Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2016-08-22

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:01 dh__ agentnoel, I tried, it seems no matter how I put the expression, the first iteration is true and the rest are not
00:02 dh__ even just {% if salt['cloud.has_instance'](server.name) %}
00:05 sp0097 joined #salt
00:15 patrek joined #salt
00:15 edrocks_ joined #salt
00:16 apofis joined #salt
00:17 rome_390 joined #salt
00:22 apofis joined #salt
00:26 sp0097 joined #salt
00:33 felskrone joined #salt
00:41 DEger joined #salt
00:44 ablinkin joined #salt
00:48 John_Kang joined #salt
01:00 raspy agentnoel: thats exactly what i did, 100%FREE
01:00 raspy works perfectly
01:00 raspy except 1GB of free space cannot be allocated for some reason
01:11 badon joined #salt
01:31 Salander27 joined #salt
01:32 fannet joined #salt
01:35 Sammichmaker joined #salt
01:37 akhter joined #salt
01:50 DEger joined #salt
01:53 sfoger joined #salt
01:54 sfoger Some of my minions take between 3 and 4 MINUTES to apply a single salt state. Does anyone have any pointers on where to look at what is causing such dramatic slowness?
01:55 catpiggest joined #salt
01:57 sfoger salt-call state.show_top, for instance, just took ~4 minutes to complete on a CentOS 7 VM with 12GB RAM and 4 cores
02:10 iggy my guess would be an ext_pillar or something that isn't responding
02:10 iggy or a module call doing similar
02:10 iggy or an unless statement
02:11 iggy try with -l debug and see if you get any idea about where it's hanging up
02:17 sfoger -l debug, -l all, -l garbage, etc. all show no indicators of what is causing the hang up. I'm using an external pillar, as well as gitfs as my filesystem backend. My external source is responsive.
02:18 edrocks_ joined #salt
02:18 sfoger It gets to the 'Initializing new AsyncAuth for...' line with debug output, then just chills for a few minutes, then spits out a whole bunch of debug data, then finally the return data (with -l debug turned on)
02:19 hasues joined #salt
02:20 hasues left #salt
02:24 DEger joined #salt
02:30 bastiand1 joined #salt
02:31 DEger joined #salt
03:14 xbglowx_ joined #salt
03:17 stooj joined #salt
03:21 liskl joined #salt
03:23 chrichip joined #salt
03:23 kshlm joined #salt
03:24 jaybocc2 joined #salt
03:24 agentnoel joined #salt
03:33 fannet joined #salt
03:35 akhter joined #salt
03:38 DEger joined #salt
03:45 ablinkin joined #salt
04:00 ablinkin joined #salt
04:00 dh__ joined #salt
04:21 edrocks joined #salt
04:27 Joeskyyy joined #salt
04:41 rdas joined #salt
04:43 Joeskyyy left #salt
04:45 ablinkin joined #salt
04:46 ninjada joined #salt
04:51 fracklen joined #salt
04:57 stanchan joined #salt
05:05 ivanjaros joined #salt
05:13 ageorgop joined #salt
05:15 packeteer joined #salt
05:18 amy_ joined #salt
05:23 akhter joined #salt
05:24 fracklen joined #salt
05:28 silver310 joined #salt
05:28 silver310 Hello!
05:30 silver310 I have a quick question, I've setup salt-api and it works with ldap authentication, however it does not ask me to login if i run "curl https://localhost:8000"
05:34 fannet joined #salt
05:37 cliluw joined #salt
05:39 evle joined #salt
05:46 jxm_ joined #salt
05:54 Brijesh1 joined #salt
06:00 justanotheruser joined #salt
06:07 badon joined #salt
06:08 alexhayes joined #salt
06:09 amy_ joined #salt
06:12 krymzon joined #salt
06:13 mpanetta joined #salt
06:17 alexhayes joined #salt
06:17 mpanetta joined #salt
06:17 ivanjaros joined #salt
06:17 k_sze[work] joined #salt
06:24 edrocks joined #salt
06:31 kaushal_ joined #salt
06:53 yuhlw_ joined #salt
06:57 dwqfq joined #salt
07:02 dwqfq hi guys. i want to uncomment several lines via file.uncomment. i have one file.uncomment and two "-regex" commands but only the last gets uncommented. how do i make this work for both matches?
07:02 yuhlw_ joined #salt
07:08 CeBe joined #salt
07:09 JohnnyRun joined #salt
07:11 Brijesh2 joined #salt
07:13 akhter joined #salt
07:14 Brijesh1 joined #salt
07:16 infrmnt joined #salt
07:18 dwqfq argh. i did it now in one expression: \$ModLoad\simudp|\$UDPServerRun\s514
07:19 dwqfq but although both lines are commented, salt says both lines are already uncommented which means to me that it finds both lines but not the '#'
07:20 babilen dwqfq: You might just want to use two states
07:21 dwqfq ok but how do i do two separate uncomments in one file.uncomment?
07:23 coldbrewedbrew_ joined #salt
07:24 babilen dwqfq: Are you sure that's possible?
07:25 babilen https://github.com/saltstack/salt/issues/25345 + https://github.com/saltstack/salt/issues/24907 come to mind
07:25 saltstackbot [#24907][OPEN] file.uncomment does not uncomment as expected  | I want to uncomment a line from a config file,...
07:26 babilen I tend to just use file.replace or file.managed rather than the syntactic sugar ones
07:27 ninjada joined #salt
07:27 dwqfq yeah, ok, i will use file.managed then.
07:30 codehotter Hey, jinja rendering happens on the master, right? And then the finished product is sent over to the minion?
07:30 codehotter Is there any way to store information that I want to be available to the jinja renderer but that should not be sent over to the minion?
07:31 codehotter I can't put it in the pillar cause that is accessible from the minion
07:32 lompik joined #salt
07:34 babilen Great, that's a new one :)
07:35 babilen codehotter: One way to do this would be to use the Python renderer and to load data from a defined URI on the master. That way the minion would only see the template, but not the data itself.
07:35 impi joined #salt
07:35 babilen Not sure how to combine that with jinja
07:35 codehotter no, it doesnt need to be jinja, using any renderer is fine
07:36 codehotter but if I put it in a minion state sls file, it will be rendered on the minion, won't it?
07:36 bbradley joined #salt
07:39 codehotter if the minion can load it from the defined uri on the master
07:39 codehotter then the minion has access to it
07:40 codehotter OK here's the full story: I am tired of manually generating secrets and then putting them in the pillar in encrypted form, often these are for things that need to be password protected, but I couldn't care less what the password actually is, so long as it's secure
07:40 codehotter So I want it to autogenerate the passwors. I would like it to be deterministic, so that it's always the same password.
07:40 codehotter Basically I do some hashing now with a predefined master secret. It's important that minions aren't able to regenerate the secrets for other minions, so I want the master secret to be known only to the master
07:41 codehotter And only the GENERATED secrets (ie, the hashes) visible to minions
07:41 codehotter I could make an ext_pillar for this maybe?
07:48 babilen Sounds as if you want to look into https://www.vaultproject.io/ with https://github.com/saltstack/salt/issues/27020
07:48 saltstackbot [#27020][OPEN] Add Vault Pillar/SDB Module | > Vault secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. Vault handles leasing, key revocation, key rolling, and auditing. Vault presents a unified API to access multiple backends: HSMs, AWS IAM, SQL databases, raw key/value, and more....
07:49 babilen https://docs.saltstack.com/en/latest/topics/sdb/index.html
07:49 babilen IIRC that's not part of any released salt version, but let me check
07:50 babilen Yeah, only in develop at the moment
07:51 saltuser joined #salt
07:54 om joined #salt
07:57 zyost joined #salt
07:59 bdrung_work joined #salt
08:01 manji joined #salt
08:04 tsia joined #salt
08:04 krymzon joined #salt
08:08 DEger joined #salt
08:08 Brijesh1 joined #salt
08:08 mikecmpbll joined #salt
08:15 fannet joined #salt
08:16 ffredrikk joined #salt
08:16 jhauser joined #salt
08:21 kbaikov joined #salt
08:21 s_kunk joined #salt
08:25 GreatSnoopy joined #salt
08:26 Rumbles joined #salt
08:26 Brijesh1 joined #salt
08:27 edrocks joined #salt
08:27 daks hello
08:28 daks XenophonF: back with my ~<user> problem, in fact it works well, i can create my user directories in the same highstate than the user creation
08:28 kbaikov joined #salt
08:28 daks i https://github.com/saltstack/salt/issues/7883 still revelant?
08:28 saltstackbot [#7883][OPEN] Support tilde-prefixed home directories in salt.states.file | I just tried to copy some files into a bunch of user's home directories, using tilde prefixes:...
08:29 ffredrikk joined #salt
08:36 saltuser In the docs (https://docs.saltstack.com/en/latest/ref/netapi/all/salt.netapi.rest_cherrypy.html#hook) there is an example about calling a reactor that deploys a build. How does the caller determine if that deploy was successful?
08:38 kbaikov_ joined #salt
08:44 saltuser I guess I should rather open a request at salt github
08:45 Electron^- joined #salt
08:46 q1x joined #salt
08:46 kbaikov_ joined #salt
08:49 keimlink joined #salt
08:50 JohnnyRun joined #salt
08:58 auzty joined #salt
09:08 deus_ex joined #salt
09:21 west575 joined #salt
09:24 Pulp joined #salt
09:27 mikecmpbll joined #salt
09:27 velikan joined #salt
09:31 SpX joined #salt
09:31 DEger joined #salt
09:35 keimlink joined #salt
09:37 fracklen joined #salt
09:40 keimlink joined #salt
09:40 Brijesh1 joined #salt
09:47 Brijesh1 joined #salt
09:50 hvn joined #salt
09:51 west575 joined #salt
09:51 keimlink joined #salt
09:59 jaybocc2 joined #salt
10:00 infrmnt1 joined #salt
10:04 velikan joined #salt
10:06 brtl joined #salt
10:11 brtl hi, I wrote a formula to manage mirthconnect (http://www.mirth.com), and wonder if is there any interest in adding it to the saltstack-formulas repo on GH? The formula is this one: https://github.com/netmanagers/mirth-formula
10:15 fannet joined #salt
10:23 ninjada_ joined #salt
10:29 ninjada joined #salt
10:30 edrocks joined #salt
10:36 teryx510 joined #salt
10:39 alexhayes joined #salt
10:41 keimlink joined #salt
10:45 catpig joined #salt
10:46 meirw joined #salt
10:47 babilen brtl: Write to the salt-users mailing list if you'd like it to be included.
10:48 akhter joined #salt
10:49 meirw I have an organization question
10:49 brtl ok, will do. The doc page suggests that pinging saltstack guys here would be the same, but going to take that road. Thanks! :)
10:49 meirw I have a state that installs monit
10:49 meirw and then i have various other states that add additional config files
10:50 meirw and i need monit to restart when those config files change
10:50 meirw do i need to add a new service.running for each of the other states with a watch on that config file?
10:51 meirw and import monit?
10:52 meirw this is my monit sls file: https://gist.github.com/anonymous/b67df442af831fa45847df95e3a5ee76
10:54 AndreasLutro meirw: can you give an example of what "other states" may add additional config files?
10:55 meirw sure - like this - https://gist.github.com/anonymous/c4476894e9c2a22cf69f35b7de65fbf9
10:55 meirw i want monit installed and running.  and then if I install statsd, I want monit to monitor it as well.
10:56 Guest67132 joined #salt
10:56 saintpablo joined #salt
10:56 DEger joined #salt
10:57 AndreasLutro okay. what you do is include: [ monit ] in your statsd sls, then in your monit.d/statsd.conf state, add " - watch_in: [ service: monit-service ]"
11:00 meirw trying now
11:03 amcorreia joined #salt
11:05 meirw Than you AndreasLutro - seems to have worked as intended
11:12 felskrone joined #salt
11:14 RandyT joined #salt
11:16 richardl joined #salt
11:23 Qlawy Hi guys, is highstate procesed in different way than normal state?
11:23 Qlawy we have in top.sls that if there is role:iis then run iis state
11:24 Qlawy however in iis/init.sls we have some if statement regarding to os_family grain
11:24 Qlawy and now... if we run: salt minion state.apply it runs only states from outside the if statement
11:25 Qlawy however when we run  salt minion state.apply iis it works well, so states inside if are applied
11:27 SWAT joined #salt
11:31 Sketch joined #salt
11:31 AndreasLutro Qlawy: it's possible that grains cache mechanics are different for the two, but os_family shouldn't really change so... dunno
11:32 Qlawy no idea... I run it many times, even on same machine an result is same
11:41 fxhp joined #salt
11:45 jaybocc2 joined #salt
11:52 ssplatt joined #salt
12:12 west575 joined #salt
12:13 inad922 joined #salt
12:16 fannet joined #salt
12:17 viq_ joined #salt
12:21 TooLmaN joined #salt
12:23 netcho joined #salt
12:23 netcho joined #salt
12:23 netcho joined #salt
12:24 richardl Hi
12:24 richardl I have a question, when running a salt state i got this error  Comment: Environment values must be strings
12:25 richardl I have the password in question stored in a pillar
12:28 edrocks joined #salt
12:30 numkem joined #salt
12:32 keimlink joined #salt
12:35 babilen richardl: Which state is that?
12:35 johnkeates joined #salt
12:36 tsia joined #salt
12:38 richardl I am trying to run a dockerng.running
12:38 richardl the error is on one of the environmental variables
12:38 teryx510 joined #salt
12:40 babilen It might very well be the way your state is written, but okay ..
12:40 dyasny joined #salt
12:43 ssplatt joined #salt
12:46 ivanjaros3916 joined #salt
12:46 akhter joined #salt
12:48 numkem joined #salt
12:49 gh34 joined #salt
12:58 akhter joined #salt
13:02 akhter joined #salt
13:02 manji joined #salt
13:08 JohnnyRun joined #salt
13:13 edrocks joined #salt
13:20 akhter joined #salt
13:24 quasiben joined #salt
13:26 sagerdearia joined #salt
13:27 racooper joined #salt
13:29 KingOfFools joined #salt
13:29 cheus joined #salt
13:32 jeddi joined #salt
13:32 akhter joined #salt
13:33 edrocks joined #salt
13:38 pppingme joined #salt
13:46 jaybocc2 joined #salt
13:46 akhter joined #salt
13:49 tiwula joined #salt
13:52 jerredbell joined #salt
13:53 akhter joined #salt
13:55 bowhunter joined #salt
13:58 DEger joined #salt
13:59 akhter joined #salt
14:00 Tanta joined #salt
14:01 mpanetta joined #salt
14:02 ALLmightySPIFF joined #salt
14:02 mpanetta joined #salt
14:03 jerredbell joined #salt
14:05 XenophonF joined #salt
14:07 akhter_1 joined #salt
14:07 alvinstarr joined #salt
14:10 Rumbles joined #salt
14:10 mpanetta joined #salt
14:11 mapu joined #salt
14:17 tsia joined #salt
14:17 fannet joined #salt
14:19 sp0097 joined #salt
14:22 hasues joined #salt
14:23 fredrick joined #salt
14:25 fredrick using 2016.3.2 with cherrypi 3.2.2 and can not get it to do ssl?  Anyone have ideas.
14:26 tsia joined #salt
14:26 Rumbles joined #salt
14:27 netcho joined #salt
14:27 velikan joined #salt
14:32 alinuxninja joined #salt
14:35 d3c4f joined #salt
14:40 hasues left #salt
14:40 subsignal joined #salt
14:43 Rumbles joined #salt
14:47 netcho joined #salt
14:48 fracklen joined #salt
14:49 tapoxi joined #salt
14:50 wendall911 joined #salt
14:54 akhter joined #salt
14:55 debian112 joined #salt
14:56 misconfig joined #salt
14:57 rm_jorge joined #salt
14:58 StolenToast joined #salt
14:58 StolenToast can I run only part of a state, like only the file.managed part of a larger state?
14:59 SpX joined #salt
15:01 jaybocc2 joined #salt
15:01 babilen StolenToast: You can -- Look into state.sls_id
15:01 numkem joined #salt
15:01 StolenToast thanks
15:01 vifon joined #salt
15:03 west575 joined #salt
15:03 ze- mmmm... any idea how to prevent a specific module to run twice on the same host? (writing the module, but not sure how to implement locking)
15:04 vifon Hello. I'm new to Salt. I'm considering setting up a salt-master on my laptop to manage my servers from it. Will it work if my laptop isn't online 24/7? How will my minions react to it being down?
15:05 tapoxi should work, they just won't ping in until your laptop is back
15:05 tapoxi vifon but you should consider salt-ssh
15:06 vifon I've just stumbled upon salt-ssh... Any cons of it?
15:06 misconfig joined #salt
15:06 tapoxi doesn't support sudo
15:06 akhter joined #salt
15:06 tapoxi so it needs a ssh key for root
15:06 vifon Well... That's a pretty big con...
15:06 ze- tapoxi: what?! oh. guess that means i won't ever be able to use it :)
15:07 ze- Good thing I prefer to have hosts running with minions, and ssh as a fallback admin if the minion is out. (and minion to fix ssh if ssh is out :P )
15:07 vifon And I suppose the regular minion would re-read its config from the master by itself, correct? Or do I need to apply new SLS-s by hand anyway?
15:07 tapoxi sorry, it does support sudo but it can't apss in a sudo passwd
15:07 Tanta is there any functional difference between an account with unlimited sudo access and an account that has an auth key on root
15:08 tapoxi so on the account you give it access to it needs nopasswd set in sudoers
15:08 ze- Tanta: yup. you authenticate as a user, giving more logs... and can still have PermitRootLogin no in config.
15:08 tapoxi Tanta easier logging
15:09 Tanta fair enough, I am running masterless so there's no daemon, just a cron job that invokes salt-call
15:09 ze- ie, you can have admins log as their own user, and sudo... at least the logs gives you info about which admin did connect... info you wouldn't have with user & sudo.
15:09 tapoxi vifon config is local to the minion in /etc/salt/minion
15:09 vifon By config I mean the SLS files.
15:09 ze- they only get called on request.
15:09 west575_ joined #salt
15:10 tapoxi vifon the master pushes commands to the bus, so it would basically do nothing until you did a state.apply '*' or had the salt scheduler (or cron job) do the same
15:11 krymzon vifon: do you know about top.sls?
15:11 vifon Not yet.
15:11 fracklen joined #salt
15:12 krymzon basically it assigns .sls files to the various minions, so they know what to read. Not sure how it interacts with salt-ssh, though
15:12 tapoxi krymzon does the same with salt-ssh
15:12 vifon Sounds like the top file of an Ansible playbook. Fair enough.
15:13 numkem joined #salt
15:13 tapoxi vifons salt-ssh is more or less the same as using normal salt but you need to feed it a roster file of minions. it can read ansible rosters or you can easily make one yourself in yaml
15:14 saintpablo joined #salt
15:14 tapoxi personally I have a small script that reads my aws inventory and poops out a roster file
15:14 stanchan joined #salt
15:14 west575 joined #salt
15:14 vifon So, summarizing... Should I forget about using the master-minion structure in my case and just use salt-ssh or is it not that black & white?
15:15 sepehr joined #salt
15:16 sepehr Hey
15:16 krymzon I guess another con of salt-ssh is it doesn't scale that well to thousands of minions? But it probably doesn't apply in this case
15:16 tapoxi vifon whatever's easier for you. master-minion would mean your laptop's IP should be static or you have a dns record that updates easily
15:16 vifon I think I will have 2-3 minions. So not a problem.
15:17 tapoxi salt-ssh doesn't care about where the master is, but its a little slower. for 2-3 minions that might be the easiest route
15:18 vifon Still faster than Ansible, I suppose.
15:18 vifon That's the main reason I'm migrating from it. It was ridiculously slow.
15:18 tapoxi I've seen speed tests and its a little bit faster, but not the insane difference that zmq gives you
15:19 tapoxi I have 90 minions and i'd never consider salt-ssh except for fallback
15:19 akhter joined #salt
15:19 tapoxi worked at a place with ~1300 minions and salt-ssh doesn't scale
15:19 heaje joined #salt
15:20 tapoxi for 2-3 though, makes perfect sense. only switch to master-minion if the speed is a pita
15:22 akhter joined #salt
15:24 Tanta you could replace salt-ssh with a custom interface using GNU parallel to run remote 'salt-call whatever' for better speed
15:25 Brew joined #salt
15:25 fredrick joined #salt
15:26 ablinkin joined #salt
15:26 tapoxi Tanta well you'd need to have an up-to-date cache of the state files. salt-ssh uploads a mini-agent and deps for you
15:27 cyborg-one joined #salt
15:27 Tanta you could use Git for that, but at that point you're really just using a masterless setup
15:27 tapoxi but I've heard some larger places like to do something similar, especially with puppet where there's a ton of load on the master
15:28 tapoxi right
15:28 Tanta I'm a big fan of masterless because it removes a point of failure and scales without any work
15:28 Tanta you lose a lot of the cool orchestration features that a salt-master provides though
15:28 tapoxi we went with HA salt master and syndics at the last place
15:29 Tanta how did that work out?
15:29 tapoxi mostly because we needed orchestration and not just the occasional state.apply
15:29 quickquestion joined #salt
15:30 tapoxi pretty good, no issues with performance except the master likes to chew cpu
15:30 tapoxi but it made deployments insanely fast
15:31 dh__ joined #salt
15:31 Tanta nice, I have my own set of bash scripts that use GNU parallel and SSH to do batch operations, it's a little ghetto but it works
15:33 armonge joined #salt
15:35 fredrick I installed pygit2 via pip but salt-master does not see it installed???
15:38 petru joined #salt
15:39 XenophonF you might need to restart the master if you haven't already
15:40 fredrick Xenophonf: in regards to pygit2?
15:40 fredrick if so I did
15:40 XenophonF yes
15:41 Guest72225 Hi guys! I have a question regardin the newly introduced pillar stack. In the docs I noticed that you can access pillar data either by using something like pillar['item'] or like pillar.get('item'). For me the first one works however the second (pillar.get) doesn't return anything for a pillar item that was already set in a cmd_yaml external pillar (placed prior to pillar stack in the ext_pillar hierarchy. Does anybody know if th
15:43 cprior joined #salt
15:43 Tanta you use it like: {% set value = salt['pillar.get']('key', 'default_value') %}
15:44 Tanta the default value is optional
15:44 ablinkin joined #salt
15:44 Nahual joined #salt
15:45 rodr1c joined #salt
15:45 rodr1c joined #salt
15:46 tapoxi fredrick what os?
15:48 Guest72225 @Tanta - so in the docs here: https://docs.saltstack.com/en/latest/ref/pillar/all/salt.pillar.stack.html they do something like: pillar.get('roles', [])  but this doesn't seem to work for me: i.e if I do something like that it fails however this: pillar['roles'] works and I don't understand why the first one fails
15:49 fredrick ubuntu 14.04
15:49 amcorreia joined #salt
15:50 tapoxi fredrick try installing as a package in case salt is using a virtualenv?
15:50 fracklen joined #salt
15:50 Tanta oh I don't use pillarstack
15:50 Tanta I just use the built-in pillar
15:50 tapoxi im not a ubuntu user though so i'm just guessing
15:50 fredrick I installed as pip I can not find a package for it.
15:51 tapoxi do you have git installed?
15:51 fredrick gitpython: 0.3.2 RC1
15:52 fredrick But on my other masters I am only using pygit2.
15:52 tapoxi fredrick no I mean the actual git and libgit
15:52 fredrick yes
15:52 tapoxi ¯\_(ツ)_/¯
15:52 keimlink joined #salt
15:53 fredrick right!?
15:53 cscf How do I test-render a jinja file?
15:53 cscf like just print the result
15:54 misconfig joined #salt
15:55 fredrick I test with http://jinja2test.tk/
15:55 ffredrikk joined #salt
15:55 raspy joined #salt
15:56 cscf fredrick, it doesn't seem to render anything?
15:57 raspy hi all, does this mean that if "home" does not exist, then default it to /opt/system? {% set home = pro.get('system', '/opt/system') -%}
15:57 numkem joined #salt
15:58 akhter joined #salt
15:58 tapoxi raspy yes
16:00 dezertol joined #salt
16:02 sp0097 joined #salt
16:03 ffredrikk joined #salt
16:03 Qwazerty2 joined #salt
16:04 bdrung_work joined #salt
16:05 cliluw joined #salt
16:05 titilambert joined #salt
16:05 tperale joined #salt
16:05 karlthane joined #salt
16:06 xMopxShell joined #salt
16:06 stomith joined #salt
16:06 drags1 joined #salt
16:07 ablinkin joined #salt
16:08 jrose1030 joined #salt
16:09 chitown joined #salt
16:09 raspy when creating a user via saltstack and setting a hashed password in the password var, what decrypts that on the minion end, this is linux
16:09 CustosLimen joined #salt
16:10 pipps joined #salt
16:11 thraxil joined #salt
16:11 cscf raspy, afaik, nothing, it drops the hash in /etc/shadow
16:11 LotR hashes don't get 'decrypted' you take the user input, perform the same hash algo and compare
16:11 cscf Hashes cannot be "decrypted" anyway
16:13 adeschamps joined #salt
16:15 raspy ah k thx!
16:17 akhter joined #salt
16:19 woodtablet joined #salt
16:20 Bryson joined #salt
16:21 spuder joined #salt
16:21 FroMaster joined #salt
16:27 akhter joined #salt
16:28 amy_ joined #salt
16:30 onlyanegg joined #salt
16:33 fredrick Had to use libgit version 0.24.0
16:36 brotatochip joined #salt
16:44 edrocks joined #salt
16:46 jaybocc2 joined #salt
16:47 Turl joined #salt
16:48 pipps joined #salt
16:50 akhter joined #salt
16:51 jstjohn joined #salt
16:53 whitenoise joined #salt
16:54 pipps joined #salt
16:54 vifon left #salt
16:55 sp0097 joined #salt
16:57 dyasny joined #salt
16:57 akhter joined #salt
16:58 ageorgop joined #salt
16:59 spuder_ joined #salt
17:02 UtahDave joined #salt
17:04 jaybocc2 joined #salt
17:05 coldbrewedbrew_ joined #salt
17:07 DammitJim joined #salt
17:11 ablinkin joined #salt
17:12 akhter joined #salt
17:16 edrocks joined #salt
17:16 akhter joined #salt
17:20 mohae_ joined #salt
17:22 stomith is there a recommended way to upgrade the salt-minions without logging into each one?
17:24 tapoxi joined #salt
17:24 mikecmpbll joined #salt
17:26 misconfig joined #salt
17:26 misconfig joined #salt
17:28 UtahDave stomith: Salt has gotten a lot better about being able to upgrade itself. I'd recommend testing on a couple hosts first before doing it across your entire infra
17:28 beardedeagle joined #salt
17:29 stomith UtahDave, yes, I was under the impression that it was.
17:29 stomith thanks
17:30 jlott joined #salt
17:30 tapoxi anyone using the nova driver, I'm utterly confused as to what goes in the minion config and what's in cloud.providers.d
17:31 fannet joined #salt
17:32 akhter joined #salt
17:34 sp0097 joined #salt
17:37 akhter joined #salt
17:38 tapoxi oh nevermind i'm an idiot I was in the wrong dir the whole time
17:38 tapoxi :)
17:38 ablinkin joined #salt
17:40 ub1quit33 joined #salt
17:42 edrocks joined #salt
17:46 ivanjaros joined #salt
17:47 tuxx joined #salt
17:48 west575_ joined #salt
17:49 ilbot3 joined #salt
17:49 Topic for #salt is now Welcome to #salt! | Latest Versions: 2015.5.11, 2015.8.11, 2016.3.2 | Support: https://www.saltstack.com/support/ | Logs: http://irclog.perlgeek.de/salt/ | Paste: https://gist.github.com/ (please don't multiline paste into channel) | See also: #salt-devel, #salt-offtopic | Ask with patience as we are volunteers and may not have immediate answers
17:52 mikecmpbll joined #salt
17:53 west575 joined #salt
17:54 s_kunk joined #salt
17:54 schack joined #salt
17:56 schack Hi, I'm trying to create a state that will perform a add-apt-repository ppa:ondrej/php , unfortunately this ppa requires a push on the enter button, or the -y option, is there a way to do this in salt ?
17:57 tapoxi schack cmd.run?
17:57 tapoxi schack there's also pkgrepo with -ppa:
17:57 schack OK, thanks, I'll try that
17:57 UtahDave schack: https://docs.saltstack.com/en/latest/ref/states/all/salt.states.pkgrepo.html#salt.states.pkgrepo.managed
17:59 schack pkgrepo is the one i've been trying, ppa gets added but not the gpg key
18:00 wendall911 joined #salt
18:00 adelcast joined #salt
18:01 UtahDave schack: can you pastebin a sanitized version of your sls file you're using?
18:02 schack Sure: http://pastebin.com/yq4FiYUg
18:05 UtahDave what os, schack?
18:05 UtahDave er, I mean, which version of Ubuntu?
18:06 schack It's 16.04, I know I should just be running PHP7, but not all plugins are ready :-(
18:10 raspy joined #salt
18:10 armonge_ joined #salt
18:10 raspy on the salt master, is there a way to prevent the top.sls files from being read in different environments?
18:13 amcorreia joined #salt
18:13 twork_ joined #salt
18:14 UtahDave raspy: what are you trying to accomplish, raspy?
18:14 ffredrikk joined #salt
18:15 raspy UtahDave: oh i guess im looking for top_file_merging_strategy: same
18:16 raspy in case an environment is not set
18:17 cscf schack, download the gpg key to the salt master and serve it using  "- gpgkey: salt://x" under pkgrepo
18:17 monrad joined #salt
18:17 wiqd_ joined #salt
18:19 UtahDave schack: have you tried adding the gpg key to your state?
18:19 schack @UtahDave perhaps pkgrepo should support the -y option like it supports the -u options with refresh_db
18:21 schack @Utahdave it should be installed automagically shouldn't it ? sorry if I'm asking stupid questions, these are my first days with salt
18:21 UtahDave I'm setting up a xenial container to test on right now.
18:23 wendall911 joined #salt
18:24 cscf Keep in mind, don't use short keyids, full fingerprints are needed now
18:25 UtahDave schack: what's the package nae you're wanting to install from that ppa?
18:25 nyx joined #salt
18:25 UtahDave naem
18:25 UtahDave gah.   name
18:25 ablinkin joined #salt
18:27 Guest70538 I'm having an issue using the boto_route53.present state: profile lookup is failing.  I specify the name of my salt-cloud provider that's defined in /etc/salt/cloud.providers.d/foo.conf and the config.options with that provider name is returning an empty string.
18:28 Guest70538 not sure if I'm understanding what gets loaded into config.options correctly
18:28 akhter joined #salt
18:29 schack @UtahDave I'm just trying to add the PPA in order to install PHP5.6, it didn't help to specify the keyid, my guess it's the "Press enter to continue" prompt from apt-add-repository that breaks things
18:31 snarfy^ joined #salt
18:33 jerredbell joined #salt
18:34 UtahDave schack: have you manually tried adding that PPA?  I'm getting an error even doing it manually
18:34 snarfy^ http://pastebin.com/MMTU02yp
18:34 snarfy^ I'm experiencing some salt-cloud troubles after upgrading to 2016.3.2
18:34 snarfy^ i'm not super hot with python, but it seems like something's wrong with the provider key?
18:35 UtahDave snarfy^: is the only thing you've changed is the version of Salt?
18:36 snarfy^ if I'm being honest, I am not 100% sure - but  we use SC to provision new VMs almost every day
18:36 snarfy^ and that's the only major thing I can think of that I've changed, and I did it Friday
18:37 snarfy^ you thinking python shenanigans?
18:38 UtahDave What version did you upgrade from?
18:38 snarfy^ ... 2016.3.1
18:39 subsignal joined #salt
18:39 snarfy^ i might be full of it. dpkg is telling me I did this back on the 10th
18:40 UtahDave Hm. I'd verify your configs and make sure your yaml is all valid.
18:40 snarfy^ ... yeah. fair enough
18:41 UtahDave schack: Yeah, I think that  ppa or maybe the ppa key is bad.  add-apt-repository fails for me even when done manually
18:41 ablinkin joined #salt
18:41 snarfy^ but it affects vmware and was
18:42 schack @UtahDave It works fine when I do it manually
18:42 snarfy^ aws. and those are even different files
18:42 snarfy^ was there a name change from provider to driver?
18:43 UtahDave yeah, there was, but that shouldn't have happened between 2016.3.1 and 2016.3.2
18:44 fracklen joined #salt
18:44 ageorgop joined #salt
18:44 snarfy^ yeah we're using driver anyway]
18:45 mikecmpbll joined #salt
18:46 UtahDave snarfy^: how did you do the upgrade?
18:46 nicksloan joined #salt
18:47 netcho joined #salt
18:49 ponyofdeath joined #salt
18:50 UtahDave schack: This is what I'm getting:  http://pastebin.com/uw24Hfh8
18:52 schack @UtahDave Yes that's what you are getting if you use cmd.run, using the command directly on the console of the servers will give you no errors
18:53 jhauser joined #salt
18:56 UtahDave schack: that's what I got when I was logged in as root on my VM and ran the command manually
19:01 schack @UtahDave Perhaps it's the thing about UTF-8 locales the PPA maintainer mentions ? For me it works fine on console, and gives me the error you pastebin'ed when using cmd.run
19:03 schack @UtahDave I gotta get to bed, I'n in Europe, it's getting late, thank you very much for your time so far
19:04 UtahDave you're welcome, schack
19:05 fleaz joined #salt
19:11 GreatSnoopy joined #salt
19:13 ronp_usa joined #salt
19:16 Brew joined #salt
19:18 akhter joined #salt
19:18 nicksloan joined #salt
19:19 ablinkin joined #salt
19:21 FreeSpencer joined #salt
19:21 FreeSpencer joined #salt
19:22 bbradley joined #salt
19:22 coldbrewedbrew joined #salt
19:22 coldbrewedbrew joined #salt
19:22 alexhayes joined #salt
19:23 irated joined #salt
19:23 pipps joined #salt
19:27 PPP_ joined #salt
19:28 jenastar joined #salt
19:33 manji joined #salt
19:38 armonge joined #salt
19:38 dh__ joined #salt
19:40 snarfy^ argh. I still can't quite figure it out. if I remove allllll profile config, salt-cloud starts working again. but if there is a single conf file in cloud.profiles.d (it doesnt seem to matter which one!) then I get the above error
19:43 felskrone joined #salt
19:44 akhter joined #salt
19:45 ablinkin joined #salt
19:46 coldbrewedbrew joined #salt
19:46 coldbrewedbrew joined #salt
19:47 pipps99 joined #salt
19:48 coldbrewedbrew_ joined #salt
19:49 jenastar left #salt
19:58 snarfy^ Arg. Sorry. Our fault. Someone put 'driver' in a profile.
19:58 snarfy^ Instead of provider
20:00 Edgan joined #salt
20:05 ffredrikk joined #salt
20:06 sp0097 joined #salt
20:11 racooper joined #salt
20:15 pipps joined #salt
20:15 xbglowx joined #salt
20:18 ablinkin joined #salt
20:21 pipps99 joined #salt
20:22 StolenToast how do I use jobs.lookup_jid with the "display_progress" flag from the command line?
20:22 alexhayes joined #salt
20:23 StolenToast I'd like to "re-attach" to a long-running job I lost stdout for
20:23 StolenToast oh no it seems to be working now...
20:23 beardedeagle joined #salt
20:24 StolenToast for those who'd like to know you just add "display_progress" to the end of the invocation
20:26 teryx5101 joined #salt
20:27 StolenToast or maybe not... probably ignore me
20:31 akhter joined #salt
20:33 pipps joined #salt
20:33 Nahual joined #salt
20:37 pipps99 joined #salt
20:38 AvengerMoJo joined #salt
20:41 dfdf joined #salt
20:41 alexhayes joined #salt
20:45 akhter joined #salt
20:45 freelock joined #salt
20:47 quasiben joined #salt
20:47 badon joined #salt
20:49 keimlink joined #salt
20:52 ablinkin joined #salt
21:01 pipps99 joined #salt
21:03 jxm_ joined #salt
21:12 justanotheruser joined #salt
21:18 Lionel_Debroux_ joined #salt
21:18 DammitJim joined #salt
21:22 keimlink_ joined #salt
21:31 subsignal joined #salt
21:41 xbglowx joined #salt
21:43 nidr0x joined #salt
21:49 raspy is it possible to nest yaml format in salt?
21:52 iggy raspy: nest in what way?
21:57 raspy iggy: http://pastebin.com/5AVDpc6u
21:57 iggy for config files, I'm 99% sure that only basic yaml works
21:58 raspy okay thx iggy
21:58 raspy iggy: is there any documentation on that anywhere by chance?
21:58 iggy why not just generate your salt configs with salt, then you can use jinja and all the other niceties of the renderers
21:59 raspy yeah ill need to look into that
22:11 * Llmiseyhaa peers at watch_in, tries to figure out why putting a watch_in: - some_service on a file.managed: isn't triggering that service to restart when said file changes like docco indicates it should.
22:12 iggy Llmiseyhaa: `- service: some_service` ?
22:12 Llmiseyhaa where some_service is the name of a state that I use service.running I wrote
22:12 iggy gist the actual code?
22:12 Llmiseyhaa sure
22:13 jrgochan joined #salt
22:13 jrgochan Hello hello. I was wondering what the best way to install a root CA cert is in salt
22:14 iggy jrgochan: cmd.run probably (I don't know of anything cert related aside from the "generate self-signed cert" stuff
22:15 Llmiseyhaa https://gist.github.com/anonymous/b3b983ea9b4501b174c9e7ed2a7cadf2
22:15 iggy Llmiseyhaa: yeah... as I said, your requisite lines aren't formatted correctly
22:16 iggy it's `- <module>: <ID>`
22:16 Llmiseyhaa oh... I thought I saw in 2016.6 the docco indicates that you don't have to put the module: part on anymore
22:16 Llmiseyhaa 2016.3 rather
22:16 Llmiseyhaa typos *headdesk*  Ok
22:16 iggy so - watch_in:\n  - service: solr_service
22:17 pipps joined #salt
22:17 Llmiseyhaa per https://docs.saltstack.com/en/latest/ref/states/requisites.html in 2016.3.0 and up, that's no longer required
22:17 Llmiseyhaa but yeah I'll try it with that in there
22:17 Llmiseyhaa thanks (=
22:17 jrgochan iggy: Thanks. I'll take that route
22:18 iggy yeah, I guess that is true... guess I don't rely on that change since I don't have any systems that install 2016.3 out of the box
22:20 pipps99 joined #salt
22:21 Llmiseyhaa either way I'll try that; isn't a high priority problem I just figured I'd run it by y'all.  Thanks. (=
22:22 iggy Llmiseyhaa: wonder if it could be because it's a binary file...
22:22 Llmiseyhaa That could be.
22:23 Llmiseyhaa I did notice it mentioned it is a binary file.
22:23 iggy would be interesting to test a normal text file with a watch_in
22:26 mohae joined #salt
22:27 pipps joined #salt
22:27 shanemhansen jrgochan: I just install it.
22:27 shanemhansen In my case it doesn't need to be trusted so it's just a file.managed.
22:28 shanemhansen On debian systems you can dump it in /usr/local/share/ca-certificates and run the update hooks.
22:28 shanemhansen Not sure about the process on NSS based systems.
22:28 jrgochan Gotcha. I'm still learning ssl
22:28 jrgochan reading through the "update-ca-trust" manual
22:30 ramblinpeck joined #salt
22:31 Deliants joined #salt
22:34 west575 joined #salt
22:39 cyborg-one joined #salt
22:41 pipps joined #salt
22:44 colegatron joined #salt
22:53 pipps joined #salt
22:59 pipps joined #salt
23:01 ninjada joined #salt
23:04 edrocks joined #salt
23:04 Edgan jrgochan: are you using an internal ca?
23:11 ninjada joined #salt
23:14 drawsmcgraw joined #salt
23:17 SpX joined #salt
23:30 pipps joined #salt
23:33 nicksloan joined #salt
23:40 pipps joined #salt
23:41 pipps99 joined #salt
23:48 keimlink joined #salt
23:49 subsignal joined #salt
23:50 ageorgop joined #salt
23:51 pipps joined #salt
23:53 sp0097 joined #salt
23:58 Brew joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary