Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2016-01-27

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:02 aharvey joined #salt
00:12 hightekvagabond joined #salt
00:12 shoemonkey joined #salt
00:15 aw110f joined #salt
00:21 bronz joined #salt
00:21 abednarik joined #salt
00:24 hightekvagabond joined #salt
00:24 hightekvagabond joined #salt
00:25 norpha joined #salt
00:25 norpha left #salt
00:27 jtylers joined #salt
00:32 bhosmer joined #salt
00:35 shoemonk_ joined #salt
00:39 shoemonkey joined #salt
00:43 jtylers joined #salt
00:43 tyler_ joined #salt
00:45 jtylers left #salt
00:47 djgerm joined #salt
00:49 djgerm Howdy! Long time no see. Hope you're all well. I am evaluating DNS formula/modules for saltstack. I'd like to ultimately spin up a couple masters, slave, update forward and reverse, and have it push changes out. Any recommendations on where to start? We are most comfortable with bind, but there's a couple of bind formulas out there
00:49 baweaver joined #salt
00:54 dlam is there a way to make `salt-call`  always be --local  ?
00:54 dlam (me running masterless)
00:56 qman__ Not sure, but you could just make an alias
00:56 lompik joined #salt
00:58 dlam ohh ya
00:58 sjmh heaje - i just submitted the PR for your scsi issue
01:02 bbradley joined #salt
01:07 jasonrm joined #salt
01:08 RobertChen117 joined #salt
01:13 ageorgop joined #salt
01:14 kevinquinnyo1 joined #salt
01:15 XenophonF djgerm: a managed bind deployment should be pretty easy
01:15 malinoff joined #salt
01:15 XenophonF install some packages, manage some config files, start a service
01:15 XenophonF i guess it'd get a little more complicated if you wanted to support dnssec or dynamic updates
01:16 cpowell joined #salt
01:17 lianz joined #salt
01:21 shoemonkey joined #salt
01:29 akhter joined #salt
01:32 aw110f hi, when using gitfs, any ways to set how often the saltmaster pulls from git ?
01:35 subsignal joined #salt
01:39 onlyanegg joined #salt
01:40 edrocks joined #salt
01:42 shoemonkey joined #salt
01:44 iceyao joined #salt
01:51 edrocks joined #salt
01:53 djgerm XenophonF: thanks. Do you think just managing the static files on salt master is the way to go then? instead of a full blown bind formula?
01:54 lovecraftian joined #salt
01:55 abednarik joined #salt
01:57 cpowell joined #salt
02:01 quasiben joined #salt
02:02 VR-Jack djgerm: sometimes formulas are more work than they need to be in order to be versatile
02:03 djgerm KISS
02:03 catpigger joined #salt
02:04 VR-Jack If you are managing a lot of different deployments with a lot of different settings, formulas become more useful.
02:04 mapu joined #salt
02:06 edrocks is there a way to pass arguments to a state? ie a version number to deploy
02:06 stooj joined #salt
02:06 VR-Jack Also, dns "slaves" are only useful if you don't manage both master and slave. otherwise, have salt deploy all as masters.
02:07 VR-Jack edrocks: You can pass pillars via command line or through the reactor or orchestrate
02:09 edrocks VR-Jack: how do you pass pillars as arguments?
02:09 iggy edrocks: you can set pillar data on the command line and it gets merged into your normal pillar data
02:09 donmichelangelo joined #salt
02:09 * iggy types too slow
02:10 edrocks o nm
02:10 edrocks found it  `salt '*' state.highstate pillar="{foo: 'Foo!', bar: 'Bar!'}"`
02:10 joyrida08 joined #salt
02:10 iggy https://docs.saltstack.com/en/latest/topics/tutorials/pillar.html#setting-pillar-data-on-the-command-line
02:10 edrocks VR-Jack: iggy thank you! my build/deployment system may get a nice upgrade soon
02:14 edrocks_ joined #salt
02:15 stooj joined #salt
02:15 VR-Jack iggy: you're getting old. :)
02:15 sjmh aw110f - you can, I think it's the loop_interval setting, where the master does maintenance.
02:16 sjmh or you can have your git server send a post-push hook to send an event to reactor and have it force an update
02:16 onlyanegg joined #salt
02:21 stooj joined #salt
02:26 heaje joined #salt
02:28 stooj joined #salt
02:32 ageorgop joined #salt
02:34 jaybocc2 joined #salt
02:35 quasiben joined #salt
02:40 qu9 joined #salt
02:41 jack_ joined #salt
02:45 RobertChen117 joined #salt
02:45 jack__ joined #salt
02:45 quasiben joined #salt
02:50 DammitJim joined #salt
02:52 evle joined #salt
02:56 jack joined #salt
02:57 quasiben joined #salt
02:57 avozza joined #salt
02:58 aharvey joined #salt
03:04 jack_ joined #salt
03:06 quasiben joined #salt
03:07 ageorgop joined #salt
03:08 evle joined #salt
03:10 Bryson joined #salt
03:10 heaje sjmh: Awesome, thanks for taking care of that
03:12 quasiben joined #salt
03:16 stooj joined #salt
03:19 racooper joined #salt
03:20 pcn Is there a way to have an EBS attachment defined in a cloud profile instead of having to attach it afterwards?
03:23 quasiben joined #salt
03:29 jack_ joined #salt
03:31 kawa2014 joined #salt
03:33 cberndt joined #salt
03:41 quasiben joined #salt
03:41 rem5 joined #salt
03:44 shoemonkey joined #salt
03:45 jack_ joined #salt
03:46 writtenoff joined #salt
03:54 jack_ salt
03:57 nethershaw joined #salt
04:00 kshlm joined #salt
04:08 om what are the benefits of git_fs over just running a cron that does git pull ?
04:09 om (after a git clone of course...)
04:09 mosen multiple roots are easier to manage i guess
04:10 om you mean, multiple branches or repos?
04:10 treaki_ joined #salt
04:12 om is the git repo made available like in /srv/salt ?
04:12 om or where would it be?
04:12 om /var/cache/salt/master
04:12 om but is it in the same form as /srv/salt in hierarchy structure?
04:14 mosen multiple gits are overlayed into a single filesystem
04:14 mosen sorta
04:14 mosen multiple repos
04:15 anmol joined #salt
04:17 quasiben joined #salt
04:23 ramteid joined #salt
04:25 avozza joined #salt
04:27 favadi joined #salt
04:34 tedbot joined #salt
04:35 tedbot a package installed with pip includes a config file that sits on the same level as the module itself….how can I get the path to that config file so I can Salt it?
04:35 jack_ joined #salt
04:35 brianfeister joined #salt
04:43 jack_ joined #salt
04:52 brianfeister joined #salt
04:54 jack_ joined #salt
04:58 CheKoLyN joined #salt
05:02 RobertChen117 joined #salt
05:14 lemur joined #salt
05:19 aqua^c_ joined #salt
05:20 totzky joined #salt
05:21 RobertChen117 joined #salt
05:27 jack_ joined #salt
05:32 rdas joined #salt
05:42 colegatron joined #salt
05:45 jack_ joined #salt
05:54 calvinh joined #salt
05:57 bhosmer_ joined #salt
06:02 jaybocc2 joined #salt
06:03 nethershaw joined #salt
06:04 RobertChen117 salt-call calls a script the salt-call hangs as the script has some defunc sub processes, but the scripts runs well in terminal bash…
06:05 RobertChen117 probably terminal bash can handle but not salt-call
06:07 bluenemo joined #salt
06:09 jack_ joined #salt
06:13 favadi joined #salt
06:15 kawa2014 joined #salt
06:15 tedbot left #salt
06:18 ageorgop joined #salt
06:20 TyrfingMjolnir joined #salt
06:23 jaybocc2 joined #salt
06:28 blckbit10 joined #salt
06:29 zulgabis joined #salt
06:33 dlam joined #salt
06:33 zulgabis hi all. i need some help. i wrote a custom grain that collects info from aws ec2. it works, but how to not launch this grain on non aws nodes?
06:34 jhauser joined #salt
06:34 zulgabis if not __pillar__.get('os', '') != 'Amazon': looks terrible
06:36 writtenoff joined #salt
06:38 sjmh zulgabis - you could just sync the grain to only the ec2 hosts.
06:39 sjmh then it wouldn't even exist on the non-ec2 hosts
06:39 av_ joined #salt
06:51 iceyao_ joined #salt
06:57 zulgabis then, how choose what the default grain is sync with minion. example esxi.py not sync with minion and don't run on him.
06:58 ajw0100 joined #salt
06:58 avozza joined #salt
07:02 giantlock joined #salt
07:03 ws2k3 joined #salt
07:04 opdude__ joined #salt
07:14 iggy zulgabis: did you look at the aws grains in the salt-contrib repo?
07:15 sjmh hrm.  is it just me, or is the py renderer really, really, dangerous.
07:15 iggy powerful
07:15 iggy which yeah, usually the same thing
07:18 wendall9111 joined #salt
07:18 izrail_ joined #salt
07:18 KermitTheFragger joined #salt
07:19 sjmh iggy - right, except that it could effectively rewrite your entire master config.
07:19 munki_ joined #salt
07:20 sjmh just thinking of a scenario where you were using something like git_pillar, and some one gained access to a repo and shoves in a top.sls file that's using the py renderer.
07:21 colegatron_origi joined #salt
07:21 sjmh next it goes to renderer pillar, mr. johndoe mysteriously gets added to external_auth, with access to all the minions..
07:21 zulgabis iggy: yes, i take some code from ec2_info.py
07:22 jack_ joined #salt
07:25 RobertChen117 joined #salt
07:26 lovecraftian joined #salt
07:26 lovecraftian joined #salt
07:27 brianfeister joined #salt
07:32 scarcry joined #salt
07:37 iggy sjmh: that's different than jinja+yaml states?
07:37 iggy zulgabis: look for the one that the __virtual__ function returns false when it's not in AWS
07:38 sjmh iggy - states are purposely used for modifications and keeping state.
07:38 sjmh a template file for rendering targets.. isn't.
07:38 Basavaraj joined #salt
07:38 sjmh i can say that users can't run states - i can't prevent the master from rendering a top file.
07:39 Basavaraj Hi Team,  I have been using the Salt for all the automation and has been successful on Linux minions. Now we have a set of Windows minions where we have installed CygWin to support Linux style of commands and all.  Requirement is that Salt should call the cygwin prompt and then it has to setup the environment something like running /etc/profile or the equivalent  scripts before running other commands. I need your support to automat
07:40 iggy sjmh: I see the difference, I fail to see how it would really make that much difference in practice
07:42 jaybocc2 joined #salt
07:42 sjmh iggy - well, we don't use salt for states, so all that functionality is disabled from users to actually run state mods.  however, we do enable targeting for pillar data.  enabling them to run pure python in top files would enable to them to circumvent things on the master.
07:42 sjmh not saying the py renderer isn't useful / powerful to some people.  but it'd be nice to have a way of blacklisting it.
07:43 federicob joined #salt
07:45 sjmh and we're in the situation where we have multiple tenants on the same master - so the situations is exacerbated
07:52 writtenoff joined #salt
07:52 jack__ joined #salt
07:53 bastiandg joined #salt
07:54 dgutu joined #salt
07:56 elsmo joined #salt
07:58 shoemonkey joined #salt
08:00 RobertChen117 joined #salt
08:01 colttt joined #salt
08:11 colttt joined #salt
08:12 impi joined #salt
08:12 jack__ joined #salt
08:18 iggy if you don't use the py renderer anywhere else, just delete the renderer module
08:19 viq joined #salt
08:31 linjan joined #salt
08:32 relidy joined #salt
08:34 kshlm joined #salt
08:35 jack__ joined #salt
08:36 losh joined #salt
08:38 stooj joined #salt
08:40 fredvd joined #salt
08:42 saltyswede Hi guys and gals. I have installed salt-master on a node from the salt.repository and also installed salt-minion from debians default repository. I did this because my minions is behind a firewall which very strict rules and therefore I cant download from the official saltstack repositry
08:43 saltyswede I have opened the firewall to saltstacks default repo and I need to add the repo and the key,
08:43 saltyswede I have tried running the commands with cmd.run from the master but the minions wont respons to that,
08:44 saltyswede salt '*' cmd.run "wget -q -O- http://debian.saltstack.com/debian-salt-team-joehealy.gpg.key | apt-key add -"
08:44 favadi joined #salt
08:44 saltyswede salt '*' cmd.run "echo deb http://debian.saltstack.com/debian wheezy-saltstack main\n" >  /etc/apt/sources.list.d/saltstack.list"\n"
08:45 saltyswede The reason I need to add the saltrepo is because the salt-version i the debianrepo is too old. 14.8 I think
08:46 opdude joined #salt
08:47 saltyswede Is there an module for "installing" new repositorys in saltstack?
08:48 favadi joined #salt
08:50 deniszh joined #salt
08:50 saltyswede From Salt 14.8
08:51 AndreasLutro (["Too many functions declared in state 'local' in SLS u'/var/cache/salt/master/files/base/salt/reactors/on_connect.sls'"]) in one or more of the sls files (['salt://salt/reactors/on_connect.sls'])
08:51 AndreasLutro anyone had this error?
08:52 zer0def joined #salt
08:54 jack__ joined #salt
08:59 chiui joined #salt
09:00 stooj joined #salt
09:01 s_kunk joined #salt
09:01 s_kunk joined #salt
09:02 lovecraftian left #salt
09:06 jack__ joined #salt
09:09 yomilk joined #salt
09:10 favadi joined #salt
09:10 LondonAppDev joined #salt
09:11 Rumbles joined #salt
09:12 keimlink joined #salt
09:13 kevc joined #salt
09:15 brianfeister joined #salt
09:16 kevc is there a way to define grains in top.sls, rather than having to specify in /etc/salt/grains on each node?
09:17 rotbeard joined #salt
09:20 AndreasLutro kevc: if you want to do that sort of thing you may as well use pillars
09:25 GreatSnoopy joined #salt
09:26 yomilk joined #salt
09:30 An_T_oine joined #salt
09:32 babilen +1
09:33 permalac joined #salt
09:35 babilen saltyswede: pkgrepo.managed -- https://docs.saltstack.com/en/latest/ref/states/all/salt.states.pkgrepo.html
09:35 babilen saltyswede: And you could use https://github.com/saltstack-formulas/salt-formula
09:36 losh joined #salt
09:36 saltyswede thanks babilen, But that doesnt seems to work with my minions? They have version 14.8 and I think state.pkgrepo was introduced in 15.3?
09:38 brianfeister joined #salt
09:39 babilen How do you install salt-minion in the first place?
09:40 babilen bbl
09:40 jack__ joined #salt
09:42 kevc AndreasLutro: thanks, I'll do that
09:42 babilen Well, your options are: 1. Add the repository before you install salt-minion (cf. https://docs.saltstack.com/en/latest/topics/installation/debian.html) 2. Use the bootstrap script during instance installation (depends on how you install your instances, might want to look into salt-cloud) 3. Use salt-ssh to run the salt.minion state with suitable pillars on your new minions
09:42 babilen (there are many other options, but those might be suitable for you)
09:45 kevc are there are clear guides on the concepts of grains, pillars, states and best practices for usage? Other than saltstack.com, obviously
09:46 kevc like, in the pillar tutorial, the pillar formula is reading from grains to set a variable that's used in the state
09:46 kevc and I've no idea why you wouldn't just do that in the state itself
09:46 blckbit10 joined #salt
09:47 kevc seems to suffer from TMTOWTDI
09:49 saffe joined #salt
09:52 iamtew joined #salt
09:52 LondonAppDev joined #salt
09:54 elsmo joined #salt
09:59 shoemonkey joined #salt
10:03 AndreasLutro kevc: the reason is, you may want to overwrite the pillar variable on particular hosts without reading from the grains
10:03 AndreasLutro I'm not aware of any guides that go into this in depth
10:04 yomilk joined #salt
10:11 zerthimon joined #salt
10:12 stbenjam Any chance someone knows what the minimum permissions requred are to access the /stats api?
10:13 jack__ joined #salt
10:18 slav0nic joined #salt
10:22 Rumbles joined #salt
10:23 Qlawy left #salt
10:24 izrail joined #salt
10:25 giantlock joined #salt
10:30 amcorreia joined #salt
10:37 N-Mi joined #salt
10:38 Fracklen joined #salt
10:43 Score_Under Does anyone know how I can sign a public key using salt? Essentially I want to generate a key on the minion, send it up to the master for signing (& checking that it corresponds to the minion_id), then sending the signature back down to the minion. I'm pretty sure I can do most of it, it's just sending the key to the master and executing the script that's going to check and sign it which I'm not sure abo
10:43 Score_Under ut
10:47 yomilk joined #salt
10:48 RobertChen117 joined #salt
10:56 iceyao joined #salt
10:59 duncanmv joined #salt
10:59 duncanmv hi
10:59 duncanmv is there a way to specifiy the nodegroups outside of the master configuration file?
11:01 rdas joined #salt
11:02 jack__ joined #salt
11:05 masterkorp hello
11:09 masterkorp Can I join some elements of an a group of objetcs on the same line ?
11:09 masterkorp i'd like to template sub elements of an objects
11:13 jack__ joined #salt
11:18 Score_Under duncanmv: if you're using reclass, you can do it with reclass classes: http://reclass.pantsfullofunix.net/salt.html#integration-with-salt
11:19 Score_Under though I don't have much experience with salt without reclass
11:19 RobertChen117 A:
11:19 RobertChen117 onchanges_in:
11:19 RobertChen117 B:
11:19 RobertChen117 C:
11:19 RobertChen117 D:
11:19 RobertChen117 E:
11:19 RobertChen117 If resource A is changing, the execution order is not A->B->C -> D->E, sometimes it is A -> D->E -> B->C.
11:19 RobertChen117 I want  A->B->C -> D->E. How can I get it?
11:20 Score_Under masterkorp: what do you mean by "join", "group", "objects", "sub elements" here?
11:21 Score_Under RobertChen117: Would it be fair to just make D and E require C, if they need to be executed in that order?
11:21 masterkorp Score_Under: well i have a list of users with the name as the object and all of them have the a common id fiels
11:21 masterkorp *field
11:21 rdas joined #salt
11:22 Score_Under masterkorp: so do you want to take a list of user objects (with a .id attribute) and join all those IDs into one line
11:22 masterkorp yeah
11:22 RobertChen117 Score_under, probably no. B and C only runs if A is changing
11:23 bhosmer joined #salt
11:23 masterkorp i am tyring {{ object|join(',', attribute='id') }}
11:23 masterkorp but jinja says no atrribute id is found
11:23 Score_Under masterkorp: I'd probably do something like {{ " ".join(user.id for user in list_of_users) }}
11:23 Score_Under ah
11:23 duncanmv Score_Under: I will look at it
11:24 masterkorp Score_Under: hmm, let me try that
11:24 tonthon joined #salt
11:24 Score_Under in that case I'd check 2 things: 1. Is it actually ['id'] rather than .id?, 2. are there any other objects mixed in the list, like None?
11:24 duncanmv Score_Under: does reclass classes generate groups via ext_pillar?
11:24 fhh joined #salt
11:24 jfroche joined #salt
11:24 Sacro joined #salt
11:25 Score_Under duncanmv: I think so. reclass is used in ext_pillar and then you use the classes as specified in that document
11:26 masterkorp Score_Under: thanks|
11:26 Score_Under RobertChen117: if that's the case the best I've got is the "order" parameter. I've had a similar issue and that's the most satisfactory solution I found to it
11:26 Score_Under https://docs.saltstack.com/en/latest/ref/states/ordering.html
11:27 RobertChen117 But B and C maybe not running if A is not changing, can I add order under B and C ?
11:28 xMopxShell joined #salt
11:28 Score_Under RobertChen117: I'd add an order to "A", "B", and "C" (just an order of 1 for all of them)
11:29 Score_Under having any 'order' value automatically puts it before other things in the state, and the onchanges_in will implicitly order B and C to come after A
11:29 Score_Under though you might get A, C, B
11:29 Score_Under (I'm assuming that's OK)
11:29 masterkorp Score_Under: is that join syntax correct?
11:30 jack__ joined #salt
11:30 Score_Under masterkorp: as far as I'm aware, for jinja2
11:31 stooj joined #salt
11:32 Score_Under masterkorp: ah perhaps I'm wrong
11:32 Score_Under looking in my salt repos I've got no joins inside sls files anyway
11:33 masterkorp Score_Under: also shouldn't i use iteritems?
11:34 denys joined #salt
11:34 Score_Under masterkorp: if it's a dictionary rather than a list yes
11:34 basepi joined #salt
11:34 Score_Under also assuming you're on python 2
11:35 Score_Under now that I look I can't seem to find an equivalent syntax to that generator comprehension in jinja. there's map ( http://jinja.pocoo.org/docs/dev/templates/#map ) but the machines I've tested on don't have that function
11:35 Score_Under usually at this point I'd switch to mako to avoid the hassle of jumping through jinja's hoops, but I'm biased there because I know mako better
11:37 Horgix joined #salt
11:37 AndreasLutro I'm more familiar with jinja and still prefer mako
11:38 stooj joined #salt
11:41 malinoff joined #salt
11:42 malinoff joined #salt
11:42 CeBe joined #salt
11:43 rawzone joined #salt
11:43 colegatron_origi joined #salt
11:43 jack__ joined #salt
11:55 rdas joined #salt
12:00 shoemonkey joined #salt
12:01 rawzone joined #salt
12:10 masterkorp Score_Under: i cannot also use map function
12:10 masterkorp i think i will be dirty and do a for and make a string
12:10 Score_Under masterkorp: I think that may be the only sensible way.
12:11 evle1 joined #salt
12:12 imanc how do I do a requisite with a directory?    require:  \n - directory: /asdf/   doesn't work
12:18 vm joined #salt
12:18 saltyswede babilen, I guess I have do manually remove salt and add the repo then
12:18 Score_Under imanc: you need to target the state ID of that directory
12:19 Score_Under imanc: if you don't have one you'll need to create a state for it ("file.directory"?) and then require "file: whatever-you-called-it"
12:20 Score_Under also I'm having a strange issue with salt that I've had for some time now... http://paste.pound-python.org/show/94CRn6FSFh0T5LUGI9nC/
12:20 Score_Under seems it thinks everything's returned when most of them haven't
12:20 Score_Under I'd like it to report when it fails to contact a minion but it never does
12:21 Score_Under that is, never reports it. It definitely fails, and that can be seen with "salt \* test.ping"
12:22 babilen saltyswede: Just add the new repository and update
12:29 vm Hi all! I'm a bit confused with salt supervisord state reload and update options (in addition to supervisord autostart and autorestart). Here is my example configuration https://gist.github.com/muravitskiy/c6101ca042d224c035ac and https://gist.github.com/muravitskiy/d078da8b371670b37034
12:30 treaki_ joined #salt
12:32 vm Actual problem: when autostart=True and my service is disabled via pillar, but in addition there was changes in myservice.supervisor.conf => servise is started again
12:36 vm Maybe I should fix my state and remove myservice.supervisor.conf if service should be disabled?
12:38 Score_Under vm: the service isn't watching anything if the config is disabled
12:38 Score_Under so my best guess is that it was enabled
12:38 robbbb joined #salt
12:38 Score_Under in your state output, does it show "myservice.supervisor" as "supervisord.running" or "supervisord.dead"?
12:38 Score_Under because if it shows the first you know that it's taking the first branch (i.e. enabled)
12:39 vm Score_Under: "supervisord.dead"
12:39 Score_Under vm: and then later what did it restart it with?
12:40 jxm_ joined #salt
12:40 Score_Under or did it restart in that same stat?
12:40 Score_Under state*
12:40 vm I'll doublecheck first
12:45 pwalsh joined #salt
12:47 blckbit10 joined #salt
12:49 morissette joined #salt
12:51 slav0nic joined #salt
12:57 quasiben joined #salt
12:58 vm Score_Under: state is supervisord.dead but if any changes occurs in supervisor config file - service starts
13:01 Score_Under vm: and there's no watch/watch_in associated?
13:02 yomilk joined #salt
13:05 akhter joined #salt
13:06 vm I'll check again, but probably no (as I post in my gist)
13:06 akhter joined #salt
13:09 malinoff joined #salt
13:10 subsignal joined #salt
13:11 deniszh joined #salt
13:11 KennethWilke joined #salt
13:11 bhosmer joined #salt
13:12 johnf1911 joined #salt
13:14 DammitJim joined #salt
13:15 akhter joined #salt
13:18 giantlock joined #salt
13:18 vm Score_Under: So whats I've currently found
13:19 vm I have e.g 5 similar services
13:20 AirOnSkin Hey guys. Can I use the 'onchanges' requisite with services so that the service will restart when a file changes?
13:21 vm if I enable any service with supervisord.running - all services with autostart=True in supervisor config starting
13:21 shoemonkey joined #salt
13:24 AirOnSkin I'm using 2015.8.3 btw
13:25 vm Score_Under: maybe I should pass conf_file to supervisord.running because my services all described in different files in /etc/supervisord/conf.d/*
13:28 malinoff_ joined #salt
13:29 Score_Under vm: conf_file is for if you're using a state module called conf_file, so I'm not sure how that would apply with your current setup
13:29 Score_Under vm: though, since you're templating either one or the other, there will be no "supervisord.running" at all if there is a "supervisord.dead"
13:30 Score_Under vm: so if you see a "supervisord.running", that is coming from somewhere outside of the "myservice.sls"
13:32 pwalsh joined #salt
13:33 vm Score_Under: I see supervisord.dead in service1, but if I enable service2 with same config - I see "dead" for service1 but it starts with service2 when autostart=True
13:37 shoemonkey joined #salt
13:42 akhter joined #salt
13:43 Score_Under all I can think of is perhaps one is a dependency of the other in supervisord
13:43 Score_Under other than that I'm out of ideas
13:44 edrocks joined #salt
13:49 bmcorser joined #salt
13:50 gh34 joined #salt
13:51 vm Score_Under: maybe i misunderstood update option? why update is called each time? https://github.com/saltstack/salt/blob/v2015.8.3/salt/states/supervisord.py#L172
13:53 StogblenToast I'm having trouble with this formula and using pillar data to generate the config https://github.com/saltstack-formulas/ntp-formula
13:54 StogblenToast the description says that the ntp.ng state will automagically configure the ntp.conf file based on fields in my pillar, which should be in place
13:54 StogblenToast but all I get is the default example file, and I'm not sure where it comes from
13:55 indispeq joined #salt
13:55 StogblenToast I don't want to edit the formula too much because I shouldn't have to, right?  The formula should be an ez drop-in
13:57 subsignal joined #salt
13:59 lompik joined #salt
14:04 johnf1911 hey
14:04 johnf1911 recently learned a bit about salt at SCALE
14:04 johnf1911 I'm interested in managing some Cisco devices, IOS based routers and switches
14:04 johnf1911 non NX-OS
14:04 johnf1911 anyone got any pointers to articles that talk about the subject?
14:06 XenophonF huh, that'd be interesting
14:06 bhosmer_ joined #salt
14:07 shoemonkey joined #salt
14:08 babilen johnf1911: Look into "proxy minions"
14:09 jettero left #salt
14:09 xf10e joined #salt
14:09 XenophonF https://docs.saltstack.com/en/latest/topics/proxyminion/index.html
14:09 XenophonF that looks pretty cool!
14:10 xf10e hi *
14:10 XenophonF we have a bunch of cisco ios stuff - never imagined that we'd be able to manage those devices like our other stuff
14:11 johnf1911 babilen: yeah, I've heard about that part of it
14:11 johnf1911 I've never touched salt before though
14:12 johnf1911 hmm, ok, this seems promising
14:12 babilen Good, we don't use it so I can't really tell you much about it, but I wanted to mention the "buzzword"
14:12 shoemonkey joined #salt
14:12 johnf1911 lol
14:13 xf10e anyone seeing issues in 2015.8 with `salt $MINION pillar.get path:to:key None` behaving differently than `__salt__['pillar.get']('path:to:key', None)`?
14:13 xf10e looks like it broke check_pillar() in states/test.py :(
14:15 xf10e (the later one being code used in said state-module, obvsly)
14:15 numkem joined #salt
14:20 giantlock joined #salt
14:21 pwalsh joined #salt
14:26 diegows joined #salt
14:27 cpowell joined #salt
14:31 * xf10e tests this on a ubuntu installation not tainted by openstack...
14:32 johnf1911 lol
14:32 blckbit10 joined #salt
14:38 shoemonkey joined #salt
14:39 colegatron_origi joined #salt
14:40 racooper joined #salt
14:40 _JZ_ joined #salt
14:41 Tanta joined #salt
14:41 jack__ joined #salt
14:44 pwalsh joined #salt
14:48 catpig joined #salt
14:50 cpowell joined #salt
14:51 mpanetta joined #salt
14:53 robbbb joined #salt
14:53 Tyrm joined #salt
14:54 Tyrm joined #salt
14:55 pwalsh joined #salt
15:00 spiette joined #salt
15:00 bhosmer_ joined #salt
15:00 mapu joined #salt
15:02 zulgabis joined #salt
15:05 AdamSewe_ joined #salt
15:06 jack__ joined #salt
15:06 AdamSewell joined #salt
15:07 deniszh joined #salt
15:07 andrew_v joined #salt
15:10 amcorreia joined #salt
15:10 AdamSewell I've started having a lot of issues with my Salt Master (2015.8.3) and getting the error "Salt request timed out. the master is not responding... worker threads may need to be increased". I've increased the threads from 5 to 30 and still having the issue. The minions are Windows boxes running (2015.8.3) and are off site. This is all of sudden but has lasted for about a week now. Does anyone have any ideas?
15:10 Brew joined #salt
15:11 zmalone joined #salt
15:13 malinoff joined #salt
15:14 malinoff joined #salt
15:15 malinoff joined #salt
15:15 malinoff joined #salt
15:18 catpig joined #salt
15:21 An_T_oine joined #salt
15:22 Rumbles joined #salt
15:23 jack__ joined #salt
15:24 sjmh joined #salt
15:26 An__T__oine joined #salt
15:27 blckbit10 joined #salt
15:28 yomilk joined #salt
15:31 DanyC joined #salt
15:34 andrew_v_ joined #salt
15:34 izrail joined #salt
15:37 akhter joined #salt
15:38 pf_moore joined #salt
15:41 Hydrosine joined #salt
15:44 izrail joined #salt
15:44 DaveB joined #salt
15:47 xf10e AdamSewell: haven't seen s/t like this but I neither have windows minions nor a 2015.8-master
15:51 [7hunderbird] joined #salt
15:53 CheKoLyN joined #salt
15:54 bronz joined #salt
15:56 jack__ joined #salt
15:58 RandyT joined #salt
15:58 RandyT joined #salt
15:59 pcn AdamSewell: have you checked dmesg on the saltmaster?  I get memory pressure when I have the API + master running, and have started cgroup'ing them so they fail before thrashing.
15:59 kermit joined #salt
15:59 AdamSewell pcn, i've not, let me check that
16:01 DanyC anyone knows in sls file i can clear/ reset a jinja list ? i am doing {%- do user_found.append(user) %} this and i need to clear it before a new for loop iterator starts
16:02 babilen DanyC: set foo = [] ?
16:02 xf10e {% do user_found = [] %} ?
16:02 xf10e babilen: set won't work, normal jinja doesn't allow changing already set variables ;)
16:02 babilen pesky, then do the do
16:03 pwalsh joined #salt
16:03 xf10e say, did pillar suddenly get saltenv aware in 2015.8?
16:04 davisj joined #salt
16:04 DanyC babilen: xf10e thank you !! i'm doing this http://hastebin.com/bufudihuwa.coffee to restrict user access and so i will try to add the do bit at the end of the for loop
16:05 Ch3LL joined #salt
16:07 DanyC xf10e: i've added {% do user_found = [] %} right before line # 82 and now i got Jinja syntax error: expected token 'block_end', got '='
16:07 DanyC xf10e: does it really need to be in an IF block ?
16:11 xf10e DanyC: you know, some indention would make this way more readable ;)
16:12 pcn Aha, found it.  The readthedocs link to the older salt-cloud keeps turning up, I was having a hard time finding the right docs.
16:15 Hydrosine joined #salt
16:15 jfindlay man, why are those readthedocs still there
16:17 pwalsh joined #salt
16:17 jack__ joined #salt
16:22 dfinn joined #salt
16:22 DanyC xf10e: on which part? i thought all it was indented okay-ish :)
16:24 darix joined #salt
16:24 Riz joined #salt
16:24 mschiff joined #salt
16:24 mschiff joined #salt
16:25 xf10e the jinja-part. with whitespace elemination it's not relevant anyway
16:26 Jarus joined #salt
16:26 xf10e DanyC: like this: http://hastebin.com/qojalosawu.coffee
16:27 xf10e but I would say use the users-formula and just bring your pillar-data in the right structure
16:27 DanyC xf10e: i can't open as we got an Application error ;) you killed hastebin :))
16:28 jesusaurus joined #salt
16:28 DanyC xf10e: i look into that as next iteration for now i need to get this out of the door soon
16:28 DanyC xf10e: now it works, going through
16:28 hasues joined #salt
16:28 babilen I second the suggestion to just use the users-formula and target users you want on a system to only those systems
16:29 JDiPierro joined #salt
16:30 CrummyGummy joined #salt
16:30 DanyC babilen: sure, agree with both of you and will look at very soon
16:30 xf10e yeah, you can do nice things with reading user details from yaml files so you can just enter a list of them to include in the minions pillar
16:32 xf10e OK, back to pillar.get and saltenvs: I can use a test.check_pillar state w/o specifying a saltenv, but when I do the state fails https://gist.github.com/0xf10e/4fe9e5eec65bb5f992dd
16:35 xf10e will anyone here be at FOSDEM this weekend?
16:36 DanyC xf10e: not me ;)
16:39 xf10e DanyC: too bad, could show you some nice things with importing data from yaml and jinja-macros to get e/t in the right format for the users-formula ;)
16:40 DanyC xf10e: you know i'd damn love it. You could put it on your gist account ? (already following you :) )
16:41 xf10e DanyC: hehe. yeah I should. but need to do some generalization and write bogus data and stuff ;)
16:41 jack__ joined #salt
16:42 DanyC xf10e: sure i understand, only if time allows you ;)
16:42 AdamSewell joined #salt
16:43 mohae_ joined #salt
16:45 jcockhren hey, is the call for saltconf speakers still open?
16:46 jfindlay jcockhren: I don't think so, but I can ask for you
16:47 pwalsh joined #salt
16:47 zsoftich1 joined #salt
16:48 jcockhren jfindlay: thanks!
16:48 pwalsh joined #salt
16:48 iceyao joined #salt
16:49 baweaver joined #salt
16:53 xf10e there has to be s/t broken on ubuntu....
16:53 MeltedLux joined #salt
16:54 wangofett joined #salt
16:54 jack__ joined #salt
16:54 iceyao joined #salt
16:57 jfindlay jcockhren: it looks like the call for speakers is closed.  We had way more submissions than slots and are still working out the tracks
16:58 jcockhren jfindlay: aw. ok. can I submit for 2017? ;) I'm only half joking.
17:00 jcockhren b/c I'm always too far out my mind in the Q4 to think about Q2 of the next year.
17:00 jfindlay jcockhren: I don't think Rhett is even thinking about 2017 yet considering how busy he currently is, but definitely remember to submit for 2017 :-)
17:00 Tyrm joined #salt
17:02 yomilk joined #salt
17:03 Topic for #salt is now Welcome to #salt! | Latest Version: 2015.8.3 | Register for SaltConf16: http://saltconf.com/register/ | Paid support available for open source Salt! https://www.saltstack.com/support/ | Logs: http://irclog.perlgeek.de/salt/ | Paste: https://gist.github.com/ (please don't multiline paste into channel) | Ask with patience as we are volunteers and may not have immediate answers
17:03 Bryson joined #salt
17:03 Tyrm_ joined #salt
17:07 jack__ joined #salt
17:09 andrew_v joined #salt
17:10 chingadero joined #salt
17:13 chingadero Is it possible view a jinja rendered state? I'd like to see the state file being processed by the minion.
17:15 pwalsh joined #salt
17:15 netcho joined #salt
17:15 xf10e chingadero: `salt $MINION state.show_sls mystate`
17:15 xf10e that's not exactly the jinja rendered version but the data read from the result, but it's close
17:16 djgerm left #salt
17:17 tligda joined #salt
17:20 baweaver joined #salt
17:20 jack__ joined #salt
17:21 kawa2014 joined #salt
17:22 sjmh joined #salt
17:22 xf10e bye *
17:24 Pixionus joined #salt
17:24 Pixionus joined #salt
17:25 impi joined #salt
17:26 chingadero https://github.com/saltstack-formulas/opendkim-formula/blob/master/opendkim/key.sls line 61 is throwing: Rendering SLS 'base:opendkim.key' failed: Jinja error: need more than 1 value to unpack
17:26 LondonAppDev on states.service.running reload: True should force the service to restart each time it's ran run?
17:26 chingadero nm, figured it out
17:28 chingadero https://github.com/saltstack-formulas/opendkim-formula/blob/master/pillar.example line 5doesn't contain the type
17:29 chingadero It doesn't look like it's being used, am I overlooking something?
17:38 onlyanegg joined #salt
17:39 jack__ joined #salt
17:42 writtenoff joined #salt
17:44 blckbit10 joined #salt
17:46 oraqol joined #salt
17:46 akhter joined #salt
17:49 oraqol Hello all, running salt-master 2015.5.3 (Lithium) on ubuntu 14.04, and salt-minions running on 0.17.5.  Tried updating both master and minions, but apt says they're on the latest version.  A handful of minions are returning the following error and exiting when started.   http://pastebin.com/Sj4SwqNB  Any help would be greatly appreciated.
17:50 zmalone sounds like you are on the ppa for some hosts, and on the default ubuntu packages on others
17:50 zmalone you need to remove the salt ppa and add the current repo at https://repo.saltstack.com/#ubuntu to all hosts
17:50 zmalone the ppa is deprecated
17:50 zmalone (for oraqol)
17:50 WildPikachu joined #salt
17:51 zmalone the default ubuntu package is 0.17, and the most recent ppa package was 2015.5.3
17:51 WildPikachu Hi guys, is there a page that I can reference to check if a logical and exists for an IF statement?
17:52 chingadero left #salt
17:52 babilen WildPikachu: For jinja?
17:52 jack__ joined #salt
17:52 babilen And yes, there is
17:52 WildPikachu well, I am trying to do it in one of my sls files, if a few grains exist
17:53 WildPikachu I  tried && but I doubt thats right
17:53 babilen http://jinja.pocoo.org/docs/dev/templates/ might be what you are looking for .. but then I have slight problems parsing your question
17:54 WildPikachu {% if grains['aaaa'] && grains['abbb'] && grains['ccc'] %}  <= that is what I am doing :)
17:56 * WildPikachu does a s/&&/and/ :G
17:56 oraqol ok thank you zmalone, which version should I be running on production boxes?
17:57 nidr0x joined #salt
17:57 zmalone Both 2015.5 and 2015.8 are "stable", and are pretty close.  I'd probably go with the "latest" repo and get 2015.8 out of it, but you may want to go with 2015.5 if you are using a lot of different salt features, there can be bugs between releases
17:58 saffe joined #salt
17:59 babilen WildPikachu: That looks like grain abuse, but it would be the correct way to express those conditionals
17:59 babilen You might want to consider simply targeting appropriate states based on grains
17:59 WildPikachu babilen, I just saw there is a   "is defined" too, should I switch to that?
18:00 oraqol ok, thank you zmalone
18:00 babilen Could you give an actual example of what you are doing on http://refheap.com, http://paste.debian.net, https://gist.github.com, http://sprunge.us, … ? Grains you work with should normally be defined, so I am not sure in which cases "is defined" helps.
18:01 oraqol left #salt
18:02 WildPikachu babilen, I have a few grains set for 3 hostnames for a service to connect to, only if all 3 are defined should they be added to the config file
18:02 WildPikachu but I should probably target
18:03 babilen Why don't you pass in that data via pillars?
18:03 WildPikachu its different per server
18:03 babilen (or the mine if they pertain to other minions?)
18:03 babilen Pillars are specific to each minion
18:04 Tyrm joined #salt
18:04 WildPikachu babilen, pillars are defined server-side right? on the salt master?
18:04 wangofett Hm.... does Salt have any kind of support for installing go packages, i.e. with `go get`?
18:04 ageorgop joined #salt
18:04 Tyrm_ joined #salt
18:04 * wangofett is trying to install MailHog via salt, but hasn't found a formula for it
18:05 babilen WildPikachu: They are
18:05 WildPikachu babilen, the staff I have setting up machines don't have access to the master :), they just populate a bunch of grains
18:06 babilen They don't need access to the master .. you could just let them push into a git repository that is being read by the salt master or reference a database via external pillar
18:07 jack__ joined #salt
18:07 WildPikachu atm I do not trust anyone to access or change any of the salt master states I've setup or even add data to pillars
18:07 WildPikachu I understand the usefulness of pillars, but this is easiest atm :)
18:07 babilen You can't trust grains either (as the minion can report whatever it wants)
18:07 WildPikachu 3 commands, and state.highstate, bam
18:08 babilen I don't quite follow how letting random people introduce local state is easier than doing this in a peer reviewed way via pillars, but that's okay I guess
18:08 WildPikachu poeple are dumb, some don't know how to use git
18:09 WildPikachu having a monkey type in 3 commands is really easy
18:09 WildPikachu having them now have to checkout and push into git .... makes my life harder when they fuck it up and I must keep rejecting commits because they're wrong
18:10 WildPikachu I literally have.... "Run *THIS* command"    ,  "Run *THAT* command"
18:10 babilen Soon, but salt is very much about not letting people work like monkeys. Soon you might want to change those grains or even roll them out automatically.. Which brings you right back to pillars.
18:10 WildPikachu yep, and when the time comes when its easier, sure
18:11 cheus joined #salt
18:11 babilen But then you'll be so invested into grains and depend on all that local state ... ;)
18:12 WildPikachu then I can only hope one day I deal with non-monkeys hey
18:12 grumm_servire joined #salt
18:13 babilen Anyway, there is little merit in discussing this in such a generic way. Depending on what you express with those grains there are probably various sensible ways to deal with that information of which pillars are only the most obvious.
18:14 babilen It's just that I have the feeling as if you will create quite a headache for yourself in the future as you have all that unmanaged local state that drives the way in which you configure your boxes
18:15 babilen The "react to what the box is doing" rather then "tell the box what it should be doing" problem
18:15 WildPikachu I totally understand your view, but I unfortunately have limiting factors :)
18:15 babilen sure
18:15 babilen Rock on! :)
18:15 WildPikachu salt gives me the power to make bad decisions to solve my time problem :D
18:15 babilen hehe
18:15 JDiPierro joined #salt
18:18 WildPikachu babilen, you have surely got me thinking :D
18:20 tzero joined #salt
18:22 jack__ joined #salt
18:22 invsblduck joined #salt
18:23 invsblduck hallo.
18:23 invsblduck basepi: correct procedure for me nagging a pr? :-)
18:23 invsblduck https://github.com/saltstack/salt/pull/30660
18:23 saltstackbot [#30660]title: Revert service.mod_watch() bug introduced in Issue 21084 | This reverts commits 61ed479 and dd60432, which blatantly break...
18:24 invsblduck Thanks!
18:24 basepi invsblduck: no need, it's still pretty new. I anticipate I'll review it today with any comments.
18:25 invsblduck basepi: yep--brand-new, buddy.  wasn't sure if I needed to do anything special.
18:26 invsblduck tys.
18:27 RandyT_ joined #salt
18:27 jgarr I think I had this problem before but I can't remember the fix. I have a salt repo mirror which has python-tornado-4.2.1 but when I try to install salt-minion it says it needs 4.2.1 and doesn't see it in the repo. Is that supposed to come from somewhere else? (epel maybe?)
18:28 norii anyone using the stateconf renderer here? should i be using it? trying to wrap my head around it
18:29 jgarr look like only version 2.2.1-8.el7 is found via yum...odd
18:30 RandyT joined #salt
18:32 blckbit10 joined #salt
18:32 onlyanegg joined #salt
18:33 jgarr oh, just realized the package I have is .src. I guess my repo sync is broken
18:33 ageorgop joined #salt
18:34 jack__ joined #salt
18:36 nZac joined #salt
18:37 JDiPierro joined #salt
18:37 Edgan joined #salt
18:42 Rumbles joined #salt
18:47 nZac joined #salt
18:47 aw110f joined #salt
18:48 nZac joined #salt
18:54 onlyanegg joined #salt
18:57 Tyrm joined #salt
18:58 wangofett question - is there a way to do a sort of... dry-run? More accurately, my colleague and I are wondering what's the best way to ensure that dev pillars and prod pillars stay in sync
18:58 wangofett at some point a human has to be involved there
18:59 deniszh joined #salt
18:59 babilen Are you thinking of "test=True" ?
18:59 Tyrm_ joined #salt
19:00 robertsonai joined #salt
19:01 babilen If you want them to be in sync then why differentiate in the first place? Isn't the whole point of having a "dev" environment to allow for pillars/states/anything to *not* be in sync temporarily so that you can test things?
19:02 wangofett well, more accuratly, ensuring changes that *have* been tested get propigated
19:04 wangofett e.g. we add some pillar in dev
19:04 wangofett well, now it's production time and we run state.apply or highstate and *whoops* that pillar doesn't exist
19:05 wangofett or worse, we changed some previous pillars around and it reports that it worked, but *surprise!* something bad happened (e.g. "debug=True" for a sort of worst-case scenario)
19:05 jfindlay wangofett: can you just check pillar.items?
19:06 wangofett Hm... That's a good idea - compare the output of pillar.items on prod and dev?
19:06 wangofett I like that.
19:07 mpanetta joined #salt
19:08 giantlock joined #salt
19:08 jack__ joined #salt
19:09 Tyrm joined #salt
19:09 iggy wangofett: test=True is also good for a human readable type output
19:09 Tyrm joined #salt
19:10 iggy wangofett: you could also diff the output from show_highstate, show_low, etc...
19:10 Rumbles joined #salt
19:10 babilen wangofett: Do you have them in different git branches?
19:11 wangofett different repos completely
19:11 wangofett dev secrets available to devs, but prod only to those with prod access
19:11 babilen aye
19:11 babilen Was contemplating if "git diff dev..prod" would be useful
19:12 dlam joined #salt
19:14 wangofett I think the pillar.items with `--out json` may do the trick
19:14 ajw0100 joined #salt
19:14 wangofett I think it would be pretty simple to write a python (or whatever floats one's very small rocks) script to compare the outputs
19:15 wangofett at the very least ensure that the key structure is identical
19:15 wangofett I suspect *most* of the values would be ignored...
19:19 onlyanegg joined #salt
19:21 Tyrm joined #salt
19:21 aw110f sjmh: thanks for your input on controlling gitfs updates. i want to explore the reactor approach to force master to do salt-run fileserver.update on git changes, how do i still use gitfs on the master but prevent it pull from git on its own.
19:21 akhter joined #salt
19:22 BCsoup joined #salt
19:23 BCsoup Looks like we have run into a memory leak with Salt Beryllium 2015.8.3 - the minions on windows 2012 R2 are running wild and grabbing available ram
19:24 BCsoup anybody see the same?
19:24 Tyrm_ joined #salt
19:26 iggy wangofett: if you are playing with --out json, check out the jq command line util
19:26 sjmh aw110f - i'm not sure you can prevent it from doing the routine syncs - i just know you can force one sooner.
19:27 iggy you can't
19:27 iggy aw110f: it's tied to an internal salt timer which you _really_ don't want to touch
19:27 jack__ joined #salt
19:28 TyrfingM2olnir joined #salt
19:28 babilen iggy: jq is amazing, isn't it?
19:29 iggy yeah, we use it heavily here
19:29 TyrfingM2olnir joined #salt
19:29 iggy <3 murrdoc
19:29 iggy who is oddly not in irc today
19:29 elsmo joined #salt
19:29 babilen Why do you ♥ him?
19:29 iggy he showed it to me
19:29 babilen Ah :)
19:30 TyrfingMjolnir joined #salt
19:30 babilen Man .. could have earned a <3 there. Let me mention it in every channel I idle in ...
19:30 iggy and I got pissed at him earlier, so I was trying to also say "we coo"
19:30 iggy his loss
19:33 onlyanegg joined #salt
19:34 aw110f iggy: sjmh: Ability to disable and adjust gitfs from the default 1 minute git pull for use case to pull from git only on commits.  Would you consider that to be a feature request?
19:34 dayid joined #salt
19:34 dayid joined #salt
19:36 iggy sure
19:36 iggy probably a pretty good one
19:36 iggy (we had to stop using gitfs for that reason at $lastjob
19:37 jack__ joined #salt
19:40 fredvd joined #salt
19:40 wangofett oh man, iggy jq looks slick. Haven't touched it, but I'm impressed
19:41 yomilk joined #salt
19:44 onlyanegg joined #salt
19:46 BhavyaM joined #salt
19:47 chitown joined #salt
19:48 munki_ joined #salt
19:49 baweaver joined #salt
19:50 aw110f iggy: thanks. do you have some specifics on the reason you stopped using gitfs? was salt saturating git or something ?
19:51 akhter joined #salt
19:54 sfz- iggy: jq is sweet, thanks!
19:55 frew we are building our system out of composable roles that a server can do, so a pillar contains a roles list taht then you check to do... stuff
19:55 frew anyone have any ideas on how we might make it so that if you check for a role that's not in a given whitelist we error?
19:55 frew only so that we can have a known set of roles
19:57 babilen frew: Generate https://docs.saltstack.com/en/latest/ref/states/all/salt.states.test.html#salt.states.test.fail_with_changes for all roles that have been passed that are *not* in the whitelist would be one approach
19:58 jack__ joined #salt
20:00 frew babilen: yeah that was my first idea
20:00 saywhat joined #salt
20:00 frew I'm ok with it, but it would cause people to run into it later (After writing code) instead of earler (while writing code)
20:04 heaje joined #salt
20:05 heaje joined #salt
20:06 ajw0100 joined #salt
20:07 aw110f_ joined #salt
20:08 babilen frew: They would run into it as soon as they test it in salt. If you want to catch it even earlier you have to integrate some linter into your workflow.
20:08 frew ok
20:08 frew thanks
20:08 frew good enough :)
20:08 sjmh grr.  does pygit2 not work through a http proxy?
20:13 wangofett Oooh, https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.pillar.html#salt.modules.pillar.obfuscate is even better for my purposes
20:13 wangofett proxies make me sad :(
20:14 jaybocc2 joined #salt
20:15 jack__ joined #salt
20:17 iggy aw110f: we had about 15 git repos, and the fileserver update wasn't finishing in the minute between the timer runs
20:21 sjmh wangofett - same.  it's in our lab, which requires a proxy to get to our internal github enterprise setup.
20:21 sjmh but it appears that pygit refuses to use the http.proxy setting from git
20:22 sjmh or the environment.
20:22 sjmh keeps failing, trying to resolve the name by itself.
20:24 sjmh at least, this is the version of pygit that rhel6 installs, which is ancient, of course.
20:25 bhosmer_ joined #salt
20:26 wangofett naturally :P
20:27 wangofett sjmh: can you do a pip.installed for pygit instead? (I have no clue when it comes to pygit - never used it)
20:27 sjmh wangofett - tried - fails on compilation, so working on that now
20:27 jack__ joined #salt
20:28 wangofett sjmh: Something that I do a lot - change the loglevel of the salt minion and go throw an absolute ton of logging in the salt/etc code. Sometimes there's something missing
20:28 sjmh wangofett - yeah, I see on the master config what's wrong - pygit2 keeps trying to resolve the hostname of the repo, which it can't, because it's on the other side of the proxy.
20:28 sjmh er, master log
20:30 wangofett is there a setting in pygit that's supposed to allow/require it to go through the proxy? Or is it the master that's trying to resolve improperly?
20:30 robertsonai joined #salt
20:32 spuder joined #salt
20:34 sjmh wangofett - it's pygit that is failing.  it should use the http.proxy setting in git, or the http_proxy setting from the environment, but uses neither.
20:34 sjmh and looks like pygit2-0.22 and .23 both require py7
20:34 sjmh er, py2.7
20:36 wangofett that in the pygit docs? I know I've ran into a couple of things (forget what they are now, but I think docker-py was one) where a specific version had a differnt API than salt expected... and I think it was a silent difference. debug messages helped there :P
20:37 saywhat Hey guys, I'm trying to get a new saltmaster setup solely using gitfs (so all the state files originate from github). Everytime I try to run a salt '*' state.highstate, it returns the error "Could not find file from saltenv 'base', u'salt://top.sls" from the minion. From the master, it's the same deal, "no top file".
20:38 saywhat Pretty sure I have all the configuration setup right in /etc/salt/master with my repo at https://github.com/toanctruong/saltsample.git
20:39 yomilk joined #salt
20:40 GreatSnoopy joined #salt
20:42 ajw0100 joined #salt
20:43 colegatron_origi joined #salt
20:45 drawsmcgraw saywhat: Are you able to post your configs for the GitFS backend?
20:47 * impi is away: I'm not here right now
20:47 jack__ joined #salt
20:49 saywhat drawsmcgraw: Sure thing. I just moved some things around, and made some progress. (moved top.sls into the "base" folder)
20:49 saywhat fileserver_backend:   - git
20:49 saywhat gitfs_provider: pygit2
20:49 iggy saywhat: check master logs, salt-run -l debug fileserver.update, salt-call cp.list* output
20:49 drawsmcgraw saywhat: Can you use dpaste or a similar service?
20:49 drawsmcgraw also what iggy said
20:50 baweaver joined #salt
20:52 saywhat Will do, I may have just figured it out though
20:53 federicob joined #salt
20:56 Xmonk8989 joined #salt
20:56 dlam joined #salt
20:57 Xmonk8989 Hi all. Can anyone offer any advice on splitting up pillars/states into separate git repositories - or is it a waste of time. Experience with other deployment tools says to split them up in a very modular fashion.
20:57 jack__ joined #salt
20:58 Xmonk8989 But with the way salt tends to use the structures, it seems that it's not intended as a method of choice.
20:58 Xmonk8989 Curious if anyone has had any insight into the method.
20:59 HardWall joined #salt
21:02 norii Xmonk8989: i think you are looking for the gitfs external pillar and its pretty normal salt implementation afaik
21:05 lumtnman joined #salt
21:05 babilen Xmonk8989: In fact it is pretty common practice to configure access to https://github.com/saltstack-formulas/ via GitFS with one formula per service. You could easily adapt a similar structure to your "formulas" if you like.
21:06 Xmonk8989 norii: Yes. The thing is, is whether having modulated git repos for each "function" (ie: apache, mysql, etc) so that you're able to define in a stack tags and branches for differing environments.
21:06 Xmonk8989 babilen: Yes, and this is the fashion I have known and loved for deployment methods. Not to mention better code, abilities to quickly reference different versions etc.
21:07 akhter joined #salt
21:07 Xmonk8989 babilen: But the question is more "Should" they be constructed this way, or is it superfluous for use in saltstack.
21:08 babilen It is being done and I am happy with it
21:08 iggy test that workflow carefully, different version of salt have wildly different ways of handling the branch <-> env mapping
21:08 babilen Pillars and custom states are where the meat is that binds it together
21:09 babilen And yeah ... I am not fond of the branch <-> env mapping and you might simply use separate masters for your environments. Also make sure to use separate repositorie(s) for your top files.
21:10 Xmonk8989 My methods are to certainly use git in this modular fashion. However there is disagreement with this method, saying it's not how salt should be conducted.
21:10 Xmonk8989 babilen: My usual approach would be using tags. Especially in a team of sysadmins and a team of devs.
21:10 norii Xmonk8989: interesting. i dont have mine salt and pillar repos setup like that atm but its an interesting idea. currently i have seperate branches in my saly and pillar repos that get version tags push upward when i release
21:12 Xmonk8989 hmmm. So, at least the method is certainly being used in some fashion with the mainstream salt guys then? I'll stick to my guns and become a salt master.
21:14 chiui joined #salt
21:15 Rumbles joined #salt
21:15 Xmonk8989 babilen: What, if any, would be the main reason you felt that doing it this way has benefited you the most?
21:16 Xmonk8989 babilen: I assume the ability to quickly pluck different pillars into a new stack quickly and simply. But im curious if you have any interesting use cases :-)
21:18 reillyc joined #salt
21:18 norii yeah all the third party salt forumulas work exactly like you are describing, as per babilen
21:19 norii idk how common it is to setup pillars based on roles like that but if that works best for your shop there is nothing stopping you
21:20 bhosmer_ joined #salt
21:20 keimlink joined #salt
21:22 baweaver joined #salt
21:22 Xmonk8989 Thanks guys - you been very helpful :-)
21:22 kevinquinnyo to troubleshoot something, i need to sleep a few seconds in between each state in an sls -- is this possible?
21:22 gust joined #salt
21:23 Xmonk8989 iggy: Thanks for your input too. I'll keep an eye out for that :-)
21:24 snc joined #salt
21:28 jack__ joined #salt
21:32 ageorgop joined #salt
21:36 saywhat Iggy: So it looks like I'm able to get the "base" aka GitHub Master state working. So now i've created a "dev" branch and I'm back in the same predicament with the "no top file".
21:37 saywhat http://dpaste.com/2QYHD3Q
21:37 saywhat http://dpaste.com/3Z3K00E
21:38 saywhat When I run a highstate saltenv=dev, it looks like the saltmaster is pulling down the correct top.sls with the small changes I made in the dev branch. I've verified this by looking at the /var/cache.
21:41 pfallenop joined #salt
21:42 ajw0100_ joined #salt
21:43 hemphill joined #salt
21:43 baweaver joined #salt
21:43 heaje Is it possible to run an execution module from a salt sls in such a way that a jinja variable can get the output from the execution module?
21:44 pfallenop joined #salt
21:47 WildPikachu babilen, one thing I just did using grains is match all servers connecting to a specific server and change that grain to something else and highstate again, not sure you can do that with pillars? match and remove one item in 1 go?
21:49 jack__ joined #salt
21:49 will__ joined #salt
21:49 hal58th_ joined #salt
21:51 babilen WildPikachu: What is the usecase for that?
21:53 Rumbles joined #salt
21:55 norii that type of behaivor is exactly why i am afraid to use local grains for anything meaningful, or really at all
21:56 norii i want nodes to be externally (read: authoritatively) classified
21:56 babilen exactly
21:56 babilen Grains are good for things that actually reflect local state
21:58 ageorgop joined #salt
22:00 will__ Hi I was wondering if there is an alternative / dev guideline to replace the pam service on the external_auth method. (I'd like not to post any user/password related to system users on /login)
22:01 brianfeister joined #salt
22:01 chiui joined #salt
22:03 jack__ joined #salt
22:06 ageorgop joined #salt
22:06 bmcorser joined #salt
22:10 pfallenop joined #salt
22:11 gust joined #salt
22:14 bhosmer joined #salt
22:15 blckbit10 joined #salt
22:15 cyborg-one joined #salt
22:15 Brew joined #salt
22:16 Tyrm joined #salt
22:16 edrocks joined #salt
22:21 jack__ joined #salt
22:22 dlam hey is there a way to make `salt-call`  always have the `--local` option?  (im running masterless etc etc)
22:22 wangofett Is it possible to do like... `- mode: ug+x` for a file? I don't really care what the *other* permissions are on it, I just want to add executable bits/etc
22:24 Tyrm joined #salt
22:27 sjmh joined #salt
22:30 CeBe joined #salt
22:31 djgerm joined #salt
22:31 zmalone I think I've got a bug fix for https://github.com/saltstack/salt/issues/30685, but it'll wreck things for anyone who is used to the buggy behavior
22:31 saltstackbot [#30685]title: cron.present uses "name" as a default identifier, rather than the state id | https://docs.saltstack.com/en/latest/ref/states/all/salt.states.cron.html states that cron.present should use the state id as the identifying tag, but if the state id does not match the name that is defined, and identifier isn't defined, id is set to be equal to name.  The name is frequently unsuitable for this, as it will change more often then the sta
22:31 zmalone https://github.com/saltstack/salt/blob/develop/salt/states/cron.py#L271 and L351
22:34 jack__ joined #salt
22:35 berserk joined #salt
22:35 baweaver joined #salt
22:36 heaje dlam: I'm pretty sure there's a config option for that in the minion config file
22:36 Brew joined #salt
22:36 Ch3LL dlam: file_client: local
22:36 Ch3LL docs-> https://docs.saltstack.com/en/latest/topics/tutorials/quickstart.html#telling-salt-to-run-masterless
22:37 Tyrm joined #salt
22:39 berto- joined #salt
22:39 Tyrm joined #salt
22:41 MTecknology I wanna go to saltconf :(
22:41 dlam ahhh thanks!!!
22:41 xmj joined #salt
22:41 xmj joined #salt
22:41 Ch3LL dlam: no problem
22:42 dlam ohh its commented out in the default minion config, me lazy no read -_-
22:42 Ch3LL no worries. glad i could help :)
22:43 mosen joined #salt
22:43 zenlot1 joined #salt
22:43 ablemann joined #salt
22:43 tvinson joined #salt
22:43 akhter joined #salt
22:46 jack__ joined #salt
22:54 xmj left #salt
22:54 gust left #salt
22:58 rem5 joined #salt
23:01 creilly joined #salt
23:02 jack__ joined #salt
23:06 pzipoy joined #salt
23:06 creilly hey guys, quick question - how do I pass double quotes on the command line?
23:06 babilen escape them or use outer single quotes
23:06 dlam joined #salt
23:07 creilly I'm looking to update a DNS TXT record - which requires the double quotes - but it seems that salt just replaces them as single quotes
23:08 jfindlay MTecknology: early registration ends on February 5th :-)
23:08 creilly when I tried \"1234dfsd-454\" - when I check the log it shows as single quoted
23:08 bhosmer_ joined #salt
23:09 baweaver joined #salt
23:09 MTecknology jfindlay: I can't afford it this year. Last year I made my employer pay for it. This year I have a new employer.
23:09 pzipoy left #salt
23:09 pzipoy joined #salt
23:10 MTecknology I thought about giving a talk but I knew I wouldn't have time to prepare for it.
23:10 rem5 joined #salt
23:10 creilly I'm using the boto_route53.update_record function, and I think thats why AWS are rejecting the request, due to missing double quotes
23:11 pzipoy left #salt
23:12 jack__ joined #salt
23:15 JDiPierro joined #salt
23:16 ageorgop joined #salt
23:18 jesusaur joined #salt
23:20 jack__ joined #salt
23:32 onlyanegg joined #salt
23:32 zmalone joined #salt
23:34 lompik joined #salt
23:36 teryx510 joined #salt
23:42 om Hi, just a syntax issue here
23:43 om trying to match in unless the windows domain workgroup to a pillar
23:43 om - unless: win_system.get_domain_workgroup === salt['pillar.get']('windows_join_domain:correct_windows_domain:domain')
23:43 om not sure why it fails
23:44 MTecknology I feel like that's missing some {{'s and }}'s
23:44 om I tried that
23:44 MTecknology you tried what?
23:44 om Rendering SLS 'development:windows_join_domain' failed: Jinja syntax error: expected token 'end of print statement', got ':'; line 3
23:45 MTecknology what did your unless line look like before?
23:45 MTecknology actually, it looks like you need {% %}, but I'm not sure if -unless works like that
23:45 om - unless: win_system.get_domain_workgroup === {{ salt['pillar.get']('windows_join_domain:correct_windows_domain:domain') }}
23:46 MTecknology win_system.get_domain_workgroup is a valid command available on the system?
23:46 om yea
23:46 om well, no
23:46 om it's a salt module command
23:46 MTecknology a salt execution module*
23:46 MTecknology that means you need {% %}
23:47 om around the whole thing?
23:47 om - unless: {% win_system.get_domain_workgroup === salt['pillar.get']('windows_join_domain:correct_windows_domain:domain') %}
23:47 MTecknology yup, look into jinja templating to understand when you need {{ }} and {% %}
23:48 MTecknology that looks about right, granted I'm not sure you need === ... I'm not sure I've ever seen that in python
23:48 MTecknology I don't think it does... does it?
23:48 MTecknology isn't that just php?
23:49 om perhaps... :p
23:49 om not sure
23:49 om lol
23:49 om sorry
23:50 om getting same error
23:50 MTecknology k?
23:50 om trying = alone
23:50 * MTecknology sighs
23:50 MTecknology You're just blindly guessing what operator to use
23:51 om I'm not sure the operators even work like that for this statement
23:51 om I just asked for help with syntax
23:52 jack__ joined #salt
23:54 Xmonk8989 Hi there. Forgive me, it's been a long night. So, i'm trying to find the best way to represent a call from top.sls to, for example, nginx. If I create the file, etc it is fine. But instead, I want to use a git repo.
23:54 Xmonk8989 Let's say for argument sake github.com/mystuff/nginx.git
23:54 MTecknology you want to pull states from a git repo?
23:55 Xmonk8989 MTecknology: yes. Pretty much.
23:55 MTecknology look up gitfs_remotes:
23:55 MTecknology and something_backends
23:56 Xmonk8989 I see gitfs_remotes, but that defines (from what I can tell) a whole repo of all states. I want to be able to pluck them from, say, anywhere.
23:56 MTecknology there.. https://docs.saltstack.com/en/latest/topics/tutorials/gitfs.html
23:57 MTecknology If you want to only pull data from the repo (not states), then you can use the git.latest state
23:57 Xmonk8989 MTecknology: Thanks for this. But it seems to confirm my suspicions. If I was to have many repos for a multitude of different things, i'd have to define these here.
23:58 MTecknology yup
23:58 Xmonk8989 And if I wanted to use someone elses repo for a single element (say _just_ the apache forulae) then, i'd have to define their whole repo?
23:59 Xmonk8989 So, I could end up with a list of 20 repos here. Rather than being able to define them as a source specifically in the respective top file or what have you.
23:59 MTecknology I personally strongly discourage just blindly using a formula. If ever I find a useful formula, I strip it down to the bare essentials and suck it into my own structure
23:59 MTecknology that way everything is consistent, I understand what's going on, and there's no extra cruft for trying to handle all sorts of different environments.
23:59 Xmonk8989 Sure. But again, this means having one giant structure of your own. Rather than breaking down into nice managable parts.

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary