grain module?
21:42 mrwboilers iggy: when I tried __salt__['grains.get'](...) from within the grain module earlier it errored out saying __salt__ wasn't defined.
21:42 iggy __salt__['cp.cache_file']()
21:42 baweaver joined #salt
21:42 iggy where were you running it?
21:42 mrwboilers In a grain
21:43 mrwboilers in /salt_root/_grains/grain.py
21:43 iggy I meant inside the file... was it inside a function or just in the file?
21:43 mrwboilers It was in a function
21:45 iggy https://github.com/saltstack/salt-contrib/blob/master/grains/facter.py
21:46 iggy might have to do something like that grain does
21:46 iggy or try to import salt.modules.cp directly
21:47 iggy or just cross your fingers and hope the file is already cached
21:47 jodv joined #salt
21:48 nitay_ joined #salt
21:49 sdm24 couldn't you run a file.managed or something on that file to force salt to cache it?
21:49 sgargan joined #salt
21:52 iggy same problem
21:52 iggy no access to __salt__ in grains apparently
21:52 murrdoc import salt.utils
22:00 mrwboilers Is there a way to look through salt.modules? I'd like to try something similar to what iggy linked to, but I'd need to know the exact function names in salt.modules.cp
22:01 murrdoc read the code
22:01 murrdoc on github
22:02 murrdoc ?
22:03 jodv joined #salt
22:03 iggy mrwboilers: https://docs.saltstack.com/en/latest/salt-modindex.html (linked at the top of all the docs pages)
22:03 protoz joined #salt
22:07 mrwboilers This might be beyond my meager python skills.
22:08 mrwboilers It's now telling me that __context__ is not defined, which isn't anything that I reference directly. It must be in salt.modules.cp somewhere.
22:09 murrdoc what are u trying to do
22:09 mrwboilers Right now I'm just trying to figure out how to call cp.cache_file in a grain
22:10 murrdoc to do what
22:10 murrdoc original goal please
22:10 mrwboilers I'm trying to set things up so that I can manage a 'role' for each server in one flat file.
22:11 mrwboilers It works as it is right now, but each minion needs to have an nfs mount to where the file is located.
22:11 mrwboilers I'm trying to use cp.cache to push the file to each minion first so that I don't need to worry about this nfs mount.
22:11 murrdoc do u have the file on the master ?
22:12 mrwboilers Yes, the file is on the master
22:12 murrdoc or do u need to update this file from the minions
22:12 murrdoc cos if its on the master
22:12 murrdoc and u need to access it for knowledge
22:12 murrdoc make it an ext_pillar
22:12 mrwboilers I don't need to update the file from the minions. I just need each minion to always have the latest version of the file
22:13 murrdoc they need this version of the file to use the file ?
22:13 murrdoc or for salt to use the file
22:13 mrwboilers for salt to use the file
22:13 murrdoc then there is no need to put it on the minions
22:14 murrdoc parse the file as an ext_pillar on the salt master itself
22:14 murrdoc https://docs.saltstack.com/en/stage/topics/development/external_pillars.html
22:14 mrwboilers But I don't think that would work for this purpose.
22:15 mrwboilers The file is a csv in the format of hostname,role
22:15 whytewolf is hostname = minion_id
22:15 mrwboilers This process needs to find the minion's hostname and then grab the associated role
22:16 mrwboilers I originally was using the grain 'nodename' for the hostname
22:16 murrdoc which u can still use
22:16 murrdoc read up on ext_pilar
22:16 murrdoc it will make sense
22:17 mrwboilers And it was my understanding (which very well could be wrong) that if I did this in an external pillar, it would use the master's nodename grain, not the minion's.
22:17 murrdoc https://github.com/saltstack/salt-contrib/blob/master/pillars/lookup.py
22:18 murrdoc salt minion pillar.get <ext_pillar_name>
22:18 murrdoc will return your role
22:18 murrdoc salt mastername pillar.get
22:18 baweaver joined #salt
22:18 murrdoc will pass in minion id as master hostname
22:19 _vimalloc left #salt
22:22 mrwboilers Thanks for your help. I'll need to ponder all this. I need to get home now. I'll pick it up again later tonight or tomorrow.
22:29 jodv joined #salt
22:31 jodv_ joined #salt
22:36 laax_ joined #salt
22:45 f4lse joined #salt
22:46 nitay_ joined #salt
22:47 f4lse hey all, slight trouble creating new users without specifying a gid via salt state. I want it to create its own gid like it does with the uid if u leave it blank. suggestions?
22:50 Lionel_Debroux_ joined #salt
22:51 sgargan joined #salt
22:52 sdm24 so just a heads  up (after I spent the last 2 hours trying to install the development version), the Windows Development version on git is using 2015.5.0
22:52 iggy tell utahdave
22:52 sdm24 at both https://github.com/saltstack/salt-windows-dev/ and https://github.com/saltstack/salt/tree/develop/pkg/windows
22:52 sdm24 How would I do that?
22:54 nitay_ joined #salt
22:55 sdm24 I gotta go for the day, I'll file an issue tomorrow
22:57 seblu joined #salt
22:58 nitay_ joined #salt
23:03 nitay_ joined #salt
23:04 PeterO_ Huh... well that's strange: https://gist.github.com/polds/21d18209ee91fcd027eb any idea why my key is accepted, denied and unaccepted? Is it Shrödingers public key?
23:04 larsfronius joined #salt
23:05 nitay_ left #salt
23:08 sunkist joined #salt
23:09 seblu joined #salt
23:12 dayid PeterO_: have you re-imaged the machine with the same hostname?
23:13 dayid that's to say: are all three keys the same key? or perhaps you approved one, then imaged under the same name, etc?
23:13 PeterO_ They're the same key
23:13 dayid peculiar, can't say I've seen that
23:13 dayid I'd had similar results when having an auto-accept and re-building a machine with the same hostname and forgetting to remove the old one
23:14 ipmb joined #salt
23:16 PeterO_ yeah its strange
23:21 seblu joined #salt
23:23 otter768 joined #salt
23:27 hasues joined #salt
23:27 hasues left #salt
23:33 ITdude joined #salt
23:34 ITdude left #salt
23:35 oc_ joined #salt
23:39 pm90_ joined #salt
23:42 orion203 joined #salt
23:44 baweaver joined #salt
23:47 raygunsix joined #salt
23:49 pdayton1 joined #salt
23:49 aristedes joined #salt
23:50 aqua^c joined #salt
23:53 oc_ hello i'm new to saltstack and i'm running into a bit of problem when i try to setup client-acl on the saltmaster;
23:54 oc_ I followed salt documentation to  add the user and give the user permission to certain minions to run  commands; however when i login as the user to run the command I keep getting  "Authentication failure of type "user" occurred."
23:54 aristedes joined #salt
23:54 aristedes left #salt
23:54 oc_ here is what i have for the acl: client_acl: test_user: - es\*:  - test.*
23:55 f4lse is it possible to create pillar files on the fly?
23:55 oc_ no sure what i'm doing wrong or missing; any pointers on this matter would be great
23:56 f4lse i have same pillar file. swap contents. doesnt work
23:56 iggy f4lse: that's what ext_pillar would be for
23:56 pratikmallya joined #salt
23:56 iggy f4lse: oh, there is some caching on the minions, try saltutil.refresh_pillar
23:57 knite joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary