Perl 6 - the future is here, just unevenly distributed

IRC log for #salt, 2016-10-28

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:01 madflojo joined #salt
00:06 watersoul joined #salt
00:07 edrocks_ joined #salt
00:08 aagbds joined #salt
00:09 jams_ joined #salt
00:15 barmaley joined #salt
00:16 gtmanfred joined #salt
00:17 pipps joined #salt
00:21 f4 joined #salt
00:22 morissette joined #salt
00:27 pipps joined #salt
00:28 akhter joined #salt
00:29 watersoul joined #salt
00:32 pipps joined #salt
00:34 jas02 joined #salt
00:34 edrocks joined #salt
00:39 edrocks_ joined #salt
00:42 DEger joined #salt
00:42 subsignal joined #salt
00:44 infrmnt1 joined #salt
00:49 dps joined #salt
00:59 RandyT joined #salt
01:00 bltmiller joined #salt
01:02 edrocks joined #salt
01:03 du5tball joined #salt
01:04 edrocks__ joined #salt
01:04 barmaley joined #salt
01:05 jas02 joined #salt
01:12 barmaley joined #salt
01:14 DEger joined #salt
01:15 Sketch_ joined #salt
01:18 abednarik joined #salt
01:19 DEger joined #salt
01:25 binocvlar joined #salt
01:26 barmaley joined #salt
01:27 juanito_ joined #salt
01:31 DEger joined #salt
01:34 DEger joined #salt
01:35 jas02 joined #salt
01:40 sebastian-w_ joined #salt
01:42 _aeris_ joined #salt
01:42 Cottser joined #salt
01:46 spuder joined #salt
01:46 edrocks_ joined #salt
01:47 edrocks__ joined #salt
01:49 catpiggest joined #salt
01:53 barmaley joined #salt
02:06 onlyanegg joined #salt
02:06 barmaley joined #salt
02:07 DEger_ joined #salt
02:07 jas02 joined #salt
02:22 subsignal joined #salt
02:27 baffle joined #salt
02:28 bbradley joined #salt
02:31 basepi joined #salt
02:33 sp0097 joined #salt
02:36 jas02 joined #salt
02:37 evle joined #salt
02:43 akhter joined #salt
02:47 blu__ joined #salt
03:05 edrocks joined #salt
03:17 viq joined #salt
03:26 rawzone joined #salt
03:28 jas02 joined #salt
03:38 jas02 joined #salt
03:39 zulutango joined #salt
03:41 justanotheruser joined #salt
04:03 samodid joined #salt
04:06 barmaley joined #salt
04:08 pipps joined #salt
04:09 akhter joined #salt
04:15 jwang joined #salt
04:29 cosming joined #salt
04:29 jas02 joined #salt
04:31 Electron^- joined #salt
04:44 subsignal joined #salt
04:51 Ni3mm4nd joined #salt
05:00 Ni3mm4nd joined #salt
05:04 justan0theruser joined #salt
05:05 kung_foo_panda joined #salt
05:11 kung_foo_panda first hello to #salt
05:11 hemebond Hello
05:16 antpa joined #salt
05:18 Ni3mm4nd joined #salt
05:19 netcho_ joined #salt
05:20 tbortels joined #salt
05:21 pipps joined #salt
05:28 onlyanegg joined #salt
05:30 jas02 joined #salt
05:31 tbortels So - weird behavior. I have about 4000 salt minions, and I find that every day a handfull of them stop responding. Going out and restarting the salt minion brings them back to life. No idea what is causing it. Is this a known/expected behavior, and if you have a large herd, do you routinely restart your minions? Or is this my own special puzzle?
05:33 kung_foo_panda do you see any logs in the master ?
05:34 kung_foo_panda or the minion ?
05:34 ivanjaros joined #salt
05:37 edrocks joined #salt
05:39 jas02 joined #salt
05:43 netcho_ joined #salt
05:45 impi joined #salt
05:56 Ni3mm4nd joined #salt
06:00 akhter joined #salt
06:12 rawzone joined #salt
06:31 ivanjaros joined #salt
06:32 m4rx joined #salt
06:36 cosming joined #salt
06:38 rdas joined #salt
06:40 jas02 joined #salt
06:40 pipps joined #salt
06:50 bocaneri joined #salt
07:00 Pulp joined #salt
07:03 LondonAppDev joined #salt
07:04 pipps joined #salt
07:04 LondonAppDev Hi all, is it possible to change the permissions of a directory under /srv/salt/ using salt itself?
07:05 LondonAppDev Basically, I want my Jenkins server to be able to copy an archive to within the /srv/salt/_files/ so it can then be distributed across to the minions.
07:05 fracklen joined #salt
07:07 LondonAppDev When I try and update the permissions using file.directory in my salt state, it just fails saying "Could no change user to Jenkins, could not change group to Jenkins"
07:13 samodid joined #salt
07:16 JohnnyRun joined #salt
07:16 netcho_ joined #salt
07:26 k_sze[work] joined #salt
07:29 onlyanegg joined #salt
07:31 jas02 joined #salt
07:32 CeBe joined #salt
07:36 hemebond LondonAppDev: Does the user and group exist?
07:36 hemebond Wait.... huh?
07:36 LondonAppDev hemebond: thanks for the reply. Actually I discovered the reason it was not working was because of Vagrant, not Salt
07:37 LondonAppDev It wasn't letting me set permissions on my Vagrant shared folder.
07:39 fracklen joined #salt
07:39 edrocks joined #salt
07:40 alexanderilyin joined #salt
07:40 jas02 joined #salt
07:41 AirOnSkin joined #salt
07:42 iggy tbortels: you have 4000 on the same master? does the minion process die or just disconnect?
07:50 ernescz joined #salt
07:52 toanju joined #salt
07:52 JohnnyRun joined #salt
07:52 stanchan joined #salt
07:52 jas02 joined #salt
07:58 Electron^- joined #salt
08:03 akhter joined #salt
08:03 fracklen joined #salt
08:04 fracklen joined #salt
08:08 mikecmpbll joined #salt
08:11 spuder joined #salt
08:11 stanchan joined #salt
08:22 hlub What would be the best way to trigger highstate runs when a local pillar repo (hg) gets new changesets?
08:22 JohnnyRun joined #salt
08:23 hlub is it inotify beacon and reactor?
08:23 zer0def joined #salt
08:25 hlub or a sls scheduled to run frequently on master?
08:25 hlub I think mercurial hooks don't work as they are run with other user.
08:26 jas02 joined #salt
08:27 kung_foo_panda joined #salt
08:27 keimlink joined #salt
08:29 hlub it seems the solution can't be an orchestration where I'd first run cmd.run state with 'hg update' and have onchanges relation to highstates. It seems that salt.state allows only highstate or sls file runs. :/ Of course I could put that one state into sls but...
08:30 pipps joined #salt
08:31 ronnix joined #salt
08:41 jas02_ joined #salt
08:46 s_kunk joined #salt
08:55 JohnnyRun joined #salt
09:00 onlyanegg joined #salt
09:04 SaltyVagrant_ joined #salt
09:05 rem5_ joined #salt
09:07 armyriad joined #salt
09:07 haam3r joined #salt
09:10 rdas joined #salt
09:13 rome_390 joined #salt
09:23 n1x0n joined #salt
09:27 JohnnyRun joined #salt
09:27 Elsmorian joined #salt
09:28 jeddi joined #salt
09:30 cyteen joined #salt
09:34 joshin joined #salt
09:37 M-liberdiko joined #salt
09:41 freelock[m] joined #salt
09:41 Mads[m] joined #salt
09:41 saintaquinas[m] joined #salt
09:41 jerrykan[m] joined #salt
09:41 ThomasJ|m joined #salt
09:41 M-MadsRC joined #salt
09:41 dnull[m] joined #salt
09:49 antpa joined #salt
10:01 spuder joined #salt
10:03 Inver joined #salt
10:03 antpa joined #salt
10:05 akhter joined #salt
10:09 darvon joined #salt
10:10 jas02 joined #salt
10:12 cyborg-one joined #salt
10:15 pipps joined #salt
10:16 psrjr joined #salt
10:21 honestly where does salt-ssh 2016.3.3 put its var/cache/log/etc. files on the minion? I can't find anything in /tmp
10:23 AndreasLutro ls -la /tmp
10:23 AndreasLutro it starts with ".salt" iirc
10:23 honestly yeah I've done that...
10:24 honestly no idea where it's gone off to
10:24 honestly (I made sure I turned off wiping as well...)
10:26 AndreasLutro oh nvm they moved it to /var/tmp recently
10:26 AndreasLutro for some reason
10:26 AndreasLutro /var/tmp/.$USER_$HASH_salt
10:29 honestly lol
10:29 honestly thanks
10:29 honestly how did you figure that out?
10:30 AndreasLutro I remembered it
10:30 honestly haha
10:41 edrocks joined #salt
10:43 jas02_ joined #salt
10:47 Reverend guys :(
10:47 Reverend im upset
10:48 Reverend the order:last on one of the sections of my SLS does -not- run last.
10:48 Reverend does that run last for that SLS only, or for all of them?
10:48 Reverend if it's the latter, something is borked somewhere
10:48 KingOfFools i thinks it's last only in sls
10:49 KingOfFools not sure tho
10:55 slav0nic joined #salt
10:56 Reverend blerp
10:56 Reverend that's nmot good
10:57 Reverend inotify beacon it is
10:57 babilen It's last for all states
10:58 babilen (which might not be the absolute last state if you have multiple ones with "order: last")
10:59 antpa joined #salt
11:00 Reverend babilen: I don't :/
11:00 Reverend it seems to think that the SSL doesn't exist, but it blatantly does.
11:02 onlyanegg joined #salt
11:02 babilen Which SSL ?
11:08 Reverend okay - we've got an nginx sls that has some configs that require /etc/ssl/something.crt.
11:08 Reverend another sls that creates all of the ssl's
11:09 whatevsz joined #salt
11:09 Reverend the order is nginx > ssl > order: last on service restart on nginx
11:09 Reverend unless im missing something... nginx doesn't reload after the ssl business and reports dead
11:10 Reverend lemme past some bits
11:10 Reverend wait... for some reason my 'order' is missing... WHAT THE FUCK. let me get back to you on that.
11:11 Reverend i swear to sweet baby jeebus that i put that in there
11:12 rdas joined #salt
11:13 Reverend spinning up a box now... we'll see what happens.
11:14 whatevsz hey guys
11:14 Reverend yo whatup whatevsz
11:14 Reverend see what I did there?
11:14 * Reverend is a wizard
11:14 whatevsz i tried out ansible, and found stuff like "hostvars" very conventient, which allows you to access variables of other hosts
11:15 Reverend ewwww
11:15 whatevsz is there anything like this in salt? so i can access pillar data of other hosts
11:15 Reverend not pillars
11:15 Reverend pillars are secure AF
11:15 whatevsz my current salt setup has some ugly hacks around reclass to make this possible
11:15 Reverend pillars should be assigned to hosts that need them
11:15 whatevsz lets say i want to load balance across all hosts in a certain group or something, how can i do this nicely in the load balancer config?
11:16 Reverend babilen - IT WORKED. I FUCKING LOVE YOU. my sweet little rubberduck <3 xx
11:17 Reverend what are you using for an LB? haproxy?
11:17 Reverend oout of interest more than anything on that Q.
11:17 whatevsz its just an example :D
11:17 whatevsz actually it would be something like an influxdb cluster that i want to send metrics to
11:17 whatevsz and i dont want to hard-code the cluster member list
11:19 babilen whatevsz: You can look into the salt mine
11:19 babilen (and mine function aliases)
11:19 whatevsz yeah i tried that already
11:20 whatevsz but its kinda weird to do it this way
11:20 whatevsz i mean, the datais already present on the master, everything i want to know
11:20 whatevsz its just that i cannot access it in a conventient way
11:20 haam3r joined #salt
11:20 whatevsz btw, googling "salt mine" is not very helpful :D
11:20 kbaikov joined #salt
11:22 babilen whatevsz: Yeah, I googled that often enough
11:22 babilen Why is the mine not nice? It allows you to access a bunch of data in a convenient way about all your minions
11:23 Reverend AFAIK - mine is pretty sick, from what I hear down the old grape vine
11:23 babilen sick?
11:23 babilen As in "amazing" or "broken" ?
11:29 kbaikov joined #salt
11:29 Reverend babilen - amazing
11:29 garga left #salt
11:30 spuder joined #salt
11:35 whatevsz can i "cheat" and just give the "pillar.items" function to the mine?
11:37 ernescz hello! I was wondering - is it possible in states to somehow iterate over grains values of few selected minions? For example, I match required minions with 'salt -C "dbsrv* and G:role:whatever" grains.get fqdn' and that gives me 2 minions with values 'host1' and 'host2'.
11:37 ernescz Inside states - should I put these values in a list and then iterate over the elements? Or perhaps use more complicated mine.get to match the minions and their values? For now the best I can get is iteration over fqdn grain of the minion this state is applied to like it is ['h', 'o', 's', 't', '1']. I'm missing something obvious here.
11:40 darvon joined #salt
11:43 jhauser joined #salt
11:44 jas02_ joined #salt
11:46 joshin joined #salt
11:47 jas02 joined #salt
11:52 Reverend whatevsz - cheating is generally considered bad... as there is usually a 'proper' way of doing it
11:53 Reverend not sure how in your sitch as I'm relatively new to this too... but im sure there will be a way to do whatever it is yoiu want to do
11:53 Reverend :)
11:54 whatevsz i guess mine would work
11:54 whatevsz but i dont really like that you have to run commands on minions to get information that is already available on the master
11:55 Reverend the idea is that minions can run independently of master
11:55 Reverend i.e. your minion can run states as needed, and not just get given a bunch of crap
11:55 Reverend so the information on master is actually not that useful unless you populate it into something that the minion can access.
11:56 jeddi joined #salt
11:56 Reverend if you think of it like having someone hand you meeting notes, instead of reading them out to you... that's how salt operates. i.e. the complete opposite to puppet
11:58 saltuser123 joined #salt
12:02 pipps joined #salt
12:09 cro_ joined #salt
12:10 baikal joined #salt
12:12 joshin joined #salt
12:12 akhter joined #salt
12:15 graffic joined #salt
12:15 svg_ joined #salt
12:19 Sketch_ joined #salt
12:19 sp0097 joined #salt
12:21 lunarlamp joined #salt
12:25 IgorK__ joined #salt
12:26 whatevsz hmpf, never seen it that way
12:26 whatevsz i have to say, i'd prefer puppet's approach in this case
12:27 IgorK__ Hello, can anybody help me with gpgkeys in saltstack please?
12:27 whatevsz minion should be dumb af, and just get commands from the master
12:29 IgorK__ I have such problem, I have encrypted my secret key with gpg and put it in pillar. But in master when I'm writing `$salt 'minion1' pillar.items` my key in pillar items show not as unencrypted
12:29 IgorK__ minion1:     ----------     mongodblogin:         -----BEGIN PGP MESSAGE-----
12:31 IgorK__ but should be as like `minion1: mongodblogin: supersecret`. If I'm correctly understanding
12:32 IgorK__ left #salt
12:34 IgorK__ joined #salt
12:34 IgorK__ can Anybody help me?
12:35 tristianc_ joined #salt
12:35 Arendtsen joined #salt
12:35 titilambert joined #salt
12:36 aitrus joined #salt
12:36 phx joined #salt
12:36 Neighbour joined #salt
12:36 swills joined #salt
12:36 debian112 joined #salt
12:36 tbortels joined #salt
12:37 amontalban joined #salt
12:37 antpa joined #salt
12:37 jesusaur joined #salt
12:40 Edur joined #salt
12:41 filippos joined #salt
12:45 jas02 joined #salt
12:45 sgo_ joined #salt
12:45 babilen whatevsz: You *really* shouldn't share pillar data with other mininos. The whole point of pillars is that they are minion specific and therefore usable for sensitive information
12:48 IgorK__ wat?
12:48 jas02_ joined #salt
12:49 IgorK__ I have a secret data, salt docs speaks that I can put secret data in pillar as encrypted
12:50 q1x joined #salt
12:53 abednarik joined #salt
12:53 numkem joined #salt
12:57 babilen IgorK__: Yes, which is why you shouldn't share data meant for one minion with all other minions
12:57 babilen (via the mine)
12:57 babilen (or any other way really)
12:58 RobertLaptop joined #salt
12:59 IgorK__ babilen I can't understand you
13:00 babilen IgorK__: whatevsz wanted to place pillar.items into the mine which would make pillar data available to all minions. I don't consider that to be a good idea.
13:00 joshin joined #salt
13:00 joshin joined #salt
13:01 IgorK__ Do I have alternatives?
13:01 KingOfFools babilen: I think he's asking how would he encrypt his data in pillar, or something like that
13:02 IgorK__ I already encrypted them
13:02 JPT joined #salt
13:02 KingOfFools ah, ok
13:02 IgorK__ but master not decrypt them
13:02 onlyanegg joined #salt
13:02 kbaikov joined #salt
13:03 ronnix joined #salt
13:03 IgorK__ My question was why master not decrypt them
13:03 babilen Ah, I foolishly assumed that IgorK__'s "wat?" right after my message was addressed to me and a reaction to what I said before
13:03 ivanjaros3916 joined #salt
13:03 rsanting joined #salt
13:04 IgorK__ yes sorry ) I didn't looked that it was not to me)
13:04 IgorK__ yes sorry ) I didn't look that it was not to me)
13:05 babilen Yeah, but that would explain our confusion :)
13:07 eMBee joined #salt
13:09 Reverend babilen - it all works. SSL's installed and nginx running on boot. Got a @reboot in crontab to update itself when it starts up (as it's a scaling server)
13:10 aagbds joined #salt
13:12 IgorK__ sorry for question previous question, I waited 5 mins, then I run again `salt minion1 pillar.items` and master decrypted my key ) lol :D
13:12 babilen Reverend: yay
13:13 Reverend :)
13:13 Reverend only 5 more parts of the stack to go
13:13 Reverend althoguh most of them are like 50% written already
13:14 bakins joined #salt
13:20 liberdiko[m] joined #salt
13:21 racooper joined #salt
13:21 spuder joined #salt
13:23 whatevsz whats for the input guys :) i guess i'm, going to go with salt mine, even though i'm not entirely convinced of that setup ...
13:24 kbaikov joined #salt
13:27 whatevsz uhh, *thanks
13:27 whatevsz weekend needed
13:28 slav0nic left #salt
13:29 mads[m] joined #salt
13:29 tjuberg[m] joined #salt
13:29 jerrykan[m] joined #salt
13:29 saintaquinas[m] joined #salt
13:29 MadsRC[m] joined #salt
13:29 john[m] joined #salt
13:30 dnull[m] joined #salt
13:31 akhter joined #salt
13:34 hasues joined #salt
13:35 babilen whatevsz: What are you actually trying to achieve?
13:37 hasues left #salt
13:39 whatevsz lets say i want to setup a bind dns server
13:39 whatevsz and i have a bunch of hosts with statis IPs
13:39 whatevsz right now, i hard-code the ip -> name mapping in the pillar
13:39 babilen Why?
13:39 whatevsz even though i have this info already in the pillar
13:40 whatevsz how would you do this?
13:40 babilen You encode it in the pillar even though you have it in the pillar?
13:40 whatevsz without duplicating the information
13:40 whatevsz well i have pillar data for each host, where hostname and ip are stored
13:40 whatevsz but i cannot access this from the bind state
13:40 babilen hostname and IPs are grains
13:41 Tanta joined #salt
13:42 whatevsz ok, if i got them as grains, how would i access grains of other hosts?
13:42 whatevsz so i can say "for each host, assign this IP as an A record to this domain name"
13:43 babilen Via the mine .. for IP addresses I tend to define a network.ip_addrs mine function alias for the CIDR in question though (e.g. http://paste.debian.net/890593/ )
13:44 whatevsz i just saw that this is super easy in ansible with something like {% for host in groups['all'] %} {{ host['ip'] }}  IN A {{ host['name'] }}
13:44 whatevsz or something like that
13:44 babilen You can access mine data in pillars also: https://docs.saltstack.com/en/carbon/ref/modules/all/salt.modules.mine.html#salt.modules.mine.get
13:45 MajObviousman I'm struggling with a salt idiom, perhaps someone can point me in the correct direction
13:45 edrocks joined #salt
13:45 MajObviousman let's say I have a list of users that need to be added to a config file
13:45 babilen whatevsz: Yes, it works like that in salt only that you have to feed selected data into the mine first
13:45 babilen And host['ip'] is quite ambiguous
13:45 whatevsz babilen: ok, then i'm going to do it like this
13:46 jas02 joined #salt
13:46 whatevsz i was just surprised how straightforward this was in ansible
13:46 MajObviousman I can use jinja and for to loop over them, and I can use loop.last to add a "commit" state
13:46 whatevsz i guess it doesn't work with salts architecture without breaking security
13:46 MajObviousman but what's the guarantee that commit state will run after all the other states if I don't add requires?
13:47 babilen whatevsz: You could get the IP from grains or use network.ip_addrs which allows you to get an address in a given CIDR or even just differentiate by type (public / private)
13:47 numkem joined #salt
13:47 babilen whatevsz: You'd define a suitable mine function alias in pillars, refresh the pillars for the minion and update the mine. You can then use mine.get on any minion to retrieve information about the targeted boxes.
13:48 whatevsz babilen: yup, i'll try the mine approach. thank you very much for your help! :)
13:48 babilen whatevsz: A common idiom is to set a grain that you'll target with G@ to "tag" the boxes that are part of the group
13:51 babilen whatevsz: I define mine function aliases for all private network ranges on all minions (like the 10.0.0.0/8 I showed earlier) and then specific networks in use
13:51 babilen Sometimes type='public' is all you need, but that doesn't work if you have multiple addresses
13:52 pipps joined #salt
13:57 MajObviousman so I just figured it out ... this is what require_in is for
14:02 akhter Anyone know how to do jinja variables in strings.
14:02 akhter For example.
14:02 akhter {% var1 = '/mnt/{{ var0 }}/test %}
14:04 akhter Err: {% var1 = '/mnt/{{ var0 }}/test' %}
14:08 pipps joined #salt
14:08 MajObviousman akhter: set var1 = '/mnt/{0}/test'.format(var0)
14:08 armyriad joined #salt
14:08 akhter You can use .format in jinja?
14:08 fleaz joined #salt
14:08 psrjr joined #salt
14:08 akhter Awesome, I'll try.
14:10 akhter MajObviousman: Thanks! I had no idea you could use .format.
14:10 patrek joined #salt
14:11 ernescz akhter: or you can try something like {{ "/mnt/" ~ var1 ~ "/test" }}.
14:11 ernescz more info here: http://jinja.pocoo.org/docs/dev/templates/#other-operators
14:11 akhter ernescz: I'll look into that, thanks.
14:12 MajObviousman akhter: np. It's a python idiom
14:12 MajObviousman that strangely  made its way into jinja, whereas other idioms did not
14:13 numkem joined #salt
14:13 akhter MajObviousman: I should have figured jinja had the same capability, I didn't see it anywhere on their docs, maybe I should have looked harder.
14:13 AndreasLutro you can call any object method in jinja
14:13 AndreasLutro and since strings are objects, you can call string methods in jinja
14:13 AndreasLutro 'foobar'.startswith('foo') would also work for the same reasons
14:14 akhter AndreasLutro: Yeah I use startswith quite a lot with my states.  {% if grains['id'].startswith('some name here') %}, I don't recall finding that on the docs either.
14:17 akhter joined #salt
14:18 Reverend can you do a require_in a cmd.run?
14:18 AndreasLutro you can do require/require_in in any state
14:18 Reverend siock
14:18 Reverend sick*
14:19 Reverend might be worth doing it backwards though right, and on the CMD, do "require: pkg blahblah"
14:21 nmadhok joined #salt
14:23 KingOfFools joined #salt
14:23 Reverend AndreasLutro: http://pastebin.centos.org/56631/
14:23 Reverend canhazborrow pls
14:30 AndreasLutro varnishdeps
14:32 marie1972 joined #salt
14:32 MajObviousman Reverend: functionally require and require_in behave the same, but as I've just learned sometimes it's way more useful to use the require_in format
14:35 AndreasLutro depends entirely on what you're doing, I think require makes more sense most of the time
14:36 DammitJim joined #salt
14:36 Reverend AndreasLutro - thanks mate. <3
14:36 Reverend MajObviousman - thanks. I'll take a look.
14:37 DammitJim what is the command to get the states that highstate is going to execute for a minion?
14:37 MajObviousman if it's a straightforward assocation, I'd suggest using require every time
14:37 Reverend I alwaus thought that require_in would work backwards ;S
14:37 MajObviousman it does work backwards, yes
14:37 Reverend oh\
14:37 Reverend \o/
14:38 stanchan joined #salt
14:38 AndreasLutro DammitJim: state.apply test=true?
14:39 DammitJim is state.apply the same as state.sls ?
14:39 DammitJim that's where I'm confused
14:39 DammitJim or does state.apply not do anything to the minion at all?
14:40 AndreasLutro state.apply is a wrapper that does either state.highstate or state.sls depending on how many arguments you give it
14:40 DammitJim like I'm wondering why test=true for highstate is soooo slow
14:40 bltmiller joined #salt
14:40 AndreasLutro because even with test=true it still has to do a bunch of stuff
14:40 AndreasLutro like fetch git remotes, check file hashes, check for package updates...
14:40 tercenya joined #salt
14:41 MajObviousman Reverend: https://gist.github.com/anonymous/37b64532a0f853fb0f003ec1b92db5a4   vs  https://gist.github.com/anonymous/f520faf9e28bc43d990a8c75df45dd20
14:41 MajObviousman they will behave exactly the same
14:41 DammitJim weird
14:41 DammitJim it's like my highstate is skipping a state I defined on my top file
14:41 AndreasLutro try state.show_top
14:41 DammitJim thanks
14:41 Reverend shhhhhhh
14:42 * MajObviousman forgot about show_top
14:42 Reverend ahhhh*
14:42 Reverend thanks MajObviousman - that makes sense: )
14:42 Reverend I'll bookmark XD
14:42 Reverend and/or put it on our company wiki :P
14:42 DammitJim NICE!
14:42 DammitJim those are the tools one needs to use and master
14:42 MajObviousman I learned this AM when require_in would be super useful
14:42 MajObviousman let me sanitize this state file and gist it
14:44 du5tball left #salt
14:45 DammitJim can I not pcre for something like this in my top file? 'nsjs[1|3]01[test|p].railrug.com':
14:46 DammitJim oh,k parenthesis instead of square brackets?
14:46 stanchan joined #salt
14:46 jas02 joined #salt
14:49 DammitJim with pcre, how do I match something like this: my1server, my2server, my3server
14:49 DammitJim but not my4server
14:50 MajObviousman DammitJim: you can, but you need to declare the match as compound IIRC
14:53 lompik joined #salt
14:57 abednarik joined #salt
14:59 nidr0x joined #salt
15:00 anotherzero joined #salt
15:01 keltim_ joined #salt
15:01 keltim joined #salt
15:05 akhter joined #salt
15:09 edrocks joined #salt
15:15 tercenya joined #salt
15:19 sp0097 joined #salt
15:19 akhter joined #salt
15:21 wm-bot4187 joined #salt
15:21 DammitJim how do you guys deal with a one time database setup through salt?
15:21 DammitJim I want it in my highstate for when I create the server, but not to do that anymore after that
15:22 gtmanfred i just make sure my database setup is idempotent
15:22 gtmanfred but for some stuff like mysql_secure_installation
15:22 MajObviousman https://github.com/saltstack-formulas/mysql-formula
15:23 gtmanfred which i run with cmd.run, i just add a onlyif: {{grains.get('mysql_setup'}}
15:23 MajObviousman I reverse engineered what mysql_secure_installation was doing and did it myself
15:23 gtmanfred and then a state that sets it to /bin/false
15:23 gtmanfred MajObviousman: nice!
15:23 MajObviousman that is super smart gtmanfred,  like it
15:23 gtmanfred i will have to start using the formula
15:23 MajObviousman also I'm being careful about what lands in my highstate
15:23 gtmanfred MajObviousman: yeah, was much better than wrapping the cmd.run in a jinja if that checks the variable
15:24 gtmanfred less jinja is better jinja
15:24 MajObviousman that formula is really comprehensive. REALLY comprehensive.
15:24 gtmanfred grains.get('mysql_setup', true)
15:24 gtmanfred yeah, i have seen it, i just usually have so little that I need to do
15:24 gtmanfred plus, i prefer postgres :P
15:24 MajObviousman same, and I installed mariadb on one system & percona on the other
15:25 spuder joined #salt
15:25 stanchan joined #salt
15:25 MajObviousman required a few adjustments from that formula, so I just yanked the important bits out and trimmed down the jinja to just what I needed
15:25 MajObviousman I encourage you guys to turn on the general log and then run mysql_secure_installation to see exactly what it runs
15:26 MajObviousman I created a SQL file with those commands, then download it to the box and cmd.run mysql <file.sql
15:26 LiamMon joined #salt
15:26 BattleChicken joined #salt
15:26 gtmanfred nice
15:28 ivanjaros joined #salt
15:31 rherna joined #salt
15:31 DammitJim gtmanfred, so you just set a pillar flag?
15:33 gtmanfred i set a grain
15:33 DammitJim why a grain and not a pillar?
15:33 BattleChicken are there any actual good tutorials for making your own grains and pillars?
15:34 gtmanfred DammitJim: because i can set the grain on the first run
15:34 BattleChicken not just the documentation that bullet points the rough functionality.. like a walk through type document?
15:35 gtmanfred DammitJim: like this https://github.com/saltstack/salt-jenkins/blob/master/keystone/setup_db.sls#L11-L20
15:35 cosming joined #salt
15:35 om2_ joined #salt
15:36 gtmanfred BattleChicken: i do not believe there is an in depth walk through of it
15:41 weylin
15:42 MajObviousman there's a large opportunity to write docs for it
15:42 gtmanfred ^^
15:42 gtmanfred get some commits in
15:42 * MajObviousman is on a path to do some docs rewritten
15:42 gtmanfred climb that commit ladder
15:42 gtmanfred we need to do another doc sprint
15:43 onlyanegg joined #salt
15:43 DammitJim ah, you set the grain after the config is done
15:43 MajObviousman pretend my last statement was parseable English
15:43 DammitJim then you don't have to manually change the pillar!
15:43 DammitJim gotcha
15:43 gtmanfred yar
15:44 MajObviousman I've got several things I need to move into grains that are currently pillars
15:45 tapoxi joined #salt
15:50 logwriter joined #salt
15:50 thebignoob joined #salt
15:52 thebignoob Hi guys, I'm trying to get a better understanding of pillar merging strategy, but I'm unsure if there's a setting for what I'm looking for
15:52 thebignoob I have some pillar data that I'd like to use that's stored in our defined pillar, But I'd also like to change one value in that pillar data while running a script that passes in a pillar variable at the CLI level; Is there a merge stategy that will retain everything in our stored pillar, and will only overwrite the value specified in the CLI ?
15:54 ivanjaros joined #salt
15:54 harkx joined #salt
15:55 tercenya joined #salt
15:57 akhter joined #salt
15:59 Sketch is there a way to test if test is true or false in a state?
16:00 Sketch i have some http.query calls that fail when the state is called with test=true, which is sort of annoying
16:03 nZac joined #salt
16:06 tapoxi thebignoob: yeah
16:07 tapoxi thebignoob: one sec looking up how I did this
16:07 joshin1 joined #salt
16:10 tapoxi thebignoob: may not be what you're looking for but if you're editing a jinja template that reads pillar data, you can override it with 'defaults:'
16:10 akhter joined #salt
16:11 tapoxi thebignoob: http://hastebin.com/ovuyobocay.cpp
16:13 jas02 joined #salt
16:15 samodid joined #salt
16:15 marie1972 joined #salt
16:16 marie1972 left #salt
16:17 armguy joined #salt
16:17 klaas joined #salt
16:21 Sketch joined #salt
16:21 akhter joined #salt
16:23 cmarzullo joined #salt
16:24 mpanetta joined #salt
16:25 ivanjaros joined #salt
16:26 amcorreia joined #salt
16:27 mpanetta joined #salt
16:32 joshin1 joined #salt
16:35 abednarik joined #salt
16:37 dps joined #salt
16:37 reji joined #salt
16:39 armonge62 joined #salt
16:40 anotherzero joined #salt
16:40 qman__ joined #salt
16:41 bbhoss joined #salt
16:41 shawnbutts joined #salt
16:41 ub1quit33 joined #salt
16:41 djural joined #salt
16:41 imanc joined #salt
16:42 armonge39 joined #salt
16:43 scarcry joined #salt
16:43 johtso joined #salt
16:43 dps joined #salt
16:44 ramblinpeck joined #salt
16:44 WKNiGHT joined #salt
16:44 JamieH joined #salt
16:44 bmcorser joined #salt
16:44 munhitsu_ joined #salt
16:44 udbax joined #salt
16:44 ToeSnacks joined #salt
16:44 Awesomecase joined #salt
16:45 vaelen joined #salt
16:45 racooper joined #salt
16:45 McNinja joined #salt
16:45 joe__ joined #salt
16:45 jav joined #salt
16:45 bbradley joined #salt
16:45 tongpu joined #salt
16:45 BlackBishop joined #salt
16:45 MeltedLux joined #salt
16:47 Salander27 joined #salt
16:48 jas02_ joined #salt
16:49 dps joined #salt
16:49 infrmnt joined #salt
16:50 numkem joined #salt
16:53 Edgan joined #salt
16:53 armonge39 joined #salt
16:55 dps joined #salt
16:56 armonge39 joined #salt
16:56 armonge joined #salt
16:57 reji_ joined #salt
16:57 armonge joined #salt
16:58 reji_ Hi there! Salt support etcd v3?
16:59 gtmanfred how different is etcd v3 from v2?
16:59 gtmanfred and how new is etcd v3?
16:59 gtmanfred looks like it was just released... it might... only one way to find out
16:59 reji_ in API. HTTP vs gRPC
17:00 jwang joined #salt
17:00 gtmanfred the etcd formula hasn't updated in a year
17:00 reji_ Owkay (
17:00 iggy we anxiously await PRs
17:00 reji_ (im anout etcd as pillars backend)
17:01 gtmanfred it just uses the python-etcd python module, so maybe? depends on if python-etcd supports both
17:01 TyrfingMjolnir joined #salt
17:01 gtmanfred if it doesn't, then what iggy said
17:01 iggy I was referring to the formula specifically, but yeah
17:01 reji_ nope, here is another library. https://github.com/kragniz/python-etcd3
17:02 beowuff joined #salt
17:03 reji_ Ok. If we, i'll send PR :)
17:03 gtmanfred :+1:
17:03 armonge joined #salt
17:04 reji_ Thats all i want to know, so cy later :) I'll be back in next year)
17:04 reji_ left #salt
17:08 akhter joined #salt
17:12 mgresser_ joined #salt
17:12 spuder_ joined #salt
17:15 UtahDave joined #salt
17:16 renoirb joined #salt
17:20 akak548 joined #salt
17:23 nZac joined #salt
17:26 Trauma joined #salt
17:26 Sketch aha, found out how to do what i wanted
17:26 Sketch opts['test']
17:28 tercenya joined #salt
17:30 akak548 Has anyone here tried to put a proxy infront of there saltmasters? And did you have any issues?
17:30 jas02 joined #salt
17:30 jas02_ joined #salt
17:31 gtmanfred what kind of proxy, like in front of salt-api? or in front of the master as in connections for minions back to the master?
17:31 akak548 in front of the master
17:32 gtmanfred in front of connections from the minions?
17:32 akak548 minion -> master_dns -> elb -> master_instance
17:32 debian112 joined #salt
17:32 gtmanfred nope, never trie dit
17:32 mikecmpbll joined #salt
17:32 strobelight joined #salt
17:33 gtmanfred i think you might have some problems with how the minion listens directly on the port for information
17:35 esckroh joined #salt
17:35 akak548 I am having issues. I was just curious if anyone implemented a proxy before
17:36 rhand joined #salt
17:36 gtmanfred why are you trying to create a proxy with elb?
17:37 gtmanfred so that you can have multiple round robin masters? and if one goes down the minion will move over?
17:37 gtmanfred cause https://docs.saltstack.com/en/latest/topics/tutorials/multimaster.html exists
17:39 abednarik joined #salt
17:39 akak548 so I am running multimaster setup. and the minion have both masters. I was trying to put the saltmasters in autoscaling
17:40 gtmanfred I would say the best bet would be to ask on salt-users mailing list which has more eyes and someone there might be able to help
17:42 Electron^- joined #salt
17:46 akak548 thansks for the help
18:03 Trauma joined #salt
18:04 jas02 joined #salt
18:05 M-liberdiko joined #salt
18:07 DammitJim I am in a big pickle
18:07 DammitJim I have made so many changes to states and pillar
18:07 DammitJim and I haven't gone back to update my servers
18:08 DammitJim is there a way to get a good report that will tell me what would get updated on the servers if I was to run highstate on all of them?
18:08 DammitJim running sudo salt '*' state.highstate test=true is not working (it doesn't return)
18:09 anotherzero joined #salt
18:11 gtmanfred you could jump to a minion and run salt.call state.highstate test=True... it should have to return there
18:11 gtmanfred other than that, i don't think so
18:11 DammitJim Salt request timed out. The master is not responding. If this error persists after verifying the master is up, worker_threads may need to be increased.
18:11 DammitJim that's what I get
18:12 DammitJim dammit
18:13 DammitJim how many worker_threads is too much?
18:13 DammitJim I have 100 now
18:13 gtmanfred how many minions do you have?
18:13 DammitJim let me count
18:14 DammitJim 114
18:14 Mads[m]1 joined #salt
18:14 ThomasJ|m joined #salt
18:14 jerrykan[m] joined #salt
18:14 freelock[m] joined #salt
18:14 M-MadsRC joined #salt
18:14 saintaquinas[m] joined #salt
18:14 dnull[m] joined #salt
18:14 gtmanfred you shouldn't need that many worker threads
18:14 DammitJim dammit
18:14 DammitJim I have other issues, don't I?
18:14 gtmanfred probably
18:14 gtmanfred https://docs.saltstack.com/en/latest/ref/configuration/master.html#worker-threads
18:15 tbortels Is there a way to define nodegroups without editing /etc/salt/master? Or some way to do "-L @filename" rather than "-L host1,host2,...hostN"?
18:15 DammitJim yeah
18:16 edrocks joined #salt
18:16 gtmanfred tbortels: i do not believe so
18:17 DammitJim does it matter that I have minions that are turned off?
18:17 gtmanfred DammitJim: that i don't know
18:17 tbortels sigh - bummer. I thought that might be the case. I have been using grains to target, but it is suboptimal.
18:18 gtmanfred and insecure
18:18 gtmanfred since someone could compromise the minion, change the grains, and get other pillar data it shouldn't have access too
18:19 DammitJim gtmanfred, do you think I should reduce my worker_threads?
18:19 KevinAn27 joined #salt
18:19 gtmanfred DammitJim: that i don't know, i think increasing the timeout for minions may help
18:20 DammitJim interesting
18:20 DammitJim is that on /etc/salt/master?
18:20 tbortels I am not super concerned about that - we own both ends of the connection, and I am not putting anything in the pillars that cannot be global (yet). My issue with grains targeting is that the master has to wait for each minion to report or not report, so it's slower. Targeting exclusively on the master is much faster. I'm just leery about editing /etc/salt/master for various reasons
18:20 gtmanfred DammitJim: yeah
18:21 gtmanfred tbortels: you can always just have a nodegroups file in /etc/salt/master.d/nodegroups.conf ?
18:21 tbortels but it occurs to me I could make an /etc/salt/master.d/nodegroups file to isolate those changes - @gtmanfred, you beat me to it.
18:21 gtmanfred :)
18:21 tbortels Will those get picked up on the fly? or do I need to bounce the master?
18:21 DammitJim are we talking about the timeout value?
18:21 DammitJim Set the default timeout for the salt command and api
18:21 s_kunk joined #salt
18:22 gtmanfred tbortels: i think you still need to bounce the master, but you might not, i haven't tried in a while
18:22 gtmanfred i remember seeing somewhere that you might not have to
18:22 tbortels (we do some heinous change control - editing /etc/salt/master frequently would be a pain. But if I can isolate it...) I will find out by trying! :-)
18:22 gtmanfred DammitJim: yes, the timeout on minion returns
18:22 gtmanfred tbortels: cool
18:25 DammitJim I'm going to upgrade the salt master to the latest version. I think it's going to be 2016.3.3
18:25 DammitJim I should do that before I do the minions, right?
18:25 druonysus joined #salt
18:26 tapoxi DammitJim: yeah
18:26 infrmnt joined #salt
18:26 armonge joined #salt
18:26 druonysus joined #salt
18:26 tapoxi anyone using salt-cloud have a good way of organizing their cloud maps?
18:27 tapoxi I'm specifying the subnetid (and thus the AZ) in the profile and would much rather do that on the map
18:28 CEH joined #salt
18:28 CEH hi
18:28 gimpy9238 left #salt
18:30 armonge joined #salt
18:30 mikea get
18:30 mikea hey
18:31 mikea Is there any way for me to provide additional information with the salt key signing request?
18:31 DEger joined #salt
18:31 hoonetorg joined #salt
18:32 mikea I'd like our build system to populate a shared secret of some sort that I can check with a reactor and automatically sign the key
18:35 armonge joined #salt
18:36 nZac joined #salt
18:40 akhter joined #salt
18:42 tercenya joined #salt
18:46 keltim_ akak548, are you talking about ec2? what would you need an elb for? I just launch a master and leave it at that
18:49 udbax joined #salt
18:50 tapoxi mikea: well you could make the key
18:51 tapoxi mikea: run salt-key during your build, have it generate one, and plop that down as the minion's key and into the master's accepted keys dir
18:52 mikea tapoxi, that sounds like a great idea, but I don't know that cobbler can do that
18:52 DammitJim I am looking to update my minions version of salt
18:52 DammitJim I'm going from using the ppa.launchpad.net to the repo.saltstack.com
18:52 DammitJim do I need to remove keys on the minions?
18:53 tapoxi DammitJim: shouldn't, unless the ppa uses a weird directory structure.
18:53 gtmanfred you do not
18:53 gtmanfred it should be the same
18:53 DammitJim oh really?
18:53 gtmanfred the directory structre and keys stuff
18:53 DammitJim I'm going from: deb http://ppa.launchpad.net/saltstack/salt/ubuntu trusty main
18:53 DammitJim to deb http://repo.saltstack.com/apt/ubuntu/14.04/amd64/latest trusty main
18:53 DammitJim those 2 repos use the same key?
18:54 gtmanfred no
18:54 DammitJim but I don't need to remove the key, right?
18:54 gtmanfred oh, you want to remove the repo key
18:54 whytewolf DammitJim: thought you were asking about the minion key not the repo key
18:54 gtmanfred you don't have to, just make sure you also install the salt-repo key
18:54 DammitJim not want to... but I had problems in the past where the key was changed
18:54 DammitJim and it was causing all kinds of havoc
18:55 gtmanfred just make sure you have the key on the repo.saltstack.com/#ubuntu page installed
18:55 whytewolf key changing on a repo is one thing, changing repos is another
18:55 DammitJim what paste do we use here?
18:55 DammitJim so I can show what I'm doing
18:55 whytewolf gist normally
18:55 tapoxi mikea: never used cobbler so not sure. but if your builder is just a machine with salt installed, you could scp it up to the master or fire a beacon containing the public key
18:56 fracklen joined #salt
18:57 infrmnt joined #salt
18:58 whytewolf mikea: you could setup keys for each of the systems that you are going to deploy with cobbler first. plug the values into cobbler in the server info somewhere. then build your install script to create the keys on the system using that info.... in thoery
18:58 DammitJim https://gist.github.com/anonymous/e7cbd672264025a352d8ee8b0cc4ca33
18:58 mikea yeah, the problem is that we're using the damn biosuuid for the minion id
18:59 tapoxi ouch
18:59 whytewolf ugh ... so you have templated server info instead of set server info
18:59 gtmanfred DammitJim: that should work
19:00 tapoxi DammitJim: where are you killing the old ppa
19:00 mikea yeah, so we need to be on the actual minion vm to get that
19:00 gtmanfred tapoxi: he isn't he is just updateing with pkg.latest
19:00 gtmanfred and since it is the same package name, it should uninstall the old one
19:01 tapoxi gtmanfred: good point
19:01 DammitJim tapoxi, I am not
19:01 DammitJim do I need to?
19:01 DammitJim how do I go about that?
19:01 gtmanfred you do not
19:01 gtmanfred because it is going to upgrade the package and remove the old one
19:01 tapoxi DammitJim: don't need to but you can use pkgrepo.absent
19:02 gtmanfred he shouldn't need that either cause it should go on top of the old one with the same name /etc/apt/sources.list.d/base.list ?
19:02 gtmanfred or saltstack-salt-trusty.list
19:03 jas02_ joined #salt
19:03 gtmanfred or maybe not... hrm
19:03 tapoxi right not needed but if something unexpected happens to the ppa in the future you can have a bad time
19:03 whytewolf it will add to that list, not overwright it
19:03 gtmanfred yeah, that is fair, it could just append
19:03 gtmanfred yar
19:04 BattleChicken left #salt
19:05 tapoxi i'm just a neat freak and remove all repos salt doesnt manage
19:05 cro joined #salt
19:06 subsignal joined #salt
19:07 DammitJim tapoxi, how do you do that with salt?
19:09 gtmanfred just do a pkgrepo.absent on the old repository
19:09 gtmanfred DammitJim: ^^
19:20 cosming joined #salt
19:23 DammitJim oh man
19:23 DammitJim so, I should have added this and not edited my old state!
19:23 DammitJim right?
19:23 DammitJim is that normal?
19:24 alexanderilyin joined #salt
19:24 DammitJim man, look at what this did!
19:24 DammitJim KeyError: 'saltutil.refresh_modules'
19:29 sevag joined #salt
19:30 moloney joined #salt
19:31 sevag hi all. i'm trying to configure the salt cloud module. so far i was able to get my AWS provider working correctly (defined in a pillar with the access key and secret key), however it tells me "Profile base_ec2 is not defined". this profile is in /etc/salt/cloud.profiles.d/aws-us-east-1.conf. i restarted my master and minion with no help. any suggestions?
19:31 DammitJim weird
19:31 DammitJim it's not updating the repo
19:32 moloney Anyone have a workaround for SLS "includes" not being ordered?  I mean other than using requisistes all over the place.
19:34 sgo_ joined #salt
19:35 moloney Or sacrificing modularity and building a single giant SLS
19:35 toastedpenguin joined #salt
19:37 hoonetorg joined #salt
19:41 mavhq joined #salt
19:42 infrmnt joined #salt
19:43 gtmanfred moloney: there is unfortunately not a fix, but there is a feature request open asking for them to be ordered
19:45 gtmanfred actually, what version of salt are you on? cause i think when I tested it those were ordered
19:47 gtmanfred moloney: like this ? https://github.com/saltstack/salt/issues/14899
19:47 saltstackbot [#14899][OPEN] State inclusion is limited | Currently, in a state I can include other modules:...
19:47 gtmanfred i guess a work around would be to use jinja includes
19:48 gtmanfred moloney: https://github.com/saltstack/salt/issues/5255#issuecomment-238617178 it looks like they should be loaded in order
19:48 saltstackbot [#5255][OPEN] Allow order inheritance in sls or includes | It would be handy to be able to define order inheritance for sls and for includes. E.g:...
19:49 sevag when i run my minion in debug mode, i see this: Including configuration from '/etc/salt/cloud.profiles.d/aws-us-east-1.conf'
19:49 sevag yet i still get: Profile base_ec2 is not defined
19:50 tercenya joined #salt
19:51 armonge joined #salt
19:57 armonge joined #salt
20:02 moloney @gtmanfred: I am on 2015.8.12, I guess I was mostly going off the documentation that says includes aren't ordered
20:03 gtmanfred moloney: do you have a link, because it should be ordered
20:04 jas02_ joined #salt
20:04 DammitJim do I need to bind to an interface on the newest salt?
20:04 DammitJim something is not working right
20:04 moloney @gtmanfred:  Looking again, I guess I was kinda misreading this but it is worded somewhat confusingly: "NOTE: include does not simply inject the states where you place it in the SLS file. If you need to guarantee order of execution, consider using requisites." (from: https://docs.saltstack.com/en/latest/ref/states/include.html)
20:05 DammitJim I'm just doing a test.ping from a new version of salt on the master and an older version of salt on a minion and it's not returning
20:06 gtmanfred moloney: yeah, so that is technically correct.  If you want to gaurantee order of execution, you need requisites.  But if you don't use any requisites anywhere, include will still do top down.
20:06 moloney @gtmanfred: I understand that stuff inside the top level SLS needs to use requisites rather than relying on where you put the "include" (and that is fine)
20:06 DammitJim https://gist.github.com/anonymous/ef641c1ece78b6b7030f0a12ccb2bb14
20:06 DammitJim what do you guys think it's going on?
20:07 gtmanfred did you upgrade the master before upgrading the minions?  did you restart the minions after the upgrade?
20:07 moloney @gtmanfred: Thanks that makes sense and makes my life much easier :)
20:07 DammitJim gtmanfred, yes to both
20:07 gtmanfred moloney: cool :)
20:07 gtmanfred DammitJim: do a tcpdump on the master, and then a salt-call test.ping from the minion and see what happens
20:07 swa_work joined #salt
20:08 DammitJim gtmanfred, salt-call returned true
20:09 gtmanfred then it is communicating with the master
20:09 DammitJim I can telnet to port 4506 of the master
20:10 gtmanfred check the minion logs with debug on and send something to the minion and see if it runs it and throws any errors
20:10 DammitJim send or test.ping
20:10 DammitJim I was doing test.ping and this is what it was spitting
20:10 gtmanfred send something, anything, and see if the minion logs anything in debug mode
20:10 DammitJim SaltReqTimeoutError: after 60 seconds. (Try 1 of 7)
20:10 DammitJim stuff like that
20:11 gtmanfred that sounds like the worker threads problem you were seeing before
20:11 gtmanfred what if you do `salt -b 10 \* test.ping` how many return?
20:13 DammitJim are you saying I need to restart all the salt clients after I update my salt master?
20:13 DammitJim none are returning the ping
20:13 DammitJim [DEBUG   ] Initializing new AsyncZeroMQReqChannel for ('/etc/salt/pki/master', 'minos.railrug.com_master', 'tcp://127.0.0.1:4506', 'clear')
20:13 DammitJim I keep seeing that
20:15 DammitJim dammit
20:16 DammitJim I should have taken a backup of the master before making these changes
20:16 gtmanfred check /etc/salt/master and make sure it doesn't have bind: 127.0.0.1 ? i don't know, i have never seen that where the minions can communicate back but the master can't send anything to them
20:17 armonge joined #salt
20:18 DammitJim ok
20:18 DammitJim thanks
20:21 DammitJim https://github.com/saltstack/salt/issues/36866
20:21 saltstackbot [#36866][OPEN] [2016.11.0rc1] salt-master <> salt-minion communication borken due to master_alive_interval | Description of Issue/Question...
20:21 DammitJim so weird!!!!
20:22 tercenya joined #salt
20:22 DammitJim I wonder if I can downgrade
20:23 gtmanfred wait, you went to the 2016.11.0? that is still a release candidate
20:23 DammitJim 2016.3.3+ds-1
20:23 DammitJim oh, nevermind then
20:23 gtmanfred yeah, the bug you linked is for 2016.11
20:23 gtmanfred the next release
20:23 DammitJim ok, thanks
20:23 DammitJim man, how do I downgrade my salt-master back to what I had before
20:24 DammitJim back to 2015.5.3
20:24 gtmanfred oh, are your minions still on 2015.5.3?
20:24 DammitJim yes
20:24 DammitJim that's why I asked earlier what I should upgrade first
20:24 gtmanfred there is a known bug that 2015.5.3 minions cannot talk to a 2016.3.3 master
20:24 gtmanfred it is the only broken release
20:25 DammitJim AAAHHHHHHHH
20:25 gtmanfred DammitJim: https://github.com/saltstack/salt/issues/36940#issuecomment-255385729
20:25 saltstackbot [#36940][OPEN] Salt request timed out. The master is not responding. If this error persists after verifying the master is up, worker_threads may need to be increased. | Description of Issue/Question...
20:25 gtmanfred well, maybe not the only one, but it is broken,the communication will be fixed in 2016.3.5
20:25 gtmanfred (3.4 is almost ready)
20:25 DammitJim crap
20:26 DammitJim so, I have to go to each server to update it
20:26 gtmanfred you could roll your master to 2015.8 maybe? and then upgrade all the minions to 2015.8, then go to 2016.3.3
20:26 DammitJim right
20:26 DammitJim I just don't know how to downgrade it with apt
20:27 gtmanfred apt-get install <package-name>=<package-version-number>
20:27 gtmanfred and you will have to change your salt repo to point to the old package version
20:27 DammitJim yeah, I did that
20:28 DammitJim would this be the version? 2015.5.3+ds-1trusty1
20:28 gtmanfred i don't know, i don't use ubuntu
20:29 whytewolf apt-cache madison salt-master
20:30 DammitJim who is madison?
20:30 _aeris_ joined #salt
20:30 whytewolf it is an apt-cache command
20:30 DammitJim oh
20:31 whytewolf madison was the debian archive management tool
20:32 m4rx joined #salt
20:32 DammitJim nice
20:33 DammitJim ok, reverting worked
20:33 DammitJim I"m going to have to think about this before I actually do it
20:33 DammitJim updating the minions might have issues as well
20:34 sgo_ joined #salt
20:34 whytewolf salt-master.2015.8 -> salt-minions.2015.8 -> salt-master.2016.3 -> salt-minions.2016.3
20:35 fracklen joined #salt
20:35 DammitJim oh, I should go to 2015.8 first?
20:35 gtmanfred yes, because 2016.3 master is broken with 2015.5.3 minions
20:35 DammitJim I guess I'll come back to this.
20:35 DammitJim where can I get that version? the ppa doesn't have that
20:36 gtmanfred ... from the salt repo
20:36 gtmanfred https://repo.saltstack.com/#ubuntu click on the pin major version button
20:36 whytewolf ^
20:36 gtmanfred then change 2016.3 to 2015.8 in the deb line
20:37 gtmanfred https://repo.saltstack.com/apt/ubuntu/14.04/amd64/
20:37 gtmanfred 14.04 even has a 2015.5 repository so you could get to the latest 2015.5 first
20:37 gtmanfred but i don't know that that would help
20:37 DammitJim when I performed the update using that link
20:37 DammitJim it installed 2016.3
20:37 whytewolf would at least get him off the ppa
20:38 gtmanfred yeah, you used /latest instead of /2015.8
20:38 gtmanfred https://repo.saltstack.com/apt/ubuntu/14.04/amd64/2015.8/
20:38 gtmanfred pin it to the major release 2015.89
20:38 whytewolf 89?
20:38 wm-bot4 joined #salt
20:38 DammitJim so, instead of: deb http://repo.saltstack.com/apt/ubuntu/14.04/amd64/latest trusty main
20:38 whytewolf I want that release
20:38 gtmanfred i have fat fingers
20:39 DammitJim I should do: deb http://repo.saltstack.com/apt/ubuntu/14.04/amd64/2015.8 trusty main
20:39 DammitJim correcto?
20:39 gtmanfred yes
20:39 whytewolf or have them both and use version targetting [and don't run a blind update]
20:39 gtmanfred dammit jim! read the page :P
20:39 nZac joined #salt
20:39 DammitJim what page?
20:40 gtmanfred repo.saltstack.com/#ubuntu
20:40 gtmanfred it tells you how to do this
20:40 DammitJim The page tells me how to get latest
20:40 DammitJim not 2015.8 ;)
20:40 whytewolf DammitJim: the left hand menu lets you change latest :P
20:40 gtmanfred click on the pin major release on the left hand side
20:40 DammitJim or maybe I'm missing a link
20:40 DammitJim oh... pin major release
20:40 DammitJim let me see
20:41 whytewolf if you break it you get to keep both pieces
20:41 gtmanfred :tada:
20:41 DammitJim LOL
20:41 DammitJim oh no, I'm taking a snapshot as we speak
20:42 DammitJim that was also interesting... I ended up installing virt-who what something
20:42 DammitJim because of a warning on 2016.3
20:43 whytewolf oh yeah it is a python script to determine if the server is virtual or physical
20:43 gtmanfred I am going to work on a salt-ssh roster that uses the master grains cache
20:43 tapoxi is there a roster that uses aws inventory etc?
20:43 * whytewolf just wants updated openstack modules/states or the time to work on my own
20:44 nawwmz joined #salt
20:44 tapoxi I wrote my own with libcloud without really digging if that was built in
20:44 gtmanfred whytewolf: it is in my sprint right now, and being worked on :)
20:44 gtmanfred tapoxi: there is not, but there is a salt cloud cache roster
20:44 gtmanfred which will query the cloud cache for minion information of any cloud provider
20:44 DammitJim man, I come in here and it's like you guys are talking another language
20:45 tapoxi gtmanfred: doesn't require the machine to be built using salt-cloud?
20:45 gtmanfred tapoxi: it does not, it just requires it to be seen by salt-cloud -F
20:45 whytewolf gtmanfred: is domains and groups being included? how about HA network support? do we finally get a heat module? <evil grin>
20:45 gtmanfred and to have cloud cache turned on
20:45 tapoxi gtmanfred: awesome thanks
20:45 gtmanfred whytewolf: heat module is in develop
20:45 whytewolf sweet
20:45 gtmanfred whytewolf:groups are in carbon, i am working on adding domains
20:46 tapoxi DammitJim: what, rosters?
20:46 gtmanfred whytewolf: I am also working on moving it all over to shade so it will be less confusing and easier to use and more stable
20:46 DammitJim the rooster
20:46 DammitJim then a rooster in the cloud
20:46 DammitJim with some minion movies eating bananas
20:47 tapoxi DammitJim: so if you want to use salt-ssh it needs a way of knowing what machines you have. a roster is just a list of those machines from some source (text file, aws api, salt master's cache, etc)
20:47 tapoxi I mostly use salt-ssh for updating the minion so I don't have to worry about breaking shit
20:48 whytewolf domains is one of the biggest things holding me back right now. well that and the nuetron module being happazardly built to the point i can't add external subdomains [and i patched in external networks]
20:48 DammitJim tapoxi, breaking what? *covers his mouth*
20:49 gtmanfred tapoxi: that was exactly why I was thinking the grains cache would be a great thing to have for a roster
20:49 gtmanfred whytewolf: yeah, it is on my list.  I don't have anything else for a while, i am just waiting for the other person that is doing github issue triage to get back from pto, and then I am getting back to it
20:49 gladiatr joined #salt
20:49 gtmanfred keystone is the first one, then neutron, and then i am going to rebuild the nova cloud driver
20:50 whytewolf yay i could hug you right now
20:50 gtmanfred :)
20:50 gtmanfred I have my openstack setup running in vmware fusion and working and I need to get keystonev3 authentication working in the nova driver first also
20:50 tapoxi gtmanfred: while you're here i'll bug you :) i'm trying to think of a nice way to organize my cloud maps
20:50 gtmanfred cause it can only do keystonev2, cause the client.Client just added the ability to accept a keystoneauth1 session, isntead of building in v3 authentication
20:51 gtmanfred tapoxi: i put them in /etc/salt/cloud.maps.d/ it doesn't actually make them better to use, but i put them in there :P
20:51 tapoxi I want to set the subnetid per host, and it seems I can only do it at the higher level in cloud-profiles
20:51 gtmanfred mostly just a list of servers, for me, and then everything else goes in different profiles that I mostly template using yaml anchors
20:51 whytewolf the nova cloud driver drives me nuts since i can't use it because it doesn't support floating ip's on bootup. and the openstack driver is well depreciated and was always kind of broken
20:52 gtmanfred whytewolf: openstack isn't getting depracated till nitrogen now, and the nova driver in 2016.11 should support floating ips assignments on create
20:52 whytewolf nice i must have missed the pr
20:53 gtmanfred https://github.com/saltstack/salt/blob/develop/salt/cloud/clouds/nova.py#L165
20:53 tapoxi gtmanfred: my problem is I'd need to make a company.web.west1a, company.web.west1b, company.web.west1c profile
20:53 gtmanfred whytewolf: ^^
20:53 gtmanfred tapoxi: that should be able to be done in maps :/ hrm
20:53 whytewolf SWEET! that is exactly what i wanted. and much cleaner then the openstack drivers version of it
20:53 tapoxi because the subnetid is az specific, but I want to make sure I'm spreading machines across AZs
20:54 gtmanfred tapoxi: i was pretty sure that anything that went into a profile could be overwritten on a per minion basis in a map ...
20:55 gtmanfred i remember i used to do that and specified only one profile, without a size/flavor, and then in the map, i would specify the minion sizes... i thought at least
20:55 jeneam joined #salt
20:56 gtmanfred lemme ask joseph if he knows though
20:56 jeneam hello, getting bellow error when using salt-cloud 'The following exception was thrown by libcloud when trying to run the initial deployment: 403 Forbidden Policy doesn't allow compute:create to be performed.'
20:56 whytewolf I believe it can. i remeber doing it that way also.
20:56 jeneam using nova from command line works weel
20:57 whytewolf jeneam: that sounds like you didn't give it proper permissions in your provider
20:57 jeneam but why I succeed when use direct nova ?
20:58 gtmanfred jeneam: it is important to remember that what is used in the nova driver is slightly different from the commandline
20:58 gtmanfred the commandline uses shell.py which does some extra magic for authentication and stuff that the nova driver does not directly support
20:58 tapoxi gtmanfred: yeah I haven't seen that in the docs but if its possible that would be awesome
20:59 gtmanfred tapoxi: yar
21:00 jeneam hmm, os there any recommendation , I use openstack driver with   compute_name: nova ?
21:00 gtmanfred jeneam: that actually uses libcloud and nova the same thing as novaclient at all
21:01 gtmanfred the nova driver uses novaclient to connect
21:01 gtmanfred tapoxi: there appear to be some problems with deeply nested stuff, https://github.com/saltstack/salt/issues/23416 but i believe that is just the way dictionary updates work
21:01 saltstackbot [#23416][MERGED] salt-cloud: Overriding deeply nested profile data in map files | Per @nmadhok, continued from #23313:...
21:02 gtmanfred jeneam: i would recommend using the nova driver and seeing if you get a better result.   https://docs.saltstack.com/en/carbon/ref/clouds/all/salt.cloud.clouds.nova.html
21:02 jeneam thanks
21:05 cyborg-one joined #salt
21:06 gtmanfred aight, I am out early for the weekend o/ yall have a good one
21:07 whytewolf have a good one!
21:07 tapoxi gtmanfred: thanks for your help
21:12 prg3 joined #salt
21:13 ernescz joined #salt
21:18 m4rx joined #salt
21:24 sgo_ joined #salt
21:31 stupidnic joined #salt
21:36 akhter joined #salt
21:36 m4rx joined #salt
21:46 spuder joined #salt
21:47 spuder_ joined #salt
21:49 ernescz joined #salt
21:50 GreatSnoopy joined #salt
22:02 Electron^- joined #salt
22:05 cyteen joined #salt
22:07 kalessin joined #salt
22:10 psrjr joined #salt
22:18 mrueg joined #salt
22:19 rem5 joined #salt
22:20 rem5 joined #salt
22:23 akhter joined #salt
22:24 MTecknology gtmanfred: ping?
22:24 MTecknology ah, crap.. he said he left
22:25 gtmanfred wat
22:25 MTecknology HI!
22:25 gtmanfred hi
22:26 MTecknology gtmanfred: There was a time where a mister Paul K. was talking to me. I was kinda hoping to speak to his replacement and wondering if you could possibly help me out with that.
22:27 gtmanfred i do not have any idea who paul k is
22:27 MTecknology ah, I was just kinda taking a stab at it since you have the hat
22:27 gtmanfred ahh, i see he is on our internal slack, but i do not know who he is :/ or who his replacement might be
22:28 greyeax joined #salt
22:28 gtmanfred good luck :)
22:28 MTecknology We were talking about starting up some salt meetups around where my employer is based. He left kinda mid-sentence. :(
22:28 gtmanfred aww
22:28 greyeax is it possible to automate kernel configuration with salt?
22:28 gtmanfred yeah i don't know
22:29 gtmanfred MTecknology: where would that be?
22:29 MTecknology san jose
22:30 gtmanfred cool, remind me on monday and I will ask around for anyone that could help setup a salt meetup there
22:30 RandyT joined #salt
22:31 MTecknology sweet
22:31 nZac joined #salt
22:31 MTecknology btw- we were talking about me hosting it; that's why I'm trying to not just let it drop off the plate. I already roped my employer into it.
22:32 gtmanfred yar
22:34 UtahDave MTecknology: keep me in the loop on that, too
22:34 zulutango joined #salt
22:37 MTecknology UtahDave: sure thing, will do
22:38 Alekti joined #salt
22:50 subsignal joined #salt
22:54 tercenya joined #salt
22:56 RandyT joined #salt
22:56 amontalban joined #salt
22:56 amontalban joined #salt
23:05 subsignal joined #salt
23:06 gtmanfred https://github.com/saltstack/salt/pull/37320/files that was easy
23:06 saltstackbot [#37320][OPEN] use the cache runner in the cache roster file to get grains | What does this PR do?...
23:11 jas02_ joined #salt
23:25 Klas joined #salt
23:36 jenastar joined #salt
23:42 psrjr joined #salt
23:44 CampusD joined #salt
23:45 amontalb1n joined #salt

| Channels | #salt index | Today | | Search | Google Search | Plain-Text | summary