Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2016-05-03

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:00 ahammond I though "hey, maybe that's a json string"... but no... those u'' are unicode strings... and this is... a python repr string?
00:00 ahammond How am I supposed to consume this data?
00:01 ahammond And... I'd rather punch myself in the face than use an eval in python for reasons that go beyond obvious, I think...
00:01 iggy you shouldn't?
00:01 * ahammond pictures the comments in that pull-request
00:01 iggy where are you using this?
00:02 ahammond iggy I want to get a list of IPs for servers in the cloud.
00:02 rmnuvg joined #salt
00:02 ahammond which will be added to an ipset on the salt master and allowed to connect to ports 4505 and 4506.
00:02 iggy why are you passing data like that
00:02 ahammond iggy, this is what I get when I run salt-call cloud.full_query
00:02 estahn joined #salt
00:03 iggy write a runner that calls it and directly processes the return
00:03 ahammond (or more accurately, in an execution module calling __salt__['cloud.full_query']() )
00:03 iggy or use the --json out maybe?
00:03 iggy gotta run to meeting
00:03 meekrab joined #salt
00:05 pipps joined #salt
00:09 pipps joined #salt
00:17 bb74352 joined #salt
00:19 flowstate joined #salt
00:21 nidr0x joined #salt
00:23 hajhatten joined #salt
00:24 aqua^c joined #salt
00:24 elsysops joined #salt
00:27 Jude_ joined #salt
00:28 rem5 joined #salt
00:29 rem5 joined #salt
00:30 pid1 joined #salt
00:32 josuebrunel joined #salt
00:33 fracklen joined #salt
00:33 viq joined #salt
00:37 sc250024 joined #salt
00:39 sc250024 joined #salt
00:40 bastiandg joined #salt
00:41 flowstate joined #salt
00:51 ageorgop joined #salt
00:53 akhter joined #salt
00:53 SeaPhor joined #salt
01:01 iceyao joined #salt
01:05 bastiandg joined #salt
01:08 racooper joined #salt
01:15 meekrab joined #salt
01:24 hajhatten joined #salt
01:32 catpiggest joined #salt
01:33 yidhra_ joined #salt
01:36 bastiandg joined #salt
01:36 terratoma joined #salt
01:38 rem5 joined #salt
01:40 cpowell joined #salt
01:47 ilbot3 joined #salt
01:47 Topic for #salt is now Welcome to #salt! | Latest Versions: 2015.8.8, 2016.3.0rc2 | Support: https://www.saltstack.com/support/ | Logs: http://irclog.perlgeek.de/salt/ | Paste: https://gist.github.com/ (please don't multiline paste into channel) | See also: #salt-devel, #salt-offtopic | Ask with patience as we are volunteers and may not have immediate answers"
01:52 meekrab joined #salt
01:53 donmichelangelo joined #salt
02:00 hasues joined #salt
02:08 capricorn_1 joined #salt
02:09 flowstate joined #salt
02:14 brianfeister joined #salt
02:21 hasues left #salt
02:21 dunz0r joined #salt
02:21 TyrfingMjolnir joined #salt
02:21 flebel joined #salt
02:21 Zhen joined #salt
02:22 DammitJim joined #salt
02:24 NightMonkey joined #salt
02:25 hajhatten joined #salt
02:28 oida joined #salt
02:41 bbradley joined #salt
02:49 hoonetorg joined #salt
02:55 quasiben joined #salt
03:13 estahn joined #salt
03:19 flowstate joined #salt
03:26 hajhatten joined #salt
03:33 subsignal joined #salt
03:39 bowhunter joined #salt
03:41 auzty joined #salt
03:51 ageorgop joined #salt
04:01 hal58th_ joined #salt
04:08 zmalone joined #salt
04:12 xiaoshi joined #salt
04:12 ALLmightySPIFF joined #salt
04:12 xiaoshi ls
04:12 xiaoshi help
04:13 xiaoshi ls /
04:13 xiaoshi salt '*' cmd.run 'ls'
04:13 bVector #salt.freenode:
04:13 bVector True
04:14 teatime clear
04:17 kuromagi joined #salt
04:18 beelzebob joined #salt
04:19 qman__ joined #salt
04:19 Vye joined #salt
04:19 evilrob joined #salt
04:19 basepi joined #salt
04:19 rideh joined #salt
04:20 repl1cant joined #salt
04:20 justyns joined #salt
04:21 flowstate joined #salt
04:21 dustywusty joined #salt
04:26 brianfeister joined #salt
04:26 hajhatten joined #salt
04:27 bowhunter joined #salt
04:34 cpowell joined #salt
04:41 Sylvain31 joined #salt
04:42 meekrab joined #salt
04:45 pipps joined #salt
04:47 viq joined #salt
04:53 pipps99 joined #salt
05:03 ivanjaros joined #salt
05:14 rdas joined #salt
05:16 sauvin joined #salt
05:20 pipps joined #salt
05:20 flowstate joined #salt
05:22 brianfeister joined #salt
05:27 hajhatten joined #salt
05:32 favadi joined #salt
05:33 lorengordon joined #salt
05:36 subsignal joined #salt
05:38 iceyao_ joined #salt
05:39 iceyao joined #salt
05:54 iceyao joined #salt
05:56 kawa2014 joined #salt
05:59 estahn joined #salt
06:09 macheck joined #salt
06:12 toastedpenguin joined #salt
06:20 flowstate joined #salt
06:20 macheck left #salt
06:20 ivanjaros joined #salt
06:21 macheck joined #salt
06:21 keimlink joined #salt
06:28 hajhatten joined #salt
06:41 toanju joined #salt
06:42 duncanmv joined #salt
06:43 toastedpenguin joined #salt
06:44 garphy joined #salt
06:47 chanu1993 joined #salt
06:47 chanu1993 Hai
06:47 chanu1993 have a question
06:47 chanu1993 how can i deploy a Python or Node.Js server with SALT STACK >?
06:47 chanu1993 Plz help me
06:47 chanu1993 anyone here ?
06:48 akhter joined #salt
06:49 AndreasLutro chanu1993: think to yourself how you would deploy such a thing without salt, then look up in the docs how to do each individual step with salt
06:50 mosen Quit already
06:52 zer0def joined #salt
07:11 slav0nic joined #salt
07:14 mohg joined #salt
07:20 flowstate joined #salt
07:20 hajhatten joined #salt
07:22 josuebrunel joined #salt
07:26 toastedpenguin joined #salt
07:31 ontop joined #salt
07:31 TyrfingMjolnir joined #salt
07:32 ontop Anyway to capture the stdin of one command and use it for templating?
07:34 teatime you mean stdout?  could you give more details of your specific scenario?
07:34 zer0def `{% set var = salt['cmd.run']('<command>') %}`?
07:34 ontop Basically I want to ls -d /etc/ssh/*key*
07:34 ontop And then delete everything that command returns.
07:35 teatime yes, you can call execution modules from states or jinja etc., including the ones that just run raw commands.
07:35 teatime you *could* just do it in one shell command, if you wanted
07:35 zer0def except for the fact that cmd.run will probably return a huge string and not a list, but i think there are execution modules for listing a dir or something
07:35 zer0def and what teatime just said
07:36 ontop Yeah, I could do a find
07:36 ontop And exec that into rm
07:36 ontop I wanted to see the salt way to do this
07:36 ontop I did this in ansible
07:36 zer0def as far as anyone's concerned, you could just run `rm /etc/ssh/*key*`
07:36 ontop That's sort of shell specific. Would it expand?
07:36 ontop I don't know how it's running.
07:37 teatime `find /etc/ssh -maxdepth 1 -type d -name "*key*" -print0 | xargs -0 rm -rf`
07:37 teatime no shell expansion necessary.  should be reliable.
07:37 zer0def depending on what shell cmd.run defaults to, it probably could…
07:37 AndreasLutro there isn't a shell that doesn't support globbing
07:37 ontop Yea. That's pretty much what I was looking at teatime. But it's more of an experiment in "how do you do this in Salt"
07:38 ontop There may be a time where find doesn't do the trick!
07:38 subsignal joined #salt
07:38 teatime ontop: the "right" way to do this, imo, is to manage the entire /etc/ssh directory via salt, enforcing that only the files your salt states have put beneath it can remain.
07:38 ontop I also have to figure out how state modules are different than execution modules.
07:38 AndreasLutro keep it simple... a cmd.run with find and/or rm is good enough
07:38 ontop teatime: So you would annihilate the entire directory and redo all the pieces?
07:38 ontop I didn't REALLY want to redo etc/ssh/moduli
07:38 ontop Because I think it takes a while to generate
07:39 AndreasLutro ontop: https://gist.github.com/anlutro/cd0c16d1d23d55ded19b
07:39 teatime well, there are exceptions.
07:39 zer0def also, if you want a salt-wrapped way of doing things, there's a `find` function in this exec module: https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.file.html
07:39 teatime host keys I gen on the hosts and they stay there.  but they're still managed, in this case approved/allowed, by salt.
07:39 teatime anything that isn't recognized as part of my config mgmt would get deleted.
07:39 ontop Oh look at that.
07:40 ontop teatime: That's a cool way to do it.
07:40 ontop I should probably do that :D
07:40 ontop zer0def: Nice link thanks :D
07:40 teatime it gives you the benefit of having your config mgmt always pulling your hosts into compliance / confirming compliance w/ design/specs/docs every time you highstate.  but admittedly this is less and less relevant these days.
07:40 ontop Even has a delete function.
07:41 ontop teatime: What makes it less relevant?
07:41 ontop Not disagreeing, just curious.
07:41 zer0def yeah, as the description implies, it most likely is just a thin wrapper around `find`, the command
07:41 teatime the proliferation of virtualization and cloud hosting, where it's literally just as easy to re-create a host as re-configure it.
07:41 ontop Yeah true
07:42 teatime I still think there's value in the approach and I am still kindof anal about it because that's the kind of thing that I enjoy, but I am much less disgusted by workflows that revolve around e.g. kickstart / deploy-centric automation than I used to be
07:42 toastedpenguin joined #salt
07:42 ontop zer0def: Because that's a "module" thing. I'd have to call it in a strange way though right? No nice state yaml for that.
07:42 ontop {% salt['...
07:42 ontop Something like that?
07:42 zer0def ontop: basically you call *ANY* execution module by doing `salt['<exec_path_here']()`
07:43 ontop Right.
07:43 zer0def assuming no args, given empty parentheses
07:43 AndreasLutro ontop: in your case you may want to use the module.run state function
07:43 teatime ontop: so, to really reap this 'assurance of compliance is only a highstate away' zen, you have to be able to run your highstate whenever you want, as often as you want, confident that it won't break anything, right?
07:43 zer0def or that.
07:43 ontop teatime: Right.
07:43 ontop :D
07:43 AndreasLutro but really I don't see the problem with using cmd.run
07:43 ontop AndreasLutro: There's no problem - really. I'm just experimenting and trying to push the edges.
07:44 ontop I'm still flapping between Ansible and this.
07:44 zer0def i like how we collectively came up with like 7+ different ways of achieving the same goal
07:44 ontop Trying to figure out which one I prefer.
07:44 AndreasLutro I'd push the limits on more interesting problems ;)
07:44 ronnix joined #salt
07:44 teatime ontop: an operation that, having been applied once, doesn't further change the output/state if applied again, or again and again and again, is called idempotent.  and that's what you want your configmgmt / highstate to be... if it's already been done, then it should make zero changes (unless someone has, say, manually configured something outside of your process.)
07:44 ontop AndreasLutro: Gotta start somewhere. I'm a newb at this sort of stuff :)
07:44 ontop teatime: Yea, I get that. I'm trying to make all my stuff idempotent.
07:44 zer0def ontop: not sure about Ansible's state atm (mostly speaking about agent-oriented architecture), but you can always salt-ssh the damned thing
07:45 teatime ontop: and that's what state modules are for... they let you specify the desired state of whatever (files on disk, system hostname, IP addrs, whatever), and if it doesn't match, it makes it match.  otherwise, does nothing.
07:45 pfallenop joined #salt
07:45 ontop zer0def: I'm literally only using salt-ssh lol.
07:45 zer0def oh, then nevermind, you'll trip a lot on distro differences and when you may want to use mine
07:46 teatime ontop: whereas execution modules are a wide variety of 'do something, maybe with side effects, and maybe return me information about' one-off operations, and they're super handy, but they're generally read-only operations, or not idempotent / not trying to be stateful.
07:46 ontop Aha.
07:46 ontop It seems like they might run before the state modules run?
07:46 zer0def not sure if the former is the case, but when i still played around with salt-ssh, if i pushed a thin from ubuntu/debian onto a EL distro, wheels came right off
07:46 teatime you can turn some execution module runs and/or some shell code into something stateful, though.
07:46 ontop Because they're templated?
07:46 teatime i.e., you can use cmd.run w/ a well-considered unless: clause
07:46 lero joined #salt
07:47 teatime they run when you call them... they can get called from lots of different places in salt.
07:47 AndreasLutro ontop: if you use them in the templating language {{ salt['whatever.whatever']() }} then yes, they are executed when the template is rendered
07:47 teatime if you call them from inside jinja tags, inside a state .sls file, yeah it's before the actual states are compiled and executed.
07:48 ontop {% <- Is this a jinja templating thing too?
07:48 ontop I think it is.
07:48 teatime yeah
07:48 zer0def ontop: google `template designer documentation jinja` and you get all the neat tricks on one page
07:48 ontop Well. I better go to bed. But thanks for all the chatter. I learned something today. :D
07:48 teatime g'night
07:48 zer0def nighty nite
07:49 dmaiocchi joined #salt
07:53 toastedpenguin joined #salt
07:54 lempa joined #salt
07:54 hal58th joined #salt
07:56 Eureka703 joined #salt
07:56 mackripe_ joined #salt
07:57 belak51 joined #salt
07:57 tpaul_ joined #salt
07:58 hillna_ joined #salt
07:58 toastedpenguin joined #salt
07:58 copelco_ joined #salt
07:58 goki_ joined #salt
07:58 rmnuvg_ joined #salt
07:58 OliverMT joined #salt
07:58 OliverMT joined #salt
07:58 jrklein joined #salt
07:58 whatever_sd_ joined #salt
07:58 rsys joined #salt
07:58 Garo_ joined #salt
07:58 SubOracle joined #salt
07:58 nethershaw joined #salt
07:58 arapaho joined #salt
07:58 potens joined #salt
07:58 rnts_ joined #salt
07:59 wych joined #salt
07:59 Ashald joined #salt
07:59 Sketch joined #salt
07:59 skeezix-hf joined #salt
07:59 evilrob joined #salt
07:59 toastedpenguin joined #salt
07:59 sk_0 joined #salt
07:59 bbradley joined #salt
07:59 jwon joined #salt
07:59 atmosx joined #salt
07:59 johtso joined #salt
07:59 tkeith joined #salt
07:59 aurynn joined #salt
07:59 smakar joined #salt
08:00 bbendy_ joined #salt
08:00 justyns joined #salt
08:00 Edgan joined #salt
08:00 Laogeodritt joined #salt
08:00 Freek joined #salt
08:00 antonw joined #salt
08:01 dyasny joined #salt
08:02 SeaPhor joined #salt
08:02 brd joined #salt
08:02 akoumjian joined #salt
08:03 jhauser joined #salt
08:05 cyborg-one joined #salt
08:05 mowntan joined #salt
08:05 mowntan joined #salt
08:06 rrei joined #salt
08:07 shawnbutts joined #salt
08:07 Rumbles joined #salt
08:08 bstaz joined #salt
08:08 ToeSnacks joined #salt
08:08 dmaiocchi joined #salt
08:08 abele joined #salt
08:09 eliasp joined #salt
08:09 mikepea_ joined #salt
08:09 doriftoshoes joined #salt
08:11 GreatSnoopy joined #salt
08:18 flowstate joined #salt
08:23 ajw0100 joined #salt
08:28 msn joined #salt
08:30 punkoivan joined #salt
08:30 lungaro joined #salt
08:32 pic0frame joined #salt
08:34 pic0frame Hello everyone!
08:35 pic0frame Anyone an idea what goes wrong here? http://pastebin.com/HeRpcuqs
08:36 punkoivan left #salt
08:37 mohg joined #salt
08:39 teatime I don't use firewall-cmd or know why the config doesn't appear to have changed
08:40 teatime but I can tell you that firewall/iptables doesn't affect listening/binding, so the netstat output is not relevant.
08:40 teatime unless I missed the point of it.
08:40 subsignal joined #salt
08:40 pic0frame teatime: I know that CentOS doesn't open a port if it's not used
08:41 pic0frame So I taught.. I better show that the webserver is listening on the port
08:42 kshlm joined #salt
08:42 teatime that doesn't sound right... I would think the firewall config would be completely separate of applications binding to / listening on whatever ports
08:42 teatime but fair enough.
08:42 babilen It would be
08:43 pic0frame Then I am wron
08:43 teatime if you run the state over and over does it keep claiming to make changes?
08:43 pic0frame Then I am wrong *
08:43 babilen (you can still listen to it, but the firewall would drop those packages)
08:43 pic0frame teatime: Let me try that..
08:44 pic0frame teatime: YES, some results output
08:46 guanophobic joined #salt
08:58 pid1 joined #salt
08:58 viq joined #salt
09:07 pid1_ joined #salt
09:13 meekrab joined #salt
09:15 estahn joined #salt
09:19 flowstate joined #salt
09:22 toastedpenguin joined #salt
09:23 jhauser joined #salt
09:36 Guest79 joined #salt
09:37 west575 joined #salt
09:40 iceyao joined #salt
09:41 pid1_ joined #salt
09:49 Hetman Morning can somebody give me example of if set in JINJA template ?I've got config file and want only add lines to it if they are specified in pillar is it {% if set <something> %} my_line { %end if% }
09:52 babilen Hetman: {% if FOO is defined %} or simply {% if FOO %} depending on what you are after
09:53 babilen (truthy test or existence)
09:54 Garyx joined #salt
09:59 Hetman babilen: thanks if FOO should be fine
10:00 yomilk joined #salt
10:06 losh joined #salt
10:09 mage_ when I'm running "salt somehost state.sls foo" as user "bar" is there a way to retrieve "bar" in sls foo ?
10:09 mage_ in other words: can I retrieve the user who launched that salt command in my state file ?
10:19 flowstate joined #salt
10:30 kawa2014 joined #salt
10:31 gumbo_king joined #salt
10:34 viq_ joined #salt
10:41 Modulus__ joined #salt
10:43 subsignal joined #salt
11:04 Guest79 joined #salt
11:12 Guest79 joined #salt
11:18 flowstate joined #salt
11:20 estahn @mage_ i think it should be passed in through the environment variables
11:22 estahn is there a way to execute manage.down in a statefile and use the result in a loop?
11:22 teatime yes, it's possible
11:22 teatime module.run or similar
11:23 estahn alright, ill try ... didnt find examples
11:25 teatime actually I dunno, I take that back.  I have no idea.
11:26 amcorreia joined #salt
11:28 sjorge joined #salt
11:31 estahn i want to clean the mine data for all dead minions via scheduler
11:31 estahn any ideas?
11:34 teatime so, my mine data I do not want to lose for an active host... so manage.down would probably not be definitive enough for me to use as a source for that... I might think about looking for data for minions that no longer have a key accepted in the master PKI...
11:34 teatime basically I want to make mine data removal have a required manual step, or at least not be triggerable by a random temporary outage
11:35 teatime which, currently, it's just 100% manual :)
11:35 estahn any particular reason for that?
11:35 rem5 joined #salt
11:35 teatime just, again, not wanting to lose it.  it would mess up my configs, in some cases badly.
11:36 CeBe joined #salt
11:36 remyd1 joined #salt
11:36 aqua^c joined #salt
11:36 quasiben joined #salt
11:36 estahn mine data from a dead minion is currently messing with the salt-formula/zookeeper configuration
11:37 estahn not quite sure what the advantage is of keeping mine data from dead minions around :)
11:38 teatime and by dead you do mean, decomissioned, gone, forever, yeah?
11:38 babilen estahn: I think you can run {% set down_hosts = salt.saltutil.runner('manage.down') %} or something along those lines
11:38 teatime and you may have misunderstood; I meant that I very much do not want to accidentally remove data that is actually, for whatever reason, for a live host.
11:39 west575 joined #salt
11:40 estahn by dead i mean not responding to the master
11:40 teatime 'set of minions not currently, at this moment in time, authenticated and online with the master' != 'set of hosts I want to not be in my DNS after my DNS server runs its next highstate'
11:40 teatime etc. etc.
11:41 catpigger joined #salt
11:41 estahn yes, thats makes sense.
11:42 teatime it all depends on what you're using it for, obv.
11:43 subsignal joined #salt
11:43 estahn fair enough ... basically i want to get rid of minion keys  and data from dead hosts. e.g. autoscaling decommisioned them etc
11:44 teatime right
11:44 babilen estahn: You could also enable presence events and kick off whatever needs to be done from those events
11:44 estahn babilen: are there non presence events :)
11:45 teatime salt-cloud fires events when you decomission instances
11:45 babilen estahn: No, there are presence events, but they include information about minions that became available and those that went away. Wouldn't that be enough for you?
11:45 babilen Or listen to more specific events, yeah
11:46 babilen Are you using salt-cloud, estahn ?
11:46 teatime babilen: wouldn't that pretty much garantee you'd regularly delete data for hosts that would have reconnected in a minute?
11:46 estahn babilen: na
11:46 teatime I mean you'd need to delay and double-check or something.
11:46 estahn i think teatime has a good point and i just had a better idea for my problem
11:46 babilen teatime: It would delete the data as soon as they go away and update it as soon as they become available, yes
11:47 teatime that would be OK for the mine data, depending, but not the accepted keys
11:47 babilen I thought we are talking about mine data?
11:47 estahn thats ok, since i auto accept everyting anyways
11:47 teatime I think he mentioned keys too.
11:47 estahn keys + mine data
11:48 teatime estahn: I urge you to not auto-accept keys.
11:48 estahn i need to ask the aws api if an instance is still active and base the removal based on that
11:48 teatime it's not impossible for that to be an acceptable practice, since I don't know your business, but there's at least a 95% chance it's really not.
11:48 babilen keys is easy as you can just tie in to salt/key/*
11:49 estahn teatime are you accepting keys based on a certain pattern?
11:49 estahn whats your stratey?
11:49 sagerdearia joined #salt
11:49 estahn strategy
11:50 teatime we're doing different things, you and I.. currently I can get by manually verifying fingerprints, because I don't need auto-scaling etc.  but if I did need auto-scaling, I would have some kind of cooperation between deployment and salt-connecting.  salt-cloud does it for you, I think.
11:50 teatime you can automate the key exchange, but you shouldn't have your master just accept anything that tries to auth
11:53 teatime my deployment is still frustratingly manual, actually.
11:53 teatime I hope to switch to salt-cloud in the future... my provider is kindof making things difficult.
11:54 estahn its an autonomous VPC with master in private subnets. security groups all over the place. you cant access any of the instances from the internet, just through bastion host and that also just from certain ip adresses
11:55 estahn i agree key exchange would be nice, but was not a high priority at this stage
11:55 teatime you hope :)
11:55 teatime perhaps you're in the 5%
11:55 estahn nana ... i know 100% you cant access any instances from the internet :P
11:56 estahn ist all cloudformation auto spin up stuff
11:56 estahn its
11:56 teatime bah, I wish I could afford aws xfer rates for my personal stuff
11:57 teatime it's nice when you have all of the features and they're all well-supported by every 3rd party app etc.
11:57 estahn if you still have a good reason for key exchange i'm all ears :)
11:57 teatime estahn: just defense-in-depth.
11:57 iceyao joined #salt
11:57 estahn yeah, next iteration :)
11:58 teatime config. mgmt. is a v. high value target / exposure.  I don't let myself get lazy w/ it.
11:58 teatime but again we clearly have v. different use-cases anyway.
11:59 estahn anyways, back to my issue. i probably just ask aws api if the instance is still active
11:59 teatime that seems more reasonable to me.
11:59 estahn then do hocus pocus based on that
11:59 teatime if you want to do that all in salt, I do beleive there are modules for aws api
12:00 estahn yes, i think boto is included
12:01 estahn where do i put scheduler conf stuff?
12:01 estahn in /etc/salt/minion.d/ ?
12:02 traph joined #salt
12:02 traph joined #salt
12:04 teatime you can do it via pillar like configuring mine functions, if you like
12:05 teatime or you can put it in the config, but then you have to restart
12:05 ivanjaros joined #salt
12:13 mage_ damn jinja2, it's already an hour now that I'm trying to tell him to insert a single space between two {% if %} statements ...
12:13 hrumph joined #salt
12:14 teatime heh, perhaps you should post the code.  doesn't sound hard.
12:14 mage_ https://gist.github.com/silenius/cf1dd1f3df1010b16ba129761242dd65
12:14 pid1 joined #salt
12:14 teatime you know about the whitespace-control thingies, {%- ?
12:15 mage_ teatime: yeah .. I've already tried all combinaisons of {%- and -%}
12:15 mage_ all I want in finale is "bundle exec thin .."
12:15 teatime can you post the corresponding output
12:15 teatime you can censor it if need-be, just faithfully reproduce whitespace rendering
12:17 mage_ https://gist.github.com/silenius/cf1dd1f3df1010b16ba129761242dd65
12:17 mage_ (in comment)
12:18 bowhunter joined #salt
12:19 babilen mage_: What does https://www.refheap.com/118594 result in?
12:20 AdamSewell joined #salt
12:21 mage_ babilen: I get "bundle execthin"
12:21 teatime put the endif and if on the same line
12:21 mage_ (even if I put white spaces after bundle exec in the template)
12:21 teatime separated by 1 space
12:21 teatime remove the - - on either side of the one space
12:21 mage_ {%- if cfg.deploy.env == 'production' %} bundle exec {%- endif -%} ?
12:22 babilen yeah
12:22 babilen no, not quite
12:22 teatime I was thinking this:  {%- endif %} {% if 'thin' in cfg.use -%}
12:22 babilen ^
12:22 mage_ ah
12:22 mage_ let me try (:
12:23 mage_ it'll become unreadable
12:23 teatime it's not a big or complex enough file to, imo
12:23 teatime but there are other ways
12:23 mage_ it's bigger than that :)
12:24 teatime You might can go back to what you had (all squished on one line), but put this line in between:  {{ ' ' }}
12:24 mage_ https://gist.github.com/silenius/27158d2cce833efdfeecf6fc7baee6dc that's the full template
12:24 teatime or maybe {{- ' ' -}}  not sure
12:24 mage_ let me try
12:24 slav0nic joined #salt
12:25 mage_ I think choosing Jinja instead of Mako is perhaps the biggest mistake SaltStack made :(
12:25 teatime it has mako too
12:26 mage_ yeah .. but all formulas & so will never be translated
12:26 teatime there are several renderers, you're free to mix and atch them
12:27 Ron11 joined #salt
12:27 mage_ ok it works with bundle exec {{- ' ' -}}
12:27 mage_ thanks !
12:28 babilen mage_: I totally agree
12:28 babilen (on the mako thing)
12:28 teatime the right-side -'s are optional by default I beleive but asymmetry bugs me
12:29 Ron11 HI, I have wonder if I can in any way to copy all the directories that salt minion creates after installation and copy them to another computer?
12:29 teatime mage_: another option might be to use jinja's set to build up the string, as a string, incrementally.  might help you reformat.
12:32 mage_ ah.. I'll check
12:33 teatime then at some point you can insert it with {{ mycommand }} or whatever.
12:35 teatime maybe you could put like, all of the logic into one big {% %} or so, and clean up a lot of the visual noise those tags add.  but I am not sure exactly how set scopes, e.g. inside if... worked for me in the past, a user here reported it does not work, I have not tested since
12:45 renaissancedev joined #salt
12:45 blarghmatey joined #salt
12:48 gh34 joined #salt
12:55 numkem joined #salt
12:55 mapu joined #salt
13:00 ferbla joined #salt
13:03 racooper joined #salt
13:05 subsignal joined #salt
13:06 ssplatt joined #salt
13:06 subsigna_ joined #salt
13:07 ferbla joined #salt
13:12 AdamSewe_ joined #salt
13:23 AdamSewell joined #salt
13:24 impi joined #salt
13:28 AdamSewell joined #salt
13:29 akhter joined #salt
13:31 akhter joined #salt
13:35 akhter joined #salt
13:35 kevinquinnyo joined #salt
13:39 akhter joined #salt
13:40 Rumbles hello
13:41 Rumbles just wondering, is it possible to use a salt module within a state? I have been configuring nginx using state files, but I wanted to run a config test then if that passes reload nginx
13:41 Rumbles I can see in nginx module there is a configtest  argument
13:41 teatime sure, there's a module.run state
13:42 Rumbles ooh
13:42 Rumbles thanks
13:42 * Rumbles googles
13:42 snc joined #salt
13:42 teatime https://docs.saltstack.com/en/latest/ref/states/all/salt.states.module.html
13:43 AdamSewell joined #salt
13:43 Sylvain31 joined #salt
13:45 Rumbles okay, so that answers how would I run a module command within a state, is there any way to do a further step if that module run returns true?
13:45 Rumbles i.e. if the config test passes, reload the config
13:45 Rumbles I believe I know how to reload
13:46 teatime yeah, i dunno how to get the result out of it :/
13:46 snc I'd expect a watch/watch_in to handle watching changes to the config file.
13:46 Rumbles okay, thanks :)
13:46 teatime although it may be as easy as a requisite between your checkconfig state and reloadnginx state
13:46 snc This can be a cmd.run instead if it needs to be the tests like you said
13:47 teatime yup
13:48 Rumbles snc, I was expecting to use a watch, but can I use a watch to run a configtest and if that passes to reload?
13:49 subsignal joined #salt
13:54 akhter joined #salt
13:55 snc Cmd is considered as always changing state unless it returns non-zero. So watching it will always trigger. Hmm
13:56 snc Ah, stateful might have the final clue
13:57 snc That ends up needing a specific result though. Is that doable for your situation Rumbles?
13:58 ronnix joined #salt
13:58 spuder joined #salt
13:59 _JZ_ joined #salt
13:59 perfectsine joined #salt
13:59 Rumbles I think so, the result comes back as True on the nginx.module: https://paste.fedoraproject.org/362128/
14:00 rav_ joined #salt
14:00 rav_ help
14:00 Rumbles is that's not what you meant please tell me snc :)
14:00 subsigna_ joined #salt
14:00 Rumbles what's wrong rav_ ?
14:01 zmalone joined #salt
14:01 jerredbell joined #salt
14:02 rav_ I am new to SaltStack. Trying to install it on Windows server
14:02 snc Rumbles: so far okay, what happens in negative case?
14:02 AdamSewell joined #salt
14:02 mpanetta joined #salt
14:02 rav_ but when I tried to installed it is not directly installing on the box, it is downloading virtualbox and downloading
14:03 rav_ is this normal way? how can I run master directly on the windows box
14:03 Rumbles snc, I would epxect the result would return False, in which case I wouldn't want to reload nginx, and would hopefully be able to print something to the console so the amdin knows...
14:03 Rumbles I can't say I've ever tried to run salt on Windows rav_
14:03 Rumbles sorry
14:03 Rumbles Windows is for gaming only :)
14:04 Rumbles according to https://docs.saltstack.com/en/latest/topics/installation/windows.html there is no salt master for Windows rav_
14:04 Rumbles someone clearly saw sense :)
14:04 babilen rav_: The windows installer https://docs.saltstack.com/en/latest/topics/installation/windows.html downloads virtualbox?
14:05 catpigger joined #salt
14:05 teatime that is still just the minion.
14:06 babilen Oh, can you run the master on Windows?
14:06 teatime no, nafaik
14:06 babilen I thought so too
14:06 flowstate joined #salt
14:06 babilen rav_: You need a *nix box for the master
14:07 viq joined #salt
14:07 spuder_ joined #salt
14:07 knine joined #salt
14:08 snc Rumbles: simply mean "test it before you rely on it" :-)
14:08 catpiggest joined #salt
14:08 Rumbles not sure I understand... ?
14:09 Rumbles tst it before we use it, perhaps :)
14:09 rvandegrift joined #salt
14:09 ashrov joined #salt
14:09 ashrov HI ,can you please help me? I have centos5.11 and this is the problem: http://paste.debian.net/679551/ . I need to note that wget for repomd.xml works for me. What can I do?
14:10 flowstate joined #salt
14:12 gtmanfred looks like it should work here, gimme a second to spin up a cent 5 box
14:12 ashrov ok. Thank you
14:13 spuder joined #salt
14:13 catpigger joined #salt
14:14 scoates joined #salt
14:14 tampakrap joined #salt
14:15 darix is is possible for a minion to report the status to the master and the master multiplexes the data to multiple destinations compared to "each minion reports directly to each destination?
14:16 darix i would like the master to collect the reports but also trigger e.g. monitoring depending if the deployment worked or not
14:16 gtmanfred ashrov: it is working here
14:16 tharkun joined #salt
14:16 gtmanfred ashrov: can you run 'yum clean expire-cache'
14:17 ashrov ok I try
14:17 gtmanfred darix: you can, i believe that the status of the state run will go into the event bus
14:17 ashrov No it does not work
14:18 gtmanfred you would then need to use a reactor to trigger what to do after the failure
14:18 darix gtmanfred: well all the returner documentation is always talking about the returner dumping directly e.g. to redis and the master.
14:18 darix ok
14:18 darix reactor thing
14:18 darix will investigate that.
14:18 gtmanfred ashrov: then i don't know, sorry, cause it just worked with running the same commands here :/ http://repo.saltstack.com/#rhel
14:18 ssplatt joined #salt
14:18 teatime there's also 'yum clean all'... probably won't help but worth a shot
14:18 gtmanfred darix: yeah,if you can trigger off the returner stuff on the returner side, based on what is put into the database
14:18 gtmanfred then you could do that
14:19 gtmanfred but, the reactor does that
14:19 teatime you might also try 'yum makecache' first, separately.  even less likely to help;
14:19 gtmanfred but off of what goes into the event bus
14:19 Rumbles snc, would you say what I was thinking of it possible?
14:19 ashrov @gtmanfred did you try the command in the link in centos5.11 and it works for you?
14:19 gtmanfred yes
14:20 gtmanfred wget https://repo.saltstack.com/yum/redhat/salt-repo-2015.8-2.el5.noarch.rpm
14:20 gtmanfred sudo rpm -ivh salt-repo-2015.8-2.el5.noarch.rpm
14:20 gtmanfred yum install -y salt-minion
14:20 gtmanfred worked for me
14:20 gtmanfred on a clean centos 5.11 box
14:20 darix is centos 5 even in support still?
14:20 AdamSewell joined #salt
14:21 gtmanfred until 2017
14:21 ashrov thank you very much @gtmanfred
14:22 impi joined #salt
14:22 ashrov I have another questions. can I take all the directories of salt minion installation and move them to another computer?
14:22 gtmanfred darix: march 31, 2017 is the EOL of rhel 5, well the extended life cycle startes, which means no patches but you can use rhn
14:23 gtmanfred and centos 5 is pretty much bundled with that
14:23 gtmanfred ashrov: you could... i would recommend just copying the rpms and installing them
14:25 ashrov but there is many dependencies
14:25 ashrov are
14:25 kaptk2 joined #salt
14:25 gtmanfred you would have to copy the dependencies directories too though
14:25 gtmanfred which would be less relilably than just copying the rpms
14:25 gtmanfred which you should be able to aggregate downloading with yum downloader, then tar up, and just move the tarball of rpms around
14:28 hasues joined #salt
14:28 hasues left #salt
14:28 flowstate yep
14:29 flowstate aaaand wrong window.
14:29 teatime it can be really nice to have an apt/yum proxy or even full mirror on-site
14:29 tristianc_ joined #salt
14:29 garphy joined #salt
14:29 Rumbles it can be, but setting up sapcewalk can be a pain in the arse
14:29 Rumbles spacewalk*
14:30 ashrov @gtmanfred but there are many dependencies that I need to download in the target computer.
14:30 teatime oh, RHN, right.
14:30 teatime yeah screw spacewalk/satellite
14:30 ashrov Which directories I need to copy. I copied /etc/salt, /usr/bin/salt*
14:30 ashrov How can I know all the directories?
14:30 teatime ashrov: assuming they're the same OS (RH5.whatever), you should be able to download the salt packages you want + all of their possible dependencies, and put them on a DVD or something
14:30 gtmanfred well, you would also need to copy all the directories of all the dependencies
14:31 gtmanfred i don't see how that is easier than downloading all the rpms of the dependencies
14:31 teatime copying it w/o using the rpms is a bad idea.
14:31 gtmanfred ^^
14:32 teatime do you have very poor internet or something?
14:32 ashrov yes
14:32 ashrov I don't internet at all
14:32 ashrov have
14:32 gtmanfred either way, you are transfering something, transfering the rpms in a tarball would be the easiest IMHO
14:33 teatime understood.  still, packages are the way to go; trying to do it manually is harder, gains you nothing, and will be very very easy to break, possibly in some subtle way
14:33 gtmanfred the only other way I would say would be to transport a wheel of all the pip installed packages
14:33 gtmanfred but that is just doing pip install, instead of yum install
14:33 gtmanfred and i can't rememebr if pip on centos 5 even had wheel
14:34 ashrov I know, but the problem in the target computer , it complains about a lot of dependencies I need to download, it can take hours
14:34 gtmanfred sure, get all the rpms together one time
14:34 gtmanfred then you don't have to do it multiple times, just transfer that one whole bundle
14:34 gtmanfred you only have to wait the hours once
14:34 teatime if it does take hours, it will still probably save you time vs. what you suggest.
14:35 Rumbles If you don't have internet, how are you talking to us?
14:35 ashrov no
14:35 ashrov In the source I have this is the computer I write from it, in the target only ssh
14:36 ashrov I will elaborate
14:36 ashrov I am download the packages of salt by yumdownloader --resolve salt-minion
14:36 AdamSewell joined #salt
14:36 ashrov it does not take in account that the computer also need glib, flib and so on
14:37 ashrov in the target when I run it, it says that I need to download this packages
14:37 ashrov I can't download all the packages at once because I know what to download after I run the rpm -ivh in the target computer
14:37 akhter_1 joined #salt
14:38 snc Rumbles: sure, just as long as it happens
14:38 Rumbles waell that wasn't very helpful :/
14:39 teatime perhaps yum-downloadonly plugin, or repoquery... you should certainly be able to make a recursive dependency list for a package
14:39 teatime I guess that's just giving you the 1st level of deps
14:39 ashrov yes
14:39 ashrov Do you mean I need to create a script?
14:40 Rumbles use repoquery (according to the internet) http://stackoverflow.com/questions/16843928/is-there-any-way-to-retrieve-a-dependency-tree-from-yum
14:40 teatime worst case, you could just take the list of downloaded RPM's and feed it back into yumdownloader
14:40 teatime repeatedly until you have them all; assuming it's smart enough not to re-download existing files.
14:41 Rumbles repoquery --requires --recursive --resolve  packagename
14:41 impi joined #salt
14:41 teatime I think that has issues too Rumbles but there is a different repoquery command that works
14:42 Rumbles ok :)
14:42 Rumbles --tree-requires ??
14:42 ashrov thank you I will try
14:42 rav_ Thanks Rumbles, I am installing Ubantu and then install Master on Ubantu 14 server.  Thanks for your help
14:42 Rumbles np :)
14:43 teatime ashrov: I do crazy stuff like this all the time and mostly just make up the commands to re-format the lists on-the-fly.  find/ls/xargs/sed and a for loop in your shell will take you far.
14:43 teatime Rumbles: that sounds right :)
14:44 Rumbles can anyone suggest a way to run the saly module ningx.configtest as part of a state file, which checks to make sure the module returns true, if it does do one thing (run a nginx reload) if False print something to the console (i.e. a warning that the config couldn't be reloaded) ??
14:44 teatime ashrov: if you need help re-formatting repoquery --tree-requires to make it input for yumdownloader, I'm happy to assist
14:45 brd left #salt
14:45 Rumbles I think I can see how to run the nginx.configtest, but I don't see a way to have a condition on that and 2 options...
14:45 slacko_3249 joined #salt
14:46 ashrov thank you very much I need your help
14:48 catpig joined #salt
14:50 zmalone as a warning for anyone who is using the id grain for targeting instead of just the id itself, a minion can change it's grain id, it isn't "verified" like the normal id.
14:50 spuder joined #salt
14:51 zmalone https://gist.github.com/zmalone/ee20c3bcae647af3de1120702dd5ed39
14:51 ashrov teatime
14:51 ashrov ?
14:52 zmalone There are some warnings about the security of doing targeting by grain, but "id" is usually a promised value, so it might make sense to call it out specifically as not being verified
14:53 teatime ashrov: yes?
14:54 ashrov please see my message in private
14:54 teatime zmalone: yeah, it's well-known.  there's no reason to *target* using the id grain though since it's just as easy to target based on minionid directly
14:54 teatime ashrov: oh sorry, I didn't notice
14:56 akhter joined #salt
14:58 duncanmv joined #salt
14:58 mohae joined #salt
14:59 Brew joined #salt
15:01 akhter_1 joined #salt
15:03 akhter joined #salt
15:04 pjs joined #salt
15:05 akhter joined #salt
15:07 akhter_1 joined #salt
15:07 jrgochan joined #salt
15:07 flowstat_ joined #salt
15:09 jrgochan hello all! I'm trying to figure out if I should try switching to IdM, keep LDAP, or use SaltStack for user management after transitioning to RHEL7. I think I'm pretty content with just using SaltStack, but I can't find any easy to allow users to change their passwords and have them update on all machines. Any advice?
15:09 s_kunk joined #salt
15:10 Rumbles I don't know of a way to do that, you can set all passwords through salt, and set it not to be enforced if the user changes their password. But I dont know aa way to feed a changed password back to the master to roll that out to other hsots
15:12 hasues joined #salt
15:13 jrgochan Hrm. Would writing a custom salt runner and teaching people to use it be a good approach?
15:13 fxhp joined #salt
15:15 AdamSewell joined #salt
15:16 pipps joined #salt
15:19 kojiro joined #salt
15:20 spuder joined #salt
15:20 autofsckk joined #salt
15:23 AdamSewell joined #salt
15:23 akhter joined #salt
15:25 akhter_1 joined #salt
15:27 hasues left #salt
15:29 flowstate joined #salt
15:31 brotatochip joined #salt
15:31 frozenfoxx joined #salt
15:33 zmalone1 joined #salt
15:34 akhter joined #salt
15:34 ageorgop joined #salt
15:38 AdamSewell joined #salt
15:38 akhter_1 joined #salt
15:39 akhter joined #salt
15:41 akhter_1 joined #salt
15:43 akhter joined #salt
15:45 akhter_1 joined #salt
15:47 flowstate joined #salt
15:47 akhter joined #salt
15:49 akhter joined #salt
15:49 jhauser joined #salt
15:51 flowstate joined #salt
15:54 akhter_1 joined #salt
15:54 TaiSHi Anyone getting 'gpg: no valid OpenPGP data found.' when provisioning a machine?
15:56 flowstate joined #salt
15:56 teatime maybe you could have a central location for people to self-service their own master password
15:56 teatime like, you could have salt copy the hashes from the shadow file on one specific server
15:57 teatime and tell people to change their password on it, to have it set globally
15:57 teatime managing users through something like salt is sooo much easier if it works for your org :)
15:57 Guest79 joined #salt
15:58 bfrog joined #salt
15:58 teatime but it's going to be a little hacky for stuff like syncing passwords
15:59 DammitJim joined #salt
15:59 simon_c joined #salt
16:02 angvp TaiSHi: nobody, you broke salt
16:03 tampakrap left #salt
16:04 tharkun joined #salt
16:04 TaiSHi angvp: i usually do
16:07 Kruge joined #salt
16:08 Kruge Hi.  It's probably been asked about a million times already, but anyone got any idea when Xenial packages might be added to the Salt repo, please?
16:08 akhter joined #salt
16:13 akhter joined #salt
16:13 gtmanfred nope
16:13 gtmanfred our packager guy is working on them
16:14 gtmanfred we are looking at having 2015.8.9 tagged for next week
16:14 gtmanfred so my guess is 16.04 will be available when the packages for that release come out
16:14 simon_c hi all. how do I set which pillar data gets assigned to which minion ?
16:15 gtmanfred simon_c: in the pillar top file
16:15 gtmanfred https://docs.saltstack.com/en/latest/topics/pillar/#declaring-the-master-pillar
16:15 gtmanfred The top file used matches the name of the top file used for States, and has the same structure:
16:15 gtmanfred /srv/pillar/top.sls
16:16 TaiSHi gtmanfred: sorry to bother, have you seen issues like 'gpg: no valid OpenPGP data found.' when bootstrapping?
16:16 gtmanfred i have not
16:16 TaiSHi Happened several times with packer and do (salt-cloud)
16:17 gtmanfred I am spinning up a bunch of servers today  to deploy openstack, if I see it, i will let you know :)
16:17 simon_c gtmanfred: so I put *all* pillar assignments, in on top file in pillar/top.sls ? I can't break it out for each forumula ?
16:17 bltmiller joined #salt
16:18 gtmanfred you can have multiple top files in the different pillar roots
16:18 AdamSewell joined #salt
16:18 gtmanfred but they still go in a top.sls file
16:18 gtmanfred same way you can have multiple top files in different state roots
16:18 TaiSHi gtmanfred: doesn't always happen
16:19 simon_c gtmanfred: ok. I guess I'm getting ahead of myself then.
16:19 gtmanfred https://docs.saltstack.com/en/latest/ref/states/top.html
16:19 * simon_c goes back to working through the docs, in the *right* order.
16:19 rrei joined #salt
16:20 renaissancedev joined #salt
16:22 newjersey joined #salt
16:26 ageorgop joined #salt
16:28 jnials joined #salt
16:28 writtenoff joined #salt
16:29 viq joined #salt
16:32 Guest79 joined #salt
16:37 akhter joined #salt
16:39 duncanmv_ joined #salt
16:40 akhter joined #salt
16:40 rbjorkli1 joined #salt
16:40 jrgochan teatime: thanks for the suggestion
16:41 woodtablet joined #salt
16:42 akhter joined #salt
16:43 lero joined #salt
16:44 Sylvain31 hi, some custom prompting and/or bash cool alias related to salt usage on master and minions ?
16:44 akhter joined #salt
16:51 akhter joined #salt
16:51 rem5 joined #salt
16:54 bltmiller joined #salt
16:56 ronnix joined #salt
16:58 pdayton joined #salt
16:59 pdayton joined #salt
17:01 salty_solution joined #salt
17:01 KingJ What would be the ideal way to manage minion grains centrally? At the moment i'm just defining the grains locally in the configuration but I would prefer to do it centrally to make it easier to change grains on the fly.
17:01 akhter joined #salt
17:02 ronnix_ joined #salt
17:02 salty_solution \join ruby
17:02 salty_solution oops :)
17:03 KingJ The only way I can think to do it would be by using salt formula's configuration pillar, but then i'll need to definte every minion in the pillar top file and apply individual pillar configurations which have a list of grains in them.
17:03 KingJ ...if that makes sense!
17:04 salty_solution joined #salt
17:05 s_kunk joined #salt
17:06 viq_ joined #salt
17:07 autofsckk joined #salt
17:09 brianfeister joined #salt
17:13 akhter joined #salt
17:16 pipps joined #salt
17:17 Sylvain31 joined #salt
17:19 ronnix joined #salt
17:19 pipps99 joined #salt
17:22 flowstate joined #salt
17:24 impi joined #salt
17:25 lobo235 joined #salt
17:27 akhter_1 joined #salt
17:27 lobo235 Does the salt-master enforce salt states on minions on any kind of schedule? For example, if I have a salt state that installs the 'curl' package and a user uninstalls that package from one of my servers will it get reinstalled again?
17:28 lobo235 or do I have to manually run 'salt \* state.apply' to get all states to apply?
17:28 jfindlay lobo235: you can schedule a highstate with the scheduler
17:28 jfindlay or even cron
17:29 jfindlay https://docs.saltstack.com/en/latest/topics/jobs/#scheduling-jobs
17:29 lobo235 Ok, so, for example, I could have the salt-master schedule a highstate to run every 10 mins?
17:29 hasues joined #salt
17:29 * lobo235 is checking that link
17:30 hasues left #salt
17:30 jfindlay yes, you should be able to do that
17:31 akhter joined #salt
17:31 hasues joined #salt
17:32 hasues left #salt
17:32 lobo235 I've used other configuration management tools to enforce things like that every 10 mins or so but in the salt community is that considered good or bad practice?
17:33 zmalone It's more of an open ended decision, just like it is with most other tools
17:34 zmalone Some places prefer to do config management runs only when a user initiates a push, some places are ad hoc, some places schedule runs
17:34 subsigna_ joined #salt
17:34 zmalone I think 10 minutes is a little too much overhead, and usually go for 30m or an hour if I'm running my config management on a schedule
17:34 jfindlay well, if you have people removing packages from a production system, I'm guessing that would be a problem that salt really can't 'solve' :-)
17:35 kojiro heh
17:35 kojiro unless, of course, you have salt removing their access ;)
17:35 lkannan joined #salt
17:35 jfindlay but highstate enforcement should not be a big deal
17:35 serverascode joined #salt
17:36 jfindlay salt will do nothing if the system already confirms to it's configured state
17:36 jfindlay except use system resources depending on how complex your highstate is
17:36 kojiro Does salt-ssh upload a bunch of stuff every time it runs, or only the first time?
17:36 hillna joined #salt
17:37 tpaul joined #salt
17:38 aw110f joined #salt
17:38 jfindlay kojiro: salt-ssh operates out of an archived bundle of salt and some deps in a temp directory.  See the `-w` and `-W` options to salt-ssh
17:38 jfindlay to configure where and how often the archive is deposited
17:39 kojiro thanks
17:42 woodtablet you guys are awesome
17:42 flowstate has anyone had issues with supervisord states?
17:43 woodtablet hugs rooom
17:43 woodtablet grr.. that didnt do what ithought it would do
17:43 flowstate I'm trying to restart a supervisord-managed service, and what's happening is that it returns before the underlying process has been stopped, so when it restarts the process, it's OOM-killed
17:44 * woodtablet slaps self
17:44 woodtablet there we go
17:44 Karunamon joined #salt
17:44 flowstate it only works when the comment involves masochism
17:46 jhauser joined #salt
17:47 * LotR slaps flowstate "or sadism"
17:47 LotR ;)
17:47 flowstate hahaha, I should have known
17:48 flowstate guh, I am getting really annoyed at supervisord. I hope I didn't make a mistake using this over daemontools
17:48 KingJ Hm, I think ultimately reading around i'm going to need to switch from grains to nodegroups or pillars to be able to do what I want (centrally defining roles to apply to a node, as opposed to defining them locally). Both seem to have drawbacks though - pillar roles need a pillar refresh to apply and nodegroups need a master restart.
17:50 feld joined #salt
17:50 feld joined #salt
17:53 mavhq joined #salt
17:53 sjorge joined #salt
17:54 pipps joined #salt
17:56 jfindlay flowstate: what service management system are you using?  `service.running supervisord`, etc. should just be a wrapper around the equivalent `service supervisord start` on the system
18:00 akhter joined #salt
18:01 mavhq joined #salt
18:01 flowstate joined #salt
18:03 flowstate joined #salt
18:03 josuebrunel joined #salt
18:04 flowstate jfindlay: I was using the supervisord states
18:04 flowstate but I found the problem
18:05 flowstate always use 'exec' in the script you have supervisor manage
18:05 flowstate that way it's managing the underlying process, not the parent
18:05 akhter joined #salt
18:08 ronnix joined #salt
18:09 bltmiller joined #salt
18:09 rem5 joined #salt
18:10 murrdoc joined #salt
18:10 murrdoc does anyone know if queue:True works in a reactor
18:12 akhter_1 joined #salt
18:13 radhac1 joined #salt
18:14 radhac1 Hey all - I'm currently having salt handle a compilation process.  It first copies the require tar ball, extracts, and runs the appropriate commands to compile.  However, due to the longevity of the compilation process, the minion and master both seem to be crashing.  Is there a setting that can be changed to prevent this from happening?
18:14 Jimlad joined #salt
18:16 jfindlay radhac1: you could try increasing the timeout https://docs.saltstack.com/en/latest/ref/configuration/master.html#timeout
18:17 jfindlay but the minion should keep pinging the master regularly within the default timeout window if the job is not finished
18:17 radhac1 Hmm ok, I'll give it a shot jfindlay.  Thanks
18:17 jfindlay your compilation on the minion might slow things down so that the minion doesn't respond in time
18:20 akhter joined #salt
18:22 jfroot joined #salt
18:23 jfroot Hi gang… new user here.. we have a problem where some systems that are very busy in an computing cluster are not getting changes that are pushed out to them
18:23 akhter joined #salt
18:23 jfroot they are timing out and then we have some nodes that are then out of sync with the rest of the cluster which causes all kinds of strange issues
18:24 ajw0100 joined #salt
18:26 LtLefse_ joined #salt
18:27 zmalone joined #salt
18:28 akhter joined #salt
18:30 dendazen joined #salt
18:30 akhter_1 joined #salt
18:32 GreatSnoopy joined #salt
18:33 pipps joined #salt
18:34 duncanmv__ joined #salt
18:34 akhter joined #salt
18:35 flowstat_ joined #salt
18:39 woodtablet jfroot: when not pushing out changes, can you run remote commands like hostname on the nodes and they return ? (how many nodes btw)
18:40 bbradley joined #salt
18:40 hasues joined #salt
18:40 jfroot woodtablet: it’s usually about 1 or 2 of 400 that fail… as I said.. I am pretty new at this.. but it seems that it is failing silently and we then have no way of determining which nodes are out of spec of the rest after a push
18:40 hasues left #salt
18:40 amcorreia joined #salt
18:42 honestly jfroot you can check the job results
18:43 honestly run salt with an explicit timeout param and it will print the job id
18:43 honestly then you can check the job result and see which nodes completed
18:44 jfroot honestly: will it show which ones failed also?
18:44 jfroot I will RTFM ;)
18:44 jfroot as we use AWS for our cluster, and the exact number of nodes is always fluctuating
18:45 woodtablet you can look what the master's error for the jobid like honestly says, its in /var/lib/salt?/TONS_OF_FILES
18:45 ajw0100 joined #salt
18:48 duncanmv__ joined #salt
18:48 bltmiller joined #salt
18:50 jfindlay honestly: would that be `saltutil.find_job`?
18:51 honestly how do you even get those nodes to connect and auth to the salt master?
18:51 honestly jfindlay: hub?
18:51 honestly huh*?
18:52 jfindlay honestly: for querying the master job cache about job status
18:52 honestly dont need find_job for that
18:52 honestly i don't think
18:52 honestly but i don't remember the exact names
18:53 bVector https://docs.saltstack.com/en/latest/topics/jobs/
18:54 bVector https://docs.saltstack.com/en/latest/ref/runners/all/salt.runners.jobs.html#module-salt.runners.jobs
18:56 hexa- joined #salt
19:01 AdamSewell joined #salt
19:07 AdamSewell joined #salt
19:10 Zhen joined #salt
19:13 aarontc joined #salt
19:14 akhter joined #salt
19:14 AdamSewell joined #salt
19:16 bVector jfroot: you can schedule the minions to poll for changes instead using scheduler
19:17 akhter joined #salt
19:17 bVector that way they initiate the connection and its fresh for receiving the job
19:18 gh34 joined #salt
19:19 akhter_1 joined #salt
19:22 akhter joined #salt
19:23 bltmiller is there support for pip_state to install a tarball from file_roots? https://docs.saltstack.com/en/latest/ref/states/all/salt.states.pip_state.html#salt.states.pip_state.installed
19:25 akhter_1 joined #salt
19:26 pipps joined #salt
19:27 akhter joined #salt
19:27 viq joined #salt
19:33 subsignal joined #salt
19:33 pipps joined #salt
19:36 akhter joined #salt
19:36 merlehaggard How do you determine which service provider a formula should use? my SL 7.2 minion is trying to use update-rc.d for service management
19:39 amcorreia joined #salt
19:42 justanotheruser joined #salt
19:42 hasues joined #salt
19:46 aqua^c joined #salt
19:46 jav joined #salt
19:47 Freek joined #salt
19:47 gtmanfred merlehaggard: it determines it based on the grains of the minion
19:48 gtmanfred if it is marked as suse linux, it should only load the systemd service module
19:48 stooj joined #salt
19:49 gtmanfred https://github.com/saltstack/salt/blob/develop/salt/modules/systemd.py#L53
19:49 gtmanfred if it has a linux kernel, and is booted with systemd, that will get returned,as the service module
19:49 jhauser joined #salt
19:51 bryguy joined #salt
19:51 merlehaggard SL=Scientific Linux
19:51 gtmanfred sure, should still be systemd
19:51 gh34 joined #salt
19:51 Zhen joined #salt
19:51 duncanmv__ joined #salt
19:51 Karunamon joined #salt
19:51 bbendy_ joined #salt
19:51 tkeith joined #salt
19:51 whatever_sd_ joined #salt
19:51 hal58th joined #salt
19:51 cpowell joined #salt
19:51 repl1cant joined #salt
19:51 basepi joined #salt
19:51 ninkotech_ joined #salt
19:51 pppingme joined #salt
19:51 MikaT_ joined #salt
19:51 tawm04_ joined #salt
19:51 patrek joined #salt
19:51 whatevsz_ joined #salt
19:51 ekristen joined #salt
19:51 JohnnyRun joined #salt
19:51 rickflare joined #salt
19:51 Hipikat joined #salt
19:51 joren joined #salt
19:51 dynamicudpate joined #salt
19:51 ajolo joined #salt
19:51 rmc3 joined #salt
19:51 keekz joined #salt
19:51 thehaven joined #salt
19:51 Vivek joined #salt
19:51 pedja joined #salt
19:51 beardo joined #salt
19:51 invalidexception joined #salt
19:51 harkx joined #salt
19:51 gadams joined #salt
19:51 LtLefse_ joined #salt
19:51 murrdoc joined #salt
19:51 feld joined #salt
19:51 pdayton joined #salt
19:51 fxhp joined #salt
19:51 mpanetta joined #salt
19:51 ivanjaros joined #salt
19:51 west575 joined #salt
19:51 quasiben joined #salt
19:51 rnts_ joined #salt
19:51 Eureka703 joined #salt
19:51 macheck joined #salt
19:51 dunz0r joined #salt
19:51 terratoma joined #salt
19:51 BogdanR joined #salt
19:51 jcockhren joined #salt
19:51 djural joined #salt
19:51 notnotpeter joined #salt
19:51 eseyman joined #salt
19:51 SpeeR_ joined #salt
19:51 sarlalian_ joined #salt
19:51 the_lalelu joined #salt
19:51 MeltedLux joined #salt
19:51 debian112 joined #salt
19:51 MindfulMonk joined #salt
19:51 ronrib joined #salt
19:51 Gabemo joined #salt
19:51 M-MadsRC2 joined #salt
19:51 wryfi_ joined #salt
19:51 chamunks- joined #salt
19:51 mr_chris joined #salt
19:51 Shirkdog joined #salt
19:51 HeresJohny joined #salt
19:51 cliffstah joined #salt
19:51 _W_ joined #salt
19:51 colegatron joined #salt
19:51 lookcrabs joined #salt
19:51 jgelens joined #salt
19:51 CaptTofu joined #salt
19:51 jcastle joined #salt
19:51 Nazca joined #salt
19:51 evidence joined #salt
19:51 nkuttler joined #salt
19:51 pmcnabb joined #salt
19:51 chrismoos joined #salt
19:51 AdamSewell joined #salt
19:52 merlehaggard all salted servers/minions grain 'kernel' == Linux in this case
19:52 gtmanfred https://github.com/saltstack/salt/blob/develop/salt/modules/service.py#L29
19:52 gtmanfred sure, but then it checks that it is booted with systemd
19:53 gtmanfred and if it is, it would be loading the systemd service module
19:54 gtmanfred otherwise,in this case, it is loading whatever service module uses update-rc.d
19:54 merlehaggard fair enough, how does one look for that
19:54 gtmanfred you would have to go looking through the salt/modules directory
19:55 tkharju joined #salt
19:55 CaptTofu joined #salt
19:55 hasues left #salt
19:56 gtmanfred i can't think of a reason that it wouldn't load the systemd one though
19:56 merlehaggard afaik, default.target -> /lib/systemd/system/multi-user.target
19:57 merlehaggard the formula in ? is sensu
19:57 cyborg-one joined #salt
19:57 gtmanfred if you run salt service.status default.target
19:57 gtmanfred or something
19:57 gtmanfred does it return back the desired result?
19:58 ageorgop joined #salt
19:58 bltmiller joined #salt
19:59 merlehaggard my 7.2 hosts return True
19:59 gtmanfred ok
19:59 gtmanfred so , systemd is all working correctly
19:59 gtmanfred which formula are you using?
19:59 gtmanfred link to it
20:00 merlehaggard https://github.com/saltstack-formulas/sensu-formula
20:01 gtmanfred yeah,i don't see anything in there in particular that would force it to use update-rc.d
20:01 gtmanfred it should be using the loaded service module, which in your case is systemd
20:01 stooj joined #salt
20:02 merlehaggard I have reported other breakage also, but one host in particular already has all bits installed just and I'm sending the conf file updates and it can't restart the services
20:02 emankcin joined #salt
20:03 merlehaggard I could create a minion config manager and add provider if osrelease==7.2 but I shouldn't have to
20:08 bryguy joined #salt
20:09 ahammond so, if I wanted to pull the cloud/clouds/vultrpy.py into my 2015.8.8.2, can I put it under _clouds in my file base (analogous to how I'd put a module into _modules)?
20:09 murrdoc will beacons work to watch a symlink ?
20:09 ahammond murrdoc almost certainly with recurse... but without it, I don't think so... assuming you're using the inotify one.
20:10 murrdoc yeah
20:10 jhauser_ joined #salt
20:10 gtmanfred ahammond: not with 2015.8 i don't think
20:10 murrdoc i just want to watch 4 symlinks
20:10 gtmanfred maybe with 2016.3
20:10 gtmanfred depends on if the salt-run sync_* added clouds
20:10 gtmanfred and if cloud modules were made to also look at extmods, which i don't think they were
20:12 ahammond gtmanfred thanks. would have been cool, but not a big deal. vultr can wait. :)
20:13 pipps joined #salt
20:16 akhter joined #salt
20:17 mapu joined #salt
20:18 brotatochip joined #salt
20:18 choopooly joined #salt
20:19 akhter joined #salt
20:22 aarontc joined #salt
20:23 choopooly hello, is there a way to order reactor states ?
20:26 onlyanegg joined #salt
20:28 pipps joined #salt
20:32 akhter joined #salt
20:33 iggy they should be in top-down order
20:37 salty_solution joined #salt
20:37 choopooly that's what I thought, but it doesn't seems to be the case
20:39 jhauser joined #salt
20:40 choopooly I basically add a grain and then apply a state in that order in the reactor state. If the grain remain with the same value it works as expected, but if it change then the state is applied before...
20:40 AdamSewell joined #salt
20:43 emankcin I try to create my first salt-cloud on VMware and got  "Error creating test_salt_srv: (vmodl.fault.NotSupported) " is this a driver error?
20:44 akhter joined #salt
20:46 akhter joined #salt
20:46 irctc620 joined #salt
20:47 irctc620 hello
20:47 irctc620 would anyone be able to help or suggest a link to how to format at pillar top.sls file?
20:47 irctc620 i have been busting my brain with all sorts of combinations.
20:48 irctc620 i am trying to get nodegroups to work in pillar top.sls
20:50 akhter_1 joined #salt
20:50 brotatochip joined #salt
20:51 liskl joined #salt
20:51 emankcin In the pillar top you can call all other pillar files.
20:59 shiriru joined #salt
21:00 irctc620 thanks
21:01 irctc620 i figured out what i was doing wrong. i was not targeting the nodegroup in the salt sls file properly.
21:03 MindDrive joined #salt
21:04 yomilk joined #salt
21:09 akhter joined #salt
21:10 yomilk joined #salt
21:14 akhter joined #salt
21:15 Rumbles joined #salt
21:16 ahammond in my execution module, I'm calling from salt.util.ipaddr import IPAddress, but it fails. How do I import this correctly?
21:16 viq joined #salt
21:17 viq_ joined #salt
21:19 viq_ joined #salt
21:21 AdamSewell joined #salt
21:25 akhter joined #salt
21:32 lws_ Hey, how does the orchestration module interact with environments?
21:32 lws_ I don't see how you specify an environment to apply the orchestration against.
21:32 jhauser joined #salt
21:34 akhter joined #salt
21:35 foundatron Hi, is there an easy way to verify that i have connected to a external pillar?
21:35 jhauser_ joined #salt
21:35 pfallenop joined #salt
21:35 pfallenop joined #salt
21:38 akhter joined #salt
21:38 subsignal joined #salt
21:38 jhauser__ joined #salt
21:45 jhauser joined #salt
21:51 akhter joined #salt
21:51 CeBe joined #salt
21:55 rem5 joined #salt
21:56 jfindlay foundatron: you could try `salt <minion> pillar.items`
21:58 foundatron is there a way to list ext_pillars?
21:58 foundatron I'm trying to debug an s3 pillar I'm trying to add
21:58 zmalone joined #salt
22:04 jhauser joined #salt
22:05 perfectsine joined #salt
22:10 hajhatten joined #salt
22:14 Bucciarati joined #salt
22:18 flowstate joined #salt
22:19 jhauser joined #salt
22:24 ashmckenzie joined #salt
22:25 akhter joined #salt
22:26 lws Hey jfindlay, how's it going!
22:28 akhter_1 joined #salt
22:28 jfindlay it is going tolerably
22:29 akio joined #salt
22:30 akio Where do I look for templating salt files served? Trying to use grain defined variables to set in config files.
22:31 brotatochip joined #salt
22:33 akhter joined #salt
22:35 pdayton joined #salt
22:35 meekrab joined #salt
22:35 aw110f joined #salt
22:36 Corey joined #salt
22:37 zenlot joined #salt
22:38 pdayton joined #salt
22:40 akhter_1 joined #salt
22:41 jfindlay akio: salt:// is relative to file_roots
22:42 akio looking to use grains in the sourced file, {% %} syntax i believe
22:42 akio i.e. syslocation in snmpd.conf
22:43 akio i have a grain location
22:43 akio syslocation {% grains['location'] %}
22:43 akio something like this i'm thinking
22:45 pdayton1 joined #salt
22:45 akhter joined #salt
22:47 akio still not getting it right
22:47 akio syslocation {{ location }}
22:47 pdayton joined #salt
22:48 akio jinja variable undefined
22:49 jfindlay akio: `{%- set location = grains.get('location') %}`
22:49 jfindlay `syslocation {{ location }}`
22:50 akio syslocation {{ grains['location'] }} is the answer i was looking for
22:51 * jfindlay fails
22:51 akio lol, thanks anyway
22:57 adelcast joined #salt
22:58 pdayton1 joined #salt
23:06 blue0ctober joined #salt
23:10 brotatochip joined #salt
23:12 spuder joined #salt
23:14 bltmiller joined #salt
23:17 spuder_ joined #salt
23:18 flowstate joined #salt
23:22 AdamSewell joined #salt
23:33 SheetiS joined #salt
23:34 akio jfindlay: what about the right way to install vim with different package names?
23:34 akio i did it before but i lost the files
23:34 akio years ago
23:36 estahn joined #salt
23:39 akio pillar ftw
23:41 ajw0100 joined #salt
23:42 AdamSewell joined #salt
23:49 mapu joined #salt
23:52 aqua^c joined #salt
23:55 keldwud joined #salt
23:56 rem5 joined #salt
23:58 dendazen joined #salt
23:59 meekrab_ joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary