Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2016-02-08

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:02 bhosmer joined #salt
00:02 brianfeister joined #salt
00:12 akhter joined #salt
00:14 joe_n joined #salt
00:16 djgerm joined #salt
00:17 djgerm Does anybody use a DDI (IPAM) solution along side salt stack (such that salt stack is managing inventory based on minions/staes/mines etc)?
00:22 morissette joined #salt
00:29 scarcry_ joined #salt
00:30 rem5_ joined #salt
00:34 tracphil joined #salt
00:47 hasues joined #salt
00:47 hasues left #salt
00:53 digitalhero joined #salt
00:56 bhosmer joined #salt
00:57 totzky joined #salt
01:02 jack_ joined #salt
01:06 krymzon joined #salt
01:10 abednarik joined #salt
01:26 antpa joined #salt
01:49 jack_ joined #salt
01:49 mapu joined #salt
01:49 ajw0100 joined #salt
01:50 abednarik joined #salt
01:50 bhosmer joined #salt
01:54 rem5 joined #salt
02:01 jack_ joined #salt
02:02 scoates joined #salt
02:05 edulix joined #salt
02:12 Muchoz joined #salt
02:16 lotek joined #salt
02:17 lotek hi guys, please an info..
02:18 lotek is there a way to use gitfs (to sync the salt-master with a gitHub repo) behind a proxy?
02:24 catpigger joined #salt
02:26 aqua^c joined #salt
02:35 donmichelangelo joined #salt
02:46 bhosmer joined #salt
02:47 ilbot3 joined #salt
02:47 Topic for #salt is now Welcome to #salt! | Latest Version: 2015.8.4 | Register for SaltConf16: http://saltconf.com/register/ | Paid support available for open source Salt! https://www.saltstack.com/support/ | Logs: http://irclog.perlgeek.de/salt/ | Paste: https://gist.github.com/ (please don't multiline paste into channel) | Ask with patience as we are volunteers and may not have immediate answers
02:54 housemouse139 joined #salt
03:03 maxrjr joined #salt
03:04 maxrjr left #salt
03:07 jack_ joined #salt
03:07 joe_n joined #salt
03:19 hightekvagabond joined #salt
03:26 jack_ joined #salt
03:27 djgerm Oh hey! What's the recommend wasy to sync minion keys across multiple masters?
03:28 kermit joined #salt
03:29 hightekvagabond joined #salt
03:39 bhosmer joined #salt
03:40 digitalhero joined #salt
03:40 malinoff joined #salt
03:40 jack_ joined #salt
03:43 akhter joined #salt
04:08 krymzon joined #salt
04:12 treaki joined #salt
04:12 racooper joined #salt
04:14 ramteid joined #salt
04:14 ionjon joined #salt
04:16 ionjon Greetings. I'm looking at https://docs.saltstack.com/en/latest/topics/ssh/roster.html and wondering what the default value of the timeout directive is.
04:17 ionjon Does it just fall through to how ssh is configured on the master?
04:19 subsignal joined #salt
04:30 ruxu joined #salt
04:36 digitalhero joined #salt
04:39 iggy djgerm: there's not really a "recommended" way... whatever works for you... there is a method documented in the docs (iirc)
04:39 bhosmer joined #salt
04:39 iggy lotek: depends on the gitfs backend in use
04:39 rdas joined #salt
04:39 coderMe joined #salt
04:39 rome_390_ joined #salt
04:39 johnf1911 joined #salt
04:39 joe_n joined #salt
04:39 iamtew_ joined #salt
04:40 coderMe joined #salt
04:40 eliasp joined #salt
04:48 ruxu joined #salt
04:50 coderMe joined #salt
04:52 jack__ joined #salt
05:12 ruxu joined #salt
05:22 pwalsh joined #salt
05:27 ramteid joined #salt
05:32 jack__ joined #salt
05:34 joe_n joined #salt
05:41 cangiani joined #salt
05:51 djgerm thanks iggy
05:51 djgerm Does anybody have recommendation for multimaster setup? I was figuring just round robin VIP?
05:51 djgerm any caveats with that?
05:56 coderMe joined #salt
05:57 pppingme joined #salt
05:58 linjan_ joined #salt
05:59 spuder joined #salt
06:00 _beardedeagle joined #salt
06:05 jack__ joined #salt
06:06 totzky joined #salt
06:06 lotek Hi iggy, I was using 'pygit2'. It sounds like salt is not picking up my global env vars for my http/https proxy settings
06:11 brianfeister joined #salt
06:18 krymzon joined #salt
06:19 totzky joined #salt
06:21 pwalsh joined #salt
06:21 bhosmer_ joined #salt
06:34 rdas joined #salt
06:42 rdas joined #salt
06:45 linjan__ joined #salt
06:46 jxm_ joined #salt
06:47 felskrone joined #salt
06:53 cyborg-one joined #salt
06:53 ruxu joined #salt
06:54 digitalhero joined #salt
06:56 aqua^c joined #salt
06:58 CeBe joined #salt
06:59 viq joined #salt
07:01 giantlock joined #salt
07:03 malinoff joined #salt
07:07 AndreasLutro can anyone make sense of this? trying to store some base64 data, where is the null byte coming from? https://bpaste.net/raw/5dafa8e600e7
07:11 colttt joined #salt
07:13 Zachary_DuBois joined #salt
07:16 bhosmer joined #salt
07:19 krymzon joined #salt
07:20 jack__ joined #salt
07:26 Bryson joined #salt
07:31 antpa joined #salt
07:35 LondonAppDev joined #salt
07:36 rdas joined #salt
07:37 impi joined #salt
07:37 ruxu joined #salt
07:53 rdas joined #salt
07:57 rdas joined #salt
07:59 malinoff joined #salt
08:00 brianfeister joined #salt
08:08 AirOnSkin joined #salt
08:09 denys joined #salt
08:10 bhosmer joined #salt
08:10 keimlink joined #salt
08:10 aw110f joined #salt
08:10 KermitTheFragger joined #salt
08:13 aw110f_ joined #salt
08:15 oravirt joined #salt
08:18 slav0nic_ joined #salt
08:19 kawa2014 joined #salt
08:23 brianfeister joined #salt
08:23 digitalhero joined #salt
08:28 edulix joined #salt
08:34 ruxu joined #salt
08:38 dgutu joined #salt
08:40 subsignal joined #salt
08:42 dariusjs joined #salt
08:44 GreatSnoopy joined #salt
08:44 garphy joined #salt
08:45 dkrae joined #salt
08:47 fredvd joined #salt
08:53 amcorreia joined #salt
09:02 neilf__ joined #salt
09:03 duncanmv joined #salt
09:04 bhosmer joined #salt
09:05 s_kunk joined #salt
09:07 Rumbles joined #salt
09:09 geomacy joined #salt
09:11 bdrung_work joined #salt
09:15 rotbeard joined #salt
09:19 krymzon joined #salt
09:25 ruxu joined #salt
09:28 sfxandy joined #salt
09:32 antpa joined #salt
09:35 jack__ joined #salt
09:39 ggoZ joined #salt
09:43 amcorreia joined #salt
09:48 Yoda-BZH joined #salt
09:48 Yoda-BZH joined #salt
09:51 jhauser joined #salt
09:54 keimlink joined #salt
09:58 bhosmer joined #salt
10:07 rominf joined #salt
10:07 totzky joined #salt
10:10 slav0nic joined #salt
10:12 digitalhero joined #salt
10:16 viq AndreasLutro: your editor maybe? DOS line endings?
10:23 atmosx joined #salt
10:31 yuhlw joined #salt
10:35 asoc joined #salt
10:37 cangiani joined #salt
10:40 asoc joined #salt
10:42 giantlock joined #salt
10:44 digitalhero joined #salt
10:52 bhosmer joined #salt
10:53 lothiraldan joined #salt
10:55 digitalhero joined #salt
11:00 malinoff joined #salt
11:00 abednarik joined #salt
11:09 ruxu joined #salt
11:17 geomacy joined #salt
11:20 bluenemo joined #salt
11:27 aqua^c joined #salt
11:30 digitalhero joined #salt
11:39 teryx510 joined #salt
11:39 skrobul joined #salt
11:42 subsignal joined #salt
11:45 jbax joined #salt
11:46 atmosx joined #salt
11:46 bhosmer joined #salt
11:56 giantlock joined #salt
12:01 wych joined #salt
12:10 jack__ joined #salt
12:11 toastedpenguin joined #salt
12:21 digitalhero joined #salt
12:23 evle joined #salt
12:32 denys joined #salt
12:39 ruxu joined #salt
12:45 alex_ joined #salt
12:47 alex_ Hello! Tell me please, how to properly pass variable "group" in construction like this:
12:47 alex_ {% set group = salt['pillar.get']('hostgroup') %}
12:47 alex_ {% for server, addrs in salt['mine.get']('J@hostgroup:group and P@software_flags:assigned_states:*:ntp.client.config', 'network.ip_addrs', expr_form='compound').items() %}
12:48 babilen 'foo%sbar|format(group) or 'foo' ~ group ~ 'bar'
12:50 giantlock joined #salt
12:51 babilen http://jinja.pocoo.org/docs/dev/templates/ is your friend
12:51 teryx510 joined #salt
12:56 babilen alex_: fwiw, your usage of '*' in the context of regular expressions if wrong there (P@) -- You want something like ".*" or ".+" or something more specific
12:56 radhac joined #salt
12:57 jeffspeff joined #salt
12:59 rem5 joined #salt
13:00 PeterO_ joined #salt
13:00 PeterO_ joined #salt
13:01 alex_ babilen: Thank's, trying to implement this formatting: foo%sbar|format(group). Unfortunately, if i replace "*" to ".*", this construction stop working...
13:02 babilen Does it work manually? (i.e. 'salt -C "....." test.ping)
13:02 PeterO_ joined #salt
13:03 alex_ Only with "*", not ".*" or ".+"
13:10 babilen hhmmm
13:13 babilen Mind showing it?
13:13 Mate nice thing that git.latest: {rev: tag} always uses git branch --unset-upstream in 2015.8
13:14 jakwas joined #salt
13:14 Mate which is unavailable in ubuntu 12.04-14.04's git
13:16 KennethWilke joined #salt
13:17 babilen How is that nice?
13:19 Mate so i can patch our states to do the checkout with cmd.run
13:20 babilen Why would you prefer that to a working git.latest ?
13:20 Mate i dont
13:21 babilen I'd recommend filing a bug., copying the state in question to _states and using git.latest
13:21 babilen Mate: "nice thing that" sort of implies "yeah, great!"
13:21 Mate i don't see a simple solution based on the code
13:22 babilen Can't you just remove '--unset-upstream' ?
13:22 Mate and the use of this option is only more frequent in the new release
13:23 babilen Which you would probably do in the respective execution module
13:24 babilen Just remove it from branch_opts ?
13:24 Mate in my case it would work
13:25 numkem joined #salt
13:26 babilen So .. that sounds like an easy solution, don't you agree?
13:26 Mate and you would copy the patched git.py to the git repo?
13:26 Mate which is used as a root
13:27 babilen You'd place it in _states, yes
13:28 alex_ Can't get it work, maybe I'm doing somethith wrong?  {%- for server, addrs in salt['mine.get']('J@hostgroup:%(hostgroup) and P@software_flags:assigned_states:*:ntp.client.config', 'network.ip_addrs', expr_form='compound'|format(hostgroup=group)).items() -%}
13:28 Mate i don't really see how is it easier to manage
13:28 Mate it will probably break at the time of the next update
13:28 Mate but my cmd.run will work, and i can revert that hack if git.latest is fixed upstream
13:29 babilen FILE A BUG SO THAT IT GETS FIXED UPSTREAM, rather than changing your entire codebase to cmd.run
13:29 jack__ joined #salt
13:29 Mate i am going to file the bug
13:29 babilen And no, it won't break as it would still use "your" state
13:30 Mate if it will be still compatible
13:30 babilen sure
13:31 Mate it takes for me a week to migrate to the next salt version twice a year
13:31 Mate and i am not really happy with this
13:31 jeffspeff I'm having an issue with about 25% of my minions giving the error "Passed invalid arguments to pkg.list_pkgs: sequence item 0: expected string, int found" when i run "pkg.list_pkgs" but I found that running "pkg.list_pkgs versions_as_list=True" returns the installed packages without error. what would cause the problem of the error in pkg.list_pkgs?
13:33 antpa joined #salt
13:34 DammitJim joined #salt
13:35 bhosmer joined #salt
13:39 jack__ joined #salt
13:41 JDiPierro joined #salt
13:42 zer0def uh, dumb question - anyone experiencing issues with boto usage in salt 2015.8.5?
13:43 jamesp9 joined #salt
13:44 geomacy joined #salt
13:44 permalac joined #salt
13:45 zer0def just in case anyone's wondering, i'm getting a "NameError: global name '__salt__' is not defined" when using boto_route53
13:45 digitalhero joined #salt
13:50 tracphil joined #salt
13:51 cpowell joined #salt
13:52 alex_ ok, looks like it working: {%- for server, addrs in salt['mine.get']('J@hostgroup:'~group~' and P@software_flags:assigned_states:*:ntp.client.config', 'network.ip_addrs', expr_form='compound').items() -%}
13:52 fxhp joined #salt
13:52 alex_ babilen: thanks
13:53 jdubski joined #salt
13:53 jack__ joined #salt
13:53 babilen alex_: I still don't quite understand why the * glob works in a regular expression
13:54 babilen What if you change "P@" to "G@" ?
13:55 babilen zer0def: Check the bug tracker .. there were a couple of boto related ones recently
13:56 subsignal joined #salt
13:56 digitalh_ joined #salt
13:56 nyx__ joined #salt
13:56 subsignal joined #salt
13:57 alex_ babilen: I'm confused even more:  salt -C "J@hostgroup:.* and P@software_flags:assigned_states:*:ntp.client.config" test.ping and salt -C "J@hostgroup:.* and G@software_flags:assigned_states:*:ntp.client.config" test.ping both return the same correct result...
13:58 alex_ babilen: but if we'll set salt -C "J@hostgroup:* and P@software_flags:assigned_states:*:ntp.client.config" test.ping it will return nothing
13:59 jrklein joined #salt
13:59 digitalhero joined #salt
14:02 mawbid joined #salt
14:03 zer0def babilen: you're right, already referenced be #30300
14:03 rome_390 joined #salt
14:04 pviktori joined #salt
14:05 zer0def also, a question - is there any reason the apt repository at repo.saltstack.com drops older package versions?
14:05 zer0def actually, nevermind
14:07 Rkp drops? there are some archives if you'd like I think, as in http://repo.saltstack.com/apt/ubuntu/14.04/amd64/archive/2015.8.3 for instance
14:08 giantlock joined #salt
14:08 SunPowered joined #salt
14:09 aqua^c joined #salt
14:10 zer0def Rkp: i was wrong, just didn't visit the `archive` dir
14:11 edrocks joined #salt
14:12 jakwas joined #salt
14:12 SunPowered is named compound matching supported at all?  It would be really handy if I could define match variables in my top file
14:12 jakwas joined #salt
14:16 M-MadsRC joined #salt
14:17 JDiPierro joined #salt
14:17 jeffspeff I'm having an issue with about 25% of my minions giving the error "Passed invalid arguments to pkg.list_pkgs: sequence item 0: expected string, int found" when i run "pkg.list_pkgs" but I found that running "pkg.list_pkgs versions_as_list=True" returns the installed packages without error. what would cause the problem of the error in pkg.list_pkgs?
14:18 jeffspeff after looking at the code for win_pkg i'm not seeing why one works and the other doesn't.
14:23 jakwas joined #salt
14:26 nyx__ joined #salt
14:28 digitalhero joined #salt
14:29 XenophonF joined #salt
14:29 bhosmer joined #salt
14:30 akhter joined #salt
14:31 xf10e joined #salt
14:31 xf10e hi *
14:32 xf10e anyone running a master on CentOS 6 and using the salt-formula to configure it around?
14:32 XenophonF CentOS 7 - is that close enough?
14:33 xf10e no, you don't have the 'no mapping test' problem ;)
14:33 XenophonF ah
14:33 M-liberdiko joined #salt
14:33 xf10e this one: https://github.com/saltstack-formulas/salt-formula/issues/193
14:33 saltstackbot [#193]title: [CentOS 6] `mapping` test not supported, master config cannot be generated | Unfortunately, since CentOS 6 only ships with Jinja2 2.2.1, the `mapping` test is not supported. Looking through the documentation, I don't see anything else equivalent to it (both `iterable` and `sequence` test true for dicts and lists), so I'm not sure how to maintian functionality without that test....
14:33 XenophonF sorry :(
14:34 akhter joined #salt
14:34 xf10e got an rather ugly hack but I'm not using external pillars so I only no I got it rendering fine ;)
14:34 xf10e s/no I/know I/
14:35 XenophonF i was hoping that saltstack's repo had a newer version of jinja, but that's 2.2.1 as well
14:36 XenophonF you could try updating jinja outside of rpm/yum
14:36 XenophonF pip install -U jinja
14:36 xf10e redhat's are very picky about upgrading packages from their base repositories ;)
14:37 XenophonF yeah, debian/ubuntu is the same
14:37 spiette joined #salt
14:37 catpig joined #salt
14:38 xf10e and I rather re-deploy the syndic with FreeBSD so I get the latest salt from ports/pkgng instead of messing up the host's python modules
14:38 ALLmightySPIFF joined #salt
14:39 lompik joined #salt
14:40 jack__ joined #salt
14:43 XenophonF xf10e: it just so happens that i also run a salt-master on FreeBSD using salt-formula :)
14:43 racooper joined #salt
14:44 XenophonF works great!
14:44 XenophonF you can see my configs at https://github.com/irtnog/salt-states and https://github.com/salt-pillar-example
14:44 XenophonF my salt-master configs are in the pillar example repo under salt/example/com/
14:44 nyx__ joined #salt
14:45 cpowell joined #salt
14:50 xf10e XenophonF: I plan moving my masters/syndics to FreeBSD, too. But sadly I'm to busy right now, so I'm going with a quick hack ;)
14:51 subsignal joined #salt
14:51 XenophonF understood
14:51 VSpike I cannot get a grip on how a system would combine salt cloud and the boto-* states to build up an AWS environment. Is there a decent guide anywhere?
14:51 Tyrm joined #salt
14:51 subsigna_ joined #salt
14:54 XenophonF VSpike: when you find/write one, let me know
14:55 VSpike Seems like you'd need to use the boto-* stuff to create a VPC (possibly), subnets, security groups, internet gateways, nat instances, etc, etc. Then feed that back into salt-cloud, which I'm not even sure is possible, so that the right data is used to create instances...
14:55 XenophonF I've been using boto_* states to configure things like VPCs and security groups, with salt-cloud handling instance startup
14:55 VSpike then possibly do more boto stuff to handle elb's, scaling groups, rds instances, etc
14:56 XenophonF it's very much iterative, as some of settings require object IDs instead of names
14:58 VSpike How do you handle creating the profiles for salt-cloud dynamically?
14:59 XenophonF i'm using salt-formula so those config files are all jinja templates
14:59 VSpike ohhh... so you create a salt-master per environment?
15:00 XenophonF no i have one salt master, one AWS account, and multiple VPCs
15:02 abednarik joined #salt
15:04 mapu joined #salt
15:06 hasues joined #salt
15:08 VSpike So if you create a new evironment, then you have to (re)-generate the appropriate cloud profiles for it too, right. So you re-run your salt formula and restart the master?
15:08 VSpike Or is a restart not requried for those files .. I never really know
15:09 XenophonF salt-formula pretty much does the right thing with respect to restarts
15:09 XenophonF obv. salt-cloud isn't a daemon and doesn't need a restart
15:09 VSpike Which minion runs the boto states for you? The master itself, or something else?
15:09 XenophonF my salt-master has admin rights to aws via its instance profile/role assignment
15:10 XenophonF so the boto_* states run there
15:10 VSpike OK, so the master is a minion of itself?
15:10 XenophonF yes
15:10 XenophonF it's all very marlon brando superman
15:10 VSpike Heh
15:11 VSpike So how do you feed the right data to the boto states? It's not like you can just do a salt state.highstate, is it?
15:12 XenophonF i sure can
15:12 VSpike Or are the envs defined in a pillar and the states just loop through them?
15:12 XenophonF basically
15:12 VSpike using jinja or similar
15:12 XenophonF yup
15:12 AndreasLutro how do you prevent duplication of data in salt cloud's config and pillars/states?
15:12 XenophonF i won't say i'm doing it right - it'd be interesting to hear what other aws users do
15:13 * AndreasLutro is using terraform
15:13 XenophonF AndreasLutro: what duplication? salt-cloud only runs instances
15:13 VSpike I wonder how this compares to using terraform or CF
15:13 AndreasLutro XenophonF: like, IDs of VPCs or security groups or whatever
15:13 XenophonF most of the boto_* states can do object lookups by name instead of by ID
15:14 XenophonF e.g., I can say, create this security group in a VPC named "WebApp-Prod-Ireland"
15:14 XenophonF and the state will query the AWS API to find that VPC's ID, like vpc-12345678
15:15 XenophonF and it will do that lookup at state execution time
15:15 VSpike Ah, OK
15:15 cpowell joined #salt
15:15 XenophonF so i can have a state the runs right before that creates the VPC
15:15 XenophonF iirc some boto_* states not being that clever
15:15 AndreasLutro can you put the name of the security group into salt-cloud? I thought you had to use the IDs
15:15 XenophonF but i think that's because they aren't completely settled in terms of api
15:15 VSpike AndreasLutro: presumably for you terraform does everything then hands the resulting ec2 instances over to salt to configure?
15:16 XenophonF no iirc salt-cloud requres security group and vpc IDs
15:16 XenophonF for now, i've been manually syncing references/configs
15:16 jack__ joined #salt
15:16 AndreasLutro VSpike: yeah - along with cloud-init for some initial provisioning (but I hate that bit)
15:16 JDiPierro joined #salt
15:16 XenophonF i'm thinking of possibly collecting that info into salt mine and using the mined data to generate the cloud profiles
15:17 AndreasLutro it would be nice if salt-cloud could read pillars
15:17 XenophonF well it kind of can, if you generate the config files using salt
15:17 AndreasLutro maybe it's possible to write a custom runner/orchestrator that does something like this
15:17 VSpike I was wondering, do the vanilla AWS AMIs use cloud init?
15:17 N-Mi joined #salt
15:17 AndreasLutro it comes pre-installed at least
15:17 VSpike I only heard of cloud init recently don't know much about it
15:19 AndreasLutro I don't actually know what it does out of the box, but we use it for things like installing salt, distributing public keys, and mounting EBS drives
15:19 VSpike Right
15:19 AndreasLutro I mostly work on the salt bit so I don't remember all the details
15:21 VSpike Why do you actually *need* cloud init? The default AMIs do enough to get you to a point where you have networking and can install a salt minion. After that, surely Salt can do everything?
15:21 VSpike Curious what it adds that you don't already have
15:22 _JZ_ joined #salt
15:22 XenophonF cloud-init handles the AWS-specific firstboot stuff
15:22 XenophonF like copying in the keys used to launch the instance
15:23 XenophonF iirc it works with cloudformation, too
15:23 XenophonF of course that's unnecessary if you're using salt
15:23 XenophonF but salt relies on it to bootstrap generic AMIs
15:23 XenophonF if you have your own AMI with salt-minion staged on it, you don't really need cloud-init
15:23 bhosmer joined #salt
15:24 XenophonF i think
15:24 AndreasLutro VSpike: 1. set the hostname, write some custom grains, add the saltmaster public signing key, add the salt debian repo, install salt
15:24 VSpike Yeah, I've avoided custom AMIs like the plague, but I think with Packer they might be a more reasonable thing to use.
15:24 AndreasLutro oops that 1. wasn't meant to be there
15:25 AndreasLutro when you say "can install a salt minion" do you mean ssh'ing in and doing it?
15:25 andrew_v joined #salt
15:25 VSpike I mean you could pass a script in user data, probably that would then fire up the salt bootstrap script
15:25 XenophonF cloud-init is the thing that looks at user data, btw
15:26 VSpike Ah, I did wonder if it was
15:27 zmalone joined #salt
15:28 VSpike Another thing I've been wondering about ... if you use autoscaling groups, do you go to the trouble of making the instances become connected salt minions when they get created?
15:28 XenophonF good question
15:28 digitalhero joined #salt
15:29 AndreasLutro what do you mean by connected? to the salt master?
15:30 VSpike Yeah
15:30 digitalhero joined #salt
15:30 AndreasLutro I would but only because I need the mine data for ssh_known_hosts
15:31 teryx510 joined #salt
15:33 VSpike Hm. So how would you do it? In my case, they would need sensible hostnames for a start, and I'm not even sure how you'd do that in autoscaling
15:34 VSpike Also it would clutter up your salt master keys with servers that are no longer there
15:34 VSpike You could probably hook an SNS notification somehow to remove them, but it starts to sound like a lot of work
15:36 VSpike Theoretically, if they /really/ are stateless and short-lived, you'll never need to change anything on them so you won't need Salt. In theory!
15:36 VSpike Except as you say if you need the mine data for something
15:36 AndreasLutro yeah I don't know for sure either. I suppose by the time we start looking at autoscaling we'll develop a separate strategy for that
15:36 VSpike It would be easier probably to use a custom script to make them write that data to DB table or s3 bucket
15:37 XenophonF autoscale instances are supposed to be ephemeral, right?
15:37 XenophonF i dunno - the only way i'd expect to update one would be to re-create its underlying AMI
15:37 XenophonF but i'm just starting out when it comes to autoscaling stuff, so i don't know
15:38 VSpike Right yeah. Makes me wonder, the machine you build the AMI from would almost certaintly be a minion, so how do you /stop/ each autoscale instance trying to connect back with the same id?
15:38 VSpike Something I'd have to figure out, but I haven't really looked into it. Just trying to understand the bigger picture
15:38 XenophonF well you'd have to clean that kind of stuff up prior to creating the AMI, same as when you make a computer image using other technologies
15:39 VSpike I figured there must be a "pre-baking" step where you can do that kind of stuff, with any AMI-creating system
15:40 hasues left #salt
15:41 perfectsine joined #salt
15:42 PeterO joined #salt
15:45 jack__ joined #salt
15:50 KennethWilke joined #salt
15:50 malinoff joined #salt
15:52 SpX joined #salt
16:01 atmosx joined #salt
16:02 penguin_dan joined #salt
16:07 gh34 joined #salt
16:07 giantlock joined #salt
16:08 freelock joined #salt
16:08 akhter_1 joined #salt
16:16 JDiPierro joined #salt
16:18 bhosmer joined #salt
16:19 Brew joined #salt
16:25 Bryson joined #salt
16:25 jack__ joined #salt
16:26 bamf joined #salt
16:26 bamf abyss?
16:27 bamf AbyssOne?
16:27 bamf left #salt
16:30 treaki joined #salt
16:32 Fiber^ joined #salt
16:34 numkem joined #salt
16:35 jack__ joined #salt
16:35 jfred joined #salt
16:35 tligda joined #salt
16:36 aw110f joined #salt
16:37 numkem joined #salt
16:39 numkem joined #salt
16:39 aw110f_ joined #salt
16:39 numkem joined #salt
16:41 WesleyTech joined #salt
16:44 numkem joined #salt
16:45 cangiani joined #salt
16:46 JDiPierro joined #salt
16:47 jack__ joined #salt
16:48 scarcry joined #salt
16:52 ssplatt joined #salt
16:54 stupidnic Using state.iptables I have some rules that are applied with append with a final default drop policy at the end. When I rerun the state, I end up with entries appended below the drop in the input table. What is the policy about handling iptable states? Should I have a flush set as first?
16:55 jack__ joined #salt
16:57 aqua^c joined #salt
17:01 sjorge joined #salt
17:02 sjorge joined #salt
17:03 notnotpeter joined #salt
17:04 gtmanfred you should probably use insert with position of -1 instead of append
17:05 gtmanfred do your -m state --state ESTABLISHED,RELATED and then append -j DROP should be the first two you set
17:05 jack__ joined #salt
17:06 gtmanfred then all otehr things can be position: -1
17:12 bhosmer joined #salt
17:15 ruxu joined #salt
17:16 xf10e stupidnic: just set the default policy to drop??
17:16 stupidnic xf10e: yeah that's what I am doing now... just requires a bit of reworking of my rules
17:28 malinoff joined #salt
17:28 ajw0100 joined #salt
17:29 onlyanegg joined #salt
17:30 ericof joined #salt
17:30 kawa2014 joined #salt
17:32 cliluw joined #salt
17:34 ruxu joined #salt
17:34 jack__ joined #salt
17:35 antpa joined #salt
17:37 fredvd joined #salt
17:40 jack__ joined #salt
17:43 abednarik joined #salt
17:46 grumm_servire joined #salt
17:48 baweaver joined #salt
17:49 baweaver joined #salt
17:59 akhter joined #salt
18:02 jack__ joined #salt
18:02 WesleyTech joined #salt
18:03 kusams joined #salt
18:03 Karunamon Hi folks.. I think I'm missing some understanding on the state.orchestrate runner. How do you target systems with it, since you're using salt_call instead of salt proper?
18:05 Karunamon and my usual problem of finding the answer in the docs /after/ asking the question persists. nevermind...
18:06 bhosmer joined #salt
18:06 gtmanfred Karunamon: here is my orchestrate for deploying an openstack cluster https://github.com/gtmanfred/openstack-salt-states/blob/master/deploy/openstack.sls
18:06 gtmanfred heh
18:07 Karunamon that actually looks shockingly like what i've already got in my sls file
18:08 kaptk2 joined #salt
18:08 Karunamon okay, so say i've got a cluster of machines that have grains set based on their role (frontend, backend, database, etc)
18:08 gtmanfred tgt: 'role:frontend'
18:08 gtmanfred tgt_type: grain
18:08 Karunamon right. for lack of better terms, i'd need two sls files. One with the targets, and another to use as the argument to sls: ?
18:08 gtmanfred or tgt_type: compound and tgt: 'G@role:frontend and G@role:backend'
18:09 gtmanfred you could skip highstate, and have it do sls:\n-first\n-second
18:09 hightekvagabond joined #salt
18:09 gtmanfred http://ix.io/odz
18:09 Karunamon probably how i'd have to do it, i don't want to involve the towering structure that is our highstate for this process :P
18:10 gtmanfred yar, you can also run modules if you don't need states
18:10 gtmanfred http://ix.io/odA
18:10 gtmanfred examples taken from https://docs.saltstack.com/en/latest/topics/tutorials/states_pt5.html
18:11 Karunamon okay, and if I do the sls: thing, those states are guaranteed to be executed in the order defined in the file? (assuming default salt settings)
18:11 gtmanfred i am 95% sure yes
18:12 Karunamon that's what test=True is for ^^
18:12 gtmanfred and the orchestrate runs top down, and does take fail_hard into account iirc
18:12 jack__ joined #salt
18:12 whytewolf order is top down unles there is a requsit that changes order. or order is used. then all bets are off
18:12 gtmanfred it is a list, so i would hope it runs top down
18:12 gtmanfred yeah, i believe you can use require: in that
18:12 Karunamon I'm still kind of getting over a few years exposure to puppet where everything's made up and the order doesn't matter
18:12 gtmanfred heh
18:13 gtmanfred `eventual consistency`
18:20 amanuel joined #salt
18:21 s_kunk joined #salt
18:23 abednarik joined #salt
18:23 impi joined #salt
18:24 dlam joined #salt
18:24 ViciousL1ve Karunamon: The best explanation for state order is that it runs top down until it hits a requisite (watch, require, onchanges), and then it will fork to that state, and if there is another requisite, then it forks again.
18:25 Karunamon That is infinitely more sane than what I'm used to :D
18:25 ViciousL1ve Yeah, it's quite nice. Sometimes it takes some fine tuning but it's super useful
18:25 gtmanfred just don't turn on lexigraphical mode :P
18:26 gtmanfred https://docs.saltstack.com/en/latest/ref/states/compiler_ordering.html#lexicographical-fall-back
18:27 ajw0100 joined #salt
18:30 akhter joined #salt
18:32 jack__ joined #salt
18:36 baweaver joined #salt
18:36 ssplatt hey guys, i’m thinking about making a module that brings in yaml sort of like how state.highstate brings in pillar/ data.  is there some documentation or example of how to do something like that? so i’d drop all my info in /srv/salt/test for example, and /srv/salt/test/top.sls would map out what hosts would get what?
18:42 DammitJim joined #salt
18:44 digitalhero joined #salt
18:45 jack__ joined #salt
18:53 ageorgop joined #salt
18:53 ViciousLove joined #salt
18:54 denys joined #salt
18:56 jack__ joined #salt
18:59 forrest joined #salt
19:04 abednarik joined #salt
19:04 dlam x
19:05 ViciousLove joined #salt
19:05 jack__ joined #salt
19:05 ViciousLove joined #salt
19:06 Eugene ssplatt - how would that be any different from how Pillar already works?
19:06 hal58th joined #salt
19:06 ssplatt because it would be separate from pillar.
19:07 Eugene Why? Because you want it inside of /srv/salt/ ?
19:07 whytewolf why?
19:07 Eugene You can already set pillar_roots to /srv/salt/pillar/(which I do)
19:07 * whytewolf sudders at pillar being in /srv/salt
19:08 whytewolf but thats cause i run file_roots at /srv/salt
19:08 ssplatt the point is this isn’t pillar data, it’s similar tho
19:08 Eugene I run it at /srv/salt/states
19:08 digitalhero joined #salt
19:09 Eugene So... it looks like a Pillar, acts like a Pillar, and has Pillar-like data. But its a duck?
19:09 whytewolf quack
19:09 dlam is there a one liner to test if a program like 'phantomjs' exists?  (i wanna pass it into a onlyif:/unless: argument to cmd.script)
19:09 ssplatt so for something like this: https://github.com/cedwards/saltstack-fim-module  where its an audit
19:10 whytewolf ssplatt: whats the anti-pillar part of that?
19:10 ssplatt becaues it isn’t pillar to be used in state.*
19:11 CheKoLyN joined #salt
19:11 whytewolf ssplatt: no it isn't. it is meant to be used in the template engine
19:11 whytewolf it isn't reinventing a wheel
19:14 djgerm left #salt
19:15 digitalhero joined #salt
19:15 djgerm joined #salt
19:16 djgerm does anybody perform F5 health monitoring on their salt masters? And if so, what do you use?
19:16 ssplatt i think the main reason i wanted ot keep it separate is that if, in this example, fim and state are pulling from the same definition data, then fim isn’t auditing state
19:16 djgerm Also, how do you monitor your salt-master to ensure it's always alive and healthy?
19:18 ssplatt so is it possible to hook into the templating engine in a similar way, but have ‘fim’ pull from a fim/ dir instead of pillar/
19:19 iggy dlam: which <command>
19:19 whytewolf ssplatt: that code [fim] has no reference to pillar at all
19:19 whytewolf point it at what ever you like
19:19 ssplatt no it doesn’t but i want to take the same idea and write something similar that does
19:21 whytewolf ssplatt: the template engine just runs a module. so if you have a module called duck. with a function called quack. you can call it from the template engine with salt.duck.quack(your arg list). it is up to you what that module does. but replicating pillar just seems like a worthless endevour.
19:21 GreatSnoopy joined #salt
19:22 jack__ joined #salt
19:23 |Fiber^| joined #salt
19:25 teryx510 joined #salt
19:27 forrest joined #salt
19:28 rmnuvg joined #salt
19:28 ssplatt worthless? do you not think testing/auditing data should be separate from the main data being applied?
19:28 heaje joined #salt
19:29 whytewolf I don't think it should be internal to the tool at all
19:31 ssplatt mkay
19:32 ssplatt wouldn’t a different module pulling in diffrent ‘pillar’ essentially make it external to the tool? it would just be using the templating engine and host db and connection methods?
19:32 whytewolf I mean salt would not be a part of any auditing/testing. in any way.
19:33 jack__ joined #salt
19:33 whytewolf it would run it's stuff on a docker, then i have a seperate tool run in that docker to verify what salt did
19:36 whytewolf as such i would most likely have jenkins run the salt then run the tests
19:39 digitalhero joined #salt
19:42 dft joined #salt
19:42 aqua^c joined #salt
19:43 dft good day, is there a salt-run manage.X that will return a list of all registered minions regardless of whether it is up or down?
19:43 gtmanfred salt-key shows you registered minions
19:43 gtmanfred salt-run wheel.list_keys  might exist
19:43 GreatSnoopy joined #salt
19:44 dft gtmanfred: cool, thanks
19:44 gtmanfred doesn't look like that is a thing :/
19:44 gtmanfred but salt-key -L will list all keys, so those are your registered minions
19:45 gtmanfred doesn't look like there is a wheel runner, so you would need to use salt-key, or if you wanted to write it into an application, the WheelClient
19:46 whytewolf manage.status might also help
19:46 gtmanfred oh, neat
19:49 dft whytewolf: I saw that, but what we're seeing in testing this pre-production is that the minion service will on occasion be running but not responding to the master
19:49 dft and I'm not sure if manage.status will report those minions as down since we haven't had this weird issue come up in a while.
19:50 jack__ joined #salt
19:50 whytewolf if it isn't responding to the master it should show as down
19:51 whytewolf if they show in manage.down at least [which sends a command to the minion to check]
19:52 amanuel joined #salt
19:54 digitalhero joined #salt
19:54 bhosmer joined #salt
19:59 jack__ joined #salt
20:00 ageorgop joined #salt
20:01 baweaver joined #salt
20:04 shiriru joined #salt
20:05 viq joined #salt
20:07 Rumbles joined #salt
20:07 RandyT could someone help me with what I need to do to use this function from command line? https://docs.saltstack.com/en/latest/ref/file_server/all/salt.fileserver.gitfs.html#salt.fileserver.gitfs.file_list
20:07 RandyT case where I know what this should do, but cannot come up with it form the doc
20:08 gtmanfred that doesn't really come from the commandline directly
20:09 WesleyTech joined #salt
20:09 gtmanfred you can use the cp module from a minion to reference stuff in the file_serv though https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.cp.html
20:09 digitalhero joined #salt
20:09 RandyT gtmanfred: I've used something in the past to list files available via these external filesystems
20:10 RandyT I thought it was that....
20:10 gtmanfred salt.modules.cp.list_master
20:10 dft whytewolf: that's what I'm hoping for, we need to catch the next event and test.  If yes then I can be a little more intelligent in which minions need a kick in the pants
20:10 RandyT gtmanfred: ah, thank you...
20:10 gtmanfred RandyT: cp.list_master lists all files available from the master
20:10 gtmanfred yeah
20:10 gtmanfred you can do it, but you don't directly hit that function
20:11 gtmanfred you would need to trace it back to figure out which one of those modules has the master run the function you want
20:11 ruxu joined #salt
20:11 RandyT gtmanfred: should that show external filesystems as well?
20:11 gtmanfred actulally
20:11 gtmanfred yeah
20:11 RandyT trying to debug availability of some thigns in gitfs
20:11 gtmanfred it should hit anything you can reference with salt://
20:11 gtmanfred actually, you might be able to use the fileserver runner https://docs.saltstack.com/en/latest/ref/runners/all/salt.runners.fileserver.html
20:11 jack__ joined #salt
20:11 gtmanfred https://docs.saltstack.com/en/latest/ref/runners/all/salt.runners.fileserver.html#salt.runners.fileserver.file_list
20:11 gtmanfred there it is
20:12 gtmanfred salt-run fileserver.file_list base git
20:12 RandyT ah, yes, that was it...
20:17 rmnuvg joined #salt
20:19 RandyT gtmanfred: thank you
20:19 baweaver joined #salt
20:20 gtmanfred no problem :)
20:21 Eureka70_ joined #salt
20:21 Eureka703 joined #salt
20:22 cliluw joined #salt
20:23 Karunamon So here's a logic question.. can you put parens in the compound globbing statements?
20:23 KennethWilke joined #salt
20:23 Karunamon say i've got something like: 'G@app:web and G@app_role:frontend or G@app_role:backend'
20:24 jack__ joined #salt
20:25 Bryson joined #salt
20:26 jfindlay Karunamon: the glob matcher uses python's [glob](https://docs.python.org/2/library/glob.html) library, so whatever is described there should work for the glob matcher
20:26 Karunamon exactly what I needed - thank you.
20:26 jfindlay sure
20:28 numkem joined #salt
20:31 ruxu joined #salt
20:35 jack__ joined #salt
20:35 spiette joined #salt
20:36 wendall911 joined #salt
20:36 hatchetjack joined #salt
20:37 hatchetjack starting salt-minion verson 2015.8.5 segmentation fault
20:37 hatchetjack any idea what's going on with it?
20:37 wendall911 joined #salt
20:39 borgstrom joined #salt
20:40 kusams joined #salt
20:40 digitalhero joined #salt
20:40 Karunamon hatchetjack: try running it in debug mode, may get some more useful output out of it. salt-minion -l debug
20:40 baweaver joined #salt
20:44 opdude joined #salt
20:44 hatchetjack if I do that it just prints Segmentation fault and I'm back at a prompt
20:44 akhter joined #salt
20:44 hatchetjack Karunamon: is there a way to crank up the debug level
20:44 hatchetjack ?
20:45 jeddi joined #salt
20:45 jfindlay -l trace
20:45 jfindlay is this a master or minion or something else?
20:46 hatchetjack minion
20:46 hatchetjack -l trace does the same thing
20:46 jfindlay are you running the minion or salt-call?
20:47 DammitJim joined #salt
20:47 hatchetjack trying to run salt-minion as a daemon
20:47 hatchetjack service salt-minion start which results in salt-minion -d
20:48 jfindlay and you tried `salt-minion -l debug`?
20:48 hatchetjack yes
20:48 hatchetjack I've also tried -l all
20:48 hatchetjack but everything just results in segmentation fault
20:49 bhosmer joined #salt
20:49 jfindlay nothing before the segfault?
20:49 teryx510 joined #salt
20:49 jfindlay how did you install/upgrade?
20:50 hatchetjack I installed the salt repo file http://repo.saltstack.com/yum/redhat/5/x86_64/salt-repo-2015.8-2.el5.noarch.rpm
20:50 hatchetjack and then yum install salt-minion
20:50 jfindlay on a new VM?
20:50 hatchetjack on a xenserver dom0 host
20:51 mgresser joined #salt
20:51 hatchetjack think it runs fine on VMs
20:51 digitalhero joined #salt
20:51 hatchetjack used to run fine on xenserver too until 2015.5.3 came out from copr
20:51 hatchetjack we've got 2015.5.0 running on other xenserver hosts
20:51 jack__ joined #salt
20:51 hatchetjack have not had any issues with those
20:52 teryx510 joined #salt
20:53 jfindlay there are a few compiled deps that may be segfaulting.  Salt itself is pure python, which is unlikely to segfault. zeromq or pycrpyto would me my first guesses
20:53 teryx510 joined #salt
20:53 hatchetjack yes I'm aware of that
20:53 jfindlay hatchetjack: if you can narrow down which version of salt the issue starts with, that would be helpful and also file a bug report
20:53 hatchetjack I like me some python and I figured it was some lib somewheres
20:54 hatchetjack but can't figure out which one it would be
20:54 hatchetjack jfindlay: it seems to have happened on upgrade from 2015.5.0 to 2015.5.3
20:54 jfindlay I've tested the CentOS 5 packages for the last several releases and haven't seen a seg fault
20:54 hatchetjack where do I file a bug report?
20:54 jfindlay https://githug.com/saltstack/salt/issues/new
20:54 hatchetjack jfindlay: think it could be something to do with us running it on xenserver?
20:55 baweaver joined #salt
20:55 jfindlay I'm not sure.  Do you see anything explanatory in `strace salt-minion`?
20:55 hatchetjack I had not tried that
20:55 captain_magnus joined #salt
20:55 hatchetjack hang on
20:56 hatchetjack you want the whole strace or just the last bit when it bombs?
20:56 mgresser Is there a way to make a single minion pull states from more than one environment during a highstate? For example can a system be configured to get everything from base with the exception of one state which is pulls from beta?
20:57 hatchetjack jfindlay: http://pastebin.com/rsYdsiLR
20:57 hatchetjack jfindlay: if you want the whole thing let me know
20:57 rem5 joined #salt
20:59 Rumbles joined #salt
21:04 mohae joined #salt
21:05 jack__ joined #salt
21:09 onlyanegg joined #salt
21:11 jfindlay mgresser: you could create a custom environment for that minion
21:12 jfindlay hatchetjack: that's strange.  I wonder what is trying to access selinux
21:12 jfindlay or if that is a coincidence
21:12 mgresser jfindlay: What do you mean by a custom environment? You mean maintain a third environment that has the pieces of beta and master that I want to apply?
21:13 hatchetjack not sure
21:17 sfxandy joined #salt
21:17 jfindlay mgresser: yes.  I'm not sure how to mix and match environments otherwise
21:17 jfindlay hatchetjack: you are welcome to find a bug report or ask on salt-users
21:18 hatchetjack k
21:18 hatchetjack the link you gave me resylts in a 404 not found
21:18 hatchetjack results
21:19 jfindlay you'd only go there if you're into hugs, I guess
21:19 mgresser jfindlay: Ok, that's kinda a bummer but I can live with that answer. I was hoping I could mix only so I didn't have to constantly rebase my dev/beta environments as I updated master. Sounds like I'll just have to live with that though. Thanks for the help.
21:19 jfindlay hatchetjack: https://github.com/saltstack/salt/issues/new
21:19 jfindlay mgresser: there may be a better answer that I don't know of
21:21 rem5 joined #salt
21:22 mgresser jfindlay: Yea, it seems like it binds to the first environment that it matches and looks inside there for everything else it needs. It's ok, I can work around it.
21:24 Karunamon Okay.. i'm getting a hard to parse error message here when kicking off an orchestration run.. does this syntax appear incorrect to anyone? https://gist.github.com/Karunamon/ff9b51886cc9d8bfcbbd
21:24 ajw0100 joined #salt
21:24 Karunamon the message is AttributeError: 'list' object has no attribute 'itervalues', but no info as to what sls and where the error is
21:25 jfindlay Karunamon: can you also post the error log you're getting?
21:26 Karunamon One sec, sanitizing..
21:26 jfindlay an insane version might make more sense to me in my current condition :)
21:27 nwertzberger joined #salt
21:27 Karunamon heh! nah just getting the hostnames out of it so the it security people don't find me and administer a beating
21:27 tkeith joined #salt
21:28 jack__ joined #salt
21:28 nwertzberger so I'm looking into ways to version my salt states (aka, let some servers run with rev 1 of a package, and others run with rev 2, and it looks like the whole file.managed source mechanism is not going to help me out very much
21:28 tkeith Is there a firewall that's recommended for use with salt (for rejecting incoming connections on all ports except a whitelisted set - 22, 443, etc)? I normally use ufw but it doesn't seem to integrate nicely with salt.
21:28 nwertzberger is there any way to point to a relative path in a managed state? is there a better way to go about versioning a configuration?
21:28 Karunamon jfindlay: okay, updated the original link
21:29 jfindlay nwertzberger: I think the best solution would be to put your config files into repo
21:30 nwertzberger jfindlay: yep, using git for that
21:30 jfindlay then you could use git tags?
21:30 nwertzberger but what if i want to roll out this new version of a state to 10% of the servers?
21:30 jfindlay or similar
21:30 nwertzberger and then slow roll over the other 90%
21:30 Karunamon +1 to git-managing your configs, definitely makes life easier.
21:30 hatchetjack jfindlay: salt-minion segmentation fault #31021 filed.
21:30 hatchetjack thanks for the help
21:31 jfindlay nwertzberger: you could use git branches and then carefully migrate minions into the new branch by changing their saltenv(=git branch)
21:31 toastedpenguin joined #salt
21:31 nwertzberger i'
21:31 nwertzberger i'll read up on that
21:31 jfindlay hatchetjack: no problem, sorry I couldn't offer much
21:32 jfindlay that's how most salt admins do it from what I know
21:32 nwertzberger so i'm clear, this means that the salt:// managed tool does not have a way to do relative paths?
21:32 hatchetjack it's okay.  Seems like an odd thing to be happening and even doing any kind of debug doesn't really result in much other then "Segmentation Fault!"
21:32 jfindlay salt:// is relative to the `file_roots` config
21:32 hatchetjack so not much to go on really
21:32 nwertzberger alright
21:33 jfindlay you can add additional roots, even on remote fileservers, like gitfs, for example
21:33 jfindlay salt will merge them all together, into a common namespace
21:34 jfindlay tkeith: were you asking before about ufw?
21:37 antpa joined #salt
21:38 brianfeister joined #salt
21:41 jack__ joined #salt
21:43 Karunamon tried a couple more variations and still getting the error. Sounds like it doesn't like one of my lists.
21:43 tkeith jfindlay: Yeah, but I was doing it via command execution on every state push, and it would interrupt the existing salt connections
21:43 bhosmer_ joined #salt
21:50 abednarik joined #salt
21:51 nwertzberger is there any way to get a current module path?
21:51 nwertzberger i think that this is jsut not syncing with what i imagine my versioning / rollout paradigm moving to
21:52 nwertzberger in ansible, you have this files directory, and you can refer to them relatively. this lets you have many versions of the same configurations available to pull in
21:52 nwertzberger ansible is also slow, of course :)
21:54 KennethWilke joined #salt
21:55 lothiraldan joined #salt
21:58 jack__ joined #salt
22:02 WesleyTech joined #salt
22:05 grumm_servire joined #salt
22:06 murrdoc joined #salt
22:06 jfindlay Karunamon: I commented
22:06 Karunamon jfindlay: I updated the original link with the details
22:06 jfindlay not sure if that is an artifact of your sanitization
22:06 sinonick joined #salt
22:06 Karunamon oh, on the thing. duh.
22:07 Karunamon I don't think so - that syntax is only necessary on tgt_type: compound if I recall right. That, and the failure is called out on the second state, the initial_highstate returns success.
22:08 jrgochan joined #salt
22:09 jfindlay nwertzberger: salt disallows relative paths for security reasons.  The rollout method commonly used is to use saltenves<->git branches, where the development branch has a different version from the production branch
22:12 Relaide joined #salt
22:12 jrgochan Hello. Is there a 'salt' command that I can use to run a single sls file?
22:13 ageorgop joined #salt
22:13 Relaide Hi, just a quick question how can I troubleshoot an issue regarding Pillar? I have something like base: '*': foo but my minion don't see any data related to foo
22:14 Relaide ( the previous example was the top.sls in pillar )
22:14 whytewolf jrgochan: salt 'minion' state.sls <sls name> or salt 'minion' state.apply <sls name>
22:15 jab416171 joined #salt
22:15 edrocks joined #salt
22:16 whytewolf Relaide: first make sure the pillar is refreshed with `salt '*' saltutil.pillar_refresh` second check the logs and use -l debug if it still isn't showing up.
22:18 Relaide whytewolf: I did all of that and I don't see an obvious issue :/
22:18 jack__ joined #salt
22:19 whytewolf Relaide: is foo a directory in your pillar directory or foo.sls in the pillar directory?
22:19 Ch3LL its out there if you want it
22:19 Ch3LL woops sorry wrong chan ^
22:19 Relaide whytewolf: http://pastebin.com/2sEe9fgw
22:21 Relaide whytewolf: It's a working salt folder that I copied to my master/minion dev setup
22:23 snarfy joined #salt
22:24 Relaide there must be a default configuration that prevents pillar to work with my current setup
22:24 whytewolf Relaide: not really. only thing i would suspect is pillar_roots pointing to the wrong spot
22:25 Relaide whytewolf: yes :D
22:25 Relaide whytewolf: I just foundout
22:26 Relaide It
22:26 Relaide it's working sorry for bothering you :/
22:26 nidr0x joined #salt
22:26 whytewolf lol, no problem thats why we are here
22:27 Relaide it 's a really stupid mistake
22:27 akhter joined #salt
22:27 whytewolf hey i once spent three days tracking down a problem with openstack that turned out to be a missing underscore in a config in neautron
22:28 whytewolf mistakes happen
22:29 Relaide anyway coming from Puppet, I must say Salt looks really nice, more sane
22:30 jack__ joined #salt
22:31 whytewolf I have limited experence with puppet, but what i have seen of it gives me chills. that isn't to say salt is perfect. but it is easy enough to get a pretty in depth grasp of. and can do some fun things.
22:31 KennethWilke joined #salt
22:31 hasues joined #salt
22:31 Relaide I did installed openstack with puppet and I lost more that 3 days and grey hairs :D
22:31 hasues left #salt
22:33 whytewolf lol. yeah. I have actually done the same with salt. but i actually kind of enjoy it in salt. since i am building my own states, and logic
22:33 tracphil joined #salt
22:34 whytewolf I'm actually going to be building a third iteration of my salt code in order to build an HA version of openstack.... so insanity should be induced
22:36 Relaide Is there any 'blueprint' to not build everything from scratch for OpenStack?
22:36 Relaide otherwise it's a big project
22:37 KennethWilke joined #salt
22:37 whytewolf you can check formulas
22:37 whytewolf all of the nes i have seen are for didn't fit my needs
22:37 bhosmer joined #salt
22:39 totzky joined #salt
22:39 jack__ joined #salt
22:42 zenlot1 joined #salt
22:44 ruxu joined #salt
22:51 jack__ joined #salt
22:52 djgerm do minions ever talk back to the master via ssh?
22:53 djgerm for some reason had this idea that they did….
22:53 cwygoda joined #salt
22:53 djgerm but now that I am building out everything, I am realizing that's not necessarily the case...
22:54 zmalone No, minions don't ssh to the master, but they do communicate with the master over zeromq (assuming you are not using raet or tornado)
22:54 digitalhero joined #salt
22:54 cwygoda hey, which bootstrap script shall i use for v2016.3.0rc1?
22:54 djgerm okay… i guess.. I think I was thinking of some salt-cloud stuff...
22:54 zmalone https://docs.saltstack.com/en/latest/topics/tutorials/firewall.html
22:54 zmalone it's worth understanding the zeromq side of things, as it explains a lot of odd behavior
22:55 zmalone (which isn't odd if you understand what's going on)
22:55 baweaver joined #salt
22:55 grumm_servire joined #salt
22:56 baweaver joined #salt
22:57 djgerm Very few things in life are odd if you understand what's going on :)
22:58 djgerm thanks for the link. I was thinking of bootstrapped minions with salt-cloud I think…. and the master than SSHs into them …
23:01 jack__ joined #salt
23:08 akhter joined #salt
23:09 devopsprosiva joined #salt
23:09 Rumbles joined #salt
23:11 devopsprosiva I wan to append a line to a file. Anyone know the syntax to do this with augeas instead of cmd.run?
23:11 rem5 joined #salt
23:12 jfindlay I'm not sure about augeas, but you can use file.line
23:13 nikogonzo devopsprosiva: https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.file.html#salt.modules.file.line or you just want to use jinja templating to get the advanced before/after effects
23:13 jack__ joined #salt
23:14 devopsprosiva jfindlay, nikogonzo: awesome thanks!! file.line should suffice
23:15 akhter joined #salt
23:15 rem5 joined #salt
23:16 akhter joined #salt
23:18 totzky joined #salt
23:23 nwertzberger jfindlay: the answer to my problems was tpldir
23:28 jack__ joined #salt
23:32 bhosmer joined #salt
23:40 djgerm any chance there's a way to verify salt master is up and healthy by sending some data to 4505/4506  and expecting a result? I am trying to create load balancer health monitors
23:40 djgerm and nagios monitoring checks
23:41 djgerm more than is the process running, or a layer 4 open check
23:42 baweaver joined #salt
23:45 kusams joined #salt
23:45 whytewolf humm. not sure a load balancer is going to work even if you get it to reconize the port is open
23:45 ageorgop joined #salt
23:48 whytewolf as for a nagios check i would say you could write up a check using the python lib
23:49 whytewolf have it run say a manage.up and as long as any minion returns as up then the salt master is up, and responding to connections
23:49 djgerm python lib?
23:50 whytewolf https://docs.saltstack.com/en/latest/ref/clients/index.html
23:50 djgerm heh I was just googling that. shoulda done before I said anything :)
23:51 rihannon joined #salt
23:53 rihannon I'm having issues with worker_threads.  Is there a recommended ratio of workers to minions?  It seems that no matter what value I try, I keep being told that I don't have enough.
23:53 djgerm so instead of load balancer, maybe just add all the masters to every salt minion....
23:54 whytewolf djgerm: yeah. and make sure the masters as setup to share data. cause either way. you are going to have a bad time
23:54 whytewolf it isn't just the states. but things like mine won't work right even in multimaster
23:54 onlyanegg joined #salt
23:55 nyx_ joined #salt
23:55 djgerm hrmm can mine be put in git/gitfs?
23:55 whytewolf no
23:55 whytewolf the closest thing i have seen to getting it all to work had a bunch of the cache directories on the masters shared

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary