Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2016-07-06

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:02 renaissancedev joined #salt
00:06 darvon joined #salt
00:31 _JZ_ joined #salt
00:32 wm-bot4 joined #salt
00:36 iggy renaissancedev: unfortunately no
00:36 iggy I had an idea for solving that at one point, but never got anywhere with it
00:37 Nahual joined #salt
00:38 woodtablet left #salt
00:38 iggy Slimmons: how are you calling the api?
00:46 infrmnt1 joined #salt
00:47 rem5 joined #salt
00:51 sjmh joined #salt
01:02 noraatepernos joined #salt
01:04 iceyao joined #salt
01:06 iceyao_ joined #salt
01:19 fannet joined #salt
01:32 catpigger joined #salt
01:33 subsignal joined #salt
01:46 netjak joined #salt
01:46 sjmh joined #salt
01:48 ilbot3 joined #salt
01:48 Topic for #salt is now Welcome to #salt! | Latest Versions: 2015.5.10, 2015.8.10, 2016.3.1 | Support: https://www.saltstack.com/support/ | Logs: http://irclog.perlgeek.de/salt/ | Paste: https://gist.github.com/ (please don't multiline paste into channel) | See also: #salt-devel, #salt-offtopic | Ask with patience as we are volunteers and may not have immediate answers
02:01 _JZ__ joined #salt
02:01 hasues joined #salt
02:01 hasues left #salt
02:08 felskrone joined #salt
02:10 justanotheruser joined #salt
02:14 _JZ_ joined #salt
02:17 flowstate joined #salt
02:24 _JZ_ joined #salt
02:25 DEger joined #salt
02:27 MTecknology hm.... How can I check the length of a variable in jinja?
02:28 hemebond MTecknology: |length
02:28 * MTecknology hugs hemebond
02:36 elektrix_ using saltstack 2015.5 on ubuntu 14.04, can apache.a2enmod take a dictonary?
02:36 elektrix_ only thing I can get working is apache_module.enable, and that's only w/ a single module
02:37 elektrix_ and can't get apache.a2enmod to work at all
02:44 debian112 joined #salt
02:45 racooper joined #salt
02:55 iggy apache.a2enmod is a module, not a state
02:55 iggy elektrix_: ^
02:55 elektrix_ ahh
02:56 elektrix_ well, I just worked around it by doing this:
02:56 elektrix_ https://gist.github.com/vando/d6be2fd51207a10dcd6b
02:56 elektrix_ but replacing the cmd.run with apache_module.enable
02:57 elektrix_ I guess I need to learn the finer differences between modules and states...have a good link? Wasn't obvious when searching through doc
03:00 elektrix_ execution modules vs state modules?
03:00 elektrix_ reading up on it now...thanks
03:01 iggy yeah, you don't put salt.modules.* in sls files
03:01 elektrix_ ok...guess I need to grok the doc better to determine what can go in sls files
03:02 iggy those functions are for the command line (i.e. salt '*web*' apache.a2enmod)
03:02 iggy salt.states.* go in sls files
03:02 iggy https://docs.saltstack.com/en/latest/salt-modindex.html good start
03:03 elektrix_ thanks!
03:03 elektrix_ kinda diving into the deep in, so haven't had time to learn all the nuances...thanks again
03:04 iggy the best way to learn (and the worst)
03:05 elektrix_ ha
03:06 elektrix_ that doc should save me a LOT of time :D
03:18 flowstate joined #salt
03:22 evle joined #salt
03:24 rem5 joined #salt
03:32 subsignal joined #salt
03:41 monokrome joined #salt
03:43 robawt joined #salt
03:43 netjak joined #salt
03:52 arif-ali joined #salt
03:54 traph_ joined #salt
04:03 Disorganized joined #salt
04:17 Zachary_DuBois joined #salt
04:17 flowstate joined #salt
04:54 DEger joined #salt
05:01 stanchan joined #salt
05:07 netjak joined #salt
05:10 zer0def joined #salt
05:16 flowstate joined #salt
05:21 fannet joined #salt
05:24 brent_ joined #salt
05:49 badon joined #salt
06:12 impi joined #salt
06:13 kawa2014 joined #salt
06:17 flowstate joined #salt
06:29 noraatepernos joined #salt
06:35 Exapiper pillars are like states but are stored on the master ya?
06:35 Exapiper I have a user created using a declaration in a state file along with a password - my instructor says I should use a pillar for that
06:45 iceyao joined #salt
06:50 mohae_ joined #salt
06:53 toanju joined #salt
06:53 badon joined #salt
06:53 iceyao_ joined #salt
07:00 k_sze[work] salt-key is just a frontend to the pki directory, right?
07:01 k_sze[work] I can, e.g., just delete a key from the /etc/salt/pki/master/minions_denied/ directory and it won't break salt in obscure ways (as long as I know that key is not in use), right?
07:04 CeBe joined #salt
07:10 babilen Exapiper: Pillars are simply minion specific data and therefore useful for storing information that shouldn't be available to all minions
07:10 babilen k_sze[work]: Correct
07:14 POJO joined #salt
07:18 flowstate joined #salt
07:21 keimlink joined #salt
07:21 berto- joined #salt
07:22 fannet joined #salt
07:22 manji joined #salt
07:27 deus_ex1 joined #salt
07:27 bantone Exapiper: that's right, stored on the master, but the pillar data is only available for the targeted minion
07:31 manji joined #salt
07:32 colegatron joined #salt
07:39 neilf__ joined #salt
07:44 berto- joined #salt
07:46 Hydrosine joined #salt
07:49 Rumbles joined #salt
07:51 deus_ex joined #salt
07:56 Rumbles is there any way to get the salt master to print out exactly what it is trying to do when you run a state? I am trying to test a state before applying it, but it's give a weird error: https://paste.fedoraproject.org/388238/
07:56 Rumbles I don't even have a state called mongo, and while I have one called mongodb it isn't applied to this host and I'm not trying to appply it to this host...
07:56 DEger joined #salt
07:57 hemebond Do you have a pillar called mongo?
07:57 hemebond You can also tail the minion log (on the actual minion)
07:58 Rumbles yes, there is a pillar called mongo, but again it shouldn't be used by any state that I'm tryingt o aply or any that it uses :/
07:58 Rumbles to apply*
07:58 Rumbles I'll check the minion logs
07:59 Rumbles I did check the master logs like the error says, nothing there, tried in debug mode, nothing useful
07:59 hemebond It might not get used, but it still gets constructed if it's applied to the minion.
07:59 hemebond The error is about the pillar, not a state module.
08:00 Rumbles the minion logs are empty
08:00 hemebond Yeah, the error is on the master
08:00 hemebond The Pillar is broken.
08:01 Rumbles the pillar is fine for hosts that use it, this host has no state that uses the pillar
08:01 lero joined #salt
08:01 hemebond But are you applying the pillar to the minion?
08:01 hemebond Is it applied in the pillar top.sls to this minion?
08:03 Rumbles I'm not applying the pillar to the minion, although the minion has access to the pillar in the pillar top
08:03 hemebond I don't understand.
08:04 Rumbles nor do I
08:04 Rumbles it makes no sense
08:04 Rumbles I think it's a bug in test
08:04 hemebond Either you're applying the Pillar to the minion (via the pillar top.sls) or you're not.
08:04 Rumbles because I believe if I run this without test it will work fine
08:04 babilen What do you mean by "has access to the pillar in the pillar top" and how does that differ from "not applying the pillar to the minion" ?
08:04 Rumbles in the pillar top all hosts have access to the mongo pillar
08:04 hemebond Then it is applied.
08:05 hemebond Always.
08:05 Rumbles it doesn't hold sensitive data
08:05 Rumbles but this state doesn't use the mongo pillar
08:05 hemebond Doesn't matter.
08:05 hemebond Nothing to do with the state.
08:05 hemebond The states don't decide which Pillars are applied, the top.sls decides.
08:06 Rumbles right, but this pillar has no variables applied to this host
08:06 Rumbles it really shouldn't have any bearing on this state
08:06 AndreasLutro the states are irrelevant
08:06 hemebond But the Pillar still has to compile.
08:06 AndreasLutro pillars are rendered separately from states
08:06 Rumbles and it does compile fine
08:06 AndreasLutro your error message says otherwise
08:06 Rumbles it only fails when running this test on a few hsots that don't use it
08:07 hemebond salt 'portal-web2.domain.net' pillar.items
08:07 hemebond Does that work without error?
08:07 AndreasLutro so your mongo.sls has a bug for those hosts
08:07 Rumbles 1 sec
08:07 AndreasLutro find and fix the bug
08:08 AndreasLutro or make sure that sls file doesn't get matched for the hosts in your pillar top.sls
08:08 Rumbles pillar items returns without error
08:09 Rumbles but it does match something in the pillar for mongo
08:09 Rumbles that helps, thanks
08:09 hemebond Good luck :-)
08:09 AndreasLutro just check the master logs for pillar render errors
08:09 Rumbles AndreasLutro, master logs were empty
08:09 Rumbles even in debug mode it gave no useful info to help find the issue
08:10 AndreasLutro usually I have to saltutil.refresh_pillar to trigger pillar render errors
08:10 AndreasLutro because of caching and whatnot
08:10 hemebond Oh, true. I really hate having to use that.
08:12 Mandorath joined #salt
08:16 deniszh joined #salt
08:17 flowstate joined #salt
08:18 linjan joined #salt
08:19 krymzon joined #salt
08:20 rburkholder joined #salt
08:24 fannet joined #salt
08:24 Rumbles okay, so I looked in to the pillar, and my colleague wrote it so that if it matches a given hostname with will provde the hst with 2 variables, this seems to be working fine, so I'm not sure how I can "fix it", I've had to sanitise th information to remove the hostnames/zoneid:
08:24 Rumbles https://paste.fedoraproject.org/388242/
08:24 Rumbles any idea what's wrong with that pillar?
08:25 hemebond What is that elif?
08:25 hemebond Are you not able to provide the {% if %}?
08:27 hemebond Can't see an issue with what is there assuming every line not included is correct :-)
08:31 Rumbles each if is a similar condition, we have a load of hosts named by client
08:31 ronnix joined #salt
08:31 Rumbles so if '.tap.ie.aws.domain.net' in grains["id"]
08:31 Rumbles is the first one
08:31 hemebond hmm
08:32 jhauser joined #salt
08:32 Rumbles every one is similar as we have a host naming convention where application comes first, then client, region, aws/dev, domain.net
08:32 Rumbles we're just seperating each out by client
08:32 toanju joined #salt
08:32 hemebond salt 'portal-web2.client.domain.net' saltutil.pillar_refresh
08:33 Rumbles argh
08:33 Rumbles thanks
08:33 Rumbles that fixed it
08:33 Rumbles infuriating
08:33 hemebond ?
08:33 hemebond The refresh fixed it?
08:33 Rumbles I ran the test again afterwards
08:33 Rumbles no error
08:35 s_kunk joined #salt
08:37 * Rumbles goes to get a drink
08:37 hemebond That one gets me all the time too.
08:38 Rumbles I saw AndreasLutro mention it earlier, but I wasn't sure how to run the refresh pillar :/
08:38 Rumbles thanks for being so patient with me hemebond :)
08:38 hemebond Happy to help :-)
08:43 Elsmorian joined #salt
08:46 netjak joined #salt
08:47 iceyao joined #salt
08:53 colegatron joined #salt
08:55 iceyao_ joined #salt
08:56 toanju joined #salt
09:00 netjak joined #salt
09:02 netjak joined #salt
09:09 fredvd joined #salt
09:11 ravenx joined #salt
09:12 Mandorath I have system.reboot configured in a salt state but i want it to wait one minute before rebooting. I tried it with the at_time option but this does not seem to work, it just reboots without waiting. Is there an other wait to wait rebooting?
09:14 manji Morrolan, are you sure it is passed properly ?
09:15 manji erm
09:15 manji Mandorath, :p
09:15 manji in the code it does a
09:15 manji cmd = ['shutdown', '-r', ('{0}'.format(at_time) if at_time else 'now')]
09:15 manji ret = __salt__['cmd.run'](cmd, python_shell=False)
09:16 manji otherwise, you can do what the module actually does, do a cmd.run
09:16 flowstate joined #salt
09:29 N-Mi joined #salt
09:29 N-Mi joined #salt
09:49 renaissancedev joined #salt
09:50 daks joined #salt
09:50 Mandorath manji: Thx, was pretty obvious but i'm using cmd.run now:D
09:50 daks hello
09:51 daks i got a question about the postfix-formula on the github saltstack-formulas repository
09:51 manji Mandorath, nah, I just found it odd that it is not working as the code was pretty straight forward for this module function
09:52 y3k joined #salt
09:52 daks is it possible to genereate any db file, like it seems it's possible when reading files/mapping.j2
09:52 daks and if it is, how?
09:52 daks because i try to generate files for my (virtual) domains and mailboxes and can't find the correct syntax
09:55 daks my pillar file looks like this https://friendpaste.com/EdJdT3X8sEWfgbtt8Ncok
10:12 deus_ex joined #salt
10:14 felskrone joined #salt
10:17 flowstate joined #salt
10:27 netjak joined #salt
10:30 mortis well this was fun, file.managed on a nagios services.cfg being a jinja-template looking up values in saltmine and autogenerating nagiosmonitoring :)
10:36 blarghmatey joined #salt
10:50 lightus joined #salt
10:54 lightus left #salt
10:56 linjan joined #salt
11:01 SpX joined #salt
11:03 netjak joined #salt
11:04 DEger joined #salt
11:07 flowstate joined #salt
11:18 colegatron joined #salt
11:27 hoonetorg can it be that keystone.endpoint_present is broken in 2016.3
11:29 netjak yello
11:33 colegatron joined #salt
11:37 subsignal joined #salt
11:38 subsignal joined #salt
11:39 debian112 joined #salt
11:39 kshlm joined #salt
11:39 subsigna_ joined #salt
11:44 netjak still on a problem from yesterday with that user state
11:44 netjak i changed variable from user to joe
11:45 netjak and it still throws error for user variable
11:46 manji state/pillar snippet ?
11:47 netjak sec
11:48 netjak looks like it is working now
11:49 netjak yep
11:49 netjak insane
11:49 netjak same state file just changed user to joe and no more error
11:51 netjak https://paste.debian.net/777478/
11:51 netjak manji: ^^
11:52 netjak when it was user instead of joe
11:52 netjak Rendering SLS 'base:users' failed: Jinja variable 'user' is undefined
11:52 netjak gonna try to chabge again
11:52 manji that is super weird, did you paste that from somewhere, or you had a non-lati char by mistake?
11:52 manji it has happened to me  :p
11:52 manji like user and ?ser :p
11:53 patrek_ joined #salt
11:54 netjak ?
11:54 netjak no
11:54 netjak now i changed back to user again and i works
11:54 netjak wtf]
11:55 manji scould be that ome non-printable thing/char got somewhere in there :p
11:55 manji could*
11:55 manji some*
11:55 manji weird indeed
11:55 netjak yea
11:57 dmaiocchi joined #salt
12:02 permalac joined #salt
12:02 impi joined #salt
12:06 subsignal joined #salt
12:09 lero joined #salt
12:10 debian112 left #salt
12:10 debian112 joined #salt
12:13 colegatron joined #salt
12:14 rem5 joined #salt
12:27 west575 joined #salt
12:28 TyrfingMjolnir joined #salt
12:28 blarghmatey joined #salt
12:30 amcorreia joined #salt
12:32 rem5 joined #salt
12:39 Garo_ joined #salt
12:41 gh34 joined #salt
12:42 toastedpenguin joined #salt
12:43 netjak joined #salt
12:43 guedressel joined #salt
12:55 impi joined #salt
12:57 lero joined #salt
13:05 rem5 joined #salt
13:05 amcorreia joined #salt
13:06 numkem joined #salt
13:08 netjak joined #salt
13:16 flowstate joined #salt
13:18 flowstate joined #salt
13:18 TooLmaN joined #salt
13:19 jhauser joined #salt
13:20 rem5 joined #salt
13:24 krymzon joined #salt
13:32 lero__ joined #salt
13:33 racooper joined #salt
13:35 bluenemo joined #salt
13:35 jhauser joined #salt
13:37 colegatron joined #salt
13:37 bluenemo hi guys. I have this monitoring system and wrote a state module for it with which I can create a check for say RBL. I use a grain called public_ip from salt to get the IP of my minion. When running a formula on the master, can I iterate over the present minions somehow and access their grains data respectively (in a salt formula)?  As in iterate over the minions, and then have sth like grains[minion]['public_ip']. Otherwise I would have to run the
13:37 bluenemo states on the minions, while actually I just want their grains. The minion I would run everything on then would be on the same machine as the master. The reason is I dont want to store the API credentials as pillar data on the minions in /var/cache/salt. Do I explain myself understandable?
13:37 tperale joined #salt
13:39 AndreasLutro bluenemo: look into mine data
13:41 bluenemo AndreasLutro, you're right, should do that :)
13:41 jcalero joined #salt
13:44 bowhunter joined #salt
13:48 aryan hi all, tenant: <userid> should be tenant:<tenant_name>, and NOT <tenant_id>, https://docs.saltstack.com/en/latest/ref/clouds/all/salt.cloud.clouds.nova.html
13:48 impi joined #salt
13:49 krymzon joined #salt
13:53 flowstate joined #salt
13:54 krymzon_ joined #salt
13:56 hasues joined #salt
13:56 hasues left #salt
13:57 hoonetorg ^^^ nvm  keystone.endpoint_present works
13:58 hoonetorg but it fails if not all 3 endpoints of one service exist
13:58 blueelvis joined #salt
13:59 hoonetorg so if you delete one endpoint manually (f.e. public), you must also delete admin and private of the same endpoint
14:00 hoonetorg otherwise !all! keystone.endpoint_present fail in your highstate f.e.
14:00 hoonetorg because salt-module keystone.endpoint_get fails
14:03 bluenemo about the mine - the mine data is then available to all minions?
14:03 bluenemo (I can use it in states on any minion - there is no way to split up the data and say only minion A and B can see the foobar mine data of all minions?)
14:05 krymzon joined #salt
14:07 west575_ joined #salt
14:08 bluenemo ah found the doc
14:14 ajv joined #salt
14:21 Sylvain31 joined #salt
14:21 krymzon_ joined #salt
14:28 netjak joined #salt
14:30 krymzon joined #salt
14:35 ajv joined #salt
14:37 kshlm joined #salt
14:37 iceyao joined #salt
14:39 iggy bluenemo: publish is more real time than mine data... but realistically nothing in salt is really that great at solving that problem
14:40 iggy hoonetorg: you mind sending a PR for the docs to clarify that?
14:41 numkem joined #salt
14:43 bluenemo iggy, its more about having access to the list of disks of all minions on one specific minion than real time. I dont want to use salt for monitoring, I just want to detect disks and then add checks to my monitoring. If the disks show up 5 minutes after they were inserted or one day after is no drama for me. I will most likely run the "create checks" state by hand at the beginning.
14:44 bluenemo If I want nifty service autodetection, the monitoring system would have to do that. check_mk can do this for example
14:45 iggy my point was really that mine and publish both suck
14:45 johnkeates joined #salt
14:45 iggy neither verify that all minions report data
14:45 bluenemo iggy, I dont get publish yet, reading the doc but am confused. What do you dislike about the mine? seems to suit my purpose - kinda like grains only on the master, and you can define who has access to them + collect the info from all minions
14:45 bluenemo ah, I see. true.
14:46 iggy it's more things like that
14:46 bluenemo well you could collect the time via the mine and check if that "time thing" (dont get what its called with the mine yet) is not to old
14:46 bluenemo but thats hacky
14:46 iggy I mean their expected purpose is nice, but their actual execution is somewhat lacking for what I've tried to use them for in the past
14:47 bluenemo what do you mean (actual exec)?
14:48 west575 joined #salt
14:48 iggy so... they could work fine for your use case... I'm just trying to enlighten as to some of the drawbacks
14:48 hoonetorg iggy: will prepare
14:48 tapoxi joined #salt
14:48 netjak finally figured out what was not rendering :)
14:48 netjak file.managed:
14:48 netjak - name: /home/{{ user }}/.ssh/config
14:49 teryx510 joined #salt
14:49 tapoxi heya salt, before I upgrade just sniffing around and seeing if anyone ran into trouble jumping from 2016.3.0 to 2016.3.1
14:49 netjak this line was failing
14:50 netjak shouldn't this wrok??
14:50 iggy tapoxi: no problems here (but that's only 3 minions... so not a huge sample size)
14:50 iggy netjak: maybe put it in quotes?
14:51 bluenemo is there such a thing as  salt 'util*' mine.get 'util*' '*'  , as in get all data available? like salt 'util*' grains.items
14:51 iggy bluenemo: that should work
14:51 bluenemo iggy, tried, wont :(
14:51 tapoxi iggy good enough for me :) what platform?
14:52 iggy tapoxi: that's Ubuntu and Debian
14:52 bluenemo its a bit like grains.get '*', which also doesnt work, I think thats why they invented grains.items
14:53 tapoxi iggy ahh ok.
14:53 bluenemo how would I get a list of all minions into the mine?
14:53 irctc398 joined #salt
14:53 iggy bluenemo: get all minions to report data
14:54 netjak iggy:  when i put it quotes it set 'user' instead of var value
14:54 irctc398 i have 3 environments (dev,stage,prod) I want to create a separate top file for each, what is a good way where I can create a top level top.sls file so we can configure each environment separately?
14:54 iggy come to think of it, I may not have been querying the mine to get all the data... I think I wrote something that was reading the files onthe master
14:55 tapoxi irctc398 you can configure that in your /etc/salt/master
14:55 iggy netjak: I mean put the whole line (after `- name: `) in quotes (leave the variable name in {{ }} )
14:55 netjak yep i did, still doesnt rnder
14:56 netjak render
14:56 irctc398 tapoxi: is that defined in the file_roots?
14:56 tapoxi irctc398 yes
14:56 iggy netjak: erase the file, retype it by hand
14:56 irctc398 tapoxi: ok thx
14:56 tapoxi you can do the same thing with pillar data
14:56 netjak file si fine except this line
14:56 iggy irctc398: personally, I'd use different masters
14:57 irctc398 iggy: yeah makes more sense
14:57 irctc398 that will be the plan for the future
14:58 netjak when i set username manually it works, jus this part of jinja doesnt render
14:58 dh__ joined #salt
14:58 DEger joined #salt
14:58 iggy I've had so many issues with salt environments... plus there is generally a larger number of people that can do stuff in dev vs qa vs prod... easier to keep them honest of they just don't have access
14:59 dh__ Has anyone used Salt with CoreOS? I know it's typically done with cloud-config, etc. We want to look into CoreOS but it doesn't come with Python libraries by design. Would I just install Python/Salt in a priviledged container and use it as I normally would?
14:59 _JZ_ joined #salt
14:59 iggy netjak: I feel like there is something wrong with this file... some non-printable character or something... your issues seem very suspicious and not salt related
15:00 corichar joined #salt
15:00 iggy dh__: I've heard a few people talk about it... get about as far as you did and give up
15:01 dh__ lol awesome
15:02 mohae joined #salt
15:03 |_[O_O]_| joined #salt
15:04 Brew joined #salt
15:04 |_[O_O]_| Good day, the 'duration' metric from "salt-run jobs.lookup_jid" thats not in seconds is it?
15:06 iceyao joined #salt
15:12 remyd1 joined #salt
15:13 kawa2014 joined #salt
15:13 remyd1 Hi. I am looking to do file.managed in a state with a directory. Is it possible ? with gitfs:// source ?
15:13 remyd1 In fact, I need to deploy a formula which is sending a whole directory
15:14 remyd1 it is not really convenient to do it for each file in it
15:15 iggy remyd1: file.recurse supports jinja templating
15:15 iggy (if that doesn't answer your question, maybe rephrase your question... it's a little unclear)
15:15 johnkeates |_[O_O]_|: it might be in parsecs devices by space and time
15:15 tapoxi dh__ I mean you could, kinda, but there's not a lot to configure on coreos itself by design
15:16 |_[O_O]_| johnkeates: wouldn't surprise me, if it were seconds these states would be taking hours to apply ;)
15:16 krymzon joined #salt
15:16 remyd1 iggy, it is exactly what I meant
15:17 remyd1 thx
15:17 tapoxi dh__ ideally its just a  dumb box that runs kubernetes and/or fleet
15:18 hasues joined #salt
15:18 dh__ tapoxi, understood. What we'd mostly use it for would be adding systemd unit files, firewall rule enforcement, and gathering of data..performance and otherwise
15:18 dh__ I dont expect much from it, but we use salt exclusively, so I need to be able to say 'yeah it will work'
15:20 tapoxi dh__ I've used coreos a bunch and salt a bunch but not the two together, might work as long as you run the salt bootstrap from cloud-init, it locks the root partition as ro afterwards
15:21 tapoxi oh right no python, hmm
15:21 tapoxi then use a management container
15:21 iggy salt-ssh?
15:21 garphy joined #salt
15:21 tapoxi salt-ssh still needs python
15:21 Gabemo joined #salt
15:21 iggy oh right
15:22 iggy proxy minion?
15:22 tapoxi also an option
15:22 iggy meh, it's why I gave up on coreos
15:23 tapoxi a lot of monitoring tools (cadvisor, sysdig) require elevated privs, so a monitoring/control container would make sense. just use kube/fleet to pin it to the machine.
15:24 flowstate joined #salt
15:24 hasues left #salt
15:24 flowstate joined #salt
15:25 Sylvain31 hi, is there a way to get the first key of a dictionary defined in a pillar? or is it unordered and it doesn't make sens?
15:27 ecdhe joined #salt
15:27 ecdhe_ joined #salt
15:29 iggy Sylvain31: they should be considered unordered (although salt uses OrderedDict when it's available)
15:32 dyasny joined #salt
15:32 Sylvain31 iggy: ok, not awlays? state are somewhat ordered in sls file? no?
15:37 watersoul joined #salt
15:37 iggy Sylvain31: sls files are processed top-down, yes
15:38 iggy I'm honestly not quite sure how sls files are processed, because OrderedDict isn't available in every python version that salt supports
15:38 jcalero joined #salt
15:41 west575_ joined #salt
15:41 tristianc_ joined #salt
15:41 bluenemo i cant seem to get my minion to sync grains via salt 'util*' saltutil.sync_grains
15:42 watersoul_ joined #salt
15:42 bluenemo it shows stuff like Loading core.zmqversion grain in the minion log but it wont notice my /srv/salt/_grains/example.py
15:42 bluenemo master and minion both 2015.8.8.2
15:42 bluenemo sorry, meant 2016.3.1
15:43 debian112 joined #salt
15:44 bluenemo its also not picking up anything else (custom state moduels in /srv/salt/_states for example). everything does show up in cp.list_master though
15:46 remyd1 Does anyone know if it is possible to mix gitfs repository with salt:// or other storage type, depending on your states / formulas ?
15:48 netjak joined #salt
15:49 robrotheram joined #salt
15:49 west575_ joined #salt
15:50 kawa2014 joined #salt
15:54 robrotheram Good Day to you all I have a quick question, I am trying to use salt-cloud to manage vms on a OpenStack cluster but it seems like it can not connect/authenticate, Is there any documentation for Salt to talk to the latest Openstack (Mitaka) or more specifically v3 of the identity API
15:55 Sylvain31 what is the trick for having colon in yaml value not confusing the parser about keys?
15:55 dfinn joined #salt
15:56 johnkeates quote it out
15:57 robrotheram my current config is https://gist.github.com/robrotheram/fd6336919cd4430713f061785f8f70f8
15:58 iggy bluenemo: are the files on the minions already (saltutil.sync* is the only thing that sync's stuff)
15:59 bluenemo iggy, they show up in cp.list_master - where would I look if the minion has them?
15:59 robrotheram currently there is no files on the minions just trying to get past the first herdle of getting salt to talk to a new openstack
16:00 iggy bluenemo: /var/cache/salt/minion/extmods/ I think
16:01 Slimmons Can someone tell me what's wrong with this incredibly simple jinja?  https://gist.github.com/Slimmons/021621ddfe98cb79d7216afa1dc10d8a
16:01 Slimmons I have failed at the loop somehow
16:02 iggy indentation
16:02 bluenemo iggy, its empty
16:03 iggy Slimmons: I'm also not sure about sending multiple list items with arg
16:04 iggy <-- to work
16:09 noraatepernos joined #salt
16:10 babilen ... also: why count if you have x ?
16:11 Slimmons that is a good question, I was trying something earlier, and it's kind of frankensteiney
16:11 Slimmons but
16:11 Slimmons I don't think it's an indentation problem
16:11 Slimmons b/c it's actually working
16:11 Slimmons except for the counting thing
16:11 Slimmons if the indentation was wrong, it wouldn't work at all....right?
16:12 flowstate joined #salt
16:12 Slimmons it's probably the arg thing
16:12 Sylvain31 johnkeates: so simple, thanks
16:13 Sylvain31 can I access global variable values in jinja macro or I must pass them as parameter at each call?
16:13 iggy Slimmons: put the - arg: line outside the loop and then the loop is just building the list of args
16:16 Sylvain31 answer to myself: global values are available, I moved my pillar to some other keys… :/
16:17 Slimmons iggy: when I do that, it creates multiple actions under the -arg, which I don't think it can do
16:17 monkeybox joined #salt
16:18 Slimmons or maybe there's a way and I don't know how.  maybe like the cmd.run -name |
16:18 Slimmons but, I tried guessing that, and it gave me an invalid syntax error
16:18 Slimmons haven't been able to find many example of how to use the arg, under cmd.run
16:23 bluenemo iggy, I found the issue... /srv/salt/top.sls was messed up.
16:27 woodtablet joined #salt
16:28 zer0def guys, quick question - if i'm looking to fix a bug that exists both in 2015.8 and 2016.3, which branch do i base my fix out of?
16:29 tapoxi joined #salt
16:29 zer0def i guess i should find the contribution guide
16:30 monkeybox I would assume you'd want to branch off the latest.
16:30 Ch3LL zer0def. 2015.8 and then it will eventually get merged forward to 2016.3
16:30 zer0def Ch3LL: gotcha
16:30 zer0def is 2015.5 still maintained?
16:31 brent_ joined #salt
16:31 Ch3LL i believe its in CVE releases now.
16:31 Ch3LL i can't seem to find the doc right now that states that
16:31 zer0def that's ok, i'll just go by gut based on the list of releases suggested on repo.saltstack.com
16:32 Ch3LL oh here it is: https://saltstack.com/product-support-lifecycle/
16:37 tracphil joined #salt
16:39 colegatron joined #salt
16:39 Slimmons I updated my gist with more information.  It looks like all of this stuff should work, but it definitely doesn't.  AFK a sec.  https://gist.github.com/Slimmons/021621ddfe98cb79d7216afa1dc10d8a
16:44 onlyanegg joined #salt
16:45 garphy joined #salt
16:52 Fiber^ joined #salt
16:54 impi joined #salt
16:55 DEger joined #salt
16:56 hasues joined #salt
16:56 hasues left #salt
17:01 dmaiocchi joined #salt
17:02 noraatepernos joined #salt
17:04 hosttor joined #salt
17:04 dtsar joined #salt
17:05 tapoxi upgrading salt through salt
17:05 tapoxi thoughts
17:06 monkeybox tapoxi: Test thoroughly before implementing on \*
17:06 monkeybox but it can be done.
17:10 tapoxi panic. got it.
17:11 tapoxi :)
17:11 DEger joined #salt
17:11 iggy Slimmons: what does it look like when you try building a list of args instead of multiple arg's?
17:12 iggy i.e. gist your code
17:19 bluenemo can I use the mine data in pillar files?
17:24 onlyanegg joined #salt
17:26 iggy bluenemo: there's a note in the docs about it
17:27 iggy short answer: yes but it's not the same as in states (because pillars are rendered master side)
17:27 bluenemo iggy, can you point me the according doc page? cant find it :(
17:28 DEger joined #salt
17:28 bluenemo ah https://docs.saltstack.com/en/2015.8/topics/mine/index.html#minions-targeting-with-mine
17:29 bluenemo actually I was looking to use   {% for server, addrs in salt['mine.get']('roles:web', 'network.ip_addrs', expr_form='grain') | dictsort() %}   in my /srv/pillar/foobar.sls. Is that possible?
17:31 bluenemo its not throwing an error, but it also doesnt render anything
17:35 bluenemo argh pls tell me I can use this stuff in pillars :(
17:36 POJO joined #salt
17:38 bluenemo hm no seems a state also cant see them. running on the cli works
17:38 deniszh joined #salt
17:39 bluenemo iggy, http://paste.debian.net/777774/ what am I missing?
17:40 iggy bluenemo: d8to(^$h@7=*U8wel-W,6/jlz$pqg&K*
17:40 iggy that's not the url you're looking for
17:40 iggy also, nobody try to login to my DO account
17:40 iggy bluenemo: https://docs.saltstack.com/en/develop/ref/modules/all/salt.modules.mine.html#salt.modules.mine.get
17:42 bluenemo iggy, i see :)
17:42 bluenemo but the state should work, shoudnt it :)
17:42 lugo joined #salt
17:42 iggy it should (I think)
17:43 bluenemo yay its working (pillars :) however the formula still isnt :/
17:43 bluenemo i need the pillars but out of interest would be cool to get why the formula is failing
17:43 iggy {%- set brkrs = salt['mine.get']('roles:brkr', 'network.get_hostname', 'grain') %}
17:44 iggy that's what I've got sitting around somewhere
17:45 bluenemo {% set server = salt['mine.get']('util*', 'fqdn', 'grain') %}   again gives me {}
17:45 bluenemo strange
17:47 surge_ joined #salt
17:47 amcorreia joined #salt
17:47 iggy what is fqdn?
17:48 surge_ joined #salt
17:48 iggy I mean that exact same thing return data on the command line?
17:48 iggy because usually mine data is <module>.<function>
17:49 surge_ I’m running out of ideas on how to fix a fubar’d salt install. I have a custom grains module that I edited to return 0/1 without consulting the codebase (foolish, I know), and because only a dictionary is accepted as a return value, I now have myself an infinite loop at the beginning of any saltutil.sync_* or state.sls call.
17:50 surge_ I went so far as to delete the copy of the module under /var/cache and then restarted the minion but it’s not picking up the updated one off the master..
17:51 surge_ Also noting here that I have since changed any “sys.exit” to a “return dictionary_var”
17:51 bluenemo iggy, its some mine data I set to `hostname -f`
17:51 dps joined #salt
17:52 bluenemo yeah i know and looked if it can be just a work, put sth like this:     fqdn:     - mine_function: cmd.run     - 'hostname -f'
17:52 bluenemo I wont use it but I was curious if that is possible, as I found using the function names confusing when using functions multiple times (the doc talks about this also)
17:52 dps dumb question: is it bad to self-manage a master via minion? I'm tryin to restart salt-master through itself using a minion and am getting an error.
17:53 surge_ I manage the salt master with salt minion. I think most people do.
17:53 dps i kind of figured that was reasonable
17:54 bluenemo dps, i do too. however if you restart the minion with a state, most likely your state will fail (timeout)
17:54 dps myproblem is that i get an error when i run this sudo salt 'mymaster' cmd.run 'service salt-master restart'
17:54 bluenemo you can backgorund the restart task and let it wait for a sec
17:54 bluenemo yeah, makes sense :)
17:54 dps i basically want to update /etc/salt/master and /etc/salt/roster
17:54 dps i can get the files there via file.managed
17:54 dps what is the proper way to restart the master?
17:54 dps i appreciate you helping me :-)
17:55 iggy there's a trick in the docs about restarting the minion using at
17:55 DEger joined #salt
17:55 iggy could probably do the same with master
17:55 bluenemo aaah, thats smart
17:55 bluenemo (at). I was thinking some bash magic that backgrounds the task
17:55 onlyanegg joined #salt
17:55 dps iggy can you send me a URL
17:55 dps ?
17:55 bluenemo however with both those ways you can not see if the master or minion fail to start
17:56 dps i will assume that the master starts correctlu
17:56 dps correctly
17:56 iggy https://docs.saltstack.com/en/develop/faq.html#what-is-the-best-way-to-restart-a-salt-daemon-using-salt
17:57 dps iggy: yeah that is what i am looking for
17:57 dps that makes sense thank you
17:57 iggy they have the shell magic version there too
17:57 ajw0100 joined #salt
17:57 dps yeah i see that
17:57 dps that's what i needed thank you
17:57 dps ill try that
17:58 bluenemo echo service salt-minion restart | at now + 1 minute <= smooth stuff. did not know that :)
17:59 bluenemo sadly at does not know seconds :
17:59 bluenemo :/
17:59 bluenemo It might be retarded but I'd put it into a tmux :D
17:59 dps could get hacky if you wanted to do sub-minute presumably
18:00 bluenemo wont work with add. there is a hacky nohup example in the doc link you posted iggy
18:00 bluenemo rofl nothing as hacky as     - name: 'start powershell "Restart-Service -Name salt-minion"' :D hahhaha
18:00 johnkeates joined #salt
18:00 dps haha
18:00 bluenemo x)
18:02 DEger joined #salt
18:05 bluenemo i'm leaving. thanks for your help today iggy !
18:05 * bluenemo transfers two karma points to iggy :)
18:09 nZac joined #salt
18:10 flowstate joined #salt
18:12 Slimmons iggy:  sorry iggy, wasn't sure how to format a list of args instead of multiple args.   I couldn't seem to find any examples of adding a list to the arg value
18:13 bltmiller joined #salt
18:20 johnkeates left #salt
18:20 toastedpenguin joined #salt
18:24 ajv joined #salt
18:25 Rohit joined #salt
18:27 Guest21286 when using salt-ssh, if I login as fred but would like to sudo as oracle, how can I define this in roster file?
18:27 Guest21286 Also, within roster file, what's the use of 'minion_opts'. And if I define something, how can I retrieve it? grains may be?
18:28 west575 joined #salt
18:30 M-liberdiko joined #salt
18:31 snarfy^ joined #salt
18:32 DEger joined #salt
18:35 snarfy^ For the life of me, I can't reliably get git.latest to pull down the latest code from a specific branch. I have no idea what's wrong. I keep getting the error that "Cannot setup tracking information; starting point 'origin/branch' is not a branch."
18:36 snarfy^ is there some reason i can't do this with git.latest, rev: {{ branch }}; depth: 1 ?
18:36 snarfy^ i've tried including branch: {{branch}}, no die
18:36 snarfy^ dice
18:37 snarfy^ my apologies if my misunderstanding is with git and not salt
18:37 blueelvis joined #salt
18:40 snarfy^ should "git branch --set-upstream-to origin/locust" be "git branch --set-upstream-to origin locust"?
18:44 tristianc_ joined #salt
18:46 bowhunter joined #salt
18:52 kus joined #salt
18:52 DEger joined #salt
18:54 s_kunk joined #salt
18:54 bowhunter joined #salt
18:55 M-cpt joined #salt
18:55 M-MadsRC joined #salt
19:05 DEger_ joined #salt
19:09 manji joined #salt
19:09 bltmiller joined #salt
19:16 flowstate joined #salt
19:26 ajv joined #salt
19:28 tapoxi joined #salt
19:34 flowstate joined #salt
19:36 manji joined #salt
19:43 tapoxi impressions of salt-cloud vs other cloud orchestration tools (terraform cloudformation etc)
19:43 tapoxi ?
19:43 netjak joined #salt
19:44 tapoxi I'm comfortable with terraform but salt cloud is already there so I might as well use it
19:45 Tanta joined #salt
19:46 amcorreia joined #salt
19:48 jesusaur joined #salt
19:51 irctc641 joined #salt
19:51 irctc641 does salt schedule look at modifications to map files?
19:56 ajv joined #salt
20:02 flowstate joined #salt
20:03 djgerm joined #salt
20:04 djgerm OK, here's a $64,000 question: I want all my minions magically registered with a asset management solution. Anybody doing this with little overhead?
20:07 gimpy2938 djgerm: there is no magic; why not write whatever code you need to interact with the other software and have minion add themselves if they aren't already there (e.g. with an execution module)
20:08 djgerm yeah the magic would be that the overhead is already done, and I can throw money at it :)
20:12 djgerm why not do it ourselves? too much time to roll our own.
20:15 monokrome joined #salt
20:16 Tanta execute the registration command with cmd.run
20:16 teryx510 joined #salt
20:16 Tanta that's about as little overhead as Salt provides
20:17 djgerm a more evolved infoblox state is what I was dreaming of.
20:18 Tanta https://docs.saltstack.com/en/latest/ref/states/all/salt.states.infoblox.html
20:18 Tanta https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.infoblox.html
20:18 Tanta seems pretty good already
20:19 MTecknology If I specify -order:1, will that run before or other states without an order?
20:22 ajv joined #salt
20:26 fannet joined #salt
20:26 teryx510 joined #salt
20:26 MTecknology oh... and can I pass "context" to an included sls? Say, if I {% set foo = bar %} include: -fuz; could fuz see foo?
20:31 deniszh joined #salt
20:32 MTecknology "with context" .... found it
20:34 fannet_ joined #salt
20:39 jcalero joined #salt
20:39 MTecknology no, I didn't find it. That's close, but for pulling pillar stuff. Bummer.
20:39 gimpy2938 when using Salt's scheduler, how can you tell when something set to run every X hours will run?  When does that timer or whatever start?
20:40 babilen gimpy2938: As soon as you refresh the pillar and then on the next hour?
20:40 Garo_ joined #salt
20:41 nZac joined #salt
20:47 fannet joined #salt
20:49 noraatepernos joined #salt
20:50 djgerm oh hey, there's the marketing noise I was looking for! https://saltstack.com/integrations/saltstack-orchestration-for-servicenow/
20:51 flowstate joined #salt
20:53 DEger joined #salt
21:03 rem5 joined #salt
21:07 keimlink joined #salt
21:15 subsignal joined #salt
21:16 flowstate joined #salt
21:18 brd joined #salt
21:20 brd Can someone take a look at this and tell me what I am doing wrong trying to require a pkg: http://slexy.org/view/s203y6pOkw
21:21 brd salt can't find the postfix pkg, even though it is part of that
21:21 brd I have to be missing something silly
21:23 babilen brd: You'd have to require "install postfix and configure to relay" or use a 'name' attribute on your pkg.installed state
21:23 babilen You don't require the package, but the state itself and it is identified by its ID (install postfix and configure to relay) or 'name' attribute (which you don't have)
21:24 brd babilen: ohh, I see!
21:24 babilen It would work if you replate "pkgs: - postfix" with "- name: postfix" though
21:24 brd babilen: I thought it would just understand that
21:24 monkeybox I'd usually break it up into separate named substates. postfix_pkg, postfix_relayhost, and postfix_service, and then my watch would name the other two.
21:24 brd babilen: yeah, I changed it to '-name: postfix' and it works
21:25 monkeybox makes some sense to keep them together, though.
21:25 brd monkeybox: why?  I can see if you are calling it from other places
21:25 brd monkeybox: like if you have different configurations for the config, so you could depend on the _pkg and _service from the two different configs perhaps
21:25 monkeybox brd: really, just because that's what most of the xamples i've seen do.
21:25 babilen It's a matter of style and sometimes makes references a bit less ambigious
21:26 lungaro joined #salt
21:26 brd babilen: makes sense
21:26 brd thanks!
21:26 brd I will do that :)
21:27 babilen It just means that each state has its own ID .. Some people prefer to do it that way, some like it the other way. I don't think anybobody would say that one way is wrong while the other is right.
21:27 babilen I found that explicit IDs read better in larger systems
21:27 brd babilen: OK
21:28 babilen Just keep in mind that requisites are about *states* and not about the underlying system.
21:28 babilen So you can't, for example, require a pkg for which you don't have a pkg.installed state or a service for which you don't have a service.running one
21:29 brd babilen: right, that is the key that I was missing
21:29 babilen It's a common misconception
21:37 scoates joined #salt
21:39 flowstate joined #salt
21:40 whitenoise joined #salt
21:45 jcalero joined #salt
21:46 bltmiller is there a handy one-liner way to see which minions have a given state installed? best I can come up with is `salt '*' state.show_sls nginx`, but that's pretty verbose. I just want a yes/no
21:56 bltmiller bltmiller: maybe try: `salt --out=txt '*' state.show_top | grep nginx`
21:56 bltmiller bltmiller: oh, that's an improvement, thanks!
21:56 bltmiller bltmiller: np
22:00 Slimmons joined #salt
22:00 Slimmons I'm running a state, and it's working, but it never returns, so it's hanging on something.  In that type of situation, how would you troubleshoot that?  I can't use salt-master -l debug b/c I have to stop the salt-master, what else is there that I could do to troubleshoot that?
22:03 bltmiller Slimmons: I'd try running salt-call from the minion
22:05 netjak joined #salt
22:10 Slimmons thx, that's exactly what I needed
22:11 johnkeates joined #salt
22:13 amcorreia joined #salt
22:17 flowstate joined #salt
22:21 netjak joined #salt
22:22 snarfy^ joined #salt
22:25 Slimmons I think the problem is that I'm using cmd.run to run something that has continuous output to the terminal.  Is there a way to get that to run the command, then end, since it won't return as successful or not?
22:26 iggy cmd.run tail -f?
22:28 babilen Slimmons: No, it returns once fds are closed
22:29 Slimmons it's a problem like this http://stackoverflow.com/questions/28670814/run-a-salt-script-job-that-never-returns-to-the-salt-master
22:29 Slimmons trying the /dev/null solution now
22:31 babilen Maybe just daemonise it properly?
22:32 Slimmons it looks like the /dev/null solution works.  I suppose daemonising it properly would also work
22:32 Slimmons I mean, if you want to do things properly.
22:32 Slimmons if you're that kind of person
22:33 edrocks joined #salt
22:33 djgerm left #salt
22:34 zenlot6 joined #salt
22:41 edrocks_ joined #salt
22:45 bltmiller joined #salt
22:49 monokrome joined #salt
22:55 west575_ joined #salt
22:58 netjak joined #salt
23:16 flowstate joined #salt
23:27 kunersdorf joined #salt
23:28 kunersdorf does anyone have an example for "-user: foo" in git.latest?
23:28 kunersdorf I tried to pass in a username and it returned " TypeError: user id must be integer"
23:34 scoates joined #salt
23:38 hasues joined #salt
23:39 hasues left #salt
23:44 keimlink_ joined #salt
23:44 flowstate joined #salt
23:52 ageorgop joined #salt
23:57 rem5 joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary