Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2016-02-09

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:01 digitalhero joined #salt
00:04 mosen joined #salt
00:06 zmalone joined #salt
00:08 devopsprosiva jfindlay: I went with file.blockreplace. However I'm seeing the error in this gist https://gist.github.com/devopsprosiva/c8a02d428d9f50f3cf70. Any idea why it's occuring?
00:11 zmalone because it's interpreting the : as part of the yaml, if I was to guess
00:12 zmalone it can be really hard to separate "code" from "data" in salt
00:13 Eugene Your distro should have an /etc/profile.d/ folder. Just drop a file.managed into that.
00:15 zmalone in general, editing single lines or blocks in a file is considered harmful in many configuration management systems, but it's a decision that makes sense in some cases.  Using file.managed would work around the issue for you, although it would just be avoiding salt weirdness rather then dealing with it (if you really want to edit just a single block for some reason)
00:22 devopsprosiva Eugene: Thanks. Didn't think about that. Much easier
00:23 devopsprosiva zmalone: Thankyou. I agree. I'd rather not edit a file if I can manage it with file.manage
00:25 berserk joined #salt
00:25 zmalone I really think that yaml in salt could be explained better, things like commas, comments (#), true/false, etc. can all be a nightmare
00:26 zmalone https://docs.saltstack.com/en/latest/topics/troubleshooting/yaml_idiosyncrasies.html helps though
00:26 bhosmer_ joined #salt
00:26 zmalone # and : don't seem to see any coverage in that doc
00:26 zmalone ah well, they don't get used much in *nix configuration probably, right?
00:27 harkx joined #salt
00:27 SVQTQ joined #salt
00:28 zenlot2 joined #salt
00:29 lompik joined #salt
00:30 jack__ joined #salt
00:32 chadhs joined #salt
00:33 Tyrm_ joined #salt
00:34 ewenig has anyone run into issues trying to pass a `user.present` state as a `prereq` to another state?
00:35 rem5 joined #salt
00:37 jack__ joined #salt
00:39 totzky joined #salt
00:41 rem5 joined #salt
00:42 gtmanfred ewenig: using _in?
00:42 ewenig no, just prereq
00:42 gtmanfred ahh, then no
00:42 ewenig well, what was your issue?
00:42 gtmanfred there was a bug in 2015.8.4, that is patched in 2015.8.5
00:43 gtmanfred that broke all _in things where you used the name instead of the stateid
00:43 amcorreia joined #salt
00:43 gtmanfred but the regular requisites worked fine
00:43 baweaver joined #salt
00:43 gtmanfred https://github.com/saltstack/salt/issues/30820
00:43 saltstackbot [#30820]title: State runs involving watch_in or extending break on 2015.8.4 | Environment: rackspace, Ubuntu 14.04, salt packages from `http://repo.saltstack.com/apt/ubuntu/14.04/amd64/latest`...
00:43 ewenig ahh, ok
00:44 ewenig this is the error I get: "Warnings: '__prereq__' is an invalid keyword argument for 'user.present'. If" etc etc
00:44 ewenig when the prereq is referencing the user.present state
00:44 Singularo joined #salt
00:45 gtmanfred prereq is a global keyword, so it should be usable on everything
00:46 chadhs joined #salt
00:46 gtmanfred https://github.com/saltstack/salt/blob/develop/salt/state.py#L63
00:46 abednarik joined #salt
00:47 ewenig right you are
00:47 gtmanfred can you share what your state looks like?
00:47 amanuel joined #salt
00:49 devopsprosiva how can I update selected rpms on centos like yum update using salt?
00:50 gtmanfred pkg.installed lets you specify version numbers
00:50 gtmanfred otherwise if you just want the always latest version of specified packages, pkg.latest
00:50 gtmanfred https://docs.saltstack.com/en/latest/ref/states/all/salt.states.pkg.html
00:51 devopsprosiva gtmanfred: Thanks!!
00:51 gtmanfred np
00:54 ewenig gtmanfred: these are the problem states https://clbin.com/ZybJ6
00:54 jack__ joined #salt
00:55 joe_n joined #salt
00:55 gtmanfred one second
00:55 cpowell joined #salt
00:56 cpowell joined #salt
00:57 chadhs joined #salt
00:57 nyx__ joined #salt
00:57 whytewolf I don't think that cmd.wait works with prereq. cmd.run might.
00:57 whytewolf cmd.wait is meant for watch.
00:59 afics joined #salt
00:59 whytewolf but service.dead and service.enable might do what you are looking to do anyway
00:59 chadhs joined #salt
01:00 whytewolf s/service.enabled/service.runner
01:00 whytewolf running
01:00 whytewolf i think my brain is dyeing
01:02 ewenig ooooo ok
01:02 ewenig why doesn't cmd.wait work with prereq?
01:03 chadhs joined #salt
01:03 gtmanfred yeah, cmd.wait is supposed to be used on watch
01:03 gtmanfred Run the given command only if the watch statement calls it
01:03 gtmanfred https://docs.saltstack.com/en/latest/ref/states/all/salt.states.cmd.html#salt.states.cmd.wait
01:03 gtmanfred and i think the watch actually calls it directly
01:04 ewenig i see
01:04 gtmanfred they are strucutred slightly differently, using mod_watch
01:04 aqua^c joined #salt
01:04 ewenig well, thanks
01:04 ewenig i will try changing the first state to cmd.run
01:05 gtmanfred if your service scripts return the correct retcode, you can also use service.running, with a listen statement, and it will restart the service
01:05 gtmanfred here is how I would write your state
01:07 gtmanfred oh, nevermind
01:07 gtmanfred you have to have it stopped first
01:07 gtmanfred yeah, just use service.dead and service.running
01:07 jack__ joined #salt
01:10 abednarik joined #salt
01:11 ewenig kk
01:20 bhosmer_ joined #salt
01:24 antpa joined #salt
01:24 perfectsine joined #salt
01:24 jack__ joined #salt
01:28 kellyp joined #salt
01:31 Tyrm joined #salt
01:36 chadhs joined #salt
01:39 cpowell joined #salt
01:40 jack__ joined #salt
01:41 digitalhero joined #salt
01:50 afics joined #salt
01:53 chadhs joined #salt
01:57 malinoff joined #salt
01:58 jtylers joined #salt
01:58 cpowell joined #salt
02:01 abednarik joined #salt
02:07 totzky joined #salt
02:07 Steven- joined #salt
02:07 joe_n joined #salt
02:08 jack__ joined #salt
02:09 akhter joined #salt
02:14 bhosmer_ joined #salt
02:18 jack__ joined #salt
02:22 Bryson joined #salt
02:23 catpigger joined #salt
02:25 digitalhero joined #salt
02:26 Bryson left #salt
02:32 cpowell_ joined #salt
02:33 michelangelo joined #salt
02:45 ruxu joined #salt
02:49 evle joined #salt
02:50 kusams joined #salt
02:52 totzky joined #salt
02:53 justanotheruser joined #salt
02:57 daemonkeeper joined #salt
03:06 rem5 joined #salt
03:06 Tyrm joined #salt
03:08 chadhs joined #salt
03:09 bhosmer joined #salt
03:09 jack__ joined #salt
03:11 zmalone joined #salt
03:16 JPT joined #salt
03:24 antpa joined #salt
03:29 Nebraskka joined #salt
03:30 mrMute joined #salt
03:36 joe_n joined #salt
03:41 digitalhero joined #salt
03:44 zmalone left #salt
03:44 digitalhero joined #salt
03:54 brianfeister joined #salt
03:56 djgerm anybody per chance have an example glusterfs state for distributed replicas?
03:59 StevenGFX joined #salt
04:03 akhter joined #salt
04:04 rem5 joined #salt
04:06 rem5 joined #salt
04:07 ramteid joined #salt
04:07 digitalhero joined #salt
04:08 fphhotchips joined #salt
04:10 treaki_ joined #salt
04:13 jack_ joined #salt
04:16 jgm3 joined #salt
04:32 mkaimal joined #salt
04:47 joe_n joined #salt
04:54 jack_ joined #salt
04:57 bhosmer_ joined #salt
05:02 kkiwi08 joined #salt
05:04 voidspacexyz joined #salt
05:10 kkiwi08 hi, i am new here can anyone help me on how to contribute
05:17 jack_ joined #salt
05:17 kkiwi08 joined #salt
05:18 ioya joined #salt
05:19 kkiwi08 joined #salt
05:25 kkiwi08_ joined #salt
05:25 brianfeister joined #salt
05:35 aqua^c joined #salt
05:38 onlyanegg joined #salt
05:39 terratoma joined #salt
05:43 ajw0100 joined #salt
05:46 digitalhero joined #salt
05:51 bhosmer_ joined #salt
05:59 digitalhero joined #salt
06:09 malinoff joined #salt
06:20 cangiani joined #salt
06:25 cangiani joined #salt
06:26 rdas joined #salt
06:31 MTecknology joined #salt
06:31 digitalhero joined #salt
06:34 rdas joined #salt
06:44 jxm_ joined #salt
06:45 bhosmer_ joined #salt
06:48 malinoff joined #salt
06:51 cyborg-one joined #salt
06:59 voidspacexyz joined #salt
07:01 dkrae joined #salt
07:02 jeffspeff I'm having an issue with about 25% of my minions giving the error "Passed invalid arguments to pkg.list_pkgs: sequence item 0: expected string, int found" when i run "pkg.list_pkgs" but I found that running "pkg.list_pkgs versions_as_list=True" returns the installed packages without error. what would cause the problem of the error in pkg.list_pkgs?
07:02 jeffspeff after looking at the code for win_pkg i'm not seeing why one works and the other doesn't.
07:03 ashmckenzie joined #salt
07:11 atmosx joined #salt
07:20 mavhq joined #salt
07:23 voidspacexyz1 joined #salt
07:26 antpa joined #salt
07:30 Rumbles joined #salt
07:34 malinoff joined #salt
07:35 babilen jeffspeff: You might want to open an issue for this (given that you've been unsuccessful in getting an answer here for some time now). If you configured something and/or maintain the content of that repository you might want to include that as well.
07:37 iggy I think there was an issue about versions_as_list
07:39 babilen I'm simply not touching Windows at all, but some tracebacks, more information pertaining to configuration and the actual complete error might help
07:40 bhosmer joined #salt
07:40 babilen My guess would be that .join() is being called on a list of ints rather than strings
07:42 babilen versions_as_list=True presumably never tries the conversion/join and works
07:43 felskrone joined #salt
07:43 babilen It could, for example, be that jeffspeff specified versions in his/her repo as "foo: 1" and not "foo: '1'"
07:43 babilen But then.... this is all guesswork
07:45 iggy I mean, yaml handles every (de)serialization perfectly... amirite?
07:46 krymzon joined #salt
07:51 slav0nic joined #salt
07:51 ruxu joined #salt
07:52 KermitTheFragger joined #salt
07:55 dariusjs joined #salt
07:55 malinoff joined #salt
08:03 brianfeister joined #salt
08:07 jambulance joined #salt
08:10 dgutu joined #salt
08:17 kawa2014 joined #salt
08:23 rotbeard joined #salt
08:27 Vaelatern joined #salt
08:27 neilf__ joined #salt
08:34 bhosmer joined #salt
08:34 garphy joined #salt
08:34 djgerm How do I find the corresponding states for a module doc?? I.e. I want the state guy for this https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.parted.html
08:35 AndreasLutro djgerm: not all modules have states
08:36 djgerm oh :( does that mean… i can't use them in state files?
08:36 babilen You can use https://docs.saltstack.com/en/latest/ref/states/all/salt.states.module.html
08:36 babilen Or write a state module yourself
08:37 djgerm :) someday! I will!
08:37 tweakism Am I correct in understanding that the data from an ext_pillar is cached between refreshes?  I want to make data from an API available by creating an external pillar, but I don't want the data to appear blank if the API isn't available.
08:38 babilen What do you want to happen instead?
08:38 babilen *boom!* ?
08:38 tweakism do ext_pillar's need to generally be refreshed manually/explicitly?  which is fine with me.
08:38 tweakism but yes.
08:39 AndreasLutro if you update it very frequently, then maybe
08:39 AndreasLutro I think it's cached at the same rate as other pillars? don't quote me on that
08:39 tweakism I was thinking if the API is unavailable, ext_pillar would raise an exception, and this would cause the previous cached data to remain valid rather than being replaced.
08:40 opdude joined #salt
08:40 AndreasLutro you should test it
08:42 GreatSnoopy joined #salt
08:44 tweakism that's quite a bit of work if it ends up w/ me learning that ext_pillar isn't the thing I need to be making.
08:44 tweakism but very well, if that's the only way to get an explaination of how they work.
08:50 geomacy joined #salt
08:55 kukacz joined #salt
08:56 jack_ joined #salt
08:56 Rumbles joined #salt
08:59 AndreasLutro I wish I could tell you, but if I could that just means I'd done the work of experimenting instead of you :)
09:01 antix_ joined #salt
09:03 tweakism I don't really care about the details at this point, maybe I shouldn't have gotten into them
09:04 tweakism I just want to know that is the API is unavailable, it won't cause a broken config to be created through states that use the the API data
09:04 tweakism so either the states refusing to run until the ext_pillar can be refreshed, or previous data remaining valid, needs to happen.  either one would be fine.
09:06 malinoff joined #salt
09:07 cangiani joined #salt
09:08 malinoff joined #salt
09:11 garphy joined #salt
09:11 aqua^c joined #salt
09:13 malinoff joined #salt
09:14 sfxandy joined #salt
09:16 totzky joined #salt
09:18 antix_ joined #salt
09:22 atmosx joined #salt
09:28 CeBe joined #salt
09:29 antix_ joined #salt
09:30 djgerm can a requirement for a another state be specified at the top of a state file?
09:35 antix_ joined #salt
09:40 fredvd joined #salt
09:41 jack_ joined #salt
09:41 jhauser joined #salt
09:48 keimlink joined #salt
09:49 s_kunk joined #salt
09:50 voidspacexyz joined #salt
09:52 brianfeister joined #salt
09:53 AndreasLutro djgerm: no, only states (not state files) can have requirements
09:53 amcorreia joined #salt
09:53 djgerm ok thanks!
09:55 djgerm if there's no apparent reason for a job to still be running, is it safe to kill it? and if so…. how do I do that?
09:57 ggoZ joined #salt
10:00 AndreasLutro probably not safe, no
10:00 AndreasLutro you don't know what it's doing
10:03 malinoff left #salt
10:03 malinoff joined #salt
10:06 ingslovak joined #salt
10:09 djgerm can I put the grain, that is the hostname inside of a state without a pillar or mine or anything?
10:12 djgerm for instance, I want the fqdn grain as a variable in a state.
10:15 av_ joined #salt
10:15 brianfeister joined #salt
10:20 tweakism alas, it doesn't seem to work how I wanted.
10:22 bhosmer joined #salt
10:23 AndreasLutro djgerm: {{ grains.fqdn }}
10:24 djgerm Thanks!!!
10:24 djgerm so easy!
10:24 impi joined #salt
10:29 jesusaurus joined #salt
10:40 Rumbles joined #salt
10:43 totzky joined #salt
10:46 jakwas joined #salt
10:47 PeterO joined #salt
10:47 impi joined #salt
10:49 jakwas joined #salt
10:50 giantlock joined #salt
10:57 djgerm when I run cmd.run, and my minions want some input, if there a way to expect that and give it?
10:57 wych joined #salt
11:03 teryx510 joined #salt
11:15 mmckenzie joined #salt
11:16 catpig joined #salt
11:16 cyborg-one joined #salt
11:16 djgerm is there a way to match a state in a state file to a minion with like an if statement?
11:22 babilen saltception?
11:22 babilen What are you trying to do?
11:22 djgerm I have no idea…. that was like 8 minutes ago…
11:23 babilen And you forgot what the question was about?
11:23 djgerm OH. I was trying to apply a few states to most minions in a file, but some of the states to only a few
11:23 djgerm based on minion id....
11:23 djgerm i just made it a separate sls
11:26 babilen Right
11:27 antpa joined #salt
11:32 voidspacexyz joined #salt
11:40 ronnix_ joined #salt
11:49 jav joined #salt
11:56 teryx510 joined #salt
11:58 djgerm I have a funny problem. I need a little sleep… between when I install a package and when the service starts… any thoughts?
12:00 rominf joined #salt
12:00 jack_ joined #salt
12:05 ruxu joined #salt
12:09 denys joined #salt
12:09 nkuttler djgerm: you mean you need to wait? why?
12:11 bhosmer joined #salt
12:11 jack_ joined #salt
12:16 jav joined #salt
12:19 shiriru joined #salt
12:27 ffredrikk joined #salt
12:29 ffredrikk Hi, I'm new to Salt and I'm setting up highstates for my Windows minions. I've created a custom winrepo package and I was wondering where I should place this. It requires a non-public binary installer, which is not available online so I can't put it in the official repo. What's the best practice approach here on where to place such custom package.sls files?
12:33 opdude_ joined #salt
12:37 opdude joined #salt
12:41 malinoff joined #salt
12:42 jack_ joined #salt
12:46 abednarik joined #salt
12:47 aqua^c joined #salt
12:54 teryx510 joined #salt
12:55 jack_ joined #salt
12:57 teryx5101 joined #salt
13:03 xf10e joined #salt
13:04 xf10e hi *
13:06 rem5 joined #salt
13:08 opdude @ffredrikk I haven't used the winrepo in a long time but probably you can either store it in the salt file repo or just stick it on a Samba share. I personally use chocolatey as I find it a lot more reliable
13:10 ffredrikk @optdude Yeah, I use chocolatey for everything else. It's the .sls itself I'm talking about. Currently I have it in /srv/salt/win/repo-ng/salt-winrepo-ng/ as the rest of the sls files from the repo gets downloaded there. But ideally I'd like to put the file somewhere more convenient. Just not sure how to make it accessible from some other location.
13:10 pwalsh joined #salt
13:10 KennethWilke joined #salt
13:11 ffredrikk sorry, that was supposed to be @opdude
13:12 ffredrikk @opdude - sounds like you're managing windows machines. Do you know how to run the win_service module in a state? I can't figure it out: http://pastebin.com/6UmSsyee
13:12 opdude I manage widows, linux and OSX, plus a bunch of Consoles ;)
13:13 xf10e chocolatey works fine for you guys? good to know, got some windows boxes waiting to get salted
13:14 opdude @ffredrikk I didn't ever need to use this module, but really if i was to use it i'd create a state file in _states/win_server.py and get it to do it properly
13:14 giantlock joined #salt
13:15 ffredrikk ok, thanks
13:15 opdude @ffredrikk what you wrote looks sane, what actually happens?
13:16 opdude @xf10e yes and if you want to have private chocolatey packages (For example we have some top secret binaries from our partners) then you can use something like ProGet as your source
13:16 ffredrikk @opdude I'm getting "Module function win_service.config is not available"
13:17 geomacy joined #salt
13:17 opdude ah i see why
13:17 opdude __virtualname__ = 'service'     you need to change win_service to service
13:18 ffredrikk @opdude where do you see that? - actually, when doing that I get the same error: "Module function service.config is not available"
13:19 opdude I looked in the source code for the module
13:19 xf10e opdude: luckily we have to windows-based secret sauce ;)
13:20 opdude @ffredrikk can you run it directly from the command line?
13:21 xf10e ffredrikk: did you check `salt $MINION sys.list_state_functions service` and the minion's log?
13:22 xf10e sounds like the module fails to load
13:23 ffredrikk @opdude when I run it from the commandline I get "'service.config' is not available."
13:23 opdude I would do as @xf10e says then and see if there are any errors from the source code it looks like it only requires windows though
13:24 ffredrikk @xf10e hm, when I run that command I don't see win_service, but I see other win* modules such as win_firewall, win_servermanager etc
13:24 djgerm left #salt
13:25 ffredrikk I see service.dead|disabled|enabled|mod_watch|running as well
13:25 xf10e ffredrikk: crank the minion's up logging to debug and check its log
13:26 ffredrikk hm, the minion is complaining about a bunch of python packages....
13:26 ffredrikk i think that's because I ran the minion-debug.bat
13:26 ffredrikk need to start it properly
13:28 akhter joined #salt
13:28 xf10e ah, win_service.config is a execution module, not a state module
13:28 lompik joined #salt
13:29 xf10e so you have to check `salt $MINION sys.list_functions win_service`
13:29 ffredrikk @xf10e yea, but I try to run it using module.run: http://pastebin.com/6UmSsyee
13:29 opdude @ffredrikk which version are you running?
13:29 ffredrikk 2015.8.5
13:30 opdude hmm okay,  does `service.get_enabled` work?
13:30 xf10e ffredrikk: still it says "Module function service.config is not available"
13:30 DammitJim joined #salt
13:30 xf10e doesn't it?
13:31 ffredrikk yup
13:31 ffredrikk yes, service.get_enabled work
13:32 opdude i wonder if the function is missing on your version or not
13:33 ffredrikk @opdude you mean if it is listed when running service.get_enabled? no, i can't see it there
13:33 opdude no :) i mean that the module was updated with this function *after* the version you have
13:33 ffredrikk hm.. but it's in the 2015.8.5 docs
13:34 opdude i checked my version of 2015.8 and i don't have it
13:34 ffredrikk but that *would* explain what's going on
13:34 opdude but mine is a bit of a fork so i might be out of sync
13:34 ffredrikk so how can you tell it's actually not in your version? is it by running sys.list_functions ?
13:35 opdude https://github.com/saltstack/salt/blob/v2015.8.5/salt/modules/win_service.py
13:35 opdude according to the source code that method isn't there
13:36 opdude are you sure you were not looking at a newer version of 2015.8 on the docs?
13:36 ffredrikk uhh oh man
13:36 ffredrikk i was looking at this, and the checkbox in the TOC says 2015.8.5 https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.win_service.html#salt.modules.win_service.config
13:37 ffredrikk so i assumed ... but in the URL it says "latest"
13:37 ffredrikk not really sure what i'm looking at
13:37 xf10e ffredrikk: you could check the code's commit messages on github ;)
13:37 JDiPierro joined #salt
13:38 opdude You can either update your salt version or take the latest version of win_service and drop it in your _modules directory
13:38 ffredrikk might as well update my salt version, since there are probably more goodies i want in a later release
13:39 ffredrikk since I'm new to salt, how do i go about to update the salt master and the salt minion from within salt? can i do that?
13:39 ffredrikk the salt master is running in centos 7 and the minion is win10
13:40 jack_ joined #salt
13:41 johnkeates joined #salt
13:41 numkem joined #salt
13:42 xf10e ffredrikk: for centos you can use the salt-formula and run `salt-call state.sls salt.pkgrepo` and `salt-call state.sls salt.master` on the master
13:42 johnkeates so, there still is no public salt package repository for spm, is there...
13:43 ssplatt joined #salt
13:43 xf10e johnkeates: spm?
13:43 opdude I actually change my salt versions all the time like once or twice a week so I just have a cloned git repo which gets auto updated. Probably not the usual ;)
13:44 johnkeates sum, the magic that was to replace saltstack-formulas
13:44 johnkeates spm*
13:47 xf10e huh, haven't heard of this one yet
13:48 jeddi joined #salt
13:48 ffredrikk @xf10e I ran that command and that gave me lots and lots of this error: Exception ValueError: 'I/O operation on closed file' in <bound method SyncWrapper.__del__ of <salt.utils.async.SyncWrapper object at 0x36e8690>> ignored
13:48 xf10e ffredrikk: on the master or the windows-minion?
13:48 ffredrikk well I ran salt-call 'DESKTOP*' state.sls salt.pkgrep
13:49 ronnix_ joined #salt
13:50 giannello joined #salt
13:50 xf10e 1st: salt-call talks to the local minion so no targeting; 2nd: I don't think there's a state funktion handling pkgrepos on windows...
13:51 antpa joined #salt
13:51 bhosmer joined #salt
13:51 opdude i wonder if you just need to run the newer msi on windows
13:51 opdude not sure :)
13:51 ffredrikk newer msi?
13:51 ffredrikk i thought i had the latest with 2015.8.5
13:52 opdude https://docs.saltstack.com/en/latest/topics/installation/windows.html
13:52 opdude ah.. you see thats where you hit a wall
13:52 ffredrikk that's the one i have
13:52 opdude i guess they didn't build a newer version
13:53 opdude this is exactly why I do mine a bit differently :)
13:53 ffredrikk so how do you go about installing newer versions on all your minions?
13:54 opdude i have a clone of the git repo, and then i just install with `pip install -e .` and then update the git repo when I want changes.. it's probably not the most recommended way to do it
13:54 opdude in your case I would just throw that module in _modules
13:54 subsignal joined #salt
13:54 ffredrikk yeah, sounds like an easier solution right now
13:55 ffredrikk so you basically have a git repo on each minion as well as on the master?
13:55 ffredrikk are you cloning the develop repo?
13:55 subsignal joined #salt
13:56 jack_ joined #salt
13:57 opdude pretty much yes, and no i don't clone develop :) I have a fork from 2015.8 which I update with things that I push to develop so essentially i have stable + things I need noaw
13:58 ffredrikk hm, ok
13:58 ffredrikk well, thanks guys. I clearly need to figure out how to deal with versions.
13:59 rofl____ if i have a pillar with a list of several hostnames ( - hostname ), how can i get the first entry by pillar.get ?
13:59 johnkeates you can't
13:59 johnkeates you'll need to either map or iterate
13:59 rofl____ oh
13:59 johnkeates pillar.get['thing'][0] -style stuf might do it too
14:00 johnkeates but that's more python than salt
14:01 rofl____ right
14:01 rofl____ thats what i was looking for
14:01 johnkeates you'd have to find the right syntax
14:01 johnkeates and it might only work in certain cases, like in JINJA or the CLI but not in states etc.
14:02 johnkeates but i bet you have enough pointers to sort it out :)
14:02 rofl____ johnkeates: thx :)
14:05 rofl____ johnkeates:  salt-call pillar.get meetv:static:nginx:hostnames:0
14:05 rofl____ worked in the cli
14:05 rofl____ wish me luck ;)
14:05 johnkeates good luck ;)
14:05 cangiani joined #salt
14:07 jack_ joined #salt
14:08 malinoff joined #salt
14:09 hasues joined #salt
14:09 hasues left #salt
14:13 Meili joined #salt
14:13 antpa joined #salt
14:15 antpa joined #salt
14:15 Meili Hey guys, quick question. I'm writing a custom state module and I want to call another state. There is supposed to be a global clalled __states__ but I get a not defined error.
14:16 Meili Any idea what could be the cause?
14:16 ffredrikk @opdude - hm, I just checked inside of my /usr/lib/python2.7/site-packages/salt/modules .. and I have win_service.py in there.
14:17 opdude yes but i bet the file doesn't contain the ``def config(
14:17 kusams joined #salt
14:18 ffredrikk @opdude correct. so it's an old placeholder or something?
14:18 opdude its just a new function added
14:18 racooper joined #salt
14:19 ffredrikk I downloded the newest win_service.py into the modules folder, but how do I get this out onto minions?
14:19 ffredrikk is there any built-in facility for that?
14:19 Meili @ffrederik: is het a state or exec module?
14:19 Meili *it
14:19 johnkeates left #salt
14:20 ffredrikk well, it's in /salt/modules
14:20 ffredrikk so i guess exec
14:20 Meili yeah... my experience is that the folder should be name _modules and should be referenced in file_roots
14:20 opdude you need the underscore _modules
14:20 Meili it won't work without the underscore
14:21 ffredrikk so, I should create a new folder /salt/_modules ... and place it in there?
14:21 Meili correct
14:21 ffredrikk and then I add this to my file_roots?
14:21 Meili i believe so, yes
14:21 ffredrikk hm
14:21 ffredrikk I'll try that now
14:22 Meili then you must execute saltutil.sync_modules or saltutil.sync_all to distribute to the nodes. state.highstate also automatically distributes the modules
14:24 Meili @ffredrikk: be sure to restart the master after you change to configuration
14:25 giantlock joined #salt
14:26 cpowell joined #salt
14:27 scoates joined #salt
14:27 evle joined #salt
14:27 antpa joined #salt
14:28 ffredrikk Unfortunately, I can't see the win_service listed after restart/sync
14:28 cpowell joined #salt
14:30 jack_ joined #salt
14:30 ronnix_ joined #salt
14:32 lothiraldan joined #salt
14:32 nobrak joined #salt
14:32 nobrak joined #salt
14:33 akhter joined #salt
14:33 LondonAppDev joined #salt
14:34 ronnix joined #salt
14:34 Meili @ffrederikk what do you mean by listed?
14:37 perfectsine joined #salt
14:43 Tanta joined #salt
14:45 nyx_ joined #salt
14:46 tracphil joined #salt
14:46 joshin joined #salt
14:46 joshin joined #salt
14:47 Tyrm joined #salt
14:47 Tyrm joined #salt
14:50 s_kunk joined #salt
14:50 s_kunk joined #salt
14:51 giantlock joined #salt
14:52 ffredrikk Is it possible to run a specific state.sls file somehow? Like: salt '*' mystates.somestate
14:52 Muchoz joined #salt
14:52 ffredrikk @Meili I can't see the win_service module when I sync and then run salt '*' sys.list_functions
14:53 spiette joined #salt
14:54 Meili @ffredrikk: did you restart the master and did you run salt '*' saltutil.sync_all
14:54 ffredrikk yes, i did
14:55 Meili the first time you ran saltutil.sync_all, did you see the module there?
14:55 ffredrikk no
14:55 Meili ok, can you show me what you have under file_roots
14:56 ffredrikk file_roots:
14:56 ffredrikk base:
14:56 ffredrikk - /srv/salt/
14:56 ffredrikk - /usr/lib/python2.7/site-packages/salt/_modules
14:57 Meili I see I've been mistaken about the file_roots, you can remove that line, and move your _modules folder to /srv/salt
14:57 Netwizard joined #salt
14:57 ffredrikk oh ok
14:58 ffredrikk ah, now it seems to work!
14:58 Meili good
14:58 ffredrikk # salt '*' saltutil.sync_modules
14:58 ffredrikk DESKTOP-JF4T3LQ:
14:58 ffredrikk - modules.win_service
14:59 ffredrikk how can I be sure it got synced, when win_service is not in the list when I run `salt '*' sys.list_functions` ?
14:59 zmalone joined #salt
15:00 Meili is it still not there?
15:01 ffredrikk no it's not - but the module works
15:01 ffredrikk I can run e.g. salt '*' service.available <service name>
15:01 ffredrikk this is awesome, thank you so much Meili!
15:01 ffredrikk for some reason it's not listed in that function call
15:01 ffredrikk but it works
15:02 Meili thats odd, as I can see my custom exec module functions
15:02 xf10e ffredrikk: there's a `saltutil.refresh_modules` I think. If it's working but not listed in `sys.list_functions` there's a bug ;)
15:02 Meili but glad I could help you out
15:03 Meili Soooo... back to my own pains. Any knows how I can call a state from my custom state module?
15:03 _JZ_ joined #salt
15:04 hasues joined #salt
15:04 hasues left #salt
15:06 xf10e Meili: you want to call another state function?
15:06 Meili xf10e: yes, according to the docs there should be a global __states__ containing all states.
15:06 Meili but... it aint defined
15:07 xf10e do the docs match the version you're running?
15:07 Meili good question, let me check
15:07 * xf10e never called a _state_ function from a custom module...
15:07 jack_ joined #salt
15:09 Meili awesome... I'm one release behind...
15:09 Meili well, I just want to abstract a file.managed behind some custom logic
15:10 perfectsine joined #salt
15:12 zmalone It looks like the topic needs to be updated.
15:15 Meili indeed...
15:15 mavhq joined #salt
15:15 andrew_v joined #salt
15:15 Meili *hit head against the wall*
15:15 PeterO joined #salt
15:18 mavhq joined #salt
15:23 _JZ__ joined #salt
15:24 teryx510 joined #salt
15:25 teryx510 joined #salt
15:25 mavhq joined #salt
15:27 teryx5101 joined #salt
15:27 lothiraldan joined #salt
15:27 XenophonF from an execution module you'd generally want to call another execution module's functions, not a state module's
15:28 edrocks joined #salt
15:29 Brew joined #salt
15:29 jack_ joined #salt
15:29 malinoff joined #salt
15:35 perfectsine joined #salt
15:36 zsoftich2 joined #salt
15:39 winsalt joined #salt
15:40 ssplatt if i run ‘salt * mymodule’, how do i get the current hostname or minion id as a variable in the module?
15:40 toastedpenguin joined #salt
15:41 ssplatt would i just use salt.loader.grains(__opts__)
15:41 ssplatt or is there a better way
15:42 jack_ joined #salt
15:44 digitalhero joined #salt
15:45 mapu joined #salt
15:48 morissette joined #salt
15:52 tinyhippo joined #salt
15:52 nexus2000 joined #salt
15:53 nexus2000 are there anyway to check if a variable is a dict like in python (isinstance) inside a jinja template?
15:54 zsoftich3 joined #salt
15:54 nexus2000 I'm trying "{%- if isinstance(value,dict) -%}" but it says "Unable to manage file: Jinja variable 'isinstance' is undefined"
15:55 WesleyTech joined #salt
15:57 jack_ joined #salt
15:58 xf10e nexus2000: you need to rely on jinja's tests
15:58 xf10e {% if value is mapping %}
15:58 xf10e which won't work on CentOS 6 because its jinja is do old
15:59 nexus2000 thanks, so for centos 6 is impossible to check that things?
15:59 nexus2000 I mean, without upgrade jinja
16:01 zmalone I thought the repo.saltstack.com packages for centos 6 included jinja 2.2.1?
16:01 akhter Anyone mind helping me with my jinja?  For some reason I'm not getting any returns from the minion.
16:02 nexus2000 python-jinja2-2.2.1-2.el6_5.x86_64; taken from centos 6
16:02 nexus2000 but it fails; Jinja syntax error: no test named 'mapping';
16:03 zmalone sure enough, and on other platforms, you get a way more recent jinja
16:03 zmalone it's pretty weird that the salt packaging doesn't include a more modern jinja for those platforms
16:04 Kelsar joined #salt
16:04 akhter nexus2000: What about using type()?
16:05 ronnix joined #salt
16:06 nexus2000 akhter: doesn't work
16:06 akhter Same error?
16:07 nexus2000 yes: Jinja syntax error: no test named 'dict'
16:07 akhter =\ I guess I'm not the only one having problems with jinja.
16:08 nexus2000 indeed XD
16:09 Aleks3Y joined #salt
16:09 jack_ joined #salt
16:09 robinsmidsrod joined #salt
16:12 akhter Can anyone tell me why this wouldn't work?  https://gist.github.com/AkhterAli/08dbe5f0036ade5bd112
16:12 whytewolf unforchantly the mapping test is in jinja 2.6 and as pointed out the type test doesn't work because jinja doesn't reconize dict [which is in all versions.] I can't say why 2.2.1 is the jinja default for cent 6. cause honestly I don't know
16:13 nexus2000 thanks
16:13 whytewolf akhter: your comment looks to be lacking indentation
16:13 akhter whytewolf: Sorry that's due to formatting on gist.
16:13 akhter They're two space indentation.
16:14 XenophonF akhter: any errors in the minion log?
16:14 whytewolf akhter: use ``` on the line before the code and ``` on the line after the code in gist comments
16:14 pduersteler joined #salt
16:14 nexus2000 akhter: which is the output of the state?
16:14 akhter whytewolf: XenophonF: No.
16:14 akhter The output is on the comment.
16:15 akhter Fixed the indentation.
16:15 akhter whytewolf: XenophonF: This happens on a docker container AND on an ec2 instance, so it's not due to docker.
16:15 whytewolf akhter: try salt 'minion' state.show_sls on the state file in question
16:16 whytewolf or state.show_highstate
16:16 XenophonF akhter: your pillar data structure doesn't match what you're looking for in the loop
16:16 zsoftich4 joined #salt
16:17 akhter XenophonF: What do you mean?
16:17 akhter service_accounts:teamcity, isn't that right?
16:18 XenophonF akhter: your for loop wants all of the dictionaries in service_accounts.teamcity (python syntax)
16:18 akhter whytewolf: I've returned state.show_state on the comment.
16:18 akhter Should it be stated as "service_accounts.teamcity" rather than "service_accounts:teamcity"?
16:18 dfinn joined #salt
16:19 XenophonF python syntax
16:19 akhter Right, but I'm not sure if it's the same in jinja syntax.
16:19 XenophonF akhter: so the first time through the loop, variable args contains '{"user": "teamcity"}' (again, python syntax)
16:20 nexus2000 fyi: the centos 6 problem with mapping jinja test can be solved upgrading the jinja2 through pip; dirty, but it works
16:20 XenophonF akhter: and the second time through the loop, variable args contains '{"fullname": "teamcity"}'
16:20 XenophonF akhter: and the third time through the loop, variable args contains '{"shell": "/bin/bash"}'
16:21 akhter XenophonF: Does the ordering matter between SLS and pillar?
16:23 XenophonF akhter: so you need to use `salt['pillar.get']("service_accounts", {}).items()` or `salt['pillar.get']("service_accounts", {})|dictsort` (more Jinja-y)
16:23 zerthimon joined #salt
16:23 akhter XenophonF: Couldn't I use {{ args.get('home', '') }} in its place, thought that would be the same.
16:23 akhter Right but that would iterate through all service accounts, I just want teamcity.
16:23 akhter hence service_accounts:teamcity, {}
16:24 XenophonF akhter: sorry bud, you're doing it wrong then
16:24 akhter Might point a way where I might do it correctly then?
16:24 XenophonF akhter: you don't need a for loop
16:24 akhter For loop isn't a requirement.
16:24 XenophonF akhter: replace it with an if
16:24 rihannon joined #salt
16:24 aqua^c joined #salt
16:25 zerthimon Does anyone here use dockerng module to manage containers ?
16:25 akhter XenophonF: I could also set a variable to the particular pillar, correct?
16:25 XenophonF akhter: something like `{% set teamcity = salt['pillar.get']("service_accounts:teamcity", {}) %}`
16:25 akhter Yeah.
16:25 akhter Okay, that works.
16:25 XenophonF akhter: then `{% if teamcity %}`
16:25 XenophonF etc.
16:26 XenophonF akhter: make sense? you're not iterating over a dictionary if you just want one member of said dictionary
16:26 XenophonF akhter: also you might be interested in https://github.com/saltstack-formulas/users-formula
16:26 leev zerthimon: i used it the other day to setup a local registry and manage that.
16:26 akhter That makes sense, although I don't think I need the if condition everywhere.
16:27 akhter XenophonF: Thanks.
16:27 pduersteler Hi all. I'm struggling a bit with service.* states. I added an absent statement and then conditionally added service.disabled with "- name" and service.dead with "- name", but this yields "contains multiple state declarations of the same type". How would I write that correctly?
16:27 whytewolf akhter: I added a comment to your gist for a version that has a for loop [in case you do have more then one account]
16:28 zerthimon leev: do you have SLS state with dockerng.* modules you can run remotely  on minions (from salt master) with salt nodename state.sls ?
16:29 akhter XenophonF: Thanks, I've got something like that already but that only works on parent level dictionaries.
16:29 akhter Let's see if this works.
16:29 tkeith Re-asking from yesterday since I didn't get any answers: Is there a firewall that's recommended for use with salt (for rejecting incoming connections on all ports except a whitelisted set - 22, 443, etc)? I normally use ufw but it doesn't seem to integrate nicely with salt.
16:29 jack_ joined #salt
16:30 whytewolf tkeith: any firewall you want to use. you just have to actually set it up
16:30 XenophonF tkeith: which operating system?
16:30 akhter XenophonF: Thanks for all your help.
16:30 roock joined #salt
16:30 ruxu joined #salt
16:30 XenophonF tkeith: e.g., on RHEL/CentOS 7, i've configured firewalld via https://github.com/saltstack-formulas/firewalld-formula
16:31 tkeith whytewolf: I'm ok with any (simpler is better, I usually like ufw but haven't found good salt integration, and running the commands normally via salt causes the minion connection to be interrupted)
16:31 tkeith XenophonF: Ubuntu & Debian (mainly Ubuntu)
16:31 XenophonF tkeith: so Linux
16:31 ruxu joined #salt
16:31 XenophonF tkeith: underneath they're all iptables/netfilter
16:31 gtmanfred took me a month to figure out that my iptables rules were killing my initial salt minion -> master connection, that was painful
16:31 tkeith XenophonF: I didn't even realize salt ran on anything else
16:32 tkeith gtmanfred: I got lucky because UFW had good logging
16:32 gtmanfred heh, i just didn't look into it for a month
16:32 whytewolf ufw = front end for iptables
16:32 * XenophonF wishes the kids would just get off his damn lawn already.
16:32 tkeith XenophonF: I'm just looking for the most "salt-friendly" way of doing it
16:32 XenophonF tkeith: https://docs.saltstack.com/en/latest/ref/states/all/salt.states.iptables.html
16:32 tkeith gtmanfred: Did you any good solutions for that problem?
16:33 gtmanfred tkeith: i actually  wrote a script to login and restart salt-minion on all of them first
16:33 XenophonF tkeith: you can set suitable firewall rules directly
16:33 XenophonF tkeith: iirc ufw will save and restore firewall rules
16:33 gtmanfred tkeith: yeah, my solution was to set the DROP rule as the last rule in the list, instead of the default policy
16:33 gtmanfred and then everything worked
16:33 gtmanfred though, it shouldn't have made a difference, because i had -m state --state ESTABLISHED,RELATED as my first rule before setting the default policy
16:33 XenophonF tkeith: you might also be interested in https://github.com/mariodpros/ufw-formula
16:33 KennethWilke joined #salt
16:34 XenophonF tkeith: and for the record i'm using salt to manage a small fleet of unix (freebsd and openindiana) and windows servers ;)
16:34 whytewolf yeah salt works on almost anything that runs python
16:34 tkeith gtmanfred: Could you send me an example of your config? I've only ever used iptables via ufw so I'm a little concerned about messing up my security
16:34 tkeith XenophonF: Wow that sounds scary...
16:34 XenophonF tkeith: not at all!
16:35 gtmanfred tkeith: https://github.com/gtmanfred/openstack-salt-states
16:35 gtmanfred tkeith: each state pulls in the defaults from here https://github.com/gtmanfred/openstack-salt-states/tree/master/iptables
16:35 XenophonF tkeith: also, that ufw-formula thing might do everything you need
16:35 gtmanfred and they set their own in files like this https://github.com/gtmanfred/openstack-salt-states/blob/master/novaapi/iptables.sls
16:38 whytewolf one of these days everyone writing an openstack formula show get together and actualy try to come up with a generic setup that works for the magority of people. cause there are a LOT of salt openstack formulas out there and they are all WAY different
16:39 * XenophonF nods sagely
16:39 whytewolf I'm guity of this as well cause i am about to embark on my third iteration
16:39 XenophonF problem is most formula writes assume particular openstack designs
16:40 tkeith It looks like the ufw-formula uses pillars for configuration which means I can't open ports in the application state files right? It seems like a weird way to do it (maybe I'm missing something, I'm pretty new to salt)
16:40 whytewolf XenophonF: I know. which stems from the fact there are just way to many ways to setup openstack
16:40 tkeith I feel like I should learn iptables directly anyway
16:41 xf10e nexus2000: if you still haven't your test for dict, here is an ugly workaround, that works on CentOS 6: https://github.com/saltstack-formulas/salt-formula/issues/193#issuecomment-181394013
16:41 saltstackbot [#193]title: [CentOS 6] `mapping` test not supported, master config cannot be generated | Unfortunately, since CentOS 6 only ships with Jinja2 2.2.1, the `mapping` test is not supported. Looking through the documentation, I don't see anything else equivalent to it (both `iterable` and `sequence` test true for dicts and lists), so I'm not sure how to maintian functionality without that test....
16:42 whytewolf so any true generic openstack formula would need to be fully modular with an almost intelagent config system
16:43 mpanetta joined #salt
16:43 whytewolf it would also need to fall with in the 6 month release cycle of openstack while keeping older supported versions going
16:43 XenophonF i'm trying to write one that defaults to what the devstack will give you, but can be broken out into a multi-tier setup like what the deployment docs recommend
16:44 XenophonF https://github.com/irtnog/openstack-formula
16:44 XenophonF but it _only_ touches openstack stuff
16:44 whytewolf I wrote mine based on the install guide for openstack. with a few tweeks that i needed such as openvswitch configs
16:44 XenophonF same here
16:44 gtmanfred whytewolf: that is what openstack-salt is supposed to be
16:45 jack_ joined #salt
16:45 XenophonF i also wrote mine assuming that people would use other formulas for configuring those services, e.g., mysql-formula, users-formula, rabbitmq-formula
16:45 gtmanfred supposed to mirror openstack-ansible
16:45 onlyanegg joined #salt
16:45 gtmanfred whytewolf: https://github.com/openstack/openstack-salt
16:45 gtmanfred whytewolf: mine are specifically written to do a cluster inside of rackspace cloud servers, so not really ... usefull
16:45 XenophonF unfortunately my devstack server died, and i haven't had time to replace it
16:45 whytewolf I remebeer trying it and it failing on me
16:46 whytewolf XenophonF: yeah that is another difference. I personally don't use modules. I work with my own home build stuff
16:47 whytewolf s/modules/formulas
16:47 tligda joined #salt
16:47 PeterO joined #salt
16:47 gtmanfred whytewolf: https://github.com/gtmanfred/openstack-salt-states/blob/master/scripts/net and https://github.com/gtmanfred/openstack-salt-states/blob/master/networks/natroutes.sls let the servers route about inside the cluster
16:47 gtmanfred so that i could play with mistral
16:47 XenophonF oh and the nova config files drive me absolutely crazy
16:49 whytewolf nova is easy neutron is the hard one when it comes to modularity. which backend do you want. want LBaaS? or LBaaSv2? oh want the cisco driver instead of openvswitch? oh your going with linuxbridges?
16:49 johnkeates joined #salt
16:49 gtmanfred yes, shits crazy
16:49 XenophonF they make having composable state modules really difficult
16:49 gtmanfred also, it took me forever to figure out why my packets were being dropped with neutron, until i finally dropped the mtu on my dhcp server to 1400, and realized it was the vxlan metadata making packets too big
16:50 onlyanegg joined #salt
16:50 XenophonF like, i want to be able to have openstack/nova/init.sls just include openstack/nova/{controller,compute,networking} (or whatever it is nowadays)
16:51 gtmanfred one day, someone else will do it
16:51 whytewolf nova-network is pretty dead. neutron now has all the provisioner network stuff from it
16:52 whytewolf gtmanfred: hopefully. I know that someone else will not be me :P
16:52 gtmanfred :)
16:54 abednarik joined #salt
16:54 xf10e XenophonF, whytewolf: well, we should talk about the design of an openstack-formula then\
16:56 whytewolf I would be down for that someday. I just have an issue with time. :/
16:57 whytewolf gtmanfred: just looked into openstack-salt. and there seems to be a lack of openstack, or salt in that repo
16:57 gtmanfred they just started it
16:57 kusams joined #salt
16:57 gtmanfred it says a couple months, but they are just getting started with making it like openstack-ansible's project
16:58 gtmanfred still waiting on their governance page http://governance.openstack.org/reference/projects/openstacksalt.html
16:58 kusams joined #salt
16:58 gtmanfred and #openstack-salt is pretty bare right now
17:00 gtmanfred whytewolf: actually, it is a shitton of submodules
17:00 gtmanfred well, not a shitton, but a few
17:00 gtmanfred https://github.com/openstack/openstack-salt/blob/master/.gitmodules
17:01 xf10e basepi, jfindlay: The channel's topic still says the latest version in 2015.8._4_ ;)
17:01 basepi good call, I'll update it
17:01 whytewolf ahh submodules ...
17:01 gtmanfred yeah
17:02 Topic for #salt is now Welcome to #salt! | Latest Version: 2015.8.5 | Register for SaltConf16: http://saltconf.com/register/ | Paid support available for open source Salt! https://www.saltstack.com/support/ | Logs: http://irclog.perlgeek.de/salt/ | Paste: https://gist.github.com/ (please don't multiline paste into channel) | Ask with patience as we are volunteers and may not have immediate answers
17:02 xf10e gtmanfred: interesting... obvsly not something one would mention in the README...
17:02 ruxu joined #salt
17:02 gtmanfred heh
17:02 gtmanfred that was what I thought
17:02 gtmanfred i had to go through their git commits to figure out where everything was
17:03 whytewolf lol.
17:03 akhter joined #salt
17:03 gtmanfred i am going to have to play with this later
17:03 whytewolf humm. each module looks like it has it's own set of pillars with out any sharing between them ...
17:04 gtmanfred fix it :P
17:04 jack_ joined #salt
17:05 whytewolf s/fix/rewrite from scratch
17:05 whytewolf :P
17:05 gtmanfred fair
17:05 whytewolf although it is nice they have a base for different hypervisors
17:05 xf10e oooh, yay, the openstack-salt folks disabled the issues on github...
17:06 gtmanfred because it is an openstack project
17:06 gtmanfred and they do everything in launchpad
17:06 ssplatt whytewolf: i think ‘external pillar’ is kind of what i was looking for yesterday. i basically want to define pillar data that is only available to a custom module, so I am thinking it should live in a different directory than the ‘regular’ pillar data.
17:06 gtmanfred and gerrit
17:07 gtmanfred xf10e: https://review.openstack.org/#/q/project:openstack/openstack-salt
17:07 whytewolf ssplatt: external pillars still fill in pillar
17:07 gtmanfred xf10e: https://launchpad.net/openstack-salt
17:07 gtmanfred should go to each individual formula though
17:08 gtmanfred well, once it is an official project
17:09 grumm_servire joined #salt
17:11 xf10e huh, seems like I didn't restart my syndics after updating salt to 2015.8.5. would explain the strange behavior.
17:11 whytewolf oh yeah that would cause problems
17:12 ssplatt whytewolf: so there is no way to set a new pillar dir on the fly in a module? like if i made /etc/salt/minion.d/test.conf, and had test: pillar_dir: /srv/testpillar.  then in my module pillardir = __salt__[config.get](‘test:pillar_dir’), then __opts__ = __salt__[pillar.get](items)
17:13 xf10e whytewolf: like the contents of the return for pillar.items not getting past the syndic to the upper master...
17:13 whytewolf xf10e: okay, that is strange.
17:15 JDiPierro joined #salt
17:15 jack_ joined #salt
17:16 whytewolf ssplatt: not really, i mean you might be able to but you will compleatly fubar pillar in doing so. pillar is actualy mostly read from a cache. so you would need to update the cache. and also set the pillar dir back then refresh the cache to cleanly close out your module
17:16 perfectsine joined #salt
17:16 ssplatt hmm.
17:16 wangofett joined #salt
17:17 whytewolf and personally I would hate to be any team that followed you
17:22 jack_ joined #salt
17:22 bhosmer joined #salt
17:23 perfectsine joined #salt
17:24 ssplatt if i put the data in pillar/test. and have pillar/top.sls include “base:  ‘*’:  - test”, can i then try to break out the pillar/test/top.sls with hostname globs?
17:24 ssplatt not sure if that makes sense
17:24 malinoff joined #salt
17:24 antpa joined #salt
17:25 impi joined #salt
17:26 ssplatt so pillar/test/top.sls might look like “base: ‘*’: - global        ‘web*’: - webthings”
17:26 kawa2014 joined #salt
17:28 onlyanegg joined #salt
17:29 ffredrikk joined #salt
17:30 xf10e ssplatt: no, you can't. only a the one top.sls per environments get's treated as the topfile
17:31 ssplatt hmm i figured.
17:31 xf10e bye *
17:32 ssplatt i guess i’d have to do something like ‘host*’:  - test.group     and test/group would include: global
17:33 ssplatt i guess i kind of do something like that now with my fomulas, where i define a defaults.yaml, and that gets merged with the custom
17:35 XenophonF whytewolf, gtmanfred: you've inspired me to re-build my devstack environment, so that i can continue my work re-inventing wheels ;)
17:35 akhter joined #salt
17:35 whytewolf lol XenophonF
17:35 whytewolf I'm waiting on a new deploy server. which should be here next week :/
17:36 gtmanfred heh
17:37 djgerm joined #salt
17:38 akhter joined #salt
17:38 beardedeagle joined #salt
17:40 basepi So this is a thing. :'(  https://groups.google.com/d/msg/salt-users/3b47jxMuZ1c/Fz5kr_t0CgAJ
17:40 basepi But also :)
17:41 whytewolf oh very nice basepi, congratz on the new position
17:41 whytewolf can you get me a deal on creative cloud ;)
17:41 basepi Thanks. :)
17:41 basepi hahaha
17:42 beardedeagle Congrats @basepi
17:42 tligda basepi: Best wishes in the new frontier!
17:42 basepi I'll be on the marketing analytics side, which is lesser-known than their media side but doing really cool things
17:42 Muchoz Can anyone explain to me why I'm getting "State pyenv.installed found in sls python is unavailable" on the second state in this file? The following states fail because of the requirements. http://hastebin.com/xulatakaho.yml
17:42 basepi beardedeagle: tligda: whytewolf: thanks!
17:43 whytewolf Muchoz: version info needed [operating system, salt and python]
17:45 Muchoz whytewolf, Ubuntu 12.04, salt 2015.8.3, python 2.7.10 (from the virtualenv this is run, right?)
17:45 whytewolf Muchoz: yeap the virtualenv is what is needed.
17:46 Muchoz It's Ubuntu 12.04 in the vagrant box, my system is OSX 10.11.4 Beta
17:46 abednarik joined #salt
17:46 Fiber^ joined #salt
17:46 Muchoz mb
17:47 jack_ joined #salt
17:47 impi joined #salt
17:47 jrgochan Hey all. Anyone have a good guide for managing firewalld with salt?
17:48 akhter joined #salt
17:48 nymph joined #salt
17:48 whytewolf that shouldn't matter. odd. pyenv doens't have a __virtual__ so should be there no matter what.
17:48 nymph left #salt
17:49 gtmanfred zomg, how did i miss the pyenv state, awesome
17:49 jfindlay whytewolf: I was wondering the same thing
17:49 * Muchoz hopes he is not to blame for the problem...
17:50 jfindlay Muchoz: can you run `sys.state_doc pyenv`?
17:50 Muchoz No problem
17:52 JDiPierro joined #salt
17:53 Muchoz jfindlay, it won't run because /etc/salt/ doesn't exist. I sync it into /etc/ instead of /etc/salt so that might be the problem?
17:54 jfindlay Muchoz: I would expect `sys.state_doc pyenv` and using pyenv in an sls file to both succeed or both fail together
17:54 jack_ joined #salt
17:54 XenophonF congrats basepi!
17:55 basepi thanks XenophonF !
17:56 brianfeister joined #salt
17:56 numkem joined #salt
17:57 KajiMaster joined #salt
17:57 Muchoz jfindlay, salt '*' sys.state_doc pyenv   returns http://hastebin.com/ohoganohep.pas Does the Vagrant shared folder need to be in /etc/salt/? And that needs to contain the top.sls?
17:59 jrgochan putting a python state file in /srv/salt/_states/ should overwrite the default, no?
18:00 jfindlay Muchoz: that errors would likely lead to others problems
18:01 jrgochan nm, got it. had to saltutil.sync_states
18:02 ffredrikk joined #salt
18:05 baweaver joined #salt
18:05 beardedeagle @jfindlay, I finally got that RPM for winexe 1.1 published, company updates our windows images and now it is taking so long to provision that a scheduled task that strips admin perms from local admins is kicking in before I can auth in to bootstrap. SMH. rpm works though.
18:05 zmalone Good luck basepi!
18:05 Muchoz jfindlay, alright that vagrant stuff has nothing to do with it. But how do I fix the pyenv state?
18:06 basepi thanks zmalone !
18:07 jfindlay basepi: awesome, be sure to ping David M if you want it upstream
18:07 jfindlay beardedeagle:
18:07 beardedeagle I commented here
18:07 beardedeagle https://github.com/saltstack/salt/issues/30658
18:07 saltstackbot [#30658]title: win.exe package for RH 7 | see win.exe package for RH 6 #21256...
18:08 jfindlay Muchoz: are you able to get `sys.state_doc pyenv` to return successfully?
18:08 mapu joined #salt
18:09 Muchoz jfindlay, no: http://hastebin.com/ohoganohep.pas
18:09 wendall9111 joined #salt
18:10 jfindlay Muchoz: I'm not really sure what is going on, but if that is the output from running sys.state_doc, I think your next step would be to take care of those paths
18:10 Muchoz jfindlay, /etc/salt does exist though
18:10 zmalone It sounds like salt isn't running as root either
18:11 zmalone It's complaining about not being able to write to /var/log, which it should be able to do in most environments
18:12 whytewolf zmalone: actually it is complaining about /var/log/salt/master which is the same error if a. it isn't root or b.) /var/log/salt doesn't exist
18:12 whytewolf [always hatted the way that was reported in linux]
18:13 Muchoz zmalone, both directories indeed exist. In my specified minion config I specified user: root. Do I have to do it elsewhere perhaps?
18:14 zmalone Are you starting salt as root though?
18:14 zmalone ps -ef | grep salt-minion
18:15 eykd joined #salt
18:15 snarfy joined #salt
18:15 Muchoz zmalone, where would I tell it to start as root then?
18:16 mechleg joined #salt
18:16 Muchoz The process info doesn't say anything about root
18:16 zmalone What is the first column of your ps output?
18:16 eightyeight what is the way to manage a file on a miniion by appending 2 sources?
18:17 Muchoz zmalone, 501  4503  1492   0  7:15pm ttys000    0:00.00 grep --color=auto --exclude-dir=.bzr --exclude-dir=CVS --exclude-dir=.git --exclude-dir=.hg --exclude-dir=.svn salt-minion
18:17 eightyeight "file.append" works, until i need to update said sources. then i have a doubly-long appended file. :)
18:18 eightyeight as an example: http://ae7.st/p/3ez
18:18 eightyeight "combined_example_com.crt" grows as "star_example_com.crt" and "digicert_sha2_high_assurance.crt" are updated, rather than getting replaced
18:18 eightyeight is there a better way to do this?
18:18 symphorien joined #salt
18:19 jfindlay eightyeight: add more salt
18:19 eightyeight jfindlay: how so?
18:20 eykd eightyeight: Use file.managed for the first file, then file.append the second one, requiring the first.
18:20 jfindlay sorry, I'm not used to being responsible
18:20 symphorien hello ! How can I set the permissions of a file without touching its content ?
18:20 eightyeight eykd: file.managed the combined cert?
18:20 eightyeight eykd: or the star_example_com.crt?
18:20 jfindlay symphorien: file.chown
18:20 jfindlay file.chmod
18:21 jack_ joined #salt
18:21 symphorien is it a state or a module ?
18:21 hightekvagabond joined #salt
18:21 jfindlay symphorien: which do you need?
18:22 eykd eightyeight: Like this: https://dpaste.de/JQQD
18:22 eykd eightyeight: That’s off the top of my head, so I might have the args wrong for file.append
18:22 symphorien I would like a state
18:22 basepi eykd: eightyeight: only problem is that the file will be changed each state run, that process is not stateful
18:23 eykd basepi: Yeah, I can see that would be a problem.
18:23 basepi I would recommend instead putting the two pieces of data in pillar, and then using file.managed and a template to put both pieces into the file
18:23 whytewolf since they are cert info from the looks of it i would recomend they be in pillar anyway
18:24 eightyeight have some docs to point me to, or an example?
18:24 eykd eightyeight: basepi has a better answer, though mine would be simpler. ;)
18:24 jfindlay symphorien: file.managed with the user,group,mode args should do what you need
18:24 jrgochan Hey guys. I'm working on expanding the firewalld state/module to handle "rich rules"
18:24 jrgochan getting this? "expected <block end>, but found '?'"
18:25 basepi eightyeight: let me rustle something up
18:25 eykd eightyeight: if you have, say, nginx watching your cert file to reload, my way it will reload every time, basepi’s way, it will reload only when something changes.
18:25 symphorien jfindlay: I would like to make ssl cert key readable by root only but the x509.private_key_managed doesn't seem to have options for the mode of the file
18:25 eightyeight eykd: which is what i'm looking for, actually
18:25 eightyeight basepi: thx
18:25 jrgochan trying to follow the "ports" attribute, but not sure what I'm doing wrong to get the state to read in rules
18:25 zmalone eesh eightyeight
18:26 zmalone what are the default perms it sets, or is it following the umask?
18:26 eightyeight zmalone: umask(2)
18:26 symphorien jfindlay: does file.managed work without source attribute ?
18:26 cilkay joined #salt
18:27 toanju joined #salt
18:27 eightyeight zmalone: both are public certs though, so meh
18:27 jrgochan haha. nevermind. syntax errors... as always
18:27 basepi eightyeight: https://gist.github.com/basepi/db0d2a08f1cf1fcbcd5b
18:27 zmalone the private key should always be 600, the cert isn't
18:27 zmalone https://docs.saltstack.com/en/latest/security/ should probably be emailed
18:28 cilkay Hello. How can I do the equivalent of salt '*' pkg.del_repo "myrepo definition" in a state file? I tried passing the part contained within the double quotes as a - name: key but I get a KeyError: 'pkg.del_repo'
18:28 eightyeight basepi: ah. interesting. i see.
18:28 eightyeight basepi: i'll roll with that, and let you know. thx!
18:28 Muchoz jfindlay, should I just make an issue on Github regarding the pyenv state?
18:29 jfindlay symphorien: that is unfortunate, I think file.managed *should* work without specifying the `source` or `contents*` for exactly this reason
18:29 basepi eightyeight: :thumbsup:
18:29 borgstrom joined #salt
18:29 whytewolf cilkay: for starts you use pkgrepo.abset
18:29 Muchoz basepi, that Slack user ^
18:29 whytewolf cilkay: https://docs.saltstack.com/en/latest/ref/states/all/salt.states.pkgrepo.html#salt.states.pkgrepo.absent
18:29 whytewolf I think the n key on this keyboard is going
18:30 _JZ_ joined #salt
18:30 basepi Muchoz: they all work on Github as well, but yes, I do love me some slack
18:30 cilkay whytewolf: Duh... I should have known that because I use pkgrepo.managed anyway. Thanks for the reminder.
18:30 numkem joined #salt
18:30 Muchoz basepi, TIL that they work on Github
18:31 basepi I'm not sure if they all do, but the ones I've tried have.
18:31 symphorien so, no way to write a state setting the permissions of a file without managing its content ?
18:32 whytewolf symphorien: if file.manage doens't do it you can just run file.chmod through module.run
18:33 jfindlay Muchoz: the directory issues are unrelated to the pyenv state itself
18:33 jack_ joined #salt
18:33 eykd So, I just recently upgraded from 2014.7 to 2015.8, and I’m confused by the new behavior in the `git.latest` state, namely the new `branch` argument. In our staging environments, we’re accustomed to deploying to a named branch, which the git.latest state obtains off the pillar and plops into the `rev` argument. After the upgrade, we started getting weird git errors in some repos; I’m not sure exactly what’s causing the errors, but it
18:33 eykd to be related to the new behavior where the rev of the working directory changes but local named branch doesn’t change and so it mismatches the remote version of the local branch. Long story short, setting the `branch` argument to git.latest seems to solve the problem, but I’m wondering what’s going to happen if I ever deploy a sha instead of a branch name. Should I be concerned? Or am I Doing It Wrong™? Here’s an example state:
18:33 eykd https://dpaste.de/Ui1C
18:34 llua i am trying to get just the name of modules that a minion supports, my first attempt was parsing salt-call --local -d. is there a better command to get that information?
18:35 whytewolf llua: salt-call sys.list_modules
18:35 whytewolf llua: https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.sysmod.html#salt.modules.sysmod.list_modules
18:36 jrgochan Sorry for all the questions. I'm watching the event bus with "salt-run state.event pretty=True" and I'd like to print some data to it in my firewalld.py file. How would I go about doing that? Or is there a more efficient equivalent?
18:37 whytewolf llua: if you want states there is also sys.list_state_modules
18:38 ffredrikk joined #salt
18:39 Muchoz jfindlay, how do I make it run as a root then? Google searches are in vain atm..
18:40 jfindlay Muchoz: I am unsure as I haven't used vagrant
18:41 impi joined #salt
18:42 llua whytewolf: those are interesting, but gets me less information than what i was expecting. i was kinda hoping a format like ''acl.delfacl''.
18:43 whytewolf okay so you don't want just the modules, you want the full modules.function
18:44 llua yea :3
18:44 whytewolf sys.list_functions
18:45 whytewolf and sys.list_state_functions
18:46 snarfy joined #salt
18:48 cilkay I'm upgrading salt-common and salt-minion on Debian Jessie from 2015.5.3 to 2015.8.5. I notice that it wants to drag in MySQL. Is this really necessary? I already have PostgreSQL on the server so I don't see any reason to install and run yet another db.
18:48 cilkay Never mind. They're suggested packages.
18:49 cilkay I'll ignore the suggestion.
18:50 jhauser joined #salt
18:50 rihannon Can someone provide me with guidance for turning the worker threads?  No matter what I do, I seem to get a message about not having enough.
18:51 rihannon ^tuning
18:52 netcho joined #salt
18:53 symphorien whytewolf, jfindlay: file.managed seems to work without content : thanks !
18:53 jfindlay symphorien: nice
18:54 chanks joined #salt
18:54 cilkay Muchoz: I missed the beginning of the conversation. I'm familiar with running Salt in a VM. What is it you're trying to run as root?
18:55 chanks Hello, I am looking for guidance.  I have disparate programs which generate grains definitions; my plan was to have the grains incrementally defined by placing them into the /etc/salt/minion.d/*.conf.  However, they overwrite each other.  Is there standard way of merging multiple grains definitions?
18:55 perfectsine joined #salt
18:56 mavhq joined #salt
18:57 llua whytewolf: thank you
18:58 Brew joined #salt
18:59 edrocks joined #salt
18:59 bhosmer joined #salt
18:59 ajw0100 joined #salt
19:04 iggy chanks: use the grains modules?
19:04 Tyrm joined #salt
19:05 cyborglone joined #salt
19:06 eykd I put my earlier question up on StackOverflow, in case anyone wants a crack at it there: http://stackoverflow.com/questions/35300038/what-does-the-new-branch-argument-mean-in-git-latest-states-and-how-do-i-use
19:06 DammitJim joined #salt
19:07 chanks iggy: Are you referring to the example writing Python in section "Writing Grains" on https://docs.saltstack.com/en/latest/topics/targeting/grains.html ?
19:08 hoonetorg hi
19:08 iggy !salt modules.grains
19:08 saltstackbot http://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.grains.html
19:09 iggy !salt states.grains
19:09 saltstackbot http://docs.saltstack.com/en/latest/ref/states/all/salt.states.grains.html
19:09 hoonetorg i want to create config files on a minion, copy them to the master and distribute them to other minion
19:10 hoonetorg as technology i thought on https://docs.saltstack.com/en/latest/ref/states/all/salt.states.libvirt.html#salt.states.libvirt.keys
19:10 hoonetorg the libvirt.keys state which uses an libvirt external pillar internally
19:10 chanks iggy: Thanks, "grains.setval" does precisely what I want.
19:11 hoonetorg my problem is that the libvirt keys are stored on the master itself,but that won't work in my case
19:11 numkem joined #salt
19:12 hoonetorg because i cannot run the commands for creating the files on the master, they must be run on a management node
19:12 hoonetorg any hints how to achieve that???
19:12 kermit joined #salt
19:13 mavhq joined #salt
19:13 jack_ joined #salt
19:16 hoonetorg so the the idea is to create a state like this: config1:  create_config:    - managenode: nodeman
19:16 hoonetorg very short
19:16 hoonetorg i actually quite don't care if the config is saved on the master or on the management node
19:17 hoonetorg iggy: any ideas ^^^
19:17 forrest joined #salt
19:18 hoonetorg or are there any existing states, which do the same??
19:19 ageorgop joined #salt
19:20 orionx joined #salt
19:22 baweaver joined #salt
19:22 spiette joined #salt
19:23 iggy Sounds like something you'd use salt mine for, but I'm not entirely sure what you're up to
19:25 tehsu if running salt -L against 30 servers, does it run in parallel?
19:26 hoonetorg is mine also secure for confidental data?
19:26 zmalone the master isn't running in parallel, but the minions all consume from their queue and run at the same time, so their runs are parallel
19:27 hoonetorg like keys?
19:27 AndreasLutro no hoonetorg, mine data is shared among all minions
19:27 keimlink joined #salt
19:28 hoonetorg ah that's why i want to do something like libvirt,keys
19:28 hoonetorg the thing is i want to distribute ceph keyrings with that
19:28 joshin joined #salt
19:29 AndreasLutro we either place private keys in provisioning files (cloud-init), or put them in s3 which only specific instances have access to
19:29 hoonetorg when initially creating ceph mon's the ceph internal method "auth-get-or-create" is not working, because no ceph daemon is running
19:29 AndreasLutro I can't find a good way to safely store binary files in salt
19:30 hoonetorg they are actually text format
19:30 hoonetorg no problems to save
19:30 hoonetorg as a pillar
19:30 snarfy joined #salt
19:30 AndreasLutro aha, that's what I'd do then
19:31 jfindlay AndreasLutro: support was recently added to pillar for binary files
19:31 hoonetorg jfindlay: yes that works
19:31 hoonetorg i save luks keys in it
19:32 hoonetorg so my current strategy is: orchestration
19:32 gnalsa joined #salt
19:32 jfindlay https://github.com/saltstack/salt/pull/30268
19:32 saltstackbot [#30268]title: Optimize file_tree ext_pillar and update file.managed to allow for binary contents | The contents/contents_pillar/contents_grains options assume that the contents...
19:32 AndreasLutro jfindlay: we'd need gitfs support for file_tree if we were to use that, unfortunately
19:34 orionx i'm reading this https://github.com/saltstack/salt/pull/30268, but it's not clear to me how to store binary data in pillar.  any pointers?
19:34 saltstackbot [#30268]title: Optimize file_tree ext_pillar and update file.managed to allow for binary contents | The contents/contents_pillar/contents_grains options assume that the contents...
19:34 hoonetorg step 1: create keys on management node, step 2 copy over to master (cp.push) step 3 cp.get on the other ceph nodes
19:34 gnalsa Hello, I am running a state.sls from master to minion. Is there a way to see which portion of the state is being applied to the minion? I have the log_level set to debug on the minion and pass the -t debug flag to master. The only thing I see are 'checking whether jid <num> is still running'
19:35 hoonetorg but everybody can cp.get these keys -> not very secure
19:35 AndreasLutro orionx: https://docs.saltstack.com/en/latest/ref/pillar/all/salt.pillar.file_tree.html#module-salt.pillar.file_tree
19:36 orionx AndreasLutro: ah, that helps.  ty.  i was hoping to be able to combine this with salt mine, but i see it relies on the filesystem
19:36 hoonetorg gnalsa: state still running and probably it times out, try increasing timeout (-t 1800 f.e.)
19:37 hoonetorg gnalsa: i assume you mean "-l debug"
19:37 gnalsa yes -l debug
19:37 gnalsa The state is still running
19:37 gnalsa I am trying to get details while its running
19:38 hoonetorg gnalsa: so you think the state is stalled and will never return
19:39 gnalsa It eventually returns, it is just taking awhile - so I am trying to understand which part of the state is taking long to complete
19:39 hoonetorg gnalsa: run the state on the minion with "salt-call -l debug --timeout 3600" you get much more debugging output
19:39 hoonetorg as on the master
19:40 gnalsa thanks I will try salt-call
19:40 hoonetorg AndreasLutro: any hints how to get the output of a command on a minion into a pillar at runtime?
19:41 bhosmer_ joined #salt
19:41 hoonetorg my idea is to do something similar like libvirt,keys - state (as i mentioned above)
19:41 teryx510 joined #salt
19:41 AndreasLutro erm, no
19:41 hoonetorg AndreasLutro: thx anyway (;
19:43 XenophonF hoonetorg: iirc pillars get rendered on the master, then the data gets sent to the minion
19:43 XenophonF hoonetorg: a custom grain might do exactly what you want
19:43 XenophonF hoonetorg: in that it would run on the minion and put the data somewhere accessible
19:44 hoonetorg XenophonF: sounds good
19:44 hoonetorg can you lead me with an example
19:44 ajw0100 joined #salt
19:45 XenophonF hoonetorg: https://docs.saltstack.com/en/latest/topics/targeting/grains.html#writing-grains
19:45 XenophonF hoonetorg: https://github.com/irtnog/active-directory-formula/blob/master/_grains/windows_installation_type.py
19:46 jack_ joined #salt
19:46 XenophonF hoonetorg: second one is a custom grain i wrote for windows servers
19:47 hoonetorg XenophonF: thx, the thing is the data for the grains are created on a management minion and exactly this data must be accesible on a few other minions and the data are sensitive
19:47 ruxu joined #salt
19:47 hoonetorg so the grains are actually only accessible on the node where they were created?
19:47 hoonetorg or am I wrong?
19:47 shoemonkey joined #salt
19:49 XenophonF hoonetorg: if you need data from one minion to be accessible from other minions, check out salt mine
19:49 XenophonF hoonetorg: https://docs.saltstack.com/en/latest/topics/mine/
19:50 hoonetorg a few lines above AndreasLutro said: not secure -> accessible on all minions
19:51 XenophonF hoonetorg: sorry, i missed that. AndreasLutro is correct.
19:51 XenophonF hoonetorg: so you want a minion to advertise some bit of data about itself
19:51 XenophonF hoonetorg: but you only want selected minions to receive the advertisement
19:51 XenophonF hmm
19:51 XenophonF i dunno
19:54 kellyp joined #salt
19:55 hoonetorg XenophonF: i still like the idea https://github.com/saltstack/salt/blob/2015.8/salt/states/libvirt.py
19:55 XenophonF hoonetorg: my approach is to explicitly assign stuff like that to my minions
19:56 hoonetorg libvirt,keys
19:56 XenophonF gotcha
19:57 hoonetorg this state uses this pillar to store data https://github.com/saltstack/salt/blob/2015.8/salt/pillar/libvirt.py
19:57 tracphil joined #salt
19:57 whytewolf have the master be a minion, use libvirt.keys to generate a keys file in a pillar_trees area. then saltutil.pillar_refresh everything?
19:58 hoonetorg whytewolf: don't want to make my salt master vm a ceph monitoring node
19:58 hoonetorg mmh but wait
19:58 whytewolf didn't say you had to. you are just generating the keys on it
19:59 hoonetorg probably i only install all ceph stuff on that node just enough to create keys, ....
19:59 whytewolf humm, maybe the publish state
20:00 hoonetorg uh oh publish state? a link (again a new word, haha)
20:01 whytewolf https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.publish.html#salt.modules.publish.publish
20:01 snicers-work joined #salt
20:01 hoonetorg a module - got it
20:01 hoonetorg let me have a look whytewolf
20:02 armyriad joined #salt
20:02 whytewolf huh, it is a module. for some reason i thought there was a state version of it
20:04 mavhq joined #salt
20:05 viq joined #salt
20:06 hoonetorg whytewolf: i don't get what it really does
20:07 ruxu joined #salt
20:08 whytewolf it is odd. basicly it allows minions to run commands on other minions
20:08 ssplatt so if i make a new module. i place it in /srv/salt/_modules (where /srv/salt is defined as a file_roots in my master config). then i state.highstate or saltutil.sync_all.  then i restart the minions. and i should see it listed in salt \* sys.list_modules ?
20:08 whytewolf ssplatt: shouldn't need to restart the minion
20:08 whytewolf as long as the module doens't complatly fail yes
20:08 [afk]quinn-atl03 Why am i suddenly getting [ERROR   ] The Salt Master has cached the public key for this node, this salt minion will wait for 10 seconds before attempting to re-authenticate  Minion failed to authenticate with the master, has the minion key been accepted?
20:08 ssplatt hmm ok, i still don’t see it listed.
20:09 ssplatt would it be in the minion log if it didn’t load?
20:09 whytewolf if you have properly used logging, yes
20:10 kevinquinnyo the key is added, i've never had this problem before with a minion -- i've tried restarting the minion, the master, salt-key -d, salt-key -a
20:10 hoonetorg whytewolf: i must try in testenv
20:11 whytewolf hoonetorg: be careful. there is reasons it is disabled by default
20:11 AndreasLutro kevinquinnyo: what do the master/minion logs say
20:11 kevinquinnyo AndreasLutro: The minion is saying [ERROR   ][3046] The Salt Master has cached the public key for this node, this salt minion will wait for 10 seconds before attempting to re-authenticate
20:12 abednarik joined #salt
20:12 kevinquinnyo i guess i need to delete a cached public key on the master?  I don't know why it would have changed
20:12 Bryson joined #salt
20:12 AndreasLutro run salt-key -F name-of-minion
20:12 tweakism when you install salt on debian via the saltstack repo, does it install all python package dependencies via deb packages?
20:13 AndreasLutro yes tweakism, but there are some optional dependencies you may want/need to install via pip
20:13 tweakism can you install those to like, a salt-specific virtualenv?
20:14 tweakism That's what I'm trying to do; I have a custom salt module that requires a non-standard python module not packaged for debian, and I'm unwilling to install it globally via pip (because that's really dirty)
20:14 AndreasLutro probably
20:15 whytewolf tweakism: if you are using the salt repo it is deb based install. if you want it in a virtualenv you might need to follow this https://docs.saltstack.com/en/latest/topics/development/hacking.html
20:16 numkem joined #salt
20:16 whytewolf which is a pip install
20:16 ssplatt whytewolf: when i do syncall i see “modules.test.test"
20:16 jack_ joined #salt
20:16 whytewolf test.test?
20:16 hoonetorg whytewolf: when searcing for publish examples, i found this: https://github.com/saltstack/salt/issues/16510
20:16 saltstackbot [#16510]title: publish.publish completely unreliable in 2014.7 branch | My version info:...
20:17 hoonetorg seems to be unreliable
20:17 hoonetorg still open
20:17 whytewolf ssplatt: submodules like that don't really work.
20:17 ssplatt but sys.list_modules doesn’t show it
20:17 ssplatt oh so i don’t do _modules/mymodule/mymodule.py
20:18 whytewolf no
20:18 cwygoda joined #salt
20:18 whytewolf it should be _modules/mymodule.py
20:18 evaryont joined #salt
20:18 ssplatt ah..
20:19 whytewolf hoonetorg: well that sucks. was the only idea i could think of to try getting around your problem
20:19 tweakism hrm, well I guess this looks like it would work.  I'm surprised there's not a config option that lets you setup a virtualenv that uses --site-packages, so that it uses all the deb python modules + whatever you install to the virtualenv
20:19 evaryont Hi #salt! Has anyone set up multiple sychronized saltmasters? Not sure what to use to keep them in sync..
20:19 hoonetorg whytewolf: i can try if it works for the commands i need
20:20 garphy joined #salt
20:20 ssplatt hmm still not seeing it listed in list_modules....
20:21 ssplatt oh ok now i see the log errors...
20:21 BhavyaM joined #salt
20:23 whytewolf evaryont: couple of sygestions. rsync or shared nfs directory
20:25 hoonetorg whytewolf: cmd.run "cat /somefile" works
20:25 hoonetorg with publish.publish
20:25 hoonetorg 2015.8.5
20:25 whytewolf hoonetorg: kewl
20:26 hoonetorg i will look up the source code of the module
20:26 hoonetorg if it's not too difficult i will reuse it for my own module or state
20:28 jack_ joined #salt
20:28 GreatSnoopy joined #salt
20:29 symphorien left #salt
20:29 hasues joined #salt
20:30 mavhq joined #salt
20:32 snarfy joined #salt
20:32 ssplatt __salt__ not defined.  i thought i didn’t have ot do antyhign special to get __salt__ in my module.
20:34 kevinquinnyo ok i can't figure this out.  when i run salt-call on a module i'm working on (which could very well be buggy) i'm getting a weird error with nothing in the logs
20:34 kevinquinnyo # salt-call dns2.devops.my-tss.com geodns.get_zone name=example.com
20:34 kevinquinnyo [ERROR   ] The Salt Master has cached the public key for this node, this salt minion will wait for 10 seconds before attempting to re-authenticate
20:34 kevinquinnyo Minion failed to authenticate with the master, has the minion key been accepted?
20:35 kevinquinnyo but i can run states on this same minion just fine
20:35 InsaneGeek joined #salt
20:35 joe_n joined #salt
20:35 kevinquinnyo i am running both the minion and the master in debug mode and nothing appears when i run that salt-call but the error shows up on the command line
20:35 kevinquinnyo what can i do to track this down
20:37 akhter joined #salt
20:38 krymzon joined #salt
20:38 shoemonkey joined #salt
20:38 TooLmaN joined #salt
20:39 rem5 joined #salt
20:40 jack_ joined #salt
20:41 AndreasLutro er, you don't include the minion name in salt-call
20:41 AndreasLutro are you running salt-call on the master or the minion?
20:41 kevinquinnyo AndreasLutro: Ohhhhh
20:42 kevinquinnyo right
20:42 * kevinquinnyo hides
20:43 kevinquinnyo i was running it on the master, i meant to use salt, not salt-call...
20:43 kevinquinnyo i'm trying to test my module before i start building an execution module that utilizes it
20:43 kevinquinnyo working now
20:43 kevinquinnyo thanks
20:43 kevinquinnyo err a state module that utilizes it rather
20:43 kevinquinnyo i get the terminology mixed up, clearly
20:45 kellyp joined #salt
20:45 evaryont whytewolf: Do you have an example on how to set up rsync?
20:46 whytewolf evaryont: not really.
20:47 tweakism evaryont: it's pretty easy and worth learning, because it comes in handy all the time
20:47 ajw0100 joined #salt
20:48 teryx510 joined #salt
20:48 evaryont well, I know how to set up rsync, but I'm not certain how to apply it to synchronizing 2 salt masters.
20:49 tweakism ah, fair enough
20:49 devopsprosiva joined #salt
20:49 whytewolf which was the part i was saying i didn't have an example of. :P
20:50 evaryont figures :P
20:50 devopsprosiva Can I use environ.setenv to set environment variables for a user?
20:50 whytewolf evaryont: take a look at https://docs.saltstack.com/en/latest/topics/tutorials/multimaster.html#sharing-files-between-masters
20:50 tweakism I don't think so.  You'll want to add something to e.g. /etc/profile instead
20:50 whytewolf although i don't think that covers it
20:51 evaryont it does not :(
20:51 whytewolf there some stuff in /var/cache/salt/master but I don't remeber what is safe and what isn't
20:53 evaryont it seems like I only need to sync the PKI stuff, and the states/pillars (which is already being deployed via salt)
20:54 whytewolf evaryont: depends on if you want things like mine to work
20:54 baweaver joined #salt
20:55 ssplatt according to https://docs.saltstack.com/en/latest/ref/modules/#cross-calling-execution-modules it doesn’t look like i need to do anything special to get __salt__ in my module.  am i missing something? i keep getting NameError: global name '__salt__' is not defined
20:55 garphy joined #salt
20:55 whytewolf ssplatt: with out the code we can only guess
20:56 ssplatt the code right now is literally just import logging and then config = __salt__[‘pillar.get’](‘mymodule’)
20:56 baweaver joined #salt
20:57 jack_ joined #salt
20:57 hoonetorg whytewolf; another idea: use cp.push on the management minion(file_recv: True in master conf, but not file_roots: -minion) with upload_path=/srv/pillar/ceph/keys/)
20:58 hoonetorg and then create a jinja file which reads this file in the pillar tree
20:58 whytewolf hoonetorg: maybe
20:58 devopsprosiva tweakism: Thanks. What if I want to set env vars in a state file?
20:58 hoonetorg should be safe too
20:59 tweakism devopsprosiva: set them so they'll be set later for a user?  you'll need to set them in shell config files.
20:59 hoonetorg because minion could not read from the path /srv/pillar ...
21:00 whytewolf ssplatt: __salt__ is packed in After the module is loaded. which i believe means that __salt__ has to be inside of functions. not at the root of the module.
21:00 ssplatt hmm ok.
21:00 hoonetorg whytewolf: i try and i will report
21:00 hoonetorg thx
21:01 impi joined #salt
21:01 whytewolf been awhile since i have writen any salt modules
21:03 beardedeagle query: winrm is configured for http and port 5985 be default, by do we define the port as 5986 instead?
21:04 beardedeagle why*, even
21:04 evaryont beardedeagle: linux user primarialy, but I think it's because 5986 is the default HTTPS port for WinRM?
21:04 orionx is there any way to configure salt so that 'include' directive is not fatal if two include statements reference the same state?
21:04 beardedeagle yes it is
21:05 beardedeagle but you don't have to use a https and https requires additional configuration, I would think it should default to http/5985 and could be passed 5986 + additional config in user_data instead. idk, my 2 cents.
21:06 devopsprosiva tweakism: I'm converting a shell script to state files. The scrip has some export commands to set variables to be used in the script
21:06 devopsprosiva The script runs as root
21:07 tweakism it probably makes sense to translate them to pillar data, jinja variables, etc.
21:09 tweakism the only way it wouldn't would be if the commands your script runs looks for them, and you still use those commands from your new state file
21:10 joe_n joined #salt
21:12 jack__ joined #salt
21:12 devopsprosiva ok
21:12 devopsprosiva let me try with pillar and see
21:12 devopsprosiva thanks
21:15 hoonetorg whytewolf: doesn't work to copy files from the minion elsewhere on the master, thank god - would be a security risk
21:15 hoonetorg copies files to cachedir of minion (subpath can be changed)
21:18 shaggy_surfer joined #salt
21:19 baweaver joined #salt
21:19 Crazy67 joined #salt
21:19 shaggy_surfer Having trouble with salt-cloud 2015.8.5, I cannot rename as an action anymore, I am getting an error:
21:19 shaggy_surfer https://gist.github.com/mf-collinhayden/e36c2bf37bae73901630
21:24 terratoma joined #salt
21:27 jack__ joined #salt
21:27 shaggy_surfer anyone else use salt-cloud and having issues w/ renaming?
21:28 snarfy joined #salt
21:29 Crazy67 joined #salt
21:29 jfindlay shaggy_surfer: what is the debug log for that?
21:29 cwygoda joined #salt
21:29 bhosmer_ joined #salt
21:29 jrgochan any idea why i couldn't call an iteritems on a pillar data set?
21:29 jrgochan Rendering SLS 'base:firewalld' failed: Jinja variable 'list object' has no attribute 'iteritems'
21:31 jfindlay jrgochan: your data is a list instead of a dictionary
21:31 jfindlay you either need to restructure it as a dictionary or use `{% for item in my_list %}`
21:32 shaggy_surfer Hi jfindlay, it's here:
21:32 shaggy_surfer https://gist.github.com/mf-collinhayden/b55e58a5fe6b7bce44bc
21:33 jfindlay shaggy_surfer: I would post the command and python traceback into a new github issue
21:33 hasues joined #salt
21:33 jrgochan Hrm. Thanks guys. Not quite sure how to change it up
21:33 jfindlay jrgochan: what does your data look like?
21:33 jfindlay are you writing it out in yaml?
21:33 jrgochan yaml
21:34 jrgochan networks:
21:34 jrgochan - entry:
21:34 jrgochan - ip: ipgoeshere
21:34 jrgochan trying to iterate through all the [ip] values
21:34 jrgochan for entry in pillar.get('networks', {}).iteritems() isn't happy
21:34 jfindlay so there is more than one address in ipgoeshere?
21:35 jrgochan nah, just one
21:35 jrgochan may not be the best data structure either. I've got 50-60 ips I want to store so salt can have access to them
21:35 jrgochan with netmasks and port rules and the like
21:36 jfindlay jrgochan: `{% pillar.get('networks.entry.ip') %}`?
21:36 shaggy_surfer jfindlay:  will do
21:37 tweakism is there an easy way to have a pillar setup where you have somedir/{minion_id_a,minion_id_b, etc...} files, that contain yaml or json, that gets parsed into pillar data?  Not quite file_tree, but maybe there's a syntax I can put in a normal top.sls pillar file to get this behavior?
21:38 jfindlay or `{% pillar['networks']['entry']['ip'] %}`, I'm not exactly sure of the syntax, but I think there is a dotted shorthand somehow
21:38 jrgochan {% for entry in pillar.get('networks.entry.ip') %}    <======================
21:38 jrgochan - rule family="ipv4" source address="{{entry}}"
21:38 jrgochan {% endfor %}
21:38 jrgochan cool. I'll play around with those suggestions
21:41 jfindlay jrgochan: colon separated values should scope into nested dictionaries: https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.pillar.html#salt.modules.pillar.get
21:42 akhter joined #salt
21:42 jack__ joined #salt
21:43 shaggy_surfer jfindlay:  opened issue, thanks for the help.  Can be found here:  https://github.com/saltstack/salt/issues/31059
21:43 saltstackbot [#31059]title: salt-cloud rename fails in 2015.8.5 | Hi guys,...
21:44 keimlink joined #salt
21:44 jfindlay thanks, saltstackbot
21:44 jfindlay shaggy_surfer:
21:45 mavhq joined #salt
21:48 cilkay I managed to upgrade the salt-minion and salt-common packages using Salt. I'm now trying to use the mssql module but I'm getting an error "connect() got an unexpected keyword argument 'server'". I've put my configuration here: https://gist.github.com/cilkay/1d078514eb62ca49ee78 What am I missing?
21:52 jfindlay cilkay: what version?
21:52 mavhq joined #salt
21:53 cilkay 2015.8.5 - the version I was running, 2015.5.13, didn't have the mssql module.
21:54 cilkay What I really need is something like the postgres_database state for mssql.
21:54 mavhq joined #salt
21:55 hal58th cilkay: Why are you not quoting your data?
21:55 cilkay You mean in the pillar?
21:56 hal58th yes cilkay, just going off this doc. https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.mssql.html#module-salt.modules.mssql
21:56 jrgochan got the JINJA YAML thing working. Thanks jfindlay
21:57 jfindlay jrgochan: nice
21:57 mavhq joined #salt
21:57 jrgochan also, I'm writing up a state/module to add rich_rule functionality to the firewalld module
21:57 cilkay hal58th: It's quoted in the pillar. I neglected to quote the example in the gist.
21:58 jrgochan it's certainly a hack, but should I send it your way when it's done?
21:58 rem5 joined #salt
22:01 KennethWilke joined #salt
22:01 jfindlay jrgochan: are you thinking of https://github.com/saltstack-formulas/firewalld-formula?
22:03 shoemonkey joined #salt
22:03 jrgochan hrm
22:03 RandyT cilkay: struggled with this module recently. at the time, found that the pillar keys needed to be top level if that makes sense
22:03 jrgochan guess I should have learned more about firewalld
22:03 jrgochan first
22:04 jrgochan well hey, at least I know how to play with modules now....
22:04 RandyT cilkay: other option to debug this would be to pass the values on the commandline
22:04 jrgochan anyone know of a handy tool to convert iptables dumps into firewalld config files?
22:05 cilkay RandyT: OK, will try that. I'm not sure that even if I get this working, I'll be able to create triggers on a remote SQL Server from Linux. There has to be the equivalent of psql for PostgreSQL for this to work, I presume.
22:05 totzky joined #salt
22:06 RandyT cilkay: I've done it and am doing it. Ultimately, I gave up on the mssql module and am just handling all mssql interaction with powershell.
22:06 RandyT there were to many dependencies that needed to get resolved to use mssql module that it really came down to a very small number of things I could do with it.
22:06 cilkay How are you invoking Powershell from Linux?
22:07 RandyT cmd.run
22:07 RandyT - shell: powershell
22:07 beardedeagle salt -G 'os:windows' cmd.run 'powershell.exe get-process'
22:07 beardedeagle example ^
22:07 beardedeagle for one liners
22:07 RandyT cilkay: perhaps I am misunderstanding your question.. but the master is executing the powershell on the windows minions
22:08 cilkay That presumes the salt minion is installed on the Windows box hosting SQL Server. I don't have that kind of control over those servers.
22:08 cilkay They're customer servers and their sysadmins are quite protective of their machines.
22:08 RandyT cilkay: fwiw, I am also executing about a 50 line powershell script on windows minions via cmd.script:
22:08 beardedeagle call it directly form winrm?
22:09 cilkay I have zero control over those Windows servers.
22:09 onlyanegg joined #salt
22:09 beardedeagle from*, even
22:09 RandyT cilkay: yeah, that would be a bigger challenge. :-)
22:10 beardedeagle so if you have no control over the windows servers and cannot know if salt is installed, I would ask if winrm is enabled and how they have it configured if it is. pretty easy to take it from there.
22:10 snarfy^ joined #salt
22:10 ronrib joined #salt
22:10 cilkay Might be able to do something via ODBC. I had set up ODBC on Linux and I had gotten a shell at one time.
22:10 RandyT question for the group... I am trying to come up with a way to execute keytool to install ssl certs in jetty and would like to pass the cert key into keytool stdin from a pillar key value.
22:10 RandyT Any suggestions as to how that could be done?
22:11 brianfeister joined #salt
22:12 beardedeagle cannot wait till ssh is standard on windows server
22:12 cilkay I have to deal with SSL certs soon as well. I was thinking of using file.managed.
22:12 RandyT file.managed will work just fine on anything that puts the cert/key on disk.
22:13 RandyT Java world wants to put the key and cert in keystore
22:13 RandyT I'd like to do it without first putting the file on disk to cat to keytool
22:13 cilkay Is there no way to import something from the filesystem into that keystore?
22:13 RandyT I'm not aware if I can 'cat {{ pillarvalue }} | keytool ' in a cmd.run...
22:14 RandyT cilkay: yes, absolutely could put the key on disk and then run keytool on that file. Trying to do it without writing a file.
22:14 jfindlay RandyT: you should be able to do that in a state
22:14 jfindlay cmd.run state
22:15 RandyT keytool will read from stdin, but my brain got a bit soft when I started to try to figure out if I could cat that value from pillar.
22:15 tracphil joined #salt
22:15 RandyT @jfindlay: ok, will trudge ahead then...
22:15 jfindlay or even better, if it reads from stdin, I would suggest setting `stdin: {{ key-data }}`
22:15 jfindlay in a cmd.run state
22:15 Taz joined #salt
22:16 RandyT ah... I knew there had to be some tricks... nice. will give that a go
22:16 jfindlay `stdin: {{ pillarvalue }}`
22:16 RandyT cmd.run and cmd.script amazingly powerful tools
22:16 symphorien joined #salt
22:16 jfindlay yeah
22:16 Taz hey there, anyone managed to generate and use user ssh keys in salt?
22:16 jfindlay although you have to take care to make it idempotent
22:17 symphorien has anyone managed to use the remote ssl certificate signing feature of x509.certificate_managed ?
22:17 lorengordon jfindlay: might be a documentation issue, as `stdin` isn't listed as an argument for the cmd.run state...
22:17 lorengordon https://docs.saltstack.com/en/latest/ref/states/all/salt.states.cmd.html#salt.states.cmd.run
22:17 jack__ joined #salt
22:18 RandyT @jfindlay: thanks for that warning.. had to do that a few other places. would be nice to have a semaphore like function in zeromq or something that would allow setting these states.
22:18 jfindlay lorengordon: that's unfortunate
22:19 lorengordon it is listed in the doc for the execution module: https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.cmdmod.html
22:19 lorengordon link to the anchor: https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.cmdmod.html#salt.modules.cmdmod.run
22:25 mavhq joined #salt
22:26 mechleg Hi everyone, I was hoping someone could help me with a stacktrace i am getting on a salt minion regarding dmidecode on centos 6.  it seems to only happen on a minion when i run state.orchestrate from the master:  https://gist.github.com/mechleg/6d5b1dcedae105109660
22:27 mechleg It looks like it cannot find dmidecode, yet I can see that the function salt.utils.which_bin(['dmidecode', 'smbios']) (from salt/modules/smbios.py line 33) does find it properly.  the stacktrace goes away if i uninstall dmidecode on the minion.  i could possibly live without dmidecode, but was trying to figure this one out and got stumped so reaching out
22:27 mavhq joined #salt
22:28 joe_n joined #salt
22:29 krymzon joined #salt
22:31 orion joined #salt
22:31 orion Hi. In this line of jinja code excerpted from a JSON-formatted config file, how come 'all' is never included in the list?: "subscriptions": {{ salt.pillar.get('sensu:subscriptions', default=['all'], merge=True)|json }}
22:31 rem5 joined #salt
22:34 AndreasLutro orion: probably because lists aren't merged by default, only dicts
22:34 orion How can I merge lists?
22:34 AndreasLutro just use +
22:35 whytewolf orion: in your example the all isn't included because it is a default setting which means it is what is returned if the pillar asked for doesn't exist
22:37 whytewolf oh huh. never mined
22:37 whytewolf just read that default should be recursivly merged into returned pillar.
22:39 whytewolf orion: it is possable you are trying to merge a list into a dict
22:40 mavhq joined #salt
22:40 geomacy joined #salt
22:43 mavhq joined #salt
22:43 zenlot1 joined #salt
22:43 jack__ joined #salt
22:46 antix_ joined #salt
22:46 sinonick joined #salt
22:48 pcdummy joined #salt
22:48 pcdummy joined #salt
22:48 onlyanegg joined #salt
22:49 orion Changing the line to this accomplished my goal: "subscriptions": {{ (salt.pillar.get('sensu:subscriptions') + ['all'])|json }}
22:50 zmalone Does the example for gpg.create_key (https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.gpg.html) work for anyone here?
22:50 Taz joined #salt
22:51 Taz are there any tools for formula testing?
22:51 nyx__ joined #salt
22:51 hasues left #salt
22:53 totzky joined #salt
22:56 zmalone even adding a "user=" breaks for me
22:56 orion left #salt
23:00 brianfeister joined #salt
23:07 cpowell joined #salt
23:10 onlyanegg joined #salt
23:11 symphorien I've tried to reproduce word for word the example conf of https://docs.saltstack.com/en/latest/ref/states/all/salt.states.x509.html#module-salt.states.x509 but I get an error : http://xelpaste.net/q2LRhn
23:11 garphy joined #salt
23:11 symphorien the sole difference with the example is that there is only one minion : "test"
23:12 mavhq joined #salt
23:12 symphorien this is a fresh install of debian jessie with salt 2015.8.5 (Beryllium)
23:12 symphorien any idea ?
23:13 snarfy joined #salt
23:14 mavhq joined #salt
23:15 snarfy^ joined #salt
23:15 Brew joined #salt
23:16 mavhq joined #salt
23:16 symphorien sorry, I didn't copy/paste correctly : http://xelpaste.net/ev6dTR
23:16 onlyanegg joined #salt
23:18 bhosmer_ joined #salt
23:20 djgerm so, I am attempting to use the gitlab module, and I am getting " Specified SLS postgresql in saltenv base is not available" … I don't get it. aren't formula's supposed to Just Work®?
23:22 Taz symphorien: maybe try test.example.com for the cn?
23:22 Taz never mind i can't read
23:22 whytewolf symphorien: ca_server is not CN. read up on ca_server here https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.x509.html#salt.modules.x509.create_certificate
23:22 Taz where do you declare the ca?
23:22 Taz yea that might be it
23:23 shoemonkey joined #salt
23:23 symphorien whytewolf: I don't understand
23:23 symphorien what should I put as ca_server, then ?
23:24 RandyT @jfindlay: lorengordon appears that stdin is not available in the cmd state from looking at the source code.
23:24 whytewolf ca_server should be a configured signing policy
23:25 symphorien the policy ?
23:25 symphorien the name is somewhat misleading
23:25 Taz yea
23:26 Taz how do you link a cert with its ca?
23:26 Taz in the example they use ca_server: ca but i don't see any other resource tagged as ca
23:26 jfindlay RandyT: did you also try it?  From my reading, it should pass through to the cmd.run_all exec module function in kwargs
23:27 whytewolf there are 2 examples
23:27 whytewolf one with ca_server the other without
23:27 symphorien with ca_server:ca I get KeyError: ca
23:27 RandyT @jfindlay: I have not. Will give it a try then.
23:29 whytewolf look at the example here https://docs.saltstack.com/en/latest/ref/states/all/salt.states.x509.html at the top. ALL of that at the top is 1 example
23:29 symphorien yes.
23:29 symphorien that is what I copied
23:29 symphorien In my link I didn't paste it all.
23:29 Pie_Mage joined #salt
23:29 symphorien I removed cert.sls
23:30 jfindlay RandyT: also, `echo {{ pillarvalue }} | keytool` should also work fine
23:30 symphorien and that's all.
23:30 krymzon joined #salt
23:31 whytewolf so you removed the pem_managed that sets up ca?
23:33 symphorien that makes the ca trusted by the system by copying into /usr/share/ca-certifictes
23:33 symphorien the ca is in /etc/pki
23:34 whytewolf okay. what is the name of the file in /etc/pki that has the ca?
23:35 symphorien /etc/pki/ca.{key,crt}
23:35 whytewolf humm, odd then ca should be the ca_server name
23:36 cilkay joined #salt
23:36 symphorien when I add cert.sls, there is a jinja rendering error because of the mining stuff.
23:37 whytewolf this is the lines you are failing on https://github.com/saltstack/salt/blob/develop/salt/modules/x509.py#L1092-L1094
23:37 jrgochan anyone have any thoughts on this error? salt-minion[5796]: [ERROR   ] Exception raised when processing __virtual__ function for nova. Module will not be loaded global name 'novaclient' is not defined
23:38 symphorien whytewolf: yes. I have had the same problem on a more complex setup ; I fugured out that the dictionnary returned by publish.publish was empty
23:38 onlyanegg joined #salt
23:39 mavhq joined #salt
23:39 symphorien I tried to reproduce on a fresh install and with no other state/piller interfering
23:39 whytewolf long shot but is publish still disabled on your master and minions?
23:39 whytewolf [it is off by default]
23:39 symphorien the peer.sls file ?
23:39 whytewolf no the publish module
23:40 whytewolf Publications need to be enabled on the Salt master and the minion needs to have permission to publish the command. The Salt master will also prevent a recursive publication loop, this means that a minion cannot command another minion to command another minion as that would create an infinite command loop.
23:40 symphorien how do I enable it ?
23:40 jack__ joined #salt
23:41 symphorien isn't it what the peer.sls file in the example does ?
23:41 symphorien in /etc/salt/master.d/ ?
23:41 whytewolf symphorien: https://docs.saltstack.com/en/latest/ref/configuration/master.html#peer-publish-settings
23:41 whytewolf peer.conf
23:43 lompik joined #salt
23:43 whytewolf huh didn't notice that but technically yes that is what is supposed to do it. but i think the master looks for *.conf files in master.d not *.sls
23:43 whytewolf I could be wrong about that. though
23:44 symphorien that was actually part of the problem
23:45 symphorien I did : mv /etc/salt/master.d/peer.sls /etc/salt/master.d/peer.conf
23:45 symphorien restarted master and minion
23:45 symphorien now I get : TypeError: 'NoneType' object has no attribute '__getitem__'
23:45 symphorien at the same line
23:45 symphorien so the publish function returns None
23:46 whytewolf so, a little progress as been made.
23:46 symphorien yes :)
23:46 whytewolf tgt=ca_server so i guess the target needs to be what ever the ca_server is
23:47 symphorien note that in the doc, the name of the file is peer.sls
23:47 whytewolf yeah i would say file a bug report about that
23:48 symphorien I had understood that ca_server was the id of the minion detaining the ca key
23:48 PeterO_ joined #salt
23:48 whytewolf symphorien: that is correct looking at the code. it should be the minion id
23:49 shoemonkey joined #salt
23:49 whytewolf [or really any tgt string that works for a blob targeting]
23:50 cilkay joined #salt
23:50 jack__ joined #salt
23:51 symphorien so with ca_server: test it works
23:51 symphorien thanks a lot !
23:51 Pie_Mage joined #salt
23:51 symphorien that was just because of the wrong extension
23:51 symphorien I'll file a bug report
23:55 kusams joined #salt
23:55 cpowell joined #salt
23:57 mephx joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary