Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2015-12-01

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:00 snarfy joined #salt
00:01 otter768 joined #salt
00:02 whytewolf FreeSpencer: do you have anything about postgres_local_cache in your master?
00:03 FreeSpencer Nope, postgres has never been in any config file
00:03 mosen joined #salt
00:04 FreeSpencer This is what I get http://pastebin.com/raw.php?i=zfraZmqw
00:04 whytewolf FreeSpencer: well it isn't a default setting. and the redis doens't make mention of it
00:04 FreeSpencer on salt '*' test.ping --return redis_return
00:04 FreeSpencer and --return redis
00:05 whytewolf ahh. okay. thats different. you can ignore the info about the postgres returner
00:06 whytewolf FreeSpencer: do you have the redis configs setup? [redis.db, redis.host, redis.port]
00:06 whytewolf also what version of salt?
00:07 FreeSpencer fixed it, had python3 redis installed not 2
00:07 whytewolf that would do it
00:08 onlyanegg joined #salt
00:09 kawa2014 joined #salt
00:09 whytewolf FreeSpencer: the reson for the INFO about postgres_local_cache is cause when you added --return it tried loading all the returner modules.
00:09 FreeSpencer Even though they aren't used? Interesting
00:10 snarfy i don't quit understand how salt cloud is determining the user for/using the bootstrap script
00:11 RandyT iggy: if you are still around, giving your suggestion a try and I am unable to find a syntax that jinja will compile.
00:11 RandyT https://gist.github.com/rterbush/7bd0a2f18bb7a85ae27b
00:11 snarfy does it scp the bootstrap script to the minion and then run it? if so, how do i tell it to quit trying to use root for my ubuntu ec2 instances?
00:11 RandyT iggy: any hint for me. sorry to pester with such a fundamental challenge...
00:11 iggy RandyT: no salt in the first part
00:11 whytewolf snarfy: ssh_username: ec2-user
00:12 snarfy whytewolf, baller thx
00:12 snarfy s/ec2-user/ubuntu/ ;)
00:12 whytewolf [in your profile of coarse]
00:12 snarfy but perfect. i sort of figured that was it since i see sudo_password as an option
00:12 RandyT iggy: have tried it both ways and same result
00:13 RandyT iggy: I've tried it several ways to be honest...
00:14 whytewolf {% if 'mssql.db_list' in salt %}
00:14 iggy that's what I said earlier
00:15 RandyT whytewolf: yes, same result..
00:16 iggy try pasting the whole sls file and the error that goes along with it (that error looks like it's for something completely different)
00:16 RandyT iggy: let me work on that. a big file...
00:16 hemebond1 joined #salt
00:22 iggy I'm thinking you may have more than one issue that's leading to the weird error message
00:23 whytewolf {% if 'mssql.db_list' in salt.sys.list_modules() %}
00:24 iggy I'd think it'd just be mssql then
00:24 whytewolf yeah relized that after i posted
00:25 RandyT ah, just coming back with this: https://gist.github.com/rterbush/7bd0a2f18bb7a85ae27b
00:25 RandyT I'll give that a try
00:25 breakingmatter joined #salt
00:25 whytewolf but salt by it's self just doesn't work. guess because it is an object. not a true list/dict
00:27 iggy I could swear I've used that before
00:27 iggy but that could have been pre-lazyloader
00:27 whytewolf since it fails on the loader. I would put money on it.
00:28 IanV0rn2341 joined #salt
00:28 iggy that's a shame
00:29 iggy very pythonic
00:29 pbx_ joined #salt
00:29 whytewolf humm. wonder if they are skipping 2015.8.2 just saw the latest saltstack email and they mentioned 2015.8.3 coming soon
00:30 otter768 joined #salt
00:31 RandyT interesting, does seem the buzz around 8.2 went quite... Installed 8.2 today in my dev environment to see if might fixe my issue with reactor
00:32 RandyT s/quite/quiet
00:33 ssplatt joined #salt
00:33 CeBe joined #salt
00:34 zmalone joined #salt
00:42 sjorge joined #salt
00:42 sjorge joined #salt
00:45 aqua^c joined #salt
00:48 RandyT based on the discussion here today, it seems that reactor does not provide a way for me to kick off a highstate process on newly created cloud instances.
00:48 RandyT is orchestrate an option here?
00:49 whytewolf minion/*/start works for cloud
00:49 RandyT whytewolf:  but that is going to do a highstate on a sever every time it comes up... which I'm not sure I want
00:50 RandyT highstate process takes forever on these windows instances...
00:50 whytewolf RandyT: if your highstate is designed right. it shouldn't matter
00:50 RandyT even to check for updates...
00:50 al joined #salt
00:52 conan_the_destro joined #salt
00:52 whytewolf RandyT: what about iggy's sdb method?
00:52 RandyT whytewolf: I've not explored that yet...
00:53 iggy a custom runner that sleeps could work too (hackish, but easier than sdb I suspect)
00:54 RandyT I'm confused as to how sdb solves this. It appears that the names are known, keys are provisioned, etc. so not clear to my why this would silently create a job and there would be no error.
00:54 RandyT seems the very nature of zmq would make sure that this job was queued
00:55 RandyT but then, I do not understand the internals yet...
00:55 iggy nein
00:56 iggy zmq doesn't actually queue things like that, it's just a transport
00:56 yomilk joined #salt
00:56 al joined #salt
00:57 RandyT message queues I have worked with will make sure it reaches the destination.. :-)  I clearly don't know/understand zmq.
00:59 RandyT appears that the approach of wrapping these states in the module test solves that issue though. thanks for the help to both of you.
00:59 iggy salt.sys.list_modules() worked?
00:59 al joined #salt
01:00 RandyT iggy: yes
01:01 iggy excellent (me notes for future use)
01:07 ekristen joined #salt
01:13 baweaver joined #salt
01:14 RobertChen117 joined #salt
01:26 breakingmatter joined #salt
01:39 aqua^c joined #salt
01:40 baweaver joined #salt
01:42 aqua^c joined #salt
01:45 burp joined #salt
01:46 aqua^c joined #salt
01:51 aqua^c joined #salt
01:56 mdupont joined #salt
02:10 tristianc joined #salt
02:11 falenn joined #salt
02:27 breakingmatter joined #salt
02:34 burp joined #salt
02:37 agj joined #salt
02:41 racooper joined #salt
02:45 zmalone joined #salt
02:45 indispeq joined #salt
02:46 drawsmcgraw joined #salt
02:48 drawsmcgraw Any Saltstack peeps in here, there may be a typo on the Saltconf training page (http://saltconf.com/pre-conf-training/), under Managing Windows with Saltstack
02:48 drawsmcgraw basepi: jfindlay, hopefully one of you will know who to notify to get that... er..... fixed
02:49 racooper if you open a github ticket they'll fix it
02:50 drawsmcgraw Thanks. I may do that, then.
02:50 racooper yeah that's not just a typo....
02:51 hightekvagabond joined #salt
02:55 drawsmcgraw racooper: hence, I'm trying to keep my notice low if possible. Think a Github issue is the best route?
02:57 racooper hrm...wonder if they have a resource for reporting security issues
02:57 drawsmcgraw Ah, there's an email address just for the conferencde
02:57 drawsmcgraw To the Inbox
02:59 racooper ah yes, I see, saltconf@saltstack.com
03:00 evle joined #salt
03:02 drawsmcgraw And done.
03:05 terratoma joined #salt
03:05 racooper you're right, some things should be more..circumspect.
03:07 zmalone someone has the cloud to butt extension installed
03:08 zmalone https://github.com/panicsteve/cloud-to-butt
03:08 racooper yeah that's problematic
03:09 racooper though I didn't realize that affected input fields too
03:09 zmalone I was guessing it was a copy paste from a prior training thing
03:09 racooper good point.
03:10 racooper that's one of those extensions that has no place on a computer used for professional purposes
03:16 iggy someone is probably going to be in a small bit of trouble for that one
03:17 favadi joined #salt
03:22 forrest joined #salt
03:27 aqua^c joined #salt
03:34 maduro joined #salt
03:45 zmalone joined #salt
03:50 brianfeister joined #salt
04:02 drawsmcgraw left #salt
04:04 rdas joined #salt
04:05 sqwishy left #salt
04:13 hightekvagabond joined #salt
04:20 mapu joined #salt
04:22 viq joined #salt
04:25 ramteid joined #salt
04:25 larsfronius joined #salt
04:27 clintberry joined #salt
04:28 SheetiS joined #salt
04:29 breakingmatter joined #salt
04:55 anmolb joined #salt
05:14 Diling joined #salt
05:16 Diling left #salt
05:32 irctc834 joined #salt
05:40 malinoff joined #salt
05:41 irctc834 Hi Guys
05:41 irctc834 I am planning to  implement salt .
05:42 irctc834 Which version of the salt is stable and recommeded for prod setup?
05:55 irctc834 babilen: ^^
05:56 yomilk joined #salt
06:00 vincehu joined #salt
06:02 Eureka70_ joined #salt
06:03 Knuta irctc834: read the topic? :-)
06:05 jaybocc2 joined #salt
06:07 favadi joined #salt
06:08 ags joined #salt
06:17 impi joined #salt
06:20 jxm_ joined #salt
06:27 ags anyone here dealt with schedule stuff ?
06:31 ags @ags
06:36 otter768 joined #salt
06:45 babilen ags: If you mean: Used a schedulers, then yeah ... sure
06:46 ags babilen : yes. i'm trying to schedule a state file to be run every 10 mins, trying to figure out where should I place it ? on master ? or on minion ?
06:47 ags standing up a gist, be with me
06:48 linjan joined #salt
06:48 babilen I define them in pillars
06:49 ags https://gist.github.com/amits83/223863da546955884388
06:50 ags babilen : I too am trying to do that, doesn't seem to work
07:00 brianfeister joined #salt
07:09 bhosmer joined #salt
07:10 babilen agj: You seem to have spurious space characters around ":" .. Make that "function: foo" (and so on)
07:11 babilen agj: Ah, sorry .. ENICK
07:11 babilen *sigh*
07:24 ajmath joined #salt
07:28 moogyver joined #salt
07:30 kshlm joined #salt
07:43 breakingmatter joined #salt
07:44 av_ joined #salt
07:46 traph joined #salt
07:46 KermitTheFragger joined #salt
07:48 fredvd joined #salt
07:57 illern joined #salt
07:59 KermitTheFragger joined #salt
08:04 larsfronius joined #salt
08:09 larsfronius joined #salt
08:10 KermitTheFragger joined #salt
08:21 permalac joined #salt
08:23 eseyman joined #salt
08:29 fredvd joined #salt
08:31 Guest47941 joined #salt
08:35 Grokzen joined #salt
08:36 subsignal joined #salt
08:37 otter768 joined #salt
08:41 KermitTheFragger joined #salt
08:44 CeBe joined #salt
08:46 ponpanderer joined #salt
08:49 brianfeister joined #salt
08:50 KermitTheFragger joined #salt
08:53 afics joined #salt
09:03 illern joined #salt
09:12 chiui joined #salt
09:17 thalleralexander joined #salt
09:20 s_kunk joined #salt
09:22 cilkay joined #salt
09:27 nash__ joined #salt
09:29 nash__ hello :D I need some help about the config of ext_pillar in saltstack 8.1. is someone have time for me?
09:31 babilen Just ask your question
09:32 babilen There really is no point in trying to find a person first .. If somebody can answer your question (s)he will do so and by not actually making it clear what your problem is you are simply reducing your chances of getting support
09:38 nash__ ok. I use a git server to pull state config. Now i'm in 8.1, I wanted to pull my pillars config too, but when I try with this config (https://github.com/saltstack/salt/blob/develop/salt/pillar/git_pillar.py), with ssh authentication. But it doesnt work.. I can see in the logs that: "Specified SLS 'xxx' in environment 'base' is not available on the salt master  and "Template was specified incorrectly: False". Does it mean something fo
09:40 keimlink joined #salt
09:41 keimlink_ joined #salt
09:41 babilen nash__: That was cut off at "something for ..". It would also help if you could paste your exact configuration to one of http://refheap.com, http://paste.debian.net, https://gist.github.com, http://sprunge.us, http://dpaste.de, …
09:42 irctc145 joined #salt
09:42 irctc145 Hi guys
09:42 irctc145 I am getting "SaltSystemExit: Invalid master key 2015-12-01 09:33:26,984 [salt.scripts                             ][WARNING ][7269] ** Restarting minion **"
09:42 babilen nash__: Include all logs or additional information you deem helpful. You might want to run the master in debug mode (i.e. 'salt-master -ldebug')
09:43 irctc145 When I am trying to start minion
09:47 nash__ babilen__: https://gist.github.com/Nashlow/7038a60d4bcfe29b0176 you can find the part of the config in /etc/salt/master. Can you tell me if it seems good for you?
09:48 babilen nash__: Not necessarily, but you have now asked a question people in #salt can work with
09:49 babilen You might also want to include the output of "salt --versions-report" as that helps people to troubleshoot your setup
09:51 babilen Anything in the master log? Can you actually run "git clone git@git_FQDN:saltstack-formulas.git" as the user salt runs as? Could you run that command and show us the output?
09:56 rotbeard joined #salt
09:58 slav0nic joined #salt
09:58 bluenemo joined #salt
10:00 giantlock joined #salt
10:05 markm joined #salt
10:08 yomilk joined #salt
10:11 nash__ Babien: I put the output here : https://gist.github.com/Nashlow/7038a60d4bcfe29b0176 in comment
10:11 nash__ but I don't know the password of the git accounts
10:15 johtso joined #salt
10:16 cyborglone joined #salt
10:23 linjan joined #salt
10:34 blu_ joined #salt
10:38 otter768 joined #salt
10:38 brianfeister joined #salt
10:40 intel joined #salt
10:45 msciciel joined #salt
10:46 Jimlad joined #salt
10:47 amcorreia joined #salt
10:51 babilen nash__: Well, you have to make sure that the git repository can be cloned without *any* interaction by the user salt runs as. That includes adding the remote key to known_hosts and, naturally, specifying the password (or configuring key based authentication)
10:52 babilen It looks as if you have key based authentication though, but that you did not connect to that host before so the entry was missing in known_hosts. I'd start with that and test again. You can also specify the identify file on the command line for ssh with -i
10:55 huxley joined #salt
10:55 babilen And you can typically tab-complete nicknames in most IRC clients. Just try "bab<TAB>" if you want to address me.
10:58 nash__ babilen: I'll try to solve this authentication issue, and thanks for the tip
11:00 babilen nash__: You can test this without salt, simply by making sure that "git clone git@git_FQDN:saltstack-formulas.git" works without any additional input
11:00 brianfeister joined #salt
11:06 nash__ it works when i try with ssh -i and the file of the privkey, but git clone git@git_FQDN:saltstack-formulas.git ask me for the password
11:07 nash__ babilen: it works when i try with ssh -i and the file of the privkey, but git clone git@git_FQDN:saltstack-formulas.git ask me for the password
11:09 dRiN joined #salt
11:09 nash__ babilen: I'm gonna eat something, i'll be back in 2 hours.. (and thanks for your help!)
11:14 babilen nash__: Well, it *didn't* work as you still got the "The authenticity of host 'FQDN (@ip)' can't be established." (which salt wouldn't have been able to deal with)
11:15 babilen That means that you will have to manage the known_hosts entries for the user salt runs as to ensure that the appropriate entries are present. https://docs.saltstack.com/en/develop/ref/states/all/salt.states.ssh_known_hosts.html#salt.states.ssh_known_hosts.present might help
11:17 jaybocc2 joined #salt
11:34 impi joined #salt
11:37 boargod joined #salt
11:41 bbhoss joined #salt
11:45 anmolb joined #salt
11:47 jayne joined #salt
11:47 ry joined #salt
11:48 mdupont joined #salt
11:52 giantlock joined #salt
12:05 ry joined #salt
12:05 jaybocc2 joined #salt
12:13 mdupont joined #salt
12:14 jayne joined #salt
12:31 fisuk joined #salt
12:35 tkharju joined #salt
12:38 otter768 joined #salt
12:43 JDiPierro joined #salt
12:46 morsik it's possible to see how pillar is renedered by jinja?
12:47 morsik I want to see exactly myfile.sls from pillar, without parsing it by yaml (cause i'm getting yaml error, and I want verify how it's rendered)
12:53 morsik '-l debug' doesn't works when I use master server
12:54 ericof joined #salt
12:58 VSpike morsik: I think if you do "salt-call state.sls foo.bar -l debug" on the client you'll see the YAML in thelog
13:00 morsik VSpike: 'salt-call -l debug pillar.items' doesn't show raw jinja rendered thing, only parsed output.
13:00 morsik -l debug works when I use masterless mode
13:02 DammitJim joined #salt
13:09 RandyT good morning, challenge of the day here: https://gist.github.com/rterbush/9beaca5090b670183659
13:10 RandyT I've struggled to get system reboots of windows minions working in state.
13:10 RandyT Has worked from the command line, but this first call to reboot a system in highstate is failing.
13:23 GreatSnoopy joined #salt
13:26 quarcu joined #salt
13:26 quarcu hello all
13:29 netcho joined #salt
13:30 quarcu what is the best approach for multiple environments setup ?
13:30 quarcu ie dev,qa,stg,prod ?
13:30 TooLmaN joined #salt
13:30 quarcu I'd like to keep my variables in separate repo
13:30 quarcu any suggestions ?
13:32 bbradley joined #salt
13:32 bernieke I see it's possible to run salt-run state.orchestrate asynchronously over ssh (without salt daemons.) But salt-run state.event doesn't seem to do anything then.
13:33 bernieke Does anyone know how to get the output of the async process in this case?
13:33 markm_ joined #salt
13:38 breakingmatter joined #salt
13:40 nash__ babilen: Hi babilen, I understand what do you mean about the fact of manage the file known_hosts, but it's not what I need to do. I want to manage my states files and my pillar with a git server. There is no way to configure this authentication in the /etc/salt/master file?
13:40 SheetiS joined #salt
13:42 oherrala left #salt
13:47 dyasny joined #salt
13:49 Tanta joined #salt
13:50 babilen nash__: Yes, but salt can't clone your repositories if you haven't added the remote server to your known_hosts.
13:58 nash__ babilen: I understand, but how salt can it work with my git server for my states files, but not the pillars? This is not the same authentication between the 2 servers for the states and the pillars?
13:59 JDiPierro joined #salt
13:59 babilen nash__: From what you've shown me you had a problem (i.e. "this host is untrusted ...") when you tried to clone the repository. Can you clone *both* repositories without problems and without any additional interaction now?
13:59 RandyT my reboot challenge seems to be some network requirement that is unmet. Still trying to sort out if there is a requirement for ICMP or RPC port. Which makes no sense since I am initiating the reboot from the minion running on the windows server. Any hints here appreciated.
14:02 DanyC joined #salt
14:03 drawsmcgraw joined #salt
14:03 subsignal joined #salt
14:03 drawsmcgraw left #salt
14:05 drawsmcgraw joined #salt
14:06 nash__ babilen: when i try to: "git clone git@git_FQDN:saltstack-formulas/ssh-formula.git, it works. But when i try to: git clone git@git_FQDN:saltstack-formulas/pillars-users.git, it asks me for a password. It's that i can't understand
14:08 morissette joined #salt
14:09 morissette Who would DDoS freenode.....
14:09 ssplatt joined #salt
14:10 subsignal joined #salt
14:11 drawsmcgraw joined #salt
14:12 babilen nash__: Well, that is unrelated to salt and you have to make sure that your key based authentication works for that repository too
14:13 mapu joined #salt
14:14 quarcu nash__: I guess you did not add user access to saltstack-formulas/pillars-users.git repo
14:14 KingJ joined #salt
14:14 quarcu or missing key to make it passwordless
14:17 jaybocc2 joined #salt
14:21 tmclaugh[work] joined #salt
14:27 winsalt joined #salt
14:28 RandyT regarding this issue: https://gist.github.com/rterbush/9beaca5090b670183659
14:29 RandyT I've opened ports for all network traffic in my network firewall on EC2 and still cannot trigger a reboot.
14:29 RandyT so it does not seem that it is a network issue.
14:29 RandyT unless of course the windows firewall settings are not allowing this.
14:30 mpanetta joined #salt
14:30 gcorey joined #salt
14:31 viq joined #salt
14:32 jaybocc2 joined #salt
14:33 r05c03 so in a multi-master setup the master.pem/pub are the same but what about the master_sign.pub?
14:33 racooper joined #salt
14:34 malinoff joined #salt
14:36 r05c03 ah nvm
14:37 protoz joined #salt
14:37 Tanta_G joined #salt
14:37 cpowell joined #salt
14:39 bhosmer joined #salt
14:39 otter768 joined #salt
14:47 Brew joined #salt
14:50 perfectsine joined #salt
14:51 quarcu RandyT: did you check routing tables on amazon ?
14:54 dijit 2015.08; if I have something called 'core_ha.sls" the items are duplicated by salt. if it's called 'core_asdf.sls' the items are listed properly..
14:54 dijit anyone know why this could be happening?
14:57 ipmb joined #salt
14:58 murrdoc joined #salt
14:58 murrdoc http://i.imgur.com/FClsYIi.gif
15:01 zmalone joined #salt
15:02 kawa2014 joined #salt
15:03 shiriru joined #salt
15:04 techblaze joined #salt
15:05 adendrag joined #salt
15:07 dijit nvm, its being matched twice in the top
15:07 _JZ_ joined #salt
15:07 RandyT quarcu: routing tables seem fine. Allowing everything on the 10.0.0.0/16
15:08 RandyT quarcu: booted a new clean image before any states were run and am able to reboot that machine without a problem.
15:08 RandyT no backing into each id run within the state file to see what is causing the problem.
15:09 RandyT my fear is something that was installed in software upgrade not allowing a remote reboot...
15:09 RandyT at this point, clearly would have been shorter path to get off of windoze...
15:11 _mel_ joined #salt
15:12 TyrfingMjolnir joined #salt
15:12 ericof_ joined #salt
15:16 beardedeagle joined #salt
15:17 murrdoc joined #salt
15:18 perfectsine joined #salt
15:18 debian112 joined #salt
15:19 ssplatt joined #salt
15:20 winsalt is that an orchestrate RandyT?
15:22 RandyT winsalt: no, have resorted to just a highstate on all start events given other challenges.
15:23 RandyT winsalt: running the highstate by hand now to see if I can find what is causing the problem.
15:24 winsalt I dont know how it would work, since that process is going to be run on the minion.  The doc page for salt.wait_for_event says its supposed to be run on the master
15:26 RandyT winsalt: interesting point, but not actually getting to that wait_for_event
15:26 tpaul joined #salt
15:26 RandyT It is failing at the system.reboot
15:27 RandyT and even running that from the command line fails after I get that far into applying the highstate.
15:28 bhosmer joined #salt
15:28 winsalt have you tried powershell
15:28 murrdoc joined #salt
15:29 RandyT i have not
15:29 numkem joined #salt
15:30 jaybocc2 joined #salt
15:30 winsalt salt minion cmd.run restart-computer shell=powershell, if this also fails you know its a problem with the vm
15:32 RandyT winsalt: thanks, will give that a try if I run into problem after this current highstate run.
15:32 RandyT Is there any way to run that wait_for_event from a state file on the master?
15:32 numkem joined #salt
15:33 RandyT beginning to appear it is easiest just to start highstate on everything new and wrap things in a lot of conditionals to make sure certain things don't run before or after they should...
15:33 RandyT which seems very fragile...
15:36 JDiPierro joined #salt
15:37 brianfeister joined #salt
15:37 winsalt i commented on the gist.  This is how I have it working for windows
15:37 spiette joined #salt
15:40 sixninetynine joined #salt
15:41 StolenToast joined #salt
15:44 murrdoc joined #salt
15:52 anotherZero joined #salt
15:53 RandyT thanks winsalt
15:53 dfinn joined #salt
15:53 KingJ Is it valid to have a state that only requires other states? In short, i'm trying to have a single state (permit-application) that requires other states (e.g. permit-tcp-80) so that I can easily assign the master state (permit-application) to the server in top.sls, or as a require statement inside yet another statement.
15:54 TheRealBill joined #salt
15:55 TheRealBill left #salt
15:55 brianfeister joined #salt
15:56 deus_ex joined #salt
15:58 winsalt I think thats normal KingJ
16:00 KingJ winsalt: Hmm, okay. I think I may have an error in my syntax then. This SLS https://gist.github.com/KingJ/8c6924012b8882d5f01d errors with "ID permit-teamspeak in SLS firewall-rules.permit-teamspeak is not a dictionary". I'm sure i'm missing something really obvious here.
16:01 KingJ My only guess is that the lack of a module call in the top state is causing issues, but I don't want to call any modules from this, only other states.
16:03 winsalt it looks like you want iptables.append to require the other state
16:03 jfindlay drawsmcgraw: thanks for noticing that :-)
16:03 zemm joined #salt
16:04 drawsmcgraw jfindlay: Sure thing! Hopefully you guys didn't lose too much sleep last night.
16:04 KingJ winsalt: Hmm, is there a way to do it the other way around? It would seem cleaner to me to have the master application state calling port states as required.
16:05 pmcnabb joined #salt
16:05 hightekvagabond joined #salt
16:05 whytewolf KingJ: it can go either way. require = this state requires that state. require_in = that state requires this state
16:06 winsalt yep, I think most of the requisites can go both ways
16:07 whytewolf but you do need to include the file contining the state to be referenced by the require
16:07 KingJ whytewolf: Even if the two states are in the same file?
16:07 whytewolf KingJ: ahh in that case no
16:08 whytewolf but a require can't live on it's own. it doens't make a lot of sense
16:08 av_ joined #salt
16:08 whytewolf that would be "None" requires that state
16:08 RandyT winsalt: the powershell reboot command works. After running the software update in my highstate, system.reboot fails
16:08 ageorgop joined #salt
16:08 yawniek joined #salt
16:09 winsalt could be a problem with amazon, i have no idea.  cmd.run should work pretty much the same as system.reboot though
16:09 yawniek hi, is it possible to add route53 dns entries when spinning up/down machines with salt-cloud and if not what would be the way to implement it?
16:10 KingJ whytewolf: I agree it's a bit odd to have a state that, well, doesn't do much other than call other states, but in this case the application is managed outside of salt, so there's no state for salt to manage other than the firewall rules, if that makes sense?
16:10 whytewolf KingJ: then the require doesn't make sense
16:11 whytewolf KingJ: require and all the requesite functions are about states watching other states. if somehting is happening outside of salt. salt doesn't care about it
16:12 pmcnabb joined #salt
16:13 whytewolf yawniek: while salt-cloud  won't do it. you could use this state module to do the magic https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.boto_route53.html#module-salt.modules.boto_route53
16:13 KingJ whytewolf: So if I wanted to have salt require the iptables states, I would also need it to manage some other aspect of the application? (e.g. manage a file, make a service run)
16:14 KingJ Otherwise, with a blank state that only requires other state, salt sees no 'work' to do as such?
16:14 KingJ Sorry, just trying to understand this :)
16:14 yawniek whytewolf: yeah i saw that, but its not deleting the record if i spin down the machine.
16:14 whytewolf KingJ: just target the sls file the state is in. with out the require.
16:15 whytewolf KingJ: require doens't force work. it just say this state requires that state to be run first
16:15 whytewolf yawniek: you might need to build a reactor for clud/*/destroyed
16:15 whytewolf I sware i can type
16:15 yawniek another thing: http://salt-cloud.readthedocs.org/en/latest/topics/aws.html  mentiones IAM Profiles. but it just says: 'Once the profile is created, you can use the PROFILE_NAME to configure your cloud profiles.'  <- how would that work
16:15 whytewolf it is this damn apple keyboard
16:17 whytewolf iirc, those readthedocs docs are old. not sure that really references the modern systems anymore. but a salt dev might need to chime in on that
16:18 KingJ whytewolf: So if I target the sls file that contains a number of iptables.append states, all of them would be applied correct?
16:18 whytewolf KingJ: unless there was errors in the rules. yes. in order from top to bottom
16:18 protoz joined #salt
16:18 KingJ whytewolf: Aaah, okay. I understand now. I'll give this a quick go.
16:19 yawniek whytewolf: ah, ok https://docs.saltstack.com/en/latest/topics/cloud/aws.html mentiones iam_profile:, guess thats it
16:19 shanemhansen joined #salt
16:19 whytewolf yawniek: yeah this looks like it is something with the way aws works. and honestly i havn't touched aws in close to 3 years
16:20 beardedeagle joined #salt
16:20 bharper joined #salt
16:21 keimlink joined #salt
16:22 jgelens joined #salt
16:22 KingJ whytewolf: Okay, that seems to be working now. Thanks for your help! :)
16:22 whytewolf KingJ: np, glad to help
16:24 sdm24 joined #salt
16:26 Karunamon joined #salt
16:27 colegatron joined #salt
16:28 RabidCicada joined #salt
16:31 kshlm joined #salt
16:34 multiscan joined #salt
16:37 bluenemo joined #salt
16:38 JDiPierro Hey all. I'm getting a CommandExecutionError "No such file or directory" from a module that's just trying to do "ufw status". I can make the call myself and can make the same module call just fine.. but during highstate it gets this failure: http://pastebin.com/d33rPjRb Any ideas what it's not finding?
16:38 murrdoc custom module /
16:38 murrdoc with a cmd.run ?
16:39 murrdoc did u add in python_shell : True
16:39 JDiPierro Ummm probably not. I didn't write this module
16:39 murrdoc whats the module doing
16:40 JDiPierro Managing UFW rules
16:40 JDiPierro I despise it and plan on getting rid of it soon but I'm stuck with it for now
16:40 otter768 joined #salt
16:41 JDiPierro Adding the python_shell to the cmd.run call seems to have fixed it, thanks!
16:42 clintberry joined #salt
16:56 wangofett joined #salt
16:57 ericof joined #salt
16:58 wangofett Good 16:57 UTC. Is the selinux state/file and module.file the only way(s) to set selinux contexts?
16:58 hightekvagabond joined #salt
16:59 * wangofett is new to selinux and setting up Apache2 to serve files from a directory other than /var/www/html
16:59 perfectsine joined #salt
17:00 wangofett The files also happen to be coming from a mercurial repo, but I'm hoping that SELinux is smart enough to handle the files if I set the permissions for the directory
17:01 Bryson joined #salt
17:03 RandyT joined #salt
17:03 writtenoff joined #salt
17:05 ipmb joined #salt
17:06 onlyanegg joined #salt
17:06 drawsmcgraw joined #salt
17:08 wangofett I found https://groups.google.com/forum/#!topic/salt-users/vuWJFeM2UAw but I wasn't sure if there was a better way
17:09 ags joined #salt
17:11 pzipoy joined #salt
17:11 zmalone I guess 2015.8.2 is going to be a "dead" release.  Does anyone know when 2015.8.3 will be packaged on repo.saltstack.com?
17:14 DammitJim joined #salt
17:18 murrdoc joined #salt
17:18 snarfy joined #salt
17:24 colegatron How can I know, from the minion, which environment it is related to?
17:24 colegatron i tried to find it using salt-call grains.items and pillar.items, but now found there :-?
17:25 drawsmcgraw joined #salt
17:25 breakingmatter joined #salt
17:27 colegatron s/now/not
17:28 rmnuvg joined #salt
17:31 cyborg-one joined #salt
17:32 wangofett colegatron: what do you mean by environment? OS?
17:32 colegatron saltstack env
17:32 shaggy_surfer joined #salt
17:33 colegatron you specify on top.sls base/dev/prod/test/etc
17:33 wangofett you're talking about the *target*?
17:33 zmalone Has anyone run into this cmd.run behavior before?
17:33 zmalone https://gist.github.com/zmalone/385c5be650d06bc1debe
17:34 zmalone If you start with variable assignment, you can't make cmd.run work. (yes, I know about the env option)
17:34 zmalone I'm not sure if this is proper behavior, if there's a reason for it, or if I should open a bug
17:35 wangofett colegatron: i.e. the prod in `base: 'prod': - foo - bar`
17:36 cheus joined #salt
17:36 wangofett zmalone: I think if you do `name=echo \$bar` it should work
17:37 colegatron wangofett, https://paste.debian.net/hidden/3fe33206/
17:37 shaggy_surfer joined #salt
17:37 salt-please-help joined #salt
17:37 cheus Is there an inverse to the watch/onchanges requisite? Eg, `nochanges` ?
17:37 colegatron wangofett, right, the prod on your sentence
17:38 wangofett zmalone: or maybe it's `cmd=`.
17:38 wnkz joined #salt
17:38 salt-please-help can't append to yaml file using module.run.file.line, - content: " - 1.1.1.1", require 2 spacing infront.. however, after append the whitespace seems to be removed... any idea?
17:38 wangofett colegatron: why would you need (or indeed want) to know what *target* you are being targeted with?
17:39 wangofett colegatron: you could be targeted with a multitude - your minion id, your IP, your hostname
17:39 wangofett colegatron: or perhaps it's just the minion id that you want?
17:39 cheus salt-please-help, Why not use `file.append` ?
17:39 zmalone wangofett: I just played around with that approach, and can't get a fully sane response either.
17:40 colegatron because I am using multiple file_roots (inheritance) for each env and I want to check if the env gets all the data it needs (and only the data it needs)
17:40 zmalone I think this may just be an unintended corner case, I can find a way to work around it, but I'm leaning towards "bug"
17:40 wangofett zmalone: I also expect it may have something to do with the number of promp[ts that things are going through ;)
17:40 sroegner joined #salt
17:40 zmalone (ex. just prefacing all variable assignments with sleep 0)
17:41 wangofett zmalone: do you grok how arguments work for modules? They're basically just passed to the corresponding python functions after being parsed out
17:42 wangofett zmalone so in your first example it's passing `echo "foo"; bar="baz"; echo $bar"` as the cmd
17:42 wangofett zmalone: I suspect that your shell is parsing the $bar for you
17:43 wangofett zmalone: does `'bar="baz"; echo $bar'` work for you?
17:43 zmalone look at the second part of that gist
17:44 colegatron wangofett, my file_root is: base: - folder_base, prod: - folder_prod - folder_base,  testing: - folder_testing - folder_base. that way I have all the 'general' states/pillars under 'folder_base' and only those specific to the env on the right folder. I am wondering how to check if data received by the minion is all the data and only the data it needs
17:44 zmalone Oh, I see, minus the escaping
17:44 onlyanegg joined #salt
17:44 brianfeister joined #salt
17:44 zmalone No, that doesn't work, because then you are making a malformed shell command at the master
17:44 zmalone "bar=" baz ";echo $bar"
17:45 zmalone etc.
17:45 zmalone The escapes are consumed by the shell you are running salt as
17:45 wangofett zmalone: You're right - I just tried it...
17:45 wangofett zmalone: with this - cmd.run '"bar="baz"; echo $bar"'
17:47 mapu joined #salt
17:47 wangofett zmalone: this appears to work, though: cmd.run cmd='"bar=\"baz\"; echo $bar"'
17:48 wangofett (as does removing the first set of " inside the '
17:49 snarfy joined #salt
17:49 wangofett colegatron: You mean that you just want to ensure you have the config setup correctly and that you're not passing extra data to your minions?
17:50 salt-please-help cheus i need to use - after
17:50 zmalone Removing the "" inside the cmd.run doesn't work for me.
17:50 zmalone This looks like some kind of escaping issue to me inside salt.
17:50 zmalone I'll throw it on the issue pile if I can't find it already
17:51 zmalone and work around it
17:51 davenoob joined #salt
17:51 wangofett zmalone: just out of curiousity, why not env? Just a personal preference?
17:52 zmalone I'm abusing salt as a parallel shell in this case for a one off job, and want to execute stuff and assign it into a variable prior to running my real commands
17:52 zmalone foo=`apg…` in this case
17:52 zmalone this is just a simplified example
17:53 wangofett aaah. What about `echo $(some command)`?
17:54 wangofett that substitution should work. You might have to get nasty with your nesting *shrugs*
17:55 wangofett alternatively: stick a shell script in `/srv/salt/files` and just do something like `file.manage /tmp/script.sh salt://files/myscript` followed by a cmd.run. I think that might work
17:56 wangofett zmalone: oh... there's also https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.cmdmod.html#salt.modules.cmdmod.exec_code
17:57 whytewolf zmalone: looks like salt is barfing on the = part of the command. escape that and salt passes the result through [however is also includes the escape, so still doesn't work.]
17:57 colegatron wangofett, yes. I have everything setup as masterless and only a salt base env. Also IK' using symlinks to . I am now trying to separate environments
17:58 colegatron sorry
17:58 wangofett zmalone: ah, look at that: https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.cmdmod.html#salt.modules.cmdmod.script
17:58 colegatron wangofett, yes. I have everything setup as masterless and only a salt base env. Also I'm using symlinks to set the right pillar (config.sls) for each server (I fire up them with vagrant-aws).
17:59 colegatron now I am trying to move to multiple environment, but using the right way (base: prod: test: env) instead to mess with symlinks
18:00 wangofett colegatron: ah, that makes more sense.
18:01 wangofett colegatron: although if you're running masterless... won't you have all of the salt config anyway? Or are you building up different images with different configs?
18:01 bhosmer joined #salt
18:02 kaptk2 joined #salt
18:02 colegatron the idea is to migrate to a salt-master and multiple environments, but I have everything in production. I can't break things, but I want to evolve to do the things in the right way
18:02 ipmb joined #salt
18:04 salt-please-help any ways i can append to a yaml file?
18:05 wangofett colegatron: I think what I'd do in that case is continue doing what I've been doing, then setup the master-minion relationship
18:06 wangofett and start extracting things that I touch
18:06 colegatron yes, that is what I am doing right now :)
18:07 wangofett So are you trying to ensure that the master isn't giving e.g. prod some data that only test should have? Or vice versa...
18:07 colegatron right
18:07 colegatron only to check it manually (in the meantime I get used to multiple envs)
18:09 colegatron I think the only way is check the values expected are there I expect to find them each time I am not sure and that's all
18:09 colegatron s/there/where
18:10 adendrag joined #salt
18:10 salt-please-help =( i use replaced file.replace, search the target and replace it with xxx\n  - 1.1.1.1
18:12 colegatron salt-please-help: look for blockreplace, pre/append if not exists options, maybe it helps you
18:12 * colegatron shutsdown for today
18:12 wangofett colegatron: I might also recommend using a vagrant or docker minion to test with ;)
18:12 colegatron wangofett, tnx
18:12 colegatron wangofett, I use vagrant :)
18:13 colegatron but directly over aws, not virtualbox :) server configurations are a bit complex (multi nics, aws roles, etc) to try to emulate it on virtualbox
18:14 colegatron should leave now. my head is going to explode. tnx wangofett
18:15 shaggy_surfer joined #salt
18:15 mapu joined #salt
18:16 nszceta joined #salt
18:16 nszceta At what scale does it makes sense to move to salt? I am currently writing bash scripts for deploying 4 servers
18:17 mpanetta nszceta: Any scale.  Some people only handle one server with salt, others thousands.
18:17 mpanetta Depends on what you want to do I suppose.
18:20 baweaver joined #salt
18:22 bhosmer joined #salt
18:25 teryx510 joined #salt
18:27 zmalone https://github.com/saltstack/salt/issues/29308 thanks jfindlay
18:27 saltstackbot [#29308]title: cmd.run behaves oddly when doing variable assignment | ```...
18:28 jfindlay zmalone: yeah, that is definitely annoying
18:28 wangofett nszceta: my opinion is one ;)
18:29 evle1 joined #salt
18:30 larsfronius joined #salt
18:30 numkem what are the currently supported renderers for the salt reactor?
18:31 jaybocc2 joined #salt
18:33 hightekvagabond joined #salt
18:37 baweaver joined #salt
18:39 techblaze joined #salt
18:39 nszceta very interesting. just wondering if its worth learning. i am currently installing some software, compiling several other pieces of software from source, and setting up several databases
18:40 nszceta most annoying part is dynamically altering configuration files
18:41 otter768 joined #salt
18:41 teryx510 joined #salt
18:46 hightekvagabond joined #salt
18:49 iggy numkem: should be anything supported by states/pillars... however I think there's an issue open about something not working right
18:49 flebel joined #salt
18:49 numkem iggy: I've seent github issues regarding pyobjects
18:59 beardede_ joined #salt
19:02 winsalt are there any resources on how to handle static ip addresses with salt-cloud, relating to creating and maintaing vms?
19:04 cliluw joined #salt
19:06 themadcanudist joined #salt
19:06 linjan joined #salt
19:06 themadcanudist left #salt
19:11 oida joined #salt
19:11 slav0nic joined #salt
19:11 denys joined #salt
19:12 tmclaugh[work] joined #salt
19:14 cheus Is there an inverse to `onchanges` or a way to impose that kind of inversion via some creative other requisite usage?
19:18 babilen cheus: What are you trying to achieve?
19:18 hightekvagabond joined #salt
19:19 babilen Maybe onchanges + a state that is the inverse of what you are expressing now
19:22 shaggy_surfer joined #salt
19:22 cheus I have multiple states that have a watch_in relationship to a `module.run: [{name: system.reboot}]` -- These are fired within the context of orchestration. Because I'm stepping through nodes as a canary deployment, I need to know that a particular node has successfully come back online (state.wait_for_event), before moving to the next.
19:22 cheus But I don't want to restart all nodes.
19:23 cheus So I need a way of signaling to orchestration -- "no need to wait, continue" to orchestration.
19:24 babilen Just fire the event in those cases with proper guards around the state that fires the event so you only continue if you want to?
19:24 baweaver joined #salt
19:26 cheus That's where I get tripped up -- if I have a `state.wait_for_event` /salt/minion/XXX/rebooted -- or whatever I use to signal, it's going to wait in orchestration no matter what unless I fire. But I don't know how to fire in cases where `system.reboot` isn't triggered.
19:26 * wangofett really needs a 'watch' guide. wangofett has never got them to work the way he expected
19:26 cheus Eg, an inversion of onchanges -- an, onnochanges
19:27 wangofett cheus: isn't there an 'unless'? Or 'onlyif'? or something
19:28 cheus wangofett, Those run shell commands.
19:28 babilen cheus: At which point do you decide if you want to reboot or not?
19:28 wangofett ah. Thought I saw something about that for watching but I'm probably hallucinating again ;)
19:28 cheus babilen, It's watching multiple other states for changes.
19:29 babilen And you want to fire an event if not a single one has changes?
19:29 cheus Correct.
19:31 larsfronius joined #salt
19:32 babilen So, why don't you keep on guarding the reboot state with onchanges and simply include a event.send at the last step in the SLS
19:33 brianfeister joined #salt
19:33 cheus Because `system.reboot` returns immediately and the event will fire before the reboot actually takes place
19:33 babilen Question is ... would that trip up the orchestration *if* you reboot :-?
19:33 babilen yeah
19:33 babilen orchestration is hard
19:33 cheus Heh.
19:33 babilen But I see what you are after now :)
19:35 Karunamon joined #salt
19:36 babilen Would using two different events work?
19:37 babilen So that you would "normally" wait for a reboot event, but a "continue" event would allow it to continue too
19:38 cheus babilen: my mind was spinning in that direction when I asked but I couldn't figure out a way to avoid waiting for the reboot event which would add about 6hrs to my orchestration runs. :-p
19:38 cheus And even then, I'd just be waiting for it to time out indefinitely.
19:38 zmalone Can someone explain to me why salt-minion doesn't use a lock file?  I occasionally run into hosts that somehow have multiple minions running with the same config, and when the master queues up a job, both minions will grab it and attempt to do the actions at the same time.
19:39 techblaze joined #salt
19:40 babilen cheus: I was thinking salt.wait_for_event (reboot) with a sensible timeout and another salt.wait_for_event with onfail on the first wait_ .... ah, that probably won't work as the "continue" event will be fired earlier
19:40 babilen or rather: Too early (while the wait_for_event is still waiting for the timeout)
19:40 cheus Hehe. As you said, orchestration is hard. :-p That's why I keep going back to needing some kind of inversion to `onchanges`
19:41 babilen Well, you need to explicitly express the two branches of a conjunction of "state outcomes". onchanges only captures one ..
19:42 cheus Yup.
19:43 winsalt wont an event.send that requires all the previous states, do something like that
19:43 zmalone https://github.com/cachedout/salt/commit/546229ec790b31e2a934f1b9e66f82d8255c5f48 I guess someone is moving in that direction already
19:44 mechnine joined #salt
19:44 cheus winsalt, Unfortunately, it won't -- because `system.reboot` returns immediately so that event would fire always.
19:45 mechnine Hey everyone, I've been pouring over documentation and trying to get something to work and having no dice.  I want to use a nodegroup as a definition of what a user has access to using pam authentication and...I can't get that to work.  Is it supported?
19:45 babilen cheus: But it would only fire if you have changes .. if you don't the system.reboot won't fire, but the event.send would ..
19:45 mechnine I'm using 20158.1
19:46 winsalt if you are using orchestration, you could wait for the reboot to finish before sending the event
19:47 babilen cheus: You could always raise an event (the "go on event") and set a grain on the minion according to the "should reboot or not" outcome. The orchestration test you continue with would run into different branches based on the value of that grain (or a file being present or something)
19:47 babilen winsalt: The reboot itself raises the event, the tricky part is that a reboot is not always required and that cheus just wants the minion to continue *as if* the minions have just rebooted
19:48 babilen (naturally the "continue please" step should only occur if a reboot has not been deemed necessary)
19:48 babilen Or that's my understanding at least
19:48 cheus babilen, Perfectly described. I had considered touching a file but it just felt so dirty.
19:49 cheus Didn't want to go that route unless I absolutely had to.
19:49 cheus I'm also concerned about what that might mean (a file) in the event of failure.
19:49 racooper joined #salt
19:49 cheus I don't have a guarantee that it'd be cleared.
19:50 winsalt im a little confused about what event you are talking about, when you say system.reboot returns immediately.  I have an orchestration that waits for a reboot, and the wait_for_event is salt/minion/*/start
19:52 babilen cheus: I wouldn't feel too bad about setting a grain to either "True" or "False" and determining if the reboot state should be run ... Just set it to False by default and then set it to True with the onchanges. Fire the "maybe_reboot" event that will fire off the "should we reboot?" state in which you check the grain ..
19:53 babilen If the grain is True you set it to false and reboot and if it False (i.e. the default) you fire the reboot(ed) event manually
19:53 cheus That's brilliant.
19:53 cheus :)
19:53 cheus Thanks.
19:53 babilen Just make sure that you are working with up to date grains ..
19:54 babilen I agree that it would be nicer to explicitly work with state outcomes in a boolean way, but that's the best I can think of ..
19:55 brianfeister joined #salt
19:57 babilen cheus: Spinning this further .. it is not too uncommon to enumerate the "step" a minion that is being orchestrated is in and to write logic about the value of that grain .. You essentially "turn the knob" on step further and then fire a normal "next state" event
19:57 cheus babilen, Ahh. That's an interesting pattern I hadn't yet considered.
19:58 rynmrtn joined #salt
19:58 babilen Think of it as a finite state machine in which you essentially set the grain to the next "state" ... Then you alway fire off a "just do the next one, you know where to look" state that continues with the correct one
19:58 babilen I haven't seen that pattern, but then .. writing a FSM with the tools at hand shouldn't be too hard
19:59 cheus Yeah, makes total sense though I think the way we use orchestration might make that a little nutty. We build orchestration into all of our formulas and then string together full system orchestration vial includes and extended requisites. That makes it difficult to predict the 'next' step between formula.s
19:59 babilen You run a state .. every state sets the next one explicitly and fires of the "next state please" event. You simply start whatever state has been selected and take it from there.
20:00 WesleyTech joined #salt
20:00 babilen You might even do this without a grain and just pass that information in the event you fire and then run the according state ..
20:01 babilen I've just been thinking out loudly ..
20:01 babilen :)
20:01 cheus Much appreciated. I had totally forgotten grains could be set on-the-fly.
20:01 forrest joined #salt
20:01 babilen Let me know how it works out .. but that *feels* like a promising path
20:02 cheus I agree!
20:02 fredvd joined #salt
20:02 hightekvagabond joined #salt
20:02 toastedpenguin joined #salt
20:04 toastedpenguin any windows salt users using 2015.8.1 noticed the minion increases its ram use over time?  just started finding minions with 6GB+ of RAM
20:04 toastedpenguin also, how many ports should the minion be bound to?
20:06 zmalone toastedpenguin: only the master should need open ports, see https://docs.saltstack.com/en/latest/topics/tutorials/firewall.html
20:06 zmalone (4505/4506, if you don't want to read that)
20:07 aidalgol joined #salt
20:08 protoz joined #salt
20:09 toastedpenguin zmalone: I see the minion binding to 4510 & 4511 and then it is making connections to the localhost on serveral other ports, 5905, 60787 etc.
20:09 zmalone I've heard other people complain about memory leaks, but I don't have that issue myself on ubuntu/2015.8.1
20:09 toastedpenguin a memory leak would explain the ram consumption
20:10 onlyanegg joined #salt
20:11 winsalt i have 2015.8.1 on 2012R2 and it doesnt use much at all
20:12 winsalt but I have seen a situation on centos7 where minions waiting to have their keys accepted used a lot of ram
20:12 toastedpenguin winsalt: same one 2012R2 and its chewing away at the ram over time
20:12 aidalgol joined #salt
20:16 ernetas joined #salt
20:16 ernetas Hey guys.
20:16 protoz joined #salt
20:16 ernetas {{ pillar['haproxy']['servers']['frontend{{ grains['dd']['frontend_number'] }}']['ip'] }}
20:16 wangofett The only thing I've seen gnarly re: resource hogging was a busy-wait loop because the select was always timing out on a socket read
20:16 ernetas Can I do something like that?
20:16 wangofett ernetas: I think you'd just not have the {{}} part in there and use + for string concat
20:16 winsalt no ernetas, nested jinja wont work
20:17 wangofett ['frontend' + grains['dd']['frontend_number]]['ip']
20:17 winsalt ^ what he said
20:17 wangofett ^I belive that's valid jinja
20:18 wangofett http://serverfault.com/q/740082/46824 Has anyone ever written an unless/onlyif where there checking the # of lines output by the command?
20:19 ernetas Thanks, that sort of worked! Hmm. TypeError: cannot concatenate 'str' and 'int' objects. Only works if I put the grain into quotes. Is there a way to stringify an integer inside Jinja?
20:19 babilen |str
20:19 gthank left #salt
20:19 ernetas Thanks again! :)
20:19 giantlock joined #salt
20:20 wangofett oh, your frontend number is a str? I think you can filter it as a string?
20:20 sdm24 ernetas: ~ instead of + will convert the objects into a str
20:20 wangofett ahhhh, right
20:20 sdm24 and concatenate
20:20 ernetas sdm24: wow, thanks! That's even better :)
20:20 wangofett it's been a while since I've had to muck with that much jinja ;)
20:21 brianfeister joined #salt
20:22 sdm24 yeah thats one of the few jinja tricks I know haha
20:22 babilen You can also use "...."|format(foo, bar, baz)
20:22 thalleralexander joined #salt
20:25 tehsu any one use metadata at rackspace
20:26 babilen be the first!
20:27 wangofett babilen: I'm pretty sure "{}...".format(foo,...) also works
20:27 mapu joined #salt
20:27 babilen wangofett: Sure, that would call the method rather than the jinja filter.
20:28 babilen I don't like jinja much and would prefer explicit Python blocks a lot more than the hodge-podge it offers, but meh ...
20:28 StolenToast I have a file state that depends on a pkg.installed state but since the package installed by that state is already up to date it reports failure which causes the dependant states to fail too
20:28 StolenToast I though - pkg_verify would prevent this but it doesn't
20:28 babilen StolenToast: Why does it fail if it is installed?
20:29 StolenToast I don't know, it's confusing me...
20:29 babilen Mind sharing your state and the output on one of http://refheap.com, http://paste.debian.net, https://gist.github.com, http://sprunge.us, http://dpaste.de, … ?
20:29 StolenToast it did it once and reported success but now it fails on every highstate
20:29 babilen pkg.installed shouldn't fail if the package is already installed ... unless you are doing something funny ;)
20:29 multiscan joined #salt
20:30 StolenToast I shouldn't be, it's super simple
20:30 StolenToast gimme a minute
20:31 StolenToast http://hastebin.com/avalofinex.sm
20:31 StolenToast here's the state
20:31 subsignal joined #salt
20:33 StolenToast the error is "Comment: The following packages failed to install/update: ganglia-gmond=3.1.7" and the more detailed info reveals it "failed to update/install"
20:33 StolenToast ostensibly because you can't update a package that's up to date...
20:34 StolenToast and the new version that I expect is in place, so the state resolved and happened at least once
20:34 babilen If you run "salt-call -ldebug ...." on the minion, what commands are run and what are their output?
20:34 babilen scicomp-extras might be b0rken
20:35 StolenToast that repo I know is fine because the package already installed from it
20:35 babilen And why do you use pkg_verify ?
20:36 babilen Did you not alter *any* file?
20:36 babilen (e.g. configuration)
20:36 giantlock joined #salt
20:36 StolenToast it just pulls a conf
20:37 baweaver joined #salt
20:37 babilen What does that mean?
20:37 StolenToast I'm not totally lear on what pkg_verify even does
20:37 traph joined #salt
20:37 zmalone StolenToast: What version is currently installed?  Some platforms can "upgrade" to older versions, and some can't.
20:37 StolenToast all that needs to happen is to install ganglia-gmond and then copy the config and boot files
20:38 babilen It verifies that not a single file that came with the package has been altered, which then forces a reinstall
20:38 StolenToast zmalone: before I tried to do this v3.0.7 was installed.  After one highstate v3.1.7 is installed (as expected)
20:38 babilen And you altered a configuration file? Well, lets check this .. does it work fine if you remove pkg_verify
20:38 StolenToast and this is centos with yum
20:38 babilen ?
20:38 StolenToast that's the first thing I did, without pkg_verify
20:38 linjan joined #salt
20:38 StolenToast I added the line because it failed
20:38 babilen Also .. I sort of still think that the salt-call output would be interesting
20:39 catpig joined #salt
20:39 zmalone https://github.com/saltstack/salt/issues/28807
20:39 saltstackbot [#28807]title: pkg.installed fails under 2015.8.1 with "-" in the key name | There seems to be a bug in 2015.8.1 with pkg.installed when there is a "-" in the name of the source package key. For example ...
20:39 zmalone sounds related
20:39 zmalone you have a -
20:39 StolenToast alright I'll paste it all but it's a lot of text telling me yum is doing exactly as it should.  Gimme a minute
20:40 zmalone (for StolenToast)
20:40 babilen What a ridiculous bug :(
20:41 babilen Are we sure that StolenToast is running 2015.8.1 ?
20:41 StolenToast we are not
20:41 StolenToast let me find out what version I have
20:41 babilen Are you?
20:41 StolenToast no, it's older
20:41 StolenToast 2015.5.3
20:42 babilen So the last properly packaged release ...
20:42 babilen WHEN WILL THEY RELEASE THE PACKAGING CODE?
20:42 otter768 joined #salt
20:42 babilen With security updates no longer being packaged there is ... well .. a bit of an incentive to switch
20:46 StolenToast babilen: I'm still trying to get you that salt output but I'm tripping trying to capture the debug output to a file
20:47 nledez joined #salt
20:47 nledez joined #salt
20:47 baweaver joined #salt
20:47 zmalone StolenToast: there are a ton of similar issues in the issue tracker, ex. https://github.com/saltstack/salt/issues/27400
20:47 saltstackbot [#27400]title: pkg.installed succeeded but says it failed | python-pip has been installed after the execution of this state:...
20:48 zmalone I've got the opposite problem, pkg.removed fails when it shouldn't, so I shell out and run the uninstall command.
20:48 StolenToast yeah I keep doing that but the idea is to move AWAY from that
20:48 StolenToast this is a very old system with some arcane tech... trying to modernize
20:49 StolenToast babilen: here is the debug output from that salt state http://hastebin.com/dixunosigu.vhdl
20:53 renoirb joined #salt
20:54 StolenToast it's all unrelated detail until one line at the bottom that tells me WHAT yum ran and THAT (not why) it failed
20:56 whytewolf StolenToast: Current version (['3.1.7-8'] did not match (==) desired (3.1.7), add to targets
20:56 zmalone now that sounds like a salt issue, although it may be fixed in current saltstack
20:56 zmalone the last -<number> is packager version
20:56 zmalone not (traditionally) part of the real version
20:57 zmalone so if you build ganglia and screw it up, and reroll the package later, you can increment it
20:57 morsik it's not only for "screw"
20:57 zmalone that's fair
20:57 morsik it's also for adding patches when base version doesn't change, etc.
20:57 zmalone although the current saltstack evidently breaks on dashes in package names, so that isn't very helpful for you
20:58 babilen StolenToast: Are you sure that ganglia-gmond is the exact name of the package? I wonder why it runs "...--whatprovides ganglia-gmond" in line 365
20:59 babilen And then it fails as the version you have specified is not correct (Current version (['3.1.7-8'] did not match (==) desired (3.1.7))
20:59 babilen Ah .. has been mentioned already
20:59 babilen And once again; ACTUAL output solved the issue!
21:00 zmalone babilen: on most platforms, the -<foo> can be viewed as being insignificant digits if they are omited, I'm not sure if StolenToast's works that way
21:01 multiscan joined #salt
21:02 babilen I live in apt land and you really wouldn't want to drop the package/debian revision
21:02 babilen zmalone: Can't tell you if it is a bug in salt or StolenToast's state, but my guess would be that this would work if (s)he'd would just specify "3.1.7-8" as the required version
21:03 babilen If the "-8" is unimportant, why would you specify it?
21:03 whytewolf it could also be a bug in the way that the package is reporting it's version
21:03 zmalone It would, although I don't necessarily feel like omitting the packager version should throw up a error, in ips land it would assume the most recent 3.1.7 release
21:04 babilen If only there would be a way to specify version ranges ;)
21:06 ingslovak joined #salt
21:07 mnaser joined #salt
21:09 Netwizard joined #salt
21:09 Netwizard hi
21:13 hightekvagabond joined #salt
21:15 adendrag joined #salt
21:19 nszceta [15:42:46]  <babilen>With security updates no longer being packaged there is ... well .. a bit of an incentive to switch what?
21:20 Netwizard im looking for help with a very strange issue
21:20 whytewolf nszceta: from the old repos [epel, ppa] to the new shiny [repo.saltstack.com]
21:20 babilen nszceta: To switch to repo.saltstack.com (which contains automagically generated packages for which I have not yet found the source code)
21:20 Netwizard im following a guide on provisioning machines to digitalocean with saltstack
21:20 Netwizard my machines get created fine
21:20 nszceta nice!
21:21 Netwizard but when i try to do a salt ´*´ test.ping
21:21 Netwizard it returns that my minions did not return
21:21 babilen nszceta: I don't necessarily consider that great
21:21 Netwizard digitalocean created them just fine
21:21 PredatorVI joined #salt
21:21 DukepiranhaTen i would say
21:21 DukepiranhaTen talk to the vms
21:21 DukepiranhaTen ask them about why they arent returning
21:21 nszceta whatever - its easier to setup and use now
21:21 DukepiranhaTen is it something u did
21:21 spaceSub Can I use salt-cloud with salt-call.
21:21 DukepiranhaTen something u said
21:21 Netwizard DukepiranhaTen, hmmm?
21:22 spaceSub And/Or is calt-cloud just meant to be used _on_ the master?
21:22 spaceSub Or where do I call that executable?
21:22 DukepiranhaTen Netwizard:  kidding
21:22 DukepiranhaTen saltstack faq page has nc commands you can run
21:22 DukepiranhaTen to see if minions can connect to master
21:22 DukepiranhaTen and vice version
21:22 DukepiranhaTen vice versa
21:22 whytewolf babilen: they have not posted the source code for it yet :P most likely still tring to pull the hard coded passwords out of it :P
21:23 Netwizard DukepiranhaTen, hmmm, this page: https://docs.saltstack.com/en/latest/faq.html
21:23 DukepiranhaTen yes
21:23 Netwizard because i looked, but maybe not good enough
21:24 losh joined #salt
21:24 aboe joined #salt
21:26 PredatorVI Question about salt-api...does anyone have a link to current salt-api examples that use a JSON document to post the full command including eauth, user, password, etc??
21:27 PredatorVI I have a functioning POST request for calling salt.orchestrate but the server returns a 500 error for my attempts at calling just a simple salt state and I can't find any useful info in the logs.
21:27 shaggy_surfer joined #salt
21:28 PredatorVI Here is gist of my JSON: https://gist.github.com/PredatorVI/3a89cf7c46e1d559ab42
21:32 Ahlee any way to refresh a _grain value without restarting salt minion?
21:32 larsfronius joined #salt
21:33 Ahlee saltutil.sync_grains, duh
21:33 whytewolf Ahlee: refresh_modules should also do it
21:34 DukepiranhaTen Ahlee:  duh
21:35 Ahlee kj/wi DukepiranhaTen
21:35 cyborg-one joined #salt
21:35 Ahlee man, i'm on fire today
21:36 whytewolf PredatorVI: first, you have an extra coma on your json, that is causing it to not pass lint. at "fun": "myservice.deploy_webapp",
21:37 * DukepiranhaTen pours water on Ahlee
21:38 whytewolf PredatorVI: second auth data is normally handed over in a X-Auth-Token header with REST not as part of the data package. https://docs.saltstack.com/en/latest/ref/netapi/all/salt.netapi.rest_cherrypy.html#authentication
21:40 colegatron joined #salt
21:40 StolenToast babilen: yes I am sure the package is specifically named "ganglia-gmond"
21:40 PredatorVI whytewolf:  I'm not doing multiple requests so I typically haven't used the X-Auth-Token.
21:40 PredatorVI I send auth with every request
21:40 StolenToast zmalone: whytewolf: as far as I know yum does not worry too much bout the packager version
21:41 StolenToast since yum install 3.1.7 installed 3.1.7-8
21:41 StolenToast however, it MAY be what is tricking the salt state, let me try to be more specific
21:42 StolenToast *Release number
21:42 whytewolf StolenToast: the problem is the version. is fighting with what is being reported. it wants to downgrade to 3.1.7 and can't cause 3.1.7-8 meets that requirement
21:43 StolenToast yeah specifying the release version appeased the pkg state
21:43 PredatorVI whytewolf:  from docs:  "You can bypass the session handling via the Run URL." which is what we are doing.
21:44 yetAnotherZero joined #salt
21:44 whytewolf PredatorVI: then do that. point 1 is still valid though :P
21:45 PredatorVI whytewolf:  I fixed the comma but still get a 500 error
21:45 zmalone StolenToast: if it accepts ambiguous packages on first run, I'd expect it to do the same on subsequent runs.  I'd probably open an issue for that
21:46 PredatorVI I had actually fixed it in my Fiddler request, I just pasted other code.
21:46 StolenToast zmalone: I guess that was my next question, this seems like slightly left-of-ideal behavior
21:46 StolenToast it should be one or the other consistently
21:49 hightekvagabond joined #salt
21:49 StolenToast I've never submitted an issue before, I did some preliminary search and can't find a similar issue so I'll open a new one
21:49 StolenToast is it an issue if someone finds a dupe of it?
21:50 whytewolf StolenToast: if you can't find an issue in the github issue queue. then post a new issue. if they fin a dupe it will be marked as such and pointed to the main issue.
21:51 StolenToast oh but I also am not running the latest stable version.  Should I attempt an upgrade first or just specify it's the older v?
21:51 StolenToast seems only fair to try upgrading first
21:51 zmalone I'd probably try to upgrade first.
21:51 whytewolf upgrade if you can.
21:51 StolenToast yeah I'll do that but tomorrow
21:51 zmalone StolenToast: dupes are not a big deal, post the simplest example you can, and clearly explain the issue
21:51 StolenToast it's home o clock
21:52 StolenToast ok thanks for the help everyone
21:52 DukepiranhaTen by
21:52 DukepiranhaTen bye
21:52 DukepiranhaTen toast steeler
21:53 keimlink joined #salt
21:54 techblaze joined #salt
21:54 whytewolf PredatorVI: sorry with out more experence with salt-api i will not be able to help. salt-api has never been high on my list of things to work through. although i should i might be able to tie salt directly into openstack heat that way
21:54 PredatorVI no worries.
21:57 PredatorVI FWIW, I'm seeing this error now:  "{"return": [{"myminion-01": "'myservice' __virtual__ returned False"}]}" but I have no idea what that means.  There are no errors or other detail.
21:58 whytewolf __virtual__ returned false means a module that was trying to load isn't able to
21:58 PredatorVI k
21:58 whytewolf thats a standard salt error
21:59 PredatorVI Any way to enable debug to determine what module it couldn't find?
21:59 whytewolf the module name is in that error. 'myservice'
22:00 PredatorVI I still think it is in my JSON formatting and the parameters I'm passing.  Doing it via command-line works fine.
22:00 danlsgiga joined #salt
22:00 danlsgiga hey folks
22:00 whytewolf PredatorVI: what do you pass to the command line?
22:01 tehsu if im trying to run a ignore_cidr is netaddr required?
22:01 danlsgiga looking through the docs I can't find a way to have failhard set to a LocalClient
22:01 zer0def joined #salt
22:01 danlsgiga is that possible?
22:01 danlsgiga I'm using the cmd_batch LocalClient method, but for my use case I'd like to have failhard set
22:02 whytewolf tehsu: yes
22:05 tehsu so, during ssh I want it to choose a private ip and specifically ignore the 192 address
22:05 tehsu ignore_cidr: 192.168.10.0/24
22:05 tehsu ssh_interface: private_ips
22:06 tehsu whytewolf, that should ignore the 192 and accept the other address, correct?
22:07 whytewolf as long as the address is 192.168.10.<some number>
22:07 tehsu yeah
22:10 baweaver joined #salt
22:11 PredatorVI whytewolf:  I figured it out thanks to your last question.  on command line I was calling state.highstate, but via salt-api, I was trying to call the my state file directly.
22:11 baweaver joined #salt
22:12 whytewolf PredatorVI: ahh.  that seems to be a common error. people putting state files in for functions
22:12 whytewolf [not just salt-api]
22:12 WesleyTech_ joined #salt
22:12 PredatorVI Yeah...I admit it...I'm a n00b.
22:12 PredatorVI :)
22:14 whytewolf lol. it happens a lot though. hell I'm sure i did it at some point.
22:14 * PredatorVI wishes the salt-api (and other) error codes were more useful
22:15 ajw0100 joined #salt
22:15 wangofett qft
22:17 mosen joined #salt
22:19 wendall911 joined #salt
22:22 tehsu thanks whytewolf saved me about 15 minutes of second guessing myself before I hit enter
22:25 whytewolf tehsu: better then 3 days of troubleshooting something only to find you named a varable in a config file wrong.
22:25 justanotheruser joined #salt
22:26 chiui joined #salt
22:26 ernetas joined #salt
22:29 ernetas https://gist.github.com/ernetas/1666029b9180a0177ceb - anyone know how to optimize this slash make it a single if? I would like to have only single `- nginx`, even if there are multiple `roles: frontend` matches in the for loop
22:30 ernetas Sample of grain data in the comments.
22:32 slav0nic joined #salt
22:33 tehsu whytewolf ouch
22:33 hightekvagabond joined #salt
22:33 whytewolf tehsu: it was an openstack config. so literally hundreds of lines in lots of different files to parse. even before looking at the logs
22:34 joehh joined #salt
22:35 indispeq joined #salt
22:36 techblaze joined #salt
22:36 whytewolf ernetas: it isn't the if that needs simplifieing. you need to unroll that loop if you don't want more then one nginx in the include
22:37 whytewolf is there any info that lets this instance know what it is?
22:37 joehh joined #salt
22:40 nexsja joined #salt
22:41 PredatorVI whytewolf (and anyone else):  Now that I have state.highstate working via salt-api, I'm trying to target my state directly.  The JSON format is eluding me.  I've updated my GIST with the formats I've tried.  All return '200' and empty result "{"return": [{}]}".  https://gist.github.com/PredatorVI/3a89cf7c46e1d559ab42
22:43 otter768 joined #salt
22:43 ernetas whytewolf: yep, it's in the comments. If it has 'frontend' in at least one 'dd:instances:_name_:roles', it should have nginx. The problem is that I don't know how do I match that? '{% if 'frontend' in grains['dd']['instances'][*]['roles'] %}' Also note that 'roles' does not always exist :/ .
22:44 aurynn joined #salt
22:44 whytewolf PredatorVI: is that target right? you had a * on the end in the last example.
22:45 PredatorVI yes
22:45 PredatorVI 'myminion-01' is correct.  If I had '*' before it was another cut-n-paste error.
22:47 PredatorVI I usually put a '*' at the end of my real targets because sometimes the minion_id includes the domain name and sometimes it does not so the '*' allows me to not care.
22:48 whytewolf PredatorVI: I believe the second one is the correct format arg: [list of arguments. ] but not sure why you are not getting a result.
22:48 hightekvagabond joined #salt
22:48 aurynn joined #salt
22:49 danlsgiga no way to have failhard in a LocalClient cmd_batch?
22:51 whytewolf ernetas: if you have to check every instence then you need the loop. but I would put in a verable that once set causes the if to skip always. then set that variable after the - nginx
22:52 forrest jfindlay, Do you know if there will be an alternative for remote attendance for: http://saltstack.com/events/salt-sprint-at-the-next-saltstack-salt-lake-city-meetup/
22:52 forrest I'm not going to use Adobe Connect
22:52 geekatcmu s/Connect/anything/
22:53 forrest geekatcmu, Much more accurate.
22:53 whytewolf s/anything//
22:53 PredatorVI whytewolf:  That was the right one and once again your question helped.  It turned out to be the 'tgt'.  I had included the full DNS name but in this case, the minion_id did NOT have the domain so it wasn't finding it.  Again, if the result would have had a reasonable error (target not found) ...  Maybe I'll go to the SaltStack sprint night tomorrow and figure out how to improve error reporting :)
22:53 jfindlay forrest: we weren't planning on using anything else
22:53 forrest jfindlay, okay
22:53 jfindlay there's #salt-devel and #salt-dev-training
22:54 forrest I'm familiar with salt-devel, wasn't aware of the training channel
22:54 jfindlay yeah, I just made it :)
22:54 forrest ahh okay
22:55 baweaver joined #salt
22:55 jfindlay we're trying to support two different audiences in the same sprint
22:56 jfindlay sort of based on feedback on past sprints and experiences from people at other sprints, at pycon, for example
22:57 forrest Yeah, I know at saltconf a couple years ago it worked pretty well to just sit people down and say 'read the contributing docs and ask questions if you have them'
22:57 foundatron joined #salt
22:57 jfindlay the sprint we had last year didn't work out that well
22:57 forrest Really? Weird.
22:58 jfindlay yeah, I'm not really sure why
22:58 forrest Maybe there were more technical people the first year? I don't know, I talked to at least a half dozen people who had made PRs by the end of the sprint. Using Git is pretty easy, and this was before the revision to the docs.
23:01 Guest45164 joined #salt
23:01 Guest45164 left #salt
23:02 amcorreia joined #salt
23:07 hoonetorg joined #salt
23:08 techblaze joined #salt
23:09 baweaver joined #salt
23:13 foundatron joined #salt
23:16 breakingmatter joined #salt
23:16 colegatron joined #salt
23:17 traph joined #salt
23:17 NightMonkey joined #salt
23:22 aidalgol joined #salt
23:22 protoz joined #salt
23:26 ajw0100 joined #salt
23:27 libertyy joined #salt
23:27 libertyy joined #salt
23:30 zmalone joined #salt
23:32 kawa2014 joined #salt
23:32 jgelens joined #salt
23:35 Pixionus joined #salt
23:35 Pixionus joined #salt
23:41 brianfeister joined #salt
23:45 tpaul joined #salt
23:46 libertyy I like the idea of using Salt's net-api and reactor to fire off orchestration events. The missing piece is how to report success or failure of an orchestration run when fired off from the net-api. Does anybody have any docs or reading material I should look at?
23:48 hoonetorg joined #salt
23:50 PredatorVI libertyy: Our current (simplistic) solution is using a Groovy script to call the salt-api and then parse the JSON response looking for "result": "false" values and doing an System.exit(1) if any failures happen so our continuous deployment system sees the error and stops the pipeline.  However, we are in the early stages so I'm sure we'll have to do a bit more processing.
23:55 libertyy json response from a curl command? or are you parsing the salt event bus?
23:57 PredatorVI Well, not using curl, but Groovy HTTPBuilder making HTTP POST request then parsing the JSON response
23:57 traph joined #salt
23:58 libertyy hrm, i think i'm missing something here. The HTTP request is only reporting "success: true", but the orchestration is failing (as a test, i'm cmd.run /bin/false as the first part of the orchestration).

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary