Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2015-09-11

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:00 bbbryson joined #salt
00:00 knite I'm running salt 'host' ssh.set_auth_key_from_file user salt://ssh_keys/user.pub and it comes back with a generic "fail" message. I can run other commands against the host.
00:00 knite never seen "fail" as the output for a salt command before, how can I troubleshoot and fix this?
00:01 mosen joined #salt
00:03 iggy knite: on the minion, use 'salt-call -l debug <module+func+args>'
00:06 seblu joined #salt
00:07 kevinquinnyo joined #salt
00:08 ronrib joined #salt
00:13 ageorgop joined #salt
00:19 f4lse iggy: ive refreshed the pillar and restarted the service. still using old data
00:21 seblu joined #salt
00:21 f4lse dynamic account creation is way harder than i expected with salt
00:22 interisti joined #salt
00:26 iggy make sure the pillar data is not being pulled from somewhere else I guess
00:26 iggy use ldap
00:33 seblu joined #salt
00:33 seblu joined #salt
00:34 mpanetta_ joined #salt
00:35 mpanetta_ joined #salt
00:36 pratikmallya joined #salt
00:40 XenophonF joined #salt
00:40 XenophonF left #salt
00:40 ronrib joined #salt
00:43 kwakhed joined #salt
00:46 kwakhed hello
00:51 ronrib hi
00:54 opensource_ninja joined #salt
01:01 oc_ hi
01:05 kwakhed anyone have any experience with creating custom returners?
01:06 monkeybox I'm trying to get my ec2 hosted minions to automatically go to high-state right after deployment (or as part of the deployment). Best info I've found was this guide: [ http://www.powelltechconsulting.com/salt-cloud-executing-an-auto-high-state/ ], following option 4, for Salt Reactor + Orchestration. I have it triggering on the 'salt/cloud/*/created' event, but I'm getting an error (monitoring through salt-run state.event): "SaltInvocati
01:07 iggy monkeybox: salt-cloud has the ability built-in to do it
01:08 monkeybox iggy: you referring to start_action: state.highstate?
01:08 iggy monkeybox: start_action
01:08 kwakhed anyone ever have issues getting configs from master to the minion?
01:08 kwakhed from /srv/salt/master
01:09 monkeybox iggy: has two problems: 1) It doesn't appear to work with AWS (ec2), and 2) it doesn't have the grains that were defined in the map file yet.
01:10 iggy monkeybox: okay, then your original question was truncated, try not pasting a novel length question ;)
01:11 monkeybox Guess my irc etiquette is out of date. Sorry. I have the reactor triggering on 'salt/cloud/*/created', but I'm getting an error: "SaltInvocationError: orchestrate takes at least 1 argument (0 given)"
01:11 orion203 joined #salt
01:11 kwakhed so these return null in my custom returner script: https://gist.github.com/aryou/4392a840be76e7bfab68
01:15 anotherZero joined #salt
01:17 yetAnotherZero joined #salt
01:18 druonysus joined #salt
01:19 jeadre joined #salt
01:23 amcorreia joined #salt
01:24 otter768 joined #salt
01:30 scoates is there a way that I can do something like `salt-call test.ping` and have it time out more quickly (say within 10 seconds), and set the exit code to non-zero ?
01:36 monkeybox start_action just doesnt' seem to work with ec2. I suppose it's not a big deal to call 'salt "*" states.highstate' after deploying a map, but would be really nice if I could just deploy a complete environment in one step.
01:39 NightMonkey joined #salt
01:45 otter768 joined #salt
01:48 catpiggest joined #salt
02:00 iggy monkeybox: I'd file a bug (assuming you're using the latest version of salt... the cloud stuff has been moving pretty quick since it was merged)
02:02 pratikmallya joined #salt
02:02 monkeybox iggy: The official doc says that it is experimental and may not work with "some providers". It seems known. And seeing as I've been using salt for < 1 week, I'm not confident enough in my configuration.
02:02 iggy well, ec2 isn't some half-assed cloud provider that changes their API every month
02:03 iggy you'd think it'd work
02:03 iggy (I know GCE works, pretty sure DO does too... and they do change their API frequently)
02:03 monkeybox no, but the original document I linked made the same note. Paraphrasing, "It doesn't work with some providers (wink, wink, looking at you, Amazon)"
02:04 iggy there's also the ability to set it in the minion config and include a custom minion config file
02:07 nafg joined #salt
02:07 nafg Hi, what's the best way to troubleshoot what pillar data salt-ssh is picking up?
02:07 writtenoff joined #salt
02:08 monkeybox That's interesting, iggy. Set startup_states in /etc/salt/minion? I haven't done anything with minion configs yet.
02:09 nafg My pillar/top.sls has
02:10 knite joined #salt
02:14 nafg Here's the relevant parts of my code
02:14 nafg https://gist.github.com/nafg/22f14e3329127c2f12fe
02:14 nafg Can I do a dry run, or just compute the pillar?
02:24 knite joined #salt
02:32 knite joined #salt
02:34 Ahlee joined #salt
02:37 XenophonF joined #salt
02:38 nafg How can I test a template?
02:38 XenophonF hey all - what's the canonical way to schedule a computer reboot _after_ the end of a job?
02:40 XenophonF nafg: try something like `salt-call state.single file.managed /tmp/file source=salt://path/to/template template=jinja`
02:40 XenophonF nafg: or use something like `salt-call state.sls some.state.module test=True`
02:41 mpanetta_ joined #salt
02:41 XenophonF i use the first one when testing how a template gets rendered
02:44 knite joined #salt
02:46 Ahlee joined #salt
02:50 knite what's the right way to stop and then start a service? I've tried a few variations, including this: https://gist.github.com/ariscn/67769627bad30902d388, but I don't seem to have the syntax right.
02:57 whytewolf snite, do you want to stop and start. or do you want to restart?
02:57 whytewolf based on another setting?
02:57 XenophonF knite: you're using the wrong syntax
02:58 XenophonF knite: look at the examples in the service state module
02:59 whytewolf knite https://docs.saltstack.com/en/latest/ref/states/all/salt.states.service.html
02:59 XenophonF knite: to stop a service, use service.dead; to start one, use service.running; to restart one, use service.running with a watch requisite
02:59 XenophonF knite: there are a million different examples in https://github.com/saltstack-formulas/
03:00 knite XenophonF: hm...I must have been looking at an older set of docs by mistake.
03:00 k00l joined #salt
03:02 knite whytewolf: I definitely wanted a stop followed by a start, specifically. :-)
03:03 kwakhed joined #salt
03:04 k00l hey whytewolf
03:04 whytewolf hey k00l
03:04 favadi joined #salt
03:04 k00l whats the latest version of the minion?
03:04 XenophonF 2015.5.5
03:04 k00l ahhhh i though i was having some trouble
03:05 whytewolf although if you are using some repos it might not be up to stable yet
03:06 larsfronius joined #salt
03:07 k00l looking into this error for my ext_pillar using mysql
03:07 k00l Specified ext_pillar interface mysql is unavailable
03:07 k00l i though i understood this one but turns out i didnt make enough notes :(
03:09 k00l so the connection info goes in the master config file : https://gist.github.com/anonymous/8efa08ee7ec3427185ac
03:10 k00l and call it into the minions with "salt "*" pillar.items ext_pillar
03:10 whytewolf nice password,
03:10 k00l lol
03:10 k00l its all just for training
03:11 favadi joined #salt
03:12 whytewolf sorry brb
03:12 k00l no worries,
03:12 k00l heres the error : https://gist.github.com/anonymous/c0ff22784cb56f5c334a
03:13 pppingme joined #salt
03:14 allanparsons joined #salt
03:16 knite joined #salt
03:17 whytewolf k00l: do you have the MySQLdb python module installed on master?
03:17 k00l i dont knwo how to check
03:17 whytewolf 2015-09-10 23:06:23,657 [salt.utils.lazy  ][DEBUG   ][21731] Could not LazyLoad mysql.ext_pillar
03:18 whytewolf you would either install it through your pkg man, or through pip
03:18 whytewolf in ubuntu it is called python-mysqldb
03:20 XenophonF left #salt
03:23 k00l excellent mate, Im back on track.
03:23 * whytewolf thumbs up
03:28 joe_n joined #salt
03:40 knite joined #salt
03:42 zmalone joined #salt
03:44 f4lse joined #salt
04:04 evle joined #salt
04:10 Bryson joined #salt
04:11 joe_n joined #salt
04:21 druonysus joined #salt
04:21 druonysus joined #salt
04:26 zer0def joined #salt
04:34 llua joined #salt
04:34 knite joined #salt
04:35 knite joined #salt
04:47 stanchan_ joined #salt
04:48 ramteid joined #salt
04:50 knite joined #salt
04:59 knite joined #salt
05:02 steffo joined #salt
05:03 anmolb joined #salt
05:14 knite joined #salt
05:15 aqua^c joined #salt
05:16 anmol joined #salt
05:17 anmolb joined #salt
05:18 knite joined #salt
05:19 forrest joined #salt
05:24 druonysus joined #salt
05:25 knite joined #salt
05:28 jeddi joined #salt
05:32 mosen joined #salt
05:32 allanparsons joined #salt
05:36 k00l is anyone still up ?
05:36 knite joined #salt
05:36 k00l i just booted a new salt master and minion set up .. and got this error when i tryed to do a test ping on the minion
05:36 k00l Minion did not return. [No response]
05:38 oc_ k001:is the service started on teh minon?
05:38 oyym joined #salt
05:41 jbrnds joined #salt
05:42 mpanetta_ joined #salt
05:43 k00l oh sweet .. i fuigerd it out
05:43 k00l when changing from one master to another one u need to  delete the key
05:44 k00l need to delete the key from here on the minion /etc/salt/pki/minion/minion_master.pub
05:45 allanparsons joined #salt
05:45 k00l and toggle the minion and u will be back in business, important to note that the key exchange went well and no errors were reported so i have to scrour the logs fo rthe fix.
05:46 jhauser joined #salt
05:46 knite joined #salt
05:46 anmol joined #salt
05:47 anmolb joined #salt
05:50 katyucha joined #salt
05:58 colttt joined #salt
06:04 kawa2014 joined #salt
06:04 sirex joined #salt
06:04 tkharju joined #salt
06:11 dopesong joined #salt
06:13 PeterO_ joined #salt
06:18 GreatSnoopy joined #salt
06:21 druonysus joined #salt
06:21 druonysus joined #salt
06:33 lb1a joined #salt
06:37 zer0def joined #salt
06:38 rdas joined #salt
06:41 AndreasLutro joined #salt
06:45 KermitTheFragger joined #salt
06:46 knite joined #salt
06:49 joe_n joined #salt
06:51 pppingme joined #salt
06:54 rubendv joined #salt
07:00 malinoff joined #salt
07:02 babilen k00l: Are you familiar with https://docs.saltstack.com/en/stage/topics/tutorials/multimaster.html or https://docs.saltstack.com/en/latest/topics/tutorials/multimaster_pki.html (not sure why you are changing masters, but that setup might come in handy if you do so often)
07:02 k00l sweet babilen , thanks for the time mate
07:02 k00l tip*
07:03 k00l babilen: im currentlly ighting iwth mysql right now.
07:07 larsfronius joined #salt
07:09 babilen In salt or in general?
07:10 tkharju joined #salt
07:11 rofl____ so will we get any 2015.5.5 packages before 2015.5.8 is released?
07:11 rofl____ im not trying to sound grumpy
07:11 rofl____ but id think it would be in saltstacks best interest to make packages available :)
07:11 druonysus joined #salt
07:12 AndreasLutro https://github.com/saltstack/salt/issues/26928#issuecomment-138643882
07:12 jbrnds2 joined #salt
07:12 babilen 2015.8.0 are what I expect next
07:12 babilen ^ packages
07:13 Ztyx joined #salt
07:15 babilen Why are the packages in contrib? (cf. https://repo.saltstack.com/apt/deb8/dists/jessie/contrib/binary-amd64/Package)
07:15 lb1a joined #salt
07:16 rofl____ babilen: 404?
07:16 babilen Also the deb8 + jessie is unnecessary. debian/dists/$DIST works fine
07:16 Ztyx left #salt
07:17 babilen https://repo.saltstack.com/apt/deb8/dists/jessie/contrib/binary-amd64/Packages
07:17 babilen (and sorry if I spilled the beans)
07:17 rofl____ rc4 has been out for one week now?
07:18 rofl____ still no release notes, only a big BLOB of PR's?
07:18 druonysuse joined #salt
07:18 druonysuse joined #salt
07:21 babilen The version in there is 'Version: 2015.8.0+ds-1'
07:22 rofl____ babilen: actually they are dated from yesterday
07:22 rofl____ there is hope!
07:22 rofl____ https://repo.saltstack.com/apt/deb8/pool/contrib/s/salt/
07:23 babilen Yes, I know. The packages are there, but I'm not sure why they are in contrib nor why they use that URL scheme
07:23 PeterO__ joined #salt
07:23 babilen Also: Has anybody played with spm ? (cf. https://docs.saltstack.com/en/develop/topics/spm/ )
07:25 pbrooko joined #salt
07:26 * babilen predicts versioned dependencies soon
07:27 babilen There also doesn't seem to be any level of security (packages and "Release" files do not appear to be signed as they are in https://wiki.debian.org/SecureApt )
07:28 druonysus joined #salt
07:28 druonysus joined #salt
07:29 babilen joehh: Do you know why 2015.8.0 packages are in contrib? This will prevent us from installing them in some settings and I really wouldn't want that to happen
07:30 PeterO_ joined #salt
07:30 AndreasLutro oh nice, 2015.8.0 is tagged
07:31 AndreasLutro ... in september :D
07:31 babilen Yeah, the versioning scheme is meaningless
07:31 babilen (although most people would assume that the version do have a very specific meaning due to their format)
07:34 illern joined #salt
07:34 AndreasLutro people seem to be afraid of releasing and/or software with huge version numbers
07:34 rofl____ you mean like nodejs AndreasLutro ? ;)
07:34 rofl____ 0.12.x -> 4.0.0
07:35 AndreasLutro somewhat of a unique case :P
07:36 linjan joined #salt
07:36 knite joined #salt
07:38 babilen AndreasLutro: I don't have a problem with salt 0.124.2 ;)
07:39 AndreasLutro me neither, but I'd prefer v124.2
07:39 AndreasLutro that 0 in front is just meaningless if you're not going to do a semver 1.0 release
07:39 slav0nic joined #salt
07:40 babilen Yeah, all of that is fine. What is not fine is to connotate some meaning with your versions numbers (be it semver or dates) and then violate that
07:40 babilen AndreasLutro: But 1.0 is such a scary release *shudder*
07:41 Ixan joined #salt
07:41 GreatSnoopy joined #salt
07:42 laax joined #salt
07:43 Ixan hi, i'm using rest_cherrypi together with external_auth, but I'm having some issues using the eauth ACLs. Some eauth, like rest, augment the __opts__ dictionary at runtime, but it seems like rest_cherrypy keeps a separate opts dict
07:43 Ixan so any dynamic loading of ACLs do not work at all. at least, that's what it seems like to me
07:44 Ixan is this intended? is there a workaround?
07:44 AndreasLutro babilen: should've gone from 0.17 to v18 maybe!
07:44 babilen yeah!
07:45 babilen Or anything. I mean if 1.0 is so scary then skip it, but meh ..
07:54 babilen I hope that they move their packages back to main as I'd like to be able to use them
07:55 babilen :(
08:00 druonysus joined #salt
08:03 stanchan joined #salt
08:07 CeBe joined #salt
08:08 illern joined #salt
08:10 druonysus joined #salt
08:13 keimlink joined #salt
08:24 babilen Okay, filed four bugs already against (packages in) the new repository
08:24 zer0def joined #salt
08:26 rofl____ babilen++
08:27 Xevian joined #salt
08:28 babilen I really wonder how they packaged them as they are rather broken (to put it mildly)
08:30 larsfronius joined #salt
08:31 _mel_ joined #salt
08:31 pbrooko_ joined #salt
08:34 Grokzen joined #salt
08:34 Naix joined #salt
08:35 Naix Hey everyone
08:39 waf joined #salt
08:40 aristedes1 joined #salt
08:41 waf for salt-cloud with ec2, i'd like a different ec2 id/key depending on who runs the salt-cloud command. i tried to use templating on the ec2.providers.conf, but it isn't supported.
08:41 waf is there a better way?
08:44 babilen rofl____: https://github.com/saltstack/salt/blob/develop/salt/modules/debbuild.py#L142 -- yeah, lets build packages for stable Debian on a mixed system that pulls in a new libstdc++6 which is currently in the gcc5 transition. Why? Because why not!
08:44 babilen *sigh*
08:44 zerthimon joined #salt
08:45 pratikmallya joined #salt
08:46 AndreasLutro :(
08:52 babilen And that's why we have proper maintainers ;)
09:24 Aidin joined #salt
09:29 jhauser joined #salt
09:40 pbrooko joined #salt
09:51 waf well, i solved my problem by hacking on the salt source code http://vpaste.net/lde9e I'm curious if there's an out-of-the-box solution i'm missing.
09:54 Ztyx1 joined #salt
09:55 rakan joined #salt
09:55 AndreasLutro waf: what I do is have a gitignored local.conf in cloud.d where each user can put his/her id/keys
09:59 Ztyx joined #salt
10:00 Aidin joined #salt
10:01 waf AndreasLutro: oh, interesting. so as long as the user matches the provider id in their local.conf, salt will automatically merge their id/keys into the main provider configuration?
10:02 joe_n joined #salt
10:02 rakan Hello everyone.
10:03 AndreasLutro waf: yeah. try it out, it's pretty easy to experiment with
10:03 rakan I have a weird issue when running a file.write command through salt's LocalClient. It takes 45 seconds to return a result.
10:03 rakan http://pastebin.com/FTFNFWUC
10:04 rakan As you can notice, the minion gets back with a result almost instantly... then the find_job is executed 30 seconds later... 15 seconds later the result is returned. that is after 45 seconds
10:04 * babilen would love to delete pastebin.com from the internet or turn it into a decent, less horrible website ....
10:04 rakan My master's config for timeouts are as follows: timeout: 30 && gather_job_timeout: 15
10:04 waf AndreasLutro: ah, thanks. that's the information i was missing
10:05 rakan babilen :D, any alternative in mind?
10:05 rakan ah gist :(
10:05 babilen Any of http://refheap.com, http://paste.debian.net, https://gist.github.com, http://sprunge.us, http://dpaste.de, … are fine
10:06 rakan https://dpaste.de/aPEM
10:07 rakan I've timed the code and found that i get a result around 2015-09-11 09:27:46.244015
10:08 rakan given the command started at 27:01 then that's 45 minutes exactly
10:08 rakan I suspect it's related to my configs for timeout because the sum is exactly 45 seconds
10:08 rakan *seconds not minutes
10:08 rakan Can anyone help with this?
10:17 jbrnds joined #salt
10:23 shiriru joined #salt
10:23 giantlock joined #salt
10:25 favadi joined #salt
10:27 GrueMaster joined #salt
10:36 tercenya joined #salt
10:51 rakan :|
10:54 kawa2014 joined #salt
10:56 goldbuick__ joined #salt
10:57 markm_ joined #salt
11:00 eosinx joined #salt
11:05 fredvd joined #salt
11:15 Ztyx joined #salt
11:27 otter768 joined #salt
11:35 pbrooko joined #salt
11:37 Aidin joined #salt
11:38 bfoxwell joined #salt
11:45 Ztyx joined #salt
11:54 johnkeates joined #salt
11:57 PinkPosixPXE left #salt
11:58 chiui joined #salt
11:59 amcorreia joined #salt
12:00 Ztyx joined #salt
12:02 shorty_mu joined #salt
12:03 shorty_mu Hi all, I'm trying to use map.jinja as lookup table but I'm totally stuck. Code and error under https://gist.github.com/bemeyert/738b86f87ad844d1a352
12:03 shorty_mu Any help would be much appreciated. Cheers
12:13 XenophonF joined #salt
12:13 XenophonF hey all - what's the canonical way to schedule a reboot as part of a state job?
12:13 slav0nic joined #salt
12:14 XenophonF i'm thinking of using the schedule.present state plus listen
12:14 XenophonF but i'm having a hard time figuring out how to tell it "current time + 5 minutes"
12:14 AndreasLutro a reboot is the sort of thing I'd be hestitant to make part of an automated state run
12:17 kukacz joined #salt
12:17 shorty_mu XenophonF: I'd use the at-daemon. But I agree wirh AndreasLutro here. Better not to "automatically" reboot a machine, except all your other systems (e.g. monitoring, dependent systems) know what's happening.
12:19 XenophonF hm, hadn't considered shelling out
12:19 XenophonF this is a windows server, and the state in question performs a domain controller promotion that requires rebooting at the end (usually)
12:20 AndreasLutro salt name-of-minion system.reboot
12:20 XenophonF windows does have an at command, but i could give a suitable delay to the shutdown command, now that i think about it
12:20 XenophonF AndreasLutro: yes, that works, but i want to make it touchless
12:21 XenophonF like, i want to be able to use salt-cloud to spin up a new replica domain controller
12:21 XenophonF with no sysadmin involvement past "salt-cloud -m ..."
12:21 AndreasLutro maybe schedule.present with the once arg?
12:22 XenophonF how do you tell once "now + 5 minutes"?
12:22 AndreasLutro will need some python/jinja hackery I suppose...
12:22 shiriru joined #salt
12:23 XenophonF hm... i could write a custom module to perform the necessary data calculation
12:23 AndreasLutro does {{ "+5 minutes" | strftime }} work, I wonder
12:23 XenophonF hah that's a good idea let me try it
12:24 AndreasLutro RuntimeError: Unable to parse +5 minutes. Consider installing timelib
12:24 teryx510 joined #salt
12:24 XenophonF yeah same here
12:24 XenophonF too bad
12:26 Deevolution joined #salt
12:27 XenophonF hm, how would i get timelib installed on my windows minion?
12:27 XenophonF well, i'm just going to write a custom execution module that adds x seconds to the current time
12:28 XenophonF then i can feed that to schedule.present's once argument
12:28 XenophonF thaks for the hints, everyone
12:29 XenophonF oh - one more question
12:29 XenophonF is anyone aware of a salt formula that includes a windows package repo?  i'd like to see how someone else layed that out before i give it a try
12:31 cpowell joined #salt
12:32 Grokzen joined #salt
12:33 homeshlice joined #salt
12:35 DammitJim joined #salt
12:36 thefish joined #salt
12:37 Grok joined #salt
12:37 thefish hi - I'd like to pass an "ExtraHosts" dict to docker when using docker.running - any ideas how i could do that? I've tried adding host_config to my state, but it doesnt seem to be getting to docker
12:38 thefish ^ in fact all i want is an entry in the container's hosts file
12:39 zwi joined #salt
12:39 johnkeates left #salt
12:43 shorty_mu left #salt
12:45 mpanetta_ joined #salt
12:51 cyborg-one joined #salt
12:53 cpowell_ joined #salt
12:55 cpowell joined #salt
12:55 jdesilet joined #salt
12:55 cpowell joined #salt
12:59 ferbla joined #salt
12:59 tmclaugh[work] joined #salt
13:04 CeBe joined #salt
13:04 debian112 joined #salt
13:07 Aidin joined #salt
13:08 dyasny joined #salt
13:14 numkem joined #salt
13:15 everynickisregis joined #salt
13:16 everynickisregis I've been trying for the last hour or so to figure this out: how can I require a sls ID? it seems like the most obvious type of require operation but also everything I've tried hasn't worked
13:16 AndreasLutro everynickisregis: you can't
13:16 AndreasLutro you need to specify the type
13:17 AndreasLutro everynickisregis: https://github.com/saltstack/salt/issues/4597
13:17 pbrooko joined #salt
13:22 everynickisregis so given a file.managed task under a specific ID, if I require that ID as a file will it correctly manage/update the file whenever the state requiring it is executed?
13:24 AndreasLutro everynickisregis: requires is only used for determining the order of states - if state a requires state b, state b will be executed first
13:24 AndreasLutro and if state b fails, state a won't be ran
13:24 racooper joined #salt
13:24 everynickisregis one other thing I was wondering is why I need to use "name" with blockreplace and such, while the API documents call that argument "path". I know/think "name" has some special meaning to salt but I don't know how it's actually passed to the argument list of file.blockreplace
13:25 AndreasLutro what API documents?
13:25 AndreasLutro the name argument is special in that it defaults to the state ID if you leave it out
13:26 everynickisregis these things: https://docs.saltstack.com/en/develop/ref/modules/all/salt.modules.file.html#salt.modules.file.replace
13:26 AndreasLutro well that's the module, not the state
13:26 everynickisregis I got there by trying to figure out why an old file.sed command we had was suddenly throwing a KeyError
13:26 everynickisregis apparently it has been deprecated
13:27 AndreasLutro https://gist.github.com/anlutro/cd0c16d1d23d55ded19b
13:28 otter768 joined #salt
13:28 everynickisregis that makes more sense, thanks. I didn't realize that these were different things
13:29 pbrooko joined #salt
13:30 quasiben joined #salt
13:31 giantlock joined #salt
13:35 everynickisregis another question. To test configuration changes we run salt-call state.sls <sls to test> on the machine(s) we're testing with. There is a git post-receive hook that calls "fileserver.update" and "state.sls services.salt.master", so that we can test immediately after a push. It's extremely slow and has always bugged me as looking like the wrong way to do it. Is it wrong / is there a faster way?
13:35 sxar joined #salt
13:35 sxar_ joined #salt
13:39 terinjokes joined #salt
13:43 mr-op5 joined #salt
13:43 timoguin joined #salt
13:49 jdesilet joined #salt
13:51 traph joined #salt
13:52 sixninetynine joined #salt
13:54 pratikma_ joined #salt
13:55 tanta joined #salt
13:57 Aidin joined #salt
13:59 Aidin joined #salt
13:59 GreatSnoopy joined #salt
14:00 sgargan joined #salt
14:01 Aidin joined #salt
14:01 pravka joined #salt
14:04 shiriru joined #salt
14:05 Brew joined #salt
14:07 seatan joined #salt
14:08 giantlock joined #salt
14:08 theologian joined #salt
14:09 zwi joined #salt
14:10 andrew_v joined #salt
14:11 ingslovak joined #salt
14:11 protoz joined #salt
14:12 mapu joined #salt
14:17 karlthane joined #salt
14:18 Cyis I've noticed that when using artifactory.downloaded the output shows downloaded_file which has the full path and filename of the artifact downloaded. Is there a way to reference this value within the state? In the case of a SNAPSHOT this could be a unique filename from the version requested
14:19 zmalone joined #salt
14:19 protoz joined #salt
14:21 protoz joined #salt
14:22 aristedes joined #salt
14:23 aristedes left #salt
14:23 veremii joined #salt
14:23 veremii Hi guys!
14:23 veremii i have a problem with SaltPad, does someone can help me?
14:24 veremii got an error AttributeError  AttributeError: 'list' object has no attribute 'items' Traceback (most recent call last)      File "/sltpd/.venv/lib/python2.7/site-packages/Flask-0.10.1-py2.7.egg/flask/app.py", line 1836, in __call__      return self.wsgi_app(environ, start_response)      File "/sltpd/.venv/lib/python2.7/site-packages/Flask-0.10.1-py2.7.egg/flask/app.py", line 1820, in wsgi_app      response = self.make_response(self.ha
14:24 wendall911 joined #salt
14:24 Norrland veremii: please use gist or pastebin.
14:25 Furao joined #salt
14:25 veremii so, by other words
14:25 veremii this variable jobs = sorted(list(client.jobs().items()), reverse=True)[:10]
14:26 veremii in /saltpad-master/saltpad/app.py
14:26 darix is there an option to let the salt master collect the reports from the minions for the runs?
14:27 drawsmcgraw darix: You may be interested in the various Returners
14:27 drawsmcgraw There's a default returner that puts finished jobs in the job cache on the master.
14:27 darix thank you
14:27 drawsmcgraw sure thing
14:27 veremii so, all jobs stored on other host postgresDB
14:28 veremii and correctly read from DB
14:28 drawsmcgraw darix: Apparently you can write your own as well if the stock returners don't work out: https://docs.saltstack.com/en/latest/ref/returners/
14:28 veremii with client.jobs()
14:28 is_null hi all, anybody got jenkins saltstack plugin to work with salt-api 2014-07 ? apparently jenkins tries to pass the credentials as a json array [{'username': 'myuser', 'password': 'mypass', 'eauth': 'pam'}] ( https://github.com/jenkinsci/saltstack-plugin/blob/a69150cd6151a61c8d58c4430b46c37e730c6dd9/src/main/java/com/waytta/Utils.java#L82 ) but salt-api responds with 400 bad request. Is this normal ?
14:28 Furao joined #salt
14:29 is_null I can reproduce the issue with curl, if i pass the same key/values in the http body as url encoded fields then salt-api responds with 200.
14:29 nofxrok joined #salt
14:29 is_null I don't understand why jenkins salt plugin is supposed to work then
14:30 pbrooko joined #salt
14:31 dopesong_ joined #salt
14:32 dopeson__ joined #salt
14:32 is_null this commit seems to break it: https://github.com/jenkinsci/saltstack-plugin/commit/b992c4560b391c4b69bc3ac9b3d5dd7221badf8a but it's from Nov. 2014 so it should be for 2014-07 shouldn't it ?
14:32 pbrooko joined #salt
14:33 pbrooko joined #salt
14:34 DammitJim joined #salt
14:39 joe_n joined #salt
14:41 wnkz joined #salt
14:42 wnkz Hi, is it possible to use salt-api with only salt-ssh (no master / minion) ?
14:43 viq joined #salt
14:44 murrdoc joined #salt
14:46 fredvd joined #salt
14:47 drawsmcgraw wnkz: I think so. You'd have to use the 'ssh' client: https://docs.saltstack.com/en/stage/ref/clients/index.html#sshclient
14:47 drawsmcgraw You could wire up a Reactor state to react to calls to salt-api
14:48 drawsmcgraw And that Reactor state would use the 'ssh' client instead of the usual 'local' client
14:50 XenophonF ugh - minion IDs are case sensitive
14:52 XenophonF hm, or are they...
14:52 polishdub joined #salt
14:53 DammitJim joined #salt
14:53 slav0nic joined #salt
14:53 wnkz drawsmcgraw: thank you, I'll take a look
14:54 drawsmcgraw wnkz: No problem. Good luck, and be patient. It can be a little gnarly to get it working at first
14:55 wnkz drawsmcgraw: I already have a salt-api / reactor configured somewhere else so I know a little about it but yes, this can can be painful to debug :D
14:56 drawsmcgraw You've got a good legup already, then. I always have the master running in 'debug' when I'm working on things like that.
14:57 XenophonF well, duh - i have to accept the minion key, first
14:58 XenophonF well, crap, minion ID glob matches are case-sensitive
14:58 SunPowered joined #salt
14:58 XenophonF time to file a bug report
14:58 Cyis XenophonF: but grain host matching appears to be case-insensitive
14:58 XenophonF exactly
14:58 XenophonF POLA violation
14:59 XenophonF also DNS does case-insensitive matches
15:00 drawsmcgraw I always try to keep any identifiers lowercase. Honest question - any reason to use capital letters in ids/hostnames/etc?
15:00 Cyis I've been run upside the wall with that one myself quite a bit because our environment has had no consistency in case spelling of hostnames when deployed
15:00 XenophonF drawsmcgraw: i don't want to have to manually override the minion ID whenever I install salt-minion on a Windows computer
15:00 mpanetta_ joined #salt
15:01 drawsmcgraw XenophonF: Ah, windows....
15:01 Cyis and while targeting via grain can be insensitive... using that same grain in a grains.filtered_by is case-sensitive
15:01 drawsmcgraw although, when I was doing Windows, I was doing the same - I kept the hostnames all lowercase
15:01 drawsmcgraw Though I'm guessing you don't have that liberty.....
15:01 mpanetta_ joined #salt
15:02 XenophonF drawsmcgraw: it's more like, i don't usually bother, and this one server is getting deployed via WDS, which defaults to upper case hostnames
15:02 drawsmcgraw Cyis: sounds like fun to debug :)
15:02 Cyis by default Windows likes to use uppercase hostnames
15:02 drawsmcgraw XenophonF: Cyis: oye....
15:02 Cyis drawsmcgraw: my hair is already fully gray but it hasn't had large patches missing... yet
15:02 XenophonF it's kind of a holdover from the NetBIOS days
15:02 drawsmcgraw The *simplest* things are complicated in Windows....
15:03 davisj XenophonF: Can I ask how many windows boxes you manage with salt, and are they servers or clients or both?
15:03 * davisj works with some windows guys who are considering puppet
15:03 * davisj shudders
15:04 murrdoc joined #salt
15:05 XenophonF not really, drawsmcgraw. hostnames are supposed to be case-insensitive.
15:05 drawsmcgraw XenophonF: Fair enough.
15:05 Cyis I worked with puppet for years... using it with Windows... I'd rather have bamboo splints stuck under my fingernails
15:06 davisj Cyis: :)
15:06 davisj Cyis: how has your salt+windows experience been?
15:06 Cyis and forget about it if you have a step in your automation that takes more than a few seconds
15:07 Cyis davisj: It's not been without it's growing pains... getting the minion installed is fine if you have them joined to a domain and can use powershell
15:07 davisj powershell's a 2008+ only thing, right?
15:07 Cyis we tried using archive.extracted on Windows like we used it on *NIX ... that was a failure
15:08 XenophonF davisj: right now, i have a small deployment, ~10 windows servers and 5 desktops/laptops
15:08 Cyis davisj: yes
15:08 XenophonF davisj: and i'm looking at expanding to all of our servers and workstations, about 100 servers and 500 desktops/laptops worldwide
15:08 XenophonF gtg meeting tiume
15:08 XenophonF bbl
15:08 davisj XenophonF: cool. our would theoretically be about 50-100 workstations/laptops
15:08 zmalone I have two keys on a master with matching names, one was accepted, and one was rejected.  salt-key -d <keyname> gloms onto both, and tries to delete them at the same time.  Is there a better way to use salt-key -d to target a single key?
15:11 XenophonF zmalone: i dunno, but you can look in the salt master's pki directory and delete the rejected certificate
15:11 irctc962 joined #salt
15:11 davisj Cyis: has anyone pointed you to this yet? I thought it looked interesting https://docs.saltstack.com/en/latest/topics/windows/windows-package-manager.html
15:13 Furao joined #salt
15:13 Cyis davisj: yeah ... My counterpart said he tried it and it failed for him. Though I doubt his attempt was a good one and haven't had time to test for myself
15:14 RedundancyD joined #salt
15:14 Cyis I still after 9 months couldn't get him to understand using pillars so his states were all cookie cutter copy/pastes of one another
15:14 sdm24 joined #salt
15:14 drawsmcgraw davisj: Cyis I've seen (though have forgotten where) people use Chocolaty for managing Windows packages in Salt
15:14 davisj I see. I haven't touched a windows machine in ~5yrs so I'm out of the loop as far as what the state of the art is. I've heard good things about this project https://chocolatey.org/
15:14 drawsmcgraw Cyis: I've had coworkers like that....
15:15 Cyis drawsmcgraw: today is his last day... He finally quit and said it was too much
15:15 davisj drawsmcgraw: :) haha
15:15 drawsmcgraw Cyis: Gettin' out of the kitchen!
15:15 drawsmcgraw davisj: It's clearly worth a look :)
15:15 XenophonF davisj: as an aside, here's a work in progress for deploying AD DS - https://github.com/irtnog/active-directory-formula
15:16 Cyis now I get to re-write all his states properly as reusable patterns driven by pillar data like I tried to explain to him 6+ months ago
15:16 XenophonF davisj: uses both dcpromo (windows server 2008 r2 and older) and powershell (windows server 2012 and newer)
15:16 davisj XenophonF: I saw when you posted that earlier. Thumbs way up!
15:17 davisj Cyis: good help is hard to find :)
15:19 zmalone Manually removing the key worked fine, thanks.
15:19 Cyis davisj: he was used to a multi-million dollar automation suite that had a GUI interface ... true Windows Admin
15:19 zmalone salt-key -d could probably use some better way to refer to keys (hashes?), or a sequential y/n prompt (like rm with the safety on) instead of a bulk N/y prompt.
15:20 davisj Cyis: that's one of my worries here. They're kinda of gui dependant.
15:21 ekristen joined #salt
15:21 davisj no idea what they're paying for their current tool (Kaseya) but guessing it's lees that SSE license.
15:21 davisj /lees/less/
15:22 Cyis just had a new junior guy start and I've been working to teach him Salt as he'd only written shell scripts to automate tasks before. Thankfully he looks at the stuff I've written and then at what the other guy wrote and shakes his head and says he wants to learn to write states my way :)
15:22 pdayton joined #salt
15:22 davisj Cyis: hi five on that one!
15:23 Cyis other guy would get told there's a deployment coming and he'd get frustrated cause he felt he had to write a new state and test it in time... nevermind 99% of the deployments were the same with only new payloads
15:24 Cyis have an entire directory in our state repo that is cookie cutter copy & paste of one another with maybe a few lines different between any two
15:24 davisj ouch!
15:26 Cyis then I get a deployment... I change a couple pillar data values, upload the payload to a payload-only repo and say I'm done :)
15:26 tkharju joined #salt
15:27 davisj Cyis: then it's beer-o-clock!
15:27 RedundancyD left #salt
15:27 davisj or tea-o-clock , if that's your thing :)
15:27 RedundancyD joined #salt
15:28 Cyis yep... we're still trying to clean up the entire deployment process in general. So far we don't have states that can fully reproduce and deploy a system except in 2 cases (which I wrote)
15:29 Cyis we'd get partial payload of what was changed to deploy rather than the just deploying the whole system and let the salt determine what was changed and needed to be pushed out
15:29 otter768 joined #salt
15:30 davisj I feel your pain. Things around here have been so add-hoc for so long, retrofitting automation has been... challenging.
15:30 Cyis one system that's fully deployable was working with a new software vendor and we told them from the start they would be hands off. They provide the steps, I write the state and deploy, they validate.
15:31 Cyis the second we finally got the dev team to push to a VCS repo and we just deploy from there. We deploy to the QA server from their fork of it and then for production they do a PR to our repo which we merge and it gets pushed out.
15:31 crd joined #salt
15:31 Cyis If it weren't for their fear of something blowing up we could actually schedule the state to run against the host on a regular fashion and drive it solely by the VCS repo
15:32 davisj Cyis: nice. push to deploy :)
15:32 Cyis hmm... anyone tried using archive.extracted with the source being on the minion already?
15:33 mr_const joined #salt
15:34 mr_const hi all, got a question about running salt
15:35 mr_const I created pretty large salt config tree, which I can successfully run with salt 'serv' state.highstate
15:35 murrdoc joined #salt
15:35 mr_const but it takes much time to run
15:35 mr_const so I tried to run separate state
15:35 mr_const salt 'serv' state.sls php
15:35 mr_const got error: Cannot extend ID 'nginx' in 'base:php'. It is not part of the high state.
15:36 mr_const so what is correct way to 'include' one state from another
15:36 mr_const so I can run single state as well, as 'highstate'
15:38 davisj mr_const: I think you want to include nginx in your php state a la https://docs.saltstack.com/en/latest/ref/states/include.html
15:39 mr_const It won't make run 'nginx' twice, if I run highstate?
15:40 davisj If you do a separate highstate, yeah. But on a single state run (highstate or otherwise) no
15:41 davisj anyway your states should be idempotent so you don't worry about repeat runs.
15:42 mr_const davisj, you're right
15:42 * davisj wanders off for lunch
15:43 Bryson joined #salt
15:45 quasiben joined #salt
15:48 markm joined #salt
15:49 UtahDave joined #salt
15:50 johtso joined #salt
15:53 sgargan joined #salt
15:53 hasues joined #salt
15:53 hasues left #salt
15:53 murrdoc joined #salt
15:55 mpanett__ joined #salt
15:55 ericof joined #salt
15:56 mpanetta_ joined #salt
15:57 alemeno22 joined #salt
15:57 zerthimon joined #salt
16:04 aristedes joined #salt
16:04 aristedes left #salt
16:08 Ztyx joined #salt
16:11 jbrnds joined #salt
16:14 knite joined #salt
16:14 anotherZero joined #salt
16:17 XenophonF back
16:18 XenophonF Cyis: omg that's where i want to go with salt
16:18 XenophonF cookie cutter everything
16:21 Cyis I'm designing my states to manage the software 'platform' being deployed... while my former cohert was designing states to do a single deployment and then getting frustrated at the level of effort and work
16:23 murrdoc joined #salt
16:26 Cyis I'm constantly having to remove large binary deployment files he included into the states repo then re-writing history to purge them so I can shrink our repo down... I did so a few weeks ago when it got over 2.2GB and dropped it down to ~500MB and it's right back up to 1.5GB now
16:27 Cyis none of my states have binary payloads in the states repo. Any binary payloads are in a separate platform specific VCS repo that is included in the file_roots and referenced after the states repo
16:28 theologian joined #salt
16:33 knite joined #salt
16:33 tercenya joined #salt
16:34 icefighter22 joined #salt
16:34 cyborg-one joined #salt
16:36 yudao joined #salt
16:37 yudao Hi all
16:37 jodv joined #salt
16:37 yudao I'm trying to add current datetime in a managed file with jinja2 but it does'nt works or I guess I do the wrong thing
16:38 yudao example = -J-XX:HeapDumpPath=/opt/local/var/log/{{bin}}_{{ datetime|strftime("%Y%m%d_%H%M%S") }}.hprof
16:38 yudao How can I have the current date formatted like my example in a managed file with jinja2 template?
16:38 f4lse joined #salt
16:41 Cyis yudao: trye using None|strftime("%Y%m%d_%H%M%S") instead
16:43 writtenoff joined #salt
16:43 PeterO_ joined #salt
16:43 aparsons joined #salt
16:44 yudao Cyis: Thanks a lot you saved me :)
16:46 RandyT joined #salt
16:48 KyleG joined #salt
16:48 Cyis yudao: I had to do something similar and spent a day sifting through google searches and source code until I figured that out
16:48 KyleG joined #salt
16:49 forrest joined #salt
16:49 yudao Cyis: It was I thinked when i was searching a lot :)
16:50 jalbretsen joined #salt
16:50 jagguli joined #salt
16:50 tardigrade joined #salt
16:50 knite joined #salt
16:51 tardigrade Hello!
16:51 tardigrade I just had a quick question as a new Salt user.
16:51 tardigrade Is there a way to tell all of the salt* commands to pipe their output to a pager like less by default?
16:53 UtahDave tardigrade: I don't think so. You could probably set that up with an alias in your bashrc or something
16:53 UtahDave but salt doesn't do that by default.
16:55 tardigrade ah, that's too bad.  I found this https://github.com/saltstack/salt/issues/4542 and thought that maybe paging was configurable in a ~/.saltrc file
16:55 tardigrade I guess that part of it never made it into the codebase
16:59 ajw0100 joined #salt
17:01 RandyT_ joined #salt
17:02 RandyT_ joined #salt
17:02 malinoff joined #salt
17:04 mapu joined #salt
17:11 rubenb Can you have multiple masters with different file_roots?
17:11 forrest tardigrade, UtahDave: I asked for jfindlay to re-open that issue, if it does exist as a functional thing, it's not documented anywhere.
17:12 UtahDave rubenb: yes, you can, but you'll be responsible for making sure you don't shoot yourself in the foot.   :)
17:12 UtahDave forrest: OK, I'll reopen that
17:12 forrest Awesome thanks UtahDave.
17:12 tardigrade that's pretty awesome.  thank you!
17:14 forrest UtahDave: That reminds me, I know you've been busy, but were you ever able to get around to drafting that doc regarding what is/is not supported in the windows version versus the linux version? Maybe there should just be a huge table or something somewhere.
17:14 rubenb UtahDave: Another solution would be to run multiple minions on a single host, which one will hurt my foot less? :)
17:14 forrest rubenb: Please don't do that :(
17:14 ALLmightySPIFF joined #salt
17:15 murrdoc joined #salt
17:15 UtahDave forrest: No, I haven't.  That list is almost non-existent now.  Mostly just whether some of the modules take Windows into account or not
17:15 stanchan joined #salt
17:16 UtahDave rubenb: It's possible to run more than one minion on a host, but I'd say try the different master route first.
17:16 forrest UtahDave: Okay awesome.
17:16 UtahDave rubenb: I was just giving that warning because I had a customer once who had two masters with different file_roots and he was wondering why his Apache config kept alternating between two different options
17:18 UtahDave forrest: twangboy and I have been really polishing the windows minion. awesome stuff coming down the pipe, too
17:18 forrest UtahDave: I'm not sure if I'm happy about that because it makes the functionality better, or unhappy because it gives people an excuse to still use windows as a server ;)
17:19 tardigrade while I'm here, I had another question.  Is there any way to get salt-cloud or the cloud execution module to operate asynchronously and in parallel?
17:19 tardigrade salt-cloud has the parallel option, while salt '*' cloud... can use the --async flag
17:20 tardigrade I can't figure out a way to have both pieces of functionality at the same time though
17:28 rubenb UtahDave: You're working for SaltStack?
17:30 UtahDave rubenb: Yep, I do work for SaltStack!
17:30 otter768 joined #salt
17:31 rubenb Nice to have such direct 'support' and knowledge in the irc. :)
17:31 UtahDave tardigrade: Hm.  Those are both used at different times.
17:31 UtahDave usually
17:31 UtahDave rubenb: Yeah, I'm trying to get in here a little more often.  I used to be in here ALL the time, but I get pulled in so many directions these days it's hard to be here as often as I would like
17:32 tardigrade UtahDave: do you mean that it's not common for people to want to spin up a fair number of servers in the background?
17:32 Fiber^ joined #salt
17:32 UtahDave tardigrade: no, I mean people don't usually use   salt-cloud   and salt \* cloud...   at the exact same time.
17:33 tardigrade oh, I think you're misunderstanding me
17:34 tardigrade UtahDave: I want to use one tool or the other.  salt-cloud has the parallel functionality.  salt '*' cloud... has the --async functionality.  I was wondering if there is a way to get async and parallel in one tool
17:34 UtahDave ah, I see.  lemme see.
17:37 UtahDave tardigrade: try adding     parallel=True to the command
17:37 UtahDave the code seems to indicate that should work.
17:37 viq joined #salt
17:38 cyborglone joined #salt
17:39 Configio joined #salt
17:39 szhem joined #salt
17:39 Configio Has anyone used the mysql salt module?
17:39 SheetiS joined #salt
17:40 tardigrade UtahDave: oohhh, fancy.  I'll give that a try in a moment.
17:41 Gareth o/
17:42 Phtes Hi, is it better to use the salt ec2 provider or boto to orchestrating AWS instances etc
17:44 davisj Sweet... renderer: jinja|mako|yaml FTW!!!
17:45 davisj now I get 'ignore missing' and <% actual python %> everywhere
17:46 tardigrade UtahDave: hmm, it doesn't seem to be working
17:47 tardigrade I tried `salt --async salt cloud.profile default one two three parallel=True`
17:47 tardigrade I got back this: TypeError encountered executing cloud.profile: profile_() takes at most 3 arguments (12 given). See debug log for more info.
17:48 tardigrade maybe I'm calling that wrong though
17:49 baweaver joined #salt
17:49 tardigrade seems like I can't use that one to queue up multiple creates
17:51 tardigrade from the docs: "Please note that the execution module does not run in parallel mode. Using multiple minions to create instances can effectively perform parallel instance creation."
17:51 tardigrade https://docs.saltstack.com/en/latest/topics/cloud/salt.html
17:57 bbbryson joined #salt
18:02 UtahDave tardigrade: Hm.  Sounds like that's a feature request.
18:02 amcorreia joined #salt
18:02 tardigrade perhaps
18:03 tardigrade which would be easier? Adding an --async flag to salt-cloud or the parallel=True to the cloud execution module?
18:03 * robawt highfives UtahDave
18:03 UtahDave Hm. just off hand I think adding the --async to salt-cloud should be pretty simple
18:03 robawt wuddup man :)
18:03 UtahDave yo, robawt!
18:04 pcn Can I pass in a path to a file as the source for archive.extracted?
18:06 UtahDave pcn: have you tried    file:///path/to/file    or   just the path?
18:06 UtahDave I'm heading out of the office for the day.  I'll catch you all later!
18:07 pcn I'm trying file:/// now, didn't think of that before
18:08 pcn Darn.  It still is 'Unable to determine upstream hash of source file'
18:08 pcn Can I get it to stop doing that, or do I have to do a cmd.run?
18:08 alemeno22 joined #salt
18:09 murrdoc joined #salt
18:10 anmol joined #salt
18:10 anmolb joined #salt
18:10 pratikmallya joined #salt
18:12 f4lse exit
18:13 baweaver joined #salt
18:14 flebel joined #salt
18:16 geekatcmu Any suggestions for a "fake" resource I can create (using pyobjects) for dependency purposes?
18:17 geekatcmu I have a function which, given a list of tarballs, will create the appropriate resources to download and unpack them all
18:18 geekatcmu However, I need to basically have later resources watch for the results of that.  I've *been* using the "with ..." syntax, but I don't think I can continue to do so unless I start creating some kind of fake aggregate thing.
18:19 alemeno22 joined #salt
18:22 darkhuy joined #salt
18:23 darkhuy hey guys, how does the salt/salt-ssh python client handle comma delimited string of minion ids?
18:23 Configio joined #salt
18:33 steffo joined #salt
18:33 dude051 joined #salt
18:34 zmalone joined #salt
18:34 aparsons joined #salt
18:37 pcn darkhuy: IIRC it works.  Are you having a problem?
18:41 jalaziz joined #salt
18:43 druonysus joined #salt
18:43 Configio joined #salt
18:46 scbunn joined #salt
18:48 larsfronius joined #salt
18:49 cberndt joined #salt
18:49 ajw0100 joined #salt
18:52 pdx6 joined #salt
18:55 pratikma_ joined #salt
18:58 Configio joined #salt
19:00 giantlock joined #salt
19:03 steffo joined #salt
19:08 pviktori_ joined #salt
19:13 steffo joined #salt
19:17 amcorreia joined #salt
19:20 vim-zz joined #salt
19:28 Configio joined #salt
19:31 otter768 joined #salt
19:33 jhauser joined #salt
19:35 pviktori joined #salt
19:35 sdm24 Hey @UtahDave, I tried to update a windows minion to the Development version, but https://github.com/saltstack/salt/tree/develop/pkg/windows and https://github.com/saltstack/salt-windows-dev are only at v2015.5.0
19:36 sdm24 d'oh, I missed him
19:36 baweaver joined #salt
19:38 pviktori_ joined #salt
19:39 distif joined #salt
19:41 kermit joined #salt
19:50 Fiber^ joined #salt
19:51 steffo joined #salt
19:56 quasiben joined #salt
19:58 baweaver joined #salt
19:59 DammitJim how do you guys add users to /etc/sudoers ?
20:00 DammitJim or do you just add a user to the sudo group?
20:02 PeterO_ Drop a file in /etc/sudoers.d
20:03 Configio joined #salt
20:05 XenophonF DammitJim: i use both users-formula and sudoers-formula
20:05 DammitJim PeterO_, do you remove the commnt '#' sign as well from the sudoers file?
20:11 PeterO_ DammitJim: if it's commented then yeah.
20:11 PeterO_ but "## Read drop-in files from /etc/sudoers.d (the # here does not mean a comment)
20:11 PeterO_ #includedir /etc/sudoers.d"
20:12 PeterO_ so if your setup is like that you should be fine.
20:12 DammitJim oh, I didn't know that
20:12 DammitJim so, #includedir /etc/sudoers.d still looks into the /etc/sudoers.d folder?
20:12 PeterO_ yeah
20:16 moapa how stupid
20:16 moapa # in conf files usually means its a comment
20:16 moapa not an include.
20:17 moapa this was news for me
20:17 mullein haha i got bit by that sudoers c-preprocessor style directivesa few years ago
20:18 Cyis the users-formula and sudoers-formula are excellent ...
20:18 Configio joined #salt
20:19 XenophonF they really are
20:19 Cyis I started using the reverse-grains-formula to help set some of our custom grains that we utilize but the failed and I haven't had time to look into rewriting... works great if you only use *NIX minions and your custom grains only get set using the formula
20:20 XenophonF this is how i use users-formula to configure git on my salt masters - https://github.com/irtnog/salt-pillar-example/blob/master/salt/example/com/init.sls#L25
20:21 XenophonF DammitJim: here's another example of how i use sudoers-formula - https://github.com/irtnog/salt-pillar-example/blob/master/defaults.sls#L151
20:21 Cyis XenophonF: hmm... I hadn't used the ssh_keys_pillar like that
20:22 tanta joined #salt
20:23 Cyis I use the openssh-formula along with users-formula personally. I also wrote a duo-formula for Duo Security (https://github.com/UGNS/duo-formula) to deploy duo_unix for 2FA with my openssh server daemon
20:23 DammitJim man, I really got to lay out what the users can do even before I start doing this
20:24 icflournoy joined #salt
20:24 Cyis granted I've only tested my duo-formula on Debian/Ubuntu it should in theory be good to go for RHEL/CentOS
20:26 XenophonF holy crap, i can promote domain controllers using salt now!
20:26 XenophonF i can't believe it actually works ;)
20:27 XenophonF now to test it out using powershell cmdlets on windows server 2012
20:27 ajw0100 joined #salt
20:27 DammitJim wow... you are so far ahead XenophonF
20:28 DammitJim I'm still trying to add linux servers to an AD domain
20:28 DammitJim I can't get past the join ad part where  I need to specify my password
20:28 XenophonF DammitJim, do I have a deal for you!
20:28 Cyis I still need to work on my formula to configure sssd using realmd to auto-join my Linux servers to my 2k12 R2 AD domain
20:28 DammitJim ha Cyis !
20:28 DammitJim I tried doing it with sssd, but I'm back to krb and winbind :(
20:29 Cyis DammitJim: realmd uses krb but no winbind/samba needed
20:29 mpanetta_ TMDWA
20:29 XenophonF DammitJim: https://github.com/irtnog/salt-states/tree/production, look specifically at the kerberos5 and nis.client states
20:29 DammitJim *sigh*
20:29 DammitJim XenophonF, I appreciate it... I need to learn how that stuff works still...
20:29 XenophonF the downside is that you have to run IDMU
20:30 XenophonF but in principle, you should be able to see how i call out to authconfig and adapt that to configure winbind
20:30 Cyis DammitJim: I basically install krb5-user; install realmd; edit the krb5.conf; edit the realmd.conf; run 'kinit <admin user>'; run 'realm join <realm>'
20:31 DammitJim XenophonF, no samba here either, huh?
20:31 DammitJim wow!
20:31 DammitJim what linux distro?
20:31 DammitJim what I currently do is I install winbind, krb5, and samba
20:32 DammitJim I copy a bunch of files to the minion
20:32 Cyis DammitJim: I've done it with both Debian and Ubuntu... Haven't gotten approval to try it at work on RHEL/CentOS as they still use nslcd/nss_ldap/pam_ldap with a service account and no krb
20:32 DammitJim and then I manually run kinit and net ads join
20:32 DammitJim ok, mine is on Ubuntu 14.04 LTS
20:33 Cyis I'm running mostly Debian 8 with a couple Ubuntu 14.04 LTS
20:33 XenophonF i plan to replace my nis config with ldap via sssd
20:33 XenophonF depends on whether sssd is available across all of my target operating systems
20:33 DammitJim *sigh* so much to be done
20:33 Sketch realmd works on rhel7, doesn't work on rhel6
20:33 Sketch well, doesn't exist on rhel6 :)
20:33 Cyis I think I may still have an Ubuntu 12.04 LTS and a Debian 7 host out there somewhere
20:34 DammitJim yeah, I gave up on that... we still have rhel 5 servers
20:34 Sketch sssd_ad also doesn't exist on rhel < 6.6
20:34 Sketch which i think is what realmd configures.  so i just stick with my manual rhel6.5 sssd config everywhere
20:34 Cyis yeah but RHEL5 suppor will be going soon
20:34 Sketch Cyis: 2017
20:34 DammitJim I can use pillar data on states, right?
20:34 Sketch not _that_ soon
20:35 DammitJim like I want to set different permissions on folders depending on the server
20:35 Sketch and actually, that's CentOS
20:35 Cyis Sketch: I try not to stay on the trailing edge of support and do my upgrades with time to spare :)
20:35 Sketch rhel5 has extended support until 2020
20:35 Cyis can't hedge bets on another Microsoft Windows XP support lifecycle :)
20:36 Sketch my bigger concern would be that software in rhel5 is ancient...you'll be lucky if you can build any modern apps on it ;)
20:36 Cyis Sketch: yeah but if I'm not mistaken that's strictly security vulnerability updates
20:36 Sketch right
20:36 Sketch what else are you expecting for a ~10 year old OS? ;)
20:37 Cyis I had worked at an $oldjob that still ran RHEL3 on their bastion hosts because they couldn't be bothered to upgrade and the prospect was so scary
20:37 Cyis Sketch: $currentjob still has SLES 9 & 10 servers that we can't even get Salt to install on
20:37 pviktori joined #salt
20:37 XenophonF l8terz
20:37 XenophonF left #salt
20:38 linjan joined #salt
20:38 Cyis Working to get those upgraded/replaced ASAFP :)
20:42 slav0nic joined #salt
20:43 Configio joined #salt
20:49 larsfronius joined #salt
20:57 DammitJim how do I add a group that has spaces to another group?
21:11 baweaver joined #salt
21:12 drawsmcgraw left #salt
21:13 Configio joined #salt
21:20 andrew_v joined #salt
21:21 GreatSnoopy joined #salt
21:25 DammitJim man, how do you guys deal with updating your states and stuff?
21:25 pcn DammitJim: Git
21:25 DammitJim do you re-test all your servers?
21:25 pcn CI
21:25 pcn cross fingers
21:25 pcn and keep the states small
21:25 DammitJim or when you change your top.sls file
21:26 DammitJim holy crap!
21:26 DammitJim ya know?
21:26 DammitJim I guess I'll be taking a lot of snapshots of my VMs :D
21:26 DammitJim where does one define a server to be of a certain type? pillar, right?
21:28 pcn Grains
21:28 DammitJim like in /etc/salt/grains ?
21:28 pcn Yeah, or in the minion configuration file or minions.d/grains (I found that using /etc/salt/grains didn't work for me)
21:29 stomith joined #salt
21:29 babilen Pillars work fine too and are way more secure
21:29 stomith hey, how would I reference an individual user if I have a single users/init.sls ?
21:30 iggy DammitJim: one thing to watch out for using grains for roles is that a rogue minion can change it's roles
21:30 babilen I also don't understand why you would want to save that information in a distributed manner and: How do you manage your grains? ;)
21:30 DammitJim babilen, so, with pillars, what would I do?
21:30 babilen But they work everywhere, which is nice
21:30 DammitJim yeah, I don't like setting each server with it's own SSN
21:31 babilen stomith: reference?
21:31 stomith babilen, new to salt. I'd like to put everyone in a single file, but reference specific users by server in top.sls. is that doable?
21:32 otter768 joined #salt
21:32 iggy we used grains because they were tied to our cloud provider metadata, but yeah, managing that stuff distributedly sounds like more work than it's worth
21:32 stomith I'm going through the 'salt essentials' book
21:32 babilen stomith: no, you reference SLS files
21:33 stomith so each user has their own sls file?
21:33 iggy stomith: no, you'd have a jinja templated users.sls file and then assign the correct pillars to the correct hosts
21:33 babilen stomith: I'd recommend to create users with something along the lines of https://github.com/saltstack-formulas/users-formula but using that is probably a bit over your head for now
21:33 DammitJim all I have in my top pillar is base
21:33 stomith yes, above my head right now :)
21:34 DammitJim what do I google or search for to do this?
21:34 DammitJim iggy, would I define a server role in the pillar/top.sls?
21:35 babilen stomith: https://docs.saltstack.com/en/latest/topics/development/conventions/formulas.html
21:35 stomith babilen, awesome, thanks!
21:35 iggy DammitJim: it depends on your needs... if you have a source of truth for that already (some database, excel sheet, etc.) use an ext_pillar
21:36 DammitJim oh
21:36 babilen stomith: The idea is, generally speaking, to have very generic states that essentially "do the right thing"™ or "do nothing" and are then customised by data set in the "pillar" (i.e. Python dictionaries that are specific to a minion)
21:36 DammitJim man, this is confusing
21:36 DammitJim I need a break
21:36 DammitJim see you guys and thanks!
21:37 babilen stomith: The users-formula at hand simply generates states for users that you have defined in your pillar (i'd use a single SLS file for each user), but wouldn't do anything if you don't define anything. That way you can apply "- users" to all your boxes and it would only kick in once you start defining data in pillars.
21:39 babilen stomith: If you are reading a book you might just want to continue with it and play along... salt is a large system and jumping around in the documentation probably doesn't help you tackle it ;)
21:40 babilen Has salt essentials been finished?
21:40 stomith babilen, I'm finding that there's more than one way to do something, and this book doesn't cover all use cases, obviously
21:40 fersur3 joined #salt
21:40 * babilen would otheriwse recommend "Learning Salt" by Packt
21:40 stomith I got salt essentials on kindle
21:40 fersur3 Am bootstrapping Salt 2015.8.0rc5 with RAET on CentOS-7
21:41 fersur3 Any pitfalls to watch out for?
21:41 babilen don't do RAET
21:41 stomith so I'm basically asking 'best practices'
21:42 babilen stomith: Yeah, play along with the users formula. Install salt itself with the salt-formula and ask pesky questions in here while you try to understand their code ;)
21:42 stomith babilen, that sounds like a great approach, thanks
21:43 protoz joined #salt
21:45 fersur3 babilen, why not RAET?
21:46 iggy they've already come up with YANT (yet another network transport)
21:47 fersur3 iggy, who is "they" and where is the YANT project page?
21:47 iggy they = salt devs and that was a generic term
21:48 iggy see raw tcp socket transport in devel
21:48 iggy or whatever the f it's called
21:52 pcn Can I pass in pillar data to a command via the netapi?
21:52 pcn Sorry, to a state
21:54 jmreicha joined #salt
22:00 kevinquinnyo joined #salt
22:00 iggy yes
22:02 pcn Aha, thanks
22:02 pcn found it
22:03 pcn Hmmm. maybe not
22:04 wendall911 joined #salt
22:05 pcn Aha, got it.
22:06 pcn f'rinstance: a.local("datanode1", "state.sls", "cassandra.config_files", kwarg={"pillar": {"seed_list":"10.150.48.21"}})
22:07 joe_n joined #salt
22:12 stomith okay, so downloaded 'saltstack-formulas/user-formula'
22:13 stomith do I need to put each user in their own sls file in formulas/users-formula/users/files/user ?
22:14 danlsgiga joined #salt
22:15 danlsgiga hi everyone... quick question... is it possible to have something like event.wait inside a state to kinda block the execution until I get the event response?
22:15 baweaver joined #salt
22:17 danlsgiga I'm sending an event to the master asking to add a node to a cluster, but I don't want to proceed with the state execution while the node is not part of the cluster yet, so was thinking if it is possible to have an event.wait
22:17 danlsgiga so far, from the docs I didn't find anything that could help in this aspect
22:17 pcn OK, in case anyone is having deja-vu, it was me asking about this yesterday
22:18 PeterO_ is there anything special you have to do to get your top.sls file to properly leverage grains? I have an 'os:Amazon' rule that doesn't seem to ever fire.
22:18 babilen stomith: No, you use pillars for that (take a look at pillar.example and read https://docs.saltstack.com/en/latest/topics/tutorials/pillar.html
22:19 pcn danlsgiga: what cluster technology are you trying to install?
22:19 danlsgiga pcn: gluster
22:19 pcn I'm doing something similar with cassandra.
22:19 stomith babilen, okay, it's starting to make sense.
22:20 pcn danlsgiga: My solution is to make 2 states, and only run the prequel in the highstate
22:20 ajw0100 joined #salt
22:20 danlsgiga pcn: I know there's a module for that, but I have an special environment for it
22:20 pcn danlsgiga: I'm going to execute the second part when I see the stars have aligned via other mechanisms
22:21 danlsgiga pcn: currently what I have is the first highstate checks for a master using the salt mine, if not found, the first node becomes master
22:22 pcn If you're not concerned about races then you're probably OK, but it's racey if you're bringing up multiple nodes
22:22 iggy danlsgiga: fire off another event after cluster join, then proceed into a second (different) reactor from there
22:22 danlsgiga pcn: When the peer nodes comes up, it checks for a master, then it will find one using salt mine, it fires an event to salt master, it then fires an event to gluster master, when gluster master finishes the probing it fires an event to salt master that then fires other event to the peer that will assign some grains
22:22 danlsgiga pcn: does it make sense?
22:23 pcn iggy is def. the one to listen to here
22:23 danlsgiga pcn: I'm aware of the race condition... it actually happened in my tests... this will be a requirement for my provisioning, to spin up one box at a time
22:24 pcn All I can think of is that you should make sure your mine data gets refreshed more often than the default
22:25 danlsgiga iggy: Thanks, I have it working using the events / reactor already, was just curious if there is a way to have the minion wait the event response
22:25 danlsgiga pcn: That's another concern I have... If I do not refresh, will it expire and be removed?
22:26 danlsgiga pcn: since there's a default scheduler to mine.update each 60 seconds I kinda didn't bother about that for now
22:29 danlsgiga pcn: Also, once the cluster is setup and the grains are set, I won't be mining for a master, this is only for cluster formation
22:29 danlsgiga pcn: If the grain is set as attached, then I just finish my state
22:30 iggy danlsgiga: you don't need to wait, just kick off the second part from a different event
22:33 danlsgiga iggy: Cool! I'm in the right path then... thanks
22:34 sdm24 joined #salt
22:34 hasues joined #salt
22:34 hasues left #salt
22:38 theologian joined #salt
22:40 bfoxwell joined #salt
22:49 amcorreia joined #salt
23:03 jmreicha_ joined #salt
23:04 oravirt joined #salt
23:05 b00n joined #salt
23:05 codehotter joined #salt
23:05 Sketch joined #salt
23:06 tcolvin joined #salt
23:06 jmreich__ joined #salt
23:06 aurynn joined #salt
23:06 codekobe joined #salt
23:06 ashb joined #salt
23:06 Tritlo joined #salt
23:07 shawnbutts joined #salt
23:07 hillna joined #salt
23:07 bstaz joined #salt
23:07 NachoDuck joined #salt
23:07 neilf joined #salt
23:07 kutenai joined #salt
23:07 antonw joined #salt
23:08 LinuxHorn joined #salt
23:08 grepory joined #salt
23:09 mikepea joined #salt
23:11 madssj joined #salt
23:11 b00n hello, I have questions about top file.  I'm trying to add salt state into my non-base environment based on the grain value of the minion (my top file: http://pastebin.com/hnc7xeGq) but it doesn't look like the new state are recoginize when I do state.highstate. Any help would be greatly appreciated.
23:11 JordanRinke joined #salt
23:11 ajw0100 joined #salt
23:14 iggy it says it was removed, and pastebin bitches about me having adblock installed, so...
23:16 laax joined #salt
23:21 sxar_ joined #salt
23:24 sxar joined #salt
23:26 aparsons joined #salt
23:32 otter768 joined #salt
23:46 cberndt joined #salt
23:51 otter768 joined #salt
23:52 sgargan joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary