Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2015-10-20

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:00 zsoftich2 joined #salt
00:02 larsfronius joined #salt
00:04 fsteinel_ joined #salt
00:11 pratikmallya joined #salt
00:15 kbaikov joined #salt
00:17 dthom91 joined #salt
00:20 cliluw joined #salt
00:23 eliasp joined #salt
00:24 otter768 joined #salt
00:27 kitplummer joined #salt
00:28 cliluw joined #salt
00:31 catpig joined #salt
00:35 dthom91 joined #salt
00:41 pratikmallya joined #salt
00:42 dthom91 joined #salt
00:47 breakingmatter joined #salt
00:57 cliluw joined #salt
01:02 hasues joined #salt
01:02 hasues left #salt
01:02 amcorreia joined #salt
01:09 Dev0n joined #salt
01:14 mapu joined #salt
01:16 jimklo joined #salt
01:16 kitplummer joined #salt
01:20 dthom91 joined #salt
01:30 zmalone joined #salt
01:32 dthom91 joined #salt
01:35 furrowedbrow joined #salt
01:35 PeterO joined #salt
01:35 catpigger joined #salt
01:38 cberndt joined #salt
01:41 zmalone1 joined #salt
01:42 dthom91 joined #salt
01:45 dthom91 joined #salt
01:52 Sam___ joined #salt
01:53 Sam___ Hello ~~~
01:53 Sam___ anyBody?
01:55 |_[O_O]_| hello ~~~~
02:09 knite joined #salt
02:11 quix joined #salt
02:13 ahammond Sam___ if you're looking to socialize, this is probably the wrong channel. If you have a saltstack related question... http://sol.gfxile.net/dontask.html
02:13 otter768 joined #salt
02:20 orion_ joined #salt
02:22 furrowedbrow joined #salt
02:25 dustywusty joined #salt
02:28 PeterO joined #salt
02:29 dthom91 joined #salt
02:30 PeterO are there no salt states for mkfs ?
02:31 ahammond PeterO not that I'm aware of. There are only modules, AFAIK
02:31 PeterO darn
02:32 ahammond PeterO what were you trying to do?
02:32 kitplummer joined #salt
02:33 PeterO I've got an ec2 instance that uses 2 store volumes and one of the store volumes mounts itself per what AWS does so wanted to umount it, mkfs it, then remount it where I need it.
02:34 ahammond PeterO, ah, you might want to look at module.wait to execute the module.
02:35 ahammond and you'd need a more complicated chain of states to make that happen. :)
02:36 PeterO You can't just call module.wait: name: module.mkfs ?
02:36 PeterO ah has a watch requirement
02:37 ahammond well, you'd use the watch requirement to detect the change necessary to trigger it. but yeah, I think there's a module.run, too.
02:37 the_lalelu joined #salt
02:38 PeterO ah yeah there's a module.run
02:39 ahammond PeterO if your goal is an idempotent formula, then .wait / watch is probably your friend.
02:40 PeterO ahammond: I'll take a look, to be honest I've never used a watch before, this will be fun.
02:40 ahammond PeterO it provides conditional execution. Not as elegant as a state, but sufficient for most tasks.
02:41 kitplummer joined #salt
02:42 PeterO Thanks ahammond
02:47 voxxit joined #salt
02:53 clintberry joined #salt
03:00 zwi joined #salt
03:01 favadi joined #salt
03:04 ajw0100 joined #salt
03:04 bhosmer joined #salt
03:12 Trivium How bad is it to use salt-ssh?
03:14 xenoxaos joined #salt
03:16 clintber_ joined #salt
03:19 knite joined #salt
03:25 clintberry joined #salt
03:27 zmalone joined #salt
03:27 cberndt joined #salt
03:27 favadi joined #salt
03:33 GreatSnoopy joined #salt
03:36 kitplummer joined #salt
03:40 knite joined #salt
03:44 rideh joined #salt
03:45 dustywusty joined #salt
03:46 zmalone joined #salt
03:47 cwyse joined #salt
03:48 troyready joined #salt
03:49 hiptobecubic joined #salt
03:49 whytewolf joined #salt
03:57 zmalone joined #salt
04:00 orion joined #salt
04:00 orion Hi. Any reason why this URL doesn't work?: http://repo.saltstack.com/apt/ubuntu/ubuntu14/dists/trusty/main/binary-amd64/Packages
04:03 g3cko docs.saltstack.com seems down too
04:03 g3cko oh, and the saltstack repos I think added latest into them
04:04 g3cko I'd send you the docs page, but ... down.. lol
04:04 larsfronius joined #salt
04:05 zmalone @orion they rearranged those repos already
04:05 zmalone https://repo.saltstack.com/apt/ubuntu/ubuntu14/
04:05 alemeno22 joined #salt
04:06 zmalone when 2015.5.6 was released, they added 2015.5 to /ubuntu/ubuntu14 as a different repo and rearranged things instead of just throwing all releases in the same repo.
04:06 zmalone (this wasn't announced, so don't feel bad for missing it)
04:06 zmalone repo.saltstack.com has the new paths and instructions
04:07 g3cko ahh nice didn't realize repo.saltstack.com had the info too
04:07 ramteid joined #salt
04:09 orion So, the only change I need to make is to add "/latest" to the end of the 'deb' line, correct? From: "http://repo.saltstack.com/apt/ubuntu/ubuntu14" To: "http://repo.saltstack.com/apt/ubuntu/ubuntu14/latest"
04:09 zmalone It should be something like that.
04:09 ^C worked for me :)
04:12 orion I'll give that a try, thanks for the info.
04:26 clintberry joined #salt
04:35 evle joined #salt
04:46 kitplummer joined #salt
04:47 PeterO joined #salt
05:08 jmreicha joined #salt
05:10 anmol joined #salt
05:22 breakingmatter joined #salt
05:22 favadi joined #salt
05:34 orion left #salt
05:35 PeterO joined #salt
05:37 Amit_K joined #salt
05:37 Amit_K Can anyone check my .sls
05:38 malinoff joined #salt
05:38 Bryson joined #salt
05:39 Amit_K its not working
05:39 Amit_K i just need to install ftp and make sure the service is up
05:40 jeddi joined #salt
05:51 jhauser joined #salt
05:52 DanyC joined #salt
05:54 malinoff_ joined #salt
05:57 malinoff_ joined #salt
05:59 DanyC joined #salt
05:59 orion_ joined #salt
06:01 knite joined #salt
06:01 DanyC_ joined #salt
06:03 pratikmallya joined #salt
06:03 favadi joined #salt
06:05 knite joined #salt
06:09 vim-zz joined #salt
06:11 katyucha joined #salt
06:16 traph joined #salt
06:16 knite joined #salt
06:25 knite joined #salt
06:29 lb joined #salt
06:29 hrumph hi i can't get local.cmd to work for me on lists any more
06:29 hrumph i just get a result of {}
06:33 hrumph i had a script that used to work in the past
06:33 hrumph have
06:36 knite joined #salt
06:37 hrumph get empty dictionary
06:37 hrumph help
06:44 rdas joined #salt
06:44 epcim joined #salt
06:47 hrumph it's a windows minion
06:49 mattiasr joined #salt
06:49 kitplummer joined #salt
06:53 jeddi joined #salt
06:55 DanyC joined #salt
06:56 ingwaem joined #salt
06:57 ingwaem left #salt
06:58 avalchev joined #salt
07:05 stephanbuys joined #salt
07:05 saffe joined #salt
07:07 chiui joined #salt
07:07 eseyman joined #salt
07:10 ingwaem joined #salt
07:11 ingwaem left #salt
07:15 felskrone joined #salt
07:16 lb joined #salt
07:16 toanju joined #salt
07:21 catpigger joined #salt
07:21 ignasr joined #salt
07:23 breakingmatter joined #salt
07:25 evle joined #salt
07:27 edulix joined #salt
07:29 maveas joined #salt
07:31 Grokzen joined #salt
07:34 OliverUK left #salt
07:35 markm_ joined #salt
07:35 larsfronius joined #salt
07:39 fredvd joined #salt
07:39 hrumph i published an issue
07:39 hrumph https://github.com/saltstack/salt/issues/28123
07:39 saltstackbot [#28123]title: local.cmd not working for windows minions | Hi,...
07:40 mohan joined #salt
07:41 rim-k joined #salt
07:41 mohan hi, can anyone help on "how to download the contents from the amazon s3 using the saltstack"
07:42 dkrae joined #salt
07:46 Rumbles joined #salt
07:51 kitplummer joined #salt
07:52 babilen mohan: https://docs.saltstack.com/en/latest/ref/file_server/all/salt.fileserver.s3fs.html -- you might want to read that
07:54 mohan hi, babilen i gone through it but i am getting the error like this "The minion function caused an exception: Traceback (most recent call last):       File "c:\salt\bin\lib\site-packages\salt\minion.py", line 1004, in _thread_return         return_data = func(*args, **kwargs)       File "c:\salt\bin\lib\site-packages\salt\modules\s3.py", line 163, in get         location=location)       File "c:\salt\bin\lib\site-packages\salt\utils\s3
07:55 babilen Please use a pastebin such as http://refheap.com, http://paste.debian.net, https://gist.github.com, http://sprunge.us, http://dpaste.de, …
07:55 babilen (and it is typically a *much* better idea to ask about an error if you have already tried things rather than a generic question such as "How to use s3?"
07:55 babilen )
07:56 mohan i just need to add s3.keyid,s3.key in my master.config file right
07:56 rdas joined #salt
07:56 babilen Well, I guess you also have to define s3.buckets as detailed later
07:57 ingwaem joined #salt
07:57 ingwaem left #salt
07:59 mohan i am just using a single bucket and I specified like this "fileserver_backend:   - roots   - s3fs  s3.keyid: xxx s3.key: xxx s3.service_url: xxx s3.verify_ssl: xxx s3.location: xxx  s3.buckets:  -base:   - xxx"
07:59 babilen Please use a pastebin
07:59 babilen And you seem to be missing a space between "-" and "base" there
08:01 babilen Paste your entire configuration, the exact error, whatever commands caused that error and the output of "salt --versions-report" to one of the aforementioned pastebins
08:02 stephanbuys left #salt
08:02 moeyebus joined #salt
08:05 cberndt joined #salt
08:07 traph joined #salt
08:07 traph joined #salt
08:13 ponpanderer joined #salt
08:21 s_kunk joined #salt
08:22 losh joined #salt
08:22 dkrae joined #salt
08:22 GreatSnoopy joined #salt
08:27 chrismckinnel joined #salt
08:31 stephanbuys joined #salt
08:36 dzen joined #salt
08:36 dzen hello
08:37 dzen It seems there is no i386 packages on http://repo.saltstack.com/apt/debian/latest/
08:37 dzen Does this changed recently ?
08:38 impi joined #salt
08:38 dzen https://github.com/saltstack/salt/issues/27228
08:38 saltstackbot [#27228]title: salt-minion not installable on debian jessie x86 | I'm getting this...
08:38 dzen I just found this
08:41 epcim joined #salt
08:43 stephanbuys left #salt
08:49 DanyC joined #salt
08:54 avalchev joined #salt
09:01 linjan joined #salt
09:06 bhosmer joined #salt
09:07 SubOracle joined #salt
09:12 rim-k hello everyone!
09:13 rim-k joined #salt
09:15 SubOracle joined #salt
09:23 ingslovak joined #salt
09:24 larsfronius joined #salt
09:25 breakingmatter joined #salt
09:26 ingslovak Hello guys, I just upgraded to 2015.8.1 and it seems that the new Git Pillar schema dropped support for dynamic environments (branches) that could be configured in ext_pillar with the __env__ keyword. Am I missing something or is this by design? Thanks a lot.
09:27 larsfron_ joined #salt
09:30 ashmckenzie joined #salt
09:36 thalleralexander joined #salt
09:40 auzty joined #salt
09:40 al joined #salt
09:53 kitplummer joined #salt
10:04 sgargan joined #salt
10:12 thalleralexander joined #salt
10:13 giantlock joined #salt
10:42 epcim joined #salt
11:04 Rumbles joined #salt
11:07 breakingmatter joined #salt
11:10 mapu joined #salt
11:11 ubikite joined #salt
11:11 evle joined #salt
11:12 av___ joined #salt
11:14 giantlock joined #salt
11:17 deus_ex joined #salt
11:19 amcorreia joined #salt
11:33 Xevian joined #salt
11:36 markm joined #salt
11:36 fredvd joined #salt
11:42 Grokzen joined #salt
11:45 chiui joined #salt
11:56 favadi joined #salt
12:04 TyrfingMjolnir joined #salt
12:05 stephanbuys joined #salt
12:08 otter768 joined #salt
12:09 gasbakid joined #salt
12:09 larsfronius joined #salt
12:10 tmclaugh[work] joined #salt
12:11 pratikmallya joined #salt
12:15 falenn joined #salt
12:17 slav0nic joined #salt
12:26 mapu joined #salt
12:26 otter768 joined #salt
12:30 kitplummer joined #salt
12:32 avalchev joined #salt
12:33 pcn I don't use the git pillar - do you see anything relating to that in the detailed change logs?
12:33 moeyebus left #salt
12:41 DammitJim joined #salt
12:41 Twiglet Anyone using salt-cloud with GCE? Can we add scopes, only thing I can find is a thead for a year ago saying it's not supported atm?
12:44 rvankleeck joined #salt
12:48 fredvd joined #salt
12:50 Twiglet and looking st the code, no, no it doesn't
12:50 toastedpenguin joined #salt
12:53 tmclaugh[work] joined #salt
12:54 yidhra joined #salt
12:54 liskl looking for help with an jinja specific issue using the dhcpd-formula, Preblem data located https://pastebin.liskl.com/avigeviles.pl
12:55 liskl getting a "Unable to manage file: Jinja variable 'dict object' has no attribute 'netmask'"
12:55 DammitJim how do I convert a pillar to upper case?
12:56 toastedpenguin joined #salt
12:56 Twiglet liskl: should that not be subnet.netmask?
12:59 ericof joined #salt
12:59 JDiPierro joined #salt
13:00 furrowedbrow joined #salt
13:01 toastedpenguin can you set instance defaults in the providers conf or should this be done in a profile?
13:02 JDiPierro joined #salt
13:02 ubikite hi there, can anyone explain the differences between salt and saltstack debian repositories?
13:02 subsignal joined #salt
13:03 liskl Twiglet: i'll check and if successful will send a pull request
13:03 DammitJim joined #salt
13:04 quix joined #salt
13:05 sgargan joined #salt
13:07 DammitJim how do I convert a pillar to upper case?
13:08 Twiglet DammitJim: .upper i think
13:09 Twiglet so salt.pillar.get('blah').upper
13:09 DammitJim thanks Twiglet
13:09 liskl Twiglet: Unsuccessful "{{ intendation }}subnet {{ subnet }} netmask {{ subnet.netmask }} {" with the error becoming "Unable to manage file: Jinja variable 'str object' has no attribute 'netmask'"
13:09 Twiglet DammitJim: wait no
13:09 Twiglet salt.pillar.get('blah')|upper
13:09 DammitJim is that a salt document or yaml? jinja?
13:10 DammitJim dammit... I knew that!
13:10 Twiglet jinja
13:10 DammitJim |upper
13:10 liskl looking for help with an jinja specific issue using the dhcpd-formula, Problem data located https://pastebin.liskl.com/avigeviles.pl
13:11 sgargan joined #salt
13:12 liskl updated with Salt Version for more info: https://pastebin.liskl.com/localozawi.pl
13:13 NVX joined #salt
13:13 NVX joined #salt
13:14 scoates joined #salt
13:14 chrismckinnel joined #salt
13:14 jeddi joined #salt
13:16 salty-dog joined #salt
13:16 bhosmer joined #salt
13:16 salty-dog Good morning -
13:16 liskl Morning
13:17 quasiben joined #salt
13:19 salty-dog Question : I am trying to install Icinga2 with saltstack. One of the steps is to request a signing ticket# on the Icinga Master with the hostname of the minion I'm on and then use the returned ticket in other commands. I'm lost.
13:20 salty-dog Not asking really for code help... just logic help.
13:20 drawsmcgraw salty-dog: What's it look like when you request a signing ticket#?
13:20 drawsmcgraw Is that a command on the Icinga master?
13:21 cpowell joined #salt
13:21 salty-dog Yeah...   on the master it's a simple "icinga2 pki ticket --cn HOSTNAME"
13:21 salty-dog that returns a simple hash
13:22 dthom91 joined #salt
13:22 drawsmcgraw salty-dog: Could you do that ahead of time, and pack the hash into Pillar?
13:22 salty-dog trying to replicate this process : http://serverfault.com/a/655134
13:22 drawsmcgraw (not sure if you have the luxury of knowing the hostname a priori)
13:23 salty-dog see... that's the issue. @drawsmcgraw. I would not know the hostname prior
13:24 sgargan joined #salt
13:25 drawsmcgraw hrm....
13:27 drawsmcgraw salty-dog: This looks like those commands are run on the client, do I misunderstand?
13:27 salty-dog $ticket is the the ticket hash run on the host.
13:27 drawsmcgraw ah, I see now
13:27 salty-dog $ticket is the return of asking for the ticket hash on the master.
13:28 drawsmcgraw Right... :/
13:28 salty-dog I guess slack commands don't work in IRC.
13:28 drawsmcgraw The Icinga master.. it's just another Salt minion for you?
13:29 salty-dog currently : neither a master or minion. If needed ... it could be a minion.
13:29 aphor joined #salt
13:29 drawsmcgraw k
13:30 drawsmcgraw Yeah especially if you don't have a minion on the Icinga master, this would only be a semi-automated process.
13:30 drawsmcgraw Once you have the fqdn of the machine, it wouldn't be hard to make the hash and put it in Pillar
13:30 drawsmcgraw Otherwise, if you wanted 100% automated, I'd put a minion on the Icinga master and look into using Salt mine
13:31 drawsmcgraw I'm thinking of a key in the Salt mine 'icinga-tickets':'my-new-icinga-client':'sooper-long-hash'
13:31 drawsmcgraw Then the minion could fetch the hash out of the Salt mine that way
13:32 drawsmcgraw For order of operations (i.e., guaranteeing the Icinga master has put the hash into the Salt mine), I'd look into Orchestrate
13:32 aphor I have a design question about salt-cloud. Anyone familiar with that code willing to explain about the mapper and cloud configs?
13:32 drawsmcgraw aphor: I might be able to
13:32 aphor drawsmcgraw: thx.
13:32 salty-dog Another quick question along these lines. I know it's simple but how do you store a return in a pillar.
13:33 DammitJim joined #salt
13:33 salty-dog I know it's simple but the adderall has not kicked in yet.
13:34 aphor drawsmcgraw: I'm trying to implement the digital_ocean cloud DNS record create/delete support, but it looks like delete is naive about the cloud config even if operating on a map file.
13:34 RandyT @basepi: banner needs a version update. :-)
13:36 drawsmcgraw aphor: Interesting.... I vaguely remember this being an issue in the salt-cloud codebase in general - it's difficult (or currently impossible) to know which VM belongs in which cloud
13:36 pcn Does anyone here use the reddit returner?
13:36 aphor drawsmcgraw: salt.cloud.Cloud class' method destroy() even has comments complaining about this re: inferring the append_domain setting.
13:37 RandyT aphor: drawsmcgraw  how about tags?
13:37 pcn Actually, let me expand that - does anyone use a datastore as an event returner?  I'd like to know more about how to find events, etc.
13:37 aphor drawsmcgraw: is there a design reason that the destroy operation should not have/pass-around the VM config context in its execution?
13:38 pcn aphor: I think it'd be better if grain data had cloud info on each host since it should be certain about that.
13:38 drawsmcgraw aphor: I can't say I'm familiar enough to answer that question, but I can speculate this way:
13:39 drawsmcgraw the delete() method only has the name of a VM. It doesn't know what the configuration looked like when that VM was created
13:39 drawsmcgraw And it may be accounting for the fact that the config can change between VM creation and deletion.
13:39 drawsmcgraw But again, just guesswork.
13:39 RandyT drawsmcgraw: globbing for destroy would go a long way toward solving the challenge if I understand it completely.
13:40 RandyT I can embedded the cloud context in a name very easily.
13:40 aphor To me, it looks like the map file is supposed to be the authoritative assertion of VM cloud attributes.
13:40 I joined #salt
13:40 aphor Embedding the cloud context in the name creates a brittle dependency.
13:41 drawsmcgraw I've had productive conversations with rallytime. She'll likely have much better answers than me on the design decisions and rest of the code.
13:41 drawsmcgraw aphor: I agree
13:42 pcn aphor: +1 on not trying to parse names.  Real data is critical.
13:43 aphor I'm starting to feel like the minion grains would be the best place for cloud attributes, but it creates a chicken and egg problem if the minion fails to bootstrap completely.
13:43 drawsmcgraw salty-dog: Actually that's a good question. I'd resort to writing some Python to get it done as I'm not sure how you'd do it in a state.
13:44 pcn aphor: if the bootstrap can prioritize getting grains loaded or visible in those cases, it'd be pretty likely to succeed.
13:45 aphor pcn: the default bootstrap script has to do a lot of stuff with external package dependencies to even get the minion running.
13:45 salty-dog Thanks drawsmcgraw
13:45 felskrone how can i pass/define pillars to/for a masterless minion?
13:46 babilen felskrone: You do that in the minion config
13:47 babilen (or simply accept the default /srv/pillar)
13:47 aphor pcn: say an external yum/apt repo server was rebooting in the middle of a salt-cloud create. How would you know what was fully spun up and how to deal with the stuff that choked?
13:48 eliasp aphor: I'd go the failhard route for initial deployments… (salt-cloud create)… if it fails, throw it away and spin up a completely new instance
13:49 pcn aphor: Those are really good questions.  My instinct is to have the minions fail, look for lack of completion, and either re-try bootstrap from the master side, or kill them and restart
13:49 cpowell joined #salt
13:49 aphor eliasp: I'm not comfortable creating a distinction between initial deployments and incremental changes.
13:49 felskrone babilen: i will have a look at the minion config, thx
13:49 pcn aphor: I don't have any faith that a minion on its own should be able to understand the larger context that it's in and how it should work without the master to provide it with context.
13:50 sastorsl_ I want to match on grains from the salt master, specifically on pythonversion where the version is 2.6
13:50 pcn aphor: Trying to hard to make an insane state correct is a very low return and a very deep hole to be digging.
13:50 favadi joined #salt
13:50 sastorsl_ How do i target with grains when the value is a list?
13:51 sastorsl_ pythonversion:\n  - 2\n  - 6\n...
13:51 aphor pcn: if we need to assume the minion's understanding of its cloud is fallible, then maybe salt-cloud config data would need to become a global declaration.
13:52 aphor pcn: like pillar data..
13:54 favadi joined #salt
13:55 aphor pcn: which would make it a good idea to spin up Cloud.destroy() with access to the same config as Cloud.create()
13:55 pcn aphor: That would be ideal, you'd need to stash that data somewhere.
13:56 aphor pcn: this will require a logical shift for salt-cloud.
13:56 aphor pcn: it should work like states, I think.
13:56 andrew_v joined #salt
13:57 pcn aphor: so following that logic, cloud info becomes a first-class citizen and both salt-cloud and states can access it?
13:57 pcn I like the sound of that
13:57 pcn I wonder how much work that would be.
13:58 aphor pcn: I briefly considered yesterday completely rewriting the salt-cloud functionality as state.sls to be executed by the salt master's minion.
13:58 aphor pcn: then my cloud declaration would change from a salt-cloud.map file to a pillar.
14:00 kitplummer joined #salt
14:00 aphor Why does everything turn into such a can-of-worms?
14:00 TranquilityBase joined #salt
14:00 pcn aphor: that would make it easier to manage in a lot of ways - we spend time rendering pillars into cloud profiles so we can launch, which is a waste of cognitive effort at times.
14:00 pcn aphor: it's because all this shit is made up, and we're all just dreaming this stuff into existence
14:01 pcn You dream well, it seems
14:01 aphor I read a lot of Plato in college. Think forms.
14:02 aphor Salt is an extremely Formal system.
14:02 mapu joined #salt
14:04 zwi joined #salt
14:05 pguinardco joined #salt
14:06 favadi joined #salt
14:08 sgargan joined #salt
14:10 mpanetta joined #salt
14:11 felskrone babilen: cant really find anything in the docs about setting pillars in the minion config, do you have hint?
14:12 darthzen joined #salt
14:12 felskrone i've set pillar_roots pointing to the dir containing my git-repo with pillars/top.sls, but the minion does not seem to recognize that
14:13 quix joined #salt
14:13 felskrone hmpf, never mind, i forgot top copy the minion.config :-)
14:14 _JZ_ joined #salt
14:15 perfectsine joined #salt
14:16 mpanetta_ joined #salt
14:16 Brew joined #salt
14:17 scott_w joined #salt
14:17 favadi joined #salt
14:17 domel joined #salt
14:18 DanyC joined #salt
14:18 domel hey guys does anyone have any idea on why this blows up? https://gist.github.com/larry-kulak/11fc5f6e6d7fcb8e9b95
14:18 sgargan joined #salt
14:20 pratikmallya joined #salt
14:21 pratikma_ joined #salt
14:21 Akhter joined #salt
14:22 aphor domel: try looking at GitHub and asking people who commit to the dockerio module if nobody volunteers to answer your question here.
14:22 pcn does anyone know if I can use an aws ec2 ENI ID in salt-cloud to maintain the ID+IP address of a node with salt-cloud?
14:22 favadi joined #salt
14:23 TheLoeki joined #salt
14:25 subsigna_ joined #salt
14:28 Zachary_DuBois joined #salt
14:28 dthom91 joined #salt
14:31 al joined #salt
14:31 domel answered my own question
14:31 domel needs pip >= 1.1.0
14:32 domel sorry not pip byt docker-py==1.1.0
14:32 domel seems to fix this
14:32 perfectsine_ joined #salt
14:32 larsfronius joined #salt
14:33 giantlock joined #salt
14:35 zmalone joined #salt
14:35 DammitJim joined #salt
14:35 dthom91 joined #salt
14:36 favadi joined #salt
14:38 DammitJim what can I use to configure ubuntu updates from salt?
14:44 bluenemo joined #salt
14:44 babilen felskrone: You use *exactly* the same config as in the master config
14:45 babilen It is identical
14:45 beardedeagle joined #salt
14:45 felskrone babilen: i had everything correct already, i just did not copy the minion config after changing it :-)
14:46 babilen ... :)
14:47 rojem joined #salt
14:48 stolenmoment joined #salt
14:51 sgargan joined #salt
14:52 malinoff joined #salt
14:54 winsalt joined #salt
14:55 Akhter joined #salt
14:55 stickmack joined #salt
14:55 stolenmoment1 joined #salt
14:57 anotherZero joined #salt
14:57 mr_chris I'm having a hell of a time figuring out how to get salt reactor to run the highstate, then yum update, then reboot.
14:58 mr_chris I can do one at a time no problem.
14:58 mr_chris If I add all three into one sls it runs them at the same time which is not desirable.
14:58 mr_chris What's the right way to do this?
14:59 edulix joined #salt
14:59 winsalt they should run in order if they are in a sls, but you can force it with require flags
14:59 mr_chris winsalt, How do you use require flags in a reactor sls. kargs?
15:01 winsalt actually i had the reactor call local.state.sls, and made a regular sls to do all the work
15:01 winsalt but there is probably a better way using orchestrate
15:02 dfinn joined #salt
15:03 JDiPierro joined #salt
15:03 winsalt https://docs.saltstack.com/en/latest/topics/tutorials/states_pt5.html
15:04 timoguin_ joined #salt
15:04 dthom91 joined #salt
15:04 zsoftich2 joined #salt
15:06 khaije1 joined #salt
15:07 danemacmillan joined #salt
15:10 clintberry joined #salt
15:12 kitplumm_ joined #salt
15:13 hiptobecubic joined #salt
15:13 sdm24 joined #salt
15:16 Twiglet DammitJim: What do you mean?
15:16 Zachary_DuBois joined #salt
15:18 kitplummer joined #salt
15:20 kaptk2 joined #salt
15:22 hardwire joined #salt
15:25 kitplummer joined #salt
15:27 jeffpatton1971 joined #salt
15:27 mr_chris winsalt: Calling the highstate within an sls doesn't work because the hightstate fails due to a state already running. I'm checking out orchestrate. Thanks for the advice.
15:28 Opti99 joined #salt
15:28 dthom91 left #salt
15:28 gasbakid_ joined #salt
15:29 meye1677 joined #salt
15:31 Twiglet Not being able to call pillar items from within pillar is really frustrating sometimes
15:31 bhosmer joined #salt
15:31 ubikite joined #salt
15:32 geekatcmu inception
15:32 Twiglet I want to loop over users from one pillar in another pillar, otherwise I have to specify them in 2 places, and that just makes management no fun
15:32 quix_ joined #salt
15:33 mpanetta joined #salt
15:33 orion__ joined #salt
15:33 cberndt joined #salt
15:33 quasiben joined #salt
15:34 geekatcmu OR, you have to have separate states for each group of users, and include both states in your destination
15:34 geekatcmu Which is not DRY
15:36 Akhter joined #salt
15:36 Tanta or use a single pillar dict for users, with downstream attributes that can be targeted in multiple different states for each user
15:37 Tanta that's how I handled that issue
15:38 keimlink joined #salt
15:38 alemeno22 joined #salt
15:39 Bryson joined #salt
15:39 Twiglet My user/group states are odd to say the least
15:41 BogdanR I just upgraded to salt-cloud 2015.8 and apparently when I create instances the minion doesn't get installed
15:41 RedundancyD joined #salt
15:41 XenophonF joined #salt
15:42 hiptobecubic Can someone tell me what's wrong with this state file? It's very small and the error is `KeyError: pip.install`. Based on https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.pip.html it seemed like this was the way to pip install things.
15:44 BogdanR As you can see salt-cloud can ssh on the new instance: http://hastebin.com/nufitebule
15:44 BogdanR But for some reason the minion doesn't get installed
15:45 BogdanR Is this a known thing for 2015.8 ?
15:45 RandyT BogdanR: there was a problem that I believe was fixed in 2015.8.1 that should resolve that.
15:45 XenophonF are the salt package in epel newer than the ones in the saltstack copr?
15:46 BogdanR RandyT: I have
15:46 BogdanR RandyT: I have 2015.8.1-121-gc1ac330
15:46 XenophonF the ubuntu ppa seems outdated, too
15:47 sdm24 hiptobecubic: I had a similar problem. We used pkg.installed to install pip3, but salt seems to just use pip
15:47 amcorreia joined #salt
15:47 hiptobecubic sdm24, I'm not even getting that far.
15:47 zmalone XenophonF: I think both of those are outdated
15:47 sdm24 hiptobecubic: the work around was to install pip and pip3, and use the bin_env to point to b=pip 3
15:47 RandyT BogdanR: perhaps the change did not make it into the release or this is different. Do you have etc/salt/cloud.deploy.d/bootstrap.sh ?
15:47 zmalone repo.saltstack.com has the most recent packages
15:47 hiptobecubic sdm24, If I could get it to just use regular pip I'd be happy.
15:48 sdm24 hiptobecubic: make sure that you are installing pip first. And if you run the state as test=True, it will fail because pip is not being installed
15:48 XenophonF looks like they changed the installation instructions for 2015.8
15:49 XenophonF my mistake
15:50 zmalone XenophonF: No problem, they didn't announce it, and then changed it again
15:50 zmalone Unless you've installed recently, you would have missed it.
15:50 XenophonF yeah, i guess i assumed that i could just keep using the COPR/PPA repos forever
15:51 hiptobecubic sdm24, doesn't pip come with salt? Isn't that what this says? https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.pip.html
15:51 RandyT BogdanR: I had this problem in recent past and the solution was to run 'salt-cloud -u'
15:51 hiptobecubic errr  salt comes with pip
15:51 XenophonF hiptobecubic: pip isn't a dependency
15:51 XenophonF it's optional
15:51 XenophonF if it's installed, salt.modules.pip will work
15:51 RandyT BogdanR: updated master to add bootstrap script that for some reason was not being installed in upgrade
15:51 hiptobecubic salt.modules.pip *does* work.   salt-call --local pip.install nose  worked fine
15:51 XenophonF that's why you will usually see a pip pkg.installed state followed by a pip.installed state
15:52 sdm24 hiptobecubic: I think it only comes installed for Windows minions. Could be wrong though
15:52 sdm24 do the other pip commands work?
15:52 Opti99 Using the py renderer, is there an example I can look at for importing another py renderer file into another?
15:53 hiptobecubic oh dammit. It's *pip.installed* in the state file and *pip.install* if you're running it manually via salt-call
15:53 hiptobecubic sigh
15:53 sdm24 hiptobecubic: you should checkout https://docs.saltstack.com/en/latest/ref/states/all/salt.states.pip_state.html if you are using a state, instead of the execution module docs
15:53 sdm24 yep that will do it :(
15:54 BogdanR RandyT: When was the master upgraded for this because the version we have is from today?
15:56 stephanbuys1 joined #salt
15:57 ubikite joined #salt
15:57 jmreicha joined #salt
15:58 dthom91 joined #salt
15:59 stephanbuys1 left #salt
16:00 ubikite joined #salt
16:02 murrdoc joined #salt
16:03 perfectsine joined #salt
16:03 zmalone https://copr.fedoraproject.org/coprs/saltstack/salt/ seems really orphaned
16:03 zmalone it should probably have an updated Overview if it's run by Saltstack.
16:07 flyx joined #salt
16:08 hal58th zmalone, did you look at issues for github?
16:09 wendall911 joined #salt
16:09 ingwaem joined #salt
16:10 zmalone There are currently no issues open for that (that I can find), but it's more of XenophonF's issue.
16:10 zmalone hal58th: XenophonF was on the Saltstack supported COPR repo, and was wondering why nothing newer than 2015.5.1 was available.
16:11 hal58th ah I see
16:11 zmalone I'll open one to be polite, although it doesn't really impact me.
16:12 zmalone https://github.com/saltstack/salt/issues/28142
16:12 saltstackbot [#28142]title: Deprecate or update the copr repo | https://copr.fedoraproject.org/coprs/saltstack/salt/ is no longer updated, but it is a "Official" SaltStack repo.  It should probably either be updated with the latest packages, or the overview page should be updated to note the location of the current supported repos.
16:14 Akhter joined #salt
16:15 Fiber^ joined #salt
16:15 aron_kexp joined #salt
16:15 david_lewis joined #salt
16:16 Topic for #salt is now Welcome to #salt | 2015.8.1 is the latest | Please use https://gist.github.com for code, don't paste directly into the channel | Please be patient when asking questions as we are volunteers and may not have immediate answers | Channel logs are available at http://irclog.perlgeek.de/salt/
16:16 basepi RandyT: thanks for the reminder!
16:17 RandyT BogdanR: I'm not certain a fix for this has been committed.
16:17 breakingmatter joined #salt
16:17 RandyT I know it was reported and discussed after 8.0 and before 8.1... about as much as I can tell you.
16:17 knite joined #salt
16:20 gasbakid__ joined #salt
16:22 RandyT BogdanR: appears this issue may still be open https://github.com/saltstack/salt/issues/26699
16:22 saltstackbot [#26699]title: [salt-cloud] Minion doesn't install on some providers after upgrading to 2015.8.0 | Hi...
16:23 DammitJim joined #salt
16:24 keimlink joined #salt
16:27 larsfronius joined #salt
16:27 gasbakid__ joined #salt
16:30 FreeSpencer Do you guys write unit tests for your states?
16:30 knite joined #salt
16:30 rmnuvg joined #salt
16:30 ldelossa joined #salt
16:30 ldelossa Hey guys, I'm relatively new to salt and I just wanted to get some best practices - this maybe a subjective question but how are you guys organizing your states
16:31 larsfron_ joined #salt
16:31 gasbakid__ joined #salt
16:31 ldelossa are you guys making a state for a specific type of server, and embedding all the execution modules to get to that "role". Or are you defining more modular states such as "snmpv3" state which just does a specific function
16:31 ldelossa Is there a best practice using Salt?
16:32 rvankleeck ldelossa: i organize all my states in /srv/salt/formulas and make them generic. Then use pillar to customize them
16:33 inad922 joined #salt
16:34 ldelossa Okay I have't gotten to pillars yet.
16:34 ldelossa I'll have to keep digging into the documentation
16:34 rvankleeck ldelossa: pillar is very powerful
16:35 RandyT rvankleeck: on a related note, is there some variable for use in the yaml state files to refer to root or top?
16:35 ldelossa Thanks I'll keep digging.
16:36 rvankleeck RandyT: Not sure. Nor even if there needs to be. I think everything starts at the root anyway
16:36 Akhter joined #salt
16:37 RandyT I'm attempting to refer to a 'common' directory under top from some other subdirs that are role specific... not figuring out how just yet. perhaps the wrong approach
16:37 rvankleeck RandyT: so if you say 'stuff' and have a 'stuff.sls' in the root states directory it pulls that in
16:37 MadHatter42 joined #salt
16:38 rvankleeck RandyT: ah. so taking my /srv/salt/formulas as mentioned above for the states root, then you could a 'common' directory in there with states that are used in different states. and then other states should be able to refer to 'common.state_name' or 'common/files/fine.name'
16:39 RandyT actually think I have cracked it... common.clojure for example to hit common/clojure/init.sls
16:39 rvankleeck at least, i think so. i'm not a complete expert yet =p
16:39 rvankleeck RandyT: that would be correct
16:39 RandyT that does it..
16:40 RandyT so I like the distinction of formulas.. will a highstate just find formulas/top.sls then?
16:40 rvankleeck RandyT: yup. as long as you have it set there in the master config
16:40 RandyT ah, ok
16:40 rvankleeck file_roots: /srv/salt/formulas
16:41 RandyT perfect
16:41 MadHatter42 joined #salt
16:41 rvankleeck or gitfs if you want to use that
16:41 rvankleeck which I prefer for versioning and such
16:43 aparsons joined #salt
16:43 bhosmer_ joined #salt
16:43 Akhter joined #salt
16:43 pratikmallya joined #salt
16:46 writtenoff joined #salt
16:47 pratikma_ joined #salt
16:47 aphor +gitfs
16:48 knite joined #salt
16:49 _ikke_ joined #salt
16:49 XenophonF thanks zmalone
16:52 felskrone1 joined #salt
16:53 Opti99 Using py, can I import an sls into another to use it's functions?
16:54 breakingmatter joined #salt
16:55 jalbretsen joined #salt
16:57 avalchev joined #salt
16:58 aphor does rallytime ever pop in on #salt?
17:02 ageorgop joined #salt
17:03 mimianddaniel joined #salt
17:03 mimianddaniel hi
17:04 mimianddaniel anyone know way to return results other tan returner from reactor?
17:05 TyrfingMjolnir joined #salt
17:06 XenophonF is ppa:saltstack/salt not current, either?
17:07 XenophonF ugh
17:07 aphor mimianddaniel: you could write to grains and then mine them later.
17:07 quix joined #salt
17:08 aphor XenophonF: is there a bug for that?
17:09 mimianddaniel aphor: hmm not sure if that kind of solution scales
17:09 mimianddaniel but interesting idea tho :)
17:09 aphor Opti99: state.sls files can include other state.sls files.
17:09 zmalone joined #salt
17:09 mimianddaniel aphor: i would just write to redis and poll for it
17:10 bussillis joined #salt
17:10 aphor mimianddaniel: are you wishing there was a global state context? I do that sometimes.
17:10 XenophonF aphor: no idea
17:11 mimianddaniel global state context?
17:11 mimianddaniel not following you
17:11 aphor XenophonF: if there's no GitHub issue for that, you should make one.
17:11 XenophonF aphor: i'm going to file a PR for salt-formula instead
17:12 XenophonF the docs say to use saltstack's private repo, and since the ppa isn't current, i'm not going to bother trying to get that fixed
17:12 aphor mimianddaniel: minion states could be dependencies for a universal state.
17:12 PeterO joined #salt
17:12 bussillis hey guys, i need some help, i try to create one node with salt-cloud on linode, i use this command: salt-cloud -p linode_profile test4   but it fails to create the instance with this error https://paste.debian.net/317160/
17:13 mimianddaniel aphor: thats not what i want.
17:14 mimianddaniel aphor: wish there was better way to catch the returns from reactor runs other than returner
17:14 ignasr joined #salt
17:17 aphor I can't fit any more big questions into my head right now.
17:18 aphor need to go meditate on how salt-cloud configuration data should be persisted
17:19 stolenmoment1 aphor: what do want to get back from a reactor?
17:20 drawsmcgraw bussillis: Does "DiskID" mean anything to you in the context of Linode?
17:20 nate_c joined #salt
17:20 drawsmcgraw I don't use Linode, though I did launch an instance on there with salt-cloud... er... back in Feb. Once.
17:24 bhosmer_ joined #salt
17:25 incnspcus joined #salt
17:26 bussillis drawsmcgraw: no :(
17:27 bussillis i haven't see that anywhere :(
17:27 bussillis actually it creates the instance but doesn't attach the drive so the machine is dead
17:29 bussillis_ joined #salt
17:29 bussillis_ :(
17:29 bussillis_ anyone
17:29 bussillis_ ?
17:29 drawsmcgraw Doesn't attach the drive?
17:30 drawsmcgraw I wonder if you're using a flavor/image/something that *requires* an explicit drive attached
17:31 PeterO joined #salt
17:31 drawsmcgraw Yeah I just glanced at my old Linode configs. No mention of a drive. Just a CentOS image and a size of "Linode 1024"
17:34 JDiPierro joined #salt
17:36 kitplummer joined #salt
17:40 bussillis_ hmm
17:40 bussillis_ drawsmcgraw:
17:40 bussillis_ thnx
17:40 kitplumm_ joined #salt
17:41 bussillis_ could you send me that snippet?
17:41 bussillis_ and the profile if possible :D  without key and password :D?
17:41 rburkholder joined #salt
17:41 stephanbuys joined #salt
17:41 drawsmcgraw bussillis_: profile -> http://dpaste.com/06NC4YM
17:42 bussillis_ thank you
17:43 drawsmcgraw bussillis_: Here we go, both in one -> http://dpaste.com/0CBC8AP
17:43 bussillis_ thank you very much
17:44 GabLeRoux joined #salt
17:44 tr_h left #salt
17:44 Jay_ joined #salt
17:44 stolenmoment1 left #salt
17:44 stolenmoment1 joined #salt
17:44 GabLeRoux left #salt
17:45 dthom91 joined #salt
17:46 bhosmer_ joined #salt
17:47 bussillis_ drawsmcgraw: OMG seems like unseting master can make huge bullshit
17:48 traph joined #salt
17:50 RandyT question: what triggers a cache flush and reload on minions? How do you force this?
17:50 Opti99 Using macros as functions is bad pratice, correct?
17:50 iggy saltutil.clear_cache can
17:51 GabLeRoux joined #salt
17:51 GabLeRoux hey there, quick jinja question; I'm trying to get the output of salt['cmd.run']('test -f $HOME/.composer/vendor/bin/phpunit') as a bool result, but all I get is empty. I tried salt['cmd.run']('whoami') and my var does contain "root" so salt['cmd.run']('cmd') does work, any idea? Note: I want to use this condition to
17:51 iggy Opti99: more than likely... if you need functions, you're probably better off writing them as modules or completely different states
17:51 GabLeRoux Oh, I guess I can get the data I want by getting $? right after that command
17:52 RandyT iggy: what are rules around updates of cache? Do I always need to trigger manual cache update if layout changes?
17:52 iggy GabLeRoux: cmd.retcode wouldnt' work?
17:52 iggy RandyT: "if layout changes"?
17:52 kitplummer joined #salt
17:52 eofs joined #salt
17:52 RandyT iggy: still in dev phases here and working with layout of state files, etc... new files.
17:53 GabLeRoux iggy: yeah, that's exactly what I was looking for, thanks
17:53 iggy RandyT: cache flushes for changing state files shouldn't be necessary
17:53 ajo__ joined #salt
17:54 iggy RandyT: the only time I can think that would be a good idea would be changing gitfs stuff (and then it'd be the master cache, not the minion caches)
17:54 RandyT iggy: finding cases where I have changed files, added directories, etc and even restarted master and cache is still showing old layout to minions
17:54 drawsmcgraw bussillis_: That's interesting..... Does it act a little better if you have a 'master' set ?
17:54 GreatSnoopy joined #salt
17:54 iggy RandyT: does cp.list_master show the layout you expect?
17:55 bussillis_ drawsmcgraw: :D yes
17:55 drawsmcgraw Alternatively, you can *not* set the master and add '--no-deploy' to your salt-cloud command.
17:55 drawsmcgraw Odd....
17:55 bussillis_ it actually starts installing os and everything
17:55 drawsmcgraw Well, I'll call that progress then
17:55 bussillis_ everything works i see salt key
17:55 RandyT iggy: where and how is proper way to execute that?
17:56 ajo__ I am getting an error "Rendering SLS 'base:test4' failed: Conflicting ID 'host_endpoint'"
17:56 jimklo joined #salt
17:56 bussillis_ drawsmcgraw: what does --no-deploy mean?
17:56 bussillis_ what is the purpose for that?
17:56 incnspcus joined #salt
17:56 drawsmcgraw Oh! You actually *want* the new instance to get bootstrapped. Yeah, you totally need that config :P. But the behavior ought to be different if you're missing that config....
17:56 iggy RandyT: it's a module, so... salt 'someminionhavingissues' cp.list_master
17:56 drawsmcgraw That says "Don't bother putting a minion on it. Just create it and walk away"
17:56 mpanetta joined #salt
17:56 drawsmcgraw No key creation, nothing. Just makes the instance. The end.
17:57 knite left #salt
17:57 drawsmcgraw I do it sometimes when I'm just making VMs on our Openstack cluster (easier than alias'ing or remembering long Nova commands)
17:57 RandyT iggy: that module command gives me expected results
17:57 RandyT looking in cache on the minion, it did not, but does now
17:58 incnspcus joined #salt
17:58 iggy RandyT: so are you changing things on the master, looking on the minion and not seeing changes?
17:58 adelcast left #salt
17:59 ajo__ I am getting an error "Rendering SLS 'base:test4' failed: Conflicting ID 'host_endpoint'"  when trying to call file.replace and  file.managed for a same file. Any work around for this problem ?
17:59 RandyT not without running these cache updates manually
17:59 iggy RandyT: because the minions don't sync from the master until they have to (i.e. during a highstate/etc)
17:59 adelcast joined #salt
17:59 beardede_ joined #salt
17:59 iggy ajo__: yes, give them different IDs
17:59 RandyT iggy: I have a highstate that is failing and looking on minion, not seeing files I expect.
17:59 Opti99 iggy: I am in that spot where I have a few state files that have 50% common things that they do, but seperating them into different states to allow them to be shared seems like I am fighting/figuring out the perfect pillar loops vs just being able to call a function. If that makes any sense.
17:59 iggy RandyT: open an issue then
18:00 RandyT iggy: roger that. will see if I can dependably reproduce before creating any more noise.
18:00 ajo__ iggy: I did that too; still same result
18:01 RandyT iggy: how do I run a highstate from the minion side to debug this process?
18:01 iggy Opti99: it depends who you talk to... some people love using jinja to write functions... I'm of the opinion that "here be dragons"
18:01 iggy ajo__: gist the code in question
18:01 iggy RandyT: salt-call -l debug state.highstate
18:01 Gareth Anyone using salt-cloud with Azure?
18:02 ajo__ iggy: host_endpoint:    file.replace:       - name: /etc/icinga2/repository.d/endpoints/{{host}}.conf
18:03 adelcast joined #salt
18:03 ajo__ iggy: the other one : /etc/icinga2/repository.d/endpoints/{{host}}.conf:   file.managed:
18:03 Opti99 iggy: so do you lean towards the module direction then?
18:04 iggy use a different ID for the second one and move the filename to `- name:`
18:04 iggy Opti99: it depends what I'm doing
18:05 iggy Opti99: I've written custom states that were basically "do this extra set of steps, then call this other salt state directly"
18:07 TranquilityBase_ joined #salt
18:08 incnspcus joined #salt
18:08 jeffpatton1971 @gareth I have what's up
18:10 Opti99 iggy: If I am understanding, you have written custom states that did X actions, and then itself called other states to say manage a file, all within that custom state?
18:10 dingo left #salt
18:10 iggy Opti99: the point I was making is depends on what you need to do
18:10 iggy do what works best for you... we won't judge (much)
18:11 ajo__ iggy: now both have different ID's: host1:   file.managed:     - name: /etc/icinga2/repository.d/endpoints/{{host}}.conf  host_endpoint:    file.replace:       - name: /etc/icinga2/repository.d/endpoints/{{host}}.conf
18:11 ajo__ still same error
18:11 ajo__ Data failed to compile: ----------     Rendering SLS 'base:test3' failed: Conflicting ID 'host1'
18:11 ajo__ Data failed to compile: ----------     Rendering SLS 'base:test4' failed: Conflicting ID 'host_endpoint'
18:12 iggy ajo__: your error aside, it doens't make sense to file.managed and file.replace the same file
18:12 iggy the states will constantly show changes
18:15 bart joined #salt
18:15 ajo__ iggy: I have a template file which needs to be used to generate a set of files and here I use the file.manage; but the contents in each file should have the file name also; so file.replace is being used
18:15 larsfronius joined #salt
18:15 bart Hello everyone
18:16 Guest35739 I have been trying to make Salt work with OSX...
18:16 Opti99 iggy: Functionally I am not having issues, but as my state files grow I am attempting to apply the DRY process to them without chopping them up so much that I ruin the readable/flow of what is really happening.
18:16 Guest35739 Has anyone had any luck with installing packages on OSX via Salt ?
18:18 iggy Opti99: yeah... read/watch some of ryan lane's stuff (Specifically his saltconf talk from last year about ordering iirc... he has some good ideas on when to repeat yourself)
18:18 iggy dry is great and all, but it's not the end all
18:19 dthom91 joined #salt
18:22 Opti99 iggy: I will check out Ryan Lane's stuff. Thanks.  Hopefully I am not the only one, but if I am managing 4 differently configured apps and I have the state files split up nicely so I am not repeating myself and everything is looping through nicely, a new app configuration comes along that doesn't fit so I either need to redo my current stucture or I need to stop trying to combine them all and let DRY fly out the window.
18:22 incnspcus joined #salt
18:22 incnspcus joined #salt
18:24 giantlock joined #salt
18:25 hiptobecubic joined #salt
18:26 sbogg joined #salt
18:27 sgargan joined #salt
18:27 murrdoc dry is easy
18:27 * murrdoc smacks iggy with wet towel
18:27 iggy don't listen to him
18:27 iggy my eyes bleed looking at the jinja that's come out of his team
18:29 zero_shane joined #salt
18:30 murrdoc only one jinja file is nasty
18:30 murrdoc yall need to stop witht he haterade
18:32 malinoff joined #salt
18:33 TranquilityBase_ how does one set the top file merging order in /etc/salt/master?  I've been googling around but can't seem to fine the actual option setting
18:33 lasko joined #salt
18:35 murrdoc top file merging ?
18:36 TranquilityBase_ murrdoc: yes, I'd like to get rid of the warning: [salt.state       ][WARNING ][14677] Top file merge strategy set to 'merge' and multiple top files found. Top file merging order is undefined; for better results use 'same' option
18:36 murrdoc lol
18:36 TranquilityBase_ since it is the same file in all environments, I'd just like to set it to use "same"
18:36 * iggy backs away slowly
18:36 murrdoc thats just funny
18:37 murrdoc sorry TranquilityBase_
18:37 murrdoc not your implementation
18:37 murrdoc that warning message is funny
18:37 iggy https://github.com/saltstack/salt/blob/develop/salt/config/__init__.py#L508
18:37 TyrfingMjolnir joined #salt
18:37 murrdoc top_file_merging_strategy: same
18:37 murrdoc in minion conf
18:38 lumtnman joined #salt
18:39 TranquilityBase_ hmm...that's exactly the string I have in both master and minion file (just to be sure).
18:40 iggy did you also set env_order?
18:40 TranquilityBase_ what I'm really trying to get to the bottom of is why my top file is yielding zero states with 2015.8.1 but worked with 2015.8.0
18:40 TranquilityBase_ iggy: no, I didn't
18:40 lumtnman joined #salt
18:41 iggy remove the other top files if they are all the same
18:41 TranquilityBase_ that's probably why the behavior changed or appears random
18:41 TranquilityBase_ iggy, I'd rather not since that will complicate how I'm using git branches...
18:41 TranquilityBase_ (I can do it, I did it before, but I prefer the simplicity of leaving them be if possible)
18:41 iggy put the top file in a separate repo
18:42 hasues joined #salt
18:42 hasues left #salt
18:42 iggy (also, don't use git branches as env's... you'll thank me later)
18:42 TranquilityBase_ iggy: what is your suggested approach?  tags?
18:43 TranquilityBase_ we have a dev->pilot->prod pipeline, with changes promoted by moving from one git branch to another
18:43 iggy honestly, I've tried to use Salt's environments twice and given up both times
18:43 iggy they suck
18:43 iggy but I'll shut up now and hope someone else can help you
18:43 TranquilityBase_ iggy - no argument here.  It's the random behavior change that's giving me grey hair
18:44 Akhter joined #salt
18:45 TranquilityBase_ I'm thinking of giving all my environment's profane names to express my dissatisfaction.
18:46 TranquilityBase_ anyone know what "Could not LazyLoad config.merge" means?
18:46 iggy it's usually safe to ignore (unless of course, you want to use that function)
18:47 TranquilityBase_ does it have to do with merging conf files in minion.d or something?
18:49 Guest35739 I am close to figuring out my problem, if anybody can help me out
18:49 Guest35739 OSX and Salt & PKG
18:49 Guest35739 via Hombrew
18:50 perfectsine joined #salt
18:50 Guest35739 Anyone with experience in this matter ?
18:50 iggy it could, but I don't think it's used much (3 times, mostly in the beacons/flo code it looks like)
18:51 linjan joined #salt
18:51 dthom91 joined #salt
18:52 mpanetta jinja is magic.  Just thought I would throw that out there...
18:52 Sketch annoying, poorly syntaxed magic
18:52 winsalt i dont have osx experience, but have you looked through the homebrew module to see where its messing up?
18:53 mpanetta Sketch: poorly syntaxed hah, yeah makes things look like a bracket monster puked all over everything
18:53 chiui joined #salt
18:53 mpanetta But!  It somehow magically knows how to join and print an arry of tuples...
18:54 Guest35739 Winsalt:  Yes and it's pretty clear where
18:54 Guest35739 Pretty simple "Brew" requires that it runs in "/usr/local/bin/"
18:54 Guest35739 but salt look in "/usr/bin"
18:55 Guest35739 If I do a Symlink Brew refuses to start
18:55 mpanetta whut?  Salt has its execution path hard coded?
18:55 moogyver is there anyway to get the list of jobs that a minion has run? ( besides the log file ).
18:55 ajw0100 joined #salt
18:56 mpanetta salt-run jobs.list I think
18:56 geekatcmu Guest35739: sudo ln -s /usr/local/bin/salt /usr/bin
18:56 pcn Can I configure multiple default event returners on my minions?
18:56 deus_ex joined #salt
18:56 mpanetta geekatcmu: That breaks Brew for them though :(
18:56 * geekatcmu bets it only breaks brew if they do the symlink the other direction
18:56 Guest35739 Geekatcmu: Like I said, symlink don't work, Brew refuses to be started from /usr/bin, it detects that and Exits
18:57 geekatcmu i.e. trying to put salt in /usr/bin, and then symlinking it into /usr/local/bin
18:57 mpanetta Hmm
18:57 Guest35739 strangely enough If i do a simple    "   cmd.run "brew --prefix "
18:57 Guest35739 it fails
18:57 geekatcmu Oh, wait: *salt* is looking for brew in /usr/bin?
18:57 Guest35739 if I do   cmd.run "/usr/local/bin/brew --prefix"
18:57 * geekatcmu totally isn't understanding your problem.
18:57 Guest35739 it works
18:58 Guest35739 yup seems like salt is looking for brew in "/usr/bin" only
18:58 Guest35739 even if cmd.run "echo $PATH"    - >   /usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin
18:58 geekatcmu Right.
18:59 Guest35739 so the PATH environment seems ok, but it can't find it unless I provide a full path
18:59 geekatcmu If you want PATH expansion to work cmd.run has to have shell=True
19:00 geekatcmu because $PATH isn't actually referenced by the salt cmd module.
19:00 Guest35739 oh I see
19:00 Guest35739 in that case my debug practice was bad, but still
19:00 Guest35739 https://github.com/saltstack/salt/blob/develop/salt/modules/brew.py
19:00 aphor joined #salt
19:00 Guest35739 Here you will see that the module is looking for "brew" in "/usr/bin"
19:01 Guest35739 I tried editing that python file locally, without any luck, maybe I'm doing something wrong
19:02 opensource_ninja joined #salt
19:02 Akhter joined #salt
19:02 geekatcmu Guest35739: press the "easy" button: echo -e '#!/bin/sh\nexec /usr/local/bin/brew "$@"" > /usr/bin/brew
19:03 geekatcmu chmod +x /usr/bin/brew
19:03 aphor brew is easy until it's not.
19:04 alaslasasa joined #salt
19:04 aphor If you can also do it with MacPorts, I always prefer that.
19:05 whytewolf Guest35739: care to point out a line that shows that /use/bin/brew is what is being called? cause I don't see it in the file
19:05 whytewolf [not saying it isn't just saying i don't see it]
19:06 dzen left #salt
19:06 TyrfingMjolnir joined #salt
19:09 tatata joined #salt
19:10 tatata Sorry my computer crashed, Im the one with the Brew OSX bug
19:10 whytewolf Guest35739: care to point out a line that shows that /use/bin/brew is what is being called? cause I don't see it in the file
19:10 tatata line 55     https://github.com/saltstack/salt/blob/develop/salt/modules/brew.py
19:10 whytewolf [not saying it isn't just saying i don't see it]
19:10 tatata from what I understand
19:11 whytewolf line 65 = '''
19:11 whytewolf aahah _homebrew_bin
19:12 whytewolf actualy that says that it will get the prefix from brew directly. then append /bin/brew to it
19:12 aphor Anyone want to brainstorm ideas for salt-cloud configuration data persistence?
19:12 tatata fair enough but it's not getting the "brew" command properly then
19:13 tatata if I do a symlink in "/usr/bin" i see in the salt logs that it got the "brew" command, but brew exit because it's not in /usr/local/bin
19:14 tatata So what tells salt to look for brew at a specific location ?
19:14 whytewolf looks like path
19:15 aphor What if salt-cloud configuration were set in pillar data, then whatever the results were get written to grains on the minion, and states can compare the pillar to the grain to see how to converge?
19:15 winsalt if you type "brew --prefix" into the terminal do you get /usr/local?
19:16 tatata yes
19:16 aphor tatata: can you do brew stuff using something like salt 'yrminion' cmd.run brew ha ha ha ?
19:16 tatata no because cmd.run does not get the whole environment unless I do somethign like 'shell = true', not sure, someonw said that earlier
19:17 slav0nic joined #salt
19:17 aphor salt 'yrminion' cmd.run /fully/qualified/path/brew ha ha ha ??
19:18 zmalone I couldn't find an issue for https://groups.google.com/forum/m/#!msg/salt-users/r5aQqnnNayc/TiJ7aVvbTikJ , but it's still broken in 2015.*
19:18 zmalone Does anyone know of an issue for this?
19:18 tatata yes this works If I give the full brew path, but whats the point of salt modules if you can't use it, I could also do everything with custom BASH scripts :-P
19:18 aphor try salt 'yrminion' cmd.run which brew
19:18 ajw0100 joined #salt
19:19 ahmed joined #salt
19:21 aphor tatata: if you can get salt to cmd.run brew, then this is barked ? --> https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.brew.html
19:21 aphor barked ==> b0rked
19:21 dthom91 joined #salt
19:21 zmalone The final response on that thread was "This is broken and we're going to try and fix it" from 2013.
19:21 incnspcus joined #salt
19:21 incnspcus joined #salt
19:22 tatata Aphor: Someone pointed out earlier that the PATH environment is not defined via cmd.run
19:22 tatata so if I do salt 'hostname' cmd.run "which brew"   it fails
19:22 tatata unless I provide full path
19:23 tatata Anyway this is not a solution. It seems like an easy bug to fix, simple path config somewhere making everything crash
19:23 aphor https://docs.saltstack.com/en/latest/ref/states/all/salt.states.cmd.html <-- has example setting PATH in cmd.run env
19:23 nidr0x joined #salt
19:24 tatata Aphor: This will not fix the module, If I want to use "cmd.run" I don't mind giving a full path if needed
19:24 aphor tatata: if it is an easy bug to fix, it might not be an easy issue to create/describe/reduce
19:24 wryfi joined #salt
19:24 tatata I want to be able to use pkg.install
19:24 whytewolf tatata: the module calls cmd.run to run brew so fixing cmd.run fixes brew
19:24 incnspcus joined #salt
19:24 incnspcus joined #salt
19:25 tatata the module calls cmd.run for real ?
19:25 wryfi can i put custom states in gitfs the same way i would put them on a local filesystem?
19:25 aphor modularity?
19:25 whytewolf cmd.run_all
19:25 tatata so adding PATHs to cmd.run
19:25 aphor wryfi: yes, but they don't update the same.
19:25 wryfi aphor: can you elaborate or point me to docs?
19:26 whytewolf tatata: https://github.com/saltstack/salt/blob/develop/salt/modules/brew.py#L70-L73
19:26 aphor wryfi: gitfs pulls ONE designated branch, then you need to make gitfs sync.
19:27 wryfi ok, i think that should be fine
19:27 wryfi thanks
19:27 aphor wryfi: https://docs.saltstack.com/en/latest/topics/development/conventions/formulas.html <-- these work just like your own states.
19:27 tatata Whytewolf: Do you think editing to  python_shell=True   ?
19:28 tatata I'm not sure what to edit*
19:31 whytewolf tatata: I am not sure.
19:31 aphor wryfi: gitfs requires that you commit your changes and possibly merge them into your target environment's favorite branch, then salt-call event.fire_master update salt/fileserver/gitfs/update on the target environment to make the updates to a gitfs state effective.
19:32 wryfi that sounds like a pain
19:32 aphor wryfi: https://docs.saltstack.com/en/latest/topics/tutorials/gitfs.html <-- this is good too
19:32 wryfi i guess i'll write a formula, instead
19:33 aphor wryfi: it's good control for prod, and you can add a git post-receive hook to push to pre-prod automatically. Read the last link.
19:33 tatata Thats a bummer, so close, I want to do the right thing
19:33 lumtnman joined #salt
19:33 tatata Should I edit the "cmd" module to look for "/usr/local/bin" by default
19:34 whytewolf no
19:36 Akhter joined #salt
19:38 DanyC joined #salt
19:39 tatata Where do I file a bug for this then ?  Thank you
19:39 XenophonF left #salt
19:40 whytewolf tatata: https://github.com/saltstack/salt/issues
19:42 RandyT iggy: the issue described earlier is repeatable. I've filed this issue, https://github.com/saltstack/salt/issues/28151
19:42 saltstackbot [#28151]title: minion state filesystem not updating | Not sure if that is an accurate description, but here is what I am seeing:...
19:44 ajw0100_ joined #salt
19:44 zsoftich2 anyone know of a way to get a list of minions matching a targeting expression in a state file?
19:45 flou joined #salt
19:46 flou Just install salt on Mac. However I am not seeing master and minion config in /etc/salt. Anyone know why?
19:48 iggy zsoftich2: mine
19:48 aphor zsoftich2: since minions run the states, you could have them send reactor events when they run the state
19:50 zsoftich2 iggy: do you know off hand if salt['mine.get']() works when doing a salt-run state.orch?
19:50 zsoftich2 I am getting back an empty list...though if I run it from salt-run mine.get I get back the correct results
19:52 aidalgol joined #salt
19:53 dthom91 joined #salt
19:55 wryfi can anyone shed some light on the right way to use require_in with apt repositories?
19:55 wryfi say i have my own apt repo, and i want it deployed globally on all my machines, so i have it in a common state
19:55 wryfi and then some other state installs a package that is in that repo
19:56 wryfi but i don't want to import that entire state in my global state that adds the repo in the first place
19:56 aphor wryfi: https://docs.saltstack.com/en/develop/ref/states/all/salt.states.pkgrepo.html
19:56 bhosmer_ joined #salt
19:56 wryfi i feel like i'm missing something
19:56 wryfi aphor: i've read that, it doesn't answer my qustion
19:57 wryfi the examples in that file all have the repo and the package defined in the same state file
19:57 aphor wryfi: just to separate into a different .sls file?
19:57 wryfi yeah, without importing a whole bunch of other state stuff that i don't want
19:59 Sketch you can define the repo in two different state files, as long as it's defined the same way, and you don't call one state file from the other, they should play nicely together
19:59 Sketch if that's what you want to do, so you can install files from either state file
19:59 nickg left #salt
19:59 Sketch s/files/packages/
20:00 wryfi Sketch: ok, i wasn't sure if that was recommended or not
20:00 wryfi seems not very DRY
20:00 aphor wryfi: people sometimes include different state.sls files conditionally based on OS grains to get different state implementations.
20:01 Sketch you could also move the pkgrepo installation to another state file, and call that from either of the two
20:01 Sketch s/call/include/
20:01 Sketch then it's only defined in one place, but you can make use of it in more than one place
20:02 aphor wryfi: just include {{ os.magicrepo }} and have some jinja magic in map.jinja define os.magicrepo
20:04 RandyT iggy: reported that issue of state files not updating across minions. I'm at a loss as to how to force this to happen.
20:04 wryfi or maybe define the repos in a separate state and then use extend on them
20:04 RandyT Not happening after highstate, restarting minion and master, etc.
20:04 wryfi perhaps that is the right anser
20:04 s_kunk joined #salt
20:05 aphor wryfi: extend sounds like a winner for your case. Go for it.
20:06 aphor RandyT: maybe you got stale cache?
20:07 aphor RandyT: https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.saltutil.html
20:07 Akhter joined #salt
20:08 whytewolf zsoftich2: if you have 2015.5.6 or 2015.8.1 you should be able to use salt['saltutil.runner'] to run mine.get, but before that you will get fun errors
20:08 RandyT aphor: I've run clear_cache on master which does in fact clear the master cache. no update on minion though
20:09 RandyT aphor: unless it has some problem with the filename application.sls
20:10 aphor RandyT: if you clear the affected minions' cache, they will need to re-load/render the application.sls state file or they can't run it.
20:12 aphor RandyT: there *is* a warning about being safer to stop the minion, delete all the cache files, then start the minion back up again.
20:14 dthom911 joined #salt
20:14 RandyT aphor: reported this issue earlier to describe what I am seeing: https://github.com/saltstack/salt/issues/28151
20:14 saltstackbot [#28151]title: minion state filesystem not updating | Not sure if that is an accurate description, but here is what I am seeing:...
20:16 RandyT aphor: and after removing all cache files on minion and then restarting, it pulls every file on master state except this file...
20:17 aphor RandyT: maybe search for other issues with minion caching and mention them in comments? It might help if we're killing multiple birds with one stone, and maybe you'll find a workaround if not a fix.
20:19 RandyT aphor: will do
20:23 chiui joined #salt
20:24 kitplumm_ joined #salt
20:25 breakingmatter joined #salt
20:31 cilkay joined #salt
20:32 moeyebus joined #salt
20:32 moeyebus joined #salt
20:36 cornfeedhobo hello, i am running into a problem that i cant figure out. I am on a new VM, testing out salt, and i haven't created any states, but started this time by creating `/srv/salt/_modules/foo.py` and trying to get the minion to run it locally (`salt-call --local foo.bar`) but everytime, i am told that the "module is not available". i have run saltutil.sync_all dozens of times, but that seems useless
20:37 RandyT question: when loading things like boto on minions, what is best practice? using pip, or using distro packages?
20:37 sgargan cornfeedhobo: try putting the _modules in your roots
20:37 zsoftich2 whytewolf: I'll give that a try...essentially what I am trying to do is run an orchestration that will do x, y, z on all nodes of a specific type one node at a time
20:39 |Fiber^| joined #salt
20:39 adelcast left #salt
20:39 adelcast joined #salt
20:43 papertigers anyone here managing python virtualenv's with salt?  If so is there an easy way to execute a cmd in a virtualenv
20:43 adelcast joined #salt
20:43 cornfeedhobo sgargan: that is where it is :-/
20:44 cornfeedhobo in /srv/salt/_modules (and file_roots is set accordingly)
20:44 dthom91 joined #salt
20:44 sgargan and how do you have the roots configured in your master config?
20:44 adelcast joined #salt
20:45 dthom91 joined #salt
20:45 cornfeedhobo sgargan: this is in a virtualbox vm for testing. so `file_client: local` and no master
20:45 edulix joined #salt
20:45 pratikmallya joined #salt
20:45 cornfeedhobo papertigers: if i recall correctly, as long as you execute from the python within the virtualenv, everything will be loaded relative to it's location.
20:46 papertigers cornfeedhobo: thats my thinking as well.  That should be doable
20:46 papertigers thanks
20:46 cornfeedhobo papertigers: np
20:46 pratikma_ joined #salt
20:47 Corey Is there a not-ridiculous way to assign pillar values to nodes depending upon the node's AWS tags?
20:48 Ryan_Lane Corey: why pillar values?
20:48 Ryan_Lane you could write an external pillar to do so
20:49 Ryan_Lane RandyT: definitely don't use the system packes
20:49 Ryan_Lane RandyT: they're old as shit
20:49 Ryan_Lane you need a pretty recent boto for most of the modules
20:49 cornfeedhobo sgargan: um, so it turns out i had missed some step or somethnig. works now
20:49 Ryan_Lane either use pip or find a PPA
20:49 RandyT Ryan_Lane: thank you
20:49 Ryan_Lane yw
20:49 sgargan glad you worked it out
20:49 Ryan_Lane also, you may want to start including boto3, too :)
20:50 sastorsl_ Can cmd.run/cmd.wait take an input parameter, i.e. "/bin/myscript foo" ?
20:50 Ryan_Lane since soon some new modules will require it
20:50 mehakkahlon joined #salt
20:50 RandyT Ryan_Lane: roger
20:51 sastorsl_ never mind...
20:52 sastorsl_ 11pm over here, it's really to late to make changes to code..
20:52 rbjorklin joined #salt
20:53 Akhter joined #salt
20:55 wendall911 left #salt
20:58 wendall911 joined #salt
21:00 keimlink joined #salt
21:00 ajw0100 joined #salt
21:01 iggy zsoftich2: I want to say there's a way with the runner module? nfc really
21:01 iggy RandyT: did you try saltutil.clear_cache?
21:03 rim-k joined #salt
21:03 hasues joined #salt
21:04 hasues left #salt
21:04 moloney joined #salt
21:05 Rumbles joined #salt
21:06 moloney I just noticed that /var/cache/salt/master is world readable. Including any files pushed with cp.push.  This seems like a big security issue...
21:10 iggy cp.push isn't known to be a secure means of transferring files
21:10 aparsons joined #salt
21:10 adelcast joined #salt
21:12 moloney iggy: Seems there should be a big bold statement about how anything you push will be world readable.  Or better yet, just lock down the permissions on that directory
21:13 mehakkahlon joined #salt
21:14 mehakkahlon joined #salt
21:17 moloney iggy: The current warning is extremely vague, just saying it is a potential security issue since minions can push files to the master. I can imagine you could do a DOS attack by pushing tons of data or something.  I wouldn't have guessed that everything pushed becomes world readable on the master.
21:19 baweaver joined #salt
21:19 geekatcmu Generally speaking, you should pretty much treat your salt master as if it has the keys of the kingdom, and *assume* that anyone with access to it has access to everything.
21:19 mpanetta joined #salt
21:20 subsignal joined #salt
21:20 iggy and that anyone with root (or whatever user your minions run as) has pretty high priviledge as well
21:20 geekatcmu That said, I suspect that you could trivially "chmod 700 /var/cache/salt/master" and move one.
21:20 geekatcmu s/one/one/
21:21 * geekatcmu facepalm
21:21 geekatcmu s/one/on/
21:21 moloney geekatcmu:  good security requires layers, you shouldn't just assume that some lower layer is 100% secure and thus we don't need to think about security at higher layers
21:22 geekatcmu yes, it's called "defense in depth".
21:22 geekatcmu I'm well aware of it.
21:22 RandyT iggy: yes, tried saltutil.clear_cache and it does clear cache on master... but no effect on missing file on minion
21:22 mehakkahlon joined #salt
21:22 kinetic joined #salt
21:23 iggy weird, saltutil is stuff that usually runs on the minion
21:23 moloney iggy:  Of course root (or the user for minions) has high priviledge.  I am talking about a completely unpriviledged user on the master node.
21:23 geekatcmu "defense in depth" also generally starts with, "no one has the capability of logging into $SERVER unless they actually need that".
21:24 iggy yeah, I get that you think it's an issue
21:25 geekatcmu So, lock down permissions on there, ensure selinux/apparmor is running and configured correctly, ensure login access is restricted ... basically, do all the stuff you would do for any other server about which you care about the security.
21:26 moloney geekatcmu: are you really arguing that individual projects shouldn't be responsible for applying sane file/directory permissions to stuff they control?
21:27 geekatcmu Nope.
21:27 TranquilityBase_ Sigh.   Looks like 2015.8.1 no longer respects external pillars for top.sls compound matches. :-/  https://github.com/saltstack/salt/issues/28156
21:27 saltstackbot [#28156]title: top file now broken with 2015.8.1 | The following top file used to work on all salt versions 2015.8.0 and earlier, but has broken with 2015.8.1....
21:27 geekatcmu They should.
21:27 TranquilityBase_ that's one day of life I won't get back.  Grrr.
21:27 geekatcmu And you should open a ticket to have that addressed (this is not the forum in which that can/should happen)
21:28 geekatcmu That said, if you care about security, you also can't trust that anything is secure, and should be auditing/fixing everything.
21:28 moloney geekatcmu:  I am going to open an issue on github now
21:28 RandyT iggy: running saltutil.clear_cache on the minion does clear the local cache, but even after running highstate on teh same minion, it fails to populate the directory with 2 out of the 3 files that are on the master
21:28 geekatcmu \o/
21:28 moloney geekatcmu:  In a sense I did just audit a part of saltstack ;)
21:29 geekatcmu very good
21:29 geekatcmu keep up the good work.
21:29 iggy RandyT: you've got an issue open, I'd make sure all this info is in that and wait for the devs to look into it
21:29 geekatcmu I'm sure you'll find more spots that can use improvement.
21:29 RandyT iggy: thanks, will do
21:29 beardede_ left #salt
21:30 whytewolf humm.. I just explored that directory on my salt master. not everything is world readable in it. the data.p file for every minion isn't. the job return data for the jid's isn't. alot of data that actually is important isn't
21:31 whytewolf the only data that seems world readable from the salt directory. is freely avalible from any minion anyway
21:32 iggy well, I believe this specifically started with files that were cp.push'ed to the master
21:33 iggy which... seems like a non-issue to me given the warning(s) in the docs
21:33 whytewolf but those files can be read from any minion to begin with
21:33 whytewolf if it is avalible from salt:// it can be read by any minion
21:34 CheKoLyN joined #salt
21:34 moloney whytewolf: I am not concerned with another minion having access. The issue is that any unpriviledged user on the master has access
21:34 aron_kexp joined #salt
21:35 moloney whytewolf: Even if my master node "locked down", I could have an exploit in some service running there.  That service would hopefully be running as a unpriviledged user... but that doesn't help here
21:36 whytewolf moloney: this sounds like a mountain from a mole hill
21:36 whytewolf there are a LOT of if's in your statment
21:37 moloney whytewolf:  Ok, and if your master node allows other users to login and I do all my salt stuff as a priviledged user...
21:37 iggy I'd say open a docs bug that mentions this... I don't think it's a bug
21:37 sgargan joined #salt
21:38 iggy moloney: did you open a bug?
21:39 moloney iggy:  in the process now,  I don't see any downside to changing the default permissions on  /var/cache/salt/master/minions/
21:41 dyasny joined #salt
21:41 moloney Just opened an issue here: https://github.com/saltstack/salt/issues/28157
21:41 saltstackbot [#28157]title: Files pushed to master with cp.push become world readable | The directory /var/cache/salt/master/minions/ is currently world readable, and any files that get pushed there with cp.push end up world readable regardless of their original permissions.  This allows any unprivileged user on the master node to read any of these files, which could be a security issue.
21:43 subsignal joined #salt
21:43 jeffpatton1971 hey I have a question about using grains in a template file, I have this https://gist.github.com/jeffpatton1971/4ccaef2cb4fd14f3d9b2 and when I run it against the minion it removes the thing I wanted added...can someone point out my mistake as i'm not seeing it
21:44 keimlink joined #salt
21:45 kwork joined #salt
21:51 trph joined #salt
21:53 aphor jeffpatton1971: that looks OK. Is that grain available? Does host appear in salt 'myminion' grains.items ?
21:53 jeffpatton1971 @aphor that's how I found it...let me double check though
21:54 alexthegraham joined #salt
21:54 alexthegraham Anyone around an expert on yumpkg module?
21:55 aphor jeffpatton1971: FWIW, I'd match on a role:sshbastion
21:56 aphor or something similar
21:56 alexthegraham Specifically, I'm trying to use module.run pkg.group_install to install a bunch of packages, and the module is returning "------" instead of an error when yum fails to install all specified packages.
21:57 jeffpatton1971 @aphor https://gist.github.com/jeffpatton1971/4ccaef2cb4fd14f3d9b2
21:58 wryfi there seems to be something kind of wrong with salt-master and upstart
21:59 sdm24 jeffpatton1971: I assume you are using file.managed for the template? Do you have "- template: jinja" set in file.managed?
21:59 jeffpatton1971 @sdm24 D'OH!!! it is managed and you know I don't think I do...dammit
21:59 wryfi every time i run a state.highstate on my master, it tries to restart salt-master again, because /sbin/service doesn't say that it's up, while /etc/init.d/salt-master does
21:59 aparsons joined #salt
22:00 jeffpatton1971 ok I added template jinja to my init.sls and still getting that setting removed
22:02 jeffpatton1971 doing a state.apply test=true yields the following https://gist.github.com/jeffpatton1971/4ccaef2cb4fd14f3d9b2
22:02 aphor jeffpatton1971: also, maybe you manually mangled your minion name, or maybe you named it 'myminioin' instead of  'myminion' ?
22:03 jeffpatton1971 @aphor that's me typing over the actual hostname
22:03 zsoftich2 jeffpatton1971: run salt 'myminion*' grains.item host to get the value of grains['host']
22:04 knite joined #salt
22:04 ajw0100 joined #salt
22:04 zsoftich2 *you can
22:05 jeffpatton1971 @zsoftich2 at the bottom of the gist https://gist.github.com/jeffpatton1971/4ccaef2cb4fd14f3d9b2
22:06 cilkay left #salt
22:08 sdm24 jeffpatton1971: while your way should work, you could also try {% if salt[grains.get]('host') == 'myminion' %}
22:09 jeffpatton1971 @sdm24 let me try that right now
22:09 aphor jeffpatton1971: just checkin' ;)
22:10 jeffpatton1971 @aphor fair enough...after all I did type sex yesterday instead of sec...so who knows what I typed?!
22:10 aphor *&^%$#@ SPELLCHECKER!
22:10 aphor @(*#&%&% AUTOCORRECT!
22:11 sdm24 $%@%^ tab complete
22:11 jeffpatton1971 lol
22:12 jeffpatton1971 on the test=true i'm still getting -AllowTCPForwarding yes
22:12 aphor jeffpatton1971: maybe also try making the Jinja conditional != 'something totallyridiculous' to see if it's jinja puking and not the salt.grains ?
22:13 Corey Ryan_Lane: Security, mainly.
22:13 Corey Ryan_Lane: If I target it off of a grain, by changing the grain data on the minion you can expose Pillar data that you shouldn't have access to.
22:14 opensource_ninja joined #salt
22:14 trph joined #salt
22:14 trph joined #salt
22:15 * Ryan_Lane nods
22:16 jeffpatton1971 @aphor so just add some random 2 != 2 ??
22:16 Corey Ryan_Lane: Feature request time? :-)
22:16 aphor jeffpatton1971: and True == True
22:17 alemeno22 joined #salt
22:17 Akhter joined #salt
22:18 aphor jeffpatton1971: the idea here is to make sure your jinja is OK, bifurcate the problem space and eliminate one half to narrow the scope.
22:18 jeffpatton1971 @aphor I tried 2 != 2 and 2 ==2 and am getting the same problem
22:18 Ryan_Lane Corey: doesn't hurt to add an issue. it's not really on my radar, since I'm using masterless
22:18 programmerq left #salt
22:18 jeffpatton1971 i'm down...let me psot the init
22:19 aphor jeffpatton1971: Then no matter what's in the salt.grains, Jinja is not rendering properly.
22:19 jeffpatton1971 @aphor ya...which makes me wonder if this init.sls is right https://gist.github.com/jeffpatton1971/4ccaef2cb4fd14f3d9b2
22:20 jeffpatton1971 @aphor fwiw that's the only jinja in the entire file
22:21 sdm24 jeffpatton1971: what if you use something other than "host", like id or nodename or something
22:21 sdm24 err wait never mind if 2 ==2 didnt work its not a problem there
22:21 jeffpatton1971 @sdm24 i'm down, but...ya exactly
22:23 jeffpatton1971 @aphor you don't suppose it's something silly...since my template is the same name as the file i'm managing...?
22:23 sdm24 I do that all the time, with jinja in the template, with no issues
22:24 aphor https://gist.github.com/aphor/87caccd07a92f11c5d56 <-- this is my style
22:24 jeffpatton1971 renamed no change
22:24 aphor change the source file to something.jinja to make it EXPLICIT (enough for a drunk me to recognize ;))
22:25 jeffpatton1971 @aphor I actually like that and may start doing that so we know it's a template
22:25 sdm24 jeffpatton1971: another idea is at the top of your template, have {% set var = salt['grains.get']('host') %}. and then further down {% if var == 'myminion %}
22:25 jeffpatton1971 lol...I did sshd_config.template
22:25 jeffpatton1971 @sdm24 ok
22:26 jeffpatton1971 no dice
22:26 aphor +1 for sdm24 suggestion, but up the ante and include a map.jinja at the top of your jinja templates, and define all your var(s) there.
22:27 jeffpatton1971 ZOMG it's getting complicated...lol
22:28 jeffpatton1971 what does that look like?
22:28 aphor jeffpatton1971: map.jinja style will pay off when you need to split up stuff into multiple state files and keep sanity between them.
22:28 aphor https://docs.saltstack.com/en/latest/topics/best_practices.html
22:29 sdm24 jeffpatton1971: I copied your init.sls and everything, and it worked for me : /
22:29 * jeffpatton1971 shaking tiny fists of fury
22:29 aphor jeffpatton1971: I think something is wrong with your jinja.
22:30 aphor jeffpatton1971: can you use pip to make sure it's up to date?
22:30 jeffpatton1971 ok...I think today jinja 1 jeff 0
22:30 jeffpatton1971 is it just pip update jinja
22:30 aphor you know the best way to find that out...
22:30 aphor ;)
22:30 jeffpatton1971 you know what...i'm going to put this down and come back to it tomorrow
22:31 jeffpatton1971 and yes
22:31 aphor MILLER TIME!
22:31 sdm24 https://gist.github.com/anonymous/adac6009232c2cb2e806
22:31 bfoxwell joined #salt
22:31 jeffpatton1971 I think i'm just trying to do too much all at once and need to lay back and hope my royals hold out
22:31 sdm24 that worked for me
22:31 sdm24 I want the blue team to win the world series
22:31 jeffpatton1971 lol well both teams are blue so that works for me sdm ;-)
22:32 jeffpatton1971 good luck and thanks all, i'm out and i'll see y'all tomorrow
22:32 sdm24 good luck
22:32 aron_kexp joined #salt
22:33 kitplummer joined #salt
22:34 aphor If SaltStack implemented a pseudo-minion interface for cloud services so that you could use pillars and grains and mine to get cloud configuration data, what would be some "salty" names for those pseudo-minion things?
22:35 aurynn Pirate jokes?
22:35 aphor Shakers?
22:35 sdm24 salt shaker
22:35 sdm24 +1
22:36 aurynn there's the proxy minion interface
22:36 aphor SALT PIG
22:37 aphor http://www.thekitchn.com/10-salt-containers-worth-your-well-salt-shopping-guide-183457
22:37 iggy you could also go the spice route (ala pepper)
22:37 aurynn also yes, I want that stuff, because it's kind of annoyingly hard to get those details while I'm trying to use salt-cloud
22:38 aphor aurynn: I emailed rallytime this morning, and she was so nice to agree to bring that up tomorrow.
22:38 aphor When there's an issue up on GitHub, we can all pile on with +1 comments ;)
22:39 aphor Hopefully salt-cloud will get some redesign soon.
22:40 aurynn yeah, I started writing bootstrap stuff outside of python
22:40 aurynn er, outside salt, in python
22:40 * iggy too
22:40 iggy but that was over a year ago, salt-cloud was still a bit of a stinker
22:41 aphor salt cellar ? http://www.thekitchn.com/gadgetswooden-s-12775
22:41 aphor salt pig ? http://www.thekitchn.com/good-product-salt-pig-106794
22:41 sdm24 himalayan pink salt?
22:41 whytewolf saltpeter
22:42 thalleralexander joined #salt
22:42 aphor need a name for the new minion-ish thing that implements salt-cloud states/grains/mine
22:42 whytewolf kno3
22:43 sdm24 salt cellar could work, since its opposite of the cloud
22:43 aphor :)
22:43 aphor *exactly*
22:44 breakingmatter joined #salt
22:44 aurynn I'm planning on using "vinegar" for a tool for managing salt-ssh rosters and configs and stuff
22:44 aphor https://www.google.com/search?q=salt+pig <-- If you're going to abuse a metaphor BE FUNNY!
22:46 aphor https://www.etsy.com/market/salt_cellar <-- this probably makes more commercial sense though
22:47 aphor and sdm24 is on about the "cloud" irony.
22:47 whytewolf well, I was saying saltpeter cause it is the thing that you add to make things go boom
22:47 aphor saltpeter would be the SaltStack enabled Chaos Monkey.
22:47 aphor OK. I'm done for the day.
22:52 RandyT question: what salt command could I run on minion to get the configured name?
22:53 zsoftich2 joined #salt
22:54 sdm24 like the minion ID? or the hostname?
22:54 RandyT sdm24: minion id
22:54 sdm24 on a minion: "salt-call grains.get id"
22:55 sdm24 or "salt-call --local grains.get id" if it hasn't been connected to a master
22:55 RandyT any way to return the name as a string rather than the formated option?
22:55 bfoxwell joined #salt
22:55 RandyT minus local:\n
22:56 sdm24 if you do that command in a state file, it will remove the local:. I'm not sure how to do it for un-salt objects
22:57 RandyT trying to avoid awk, etc just to get the minion name...
22:57 RandyT where is this value stored?
22:57 whytewolf /etc/salt/minionid
22:58 sdm24 or in /etc/salt/minion as the "id:" field. but minionid is easier, as it only contains the ID value
22:58 whytewolf sorry i meant  /etc/salt/minion_id
23:00 RandyT strange but no /etc/salt/minion_id on this minion...
23:00 RandyT I see it in the minion file..
23:01 whytewolf you could also use --out json to get the data in json and use a json parser from there
23:01 icflournoy joined #salt
23:01 RandyT yeah, just looking for a way to grab this in minimal environment to set route53 ip
23:02 RandyT looks like 'grep id: minion | cut -f2 -d' '' is best I can do...
23:05 tercenya joined #salt
23:05 zsoftich2 iggy: whytewolf so I just ended up doing a custom runner to get my list of minions and pass it in as pillar data to state.sls
23:06 ntropy RandyT: or awk -F' ' '/id/ { print $2 }' /etc/salt/minion
23:06 zsoftich2 from there just jinja to generate the orchestration file
23:07 zsoftich2 basically mine.get and state.orch runners combined
23:08 woodtablet joined #salt
23:09 debian112 joined #salt
23:10 woodtablet hey if i wanted to add an update or change to the salt tutorial, how would i do that ? email or git pull request ?
23:10 woodtablet https://docs.saltstack.com/en/latest/topics/tutorials/minionfs.html
23:10 woodtablet There is a line to try out this command at the very top: salt 'minion-id' cp.push /path/to/the/file. However there is a caveaut that I think should be added, that you can not do this until you enable the feature (file_recv: True)
23:11 woodtablet I guess the Note kinda covers it, but..
23:19 ntropy documentation is in the main salt repo https://github.com/saltstack/salt/blob/develop/doc/topics/tutorials/minionfs.rst
23:22 pratikmallya joined #salt
23:22 woodtablet thanks! and cool handle
23:27 Gareth Ryan_Lane: ping
23:28 Ryan_Lane Gareth: ?
23:29 kermit joined #salt
23:31 Gareth Ryan_Lane: was just reading your blog post about using dev modules in stable, etc.  Does that same principle work for salt-cloud modules?
23:36 Ryan_Lane Gareth: not sure. I don't use salt-cloud
23:36 Ryan_Lane I'm pretty sure salt-cloud isn't modular, though
23:36 Ryan_Lane it relies on core modules
23:38 Gareth that's what I thought.  thanks :0
23:38 Gareth er :)
23:39 zmalone joined #salt
23:40 Ryan_Lane Gareth: to think they wanted me to convert the boto stuff into libraries like salt-cloud. wouldn't be able to treat them like modules like we do :)
23:40 lexter joined #salt
23:40 Ryan_Lane do you use salt-cloud to connect your minions and masters?
23:40 Ryan_Lane we really just need to come up with a generic way of connecting minions in AWS, then it wouldn't be necessary to use salt-cloud at all
23:41 Ryan_Lane all the functionality that exists in salt-cloud exists (and is way better) in the boto modules
23:43 mimianddaniel :q!
23:44 mimianddaniel lol
23:44 mimianddaniel so to my question ...
23:44 kitplummer joined #salt
23:45 mimianddaniel would i be able to capture the jid of the previous command within reactor /
23:46 mimianddaniel currently using returner to capture return/output from the minion.. but was wondering if its possible to caputre that on the master as well
23:47 Gareth Ryan_Lane: I just started using salt-cloud, this particular case I was using it with Azure and needed something in a later verison of Salt.  Still on 2015.5 at the moment.
23:47 mimianddaniel it wouldve been awesome if i could get the JID from event.send or event.fire_master
23:48 Ryan_Lane ah. gotcha
23:49 zmalone joined #salt
23:53 hekken joined #salt
23:53 hekken Hi, I have a simple question, if someone is around
23:56 jondonas joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary