Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2016-03-30

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:02 racooper joined #salt
00:14 viq joined #salt
00:18 mavhq joined #salt
00:19 kliquori joined #salt
00:37 teatime hemebond: I am not sure what he meant either, and am also curious
00:38 hemebond ahammond: If you want to do complex stuff like that Jinja probably isn't what you want to use.
00:38 teatime hemebond: two file.managed under the same ID using the typical syntax, would be invalid, yes, just because it's setting the same dict key to two values.
00:38 ahammond hemebond yeah, I'd love something better.
00:38 teatime but there are other syntaxes available; I can never remember what is and isn't valid.
00:38 ahammond however this is already imported into something like 12 formulae
00:38 hemebond ahammond: You can use different renderers.
00:39 morissette joined #salt
00:39 ahammond the code is in storage/map.jinja
00:39 ahammond and... {%- from 'storage/map.jinja' import storage with context %} is in a lot of code
00:39 ahammond if I change renderers, how does that work out?
00:39 hemebond Oh I see.
00:39 ahammond yeah.
00:39 teatime maybe if you have "myid:\n - file.managed:…" such that you have a list of dicts again, it would be valid.  assuming it is, you'd have to use name: on each one
00:40 teatime (but I don't think it actually works)
00:40 hemebond ahammond: Could you use http://jinja.pocoo.org/docs/dev/templates/#replace ?
00:41 hemebond Seems wrong to do it but if you're desperate and can't refactor...
00:41 teatime if that explained his comment though, it would be an example of the list-of-1element-dicts being handy, not inconvient.  perhaps he meant *not* using a list-of-1element-dicts is inconvenient, because you can't do that then.
00:41 hemebond Actually http://jinja.pocoo.org/docs/dev/templates/#truncate might be better than replace.
00:42 hoonetorg joined #salt
00:42 hemebond teatime: Inconvenient later on? Perhaps.
00:43 teatime I bet it would be easy to make salt accept the "file.managed:\n  foo: bar" syntax; wherever it is that it dies and says "<blah> is not a list", you could just do if (isinstance(dict)) { iterate dictionary, make list of dicts out of it }
00:44 teatime might conflict with other sytax though
00:44 teatime it would help me a lot if I *could* remember the various valid formats :)
00:46 ahammond we have a few storage servers in each of our colos. I'm trying to distribute load across them in a deterministic way. Though I'd do server_list[ server_id_number % count_of_servers ]
00:47 baweaver joined #salt
00:56 flowstate joined #salt
00:57 teatime hemebond: I think this is the doc I need to digest to fully understand the above issues:  https://docs.saltstack.com/en/develop/ref/states/highstate.html
01:01 hellertime joined #salt
01:02 cilkay Ryan_Lane: I've been reading with great interest the discussion above. We're using masterless minions. I chose Salt specifically because it looked sane and it offered this option. Our customers do not give us remote access to their servers and that's fine with us.
01:03 Ryan_Lane yeah, it works quite well.
01:03 Ryan_Lane I've had various bugs, but saltstackinc is really responsive with fixes and accepting patches
01:03 cilkay The one thing that I haven't been able to figure out how to do so far is to inject my own progress messages that I can push out via a websocket to a web page.
01:03 ahammond hemebond yeah replace looks like it'll work for me.
01:04 cilkay Every time I think I've found a solution in the docs, it requires a master.
01:04 Ryan_Lane cilkay: I'm not sure you can
01:04 Ryan_Lane you can write a formatter, but I think it only gets everything at the end
01:04 Ryan_Lane you'd probably need to hook into the state system
01:05 Ryan_Lane I wouldn't be surprised if there's some way of doing this, but I haven't looked very hard :)
01:06 cilkay I have a shell script that wraps salt-call --local state.sls salstack.init; salt-call --local state.highstate and put that shell script in crontab to be executed @reboot and at 0410 daily.
01:07 kliquori joined #salt
01:07 cilkay That shell script gave me the idea of wrapping the various states that comprise highstate and injecting a message into Redis, which I then capture and send out via a websocket.
01:07 cilkay I have the injection part working. The "send out via a websocket" is what I'm working on right now.
01:08 digitalhero joined #salt
01:08 Shirkdog joined #salt
01:10 hellertime joined #salt
01:11 cilkay The shell script looks something like: redis-cli set theMessage "Configuring API Server."; salt-call --local state.sls api-server.init; redis-cli set theMessage "Configuring nGinx." ; salt-call --local state.sls nginx.init
01:12 cilkay At any state where I want to see a progress message displayed on the web page, I just set theMessage as whatever makes sense for the upcoming state.
01:15 cilkay Ryan_Lane: When this is in the stable release, it will help in masterless configurations. https://github.com/saltstack/salt/issues/15265
01:15 saltstackbot [#15265]title: Bring reactor system to minions | Right now reactors are a master-only feature, but it would be really nice to be able to react locally to events, especially if not using a master. For instance, it would be really awesome to react to udev events or to etcd events.
01:29 hemebond teatime: I guess it's so that the module function can just use args.
01:29 wych joined #salt
01:29 hemebond If you pass a list of tuples then the function just has to unpack args.
01:31 snc| joined #salt
01:31 etw joined #salt
01:31 teatime hemebond: I thought that for a second also but don't think it's the case.
01:31 gtmanfred joined #salt
01:32 teatime hemebond: it's not a list of tuples, it's a list of dicts.  and a single multi-key dict can be unpacked by **kwargs
01:32 teatime I probably misunderstand though.
01:32 hemebond Sorry, yes, list of dicts.
01:32 hemebond Yeah.
01:33 rome_390 joined #salt
01:33 teatime it does seem like it's probably historical, one way or another.  so far I can't find a reason for it.  haven't looked hard though.
01:34 TomJepp joined #salt
01:39 llua left #salt
01:39 llua joined #salt
01:40 ageorgop joined #salt
01:47 ilbot3 joined #salt
01:47 Topic for #salt is now Welcome to #salt! | Latest Version: 2015.8.8 | SaltConf16: http://saltconf.com/register/ | Paid support available: https://www.saltstack.com/support/ | Logs: http://irclog.perlgeek.de/salt/ | Paste: https://gist.github.com/ (please don't multiline paste into channel) | See also: #salt-devel, #salt-offtopic | Ask with patience as we are volunteers and may not have immediate answers
01:53 cheus joined #salt
01:55 rem5 joined #salt
01:58 beardedeagle joined #salt
02:05 rem5 joined #salt
02:06 mavhq joined #salt
02:07 kliquori joined #salt
02:09 ageorgop joined #salt
02:11 aqua^c joined #salt
02:12 teatime joined #salt
02:13 VR-Jack2 joined #salt
02:27 ageorgop joined #salt
02:41 childc2 joined #salt
02:42 childc2 Hello, is there a good way to keep salt from trying to start a service every time it runs if there isn't a config file to watch?
02:42 hemebond childc2: Salt won't do anything to a service unless you tell it to.
02:42 hemebond Usually with service.running or similar.
02:43 teatime ^^ that will only start the service if it isn't running
02:43 evle joined #salt
02:43 teatime which service, you may be running into something I have before
02:43 childc2 hemebond: I have "service.running: []" set under the vixie-cron package and the open vmware tools package, but it tries to start each of them during every run
02:44 childc2 both services are up and running if I log in and check manually
02:44 hemebond So the service is already running and salt is trying to start them?
02:44 teatime childc2: what OS
02:44 childc2 and vCenter is reporting that it detects the vmware tools package, so it's definitely talking
02:44 ITChap joined #salt
02:44 childc2 Gentoo w/ OpenRC
02:44 teatime is the correct service provider being used
02:45 childc2 teatime: what do you mean?
02:45 teatime the state.service module has different providers for different init systems.
02:45 teatime I don't think there's on openrc one, not sure.
02:45 childc2 oh, it must be
02:45 teatime it may be asking for service status in a way that doesn't work on your system
02:45 childc2 it detects the running state just fine for everything else
02:46 childc2 for example, it's not trying to restart syslog
02:46 teatime e.g., on my debian systems it uses systemd provider, but some packages only provide sysvinit init scripts, so for those systemd doesn't know how to check if running, so I see the 'always tries to start' behavior unless I override the provider for those services to sysvinit
02:47 childc2 is there a state I can query for a list of running services according to salt?
02:48 hemebond Just to check? You can use an execution module to check it.
02:48 teatime I don't think so, it doesn't make a list of them
02:48 teatime it just does the 'service blah status' equivalent appropriate to the provider/init system, for each one it needs to know about
02:49 childc2 so under openRC that's rc-status
02:49 Muchoz joined #salt
02:49 childc2 and it will list started/stopped/crashed for each init service
02:49 childc2 which, salt does get syslog, autofs, ntpd, sshd and nslcd right every time
02:50 childc2 the only thing I can think of that makes these two states different is that there isn't a config file to watch specified under the service.running section
02:50 hemebond childc2: salt 'minion' service.get_all
02:50 hemebond Does that show your services?
02:51 teatime https://docs.saltstack.com/en/latest/ref/states/providers.html#provider-service
02:51 childc2 looks like it does have the module for openrc
02:52 childc2 hemebond: yup, they're both listed
02:52 teatime I have a suspicion it doesn't know how to use rc-status, or doesn't know how to auto-detect it should use rc-staus on gentoo, and is falling back to something else, and the something else doesn't work for checking status of some of your services.
02:52 teatime oh, yeah, I guess it does have a gentoo_service.
02:52 hemebond childc2: salt 'minion' service.status myservice
02:52 teatime it says sysvinit under gentoo_service though, not openrc
02:53 k_sze[work] Does the salt master keep metadata about minion keys?
02:53 k_sze[work] e.g. when the key was added.
02:53 hemebond k_sze[work]: Won't the create time show that?
02:53 hemebond Of the file itself.
02:54 childc2 hemebond: figured it out
02:54 childc2 teatime: ^
02:54 k_sze[work] hemebond: where would that file be?
02:54 childc2 so, what is happening is vmware-tools is the name of the package / init script
02:55 childc2 but the proc you'd find in memory is vmtoolsd
02:55 childc2 needed to set the name flag under the service
02:55 hemebond k_sze[work]:  /etc/salt/pki/master/minions/
02:55 childc2 those packages apparently just have slightly goofy runtime names
02:55 k_sze[work] hemebond: thanks.
02:56 teatime yes that's so weird... it's normal for service and process names to not match... I was looking at the gentoo_provider code, and the status() function *only* knows how to look up pids/processes
02:57 teatime it doesn't do anything like 'service vmware-tools status'
02:57 hasues joined #salt
02:57 teatime like, gentoo_service.status() just calls status.pid()
02:57 childc2 teatime: the status command does just return a pid
02:57 teatime I don't get that.
02:58 childc2 so that does sound right
02:58 teatime childc2: but it *takes* a service name.
02:58 teatime not a process name.
02:58 teatime right?
02:58 childc2 service.status was coming back false with the service name and returning a pid with the process name
02:58 teatime status.pid() looks up processes by name, if that isn't clear
02:59 teatime childc2: nevermind, you're missing what I'm saying and it isn't important anyway
02:59 childc2 I think we're saying vaguely the same thing
03:00 teatime childc2: unless the status command is unable to accept service names and only accepts process names, then IMO the salt behavior is incorrect.
03:00 childc2 yeah, I think it would definitely be an improvement, but I'll take it if that gets it working for now
03:00 teatime childc2: it's called service.status not process.status, after all.
03:09 sagerdearia joined #salt
03:17 rem5 joined #salt
03:20 childc2 teatime: found the proper workaround (name actually errors out when it tries to start the service). You have to set "- sig: vmtoold" under the service (for vmware-tools obviously)
03:22 hightekvagabond joined #salt
03:22 teatime I still consider this a gentoo_service bug if the status command is able to get service status w/o being told process name.
03:23 childc2 oh, I agree, it should have a more robust status() call
03:24 childc2 but this makes everything turn green in the here and now, so I'll take it
03:24 favadi joined #salt
03:26 iggy use sig?
03:27 iggy oh, you got that already
03:27 * iggy promises to read backlog harder or not at all next time
03:28 teatime iggy: the service providers in-general don't work this way, right?
03:29 iggy sig is for broken init scripts (and apparently init systems) if that's what you're asking
03:29 teatime iggy: gentoo_service doesn't even try to run a status command, it just passes the service name (or sig if provided) to status.pid()
03:30 iggy sounds like a bug, but it's been so long since I've messed with Gentoo, that I wouldn't want to go on record
03:30 teatime iggy: that's what I said, w/ th eprovisio that I'm assuming gentoo *has* a suitable status command.
03:31 childc2 rc-status does the job normally, there's probably a few flags to make it easier to parse
03:35 flowstate joined #salt
03:36 iggy on most systems I think it checks the return code
03:36 iggy I don't think it parses the output
03:37 mavhq joined #salt
03:42 mowntan joined #salt
03:46 ageorgop joined #salt
03:46 onlyanegg joined #salt
03:47 cpowell joined #salt
03:48 devops joined #salt
03:55 kliquori joined #salt
04:10 beardedeagle has anyone ever tried storing json from a curl request in a jinja var?
04:12 MeltedLux joined #salt
04:20 zer0def joined #salt
04:35 digitalhero joined #salt
04:37 punkoivan joined #salt
04:38 childc2 left #salt
04:38 josuebrunel joined #salt
04:39 punkoivan joined #salt
04:41 punkoivan joined #salt
04:42 punkoivan joined #salt
04:45 punkoivan joined #salt
04:45 beardedeagle so this won't work: https://gist.github.com/beardedeagle/a806e4dbf78cb9b17b80659a271e1184
04:46 hemebond beardedeagle: Sounds unpleasant.
04:46 beardedeagle because hostmetadata is a string. so does anyone know how to force it to a dict in jinja?
04:46 beardedeagle there is tojson but it doesnt work in statements
04:47 subsignal joined #salt
04:47 beardedeagle only in expressions as far as I can tell, and not sure how I could pull that off in this case
04:47 hemebond Use Python for an included state or pillar.
04:47 beardedeagle what do you mean?
04:47 hemebond Does it actually fetch the string?
04:48 beardedeagle it grabs the data yeah
04:48 hemebond But doesn't parse it.
04:48 beardedeagle nope because it is a string
04:48 punkoivan joined #salt
04:48 hemebond I'd be doing this with another renderer, btw.
04:49 hemebond What if you put it into another file.
04:49 hemebond Then import that other file.
04:49 beardedeagle yeah, I thought about just doing straight python
04:49 kshlm joined #salt
04:49 punkoivan joined #salt
04:50 beardedeagle but splitting it out might work
04:50 hemebond There is import_yaml but I can't find an import_json.
04:51 hemebond Oh, Salt has an import_json
04:51 hemebond So, "render" the json file in another file and then use import_json to import it.
04:52 beardedeagle huh, totally blew past that
04:52 beardedeagle good catch
04:54 flowstate joined #salt
04:59 beardedeagle @hemebond
04:59 beardedeagle actually
04:59 beardedeagle load_json is all I needed
04:59 beardedeagle pipe the cmd.run to it
05:00 hemebond Oh cool. I didn't realise it also worked as a filter.
05:00 anmol joined #salt
05:01 beardedeagle opens up quite a few new possibilities actually, now that I know about that.
05:01 beardedeagle thanks again
05:01 hemebond np
05:02 devops joined #salt
05:07 sauvin joined #salt
05:15 devops left #salt
05:21 mavhq joined #salt
05:41 catpig joined #salt
05:42 beardedeagle ugh, stupid AD user names and their forward slashes
05:43 writtenoff joined #salt
05:44 darxmurf hi all
05:48 cpowell joined #salt
05:49 favadi joined #salt
05:51 subsignal joined #salt
05:52 beardedeagle that is so freaking wierd. salt is only adding extra slashes to a single user
05:55 flowstate joined #salt
05:56 kliquori joined #salt
05:57 packeteer ctually be seend
05:57 packeteer what the?
05:59 mavhq joined #salt
06:03 jagguli joined #salt
06:05 anmolb joined #salt
06:05 cyborg-one joined #salt
06:10 salty joined #salt
06:11 salty Hey guys, in a sls file. how do i spesify a directroy instead of a file? (instead of file.managed i want to get full directory when configuring nginx)
06:12 hemebond salty: https://docs.saltstack.com/en/latest/ref/states/all/salt.states.file.html#salt.states.file.recurse
06:14 impi joined #salt
06:14 salty Thanks
06:15 rdas joined #salt
06:31 opdude_ joined #salt
06:32 kawa2014 joined #salt
06:32 slav0nic joined #salt
06:38 mavhq joined #salt
06:41 aw110f joined #salt
06:42 kliquori joined #salt
06:44 aw110f_ joined #salt
06:54 mephx joined #salt
06:55 flowstate joined #salt
07:00 sab3r Has anyone here used file.line?? I don't know if Im doing something wrong with the syntax since the documentation is a bit wierd.  Heres that excerpt from my state file: http://hastebin.com/raw/upalimetac
07:08 haam3r joined #salt
07:12 felskrone joined #salt
07:12 fracklen joined #salt
07:13 fracklen joined #salt
07:14 babilen sab3r: You don't seem to be setting content
07:15 babilen Ah, yes you are .. what's the problem
07:15 babilen salty: Are you aware of https://github.com/saltstack-formulas/nginx-formula/ ?
07:17 josue joined #salt
07:18 sab3r babilen: sorry I forgot to post the error message: http://hastebin.com/raw/izeqafujas
07:21 babilen sab3r: So, how often does "export PATH" occur in the file?
07:23 beardedeagle holy crap, have you ever wached the output for a runner.cloud.destroy? stack traces for days
07:24 Salty_ joined #salt
07:25 Salty_ Hey guys, I need some help with my webserver.sls file, doesn't seem like the function file.recurse is working
07:26 Salty_ What i need to do is copy the entire nginx folder and subfolders to the new minions.
07:26 babilen Salty_: Why is that? And are you aware of https://github.com/saltstack-formulas/nginx-formula/ ?
07:26 favadi joined #salt
07:27 Ron11 joined #salt
07:27 Salty_ according to that i should be using file.directory instead of file.recurse
07:27 Salty_ my current settings are:
07:27 Salty_ /etc/nginx:
07:27 Salty_ file.recurse:
07:27 Idopra joined #salt
07:27 Salty_ source: salt://nginx
07:28 Salty_ if i use file.managed and salt://nginx/nginx.conf it works
07:28 Salty_ but i want it for the whole folder instead of chosing files 1 by 1
07:28 onlyanegg joined #salt
07:29 babilen Salty_: So, what's the content of file_roots/nginx ? What happens if you run your state? What is the name of that state and where do you keep that? Would the nginx-formula be helpful?
07:29 Ron11 HI,
07:30 Ron11 When I run this command : salt -G 'os:ubuntu' cmd.run 'ls /tmp'
07:30 Ron11 I get an old minion which don't show in the salt-key -L
07:30 Salty_ babilen, the content is a normal nginx pkg with modified and additional conf files. if i run my state it will install nginx without the modified files. state is webserver.sls and it works if i change the parameters to file.manage and chose files.
07:31 Ron11 is it salt cache problem?
07:32 babilen Salty_: Could you run "salt 'yourminion' cp.list_master" and paste the output to one of http://refheap.com, http://paste.debian.net, https://gist.github.com, http://sprunge.us, … ?
07:32 babilen Ron11: Did you refresh it?
07:32 Ron11 How can I refresh it?
07:32 Ron11 I reboot the master several times
07:33 babilen Ron11: Please run "salt-run cache.clear_all" and try again
07:35 babilen Ron11: Make that "salt-run cache.clear_all '*'"
07:35 babilen (or target the minion in question)
07:36 Ron11 salt-run cache.clear_all 'client2.como2'
07:36 Ron11 It's says true, but when I run the ls ./tmp it is shown
07:37 iggy the cache might be used for targetting, but the command is run at the time you tell it
07:37 iggy so the minion is up and connected to the master
07:37 Ron11 no
07:37 Ron11 this computer is not working power off
07:38 xurong joined #salt
07:38 iggy maybe try cmd.run hostname
07:38 iggy and grains.get id
07:38 babilen Ron11: So you get output from salt -G 'os:ubuntu' cmd.run 'ls /tmp' from a minion that is off?
07:38 iggy see if they differ
07:39 Salty_ babilen i see all the files including the additional in my nginx folder when i run that
07:39 Ron11 yes
07:39 Ron11 no output
07:39 Ron11 just the name is shown
07:40 babilen Salty_: So, run the state and paste the output of the cp.list_master and the state run to one of http://refheap.com, http://paste.debian.net, https://gist.github.com, http://sprunge.us, …
07:40 CustosLimen joined #salt
07:46 sab3r babilen: 'export PATH' comes 3 times but Im trying to match only the first time. It is also the only time there isn't anymore text after it
07:47 babilen sab3r: You need an expression that matches only once apparently
07:47 babilen How can the first out of three times not have any text after it?
07:48 teatime sab3r: whenever possible (which is like, very nearly always), only manage entire files.
07:48 * babilen would at least have expected two more "export PATH" after the first time (for it to be three in total)
07:48 impi joined #salt
07:49 msn joined #salt
07:50 Salty_ babilen , the cp.list_master is the same, a lot of my nginx files. the state - https://www.refheap.com/116536
07:50 cpowell joined #salt
07:50 babilen sab3r: As teatime rightfully recommends it might make a lot more sense to simply manage the entire file to ensure that it is in the state you want it. In a way you shouldn't rely on some state on the minion, but be able to specify it completely
07:50 Salty_ the nginx.conf is in the right place, i don't know why it doesn't see it
07:51 babilen Salty_: I don't see a file.recurse run there
07:51 Salty_ i changed it to file.directory to try.
07:52 Salty_ ill change it back and check again
07:52 punkoivan joined #salt
07:52 babilen Salty_: It would really help if you were to paste the state you are trying, the output of that state and, if possible, a *subset* of cp.list_master (in particular everything that is in nginx) -- That way we can see what is going wrong.
07:52 babilen Salty_: And https://github.com/saltstack-formulas/nginx-formula/ wasn't deemed helpful?
07:52 dmaiocchi joined #salt
07:53 sab3r babilen: okay, I just thought that since that file exists only after logstash is installed from a repo I'd need to edit it afterwards. And I want to add my line: "export JAVA_HOME=/usr/lib/java" to somewhere in the beginning of the file because I need that variable
07:53 punkoivan joined #salt
07:53 sab3r but maybe I'll just copy that file to my formula
07:54 babilen sab3r: https://github.com/saltstack-formulas/logstash-formula might be worth a look (I don't use it and am not sure if it fits your needs)
07:54 msn i have created a packages.sls in pillar http://paste.debian.net/422689/ and i am including it in one of the state files http://paste.debian.net/422690/ but when i run salt-call state.highstate I get the following error  http://paste.debian.net/422691/
07:54 sab3r babilen: thats what Im using
07:54 subsignal joined #salt
07:54 babilen Ah, okay
07:54 sab3r but I still need to add that export to the init script
07:55 babilen Yeah, it doesn't seem to be managing the init script. Would it make sense to add that functionality to the formula or is your usecase simply too arcane to warrant that?
07:56 sab3r babilen: I guess it should be added to the formula, since this problem exists always if someone is using for example centos and wants to run logstash as daemon
07:57 babilen The formula already makes changes to the init script though (cf. https://github.com/saltstack-formulas/logstash-formula/blob/master/logstash/init.sls#L18). In a way I would have expected those settings in /etc/default/logstash.
07:57 sab3r I just thought that file.line would be the easiest way but I guess managing the whole file is better then :D.. I'm still very new to Salt and dont know that much
07:58 sab3r babilen: yeah but thats only a search and replace
07:58 sab3r I need to add a whole new line
07:59 babilen sab3r: It really boils down to: "What is the easiest way to do this that allows me to make similar changes in the future without effort?". Normally I find it cumbersome to specify "changes" in the "If ... then ..." way as they normally turn out to be brittle and prone to break. They are also normally harder to extend in the long run ..
07:59 ronnix joined #salt
07:59 babilen I mean you could get away with a "file.append" by the sound of it.
07:59 fracklen joined #salt
07:59 babilen Depends on the init script though ..
08:00 dariusjs joined #salt
08:00 sab3r babilen: but file.append just adds it to the end of the file and I need JAVA_HOME variable in that file already
08:00 lero joined #salt
08:00 babilen Right
08:03 woss joined #salt
08:03 ronnix joined #salt
08:10 linjan_ joined #salt
08:10 msn i have created a packages.sls in pillar http://paste.debian.net/422689/ and i am including it in one of the state files http://paste.debian.net/422690/ but when i run salt-call state.highstate I get the following error  http://paste.debian.net/422691/
08:15 babilen msn: "-pkgs: {{ salt['pillar.get']('packages:utils') }}
08:15 babilen - pkgs:
08:17 msn babilen: thanks
08:19 msn babilen: now i get [CRITICAL] Rendering SLS "base:system" failed: Unknown yaml render error; line 4
08:20 GreatSnoopy joined #salt
08:20 msn exact error http://paste.debian.net/422697/
08:21 babilen pkgs seems to be missing
08:24 fracklen joined #salt
08:38 slav0nic joined #salt
08:41 OsakaFoo joined #salt
08:43 s_kunk joined #salt
08:44 kliquori joined #salt
08:50 epcim joined #salt
08:50 fredvd joined #salt
08:54 flowstate joined #salt
08:57 invalidexception joined #salt
08:58 josue joined #salt
08:59 josue joined #salt
09:02 cliffstah joined #salt
09:18 Ron11 joined #salt
09:18 Ron11 HI, My computer disconnected.
09:20 Ron11 I clone a minion, and now when I run salt-key -L, I get the original as accepted and the new is Unaccepted. how can I delete only the unaccapted?
09:20 Ron11 What can I do to avoid it?
09:25 dijit change the name of the minion in /etc/salt/minion before starting the machine.
09:25 dijit (it also reads hostname if that's not set)
09:30 kliquori joined #salt
09:31 impi joined #salt
09:37 writtenoff joined #salt
09:40 fracklen joined #salt
09:45 zer0def joined #salt
09:46 MadHatter42 joined #salt
09:47 fracklen joined #salt
09:49 impi joined #salt
09:51 cpowell joined #salt
09:54 Ron11 thank dijit
09:54 N-Mi joined #salt
09:54 N-Mi joined #salt
09:54 Ron11 I don't understand I can't see the hostname in
09:54 dijit in what?
09:54 dijit the salt-key?
09:54 Ron11 no in  /etc/salt/minion
09:54 dijit the name it uses for the key is derived from the hostname by default.
09:55 dijit but you can set a minion name.
09:55 Ron11 oh
09:55 dijit in /etc/salt/minion
09:55 Ron11 I see thank you
09:55 Ron11 I will try it
09:55 dijit np
09:55 subsignal joined #salt
09:56 Ron11 Do I need in there to set the name exectly like in the salt-key -L
09:56 Ron11 with fqdn?
09:56 Ron11 or just hostname?
09:56 dijit eh? no, choose whatever you want.
09:56 flowstate joined #salt
09:56 dijit it's just the key name, and also what will be matched by top.sls
09:57 Ron11 oh
09:57 dijit so, whatever you choose will be sent as a key name to the master (output of salt-key -L)
09:57 dijit the "name of the machine
09:57 dijit so to speak.
09:57 Ron11 yes
09:58 Ron11 Where in the /etc/salt/minion
09:58 Ron11 I need to change it?
09:58 Ron11 What's the category name?
10:00 Ron11 dijit?
10:01 Ron11 id?
10:02 teatime you can just use /etc/salt/minion_id
10:03 teatime it's a one-line file that contains only the minion_id
10:04 dijit https://docs.saltstack.com/en/latest/ref/configuration/minion.html#user
10:04 dijit also, what teatime said.
10:04 dijit and yes, id:
10:04 Ron11 I change it
10:04 Ron11 and restart the minion
10:04 Ron11 and restart the server
10:05 Ron11 and I get the same results
10:05 Ron11 restart the master
10:05 dumol joined #salt
10:07 msn I am trying to install nginx using apt, the package gets installed but there is a user.present which fails completely
10:07 Ron11 thank you
10:07 Ron11 it works
10:08 Ron11 changing etc/salt/minion_id
10:08 Ron11 Thank you very much
10:08 msn that's my nginx.sls http://paste.debian.net/422716/
10:12 punkoivan joined #salt
10:13 teatime msn: that user.present has no userid
10:14 punkoivan joined #salt
10:14 dumol hi guys! the upstream salt-repo rpm installs an unavailable repo… i get:
10:14 dumol https://repo.saltstack.com/yum/redhat/%24releasever/x86_64/latest/repodata/repomd.xml: [Errno 14] PYCURL ERROR 22 - "The requested URL returned error: 404 Not Found"
10:14 dumol in rhel6 only
10:15 teatime that "%24releasever" is a clue.
10:15 Ron11 It works but I see again the old computer
10:15 Ron11 as unaccepted
10:15 Ron11 the process i do is
10:16 Ron11 stop the minion
10:16 Ron11 change the hostname and fqdn
10:16 Ron11 and id
10:16 Ron11 remove the key file then start the minion
10:20 dumol teatime: the same baseurl line works in rhel5
10:20 dumol baseurl=https://repo.saltstack.com/yum/redhat/$releasever/$basearch/latest
10:21 elsmo joined #salt
10:23 teatime dumol: well it does not appear to be replacing the $releasever, regardless.
10:24 punkoivan left #salt
10:24 dumol ah, i see what you mean
10:25 teatime now, as to why, or who's fault it is, no clue :)
10:25 teatime but you can quick-fix it by replacing it with a 6
10:25 msn teatime: the user.present is under nginx
10:26 teatime so it is, my mistake.
10:27 dumol found another workaround, i fire yum as follows: yum --releasever=6
10:27 babilen msn: Is 982401567 a valid UID on your systemd?
10:27 babilen -d
10:27 babilen *grrr*
10:28 Ron11 I have another question, the first does not resolved.
10:28 Ron11 I install nagios agent via state.apply nagios.plugins,nagios.nrpe
10:28 Ron11 but in the client I can't see any plugin such as check_load
10:28 Ron11 etc
10:28 Ron11 what is wrong?
10:29 msn babilen: the id is fine it works when its imported over sssd, i want to make sure the user exists even when sssd doesn't work
10:30 msn and there are no uid/gid conflicts but 2 things, nginx user should be created on package install which is not happening
10:31 teatime that is a very large number for a uid
10:31 dumol teatime: in the end i used the version from grains to set up the yum repo for rhel as you suggested, thanks!
10:31 teatime what OS?
10:32 babilen Something Fedora-y I guess
10:33 babilen msn: And what is the actual error you get?
10:34 msn babilen: the user is not created but another state actually gives "Recursive requisit found", and i am guessing that's causing everything to stop from processing any futher
10:35 babilen Another state?
10:36 msn there is a haproxy sls which keeps giving that error
10:36 msn I think i should go back and figure what's causing that
10:36 babilen Mind sharing it (and all other involved states) and the complete error?
10:39 msn yup just a sec
10:39 msn http://paste.debian.net/422721/
10:40 amcorreia joined #salt
10:40 dumol interesting, rhel7 is fine too, as is rhel5, so only in rhel6 there's a problem with that $releasever var in the repo's baseurl
10:42 dgutu joined #salt
10:43 babilen msn: I don't see a recursive requisite
10:43 babilen (guess there are other states involved)
10:43 babilen bbl (lunch)
10:43 msn k
10:49 rbjorkli1 joined #salt
10:55 zer0def joined #salt
10:56 subsignal joined #salt
11:01 fracklen joined #salt
11:01 Nikos joined #salt
11:01 jwinters joined #salt
11:12 hellertime joined #salt
11:21 msn how do i change ownership of a directory recursively inside  a state
11:25 josuebrunel joined #salt
11:30 onlyanegg joined #salt
11:31 phila joined #salt
11:31 kliquori joined #salt
11:37 quasiben joined #salt
11:44 mephx joined #salt
11:47 _mel_ joined #salt
11:48 nyx_ joined #salt
11:48 rdas joined #salt
11:53 cpowell joined #salt
12:02 rem5 joined #salt
12:03 epcim joined #salt
12:06 bluenemo joined #salt
12:10 freeaks joined #salt
12:11 akhter joined #salt
12:16 zer0def joined #salt
12:19 kliquori joined #salt
12:22 punkoivan joined #salt
12:23 yuhlw_ joined #salt
12:23 punkoivan joined #salt
12:25 punkoivan joined #salt
12:25 punkoivan joined #salt
12:26 Vivek joined #salt
12:27 punkoivan joined #salt
12:27 DammitJim joined #salt
12:27 morissette joined #salt
12:28 punkoivan joined #salt
12:29 TooLmaN joined #salt
12:30 Soul_ joined #salt
12:30 punkoivan joined #salt
12:30 Soul_ Hey, how do i make my minions run a command (rpm -Uvh...) when connected to the master?
12:35 Soul_ how do i make my minions install php-fpm 5.6 instead of 5.4?
12:39 babilen How would you do that without salt?
12:43 numkem joined #salt
12:46 Soul_ i need to run command rpm -Uvh... and then install php
12:46 Soul_ i installed php using salt but its php-fpm 5.4 and i need 5.6
12:47 DammitJim anyone have any info on file.line ?
12:47 babilen Soul_: Yes, how would you install PHP 5.6 on your distribution manually?
12:48 Soul_ i would run rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
12:48 Soul_ and than ill install php56w
12:50 babilen You could do that with pkg.install with suitable sources: -- I would have expected "I configure repository FOOBAR and then install FOOPACKAGE" - which could be done with pkgrepo.managed, but I guess you could just install those packages
12:51 dumol left #salt
12:55 kliquori joined #salt
12:58 subsignal joined #salt
12:59 rem5 joined #salt
13:05 mavhq joined #salt
13:06 guerby joined #salt
13:06 rem5 joined #salt
13:07 FreeSpencer joined #salt
13:07 FreeSpencer joined #salt
13:08 edrocks joined #salt
13:10 mavhq joined #salt
13:13 aqua^c joined #salt
13:17 kbaikov joined #salt
13:18 dynamicudpate joined #salt
13:18 fracklen_ joined #salt
13:19 lempa joined #salt
13:19 SheetiS1 joined #salt
13:20 Edgan joined #salt
13:20 nidr0x joined #salt
13:20 fracklen_ joined #salt
13:20 joren joined #salt
13:20 pjs joined #salt
13:21 flowstate joined #salt
13:22 atmosx joined #salt
13:23 cpowell joined #salt
13:24 nZac joined #salt
13:26 ronnix joined #salt
13:26 cpowell joined #salt
13:28 rem5 joined #salt
13:29 evle1 joined #salt
13:31 subsignal joined #salt
13:31 onlyanegg joined #salt
13:32 mavhq joined #salt
13:33 subsignal joined #salt
13:33 babilen jfindlay: Where could one find 2015.8.8.2 ? It's not on https://github.com/saltstack/salt/releases (as it has not yet been tagged)
13:33 mavhq joined #salt
13:33 TyrfingMjolnir joined #salt
13:36 mavhq joined #salt
13:36 teatime DammitJim: avoid if possible by managing entire files.
13:37 babilen Similar topics over and over today :)
13:37 babilen Maybe just different nicks
13:37 teatime babilen: I am slowly building my faq-bot skillset.
13:38 babilen teatime: botsnack
13:38 teatime Yum!
13:38 teatime (I should have said, "Sorry babilen, no one has told me anything about 'botsnack'.")
13:38 mavhq joined #salt
13:39 babilen :D
13:40 deus_ex joined #salt
13:45 Ron11 joined #salt
13:46 ronnix joined #salt
13:47 rem5 joined #salt
13:51 mavhq joined #salt
13:53 Ron11 HI, I have a question
13:53 Ron11 Can I install minion without access to internet at all, just access to ssh?
13:54 mavhq joined #salt
13:56 mavhq joined #salt
13:56 babilen Ron11: You have to make the packages (and dependencies) available somehow, but sure.
13:56 jerredbell joined #salt
13:57 metalseargolid joined #salt
13:57 spankalish joined #salt
13:58 fracklen joined #salt
13:59 Ron11 How can I do it?
13:59 Ron11 Is there a package of offline?
13:59 spankalish Hi, I'm having trouble with a command I used to use to disable web servers on a load balancer. echo "disable server yourbackendname/yourservername" | socat stdio /var/lib/haproxy/stats
13:59 Ron11 thank you babilen
14:00 spankalish But it recently will only work with root privileges
14:01 spankalish I have the this line in the config file for the haproxy in global: stats socket /var/lib/haproxy/stats level admin
14:02 spankalish It never had to be given root privileges before
14:02 kliquori joined #salt
14:04 mavhq joined #salt
14:05 nZac joined #salt
14:06 shiin joined #salt
14:08 shiin Would it make more sense to install salt-master and salt-minion from the Debian repository or from pip?
14:09 hasues joined #salt
14:10 hasues left #salt
14:10 dijit depends on your environment.
14:10 dijit pip is notorious for being terrible to rollback from and updating shit you dont always want to update.
14:10 dijit but it almost always has the latest version of a thing.
14:11 dijit my servers are also hidden behind paranoid firewalls so I must use internal deb/rpm repositories, so for me repositories is the only way to make it work well.
14:12 sfxandy joined #salt
14:12 teatime shiin: I would say the official Salt deb repos, in the absence of some compelling reason to do otherwise.
14:12 sfxandy hi everybody
14:13 Ron11 babilen?
14:13 hightekvagabond joined #salt
14:14 sfxandy putting aside the question of "why would you want ot do that?", I was wondering if it was possible to return a Pillar structure via Salt mine?
14:15 teatime sfxandy: you can fetch mine data from pillars and states.  if you really wanted to you could query mine data in an ext_pillar.  (but why would you want to?  :)
14:15 rlatimore joined #salt
14:16 sfxandy teatime, I think you misunderstood.  I was wondering if I could use pillar.get as a mine function?
14:16 andrew_v joined #salt
14:16 teatime ah
14:16 teatime hrm... have you tried it?
14:17 sfxandy well am in the middle of trying but thought I'd throw the question out there...
14:17 spankalish Figured it
14:18 quix joined #salt
14:20 sfxandy the answer, teatime, is yes you can...
14:21 shiin My reason would be because I like to work with the latest version.
14:21 teatime shiin: the latest stable release is available from the salt repos.
14:22 teatime shiin: if you want newer than that, then the decision is easy, because development versions are not available from the repos.
14:22 ronnix joined #salt
14:22 teatime although I don't think they're in pip either; you'd use git, and pip for dependencies.
14:22 shiin Uh, no, latest stable is good.
14:23 shiin Then pip and apt repositories are synchronized?
14:23 teatime afaik.
14:25 spankalish joined #salt
14:25 Ron11 How can I install minion without access to internet at all, just access to ssh?
14:26 spankalish Hi, would there be any reason why a command will run on a minion, but when I try send it from the master to the minion it fails with a non zero output?
14:26 shiin On here http://debian.saltstack.com/debian/pool/main/s/salt/ I can find salt-master_2015.5.3
14:27 shiin My pip installed version is salt-master 2015.8.8 (Beryllium)
14:27 spankalish Command on minion: echo "enable server here/salt-minion1" | socat stdio /var/lib/haproxy/stats
14:27 spankalish Command on Master: sudo salt 'LB' local.cmd.run echo "enable server here/salt-minion1" | socat stdio /var/lib/haproxy/stats
14:28 shiin pypi source: https://pypi.python.org/pypi/salt
14:28 shiin so teatime, they are not synchronized
14:28 Brew joined #salt
14:29 mavhq joined #salt
14:29 gmoro joined #salt
14:30 salty joined #salt
14:32 hightekvagabond joined #salt
14:33 RobSpectre joined #salt
14:33 Ron11 Second question I get : Recurse failed: none of the specified sources were found when I installed "salt -G 'os:ubuntu'.apply nagios.nrpe,nagios.nrpe.plugin"
14:33 RobSpectre Hey gang - trying to upgrade salt-cloud to the v2 Digital Ocean driver.
14:34 RobSpectre Followed the instructions, but still getting "is not defined in the salt profiles loaded data."
14:34 teatime shiin: wrong repository
14:34 RobSpectre Is there something I need to do to get salt-cloud to reload its config?
14:34 teatime shiin: you want http://repo.saltstack.com/
14:35 shiin Oh. Well that explains a lot.
14:38 teatime yeah... I forget why it moved.
14:40 racooper joined #salt
14:41 RobSpectre nvm - figured it out.
14:41 RobSpectre My salt install is still on Lithium - seems like it is still straddling the driver/provider change.
14:50 berserk joined #salt
14:52 mavhq joined #salt
14:55 mavhq joined #salt
14:55 fracklen joined #salt
14:56 hellertime left #salt
14:59 frew joined #salt
14:59 mavhq joined #salt
15:01 rlatimore joined #salt
15:02 drawsmcgraw Anyone here using GitFS seeing fileserver.update taking a long time?
15:02 drawsmcgraw ~20-30 seconds for me.
15:02 knetter joined #salt
15:02 drawsmcgraw I'm sure it's the size of my repo or some other reasonable explanation. Just wondering if anyone else has seen the behavior.
15:03 XenophonF how big is your repo? that seems excessive for a git fetch
15:04 mavhq joined #salt
15:05 Muchoz joined #salt
15:05 flowstate erm, getting "State 'boto_secgroup.present' was not found in SLS 'mystate.sls'" despite the fact that boto is installed. What am I missing?
15:06 flowstate state looks like http://pastebin.com/788N36FP
15:06 flowstate and I'm executing it via salt-call --local state.apply
15:06 knetter Anyone know the best/preferred method for automagically starting the salt-minion upon boot with OS X?
15:08 AndreasLutro flowstate: try running "import boto.ec2" with the python interpreter on the minion?
15:08 AndreasLutro flowstate: maybe just check the minion logs fist
15:08 flowstate k
15:09 flowstate oh dur
15:09 AndreasLutro it should log the reason for module imports failing
15:09 flowstate I'm assuming /var/log/somthing
15:09 AndreasLutro yeah you'll find it
15:10 flowstate Reason: 'boto_secgroup' __virtual__ returned False
15:10 flowstate other than that,  just the same 'not found' message
15:10 flowstate and I can import boto.ec2 without issue
15:11 AndreasLutro aha, the reasons were only recently added
15:11 AndreasLutro ok just check the source: https://github.com/saltstack/salt/blob/2015.8/salt/modules/boto_secgroup.py#L72-L89
15:11 AndreasLutro gonna guess your version is too old
15:11 flowstate fair enough, tyvm
15:11 flowstate nah, it's 2015.8.8
15:11 flowstate but
15:11 AndreasLutro I mean the boto version
15:11 flowstate oh, derp
15:11 flowstate ahem
15:11 flowstate I totally knew that
15:12 drawsmcgraw XenophonF: About 16MB :/
15:12 flowstate general question: is that something that could eventually be added to the 'Reasons' system?
15:12 flowstate version conflicts, I mean
15:13 flowstate I'd love to contribute to salt somehow, this could be an easy in
15:13 flowstate and btw, you're right, I'm on version 2.39, salt wants 2.40
15:13 RobSpectre joined #salt
15:14 AndreasLutro no need - if you check the 2016.3 branch, a string explaining why __virtual__ fails has been added
15:14 AndreasLutro which will show up in the log when you upgrade to 2016.3
15:14 econnell joined #salt
15:15 flowstate ah, gotcha
15:15 ronnix joined #salt
15:15 flowstate wait, no, it's not a version thing. __virtual__ wants 2.4.0 and I'm on 2.39.0
15:18 AndreasLutro well it has to be one of the two: import fails or version fails
15:19 PeterO joined #salt
15:20 flowstate I just ran the exact __virtual__ code in my python shell, and it all passes. That would imply there's somehow a difference between the python that minion is executing and the one I'm using... maybe?
15:20 flowstate dunno how, no venv
15:21 mavhq joined #salt
15:21 AndreasLutro possible... try running the python shell as root instead of your own user
15:22 AndreasLutro or just restart the minion with log level debug and see if you get anything useful out of that
15:22 flowstate good call
15:23 berserk joined #salt
15:24 flowstate wow... "[DEBUG   ] Error loading module.boto_cloudwatch: The boto_cloudwatch module cannot be loaded: boto libraries are unavailable"
15:24 flowstate um.
15:24 berserk joined #salt
15:24 flowstate it's gotta be something about amazon linu
15:25 flowstate linux*
15:26 XenophonF drawsmcgraw: anything in the salt-master error logs? that's a small git repo
15:26 drawsmcgraw XenophonF: Nothing in the master logs... Let me try it with a -l debug and see what happens, now that I think about that
15:28 punkoivan joined #salt
15:28 XenophonF drawsmcgraw: might be worth your while to nuke the contents of /var/cache/salt/master/gitfs and restart the master
15:28 mike_ joined #salt
15:28 XenophonF or well, rename that directory and restart the master
15:28 drawsmcgraw XenophonF: This is the line that appears before it hangs (for about 17 seconds)
15:28 drawsmcgraw Removed lock for git://github.mtv.cloudera.com/Cops/salt-states.git
15:28 drawsmcgraw Then, when I up it to '-l trace', I see a lot of this
15:29 drawsmcgraw Returning env cache data from /var/cache/salt/master/gitfs/envs.p
15:29 punkoivan joined #salt
15:29 Guest87805 Hi everybody, I was wondering if it's possible to disable just cmd.run but still accept cmd.script among other cmd features. Does anybody know how?
15:29 drawsmcgraw Let me rename the directory and bounce the master to see what happens.
15:30 _JZ_ joined #salt
15:30 punkoivan joined #salt
15:30 drawsmcgraw XenophonF: Sure enough! Renaming and restarting takes it down to 2 seconds
15:30 drawsmcgraw I wonder what happened...?
15:32 punkoivan joined #salt
15:32 fracklen joined #salt
15:33 Guest87805 This sintax is not valid, right ?
15:33 Guest87805 client_acl_blacklist:    users:      - root    modules:      - cmd.run
15:33 mavhq joined #salt
15:33 punkoivan joined #salt
15:34 amcorreia joined #salt
15:34 XenophonF drawsmcgraw: i'm not sure i understand those errors, either
15:34 spankalish Can someone explain this to me? https://gist.github.com/Spankalish/4a7bc706d559557339909e53e7d88c28
15:35 drawsmcgraw I wouldn't even say they're errors. Either way, glad to have the problem gone. Thanks!
15:35 digitalhero joined #salt
15:35 spankalish The terminal command executes successfully, but the .sls file fails
15:35 punkoivan joined #salt
15:37 mavhq joined #salt
15:37 pzipoy joined #salt
15:38 flowstate AndreasLutro: turns out that if you yum install salt-minion on Amazon Linux, it installs its own python at /usr/bin/python2.6, so now I'm installing pip and the other requirements there
15:38 flowstate or at least, that's what appears to be happening
15:40 mavhq joined #salt
15:40 cpowell joined #salt
15:40 zerthimon joined #salt
15:41 econnell joined #salt
15:45 sagerdearia joined #salt
15:49 beardedeagle joined #salt
15:50 M-MadsRC1 joined #salt
15:50 mavhq joined #salt
15:53 niluje joined #salt
15:53 niluje I have two states - in the first one I'd like to create a do-nothing state just to depend on it in the second one
15:53 niluje http://pastie.org/private/dyq2nhfb1vshqauu9bjzq
15:53 niluje is there a better approach than the cmd.run: echo 1 trick?
15:54 niluje (the problem is in state 2, I can't just depend on "dpdk_extracted")
15:55 orion XenophonF: Hey.
15:55 orion So, I took your advice about LDAP+Kerberos for SSO, but it's extremely complicated to set up by hand!
15:56 orion I found a really nice project though called FreeIPA which integrates all that.
16:02 rm_jorge joined #salt
16:04 jerredbell joined #salt
16:09 babilen jfindlay: nvm, it's obvious
16:10 cpowell joined #salt
16:10 cpowell joined #salt
16:11 TheBigNoob joined #salt
16:11 fooma joined #salt
16:12 kshlm joined #salt
16:12 winsalt joined #salt
16:13 Tanta joined #salt
16:15 onlyanegg joined #salt
16:17 AndreasLutro niluje: maybe look at salt.states.test
16:17 niluje AndreasLutro: thx
16:17 akhter joined #salt
16:17 digitalhero joined #salt
16:18 niluje test.nop seems great :)
16:18 niluje thansk a lot
16:18 niluje thanks* a lot
16:19 salty_solution joined #salt
16:21 berserk joined #salt
16:22 Fiber^ joined #salt
16:24 VSpike joined #salt
16:24 johnkeates joined #salt
16:24 baoboa joined #salt
16:27 niluje AndreasLutro: https://docs.saltstack.com/en/latest/ref/states/requisites.html#require-an-entire-sls-file
16:27 niluje !!!!!!!!!!!!!!!
16:27 niluje this can do the trick too :p
16:30 flowstate joined #salt
16:30 XenophonF orion: thanks for the note
16:30 XenophonF i'll take a look at it
16:31 XenophonF oh i see you mean server-side
16:31 XenophonF with AD you get LDAP+Kerberos out of the box ;)
16:31 XenophonF interesting project - i'll definitely read up on it
16:31 XenophonF thanks again!
16:33 digitalhero joined #salt
16:33 invalidexception joined #salt
16:35 ronnix joined #salt
16:42 punkoivan joined #salt
16:44 punkoivan joined #salt
16:44 amcorreia joined #salt
16:45 punkoivan joined #salt
16:46 Lionel_Debroux joined #salt
16:47 punkoivan joined #salt
16:47 polyidus joined #salt
16:47 N-Mi joined #salt
16:47 N-Mi joined #salt
16:48 punkoivan joined #salt
16:49 UtahDave joined #salt
16:50 punkoivan joined #salt
16:50 source47 joined #salt
16:50 salty_solution1 joined #salt
16:50 johnkeates left #salt
16:51 source47 hi guys, i am trying to get lxc to run on masterless salt like explained here https://docs.saltstack.com/en/latest/topics/tutorials/lxc.html
16:51 source47 but i am getting the error     State 'lxc.container_profile' in SLS 'common.packages' is not formed as a list
16:51 source47 any ideas?
16:51 scooter joined #salt
16:51 salty_solution1 Hello all!
16:52 UtahDave hey, salty_solution1!
16:52 UtahDave source47: I'm reading through that doc
16:53 UtahDave source47: what's the output of   salt --version
16:54 UtahDave source47: and can you pastebin your sanitized lxc.container_profile?
16:57 ageorgop joined #salt
16:57 mavhq joined #salt
17:00 mavhq joined #salt
17:00 source47 @UtahDave i am running salt 2015.8.8 (Beryllium)
17:02 source47 @UtahDave I am trying this file https://gist.github.com/developerinlondon/e8a610e3c391018146134497f0b9a131
17:02 source47 so basically taken straight from the example. i just want to spin a simple lxc container using salt
17:04 UtahDave what OS?
17:04 source47 centOS 6.6
17:05 source47 its inside a vagrant as headless if that helps
17:06 source47 i just uploaded the whole code here if u want to try using vagrant up: https://github.com/developerinlondon/vagrant-salt-lxc
17:06 UtahDave so, I think that your lxc.container_profile actually needs to go in your minion config or in the minion's pillar data, not in your sls file
17:07 source47 ah
17:08 UtahDave I'm finding that doc to be confusing, too, because it's trying to maintain backwards compat with multiple versions of Salt as well as lxc
17:09 gtmanfred i just fought with this the other day :/ it was less than ideal
17:10 gtmanfred here is what I ended up doing
17:10 gtmanfred http://ix.io/v1y
17:10 gtmanfred source47: ^^
17:10 gtmanfred moving those lxc_profile things to pillars was all I had to do though
17:11 gtmanfred that lxc.container_profile needs to be in pillars
17:11 gtmanfred then you need an lxc.present state
17:12 source47 @gtmanfred thanks. but how can i add it into vagrant? does the config you put in work using master only?
17:12 source47 target: salt.manfred.io
17:12 gtmanfred so, that is only for salt-cloud
17:13 gtmanfred you don't need that if you use lxc.present
17:13 gtmanfred lxc.present will build on the local machine
17:14 source47 so i would put in target: lxc.present ? (sorry i am a bit new to salt)
17:14 gtmanfred you don't need target for lxc.present
17:15 gtmanfred move your lxc.container_profile in your pillar data
17:15 gtmanfred then you need a state that is
17:15 gtmanfred <name>:
17:15 gtmanfred lxc.present:
17:15 gtmanfred - lxc_profile: centos
17:15 gtmanfred to reference the centos profile in the lxc.container_profile pillar
17:16 gtmanfred source47: using this https://docs.saltstack.com/en/latest/ref/states/all/salt.states.lxc.html#salt.states.lxc.present
17:18 polyidus joined #salt
17:19 source47 so would it translate a bit like this on my case: https://github.com/developerinlondon/vagrant-salt-lxc/blob/master/saltstack/etc/minion_vagrant_host#L14
17:19 source47 and i put in the config you had above in a lxc.sls file
17:19 gtmanfred unfortunately i have no idea how vagrant works
17:23 source47 well its basically copying the file in /etc/salt/minion
17:23 source47 then running salt-call
17:23 digitalhero joined #salt
17:23 slav0nic joined #salt
17:24 source47 the main difference i have is running salt headless
17:24 gtmanfred that is odd to have the lxc.present in minion config file
17:24 source47 so u would just put it in the sls file?
17:25 gtmanfred yeah
17:25 source47 i was trying to figure out what would translate for headless salt for your /etc/salt/cloud.providers.d/lxc.conf
17:25 gtmanfred if it lives at /srv/salt/lxc.sls
17:25 gtmanfred you can call `salt-call --local state.apply lxc`
17:26 gtmanfred uhh, it would be the same thing, for the cloud.providers thing, cause salt-cloud is a seperate binary, and the salt.cloud:CloudClient uses it seperatly
17:26 gtmanfred which is what the cloud.present uses )
17:27 bowhunter joined #salt
17:27 murrdoc joined #salt
17:29 impi joined #salt
17:30 aw110f joined #salt
17:32 feld joined #salt
17:33 source47 @gtmanfred you have it set as watch file containers
17:33 source47 where is the containers file?
17:33 mvensky joined #salt
17:33 scooter joined #salt
17:33 source47 i pasted in your code in as you suggested and its partially working, i am getting 7 success and 7 failures
17:35 ageorgop joined #salt
17:35 winsalt any official salt people know if there is something like a whitelist for loading salt modules?
17:35 source47 dnsmasq: bad option at line 3 of /etc/dnsmasq.conf
17:40 source47 and the cloud.present sections
17:40 garphy joined #salt
17:40 source47 The following requisites were not found file: containers
17:41 source47 @gtmanfred are you sure you have everything there? dont i need a file containers?
17:41 nickfrez joined #salt
17:42 nickfrez left #salt
17:42 nickfrez joined #salt
17:43 aharvey joined #salt
17:45 devtea joined #salt
17:45 fracklen joined #salt
17:47 ajw0100 joined #salt
17:48 dendazen joined #salt
17:51 gtmanfred uhh, the top level of the staet is called containers
17:51 gtmanfred the state_id for everyhting is containers
17:51 nat0 joined #salt
17:52 gtmanfred sorry, I was watching the build live stream from microsoft
17:53 source47 ah so it will reload automatically if anything inside 'containers' changes then?
17:53 source47 so basically the whole file /srv/salt/lxc.sls
17:53 digitalhero joined #salt
17:54 gtmanfred yeah
17:54 gtmanfred if dnsmasq.conf changes, it will restart dnsmasq
17:54 gtmanfred and then the same for whatever the other restart was in there
17:55 gtmanfred also, i wrote that for running on centos7, so it might not work for centos 6
17:58 dendazen guys need some help can't figure it out
17:58 dendazen i created a gist of a problem so i do not mess the channel
17:58 dendazen https://gist.github.com/dendazen/f03ce74fd1c862924552c91d87ae6e32
17:59 dendazen if anyone has a little bit of time to take a look, i'd appreciate it.
18:01 digitalhero joined #salt
18:01 akhter joined #salt
18:02 UtahDave dendazen: what's the file_roots option in your master config set to?
18:02 dendazen git
18:03 UtahDave I think you may have gitfs misconfigured.
18:03 dendazen fileserver_backend:
18:03 dendazen - git
18:03 dendazen to be exact
18:03 UtahDave what's the output of    salt  <minion> cp.list_master     ?
18:03 dendazen well this policy wsa working before and all other policies work
18:03 dendazen and they refer to bunch of different files
18:04 dendazen within them
18:04 dendazen i have that file
18:04 dendazen here one sec
18:05 dendazen [root@ops1 tmp]# salt  gaga-server1.aur1.example.com cp.list_master | grep -E etc-sudoers$
18:05 dendazen - packages/sudo/files/etc-sudoers
18:06 dendazen maybe blow the cache on the master?
18:06 bbhoss joined #salt
18:06 dendazen my salt versions are 5.8 on the master and minion
18:07 fracklen joined #salt
18:08 s_kunk joined #salt
18:09 dendazen not sure what's going on, i can recreate the file
18:09 dendazen git rm it and add it again
18:09 dendazen and push
18:09 dendazen maybe that will help
18:10 ahammond We're using the map.jinja pattern. I'd like to use something that sucks less than jinja, however we're doing the whole {% from 'foo/map.jinja' import foo with context %} thing throughout our formulae. Is there a way to transition to something PyObject based?
18:12 AndreasLutro ahammond: no
18:14 beardedeagle if I were to do anything python for templating, I would just go pure python. *Much* more flexibility IMO
18:15 quasiben joined #salt
18:15 sfz- joined #salt
18:17 ageorgop joined #salt
18:17 anmolb joined #salt
18:18 akhter joined #salt
18:18 baweaver joined #salt
18:21 ahammond AndreasLutro yeah, that's what I figured. Grumble.
18:25 keisetsu joined #salt
18:25 UtahDave I recommend keeping your templating to a minimum, anyway.
18:26 AndreasLutro ahammond: maybe if you switch to mako you'll have more options
18:26 keisetsu Is there documentation I'm missing on creating a mod_watch function? I'm implementing a state that needs watch capabilities, but I don't know what I need to do. It seems, from the little I do get in the documentation, that the function that does this work actually needs to be called "mod_watch", is that correct?
18:26 UtahDave It's too easy to go crazy with templating and end up with a mess like early 2000's PHP spaghetti code
18:27 UtahDave keisetsu: correct
18:27 UtahDave have you looked at the service state?
18:27 keisetsu Yes, I was just going to ask if that was a good example
18:28 UtahDave there aren't a whole lot of examples.  I think there's 2 states that have the mod_watch function. maybe three
18:28 keisetsu Ok. Good to know.
18:28 UtahDave keisetsu: but it's pretty simple.  It's just a python function that does something if the watched thing returns changes.
18:29 spankalish Can anyone tell me why a command will work form the salt master command line, but will not work from a .sls file? https://gist.github.com/Spankalish/4a7bc706d559557339909e53e7d88c28
18:29 UtahDave keisetsu: Try to use salt execution module functions to actually do things, if possible
18:29 UtahDave spankalish: you've got that malformed.  I'll add a comment
18:29 keisetsu I'm actually implementing something live state.service, but I need something that starts the service, then waits to see if the process is still running  after a delay. I have the main part done, I was just looking at using watch
18:30 keisetsu *live=like
18:30 keisetsu UtahDave: Yeah, it looked pretty simple, but I wanted to make sure that was a good example before I jumped in. Thanks for your help
18:31 spankalish UtahDave: cool
18:31 ageorgop joined #salt
18:32 polyidus joined #salt
18:32 UtahDave ok, spankalish. Refresh that page and you'll see my comment
18:35 beardedeagle wow, reading through the renders page...you can do some pretty serious stuff.
18:36 forrest joined #salt
18:36 spankalish UtahDave: Thanks, but it's more for testing purposes I am doing it that way. I suppose I left out the fact that I am using the reactor system. The .sls file is been run by an event on a web server, but the cmd in the .sls file needs to be executed on the load balancer
18:36 josuebrunel joined #salt
18:37 alreece45 joined #salt
18:37 spankalish UtahDave: That's why I have - tgt: 'LB'
18:37 UtahDave OK, let me add another example in view of it being a reactor file
18:38 spankalish UtahDave: Cool, that's UtahDave
18:38 aharvey joined #salt
18:39 digitalhero joined #salt
18:39 quasiben Hi all, i'm running salt masterless on osx
18:39 quasiben I've noticed it's really slow
18:40 quasiben any thoughts on the following issue: https://github.com/saltstack/salt/issues/28943
18:40 saltstackbot [#28943]title: On OS X, Salt Master takes over 3 minutes to initialize and start responding to requests | Salt was installed on OS X El Capitan according to the instructions at https://docs.saltstack.com/en/latest/topics/tutorials/walkthrough_macosx.html. No other changes were made to the Salt master configuration file, and no other changes were made to the salt or pillar directories....
18:40 UtahDave spankalish: ok. I added another comment.  There's also some examples here: https://docs.saltstack.com/en/latest/topics/reactor/index.html#calling-execution-modules-on-minions
18:42 lero joined #salt
18:42 orion https://github.com/saltstack-formulas/ntp-formula/blob/master/ntp/ng/files/ntp.conf#L7 <-- Does anyone know where this "config" variable came from?
18:43 spankalish UtahDave: I'll give that a go and report back, thanks
18:43 UtahDave orion: Salt's loader injects that at runtime.  That's the minion's config items
18:44 orion UtahDave: Do you know where in the documentation I can find more information about injected objects like that?
18:44 whytewolf actualy that isn't the config object that salt uses [that doens't get passed to jinja iirc]
18:44 whytewolf it is a context item passed in https://github.com/saltstack-formulas/ntp-formula/blob/master/ntp/ng/init.sls#L19
18:45 orion wow
18:46 UtahDave Hm. interesting.  I thought maybe the config.get execution module had been set to the config variable within jinja.  Good catch on the ntp formula
18:47 dendazen guys to my issue about file not found this is the error from master log: https://gist.github.com/dendazen/b02120015c9e0fb3ac8514a7867f7595
18:47 mavhq joined #salt
18:49 shiin joined #salt
18:49 spankalish UtahDave: That didn't work
18:52 sc250024 joined #salt
18:52 sc250024 Sorry if this is repetitive, but did the salt-cloud bootstrap get broken with upgrade to 2015.8.8 ?
18:52 beardedeagle I have to ask, why isn't mako the default renderer. Seems so much more powerful than jinja
18:52 beardedeagle @sc250024: no, why?
18:53 beardedeagle update your bootstrap scripts
18:53 sc250024 After upgrade to 2015.8.8, running `salt-cloud -p some-profile test-machine` does not install salt-minion
18:53 sc250024 Right, I was thinking that
18:53 RalfJ joined #salt
18:53 sc250024 I guess the script location from before was removed?
18:53 keisetsu UtahDave: I wrote a little test mod_watch, but even though a watched file has been modified, the function didn't run.
18:54 shiin left #salt
18:55 beardedeagle @sc250024: This is why I run my own boostrap lol, to prevent issues like this.
18:55 sc250024 I do as well, but I call it later using a `file_map` and inline script
18:55 RalfJ Hi all - is the method described at https://groups.google.com/forum/#!topic/salt-users/EUbnCGlroAA to add custom jinja filters written in python still work? I added a file in _modules, but calling such a function just gives an error
18:55 RalfJ Unable to manage file: Jinja variable 'salt.utils.templates.AliasedLoader object' has no attribute 'jinja_filters.test'
18:55 sc250024 Otherwise the default Salt bootstrap is fine
18:55 sc250024 Anyway, looks like that solved it, thank you!
18:55 beardedeagle np
18:56 ageorgop joined #salt
18:57 alreece45 I'm trying to run salt as a normal user (using the instructions from https://docs.saltstack.com/en/latest/topics/tutorials/rooted.html ), but it tells me I don't have permissions to write to /var/log/salt/master. Do I need to download and build salt for the non-root usage to work?
18:57 spankalish UtahDave: This is what I have: https://gist.github.com/Spankalish/3db794f8fb6cbb567def7da152ce29a6
18:58 RalfJ I did a sync_modules, that did not help
19:00 orion Will salt work on Ubuntu 16.04 LTS?
19:02 beardedeagle @jfindlay: do you happen to know why jinja was chosen over mako? mako seems so much more powerful.
19:04 sc250024 Looks like this is documented already: https://github.com/saltstack/salt/issues/32183
19:04 saltstackbot [#32183]title: Salt Cloud 2015.8.8 not installing salt minions on new nodes | ### Description of Issue/Question...
19:05 jfindlay beardedeagle: I don't know the reason, but I'm glad you're using mako. :)  Renderers need more competition to prevent a salt DSL
19:05 spankalish Anyone help me with reactor problem  https://gist.github.com/Spankalish/3db794f8fb6cbb567def7da152ce29a6
19:05 jfindlay orion: we'll be packaging for it when it is released
19:06 orion jfindlay: Is there a real difference between the salt packaes in your repo and the ones in the official Ubuntu repo?
19:06 beardedeagle @sc250024: ah, based on that I have done everything to prevent it. custom script in cloud.deploy. Good to know it has been reported though.
19:07 viq joined #salt
19:07 DammitJim alright... time to discuss....
19:07 DammitJim why would I want to use file.replace with a pattern search vs using a jinja template?
19:07 jfindlay orion: which official repo?
19:08 jfindlay orion: repo.saltstack.com supersedes any saltstack PPAs
19:08 orion https://launchpad.net/ubuntu/xenial/+source/salt
19:08 orion It doesn't look like a PPA.
19:09 forrest DammitJim, I don't know why you would honestly. Maybe if the file is huge and it's more work to manage, or you need a specific path? I very rarely use it.
19:09 fracklen joined #salt
19:09 digitalhero joined #salt
19:12 jfindlay orion: I am not familiar with that repo
19:12 orion jfindlay: That's the official Ubuntu repo.
19:12 jfindlay wait, hm, I guess that is the official repo?
19:12 beardedeagle @DammitJim: I have to use file.replace because I move my cloud configs over in a file_map to my syndics. then I replace the relevant spots with pillar data passed in via webhook reactor.
19:13 jfindlay orion: that may be the work of babilen
19:13 carlpett joined #salt
19:15 beardedeagle although...I could probably just file.copy and force
19:15 jfindlay orion: official, upstream packages land on repo.saltstack.com when we release a new version, and the distros are free to update their repos according to their own priorities, needs, and processes
19:15 beardedeagle now that I think about it
19:15 dmaiocchi joined #salt
19:17 polyidus joined #salt
19:17 beardedeagle or a file.managed even. damn, gotta go back and rewrite some things.
19:19 flowstate anyone else getting timeouts when trying to use boto_iam_role.present? all my other boto_* states are running fine
19:19 babilen orion, jfindlay: That appear to be re-built of our Debian packages for Ubuntu by "xenial" (whoever that might be)
19:20 DammitJim beardedeagle, you use file.replace
19:20 DammitJim forrest, you use file.replace and not a jinja template?
19:20 forrest DammitJim, No, I very rarely use replace.
19:20 sfxandy joined #salt
19:20 forrest Unless you have a very special use case for it, I see no reason to use it. I know people who are lazy and don't want to manage a file who use it.
19:20 DammitJim gosh
19:21 DammitJim I need to come up with a good argument for this LOL
19:21 forrest For using it?
19:21 forrest file.replace that is.
19:21 DammitJim my pupil is implementing something purely with file.replace
19:21 babilen Why?
19:21 forrest Is it a file?
19:21 DammitJim and I had NEVER used file.replace, so I'm a little thrown off as to why
19:21 DammitJim lol
19:21 DammitJim yes
19:21 forrest If so, tell them they are dumb.
19:21 forrest And to use file.managed.
19:21 DammitJim no, he is not dumb... he is making a suggestion
19:21 forrest Unless you have some very specific use case like beardedeagle, it's bad to do that
19:22 DammitJim the problem I have is he is doing like 5 file replaces LOL
19:22 forrest Yeah that's wasting time
19:22 DammitJim you think so?
19:22 forrest I don't want to do repetitive work, so yes.
19:22 forrest Unless the file is thousands and thousands of lines
19:22 quix joined #salt
19:22 DammitJim well, we do the repetitive work on the template and pillar, whereas he does it in pillar and the state
19:22 babilen the problem with file.replace (and similar things) approaches is that they rely on a specfic state of the minion and fail if they can't make those changes.
19:23 jfindlay babilen: xenial is the ubuntu 16.04 release codename
19:23 forrest That's going against the convention that already exists in place at your org, so already that is bad. Also as babilen said, too much risk
19:23 forrest DammitJim, What is the reasoning behind the usage of file.replace instead of file.managed? Are they unaware of file.managed perhaps?
19:23 DammitJim (I'm the only one who knows how to do salt at my org)
19:23 quasiben joined #salt
19:23 forrest Then it's up to you to lay down the law on style guides.
19:23 DammitJim that's why I'm making sure the stuff my pupil is bringing up is not something stupid I did on my part
19:24 DammitJim alright, fair enough
19:24 DammitJim yeah, he is running into problems where the pattern can't be found and it's appending to the end LOL
19:24 DammitJim I shouldn't laugh... he is banging his head and I'm wasting the company's money on his productivity
19:24 babilen jfindlay: Right. They sync regularly and that is the current package in sid / stretch. We are currently getting 2015.8.8.2 packages and it'll hit the mirrors soon.
19:24 forrest only use file.replace when you have to is my general motto, file.managed otherwise. Makes it easy for devs to get in there and understand what is happening and update, etc.
19:24 forrest DammitJim, Yeah just ask if there is a reason not to use file.managed is where I would go with it.
19:25 DammitJim ok, thanks
19:25 forrest Then you aren't attacking their actions, just trying to understand and make it easier on them
19:25 forrest DRY for life.
19:25 forrest and KISS as well
19:25 spankalish what's wrong with this? https://gist.github.com/Spankalish/3db794f8fb6cbb567def7da152ce29a6
19:25 DammitJim got it
19:26 sfxandy what error are you getting spankalish?
19:26 DammitJim brb
19:26 salty_solution joined #salt
19:27 babilen spankalish: That's like playing on hard mode .. do you have more context?
19:27 salty_solution Is there a standard way to pull java artifacts from a maven repo using saltstack
19:27 forrest spankalish, Here's my working reactor config: https://github.com/gravyboat/docka-docka-docka/tree/master/docka-salt
19:27 babilen I dislike the state names, LB seems to not be properly targeted, ...
19:27 baweaver joined #salt
19:27 spankalish babilen: It's not running the stop.sls
19:28 carlpett Hi! What is the recommended way to handle master configuration in custom modules? (both execution and state) It looks like the set of allowed configuration keys are coded into each salt release in config/__init__.py? I'm guessing this means that __opts__ is out? Also, it looks like it is not recommended anyway in the docs config.get, however, merges with minion config, pillar and grains, which I do *not* want
19:28 forrest salty_solution, Not really, we have: https://github.com/saltstack-formulas/maven-formula but no straight up maven states.
19:28 ageorgop joined #salt
19:29 salty_solution forrest: Good to know. I wasn't finding anything so I had to ask. Thanks
19:29 forrest salty_solution, np.
19:29 beardedeagle @DammitJim: I am about to change my file.replace
19:29 DammitJim beardedeagle, why?
19:29 forrest Because I convinced him with my terrible logic, duh :P
19:30 DammitJim lol
19:30 beardedeagle because now that I have thought about it for more than 2 seconds, their are better ways of managing the cloud files and file.replaced is *extremely* inefficient for state code.
19:30 beardedeagle ie I have multiple things that have to be replaced in a single file, times that by like 12 files
19:30 beardedeagle it gets big fast
19:30 forrest yup
19:30 Lionel_Debroux_ joined #salt
19:30 beardedeagle I blame alcohol for my bad decisions
19:30 forrest Just say you aren't lazy
19:31 forrest I mean LOOK AT ALL THAT CODE YOU WROTE!
19:31 DammitJim LOL
19:31 DammitJim alcohol can't be blamed for anything
19:31 DammitJim if anything, alcohol needs to be rewarded
19:31 jfindlay carlpett: what are you trying to do with master configs in a custom module?
19:31 punkoivan joined #salt
19:32 beardedeagle I am also rewriting all my states from jinja to mako
19:32 beardedeagle so...lots of cleanup
19:32 DammitJim mako? oh no
19:32 DammitJim I haven't done anything with mako
19:32 DammitJim my stuff is all jinja
19:32 beardedeagle I have been getting super pissed at jinja due to being limited by it
19:32 spankalish babilen: and how would I target it properly?
19:32 DammitJim can I find a $ sign in a line without escaping it?
19:32 beardedeagle was going to change to pure python
19:32 beardedeagle but found mako
19:32 forrest beardedeagle, That's a valid complaint.
19:33 carlpett @jfindlay: My module requires the master to have a secret token in order to integrate with an external system
19:33 punkoivan joined #salt
19:33 DammitJim you guys might be able to help me with a problem I tried to address the other day
19:33 beardedeagle @DammitJim: needs the escaping afaik
19:33 flowstate joined #salt
19:33 forrest For the low low price of $9999.99 an hour...
19:33 DammitJim can I define an "object" that can be called by pillar and be passed through a state to a template?
19:34 carlpett But I may very well be approaching it the wrong way - what _should_ I be doing?
19:34 DammitJim replace uses python's search()
19:34 DammitJim let me test it
19:35 babilen spankalish: Is your minion id "LB" ?
19:35 viq joined #salt
19:35 jfindlay carlpett: I'm not sure without more info on your case, but usually, secret data is stored in the pillar system?
19:36 spankalish babilen: yes
19:36 punkoivan joined #salt
19:36 beardedeagle I've got some crazy escaping in my replace's due to salt adding \'s to my AD user names. something like: replace("\\\\", "\\")
19:36 babilen spankalish: it's fine then (looked more like a "tag", "pillar" or "grain")
19:36 nihe joined #salt
19:36 polyidus joined #salt
19:37 carlpett jfindlay: Except this is really something that is tightly connected to the master itself, so a pillar feels a bit.. off? Basically the same as if you'd put your gitfs-keys in pillars?
19:38 punkoivan joined #salt
19:39 Lionel_Debroux joined #salt
19:39 kuromagi joined #salt
19:39 babilen carlpett: Look into config.get, that might feel more natural (read as it is used in the mysql module for example)
19:40 baweaver joined #salt
19:40 punkoivan joined #salt
19:40 flowstate welp, AWS IAM in us-east-1 is down, so boto_iam_role states are going to fail
19:41 punkoivan joined #salt
19:42 nickfrez left #salt
19:42 punkoivan joined #salt
19:42 carlpett babilen: But then it might accidentally merge some unfortunately named pillar or grain... (Actually, this was what I tried first, and it worked until I started adding pillars which I named the same as the master config - boom)
19:45 carlpett but given how wierd this seems to everyone, I'm guessing I'm heading down the wrong track here
19:45 dergrunepunkt joined #salt
19:45 spankalish joined #salt
19:45 carlpett Looking at the salt-cloud stuff, they use their own config files on the master
19:45 DammitJim dammit
19:45 carlpett is that better?
19:46 DammitJim how do I search for a line like this: CATALINA_HOME=/var/lib/$NAME
19:46 babilen carlpett: Good point. I find that quite natural in the context of custom execution modules though.
19:46 dergrunepunkt hi guys, with salt- 2015.8.8, I have problem I never encountered before, when I do "salt-key -L" I don't see any pending keys, but the log shows that minions are registering
19:47 carlpett I do hope to redistribute this when it is done, so for that reason I'd like to do it "right", to avoid having people run into wierd issues becuase of naming
19:48 spankalish babilen: you were saying it may be a pillars problem? I wouldn't need pillars for the reactor? I'm using pillars for the salt mine. I didn't know I'd need them for the reactor too
19:48 carlpett (redistribute is probably the wrong word, open sourcing would be what I meant)
19:50 punkoivan joined #salt
19:51 beardedeagle @DammitJim: 'CATALINA\_HOME\=\/var\/lib\/\$NAME'
19:52 debian112 anyone use salt to create mysql database?
19:52 fracklen joined #salt
19:53 punkoivan joined #salt
19:54 punkoivan joined #salt
19:56 punkoivan joined #salt
19:57 quasiben joined #salt
19:57 punkoivan joined #salt
19:57 baweaver joined #salt
19:58 punkoivan joined #salt
19:59 polyidus joined #salt
20:00 punkoivan joined #salt
20:02 dergrunepunkt sorry if I'm repeating but seems that my msg got lost, with salt- 2015.8.8, I have problem I never encountered before, when I do "salt-key -L" I don't see any pending keys, but the log shows that minions are registering
20:02 kuromagi joined #salt
20:04 qman__ joined #salt
20:05 kuromagi joined #salt
20:06 zer0def joined #salt
20:06 garphy joined #salt
20:07 spankalish If I am using the -tgt "minion" do I need to use pillars to specify the minion id to other minions?
20:11 beardedeagle shame we don't have any real examples for mako with salt like they do with jinja
20:11 Lionel_Debroux joined #salt
20:14 CampusD joined #salt
20:15 CampusD Hi All, question about "salt.modules.iptables.save"  https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.iptables.html
20:15 CampusD I can't use that into a state file, right? Like save-iptables-rules:   iptables.save
20:17 teatime there is an iptables state
20:17 CampusD Hi teatime, I did see that one https://docs.saltstack.com/en/latest/ref/states/all/salt.states.iptables.html
20:18 CampusD doesn't seem to have a save option
20:18 CampusD perhaps a cmd.run 'iptables-save > /my/file/name'
20:18 evilrob joined #salt
20:19 teatime that would work fine
20:19 qman__ joined #salt
20:19 teatime you can run salt modules from a state, pretty sure
20:19 rideh joined #salt
20:20 teatime https://docs.saltstack.com/en/latest/ref/states/all/salt.states.module.html
20:20 CampusD I wondered about that, it looks like the examples show only CLI use
20:20 CampusD i see, module.run, interesting
20:20 teatime I'm personally not a big fan of the iptables stuff in salt; I just manage /etc/iptables/rules.{ip4,ip6} manually.
20:21 teatime which are in iptables-save format
20:22 CampusD yeah, I have them in plain ext files called by a bash script pushed by puppet
20:22 CampusD trying to move to salt, I thought I would give it a try with the state and module options
20:23 teatime then you don't want to run iptables-save anyway, right?
20:23 teatime fair enough.  iptables is not one of the best imo though
20:23 MajObviousman joined #salt
20:24 CampusD will see how they go, if they turn to be a pain, i might switch back to a plain files called by the bash script and just have salt execute the script
20:24 CampusD thanks for your help and tips
20:25 teatime CampusD: I use my distro's script to load on-boot and flush/reload via iptables-restore
20:25 teatime and never iptables-save
20:25 flowstate joined #salt
20:25 ageorgop joined #salt
20:27 babilen CampusD: You can use iptables-persistent on debian et al
20:30 DammitJim there's teatime
20:30 teatime hihi.  ever get your data structure worked out?
20:34 GreatSnoopy joined #salt
20:35 ronnix joined #salt
20:38 garphy joined #salt
20:39 Tanta I just leave my EC2 instances wide-open and rely on security groups to control LAN packet filtering
20:39 Tanta seems a little nitty to have iptables running in 2016
20:39 flowstate joined #salt
20:41 teatime not everyone can afford EC2's insane xfer rates
20:41 carlpett jfindlay, babilen: Is there any solid recommendation here, even if it is "never have master config options"?
20:42 Tanta when I was using IPtables, however, I was a big fan of https://www.rfxn.com/projects/advanced-policy-firewall/
20:42 carlpett Comparing to the case where I'd have a ssh key in the master config, would a custom module still put that in a pillar?
20:42 cilkay joined #salt
20:44 UtahDave carlpett: I'd generally put your ssh key in pillar. That way you can better control which minions have access to it.
20:46 teatime I think his original question might have been where to put secure tokens that only the master needs to access
20:46 teatime if so, the answer is 'anywhere', pretty much.  anywhere secure, anyway.
20:48 UtahDave teatime: ah. I should have read further back
20:49 carlpett Yes, precisely
20:50 carlpett But there is no convention, then?
20:51 jfindlay carlpett: It sort of depends on how you're integrating the secret token into salt. If you're running a custom module on the master(+minion I'm assuming), as teatime says, you can put it anywhere and write your custom module around that
20:52 jfindlay or you can put it into a pillar and have the pillar top file assign it only to the master's minion
20:53 ahammond carlpett remember that if you add it to the pillar you're always paying the fractional increased cost of rendering it. Not worth worrying about if it's just a few things.
20:54 carlpett Alright. So let's say I'd prefer to have this in a config file on the master, is there any wrapper around generic config files with the niceties of config.get and friends? (such as foo:bar expansion and default=baz, etc)
20:55 carlpett And am I right in assuming I should put this in a separate file rather than the master config to avoid conflicting with internal stuff (eg the precompiled list of VALID_OPTS)
20:56 digitalhero joined #salt
20:56 jfindlay I don't think it would be too hard to namespace it within the master opts
20:56 jfindlay my_app.secret_token, or something?
20:57 teatime I don't think you should put a secret there w/o any need.
20:57 carlpett yeah, just wondered if there's something that validates agains VAILD_OPTS? I know some gitfs stuff did for a subkey, at least
20:57 carlpett teatime: How do you mean without need?
20:58 teatime even if it's theoretically secure, which I dunno if it is, it's still exposing that secret to a lot more things / increasing attack surface.
20:58 teatime carlpett: if it doesn't need to be in master config file, then I would not put it in there.
20:59 carlpett The master needs to have it somehow, but not necessarily through the config file. It will be used to be able to secure pillars that are stored on github
20:59 gimpy2938 Salt just killed the server its master was running on ... it ran a state which installs an RPM (one that it installed on dozens of other machines without problem) ... somehow it (or yum?) decided to remove hundreds of packages, including things like systemd
20:59 carlpett Basically it is a "secret zero" kind of problem, this secret is required to keep other secrets safe
21:00 gimpy2938 My question here is, why the FUCK does Salt allow such a thing to happen?  Why would it instruct the package manager to do such things?
21:04 UtahDave gimpy2938: what command did you run?
21:09 zer0def joined #salt
21:10 UtahDave gimpy2938: Can you pastebin the command you ran and/or the state that was executed?  Generally, Salt won't do anything except what you instruct it to do.
21:11 beardedeagle anyone here already using mako?
21:13 jfindlay beardedeagle: did you find a bug? :-)
21:13 salty_solution Is there a way to run a salt command locally?
21:13 salty_solution on the master
21:14 jfindlay salty_solution: what do you mean?
21:14 jfindlay what kind of command?
21:14 baweaver joined #salt
21:14 salty_solution I want to download a file to the master to them copy to the minions.
21:14 digitalhero joined #salt
21:15 beardedeagle no, just asking this before I try to run it and lock some people out, you can still do salt.cmd.run() in mako expressions right? It's just a really good convenience utility lol.
21:15 jfindlay beardedeagle: yes
21:15 beardedeagle awesome
21:16 jfindlay beardedeagle: or whatever the equivalent mako expression is, I'm not that familiar with it
21:16 beardedeagle ${}
21:17 edrocks joined #salt
21:18 jfindlay salty_solution: any reason not to use file.managed with an https source?
21:21 cpowell joined #salt
21:23 DammitJim is there a way to see what states have been executed on a minion?
21:23 DammitJim this might be a dumb question, but I figured I should ask still....
21:23 hemebond DammitJim: state.show_top (or something)
21:24 DammitJim not for what is in the top file
21:24 DammitJim but for what has been run on the minion if someone did a state.sls <custom_state>
21:24 hemebond Oh.
21:24 salty_solution jfindlay: The file that I am trying to get onto the master is a java artifact from a maven repo.
21:24 hemebond Well, you can look through the jobs.
21:25 cpowell_ joined #salt
21:25 digitalhero joined #salt
21:25 DammitJim jobs in the logs?
21:25 UtahDave DammitJim: the job cache
21:25 jfindlay salty_solution: the easiest thing to do might be to put a minion on the master
21:26 salty_solution Oh I see what you are saying
21:26 salty_solution :)
21:26 salty_solution I like it
21:26 hemebond DammitJim: https://docs.saltstack.com/en/latest/topics/jobs/
21:27 jfindlay :-)
21:30 DammitJim oh, thanks
21:33 mavhq joined #salt
21:37 beardedeagle I am liking that mako allows me to separate the logic from the state
21:39 lero joined #salt
21:40 snicers-work2 Hey, having issues with a memory leak on my salt minion, how do I go about debugging this?
21:41 cyborg-one joined #salt
21:44 babilen beardedeagle: Mako is a lot nicer than jinja, isn't it? It's also great that you can easily include literate Python blocks.
21:44 beardedeagle yes very much so
21:45 beardedeagle on the topic of renders, does anyone know if the author of pyobjects is still working on it? makes mention that it doesn't yet support reactors in the docs.
21:47 beardedeagle it looks rather interesting in it's own right
21:53 snicers-work2 Is there a way to cap the amount of memory salt minion's attempt to allocate?
21:54 iggy snicers-work2: cgroups?
21:54 iggy nothing built into salt
21:55 snicers-work2 But that will still produce "Cannot allocate memory" errors
21:55 edrocks joined #salt
21:55 snicers-work2 I am simply running out of memory on my small aws servers and salt is sitting there taking 700MB or more.
21:56 flowstate joined #salt
21:57 snicers-work2 What is everyone elses minions running at memory usage wise?
21:59 sjmh joined #salt
21:59 sjmh is the AES encryption in salt 128 or 256? Couldn't find it in the docs anywhere what the key size was ( or if it was configurable )
22:01 flowstate joined #salt
22:01 frew joined #salt
22:02 baweaver joined #salt
22:02 brianvdawson joined #salt
22:02 jagguli joined #salt
22:03 jagguli Im trying to run cloud.profile to spin up instances on aws, but the minions are not being bootstrapped
22:03 jagguli nothign in the debug logs ..
22:03 jagguli im using salt/develop
22:06 johnkeates joined #salt
22:07 iggy snicers-work2: try disabling stuff... that doesn't sound right... most I've seen is about 50M
22:07 snicers-work2 iggy, what sort of stuff can I disable?
22:08 snicers-work2 iggy, using disable_modules?
22:09 johnkeates so, anything new on salt package manager?
22:09 johnkeates the saltstack-formulas repo is fine, but lots of people seem to be hating on it. I've made a bunch of very useful formulas but I'm not sure how to do FOSS distribution and if there still is no SPM.. well, not sure what the point of sharing is
22:16 beardedeagle argh, how do you call pillars with mako?
22:17 jfindlay snicers-work2: is this a long running salt-minion?  Do you have lots of salt subsystems in use?
22:18 jfindlay johnkeates: spm has been out for a few releases.  What are you wanting to do with it?
22:18 snicers-work2 it is a long running salt-minion, always on. Pretty out of the box setup, just had salt-cloud configure my minions for me, I have 2 minions currently on separate aws t2-micro ec2 instances.
22:18 snicers-work2 jfindlay, ^
22:19 jfindlay snicers-work2: what version?
22:19 snicers-work2 jfindlay, is salt-minion supposed to act as more of a service you start only when intending to interact?
22:19 jfindlay of salt-minion?
22:19 ageorgop joined #salt
22:19 hemebond No.
22:19 hemebond Should always be running.
22:20 snicers-work2 I am on 2015.8.5 right now
22:23 jfindlay snicers-work2: I have a 2015.8.7 minion running 2 procs (and 5 threads) at 129M and 671M, respectively
22:24 snicers-work2 ouch, kind of hard to fit such a large footprint on a t2-micro.
22:24 snicers-work2 Can I disable modules that I don't use to get that footprint down?
22:24 jfindlay that is if I am reading htop correctly (probably not)
22:25 snicers-work2 lol, I think you are, I see similar numbers.
22:26 snicers-work2 if I want to change which modules are running on my salt minions can I manage that from salt-cloud or salt-master somehow or do I need to change it on each individual minion?
22:27 jfindlay those are the virt numbers anyway
22:28 jfindlay snicers-work2: you could file.manage remove modules you don't need I suppose
22:28 jfindlay I think if you override modules with files in _modules and _states, it will replace the standard module
22:29 snicers-work2 no way to propagate the minion config file and use disable_modules?
22:30 jfindlay hmm, I have never seen `disable_modules` before
22:30 jfindlay that seems to be what you are looking for
22:30 jfindlay snicers-work2: you should be able to specify minion configs at deploy time with salt-cloud
22:31 snicers-work2 wish there was a "disable all" and I choose which to enable.
22:31 jfindlay 671 MiB is a tall order for a micro instance
22:31 jfindlay or a whitelist, like `enable_modules`?
22:31 iggy virt is not a useful metric
22:31 amcorreia joined #salt
22:31 iggy you should be looking at RES
22:32 snicers-work2 jfindlay, unfortunately I only salt-cloud once to setup the instances, I don't currently have a method for cycling salt-cloud instances without a bit of overhead.
22:32 snicers-work2 jfindlay, a whitelist would be great.
22:32 jfindlay snicers-work2: sure, what I was trying to say is there are options to do that
22:32 jfindlay snicers-work2: you can use salt to update its own config and restart
22:33 jfindlay iggy: in that case I have 2M and 165M
22:34 iggy 165 still seems high... I've never personally seen a minion that high
22:34 ronrib joined #salt
22:35 snicers-work2 Mine is even lower but I still get memory allocation errors
22:35 snicers-work2 does each thread that salt minion runs take that memory?
22:38 jfindlay sjmh: 192 bits
22:38 sjmh @jfindlay : ty!
22:38 jfindlay sure
22:40 zenlot6 joined #salt
22:46 johnkeates joined #salt
22:47 johnkeates Is there no central SPM repository?
22:48 jfindlay johnkeates: I don't think so.  The closest thing at this point is probably going to be saltstack-formulas
22:49 jfindlay but the idea is intriguing.  I am not directly involved with either thing, but you are welcome to submit an issue on github so that interested parties may discuss it
22:50 johnkeates hmm.. that might be worth it
22:50 jfindlay or on the mailing list
22:50 baweaver joined #salt
22:50 johnkeates right now SPM is like this really handy power drill but there are no batteries and no bits so you can't really use it...
22:50 jfindlay but you can make batteries with salt :-)
22:51 johnkeates yes, it's possible to make it work, set up a private repo etc. but that doesn't help much with resolving dependencies and sharing formulas :p
22:51 jfindlay that may have put me over the threshold for bad puns for the day
22:53 jfindlay johnkeates: I suggest starting a conversation in one (or both) of those places
22:55 flowstate joined #salt
22:55 econnell joined #salt
22:59 flowstate joined #salt
23:00 lero joined #salt
23:02 rem5 joined #salt
23:05 digitalhero joined #salt
23:07 akhter joined #salt
23:08 TheBigNoob joined #salt
23:12 rem5 joined #salt
23:12 lero joined #salt
23:13 ageorgop1 joined #salt
23:16 digitalhero joined #salt
23:17 jagguli joined #salt
23:23 hasues joined #salt
23:23 hasues left #salt
23:24 lero joined #salt
23:26 lero joined #salt
23:27 ageorgop joined #salt
23:28 ageorgop joined #salt
23:29 lero joined #salt
23:31 lero joined #salt
23:31 lero joined #salt
23:31 edrocks joined #salt
23:32 digitalhero joined #salt
23:34 mavhq joined #salt
23:38 kliquori joined #salt
23:39 aw110f joined #salt
23:41 mosu_ joined #salt
23:49 snicers-work2 disabling modules didn't reduce my ram footprint at all.
23:49 digitalhero joined #salt
23:53 lero joined #salt
23:56 flowstate joined #salt
23:56 ajw0100 joined #salt
23:58 iggy the current problem with trying to use formulas via a package manager is that most of them currently are completely independent and don't all work the same... I'm not sure what SPM solves

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary