Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2016-04-05

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:03 ninjada joined #salt
00:09 kevinquinnyo What is the best way to ignore Authentication requests in the salt-master log with debug?  They are so noisy it's almost impossible to troubleshoot your own code
00:10 teatime maybe grep -v ?
00:10 spuder joined #salt
00:10 kevinquinnyo teatime: that's what i do now
00:11 kevinquinnyo was wondering if there was something i don't know about
00:14 quasiben joined #salt
00:15 hackel I'm trying to upgrade mongodb on my ubuntu minions, but they frustratingly changed their GPG key.  I'm using saltstack-formulas/mongodb-formula which contains the new key signature under pkgrepo.managed.keyid, but salt isn't updating it automatically.  Am I missing something?
00:18 scarcry joined #salt
00:21 ageorgop joined #salt
00:23 the_lalelu joined #salt
00:26 iggy hackel: probably the state checks to see if the repo is there, so just remove it from sources.list, then rerun the state
00:26 emosher joined #salt
00:27 hackel iggy: Manually on each minion?
00:28 iggy salt '*' file.remove /etc/apt/sources.list.d/mongodb.list
00:28 iggy or whatever
00:29 twork_ joined #salt
00:31 hackel Oh, right.  I'll give that a shot, thanks.
00:38 hasues joined #salt
00:39 hasues left #salt
00:40 emosher Hello - looking for some help on using Salt as a monitoring solution.  I already have salt set up with some minions, and got some data writing to InfluxDB but the data is written with a single JSON string containing most of the data. See "full_ret" here - https://cloud.githubusercontent.com/assets/999153/14147206/c9eb7002-f69a-11e5-9a07-e751b5a359a5.png
00:40 emosher That makes the data almost unusable. Are other people using Influx / Salt like this, or another data store?  Ultimately, I just want to get Salt writing to a DB that I can disply with Grafana
00:41 emosher So that's what I'm trying to do, help appreciated
00:45 akhter joined #salt
00:46 iggy salt isn't really a monitoring tool
00:51 flowstate joined #salt
00:55 baweaver joined #salt
00:59 iceyao joined #salt
01:00 mavhq joined #salt
01:01 iceyao_ joined #salt
01:06 spuder_ joined #salt
01:10 auzty joined #salt
01:14 spuder joined #salt
01:17 lorengordon is there a way to execute the highstate but exclude a specific state? something like, `salt '*' state.highstate exclude=foo`
01:18 mavhq joined #salt
01:18 iggy !salt modules.state.highstate
01:18 saltstackbot https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.state.html#salt.modules.state.highstate
01:18 lorengordon i'm looking that that right now...
01:19 lorengordon oh geez, lol, i didn't see it in the list of params, but it's right there in the example
01:19 lorengordon :facepalm:
01:20 iggy sadly, anytime you see **kwargs in the list of args, you're in for a world of hurt to figure out what's available
01:20 lorengordon yeah, was about to dive into the code to see what kwargs might be recognized
01:21 mosen joined #salt
01:24 catpigger joined #salt
01:25 edrocks_ joined #salt
01:36 quasiben joined #salt
01:46 amcorreia joined #salt
01:47 drawsmcgraw joined #salt
01:51 flowstate joined #salt
01:53 brianfeister joined #salt
01:56 nZac joined #salt
02:01 ninjada joined #salt
02:02 Cidan joined #salt
02:05 beardedeagle joined #salt
02:22 penguinpowernz joined #salt
02:23 writtenoff joined #salt
02:25 snc joined #salt
02:29 subsignal joined #salt
02:37 hightekvagabond joined #salt
02:39 cuonglm joined #salt
02:43 anmol joined #salt
02:46 cliluw joined #salt
02:47 joe_n joined #salt
02:48 mavhq joined #salt
02:51 flowstate joined #salt
02:51 bshelton229 joined #salt
02:56 evle joined #salt
02:56 vivek_ joined #salt
02:57 vivek_ i m a newbie to salt.. right now i m setting up the SALT Master & MInion but the issue is minion key is not getting listed on Master
02:57 vivek_ i have checked the ports 4505 & 4506 are opened
02:58 vivek_ is there anything else i need to configure.. ? please advise
02:59 beardedeagle obvious question, did you point the minion at the salt master?
03:02 vivek_ yes
03:03 vivek_ i specified the master ip in the minion file
03:03 dayid joined #salt
03:03 dayid joined #salt
03:03 N-Mi joined #salt
03:03 N-Mi joined #salt
03:04 vivek_ i.e master: 20.X.X.X
03:05 vivek_ master was able to register the machines till yesterday from today it behaving badly.. i guess something i have changed on master..
03:06 vivek_ please suggestt if i can review any setting on master..
03:06 beardedeagle how many minions are attached to this master?
03:06 vivek_ only one was attached till yesterday..
03:06 beardedeagle so if crap is broke, I think it would be easier for you to just clear out caches, delete the key, and reregister
03:06 vivek_ but now even that one is not showing up as registered minion with master
03:07 beardedeagle 1. Stop master daemon
03:07 beardedeagle 2. Stop minion daemon
03:07 vivek_ please guide which cache to clear ..which keys to delete
03:07 beardedeagle 3. On master: rm -rf /etc/salt/pki /var/cache/salt /var/run/salt
03:07 beardedeagle 4. On minion: rm -rf /etc/salt/pki /var/cache/salt /var/run/salt
03:07 beardedeagle 5. Start master
03:07 beardedeagle 6. Start minion
03:08 beardedeagle 7. Accept keys
03:09 dayid joined #salt
03:11 vivek_ thanks ,, but this didnt work.. i m getting below message in the minion log file ...please guide..
03:11 vivek_ +++++++++++++++++++++
03:11 vivek_ [CRITICAL][10573] The Salt Master has rejected this minion's public key! To repair this issue, delete the public key for this minion on the Salt Master and restart this minion. Or restart the Salt Master in open mode to clean out the keys. The Salt Minion will now exit.
03:11 vivek_ +++++++++++
03:12 beardedeagle the public key *should* be in /etc/salt/pki/master
03:12 beardedeagle on the master
03:12 beardedeagle give a look and see if you see your minion key
03:12 vivek_ yes i delete that
03:14 beardedeagle if you deleted it, restart the minion
03:14 beardedeagle service*
03:15 vivek_ +++++++++
03:15 vivek_ its not there
03:15 vivek_ [root@centos6 master]# pwd /etc/salt/pki/master [root@centos6 master]# ls -lrtR .: total 28 drwxr-xr-x 2 root root 4096 Apr  5 08:43 minions_rejected drwxr-xr-x 2 root root 4096 Apr  5 08:43 minions_pre drwxr-xr-x 2 root root 4096 Apr  5 08:43 minions_denied drwxr-xr-x 2 root root 4096 Apr  5 08:43 minions_autosign drwxr-xr-x 2 root root 4096 Apr  5 08:43 minions -rw-r--r-- 1 root root  450 Apr  5 08:43 master.pub -r-------- 1 root root
03:15 beardedeagle hrm so it keeps auto rejecting the minion
03:16 vivek_ yes
03:16 vivek_ it keep rejeccting the minion
03:16 beardedeagle does salt-key -L show the minion key twice?
03:16 vivek_ even thought the minion key is not there on master
03:16 vivek_ it was showing yesterday twice
03:17 vivek_ but then i deleted the key
03:17 brianfeister joined #salt
03:17 vivek_ & now every minion is getting rejected
03:17 vivek_ even tthe new one's
03:17 vivek_ i wonder what the issue is
03:18 beardedeagle have you tried doing auto accept on the master? see if it auto rejects even in that case?
03:19 vivek_ i  have enabled >>open_mode: False
03:19 vivek_ in my master
03:19 vivek_ still the same issue
03:20 paydro joined #salt
03:20 mavhq joined #salt
03:22 beardedeagle it would need to be true for this particular case
03:22 beardedeagle it is supposed to clean up the pki keys
03:22 beardedeagle *could* help
03:23 beardedeagle otherwise you could `auto_accept: true` after that to see what it does.
03:24 beardedeagle if none of that works, I am out of ideas
03:28 ninjada joined #salt
03:29 favadi joined #salt
03:31 vivek_ okay will try that
03:38 favadi joined #salt
03:43 overyander joined #salt
03:44 tristianc joined #salt
03:51 flowstate joined #salt
03:51 racooper_ joined #salt
03:53 mavhq joined #salt
03:54 racooper_ joined #salt
03:54 berserk joined #salt
03:55 berserk joined #salt
03:57 racooper joined #salt
04:00 joe_n joined #salt
04:00 paydro joined #salt
04:04 anmol joined #salt
04:06 ajw0100 joined #salt
04:07 rdas joined #salt
04:15 msn joined #salt
04:18 overyander joined #salt
04:21 msn I am trying to use salt to setup mysql USers using salt module mysql this is my state definition http://paste.debian.net/424024/  the password is pulled from a pillar http://paste.debian.net/424025/, When i do salt '*' pillar.items i see the passwords being available for the host but state.highstate says password is empty
04:33 akhter joined #salt
04:34 hasues joined #salt
04:36 beardedeagle what happens when you try just a simple {{ pillar['mysql']['password']['dbuser'] }} ?
04:38 hasues left #salt
04:39 zifnab he's using arrays, not dicts
04:40 zifnab two options (unless i'm stupid): pillar[0][2], or change it to https://vomitb.in/j6MqwX5OJz
04:40 zifnab unless i'm horribly sleep deprived and that doesn't work
04:41 beardedeagle i prefer to write my pillars how you have in your link
04:41 beardedeagle makes life much easier
04:41 zifnab yeah, arrays are bad most of the time
04:41 beardedeagle @zifnab, and possible I am running on 3 hours of sleep myself
04:41 zifnab unless you're doing arrays of dicts containing similar info, or something
04:42 zifnab (somethilng like https://vomitb.in/4xpX2Y63m7)
04:42 msn beardedeagle: nothing empty still
04:42 zifnab lets you do {% for site,data in ssl.iteritems() %}
04:42 beardedeagle Can you get rid of the `-`'s
04:42 beardedeagle in your pillar?
04:43 beardedeagle structure it like @zifnab's first link
04:43 msn k
04:43 beardedeagle https://vomitb.in/j6MqwX5OJz
04:44 cyberviking joined #salt
04:45 msn i think that was the issue, I was so focussed on the correct spacing /facepalm
04:46 beardedeagle so your other method of pillar.get
04:46 beardedeagle should work now btw
04:46 beardedeagle salt['pillar.get']() and pillar[] are similar
04:46 zifnab so yeah, if i were to drop that into python form (your pillar), it actually looks like { 'mysql': [ {'password': [{'root': 'user'}, {'dbuser': 'dbuserpw'}, {'qaread': 'qareadpw'}] }] }
04:46 beardedeagle just one lets you set a default
04:47 beardedeagle good catch zifnab
04:47 zifnab instead of {'mysql': {'password': {'root': 'pw', 'dbuser: 'pw', 'qaread': qareadpw'} } }
04:47 zifnab so *technically* pillar['mysql'][0]['password'][2]['dbuser'] would hand out your password, which is *not* what you want
04:48 zifnab man, i wish i could convince work to use saltstack
04:48 zifnab they want ansible
04:48 beardedeagle le sigh
04:48 zifnab i have no issue with it, its just as easy
04:48 xmj so,
04:48 zifnab i'm not a fan of its vault though
04:49 xmj show them which license Ansible is under
04:49 beardedeagle honestly it is not any better than salt imo, the ui is nice though
04:49 xmj then show them salt's
04:49 zifnab xmj: what is ansibles?
04:49 xmj GPLv3
04:49 xmj I have a good bunch of Ansible code that works perfectly fine, but that I need to rewrite because GPLv3 is . . . GPLv3.
04:49 zifnab that doesn't pass to configs
04:50 flowstate joined #salt
04:50 xmj yes but if you want to distribute it, say on some OS images, and when setting up is core part of your project . . .
04:50 zifnab it would pass on to plugins and such, but i don't think that matters if you aren't releasing anything?
04:50 xmj I am, that's the difference
04:50 ageorgop joined #salt
04:50 xmj or, plan to
04:50 zifnab yup, thats a non issue here
04:50 msn i just checked all the places ansible and saltstack were compared
04:50 zifnab its mostly 'lack of agent'
04:50 zifnab i could use salt-ssh
04:51 beardedeagle ^
04:51 msn and found too many "defensive" posts from someone high up in ansible
04:51 zifnab realistically
04:51 xmj salt-call --local
04:51 aurynn salt-ssh is fun
04:51 zifnab its another thing to drop on my resume
04:51 zifnab so ¯\_(ツ)_/¯
04:51 msn so i just went saltstack, good community >>>>>> marginally better application
04:51 zifnab ...i'm guessing my client ate that
04:51 * zifnab shrugs
04:51 xmj zifnab: are you employee'd currently?
04:51 zifnab xmj: yup
04:51 xmj heh ew
04:51 zifnab i rather like it
04:52 zifnab i don't work more than 40 hours, i get paid a constant rate
04:52 xmj well, eventually you'll find that building networks is more useful than overcredentializing your resume
04:52 zifnab taxes are dead simple
04:52 zifnab yup :)
04:52 zifnab still, when i eventually want to end up somewhere i don't know anyone
04:52 xmj i don't currently work more than 40h, i get paid a constant rate (per hour and project), taxes are dead simple
04:52 xmj ;)
04:53 msn I get everything with TDS done so no taxes to be paid by me just file a return which says "everything paid"
04:53 xmj but agree, your mileage may vary. would probably not go full free agent if i had people dependant on me.
04:53 xmj what's TDS?
04:53 msn Tax Deduction at Source
04:53 xmj ah, it's what makes taxes > 25% acceptable
04:53 xmj heh
04:54 zifnab msn: which part of india
04:54 msn Delhi
04:54 zifnab er, assumign thats still an india thing
04:54 msn for now
04:54 msn it is
04:54 zifnab we have an office in bangalore, why i was curios
04:54 zifnab curious*
04:54 xmj noice
04:54 msn i was in bangalore about well 7 yrs ago
04:54 zifnab i tend to avoid that half the planet, at least for work
04:54 msn then montreal
04:54 msn then Saigon
04:54 msn :)
04:55 zifnab i'm in balmy seattle now
04:55 msn i moved all over the world
04:55 zifnab really, even when the weather is shit, its still warm
04:55 msn India->canada->vietnam->india
04:55 msn when its hot here well its hot :)
04:55 msn its already 40C here
04:56 xmj i bet montreal was fun
04:57 msn coooold
04:57 xmj i live up north, nearly 60°N
04:57 xmj Eastern Europe all the way \o/
04:58 msn well I am from india 0C to 48C is my temperature limits
04:58 xmj beats me how you can survive
04:59 msn you grow up in that
04:59 msn no heating/no Aircon
04:59 msn your body adapts
04:59 xmj oh, i moved up north where it's colder
04:59 xmj here, it doesn't often get out of the [-30°C, 35°C] range
04:59 xmj I like it that way :p
05:00 msn yes but when its -30 you sit in heated home ->heated car->heated office :)
05:00 msn you never really face the -30 for long
05:00 msn :D
05:01 xmj not exactly but almost
05:01 msn in india if its 0 outside its 0 inside
05:01 xmj I live in the city center and walk everywhere, yes in -30C as well
05:01 msn you better be dressed inside well too
05:01 xmj . . . thick clothes help :D
05:01 msn i did that in montreal office was about 3.5 kms used to walk everyday
05:01 msn rain/summer/winter
05:02 msn was fun
05:03 xmj i bet
05:03 xmj people who walk lots are noticeably slimmer ;)
05:03 msn not me
05:03 msn has no effect on me
05:03 msn :D
05:03 xmj magic
05:04 msn unfortunately
05:05 msn i am installing mysql-community-server and trying to setup users using it, problem is first time the root password is blank next time i have chanced it already how do i deal with thatt
05:09 xmj use postgres?
05:09 * xmj ducks
05:09 xmj kidding. what distribution are you on?
05:10 beardedeagle if you had a cli application for communicating with salt-api would you want the output in json or yaml?
05:10 beardedeagle just a question
05:10 xmj beardedeagle: ucl
05:10 beardedeagle not an option
05:10 xmj can i talk to your manager please?
05:11 xmj beardedeagle: part-kidding, but look into libucl, it can do ucl, json, yaml, and some more -- and shuffle between one another.
05:11 brianfeister joined #salt
05:12 beardedeagle that is interesting
05:12 beardedeagle and you dont want to talk to my boss
05:12 beardedeagle he is much worse than me
05:13 xmj beardedeagle: "can i speak to your manager?" is my default reaction when provided with a false dichotomy, nothing personal
05:15 beardedeagle lol np, my boss is OLD school devops
05:15 beardedeagle infact I believe his email is @mandrake.net
05:15 msn xmj: using debian jessie but this is not the mysql-server which comes with the distribution this is from mysql repos
05:16 euidzero joined #salt
05:16 xmj oh
05:16 msn it starts with empty password then i create a new password
05:16 xmj beardedeagle: do i have to get out my UNIX distribution email now?
05:17 beardedeagle lol
05:18 beardedeagle most people that I work with have been doing devops as long as I have been alive.
05:19 msn i been doing ops since 2002
05:19 xmj beardedeagle: some people I have spoken with have worked on UNIX more than 20years longer than I've been alive.
05:20 impi joined #salt
05:24 msn luckily not for me :) mostly indians I know have never worked on unix and those who have, have less then me
05:24 msn so I don't fee like a youngling
05:26 favadi joined #salt
05:26 xmj msn: well i had breakfast last year with kirk mckusick of bsd fame ;)
05:26 xmj that makes you feel like a youngling no matter what
05:26 xmj but hey, was interesting!
05:27 msn haha
05:27 msn you bet he felt like a grandfather
05:27 msn :)
05:29 hasues joined #salt
05:30 xmj well, it was before a transatlantic flight from frankfurt to ottawa and there was another BSD guy with a decade more experience than I
05:30 xmj wasn't too bad ;-)
05:30 felskrone joined #salt
05:31 hasues left #salt
05:35 sauvin joined #salt
05:50 flowstate joined #salt
05:52 overyander joined #salt
05:52 beardedeagle I just need to get my formatting figured out, but my salt-pepper replacement app is coming along nicely
05:52 antpa joined #salt
05:52 beardedeagle runs just like salt
05:53 beardedeagle nacl 'testhook129*' cmd.run 'ls -al' cwd="/home" shell="/bin/bash"
05:53 beardedeagle and yes, that is NaCl
05:53 teatime beardedeagle: interesting... what does it run over?  ssh?
05:53 beardedeagle it uses salt-api
05:54 beardedeagle basically requests and requests futures
05:54 teatime so what makes it different from salt command?
05:54 teatime (I don't remember what pepper is)
05:54 teatime (I also don't know how salt command talks to master)
05:54 beardedeagle pepper is the cli that saltstack made for consuming the salt-api from your local machine via cli
05:55 beardedeagle mine is the same, written differently lol. Plus I have implemented most of the other salt-* commands as well
05:58 xmj noice
05:58 beardedeagle that was why I asked the yaml vs json question
05:58 beardedeagle right now I just return pretty printed json
05:58 xmj Heh, I get it
05:59 beardedeagle with pygments highlighting
05:59 blast_hardcheese joined #salt
05:59 xmj I'll have to read up on NaCl, I could see it being useful
05:59 beardedeagle @xmj, I knew one of you would lol
05:59 xmj :)
05:59 teatime heh get what?  did I miss a good joke in there?  :)
06:00 xmj teatime: scroll up and look for the "can i talk to your manager?" line :D
06:00 xmj right, will have to read up on nacl later, now first setup a salt-minion and get the salt-env bootstrappable
06:00 antpa joined #salt
06:01 xmj does anyone have a good bootstrap script that sets up a salt-master on a host, via salt-call --local?
06:01 favadi joined #salt
06:01 teatime my boostrap is shamefully just a shell script :(
06:01 teatime but it's small.
06:01 blast_hardcheese What's a safe way to do salt['pillar.get']('key', default=???, merge=True) in a map.jinja with data for ??? coming from two different objects? (one pulled from a different map.jinja, one derived locally)
06:01 beardedeagle @teatime: nacl is the chemical notation for salt
06:02 teatime beardedeagle: oh, yeah I know that.
06:02 teatime beardedeagle: lol my master's hostname is nacl
06:02 xmj wasn't what i meant by "get it' :-D
06:02 xmj lol
06:02 xmj i'll steal that.
06:02 teatime if you had more than one, you could be creative and call them cacl, kcl, etc. etc.
06:03 k_sze[work] joined #salt
06:03 blast_hardcheese I found https://docs.saltstack.com/en/latest/ref/internals/aggregation.html , but it's both internal and (seemingly) not used anywhere in the whole codebase.
06:03 blast_hardcheese It's got tests though, and works the way I want in the repl
06:03 beardedeagle nah, just the one and a massive underlying rest client I wrote
06:03 teatime I always preferred to give my hosts arbitrary names like planets or whatever, but salt targeting has moved me toward a hierarchy based on location etc. :(
06:03 xmj blast_hardcheese: imports into different namespaces
06:03 xmj teatime: location, with IATA codes?
06:04 beardedeagle I also use that rest client library to power my err-bot to communicate with salt from slack, and for my multimaster web ui
06:04 teatime xmj: hehe, no, but I used to use those for network infrastructure names.
06:04 xmj it's quite common in the content pushing industry.
06:04 teatime xmj: more like, saturn.projectname.datacentername.providername.example.com
06:05 xmj that's one way to do it
06:05 teatime I still refuse to base names on roles, but in the age of disposable instances I probably should.
06:05 blast_hardcheese Ah, I misspoke-- it's used in salt/serializers/yamlex.py and nothing else.
06:05 xmj hostclass.iatacode.provider.com? :p
06:05 teatime served me so well to avoid in the past tho :/
06:05 xmj well, anyway
06:06 xmj teatime: i fear i will have to have a shell script as well, to set up the jail the master will be in
06:06 xmj then inside that jail call salt-call --local . . .
06:06 xmj it won't be pretty.
06:07 teatime it bothers me that I duplicate some logic from my states, but it's so little code before the master can begin managing itself that by all rights it's not worth fixing.  probably still will, though.
06:10 mavhq joined #salt
06:11 colttt joined #salt
06:12 xmj that's why i was wondering to use salt-call --local to spin up the master
06:12 xmj "there should be a way"
06:14 babilen I use salt-ssh to deploy an initial, minimal salt setup and then have the master run a highstate against itself.
06:14 babilen (or the new minion + reactor)
06:15 blast_hardcheese I've got a config file that sources saltstack-formulas/salt-formula then have it highstate itself. The config file will be replaced by spm soon
06:15 babilen Yeah, essentially that
06:16 xmj babilen: do you set up the saltmaster on the host, or do you containerize it on that host?
06:16 dyasny joined #salt
06:17 xmj oh interesting
06:17 babilen It is running in an instance dedicated to running the/a salt-master
06:17 babilen (not containerised)
06:18 xmj right, then that makes sense :)
06:18 mavhq joined #salt
06:19 blast_hardcheese Sorry to ask again, but is there any way to access salt.utils from inside jinja?
06:20 teatime blast_hardcheese: yeah, you just say salt.util['whatever'] I think
06:21 colttt joined #salt
06:21 blast_hardcheese oh, thought salt.util.whatever was aliased
06:21 teatime probably is
06:21 xmj actually
06:21 teatime they're basically the same in jinja
06:21 xmj babilen: what's your salt-ssh glue look like, is it public?
06:21 teatime (but slightly different)
06:22 blast_hardcheese Yeah, "Jinja variable 'salt.utils.templates.AliasedLoader object' has no attribute 'utils'"
06:23 blast_hardcheese oh well.
06:24 blast_hardcheese probably bad to reach into utils from jinja anyway, defeats the whole point
06:25 blast_hardcheese but this map file is full of do blocks anyway, so it's probably beyond help
06:25 xmj refactor all the things!
06:27 blast_hardcheese xmj, ...then there's the whole "can do/should do" dilemma
06:27 xmj "get paid to do", too
06:27 blast_hardcheese I think that falls under should, but ymmv
06:28 blast_hardcheese oh damn, found a goodish solution. Tally ho!
06:30 teatime blast_hardcheese: feel free to share :)
06:30 blast_hardcheese teatime, I'm embarrassed ;)
06:31 babilen xmj: It is not, but there isn't much in there. A top.sls that includes a local fork of the salt-formula, a minimal pillar that provides the configuration (essentially other formulas / local repos on the master, master address on the minions)
06:32 xmj nice
06:41 favadi joined #salt
06:47 kshlm joined #salt
06:49 ravenx joined #salt
06:49 freeaks joined #salt
06:49 ravenx anyone know why i'm getting this:;  State bower.bootstrap found in sls <tool> is unavailable
06:50 flowstate joined #salt
06:51 mavhq joined #salt
06:55 kshlm joined #salt
06:57 iggy you don't have some dependency installed
06:58 ravenx ...i thought everything is included when i have salt installed
06:58 iggy no
06:58 ravenx it says the state is not found though
06:58 iggy that would be insance
06:59 iggy to install every dependency for every module/state that salt has
06:59 iggy *insance
06:59 iggy *insane
06:59 iggy slack has made me lazy on spelling/typing too fast
07:00 xmj worse than IRC?
07:00 ravenx hmm, okay well this is still happening even though i went into the virtualbox of my minion: and did "bower install"
07:00 ravenx it ran.  just that the state is causing problems :/
07:00 brianfeister joined #salt
07:00 iggy yeah, because on slack, I can fix it
07:01 xmj the slacks i've used, i made them export the IRC hooks to allow me to connect via irssi.
07:01 xmj muh logfiles :)
07:02 iggy we have the paid version at work... unlimited history and searching
07:02 iggy and a decent phone client (which I have yet to find a decent phone irc client)
07:02 xmj yea but can you grep stuff?
07:03 xmj grep foo network/*.log |less ;)
07:03 iggy effectively
07:03 xmj oh
07:03 xmj noice, does the commercial slack one tie into elk or so?
07:04 favadi joined #salt
07:04 iggy something on the backend... don't know/don't care... it works
07:04 xmj noice
07:04 beardedeagle the search in slack is amazing
07:06 elsmo joined #salt
07:06 llua can you do a pillar lookup on the command line? like salt minion pkg.install pkgs='{{ ... }}'
07:06 iggy llua: what do you mean pillar lookup?
07:07 llua like using {{ pillar['base_packages'] }} in a .sls file
07:08 blast_hardcheese but on the command line?
07:09 llua yes
07:09 blast_hardcheese closest thing I could think would be to write a runner that would wrap it
07:10 iggy state.single?
07:10 iggy nah
07:10 iggy there's not a way to interpolate jinja on the command line
07:10 blast_hardcheese you could abuse state.sls
07:11 blast_hardcheese you could specify some pillar values that trigger lookups to other pillar values
07:11 blast_hardcheese but this is /way/ over in the "could do", nowhere near the "should do"
07:11 llua aye, i get it.
07:11 blast_hardcheese Runner is the better solution
07:13 llua thanks^
07:14 kawa2014 joined #salt
07:15 iggy state.template_str maybe?
07:16 ninjada_ joined #salt
07:17 felskrone joined #salt
07:18 fooma joined #salt
07:19 mavhq joined #salt
07:20 favadi joined #salt
07:21 mavhq joined #salt
07:22 msn i am using the folloing top.sls http://paste.debian.net/424054/ I have a eerie feeling that this is not the right way to do it
07:22 msn or most efficient to be exact
07:23 blast_hardcheese teatime, I was actually planning on showing the solution I had come up with earlier, but I found a yak to shave. Once I was done circumnavigating the yak, I found it was attached to a much larger yak.
07:23 blast_hardcheese so for the time being, https://gist.github.com/blast-hardcheese/ec8612a602f1cfa07f0aa7ec2b954884
07:23 brianfeister joined #salt
07:24 ninjada joined #salt
07:24 blast_hardcheese turns out the jinja |default filter did exactly what I wanted, for the most part. It can be used to do something similar to setdefault, but stomps over None values in the target
07:25 teatime thanks.
07:25 blast_hardcheese (dict(foo=None).setdefault('foo', {}).update(dict(hey='there')) will error, since foo is defined as None
07:26 irctc368 joined #salt
07:26 teatime hrm, it will?
07:26 blast_hardcheese I ended up digging up https://github.com/saltstack/salt/issues/12761 to see if I could write a filter that would enrich plain objects, turning a plain dict into an OrderedDict to get a similar interface to the objects produced by pillar and grain lookups.
07:26 saltstackbot [#12761]title: Allow the definition of custom filters in Jinja | Jinja allows the definition of custom filters [0] to make up for the lack of Python blocks as available in, for example, Mako [1]. Unfortunately it is not possible to register custom filters with salt at the moment which limits template designers to the rather small set of built-in filters....
07:26 teatime also note that jinja has a number of tests like 'is none'
07:26 ivanjaros joined #salt
07:27 blast_hardcheese teatime, yeah, but it would end up with pretty aggressive branching
07:27 blast_hardcheese Definitely would be another way to accomplish this though, you're right.
07:27 ivanjaros i have /srv/salt in git but as I want to work with cloud should I also have /etc/salt in git as well?
07:27 teatime and you do not *have* to use dict(), {} and [] work.  but you can use dict()
07:28 blast_hardcheese teatime, ? {'foo': 'bar'}.foo doesn't work, which is the source of my woes
07:28 blast_hardcheese ivanjaros, Check out what https://github.com/saltstack-formulas/salt-formula does
07:28 ivanjaros ok, thanks
07:29 llua iggy: using template_str does indeed allow me to achieve what i was trying to do, but off putting enough to make me not be lazy.
07:29 blast_hardcheese spoilers: it manages the salt-cloud directories from /srv/salt, setting them up correctly on a salted master
07:29 xmj heh
07:30 favadi joined #salt
07:30 linjan__ joined #salt
07:30 jhauser joined #salt
07:31 msn i am using the folloing top.sls http://paste.debian.net/424054/ I have a eerie feeling that this is not the right or most efficient way, any suggestions what I can be doing better
07:33 mavhq joined #salt
07:34 favadi joined #salt
07:34 blast_hardcheese msn, for starters, you could define grains as identifiers for classes of machines, allowing you to use queries like this: https://docs.saltstack.com/en/latest/topics/targeting/compound.html
07:34 lpl joined #salt
07:34 impi joined #salt
07:34 blast_hardcheese Good instincts though, that looks like it will become unmanageable very quickly
07:35 msn blast_hardcheese: that's what i am doing in host.jinja i use grains['id'] to create a node_type
07:35 msn which then i use everywhere for config
07:35 msn but yes I feel top.sls could be better
07:35 msn its too many if elif
07:39 dmaiocchi joined #salt
07:40 babilen msn: No, this isn't a good idea. First, you can target by id directly: 'search*' would be equivalent to grains['id'].startswith('search')
07:40 msn tried that wasn't working
07:40 babilen Was it drinking g&t on the couch or what happened?
07:41 msn it would go straight to '*' and then nothing
07:41 msn but let me try again
07:41 babilen Paste the corresponding top.sls and some output that exemplifies the "then nothing" behaviour
07:43 msn have to go back to it and check. I changed it quite a lot after that point
07:44 babilen Secondly you can target by "roles" or "host_type" data in either pillars or grains. The annoying thing about grains is that you have to manage them too (which brings you back to "How do I manage my hosts?") and that they are unreliable in that a minion could lie about the grains it has. That way they could gain access to data/states they shouldn't have. The latter might not be a problem.
07:44 babilen I therefore prefer pillars for that.
07:44 dgutu joined #salt
07:45 cyborg-one joined #salt
07:45 babilen That being said: glob targeting by id should take care of 90% of the suboptimal conditionals in your top.sls
07:46 mavhq joined #salt
07:48 babilen msn: Something like http://paste.debian.net/424063/ (haven't tested, please review!)
07:49 msn babilen: that's where I started from :)
07:49 babilen There are redundancies in there (you seem to install mysql on all boxes anyway, so there is no need for line 28/29 and 32)
07:50 msn babilen: actually it is inside mysql i check if the grainid has db in it, if it does it install mysql-server also
07:50 babilen uuugh, don't do that
07:50 favadi joined #salt
07:50 msn create another state
07:51 babilen You could easily target '*db*': - mysql
07:51 martoss joined #salt
07:51 msn but all dbs dont get it, the check isnide mysql is specific 2 dbs get mysql-server and other 2 get mongo
07:51 msn so its actually exact id match
07:52 flowstate joined #salt
07:53 babilen Well, then target it in a suitable way.
07:53 babilen You can easily do 'db11 or db12' with a compound matcher or something more sophisticated.
07:53 remyd1 joined #salt
07:53 remyd1 Hi
07:54 remyd1 Can anyone help me on this state: http://paste.debian.net/424064/
07:54 remyd1 file.managed does not seem to work, contrary to accumulated and blockreplace
07:54 antpa joined #salt
07:54 ronnix joined #salt
07:54 remyd1 the template is not used
07:55 msn k
07:56 blast_hardcheese Take it easy folks
07:56 babilen remyd1: Could you boil that down to a more minimal example? I would also either make the pillar calls inside the template or, if you want that to be as stupid as possible, pass 'netconf' in the context rather than every single datum in it separately.
07:56 babilen Too much parsing overhead for a Tuesday morning with ENOTENOUGHCOFFEE being thrown all around
07:57 msn babilen:   'db11|db12|dev*|': or 'db11 or db12 or dev*'
07:58 remyd1 lol need coffee too
07:59 babilen msn: db11 or db12 or ... would be a compound matcher (matches on ID by default), the latter would be an ID regular expression for which you need E@(db11|db12|dev.*) -- https://docs.saltstack.com/en/latest/topics/targeting/compound.html
07:59 teatime msn: does | work?  I was not aware of that.
08:00 remyd1 babilen: here is the error I get with this state http://paste.debian.net/424067/
08:00 teatime also what babilen said
08:00 babilen msn: You can also use L@(db11,db12,....)
08:00 babilen Without the parantheses
08:00 babilen +speling
08:00 lero joined #salt
08:00 remyd1 I do not know how to make simpler this state
08:01 remyd1 It is not the whole return of the state
08:01 remyd1 the 5 first ID works
08:02 babilen remyd1: What is the actual problem? You say that line 21 to 65 do what you want them to do, so remove them .. You also have comments in there that are a no-op (and so on). Simplify your context dictionary or simply make the pillar call in the template rather than the state.
08:02 babilen Remove all the fluff, paste the resulting *minimal* example and a state.sls/state.highstate run that exemplifies the problematic behaviour and we might be able to spot something
08:03 babilen It might also help if you were to investigate what is actually being rendered with https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.cp.html#salt.modules.cp.get_template
08:03 remyd1 I really need a coffee :) I come back :)
08:04 keimlink joined #salt
08:04 favadi joined #salt
08:05 teatime babilen: aha.. I was looking for that.  I need to make a personal FAQ/cheatsheet.
08:05 josue joined #salt
08:09 irctc368 Hi, Does anyone know why I'm getting so many 'saltutil.find_job' processes? (About 1per second). This didn't happen when salt was run as root user. Now I've set it up to run as non-root user with user: and sudo_user: config settings.
08:10 irctc368 Salt: 2015.2.0rc2 over Solaris 11.2 sparc
08:11 irctc368 any clue would be appreciated
08:12 irctc368 This Solaris machine is the minion. Salt-Master is also 2015.2.0rc2 but over CentOS 6.7
08:15 ronnix joined #salt
08:16 Fabbe joined #salt
08:26 colegatron joined #salt
08:26 scarcry joined #salt
08:26 colegatron left #salt
08:26 remyd1 Great ! It works ! Thx babilen
08:26 remyd1 (I load the pillar from the template directly)
08:27 babilen remyd1: What did you change?
08:27 babilen Ah
08:27 babilen Enjoy :)
08:27 remyd1 but I kept the accumulator in the state
08:27 remyd1 and the blockreplace
08:27 KermitTheFragger joined #salt
08:27 remyd1 and file.managed (but a minimal one)
08:28 remyd1 Ooops I spoke too fast
08:29 remyd1 the template does not replace variable
08:30 om2 joined #salt
08:31 evle joined #salt
08:31 mavhq joined #salt
08:39 elsmo joined #salt
08:41 s_kunk joined #salt
08:41 iceyao joined #salt
08:44 Rumbles joined #salt
08:46 mavhq joined #salt
08:49 JohnnyRun joined #salt
08:52 msn babilen: can a host match 2 conditions at the same time in top.sls?
08:52 flowstate joined #salt
08:52 babilen sure
08:54 babilen Or, to be more precise: You can have multiple target expressions that target states to the same minion. (e.g. '*' matches all minions, while 'foo*' matches all minions whose ID starts with 'foo'. They would therefore have the states targetted in both '*' and 'foo*')
08:54 msn new top.sls http://paste.debian.net/424083/ and output http://paste.debian.net/424092/
08:55 msn the output shows its hitting '*' match but no other
08:56 teatime you're using E (PCRE regex) but those aren't regex patterns
08:57 babilen → 09:59:31         babilen > msn: db11 or db12 or ... would be a compound matcher (matches on ID by default), the latter would be an ID regular expression for which you need E@(db11|db12|dev.*) -- https://docs.saltstack.com/en/latest/topics/targeting/compound.html
08:57 teatime for example E@(web.*|dev.*|qa.*) should be E@^(web\..*|dev\..*|qa\..*)$  or such
08:57 xmj i suggest suffixing the environment after the function
08:57 teatime but I beleive 'web.* or dev.* or qa.*' would work as well
08:57 babilen .* is probably what you want in there
08:57 fooma joined #salt
08:58 xmj so web-dev web-qa etc
08:58 teatime babilen: in whre?
08:58 teatime oh, yeah perhaps that was intended
08:58 babilen E@(search.*|dev.*|qa.*)
08:58 teatime my mistake
08:58 babilen (for example)
08:58 babilen Oh, and quotation marks around it
08:58 teatime this is still invalid though:  E@(search*|dev*|qa*):
08:58 teatime or at least, not what you want
08:59 teatime er, what babilen said I guess
08:59 babilen Oh, and "- match: compound"
08:59 babilen (underneath each)
09:00 teatime babilen: do you know if the regexes are auto-anchored to ^ $ and is not how would you quote those, would it be like 'E@^(web\..*|dev\..*|qa\..*)$' ?
09:00 teatime nm, looks like not auto-anchored
09:00 babilen Worth a try. I'm normally *very* explicit and would include ^ and $
09:01 babilen But I think it .. yeah
09:04 msn new top.sls http://paste.debian.net/424096/
09:04 josuebrunel joined #salt
09:05 fooma_ joined #salt
09:05 teatime msn I would quote them like 'E@^(web.*|admin.*|dev.*|qa.*)$:' but I don't *think* your way is currently invalid.
09:05 teatime might be, though, and easy to change it to become so.
09:06 msn it worked ;) but yes i will quote them just to be safer
09:07 catpig joined #salt
09:11 msn is there a foreach in jinja?
09:11 xmj not sure what you mean
09:11 xmj pythonic for will always do foreach
09:12 msn I have 3 directories in my pillar which have to go through same permissions setup, I want to put it in a loop instead of creating 3 seperate dirs
09:12 babilen msn: fwiw, even though this might make it slightly short, you might not want not want to include the dev.*|qa.* bit everywhere, but have an explicit section fore qa and dev. That way you don't need the compound matchers for media*, search*, db* (and so on) and you can easily make independent decisions for qa, dev and production systems.
09:12 teatime msn: http://jinja.pocoo.org/docs/dev/templates/#for
09:13 xmj msn: http://jinja.pocoo.org/docs/dev/templates/#for
09:13 xmj jinx
09:13 teatime msn: you should be able to do {% for dir in ['/etc', '/var/', '/opt/java'] %}
09:13 babilen msn: I would furthermore recommend to structure your top.sls in such a way that it goes from most generic '*' to most specific.
09:13 remyd1 JFYI babilen, it finally works, with a mix between state and the template. The pillar is load by both.
09:14 msn babilen: the only reason '*' is at the end is when mysql installs it has a empty password, I then use salt to change the password, and the new password is configured in the salt file which is then pushed
09:15 babilen remyd1: Mind elaborating? I'm not sure I'd be happy with pillar access in both as it makes it very hard to maintain, because you can never be sure where data is coming from. That way you'll always have to check *at least* three places in order to figure out why a particular datum is the way it is.
09:16 teatime msn: use requisites to ensure states happen in the right order
09:16 teatime msn: expecting them to always execute in file-order may not be a good idea.
09:17 babilen remyd1: Some people argue that templates should be as dumb as possible and that pillar access shouldn't happen in there (this follows a 'web dev' mindset I guess), while others don't mind writing templates that acquire *all* data they need themselves. I belong to the latter camp as it allows me to understand the data paths that caused a particular template to render by looking only at the template and the pi
09:17 babilen llar.
09:17 mavhq joined #salt
09:18 babilen msn: I use the mysql-formula and simply set the mysql root password in the pillar. It also feels wrong that you target mysql to all minions and then target a slightly different state (mysql-server) *again*.
09:19 babilen msn: https://github.com/saltstack-formulas/mysql-formula/
09:19 JohnnyRun joined #salt
09:20 msn babilen: that I fixed already i broke mysql into mysql-server and mysql-client
09:20 babilen msn: The mysql formula has states for that
09:20 babilen (and quite a bit more)
09:20 remyd1 babilen: I will try to comment/remove some parts in template and the state to check which one is filling correctly the file.
09:21 babilen remyd1: I guess, all I'm saying is: Don't mix these approaches as you will always have to check both whenever you want to figure out why something is the way it is.
09:21 remyd1 k
09:23 LondonAppDev joined #salt
09:30 ravenx if i have a master on one remote server
09:30 ravenx and the minions on another remote server
09:30 ravenx do i have to specify the ports
09:31 ravenx or just the interface (IP) for master
09:31 babilen ip
09:31 ravenx thanks
09:31 babilen (unless you changed ports)
09:31 ravenx what is the port for anyways?
09:32 ravenx cuz i just did the ip (the one facing the internet) and doing "salt-key -L" on my master shows nothing.
09:32 babilen https://en.wikipedia.org/wiki/Port_(computer_networking)
09:32 saltstackbot [WIKIPEDIA] Port (computer networking) | "In computer networking, a port is an endpoint of communication in an operating system. While the term is also used for hardware devices, in software it is a logical construct that identifies a specific process or a type of service.A port is always associated with an IP address of a host and the protocol..."
09:32 eseyman joined #salt
09:32 ravenx no, the port for publisher, i mean.
09:33 babilen Publisher?
09:33 ravenx yup
09:33 babilen Crystal ball says: https://docs.saltstack.com/en/latest/topics/tutorials/firewall.html
09:33 teatime ravenx: imo, you should not expose the master to the internet; if you can, firewall whitelist your minion IPs for access to the master ports, or use a vpn/IPsec or something.
09:33 ravenx https://docs.saltstack.com/en/latest/ref/configuration/master.html#publish-port
09:34 babilen We have salt on an internal network
09:34 lpl joined #salt
09:34 ravenx teatime: so, place my salt master before a firewall, and only allow minion's ip to talk to it
09:34 ravenx teatime: the question though righ tnow is that my saltmaster cannot even see my minion's keys so i cannot accept.  and i am wondering if i need to set publisher ports and open them.
09:35 dgutu joined #salt
09:35 babilen Are they blocked?
09:35 ravenx well i haven't opened the ports just yet
09:35 babilen So: Yes ?
09:35 ravenx but looking at my iptables, the publisher port is blocked.
09:35 ravenx 4505
09:35 babilen Which brings us back to https://docs.saltstack.com/en/latest/topics/tutorials/firewall.html
09:36 babilen Did you read that already?
09:37 teatime ravenx: yes, there are ports on the master that minions need to be able to connect to; read the linked docs.
09:39 ravenx babilen: i have just read it, added the salt.ufw file, ufw allow salt, then uncommented the publisher ports 4505 and 4506 ports in my /etc/salt/master
09:39 ravenx and restarted it
09:39 ravenx also restarted my minions.
09:40 babilen *drumroll*
09:41 babilen You don't have to change the master config if you leave them on their respective default values.
09:41 ravenx ah i see
09:41 ravenx i just thought uncommenting them would help
09:41 ravenx alright, gonna restart the minions
09:41 ravenx and see how this goes.
09:42 ravenx salt-key -L still shows nothing ;/
09:42 Rumbles joined #salt
09:43 babilen Can you telnet to MASTERIP:4505 and MASTERIP:4506 from the minions?
09:44 ravenx yup i can
09:45 babilen Run "salt-key -A" and "salt-minion -ldebug" (after stopping the minion process) and paste the result to one of http://refheap.com, http://paste.debian.net, https://gist.github.com, http://sprunge.us, …
09:46 ravenx run those commands on min or master?
09:46 babilen Oh, and include the output of "iptables-save" on the master.
09:46 babilen "salt-key -A" on the master and you would naturally start a minion process on one of the minions we are debugging
09:49 ravenx i think i will get in shit
09:49 ravenx with my boss if i dumped iptables-save here
09:49 slav0nic joined #salt
09:49 babilen Well, redact information as you see fit. But try not to shadow what is going on.
09:49 ravenx alright
09:50 ravenx so i will give you the output of salt-minion -ldebug first
09:50 babilen Just thought that it might help
09:50 ravenx there is two, one from each minion
09:50 ravenx http://paste.debian.net/424117/   and http://paste.debian.net/424119/
09:51 ravenx as for salt-key -A, i just got:  The key glob '*' does not match any unaccepted keys.
09:51 flowstate joined #salt
09:51 ravenx babilen: also, i am using ufw instead of iptables :/
09:52 babilen That's just a frontend
09:53 babilen "ImportError: No module named concurrent" and "[ERROR   ] Minion failed to start" are a strong hint as to what might be an issue. Which salt version is that, on which OS are you running and how did you install it?
09:53 babilen In fact, paste "salt-minion --versions-report"
09:55 Hydrosine joined #salt
09:55 fooma joined #salt
09:55 ravenx master is ubuntu 12.04
09:55 ravenx minion is....
09:56 ravenx miniosn are also 12.04
09:56 fooma joined #salt
09:56 ravenx i have installed it using repo.saltstack.com
09:56 keimlink joined #salt
09:56 ravenx after en tering my details, i got a link.
09:56 ravenx via the repo instructions
09:56 ravenx on ubuntu 12.04
09:57 ravenx on one of the servers, i cannot even run salt-minion --version-report, as it is complaikning about the concurrent module error
09:58 Hydrosine joined #salt
10:05 ravenx babilen: and here is salt version report http://paste.debian.net/424136/
10:13 Rumbles joined #salt
10:22 babilen ravenx: It might be that their packaging is broken. Focus on one minion and get it to start without issues.
10:22 * babilen is off to lunch
10:23 lpl joined #salt
10:25 antpa joined #salt
10:27 jnials joined #salt
10:50 antpa joined #salt
10:50 fooma joined #salt
10:51 flowstate joined #salt
10:55 amcorreia joined #salt
10:55 Deshke joined #salt
10:55 Deshke Aloha
10:56 _Cyclone_ joined #salt
11:11 traph do mine functions require salt-minion to be installed on the master?
11:14 teatime nafaik
11:15 babilen nope
11:15 babilen But then .. I have a minion on all my masters :-/
11:19 babilen traph: Why do you ask?
11:47 ravenx has anyone ever gotten this:  Insecure logging configuration detected! Sensitive data may be logged.
11:47 ravenx i've been seeing this in my -l debug for salt- minon
11:49 traph babilen, because I have the following salt mine pillar pushed to the minions: http://pastebin.com/0ibsYVqX
11:49 traph the network.interfaces and network.ip_addrs mine functions work
11:50 traph the other ones don't, for some reason
11:50 AndreasLutro the client one is not really valid yaml
11:51 antpa joined #salt
11:53 iceyao joined #salt
11:56 traph AndreasLutro, I've tried it both ways
11:56 traph even if I remove client completely, it wouldn't push host
11:56 ronnix joined #salt
11:57 sk_0 joined #salt
11:57 babilen traph: Could you paste the other definition to one of http://refheap.com, http://paste.debian.net, https://gist.github.com, http://sprunge.us, … ?
11:57 babilen Or show what happens with host if you remove client completely and update the mine.
11:57 babilen (also update pillars and all that)
11:59 AndreasLutro traph: I'd start with checking the minion logs then
12:00 metalseargolid joined #salt
12:01 opdude joined #salt
12:03 traph darn.
12:03 traph I didn't do 'saltutil.refresh_pillar' before 'mine.update' :~|
12:04 traph babilen, thanks for the hint
12:05 traph AndreasLutro, thank you as well
12:08 antpa joined #salt
12:13 whatevsz joined #salt
12:13 ninjada joined #salt
12:14 fooma joined #salt
12:17 barajasfab joined #salt
12:21 ronnix joined #salt
12:22 josue joined #salt
12:23 quasiben joined #salt
12:24 XenophonF hey babilen: a while back you said i should be generating xml in python, as opposed to (ab)using jinja
12:24 XenophonF would you point me in the direction of an example or two?
12:24 babilen I don't have one
12:24 XenophonF i'm beginning to come around to your way of thinking ;)
12:25 XenophonF ah too bad
12:25 XenophonF well, i'll be sure to post what i come up with, then
12:26 babilen It is just that there are plenty of XML libraries in Python that allow you to model a document programmatically and then generate the XML. Depending on the complexity it might turn out to be a lot easier to use a data driven approach to generate the XML you want to write.
12:26 XenophonF at this point i completely agree
12:26 babilen In particular elementtree might be worth a look
12:28 XenophonF i'm reading through https://wiki.python.org/moin/PythonXml and http://lxml.de/
12:28 babilen exactly
12:30 impi joined #salt
12:32 Deshke is there a reason why a "include" is running as first state, even if it is on the last order ?
12:33 Deshke <-- somewhat sick of writing a meta state for everything that builds on top of each other
12:34 AndreasLutro Deshke: if you need to control order, you need to specify requirements
12:36 quix joined #salt
12:38 favadi joined #salt
12:38 mavhq joined #salt
12:40 ravenx can anyone help me with this:  i see  http://ix.io/vze/#n-LINENO  whenever i run 'salt-minion -l debug'
12:40 ravenx salt-minion -l trace*
12:41 ronnix joined #salt
12:44 Deshke problem is that the require is executed before the last state @AndreasLuto
12:45 AndreasLutro don't know what that's supposed to mean
12:45 AndreasLutro a require isn't executed, it's just a list of data
12:46 antpa joined #salt
12:46 dunz0r Is there some option in the master conf to always have output be verbose? Besides making an alias in my bashrc.
12:47 Deshke sec, quick gist
12:47 dunz0r Can't find any in the default config at least
12:48 AndreasLutro dunz0r: https://docs.saltstack.com/en/latest/ref/configuration/master.html#state-verbose
12:48 teatime Deshke: if one state (A) needs to run after another (B), A should require B.  Alternately, B can require_in A.  You can also require entire files now.  https://docs.saltstack.com/en/latest/ref/states/requisites.html
12:48 dunz0r AndreasLutro: That just affects the state-changes though.
12:49 mavhq joined #salt
12:49 AndreasLutro okay... what do you mean by verbose then
12:49 dunz0r AndreasLutro: Like salt -v.
12:49 Deshke https://gist.github.com/Deshke/395e631f53f43d84611d31b48a374612
12:49 dunz0r Tells me the job-id at the start and stuff
12:49 numkem joined #salt
12:50 Deshke to be spezific, i've got a service state, and a monitoring state - it makes no sense to run the monitoring state for a service what not exists
12:51 DammitJim joined #salt
12:51 AndreasLutro Deshke: require: [ sls: foo ] should work, but I never use require sls (bad practice imo) so I'm not sure
12:51 AndreasLutro would have to see the contents of the state file you're including as well to be sure
12:51 mavhq joined #salt
12:52 AndreasLutro dunz0r: haven't seen that option before - don't know if there is
12:52 teatime Deshke: so you want monitoring state to run *after* service state, but only if service state is included in the states to run?
12:53 dunz0r Hmm. Could be useful. Maybe I should write a patch for it... I know /I/ always want verbose output at least
12:53 teatime dunz0r: alias salt="salt -v"
12:53 dunz0r teatime: Yeah, I know, but it would be nice not to have to do that.
12:55 Deshke teatime: only the first part of your sentence, service state should run first, and after that the monitoring state
12:56 ivanjaros joined #salt
12:56 evle1 joined #salt
12:56 Deshke and what i currently do is, write a meta state with a include, where everything is in the correct order
12:57 Erik-P joined #salt
12:58 Erik-P Hi all i need help with pillar and git. looks like all the files are located on /var/cache/salt/master/git_pillar but i get Specified SLS 'XXXX' in environment 'dev' is not available on the salt master
13:00 mpanetta joined #salt
13:01 teatime Deshke: If you want monitoring state to run after service state, monitoring state should require service state.
13:03 favadi joined #salt
13:04 iceyao joined #salt
13:05 subsignal joined #salt
13:08 Ido-K joined #salt
13:09 yuhlw joined #salt
13:09 mavhq joined #salt
13:10 dyasny joined #salt
13:13 subsignal joined #salt
13:13 mpanetta_ joined #salt
13:13 rem5_ joined #salt
13:13 trave_ joined #salt
13:14 mikepea_ joined #salt
13:14 Edgan_ joined #salt
13:15 dayid_ joined #salt
13:16 antonw_ joined #salt
13:16 rubenb_ joined #salt
13:16 rogst_ joined #salt
13:16 akitada_ joined #salt
13:17 elsmo joined #salt
13:17 penguinp1wernz joined #salt
13:17 Xenophon1 joined #salt
13:17 gh34 joined #salt
13:18 elsmo Hey All. I'm getting "IMPORTANT: Do not use md5 hashing algorithm! Please set "hash_type" to SHA256 in Salt Minion config!"  as WARNING logs in my salt minions, however the hash_type is set to its default md5 and hasn't been customised
13:18 elsmo So it looks like salt is warning against a bad default value?
13:18 iceyao joined #salt
13:19 guanopho1ic joined #salt
13:20 whyteaway joined #salt
13:20 evilrob_ joined #salt
13:20 seblu42 joined #salt
13:20 skr0bul joined #salt
13:21 AndreasLutro elsmo: yes, because changing the default of a configuration like that will break backwards compatibility
13:22 elsmo AndreasLutro: ahh I see :)
13:22 elsmo Wow.. lots of people just fell off the net!
13:22 rdas joined #salt
13:24 garphy` joined #salt
13:24 saltstackbot joined #salt
13:24 xenoxaos joined #salt
13:24 berto- joined #salt
13:24 viq_ joined #salt
13:24 Phtes_ joined #salt
13:24 kuromagi^ joined #salt
13:24 quix joined #salt
13:24 josuebrunel joined #salt
13:24 opdude joined #salt
13:24 paydro joined #salt
13:24 ujjain joined #salt
13:24 edrocks joined #salt
13:24 SpX joined #salt
13:24 pjs joined #salt
13:24 terratoma joined #salt
13:24 dh joined #salt
13:24 mihait joined #salt
13:24 davidbanham joined #salt
13:24 gtaylor joined #salt
13:24 clouddale joined #salt
13:24 mephx joined #salt
13:24 jwinters joined #salt
13:24 CustosLimen joined #salt
13:24 moy joined #salt
13:24 bmcorser joined #salt
13:24 hexa- joined #salt
13:24 lz-dylan_ joined #salt
13:24 vaelen joined #salt
13:24 esharpmajor joined #salt
13:24 APLU joined #salt
13:24 Phtes_ joined #salt
13:24 josuebrunel joined #salt
13:25 cwyse joined #salt
13:25 al joined #salt
13:25 impi joined #salt
13:27 MadHatter42 joined #salt
13:27 akhter_1 joined #salt
13:27 analogby1 joined #salt
13:28 berserk joined #salt
13:28 dmaiocchi joined #salt
13:28 gchao joined #salt
13:28 berserk joined #salt
13:29 ktosiek joined #salt
13:29 deus_ex joined #salt
13:29 evle1 joined #salt
13:30 dyasny joined #salt
13:31 ravenx can anyone help me with my strange salt minion problem?
13:32 debian112 what's the problem?
13:32 M-liberdiko joined #salt
13:33 ravenx can anyone help me with this:  i see  http://ix.io/vze/#n-LINENO  whenever i run 'salt-minion -l debug'
13:33 ravenx debian112: i seem to not be able to start salt-minion on ubuntu 12.
13:34 debian112 what is the output?
13:34 ravenx the output is in that url i sent
13:34 ravenx the ix.io
13:35 debian112 did you install from: https://repo.saltstack.com/#ubuntu
13:35 debian112 ?
13:35 ravenx yup, for sure
13:35 ravenx however, for my minion machine
13:35 ravenx i onyl installed salt-minion
13:35 ravenx and salt-common
13:36 debian112 what version?
13:36 Erik-P need help with pillar on git https://gist.github.com/erikpar/2eb78483ce8c3ab91b5da60302affa4c
13:36 AbyssOne joined #salt
13:37 ravenx debian112: i'm using 8.8,major version
13:37 ravenx on ubuntu 12.04
13:37 debian112 2015.8?
13:38 ravenx yup
13:38 ravenx 2015.8.8+ds-2
13:39 debian112 Anyone know where I can find older versions of salt-minions for Centos?
13:39 favadi joined #salt
13:39 flowstate joined #salt
13:40 debian112 ravenex: oh I see, I'm still running: 2014.1.10 and 2014.7.1
13:40 ravenx should i be using those version
13:40 ravenx how do you get the older versions?
13:41 debian112 good question...
13:42 tpaul joined #salt
13:44 Erik-P is there a pillar command like this "salt-run fileserver.file_list saltenv=dev backend=git"
13:48 nZac joined #salt
13:50 systeem joined #salt
13:50 flowstate joined #salt
13:51 nZac joined #salt
13:53 _JZ_ joined #salt
13:54 Tyrm joined #salt
13:57 akhter joined #salt
13:57 kaptk2 joined #salt
13:57 mavhq joined #salt
13:58 jerredbell joined #salt
14:00 edrocks joined #salt
14:01 hasues joined #salt
14:01 hasues left #salt
14:04 paydro joined #salt
14:07 zmalone joined #salt
14:07 zmalone left #salt
14:08 Rumbles joined #salt
14:09 antpa joined #salt
14:12 Kelsar who does the minion decide on a hostname sent to the master on 1st contact?
14:12 josue joined #salt
14:13 gtmanfred it is the servers hostname
14:13 Kelsar gtmanfred: hostname gives the correct one, while salt-minion uses arpa reverse ip notation
14:14 favadi joined #salt
14:16 favadi joined #salt
14:16 Kelsar minion_id was initially generated with the wrong one, got it
14:17 mavhq joined #salt
14:18 AndreasLutro just write to /etc/salt/minion_id to make sure it's always what you want it to be
14:19 antpa joined #salt
14:20 zither joined #salt
14:21 teryx510 joined #salt
14:21 AndreasLutro anyone know if it's possible to use salt.client.LocalClient without having the salt logger register itself to handle uncaught exceptions?
14:23 hightekvagabond joined #salt
14:25 aharvey joined #salt
14:31 akhter joined #salt
14:33 ninjada joined #salt
14:37 akhter joined #salt
14:38 zither joined #salt
14:41 spuder joined #salt
14:41 mavhq joined #salt
14:45 zither greetings
14:45 antpa joined #salt
14:47 antpa joined #salt
14:52 akhter joined #salt
14:55 zither I trying to delelte a registry value on a win 7 box, but the minion raising KeyError: 'reg.delete_value'. Minion version is 2015.5.6. Relevant sls chunk can be found on http://pastebin.com/hTa2tjcZ . I think the sls is correct, but I not found any example on the net, so I can not be sure. Can somebody peek in to the sls (to see it is  wrong or not), or give me some working example?
14:56 ten joined #salt
14:57 drawsmcgraw zither: I don't think there's a function called "delete_value"
14:57 drawsmcgraw You may want "reg.absent" ?
14:57 drawsmcgraw https://docs.saltstack.com/en/latest/ref/states/all/salt.states.reg.html#module-salt.states.reg
14:57 drawsmcgraw or "reg.key_absent"
15:00 zither Ohh, I (again) swapped salt,modules and salt.states. Thanks
15:04 fooma joined #salt
15:05 beardedeagle joined #salt
15:05 antpa joined #salt
15:07 hackel joined #salt
15:07 paydro joined #salt
15:10 mavhq joined #salt
15:11 berserk joined #salt
15:12 spuder joined #salt
15:12 wendall911 joined #salt
15:13 hacfi joined #salt
15:14 khorben joined #salt
15:16 fredvd joined #salt
15:19 CampusD joined #salt
15:20 antpa joined #salt
15:24 ekristen joined #salt
15:24 favadi joined #salt
15:26 cyborg-one joined #salt
15:32 ageorgop joined #salt
15:33 whatevsz joined #salt
15:34 space-lord-fett joined #salt
15:35 murrdoc joined #salt
15:35 akhter joined #salt
15:35 murrdoc [WARNING ] [salt.fileclient] - Data transport is broken, got: {'hsum': 'c9348a250a27a0ac551e53aac55c4ab4180b7c91a9a3c106432923122f7d1d9c', 'hash_type': 'sha256'}, type: <type 'dict'>, exception: 'data', attempt 1 of 3
15:35 murrdoc thoughts ?
15:35 murrdoc `Data transport is broken, `
15:36 antpa joined #salt
15:38 flowstate joined #salt
15:40 morissette joined #salt
15:43 josuebrunel joined #salt
15:43 Thiggy joined #salt
15:44 murrdoc does anyone know if we can turn off stuff
15:45 murrdoc like say we dont expect to use engines, mine, beacons so on
15:45 Thiggy There are some permissions issues on the salt package repo: http://repo.saltstack.com/apt/ubuntu/12.04/amd64/archive/2015.5.6/SALTSTACK-GPG-KEY.pub
15:46 Thiggy That URL returns a 403 Forbidden.
15:48 murrdoc http://repo.saltstack.com/apt/ubuntu/ubuntu12/latest/SALTSTACK-GPG-KEY.pub
15:54 akhter joined #salt
15:54 edrocks joined #salt
15:56 flowstate joined #salt
15:56 berserk joined #salt
15:59 rm_jorge joined #salt
15:59 aharvey joined #salt
16:01 antpa joined #salt
16:04 onlyanegg joined #salt
16:04 flowstate joined #salt
16:04 mavhq joined #salt
16:05 jfindlay Thiggy: fixed
16:05 Thiggy Thank you sir.
16:05 jfindlay Thiggy: thanks for reporting
16:07 flowstate joined #salt
16:09 Rumbles joined #salt
16:12 fooma joined #salt
16:12 ronnix joined #salt
16:13 teatime joined #salt
16:18 akhter joined #salt
16:22 minesskyline joined #salt
16:22 overyander joined #salt
16:24 Brew joined #salt
16:25 DammitJim joined #salt
16:26 Muchoz joined #salt
16:27 punkoivan joined #salt
16:28 amcorreia joined #salt
16:28 linjan__ joined #salt
16:30 om2 joined #salt
16:30 fannet joined #salt
16:31 antpa joined #salt
16:31 fannet hey everyone - my cloud provider outputs a bunch of environment specific information following a successful salt-cloud deployment. How can I use these arguments either in  a reactor or as grains later on?
16:33 flowstate joined #salt
16:33 akhter joined #salt
16:33 drawsmcgraw fannet: I might be making it up but I believe that information is published to he event bus.
16:34 drawsmcgraw So it would be a matter of finding the event tag(s), then pulling the information out of it in your Reactor
16:35 murrdoc joined #salt
16:35 fannet ok how can I spy on the events
16:35 iggy which provider?
16:35 mavhq joined #salt
16:35 iggy most of them offer all that same info elsewhere
16:36 flowstate joined #salt
16:36 whitenoise joined #salt
16:37 whitenoise hey guys, i have a question about running a cmd.script onlyif file.exists
16:37 fannet I'm using the vultr provider
16:37 mavhq joined #salt
16:37 fannet it returns a private IP address assigned to an internal interface but the provider does not create the interface in their OS image so I need to take the address they provide and create the interface myself
16:38 iggy fannet: you're in luck!
16:38 fannet :)
16:38 iggy https://github.com/saltstack/salt-contrib/pull/158
16:38 saltstackbot [#158]title: Add vultr metadata service grain | This grain queries the metadata service provided by Vultr....
16:39 whitenoise here is a pastebin of the block: http://pastebin.com/frb71mu9
16:39 fannet ahahah I was literally thinking about doing that iggy
16:39 whitenoise i get     Comment: onlyif execution failed
16:40 fannet sweet I"m gonna test this now
16:41 iggy whitenoise: onlyif should be bash... not salt internal stuff
16:41 whyteaway whitenoise: onlyif is exacuted in shell. it isn't salt commands
16:41 favadi joined #salt
16:41 garphy joined #salt
16:41 iggy `- onlyif: test -f /var/lib/openvas/plugins/portscan-tcp-simple.nasl` something like that
16:42 whitenoise iggy: whyteaway: oh, thanks. I saw an example online that did that, so I just copied it. I'm new to Salt
16:42 whitenoise that makes sense
16:42 iggy where did you see that?
16:42 iggy because we should have that fied
16:42 iggy *fixed
16:42 whitenoise https://groups.google.com/forum/#!topic/salt-users/Qk8Gbo6KBKM
16:43 whitenoise one of the ones by Markus
16:43 whitenoise or I could just be misreading what he's saying
16:45 impi joined #salt
16:46 brianfeister joined #salt
16:46 whyteaway whitenoise: yeap misinterpitation. it looks like he is complaining that it doesn't work right. [unless failing because file.exists isn't a shell command]
16:46 akhter joined #salt
16:47 iggy he want's to write his unless's to be cross platform or something
16:47 mavhq joined #salt
16:48 antpa joined #salt
16:48 iggy which he fails to realize that given that, the rest of his statement is wrong (because it uses a unix style path... which is not x-platform)
16:48 UtahDave joined #salt
16:49 onlyanegg joined #salt
16:50 BradThurber joined #salt
16:50 flowstate joined #salt
16:51 akhter_1 joined #salt
16:52 fannet iggy how can I refresh the pillars on a minion
16:52 fannet sorry grains
16:52 Muchoz joined #salt
16:54 iggy saltutil.refresh_grains
16:55 fannet iggy if I use this as a custom grain then it doesn't become available until after the first high state correct?
16:56 fannet Do I need to force it into a system grain in order to be available on the first highstate
16:56 SirLagz joined #salt
16:56 whyteaway saltutil.sync_grains
16:56 antpa joined #salt
16:57 ageorgop joined #salt
16:58 mavhq joined #salt
17:02 grumm_servire joined #salt
17:03 spuder joined #salt
17:05 mavhq joined #salt
17:06 tkharju joined #salt
17:09 cberndt joined #salt
17:10 JohnnyRun joined #salt
17:10 flowstate joined #salt
17:12 hightekvagabond joined #salt
17:14 mavhq joined #salt
17:16 mapu joined #salt
17:18 sagerdearia joined #salt
17:19 kevinqui1nyo i changed the hostname and minion_id of a bunch of servers, and now I'm having authentication / cache public key issues, what's the procedure for correcting this?
17:19 flowstate joined #salt
17:21 fooma joined #salt
17:23 fannet did you delete the keys of the old hostnames on the master
17:23 UtahDave kevinqui1nyo: the master keeps the minions' pub keys in   /etc/salt/pki/master/minions/<minion id>     If you change the minion's ids, then you have to rename those files to match the new ids
17:24 UtahDave or delete the keys like fannet said and then reaccept the minions keys again after the minions attempt to auth again
17:24 kevinqui1nyo i tried that first
17:25 Whytewolf I always delete keys on the master when i change minion id. then reimport. just seems cleaner
17:25 fannet salt-key -d 'minion name'
17:26 kevinqui1nyo they are in /etc/salt/pki/minions_pre/ and if i delete them they are immediately recreated (from cache?  or from the remote minions?)  the files that are created still have the old hostname
17:26 Whytewolf what fannet said. I actually use -d and delete the minion. then restart it to readd it.
17:26 UtahDave kevinqui1nyo: they show up in   minions_pre directory when the minions first attempt to connect to the master and before you've accepted the keys
17:27 sjorge joined #salt
17:27 sjorge joined #salt
17:27 aharvey joined #salt
17:27 kevinqui1nyo what i've done:  1)  salt-key -d '*' 3) service salt-minion restart (on each minion) 2) rm -f /etc/salt/pki/minions_pre/*
17:28 kevinqui1nyo what am i missing
17:28 antpa joined #salt
17:28 kevinqui1nyo do i need to delete the public and private key on the minion as well?
17:28 Whytewolf why did you delete the keys in /etc/salt/pki/minions_pre AFTER you delete the keys with -d?
17:28 Whytewolf and restarted the minions?
17:29 kevinqui1nyo because the minions were still complaining in their logs that the master has "cached the minion public key'
17:30 Whytewolf salt-key -L
17:31 Whytewolf and see if the minions are showing up
17:31 truescot joined #salt
17:31 kevinqui1nyo it does not show the new hostnames
17:31 lero joined #salt
17:31 Whytewolf does it show the old ones?
17:31 kevinqui1nyo one of them for some reason
17:31 kevinqui1nyo the rest it doesnt show
17:31 UtahDave kevinqui1nyo: the minions will still use the old minion ids unless you delete the  /etc/salt/minion_id  file on the minions and restart the salt-minion daemon
17:32 kevinqui1nyo i edited the /etc/salt/minion_id manually
17:32 kevinqui1nyo to set it the same as the hostname, then restarted the minion
17:32 kevinqui1nyo that was my process for changing the hostname / minion_idsf
17:32 Fiber^ joined #salt
17:32 Whytewolf did you check in /etc/salt/master and make sure id: isn't set in there?
17:33 Whytewolf err. /etc/salt/minion
17:33 UtahDave OK,  try running   salt-key -D   again to delete all the keys
17:33 kevinqui1nyo done
17:33 punkoivan left #salt
17:35 UtahDave ok, the minions should attempt to reconnect after a short while and show up under   salt-key -L
17:35 kevinqui1nyo is there a way to expedite that 'short while'?
17:35 kevinqui1nyo [CRITICAL][17267] The Salt Master has rejected this minion's public key!
17:35 kevinqui1nyo To repair this issue, delete the public key for this minion on the Salt Master and restart this minion.
17:35 kevinqui1nyo Or restart the Salt Master in open mode to clean out the keys. The Salt Minion will now exit.
17:36 UtahDave kevinqui1nyo: Is it possible that minion is pointing at a different master?  Did that error happen AFTER you ran     salt-key -D    ?
17:36 * robawt highfives UtahDave
17:37 kevinqui1nyo doesnt make sense because if i grep recursively for a unique string from that minion's public key in the salt-master's /etc/salt/pki directory it doesnt show up
17:38 snc joined #salt
17:38 kevinqui1nyo UtahDave: hmm, sorry yes somehow this one is pointing elsewhere
17:38 UtahDave robawt: hey!
17:39 kevinqui1nyo ok let me clean up my mess and get back if i still have issues
17:39 kevinqui1nyo thank you
17:39 UtahDave kevinqui1nyo: ah, good.  I was starting to question my sanity.  :)
17:39 UtahDave kevinqui1nyo: you're welcome
17:39 dmaiocchi joined #salt
17:40 Muchoz joined #salt
17:41 writtenoff joined #salt
17:41 AndreasLutro what is this nonsense? salt gets rc packages for windows and mac but not linux? :)
17:41 akhter joined #salt
17:41 AndreasLutro correction: :(
17:41 aharvey joined #salt
17:41 elsmo joined #salt
17:45 UtahDave AndreasLutro: I'm pretty sure there are rc packages for linux. They were released first.  Windows and Mac came a day later
17:46 s_kunk joined #salt
17:48 iggy "packages"
17:48 sagerdearia joined #salt
17:49 AndreasLutro a source code tarball does not count
17:52 BradThurber_ joined #salt
17:53 sjorge joined #salt
17:54 quix joined #salt
17:55 ajw0100 joined #salt
17:56 UtahDave oops.  You're right.  I thought there were.
17:59 hackel joined #salt
18:00 flowstate joined #salt
18:01 brianvdawson joined #salt
18:01 onlyanegg joined #salt
18:02 space-lord-fett joined #salt
18:13 onlyanegg joined #salt
18:13 mavhq joined #salt
18:15 Thiggy joined #salt
18:16 baweaver joined #salt
18:17 subsignal joined #salt
18:17 quasiben joined #salt
18:19 dyasny joined #salt
18:22 akhter joined #salt
18:24 flowstate joined #salt
18:27 RedundancyD joined #salt
18:29 aharvey joined #salt
18:31 mrbobbytables left #salt
18:31 akhter_1 joined #salt
18:32 fannet can someone help me figure out why jenkins is breaking here https://github.com/saltstack/salt/pull/32362
18:32 saltstackbot [#32362]title: Support Private Networking and Hostnames | What does this PR do?...
18:34 Netwizard joined #salt
18:37 iggy http://166.78.178.63:8080/job/PR/job/salt-pr-linode-ubuntu14-n/524/console
18:37 iggy looks like it failed to check out your repo
18:37 iggy or whoever's repo
18:40 fannet eh. do I need to give something permissions
18:40 snc joined #salt
18:41 fannet its a public repo
18:43 snc joined #salt
18:44 akhter joined #salt
18:48 amcorreia joined #salt
18:51 ry joined #salt
18:53 tercenya joined #salt
18:54 akhter joined #salt
18:55 onlyanegg joined #salt
18:57 hasues joined #salt
18:59 UtahDave fannet: the clone fails because it depends on bower installing correctly. for some reason bower install failed.
18:59 fannet sweet
18:59 hasues left #salt
18:59 fannet how to fix?
19:01 murrdoc joined #salt
19:02 UtahDave Hm. I'm not sure.  since it passed on the other OSes I wonder if it was just a temporary problem with npm.  We should probably run the tests again.
19:04 txmoose_ joined #salt
19:04 SheetiS joined #salt
19:12 patarr joined #salt
19:12 ronp_usa joined #salt
19:15 andrew_v joined #salt
19:15 ajw0100 joined #salt
19:16 linovia Is there a way I can make a state depends on a "file" state (i.e. depends on the full nginx.sls, not just a single state of the file) ?
19:17 linovia or what's the good practice for such problems ?
19:17 JohnnyRun joined #salt
19:17 babilen linovia: - require: - sls: name_of_sls
19:17 dmaiocchi joined #salt
19:17 babilen But it is quite unlikely that that's actually the case
19:18 linovia well, in that case, it'll install the package, add a few configuration and activate the firewall. vhosts entries are part of another file
19:19 hightekvagabond is there a standard way to do casscading salt masters…. as in a situation where one salt minion is actually the master to a another group of machines?
19:19 babilen You can add vhosts entries as soon as the configutation files are there. A requirement on the state that installs the package should be enough in this case. You probably also want to listen_in/watch_in the corresponding service
19:20 babilen hightekvagabond: https://docs.saltstack.com/en/latest/topics/topology/syndic.html
19:21 hightekvagabond I've been calling them henchmen in my head, I guess syndic is more accurate but mine is more fun :P
19:21 quasiben joined #salt
19:21 xmj you have henchmen in your head?
19:22 hightekvagabond yeah, well, my mental evil genius needs something to order around
19:22 ivanjaros can someone give me like three points from personal experience on why salt > ansible? I'm trying both(for google cloud) and am still undecided.
19:22 babilen hightekvagabond: Are your henchman enjoying a syndic shindig now?
19:23 hightekvagabond they weren't until you suggested it :P
19:23 babilen ivanjaros: Reactors, Salt Mine, Extensibility
19:23 ivanjaros babilen: yeah, I like reactors and beacons :)
19:24 babilen ivanjaros: And "salt > ansible" really doesn't matter. Both might be a great solution for your particular usecase and I would strongly recommend to implement something reasonably complex that covers typical usecases in both.
19:25 babilen I've done that about two years ago and I haven't had much experience with Ansible in the interim, but my understanding is that reactive infrastructure is hard to get working with it.
19:26 ivanjaros babilen: yeah, my view currently is that ansible feels "static"
19:26 ivanjaros though very easy to do for beginners
19:27 babilen Bunch of my, more OP minded colleagues, strongly prefer Ansible because "no minion" and I am feeding them little nibbles of salt-ssh now. They are rather after "SSH or cluster SSH on speed" than "Set of minions that connect to a master and data flowing back and forth potentially triggerin things"
19:28 Tyrm joined #salt
19:28 Tyrm_ joined #salt
19:28 babilen Another thing I like about salt is that it is rather easy to extend it. Be it by plugging in external pillars (You have a database with information you want to use? There's a pillar for that! Oh, there isn't one already, easy to write one!), custom grains, beacons, states or execution modules.
19:29 ivanjaros hm, im not there yet but in the future it could be really helpful
19:29 babilen One thing I don't like is that you can never trust point releases and that things still change a bit too drastically and sometimes break. But they got a lot better and I haven't had any major headaches.
19:30 ivanjaros yeah, i have some headaches few days ago with versioning already :D
19:30 ivanjaros *had
19:30 babilen If you have the need to also do NetDev you might want to use Ansible as it has been adopted by a lot of network people and there's simply more code, examples and whatnot out there. Salt is gaining modules, states and functionality in that domain (e.g. JunOS, napalm, ...), but my impression was that it is lagging behind.
19:31 babilen But then there might be better ways to do software-defined networking to begin with.
19:31 ivanjaros my use case is Saas web app so nothing complicated really
19:31 fannet anyone able to tell me why this salt mine state file wouldn't work (priv_ip)   http://pastebin.com/bx1AEfSK
19:31 josue joined #salt
19:32 mapu joined #salt
19:32 ivanjaros babilen: ok, thanks for the input.
19:32 babilen My impression is that you won't regret either choice, but that there might be a day where Ansible stands in your way in that you simply can't push it further, whereas it would be quite an organic additional in Saltstack land.
19:32 babilen I didn't regret salt and am still only using maybe 40% (if that!) of its functionality after two years.
19:33 ivanjaros :)
19:33 babilen Salt mine is another great example. So handy. But then, reactors and beacons are simply amazing and far from being used to their full potential.
19:34 teatime babilen: I have trust issues.
19:34 babilen --verbose
19:34 teatime no, not issues with my trust db :)
19:34 babilen Hmm, ansible channel is twice as large as the salt channel these days
19:34 babilen teatime: I meant: Please elaborate
19:35 teatime I would find it difficult to rely on / be confident in reactors/etc.
19:35 babilen Sure, you don't want to do completely crazy things, but they are really quite nice.
19:35 teatime currently, when one of my minions restarts, the first job hangs forever
19:35 teatime so I do:  restart minion, test.ping minion, ^c that
19:35 teatime and then it's fine
19:35 babilen One area that prevents people from using them to their full potential is that it is a bit tricky to monitor them and their behaviour
19:36 teatime that kind of strangeness, and my zero understanding of zmq, makes me not want to use advanced / event-driven stuff that is actually important
19:36 teatime or like, when I discovered that ext_pillar throwing an exception is basically ignored (and the states will still run but w/o the pillar data)
19:36 linjan__ joined #salt
19:37 babilen Yeah .. that's a tricky problem
19:37 punkoivan joined #salt
19:37 TheLoeki joined #salt
19:37 teatime is it?  we could cache pillar data.  or bubble up an ext_pillar exception so that the state fails.  at least as an option, or a default.
19:38 fannet anyone have any ideas on that salt mine issue above
19:38 lero joined #salt
19:39 babilen yeah, that would be possible. I was thinking of being unable to decide if {} has been passed intentionally or unintentionally. Exceptions in external pillars should, IMHO, have the same effect as syntax errors in "standard" pillars, namely throw an error.
19:39 beardedeagle @teatime: I have had hanging jobs with reactors as well
19:39 * babilen begrudingly opens fannet's pastebin.com link
19:40 teatime fannet: I would look but I'm stuck at a text console right now w/o gpm
19:40 antpa joined #salt
19:40 teatime and I'm too lazy to type it :)
19:40 antpa joined #salt
19:40 babilen fannet: First: I'd recomemnd to pass a suitable cidr to network.ip_addrs rather than hardcoding an interface (unless you *really* care about the interface)
19:40 babilen fannet: What's the issue with your vultr mine function?
19:41 akhter joined #salt
19:42 txmoose joined #salt
19:44 linovia mmm, salt complains that "state.highstate" is running but last one has already returned
19:45 linovia I can remove that even if I restart master and minion :(
19:45 linovia saltutil.is_running tells me there isn't any job running
19:45 ageorgop joined #salt
19:45 linovia I'm a bit lost there
19:46 fannet @babilen I call salt '*' mine.get 'roles:test' priv_ip   and get a blank response
19:46 babilen fannet: make sure that you update the pillar and run mine.update
19:46 babilen bbl
19:46 fannet and yes I'm married to the interface unfortunately
19:46 fannet Ya I did
19:47 fannet sudo salt-call config.get mine_functions   on the minion shows the functions
19:47 onlyanegg joined #salt
19:48 antpa joined #salt
19:49 baweaver joined #salt
19:49 teatime fannet: does the vultr.local-ipv4 grain work?
19:52 mavhq joined #salt
19:52 babilen fannet: Are you? Normally you care about addresses in networks, not on interfaces
19:52 teatime fannet: i.e., `sudo salt 'minionid' grains.get 'vultr:ip-v4'`
19:53 teatime fannet: and if so, perhaps your mine function needs 'vultr:ip-v4' instead of vultr.ip-v4 ?
19:54 teatime babilen: if he's using vultr, assigned addrs can be in random netblocks.
19:55 teatime unfortunately.  but you can generally rely on the device names and dhcp behaving.
19:55 fannet yep
19:55 fannet I also tried this basic example
19:56 fannet http://pastebin.com/b9EpFggp
19:57 fannet also get no response
19:58 fannet but the minion config.get shows it registered
19:58 fooma joined #salt
19:59 aharvey joined #salt
19:59 teatime you also have to do something to make the mine collection phase run
19:59 baweaver joined #salt
20:00 teatime (or wait mine_interval)
20:00 teatime maybe mine.update
20:00 fannet ya I run mine.update
20:01 akhter joined #salt
20:01 fannet wow
20:01 fannet I had to restart the salt minion
20:01 fannet then it worked =(
20:01 fannet how very painful
20:02 antpa joined #salt
20:03 teatime eh, I think that's just because it does the mine collection at startup and then every mine_interval thereafter
20:03 teatime mine.update is probably not the right thing to kick it off?
20:03 ageorgop joined #salt
20:03 fannet i guess not
20:04 teatime you don't typically need to restart minion to begin collecting newly configured mine functions
20:04 hightekvagabond joined #salt
20:05 fannet I'm changing my map file to set the mine_interval on these minions to 1 minute for testing to make my life less painful
20:06 teatime there's a module you can call to do it manually, I promise.  I can just never remember what it is.
20:07 fannet lol
20:07 fannet mine.punch?
20:07 gtmanfred falcon.punch
20:08 Trauma joined #salt
20:08 hightekvagabond joined #salt
20:11 babilen fannet: That shouldn't be necessary if you provide it via pillars
20:11 teatime mine.update sounds like the right thing
20:13 jhauser joined #salt
20:13 hightekvagabond joined #salt
20:20 antpa joined #salt
20:22 teatime sounds like the proper incantation might be:  salt 'minionid' saltutil.refresh_pillar  …  salt '*' config.get mine_functions
20:22 teatime er, sorry, 1 sec
20:22 antpa joined #salt
20:23 teatime sounds like it might currently be :  `salt 'minionid' saltutil.refresh_pillar`  …  `salt 'minionid' mine.update`,  possibly with a saltutil.sync_all in between.
20:23 keimlink joined #salt
20:24 teatime there's an open issue to make it more friendly (like auto-run the mine collection if mine data has changed.)
20:29 teatime yeah... lots of reports, followed by 'refresh_pillar then mine.update made it work.'
20:31 onlyanegg joined #salt
20:33 antpa joined #salt
20:37 ninjada joined #salt
20:38 babilen Sure, if it is not in the pillar data it won't be executed
20:41 lpl joined #salt
20:43 antpa joined #salt
20:45 dezertol joined #salt
20:45 lero joined #salt
20:46 ajw0100 joined #salt
20:47 lero joined #salt
20:49 babilen One definitely doesn't have to restart the minion
20:53 linovia does file.managed upload a new file when the source changes ?
20:55 gtmanfred it does
20:55 gtmanfred it does a checksum on the file in cache iirc to see if it needs to transfer a new file
20:56 babilen (not automatically, you have to run the state)
20:56 gtmanfred ^^
20:57 linovia well, I probably have an issue with locating my local file
20:59 dmaiocchi joined #salt
21:00 babilen Which problem are you actually trying to solve?
21:01 teatime babilen: specifically, that sync_all isn't sufficient, refresh_pillar specifically is needed
21:01 linovia I'm trying to upload a configuration file. I do have a couple of others working, dunno why this one comes empty
21:01 teatime babilen: unless it's fixed already
21:02 om2 joined #salt
21:02 teatime babilen: and indeed, it seems that merely having the mine.functions visible in pillar data still isn't enough
21:02 teatime babilen: until you refresh_pillar+mine_update, or wait mine_interval
21:03 teatime or restart minion, which also fires off a mine collection (or whatever the term is for it)
21:03 antpa joined #salt
21:04 aharvey joined #salt
21:04 onlyanegg joined #salt
21:04 aharvey joined #salt
21:05 bluenemo joined #salt
21:05 bluenemo hi guys. I'm getting "UnicodeDecodeError: 'ascii' codec can't decode byte 0xc3 in position 64: ordinal not in range(128)" when using german umlauts like öäüß in pillar data. Can I teach that to salt somehow?
21:05 Rumbles joined #salt
21:11 gtmanfred umm, so that is one of the problems with python 2.7 iirc, stuff not being correctly defined as strings or unicode
21:11 jgelens joined #salt
21:11 gtmanfred i am not sure if you can solve it, but make sure you have your local set correctly on the minion
21:11 gtmanfred it should work better in python3, which we are getting closer to being done with
21:12 bluenemo maybe pillar:    foo: u'äöüß' ?
21:12 gtmanfred thatch just did the zeromq stuff today it looks like
21:12 jfindlay bluenemo, gtmanfred: there is `salt.utils.locales.sdecode` for this purpose
21:12 gtmanfred ahh neat
21:12 bluenemo ah interesting, thank you jfindlay
21:12 jfindlay it is likely that that needs to be fixed somewhere in the pillar handling code
21:12 mavhq Unicode is the reason python 3 was created
21:13 jfindlay mavhq: :-)
21:13 gtmanfred yar
21:14 gtmanfred https://github.com/saltstack/salt/pull/32366
21:14 saltstackbot [#32366]title: Zeromq transport python3 | ### What does this PR do?...
21:15 sxar joined #salt
21:17 Rumbles joined #salt
21:17 sxar__ joined #salt
21:18 edrocks joined #salt
21:18 sxar_ joined #salt
21:21 ageorgop joined #salt
21:21 JamieH joined #salt
21:21 lkannan joined #salt
21:21 truescot joined #salt
21:22 antpa joined #salt
21:23 twodayslate joined #salt
21:26 truescot Hi, I was hoping someone could help me out,  I have been struggling with getting a jinja template to work in my environment.  I started off with a config file with some jinja variables in it which didnt work so pared it all back to the simplest configuration that i could but still no luck, I have tried restarting minion and master, re-installing the minion and everything else that i can think of , i am using 2015.8.3 on both the mas
21:26 sxar joined #salt
21:26 truescot and you can see the config and an output of the logs here http://pastebin.com/5Hks5gKg
21:26 ZiLi0n joined #salt
21:27 truescot is there any known problems that might cause a machine to not process the jinja template?
21:28 ZiLi0n Hello everyone, I am looking for a way to preseed the keys in the minion, so that there is no need of accept the fringerprint at the master. Any recommendation to do that? I have seen that it can be done though netapi but couldn't find much info about it
21:30 sjmh joined #salt
21:31 gtmanfred ZiLi0n: are you using cloud servers?
21:31 gtmanfred best is to just use cloud-init probably if you can and preseed them that way, or just drop them in place as the image is coming online using whatever your cloud provider offers
21:31 onlyanegg joined #salt
21:33 ZiLi0n thanks gtmanfred no, it is for baremetal installation
21:33 truescot zilion, theres a few different ways to do it, the official way is here https://docs.saltstack.com/en/latest/topics/tutorials/preseed_key.html you can then deploy the keys in any number of different ways depending on how you spin up the machines
21:33 scoates joined #salt
21:34 jfindlay truescot: that is strange.  It looks like it should work from what I can see
21:34 ZiLi0n thank you. but is a third party component which talks to the SaltMaster to creates the keys, and then inject them into the minion?
21:35 gtmanfred there is not i don't think
21:35 gtmanfred yoiu could possibly generate the keys using the wheel client through salt-api though
21:35 gtmanfred have never tried that though
21:36 truescot there is a way to do it but i am a little unsure how it's done tbh, i was at a talk yesterday that will be presented at salt conf were they used cobbler to edit some files on the master which then waited for the given servername to try and register
21:36 truescot then that file would time out after 3 minutes for security reasons
21:36 UtahDave truescot: that should be working.
21:37 fooma joined #salt
21:37 truescot yea, it is really messing with my head, i think something has to be going wrong on the minions but there is nothing obvious in any of the logs
21:37 truescot the pastebin i just put is me clearing everything back to basics and it still not working
21:38 truescot but whats really strange is that jinja templates are working on some other servers that we have connecting to the same master
21:38 teatime truescot: what does the .xml file end up looking like?  identical to jinja template, jinja syntax and all?
21:38 truescot yes,
21:38 truescot it basically just copies it
21:38 ZiLi0n truescot thanks a lot. I am using Cobbler as well, and I was exactly thinking of how an integration between Cobbler and Master could be done, so that the minions are created and prepopulated using Cobbler
21:39 murrdoc joined #salt
21:39 teatime basically, or exactly?  :)
21:39 truescot exactly
21:39 UtahDave truescot: I have to head to an appointment right now, but I'll set up a test environment for that a little later and try that out
21:40 truescot cool, thanks
21:40 truescot keep an eye out for a guy called onno ebbinge from a company called duo at salt conf (he will make his presentation available afterwards) its a really really good presentation and will give you a lot of ideas
21:41 UtahDave if I don't happen to get back to you on it this evening and you still haven't found the problem, please open a github issue on this.
21:41 truescot will do, thanks
21:44 ZiLi0n truescot thank you
21:45 truescot np
21:45 lero joined #salt
21:45 nZac joined #salt
21:46 phx__ joined #salt
21:48 whatever_sd_ joined #salt
21:48 leev joined #salt
21:50 mr_chris joined #salt
21:50 baweaver joined #salt
21:51 aharvey joined #salt
21:52 ajw0100 joined #salt
21:53 hightekvagabond joined #salt
21:56 Xenophon1 joined #salt
21:56 flowstate joined #salt
21:57 kevinqui1nyo hm is github screwy for anyone right now
21:57 gtmanfred yes
21:57 gtmanfred they released their dgit stuff today i thing
21:57 gtmanfred think
21:57 gtmanfred http://githubengineering.com/introducing-dgit/
21:58 gtmanfred sounds like they are playing catchup on some push stuff right now
21:58 kevinqui1nyo ah
21:58 whatapain joined #salt
21:58 kevinqui1nyo amazin how dependent i am on them as a service
21:58 gtmanfred yup, scary sometimes
21:59 gtmanfred i have been thinking about hosting my stuff on an external gitlabs thing as well
21:59 kevinqui1nyo i do use gitlab and deploy it via salt, so i could spin up local clones for everything
21:59 sxar joined #salt
21:59 whatapain so, i have hosts like host01.domain.com as minion_ids.  can anyone tell me why this minion matching doesn't work?  salt 'host0[1,2,3].domain.com' test.ping
21:59 kevinqui1nyo i forked a salt module for gitlab someone else made, and made improvements if you'd like to contribute to it gtmanfred
22:00 gtmanfred :)
22:00 gtmanfred whatapain: check salt -h, there should be information about matching using regex on names
22:00 gtmanfred i think it might be -P for pcre
22:00 antpa joined #salt
22:00 gtmanfred by default it only supports globs
22:01 teatime whatapain: because it uses python fnmatch globs by default; [123] would work, but the shell-style {1, 2, 3} syntax you're thinking of is not supported.
22:01 gtmanfred it is actualy -E
22:01 whatapain same problem using -E
22:01 gtmanfred [1-3]
22:02 whatapain what if i need to do 1, 4, and 6?
22:02 gtmanfred salt -E 'host0[1-3].domain.com' test.ping
22:02 aharvey joined #salt
22:02 teatime whatapain: if you use -E, it needs to then be a regex.
22:02 gtmanfred check what teatime said
22:02 teatime whatapain: neither regex nor shell globs have a [x,y,z] syntax
22:02 whatapain ok, so how do i select hosts 1, 4, and 6?
22:02 brianfeister joined #salt
22:02 whatapain sorry
22:02 sxar_ joined #salt
22:02 gtmanfred salt 'host0[146].domain.com'
22:03 gtmanfred [] is just a list of things to put in that one spot
22:03 whatapain ok, so what if you have 14, 16, and 20?
22:03 whatapain [141620] wouldn't work
22:03 gtmanfred it would not
22:04 teatime whatapain: -E '^host0(14|16|20)\.domain\.com$'  I assume
22:04 whatapain ouch
22:04 gtmanfred you could use that or compound
22:04 teatime whatapain: or this:  'host14.examples.com or host16.example.com or host20.example.com'
22:04 whatapain never mind... i'll just do -L and type the full hostnames
22:04 gtmanfred salt -C 'host1[46].domain.com or host20.domain.com'
22:04 whatapain thx
22:04 teatime gtmanfred: actually I think you want -L there?
22:04 teatime if you do -C then you need to specify the match types?
22:07 ajw0100 joined #salt
22:07 ageorgop joined #salt
22:09 sxar joined #salt
22:13 sxar_ joined #salt
22:16 sxar joined #salt
22:16 Topic for #salt is now Welcome to #salt! | Latest Version: 2015.8.8, RC Version: 2016.3.0rc2 | SaltConf16: http://saltconf.com/register/ | Paid support available: https://www.saltstack.com/support/ | Logs: http://irclog.perlgeek.de/salt/ | Paste: https://gist.github.com/ (please don't multiline paste into channel) | See also: #salt-devel, #salt-offtopic | Ask with patience as we are volunteers and may not have
22:16 antpa joined #salt
22:16 pid1 joined #salt
22:16 jfindlay hm, not sure if weechat or freenode is cutting that off
22:17 baweaver joined #salt
22:18 ageorgop joined #salt
22:18 Topic for #salt is now Welcome to #salt! | Latest Versions: 2015.8.8, 2016.3.0rc2 | SaltConf16: http://saltconf.com/register/ | Support available: https://www.saltstack.com/support/ | Logs: http://irclog.perlgeek.de/salt/ | Paste: https://gist.github.com/ (please don't multiline paste into channel) | See also: #salt-devel, #salt-offtopic | Ask with patience as we are volunteers and may not have immediate answe
22:18 sxar__ joined #salt
22:19 Topic for #salt is now Welcome to #salt! | Latest Versions: 2015.8.8, 2016.3.0rc2 | SaltConf16: http://saltconf.com/register/ | Support: https://www.saltstack.com/support/ | Logs: http://irclog.perlgeek.de/salt/ | Paste: https://gist.github.com/ (please don't multiline paste into channel) | See also: #salt-devel, #salt-offtopic | Ask with patience as we are volunteers and may not have immediate answers
22:19 ninjada joined #salt
22:19 sxar_ joined #salt
22:26 flowstate joined #salt
22:27 baweaver joined #salt
22:28 sxar joined #salt
22:28 sagerdearia joined #salt
22:32 onlyanegg joined #salt
22:35 keimlink joined #salt
22:37 sxar_ joined #salt
22:39 zenlot6 joined #salt
22:39 antpa joined #salt
22:42 ageorgop joined #salt
22:47 ninjada joined #salt
22:48 sagerdearia joined #salt
22:50 antpa joined #salt
22:55 leev_ joined #salt
22:57 flowstate joined #salt
22:57 onlyanegg joined #salt
23:02 ageorgop joined #salt
23:03 flowstate joined #salt
23:04 ninjada joined #salt
23:05 ninjada joined #salt
23:06 cberndt joined #salt
23:09 mavhq joined #salt
23:09 ronp_usa1 joined #salt
23:09 mowntan joined #salt
23:14 ageorgop joined #salt
23:14 sxar_ joined #salt
23:17 mavhq joined #salt
23:18 kevinquinnyo joined #salt
23:19 sxar joined #salt
23:20 baweaver joined #salt
23:22 sxar___ joined #salt
23:23 ageorgop joined #salt
23:24 mohae joined #salt
23:24 flowstate joined #salt
23:25 sxar joined #salt
23:25 sxar_ joined #salt
23:30 antpa joined #salt
23:30 scoates joined #salt
23:31 echo joined #salt
23:31 sxar joined #salt
23:37 sxar_ joined #salt
23:40 sxar__ joined #salt
23:41 baweaver joined #salt
23:43 sxar joined #salt
23:49 ageorgop joined #salt
23:49 flowstate joined #salt
23:51 brianfeister joined #salt
23:51 djgerm joined #salt
23:52 ajw0100 joined #salt
23:52 djgerm Hello. How does one get a minion to execute a highstate (or a very specific state) on start?
23:52 djgerm or creation
23:52 akhter joined #salt
23:54 antpa joined #salt
23:56 grumm_servire joined #salt
23:57 ivanjaros joined #salt
23:59 iggy creation is not easy, on start can be done quite a few ways

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary