Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2016-09-30

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:00 barmaley joined #salt
00:01 brotatochip joined #salt
00:05 scoates joined #salt
00:09 brotatochip joined #salt
00:15 stooj joined #salt
00:17 Bryson joined #salt
00:18 andrewl joined #salt
00:18 andrewl Hi has anyone got this issue? (authAuthenticationError: Failed to authenticate! This is most likely because this user is not permitted to execute commands, but there is a small possibility that a disk error occurred (check disk/inode usage).)
00:20 andrewl I am trying to get salttesting to work with my project
00:20 onlyanegg joined #salt
00:27 andrewl has anyone figured out how to use salttesting for their projects?
00:39 hemebond When do you get that error?
00:39 hemebond What is it you're trying to do?
00:40 DEger joined #salt
00:45 invalidexception joined #salt
00:49 kaak joined #salt
00:49 jas02 joined #salt
00:50 woodtablet left #salt
00:50 keimlink joined #salt
00:53 TomJepp joined #salt
00:56 pipps joined #salt
00:57 Nahual joined #salt
01:04 mosen joined #salt
01:06 edrocks joined #salt
01:12 q1x joined #salt
01:19 pipps joined #salt
01:21 amontalban joined #salt
01:22 neilf__ joined #salt
01:35 brotatochip joined #salt
01:36 ssplatt joined #salt
01:37 lordcirth joined #salt
01:40 sebastian-w joined #salt
01:48 ilbot3 joined #salt
01:48 Topic for #salt is now Welcome to #salt! | Latest Versions: 2015.8.12, 2016.3.3 | Support: https://www.saltstack.com/support/ | Logs: http://irclog.perlgeek.de/salt/ | Paste: https://gist.github.com/ (please don't multiline paste into channel) | See also: #salt-devel, #salt-offtopic | Ask with patience as we are volunteers and may not have immediate answers
01:50 jas02 joined #salt
01:55 mosen_ joined #salt
02:01 amontalb1n joined #salt
02:01 scoates joined #salt
02:02 lordcirth Is it just me or is the file.line docs totally unclear?
02:06 evle joined #salt
02:08 mpanetta joined #salt
02:23 hemebond I think they're possibly unclear.
02:24 hemebond Lots of functions need more examples.
02:25 om joined #salt
02:30 ALLmightySPIFF joined #salt
02:32 sjmh joined #salt
02:34 stooj joined #salt
02:37 Ashald joined #salt
02:43 catpig joined #salt
02:51 jas02 joined #salt
02:52 armonge joined #salt
02:53 ale-roy joined #salt
03:08 edrocks joined #salt
03:10 promorphus joined #salt
03:12 phily joined #salt
03:13 armonge joined #salt
03:21 systo joined #salt
03:23 om joined #salt
03:32 pipps joined #salt
03:34 mohae_ joined #salt
03:46 armonge joined #salt
03:50 promorphus joined #salt
03:51 mosen joined #salt
03:51 jas02 joined #salt
03:54 brotatochip joined #salt
04:04 tristianc joined #salt
04:17 sjmh joined #salt
04:19 14WAALY0Y joined #salt
04:28 DEger joined #salt
04:31 ivanjaros joined #salt
04:39 justanotheruser joined #salt
04:48 swa_work joined #salt
04:52 jas02 joined #salt
04:54 jimklo joined #salt
05:10 edrocks joined #salt
05:38 hemebond So, is there a recommendation to use wheel.key.cmd_async over wheel.cmd?
05:38 hemebond The examples in the docs change back and forth.
05:47 losh joined #salt
05:47 bocaneri joined #salt
05:53 jas02 joined #salt
05:56 doda joined #salt
05:56 felskrone joined #salt
06:04 DarkKnightCZ joined #salt
06:07 tehsu joined #salt
06:08 \ask joined #salt
06:17 ivanjaros joined #salt
06:42 cyborg-one joined #salt
06:54 jas02 joined #salt
06:55 jas02_ joined #salt
07:08 jas02 joined #salt
07:12 jhauser joined #salt
07:12 edrocks joined #salt
07:13 haam3r joined #salt
07:13 pppingme joined #salt
07:17 mackripeum joined #salt
07:18 zulutango joined #salt
07:24 sjorge joined #salt
07:54 jas02 joined #salt
07:56 krymzon joined #salt
08:00 watersoul joined #salt
08:03 Reverend joined #salt
08:04 dariusjs joined #salt
08:09 keimlink joined #salt
08:13 s_kunk joined #salt
08:15 rem5 joined #salt
08:15 lero joined #salt
08:17 Rumbles joined #salt
08:23 sandro_ joined #salt
08:26 mikecmpbll joined #salt
08:32 notnotpeter joined #salt
08:35 N-Mi joined #salt
08:35 N-Mi joined #salt
08:45 rem5 joined #salt
08:52 losh joined #salt
08:55 jas02 joined #salt
08:58 jas02_ joined #salt
09:15 edrocks joined #salt
09:23 cyborg-one joined #salt
09:24 infrmnt joined #salt
09:25 infrmnt joined #salt
09:31 all joined #salt
09:31 Nitesh_ joined #salt
09:32 oliver_are joined #salt
09:34 ozux joined #salt
09:35 subsignal joined #salt
09:50 mswart joined #salt
09:56 jas02 joined #salt
09:57 hoonetorg hemebond sjmh thanks for the info about thread safe, thread local in runner context on master
09:57 hemebond Did you get your stuff working okay?
09:59 jas02_ joined #salt
09:59 narfology joined #salt
10:00 hoonetorg hemebond; yes, i try not to use grains/pillars in orchestration sls now or set pillar for the orchestration sls with the commandline pillar option
10:02 hoonetorg like that: salt-run state.orchestrate some/state/sls pillar="{ 'some': 'pillar' }"
10:02 hoonetorg s;some/state/sls;some.state.sls;
10:07 cyborg-one joined #salt
10:17 dariusjs joined #salt
10:20 oliver_are Hi, I want to clone a git repo with ssh pem keys do we have any states where I can point the ssh pem key ?
10:32 dps joined #salt
10:36 amontalban joined #salt
10:45 hemebond aw geez, if you create an EC2 instance outside of Salt Cloud you can't use Salt Cloud to destroy it.
10:50 dariusjs joined #salt
10:57 DammitJim joined #salt
10:57 jas02 joined #salt
11:03 jas02 joined #salt
11:11 haam3r Hi. Quick question. In reactor I can do {% if data['id'].startswith('web') %} per the documentation but  something like {% if data['id'].startswith('web') %} does not seem to match. How can I match the end of a minion id in reactor?
11:12 AndreasLutro endswith :)
11:12 haam3r aa sorry I did mean that {% if data['id'].endswith('web') %} does not seem to match
11:13 hemebond data['id'][-3:] == 'web' ?
11:14 haam3r okey to clarify.. I want the reactor statement to match on the domain portion of the id when the minion id is an fqdn
11:15 hemebond Can't you just use tgt for that?
11:15 AndreasLutro how would you know when the minion id is a fqdn
11:15 hemebond Wait... that might be orchestration.
11:15 hemebond (reactors have a tgt too)
11:16 lovecraftian joined #salt
11:16 haam3r so if I have something like web.sub.example.com I want the reactor state to match if the id has sub.example.com but not abc.example.com
11:17 edrocks joined #salt
11:17 AndreasLutro how is salt supposed to know that "sub" is valid but "abc" isn't?
11:17 hemebond Did.... you try the slice notation?
11:18 haam3r it's basic wildcard string matching… aka something like '*.sub.example.com' also did not seem to work
11:18 hemebond or maybe split the string and check the parts.
11:18 haam3r don't know about the slice notation
11:18 AndreasLutro so... if data['id'].endswith('.sub.example.com') ?
11:18 haam3r mhm
11:19 haam3r the problem is that when I restart the one of the minions the state does not execute
11:19 hemebond Does your reactor fire if you target everything?
11:21 haam3r jep
11:22 hemebond And the minion id is a fqdn?
11:22 haam3r mhm
11:23 pkoch joined #salt
11:24 mpanetta joined #salt
11:24 hemebond But tgt: '*.sub.example.com' doesn't work?
11:24 hemebond Oh wait.
11:25 hemebond You're not targeting the minion, you're trying to filter out the source of the event.
11:25 haam3r i'm matching the reactor on the "minion_start" event wich does not have the tgt field if i remember correctly
11:25 haam3r maybe there is a better way of doing this?
11:26 haam3r what i need is a reactor firing state.apply if the minion fqdn is a specific subdomain
11:26 hemebond You only want to react to start events from certain machines, yeah?
11:26 haam3r jep pretty much
11:27 babilen Wouldn't it be nice if one could use Python's re module in jinja?
11:27 hemebond 'salt/minion/ink*/start'
11:27 haam3r i could work it around to firing on all start events and later somehow applying the state on only specific machines
11:27 haam3r oh yes that would be nice
11:27 hemebond So you can use the wildcard for part of a tag.
11:27 hemebond so
11:27 hemebond 'salt/minion/*.sub.example.com/start'
11:27 haam3r thanks that sounds good..i'll try that
11:28 hemebond Instead of listening for 'minion_start'
11:28 hemebond Both events will come through.
11:28 hemebond But the former allows for easier targeting.
11:29 pkoch Hey, guys! Do I have to do anything in particular for custom grains to be deployed over salt-ssh?
11:33 haam3r thanks hemebond…that worked
11:33 hemebond :thumsbup:
11:33 hemebond 👍
11:34 promorphus joined #salt
11:34 JohnnyRun joined #salt
11:38 Antiarc joined #salt
11:41 dariusjs joined #salt
11:44 numkem joined #salt
11:53 manji pkoch, yes, you can
11:53 manji pkoch, in your roster file add samething like:
11:53 manji minion_opts:
11:53 manji grains:
11:53 manji roles:
11:53 manji - backend
11:54 manji the description for the 'minion_opts'  key in the documentation is a bit vague
11:55 manji you can have mine functions as well
11:57 jas02_ joined #salt
12:00 amcorreia joined #salt
12:03 pipps joined #salt
12:08 joshin joined #salt
12:08 joshin joined #salt
12:08 yuhlw____ joined #salt
12:15 JohnnyRun joined #salt
12:17 joshin joined #salt
12:18 edrocks joined #salt
12:26 yurikulaz joined #salt
12:27 yurikulaz left #salt
12:32 impi joined #salt
12:33 ssplatt joined #salt
12:34 sw__ joined #salt
12:36 sw__ I have a for loop with a file.managed function, setting a context variable, i'd like to set the context to a pillar value.. can't figure out the syntax... i've tried different things such as this: instance_port: {{ salt['pillar.get']('hubsession:' + {{ instance }} + ':port') }}
12:36 AndreasLutro sw__: drop the {{ }} inside the pillar.get
12:37 AndreasLutro you only need {{ }} to output variables into yaml, not for concatenation etc
12:37 sw__ AndreasLutro: i keep the + ?
12:37 AndreasLutro yes
12:38 sw__ AndreasLutro: thanks a million! been looking for 30 minutes :)
12:39 rdas joined #salt
12:42 numkem joined #salt
12:43 J0hnSteel While executing a state file on a minion is it valid to have watch->event->'event/name', to wait for an action dependent on a remote machine?
12:44 VR-Jack joined #salt
12:45 manji J0hnSteel, I suspect you need a runner for that
12:57 renaissancedev joined #salt
12:58 jas02_ joined #salt
13:13 pkoch joined #salt
13:13 edrocks joined #salt
13:13 pkoch I mean custom grain providers with salt-shh
13:13 pkoch curiously enough, saltutil.sync_grains doesn't put them in the remote machines
13:13 pkoch highstate does, however
13:14 MZarczynski joined #salt
13:18 aagbds joined #salt
13:27 AndreasLutro syncing works very differently with salt-ssh, you don't run the saltutil functions as you normally would
13:31 DEger joined #salt
13:33 Cadmus joined #salt
13:33 promorphus joined #salt
13:35 Tanta joined #salt
13:36 ozux joined #salt
13:39 Okie_Dokie joined #salt
13:40 Okie_Dokie good morning
13:40 Okie_Dokie everyone got gloriously high sodium level today?
13:40 xmj no
13:40 xmj feasting on iodine
13:41 Okie_Dokie at least you will be protected from radiation
13:41 rem5_ joined #salt
13:41 Okie_Dokie any one care to assist on a jinja for loop question that is plaguing me still
13:42 edrocks joined #salt
13:42 xmj anyone care to answer my metaquestion on metaquestions?
13:42 Okie_Dokie ha
13:42 AndreasLutro Okie_Dokie: just ask
13:43 Okie_Dokie so i got pillar that looks something like
13:43 DarkKnightCZ joined #salt
13:44 Okie_Dokie test:   lookup:     artifactory:         value: 1         value: 2
13:44 cscf If I want a list of pairs, in this case a (URL, name) pair, do I just use a dict?
13:44 cscf I need to be able to foreach it
13:45 rdas joined #salt
13:45 Okie_Dokie i want to look thought the pillar and exactract the value1: and value:
13:45 Okie_Dokie so basically pull out 1 and 2 from the for loop
13:46 voxpop joined #salt
13:50 AndreasLutro pretty sure that's not valid yaml, can you make a gist of it instead of pasting in irc?
13:51 cyteen joined #salt
13:56 Okie_Dokie i am trying to give an example
13:56 Okie_Dokie it looks like something like this would work <ul> # for href, caption in [('index.html', 'Index'),                         ('about.html', 'About')]:     <li><a href="{{ href }}">{{ caption }}</a></li> # endfor </ul>
13:56 Okie_Dokie thats from the jinja website
13:57 Okie_Dokie but instead of creating the list in the for loop i want to pull it from a pillar
13:58 AndreasLutro yes yes I just need to know what your pillar actually looks like
13:58 cscf Is there a way in Jinja to extract the filename from a URL?  https://etcetc/document.zip - get document.zip?
13:59 jas02 joined #salt
13:59 cscf ah, .split
14:00 asay joined #salt
14:02 DEger joined #salt
14:02 amontalb1n joined #salt
14:05 rem5 joined #salt
14:06 zirpu joined #salt
14:09 cmarzullo anyone recall the command to pause the minion? Not disable the service.
14:09 cmarzullo manage.down
14:12 ozux__ joined #salt
14:13 Okie_Dokie andreas sorry for the delay
14:13 Okie_Dokie here is the pillar
14:13 Okie_Dokie http://pastebin.com/yFgQERk0
14:13 Okie_Dokie damn meeting, keep me from salty goodness :)
14:14 AndreasLutro ok and what is it you want?
14:15 Couch joined #salt
14:16 dariusjs joined #salt
14:16 AndreasLutro the .jar and .war dicts don't even have keys in common
14:16 Couch Is it possible to specify batched execution in events/reactors ?
14:16 Okie_Dokie need to pull the names and values
14:16 Okie_Dokie so rootwar and file
14:17 scoates joined #salt
14:17 Okie_Dokie and i need to look through all the values
14:17 Okie_Dokie from artifactory.name.war
14:18 Okie_Dokie err loop
14:18 pkoch I see. Alright, I'll just lean on running highstate twice. (Tears of sadness, but, yeah, I get it).
14:19 pkoch Is there any good way to tell salt it needs more packages to run my grain provider? Like, how do I tell it it needs boto?
14:20 AndreasLutro Okie_Dokie: {% for filename, values in pillar.test.lookup.items() %}{% for key, value in values.items() %}
14:21 Okie_Dokie so {{ filename }} would pull out rottwar, mstr, etc and key would pull file, file1, file2, etc?
14:22 AndreasLutro no, filename would be the whatever.jar whatever.war etc
14:22 AndreasLutro key would be rottwar, mstr, etc
14:22 AndreasLutro value would be the value of that key
14:22 Okie_Dokie ahh got it backwards
14:22 mohae joined #salt
14:22 Okie_Dokie derf
14:23 Okie_Dokie Thank you Andreas... If you ever make it michigan i owe you a beer... apperciate all your help
14:24 dariusjs joined #salt
14:27 emaninpa joined #salt
14:30 rem5 joined #salt
14:31 ozux joined #salt
14:34 keltim joined #salt
14:38 mamalos joined #salt
14:40 cscf pkoch, why not just pkg.installed ?
14:40 DarkKnightCZ joined #salt
14:41 drawsmcgraw joined #salt
14:43 jenastar joined #salt
14:44 Okie_Dokie Andreas, would it be {% for filename, values in test:lookup:artifactory.name.war.items() %}
14:45 Okie_Dokie how would that work as i have "artifactory.name.war and want to use .items()
14:47 bowhunter joined #salt
14:47 pkoch cscf: because that's not the same venv that salt is using?
14:47 pkoch Also, global polution is bad.
14:52 cscf pkoch, so you want a requisite right on your grain request to pull in boto, and otherwise not?
14:52 rem5 joined #salt
14:53 DammitJim joined #salt
14:53 wangofett joined #salt
14:53 DammitJim this is probably the most stupid question to date
14:53 ozux joined #salt
14:54 DammitJim I want to set up a cron job that backups up mysql on a linux server every night
14:54 DammitJim what user should I assign for the cron job to run as?
14:54 teryx510 joined #salt
14:55 hasues joined #salt
14:55 hasues left #salt
14:56 cscf DammitJim, what is mysql running as?
14:56 DammitJim mysql user
14:56 DammitJim but that user has no home directory
14:56 bmccormick DammitJim: as the user with the admin rights for mysql
14:56 DammitJim and I am using a hidden my.cnf with the credentials
14:56 DammitJim and mode 600
14:57 cscf DammitJim, I'd use that, then.  Also, it is recommended to create a mysql user for backup operations as well.
14:57 DammitJim that I have, but that's a mysql user, not an os user
14:58 ozux joined #salt
14:59 cscf DammitJim, yeah, just use the standard os user, I'd say.
15:00 jas02 joined #salt
15:00 Couch Is there any way to specify batches with reactors ? Like how many hosts will react to an event simultaneously ?
15:00 Reverend DammitJim - run as root using the mysql user with -u?
15:00 Reverend root most likely has access to mysql anyway
15:00 DammitJim Reverend, are you suggesting for the cron job to be configured for root?
15:01 Reverend just add the cronjob to root's crontab
15:01 Reverend alternatively, you could set up a master/slave replication, and then NEVER have to worry about it :)
15:01 DammitJim so, if I was root, and did crontab -l, it'll show me the cron job?
15:01 om joined #salt
15:01 DammitJim yeah, I don't know why using the root user's crontab doesn't sound right
15:01 Reverend crontab -e , and add it in there
15:01 Reverend the advantage of using root's crontab is that it's usually the most secure
15:02 Reverend so if you're running scripts that have access to -all- of your DB's, you want that as secure as possible.
15:02 Reverend make your script perm:700 and root:root
15:03 DammitJim *sigh*
15:03 Reverend as I said, the alternative for persistent backups is to set up mysql replication, which isn't actually -that- hard.
15:04 cyborg-one joined #salt
15:06 xmj replication doesn't replace backups
15:06 xmj you could fuck up a server, have it replicated to the second one, and... you look like an idiot :-)
15:06 Reverend true.
15:07 Reverend http://i.imgur.com/c7NJRa2.gif
15:07 Reverend zzzz
15:09 catpig joined #salt
15:11 tiwula joined #salt
15:12 onlyanegg joined #salt
15:15 tapoxi joined #salt
15:18 mrueg joined #salt
15:19 cscf Very similar to how RAID isn't backups
15:19 jimklo joined #salt
15:21 pkoch cscf: Not sure I totally understood your wording, but I'd like to tell salt that one of the custom grain providers needs boto to be there.
15:21 pkoch I'm ok if it always installs it in every minion.
15:22 lovecraftian joined #salt
15:22 lovecraftian joined #salt
15:23 racooper joined #salt
15:23 rem5_ joined #salt
15:23 edrocks joined #salt
15:26 Sandlayth left #salt
15:29 Cadmus A MySQL replica is a good place to take a backup from though, as you can lock it or stop it with gay abandon
15:31 synical joined #salt
15:31 StolenToast this morning I am suddenly getting repeated "bad load from minion" errors and almost eveything I try to run times out
15:31 StolenToast this might be some really bad node (as googling suggests) but I don't have a way to find out which
15:31 StolenToast anyone encountered this? https://github.com/saltstack/salt/issues/29029
15:31 saltstackbot [#29029][OPEN] Feature request for 'Bad load from minion' logging IP of minion | I am seeing the below error message in my master's log file:...
15:35 BattleChicken joined #salt
15:36 cscf pkoch, if you're ok with installing it on every minion, why not just add to the packages installed by default on all minions?
15:53 pkoch cscf: I'm ok with it being transmitted with the thin to every minion, I'm not ok with having it in the global site-packages.
15:53 pkoch Mostly a matter of hygiene.
15:54 BattleChicken1 joined #salt
15:55 BattleChicken1 left #salt
15:58 edrocks joined #salt
15:59 woodtablet joined #salt
16:00 jas02 joined #salt
16:04 pipps joined #salt
16:08 beowuff joined #salt
16:09 armonge joined #salt
16:11 Trauma joined #salt
16:11 hasues joined #salt
16:11 hasues left #salt
16:14 onlyanegg joined #salt
16:15 jenastar joined #salt
16:18 sjorge joined #salt
16:21 subsignal joined #salt
16:25 sgo_ joined #salt
16:26 brotatochip joined #salt
16:27 prg3 Is there a way to run a highstate and only tell me what changed or failed, and ignore the successes?
16:32 edrocks joined #salt
16:37 lero joined #salt
16:45 edrocks joined #salt
16:47 hasues joined #salt
16:49 DEger joined #salt
16:52 pppingme joined #salt
16:52 swa_work joined #salt
16:53 cscf prg3, I've been looking for this too
16:54 hasues left #salt
16:55 cscf prg3, one would think that -l quiet would do it, but it has no effect for me.
16:56 prg3 yeah, all the things I've tried have not worked.
16:57 teryx510 joined #salt
16:57 prg3 I think however I'll wait a bit to see if anyone else responds before I go digging into code... plus.. gotta finish the task I'm working on first.
16:57 morissette joined #salt
17:00 bowhunter joined #salt
17:01 jas02 joined #salt
17:03 bocaneri joined #salt
17:07 subsignal joined #salt
17:11 frew1 I'm trying to debug a reactor and some of the if expressions are not working as expected; is there a way I can tell salt to print out each line or something as it renders?
17:13 mikecmpbll joined #salt
17:14 Aleks3Y joined #salt
17:18 sjorge joined #salt
17:19 bbbryson joined #salt
17:20 numkem joined #salt
17:22 Edgan joined #salt
17:29 oliver_are joined #salt
17:29 nicksloan joined #salt
17:30 johnkeates joined #salt
17:30 jenastar joined #salt
17:32 frew1 I'm trying to do a file.managed in a reactor; is there a reason that shouldn't work?
17:36 schemanic_ joined #salt
17:36 schemanic_ hi
17:37 schemanic_ Why doesnt salt-cloud support targeting the way salt does?
17:38 cmarzullo salt-cloud is for provisioning. while salt is for state and module execution.
17:39 schemanic_ cmarzullo, I get that, but there are things like stopping and starting nodes that seem like they should be able to target minions the same way salt does
17:39 schemanic_ am I to understand that salt-cloud lets me stop non-salted things?
17:41 cmarzullo You could try to use the cloud states. (I have not) https://docs.saltstack.com/en/latest/ref/states/all/salt.states.cloud.html
17:41 pfallenop joined #salt
17:42 cmarzullo Or you can use the execution modules: https://docs.saltstack.com/en/latest/topics/cloud/salt.html
17:49 pfallenop joined #salt
17:51 patvz joined #salt
17:52 StolenToast when I start a master with debug logging I see a lot of "including config..." lines, does it have to load that config file for every worker thread?  I set 10
17:52 StolenToast it seems to do this way more than 10 times per message
17:55 pfallenop joined #salt
17:55 pipps joined #salt
18:00 brotatochip joined #salt
18:00 pfalleno1 joined #salt
18:01 StolenToast I've reduced my whole environment to one minion and running a state on it hangs on "Initializing new SAuth"
18:01 StolenToast salt utilities, like test.ping or listing grains will return quickly
18:01 Rolypoly joined #salt
18:02 jas02 joined #salt
18:02 StolenToast the master seems to compile the highstate for it and then kind of forget what it was doing and moves on to routine tasks
18:04 patvz ahoy ahoy, working with docker.running am consistently getting error "NotFound: 404 Client Error: Not Found ("open /var/lib/docker/containers/<ID>/hostconfig.json: no such file or directory")" when i tried to update the container version being used
18:04 pipps joined #salt
18:05 patvz running docker version 1.11 we see this while 1.9 does not, any idea as a temp workaround to get these running?
18:09 sjorge joined #salt
18:10 StolenToast so if I run a state from a minion: the master clearly tries to respond, it compiles the pillar, then there is no further action
18:10 StolenToast the minion will time out
18:12 StolenToast occasionally a stragling a node will wake up and ping the master, at which point I get "failed to authenticate message" and "bad load from minion"
18:14 heewa joined #salt
18:14 StolenToast it's in open mode and automatically accepting these keys, how can it do that and then fail to authenticate using the key it just generated?  maybe the master key is different somehow?
18:14 sjorge joined #salt
18:15 frew1 I'm trying to ping a minion from inside of a salt state; should I be able to salt.test.ping(minion_id) somehow?
18:19 frew1 or really waht I want is to be able to see if a minion is alive
18:20 StolenToast well that solved the "failed to authenticate message" but had no effect on my real problem
18:20 StolenToast how can I tell what ports the master is using to try to communicate with the minion?
18:27 StolenToast so it published out of 4505 and 4506 to receive results, does this sound right?
18:27 pipps joined #salt
18:27 cscf StolenToast, the minion establishes the connection, not the master.
18:28 StolenToast and it listens for those on 4505 or 4506?
18:28 StolenToast little confused by the terminology
18:28 StolenToast all my port-related settings are default
18:31 cscf StolenToast, do your master/minion versions match?
18:32 StolenToast they do, as far as I know nothing has changed configuration-wise on either, too
18:33 GreatSnoopy joined #salt
18:34 StolenToast if I try to run a state the last thing the master says related to that is "got return from <host> for job <jid>", but looking up that jid has no information at all
18:34 StolenToast then the minion times out
18:35 cscf frew1, if you want to make sure that a minion is up before running a state, you can use salt orchestration.
18:36 frew1 yeah
18:36 frew1 I'm sorta going down that path now
18:36 pfallenop joined #salt
18:36 pfallenop joined #salt
18:36 frew1 I was going to use runners.manage.alived
18:36 frew1 does that make sense?  And are there any handy examples of how to do that in a state?
18:40 pipps joined #salt
18:42 frew1 cscf: yeah I am not sure how to access the information made available in salt.runners.manage from within a state
18:44 fxdgear joined #salt
18:45 lero joined #salt
18:46 brotatochip joined #salt
18:51 numkem joined #salt
18:56 pipps joined #salt
18:56 cscf frew1, learning salt orchestration is still on my TODO list, sorry
19:03 jas02 joined #salt
19:06 StolenToast ok I think I may have found something
19:06 StolenToast when running a state from the master the minion, the master has a line that looks like this: [DEBUG   ] Initializing new AsyncZeroMQReqChannel for ('/etc/salt/pki/master', 'qcdi1401.jlab.org_master', 'tcp://127.0.0.1:4506', 'clear')
19:07 StolenToast if that's a piece of data passed to the minions for them to use to connect then no wonder '127.0.0.1' breaks the network communication
19:07 edrocks joined #salt
19:07 StolenToast but is that what's going on?  And where might that come from?
19:08 StolenToast if the minion runs a state then that field is occupied by the address of the master
19:09 StolenToast s/master the minion/master
19:12 writteno1 joined #salt
19:16 keimlink joined #salt
19:16 pipps joined #salt
19:20 woodtablet left #salt
19:26 debian112 anyone using salt mine?
19:27 seanacais joined #salt
19:28 seanacais joined #salt
19:28 StolenToast I would super appreciate any input https://gist.github.com/anonymous/a9e533a2646b70429b00287fd6245b6b
19:32 jenastar joined #salt
19:35 LeProvokateur joined #salt
19:38 cscf debian112, ask your real question, don't ask to ask
19:41 seanacais joined #salt
19:42 viq cscf: well, they could be conducting a survey ;)
19:43 pipps joined #salt
19:45 sjorge joined #salt
19:48 debian112 cscf: I was checking to see, if no one is running then no need to asked the question.
19:49 cscf debian112, that's not how it works on IRC.  If you have a question, you ask it.
19:49 pipps joined #salt
19:49 cscf It already takes 10 min or more to get an answer sometimes, no need to add 2 round-trips.  And so many people will not respond to "survey" questions
19:51 debian112 ok, so I am trying to get salt mine running, is there a way to call it from salt-call?
19:51 teryx510 joined #salt
19:52 viq sure, but since mine lives on master you need to have one and communication with it
19:52 debian112 I've been looking at this, but still not able to get going: https://docs.saltstack.com/en/latest/topics/mine
19:53 viq debian112: so what have you done so far?
19:54 dyasny joined #salt
19:55 debian112 added pillar: http://paste.debian.net/848911/
19:56 debian112 activated in top.sls under pillar
19:56 viq debian112: does your minion see it?
19:56 viq pillar.item
19:57 debian112 yes
19:58 viq then "salt minion mine.update" and "salt minion mine.get minion network.ip_addrs"
19:59 viq or "salt-call mine.update" and "salt-call mine.get minion network.ip_addrs"
20:00 StolenToast if I run a state from teh salt master to the minion running on that same master I still get "SAuth" hangs and "reqtimeouts"
20:01 StolenToast how is that possible???
20:01 StolenToast some auth mismatch, but I've regenerated both master and minion keys
20:02 debian112 ok viq: I can pull my local address, but not other servers?
20:02 gtmanfred you should be able to pull the address of any server that is reporting in
20:03 dyasny joined #salt
20:03 jas02 joined #salt
20:05 debian112 crap, I got to call in for an interview I will be back
20:07 cyborg-one joined #salt
20:09 edrocks joined #salt
20:09 om joined #salt
20:09 lero joined #salt
20:12 bluethundr joined #salt
20:12 bluethundr hey guys
20:13 bluethundr I need to be able to create amazon VPC's using salt
20:13 bluethundr and I found this module
20:13 bluethundr https://docs.saltstack.com/en/latest/ref/states/all/salt.states.boto_vpc.html
20:13 bluethundr my question (so far) is a simple one
20:13 bluethundr what directory does the config file for this belong in?
20:13 gtmanfred where all your salt states go
20:13 bluethundr would it be in /etc/salt/cloud.providers.d?
20:13 bluethundr oh
20:13 gtmanfred https://docs.saltstack.com/en/latest/topics/tutorials/starting_states.html
20:13 bluethundr I'm new to salt states and salt in general
20:13 bluethundr ok
20:14 bluethundr thank you
20:14 bluethundr I'll check out the docs
20:14 gtmanfred yeah, once you follow that, then the settings for boto go in /etc/salt/master or minion or pillar stuff
20:15 hoonetorg gtmanfred: any new on keystone v3 support for salt???
20:15 gtmanfred it is in carbon
20:16 hoonetorg oh yeah
20:16 gtmanfred yar
20:16 hoonetorg :)
20:16 hoonetorg then we need a bit rewrite of keystone-formula
20:17 hoonetorg :scream:
20:17 hoonetorg good to know it's neafr
20:20 gtmanfred yar, and i am working on getting the testing suite up to run for all the openstack stuff
20:22 frew1 ok so I'm trying to run some code in a state (which only runs on the master, being called by a reactor by runner.state.orchestrate) and I want to do something different based on if a specific minion is up or not
20:22 nidr0x joined #salt
20:22 frew1 I assumed I could test.ping, but that's actually not a state, and I Was also pointed at salt.runners.manage, but I don't see how or even if that is exposed in a state
20:22 frew1 any ideas?
20:23 bluethundr ok cool gtmanfred
20:23 gtmanfred frew1: the orchestrate is on the master, so you could do a {%- if 'minionname' in salt['manage.up']()['up'] %} and pass that information through something
20:23 frew gtmanfred: trying now
20:24 wendall911 joined #salt
20:24 frew `Rendering SLS 'base:orch.zr_authenticate' failed: Jinja variable 'salt.utils.templates.AliasedLoader object' has no attribute 'manage.up'` :(
20:24 GreatSnoopy joined #salt
20:25 gtmanfred are you trying to do this in a salt orchestrate file?
20:26 gtmanfred and it would be
20:26 gtmanfred {%- if 'minionname' in salt['manage.up']() %}
20:26 heewa Can anyone help me understand how pillar files get templated when working with a master? Specifically using grains in templating pillar files. When I check a pillar item from the minion with `salt-call pillar.get key` I get one value, but from the master if I do `salt ‘minion-id’ pillar.get key` I get a different value.
20:27 frew it's a state that runner.state.orchestrate calls; and yes, that's almost exactly what I'm doing (except I'm doing not in, but I might switch it anyway
20:27 gtmanfred hrm, then i don't know, that should have the runners available in it
20:27 frew gtmanfred: is that or is that not an orchestrate file? (I really don't know)
20:27 heewa The value is something like `key: {% if grains.get(‘grain_key’) == ‘grain_value’ %}a{% else %}b{% endif %}`
20:28 gtmanfred heewa: IMO, it is better to use seperate pillar files, and targeting to do the splitting here, instead of trying to template pillars using grains
20:28 gtmanfred cause half the time it works and the other half it doesn;'t
20:28 gtmanfred what it does is the master uses the grains cache that the minion reported back last to try and template the file using grains
20:28 heewa Ugh. Thanks. That’s a bummer, though. Cuz I have grain-overrides sprinkled throughout pillar files. So now I need to duplicate a bunch of them to override a few keys
20:29 heewa oof! Ok, that makses sense, though. Grains aren’t really supposed to change.
20:29 gtmanfred heewa: why not just use map.jinja files in your states?
20:29 gtmanfred like they do in formulas, and override the pillars with that
20:29 heewa Oh, I haven’t gotten around to modernizing like that, haha!
20:29 heewa I’m doing salt like I have been for like 4 years :)
20:29 gtmanfred you should, it is super awesome
20:29 heewa yea yea, kids and their new shiny tech...
20:30 gtmanfred the grains.filter_by module is super good
20:30 whytewolf map.jinja has been around for about 3 ;)
20:30 gtmanfred :P
20:30 whytewolf 0/
20:30 frew gtmanfred: is there a way I could like, print what's in the salt variable?
20:31 frew gtmanfred: just in case I'm inexplicably misspelling it
20:31 gtmanfred uhh, it is just a dictionary, so i would imagine if you do a file.managed and put {{salt}} in the file with template: jinja, it should print out the object
20:31 frew let's see.
20:32 gtmanfred I gotta go do something else, so unfortunately i won't be able to help any longer
20:32 frew ah well
20:32 frew thanks for trying
20:35 whytewolf since manage.up is a runner shouldn't that be salt.saltutil.runner('manage.up')
20:36 subsignal joined #salt
20:40 west575_ joined #salt
20:40 jas02 joined #salt
20:42 edrocks joined #salt
20:43 heewa_ joined #salt
20:45 viq debian112: if you don't put a mine_interval in there then you need to run mine.update manually on every host for which you want the data
20:46 StolenToast I run a state, it hangs on Initializing new SAuth
20:47 StolenToast the port it tries to use is open, I tested it
20:49 StolenToast it seems that right after it's communicated that a state needs to be run there is no further contact
20:49 StolenToast the minion times out trying to download the sls or something...
20:50 frew whytewolf: I didn't know I should be trying that, let's see
20:52 frew whytewolf: no manage.up in the runner function object
20:52 frew oh wait I used [] not ()
20:56 frew whytewolf: woo progress
20:56 edrocks joined #salt
20:56 whytewolf progress is good
20:56 frew ti call to manage.up is kinda expensive, but it's already gated on some other checks so it should be "Rare"
20:56 joe joined #salt
20:57 nixjdm joined #salt
20:59 subsignal joined #salt
20:59 StolenToast what's the difference between the master sending the result of a grains query and the master sending the result of a compiled sls?
21:00 StolenToast one works, one doesn't, is it a different port?
21:01 west575 joined #salt
21:04 gtmanfred joined #salt
21:07 whytewolf StolenToast: not sure what you mean by "sending result of a compiled sls"
21:07 scoates joined #salt
21:07 whytewolf or "grains query"
21:09 whytewolf the only sls compiled on the master are the pillar sls files
21:09 StolenToast so the minion asks the master for the state I specified, but the master has to render the jinja first, THEN sends it down, right?
21:09 StolenToast oh
21:09 whytewolf no. the minion downloads the state file with jinja intact and renders the jinja on it's side
21:10 StolenToast and I mean running grains.item always works
21:10 StolenToast ok well either way I think it is failing to download the sls
21:10 whytewolf and you have both ports open on the master?
21:10 whytewolf 4505 and 4506
21:10 StolenToast 4505 and 4506
21:11 StolenToast yeah
21:11 whytewolf what do you see when you run salt 'minion' cp.list_master
21:12 debian112 viq thanks all working now
21:15 StolenToast whytewolf: run that where?
21:15 StolenToast also my buddy just noticed that it will pretty consistently do 3 pings to a minion, then fail to return the fourth
21:15 whytewolf StolenToast: that would be on the master. salt-call cp.list_master would be from the minion
21:15 whytewolf that sounds like bad network
21:15 StolenToast oh I misunderstood what you meant by 'minion', the target
21:16 StolenToast that's what I've been telling eveyone but they don't believe me ,_,
21:16 whytewolf net admins take a lot of proof to get to do their jobs :P
21:17 whytewolf I used to have to beat mine over the head with ping tables and traceroutes. and tcpdumps until they understood their network was crap
21:18 StolenToast I ran the command twice
21:18 jas02 joined #salt
21:18 StolenToast first time the master was "unresponsive" and the second time it simply failed to output
21:18 StolenToast I can paste a log if you think it'd be useful
21:19 whytewolf at this point i don't think it is salt i think it is your network isn't reliable enough to pass pasta
21:20 jas02 joined #salt
21:20 StolenToast damn, the network trolls are gone for teh weekend
21:21 whytewolf if your lucky the problem is someone elses server is causing a pactet storm and you can find and stop it with out the help of the network team.
21:24 whytewolf track down any possable network issues in your own hardware first.
21:24 whytewolf other wise network trolls will eat you alive
21:24 frew this is bizarre
21:24 frew I Have a state that works most of the time, but sometimes it says that a variable didn't get passed in: https://gist.github.com/frioux/de3b2c1c5e7fbfea979b59f0f1df3cd6
21:25 frew let me attach the state too to be more clear
21:25 frew so here's the weird thing
21:25 frew line 12 of the state works
21:25 frew but line 31 fails with the error above
21:25 frew anyone see anything I'm doing stupid?
21:26 whytewolf am i missing something. line 12 is file.managed
21:26 frew yeah, so is 31
21:26 frew the problem in the error is regarding the pubkey passed to contents
21:26 frew it works for the first file.mananaged, but not the second one
21:27 frew mananananaged
21:30 jas02 joined #salt
21:31 StolenToast whytewolf: this is incredibly stupid
21:31 StolenToast incredibly
21:32 StolenToast I found what it was...
21:32 StolenToast you can't have symlinks in a folder in the salt environment
21:32 StolenToast ヽ(#`Д´)ノ ︵ ┻━┻
21:32 whytewolf really? huh I have before
21:32 whytewolf never had a problem with it
21:34 StolenToast Ihave no idea why I never got this "possibly dangling symlinks?" debug message before just now
21:34 StolenToast I only found it because I swapped to a whole new master and tried to run a single test node
21:35 StolenToast though incredibly teh symlinks AREN'T dangling
21:35 StolenToast they are valid and followable
21:35 whytewolf frew: I'm not seeing where the problem is with that code. but i am also not seeing the whole picture. it is possable the data event is not passing in a pubkey
21:35 whytewolf StolenToast: are they fixed or referal?
21:35 StolenToast tbh I don't know
21:36 frew wah wah
21:36 StolenToast my co-admin created them and I copied
21:36 frew whytewolf: I typo'd the key in the json I'm building by hand while testing
21:36 whytewolf frew: Doh!
21:36 frew I am also getting an error about wheel.key not being avaialble?
21:37 frew I can get around that by using more file.managed but it seems like I should use wheel.key when possible
21:39 mavhq joined #salt
21:39 whytewolf frew: wheel.key isn't a module. or a runner. you need to use saltutil.wheel
21:39 frew oh sorry
21:39 whytewolf https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.saltutil.html#salt.modules.saltutil.wheel
21:40 frew yeah sorry
21:44 racooper howdy.  Is there a way with grains.list_present to replace set grains, instead of append?
21:46 jas02_ joined #salt
21:48 StolenToast what an incredibly strange series of issues to be caused by the existence of symlinks...
21:48 frew whytewolf: I can't remember or find in the jinja docs what tag to use to call the reject runner; I initially tried {%- do salt.salutil.... %}; do you remember?
21:48 StolenToast cuz it wasn't just one thing, it was a whole slew of suspicious and intermittent errors and behaviors
21:49 frew oh maybe call
21:49 frew ... or maybe not
21:51 whytewolf salt.saltutil.runner("runner to run","arg 1 for runner")
21:51 subsignal joined #salt
21:52 alwaysatthenoc joined #salt
21:54 Doug__ joined #salt
21:54 haam3r joined #salt
21:54 zulutango joined #salt
21:54 whytewolf racooper: no, grains.list_present will not do that. if you need a grain replaced you need to use grains.present.
21:57 racooper that's what I thought, thanks for confirming
21:57 frew whytewolf: https://gist.github.com/frioux/f5242383ec7d13e026710f18ab19824b; for some reasont he logic on line 19 is wrong.  My guess is that it's the logic of setting found_ip (line 9-14.)  Do you know the right way to set a variable like that?
21:58 frew I... I wodner if I could jsut call the python filter methods
21:58 whytewolf found_ip = true
21:59 whytewolf or false
21:59 frew ok
21:59 jas02 joined #salt
21:59 frew still doesn't seem to work
21:59 frew though maybe it's for some other reason
22:00 frew well I have a meeting, thanks for your help!
22:04 jaybocc2 joined #salt
22:07 Doug__ Hi, I'm fairly new to Salt and I am trying to get a highstate to run after a minion is spun up using salt-cloud.  The block I've run into is that 'salt/cloud/*/created' does not kick off the orchestration nor log any errors.  'salt/minion/*/start' does work but it has a couple issues.  First, the highstate starts before the bootstrap completes so the first couple of states fail unless I add a sleep to the orchestration.
22:07 Doug__ Second, the states of the highstate complete successfully on the minion but the job itself never finishes and I have to manually kill the highstate job.  Having the orchestration only start once at bootstrap is ideal.
22:08 Doug__ Here's my config:    https://gist.github.com/dougofthemoment/071ed1ce44e66d028c3bf3a168c95879
22:09 whytewolf Doug__: that is strange. salt/minion/*/start only triggers when a minion [any minion] is started which should only happen after a bootstrap.
22:10 whytewolf salt/cloud/*/created happens when salt-cloud has created a minion [which might be before the minion is bootstraped]
22:10 Doug__ salt/minion/*/start does start successfully after the boot strap, its the salt/cloud/*/created that doesn't start after bootstrap
22:11 Doug__ Ah...so it doesn't see the minion yet to execute the highstate?  What is the preferred method to highstate a newly salt-cloud created vm?
22:12 whytewolf salt/minion*/started
22:12 whytewolf or there is a way to have saltcloud kick off a highstate. iirc
22:13 Doug__ Is there any way to have the highstate only run once after the vm creation?  with salt/minion/*/start(ed) it would do it every reboot
22:14 whytewolf well, honestly highstates should be able to be run anytime if they are created correctly. they are meant to be a stateful way of refereing to a system.
22:15 whytewolf BUT. what you can do is have the orch add a grain at the end that labels the minion
22:15 whytewolf and use jinja to just not run that reactor if the grain exists
22:16 Doug__ Ok that sounds like a good idea.  Yes, back in the Puppet days everything was designed to work that way but with Salt some people here have gotten used to selectively pushing states sometimes so I'm not always sure if its still safe to highstate!
22:17 whytewolf slap hands of anyone that is just pushing states and not keeping the top file in order
22:18 Doug__ Haha, yeah I do try to
22:26 jas02 joined #salt
22:30 armonge joined #salt
22:35 MTecknology I forgot.. does master-syndic need to be running on the master of masters or only subordinate masters?
23:00 pipps joined #salt
23:01 aagbds joined #salt
23:03 edrocks joined #salt
23:03 jdipierro joined #salt
23:10 keimlink_ joined #salt
23:25 Doug__ So far I cannot get the startup sls to let me use a custom grain in Jinja.  I can use any of the included grains but not the custom one.  The custom one gives me: failed: Jinja variable 'dict object' has no attribute.  I can see the grain easily using grains.item however.
23:28 promorphus joined #salt
23:30 amontalban joined #salt
23:30 amontalban joined #salt
23:31 johnkeates left #salt
23:31 haam3r joined #salt
23:35 jimklo_ joined #salt
23:35 Klas joined #salt
23:37 jas02 joined #salt
23:53 incog joined #salt
23:58 jdipierro joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary