Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2016-09-14

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:03 |aaron joined #salt
00:04 |aaron is there a way to get the IP address of a different minion from inside a jinja template?
00:05 |aaron e.g. im building the zonefile for a secondary dns server and it needs the IP of the master. on the command line i could just do `salt -I 'roles:dns_master' network.ip_addrs`
00:14 raspado joined #salt
00:14 raspado is it a requirement to add a gid for a group?
00:14 raspado using group.present
00:17 ekristen joined #salt
00:21 Nahual joined #salt
00:28 flowstate joined #salt
00:36 whytewolf |aaron: https://docs.saltstack.com/en/latest/topics/mine/
00:37 whytewolf raspado: "The group id to assign to the named group; if left empty, then the next available group id will be assigned"
00:37 whytewolf raspado: https://docs.saltstack.com/en/latest/ref/states/all/salt.states.group.html#salt.states.group.present
00:39 justanotheruser joined #salt
00:39 |aaron whytewolf: ahhh thank you :)
00:41 justanotheruser joined #salt
00:41 raspado whytewolf: very awesome thx :D
00:41 whytewolf no problem :)
00:59 ronnix joined #salt
01:00 schemanic_ joined #salt
01:00 schemanic_ Hi
01:01 schemanic_ In salt-cloud, can I target minions the same way?
01:01 schemanic_ I tried a glob to shut down servers and it wasn't having it
01:06 XenophonF i don't think salt-cloud features targeting like that
01:06 XenophonF let me check the manpage
01:13 quasiben joined #salt
01:17 ekristen joined #salt
01:27 Salander27 joined #salt
01:28 flowstate joined #salt
01:35 whitenoise_ joined #salt
01:38 jerryc joined #salt
01:40 Nahual joined #salt
01:41 catpigger joined #salt
01:43 DammitJim joined #salt
01:46 DammitJim this is probably a very silly question
01:46 DammitJim but, is there a way to do a file.file_exists for a file that is only accessible by another user other than root?
01:47 ilbot3 joined #salt
01:47 Topic for #salt is now Welcome to #salt! | Latest Versions: 2015.8.12, 2016.3.3 | Support: https://www.saltstack.com/support/ | Logs: http://irclog.perlgeek.de/salt/ | Paste: https://gist.github.com/ (please don't multiline paste into channel) | See also: #salt-devel, #salt-offtopic | Ask with patience as we are volunteers and may not have immediate answers
01:56 systo joined #salt
01:59 fxdgear joined #salt
02:02 bastiand1 joined #salt
02:10 ekristen joined #salt
02:28 flowstate joined #salt
02:28 Salander27 joined #salt
02:35 Sokel left #salt
02:38 subsigna_ joined #salt
02:55 systo joined #salt
03:27 flowstate joined #salt
03:32 tuxx joined #salt
03:37 voxpop joined #salt
03:39 systo joined #salt
03:55 voxpop_ joined #salt
03:55 ekristen joined #salt
03:55 voxpop joined #salt
03:57 voxpop joined #salt
04:00 edrocks joined #salt
04:04 ronnix joined #salt
04:23 quasiben1 joined #salt
04:27 flowstate joined #salt
04:32 hrumph joined #salt
04:32 hrumph hi
04:32 hrumph what is the best way to schedule highstates on minions?
04:46 auzty joined #salt
04:47 hemebond joined #salt
04:47 ajolo joined #salt
04:55 raspado hrumph: http://pastebin.com/epadNkDx
04:56 raspado https://docs.saltstack.com/en/latest/topics/jobs/
04:57 raspado hrumph: http://pastebin.com/Hp8yCv7X
04:59 ageorgop joined #salt
05:02 justanotheruser joined #salt
05:10 bocaneri joined #salt
05:12 bocaneri joined #salt
05:13 kshlm joined #salt
05:17 gtmanfred joined #salt
05:19 watersoul joined #salt
05:24 DEger joined #salt
05:27 flowstate joined #salt
05:32 rdas joined #salt
05:36 Brijesh1 joined #salt
05:40 Satyajit joined #salt
05:41 Brijesh2 joined #salt
05:47 Brijesh1 joined #salt
05:47 Brijesh1 joined #salt
06:00 impi joined #salt
06:03 edrocks joined #salt
06:06 ivanjaros joined #salt
06:13 systo joined #salt
06:22 netcho joined #salt
06:23 netcho hey guys
06:26 netcho is git.latest state 'listening' on git change or the state needs to be ran manually? does it trigger on commit like jenkins plugin for example or i need to apply state?
06:26 hemebond netcho: The state checks the git respository when it's applied.
06:26 netcho ok, thanks
06:26 netcho makes sence since no hooks is setup
06:26 netcho hook
06:28 flowstate joined #salt
06:29 netcho so i need to schedule
06:29 hemebond Or use a hook.
06:33 netcho yeah
06:33 netcho damn i like salt
06:33 Brijesh1 left #salt
06:47 DarkKnightCZ joined #salt
06:51 DarkKnightCZ Hello, I'm having performance troubles with latest salt-master in virtualized environment (OpenStack, KVM) on CentOS 7... all responses are horribly slow, salt-key takes 20 seconds just to print minions, jobs.lookup_jid takes multiple minutes, while on different environment it's running blazingly fast (and it has worse hardware)... so far I've tried to do clean installation of both salt master and OS , disabling selinux, installing haveged
06:52 hemebond Sounds like slow disk access.
06:54 DarkKnightCZ Oh, I've also checked top (sometimes 100% cpu), iotop is showing almost no disk utilization
06:55 hemebond Hmm.
06:55 DarkKnightCZ and it's also slow if it doesn't have any minions connected and nobody is trying to connect (setting listen host as localhost)
06:56 N-Mi joined #salt
06:57 ronnix joined #salt
06:57 DarkKnightCZ testing hard drive via hdparm shows following data - timing cached reads: 9500MB/sec, timing buffered disk reads: 648MB/sec, so i don't think it could be slow disk access
06:58 DarkKnightCZ dding 100MB takes 0,07 sec
06:58 hemebond Okay. I just assumed disk because of the two activities you listed just reading files (as far as I know).
07:00 DarkKnightCZ Yup, i thought of that as well as initially those files were stored on shared drive
07:00 Cshabi joined #salt
07:02 ivanjaros joined #salt
07:02 telx joined #salt
07:04 ivanjaros3916 joined #salt
07:06 dariusjs joined #salt
07:06 voxpop joined #salt
07:09 toanju joined #salt
07:10 netcho joined #salt
07:10 baffle joined #salt
07:10 yuhlw_ joined #salt
07:10 riftman joined #salt
07:11 west575 joined #salt
07:18 wm-bot4 joined #salt
07:19 DEger joined #salt
07:27 flowstate joined #salt
07:29 ronnix joined #salt
07:32 robawt joined #salt
07:32 netcho joined #salt
07:35 jxm_ joined #salt
07:38 CeBe joined #salt
07:43 skrobul joined #salt
07:48 Rumbles joined #salt
07:49 ageorgop joined #salt
07:49 RobertLaptop joined #salt
07:49 xMopxShell joined #salt
07:49 voytek joined #salt
07:50 Sarphram joined #salt
07:54 pmcg joined #salt
07:57 DEger joined #salt
07:58 impi joined #salt
08:01 keimlink joined #salt
08:01 Reverend copying files recuirsively with permissions preserved... hit me.
08:03 permalac joined #salt
08:06 edrocks joined #salt
08:06 geomacy joined #salt
08:13 keimlink joined #salt
08:13 dariusjs joined #salt
08:17 Yoda-BZH joined #salt
08:18 infrmnt joined #salt
08:25 * babilen hits Reverend
08:28 * Reverend grumbles.
08:28 Reverend also - could not found expected ':'; line 46
08:28 Reverend kek
08:30 babilen Maybe paste some of your code to http://refheap.com, http://paste.debian.net, https://gist.github.com, http://sprunge.us, … ? Not sure what you are struggling with
08:30 Reverend I can do. I'm just working around it atm... gimme a sec
08:30 afics joined #salt
08:30 afics joined #salt
08:32 Reverend babilen: http://pastebin.com/0PRxVLgH
08:32 Reverend can you see?
08:32 babilen pastebin.com ....
08:32 Reverend pastabinz.
08:32 Reverend it's gold dust
08:32 Reverend where all the cool shit goes down.
08:32 babilen http://paste.debian.net/821087/ (for people following along)
08:32 babilen It's the worst pastebin that's on the network
08:33 Reverend liar
08:33 Reverend :P
08:33 babilen It's pretty bad
08:33 babilen Anyway .. what's the issue?
08:33 Reverend hahaha
08:34 Reverend I was hoping to retain all of the +x on the scripts that need compiling/making/installing/blah sourcey crap
08:34 Reverend but it just goes root:root:644 on everyyyything
08:34 Reverend sooo, I'm having to manually select scripts that need +x and forloop it. :(
08:34 babilen 655 is, btw, a rather unusual mode
08:35 babilen Are you sure that you don't want that to be 755?
08:36 babilen So, to get this straight: You have files in salt://varnish/files/etc/varnish/varnish-modules-0.9.1 on the master (how is this done?) with the executable bit set, but that is not being preserved by file.recurse?
08:36 Rumbles joined #salt
08:36 Reverend I struggle with double negatives. but yes, 755. mybad. >_<
08:36 Reverend yeah. exactly.
08:37 babilen Which brings us to "How is this done?"
08:38 Reverend how is what done?
08:38 babilen How are you making those files available on the salt master?
08:38 Reverend I hate to sound either A: stupid as shit. and B: rude. but I have no idea what you're asking me.
08:39 babilen That's fine
08:40 babilen You have files that you are (trying) to recursively copy from the master to the minion. You must have made those files available to the master in some specific way. I am asking how you achieved that?
08:40 Reverend I put them there.
08:40 babilen Where?
08:41 Reverend in /srv/salt/varnish/.../varnish-modules-0.9.1/
08:41 babilen GitFS, somewhere in local file_roots on some filesystem, ... ?
08:41 babilen Right, so you are using file_roots with local files
08:41 Reverend yeah, they're just on the master as a cloned repo.
08:42 babilen okay
08:43 Reverend VISION!
08:43 Reverend if I use the git stuff in salt...
08:43 Reverend they'll come with the correct file perms.
08:43 babilen Which version of salt are you using?
08:43 Reverend errr sec.
08:44 babilen Could you also show me the permissions locally and on the minion?
08:44 babilen (a stat call would do nicely)
08:44 Reverend 3.2-1
08:44 babilen Is that meant to be the salt version?
08:44 Reverend from yum.
08:44 babilen What does "salt --version" give you?
08:45 Reverend 2016.3.2
08:45 Reverend Boron... nice naming convention.
08:46 babilen https://github.com/saltstack/salt/pull/34807
08:46 saltstackbot [#34807][MERGED] Feature addition: preserve mode in file states | This allows both the ``mode`` param in the ``file.managed`` state, and the...
08:47 babilen That being said: You might want to be explicit about the permissions if you expect them to be in a specific state
08:48 babilen GH is really slow today
08:49 babilen That change does not have made it into a current release
08:49 babilen So you would have to be explicit rather than relying on your source
09:01 flyboy82 joined #salt
09:05 netcho joined #salt
09:05 Reverend babilen - sorry I was duscissing things with my boxx
09:06 Reverend lemme see if I can yum update. pls be yes
09:06 Reverend 3.3
09:06 Reverend noice
09:06 Reverend oh wait
09:06 DarkKnightCZ is there any archive repository to get salt-master:2016.3.0 ? I want to verify the slowness issues in older version
09:07 Reverend god dammit that's current release. eh - I'll survive with explicit for now, I'll change it when it's on release. Thanks
09:07 Reverend thanks babilen <3 *
09:07 DarkKnightCZ ha, found it, https://repo.saltstack.com/yum/redhat/7/x86_64/archive/2016.3.0/
09:07 Reverend gratz DarkKnightCZ :)
09:09 manji DarkKnightCZ, are you talking about this issue?
09:09 manji https://github.com/saltstack/salt/issues/34872
09:09 saltstackbot [#34872][OPEN] "Minion did not return" executing state with long running command, 2016.3 regression | This is a setup I've been using for about a year, on a variety of 2015 versions, with no issue. Upgrading the minion to 2016.3.1 makes it stop working. I believe it's long-running commands, but maybe something else specific to what I'm doing. ...
09:10 DarkKnightCZ manji: no, I've mentioned it earlier today, i can repaste it
09:10 manji no need, I will  replay my log
09:13 DarkKnightCZ ok, so it's slow as well with 2016.3.3 as with 2016.3.0 (which is the version running on different env where it's fast), so its somehow environment specific (although I have no clue what could be the problem
09:14 DarkKnightCZ ha
09:14 DarkKnightCZ i've changed internal DNS to 8.8.8.8 and it now takes 0.5sec instead of 20 secs
09:14 DarkKnightCZ no clue why though
09:15 babilen Slow DNS is slow
09:15 DarkKnightCZ well, the dns is fast
09:16 babilen sudo hostname lookup?
09:16 DarkKnightCZ it's as fast for resolving all possible combinations (hostname, fqdn, master id, minions) as is google public dns
09:17 DarkKnightCZ returns the same, which is not found... the hostname / fqdn is not in DNS records
09:17 DarkKnightCZ i will try tcpdumping the DNS communication to see what it does
09:18 Kimamisa joined #salt
09:22 Kimamisa left #salt
09:22 Kimamisa joined #salt
09:23 Kimamisa Hi all ! I have a question regarding the boto_vpc module: I am creating a VPC and a subnet on EC2, and now I need to have the SubnetId returned by the create function. What is the best way to do that ?
09:24 DarkKnightCZ babilen: seems like ipv6 reverse lookup... although i don't know why salt does that since ipv6 is disabled
09:25 babilen You disabled the future?
09:25 babilen ;)
09:25 DarkKnightCZ i mean in salt :)
09:26 babilen It might be other things that trigger that lookup (e.g. sudo)
09:26 DarkKnightCZ no no, it's not related to user, it's definitely done by salt
09:26 lero joined #salt
09:27 babilen I guess I'd have to see some data to be of further help
09:27 babilen (if at all)
09:28 DarkKnightCZ yeah... probably the easier way is to work around this with custom DNS (or fixing the source one)... if i have some time i will try to reproduce it somewhere and if needed, i can create issue on github for this
09:28 babilen Sounds like a good plan
09:32 felskrone joined #salt
09:35 mefu joined #salt
09:36 LordOfLA joined #salt
09:36 DarkKnightCZ after disabling ipv6 stack (we don't use it anyways), it works like a charm :)
09:41 mefu I am searching for a way to define a libvirt network from xml using salt. I can copy xml and call command "virsh net-define <path-to-xml>" but I want it to be a state and not run if network is already defined. Is there a module for this? salt.modules.virt.create_xml_path looks like for creating vms, not only network, would it work with that?
09:48 Kimamisa left #salt
09:51 lero joined #salt
09:59 blackpioter hello there
09:59 blackpioter is it possible to provide file.managed notation in literal ?
09:59 blackpioter I mean permissions
09:59 blackpioter i.e. instead dir_mode 755, could I provide i.e o+x ?
09:59 blackpioter or o=r-x ?
09:59 blackpioter or o=rx ?
10:01 N-Mi joined #salt
10:04 quantumquine joined #salt
10:08 edrocks joined #salt
10:10 quantumquine How do I begin understanding salt environments?
10:12 Rumbles read the docs? use it?
10:12 Reverend use it
10:12 Reverend :)
10:13 Rumbles hard to say, that's a very open ended question
10:13 Rumbles depends on your current level of understanding and your aim
10:13 Reverend quantumquine - have you worked with any other provisioner before?
10:13 Reverend puppet? chef?
10:14 quantumquine puppet, ansible
10:17 Reverend you'll be fine then. Just dive in. Create some files, install some things. Once you get your head around the whole yaml thing, you'll be rolling. I'm still learning it, but after using puppet for a while, you kinda get the idea of how it works.
10:17 quantumquine The documentation explains how everything will break if I dare to set any environment: https://docs.saltstack.com/en/latest/ref/states/top.html#scenario-1-dev-environment-specified but I don't get why I would want to.
10:18 Reverend what? specify an env, or break stuff?
10:18 Reverend A - you may want two environments, so you can tweak things and put it into a staging environment for testing.
10:18 Reverend B - you learn by breaking things. If you never break antyhing you never have anything to fix.
10:20 quantumquine I mean I get that I would want to test new versions of state files in on a separate list of machines, but I don't get how to actually do it with so many ways to break things. If I wanted to shoot myself in the foot I'd use C =)
10:25 quantumquine I guess I'll just have to poke at it until somethings works, thanks for the help anyway.
10:26 Reverend why don't you try describing what's broken and then people can try and help.
10:35 DarkKnightCZ joined #salt
10:35 felskrone whats the easiest way to see the result of 'grains.filter_by(merge=salt['pillar.get']()) used in a formula?
10:45 amcorreia joined #salt
10:46 jchern joined #salt
10:46 jchern good morning.
10:46 jchern quick question, how to use sdb in a state file?
10:47 jchern I have a key/value in an sdb that I want to use as replacement text in a file.
10:55 lovecraftian joined #salt
11:03 dariusjs joined #salt
11:03 Kakwa joined #salt
11:04 babilen quantumquine: What are you trying to achieve with environments?
11:09 quantumquine I don't have a use for them yet, but I wanted to get an idea for (1) best practices to aim for (2) why they work the way they do in salt.
11:09 quantumquine This way when I have a problem that can be solved by environments I will recognise that.
11:11 babilen quantumquine: I would recommend to not use environments in salt and simply use distinct masters for qa/dev/prod/.... In particular in combination with GitFS they are cumbersome and annoying. It should be pointed out that they've seen some development in the last year that I have not really taken into account to form my opinion, so YMMV
11:13 yomilk joined #salt
11:15 XenophonF joined #salt
11:18 quantumquine So far I'm getting the impression that environments work the way they do not because of what's required of them, but because of architectural reasons (how minion targeting and the fileserver works). And they're too flexible to be usefully limiting, so you have to invent some convention to make life simpler, but that's better left for somebody with experience to do first and publish as a best practices tutorial.
11:20 babilen I found them to be rather painful
11:23 quasiben joined #salt
11:24 Qlawy I would like to run 'rndc reload' only when config/db file of bind9 is changed, its easy with watch_in: cmd: rndc reload, however, how to prevent runnig this command during initial run, I mean when bind is installed first time?
11:25 yomilk joined #salt
11:26 Qlawy on changes?
11:33 blackpioter chaps, is there a possibility to use literal notation in file.managed file_mode or dir_mode ? i.e o+x ?
11:35 hemebond blackpioter: The idea is to make your states idempotent so that the state of the system is exactly as you describe it.
11:35 hemebond If you use +x you don't actually know what state the file will be in.
11:38 blackpioter hemebond: yeah, I'm aware, but I lack the puppet feature that states regarding same i.e directory can be written multiple times
11:39 blackpioter i.e I can write opt_perm : 750
11:39 blackpioter and another state taht references same resource, which would change the perm i.e 751
11:39 blackpioter so, all in all, multiple states can reference same resource and change perms
11:40 kbaikov joined #salt
11:40 blackpioter while in puppet 1 resource in multiple states would cause error
11:41 hemebond Well, not quite. If you reference a file with the same resource ID it'll cause an error in Salt too.
11:41 blackpioter yes, but only if I use same resource ID in state name
11:41 hemebond But it's the same in Puppet, no?
11:41 blackpioter AFAIR nope
11:42 blackpioter ie. if you would change /opt perms in 2 places, puppet would raise and issue
11:42 hemebond So in Puppet even if you use different resource names for the same file it will throw an error?
11:42 blackpioter it should, at least as far as i remember
11:43 hemebond brb, testing
11:43 blackpioter i.e you can't define perms for /opt in 2 different modules
11:47 hemebond You're right. It creates an alias from the resource type and path ['File', '/tmp/blah'] and uses that as an ID of sorts.
11:48 blackpioter well, you know, that is at the same time the good and the bad side :)
11:48 blackpioter it forgives more
11:51 hemebond Yeah, does seem to have caused people trouble.
11:52 hemebond Looks like I forgot to actually type this: you could just use a cmd.run to apply the change.
11:53 hemebond Or whatever the state equivalent is.
12:02 dariusjs joined #salt
12:08 blackpioter yeah, I'm using cmd.run to achieve +x or whatever similar ;)
12:13 netcho joined #salt
12:16 raspado joined #salt
12:17 nicksloan joined #salt
12:20 jchern hello, does anyone know how to use sdb in a state file? I have the key//value pair but unable to reference it correctly in state file when using file.replace
12:27 edrocks joined #salt
12:33 edrocks joined #salt
12:45 hemebond jchern: {{ salt['sdb.get']('sdb://myetcd/mykey') }} ?
12:52 Electron^- joined #salt
12:53 Brijesh1 joined #salt
12:53 Brijesh1 joined #salt
12:54 mavhq joined #salt
13:03 jchern yea, I used that but it put that literally in the file
13:05 ronnix joined #salt
13:07 racooper joined #salt
13:10 DammitJim joined #salt
13:11 numkem joined #salt
13:15 jxm_ joined #salt
13:15 ekristen joined #salt
13:16 subsignal joined #salt
13:19 briansteffens left #salt
13:27 schemanic_ joined #salt
13:27 subsignal joined #salt
13:28 schemanic_ joined #salt
13:31 kshlm joined #salt
13:32 mTeK joined #salt
13:34 ravenx joined #salt
13:34 ravenx how can i populate a jinja template
13:34 ravenx without doing anything else
13:34 ravenx essentially, i just want salt to populate it and show me the output
13:35 ravenx or maybe even redirect it somewhere
13:35 DammitJim ravenx, populate the jinja template with what?
13:35 ravenx my pillar variables
13:37 ravenx i have something like this https://paste.debian.net/821307/  and i would like that populated
13:37 ozux joined #salt
13:38 DammitJim so, you have defined your pillar data
13:38 DammitJim and now you have defined your template
13:38 DammitJim you want a sample of what your file looks like at the end?
13:39 DammitJim from what I understand, you need to target a minion so that it can match the pillar data
13:39 dendazen joined #salt
13:39 ravenx correct
13:39 ravenx ah i see
13:39 ravenx well i do know it works from deploying teh app and everything.
13:39 ravenx however,. i was just wonddering if there is a function to jnust generate a .txt out of that
13:39 DammitJim ok
13:39 DammitJim oh
13:40 DammitJim that I don't know, sorry
13:40 impi joined #salt
13:40 ravenx :(
13:40 DammitJim you could create a temporary file.managed :D
13:40 ravenx true.
13:40 ravenx or actually, i'm open to other tools to populate jinja for me
13:40 ravenx like "foo populate template.txt"
13:40 DammitJim maybe someone in the channel with more knowledge can help you
13:40 ravenx sure thign
13:40 ravenx thansk i will wait
13:42 ozux Is there any way I can list of Salt States available in master? Same for Runner modules? (Without looking at the file system directory structure I mean)
13:45 nicksloan joined #salt
13:46 edrocks joined #salt
13:47 flowstate joined #salt
13:54 perfectsine joined #salt
13:56 Aloz1 joined #salt
14:01 Tanta joined #salt
14:04 flowstate joined #salt
14:08 perfectsine joined #salt
14:10 ssplatt joined #salt
14:11 babilen ozux: https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.cp.html#salt.modules.cp.list_master
14:13 johny joined #salt
14:14 hasues joined #salt
14:14 hasues left #salt
14:14 DarkKnightCZ joined #salt
14:15 TOoSmOotH joined #salt
14:15 DammitJim man, so to run a script remotely, I don't need to file.manage the script if I don't need it in the future?
14:15 DammitJim :D
14:16 ivanjaros joined #salt
14:16 babilen No
14:16 babilen cmd.script takes a local source
14:17 babilen https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.cmdmod.html#salt.modules.cmdmod.script → source
14:18 DammitJim schweeeet!
14:22 ravenx hey, how can i use salt.renderers.jinja.render in my python script
14:22 ravenx i do have salt isntalled in my venv.
14:22 ravenx but when i go:  import salt.renderers.jinja.render
14:22 ravenx then go:     print salt.renderers.jinja.render("filename.conf") i get:
14:23 ravenx Traceback (most recent call last):
14:23 ravenx File "<stdin>", line 1, in <module>
14:23 ravenx File "/usr/lib/python2.7/dist-packages/salt/renderers/jinja.py", line 61, in render
14:23 ravenx salt=_split_module_dicts(),
14:23 ravenx File "/usr/lib/python2.7/dist-packages/salt/renderers/jinja.py", line 33, in _split_module_dicts
14:23 ravenx if not isinstance(__salt__, dict):
14:26 bbradley joined #salt
14:30 DammitJim when salt performs an o/s update/upgrade/dist-upgrade
14:30 DammitJim does it keep the files that have been customized or overrides them? i.e. /etc/samba/smb.conf?
14:31 bitbandit joined #salt
14:37 catpig joined #salt
14:38 Routh joined #salt
14:39 mohae joined #salt
14:39 babilen DammitJim: The default apt* behaviour is to keep files with local modifications
14:40 babilen https://www.youtube.com/watch?v=otCpCn0l4Wo
14:40 Routh Hi folks, learning a bit of Jinja here this morning. Trying to determine how I detect the package version that was installed by salt in a previous state. Specifically, I want to know if MySQL is <> 5.7
14:41 _JZ_ joined #salt
14:41 babilen Routh: That sounds like you are doing it wrong
14:41 babilen (you should know which version you enforce with salt)
14:42 babilen ((and there is typically a single version packaged for your platform anyway))
14:42 babilen salt['pkg.version'](...) could be used though
14:42 DammitJim thanks
14:42 ravenx babilen: do you happen to know how to use salt's jinja render engine
14:42 bowhunter joined #salt
14:42 ravenx in a py script?
14:43 Routh Well, the formula I'm patching could be used to install any version babilen, from the official repos or from the disto repos. I won't know necessarily until it is installed. And some commands have changed as of MySQL 5.7
14:43 babilen Routh: Wouldn't you set the version to install in pillars there?
14:44 Routh babilen: It's not currently required in the mysql-formula - You could just ask for latest available by default
14:44 babilen I mean at one point this must be communicated and you could use that information.
14:44 DarkKnightCZ joined #salt
14:44 babilen What have they done to that beautiful formula?!
14:44 babilen :)
14:45 Routh :)
14:45 GordonTX joined #salt
14:45 Routh Ideally I'd just like to fool proof my fix. If it's 5.7 on a redhat distro, we need to run mysqld --initialize-insecure before the service is started, or we're locked out by random password.
14:46 Reverend RHEL<3\
14:46 Routh But that command option does not exist pre 5.7
14:46 babilen Routh: Wouldn't you rather implement that in a execution module?
14:46 flowstate joined #salt
14:46 Routh babilen: Perhaps - salt-formula newb here, just trying to fix what I can to help the community.
14:46 babilen I mean there are ways to get the version programmatically and you could load different execution modules based on that information (virtual function)
14:46 babilen right
14:47 Routh babilen: Point me to a doc? I'll read up on what is required and implement.
14:48 babilen Routh: Could you say one or two more words about what you want to achieve?
14:49 Routh Well, I created an initialize state in the server.sls for mysql-formula. I want an if statement to cause that to be required if the OS is RHEL and the MySQL version is >= 5.7
14:49 Routh *required by the service.running state.
14:49 babilen What kind of initialisation is that?
14:51 Routh It runs the command mysqld --initialize-insecure before the service is started. In the new MySQL if the service starts and detects that the DB is not initialized, it calls mysqld --initialize ; which generates a random root password and logs it.. but in my experience, it often isn't logged. So we end up locked out and the formula breaks
14:52 babilen Right and you would only run this on MySQL 5.7 ?
14:52 Routh --initialize-insecure doesn't gen a root password, allowing Salt to set it.
14:52 babilen pkg.version would be fine then
14:52 Routh Awesome. Thank you sir.
14:55 racooper having a bit of weirdness with a highstate call. I'm recursively copying a directory of local python modules. every time highstate runs it tries(?) to re-copy them.
14:55 racooper I'm just using a file.recurse, and haven't seen this behavior before.
14:55 babilen http://refheap.com, http://paste.debian.net, https://gist.github.com, http://sprunge.us, …
14:57 raspado joined #salt
14:59 onlyanegg joined #salt
15:00 NightMonkey joined #salt
15:01 racooper https://gist.github.com/racooper/4a90695f9c8ffd916970120be4b7ac8d
15:02 racooper in the gist, the rsyslog-configs-dir does not try to re-copy on a highstate, while python-local-modules does.
15:02 NightMonkey joined #salt
15:02 tiwula joined #salt
15:03 mikecmpbll joined #salt
15:04 mikecmpbll joined #salt
15:06 perfectsine joined #salt
15:08 cyborg-one joined #salt
15:14 jmedinar joined #salt
15:16 sp0097 joined #salt
15:16 jmedinar Hi All ... Is there a way to execute a state at the command line targeting all the minions ( \*) .... but code inside the state so it always avoid execution in a few particular minions? like a black list?
15:18 fxdgear joined #salt
15:20 DarkKnightCZ joined #salt
15:23 JPT jmedinar: You could use compound matching when addressing the minions to exclude minions directly. salt -C '* and not foobar.example.com' (not sure if the switch was -C, but that should be stated in the manpage)
15:24 johny hey everyone! I'm trying to use the logrotate-formula (https://github.com/saltstack-formulas/logrotate-formula) but it's simply not installing the configuration I've requested, without any failure. Please see my output here http://pastebin.com/Kw5aTFYe
15:25 jmedinar Thanks JPT I know that. But as a security measure. Is it possible to ensure from within the state that it will be only executed in a few minions?
15:25 jmedinar so far I have used grains to target with IF not those minions I want to exclude
15:25 johny I've also tried enabling debug mode on the salt master and looking at logs on both sides, nothing useful. The state just claims the directory is already in the right state
15:25 JPT jmedinar: In that case, you may want to use jinja templating to generate the states yourself. Then you can include grains and pillar data
15:25 Reverend anyone here got some python skillage?
15:26 jmedinar and works! but now I am looking for a cleaner way to avoid the output from all other minions
15:27 johny the "jobs.sls", which apparently doesnt get executed for me, includes this line https://github.com/saltstack-formulas/logrotate-formula/blob/master/logrotate/jobs.sls#L6 so I wonder if there's something I'm not doing correctly which results in it not being executed
15:27 jmedinar maybe an {% else %} continue or ignore something like that
15:29 perfectsine joined #salt
15:31 whytewolf jmedinar: what output are you looking to avoid?
15:31 rem5 joined #salt
15:32 jmedinar the one that is generated from ALL the other minions basically just showing that nothing happened
15:32 whytewolf jmedinar: but yes an else with a test.nop state would avoid any error messages a blank state file would cause
15:32 jmedinar Succeeded: 0 Failed:   0
15:32 johny in the logrotate front, apparently downloading the state and adding "include: .jobs" in the "init.sls" actually makes it work... wth
15:32 whytewolf oh, you can't get around that
15:33 jmedinar so I have a lot of minions.... and I want the results from two of them not 300... and works fine but I have to scroll back every time I execute the state
15:33 whytewolf you told it to do something. just because it doens't have states doesn't mean it isn't going to return
15:34 whytewolf if you only want the states to run on two of the nodes, only run it on two of the nodes.
15:36 jmedinar yeah that will be the best scenario I know.. targeting correctly... problem is I have a lot of non so experienced admins that might try to execute something to ALL so... just trying to protect all possible scenarios
15:38 whytewolf jmedinar: if they run it on everything then the jinja will protect from it running everywhere. but there isn't a way to disable it telling you nothing ran because well it did exactly what it was told to do. the Succeeded: 0 Failed:   0 is the min. that can be outputed
15:39 jmedinar yeah understood thanks JPT and whytewolf!
15:40 whytewolf it would be better easier to teach the inexperences admins the correct methods
15:40 NightMonkey joined #salt
15:41 jmedinar hehe I keep trying... but you know! ... Life!
15:41 beowuff joined #salt
15:41 whytewolf well, in this business if they are not learning on a job, they should be learning form an unemployment line
15:42 whytewolf there are to many good admins that go with out work.
15:43 cscf Is it ok for a state folder to not have an init.sls, and just call 'nextcloud.http' etc directly?
15:43 whytewolf cscf: yes
15:43 jmedinar true
15:44 Tanta too many good admins without work?
15:44 Tanta you must be kidding, or living somewhere very different
15:45 jmedinar I will rephrase that "Too many good admins looking for better opportunities"... the bad ones should be on the bench learning to grow
15:46 whytewolf Tanta: i have seen quote a few experenced admins get passed up because it would cost to much. so they go with a cheaper less experence keyboard monkey instead.
15:46 whytewolf s/qoute/quite
15:48 whytewolf least when i worked at the paper in town and actually was part of the interview process. most of the people that actually knew enough to not need to have their hand held for working with the technology we had. cost more then the paper was willing to pay. so we always had to go with someone farther down our list of canidates
15:48 bluenemo joined #salt
15:49 perfectsine joined #salt
15:49 Tanta that stinks, the market where I live (DC) has exploded over the past few years, people are asking for big salaries but there's only a handful of available people
15:50 whytewolf which is why we ended up with a DB with an impressive "resume" that ended up making changes that compleatly broke our sybase install. and didn't actually test them to see if they work. OR restart sybase after the changes. so when we had an outage and were forced to restart sybase.
15:50 whytewolf we ended up there for another 6 hours trying to track down a problem cause she also didn't fess up to any changes.
15:51 whytewolf worst DBA i have ever worked with
15:52 jmedinar well... I faced DBA with root access that once did a rm -rf / my folder (notice the blank space between the slash and the name of the folder) LOL
15:52 barmaley joined #salt
15:53 jmedinar that was a whole week of fight to recover from that and to convince upper management to remove root access from everyone
15:54 Tanta I share root access with my boss and the CTO, that's it
15:54 Tanta the downside is that if something does get screwed up and it wasn't me, I have an awkward conversation ahead
15:55 jmedinar true
15:55 whytewolf true true
15:56 DEger joined #salt
15:58 raspado joined #salt
15:59 onlyanegg joined #salt
16:00 ageorgop joined #salt
16:01 Sarphram joined #salt
16:12 tapoxi joined #salt
16:16 quantumquine joined #salt
16:17 quantumquine Is there a way to use another minion's grains in a template?
16:18 whytewolf quantumquine: https://docs.saltstack.com/en/latest/topics/mine/
16:18 lovecraftian joined #salt
16:18 lovecraftian joined #salt
16:19 bltmiller joined #salt
16:23 quantumquine Thanks. I was not sure if it's necessary to use the mine if the value already exists in grains, but it makes sense to separate them conceptually.
16:23 mors joined #salt
16:23 bltmiller joined #salt
16:25 woodtablet joined #salt
16:25 PerilousApricot joined #salt
16:25 flowstate joined #salt
16:28 edrocks joined #salt
16:31 Trauma joined #salt
16:31 heaje joined #salt
16:35 NightMonkey joined #salt
16:36 nidr0x joined #salt
16:40 ozux joined #salt
16:43 Salander27 joined #salt
16:43 ozux joined #salt
16:45 DarkKnightCZ joined #salt
16:55 druonysus joined #salt
16:57 sp0097 joined #salt
17:04 pipps joined #salt
17:05 pipps joined #salt
17:34 dyasny joined #salt
17:36 flowstate joined #salt
17:37 ssplatt joined #salt
17:49 pipps99 joined #salt
18:02 hemphill joined #salt
18:02 impi joined #salt
18:04 flowstate joined #salt
18:04 bltmiller joined #salt
18:04 hemphill joined #salt
18:05 sjmh joined #salt
18:07 ThomasJ joined #salt
18:10 onlyanegg Which pillars does the orchestrate runner have access to?
18:12 fredrick joined #salt
18:13 GreatSnoopy joined #salt
18:13 flowstate joined #salt
18:13 NightMonkey joined #salt
18:17 mikecmpbll joined #salt
18:23 nexus joined #salt
18:24 m4rx joined #salt
18:26 mors I am attempting to do user management w/ salt in the style of what they did here: https://clinta.github.io/Salt-User-Management/
18:26 ssplatt joined #salt
18:27 mors if I do a salt <host> state.sls <pillar>.usermanagement it is successful, but fails if I do a highstate..
18:27 logan_ joined #salt
18:29 mors says state 'users' in SLS '<pillar>.usermanagement.<userdefinition>' is not formed as a list during highstate
18:33 babilen mors: Hard to help without seeing actual data, but why don't you use https://github.com/saltstack-formulas/users-formula ?
18:34 NightMonkey joined #salt
18:35 mors github is not allowed in my environment
18:35 mors gotta love corporate america
18:35 Sketch mors: your pillar is probably not formatted properly
18:35 mors what actual data would you need to see?
18:36 mors sketch: then why would running the specific state work, but not the highstate?
18:36 Sketch oh, i missed that bit.  that is odd :)
18:37 mors right now, I have 2 users defined in an sls file. the init file for that directory loops through to create users
18:38 jmedinar joined #salt
18:38 mors basically the "Add users" portion of the link I posted.. no ssh-keys stuff
18:39 jmedinar Is possible to send parameters to a state that is being called in other state via include statement?
18:39 jmedinar something like ...   salt 'target' state.sls mysls pillar='{foo: "Foo!"}'
18:39 babilen mors: That's ridiculous
18:39 babilen (seriously -- salt is on GH)
18:40 babilen I mean .. clone it locally and just use it
18:40 jmedinar but more like..... include:: - state.any pillar='{foo: "Foo!"}'
18:40 babilen There is no reason why the state.sls would work while the highstate wouldn't
18:41 Sketch one thing... "salt <host> state.sls <pillar>.usermanagement" ... shouldn't <pillar> be something other than your pillar location?
18:41 Sketch not sure that would affect highstate at all
18:42 Sketch i thought the point of pillars was to separate "secure" data from regular states
18:43 babilen You can't call pillars with state.sls
18:43 babilen Lets see a minimal example of an actual state with actual data
18:43 Sketch that too, that's probably just an organizational issue
18:45 mors I can't use IRC from work either
18:45 mors but if I do:
18:45 mors salt <host> state.sls workstation.usermanagement
18:46 mors Summary is Succeeded: 5; Failed: 0; Total states run: 5
18:46 whytewolf you know. I used to get that "you arn't supposed to use irc from work" a lot. I always found a loop hole
18:46 sjmh irc is dangerous!
18:46 sjmh :X
18:46 whytewolf mainly ssh into a box at home and use IRC from there
18:46 mors whyte: both of those would get me fired.
18:46 babilen mors: You are aware that that blog post is a poor man users-formula?
18:46 babilen mors: Could it be that you are using environments?
18:47 mors I am using environments, yes
18:47 babilen Okay .. count me out
18:47 sjmh is there a way to get a somewhat updated list of what minions have connected 'recently'?
18:47 whytewolf enviroments? forget that
18:47 sjmh was thinking of using a reactor on key auth events and touching some files for each minion name, then removing keys based off ones that haven't been touched in awhile
18:48 sjmh I know there's some thorium/beacon stuff coming out in carbon
18:48 mors sorry, not environments. I am using nodegroups there
18:49 mors sjmh: depending on log level, the master's logs will tell you when hosts connect
18:49 mors sjmh: there's also netstat
18:49 sjmh mors : yeah, too many minions to do anything other than info on our master.
18:50 sjmh netstat may not be bad, would have to do the translations from IPs to minions tho
18:50 mors netstat will give incomplete hostnames
18:51 mors a little awk or sed foo will give you what you need
18:51 whytewolf salt-run manage.joined will let you know what servers salt knows are up based on salts presence detection
18:51 sjmh again, too many minions to do that many lookups and not all hosts will resolve, to better to do IP
18:51 mors fix dns
18:51 sjmh mors : it's 27,000 minions.
18:52 mors that don't have dns records?
18:52 sjmh no, but there's a few thousand that probably don't have reverse, and I'm not in charge of all those hosts.
18:52 mors are you running multi-master?
18:52 sjmh no
18:53 babilen whytewolf: Presence detection has been broken for a while: https://github.com/saltstack/salt/issues/33466
18:53 saltstackbot [#33466][OPEN] Offline minions are still reported as being present by the event system | Description of Issue/Question...
18:53 ivanjaros joined #salt
18:54 whytewolf babilen: ahh, did not know that.
18:54 mors so, no one has any idea on my highstate vs state.sls issue?
18:54 whytewolf good thing it isn't something i used
18:54 whytewolf mors: your problem comes down to not enough information to go on
18:54 babilen mors: Create a minimal example that shows the problem and paste it to one of http://refheap.com, http://paste.debian.net, https://gist.github.com, http://sprunge.us, …
18:54 babilen It could be anything
18:55 babilen There's nothing wrong with the poor mans stolen bits of users-formula
18:55 toanju joined #salt
18:55 ivanjaros3916 joined #salt
18:55 sjmh babilen : is there something else you do to detect presence in your setup then?
18:55 babilen But, given that salt is on GH and you are allowed to use salt and obviously code from random blog posts, why can't you use the users-formula?
18:56 babilen sjmh: I would have loved to use presence events, but they are not working unfortunately (see my bug report)
18:56 mors all of those sites are proxy blocked :)
18:56 babilen Not that it got much attention since
18:56 babilen mors: You would obviously copy it to a local repository
18:56 sjmh babilen - sure, was just wondering if you did something as a workaround
18:56 mors I get salt from the official repos
18:56 sjmh like a reactor based off key re-auths
18:56 whytewolf well there is always manage.up but with 27,000 minions thats going to take awhile
18:57 babilen sjmh: I decided for presence events to get fixed .. but now that I think about it that might take a while
18:57 sjmh whytewolf : yeah, manage.up is just doing test.ping anyways
18:57 babilen sjmh: I had planned to use manage.present, but use manage.up
18:57 babilen Would have loved to use something more performant though
18:58 mors what info do you want? the init.sls, user.sls, and what else?
18:58 sjmh babilen : same.  I was looking at maybe seeing if anything in the cache dirs would expire and check on that, but we don't use mine.
18:59 whytewolf well since the issue is with highstate, i would say also need top.sls and at least a bit of pillar data that you are trying to use
18:59 whytewolf [sanatized of coarse]
19:00 flowstate joined #salt
19:00 babilen sjmh: Maybe comment in there .. saltstack is focusing on fixing bugs, but there simply are too many. If you want to help with this then attract attention :)
19:00 sjmh Maybe something that actually expired all the cached data for minions eventually would be nice as well..
19:01 chadhs joined #salt
19:02 mors babilen: you just found my problem lol
19:02 babilen Am I the new rubber duck?
19:03 babilen Please tell!
19:03 mors its the way I'm referencing the user list
19:03 babilen So, how do you do that?
19:03 mors not where I was referencing it in the top file
19:03 babilen Over here we just target "- users" everywhere and then work with pillar data
19:04 mors I have multiple pillars, and can't have global user data
19:04 whytewolf so much easier to target a state, then work with pillar data in the state.
19:05 mors if I did, I'd have conflicting uid on some boxes
19:05 mors and that would not be good
19:05 whytewolf mors: that sounds .. inefficient
19:05 mors I'm going with the terminator defense
19:05 mors I didn't build the fuckin thing
19:06 whytewolf then it should be terminated
19:06 mors its a "segregated environment" within the organization. with the same usernames as the rest of the organization.
19:06 TyrfingMjolnir joined #salt
19:08 babilen mors: How do you survive?
19:08 whytewolf agreed. that sounds like a nightmare
19:08 mors babilen: lots of alcohol
19:08 babilen I'm so sorry ..
19:08 xmj like most people in our field..
19:09 Roelt and happy beeing miserable
19:09 mors my kahlua:coffee ratio is 1:1
19:09 babilen Which is unfortunately true ..
19:09 xmj tasty
19:09 whytewolf I cuddle a rum bottle at night. but that is beside the point
19:09 babilen But all this is hard enough if you have access to resources, brilliant people on IRC and code on GH.
19:10 Sketch i think if i couldn't irc from work, i would find a new job
19:11 babilen yeah
19:11 xmj enough jobs these days come with slack
19:11 mors sketch: I *could* irc from work
19:11 xmj i always hassle them to enable the irc exporter
19:11 mors just ssh home and irc
19:11 Sketch yeah, i ssh to my vps and irc anyway
19:12 xmj mors: hence you can also access github
19:12 xmj mors: no problem
19:12 Sketch i never irc directly from work (well, except when i worked for an ISP and my VPS was at my ISP)
19:12 mors however, if I get caught doing it, I get fired on the spot.
19:12 Sketch yeah, that seems bad :)
19:12 whytewolf at the bank I'm lucky, we have a no IRC rule also, however I work from home and have a second computer compleatly unlinked to my work computer i can IRC from
19:12 mors whyte: that's what I'm doing right now
19:12 babilen sjmh: But I'm sure that you have good reasons for that setup. In a way I would recommend to "look" at the users-formula just like you looked at that blog (which is a crude rip off)
19:13 sjmh o.O i think you mean mors
19:13 babilen sjmh: The beauty of the users formula is that it is one of those few areas that are entirely data/pillar driven
19:13 babilen YES!
19:13 babilen Sorry
19:13 babilen mors: ^^^
19:13 whytewolf lol, speaking of alcohol guess it is time for babilen to cut back ;)
19:13 xmj nah, add moar
19:14 * babilen will have a beer
19:14 mors I have to deal with dynamically adding and removing users to multiple roles.. just creating individual user definitions is a pain
19:14 xmj reminds me, are any of you per chance looking for contractors?
19:15 babilen mors: Aren't roles just the combination of individual users?
19:15 babilen (pillars merge nicely)
19:15 mors babilen: each role has different privileges on different hosts
19:15 whytewolf so groups
19:15 babilen mors: So target the basic accounts and then have additional pillars with those extra privileges
19:16 babilen All merged together: complete picture
19:16 babilen But then .. LDAP might be a different approach here
19:16 mors I'm forced to use kerberos and local users.
19:16 whytewolf ... why .... that seems backwords
19:17 babilen But you don't have to send pidgeons from the master to your minion?
19:17 mors I tried to get permission to migrate to ldap.
19:17 babilen Which sounds like a great idea
19:17 babilen (in particular if you have such a fine-grained access scheme to model)
19:17 mors yes, I have to use cptcp for data transmission :p
19:17 whytewolf humm, PDP
19:17 xmj babilen: RFC 1149 style?
19:18 mors xmj: precisely
19:18 mors avian carrier transfer protocol
19:18 babilen Exactly like that, yes
19:18 mors cptcp/ip
19:18 whytewolf IPoA
19:18 mors was the original name I believe
19:19 pipps joined #salt
19:20 mors well, thanks for pointing out where I was being dumb, babilen.. I'm going to go get some food to absorb the alcohol
19:20 babilen mors: Either way: The point I wanted to make is that relying on pillar merging is a great start. Up to a certain scale it workes nicely, but then you will probably start looking into external pillars or pillars written in Python (that do whatever is necessary)
19:22 spuder joined #salt
19:22 jmedinar joined #salt
19:22 bltmiller joined #salt
19:22 babilen You can split pillars into as many files as you want and just pick 'n mix
19:24 sjmh so, the presence stuff seems entirely dependent on the minion data cache, and if whether it has grains or not for the minion.
19:25 sjmh which, as far as I know, don't expire and are not removed when a minion goes down.
19:27 pipps joined #salt
19:27 jmedinar Question... When passing parameters to a state as follows " salt target state.sls some pillar='{"location": "/some/path"}' "
19:28 jmedinar will this work " {% if salt['file.directory_exists']({{pillar['location']}}) %} "
19:28 babilen no
19:28 babilen Don't use {{ within {% (or nest them)
19:28 ekristen joined #salt
19:29 jmedinar babile ... :D that did the trick! thanks
19:29 jmedinar s/babile/babilen
19:30 ssplatt joined #salt
19:30 babilen :)
19:32 raspado hi all... have a unique situation, were cutting over to a new host so I need to manually override the minion cache, specifically a python module which is called by salt's scheduler. So I've modified the state file in /var/cache/salt/minion/files/prod/_modules/backup.py but the minion is still somehow calling the old backup.py
19:32 raspado anyway I can override the cache on the salt minion? I did disable the highstate scheduler so it doesnt pull the backup.py from master
19:37 fredrick joined #salt
19:39 pipps joined #salt
19:39 babilen Can't you put your new backup.py in _modules somewhere in file_roots or what am I missing here?
19:43 edrocks joined #salt
19:44 raspado babilen: within the minion?
19:44 babilen No, on the master
19:44 babilen Well .. where your salt state tree is being handled
19:45 raspado oh thats the thing, if i do, then 500+ minions will get the new backup.py script
19:45 raspado they all have a highstate schedule to run every 15 minutes
19:45 babilen And that's a bad thing?
19:46 raspado it could be, im testing a change before i push it out, its a production environment
19:46 * babilen hands raspado one vagrant
19:46 pipps joined #salt
19:47 raspado ive already tested it but now were trying to target one production host
19:47 raspado to sign off
19:50 babilen I'm not aware to target execution modules in _modules more specifically .. :-/
19:50 babilen *how to
19:52 raspado do the scripts get cached in memory?
19:52 barmaley joined #salt
19:54 Armadillo joined #salt
19:55 raspado ah got it to work
19:55 babilen How?
19:56 raspado modifying the cache in /var/cache/salt/minion/extmods/modules as opposed to /var/cache/salt/minion/files/prod/_modules/
19:57 babilen aye
19:58 cro joined #salt
19:58 DammitJim I think I have asked this in the past, but how do you guys group your minions?
19:58 DammitJim like I know I have a set of minions that are for 1 client
19:58 DammitJim but then I have minions that are mysql servers
19:58 DammitJim then I have minions that are test servers and others that are production
19:59 DammitJim is this something that normally goes on the master or on the minions as grains, nodegroups, or pillar?
20:03 pipps joined #salt
20:03 Derailed joined #salt
20:07 flowstate joined #salt
20:08 hoonetorg joined #salt
20:08 geomacy joined #salt
20:09 geomacy joined #salt
20:12 DEger joined #salt
20:14 beowuff joined #salt
20:16 whytewolf sigh, turning down SRE at google. what exactly am i doing with my life
20:16 majuscule how can i list the instances with a given role?
20:17 spuder_ joined #salt
20:17 notnotpeter joined #salt
20:17 whytewolf majuscule: depends on ho you assignd the role. but bassicly amounts to targeting the role with a test.ping
20:19 flowstate joined #salt
20:19 majuscule trying to figure that out as well :-/ reading https://docs.saltstack.com/en/latest/topics/targeting/ but it is not immediately clear
20:19 whytewolf majuscule: how did you assigne the roles? grains or pillars?
20:20 DEger joined #salt
20:20 whytewolf if it is grains then salt -G 'roles:<role>' test.ping
20:20 bowhunter joined #salt
20:22 flowstate joined #salt
20:24 majuscule thanks whytewolf, that works somewhat, i was stupidly missing the -G flag. still getting oddly sparse results when filtering down
20:24 majuscule how would i search for a role applied via pillar?
20:25 whytewolf -I
20:26 DEger joined #salt
20:26 whytewolf or you can search both with -C 'G@roles:<role> OR I@roles:<role>'
20:29 pipps joined #salt
20:30 Brew joined #salt
20:32 pipps joined #salt
20:32 Skaag joined #salt
20:35 drew__ joined #salt
20:35 pfallenop joined #salt
20:36 pipps joined #salt
20:38 pipps99 joined #salt
20:40 pipps99 joined #salt
20:41 spuder joined #salt
20:42 ekristen joined #salt
20:43 ahammond I'm trying to use salt-cloud to spin up an instance. It's failing. I checked the debug logs and see that it's attempting to connect over IPv6. Is there any way to tell it to use IPv4?
20:43 ahammond Because... while IPv6 is cool and the future and all that, IPv4 actually works.
20:46 ahammond Maybe I can remove the IPv6 address from my salt master? Sigh. Barf.
20:46 Skaag ahammond: I resent your previous message about IPv6 not working
20:46 Skaag ahammond: you can disable ipv6 on your machine, especially if you aren't using it
20:46 Skaag you can do this via sysctl.conf for example
20:47 ahammond Skaag: [DEBUG   ] Retrying connection to host 2604:A880:0800:0010:0000:0000:1978:7001 on port 22 (try 761)
20:47 ahammond [DEBUG   ] Caught exception in wait_for_port: [Errno 101] Network is unreachable
20:47 ahammond this is an AWS salt master.
20:47 ahammond trying to spin up a minion in Digital Ocean.
20:47 Skaag yah, you can still disable ipv6 on it
20:47 ahammond so... there could be routing issues between AWS and DO
20:47 ahammond (AWS routing seems to be pretty flaky these days)
20:48 Skaag everything's possible, but you can't categorically say ipv6 isn't working :)
20:48 chadhs joined #salt
20:48 ahammond but picking IPv6 address as the default when an IPv4 address is available: priceless.
20:50 jmedinar joined #salt
20:51 ahammond is there a way to configure salt-cloud to make the conservative choice?
20:53 pfallenop joined #salt
20:58 Skaag I think you'll find this isn't uniquely a salt-cloud issue
21:00 ahammond Skaag sure, however I expect salt-cloud, as a devops tool, to make conservative choices. Choosing IPv6 over IPv4 is not a conservative choice.
21:01 rypeck joined #salt
21:01 pipps joined #salt
21:03 pipps_ joined #salt
21:04 pfallenop joined #salt
21:05 whytewolf ahammond: basicly salt "Obeys system preference for IPv4/6 address resolution."
21:05 ahammond whytewolf that makes sense.
21:06 whytewolf so get your system to perfer ipv4
21:06 subsignal joined #salt
21:07 whytewolf https://community.rackspace.com/products/f/25/t/5110
21:15 jmedinar joined #salt
21:15 ahammond whytewolf just tried those directions and got the same result.
21:15 ahammond that looks like it's DNS related.
21:16 whytewolf ahammond: it is.
21:16 whytewolf and thats the problem. your getting AAAA addresses preferenced over A addresses
21:17 ahammond whytewolf no, I'm not getting addresses at all.
21:17 ahammond or at least not through DNS. :)
21:17 shaker joined #salt
21:17 ahammond this is salt-cloud, it gets the IPs by querying the cloud provider.
21:17 ahammond and it's getting the IPs correctly, but it's choosing to connect over IPv6 (and failing) rather than IPv4.
21:18 shaker hey all, quick question, i have a task in my state file that can fail but i dont want my whole state execution marked as a failure
21:18 shaker is there an option for that?
21:18 ahammond shaker there are ways to code around that, but salt will report that a state with failing components failed.
21:19 ahammond the way around it is effectively cmd.run "do stuff || true"
21:19 shaker @ahammond, thanks for the reply
21:20 whytewolf ahammond: are you talking about when it tries to actually ssh into a host after it creates it so that it can setup salt?
21:20 whytewolf though you were talking about actually talking to dreamhost
21:20 ahammond whytewolf yes
21:20 ahammond nope, it's communicating with the provider just fine. :)
21:21 shaker @ahammond, does a failure automatically make the minions report a nonzero code?
21:21 shaker i.e.:
21:21 shaker ------------- Succeeded: 12 (changed=7) Failed:     1 ------------- Total states run:     13 ERROR: Minions returned with non-zero exit code
21:21 ahammond shaker yes
21:21 whytewolf wait, was it dreamhost or digital ocean... my mind just failed me
21:21 ahammond Digital Ocean.
21:22 ahammond I'm betting it'll repro for any provider which provides both IPv4 and IPv6
21:22 shaker hmm, so there is no way to mark a failed state as ignoreable in salt but ORing with true is the workaround?
21:22 whytewolf ahammond: I know it doesn't, my openstack setup is both but i have controll based on network settings in the openstack driver
21:23 m4rx joined #salt
21:23 ahammond shaker since what you're asking to do would violate the fundamental design of the state system... no, it's not available as an option. You could of course write your own custom state which ignores failure.
21:24 whytewolf ohhhk thats odd
21:24 whytewolf directly from the digital_ocean.py file
21:24 whytewolf # add DNS records, set ssh_host, default to first found IP, preferring IPv4 for ssh bootstrap script target
21:25 whytewolf https://github.com/saltstack/salt/blob/develop/salt/cloud/clouds/digital_ocean.py#L487
21:27 whytewolf also https://github.com/saltstack/salt/blob/develop/salt/cloud/clouds/digital_ocean.py#L1334 is setup to grab v4 addresses first
21:28 shaker @ahammond, thanks for the help!
21:28 * ahammond reads the fine source
21:28 whytewolf ahammond: what version of salt are you running maybe it was a bug that was fixed
21:28 ahammond 2016.3.3
21:29 ahammond https://github.com/saltstack/salt/issues/36308
21:29 saltstackbot [#36308][OPEN] salt-cloud defaults to IPv6 rather than IPv6 | Description of Issue/Question...
21:29 * babilen is missing one ipv4 in there
21:30 ahammond I see this in the log: Found public IP address to use for ssh minion bootstrapping: 45.55.78.184
21:30 ahammond and then, inexplicably, this: Deploying 2604:A880:0800:0010:0000:0000:1978:7001 at 1473885152.0
21:31 whytewolf yeah thats odd. it knows it should use the ipv4 address. but guns for the ipv6 address
21:31 euidzero joined #salt
21:33 whytewolf try this in your provider ipv6:false
21:34 whytewolf just going off of this https://github.com/saltstack/salt/blob/develop/salt/cloud/clouds/digital_ocean.py#L385-L392
21:35 ahammond will do.
21:37 whytewolf although. if that works, defintly keep your bug open. there is defintly something wrong with that
21:38 ahammond whytewolf nope
21:39 whytewolf same thing, still getting an ipv6 address?
21:40 ahammond I put that in /etc/salt/cloud.providers.d/digital_ocean.conf and yes, exact same behavior
21:40 whytewolf well i found where it might be switching the ip from the ipv4 to the ipv6. but i don't see the why
21:40 whytewolf https://github.com/saltstack/salt/blob/develop/salt/cloud/clouds/digital_ocean.py#L507-L510
21:41 whytewolf 507 is were it displays the correct ipv4 address
21:41 ahammond I also see something about switching to a v2 of the DO driver
21:41 ahammond https://github.com/saltstack/salt/commit/c10453e8446f45157a148f5c1f8c46d9d65e4896
21:41 whytewolf but then that address is saved from what ever is in ip_address in line 510
21:42 ahammond doesn't look like the switch is relevant.
21:43 whytewolf yeah almost none of the part we are looking at is touched in the v2 setup
21:48 teryx510 joined #salt
21:49 pfallenop joined #salt
21:50 ahammond I'm looking at changes to the file and https://github.com/saltstack/salt/commit/e61b04a707331f2a9913aee36f0627a5aaebcc8f has a lot of change. What do you bet...
21:52 whytewolf sonva ... forgot to change the tag to 2016.3.3 been looking at the wrong code
21:52 ahammond yup, line 480 is a merge error.
21:53 whytewolf yeap, it introduced the line i was wondering about
21:54 ahammond I'll test (in production, of course, because, hey, it's already broken) and submit PR
21:56 ahammond yup, that's it.
21:57 spuder_ joined #salt
21:57 whytewolf kewl beans
22:00 woodtablet left #salt
22:02 flowstate joined #salt
22:04 ahammond who do I bug to get this merged into 2016.3 and devel?
22:04 beowuff joined #salt
22:07 whytewolf you did your PR against 2016.3 branch? if so all you have to do is pretty much beat the next code freeze
22:07 whytewolf it will get merged forward when they do the next merge
22:08 pipps joined #salt
22:08 geomacy joined #salt
22:09 teryx510 joined #salt
22:17 spuder joined #salt
22:18 tmkerr joined #salt
22:20 majuscule grains should automatically update on a highstate right?
22:27 whytewolf majuscule: in thoery. but if you are talking custom grains it is typically safer to call saltutil.sync_grains before hand
22:28 flowstate joined #salt
22:30 woodtablet joined #salt
22:32 pipps joined #salt
22:33 majuscule thnaks whytewolf , one more question, is it possible to quiet salt when calling grains.item?
22:33 majuscule when i call grains.items a:b:c i do not need any output except the value of c
22:33 majuscule everything else gets in the way and i'm not sure why it insists on printing out the heirarchy
22:35 majuscule hostname is relevant when calling on multiple nodes i suppose, but that's all
22:35 whytewolf use grain.get?
22:35 majuscule much better, thanks again!
22:36 whytewolf np
22:43 woodtablet left #salt
22:47 Edgan whytewolf: Not wanting to be an SRE at Google. Not paying enough? Want better life/work balance? Don't want to be just another cog in the machine?
22:48 whytewolf Edgan: don't want to have to move to california or pittsburgh. plus I hear the leave the industry burn out rate for their engineers is through the roof.
22:50 Edgan whytewolf: ah
22:52 bltmiller joined #salt
22:59 bltmiller joined #salt
23:01 woodtablet joined #salt
23:10 sjmh whytewolf : good on you.  I hated the SRE interview.
23:11 tapoxi joined #salt
23:12 Edgan sjmh: what did you hate about it?
23:12 sjmh Edgan : It's a terrible way to interview people
23:14 sjmh Edgan : it's basically an 8-10 hour session of technical questions - some of which you may/may not have any experience whatsoever in.  They are just pulled from a list.
23:17 whytewolf that sounds like the interview for amazon i went through 5 years ago. they flew me to seattle. i spent the next several hours with 5 different levels of people asking questions. a lot of which had nothing to even do with the job i was interviewing for.
23:17 sjmh Yeah, although I did a tech interview w/ AWS recently ( the phone portion, I passed when offered the flight to go onsite ), and it was quite good
23:18 sjmh Wasn't just questions pulled from a list - the guy had me talk about stuff and then based his next questions based on what I was telling him
23:19 sjmh Google's SRE questions would be like 'So have you used awk?', 'Not in a really long time', 'Ok, so heres this awk question..'
23:19 sjmh Not that they asked about awk, but just as an illustration
23:20 sjmh Was years ago though, maybe it's been fixed
23:20 whytewolf hehe i use awk a lot and probley wouldn't be able to answer half the questions off a list someone asks
23:20 whytewolf there is just so much to it
23:20 pipps joined #salt
23:21 sjmh whytewolf haha.
23:22 sjmh yeah.  There are just so many better questions than asking about how well you know command line tools
23:23 ninjada joined #salt
23:24 whytewolf honestly sometimes the tech questions are not what is important. a monkey can learn to use the tools. but is a monkey going to handle the presure of the entire database being offline and the C*Os hanging out over his shoulder while the DBA has lost his shit and is dancing nakid in the datacenter?
23:27 flowstate joined #salt
23:28 whytewolf that was the worst part of working at a newspaper. everything can be fine for most of the day. but if everything isn't working great at 2am. the paper doens't go out. if the paper doesn't go out. someone doesn't have a job in the morning
23:29 whytewolf [corase what they don't say is that all you really need to do is get the ad database working and they will run a paper that is 100% ads]
23:29 sjmh lol
23:31 whytewolf sometimes i miss that paper. was fun and interesting. full of challenges. and one of the least regulated companies i have done engineer level work for
23:32 nicksloan joined #salt
23:32 whytewolf coarse now sheldon adelson owns it so it is good i got out of there a long time ago
23:36 edrocks joined #salt
23:38 bltmiller joined #salt
23:48 chadhs joined #salt
23:56 ninjada joined #salt
23:56 cro joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary