Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2015-09-30

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:00 TheoSLC joined #salt
00:08 aqua^c joined #salt
00:17 jalaziz_ joined #salt
00:19 baweaver joined #salt
00:21 pm90_ joined #salt
00:22 otter768 joined #salt
00:22 jaybocc2 joined #salt
00:22 jaybocc2 hi
00:23 jaybocc2 We are trying to upgrade our account from small to medium and it keeps throwing a 400 error for confirming the subscription
00:23 jaybocc2 has anyone encountered this?
00:23 jaybocc2 for docker hub
00:23 jaybocc2 wrong channel
00:23 jaybocc2 good day
00:26 ajw0100 joined #salt
00:29 tiadobatima joined #salt
00:31 joe_n joined #salt
00:34 tiadobatima question about pillar merges (https://docs.saltstack.com/en/latest/topics/pillar/#pillar-namespace-merges)
00:35 tiadobatima does salt merges the dictionary deeper, or just in the first level of the dictionary
00:35 tiadobatima ?
00:37 eliasp joined #salt
00:37 womble tiadobatima: I believe it's only the top-level, but it's trivial for you to test the behaviour yourself.
00:39 tiadobatima thx womble... It looks like it goes deeper
00:39 tiadobatima but I'm not sure I should trust myself on this, nor if this is always the case
00:44 breakingmatter joined #salt
00:46 baweaver joined #salt
00:46 msx joined #salt
00:49 Corey Is the Saltconf CFP open yet?
01:00 Corey Ah, so it is.
01:01 falenn joined #salt
01:01 lampshades joined #salt
01:03 falenn I'm a noob - I'm trying to use some of the built-in docker state modules.  When I run a state, I get KeyError: 'docker.pulled'
01:03 falenn what does a KeyError mean?
01:04 falenn and is there anything I have to do in a sate.sls file to enable a built-in module, or can I just use it?
01:04 subsignal joined #salt
01:06 falenn For instance, my nmap.sls file contains => nmap-image:   docker.pulled: - name: networkstatic/nmap:latest ...etc..
01:06 falenn thanks in advance for any help
01:10 whytewolf falenn: KeyError typically means that the state module is not able to load. most likely because some kind of prereq isn't filled. or was filled after the check for it has already failed. looks like the docker state module needs the exacution module to be loaded. the exacution module needs to be able to import the docker python lib
01:12 falenn @whytewolf how were you able to determine the dependencies?
01:13 whytewolf falenn: I went to github and looked at the code
01:13 falenn gotcha
01:13 falenn whytewolf: and now I figured out how to mention you correctly.
01:14 whytewolf falenn: just need to find the __virtual__ function and see what it needs to be able to return either true or a name [basicly anything but False]
01:18 lveneziano joined #salt
01:20 joe_n joined #salt
01:20 lveneziano Hi
01:37 lampshades joined #salt
01:37 zmalone joined #salt
01:45 dopesong joined #salt
01:56 aqua^c joined #salt
01:57 catpiggest joined #salt
01:58 CheKoLyN joined #salt
02:01 CheKoLyN Hello All, is there a way to get an ordered list of minions when doing orchestration targets
02:02 CheKoLyN from: https://docs.saltstack.com/en/latest/topics/tutorials/states_pt5.html#more-complex-orchestration
02:04 zmalone joined #salt
02:05 parapov joined #salt
02:11 msx joined #salt
02:13 parapov joined #salt
02:19 rhodgin joined #salt
02:23 nofxroky joined #salt
02:24 parapov joined #salt
02:35 nofxrokxx joined #salt
02:37 pdayton joined #salt
02:37 dthom91 joined #salt
02:37 dthom91 joined #salt
02:40 dendazen joined #salt
02:40 dendazen left #salt
02:40 joe_n joined #salt
02:42 jfred joined #salt
02:44 mapu joined #salt
02:45 ageorgop joined #salt
02:46 breakingmatter joined #salt
02:47 ajw0100 joined #salt
03:01 favadi joined #salt
03:02 zmalone joined #salt
03:02 orion joined #salt
03:02 orion Hey, I think salt-cloud 2015.8.0 has a problem on EC2.
03:03 orion First I'll get this message: [INFO    ] Starting new HTTP connection (1): 169.254.169.254 (as I would expect)
03:03 orion But then I'll get this error: [ERROR   ] EC2 Response Status Code and Error: [401 401 Client Error: Unauthorized] {'Errors': {'Error': {'Message': 'AWS was not able to validate the provided access credentials', 'Code': 'AuthFailure'}} ...
03:04 jalaziz joined #salt
03:08 rhodgin joined #salt
03:17 dthom911 joined #salt
03:19 genediazjr joined #salt
03:20 falenn joined #salt
03:22 jalaziz joined #salt
03:41 ramteid joined #salt
03:43 sunkist joined #salt
03:48 joe_n joined #salt
03:51 joe_n joined #salt
03:57 rhodgin joined #salt
04:10 jab416171_ joined #salt
04:12 jab416171 joined #salt
04:15 anmolb joined #salt
04:17 jab416171 joined #salt
04:20 zmalone joined #salt
04:31 writtenoff joined #salt
04:36 nafg joined #salt
04:36 dustywusty joined #salt
04:37 pmcnabb joined #salt
04:40 nafg__ joined #salt
04:41 clintberry2 joined #salt
04:42 dendazen joined #salt
04:42 dendazen left #salt
04:44 joe_n joined #salt
04:47 breakingmatter joined #salt
04:47 micko joined #salt
04:48 larsfronius joined #salt
04:54 lampshades joined #salt
04:58 katyucha_ joined #salt
04:59 katyucha joined #salt
04:59 calvinh joined #salt
05:02 khaije1 I'm pulling some gpg data from a pillar, how do I decrypt it within a state stanza?
05:03 khaije1 I'd like it to be decripypted then put into place but at present it's being returned as a buncha ciphertext which breaks the yaml formating of the state
05:07 stanchan joined #salt
05:12 dopesong joined #salt
05:13 otter768 joined #salt
05:28 micko joined #salt
05:41 briner joined #salt
05:43 svinota joined #salt
05:45 synical joined #salt
05:45 felskrone joined #salt
05:47 felskrone1 joined #salt
05:48 anmolb joined #salt
05:49 PeterO joined #salt
05:53 cyborglone joined #salt
05:55 colttt joined #salt
06:04 genediazjr joined #salt
06:05 lampshad_ joined #salt
06:06 Jeewsus joined #salt
06:06 Jeewsus Hello people..
06:06 Jeewsus Is there someone i can ask help from?
06:08 teryx510 joined #salt
06:11 cberndt joined #salt
06:11 malinoff joined #salt
06:14 edulix joined #salt
06:17 calvinh joined #salt
06:20 falenn joined #salt
06:24 dopesong joined #salt
06:25 dopesong_ joined #salt
06:25 calvinh_ joined #salt
06:27 aqua^c joined #salt
06:27 KermitTheFragger joined #salt
06:31 rdas joined #salt
06:32 evle joined #salt
06:33 AndreasLutro joined #salt
06:35 Jeewsus Got it to work, thanks for the help
06:35 Jeewsus hahha
06:41 nafg_ joined #salt
06:43 anmolb joined #salt
06:45 lampshades joined #salt
06:46 aqua^l joined #salt
06:48 breakingmatter joined #salt
06:49 illern_ joined #salt
06:53 cberndt joined #salt
06:56 GreatSnoopy joined #salt
06:59 lb joined #salt
07:00 elsmo joined #salt
07:05 brent2 joined #salt
07:07 mohae_ joined #salt
07:11 fredvd joined #salt
07:11 Grokzen joined #salt
07:12 joe_n joined #salt
07:14 otter768 joined #salt
07:14 fe92 joined #salt
07:15 GreatSnoopy joined #salt
07:15 dkrae joined #salt
07:17 eseyman joined #salt
07:31 calvinh joined #salt
07:34 aw110f joined #salt
07:41 aw110f_ joined #salt
07:50 larsfronius joined #salt
07:52 calvinh_ joined #salt
07:52 bfoxwell joined #salt
07:57 dopesong joined #salt
07:58 chiui joined #salt
08:04 s_kunk joined #salt
08:12 thefish joined #salt
08:12 Rumbles joined #salt
08:14 CeBe joined #salt
08:16 rim-k joined #salt
08:16 Xevian joined #salt
08:17 kawa2014 joined #salt
08:18 falenn joined #salt
08:18 thalleralexander joined #salt
08:19 fredvd joined #salt
08:20 felskrone joined #salt
08:29 mike25de i am either an idiot or an idiot ... can you guys help me debug this message? https://dpaste.de/Trc2#L11
08:34 mike25de anyone awake? :)
08:34 AndreasLutro I don't think that's you being an idiot
08:35 AndreasLutro seems like a legit bug
08:35 mike25de AndreasLutro: it used to work yesterday :)
08:35 AndreasLutro okay, so look into what changed since yesterday
08:35 mike25de i am not sure i did .. anything weird in the meanwhile with that state (it is being called from a reactor)
08:36 AndreasLutro nope, looks fine, and I don't think the error is coming from the state itself, but rather how the mysql.port config value is handled
08:36 babilen mike25de: You want that to be mysql:charset (i.e. nested), don't you?
08:36 fiu sorry, had to go through my nicks
08:36 mike25de babilen: i do not understand...
08:37 babilen mike25de: You use "mysql.host" as key while you want that to be "mysql:host"
08:37 mike25de really? ... it worked yesterday with "."
08:37 mike25de let me try with :
08:37 babilen Well, you would use it nested, but it *might* work
08:38 AndreasLutro you are expected to set it with . not : in the minion config
08:38 mike25de mysql.db: salt
08:38 mike25de mysql.charset: utf8
08:38 mike25de that's how it is in the pillar
08:38 Grokzen joined #salt
08:38 babilen Okay, I looked at a wrong pillar here .. :)
08:38 AndreasLutro pillar instead of the minion config? I wasn't even aware that was possible
08:39 mike25de :P
08:39 babilen This caught me out back in the day too .. such a *stupid* way
08:39 mike25de AndreasLutro:  i have the mysql data into the pillar
08:39 babilen AndreasLutro: It uses config.get which traverses pillars, master config, minion config and grains
08:39 AndreasLutro aha okay
08:39 babilen Keeping that in the minion config is not necessary
08:40 mike25de thanks to babilen i learned that ... and i like that i can keep the mysql credentials in the pillar
08:40 Jeewsus Guys does anyone here uses their saltstack for mass deployment tools for windows?
08:41 mike25de but still .. i am confused about the mysql error ... and it bloody worked :)
08:41 mike25de i think i made a mistake ... somewhere...
08:42 markm joined #salt
08:44 Jeewsus If somebody does, then maybe you can answer.. Is it possible to make an sls file that gets an installer from a network server? Or does it need to be local on my ubuntu machine. I know that it's possible with internet links, but with server?
08:44 aw110f joined #salt
08:45 lb is there a "best way" to do add a custom ppa repo on a ubuntu server with gpg key import/acceptance? like the "add-apt-repository" cmd. i'd like to have a sls file that add the repo and then install a package that is in that new ppa repo...
08:47 Jeewsus ,
08:49 breakingmatter joined #salt
08:51 babilen lb: https://docs.saltstack.com/en/latest/ref/states/all/salt.states.pkgrepo.html
08:51 babilen Jeewsus: Sorry, haven't touched Windows in 15 years
08:52 Jeewsus damn, i started working at a school and they have windows computers and they need a free system for mass depolying. hahaha
08:52 Jeewsus So i started learning saltstack
08:53 bezaban I tried installing the agent on windows, but haven't done much with states, so I don't really know
08:53 babilen Not sure what you mean by "network server" though
08:53 bezaban I'm not sure it's the best bet for windows, but then I'm in the same boat as babilen
08:53 larsfronius joined #salt
08:53 Jeewsus Okay, i got the states working, just made an acomplishment of installing ccleaner on a windows computer remotely
08:54 lb thanks babilen
08:55 Jeewsus I have a fileserver on a network, the same one that i have ubuntu machine with salt-master on it. Now in that server i have install files, i mean is it possible to take the installer from the server somehow
08:55 babilen cifs, nfs, ... ?
08:56 babilen My impression was that you build a "repository" (akin to what Linux distributions do) for Windows yourself and then just use "normal" pkg.installed states
08:56 Jeewsus nfs
08:56 babilen https://docs.saltstack.com/en/latest/topics/windows/windows-package-manager.html
08:57 babilen So you have your "EXE" files somewhere in file_roots and then just reference then with salt://path/to/the.exe
08:57 babilen https://github.com/saltstack/salt-winrepo seems to have many examples
08:58 larsfron_ joined #salt
08:58 Jeewsus I know github, that's where i took most of the software and it works, props to those guys
08:58 markm joined #salt
08:58 Jeewsus Now i have some special software that i need to install and that is not online, only on a fileserver. And if i use the path you described it gives me an error so long i lost my eyesight.
08:59 Jeewsus Probably the best idea would be to just transfer the files manually to my ubuntu machine and then locally make a repository on there.
08:59 Jeewsus But that seems too easy. Hahaha :D
09:00 babilen Jeewsus: Just put the .exe somewhere in your file_roots (so, for example, /srv/salt/windows/foo.exe) and you would reference that with salt://windows/foo.exe
09:00 Jeewsus Yeah, that seems to be the easier way.
09:01 Jeewsus god damn i hate mixing windows with linux. It makes such a mess...
09:01 babilen There might be a way to get a CIFS into file_root, but then: Why don't you just mount it on your Ubuntu box and add that path to file_roots?
09:01 Jeewsus Oh
09:02 mike25de babilen: i think that the issues i had were related to the minion being hectic
09:02 babilen mike25de: pesky little bugger
09:02 mike25de yeah... that bugger :D
09:02 mike25de thanks for your help as always
09:03 babilen Jeewsus: I just think that you shouldn't care if salt does or not speak CIFS or whatnot, but just mount whatever you want to mount and tell salt about it. Salt shouldn't care.
09:03 babilen mike25de: Could you elaborate on "hectic" -- Sounds intriguing ;)
09:03 mike25de babilen:  - i have to figure out now :) on other minions it worked
09:03 mike25de now.. i have to see what is wrong with it
09:03 babilen okay
09:04 Jeewsus_ joined #salt
09:04 babilen mike25de: Always the same thing ... (will it ever end?)
09:05 felskrone joined #salt
09:05 mike25de babilen:  i think i see something...
09:06 mike25de when i run on the minion salt-minion -l debug  -> i get 2 instances of the salt-minion running
09:06 PeterO_ joined #salt
09:06 mike25de is that correct?
09:06 mike25de i thought one instance should be running
09:06 babilen Could it be that one is still running and that you are merely starting a new one?
09:07 mike25de no.. i killed all the processes
09:07 mike25de yeah... it seems that is the issue
09:09 mike25de still .. that's not the issue.
09:09 mike25de salt-minion -d starts one single process but the mysql query still fails
09:09 mike25de damn you centos :) or py
09:13 TyrfingMjolnir joined #salt
09:15 Jeewsus_ got the network drive mapped, and now i can install from there.. Nice. Thanks for leading me to that path :P
09:15 otter768 joined #salt
09:16 msx joined #salt
09:17 babilen Jeewsus_: You are welcome
09:18 fredvd joined #salt
09:23 mike25de babilen:  i found the issue :)
09:24 babilen aaaand?
09:24 mike25de my mysql.port: "3306" in the pillar
09:24 denys joined #salt
09:24 mike25de instead of integet
09:24 mike25de int
09:24 mike25de my pillar is generated from my lamp interface...
09:24 babilen Paste your actual configuration next time, we could have spotted that ages ago
09:24 mike25de and i had to force that field to be int
09:24 babilen Ah
09:24 mike25de i did not see it myself :P
09:25 stephanbuys joined #salt
09:25 mike25de but thanks for taking the time
09:30 cyborglone joined #salt
09:31 `chris joined #salt
09:32 N-Mi joined #salt
09:34 Rumbles joined #salt
09:35 joe_n joined #salt
09:45 traph joined #salt
09:45 joe_n joined #salt
10:03 falenn joined #salt
10:15 giantlock joined #salt
10:21 bluenemo joined #salt
10:24 X67r joined #salt
10:26 zerthimon joined #salt
10:27 lb babilen, i follow your link for the repo management, but i couldn't get it to work. here's my sls file and my output. any hints? http://fpaste.org/273083/36087931/
10:27 mehakkahlon joined #salt
10:29 markm joined #salt
10:32 bluenemo ah interesting icinga formula. have you checked out check_mk lb?
10:32 bluenemo maybe you messed up apt on the system. have you tried apt-get -f install?
10:33 bluenemo try installing the package manually. also check apt-cache policy icinga to see if it is using the ppa you specified
10:34 lb bluenemo, i'm pretty new to salt
10:34 fredvd joined #salt
10:34 lb so now i didn't used check_mk. i'll google what it does :D
10:35 mathias__ joined #salt
10:36 mathias__ salutations to the very best active channel
10:36 mathias__ whanna talk about something ?
10:36 mathias__ i knew it lol
10:38 calvinh joined #salt
10:39 babilen mathias__: wut?
10:40 babilen lb: We need client logs to debug that problem
10:40 lb bluenemo, http://fpaste.org/273095/09605144/ < apt cache says that it would use the ppa
10:40 bluenemo lb, check_mk / omd is a monitoring system using nagios inside. its kinda nifty
10:40 bluenemo hm
10:41 babilen lb: So, anything in the minion logs?
10:41 bluenemo install it by hand, see what happens, then remove it and try again with salt. check the log files of salt also, on the minion
10:41 lb yeah seems to be problem with -y
10:41 bluenemo ?
10:41 lb sek
10:42 lb http://fpaste.org/273096/44360972/ < minion log
10:42 bougie is it an issue ? http://paste.awesom.eu/THfq (salt 2015.8.0 (Beryllium))
10:42 babilen lb: You need to add the repo key
10:42 lb looks like the key doesn't get imported into
10:43 lb yeah just what i thought. but i thought the repo.managed thing would do that for me. espacially since i put the key id in it
10:44 bluenemo strange that it didnt fail..
10:44 babilen It should, but I always used to provide the key explicitly in key_url
10:44 bluenemo ah didnt know that feature :D
10:44 babilen I've never used the keyid/keyserver combo
10:44 lb babilen, could you pastebin me an example please?
10:45 babilen lb: I simply provide a url to the actual key directly in "key_url"
10:46 lb ahh i think i get it. but the keyfile can be an external url right?
10:46 babilen yeah
10:46 bluenemo https://paste.debian.net/313909/
10:46 lb yeah just saw it in the google chrome example you postet earlier
10:46 bluenemo thats what I mostly use. I think the apt-get update was due to some more early version of salt that missed that sometimes..
10:47 lb bluenemo, ok, i try it with key_url and if that doesn't work, i'll try your example. thanks
10:47 bluenemo babilen, pm :)
10:47 babilen lb: btw, we tend to discourage people from using "pkg: - intalled" and strongly prefer "pkg.installed: ..." these days
10:47 bluenemo I think the key url is cooler, I didnt know about that :)
10:50 lb babilen, any downside on that? because i got quite confused on the different styles last time i tried to get into salt...
10:51 breakingmatter joined #salt
10:51 babilen lb: Well, there aren't any downsides and it is the style that is currently being used in formulas and official documentation (or at least we strive to do so)
10:51 babilen If you don't set any options that would be "pkg.installed: []" btw
10:51 mathias__ good job guys
10:51 babilen (if you have other states with the same id that is)
10:52 mathias__ i2p softwarly is the best
10:52 lb babilen, too fast ;) i'm still struggeling with the vocabulary
10:53 lb so i could list many packages in pkg.installed: [vim, git, icinga2, ...] ?
10:54 lb babilen, bluenemo i got the error. the key id is not found on the ubuntu keyserver. but the formula didn't fail ...
10:55 mathias__ watch your i2p random level ;-)
10:55 bluenemo hm. should fail then. remove /etc/apt/sources.list.d/foobar on the client. also multiple pkgs:    mystate:\n pkg.installed\n - pkgs:\n - cmatrix\n - nmap
10:56 bluenemo (i forgot the indentation..)
10:57 lb bluenemo, removed the apt sources.list and got the correct url in key_url. now it both works like charm
10:57 lb thanks a lot
10:57 lb http://fpaste.org/273103/10671144/ < success
10:59 bluenemo ah cool. strange that the module didnt fail when the key isnt imported correctly. hm. might just check for "file present" and then say ok. maybe file a bug about it. what salt version have you got?
11:00 bluenemo lb, check this out ;) http://mathias-kettner.com/check_mk.html
11:00 bluenemo and this https://github.com/bechtoldt/saltstack-omd-formula
11:00 lb bluenemo, ok will read it asap ^^
11:05 lb will read offline, train is calling :) thanks
11:06 bluenemo yw
11:13 bluenemo so file.copy will not overwrite the file if its present - even if its a different file..? How do I keep two files in sync then without links?
11:16 otter768 joined #salt
11:17 kbaikov joined #salt
11:23 rhodgin joined #salt
11:28 bluenemo and file.touch runs even if the file is present.. meh
11:28 bluenemo and then says Comment: new file  Changes: new - /path/to/file. thats kinda confusing :D
11:28 mathias__ ah bon
11:29 mathias__ confusing is looking for the truth
11:29 si289 joined #salt
11:29 mathias__ knowing is reaching it
11:31 bluenemo ah no my bad
11:31 bluenemo used file.managed and wondered M) however file.managed wo any arguments but name= is nifty for the task - touch updates atime
11:32 bluenemo managed creates it if it is not present, and otherwise leaves it alone
11:38 stefan_ joined #salt
11:38 John_Kang joined #salt
11:40 ssc left #salt
11:46 mathias__ i don't understand lol
11:47 joe_n joined #salt
12:01 ldelossa joined #salt
12:03 ldelossa Hey guys, I had a quick, probably easy to answer question. I'm looking to do automated deploys of salt stack and I'm wondering if I should bake the salt minion into my image. The issue is - when I go to change the hostname of the newly deployed server, I believe I'm going to have to reissue a new cert along with clearing he old one on the master, and accepting the new one. Is this correct?
12:03 ldelossa Automated deploys with* salt stack*
12:07 Rumbles joined #salt
12:07 breakingmatter joined #salt
12:18 anmolb joined #salt
12:19 bluenemo ldelossa, no. you can "pre" create the minion keys, also you can set "id:" in /etc/salt/minion and use grains['id'] for targeting.
12:19 fe92 joined #salt
12:20 bluenemo the hostname has "nothing" to do with the way minion and master authenticate. that runs via /some/path/salt/pki or sth
12:21 bluenemo if you change the hostname, and dont set the id grain it will however try to re authenticate to the salt master using this new id
12:21 bluenemo but as far as I know it wont generate a new minion key
12:22 ldelossa I thought the hostname is what is used as a parameter in the key?
12:22 ldelossa So if that's the case is it recommend to bake the minion into an image and deploy?
12:22 ldelossa Or would I still want to delpoy the image, then install minion after I do the hostname change etc..
12:23 writtenoff joined #salt
12:23 falenn joined #salt
12:25 bluenemo well its the minion id, which is generated by $(hostname -f) as far as i know
12:26 bluenemo depends - baking it in is faster.
12:26 bluenemo but you have to prep that. if you can spare the 20 seconds to install salt-minion, set the id: grain in /etc/salt/minion, write the salt host to /etc/hosts and restart salt-minion, then accept the key on the master..
12:26 bluenemo I do it that way (also install openvpn as I salt via vpn only), takes about 10 seconds with bash
12:27 bluenemo there is also some kind of official script for that
12:27 ldelossa I can definitely spare the 20 seconds lol
12:27 ldelossa seeing how our build time is like 2 hours right now haha.
12:27 bluenemo lol
12:27 bluenemo what are you building if I may ask?
12:28 ldelossa Right now we are just building out a "devops" framework
12:28 ldelossa I'm in a pretty newly deployed team
12:28 ldelossa So we have two devs who want to build like this fancy front end
12:28 ldelossa I do most of the systems and backendwork
12:28 ldelossa and salt stack states are just so much nicer to write
12:29 ldelossa So we are going ot utilize that, and cherry pi if that's still in devel
12:29 ldelossa to open an api the devs can tap into
12:29 ldelossa but right now I'm just trying to get my process down.
12:31 bluenemo sounds nifty :) Welcome to #salt
12:31 ldelossa Thanks a lot I appreciate the quick response. On your deploy, the initial bootstrap and install of the minion, are you just SSH'ing ?
12:31 ldelossa for initial bootstrap.
12:31 impi joined #salt
12:32 dendazen joined #salt
12:32 illern_ joined #salt
12:32 ldelossa I'm basically thinking - have a small provisioning network with DHCP, I get the IP, run some python to ssh and do the install of minion, set the hostname, sed the ID, and start the service
12:32 ldelossa then form there do all provisioning from salt master
12:33 tmclaugh[work] joined #salt
12:33 larsfron_ hey, whats the simplest way to add a bit of output to a saltstack run from e.g. a state file? let's say I have a bit of logic deciding in the top.sls file deciding on the role of the server and I just want to print that role to stdout?
12:33 kawa2014 joined #salt
12:33 bluenemo ldelossa, google salt bootstrap
12:33 bluenemo but yeah kinda like that. I wrote my own as for my dependence on openvpn
12:33 ldelossa I will - thanks.
12:34 ldelossa Thanks Blue - much appreciated.
12:34 bluenemo larsfron_, if you find sth simple let me know. I worte a custom salt state module - that just accepts a string it writes to comment
12:35 bluenemo if it works somehow, most likely only with the #!py renderer ;)
12:35 larsfron_ alright, good to know. you want to share that module maybe quickly?
12:36 losh joined #salt
12:45 subsignal joined #salt
12:47 breakingmatter joined #salt
12:49 TooLmaN joined #salt
12:50 pm90_ joined #salt
12:53 pm90__ joined #salt
12:55 parapov joined #salt
12:55 zooz joined #salt
12:56 svinota joined #salt
12:57 DammitJim joined #salt
13:02 ferbla joined #salt
13:02 drawsmcgraw joined #salt
13:03 bhosmer joined #salt
13:04 keltim joined #salt
13:04 bluenemo sry cant access the repo atm :/
13:04 bluenemo larsfron_,
13:04 bluenemo look into writing state modules, you can basically copy paste the example
13:04 larsfron_ alright, no worries. thanks!
13:04 bluenemo just remove stuff and return the ret['comment'] dict with your string
13:04 keltim is there a way to use the service state to restart, not reload, a service? when passing the argument "reload" many sysv scripts on amazon linux return an "exit 3"
13:05 bluenemo pass restart?
13:05 keltim I only see reload: (true|false) as an option ...
13:05 bluenemo as in service.restart ?
13:05 mpanetta joined #salt
13:06 bluenemo hm i see. use service.running and watch some other states, it will restart it when they run
13:06 bluenemo and not if they dont
13:06 keltim that isn't list as an option in the docs ...
13:06 bluenemo yeah i just noticed too sorry ;)
13:07 keltim I only see for 2015.5 dead, disabled, mod_watch, running
13:07 keltim bizarre that restart is not an option, but even weirder than AL gives you "exit 3" on "reload"
13:07 bhosmer_ joined #salt
13:09 pdayton joined #salt
13:11 babilen https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.service.html#salt.modules.service.restart
13:11 babilen Ah, you want that in a state, don't you? (restart on listen/watch/...)
13:12 keltim babilen, yes ... it's service.running I'm using ... want to to restart on the watch_in's in other sls
13:13 babilen You can use "$SERVICE-restart: module.wait: - name: service.restart - m_name: $SERVICE_NAME"
13:14 babilen but wait .. there was a nicer way IIRC
13:14 babilen one second
13:15 hasues joined #salt
13:15 hasues left #salt
13:15 tanta_g joined #salt
13:16 babilen keltim: btw, most mod_watch functions restart the service in question. What is the actual problem you are trying to solve?
13:16 pdayton joined #salt
13:16 racooper joined #salt
13:17 JDiPierro joined #salt
13:17 dthom91 joined #salt
13:17 otter768 joined #salt
13:17 falenn joined #salt
13:18 dthom911 joined #salt
13:18 keltim so it does restart? so the mod_watch function obsoletes that "reload: true" in service.running and I can just remove it?
13:20 babilen What are you actually trying to achieve?
13:20 babilen I have the feeling that you are approaching this wrong
13:20 keltim I very well may be ....
13:20 jdesilet joined #salt
13:21 babilen Salt is a declarative system in that you describe what you want to achieve. You don't want to achieve "service restarting" as that would render the system rather unusable. You want to achieve "service running" (with current configuration)
13:22 babilen So you would have a service.running state and, another, that manages a configuration file. If the configuration file changes you want to restart/reload the service and you would express that relation between the two states with a watch/listen requisite
13:22 keltim babilen, e.g., is this simple example wrong? http://pastebin.com/iMDzTLYN
13:22 TheoSLC joined #salt
13:23 babilen Repasted on https://www.refheap.com/110116
13:23 babilen (pastebin.com is horrible)
13:23 debian112 joined #salt
13:23 babilen keltim: No, why do you think that is wrong? That is exactly the situation I just described
13:23 keltim ok
13:24 khaije1 I'm trying to use gpg to encrypt secrets at rest in my pillar config but when I reference the data in my states I'm only getting the cipher text ... what am I doing wrong here?
13:24 keltim yes, that's how I understand it ... though it was different
13:24 mike25de :) reactor issue:    https://dpaste.de/CH8g    -> run-state-on-minion runs but the test highstate  does not run. Is the state def correct?  Thanks.
13:24 keltim but I removed the reload: True I had in there, was that causing the state to do "service rsyslog reload" ? let me see
13:25 babilen keltim: Although I tend to use state ids (i.e. "rsyslog_service" in your example) as argument to watch_in
13:25 keltim that is probably better
13:25 keltim I was unsure which to use
13:30 winsalt joined #salt
13:31 blokfyuh joined #salt
13:32 rhodgin joined #salt
13:32 keltim babilen, thanks
13:33 parapov Anyone familiar with salt-cloud for Azure? When creating VMs from profile is there a way to specify creation of a cloud_service that is not the image-name?
13:33 pravka joined #salt
13:34 khaije1 The write-up here ( https://docs.saltstack.com/en/latest/ref/renderers/all/salt.renderers.gpg.html#module-salt.renderers.gpg ) says that decryption occurs on the minion. Is there a way to have this performed on the master?
13:35 khaije1 I'm hoping to have state and pillar data in version control so the ability to obscure secrets with encryption in git is important
13:35 perfectsine joined #salt
13:36 mike25de reactor issue:    https://dpaste.de/CH8g    -> run-state-on-minion runs but the test highstate  does not run. Is the state def correct Am i passing the highstate params correctly?  Thanks.
13:38 scoates joined #salt
13:38 protoz joined #salt
13:41 Number6 I'm trying to get nagios's config directory, and all config files in the directory, into salt... Any idea why this pastebin isn't working in my init.sls? - http://pastebin.com/N6cUrVZK
13:41 orion grr
13:42 AndreasLutro Number6: why is `- managed` there?
13:42 AndreasLutro you already specified that it's a .recurse, not a .managed
13:42 orion [ERROR   ] Failed to deploy 'web01'. Error: Command 'ssh -t -t -oStrictHostKeyChecking=no -oUserKnownHostsFile=/dev/null -oControlPath=none -oPasswordAuthentication=no -oChallengeResponseAuthentication=no -oPubkeyAuthentication=yes -oKbdInteractiveAuthentication=no -i /etc/salt/salt-ssh.key -p 22 ubuntu@10.0.0.60 \'sudo /tmp/.saltcloud-5b24c0cd-b08a-46f3-ab41-cc7fa906a0f8/deploy.sh -c \'"\'"\'/tmp/.saltcloud-5b24c0cd-b08a-46f3-ab41-cc7fa906a0f8\'"\'"\'\'' f
13:43 zmalone joined #salt
13:45 Number6 AndreasLutro: Oh, didn't spot that. Still the same error, though - Too many functions declared in state 'file' in SLS 'nagios'
13:46 AndreasLutro could be another of your states then
13:46 AndreasLutro by the sound of it you've made the same mistake elsewhere
13:46 AndreasLutro oh also you're missing a space after file_mode:
13:46 AndreasLutro that could cause issues
13:47 Number6 AndreasLutro: Dammit! It was the space!
13:47 Number6 Good eyes
13:48 bluenemo file.recurse needs a preserve option for preserving uid / gid / permissions
13:49 scoates joined #salt
13:50 pcn joined #salt
13:50 mike25de did anyone use a highstate within a reactor state?
13:51 Number6 bluenemo: Is that not covered under the dir_mode and file_mode?
13:53 bluenemo I dont want to set them, I want to preserve them from the dir I upload from the salt master
13:54 Rumbles joined #salt
13:55 mapu joined #salt
13:57 kaptk2 joined #salt
13:57 impi joined #salt
13:59 timoguin joined #salt
14:01 kawa2014 joined #salt
14:01 berserk joined #salt
14:02 TheoSLC joined #salt
14:03 berserk joined #salt
14:03 falenn joined #salt
14:04 cyborgIone joined #salt
14:04 tanta_g is there a way to call a single id function call from within an SLS file with salt-call
14:05 mike25de is anyone around available to help me with  Reactor + highstate ?
14:06 kawa2014 joined #salt
14:06 keltim is there a way to have salt render the yaml only of a particular sls? like "sls.show_top" does for top.sls?
14:06 keltim or some other way?
14:06 andrew_v joined #salt
14:08 anmolb joined #salt
14:09 babilen tanta_g: state.sls_id
14:09 tanta_g thanks babilen
14:09 babilen keltim: There is
14:10 rim-k joined #salt
14:11 babilen https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.cp.html#salt.modules.cp.get_file_str (or get_template in there)
14:11 Akhter joined #salt
14:12 Akhter joined #salt
14:18 keltim babilen, THANK YOU I can't believe I didn't know about that
14:18 mike25de babilen: do you have a sec ?
14:18 mage_ should Salt run with Python 2.6 ?
14:21 Sketch mage_: yes
14:22 Sketch minions will, at least
14:22 mattiasr joined #salt
14:22 Sketch i haven't run a master on 2.6
14:23 keltim babilen, wait that doesn't render the jinja though ... is there a way?
14:24 JDiPierro keltim: I think state.show_sls might do what you want: https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.state.html#salt.modules.state.show_sls
14:25 mage_ ok :)
14:25 pm90_ joined #salt
14:26 ALLmightySPIFF joined #salt
14:26 pm90__ joined #salt
14:30 mrwboilers Any chance of a repo for Ubuntu 15? Or will there only be repos for LTS releases?
14:30 _JZ_ joined #salt
14:31 babilen mike25de: Just one
14:31 babilen over
14:32 ageorgop joined #salt
14:32 babilen mrwboilers: Any repositories or some specific content?
14:33 mrwboilers babilen: the package repository for installation (as opposed to using the bootstrap)
14:33 keltim JDiPierro, close enough
14:33 babilen mrwboilers: I take it that you are referring to the saltstack repositories?
14:33 babilen god
14:33 mrwboilers babilen: yes
14:34 babilen They made the *same* mistake with Ubuntu as they did with Debian in their repo layout
14:34 mike25de https://dpaste.de/P0oc  babilen
14:34 babilen *sigh*
14:34 babilen mrwboilers: Apparently not
14:34 mike25de babilen:  the error that i get into my mysql is : ["The function \"state.sls\" is running as PID 5694 and was started at 2015, Sep 30 16:30:16.026169 with jid 20150930163016026169"]
14:38 babilen https://github.com/saltstack/salt/issues/27542 ffs
14:38 teebes joined #salt
14:40 mrwboilers babilen: IMO, being able to use repo.saltstack.com matters less for Ubuntu than CentOS. The standard CentOS repo often has packages lag far behind current releases.
14:41 babilen Either way there is no need to make the same mistakes for Ubuntu that have already been made, reported and fixed for Debian
14:41 mrwboilers babilen: agree
14:41 babilen mike25de: No idea
14:41 mike25de babilen thanks man anyway
14:42 mike25de guys ... does anyone know how to run a highstate in a reactor?
14:42 babilen mike25de: Looks as if an old job is still running. What does "salt-run jobs.active" give you?
14:42 mike25de babilen:  nothing
14:43 mike25de actually : [WARNING ] Although 'dmidecode' was found in path, the current user cannot execute it. Grains output might not be accurate.
14:43 clintberry2 joined #salt
14:43 babilen That's okay
14:44 mike25de babilen:   https://dpaste.de/9thq   that is my full reactor
14:44 dthom911 joined #salt
14:44 Rumbles joined #salt
14:44 mike25de am i allowed to have more than one state def in the reactor?
14:45 babilen Yes, but they can't clash AFAIR
14:45 babilen (which they do in your case)
14:45 mike25de seems like...
14:45 babilen You can't run state.sls and highstate at the same time
14:45 mike25de ah right
14:46 mike25de that makes some sense :)
14:47 fe92 Good morning, is there a good way I can have a highstate on windows hosts where a list of applications are installed via chocolatey?
14:47 babilen Wouldn't it be great if you could enforce *some* order in reactors?
14:47 mike25de babilen:  agree :)
14:47 babilen fe92: How is what you are currently doing not "good" ?
14:48 babilen What would differentiate a "good way" from your current approach or a "bad way" ?
14:48 mpanetta joined #salt
14:50 fe92 I'm trying to define a sls file with a list (variable)
14:50 fe92 but I can't get the syntax to work
14:50 fe92 also I worry that with chocolatey installed it will reinstall if it already exists
14:53 impi joined #salt
14:53 mohae joined #salt
14:54 dfinn joined #salt
14:55 fe92 (the list is supposed to contain all the applications to install)
14:56 babilen I can't find a chocolatey install state
14:57 babilen Can you programmatically test if something has been installed with chocolatey?
14:57 fe92 I'm still working with the basics of salt so I might have misunderstood the capabilities, I would like to do something like this:
14:58 fe92 http://pastebin.com/1Rc7Dz05
14:58 babilen Repasted to https://www.refheap.com/110117
14:58 babilen (can we get a bot to do that for us?)
14:59 si289 quick question, is ~18s normal to do a test.ping? http://paste.fedoraproject.org/273179/25103144
14:59 bfrog joined #salt
14:59 winsalt chocolatey.install is an execution module right? I think you have to call it with module.run
14:59 bfrog is there some list of salt mine functions?
14:59 bfrog like... salt '*' mine.get '*' ?????
14:59 bfrog what are the possible ????? values?
15:00 babilen fe92: No, that's a perfectly valid approach in salt. The problem is that there is no *state* for chocolatey *yet*, but only an execution module. Modules are the bits in salt that actually do things, while states are what is being enforced and typically consists of tests to check if it has been achieved already and calls to the appropriate execution modules if one of those tests fails.
15:01 jdesilet joined #salt
15:01 orion Does anyone know how to pass "-P" to the bootstrap script when using salt-cloud?
15:02 babilen fe92: You have the problem that you could *manually* install packages with chocolatey.install, but that doesn't help you when you enforce a state. You therefore have two options: 1. You write the chocolatey state module yourself (cf. https://docs.saltstack.com/en/latest/ref/states/writing.html ) or 2. You call the chocolatey.install execution module with the module.run *state*: ...
15:02 babilen ... https://docs.saltstack.com/en/latest/ref/states/all/salt.states.module.html#salt.states.module.run
15:03 jvblasco joined #salt
15:03 mpanetta orion: script_args in your profile or provider file
15:03 babilen fe92: For the latter you want some way of testing if the software has been installed already which you would then include in the "unless" or "onlyif" requisite: https://docs.saltstack.com/en/latest/ref/states/requisites.html#unless
15:04 mpanetta orion: If I remember correctly...
15:04 orion mpanetta: Ah, ok. Thank you.
15:04 mpanetta Oh you could put that in your map file too orion
15:05 shiriru joined #salt
15:05 SheetiS joined #salt
15:07 fe92 babilen: thanks for the clarification, I think I'll just run a bootstrap script for windows hosts for now
15:11 bfrog so I mean, am I wrong in thinking there's a lack of docs on what salt mine can do?
15:11 bfrog https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.mine.html tells me little to nothing about what mine_functions are available?
15:13 Brew joined #salt
15:13 mike25de can we trigger an event from the minion to run a highstate?
15:15 numkem joined #salt
15:16 pravka joined #salt
15:17 jvblasco joined #salt
15:17 XenophonF joined #salt
15:18 otter768 joined #salt
15:19 huddy joined #salt
15:21 JDiPierro mike25de: Run a highstate on that minion, or somewhere else?
15:21 mike25de JDiPierro:  on the minion that triggers the event
15:21 mike25de so on the master .. on a reactor i should trigger a highstate for that minion
15:21 mike25de is that correct?
15:22 timoguin joined #salt
15:22 JDiPierro mike25de: Yep, the event would go up to the master, then in a reactor file you can have it trigger a highstate somewhere. I think you could use data from the event to specify where to run it.. I haven't done much reactor work.
15:22 falenn joined #salt
15:23 mike25de https://docs.saltstack.com/en/latest/topics/reactor/index.html
15:23 mike25de yes there is the data['id'] = minion who sent the event
15:23 mike25de but somehow.. it doesn't work
15:24 JDiPierro Can you post your reactor sls in a gist or pastebin?
15:24 mike25de sure... one sec let me test again
15:27 mike25de https://dpaste.de/B71A JDiPierro
15:31 JDiPierro mike25de: Hmm, yeah that all looks right. Only thing I can think of is: Did you restart the master after adding the master reactor config?
15:31 mike25de nope
15:31 mike25de ok - restarted now
15:32 mike25de damn
15:32 mike25de JDiPierro: that was the trick - restart the master
15:32 JDiPierro :D
15:32 mike25de God damn it
15:32 JDiPierro Lol, yup changes to the master config require restarting the master... SIGHUP might work too, not sure..
15:33 anmolb joined #salt
15:33 mike25de thanks man
15:33 JDiPierro We've all done that before.. many times :P no prob
15:35 teebes joined #salt
15:37 colegatron I am suffering a file.symlink changing permissions on the target file. The file is a init script that should be executable, and it is, but right after symlink it to /etc/init.d/thescript the targeted file mode is changed to 640
15:37 colegatron do anyone have seen this behavior?
15:39 zwi joined #salt
15:39 mike25de JDiPierro: have you ever had this issue?  ["The function \"state.sls\" is running as PID 6759 and was started at 2015, Sep 30 17:36:25.562085 with jid 20150930173625562085"]
15:39 mike25de When a minion is started .. a reactor triggers a state that runs on the minion + it adds some data to mysql... then  the same reactor runs a cmd.run EVENT on the minion that triggers the highstate reactor
15:40 mike25de instead of getting the highstate output to DB i get the error above...
15:41 colegatron the sls that changes a file permission after a symlink: https://paste.debian.net/313944/
15:41 colegatron maybe someone sees anything wrong :-/
15:42 mike25de colegatron: use dpaste.de - is clearer - for future
15:42 JDiPierro mike25de: Hmm, no.. haven't tried that setup before though either.. My first thought is things might be happening too fast.. the highstate might be trying to run while the first state is running. I'm not sure if that would cause a state.sls issue though... Does the "cmd.run EVENT" require the other states to ensure it runs last?
15:43 mike25de JDiPierro: can i do that? make sure it is last?
15:43 Rkp colegatron: doubt it would be from this code part - and I've never seen that happen from a symlink action
15:43 mike25de aren't the states run from top to bottom?
15:44 mike25de colegatron: i think your code is fine...
15:44 zerth joined #salt
15:44 Rkp hm, unless
15:44 colegatron Rkp: If I coment out the symlink, the target file continues being executable.
15:45 colegatron only as workaround: is it possible to use another file.managed without -source only to set the - mode of a file?
15:45 JDiPierro mike25de: In general, yes, but you can control order of operations using requisite statements: https://docs.saltstack.com/en/latest/ref/states/ordering.html#requisite-statements
15:46 JDiPierro Apparently you can also say "order: last".. but I've never tried that
15:46 Rkp colegatron: you can change the order of the states manually also
15:46 hal58th colegatron: yes you can do file.managed without source
15:47 colegatron hal58th: tnx.
15:47 colegatron Rkp If I change the order of the states, then the file will not be in place when file.symlink
15:47 hal58th colegatron: I would also try setting the mode of the symlink and see if it affects anything
15:47 colegatron hal58th: I've tried, but nothing happens
15:48 tanta_g joined #salt
15:48 hal58th Have you run the states in trace colegatron?
15:48 colegatron hal58th: ... mm no.. do not know how to do that
15:48 DammitJim joined #salt
15:48 hal58th state.highstate -l trace
15:50 mike25de JDiPierro: order: last doesn't make it better...
15:51 stephanbuys joined #salt
15:51 orion hmm. Has anyone run in to issues dealing with tornado and SSL certificate validation?
15:51 bfrog joined #salt
15:51 dthom91 joined #salt
15:52 stanchan joined #salt
15:52 dthom911 joined #salt
15:59 colegatron hal58th: it is cleaner than --debug, but I see nothing new... file.manage copies the file from the salt repo with 777 perms and after file.symlink the target is 640
15:59 perfectsine joined #salt
15:59 favadi joined #salt
15:59 hal58th you search for bugs with file.symlink on github colegatron ?
16:00 malinoff joined #salt
16:00 JavaAtom left #salt
16:01 berserk joined #salt
16:03 tzero joined #salt
16:03 winsalt does anyone know how the winrepo works in 2015.8 ?
16:03 sgargan joined #salt
16:04 alemeno22 joined #salt
16:13 tanta_g joined #salt
16:13 sgargan joined #salt
16:13 nate_c joined #salt
16:17 breakingmatter joined #salt
16:17 Bryson joined #salt
16:17 dthom911 joined #salt
16:18 aparsons joined #salt
16:18 RedundancyD joined #salt
16:18 breakingmatter joined #salt
16:20 cberndt joined #salt
16:21 dthom91 joined #salt
16:23 jartsu joined #salt
16:24 _JZ_ joined #salt
16:24 alemeno22_ joined #salt
16:26 colegatron hal58th: I've found the problem. damn configuration management unordered runs.
16:27 debian112 left #salt
16:27 colegatron there was a file.directory executed after the executable creation that was configured with file_mode: 640 and everything (I think) in that folder is chmod to 640
16:28 writtenoff joined #salt
16:28 colegatron after remove the - file_mode: 640 on the file.directory permission is not changed anymore
16:30 jodv joined #salt
16:31 jalbretsen joined #salt
16:32 stephanbuys joined #salt
16:33 dfinn1 joined #salt
16:33 chiui joined #salt
16:34 tzero joined #salt
16:35 falenn joined #salt
16:35 whidbeywalker joined #salt
16:39 orion Does anyone know how to turn off SSL verification in archive.extracted?
16:39 JDiPierro joined #salt
16:40 tanta_g is there an easy way to preserve newlines in output produced with {{ }} blocks in ninja
16:40 tanta_g I have a cmd.run which returns a multi-line output and it strips out all newlines
16:41 tanta_g er, ninja = jinja
16:44 Fiber^ joined #salt
16:52 ilbot3 joined #salt
16:52 Topic for #salt is now Welcome to #salt | 2015.8.0 is the latest | Please use https://gist.github.com for code, don't paste directly into the channel | Please be patient when asking questions as we are volunteers and may not have immediate answers | Channel logs are available at http://irclog.perlgeek.de/salt/
16:52 zmalone joined #salt
16:53 ajw0100 joined #salt
16:55 blueyed Can I omit the "local: " prefix with "salt-call --local pillar.get foo:hostname --out txt"?
16:58 sgargan joined #salt
17:01 vim-zz joined #salt
17:01 orion grr
17:02 orion Does this work for anyone?: import salt.utils.http; salt.utils.http.query('https://dl.bintray.com/mitchellh/consul/0.5.2_linux_amd64.zip', decode=False)
17:02 orion I'm getting an SSL verification error, but it works in Firefox.
17:02 perfectsine_ joined #salt
17:04 JDiPierro orion: I was getting the same thing yesterday when trying to download consul through salt.. If you drop the https to http it'll work for now. I think it's something on their end.
17:05 orion That's so frustrating.
17:06 stupidnic joined #salt
17:06 vim-zz in my setup i want to have a specific python version (same as dev), unfortunately it is not the one used by apt-get. i can solve this by manually installing a seperate python version and using virtualenv to create an isolated environment. any idea i how i achive that with salt? or am i getting it all wrong...
17:06 JDiPierro orion: Yeah, I'm not sure what's up with it.. the certificate is valid.. I'm admittedly not that knowledgeable about SSL..
17:10 aw110f joined #salt
17:12 impi joined #salt
17:14 CheKoLyN joined #salt
17:14 orion JDiPierro: I have a file from github I need to download too, but they force SSL. What do you think the best course of action is?
17:14 orion (The error with tornado happens with github as well)
17:15 hasues joined #salt
17:15 hasues left #salt
17:16 JDiPierro Oh my.. I figured it was something with bintray D: I suspect you don't want to pull the whole repo with git.latest?
17:17 orion https://github.com/saltstack/salt/issues/27555#issuecomment-144480907
17:19 otter768 joined #salt
17:28 elsmo joined #salt
17:33 TyrfingMjolnir joined #salt
17:35 tanta_ge joined #salt
17:35 sgargan joined #salt
17:38 pfallenop joined #salt
17:40 forrest joined #salt
17:45 KyleG joined #salt
17:45 KyleG joined #salt
17:47 JDiPierro Is there a way to manually trigger a minion to get updated salt-mine info from the master? The mine.update function's description sounds like it pushes it's updated data to the master, not pull updated data down.
17:50 kevinquinnyo joined #salt
17:50 jodv JDiPierro: looks to me like mine.get will try to fetch from the master every time if file_client is set to remote
17:51 JDiPierro jodv: Yeah I think I was understanding the mine wrong.. looks like it doesn't store data about other minions locally, it gets it from the master when you call mine.get
17:51 jodv yep
17:52 dthom91 joined #salt
17:54 pjs joined #salt
17:56 viq joined #salt
17:57 baweaver joined #salt
17:58 quasiben joined #salt
18:00 cpowell joined #salt
18:00 berserk joined #salt
18:00 mehakkahlon joined #salt
18:01 Rumbles joined #salt
18:05 quasiben joined #salt
18:09 pm90_ joined #salt
18:10 aw110f_ joined #salt
18:11 rhodgin joined #salt
18:15 breakingmatter joined #salt
18:18 pm90__ joined #salt
18:19 quasiben joined #salt
18:25 dthom91 joined #salt
18:28 perfectsine joined #salt
18:28 pressureman joined #salt
18:34 clintberry2 joined #salt
18:36 denys joined #salt
18:36 dthom91 joined #salt
18:40 ajw0100 joined #salt
18:41 pravka joined #salt
18:43 tannermkerr if I have a _grains directory and I add a helper file into it, will this cause problems? In other words if a python file is added to the _grains directory does it have to be a grain as well?
18:43 danemacmillan joined #salt
18:46 tannermkerr sorry I meant module, not helper file
18:47 cberndt joined #salt
18:54 cyborgIone joined #salt
18:55 blueyed Does the API example from https://docs.saltstack.com/en/latest/ref/runners/all/salt.runners.pillar.html#salt.runners.pillar.show_pillar work for you?  It hangs in 'runner.cmd('pillar.show_pillar', [])'.
18:55 GreatSnoopy joined #salt
18:56 sgargan joined #salt
18:56 druonysus joined #salt
18:57 blueyed It loops in salt/returners/local_cache.py in prep_jid
18:57 quasiben joined #salt
18:57 mapu joined #salt
18:58 rhodgin joined #salt
19:01 baweaver joined #salt
19:01 tmclaugh[work] joined #salt
19:02 DammitJim how do you guys keep the salt package on your minions up to date?
19:02 quasiben joined #salt
19:02 DammitJim or do you guys go through rigorous testing before even upgrading?
19:03 berserk joined #salt
19:04 berserk joined #salt
19:04 aqua^c joined #salt
19:05 JordanRinke DammitJim: You mean the actual salt-minion service?
19:05 ajw0100 joined #salt
19:06 DammitJim whatever gets installed with apt-get install salt-minion on a Ubuntu machine
19:06 JordanRinke DammitJim: We do a pretty light testing cycle. Upgrade a dev box, make sure all the custom grains return the same, and a highstate results in no changes (from the previous version) - then we roll it out
19:07 JordanRinke Haven't had any issues, on a couple hundred servers
19:07 DammitJim I guess I"m confused about this whole: There are currently four available repos: salt16, salt17, salt2014-1, salt2014-7. For example to follow 2014.7.x releases
19:07 DammitJim https://docs.saltstack.com/en/latest/topics/installation/ubuntu.html
19:07 JordanRinke Just make sure your minion and master versions match. That is the only time we have had any problem, any systems that don't upgrade, might end up in an unmanaged state.
19:08 nofxrok joined #salt
19:09 JordanRinke Ah, that is if you want to stick to a specific major release
19:09 JordanRinke We just stick to the main repo, and take the major upgrades, as they come along.
19:10 JordanRinke Sticking to a major release branch is "safer" since there shouldn't be any breaking changes
19:10 DammitJim I'm sticking to the first one
19:10 JordanRinke they are security patches / bug fixes only, no feature updates which could change functionality (AFAIK)
19:11 JordanRinke salt16? I believe that is the oldest version
19:11 zmalone DammitJim: that's wrong
19:12 zmalone ubuntu repos have had a ton of shuffling, there's a PPA with 2015.5 in it, and now a repo.saltstack.com repo with 2015.8
19:12 berserk joined #salt
19:13 DammitJim so, what now?
19:14 bluenemo every once in a while, it really bugs me that I cant break for loops in jinja M)
19:14 JordanRinke DammitJim: well do you run salt already, or is this a new install?
19:15 DammitJim I have a VM template with salt in it
19:15 JordanRinke Do you have many managed systems already?
19:15 DammitJim yeah... 2 dozen
19:15 JordanRinke What version are you running?
19:17 dthom91 joined #salt
19:17 DammitJim let me see
19:17 DammitJim master is running 2015.5.3+ds-1trusty1
19:17 JordanRinke If you have a version you are running, and you just want security patches. Use that repo. If you want to upgrade, look at the change log, do some testing, and go for the latest 2015.8 repo
19:18 DammitJim 2015.5.3+ds-1trusty1 minion
19:18 DammitJim JordanRinke, I guess my question is: Do I have to change repo to get the latest
19:18 JordanRinke Possibly, what repo are you using now?
19:19 zerth joined #salt
19:19 DammitJim sudo add-apt-repository ppa:saltstack/salt
19:20 otter768 joined #salt
19:20 JordanRinke That is the latest in that repo. As zmalone mentioned, for 2015.8 you will need to use repo.saltstack.com
19:21 JordanRinke https://docs.saltstack.com/en/develop/topics/releases/2015.8.0.html
19:21 JordanRinke the release notes, talk about the new repos
19:23 brent2 joined #salt
19:23 moogyver arg, next time, i need to make sure to search github issues next time.  spent the last 2 hours trying to get failover working in 2015.8 :)
19:24 bluenemo does salt jinja have loop.index in for loops?
19:26 Utnap joined #salt
19:27 katyucha joined #salt
19:27 Rumbles joined #salt
19:27 perfectsine joined #salt
19:29 baweaver joined #salt
19:30 hasues joined #salt
19:30 zmalone moogyver: Can I get a link to the issue from you?  I've got a 2015.8 upgrade coming up.
19:31 hasues left #salt
19:31 moogyver https://github.com/saltstack/salt/issues/27152
19:31 moogyver I've confirmed the same symptoms on my vagrant setup.
19:32 moogyver hot masters work, but the failover doesn't
19:33 DammitJim are the repos debian repos and not ubuntu repos for 2015.8?
19:33 DammitJim not that it matters
19:34 chiui joined #salt
19:34 benp joined #salt
19:35 sgargan_ joined #salt
19:38 rim-k joined #salt
19:40 DammitJim if I want to change the password on multiple minions for a user, how do I address that?
19:40 cberndt joined #salt
19:41 DammitJim I can't do that for a group of minions, can I? I'd have to do one hash per minion, right?
19:41 johnkeates joined #salt
19:42 msx joined #salt
19:43 zerth what is the salt-way of having machine rebooting after the first state.highstate ?
19:43 johnkeates use a reactor
19:43 DammitJim I need a reactor?
19:44 johnkeates left #salt
19:44 opensource_ninja joined #salt
19:45 zerth that's prolly for me, I'll look into reactor :)
19:46 baweaver joined #salt
19:47 zerth can I make it react only after the first run of state.highstate ?
19:47 zerth I don't want it to reboot my server after every run of state.hightate :)
19:48 hasues joined #salt
19:48 Cyis DammitJim: just target the minions you want to do the password reset for the user
19:49 hasues left #salt
19:49 DammitJim but when I did the genpasswd, it gave me different hashes for the different machiens
19:49 mrwboilers left #salt
19:49 Cyis DammitJim: personally I've never used genpasswd
19:51 Cyis DammitJim: I generate the hashed password via grub-crypt and then add it to the pillar data that I feed to the users-formula
19:52 DammitJim hhhmmmm
19:54 forrest generating passwords is bad business.
19:54 forrest granted, using password is bad business ;)
19:55 forrest If you have to use them, Cyis has the right idea, generate the hashed pass, add to the pillar data.
19:55 forrest Preferably use ssh keys though.
19:55 sgargan joined #salt
19:56 Cyis forrest: SSH keys are actually the only way into my servers... well that plus 2FA :)
19:57 whytewolf psh, just get rid of users and only use manegment software to be able to activate change on the system.
19:57 whytewolf :P
19:57 hasues joined #salt
19:58 Cyis whytewolf: that's the idea... I pretty much only install a user for myself to troubleshoot when SHTF
19:58 ageorgop joined #salt
19:58 whytewolf Cyis: I even got rid of my own account for some systems. and don't bother with teh troubleshooting steps. nuke and redeploy when SHTF
20:03 pm90_ joined #salt
20:03 perfectsine joined #salt
20:07 hasues joined #salt
20:07 hasues left #salt
20:08 wendall911 joined #salt
20:11 dyasny joined #salt
20:12 aparsons joined #salt
20:13 sgargan joined #salt
20:13 Rumbles joined #salt
20:13 nofxrok joined #salt
20:13 rsimpkins joined #salt
20:13 rsimpkins left #salt
20:13 rsimpkins joined #salt
20:16 dthom91 joined #salt
20:19 joe_n joined #salt
20:21 dthom91 joined #salt
20:23 teebes joined #salt
20:24 dthom911 joined #salt
20:25 dendazen hi guys have a question
20:25 rhodgin joined #salt
20:25 dendazen if i have on the box
20:25 dendazen salt-call grains.get domain
20:25 dendazen local:
20:25 dendazen chi1
20:25 dendazen can i create condition in state as this form?
20:25 dendazen {% if grains['domain'] == 'chi1' %}
20:27 * babilen nods
20:28 dendazen sorry if that is not correct.
20:28 svinota joined #salt
20:30 baweaver joined #salt
20:32 X67r joined #salt
20:36 aparsons_ joined #salt
20:39 mordonez joined #salt
20:40 mordonez joined #salt
20:47 hal58th dendazen: If domain is not set though, it will create an error. It's better to write "{% if salt['grains.get]'('domain') == 'chi1' %}"
20:48 dendazen oh thank you.
20:48 dendazen that is what i have in other policy where i set up resolv.conf
20:48 dendazen searchpaths: {{ salt['pillar.get']('resolver:searchpaths', [salt['grains.get']('domain'),]) }}
20:49 dendazen can i do or
20:49 dendazen like in python?
20:49 dendazen hence {% if salt['grains.get]'('domain') == 'chi1' or  salt['grains.get]'('domain') == ‘aur1' %} ?
20:51 rhodgin joined #salt
20:52 mordonez joined #salt
20:52 blueyed Why would "salt-run 'pillar.show_pillar' saltenv=dev" show something different than "salt-call pillar.get docker-pkg:lookup:version"?
20:53 rhodgin joined #salt
20:53 hal58th yes dendazen
20:53 dendazen Thank you.
20:53 hal58th dendazen: http://jinja.pocoo.org/docs/dev/templates/
20:54 jodv joined #salt
20:55 DammitJim has anyone here done iptable configurations with salt?
20:59 traph joined #salt
20:59 rim-k joined #salt
20:59 benp exit
20:59 Heartsbane joined #salt
20:59 Heartsbane joined #salt
21:00 giantlock joined #salt
21:00 benp left #salt
21:02 denys joined #salt
21:08 mirkop_ joined #salt
21:08 mirkop_ hello
21:08 mirkop_ anyone seeing the salt minion timing out when pulling large docker images?
21:09 mirkop_ using the salt docker modules
21:09 hal58th joined #salt
21:11 jodv joined #salt
21:11 _JZ_ joined #salt
21:14 rhodgin joined #salt
21:14 dendazen joined #salt
21:18 zooz joined #salt
21:21 jalaziz joined #salt
21:21 otter768 joined #salt
21:21 jodv joined #salt
21:22 fivehole joined #salt
21:23 pm90__ joined #salt
21:24 zer0def joined #salt
21:26 Cottser joined #salt
21:27 cyborgIone joined #salt
21:31 berserk joined #salt
21:32 Cottser joined #salt
21:32 druonysuse joined #salt
21:32 druonysuse joined #salt
21:32 aparsons joined #salt
21:33 perfectsine joined #salt
21:35 fivehole Is a mine_function the proper way to grab grain values from one set of minions from another minion?
21:36 baweaver joined #salt
21:36 fivehole I have a grain that lists a set of ports a given service is listening on.  I want to write a config file that has all the ports for a given service in it.
21:37 Cottser joined #salt
21:37 fivehole I see that you can get the network interfaces with mine.get ‘role:service
21:38 fivehole I see that you can get the network interfaces with mine.get ‘role:service’ network.ipaddrs but when I do somehting similar with my grain it always returns empty.
21:39 fivehole if I do salt ‘role:service’ grains.item service I see the proper vaules.
21:40 jonher_ joined #salt
21:41 Cottser joined #salt
21:42 breakingmatter joined #salt
21:49 hasues joined #salt
21:49 hasues left #salt
21:50 dfinn left #salt
21:52 ALLmightySPIFF joined #salt
21:57 whytewolf fivehole: yes, in order to setup mines you do need to setup the mine_function setup
21:59 fivehole so I was able to add grains.items in the pillar config and I can get a full list.  but i don’t see how the alias fuction works.
21:59 John_Kang joined #salt
21:59 whytewolf fivehole: here is a gist of one way in which i use mines to get setup https://gist.github.com/whytewolf/eff4a15f0eaa8d5354a3
21:59 whytewolf internal_ip_addrs is the alias
22:01 fivehole I was assuming you could do something similiar with a single grain.item
22:03 fivehole something like mine_functions: { services: { mine_function: grain.item, service_name}}
22:03 whytewolf you mean like useing the grain.get as your mine_function ....
22:03 whytewolf https://docs.saltstack.com/en/develop/topics/mine/index.html#mine-functions-aliases
22:03 whytewolf look at the ip_list in that example
22:03 Brew joined #salt
22:04 whytewolf mine_function can be any exacution module. including the grains module
22:05 fivehole So in my case the alias is memcached_instances with a grain name of memcached
22:06 fivehole When I do the salt-call mine.update I see an error of [ERROR   ] Function memcached_instances in mine_functions not available
22:06 whytewolf lets see the gist
22:07 timoguin joined #salt
22:08 druonysuse joined #salt
22:09 fivehole https://gist.github.com/mike-syncplicity/e127a1a58e8df1124700
22:14 whytewolf ... I don't know why that is happening. I just tested the exact layout with os [a grain i know is everywhere.] and it came fine
22:14 pdayton1 joined #salt
22:14 fivehole If I could spell function correctly it would have worked the first time.
22:14 fivehole Just noticed it
22:15 fivehole ’n’ is over rated anyway.
22:15 Val_ joined #salt
22:16 whytewolf okay, well that explains that
22:16 pdayton1 joined #salt
22:16 Val_ Hi, I have a problem with the 2015.8 and no problem with 2015.5
22:16 whytewolf I didn't even catch the missing n
22:16 Val_ The memory and Ram of minions are getting high
22:17 Val_ the highstate is so loong ..
22:17 Val_ I had some worker (8)
22:17 Val_ I had some timeout (300)
22:17 fivehole In your defense you haven’t been looking at it for the last hour like I have ;)
22:17 Val_ but the highstate say sometimes (timeout)
22:18 _jimc joined #salt
22:18 alemeno22 joined #salt
22:19 Val_ can somebody tcheck my config ?
22:19 fivehole Val_: Is it failing at Initializing new SAuth for
22:20 Val_ SAuth ?
22:20 Val_ no problem in master logs
22:20 fivehole if you run salt-call -l debug on the minion
22:21 MeltedLux joined #salt
22:21 druonysuse joined #salt
22:21 druonysuse joined #salt
22:22 Val_ there are some error
22:22 Val_ like NPM
22:22 Val_ and You should upgrade pyOpenSSL to at least 0.15.1 to enable the full use of X509 extensions
22:22 Val_ but pip install pyopenssl --upgrade fail
22:23 whytewolf pip upgrade of pyopenssl will fail if it is owned by the os
22:23 whytewolf besides i doubt that is your problem
22:23 Val_ ok
22:23 Val_ me too
22:23 Val_ when I point one minion
22:23 Val_ its good
22:24 Val_ but when I use '*' for highstate
22:24 Val_ it it really loooong (3X more long than 2015.5)
22:24 baweaver joined #salt
22:24 Val_ I have 84 states
22:24 Val_ its not really big ?
22:25 Val_ I have some error on highstate output too
22:25 Val_ salt-call -l debug
22:25 Val_ Comment: Unable to manage file: Message timed out      Started: 09:22:27.235933     Duration: 60063.943 ms
22:26 Val_ No SAuth error in debug
22:27 whytewolf 60063.943 ms? thats about 1 min
22:27 Val_ Yeaahhhh
22:27 Val_ lol, it's crazy
22:28 Val_ i'm in love with salt, but this problem its crazy for me
22:28 rsimpkins left #salt
22:28 Val_ I have an other salt server on 2015.5, he deserve 30 minion wiith more than 100+ state by minion
22:28 Val_ An '*' highstate take no more 2 mn
22:29 hal58th joined #salt
22:29 whytewolf I have not seen the issues you are talking about. are all the minions updated as well or just the master?
22:30 _underscore_ joined #salt
22:30 Val_ all my minion (16) are on 2015.8
22:30 Val_ Debian Jessie
22:30 Val_ The CPU and RAM off all my minion get really big when highstate
22:31 fivehole Val_:  if you do salt '*' test.version does everything respond quickly?
22:31 alemeno22_ joined #salt
22:31 icflournoy joined #salt
22:32 Val_ test.ping is really quick (with 8 worker);,
22:32 Val_ test.version, i try in 30s, my highstate is running, and multi salt command sucs
22:32 Val_ s*cks
22:35 Val_ Yeah, test.version
22:35 Val_ is quick
22:35 Val_ My VMs when I run highstate : http://www.hostingpics.net/viewer.php?id=665446Slection039.png
22:35 joe_n joined #salt
22:37 whytewolf Val_: try to clear the caches. and restart the minions software
22:37 Val_ Total states run:     84 Total run time:   33.603 s
22:37 Val_ when I launch salt-call highstate from 1 minion
22:38 badpanda joined #salt
22:38 Val_ clear the cache  = rm /var/cache/salt/proc/* ?
22:38 whytewolf or salt-run cache.clear_all on the master
22:39 Val_ it say
22:39 Val_ False
22:39 whytewolf sorry, salt-run cache.clear_all tgt='*'
22:39 whytewolf it is a runner after all ;)
22:39 Val_ no problem =)
22:40 Val_ True
22:40 Val_ so all minion's cache are clear ?
22:40 Val_ I launch an highstate on '*' with -l debug
22:41 aqua^c joined #salt
22:41 whytewolf well you should also restart the minions
22:41 Val_ it loose some time on "get_iter_returns for jid 20151001094029736707 sent to set("
22:41 patchedmonkey joined #salt
22:43 Val_ well, clean the cache without restart the minion, go crash
22:43 Val_ ^^
22:44 patchedmonkey joined #salt
22:46 moogyver for the minion installed on a syndic, should it point at the local master or should it point at the same master that the syndic daemon is pointing at?
22:47 moogyver at this point, with master_pub_signkey enabled, only way I can get it to work is to point the minion at the same master the syndic is pointing at, as they seem to share the same master_sign.pub
22:47 moogyver just wondering if i'm doing something wrong
22:48 druonysuse joined #salt
22:48 druonysuse joined #salt
22:50 Val_ my highstate lose too much time on "get_iter_returns for jid"
22:50 Val_ and block here
22:51 Val_ in my other server, this step take max 3 seconds
22:53 Val_ when  I run it from minion, it take some time on "Initializing new AsyncZeroMQReqChannel for"
22:55 whytewolf that explains the timeout of 1 min [default timeout for AsyncZeroMQReqChannel functions is 1 min]
22:56 whytewolf what version of zero mq are you running?
22:56 whytewolf and tornado
23:01 Val_ PyZMQ: 14.4.0
23:01 Val_ Tornado: 4.2.1
23:01 Val_ ZMQ: 4.0.5
23:01 Val_ my highstate is totaly blocked on " get_iter_returns for"
23:02 Val_ and hop, he finish with Total run time:  300.765 s
23:02 ajw0100 joined #salt
23:02 Val_ docker:   ID: /etc/monit/monitrc     Function: file.managed       Result: False      Comment: Unable to manage file: Message timed out      Started: 09:59:29.854021     Duration: 67167.701 ms
23:03 Val_ I think, this is the problem about this time
23:03 Val_ but monitrc file take 1ko :p
23:05 icflournoy joined #salt
23:06 Val_ I get out monit state, but nothing is better
23:08 otter768 joined #salt
23:10 whytewolf Val_: I honestly have no idea what is going on in your enviroment. I would say post as much detail as you can to here as well as the google group, and see if anyone has any other hunches
23:11 Val_ Ok guys, noproblem
23:11 Val_ Thanks for have trying to help me ;)
23:11 Val_ @whytewolf & fivehole TY !
23:12 bfoxwell joined #salt
23:13 whytewolf Val_: wish i could be more help. but i just can't replicate the issue. and with out digging down through each state file to see if one of the states is hanging or if something else is going on it just isn't something i can do
23:17 Val_ I understand
23:17 Val_ my state work really fine on 2015.5
23:17 Val_ (take 15/s by minion max)
23:17 Val_ but really sucks on 2015.8 (its possibly my fault) , Salt not sucks
23:18 Val_ I open a google groups for this
23:18 Val_ I send the link here when finish
23:18 whytewolf Val_: salt HAS a google groups https://groups.google.com/forum/#!forum/salt-users
23:18 Bryson joined #salt
23:18 Val_ yeahh I know =)
23:18 Val_ i write on it
23:19 Val_ sorry for my english ..
23:19 whytewolf no problem, not everyone has english as the first lang.
23:20 Val_ =)
23:26 pravka joined #salt
23:33 Val_ https://groups.google.com/forum/#!topic/salt-users/rPMtIKqtdaE
23:33 Val_ Thanks =)
23:34 darvon joined #salt
23:34 eichiro joined #salt
23:36 gtaylor joined #salt
23:37 gtaylor Is there any way to have a salt master automatically set up a minion on any VMs that are spun up outside of salt on Google Cloud? Idea is to use this with Google Container Engine, which creates the instances itself. I'd like to slap a few extra things on these instances (that Google Cloud manages).
23:38 gtaylor So the salt master doesn't create the instances, and said instances have no salt minion on them when they are created.
23:39 whytewolf gtaylor: https://docs.saltstack.com/en/latest/ref/clouds/all/salt.cloud.clouds.saltify.html
23:40 gtaylor whytewolf: Excellent, that takes care of the provisioning part. Do I need to find an existing reactor or write my own to poll for the new instances?
23:40 whytewolf i think you might need to write your own
23:40 whytewolf I honestly don't know when it comes to GCE
23:41 gtaylor As long as I can poll an instance list using Python within the reactor, I think I'd be golden.
23:42 gtaylor I'm a complete Salt newbie, so I just wanted to make sure that this was possible without having to do anything too exotic before I got into it. Sounds like it could be reasonably straightforward, though.
23:43 lampshades joined #salt
23:43 gtaylor Thanks for the help, whytewolf .
23:44 whytewolf no problem
23:44 pm90_ joined #salt
23:46 TheoSLC joined #salt
23:52 opensource_ninja joined #salt
23:54 rpx joined #salt
23:55 aqua^c joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary