Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2015-10-28

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:01 Phtes ViciousLove: the servers are on the same vpc network
00:01 bfoxwell joined #salt
00:02 mattiasr joined #salt
00:02 dkrae joined #salt
00:03 ViciousLove Ah, i don't know much about ec2...
00:04 Phtes ah, yes in aws you have vpc's basically private networks that your instances live in
00:05 Phtes starting from scratch anyways cause i murdered my last attempt haha
00:07 breakingmatter joined #salt
00:08 msx joined #salt
00:12 bhosmer_ joined #salt
00:24 keimlink_ joined #salt
00:25 tracphil joined #salt
00:31 sunkist joined #salt
00:35 sunkist1 joined #salt
00:37 cpattonj joined #salt
00:39 ze- joined #salt
00:42 izibi joined #salt
00:48 okfine joined #salt
00:58 subsignal joined #salt
01:06 alemeno22 joined #salt
01:08 breakingmatter joined #salt
01:08 alexanderilyin joined #salt
01:15 msx joined #salt
01:16 clintberry joined #salt
01:18 _ikke_ joined #salt
01:20 tracphil joined #salt
01:23 mansquid joined #salt
01:28 hackel joined #salt
01:30 openfly joined #salt
01:36 mapu joined #salt
01:39 quix joined #salt
01:45 pravka joined #salt
01:46 bougie2 joined #salt
01:46 clintberry joined #salt
01:54 DammitJim joined #salt
01:54 fsteinel_ joined #salt
01:55 dyasny joined #salt
02:04 andrej joined #salt
02:04 andrej hi all ...
02:05 mohae joined #salt
02:05 msx joined #salt
02:06 andrej I seem to have forgotten (didn't need it in ages) how to find out which part of a jinja template processing barfs on me. I retrieve a value from the mine for most minions salt knows, but rendering fails on one of them because the mine entry is empty. How do I find out which one it is?
02:06 bougie2 joined #salt
02:17 quix joined #salt
02:19 dalibro joined #salt
02:20 alexlist_ joined #salt
02:23 rideh joined #salt
02:25 dthom91 joined #salt
02:30 favadi joined #salt
02:35 tracphil joined #salt
02:45 msx joined #salt
02:47 dyasny joined #salt
02:59 malinoff joined #salt
02:59 fsteinel joined #salt
03:08 ^C why does mine.get return a different set of results on different nodes?
03:08 ^C (and an incomplete set, at that)
03:09 jasonrm joined #salt
03:09 breakingmatter joined #salt
03:11 falenn joined #salt
03:14 dthom91 joined #salt
03:15 sunkist joined #salt
03:17 Brew joined #salt
03:18 tmclaugh[work] joined #salt
03:19 quix joined #salt
03:23 ^C hmmm...
03:24 ^C just not getting the right results calling saltutil.runner mine.get from inside a pillar
03:25 ^C even after mine.flush...
03:25 ^C command works from cli, not from pillar
03:29 qman__ joined #salt
03:35 racooper joined #salt
03:48 pcn ^C: mine results are governed IIRC by minion cache settings
03:52 ^C pcn: i'll have a look at those... kinda not sure how to achieve dynamic configs/pillars without mine working properly :(
03:59 solidsnack joined #salt
04:01 _JZ_ joined #salt
04:02 ViciousL1ve joined #salt
04:07 babilen joined #salt
04:14 bhosmer_ joined #salt
04:14 rdas joined #salt
04:19 armguy joined #salt
04:19 mattiasr joined #salt
04:20 subsignal joined #salt
04:21 perfectsine joined #salt
04:21 ITChap joined #salt
04:30 rbjorklin joined #salt
04:32 ^C .... worked out what the problem is
04:32 ^C i'm using a multi-master / syndic setup
04:33 ^C each master stores data on the minions it knows about
04:33 ^C so depending on where yours asking for mine.get, the dataset is different
04:35 evle joined #salt
04:36 anmol joined #salt
04:36 anmolb joined #salt
04:36 ^C in my case, i'm running a formula on my syndic, expecting to mine.get data about the syndics minions, but its asking master master for mine.get, which doesnt know about them
04:37 ^C looks like its a feature due to be added: https://github.com/saltstack/salt/issues/27446
04:38 ramteid joined #salt
04:38 ^C just gotta work out a way around this for now
04:39 whytewolf ^C mines and any type of multi-master is a crap shoot currently.. I did hear at a meetup not to long ago that they are compleatly reworking the master setup. that will get rid of syndic. as well as rework how multimaster works. but they didn't go into detail
04:41 ^C whytewolf: yeah, not suprised, pity theres no eta on it (or work around for that matter)
04:41 ^C the idea of rsync'ing pki directories, (and cache directories?) makes me shudder
04:43 whytewolf yeah
04:50 mehakkahlon joined #salt
04:52 moogyver the syndics aren't terrible and in general you don't have to rsync keys unless you're having minions connect to two different masters.  and if they're local, you can always do that via an nfs share or some other type of storage.
04:53 mehakkah_ joined #salt
04:54 ^C it'd be less of an issue for me if i wasnt using running other formulas on the syndic itself
04:54 ^C if say, i moved the new functionality to a syndic child minion, the problem would go away
04:55 ^C just wondering now if i can get away with a single master, and hope the NAT'ing into that network will suffice for minion <-> master connection
04:55 jalbretsen joined #salt
04:55 moogyver depends on how many minions you plan on scaling to
04:56 moogyver and what type of load you'd be putting on the master in terms of jobs
04:56 ^C probably no more than 20-30 per cluster
04:57 ^C should be alright
04:57 hoonetorg joined #salt
04:57 moogyver biggest issue would be HA then.  master goes boom and you're SOL unless you're doing some type of HA
05:00 zmalone joined #salt
05:01 moogyver why are you having to run a syndic for 20/30 minions anyways?
05:10 alexanderilyin joined #salt
05:10 breakingmatter joined #salt
05:11 n8n joined #salt
05:26 DanyC joined #salt
05:27 Shirkdog_ joined #salt
05:27 stevej joined #salt
05:32 NV joined #salt
05:35 catpig joined #salt
05:37 openfly joined #salt
05:37 choke joined #salt
05:43 cro joined #salt
05:43 jaguar_ joined #salt
05:44 favadi joined #salt
05:48 ajw0100 joined #salt
05:52 malinoff joined #salt
06:00 impi joined #salt
06:05 kinetic joined #salt
06:12 DanyC all, what is the difference between file.managed and file: \n managed: ?
06:19 whytewolf DanyC: Technical difference? nothing. it is all style difference. now that being said. file.managed over file:\n managed: looks cleaner. as is more in line with the way that the cli works with module.function in exacution modules.
06:20 DanyC whytewolf: yes i was asking from technical diff angle. Good to know no difference :) much thanks
06:21 subsignal joined #salt
06:22 iggy file.managed also the recommended way in the docs
06:27 rdas joined #salt
06:32 whytewolf DanyC: https://docs.saltstack.com/en/latest/topics/development/conventions/formulas.html#use-module-function-notation
06:33 DanyC whytewolf: iggy much thanks
06:36 DanyC another question (trying to clear all unknowns in my head): so in the example https://docs.saltstack.com/en/latest/ref/states/all/salt.states.file.html there is template: jinja while on 2nd example it isn't. What does template: jinja do?
06:38 DanyC i found the answer ...._The named templating engine will be used to render the appended-to file. Defaults to jinja_
06:42 clintberry joined #salt
06:53 felskrone joined #salt
06:55 felskrone1 joined #salt
06:56 ubikite joined #salt
06:57 ubikite joined #salt
06:57 ubikite joined #salt
06:58 ubikite joined #salt
06:58 ubikite joined #salt
06:59 DanyC i've been going through the doc on file.append and i couldn't work out how can i achieve the output as http://hastebin.com/agivetuzuq.vala. Basically i do want to stick the lines before the last line. any ideas?
07:02 kinetic joined #salt
07:05 whytewolf joined #salt
07:07 seweryn joined #salt
07:07 colttt joined #salt
07:08 scoates joined #salt
07:08 katyucha joined #salt
07:11 breakingmatter joined #salt
07:14 kal joined #salt
07:16 DanyC any ideas if someone is still around? thx
07:17 iggy you can't
07:18 iggy file.append isn't meant to be a super powerful tool, it appends some text to a file
07:18 iggy you could maybe leverage file.replace with multiline
07:18 iggy or use file.managed
07:19 sunkist joined #salt
07:20 kawa2014 joined #salt
07:20 ITChap joined #salt
07:21 DanyC iggy: thanks, will give that a try. good day/evening
07:22 subsignal joined #salt
07:23 bVectr too bad there isnt a file.putthisveryspecificlineinaverypreciselocation
07:29 KermitTheFragger joined #salt
07:32 tomjoad440 joined #salt
07:33 ^C isnt that what augeas is for?
07:36 jdesilet joined #salt
07:41 DanyC ^C: didn't know about that module...i could give it a try and i guess will work for my use case however on the flip side, bringing in one extra modules (as is not installed by default) for 1 file sound a bit too much imo
07:43 keimlink joined #salt
07:43 DanyC i believe would have been nice for file.append to have 1 more param like a regex or before/after
07:43 ^C nodnod
07:44 DanyC joined #salt
07:44 ^C augeas can be very powerful tho. never used it in saltstack, but was indispensible in Puppet...
07:46 linjan joined #salt
07:46 solidsnack joined #salt
07:47 ^C you could do conditional stuff based on the actual config contents, not just 'has the hash changed?' stuff...
07:47 lb joined #salt
07:48 malinoff this goes beyond stateful SCM systems
07:50 malinoff you should either control the whole file or avoid touching it at all
07:51 ^C sometimes easier said than done
07:51 ^C (but agreed)
07:52 sunkist1 joined #salt
07:52 malinoff well, deployment is complex thing
07:53 malinoff distributed deploying on uncontrolled hardware is complicated thing
07:53 malinoff s/deploying/deployments/
07:56 ajw0100 joined #salt
07:56 rmnuvg joined #salt
08:00 otter768 joined #salt
08:04 larsfronius joined #salt
08:08 Fiber^ joined #salt
08:08 jhauser joined #salt
08:16 eseyman joined #salt
08:16 zulutango joined #salt
08:17 rdas joined #salt
08:23 zulutango left #salt
08:26 rotbeard joined #salt
08:29 keimlink joined #salt
08:33 jdesilet joined #salt
08:35 OliverUK joined #salt
08:37 rim-k joined #salt
08:45 mr-op5 joined #salt
08:53 edulix joined #salt
09:00 trph joined #salt
09:00 trph joined #salt
09:01 s_kunk joined #salt
09:04 mattiasr joined #salt
09:04 is_null left #salt
09:04 Rumbles joined #salt
09:05 edulix joined #salt
09:08 thalleralexander joined #salt
09:12 Xevian joined #salt
09:12 breakingmatter joined #salt
09:14 mage_ I'm executing a state file on machine A and some services on machine B should be reloaded... any idea how can I do this ?
09:14 rotbeard is there an other way to use event data in a master/syndic setting? I fire an event from my minion with custom data to the masters, on the syndic I can fetch those data with '{{ data['data']['minionip'] }}' but the same does not work on the master. on the masters debug output, I see the event coming in + matching the expected reactor state
09:23 rotbeard ah nevermind, it is '{{ data['data]['data']['minionip'] }}' on the master :>
09:24 subsignal joined #salt
09:25 MadHatter42 joined #salt
09:27 sybix joined #salt
09:30 CeBe joined #salt
09:32 DanyC joined #salt
09:34 DanyC ^C: thanks (will look into augeas more)
09:36 ericof joined #salt
09:39 saltuser joined #salt
09:40 TyrfingMjolnir joined #salt
09:43 saltuser Hi! If I have a pillar like {"pkgs": [{"name": "foo"}, {"name": "bar"}]}. How can I get all the pkgs from there?
09:44 saltuser pillar.item pkgs:name gives only the first one
09:46 jhauser joined #salt
09:54 ingslovak joined #salt
09:56 babilen saltuser: Why do you need "name" in there? Or rather: Why doesn't it look like: {"pkgs": ["foo", "bar", ...]} ?
09:57 saltuser This is just an example of how my external pillar looks like
09:57 babilen Sure it it, but there is no need for "name" if that's all there is
09:57 babilen *it is
09:57 larsfronius joined #salt
09:58 saltuser Ok, i'll change it to {"pkgs": [{"name": "foo", "version": "1"}, {"name": "bar", "version": "2"}]}
09:58 babilen I knew it!
09:59 saltuser :)
09:59 babilen You'll have to loop over that. Something along the lines of "{% for pkg in salt['pillar.get']('pkgs', []) %} .... {{ pkg.name }} ... {{ pkg.version }} .... {% endfor %}" is probably what you are looking for
10:01 larsfron_ joined #salt
10:01 otter768 joined #salt
10:04 saltuser babilen: whoa, thanks :)
10:05 thefish joined #salt
10:05 babilen yw
10:06 tracphil joined #salt
10:07 rdas joined #salt
10:13 jhauser joined #salt
10:25 subsignal joined #salt
10:27 dijit anyone know why salt-call inside kickstart would yield an error 'only root can do that' when mounting filesystems?
10:27 dijit I thought %pre ran as root?
10:27 mohan_ joined #salt
10:28 mohan_ how to unzip a file in windows minion?
10:29 kukacz joined #salt
10:31 MadHatter42 joined #salt
10:33 symphorien joined #salt
10:35 amcorreia joined #salt
10:39 mortis_ joined #salt
10:39 bilal joined #salt
10:42 bilal hello everyone, I am having trouble with configuring networking.sls. My minion node has only one interface so i enabled single interface and specified the interface name but i dont know what to specify in "set_up_script:"
10:43 bilal can someone explain what is the purpose of this variable and what to specify in it. unable to find answer in docs
10:50 dendazen joined #salt
10:51 malinoff_ joined #salt
10:53 dijit bilal: 'set_up_script:" is something somebody has written, it's a variable name.
10:54 dijit probably it contains;
10:54 dijit cmd.run:
10:54 dijit - name: /path/to/script.sh
10:56 edulix joined #salt
10:59 giantlock joined #salt
11:03 bilal okay. Thanks dijit Is there any guide for configuring networking.sls in openstack deployment with salt?
11:04 Grokzen joined #salt
11:05 toanju joined #salt
11:08 toanju joined #salt
11:09 Rumbles joined #salt
11:11 kukacz joined #salt
11:13 breakingmatter joined #salt
11:17 bussillis joined #salt
11:17 martintamare joined #salt
11:17 toanju joined #salt
11:18 andrew_v joined #salt
11:18 favadi joined #salt
11:19 bussillis hello, can somebody explain me how does the "config.get_cloud_config_value('deploy', vm_, __opts__)" function works in salt cloud module, why can't i just retrive just one parameter with this  config.get_cloud_config_value(""option)
11:19 bussillis hello, can somebody explain me how does the "config.get_cloud_config_value('deploy', vm_, __opts__)" function works in salt cloud module, why can't i just retrive just one parameter with this  config.get_cloud_config_value("option")
11:19 bussillis sorry
11:20 martintamare hello there, i'm having an issue with timezone.system on openstack vm : https://gist.github.com/alkivi-sas/0e68141a173b7e6a9927 : any suggestion ?
11:20 rmnuvg joined #salt
11:22 martintamare The issue is related to timedatectl : Failed to create bus connection: No such file or directory
11:22 yidhra_ joined #salt
11:23 martintamare apt-get install dbus fixed the problem
11:23 malinoff joined #salt
11:24 ksj joined #salt
11:25 subsignal joined #salt
11:27 pfallenop joined #salt
11:33 pfalleno1 joined #salt
11:42 edulix joined #salt
11:42 DammitJim joined #salt
11:44 kawa2014 joined #salt
11:45 solidsnack joined #salt
11:48 losh joined #salt
11:49 pfallenop joined #salt
11:49 pfallenop joined #salt
11:56 breakingmatter joined #salt
12:02 otter768 joined #salt
12:15 ldelossa joined #salt
12:16 ldelossa hey guys, I currently have the following file:
12:16 anmol joined #salt
12:16 anmolb joined #salt
12:17 bhosmer_ joined #salt
12:17 cpattonj joined #salt
12:23 dthom91 joined #salt
12:36 falenn joined #salt
12:37 dijit big_area: networking.sls is a custom salt state, maybe you could paste what it contains.
12:37 dijit oh
12:37 dijit he left and I highlighted the wrong person.
12:37 dijit sorry!
12:38 big_area no worries
12:41 node1_ joined #salt
12:41 node1_ Hey guys, is there a way to embed the minion id during the boostrap install of a minion?
12:41 dendazen joined #salt
12:42 quix joined #salt
12:46 dthom91 joined #salt
12:54 cpattonj joined #salt
12:58 thalleralexander hi is it possible to store minion data in a database?
12:58 thalleralexander like accepted keys and stuff
13:01 pguinardco the best practice has been to keep the minion keys directory in sync :(
13:01 thalleralexander hmh ok :/
13:01 pguinardco http://salt.readthedocs.org/en/v0.17.0/topics/tutorials/multimaster.html
13:04 subsignal joined #salt
13:04 toastedpenguin joined #salt
13:05 JDiPierro joined #salt
13:08 toastedpenguin joined #salt
13:08 subsignal joined #salt
13:11 dthom91 joined #salt
13:14 cpowell joined #salt
13:15 furrowedbrow joined #salt
13:16 toastedpenguin joined #salt
13:17 dthom91 joined #salt
13:22 racooper joined #salt
13:25 StolenToast how can I find the version of an installed package and use that in a state?
13:26 quix joined #salt
13:29 babilen pkg.version (execution function)
13:29 babilen StolenToast: What are you trying to achieve?
13:30 StolenToast Serving a different config file to systems with different versions of a package
13:30 StolenToast I need to bin them into one of two versions
13:30 babilen And you don't know a priori which version that system would end up with? It is normally pretty clear which versions are in a specific release.
13:31 babilen (distribution release that is)
13:31 pcn StolenToast: How about two states.  Add an unless version < X in one, and unless version > X in the other
13:31 StolenToast it should be but I am integrating salt into a standing system right now and not everything is handled by me
13:31 pcn Target both.
13:31 StolenToast in the future of course salt will just tell them which one to use
13:32 StolenToast babilen: they systems are the same release, it's some in-house configs having to do with networks and such
13:32 StolenToast and incompatibility in versions, etc.
13:32 StolenToast I hope to resolve this mess in teh future, but right now I gotta be practical
13:32 babilen Well, there are many different approaches on how to deal with this problem, but normally you would know that, say, nginx is 1.2.1-2.2+wheezy3 in wheezy and 1.6.2-5 in jessie. So you would target based on that.
13:33 babilen (for Debian)
13:33 StolenToast pcn's idea seemed straightforward enough
13:33 dabb joined #salt
13:33 StolenToast that's the trick, both cases are running the same centOS 6u5
13:34 StolenToast so really the only reliable way is to test the package version, at least as far as I can tell
13:34 babilen Sure, my understanding of your question was "I want conditionally include one bit or another, which execution function allows me to find out the version of a package?"
13:34 StolenToast yeah
13:34 babilen (hence pkg.version)
13:34 StolenToast I had some trouble getting it to give me useful output but I'll read the docs again
13:35 babilen You could also "tag" all your boxes by version (in a grain for example) and then target different states based on that
13:36 fredvd joined #salt
13:36 babilen But normally you would just tell your minions which version to use rather then adapting your states to their state
13:36 StolenToast pkg.version works better now, I probably just borked it up last time
13:37 StolenToast Yeah I know this is kind of dumb but it's important it gets done soon, I have time to fully integrate salt later
13:37 babilen salt is very much *not* about "If $foo do $bar" rather than "achieve $baz by whatever is necessary"
13:37 babilen sure
13:38 StolenToast last night I was reading about using python subprocs to call yum and set a grain to reflect the version
13:38 amcorreia joined #salt
13:38 StolenToast I think that is the closest I'm gonna get
13:40 pi3r joined #salt
13:40 mehakkahlon joined #salt
13:41 hasues joined #salt
13:43 numkem joined #salt
13:43 hasues left #salt
13:48 martintamare anyone with client_acl working on the master that could help ?
13:49 teryx510 joined #salt
13:50 mapu joined #salt
13:51 jeffpatton1971 joined #salt
13:52 dthom91 joined #salt
13:52 jettero joined #salt
13:52 bhosmer_ joined #salt
13:52 mapu joined #salt
13:53 jettero I'm experimenting with custom grains (_grains/blah.py)... pretty straight forward, but I can't figure out when they execute... when I call grains.get? when I try to match it? every sync?
13:53 DanyC so in the docs it says "salt.states.file.managed(name, source=None, source_hash='', user=None, group=None, mode=None, template=None, makedirs=False, dir_mode=None, context=None, replace=True, defaults=None, env=None, backup='', show_diff=True, create=True, contents=None, contents_pillar=None, contents_grains=None, contents_newline=True, follow_symlinks=True, check_cmd=None, **kwargs)" but where is the require: option? or am i missing s'thing?
13:53 mapu joined #salt
13:54 jettero parent object maybe... most of the state modules have a require
13:58 zmalone joined #salt
14:03 otter768 joined #salt
14:05 _JZ_ joined #salt
14:08 quasiben joined #salt
14:09 linjan joined #salt
14:15 DanyC jettero: thanks, any idea how i can find out the info in the parent object?
14:16 quasiben1 joined #salt
14:16 jettero source diving?
14:16 perfectsine joined #salt
14:16 DanyC jettero: :) sure, but i'm looking from docs side (as this info should be there in first place imo)
14:17 jettero I'm sure it is, ... somewhere
14:17 jettero They have a LOT of docs.  I find it hard to figure out trivial things like: when do custom grains get invoked
14:17 giantlock joined #salt
14:17 jettero I'm sure the docs are there somewhere, but I can't find it using google
14:18 DanyC jettero: i am in same situation ..
14:19 numkem joined #salt
14:22 mpanetta joined #salt
14:28 ipmb joined #salt
14:32 teebes joined #salt
14:38 Akhter joined #salt
14:38 pi3r I have a custom function that I call with salt.function inside an orchestration yaml file.
14:40 kawa2014 joined #salt
14:41 jettero another thing I'd like to figure out (and Google's not helping) is how to target hosts that don't have a value for a certain grain
14:42 jettero I managed to get it to work once, but failed to write down what I did
14:42 jettero G@blah:None or something like that.
14:42 pi3r The call to the orchestration is done with salt-run with a specific user. But the returner has lost that information (the user who issue the command). How can I get it back ?
14:44 bhosmer_ joined #salt
14:45 Heartsbane joined #salt
14:45 Heartsbane joined #salt
14:49 linjan joined #salt
14:53 toabi joined #salt
14:53 edulix joined #salt
14:56 winsalt joined #salt
14:56 jcockhren any saltstack user that uses vagrant should make some noise. This unblocks you -> https://github.com/mitchellh/vagrant/pull/6382
14:57 debian112 joined #salt
14:58 rotbeard jettero, something like "salt -C '* and not G@blah"?
14:59 jettero I think the '* and' is implied...
14:59 jettero I don't think not @Gblah works though.  Checking
14:59 jettero G@
14:59 andrew_v joined #salt
15:01 babilen jcockhren: /me is waiting patiently
15:01 kinetic joined #salt
15:02 jcockhren babilen: thanks!
15:02 stickman joined #salt
15:03 jettero rotbeard: yeah, no joy
15:03 clintberry joined #salt
15:03 rotbeard ah sorry, my fault
15:04 mortis_ too bad theres no salt at oscon or velocity in amsterdam
15:04 intr1nsic joined #salt
15:08 KingJ joined #salt
15:08 DammitJim joined #salt
15:10 thefish joined #salt
15:11 Fiber^ joined #salt
15:12 sdm24 joined #salt
15:13 RedundancyD joined #salt
15:15 dthom91 joined #salt
15:15 cyborg-one joined #salt
15:20 Puckel_ joined #salt
15:20 pmcnabb joined #salt
15:21 aron_kexp joined #salt
15:21 malinoff joined #salt
15:23 zsoftich2 joined #salt
15:23 tmclaugh[work] joined #salt
15:27 jdubski joined #salt
15:34 orion___ joined #salt
15:35 Gareth o/
15:36 ashutoshn joined #salt
15:37 zerthimon joined #salt
15:37 zot joined #salt
15:38 irctc179 joined #salt
15:39 ageorgop joined #salt
15:39 zot hi! i've been having trouble finding this in docs/google: if I have 3 remote exec commands, sing, dance, juggle - can I specify an arbitrary subsequent execution order with a single cli/http call? meaning that salt manages the sing, wait until done, juggle, wait, dance, wait, return array of results?
15:39 irctc179 Hi guys, I have modified the chocolatey module in salt for some tests but I don't know why my minion is still using the old version. I tried to saltutil.refresh_modules but it does not work. Did I miss something?
15:40 Guest63765 left #salt
15:40 dfinn joined #salt
15:42 clintberry joined #salt
15:44 is_null joined #salt
15:44 is_null hi all, any idea why such warning and error would happen with `salt-key` in an ubuntu 15.04 container which is in an openstack VM ? Warn: Linux kernel reports no Time Stamp Counter (TSC). Floating point exception (core dumped)
15:46 mapu joined #salt
15:46 bhosmer_ joined #salt
15:47 subsignal joined #salt
15:47 zerthimon joined #salt
15:51 alemeno22 joined #salt
15:51 jeffpatton1971 using ssh_auth state, i'm having a problem with a user who changed their ssh key, salt doesn't appear to update it, if it's changed. Is there a --no-really-overwrite-the-key switch? ;-)
15:51 jeffpatton1971 or must i do an ssh_auth.absent first?
15:57 Brew joined #salt
15:57 amcorreia joined #salt
16:00 conan_the_destro joined #salt
16:00 meye1677 joined #salt
16:02 troyready joined #salt
16:02 ajw0100 joined #salt
16:02 breakingmatter joined #salt
16:04 otter768 joined #salt
16:04 khaije1 joined #salt
16:05 khaije1 Hoping for some help getting started understanding this error running a 'mysql_user.present' state for root: "Comment: MySQL Error 1054: Unknown column 'plugin' in 'where clause'"
16:05 khaije1 that ring a bell w/ anyone, any notions on resolving it?
16:05 rmnuvg joined #salt
16:09 kinetic joined #salt
16:10 williamthekid joined #salt
16:12 jalbretsen joined #salt
16:15 baweaver joined #salt
16:18 pi3r /ignore #xkcd-signal joins,parts,crap
16:18 pi3r
16:19 seweryn2 joined #salt
16:19 eseyman joined #salt
16:20 zerthimon joined #salt
16:20 whytewolf khaije1: the only place where plugin is used in a where clause, is when checking if the user exists, if both passwordless and unix_socket are used it will check for the plugin unix_socket
16:20 ashutoshn joined #salt
16:21 ashutoshn Hi folks is there any upcoming webinar
16:21 whytewolf khaije1: https://github.com/saltstack/salt/blob/develop/salt/modules/mysql.py#L1072-L1075
16:23 sbogg joined #salt
16:25 whytewolf khaije1: one thing you might want to check is that your mysql database is setup correctly. I know my mysql.user table has a plugin collumn
16:25 Akhter joined #salt
16:26 pi3r joined #salt
16:28 whytewolf khaije1: humm, looks like that collumn was added somewhere between 5.1 and 5.5
16:28 pi3r joined #salt
16:30 orionx_ joined #salt
16:32 aparsons joined #salt
16:35 otter768 joined #salt
16:35 Brew joined #salt
16:43 bhosmer_ joined #salt
16:43 ashutoshn What could be the best approach for installing drupal app using salt
16:43 baweaver joined #salt
16:44 KingJ joined #salt
16:45 writtenoff joined #salt
16:45 danlsgiga joined #salt
16:46 sdm24 ashutoshn: I'm not sure how up to date it is, but https://github.com/saltstack-formulas/drupal-formula might be your best bet
16:46 ashutoshn @sdm24 thanks. Let me try it out
16:48 whytewolf ashutoshn: if that isn't to your liking you could compose something with https://docs.saltstack.com/en/latest/ref/states/all/salt.states.composer.html & https://www.drupal.org/node/2404989
16:49 ashutoshn Sure.
16:51 Rumbles joined #salt
16:52 ajw0100 joined #salt
16:53 ashutoshn whytewolf if there is a depending recipe will composer take care of this
16:53 breakingmatter joined #salt
16:53 wnkz joined #salt
16:54 whytewolf ashutoshn: I couldn't say. although composer is supposed to be pretty good for deploying systems like that. so it should handle a lot of the details.
16:55 ashutoshn whytewolf: OK
16:55 mehakkahlon joined #salt
17:00 rotbeard does file.blockreplace (or salt in general) support wildcard destination paths?
17:00 kinetic joined #salt
17:00 statik joined #salt
17:01 statik joined #salt
17:02 giantlock joined #salt
17:04 khaije1 whytewolf: thanks for that clarifying context, that is the case I'll see if I can either upgrade MySQL or adjust the state to avoid it.
17:05 wnkz joined #salt
17:06 khaije1 Since the snippet you referenced is in 'develop' I'll open an issue to include a version check, or to check for plugins using 'show plugins' (IIRC)
17:06 danlsgiga hey guys... can I have my pillar top.sls in one git repo and my pillars .sls files in another repo all referenced to the base environment?
17:10 murrdoc joined #salt
17:11 kavakava joined #salt
17:11 ThomasJ joined #salt
17:11 statik anyone run into problems with the mysql-formula not restarting mysqld after applying config changes to my.cnf (via pillar data)?
17:13 ajw0100 joined #salt
17:14 zot joined #salt
17:14 baweaver joined #salt
17:15 khaije1 err, nevermind, my github creds are unavailable at  the moment
17:15 jalbretsen YIPPE!!  Installing RVM state works much much better now!
17:16 toabi left #salt
17:23 colegatron joined #salt
17:26 ldelossa joined #salt
17:26 ldelossa Hey guys, is there a way to delete a key by fingerprint?
17:26 ldelossa I have two keys with the same name
17:26 ldelossa by accident
17:26 ldelossa and I want to delete only the one with the finger print I know is incorrect
17:26 hasue1 joined #salt
17:26 hasue1 left #salt
17:27 dthom91 joined #salt
17:30 tmclaugh[work]_ joined #salt
17:30 khaije1 ldelossa: https://docs.saltstack.com/en/latest/ref/states/all/salt.states.ssh_auth.html#salt.states.ssh_auth.absent is one solution
17:31 murrdoc joined #salt
17:31 ldelossa How would I run that
17:31 ldelossa local on the minion?
17:31 khaije1 even if it's a one time thing you can trigger the state imperatively by using the state.single function as: salt-ssh 'TARGET' state.single ssh_auth.absent "keytext"
17:32 ldelossa even if the ssh key wasn't accepted?
17:32 khaije1 ldelossa: I may have misunderstood, are you talking about minion keys or ssh keys?
17:33 ldelossa Minion key
17:33 khaije1 oh!
17:33 ldelossa so if I do salt-key
17:33 ldelossa I have one accepted client01p
17:33 ldelossa and one denied client01p
17:33 ldelossa because I accidently started up another minion
17:33 ldelossa with the same ID
17:33 ldelossa so now if I try to remoe it with salt-key -d - it picks BOTH client01p minion keys
17:34 ldelossa remove*
17:34 khaije1 that I'm not immediately sure about
17:34 ldelossa I need one
17:34 * khaije1 reads the wheel state for clues
17:34 khaije1 OK, right ... https://salt.readthedocs.org/en/v0.17.1/ref/wheel/all/salt.wheel.key.html#salt.wheel.key.finger
17:35 khaije1 you can likely find more recent documentation but I reckon it works just the same
17:35 ldelossa do this on minion?
17:35 kinetic joined #salt
17:36 khaije1 if you can to remove a minion key, it would only really be relevant on the master, no?
17:36 oznah joined #salt
17:36 khaije1 s/can/want/
17:36 ldelossa That's what I'm thinking, but this still only allows me to delete keys via client name
17:36 ldelossa not the fingerprint
17:36 bussillis joined #salt
17:37 bussillis uys i ge tthis error [ERROR   ] Failed to create VM somename. Configuration value 'provider' needs to be set
17:37 bussillis however i have it set, clear and simple
17:38 bussillis my-profile:     location: los/dev     provider: my-provider
17:38 bussillis any idea what could be wrong
17:38 bussillis ?
17:39 bussillis it is all in my personal module..
17:39 bussillis but it gets all other parameters fine
17:39 kinetic joined #salt
17:39 bussillis anyone alive here?
17:40 Eugene DEAD
17:41 bussillis :)
17:41 breakingmatter joined #salt
17:41 bussillis Eugene: are you from France/Austria?
17:41 Eugene Patience is a virtue. I've absolutely no idea about your question
17:41 Eugene US and A, second-greatest country in all of world, behind Kazakhstan.
17:42 bussillis ah i connect through UMTS modem in my pc and it drops always so.. maybe somebody answeres me but i don't see
17:42 Eugene Nope, it's just a slow day
17:43 bussillis :D
17:43 bussillis hhaha
17:43 bussillis Algeria?
17:43 bussillis Eugen?
17:43 bussillis Eugene
17:43 bussillis ?
17:43 Eugene Family name is Russian; everybody back to great-grandparents has been born in the US
17:43 Eugene I'm from Seattle
17:44 Eugene Anyway.... sounds like you're asking about salt-cloud?
17:44 druonysus joined #salt
17:45 bussillis aha
17:45 bussillis Eugene, i'm from balkans, my cit was buned to the ground once in history by Eugen Savoyski
17:45 bussillis Franch/Austrian general
17:45 Eugene Brutal.
17:45 bussillis an idiot..
17:46 bussillis and once Austria annexed Bosnia few centuries later, they gave the name of one military base "Eugen Savojski" in the center of Sarajevo which was burned down
17:47 bussillis anyway
17:47 bussillis salt-cloud issue
17:47 Eugene Sorry, never used it.
17:47 Eugene But patience is a virtue
17:47 bussillis :D
17:51 tmclaugh[work] joined #salt
17:53 Akhter joined #salt
17:54 ashutoshn left #salt
17:54 zot joined #salt
17:54 tkharju joined #salt
17:54 mirkop_ joined #salt
17:54 teryx510 joined #salt
17:55 mephx joined #salt
17:57 tracphil joined #salt
17:57 tracphil What is the difference between %, %- and -%?
17:58 whytewolf tracphil: http://jinja.pocoo.org/docs/dev/templates/#whitespace-control
17:58 ldelossa Quick question, I want to use a pillar to indicate whether the firewalld or iptables state should be ran, but in order to do this I want determine if the pillar is applied by a value in the grains dictionary
17:58 ldelossa can that be done?
17:58 tracphil Thanks!
18:01 kukacz joined #salt
18:04 ldelossa Ahh, I would put the logic into the pillar state file wouldn't I
18:06 bhosmer_ joined #salt
18:07 danlsgiga Does the git_pillar work the same way as the gitfs? I'm trying to have a top.sls in one repo and the other pillars in another repo but when I try to do a pillar.items it says that the pillar specified in my top.sls was not found
18:08 voileux joined #salt
18:13 tmclaugh[work] joined #salt
18:14 clintberry joined #salt
18:15 Akhter joined #salt
18:16 deedubs joined #salt
18:16 deedubs Is there a way to use the salt-api with a simple server that can not specify a post body?
18:16 baweaver joined #salt
18:17 deedubs f.e. just using query params
18:17 ldelossa Can I run execution modules in a pillar.sls file?
18:18 toastedpenguin from the salt master how do you list available s3 buckets?
18:18 timoguin joined #salt
18:19 k00l joined #salt
18:20 k00l hey gang, can anyone take a min to show mw how i would call a state with cloud functions in it ?
18:21 deedubs toastedpenguin: sudo salt-call s3.get
18:21 PI-Lloyd joined #salt
18:21 hackel joined #salt
18:21 toastedpenguin ah...guess salt-call on a master works the same as on a minion...
18:22 toastedpenguin duh
18:22 toastedpenguin thx
18:22 k00l im looking to spin up a new box from a state so when i execute a command i wont have a minion/target and thats the complaint im reciving back from the system currentlly
18:23 toastedpenguin of course that spits out some ugly traceback
18:23 dthom91 joined #salt
18:23 toastedpenguin so something is not working with my s3 setup apparently
18:25 timoguin_ joined #salt
18:27 zot joined #salt
18:27 k00l anyone have any knowlage in this cloud/state thing ?
18:27 zot left #salt
18:29 whytewolf k00l. target the master?
18:29 rm_jorge joined #salt
18:30 k00l is that how its done ?
18:30 k00l whytewolf: is that how its done ?
18:31 k00l whytewolf: No minions matched the target. No command was sent.
18:31 iggy that's one way
18:31 whytewolf k00l, been a year since i used the states.cloud state modules. but it makes sense. basicly target the minion you want to exacute the command.
18:31 iggy are you trying to run something on a minion that you are spinning up with salt-cloud?
18:32 iggy not really following what the actual problem is I guess
18:32 k00l iggy: im just looking for general knowlage on how to run a state that is basiclly a cloud function
18:32 iggy ldelossa: keep in mind they run on the master
18:32 k00l k ill try that guys , thanks !
18:33 k00l how do i target the master ?.. do i need to set its ID simular to the minions in teh config file ?
18:33 whytewolf k00l: the master should be a minion also for that to work like that
18:33 k00l whytewolf: hummm.. never done that before.
18:34 iggy it's the greatest
18:34 terratoma joined #salt
18:34 iggy (and yet so many people don't think/know you can do it)
18:34 whytewolf honestly if you have a minion with all the software to run the cloud commands you could target that one also
18:34 forrest joined #salt
18:35 k00l iggy: anything i can read to help me on my path.. i didnt knwo it would be that helful :)
18:35 whytewolf but yeah. running a minion on the master opens up a whole new world of things you can do
18:35 k00l whytewolf: no its a master.
18:37 whytewolf someone who has time should write an article/blog on getting meta with the master.
18:37 iggy lol, time
18:38 tmclaugh[work]_ joined #salt
18:38 k00l whytewolf: i see, so i just install a minion on teh master box parral to teh master ?
18:38 linjan joined #salt
18:38 orionx joined #salt
18:38 whytewolf k00l: yeap. simple as that
18:39 iggy it's perfectly okay to run a minion on the same box as the master
18:39 k00l and then it will execute commands on teh master as if it were the master ?
18:39 iggy the docs should have that exact line... in multiple places
18:39 k00l yes, ive herd and seen that you can do that .. however, i have not knwo for which reasone that would be a preferd setup
18:40 danlsgiga hey iggy could you please share how are you doing git_pillar in your environment?
18:41 danlsgiga iggy: I'm trying hard here to have my top.sls in one repo and my pillars in another one but it is not working :(
18:41 iggy if it's not working, it's a bug
18:41 iggy (git pillars were completely refactored recently, so wouldn't be suprised if there were some issues)
18:42 danlsgiga iggy: Are you on 2015.8 already?
18:42 iggy no
18:43 bellaweo joined #salt
18:43 iggy and honestly, I don't use gitfs (states or pillars) at $current_job
18:43 Akhter joined #salt
18:45 dendazen Is there a pilar for ip address?
18:45 dendazen of the host
18:47 iggy grains ?
18:47 yyakob joined #salt
18:47 yyakob hey there
18:48 yyakob can someoen pls gimme an advise?\
18:48 tkharju joined #salt
18:49 danlsgiga iggy: ok, np
18:49 dthom91 joined #salt
18:49 orionx joined #salt
18:50 dendazen Thanks.
18:50 yyakob hi there can someone have a look at that pls https://gist.github.com/303db79d72b3a8589ae9.git
18:50 ajw0100 joined #salt
18:51 yyakob sry https://gist.github.com/qubusp/303db79d72b3a8589ae9
18:52 voileux joined #salt
18:52 dendazen so if i have two interfaces https://gist.github.com/dendazen/99e8be2a9be17245ecdb
18:53 dendazen how would I get the items with ip wich starts with 10.
18:53 dendazen assumnig i do not know which interface in OS it is
18:54 iggy yyakob: you should search/open an issue in the salt github, there's not anyone here that can fix bugs with their repo
18:54 yyakob iggy: so the problem is not in me
18:55 tmclaugh[work] joined #salt
18:55 opensource_ninja joined #salt
18:55 s_kunk joined #salt
18:55 iggy dendazen: salt.modules.network.ip_addrs with the cidr arg set
18:55 zsoftich2 https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.network.html
18:55 davedash Hi, does anybody know a way to change permissions on an existing file, via a state?  I ran archive.extracted and now my file is extracted but I want to change permissions preferably without using file.cmd
18:55 iggy yyakob: probably not
18:56 dendazen Thank you.
18:56 Rumbles joined #salt
18:57 iggy davedash: salt.states.file.directory with recurse: True ?
18:57 dendazen "network.interface_ip" is not available.
18:57 dendazen probably have old package
18:57 iggy dendazen: who said interface_ip?
18:58 dendazen in the docs
18:58 dendazen in that network module
18:58 kinetic joined #salt
18:58 zsoftich2 https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.network.html#salt.modules.network.ip_addrs
18:58 zsoftich2 ip_addrs takes cidr
18:58 Corey davedash: Hi. :-)
18:59 davedash Hi Corey
18:59 iggy dendazen: "New in version 2014.7.0." ... if you're using something older than that, you should _really_ think about updating
18:59 davedash iggy: that would work, but I'm extracting this to /usr/local/bin/
18:59 dendazen mine is
18:59 davedash I'm probably going to do cmd.wait
18:59 dendazen salt-master-2014.1.10-4.el6.noarch
19:00 dendazen salt-2014.1.10-4.el6.noarch
19:00 dendazen so yeah.
19:00 dendazen i will have to upgrade salt
19:00 kinetic joined #salt
19:00 iggy and/or use ip_addrs with cidr like 2 people have suggested
19:01 Phtes quick question, in a multi environment config, such as /srv/salt/prod & /srv/salt/dev, do you put the top.sls in /srv/salt/ & a top.sls in each env directory?
19:01 quix joined #salt
19:03 Phtes well heres my file roots config actually
19:03 Phtes http://pastebin.com/ttbVHy9N
19:04 venu0336 joined #salt
19:04 iggy Phtes: I suggest having 1 top.sls if you can get away with it... top merging is a fickle beast
19:04 Phtes iggy will salt detect the top.sls in /mnt/saltstack?
19:04 Phtes even thoug file roots points to the prod and dev folders
19:05 Phtes just isnt very clear in the top file doc on if it stays in that top level dir or not
19:08 tracphil joined #salt
19:08 orionx_ joined #salt
19:10 forrest Just as a heads up guys, https://hacktoberfest.digitalocean.com/ is almost over so if you want to make some PRs prior to the end and need help let me know.
19:10 Phtes bah didnt even know that was going on :(
19:11 forrest Yeah they did a real shitty job of promoting it.
19:12 k00l are there any tutorials or examples of how a state should be written in order to spin a up a resource ?
19:14 forrest k00l, In terms of using salt-cloud or what?
19:14 Phtes k00l: depends on what your using, salt-cloud or boto etc
19:14 k00l use salt cloud to spin up a resource through a state
19:15 Phtes what host
19:15 Phtes aws rackspace etc
19:15 forrest Well the instance is created on the hosting provider, then associated states are applied.
19:15 k00l i found this page https://docs.saltstack.com/en/latest/ref/states/all/salt.states.cloud.html but it dosnt show much by way of detialing out how to even do a basic call
19:15 icflournoy joined #salt
19:15 forrest You need to look at the docs specific to the provider you're using.
19:15 Phtes ^
19:16 Phtes https://docs.saltstack.com/en/latest/topics/cloud/rackspace.html
19:16 Phtes http://salt-cloud.readthedocs.org/en/latest/topics/aws.html
19:16 Phtes errr
19:16 Phtes https://docs.saltstack.com/en/latest/topics/cloud/aws.html
19:16 GrueMaster joined #salt
19:16 bastion1704 joined #salt
19:16 Phtes although if your using aws I've come to prefer the boto module instead
19:17 forrest Yeah Ryan did a good job on those.
19:17 Phtes forrest loving them so easy to use
19:17 Phtes But i'm a salt nub so what do i know
19:17 Phtes :)
19:17 iggy Phtes: it has to be at the root of a dir in file_roots (possibly even in "base")
19:18 Phtes iggy then the doc doesnt make much sense, the exampel shows file_roots similar to what i ahve and a single top file declaring their configs
19:18 Phtes or im reading it wrong (most likely)
19:19 Phtes and i think i am "expand the file roots" probably means append this to it in their context
19:19 bellaweo hello everyone. I have a hopefully quick question. Does anyone have experience with salt-cloud and vmware vcenters? I am using salt-cloud to provision a new vm from a template. I am assuming the new vm will also have the new hostname but the hostname is still the template hostname.
19:19 adelcast1 left #salt
19:20 bellaweo is it expected behavior in vmware with salt-cloud to be able to change the guest hostname? this is ubuntu trusty
19:20 adelcast joined #salt
19:20 voileux joined #salt
19:20 bellaweo i do have open-vm-tools installed in my template
19:20 bellaweo any help appreciated
19:22 statik joined #salt
19:23 rojem joined #salt
19:27 edulix joined #salt
19:27 voileux joined #salt
19:28 tanta_g joined #salt
19:32 k00l Phtes: those examples are now showing me how to run a state that will call cloud resources.
19:32 Phtes theres a section on launching resources
19:37 dimeshake joined #salt
19:37 voileux joined #salt
19:37 andrej joined #salt
19:39 andrej I seem to have forgotten (didn't need it in ages) how to find out which part of a jinja template processing bar
19:39 andrej fs on me. I retrieve a value from the mine for most minions salt knows, but rendering fails on one of them because the m
19:39 andrej ine entry is empty. How do I find out which one it is?
19:46 baweaver joined #salt
19:48 larsfronius joined #salt
19:49 voileux joined #salt
19:51 icflournoy joined #salt
19:51 teryx510 joined #salt
19:54 ViciousL1ve andrej: Your problem doesn't make much sense. Do you need to tell which salt-minion has a problem? If so, why not run highstate on all look for failures?
19:55 iggy mine is flaky, you need to factor that fact into whatever you are writing
19:57 forrest join #letsencrypt
19:58 quix_ joined #salt
19:58 iggy tell them we want wildcard certs
19:59 giantlock joined #salt
19:59 voileux joined #salt
19:59 Phtes only $900/yr
20:00 forrest iggy, lol
20:00 forrest iggy, Right now the basic setup for a single domain isn't even working, so we'll see.
20:01 iggy SANs then?
20:01 iggy I've been following it (at least enough for Google Now to tell me about changes to the page)
20:02 ajw0100 joined #salt
20:02 forrest Maybe, I'm not sure honestly
20:02 baweaver joined #salt
20:04 cornfeedhobo is there a way, using salt call to easily see what failed. parsing highstate output visually is a task
20:06 voileux joined #salt
20:08 whytewolf cornfeedhobo: https://docs.saltstack.com/en/latest/ref/output/all/salt.output.highstate.html
20:11 teebes joined #salt
20:12 k00l Phtes: sorry mate, i dont see it .. perhaps you can point to it in teh docs you sent ?
20:13 Phtes k00l whos your hosting provider
20:13 KyleG joined #salt
20:13 KyleG joined #salt
20:13 k00l do
20:13 k00l Phtes: do
20:14 forrest k00l, https://docs.saltstack.com/en/latest/topics/cloud/digitalocean.html and https://www.digitalocean.com/community/tutorials/automated-provisioning-of-digitalocean-cloud-servers-with-salt-cloud-on-ubuntu-12-04
20:15 Phtes https://www.digitalocean.com/community/tutorials/automated-provisioning-of-digitalocean-cloud-servers-with-salt-cloud-on-ubuntu-12-04
20:15 Phtes ha
20:15 Phtes beat me
20:15 forrest pssssh, step up your link game Phtes!
20:16 zmalone parts of that are out of date, especially the bits about installation
20:16 zmalone I guess that's to be expected though
20:16 wryfi while we're talking about salt-cloud ... is it supposed to be able to change the new machine's hostname for you?
20:16 wryfi surely so, right?
20:16 Phtes thought you manually have to
20:17 Phtes cause it defaultly uses FQDN
20:17 wryfi oh yeah?
20:17 wryfi so what is the minion id of a salt-cloud instance then?
20:17 wryfi (a newly-created salt-cloud instance, i should say)
20:17 Phtes depends on yotur provider
20:18 k00l Phtes: and these docs will show how to use a state to make a salt-cloud provision ?
20:18 Phtes k00l that's what the title says "automated provisioning"
20:18 Phtes lol
20:18 Phtes I dont use DO so i cant comment on the accuracy of it
20:18 Phtes but its direct from DO, and linked to by salt docs so...
20:19 cornfeedhobo whytewolf: thanks. side note, pycharm addressed the issue :)
20:19 k00l i agree thats whatthe title says, and it deffently shows how to do in teh traditional way. however im looking for the part where they demonstrate how to call a cloud function from a state.
20:19 conan_the_destro joined #salt
20:20 dthom91 joined #salt
20:20 Phtes sudo salt-cloud --profile ubuntu_512MB_ny2 hostname
20:20 Phtes ?
20:20 seweryn joined #salt
20:20 Phtes perhaps im not understanding your question
20:21 Phtes you use salt-cloud to provision, and standard salt state formulas to configure
20:21 k00l Phtes: ummm, ok so i cant just use a state to do it all ?
20:21 whytewolf he wants to use https://docs.saltstack.com/en/latest/ref/states/all/salt.states.cloud.html
20:22 Phtes there you go
20:22 k00l whytewolf: what i accually want to do is to be able ot automate the whole thing from a single file. i was unaware that the API is not connected to salt-cloud.
20:22 Phtes but he still needs the cloud conf files
20:22 dthom91 joined #salt
20:22 k00l i have the cloud configed.
20:22 Phtes so create a cloud state that calls the configuration to provision
20:23 k00l Phtes: yep, thats the example that im hunting for :)
20:24 k00l I can call a stae from the API so i need to be able to call the proisioning from a state so that it can be run through the API
20:24 RandyT_ k00l: fwiw, you can also use map files to fire off deployment of a list of instances in the cloud.
20:24 andrej Thanks ViciousLove .... the thing is it doesn't (shouldn't) depend on the minion being up.  I need to find out which minion doesn't have a given value in the mine 'main_ip' == '' ... that one (or those, if there are several) make the generation of the icinga configuration fail.
20:24 RandyT_ You can also use orchestrate to deal with dependencies.
20:24 RandyT_ https://docs.saltstack.com/en/latest/topics/tutorials/states_pt5.html#orchestrate-runner
20:25 k00l RandyT_: can i run a orch file from teh API?
20:25 seweryn joined #salt
20:26 RandyT_ k00l: missed that part of the requirement. I have no idea regarding the API.
20:26 RandyT_ unless the "API" you refer to is an ssh call. :-)
20:26 k00l RandyT_: no worries, thnaks for teh direction. I will look into it.
20:26 RandyT_ the API adds a level of complexity that I have yet to justify in my setup.
20:27 meye1677 joined #salt
20:27 whytewolf k00l: orch is just a runner. so yes the API can do orch
20:27 k00l ya my bosses want this build a certin way that im having trouble using salt for.
20:28 k00l whytewolf:
20:28 voileux joined #salt
20:28 k00l whytewolf:  ok, i have a feel that i will run into teh same problem about looking to run a cloud function from a orch file.
20:28 palica joined #salt
20:28 palica hi all
20:29 palica does anyone run saltstack with hardened toolchian, kernel and userland for example gentoo-hardened?
20:29 palica i get this error
20:29 palica salt-minion -l debug
20:29 palica Process Process-1:
20:29 palica Traceback (most recent call last):
20:29 palica File "/usr/lib64/python2.7/multiprocessing/process.py", line 258, in _bootstrap
20:29 palica self.run()
20:29 palica File "/usr/lib64/python2.7/multiprocessing/process.py", line 114, in run
20:29 palica self._target(*self._args, **self._kwargs)
20:29 palica File "/usr/lib64/python2.7/site-packages/salt/scripts.py", line 75, in minion_process
20:29 palica thread.start()
20:29 palica File "/usr/lib64/python2.7/threading.py", line 745, in start
20:29 palica _start_new_thread(self.__bootstrap, ())
20:29 palica error: can't start new thread
20:30 whytewolf palica: please use gist. for something like that
20:33 palica sorry
20:33 palica i asked also on gentoo-hardened channel and the resolution is
20:33 palica paxctl-ng -Em /usr/bin/python2.7
20:34 palica sorry to bother you guys
20:35 sunkist joined #salt
20:36 wryfi i'm confused by the gpg renderer docs
20:36 wryfi https://docs.saltstack.com/en/latest/ref/renderers/all/salt.renderers.gpg.html
20:36 wryfi at the beginning of the page, it says "This allows you to safely store secrets in source control, in such a way that only your Salt master can decrypt them and distribute them only to the minions that need them."
20:36 wryfi but then later down, it says that if you set up the renderer in your master config, "This will apply the renderers to all pillars and states while requiring python-gnupg to be installed on all minions since the decryption will happen on the minions."
20:36 sdm24 does anyone use Salt to upgrade powershell (or similiar .msu installers that aren't part of windows updates)?
20:37 wryfi so where does the decryption take place?
20:37 wryfi is it on the master or on the minion?
20:37 zmalone on the master
20:37 wryfi zmalone: that's what i thought. something is weird about that second statement.
20:37 zmalone Yeah, it is.
20:38 zmalone There are a bunch of gpg renderer related issues, so it's worth browsing them and deciding if you can live with them.
20:38 node_ joined #salt
20:38 wryfi oh, that's good to know. thanks zmalone.
20:39 wryfi any good alternatives?
20:39 zmalone https://github.com/saltstack/salt/issues/24556
20:40 node_ I have a quick question, I have a two pillar.sls files right. one in /srv/pillar/core/common.sls, and one in /srv/pillar/redis/common.sls
20:40 node_ both common.sls files have a list of ports
20:41 turisti joined #salt
20:41 node_ my pillar top.sls has the target '*' being applied both the core.common pillar and the redis.common pillar
20:41 jmreicha joined #salt
20:41 zmalone wryfi: I suspect that moving to a full blown secrets management solution like Vault is the way to go, or home-growing something that you deal with via cmd.runs on minions.  So far, I've always ended up compromising though.
20:41 node_ I wanted these to aggregate into one larger ports pillar
20:41 node_ is that possible
20:41 jeffpatton1971 hey, is there a way to use file.missing (https://docs.saltstack.com/en/latest/ref/states/all/salt.states.file.html#salt.states.file.missing) to trigger a service restart in a state? so, when the formula executes on the minion, if the file is missing, restart the service?
20:42 wryfi zmalone: what is this Vault you speak of?
20:42 linjan joined #salt
20:43 turisti hi all ... I'd like to try hacking on the dnsmasq-formula on Github to add a map of MAC addresses to IPs (and hostnames) ... what's the Salt terminology for the mechanisms used to make something like that? thanks :)
20:43 zmalone https://vaultproject.io/ / https://github.com/hashicorp/vault / https://hashicorp.com/blog/vault.html
20:46 palica left #salt
20:46 cyborg-one joined #salt
20:46 jeffpatton1971 joined #salt
20:48 zsoftich2 does anyone have an example of using the fail_function for salt.function
20:50 sunkist1 joined #salt
20:53 wryfi zmalone: looks awesome. have you seen any attempts at salt integration pop up?
20:54 aidalgol joined #salt
20:54 zmalone I've seen tickets for it, but it's let down by Salt running a lot of things on the master, while Hashicorp wants secrets to be pulled directly by their end user, in this case, the minions.
20:55 zmalone which at this time would probably end with a lot of cmd.runs
20:56 wryfi ah, sure.
20:56 wryfi hmmm
20:56 zmalone I think https://github.com/hashicorp/vault/issues/323 was related to that
20:59 ktosiek Is the example with pillar[editor] wrong? https://docs.saltstack.com/en/getstarted/config/pillar.html
20:59 ktosiek I mean, shouldn't it be pillar["editor"]?
21:01 k00l Hey guys, when i have exausted the resources that are available in here, how do i escelate these questions that i can't get answerd higher ?
21:01 Phtes weird salt cant find libapache2-mod-fastcgi
21:01 Phtes to install
21:01 Phtes ;(
21:02 ktosiek got to go now, bye
21:03 Phtes ah i might be missing a repo
21:03 Phtes hrm
21:03 ViciousL1ve joined #salt
21:03 giany joined #salt
21:04 giany hi, is there a way I can upgrade all packages and exclude specific package? i.e smth like : salt -t 10 -v '*' pkg.list_upgrades --exclude "pkg"
21:05 toastedpenguin joined #salt
21:07 Phtes can you make a stat require a command be ran first? or just place it sequentially
21:07 Phtes state*
21:07 voileux joined #salt
21:09 andrej To answer my own question :) ... this https://gist.github.com/jfrost/8798108 proved trememdously helpful for my quest. I would have loved to find a sensible (and well explained) example of the mine's commandline-usage, but ... meh, who cares :D
21:10 BretFisher joined #salt
21:13 node_ is there a rule of thumb when to use map.jinja an when to use grains
21:13 node_ I can accomplish similar things with the concepts
21:16 voileux joined #salt
21:17 dendazen joined #salt
21:17 dthom91 joined #salt
21:17 Phtes have salt/prod/http/init.sls and salt/rpdo/http/php.sls inside php/sls i include http, when i run highstate, the init.sls fires but php.sls does not, am i missing something? :(
21:17 node_ I can put what I place in map.jinja into a pillar.sls and target it to all
21:18 Phtes prod*
21:20 whytewolf node_: basicly. map.jinja is for formula creation. so that you can have programicly updated data. so say you have 6 settings that need to be different between debian, redhat, and ubuntu. you can have a different list for each set. and match on the os grain to seleect which set of defaults you need.
21:21 kinetic joined #salt
21:21 ViciousL1ve Phtes you didn't do an "include" for http.php
21:21 node_ So right now I have a file configure_ssh in side there I have a few file.managed directives that move the config file off the salt server into the correct host directory
21:21 node_ I use map.jinja to define the file
21:21 node_ and the destination
21:21 node_ but I can do that in a pillar also
21:22 node_ if I made a common pillar, and made a list called ssh_info: \n sshlocation: /etc/ssh/sshd.conf
21:22 node_ Not sure which one is better to use here
21:22 BretFisher anyone know of a way to do rolling reboots with a wait built in between nodes, like salt '*' -b 1 system.reboot  but with some sort of wait/delay option?
21:22 whytewolf node_: what ever you feel is better
21:22 node_ No set rule?
21:22 node_ It seems like pillars are alot more pushed then map.jinja
21:23 node_ but for firewall configuration, seems a lot better to do with ports
21:23 whytewolf node_: as long as you are not writng something that is going out to the rest of the world. no.
21:23 ViciousL1ve BretFisher: I think that's a known salt feature request. search github
21:23 node_ doing ports in apillar seems better
21:23 BretFisher @ViciousL1ve
21:23 BretFisher @ViciousL1ve thaks
21:23 node_ Very true, I do want to use best practices for modularity
21:24 BretFisher wasn't sure what it would be called... wait/pause/delay
21:26 whytewolf node_: map.jinja is more for formula writing, like if you need to set the name of a package based on the operating system. cause we all know that a package in redhat, and a package on debian won't be called the same thing. but if you are using mostly static data. put it in pillar
21:26 whytewolf or quit and compleatly ignore what i just said
21:27 voileux joined #salt
21:28 Phtes ViciousL1ve: not sure what you mean, does init.sls need the include?
21:30 whytewolf Phtes: from the looks of it. you are calling the init.sls but not the php.sls
21:30 Phtes whytewolf: correct top.sls calls http/init.sls, but i was under the assumption by adding include http to php.sls it would be extended into it
21:30 Phtes seems my assumption is wrong
21:31 ViciousL1ve Somewhere you have to include, so either the top.sls calls it or you use the "include:"
21:31 ViciousL1ve in init.sls for php
21:31 Phtes heres my init and php sls files
21:31 Phtes https://www.irccloud.com/pastebin/E2rAJFZH/
21:31 whytewolf Phtes: which file has the include?
21:31 Phtes https://www.irccloud.com/pastebin/4FPVo9Bu/
21:33 whytewolf Phtes: looks reverse. if you are calling the init.sls it should include the php.sls. not the other way around
21:33 Phtes hm
21:34 whytewolf Phtes: just like any programing lang. you include in the file you call. not in the file you want to be called
21:34 Phtes that would make sense :P
21:35 whytewolf I get blamed for that alot.
21:37 ipmb joined #salt
21:39 sunkist joined #salt
21:41 starbuster joined #salt
21:41 baweaver joined #salt
21:43 starbuster left #salt
21:45 TyrfingMjolnir joined #salt
21:47 baweaver joined #salt
21:49 larsfronius joined #salt
21:51 danlsgiga got the ext_pillar fixed... great... now I noticed there is a Maintenance routine that runs each 60 seconds and is responsible for pulling the gitrepo files
21:52 danlsgiga is there any module that I can force this on demand, like having a git hook to call an salt-api to refresh it?
21:52 danlsgiga I know about the saltutils.refresh_pillar but it is only refreshed after the Maintenance routine runs in the next 60s
21:52 dthom91 joined #salt
21:55 cpattonj joined #salt
21:55 bhosmer_ joined #salt
21:56 Phtes trying to run salt-call --local state.sls mystate but itsays its not ofund in the base env..
21:56 Phtes most certainly is there
21:56 Phtes :(
21:57 forrest Phtes, try adding -l debug
21:57 forrest see if that provides anything more helpful
21:58 forrest does base env = same as root dir?
21:58 Phtes yep
21:58 Phtes no extra info just cant find file
21:59 Phtes base /mnt/saltstack/salt/salt file is /mnt/saltstack/salt/salt/bootstrap.sls
21:59 ldelossa joined #salt
21:59 ldelossa hey guys, is any firewall configuration necessary on the minion at all
21:59 ldelossa documentation says no
21:59 ldelossa but as soon as I turn firewalld on centos7 box
21:59 ldelossa minion stops responding
21:59 Phtes salt-call --local state.sls bootstrap
22:00 Phtes (its a file that only the salt master runs)
22:00 whytewolf Phtes: run salt-run filserver.dir_list saltenv=base
22:01 Phtes whytewolf:  it shows all my files except that sls one wth =.=
22:01 Phtes er well
22:01 Phtes it shows all my dirs
22:01 Phtes so yeah
22:01 Phtes its the right path
22:01 forrest ldelossa, the connection is established from the minion TO the master, so unless something was stopping that initial outbound hit, there should be no configuration required. What are you blocking?
22:01 Phtes ldelossa: firewall on minion blocking outbound connections?
22:02 ldelossa outbound isn't blocked by default
22:02 viq joined #salt
22:02 iggy your problem description says otherwise
22:02 ldelossa let me check it out
22:02 forrest damn, iggy throwing down that iggy hate :D
22:02 iggy the minions don't listen, the master does... the minions connect to the master
22:02 iggy I swear I'm in a good mood
22:03 forrest it's just because it's text.
22:03 forrest So I know you're in a good mood, but others might not
22:03 Phtes why you no see my sls file salt
22:03 Phtes :(
22:03 ldelossa eh
22:03 ldelossa just did firewall-cmd --reload
22:03 ldelossa and it works now lol
22:03 GreatSnoopy joined #salt
22:03 ldelossa not sure what the hell thatwas about
22:04 whytewolf Phtes: permissions? cache? symlink?
22:04 ldelossa cloned image
22:04 ldelossa so probably something just stuck
22:04 Phtes whytewolf:  nothing diff from the other sls files that work when i call highstate
22:05 Phtes is there a way to define local in a top.sls
22:05 Phtes casue thats probably a better solution anyways
22:05 Phtes lol
22:05 sunkist joined #salt
22:06 ldelossa https://docs.saltstack.com/en/latest/ref/states/all/salt.states.firewalld.html
22:07 ldelossa I'm running on latest build
22:07 ldelossa but I don't seem to have that module
22:07 amcorreia joined #salt
22:07 ldelossa I did sys.state_docs firealld
22:07 ldelossa firewalld
22:07 ldelossa and it comes up with nothing on the minions
22:10 Phtes grrrrrrrrr
22:10 whytewolf ldelossa: just because the doc doens't show doesn't mean the module doesn't exist. the doc not showing could be because the module can't load.
22:10 ldelossa is there a way to show all loaded modules?
22:11 murrdoc nope
22:11 murrdoc its lazy loaded
22:12 ldelossa hmm
22:12 geekatcmu Is there a known bug with file.copy ignoring "force: True" ?
22:12 ldelossa I tried to use it in a state and it complained
22:12 whytewolf closest you will get is salt '*' sys.doc
22:13 ldelossa okay thanks
22:13 dthom91 joined #salt
22:13 whytewolf ldelossa: looks like the firewalld modules checks for firewall-cmd. if it can't find it in the path. won't load the module
22:14 sgargan joined #salt
22:15 ldelossa http://hastebin.com/rivosojaza.coffee
22:16 ldelossa I'm centos across the board right now
22:16 ldelossa so it has the firewall-cmd command
22:16 andrej left #salt
22:17 ldelossa get like a weird traceback
22:19 aidalgol Where can I find a changelog or release notes for the last few salt releases?
22:20 subsignal joined #salt
22:20 danlsgiga If I create the folder _pillar inside my file_roots containing a file git_pillar.py with an upstream fix, will it override the salt/pillar source?
22:21 aidalgol never mind, found it
22:23 kinetic joined #salt
22:24 Phtes whytewolf: regarding the include stuff, it just throws error that the file is not found on the file server
22:24 andi- joined #salt
22:24 Phtes when adding it ot init.sls
22:24 Phtes lol
22:24 Phtes this is becoming a fun headache :D
22:26 turisti joined #salt
22:27 cpattonj joined #salt
22:30 scoates joined #salt
22:32 ajw0100 joined #salt
22:33 cpattonj_ joined #salt
22:35 andi- joined #salt
22:41 bbarbour joined #salt
22:43 kinetic joined #salt
22:45 andi- joined #salt
22:57 falenn joined #salt
22:58 clintberry joined #salt
22:59 ip` joined #salt
23:04 keimlink joined #salt
23:05 trph joined #salt
23:08 cpattonj joined #salt
23:09 CaptainMagnus If I run a test.ping, I often get at least one of theses "xyz: Minion did not return. [Not connected]". If I run the ping again, it will be ok... This is on 2015.8.1... Can I fix this somehow (increase timeout or something like that)?
23:11 Phtes anyway to see what the current salt:// path is
23:15 bellaweo joined #salt
23:16 bellaweo hi there. can anyone point me to documentation for custom salt-cloud deploy scripts and using the hostname as defined on the salt-cloud -p <profile> <hostname> command line?
23:18 shpoont joined #salt
23:20 kinetic joined #salt
23:26 zmalone joined #salt
23:28 CaptainMagnus iggy: You disappoint me... You had a 100% response rate to my questions, but this time, nothing... :-)
23:29 scoates joined #salt
23:29 iggy CaptainMagnus: lol, I have a day job... We used to see that on older versions because there was a keepalive setting not being set on one of the ports
23:29 iggy but that should have been fixed ages ago
23:30 CaptainMagnus iggy: Hm ok, thanks :-) /me goes off to investigate further
23:31 iggy CaptainMagnus: do you have a strange network setup? (routers involved, NAT between minion/master, etc.)
23:32 CaptainMagnus iggy: This is in AWS. Lots of minions in different regions/vpcs
23:33 CaptainMagnus I do think AWS have their own ways of doing things though so in that respect, yeah, strange...
23:36 iggy yeah, they use a lot of NAT
23:37 aidalgol joined #salt
23:39 baweaver joined #salt
23:46 zmalone joined #salt
23:47 ajw0100 joined #salt
23:50 larsfronius joined #salt
23:52 Ludo- CaptainMagnus: when you figure out I want a report about it. I had it on one of my cluster with 200 minions trying to connect to a salt-master
23:54 Ludo- just after I updated this cluster to 2015.08.01
23:55 CaptainMagnus Ludo-: Heh sure
23:57 breakingmatter joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary