Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2016-01-26

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:02 jgarr maybe I'm trying to do this wrong. basically I created a listener in /etc/salt/master.d/reactor.conf to listen for events on a custom tag 'foo/bar' and then I have it run a state file (I'm trying to delete the minion cert) but my guess is that state is running on the minion and not the master (if it's running at all)
00:05 KyleG joined #salt
00:05 KyleG joined #salt
00:06 babilen jgarr: Run it on the minion tat you've installed on the master box
00:08 jgarr babilen: you mean with tgt?
00:08 bhosmer_ joined #salt
00:10 jgarr I think my state has bad jinja (saw an error in the server output)
00:10 babilen jgarr: You would install a minion on the master and target that like any other minion too.
00:10 MindDrive joined #salt
00:10 babilen master in this context refers to the actual instance
00:11 jgarr I'm trying to figure out how to print the variable to make sure it's correct. Was using {{ data[id] }} from the docs example. When I watch the reactor I see the json from the job and it looks right
00:11 jgarr babilen: ok, tgt: saltmaster is what I was doing, so I think the jinja complie error is the only thing holding me up
00:13 babilen data['id']
00:16 denys joined #salt
00:17 akhter joined #salt
00:17 jgarr babilen: thanks, getting closer http://fpaste.org/314708/37673561/ but I guess I need to make a list out of it? Unable to render reactions for event minion/destroy due to errors (["State '/etc/salt/pki/master/minions/minion' in SLS '/srv/reactor/destroy/delete-cert.sls' is not formed as a list"])
00:17 keimlink_ joined #salt
00:19 snarfy ack! can anyone verify that sometimes in jinja, dashes like the ones commonly employed in my fqdns can cause exceptions?
00:20 babilen jgarr: What did you paste there exactly? Could you paste the reactor *and* the referenced SLS file please?
00:21 jgarr babilen: the sls file is the first link. I tried triggering the reactor with salt-call event.send 'minion/destroy' '{id: minion }'
00:22 jgarr that's the whole file, just 3 lines to delete the minion key file on the master
00:22 jfindlay snarfy: I tend to think of jinja as python code, where `-` is interpreted as negation unless it's part of an explicitly quoted string
00:23 sjmh jgarr - reactor sls files are different than state sls files
00:23 jgarr :( of course they are. There weren't many examples so I was just trying a normal state file
00:24 babilen jgarr: Could you paste your reactor config? You wouldn't normally reference data in the state unless you hand it over .. but I'm off now.
00:25 jgarr babilen: http://fpaste.org/314710/45376789/
00:25 babilen And just to be clear: In the reactor config you simply configure which execution functions are being executed where when a particular event is being received
00:26 mohae_ joined #salt
00:26 jgarr I see the state trigger in the server log. It's just not doing what I expect. I assume sjmh knows exactly what I'm doing wrong
00:26 babilen jgarr: You have to pass data to the state. You can't reference it otherwise .. That's demonstrated in, for example, https://docs.saltstack.com/en/develop/topics/reactor/index.html#passing-event-data-to-minions-or-orchestrate-as-pillar
00:26 sjmh jgarr - you want something like this
00:26 sjmh https://gist.github.com/sjmh/3a452324a50d665d6710
00:27 sjmh so you have a reactor sls file that says 'go run a state task on some minion'
00:27 sjmh the 'tgt' being the name of your master's minion
00:27 sjmh you'd need another field in there, which would be the name of the minion you're trying to delete the key for
00:28 sjmh make sure to read the link babilen sent
00:28 sjmh has alot of good info
00:28 sjmh personally, i'd probably do this as a runner instead of a state run
00:32 lompik joined #salt
00:32 jgarr joined #salt
00:32 jgarr crap, stupid irc disconnected me
00:33 jgarr sjmh: I looked into doing a runner instead of a state but did find how to do that
00:34 jgarr sjmh: making it a runner was the last thing I saw in irc. I started reading the link babilen sent before I realized irc timed out
00:34 sjmh jgarr - didn't miss much.  i can show you an example pretty easily though, one sec
00:40 jgarr sjmh: I need to run. You can still send me the example here and I'll catch it in the morning. Thanks for all your help
00:40 sjmh ok
00:44 keimlink joined #salt
00:45 baweaver joined #salt
00:50 amcorreia joined #salt
00:55 spiette joined #salt
00:58 aarontc joined #salt
01:01 sjmh jgarr - https://gist.github.com/sjmh/4bf1606e23736d02efbe
01:02 bhosmer joined #salt
01:13 iceyao joined #salt
01:14 murrdoc joined #salt
01:16 yomilk joined #salt
01:17 baweaver joined #salt
01:20 brianfeister joined #salt
01:25 yomilk joined #salt
01:26 zsoftich1 joined #salt
01:32 cpowell joined #salt
01:34 jmickle joined #salt
01:34 jmickle hi anyone around?
01:34 jmickle having some trouble with salt-master
01:43 fleaz joined #salt
01:44 drawsmcgraw jmickle: Can't promise anything, but what's up?
01:45 jmickle think i actually may have found the problem seems like some files straight up went missing from an EBS volume
01:45 drawsmcgraw ouch
01:45 jmickle yeah ;-/
01:49 subsignal joined #salt
01:54 malinoff joined #salt
01:54 justanotheruser joined #salt
01:56 bhosmer joined #salt
01:58 quasiben joined #salt
01:58 dhdh joined #salt
02:04 catpiggest joined #salt
02:07 cberndt joined #salt
02:07 justanotheruser joined #salt
02:10 michelangelo joined #salt
02:13 justanotheruser joined #salt
02:20 murrdoc joined #salt
02:22 ageorgop joined #salt
02:27 ageorgop joined #salt
02:28 Bryson joined #salt
02:30 treaki_ joined #salt
02:33 iceyao_ joined #salt
02:42 akhter joined #salt
02:46 yomilk joined #salt
02:48 quasiben joined #salt
02:50 bja_ joined #salt
03:01 iceyao joined #salt
03:04 quasiben joined #salt
03:09 brianfeister joined #salt
03:14 evle joined #salt
03:16 forbin joined #salt
03:17 forbin Dose any one have examples of profiles to do cloneing with the proxmox provider running on PVE 4.1?
03:17 _JZ_ joined #salt
03:22 racooper joined #salt
03:32 brianfeister joined #salt
03:39 zmalone joined #salt
03:39 jaybocc2 joined #salt
03:44 bhosmer joined #salt
03:47 kawa2014 joined #salt
03:55 favadi joined #salt
03:56 akhter joined #salt
03:58 ageorgop joined #salt
04:01 subsignal joined #salt
04:13 treaki joined #salt
04:16 ramteid joined #salt
04:17 ageorgop joined #salt
04:25 jaybocc2 joined #salt
04:28 ajw0100 joined #salt
04:32 favadi joined #salt
04:33 om forbin: I don't think clone is direct feature in the proxmox provider
04:34 cpowell joined #salt
04:34 forbin I thought with this in it should be there https://github.com/saltstack/salt/pull/28090
04:34 saltstackbot [#28090]title: Add clone for qemu | We needed a way to clone VM on Proxmox....
04:35 om there is no cli for cloning but there is an API
04:35 om https://forum.proxmox.com/threads/vm-templates-and-clones-via-api.14045/
04:46 mohae joined #salt
04:49 Bryson joined #salt
04:51 malinoff joined #salt
04:52 forbin but this look's to be in ... moveing to the dev branch
05:15 anmol joined #salt
05:20 ageorgop joined #salt
05:33 ageorgop joined #salt
05:42 colegatron joined #salt
05:47 TyrfingMjolnir joined #salt
05:50 akhter joined #salt
05:50 yomilk joined #salt
05:52 malinoff_ joined #salt
05:54 zmalone joined #salt
05:54 dlam joined #salt
05:55 dlam i recall there being a command that displays the documentation of a state, anyone knows what it is?    like `salt-call state.help grains.ls`  (tells you what grains.ls is)
06:01 favadi joined #salt
06:11 cberndt joined #salt
06:16 Gabemo joined #salt
06:22 calvinh joined #salt
06:29 ageorgop joined #salt
06:29 yomilk joined #salt
06:31 iggy dlam: sys.doc
06:35 cpowell joined #salt
06:40 jaybocc2 joined #salt
06:44 Gabemo joined #salt
06:47 cuonglm joined #salt
06:52 saltyswede Hi guys, silly question. But where do I define the path to the .sls files?
06:59 jaybocc2 joined #salt
07:04 orion joined #salt
07:04 orion Hi. Is it possible to grab a file from S3 without verifying the hash?
07:09 cberndt joined #salt
07:11 sjmh saltyswede - if you're talking about state files?  you define the file_roots in the master config, or if you aren't defining it, it defaults to /srv/salt
07:11 sjmh and in /srv/salt you'd have your top.sls file, which defines which hosts get which .sls files
07:13 impi joined #salt
07:16 saltyswede Thank you for you answer, but it did'nt exist at all after installation
07:16 saltyswede which is strange
07:17 sjmh Yeah, /srv/salt doesn't get created for you
07:17 sjmh You have to create it yourself
07:22 rominf joined #salt
07:24 Rumbles joined #salt
07:33 orion left #salt
07:40 KermitTheFragger joined #salt
07:40 akhter joined #salt
07:46 aboe joined #salt
07:53 federicob joined #salt
07:59 bluenemo joined #salt
07:59 dgutu joined #salt
08:02 colttt joined #salt
08:02 penguinp1wernz joined #salt
08:04 penguinn joined #salt
08:05 penguinn hi guys
08:11 elsmo joined #salt
08:15 lovecraftian joined #salt
08:15 cyborg-one joined #salt
08:15 Rumbles joined #salt
08:19 viq joined #salt
08:29 moogyver joined #salt
08:30 penguinn i have a problem for salt-cloud
08:30 penguinn [ERROR   ] Exception raised when processing __virtual__ function for ec2. Module will not be loaded 'private_key'
08:30 penguinn i am getting error above
08:31 penguinn after i have upgraded salt-cloud 2015.5.5 to 2015.5.8
08:31 penguinn any idea ?
08:31 penguinn so i cannot creare ec2 instance at amazon
08:31 penguinn so i cannot create ec2 instance at amazon
08:36 jhauser joined #salt
08:39 rotbeard joined #salt
08:40 deniszh joined #salt
08:45 rotbeard joined #salt
08:45 rotbeard t
08:48 rotbeard joined #salt
08:49 babilen penguinn: I found your post to salt-user in which you provide *a lot* more detail (cf. https://groups.google.com/forum/#!topic/salt-users/ZOP6wX1SkQU) and it appears as if you want "ec2_mx_internal" rather than "ec2_mxy_internal" there
08:50 babilen If you have more information then please always create a pastebin on, say, one of http://refheap.com, http://paste.debian.net, https://gist.github.com, http://sprunge.us, … and mention it when you ask on IRC
08:50 babilen Our crystal balls are powerful, but not omniscient
08:53 impi joined #salt
08:56 penguinn babilen: i have no more details enough about these cause
08:57 penguinn other logs are same
08:57 penguinn how do you want particular detail ?
08:57 babilen Well, you provided more details in your mail than here on IRC
08:58 babilen Do you have ec2_mxy_internal in your configuration?
08:58 penguinn yes i have
08:58 penguinn it is running with 2015.5.5 version of salt-cloud as well
08:59 babilen So ... what happens if you use ec2_mx_internal?
09:01 penguinn https://gist.github.com/ugurengin/b51a311a7b100f3fbb49
09:03 penguinn http://paste.debian.net/368801/
09:04 babilen My point is that, from your mail, it is obvious that the actual error you encounter is: "KeyError: 'ec2_mxy_internal'" -- the question is: Why?
09:04 GreatSnoopy joined #salt
09:04 babilen Also because "ec2_myx_internal" != "ec2_mxy_internal"
09:06 slav0nic joined #salt
09:08 keimlink joined #salt
09:10 bhosmer joined #salt
09:11 amcorreia joined #salt
09:14 bmcorser joined #salt
09:16 Rumbles joined #salt
09:18 losh joined #salt
09:20 chiui joined #salt
09:23 penguinn yes, but it is not important.It was my mistake.
09:23 penguinn i wrote incorrectly
09:23 penguinn there
09:23 s_kunk joined #salt
09:23 s_kunk joined #salt
09:29 colttt joined #salt
09:34 fredvd joined #salt
09:35 hightekvagabond joined #salt
09:36 cpowell joined #salt
09:50 linjan joined #salt
09:53 elsmo joined #salt
09:57 denys joined #salt
09:58 lothiraldan joined #salt
10:03 tzero joined #salt
10:05 bhosmer joined #salt
10:09 impi joined #salt
10:17 pviktori joined #salt
10:20 LondonAppDev joined #salt
10:22 morissette joined #salt
10:23 joe1234 joined #salt
10:26 londo joined #salt
10:27 giantlock joined #salt
10:34 joe1234 hello short question about my first powershell.ps1 script with arguments called from a state.sls file just did this https://codeshare.io/q8g9o and wondered if anyone can answer if argument passing works like this .... ? if i do the same with unix shell script it works ... but i could not test this right now so i just wrote and hoped you guys can have a short peek in it ? thanks (i tried the script directly on the server with variables
10:37 favadi joined #salt
10:41 artemz joined #salt
10:50 jaybocc2 joined #salt
11:01 ramblinpeck joined #salt
11:02 malinoff joined #salt
11:10 Garo_ what's the correct way to get configuration variables from a runner? these variables should also be available only for the salt-master and ever be accessible from any minions.
11:14 Garo_ it seems that __opts__ does the trick, correct? =)
11:23 RobertChen117 joined #salt
11:33 robbbb joined #salt
11:33 giantlock joined #salt
11:36 amcorreia joined #salt
11:39 illern joined #salt
11:39 RobertChen117 when my sls has kill or start command in cmd.run, the salt-call goes to defunc/zombie.
11:39 RobertChen117 1. ps aux|grep client|grep -v grep|awk '{print $2}'|xargs kill -9
11:39 RobertChen117 2. nohup $JAVA $SERVER_ARGS $MAINCLASSNAME $CONFIG_DIR > /dev/null &
11:39 RobertChen117 please help.
11:40 colegatron joined #salt
11:41 malinoff RobertChen117: it's 2016, forget about nohup & already. Write proper systemd service files
11:42 RobertChen117 no, we are a big company, there are a lot redhat 6.2 servers
11:43 malinoff RobertChen117: alright, write sysV init.d scripts then
11:43 malinoff but don't do nohup &
11:43 favadi joined #salt
11:43 malinoff that's just silly
11:49 RobertChen117 if cmd.run has a timeout, the parent process is killed by timeout. but the subprocess has an issue and not killed.
11:49 elsmo Do many people here use Salt with Docker?
11:50 RobertChen117 the subprocess is forked by the script, if cmd.run has a timeout, the parent process is killed by timeout. but the subprocess has an issue and not killed.
11:50 elsmo I'm trying to workout if using Salt to provision inside a Docker container makes sense, it feels like it might go against the grain a bit..
11:51 jaybocc2 joined #salt
11:53 bhosmer joined #salt
11:54 bja_ joined #salt
11:54 favadi joined #salt
11:55 impi joined #salt
11:58 AirOnSkin Hey guys, I'm experiencing a problem I can't figure out: http://hastebin.com/letesaruvi.php
11:58 AirOnSkin What does the error mean? And where do I need to search?
12:04 AirOnSkin Nevermind. Figured it out. It seems the selinux state needs the policycoreutils-python package (or one of its dependencies) to set the SELinux mode
12:04 LondonAppDev Hi All, I'm installing some pip requirements with 'virtualenv.managed'. Some of them come from a private git repo, and I get the message "The authenticity of host 'bitbucket.org (104.192.143.1)' can't be established. Are you sure you want to continue y/n"... Is there any way to auto accept this?
12:05 JTeatime maybe if you specify https:// URLs for the git repos, instead of ssh:// ones ?
12:05 JTeatime oh, hrm
12:05 JTeatime I suppose that would probably be problematic since they're private
12:06 JTeatime does bitbucket.org have only one SSH host key?  you could put it in known_hosts
12:06 LondonAppDev JTeatime yeah I was thinking that might be the only option.
12:06 MarkusDBX What is you favourite monitoring tool? Maybe some that is already easy to configure with salt?
12:06 LondonAppDev To add it to known_hosts...
12:06 LondonAppDev Cheers!
12:13 hoonetorg joined #salt
12:16 RobertChen117 where I can submit a bug ?
12:17 XenophonF github
12:17 morissette joined #salt
12:17 XenophonF https://docs.saltstack.com/en/latest/topics/development/reporting_bugs.html
12:21 paolo joined #salt
12:22 LondonAppDev In Vagrant, I specifically have 'salt.run_highstate = false', but it still calls the highstate anyway. Does anyone else have this?
12:23 impi joined #salt
12:31 mr-op5 joined #salt
12:35 zerthimon joined #salt
12:40 robbbb joined #salt
12:42 linovia joined #salt
12:47 bhosmer joined #salt
12:49 An_T_oine joined #salt
12:50 aqua^c_ joined #salt
12:58 quasiben joined #salt
12:59 irctc729 joined #salt
13:00 Hamof joined #salt
13:01 Hamof Hi. I have a custom windows software packagel that requires additional files to install.  (Response files, etc) and have to run severla comma din succesion to complete the instalation.
13:01 Hamof I intend to create and sls so that the software can be inbstalled as a package using Salt Windows Software Package Manage.
13:01 Hamof My question is, what is the best method of accomplishing this?  The sampes sls files in https://github.com/saltstack/salt-winrepo-ng do not provide a comp,lex exampele involving sevweral comm and to acomplish the packes instalation/removal.
13:01 Hamof If someone could point me in the right direction or provide a link to an example/tutorial, it would be greatly appreciated.
13:02 blckbit10 joined #salt
13:07 BogdanR joined #salt
13:08 joe1234 joined #salt
13:09 joe1234 has anyone tested the windows client already on windows server 2012 A/D DC ? https://docs.saltstack.com/en/latest/topics/installation/windows.html
13:10 zenlot joined #salt
13:10 TooLmaN joined #salt
13:14 XenophonF 08:09 < joe1234> has anyone tested the windows client already on windows server 2012 A/D DC ? https://docs.saltstack.com/en/latest/topics/installation/windows.html
13:14 XenophonF ugh sorry
13:14 XenophonF joe1234, i have
13:15 joe1234 just found an article year ago which stated works quite well ... so i give it a try with a snapshot :-)
13:15 XenophonF i have salt running on stuff from windows xp/windows server 2003 through windows 8.1/windows server 2012 r2
13:16 hasues joined #salt
13:16 hasues left #salt
13:17 XenophonF it works pretty well
13:18 joe1234 XenophonF could you have a short peek on this ... i just started with it and wanted to have a states.sls file which calls a powershell.ps1 script where i want to use arguments inside ... should this work ? see code example: https://codeshare.io/q8g9o
13:18 joe1234 thanks xeno for the info about the windows client
13:19 XenophonF man noscript does _not_ like that web site ;)
13:20 XenophonF ah finally reading now
13:20 mattiasr joined #salt
13:20 XenophonF so a couple of things
13:20 joe1234 i just wanted to pass some variables into the ps1 script when calling it from the states.sls file
13:21 joe1234 quite the same in linux shell works with env: ...
13:21 XenophonF the first two states are redundant
13:21 XenophonF cmd.script will automatically deploy the given file to the minion
13:21 XenophonF you don't need to do it yourself
13:21 joe1234 ok so i delete the first 2 states
13:22 XenophonF yeah, they're unnecessary
13:22 illern joined #salt
13:22 iceyao joined #salt
13:22 joe1234 oki
13:22 XenophonF you shouldn't need to set the execution policy, because the cmd mmodule detects when the shell is set to powershell and does the right thing
13:23 dgutu joined #salt
13:23 joe1234 oh great i didnt read that in the docs it just said you need the parameter powershell
13:23 joe1234 good to know
13:24 XenophonF you'll see it if you look at the python source code in salt/modules/cmdmod.py
13:25 XenophonF if passing arguments like that works for you, great
13:25 XenophonF when i push scripts like that, i tend to turn them into jinja templates
13:25 hightekvagabond joined #salt
13:25 XenophonF so when the script gets pushed to the minion, it gets rendered with the arguments embedded inside it
13:25 XenophonF 6 of one, half-dozen of the other
13:26 XenophonF do whatever makes the most sense to you and your colleagues
13:26 DammitJim joined #salt
13:27 joe1234 yeah thats how we use it in the future .. this is a prototype for my tests to learn how to pass an argument into the script ... so you think this should work ... even it is very bad and should be made more intelligent via jinja templating...
13:27 XenophonF it's probably because i'm coming from the unix side and am paranoid about potentially sensitive command line arguments being exposed in the process list
13:27 XenophonF it's not bad!
13:27 XenophonF i think it will be fine
13:28 joe1234 in the linux shell i used the - env: this worked ... do i have to change it to - args: or is this standard also for powershell with the - env: to pass arguments
13:29 XenophonF https://docs.saltstack.com/en/latest/ref/states/all/salt.states.cmd.html#salt.states.cmd.script
13:30 XenophonF according to TFM the `args` parameter to cmd.script is a string, not a list
13:31 XenophonF the `env` parameter should work the same way on windows as it does on unix/linux
13:32 XenophonF do you know how to test stuff out from the command line?
13:32 XenophonF might be helpful for you
13:33 XenophonF you can do things like `salt-call cmd.run "echo %FOO%" env="{'FOO': '1234'}"`
13:33 XenophonF that should work from a command prompt run as admin and in the c:\salt directory
13:34 joe1234 the problem was for me to translate this into my states file as i posted in the codeshare ... so i was not sure if this works
13:34 XenophonF also lots of useful modules here https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.state.html
13:36 XenophonF don't be afraid to experiment
13:36 joe1234 thanks for the infos xeno
13:36 XenophonF if things break or don't work the way you expect, post the state and the output of salt-call or the relevant log entries on gist.github.com or something
13:37 XenophonF salt's error messages aren't always the greatest
13:37 jaybocc2 joined #salt
13:37 XenophonF but folks here are really helpful
13:37 jespada joined #salt
13:38 cpowell joined #salt
13:38 joe1234 yeah its cool to have people sharing and i hope i get better to share too and not ask :-)
13:39 joe1234 i read that the latest windows client also installs the dependencies so i would not need to install python and stuff extra
13:39 XenophonF yeah but i actually don't like that
13:40 XenophonF i just finished building proper msi packages for salt and its dependencies
13:40 XenophonF so i can bootstrap my salt deployments using gpo
13:40 XenophonF and end up with salt running using the system python---just like on unix/linux
13:41 XenophonF that way i can install stuff like boto or what have you
13:41 XenophonF and it works like one would expect
13:41 joe1234 oh far away from that :-) i just wanted to intsall ONE minion on a windows machine to allow my linux machines to write to this dns server
13:41 bhosmer joined #salt
13:41 XenophonF hah sure thing
13:43 federicob joined #salt
13:46 akhter joined #salt
13:48 akhter joined #salt
13:48 lompik joined #salt
13:51 ferbla joined #salt
13:55 saltyswede Hi! Is the salt repo down?
13:56 subsignal joined #salt
13:56 impi joined #salt
13:57 saltyswede I get 404 when I do apt-get update
14:01 racooper joined #salt
14:01 paolo joined #salt
14:02 numkem joined #salt
14:03 mattiasr joined #salt
14:08 arnoldB I'm trying to bundle salt-call with pyinstaller into one binary and get a "salt.exceptions.LoaderError: The renderer yaml is unavailable, this error is often because the needed software is unavailable". any chance to get more details of this error?
14:09 aqua^c joined #salt
14:11 Rumbles joined #salt
14:11 denys joined #salt
14:13 lothiraldan joined #salt
14:13 denys joined #salt
14:15 subsigna_ joined #salt
14:16 KennethWilke joined #salt
14:16 hightekvagabond joined #salt
14:16 domel joined #salt
14:17 hightekvagabond joined #salt
14:23 spiette joined #salt
14:25 hightekvagabond joined #salt
14:26 hightekvagabond joined #salt
14:28 impi joined #salt
14:30 giantlock joined #salt
14:35 Rumbles joined #salt
14:36 bhosmer joined #salt
14:37 CrummyGummy joined #salt
14:38 Tyrm joined #salt
14:39 mapu joined #salt
14:40 CrummyGummy Hi, new user here. I'm not sure why Salt appeals to me more than puppet or chef but I'm digging in anyway. No Question, just saying hi.
14:40 gh34 joined #salt
14:43 cpowell joined #salt
14:43 cpowell_ joined #salt
14:50 JTeatime CrummyGummy: Hi.
14:54 zmalone joined #salt
14:57 AlberTUX1 joined #salt
14:57 scoates joined #salt
15:01 dyasny joined #salt
15:01 donk joined #salt
15:03 andrew_v joined #salt
15:05 illern joined #salt
15:06 evle1 joined #salt
15:06 cpowell joined #salt
15:17 amcorreia joined #salt
15:17 perfectsine joined #salt
15:24 _mel_ joined #salt
15:30 bhosmer joined #salt
15:31 rm_jorge joined #salt
15:32 jespada joined #salt
15:36 zsoftich1 joined #salt
15:37 XenophonF saltyswede: which salt repo? repo.saltstack.com works for me
15:38 jaybocc2 joined #salt
15:39 toastedpenguin joined #salt
15:42 toastedpenguin joined #salt
15:49 evle joined #salt
15:49 rem5 joined #salt
15:50 lumtnman joined #salt
15:50 dfinn joined #salt
15:52 rem5 joined #salt
15:52 Brew1 joined #salt
15:52 [7hunderbird] joined #salt
15:54 [7hunderbird] joined #salt
15:55 perfectsine joined #salt
15:56 fas3r joined #salt
15:56 fas3r Hello
15:56 kukacz joined #salt
16:08 _JZ_ joined #salt
16:13 igorwidl joined #salt
16:15 xanderthibodaux joined #salt
16:23 adelcast left #salt
16:23 Rumbles joined #salt
16:24 bhosmer_ joined #salt
16:25 basepi CrummyGummy: it appeals to you more because it's better, of course!
16:25 basepi I'm not biased at all.
16:25 basepi <---- saltstack employee
16:26 mpanetta joined #salt
16:27 izrail joined #salt
16:28 LondonAppDev What's the best way for turning my clear text password into a password hash for user.present 'password' ?
16:30 jstjohn joined #salt
16:31 zmalone LondonAppDev: openssl passwd or something like that
16:32 adelcast joined #salt
16:33 chupetito joined #salt
16:34 pat_ joined #salt
16:34 jstjohn After googling around without too much luck, I decided to try you all out for some help. I am using the postgresql-formula (https://github.com/saltstack-formulas/postgres-formula) and it seems to install postgres and all just fine, but the one error is with user creation. It looks like the core salt postgres_user.present state is not being looked up properly by the user creation definition in the postgresql-formula. Maybe I am missing an include
16:34 jstjohn somewhere or something? Here is the short error message: ```          ID: postgres-user-xxxxx
16:34 jstjohn Function: postgres_user.present
16:34 jstjohn Name: xxxxx
16:34 jstjohn Result: False
16:34 jstjohn Comment: State 'postgres_user.present' was not found in SLS 'postgres'
16:34 jstjohn Reason: 'postgres_user' __virtual__ returned False
16:34 jstjohn Started:
16:34 jstjohn Duration:
16:34 jstjohn Changes:   ```
16:34 chupetito hi. I am new to pulp and would like to know if there is any documentation that can help me understand how to pick specific RPM updates based on a list of existing RPMs that I have on my systems. Also, is there a way to only obtain updates based on results of yum-security ? I apreciate any help you can provide.
16:37 teryx510 joined #salt
16:37 tligda joined #salt
16:37 pat01 joined #salt
16:37 LondonAppDev thanks zmalone
16:38 pat01 I am new to salt and want to upgrade salt in my entire infra
16:38 pat01 I just ran "salt-run manage.versions"
16:38 LondonAppDev jstjohn you're better posting your salt state on http://gist.github.com or something similar.
16:38 chupetito left #salt
16:38 norii chupetito: you would need to make a repo with only those packages in your system. you can make a list with rpm -qa. then you would update that repo against the pub repos those packages came from, iiuc
16:38 norii oh haha wrong channel, ask in #pulp
16:38 norii sry all
16:40 pat01 it shows that my master is is "2015.5.3", couple minions are "2015.5.3" and many minions are "2015.5.0,2014.7.5, etc"
16:40 jstjohn thanks @LondonAppDev -- good point with the gist. I didn't realize it was going to be pasted so nastily in here.
16:40 pat01 *it shows that my master is is "2015.5.3", couple minions are "2015.5.5" and many minions are "2015.5.0,2014.7.5, etc"
16:41 pat01 So, how would I upgrade my infra to the latest stable salt....
16:41 zmalone pat01: 2015.5.3 is the final release that was available from PPAs, and probably COPR etc. too
16:41 mohae_ joined #salt
16:41 zmalone you probably need to switch all of those hosts over to repo.saltstack.com repos
16:42 pat01 In my understanding, this "salt '*' pkg.install salt-minion refresh=True" would upgrade all of em to 2015.5.3
16:43 KennethWilke joined #salt
16:43 pat01 Idk if I am wrong
16:43 tuxx_ pkg.upgrade?
16:43 pat01 sorry??
16:44 pat01 or "salt '*' pkg.upgrade salt-minion refresh=True"???
16:45 rem5 joined #salt
16:46 pat01 Would this upgrade to 2015.5.3
16:46 pat01 ???
16:47 gcorey joined #salt
16:51 pat01 Plus, my production hosts shows me to have 2015.5.5!!
16:51 pat01 Any help??
16:53 malinoff joined #salt
16:53 liqw joined #salt
16:54 Tyrm joined #salt
16:56 gcorey joined #salt
17:01 jacksontj joined #salt
17:02 rideh joined #salt
17:03 gcorey1 joined #salt
17:03 Bryson joined #salt
17:06 TyrfingM1olnir joined #salt
17:07 izrail_ joined #salt
17:07 aarontc joined #salt
17:07 mephx joined #salt
17:08 jaybocc2 joined #salt
17:09 impi joined #salt
17:11 gcorey joined #salt
17:11 KennethWilke joined #salt
17:11 moogyver joined #salt
17:15 jfindlay pat01: what version are you trying to upgrade to?
17:15 jfindlay and how many minions?
17:18 bhosmer joined #salt
17:29 johnkeates joined #salt
17:29 twork today i learned: salt doesn't like CNAMEs.
17:29 writtenoff joined #salt
17:29 edulix joined #salt
17:30 twork (your narrator doesn't like them either but your humble narrator tends to lose arguments like that.)
17:31 __alex joined #salt
17:31 twork around and around and around the minions we go...
17:31 froztbyte joined #salt
17:31 froztbyte joined #salt
17:31 AndreasLutro twork: elaborate?
17:33 gcorey joined #salt
17:33 twork AndreasLutro maybe I'm wrong? last weekend, a bunch of minions kept their IP addresses, but their A rcords were changed. all their previous A records became CNAMEs that point to their new A records.
17:34 twork if i was warned about this change, i missed the message. maybe They figured it wouldn't matter.
17:34 smkelly joined #salt
17:35 frew joined #salt
17:35 twork anynow now, i can ping all my minions just fine, but when i try to salt them, "Minion did not return. [Not connected]"
17:36 AndreasLutro did their hostnames change as well?
17:36 yawniek joined #salt
17:36 twork AndreasLutro no
17:36 twork AndreasLutro oops, correction: their domains did
17:36 twork so i guess it depends on what you mean by name
17:36 w1gz joined #salt
17:37 AndreasLutro I forget if salt defaults to the FQDN or just plain hostname, I've also heard that salt can do an RDNS lookup
17:37 twork so, 'blargh.subA.here.com' changed to 'blargh.subB.here.com'
17:37 twork fqdn i think
17:37 AndreasLutro anyway I'm guessing the minion's IDs changed because of this, which means the minion's keys on the master are no longer accepted
17:38 AndreasLutro you could check this in the master or minion logs I'm sure
17:38 twork AndreasLutro: i was pretty sure that's the case
17:38 twork i brought it up here just in case (as often) i'd deduced wrong
17:38 pat01 @jfindlay.... I would want to upgrade to latest stable available... and nearly 50 to 60 minions
17:39 AndreasLutro I always make sure to write the fqdn to /etc/salt/minion_id to prevent issues like that
17:40 twork AndreasLutro: the fqdn's are there, but, they're no longer proper fqdn's, they're now CNAMEs
17:40 stevej joined #salt
17:41 twork ...but thanks for the reminder to change that
17:42 colegatron joined #salt
17:43 gerhardq1x note https://wiki.openstack.org/wiki/Meetings/openstack-salt
17:44 rem5 joined #salt
17:46 mpanetta gerhardq1x: You should have posted that link *before* the meeting :P
17:46 twork nah
17:48 snarfy joined #salt
17:50 moogyver twork - the minion id defaults to the hostname on the box.  so if the hostnames on the boxes were changed to match the new A record names, then when the minions are restarted, they'd change to the new id
17:51 moogyver which would mean that the keys are all invalid.  you can hardcode the id in the minion config if you'd like
17:51 wangofett joined #salt
17:51 twork moonyver: thanks, you probably just preempted a lot of my upcoming dumb questions
17:52 wangofett errrgg.... where would I find my s3 cached files if I'm using the s3 backend?
17:52 wangofett logging says I've got the files
17:52 wangofett but they show up on the minion as zero byte files :(
17:54 wangofett found it: /var/cache/salt/master/s3cache
17:54 wangofett but... my minions aren't getting the files, so that's exciting
17:54 twork ok so, tell me why this is a bad idea: just make the rounds of the minions (there aren't that many in the scheme of things), fix their /etc/hosts and their minion_id files, and restart the minion?  will salt see that as sombeody trying to impersonate?
17:55 twork the keys will still be there obvs, but are they hard-associated to some past dns name?
17:56 gerhardq1x mpanetta: next week, next meeting. (unless you're at http://cfgmgmtcamp.eu)
17:56 twork alternatively i could just re-key them all. dunno which is less hassle really.
17:56 smkelly joined #salt
17:56 frew joined #salt
17:57 sjmh twork - whatever is easier for you.  if you do a 'salt-key' on the master, are all the new keys showing up as wanting to be accepted?
17:57 ageorgop joined #salt
17:58 sjmh if so, personally ( at least, if the hostnames are not planning on changing soon again and this happened for all the minions ), i'd probably just nuke all the old keys and accept the new ones
17:58 blckbit10 joined #salt
17:59 twork ha ha ha ha ha, naturally, these minions have fixes waiting in their sudoers files, such that i can't restart them until salt gets unstuck, because last week i salted in a goofed-up sudoers file.
18:00 twork it is always important to time these things properly.
18:01 hal58th joined #salt
18:02 twork one thing that strikes me as odd: all their host/IP matches are still as they were in the master's /etc/hosts file, because i knew These Things Happen
18:02 twork and still correct as far as that goes
18:04 twork at my last job we kept bottles of whisky stashed around, because TTH, but oh no, not here.
18:05 stevej Evening all, I;m trying to work out environments with gitfs. I have successfully got repo branches committing states to development that only work when I supply saltenv=development to state.apply, but when I try committing changes to an execution module to the development branch that is called using a state with module.run the state run doesn't reflect the changes in the module. Do execution modules only work in the base environment or am I fundamentally
18:05 stevej getting this wrong?
18:05 lothiraldan joined #salt
18:12 bhosmer_ joined #salt
18:13 onlyaneg1 joined #salt
18:14 bronz joined #salt
18:20 munki joined #salt
18:20 snarfy joined #salt
18:23 Ryan_Lane sigh salt-cloud
18:23 wangofett Hrm.... is there any way I can do a salt-run fileserver.find_file ?
18:23 riftman joined #salt
18:23 onlyaneg1 joined #salt
18:23 wangofett my s3 files aren't showing up on the minion despite existing in the cache
18:23 Ryan_Lane I get that salt-cloud is cloud agnostic, but it's really harming salt's usefulness in AWS
18:25 jfindlay Ryan_Lane: what do you mean?
18:26 wendall911 joined #salt
18:26 Ryan_Lane jfindlay: it's implemented from scratch using REST calls and urllib
18:26 jfindlay wangofett: the cp module may have utils you're looking for
18:26 Ryan_Lane and it supports basically nothing except creating individual nodes
18:26 jfindlay whereas all the other AWS stuff are modules and states?
18:26 Ryan_Lane the boto_* state modules support most of the functionality people need in AWS, but it can't launch a minion and connect it to a master
18:27 Ryan_Lane but salt-cloud doesn't integrate with those at all
18:27 snicers-work joined #salt
18:27 snicers-work Is the communication between salt masters and minions at all encrypted?
18:27 Ryan_Lane a good example of how salt-cloud is failing is the multi-account post in salt-users
18:27 Ryan_Lane since salt-cloud implements everything itself it can't be used for multi-account
18:27 jfindlay snicers-work: yes, although I think you can disable that if you really want to
18:28 jfindlay Ryan_Lane: what about the cloud state?
18:28 Ryan_Lane all of salt's AWS support that's been written from scratch has subtle bugs fixed in boto/boto3 ages ago
18:28 bastiandg joined #salt
18:28 snicers-work jfindlay, I don't want to. What I want is to confidentaly grant access to my Hashicorp Vault server from a minion generated by my master.
18:29 Ryan_Lane jfindlay: it doesn't support assumed roles and you need to pass in profiles, so as far as I know you can't do multi-account
18:29 oida joined #salt
18:29 Ryan_Lane @snicers-work https://github.com/saltstack/salt/issues/28793
18:29 saltstackbot [#28793]title: Enable ext_pillar for minions in master/minion mode | When using secret management systems like Confidant, it's better for minions to fetch their secrets directly, rather than having the master fetch the secrets, then distribute them to the minions. It would be nice to be able to use ext_pillar on minions directly, even if in master/minion mode (it already works in masterless). In this mode it should merge the pillars from the m
18:29 snicers-work I think I should be secure by generating a uuid on the master as a file and then pushing that to the minion.
18:30 snicers-work I am no security expert, but would you guys agree?
18:30 Ryan_Lane the proper solution here is for the minion to make calls directly to vault
18:30 Ryan_Lane and to bypass the master completelt
18:30 Ryan_Lane completely*
18:30 RandyT Ryan_Lane: I think it might be possible to give the master running in AWS the ability to do at least some things via a cross-account link, but generally, the more I learn about boto, the more lean the salt-cloud application gets.
18:31 Ryan_Lane this works fine if you're using masterless, but if you're using a master, you can't use ext_pillar on the minions
18:31 Ryan_Lane RandyT: you can give the master the ability to assume roles for other accounts, but salt-cloud doesn't support it
18:31 RandyT Big +1 for #28793
18:31 RandyT Ryan_Lane: agreed
18:32 snicers-work Ryan_Lane, I want the minion to communicate with Vault but it needs to have a client id that is registered from a trusted source with the vault server.
18:32 Ryan_Lane snicers-work: ah, you're looking to make the master generate the client id?
18:33 snicers-work Ryan_Lane, I see no other way to register the minion through a deploy process.
18:33 Ryan_Lane if you have the option, you should try to re-use the client key from the minion as auth to vault
18:33 wangofett jfindlay: jfindlay okay, I think I'm now more confused than ever
18:33 Ryan_Lane snicers-work: are you in AWS?
18:34 snicers-work what do you mean by client key?
18:34 snicers-work I am in AWS.
18:34 snicers-work Ryan_Lane, ^
18:34 jfindlay wangofett: what are you confused about?
18:34 wangofett I did a `salt minion get_url s3://mybucket/myfile` and the *minion* tried to connect to S3
18:34 Ryan_Lane snicers-work: you should also consider https://lyft.github.io/confidant/
18:34 wangofett I thought the s3 backend was a master thing?
18:35 snicers-work Ryan_Lane, why this over Vault?
18:35 Ryan_Lane snicers-work: confidant solves the auth chicken/egg problem by using AWS's KMS service and IAM policy for authentication
18:35 wangofett I mean - I'm putting the config in my master: https://docs.saltstack.com/en/latest/ref/file_server/all/salt.fileserver.s3fs.html
18:35 snicers-work :\ Problem is we are already using Vault for our infrastructure.
18:35 Ryan_Lane gotcha
18:36 Ryan_Lane how are you doing the auth for it then?
18:36 Ryan_Lane and if you're already doing the auth, why do you need the salt master involved? :)
18:36 snicers-work It has been manual up to this point, we are looking to streamline our configuration management process.
18:36 jfindlay wangofett: you don't have any s3 configs in your minion?
18:36 jmickle joined #salt
18:37 snicers-work But in a secure way.
18:37 snicers-work I really am not seeing an issue with generating the uuid and passing it through the AES encryption to the minion Ryan_Lane .
18:37 Ryan_Lane how are you handling salt's keys?
18:37 dlam joined #salt
18:38 Ryan_Lane snicers-work: that's fine if you also trust your salt master with all the secrets
18:38 snicers-work Well that is the thing, the salt master generates the UUID, registers it with vault, sends it to the minion and deletes it from memory.
18:38 Ryan_Lane I guess you need to anyway, since it can make calls to the minions and could just get the data from them anyway :D
18:38 snicers-work Ryan_Lane, right lol.
18:40 Ryan_Lane snicers-work: yeah, that would work, though
18:40 snicers-work I am more comfortable with this since each salt master is in its own docker container, not able to mutate other salt master's minions.
18:40 wangofett jfindlay: I have `~/.aws/credentials` but not the minion config
18:40 Ryan_Lane snicers-work: if I was you, though, I'd just re-use the minion's key
18:40 snicers-work Ryan_Lane, their pub key?
18:40 nZac joined #salt
18:41 Ryan_Lane you'd need to implement an auth plugin for vault
18:41 lothiraldan joined #salt
18:41 snicers-work I see what you're saying.
18:41 Ryan_Lane anyway, the uuid scheme you have would also work
18:42 snicers-work A hundred ways to skin this cat.
18:42 Ryan_Lane indeed
18:42 jaybocc2 joined #salt
18:42 snicers-work Ryan_Lane, are you familiar with Vault? Would that be the TLS Certificate backend?
18:42 Ryan_Lane salt doesn't use x509
18:43 Ryan_Lane so it would need to be a custom auth plugin
18:43 snicers-work :\ yea that isn't going to happen right now.
18:43 * Ryan_Lane nods
18:43 snicers-work Why does salt not do x509?
18:44 Ryan_Lane can't do tls with 0mq
18:44 snicers-work https://docs.saltstack.com/en/latest/ref/states/all/salt.states.x509.html
18:44 Ryan_Lane ah. you _could_ use that, but that's not what I was talking about
18:44 Ryan_Lane I was talking about using the key the minion generates and the master trusts
18:45 denys joined #salt
18:45 snicers-work Not going to dump a lot of time into that side of the problem right now. I think as long as the connection is encrypted and that uuid ONLY lives on the minion and is used for just that I am confident that I can trust it.
18:45 wangofett zomg
18:45 wangofett if this works...
18:45 wangofett tableflip myself
18:46 Ryan_Lane wangofett: I'm pretty sure that won't work
18:46 Ryan_Lane because salt doesn't use boto or botocore
18:46 snicers-work (╯°□°)╯ ┻━┻
18:46 johnkeates that's my table!
18:46 Ryan_Lane I was just complaining about this :)
18:46 * snicers-work is sorry.
18:46 * wangofett was doing `src` not `source
18:46 wangofett fml
18:46 johnkeates now all my data is upside down :(
18:46 Ryan_Lane snicers-work: yeah. seems reasonable
18:47 snicers-work Thanks Ryan_Lane
18:47 Ryan_Lane snicers-work: yw
18:47 Ryan_Lane wangofett: :D
18:47 wangofett still some problems, but at least it's *telling* me the problems :P
18:47 wangofett lol
18:48 giantlock joined #salt
18:49 onlyaneg1 joined #salt
18:49 DammitJim joined #salt
18:50 anotherZero joined #salt
18:55 wangofett https://github.com/saltstack/salt/issues/15151 I think that may have something to do with it
18:55 saltstackbot [#15151]title: Salt.state.file docs incorrectly state S3 URLs are usable by the source parameter | The document page below says that "s3 compatible URLs" can be used with file.managed and file.append....
18:58 baweaver joined #salt
19:01 iggy wangofett: did you read that issue? It was a docs bug on an extremely old version of salt
19:02 lothiraldan joined #salt
19:02 cro joined #salt
19:04 QuisaZaderak joined #salt
19:04 wangofett yeah... I'm not convinced that there isn't still a docs bug yet ;)
19:05 hightekvagabond joined #salt
19:07 bhosmer_ joined #salt
19:09 wangofett oh this is weird... the hash of the file keeps changing o.O
19:10 johnkeates maybe it's smoking something weird ;-)
19:10 baweaver joined #salt
19:11 jgarr sjmh: thanks for the help yesterday. I was confused on the runner syntax you said. I'm mykeymgmt would be a custom runner I'd write? I ended up using the key.wheel.delete module with a tweak to the data filter
19:11 sjmh jgarr - yeah I was thinking about doing it as a custom runner, but forgot that reactor could run wheel modules too
19:11 sjmh so I'd use the wheel key delete stuff instead
19:12 wangofett yeah - looks like at the very least you need to specify aws credentials in the minion config
19:12 jgarr is wheel always run on the master? I couldn't find a good explaination of how it's different but I know it's not a normal module
19:13 jgarr it works either way, I just didn't find documentation to understand it more
19:16 jgarr I found the list of modules. Just not why/how it works
19:17 mohae joined #salt
19:18 Bardo joined #salt
19:18 wangofett yeh, definitely some missing documentation. The https://docs.saltstack.com/en/latest/ref/file_server/all/salt.fileserver.s3fs.html mentions nowhere that the credentials must be set *in the minion config file*
19:19 wangofett *and* the 'source' parameter only says you need `source_hash` for HTTP or FTP, but it's actually necessary for s3:// as well
19:21 mapu joined #salt
19:27 aharvey joined #salt
19:28 tehsu joined #salt
19:28 QuizaSaderak joined #salt
19:28 tehsu when I run a highstate, I get this error, Comment: Unable to render top file: Unable to render top file. No targets found. and the minion log shows me this, Template was specified incorrectly: False
19:30 dlam is there a `salt-call`  way to display a report of whats states worked/failed on some box?
19:32 amcorreia joined #salt
19:36 dlam just wonderin' if something easier to read than `grep ERROR /var/log/salt/minion` etc etc
19:37 Ch3LL tehsu: what is in your top file?
19:38 tehsu so I have base: '*': and formulas and then I have one specifically for the server, I am guessing there may be some whitespace somewhere causing it?
19:38 baweaver joined #salt
19:39 rem5 joined #salt
19:42 cro joined #salt
19:42 cirrus_ joined #salt
19:43 jfindlay dlam: usually what people do is use a returner that routes into a database from which you should be able to easily query such info
19:43 akhter_1 joined #salt
19:45 twork oh hell. i know you're on the edge of your seats wondering why my minions weren't respoinding after their fqdn's changed. turns out, it's because their services had never been set (weeks/months ago) to start at boot.
19:45 Ch3LL tehsu: yeah that might be it. if you post an example of your top file to gist i could possibly help you troubleshoot
19:47 teryx510 joined #salt
19:47 BogdanR joined #salt
19:49 baweaver joined #salt
19:49 tehsu i found it, thanks
19:49 jaybocc2 joined #salt
19:49 Ch3LL oh okay cool glad you figured it out
19:50 tehsu yeah, thank god, appreciate it
19:50 Tyrm joined #salt
19:53 ajw0100 joined #salt
19:53 anotherZero joined #salt
19:55 RandyT wangofett: fwiw, I've found that the error message when using s3 for file storage will often complain about checksum format, when in reality, it has failed to access the file entirely.
19:56 RandyT I believe I have logged this bug
19:57 Tyrm joined #salt
19:58 wangofett RandyT: it did that at first. My expectation was that with s3:// it would pull the files from the salt master
19:59 Crazy67 joined #salt
20:01 jfindlay wangofett: sorry I'm not more help.  I've only used s3 once and didn't do that much with it
20:01 birppy joined #salt
20:01 bhosmer_ joined #salt
20:02 wangofett it's all good - I figured it out and filed a bug: https://github.com/saltstack/salt/issues/30646 ;)
20:02 saltstackbot [#30646]title: Update the S3 fileserver docs for the great good | After realizing that `- src:` is entirely not the same as `- source:`, I started getting pretty much the same message that was reported in #15151....
20:02 wangofett there's definitely a mismatch between what the docs say you should do and what you need to do, heh
20:05 beardedeagle joined #salt
20:06 dfinn joined #salt
20:09 izrail joined #salt
20:10 dlam jfindlay: ooo thanks for the tip!  <3
20:12 akhter joined #salt
20:16 jmickle joined #salt
20:17 dustywusty joined #salt
20:19 jgarr Trying to trigger salt-call event.send 'org/custom' '{foo: bar}' on a el 6.4 system with salt-minion 2015.8.3-1 gives an IO loop. Anyone heard of it? http://fpaste.org/315030/83942814/
20:19 Ch3LL jgarr: are you running as a non root user?
20:20 jgarr nope
20:20 jhauser joined #salt
20:20 Ch3LL is this the error you are getting -> xception ValueError: 'I/O operation on closed file' in <bound method SyncWrapper.__del__ of <salt.utils.async.SyncWrapper object at 0x1b1fd90>> ignored
20:21 jgarr Ch3LL: that's the one
20:21 Ch3LL yeah i am only aware of that error showing up when using salt-call as non root user
20:21 jgarr I'm logged in as root atm
20:21 Ch3LL i just tested it with 2015.8.3
20:22 Ch3LL hmmmm...let me look to see if there is anything else on github one moment
20:22 jgarr I didn't try as not root yet but eventually will need that. you have a GH issue tracking it?
20:23 aharvey joined #salt
20:25 nZac joined #salt
20:26 Ch3LL yeah here is the issue for tracking https://github.com/saltstack/salt/issues/29820
20:26 saltstackbot [#29820]title: Running salt-call as non-root user gives exception | Running salt-call as non-root user gives exception (that seems to loop forever):...
20:26 Ch3LL can you check to see if the /etc/salt/pki/minion directory is present?
20:27 GreatSnoopy joined #salt
20:27 penguin_dan joined #salt
20:29 Ch3LL this also might be related to your case: https://github.com/saltstack/salt/issues/29701
20:29 saltstackbot [#29701]title: Running salt-call on salt master would crash the master node with code level 2015.8.3 | We are trying to upgrade our salt packages from 2015.5.3 to 2015.8.3. One issue popped up during the evaluation. We have two lines of `salt-call` statements that we run on the salt master node (no salt-minion package installed on the master node). With version 2015.5.3 they ran fine. But with version 2015.8.3 the following exception was raise
20:29 jgarr Ch3LL: yes it's there and root:root owned
20:31 ajw0100 joined #salt
20:32 drboyer joined #salt
20:33 Ch3LL jgarr: thanks for checking that. did you look at the issue i posted. looks like there is possibly an issue with running salt-call on salt-master. i have not tested this though. just trying to give you some direction
20:33 ageorgop joined #salt
20:34 jgarr I can run on a el 7.2 system (not the master) without problems. The system I'm trying to run it on isn't the master
20:34 jgarr if 2015.5.* didn't have the issue I may downgrade until it's fixed
20:34 jgarr thanks for the links
20:36 AlberTUX joined #salt
20:36 Ch3LL yeah sorry not much help. just knew thee was an existing issue
20:37 Destreyf joined #salt
20:37 brianfeister joined #salt
20:38 dlam is there a way to -require: a thing/id in the same state file?    like  https://gist.github.com/dlam26/f23a3057007a7f8e7ba7
20:39 om joined #salt
20:39 kevinquinnyo joined #salt
20:41 StogblenToast I'm having trouble with the ntp.ng formula and generating my ntp.conf from pillar data
20:41 kevinquinnyo how can i use a 'require': [{'pkg': 'somepkg'}] only if another condition is met, like a match on minion role, or another grain
20:41 teryx510 joined #salt
20:41 babilen dlam: Sure, but you'll have to start with the module first. Make that "- file: set_owner_and_permissions_on_virtualenv_folder" in the requisite block
20:41 jfindlay dlam: see my comment.  The format is `- <module>: <id>`
20:42 speedlight joined #salt
20:42 jfindlay kevinquinnyo: you can cheat by using jinja
20:42 teryx510 joined #salt
20:43 rm_jorge joined #salt
20:44 kevinquinnyo jfindlay: could you clarify that for me?
20:44 jfindlay {% if salt['grains.get']('my_grain') == 'the_one' %} ... <sls data> ... {% endif %}
20:47 dlam ahhh ok thanks thanks
20:48 KennethWilke joined #salt
20:49 snicers-work joined #salt
20:49 jfindlay dlam: that is the general idea for all (most?) requisites
20:51 dlam ohh ok so yeah  - require:   <any module here>: id
20:52 joe1234 joined #salt
20:53 kevinquinnyo jfindlay: Would you mind taking a quick look at this example based on what i was asking earlier with the requisite and condition:  https://gist.github.com/kevinquinnyo/126f6e4eda7ea995d5d4
20:53 joe1234 hey there, can anyone explain how to pass 3 args into a powershell script within a state ?
20:54 kevinquinnyo if condition is False, it errors, because the SLS key my_required_state_if_not_staging doesn't exist if condition is not met.  Surely i'm *doing it wrong*
20:55 bhosmer joined #salt
20:55 ajw0100 joined #salt
20:55 karlthane joined #salt
20:56 kevinqui3nyo i guess i could just make the state a "no-op" in the else
20:56 kevinqui3nyo oops wrong window
20:56 baweaver joined #salt
20:56 jfindlay kevinquinnyo: I'm unsure why you need the if statement in there
20:57 jfindlay since `condition` is `False`, the if block is not executed and 'my_required_state_if_not_staging' is not in `states`
20:57 kevinquinnyo well condition may not be false in reality
20:57 kevinquinnyo that was just an example
20:57 kevinquinnyo of how it fails like you say if it is
20:58 kevinquinnyo false
20:58 heaje joined #salt
20:58 jfindlay do you understand the argument I'm making though?  You can't require a state that's not present in the sls data
20:58 heaje Is it possible to do a compound match with a pillar value that has spaces in it?
20:58 heaje ie: 'I@device_service:Infrastructure - Monitoring - Datastore - Master and G@osmajorrelease:7'
20:59 kevinquinnyo jfindlay: yes, that's why i was wondering if i should just define it in the `else` as a sort of "no-op" state
20:59 heaje The only way I've been able to get it working is by replacing the ' ' with a '*', but that's not what I want.
20:59 jfindlay kevinquinnyo: that could work
21:00 jfindlay kevinquinnyo: but why not move the second state into the if block?
21:00 baweaver joined #salt
21:01 kevinquinnyo jfindlay: yeah... what you say makes sense in my example -- i should have just pasted the real example
21:01 kevinquinnyo i think regardless there is some basic logic that i need to review here
21:01 aharvey_ joined #salt
21:01 yota joined #salt
21:01 jfindlay kevinquinnyo: yeah, sorry for too much extrapolating :-)  I realized that after I said it
21:02 kevinquinnyo no its ok you're right, you made me realize i think i have a short circuit in my logic somewhere here in the real sls file that i need to review
21:05 nZac joined #salt
21:06 nZac joined #salt
21:07 cyborg-one joined #salt
21:08 joe1234 if anyone has some min to see this example of powershell argument passing, i am doing it wrong in command line its like salt 'minionid' cmd.script salt:/files/createdns.ps1 args='param1 param2 param3' shell='powershell' but how to do it in a state ... i put the my example here https://codeshare.io/q8g9o
21:09 heaje joined #salt
21:09 jtylers joined #salt
21:12 jfindlay joe1234: are you running state.apply or state.sls with that state?
21:12 joe1234 state.sls
21:13 jfindlay joe1234: also, I think your `args` name should be `kwargs`
21:13 joe1234 but i think i do not understand how to correctly pass an argument into powershell script and take it over ... this way i works for linux shell when i use env: .... but it seems for powershell i have to do it differently
21:14 jfindlay wait, I think I'm wrong about that
21:15 avozza joined #salt
21:15 joe1234 i tried env: also
21:15 jfindlay the cmd.script state documents `args` but does not accept `args` as a parameter
21:18 joe1234 ok it seems i am unable to understand how to pass my variables into the script then
21:18 avozza how can I disable certificate checking in vmware module? I have the error: [DEBUG   ] Peer certificate subjectAltName does not match host, expected 10.20.4.9, got DNS:VC01, DNS:VC01.corp.example.com
21:19 blckbit10 joined #salt
21:22 jfindlay joe1234: I don't know much about powershell, but are the arguments intended to be environment variables?
21:23 jfindlay joe1234: in that case you should change kwargs to env and it should work
21:23 joe1234 no i just want to call the script and giving it this 4 parameters however i have to write this correctly in the state file ...
21:23 jfindlay avozza: there is an open bug about that
21:23 joe1234 i tried with env: but it gets the same error ....
21:23 avozza thanks @jfindlay !
21:24 stevednd is there any way to run in batches with a delay? I need to do a rolling restart of services on my machines when I deploy, and to do so I just need to issue a `service.stop` command and then a monitoring process on the server will restart it
21:24 avozza @jfindlay do you have a link to the bug?
21:24 hightekvagabond joined #salt
21:24 jfindlay avozza: https://github.com/saltstack/salt/issues/30501
21:24 saltstackbot [#30501]title: Feature: bypass SSL cert validation for vsphere host | This may be a a controversial request, but would it be possible to optionally   bypass cert verification w/ the vmware driver ? This prevents us from using the vmware driver (from the deprecated vsphere).
21:24 stevednd the problem with this is that the service.stop will return pretty much immediately, but the service takes a couple minutes to start back up
21:25 stevednd so if I just use regular batches it doesn't matter because the service calls return too fast
21:25 amcorreia joined #salt
21:25 jfindlay stevednd: you could add a wait state: cmd.run: - name: sleep 60
21:26 anotherZero joined #salt
21:26 jtylers1 joined #salt
21:26 stevednd jfindlay: I thought about that. I typically just issue the stop command from the command line module, but I could just put multiple statements ina cmd.run
21:27 stevednd I just wasn't sure if there was some functionality went along with the salt batch argument that might allow for a delay
21:28 blckbit10 joined #salt
21:28 jfindlay not that I know of, but I'm not an expert on targeting and batching
21:29 joe1234 i cannot make it work :-( noone here to know how to pass a argument correctly to powershell script https://codeshare.io/q8g9o
21:30 jfindlay joe1234: you might want to try the salt-users mailing list
21:30 joe1234 ok, how can i acces this ?
21:30 joe1234 i am very new to salt
21:30 jfindlay it's a google group
21:31 jfindlay https://groups.google.com/d/forum/salt-users
21:31 joe1234 great thanks
21:31 jfindlay yeah, sorry I wasn't helping
21:32 akhter joined #salt
21:35 hightekvagabond joined #salt
21:35 JTeatime joined #salt
21:37 Ryan_Lane basepi, jfindlay: https://github.com/saltstack/salt/pull/29650 https://github.com/saltstack/salt/pull/30378
21:37 saltstackbot [#30378]title: Adding silent flag to npm.bootstrap | Adds a flag to `npm.bootstap` to disable the silent flag when calling `npm install`
21:38 Ryan_Lane not sure if anyone is watching the comments post-merge
21:42 deniszh joined #salt
21:46 jfindlay Ryan_Lane: cachedout is overallocated at the moment and basepi is out for a few hours, but generally we make an earnest effort to keep up on github
21:47 * Ryan_Lane nods
21:47 Ryan_Lane no worries. just pinging people just in case :)
21:50 jfindlay Ryan_Lane: https://github.com/saltstack/salt/pull/30649
21:50 saltstackbot [#30649]title: Backport #30378 | Backport #30378.
21:51 * twork hateses markup languages. that is all. carry on.
21:53 jeffspeff joined #salt
21:58 blckbit10 joined #salt
21:58 hightekvagabond joined #salt
21:59 Eugene They burns us
22:00 rem5 joined #salt
22:00 baweaver joined #salt
22:02 Rumbles joined #salt
22:08 murrdoc joined #salt
22:10 twork i need some remediation. i have a file; call it, ID: foo. Function is file.managed. Name: /etc/foo.conf.
22:10 twork the file has a bug in it, i'm narrowing it down, lots of calls to the state.
22:11 twork state.highstate works fine, installs the file, bug and all.  but that takes a long time so i'd rather just install that one file.
22:13 twork 'state.single file.managed name=/etc/foo.conf' appears to work... but, doesn't update the file. "Succeeded: 1 ; Failed: 0"
22:15 denys joined #salt
22:16 twork i don't find any way to call that element by its ID, only by the Name
22:17 dontcare do you have that file.managed in a state file on its own?
22:17 dontcare cause you could call that one state
22:17 dontcare state.sls <thing>
22:17 twork if i change the 'Name=' to something wrong, it's clear salt sees the error, so i know i'm hitting the right place...
22:18 twork oh, that is a good idea
22:18 twork thanks
22:18 gtmanfred https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.state.html#salt.modules.state.sls
22:18 gtmanfred yup, np :)
22:19 gtmanfred i try to split my stuff up by ideas, and then include stuff that is required for that state to be run on its own (whether it is the first time run or not)
22:20 gtmanfred i need to get packages to be included in the config.sls file, but
22:20 gtmanfred to start these services, the files must be configured
22:20 gtmanfred so
22:20 twork yeah, i've learned to do that too... even in the past learned to split off buggy stuff.  ...and then i forgetted.
22:20 gtmanfred https://github.com/gtmanfred/openstack-salt-states/blob/master/novaapi/service.sls
22:21 jmickle left #salt
22:22 twork i do still wonder though, how come the tactic i was trying doesn't work?
22:22 anotherZero joined #salt
22:27 rem5 joined #salt
22:35 om joined #salt
22:35 hightekvagabond joined #salt
22:37 writtenoff joined #salt
22:38 ajw0100 joined #salt
22:38 keimlink joined #salt
22:43 bhosmer_ joined #salt
22:45 zenlot joined #salt
22:50 snc joined #salt
22:50 rherna joined #salt
22:52 murrdoc joined #salt
22:53 baweaver joined #salt
22:54 tbird joined #salt
22:54 tbird joined #salt
22:55 tbird_ joined #salt
22:57 rherna left #salt
22:58 twork okay, next one. the trouble i was (was, ha ha!) chasing was in an apache config file.  now that's fixed, i'd like to apply the state it lives in.  but there's other stuff i don't want to push just yet.  but, pushing just that state fails, because it inclues calls to 'watch_in: -service: apache2'
22:59 twork have i left something out of the states i'm directly concerned with right now?
23:00 twork rather, should my present state include a definition for the apache service... or will that collide when i do go to high state?
23:01 aharvey joined #salt
23:02 rem5 joined #salt
23:03 testi1n3 joined #salt
23:05 aharvey_ joined #salt
23:05 zmalone joined #salt
23:05 twork simpler, i think: is it incorrect to have multiple states include entries for the same service.running?
23:08 twork try it and see i guess.
23:09 zmalone left #salt
23:10 murrdoc joined #salt
23:22 aqua^c joined #salt
23:23 jgarr are old salt package versions not kept in the repo? are they available somewhere else?
23:26 nZac joined #salt
23:30 jfindlay jgarr: see http://repo.saltstack.com/yum/redhat/7/x86_64/archive/, and similar
23:31 jgarr jfindlay: thanks
23:31 jtylers is there a simple command I can use to generate many test minions at once?
23:31 jfindlay jtylers: `python tests/minionswarm.py -n $MANY`
23:31 jtylers thanks!
23:32 jfindlay s/-n/-m/
23:33 mosen joined #salt
23:34 grumm_servire joined #salt
23:34 nZac joined #salt
23:37 L2SHO joined #salt
23:38 iggy twork: state.sls_id <id> <file.with.dots>
23:42 colegatron joined #salt
23:42 ajw0100 joined #salt
23:46 Tyrm joined #salt
23:46 anotherZero joined #salt
23:50 [7hunderbird] joined #salt
23:55 igorwidl left #salt
23:57 gcorey joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary