Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2016-01-04

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:00 rmnuvg joined #salt
00:05 amcorreia joined #salt
00:05 pfallenop joined #salt
00:05 darvon joined #salt
00:11 garthk joined #salt
00:17 rmnuvg joined #salt
00:30 zenlot joined #salt
00:35 subsignal joined #salt
00:37 brianfeister joined #salt
00:47 yomilk joined #salt
00:48 keimlink_ joined #salt
00:55 otter768 joined #salt
00:56 keimlink joined #salt
01:06 rmnuvg joined #salt
01:20 tristianc joined #salt
01:23 Rene--_ joined #salt
01:25 tristianc joined #salt
01:31 pcdummy joined #salt
01:31 pcdummy joined #salt
01:32 tristianc_ joined #salt
01:33 pcdummy joined #salt
01:41 nyx__ joined #salt
01:50 rmnuvg joined #salt
01:53 malinoff joined #salt
01:58 baweaver joined #salt
02:09 kermit joined #salt
02:17 mosen joined #salt
02:23 aea joined #salt
02:24 catpigger joined #salt
02:25 aea What's the recommended way of dealing with multiple environments? I just want different pillar data for different environments, I found pillar_roots but I'm getting rather contradictory information depending on which source I read.
02:26 brianfeister joined #salt
02:39 tristianc joined #salt
02:43 nyx_ joined #salt
02:47 ilbot3 joined #salt
02:47 Topic for #salt is now Welcome to #salt! | Latest Version: 2015.8.3 | Logs: http://irclog.perlgeek.de/salt/ | Paste: https://gist.github.com/ (please don't multiline paste into channel) | Ask with patience as we are volunteers and may not have immediate answers
02:47 brianfeister joined #salt
02:54 justanotheruser joined #salt
02:58 subsignal joined #salt
02:59 rmnuvg joined #salt
03:04 subsignal joined #salt
03:05 jfred joined #salt
03:14 cornfeedhobo left #salt
03:15 tristianc joined #salt
03:18 malinoff joined #salt
03:19 colegatron joined #salt
03:26 mapu joined #salt
03:30 shaggy_surfer joined #salt
03:45 colegatron joined #salt
04:01 yomilk joined #salt
04:07 colegatron joined #salt
04:11 ITChap joined #salt
04:11 cyborg-one joined #salt
04:15 Kanoomin joined #salt
04:15 racooper joined #salt
04:17 kshlm joined #salt
04:19 Kanoomin Hi, I was wondering if Salt has any modules that manage SSHFP DNS records? Failing that, is there any module that manages a centralized hostkey list? I've done some searching and haven't turned up a whole lot so far. Figured I'd ask to be sure
04:24 hasues joined #salt
04:24 hasues left #salt
04:27 Eugene I'm an old-school hard-segmentation guy and would use separate Salt servers
04:34 godlike how would I go about targeting all my minions but one? $(salt -C 'not <minion_id>' test.ping) is giving me the willies
04:43 racooper salt '* and not minion1' command
04:43 racooper er... salt -C '* and not minion' command
04:44 racooper pretty sure that' s in the targeting documentation
04:48 jfred joined #salt
05:00 bhosmer_ joined #salt
05:04 cberndt joined #salt
05:08 ITChap joined #salt
05:09 lompik joined #salt
05:10 Walugo joined #salt
05:14 armguy joined #salt
05:15 Walugo left #salt
05:15 baweaver joined #salt
05:17 zerocrashburn joined #salt
05:27 rdas joined #salt
05:28 brianfeister joined #salt
05:43 hamsham joined #salt
05:46 impi joined #salt
05:51 XenophonF aea: i use environments to break my state data into dev/test/staging/prod
05:52 XenophonF aea: but other arrangements are possible
05:52 XenophonF aea: i don't use environments with pillar data
05:53 XenophonF aea: you can see examples at https://github.com/irtnog/salt-states and .../irtnog/salt-pillar-example
05:59 calvinh joined #salt
06:00 Crazy67 joined #salt
06:03 calvinh_ joined #salt
06:08 anmol joined #salt
06:10 ITChap joined #salt
06:12 Crazy67 joined #salt
06:28 Crazy67 joined #salt
06:28 fxhp joined #salt
06:35 otter768 joined #salt
06:41 felskrone joined #salt
06:48 brianfeister joined #salt
06:53 yomilk joined #salt
07:02 Crazy67 joined #salt
07:04 AlberTUX joined #salt
07:09 Crazy67 joined #salt
07:10 LondonAppDev joined #salt
07:11 Crazy67 joined #salt
07:12 rotbeard joined #salt
07:13 Diaoul joined #salt
07:15 colttt joined #salt
07:19 bmcorser joined #salt
07:19 bmcorser hello
07:19 pezus joined #salt
07:19 bmcorser anyone know why halite was deprecated?
07:19 bmcorser also is there a project for a salt web GUI?
07:20 nahkiss I changed my minions ID after accepting it's key, what do I need to do for the master to see this change?
07:21 GreatSnoopy joined #salt
07:23 AndreasLutro nahkiss: you'll need to restart the minion and re-accept the key
07:24 nahkiss salt-key -L only shows the key for the old ID in accepted
07:24 nahkiss just delete it, restart minion and check again?
07:25 nahkiss ah yeah, works!
07:28 AirOnSkin joined #salt
07:34 KermitTheFragger joined #salt
07:37 elsmo joined #salt
07:44 sirtaj joined #salt
07:49 sirtaj joined #salt
07:52 dgutu joined #salt
08:01 rmnuvg joined #salt
08:10 rmnuvg joined #salt
08:10 eseyman joined #salt
08:11 sirtaj joined #salt
08:30 auzty joined #salt
08:30 sirtaj joined #salt
08:31 felskrone1 joined #salt
08:34 sjohnsen joined #salt
08:36 otter768 joined #salt
08:38 rmnuvg joined #salt
08:38 brianfeister joined #salt
08:42 jamesp9 joined #salt
08:47 s_kunk joined #salt
08:47 s_kunk joined #salt
08:48 jhauser joined #salt
08:52 Rumbles joined #salt
08:52 slav0nic joined #salt
08:55 rmnuvg joined #salt
08:55 Rumbles joined #salt
08:55 dgutu joined #salt
09:00 jamesp9 joined #salt
09:04 zola25 joined #salt
09:04 sirtaj joined #salt
09:05 av_ joined #salt
09:15 N-Mi joined #salt
09:22 impi joined #salt
09:23 amcorreia joined #salt
09:27 bluenemo joined #salt
09:27 Xevian joined #salt
09:27 ITChap joined #salt
09:28 ITChap joined #salt
09:30 Nazca joined #salt
09:33 GreatSnoopy joined #salt
09:47 yomilk joined #salt
10:00 scarcry joined #salt
10:00 elsmo joined #salt
10:02 LondonAppDev joined #salt
10:03 SpX joined #salt
10:04 cberndt joined #salt
10:08 denys joined #salt
10:08 zigurat joined #salt
10:09 zigurat Hi. How does salt keep track of ran commands. I have some of the "Result: Clean". Is there a cache of some sorts?
10:10 AndreasLutro zigurat: https://docs.saltstack.com/en/latest/topics/jobs/
10:11 21WAAO35P joined #salt
10:16 scc joined #salt
10:17 jxm_ joined #salt
10:24 malinoff joined #salt
10:26 tpv joined #salt
10:27 tpv left #salt
10:27 brianfeister joined #salt
10:36 rmnuvg joined #salt
10:37 otter768 joined #salt
10:41 N-Mi joined #salt
10:48 keimlink joined #salt
10:49 Garo_ How can I execute event.fire (to fire an event into minion local bus) from a runner (inside master)?
10:51 brianfeister joined #salt
11:18 tinyhippo if I execute salt '*' pkg.uptodate - that just returns the state of the server and wont actually updat eanything, will it?
11:22 babilen tinyhippo: It should upgrade the system
11:23 tinyhippo babilen: i guess I'd do pkg.list_upgrades instead
11:24 babilen Oh, but pkg.uptodate is a *state* not an execution function so you can't run it like shown above
11:32 rmnuvg joined #salt
11:33 drawsmcgraw joined #salt
11:40 nahkiss any idea why gitfs file backend won't work with passphare ssh-keys ?
11:40 nahkiss If I use passphrase-less ssh-key,  it's all fine, but with passphrase I get 'Exception 'Failed to authenticate SSH session: Callback returned error' caught while fetching gitfs remote'
11:40 tinyhippo nahkiss: I believe it's a limitation of GitPython
11:41 nahkiss ah yeah, using pygit2
11:41 babilen And you specified the passphrase?
11:41 nahkiss yes
11:41 nahkiss it works fine with git clone
11:42 nahkiss libgit2 and pygit2 both are v0.23.1
11:43 nahkiss salt is 2015.8.3
11:48 yomilk joined #salt
11:51 rmnuvg joined #salt
12:00 shiriru joined #salt
12:00 nahkiss well, switched to gitpython and ~/.ssh/config
12:01 babilen bug?
12:02 rmnuvg joined #salt
12:04 Saltuser joined #salt
12:04 nahkiss yeah I don't know, I'm using -v and -l debug but that's the only error I can get, which doesn't tell much really
12:05 Saltuser Hi! 2016-01-04 13:58:11,608 [salt.utils.vmware][DEBUG   ][48743] [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581) What spell can I use to bypass this? :)
12:15 rmnuvg joined #salt
12:17 av_ joined #salt
12:27 ingslovak joined #salt
12:36 keimlink joined #salt
12:38 otter768 joined #salt
12:50 ericof joined #salt
12:55 arif-ali joined #salt
12:59 xenoxaos joined #salt
13:01 xenoxaos joined #salt
13:01 yomilk joined #salt
13:05 bernieke joined #salt
13:05 mdupont joined #salt
13:05 mariusv joined #salt
13:05 mariusv joined #salt
13:06 viq bmcorser: they have their commercial web frontend. There are a couple community projects floating around
13:06 bmcorser viq: ty
13:06 bmcorser didn't know that
13:07 tpaul joined #salt
13:09 rmnuvg joined #salt
13:09 bmcorser viq: looking here http://saltstack.com/enterprise/ the dashboard doesn't promise very much
13:10 bmcorser are you talking about something else?
13:12 viq bmcorser: I wasn't able to find anything about the dashboard there :P
13:13 bmcorser http://saltstack.com/enterprise/#tab-1444944872158-4-10
13:13 bmcorser :/
13:14 bmcorser i clicked SaltStack Enterprise 4.0
13:14 viq yeah, http://saltstack.com/saltstack-enterprise-4-0-now-with-gui/
13:15 viq They sure make it hard to get any info about it
13:15 anmol joined #salt
13:17 DanyC joined #salt
13:19 tmclaugh[work] joined #salt
13:20 otter768 joined #salt
13:21 tpaul Yeah, I noticed that too viq
13:22 yomilk joined #salt
13:23 rmnuvg joined #salt
13:25 akhter joined #salt
13:30 subsignal joined #salt
13:31 DammitJim joined #salt
13:31 subsignal joined #salt
13:36 mortis joined #salt
13:36 mortis i just did this change to my template:
13:36 mortis -  {% for entry, args in pillar.get('fcgimanager:pool',{}).items() %}
13:36 mortis +  {% for entry, args in salt['pillar.get']('fcgimanager:pool',{}).items() %}
13:36 mortis the old didnt work, but i dont understand why
13:36 mortis salt['pillar.get'] works fine, pillar.get() returns None
13:36 mortis ideas why?
13:37 Knuta mortis: the old thing is a pure map lookup, salt['pillar.get'] has some inheritance magic going on
13:37 mortis Knuta: aaah ok, thanks :)
13:37 Knuta mortis: there is docs on this somewhere on the website
13:38 mortis yeah, i've been looking for it, but couldnt find it :)
13:38 mortis lacking docsearchingskills :P
13:38 mortis obviously
13:39 XenophonF Saltuser: i assume you're using salt-cloud to talk to vCenter?
13:39 XenophonF Saltuser: you likely have to add the self-signed vCenter certificate to your computer's local trusted certificate store
13:40 XenophonF Saltuser: and then make sure you access vCenter using the name that comes on the certificate
13:43 Knuta mortis: If it's any comfort, I can't find it either, but I remember reading it.
13:43 mortis Knuta: hehe ait :)
13:44 Knuta salt['pillar.get'] basically handles the colon properly, while pillar.get just uses it as a key and fails to find it.
13:45 mortis Knuta: that explains the None :)
13:45 mortis thanks
13:45 akhter joined #salt
13:45 akhter joined #salt
13:48 nyx_ joined #salt
13:51 babilen mortis: pillar.get simply uses Python's .get method on the pillar dictionary. Python (still!!!) doesn't support nested lookups so the colon is not being treated specifically. salt['pillar.get'] uses the pillar.get execution function that treats this specially. (cf. https://docs.saltstack.com/en/latest/topics/pillar/#pillar-get-function )
13:51 babilen (as detailed by Knuta)
13:52 mortis babilen: great, thanks :)
13:53 oida joined #salt
13:53 cpowell joined #salt
13:54 Knuta babilen: I don't know python super well, but shouldn't it be possible to subclass dict and overload .get()?
13:54 Rumbles I am getting a warning when I am running a manifest, I thought my syntax was correct, but I'm not so sure now... http://fpaste.org/306926/ can anyone advise the correct syntax to watch a package for updates as well as some files? Do I need to create a seperate object to do the second watch?
13:55 mortis Knuta: you could call another .get() i guess
13:55 mortis a get on the get :)
13:56 huds joined #salt
13:56 mpanetta joined #salt
13:56 huds Happy New Year!
13:57 ingslovak joined #salt
13:58 rm_jorge joined #salt
13:59 numkem joined #salt
13:59 sroegner joined #salt
14:01 tpaul Adding new grain functions is super easy, is there an equivalent for adding beacons? I want to kill nagios :)
14:03 XenophonF Knuta: python doesn't support function overloading
14:04 yomilk joined #salt
14:05 XenophonF Knuta: method overloading like you're thinking of is possible in other languages, e.g., CLOS with an :AROUND method
14:08 otter768 joined #salt
14:13 wangofett Knuta: you *can* redefine .get... or __getitem__ if that's your thing
14:15 huds Salt is great on Windows, I don't know why it's not taken off.
14:16 Rumbles because Windows is rubbish?
14:16 yomilk joined #salt
14:16 racooper joined #salt
14:16 huds That may be the case, but you can't discount it like that and the tool that runs well on both platforms will be the winner.
14:17 quasiben joined #salt
14:18 tpaul huds, I have had lots of trouble with the package repo
14:18 tpaul I really want to use it
14:18 XenophonF wangofett: down that path lies madness :)
14:22 thejrose1984 joined #salt
14:22 linjan_ joined #salt
14:24 catpig joined #salt
14:25 viq_ joined #salt
14:25 wangofett XenophonF: yes, I wouldn't *recommend* it...
14:25 wangofett but it *is* possible ;)
14:26 XenophonF LOL
14:26 bhosmer joined #salt
14:26 XenophonF you'd have to save the original function somewhere, so that the new get() could call it
14:27 fxhp joined #salt
14:27 dyasny joined #salt
14:28 XenophonF speaking of awful hacks, and in the vein of the Twilight Zone, wanna see something scary, wangofett?
14:28 XenophonF https://github.com/irtnog/active-directory-formula/blob/master/_modules/identityserver_sts.py#L38
14:28 dyasny joined #salt
14:29 XenophonF python introspection FTW!
14:32 Magdalena joined #salt
14:33 winsalt joined #salt
14:33 openfly joined #salt
14:33 cheus XenophonF, That's scary
14:33 openfly yo dawgs, anyone got a salt solution for mysql 5.7 putting the default password into /var/logs ?
14:36 babilen openfly: Wouldn't that be /var/log ? And how does it put it there given that it is a directory?
14:36 babilen openfly: Also: When does "it" do that?
14:37 liskl joined #salt
14:38 Rumbles I'm getting a warning when I'm running salt currently "'__reqs__' is an invalid keyword argument for 'service.mod_watch'." I've been looking for the cause, and I've found similar issues but I'm struggling to understand what's causing it
14:39 openfly i paraphrased, pedantry is unwelcome.  mysql 5.7 for those not aware ( seemingly yourself ) likes to set a default root password on the database for security reasons... it cannot be changed via the old methods of firing the daemon with auth disabled.  the password is tossed into the mysql error log in /var/log/
14:39 Rumbles this is the manifest causing the warning, can anyone advise how I would correct the issue it's reporting? http://fpaste.org/306948/
14:40 babilen openfly: How is that related to salt?
14:40 openfly well i am trying to think of a clean way to use salt to set the root password on mysql during initial setup
14:40 TooLmaN joined #salt
14:40 openfly so that i can orchestrate it's setup.
14:40 openfly because.. you know salt.
14:42 babilen openfly: Okay, so the issue you are trying to solve is setting the mysql root password on MySQL 5.7 as a temporary one is being logged to /var/log/mysqld.log ?
14:42 babilen (when automating that installation with salt)
14:42 teryx510 joined #salt
14:43 openfly yes
14:44 babilen Can you prevent MySQL 5.7 from setting a temporary password on installation, but pass it a specific one explicitly?
14:45 openfly not as far as i am aware.. that's usually a packaging specific option.
14:45 openfly and i'm not seeing a way to do so in recent community release yet
14:45 openfly still digging through the googles though
14:46 perfectsine joined #salt
14:46 bmcorser viq nice find ;)
14:47 mapu joined #salt
14:47 openfly hrmmm... there may be a new flag in 5.7
14:47 openfly investigating :  "--initialize-insecure "
14:47 bmcorser looks like the dashboard is only part of the story
14:48 babilen openfly: Which packages are you referring to and how do you install MySQL?
14:48 mapu joined #salt
14:49 scoates joined #salt
14:49 viq_ bmcorser: also https://github.com/tinyclues/saltpad https://github.com/mclarkson/obdi https://github.com/martinhoefling/molten are the community web frontends I am aware of
14:49 bmcorser cool thanks, i'll check them out
14:50 bmcorser i started to build a sort of JSON API, then someone told me about netapi ... i then made a minimal front end
14:50 bmcorser there might be something there i can build on
14:54 XenophonF cheus: i'm surprised it worked, to be perfectly frank
14:54 bhosmer joined #salt
14:55 XenophonF cheus: then again, i'm waaaaaaaay to lazy to write wrappers myself for each AD FS cmdlet, or to even write a script that generates the wrappers one time
14:55 mikeywaites joined #salt
14:55 openfly babilen get back to you have a box on fire.
14:55 openfly community packages 5.7
14:55 Rumbles I'm guessing this is a simple issue, as I can see people mentioning the issue in searches, but generally it's down to a bug....
14:55 openfly from yum repo
14:55 XenophonF just the thought of having to update it for future AD FS releases fills me with dread :)
14:55 openfly on centos 7
14:56 openfly i think the trick is to blast the default db and reinitialize it with that insecure flag
14:56 Rumbles the warning I'm getting says that my aproach will work until Lithium is out.... but I'm using Lithium :/
14:56 openfly i'll test and post results.
14:56 mikeywaites hey - just came back to a salt cloud setup that was working fine on 2015.5.5 but now we are seeing 401s' come back form AWS apis.  The creds have been validated to work on their own.
14:57 openfly mikeywaites verify ssl / crypto dependencies for python
14:57 Brew joined #salt
14:57 openfly pip upgrade to latest on all
14:57 mikeywaites openfly:  great ill give that a try
14:58 semihairlessbear joined #salt
15:00 daemonkeeper Turns out, salt ignores branches not specified in env_order. What is gitfs_env_whitelist/_blacklist then for? Former seems a superset to me then.
15:03 dimeshake joined #salt
15:12 is_null joined #salt
15:12 is_null hi all, any idea how to write a mine_function declaration to get the contents of a file on a minion and publish it for other minions to use ?
15:13 andrew_v joined #salt
15:14 is_null i wish i could just send a one-time keyvalue mine object :(
15:16 XenophonF joined #salt
15:17 yomilk joined #salt
15:18 XenophonF joined #salt
15:20 XenophonF left #salt
15:28 bhosmer joined #salt
15:31 is_null had to use cmd.run with cat
15:32 hasues joined #salt
15:32 salttester joined #salt
15:33 hasues left #salt
15:33 Ahlee is_null: yeah. That'd be really nice.
15:33 Ahlee is_null: I do naughty things with minions running modules that post back to redis
15:35 salttester trying to use salt-cloud for softlayer vm, using a custom image added global_identifier: and commented #image: however receive an error The required 'image' configuration setting is missing from the profile
15:35 akhter Hey guys, I've got a question on salt-syndic.
15:35 akhter I've got a top level master, a syndic master, and a minion.
15:35 akhter The minion is under the syndic master, shouldn't it also be reported to the top level master?
15:36 akhter Isn't the point of syndic so I could pass states/commands to the minion that's connected to the syndic master from the top level master?
15:37 akhter Never mind, I got it to work.
15:38 tinyhippo where can I find the minion logs for a salt-minion on Windows?
15:41 is_null hi all, anyone could explain the first example here please ? https://docs.saltstack.com/en/2014.7/ref/states/all/salt.states.module.html so it's defining a state of ID "mine.send" with state function "module.run" and name "network_inferfaces" ? how's that supposed to work ? if "mine.send" is an id, won't module.run try to run the "network_interfaces" module ?
15:42 is_null or is there anything special about the module.run state function which makes it use the state id as module name and the name: parameter as argument for the module ?
15:42 is_null or is 'mine.send' a special state ID that triggers this special behaviour ?
15:43 is_null or is there a mistake in the documenttion ?
15:44 murrdoc joined #salt
15:44 armguy joined #salt
15:45 is_null yep, so it's a mistake in the docs apparently: http://dpaste.com/1NDZJQV
15:48 is_null even if i fix it (had to reverse engineer, because even the arguments in the docs are plain wrong) then it has Result: False even though the comment is "Module function mine.send executed
15:48 is_null http://dpaste.com/3RR21QV
15:51 drawsmcgraw joined #salt
16:02 spuder joined #salt
16:03 nledez joined #salt
16:03 nledez joined #salt
16:03 tercenya joined #salt
16:03 zmalone joined #salt
16:06 numkem joined #salt
16:06 PeterO joined #salt
16:07 tmclaugh[work] joined #salt
16:08 anotherZero joined #salt
16:09 otter768 joined #salt
16:11 ALLmightySPIFF joined #salt
16:21 DammitJim joined #salt
16:22 aea joined #salt
16:22 rmnuvg joined #salt
16:24 beardedeagle joined #salt
16:29 spaceSub joined #salt
16:29 akhter_1 joined #salt
16:29 w1gz joined #salt
16:30 rmnuvg joined #salt
16:31 Fiber^ joined #salt
16:33 dober joined #salt
16:33 dober joined #salt
16:33 sdm24 joined #salt
16:33 marsdominion joined #salt
16:33 marsdominion joined #salt
16:38 dimeshake joined #salt
16:38 malinoff joined #salt
16:40 w1gz joined #salt
16:41 breshead joined #salt
16:43 spaceSub joined #salt
16:44 openfly https://gist.github.com/openfly/b6e2e440f0ceda3eefed
16:44 openfly having an issue with a grain match
16:44 openfly i am no doubt doing something stupid
16:44 openfly but it is monday and i am not seeing it.
16:45 openfly would love a spot check if someone is not too busy
16:45 rmnuvg joined #salt
16:47 AndreasLutro openfly: I don't know what the issue is, but it's not related to the grains or the compound match - it's that no top file was found for the minion/environment
16:47 babilen openfly: My guess would be that your environment definitions are off
16:47 openfly hrmm
16:47 openfly they don't appear to be...
16:48 AndreasLutro they clearly appear to be based on the error you're getting :p
16:49 whytewolf to be fair that error means either there is no top file. or no match for the minion in the top file.
16:49 babilen You might want to share your configuration .. I'm also not clear why you pass the environment on the command line rather than assigning the minion in the top.sls
16:49 breshead You might try this : salt '*' saltutil.sync_all
16:50 sdm24_ joined #salt
16:52 rmnuvg joined #salt
16:53 mikeywaites joined #salt
16:55 openfly hrmm
16:55 openfly could be the choice of env grain
16:56 openfly confused the salt server a bit
16:56 grumm_servire joined #salt
16:58 babilen openfly: I'm also not sure why you don't simply assign the minion in your top.sls (use a *single* one for all environments) and why stype is a grain rather than a pillar (why store it in a distributed fashion?)
16:59 eliasp any idea, why a "from salt.utils.serializers import yaml" fails on 2015.8.1 in a SLS using the Python renderer (#!py): "ImportError: No module named serializers"
17:02 eliasp see also: http://pastie.org/10669683/
17:03 anotherZero joined #salt
17:04 openfly babilen it's kind of nicer to have it tied to a grain
17:04 openfly rather than a naming convention
17:04 perfectsine joined #salt
17:05 openfly our naming convention tends to match for dns... which matches for location in aws topology
17:05 perfectsine joined #salt
17:05 openfly some apps aren't really easy to guess where they will end up since they are kind of ubiquitous
17:05 openfly such as mysql
17:05 openfly so a grain makes it easy to attach it to many instances.
17:05 openfly and detach as needed
17:05 openfly on a per instance basis.
17:07 babilen openfly: right, and stype?
17:09 drawsmcgraw joined #salt
17:09 drawsmcgraw So this says you *must* use authentication when pulling images from a Docker registry - https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.dockerng.html#docker-authentication
17:10 _JZ_ joined #salt
17:10 drawsmcgraw If I have configured my Docker daemon to include my local registry as an 'insecure' registry, do I still need to configure auth to use the dockerng state module?
17:14 rmnuvg joined #salt
17:14 eliasp FYI: the serializer import problem was PEBKAC: salt.serializers.yaml instead of salt.utils.serializers.yaml - just looks like the examples/docs are not up-to-date… creating a PR now
17:14 Shirkdog joined #salt
17:15 whytewolf drawsmcgraw: https://github.com/saltstack/salt/issues/28806
17:15 saltstackbot [#28806]title: dockerng.push not working with private insecure registries | When running:...
17:15 drawsmcgraw whytewolf: thanks. Reckon I'm about to test it with pulling images, then
17:16 drawsmcgraw Jenkins builds and pushes our images. I just need Salt to pull the image down and run it with some attached volumes.
17:17 nethershaw joined #salt
17:18 drawsmcgraw Lotta red flags in that Github issue... I may just have a small Bash script that pulls & runs the image. Fewer layers of abstraction.
17:22 writtenoff joined #salt
17:24 onlyanegg joined #salt
17:24 rmnuvg joined #salt
17:25 akhter_1 Question regarding multiple environments.
17:25 akhter_1 I've got prod, dev, qa, and base.
17:26 akhter_1 As far as I understand I need a top.sls in each when running state.highstate saltenv=prod.
17:26 openfly pretty much
17:26 eliasp akhter_1: no, the topfiles from all environments will be merged to a single datastructure
17:26 eliasp akhter_1: so in the end, you need 1 topfile
17:26 openfly yeah but seperating them in that scenario makes sense.
17:26 openfly to avoid change control issues
17:27 akhter_1 eliasp: You sure?  "Comment: No Top file or external nodes data matches found."
17:27 yetAnotherZero joined #salt
17:27 akhter_1 If I don't have them in separate, that's the error I run into when I run state.highstate saltenv=prod
17:27 eliasp akhter_1: see: https://docs.saltstack.com/en/latest/ref/states/top.html#how-top-files-are-compiled
17:27 bhosmer joined #salt
17:27 openfly eliasp is talking about how they are compiled not how they are structured.
17:29 akhter_1 Right, so is it best to have all three top.sls files be the same or just have one of them be "base:" and the others "prod:" "dev:" etc...
17:29 spuder_ joined #salt
17:30 PeterO joined #salt
17:31 akhter_1 And if so, when I run highstate, how do I apply both base and dev?
17:31 openfly akhter_1 i'd think in terms of change control
17:31 openfly easier to have dev separate dout from prod
17:31 openfly also for git branching / multiple salt servers
17:31 openfly what eliasp is saying is they are all the same as far as run time for salt is concerned
17:32 akhter_1 Right, I understand that, it's taking all top.sls files and compiles them into one.
17:32 openfly right
17:32 akhter_1 So the contents of dev: prod: base: qa: will be one.
17:32 eliasp I have a separate 'salt-top-states' and 'salt-top-pillars' repo containing only a base environment/master branch and a single top-file… makes it way easier to handle all this, as you don't need to maintain it between different branches of your pillar/states repo
17:32 iggy do yourself a favor, don't use salt environments
17:32 akhter_1 So you can't have dev: in multiple environments.
17:33 akhter_1 iggy: Why is that?
17:33 openfly i prefer the keep dev completely isolated from prod approach
17:33 openfly =P
17:33 eliasp and also what iggy says… environments are rather broken… I'm in the process of getting rid of them here…
17:33 iggy they are a mess and rarely work the way people actually want them to
17:33 iggy if you can't sort out what you want to do in a single env, use multiple masters
17:34 eliasp +1
17:34 whytewolf +100
17:34 akhter_1 I am using multiple masters with syndic, which I've been told not use as well...
17:34 openfly i mean salt is pretty broken...
17:34 eliasp akhter_1: not in the sense of multi-master/syndic… just completely separate/isolated masters
17:34 openfly that doesn't go away
17:35 iggy what eliasp said ^
17:35 wt joined #salt
17:35 akhter_1 I was hoping I could use syndic to monitor all minions without having to jump to so many masters.
17:35 Bryson joined #salt
17:36 iggy realistically I logged into dev master every day, qa master once a month, and prod master maybe once every 3 months or so?
17:37 akhter_1 I don't mind logging into so many of them I just like them centrally managed.
17:38 akhter_1 All right, I guess I'll disconnect the syndic and make a repo for each of the environments.
17:38 ekristen joined #salt
17:38 rsimpkins joined #salt
17:39 eliasp akhter_1: a single repo with multiple branches is also fine… just use a whitelist for each master which branch to use
17:39 eliasp akhter_1: makes it way easier than moving code between repos
17:39 akhter_1 eliasp: That's what I meant.
17:40 rsimpkins Does anyone know how to find the IP of an unaccepted minion? I have a minion that keeps connecting to my master. Yet, the ID/hostname does not resolve.
17:40 om joined #salt
17:40 rsimpkins I tried debug, but it shows the ID.
17:40 rsimpkins Same for the events.
17:40 impi joined #salt
17:40 iggy there is an issue open about it
17:44 murrdoc look at salt-run manage
17:44 murrdoc it has python code to `finger` the minion
17:44 iggy you'd have to accept the key first, no?
17:45 whytewolf yes, manage just uses test.ping
17:45 murrdoc https://github.com/saltstack/salt/blob/develop/salt/runners/manage.py#L514
17:45 murrdoc which u know works
17:46 murrdoc cos u know u can do 'accept' and then run safe accept
17:46 murrdoc and WHEE
17:47 whytewolf so it uses salt-key -f to match a finger. which doens't tell you anything about which host it is..
17:47 * murrdoc points horse at water
17:48 iggy I don't think it'll work in this case
17:48 iggy it's expecting the minion id to be resolvable
17:48 iggy and OP said that wasn't the case
17:49 whytewolf not to mention a finger only returns the minion id and the key fingerprint. nothing about hostname. or ip. or anything else that would give a clue about where to look for the minion
17:50 rsimpkins Worse, I tried accepting the key just to see if I could talk to the minion. The minion isn't responding at all.
17:50 rsimpkins So, whatever mechanisim needs to avoid anything reliant on the minion.
17:51 rsimpkins They key just keeps showing up. I delete it, it comes back. Can't get rid of it because I am not sure which machine it is coming from. Thousands of other minions in the mix make it hard to sift through the noise.
17:53 iggy heavy handed, but compare connections on salt ports before and after key shows up? Or look at connections and weed out anything that matches known minions
17:53 whytewolf worse case restart master in debug mode
17:53 rsimpkins whytewolf: Tried that. Does not show IP.
17:54 rsimpkins Unless there is some 'show ip' option to debug I don't know about... :)
17:55 eliasp there should be a way to quarantine new Minions… accepting their key, but not giving them access to any resources besides being able to execute modules on them
17:55 rsimpkins iggy: yes, that will take several hours on this system due to scale. Thought I'd come here to see if there might be a more efficient way before slogging through a solution.
17:56 iggy rsimpkins: as I said before, there's an issue about this... and I think there was a patch in that issue that showed the IP
17:56 rsimpkins iggy: I'm still searching for it. If you know the issue #, that'd be awesome.
17:57 rsimpkins iggy: This it? https://github.com/saltstack/salt/issues/24580
17:57 saltstackbot [#24580]title: salt/auth event should contain IP data | I'd like to create a reactor that automatically approves minions that come from my internal network. But the salt/auth event does not contain any network data. An IP field which contains the IP address that the request is coming from would allow approval based on networks.
17:58 iggy I don't think that was it
17:58 iggy it was older
17:59 rsimpkins https://github.com/saltstack/salt/issues/21606
17:59 saltstackbot [#21606]title: Log IP address of minions | When a minion is denied by the master for whatever reason, it would be nice if the IP address was logged with the hostname as well. A minion can ID itself as any host name and they aren't necessarily the same thing.
17:59 debian112 joined #salt
17:59 rsimpkins It is comforting, at least, to see I'm not the only one to have faced a similar issue.
18:04 murrdoc iggy:  https://github.com/saltstack-formulas/packer-formula/pull/2
18:04 saltstackbot [#2]title: add in missing import |
18:04 murrdoc also iggy do u have 'create' perms
18:05 iggy murrdoc: no, only forrest afaik (outside of salt employees)
18:06 iggy rsimpkins: yeah, I'm not finding the one I was thinking of, gotta run to work before my coworker tells on me
18:06 rsimpkins no problem. Thanks for looking.
18:06 iggy but there are obviously some places to start looking there
18:07 DammitJim joined #salt
18:08 beardedeagle joined #salt
18:10 otter768 joined #salt
18:14 tiadobatima joined #salt
18:18 alvinstarr joined #salt
18:20 keimlink joined #salt
18:21 yomilk joined #salt
18:23 keimlink joined #salt
18:32 DammitJim joined #salt
18:34 bhosmer joined #salt
18:36 lompik joined #salt
18:36 XenophonF joined #salt
18:38 eliasp can someone point me to a repo containing good examples of 'py' renderer based SLS?
18:41 wt joined #salt
18:47 iggy I want to say someone had a few, but I don't know of anything very complete
18:47 iggy might check irc archives
18:50 eliasp iggy: hmm, ok… any idea what's the best way to read a file relative to an SLS? simply from opts['cachedir']/files/opts['saltenv']/foo/bar.yml? or is there a better "builtin" method for this?
18:50 eliasp just digging through salt.utils
18:50 eliasp aah… fileclient might be what I need
18:51 huds joined #salt
18:51 shaggy_surfer joined #salt
18:52 eliasp meeh… the __context__ dunder dict is passed through the renderer it seems ;-/
18:52 eliasp will continue with this tomorrow… time to head home
18:52 eliasp s/is/isn't/g
18:53 eliasp aaah, wait… there's __sls__ ;)
18:53 XenophonF left #salt
18:53 eliasp reading the docs thoroughly is sometimes rather helpful ;)
18:54 sinh joined #salt
18:54 whytewolf psh, who needs docs
18:54 eliasp whytewolf: the weak and the stupid
19:01 beardedeagle reading through the code ofter renders more results
19:01 cwyse joined #salt
19:03 eliasp ok… when the lights are turned off automatically @work, it's definitely time to leave… good n8 everyone ;)
19:03 DammitJim joined #salt
19:03 geekatcmu yep, hit the road!
19:04 whytewolf night eliasp
19:08 Noiz left #salt
19:08 jaybocc2 joined #salt
19:10 denys joined #salt
19:16 cwyse joined #salt
19:16 oida joined #salt
19:18 intr1nsic joined #salt
19:19 ajw0100 joined #salt
19:22 ajw0100_ joined #salt
19:22 tawm04 joined #salt
19:22 yomilk joined #salt
19:23 MindDrive joined #salt
19:28 wt joined #salt
19:32 ktosiek joined #salt
19:38 elsmo joined #salt
19:39 btsteve joined #salt
19:40 iggy I think cp.cache_file returns the path to the file it caches (might be helpful as well)
19:41 jacksontj joined #salt
19:45 tehsu if I want to run a for loop and read a list of numbers any ideas what the for loop may look like
19:46 zifnab joined #salt
19:46 zifnab question: why should i choose salt over ansible
19:47 drawsmcgraw Ansible is great for quickstarts, hobbyists, and small deployments.
19:47 drawsmcgraw But for larger projects and more granularity, you'll want to start learning Salt.
19:49 zifnab my personal stuff is all in salt - i haven't gotten to the point of actually using anything outside of cmd.run or pkg.upgrade though
19:49 zifnab work is looking at dropping chef for a large portion of our infra and i'd like to use salt there
19:49 * iggy cringes
19:49 aea Yeah that's pretty minimal
19:49 zifnab lol
19:49 aea At least it's not puppet.
19:49 aea *experiences flashbacks*
19:49 zifnab there's a small hatred of ruby going around the office at hte moment :)
19:50 geekatcmu One of our teams is starting down the Chef->salt path.
19:51 geekatcmu I have no idea how they're doing, though.
19:51 geekatcmu I'm in the cfengine2->salt camp myself.
19:52 zifnab so, i guess my main reason is, 'why should i pick salt over anything else thats out there"
19:52 zifnab er, question, nto reason*
19:53 beardedeagle (chef|puppet)->salt. only real reason is because I am running all CICD for our org, I prefer python over all things, and salt lets me pretty much do what I want.
19:53 paulgrmn joined #salt
19:53 GreatSnoopy joined #salt
19:54 rihannon1 joined #salt
19:54 bmcorser being able to do things in python is my main reason too
19:54 murrdoc joined #salt
19:55 geekatcmu zifnab: Sorry, but that's a silly question.
19:55 pcn zifnab: it's a subtle difference, but the thought behind the face that salt presents to the user is easier to present to devs
19:55 pcn (in my recent experience)
19:55 geekatcmu The only proper answer is "go read the docs of all the candidates *thoroughly* and decide which is the best fit for your organization"
19:55 aea Ignore documentation
19:55 aea set aside four hours to experiment with each
19:55 aea Or longer
19:56 pcn Also, friends have mentioned puppet is depricating a lot of interfaces he's using, so he's interested in other options, so if you're in that boat, it's time to jump
19:56 jaybocc2 honestly, if i had to start fresh it would either be with chef or with salt
19:56 aea I tend to find that documentation for too many software products are filled with more marketing then reality nowadays.
19:56 * geekatcmu observes that you cannot do meaningful evaluation of *any* of these in 4 hours.
19:56 jaybocc2 we went with salt because we are a python shop and overall we felt it fit better with our needs and desires
19:56 armguy joined #salt
19:56 aea geekatcmu: No you can't, but better then trusting the docs.
19:56 jaybocc2 geekatcmu ^^^^
19:56 nethershaw If considering salt for python, consider also ansible.
19:56 nethershaw Depending on whether you want agents or not.
19:57 geekatcmu Regardless of what the docs say, every CM has a steep learning curve unless you are already deeply immersed in the CM mindset.
19:57 akhter_1 nethershaw: is ansible able to run agentless now?
19:57 jaybocc2 I took a week to evaluate each and write up a list of pro's cons and rating for the main functionality and then based on those findings and our ultimate needs we decided to use salt, over ansible and chef and puppet.
19:57 nethershaw akhter_1: That is its primary mode of operation.
19:57 geekatcmu Each has a number of easy-peasy items, but they may or may not matter in any way in your own environment.
19:57 bmcorser zifnab: events system and net-api are a real winner for me
19:58 bmcorser you can plug anything into salt that way
19:58 iggy ^
19:58 geekatcmu For instance, user management is pretty easy in cfengine/chef/salt (and probably the rest), but if you're an LDAP shop ... you don't actually are.
19:58 iggy ext_pillar to tie into existing back office systems
19:58 geekatcmu care
19:58 erjohnso joined #salt
19:58 nethershaw If you want a bunch of CM servers holding all of your python and dictionaries for you, keeping an eye on all the minions you have running their agent daemons according to stateful commands, you want salt.
19:58 ericof joined #salt
19:58 aea Salt has the best encryption / secure data system of those that I've tried. That was a huge + for me. (throwing random things out)
19:59 zmalone I'm not sure I'd agree with that
19:59 geekatcmu Eh, chef's encrypted databags don't suck.
19:59 zmalone salt has a rough history with encryption, and the current encryption is very lightly documented
19:59 geekatcmu And salt's solution has a tendency to log secrets to your debug logs.
19:59 nethershaw If you have a repository of scripts and playbooks for performing atomic actions on collections of hosts that may or may not be directly tied to an agentful infrastructure, you want ansible.
19:59 zmalone chef-vault is supposed to be good, and I've liked hashicorp's vault when I've played with it
20:00 Aea Yeah the documentation in salt could use a lot of work all around.
20:00 iggy one thing I've always wondered about ansible... how does it work with nodes behind NAT?
20:00 akhter_1 Salt only warns you when sensitive data is being viewed in the log.  It doesn't hash it out, which I don't like.
20:00 jaybocc2 chef-vault is OK, but clunky and can be easily broken.  Hashicorps vault is awesome.
20:00 akhter_1 Other than that, I find salt's learning curve to be much lighter than chef's.
20:00 geekatcmu The same way pretty much any centralized CM system does: poorly if you don't understand networking, or have poorly configured networking"
20:00 zmalone I've had a lot of problems with targeting in pillars matching the wrong hosts due to bad assumptions, the gpg render having issues, and stuff like that
20:00 nethershaw iggy: the only requirement is being able to get in through an SSH connection -- NAT complicates this in the expected ways
20:01 iggy thanks?
20:01 jaybocc2 ansible doesn't scale very far and really gets slow especially compared to salt at 100 hosts, at least for us
20:01 Eureka703 joined #salt
20:01 akhter_1 That's the problem I ran into with ansible, slowness.
20:01 akhter_1 But that was back in 2012-ish.
20:01 jaybocc2 when i came here we had started using ansible
20:01 iggy ssh hasn't changed much since then
20:01 jaybocc2 after deep evaluation we went to salt
20:01 nethershaw There's nothing particular to ansible that makes it better or worse in the NAT condition. If you have proper routing to the hosts you're intending to manage with it, you're not going to have that problem.
20:02 zmalone (and http://www.cryptofails.com/post/70059600123/saltstack-rsa-e-d-1 wasn't that long ago, all things considered)
20:02 jaybocc2 ansible is still in use as it works fine, but it is definitely slower than the new (and more numerous) salt nodes
20:02 Aea zmalone: Ouch
20:03 iggy nethershaw: vs salt where the agents initiate the connection and don't have said problems... got it
20:03 nethershaw Salt doesn't have that problem because of its agents that phone home and traverse nat, yes.
20:03 nethershaw And the masters do a lot of caching and processing for you to speed things along.
20:04 nethershaw I came from a shop that was very, very opposed to having any "static" infrastructure, vis-a-vis master servers running only to keep salt trees in memory
20:04 geekatcmu you can run salt masterless just fine.
20:05 nethershaw I'm not sure why you'd want to, given that's where its strengths are
20:05 geekatcmu I'm surprised Ryan_Lane didn't pip up at that.
20:05 geekatcmu He's a huge proponenet of it.
20:06 * geekatcmu shrugs
20:06 zmalone If you can get away with masterless, and with only infrequently running states, you will probably be happiest, although salt can then start to resemble shell scripts
20:06 geekatcmu I long ago gave up on "there's only one way to do it right", though I still hate Perl/Ruby.
20:06 nethershaw True, and true.
20:06 scooby2 is there a max pillar size?
20:06 geekatcmu If it doesn't fit in memory, it's not going to work.
20:06 nethershaw ^
20:07 geekatcmu Though that's not entirely true.
20:07 zmalone A coworker who runs 2015.8 with a master and highstates says that if he doesn't restart his minions for a couple weeks, he'll come back to 100% CPU/memory usage on the minions
20:07 geekatcmu For instance, external pillars can be arbitrarily large.
20:07 GreatSnoopy with enough swap pigs crawl just fine :D
20:07 akhter_1 zmalone: Never ran into that situation.
20:08 zmalone geekatcmu: ryan lane is probably busy with the news about lyft
20:08 geekatcmu But the YAML pillar must be loadable into memory, since it's basically going to get passed to yaml.loads once Jinja gets done with it.
20:08 Ryan_Lane geekatcmu: pip what?
20:08 geekatcmu read the last 20 lines of scrollback.  *minor* discussion of masterless.
20:08 geekatcmu So I invoked you
20:09 Ryan_Lane not totally sure what the discussion was. at a conference. not paying a ton of attention :)
20:09 Ryan_Lane what's the gist?
20:11 cwyse joined #salt
20:11 otter768 joined #salt
20:22 yomilk joined #salt
20:27 geekatcmu nothing important.
20:27 keimlink joined #salt
20:27 geekatcmu Go back to your conference
20:28 murrdoc <3'ing packer
20:29 murrdoc next up docker -> docker
20:29 murrdoc to make some trusty dockers to use with travis
20:33 cwyse joined #salt
20:35 BitBandit joined #salt
20:39 teryx510 joined #salt
20:42 Guest94421 joined #salt
20:43 baweaver joined #salt
20:45 lemur joined #salt
20:45 sporkd2 joined #salt
20:49 wendall911 joined #salt
20:56 PsionTheory joined #salt
20:58 bhosmer_ joined #salt
21:01 jaybocc2_ joined #salt
21:06 akhter joined #salt
21:06 Pixionus joined #salt
21:09 pcn zmalone: cgroups and memory limits fix that automatically I think
21:10 cberndt joined #salt
21:14 pcn I have a question about external master job caches: what cleans up older jobs?
21:15 pcn I'm using for e.g. redis: do I have to cron a delete 20151230* kind of job?
21:16 murrdoc i setup maxmemory
21:26 pcn murrdoc: that makes sense.  OK
21:30 Ahlee RE: pillar max size: we tested. We gave up when our pillar data got to be 1G in size
21:31 Ahlee we went depth first and then breadth first, making 1024 nested dictionaries, and 1024 nested lists
21:31 Ahlee it was slow, but it worked
21:31 Ahlee (we thought we saw a limit too, so we tested)
21:31 iggy phrasing
21:31 basepi left #salt
21:32 basepi joined #salt
21:32 Ahlee pcn: nothing cleans by default
21:32 pcn Ahlee: just the default
21:32 Ahlee though, yeah. with redis just setting the max it can take would work. We also did a capped collection in mongo
21:33 amcorreia joined #salt
21:34 cberndt joined #salt
21:34 HardWall joined #salt
21:34 baweaver joined #salt
21:34 s_kunk joined #salt
21:35 baweaver joined #salt
21:35 sporkd2 left #salt
21:35 bart joined #salt
21:36 bart Hello everyone
21:37 Guest97494 I'm trying to have a "prereq" but with a file.replace
21:37 Guest97494 apparently it's not possible
21:37 yidhra_ joined #salt
21:38 pcn Guest97494: you have a gist?
21:38 lemur joined #salt
21:39 Guest97494 https://gist.github.com/anonymous/7a70b60b33370adeaae2
21:39 Guest97494 I just need to edit the file when the service is down
21:39 Guest97494 1. check if file is ok, if ok do nothing.
21:39 Guest97494 2. if file not ok, disable service
21:39 Guest97494 3. edit file
21:40 Guest97494 4. start service
21:40 Guest97494 I get error:   Warnings: '__prereq__' is an invalid keyword argument for 'file.replace'.
21:41 yomilk joined #salt
21:43 AndreasLutro Guest97494: use the check_cmd arg for file.maanged instead
21:43 AndreasLutro oh, file.replace, not sure if it's available for that
21:44 AndreasLutro check the docs
21:44 Guest97494 I did :-)
21:44 subsignal joined #salt
21:44 Guest97494 Why I'm here, maybe a better way to do this
21:45 Guest97494 I went with the "file.replace" approach, you guys might have a better idea
21:45 Guest97494 can't be the first that edits a file that requires a service to be down
21:49 AndreasLutro I don't get why you'd get that error, you're not on an older version of salt or something?
21:50 Guest97494 2015.8.0
21:50 AndreasLutro could be worth a shot upgrading to 8.3
21:50 AndreasLutro I'd test in a vm but I'm off soon
21:52 Guest97494 Are saying that because It worked on your end ?
21:52 Guest97494 are you*
21:52 murrdoc bart u have misunderstood how prereq works
21:52 murrdoc i think
21:53 murrdoc u need that good good onchanges instead
21:53 murrdoc https://docs.saltstack.com/en/latest/ref/states/requisites.html#onchanges
21:53 murrdoc Guest97494
21:53 Guest97494 No because, "on changes" runs the command after
21:53 AndreasLutro nah your use of prereq is fine
21:53 Guest97494 I need the service to be down before I edit the file
21:54 AndreasLutro no Guest97494, I'm just saying I'd expect it to work, so it may be a bug that has been fixed
21:55 Guest97494 ok thx :-)
21:55 onlyanegg joined #salt
21:56 Guest97494 Warnings: '__prereq__' is an invalid keyword argument for 'file.replace'. If               you were trying to pass additional data to be used in a template               context, please populate 'context' with 'key: value' pairs. Your               approach will work until Salt Carbon is out. Please update your               state files.
21:56 Guest97494 Full error output
21:56 Guest97494 in case you see anything
21:59 onlyanegg joined #salt
22:00 onlyanegg joined #salt
22:04 whytewolf Guest97494: you could try file.append instead of file.recurse [not sure it will have the same issue or not with prereq]
22:08 Guest97494 Problem with file.append, it only checks if the content is at the end of the file
22:12 otter768 joined #salt
22:13 sinh joined #salt
22:17 ronrib joined #salt
22:29 Guest97494 file.append does not work either
22:29 Guest97494 hmmm
22:30 fgimian joined #salt
22:35 perfectsine joined #salt
22:41 om Hi all!  salt '*' saltutil.refresh_pillar is not refreshing to new pillar data
22:42 om I changed the data in the pillar...
22:46 om any ideas?
22:47 zenlot joined #salt
22:47 akhter joined #salt
22:48 onovy left #salt
22:49 om the pillar was working, but I need to update the pillar data, and it will not update on refresh
22:54 whytewolf om: not enough details given to form any kind of thoughts about the issue. we have 0 knowledge of your enviroment.
22:55 om is there another way to refresh pillars?
22:56 om salt master reports wrong pillar data even though the pillar sls file has the correct updated data
22:57 openfly left #salt
22:57 whytewolf not really. but there might be other things that are preventing it from updateing. such as if you are using gitfs then a cache. if you are using ext_pillars they might be over riding it. you also have not given any debug info.
22:58 whytewolf don't even know what version you are using
22:59 om ok
22:59 om let me get more details
23:00 whytewolf thank you
23:08 bhosmer joined #salt
23:12 om what debug data should I be looking for?
23:12 om I ran salt-call from minion with debug
23:12 om nothing related to pillars there
23:12 om with refresh.pillars
23:13 om not using ext_pillars nor git like that
23:17 scoates joined #salt
23:17 om it seems to be cached somewhere...
23:17 om but I have no idea where...
23:20 arif-ali Hi all, I hope someone can help, I successfully created my ext_pillar, but now I want to to a compound match of the pillar in my top.sls, is that possible with ext_pillar to do, I have been searching around, and can't really find what is expected from an I or J in the Pillar for matching correctly
23:20 om salt 2015.8.1 (Beryllium)
23:22 whytewolf om: okay, what about targetting how are you targetting your pillars in your pillar top file. also is the pillar shoing up in pillar.items
23:22 om pillar items shows the old pillar data
23:22 om but not the new one
23:23 om seems has old cached pillar which is now not in the pillar init.ls
23:23 whytewolf om: okay. pillar.items ignores cache. so the master doesn't know about the new item.
23:23 om oh
23:23 om strange..
23:23 om I rebooted the master even...
23:24 whytewolf are you running multiple masters?
23:24 om nope
23:24 whytewolf if that pillar item located in other pillar files?
23:25 om top.sls for pillar base has the correct pillar
23:25 om the pillar items were replaced with new ones in the same file
23:26 whytewolf is there any errors listed in the salt master log file under /var/log/salt/master
23:27 om oh yea
23:27 om tons of pillar render errors
23:27 om Pillar render error: Specified SLS 'sftp_sshd_vsftpd' in environment 'development' is not available on the salt master
23:27 whytewolf ...
23:28 om interesting...
23:28 om says this too
23:28 om Specified SLS 'sftp_sshd_vsftpd' in environment 'development' is not available on the salt master
23:28 whytewolf ahhh enviroments yuk
23:29 om gosh
23:30 om heard about issues with environments but haven't setup dev separate repo nor salt-master yet
23:31 whytewolf yeah. anyway it sounds like your minion is part of a development enviroment. and trying to access the pillar under there. but it can't find it there
23:31 whytewolf honestly. I'm not to versed in salt enviroments. I tried them a long time ago and found them to be ... lacking
23:32 perfectsine joined #salt
23:32 om yea, been feeling like using separate dev and prod repos
23:32 om as well as salt-master
23:32 om but haven't done that yet
23:33 whytewolf I guess you have more insentive now :P
23:33 om so strange because the pillar for  sftp_sshd_vsftpd/init.ls is there
23:34 whytewolf it is there in base: but the minion is looking in development: at least from that error.
23:34 rsimpkins left #salt
23:34 perfectsine joined #salt
23:36 om well, it's actually in pillars/development/sftp_sshd_vsftpd/init.sls
23:36 om and doesn't find it...
23:38 whytewolf that directory structure means little. it gives no base of relation to.
23:38 whytewolf the enviroment it is looking for is development.
23:42 yomilk joined #salt
23:42 spuder joined #salt
23:44 TyrfingMjolnir joined #salt
23:45 zmalone joined #salt
23:46 rihannon1 When I have problems like this it's almost always a YAML syntax error.  Then again, I use reclass, so my knowledge of straight up pillars is limited.
23:48 om thanks guys
23:48 om decided to add the data directly in the jinja file instead of pillars for now as a workaround
23:54 stanchan joined #salt
23:54 om will look at yaml syntax for the pillar file too.  thanks!
23:56 retake joined #salt
23:58 retake If I have a state in foo.sls and another in bar.sls and both of those files are in top.sls how can I ensure foo is done before bar?  Does highstate sequentially state files in the order listed in top.sls?
23:58 akhter joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary