Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2015-11-20

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:04 Ryan_Lane joined #salt
00:04 larsfronius joined #salt
00:04 indispeq joined #salt
00:04 copelco joined #salt
00:06 zmalone joined #salt
00:09 ssplatt joined #salt
00:09 cberndt joined #salt
00:19 CeBe joined #salt
00:22 alibama joined #salt
00:23 jaybocc2_ joined #salt
00:27 Waggott14 joined #salt
00:30 aqua^c joined #salt
00:30 otter768 joined #salt
00:31 ageorgop joined #salt
00:35 lude joined #salt
00:37 MindDrive Hmm, is there any way for a minion to be able to determine for itself if it's able to properly communicate with the master(s)?
00:37 mr_chris joined #salt
00:43 hemebond MindDrive: As far as I know the minion is always checking.
00:43 hemebond There is no master -> minion communication.
00:47 MindDrive hemebond: Regardless if the minion is checking itself, I was asking if there was an external way to verify this.  I need to put in some Nagios/Icinga checks in place to ensure things with the Salt infrastructure are good here.  I've found plenty of scripts that can do something from the master (e.g. https://gist.github.com/bastichelaar/4170793 ) >>
00:47 justanotheruser joined #salt
00:47 MindDrive and know that something like 'salt-run manage.down' is a basic option, but my hope was to be able to have each individual host have its own check instead.
00:47 hemebond MindDrive: You didn't mention external checks.
00:47 MindDrive (Otherwise an alert will always be going off for much of the time for the masters)
00:48 hemebond Easiest way would probably be to use the master.
00:48 hemebond test.ping will tell you if the minion is there and connected.
00:48 hemebond Otherwise just do a TCP connect from the minion to the master on 4505; if it connects then it can connect.
00:54 aqua^c_ joined #salt
00:55 MindDrive manage.down will do that as well.  But it means the alert will almost always certainly be going off on every master, as our environments are big and there's always at least several machines down or misbehaving.  Oh well.  (Regarding the TCP connect - that will let me know it can connect, but not the health of the minion and I've been running into issues where the minions get in really bad states, so... guess there's no easy way to check tha
00:55 MindDrive t.)
00:57 bhosmer_ joined #salt
00:58 Andre-B joined #salt
00:58 shaggy_surfer joined #salt
00:59 aqua^c joined #salt
01:00 brianfeister joined #salt
01:05 fsteinel_ joined #salt
01:06 iggy sounds like a good feature request
01:06 baweaver joined #salt
01:07 hemebond What do you mean by "really bad states"?
01:07 iggy MindDrive: does a salt-call saltutil.sync_all (or pillar_refresh) crap out on your minions that are "in a bad state"?
01:09 MindDrive Iggy: So far I've been unable to determine which ones are in this state, just that thousands of files per minute are created on one of the masters non-stop until I restart salt-minion across the environment; when it's in that state, 'salt-run manage.down' won't even complete (though some other commands can be run).
01:10 iggy oh yeah, you mentioned this earlier, what version of salt?
01:10 iggy 2015.5, got it
01:10 iggy _everything_ is 2015.5?
01:11 MindDrive Yes, everything.
01:11 iggy there was a bug in <=2014.7 that could lead to what you are seeing
01:11 iggy basically there was no way to tell if an event was started from another event, so you end up filling your job cache
01:12 iggy I used to routinely run my master out of inodes
01:12 MindDrive I can do a scan again to see what's there, I guess, but I'm relatively certain everything's up to date... let me see...
01:15 MindDrive sudo salt '*' cmd.run 'rpm -q salt-minion' | grep -v 'salt-minion-2015.5.0-1' -> returns no stragglers on a different version.
01:15 iggy well, that shoots my idea out of the water
01:15 * iggy goes back to slaving away
01:18 baweaver joined #salt
01:20 RobertChen joined #salt
01:28 mr_chris joined #salt
01:29 SubOracle joined #salt
01:30 rideh joined #salt
01:31 RobertChen source: http://mysite.com/jaguar-client.noarch.rpm
01:31 tristianc joined #salt
01:31 RobertChen my site does not have md5 hash, can I use file.managed?
01:33 kitplumm_ joined #salt
01:40 iggy file.managed requires a hash for http:// uris
01:44 RobertChen joined #salt
01:45 RobertChen I think many ask this before, many sites do not have hash.  Puppet does not ask hash. Why is it required ?
01:47 ssplatt joined #salt
01:49 PeterO joined #salt
01:50 zmalone RobertChen: many people wonder about that, the Saltstack people feel that downloads over http/https are insecure unless you know the content you are requesting ahead of time, so that you can confirm you get what you ask for.
01:51 alibama joined #salt
01:52 RobertChen understand that, but it is not very convenient in real production environment. Especially internal company site.
02:03 RobertChen understand that, but it is not very convenient in real production environment. Especially internal company site.
02:08 xela joined #salt
02:11 mr_chris- joined #salt
02:14 otter768 joined #salt
02:18 mr_chris joined #salt
02:20 virusuy joined #salt
02:21 sn00py joined #salt
02:26 RobertChen at least should provide an option to ignore hash?
02:29 xela joined #salt
02:29 lorengordon RobertChen: generating a hash is pretty easy. since you know the file you are downloading, just download it once, gen the hash, and put the hash in the state file
02:30 RobertChen that needs extra work in sls file.
02:30 racooper joined #salt
02:31 lorengordon not really, it is one line, `source_hash:`.
02:32 lorengordon and it protects you from changes to your system if the file changes without you being aware
02:33 RobertChen I mean I need wget it first, cacualte the hash, and then put it into file.managed, source_hash, we want to automate everything.
02:33 lorengordon if you truly, truly wanted to hack around it, you could use jinja to execute a salt module that downloaded the file, gen'd the hash, and populated the `source_hash:` parameter all within the state run
02:33 mr_chris joined #salt
02:34 qman__ frankly, it is really dangerous to do an unverified http download
02:35 lorengordon or, as part of managing the hosting site, you could create the hash file when you update the file and host it next to the file
02:36 lorengordon `source_hash` can point to a url.
02:36 RobertChen great, Iorengordon, how to populate the source_hash from another module run?  I really want to know this trick.
02:36 RobertChen understand that.
02:36 qman__ you could automate the deploy process of the files to generate the md5 hashes
02:36 aqua^c joined #salt
02:36 RobertChen we are a huge company, contents on the http site is managed by other teams.
02:37 lorengordon {{ salt['cmd.run']('my custom command that gen's the hash') }}
02:37 qman__ md5sum $file > $file.md5 %% [scp|rsync|cp]
02:37 catpigger joined #salt
02:37 qman__ well, that's exactly why it's dangerous
02:38 qman__ someone cuold replace an important file with a broken, infected, or wrong one
02:38 qman__ managing the hashes can help with that
02:39 lorengordon rather than cmd.run, you could also write a custom module or script that takes exactly the parameters you want, and does exactly what you want
02:39 RobertChen then how to put the md5 or notify  file.managed source_hash?
02:39 lorengordon that's what the jinja is for
02:39 lorengordon jinja is rendered before the state executes
02:40 RobertChen source_hash: {{ salt['cmd.run']('my custom command that gen's the hash') }}  you mean this?
02:40 RobertChen got it
02:40 lorengordon so, the hash would be in the state when the state executes
02:40 lorengordon exactly
02:40 kitplummer joined #salt
02:41 lorengordon another option, which is what i would do in your situation (and i am, actually), would be to rehost the files on your own web/fileserver and update the hash each time you update the hosted file
02:45 lorengordon then your state points at your own hosted copy, and the hash you generated
02:45 lorengordon and you automate the process to pull in a new copy periodically and gen the new hash
02:45 teryx510 joined #salt
02:46 sn00py joined #salt
02:47 iggy you could also grab the file state/module file that does the hash checking, put a local copy in _states/_modules, and hack it to not require the hash
02:48 brianfeister joined #salt
02:52 Alex__ joined #salt
02:53 bw joined #salt
02:54 bw having trouble with master_job_cache... i've tried mongo, mysql and they both give me similar error: [WARNING ] Returner unavailable: 'mongo_return.get_load'
02:54 bw i placed documented settings in master conf, but maybe i'm missing a step?
02:56 sunkist joined #salt
02:56 bw tried: https://docs.saltstack.com/en/2015.5/ref/returners/all/salt.returners.mongo_return.html#module-salt.returners.mongo_return
02:56 sn00py joined #salt
02:57 favadi joined #salt
02:57 bw when running test.ping with --return mongo_return, no errors, but nothing goes into db. mongodb/salt logs show nothing
02:57 bw when adding master_job_cache in master conf, i get above warning
02:59 brianfeister joined #salt
03:01 Alex__ joined #salt
03:08 syadmn joined #salt
03:10 syadmn hi!
03:13 cpowell joined #salt
03:13 syadmn a small question, I try this but it diswork: {{ salt['pillar.get'][host_server]('netmask_eth0') }}
03:13 syadmn host server is a jinja variable
03:13 hemebond syadmn: Your brackets are wrong
03:14 hemebond Pretty sure you had a different username yesterday...
03:14 syadmn and I try to print "network." for get network.hostname
03:14 syadmn yeah sorry, forgot what I choose
03:14 hemebond {{ salt['pillar.get'](host_server)['netmask_eth0'] }}
03:15 hemebond Though I think iggy gave you a better syntax last time.
03:15 syadmn and if I need ("network."host_server)
03:15 syadmn in my pillar, I use Pillar/Network/hostname.sls
03:15 evle joined #salt
03:15 hemebond What is your Pillar structure?
03:16 iggy the name of the pillar file is immaterial (except for the top file)
03:16 syadmn oh yes
03:16 syadmn ok
03:18 syadmn thanks a lot, that the good way
03:20 syadmn If I need ($host_server"_network"), how I write it ?
03:22 syadmn I had try it => {{ salt['pillar.get'](host_server"_network")['gateway_eth0'] }}
03:23 hemebond syadmn: http://www.didfinishlaunchingwithoptions.com/concatenate-or-append-strings-in-jinja/
03:23 sn00py joined #salt
03:23 hemebond No idea if that's a good way to do it.
03:23 hemebond Or even if it's the only way.
03:23 syadmn Thanks for helping guy, i'm gonne try
03:29 syadmn It's work !
03:29 syadmn {{ salt['pillar.get'](host_server_net|join)['address_eth0'] }}
03:29 syadmn =)
03:30 ipmb joined #salt
03:30 RobertChen joined #salt
03:36 otter768 joined #salt
03:43 kitplummer joined #salt
03:47 Andre_ks Hi
03:48 Andre_ks any idea why a salt module will report unfound?
03:48 Andre_ks it's supposed to be a built in module?
03:48 Andre_ks State glusterfs.create found in sls gfs is unavailable
03:48 Andre_ks (rather... unavailable...)
03:48 mosen I think sometimes if hte dependency cant be located
03:49 mosen eg. if it can't import the python module it depends on
03:51 Andre_ks the minion debug shows nothing further than the master about this
03:51 Andre_ks any suggestions?
03:51 Andre_ks I would really like to use the glusterfs.create module state
03:52 Andre_ks that is built in...
03:52 Andre_ks otherwise will need to code it up
03:52 Andre_ks which I can, but doesn't that defeat the purpose of the module?
03:55 Andre_ks perhaps the module is dependent on a very specific version of glusterfs?
03:56 Andre_ks any ideas where i can find the dev repo for the modules?
03:57 mosen not sure about what you need for glusterfs
03:58 mosen I'll check the module page
03:59 Andre_ks well, just wanted to see if I could fish out any bug.
04:00 Andre_ks I'm using ubuntu 14.04
04:00 Andre_ks wondering if perhaps there's a bug due to that
04:03 Andre_ks it's interesting... because this is the only debug output.  perhaps I can increase the debug level?  Any idea how to do that?
04:03 Andre_ks [ERROR   ] State glusterfs.create found in sls gfs is unavailable
04:04 Andre_ks it's as if the module was not there at all...
04:05 Andre_ks got it, doing, -l all to get more verbose
04:05 larsfronius joined #salt
04:05 mr_chris joined #salt
04:08 mosen i think its glusterfs.created not create
04:08 mosen lookin at the state doco
04:09 chrischris joined #salt
04:09 edulix joined #salt
04:09 rideh joined #salt
04:09 okfine joined #salt
04:09 jeblair joined #salt
04:10 tvinson joined #salt
04:10 wm-bot4 joined #salt
04:12 bryguy joined #salt
04:12 jY joined #salt
04:12 Andre_ks https://docs.saltstack.com/en/develop/ref/modules/all/salt.modules.glusterfs.html#module-salt.modules.glusterfs
04:12 Andre_ks I guess it's not rolled out yet?
04:12 Andre_ks it's in develop?
04:13 Andre_ks my mistake... I thought it was in the release.  it's in dev
04:17 bw Hi - having trouble with returners
04:18 bw in any returner i try - mysql, mongo -- i see this in minion logs: http://pastebin.com/qAW9WKrT
04:20 Andre_ks mosen: found it
04:20 Andre_ks https://github.com/saltstack/salt/blob/01490387d714256191b3017fe488175b55231bbf/tests/unit/modules/glusterfs_test.py
04:20 Andre_ks is there a path I can drop this into a 'modules' dir in my salt master?
04:21 mosen oh my bad
04:21 mosen thats just a unit test, not the actual module
04:23 Andre_ks oh
04:24 Andre_ks well, off I go to do what I do to deploy the glusterfs then
04:24 Andre_ks thanks!
04:24 Vynce joined #salt
04:31 brianfeister joined #salt
04:32 lemur joined #salt
04:33 baweaver_ joined #salt
04:42 Cidan joined #salt
04:59 bastiandg joined #salt
05:00 kitplummer joined #salt
05:00 RobertChen joined #salt
05:12 PeterO joined #salt
05:20 impi joined #salt
05:24 jimklo joined #salt
05:30 bastiandg joined #salt
05:34 jimklo joined #salt
05:36 rdas joined #salt
05:44 quix joined #salt
05:45 lastmanstanding joined #salt
05:49 lastmanstanding left #salt
06:00 nidr0x joined #salt
06:00 Rebus joined #salt
06:02 nidr0x joined #salt
06:04 charli joined #salt
06:06 calvinh joined #salt
06:10 charli joined #salt
06:11 salt-noob joined #salt
06:12 linjan joined #salt
06:14 kshlm joined #salt
06:17 otter768 joined #salt
06:23 xDamox joined #salt
06:30 dayid joined #salt
06:38 felskrone joined #salt
06:40 sunkist joined #salt
06:43 ageorgop joined #salt
06:43 favadi joined #salt
06:59 antpa joined #salt
07:01 antpa joined #salt
07:02 kitplummer joined #salt
07:17 DanyC joined #salt
07:23 av_ joined #salt
07:25 ubikite joined #salt
07:26 DanyC joined #salt
07:33 jhauser joined #salt
07:40 Ssquidly joined #salt
07:41 KermitTheFragger joined #salt
07:41 AndreasLutro joined #salt
07:44 FredFoo joined #salt
07:49 ITChap joined #salt
07:52 keimlink joined #salt
08:07 larsfronius joined #salt
08:08 kawa2014 joined #salt
08:13 GreatSnoopy joined #salt
08:15 malinoff joined #salt
08:15 eseyman joined #salt
08:15 rotbeard joined #salt
08:18 otter768 joined #salt
08:20 armyriad joined #salt
08:23 honestly someone riddle me this
08:23 honestly https://gist.githubusercontent.com/duk3luk3/f97ae33a4f3827810c37/raw/3bdf695dd8664aa065e2c979f6c90771ba4f647c/gistfile1.txt
08:34 maveas joined #salt
08:46 informant joined #salt
08:55 Guest71482 joined #salt
08:56 calvinh joined #salt
09:01 illern joined #salt
09:03 thalleralexander joined #salt
09:03 calvinh joined #salt
09:04 kitplummer joined #salt
09:04 thalleralexander joined #salt
09:07 rotbeard joined #salt
09:10 CeBe joined #salt
09:11 kawa2014 joined #salt
09:12 FunkyJunky joined #salt
09:13 mbrgm joined #salt
09:14 Rumbles joined #salt
09:14 mbrgm hi! is there a way to setup a condition, depending on another state? i.e. "{% if state_is_set_for_minion('a') %}"? a second option I'm trying to do is 'override' state a from state b...
09:16 mbrgm what I'm trying to do exactly is: I have a sls for setting up networking. but when my host is set to be a kvm dom0 host, some interfaces should be configured differently... so one way I can imagine is checking for the presence of the kvm state in the networking state and then handle that case there. the other way would be to override parts of the networking state in the kvm state, which would be my preferred
09:16 mbrgm option as it seems to be less coupled.
09:17 AndreasLutro mbrgm: not sure if what you want to do is possible - have you considered using pillars for your network config data?
09:18 mbrgm AndreasLutro: I already use pillars. so you mean overriding some pillar values in other pillars?
09:18 AndreasLutro yes
09:19 mbrgm AndreasLutro: ok, this would be one option. I just found the state extensions mechanism... maybe this can do what I want.
09:20 antpa What is the best way to set up salt-cloud where I can edit the ID of the minion automatically after deployment?
09:25 ingslovak joined #salt
09:26 saltman joined #salt
09:26 saltman I try to install jdk with pkg.install on my windows minion, do I run this module:
09:27 saltman this coomand: /cygdrive/c/salt/salt-call.bat pkg.install jdk
09:28 saltman and it gives me the following result:   ] Command ['c:\\salt\\var\\cache\\salt\\minion\\files\\base\\win-pkgs\\jdk\\jdk-7u79-windows-x64.exe', '/S'] failed with return code: 1639
09:28 saltman I also try the /s and /q flags
09:28 saltman this happens only with this package
09:28 saltman any help?
09:30 saltman I use salt 2015.5.2
09:31 linjan joined #salt
09:34 s_kunk joined #salt
09:45 Waggott14 joined #salt
09:51 linjan_ joined #salt
09:52 DanyC joined #salt
10:01 elsmo joined #salt
10:02 AirOnSkin Is there a way to show which states would be applied to a minion? I know about state.highstate test=true, but I'm looking for something like: salt myminion state.list
10:03 AirOnSkin Or to explain my situation... I've noticed, that a certain state doesn't get applied to my minions but it should. When I run a test.ping to check if the compound match works, I see the minions, but running a highstate doesn't apply these states
10:05 Mate state.show_highstate? state.top may also help
10:05 Mate *show_top
10:06 FunkyJunky joined #salt
10:16 hobs joined #salt
10:17 giantlock joined #salt
10:17 hobs Do you need single quotes when referencing pillar variable? i.e. pillar['editor'] rather than pillar[editor]? Second doesn't work for me but that's how it appears in docs (https://docs.saltstack.com/en/getstarted/config/pillar.html)
10:17 AndreasLutro hobs: typo in the docs
10:17 hobs Thanks. Shall I file a ticket?
10:18 AndreasLutro sure, or a pull request if you can
10:18 hobs Ok, pull request coming up
10:19 AndreasLutro actually I'm not sure if that webpage is on github
10:19 otter768 joined #salt
10:22 kawa2014 joined #salt
10:23 AndreasLutro joined #salt
10:27 hobs You're right. It's on leanpub. How do I get it fixed?
10:32 VSpike Does anyone know if salt-cloud can pass user data to an EC2 instance on creation yet?
10:33 hobs Sorry, my confusion. Not on leanpub.
10:34 DanyC VSpike: you can pass/ inject files using file_map:
10:35 DanyC VSpike: that is how i do it to inject repo files or post scripts which does the same job as the user_data but a bit later in the chain (not using the cfn)
10:36 bluenemo joined #salt
10:36 antpa joined #salt
10:38 VSpike DanyC: how do you execute your scripts without manual intervention?
10:46 hobs Where is the Getting Started documentation maintained?
10:48 DanyC VSpike: i don't do any manual intervation, basically i say to salt cloud: inject those files into my minions and then because i'm using it together with salt master, when highstating into that minion, the states will use the local injected files to run the stuff
10:55 VSpike Ah, OK. But how do you get the salt-minion installed and all that good stuff? Roll an AMI?
10:57 VSpike I like to use a standard AMI if at all possible, so I was creating a bootstrap script in powershell to set the computer name to the instance id, set the primary DNS suffix, join a workgroup, install the minion, and reboot
10:57 calvinh joined #salt
10:57 VSpike I can create a 1 liner to grab that script from S3 say, and run it, but it would be nice if I didn't have to RDP into the box at all
11:02 bhosmer joined #salt
11:03 hojgaard joined #salt
11:06 kitplummer joined #salt
11:09 VSpike Ah file_map is Linux only anyways
11:10 VSpike So yeah, I still need user data for this to work, since I've never ever been able to get salt-cloud's Windows provisioning bit to work
11:13 elsmo joined #salt
11:20 slav0nic joined #salt
11:28 tristianc joined #salt
11:34 NV joined #salt
11:42 antpa joined #salt
11:49 calvinh joined #salt
11:49 traph joined #salt
11:51 kawa2014 joined #salt
12:00 Brainscrewer joined #salt
12:00 Brainscrewer does anyone have an indication how long it normally takes for a vm to be deployed with the virt.init command?
12:01 Brainscrewer The command says that everything went OK, but still no VM to be seen
12:03 favadi joined #salt
12:05 favadi joined #salt
12:13 fredvd joined #salt
12:14 giantlock joined #salt
12:17 mbrgm joined #salt
12:19 alibama joined #salt
12:20 otter768 joined #salt
12:21 CeBe joined #salt
12:22 zerthimon joined #salt
12:28 alibama joined #salt
12:34 Brainscrewer so
12:35 Brainscrewer what's up with this error
12:35 Brainscrewer https://gist.github.com/anonymous/0995c611ad4e564a5e26
12:35 Brainscrewer makes no sense
12:35 mbrgm joined #salt
12:39 _JZ_ joined #salt
12:39 linjan_ joined #salt
12:39 denys joined #salt
12:46 rotbeard joined #salt
12:50 calvinh joined #salt
12:50 alibama joined #salt
12:51 Brainscrewer What does this error exactly mean? virt.init does not support disk profiles in conjunction with qemu/kvm at this time, use image template instead
12:51 Brainscrewer what is an image template? i have a .img file with an OS
12:52 calvinh_ joined #salt
12:57 calvinh joined #salt
12:59 calvinh_ joined #salt
13:01 losh joined #salt
13:02 AirOnSkin Mate: Thanks for that. Didn't know these...
13:03 impi joined #salt
13:08 RandyT VSpike: I'm a bit late to the discussion here, but the answer to at least one of your questions is yes, you can pass user-data to an EC2 instance, Windows or other
13:09 larsfronius joined #salt
13:10 kitplummer joined #salt
13:10 granjow joined #salt
13:11 granjow Hey there! I just set up the tutorial environment with vagrant according to the docs and now I'm trying to get the pillars running, i.e. https://docs.saltstack.com/en/getstarted/config/pillar.html
13:12 granjow Now, there seem to be two problems. First, /srv/pillar/ never exists because it is not configured to be a shared folder in Vagrant. So I added the line, and my local pillar folder is now on /srv/pillar/. I hope this was more or less correct.
13:13 antpa joined #salt
13:13 granjow The second problem is that pillars do not work. I can list them with salt '*' pillar.items, and it replies as it should:
13:13 granjow minion1:     ----------     editor:         vim
13:13 granjow minion2:     ----------     editor:         nano
13:14 antpa joined #salt
13:14 hobs grantjow: try using pillar['editor'] - it needs the quote - the docs have a typo
13:14 ollins joined #salt
13:14 granjow hobs: ah -- much better! Thank you!
13:15 hobs grantjow: that cost me some time this morning :-)
13:15 granjow Ha. Thanks for finding it out for me too :)
13:15 hobs We need to fix that doc but it's managed outside of the docs github. Can anyone point me towards fixing this?
13:15 granjow How did you solve the /srv/pillar/ directory? Did you create the files in the master VM?
13:16 hobs grantjow: yes
13:16 antpa joined #salt
13:16 VSpike RandyT: got a link on how to do it?
13:18 antpa joined #salt
13:20 granjow hobs: Docs on this could be improved as well, what do you think?
13:20 RandyT VSpike: I think I noticed some Windows questions from you as well?
13:20 RandyT https://docs.saltstack.com/en/latest/topics/cloud/windows.html
13:20 RandyT just getting spun up in this part of the world...
13:22 RandyT VSpike: and regarding your comment on not being able to spin up Windows instances on EC2, I can probably help with that as well as some others in here.
13:23 hobs granjow: Sure. 2 people stuck at once suggests a problem
13:24 morissette joined #salt
13:25 granjow RandyT: Happen to know who can be pinged about updating docs.saltstack.com?
13:27 RandyT granjow: sorry, no. Not in github I see...
13:27 alvinstarr joined #salt
13:27 RandyT something I should figure out as well as there are a number of little time wasters in tthere
13:28 hobs RandyT: +1 on that - the missing quotes appears on at least 2 pages
13:28 granjow ok :) So is there a saltstack person around?
13:29 AndreasLutro just open a github issue
13:34 RandyT Does anyone have suggestion of a good ext_pillar to look at, "good" being something that enables a solid security policy around management of the data?
13:34 RandyT I'm not really comfortable with putting passwords, etc. in git repo for example...
13:34 RandyT even with controlled access...
13:37 LotR RandyT: why don't you just look at the list of pillars and see if you like one? https://docs.saltstack.com/en/latest/ref/pillar/all/index.html
13:38 RandyT LotR: because I would like some input from the collective knowledge here regarding experience with
13:38 granjow hobs: Are you going to create the issue, or do you want me to do it? You probably found more occurrences than I did.
13:38 RandyT LotR: I'm aware of the options. I'm asking for a bit of shared experience
13:39 hobs granjow: I'll do it.
13:39 granjow hobs: Thanks. :) The other issue about /srv/pillar/ already existed: https://github.com/UtahDave/salt-vagrant-demo/issues/17
13:39 saltstackbot [#17]title: Adding pillar dir | I really like the Getting Started Guide. It's a lot of fun to learn Salt interactively....
13:40 Brainscrewer can anyone help me with this error message? https://gist.github.com/anonymous/f7e9b46fe1e5b690ee7e
13:40 Brainscrewer i'm not really sure what the issue seems to be since im using the correct notation
13:40 LotR RandyT: but nothing is inherently secure, is it? it all depends on how you set it up
13:41 LotR RandyT: why couldn't you make a git repo secure too for example?
13:41 RandyT LotR: absolutely, but some things have limitations. for example, a git repo has very few controls around it, which limit options to enable security.
13:42 ITChap joined #salt
13:42 RandyT I'm not familiar with all of the external pillar options, perhaps someone as done that investigation and could share
13:43 DanyC RandyT: i tried for the exact reason to obfuscate the secretes in pillar sls files using gpg and then let master to decrypt it - it was a waste of time
13:43 LotR my guess from the list of options is that the ldap one seems the most 'enterprise'-y, so that's probably where you have the most options regarding securing it
13:44 RandyT DanyC: yes, some real challenges there, I've been toying with ways to employ KMS to handle this stuff... but not clear if some of those pillar options would fit better than others.
13:44 DanyC RandyT: reason - you need to pay attention to the special char or you end up with errors like i did. And as you might guess you can't control that. So i'm a the point where i can't store my pillar  data ing git together with my states because of this
13:45 RandyT I know Ryan_Lane has offered confidant to the public which is interesting, but perhaps a bit of overkill for my environment presently.
13:46 DanyC RandyT: before i was on OpenStack now i'm moving to AWS and we are using salt cloud/ master hence i'm planning to look at KMS however i can't easily re-use the same principle Ryan and co did
13:46 claque2000 joined #salt
13:47 DanyC RandyT: i spoke with him about confidant and is an interesting approach however i need to dig more as it might be too much for my little env - where i ahve < 100 secrets to protect ;)
13:47 RandyT LotR: I'm not really an ldap fan, perhaps from the enterprise-y experience I have had with it. :-)
13:47 claque2000 hello, I got a question about salt behavior
13:48 RandyT DanyC: that is exactly my challenge. It would definitely solve my current issues with security and secrets, but it is yet another big project that I am not in a position to take on just yet.
13:48 claque2000 using orchestration, sometimes I got 'states ran completed' but in fact, it's not completed and the salt master goes to the next step
13:48 claque2000 and of course, it fails
13:48 LotR RandyT: you might want to write the mailing list. that's a bit less time-sensitive than irc, so you'll probably get better answers
13:49 claque2000 moreover than orchestration, I put require between each step
13:49 claque2000 so how can salt consider a step is finished when it's not finished ?
13:49 LotR RandyT: especially if you include all the clarifications you added to your initial question here
13:49 claque2000 if I run the step alone, it goes from begin to end correctly
13:50 DanyC RandyT: if oyu look at this - https://github.com/saltstack/salt/issues/28793 Ryan raised it after our chat
13:50 saltstackbot [#28793]title: Enable ext_pillar for minions in master/minion mode | When using secret management systems like Confidant, it's better for minions to fetch their secrets directly, rather than having the master fetch the secrets, then distribute them to the minions. It would be nice to be able to use ext_pillar on minions directly, even if in master/minion mode (it already works in masterless). In this mode it should merge the pillars from the
13:50 RandyT LotR: thanks, I will get an email off to the list. Have not spent any time with the list subscription just yet... finally getting through some of the initial learning curve with windoze/salt etc...
13:51 RandyT DanyC: I saw that issue when Ryan filed it. Makes complete sense and appears that behavior may make it in soon.
13:51 Brainscrewer claque2000: you can add an order
13:51 Brainscrewer maybe that helps
13:52 DanyC RandyT: and inside you can see a link to hashicorp - i guess that is my next approach i'm going to try. If the above issue will be fixed than things will be very easy with KMS since you could have some data in ext_pillar and the secrets will be pulled by minions from KMS - perfect case
13:52 claque2000 will try it
13:52 claque2000 but orchestration only should be sufficient
13:53 marsdominion joined #salt
13:53 DanyC RandyT: which will sort out all the downsides of relying 100% on Master to rotate keys - impossible or to secure it due to imported private keys etc etc. give a go to Vault and see what/ how it works out
13:54 RandyT DanyC: yes, vault was one of the other approaches I had been looking at but as this issue points out,  it is fundamental to this all working that the minions can query the pillar data directly
13:54 subsignal joined #salt
13:55 RandyT I think S3 could be an option, but unfortunately, KMS support is still in develop branch
13:57 DanyC RandyT: and what will be the flow for S3? storing the passwords there (i get that) and then how that will interfere with the minions and how the targeting will done?
13:59 hojgaard joined #salt
13:59 mik__R joined #salt
13:59 RandyT DanyC: (warning, still green here on pillar, etc.) I would assume that minion could be assigned KMS key by IAM role and that direct access to S3 for secret data in whatever format would satisfy requirement to secure passing of these secrets.
13:59 johtso joined #salt
14:00 RandyT again, if using pillar, that may require the issue to be resolved to allow direct access by the minion, but there are other ways to get that data via S3 me thinks
14:01 hobs granjow: https://github.com/saltstack/salt/issues/29080
14:01 saltstackbot [#29080]title: Get Started Documentation Syntax Error | There are 2 instances where the quotes are omitted when referencing pillar variables:...
14:01 DanyC RandyT: i see. And i guess you were talking about this issue https://github.com/saltstack/salt/pull/25767
14:01 saltstackbot [#25767]title: Add AWS KMS support to S3 |
14:02 RandyT yes, you can see me in there whining about it. :-)
14:02 [vaelen] joined #salt
14:03 GrueMaster joined #salt
14:04 DanyC hobs: in the issue #29080 you have _ should read `{{pillar['editor']}} _ and i suspect you meant _ should read {{pillar['editor']}} _ or am i missing s'thing ?
14:05 hobs DanyC: I can't spot the difference between those?
14:05 mpanetta joined #salt
14:06 DanyC RandyT: thanks. Well you can see for issue #28793 i can wait a looong time as i doubt anyone will look into that area soon
14:06 ITChap joined #salt
14:06 hobs DanyC: Was it just the missing backtick (fixed)?
14:06 DanyC hobs: the diff is the first backtick before pillar which i believe it shouldn't be there
14:07 DanyC hobs: you got it ;)
14:07 hobs DanyC: Thanks for spotting that
14:07 DanyC hobs: pleasure
14:07 granjow hobs: thanks!
14:09 DanyC hobs: and if the issue https://github.com/saltstack/salt/issues/22082 was sorted you wouldn't need to raise a new one, you could have done it yourself. I hope Salt chaps will shift the light onto opening up more for the quality to increase
14:09 saltstackbot [#22082]title: add a feedback link to each documentation page | Sometimes i run into issues which could be avoided via documentation, but there doesn't appear to be an easy way to provided suggested improvements on the page in question. If there was it might lead to rapid incremental improvement....
14:09 alibama joined #salt
14:10 hobs DanyC: That would be really helpful. Overall I've found the docs pretty decent, especially given how many warnings I've encountered about the docs
14:11 ssplatt joined #salt
14:11 kitplummer joined #salt
14:21 otter768 joined #salt
14:24 rbjorklin joined #salt
14:25 rbjorklin Hey, I'm sending an event to reactor which triggers a runner orchestrate. How can I catch the output from the runner and return it in some way?
14:27 bhosmer joined #salt
14:31 chiui joined #salt
14:32 sunkist joined #salt
14:34 JDig joined #salt
14:35 sunkist joined #salt
14:35 JDig What are the common patterns when preparing a salt-minion for cloning i.e. making a template of the VM with the minion already deployed?
14:36 KermitTheFragger joined #salt
14:39 racooper joined #salt
14:39 mik__R joined #salt
14:40 pdayton joined #salt
14:42 amcorreia joined #salt
14:43 cyborg-one joined #salt
14:46 ekristen joined #salt
14:47 pezus joined #salt
14:47 pezus hi guys
14:48 pezus i want to check whether a postgres database exists via a salts states file
14:48 pezus {% if not salt['postgres_database.present' ]('testdatabase') %}
14:48 pezus 'salt.loader.LazyLoader object' has no attribute 'postgres_database.present'
14:48 pezus what am i doing wrong?
14:50 AndreasLutro pezus: what makes you think there is a postgres_database module?
14:50 is_null joined #salt
14:50 pezus AndreasLutro: https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.postgres.html
14:51 AndreasLutro can't find "postgres_database" anywhere on that page
14:51 is_null hi all, any idea why salt uses fresh pillars with state.highstate, but not with state.orch ? i've restarted the server and saltutil.{clear_cache,sync_all,refresh_pillar}
14:51 giantlock joined #salt
14:51 pezus oh wait, do i have to use the module and not a state?
14:52 pezus i used it from https://docs.saltstack.com/en/2015.5/ref/states/all/salt.states.postgres_database.html
14:52 AndreasLutro when you do salt[...]() you're calling modules, not states, so yes
14:52 ssplatt JDig, sounds like you want salt-cloud
14:53 VSpike RandyT: sorry, was out at lunch... I saw the page at https://docs.saltstack.com/en/latest/topics/cloud/windows.html before a while back, but it appears to be a documentation error since at least when i tried it, userdata_file was not actually a valid option
14:54 alibama joined #salt
14:55 pezus ok, i changed it to postgres.db_exists but i get the equivalent error
14:56 AndreasLutro pezus: https://github.com/saltstack/salt/blob/develop/salt/modules/postgres.py#L67-L73 says that the postgres module will only be loaded if the "psql" executable is available, and if the "csv" python module is available
14:56 mpanetta http://blog.docker.com/2015/11/dockercraft/ <-- need an interface like that for salt ;)
14:56 RandyT VSpike: works quite well as I am passing a number of things in that api
14:57 VSpike Ah, it was added not long after I asked about it, it seems :)
14:58 TooLmaN joined #salt
14:58 VSpike RandyT: Did you manage to get Salt's built-in provisioning to work for Windows EC2 boxes? Never worked for me.
14:58 RandyT VSpike: as for provisioning Windows minions with Salt... there are some gotchas. Specifically around version of windows and version of winexe
14:58 catpig joined #salt
14:58 VSpike RandyT: I've created a bootstrap script of my own now, so if I can use userdata to download and run it I'm good
14:59 RandyT assuming you are using winexe to provision, you can provision 2008 server versions with winexe 1.0 without a problem. You need to find a 1.1 version of winexe with samba4 support in order to provision the 2012R2 version of windows server.
14:59 cpowell joined #salt
14:59 RandyT That probably desperately needs to find its way into the docs as it bites everyone I have spoken to.
15:00 VSpike I was thinking I'd have to use "aws ec2 get-password-data" and then use winexe to send a command to download and run my script
15:00 RandyT VSpike: once you find the magic, it works quite nicely.
15:00 VSpike RandyT: Ah, OK, interesting. Will test that.
15:00 RandyT need to run a meeting here.. back later
15:00 asco1aro joined #salt
15:01 VSpike RandyT: ISTR that the script it gives at https://docs.saltstack.com/en/latest/topics/cloud/windows.html#firewall-settings is wrong too
15:01 RandyT no, that works
15:01 VSpike RandyT: I don't think changing the WSMan ports to 445 is a good idea
15:01 RandyT and is required
15:02 andrew_v joined #salt
15:02 perfectsine joined #salt
15:02 cpowell joined #salt
15:03 denys joined #salt
15:05 pezus AndreasLutro: thanks, after installing the packages on the minion, it works. but it seems odd that i first have to install the packages before i can run this module as i wanted to do also the package installation via salt
15:06 zmalone joined #salt
15:08 rbjorklin The smtp returner is only returning empty emails. What am I missing?
15:09 brianfeister joined #salt
15:16 antpa joined #salt
15:17 dijit Hi, is it still the case that stateful scripts can just output 'changed=yes' on the final line?
15:17 dijit or does it have to be json output now?
15:17 dijit I'm asking because salt seems to always mark my script as failed.
15:24 ipmb joined #salt
15:25 hasues joined #salt
15:25 hasues left #salt
15:28 I joined #salt
15:30 dijit nobody? :\
15:35 dkrae joined #salt
15:36 lorengordon dijit: that should still work. perhaps the script is exiting non-zero?
15:37 dijit I don't think it could. :S I'll check anyway.
15:37 deus_ex joined #salt
15:38 hackel joined #salt
15:41 claque2000 left #salt
15:43 Brew joined #salt
15:49 timoguin_ joined #salt
15:56 thalleralexander joined #salt
16:05 sdm24 joined #salt
16:09 ageorgop joined #salt
16:13 PeterO joined #salt
16:14 kitplummer joined #salt
16:15 brianfeister joined #salt
16:16 mr_chris joined #salt
16:18 mbrgm left #salt
16:22 otter768 joined #salt
16:24 winsalt joined #salt
16:28 tristianc joined #salt
16:29 adeschamps joined #salt
16:30 masterkorp joined #salt
16:32 kitplummer joined #salt
16:32 VSpike Does anyone know how I can stop salt-cloud attempting to connect to a Windows minion via SSH? I actually want to disable Salt's deployment stuff completely because I'm using my own bootstrap
16:34 mage_ any idea why can't I do this {% extend "{{ cfg['django']['config']['settings_template'] }}" %}  ?
16:35 bhosmer joined #salt
16:35 alibama joined #salt
16:35 dijit mage_: something about {{}} not being available inside {%%}
16:35 alibama joined #salt
16:35 dijit iirc
16:35 mage_ mmh :(
16:37 winsalt vspike, deploy: False in your cloud profile will do that
16:37 mage_ any idea how to resolve this ?
16:38 winsalt whats cfg mage_, is ita variable you define earlier?
16:39 mage_ yep
16:40 whytewolf {% extend cfs['django']['config']['settings_template'] %}
16:40 whytewolf err s/cfs/cfg
16:40 winsalt ^ that, its available in jinja without the {{}}
16:40 VSpike winsalt: Hm, I already have that but it doesn't seem to work. Perhaps "false" is no good and it has to be "False". Or maybe it can't be inherited from a base profile.
16:41 winsalt it has to be False because thats the python keyword
16:41 larsfronius joined #salt
16:42 numkem joined #salt
16:43 VSpike winsalt: Ah OK, usually YAML is more relaxed. BTW, are you sure it's not something that was in the aws driver but is missing from the ec2 one?
16:44 mapu joined #salt
16:46 winsalt im not sure, havnt used ec2.  But if you had it as 'false' then it definitely wouldnt work.  I see there is a script parameter for ec2, so if False doesnt work maybe you could use 'script: None' or something
16:47 VSpike winsalt: Thought ec2 replaced aws as a driver? Or do you use neither?
16:48 winsalt niether, Ive only started messing with the vmware driver
16:52 AlberTUX1 joined #salt
16:55 sroegner joined #salt
16:56 VSpike winsalt: I've put both of those in, but it still seems to be attempting to SSH to the box. Looks like a bug to me
17:00 winsalt perhaps, maybe the deploy parameter is missing in ec2 like you said.  Whats your plan for bootstrapping windows without the salt stuff, if you dont mind me asking?
17:00 winsalt are you running salt-cloud with '-l debug' or '-l all' ?
17:05 zsoftich2 joined #salt
17:08 Fiber^ joined #salt
17:11 racooper joined #salt
17:12 saltstackbot [reddit-saltstack] Getting ip address of instance in reactor file https://www.reddit.com/r/saltstack/comments/3tl54w/getting_ip_address_of_instance_in_reactor_file/ - 2015-11-20 - 17:09:57
17:13 VSpike winsalt: I'm using https://bitbucket.org/fastmarketstoolsscripts/ec2-bootstrap-win/src which I just created. I pass the stub in the user data
17:14 VSpike It's still a bit manual though. For a start, I have to kill salt-cloud after a while otherwise it hangs for ages trying to SSH to the box.
17:14 VSpike Then I have to wait for the key to appear and accept it (I can script that bit)
17:15 jalbretsen joined #salt
17:15 VSpike It's been a while since I called state.highstate from the master to a Windows minion ... I pretty much always do it from the minion itself so I can watch the output for problems
17:16 VSpike I notice I keep getting "Minion did not return. [No response]", even though salt-run jobs.active shows that the job started
17:18 szhem joined #salt
17:23 writtenoff joined #salt
17:33 moogyver joined #salt
17:34 stomith offhand, how do I run an individual sls state instead of all, when running with state.highstate?
17:35 Nazca__ joined #salt
17:35 robawt stomith: salt/salt-call state.sls <nameofstate>
17:35 robawt but don't make a habit of it
17:35 stomith robawt, why not? I'm curious
17:38 robawt stomith: you can make dependencies across different states, and you can also run a state against a host not assigned to it
17:39 kitplummer joined #salt
17:39 robawt so you can say run database.sls against the webserver, but now why did that happen it's a database!
17:40 RandyT VSpike: I also see the same message about "minion did not return". Especially on longer running jobs.
17:49 VSpike RandyT: It's a problem that seems to come and go
17:51 VSpike winsalt: script now updated with some comments :)
17:51 notnotpeter joined #salt
17:54 bhosmer_ joined #salt
17:59 rbjorkli1 joined #salt
18:01 Ssquidly joined #salt
18:01 baweaver joined #salt
18:02 iggy stomith: I disagree... last place I worked had lots of one off states... I state-ified pretty much everything I did on a normal basis (module.run pkg.upgrade, etc...)
18:02 baweaver joined #salt
18:02 ajw0100 joined #salt
18:03 iggy that also had to do with the UI I was writing that only did states (don't ask why it couldn't do modules too)
18:05 beardedeagle joined #salt
18:05 whytewolf stomith: 90% of my own testing is running states on their own. only later adding them to a highstate of orchestration. also. I would recomend getting in the habbit of using state.apply state.apply can change between single state files or the full highstate by just including a state file name or not.
18:06 bhosmer_ joined #salt
18:06 rbjorklin joined #salt
18:07 iggy assuming you're using a new enough version that has state.apply :(
18:09 whytewolf ohyeah good point
18:09 iggy (which you should be)
18:09 whytewolf well yeah most everyone should have upgraded past 2015.5,0 by now
18:10 iggy I should have phrased that as "if your version of salt says state.apply isn't available, upgrade for the love of flying spaghetti monster"
18:10 mage_ whytewolf: thanks :)
18:10 hal58th__ joined #salt
18:11 hal58th_1 joined #salt
18:19 nafg joined #salt
18:19 marsdomi_ joined #salt
18:21 Corey Ryan_Lane: Hello.
18:22 denys joined #salt
18:23 otter768 joined #salt
18:25 mapu joined #salt
18:25 bhosmer_ joined #salt
18:26 Tanta_G joined #salt
18:28 jaybocc2 joined #salt
18:29 marsdominion joined #salt
18:30 Brew joined #salt
18:32 toddnni joined #salt
18:35 sunkist joined #salt
18:36 Brew joined #salt
18:38 RedundancyD joined #salt
18:39 RedundancyD joined #salt
18:41 bhosmer_ joined #salt
18:43 mattyp joined #salt
18:43 perfectsine joined #salt
18:44 chiui joined #salt
18:44 mattyp hey eveyone, I'm trying to use the `pkg.installed` state to install thing on a mac using homebrew... we have a state which used to work in 2014.7 but stopped working in 2015.8  I tried looking in the changelog for something that would cause it to break but no luck so far
18:44 mattyp Does anyone have any suggestions on where to start for that?
18:45 hal58th joined #salt
18:45 hal58th_ joined #salt
18:47 robawt mattyp: have you run the highstate with debug mode log output?
18:51 debian112 joined #salt
18:52 ec2-user1 joined #salt
18:54 mattyp yes i have
18:54 mattyp I get this:
18:54 mattyp [INFO    ] Running state [jq] at time 11:53:24.946048 [ERROR   ] State 'pkg.installed' was not found in SLS 'luggage' Reason: 'pkg' __virtual__ returned False
18:54 mattyp [INFO    ] Running state [jq] at time 11:53:24.946048
18:54 mattyp [ERROR   ] State 'pkg.installed' was not found in SLS 'luggage' Reason: 'pkg' __virtual__ returned False
18:54 mattyp sorry for formatting
18:54 hal58th joined #salt
18:55 hal58th_ joined #salt
18:59 bhosmer_ joined #salt
19:00 mattyp so my guess is that the virtual check is failing... this appears to be f salt.utils.which('brew') and __grains__['os'] == 'MacOS':         return __virtualname__     return False
19:00 mattyp Main line to ocnsider:
19:00 mattyp if salt.utils.which('brew') and __grains__['os'] == 'MacOS':
19:01 whytewolf check the os grain. I know on macs that 2015.8 sometimes shows up as proxy
19:03 mattyp how do i do that? :P
19:03 mattyp I'm relatively new to salt,
19:03 whytewolf salt-call grains.get os
19:03 amcorreia joined #salt
19:04 whytewolf or salt 'minionid' grains.get os
19:04 debian112 hello:
19:05 debian112 I have some servers where saltstack highstate stop working
19:05 racooper joined #salt
19:05 mattyp ah i'm getting 'proxy' as my os grain
19:05 debian112 this is in the minion config of all the nodes: http://paste.debian.net/334403/
19:07 debian112 it works fine when it is ran locally on the server
19:07 debian112 what should I look for
19:07 debian112 ?
19:07 mattyp How does your os grain get set
19:09 whytewolf mattyp: check to see if this helps https://github.com/saltstack/salt/issues/27488
19:09 saltstackbot [#27488]title: Mac 'os' grain is broken in version 2015.8.0 |
19:11 mattyp That is probably it @whytewolf!   Thanks I'll try updating
19:11 mattyp Thanks for you help!
19:13 THK joined #salt
19:18 baweaver joined #salt
19:18 kitplumm_ joined #salt
19:24 Guest71482 joined #salt
19:24 forrest joined #salt
19:28 ageorgop joined #salt
19:29 ajw0100 joined #salt
19:30 antpa joined #salt
19:31 thayne joined #salt
19:33 scoates joined #salt
19:34 Guest89 joined #salt
19:34 kitplummer joined #salt
19:40 hal58th__ joined #salt
19:40 hal58th_1 joined #salt
19:41 shaggy_surfer joined #salt
19:41 forrest joined #salt
19:42 Tween joined #salt
19:42 Tween Greetings
19:42 shaggy_surfer joined #salt
19:43 larsfronius joined #salt
19:46 Tween I have a question regarding GIT_PILLAR
19:47 Tween specifically the top file
19:48 Tween If i define other environments in the base top.sls file (in master) would those also need to be defined in the ext_pillar on the master
19:48 Tween or would environment definitions be dynamically mapped to branches?
19:51 Knuta I think they're dynamically mapped, and you're supposed to put "{{ env }}:" instead of "base:" in the topfile to allow merging easily
19:51 Knuta you can hardcode the repositories, but if you use __env__ or something for the branch name it's mapped dynamically
19:53 Tween hmmm
19:54 Tween I'll try that and see what happens, my understanding from the docs is that using __env__ would simply replace it with what was in gitfs_base, which defaults to master
19:54 ecdhe joined #salt
20:04 kitplumm_ joined #salt
20:05 spiette joined #salt
20:09 Vynce joined #salt
20:09 buhman joined #salt
20:09 GreatSnoopy joined #salt
20:12 Bryson joined #salt
20:16 kermit joined #salt
20:19 kermit joined #salt
20:21 kitplummer joined #salt
20:24 otter768 joined #salt
20:26 mpanetta Anyone here familiar with the nginx-formula?  Specifically with the nginx-ng part?
20:26 mpanetta I'm having an issue setting the log_format
20:32 ajw0100 joined #salt
20:33 NotBobDole joined #salt
20:36 baweaver joined #salt
20:38 pyropoptrt joined #salt
20:39 forrest mpanetta, Nope sorry, I never touch the ng stuff
20:40 mpanetta forrest: Ah darn... Problem is it is dumping the config dict to the file in alphabetical order, which breaks logging because the log_format directive has to come before the access_log directive... :(
20:40 mpanetta No idea why it is in alphabetical order, I don't see a sort anywhere...
20:42 forrest mpanetta, Yeah, I don't either after a quick glance.
20:43 mpanetta So weird
20:45 kitplummer joined #salt
20:45 kitplumm_ joined #salt
20:48 mpanetta argh what a PITA
20:50 Rkp < mpanetta> No idea why it is in alphabetical order, I don't see a sort anywhere... < isn't that the default behaviour from python dictionaries? they have a weird sorting order going on internally
20:50 Rkp not necessarily alphabetic though
20:51 mpanetta I thought they were completely unsorted unless you specifically used a sorted dict?
20:51 Knuta Tween: that's just the master <-> base mapping, the other environments will be mapped by branch name directly
20:51 mpanetta Yeah this is definitely in alphabetical order
20:51 mpanetta Which is weird
20:51 Knuta Tween: the master <-> base thing is just because the default environment in salt is base, and the default branch in git is master.
20:52 whytewolf mpanetta: could the conversion to json to set the context be forcing a reorder of the dict?
20:52 mpanetta whytewolf: That is the only thing I can think that might do it.
20:52 Rkp if I'm not wrong, due to the fact the pillar data is stored as a python dict you might not get the directives in the order they're defined in the pillar
20:53 mpanetta Rkp: I've not tested, but probably right.
20:53 Rkp if the recipe iterates over all the keys at some point in the recipe
20:53 Rkp at least I had this happen to me with the haproxy recipe
20:54 Knuta you could use any puthon data structure I think, so if you care about order you could just do a list of tuples?
20:54 Knuta (disclaimer: I never tried anything but dicts)
20:54 mpanetta Not sure how to do tuples in pillar tho
20:55 Rkp I don't think you have control over that with the default jinja templating stuff and that's likely how the nginx recipe is written
20:55 giantlock joined #salt
20:55 mpanetta The nginx-ng recipie is magic
20:58 Rkp https://github.com/saltstack-formulas/nginx-formula/issues/40 and https://github.com/saltstack-formulas/nginx-formula/blob/master/nginx/ng/files/nginx.conf yep that might be why
20:58 saltstackbot [#40]title: Parameters sorted incorrectly inside nginx.conf | Currently I'm suffering an issue due to contents being sorted with includes first:...
20:59 SWAT joined #salt
20:59 forrest mpanetta, This is why I don't use the ng stuff :\
21:00 aboe joined #salt
21:01 Rkp don't think there's an easy fix for it, it's broken by design lol
21:01 mpanetta Well poo
21:02 whytewolf mpanetta: looks like there is an issue that has some traction on OrderedDicts to be used in pillar https://github.com/saltstack/salt/issues/12161
21:02 saltstackbot [#12161]title: ENH: Read Pillar files into OrderedDict to preserve source order | It would be great if .iteritems of pillar data read out in source order....
21:04 mpanetta whytewolf: That would be perfect
21:04 forrest mpanetta, How many configs are you looping through?
21:05 Knuta could you hack it, XSS style? Like doing "log_format: blabla\naccess_log blabla"?
21:06 mpanetta forrest: Just one thankfully
21:06 forrest mpanetta, lol
21:06 forrest why aren't you just dropping it in sites availab/enabled and making it a managed file?
21:07 Kelsar Does anybody actually use salt with gentoo?
21:07 mpanetta forrest: Um... I hate myself? :P
21:07 forrest mpanetta, Fair enough
21:07 mpanetta No idea, we all thought it would be a good idea to use the formula, never had an issue until now.
21:07 forrest Kelsar, There are a few people who do. I can count the number of times someone has asked about gentoo on here on two hands in the past... two+ years.
21:08 forrest mpanetta, Were you previously using ng formulas? Or regular ones
21:08 forrest the regular formula should work fine
21:08 mpanetta forrest: Previously we were just dropping managed files in the dir...
21:09 forrest mpanetta, Yeah I'd probably do the same. Maybe have some fancy pillar substitution for sites inside the managed files, then loop through each one
21:09 forrest if I had to
21:09 baweaver joined #salt
21:09 mpanetta forrest: We are only using nginx as a reverse proxy anyway.  So not even doing multiple sites or anything complex like that.
21:09 forrest mpanetta, I just drop it in as well: https://github.com/gravyboat/hungryadmin-sls/blob/master/salt/hungryadmin/app.sls#L82
21:09 forrest mpanetta, Oh yeah, screw using the ng formula then.
21:10 mpanetta I will have to bring it up to the team on monday...
21:11 Kelsar forrest: atleast i do learn python debugging with it now ;)
21:11 forrest Kelsar, Very true.
21:12 Kelsar And pull-request seems to get through quiet fast, which is motivating
21:12 antpa joined #salt
21:14 mpanetta forrest: Is that your web page? :)
21:14 forrest mpanetta, Yeah it's the salt code that deploys my site.
21:14 mpanetta hah cool
21:14 forrest yup. If the damn reactor was supported in masterless minion it would be a 'push to git' deploy
21:14 forrest Right now I still have to hop on the box and run the salt code since it runs masterless sadly
21:14 forrest masterless reactor is coming soon(TM)
21:15 mpanetta Hrm, can't put a small shim on there and use a webhook?
21:15 forrest I should really just figure it out myself and contribute that.
21:15 forrest mpanetta, And hook up to which portion of salt though?
21:15 forrest the webhook isn't the problem, the masterless minion not having a way to listen properly is
21:15 mpanetta Ah crap... salt-api is only on master isn't it...?
21:15 mpanetta Ah yeah
21:15 mpanetta You could just call salt-call in the shim? :P
21:16 forrest then I'd have to punch a hole in the firewall for the webhook and write a listener service to run the salt-call, which I don't really want to do.
21:16 mpanetta Yeah
21:16 sunkist joined #salt
21:16 forrest Logging onto the box and deploying takes about 30 seconds
21:16 forrest so I'd need a shit ton of blog posts for it to earn the time back.
21:16 mpanetta haha
21:17 forrest Honestly I'm being a stubborn ass about it because the reactor should be in the minion
21:17 forrest https://github.com/saltstack/salt/issues/15265
21:17 saltstackbot [#15265]title: Bring reactor system to minions | Right now reactors are a master-only feature, but it would be really nice to be able to react locally to events, especially if not using a master. For instance, it would be really awesome to react to udev events or to etcd events.
21:17 forrest it's been over a year
21:17 mpanetta Makes sense
21:17 mpanetta Wow but it is such a nice feature
21:17 forrest Tom worked on it
21:17 forrest I just don't understand his comment regarding finishing it for ZMQ
21:17 forrest since you don't use ZMQ in masterless.
21:18 forrest it's not documented anywhere either that I could find.
21:18 forrest so I have no idea what's going on with it now
21:18 mpanetta no but ZMQ is what they use for the reactor queue I think
21:18 forrest hmm
21:18 iggy the events would likely still hit whatever transport you are using either way
21:18 forrest iggy, Yeah I was hoping they were going to work around the transport layer since it's local
21:18 forrest it's redundant to use it
21:19 iggy I imagine it could be done, but probably not straighforward
21:19 forrest Yeah, I just commented on the issue again
21:20 iggy GH could use some metrics on issues
21:20 forrest in terms of what iggy?
21:20 forrest like desire for something?
21:21 iggy yeah, what gets the most views, most comments, etc
21:21 forrest Shit man, I'd start hounding people for +1s if that was the cause
21:21 iggy I mean a straight up voting system would likely get gamed constantly
21:21 forrest yeah
21:21 forrest I'd game the shit out of it
21:21 forrest because the fucking reactor is more important to me than some stupid features like rabbitmq states or whatever.
21:22 forrest automating deploys is such a pain in the ass for masterless right now, you can run salt on a cron, that's ghetto
21:22 teryx510 joined #salt
21:22 iggy but there is probably a lot of organic data to be had
21:22 forrest I want hooks to auto-deploy as soon as the tests pass.
21:22 linjan_ joined #salt
21:22 iggy does running a master/minion side-by-side on everything use too much resources?
21:23 Edgan I want to reuse the same state again, overwriting a variable to change the output on the second pass. But I want to do it all in one salt run. Pillars can't be dynamically changed from within a state. Grains are immutable after they are initialized pre-run. I can't see a way to do it with local variables. I really need global variables, I think.  http://fpaste.org/292949/48054374/
21:23 forrest It uses unnecessary resources and creates more shit to maintain, plus masterless runs quite a bit faster.
21:24 iggy Edgan: you can set grains and then re-read them (not that it's the best way to handle your situation, but it is possible at least)
21:24 Edgan iggy: re-read them how?
21:24 forrest Edgan, Why not just use a loop? var: \n : var_1: blargh \n var_2: blarghhhh
21:24 iggy reload_modules: True will reload grains (97.6% sure of that)
21:24 Edgan iggy: that might be the magic I need
21:26 forrest thanks mpanetta
21:26 forrest The more people comment the better chance it has of getting finished.
21:26 forrest I'd seriously throw Tom 100 bucks to finish it
21:26 forrest and I don't even have a job right now
21:27 Edgan forrest: I need to set the variable, write the file, install some packages, and then change the variable and rewrite the same file.
21:27 forrest Edgan, For multiple repos?
21:28 Edgan forrest: change the same repo
21:28 forrest Edgan, Just configure both repos, then use `fromrepo` in the pkg.installed if a package exists in both repos but you want it from a specific repo.
21:28 forrest Edgan, Yeah but why do that when you can just add both repos, and say what you want installed from where?
21:29 mpanetta forrest: No probs
21:29 Guest89 joined #salt
21:30 Edgan forrest: This is a crazy requirement given to me. We have various internal mirrors. I am using the main one to setup a vagrant box. Before I write the box, I need to change the mirror hostname to a generic name, that can then be redirected via bind and a CNAME.
21:30 Edgan forrest: I can't use the CNAME solution until bind is setup in the box, and I can't install bind without the repo
21:32 Edgan forrest: I guess I could create different files and absent the first one after the fact, but the goal was to figure out how to reuse the exact same state, aka a formula, by just changing a variable.
21:32 perfectsine joined #salt
21:33 Edgan forrest: iggy's solution will probably work
21:34 mdupont joined #salt
21:37 toddnni joined #salt
21:40 baweaver joined #salt
21:40 kitplummer joined #salt
21:41 jimklo joined #salt
21:43 subsignal joined #salt
21:48 Kelsar where is the minion key located?
21:50 forrest Edgan, Gotcha, that is a pretty crappy requirement.
21:50 llua pki/master/minions
21:50 Kelsar i mean on the minion
21:51 Kelsar my true question is, why does it identifies itself with a very old hostname
21:56 Kelsar socket.getfqdn() delivers the correct one
21:59 Kelsar /etc/salt/minion.id i guess
22:00 justanotheruser joined #salt
22:03 Tween Knuta: thanks for the info, haven't quite finished the implementation / testing yet as i'm trying to get pygit2 to install /compile, but should get me started.
22:11 perfectsine joined #salt
22:14 mdupont joined #salt
22:21 foundatron joined #salt
22:21 hasues joined #salt
22:21 grumm_servire joined #salt
22:22 hasues left #salt
22:25 otter768 joined #salt
22:26 viq joined #salt
22:27 perfectsine joined #salt
22:33 hightekvagabond joined #salt
22:34 hightekvagabond1 joined #salt
22:38 sinonick joined #salt
22:39 zemm joined #salt
22:39 baweaver joined #salt
22:43 tmclaugh[work] joined #salt
22:44 zemm joined #salt
22:47 mik__R joined #salt
22:50 Bryson joined #salt
22:50 zemm joined #salt
22:53 kitplummer joined #salt
22:56 shaggy_surfer joined #salt
22:59 hasues joined #salt
22:59 hasues left #salt
23:02 RandyT lorengordon: you happen to be around?
23:03 sinonick joined #salt
23:03 perfectsine joined #salt
23:05 sinonick joined #salt
23:06 justanotheruser joined #salt
23:08 ajw0100 joined #salt
23:11 oherrala joined #salt
23:11 jamesp9 joined #salt
23:14 subsigna_ joined #salt
23:14 RandyT folks, I'm trying to pass a cmd.run that requires single quotes in the command. I've tried to escape these with backslash with no change.
23:15 RandyT https://gist.github.com/rterbush/9bd004c1ead382e2915c
23:15 RandyT anyone have a hint for me as to how I can pass these single quotes in that cmd.run?
23:17 ahammond RandyT you probably want to take a look at yaml docs for literals.
23:17 ahammond just a sec
23:18 ahammond RandyT http://yaml.org/refcard.html check out the block scalar option
23:18 RandyT ahammond: thank you much
23:18 RandyT it is always the yaml... :-)
23:20 ahammond RandyT yaml wants to be your friend, but you gotta learn it's ways
23:20 ahammond I updated your gist with a comment that might work.
23:21 ahammond also, might as well use the pillar shortcut.
23:21 ahammond I only use salt['pillar.get'] when I want to dig deep into a datastructure and provide a default
23:22 RandyT trying to pass that value at the command line... this was one example I found.
23:22 ahammond for example salt['pillar.get']('my:deep:deeeeeep:pillar', 'reasonable default')
23:22 RandyT but the example was more targeted at passing a list...
23:23 ahammond also, there may be a state or module which does this more efficiently than invoke-sqlcmd
23:23 ahammond but... I dunno what DB you're poking at or any of the rest of it.
23:27 RandyT ahammond: unfortunately poking at sqlserver... I'll look for that though
23:27 RandyT would it make sense that the command name should end in a :
23:28 RandyT much closer it seems, but salt complaining about missing : on the shell statement.
23:30 ahammond RandyT I've never used salt on windows...
23:31 GreatSnoopy joined #salt
23:31 RandyT ahammond: hate to admit it... but I am...
23:31 ahammond are you giving it a full 4 spaces indent for the block scalar? or just 2. you need 4, like in my comment... :)
23:31 RandyT appears there is an mssql module... will give that a try
23:32 RandyT ok, that may be the issue as well.
23:32 ahammond RandyT that's a good idea.
23:33 RandyT but those two spaces were the issue... thanks for your help ahammond
23:33 brianfeister joined #salt
23:36 pleasantone joined #salt
23:36 baweaver joined #salt
23:39 pleasantone Hi, I'm trying to store per-host semi-sensitive data in a pillar file, I'd like it so that hosts can only see the data appropriate for their own host, but I have no idea how to make matching work without using a separate pillar file for each host.  i.e. I'd like a single pillar file that has a section that matches against the minion id:  credentials: { machinename: { auth: authkey, secret: secretkey } } }.... any ideas?  Again, e
23:40 pleasantone I could do an external pillar, but this seems like an obvious case, and I'm clearly missing the best practice. Again, these are semi-private credentials, I don't need super high security, but I'd like it so one machine getting compromised doesn't compromise the keys for every machine.
23:40 ajw0100 joined #salt
23:40 Guest89 joined #salt
23:44 larsfronius joined #salt
23:45 forrest pleasantone, systems only get the pillar data that they match against.
23:46 forrest https://docs.saltstack.com/en/latest/topics/best_practices.html#structuring-pillar-files
23:52 pleasantone @forrest, thank you, I understand that... maybe I don't understand the right way to include my data?  if top.sls has 'base: '*' - credential-pillar then it will match against all systems... oh, I wonder if base: just has - credential-pillar in it and no match?
23:54 forrest pleasantone, it's using a '*' to match all systems, you can add extra matchers as well
23:54 forrest the example just uses one, should add more
23:55 jimklo_ joined #salt
23:56 forrest https://github.com/saltstack/salt/issues/29091 created to add one
23:56 saltstackbot [#29091]title: Salt pillar best practices should show 2 matchers in base | https://docs.saltstack.com/en/latest/topics/best_practices.html#structuring-pillar-files only includes one matcher in the example, another should be added so people understand you can do more than one.
23:59 pleasantone so let's say I get the match correct, the match is going to move on to a second, per-machine state, but each machine then requires its own pillar file?

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary