Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2016-09-21

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:11 badon joined #salt
00:22 ashmckenzie joined #salt
00:30 spuder joined #salt
00:30 pipps joined #salt
00:31 woodtablet left #salt
00:39 flowstate joined #salt
00:44 John_Kang joined #salt
00:44 dendazen joined #salt
00:47 John_Kang ascii GM
00:47 cmek joined #salt
00:48 sp0097 joined #salt
00:51 ageorgop joined #salt
01:03 west575_ joined #salt
01:11 cmek joined #salt
01:20 foundatron joined #salt
01:23 kusen joined #salt
01:27 cyborg-one joined #salt
01:31 rem5 joined #salt
01:32 flowstate joined #salt
01:32 catpigger joined #salt
01:39 nethershaw joined #salt
01:41 DEger joined #salt
01:48 ilbot3 joined #salt
01:48 Topic for #salt is now Welcome to #salt! | Latest Versions: 2015.8.12, 2016.3.3 | Support: https://www.saltstack.com/support/ | Logs: http://irclog.perlgeek.de/salt/ | Paste: https://gist.github.com/ (please don't multiline paste into channel) | See also: #salt-devel, #salt-offtopic | Ask with patience as we are volunteers and may not have immediate answers
01:53 fannet joined #salt
02:00 MK_FG joined #salt
02:01 pipps joined #salt
02:03 Sammichmaker joined #salt
02:05 blu__ joined #salt
02:08 ageorgop joined #salt
02:12 flowstate joined #salt
02:13 sjmh joined #salt
02:15 chutzpah joined #salt
02:21 rem5 joined #salt
02:24 DEger joined #salt
02:24 onlyanegg joined #salt
02:30 synapse joined #salt
02:30 mpanetta joined #salt
02:36 netcho joined #salt
02:53 bastiand1 joined #salt
02:54 ninjada joined #salt
03:01 subsignal joined #salt
03:11 raspado joined #salt
03:12 flowstate joined #salt
03:20 pipps joined #salt
03:48 sjmh joined #salt
03:57 raspado joined #salt
04:01 nsim joined #salt
04:02 hasues joined #salt
04:03 hasues left #salt
04:10 pipps joined #salt
04:12 nsim Hi, I'm having an issue with reactors where the "pillar" argument to "runner.state.orchestrate" is always null, even when I hard code the value.
04:13 nsim The orchestration works if I call it from the command line directly using salt-run state.orchestrate ...
04:13 nsim Has anyone got any experience with this? https://gist.github.com/nigelsim/580f8f34fbe8db9eae86815e6875415c
04:14 flowstate joined #salt
04:16 sjmh nsim : may not matter, but put two more spaces in start.sls for target_id
04:19 nsim That was it! Thanks sjmh.
04:19 sjmh sure
04:19 sjmh gotta <3 yaml
04:20 nsim Tell me about it. I'm curious what it was interpreting the other one as, if not a dict? It was clearly valid given it didn't throw a parse error
04:21 hemebond A list with a dict.
04:22 hemebond Paste it into http://yaml-online-parser.appspot.com/
04:24 nsim OK, thanks. That site is going to save me in the future.
04:37 netcho joined #salt
04:48 bocaneri joined #salt
05:01 ivanjaros joined #salt
05:03 rem5 joined #salt
05:06 justan0theruser joined #salt
05:06 DarkKnightCZ joined #salt
05:08 jachin0 joined #salt
05:12 Shirkdog joined #salt
05:15 flowstate joined #salt
05:15 badon joined #salt
05:18 rdas joined #salt
05:32 we joined #salt
05:33 we hello
05:34 bbradley joined #salt
05:35 alinuxninja joined #salt
05:35 XenophonF hi
05:40 felskrone joined #salt
05:46 felskrone joined #salt
05:55 fannet joined #salt
06:05 jachin0 Hello, I’m having a hard time getting mongodb_user.present working. Does someone have a working example handy?
06:12 flowstate joined #salt
06:14 babilen No, bt what's the issue? (→ http://paste.debian.net, https://gist.github.com, http://sprunge.us, … )
06:18 jachin0 Here’s an example with part of my sls file and the output… http://paste.debian.net/831311/
06:19 jachin0 I can provide more details too.
06:22 hemebond And I guess you can connect fine with those credentials and that port?
06:22 jachin0 Yep.
06:23 malinoff joined #salt
06:23 hemebond Pillar renders correctly?
06:23 jachin0 I also have a related question… is there a way to debug my sls file by seeing it after all the template have rendered?
06:23 hemebond You might be able to see it by running the minion in debug mode.
06:27 jachin0 I’m using salt-ssh, I tried verbose mode and that didn’t show it. I don’t see a debug flag the salt-ssh —help
06:27 hemebond Oooh
06:28 hemebond salt-ssh --log-level=debug
06:30 jachin0 Nice, yeah that worked (for seeing the rendered sls) and yes, it looks like everything is where it should be.. at least if I’m understanding the docs correctly.
06:32 hemebond The state looks fine. Have you tried using the execution module to do it?
06:33 babilen jachin0: Do you have the necessary dependencies installed on the minion (and your local box) ?
06:33 hemebond pymongo
06:33 hemebond Odd message if it is missing the dependency.
06:33 babilen True
06:34 babilen Anything interesting in the debug log?
06:36 jachin0 yep, pymongo is installed. Initially it wasn’t but I got a helpful error message that got me to install it.
06:37 jachin0 For execution mode… I tried salt.modules.mongodb.user_list … it didn’t work… same error.
06:38 jachin0 I just had a thought, if I’m using salt-ssh, it will ssh into the machine first and then try to authenticate with mongo right? It’s not trying to login directly to mongo from “the outside” right?
06:38 netcho joined #salt
06:39 jachin0 Nothing else I can see helpful in the debug messages. Nothing about mongo or failures until regular summery I would have gotten anyway.
06:43 jachin0 When I run `salt-ssh --log-level=debug crow mongodb.user_list` I get `'command SON([('$eval', Code('db.version()', {})), ('args', ())]) on namespace admin.$cmd failed: not authorized on admin to execute command { $eval: db.version(), args: [] }`
06:44 kusen joined #salt
06:47 ivanjaros joined #salt
06:48 jachin0 Also is it possible salt is only compatable with some versions of mongo?
06:48 ivanjaros3916 joined #salt
06:49 jachin0 Looks like i’m running 2.6.10 and the latest is 3.2.9.
06:50 jachin0 Maybe I should upgrade and see if that works.
06:50 felskrone joined #salt
06:55 DEger joined #salt
06:56 babilen jachin0: Sorry, that doesn't really ring a bell ... but it might be a version issue
06:56 babilen Can you use PyMongo directly?
06:57 babilen http://stackoverflow.com/questions/23943651/mongodb-admin-user-not-authorized
06:58 babilen Which username do you pass?
06:58 jachin0 ohh, that stackoverflow question might be the key… let me try that.
06:58 babilen Did you configure authentication for Mongo?
06:59 babilen Just googled for '"not authorized on admin to execute command" pymongo' -- plenty of hits. You might want to investigate along those lines
07:00 jachin0 Ok, I’ll will do that, I tried searching stackoverflow under the saltstack flag, that didn’t get any hits but yeah, this seems like the thing, thanks a lot.
07:00 toanju joined #salt
07:02 babilen Good luck :)
07:02 huggy joined #salt
07:03 MTecknology I have this in my minion config http://dpaste.com/2AVJGEM  I used that so that some systems can automatically push things to a user account created for just that box to another place. I'm trying to figure out how I can add an additional user
07:04 babilen MTecknology: You could use different mine function aliases (one per user)
07:05 MTecknology OH! Or I could read the documentation!!!
07:05 MTecknology salt '*' ssh.user_keys user="['user1','user2'] pubfile=id_rsa.pub prvfile=id_rsa
07:05 babilen Or that :)
07:06 babilen You might still want to define a mine function alias for that in case you want to call that function for other things and be able to stick to a single naming scheme
07:07 MTecknology sounds like something I need to learn about
07:11 mswart joined #salt
07:11 flowstate joined #salt
07:12 jachin0 left #salt
07:13 ninjada_ joined #salt
07:24 malinoff left #salt
07:24 mswart joined #salt
07:31 ronnix joined #salt
07:31 keimlink joined #salt
07:33 ninjada joined #salt
07:35 mswart joined #salt
07:35 infrmnt joined #salt
07:35 all joined #salt
07:48 cubehead joined #salt
07:56 DarkKnightCZ joined #salt
08:01 ronnix joined #salt
08:11 flowstate joined #salt
08:14 jxm_ joined #salt
08:15 netcho joined #salt
08:17 geomacy joined #salt
08:19 s_kunk joined #salt
08:26 infrmnt joined #salt
08:38 subsignal joined #salt
08:39 haam3r joined #salt
08:41 Rumbles joined #salt
08:43 fredvd joined #salt
08:45 ozux joined #salt
08:48 ozux joined #salt
08:49 Couch joined #salt
08:49 mswart joined #salt
08:49 Couch Is it possible to aggregate the returned results of an execution module (e.g. yum) ?
08:53 phyburn joined #salt
08:55 honestly if you want to do things with results, set it to return machine-readable data (e.g. json) and parse it with a script
08:55 honestly ("returner" is the salt term)
08:56 mikecmpbll joined #salt
09:06 N-Mi joined #salt
09:06 N-Mi joined #salt
09:11 flowstate joined #salt
09:12 manji :D
09:12 manji oups wrong window
09:12 manji :)
09:13 felskrone1 joined #salt
09:22 sgo_ joined #salt
09:30 whitenoise joined #salt
09:37 hlub I have apache service state and onfail state for that. That onfail state is correctlyinvoked when the service fails but how can I add another state that is run after the first onfail state? THe state I wish to run is apache-restart, which is already existing state.
09:40 subsignal joined #salt
09:44 p4ulie joined #salt
09:49 babilen hlub: prereq?
09:49 babilen Ah, no .. that won't work
09:53 babilen hlub: Can't you have another service.running state that'll only be executed if your "repair all the things" state fired?
09:54 babilen (or whatever is appropriate)
09:55 ronnix_ joined #salt
10:00 netcho joined #salt
10:04 fredvd joined #salt
10:07 netcho hi all
10:08 netcho trying to run cat command on one of the minions but i get VALUE_TRIMMED
10:09 netcho is it possoble that minion ran out of memory?
10:11 flowstate joined #salt
10:16 hemebond netcho: How big is the file?
10:17 hemebond How much data are you trying to return?
10:17 netcho yeah i just saw it, looks like its too big
10:17 netcho 7MB
10:17 hemebond LOL
10:17 hemebond Just a tad :-D
10:18 netcho :D
10:18 netcho logrotate to the rescue
10:22 filippos joined #salt
10:22 hlub babilen: of course that is an option but does not feel very elegant one. Then I'd end up with two states called apache and apache-running-after-my-fix-script.
10:23 hlub hmm, or I place that other service.running under the same state id than the fix..
10:23 sjorge joined #salt
10:23 babilen The can't have the same ID
10:23 AndreasLutro salt doesn't have an elegant way to solve this problem
10:23 AndreasLutro a state can't run more than once during a highstate
10:24 babilen Which means that you need two states for "try .. fix .. try again"
10:24 babilen (well three if you include the 'fix')
10:24 manji If in dockerng.running
10:25 manji I have image: koko:latest
10:25 babilen onfail should allow for the "fix" state to trigger reexecution of the triggering state
10:25 manji I run it, I get the latest version, all good
10:25 manji if I run it sometime later on, and there is another version of image koko tagged as latest
10:26 manji will dockerng pull the latest image
10:26 manji ?
10:26 manji and restart the container?
10:26 manji or it will mark that image koko is present, and will let it be
10:27 seena joined #salt
10:27 seena Hello Guys
10:27 seena salt-minion --version salt-minion 2016.3.3 (Boron)
10:27 seena salt-master --version salt-master 2016.3.3 (Boron)
10:28 hlub babilen: definitely agree with that point as it is the most common situation
10:28 darvon joined #salt
10:29 seena I am trying to sync directory from master to minion
10:29 seena https://docs.saltstack.com/en/latest/ref/states/all/salt.states.rsync.html
10:29 seena Tried exactly same as that of the above
10:29 seena I am getting an error , looks like this is a known issue which is mentioned in https://github.com/saltstack/salt/issues/35551
10:29 saltstackbot [#35551][MERGED] rsync state not working on RedHat / CentOS | Description of Issue/Question...
10:30 seena How can I  patch this ?
10:32 seena @babilen ^^
10:33 * babilen fixes everything
10:33 babilen There  .. all done!
10:34 manji babilen, you are getting better and better at riding unicorns :D
10:34 ronnix joined #salt
10:35 babilen heh
10:36 DarkKnightCZ joined #salt
10:36 rdas joined #salt
10:37 teryx510 joined #salt
10:39 babilen seena: Doesn't look as if that made it into 2016.3.3
10:40 babilen You can easily get it by simply placing the current rsync.py module and state into _modules and _states respectively though. Run sync_all against your minions and you should be good to go
10:43 seena I have installed via bootstrap script
10:43 seena my rsync.py shows
10:43 seena Rsync state.  .. versionadded:: 2016.3.0 '''
10:50 M-liberdiko joined #salt
10:51 babilen seena: Yes, but the bugfix you linked earlier has not made it into the release you are running. You can easily sync the state and module module though (see above)
10:53 seena sure thanks :)
10:53 babilen Just remember to remove them when you upgrade to 2016.3.4 (or later)
10:55 eichiro joined #salt
10:55 N-Mi Hello, are there any documentation ressources regarding PCI compliance audit on an infrastructure managed by Salt
10:56 Reverend oh god. good luck
10:57 N-Mi is this so painful ?
10:57 Reverend pci is.
10:57 Reverend the best thing you can do is read the PCI documentation and see which bits apply to your salt stuff
10:57 Reverend mostly, you're looking at who has access to salt, who can push code to it, etc.
10:58 N-Mi the good thing is, we want to limit the perimeter of the audit zone
10:58 Reverend hmm. are you isolating that part of your network then/
10:58 N-Mi the audit would be about a network zone behind a firewall
10:58 Reverend is it IPSec'd to anywhere?
10:58 Reverend if so, that is also part of your zone.
10:59 N-Mi currently, there is a firewall rule to let Salt TCP ports from our main network to this zone
10:59 Reverend yeah. you using salt SSH?
10:59 N-Mi no, just normal communication
10:59 Reverend you really should consider an IPSec tunnel then
11:00 Reverend salt in itself isn't a problem for PCI... but you need ot make sure hta tyour box itself complies with PCI guidance.
11:00 Reverend i.e. who has access to it, who can trigger states, etc.
11:00 N-Mi it's different networks only from a "logic" point of vue, thy are VRF
11:01 N-Mi so I guess no need to pu IPsec beteen them
11:01 Reverend ohhhhhhh
11:01 Reverend i see.
11:01 N-Mi inter-VRF traffic goes through the firewall
11:01 Reverend still, my only advice is to read the PCI documentation/guidelines, as that should give you everything you need.
11:02 Reverend but protip : assume it applies, unless you know it doesn't
11:02 N-Mi ok
11:02 Reverend :P good luck, sir. PCI is a pain in the booottyyyy
11:02 N-Mi I looking ahead, it's not for now but I know it can happen in 12-18 months
11:03 Reverend yeah. it's going to be mandatory in 2018
11:03 Reverend for any companies storing card details.
11:03 N-Mi but I don't want to be under time pressure when this will be happen, and prepare things so that it's less painful
11:03 Reverend we're just going through it here too. Can't fucking stand it. I mean, it makes sense though... card details are pretty darn sensitive.
11:04 Reverend N-Mi - ofcourse. best to get a headstart :)
11:04 Reverend side note: anyone know how to install an RPM in salt?
11:06 N-Mi thanks for the disccusion Reverend  :)
11:06 N-Mi for your question, only Debian boxes here, so I don't know
11:07 manji pci dss group therapy
11:07 randomword joined #salt
11:07 randomword Good morning
11:07 N-Mi 'morning
11:08 Reverend morning lad(ie)?s
11:08 randomword I was wondering if there was a way to use file.bulkreplace to replace text in file with text from different file?
11:08 randomword multiline stuff
11:09 Reverend just do everything in cmd.run
11:09 Reverend just out of principle
11:09 Reverend im kidding
11:09 Reverend I have no idea. sorry
11:14 sgo_ joined #salt
11:14 amcorreia joined #salt
11:21 randomword Thanks
11:22 randomword anyone else?
11:24 babilen randomword: One way to do it would be to cache the text in the mine and reference that in the file you want it in
11:24 babilen Or just run whatever local commands would achieve that, but in a way you are dependending on local state which might cause that to fail
11:24 hemebond Different minions?
11:24 babilen Why not manage both?
11:29 randomword I'm trying to template out my hosts file. using block replace/update to blocks of IPs
11:31 Reverend hey babilen :)
11:31 Reverend good morning, should I ay.
11:31 Reverend say*
11:34 babilen Lunchtime actually :)
11:34 Reverend good lunchtime :)
11:34 babilen randomword: Oh, there's https://github.com/saltstack-formulas/hostsfile-formula
11:34 Reverend what's the word on the street for RPM installs chaps? cmd.run (:P), cus this sauce: isn't working :( just keeps trying from yum
11:37 Reverend http://pastebin.centos.org/54131/ (if you were wondering)
11:38 AndreasLutro Reverend: I don't know if the rpm/yum pkg state works differently but with deb, I have to specify sources as "pkg-name: /path/to/pkg" - not version
11:39 Reverend im specifying it as http://repo... but I'll try with a salt://
11:39 VR-Jack They should be the same. pkg is supposed to abstract it
11:41 Reverend negatory on the salt:// front
11:42 AndreasLutro https://bpaste.net/show/dc201823437b
11:42 AndreasLutro this is what I do
11:42 AndreasLutro but again, not rpm/yum
11:42 Reverend ughhhh. that looks horrible. Granted, it works... so GG. but wget? really? if that's what I need to do to get an RPM to install then mfw -__-
11:43 AndreasLutro I ran into problems with python memory limitations when I was downloading huge .deb files
11:43 subsignal joined #salt
11:43 Reverend haha
11:43 Reverend i see.
11:43 AndreasLutro if you don't have that problem then I suppose you could just use http in the sources
11:43 AndreasLutro just do some testing of your own
11:43 VR-Jack - bar: http://somesite.org/bar.rpm
11:44 VR-Jack Not sure what your version is, but that could be messing it up
11:44 Reverend thanks anyway AndreasLutro,  for the pastebin I mean. I'll bear that in mind. <3
11:45 sgo_ joined #salt
11:45 Reverend version is just the name of the package: varnish-release-4.1-2.el7.noarch
11:46 Reverend http://pastebin.centos.org/54136/
11:46 Reverend thats the output
11:46 Reverend looks like it's Yumming, which is weird.
11:47 AndreasLutro try something like "sources: [ varnish-release: http:///path/to/rpm ]" instead
11:47 Reverend roger. sec.
11:47 VR-Jack for testing, I'd remove variables. Just static it in.
11:47 VR-Jack also, test http vs https
11:47 M-MadsRC joined #salt
11:47 freelock[m] joined #salt
11:48 Reverend oooooooooooo
11:48 * Reverend bashes desk with fist.
11:49 VR-Jack Be nice to desk. :P
11:49 Reverend right. im gonna go fix it. time to jack in. I'll let you guyhs know when I'm done and give you the DL on the fix :)
11:49 Reverend <3
11:49 Reverend BBIAB. peace.
11:51 numkem joined #salt
11:53 ozux__ joined #salt
11:54 Reverend can one to a require on a service.running?
11:54 AndreasLutro what?
11:54 Reverend require:\n - pkg: varnish
11:54 AndreasLutro that wasn't quite english but in general you can require any state
11:54 Reverend hmm.
11:54 Reverend okay.
11:54 Reverend thanks
11:57 DarkKnightCZ joined #salt
11:58 Reverend i got it.
11:58 Reverend turns out it was the require_in
11:59 Reverend I had a require: varnish-repo in another pkg, and a rquire_in in varnish-repo, so must have been doing something fucky with the ordering.
11:59 * Reverend shakes fist
11:59 VR-Jack salt and orders get fun
12:00 Reverend :P
12:03 ozux joined #salt
12:14 ozux joined #salt
12:16 barmaley joined #salt
12:23 ronnix joined #salt
12:25 t0m0 joined #salt
12:28 rem5 joined #salt
12:28 patrek joined #salt
12:32 AirOnSkin joined #salt
12:36 BlackBishop anyone any idea about this salt pillar issue not geting populated ? https://paste.fedoraproject.org/431961/61355147/
12:37 AndreasLutro pillars are synced for a while, try saltutil.sync_pillar
12:37 AndreasLutro erm
12:37 AndreasLutro pillars are cached for a while, try saltutil.sync_pillar
12:37 AndreasLutro is what I meant to write
12:40 BlackBishop shouldn't sync_all sync them too ?
12:41 AndreasLutro argh sorry
12:41 AndreasLutro saltutil.refresh_pillar
12:42 dyasny joined #salt
12:43 BlackBishop nope
12:43 BlackBishop same
12:44 BlackBishop hmm, tried to see how python interprets the jinja template ..
12:44 BlackBishop https://paste.fedoraproject.org/431965/44618341/ .. no luck
12:47 BlackBishop ow .. print template.render({"grains":{"somegrain": ["somegrainvalue"]}}) .. seems to work ..
12:47 BlackBishop ok .. so why the heck doesn't it work in salt
12:49 VR-Jack do grains work in pillar? may be a silly question. I thought grains were minion side processing
12:50 AndreasLutro they do, the minion sends its grains to the master before pillars start rendering
12:51 VR-Jack but would they be available at the jinja level or strictly the pillar's built in selection level?
12:51 VR-Jack pillars and jinja are strange at times is why I ask
12:52 AndreasLutro they are available in jinja
12:52 VR-Jack good to know. I never trust grains,so never use them there
12:53 AndreasLutro you shouldn't, a compromised minion can tamper with them
12:53 BlackBishop a compromised minion is a bigger problem.
12:53 AndreasLutro so if you use a lot of grains-related logic in pillars you risk leaking sensitive information
12:54 BlackBishop anyhow, it doesn't work for some reason
12:54 BlackBishop and I don't get it
13:01 coredumb Hey folks
13:01 coredumb was reading that https://docs.saltstack.com/en/latest/ref/modules/
13:01 coredumb how are people distributing their custom modules ? seems to me like a hassle to zip them ...
13:02 AndreasLutro put them in _states next to your .sls state files
13:02 AndreasLutro erm
13:02 AndreasLutro _modules
13:04 AndreasLutro https://docs.saltstack.com/en/latest/ref/modules/
13:05 dpasqualin joined #salt
13:06 Reverend AndreasLutro - you just made me cry. I remembered that I need to figure out how to find minion AWS tags from master instead of using grains. damn.
13:06 Reverend oh wait. Nevermind. I just remembered I was going to use subnets.
13:06 Reverend sick
13:14 DarkKnightCZ joined #salt
13:14 dariusjs joined #salt
13:15 ozux joined #salt
13:19 ozux joined #salt
13:26 BlackBishop coredumb: or spm ?
13:26 BlackBishop AndreasLutro: any other ideas on how I could debug the issue ?
13:27 AndreasLutro check logs? increase log levels?
13:27 BlackBishop on minion or master ?
13:29 edrocks joined #salt
13:30 subsignal joined #salt
13:30 Xevian joined #salt
13:31 coredumb BlackBishop: I'm actually fine with it in _modules/ was just wondering what were ppl doing
13:31 coredumb btw
13:31 coredumb what happens if I state file.absent on a symlink ?
13:32 coredumb is only the symlink removed or the target may be deleted ?
13:32 t0m0 joined #salt
13:33 subsigna_ joined #salt
13:33 raspado joined #salt
13:33 filippos joined #salt
13:35 ssplatt joined #salt
13:35 DarkKnightCZ joined #salt
13:38 sandro_ joined #salt
13:39 eseyman joined #salt
13:39 foundatron joined #salt
13:40 dpasqualin Hello, I wanna make a simple service discovery using salt for docker containers (I know it's not ideal, but anyway). So far I have a salt engine for docker and a reactor for the "create" event, but the event doesn't say the port the container is listening to and I need that information. I know how to get the port using dockerng.inspect module, but I'm not sure how to use it in the reactor. Should I create a new salt module? A custo
13:46 raspado joined #salt
13:47 raspado joined #salt
13:49 ozux joined #salt
13:55 bowhunter joined #salt
13:55 racooper joined #salt
14:01 DEger joined #salt
14:02 LotR dpasqualin: that got cut off at "Should I create a new salt module? A custom"
14:02 dpasqualin A custom salt state?
14:03 dpasqualin =P
14:04 dpasqualin I mean, I want to get the return of dockerng.inspect and do something with it (like calling a state or running cmd.run). Not sure how to do it.
14:04 LotR I'm sorry, I have no clue about the actual question
14:08 mpanetta joined #salt
14:09 dpasqualin No problem, thank you :)
14:11 waynr left #salt
14:13 dariusjs joined #salt
14:15 Tanta joined #salt
14:21 djdexter joined #salt
14:21 djdexter left #salt
14:24 fannet joined #salt
14:25 armonge joined #salt
14:26 edrocks joined #salt
14:26 dyasny joined #salt
14:27 west575 joined #salt
14:31 fannet_ joined #salt
14:32 beardedeagle joined #salt
14:39 impi joined #salt
14:40 beardedeagle joined #salt
14:48 spuder joined #salt
14:50 ozux joined #salt
14:51 beowuff joined #salt
14:54 berserk joined #salt
14:54 mswart left #salt
14:56 berserk joined #salt
14:57 beowuff joined #salt
15:00 ozux joined #salt
15:00 codeape joined #salt
15:07 jimklo joined #salt
15:08 _JZ_ joined #salt
15:13 Trauma joined #salt
15:14 Heartsbane joined #salt
15:14 Heartsbane joined #salt
15:16 writtenoff joined #salt
15:20 ivanjaros joined #salt
15:22 sgo_ joined #salt
15:23 tiwula joined #salt
15:26 patches joined #salt
15:26 west575__ joined #salt
15:30 winsalt_ what am i supposed to do if grains in the grains file arnt being read?
15:31 Reverend how do you mean?
15:31 Reverend in _grains?
15:32 winsalt_ i used grains.present, it sets a value in a file in the minion config directory, i can see the value in that file but grains.get grains.items returns no value for that grain
15:35 winsalt_ now I just manually added a value, restarted the minion, and it shows up but the other one still is absent !
15:36 foundatron joined #salt
15:38 __newb joined #salt
15:38 edrocks joined #salt
15:39 winsalt_ is "roles" a protected grain key or what?
15:41 babilen No, not at all .. in fact it isn't even very well suited for it ;)
15:41 winsalt_ i cant set "roles:something" , i can set "roless: something
15:43 ninjada joined #salt
15:43 VR-Jack I believe roles is expected to follow a specific template
15:44 babilen Just use pillars for roles and manage them centrally
15:46 winsalt_ so what do you target in your pillar tops
15:49 ageorgop joined #salt
15:54 babilen winsalt_: Minion IDs -- targeting grains risks leaking secrets to minions that shouldn't see them
15:54 DammitJim joined #salt
15:55 Guest22006 joined #salt
15:55 babilen winsalt_: But read https://github.com/saltstack/salt/issues/23910 for a discussion on that topic
15:55 saltstackbot [#23910][OPEN] Please implement static pillars | Hi,...
15:55 debian112 joined #salt
15:56 DammitJim join #haproxy
15:56 babilen Do I have to?
15:56 winsalt_ what good are roles, if you target based on minion id anyway?
15:59 babilen winsalt_: Target states based on roles and secrets based on minion IDs
16:00 babilen Grains are fine if you can live with the fact that they are insecure and have a way of programmatically managing them
16:00 babilen As of now neither pillars nor grains provide what is needed for an easy to manage, secure, role system unless you adopt external pillars such as pillarstack
16:01 djgerm left #salt
16:02 winsalt_ well either way, I dont see why "roles" cant be a grain.  I cant find any docs on that
16:02 barmaley joined #salt
16:02 mpanetta I don't have any issues using the grain roles...
16:03 mpanetta I have a grains module that plucks it from per machine pillar though, so it isn't really a grain.
16:03 mpanetta IE you can't set it.
16:03 babilen mpanetta: Which makes it easy to manage programmatically
16:04 mpanetta yep :)
16:04 Karunamon Hey folks, is anyone familiar with using mysql as the external job cache? I'm trying to troubleshoot a "MySQL server has gone away" error when doing a job lookup
16:04 logan_ joined #salt
16:06 Guest16346 I have a few minion where localhost shows my hostname in uppercase and host shows my hostname is lowercase and I'd expect them to be the same. Where does salt get these two values from?
16:06 Guest16346 The localhost and host grains that is.
16:09 Guest16346 https://gist.github.com/loganbhardy/2d10ed13fe274a97b1ee348fb7aa5c8b
16:10 babilen Guest16346: https://github.com/saltstack/salt/blob/develop/salt/grains/core.py#L1560
16:11 GordonTX joined #salt
16:11 Guest16346 Thanks a ton. I was having a hard time tracking that down.
16:15 edrocks joined #salt
16:24 flowstate joined #salt
16:24 sjb9774 I'm quite new to salt, but I'm setting up a vagrant dev environment that runs and apache server and is provisioned with salt. So far everything is working fine save for the fact that every time I run vagrant up I have to manually restart the apache server inside the VM to be able to access it (otherwise I just get a hanging connection or errors).
16:25 sjb9774 I've tried having salt watch the apache config files and sites-enabled in hopes it would restart the process whenever anything changed but that didn't seem to help
16:25 sjb9774 after I restart the apache process everything works perfectly fine
16:26 sjb9774 Any ideas what could cause something like that?
16:28 sjmh hm, so globals in runners are shared when executing via the reactor.
16:28 new-to-salt joined #salt
16:28 sjmh wonder if that's intended or not
16:28 woodtablet joined #salt
16:30 new-to-salt greetings folks - i'm wondering if anyone can direct me to the right way to run a shell script in the background from an SLS file
16:31 Trauma joined #salt
16:32 bakins joined #salt
16:32 sjmh new-to-salt - i know there's a execution module way of doing it via cmd.run_bg
16:32 sjmh not sure if that's made it into the cmdmod state tho
16:33 west575 joined #salt
16:34 new-to-salt thanks sjmh. yes - i did read about cmd.run_bg and even tried to add it to my SLS and apply state... in vain.
16:35 new-to-salt i'm trying to automate the letsencrypt based cert installation. one of the steps is to run a temp web server for responding to acme challenges.
16:35 new-to-salt have that modeled as a state with cmd.script
16:36 new-to-salt but it never returns .. so nothing else proceeds.
16:36 new-to-salt wonder if others have found alternative ways to automate cert installation?
16:37 sjmh new-to-salt - you could use cmd.run and execute something via the atd daemon
16:37 mikecmpbll joined #salt
16:37 sjmh it's a hack..
16:37 sjmh but could work
16:38 babilen new-to-salt: There's https://github.com/saltstack-formulas/letsencrypt-formula
16:39 new-to-salt thanks sjmh - thats an interesting idea!
16:39 new-to-salt should work
16:39 impi joined #salt
16:40 * babilen recommends the formula
16:41 new-to-salt thanks babilen - the formula is the first thing i tried. ran into some arcane issue that required deep understanding of pillars and i ran out of time/patience. i should probably go back to it though.
16:41 babilen you might, yes
16:41 new-to-salt thanks!
16:41 west575__ joined #salt
16:48 pipps99 joined #salt
16:49 west575 joined #salt
16:49 armonge joined #salt
16:52 Nei joined #salt
16:53 babilen (even if you are just stealing code)
16:54 BattleChicken1 joined #salt
16:56 armonge joined #salt
16:57 mikecmpbll joined #salt
16:58 haam3r joined #salt
17:00 ivanjaros joined #salt
17:00 Edgan joined #salt
17:00 west575__ joined #salt
17:01 ivanjaros3916 joined #salt
17:02 catpig joined #salt
17:06 onlyanegg joined #salt
17:08 mikea joined #salt
17:08 mikea in a multi-master setup
17:09 mikea do both masters see the same event bus?
17:09 Jakis joined #salt
17:10 zach joined #salt
17:10 Jakis Anyone here ever get weird errors on salt-cloud (even when run with no paramaters?)
17:11 Jakis I'm getting weird stack traces for everything.  I'll never get my boss to agree salt is a good idea, if I can't even get the initial install right :/
17:12 babilen mikea: I think so, but haven't checked
17:13 west575 joined #salt
17:21 pipps joined #salt
17:25 eseyman joined #salt
17:26 west575__ joined #salt
17:31 bltmiller joined #salt
17:31 nidr0x joined #salt
17:32 Trauma joined #salt
17:33 notnotpeter joined #salt
17:33 west575 joined #salt
17:36 Brew joined #salt
17:41 sjmh mikea : no, they each have their own event bus
17:41 mikea sjmh, do they see the same data?
17:42 mikea specifically returns
17:42 sjmh it depends on what you're doing
17:42 mikea if I were to run salt '*' test.ping
17:42 mikea would both masters see the return?
17:42 west575__ joined #salt
17:42 sjmh if you issue a salt command from a master to a minion, the minion only responds to the master who issued the command
17:42 sjmh but if you do a salt-call, then it could go to either
17:42 sjmh or if you're doing mine updates
17:42 sjmh etc
17:42 sjmh it gets weird
17:42 codeape joined #salt
17:43 sjmh depending on where the call originated from
17:43 sjmh last time i talked to a salt guy, for things like salt-call, he said he thought it just picked one of hte masters to send it to
17:43 sjmh so to answer your question: no, both masters should not be seeing the return
17:45 mikea ah, okay
17:46 mikea as long the return only goes one place
17:46 sjmh i'd probably test it in a vagrant setup first tho :)
17:47 sjmh now back to figuring out my global issue
17:47 ageorgop joined #salt
17:47 ozux__ joined #salt
17:50 jerematic joined #salt
17:51 IdoKaplan joined #salt
17:51 IdoKaplan Hi, Is there anyone here that managed to send salt output logs to ELK?
17:51 flowstate joined #salt
17:54 verax joined #salt
17:55 west575 joined #salt
17:56 MTecknology in less than thirty seconds, a single salt-master process made 537 calls to gettimeofday() ... wow
18:00 mikea IdoKaplan, there is an elasticsearch returner
18:01 mikea https://docs.saltstack.com/en/latest/ref/returners/all/salt.returners.elasticsearch_return.html
18:02 bltmiller joined #salt
18:03 edrocks joined #salt
18:04 IdoKaplan mikea: Thank you for the follow up. Is it sending the full output log or only the command (for example state.highstate)?
18:05 Rumbles joined #salt
18:12 flowstate joined #salt
18:19 beardedeagle Survey for the people here who use salt-api: how many of you use salt-api with ldap/AD auth?
18:19 ozux joined #salt
18:24 pipps joined #salt
18:25 mikecmpbll joined #salt
18:25 flowstate joined #salt
18:28 ozux joined #salt
18:29 tapoxi joined #salt
18:32 DEger joined #salt
18:32 sjmh beardedeagle - we do
18:34 beardedeagle I have written a complete replacement for libpepper and the pepper cli, but right now it only supports pam auth so I am trying to gage whether I take the time to write in other eauth's or just leave it up to the community.
18:35 ageorgop joined #salt
18:36 pipps joined #salt
18:36 mikecmpbll joined #salt
18:39 sjmh ah, gotcha.  well, we don't allow users to use the api, only automation tools.
18:41 ajw0100 joined #salt
18:45 autofsckk joined #salt
18:47 haam3r joined #salt
18:49 MTecknology "salt-run state.event" should just start firing crap off as soon as it starts, right?
18:49 MTecknology It's only watching a socket and repeating streams, no?
18:50 notnotpeter joined #salt
18:52 flowstate joined #salt
18:53 sjmh MTecknology as long as you have events coming in, yes
18:54 alinuxninja joined #salt
18:57 moos3 joined #salt
18:58 __newb joined #salt
18:59 codeape joined #salt
18:59 MTecknology sjmh: heh... I see the load average go from 1 to 40 when I restart the master, it hangs up there, acts like it's because of minions re-connecting, but no events until later
19:00 moos3 joined #salt
19:00 Rumbles joined #salt
19:00 pipps joined #salt
19:00 sjmh MTecknology : weird, what version?
19:00 sjmh 2016.3.3 works fine for me
19:00 MTecknology 2016.3.3
19:00 MTecknology how many minions reconnect?
19:01 MTecknology I mean, it all "works"
19:01 somedude joined #salt
19:01 MTecknology after about 5-10 minutes the load comes back down
19:01 pipps99 joined #salt
19:02 jeneam joined #salt
19:02 sjmh they all seem to reconnect - this is on a smallish installation on a small VM tho
19:02 somedude left #salt
19:02 sjmh only about 40~ minions
19:02 sjmh load avg went from 0.3 to about 1 for a minute or two
19:02 MTecknology bit of a difference of scale :P
19:03 MTecknology I don't know how many minions exist in this environment and due to latency issues, I likely never will.
19:03 sjmh haha yeah this is our staging lab
19:03 toanju joined #salt
19:03 sjmh i can't restart master during the day :) ( and it's 2015.8 )
19:03 sjmh prod master, that is
19:04 MTecknology random_reauth_delay seems like it might need to be increased, but I don't think that's enough
19:04 sjmh we set all of those for our prod instance
19:05 sjmh https://gist.github.com/sjmh/2ef1505067a3cf059a46fc859a9def9f
19:05 sjmh thats our minion config on our prod instance ( w/ ~26k minions )
19:05 MTecknology 300?!
19:05 sjmh 26,000 minions :)
19:05 MTecknology ah, 26k would make sense
19:06 MTecknology https://docs.saltstack.com/en/latest/topics/tutorials/intro_scale.html#too-many-minions-re-connecting
19:06 sgo_ joined #salt
19:07 MTecknology "By default the zmq socket will re-connect every 100ms"   "sample configuration file (default values)"   "recon_default: 1000"
19:07 MTecknology so... 1000 == 100ms?
19:07 ajw0100 joined #salt
19:08 MTecknology aight - docs are wrong
19:09 ageorgop joined #salt
19:09 DEger joined #salt
19:11 moos3 joined #salt
19:12 MTecknology sjmh: When I restarted, I saw a whopping 5 auth events come through.
19:13 MTecknology from one of the syndic boxes
19:14 MTecknology :S
19:16 ryan8403 joined #salt
19:20 pipps joined #salt
19:20 BlackBishop joined #salt
19:22 FreeSpencer joined #salt
19:22 FreeSpencer joined #salt
19:23 pipps99 joined #salt
19:23 pipps_ joined #salt
19:26 mikecmpbll joined #salt
19:33 pipps joined #salt
19:34 writtenoff joined #salt
19:37 logan_ joined #salt
19:38 DEger joined #salt
19:46 autofsckk exit
19:47 mpanetta no
19:48 felskrone joined #salt
19:48 edrocks joined #salt
19:53 logan_h joined #salt
19:54 logan_h help, I have some minions where the minion_id get set in mixed case even though the fqdn comes back in all lower case. What am I doing wrong?
19:54 logan_h https://gist.github.com/loganbhardy/a92082b31e2e08386739735b1848b95b
19:55 Sketch it looks like your hostname is in caps, so it makes sense that your minion_id is?
19:56 logan_h I have other minions were the hostname is in caps and this doesn't happen. And according to the comments in the config the id should default to the fqdn. So I'm super confused.
19:57 Bryson joined #salt
19:59 logan_h https://gist.github.com/loganbhardy/1314baf238345be9259551aa1f9cfb25
19:59 dyasny joined #salt
20:01 logan_h Is there maybe a way to force id: to use socket.getfqdn() so I can keep things consistent?
20:04 logan_h Sketch: So you are right, I set the hostname to lowercase, deleted my minion_id and restarted the salt-minion and now the minion_id is all lowercase.
20:04 Sketch odd that it doesn't happen on the other one, though
20:04 logan_h I guess my problem is that the minion isn't acting the way it's documented to be. And it's inconsistent in it's behavior between nodes.
20:05 logan_h exactly
20:06 ageorgop joined #salt
20:06 Sketch i was going to suggest seeing if your reverse DNS entries are the same case
20:07 Sketch (or possibly forward)
20:07 Sketch how exactly it decides the hostname is not something i've looked into much
20:07 haam3r joined #salt
20:08 cscf So, I'm trying to manage mysql with salt, but whenever I try to do anything, I get "Access denied for user 'root'@'localhost'".  Why would salt need a password to connect to localhost if I don't?
20:08 heewa joined #salt
20:09 cscf Apparently I need to put the password in /etc/salt/minion.  Why?
20:10 logan_h Sketch: I think you may be on to something. I'm checking on the reverse DNS stuff now.
20:10 flowstate joined #salt
20:13 Tanta because you aren't being explicit in specifying the root user
20:14 cscf Tanta, but it's correctly assuming root?  Or are you talking to someone else?
20:15 Sketch maybe it's not assuming localhost.  you could try connection_host: localhost
20:15 cscf "Access denied for user 'root'@'localhost'"
20:15 Tanta be as explicit and granular as you can in the data source setup
20:15 cscf Why wouldn't it default the password to '' since that's the package default?
20:16 Tanta this is not a salt thing, it's a mysql thing, -- if you connect using "mysql -u root -h localhost" vs "mysql -h localhost"
20:16 Tanta you will see
20:16 cscf But salt should have sane defaults
20:16 Tanta then keep blaming salt and complaining
20:17 Sketch what i've started doing is making /var/lib/mysql/defaults.cnf a managed file (perms 400) with the necessary connection info, then just add connection_default_file: /var/lib/mysql/defaults.cnf
20:17 debian112 joined #salt
20:18 GordonTX joined #salt
20:18 Sketch i also have a state that sets the root password before that file is created.  that way, when it tries to connect with the nonexistant file, it connects as root with no pw.  after the file is created, it connects with the pw.
20:18 cscf Sketch, if I use simply 'mysql', no args, it works.
20:19 Sketch only way i was able to figure out to bootstrap the root user's password with salt
20:19 cscf So there's 0 information required that I should need to specify, in my case at least.
20:21 heewa joined #salt
20:21 notnotpeter joined #salt
20:23 pipps joined #salt
20:28 netcho joined #salt
20:28 netcho joined #salt
20:30 netcho joined #salt
20:30 netcho joined #salt
20:30 netcho joined #salt
20:31 barmaley joined #salt
20:33 pipps joined #salt
20:41 tapoxi joined #salt
20:41 fannet joined #salt
20:42 netcho joined #salt
20:43 ageorgop joined #salt
20:43 netcho joined #salt
20:43 jcristau joined #salt
20:55 ajw0100 joined #salt
20:59 daxomati1 joined #salt
21:01 coredumb Hello folks
21:02 coredumb Not sure if I missed it from the docs, but is there a way to run scheduled jobs from a user with nologin shell ?
21:03 coredumb yeah OK I can cheat with su -s
21:03 coredumb don't mind me
21:03 pipps joined #salt
21:06 Reverend gnite ladies and gents. peace.
21:07 ajw0100_ joined #salt
21:08 bltmiller joined #salt
21:10 hemebond Is it possible to add extra mechanisms to salt-cloud when provisioning for certain providers? e.g., generate a key, upload it somewhere, then provision the VM?
21:10 flowstate joined #salt
21:12 shanesveller joined #salt
21:12 DEger joined #salt
21:14 MTecknology joined #salt
21:18 shanesveller joined #salt
21:18 daxomati1 Hi there, another question on salt-cloud; I am using it with openstack and i was wondering if there is a configuration property for anti affinity rules, and also, will there be in the near future to create networks and routes as well? at the moment im stuck with openstack api create the networks and routers, and then putting servers on them when i have the UUID's of the networks. would be awesome to do
21:18 daxomati1 that all in salt-cloud with one config... any ideas on this?
21:23 Edgan hemebond: I use a custom python/boto script to hit the salt-api, get a key, write it into userdata, and read it with cloud-init
21:23 Rumbles joined #salt
21:28 thehaven joined #salt
21:30 ujjain joined #salt
21:30 ujjain joined #salt
21:31 froztbyte joined #salt
21:31 toabi joined #salt
21:32 GothAck joined #salt
21:36 hemebond Oooh, you can get the key via salt-api? Sounds neat.
21:37 hemebond Do you have anything documented online about the process?
21:37 hemebond Anything shared?
21:42 fannet_ joined #salt
21:46 kaak joined #salt
21:48 kaak Anyone care sharing how they tackle managing multiple environments with salt? I'm particularly curious about patterns for promoting changes between environments.
21:48 hemebond kaak: I use Salt environments on the master.
21:49 hemebond I haven't got there yet with a complete process for managing updates.
21:49 hemebond But I think I will have separate repos for each environment pillar dir and each environment state dir.
21:49 hemebond And use explicit targeting in the top.sls.
21:49 kaak hemebond: as described here? https://docs.saltstack.com/en/latest/ref/states/top.html#multiple-environments
21:50 hemebond That's right. Though I use a top.sls per environment and only for that environment.
21:50 hemebond With no top.sls in the base environment.
21:50 VR-Jack If you're not familiar with it, a lot of people also forgo environments and run multiple masters instead. Generally using git/hg to sync information between them.
21:51 ageorgop joined #salt
21:55 MadHatter42 joined #salt
21:57 mohae joined #salt
22:00 nidr0x joined #salt
22:00 debian112 joined #salt
22:02 DEger joined #salt
22:02 DEger joined #salt
22:03 pipps joined #salt
22:06 wendall911 joined #salt
22:09 justanotheruser joined #salt
22:10 lilvim joined #salt
22:11 flowstate joined #salt
22:11 jhujhiti joined #salt
22:24 GordonTX joined #salt
22:31 ajw0100 joined #salt
22:32 nethershaw joined #salt
22:33 ajw0100_ joined #salt
22:38 drew__ joined #salt
22:39 drew__ hi does anyone have resources on testing custom salt execution modules?
22:44 teryx510 joined #salt
22:49 darix joined #salt
22:51 toastedpenguin joined #salt
22:56 darix joined #salt
22:58 foundatron joined #salt
23:03 cyborg-one joined #salt
23:07 spuder joined #salt
23:08 spuder_ joined #salt
23:09 ninjada joined #salt
23:10 xnavy joined #salt
23:12 flowstate joined #salt
23:13 ajw0100 joined #salt
23:20 hemebond joined #salt
23:32 DEger joined #salt
23:34 DEger_ joined #salt
23:46 sjmh joined #salt
23:47 Derailed Hey all. I am writing a few states (create some directories, put some files in places) that I need to run before some states in a 3rd party salt formula. How do I make sure that my states run first?
23:49 whytewolf Derailed: if you know the names of a state id in the formula, would could use require_in
23:50 Derailed whytewolf cheers. Yeah, I do know the names of the states I need to run before
23:50 Derailed for context: I'm using the docker.containers formula to run a docker container, but I need to create some directories before it runs.
23:50 pipps joined #salt
23:50 Derailed put some config files in place, etc
23:52 VR-Jack require_in lets you tell it from your state that you are now required by the other state
23:55 Derailed sounds perfect, cheers!

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary