Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2015-10-30

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:00 whytewolf woodtablet: huh, example please
00:00 Guest86696 Hi
00:01 Guest86696 I had put in this issue on SaltStack, because my Master can't find the Minion.  Would anyone be able to help?  Here's the link.  Thank you. https://github.com/saltstack/salt/issues/28259#issuecomment-152359245
00:01 dendazen joined #salt
00:03 breakingmatter joined #salt
00:04 whytewolf Guest64072: what is showing your your miion log?
00:04 whytewolf s/miion/minion
00:07 Guest64072 hey, just installed salt via pip and it now works
00:07 Guest64072 I had installed salt via brew
00:07 Guest86696 It is showing this:
00:07 Guest86696 2015-10-29 17:06:54,524 [salt.utils       ][ERROR   ][13471] DNS lookup of 'salt' failed. 2015-10-29 17:06:54,524 [salt.minion      ][ERROR   ][13471] Master hostname: 'salt' not found. Retrying in 30 seconds
00:08 whytewolf Guest64072: ahh, well that kind of explains what the problem was. it couldn't find the master [which it thought was 'salt']
00:08 DanyC_ joined #salt
00:08 whytewolf brew puts things in odd places sometimes
00:09 whytewolf okay, bbl
00:10 Guest64072 thanks!
00:10 Guest86696 @whytewolf, I will look into this then. Thank you! I forgot to check the log
00:14 woodtablet whytewolf: You can specify multiple :ref:`state-declaration` under an
00:14 woodtablet :ref:`id-declaration`. For example, a quick modification to our
00:14 woodtablet ``webserver.sls`` to also start Apache if it is not running:
00:15 Guest86696 @whytewolf, thank you, it is now working
00:15 woodtablet whytewolf: that didnt come out as nice as I thought it would. but that ist he rst example, and the rendered example is here: https://docs.saltstack.com/en/latest/topics/tutorials/states_pt2.html
00:15 intel joined #salt
00:19 dendazen joined #salt
00:20 dthom91 joined #salt
00:21 thalleralexander joined #salt
00:22 seweryn joined #salt
00:22 alvinstarr joined #salt
00:28 seweryn2 joined #salt
00:28 baweaver joined #salt
00:29 ilbot3 joined #salt
00:29 Topic for #salt is now Welcome to #salt | 2015.8.1 is the latest | Please use https://gist.github.com for code, don't paste directly into the channel | Please be patient when asking questions as we are volunteers and may not have immediate answers | Channel logs are available at http://irclog.perlgeek.de/salt/
00:34 seweryn joined #salt
00:41 ashirogl joined #salt
00:52 favadi joined #salt
00:59 stomith joined #salt
00:59 aron_kexp joined #salt
01:00 Dev0n hey, anyone experience inconsistent failures for bitbucket.org known_hosts?
01:00 Dev0n I'm using ssh_known_hosts.present but there are times this fails
01:00 Dev0n might be an issue with bitbucket but their fingerprint shouldn't change that often :/
01:00 otter768 joined #salt
01:03 breakingmatter joined #salt
01:26 aparsons joined #salt
01:26 cyborg-one joined #salt
01:31 favadi joined #salt
01:31 otter768 joined #salt
01:32 zer0def joined #salt
01:33 whytewolf woodtablet: okay, gotcha, soooo what isn't working for you? you try that to the page you wanted but it isn't working?
01:38 woodtablet whytewolf: i am just not sure on the syntax to write to have my link go to this page: https://docs.saltstack.com/en/latest/ref/states/all/salt.states.service.html#module-salt.states.service
01:38 woodtablet whytewolf: thanks so much btw
01:41 whytewolf woodtablet: don't thank me yet. my rst is rusty
01:42 woodtablet whytewolf: lol
01:45 whytewolf woodtablet: I think it should be :mod:`service state <salt.states.service>`
01:46 woodtablet whytewolf: ok.. quick question, how did you figure that out ?
01:47 woodtablet whytewolf: right now this syntax doesnt make sense to me
01:49 whytewolf woodtablet: I cheated and read https://raw.githubusercontent.com/saltstack/salt/develop/doc/topics/tutorials/states_pt2.rst then looked for a link in https://docs.saltstack.com/en/latest/topics/tutorials/states_pt2.html that went to the place you wanted to go. and found the link there
01:50 woodtablet whytwolf: smart! well that works for me, thanks!
01:51 whytewolf woodtablet: thats why i get the big bucks. cause I am SMRT
01:52 fsteinel_ joined #salt
01:52 whytewolf now to figure out what goat I have to sacrafice to get elasticsearch updated to 2.0
01:53 whytewolf or decided to wait till 2.0.1 is out and just drink a coke
01:54 malinoff joined #salt
02:04 JDiPierro joined #salt
02:04 cberndt joined #salt
02:05 breakingmatter joined #salt
02:08 aidalgol joined #salt
02:13 writtenoff joined #salt
02:29 racooper joined #salt
02:32 bhosmer joined #salt
02:37 aparsons joined #salt
02:38 ageorgop joined #salt
02:39 andrew_v joined #salt
02:39 falenn joined #salt
02:40 ageorgop i'm trying to debug something and am finding the error and debug logs useless can anyone shed any light on what this means?
02:40 ageorgop " Specified SLS users in saltenv base is not available on the salt master"
02:40 ageorgop how do i pinpoint where that error is getting triggered from?
02:45 cornfeedhobo joined #salt
02:47 ilbot3 joined #salt
02:47 Topic for #salt is now Welcome to #salt | 2015.8.1 is the latest | Please use https://gist.github.com for code, don't paste directly into the channel | Please be patient when asking questions as we are volunteers and may not have immediate answers | Channel logs are available at http://irclog.perlgeek.de/salt/
02:49 ageorgop sigh
02:49 hemebond um
02:49 hemebond So you have a state called "users"?
02:51 racooper pastbin the logs?
02:52 evle joined #salt
02:54 ageorgop there is a formula called users
02:54 ageorgop but does'nt seem to be soruces
02:54 ageorgop sourced
02:55 keltim joined #salt
02:55 ageorgop which logs should i pastebin?
02:55 hemebond And that's the problem. It can't find that it but it is referenced.
02:55 hemebond Do you use different environments?
02:55 ageorgop it works on one machine
02:55 ageorgop not this one
02:55 ageorgop same checkout
02:55 hemebond What does your file_root look like?
02:55 ageorgop do you have to configure the formula dir somehow?
02:55 ageorgop let me look
02:56 hemebond Yes, you have to either add it in the master config and restart the master, or, like me, symlink from the states directory to the forumula sub-directory
02:56 hemebond *formula
02:56 hemebond Which doesn't require a restart.
02:57 ageorgop the formula subdir has the users stuff
02:57 ageorgop i don't see a file_root on either machine
02:57 hemebond file_root in your master config.
02:57 netcho joined #salt
02:57 hemebond It's a config setting.
02:58 hemebond *file_roots, sorry
02:58 ageorgop http://pastebin.com/xtQwnFtY
02:58 ageorgop hm it's not set on either server
02:59 hemebond The default is /srv/salt
02:59 hemebond So you should create a symlink /srv/salt/users -> /srv/formulas/users-formula/users
03:00 ageorgop ok
03:00 ageorgop sorry this was set up by some other guy and there is zero documention on what is going on here
03:01 otter768 joined #salt
03:02 ageorgop ok that symlink did it on the new machine, though the other machine doesn't have it
03:02 ageorgop i'll have to dig into why that one works ...
03:02 ageorgop wrapping my head around this has been quilt a pain
03:02 rhodgin joined #salt
03:02 hemebond Doesn't sound like it's using the formula.
03:02 ageorgop well that is the production machine
03:02 ageorgop mine is the dev box
03:03 ageorgop it seems to work on the clients
03:03 ageorgop in prod
03:03 ageorgop ill grep some more
03:04 ageorgop thanks everyone
03:04 hemebond Good luck :-)
03:05 ageorgop i've learned all the cfe tools and this by far has been the most frustrating.
03:06 hemebond Oh really?
03:06 ageorgop yes
03:06 hemebond What other tools have you used?
03:06 ageorgop cfengine2, chef, ansible, & cfengine3
03:06 hemebond Did you have to learn those by pulling apart an existing configuration?
03:07 ageorgop no just from docs
03:07 ageorgop cfe2 was 10 years ago
03:07 hemebond That's probably the difference then. Formulas are not something you really start with, and the documentation is quite clear on it.
03:07 ageorgop chef was about 4 years ago.  once i got it working the syntax was easy but the server was a disaster
03:08 ageorgop cfengine3 was hte most recent before this
03:08 hemebond Not sure how your site is setup either. You might be using GitFS that uses branches for environments.
03:08 ageorgop that so far is the easiest
03:08 ageorgop it's pretty simple from what i can tell
03:08 ageorgop it's in our own git repo
03:08 hemebond cf3?
03:08 ageorgop yeah that was the easiest
03:09 hemebond "it's pretty simple from what i can tell" what is? Your salt config?
03:09 ageorgop the salt config
03:09 ageorgop the problem is there is a mix of stuff in git and stuff not in git
03:09 codekobe joined #salt
03:09 ageorgop because they didn't want to check in certain things
03:09 tmkerr joined #salt
03:09 hemebond Does your git repo (containing your salt config) have branches?
03:09 trave joined #salt
03:09 hemebond Right.
03:09 ageorgop no branches
03:09 bbhoss joined #salt
03:09 ageorgop i've been wading through the git ignores
03:10 ageorgop and the formula was checked out on the server but wasn't in the repo
03:10 goki joined #salt
03:10 ageorgop there was a ref to the upstream repo that i found
03:10 hemebond Do you have multiple masters?
03:10 ageorgop no
03:10 ageorgop just one server
03:10 ageorgop 50 or so clients
03:10 ageorgop nothing crazy
03:10 wiqd joined #salt
03:10 gazarsgo joined #salt
03:10 simonmcc joined #salt
03:10 hemebond So does your prod server actually reference the users state?
03:10 teach joined #salt
03:11 ageorgop yeah it's there
03:11 hemebond Seems odd that one server could find it and another couldn't.
03:11 OliverMT joined #salt
03:11 hillna joined #salt
03:11 basepi joined #salt
03:11 akitada joined #salt
03:12 ageorgop it looks like the formula was checkout right to the master from a 3rd party source
03:12 ageorgop that is what i'm trying to figure out
03:12 bstaz joined #salt
03:12 davedash joined #salt
03:12 ageorgop i've been trying to get my vagrant env working
03:12 ageorgop so this is where things are blowing up
03:12 ageorgop that has been a total pain as well
03:12 ageorgop i managed to hack the provider to checkout a version from git that doesn't require pip
03:13 SteamWells joined #salt
03:13 hemebond A git version of Vagrant?
03:13 Phtes joined #salt
03:13 ageorgop vagrant
03:14 ageorgop vagrant is just the stock one on my debian box
03:14 ageorgop it's that the vagrant provisioner checks out the latest salt code
03:14 Grokzen joined #salt
03:14 ageorgop and that requires pip because of some tornado update
03:14 ageorgop and it barfs
03:15 hemebond Yeah, you want a release version, not latest Git master.
03:15 ageorgop so i had to had the vagrant provisioner to check out an older salt so the thing would work
03:15 ageorgop yeah i guess it's fixed somewhere upstream but not on my crusty 14.04 machine
03:15 hemebond I don't remember Vagrant using Git to fetch Salt.
03:16 hemebond Perhaps it does. Perhaps it uses the bash script.
03:16 ageorgop you can see what i did here http://pastebin.com/7dav24J1
03:17 ageorgop it's using git to checkout an older copy of the boostrap stuff
03:17 hemebond Ah I see.
03:18 kutenai joined #salt
03:18 ramishra joined #salt
03:19 hasues joined #salt
03:19 hasues left #salt
03:20 ageorgop ok gotta run, thanks again
03:31 venu0336 joined #salt
03:34 dyasny joined #salt
03:36 larsfronius joined #salt
03:49 rdas joined #salt
04:00 hehe joined #salt
04:02 moogyver hrm, is there anyway to get the full event data when using LocalClient?
04:02 moogyver seems like you only get the output of the exec module
04:03 _JZ_ joined #salt
04:11 dyasny joined #salt
04:15 zmalone joined #salt
04:18 otter768 joined #salt
04:31 Nazca joined #salt
04:57 ageorgop joined #salt
04:58 alemeno22 joined #salt
05:05 woodtablet left #salt
05:10 anmolb joined #salt
05:22 mehakkahlon joined #salt
05:33 akbar joined #salt
05:34 ITChap joined #salt
05:36 malinoff joined #salt
05:38 mehakkahlon joined #salt
05:41 ip` joined #salt
05:43 favadi joined #salt
06:07 breakingmatter joined #salt
06:09 colegatron joined #salt
06:18 shiriru joined #salt
06:26 felskrone1 joined #salt
06:31 thalleralexander joined #salt
06:47 slav0nic joined #salt
06:55 DanyC joined #salt
06:55 Azid joined #salt
06:58 colegatron joined #salt
06:59 colttt joined #salt
07:01 impi joined #salt
07:03 DanyC left #salt
07:03 DanyC joined #salt
07:15 anmolb joined #salt
07:16 keimlink joined #salt
07:28 KermitTheFragger joined #salt
07:29 mattiasr joined #salt
07:32 ramteid joined #salt
07:33 otter768 joined #salt
07:33 seweryn joined #salt
07:38 larsfronius joined #salt
07:41 colegatron joined #salt
07:54 rubendv joined #salt
07:57 linjan_ joined #salt
07:57 edulix joined #salt
08:00 impi joined #salt
08:02 Pallando joined #salt
08:05 DanyC hi, i'm trying to auto generate a pillar sls file and update some of the values, any idea how i can validate the file w/o a need for salt ?
08:06 hemebond DanyC: There's probably a YAML-lint thing for Python
08:06 hemebond That'll tell you if it's a valid structure. Won't really tell you if it's valid for your business rules.
08:07 DanyC hemebond: sure, any idea how does salt validate them? (as i could reuse that i think)
08:07 kukacz joined #salt
08:07 hemebond I don't think Salt does validate them, it just tries to parse them.
08:08 hemebond So you could try just parsing them and check for an error :-)
08:08 DanyC hemebond: ah i see, good to know though
08:08 breakingmatter joined #salt
08:11 Mate DanyC: you should generate them with a yaml writer, not string concatenations, and this will ensure that it is valid as a pillar
08:11 Mate but dont forget that you can always write python code as a pilalr file (so maybe you don't even need to pre-generate these files)
08:12 eseyman joined #salt
08:15 aqua^c joined #salt
08:23 mehakkahlon joined #salt
08:23 DanyC Mate: the whole use case is this: i have already a pillar template and i only need to inject the gpg cipher into it and i wanted to validate it to make sure the indentation is not screwed
08:24 ^C shouldnt salt-call pillar.item <my pillar> do that?
08:28 colegatron joined #salt
08:28 DanyC ^C: you mean the validation? if so yes, but the idea was to not depend on salt while i'm building my pillar file
08:29 Guest76565 joined #salt
08:30 ^C shouldnt you be doing the dynamic stuff using jinja2 inside the pillar itself? rather than pre-rendering values in?
08:34 Fiber^ joined #salt
08:35 bhosmer joined #salt
08:36 DanyC ^C: right, let me take a step back (i could miss s'thing valuable in what you say - pls bear with me). so i have a very basic thing: a git repo with a pillar file - secrets.sls and inside i need to add the gpg cipher. as part of this process i was looking at validating the file after i edited (to cover my back basically :) ). doing the last bit i was looking at very minimal dependency set - i.e no need for salt etc
08:37 OliverUK joined #salt
08:37 fgimian joined #salt
08:39 Rumbles joined #salt
08:40 DanyC ^C: so have i misunderstood what you said ?
08:52 sunkist joined #salt
08:52 NV joined #salt
08:59 rotbeard joined #salt
09:00 MadHatter42 joined #salt
09:01 larsfronius joined #salt
09:03 larsfron_ joined #salt
09:06 edulix joined #salt
09:06 patchedmonkey joined #salt
09:07 patchedmonkey joined #salt
09:11 traph joined #salt
09:11 kawa2014 joined #salt
09:12 tonthon joined #salt
09:12 tonthon Hi
09:12 tonthon I've got a problem accessing pillar datas from a state file
09:13 s_kunk joined #salt
09:13 tonthon both states and pillar datas are accessed through  gitfs
09:13 andrew_v joined #salt
09:13 tonthon when I run "salt 'myhost' pillar.items"
09:13 tonthon my datas comes up
09:14 tonthon but when I use them in a sls state file : {{ salt['pillar.get']('myvar') }}
09:14 tonthon I get None
09:14 tonthon any idea what may be wrong ?
09:17 junboj joined #salt
09:20 thalleralexander joined #salt
09:21 DanyC joined #salt
09:22 edulix joined #salt
09:24 Xevian joined #salt
09:24 jabari There is an error in the page https://docs.saltstack.com/en/getstarted/config/pillar.html, {{pillar[editor]}} may should be {{pillar["editor"]}}, it lost quotes.
09:25 ITChap joined #salt
09:26 catpig joined #salt
09:27 zerthimon joined #salt
09:28 giany hi, is there a way I can upgrade all packages and exclude specific package? i.e smth like : salt -t 10 -v '*' pkg.list_upgrades --exclude "pkg_name" ?
09:30 impi joined #salt
09:30 babilen giany: You would typically do that by putting those packages on hold (cf. pkg.hold)
09:31 babilen (the ones that you don't want to upgrade)
09:33 otter768 joined #salt
09:39 giany thx, that helped
09:41 tonthon ok, I fixed my problem, I messed up myself, sorry for the noise
09:44 zerthimon joined #salt
09:46 bastiandg joined #salt
09:50 yuhl_work___ joined #salt
09:52 geekatcmu joined #salt
09:52 GrueMaster joined #salt
09:53 synical joined #salt
09:53 Laogeodritt joined #salt
09:56 thalleralexander joined #salt
10:05 fredvd joined #salt
10:08 ashirogl joined #salt
10:08 traph hi, how it's best to make the conf structure so you can select a different version of a package on each group of nodes?
10:10 breakingmatter joined #salt
10:11 traph I'm thinking of pillars, but can you name the pillar file with a name different then that of a salt state?
10:11 turisti joined #salt
10:12 hemebond traph: Yes, pillar files can be called whatever you like.
10:12 hemebond They are assigned to minions the same way state files are; with a top.sls file.
10:13 traph so each pillar can be used by every other state, disregard of the name of the pillar file/directory?
10:15 markm joined #salt
10:24 giantlock joined #salt
10:24 hemebond Pillars aren't really used by states, they're applied to a minion, and a state references the compiled result.
10:25 hemebond So you could apply a common.sls, myminion.sls, mysoftware.sls pillar files, and then your states will see the merged result of all that.
10:26 CeBe joined #salt
10:38 is_null hi all, so extension_modules doesn't work in masterless mode ?
10:40 venu0336 joined #salt
10:48 GnuLxUsr joined #salt
10:50 is_null so, how can i import a salt state to call it in my own state module ? i tried something as simple as this: http://dpaste.com/0KWXYW3 but salt.states.pkgrepo.managed fails because __salt__ is not defined ...
10:54 traph hemebond, that's what I needed to know. thanks allot :)
10:57 keltim joined #salt
11:04 mpanetta joined #salt
11:04 hemebond is_null: You're trying to import a state into a state module?
11:05 peters-tx joined #salt
11:06 hemebond Or are you trying to import one state module into another?
11:06 is_null hemebond: i'm trying to decorate the pkgrepo.managed function as such: http://dpaste.com/1GK3VV0
11:07 is_null hemebond: i'm trying to 0. define my own pkgrepo.managed override 1. get it to call salt's pkgrepo.managed and 2. if the result is a failure, retry a few times
11:08 is_null i'm fighting network errors because we have too many false-negatives in our CI ...
11:08 amcorreia joined #salt
11:09 hemebond How are you running your module?
11:09 markm joined #salt
11:09 hemebond I don't see anything vastly different to my simple little module.
11:09 hemebond Oh.
11:09 hemebond Sorry, reading your module properly.
11:10 is_null ok, so am i going to have to patch pkgrepo.__dict__ in this fashion ? https://github.com/saltstack/salt/blob/2014.7/salt/loader.py#L476
11:10 is_null `exec code in module.__dict__` or something like that ? :D
11:11 keltim joined #salt
11:12 hemebond I wouldn't have thought so. Are you trying to over-ride the name of the module too?
11:13 is_null hemebond: what do you mean over-ride the name of the module ?
11:13 hemebond You say you're trying to write your own pkgrepo.managed... does that mean you want to reference it with pkgrepo.managed too?
11:14 hemebond Or will it be mymodule.managed?
11:14 is_null well pkgrepo.managed
11:14 hemebond Oh. So you're basically trying to monkey-patch the module?
11:14 is_null i intend to decorate **quite a lot** of these
11:14 is_null well, i'm trying to fix it yeah
11:16 is_null my plan was to make a generic decorator and decorate any state function that often fails because of a network error in my ci
11:17 babilen bloody monkey patching
11:19 hemebond is_null: I think that's over my head unfortunatey.
11:19 hemebond *unfortunately
11:20 is_null babilen: is this monkey patching ? https://github.com/saltstack/salt/blob/2014.7/salt/loader.py#L482
11:21 giantlock joined #salt
11:21 is_null how do you guys deal with network errors in the CI of your salt states and pillars repo ? we get quite some false negatives here
11:22 is_null if there's a better way i'll take it :)
11:25 babilen is_null: That's probably a symptom of it. I am rather referring to https://github.com/saltstack/salt/blob/2014.7/salt/loader.py#L709 and similar situations in which __salt__ is being "enriched".
11:26 babilen I am still not sure if that design is absolutely necessary and would have much preferred *explicit* imports of modules rather than relying on __salt__ (and other dunder dicts) being patched in later with execution functions, grains and other data
11:26 babilen This makes it very hard to predict which data will be available at which point in time and breaks normal Python idioms (such as the one you are using for decorating)
11:26 Zytox joined #salt
11:28 is_null yep, so here's my little monster: http://dpaste.com/14J1M44
11:29 is_null if that makes our users stop complaining about false-negative test results then cheers to that :)
11:29 babilen *shudder*
11:29 babilen And to happify static code linters you'd have to define all dunder dicts beforehand (with __dict__ = None and so on)
11:31 is_null babilen: come on don't ruin my joy :D
11:31 babilen No, it's good, but that kind of code shouldn't be necessary
11:32 is_null oh god, it shouldn't **ever** be necessary
11:32 babilen "# Please don't hurt me. This really is necessary and I apologise in advance for the horrors you are about to witness" ;)
11:33 is_null i'll add that one :D
11:34 otter768 joined #salt
11:35 fredvd joined #salt
11:38 is_null i'll commit it as root while i'm at it, so that it can't be traced back to me
11:39 favadi joined #salt
11:42 JDiPierro joined #salt
11:44 * babilen chuckles
11:48 DanyC anyone has ever tried to use git-crypt with salt ?
11:50 babilen Not that i know off. I am aware of people use the gpg renderer, but not git-crypt usage within salt
11:50 babilen Be the first!
11:51 DanyC babilen: heh, thanks ;)
12:00 breakingmatter joined #salt
12:02 is_null FTR, that didn't work: http://dpaste.com/14J1M44#line-7 fails with      Comment: State 'pkgrepo.absent' found in SLS u'base.novapost_repository' is unavailable
12:02 is_null so i'm definitely going to have to create another state and go ahead butchering our code with sed hihhihi
12:04 elsmo joined #salt
12:20 bluenemo joined #salt
12:22 Kelsar joined #salt
12:24 felskrone1 how do i require another state whos id is dynamic because it was created in a loop? anyone know?
12:25 hemebond felskrone1: Use require_in (or something)
12:26 felskrone1 ah nice, thx
12:26 markm joined #salt
12:27 tmclaugh[work] joined #salt
12:27 Deevolution joined #salt
12:28 dthom91 joined #salt
12:36 Seanie joined #salt
12:36 Seanie Whats the best way to roll out a upgrade of salt have 100minions 4-5masters
12:36 rotbeard joined #salt
12:43 traph is there an easy way to get grains info from targeted group of minions within a state?
12:45 JDiPierro joined #salt
12:47 favadi joined #salt
12:49 tmclaugh[work] joined #salt
12:51 traph also, is there a way of testing code before putting it in a jinja template inside a state for example?
12:51 rhodgin joined #salt
12:52 ericof joined #salt
12:54 subsignal joined #salt
12:57 eliasp I'm looking for 2015.8.x packages for Fedora 22… COPR (https://copr.fedoraproject.org/coprs/saltstack/salt/) is abandoned, repo.saltstack.com provides only RHEL/CentOS… any ideas?
12:59 dthom91 joined #salt
13:06 thalleralexander joined #salt
13:06 MadHatter42 joined #salt
13:07 babilen traph: https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.cp.html#salt.modules.cp.get_template
13:07 eliasp and the next weirdness of the day: 2015.5.2 which I'm currently running on Fedora 22 seems to completely ignore "file_client: local"/"--local" … did anyone ever see something similar?
13:08 zerthimon joined #salt
13:15 numkem joined #salt
13:17 JDiPierro joined #salt
13:20 murrdoc joined #salt
13:21 manu__ joined #salt
13:23 manu__ hi, i have a query.. regarding salt.. i have been trying to install nagios-nrpe-server on clients using salt modules which is installing unwanted dependency is there a way to skip dependencies and install only nrpe??
13:23 manu__ am new to salt btw
13:26 Norrland manu__: using the module or state?
13:27 eliasp manu__: depends on your distribution, your package manager and on the package you're installing… so we need a bit more details
13:29 manu__ Okay, so we're using a state file for installing the packages, and using debian wheezy apt-get
13:30 manu__ as, my application is based on ruby on rails V2.1, the nagios-nrpe-server pulling the Ruby V1.9 as a dependency
13:30 bhosmer joined #salt
13:31 Norrland manu__: so install_recommends: False
13:31 manu__ checked the salt.modules.pkg for skipping the dependencies, but no clue there
13:31 manu__ Ohh, nice
13:32 Rumbles joined #salt
13:32 Norrland manu__: would do the same as 'salt "minion" pkg.instal install_recommends=False nagios-nrpe-server'
13:32 Norrland pkg.install*
13:33 manu__ okay, but to be honest, we're on Salt branch 2015.5.2 (stable) ... will these changes supported in this salt version?
13:34 eliasp manu__: yes, see: https://docs.saltstack.com/en/2015.5/ref/states/all/salt.states.pkg.html
13:34 manu__ cool, thanks all for the quick info. ... will check it out now and see it working a real quick ..
13:35 otter768 joined #salt
13:39 alemeno22 joined #salt
13:39 timoguin joined #salt
13:41 cpowell joined #salt
13:42 prem joined #salt
13:44 prem how to copy files between two minions in salt state file? And I know how to do that using cli i.e using minionfs but i want to write formula for it. is there any way?
13:45 winsalt joined #salt
13:50 edulix joined #salt
13:57 breakingmatter joined #salt
13:58 prem anyone?
13:58 dyasny joined #salt
14:00 cpowell joined #salt
14:00 zmalone joined #salt
14:02 Seanie scp?
14:03 pfallenop joined #salt
14:04 djstorm joined #salt
14:05 CeBe joined #salt
14:07 Ahlee What's current state of multi master?
14:08 murrdoc they are discussing it
14:08 murrdoc the masters
14:08 murrdoc one of them fell of
14:08 murrdoc so no 'high' state was achieved
14:10 prem is there any state module?
14:10 murrdoc kya matlab prem
14:11 timoguin_ joined #salt
14:11 babilen prem: Don't think so
14:12 prem @murrdoc: matlab i want to write salt formula for copying
14:12 cpowell joined #salt
14:12 murrdoc copying what
14:12 prem @babilen: that should be there?
14:13 prem @murrdoc: file between minion
14:13 DammitJim joined #salt
14:13 murrdoc you can publish
14:14 murrdoc https://docs.saltstack.com/en/latest/ref/peer.html
14:15 babilen It's tricky if you don't want to publish it to all of them
14:16 _JZ_ joined #salt
14:17 hackel joined #salt
14:17 prem well then, there is a need for this feature.
14:18 prem don't you think?
14:19 quix joined #salt
14:20 bhosmer joined #salt
14:20 malinoff joined #salt
14:21 clintberry joined #salt
14:23 wab joined #salt
14:23 I joined #salt
14:26 opdude_ joined #salt
14:27 opdude_ Hey, whats the recommended way to test a new beacon that I want to write?
14:27 cpowell joined #salt
14:28 wab new to salt-cloud, need to use Azure, not finding helpful docs. Trying to figure out how to create a VM with multiple disks (to be raid0 later) and connect to private network (can be both public/private for now). Ultimate goal is to create elasticsearch cluster in n linux nodes. Can I do this with salt-cloud and azure at this time? The VM profile options don't talk about additional disks, networks, etc.
14:28 averell joined #salt
14:31 colegatron joined #salt
14:31 venu0336 joined #salt
14:32 cpowell joined #salt
14:35 jeddi joined #salt
14:36 cpowell joined #salt
14:39 traph babilen, how would you test a jinja template with salt '*' cp.get_template ?
14:39 stevednd hey all, we're looking to publish events to be communicated throughout a cluster from an unprivileged application user, but get failures opening /var/log/salt/minion and accessing the minion key. Must the user really be root to stend messages?
14:41 babilen traph: I'd check if what I get is what I expect ..
14:43 quasiben joined #salt
14:44 debian112 joined #salt
14:45 dthom91 joined #salt
14:50 favadi joined #salt
14:52 traph babilen, I see what you mean. Thanks
14:56 clintberry joined #salt
14:58 clintberry joined #salt
15:00 sunkist joined #salt
15:01 RandyT good morning, what's shakin?
15:01 RandyT Quick question? Is there a more elegant/correct way to do the following? https://gist.github.com/rterbush/e4979a1e5e8a2d3ddddb
15:02 babilen service.mask: []
15:04 RandyT babilen: thanks, is that true of the other one liners?
15:04 RandyT getting complaint about format of service.disable now
15:06 ageorgop joined #salt
15:08 linjan__ joined #salt
15:09 aphor joined #salt
15:09 RedundancyD joined #salt
15:12 babilen RandyT: Those aren't states, but execution functions in the systemd module: https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.systemd.html
15:12 babilen https://docs.saltstack.com/en/latest/ref/states/all/salt.states.service.html is what you would use in a state definition
15:14 RandyT babilen: ok, thank you. I think I have satisfied it. Still a bit fuzzy on how I would call a module function like mask in the deploy process aside from just executing it at the command line
15:15 babilen https://docs.saltstack.com/en/latest/ref/states/all/salt.states.module.html
15:15 babilen I put a module in your state so you can mod while you state
15:16 danielcb joined #salt
15:16 RandyT babilen: ah, thank you. That helps
15:17 Akhter joined #salt
15:18 MadHatter42 joined #salt
15:18 clintberry joined #salt
15:20 aphor Does anyone use jinja in salt-cloud map files?
15:21 MadHatter42 joined #salt
15:22 jdubski joined #salt
15:23 malinoff joined #salt
15:24 malinoff joined #salt
15:24 hax404 joined #salt
15:25 malinoff joined #salt
15:28 danielcb joined #salt
15:28 zsoftich2 joined #salt
15:29 Akhter joined #salt
15:29 aphor OK. Time zone issues here ;)
15:31 babilen aphor: You could be the first!
15:31 malinoff joined #salt
15:32 dthom91 joined #salt
15:32 zmalone Just ran into https://github.com/saltstack/salt/issues/28443 yesterday and opened a issue today, as a warning to anyone who doesn't use passwords.
15:32 MadHatter42 joined #salt
15:33 aphor babilen: I was just wondering whether it has access to pillars, and how that works since there's no targeting in pillar top.sls for salt-cloud stuff.
15:33 aphor babilen: no context for grains...
15:33 zmalone when an account with "None" as a hash runs into a password expiration deadline, it will be locked out, and while a user *could* reset the password, they don't have a pass that matches up with a hash of "None", so password resets won't work, and they can't log in
15:34 babilen aphor: okay, I don't use salt-cloud at all, so can't help, but it typically doesn't help to ask if someone is doing that as the answer is most likely "yes" ;)
15:34 dthom91 joined #salt
15:34 babilen zmalone: Nice ;(
15:35 Gi0 joined #salt
15:35 aphor babilen: "yes" leaks a little more info about people who know something for my next question.. so I guess I should be more direct.
15:35 SheetiS joined #salt
15:35 sdm24 joined #salt
15:36 otter768 joined #salt
15:37 quasiben joined #salt
15:38 Akhter_ joined #salt
15:38 babilen aphor: I don't think that it has access to pillars, but that is just gut feeling
15:38 DammitJim joined #salt
15:39 aphor zmalone: what *should* user.present do with the password by default?
15:40 beardedeagle joined #salt
15:40 rmnuvg_ joined #salt
15:43 aphor babilen: I think salt-cloud needs an overhaul. I'd like to see it implement a minion-like context for each provider so that salt-cloud can use pillars grains and states.
15:43 mehakkahlon joined #salt
15:43 timoguin joined #salt
15:43 zmalone aphor: By default, if password: is not present, it sets it to "!", which means "This account cannot login with a password"
15:43 thalleralexander joined #salt
15:43 zmalone the problem is that if password: is present, but undefined (which is admittedly an edge case) it gets yamled into "None", and then "None" is used as the password hash itself
15:44 zmalone when it should see "None" and input "!" as the hash
15:44 zmalone there's also password.empty or something, if you want the case of "I want to log in with no password"
15:44 zmalone as opposed to "I don't want this account to be able to use a password"
15:45 zmalone That would block anyone from legitimately making a hash of "None", but I don't think that's ever really desired?
15:47 ekristen joined #salt
15:48 babilen zmalone: It's simply the fact that "None" is being interpreted as string somewhere and therefore erroneously ends up in the file
15:50 Brew joined #salt
15:51 illern_ joined #salt
15:51 murrdoc joined #salt
15:52 ashirogl1 joined #salt
15:55 venu0336 joined #salt
15:56 aphor zmalone: I agree with that approach. I think by default, passwords should be set to not expire. If a password hash is supplied it should get a default expiry.
15:56 aphor zmalone: http://unix.stackexchange.com/questions/19333/disable-a-users-login-without-disabling-the-account <-- good discussion here
15:56 zmalone Yeah, and it is the default approach in salt, it's just that a blank password: becomes the string "None"
15:57 meye1677 joined #salt
15:58 Gareth hrm. Anyone using Saltcloud with Azure?
15:59 venu0336 joined #salt
16:01 wab I'm trying got use Azure. See question above.
16:01 alemeno22 joined #salt
16:03 zmalone Gareth/wab: https://github.com/saltstack/salt/issues?utf8=%E2%9C%93&amp;q=is%3Aissue+is%3Aopen+azure
16:03 mehakkahlon joined #salt
16:03 zmalone I think you need to be careful about which salt version you use with azure at this time
16:07 thehaven joined #salt
16:08 wab actually it's the azure SDK version that's the problem.  downgraded to v0.11.1 to get past immediate exceptions.
16:09 Gareth 2015.8 and I'm already using a downgraded on the SDK version, 2015.5 was able to provision machines, 2015.8 is not...tries to SSH in and can't.
16:10 Gareth ah nice.  first bug.
16:11 edulix joined #salt
16:12 aphor Gareth: is this an Azure bug or salt-cloud bug?
16:12 Gareth looks like salt-cloud from this: https://github.com/saltstack/salt/issues/28150
16:12 tawm04 newbie here trying to get the various cli calls strait: 1) salt minion connects to the salt master and waits for "salt '*' foo.bar" calls 2) salt-call takes set of states either on disk or from a master and does the desired function. 3) does `salt-call state.highstate` use the same code for targeting as `salt 'G@minion.targeting' state.highstate`
16:13 aphor tawm04: can we try to answer questions one at a time please?
16:13 tawm04 aphor: apologies
16:14 tawm04 `salt-minion` connects to a `salt-master` and waits for `salt 'minion.targeting' state` calls right?
16:14 MadHatter42 joined #salt
16:14 aphor tawm04: 1) the salt master connects to the minions targeted by '*' or 'webserver*' or '*01' for example, and tells them to excite something.
16:14 aphor excite --> execute
16:15 tawm04 by default the transport is zeromq right?
16:15 aphor tawm04: yes
16:15 thalleralexander joined #salt
16:15 tawm04 if i'm just using the bootstrap-salt.sh script they have
16:15 tawm04 kk
16:16 aphor tawm04: 2) salt-call tries to execute stuff.
16:16 tawm04 and it would contact a `salt-master` if configured to to get the state files
16:16 aphor tawm04: yes, and pillars
16:17 clintberry joined #salt
16:18 aphor tawm04: 3) yes, targeting works the same everywhere targeting is used.
16:18 aphor tawm04: salt-call assumes you have jumped over the targeting step though.
16:19 aphor https://docs.saltstack.com/en/latest/ref/cli/salt-call.html <-- no targeting argument
16:19 tawm04 yeah but i should be able to do targeting in the top.sls file https://docs.saltstack.com/en/latest/topics/targeting/compound.html#target-alt-delimiters
16:20 tawm04 sorry that link has the wrong anchor
16:20 aphor tawm04: maybe you should help us understand what you want to accomplish
16:20 aparsons joined #salt
16:20 tawm04 yeah sorry i was getting to that
16:20 tawm04 so i have a range server
16:20 aphor ok
16:20 tawm04 and i'm trying to get range targeting in place
16:21 tawm04 and i can from `salt '%cluster:KEY' test.ping`
16:21 opdude_ Repeating for those who are now awake :): Hey, whats the recommended way to test a new beacon that I want to write?
16:21 tawm04 that works for me
16:21 MadHatter42 joined #salt
16:21 aphor tawm04: ok I'm following so far
16:22 tawm04 but when i try to use `base: R@%cluster:KEY: - function` that function isn't executed
16:22 tawm04 during a salt-call state.highstate from the minion
16:22 colegatron joined #salt
16:22 jalbretsen joined #salt
16:23 tawm04 i see network traffic to my range cluster during the `salt` command from the master but not any traffic during the `salt-call` from the minion
16:24 MadHatter42 joined #salt
16:25 tawm04 i was trying to trace the salt-call command through the source code last night and i couldn't find where it actually makes a range connection
16:25 aphor tawm04: try putting the 'R@%cluster:KEY' in some jinja in your state.sls files or in your pillars if you want minions to do the range lookup.
16:25 aphor tawm: the targeting is mediated by the salt master.
16:25 MadHatter69 joined #salt
16:26 aparsons joined #salt
16:26 aphor tawm04: let me ask this: is the range cluster targeting working?
16:26 tawm04 it works when i do something like `salt '%cluster:KEY' test.ping`
16:27 tawm04 but not when i have that in my top.sls as per the targeting documentation: https://docs.saltstack.com/en/latest/topics/targeting/compound.html
16:27 aphor top.sls tells the master which minions get which states, or pillars
16:27 zsoftich2 tawm04: https://docs.saltstack.com/en/latest/ref/states/top.html#advanced-minion-targeting
16:27 zsoftich2 set the match type to be compound?
16:28 tawm04 zsoftich2: i've tried `- match: compound`
16:28 tawm04 i haven't tried `- match: range` though
16:28 tawm04 i thought of that last night but then forgot
16:30 tawm04 `'R@%cluster:KEY': - match: range` didn't work :(
16:30 clintberry joined #salt
16:31 seweryn joined #salt
16:31 andrew_v joined #salt
16:34 tawm04 `salt -C 'R@%cluster:KEY' test.ping` also doesn't work
16:35 CheKoLyN joined #salt
16:35 aphor tawm04: 'R@%cluster:KEY' is a *compound* match
16:35 aphor try that instead of *range*
16:36 seweryn2 joined #salt
16:36 aphor https://docs.saltstack.com/en/latest/topics/targeting/compound.html <-- these all use the compound matcher
16:37 tawm04 aphor: doesn't the R@ use a range cluster to find out the hosts?
16:38 clintberry joined #salt
16:38 aphor tawm04: the 'R@..' syntax is a compound matcher in salt.
16:38 tawm04 so when i want to mix the two?
16:39 tawm04 err use a grain and a range?
16:39 aphor tawm04: if you make a compound matcher that has a G@, the compound matcher knows to use grains.
16:39 tawm04 gonna try that
16:39 mrwboilers joined #salt
16:40 aphor tawm04: if you use a compound matcher with I@, the compound matcher knows to use pillars.
16:41 aphor tawm04: so I would expect using 'R@..' compound matcher would know to do the range cluster lookup.
16:41 aphor if not: sounds like a bug to me.
16:41 kawa2014 joined #salt
16:41 mrwboilers In a config file that is templated with jinja, is there a way to reference a variable within another jinja tag? (Sorry if my terminology is way off.)
16:42 mrwboilers For example, if I already have a variable set for the host name -- {{ host  }}
16:42 tawm04 aphor: i saw some of the Matcher class realing with R@ iirc, let me try and find it again
16:42 mrwboilers is there a way to do something like this:  {% set ip = salt['cmd.run']("getent hosts {{ host }} | awk '{ print $1 }'") %}   ??
16:42 otter768 joined #salt
16:42 tawm04 in case you go afk while i rummage around aphor and zsoftich2 thanks for the replies
16:43 aphor tawm04: YW, good luck, and please let us know how things went!
16:43 mrwboilers Unfortunately I can't just use a grain for the IP address because some boxes have multiple addresses and I need to get a specific one.
16:43 mrwboilers Or maybe I need a custom grain to get the address that I want?
16:43 zsoftich2 mrwboilers: use jinja concatenation "getent hosts "~host~" | awk ..."
16:43 mpanetta mrwboilers: Why don't you use network module?
16:44 aphor mrwboilers: I think people usually set a jinja variable in a map.jinja file, which the states all include if they need those variables.
16:45 kawa2014 joined #salt
16:46 aphor mrwboilers: if you need to loop through IPs, do that in map.jinja.
16:46 aphor mrwboilers: your case might be on the edge where a custom grain makes sense.
16:48 pogotech joined #salt
16:48 mrwboilers Thanks everyone. You've given me some options to explore
16:49 rhodgin joined #salt
16:49 writtenoff joined #salt
16:54 iggy mrwboilers: {{ salt['network.ip_addrs'](cidr='10.0.0.0/8') }} ?
16:56 mrwboilers So far the jinja concatenation seems to be working fine. I've never used jinja prior to working with salt, so I'm learning little bits of that as I go along.
16:56 mrwboilers iggy: That looks like a good option too. I'll give that a try as well.
16:56 aphor mrwboilers: are you trying to pick an IP for something to bind to?
16:57 mrwboilers Yes, it's to configure zabbix-agent. It needs to know it's own IP address for some reason. It doesn't seem to work with a DNS name instead of an IP address.
16:57 iggy 0.0.0.0?
16:58 ageorgop joined #salt
16:58 dthom91 joined #salt
16:59 colegatron mmm when you want to run a service.running: - reload: true but the service has no 'reload' but a 'force-reload'... how can you force to use 'force-reload' instead 'reload' ?
17:01 iggy colegatron: I don't know of an option to do that
17:02 breakingmatter joined #salt
17:03 armyriad joined #salt
17:03 aparsons joined #salt
17:04 ageorgop colegatron: couldn't you use a cmd?
17:04 colegatron nop. I need it to restart on watch /etc/supervisor.d/conf.d/*
17:05 colegatron but seems - sig: supervisord can do the trick. I'm testing now
17:06 falenn joined #salt
17:07 pogotech left #salt
17:08 ageorgop i have cmds run on watch of a file
17:08 ageorgop not sure why that wouldn't work
17:09 PeterO joined #salt
17:17 doriftoshoes joined #salt
17:17 sbogg joined #salt
17:19 thalleralexander joined #salt
17:20 nate_c joined #salt
17:21 jackjackdripper joined #salt
17:22 colegatron ageorgop, oh, you are right, but if there is a service.running, I prefer to try get it working.
17:22 colegatron too much workarounds everywhere
17:22 ageorgop yeah i feel ya
17:23 ageorgop all this highlevel syntax just gets in the way a lot of the time
17:23 ageorgop i never use it
17:23 PeterO left #salt
17:23 PeterO joined #salt
17:23 colegatron in two weeks nobody will knows why you use the cmd.run instead the service.
17:24 ageorgop i've been trying to unravel the salt stuff I inherited and it's not been fun
17:24 PeterO I always feel like I'm using Salt the wrong way.
17:24 ageorgop i can't tell what is right
17:24 PeterO same
17:24 ageorgop the code looks horrendous when I write it
17:25 pdx6 joined #salt
17:25 ageorgop just a ton of trial an error
17:25 ageorgop i've been using it for 6 months and want to rip it all out
17:25 PeterO yeah. Which is where we're at... does it run and do what we think it should? Yes. Are we doing it all wrong? Probably.
17:26 ageorgop my frustration level with it has exceeded using chef which is pretty terrible
17:28 ageorgop call me salty, lol
17:28 iggy you're definitely doing things wrong then
17:28 zsoftich2 colegatron: cant you do module.wait for service.force_reload
17:28 ageorgop i guess
17:29 ageorgop it's a total bitch to troubleshoot
17:29 iggy but hey, I'm all about pragmatism... if chef works better for you, use it
17:30 zmalone http://i.imgur.com/B5BSVqH.png
17:31 ageorgop chef didn't work
17:31 ageorgop that was a nightmare as well
17:31 ageorgop i like hte idea of salt better as it has less moving pieces
17:31 colegatron zmalone, :D:D:D do you use another thing?
17:31 ageorgop but jinga syntax is terrible for a configuration management tool.
17:31 zmalone I've found that using https://github.com/saltstack/salt/issues as the second set of docs makes salt much easier, it gives you an idea of when things have been broken for a long time, and you should just shell out and cmd.run.
17:31 colegatron zsoftich, service.force_reload. that exists?
17:32 dthom91 joined #salt
17:32 zsoftich2 for debian based services
17:32 zmalone It's still filthy to be shelling out when there are built ins, just because the built in modules are broken, but you do what you need to do.
17:32 ageorgop i've come to realize all config management tools just suck at some level
17:32 zmalone the issue tracker is also helpful for finding the weird jinja-isms
17:33 zmalone ageorgop: alt.sysadmin.recovery may be the place for you
17:33 ageorgop yup
17:33 ageorgop i've used them all and they all have pluses and minuses
17:33 colegatron ageorgop, that is applicable to any subject on life. I hate computers, but the feed my family while I sit on my desktop
17:33 ageorgop yup
17:33 tawm04 ageorgop: jinja to write yaml seams like a weakness of salt :(
17:33 ageorgop yeah that is my biggest grip
17:33 colegatron tawm04, +1
17:34 geekatcmu zmalone: Since I use pyobjects, I find that I can mostly just use the normal Python built-ins to work around issues.
17:34 ageorgop if the syntax was different I think this would be way better
17:34 zmalone and then the double interpretation of the resulting yaml smashing things into different values that you don't expect
17:34 tawm04 but comming from puppet, erb is just about as bad
17:34 ageorgop chef has erb as well
17:34 zsoftich2 colegatron: https://github.com/saltstack/salt/blob/develop/salt/modules/debian_service.py#L203
17:34 ageorgop but chef is more ruby which is nice to write
17:34 geekatcmu And, really, if you have Jinja, don't use it.  There more than one DSL available for salt.
17:35 geekatcmu s/have/hate/
17:35 ageorgop yeah i understood
17:35 tawm04 what really annoyed me about erb was the debian command 'erb' was really different from the erb templating in puppet
17:35 ageorgop how do you swap the dsl out?
17:35 geekatcmu shebang
17:35 ageorgop we rolled our own stuff for chef so it would be consistent across OSes
17:35 zsoftich2 ageorgop: https://docs.saltstack.com/en/latest/ref/renderers/
17:36 ageorgop because ruby is the freaking wild west
17:36 geekatcmu For example, I use "#!jinaj|pyobjects" at the top of all mine
17:36 geekatcmu That lets me use Jinja to pull in the Jinja-based maps, and then pyobjects for my actual work.
17:36 ageorgop geekatcmu: thanks, ill have to read up
17:37 geekatcmu Now all my stuff looks like ... Python.
17:37 zsoftich2 geekatcmu: I am seriously considering making the swtich
17:37 geekatcmu WHich for some people is a problem, but for me that's a ++++ thing
17:37 iggy I really wish there were more people using !jinja+yaml
17:38 ageorgop when we dumped chef at my last place we went with a combo of cfengine3 and ansible and I really liked that
17:38 geekatcmu Here is a non-trivial example of jinja|pyobjects:  https://gist.github.com/BrianGallew/387289884e48f1f0b670
17:38 iggy but right now it's hard to suggest to people that A. don't already have a good understanding of salt B. don't know python well or C. aren't working on a project that was already started as !jinja+yaml
17:39 geekatcmu ... don't try to use the firewall states in your own code unless you've, you know, written it.
17:39 tawm04 ageorgop: cfe3 was my first mangement tool and i could not grawk it to do anything other than super simple stuff
17:40 ageorgop which version?
17:40 traph how do you target specific hosts for salt['pillar.get']()?
17:40 ageorgop cf3 3.6/3.7 is much different
17:40 geekatcmu heh, we are moving from cf2 to salt.  salt is *so* much better.
17:41 tawm04 ageorgop: i think i left there when we were working on upgradeing to 3.5
17:41 stevednd joined #salt
17:41 geekatcmu Even with it's warts, it's hands-down better.
17:41 ageorgop cf2 is awful.  ansible was used as the orchestration of applications and cf3 for low level services
17:42 ageorgop 3.6 and 3.7 are totally different as you have proper data structures
17:42 ageorgop 3.5 was tough
17:42 geekatcmu cf2 is not awful.  It's just not got much support for orchestration and no one ever wants to write the plugins/extensions for it to make it more useful.
17:42 tawm04 ageorgop: i am also much better at computers now than 2 years ago
17:42 zsoftich2 traph: that runs in the context of the minion...so the current minion being run on
17:42 geekatcmu We've been managain about 25k hosts with cf2.
17:43 ageorgop well i cut my teeth on cf2 a long time ago and it did the job but it's very limited nowadays
17:43 geekatcmu yes
17:43 geekatcmu that it is.
17:43 eseyman left #salt
17:43 ageorgop i used cf2 for thousands of servers as well
17:43 ageorgop i looked like a magician when i deployed a datacenter by myself, lol
17:43 bash1235123 joined #salt
17:43 geekatcmu 8)
17:44 traph zsoftich2, I'm trying to get a list of minions in pillars
17:44 bash1235123 what happens if I run multiple commands on salt master targeting different minions ?
17:44 bash1235123 nothing interfering with each other right ? :)
17:45 anmolb joined #salt
17:45 iggy bash1235123: everything should be async and run in order and then return output to the master
17:45 bash1235123 iggy : thanks
17:46 zsoftich2 traph: you might have to use the salt mine, but iirc it doesn't work correctly in the pillar
17:47 zsoftich2 what do oyou need a list of minions in the pillar for?
17:47 traph because of settings passed to a jinja template for a conf file
17:48 zsoftich2 https://docs.saltstack.com/en/latest/topics/mine/
17:48 zsoftich2 that might work then look at the example
17:49 zsoftich2 state files and config templates work with the salt mine from my experience
17:50 whytewolf zsoftich2: there is a new work around for getting mine data in pillar/orch/runners. use the mine runner. [works in 2015.5.6+ and 2015.8.1+] salt['saltutil.runner']('mine.get', tgt='host_glob', fun='network.ip_addrs') as per https://github.com/saltstack/salt/issues/11509#issuecomment-138980156
17:50 whytewolf still not multimaster usable yet though :(
17:50 traph zsoftich2, looks awesome. thanks
17:51 zsoftich2 whytewolf: good to know.
17:54 prem joined #salt
17:55 rm_jorge joined #salt
17:57 DanyC_ joined #salt
17:57 tawm04 aphor: I think where I'm lost is does anything call this block of code? https://github.com/saltstack/salt/blob/develop/salt/minion.py#L2435-L2446
17:57 jmickle joined #salt
17:57 tanta_g joined #salt
17:57 jmickle how do you reference grains.items ipv4 in a state file
17:57 jmickle it is returning 127.0.0.1 and the ipv4
17:57 jmickle i just want the ipv4
17:57 jmickle for a template sorry not state file
17:58 clintberry joined #salt
17:58 tawm04 jmickle: if not '127.0.0.1' ?
17:58 tawm04 for ip in ips:
17:59 tawm04 if not '127.0.0.1':
17:59 jmickle isnt there a way to just plugin {{ grain.ipv4 }}
17:59 jmickle kind of sucky i have to loop through and grab out
17:59 jmickle it should just be an array right
17:59 jmickle can i just [0] it
17:59 tawm04 it might return them unordered
17:59 jmickle {{ grains['fqdn_ip4'][0] }}
17:59 jmickle argh
17:59 druonysus joined #salt
17:59 druonysus joined #salt
17:59 jmickle is there a grain to just get the single address?
18:00 tawm04 if you have consistent interface names probably
18:00 jmickle argh
18:00 jmickle so much more complicated than it needs to be lol
18:00 dthom91 joined #salt
18:00 tawm04 are there network interface grains? sorry i'm still super new with salt just thinking of edge cases that would ruin your day
18:00 tawm04 yup computers are jerks
18:01 jmickle oh no i know
18:01 jmickle i appreciate it
18:01 jmickle just seems like salt is like pulling teeth :-P
18:01 ageorgop i wrote a custome grain at one point to return that one address
18:01 iggy jmickle: {{ salt['network.ip_addrs'](cidr='10.0.0.0/8') }} ?
18:02 iggy or whatever cidr you need
18:02 jmickle ah
18:02 tawm04 iggy: is there a way to do the reverse?
18:02 jmickle ty iggy
18:02 tawm04 like not_cidr="127.0.0.0/8"?
18:02 tawm04 or whatever the localhost cidr is
18:02 iggy tawm04: you mean like cidr="!127.0.0.0/32" or something?
18:02 forrest joined #salt
18:02 iggy yeah, not that I know of
18:03 tawm04 yeah
18:03 jmickle iggy always bails me out :-)
18:03 iggy oh
18:03 jmickle i owe iggy like 200 beers
18:03 iggy {{ salt['network.ip_addrs'](include_loopback=False) }}
18:03 iggy which is actually the default
18:03 iggy so...
18:04 tawm04 side note: 127.0.0.0/8 is the cidr for localhost
18:05 iggy whatevs!
18:05 * iggy wanders off
18:05 jmickle hahaha
18:06 tawm04 iggy: sorry, that was me answering my own question of what is the localhost cidr
18:07 tawm04 my statement came off wrong
18:08 scoates joined #salt
18:11 iggy nah, I was just messing around ;)
18:11 iggy <-- resident asshole
18:11 iggy along with murrdoc
18:11 murrdoc yup
18:12 iggy funny that we both work for the same company now... just imagine our meetings
18:12 whytewolf I try not to imagine your meetings. would remind me of my last job
18:12 zsoftich2 I've always been told to be concerned about meetings where everyone is always agreeable
18:12 whytewolf except actually correct info being passed around
18:14 Akhter joined #salt
18:14 tawm04 aphor: looks like `vagrant provision` screwed my by overwriting my minion config
18:14 tawm04 nuking my range_server: server.com:80 line
18:16 dyasny joined #salt
18:16 aphor tawm04: are you using salt-cloud?
18:17 tawm04 aphor: negative
18:17 tawm04 we have a pile of perl scripts that i'm redoing in salt
18:17 aphor tawm04: I don't think salt-cloud has embraced cloud-init, but you can use a custom script for bootstrap.
18:18 tawm04 my goals for the moment is get my cloud init down to "how do I get salt on this host?"
18:19 tawm04 and be able to use range info in salt
18:19 aphor look at salt-cloud
18:19 tawm04 aphor: is there a way i can buy you a beer or something?
18:20 forrest tawm04, This reminds me that I need to add a 'buy me a beer' button to my site, since I am owed about 15 beers at this point.
18:22 slav0nic joined #salt
18:22 bastiandg joined #salt
18:22 aphor if I worked for beer I would be intolerably fat and drunk all the time.
18:23 aphor (or making other people with access to my fridge that way)
18:23 bastiandg joined #salt
18:24 aw110f joined #salt
18:27 aw110f_ joined #salt
18:29 keimlink joined #salt
18:30 szhem joined #salt
18:31 aphor tawm04: I apologize. I must have been dreaming: I thought there were some local VM drivers.
18:32 tawm04 aphor: well if you make it out to mountain view, ca I'm happy to buy you a cup or coffee or a pint
18:32 aphor tawm04: I guess the VMWare and Parallels drivers count.
18:33 tawm04 i'm way too cheap to buy a local vm solution
18:33 tawm04 virtualbox is my friend
18:33 aphor tawm04: the next time Google flies me out for an interview.
18:33 iggy there's saltify
18:33 tawm04 aphor: haha
18:33 ajw0100 joined #salt
18:34 clintberry joined #salt
18:35 clintberry joined #salt
18:35 aphor tawm04: salt-cloud really needs a VirtualBox driver...
18:36 iggy there's a vagrant salt provisioner
18:39 quix joined #salt
18:39 forrest aphor, https://github.com/gravyboat/demo-app-1
18:39 aphor iggy: https://github.com/saltstack/salt/tree/develop/salt/cloud/clouds <-- not here ;)
18:40 forrest aphor, Yeah it's not considered a cloud driver.
18:40 iggy it's part of vagrant
18:40 forrest exactly
18:40 forrest The repo I just linked has an example vagrantfile you can use though
18:40 morissette joined #salt
18:41 elsmo joined #salt
18:41 aphor I'd probably just vagrant up and saltify.
18:44 Heartsbane is there a infographic with who uses Saltstack, I have been asked to do a presentation on Monday
18:45 Heartsbane I know there used to be one, but I can't seem to find it
18:47 forrest Heartsbane, There's this talk someone did: http://www.slideshare.net/araratpoghosyan/vagrant-saltstack-django-ararat-poghosyan-dm10
18:47 forrest not sure how accurate that is any longer.
18:47 Heartsbane forrest: thanks
18:47 forrest Heartsbane, Yeah it's a few slides in
18:48 forrest Heartsbane, I thought you already made this argument
18:48 forrest Heartsbane, MONTHS ago
18:48 aphor screenshot or live demo the saltstack.com page "Our Customers" section
18:48 Heartsbane forrest: <sarcasm> Oh I did </sarcasm>
18:49 Heartsbane forrest: I will tell you all about it at salfconf
18:49 forrest aparsons, Good point, Heartsbane if you scroll down on the main saltstack.com page you can see who is using it.
18:49 forrest Heartsbane, If my talk gets accepted. Otherwise I might not be able to afford it unless my future employer is willing to pay for it.
18:49 Heartsbane or in a couple hours
18:49 aphor those are just commercial customers
18:50 forrest aphor, Yeah that's why I linked the other slides. I don't know if there is a list of open source customers
18:50 aphor You'll need to make a stacked chart of RPM/DEB package downloads, GitHub clones/downloads, pip installs.
18:51 forrest aphor, Heartsbane will probably be told to present this in 2 hours even though they said Monday, pretty sure that's what happened last time
18:51 forrest unless that was someone else..
18:53 PeterO joined #salt
18:53 breakingmatter joined #salt
18:54 aphor https://www.google.com/trends/explore#q=Puppet%2C%20Salt%2C%20Chef&amp;cmpt=q&amp;tz=Etc%2FGMT%2B5 <-- *funny*
18:55 edulix joined #salt
18:56 whytewolf sadly those numbers wouldn't mean much since, all three can be something other then software. and salt and chefs being the more likely looked for.
18:57 aphor whytewolf: that's why it should be used as a joke
18:57 Akhter joined #salt
18:58 whytewolf although i want to know what happened in aug of 2010 for salt. cause DMAN
18:58 Sketch i would have expected march 2011
18:58 aphor SaltConf probably...
18:58 Heartsbane forrest: No joke
18:59 geekatcmu salt domes leaking toxic/nuclear waste?
18:59 forrest aphor, I wish that search trend correlated with jobs. Everyone seems to be using Chef.
18:59 forrest aphor, Saltconf only started in 2014.
19:00 whytewolf ahh, salt is the name of a movie that was released aug of 2010
19:00 Sketch geekatcmu: there were some claims that salt would help prevent radiation poisining, and it was in short supply in some places as a result after fukushima
19:00 geekatcmu Oh, yeah, I forgot about that.
19:00 geekatcmu I've even watched the movie.
19:00 aphor forrest: Chef is made of Ruby. Ruby is where are the perl hacks went.
19:01 geekatcmu ^^ is my primary beef with Ruby
19:01 forrest aphor, Yeah I've seen some of the chef code they write where they just cram ruby in.
19:01 hacks hacks?
19:01 Sketch no wonder most of the ruby code i've seen is so ugly
19:01 aphor Well... it kinds has a DSL, but you don't HAVE to use it... you're not even ENCOURAGED to use it.
19:01 forrest aphor, It is seriously shocking how hard it is to find a job using salt though.
19:02 forrest even python shops using chef aren't willing to switch (which I've asked about in interviews), insane to me.
19:02 aphor forrest: that's because when you master salt, you get on with making real shit happen.
19:02 forrest lol
19:03 notnotpeter joined #salt
19:03 beardedeagle We moved away from chef to puppet
19:03 anmolb joined #salt
19:03 jfindlay Heartsbane: not what you were asking for, but there is this: https://saltstack.com/blog/
19:03 whytewolf I would love to find a job where i get to use salt again.
19:03 aphor Oh. Chef causes so much brainache that people are mortified by the thought of scaling another CM tool learning curve.
19:03 beardedeagle And now I am rewriting the entire core provisioning platform in salt.
19:03 jfindlay whytewolf: apply to saltstack? :-)
19:03 forrest beardedeagle, I'm so so sorry
19:03 forrest beardedeagle, My hatred of puppet is why I started working on salt.
19:03 whytewolf jfindlay: don't want to move out of vegas :P I'm too picky
19:03 jfindlay whytewolf: we have remote engineers
19:04 jfindlay Vegas isn't that far, you could commute to Lehi :)
19:04 beardedeagle What is really great is people here were trying to use puppet as a package manager. I mean, yeah you can install and specify package versions
19:04 beardedeagle but just...don't. please.
19:04 forrest jfindlay, last time I asked I was told no remote ;)
19:04 * jfindlay rides FrontRunner every day from SLC
19:05 jfindlay forrest: I think the management is more open to that than they used to be
19:05 aphor forrest: hiring remote and letting an engineer work remote are two different controversies
19:05 forrest beardedeagle, I gave up on Puppet after I had to rewrite our entire stack TWICE within 6 months because of puppet changes.
19:05 beardedeagle They tried to get me to use puppet AND salt. No thanks.
19:05 forrest aphor, Yeah, my last job was remote, after that I pretty much only look for remote gigs. I live in Seattle so commuting downtown is a bummer, 600+ hours to commute down there.
19:06 aphor Puppet is infamous as being "enhanced job security" for sysadmins.
19:06 forrest beardedeagle, Use salt to run puppet till you rewrite all the puppet in salt.
19:06 jfindlay forrest: what is your opinion of salt backwards compatibility and deprecation schemes?
19:06 whytewolf I gave up on puppet on my home setup after a decently running setup started eating keys with out any interaction on my part
19:06 forrest jfindlay, In regards to state structure?
19:06 beardedeagle @forest yeah I have a hook to run each teams puppet manifests in post
19:06 forrest beardedeagle, Good plan.
19:07 jfindlay forrest: generally wondering what your experience is with salt feature stability
19:07 aphor jfindlay: i had to write deprecations for a pull request last week, and I think it's quite reasonable from both sides.
19:07 beardedeagle Makes it so A) I don't have to use puppet. B) I don't have to support there manifests. D) Any change they push with puppet, they own. Not my problem if they break there apps.
19:07 jmreicha_ joined #salt
19:08 forrest jfindlay, It's gotten better. The notice a release or two ahead of time (instead of just a single release) is helpful. I'd like more details when a deprecated state is encountered in terms of saying how a user should modify their states (links to docs etc.) but I don't really have a problem with it.
19:08 jfindlay I *think* it's something we do well, but everyone has a different experience :)
19:09 forrest jfindlay, Since the state structure itself doesn't change it's much better than other options.
19:09 jfindlay yeah, that is nice
19:09 forrest changing runas to user or whatever is pretty easy and it's on every state run, so it's easy to notice.
19:09 forrest The biggest deprecation issue I've encountered that was problematic is with jinja
19:09 ajw0100 joined #salt
19:10 forrest we've had issues with some of the formulas where someone added a feature that only exists in a more recently jinja release, breaking backwards compat, so that's annoying.
19:10 jackjackdripper joined #salt
19:10 forrest But I can't really blame anyone for that as it's usually just a deps issue.
19:10 forrest or they aren't willing/can't upgrade.
19:11 jfindlay yes, dependencies are like swords
19:11 jfindlay with two edges
19:11 jfindlay at least
19:11 forrest So yeah, overall I think it's pretty good. I haven't had a gig yet where I've had to rewrite everything so that makes it infinitely better than my puppet experience.
19:13 dthom91 joined #salt
19:13 dyasny joined #salt
19:14 Heartsbane jfindlay: awesome
19:15 forrest jfindlay, That reminds me I need to create an issue for the salt-cloud docs. External providers aren't keeping their docs up to date so new features aren't getting included :(
19:16 forrest The comments inside the .py files (such as digital ocean) aren't getting pulled in I noticed last week.
19:17 sdm24 hey forrest: I was looking over my added section for https://docs.saltstack.com/en/latest/topics/targeting/nodegroups.html#using-nodegroups-in-sls-files, and it seems I incorrectly tried to link "pillar_opts"  in the first line. Do you (or anyone) know how to fix that? I just copied my version from the previous mention above it
19:18 forrest can you link the actual line in the code that's problematic sdm24?
19:18 forrest If you have it pulled
19:18 sdm24 yeah hold on
19:18 jfindlay rst links always confuse me
19:18 forrest I see what you mean though, we'll have to try and find an example, I can't remember what the structure looks like for cross linking that way
19:19 forrest jfindlay, It's usually okay, it's when you link between stuff like sdm24 is trying to do that I usually get caught on.
19:19 sdm24 line 74
19:20 bVectr trying to remember, if I have a folder under file_roots 'consul' with an init.sls and a client.sls and specify to run state consul.client, does it run both init and client?
19:20 bVectr er, I guess I should specify highstate
19:21 sdm24 forrest, jfindlay: compare it to line 10, which is correctly linked in the .html page
19:21 forrest sdm24, I see the issue
19:21 forrest it should look like :conf_master:`user`
19:21 forrest with backticks
19:21 sdm24 oh I think I maybe got it. its supposed to be
19:21 sdm24 yeah
19:21 PeterO left #salt
19:22 forrest sdm24, I see what you did here, trying to bump your PR count, it's okay, you can admit it ;)
19:22 sdm24 haha
19:23 sdm24 half way to that shrit
19:23 sdm24 shirt*
19:23 forrest Better step it up, I think today/tomorrow are the last day :)
19:23 forrest Just find some easy doc updates.
19:23 sdm24 can I change my commit, or do I need to make a new issue/pull?
19:23 pullphinger joined #salt
19:24 forrest sdm24, New issue.
19:24 mansquib joined #salt
19:24 sdm24 ok
19:25 Akhter joined #salt
19:28 sdm24 is it ok if I use my old fork, or should I refork?
19:28 forrest sdm24, Totally up to you. As long as it's up to date with the latest fetch it shouldn't matter :)
19:28 sdm24 Cool Thanks
19:29 ViciousLove joined #salt
19:30 meye1677 joined #salt
19:30 Phtes anyways to view what the current "salt://" path is
19:31 forrest Phtes, It's set in the master/minion conf.
19:32 forrest Phtes, https://docs.saltstack.com/en/latest/ref/configuration/master.html#file-roots
19:32 Phtes hmm thats what i thought
19:32 Phtes ah
19:32 Phtes found my problem ty
19:34 bougie2 does returners send cmd.run stdout output in real time to "what I want" ?
19:35 DanyC joined #salt
19:35 Ahlee cmd.run will return on cmd.run completion
19:35 Ahlee it will not stream to the best of my knowledge
19:35 zmalone Can someone check a file's permissions for me?
19:36 zmalone I want to know what the default /var/cache/salt/minion/highstate.cache.p  perms are, before I dig in more
19:36 whytewolf zmalone: 644
19:37 Ahlee same
19:37 zmalone that's a security risk
19:37 nikogonzo :'(
19:37 edulix joined #salt
19:37 zmalone if you use password hashes for the user
19:37 zmalone $ strings /var/cache/salt/minion/highstate.cache.p
19:37 whytewolf humm, I don't get pillar data in there.
19:37 Ahlee i also don't have pillar values in there, only states
19:38 Fiber^ joined #salt
19:38 forrest sdm24, here's a few more easy issues you could crank out if you want: https://github.com/saltstack/salt/issues/26011, https://github.com/saltstack/salt/issues/24775, https://github.com/saltstack/salt/issues/23683
19:38 bougie2 Ahlee: and cmd.run (and others module) can't stream more regulary ?
19:39 hal58th Does anyone know off hand how Salt colorizes the output of salt highstate? Do they use bash color codes or the tput command or other?
19:40 hal58th Just found the answer as soon as I looked. Looks like python libraries.
19:44 jeffpatton1971 joined #salt
19:45 dthom91 joined #salt
19:45 Destreyf joined #salt
19:47 fiatjaf joined #salt
19:47 ldelossa joined #salt
19:47 ldelossa Hey guys, does anyone have an example of using git as a backend file server
19:47 ldelossa I think I have it setup right, however I'm not sure how to reference the files
19:47 ldelossa I want to bring down an entire repo to /opt/ directory
19:48 dthom911 joined #salt
19:48 ldelossa Is it just consdered a "root" to technically all I would need to do is salt://repo/*
19:48 ldelossa something like that
19:48 Cidan is it possible to remove the source_hash requirement for file.managed when using an http source?
19:49 Cidan rather -- can we remove that requirement?
19:49 Destreyf I was wondering if anyone had a sample config of a working active directory connection that allows anyone in the directory to run salt commands.  Here's my current config: http://pastie.org/private/a6eezghtboisdnmok7kyg
19:49 Cidan I don't think it should be up to salt to force that level of safety on me
19:49 zmalone https://github.com/saltstack/salt/issues/28455
19:49 zmalone I opened up an issue for it
19:51 forrest Cidan, Did you already try to just remove it to see if it works?
19:51 Cidan nope, fails about not having a hash
19:52 forrest Cidan, That's lame, looks like someone already created an issue: https://github.com/saltstack/salt/issues/26513
19:53 iggy anybody ever hacked on salt-cloud? I'm having an issue with a new cloud driver that hangs when trying to do the bootstrap step
19:53 Cidan that's for file, not http, i'll make an issue
19:55 forrest Cidan, You might just be able to update the content there, I just looked at the code in the module and it seems to be the same process either way.
19:55 forrest unless I am missing it somewhere.
19:55 forrest Cidan, Or at least when you create the issue please link it.
19:56 Cidan i shall
19:57 forrest Cidan, Thanks!
19:57 ldelossa I'm not sure I need to use git as a fileserber backend. all I'm trying to do is clone a repo from out stash server
19:57 ldelossa onto a minion
19:58 forrest ldelossa, Are you just trying to clone it into a directory?
19:58 ldelossa Yeah I have a repo on stash for a fork of haraka
19:58 ldelossa trying to just clone this down to /opt/haraka on a minion
19:58 forrest ldelossa, https://docs.saltstack.com/en/latest/ref/states/all/salt.states.git.html#salt.states.git.latest
19:58 ldelossa I see this, but how does it handle ssh authentication?
19:59 forrest ldelossa, Oh you have it as a private repo?
19:59 ldelossa yes sir
19:59 ldelossa internal stash server
19:59 keimlink joined #salt
19:59 ldelossa I have a service account with keys
19:59 ldelossa keys are on my master right now in /root/.ssh/
19:59 forrest ldelossa, You'd have to add the ssh key to the user you're running the git checkout as.
19:59 seweryn joined #salt
19:59 ldelossa okay so just have the keys local in .ssh/
20:00 forrest ldelossa, Yep should work. Here's an example of something I wrote up, just no ssh key associated with this one: https://github.com/gravyboat/hungryadmin-sls/blob/master/salt/hungryadmin/app.sls#L36
20:00 forrest obviously change the name to the ssh clone value
20:00 ldelossa do I need ssh-add
20:00 ldelossa so I'm not prompted for password at check out
20:00 ldelossa okay let me try this
20:00 zmalone basepi etc.: https://github.com/saltstack/salt/issues/28455 probably should be tagged as a pretty high priority ticket.  Sorry to notify you about an open-source issue, but that one is bad.
20:01 forrest ldelossa, I don't THINK so, you can use https://docs.saltstack.com/en/latest/ref/states/all/salt.states.ssh_auth.html if you need to add an ssh key.
20:01 zmalone I'm fixing it on my end by having my states make the cache file not be world readable
20:01 forrest zmalone, Let's get jfindlay involved for that
20:01 ldelossa oh wow I just realized
20:01 basepi zmalone: thanks for the heads up
20:02 ldelossa the MINION is going to be doing the clone isn't it
20:02 ldelossa not the master
20:02 ldelossa so I need that git user's key on my minions
20:05 forrest ldelossa, Right.
20:05 seweryn joined #salt
20:05 ldelossa Alright, so update
20:05 ldelossa update pillar to include an authorized key for stash_service user
20:06 ldelossa then run the git clone comdule latest
20:06 ldelossa cool
20:06 ldelossa well, I'm about to head out for the day haha so I'll test this monday. Thanks forrest you've repeatably been a big help.
20:07 forrest ldelossa, Yeah NP! Have a great weekend.
20:08 Destreyf So i can't even get PAM authentication running...
20:09 forrest zmalone, basepi  It looks like the call_highstate function was modified: https://github.com/saltstack/salt/blob/develop/salt/state.py#L3161 versus https://github.com/saltstack/salt/pull/9063/files#diff-e5cf22153489a6c40864babf3ca18002R2410
20:11 ajw0100 joined #salt
20:11 pravka joined #salt
20:11 zmalone "commit 014e34b3157f3112c2ef2f2c5a786949f23d64ba
20:11 zmalone Author: Thomas S Hatch <thatch45@gmail.com>
20:11 zmalone Date:   Fri Nov 7 13:08:05 2014 -0700
20:11 zmalone Python 3 erize the state compiler"
20:11 zmalone was when it snuck in
20:11 basepi Nope
20:12 basepi If you look at the commit he was just changing it to octal
20:12 zmalone ah
20:12 basepi Have to go further back. This is the one: https://github.com/saltstack/salt/commit/054964058999b5c603940155ba4d8e4ab79cc51f
20:12 murrdoc we must go deeper
20:12 dthom911 joined #salt
20:13 murrdoc basepi:  HI
20:13 basepi wait
20:13 basepi 077 umask is correct
20:13 basepi umask is opposite of the permissions
20:14 basepi It's inverted. That umask should only allow for 700 permissions
20:14 basepi (or 600 or 400 of course)
20:15 aphor left #salt
20:15 basepi zmalone: forrest ^
20:16 forrest basepi, Yep I saw.
20:16 zmalone Sorry, fixing my own environment right now.
20:18 iggy ugh... someone shoot me, only way I could find to get the vultr cloud driver to work was to put a 180sec sleep in there
20:19 forrest iggy, What??
20:19 forrest I haven't tested vultr out at all
20:19 iggy it's kind of a conflict between the way salt-cloud works and the way vultr works
20:20 basepi Pretty sure cro wrote that, you might pass along your findings to him
20:20 iggy going to try a different way, but I'm not super hopeful
20:20 iggy basepi: I've done so on a few things
20:20 iggy I also added support for a lot more options that his original pass didn't have
20:20 basepi Anyway, we're testing this highstate cache thing in slack right now. I can reproduce, cachedout can't
20:22 zmalone Reproduce the perms, or reproduce the contents?
20:22 pcn So, I have a pillar that includes a few other pillars to create the targeted pillar data that I want.
20:23 pcn if I put my java pillar first (has version, etc.) in the inclusion, then boom, I get all of the items in my list of alternatives 2x.
20:24 pcn If I make it the second include, then everything is normal
20:24 pcn There are no jinja interpolations in either the first or second includes
20:25 basepi zmalone: perms
20:25 pcn All that the second include does is define a dict:dict:list {raid:{packages:[list of package names]}}
20:26 pcn I'm starting out by asking whether anyone else has seen anything inexplicable like this with 2015.8.1?
20:26 thalleralexander joined #salt
20:26 * pcn is having a head exploding time with this
20:26 forrest pcn, I haven't, might be worth looking through the issues though.
20:27 larsfronius joined #salt
20:27 basepi Interestingly, the permissions seem to be correct when you run with highstate, but incorrect with state.sls
20:27 basepi At least in our initial testing
20:28 giantlock joined #salt
20:28 evidence just to confirm, a commit made into develop that was then backported to 2015.5 will get rolled up into 2015.8 during the next merge forward?  https://github.com/saltstack/salt/pull/28381
20:29 evidence just want to be sure i didn't need to open a PR against 2015.8 for that simple fix
20:30 zmalone basepi: That is odd.
20:30 basepi Slightly different code paths. cachedout thinks he sees the problem, is testing now
20:31 mehakkahlon joined #salt
20:32 colegatron joined #salt
20:33 pcn This looks very data-specific
20:34 pcn If I put the same pillar data into silly_java/init.sls and silly_raid/init.sls, and include them from silly_role/init.sls, I don't get the same results.
20:35 mrwboilers left #salt
20:37 murkey joined #salt
20:38 subsignal joined #salt
20:38 NotBobDole joined #salt
20:38 murkey can someone point me in the right direction? trying to deploy several services on different remote boxes
20:39 murkey one of the services needs to be up and running before the others can run properly
20:39 murkey what's the best practice for handling that situation? it's not the easiest thing to search for :)
20:39 whytewolf murkey: https://docs.saltstack.com/en/latest/topics/tutorials/states_pt5.html
20:39 NotBobDole Hi all. My salt minion just timed out. Isn't there a command I can run manually to find the status of an already running salt command?
20:39 murkey thanks whytewolf, i'll check it out
20:41 whytewolf NotBobDole: this might help find job info https://docs.saltstack.com/en/develop/topics/jobs/index.html
20:41 NotBobDole whytewolf: Thanks :)
20:44 murkey cool. orchestrate definitely looks like the way to go long-term
20:44 murkey in the meantime, it'd be sweet if there was a way to just have a state wait on a remote service being available
20:44 Gi0 joined #salt
20:44 whytewolf murkey: actualy I like a mixture of orch and highstate. I use orch to put the piece in place. but I use highstate in a schedule to maintain.
20:44 beardedeagle left #salt
20:45 whytewolf murkey: if it is on the same system you can jsut use requisites https://docs.saltstack.com/en/latest/ref/states/requisites.html
20:46 whytewolf but once you cross the system devide orch pretty much is the only answer
20:47 murkey whytewolf: requisite is what i'm doing now, but trying to make the pieces independent so i can move them around
20:47 murkey ok that makes sense. thank you!
20:49 NotBobDole salt '*' state.highstate returns:
20:49 NotBobDole mongo-01:
20:49 NotBobDole Minion did not return. [No response]
20:49 NotBobDole but running systemctl start mongod on the minion works. fine.
20:49 NotBobDole Systemctl status mongod (from after running the highstate) returns:
20:49 NotBobDole Active: failed (Result: timeout)
20:52 NotBobDole -t 60 worked
20:52 NotBobDole weird
20:54 mansquib joined #salt
20:55 wendall911 joined #salt
20:56 sdm24 NotBobDole: the highstate is taking longer to run than Salt's timeout setting. -t extends that time, so the highstate runs in less than 60 seconds
20:57 murkey does cmd.wait fail if the state it's watching never runs?
20:58 forrest sdm24, Nice, getting in those commits. You made sure to sign up right?
20:59 whytewolf murkey: it just doens't run.
20:59 NotBobDole sdm24: So when the highstate times out, salt kills the task of starting the process?
21:00 sdm24 forrest: yep, thanks for all the help and pointing the hacktoberfest thing out. Do you know if it matters if the pull requests are merged, or just opened?
21:00 murkey makes sense. thanks again. think that's all y my questions for now! :)
21:00 murkey -y
21:00 SoggyDingus joined #salt
21:00 basepi zmalone: tracked it down. It appears to only be broken in state.sls, but we're going to audit the whole file, likely. We'd really like to know if you can reproduce with highstate, or just state.sls. cachedout is going to reply to the issue itself
21:01 Cidan NotBobDole -- is this state super huge/big?
21:01 Cidan that's a really long time
21:01 forrest sdm24, Just opened according to their docs :)
21:01 cberndt joined #salt
21:01 zmalone Thanks, I'm not sure, because my environment doesn't have highstates set up in any kind of sane way, and we're just cherry picking state.sls commands.
21:01 sdm24 NotBobDole: if the highstate times out, I believe Salt will still wait until the job returned before doing anything else. you can run "salt-run jobs.active" to see the active jobs
21:01 NotBobDole Cidan: Not at all. I am running it on docker containers, though.
21:01 Cidan oh
21:01 Cidan there you go
21:02 sdm24 forrest: good, its a cool shirt
21:02 NotBobDole sdm24: I don't think it is, though. On the container, it returns that systemctl timed out.
21:02 sdm24 and you know, helping the whole salt community thing
21:02 basepi zmalone: we're probably going to just wait and release 2015.8.2 mid-November as previously planned if that's OK with you. It probably warrants a CVE but is not super critical.
21:02 forrest sdm24, Yeah I thought it was pretty good as well! I wouldn't have mentioned it otherwise honestly.
21:02 basepi And we will also release a 2015.5.7
21:02 sdm24 NotBobDole: can you run "salt-call state.highstate" on the local machine? does it run successfully?
21:03 NotBobDole sdm24: I just killed my containers and I'm running it all again from scratch to see if it needs the timeout is why.
21:03 NotBobDole Running it locally works.
21:03 quix joined #salt
21:03 Cidan NotBobDole ymmv on dockers -- I run salt in dockers here during setup, but it is -slow-
21:04 sdm24 Also, dunno with mongodb or what your highstate is doing, but with Mariadb, theres a strange issue where if you use debconf to set users/passwords, and then pkg.install, the first time the state runs it will hang and stall, because it is waiting for user input to continue the installation. You have to manually kill the job and rerun the state, and it all works fine
21:04 forrest sdm24, I just like how it doesn't advertise too much for digitalocean or github, always makes me a bigger fan of shirts when they do that.
21:05 zmalone Thanks
21:05 NotBobDole Cidan: It does timeout on other tasks, I just didn't expect it to cause the starting of the process to get killed.
21:05 Cidan it probably never gets that far
21:05 sdm24 forrest: definitely
21:05 NotBobDole Which is what it seems to do on a timeout. Since systemctl reports "timeout"
21:05 zmalone I'm covered in my environment for now by adding a file.managed for the cache file, but it is significant vulnerability that could haunt people for a while.
21:05 whytewolf sdm24: what input is mariaDB looking for that debconf isn't inputing? I know my mysql install doens't have that issue
21:05 NotBobDole Cidan: The task gets enabled, on a fresh highstate.
21:06 sdm24 whytewolf: not entirely sure. My coworker wrote that state, so I didn't deal with it
21:06 basepi zmalone: yep, it's not good.
21:06 NotBobDole Wihtout thte timeout. Then going into the machine and runing systemctl status, returns that error timeout
21:06 basepi zmalone: not the end of the world, because only secrets that minion has access to will be cached, but still not good
21:07 whytewolf sdm24: humm. wonder if the debconf stuff is actually getting input. the debconf states are funny in the way they work with needed extra spaces
21:07 shiriru joined #salt
21:07 jfindlay Heartsbane: also https://www.youtube.com/playlist?list=PL9svBjLDUl_8gmIDdmYVGuEfRyETbCWx_
21:07 zmalone Sorry to bring it up here first, I just wanted to make sure it wasn't specific to my environment.
21:07 murrdoc joined #salt
21:07 forrest jfindlay, That reminds me, you guys still need to make Tom's keynote from saltconf public.
21:08 murrdoc yes please
21:08 jfindlay that's not available?
21:08 sdm24 whytewolf: a quick googling didn't find anything earlier, but there is this http://grokbase.com/t/gg/salt-users/149ghgw01n/salt-stack-hangs-on-installing-mariadb-in-ubuntu from a year ago
21:08 forrest jfindlay, Nope, it's still set to 'link only'
21:09 forrest And it's a really good keynote
21:10 andrew_v joined #salt
21:10 sdm24 Will the new 2015.8 work with Debian 7? Theres no docs for it, but I assume its just changing "jessie" to "wheezy" in the commands
21:11 forrest sdm24, lol, it might. I don't know if it will be packaged up for debian 7
21:11 jfindlay sdm24: we haven't explicitly packaged for 7, but it's on the todo list
21:12 jfindlay you could try it
21:12 forrest jfindlay, is joehh no longer packaging for you guys?
21:12 forrest haven't seen him around in a few months
21:12 jfindlay forrest: we've moved debian/ubuntu packaging in house
21:12 xantik joined #salt
21:12 jfindlay I haven't seen him for a while either
21:12 jfindlay I think he's in law school, actually, so I don't blame him
21:12 forrest jfindlay, Ahh nice, that's always good, get it packaged as quickly as possible.
21:13 forrest Oh yeah I don't blame him at all, was nice of him to do that :)
21:13 forrest Just wasn't sure if he was okay/still around.
21:13 forrest jfindlay, If you don't have time to talk to Rhett today about the keynote thing let me know and I'll email him
21:13 jfindlay yeah, I'm hoping he can still help us out on the now semi automated packaging process
21:13 forrest Yeah that would be baller.
21:13 jfindlay forrest: I already asked him
21:13 forrest jfindlay, Awesome!
21:14 GreatSnoopy joined #salt
21:14 forrest jfindlay, You're hosting the debian repo now right?
21:14 jfindlay Rhett says he'll get it released soon
21:14 jfindlay forrest: yes
21:14 forrest jfindlay, Cool! It was already uploaded so it should just be a flick of a switch.
21:14 forrest jfindlay, Are you guys using aptly?
21:14 jfindlay the new location is repo.saltstack.com
21:14 Rumbles joined #salt
21:15 forrest yeah I just couldn't remember if debian was on the same URL as the centos ones since I don't use it often, docs confirmed ;)
21:15 jfindlay forrest: technically, yet :) we're still building up the infrastructure
21:15 forrest jfindlay, okay, iggy and I wrote a formula for aptly (and it's pretty baller) so don't use the regular crappy apt repo stuff.
21:15 forrest aptly is baller that is
21:16 jfindlay David M and Erik are working over the package states right now
21:16 jfindlay I keep telling them we need to release them so that the community can fix all our mistakes
21:17 forrest lol
21:20 scoates joined #salt
21:20 Akhter joined #salt
21:26 subsignal joined #salt
21:32 sdm24 hey jfindlay and forrest: when I try to wget the GPG key, I get errors that "The certificate of 'repo.saltstack.com' is not trusted, and it hasn't got a known issuer
21:32 larsfronius joined #salt
21:33 sdm24 should I just use wget --no-check-certificate?
21:33 forrest sdm24, I haven't done an install on Ubuntu/Debian in over a year so I'm not sure what's up with that :(
21:33 sdm24 forrest: yeah we switched from Debian to Ubuntu like right when I started here, so I have very little debian experience
21:34 forrest It's pretty similar, just the old releases are tough.
21:34 sdm24 and yes, I know they are practically the same thing. But the little differences are always frustrating
21:34 forrest agreed
21:34 forrest especially on a release that old
21:35 forrest just rebuild and upgrade on a Friday, what could go wrong? /s
21:35 sdm24 I just have the highstate only run on 'osfinger:Ubuntu-14.04', didn't want to troubleshoot all of my states for debian
21:35 cwyse joined #salt
21:36 forrest fair enough
21:38 sdm24 and it works for my boss, so everyone is happy. The debian machines were already pushed into production, so they don't need any setup, and anythign we really need to do, we can just "state.sls"
21:38 forrest fair enough
21:39 forrest I'm really not sure what's up with that gpg key though,
21:39 sdm24 yeah not sure. I have ca-certificates installed, and im googling around for other answers
21:42 aparsons hi, i saw you mention me earlier this morning @forrest
21:42 aparsons whats up?
21:42 forrest aparsons, I don't remember, maybe it was on accident?
21:42 forrest I could see myself doing that :(
21:45 David_B55__ joined #salt
21:46 forrest aparsons, Hmm, I don't have my scrollback past noon or so, not sure what it was, sorry.
21:46 aparsons yeah, maybe an accident :)
21:47 forrest Do you have the scrollback for the context?
21:48 sdm24 forrest and jfindlay: update on repo.saltstack and Debian 7. I tried the bootstrap script and it failed. http://repo.saltstack.com wheezy/main 404'ed
21:48 forrest lame
21:48 sdm24 :9
21:48 sdm24 :(
21:50 sdm24 and wget with '--no-check-certificate- downloads the cert, but same 404 error when I apt-get update
21:50 sdm24 oh well
21:53 johnkeates joined #salt
21:54 johnkeates anyone know if or when xml_badgerfish gets merged in als a serialiser?
21:58 pcn Has anyone here used salt-cloud to attach an aws VPC ENI (network interface)?
21:58 johnkeates no, but i am trying to produce XML and xml_badgerfish doesn't seem to be in salt 2015.8.1
22:00 viq joined #salt
22:08 subsignal joined #salt
22:13 heaje joined #salt
22:14 roock joined #salt
22:14 heaje Is there any decent way in my state top.sls file to match on a pillar value that's a list and contains a string (like a list where one of the indexes has "Infrastructure")
22:15 johnkeates i'll tell you if you tell me how to get xml_badgerfish in :p
22:15 heaje johnkeates: heh, not likely I'll be able to considering I have no idea what xml_badgerfish is :)
22:16 johnkeates oh well, for you: https://docs.saltstack.com/en/latest/topics/targeting/compound.html
22:17 heaje johnkeates: Hmm, I understand compound matching, I just have no idea how to match a value within a list
22:17 johnkeates if you are actually looking for grouping nodes: https://docs.saltstack.com/en/latest/topics/targeting/nodegroups.html
22:17 johnkeates if you want to match to a complete list and not a single value, i think you're out of luck
22:17 johnkeates or you'd have to jimmy an external node classifier in the middle
22:19 johnkeates alternative would be jinja in your topfile
22:19 johnkeates but that's not supported as far as I know
22:19 murrdoc make a pillar
22:19 murrdoc in the servers u want in a 'group'
22:19 murrdoc set a pillar value to true
22:20 murrdoc then compound match on pillar
22:20 andi- left #salt
22:20 forrest Does anyone know someone who works at akamai in their CDN division?
22:20 heaje murrdoc: My list of values I'm trying to match on come from an external pillar.  From what I've been able to tell, I can't create a pillar that references values in another pillar.  At least, everytime I've tried I end up getting None for the value
22:22 murrdoc yeah
22:22 murrdoc u cant do that
22:23 johnkeates bagerfish in salt?
22:26 teryx510 joined #salt
22:27 stevednd hey all, we're looking to publish events to be communicated throughout a cluster from an unprivileged application user, but get failures opening /var/log/salt/minion and accessing the minion key. Must the user really be root to stend messages?
22:35 Deevolution1 joined #salt
22:41 hal58th yes stevednd. This is because your user doesn't have permissions to run the salt binary.
22:42 hal58th err, not the binary itself. But yeah it's locked down. Can't remember how exactly
22:43 saintcajetan joined #salt
22:43 saintcajetan left #salt
22:44 hal58th stevednd: Check this out. May be useful https://docs.saltstack.com/en/latest/ref/clientacl.html
22:45 heaje left #salt
22:49 sdm24 hal58th: do you know a way to have non-root users on a minion execute commands on that minions? Example: git runs as a "git" user, and we have a post-receive to salt-call an event to the master to update gitfs when a commit is made. However, this doesn't work because of the same errr
22:49 sdm24 error*
22:50 sdm24 actually on the minion, the error is it can't  open /etc/salt/minion
22:52 hal58th sdm24 If you are using salt-call, then yes you will have to use the client_acl like the link shows. You could also use a rest api or maybe python scripts. I haven't ever had to do it. https://docs.saltstack.com/en/latest/topics/event/index.html
22:53 sdm24 our solution is to have the post-receive script ssh to root@anotherminion and salt-call, so the event runs as root. It adds about 5-10 seconds for each commit though, because of the ssh
22:53 sdm24 maybe 3-5 seconds, but still
22:55 hal58th Yeah that seems a little silly. Why don't you just change sudoers to use nopasswd for the exact command that you want to fire off?
22:55 sdm24 we followed these steps https://docs.saltstack.com/en/latest/topics/tutorials/gitfs.html#refreshing-gitfs-upon-push
22:55 sdm24 hmm didn't think of that, ill look into it
22:56 Deevolution joined #salt
22:58 hal58th tomcat7 ALL=NOPASSWD: "/usr/bin/salt-call event.send *"
22:58 hal58th sdm24: there you go
22:59 sdm24 my man!
22:59 sdm24 thanks hal58th, off now to enjoy halloweekend
22:59 hal58th Editors note, I have not tested that exactly with arguments. sdm24
23:06 dthom911 joined #salt
23:10 dthom91 joined #salt
23:18 fiatjaf left #salt
23:25 cornfeedhobo how does one execute a single statefile? all examples i find use highstate
23:25 whytewolf cornfeedhobo: salt 'minion' state.sls statefile
23:25 eliasp joined #salt
23:26 whytewolf cornfeedhobo: https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.state.html#salt.modules.state.sls
23:27 cornfeedhobo whytewolf: awesome. thank you. you have been super helpful through this learning curve!
23:27 hal58th cornfeedhobo: sudo salt-call sys.doc state to see one module. sudo salt-call sys.doc to see all moedules help
23:27 cornfeedhobo ooo good to know
23:27 cornfeedhobo thanks
23:27 hal58th welcome, it's helped me alot
23:28 whytewolf there is also a sys.state_doc for help on states
23:28 UForgotten_ joined #salt
23:32 hal58th oh, good to know whytewolf
23:32 cornfeedhobo ^
23:33 cornfeedhobo darn, is dockerng not considered production worthy yet?
23:34 hal58th cornfeedhobo: https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.sysmod.html
23:34 whytewolf that i do not know. they were showing it off at the docker meetup I went to not to long ago
23:34 whytewolf it looked like it was fully functional at that time
23:34 cornfeedhobo err, i should say: i am running 2015.8.1 and trying to use dockerng, but `links` attribute appears to be using a deprecated method in the underlying docker-py library
23:34 cornfeedhobo okay.
23:35 cornfeedhobo i'll poke around a bit more
23:35 cornfeedhobo hal58th: oh, that is handy.
23:35 whytewolf pokeing around is a good way to learn :P
23:36 cornfeedhobo heh, i am pro making PRs, but still feeling around :)
23:43 ajw0100 joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary