Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2016-03-24

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:00 mowntan joined #salt
00:00 N-Mi joined #salt
00:00 mowntan joined #salt
00:00 nZac joined #salt
00:01 jaybocc2 joined #salt
00:02 flowstate joined #salt
00:13 jfelchner joined #salt
00:14 akhter joined #salt
00:16 edrocks_ joined #salt
00:20 akhter joined #salt
00:21 lungaro Is there a way to control the interval at which the minion tries to apply changes?
00:21 hemebond1 lungaro: The minion does nothing unless you tell it to.
00:21 hemebond1 I have a one in my name...
00:21 lungaro So I would need to use the schedule module to run highstate? say every 30 min?
00:21 hemebond1 left #salt
00:22 hemebond1 joined #salt
00:22 zmalone1 joined #salt
00:22 kliquori joined #salt
00:26 mosu_ joined #salt
00:35 west575 joined #salt
00:36 hemebond joined #salt
00:38 teryx510 joined #salt
00:39 lungaro So I would need to use the schedule module to run highstate? say every 30 min?
00:41 hoonetorg joined #salt
00:43 hasues joined #salt
00:44 hemebond lungaro: Yes, if you wanted to update every 30 minutes.
00:45 hasues left #salt
00:45 lungaro i see. i'll give it a think. i dont really care that it runs every 30 min, just that I know all the states applied
00:45 lungaro what would be the best way to get a report of errors?
00:46 hemebond A report of errors?
00:46 lungaro states that failed to apply.
00:46 hemebond Well, you'll see that every time you run highstate.
00:46 hemebond Or apply states some other way.
00:47 edrocks joined #salt
00:48 lungaro i c. I've really just used salt-call so far in local mode. i'll check out more of the salt command
00:50 baweaver joined #salt
00:54 rem5 joined #salt
00:55 hemebond lungaro: Ah, I've never just used Salt locally, I've always used a master.
01:01 flowstate joined #salt
01:02 nZac joined #salt
01:10 kliquori joined #salt
01:11 rem5 joined #salt
01:12 amcorreia joined #salt
01:14 quasiben joined #salt
01:18 RobertChen117 joined #salt
01:22 flowstate joined #salt
01:28 k_sze[work] joined #salt
01:28 lorengordon joined #salt
01:32 lostsnow joined #salt
01:33 grumm_servire joined #salt
01:35 brianfeister joined #salt
01:37 racooper joined #salt
01:41 antpa joined #salt
01:41 cyborg-one joined #salt
01:43 flowstate joined #salt
01:45 grumm_servire joined #salt
01:47 bhosmer_ joined #salt
01:50 berserk joined #salt
01:52 acastonguay_ joined #salt
01:53 iceyao joined #salt
01:54 berserk joined #salt
01:56 lostsnow joined #salt
01:56 ageorgop joined #salt
02:00 zmalone joined #salt
02:00 lostsnow joined #salt
02:01 Lee- joined #salt
02:01 amcorreia joined #salt
02:01 flowstate joined #salt
02:02 lostsnow joined #salt
02:03 berserk joined #salt
02:08 beardedeagle joined #salt
02:10 watersoul joined #salt
02:10 RobertChen117 joined #salt
02:17 beardedeagle joined #salt
02:17 knite joined #salt
02:19 knite joined #salt
02:20 edrocks_ joined #salt
02:27 ninjada joined #salt
02:28 tapoxi joined #salt
02:28 kaushal_ joined #salt
02:31 digitalhero joined #salt
02:32 knite joined #salt
02:34 guanophobic joined #salt
02:35 catpigger joined #salt
02:37 armguy joined #salt
02:40 evle joined #salt
02:46 ageorgop joined #salt
02:47 ilbot3 joined #salt
02:47 Topic for #salt is now Welcome to #salt! | Latest Version: 2015.8.7 | SaltConf16: http://saltconf.com/register/ | Paid support available: https://www.saltstack.com/support/ | Logs: http://irclog.perlgeek.de/salt/ | Paste: https://gist.github.com/ (please don't multiline paste into channel) | See also: #salt-devel, #salt-offtopic | Ask with patience as we are volunteers and may not have immediate answers
02:51 knite joined #salt
02:52 sk_0 left #salt
02:59 Nazzy joined #salt
03:03 joe_n joined #salt
03:11 knite joined #salt
03:11 jaybocc2 joined #salt
03:12 kliquori joined #salt
03:12 beardedeagle no longer have to spin up salt-masters for teams here. wrote a self service for spinning up syndic masters from my master using errbot. hello freetime.
03:13 hemebond Neat
03:18 rem5_ joined #salt
03:18 beardedeagle now to see whatelse I can do with errbot
03:19 AirOnSkin joined #salt
03:23 RobertChen117 joined #salt
03:23 hemebond Does a syndic allow you to isolate a master from other environments while still being able to send commands from the master master?
03:24 brianfeister joined #salt
03:25 beardedeagle yes
03:25 hemebond Does it simplify the targeting of that environment too?
03:25 hemebond Almost like minion grouping but for an entire environment?
03:26 beardedeagle so basically I can still issue patching jobs, hostfixes, so forth without having to have direct access to there masters or minions. You mean can you target just a single masters minions?
03:27 hemebond Well, on my master (I have one) I have to be very careful about the top.sls targeting because I have several "environments" on the same master. Really just separate file_roots and pillar_roots for each environment.
03:27 hemebond If I had a syndic for each environment, would the top.sls just use '*' without affecting other environments?
03:28 beardedeagle ah, I am not doing anything that complicated. I just need to be able to issue ad hoc jobs to the entire environment from the master of masters
03:28 beardedeagle I would probably get heavy into grains or structuring my hostnames if I were though
03:29 hemebond Do your syndics not have a top.sls?
03:29 rem5 joined #salt
03:29 hemebond (to apply states I mean)
03:29 beardedeagle not at first
03:29 beardedeagle the users _could_ make one
03:29 beardedeagle I give  them a blank syndic with the ability to spin up minions via salt-cloud
03:30 hemebond And it would be isolated to their environment?
03:30 beardedeagle tbh, not sure. syndics are just special pass through minions so I dont know what effect their top.sls will have on a job from the master of masters
03:31 beardedeagle probably test that in dev tonight
03:31 hemebond I'll have to do some research too. Sounds like a neat setup you have there.
03:32 beardedeagle I do everything through salt, so figured I would just write a salt client library for salt-api to call from errbot
03:32 beardedeagle makes life much easier
03:33 beardedeagle just have to get granular with who can issue what commands from errbot itself
03:33 beardedeagle don't want someone issuing a reboot to the entire tree
03:34 beardedeagle (we had someone do that to our openstack hypervisors. wasnt me before you ask)
03:34 hemebond yikes
03:35 bhosmer_ joined #salt
03:43 favadi joined #salt
03:47 brianfeister joined #salt
03:48 jjasinski_ joined #salt
03:50 RobertChen117 joined #salt
03:55 quasiben joined #salt
03:57 rem5 joined #salt
03:59 kliquori joined #salt
04:11 ageorgop joined #salt
04:22 flowstate joined #salt
04:32 RobertChen117 joined #salt
04:36 akhter joined #salt
04:39 mavhq joined #salt
04:48 jaybocc2 joined #salt
04:50 ajw0100 joined #salt
04:53 ageorgop joined #salt
05:01 flowstate joined #salt
05:10 sauvin joined #salt
05:11 RobertChen117 joined #salt
05:15 jfelchner joined #salt
05:18 joe_n joined #salt
05:23 bhosmer_ joined #salt
05:24 rhodgin joined #salt
05:25 g3cko joined #salt
05:26 edrocks joined #salt
05:26 hasues joined #salt
05:27 joe_n joined #salt
05:28 doompatrol joined #salt
05:29 doompatrol anyone using formula's ever run into a issue where executing the state from master fails but running it locally on the minion it works
05:30 * doompatrol gets a gist
05:33 ageorgop joined #salt
05:33 hasues left #salt
05:36 doompatrol https://gist.github.com/patroldoom/846fa5986f3f4ccbe756
05:37 hemebond doompatrol: Could it be a permissions thing?
05:37 hemebond Or maybe an environment variable thing?
05:38 doompatrol ah i see it now
05:39 doompatrol [ERROR   ][28450] {'pid': 28555, 'retcode': 2, 'stderr': "gpg: fatal: can't create directory `/srv/aptly\n/.gnupg': No such file or directory\nsecmem usage: 0/0 bytes in 0/0 blocks of pool 0/65536", 'stdout': ''}
05:39 doompatrol there is a newline
05:39 doompatrol hrm how the hell did that happen in the state
05:40 doompatrol but why doesn't it do that from the local minion (ha!)
05:41 hemebond Would have to see the state to find that out.
05:42 doompatrol indeed one moment
05:42 doompatrol want to test something out real quick
05:50 favadi joined #salt
05:52 doompatrol https://github.com/saltstack-formulas/aptly-formula/blob/master/aptly/create_mirrors.sls
05:52 xmj moin
05:52 doompatrol howdy
05:52 xmj inside of a jinja2 template
05:52 xmj how do i do this: {% if load_hosts is not None %} foo {% endif %}   ?
05:53 xmj Comment: Unable to manage file: Jinja syntax error: no test named 'None'; line 143
05:53 teatime is not none
05:54 teatime Jinja calls it "none".
05:55 teatime you can also do == None
05:55 teatime so, it's slightly-weird either way for a pythoner :)
06:00 flowstate joined #salt
06:01 kliquori joined #salt
06:03 * doompatrol ponders why the salt-master adds a newline to the cmd
06:05 xmj != works as well?
06:05 ninjada_ joined #salt
06:06 xmj think if load_hosts != None
06:06 teatime - HOME: {{ homedir }}
06:06 hemebond doompatrol: is it the homedir variable?
06:06 teatime maybe this pillar value has a \n
06:06 teatime xmj: yes
06:07 xmj kk
06:07 teatime xmj: jinja2 defines the name None so you can do that
06:07 teatime "is" uses jinja tests, and the test is called none()
06:07 doompatrol hemebond: that's the dir it sets to run the cmd out of as user "aptly"
06:07 doompatrol teatime: ill check again
06:07 doompatrol hemebond: so it will run
06:07 xmj gotcha
06:08 sagerdearia joined #salt
06:08 teatime they lightly suggest that "is not none" is preferrable to "!= None"
06:08 doompatrol gpg --no-default-keyring --keyring trustedkeys.gpg --keyserver keys.gnupg.net --recv-keys ACCC4CF8
06:08 xmj emm
06:08 xmj so i can make it "is not none" instead of "is not None" and it'll pass?
06:08 teatime yes, I said that a while ago :)
06:08 xmj narf
06:09 xmj not enough caffeine
06:10 teatime I just learned this last night
06:10 teatime but I will happly act all sagely about it given the chance :)
06:10 xmj perfect
06:12 hemebond doompatrol: Does 'aptly:homedir' have quotes around its value?
06:13 doompatrol in the pillar ?
06:13 hemebond Yeah
06:13 doompatrol aptly:¬     homedir: /srv/aptly¬     rootdir: /srv/aptly/repo¬
06:13 doompatrol erm that didn't paste as expected
06:13 hemebond I understood.
06:14 hemebond Can you test with quotes around the value? I doubt it'll help I'm just curious.
06:14 hemebond I'm not really sure how salt-call does its pillar stuff.
06:14 doompatrol yeah even w/ debug it doesn't show how it's doing the formatting
06:14 teatime heh, ¬ works pretty well for that; only ␊ or ␤ would be better.
06:15 hemebond With debug on the minion it should show you all the pillar data before it starts applying states.
06:15 doompatrol teatime: vim ftw
06:15 doompatrol hemebond: let me tripple check
06:16 teatime vim did that for you?
06:16 teatime I figured it was your irc client.
06:17 ninjada joined #salt
06:17 doompatrol set listchars=tab:»\ ,eol:¬
06:18 teatime word ok, figured; but it didn't strip the actual newlines for you
06:18 doompatrol no :\
06:19 kshlm joined #salt
06:24 felskrone1 joined #salt
06:28 irctc774 joined #salt
06:28 doompatrol going to test adding a "cwd" to the cmd.run and see if that fixes it ...
06:29 edrocks_ joined #salt
06:33 jjasinski joined #salt
06:39 doompatrol nope going to try w/ a "env" added
06:39 doompatrol heh wow i did "cwg" ....
06:39 * doompatrol sigh it's late/early
06:47 kliquori joined #salt
06:48 doompatrol ok finally got it fixed
06:48 teatime what was the issue
06:48 doompatrol using "env" seems to have done the trick
06:48 doompatrol well for w/e reason, i had to explicitly set the cwd/env to {{ homedir }}
06:49 jaybocc2 joined #salt
06:49 doompatrol for some reason from the master a newline was being entered
06:49 doompatrol so idk weird, ill probably open a issue w/ the formula folks and see if it's something upstream from there
06:49 hemebond What happens if you just use the pillar value in a string somewhere?
06:50 hemebond e.g., in the middle of the string
06:50 hemebond Like a temporary test file source/contents.
06:50 doompatrol idk, ill have to test that out later. im dead tired been working on this for a little while
06:50 doompatrol but it's still weird that it works from the minion
06:51 hemebond There's a little bit of double-parsing/rendering when using the master.
06:52 hemebond Did you actually test with quotes?
06:53 doompatrol i couldn't cause the pillar namespace isn't flat
06:53 doompatrol or i was thinking if i did it wouldn't even render the data?
06:53 hemebond I don't understand. I just mean to put "" around "/srv/aptly"
06:54 doompatrol OH
06:54 doompatrol no i had not, sorry i misunderstood - been banging my face on this heh
06:54 doompatrol erm face on kb
06:55 hemebond no worries.
06:55 hemebond Unlikely to fix it, just curious.
06:55 doompatrol indeed
06:59 keimlink joined #salt
07:00 edrocks joined #salt
07:04 jaybocc2 joined #salt
07:11 bhosmer joined #salt
07:20 joe_n joined #salt
07:20 punkoivan joined #salt
07:21 elsmo joined #salt
07:23 punkoivan joined #salt
07:24 TyrfingMjolnir joined #salt
07:24 punkoivan left #salt
07:36 evidence omg topic wrong!
07:37 teatime howso
07:37 evidence latest version
07:37 evidence anyone else seeing this error on 2015.8.8 though?  [ERROR   ] Failed to import module win_dacl, this is due most likely to a syntax error
07:38 evidence harmless as i don't have any windows minions.. but just noticed it's spammed every run now
07:38 KermitTheFragger joined #salt
07:39 ninjada joined #salt
07:40 evidence ah https://github.com/saltstack/salt/issues/32004
07:40 saltstackbot [#32004]title: 2016.3 now complains about win_dacl on Solarish platforms | ### Description of Issue/Question...
07:42 flowstate joined #salt
07:42 slav0nic joined #salt
07:57 freeaks joined #salt
07:58 joe_n joined #salt
07:59 impi joined #salt
08:01 flowstate joined #salt
08:03 favadi joined #salt
08:04 fooma joined #salt
08:04 edrocks_ joined #salt
08:17 nidr0x joined #salt
08:26 jchen joined #salt
08:26 jchen left #salt
08:30 dariusjs joined #salt
08:31 joe_n joined #salt
08:32 RalfJ left #salt
08:40 josuebrunel joined #salt
08:40 molen3 joined #salt
08:43 nidr0x joined #salt
08:43 kshlm joined #salt
08:45 RobertChen117 joined #salt
08:48 kliquori joined #salt
08:48 cswang joined #salt
08:54 ninjada joined #salt
08:55 jhauser joined #salt
08:59 kochary left #salt
09:00 flowstate joined #salt
09:03 s_kunk joined #salt
09:12 dgutu joined #salt
09:13 GreatSnoopy joined #salt
09:14 averell joined #salt
09:15 lero joined #salt
09:16 jaybocc2 joined #salt
09:17 lero joined #salt
09:18 bhosmer joined #salt
09:30 sfxandy joined #salt
09:30 ronnix joined #salt
09:31 jaybocc2 joined #salt
09:34 kliquori joined #salt
09:40 RobertChen117 joined #salt
09:44 MadHatter42 joined #salt
09:46 dmaiocchi joined #salt
09:47 nidr0x joined #salt
09:50 kawa2014 joined #salt
09:52 aqua^c_ joined #salt
09:59 keimlink joined #salt
10:02 djinni` joined #salt
10:06 attawn joined #salt
10:06 attawn Hi everyone !
10:06 slav0nic joined #salt
10:07 attawn How do i set the root password for a LXC container with Salt ? Thanks in advance!
10:08 elsmo joined #salt
10:08 edrocks joined #salt
10:08 slav0nic_ joined #salt
10:18 N-Mi joined #salt
10:25 dariusjs_ joined #salt
10:28 zer0def joined #salt
10:30 ravenx joined #salt
10:30 ravenx how can i get supervisord to try and restart my process after every highstate.  it seems that it onyl does it when the supervisord/conf.d/file.conf changes
10:31 ravenx but i'm more interested in doing it when there is a change in my code's dir/, so that it ensures i am running the newest binary.
10:31 djinni` joined #salt
10:32 freeaks joined #salt
10:34 sfxandy hi all
10:35 hemebond ravenx: https://docs.saltstack.com/en/latest/ref/states/requisites.html#watch
10:36 hemebond Oh, there's a new thing https://docs.saltstack.com/en/latest/ref/states/requisites.html#onchanges
10:36 elsmo ravenx: the salt.states.supervisord.running state has a restart option that forces a restart
10:36 ravenx elsmo: that only restarts IF the /etc/supervisord/conf.d/file.conf changes
10:37 ravenx hemebond: thanks.  there is also a mod_watch in the supervisord state, how does that differ?
10:37 hemebond ravenx: No idea. That sounds like a supervisord thing.
10:37 elsmo ravenx: Wierd.. the docs say "Whether to force a restart" maybe file a bug on doc?
10:37 hemebond All I know are the Salt thingies.
10:38 ravenx elsmo: it might be me, taking the meaning of it all wrong though.
10:38 ravenx elsmo: cuz it would make sense for it to restart on file.conf changes.  but iw ould like a different functionality.
10:39 hemebond Could it be that services are normally "reloaded" rather than restarted?
10:39 hemebond And that option is how you control it?
10:40 hemebond !salt states.supervisord
10:40 saltstackbot http://docs.saltstack.com/en/latest/ref/states/all/salt.states.supervisord.html
10:40 hemebond The very first example shows how to watch files.
10:40 hemebond It will trigger a restart/reload if one of the files change.
10:40 hemebond *any of
10:40 ravenx sweet. that means that i could make it watch a directory?
10:40 RobertChen117 joined #salt
10:41 hemebond I think you can use a wildcard to make it watch an entire directory.
10:41 hemebond /my/conf/dir/*
10:41 hemebond I think I did that for my Shinken config.
10:41 ravenx sweet, let me try that.
10:42 ravenx it says the following requisites cannot be fou nd:
10:42 ravenx watch:
10:42 ravenx file:
10:42 ravenx i am 100% the directory exists though.
10:42 hemebond Why do I see no documentation for mod_watch? How strange.
10:43 ravenx hemebond: that too
10:43 hemebond ravenx: Can you paste your state?
10:43 ravenx sure thing
10:44 ravenx http://ix.io/uVw/#n-LINENO
10:45 hemebond Oh wait...
10:45 ravenx it's the last line, where i said " might need to be deleted" that throws the:  "The following requisites were not found: watch:  file: "
10:46 hemebond Yeah... it doesn't accept any old path. It actually wants a state.
10:46 ravenx o_O so file: wont' wrok?
10:46 ravenx i have to give watch: a state?
10:46 hemebond Yeah. It "watches" other states to see if they run and/or change something. If so it triggers this.
10:47 ravenx hm..how can i pass it a state?
10:47 ravenx cuz i just want it to look at my git dir for new changes.
10:47 ravenx higher up in my dir, i have a git.latest state
10:47 hemebond That... is probably asking for trouble.
10:48 hemebond I wonder why I have "- file: /etc/shinken/arbiters/*" and it seems to work.
10:48 ravenx :(
10:48 ravenx you use supervisord too?
10:48 ravenx for salt states?
10:48 hemebond No
10:49 hemebond Other people are using it.
10:49 hemebond http://stackoverflow.com/questions/23716009/saltstack-in-a-watch-statement-how-do-i-specify-a-directory-where-all-files-sh
10:49 hemebond I think I'm wrong. I think it should work.
10:49 ravenx but that's for service.running though
10:49 ravenx not supervisord
10:49 ravenx or is this the same concept?
10:49 hemebond Yeah but watch is a .... meta... thingy.
10:50 ravenx hm...
10:50 hemebond Global State Argument
10:50 ravenx :/ sucks.  i'm trying my best to avoid using a cmd.run to restart things
10:50 ravenx seems sorta 'hacky'
10:50 AndreasLutro when you have watch: file: /root/whatever
10:50 AndreasLutro you're not watching the file /root/whatever
10:51 AndreasLutro you're watching a file state with the ID or name of /root/whatever
10:51 hemebond AndreasLutro: Does it glob match states?
10:51 AndreasLutro which also means you can't watch files that aren't part of a state
10:51 AndreasLutro yes
10:51 hemebond Aha I see.
10:51 ravenx AndreasLutro: aaaaaah...
10:51 AndreasLutro or at least file states
10:51 ravenx AndreasLutro: thank you.
10:51 AndreasLutro haven't tested other types of states
10:51 ravenx gonna give this a shot after my german classes
10:51 ravenx lol
10:51 ravenx brb, thanks hemebond and AndreasLutro
10:51 hemebond Good luck.
10:51 ravenx i hope this works
10:52 hemebond And it works for me because I have states for each of my files.
10:52 ravenx :(
10:52 hemebond I suppose you could use the Git state module.
10:52 hemebond Then if it has pulled down changes it would trigger it.
10:56 ronnix joined #salt
10:57 ravenx hemebond: that's brilliant, ty!
10:59 akhter joined #salt
11:01 iceyao joined #salt
11:05 N-Mi joined #salt
11:05 N-Mi joined #salt
11:05 amcorreia joined #salt
11:06 bhosmer joined #salt
11:14 ronnix joined #salt
11:18 baoboa joined #salt
11:18 nZac joined #salt
11:20 Rumbles joined #salt
11:21 losh joined #salt
11:22 quasiben joined #salt
11:24 bhosmer_ joined #salt
11:28 Zhen joined #salt
11:31 fredvd joined #salt
11:31 _Cyclone_ joined #salt
11:36 kliquori joined #salt
11:37 flowstate joined #salt
11:43 jaybocc2 joined #salt
11:54 punkoivan joined #salt
11:56 punkoivan joined #salt
11:56 MadHatter42 joined #salt
11:57 punkoivan joined #salt
11:58 jaybocc2 joined #salt
11:59 punkoivan joined #salt
12:00 punkoivan joined #salt
12:03 bhosmer_ joined #salt
12:09 freelock joined #salt
12:10 DammitJim joined #salt
12:19 ninjada joined #salt
12:22 kliquori joined #salt
12:22 DammitJim when replacing a crontab file
12:22 DammitJim do I need to do something else to "save it?"
12:29 favadi joined #salt
12:29 metalseargolid joined #salt
12:33 kawa2014 joined #salt
12:34 ninjada joined #salt
12:36 edrocks_ joined #salt
12:44 nZac joined #salt
12:46 mavhq joined #salt
12:51 favadi joined #salt
12:53 quasiben joined #salt
12:53 ronnix joined #salt
12:54 XenophonF joined #salt
12:54 bhosmer joined #salt
12:56 babilen DammitJim: I don't quite follow. How are you replacing the crontab file? Which file exactly?
12:56 babilen I think the answer is "no" (there is no need to restart a service or something like that), but you might be after something else
12:57 evle joined #salt
12:58 fooma joined #salt
12:58 fooma joined #salt
12:59 gh34 joined #salt
12:59 kawa2014 joined #salt
12:59 fooma joined #salt
13:00 fooma joined #salt
13:01 fooma joined #salt
13:02 pid1 joined #salt
13:03 fooma joined #salt
13:03 subsignal joined #salt
13:08 edrocks joined #salt
13:09 kshlm joined #salt
13:10 subsignal joined #salt
13:10 fooma joined #salt
13:11 edrocks joined #salt
13:11 dyasny joined #salt
13:12 kliquori joined #salt
13:13 fooma joined #salt
13:14 flowstate joined #salt
13:14 mapu joined #salt
13:16 flowstate joined #salt
13:21 bhosmer joined #salt
13:25 nZac joined #salt
13:26 ninjada joined #salt
13:28 fooma joined #salt
13:30 punkoivan joined #salt
13:34 rem5 joined #salt
13:34 subsigna_ joined #salt
13:36 quix joined #salt
13:39 yuhlw joined #salt
13:40 jav joined #salt
13:40 fredvd_ joined #salt
13:42 zerthimon joined #salt
13:47 punkoivan left #salt
13:49 flowstate joined #salt
13:55 mowntan joined #salt
13:56 timoguin joined #salt
13:56 hasues joined #salt
13:57 hasues left #salt
13:59 oida joined #salt
13:59 jerredbell joined #salt
14:02 rylnd joined #salt
14:04 metalseargolid joined #salt
14:04 RobertChen117 joined #salt
14:09 kawa2014 joined #salt
14:09 kawa2014 joined #salt
14:11 andrew_v joined #salt
14:15 ntropy "Register below for access to the Salt Open software package repository." - when did this happen?
14:15 ntropy its awful
14:17 ntropy or maybe im misunderstanding what salt open is
14:18 babilen ntropy: Where is that from?
14:19 VSpike http://saltstack.com/saltstack-downloads/
14:20 babilen Are you looking for https://repo.saltstack.com/, ntropy ?
14:20 BretFisher joined #salt
14:21 titilambert joined #salt
14:21 ntropy i was at the url VSpike mentions
14:22 ntropy i did find repo.saltstack.com, thats much better :)
14:22 babilen I don't actually know which repositories you gain access to by registering there
14:23 babilen jfindlay: Do you know what the registration at http://saltstack.com/saltstack-downloads/ is about?
14:24 ntropy i was looking for packages for raspbian, ie arm, but only amd64 arch seems supported by the official packages
14:24 ntropy http://repo.saltstack.com/apt/debian/8/
14:25 babilen Yeah, other architectures are available in Debian, but 2015.8.7+ds-1 is currently only in stretch and sid
14:26 lumtnman joined #salt
14:26 babilen No idea about raspbian
14:26 onlyanegg joined #salt
14:26 lumtnman joined #salt
14:27 Brew joined #salt
14:28 ntropy i see, thanks for the clarification
14:30 nidr0x joined #salt
14:31 ronnix joined #salt
14:31 danemacmillan joined #salt
14:32 mavhq you don't need to register, just jump straight to the docs
14:34 zmalone joined #salt
14:36 flowstate joined #salt
14:36 Nazca__ joined #salt
14:37 lostsnow joined #salt
14:43 timoguin joined #salt
14:44 DammitJim I don't know why sometimes in my top.sls pillar, servers don't pick up their pillar data when I say: 'myserver[test|prod].example.com'
14:44 DammitJim myservertest.example.com might not see the pillar data
14:45 teryx510 joined #salt
14:46 cro joined #salt
14:51 ALLmightySPIFF joined #salt
14:54 ALLmightySPIFF joined #salt
14:56 fooma joined #salt
14:56 ronp_usa joined #salt
14:58 jfindlay babilen: that is for saltstack getting voluntary information from users
14:59 jfindlay you can always go to https://repo.saltstack.com/
15:02 kawa2014 joined #salt
15:03 timoguin joined #salt
15:03 berserk joined #salt
15:04 ntropy hmm, http://saltstack.com/saltstack-downloads/ doesn't have a link to https://repo.saltstack.com/
15:06 tristianc_ joined #salt
15:07 ajw0100 joined #salt
15:07 mavhq have to click Community, then documentation
15:08 Pie_Mage_ joined #salt
15:08 ntropy yeah, im sure you can get there eventually, its still a dirty trap
15:09 adelcast joined #salt
15:09 * ntropy remembers when puppet labs did the same for downloading the reference guide in pdf format
15:10 quasiben joined #salt
15:11 FreeSpencer_ joined #salt
15:11 g3cko_ joined #salt
15:13 elkektetet joined #salt
15:13 Nazzy joined #salt
15:14 antpa joined #salt
15:14 aqua^c joined #salt
15:15 ronnix joined #salt
15:15 aqua^c joined #salt
15:18 beardedeagle joined #salt
15:19 FreeSpencer joined #salt
15:19 FreeSpencer joined #salt
15:20 llua left #salt
15:20 llua joined #salt
15:22 jdubski joined #salt
15:23 lostsnow joined #salt
15:25 jfelchner joined #salt
15:26 berserk joined #salt
15:27 cpowell joined #salt
15:28 Heartsbane joined #salt
15:29 ageorgop joined #salt
15:29 gnord joined #salt
15:29 iggy joined #salt
15:29 phx joined #salt
15:29 frew joined #salt
15:29 Gareth joined #salt
15:29 NaPs joined #salt
15:29 Guest3969 joined #salt
15:31 akhter joined #salt
15:33 lumtnman Does anyone have a good resource that involves something like - the full boot strap process of starting a ubuntu instance, and then auto enrolling it to the salt master, and having it online and configured?
15:33 lumtnman I'm just curious how others go about this same thing
15:33 rburkholder joined #salt
15:37 lostsnow joined #salt
15:38 armyriad joined #salt
15:43 rburkholder joined #salt
15:44 hightekvagabond joined #salt
15:46 grumm_servire joined #salt
15:52 aqua^c joined #salt
15:53 perfectsine joined #salt
15:55 majikman joined #salt
15:56 akhter joined #salt
15:57 beardedeagle @lumtnman: can you use salt-cloud?
15:58 beardedeagle otherwise you can pass the master as a part of salt-bootstrap.sh
15:59 lumtnman @beardedeagle O dang! I didnt even realize that was an option! Thank you for the suggestion
16:00 joe_n joined #salt
16:00 beardedeagle np. if you wanted to take the salt-bootstrap a step further, you could autoaccept (or setup a reactor to accept the key), then set up a reactor to highstate on new key acceptance.
16:00 beardedeagle a lot of different ways you could make it all tie together.
16:00 lumtnman reactor being similar to a trigger even? Sorry I haven't used them yet
16:01 lumtnman Thats always part of the fun right? 100 ways to crumble the cookie
16:01 lumtnman event*
16:01 noraatepernos joined #salt
16:01 packeteer joined #salt
16:02 lumtnman I should have just used my brain and google'd instead of asking that dumb question
16:02 lumtnman Just looked it up
16:03 mpanetta joined #salt
16:07 Vivek joined #salt
16:09 majikman joined #salt
16:11 beardedeagle Ah sorry was working. the reactor would listen for a specific event and trigger an action.
16:11 beardedeagle docs cover them pretty good.
16:15 aboe joined #salt
16:16 mrwboilers I could use some suggestions on something.
16:16 mrwboilers I need a good way to maintain which servers are in production and which aren't. This isn't something that changes daily, but does change every now and then.
16:16 mrwboilers This needs to be something that I can use for targeting.
16:17 nicksloan- joined #salt
16:17 mrwboilers so that only the current production servers would be targeted for a state/command/whatever
16:18 akhter joined #salt
16:18 mrwboilers It's not a huge number of servers, just a couple dozen or so. Would a simple pillar where for each minionid, I'd just have prod: True or prod: False, and then just edit that pillar sls file and resync pillars whenever something changes?
16:18 mrwboilers Or is there a better way?
16:20 murrdoc joined #salt
16:20 alemeno22 joined #salt
16:21 fooma joined #salt
16:21 berserk joined #salt
16:21 fooma joined #salt
16:22 amcorreia joined #salt
16:24 onlyanegg joined #salt
16:29 berserk joined #salt
16:30 perfectsine_ joined #salt
16:31 writtenoff joined #salt
16:32 beardedeagle I am a little confused by your question @mrwboilers, are you asking for a good way to target only?
16:33 mrwboilers Basically, yes. A good way to target just current production servers. I can't do it by hostname/minionid
16:35 beardedeagle are the server names unique between prod and other env's?
16:36 beardedeagle like regprodapi001 or something not as obvious as that?
16:36 bharper FYI, docs.saltstack.org is displaying a 404 page
16:36 beardedeagle loading for me @bharper
16:36 bharper hm...
16:38 bharper https://gist.github.com/b-harper/1d4decc6fd0c26719b2f
16:38 beardedeagle @mrwboilers: if the hostname for the prod boxes are something unique to prod where you can identify all prod boxes via something as simple as *prod* or the like, you could just do that. Otherwise grains would be fine to use as well.
16:38 beardedeagle then target based off the grains
16:38 beardedeagle salt -G whatever
16:38 teatime mrwboilers: since you can't use minion ID, your pillar solution is what I would prefer in your situation.
16:39 mrwboilers Unfortunately hostname won't work. The same server could be production one week, and not production the next. The hostname won't change.
16:39 beardedeagle @bharper: it's https
16:39 teatime mrwboilers: grains would also work, just realize that minions set their own grains so using them for targeting can be a serious security issue.  but this one might not be.
16:39 punkoivan joined #salt
16:39 teatime mrwboilers: there are nodegroups, but you have to edit master conf file (and restart) master to change them, unfortunately.
16:39 beardedeagle teatime does bring up a good point, grains can be changed on the minion
16:39 bharper beardedeagle: refresh my gist
16:40 impi joined #salt
16:40 teatime mrwboilers: if editing the pillar gets too unwieldy, you can use an ENC.
16:40 teatime mrwboilers: but given all that, I'd do your pillar thing.
16:40 mrwboilers teatime: Pardon my ignorance, but what is an ENC?
16:40 danemacmillan joined #salt
16:40 bharper beardedeagle: firefox says 'The owner of docs.saltstack.org has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.'
16:40 punkoivan joined #salt
16:40 teatime mrwboilers: external node classifier, terminology borrowed from puppet.
16:41 beardedeagle yeah I don't get that in firefox, chrome, or safari
16:41 teatime mrwboilers: it's an external system to target states to minions; usually by mapping roles onto minions
16:41 M-MadsRC joined #salt
16:41 bharper beardedeagle: I wonder if it is a load balancing issue
16:41 bharper it was just working for me
16:41 beardedeagle not sure, don't know how the salt dudes set their stuff up
16:41 bharper let me try just my home connection
16:41 bharper yup, broke at home too
16:42 punkoivan joined #salt
16:43 punkoivan joined #salt
16:44 bharper oh... wait... looks like docs.saltstack.org
16:44 bharper does not work
16:44 bharper but .com does
16:45 punkoivan joined #salt
16:47 punkoivan joined #salt
16:48 beardedeagle blew past that you were using .org
16:49 punkoivan joined #salt
16:50 punkoivan joined #salt
16:52 digitalhero joined #salt
16:53 punkoivan joined #salt
16:53 berserk joined #salt
16:54 punkoivan joined #salt
16:54 digitalhero joined #salt
16:54 berserk joined #salt
16:55 berserk joined #salt
16:55 ajw0100 joined #salt
16:56 bfrog joined #salt
16:56 akhter joined #salt
16:56 bfrog so I'm having an issue with mine, where ip addrs from a box I recently added aren't showing up
16:57 bfrog when doing salt '*' mine.get network.ip_addrs
16:57 bfrog is that just due to the mine collection schedule?
16:57 bfrog can I force a collection somehow?
16:58 berserk joined #salt
16:58 akhter joined #salt
16:59 aboe joined #salt
17:00 teatime you can, there's some function to force a mine run
17:00 M-liberdiko joined #salt
17:00 ninkotech joined #salt
17:00 teatime salt.util.update_mine maybe; let me check
17:01 teatime salt '*' mine.update
17:02 pid1 joined #salt
17:02 tehsu anyone use pillar.get with a powershell script
17:02 jaybocc2 joined #salt
17:03 bfrog so, I run mine.update, but it looks like I'm still missing one boxes ip addrs
17:03 bfrog now I'm just confused as hell
17:03 numkem joined #salt
17:03 teatime bfrog: make sure it has the mine config defined for it in its pillar data.
17:04 bfrog it does, I have a '*' there for mining ip addrs
17:05 bfrog so the same mine config is used for the boxes that are working
17:05 teatime do you specify the interfaces?
17:05 bfrog https://gist.github.com/bfrog/934139b5938c1fb28460
17:05 bfrog ignore the funny characters, thats my vim showing line endings
17:06 spiette joined #salt
17:06 teatime heh, someone else had that vim config earlier... I configure mine to highlight trailing whitespace in red; you might prefer that, as a way to not mess w/ your copy/paste.
17:06 brianfeister joined #salt
17:07 bfrog https://gist.github.com/bfrog/2a75b127170041a3361c
17:07 bfrog and the top.sls
17:07 bfrog showing '*' does mine
17:07 knite joined #salt
17:07 teatime so, you do specify the interface name; does the not-working box maybe have an interface called something other than eth0 ?
17:07 noraatepernos joined #salt
17:07 bfrog yeah, its a little annoying :-)
17:07 bfrog need a way to switch to copy/paste mode or something
17:08 bfrog just checked
17:08 bfrog it has eth0
17:08 bfrog even funnier
17:08 bfrog the ipv6 addrs get collected
17:08 bfrog its just the ipv4 addrs that don't get collected
17:08 teatime it does have an ipv4 addr on eth0?
17:09 bfrog yes
17:09 kevinqui1nyo the docs say that a stateful cmd script only has to produce JSON or name=value pairs on the last line of the script, but i'm getting an error "Failed parsing script output! Stdout must be JSON or a line of name=value pairs."
17:09 bfrog 2 in ipv6 and 2 ipv4 addrs
17:09 bfrog just like all the other boxes that are working
17:09 teatime ok, sorry to be pedantic; Ive learned to nail people down to specifics :)
17:09 kevinqui1nyo do i need to send all output to /dev/null except for the json result?
17:09 bfrog for sure
17:09 ageorgop joined #salt
17:10 bfrog yeah, I'm baffled by this one
17:11 adelcast left #salt
17:11 bfrog the mine is like... one of the most useful and most infuriating parts of salt
17:11 teatime I'm not having any ideas either.
17:11 kevinqui1nyo agree ^
17:11 Edgan jfindlay: Saltstack still planning on a 2016.4.0 release?
17:11 kevinqui1nyo that its useful and infuriating
17:11 bfrog at least thats been my experience
17:11 bfrog teatime: well I appreciate the help
17:12 schmichael joined #salt
17:12 zmalone Edgan: I thought it was planned as 2016.3, but the window for that is shrinking
17:12 pid1 joined #salt
17:12 jfindlay Edgan: the next release is 2016.3.0
17:12 jfindlay probably going to come out in April
17:13 schmichael does anyone have a good example or tutorial for how to use salt to: download a tar, extract it, and copy some files out?
17:14 Edgan jfindlay: cool, looks like I need the bleeding edge for boto_ec2.
17:14 Eugene schmichael - https://docs.saltstack.com/en/latest/ref/states/all/salt.states.archive.html
17:14 schmichael i can't get archive.extracted and file.copy to work as expected. either the file.copy happens on every highstate, or only once when the target file doesn't exist
17:14 Edgan schmichael: let me dig one up for you
17:14 Eugene You just want to file.copy some of the contents of the .tar ?
17:14 schmichael Eugene: yup, a binary from the temp location to /usr/local/bin fwiw
17:15 schmichael and i want the copy to happen when the archive is extracted, not just if the target file doesn't exist
17:15 Eugene The archive.extracted should only be happening once; the file.copy then becomes not-repeatable
17:15 Edgan schmichael: this is in master mode?
17:15 schmichael Edgan: yes
17:16 teatime bfrog: did you see if network.ip_addrs works for the minion if you call it like salt 'badhost' network.ip_addrs interface=eth0
17:16 schmichael Eugene: it only happens once until i change the file being downloaded (new version), then archive.extracted works again but file.copy does not
17:16 bfrog I did not, let me try that
17:16 Eugene Hmmm... ya got me. I would just pull the file out of the archive and then file.managed it from a salt:// url
17:16 Edgan schmichael: I did it before as salt-ssh. Basic you need a unless, to say if this file already exists, don't reextract the tar
17:17 bfrog teatime: that worked
17:17 teatime schmichael: I think that's how file.copy is intended to work.
17:17 teatime schmichael: IIRC it only checks if the destinationf ile exists, not if its content match or not
17:17 schmichael teatime: indeed. i just don't know what to use instead
17:18 bfrog the mine data is kept on the master isn't it?
17:18 adelcast joined #salt
17:18 teatime schmichael: will pulling the file out yourself and using file.managed work?
17:18 bfrog like, the minions send out mined data to the master, the master keeps that around for later when you ask for it?
17:18 bfrog or am I misunderstanding how that works
17:18 teatime bfrog: yeah.
17:18 bfrog so its like the master isn't either getting that data, or isn't storing it?
17:18 schmichael teatime: can file.managed's source be a local file?
17:19 Edgan schmichael: you put a command in the unless, and if it returns 0, then it is considered true and the thing doesn't run
17:19 schmichael teatime: so i would use archive.extracted to update that local file, and then file.managed to move it to the right place
17:19 teatime no, I don't think so
17:19 schmichael ugh, i really don't want to have to put all my binaries in salt:// locations... perhaps that's what i should be doing though?
17:19 teatime Edgan's solution works, though; you could use file.copy with unless cmd to compare and force=true
17:19 schmichael oh!
17:20 Edgan schmichael: - unless: "apt-key list | grep 4F1A167E"
17:20 schmichael perfect, thanks
17:20 teatime schmichael: file.managed has contents: for pulling from pillar values, combined with file_tree external pillar, can be handy.
17:20 cyborg-one joined #salt
17:20 schmichael teatime: man... you are out of my league.
17:20 schmichael i'm proably doing everything wrong :(
17:20 bfrog sudo salt '*' mine.delete 'network.ip_addrs'
17:20 bfrog followed by mine.update
17:20 bfrog now none of my boxes ip addrs are in the mine
17:20 bfrog so at least I'm getting somewhere with that...
17:21 spiette joined #salt
17:22 teatime schmichael: file_tree lets you have a hierarchy like /srv/salt/file_tree/hosts/blah.example.com/my_files/passwd.txt  and then in a file.managed you can do contents_pillar: 'my_files:passwd.txt'
17:22 polyidus joined #salt
17:22 bfrog teatime: so it seems like mine.update isn't really doing what I think it should be doing
17:22 teatime bfrog: ah, ok; yeah that's forward progress :)
17:23 Edgan 2016.3.0 will have a rsync state to do large trees fast :)
17:23 schmichael teatime: and that file tree path is on the master? so i just manually drop files there?
17:23 flowstate joined #salt
17:23 teatime schmichael: it wouldbe, yes.
17:24 teatime schmichael: like all pillar data, it comes from the master.  this is the best/only way to serve up sensitive data, btw.
17:24 teatime schmichael: any minion can request any file from salt://, but pillar data is only available to minions it's targeted to.
17:24 ninkotech joined #salt
17:25 kevinqui1nyo i have a stateful script, and the last line is {"changed": "no", "comment": "Path already in correct git state."}
17:25 kevinqui1nyo i'm getting an error:       Comment: Failed parsing script output! Stdout must be JSON or a line of name=value pairs.
17:25 kevinqui1nyo Why?
17:26 schmichael teatime: interesting. thanks. definitely need to move to hosting these files in pillars
17:26 pppingme joined #salt
17:27 kevinqui1nyo hm so that's just a bug then.  it works with key=value pairs but just plain does not work with json?
17:27 schmichael has anyone used the s3 pillar with google cloud storage? we're on gcp
17:28 schmichael supposedly the apis are compatible
17:28 teatime bfrog: try a saltutil.refresh_pillar and/or saltutil.sync_all first?
17:29 bfrog teatime: still nope
17:29 kevinqui1nyo bfrog: i had an issue the other day with this
17:29 bfrog mine.get is empty :(
17:30 kevinqui1nyo let me try to remember what i did
17:30 bfrog kevinqui1nyo: please do, this is quite frustrating
17:31 teatime kevinqui1nyo: random guess, make sure the final line ends with a newline
17:31 kevinqui1nyo bfrog: hm actually re-read your issue and looked at my notes -- my issue was different, i was having trouble clearing the cached mine data
17:32 kevinqui1nyo i had to do salt '*' mine.flush i believe
17:32 bfrog ah ok
17:32 bfrog if I do mine.get all_ipv4_addrs
17:32 bfrog it works
17:32 bfrog but... how the hell did it ever work before then
17:32 bfrog with network.ip_addrs
17:33 teatime oh lol, you must have previously had a different mine definition
17:33 bfrog maybe I was relying on a bug or something too?
17:33 teatime that used that name (w/ the other syntax, it's the default) instead of your new one
17:33 bfrog right
17:33 bfrog yeah I must've
17:33 bfrog that was very confusing
17:33 bfrog but it makes more sense now
17:34 antpa joined #salt
17:34 anthpa joined #salt
17:35 nZac joined #salt
17:38 aw110f joined #salt
17:40 Edgan Anyone working with boto_ec2.run?
17:45 toanctruong joined #salt
17:46 punkoivan joined #salt
17:47 zmalone https://github.com/saltstack/salt/issues/32004#issuecomment-200944542 that's pretty frustrating
17:47 saltstackbot [#32004]title: 2016.3 now complains about win_dacl on Solarish platforms | ### Description of Issue/Question...
17:48 zmalone Two months out, for a regression that spits out errors on every state?
17:48 punkoivan joined #salt
17:51 rhodgin joined #salt
17:52 ajw0100 joined #salt
17:53 ronnix joined #salt
17:54 josuebrunel joined #salt
17:58 mavhq joined #salt
17:59 amcorreia joined #salt
17:59 baweaver joined #salt
18:01 rem5 joined #salt
18:03 iggy fix solaris
18:03 * iggy runs
18:03 zmalone It isn't a Solaris bug
18:03 zmalone It's a Salt bug on all non-windows platforms
18:03 zmalone I get it on Ubuntu
18:04 berserk joined #salt
18:04 rem5 joined #salt
18:04 iggy i was amateur trolling
18:04 teatime zmalone: make a PR :)
18:05 zmalone It's already fixed
18:05 zmalone It was fixed before 2015.8.8 was released, but the broken stuff was rolled into the release anyhow
18:05 berserk joined #salt
18:05 polyidus joined #salt
18:05 zmalone I can roll my own releases instead, but it sucks to get a broken package pushed out and orphaned for two months
18:05 knite joined #salt
18:07 iggy ...win_dacl.py:  file.absent?
18:08 Fiber^ joined #salt
18:08 knite joined #salt
18:11 Edgan zmalone: sadly there always seem to be some bug that the fix isn't released yet. I am resigned to having to roll my own packages.
18:12 baweaver joined #salt
18:20 iggy maybe you guys should team up and split maintenace work for these releases
18:23 antpa joined #salt
18:25 jaybocc2 joined #salt
18:27 tvinson i'm trying to use a windows installer that passes flags to msiexec in a weird way and i think salt is interfering. the install_flags i have are /v" /qn /norestart" and if i run that manually it's fine. salt debug shows [INFO    ] Executing command ['c:\\salt\\var\\cache\\salt\\minion\\files\\base\\win\\repo\\salt-pci-winrepo.git\\program\\program.exe', '/v"', '/qn', '/norestart"']
18:27 tvinson and then, when run from salt i get the help screen for msiexec flags. any ideas?
18:28 mrwboilers Ok, so I've created an ext_pillar. When I run pillar.items, I get the expected value
18:29 mrwboilers The value is either Prod: True, or Prod: False.
18:29 mrwboilers Yet if I try to target with it, it targets properly, but test.ping won't work.
18:30 mrwboilers so "salt -I 'Prod:True' test.ping" will try to ping the correct minions, but those minions don't respond.
18:30 mrwboilers Any idea what's going on?
18:30 jinkyu joined #salt
18:30 berserk joined #salt
18:30 mrwboilers but "salt 'minionid' test.ping" will work - the minion responds to the ping.
18:31 tvinson mrwboilers: can you target with other pillar values?
18:31 mrwboilers So far this is my only pillar
18:33 zmalone left #salt
18:34 akhter joined #salt
18:36 tvinson mrwboilers: tested with a pillar value of True and I see the same behavior fwiw.
18:36 teatime tvinson: is that supposed to be one argument, '/v" /qn /norestart"' ?
18:37 mrwboilers Is it due to "True" being the value? Should I try something else?
18:37 tvinson teatime: i *think* it is. i'm not that familiar with windows cmd parsing but i would guess it's a /v option with the double quoted text as its argument.
18:37 MadHatter42 joined #salt
18:38 teatime tvinson: what state/module are you using, cmd.run ?
18:39 mrwboilers Tried with "Yes" instead of True, and same result
18:39 teatime tvinson: in fact could you just pastebing your state / cmdline
18:39 kevinqui1nyo mrwboilers: so test.ping works, but does not work when you target them based on a pillar that exists with your ext_pillar
18:39 kevinqui1nyo but matching based on any other pillar?  Can you try that
18:40 mrwboilers kevinqui1nyo: correct
18:40 bfrog teatime: thanks for the help earlier, don't know if I said that yet
18:40 aboe joined #salt
18:40 bfrog teatime: you were super helpful in getting to the bottom of it
18:40 mrwboilers kevinqui1nyo: I'll have to create another pillar to test
18:40 mrwboilers I don't have any other pillars
18:40 josue joined #salt
18:40 bfrog so now the next question of the day
18:40 tvinson teatime: http://pastebin.com/nCLHPbRw
18:40 bfrog is there some sensible way to keep pillar data in git?
18:41 kevinqui1nyo sensible?  not if it has sensitive information like api keys or passwords
18:41 bfrog or, how do other people store and version their pillar data?
18:41 bfrog it does
18:41 berserk joined #salt
18:41 kevinqui1nyo i'd like to know how other people do this too.  What I do is keep a skeleton in git -- that is the same structure, but with placeholder / fake data
18:41 bfrog which I mean, how much better is it that its on the salt master, seems like the saltmaster would just as easily be ransacked as a git repo
18:42 kevinqui1nyo but i never push the actual sensitive parts up
18:42 kevinqui1nyo true, i was assuming you were using something like github
18:42 kevinqui1nyo if you have a private git server or gitlab instance go for it
18:42 bfrog it would be nice maybe if when running salt commands, I needed a passphrase to unencrypt it or something
18:43 tvinson bfrog: there's a gpg renderer that allows you to put gpg crypted data into pillar values that get decoded using keys on the master.
18:43 kevinqui1nyo well if it was encrypted, git would have a hard time doing diffs
18:43 bfrog and otherwise it was left encrypted, even on the saltmaster
18:43 berserk joined #salt
18:43 knite joined #salt
18:43 bfrog tvinson: doesn't that negate the crypted data though? or with gpg keys do you need to unlock the key itself with a passphrase still
18:43 teatime bfrog: np.
18:44 teatime tvinson: is this pillar data, or is there a state called websense_agent, or what?
18:45 tvinson bfrog: i don't think it supports a passphrase, i think the idea is just to keep the sensitive data out of your git repository.
18:45 anthpa joined #salt
18:45 berserk_ joined #salt
18:45 teatime nm, I guess this is how windows installer state works.  weirdness.
18:46 bfrog thats not really all that helpful though I don't think
18:46 bfrog I'd rather have it in git, just encrypted
18:46 bfrog I'll check out the gpg renderer
18:46 bfrog maybe it does what I want
18:46 tvinson teatime: yep, this is a standard winrepo type state
18:49 teatime tvinson: looks like it uses salt.utils.shlex_split to split that param
18:50 mrwboilers I tried adding a simple static pillar, and test.ping won't work when that is used for targeting either.
18:53 antpa joined #salt
18:53 noraatepernos joined #salt
18:53 teatime tvinson: try passing a list/array instead of a string to install_flags
18:54 teatime tvinson: so install_flags: <newline><indent> - '/v" /qn /norestart"'
18:54 teatime tvinson: or actually I guess this works:  install_flags: [ '/v" /qn /norestart"' ]
18:54 mrwboilers This is very strange. I restarted the minion on just one minion. Now it works. Not just on the minion I restarted, but on another as well
18:55 tvinson teatime: trying the former now
18:57 tvinson teatime: but it's still getting split up the same way. hmm.
19:00 mavhq joined #salt
19:00 mrwboilers Figured it out. The minion did restart on all of the minions in question
19:01 mrwboilers So in order for ext_pillar targeting to work, the minion needs to be restarted first.
19:02 tvinson teatime: i was peeking at this https://github.com/saltstack/salt-winrepo/blob/master/chocolatey.sls as it seems to be addressing a similar problem but that didn't get me anything either.
19:02 teatime tvinson: did it stick [] into the string?
19:02 spiette joined #salt
19:02 tvinson teatime: no, it was split up exactly the same. it definitely had the updated state too (it shows up in winrepo.genrepo)
19:02 kevinqui1nyo mrwboilers: did you sync your ext_pillar to the minions?
19:02 teatime tvinson: it looks like before it does shlex_split (which is smart enough to pass through a list unchanged), it does a string format that would flatten the list :(
19:02 teatime but if thatw as the issue, you'd see [] in the string, so..
19:03 kevinqui1nyo probably when you restarted the minion it syncs
19:03 kevinqui1nyo salt \* saltutil.sync_all
19:03 kevinqui1nyo salt.modules.saltutil.refresh_pillar  <- might need that too
19:04 spiette joined #salt
19:04 ry joined #salt
19:04 Nazca__ joined #salt
19:05 mrwboilers kevinqui1nyo: I ran saltutil.refresh_pillar and state.highstate on the minions I was testing with.
19:06 mrwboilers But they didn't respond to pillar targeting until after the minions were restarted.
19:06 kevinqui1nyo weird
19:06 kevinqui1nyo good to know
19:07 mrwboilers Master and minions are all on 2015-8.3
19:08 teatime tvinson: I think I have an answer though
19:12 teatime tvinson: install_flags: '"/v\" /qn /norestart\""'
19:12 brianfeister joined #salt
19:13 teatime hrm... that probably won't work either, 'cause something more is happening here than I can find... but worth a shot.
19:13 nidr0x joined #salt
19:13 jab416171 I'm installing snmpd on cent7 via salt, what's the best way to make sure the port is also open in firewalld?
19:15 Nazzy joined #salt
19:15 _JZ_ joined #salt
19:16 Eugene Probably the firewalld state
19:17 jab416171 Eugene, I was looking for an example, but it seems to me like when you use the firewalld state, it makes sure that firewalld is in that state, replacing the entire config with what's in the state.
19:18 Eugene Yah, that's my experience with it as well. I haven't gotten warmed-up to firewalld yet, too much wheel-reinventing
19:18 GreatSnoopy joined #salt
19:19 jab416171 so what are you doing to handle it?
19:19 Eugene I uninstalled it completely and went with Ye Olde /etc/sysconfig/iptables
19:19 hightekvagabond joined #salt
19:19 Eugene It's not a salted solution, which I dislike
19:19 jab416171 you can manage iptables with salt
19:19 jab416171 or does it have the same problem?
19:20 Eugene There's an iptables.append that's handy, but I haven't (yet) incorporated it into my services stuff
19:21 Eugene "It is expected that this state module, and other system-specific firewall states, may at some point be deprecated in favor of a more generic firewall state."
19:22 Eugene If I were to incorporate iptables stuff into my Salt state tree, I would use states.iptables
19:22 teatime I'm not a fan of states.iptables
19:22 Eugene But expect to rewrite it when the "proper" module is written
19:22 teatime currently I prefer to manage /etc/iptables/rules.{ipv4,ipv6} instead
19:23 teatime but only because I don't want to use firewalld; if I was already using firewalld, I'd use the firewalld state.
19:23 teatime you should manage the whole ruleset anyway.
19:23 mavhq joined #salt
19:24 metalseargolid joined #salt
19:24 Eugene Ya; that's my same problem: currently doing it manually, and would need to re-implement it all in salt
19:24 teatime jab416171 / Eugene :  My problem with states.iptables is it tries to actually manage the in-kernel list of rules.  I would much prefer to manage a file in iptables-save format, that is loaded on boot, and get loaded by states if they change the file.
19:26 teatime Eugene: I don't see the problem :)
19:26 Eugene "Effort"
19:27 baweaver joined #salt
19:29 ALLmight_ joined #salt
19:30 AndreasLutro I've long wanted to implement an iptables.managed state
19:30 AndreasLutro but it would be a lot of work I thikn
19:30 AndreasLutro think*
19:30 jschoolcraft joined #salt
19:31 mavhq joined #salt
19:34 josuebrunel joined #salt
19:39 ALLmightySPIFF joined #salt
19:40 polyidus joined #salt
19:41 tvinson teatime: i was able to find a bug on the winrepo issue https://github.com/saltstack/salt/issues/26114 thanks for all your help.
19:41 saltstackbot [#26114]title: salt winrepo with jinja 'parses' differently - how to overcome? | @UtahDave @jfindlay I have the following new winrepo sls file with jinja and just can't get the proper quoting, to get the right output, can one of you help me out with this, sorry if this is a really simple jinja and quoting related issue....
19:42 rburkholder joined #salt
19:42 teatime tvinson: did you try my last suggestion?
19:42 baweaver joined #salt
19:43 tvinson tvinson: yeah i did. the backslashes just got escaped with extra backslashes though :p
19:43 teatime wth...
19:43 tvinson i am talking to me. hello me.
19:43 tvinson teatime: yeah it's pretty insistent.
19:45 teatime oh, heh, I was reading the code for develop branch
19:45 teatime that cuold explain the difference between behavior I expect vs. what you see :)
19:48 beardedeagle I have noticed the extra slashes in the event system too
19:49 beardedeagle trying to add AD users and it wasnt working, figured out that salt was adding extra slashes
19:49 beardedeagle jinja replace to the rescue
19:49 beardedeagle 'nova meta {{ state_data.host }} set login_users={{ state_data.users | replace("\\\\", "\\") }} sudo_users={{ state_data.users | replace("\\\\", "\\") }}'
19:56 mavhq joined #salt
20:00 ecdhe beardedeagle, great nic!
20:00 ecdhe I almost typed "breaded eagle" which would also be epic.
20:00 beardedeagle lol thanks
20:00 beardedeagle nickname I earned at work
20:00 beardedeagle giant beard, pissed off look.
20:00 baweaver joined #salt
20:01 mapu joined #salt
20:01 antpa joined #salt
20:03 quix joined #salt
20:04 uictamale Hey all, anyone know of a 'thing' that updates your salt-masters' firewall (ala IPtables) automatically based on all the minions' external IPs?  Basically keeping the ports 4505 and 4506 accessible only to those IPs.
20:04 jab416171 oh wow, that's interesting uictamale
20:05 uictamale yah and required in my case ha
20:05 uictamale if I can't do it with iptables I'll have to do it with the cloud providers' tooling
20:05 uictamale just wanted to know if this has already been done before I venture on a long and lonely road
20:05 ecdhe uictamale, how would you know what the list of minions is if you haven't opened the ports for them yet?
20:05 jab416171 haha
20:06 uictamale well, in the cloud world you get that info back from the libcloud call
20:06 dmaiocchi joined #salt
20:06 uictamale probably only possible there I suppose
20:06 baweaver joined #salt
20:06 jab416171 uictamale, what if, when you spin up a VM, you make a call via salt api that adds the rules?
20:06 jab416171 assuming you have the IP by then.
20:06 uictamale yah that's exactly what I'm thinking of
20:07 uictamale but I don't know anything about salt yet haha
20:07 uictamale so it has an api eh? :)
20:07 jab416171 it does.
20:07 jab416171 cherrypy
20:07 uictamale https://salt-api.readthedocs.org/en/latest/ ?
20:08 jab416171 https://docs.saltstack.com/en/latest/ref/cli/salt-api.html
20:08 uictamale oh you must mean this https://docs.saltstack.com/en/latest/ref/netapi/all/salt.netapi.rest_cherrypy.html
20:08 murrdoc The salt-api project https://github.com/saltstack/salt/pull/13554 into the main Salt repository as of Salt's Helium release.
20:08 saltstackbot [#13554]title: salt-api merge! |
20:08 murrdoc or
20:08 murrdoc https://docs.saltstack.com/en/latest/ref/netapi/all/
20:09 jab416171 there we go
20:09 uictamale oof quite a few things to look at - where to start?
20:09 uictamale ideally it'd be a sort of 'post-launch hook' ?
20:09 jab416171 uictamale, https://docs.saltstack.com/en/latest/topics/tutorials/walkthrough.html
20:09 uictamale er, I'm already up and running with a couple test instances
20:10 uictamale but I manually opened my ports
20:10 uictamale all with the salt-cloud gce provisioner
20:10 uictamale I suppose I shouldn't have said 'nothing' up there :)
20:12 uictamale sounds like I should take advantage of the "reactor system" https://docs.saltstack.com/en/latest/topics/reactor/
20:12 spiette joined #salt
20:14 bfrog joined #salt
20:15 polyidus joined #salt
20:20 simonmcc joined #salt
20:24 kevinqui1nyo can i run salt module functions from within a runner?
20:25 okie_dokie joined #salt
20:25 okie_dokie hello!
20:26 okie_dokie can anyone offer some help on top files... cant really find an answer out on the internet
20:27 kevinqui1nyo what's your question
20:27 mpanetta well, then you probably won't find one here either, since this is the internet too :P
20:28 izibi is it possible to restrict which nodes can access some specific mine data?
20:28 okie_dokie well salt can make you witty
20:28 okie_dokie good to know
20:28 okie_dokie should be a medical journal article on that
20:28 okie_dokie :)
20:30 okie_dokie I have a master setup with gitfs_remote to pull all the sls scripts. Now i want to get a top file setup. but based on what i see the top.sls need to be in the file_roots:  . Is that correct? If so how do i now have a top.sls point to the git sls files. Or how can i have a top.sls in the git_remote be read?
20:31 okie_dokie its the end of the day... i confuse easily at this point  :(
20:31 AndreasLutro just put the top.sls in your gitfs remote
20:32 okie_dokie so i could basically turn off file_roots:
20:32 AndreasLutro but be aware that top.sls from all git branches will be merged because each branch counts as their own salt environment. look into gitfs white/blacklists for that
20:33 AndreasLutro what file_roots is doesn'tm atter as long as fileserver_backends doesn't include "roots"
20:33 bhosmer_ joined #salt
20:36 polyidus joined #salt
20:37 cliluw joined #salt
20:38 jaybocc2 joined #salt
20:42 okie_dokie @andreaslutro so right now my salt git repo has no branches but, if i did want multiple enviroments like dev,test,and prod i would need to create branches and then make sure the white list so i dont get random branches that might have a file named top.sls in it
20:43 beardedeagle hrm...What would be the best way to do a file.replace where he repl would need to be grabbed from a file since it is dynamically generated?
20:44 aboe joined #salt
20:45 bhosmer joined #salt
20:48 okie_dokie i appreciate the witty and responsive help y'all!
20:48 okie_dokie have a nice night
20:53 spankalish joined #salt
20:58 ALLmightySPIFF joined #salt
20:59 spankalish Hi, what would be the easiest way to find out the minion you are connected to and use that minions name to disable it on a haproxy server? Like echo "disable server here/minion1" | sudo socat stdio /var/lib/haproxy/stats
20:59 shiriru joined #salt
20:59 spankalish But I want to use a variable to place in minon1
20:59 slav0nic joined #salt
21:00 uictamale sounds like a job for consul to me
21:00 spankalish So it changes each time it is run
21:01 brianfeister joined #salt
21:02 spankalish You talking to me uictamale?
21:02 rhodgin joined #salt
21:06 shiriru joined #salt
21:06 flowstate joined #salt
21:07 vpm joined #salt
21:07 linjan_ joined #salt
21:09 felskrone joined #salt
21:09 stanchan joined #salt
21:09 shiriru joined #salt
21:10 subsignal joined #salt
21:11 uictamale I was, yes
21:14 teatime I think there might be an {{ id }} variable in jinja context
21:14 shiriru joined #salt
21:16 nicksloan joined #salt
21:17 ageorgop joined #salt
21:17 beardedeagle I guess I could cmd.run set environment variable to the value of the command that needs to be ran
21:17 beardedeagle might work
21:17 kevinqui1nyo is there an example of using salt's log module so that i can log arbitrary variables to the master log for troubleshooting/debugging?
21:18 onlyanegg joined #salt
21:19 kevinqui1nyo beardedeagle: if the file is on the minion that you need to grab the dymanic repl string from, it might be easiest just to write a stateful bash script or something
21:19 kevinqui1nyo more readable most likely
21:20 beardedeagle yeah. trying to stay away from cmd.script if at all possible, but might not be able to with this one
21:20 spankalish Ok well salt works runs it's configurations in a serial way. So it only updates one minion at a time. What I want is for a load balancer to place the minion into a down state while it is being updated, but I need a way to find the minion id when I am connected to it
21:23 joe_n joined #salt
21:24 flowstate joined #salt
21:25 brianfeister joined #salt
21:25 shiriru joined #salt
21:25 Rumbles joined #salt
21:27 timoguin joined #salt
21:27 beardedeagle @kevinqui1nyo: I forgot about this little gem {{ salt.cmd.run('whoami') }}
21:28 edrocks joined #salt
21:29 polyidus joined #salt
21:30 shiriru joined #salt
21:32 quasiben1 joined #salt
21:32 timoguin joined #salt
21:33 linovia Something isn't clear to me about returners. Is the call to the service made from the master or from the minion ?
21:34 tcolvin_ joined #salt
21:34 baweaver joined #salt
21:35 rogst joined #salt
21:35 onlyanegg joined #salt
21:35 abele joined #salt
21:36 czchen joined #salt
21:36 KingJ joined #salt
21:37 shiriru joined #salt
21:39 ThomasJ joined #salt
21:45 AndreasLutro linovia: minion, unless it's an event returner
21:45 linovia AndreasLutro: thanks
21:46 mpanetta joined #salt
21:51 mpanetta joined #salt
21:57 danemacmillan joined #salt
21:58 brianfeister joined #salt
22:00 edrocks joined #salt
22:00 ageorgop joined #salt
22:00 mapu joined #salt
22:00 gnord joined #salt
22:00 iggy joined #salt
22:00 phx joined #salt
22:00 frew joined #salt
22:00 Gareth joined #salt
22:00 NaPs joined #salt
22:00 Guest3969 joined #salt
22:01 ajw0100 joined #salt
22:02 edrocks joined #salt
22:03 ronnix joined #salt
22:05 abele joined #salt
22:14 pcn If salt cloud fails to bootstrap a new minion, but it exists and is running, is there a way to tell salt-cloud to try the bootstrap again via ssh?
22:17 eykd joined #salt
22:18 eykd Is anyone using salt.renderers.gpg? I’ve followed the instructions at https://docs.saltstack.com/en/latest/ref/renderers/all/salt.renderers.gpg.html but I’m not seeing my encrypted pillar data when using pillar.get.
22:22 aqua^c_ joined #salt
22:25 beardedeagle @pcn: saltify provider
22:28 aqua^c joined #salt
22:29 pcn Interesting.  Thanks (in absentia).
22:29 pcn I went with destroy, re-create for now. let's see if that fixes anything
22:29 mavhq joined #salt
22:31 timoguin joined #salt
22:36 polyidus joined #salt
22:41 zenlot6 joined #salt
22:41 ajw0100 joined #salt
22:41 akhter joined #salt
22:45 edrocks joined #salt
22:52 mowntan joined #salt
22:56 mavhq joined #salt
23:02 flowstate joined #salt
23:02 rem5 joined #salt
23:02 Nazca__ joined #salt
23:03 oida joined #salt
23:04 polyidus joined #salt
23:13 baweaver joined #salt
23:13 ronnix joined #salt
23:17 Rumbles joined #salt
23:20 rhodgin joined #salt
23:20 justanotheruser joined #salt
23:38 nZac joined #salt
23:41 polyidus joined #salt
23:42 rem5 joined #salt
23:43 LostSoul Hello
23:43 LostSoul I was wondering is it possible to include files in init.sls in pillars like I can in states?
23:43 stanchan joined #salt
23:44 LostSoul for example: include: -.network ?
23:45 kliquori joined #salt
23:53 aqua^c joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary