Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2016-07-08

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:08 west575 joined #salt
00:09 sterdnotshaken joined #salt
00:13 sterdnotshaken Let say I want to load balance minons to the salt masters, which there are 2 of and they are both running hot. As a result of loadbalancing, only one of the salt masters will get the pki info and have a session with any particular minion as a result of the load balancer… Now i cant communicate to a minion registered to one of the salt masters (per load balancing) from the other salt master… Any ideas?
00:14 flowstate joined #salt
00:14 hemebond sterdnotshaken: syndic maybe, but this is a known "issue" that people have done various things to work around.
00:15 sterdnotshaken Good to know hemebond. So I should look into syndic which might be a solution then?
00:15 hemebond Perhaps.
00:15 sterdnotshaken Any other options that you happen to know of?
00:15 hemebond My understanding is it allows you to delegate management to downstream masters.
00:16 hemebond So you get some load-balancing while still being able to control minions from a single master.
00:17 sterdnotshaken excellent, I
00:17 hemebond Not load-balancing, but load distribution.
00:17 sterdnotshaken I'll look into that! Thanks hemebond!
00:17 hemebond But I've not looked into syndic myself.
00:17 hemebond Good luck :-)
00:17 _JZ_ joined #salt
00:24 woodtablet left #salt
00:29 iggy sterdnotshaken: minions accept a list of master's
00:30 iggy far from perfect (because you still end up with certain data only going to one or the other master)
00:30 hemebond iggy: Sounds like they want a master-master of masters.
00:30 thejrose1984 joined #salt
00:30 hemebond Rather than failover.
00:30 iggy but at least you don't have to tinker with minions when a master fails
00:30 iggy yeah, but that doesn't exist, so...
00:30 hemebond I use the failover just to work around my dynamic IP address :-D
00:42 kevinquinnyo so with salt-api i've only been doing POST requests so far.  Is there an example of someone doing a GET request to the api, a reactor calls a reactor sls, that does something (doesn't matter), and returns something like a json response body?
00:46 kevinquinnyo basically i'm just getting {"success": true}
00:46 kevinquinnyo i'd like it to return data from what the reactor calls, in my case my reactor calls a runner, which does return json
00:47 kevinquinnyo but how do i get that to be sent back as the response body to the api client caller
00:50 hemebond kevinquinnyo: GET /events
00:50 hemebond Seem to be some GET examples in https://media.readthedocs.org/pdf/salt-api/latest/salt-api.pdf
00:54 rem5 joined #salt
00:56 kevinquinnyo hemebond: that pdf says release 0.8.4 (but i'm checking it out anyway).  Basically I want to be able to define what the http response body that's returned is based on the api calls
00:57 kevinquinnyo i want it to return the JSON that my runner is able to return
00:57 hemebond kevinquinnyo: I don't know anything about salt-api unfortunately.
00:57 kevinquinnyo those "hard-coded" api calls are actually interesting though
00:57 kevinquinnyo /minions is a useful one for me
01:00 iceyao joined #salt
01:12 flowstate joined #salt
01:22 Nahual joined #salt
01:29 gngsk joined #salt
01:30 catpigger joined #salt
01:39 Lionel_Debroux_ joined #salt
01:41 colegatron_origi joined #salt
01:51 watersoul joined #salt
01:51 cliluw joined #salt
01:56 watersoul joined #salt
01:59 fannet joined #salt
01:59 Nahual left #salt
02:12 flowstate joined #salt
02:55 evle joined #salt
03:05 sterdnotshaken joined #salt
03:11 nZac joined #salt
03:13 flowstate joined #salt
03:18 ageorgop joined #salt
03:22 treaki_ joined #salt
03:24 iceyao_ joined #salt
03:26 my10c is it possible to have an include only if a state has completed ?
03:26 hemebond my10c: I don't think so.
03:27 hemebond Sounds like the wrong... thinking.
03:28 my10c http://pastebin.com/SzBkPjbN
03:28 my10c i know
03:29 my10c the challenge is that the top statement can only happen once the redis package is installed
03:29 hemebond Initial install?
03:29 hemebond Well, that's what require is for.
03:30 my10c redis installed perfect :  did sone stuff and worrk : the issue is i have include sentinel and that were the issue is
03:30 hemebond Requiring a package means it has to be installed before the state will apply.
03:30 my10c i can run highstate twice : but that is not what i need
03:31 my10c @hemebond yes : but check http://pastebin.com/SzBkPjbN
03:31 my10c set is_initial_install is the race .. it can only be set after redis package is installed....
03:31 hemebond Yeah, I  have that open but not sure what I'm supposed to understand.
03:32 hemebond But why are you trying to check that?
03:32 hemebond It seems like the wrong way.
03:32 hemebond Your states should say things like "The file should be like this!"
03:32 my10c chall i get the whole picture ?
03:32 my10c given me 1
03:34 hemebond It looks like you're trying to set the sentinel.conf file and I don't understand why you don't just do it.
03:34 iceyao joined #salt
03:35 iceyao__ joined #salt
03:36 my10c the file can only set once!!
03:36 hemebond Why?
03:36 my10c once sentinel is running ir will modify the file!
03:36 my10c that how sentinel works ....
03:36 hemebond Sentinel is going to modify the config file?
03:36 my10c yup
03:37 my10c nasty!
03:37 my10c so hence i set it once : put header that is was set by salt and then leave it alone
03:37 hemebond https://docs.saltstack.com/en/latest/ref/states/all/salt.states.file.html#salt.states.file.managed
03:38 my10c i know that : not good :-(
03:38 hemebond https://docs.saltstack.com/en/latest/ref/states/requisites.html#unless
03:38 hemebond ^ that's the one I was looking for.
03:38 my10c i tyried that too :-)
03:39 my10c but let me try : again
03:39 hemebond unless or onlyif is what you want I think.
03:39 hemebond Depends on what your fgrep returns.
03:40 my10c wait! we can us unless in file.manage ??
03:40 hemebond I would have thought so.
03:40 my10c HA i did not use that let me try!
03:41 my10c that 'should' work!
03:41 my10c running
03:43 my10c ok my unles is wromg ....
03:44 my10c with the fgrep i should us onlyif :)
03:47 my10c sentinel if really nasty : all the solution i have found so far will not work .. :-(
03:48 my10c hm stil not working ley me check more if onlyif and unless actuallt work on file.managed
03:53 colegatron_origi joined #salt
03:57 sterdnotshaken joined #salt
03:57 my10c hemebond: seems to work! doing more test : thanks!
03:59 netcho joined #salt
04:00 fannet joined #salt
04:01 nZac joined #salt
04:03 _JZ__ joined #salt
04:06 hemebond Well done, good luck :-)
04:06 _JZ_ joined #salt
04:08 c4t3l joined #salt
04:10 c4t3l hello all.  for managing files in salt... is it better to use the built-in file.mananage state or something like augeas?
04:10 hemebond c4t3l: No idea what augeas is so I'll say Salt.
04:11 hemebond file.manage
04:12 c4t3l ok that is my thinking as well.  We are rolling out salt at my company and another admin keeps mentioning augeas... From what I gather file.manage coupled with jinja would take care of all our needs
04:14 hemebond There is https://docs.saltstack.com/en/latest/ref/states/all/salt.states.augeas.html if your colleague really wants it.
04:14 my10c thatas in puppet :(
04:14 flowstate joined #salt
04:14 my10c use salt : i switch from salt in puppet about 1 years ago : never looked back : there ar eso many good stuff in salt taht i still learning
04:15 c4t3l puppet pretty much crashed and burned at my company.  I would like all remnants of it gone
04:15 my10c and if like python : then salt is the way to go for sure.
04:16 hemebond I misunderstood a little. file.managed or augeas, up to you.
04:16 hemebond You can use augeas within Salt.
04:16 hemebond That's probably a much better way to create config files than just file.managed.
04:16 hemebond But it depends on your needs and you can use both.
04:17 my10c i used to managed 4000+ server with puppet.... one day one if the ops dude played with salt....and i was sold... sadly the company had already spend $$ so they stick with it
04:17 hemebond Spent money on Puppet?
04:17 my10c i left and at the new company they left it to me what to use :)
04:17 my10c yeah: consultants and puppet-pro:
04:17 c4t3l looks like it requires python-augeas pkg to work on minions.... I'm just trying to understand the need for it since the other admin hasn't ever really worked with salt.  he kinda just threw it out that we should use it
04:18 hemebond augeas, as far as I understand it, will write a config for you, in the format required without you having to learn the particular config syntax.
04:18 my10c c4t3l: do you python and are you in aws? then salt IS the way togo
04:19 hemebond So rather than creating/replacing files with file.managed as just text blobs, augeas will parse and understand the config and update it for you.
04:19 c4t3l I am a python person 4 life!  :P  Unfortunately my place of employment is stuck in past a bit for infrastructure
04:20 onlyanegg joined #salt
04:21 c4t3l we use a mix of HP hardware and there is some movement to get into Azure... (Linux is new-ish here... most of the admins are windows guys... hence the azure
04:21 my10c ouch ....
04:21 c4t3l i personally think that azure is not ready for primetime... I'm not bashing.  just compared to aws it seems to be way behind
04:22 c4t3l dont mean to go off topic...
04:23 my10c :-)
04:24 my10c i know several admin (windows) that uses salt and only hear good thing about it....
04:24 k_sze[work] joined #salt
04:24 c4t3l hemebond:  I'm just not certain that we should go down the road of using augeas when templated jinja exists.
04:25 c4t3l not really sure of the benefit of it
04:25 hemebond c4t3l: I would say augeas is nicer for updating and writing configs, but it's the same within Salt.
04:25 hemebond Either use file.managed to set the file or augeas to write it.
04:25 c4t3l ah I get you
04:26 hemebond file.managedd or augeas.change
04:26 sterdnotshaken joined #salt
04:26 hemebond Personally I'd probably use augeas.change unless I was trying to control the entire file.
04:27 hemebond Like Salt master config for example.
04:27 hemebond I use master.d to make setting changes rather than editing the main config.
04:27 ageorgop joined #salt
04:27 c4t3l I prefer master.d as well
04:27 hemebond But if you can't do that and don't want to have a copy of the entire file then augeas.change could change just the settings you need to update.
04:28 hemebond Depends on what you're managing :-)
04:28 my10c nite! time to heading home :)
04:28 c4t3l later!
04:28 hemebond cya
04:28 my10c again thanks!
04:28 c4t3l yeah I have to really sit down and figure out use cases for augeas...
04:29 c4t3l my initial thoughts are to just use the salt built-ins... I already manage a few hundred with plain old jinja and templated configs
04:30 hemebond It's the most straight-forward option; just put your version of the file on the minion and you're done.
04:30 c4t3l there are states and modules for most other things... sysctl comes to mind
04:30 hemebond But I can definitely see the benefits of abstracting the config structures.
04:30 c4t3l do you have any advice for handling minions in a DMZ?  :P
04:30 hemebond In a DMZ? With the master inside?
04:31 hemebond Port forward :-)
04:31 c4t3l its a big issue we are trying to tackle
04:31 c4t3l hehe
04:31 hemebond What's the issue?
04:31 c4t3l our security does not allow DMZ => Internal network (read salt-master) access
04:32 c4t3l it does allow internal => DMZ
04:32 hemebond Yeah, they're going to have to for ports 4505 and 4506.
04:32 hemebond Outbound is not required.
04:32 hemebond Inbound definitely is.
04:32 hemebond Otherwise you can't manage them.
04:32 c4t3l My initial thoughts were to run the minions masterless
04:32 hemebond Yeah, could do that.
04:33 hemebond Seems annoying to me but people do it.
04:33 hemebond Though they build their entire system around it.
04:33 c4t3l yeah I dont really like it... you lose the real time reportability
04:33 hemebond Yeah, you've lost all the remote management capabilities.
04:33 racooper joined #salt
04:34 c4t3l another option is to run masters in each of our DMZ spaces
04:34 c4t3l but thats also kinda whack
04:34 hemebond That just means having more masters to look after.
04:34 c4t3l yup
04:35 c4t3l alrighty thanks for the infos!  good night!
04:35 hemebond cya
04:41 akunin joined #salt
04:45 brent_ joined #salt
04:55 whitenoise joined #salt
05:04 subsigna_ joined #salt
05:10 subsignal joined #salt
05:14 netcho joined #salt
05:14 flowstate joined #salt
05:22 ignarps joined #salt
05:22 manji joined #salt
05:23 subsigna_ joined #salt
05:26 subsignal joined #salt
05:44 netcho joined #salt
05:49 netcho joined #salt
05:49 netcho joined #salt
05:51 manji joined #salt
06:00 felskrone joined #salt
06:01 fannet joined #salt
06:12 flowstate joined #salt
06:12 impi joined #salt
06:14 harkx joined #salt
06:14 iceyao joined #salt
06:17 harkx joined #salt
06:17 kshlm joined #salt
06:18 kawa2014 joined #salt
06:23 rem5 joined #salt
06:24 manji joined #salt
06:25 sagerdearia joined #salt
06:30 Elsmorian joined #salt
06:30 netcho joined #salt
06:33 nZac joined #salt
06:36 colttt joined #salt
06:38 iceyao joined #salt
06:49 GreatSnoopy joined #salt
06:49 POJO joined #salt
07:07 colegatron_origi joined #salt
07:11 netjak joined #salt
07:13 flowstate joined #salt
07:16 deniszh joined #salt
07:17 toanju joined #salt
07:27 netcho joined #salt
07:28 hasues joined #salt
07:28 hasues left #salt
07:28 brent_ joined #salt
07:31 Sylvain31 joined #salt
07:36 colegatron_origi joined #salt
07:36 manji joined #salt
07:38 lero joined #salt
07:42 inad922 joined #salt
07:43 hereiam joined #salt
07:43 armin joined #salt
07:45 armin hi. can i tell salt to dereference symbolic links when doing a chown? it seems to include a -h to chown (same as --no-dereference) if i do that on a symbolic link.
07:46 onlyanegg joined #salt
07:49 hemebond armin: How are you doing a chown?
07:50 KermitTheFragger joined #salt
07:50 armin hemebond: state.file.directory
07:51 armin hemebond: i hope i'm able to answer your questions proper, as my first contact with salt is 2 minutes ago.
07:51 hemebond Oh, a newbie. Not to worry.
07:52 hemebond What is it you're trying to do exactly? What state (!) are you trying to create on the minion?
07:52 kshlm joined #salt
07:53 armin hemebond: well my understanding of chown is that by default it will dereference a symbolic link when you do a chown. this is the default on the command line if you do that on the command line without any arguments, too, so that's the behaviour one would expect, but telling from my tests it does not dereference the symbolic link. the chown man pages states that chown only does this if called with -h.
07:54 armin s/pages/page/
07:54 flowstate joined #salt
07:54 armin hemebond: so of course the state i wish to achieve is the destination being chowned.
07:54 hemebond Sure. But how do you want the file system to look when your state applies?
07:55 armin i'm not sure i understand your question.
07:55 hemebond So you want a directory to have certain permissions and your reference to that directory is a symlink?
07:55 armin exactly.
07:56 danielcb joined #salt
07:56 hemebond Do you know it will be a symlink?
07:59 armin hemebond: yes.
08:00 hemebond I'
08:00 hemebond I'm just testing it now. I've not thought about this before so I need to see the behaviour.
08:01 hemebond Wait. Are you creating the symlink?
08:01 hemebond How is the target directory created?
08:01 hemebond Is it managed?
08:01 armin i wonder why that would matter. it's a symbolic link, after all.
08:01 armin but yes, we do create that.
08:02 hemebond I'm still trying to understand what you're trying to achieve.
08:02 armin it's hard to always have to walk to my co-worker. :)
08:02 babilen Could you paste your states to one of http://refheap.com, http://paste.debian.net, https://gist.github.com, http://sprunge.us, … maybe?
08:02 armin probabbly not.
08:02 armin -b
08:02 babilen Why not?
08:02 hemebond If the directory itself needs certain permissions, then set its permissions. If the symlink needs permissions then set it there.
08:02 babilen ^
08:02 armin i'm too new to all of this. i don't even have a test setup, or access to that system where we are experiencing this.
08:02 Hybrid1 joined #salt
08:02 armin not in that direct way you think of, that is.
08:03 babilen So you can't see the states that exhibit this behaviour?
08:03 babilen (or the behaviour itself)
08:03 armin hemebond: so how do i dereference the symbolic link in the state file then?
08:03 armin babilen: i can, but it's challenging and time-consuming.
08:04 hemebond armin: I'm not sure you can, but I don't know what your state is actually doing.
08:04 babilen Okay, lets reverse engineer support
08:04 hemebond If I create a symlink I can choose its permissions.
08:04 babilen Are you using file.symlink?
08:07 armin i can tell you the exact commands i would do inside a shell session, what behaviour occurs there, etc., but that's it, really. :)
08:07 hemebond armin: Have you been through any Salt tutorials?
08:07 armin hemebond: no.
08:08 hemebond Okay, they're a good place to start. Salt states are about creating a certain state on the server, not executing commands unless you just want to remotely manage them.
08:08 hemebond It's difficult to know where to start unless we can see what you've got.
08:08 armin i know it's declarative and not imperative.
08:09 hemebond Obviously if you just want to run chmod then that's easy.
08:09 armin ok let me try if i can achieve something.
08:10 Electron^- joined #salt
08:10 armin we're using file.directory to create this as it seems. this is being referenced to by {{BASEDIR}} which is being used in that .sls file.
08:10 armin that's all i know.
08:10 hemebond Then you want to set the permissions in that state.
08:10 hemebond The state that creates the directory should/can set the permissions.
08:11 armin so there's no way to tell salt not to use -h when changing permissions on a symbolic link?
08:11 hemebond I thought you wanted the permissions on the directory.
08:12 armin exactly. which is impossible if i use the symbolic link and not the definitive destination which i would have to dereference on my own, as salt always uses -h.
08:12 babilen Salt wouldn't use anything related to symlinks if you set the permissions in the file.directory state
08:12 hemebond But you have a state that creates the directory. Set the permissions in that state.
08:13 sjmh joined #salt
08:13 notnotpe_ joined #salt
08:13 flowstate joined #salt
08:14 ronnix joined #salt
08:14 armin hm, okay. thanks to both of you!
08:14 hemebond Good luck :-)
08:17 Sammichmaker joined #salt
08:18 fannet joined #salt
08:19 toanju joined #salt
08:20 ameobapox joined #salt
08:22 stomith joined #salt
08:22 s_kunk joined #salt
08:26 keimlink joined #salt
08:27 Elsmorian joined #salt
08:30 mavhq joined #salt
08:37 impi joined #salt
08:45 keimlink_ joined #salt
08:45 saffe joined #salt
08:47 Morrolan joined #salt
08:48 ameobapox joined #salt
08:51 jcalero joined #salt
08:55 tuxick "state.apply invoked with SLS names will run state.sls"
08:55 tuxick what on earth is "SLS name" ?
08:55 babilen The name of the SLS file (minus .sls)
08:56 babilen So foo.sls would be names "foo"
08:56 babilen *named
08:58 AbyssOne joined #salt
09:01 babilen tuxick: The functionality exists to be able to run single SLSs rather than the highstate. That allows you to target states at minions outside of top.sls and also to run parts of the highstate.
09:01 babilen It comes in handy sometimes.
09:01 babilen You can also run individual states within a SLS with state.sls_id
09:09 dmaiocchi joined #salt
09:13 flowstate joined #salt
09:14 tuxick babilen: i hoped that, but how?
09:15 tuxick since i have split up sls in a particular role
09:15 tuxick but can't seem to refer to them
09:16 tuxick was also wondering about how sls_id is supposed to be used
09:16 babilen Why can't you refer to them?
09:16 babilen foo/bar/baz.sls would be referred to as "foo.bar.baz"
09:16 dmaiocchi joined #salt
09:16 babilen What are you trying to achieve?
09:17 tuxick 1) test/run individual sls 2) test/run individual states
09:18 tuxick within a role
09:18 babilen What's stopping you?
09:18 tuxick failing to see how
09:18 tuxick No matching sls found for 'mysql' in env 'base'
09:18 babilen "salt 'foominion' state.apply foo.bar.baz" would run "foo/bar/baz.sls"
09:18 tuxick so state.apply mysql is not doing as i expect
09:19 babilen Do you have a "mysql" SLS ?
09:19 tuxick yes
09:19 tuxick in role dir
09:19 babilen What's a "role dir" ?
09:19 tuxick the dir inside roles/
09:19 tuxick ok
09:19 tuxick figured it out
09:19 tuxick roles.myrole.mysql
09:19 babilen Well, that would make it roles.foo.mysql, wouldn't it?
09:20 tuxick ack
09:20 tuxick that's the little detail that wasn't mentioned ;)
09:20 babilen I mentioned it twice!"
09:20 babilen foo.bar.baz would run "foo/bar/baz.sls
09:20 tuxick ye :)
09:21 babilen So .. all good now? :)
09:21 tuxick i expected more intelligence, since this host definitely has a particular role, so why would i have to specify again
09:21 babilen Why "does it have a role" ?
09:21 tuxick this suggests i could apply another state name to this host
09:22 Kurisutian joined #salt
09:22 tuxick huh?
09:22 tuxick hmm ok, it can have multiple roles
09:22 babilen You can apply *everything* to that host
09:22 tuxick ye
09:22 tuxick i see
09:22 tuxick still adapting to this logic/philosophy :)
09:22 babilen What do you mean by "this host definitely has a particular role" exactly?
09:22 manji joined #salt
09:23 tuxick dunno how else to phrase it
09:24 babilen How do you assign that role to that minion?
09:24 tuxick role:
09:24 Kurisutian Hi there! Does anyone know if there are plans to extend salt-ssh with a similar option like there is in ansible where you can become a certain user after logged in to the target system (-> http://docs.ansible.com/ansible/become.html)?
09:24 tuxick - somerole
09:24 babilen tuxick: Where do you do that?
09:24 tuxick in this case on minion side
09:24 tuxick but i think i'll have to convince others to change that approach
09:24 babilen tuxick: You mean you fell into the "grains for roles" trap?
09:25 tuxick i prefer keeping such things on master
09:25 tuxick legacy :)
09:25 babilen Fair enough
09:25 Kurisutian I lean more towards Salt but not having this ability in our current setup would be some sort of showstopper at this point. So I was wondering if anything like that is planned for salt-ssh in the nearby future?
09:25 tuxick i honestly see not a single good reason to do that
09:25 manji joined #salt
09:26 babilen tuxick: Just keep in mind that the "role" is simply an additional datapoint that you can use in targeting. I see no reason to keep it in grains (as those aren't even secure and why save them in a distributed manner anyway?) either
09:26 tuxick indeed
09:27 tuxick in fact i think i'll go fix this now, and show them how much more sense it makes :)
09:27 babilen tuxick: You can still target everything in your state tree to that minion and you aren't restricted in any way to specific datapoints when designing that targeting. In fact we make a lot of use of different data for targeting certain states. (e.g. targeting repository states based on os and osrelease)
09:27 tuxick at least for this host group
09:28 babilen tuxick: You could use pillars for that (and you might even want to keep those "roles" in an external datasource)
09:28 tuxick yes i understood that about pillars
09:29 babilen tuxick: A minion can also claim to have whatever grains it wants to claim it has so you can't really trust them (if that's an issue)
09:29 tuxick indeed
09:29 brent_ joined #salt
09:29 babilen Kurisutian: Last time I checked that wasn't possible (yet), but you can configure the user salt-ssh uses. What do you need this for? Let's see if I can find the bug report in question.
09:32 Kurisutian babilen: Company policy, unfortunately. They want you to log in to the systems with a personal account but in order to do something after that you need to switch to a locally existing tooluser with sudo. And the tooluser (which varies) actually has to run tasks... which is exactly what Ansibles "become" option does...
09:33 babilen Kurisutian: Okay (I guess there is no point in discussing that policy, so I'll just refrain from it)
09:33 Kurisutian babilen: unfortuantely I have not found anything like that in salt-ssh. So it's not that I have to log in personalized and switch to root (which seems to exist somehow in salt-ssh) but I have to define which local user has to be used after the login... stupid, I know but they agreed to this company-wide so I have to deal with it somehow... ;-)
09:33 babilen Kurisutian: Let's see, but I the last time I looked this wasn't possible. Might have changed in the interim though as I don't really have that usecase
09:34 babilen Kurisutian: One second please
09:35 Kurisutian babilen: no problem, take your time... thanks!
09:36 fredvd joined #salt
09:36 dmaiocchi joined #salt
09:38 babilen Kurisutian: So, one thing to try would be: 1. Configure the salt-ssh roster to use "user: Kurisutian" and "sudo: True" -- That should take care of the "Log in as Kurisutian" and "Run sudo" part
09:39 Kurisutian babilen: OK, but then how do I tell salt-ssh which user to sudo to? This user depends on the task I want salt-ssh to do.
09:39 babilen Kurisutian: You would then set a different user in  minion_opts -- I am, in particular, thinking of https://docs.saltstack.com/en/latest/ref/configuration/minion.html#user
09:40 babilen Or "sudo_user"
09:40 babilen It *might* work that salt-ssh logs in with your user, calls "salt-call" with sudo, which sees the "sudo_user" configuration and switches to that user.
09:41 babilen You could try the "sudo_user" and "user" option in a masterless setup first
09:41 babilen I have no idea if that works, but it is worth a try
09:41 babilen Looks as if "sudo_user" is what you are after
09:42 babilen "depends on the task I want salt-ssh to do" -- could you elaborate on that? Is this not the same "per minion" ?
09:42 Kurisutian babilen: But this is for running a minion on the target server, correct? So there would not be an option for remaining agentless and do that? Currently our IT-Ops are whining about installing minions as I already suggested to run multiple ones in a different user context with different target hostnames so I can just target the minion-name based on the action I want to perform
09:43 babilen Kurisutian: Minion options apply to masterless
09:43 babilen salt-ssh essentially "installs" / copies the salt minion to /tmp and calls it masterless from there
09:44 Kurisutian babilen: In the first approach (which would be the first step) I want to be agentless, so no minion would run till they choose to install them for me ;)
09:44 babilen You will *always* run a minion, the difference is if that minion connects to a master or not
09:44 Kurisutian babilen: I see... where would I have to define this sudo_user option to have it applied in salt-ssh?
09:45 babilen (and if it is being copied to the target box via SSH and "installed" in /tmp or if you explicitly install it)
09:45 babilen But I guess that you can claim that "it is not installed" to your IT Ops people in the context of salt-ssh
09:45 babilen Kurisutian: As I said, define sudo_user in the "minion_opts" entry in the salt-ssh roster: https://docs.saltstack.com/en/latest/topics/ssh/roster.html#how-rosters-work
09:46 Kurisutian babilen: that's for sure... as long as they don't have to install anything other than what they have defined in puppet, they don't really care about it... ;-)
09:46 babilen *sigh*
09:46 Kurisutian babilen: Yeah, very frustrating, I know... ;)
09:46 babilen Why do we have to deal with all this social engineering on top of the technical issues?
09:46 onlyanegg joined #salt
09:47 rem5_ joined #salt
09:47 jhujhiti_ joined #salt
09:48 Kurisutian babilen: unfortunately as it seems... but I will check this option with the roster and the minion_opts and see if it will work... sounds like a way to make it work similar to ansibles become
09:48 babilen What you are essentially trying to achieve is "Use salt without anybody noticing that you do" isn't it?
09:49 babilen And what's the thing about "depends on the task I want salt-ssh to do" ?
09:51 toanju joined #salt
09:54 keimlink joined #salt
09:58 jhujhiti joined #salt
10:01 Kurisutian babilen: Yeah, that's more or less the case. Depends on the task means that there are several different local users with various rights on the servers. Depending if eg. I want to restart a tomcat I need the user "servlet" but when I want to restart apache I need the user "www-data".
10:04 AndreasLutro salt doesn't support that other than for certain state types afaik
10:04 AndreasLutro like cmd.run
10:05 hemebond Sounds like a job for wheel (I think) and custom modules and permissions.
10:09 Kurisutian AndreasLutro: What do you mean? Only certain state types allow the sudo option?
10:09 babilen Kurisutian: Does the "become" user switch work?
10:10 Kurisutian babilen: I couldn't test yet... I will test and get back to you after that... I need to change most of the setup here first... ;)
10:15 AndreasLutro Kurisutian: for example, the service states don't have anything coded into them to allow salt to run `service foo start` as another user than what salt is running as
10:18 Kurisutian AndreasLutro: I'm not sure I understand that. If I run salt-ssh with the suggested roster setting from babilen, it would not work with the service states as they are not containing code allowing them to run as the sudo user from the minion_opts in the roster file? Is that correct?
10:19 babilen I have no idea if settings minion_opts works like that, fwiw
10:20 babilen It is one thing to try, but what AndreasLutro tries to explain is that you can't tell salt to use "foouser" for "service start foo" and "baruser" for "service start bar"
10:20 babilen (I think)
10:20 AndreasLutro ^
10:21 AndreasLutro you can tell salt-ssh that it should sudo to "saltuser" and you can have cmd.run states that run as "random_user" but you can't set the user for service.running states and many other state types
10:23 Kurisutian hmmm.... that would be a drawback if I understand that correctly... :(
10:25 saffe joined #salt
10:25 AndreasLutro from my perspective, you just have weird requirements
10:27 babilen AndreasLutro: How would you tell salt-ssh to sudo to "saltuser" ?
10:31 AndreasLutro sudo: true in the roster, sudo_user in minion_opts I guess
10:31 AndreasLutro I haven't actually tried this myself admittedly
10:32 babilen Yeah, that's what I was thinking off as well, but I haven't tried it either :)
10:33 AndreasLutro though upon looking closer it looks like with sudo_user you still start the salt minion as root, which may or may not be ok
10:38 Kurisutian AndreasLutro: When setting the "user" to a certain user, will this not cause the minion to be run as that particular user?
10:39 AndreasLutro mmm it will, but it will also require the ssh login to work for that particular user
10:39 nZac joined #salt
10:40 AndreasLutro that is, the "user" in your roster file
10:40 Kurisutian AndreasLutro: This would be my personalized user which would work...
10:44 AndreasLutro so you'd be fine with doing `service foo restart` as your personal user?
10:45 tristianc_ joined #salt
10:46 linjan_ joined #salt
10:47 Kurisutian AndreasLutro: No. My personal user is allowed to log in to the server. Once logged in I have to switch to a privileged user using sudo. With this user I can run 'service foo restart'.
10:48 AndreasLutro okay, so try sudo: true and minion_opts: { sudo_user: priv_user }
10:48 Kurisutian AndreasLutro: I just edited to roster file according to that... :-)
10:54 Kurisutian AndreasLutro: One more question about the sudo switch? How exactly will the sudo call be like? 'sudo -iu <sudo_user>'?
10:58 AndreasLutro no clue
10:58 AndreasLutro probably setuid in python
10:58 Kurisutian AndreasLutro: When I run the salt-ssh to just create a file unter /tmp (I want to check the permissions from the file to see what user created it) the job does not run anything. Even a test.ping does not end. I presume the sudo switch needs to be called with -iu as options. Right now there is no result whatsoever...
11:05 amcorreia joined #salt
11:07 iceyao joined #salt
11:13 mage_ joined #salt
11:13 mage_ hello
11:14 mage_ any idea for this https://gist.github.com/silenius/03056212ed9c462af55962dcb280a86f ?
11:14 mage_ this is with 2016.3.1
11:19 atmosx Hello, I need some with the syntax to access a pillar var, from a config file: https://gist.github.com/atmosx/b6b85c230340839ece30898d7f2e8e08
11:20 atmosx mage_ does that salt state run with previous versions?
11:20 atmosx mage_ if yes, it appears to be a bug in serialisation, you should probably open an issue on GH.
11:20 mage_ atmosx: yes, worked with 2015.8
11:20 harkx is there a simple way on debian 8 (salt 2016.3.1) to fix the "boto_route53 requires at least boto 2.35.0" error ?
11:21 atmosx harkx is that a common error?
11:21 AndreasLutro yes
11:21 AndreasLutro log_granular_levels: {'salt.loaded.int.module.boto_route53': 'critical'}
11:21 AndreasLutro in your minion config
11:21 harkx atmosx, no idea
11:22 harkx AndreasLutro, ah, nice, i'll look into that
11:22 rem5 joined #salt
11:22 atmosx I think AndreasLutro answered :-)
11:23 harkx thanks
11:25 numkem joined #salt
11:29 numkem joined #salt
11:30 Kurisutian babilen: I checked but for whatever reason the job I call does not return anything... also with hosts that do not require sudo... I can't even ping them...
11:30 brent_ joined #salt
11:31 babilen Where you ever able to ping them?
11:32 babilen https://github.com/saltstack/salt/issues/31074
11:32 saltstackbot [#31074][OPEN] salt-ssh sudo_user execution not running as sudo_user | Hi,...
11:32 babilen (btw)
11:33 Kurisutian babilen: Nope, I was not. Not even when not running as sudo. I get notified about initially having to accept the ssh key but after that nothing will be returned...
11:38 AndreasLutro sounds like a password prompt is hanging salt-ssh
11:38 babilen Kurisutian: Is key-based authentication working without having to enter a password?
11:38 babilen (do you use ssh-agent?)
11:38 Kurisutian babilen: yes
11:39 Kurisutian babilen: and I'm using ssh-agent
11:39 babilen Could you paste some commands and output to shed some light on this? Include your roster and configuration. A "ssh foo@bar.com" run would be nice to see also.
11:39 GreatSnoopy joined #salt
11:40 AndreasLutro what about passwordless sudo on the target host? is that set up?
11:41 Kurisutian babilen: that's the problem. There is no output at all... I went to the server and checked the /tmp folder which included the agent-xxxx folder but it seems like it is not returning anything. Not with sudo included and also not without sudo which is strange
11:41 Kurisutian AndreasLutro: Yes, this is also setup
11:41 netjak joined #salt
11:41 Kurisutian I checked this manually with the same users from the roster
11:42 AndreasLutro try running salt-ssh with -l debug, look for SALT_ARGV, and run that on the target host via ssh
11:42 babilen Kurisutian: Run "salt-ssh -ldebug 'foo' test.ping" please
11:43 netjak joined #salt
11:44 Kurisutian Rendering of the roster file seemed to have worked. The last thing I get is:
11:44 Kurisutian [DEBUG   ] LazyLoaded roots.envs
11:44 Kurisutian [DEBUG   ] Could not LazyLoad roots.init
11:44 Kurisutian [DEBUG   ] Updating roots fileserver cache
11:44 Kurisutian [DEBUG   ] LazyLoaded local_cache.prep_jid
11:44 Kurisutian [DEBUG   ] Adding minions for job 20160708134252888450: ['ac1accshcheckoutbsac1a01']
11:44 Kurisutian [DEBUG   ] Could not LazyLoad test.ping
11:44 babilen http://refheap.com, http://paste.debian.net, https://gist.github.com, http://sprunge.us, …
11:44 Kurisutian [DEBUG   ] Performing shimmed, blocking command as follows:
11:44 Kurisutian test.ping
11:44 Kurisutian [DEBUG   ] Executed SHIM command. Command logged to TRACE
11:44 Kurisutian [DEBUG   ] Child Forked! PID: 1186  STDOUT_FD: 10  STDERR_FD: 12
11:44 Kurisutian [DEBUG   ] VT: Salt-SSH SHIM Terminal Command executed. Logged to TRACE
11:45 goudale joined #salt
11:45 goudale hi all
11:46 goudale is there a way for salt-cloud to list virtual machines not set in a specific map ?
11:46 jhauser joined #salt
11:47 onlyanegg joined #salt
11:47 goudale i suppose I could use the --hard option to have a list of instances to be deleted, but I'm a bit scared to blindly test
11:48 goudale ... especially on a friday
11:50 netjak joined #salt
11:51 numkem joined #salt
11:52 colegatron_origi joined #salt
11:53 Kurisutian babilen: https://www.refheap.com/903c4e272a61910eea8abd213
11:54 Kurisutian AndreasLutro: there is no SALT_ARGV
11:57 Kurisutian I have to go to some meetings now and will be gone the rest of the day... maybe we can get back on this on Monday? Thanks! BYE!
12:00 ponyofdeath joined #salt
12:09 DammitJim joined #salt
12:18 toanju joined #salt
12:23 zer0def joined #salt
12:51 gh34 joined #salt
12:53 TooLmaN joined #salt
12:53 gngsk joined #salt
12:54 Yoda-BZH joined #salt
12:55 colegatron joined #salt
13:03 subsignal joined #salt
13:15 colegatron joined #salt
13:18 DammitJim joined #salt
13:23 racooper joined #salt
13:31 brent_ joined #salt
13:36 tapoxi joined #salt
13:40 bowhunter joined #salt
13:41 bbradley joined #salt
13:48 onlyanegg joined #salt
13:48 perfectsine joined #salt
13:52 idokaplan joined #salt
13:52 jcalero hey guys, I'm having a bit of trouble with our salt-master configuration (I'm taking over for a previous developer so I don't fully understand how it's set up). The issue I'm having is that it seems to get stuck when running commands like "salt-run manage.versions", even though it worked just a bit earlier, hinting to performance issues.
13:53 jcalero when I look at the logs I see a hell of a lot of logging happening which seems to be doing the same thing over and over again, which makes me think it's stuck in a loop of some kind
13:53 idokaplan Hi, I have upgraded salt master (salt-master-2016.3.1-1.el6.noarch) and since then, I get this error when restarting salt-master service. TypeError: 'NoneType' object is not iterable 2016-07-08 08:47:31,998 [salt.utils.process                                   ][ERROR   ][7318] An un-handled exception from the multiprocessing process 'Reactor-33' was caught: Traceback (most recent call last):   File "/usr/lib/python2.6/site-packages/
13:53 idokaplan Is there any idea?
13:56 flowstate joined #salt
13:56 flowstate joined #salt
14:04 ajv joined #salt
14:04 babilen jcalero: What kind of things?
14:07 Brew joined #salt
14:09 Patch joined #salt
14:11 Tyrm joined #salt
14:13 tapoxi joined #salt
14:14 zzzirk joined #salt
14:18 linjan joined #salt
14:19 jcalero I can't give you the entire log unfortunately babilen, because we've got a lot of secret keys getting dumped in our log (I know, terrible...), but here's the gist of it: https://gist.github.com/jcalero/8c924330cba123308674c27f26017f10
14:19 jcalero in between there's a bunch of rendering of jinja files
14:19 iceyao joined #salt
14:20 jcalero and what I would expect is "normal" behaviour when applying a salt state, but it just does it without stopping
14:24 ecdhe joined #salt
14:24 ecdhe_ joined #salt
14:27 jcalero I know there's not much to go on, sorry about that, but I'm kind of hoping someone knows a better way of debugging this kind of behaviour
14:28 jcalero For what it's worth, commands run on minions (with salt cmd.run, etc) work fine, so we can still apply states etc on minions, it's just that performance is terrible on the master
14:34 kevinquinnyo joined #salt
14:34 nZac joined #salt
14:44 jenastar joined #salt
14:47 perfectsine joined #salt
14:47 netjak joined #salt
14:49 kevinquinnyo how can i get salt-api to return actual data besides {'scuccess': true}
14:50 stokbaek joined #salt
14:50 stokbaek Hey, I made a new formula, anyone able to help with the proccess of getting it published?
14:51 teryx510 joined #salt
14:56 babilen stokbaek: Where would we find it? You could write to salt-users mailing list
14:57 gtmanfred stokbaek: send an email to the salt-users list with the repo, and I will fork it and add you to the organization
14:57 stokbaek gtmanfred, cool will do
14:58 kevinquinnyo anyone have an example of using the salt-api to actually return data, say from a runner called by the reactor?
15:00 Cottser joined #salt
15:00 stokbaek gtmanfred, that salt-user mailing list. Shall I just create a new topic in it with the information to the repo?
15:02 kevinquinnyo so the salt-api hooks are only capable of returning  {"success": (bool)}
15:02 kevinquinnyo it seems?
15:02 zer0def joined #salt
15:02 rem5 joined #salt
15:03 TyrfingMjolnir joined #salt
15:03 Cottser joined #salt
15:04 Slimmons joined #salt
15:05 Slimmons When I run a state on multiple minions, does it deploy to the minions at the same time?  For example if I have 10 minions that have the correct datetime, and I run salt '*' cmd.run 'date', will they return the same time?
15:06 Slimmons what about if I run something much larger?
15:06 brent_ joined #salt
15:08 babilen stokbaek: exactly
15:08 Eugene Slimmons - they will be roughly the same time; it depends on 1) if the minion is connected 2) the time to execute the state/command and 3) the amount of network lag
15:08 stokbaek babilen, good, did it correct then :)
15:08 Eugene If you haven't encountered it yet, https://docs.saltstack.com/en/latest/topics/targeting/batch.html may be interesting
15:10 rovar joined #salt
15:11 flowstate joined #salt
15:13 rovar Hey all. I'm getting a key error in a require: for a file.directory..
15:13 rovar https://gist.github.com/rrichardson/a2a64cfa14a2e45b6f89800199e0c8fb
15:14 gtmanfred stokbaek: done
15:14 stokbaek gtmanfred, thanks :)
15:14 _JZ_ joined #salt
15:14 Slimmons Eugene: So, does it send the instructions to the minions synchronously?
15:15 POJO joined #salt
15:15 Slimmons I mean, I guess it would have to
15:15 Slimmons I was just wondering, if people have thousands of minions, executing lots of commands, would there be lots of time between the first one finishing, and the last one
15:15 Eugene Slimmons - more info on exactly how the pub / sub works https://docs.saltstack.com/en/latest/topics/transports/index.html#pub-channel
15:15 Slimmons thx
15:17 rovar any ideas?
15:18 perfectsine joined #salt
15:22 corichar joined #salt
15:28 onlyanegg joined #salt
15:29 dmaiocchi joined #salt
15:36 paahcsmas joined #salt
15:36 kevinquinnyo rovar replace 'file'
15:37 kevinquinnyo with 'git'
15:37 kevinquinnyo last line of that gist
15:38 linjan joined #salt
15:38 rovar kevinquinnyo, I'll try it, but I want  cmd to require the creation of the directory created from line 10 of the gist
15:38 sylgeist joined #salt
15:42 sylgeist Hello salt folks! I've update Salt to 2016.3.1 on FreeBSD 10.3 and now receive this when doing a high state: "SaltRenderError: Jinja variable 'salt.utils.context.NamespacedDictWrapper object' has no attribute 'num_cpus'" I have a motd template that shows the hardware config. Issue with Salt or something on the BSD side?
15:44 fredvd joined #salt
15:52 kaushal_ joined #salt
15:55 Tyrm_ joined #salt
16:02 cableninja joined #salt
16:02 dtsar joined #salt
16:06 cableninja morning guys, I'm trying to clean up my pillar and state top files, they are getting a bit unmanageable. Is there a way to loop through all connected minions in jinja?
16:08 sterdnotshaken joined #salt
16:08 Tyrm joined #salt
16:09 dmaiocchi joined #salt
16:10 Tyrm joined #salt
16:11 Trigun03 joined #salt
16:11 Tyrm joined #salt
16:11 flowstate joined #salt
16:12 djgerm joined #salt
16:14 racooper Howdy. I'm getting an error doing a repo update on SuSE 11:  "Signature verification failed for file 'repomd.xml' from repository 'SaltStack, dependencies, and addons (SLE_11_SP4)'."
16:14 racooper possibly a corrupted repo file?
16:16 btorch left #salt
16:21 jcalero joined #salt
16:25 woodtablet joined #salt
16:32 kevinquinnyo rovar: sorry was afk.  if that's what you want, then you need file: /data/my_dir
16:33 kevinquinnyo the require dict should be module: name
16:33 zero_shane joined #salt
16:33 rovar kevinquinnyo,  interesting.. so I can't just reference the top level deploy_pdcf?
16:33 rovar that seems to be the convention for most things.. e.g.   git: deploy_pdcf
16:33 kevinquinnyo oh i see what you did, i'm not used to yaml
16:34 rovar testing with referencing the dir directly..
16:35 rovar I'm not entirely sure that this block is causing the error..
16:35 rovar is there a way to see the rendered python ?
16:36 kevinquinnyo not sure
16:37 rovar that is what I was hoping to find when running this in debug mode
16:38 kevinquinnyo i'm pretty sure that the requires would work if each state was separated
16:38 kevinquinnyo deploy_pdcf, dir_exists_pdcf, clean_up_pdcf
16:39 kevinquinnyo for instance
16:39 kevinquinnyo but i'm actually not sure if the way you have it in the gist is *supposed* to work
16:43 impi joined #salt
16:46 rovar kevinquinnyo, I broke it up.. same error.. I actually now suspect it isn't the requires: block at all
16:46 rovar but the file.directory: itself
16:46 flowstate joined #salt
16:48 rovar none of the examples for file.directory include
16:48 rovar - name: ...
16:52 rovar https://gist.github.com/rrichardson/a2a64cfa14a2e45b6f89800199e0c8fb
16:52 rovar now produces :  KeyError: 'file_|-/data/my_data_|-/data/my_data_|-directory'
16:52 netjak joined #salt
16:52 rovar I notice in the traceback it is calling check_failhard
16:53 rovar so is it just attempting to validate that the directory exists?
16:58 tapoxi joined #salt
16:59 ageorgop joined #salt
17:01 goudale joined #salt
17:12 btorch_ joined #salt
17:13 khaije1 joined #salt
17:14 rem5 joined #salt
17:15 rovar hmm.. is there a set of allowed/disallowed characters in keys?
17:15 rovar meh.. I assume that . would be an allowed key
17:15 amcorreia joined #salt
17:15 rovar err allow in a key
17:16 dmaiocchi joined #salt
17:18 rovar does anyone know how to look at the python that has been rendered from a yaml state?
17:20 tapoxi joined #salt
17:24 rovar ok
17:24 rovar looks like the solution is that failhard: True  is just not an acceptable parameter
17:25 rovar and produces a ridiculously indecipherable error
17:26 BhavyaM joined #salt
17:26 djgerm So, I had a weird issue with pillar data not updating, was wondering if this is something buggy or something wrong with my environment. I use ext_pillar and a git repo, and I updated the repo, and refreshed pillar items, and I could see in the master log the pull, but it wasn't updating the files in /var/cache/salt/master/git_pillar. I ended up deleting the cache and refreshing pillar again to make it work.
17:26 Fiber^ joined #salt
17:27 s_kunk joined #salt
17:33 cableninja is there a way to list all minions that a master knows of?
17:33 cableninja (for jinja)
17:41 nZac joined #salt
17:42 colegatron joined #salt
17:43 rovar so in grains or pillars..
17:50 lero joined #salt
17:53 flowstate joined #salt
17:54 pcdummy is it possible with ext_pillar (mongo) to have includes?
17:54 pcdummy cableninja: outside jinja salt-key -L inside idk.
17:55 pcdummy djgerm: maybe call saltutil.refresh_pillar next time?
17:56 cableninja pcdummy, tryin for inside, so that I can iterate over them to create the state top file
18:03 iggy cableninja: sounds like a bad idea
18:03 iggy maybe look at reclass or something else
18:11 jenastar left #salt
18:12 gimpy2938 joined #salt
18:14 onlyanegg joined #salt
18:14 zero_shane joined #salt
18:15 coleman joined #salt
18:17 illern joined #salt
18:17 woodtablet cableninja: watcha tryin to do ?
18:24 impi joined #salt
18:27 zero_shane joined #salt
18:29 coleman I'd like to pull images from docker hub with dockerng. We have a private organization on Docker Hub. I'm getting an error though. It's described in this gist.
18:29 coleman https://gist.github.com/anxiousmodernman/e4e9bc7a3b2dc5ba9e81eead2d6c7275
18:30 felskrone joined #salt
18:30 samschaap_ joined #salt
18:33 ZiLi0n joined #salt
18:34 cableninja woodtablet, I want to loop through all known minions and build the top file from the pillars so that I dont have a ton of entries
18:34 ZiLi0n Hello everyone. I am seeing that pkg.install takes longer time compared to manual installation. I am trying to install an rpm which has many depedencies. Is there a way to speed up pkg.install? (using salt 2016.3.1)
18:35 cableninja so like {% for server in _some_list %}\n'{{server}}':\n{%- if pillar['backups'][server] is defined %}\n_dostuff_{%-endif %}{%- endfor %}
18:37 flowstate joined #salt
18:45 lws joined #salt
18:46 lws Hola!
18:46 lws I'm looking for a formula to manage a kafka cluster. Any good ones around?
18:48 iggy cableninja: sounds like a prime example of "Always code as if the guy who ends up maintaining your code will be a violent psychopath who knows where you live.
18:49 iggy lws: there's not such thing as a good formula
18:49 lws iggy: :(
18:49 cableninja iggy, all the more reason that I want to do this; I dont want to have to manage the state top file along with the pillar top file, and all the pillars
18:50 iggy there are other top's
18:50 iggy beside file tops
18:50 iggy https://docs.saltstack.com/en/latest/salt-modindex.html#cap-t
18:52 cableninja iggy, we dont use any of those
18:52 iggy and you don't want to?
18:52 cableninja at this time there is no need / no plan for them
18:53 iggy except for this crazy plan you have of pulling a full list of minions and programattically building your top file
18:54 cableninja not sure what the two have to do with each other
18:54 iggy to answer your original question, there's not a reliable way of pulling a list of all minions
18:56 viq iggy: not even accepted keys?
18:56 iggy the state top file is evaluated on the minions, which would not have access to that
18:57 iggy you could probably get that for the pillar top file (Since it's eval'ed on the master)
18:57 iggy but I don't know how off the top of my head
18:59 viq mine cache the IDs?
19:00 viq ZiLi0n: you could try first with salt-call (maybe even with -l debug) to see exactly what's going on
19:00 ZiLi0n viq thanks!! I will give it a try!
19:04 iggy viq: mine isn't reliable
19:06 bowhunter joined #salt
19:06 viq ook, I don't have much experience with it
19:06 woodtablet left #salt
19:07 btorch joined #salt
19:10 snc joined #salt
19:12 samschaap_ joined #salt
19:16 garphy joined #salt
19:16 toanju joined #salt
19:22 keimlink joined #salt
19:25 impi joined #salt
19:30 Shirkdog joined #salt
19:30 Shirkdog_ joined #salt
19:35 rem5 joined #salt
19:39 Shirkdog joined #salt
19:56 ahammond salt-call mine.update on salt-master returns False and fails to populate the mine. This is only happening on my VM and I don't see anything in the logs that would suggest why. help?
20:00 whitenoise joined #salt
20:04 cableninja ahammond, what hypervisor?
20:05 ahammond cableninja VM is running ubuntu 14.04 on virtualbox. production is AWS running Ubuntu 16.04
20:05 ronnix joined #salt
20:06 cableninja are the salt versions the same (presumably not?)
20:06 ahammond I had mine.update running on vbox when we were using centos 6.7
20:06 ahammond cableninja salt is 2016.3.1 in both cases
20:07 ahammond when I run with -l trace I see that mine.update is running all the mine functions and then, for no apparent reason, fails to actually store the data.
20:08 rem5 joined #salt
20:15 DammitJim joined #salt
20:19 asoc joined #salt
20:20 racooper joined #salt
20:22 zenlot left #salt
20:22 rem5 joined #salt
20:25 dmaiocchi joined #salt
20:26 XenophonF joined #salt
20:26 XenophonF yo any saltstack-formulas/salt-formula maintainers around?
20:26 XenophonF got a PR inbound in about 15 minutes
20:28 babilen And is has to be merged immediately?
20:28 DammitJim what is a PR inbound?
20:28 babilen incoming code!
20:31 pcdummy Any salt devs around?
20:31 pcdummy I have an idea i want to implement, but want to discuss it first.
20:31 u joined #salt
20:32 pcdummy Basicaly i want to add includes to ext_pillar_mongo so it can include from any documents from any collection.
20:34 colegatron joined #salt
20:35 squishypebble joined #salt
20:35 squishypebble what is the proper way to use file.search inside an sls file?
20:46 bbradley joined #salt
20:48 Brew joined #salt
20:51 brent_ joined #salt
20:52 futuredale joined #salt
20:56 deniszh joined #salt
21:05 Edgan joined #salt
21:06 wryfi_ we're running into a race condition with our provisioner and bootstrap state, where it's trying to load external pillars.
21:06 wryfi_ but it's failing, because the minion_id hasn't changed to its correct name yet
21:07 babilen squishypebble: You can call module functions directly with, for example, {{ salt['file.search'](....) }}
21:07 wryfi_ is there a way to run a highstate without running a lowstate? or a way to disable an ext_pillar during a highstate call?
21:12 deniszh joined #salt
21:17 patarr joined #salt
21:29 subsignal joined #salt
21:34 sjmh anyone have an example of using the cmd_sync runner client call w/ ldap authentication?
21:34 sjmh can get it to work with pam, but not ldap.
21:40 lero joined #salt
21:59 flowstate joined #salt
22:05 flowstate joined #salt
22:11 flowstate joined #salt
22:35 squishypebble1 joined #salt
22:48 badon joined #salt
22:48 kevinquinnyo1 joined #salt
22:56 fannet joined #salt
23:00 badon joined #salt
23:10 lero joined #salt
23:10 keimlink_ joined #salt
23:11 amcorreia joined #salt
23:12 flowstate joined #salt
23:29 subsignal joined #salt
23:47 badon left #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary