Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2016-10-19

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:18 noraatepernos joined #salt
00:28 noraatepernos joined #salt
00:32 flowstate joined #salt
00:36 afics joined #salt
00:48 jas02 joined #salt
00:58 ekristen joined #salt
01:04 edrocks joined #salt
01:06 raspado joined #salt
01:27 theanalyst joined #salt
01:33 flowstate joined #salt
01:34 shakalaka joined #salt
01:36 mpanetta_ joined #salt
01:36 alexhayes joined #salt
01:39 sh123124213 joined #salt
01:41 sh123124213 joined #salt
01:49 jas02 joined #salt
01:58 catpigger joined #salt
01:59 cliluw joined #salt
02:05 Lionel_Debroux_ joined #salt
02:08 flowstate joined #salt
02:08 sh123124213 joined #salt
02:13 Lionel_Debroux joined #salt
02:16 justanotheruser joined #salt
02:24 bmccormick joined #salt
02:27 netcho joined #salt
02:49 jas02 joined #salt
02:53 evle joined #salt
02:57 sh123124213 joined #salt
03:06 edrocks joined #salt
03:09 flowstate joined #salt
03:10 vodik joined #salt
03:28 netcho joined #salt
03:30 |aaron AttributeError: 'module' object has no attribute 'x509v3_lhash' when calling x509.certificate_managed? almost seems like it wants the python3 version of m2crypto? anyone know what that error is about?
03:48 frew joined #salt
03:50 jas02 joined #salt
03:59 DEger joined #salt
03:59 Ni3mm4nd joined #salt
04:05 Ni3mm4nd joined #salt
04:07 sarlalian joined #salt
04:07 Salander27 joined #salt
04:07 Salander27_ joined #salt
04:08 flowstate joined #salt
04:14 |aaron oh no it needs an older version of m2crypto i think
04:16 subsignal joined #salt
04:17 |aaron 0.24.0 or earlier
04:28 Zachary_DuBois joined #salt
04:30 netcho joined #salt
04:44 alexhayes joined #salt
04:51 jas02 joined #salt
05:00 alexhaye1 joined #salt
05:07 edrocks joined #salt
05:08 flowstate joined #salt
05:20 raspado joined #salt
05:21 jas02 joined #salt
05:27 samodid joined #salt
05:31 netcho joined #salt
05:35 jas02 joined #salt
05:36 jas02 joined #salt
05:48 aidin joined #salt
05:52 jas02_ joined #salt
05:58 antpa joined #salt
05:58 antpa joined #salt
05:59 Elsmorian joined #salt
06:00 DEger joined #salt
06:02 bocaneri joined #salt
06:02 jas02 joined #salt
06:04 zer0def joined #salt
06:04 DarkKnightCZ joined #salt
06:10 flowstate joined #salt
06:16 antpa joined #salt
06:22 jas02_ joined #salt
06:28 nidr0x joined #salt
06:30 DEger joined #salt
06:32 netcho joined #salt
06:34 zulutango joined #salt
06:39 honestly does anyone have a vim syntax file for .sls (yaml+jinja) files?
06:40 s_kunk joined #salt
06:42 honestly oh, there is an official one: https://github.com/saltstack/salt-vim
06:43 cyteen joined #salt
06:53 jas02 joined #salt
06:53 honestly Works great (:
07:03 m4rx joined #salt
07:09 edrocks joined #salt
07:10 flowstate joined #salt
07:11 antpa joined #salt
07:14 samodid joined #salt
07:16 haam3r joined #salt
07:17 deus_ex joined #salt
07:26 fmartin joined #salt
07:31 sgo_ joined #salt
07:33 netcho joined #salt
07:35 fmartin Hi everyone
07:36 cDR potatoface, No I filed and issue for this
07:37 Elsmorian joined #salt
07:37 jhauser joined #salt
07:38 fmartin I would like to know what else could be causing network issues between salt-master and salt-minion(s) besides 4505 and 4506 TCP. Because I'm being able to run successfuly test.ping and test.version but with long-running commands such as test.rand_sleep I'm getting No Response errors.
07:38 fmartin More details here... http://stackoverflow.com/questions/40114549/no-response-from-minion-with-long-running-commands
07:38 jp47itc joined #salt
07:39 hemebond fmartin: Do you get a No Response error even when you increase the wait time?
07:40 hemebond https://docs.saltstack.com/en/latest/ref/cli/salt.html#cmdoption-salt-t
07:40 keimlink joined #salt
07:41 tristianc joined #salt
07:43 fmartin No, with higher timeout than max rand_sleep (60 by default) I do get answer
07:44 fmartin for instance: salt 'minion01' test.rand_sleep -t 100
07:44 fmartin but... I'm using the same configuration in so many other environments and I never needed to increase default timeouts
07:45 hemebond Same minion version?
07:45 hemebond Same server specs?
07:45 fmartin yes, 2015.8.8 everywhere
07:46 _KaszpiR_ joined #salt
07:47 fmartin and well... servers changes across platforms but let's say I have found success trying all of them
07:47 fmartin in this problematic scenario, salt-master is running under CentOS 6 and salt-minion under Solaris10
07:47 fmartin but in other environment this (CentOS <-> Solaris) is working fine
07:50 hemebond Have you tried watching the master and minion in debug mode to see where the delay is?
07:50 hemebond Are you sure the delay is in the returning of the result?
07:51 fmartin When running in debug mode with no -t flag this is the last line i see before LazyLoaded no_return.output
07:51 fmartin "[DEBUG   ] Initializing new AsyncZeroMQReqChannel for ('/wodsat/salt/pki/master', 'sh130mon01b.sh130_master', 'tcp://127.0.0.1:4506', 'clear')"
07:54 jas02 joined #salt
07:58 sh123124213 joined #salt
08:03 babilen fmartin: Might be worth a try to run the job asynchronously and check if it returns successfully in the end
08:04 fmartin I was thinking about it too, I'll give it a try right now
08:04 babilen The two times I've seen this it turned out to be a network issue (network people forgot to set correct MTU on one interface in both cases)
08:07 netcho joined #salt
08:08 Guest222 joined #salt
08:09 flowstate joined #salt
08:13 Rumbles joined #salt
08:19 jas02 joined #salt
08:19 evle1 joined #salt
08:23 mikecmpbll joined #salt
08:24 N-Mi joined #salt
08:30 raspado joined #salt
08:33 jas02 joined #salt
08:33 fmartin I got no response either when using --async flag
08:34 jas02 joined #salt
08:38 sh123124213 joined #salt
08:45 dcpc007 joined #salt
08:45 dcpc007 Hi all ! /  Bonjour à tous
08:46 sh123124213 joined #salt
08:51 dcpc007 I'm looking for trying salt in a small/medium environment (about 50-75 server and maybe 10-20 computers). Can i find a "short" tutoriel or doc on how to start test using it with a few basic configurations and standard operations ?
08:51 babilen dcpc007: https://docs.saltstack.com/en/getstarted/
08:51 dcpc007 need are like install or check packages, change / enforce owner/group/rights on some folders,
08:52 dcpc007 yes i'm on it, full of plenty full pages with "you can do 300 things while using 10 methods and 30 type of storing data/metadata, pillars,
08:53 dcpc007 i can't pass 3 days to read a first small try of all what are we able to do
08:53 dcpc007 sclaling up 30000 servers ... ok .. i want 50
08:54 AndreasLutro what have you been reading exactly?
08:54 dcpc007 i start looking the first "beguiners" docs, it shows diagram more complex than the more complex onf our application internal
08:54 dcpc007 https://docs.saltstack.com/en/getstarted/system/plugins.html
08:54 dcpc007 it's really really good to have all this after i think
08:54 jas02_ joined #salt
08:55 AndreasLutro skip to https://docs.saltstack.com/en/getstarted/system/execution.html if you're impatient I guess
08:55 dcpc007 but i just want to see if possible to try make a sandbox with 2-3 vm to get a look for me, then show some very basic usages to management and get time to look more after
08:56 dcpc007 other method to say : currently i don't want to know exactly and deeply what are all possibilities, but have the main uses and how to do 3-4 classic jobs
08:57 hemebond Install the master and minions
08:57 hemebond Play around running execution modules against the minions.
08:57 fmartin babilen,,, both machines (master and minion) and the only single network element they have to cross (internal firewall) have set their MTU to 1500
08:57 fmartin what else could be?
08:57 dcpc007 yes on my road (on debian 7), will use the salt repo, debian7 repos are not available (only backport and already old on debian8 stable)
08:58 hemebond debian 7 repos not available?
08:58 hemebond You're using http://repo.saltstack.com/#debian yeah?
08:59 dcpc007 for debian7 you have to take the backport from jessie, which is only v2014 if i remember, and see some notes about complications if future upgrade of debian+salt
08:59 dcpc007 then, even if i don't like to take external repo, i'll try to use the v2016
08:59 dcpc007 i spoke about debian official repo
09:00 babilen There are wheezy packages
09:00 hemebond Well, that's the official and supported repo.
09:00 M-liberdiko joined #salt
09:00 dcpc007 not from debian
09:00 hemebond No, by SaltStack.
09:00 babilen dcpc007: We don't provide packages in wheezy-backports
09:00 dcpc007 debian does
09:00 babilen (We = Debian)
09:01 babilen Well, I meant "We don't upload new versions to wheezy-backports"
09:01 dcpc007 https://packages.debian.org/search?keywords=salt-minion
09:01 babilen dcpc007: I'm well aware of what is being packaged (check the changelog.Debian.gz of those packages)
09:02 dcpc007 yes, and very old for salt i think. it evolve quickly -(gg :) )
09:02 Mads[m] joined #salt
09:02 M-MadsRC joined #salt
09:02 saintaquinas[m] joined #salt
09:02 freelock[m] joined #salt
09:02 dnull[m] joined #salt
09:02 babilen For wheezy I'd recommend to use Saltstack's packages. For jessie you can use jessie-backports (which we'll try to keep in sync as soon as new versions make it into stretch/testing) or the Saltstack repositories
09:03 dcpc007 yes taht's what i see, but think we'll not upgraede to jessie soon :-(
09:03 dcpc007 hum, grains is like identity card of the node ?
09:03 babilen Saltstack packagers (well, the automatically built packages) sync their packaging with Debian's every now and then and there might be some other small differences (e.g. we happily cherry-pick some patches if necessary)
09:03 dcpc007 ha cool news
09:04 babilen I don't think that we'll manage to get up to date packages into wheezy-backports anytime soon, so I'd stick to the packages from Saltstack
09:04 dcpc007 hope not too much deps problems between latest salt package avaibale and stable wheezy ones (will see soon :) i'll try to finish my test vm during lunch today)
09:05 babilen aye
09:05 hemebond Are all Salt dependencies pure Python modules/libraries?
09:06 AndreasLutro depends how you define pure
09:06 AndreasLutro pretty sure msgpack has some compiled C stuff
09:07 alexhayes joined #salt
09:07 babilen hemebond: The 0mq stuff isn't pure Python and there are others I'm sure
09:07 hemebond Ah, thought so.
09:08 dcpc007 is python 2.7.3 ok (default installed on wheezy)
09:09 flowstate joined #salt
09:09 dcpc007 i had so many problems on centos6 computers when users ask me to add 2 versions on top of the default system python installed ..
09:09 dcpc007 (and with centos system tools written in python :) )
09:10 lovecraftian joined #salt
09:10 lovecraftian joined #salt
09:10 babilen dcpc007: It's okay, yes
09:11 edrocks joined #salt
09:16 dcpc007 ok cool, back to work, will try during lunch
09:16 dcpc007 https://packages.debian.org/search?keywords=salt-minion
09:16 dcpc007 oups
09:17 dcpc007 hey for info i find this for example on a "quick working" tutorial, but old version  : https://blog.talpor.com/2014/07/saltstack-beginners-tutorial/
09:18 dcpc007 quick infos on the main principes and some basics configs (even if already using pillars jinja commands (?) and maybe more, not read all still)
09:18 bluenemo joined #salt
09:19 jas02 joined #salt
09:26 jas02 joined #salt
09:26 codehotter I have a state that creates an RDS server. Next I have a state that needs to create the route53 entry based on whatever the endpoint was that was autogenerated by amazon
09:26 codehotter is there a way to use the return value of one state as parameter to another?
09:26 codehotter how do I do that?
09:28 codehotter I could call the rds creating state from jinja...
09:28 codehotter but is that really how you're supposed to do it?
09:31 babilen codehotter: You can't use the return of one state as input to another and you'll have to expose that information in another way
09:31 codehotter I could split them into two different files
09:31 codehotter then I could use jinja to retrieve the endpoint from the previous state run
09:31 babilen (e.g. custom grain, a custom execution function that you call in the state, querying some API, ....)
09:32 ivanjaros joined #salt
09:32 babilen How would you retrieve it?
09:33 ivanjaros3916 joined #salt
09:37 sgo_ joined #salt
09:41 DEger joined #salt
09:42 codehotter there's a get_endpoint execution module
09:42 codehotter basically what you said
09:43 codehotter except it already exists
09:50 _aeris_ joined #salt
09:51 babilen You could orchestrate the initial setup or simply not run the state if that information isn't present (which would require two highstates)
09:55 jas02_ joined #salt
09:56 raspado joined #salt
09:57 netcho joined #salt
09:59 netcho joined #salt
10:04 amcorreia joined #salt
10:07 flowstate joined #salt
10:11 J0hnSteel joined #salt
10:14 codehotter yea I'm already using orchestration, so it's not that difficult to just apply two separate states
10:17 sebastian-w joined #salt
10:19 lero joined #salt
10:26 k_sze[work] joined #salt
10:27 antpa joined #salt
10:34 DarkKnightCZ joined #salt
10:48 kbaikov joined #salt
10:55 kbaikov joined #salt
10:56 jas02_ joined #salt
10:56 DEger joined #salt
10:57 DarkKnightCZ joined #salt
10:58 abednarik joined #salt
11:11 drybjed joined #salt
11:13 edrocks joined #salt
11:20 inad922 joined #salt
11:37 Ni3mm4nd joined #salt
11:39 hh_ joined #salt
11:40 fmartin Hi, does anyone knows which setting is responsible for generating this messages and its behaviour ?
11:40 fmartin [DEBUG   ] Checking whether jid 20161019061143280827 is still running
11:46 SaltyVagrant joined #salt
11:57 jas02_ joined #salt
12:00 Ni3mm4nd_ joined #salt
12:04 fmartin I mean...  I have two masters in two different environments with identical settings. And in both of them I launch the remote execution (cmd.script) of a long-running command
12:06 fmartin In master config file timeout is not overwriten (so default is 5secs). In one environment the execution is terminated with no response but in the other the timeout does not apply and I receive several "Checking wether jid XXX is still running" messages until the script terminates fine
12:07 fmartin How that could be possible??
12:07 fmartin Same version (2015.8.8), same config ...
12:07 simmel joined #salt
12:08 amontalban joined #salt
12:25 sgo_ joined #salt
12:31 edrocks joined #salt
12:33 KkL joined #salt
12:34 KkL joined #salt
12:35 edrocks joined #salt
12:43 Micromus joined #salt
12:44 DarkKnightCZ joined #salt
12:45 hax404 joined #salt
12:46 whitenoise joined #salt
12:51 oliver_are joined #salt
12:57 jas02 joined #salt
12:58 dariusjs joined #salt
13:08 tapoxi joined #salt
13:14 [M4rk0] joined #salt
13:14 [M4rk0] Hello
13:14 numkem joined #salt
13:15 JohnnyRun hi all. Is it ok in an sls something like:
13:15 JohnnyRun {% set sites = salt['file.find']('/var/www', {'print': 'name', 'maxdepth': '0', 'file-types': 'd', 'name': '\*.\*'}) %} ??
13:15 JohnnyRun seems that arguments are ignored ...
13:16 uglylun joined #salt
13:16 JohnnyRun is it ok an hash as second argument?
13:17 babilen I would have expected kwargs
13:17 m4rk0 Please tell me is it possible to run state only once on first highstate?
13:18 JohnnyRun salt.modules.file.find(path, *args, **kwargs)
13:18 babilen m4rk0: Leave a sentinel somewhere or define a different test and use unless/onlyif
13:18 babilen JohnnyRun: Yeah, I would have expected maxdepth=0, ...
13:19 flowstate joined #salt
13:19 m4rk0 babilen, heh okay ;)
13:20 jas02 joined #salt
13:23 JohnnyRun thanks babilen salt['file.find']('/var/www', maxdepth=0, type='d',name="*.*")  is working
13:25 scoates joined #salt
13:25 babilen m4rk0: You could for example set a grain if there is nothing to actually test for.
13:25 babilen JohnnyRun: great
13:33 DEger joined #salt
13:38 narfology joined #salt
13:47 Tanta joined #salt
13:56 VR-Jack2 great. saltstack 2015.5 will probably be obsolete before centos8 becomes available. :(
13:57 XenophonF it's already obsolete, isn't it?
13:57 Sketch VR-Jack2: use the saltstack repos
13:58 Sketch http://repo.saltstack.com/#rhel
13:58 gtmanfred I think it can still get cve updates
13:58 gtmanfred but it will not be supported once carbon comes out officially
13:58 mapu joined #salt
13:58 VR-Jack2 No idea. been away for awhile.
13:58 Sketch also, salt is in epel, so it may be updated at any time, epel isn't frozen like the base OS
13:58 jas02 joined #salt
13:59 Sketch hopefully the package maintainer is will update it once 2015.5 is no longer supported
13:59 VR-Jack2 Sketch, someone decided to require python-tornado 4.2.1. rhel is locked with 2.2.1
13:59 Sketch VR-Jack2: ah.  the saltstack repos come with their own dependency packages
14:00 Sketch though i guess that can cause side effects, if any other packages require 2.2.1...
14:00 Sketch but i have yet to have issues with the salt repos
14:00 VR-Jack2 That's the issue. Not sure how compatible 4.2.1 is with 2.2.1
14:00 VR-Jack2 In my case, it may not be an issue, though I normally don't use anything but epel
14:09 colegatron joined #salt
14:10 colegatron Hi, good afternoon/whatever
14:11 subsignal joined #salt
14:12 babilen Good afternoon
14:12 west575 relatedly, I did have a cluster of boxes that couldn't run salt-from-offical-repos because zeromq was locked on a specific version due to the app that was running on the box. (so we used salt-ssh for those.)
14:13 VR-Jack2 I'll probably just stick with 2016.5.3
14:13 VR-Jack2 err, 2015
14:14 VR-Jack2 sorry. my brain is fried. too many windows open. 2015.5.10, or latest epel
14:15 VR-Jack2 Unless it's locked in the repo, I'll just patch any problems I have myself
14:16 DarkKnightCZ joined #salt
14:21 dyasny joined #salt
14:21 racooper joined #salt
14:23 oliver_are Hi, I'm getting this error " State environ.setenv found in sls X.Y is unavailable" when I set a PATH variable on a non-root user.
14:23 oliver_are could someone help me in resolving this
14:24 DEger joined #salt
14:30 keltim joined #salt
14:35 mpanetta joined #salt
14:37 flowstate joined #salt
14:39 jas02 joined #salt
14:40 blu__ joined #salt
14:40 raspado joined #salt
14:45 subsignal joined #salt
14:46 subsignal joined #salt
14:48 oliver_are I guess Minion cant refresh environment variables by itself
14:51 m4rk0 How can I check if some file is missing? I tried {% if salt['file.missing' ]('/file.txt') %} but it doesn't work
14:52 gheistbane joined #salt
14:53 m4rk0 Maybe {% if not salt['file.exists' ]('/file.txt') %} ?
14:55 voileux joined #salt
14:55 DEger joined #salt
14:56 Tanta m4rk0: file.absent
14:56 ivanjaros joined #salt
14:56 Tanta just use that state, it will ensure the file is not present
14:56 m4rk0 Tanta, okay thanx
14:56 rherna joined #salt
14:58 m4rk0 Tanta, Jinja variable 'salt.utils.templates.AliasedLoader object' has no attribute 'file.absent'
14:58 Tanta m4rk0, do you want me to tie your shoes while I'm at it?
14:59 Tanta https://docs.saltstack.com/en/latest/ref/states/all/salt.states.file.html#salt.states.file.absent
14:59 jas02 joined #salt
14:59 m4rk0 Tanta, damn boi
14:59 Tanta it's a state declaration itself, not arguments to another state
14:59 dariusjs joined #salt
14:59 Tanta file_gone_nginx: file.absent: - name: '/etc/nginx/mime.types'
15:01 m4rk0 Tanta, thanx for example :)
15:02 DarkKnightCZ joined #salt
15:02 Tanta sure
15:04 electrofelix joined #salt
15:07 toanju joined #salt
15:08 abednarik joined #salt
15:10 electrofelix is there an equivalent to chefspec for salt?
15:10 electrofelix I've only been scanning the docs so far
15:11 electrofelix not finding something like it, but might just be searching for the wrong thing
15:11 babilen kitchen
15:11 esckroh_ We use TestKitchen/bats
15:12 babilen serverspec
15:13 electrofelix babilen: kitchen is kind of the next level up from chefspec, similarly serverspec
15:13 babilen Haven't used chefspec, but it looked to be related to those tool
15:13 babilen s
15:14 electrofelix for comparison chefspec allowed checking logic and template results without having to execute it for real, more like a mocking library checking that the logic is doing the right thing
15:14 babilen Just so that I remember it correctly: What elevates them over chefspec?
15:14 babilen Right .. okay, ta
15:15 babilen Maybe that bats tool esckroh_ mentioned does that. Haven't used that either.
15:15 babilen esckroh_: Is it worth learning?
15:15 esckroh_ Sorry, I was thinking about integration tests
15:16 esckroh_ Bats, inspec, and serverpsec are all similar
15:16 electrofelix just to be clear -  kitchen/serverspec = spinning up a VM/container with so more functional testing  - chefspec is closer to unit testing
15:16 lompik joined #salt
15:17 babilen right
15:17 babilen Might want to ask on the mailing list
15:17 electrofelix ta, will do
15:18 babilen Good luck :)
15:20 tiwula joined #salt
15:21 hasues joined #salt
15:23 pirulo joined #salt
15:25 pirulo Guys, how to get the out put from the command: salt \* cmd.run 'grep username /etc/sudoers'  to show me only the matching minions instead of all the minions. Thks
15:26 DEger joined #salt
15:27 hasues left #salt
15:28 beowuff joined #salt
15:30 Elsmorian joined #salt
15:31 BattleChicken joined #salt
15:33 DEger joined #salt
15:35 win_salt pirulo, you are asking for all minions when you use \*
15:37 pirulo Yes, I do, but I need the sdtout to show me only the ones that are true
15:37 Ni3mm4nd joined #salt
15:38 win_salt you can pipe the output through grep again, maybe?
15:39 ronnix joined #salt
15:39 Sketch so, i have a multi-master setup where both masters are configured with output:changes ...but one of them outputs "nested", but only for some hosts.  any suggests where to look?  configs are identical, so i am sort of lost...
15:40 Sketch i don't understand how two masters with identical configs can act differently on the same host (and then only on some hosts)
15:41 s_kunk joined #salt
15:42 Sketch actually, maybe it's not nested.  i get the same output with any --out=option
15:42 Sketch it's whatever output format gives me stuff of the form
15:42 Sketch user_|-user_root_|-root_|-present:
15:43 nini left #salt
15:47 kshlm joined #salt
15:57 rem5 joined #salt
15:59 nicksloan joined #salt
16:00 jas02 joined #salt
16:02 writtenoff joined #salt
16:02 SpX joined #salt
16:02 flowstate joined #salt
16:05 Sarph joined #salt
16:09 scoates I'm having a problem where my reactor states aren't running (it seems). I noticed this in my logs (+ versions report) https://paste.website/p/8898038c-71ba-48da-a274-166098aebd69.txt and feels like it might be related. Anyone experienced this? a search turned up some irrelevant results (like zmq_monitor).
16:10 wangofett does anyone have experience with configuring Jenkins via salt? I'm running into some slight difficulties because Jenkins is designed to be configured through it's UI and I'm not sure what the best approach is to store the job configuration
16:11 scoates wangofett: FWIW, we moved away from Jenkins partly because of the "click things to configure" expectation
16:12 wangofett scoates: what are you using now?
16:12 scoates buildbot. very different, but works for us.
16:14 DEger joined #salt
16:16 snc joined #salt
16:17 edrocks joined #salt
16:21 wangofett I'll look into that - we don't have many complex needs, and I like the command line better than clicks anyway :P
16:21 KkLl left #salt
16:22 dyasny joined #salt
16:27 snc I'm loving orchestration with salt.
16:27 snc So much faster than Ansible playbooks ever were.
16:28 sjmh joined #salt
16:33 gtmanfred :)
16:34 BattleChicken what tools would you suggest for salt orchestration?
16:34 BattleChicken we had a demo with some salt-employed people recently, and the ysaid "salt orchestration tools" but didn't specify what those tools were
16:34 BattleChicken ... demo wasn't all that impressive either, but meh...
16:34 xmj are overstates still a thing?
16:35 abednarik joined #salt
16:35 whytewolf xmj: overstate became orchestration
16:36 whytewolf BattleChicken: "orchestration tools" generally means the orchestration runner and the saltmod state modules
16:36 ronnix joined #salt
16:37 BattleChicken ok,  I'm sure i can learn what those things are by googling the proper terminology
16:37 BattleChicken so thanks
16:37 Tanta salt is building blocks, it doesn't learn for you
16:37 whytewolf https://docs.saltstack.com/en/latest/topics/orchestrate/orchestrate_runner.html#orchestrate-runner
16:37 jas02 joined #salt
16:37 whytewolf https://docs.saltstack.com/en/latest/ref/states/all/salt.states.saltmod.html
16:37 Tanta and the strength of salt is the flexibility, I've learned above all else... they provide the basics that you need, and you can build just about anything with it
16:38 BattleChicken Yeah.  the fact you have to build everything from scratch (huge grain of salt with that statement, no pun intended) is part of why I'm a bit resistant to rebuilding everything in salt as opposed to our current platform
16:38 mikecmpbll joined #salt
16:39 BattleChicken it's a development push. they installed a couple applications using the command line and lost their  minds, want to push the whole company into using it even though our use-case would be about 100 times more complicated.
16:39 BattleChicken if i was coming in with no preconfigured config management platform (Altiris in my case) i wouldn't be resistant. I'm not grandpa refusing to get with the times.
16:40 BattleChicken i want to learn more about the orchestration and layering I'd have to do, thus the interest in the orchestration - thank you again for the information whytewolf
16:42 Trauma joined #salt
16:45 DarkKnightCZ joined #salt
16:51 yuhll joined #salt
16:52 pipps joined #salt
16:55 Brew joined #salt
16:58 flowstate joined #salt
17:00 jas02 joined #salt
17:01 onlyanegg joined #salt
17:03 cscf fwiw my workplace is standardizing on Salt (slowly) and my part, at least, is going quite nicely
17:05 flowstate joined #salt
17:07 mapu joined #salt
17:09 snc @BattleChicken we just run orchestrate state ids from bash
17:09 flowstat_ joined #salt
17:09 snc Oh I just slack'd on IRC. Heh
17:10 snc It's the orchestrate runner rather than the usual state runner
17:10 Brew joined #salt
17:13 fas3r joined #salt
17:13 fas3r hello
17:14 jas02 joined #salt
17:14 fas3r I have a strange problem, I can start salt-api manually ( salt-api -l debug ), but systemctl start salt-api is hanging and failed.
17:16 pipps joined #salt
17:16 cyborg-one joined #salt
17:19 BattleChicken snc:  my use case is more complicated since I'm dealing with Windows minions (though the salt install I'd be using would be linux)
17:20 patrek joined #salt
17:22 flowstate joined #salt
17:26 angvp fas3r: which distro?
17:26 fas3r debian jessie
17:26 angvp fas3r: using systemd?
17:26 angvp ok .. can you copy the unit file for me?
17:26 angvp or actually
17:27 fas3r yes well it's from the apt-get install :)
17:27 angvp let me copy my unit file for you, check if it's different
17:27 fas3r thanks
17:28 mibr0_ joined #salt
17:28 mibr0 joined #salt
17:28 angvp fas3r: https://gist.github.com/angvp/c9fbe6237f6688a60fb5568b6f7bbabc
17:28 angvp I remember changing Type for Simple fixed my problem
17:28 flowstate joined #salt
17:29 mibr0 joined #salt
17:29 snc @BattleChicken no windows here :-)
17:29 fas3r angvp: salt-master is starting well
17:29 fas3r i'ts salt-api what's not starting.
17:31 angvp fas3r: sorry, I've missread ... but check if salt-api daemon with Type=Simple as well
17:31 fas3r http://pastebin.com/3nfjnYm1
17:32 rherna fas3r: i ran into similar problems with systemd see this PR: https://github.com/saltstack/salt/pull/36823
17:32 saltstackbot [#36823][OPEN] Update debian systemd unit files to use default KillMode, Type=notify | This was done for the rest of the unit files in https://github.com/saltstack/salt/pull/35577 but I did not realize we maintain separate unit files for Debian....
17:32 fas3r here it is
17:32 sleblanc joined #salt
17:32 haam3r joined #salt
17:33 angvp oh debian, always breaking stuff :)
17:33 fas3r angvp: you mean I have to change Type=notify to Type=Simple ?
17:33 flowstat_ joined #salt
17:34 angvp fas3r: yes
17:34 subsignal joined #salt
17:35 fas3r angvp: same thing.
17:35 rherna fas3r: you can use notify but if you set Type=notify for the service you must set NotifyAccess=all as well or pip install systemd-python from what ive found. This test was against the 2016.3 branch
17:36 rherna make sure you call "systemctl daemon-reload" after modifying the unit files too
17:36 fas3r it's good.
17:36 fas3r yep :)
17:37 rherna excellent
17:38 sleblanc I am looking for advice on an aspect of my deployment: I need to sync a library of audio and video samples on a bunch of machines (12 in total). I am fine with using rsync and I would like to know if I can automate syncing from my master to the minions. I.e. I would like the rsync commands to run on the master instead of the minions
17:38 whytewolf so, put a minion on the master
17:38 fas3r last question, if I use external_auth / pam to authenticate the user against salt-api / cherrypi, does the local user need to be member of a specific group ?
17:38 sleblanc so: is there already a module that does this? and if not, does salt facilitate running shell commands on the master?
17:38 sleblanc whytewolf, excellent idea
17:39 sleblanc whoa, did not think of that!
17:39 whytewolf https://docs.saltstack.com/en/latest/ref/states/all/salt.states.rsync.html
17:39 lovecraftian joined #salt
17:39 lovecraftian joined #salt
17:40 sleblanc whytewolf, if I am using salt-ssh, can I avoid a loopback ssh connection? I am not running an sshd on this machine
17:40 rherna fas3r: I havent played with salt-api or cherrpi so Im not sure
17:41 fas3r ok
17:41 fas3r thanks anyway for the help
17:42 rherna youre welcome!
17:43 inad922 joined #salt
17:44 whytewolf sleblanc: ahh well that is different. personally i don't work with salt-ssh but salt-ssh still needs an ssh connection so i don't think you can use it like that
17:44 flowstate joined #salt
17:54 m4rx joined #salt
17:57 pipps joined #salt
17:57 onovy joined #salt
17:59 onovy hi guys. i need to generate config file content according to directory content. So I have dir on minion: /data with two files "1" and "2". I need to generate config file on same minion with content: aaa: 1, aaa: 2 (etc. ...). should i use "mine" for it?
18:01 hasues joined #salt
18:01 hasues left #salt
18:01 jas02 joined #salt
18:03 gtmanfred if the file content goes on the same minion, you could just use {%- if salt['cmd.retcode']('file /data/1') == 0 %} and check fi the file exists from jinja
18:05 BattleChicken left #salt
18:05 onovy i don't know file name. i need to list them and "foreach" them in template
18:06 onovy so something like this? salt['cmd.run']('ls /data')
18:06 gtmanfred sure
18:06 dyasny joined #salt
18:06 onovy yep, it works in {{ .. }} and i need to figure out how to foreach it :]
18:07 jas02 joined #salt
18:07 gtmanfred {% for x in salt['cmd.run']('ls /data').split('\n' %}
18:07 gtmanfred {% for x in salt['cmd.run']('ls /data').split('\n') %}
18:07 gtmanfred something with {{x}}
18:07 gtmanfred {% endfor %}
18:08 catpigger joined #salt
18:08 onovy ah, split! thanks
18:09 DarkKnightCZ joined #salt
18:10 onovy gtmanfred: working, thanks a lot!
18:14 _KaszpiR_ joined #salt
18:16 gtmanfred no problem
18:22 XenophonF salt-formula references a Windows minion installer package named "saltstack.minion" - what is that?
18:25 edrocks joined #salt
18:26 XenophonF the package in winrepo-ng is "salt-minion"
18:26 samodid joined #salt
18:29 swa_work joined #salt
18:29 _KaszpiR_ joined #salt
18:29 pipps joined #salt
18:30 Miouge joined #salt
18:32 haam3r joined #salt
18:33 Tanta don't do that
18:34 Tanta for x in salt['cmd.run']('/data/*')
18:34 Tanta using the output of 'ls' is horribly wrong
18:36 m4rx joined #salt
18:36 BattleChicken joined #salt
18:37 gtmanfred that would result in an error that /data/aaaaa didn't have permissino to execute wouldn't it?
18:37 gtmanfred you would need to do salt['cmd.run']('echo /data/*')
18:37 gtmanfred or salt['cmd.run']('echo /data/*').split(' ')
18:38 Elsmorian joined #salt
18:42 Tanta for x in salt['cmd.run'](' printf "%s\n" /data/* ')
18:42 Tanta that's probably the best you'll get
18:43 Tanta but you are correct, I forgot to print the glob
18:43 gtmanfred :)
18:44 Tanta will the iterator use \n as a field separator?
18:44 Tanta or do you have to explicitly break the multiline string for that iterator to work
18:44 gtmanfred it won't it will use each character as a different one
18:44 gtmanfred because it is a string
18:44 Tanta ah, I see
18:44 gtmanfred yeah, that
18:44 Tanta too bad there's no IFS= equivalent
18:45 gtmanfred yar
18:51 sgo_ joined #salt
18:51 jas02 joined #salt
18:52 jas02 joined #salt
18:54 jas02_ joined #salt
18:58 babilen And that breaks if you have files with spaces in them .. I'd recommend to implement a custom execution function with os.walk() or glob.glob() Python functions
18:59 gtmanfred can you split on null characters?
19:00 gtmanfred salt['cmd.run']('find /data/* -type f -print0')
19:00 pipps joined #salt
19:00 gtmanfred or you could do what tanta did, and do printf with \n and split on \n
19:01 Tanta I do most of my heavy lifting in bash
19:01 Tanta these are daily caveats for me :)
19:01 sh123124213 joined #salt
19:05 alexhayes joined #salt
19:10 fas3r trying to setup salt-api, I'm able to connect and authenticate against cherrypy, however, when I try execute the "key.gen_accept" I get unauthorized. http://pastebin.com/dSDcu91c   thanks by advance
19:10 DarkKnightCZ1 joined #salt
19:11 gtmanfred remove the /login from the second command
19:12 keekz joined #salt
19:17 patarr joined #salt
19:22 flowstate joined #salt
19:22 fas3r gtmanfred: cool thanks :D
19:24 DEger joined #salt
19:25 debian112 joined #salt
19:25 fas3r gtmanfred: the command is executed but the minion key ( on salt master ) is listed in Accepted, Denied and Unaccepted afterwards.
19:27 GreatSnoopy joined #salt
19:27 patarr Does salt allow managing a block device? For example, giving it one partition and format it as ext4?
19:28 psy0rz how is it possible that a salt-call pillar.get mine_functions on the minion returns something else than a when i do this on the master: salt 'backup.bla.com' pillar.get mine_functions
19:30 iggy patarr: salt can do anything
19:30 patarr iggy: i’m having a hard time finding states that can do what I want in this specific instance.
19:30 iggy psy0rz: salt-call saltutil.refresh_pillar
19:30 patarr Im using ec2 driver to create machines with some attached EBS volumes, but I want them to not just be block devices. I want a filesystem!
19:31 psy0rz so a sync_all doenst tdo that iggy?
19:32 psy0rz yep that works...thanks!
19:32 iggy psy0rz: sync_all copies _modules/_statest/_etc
19:33 psy0rz but the confusing part is that the minion seems to return the correct data and the master doesnt :)
19:33 psy0rz but now its ok
19:34 iggy psy0rz: there are certain things that automatically sync pillar data... pillar.get isn't one of them (as it would be a huge performance hit as you use pillar.get all over salt states)
19:34 psy0rz ok
19:35 psy0rz so a saltutil.refresh_pillar, basically lets the minion fetch the pillar data from the master and then sends it back to the master somehow, so that the master can cache it?
19:36 iggy pillar data is rendered on the master
19:36 iggy and then sent to the minion
19:36 alexhayes joined #salt
19:37 iggy patarr: I think in the past, I've used module.run + salt.modules.xfs.mkfs
19:37 patarr iggy: I think I’ll just use the lvm state. It seems to be the most fleshed out and documented
19:38 k33pr0wing joined #salt
19:39 pipps joined #salt
19:43 psy0rz iggy if i have mine_enabled: True on the minion, and i have a mine_function that does a pillar.get on some key. will the mine be updated eventually with the latest data from the pillar? or should i schedule a saltutil.refresh_pillar cronjob on the master?
19:45 fas3r left #salt
19:50 iggy psy0rz: pillar will not be eventually updated... mine data refreshes every hour by default
19:50 bluethundr joined #salt
19:50 psy0rz ok thanks for all the info again :)
19:50 stooj joined #salt
19:51 marulkan joined #salt
19:52 pipps joined #salt
19:53 bluethundr hey guys, I'm trying to verify that a vpc subnet exists using this command
19:53 bluethundr https://gist.github.com/bluethundr/15c90dd7849e3c625760980a6b6e8d24
19:53 bluethundr I got the command from this doc
19:53 bluethundr https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.boto_vpc.html#salt.modules.boto_vpc.subnet_exists
19:53 bluethundr can anyone tell me why salt doesn't recognize that command from the doc?
19:53 bluethundr and what command I should be using?
19:54 hemebond Shouldn't it just be "salt '*' boto_vpc.subnet_exists ?
19:54 pipps99 joined #salt
19:55 gtmanfred yes, it should just be boto_vpc.subnet_exists
19:55 jas02 joined #salt
19:55 bluethundr gtmanfred: ok thanks
19:55 pipps99 joined #salt
19:56 Miouge joined #salt
19:59 k33pr0wing left #salt
20:00 jenastar joined #salt
20:11 patarr joined #salt
20:12 edrocks joined #salt
20:13 mpanetta joined #salt
20:15 dyasny joined #salt
20:16 mpanetta joined #salt
20:19 hoonetorg joined #salt
20:21 stooj joined #salt
20:22 ThomasJ|m joined #salt
20:23 mpanetta joined #salt
20:25 onlyanegg joined #salt
20:28 jas02 joined #salt
20:31 lero joined #salt
20:31 pipps joined #salt
20:32 pipps_ joined #salt
20:32 mike25de joined #salt
20:33 _KaszpiR_ joined #salt
20:34 mike25de hi all :)  Can you recommend a solution for auto-accepting the minion keys on salt-master? I am deploying AWS vms and bootstrap them, but  I need to accept the key on the master in an automatic way. At the moment I have enabled on salt-master  auto accept all keys - but that is not the safest solution.  Any input from you guys is much appreciated.
20:35 hemebond mike25de: salt-cloud
20:35 hemebond Oh, how are you bootstrapping them?
20:35 hemebond Do they have public IPs?
20:35 hemebond Can you SSH to them?
20:35 subsignal joined #salt
20:36 mike25de hemebond: using bootstrap.sh - after the VM is started on AWS
20:36 mike25de I can ssh to them, yes
20:36 hemebond salt-cloud
20:36 hemebond salt-cloud will create the instance, bootstrap it, and automatically accept the key.
20:37 Miouge joined #salt
20:37 mike25de it seems for some reason I can not use salt-cloud :( my workflow is a bit complicated.... and I am using BOTO to kickstart the vm and bootstrap it. THanks for the input though.
20:38 hemebond How are you provisioning the instances?
20:38 mike25de using boto from a flask/py app
20:38 hemebond Oh wait, you're using the salt-api
20:38 mike25de via the AWS api
20:38 mike25de I am using the salt-api yep
20:38 hemebond You could use the salt cloud runner instead of boto.
20:39 mike25de I think salt-cloud can not destroy machines...
20:39 hemebond It can.
20:39 hemebond It can do anything to the instances.
20:39 mike25de or at least my colleagues could not ... ?! - the idiots :P
20:39 sjmh joined #salt
20:39 bluethundr guys.. when I create VPCs with boto vpc, I get an error saying that the 'instance id' doesn't exist
20:40 hemebond My setup specifically uses salt-cloud functions so that I can manage the instances via salt-cloud.
20:40 bluethundr when I use the create route function
20:40 bluethundr https://gist.github.com/bluethundr/ee29139486f76d7bfe611be5a971fa2f
20:40 hemebond mike25de: https://gist.github.com/hemebond/4b48df43721adb283e0df404501a4b59
20:40 mike25de hemebond: thanks for the input... I will consider it for the next version.
20:41 hemebond mike25de: If you can anticipate the minion ID you can touch a file in /etc/salt/pki/master/minions_autosign/
20:41 bluethundr what is  boto_vpc.route_table_present expecting from the  instance_id: value?
20:41 bluethundr is that supposed to be a subnet id?
20:41 alexhayes joined #salt
20:41 mike25de hemebond:  I WAS just reading about that right now !!! :))))
20:42 mike25de hemebond: I will use that feature with auto sign. Thanks mate !
20:42 patarr joined #salt
20:42 pipps joined #salt
20:42 hemebond Good luck 👍
20:42 mike25de u2 man
20:43 bluethundr gtmanfred: any ideas?
20:43 hemebond bluethundr: Do you have the actual error output?
20:43 bluethundr yeah one sec
20:43 bluethundr I'll gist that for you
20:44 bluethundr hemebond: this is the error I'm getting
20:44 bluethundr https://gist.github.com/bluethundr/c69ba38115105e0e0d606a5c1b7be99a
20:45 _KaszpiR_ joined #salt
20:45 hemebond Oh it was in the original gist; my bad.
20:46 bluethundr no worries :)
20:47 stooj joined #salt
20:47 bluethundr here's a gist with the full salt state run and all the code, if that's any help at all
20:47 bluethundr https://gist.github.com/bluethundr/298ebbdc18bbb7613caf05b4ee2a79c4
20:48 DammitJim joined #salt
20:48 hemebond Why does the error show ID "Create route" but your state ID is "Create route table"?
20:49 bluethundr sorry I changed the heading to read Crate Route Table after the fact
20:49 bluethundr the error is the same however
20:49 hemebond Ah okay.
20:49 bluethundr :)
20:50 sgo_ joined #salt
20:51 bluethundr sorry for the confusion there
20:51 bluethundr any ideas why that's happening?
20:51 hemebond Not yet. Having a look at the source.
20:51 bluethundr okeydoke
20:51 _dev left #salt
20:55 jas02 joined #salt
20:56 sh123124213 joined #salt
20:58 hemebond And the instance definitely exists?
20:59 bluethundr well that's just it
20:59 bluethundr I don't know what the function means by instance id
20:59 hemebond Oooooh.
20:59 bluethundr I tried throwing some ami id's at it
20:59 bluethundr they all definitely existed
20:59 bluethundr but that didn't work
20:59 hemebond Not AMI IDs, no.
21:00 bluethundr ah yeah
21:00 hemebond An ID for an existing instance.
21:00 bluethundr you mean an existing subnet instance?
21:00 bluethundr sorry if I'm not following you
21:00 hemebond No, an existing instance.
21:00 bluethundr ok
21:00 bluethundr instance of what? :D
21:00 hemebond An instance is, e.g., a server created from an AMI.
21:00 hemebond A server.
21:00 hemebond They're called instances.
21:00 bluethundr well yeah
21:00 bluethundr ok
21:00 bluethundr cool
21:00 bluethundr thought I was losing my mind there for a moment
21:00 bluethundr ohhhh
21:00 bluethundr ok
21:01 flowstate joined #salt
21:01 bluethundr so it's basically looking for a NAT gateway instance
21:01 bluethundr ??
21:01 hemebond Lemme check.
21:01 bluethundr sorry I was confusing instance id with ami id there for a moment
21:01 bluethundr ok
21:02 hemebond Yes, it looks like it wants a NAT instance.
21:02 bluethundr ahh
21:02 hemebond Or gateway.
21:02 bluethundr ok
21:02 bluethundr right
21:02 bluethundr gotcha
21:02 bluethundr ok thanks
21:02 bluethundr I'll play around with this a little more
21:02 bluethundr thanks for the help and info!
21:02 pipps joined #salt
21:03 hemebond Good luck 👍
21:03 pipps99 joined #salt
21:04 bluethundr appreciate that :)
21:05 pipps99 joined #salt
21:06 mountpoint joined #salt
21:06 DEger joined #salt
21:06 lero joined #salt
21:08 flowstate joined #salt
21:08 patrek joined #salt
21:12 subsignal joined #salt
21:12 pipps joined #salt
21:15 fas3r joined #salt
21:15 fas3r can I use require to call another state ?
21:16 hemebond require just sets up a dependency
21:16 hemebond "make sure that state is okay before I run"
21:16 fas3r is it possible to call a state from another state ?
21:17 fas3r like from one sls to an other ?
21:17 hemebond Yeah I think you can. Not sure that's a good process.
21:18 rherna joined #salt
21:18 hemebond https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.state.html#salt.modules.state.sls_id
21:22 babilen RQYou'd achieve that by including the other sLS
21:26 amontalb1n joined #salt
21:30 jas02 joined #salt
21:31 pipps joined #salt
21:35 DEger joined #salt
21:36 netcho joined #salt
21:44 stooj joined #salt
21:45 pipps joined #salt
21:50 jas02 joined #salt
21:54 patarr joined #salt
21:56 pipps joined #salt
21:56 jas02 joined #salt
21:58 schinken joined #salt
21:58 schinken Is it a known problem, that the salt minion uses the wrong init system on raspbian?
21:59 schinken it tries to start my init scripts by /etc/init.d/name start, but its actually a systemd service file
22:02 slav0nic joined #salt
22:04 stooj joined #salt
22:04 BattleChicken left #salt
22:05 DEger joined #salt
22:06 edrocks joined #salt
22:07 flowstate joined #salt
22:12 DEger joined #salt
22:19 patarr joined #salt
22:25 DEger joined #salt
22:26 nidr0x joined #salt
22:27 lero joined #salt
22:30 DEger joined #salt
22:32 amontalban joined #salt
22:33 pipps99 joined #salt
22:35 cliluw joined #salt
22:36 lero joined #salt
22:37 _JZ_ joined #salt
22:37 whytewolf schinken: maybe not a bug. saltstack uses https://www.freedesktop.org/software/systemd/man/sd_booted.html to determine of systemd is the default and booted init system. other wise it falls back to the "service" module which is just a wrapper for the sysvinit scripts.
22:47 sleblanc Error while using the rsync state module: https://dpaste.de/E0OC/raw
22:49 DEger joined #salt
22:51 jas02 joined #salt
22:52 onlyanegg joined #salt
22:53 nidr0x joined #salt
22:54 pipps joined #salt
22:54 whytewolf sleblanc: not sure about the outcome but this issue lists that traceback.. see if you can find more info there
22:54 whytewolf https://github.com/saltstack/salt/issues/32478
22:54 saltstackbot [#32478][OPEN] rsync.synchronized - user/group options required | I was really excited to see that Salt 2016.3.0 now has rsync support and I've just had a go at using it but have bumped into a few issues that could do with addressing:...
22:56 DEger joined #salt
22:56 whytewolf ahh this PR is meant to fix it https://github.com/saltstack/salt/pull/32739
22:56 saltstackbot [#32739][MERGED] Rsync synchronized updates. | What does this PR do?...
22:57 jas02_ joined #salt
22:57 pipps joined #salt
23:01 DEger joined #salt
23:02 hemebond joined #salt
23:03 Sammichmaker joined #salt
23:07 edrocks joined #salt
23:08 N-Mi joined #salt
23:08 flowstate joined #salt
23:19 keimlink joined #salt
23:21 pipps joined #salt
23:21 sleblanc whytewolf, thank you for the insight. for the moment, I will simply use cmd.run rsync …
23:23 pipps joined #salt
23:34 pipps99 joined #salt
23:42 pipps joined #salt
23:43 sjmh joined #salt
23:46 keimlink_ joined #salt
23:46 amontalban joined #salt
23:49 edrocks joined #salt
23:52 tercenya joined #salt
23:53 pipps joined #salt
23:54 nidr0x joined #salt
23:58 jas02 joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary