Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2015-11-12

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:00 Vynce joined #salt
00:01 dthom91 joined #salt
00:01 mehakkahlon joined #salt
00:03 Ch3LL yeah i think your right whytewolf
00:05 dthom911 joined #salt
00:06 mehakkahlon joined #salt
00:06 RandyT still working through this. local.pkg and cmd don't give me any feedback and I don't see the refresh_db run.
00:07 whytewolf no feedback is better then it doens't exist
00:07 JDiPierro joined #salt
00:08 RandyT ok, I have other reactor scripts that are blowing up that have caused the problem. Removing all but the refresh, and using cmd. seems to fix that problem.
00:08 RandyT Thank you whytewolf and Ch3LL for your guidance
00:10 Ch3LL sweet
00:11 mehakkahlon joined #salt
00:13 pdayton joined #salt
00:14 sunkist joined #salt
00:14 RandyT moeyebus: whytewolf going back to the question that started me down this path, it appears that running the highstate on the minion does not timeout.
00:14 RandyT will give it another try from the master a bit later
00:16 mehakkahlon joined #salt
00:16 markm joined #salt
00:21 mehakkahlon joined #salt
00:23 baweaver joined #salt
00:26 mehakkahlon joined #salt
00:28 dthom911 joined #salt
00:29 jaybocc2 joined #salt
00:30 moeyebus So, is there a way to autoaccept signing requests from an IP range?
00:31 mehakkah_ joined #salt
00:32 falenn joined #salt
00:36 mehakkahlon joined #salt
00:37 openfly joined #salt
00:40 breakingmatter joined #salt
00:40 markm joined #salt
00:40 DanyC_ joined #salt
00:41 mehakkahlon joined #salt
00:43 DanyC_ joined #salt
00:46 fivehole joined #salt
00:46 mehakkahlon joined #salt
00:46 darix moeyebus: yes
00:47 moeyebus darix: how do you do that?
00:47 darix https://docs.saltstack.com/en/latest/ref/configuration/master.html#std:conf_master-autosign_file
00:47 darix moeyebus: generally speaking by reading the docs
00:49 moeyebus darix: I was looking for more of a whitelist. I'm sure you see why I couldn't find it.
00:49 moeyebus Not that I didn't search obviously.
00:50 moeyebus Not to mention that saltstack docs would take about a week to read and understand.
00:50 darix moeyebus: Matches will be searched for first by string comparison, then by globbing, then by full-string regex matching. This should still be considered a less than secure option, due to the fact that trust is based on just the requesting minion id.
00:50 darix moeyebus: here is the thing ... your infrastructure, your business relies on it. you *Should* read it.
00:50 darix anyway
00:50 darix if all your hosts come up with e.g. moeyeb.us as domain
00:50 darix a line like:
00:51 darix *.moeyeb.us in the autosign_file should work for you
00:51 rodr1c Anyone have any suggestions why with salt-cloud I would be getting Failed to deploy 'demoBox02'. Error: Command 'ssh -t -t -oStrictHostKeyChecking=no -oUserKnownHostsFile=/dev/null -oControlPath=none -p 22 root@xx.xx.xx.x \'/tmp/.saltcloud-9158f3bb-c428-4b8d-951b-b962898bec6f/deploy.sh -c \'"\'"\'/tmp/.saltcloud-9158f3bb-c428-4b8d-951b-b962898bec6f\'"\'"\'\'' failed. Exit code: 1.. When  just yesterday it
00:51 rodr1c worked fine?
00:51 mehakkahlon joined #salt
00:51 vfong1 joined #salt
00:53 moeyebus darix: that's not what I'm looking for, though. Thank you for the lecture.
00:53 darix moeyebus: that's all that is supported from the looks
00:54 zmalone joined #salt
00:56 mehakkahlon joined #salt
00:57 darix moeyebus: shouldnt be too hard to add other match types
01:00 cyborglone joined #salt
01:00 hightekvagabond joined #salt
01:01 mehakkahlon joined #salt
01:06 mehakkahlon joined #salt
01:07 Lionel_Debroux_ joined #salt
01:11 mehakkah_ joined #salt
01:12 bhosmer joined #salt
01:13 DanyC_ anyone created a NAT AWS instance on AWS using auto scaling or salt cloud to scale?
01:16 mehakkahlon joined #salt
01:17 rodr1c joined #salt
01:18 otter768 joined #salt
01:20 pogotech left #salt
01:21 mehakkahlon joined #salt
01:26 mehakkahlon joined #salt
01:27 dthom91 joined #salt
01:28 hightekvagabond joined #salt
01:28 dthom911 joined #salt
01:29 hasues joined #salt
01:30 hasues left #salt
01:31 mehakkahlon joined #salt
01:35 RandyT can anyone tell me what this error is trying to tell me? 'Path 'top.sls' is not absolute
01:35 RandyT ew'
01:36 mehakkahlon joined #salt
01:36 fsteinel_ joined #salt
01:37 moeyebus RandyT: any indication on the concext?
01:37 moeyebus context*
01:37 conan_the_destro joined #salt
01:37 RandyT reactor execution of a local.saltuilt.sync_all
01:38 Kruge joined #salt
01:38 Kruge hi
01:38 Jimlad joined #salt
01:39 Kruge I'm trying to set up syndics with multiple masters, anyone done such a thing before?
01:40 Kruge I have the two masters running and can send commands to minions under the syndics, but I never seem to get a complete set of results back from, say test.ping commands
01:41 breakingmatter joined #salt
01:41 hemebond Kruge: How are your masters setup?
01:41 JDiPierro joined #salt
01:41 noliverio joined #salt
01:41 Kruge I've tried setting the master_id in the high level masters, but still don't get the full results
01:41 Kruge hemebond: How do you mean?
01:41 mehakkahlon joined #salt
01:42 hemebond Do they have the same external IP? A copy of all the keys?
01:42 hemebond I can't help much here though.
01:42 Kruge Oh, I see.  It's all internal, and yes, the keys are all set up properly
01:42 Kruge I can send test.ping commands from both, but don't get a full set of results back
01:42 hemebond Masters have the same key?
01:42 Kruge Yes
01:43 hemebond The minions might be returning to the other master. I'm not sure how it's supposed to work unfortunately.
01:43 Kruge And both masters see the syndic
01:43 Kruge hemebond: That seems to be the case.  I watch a tcpdump of master1 when a command is issued from master2, and I see traffic going to master1
01:44 hemebond minions only connect to one master at a time.
01:44 hemebond You might need to use a separate returner.
01:44 hemebond Like, have all your minions return to a single database somewhere.
01:44 Kruge The master_id option on the high-level masters is supposed to get the results sent back to the issuing master, but on a "best effort" basis.  It looks more like a "hit nad miss" basis
01:45 Kruge hemebond: The minions only know one master - the syndic
01:45 Kruge The syndic has both high-level masters configured
01:45 hemebond Oh, you have them listed separately?
01:46 larsfronius joined #salt
01:46 mehakkahlon joined #salt
01:48 Kruge It is rather frustrating...
01:50 hightekvagabond joined #salt
01:50 hackel joined #salt
01:51 mehakkahlon joined #salt
01:55 cberndt joined #salt
01:56 mehakkahlon joined #salt
01:59 JDiPierro joined #salt
02:01 mehakkah_ joined #salt
02:01 zmalone joined #salt
02:01 hightekvagabond joined #salt
02:05 dthom911 joined #salt
02:06 mehakkahlon joined #salt
02:11 mehakkahlon joined #salt
02:14 racooper joined #salt
02:15 zzzirk joined #salt
02:16 mehakkahlon joined #salt
02:16 DammitJim joined #salt
02:21 n8n joined #salt
02:21 mehakkahlon joined #salt
02:26 mehakkahlon joined #salt
02:31 mehakkahlon joined #salt
02:34 pirulo joined #salt
02:35 pirulo I'm trying to get ONLY the values of the grains, but instead I get all server in thr db_name using this command: salt -G 'datacenter:SY' grains.get db_name can someone tell me what I'm doing wrong
02:36 mehakkahlon joined #salt
02:36 hemebond pirulo: Change your target to be compound and check that the grain exists in there.
02:37 lnxnut joined #salt
02:39 pirulo the grains exist, just did using compund and still shows all the servers include the ones that do not have db_name values. salt -C 'G@datacenter:SY' grains.get db_name
02:41 mehakkahlon joined #salt
02:45 breakingmatter joined #salt
02:45 ageorgop joined #salt
02:46 mehakkahlon joined #salt
02:46 sunkist joined #salt
02:46 catpigger joined #salt
02:51 mehakkahlon joined #salt
02:56 mehakkahlon joined #salt
02:58 ^C if that datacenter grain is set on multiple minions, it'll return all the servers and their db_name grain
03:01 hemebond salt -C 'G@datacenter:SY and G@db_name:*'
03:01 mehakkahlon joined #salt
03:04 evle joined #salt
03:04 dthom91 joined #salt
03:05 dthom911 joined #salt
03:05 alexlist joined #salt
03:06 pirulo hemebond, I just try your command and its not working this error come up: Usage: salt [options] '<target>' <function> [arguments]
03:06 mehakkahlon joined #salt
03:07 hemebond pirulo: I didn't put a module.function on the end, I was just showing the compound targeting you might need.
03:09 favadi joined #salt
03:11 mehakkah_ joined #salt
03:11 pirulo homebond it works, but I do really need to see the name of the db_name instead of the True output. I do not know if that is possible?
03:12 hemebond uh
03:12 hemebond It should return the value
03:12 hemebond If you do a grains.items does it show the value?
03:12 pirulo sure it does
03:12 hemebond But grains.get just shows "true"?
03:13 pirulo i did cat to double check the grains '
03:13 bhosmer joined #salt
03:14 pirulo I use this command to add my grains vakue "salt minion1 grains.setval db_name paprod1"
03:15 pirulo I did on all the minions that have a db instance
03:15 wych found something wrong here https://github.com/saltstack-formulas/apache-formula/blob/master/apache/osfingermap.yaml#L9 CentOS-7's osfinger is 'CentOS Linux-7'
03:16 hemebond Something sounds broken. If grains.items shows the value but grains.get shows "True" then that is possibly a bug in Salt.
03:16 mehakkahlon joined #salt
03:21 pirulo yes with grains.get I get the right value of the db_name, but the out put bring all the server include the ones I'm looking for
03:21 mehakkahlon joined #salt
03:23 hemebond Oh, you mean the target is hitting too many minions?
03:23 hemebond Well...
03:23 pirulo yes
03:24 hemebond And the extra servers do _not_ have that grain defined?
03:24 pirulo correct
03:24 hemebond Then there must be a problem with the compound target I provided.
03:26 pirulo you think could be the way I define my grains ?
03:26 mehakkahlon joined #salt
03:27 hemebond I suppose it's possible. I don't use grains much.
03:28 hemebond Okay, I have a grain here, lemme test.
03:28 pirulo ok
03:28 pirulo thanks a lot
03:29 hemebond Yeah, didn't work for me either.
03:30 otter768 joined #salt
03:30 dthom91 joined #salt
03:31 hemebond Okay so grainname:* doesn't work; matches on minions without that grain.
03:31 pirulo I keep hitting my head over the wall and I could not get it to work...
03:31 hemebond But, e.g., C* will work properly.
03:31 dthom911 joined #salt
03:31 pirulo could you please give an example pls.
03:31 mehakkahlon joined #salt
03:31 hemebond salt -C 'P@jboss_home:. and G@kernel:Windows' grains.get jboss_home
03:32 hemebond That works.
03:32 hemebond So I'm matching Windows machines that have a value for that grain using the "Grains PCRE" match type.
03:34 teryx510 joined #salt
03:36 pirulo ok I just try with this command and still in the same output
03:36 pirulo salt -C 'G@datacenter:SY and G@cpuarch:x86_64' grains.get db_name
03:36 mehakkahlon joined #salt
03:37 RandyT moeyebus: whytewolf thought I would report back on our earlier conversation regarding windows minions timing out.
03:38 RandyT running 2015.8.1, I have a moderately complex provisioning process that takes about 8 minutes to complte, 17 states applied and runs without timeout after resolving some of my other issues around reactor.
03:41 mehakkahlon joined #salt
03:46 mehakkahlon joined #salt
03:49 hackel joined #salt
03:51 hemebond pirulo: What do you mean "same output"?
03:51 mehakkahlon joined #salt
03:52 pirulo it means I still getting all the minions including the one w/o db_name
03:52 hemebond The compound target you just posted doesn't check that grain at all.
03:53 hemebond You're getting all minions in the datacenter that are 64-bit.
03:53 pirulo yes
03:53 hemebond So yes, it will check and return for all those minions.
03:54 hemebond Even if they don't have that grain.
03:54 pirulo still showing the one that do not  have db_name value
03:54 hemebond Correct.
03:54 hemebond You haven't told it to ignore minions that don't have that grain.
03:54 hemebond You need to use something like I did.
03:54 hemebond Using the P@ targetting.
03:56 sontek joined #salt
03:56 mehakkahlon joined #salt
03:57 pirulo salt -C 'P@datacenter:SY and G@cpuarch:x86_64' grains.get db_name
03:58 hemebond Not quite
03:58 pirulo with cmd still the same same all minions
03:58 hemebond salt -C 'P@db_name:. and G@datacenter:SY' grains.get db_name
03:59 pirulo now it works like charm perfect
03:59 pirulo thanks a lot for you time I really appreciated..
04:00 hemebond No problem. Good luck :-)
04:01 pirulo question would be easier to use pillars in thid case
04:01 hemebond pirulo: Was that a question?
04:01 mehakkahlon joined #salt
04:01 pirulo yes..
04:01 hemebond Can you write it again?
04:02 hemebond Oh, this case.
04:02 hemebond (thought it was meant to be third case)
04:02 hemebond I generally prefer pillars to grains.
04:02 pirulo Instead of using grains to assign values to the minions. Would be eaiser to use Pillars..
04:02 hemebond For custom stuff at least.
04:03 hemebond Your datacenter grain could be a pillar or even just a minion group.
04:04 pirulo I will work on see if I can convert to Pillars is on my to do list for tomorrow.
04:05 pirulo homebond, this is a question. Have you ever use Foreman with salt?
04:05 pirulo sorry I mean hemebond..
04:06 hemebond pirulo: I haven't used Foreman at all.
04:06 baweaver joined #salt
04:06 Aleks3Y joined #salt
04:06 pirulo Thank you..
04:06 mehakkah_ joined #salt
04:11 mehakkahlon joined #salt
04:12 viq joined #salt
04:14 jaybocc2 joined #salt
04:16 mehakkahlon joined #salt
04:17 dthom91 joined #salt
04:18 dthom911 joined #salt
04:18 kermit joined #salt
04:21 mehakkah_ joined #salt
04:25 kermit joined #salt
04:26 mehakkahlon joined #salt
04:31 mehakkahlon joined #salt
04:36 mehakkahlon joined #salt
04:39 ^C is there an easy way to get the first item out of a mine.get return without having to iterate it?
04:39 ^C i've tried item = mine.get()|first
04:40 ^C doesnt work, i'm assuming because its key/value pairings?
04:41 mehakkahlon joined #salt
04:45 hemebond ^C: If it's a dict then there is no first :-)
04:46 ^C bummer
04:46 xDamox joined #salt
04:46 ^C so how do i know that the set is only a single item (when thats all i want)
04:46 hemebond What is it you're trying to get? Do you have an example of the mine data?
04:46 mehakkahlon joined #salt
04:47 ^C from inside a pillar:
04:47 ^C set servers = salt['saltutil.runner']('mine.get', tgt='G@role:somerole and G@env:' + env, fun='grains.items', tgt_type='compound')
04:48 hemebond Oh, you're trying to get something out of the grains?
04:48 ^C it should return a single server per environment
04:48 ^C yeah, doing dynamic pillar stuff
04:49 hemebond What value are you trying to get out of it?
04:49 ajw0100 joined #salt
04:49 ^C ['ip4_interfaces']['eth0'][0]
04:49 dthom911 joined #salt
04:49 ^C i'm already doing this successfully in other pillars/templates
04:50 ^C just cant work out how to get a singular result without iterating
04:50 hemebond Hmm, not sure what you mean.
04:51 hemebond You should be able to use it like any other dict.
04:51 ^C then i clearly dont understand dicts :)
04:51 ^C haha
04:51 ^C so theres no index? you cant do servers[0][...] ?
04:52 ^C and servers|first doesnt work
04:52 ^C at the moment to get the item out i'm doing a for loop, which seems incorrect if theres only one result
04:53 ^C (one item)
04:53 hemebond I'm not sure what kind of structure mine.get returns.
04:54 hemebond I don't think I have any mine stuff configured for my current minions.
04:55 ^C i could paste an example of the grains.items mine.get return from salt-run CLI to gist if it helps?
04:56 hemebond Yip.
04:56 mosen dunno can you do something like get the first pair from iteritems/items
04:59 ^C https://gist.github.com/cybacolt/27411c0c13b1084a911e
05:00 hemebond Is it not just a flat dict?
05:00 hemebond Or is myhost.host a key?
05:01 ^C i'm assuming myhost.host is a key?
05:01 hemebond Hmm. What if you change the output of that command to json?
05:01 hal58th joined #salt
05:02 hal58th_ joined #salt
05:04 ^C https://gist.github.com/cybacolt/7e56f37b88047400ba6f
05:05 hemebond Ah, key.
05:05 hemebond So you'll have to loop.
05:05 ^C bummer
05:05 hemebond It's only a couple of superfluous lines.
05:07 ^C just doesnt feel like the right approach for a single record
05:07 KajiMaster joined #salt
05:07 KajiMaster #nimrod
05:07 ageorgop1 joined #salt
05:10 ^C guess i better hope these only ever one result in that return :)
05:14 bhosmer_ joined #salt
05:16 ^C worked it out
05:16 ^C set g = servers.values()[0]
05:16 ^C works
05:17 hemebond Oh yeah :-)
05:17 solidsnack joined #salt
05:17 ^C tho this may not be so great for unordered dicts
05:22 oherrala joined #salt
05:23 zemm joined #salt
05:24 kaji_ joined #salt
05:24 fyb3r joined #salt
05:25 fyb3r is there any reason that a basic returner wont work, yet throws no errors?
05:25 fyb3r or better yet, is there a way to see what returner a function is using?
05:31 otter768 joined #salt
05:39 fyb3r >_>
05:43 zmalone joined #salt
05:43 favadi joined #salt
05:46 malinoff joined #salt
05:47 larsfronius joined #salt
05:47 KajiMaster joined #salt
05:49 jalbretsen joined #salt
05:50 KajiMaster joined #salt
05:50 kaji_ joined #salt
05:51 vvoody joined #salt
05:51 mehakkahlon joined #salt
05:53 KajiMaster joined #salt
05:53 Vynce joined #salt
06:00 calvinh joined #salt
06:08 noliverio joined #salt
06:08 golodhrim|work joined #salt
06:25 hightekvagabond joined #salt
06:29 Furao joined #salt
06:29 hightekvagabond joined #salt
06:32 amy_ joined #salt
06:32 noliverio joined #salt
06:37 teryx510 joined #salt
06:37 malinoff joined #salt
06:43 hightekvagabond1 joined #salt
06:44 breakingmatter joined #salt
06:47 ramteid joined #salt
06:48 hightekvagabond joined #salt
06:49 hightekvagabond joined #salt
06:49 impi joined #salt
06:50 hightekvagabond joined #salt
06:52 W1nd5urf joined #salt
06:59 hightekvagabond joined #salt
06:59 colttt joined #salt
07:03 jaybocc2 joined #salt
07:07 ggoZ joined #salt
07:08 colttt joined #salt
07:11 colttt joined #salt
07:13 k00mi joined #salt
07:14 scoates joined #salt
07:15 tcolvin joined #salt
07:15 DanyC joined #salt
07:15 bhosmer_ joined #salt
07:16 sjorge joined #salt
07:16 sjorge joined #salt
07:17 dork joined #salt
07:17 David_B55 joined #salt
07:17 solidsnack joined #salt
07:17 AndreasLutro joined #salt
07:18 ze- joined #salt
07:18 shanemhansen joined #salt
07:18 baweaver joined #salt
07:20 unusedPhD_ joined #salt
07:20 nethershaw joined #salt
07:20 rhand joined #salt
07:25 colttt joined #salt
07:25 FredFoo joined #salt
07:25 felskrone joined #salt
07:32 otter768 joined #salt
07:32 vvoody joined #salt
07:32 cberndt joined #salt
07:34 NV joined #salt
07:36 KermitTheFragger joined #salt
07:36 scc joined #salt
07:41 Guest96928 joined #salt
07:50 mattiasr joined #salt
07:52 jaybocc2 joined #salt
08:01 felskrone joined #salt
08:04 Erik____ joined #salt
08:04 av___ joined #salt
08:06 kawa2014 joined #salt
08:09 slav0nic joined #salt
08:09 DanyC_ joined #salt
08:11 DanyC__ joined #salt
08:15 eseyman joined #salt
08:16 impi joined #salt
08:19 joshin joined #salt
08:19 joshin joined #salt
08:27 illern joined #salt
08:30 seatan joined #salt
08:31 Guest55101 joined #salt
08:34 rotbeard joined #salt
08:35 apergos left #salt
08:45 breakingmatter joined #salt
08:48 wych what's variable's scope in salt states and templates? I set an var in states, but can't use it in template file.
08:49 hemebond wych: Scoped to that file.
08:49 hemebond If you want to re-use a variable you can import it.
08:49 hemebond Actually, I could be wrong on this.
08:50 hemebond Been a while and I spend my days with Puppet.
08:50 wych hemebond scoped to that file means?
08:50 hemebond The file in which you defined it.
08:50 wych oh.
08:51 wych I have been using puppet for a while.
08:51 wych In puppet I can define in .pp, and use in .erb.
08:52 hemebond Yeah, that's because it's a DSL.
08:52 hemebond In Salt, the file is run through Jinja first.
08:52 hemebond That's a separate process.
08:53 hemebond brb
08:53 wych I see, didn't notice this difference before. :)
08:54 GreatSnoopy joined #salt
08:55 thalleralexander joined #salt
08:57 colegatron joined #salt
08:57 colegatron_origi joined #salt
09:01 zer0def joined #salt
09:01 fxhp joined #salt
09:01 Furao joined #salt
09:06 Rumbles joined #salt
09:09 ^C is there a way to reference the name of a state from within the state?
09:10 ^C ie, if the name is a directory, i'd like to test that directory without statically stating that directory again
09:10 jhauser joined #salt
09:15 bhosmer joined #salt
09:17 hemebond aw, salt-formula doesn't even use the new repo.
09:18 sgargan joined #salt
09:23 colegatron joined #salt
09:23 colegatron_origi joined #salt
09:25 s_kunk joined #salt
09:27 markm joined #salt
09:29 DanyC joined #salt
09:30 DanyC joined #salt
09:32 otter768 joined #salt
09:34 MadHatter42 joined #salt
09:34 thefish joined #salt
09:35 amcorreia joined #salt
09:35 GreatSnoopy joined #salt
09:36 sjorge joined #salt
09:36 sjorge joined #salt
09:39 jalbretsen joined #salt
09:43 ziro` joined #salt
09:44 sgargan joined #salt
09:48 traph joined #salt
09:53 ingslovak joined #salt
10:03 jaybocc2 joined #salt
10:04 denys joined #salt
10:04 cyborglone joined #salt
10:06 MadHatter42 joined #salt
10:12 baweaver joined #salt
10:13 raygunsix joined #salt
10:13 larsfronius joined #salt
10:15 larsfron_ joined #salt
10:16 elsmo joined #salt
10:19 jaybocc2 joined #salt
10:24 madpenguin joined #salt
10:25 stevej joined #salt
10:26 ignasr joined #salt
10:26 MadHatter42 joined #salt
10:30 CeBe joined #salt
10:30 traph I setup a cloud provider for salt-cloud, but when I do --list-locations while specifying the provider profile, it complains: salt-cloud: error: Do not mix the old cloud providers configuration with the new one. The providers configuration should now go in the file `/etc/salt/cloud.providers` or a separate `*.conf` file within `cloud.providers.d/` which is relative to `/etc/salt/cloud.providers`.
10:31 traph there is a ec2.provider.conf in the cloud.providers.d dir, following the doc examples
10:32 AlberTUX joined #salt
10:35 ziro` joined #salt
10:47 Grokzen joined #salt
10:47 illern joined #salt
10:50 giantlock joined #salt
10:59 traph found the problem - there was some stuff from old versions in /etc/salt/cloud file
11:10 av___ joined #salt
11:16 bhosmer joined #salt
11:16 rusvdw joined #salt
11:17 rusvdw Hi! I have a question about salt-cloud cleanup that I was hoping someone could help me with
11:18 rusvdw We're creating route 53 entries for our minions using salt, but need a way to clean that up when the instance is destroyed
11:18 lorengordon wych: depending on the state module you are using, you may be able to pass the var to the templated file using the `context` parameter
11:18 rusvdw how do we execute a state either before or just after salt-cloud -d ?
11:18 Micromus joined #salt
11:19 mehakkahlon joined #salt
11:33 otter768 joined #salt
11:41 MadHatter42 joined #salt
11:41 geekatcmu joined #salt
11:44 MasterNayru joined #salt
11:46 MasterNayru joined #salt
11:47 _JZ_ joined #salt
11:47 waggott14 joined #salt
11:53 waggott14 HI, I was wondering if anyone could help? I am new to salt, i have got my minion hooked up to my master and i confirm this by using the test.ping. However when i run the state.highstate it runs and appears to do something, when it finishes it tells me it has succeeded. When i go to check versions on my minion it tells me the package can not be found. How and why is this happening?
11:56 mortis_ anyone have a tip as to how one would manage to import a salt pillar sls with yaml and jinja correctly in a python-script? :x
11:56 mortis_ guessing some way of using salt and yaml_jinja something something, but cant really find a good example
11:58 raqua joined #salt
11:58 raqua Hi all
11:59 raqua is there a way, to get current date for all states that are run to be the same ?
11:59 raqua I do {% set _now = None|strftime("%Y%m%d-%H%M%S") %}
12:00 raqua but since state applying takes some time, next state will have few seconds later date
12:00 rusvdw waggott: try checking the /var/log/minion file on the minion for any errors
12:00 raqua I would like to do backup in common folder, which will include time and date for multiple states
12:01 raqua I reckon I might not be the first that needs this
12:03 waggott14 Rus: minion failed with return code: 100
12:06 dthom911 joined #salt
12:13 waggott14 Rus: think i've solved it, looks like a rouge package in my one of my init files removed them then did s quick restart. Now i need to figure out ruby :/
12:15 _JZ__ joined #salt
12:15 Kruge In case anyone was interested in my question from 12 hours ago, it turns out that I'm an idiot, and hadn't set order_masters: True on my second master.  Things appear to be working as expected now.
12:20 apofis joined #salt
12:21 noliverio joined #salt
12:29 aboe joined #salt
12:30 jaybocc2 joined #salt
12:42 dthom91 joined #salt
12:43 dthom911 joined #salt
12:46 jaybocc2 joined #salt
12:50 amcorreia joined #salt
12:54 ggoZ joined #salt
12:56 Seanie joined #salt
12:59 Seanie Hey
13:02 traph Seanie, hey
13:02 traph can the defined profiles in salt-cloud be dynamic, using jinja, pillars, grains etc.?
13:05 losh joined #salt
13:09 tuxx hey guys.. has anyone used salt-cloud to administer an ESXi?
13:10 tuxx or my question is rather, whether vCenter is mandatory for that
13:11 bfoxwell joined #salt
13:12 Micromus joined #salt
13:14 colttt joined #salt
13:17 bhosmer joined #salt
13:20 lagachettefresh joined #salt
13:24 arif-ali joined #salt
13:25 ni3mm4nd joined #salt
13:28 jeddi joined #salt
13:30 informant joined #salt
13:32 dthom911 joined #salt
13:32 informant Hi, I'm looking for a way to get the filename of all files in a directory (/etc/bla/conf.d) and add all filenames them into a config file using a jinja2 template. What is the best way to do so?
13:32 breakingmatter joined #salt
13:33 morissette joined #salt
13:34 otter768 joined #salt
13:35 ni3mm4nd Hello can somebody help me? Seems like Jinja ignores my attributes :-(
13:37 bluenemo joined #salt
13:37 AndreasLutro ni3mm4nd: can you show your code and/or error messages?
13:40 mik__R joined #salt
13:43 ni3mm4nd ./salt/top.sls base:   '*':     - users  ./salt/users/init.sls {% for user, args in pillar.get('users', {}).iteritems() %} {{user}}:   user.present:     - name: {{ user }}     - password: {{ args['varpassword'] }} {% endfor %}  ./pillar/top.sls base:   '*':     - users  ./pillar/users/init.sls users:   admin:      - varname: admin     - varpassword: $1$DU2l05VF$lgITa0u//BJcpYImIiniw.
13:43 ni3mm4nd aw
13:44 AndreasLutro not here
13:44 AndreasLutro use a gist or pastebin of some sort and link the url
13:47 ni3mm4nd sorry you've got it in side chat :-)
13:48 seatan joined #salt
13:48 AndreasLutro share it here, so everyone can see it and chime in
13:49 TooLmaN joined #salt
13:49 ni3mm4nd http://pastebin.com/p7n07n4f
13:49 baweaver joined #salt
13:49 ni3mm4nd here it is. content of files plus error message from command line
13:50 AndreasLutro ni3mm4nd: you're treating "args" like a dict/object when it is a list/array - if you remove the "- " from your pillar it should work
13:50 drawsmcgraw joined #salt
13:51 ni3mm4nd I'm going to try this
13:51 ni3mm4nd It's working
13:51 ni3mm4nd ...
13:51 ni3mm4nd thank you
13:52 ni3mm4nd I should read something about dict/object and list/array :-)
13:55 MadHatter42 joined #salt
13:56 AlberTUX joined #salt
13:57 bastion1704 good morning, quick question, is it better to upgrade all minion and then the master or the opposite ?
14:02 subsignal joined #salt
14:02 tuxx i wld assume its better to upgrade minions first but im guessing :D
14:02 mortis_ bastion1704: upgrade master first
14:03 mortis_ then minions
14:03 bastion1704 morsik really ? I was thinking of the opposite
14:03 tuxx mortis_: but if communication breaks down after an upgrade, how will you upgrade the minions? manually?
14:03 mortis_ salt-ssh :D
14:03 tuxx the other way around chances of losing connectivity are lower i wld think
14:04 bastion1704 I will upgrade one minion first and see if it works :P
14:04 mortis_ http://www.revsys.com/blog/2014/nov/16/upgrade-salt-master-and-minions-ubuntu-servers/
14:04 mortis_ Upgrading the master first ensures you don’t run into any version compatibility issues between your master and minions
14:05 mortis_ "When upgrading Salt, the master(s) should always be upgraded first. Backwards compatibility for minions running newer versions of salt than their masters is not guaranteed."
14:05 mortis_ from https://docs.saltstack.com/en/latest/faq.html
14:05 bastion1704 mortis_  tx for the link ! perfect
14:05 mortis_ np
14:06 mortis_ i've managed to fail at upgrading, so no kidding, salt-ssh as a failover is good to have :)
14:07 impi joined #salt
14:08 hasues joined #salt
14:08 hasues left #salt
14:09 zmalone joined #salt
14:10 morissette joined #salt
14:11 kawa2014 joined #salt
14:14 bhosmer joined #salt
14:15 morsik bastion1704: what?
14:16 cpowell joined #salt
14:17 Tyrm joined #salt
14:18 morsik bastion1704: ah, tabfail ;)
14:18 dthom91 joined #salt
14:18 bastion1704 morsik yes sorry about that
14:19 dthom911 joined #salt
14:19 morsik np ;)
14:20 Micromus joined #salt
14:21 numkem joined #salt
14:22 Seanie We use vcenter but not with salt-cloud.
14:22 teryx510 joined #salt
14:23 Seanie After an upgrade you will need to remove the keys salt-key -D
14:25 DammitJim joined #salt
14:28 thefish joined #salt
14:29 Bryson joined #salt
14:37 lagachettefresh joined #salt
14:38 r05c03 joined #salt
14:39 mapu joined #salt
14:40 quix joined #salt
14:44 elsmo joined #salt
14:45 B1nny joined #salt
14:47 jalbretsen joined #salt
14:47 B1nny Good afternoon everybody! I'm currently having issues with some minions becoming unavailable to my salt master, which results in me being not able to run commands on them or reach them in any way. The only solution to this so far seems to remove the salt-minion package and reinstalling it again. But I'd really like to know the exact cause of the issue, which I haven't been able to figure out so far. Is anybody willing to help me with this? This is a piece
14:47 B1nny of the errorlog on my minion: http://paste.omnirom.org/view/60b29433
14:48 B1nny We currently have two salt masters, if that matters.
14:50 dthom91 joined #salt
14:51 Ahrotahntee joined #salt
14:51 Ahrotahntee left #salt
14:51 dthom911 joined #salt
14:51 Ahrotahntee joined #salt
14:51 Ahrotahntee oops
14:51 Ahrotahntee morning
14:52 B1nny morning :)
14:54 cpowell greetings, I know that you can include/exclude another state within a state, but can you include just a single item similar to excluding?
14:56 Ahrotahntee maaaaaaan, all my problems are because I forgot to include the saltstack repo in sources.list.
14:56 Ahrotahntee so I was working on a 94 year old version of saltstack
14:56 B1nny Ahrotahntee: hah
14:57 jaybocc2 joined #salt
14:58 mortis_ yeah i remember that version back in 1921
14:59 mortis_ before the war
14:59 B1nny so much salt man, I remember those stories from my grandma
14:59 mortis_ my grandma used to live in a saltfield back then
14:59 Ahrotahntee there we go
15:00 Ahrotahntee working away in the salt mine
15:00 Ahrotahntee feeding the rich folks living in the salt-cloud
15:00 mortis_ swearing at the pillars everyday
15:00 JDiPierro joined #salt
15:00 Ahrotahntee building them pillars out of nothing but sweat and blood
15:00 zmalone joined #salt
15:01 mortis_ not to talk about all the grains you'd end up with in your underwear while working the pillars
15:02 nsenno_ joined #salt
15:02 sunkist joined #salt
15:04 mack22 joined #salt
15:07 lude joined #salt
15:10 andrew_v joined #salt
15:10 waggott14 Hi all, i am wondering if anyone can help? i am doing a salt '*' state.highstate update and after its has finished i see (unchanged=4) in the comments i gt the following packages are set to be installed/updated. Can anyone tell me why these won't update?
15:11 joshin joined #salt
15:11 joshin joined #salt
15:13 jaybocc2 joined #salt
15:14 drawsmcgraw waggott14: Are you specifically instructing it to update?
15:14 drawsmcgraw If I understand, pkg.installed() only checks that the package is installed by default and needs to be told explicitly to update the package if it's already installed.
15:14 waggott14 yes i am using the command salt'*' state.highstate update
15:15 shiriru joined #salt
15:15 drawsmcgraw waggott14: er... That's a new way of using state.highstate to me.
15:15 drawsmcgraw Is that valid?
15:15 colttt joined #salt
15:16 waggott14 i've been using state.highstate for the last week. I am very new at salt
15:16 drawsmcgraw There's pkg.latest(), which may be what you're looking for: https://docs.saltstack.com/en/latest/ref/states/all/salt.states.pkg.html#salt.states.pkg.latest
15:16 JDiPierro I accidentally deleted a salt-key from the master that I didn't mean to.. what's the easiest way to get it back? I tried restarting the minion but it's not trying to reauthenticate
15:16 lnxnut joined #salt
15:16 drawsmcgraw waggott14: No worries. Can you past a link to the specific state(s) you're writing where you want packages to update?
15:18 Brew joined #salt
15:18 drawsmcgraw JDiPierro: I was going to suggest restarting the minion but... I guess that doesn't help..
15:18 dthom911 joined #salt
15:19 waggott14 drawsmcgraw:  i have the state files up on aws i don't have links for them as i am testing :/
15:19 drawsmcgraw JDiPierro: You could take the nuclear option and delete everything in /etc/salt/pki/minion/. (on the minion)
15:19 drawsmcgraw Then try restarting the minion. I imagine the key would show up on the master then
15:19 mik__R joined #salt
15:19 r05c03 joined #salt
15:20 techblaze joined #salt
15:20 JDiPierro My Fallout 4 addiction compels me to take the nuclear option :P
15:20 drawsmcgraw Oh man. mine is still in shrinkwrap. It's stuck in a drawer until I hit a few milestones with work and home :)
15:21 drawsmcgraw Anwyay. Give that try, should be productive.
15:21 JDiPierro Thanks!
15:21 drawsmcgraw waggott14: Are you able to copy/paste some into (say) dpaste.com?
15:21 drawsmcgraw Or a Github gist?
15:21 drawsmcgraw JDiPierro: Sure thing. Let us know if that worked if you don't mind.
15:22 mack22 Hi all.  Does anyone have a sample .sls file that is pulling files from the locally cached '/var/cache/salt/master/svnfs' tree?
15:23 mack22 I have svnfs set up, the repository is cached on my salt master, but can't seem to reference those files correctly in my .sls!  It works serving other files locally out of 'file_roots'.
15:23 mack22 Any help or pointers would be appreciated!!
15:24 drawsmcgraw macc22, are you addressing your files in that svn repo as 'salt://path/to/file/i/want' ?
15:24 drawsmcgraw I don't have svnfs experience, but as I understand the fileserver backend, that's *about* how it should work.
15:25 waggott14 drawsmcgraw:  link to my app.sls
15:25 mack22 drawsmcgraw: Yes, exactly like that.  I've tried various permutations but it appears that salt can't locate the file?
15:25 mack22 The error is:
15:26 mack22 Changes:   Invalid Changes data: [False, 'Unable to determine upstream hash of source file <filename>']
15:26 mack22 I feel like I'm missing something obvious.
15:26 drawsmcgraw interesting.... Sounds like it *is* something svnfs specific. I'm afraid that's the end of my knowledge :/
15:27 mack22 Depending on how I configure the .sls, it'll also throw a:
15:27 waggott14 drawsmcgraw: http://dpaste.com/1QCNDW0
15:27 mack22 Changes:   Invalid Changes data: [False, 'Source file salt://<filename> not found']
15:27 drawsmcgraw For what it's worth, you can 'cp.list_master' to get a list of files available in the Salt file server
15:27 waggott14 http://dpaste.com/3MQSPN1
15:27 JDiPierro @drawsmcgraw That did in fact work :) Thanks again!
15:28 drawsmcgraw Good to know! Thanks for letting us know.
15:28 waggott14 drawsmcgraw: http://dpaste.com/3RQEQFP rbenv
15:29 drawsmcgraw waggott14: Okay. What specifically is not working the way you want?
15:29 drawsmcgraw Once you have that, you can test/troubleshoot with 'state.sls' and run individual state files (instead of having to run a whole highstate)
15:30 waggott14 ruby, rubygems and jekyll when i run highstate it tries to install them all but gets as far as installing ruby 1.9.3 and then it falls over and won't install jekyll
15:30 dthom91 joined #salt
15:31 waggott14 I've been trying to find some decent ppa's to add in but to no avail
15:33 MikeyYeahYeah joined #salt
15:35 otter768 joined #salt
15:36 kawa2014 joined #salt
15:36 dthom91 joined #salt
15:37 RandyT good morning. Here is my morning question: https://gist.github.com/rterbush/e6110e61fc8f9d372330
15:37 RandyT I'm trying to run a specific state on a minion to debug an issue. Not sure if I have the call right to run this, so that may be the first issue.
15:38 RandyT Getting warning about worker_threads and have set that to 10 with no effect.
15:38 RandyT I am able test.ping the minion
15:41 drawsmcgraw waggott14: 'app.sls' either has a copy/paste error or is not written correctly
15:41 drawsmcgraw Starting at line 8, I don't see where you're specifying the function you want to run
15:41 drawsmcgraw It just starts with 'pkgs'
15:42 Aleks3Y joined #salt
15:46 JDiPierro @RandyT Not sure if this would be any different.. but I notice the state mentioned orchestration.. should you be using the orchestration runner? "salt-run state.orchestrate orchestration.startup"
15:47 JDiPierro I guess that depends on salt version too.. and if you're actually using orchestration or just named your states that :P
15:47 waggott14 drawsmcgraw: those are the packages i want to install
15:48 RandyT JDiPierro: that works, is it possible to target a minion in that case? I'm a bit new to using orchstrate right now...
15:49 JDiPierro RandyT: I haven't used the orchestration system myself. I believe that's done in the sls file itself, you'd provide the stanza with a "tgt". More info on that here: https://docs.saltstack.com/en/develop/topics/tutorials/states_pt5.html
15:50 RandyT JDiPierro: thanks, I'll study this a bit more. Working from an older example which has issues it seems.
15:50 techblaze joined #salt
15:50 quasiben joined #salt
15:50 JDiPierro Ahh yeah. It looks like you used to use state.sls to call orchestration, so mayhaps the newer docs will help :)
15:50 drawsmcgraw waggott14: Here's how that stanza should look: http://dpaste.com/0W02D75
15:56 MikeyYeahYeah joined #salt
15:58 mack22 In regards to my svn issue, I'm wondering if the issue is that I have no trunk, branch, or tags dirs in my repository?
15:58 waggott14 drawsmcgraw: it looks neater :) is it easier to make a folder for each app that i want installed?
15:58 JDiPierro So DigitalOcean deprecated their v1 API which the version of salt-cloud uses in 2014.7.1.. anyone happen to know what would be involved in fixing that without upgrading?
15:58 mack22 I've tested setting "trunk: ''" so that it's blank but no go.
15:59 drawsmcgraw JDiPierro: You can upgrade *just* salt-cloud. Not sure how safe that is but you could keep your install of salt-minion and salt-master at 2014.7.1 that way
15:59 mack22 If anyone has a sample working svn config, I'd love to see it.
15:59 hightekvagabond joined #salt
15:59 JDiPierro drawsmcgraw: yeah think I'm going to give that a shot.
15:59 drawsmcgraw waggott14: I wouldn't go quite that far. My best advice is "start small, and keep it simple"
16:00 drawsmcgraw Sounds like the best way to go. I don't know how 'supported' that set up but, hey, they separated the packages out for a reason, right :)
16:03 clintberry joined #salt
16:06 fyb3r joined #salt
16:07 kawa2014 joined #salt
16:07 MikeyYeahYeah joined #salt
16:08 mack22 Huh.  Re: my svn issue.  I can copy that file using 'salt <hostname> cp.get_file salt://<filename> /tmp/<filename>'
16:08 mack22 So cp.get_file can see it!
16:08 mack22 That's good.
16:10 tmclaugh[work] joined #salt
16:10 dthom91 joined #salt
16:13 cyborg-one joined #salt
16:15 kulty joined #salt
16:17 djstorm joined #salt
16:18 fyb3r is it possible to send certain events to a returner based on their tags?
16:18 waggott14 drawsmcgraw:
16:18 waggott14 thanks
16:18 fyb3r im trying to find a way to send info to couchbase without installing the python module on 10000 minions
16:18 edrocks joined #salt
16:19 B1nny fyb3r: ssh?
16:19 fyb3r not sure how that makes sense...
16:20 B1nny whoops sorry, misread
16:20 fyb3r haha np
16:20 fyb3r def perplexed me there
16:20 __chrish__ joined #salt
16:20 dayid joined #salt
16:21 fyb3r the current issue is that event data cannot be gethered inside a reactor, so creating one with the py renderer that takes in said data is impossible
16:21 peters-tx Is Saltstack RPM no longer supported?
16:21 kbyrne joined #salt
16:21 fyb3r ive been trying to think of a way to get a reactor to possibly call a statefile and pass the info via pillar but that wont work since state files are not executed on the master >_>
16:23 tracphil joined #salt
16:25 whytewolf fyb3r: reactor states are executed on the master. [which is why they need a target] calling the runner module from with in the reactor state should be possable.
16:27 toddnni joined #salt
16:27 racooper joined #salt
16:28 whytewolf fyb3r: or, if you have a minion on the master, would could taget the master
16:28 fyb3r so lets say i want to execute salt.util.diskusage on all minions that returned present from a presence event. Then send their returned dict to couchbase.   couchbase requires the installation of a few python modules in order to interface with it, which I have installed on the master and do not want to install on the minions
16:28 dfinn joined #salt
16:29 __chrish__ Hi! I'm having problems with a SaltStack upgrade. I'm upgrading SaltStack from 2014.07 to 2015.08 on a RHEL6.5 cluster, using the official SaltStack repo. Upgrading the master went well, but each minion that I upgade to 2015.08 becomes unreachable from the master. (salt-run manage.status lists them as "down".) Exploring a bit more with lsof, one different between the old (working)and new (broken) minions is that the new minions o
16:29 fyb3r from what i can tell, executing local.state.sls inside a reactor using -ret will cause the minion to execute the command but then the returner runs on the minion itself, throwing errors due to the couchbase modules missing
16:30 dfsfs joined #salt
16:30 __chrish__ of the master. (No connection to port 4505, unlike the old, working minions.) Any ideas how to fix this? Should I file a bug report? Thanks!
16:31 impi joined #salt
16:32 dfsfs What does the 'Help Wanted' label mean in the issues list (apart from the obvious) ? What distinguishes such an issue from other issues?
16:32 fyb3r oh wait i think i see what you mean whytewolf
16:34 zsoftich2 joined #salt
16:36 MadHatter42 joined #salt
16:39 baweaver joined #salt
16:39 tmclaugh[work] joined #salt
16:40 dfsfs __chrish__: That sounds like https://github.com/saltstack/salt/issues/28424
16:42 __chrish__ dsfs: I restarted the new minions manually. So they are running (confirmed with a look at the output of "ps"), and that is sadly not the problem.
16:42 whytewolf peters-tx: most of the repos have been brought in house. http://repo.saltstack.com/
16:43 harkx joined #salt
16:45 zzzirk joined #salt
16:45 techblaze joined #salt
16:46 dfinn joined #salt
16:47 sdm24 joined #salt
16:47 dfsfs __chrish__:  How about https://github.com/saltstack/salt/issues/28332 ? :-)
16:48 __chrish__ Running salt-call on the 2015.08 minion does work. But running "salt minion_address cmd.run ls" (or anything else) on the master times out. Also, downgrading the minion from 2015.08 to 2015.05 fixes everything.
16:49 __chrish__ dfsfs: Nope again. The minions are running without crashing. They are running on Zmq 3, which I think should be fine.
16:49 peters-tx whytewolf, O_O  wow, that is news.  Thanks.  Looks like I have lots of updating to do (still on last public 2015.5.5.0)
16:51 impi joined #salt
16:51 fyb3r uhoh
16:51 whytewolf __chrish__: are you getting any errors in the logs. and have you tried starting the minion manually in debug mode?
16:51 kulty joined #salt
16:51 dfsfs __chrish__:  Are there any errors when you start the salt-minion service in the foreground ?
16:51 fyb3r 0,0 soon source code will be hard to get
16:52 whytewolf fyb3r: huh?
16:52 ziro` joined #salt
16:52 fyb3r nothin. I usually speak nonsense
16:52 fyb3r :)
16:52 whytewolf lol. ok
16:52 fyb3r btw whyte pretty sure a custom runner is what im after. cheers for the direction mate
16:52 whytewolf fyb3r: no problem
16:53 fyb3r oh an that issue i had a few nights ago that you were helping me with. apparently one of the packages yum update pulled in was causing the network interface to timeout during connection attempts
16:54 fyb3r unsure which one as of yet, but thats the only thing that was done before problems arose on those specific machines. so be careful updating centos 7 ;)
16:54 whytewolf ohhh. that is never fun :(
16:55 whytewolf lol. I don't run centos 7 :P although i should run a couple of boxes just to see whats changed
16:55 fyb3r once I find it out which one ill file an issue to get the heads up out there.
16:55 fyb3r ohhh. you're in for a treat lol
16:56 whytewolf lol, i bet
16:57 hackel joined #salt
16:58 ajw0100 joined #salt
16:59 tristianc joined #salt
17:00 lol_hup joined #salt
17:01 lol_hup Hi.
17:02 writtenoff joined #salt
17:02 dthom91 joined #salt
17:05 joyrida08_ joined #salt
17:06 hightekvagabond joined #salt
17:07 amy_ joined #salt
17:08 tiadobatima joined #salt
17:08 lol_hup I have a question about master security : I've tested a simple config (1 master - 1 client). If I replace the master with another one (different master key), when the client will restart, It will register to the new master. Is it possible to secure the master replacement ? (To prevent nodes to register to a new master if the master key is lost ?)
17:09 ahammond lol_hup uh... that doesn't sound correct.
17:09 ahammond once the minion has the master's key, it takes human intervention on the minion to have it register with a different master.
17:10 * ahammond did this a lot before he got his test environment properly configured
17:10 __chrish__ whytewolf & dfsfs: No error on the minion when running in the console with "salt-minion -l debug" and sending a command from the master. (I get a timeout from the master. By the way, I also tried bumping up said timeout. No change.)
17:10 masterkorp joined #salt
17:10 masterkorp hello everyone
17:12 AndreasLutro joined #salt
17:12 morissette joined #salt
17:13 masterkorp Bootstraping on ubuntu 14.04 is failing
17:13 masterkorp https://ptpb.pw/6-1F
17:13 masterkorp the whole bootstrap proccess
17:14 ggoZ joined #salt
17:15 nidr0x joined #salt
17:15 dfsfs __chrish__: Odd. Any SELinux (or equivalent) running and denying the connection ?
17:16 tiadobatima joined #salt
17:16 lol_hup Thanks ahammond. What i've tested is : made a ubuntu 14.04 LTS master, installed a minion on a win7 host, registered win7 key on master. delleted master, create a new one, restart the minion service. I could see the win7 key as unregistred on the new master. II then registred the key and at this point I could send commands to my win7 minion.
17:16 tiadobatima1 joined #salt
17:17 mapu joined #salt
17:17 ageorgop joined #salt
17:18 __chrish__ dfsfs: Good suggestion. I hadn't thought of that possibility. Maybe. Do you know how to check that off the top of your head? (I'm not a RHEL expert. Much more familiar with Debian & Ubuntu.) Otherwise I'll do some googling on how to check that after I've eating my lunch. :-)
17:18 tiadobatima left #salt
17:18 baweaver joined #salt
17:18 whytewolf __chrish__: you can check with sestatus
17:19 ahammond lol_hup on the minion, once it has connected to a master, you should see /etc/salt/pki/minion/minion_master.pub key. Once that's created, the minion knows which master it belongs to.
17:19 ahammond lol_hup I don't know what exactly you mean when you say "delleted master, created a new one" does this mean destroying and creating a new VM?
17:19 dfsfs __chrish__: 'aureport -a | less' (there's lots of output). I haven't tested 2015.8.* on RHEL6 yet, but 2015.5.* works fine under SELinux in my experience.
17:20 __chrish__ dfsfs: Thanks. SELinux is disabled, it turns out. So that's not the problem either.
17:20 ahammond lol_hup I also don't know where these files end up on windows minions. :)
17:21 zmalone joined #salt
17:21 bhosmer joined #salt
17:22 lol_hup Ahammond, Ok. I think i will test my scenario once again. I would like to use minions on a lan and I don't want someone to replace my salt-master with an other one which could give total access to all of them.
17:23 ahammond lol_hup agreed, that would be a disastrous scenario. If you can figure out a reproduction, please file an issue.
17:25 lol_hup Master side seems to be quite secure : a minion has to be registred with the salt-key cmd to acces to master. But minion side is not so secured (and might not be, manual action on each minion... gggg...). Meantime, it should be enough secure to prevent a "total root access of all..."
17:26 hightekvagabond1 joined #salt
17:28 lol_hup By the way, maybe should exists a secure scenario to handle a master change with change of master key, for certain cases where the master key is lost or hacked...
17:28 lol_hup without manually change each minion...
17:28 fivehole joined #salt
17:31 winsalt joined #salt
17:34 traph babilen, to continue yesterdays tinkering (grains vs pillar), I decided I'm going to stick with the grains, doing this: https://docs.saltstack.com/en/latest/topics/development/conventions/formulas.html#avoid-heavy-logic-and-programming
17:34 traph what do you think?
17:36 quasiben joined #salt
17:36 otter768 joined #salt
17:37 ahammond traph what context? what security requirements?
17:37 breakingmatter joined #salt
17:49 traph ahammond, the minions have grains set which propagate throughout the states. This is a security issue, because it doesn't ensure those key-values are set in a proper conventional way
17:49 ahammond traph consider also nodegroups, if what you're looking to do is manage server roles, for example
17:50 ahammond I'm slowly getting around to writing a whitepaper about our use of nodegroups to replace the foo-bar-role-1234 horrible minion_id stuff.
17:51 traph ahammond, will do. Let me know when you finish it. I'd love to have a read on it.
17:51 hightekvagabond joined #salt
17:51 ahammond traph my plan was to present it at saltconf this year. but yeah, I'm happy to post it before then.
17:51 jaybocc2 joined #salt
17:52 traph ahammond, after the conf is also fine.
17:52 traph I'll definitely look into it carefully
17:52 ahammond traph the brief version is that you can use nodegroups with lists of servers in conjunction with your pillar top.sls to assign roles to servers (along with all kinds of other nifty tricks)
17:53 dthom91 joined #salt
17:54 impi joined #salt
17:56 hightekvagabond joined #salt
17:57 tiadobatima joined #salt
18:00 hal58th__ joined #salt
18:00 hal58th_1 joined #salt
18:01 DammitJim joined #salt
18:01 stupidnic I just got a weird error on a freshly installed salt-minion on Ubuntu 14.04: RSAError: no start line
18:02 DammitJim is there a part of salt that is used just for monitoring?
18:02 stupidnic any clue what that means?
18:02 DammitJim like where I would like to monitor the space left on a partition
18:02 conan_the_destro joined #salt
18:02 RandyT Greetings,
18:02 RandyT Trying to work my way through orchestration setup.
18:03 dthom91 joined #salt
18:03 RandyT How do I add parameters to a salt.function call in orchestration as I describe here? https://gist.github.com/rterbush/2e84cf1c0b7ee7fe46a5
18:03 jaybocc2 joined #salt
18:04 sbogg joined #salt
18:04 RandyT I'd also be interested in any pointers as to how I could make the tgt: a compound to get the value of win_wua.get_needs_reboot
18:05 wendall911 joined #salt
18:07 whytewolf RandyT: here is an example of use args to salt.function https://gist.github.com/whytewolf/fa7b700ef01de2685963
18:08 baweaver joined #salt
18:08 whytewolf RandyT: as for getting the value of win_wua.get_needs_reboot I would say create a custom _grain
18:08 morissette joined #salt
18:10 slav0nic joined #salt
18:11 RandyT whytewolf: thank you, will give that a try.
18:14 markm joined #salt
18:17 hightekvagabond joined #salt
18:19 Puru joined #salt
18:20 rmnuvg joined #salt
18:24 JDiPierro joined #salt
18:24 lagachettefresh joined #salt
18:25 hightekvagabond joined #salt
18:26 lol_hup ahaamond : so, i've just ended my scenario : bring a master on ubuntu 14.04 LTS, install a Win7 minion, register the minion to the master (salt-key -A), send command to test to win7 minion, trash master, set a new master from scratch on ubuntu 14.04 LTS (new master key), restart win7 minion service, wait for 5 minutes, and now, I can register the win7 minion on the new master, and send command to the win7 host (del c:\*). poor securi
18:28 elsmo joined #salt
18:29 lol_hup I can see a C:\salt\conf\pki\minion\minion_master.pub which is not the current master.pub key but the first one.
18:31 nafg joined #salt
18:31 __chrish__ dfsfs: I guess I should file a bug report?
18:36 stevetodd joined #salt
18:37 Rumbles joined #salt
18:37 amcorreia joined #salt
18:39 stevetodd left #salt
18:42 lol_hup Yes, I think too. I don't know if this problem is windows client specific, but for the moment, this product can't be seriously used in production. I used the Salt-Minion-2015.8.1-AMD64-Setup.exe setup file for win7 minion install.
18:42 dthom91 joined #salt
18:44 ldelossa joined #salt
18:44 ldelossa hey guys, quick question, if I bootstrapped installed a salt minion
18:44 ldelossa how do I remove it?
18:45 ldelossa I had a machine I just wanted to prep as a template
18:48 whytewolf ... so. lol_hup came in to explain that a compromised minion can be pointed at a new master? [since he had to restart the minion in order to get the minion to show up on the new master]
18:49 fyb3r so when creating a custom runner, where the hell do you put the folder for it? ive got runner_dirs   set to /srv/custom/runners/   and inside there is the name_of_module.py
18:49 fyb3r >_>
18:50 whytewolf fyb3r: where ever you want. as long as you also point the salt master at the directory. with https://docs.saltstack.com/en/latest/ref/configuration/master.html#runner-dirs
18:50 fyb3r but ive also got extension modules set to /srv/custom/
18:50 morissette joined #salt
18:50 fyb3r i did :(
18:51 fyb3r but salt-run name_of_module    give mes 'name of module' is not available
18:51 whytewolf odd. you restarted the master?
18:51 fyb3r yup
18:51 denys joined #salt
18:51 fyb3r and tested the module outside of salt by passing it the params
18:51 fyb3r no errors
18:52 fyb3r oh fml
18:52 fyb3r one moment
18:52 fyb3r figured it out
18:52 clehene joined #salt
18:53 ilbot3 joined #salt
18:53 Topic for #salt is now Welcome to #salt | 2015.8.1 is the latest | Please use https://gist.github.com for code, don't paste directly into the channel | Please be patient when asking questions as we are volunteers and may not have immediate answers | Channel logs are available at http://irclog.perlgeek.de/salt/
18:54 clehene I have a bunch of sls that all look the same. I want to remove that duplication and have thinner sls that reuse a more general one. Is that possible?
18:54 whytewolf lol no problem
18:54 whytewolf clehene: should be using jinja
18:55 clehene whytewolf:  I'm using jinja - I have several templates along with several sls that generate that template. I don't want to have the template materialization code repeated
18:55 kaptk2 joined #salt
18:55 clehene I'd like to have a generic sls that can generate any template in that "class" of templates
18:56 clehene e.g. s1.sls, s2.sls, s3.sls use common.sls which does the heavy(er) liftying
18:56 clehene lifting
18:57 moeyebus greetings :)
18:57 clehene I guess the more general question is can I reuse sls?
18:57 whytewolf clehene: a. use import. and b. https://docs.saltstack.com/en/latest/ref/states/extend.html#extending-external-sls-data
18:57 clehene whytewolf: thank you!
18:58 zmalone whytewolf: That was maybe incompletely explained, and I'm not on Windows, so I can't confirm.  If you destroy a master, create a new master, and restart the minion, the "proper" behavior is for the minion to say "I can't validate the master's keys.  I'm exiting"
18:58 zmalone On my ubuntu hosts, this is what happens
18:58 controversy187 joined #salt
18:59 zmalone lol_hup was claiming that if you maliciously replace the master, windows minions will connect to the new master and accept commands, even though the master's keys no longer match up with the original master.
18:59 zmalone Unfortunately, I don't have the environment to test that on windows, but I can confirm that I don't see it on Ubuntu 14.04
18:59 zmalone I get
19:00 zmalone https://gist.github.com/zmalone/1c3f3575693ce9dc1e85
19:00 johtso joined #salt
19:00 zmalone given some of the past salt crypto bugs, it's probably worth investigating
19:03 ageorgop1 joined #salt
19:03 whytewolf not sure why that would not work under windows if it works under linux.
19:04 whytewolf the transport auth is the same code for both
19:05 whytewolf unless it isn't able to actually read the master-minion pub
19:05 whytewolf https://docs.saltstack.com/en/latest/ref/states/extend.html#extending-external-sls-data
19:05 whytewolf ack
19:05 whytewolf https://github.com/saltstack/salt/blob/develop/salt/transport/mixins/auth.py#L31-L36
19:07 evanlivingston joined #salt
19:07 controversy187 I'm struggling with provisioning a Rackspace cloud server with salt-cloud. Rackspace assigns a temp IP address, and changes it partway through the provisioning.
19:07 lagachettefresh joined #salt
19:07 controversy187 Is this a common problem?
19:10 Guest55101 joined #salt
19:10 impi joined #salt
19:10 baweaver joined #salt
19:11 whytewolf controversy187: that sounds odd. I've never heard of them doing that
19:12 evanlivingston hey all
19:12 controversy187 It happens even when I spin up a server through their control panel. As it builds, it is assigned an external IP. Shortly after the build finishes, the IP changes to a different value.
19:13 hightekvagabond1 joined #salt
19:14 tristianc joined #salt
19:14 whytewolf that is odd. I'm not sure what would cause that. I myself run openstack [which is what rackspace uses] and have never seen that behavour. you might want to ask them about it cause it isn't normal behavour. with openstack-neutron you generally get an internal ip. then add a flaoting ip once spun up. but you wouldn't be able to access the internal ip with out being on that network
19:15 toddnni joined #salt
19:16 whytewolf also that internal ip doens't go away. it just gets NATTED to the floating ip
19:16 controversy187 I built my master salt server in the network that I am provisioning new servers in, so I would have hoped it would have used the internal IP anyway.
19:17 controversy187 Yes, the internal IP doesn't change, but I did see that when the external IP switches, the salt provisioning hangs.
19:17 RandyT When I have a module installed locally in my _modules dir, what do I need to do to call that in a state?
19:17 RandyT Specifically talking about the iis.py module from salt-contrib.
19:18 whytewolf RandyT: to also have the iis.py _state module
19:18 forrest joined #salt
19:19 RandyT I do and I think as I type I realize what I have done wrong... I am able to call iis.site_action from command line, but not working in state...
19:20 whytewolf RandyT: _module is for exacution modules. and _state is for states.
19:20 RandyT nothing like asking the question to help figure out the answer. :-)
19:20 felskrone joined #salt
19:20 whytewolf controversy187: are you using the nova driver or the openstack driver?
19:20 RandyT I have it working... typo/thinko
19:21 whytewolf lol no problem RandyT
19:21 controversy187 No, I couldn't get that working properly. I'm using the Openstack driver.
19:21 Heartsbane joined #salt
19:22 teryx510 joined #salt
19:22 hightekvagabond1 joined #salt
19:23 whytewolf controversy187: try adding this to your provider ssh_interface: private_ips
19:24 Rumbles joined #salt
19:24 jalbretsen joined #salt
19:25 controversy187 Ok, I'm provisioning now...
19:27 controversy187 It looks like that would have worked, except it was trying to fetch packages during the IP reassignment, so they couldn't download.
19:28 controversy187 At least it didn't hang this time.
19:28 whytewolf humm. okay. see if you can get someone from rack space on the line cause the temp ip thing is not normal as far as i know.
19:28 controversy187 Ok, thanks for your help!
19:29 * jalbretsen pounds head on desk
19:33 aboe joined #salt
19:37 otter768 joined #salt
19:37 tracphil if pygit2 is installed via pip, will it work as intended with gitfs?
19:41 controversy187 whytewolf: Apparently my account is Rackconnect enabled, so Rackspace's own provisioning scripts make those changes. The tech I talked to said I'd need to create a ticket to have it addressed.
19:42 impi joined #salt
19:42 whytewolf controversy187: ahhh cool. that answers that. seems stupid to have a provisioning system do something like that. really puts a crimp in standards
19:43 controversy187 Agreed. Now to write a ticket and wait a day...
19:45 toastedpenguin is there a good reference on how to use a salt module like https://docs.saltstack.com/en/develop/ref/modules/all/salt.modules.win_timezone.html in an sls file?
19:47 RandyT Is there a way to "peek" in on a running highstate or orchestration from the master?
19:47 whytewolf toastedpenguin: depends on what you are trying to do. win_timezone is just timezone which means most likely the timezone state will work.
19:47 whytewolf https://docs.saltstack.com/en/develop/ref/states/all/salt.states.timezone.html#module-salt.states.timezone
19:48 whytewolf RandyT: not really. if it has already returned you could look at the jid
19:50 toastedpenguin whytewolf: I want to set the timezone as part of a salt-cloud deployment, currently I have salt-cloud building a new AWS instance once it is built I run an orchestration that renames the instance, joins the instance to a domain and then performs a salt state on the target which points to an sls file that has packages that need to get installed as part of the deployment
19:50 elsmo joined #salt
19:51 whytewolf toastedpenguin: if you are running an orch why not use salt.function to add the timezone? no need for a sls file. you can call modules directly in orchestration
19:51 alexlist joined #salt
19:52 whytewolf but if you 100% need an sls file https://docs.saltstack.com/en/latest/ref/states/all/salt.states.module.html
19:52 hemebond joined #salt
19:53 toastedpenguin whytewolf: don't necessarily need the sls file, just the way I set it up originally, I do use salt.function to do the system reboots needed for the domain join
19:53 toastedpenguin but that came after i realized the wintools.domain didnt do a reboot automatically
19:54 murrdoc joined #salt
19:54 mohae joined #salt
19:54 aboe joined #salt
19:56 RandyT whytewolf: thanks, fwiw, it appears that lookup_jobs only tells you what has been done.. not what it is doing...
19:56 RandyT crazy hard to debug this stuff it seems :-)
19:57 FredFoo joined #salt
19:57 whytewolf RandyT: that is always the problem with async based products
19:57 RandyT valid point
19:58 __chrish__ left #salt
19:59 mik__R joined #salt
20:02 bhosmer joined #salt
20:05 smkelly This may sound odd, but is there a way to set umask 002 before/for git.latest? I need the checkout to be group writeable.
20:05 smkelly er, clone
20:05 jaybocc2_ joined #salt
20:06 impi joined #salt
20:07 GreatSnoopy joined #salt
20:11 dthom91 joined #salt
20:11 boredatwork There is a salt.state.iptables component.  How do people do linux tc (traffic control) commands in salt?
20:12 ahammond boredatwork oooh, you wanna write a tc module / state? :)
20:14 boredatwork ah, yes, the open source contribution thingy.  do you have a link which provides some guidance to work the back end?  I'm barely into writing states, but I've done python before.  Maybe it might not be too difficult.  Famous last words.
20:14 felskrone joined #salt
20:16 winsalt im having some trouble bootstrapping a vmware windows minion with salt-cloud.  it hangs trying to connect to port 445, anyone know why?
20:16 whytewolf boredatwork: https://docs.saltstack.com/en/develop/topics/development/index.html have fun storming the castle.
20:17 RandyT winsalt: I don't have any experience with vmware and salt, but you likely need to pass the powershell snippet  to the windows instance.
20:17 RandyT on AWS, that is done through user-data api.
20:18 whytewolf RandyT: he is still in bootsrapping, it isn't a minion yet :P
20:18 whytewolf just kidding
20:18 winsalt yeah, i logged in through vcenter and put that snippet in, but it still kept failing
20:18 whytewolf brain is shutting down
20:18 RandyT whytewolf: :-)
20:19 winsalt is it something you have to do on the template beforehand?
20:19 bhosmer joined #salt
20:19 teryx510 joined #salt
20:20 murrdoc joined #salt
20:20 elsmo joined #salt
20:20 RandyT winsalt: https://docs.saltstack.com/en/latest/topics/cloud/windows.html
20:21 RandyT not specific to vmware, but should give you an idea what needs to happen.
20:23 dthom91 joined #salt
20:23 winsalt yeah, its kinda sparse like most of the docs.
20:25 RandyT winsalt: :-) helps you remember it better when you decipher it.
20:25 RandyT I feel your pain
20:26 RandyT winsalt: there are a bunch of other little gotchas on deploying windows instances.
20:26 RandyT be sure to grab a "1.1" version of winexe if you are deploying windows 2012
20:26 mkjgore joined #salt
20:27 winsalt ahh see, thats the kind of thing im looking for.
20:27 RandyT be sure to install impacket mentioned at the top of that page
20:27 RandyT been slogging through the windows deploy process for last few weeks with the help of this channel
20:28 * whytewolf cringes
20:28 RandyT I'll be offline for the next few but feel free to ping me and I will get back to it later
20:28 RandyT need to repay my question kharma :-)
20:28 mkjgore hey folks, I'm trying to do some runner development via pyCharm but was wondering where the salt interpreter for python resided
20:29 mkjgore does it carry its own or just run on whatever is available on the machine/
20:29 mkjgore ?
20:29 whytewolf mkjgore: it runs what ever is on the machine.
20:29 RandyT whytewolf: cringing that I might be giving someone else guidance. :-)
20:29 whytewolf RandyT: no cringing because so much mention of windows
20:29 jaybocc2 joined #salt
20:30 RandyT whytewolf: I hear you... I've considered jumping every day for the past few weeks...
20:31 whytewolf mkjgore: you might also want to read this. it helped me a few times when i actually tried pitching in the salt frontline https://docs.saltstack.com/en/latest/topics/development/hacking.html
20:31 RandyT need to at least know these windows boxen are under control before I start figuring out how to get us off of it...
20:31 baweaver joined #salt
20:32 twork joined #salt
20:34 ilbot3 joined #salt
20:34 Topic for #salt is now Welcome to #salt | 2015.8.1 is the latest | Please use https://gist.github.com for code, don't paste directly into the channel | Please be patient when asking questions as we are volunteers and may not have immediate answers | Channel logs are available at http://irclog.perlgeek.de/salt/
20:34 toastedpenguin I need to do a refresh on the windows minion before i install the packages or they fail and currently I am doing it manually...and forgeting about 50% of the time
20:35 whytewolf toastedpenguin: I would say so. it is important. I would put it in orch as well as put it in a start reactor
20:36 amy_ joined #salt
20:37 toastedpenguin whytewolf: not up on the reactor use I am embarassed to say, and my current setup is still a little manual, after salt-cloud builds the windows instance I have to manually run the orchestration
20:38 whytewolf toastedpenguin: no problem. something to look forward to learning when you get there
20:39 murrdoc joined #salt
20:40 pdayton joined #salt
20:41 freelock hi
20:41 freelock I'm trying to drop a literal regex into some pillar data, and getting "Rendering SLS... failed."
20:41 dthom91 joined #salt
20:41 freelock This is what I'm putting, in a list:
20:42 freelock - "~* /cameras/.*\.(jpg|jpeg|gif|png)$"
20:42 impi joined #salt
20:42 freelock how would I escape that so Pillar will render it and pass to the minion?
20:42 freelock (I don't need the quotes, trying to put this value into a salt state using salt['pillar.get'])
20:43 freelock e.g. what character does Yaml not like?
20:44 hal58th joined #salt
20:44 hal58th_ joined #salt
20:44 freelock hmm, answering my own question... it seems to work if I remove the quotes
20:46 clintber_ joined #salt
20:46 mkjgore whytewolf: Hey, so after doing a bit of reading and successfully getting some feedback from a senior guy this fixed it… create a virtualenv for the salt repo then "pip install salt==your_version_here"
20:46 mkjgore thanks again
20:46 mkjgore just thought I would share my solution
20:47 subsignal joined #salt
20:47 whytewolf so many answering their own questions. yay!
20:48 controversy187 whytewolf: fwiw: adding the line rackconnect: True to my profile allowed me to provision a Rackspace server within Rackconnect.
20:49 whytewolf huh, didn't know there was a rackconnect item. learn something new.
20:53 hightekvagabond joined #salt
20:53 lagachettefresh joined #salt
20:55 MikeyYeahYeah joined #salt
20:57 ry joined #salt
20:58 mapu joined #salt
20:58 grieve joined #salt
21:00 ry joined #salt
21:04 ahosking joined #salt
21:04 opensource_ninja joined #salt
21:05 dthom91 joined #salt
21:06 ajw0100 joined #salt
21:08 clintberry joined #salt
21:09 lagachettefresh joined #salt
21:13 cberndt joined #salt
21:18 fyb3r Awesome. Whytewolf, that runner idea worked flawlessly.
21:20 whytewolf fyb3r: nice
21:21 conan_the_destro joined #salt
21:27 nidr0x_ joined #salt
21:28 ekristen joined #salt
21:29 pdayton joined #salt
21:30 pdayton1 joined #salt
21:30 baweaver joined #salt
21:31 hackel joined #salt
21:32 pdayton1 joined #salt
21:34 hal58th__ joined #salt
21:34 hal58th_1 joined #salt
21:38 dthom91 joined #salt
21:38 otter768 joined #salt
21:39 giantlock joined #salt
21:40 jaybocc2_ joined #salt
21:44 twork i keep asking this and getting no answer. does the dev/qa/prod strategy described in https://docs.saltstack.com/en/latest/topics/tutorials/states_pt4.html#environment-configuration ...actually work?
21:45 hemebond twork: I believe so.
21:45 hemebond I have something similar.
21:45 hemebond Though I haven't tested it extensively.
21:45 twork hemebond: i keep trying it and getting errors.
21:45 hemebond What errors?
21:48 twork hemebond: damn, i've got it all taken apart right now so i don't have exact copies to show. :\ but the gist is... if a path appears under (say) both dev and qa, i get an error saying it conflicts
21:48 hemebond twork: Then you possibly have your targeting wrong.
21:48 hemebond Your targeting should only match to a single environment.
21:48 twork but i thought that the one that appears first would just win
21:49 hemebond It does, but not if you explicitly apply multiple environments.
21:49 hemebond e.g., applying the dev environment will first try dev, then qa, then prod.
21:49 twork sorry i don't follow
21:50 hemebond But if your targeting matches for both dev AND prod, then it will apply them as if they were separate.
21:50 hemebond Try doing a state.show_top
21:50 hemebond That will show you which states are going to apply.
21:50 hemebond If possible, post your top.sls for your environments (or just your main top.sls if you have only the one)
21:50 twork ok, thanks. i'll get things back to where they were and do that.
21:53 Gi0 joined #salt
21:53 iggy or do what the rest of us do and use separate masters instead of saltenv
21:54 twork well there's a thought...
21:54 twork dunno, that might make too much sense...
21:54 hemebond iggy: Are your masters with the minions or outside the environment?
21:54 twork wait, acually what i'm trying to accomplish won't work with separate masters.
21:55 iggy the masters have minions
21:55 MikeyYea_ joined #salt
21:56 twork i'll post again and put a link up here.
21:57 saltstackbot joined #salt
21:58 iggy just noticed the bot was gone, set it up so it will restart itself when freenode kicks it (instead of dying)
22:01 s_kunk joined #salt
22:01 saltstackbot [reddit-saltstack] Saltstack minions always lost connections in python scripts https://www.reddit.com/r/saltstack/comments/3shdz8/saltstack_minions_always_lost_connections_in/ - 2015-11-12 - 01:36:47
22:04 nafg joined #salt
22:05 ahammond is there an easy way to run a state.sls in test mode and get back a list of minions where there were changes?
22:05 hemebond ahammond: There is a test parameter
22:06 hemebond test=True I think
22:06 hemebond (or true)
22:06 iggy I don't think it's something I'd rely on working across all states
22:07 ahammond iggy yeah, I know, I don't entirely trust it, but the formula only uses file.* and cmd.run / cmd.wait
22:07 ahammond the real question is how to reduce that to a list of servers where changes would be made.
22:09 Tyrm_ joined #salt
22:11 whytewolf it isn't the greatest tool. watches don't trigger so anything with a watch won't know that it is supposed to show a change. also iirc there is something funky about how cmd.run works with test=True
22:12 ahammond whytewolf it runs the unless command I imagine, but if you can't write that so that it doesn't have side-effects, well...
22:12 twork i use test=True all the time and yeah, dependencies "fail" in cases where the op further up didn't run (bacause it was in test mode).  and similar.
22:13 larsfronius joined #salt
22:13 twork but it beats finding out the hard way that i wrote something wrong.
22:13 twork ...which is part of why i'm trying to get dev/qa/prod working now
22:16 hightekvagabond joined #salt
22:16 orionx joined #salt
22:16 hightekvagabond joined #salt
22:17 ahammond so... any practical way to get just minions where some state reported change or failure?
22:17 dthom91 joined #salt
22:27 dthom911 joined #salt
22:28 Tyrm joined #salt
22:29 woodtablet joined #salt
22:33 nidr0x joined #salt
22:36 lagachettefresh joined #salt
22:38 fyb3r left #salt
22:39 tox_ joined #salt
22:41 Thiggy joined #salt
22:42 opensource_ninja joined #salt
22:42 KajiMaster joined #salt
22:52 timoguin joined #salt
22:52 zsoftich2 ahammond: https://docs.saltstack.com/en/latest/ref/configuration/master.html#state-output
22:53 zsoftich2 this help at all?
22:54 zsoftich2 I use mixed...which gives a very terse output for everything but changes and failures in which it gives full output
22:56 hightekvagabond joined #salt
22:58 Rumbles joined #salt
22:58 nidr0x joined #salt
23:01 Tyrm joined #salt
23:01 jimklo joined #salt
23:03 timoguin joined #salt
23:05 ahammond zsoftich2 I'm using changes, but I can't just pipe that into a script. :(
23:06 mosen joined #salt
23:08 toddnni joined #salt
23:08 whytewolf ahammond: you can output into json and pass that to a script --out json
23:09 ahammond whytewolf awesome. Thanks!
23:10 wendall911 left #salt
23:10 wendall911 joined #salt
23:14 tristianc joined #salt
23:15 klocek joined #salt
23:15 superseb joined #salt
23:15 mohae joined #salt
23:18 RandyT quick question about requisites...
23:19 RandyT lightbulb just going on regarding the importance of these... does each requisite type (require, prereq, etc) require a parameter, or can I specify the required state ID as a value to the requisite key?
23:20 hemebond RandyT: I believe it requires the type.
23:20 hemebond But...
23:20 hemebond I think you can require an entire state, rather than just a single resource within that state.
23:21 RandyT hemebond: and in that case, what is the "type" of a named state ID?
23:21 hemebond State?
23:21 hemebond Lemme have a looky
23:21 RandyT exactly the issue I am unclear about... :-) that would make sense... but not finding it in the doc page.
23:22 RandyT looking at this: https://docs.saltstack.com/en/latest/ref/states/requisites.html#direct-requisite-and-requisite-in-types
23:22 RandyT I can specify sls: if I want an entire state file...
23:22 hemebond sls
23:22 hemebond Right there under "Require an entire sls file"
23:22 RandyT but that is not what I am after... or is the entire file a "state"?
23:23 RandyT trying to specify the state ID if I am using that terminology correctly.
23:23 whytewolf RandyT: think of it as a module. sls: is a module that handles both files as well as single ids
23:23 RandyT whytewolf: ok, so sls it is, thanks to you both, will give that a go.
23:24 raygunsix joined #salt
23:25 whytewolf coarse, this is just a hypothetical. caus eI have never tested it :P
23:25 RandyT and is it reasonable to declare multiple dependencies with multiple require: keys?
23:25 RandyT whytewolf: understood, I am about to
23:26 whytewolf define reasonable? :P require takes a list so you can put multiple keys inside it
23:27 RandyT ah, ok
23:27 whytewolf coarse if the cheeze wiz is getting long you can start working with the _in versions
23:28 RandyT I am sure I am about to go overboard here, but realizing that this is probably at the core of why I am seeing unpredictable behavior...
23:29 baweaver joined #salt
23:31 drawsmcgraw If the cheeze wiz is getting long.....
23:31 hightekvagabond joined #salt
23:35 ajw0100 joined #salt
23:39 otter768 joined #salt
23:39 nidr0x joined #salt
23:41 toastedpenguin whats the proper syntax for using an execution module in an sls file?  should I be using module.run, salt.function?
23:41 scooter joined #salt
23:43 whytewolf toastedpenguin: state sls file suse module.run orchestration use salt.function
23:43 zmalone joined #salt
23:43 whytewolf state sls files are run on the minion. orchestration sls files are run on the master
23:44 johtso joined #salt
23:44 toastedpenguin whytewolf: thx, that helps my confusion...
23:45 toastedpenguin and that explains why in the orchestration file you have to specify a target
23:45 whytewolf exactly
23:46 whytewolf orchestration is mostly for if you want to setup something big and need some servers running one thing before other servers run something else
23:46 toastedpenguin so for the timezone module, specifying the actual time zone, is that an argument or is it specified some other way in a orchestration
23:46 whytewolf that would be an arg:
23:48 toastedpenguin whytewolf: hmm, so we had someone help get our salt-cloud deployments working and they setup the orchestration to do the post salt-cloud work as I mentioned earlier, we deploy an IIS webserver, then use the orch to join domain, followed by the call to a state file to do the SW install
23:48 toastedpenguin not sure it was the best way to do it, but it works, I hadn't messed with orchestration until now
23:49 whytewolf toastedpenguin: https://gist.github.com/whytewolf/aa7820779c2aa408dc87
23:50 whytewolf thats kind of a quick tossed together orchestration stanza
23:51 whytewolf here is one i actually use for setting up a part of my network for openstack https://gist.github.com/whytewolf/fa7b700ef01de2685963
23:52 lynxman joined #salt
23:53 leev joined #salt
23:55 ThomasJ joined #salt
23:55 al joined #salt
23:56 Rockj joined #salt
23:57 Laogeodritt joined #salt
23:57 synical joined #salt
23:57 toastedpenguin whytewolf:  thx, those examples help a lot
23:58 whytewolf no problem

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary